From 25ef852ad60f9d09b6f23eef1cb3c4bce12d5b28 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 7 Feb 2022 16:15:52 -0800 Subject: [PATCH 0001/1176] tests/int: use = in test for strings comparison Strictly speaking, == is for [[ only, not for [ / test, and, unlike =, the right side is a pattern. To avoid confusion, use =. In cases where we compare with empty string, use -z instead. Keep using [[ in some cases since it does not require quoting the left and right side of comparison (I trust shellcheck on that one). This should have no effect (other than the code being a tad more strict). Signed-off-by: Kir Kolyshkin --- tests/integration/cgroups.bats | 8 ++++---- tests/integration/checkpoint.bats | 2 +- tests/integration/create.bats | 4 ++-- tests/integration/exec.bats | 5 ++--- tests/integration/helpers.bash | 8 ++++---- tests/integration/list.bats | 6 +++--- tests/integration/mask.bats | 4 ++-- tests/rootless.sh | 4 ++-- 8 files changed, 20 insertions(+), 21 deletions(-) diff --git a/tests/integration/cgroups.bats b/tests/integration/cgroups.bats index 89c63f398b5..914ec499d17 100644 --- a/tests/integration/cgroups.bats +++ b/tests/integration/cgroups.bats @@ -87,7 +87,7 @@ function setup() { runc exec test_cgroups_group cat /proc/self/cgroup [ "$status" -eq 0 ] - [[ ${lines[0]} == "0::/" ]] + [[ ${lines[0]} = "0::/" ]] runc exec test_cgroups_group mkdir /sys/fs/cgroup/foo [ "$status" -eq 0 ] @@ -99,7 +99,7 @@ function setup() { # because we haven't enabled any domain controller. runc exec test_cgroups_group cat /proc/self/cgroup [ "$status" -eq 0 ] - [[ ${lines[0]} == "0::/" ]] + [[ ${lines[0]} = "0::/" ]] # turn on a domain controller (memory) runc exec test_cgroups_group sh -euxc 'echo $$ > /sys/fs/cgroup/foo/cgroup.procs; echo +memory > /sys/fs/cgroup/cgroup.subtree_control' @@ -109,7 +109,7 @@ function setup() { # falls back to "/foo". runc exec test_cgroups_group cat /proc/self/cgroup [ "$status" -eq 0 ] - [[ ${lines[0]} == "0::/foo" ]] + [[ ${lines[0]} = "0::/foo" ]] # teardown: remove "/foo" # shellcheck disable=SC2016 @@ -301,7 +301,7 @@ function setup() { [[ $exec_cgroup == *"runc-cgroups-integration-test"* ]] # check that the cgroups v2 path is the same for both processes - [[ "$run_cgroup" == "$exec_cgroup" ]] + [ "$run_cgroup" = "$exec_cgroup" ] } @test "runc exec should refuse a paused container" { diff --git a/tests/integration/checkpoint.bats b/tests/integration/checkpoint.bats index 98b112dc6b7..615ef8cb65f 100644 --- a/tests/integration/checkpoint.bats +++ b/tests/integration/checkpoint.bats @@ -98,7 +98,7 @@ function runc_restore_with_pipes() { runc exec --cwd /bin "$name" echo ok [ "$status" -eq 0 ] - [[ ${output} == "ok" ]] + [ "$output" = "ok" ] } function simple_cr() { diff --git a/tests/integration/create.bats b/tests/integration/create.bats index afa9f9dfb8c..938ac8b63dc 100644 --- a/tests/integration/create.bats +++ b/tests/integration/create.bats @@ -50,7 +50,7 @@ function teardown() { # check pid.txt was generated [ -e pid.txt ] - [[ $(cat pid.txt) == $(__runc state test_busybox | jq '.pid') ]] + [[ $(cat pid.txt) = $(__runc state test_busybox | jq '.pid') ]] # start the command runc start test_busybox @@ -73,7 +73,7 @@ function teardown() { # check pid.txt was generated [ -e pid.txt ] - [[ $(cat pid.txt) == $(__runc state test_busybox | jq '.pid') ]] + [[ $(cat pid.txt) = $(__runc state test_busybox | jq '.pid') ]] # start the command runc start test_busybox diff --git a/tests/integration/exec.bats b/tests/integration/exec.bats index 140cd181011..16a972cfa64 100644 --- a/tests/integration/exec.bats +++ b/tests/integration/exec.bats @@ -140,8 +140,7 @@ function teardown() { runc exec --user 1000:1000 --additional-gids 100 --additional-gids 65534 test_busybox id -G [ "$status" -eq 0 ] - - [[ ${output} == "1000 100 65534" ]] + [ "$output" = "1000 100 65534" ] } @test "runc exec --preserve-fds" { @@ -154,7 +153,7 @@ function teardown() { exec 4 Date: Mon, 7 Feb 2022 16:24:53 -0800 Subject: [PATCH 0002/1176] tests/int: replace CGROUP_UNIFIED with CGROUP_V{1,2} This makes it work similar to all the other variables we use as binary flags. The new 'shellcheck disable' is due to a bug in shellcheck (basically, it does not track the scope of variables or execution order, assuming everything is executed as soon as it is seen). Signed-off-by: Kir Kolyshkin --- tests/integration/cgroups.bats | 13 +++++-------- tests/integration/helpers.bash | 24 ++++++++++++------------ tests/integration/update.bats | 16 +++++++--------- 3 files changed, 24 insertions(+), 29 deletions(-) diff --git a/tests/integration/cgroups.bats b/tests/integration/cgroups.bats index 914ec499d17..bf8284941fe 100644 --- a/tests/integration/cgroups.bats +++ b/tests/integration/cgroups.bats @@ -44,7 +44,7 @@ function setup() { runc run -d --console-socket "$CONSOLE_SOCKET" test_cgroups_permissions [ "$status" -eq 0 ] - if [ "$CGROUP_UNIFIED" != "no" ]; then + if [ -v CGROUP_V2 ]; then if [ -v RUNC_USE_SYSTEMD ]; then if [ "$(id -u)" = "0" ]; then check_cgroup_value "cgroup.controllers" "$(cat /sys/fs/cgroup/machine.slice/cgroup.controllers)" @@ -177,7 +177,7 @@ function setup() { # The loop device itself is no longer needed. losetup -d "$dev" - if [ "$CGROUP_UNIFIED" = "yes" ]; then + if [ -v CGROUP_V2 ]; then file="io.bfq.weight" else file="blkio.bfq.weight_device" @@ -377,18 +377,15 @@ function setup() { set_cgroups_path - case $CGROUP_UNIFIED in - no) + if [ -v CGROUP_V1 ]; then FREEZER_DIR="${CGROUP_FREEZER_BASE_PATH}/${REL_CGROUPS_PATH}" FREEZER="${FREEZER_DIR}/freezer.state" STATE="FROZEN" - ;; - yes) + else FREEZER_DIR="${CGROUP_PATH}" FREEZER="${FREEZER_DIR}/cgroup.freeze" STATE="1" - ;; - esac + fi # Create and freeze the cgroup. mkdir -p "$FREEZER_DIR" diff --git a/tests/integration/helpers.bash b/tests/integration/helpers.bash index 2bd743c650d..f0e9823c5f0 100644 --- a/tests/integration/helpers.bash +++ b/tests/integration/helpers.bash @@ -104,10 +104,10 @@ function systemd_version() { function init_cgroup_paths() { # init once - [ -v CGROUP_UNIFIED ] && return + [[ -v CGROUP_V1 || -v CGROUP_V2 ]] && return if stat -f -c %t /sys/fs/cgroup | grep -qFw 63677270; then - CGROUP_UNIFIED=yes + CGROUP_V2=yes local controllers="/sys/fs/cgroup/cgroup.controllers" # For rootless + systemd case, controllers delegation is required, # so check the controllers that the current user has, not the top one. @@ -135,7 +135,7 @@ function init_cgroup_paths() { if stat -f -c %t /sys/fs/cgroup/unified | grep -qFw 63677270; then CGROUP_HYBRID=yes fi - CGROUP_UNIFIED=no + CGROUP_V1=yes CGROUP_SUBSYSTEMS=$(awk '!/^#/ {print $1}' /proc/cgroups) local g base_path for g in ${CGROUP_SUBSYSTEMS}; do @@ -152,7 +152,7 @@ function create_parent() { "$SD_HELPER" --parent machine.slice start "$SD_PARENT_NAME" else [ ! -v REL_PARENT_PATH ] && return - if [ "$CGROUP_UNIFIED" = "yes" ]; then + if [ -v CGROUP_V2 ]; then mkdir "/sys/fs/cgroup$REL_PARENT_PATH" else local subsys @@ -172,7 +172,7 @@ function remove_parent() { "$SD_HELPER" --parent machine.slice stop "$SD_PARENT_NAME" else [ ! -v REL_PARENT_PATH ] && return - if [ "$CGROUP_UNIFIED" = "yes" ]; then + if [ -v CGROUP_V2 ]; then rmdir "/sys/fs/cgroup/$REL_PARENT_PATH" else local subsys @@ -229,7 +229,7 @@ function set_cgroups_path() { fi # Absolute path to container's cgroup v2. - if [ "$CGROUP_UNIFIED" = "yes" ]; then + if [ -v CGROUP_V2 ]; then CGROUP_PATH=${CGROUP_BASE_PATH}${REL_CGROUPS_PATH} fi @@ -243,7 +243,7 @@ function get_cgroup_value() { local source=$1 local cgroup var current - if [ "$CGROUP_UNIFIED" = "yes" ]; then + if [ -v CGROUP_V2 ]; then cgroup=$CGROUP_PATH else var=${source%%.*} # controller name (e.g. memory) @@ -283,7 +283,7 @@ function check_cpu_quota() { local period=$2 local sd_quota=$3 - if [ "$CGROUP_UNIFIED" = "yes" ]; then + if [ -v CGROUP_V2 ]; then if [ "$quota" = "-1" ]; then quota="max" fi @@ -310,7 +310,7 @@ function check_cpu_quota() { function check_cpu_shares() { local shares=$1 - if [ "$CGROUP_UNIFIED" = "yes" ]; then + if [ -v CGROUP_V2 ]; then local weight=$((1 + ((shares - 2) * 9999) / 262142)) check_cpu_weight "$weight" else @@ -397,7 +397,7 @@ function requires() { ;; cgroups_swap) init_cgroup_paths - if [ $CGROUP_UNIFIED = "no" ] && [ ! -e "${CGROUP_MEMORY_BASE_PATH}/memory.memsw.limit_in_bytes" ]; then + if [ -v CGROUP_V1 ] && [ ! -e "${CGROUP_MEMORY_BASE_PATH}/memory.memsw.limit_in_bytes" ]; then skip_me=1 fi ;; @@ -408,13 +408,13 @@ function requires() { ;; cgroups_v1) init_cgroup_paths - if [ "$CGROUP_UNIFIED" != "no" ]; then + if [ ! -v GROUP_V1 ]; then skip_me=1 fi ;; cgroups_v2) init_cgroup_paths - if [ "$CGROUP_UNIFIED" != "yes" ]; then + if [ ! -v CGROUP_V2 ]; then skip_me=1 fi ;; diff --git a/tests/integration/update.bats b/tests/integration/update.bats index f4f349aa95f..48d1efa4caa 100644 --- a/tests/integration/update.bats +++ b/tests/integration/update.bats @@ -30,8 +30,7 @@ function setup() { [ "$status" -eq 0 ] # Set a few variables to make the code below work for both v1 and v2 - case $CGROUP_UNIFIED in - no) + if [ -v CGROUP_V1 ]; then MEM_LIMIT="memory.limit_in_bytes" SD_MEM_LIMIT="MemoryLimit" MEM_RESERVE="memory.soft_limit_in_bytes" @@ -43,8 +42,7 @@ function setup() { if [ -f "${CGROUP_MEMORY_BASE_PATH}/${MEM_SWAP}" ]; then HAVE_SWAP="yes" fi - ;; - yes) + else MEM_LIMIT="memory.max" SD_MEM_LIMIT="MemoryMax" MEM_RESERVE="memory.low" @@ -53,8 +51,8 @@ function setup() { SD_MEM_SWAP="MemorySwapMax" SYSTEM_MEM="max" HAVE_SWAP="yes" - ;; - esac + fi + SD_UNLIMITED="infinity" SD_VERSION=$(systemctl --version | awk '{print $2; exit}') if [ "$SD_VERSION" -lt 227 ]; then @@ -105,7 +103,7 @@ function setup() { check_systemd_value "$SD_MEM_SWAP" $SD_UNLIMITED # update memory swap - if [ "$CGROUP_UNIFIED" = "yes" ]; then + if [ -v CGROUP_V2 ]; then # for cgroupv2, memory and swap can only be set together runc update test_update --memory 52428800 --memory-swap 96468992 [ "$status" -eq 0 ] @@ -233,7 +231,7 @@ EOF check_cgroup_value $MEM_LIMIT $((30 * 1024 * 1024)) check_systemd_value $SD_MEM_LIMIT $((30 * 1024 * 1024)) - if [ "$CGROUP_UNIFIED" = "yes" ]; then + if [ -v CGROUP_V2 ]; then # for cgroupv2, swap does not include mem check_cgroup_value "$MEM_SWAP" $((20 * 1024 * 1024)) check_systemd_value "$SD_MEM_SWAP" $((20 * 1024 * 1024)) @@ -249,7 +247,7 @@ EOF check_cgroup_value $MEM_LIMIT $((60 * 1024 * 1024)) check_systemd_value $SD_MEM_LIMIT $((60 * 1024 * 1024)) - if [ "$CGROUP_UNIFIED" = "yes" ]; then + if [ -v CGROUP_V2 ]; then # for cgroupv2, swap does not include mem check_cgroup_value "$MEM_SWAP" $((20 * 1024 * 1024)) check_systemd_value "$SD_MEM_SWAP" $((20 * 1024 * 1024)) From d330f94b575037c6de69a0e3565c55096b7cf319 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 7 Feb 2022 19:07:16 -0800 Subject: [PATCH 0003/1176] tests/int/update.bats: fix extra reqs This test requires both rootless and root, which does not make sense. Remove the rootless part. Fixes: d41a273da Signed-off-by: Kir Kolyshkin --- tests/integration/update.bats | 2 -- 1 file changed, 2 deletions(-) diff --git a/tests/integration/update.bats b/tests/integration/update.bats index 48d1efa4caa..23f9d8a94a0 100644 --- a/tests/integration/update.bats +++ b/tests/integration/update.bats @@ -627,8 +627,6 @@ EOF } @test "update devices [minimal transition rules]" { - [[ "$ROOTLESS" -ne 0 ]] && requires rootless_cgroup - requires root # Run a basic shell script that tries to read from /dev/kmsg, but From d620a401d7fbf3608209ae227300bf62a81662f7 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 7 Feb 2022 19:08:26 -0800 Subject: [PATCH 0004/1176] tests/int: remove $ROOTLESS, use $EUID The variable $ROOTLESS, as set by helpers.bash and used in many places, provides the same value as $EUID which is always set by bash. Since we are using bash, we can rely on $EUID being omnipresent. Modify all uses accordingly, and since the value is known to be a number, omit the quoting. Similarly, replace all uses of $(id -u) to $EUID. Do some trivial cleanups along the way, such as - simplify some if A; then B; to A && B; - do not use [[ instead of [ where not necessary. Signed-off-by: Kir Kolyshkin --- tests/integration/cgroups.bats | 28 ++++++++++----------------- tests/integration/delete.bats | 2 +- tests/integration/dev.bats | 2 +- tests/integration/exec.bats | 2 +- tests/integration/helpers.bash | 25 +++++++++++------------- tests/integration/pause.bats | 8 ++++---- tests/integration/ps.bats | 2 +- tests/integration/run.bats | 3 +-- tests/integration/start_detached.bats | 2 +- tests/integration/start_hello.bats | 2 +- tests/integration/tty.bats | 8 ++++---- tests/integration/update.bats | 26 ++++++++++++------------- tests/integration/userns.bats | 2 +- 13 files changed, 50 insertions(+), 62 deletions(-) diff --git a/tests/integration/cgroups.bats b/tests/integration/cgroups.bats index bf8284941fe..ffa3fb0befe 100644 --- a/tests/integration/cgroups.bats +++ b/tests/integration/cgroups.bats @@ -37,7 +37,7 @@ function setup() { } @test "runc create (limits + cgrouppath + permission on the cgroup dir) succeeds" { - [[ "$ROOTLESS" -ne 0 ]] && requires rootless_cgroup + [ $EUID -ne 0 ] && requires rootless_cgroup set_cgroups_path set_resources_limit @@ -46,11 +46,11 @@ function setup() { [ "$status" -eq 0 ] if [ -v CGROUP_V2 ]; then if [ -v RUNC_USE_SYSTEMD ]; then - if [ "$(id -u)" = "0" ]; then + if [ $EUID -eq 0 ]; then check_cgroup_value "cgroup.controllers" "$(cat /sys/fs/cgroup/machine.slice/cgroup.controllers)" else # Filter out hugetlb and misc as systemd is unable to delegate them. - check_cgroup_value "cgroup.controllers" "$(sed -e 's/ hugetlb//' -e 's/ misc//' = 244 (Fedora >= 32, Ubuntu >= 20.04). - if [[ "$ROOTLESS" -ne 0 && -v RUNC_USE_SYSTEMD ]]; then - controllers="/sys/fs/cgroup/user.slice/user-$(id -u).slice/user@$(id -u).service/cgroup.controllers" + if [[ $EUID -ne 0 && -v RUNC_USE_SYSTEMD ]]; then + controllers="/sys/fs/cgroup/user.slice/user-${UID}.slice/user@${UID}.service/cgroup.controllers" fi # "pseudo" controllers do not appear in /sys/fs/cgroup/cgroup.controllers. @@ -188,7 +185,7 @@ function remove_parent() { function set_parent_systemd_properties() { [ ! -v SD_PARENT_NAME ] && return local user="" - [ "$(id -u)" != "0" ] && user="--user" + [ $EUID -ne 0 ] && user="--user" systemctl set-property $user "$SD_PARENT_NAME" "$@" } @@ -213,12 +210,12 @@ function set_cgroups_path() { local rnd="$RANDOM" if [ -v RUNC_USE_SYSTEMD ]; then SD_UNIT_NAME="runc-cgroups-integration-test-${rnd}.scope" - if [ "$(id -u)" = "0" ]; then + if [ $EUID -eq 0 ]; then REL_PARENT_PATH="/machine.slice${pod_slice}" OCI_CGROUPS_PATH="machine${dash_pod}.slice:runc-cgroups:integration-test-${rnd}" else - REL_PARENT_PATH="/user.slice/user-$(id -u).slice/user@$(id -u).service/machine.slice${pod_slice}" - # OCI path doesn't contain "/user.slice/user-$(id -u).slice/user@$(id -u).service/" prefix + REL_PARENT_PATH="/user.slice/user-${UID}.slice/user@${UID}.service/machine.slice${pod_slice}" + # OCI path doesn't contain "/user.slice/user-${UID}.slice/user@${UID}.service/" prefix OCI_CGROUPS_PATH="machine${dash_pod}.slice:runc-cgroups:integration-test-${rnd}" fi REL_CGROUPS_PATH="$REL_PARENT_PATH/$SD_UNIT_NAME" @@ -271,7 +268,7 @@ function check_systemd_value() { local expected="$2" local expected2="${3:-}" local user="" - [ "$(id -u)" != "0" ] && user="--user" + [ $EUID -ne 0 ] && user="--user" current=$(systemctl show $user --property "$source" "$SD_UNIT_NAME" | awk -F= '{print $2}') echo "systemd $source: current $current !? $expected $expected2" @@ -360,12 +357,12 @@ function requires() { fi ;; root) - if [ "$ROOTLESS" -ne 0 ]; then + if [ $EUID -ne 0 ]; then skip_me=1 fi ;; rootless) - if [ "$ROOTLESS" -eq 0 ]; then + if [ $EUID -eq 0 ]; then skip_me=1 fi ;; diff --git a/tests/integration/pause.bats b/tests/integration/pause.bats index c2daa1f4681..787d2d0d0b1 100644 --- a/tests/integration/pause.bats +++ b/tests/integration/pause.bats @@ -11,11 +11,11 @@ function teardown() { } @test "runc pause and resume" { - if [[ "$ROOTLESS" -ne 0 ]]; then + requires cgroups_freezer + if [ $EUID -ne 0 ]; then requires rootless_cgroup set_cgroups_path fi - requires cgroups_freezer # run busybox detached runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox @@ -39,11 +39,11 @@ function teardown() { } @test "runc pause and resume with nonexist container" { - if [[ "$ROOTLESS" -ne 0 ]]; then + requires cgroups_freezer + if [ $EUID -ne 0 ]; then requires rootless_cgroup set_cgroups_path fi - requires cgroups_freezer # run test_busybox detached runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox diff --git a/tests/integration/ps.bats b/tests/integration/ps.bats index c28abfc2d17..0d96cb250c7 100644 --- a/tests/integration/ps.bats +++ b/tests/integration/ps.bats @@ -62,7 +62,7 @@ function teardown() { @test "ps after the container stopped" { # ps requires cgroups - [[ "$ROOTLESS" -ne 0 ]] && requires rootless_cgroup + [ $EUID -ne 0 ] && requires rootless_cgroup set_cgroups_path # start busybox detached diff --git a/tests/integration/run.bats b/tests/integration/run.bats index 63be89d2c7a..16ee6a01152 100644 --- a/tests/integration/run.bats +++ b/tests/integration/run.bats @@ -36,8 +36,7 @@ function teardown() { @test "runc run --keep (check cgroup exists)" { # for systemd driver, the unit's cgroup path will be auto removed if container's all processes exited requires no_systemd - - [[ "$ROOTLESS" -ne 0 ]] && requires rootless_cgroup + [ $EUID -ne 0 ] && requires rootless_cgroup set_cgroups_path diff --git a/tests/integration/start_detached.bats b/tests/integration/start_detached.bats index 0f1c23326ce..73e10c8cb65 100644 --- a/tests/integration/start_detached.bats +++ b/tests/integration/start_detached.bats @@ -21,7 +21,7 @@ function teardown() { @test "runc run detached ({u,g}id != 0)" { # cannot start containers as another user in rootless setup without idmap - [[ "$ROOTLESS" -ne 0 ]] && requires rootless_idmap + [ $EUID -ne 0 ] && requires rootless_idmap # replace "uid": 0 with "uid": 1000 # and do a similar thing for gid. diff --git a/tests/integration/start_hello.bats b/tests/integration/start_hello.bats index 1c3c906fa53..231f3a7979d 100644 --- a/tests/integration/start_hello.bats +++ b/tests/integration/start_hello.bats @@ -21,7 +21,7 @@ function teardown() { @test "runc run ({u,g}id != 0)" { # cannot start containers as another user in rootless setup without idmap - [[ "$ROOTLESS" -ne 0 ]] && requires rootless_idmap + [ $EUID -ne 0 ] && requires rootless_idmap # replace "uid": 0 with "uid": 1000 # and do a similar thing for gid. diff --git a/tests/integration/tty.bats b/tests/integration/tty.bats index 8bbb4764919..6f008e5f7ab 100644 --- a/tests/integration/tty.bats +++ b/tests/integration/tty.bats @@ -34,7 +34,7 @@ function teardown() { @test "runc run [tty owner]" { # tty chmod is not doable in rootless containers without idmap. # TODO: this can be made as a change to the gid test. - [[ "$ROOTLESS" -ne 0 ]] && requires rootless_idmap + [ $EUID -ne 0 ] && requires rootless_idmap # Replace sh script with stat. # shellcheck disable=SC2016 @@ -50,7 +50,7 @@ function teardown() { @test "runc run [tty owner] ({u,g}id != 0)" { # tty chmod is not doable in rootless containers without idmap. - [[ "$ROOTLESS" -ne 0 ]] && requires rootless_idmap + [ $EUID -ne 0 ] && requires rootless_idmap # replace "uid": 0 with "uid": 1000 # and do a similar thing for gid. @@ -100,7 +100,7 @@ function teardown() { @test "runc exec [tty owner]" { # tty chmod is not doable in rootless containers without idmap. # TODO: this can be made as a change to the gid test. - [[ "$ROOTLESS" -ne 0 ]] && requires rootless_idmap + [ $EUID -ne 0 ] && requires rootless_idmap # run busybox detached runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox @@ -119,7 +119,7 @@ function teardown() { @test "runc exec [tty owner] ({u,g}id != 0)" { # tty chmod is not doable in rootless containers without idmap. - [[ "$ROOTLESS" -ne 0 ]] && requires rootless_idmap + [ $EUID -ne 0 ] && requires rootless_idmap # replace "uid": 0 with "uid": 1000 # and do a similar thing for gid. diff --git a/tests/integration/update.bats b/tests/integration/update.bats index 23f9d8a94a0..b2810580975 100644 --- a/tests/integration/update.bats +++ b/tests/integration/update.bats @@ -21,7 +21,7 @@ function setup() { # Tests whatever limits are (more or less) common between cgroup # v1 and v2: memory/swap, pids, and cpuset. @test "update cgroup v1/v2 common limits" { - [[ "$ROOTLESS" -ne 0 ]] && requires rootless_cgroup + [ $EUID -ne 0 ] && requires rootless_cgroup requires cgroups_memory cgroups_pids cgroups_cpuset init_cgroup_paths @@ -259,7 +259,7 @@ EOF } @test "update cgroup cpu limits" { - [[ "$ROOTLESS" -ne 0 ]] && requires rootless_cgroup + [ $EUID -ne 0 ] && requires rootless_cgroup # run a few busyboxes detached runc run -d --console-socket "$CONSOLE_SOCKET" test_update @@ -333,7 +333,7 @@ EOF } @test "set cpu period with no quota" { - [[ "$ROOTLESS" -ne 0 ]] && requires rootless_cgroup + [ $EUID -ne 0 ] && requires rootless_cgroup update_config '.linux.resources.cpu |= { "period": 1000000 }' @@ -344,7 +344,7 @@ EOF } @test "set cpu period with no quota (invalid period)" { - [[ "$ROOTLESS" -ne 0 ]] && requires rootless_cgroup + [ $EUID -ne 0 ] && requires rootless_cgroup update_config '.linux.resources.cpu |= { "period": 100 }' @@ -353,7 +353,7 @@ EOF } @test "set cpu quota with no period" { - [[ "$ROOTLESS" -ne 0 ]] && requires rootless_cgroup + [ $EUID -ne 0 ] && requires rootless_cgroup update_config '.linux.resources.cpu |= { "quota": 5000 }' @@ -363,7 +363,7 @@ EOF } @test "update cpu period with no previous period/quota set" { - [[ "$ROOTLESS" -ne 0 ]] && requires rootless_cgroup + [ $EUID -ne 0 ] && requires rootless_cgroup update_config '.linux.resources.cpu |= {}' @@ -377,7 +377,7 @@ EOF } @test "update cpu quota with no previous period/quota set" { - [[ "$ROOTLESS" -ne 0 ]] && requires rootless_cgroup + [ $EUID -ne 0 ] && requires rootless_cgroup update_config '.linux.resources.cpu |= {}' @@ -392,7 +392,7 @@ EOF @test "update cpu period in a pod cgroup with pod limit set" { requires cgroups_v1 - [[ "$ROOTLESS" -ne 0 ]] && requires rootless_cgroup + [ $EUID -ne 0 ] && requires rootless_cgroup set_cgroups_path "pod_${RANDOM}" @@ -426,7 +426,7 @@ EOF } @test "update cgroup v2 resources via unified map" { - [[ "$ROOTLESS" -ne 0 ]] && requires rootless_cgroup + [ $EUID -ne 0 ] && requires rootless_cgroup requires cgroups_v2 runc run -d --console-socket "$CONSOLE_SOCKET" test_update @@ -455,7 +455,7 @@ EOF } @test "update cpuset parameters via resources.CPU" { - [[ "$ROOTLESS" -ne 0 ]] && requires rootless_cgroup + [ $EUID -ne 0 ] && requires rootless_cgroup requires smp cgroups_cpuset local AllowedCPUs='AllowedCPUs' AllowedMemoryNodes='AllowedMemoryNodes' @@ -511,7 +511,7 @@ EOF @test "update cpuset parameters via v2 unified map" { # This test assumes systemd >= v244 - [[ "$ROOTLESS" -ne 0 ]] && requires rootless_cgroup + [ $EUID -ne 0 ] && requires rootless_cgroup requires cgroups_v2 smp cgroups_cpuset update_config ' .linux.resources.unified |= { @@ -558,7 +558,7 @@ EOF } @test "update rt period and runtime" { - [[ "$ROOTLESS" -ne 0 ]] && requires rootless_cgroup + [ $EUID -ne 0 ] && requires rootless_cgroup requires cgroups_v1 cgroups_rt no_systemd local cgroup_cpu="${CGROUP_CPU_BASE_PATH}/${REL_CGROUPS_PATH}" @@ -678,8 +678,8 @@ EOF } @test "update paused container" { - [[ "$ROOTLESS" -ne 0 ]] && requires rootless_cgroup requires cgroups_freezer + [ $EUID -ne 0 ] && requires rootless_cgroup # Run the container in the background. runc run -d --console-socket "$CONSOLE_SOCKET" test_update diff --git a/tests/integration/userns.bats b/tests/integration/userns.bats index b1188592f14..f6c677bcb26 100644 --- a/tests/integration/userns.bats +++ b/tests/integration/userns.bats @@ -15,7 +15,7 @@ function setup() { mkdir -p rootfs/{proc,sys,tmp} mkdir -p rootfs/tmp/mount-{1,2} - if [ "$ROOTLESS" -eq 0 ]; then + if [ $EUID -eq 0 ]; then update_config ' .linux.namespaces += [{"type": "user"}] | .linux.uidMappings += [{"hostID": 100000, "containerID": 0, "size": 65534}] | .linux.gidMappings += [{"hostID": 100000, "containerID": 0, "size": 65534}] ' From 6b16d0051fb29bb55ab9de2e989adb60c0a92622 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 16 Feb 2022 11:05:46 -0800 Subject: [PATCH 0005/1176] shfmt: add more files MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit …and fix a single format issue found. Signed-off-by: Kir Kolyshkin --- Makefile | 4 +++- contrib/cmd/seccompagent/gen-seccomp-example-cfg.sh | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index f9045df615a..6b2b43f2d8f 100644 --- a/Makefile +++ b/Makefile @@ -138,7 +138,9 @@ shellcheck: shfmt: shfmt -ln bats -d -w tests/integration/*.bats - shfmt -ln bash -d -w man/*.sh script/* tests/*.sh tests/integration/*.bash + shfmt -ln bash -d -w man/*.sh script/* \ + tests/*.sh tests/integration/*.bash tests/fuzzing/*.sh \ + contrib/completions/bash/runc contrib/cmd/seccompagent/*.sh vendor: $(GO) mod tidy diff --git a/contrib/cmd/seccompagent/gen-seccomp-example-cfg.sh b/contrib/cmd/seccompagent/gen-seccomp-example-cfg.sh index bd4e209cf52..e48f9fd99b4 100755 --- a/contrib/cmd/seccompagent/gen-seccomp-example-cfg.sh +++ b/contrib/cmd/seccompagent/gen-seccomp-example-cfg.sh @@ -12,7 +12,7 @@ fi # exits when not running inside bats. We can do hacks, but just to redefine # update_config() seems clearer. We don't even really need to keep them in sync. function update_config() { - jq "$1" "./config.json" | awk 'BEGIN{RS="";getline<"-";print>ARGV[1]}' "./config.json" + jq "$1" "./config.json" | awk 'BEGIN{RS="";getline<"-";print>ARGV[1]}' "./config.json" } update_config '.linux.seccomp = { From dc73d236eac7bd523e0bd3aa3fa38c2c7f3b7dec Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 16 Feb 2022 13:19:52 -0800 Subject: [PATCH 0006/1176] script/check-config.sh: fix wrap_color usage 1. Allow wrap_bad and wrap_good to have an optional arguments. 2. Remove unneeded echos; this fixes the shellcheck warnings like In ./script/check-config.sh line 178: echo "$(wrap_bad 'cgroup hierarchy' 'nonexistent??')" ^-- SC2005 (style): Useless echo? Instead of 'echo $(cmd)', just use 'cmd'. 3. Fix missing color argument in calls to wrap_color (when printing the hint about how to install apparmor). Signed-off-by: Kir Kolyshkin --- script/check-config.sh | 35 ++++++++++++++++++++++------------- 1 file changed, 22 insertions(+), 13 deletions(-) diff --git a/script/check-config.sh b/script/check-config.sh index 0fe13912524..97ec3ef0540 100755 --- a/script/check-config.sh +++ b/script/check-config.sh @@ -73,10 +73,19 @@ wrap_color() { } wrap_good() { - echo "$(wrap_color "$1" white): $(wrap_color "$2" green)" + local name="$1" + shift + local val="$1" + shift + echo "$(wrap_color "$name" white): $(wrap_color "$val" green)" "$@" } + wrap_bad() { - echo "$(wrap_color "$1" bold): $(wrap_color "$2" bold red)" + local name="$1" + shift + local val="$1" + shift + echo "$(wrap_color "$name" bold): $(wrap_color "$val" bold red)" "$@" } wrap_warning() { wrap_color >&2 "$*" red @@ -165,35 +174,35 @@ echo 'Generally Necessary:' echo -n '- ' if [ "$(stat -f -c %t /sys/fs/cgroup 2>/dev/null)" = "63677270" ]; then - echo "$(wrap_good 'cgroup hierarchy' 'cgroupv2')" + wrap_good 'cgroup hierarchy' 'cgroupv2' else cgroupSubsystemDir="$(awk '/[, ](cpu|cpuacct|cpuset|devices|freezer|memory)[, ]/ && $3 == "cgroup" { print $2 }' /proc/mounts | head -n1)" cgroupDir="$(dirname "$cgroupSubsystemDir")" if [ -d "$cgroupDir/cpu" -o -d "$cgroupDir/cpuacct" -o -d "$cgroupDir/cpuset" -o -d "$cgroupDir/devices" -o -d "$cgroupDir/freezer" -o -d "$cgroupDir/memory" ]; then - echo "$(wrap_good 'cgroup hierarchy' 'properly mounted') [$cgroupDir]" + wrap_good 'cgroup hierarchy' 'properly mounted' "[$cgroupDir]" else if [ "$cgroupSubsystemDir" ]; then - echo "$(wrap_bad 'cgroup hierarchy' 'single mountpoint!') [$cgroupSubsystemDir]" + wrap_bad 'cgroup hierarchy' 'single mountpoint!' "[$cgroupSubsystemDir]" else - echo "$(wrap_bad 'cgroup hierarchy' 'nonexistent??')" + wrap_bad 'cgroup hierarchy' 'nonexistent??' fi - echo " $(wrap_color '(see https://github.com/tianon/cgroupfs-mount)' yellow)" + wrap_color ' (see https://github.com/tianon/cgroupfs-mount)' yellow fi fi if [ "$(cat /sys/module/apparmor/parameters/enabled 2>/dev/null)" = 'Y' ]; then echo -n '- ' if command -v apparmor_parser &>/dev/null; then - echo "$(wrap_good 'apparmor' 'enabled and tools installed')" + wrap_good 'apparmor' 'enabled and tools installed' else - echo "$(wrap_bad 'apparmor' 'enabled, but apparmor_parser missing')" + wrap_bad 'apparmor' 'enabled, but apparmor_parser missing' echo -n ' ' if command -v apt-get &>/dev/null; then - echo "$(wrap_color '(use "apt-get install apparmor" to fix this)')" + wrap_color '(use "apt-get install apparmor" to fix this)' yellow elif command -v yum &>/dev/null; then - echo "$(wrap_color '(your best bet is "yum install apparmor-parser")')" + wrap_color '(your best bet is "yum install apparmor-parser")' yellow else - echo "$(wrap_color '(look for an "apparmor" package for your distribution)')" + wrap_color '(look for an "apparmor" package for your distribution)' yellow fi fi fi @@ -236,7 +245,7 @@ echo 'Optional Features:' if [ "$kernelMajor" -lt 5 ] || [ "$kernelMajor" -eq 5 -a "$kernelMinor" -le 8 ]; then check_flags MEMCG_SWAP_ENABLED if is_set MEMCG_SWAP && ! is_set MEMCG_SWAP_ENABLED; then - echo " $(wrap_color '(note that cgroup swap accounting is not enabled in your kernel config, you can enable it by setting boot option "swapaccount=1")' bold black)" + wrap_color ' (note that cgroup swap accounting is not enabled in your kernel config, you can enable it by setting boot option "swapaccount=1")' bold black fi fi } From baa06227a4ec49ae0354c6aa43f1bcf7f372001c Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 16 Feb 2022 13:25:27 -0800 Subject: [PATCH 0007/1176] script/check-config.sh: fix SC2166 warnings Like this one: In ./script/check-config.sh line 215: if [ "$kernelMajor" -lt 5 ] || [ "$kernelMajor" -eq 5 -a "$kernelMinor" -le 1 ]; then ^-- SC2166 (warning): Prefer [ p ] && [ q ] as [ p -a q ] is not well defined. Signed-off-by: Kir Kolyshkin --- script/check-config.sh | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/script/check-config.sh b/script/check-config.sh index 97ec3ef0540..e8279330418 100755 --- a/script/check-config.sh +++ b/script/check-config.sh @@ -27,6 +27,11 @@ kernelMajor="${kernelVersion%%.*}" kernelMinor="${kernelVersion#$kernelMajor.}" kernelMinor="${kernelMinor%%.*}" +kernel_lt() { + [ "$kernelMajor" -lt "$1" ] && return + [ "$kernelMajor" -eq "$1" ] && [ "$kernelMinor" -le "$2" ] +} + is_set() { zgrep "CONFIG_$1=[y|m]" "$CONFIG" >/dev/null } @@ -178,7 +183,7 @@ if [ "$(stat -f -c %t /sys/fs/cgroup 2>/dev/null)" = "63677270" ]; then else cgroupSubsystemDir="$(awk '/[, ](cpu|cpuacct|cpuset|devices|freezer|memory)[, ]/ && $3 == "cgroup" { print $2 }' /proc/mounts | head -n1)" cgroupDir="$(dirname "$cgroupSubsystemDir")" - if [ -d "$cgroupDir/cpu" -o -d "$cgroupDir/cpuacct" -o -d "$cgroupDir/cpuset" -o -d "$cgroupDir/devices" -o -d "$cgroupDir/freezer" -o -d "$cgroupDir/memory" ]; then + if [ -d "$cgroupDir/cpu" ] || [ -d "$cgroupDir/cpuacct" ] || [ -d "$cgroupDir/cpuset" ] || [ -d "$cgroupDir/devices" ] || [ -d "$cgroupDir/freezer" ] || [ -d "$cgroupDir/memory" ]; then wrap_good 'cgroup hierarchy' 'properly mounted' "[$cgroupDir]" else if [ "$cgroupSubsystemDir" ]; then @@ -221,11 +226,11 @@ flags=( ) check_flags "${flags[@]}" -if [ "$kernelMajor" -lt 5 ] || [ "$kernelMajor" -eq 5 -a "$kernelMinor" -le 1 ]; then +if kernel_lt 5 1; then check_flags NF_NAT_IPV4 fi -if [ "$kernelMajor" -lt 5 ] || [ "$kernelMajor" -eq 5 -a "$kernelMinor" -le 2 ]; then +if kernel_lt 5 2; then check_flags NF_NAT_NEEDED fi @@ -242,7 +247,7 @@ echo 'Optional Features:' check_flags MEMCG_SWAP - if [ "$kernelMajor" -lt 5 ] || [ "$kernelMajor" -eq 5 -a "$kernelMinor" -le 8 ]; then + if kernel_lt 5 8; then check_flags MEMCG_SWAP_ENABLED if is_set MEMCG_SWAP && ! is_set MEMCG_SWAP_ENABLED; then wrap_color ' (note that cgroup swap accounting is not enabled in your kernel config, you can enable it by setting boot option "swapaccount=1")' bold black @@ -250,21 +255,21 @@ echo 'Optional Features:' fi } -if [ "$kernelMajor" -lt 4 ] || [ "$kernelMajor" -eq 4 -a "$kernelMinor" -le 5 ]; then +if kernel_lt 4 5; then check_flags MEMCG_KMEM fi -if [ "$kernelMajor" -lt 3 ] || [ "$kernelMajor" -eq 3 -a "$kernelMinor" -le 18 ]; then +if kernel_lt 3 18; then check_flags RESOURCE_COUNTERS fi -if [ "$kernelMajor" -lt 3 ] || [ "$kernelMajor" -eq 3 -a "$kernelMinor" -le 13 ]; then +if kernel_lt 3 13; then netprio=NETPRIO_CGROUP else netprio=CGROUP_NET_PRIO fi -if [ "$kernelMajor" -lt 5 ]; then +if kernel_lt 5 0; then check_flags IOSCHED_CFQ CFQ_GROUP_IOSCHED fi From d66498e7716732a478b40c8136a9fcf4642673fe Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 16 Feb 2022 13:26:53 -0800 Subject: [PATCH 0008/1176] script/check-config.sh: fix remaining shellcheck warnings ... and add this file to shellcheck target in Makefile. These: In script/check-config.sh line 27: kernelMinor="${kernelVersion#$kernelMajor.}" ^----------^ SC2295 (info): Expansions inside ${..} need to be quoted separately, otherwise they match as patterns. Did you mean: kernelMinor="${kernelVersion#"$kernelMajor".}" In script/check-config.sh line 103: source /etc/os-release 2>/dev/null || /bin/true ^-------------^ SC1091 (info): Not following: /etc/os-release was not specified as input (see shellcheck -x). In script/check-config.sh line 267: NET_CLS_CGROUP $netprio ^------^ SC2206 (warning): Quote to prevent word splitting/globbing, or split robustly with mapfile or read -a. Signed-off-by: Kir Kolyshkin --- Makefile | 2 +- script/check-config.sh | 8 +++++--- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/Makefile b/Makefile index 6b2b43f2d8f..bc6b80bef03 100644 --- a/Makefile +++ b/Makefile @@ -133,7 +133,7 @@ cfmt: shellcheck: shellcheck tests/integration/*.bats tests/integration/*.sh \ tests/integration/*.bash tests/*.sh \ - script/release_*.sh script/seccomp.sh script/lib.sh + script/* # TODO: add shellcheck for more sh files shfmt: diff --git a/script/check-config.sh b/script/check-config.sh index e8279330418..7a700af23d9 100755 --- a/script/check-config.sh +++ b/script/check-config.sh @@ -24,7 +24,7 @@ fi kernelVersion="$(uname -r)" kernelMajor="${kernelVersion%%.*}" -kernelMinor="${kernelVersion#$kernelMajor.}" +kernelMinor="${kernelVersion#"$kernelMajor".}" kernelMinor="${kernelMinor%%.*}" kernel_lt() { @@ -113,7 +113,9 @@ check_flags() { } check_distro_userns() { - source /etc/os-release 2>/dev/null || /bin/true + [ -r /etc/os-release ] || return 0 + # shellcheck source=/dev/null + . /etc/os-release 2>/dev/null || return 0 if [[ "${ID}" =~ ^(centos|rhel)$ && "${VERSION_ID}" =~ ^7 ]]; then # this is a CentOS7 or RHEL7 system grep -q "user_namespace.enable=1" /proc/cmdline || { @@ -277,7 +279,7 @@ flags=( BLK_CGROUP BLK_DEV_THROTTLING CGROUP_PERF CGROUP_HUGETLB - NET_CLS_CGROUP $netprio + NET_CLS_CGROUP "$netprio" CFS_BANDWIDTH FAIR_GROUP_SCHED RT_GROUP_SCHED IP_NF_TARGET_REDIRECT IP_VS From 5d1ef78cadaeb0708d9ea46c545c3e821517caaf Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 16 Feb 2022 13:35:50 -0800 Subject: [PATCH 0009/1176] script/check-config.sh: enable set -u, fix issues One particularly bad one is ${codes[@]} which is fine in bash 4.4+, but gives "codes[@]: unbound variable" with older bash versions, such as with bash 4.2 used on CentOS 6. It's good that this is the only array in the script that can potentially be empty. Signed-off-by: Kir Kolyshkin --- script/check-config.sh | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/script/check-config.sh b/script/check-config.sh index 7a700af23d9..ec8bc63a573 100755 --- a/script/check-config.sh +++ b/script/check-config.sh @@ -1,5 +1,5 @@ #!/usr/bin/env bash -set -e +set -e -u # bits of this were adapted from check_config.sh in docker # see also https://github.com/docker/docker/blob/master/contrib/check-config.sh @@ -45,11 +45,11 @@ is_set_as_module() { color() { local codes=() if [ "$1" = 'bold' ]; then - codes=("${codes[@]}" '1') + codes=("${codes[@]-}" '1') shift fi if [ "$#" -gt 0 ]; then - local code + local code='' case "$1" in # see https://en.wikipedia.org/wiki/ANSI_escape_code#Colors black) code=30 ;; @@ -62,11 +62,11 @@ color() { white) code=37 ;; esac if [ "$code" ]; then - codes=("${codes[@]}" "$code") + codes=("${codes[@]-}" "$code") fi fi local IFS=';' - echo -en '\033['"${codes[*]}"'m' + echo -en '\033['"${codes[*]-}"'m' } wrap_color() { text="$1" @@ -134,8 +134,7 @@ is_config() { } search_config() { - local target_dir="$1" - [[ "$target_dir" ]] || target_dir=("${possibleConfigs[@]}") + local target_dir=("${1:-${possibleConfigs[@]}}") local tryConfig for tryConfig in "${target_dir[@]}"; do @@ -159,7 +158,7 @@ search_config() { exit 1 } -CONFIG="$1" +CONFIG="${1:-}" is_config "$CONFIG" || { if [[ ! "$CONFIG" ]]; then From cacc823724d9b7447c9747cd19d007565fc1f520 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 16 Feb 2022 13:45:40 -0800 Subject: [PATCH 0010/1176] ci: add call to check-config.sh This is done to make sure the script is working correctly in different environments (distro and kernel versions). In addition, we can see in test logs which kernel features are enabled. Note that I didn't want to have a separate job for GHA CI, so I just added this to the end of shellcheck one. Signed-off-by: Kir Kolyshkin --- .cirrus.yml | 4 ++++ .github/workflows/validate.yml | 2 ++ 2 files changed, 6 insertions(+) diff --git a/.cirrus.yml b/.cirrus.yml index f72637a3980..e2e7a3dc43f 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -51,6 +51,8 @@ task: vagrant ssh-config >> /root/.ssh/config guest_info_script: | ssh default 'sh -exc "uname -a && systemctl --version && df -T && cat /etc/os-release && go version"' + check_config_script: | + ssh default /vagrant/script/check-config.sh unit_tests_script: | ssh default 'sudo -i make -C /vagrant localunittest' integration_systemd_script: | @@ -144,6 +146,8 @@ task: df -T echo "-----" systemctl --version + check_config_script: | + /home/runc/script/check-config.sh unit_tests_script: | ssh -tt localhost "make -C /home/runc localunittest" integration_systemd_script: | diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index c21efd3dad5..20facee1280 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -118,6 +118,8 @@ jobs: - name: shellcheck run: | make shellcheck + - name: check-config.sh + run : ./script/check-config.sh deps: runs-on: ubuntu-20.04 From ae6cb653f4250a9d4c2f190613241c85b5a1c125 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 16 Feb 2022 13:52:46 -0800 Subject: [PATCH 0011/1176] man/*sh: fix shellcheck warnings, add to shellcheck Now the only remaining file that needs shellcheck warnings to be fixed is bash-completion. Note that in Makefile's TODO. Signed-off-by: Kir Kolyshkin --- Makefile | 4 ++-- man/md2man-all.sh | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Makefile b/Makefile index bc6b80bef03..dcceb0b1693 100644 --- a/Makefile +++ b/Makefile @@ -133,8 +133,8 @@ cfmt: shellcheck: shellcheck tests/integration/*.bats tests/integration/*.sh \ tests/integration/*.bash tests/*.sh \ - script/* - # TODO: add shellcheck for more sh files + man/*.sh script/* + # TODO: add shellcheck for more sh files (contrib/completions/bash/runc). shfmt: shfmt -ln bats -d -w tests/integration/*.bats diff --git a/man/md2man-all.sh b/man/md2man-all.sh index eaee58ee5af..04d9c70a4e1 100755 --- a/man/md2man-all.sh +++ b/man/md2man-all.sh @@ -2,7 +2,7 @@ set -e # get into this script's directory -cd "$(dirname "$(readlink -f "$BASH_SOURCE")")" +cd "$(dirname "$(readlink -f "${BASH_SOURCE[0]}")")" [ "$1" = '-q' ] || { set -x @@ -18,7 +18,7 @@ for FILE in *.md; do base="$(basename "$FILE")" name="${base%.md}" num="${name##*.}" - if [ -z "$num" -o "$name" = "$num" ]; then + if [ -z "$num" ] || [ "$name" = "$num" ]; then # skip files that aren't of the format xxxx.N.md (like README.md) continue fi From 67e06706ef4e0ebc8c2a3d531c0058a772e48d91 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 31 Mar 2022 09:57:32 -0700 Subject: [PATCH 0012/1176] ci/gha: limit jobs permissions Most jobs only require to read the repo. Some require to read PRs as well. For details, see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions Reported-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> Co-authored-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> Signed-off-by: Kir Kolyshkin --- .github/workflows/test.yml | 2 ++ .github/workflows/validate.yml | 8 ++++++++ 2 files changed, 10 insertions(+) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index dc8ccd1b99b..2b7078982e8 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -10,6 +10,8 @@ on: - main - release-* pull_request: +permissions: + contents: read env: # Don't ignore C warnings. Note that the output of "go env CGO_CFLAGS" by default is "-g -O2", so we keep them. diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 35a7dadb1bf..5828c57793a 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -9,10 +9,15 @@ on: pull_request: env: GO_VERSION: 1.18.x +permissions: + contents: read jobs: lint: + permissions: + contents: read + pull-requests: read runs-on: ubuntu-20.04 steps: - uses: actions/checkout@v3 @@ -140,6 +145,9 @@ jobs: commit: + permissions: + contents: read + pull-requests: read runs-on: ubuntu-20.04 # Only check commits on pull requests. if: github.event_name == 'pull_request' From b76b6b9338917bcdb258d512a582d613a477e58d Mon Sep 17 00:00:00 2001 From: Irwin D'Souza Date: Thu, 7 Apr 2022 14:08:59 -0400 Subject: [PATCH 0013/1176] Allow mounting of /proc/sys/kernel/ns_last_pid The CAP_CHECKPOINT_RESTORE linux capability provides the ability to update /proc/sys/kernel/ns_last_pid. However, because this file is under /proc, and by default both K8s and CRI-O specify that /proc/sys should be mounted as Read-Only, by default even with the capability specified, a process will not be able to write to ns_last_pid. To get around this, a pod author can specify a volume mount and a hostpath to bind-mount /proc/sys/kernel/ns_last_pid. However, runc does not allow specifying mounts under /proc. This commit adds /proc/sys/kernel/ns_last_pid to the validProcMounts string array to enable a pod author to mount ns_last_pid as read-write. The default remains unchanged; unless explicitly requested as a volume mount, ns_last_pid will remain read-only regardless of whether or not CAP_CHECKPOINT_RESTORE is specified. Signed-off-by: Irwin D'Souza --- libcontainer/rootfs_linux.go | 1 + libcontainer/rootfs_linux_test.go | 8 ++++++++ 2 files changed, 9 insertions(+) diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index 5290a45ec73..e8d8211b198 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -554,6 +554,7 @@ func checkProcMount(rootfs, dest, source string) error { "/proc/loadavg", "/proc/slabinfo", "/proc/net/dev", + "/proc/sys/kernel/ns_last_pid", } for _, valid := range validProcMounts { path, err := filepath.Rel(filepath.Join(rootfs, valid), dest) diff --git a/libcontainer/rootfs_linux_test.go b/libcontainer/rootfs_linux_test.go index e3bfdc50315..8709a5e47f7 100644 --- a/libcontainer/rootfs_linux_test.go +++ b/libcontainer/rootfs_linux_test.go @@ -38,6 +38,14 @@ func TestCheckMountDestFalsePositive(t *testing.T) { } } +func TestCheckMountDestNsLastPid(t *testing.T) { + dest := "/rootfs/proc/sys/kernel/ns_last_pid" + err := checkProcMount("/rootfs", dest, "/proc") + if err != nil { + t.Fatal("/proc/sys/kernel/ns_last_pid should not return an error") + } +} + func TestNeedsSetupDev(t *testing.T) { config := &configs.Config{ Mounts: []*configs.Mount{ From 9d2268b9dbd5421f0ca77b8ea834b74e7ac46783 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 11 Apr 2022 04:16:41 +0000 Subject: [PATCH 0014/1176] build(deps): bump actions/setup-go from 2 to 3 Bumps [actions/setup-go](https://github.com/actions/setup-go) from 2 to 3. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/v2...v3) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/test.yml | 4 ++-- .github/workflows/validate.yml | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index dc8ccd1b99b..fba8480505e 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -60,7 +60,7 @@ jobs: rm -rf ~/criu - name: install go ${{ matrix.go-version }} - uses: actions/setup-go@v2 + uses: actions/setup-go@v3 with: stable: '!contains(${{ matrix.go-version }}, "beta") && !contains(${{ matrix.go-version }}, "rc")' go-version: ${{ matrix.go-version }} @@ -120,7 +120,7 @@ jobs: sudo apt -q install libseccomp-dev libseccomp-dev:i386 gcc-multilib criu - name: install go - uses: actions/setup-go@v2 + uses: actions/setup-go@v3 with: go-version: 1.x # Latest stable diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 35a7dadb1bf..9c4feb93e6e 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-20.04 steps: - uses: actions/checkout@v3 - - uses: actions/setup-go@v2 + - uses: actions/setup-go@v3 with: go-version: "${{ env.GO_VERSION }}" - name: install deps @@ -35,7 +35,7 @@ jobs: contents: read steps: - uses: actions/checkout@v3 - - uses: actions/setup-go@v2 + - uses: actions/setup-go@v3 with: go-version: "${{ env.GO_VERSION }}" - name: install deps @@ -57,7 +57,7 @@ jobs: steps: - uses: actions/checkout@v3 - name: install go - uses: actions/setup-go@v2 + uses: actions/setup-go@v3 with: go-version: "${{ env.GO_VERSION }}" - name: compile with no build tags @@ -124,7 +124,7 @@ jobs: steps: - uses: actions/checkout@v3 - name: install go - uses: actions/setup-go@v2 + uses: actions/setup-go@v3 with: go-version: "${{ env.GO_VERSION }}" - name: cache go mod and $GOCACHE From b6eb94762ad8fdb2d84488351f9ec4cf855abec9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 11 Apr 2022 04:16:44 +0000 Subject: [PATCH 0015/1176] build(deps): bump actions/upload-artifact from 2 to 3 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 2 to 3. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v2...v3) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/validate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 35a7dadb1bf..e7b88725cce 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -198,7 +198,7 @@ jobs: - name: make releaseall run: make releaseall - name: upload artifacts - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v3 with: name: release-${{ github.run_id }} path: release/* From 66be704d02577c36af4464097f79cb40c2219191 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 11 Apr 2022 17:14:13 -0700 Subject: [PATCH 0016/1176] ci/gha: remove stable: when installing Go Since the recent bump of actions/setup-go to v3 (commit 9d2268b9dbd5421f0), specifying "stable:" is no longer needed when we want to try a beta or rc version of Go. Remove it. Signed-off-by: Kir Kolyshkin --- .github/workflows/test.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index fba8480505e..a9383809387 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -62,7 +62,6 @@ jobs: - name: install go ${{ matrix.go-version }} uses: actions/setup-go@v3 with: - stable: '!contains(${{ matrix.go-version }}, "beta") && !contains(${{ matrix.go-version }}, "rc")' go-version: ${{ matrix.go-version }} - name: build From d73579cabc6d956a95b54b727c3b0727bb70eddb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Apr 2022 06:35:18 +0000 Subject: [PATCH 0017/1176] build(deps): bump actions/cache from 3.0.1 to 3.0.2 Bumps [actions/cache](https://github.com/actions/cache) from 3.0.1 to 3.0.2. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/v3.0.1...v3.0.2) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/validate.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 9c4feb93e6e..09138ac7f7a 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -82,7 +82,7 @@ jobs: echo "VERSION=3.3.1" >> $GITHUB_ENV echo "$(go env GOPATH)/bin" >> $GITHUB_PATH - name: cache go mod and $GOCACHE - uses: actions/cache@v3.0.1 + uses: actions/cache@v3.0.2 with: path: | ~/go/pkg/mod @@ -128,7 +128,7 @@ jobs: with: go-version: "${{ env.GO_VERSION }}" - name: cache go mod and $GOCACHE - uses: actions/cache@v3.0.1 + uses: actions/cache@v3.0.2 with: path: | ~/go/pkg/mod From de25777a4b4b6f199fb5bb7df39e5c8be271c773 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 13 Apr 2022 04:17:00 +0000 Subject: [PATCH 0018/1176] build(deps): bump github.com/moby/sys/mountinfo from 0.6.0 to 0.6.1 Bumps [github.com/moby/sys/mountinfo](https://github.com/moby/sys) from 0.6.0 to 0.6.1. - [Release notes](https://github.com/moby/sys/releases) - [Commits](https://github.com/moby/sys/compare/signal/v0.6.0...mountinfo/v0.6.1) --- updated-dependencies: - dependency-name: github.com/moby/sys/mountinfo dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- vendor/github.com/moby/sys/mountinfo/mounted_unix.go | 7 +++---- vendor/modules.txt | 2 +- 4 files changed, 7 insertions(+), 8 deletions(-) diff --git a/go.mod b/go.mod index 8877dded0b6..7522b595764 100644 --- a/go.mod +++ b/go.mod @@ -10,7 +10,7 @@ require ( github.com/cyphar/filepath-securejoin v0.2.3 github.com/docker/go-units v0.4.0 github.com/godbus/dbus/v5 v5.1.0 - github.com/moby/sys/mountinfo v0.6.0 + github.com/moby/sys/mountinfo v0.6.1 github.com/mrunalp/fileutils v0.5.0 github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 github.com/opencontainers/selinux v1.10.1 diff --git a/go.sum b/go.sum index fae3174b331..1d1c4d85e10 100644 --- a/go.sum +++ b/go.sum @@ -32,8 +32,8 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -github.com/moby/sys/mountinfo v0.6.0 h1:gUDhXQx58YNrpHlK4nSL+7y2pxFZkUcXqzFDKWdC0Oo= -github.com/moby/sys/mountinfo v0.6.0/go.mod h1:3bMD3Rg+zkqx8MRYPi7Pyb0Ie97QEBmdxbhnCLlSvSU= +github.com/moby/sys/mountinfo v0.6.1 h1:+H/KnGEAGRpTrEAqNVQ2AM3SiwMgJUt/TXj+Z8cmCIc= +github.com/moby/sys/mountinfo v0.6.1/go.mod h1:3bMD3Rg+zkqx8MRYPi7Pyb0Ie97QEBmdxbhnCLlSvSU= github.com/mrunalp/fileutils v0.5.0 h1:NKzVxiH7eSk+OQ4M+ZYW1K6h27RUV3MI6NUTsHhU6Z4= github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ= github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 h1:3snG66yBm59tKhhSPQrQ/0bCrv1LQbKt40LnUPiUxdc= diff --git a/vendor/github.com/moby/sys/mountinfo/mounted_unix.go b/vendor/github.com/moby/sys/mountinfo/mounted_unix.go index 45ddad236f3..242f82cc72a 100644 --- a/vendor/github.com/moby/sys/mountinfo/mounted_unix.go +++ b/vendor/github.com/moby/sys/mountinfo/mounted_unix.go @@ -4,7 +4,6 @@ package mountinfo import ( - "fmt" "os" "path/filepath" @@ -33,13 +32,13 @@ func mountedByStat(path string) (bool, error) { func normalizePath(path string) (realPath string, err error) { if realPath, err = filepath.Abs(path); err != nil { - return "", fmt.Errorf("unable to get absolute path for %q: %w", path, err) + return "", err } if realPath, err = filepath.EvalSymlinks(realPath); err != nil { - return "", fmt.Errorf("failed to canonicalise path for %q: %w", path, err) + return "", err } if _, err := os.Stat(realPath); err != nil { - return "", fmt.Errorf("failed to stat target of %q: %w", path, err) + return "", err } return realPath, nil } diff --git a/vendor/modules.txt b/vendor/modules.txt index 2a422ccc0e6..5fdb5d18d20 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -30,7 +30,7 @@ github.com/docker/go-units # github.com/godbus/dbus/v5 v5.1.0 ## explicit; go 1.12 github.com/godbus/dbus/v5 -# github.com/moby/sys/mountinfo v0.6.0 +# github.com/moby/sys/mountinfo v0.6.1 ## explicit; go 1.16 github.com/moby/sys/mountinfo # github.com/mrunalp/fileutils v0.5.0 From fa83a17c5754813f3b35c34f1d68fc1ac55484e1 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 11 Apr 2022 17:20:06 -0700 Subject: [PATCH 0019/1176] ci/gha: convert lint-extra from a job to a step There is no need to parallelize lint and lint-extra jobs, and they only differ with the arguments to golangci-lint. Given that the longest time spent in these jobs is installing libseccomp-dev, and that the second linter run can probably benefit a lot from caching, it makes sense to merge them. Move lint-extra from a separate job to a step in lint job. The implementation is motivated by [1] and relies on the fact that the last commit being fetched is the merge commit. So, we need to set fetch-depth to 2 to be able to see the diff of the merge commit -- and this is what golangci-lint is using. [1] https://github.com/golangci/golangci-lint-action/issues/449#issuecomment-1096995821 Signed-off-by: Kir Kolyshkin --- .github/workflows/validate.yml | 27 ++++++--------------------- .golangci-extra.yml | 2 +- 2 files changed, 7 insertions(+), 22 deletions(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index f60c191e946..be0007182c1 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -16,25 +16,8 @@ jobs: runs-on: ubuntu-20.04 steps: - uses: actions/checkout@v3 - - uses: actions/setup-go@v3 - with: - go-version: "${{ env.GO_VERSION }}" - - name: install deps - run: | - sudo apt -q update - sudo apt -q install libseccomp-dev - - uses: golangci/golangci-lint-action@v3 with: - version: v1.45 - - lint-extra: - # Extra linters, only checking new code from pull requests. - if: github.event_name == 'pull_request' - runs-on: ubuntu-20.04 - permissions: - contents: read - steps: - - uses: actions/checkout@v3 + fetch-depth: 2 - uses: actions/setup-go@v3 with: go-version: "${{ env.GO_VERSION }}" @@ -44,10 +27,12 @@ jobs: sudo apt -q install libseccomp-dev - uses: golangci/golangci-lint-action@v3 with: - only-new-issues: true - args: --config .golangci-extra.yml version: v1.45 - + # Extra linters, only checking new code from a pull request. + - name: lint-extra + if: github.event_name == 'pull_request' + run: | + golangci-lint run --config .golangci-extra.yml --new-from-rev=HEAD~1 --out-format=github-actions compile-buildtags: runs-on: ubuntu-20.04 diff --git a/.golangci-extra.yml b/.golangci-extra.yml index 1c160e6a660..be33f90d7f9 100644 --- a/.golangci-extra.yml +++ b/.golangci-extra.yml @@ -1,5 +1,5 @@ # This is golangci-lint config file which is used to check new code in -# github PRs only (see lint-extra job in .github/workflows/validate.yml). +# github PRs only (see lint-extra in .github/workflows/validate.yml). # # For the default linter config, see .golangci.yml. This config should # only enable additional linters not enabled in the default config. From 9c710564fdaaad81f00783ab8e00cbba42f4674a Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 21 Apr 2022 19:36:49 -0700 Subject: [PATCH 0020/1176] vendor: bump urfave/cli to v1.22.6 This finally fixes the regression of not allowing -1 as an argument, which is reported in https://github.com/urfave/cli/pull/1135. Signed-off-by: Kir Kolyshkin --- go.mod | 3 +- go.sum | 4 +- vendor/github.com/urfave/cli/.gitignore | 4 +- vendor/github.com/urfave/cli/.travis.yml | 35 - vendor/github.com/urfave/cli/CHANGELOG.md | 504 ------ vendor/github.com/urfave/cli/CONTRIBUTING.md | 18 - vendor/github.com/urfave/cli/README.md | 1523 +---------------- vendor/github.com/urfave/cli/app.go | 15 +- vendor/github.com/urfave/cli/appveyor.yml | 11 +- vendor/github.com/urfave/cli/command.go | 99 +- vendor/github.com/urfave/cli/context.go | 11 +- vendor/github.com/urfave/cli/flag.go | 2 +- .../github.com/urfave/cli/flag_int64_slice.go | 64 +- .../github.com/urfave/cli/flag_int_slice.go | 64 +- .../urfave/cli/flag_string_slice.go | 54 +- vendor/github.com/urfave/cli/help.go | 55 +- vendor/github.com/urfave/cli/parse.go | 54 +- vendor/modules.txt | 2 +- 18 files changed, 359 insertions(+), 2163 deletions(-) delete mode 100644 vendor/github.com/urfave/cli/.travis.yml delete mode 100644 vendor/github.com/urfave/cli/CHANGELOG.md delete mode 100644 vendor/github.com/urfave/cli/CONTRIBUTING.md diff --git a/go.mod b/go.mod index 7522b595764..14884815e93 100644 --- a/go.mod +++ b/go.mod @@ -17,8 +17,7 @@ require ( github.com/seccomp/libseccomp-golang v0.9.2-0.20210429002308-3879420cc921 github.com/sirupsen/logrus v1.8.1 github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 - // NOTE: urfave/cli must be <= v1.22.1 due to a regression: https://github.com/urfave/cli/issues/1092 - github.com/urfave/cli v1.22.1 + github.com/urfave/cli v1.22.6 github.com/vishvananda/netlink v1.1.0 golang.org/x/net v0.0.0-20201224014010-6772e930b67b golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c diff --git a/go.sum b/go.sum index 1d1c4d85e10..f413bd956e7 100644 --- a/go.sum +++ b/go.sum @@ -56,8 +56,8 @@ github.com/stretchr/testify v1.2.2 h1:bSDNvY7ZPG5RlJ8otE/7V6gMiyenm9RtJ7IUVIAoJ1 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 h1:kdXcSzyDtseVEc4yCz2qF8ZrQvIDBJLl4S1c3GCXmoI= github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= -github.com/urfave/cli v1.22.1 h1:+mkCCcOFKPnCmVYVcURKps1Xe+3zP90gSYGNfRkjoIY= -github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= +github.com/urfave/cli v1.22.6 h1:fceBvTciht0l37ZXw49pexwy3YcwRzxYqj5NV1vxalI= +github.com/urfave/cli v1.22.6/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/vishvananda/netlink v1.1.0 h1:1iyaYNBLmP6L0220aDnYQpo1QEV4t4hJ+xEEhhJH8j0= github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE= github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df h1:OviZH7qLw/7ZovXvuNyL3XQl8UFofeikI1NW1Gypu7k= diff --git a/vendor/github.com/urfave/cli/.gitignore b/vendor/github.com/urfave/cli/.gitignore index 7a7e2d9ef01..8ae196feed2 100644 --- a/vendor/github.com/urfave/cli/.gitignore +++ b/vendor/github.com/urfave/cli/.gitignore @@ -1,3 +1,5 @@ *.coverprofile +coverage.txt node_modules/ -vendor \ No newline at end of file +vendor +.idea diff --git a/vendor/github.com/urfave/cli/.travis.yml b/vendor/github.com/urfave/cli/.travis.yml deleted file mode 100644 index e500b380d14..00000000000 --- a/vendor/github.com/urfave/cli/.travis.yml +++ /dev/null @@ -1,35 +0,0 @@ -language: go -sudo: false -dist: bionic -osx_image: xcode10 -go: - - 1.11.x - - 1.12.x - - 1.13.x - -os: - - linux - - osx - -env: - GO111MODULE=on - GOPROXY=https://proxy.golang.org - -cache: - directories: - - node_modules - -before_script: - - go get github.com/urfave/gfmrun/cmd/gfmrun - - go get golang.org/x/tools/cmd/goimports - - npm install markdown-toc - - go mod tidy - -script: - - go run build.go vet - - go run build.go test - - go run build.go gfmrun - - go run build.go toc - -after_success: - - bash <(curl -s https://codecov.io/bash) diff --git a/vendor/github.com/urfave/cli/CHANGELOG.md b/vendor/github.com/urfave/cli/CHANGELOG.md deleted file mode 100644 index 7c1a27ec7af..00000000000 --- a/vendor/github.com/urfave/cli/CHANGELOG.md +++ /dev/null @@ -1,504 +0,0 @@ -# Change Log - -**ATTN**: This project uses [semantic versioning](http://semver.org/). - -## [Unreleased] - -## [1.22.1] - 2019-09-11 - -### Fixed - -* Hide output of hidden commands on man pages in [urfave/cli/pull/889](https://github.com/urfave/cli/pull/889) via [@crosbymichael](https://github.com/crosbymichael) -* Don't generate fish completion for hidden commands [urfave/cli/pull/891](https://github.com/urfave/891) via [@saschagrunert](https://github.com/saschagrunert) -* Using short flag names for required flags throws an error in [urfave/cli/pull/890](https://github.com/urfave/cli/pull/890) via [@asahasrabuddhe](https://github.com/asahasrabuddhe) - -### Changed - -* Remove flag code generation logic, legacy python test runner in [urfave/cli/pull/883](https://github.com/urfave/cli/pull/883) via [@asahasrabuddhe](https://github.com/asahasrabuddhe) -* Enable Go Modules support, drop support for `Go 1.10` add support for `Go 1.13` in [urfave/cli/pull/885](https://github.com/urfave/cli/pull/885) via [@asahasrabuddhe](https://github.com/asahasrabuddhe) - -## [1.22.0] - 2019-09-07 - -### Fixed - -* Fix Subcommands not falling back to `app.ExitEventHandler` in [urfave/cli/pull/856](https://github.com/urfave/cli/pull/856) via [@FaranIdo](https://github.com/FaranIdo) - -### Changed - -* Clarify that altsrc supports both TOML and JSON in [urfave/cli/pull/774](https://github.com/urfave/cli/pull/774) via [@whereswaldon](https://github.com/whereswaldon) -* Made the exit code example more clear in [urfave/cli/pull/823](https://github.com/urfave/cli/pull/823) via [@xordspar0](https://github.com/xordspar0) -* Removed the use of python for internal flag generation in [urfave/cli/pull/836](https://github.com/urfave/cli/pull/836) via [@asahasrabuddhe](https://github.com/asahasrabuddhe) -* Changed the supported go versions to `1.10`, `1.11`, `1.12` in [urfave/cli/pull/843](https://github.com/urfave/cli/pull/843) via [@lafriks](https://github.com/lafriks) -* Changed the v1 releases section in the readme in [urfave/cli/pull/862](https://github.com/urfave/cli/pull/862) via [@russoj88](https://github.com/russoj88) -* Cleaned up go modules in [urfave/cli/pull/874](https://github.com/urfave/cli/pull/874) via [@saschagrunert](https://github.com/saschagrunert) - -### Added - -* Added `UseShortOptionHandling` for combining short flags in [urfave/cli/pull/735](https://github.com/urfave/cli/pull/735) via [@rliebz](https://github.com/rliebz) -* Added support for flags bash completion in [urfave/cli/pull/808](https://github.com/urfave/cli/pull/808) via [@yogeshlonkar](https://github.com/yogeshlonkar) -* Added the `TakesFile` indicator to flag in [urfave/cli/pull/851](https://github.com/urfave/cli/pull/851) via [@saschagrunert](https://github.com/saschagrunert) -* Added fish shell completion support in [urfave/cli/pull/848](https://github.com/urfave/cli/pull/848) via [@saschagrunert](https://github.com/saschagrunert) - -## [1.21.0] - 2019-08-02 - -### Fixed - -* Fix using "slice" flag types with `EnvVar` in [urfave/cli/pull/687](https://github.com/urfave/cli/pull/687) via [@joshuarubin](https://github.com/joshuarubin) -* Fix regression of `SkipFlagParsing` behavior in [urfave/cli/pull/697](https://github.com/urfave/cli/pull/697) via [@jszwedko](https://github.com/jszwedko) -* Fix handling `ShortOptions` and `SkipArgReorder` in [urfave/cli/pull/686](https://github.com/urfave/cli/pull/686) via [@baude](https://github.com/baude) -* Fix args reordering when bool flags are present in [urfave/cli/pull/712](https://github.com/urfave/cli/pull/712) via [@windler](https://github.com/windler) -* Fix parsing of short options in [urfave/cli/pull/758](https://github.com/urfave/cli/pull/758) via [@vrothberg](https://github.com/vrothberg) -* Fix unaligned indents for the command help messages in [urfave/cli/pull/806](https://github.com/urfave/cli/pull/806) via [@mingrammer](https://github.com/mingrammer) - -### Changed - -* Cleaned up help output in [urfave/cli/pull/664](https://github.com/urfave/cli/pull/664) via [@maguro](https://github.com/maguro) -* Remove redundant nil checks in [urfave/cli/pull/773](https://github.com/urfave/cli/pull/773) via [@teresy](https://github.com/teresy) -* Case is now considered when sorting strings in [urfave/cli/pull/676](https://github.com/urfave/cli/pull/676) via [@rliebz](https://github.com/rliebz) - -### Added - -* Added _"required flags"_ support in [urfave/cli/pull/819](https://github.com/urfave/cli/pull/819) via [@lynncyrin](https://github.com/lynncyrin/) -* Backport JSON `InputSource` to v1 in [urfave/cli/pull/598](https://github.com/urfave/cli/pull/598) via [@jszwedko](https://github.com/jszwedko) -* Allow more customization of flag help strings in [urfave/cli/pull/661](https://github.com/urfave/cli/pull/661) via [@rliebz](https://github.com/rliebz) -* Allow custom `ExitError` handler function in [urfave/cli/pull/628](https://github.com/urfave/cli/pull/628) via [@phinnaeus](https://github.com/phinnaeus) -* Allow loading a variable from a file in [urfave/cli/pull/675](https://github.com/urfave/cli/pull/675) via [@jmccann](https://github.com/jmccann) -* Allow combining short bool names in [urfave/cli/pull/684](https://github.com/urfave/cli/pull/684) via [@baude](https://github.com/baude) -* Added test coverage to context in [urfave/cli/pull/788](https://github.com/urfave/cli/pull/788) via [@benzvan](https://github.com/benzvan) -* Added go module support in [urfave/cli/pull/831](https://github.com/urfave/cli/pull/831) via [@saschagrunert](https://github.com/saschagrunert) - -## [1.20.0] - 2017-08-10 - -### Fixed - -* `HandleExitCoder` is now correctly iterates over all errors in - a `MultiError`. The exit code is the exit code of the last error or `1` if - there are no `ExitCoder`s in the `MultiError`. -* Fixed YAML file loading on Windows (previously would fail validate the file path) -* Subcommand `Usage`, `Description`, `ArgsUsage`, `OnUsageError` correctly - propogated -* `ErrWriter` is now passed downwards through command structure to avoid the - need to redefine it -* Pass `Command` context into `OnUsageError` rather than parent context so that - all fields are avaiable -* Errors occuring in `Before` funcs are no longer double printed -* Use `UsageText` in the help templates for commands and subcommands if - defined; otherwise build the usage as before (was previously ignoring this - field) -* `IsSet` and `GlobalIsSet` now correctly return whether a flag is set if - a program calls `Set` or `GlobalSet` directly after flag parsing (would - previously only return `true` if the flag was set during parsing) - -### Changed - -* No longer exit the program on command/subcommand error if the error raised is - not an `OsExiter`. This exiting behavior was introduced in 1.19.0, but was - determined to be a regression in functionality. See [the - PR](https://github.com/urfave/cli/pull/595) for discussion. - -### Added - -* `CommandsByName` type was added to make it easy to sort `Command`s by name, - alphabetically -* `altsrc` now handles loading of string and int arrays from TOML -* Support for definition of custom help templates for `App` via - `CustomAppHelpTemplate` -* Support for arbitrary key/value fields on `App` to be used with - `CustomAppHelpTemplate` via `ExtraInfo` -* `HelpFlag`, `VersionFlag`, and `BashCompletionFlag` changed to explictly be - `cli.Flag`s allowing for the use of custom flags satisfying the `cli.Flag` - interface to be used. - - -## [1.19.1] - 2016-11-21 - -### Fixed - -- Fixes regression introduced in 1.19.0 where using an `ActionFunc` as - the `Action` for a command would cause it to error rather than calling the - function. Should not have a affected declarative cases using `func(c - *cli.Context) err)`. -- Shell completion now handles the case where the user specifies - `--generate-bash-completion` immediately after a flag that takes an argument. - Previously it call the application with `--generate-bash-completion` as the - flag value. - -## [1.19.0] - 2016-11-19 -### Added -- `FlagsByName` was added to make it easy to sort flags (e.g. `sort.Sort(cli.FlagsByName(app.Flags))`) -- A `Description` field was added to `App` for a more detailed description of - the application (similar to the existing `Description` field on `Command`) -- Flag type code generation via `go generate` -- Write to stderr and exit 1 if action returns non-nil error -- Added support for TOML to the `altsrc` loader -- `SkipArgReorder` was added to allow users to skip the argument reordering. - This is useful if you want to consider all "flags" after an argument as - arguments rather than flags (the default behavior of the stdlib `flag` - library). This is backported functionality from the [removal of the flag - reordering](https://github.com/urfave/cli/pull/398) in the unreleased version - 2 -- For formatted errors (those implementing `ErrorFormatter`), the errors will - be formatted during output. Compatible with `pkg/errors`. - -### Changed -- Raise minimum tested/supported Go version to 1.2+ - -### Fixed -- Consider empty environment variables as set (previously environment variables - with the equivalent of `""` would be skipped rather than their value used). -- Return an error if the value in a given environment variable cannot be parsed - as the flag type. Previously these errors were silently swallowed. -- Print full error when an invalid flag is specified (which includes the invalid flag) -- `App.Writer` defaults to `stdout` when `nil` -- If no action is specified on a command or app, the help is now printed instead of `panic`ing -- `App.Metadata` is initialized automatically now (previously was `nil` unless initialized) -- Correctly show help message if `-h` is provided to a subcommand -- `context.(Global)IsSet` now respects environment variables. Previously it - would return `false` if a flag was specified in the environment rather than - as an argument -- Removed deprecation warnings to STDERR to avoid them leaking to the end-user -- `altsrc`s import paths were updated to use `gopkg.in/urfave/cli.v1`. This - fixes issues that occurred when `gopkg.in/urfave/cli.v1` was imported as well - as `altsrc` where Go would complain that the types didn't match - -## [1.18.1] - 2016-08-28 -### Fixed -- Removed deprecation warnings to STDERR to avoid them leaking to the end-user (backported) - -## [1.18.0] - 2016-06-27 -### Added -- `./runtests` test runner with coverage tracking by default -- testing on OS X -- testing on Windows -- `UintFlag`, `Uint64Flag`, and `Int64Flag` types and supporting code - -### Changed -- Use spaces for alignment in help/usage output instead of tabs, making the - output alignment consistent regardless of tab width - -### Fixed -- Printing of command aliases in help text -- Printing of visible flags for both struct and struct pointer flags -- Display the `help` subcommand when using `CommandCategories` -- No longer swallows `panic`s that occur within the `Action`s themselves when - detecting the signature of the `Action` field - -## [1.17.1] - 2016-08-28 -### Fixed -- Removed deprecation warnings to STDERR to avoid them leaking to the end-user - -## [1.17.0] - 2016-05-09 -### Added -- Pluggable flag-level help text rendering via `cli.DefaultFlagStringFunc` -- `context.GlobalBoolT` was added as an analogue to `context.GlobalBool` -- Support for hiding commands by setting `Hidden: true` -- this will hide the - commands in help output - -### Changed -- `Float64Flag`, `IntFlag`, and `DurationFlag` default values are no longer - quoted in help text output. -- All flag types now include `(default: {value})` strings following usage when a - default value can be (reasonably) detected. -- `IntSliceFlag` and `StringSliceFlag` usage strings are now more consistent - with non-slice flag types -- Apps now exit with a code of 3 if an unknown subcommand is specified - (previously they printed "No help topic for...", but still exited 0. This - makes it easier to script around apps built using `cli` since they can trust - that a 0 exit code indicated a successful execution. -- cleanups based on [Go Report Card - feedback](https://goreportcard.com/report/github.com/urfave/cli) - -## [1.16.1] - 2016-08-28 -### Fixed -- Removed deprecation warnings to STDERR to avoid them leaking to the end-user - -## [1.16.0] - 2016-05-02 -### Added -- `Hidden` field on all flag struct types to omit from generated help text - -### Changed -- `BashCompletionFlag` (`--enable-bash-completion`) is now omitted from -generated help text via the `Hidden` field - -### Fixed -- handling of error values in `HandleAction` and `HandleExitCoder` - -## [1.15.0] - 2016-04-30 -### Added -- This file! -- Support for placeholders in flag usage strings -- `App.Metadata` map for arbitrary data/state management -- `Set` and `GlobalSet` methods on `*cli.Context` for altering values after -parsing. -- Support for nested lookup of dot-delimited keys in structures loaded from -YAML. - -### Changed -- The `App.Action` and `Command.Action` now prefer a return signature of -`func(*cli.Context) error`, as defined by `cli.ActionFunc`. If a non-nil -`error` is returned, there may be two outcomes: - - If the error fulfills `cli.ExitCoder`, then `os.Exit` will be called - automatically - - Else the error is bubbled up and returned from `App.Run` -- Specifying an `Action` with the legacy return signature of -`func(*cli.Context)` will produce a deprecation message to stderr -- Specifying an `Action` that is not a `func` type will produce a non-zero exit -from `App.Run` -- Specifying an `Action` func that has an invalid (input) signature will -produce a non-zero exit from `App.Run` - -### Deprecated -- -`cli.App.RunAndExitOnError`, which should now be done by returning an error -that fulfills `cli.ExitCoder` to `cli.App.Run`. -- the legacy signature for -`cli.App.Action` of `func(*cli.Context)`, which should now have a return -signature of `func(*cli.Context) error`, as defined by `cli.ActionFunc`. - -### Fixed -- Added missing `*cli.Context.GlobalFloat64` method - -## [1.14.0] - 2016-04-03 (backfilled 2016-04-25) -### Added -- Codebeat badge -- Support for categorization via `CategorizedHelp` and `Categories` on app. - -### Changed -- Use `filepath.Base` instead of `path.Base` in `Name` and `HelpName`. - -### Fixed -- Ensure version is not shown in help text when `HideVersion` set. - -## [1.13.0] - 2016-03-06 (backfilled 2016-04-25) -### Added -- YAML file input support. -- `NArg` method on context. - -## [1.12.0] - 2016-02-17 (backfilled 2016-04-25) -### Added -- Custom usage error handling. -- Custom text support in `USAGE` section of help output. -- Improved help messages for empty strings. -- AppVeyor CI configuration. - -### Changed -- Removed `panic` from default help printer func. -- De-duping and optimizations. - -### Fixed -- Correctly handle `Before`/`After` at command level when no subcommands. -- Case of literal `-` argument causing flag reordering. -- Environment variable hints on Windows. -- Docs updates. - -## [1.11.1] - 2015-12-21 (backfilled 2016-04-25) -### Changed -- Use `path.Base` in `Name` and `HelpName` -- Export `GetName` on flag types. - -### Fixed -- Flag parsing when skipping is enabled. -- Test output cleanup. -- Move completion check to account for empty input case. - -## [1.11.0] - 2015-11-15 (backfilled 2016-04-25) -### Added -- Destination scan support for flags. -- Testing against `tip` in Travis CI config. - -### Changed -- Go version in Travis CI config. - -### Fixed -- Removed redundant tests. -- Use correct example naming in tests. - -## [1.10.2] - 2015-10-29 (backfilled 2016-04-25) -### Fixed -- Remove unused var in bash completion. - -## [1.10.1] - 2015-10-21 (backfilled 2016-04-25) -### Added -- Coverage and reference logos in README. - -### Fixed -- Use specified values in help and version parsing. -- Only display app version and help message once. - -## [1.10.0] - 2015-10-06 (backfilled 2016-04-25) -### Added -- More tests for existing functionality. -- `ArgsUsage` at app and command level for help text flexibility. - -### Fixed -- Honor `HideHelp` and `HideVersion` in `App.Run`. -- Remove juvenile word from README. - -## [1.9.0] - 2015-09-08 (backfilled 2016-04-25) -### Added -- `FullName` on command with accompanying help output update. -- Set default `$PROG` in bash completion. - -### Changed -- Docs formatting. - -### Fixed -- Removed self-referential imports in tests. - -## [1.8.0] - 2015-06-30 (backfilled 2016-04-25) -### Added -- Support for `Copyright` at app level. -- `Parent` func at context level to walk up context lineage. - -### Fixed -- Global flag processing at top level. - -## [1.7.1] - 2015-06-11 (backfilled 2016-04-25) -### Added -- Aggregate errors from `Before`/`After` funcs. -- Doc comments on flag structs. -- Include non-global flags when checking version and help. -- Travis CI config updates. - -### Fixed -- Ensure slice type flags have non-nil values. -- Collect global flags from the full command hierarchy. -- Docs prose. - -## [1.7.0] - 2015-05-03 (backfilled 2016-04-25) -### Changed -- `HelpPrinter` signature includes output writer. - -### Fixed -- Specify go 1.1+ in docs. -- Set `Writer` when running command as app. - -## [1.6.0] - 2015-03-23 (backfilled 2016-04-25) -### Added -- Multiple author support. -- `NumFlags` at context level. -- `Aliases` at command level. - -### Deprecated -- `ShortName` at command level. - -### Fixed -- Subcommand help output. -- Backward compatible support for deprecated `Author` and `Email` fields. -- Docs regarding `Names`/`Aliases`. - -## [1.5.0] - 2015-02-20 (backfilled 2016-04-25) -### Added -- `After` hook func support at app and command level. - -### Fixed -- Use parsed context when running command as subcommand. -- Docs prose. - -## [1.4.1] - 2015-01-09 (backfilled 2016-04-25) -### Added -- Support for hiding `-h / --help` flags, but not `help` subcommand. -- Stop flag parsing after `--`. - -### Fixed -- Help text for generic flags to specify single value. -- Use double quotes in output for defaults. -- Use `ParseInt` instead of `ParseUint` for int environment var values. -- Use `0` as base when parsing int environment var values. - -## [1.4.0] - 2014-12-12 (backfilled 2016-04-25) -### Added -- Support for environment variable lookup "cascade". -- Support for `Stdout` on app for output redirection. - -### Fixed -- Print command help instead of app help in `ShowCommandHelp`. - -## [1.3.1] - 2014-11-13 (backfilled 2016-04-25) -### Added -- Docs and example code updates. - -### Changed -- Default `-v / --version` flag made optional. - -## [1.3.0] - 2014-08-10 (backfilled 2016-04-25) -### Added -- `FlagNames` at context level. -- Exposed `VersionPrinter` var for more control over version output. -- Zsh completion hook. -- `AUTHOR` section in default app help template. -- Contribution guidelines. -- `DurationFlag` type. - -## [1.2.0] - 2014-08-02 -### Added -- Support for environment variable defaults on flags plus tests. - -## [1.1.0] - 2014-07-15 -### Added -- Bash completion. -- Optional hiding of built-in help command. -- Optional skipping of flag parsing at command level. -- `Author`, `Email`, and `Compiled` metadata on app. -- `Before` hook func support at app and command level. -- `CommandNotFound` func support at app level. -- Command reference available on context. -- `GenericFlag` type. -- `Float64Flag` type. -- `BoolTFlag` type. -- `IsSet` flag helper on context. -- More flag lookup funcs at context level. -- More tests & docs. - -### Changed -- Help template updates to account for presence/absence of flags. -- Separated subcommand help template. -- Exposed `HelpPrinter` var for more control over help output. - -## [1.0.0] - 2013-11-01 -### Added -- `help` flag in default app flag set and each command flag set. -- Custom handling of argument parsing errors. -- Command lookup by name at app level. -- `StringSliceFlag` type and supporting `StringSlice` type. -- `IntSliceFlag` type and supporting `IntSlice` type. -- Slice type flag lookups by name at context level. -- Export of app and command help functions. -- More tests & docs. - -## 0.1.0 - 2013-07-22 -### Added -- Initial implementation. - -[Unreleased]: https://github.com/urfave/cli/compare/v1.22.1...HEAD -[1.22.1]: https://github.com/urfave/cli/compare/v1.22.0...v1.22.1 -[1.22.0]: https://github.com/urfave/cli/compare/v1.21.0...v1.22.0 -[1.21.0]: https://github.com/urfave/cli/compare/v1.20.0...v1.21.0 -[1.20.0]: https://github.com/urfave/cli/compare/v1.19.1...v1.20.0 -[1.19.1]: https://github.com/urfave/cli/compare/v1.19.0...v1.19.1 -[1.19.0]: https://github.com/urfave/cli/compare/v1.18.0...v1.19.0 -[1.18.0]: https://github.com/urfave/cli/compare/v1.17.0...v1.18.0 -[1.17.0]: https://github.com/urfave/cli/compare/v1.16.0...v1.17.0 -[1.16.0]: https://github.com/urfave/cli/compare/v1.15.0...v1.16.0 -[1.15.0]: https://github.com/urfave/cli/compare/v1.14.0...v1.15.0 -[1.14.0]: https://github.com/urfave/cli/compare/v1.13.0...v1.14.0 -[1.13.0]: https://github.com/urfave/cli/compare/v1.12.0...v1.13.0 -[1.12.0]: https://github.com/urfave/cli/compare/v1.11.1...v1.12.0 -[1.11.1]: https://github.com/urfave/cli/compare/v1.11.0...v1.11.1 -[1.11.0]: https://github.com/urfave/cli/compare/v1.10.2...v1.11.0 -[1.10.2]: https://github.com/urfave/cli/compare/v1.10.1...v1.10.2 -[1.10.1]: https://github.com/urfave/cli/compare/v1.10.0...v1.10.1 -[1.10.0]: https://github.com/urfave/cli/compare/v1.9.0...v1.10.0 -[1.9.0]: https://github.com/urfave/cli/compare/v1.8.0...v1.9.0 -[1.8.0]: https://github.com/urfave/cli/compare/v1.7.1...v1.8.0 -[1.7.1]: https://github.com/urfave/cli/compare/v1.7.0...v1.7.1 -[1.7.0]: https://github.com/urfave/cli/compare/v1.6.0...v1.7.0 -[1.6.0]: https://github.com/urfave/cli/compare/v1.5.0...v1.6.0 -[1.5.0]: https://github.com/urfave/cli/compare/v1.4.1...v1.5.0 -[1.4.1]: https://github.com/urfave/cli/compare/v1.4.0...v1.4.1 -[1.4.0]: https://github.com/urfave/cli/compare/v1.3.1...v1.4.0 -[1.3.1]: https://github.com/urfave/cli/compare/v1.3.0...v1.3.1 -[1.3.0]: https://github.com/urfave/cli/compare/v1.2.0...v1.3.0 -[1.2.0]: https://github.com/urfave/cli/compare/v1.1.0...v1.2.0 -[1.1.0]: https://github.com/urfave/cli/compare/v1.0.0...v1.1.0 -[1.0.0]: https://github.com/urfave/cli/compare/v0.1.0...v1.0.0 diff --git a/vendor/github.com/urfave/cli/CONTRIBUTING.md b/vendor/github.com/urfave/cli/CONTRIBUTING.md deleted file mode 100644 index 9a4640a3873..00000000000 --- a/vendor/github.com/urfave/cli/CONTRIBUTING.md +++ /dev/null @@ -1,18 +0,0 @@ -## Contributing - -Use @urfave/cli to ping the maintainers. - -Feel free to put up a pull request to fix a bug or maybe add a feature. We will -give it a code review and make sure that it does not break backwards -compatibility. If collaborators agree that it is in line with -the vision of the project, we will work with you to get the code into -a mergeable state and merge it into the master branch. - -If you have contributed something significant to the project, we will most -likely add you as a collaborator. As a collaborator you are given the ability -to merge others pull requests. It is very important that new code does not -break existing code, so be careful about what code you do choose to merge. - -If you feel like you have contributed to the project but have not yet been added -as a collaborator, we probably forgot to add you :sweat_smile:. Please open an -issue! diff --git a/vendor/github.com/urfave/cli/README.md b/vendor/github.com/urfave/cli/README.md index 96720b621bf..b2abbcf9db0 100644 --- a/vendor/github.com/urfave/cli/README.md +++ b/vendor/github.com/urfave/cli/README.md @@ -13,60 +13,19 @@ cli is a simple, fast, and fun package for building command line apps in Go. The goal is to enable developers to write fast and distributable command line applications in an expressive way. - +## Usage Documentation -- [Overview](#overview) -- [Installation](#installation) - * [Supported platforms](#supported-platforms) - * [Using the `v2` branch](#using-the-v2-branch) - * [Using `v1` releases](#using-v1-releases) -- [Getting Started](#getting-started) -- [Examples](#examples) - * [Arguments](#arguments) - * [Flags](#flags) - + [Placeholder Values](#placeholder-values) - + [Alternate Names](#alternate-names) - + [Ordering](#ordering) - + [Values from the Environment](#values-from-the-environment) - + [Values from files](#values-from-files) - + [Values from alternate input sources (YAML, TOML, and others)](#values-from-alternate-input-sources-yaml-toml-and-others) - + [Precedence](#precedence) - * [Subcommands](#subcommands) - * [Subcommands categories](#subcommands-categories) - * [Exit code](#exit-code) - * [Combining short options](#combining-short-options) - * [Bash Completion](#bash-completion) - + [Enabling](#enabling) - + [Distribution](#distribution) - + [Customization](#customization) - * [Generated Help Text](#generated-help-text) - + [Customization](#customization-1) - * [Version Flag](#version-flag) - + [Customization](#customization-2) - + [Full API Example](#full-api-example) -- [Contribution Guidelines](#contribution-guidelines) +Usage documentation exists for each major version - - -## Overview - -Command line apps are usually so tiny that there is absolutely no reason why -your code should *not* be self-documenting. Things like generating help text and -parsing command flags/options should not hinder productivity when writing a -command line app. - -**This is where cli comes into play.** cli makes command line programming fun, -organized, and expressive! +- `v1` - [./docs/v1/manual.md](./docs/v1/manual.md) +- `v2` - đŸ§ documentation for `v2` is WIP đŸ§ ## Installation Make sure you have a working Go environment. Go version 1.10+ is supported. [See the install instructions for Go](http://golang.org/doc/install.html). -To install cli, simply run: -``` -$ go get github.com/urfave/cli -``` +### GOPATH Make sure your `PATH` includes the `$GOPATH/bin` directory so your commands can be easily used: @@ -80,30 +39,6 @@ cli is tested against multiple versions of Go on Linux, and against the latest released version of Go on OS X and Windows. For full details, see [`./.travis.yml`](./.travis.yml) and [`./appveyor.yml`](./appveyor.yml). -### Using the `v2` branch - -**Warning**: The `v2` branch is currently unreleased and considered unstable. - -There is currently a long-lived branch named `v2` that is intended to land as -the new `master` branch once development there has settled down. The current -`master` branch (mirrored as `v1`) is being manually merged into `v2` on -an irregular human-based schedule, but generally if one wants to "upgrade" to -`v2` *now* and accept the volatility (read: "awesomeness") that comes along with -that, please use whatever version pinning of your preference, such as via -`gopkg.in`: - -``` -$ go get gopkg.in/urfave/cli.v2 -``` - -``` go -... -import ( - "gopkg.in/urfave/cli.v2" // imports as package "cli" -) -... -``` - ### Using `v1` releases ``` @@ -118,1454 +53,18 @@ import ( ... ``` +### Using `v2` releases -## Getting Started - -One of the philosophies behind cli is that an API should be playful and full of -discovery. So a cli app can be as little as one line of code in `main()`. - - -``` go -package main - -import ( - "log" - "os" - - "github.com/urfave/cli" -) - -func main() { - err := cli.NewApp().Run(os.Args) - if err != nil { - log.Fatal(err) - } -} -``` - -This app will run and show help text, but is not very useful. Let's give an -action to execute and some help documentation: - - -``` go -package main - -import ( - "fmt" - "log" - "os" - - "github.com/urfave/cli" -) - -func main() { - app := cli.NewApp() - app.Name = "boom" - app.Usage = "make an explosive entrance" - app.Action = func(c *cli.Context) error { - fmt.Println("boom! I say!") - return nil - } - - err := app.Run(os.Args) - if err != nil { - log.Fatal(err) - } -} -``` - -Running this already gives you a ton of functionality, plus support for things -like subcommands and flags, which are covered below. - -## Examples - -Being a programmer can be a lonely job. Thankfully by the power of automation -that is not the case! Let's create a greeter app to fend off our demons of -loneliness! - -Start by creating a directory named `greet`, and within it, add a file, -`greet.go` with the following code in it: - - -``` go -package main - -import ( - "fmt" - "log" - "os" - - "github.com/urfave/cli" -) - -func main() { - app := cli.NewApp() - app.Name = "greet" - app.Usage = "fight the loneliness!" - app.Action = func(c *cli.Context) error { - fmt.Println("Hello friend!") - return nil - } - - err := app.Run(os.Args) - if err != nil { - log.Fatal(err) - } -} -``` - -Install our command to the `$GOPATH/bin` directory: - -``` -$ go install -``` - -Finally run our new command: - -``` -$ greet -Hello friend! -``` - -cli also generates neat help text: - -``` -$ greet help -NAME: - greet - fight the loneliness! - -USAGE: - greet [global options] command [command options] [arguments...] - -VERSION: - 0.0.0 - -COMMANDS: - help, h Shows a list of commands or help for one command - -GLOBAL OPTIONS - --version Shows version information -``` - -### Arguments - -You can lookup arguments by calling the `Args` function on `cli.Context`, e.g.: - - -``` go -package main - -import ( - "fmt" - "log" - "os" - - "github.com/urfave/cli" -) - -func main() { - app := cli.NewApp() - - app.Action = func(c *cli.Context) error { - fmt.Printf("Hello %q", c.Args().Get(0)) - return nil - } +**Warning**: `v2` is in a pre-release state. - err := app.Run(os.Args) - if err != nil { - log.Fatal(err) - } -} ``` - -### Flags - -Setting and querying flags is simple. - - -``` go -package main - -import ( - "fmt" - "log" - "os" - - "github.com/urfave/cli" -) - -func main() { - app := cli.NewApp() - - app.Flags = []cli.Flag { - cli.StringFlag{ - Name: "lang", - Value: "english", - Usage: "language for the greeting", - }, - } - - app.Action = func(c *cli.Context) error { - name := "Nefertiti" - if c.NArg() > 0 { - name = c.Args().Get(0) - } - if c.String("lang") == "spanish" { - fmt.Println("Hola", name) - } else { - fmt.Println("Hello", name) - } - return nil - } - - err := app.Run(os.Args) - if err != nil { - log.Fatal(err) - } -} +$ go get github.com/urfave/cli.v2 ``` -You can also set a destination variable for a flag, to which the content will be -scanned. - - -``` go -package main - -import ( - "log" - "os" - "fmt" - - "github.com/urfave/cli" -) - -func main() { - var language string - - app := cli.NewApp() - - app.Flags = []cli.Flag { - cli.StringFlag{ - Name: "lang", - Value: "english", - Usage: "language for the greeting", - Destination: &language, - }, - } - - app.Action = func(c *cli.Context) error { - name := "someone" - if c.NArg() > 0 { - name = c.Args()[0] - } - if language == "spanish" { - fmt.Println("Hola", name) - } else { - fmt.Println("Hello", name) - } - return nil - } - - err := app.Run(os.Args) - if err != nil { - log.Fatal(err) - } -} -``` - -See full list of flags at http://godoc.org/github.com/urfave/cli - -#### Placeholder Values - -Sometimes it's useful to specify a flag's value within the usage string itself. -Such placeholders are indicated with back quotes. - -For example this: - - ```go -package main - -import ( - "log" - "os" - - "github.com/urfave/cli" -) - -func main() { - app := cli.NewApp() - - app.Flags = []cli.Flag{ - cli.StringFlag{ - Name: "config, c", - Usage: "Load configuration from `FILE`", - }, - } - - err := app.Run(os.Args) - if err != nil { - log.Fatal(err) - } -} -``` - -Will result in help output like: - -``` ---config FILE, -c FILE Load configuration from FILE -``` - -Note that only the first placeholder is used. Subsequent back-quoted words will -be left as-is. - -#### Alternate Names - -You can set alternate (or short) names for flags by providing a comma-delimited -list for the `Name`. e.g. - - -``` go -package main - -import ( - "log" - "os" - - "github.com/urfave/cli" -) - -func main() { - app := cli.NewApp() - - app.Flags = []cli.Flag { - cli.StringFlag{ - Name: "lang, l", - Value: "english", - Usage: "language for the greeting", - }, - } - - err := app.Run(os.Args) - if err != nil { - log.Fatal(err) - } -} -``` - -That flag can then be set with `--lang spanish` or `-l spanish`. Note that -giving two different forms of the same flag in the same command invocation is an -error. - -#### Ordering - -Flags for the application and commands are shown in the order they are defined. -However, it's possible to sort them from outside this library by using `FlagsByName` -or `CommandsByName` with `sort`. - -For example this: - - -``` go -package main - -import ( - "log" - "os" - "sort" - - "github.com/urfave/cli" -) - -func main() { - app := cli.NewApp() - - app.Flags = []cli.Flag { - cli.StringFlag{ - Name: "lang, l", - Value: "english", - Usage: "Language for the greeting", - }, - cli.StringFlag{ - Name: "config, c", - Usage: "Load configuration from `FILE`", - }, - } - - app.Commands = []cli.Command{ - { - Name: "complete", - Aliases: []string{"c"}, - Usage: "complete a task on the list", - Action: func(c *cli.Context) error { - return nil - }, - }, - { - Name: "add", - Aliases: []string{"a"}, - Usage: "add a task to the list", - Action: func(c *cli.Context) error { - return nil - }, - }, - } - - sort.Sort(cli.FlagsByName(app.Flags)) - sort.Sort(cli.CommandsByName(app.Commands)) - - err := app.Run(os.Args) - if err != nil { - log.Fatal(err) - } -} -``` - -Will result in help output like: - -``` ---config FILE, -c FILE Load configuration from FILE ---lang value, -l value Language for the greeting (default: "english") -``` - -#### Values from the Environment - -You can also have the default value set from the environment via `EnvVar`. e.g. - - -``` go -package main - -import ( - "log" - "os" - - "github.com/urfave/cli" -) - -func main() { - app := cli.NewApp() - - app.Flags = []cli.Flag { - cli.StringFlag{ - Name: "lang, l", - Value: "english", - Usage: "language for the greeting", - EnvVar: "APP_LANG", - }, - } - - err := app.Run(os.Args) - if err != nil { - log.Fatal(err) - } -} -``` - -The `EnvVar` may also be given as a comma-delimited "cascade", where the first -environment variable that resolves is used as the default. - - -``` go -package main - -import ( - "log" - "os" - - "github.com/urfave/cli" -) - -func main() { - app := cli.NewApp() - - app.Flags = []cli.Flag { - cli.StringFlag{ - Name: "lang, l", - Value: "english", - Usage: "language for the greeting", - EnvVar: "LEGACY_COMPAT_LANG,APP_LANG,LANG", - }, - } - - err := app.Run(os.Args) - if err != nil { - log.Fatal(err) - } -} -``` - -#### Values from files - -You can also have the default value set from file via `FilePath`. e.g. - - -``` go -package main - -import ( - "log" - "os" - - "github.com/urfave/cli" -) - -func main() { - app := cli.NewApp() - - app.Flags = []cli.Flag { - cli.StringFlag{ - Name: "password, p", - Usage: "password for the mysql database", - FilePath: "/etc/mysql/password", - }, - } - - err := app.Run(os.Args) - if err != nil { - log.Fatal(err) - } -} -``` - -Note that default values set from file (e.g. `FilePath`) take precedence over -default values set from the environment (e.g. `EnvVar`). - -#### Values from alternate input sources (YAML, TOML, and others) - -There is a separate package altsrc that adds support for getting flag values -from other file input sources. - -Currently supported input source formats: -* YAML -* JSON -* TOML - -In order to get values for a flag from an alternate input source the following -code would be added to wrap an existing cli.Flag like below: - -``` go - altsrc.NewIntFlag(cli.IntFlag{Name: "test"}) -``` - -Initialization must also occur for these flags. Below is an example initializing -getting data from a yaml file below. - -``` go - command.Before = altsrc.InitInputSourceWithContext(command.Flags, NewYamlSourceFromFlagFunc("load")) -``` - -The code above will use the "load" string as a flag name to get the file name of -a yaml file from the cli.Context. It will then use that file name to initialize -the yaml input source for any flags that are defined on that command. As a note -the "load" flag used would also have to be defined on the command flags in order -for this code snipped to work. - -Currently only YAML, JSON, and TOML files are supported but developers can add support -for other input sources by implementing the altsrc.InputSourceContext for their -given sources. - -Here is a more complete sample of a command using YAML support: - - -``` go -package notmain - -import ( - "fmt" - "log" - "os" - - "github.com/urfave/cli" - "github.com/urfave/cli/altsrc" -) - -func main() { - app := cli.NewApp() - - flags := []cli.Flag{ - altsrc.NewIntFlag(cli.IntFlag{Name: "test"}), - cli.StringFlag{Name: "load"}, - } - - app.Action = func(c *cli.Context) error { - fmt.Println("yaml ist rad") - return nil - } - - app.Before = altsrc.InitInputSourceWithContext(flags, altsrc.NewYamlSourceFromFlagFunc("load")) - app.Flags = flags - - err := app.Run(os.Args) - if err != nil { - log.Fatal(err) - } -} -``` - -#### Precedence - -The precedence for flag value sources is as follows (highest to lowest): - -0. Command line flag value from user -0. Environment variable (if specified) -0. Configuration file (if specified) -0. Default defined on the flag - -### Subcommands - -Subcommands can be defined for a more git-like command line app. - - -```go -package main - -import ( - "fmt" - "log" - "os" - - "github.com/urfave/cli" -) - -func main() { - app := cli.NewApp() - - app.Commands = []cli.Command{ - { - Name: "add", - Aliases: []string{"a"}, - Usage: "add a task to the list", - Action: func(c *cli.Context) error { - fmt.Println("added task: ", c.Args().First()) - return nil - }, - }, - { - Name: "complete", - Aliases: []string{"c"}, - Usage: "complete a task on the list", - Action: func(c *cli.Context) error { - fmt.Println("completed task: ", c.Args().First()) - return nil - }, - }, - { - Name: "template", - Aliases: []string{"t"}, - Usage: "options for task templates", - Subcommands: []cli.Command{ - { - Name: "add", - Usage: "add a new template", - Action: func(c *cli.Context) error { - fmt.Println("new task template: ", c.Args().First()) - return nil - }, - }, - { - Name: "remove", - Usage: "remove an existing template", - Action: func(c *cli.Context) error { - fmt.Println("removed task template: ", c.Args().First()) - return nil - }, - }, - }, - }, - } - - err := app.Run(os.Args) - if err != nil { - log.Fatal(err) - } -} -``` - -### Subcommands categories - -For additional organization in apps that have many subcommands, you can -associate a category for each command to group them together in the help -output. - -E.g. - -```go -package main - -import ( - "log" - "os" - - "github.com/urfave/cli" -) - -func main() { - app := cli.NewApp() - - app.Commands = []cli.Command{ - { - Name: "noop", - }, - { - Name: "add", - Category: "Template actions", - }, - { - Name: "remove", - Category: "Template actions", - }, - } - - err := app.Run(os.Args) - if err != nil { - log.Fatal(err) - } -} -``` - -Will include: - -``` -COMMANDS: - noop - - Template actions: - add - remove -``` - -### Exit code - -Calling `App.Run` will not automatically call `os.Exit`, which means that by -default the exit code will "fall through" to being `0`. An explicit exit code -may be set by returning a non-nil error that fulfills `cli.ExitCoder`, *or* a -`cli.MultiError` that includes an error that fulfills `cli.ExitCoder`, e.g.: - -``` go -package main - -import ( - "log" - "os" - - "github.com/urfave/cli" -) - -func main() { - app := cli.NewApp() - app.Flags = []cli.Flag{ - cli.BoolFlag{ - Name: "ginger-crouton", - Usage: "Add ginger croutons to the soup", - }, - } - app.Action = func(ctx *cli.Context) error { - if !ctx.Bool("ginger-crouton") { - return cli.NewExitError("Ginger croutons are not in the soup", 86) - } - return nil - } - - err := app.Run(os.Args) - if err != nil { - log.Fatal(err) - } -} -``` - -### Combining short options - -Traditional use of options using their shortnames look like this: - -``` -$ cmd -s -o -m "Some message" -``` - -Suppose you want users to be able to combine options with their shortnames. This -can be done using the `UseShortOptionHandling` bool in your app configuration, -or for individual commands by attaching it to the command configuration. For -example: - - -``` go -package main - -import ( - "fmt" - "log" - "os" - - "github.com/urfave/cli" -) - -func main() { - app := cli.NewApp() - app.UseShortOptionHandling = true - app.Commands = []cli.Command{ - { - Name: "short", - Usage: "complete a task on the list", - Flags: []cli.Flag{ - cli.BoolFlag{Name: "serve, s"}, - cli.BoolFlag{Name: "option, o"}, - cli.StringFlag{Name: "message, m"}, - }, - Action: func(c *cli.Context) error { - fmt.Println("serve:", c.Bool("serve")) - fmt.Println("option:", c.Bool("option")) - fmt.Println("message:", c.String("message")) - return nil - }, - }, - } - - err := app.Run(os.Args) - if err != nil { - log.Fatal(err) - } -} -``` - -If your program has any number of bool flags such as `serve` and `option`, and -optionally one non-bool flag `message`, with the short options of `-s`, `-o`, -and `-m` respectively, setting `UseShortOptionHandling` will also support the -following syntax: - -``` -$ cmd -som "Some message" -``` - -If you enable `UseShortOptionHandling`, then you must not use any flags that -have a single leading `-` or this will result in failures. For example, -`-option` can no longer be used. Flags with two leading dashes (such as -`--options`) are still valid. - -### Bash Completion - -You can enable completion commands by setting the `EnableBashCompletion` -flag on the `App` object. By default, this setting will only auto-complete to -show an app's subcommands, but you can write your own completion methods for -the App or its subcommands. - - -``` go -package main - -import ( - "fmt" - "log" - "os" - - "github.com/urfave/cli" -) - -func main() { - tasks := []string{"cook", "clean", "laundry", "eat", "sleep", "code"} - - app := cli.NewApp() - app.EnableBashCompletion = true - app.Commands = []cli.Command{ - { - Name: "complete", - Aliases: []string{"c"}, - Usage: "complete a task on the list", - Action: func(c *cli.Context) error { - fmt.Println("completed task: ", c.Args().First()) - return nil - }, - BashComplete: func(c *cli.Context) { - // This will complete if no args are passed - if c.NArg() > 0 { - return - } - for _, t := range tasks { - fmt.Println(t) - } - }, - }, - } - - err := app.Run(os.Args) - if err != nil { - log.Fatal(err) - } -} -``` - -#### Enabling - -Source the `autocomplete/bash_autocomplete` file in your `.bashrc` file while -setting the `PROG` variable to the name of your program: - -`PROG=myprogram source /.../cli/autocomplete/bash_autocomplete` - -#### Distribution - -Copy `autocomplete/bash_autocomplete` into `/etc/bash_completion.d/` and rename -it to the name of the program you wish to add autocomplete support for (or -automatically install it there if you are distributing a package). Don't forget -to source the file to make it active in the current shell. - -``` -sudo cp src/bash_autocomplete /etc/bash_completion.d/ -source /etc/bash_completion.d/ -``` - -Alternatively, you can just document that users should source the generic -`autocomplete/bash_autocomplete` in their bash configuration with `$PROG` set -to the name of their program (as above). - -#### Customization - -The default bash completion flag (`--generate-bash-completion`) is defined as -`cli.BashCompletionFlag`, and may be redefined if desired, e.g.: - - -``` go -package main - -import ( - "log" - "os" - - "github.com/urfave/cli" -) - -func main() { - cli.BashCompletionFlag = cli.BoolFlag{ - Name: "compgen", - Hidden: true, - } - - app := cli.NewApp() - app.EnableBashCompletion = true - app.Commands = []cli.Command{ - { - Name: "wat", - }, - } - err := app.Run(os.Args) - if err != nil { - log.Fatal(err) - } -} -``` - -### Generated Help Text - -The default help flag (`-h/--help`) is defined as `cli.HelpFlag` and is checked -by the cli internals in order to print generated help text for the app, command, -or subcommand, and break execution. - -#### Customization - -All of the help text generation may be customized, and at multiple levels. The -templates are exposed as variables `AppHelpTemplate`, `CommandHelpTemplate`, and -`SubcommandHelpTemplate` which may be reassigned or augmented, and full override -is possible by assigning a compatible func to the `cli.HelpPrinter` variable, -e.g.: - - -``` go -package main - -import ( - "fmt" - "log" - "io" - "os" - - "github.com/urfave/cli" -) - -func main() { - // EXAMPLE: Append to an existing template - cli.AppHelpTemplate = fmt.Sprintf(`%s - -WEBSITE: http://awesometown.example.com - -SUPPORT: support@awesometown.example.com - -`, cli.AppHelpTemplate) - - // EXAMPLE: Override a template - cli.AppHelpTemplate = `NAME: - {{.Name}} - {{.Usage}} -USAGE: - {{.HelpName}} {{if .VisibleFlags}}[global options]{{end}}{{if .Commands}} command [command options]{{end}} {{if .ArgsUsage}}{{.ArgsUsage}}{{else}}[arguments...]{{end}} - {{if len .Authors}} -AUTHOR: - {{range .Authors}}{{ . }}{{end}} - {{end}}{{if .Commands}} -COMMANDS: -{{range .Commands}}{{if not .HideHelp}} {{join .Names ", "}}{{ "\t"}}{{.Usage}}{{ "\n" }}{{end}}{{end}}{{end}}{{if .VisibleFlags}} -GLOBAL OPTIONS: - {{range .VisibleFlags}}{{.}} - {{end}}{{end}}{{if .Copyright }} -COPYRIGHT: - {{.Copyright}} - {{end}}{{if .Version}} -VERSION: - {{.Version}} - {{end}} -` - - // EXAMPLE: Replace the `HelpPrinter` func - cli.HelpPrinter = func(w io.Writer, templ string, data interface{}) { - fmt.Println("Ha HA. I pwnd the help!!1") - } - - err := cli.NewApp().Run(os.Args) - if err != nil { - log.Fatal(err) - } -} -``` - -The default flag may be customized to something other than `-h/--help` by -setting `cli.HelpFlag`, e.g.: - - -``` go -package main - -import ( - "log" - "os" - - "github.com/urfave/cli" -) - -func main() { - cli.HelpFlag = cli.BoolFlag{ - Name: "halp, haaaaalp", - Usage: "HALP", - EnvVar: "SHOW_HALP,HALPPLZ", - } - - err := cli.NewApp().Run(os.Args) - if err != nil { - log.Fatal(err) - } -} -``` - -### Version Flag - -The default version flag (`-v/--version`) is defined as `cli.VersionFlag`, which -is checked by the cli internals in order to print the `App.Version` via -`cli.VersionPrinter` and break execution. - -#### Customization - -The default flag may be customized to something other than `-v/--version` by -setting `cli.VersionFlag`, e.g.: - - -``` go -package main - -import ( - "log" - "os" - - "github.com/urfave/cli" -) - -func main() { - cli.VersionFlag = cli.BoolFlag{ - Name: "print-version, V", - Usage: "print only the version", - } - - app := cli.NewApp() - app.Name = "partay" - app.Version = "19.99.0" - err := app.Run(os.Args) - if err != nil { - log.Fatal(err) - } -} -``` - -Alternatively, the version printer at `cli.VersionPrinter` may be overridden, e.g.: - - -``` go -package main - -import ( - "fmt" - "log" - "os" - - "github.com/urfave/cli" -) - -var ( - Revision = "fafafaf" -) - -func main() { - cli.VersionPrinter = func(c *cli.Context) { - fmt.Printf("version=%s revision=%s\n", c.App.Version, Revision) - } - - app := cli.NewApp() - app.Name = "partay" - app.Version = "19.99.0" - err := app.Run(os.Args) - if err != nil { - log.Fatal(err) - } -} -``` - -#### Full API Example - -**Notice**: This is a contrived (functioning) example meant strictly for API -demonstration purposes. Use of one's imagination is encouraged. - - -``` go -package main - +... import ( - "errors" - "flag" - "fmt" - "io" - "io/ioutil" - "os" - "time" - - "github.com/urfave/cli" + "github.com/urfave/cli.v2" // imports as package "cli" ) - -func init() { - cli.AppHelpTemplate += "\nCUSTOMIZED: you bet ur muffins\n" - cli.CommandHelpTemplate += "\nYMMV\n" - cli.SubcommandHelpTemplate += "\nor something\n" - - cli.HelpFlag = cli.BoolFlag{Name: "halp"} - cli.BashCompletionFlag = cli.BoolFlag{Name: "compgen", Hidden: true} - cli.VersionFlag = cli.BoolFlag{Name: "print-version, V"} - - cli.HelpPrinter = func(w io.Writer, templ string, data interface{}) { - fmt.Fprintf(w, "best of luck to you\n") - } - cli.VersionPrinter = func(c *cli.Context) { - fmt.Fprintf(c.App.Writer, "version=%s\n", c.App.Version) - } - cli.OsExiter = func(c int) { - fmt.Fprintf(cli.ErrWriter, "refusing to exit %d\n", c) - } - cli.ErrWriter = ioutil.Discard - cli.FlagStringer = func(fl cli.Flag) string { - return fmt.Sprintf("\t\t%s", fl.GetName()) - } -} - -type hexWriter struct{} - -func (w *hexWriter) Write(p []byte) (int, error) { - for _, b := range p { - fmt.Printf("%x", b) - } - fmt.Printf("\n") - - return len(p), nil -} - -type genericType struct{ - s string -} - -func (g *genericType) Set(value string) error { - g.s = value - return nil -} - -func (g *genericType) String() string { - return g.s -} - -func main() { - app := cli.NewApp() - app.Name = "kÉ™nˈtrÄ«v" - app.Version = "19.99.0" - app.Compiled = time.Now() - app.Authors = []cli.Author{ - cli.Author{ - Name: "Example Human", - Email: "human@example.com", - }, - } - app.Copyright = "(c) 1999 Serious Enterprise" - app.HelpName = "contrive" - app.Usage = "demonstrate available API" - app.UsageText = "contrive - demonstrating the available API" - app.ArgsUsage = "[args and such]" - app.Commands = []cli.Command{ - cli.Command{ - Name: "doo", - Aliases: []string{"do"}, - Category: "motion", - Usage: "do the doo", - UsageText: "doo - does the dooing", - Description: "no really, there is a lot of dooing to be done", - ArgsUsage: "[arrgh]", - Flags: []cli.Flag{ - cli.BoolFlag{Name: "forever, forevvarr"}, - }, - Subcommands: cli.Commands{ - cli.Command{ - Name: "wop", - Action: wopAction, - }, - }, - SkipFlagParsing: false, - HideHelp: false, - Hidden: false, - HelpName: "doo!", - BashComplete: func(c *cli.Context) { - fmt.Fprintf(c.App.Writer, "--better\n") - }, - Before: func(c *cli.Context) error { - fmt.Fprintf(c.App.Writer, "brace for impact\n") - return nil - }, - After: func(c *cli.Context) error { - fmt.Fprintf(c.App.Writer, "did we lose anyone?\n") - return nil - }, - Action: func(c *cli.Context) error { - c.Command.FullName() - c.Command.HasName("wop") - c.Command.Names() - c.Command.VisibleFlags() - fmt.Fprintf(c.App.Writer, "dodododododoodododddooooododododooo\n") - if c.Bool("forever") { - c.Command.Run(c) - } - return nil - }, - OnUsageError: func(c *cli.Context, err error, isSubcommand bool) error { - fmt.Fprintf(c.App.Writer, "for shame\n") - return err - }, - }, - } - app.Flags = []cli.Flag{ - cli.BoolFlag{Name: "fancy"}, - cli.BoolTFlag{Name: "fancier"}, - cli.DurationFlag{Name: "howlong, H", Value: time.Second * 3}, - cli.Float64Flag{Name: "howmuch"}, - cli.GenericFlag{Name: "wat", Value: &genericType{}}, - cli.Int64Flag{Name: "longdistance"}, - cli.Int64SliceFlag{Name: "intervals"}, - cli.IntFlag{Name: "distance"}, - cli.IntSliceFlag{Name: "times"}, - cli.StringFlag{Name: "dance-move, d"}, - cli.StringSliceFlag{Name: "names, N"}, - cli.UintFlag{Name: "age"}, - cli.Uint64Flag{Name: "bigage"}, - } - app.EnableBashCompletion = true - app.UseShortOptionHandling = true - app.HideHelp = false - app.HideVersion = false - app.BashComplete = func(c *cli.Context) { - fmt.Fprintf(c.App.Writer, "lipstick\nkiss\nme\nlipstick\nringo\n") - } - app.Before = func(c *cli.Context) error { - fmt.Fprintf(c.App.Writer, "HEEEERE GOES\n") - return nil - } - app.After = func(c *cli.Context) error { - fmt.Fprintf(c.App.Writer, "Phew!\n") - return nil - } - app.CommandNotFound = func(c *cli.Context, command string) { - fmt.Fprintf(c.App.Writer, "Thar be no %q here.\n", command) - } - app.OnUsageError = func(c *cli.Context, err error, isSubcommand bool) error { - if isSubcommand { - return err - } - - fmt.Fprintf(c.App.Writer, "WRONG: %#v\n", err) - return nil - } - app.Action = func(c *cli.Context) error { - cli.DefaultAppComplete(c) - cli.HandleExitCoder(errors.New("not an exit coder, though")) - cli.ShowAppHelp(c) - cli.ShowCommandCompletions(c, "nope") - cli.ShowCommandHelp(c, "also-nope") - cli.ShowCompletions(c) - cli.ShowSubcommandHelp(c) - cli.ShowVersion(c) - - categories := c.App.Categories() - categories.AddCommand("sounds", cli.Command{ - Name: "bloop", - }) - - for _, category := range c.App.Categories() { - fmt.Fprintf(c.App.Writer, "%s\n", category.Name) - fmt.Fprintf(c.App.Writer, "%#v\n", category.Commands) - fmt.Fprintf(c.App.Writer, "%#v\n", category.VisibleCommands()) - } - - fmt.Printf("%#v\n", c.App.Command("doo")) - if c.Bool("infinite") { - c.App.Run([]string{"app", "doo", "wop"}) - } - - if c.Bool("forevar") { - c.App.RunAsSubcommand(c) - } - c.App.Setup() - fmt.Printf("%#v\n", c.App.VisibleCategories()) - fmt.Printf("%#v\n", c.App.VisibleCommands()) - fmt.Printf("%#v\n", c.App.VisibleFlags()) - - fmt.Printf("%#v\n", c.Args().First()) - if len(c.Args()) > 0 { - fmt.Printf("%#v\n", c.Args()[1]) - } - fmt.Printf("%#v\n", c.Args().Present()) - fmt.Printf("%#v\n", c.Args().Tail()) - - set := flag.NewFlagSet("contrive", 0) - nc := cli.NewContext(c.App, set, c) - - fmt.Printf("%#v\n", nc.Args()) - fmt.Printf("%#v\n", nc.Bool("nope")) - fmt.Printf("%#v\n", nc.BoolT("nerp")) - fmt.Printf("%#v\n", nc.Duration("howlong")) - fmt.Printf("%#v\n", nc.Float64("hay")) - fmt.Printf("%#v\n", nc.Generic("bloop")) - fmt.Printf("%#v\n", nc.Int64("bonk")) - fmt.Printf("%#v\n", nc.Int64Slice("burnks")) - fmt.Printf("%#v\n", nc.Int("bips")) - fmt.Printf("%#v\n", nc.IntSlice("blups")) - fmt.Printf("%#v\n", nc.String("snurt")) - fmt.Printf("%#v\n", nc.StringSlice("snurkles")) - fmt.Printf("%#v\n", nc.Uint("flub")) - fmt.Printf("%#v\n", nc.Uint64("florb")) - fmt.Printf("%#v\n", nc.GlobalBool("global-nope")) - fmt.Printf("%#v\n", nc.GlobalBoolT("global-nerp")) - fmt.Printf("%#v\n", nc.GlobalDuration("global-howlong")) - fmt.Printf("%#v\n", nc.GlobalFloat64("global-hay")) - fmt.Printf("%#v\n", nc.GlobalGeneric("global-bloop")) - fmt.Printf("%#v\n", nc.GlobalInt("global-bips")) - fmt.Printf("%#v\n", nc.GlobalIntSlice("global-blups")) - fmt.Printf("%#v\n", nc.GlobalString("global-snurt")) - fmt.Printf("%#v\n", nc.GlobalStringSlice("global-snurkles")) - - fmt.Printf("%#v\n", nc.FlagNames()) - fmt.Printf("%#v\n", nc.GlobalFlagNames()) - fmt.Printf("%#v\n", nc.GlobalIsSet("wat")) - fmt.Printf("%#v\n", nc.GlobalSet("wat", "nope")) - fmt.Printf("%#v\n", nc.NArg()) - fmt.Printf("%#v\n", nc.NumFlags()) - fmt.Printf("%#v\n", nc.Parent()) - - nc.Set("wat", "also-nope") - - ec := cli.NewExitError("ohwell", 86) - fmt.Fprintf(c.App.Writer, "%d", ec.ExitCode()) - fmt.Printf("made it!\n") - return nil - } - - if os.Getenv("HEXY") != "" { - app.Writer = &hexWriter{} - app.ErrWriter = &hexWriter{} - } - - app.Metadata = map[string]interface{}{ - "layers": "many", - "explicable": false, - "whatever-values": 19.99, - } - - - // ignore error so we don't exit non-zero and break gfmrun README example tests - _ = app.Run(os.Args) -} - -func wopAction(c *cli.Context) error { - fmt.Fprintf(c.App.Writer, ":wave: over here, eh\n") - return nil -} +... ``` - -## Contribution Guidelines - -See [./CONTRIBUTING.md](./CONTRIBUTING.md) diff --git a/vendor/github.com/urfave/cli/app.go b/vendor/github.com/urfave/cli/app.go index 76e869d37aa..382f238f495 100644 --- a/vendor/github.com/urfave/cli/app.go +++ b/vendor/github.com/urfave/cli/app.go @@ -121,7 +121,6 @@ func NewApp() *App { HelpName: filepath.Base(os.Args[0]), Usage: "A new cli application", UsageText: "", - Version: "0.0.0", BashComplete: DefaultAppComplete, Action: helpCommand.Action, Compiled: compileTime(), @@ -159,6 +158,10 @@ func (a *App) Setup() { } } + if a.Version == "" { + a.HideVersion = true + } + if !a.HideVersion { a.appendFlag(VersionFlag) } @@ -199,12 +202,12 @@ func (a *App) Run(arguments []string) (err error) { // always appends the completion flag at the end of the command shellComplete, arguments := checkShellCompleteFlag(a, arguments) - _, err = a.newFlagSet() + set, err := a.newFlagSet() if err != nil { return err } - set, err := parseIter(a, arguments[1:]) + err = parseIter(set, a, arguments[1:], shellComplete) nerr := normalizeFlags(a.Flags, set) context := NewContext(a, set, nil) if nerr != nil { @@ -260,8 +263,6 @@ func (a *App) Run(arguments []string) (err error) { if a.Before != nil { beforeErr := a.Before(context) if beforeErr != nil { - _, _ = fmt.Fprintf(a.Writer, "%v\n\n", beforeErr) - _ = ShowAppHelp(context) a.handleExitCoder(context, beforeErr) err = beforeErr return err @@ -322,12 +323,12 @@ func (a *App) RunAsSubcommand(ctx *Context) (err error) { } a.Commands = newCmds - _, err = a.newFlagSet() + set, err := a.newFlagSet() if err != nil { return err } - set, err := parseIter(a, ctx.Args().Tail()) + err = parseIter(set, a, ctx.Args().Tail(), ctx.shellComplete) nerr := normalizeFlags(a.Flags, set) context := NewContext(a, set, ctx) diff --git a/vendor/github.com/urfave/cli/appveyor.yml b/vendor/github.com/urfave/cli/appveyor.yml index 6d2dcee292c..8ef2fea1a61 100644 --- a/vendor/github.com/urfave/cli/appveyor.yml +++ b/vendor/github.com/urfave/cli/appveyor.yml @@ -6,18 +6,23 @@ image: Visual Studio 2017 clone_folder: c:\gopath\src\github.com\urfave\cli +cache: + - node_modules + environment: GOPATH: C:\gopath GOVERSION: 1.11.x + GO111MODULE: on + GOPROXY: https://proxy.golang.org install: - set PATH=%GOPATH%\bin;C:\go\bin;%PATH% - go version - go env - - go get github.com/urfave/gfmrun/... - - go get -v -t ./... + - go get github.com/urfave/gfmrun/cmd/gfmrun + - go mod vendor build_script: - go run build.go vet - go run build.go test - - go run build.go gfmrun + - go run build.go gfmrun docs/v1/manual.md diff --git a/vendor/github.com/urfave/cli/command.go b/vendor/github.com/urfave/cli/command.go index 44a90de6b73..09fda1642fe 100644 --- a/vendor/github.com/urfave/cli/command.go +++ b/vendor/github.com/urfave/cli/command.go @@ -114,7 +114,7 @@ func (c Command) Run(ctx *Context) (err error) { c.UseShortOptionHandling = true } - set, err := c.parseFlags(ctx.Args().Tail()) + set, err := c.parseFlags(ctx.Args().Tail(), ctx.shellComplete) context := NewContext(ctx.App, set, ctx) context.Command = c @@ -161,7 +161,6 @@ func (c Command) Run(ctx *Context) (err error) { if c.Before != nil { err = c.Before(context) if err != nil { - _ = ShowCommandHelp(context, c.Name) context.App.handleExitCoder(context, err) return err } @@ -179,7 +178,7 @@ func (c Command) Run(ctx *Context) (err error) { return err } -func (c *Command) parseFlags(args Args) (*flag.FlagSet, error) { +func (c *Command) parseFlags(args Args, shellComplete bool) (*flag.FlagSet, error) { if c.SkipFlagParsing { set, err := c.newFlagSet() if err != nil { @@ -190,10 +189,15 @@ func (c *Command) parseFlags(args Args) (*flag.FlagSet, error) { } if !c.SkipArgReorder { - args = reorderArgs(args) + args = reorderArgs(c.Flags, args) } - set, err := parseIter(c, args) + set, err := c.newFlagSet() + if err != nil { + return nil, err + } + + err = parseIter(set, c, args, shellComplete) if err != nil { return nil, err } @@ -214,34 +218,79 @@ func (c *Command) useShortOptionHandling() bool { return c.UseShortOptionHandling } -// reorderArgs moves all flags before arguments as this is what flag expects -func reorderArgs(args []string) []string { - var nonflags, flags []string +// reorderArgs moves all flags (via reorderedArgs) before the rest of +// the arguments (remainingArgs) as this is what flag expects. +func reorderArgs(commandFlags []Flag, args []string) []string { + var remainingArgs, reorderedArgs []string - readFlagValue := false + nextIndexMayContainValue := false for i, arg := range args { - if arg == "--" { - nonflags = append(nonflags, args[i:]...) - break - } - if readFlagValue && !strings.HasPrefix(arg, "-") && !strings.HasPrefix(arg, "--") { - readFlagValue = false - flags = append(flags, arg) - continue + // if we're expecting an option-value, check if this arg is a value, in + // which case it should be re-ordered next to its associated flag + if nextIndexMayContainValue && !argIsFlag(commandFlags, arg) { + nextIndexMayContainValue = false + reorderedArgs = append(reorderedArgs, arg) + } else if arg == "--" { + // don't reorder any args after the -- delimiter As described in the POSIX spec: + // https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap12.html#tag_12_02 + // > Guideline 10: + // > The first -- argument that is not an option-argument should be accepted + // > as a delimiter indicating the end of options. Any following arguments + // > should be treated as operands, even if they begin with the '-' character. + + // make sure the "--" delimiter itself is at the start + remainingArgs = append([]string{"--"}, remainingArgs...) + remainingArgs = append(remainingArgs, args[i+1:]...) + break + // checks if this is an arg that should be re-ordered + } else if argIsFlag(commandFlags, arg) { + // we have determined that this is a flag that we should re-order + reorderedArgs = append(reorderedArgs, arg) + // if this arg does not contain a "=", then the next index may contain the value for this flag + nextIndexMayContainValue = !strings.Contains(arg, "=") + + // simply append any remaining args + } else { + remainingArgs = append(remainingArgs, arg) } - readFlagValue = false + } - if arg != "-" && strings.HasPrefix(arg, "-") { - flags = append(flags, arg) + return append(reorderedArgs, remainingArgs...) +} - readFlagValue = !strings.Contains(arg, "=") - } else { - nonflags = append(nonflags, arg) +// argIsFlag checks if an arg is one of our command flags +func argIsFlag(commandFlags []Flag, arg string) bool { + if arg == "-" || arg == "--"{ + // `-` is never a flag + // `--` is an option-value when following a flag, and a delimiter indicating the end of options in other cases. + return false + } + // flags always start with a - + if !strings.HasPrefix(arg, "-") { + return false + } + // this line turns `--flag` into `flag` + if strings.HasPrefix(arg, "--") { + arg = strings.Replace(arg, "-", "", 2) + } + // this line turns `-flag` into `flag` + if strings.HasPrefix(arg, "-") { + arg = strings.Replace(arg, "-", "", 1) + } + // this line turns `flag=value` into `flag` + arg = strings.Split(arg, "=")[0] + // look through all the flags, to see if the `arg` is one of our flags + for _, flag := range commandFlags { + for _, key := range strings.Split(flag.GetName(), ",") { + key := strings.TrimSpace(key) + if key == arg { + return true + } } } - - return append(flags, nonflags...) + // return false if this arg was not one of our flags + return false } // Names returns the names including short names and aliases. diff --git a/vendor/github.com/urfave/cli/context.go b/vendor/github.com/urfave/cli/context.go index ecfc0328215..3adf37e7b29 100644 --- a/vendor/github.com/urfave/cli/context.go +++ b/vendor/github.com/urfave/cli/context.go @@ -87,6 +87,14 @@ func (c *Context) IsSet(name string) bool { for _, f := range flags { eachName(f.GetName(), func(name string) { if isSet, ok := c.setFlags[name]; isSet || !ok { + // Check if a flag is set + if isSet { + // If the flag is set, also set its other aliases + eachName(f.GetName(), func(name string) { + c.setFlags[name] = true + }) + } + return } @@ -316,11 +324,12 @@ func checkRequiredFlags(flags []Flag, context *Context) requiredFlagsErr { var flagPresent bool var flagName string for _, key := range strings.Split(f.GetName(), ",") { + key = strings.TrimSpace(key) if len(key) > 1 { flagName = key } - if context.IsSet(strings.TrimSpace(key)) { + if context.IsSet(key) { flagPresent = true } } diff --git a/vendor/github.com/urfave/cli/flag.go b/vendor/github.com/urfave/cli/flag.go index 3c052707781..1cfa1cdb216 100644 --- a/vendor/github.com/urfave/cli/flag.go +++ b/vendor/github.com/urfave/cli/flag.go @@ -86,7 +86,7 @@ type RequiredFlag interface { type DocGenerationFlag interface { Flag - // TakesValue returns true of the flag takes a value, otherwise false + // TakesValue returns true if the flag takes a value, otherwise false TakesValue() bool // GetUsage returns the usage string for the flag diff --git a/vendor/github.com/urfave/cli/flag_int64_slice.go b/vendor/github.com/urfave/cli/flag_int64_slice.go index ed2e983b62e..80772e7c2a8 100644 --- a/vendor/github.com/urfave/cli/flag_int64_slice.go +++ b/vendor/github.com/urfave/cli/flag_int64_slice.go @@ -22,7 +22,12 @@ func (f *Int64Slice) Set(value string) error { // String returns a readable representation of this value (for usage defaults) func (f *Int64Slice) String() string { - return fmt.Sprintf("%#v", *f) + slice := make([]string, len(*f)) + for i, v := range *f { + slice[i] = strconv.FormatInt(v, 10) + } + + return strings.Join(slice, ",") } // Value returns the slice of ints set by this flag @@ -110,6 +115,7 @@ func (f Int64SliceFlag) ApplyWithError(set *flag.FlagSet) error { } set.Var(f.Value, name, f.Usage) }) + return nil } @@ -131,11 +137,63 @@ func (c *Context) GlobalInt64Slice(name string) []int64 { func lookupInt64Slice(name string, set *flag.FlagSet) []int64 { f := set.Lookup(name) if f != nil { - parsed, err := (f.Value.(*Int64Slice)).Value(), error(nil) - if err != nil { + value, ok := f.Value.(*Int64Slice) + if !ok { return nil } + + // extract the slice from asserted value + parsed := value.Value() + + // extract default value from the flag + var defaultVal []int64 + for _, v := range strings.Split(f.DefValue, ",") { + if v != "" { + int64Value, err := strconv.ParseInt(v, 10, 64) + if err != nil { + panic(err) + } + defaultVal = append(defaultVal, int64Value) + } + } + // if the current value is not equal to the default value + // remove the default values from the flag + if !isInt64SliceEqual(parsed, defaultVal) { + for _, v := range defaultVal { + parsed = removeFromInt64Slice(parsed, v) + } + } return parsed } return nil } + +func removeFromInt64Slice(slice []int64, val int64) []int64 { + for i, v := range slice { + if v == val { + ret := append([]int64{}, slice[:i]...) + ret = append(ret, slice[i+1:]...) + return ret + } + } + return slice +} + +func isInt64SliceEqual(newValue, defaultValue []int64) bool { + // If one is nil, the other must also be nil. + if (newValue == nil) != (defaultValue == nil) { + return false + } + + if len(newValue) != len(defaultValue) { + return false + } + + for i, v := range newValue { + if v != defaultValue[i] { + return false + } + } + + return true +} diff --git a/vendor/github.com/urfave/cli/flag_int_slice.go b/vendor/github.com/urfave/cli/flag_int_slice.go index c38d010fd07..af6d582debc 100644 --- a/vendor/github.com/urfave/cli/flag_int_slice.go +++ b/vendor/github.com/urfave/cli/flag_int_slice.go @@ -22,7 +22,12 @@ func (f *IntSlice) Set(value string) error { // String returns a readable representation of this value (for usage defaults) func (f *IntSlice) String() string { - return fmt.Sprintf("%#v", *f) + slice := make([]string, len(*f)) + for i, v := range *f { + slice[i] = strconv.Itoa(v) + } + + return strings.Join(slice, ",") } // Value returns the slice of ints set by this flag @@ -132,11 +137,62 @@ func (c *Context) GlobalIntSlice(name string) []int { func lookupIntSlice(name string, set *flag.FlagSet) []int { f := set.Lookup(name) if f != nil { - parsed, err := (f.Value.(*IntSlice)).Value(), error(nil) - if err != nil { + value, ok := f.Value.(*IntSlice) + if !ok { return nil } - return parsed + // extract the slice from asserted value + slice := value.Value() + + // extract default value from the flag + var defaultVal []int + for _, v := range strings.Split(f.DefValue, ",") { + if v != "" { + intValue, err := strconv.Atoi(v) + if err != nil { + panic(err) + } + defaultVal = append(defaultVal, intValue) + } + } + // if the current value is not equal to the default value + // remove the default values from the flag + if !isIntSliceEqual(slice, defaultVal) { + for _, v := range defaultVal { + slice = removeFromIntSlice(slice, v) + } + } + return slice } return nil } + +func removeFromIntSlice(slice []int, val int) []int { + for i, v := range slice { + if v == val { + ret := append([]int{}, slice[:i]...) + ret = append(ret, slice[i+1:]...) + return ret + } + } + return slice +} + +func isIntSliceEqual(newValue, defaultValue []int) bool { + // If one is nil, the other must also be nil. + if (newValue == nil) != (defaultValue == nil) { + return false + } + + if len(newValue) != len(defaultValue) { + return false + } + + for i, v := range newValue { + if v != defaultValue[i] { + return false + } + } + + return true +} diff --git a/vendor/github.com/urfave/cli/flag_string_slice.go b/vendor/github.com/urfave/cli/flag_string_slice.go index e865b2ff037..a7c71e9dcc3 100644 --- a/vendor/github.com/urfave/cli/flag_string_slice.go +++ b/vendor/github.com/urfave/cli/flag_string_slice.go @@ -17,7 +17,7 @@ func (f *StringSlice) Set(value string) error { // String returns a readable representation of this value (for usage defaults) func (f *StringSlice) String() string { - return fmt.Sprintf("%s", *f) + return strings.Join(*f, ",") } // Value returns the slice of strings set by this flag @@ -128,11 +128,57 @@ func (c *Context) GlobalStringSlice(name string) []string { func lookupStringSlice(name string, set *flag.FlagSet) []string { f := set.Lookup(name) if f != nil { - parsed, err := (f.Value.(*StringSlice)).Value(), error(nil) - if err != nil { + value, ok := f.Value.(*StringSlice) + if !ok { return nil } - return parsed + // extract the slice from asserted value + slice := value.Value() + + // extract default value from the flag + var defaultVal []string + for _, v := range strings.Split(f.DefValue, ",") { + defaultVal = append(defaultVal, v) + } + + // if the current value is not equal to the default value + // remove the default values from the flag + if !isStringSliceEqual(slice, defaultVal) { + for _, v := range defaultVal { + slice = removeFromStringSlice(slice, v) + } + } + return slice } return nil } + +func removeFromStringSlice(slice []string, val string) []string { + for i, v := range slice { + if v == val { + ret := append([]string{}, slice[:i]...) + ret = append(ret, slice[i+1:]...) + return ret + } + } + return slice +} + +func isStringSliceEqual(newValue, defaultValue []string) bool { + // If one is nil, the other must also be nil. + if (newValue == nil) != (defaultValue == nil) { + return false + } + + if len(newValue) != len(defaultValue) { + return false + } + + for i, v := range newValue { + if v != defaultValue[i] { + return false + } + } + + return true +} diff --git a/vendor/github.com/urfave/cli/help.go b/vendor/github.com/urfave/cli/help.go index 7a4ef692595..2280e338ef0 100644 --- a/vendor/github.com/urfave/cli/help.go +++ b/vendor/github.com/urfave/cli/help.go @@ -47,13 +47,18 @@ type helpPrinter func(w io.Writer, templ string, data interface{}) // Prints help for the App or Command with custom template function. type helpPrinterCustom func(w io.Writer, templ string, data interface{}, customFunc map[string]interface{}) -// HelpPrinter is a function that writes the help output. If not set a default -// is used. The function signature is: -// func(w io.Writer, templ string, data interface{}) +// HelpPrinter is a function that writes the help output. If not set explicitly, +// this calls HelpPrinterCustom using only the default template functions. +// +// If custom logic for printing help is required, this function can be +// overridden. If the ExtraInfo field is defined on an App, this function +// should not be modified, as HelpPrinterCustom will be used directly in order +// to capture the extra information. var HelpPrinter helpPrinter = printHelp -// HelpPrinterCustom is same as HelpPrinter but -// takes a custom function for template function map. +// HelpPrinterCustom is a function that writes the help output. It is used as +// the default implementation of HelpPrinter, and may be called directly if +// the ExtraInfo field is set on an App. var HelpPrinterCustom helpPrinterCustom = printHelpCustom // VersionPrinter prints the version for the App @@ -66,20 +71,24 @@ func ShowAppHelpAndExit(c *Context, exitCode int) { } // ShowAppHelp is an action that displays the help. -func ShowAppHelp(c *Context) (err error) { - if c.App.CustomAppHelpTemplate == "" { - HelpPrinter(c.App.Writer, AppHelpTemplate, c.App) - return +func ShowAppHelp(c *Context) error { + template := c.App.CustomAppHelpTemplate + if template == "" { + template = AppHelpTemplate } + + if c.App.ExtraInfo == nil { + HelpPrinter(c.App.Writer, template, c.App) + return nil + } + customAppData := func() map[string]interface{} { - if c.App.ExtraInfo == nil { - return nil - } return map[string]interface{}{ "ExtraInfo": c.App.ExtraInfo, } } - HelpPrinterCustom(c.App.Writer, c.App.CustomAppHelpTemplate, c.App, customAppData()) + HelpPrinterCustom(c.App.Writer, template, c.App, customAppData()) + return nil } @@ -186,11 +195,13 @@ func ShowCommandHelp(ctx *Context, command string) error { for _, c := range ctx.App.Commands { if c.HasName(command) { - if c.CustomHelpTemplate != "" { - HelpPrinterCustom(ctx.App.Writer, c.CustomHelpTemplate, c, nil) - } else { - HelpPrinter(ctx.App.Writer, CommandHelpTemplate, c) + templ := c.CustomHelpTemplate + if templ == "" { + templ = CommandHelpTemplate } + + HelpPrinter(ctx.App.Writer, templ, c) + return nil } } @@ -238,11 +249,15 @@ func ShowCommandCompletions(ctx *Context, command string) { } -func printHelpCustom(out io.Writer, templ string, data interface{}, customFunc map[string]interface{}) { +// printHelpCustom is the default implementation of HelpPrinterCustom. +// +// The customFuncs map will be combined with a default template.FuncMap to +// allow using arbitrary functions in template rendering. +func printHelpCustom(out io.Writer, templ string, data interface{}, customFuncs map[string]interface{}) { funcMap := template.FuncMap{ "join": strings.Join, } - for key, value := range customFunc { + for key, value := range customFuncs { funcMap[key] = value } @@ -261,7 +276,7 @@ func printHelpCustom(out io.Writer, templ string, data interface{}, customFunc m } func printHelp(out io.Writer, templ string, data interface{}) { - printHelpCustom(out, templ, data, nil) + HelpPrinterCustom(out, templ, data, nil) } func checkVersion(c *Context) bool { diff --git a/vendor/github.com/urfave/cli/parse.go b/vendor/github.com/urfave/cli/parse.go index 865accf1027..7df17296a42 100644 --- a/vendor/github.com/urfave/cli/parse.go +++ b/vendor/github.com/urfave/cli/parse.go @@ -11,45 +11,59 @@ type iterativeParser interface { } // To enable short-option handling (e.g., "-it" vs "-i -t") we have to -// iteratively catch parsing errors. This way we achieve LR parsing without +// iteratively catch parsing errors. This way we achieve LR parsing without // transforming any arguments. Otherwise, there is no way we can discriminate // combined short options from common arguments that should be left untouched. -func parseIter(ip iterativeParser, args []string) (*flag.FlagSet, error) { +// Pass `shellComplete` to continue parsing options on failure during shell +// completion when, the user-supplied options may be incomplete. +func parseIter(set *flag.FlagSet, ip iterativeParser, args []string, shellComplete bool) error { for { - set, err := ip.newFlagSet() - if err != nil { - return nil, err - } - - err = set.Parse(args) + err := set.Parse(args) if !ip.useShortOptionHandling() || err == nil { - return set, err + if shellComplete { + return nil + } + return err } errStr := err.Error() - trimmed := strings.TrimPrefix(errStr, "flag provided but not defined: ") + trimmed := strings.TrimPrefix(errStr, "flag provided but not defined: -") if errStr == trimmed { - return nil, err + return err } // regenerate the initial args with the split short opts - newArgs := []string{} + argsWereSplit := false for i, arg := range args { - if arg != trimmed { - newArgs = append(newArgs, arg) + // skip args that are not part of the error message + if name := strings.TrimLeft(arg, "-"); name != trimmed { continue } - shortOpts := splitShortOptions(set, trimmed) + // if we can't split, the error was accurate + shortOpts := splitShortOptions(set, arg) if len(shortOpts) == 1 { - return nil, err + return err } - // add each short option and all remaining arguments - newArgs = append(newArgs, shortOpts...) - newArgs = append(newArgs, args[i+1:]...) - args = newArgs + // swap current argument with the split version + args = append(args[:i], append(shortOpts, args[i+1:]...)...) + argsWereSplit = true + break + } + + // This should be an impossible to reach code path, but in case the arg + // splitting failed to happen, this will prevent infinite loops + if !argsWereSplit { + return err + } + + // Since custom parsing failed, replace the flag set before retrying + newSet, err := ip.newFlagSet() + if err != nil { + return err } + *set = *newSet } } diff --git a/vendor/modules.txt b/vendor/modules.txt index 5fdb5d18d20..714a2540101 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -61,7 +61,7 @@ github.com/sirupsen/logrus/hooks/test # github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 ## explicit github.com/syndtr/gocapability/capability -# github.com/urfave/cli v1.22.1 +# github.com/urfave/cli v1.22.6 ## explicit; go 1.11 github.com/urfave/cli # github.com/vishvananda/netlink v1.1.0 From 29a56b5206a3fc7b2f5fe4b43c09c8ba09b25495 Mon Sep 17 00:00:00 2001 From: CrazyMax Date: Tue, 3 May 2022 13:01:18 +0200 Subject: [PATCH 0021/1176] fix deprecated ActKill Signed-off-by: CrazyMax --- libcontainer/seccomp/patchbpf/enosys_linux_test.go | 2 +- libcontainer/seccomp/seccomp_linux.go | 6 ++---- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/libcontainer/seccomp/patchbpf/enosys_linux_test.go b/libcontainer/seccomp/patchbpf/enosys_linux_test.go index b2ee6255bb4..727800aa50c 100644 --- a/libcontainer/seccomp/patchbpf/enosys_linux_test.go +++ b/libcontainer/seccomp/patchbpf/enosys_linux_test.go @@ -282,7 +282,7 @@ func TestDisassembleHugeFilterDoesNotHang(t *testing.T) { } for i := 1; i < 10000; i++ { - if err := hugeFilter.AddRule(libseccomp.ScmpSyscall(i), libseccomp.ActKill); err != nil { + if err := hugeFilter.AddRule(libseccomp.ScmpSyscall(i), libseccomp.ActKillThread); err != nil { t.Fatalf("failed to add rule to filter %d: %v", i, err) } } diff --git a/libcontainer/seccomp/seccomp_linux.go b/libcontainer/seccomp/seccomp_linux.go index f177b7f05f2..8c12af72be9 100644 --- a/libcontainer/seccomp/seccomp_linux.go +++ b/libcontainer/seccomp/seccomp_linux.go @@ -113,8 +113,8 @@ func InitSeccomp(config *configs.Seccomp) (int, error) { // Convert Libcontainer Action to Libseccomp ScmpAction func getAction(act configs.Action, errnoRet *uint) (libseccomp.ScmpAction, error) { switch act { - case configs.Kill: - return libseccomp.ActKill, nil + case configs.Kill, configs.KillThread: + return libseccomp.ActKillThread, nil case configs.Errno: if errnoRet != nil { return libseccomp.ActErrno.SetReturnCode(int16(*errnoRet)), nil @@ -133,8 +133,6 @@ func getAction(act configs.Action, errnoRet *uint) (libseccomp.ScmpAction, error return libseccomp.ActLog, nil case configs.Notify: return libseccomp.ActNotify, nil - case configs.KillThread: - return libseccomp.ActKillThread, nil case configs.KillProcess: return libseccomp.ActKillProcess, nil default: From df2bc1380ec74e9c7416393477304eec4949c536 Mon Sep 17 00:00:00 2001 From: CrazyMax Date: Tue, 3 May 2022 11:15:18 +0200 Subject: [PATCH 0022/1176] vendor: bump seccomp/libseccomp-golang to f33da4d Signed-off-by: CrazyMax --- go.mod | 2 +- go.sum | 4 +- .../seccomp/libseccomp-golang/.golangci.yml | 4 + .../seccomp/libseccomp-golang/.travis.yml | 57 ---- .../seccomp/libseccomp-golang/CONTRIBUTING.md | 26 +- .../seccomp/libseccomp-golang/Makefile | 7 +- .../seccomp/libseccomp-golang/README.md | 24 +- .../seccomp/libseccomp-golang/SECURITY.md | 47 ++++ .../seccomp/libseccomp-golang/seccomp.go | 253 +++++++++++------- .../libseccomp-golang/seccomp_internal.go | 175 +++++++----- vendor/modules.txt | 2 +- 11 files changed, 333 insertions(+), 268 deletions(-) create mode 100644 vendor/github.com/seccomp/libseccomp-golang/.golangci.yml delete mode 100644 vendor/github.com/seccomp/libseccomp-golang/.travis.yml create mode 100644 vendor/github.com/seccomp/libseccomp-golang/SECURITY.md diff --git a/go.mod b/go.mod index 14884815e93..6aa69b486c4 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/mrunalp/fileutils v0.5.0 github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 github.com/opencontainers/selinux v1.10.1 - github.com/seccomp/libseccomp-golang v0.9.2-0.20210429002308-3879420cc921 + github.com/seccomp/libseccomp-golang v0.9.2-0.20220502022130-f33da4d89646 github.com/sirupsen/logrus v1.8.1 github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 github.com/urfave/cli v1.22.6 diff --git a/go.sum b/go.sum index f413bd956e7..bfd380fd333 100644 --- a/go.sum +++ b/go.sum @@ -46,8 +46,8 @@ github.com/rogpeppe/go-internal v1.6.1 h1:/FiVV8dS/e+YqF2JvO3yXRFbBLTIuSDkuC7aBO github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= github.com/russross/blackfriday/v2 v2.0.1 h1:lPqVAte+HuHNfhJ/0LC98ESWRz8afy9tM/0RK8m9o+Q= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= -github.com/seccomp/libseccomp-golang v0.9.2-0.20210429002308-3879420cc921 h1:58EBmR2dMNL2n/FnbQewK3D14nXr0V9CObDSvMJLq+Y= -github.com/seccomp/libseccomp-golang v0.9.2-0.20210429002308-3879420cc921/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg= +github.com/seccomp/libseccomp-golang v0.9.2-0.20220502022130-f33da4d89646 h1:RpforrEYXWkmGwJHIGnLZ3tTWStkjVVstwzNGqxX2Ds= +github.com/seccomp/libseccomp-golang v0.9.2-0.20220502022130-f33da4d89646/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg= github.com/shurcooL/sanitized_anchor_name v1.0.0 h1:PdmoCO6wvbs+7yrJyMORt4/BmY5IYyJwS/kOiWx8mHo= github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE= diff --git a/vendor/github.com/seccomp/libseccomp-golang/.golangci.yml b/vendor/github.com/seccomp/libseccomp-golang/.golangci.yml new file mode 100644 index 00000000000..7df8aa19838 --- /dev/null +++ b/vendor/github.com/seccomp/libseccomp-golang/.golangci.yml @@ -0,0 +1,4 @@ +# For documentation, see https://golangci-lint.run/usage/configuration/ +linters: + enable: + - gofumpt diff --git a/vendor/github.com/seccomp/libseccomp-golang/.travis.yml b/vendor/github.com/seccomp/libseccomp-golang/.travis.yml deleted file mode 100644 index 5240d462280..00000000000 --- a/vendor/github.com/seccomp/libseccomp-golang/.travis.yml +++ /dev/null @@ -1,57 +0,0 @@ -# Travis CI configuration for libseccomp-golang - -# https://docs.travis-ci.com/user/reference/bionic -# https://wiki.ubuntu.com/Releases - -dist: bionic -sudo: false - -notifications: - email: - on_success: always - on_failure: always - -arch: - - amd64 - -os: - - linux - -language: go - -jobs: - include: - - name: "last libseccomp 2.5.0" - env: - - SECCOMP_VER=2.5.0 - - SECCOMP_SHA256SUM=1ffa7038d2720ad191919816db3479295a4bcca1ec14e02f672539f4983014f3 - - name: "compat libseccomp 2.4.4" - env: - - SECCOMP_VER=2.4.4 - - SECCOMP_SHA256SUM=4e79738d1ef3c9b7ca9769f1f8b8d84fc17143c2c1c432e53b9c64787e0ff3eb - - name: "compat libseccomp 2.2.1" - env: - - SECCOMP_VER=2.2.1 - - SECCOMP_SHA256SUM=0ba1789f54786c644af54cdffc9fd0dd0a8bb2b2ee153933f658855d2851a740 - -addons: - apt: - packages: - - build-essential - - astyle - - golint - - gperf - -install: - - go get -u golang.org/x/lint/golint - -# run all of the tests independently, fail if any of the tests error -script: - - wget https://github.com/seccomp/libseccomp/releases/download/v$SECCOMP_VER/libseccomp-$SECCOMP_VER.tar.gz - - echo $SECCOMP_SHA256SUM libseccomp-$SECCOMP_VER.tar.gz | sha256sum -c - - tar xf libseccomp-$SECCOMP_VER.tar.gz - - pushd libseccomp-$SECCOMP_VER && ./configure --prefix=/opt/libseccomp-$SECCOMP_VER && make && sudo make install && popd - - make check-syntax - - make lint - - PKG_CONFIG_PATH=/opt/libseccomp-$SECCOMP_VER/lib/pkgconfig LD_LIBRARY_PATH=/opt/libseccomp-$SECCOMP_VER/lib make vet - - PKG_CONFIG_PATH=/opt/libseccomp-$SECCOMP_VER/lib/pkgconfig LD_LIBRARY_PATH=/opt/libseccomp-$SECCOMP_VER/lib make test diff --git a/vendor/github.com/seccomp/libseccomp-golang/CONTRIBUTING.md b/vendor/github.com/seccomp/libseccomp-golang/CONTRIBUTING.md index d6862cbd5f9..c2fc80d5af6 100644 --- a/vendor/github.com/seccomp/libseccomp-golang/CONTRIBUTING.md +++ b/vendor/github.com/seccomp/libseccomp-golang/CONTRIBUTING.md @@ -1,31 +1,23 @@ -How to Submit Patches to the libseccomp Project +How to Submit Patches to the libseccomp-golang Project =============================================================================== https://github.com/seccomp/libseccomp-golang This document is intended to act as a guide to help you contribute to the -libseccomp project. It is not perfect, and there will always be exceptions -to the rules described here, but by following the instructions below you -should have a much easier time getting your work merged with the upstream +libseccomp-golang project. It is not perfect, and there will always be +exceptions to the rules described here, but by following the instructions below +you should have a much easier time getting your work merged with the upstream project. ## Test Your Code Using Existing Tests -There are two possible tests you can run to verify your code. The first -test is used to check the formatting and coding style of your changes, you -can run the test with the following command: - - # make check-syntax - -... if there are any problems with your changes a diff/patch will be shown -which indicates the problems and how to fix them. - -The second possible test is used to ensure the sanity of your code changes -and to test these changes against the included tests. You can run the test -with the following command: +A number of tests and lint related recipes are provided in the Makefile, if +you want to run the standard regression tests, you can execute the following: # make check -... if there are any faults or errors they will be displayed. +In order to use it, the 'golangci-lint' tool is needed, which can be found at: + +* https://github.com/golangci/golangci-lint ## Add New Tests for New Functionality diff --git a/vendor/github.com/seccomp/libseccomp-golang/Makefile b/vendor/github.com/seccomp/libseccomp-golang/Makefile index 38cfa852cd6..530f5b4adbc 100644 --- a/vendor/github.com/seccomp/libseccomp-golang/Makefile +++ b/vendor/github.com/seccomp/libseccomp-golang/Makefile @@ -4,7 +4,7 @@ all: check-build -check: vet test +check: lint test check-build: go build @@ -16,7 +16,7 @@ fix-syntax: gofmt -w . vet: - go vet -v + go vet -v ./... # Previous bugs have made the tests freeze until the timeout. Golang default # timeout for tests is 10 minutes, which is too long, considering current tests @@ -28,5 +28,4 @@ test: go test -v -timeout $(TEST_TIMEOUT) lint: - @$(if $(shell which golint),true,$(error "install golint and include it in your PATH")) - golint -set_exit_status + golangci-lint run . diff --git a/vendor/github.com/seccomp/libseccomp-golang/README.md b/vendor/github.com/seccomp/libseccomp-golang/README.md index 806a5ddf29b..6430f1c9e25 100644 --- a/vendor/github.com/seccomp/libseccomp-golang/README.md +++ b/vendor/github.com/seccomp/libseccomp-golang/README.md @@ -2,7 +2,9 @@ =============================================================================== https://github.com/seccomp/libseccomp-golang -[![Build Status](https://img.shields.io/travis/seccomp/libseccomp-golang/main.svg)](https://travis-ci.org/seccomp/libseccomp-golang) +[![Go Reference](https://pkg.go.dev/badge/github.com/seccomp/libseccomp-golang.svg)](https://pkg.go.dev/github.com/seccomp/libseccomp-golang) +[![validate](https://github.com/seccomp/libseccomp-golang/actions/workflows/validate.yml/badge.svg)](https://github.com/seccomp/libseccomp-golang/actions/workflows/validate.yml) +[![test](https://github.com/seccomp/libseccomp-golang/actions/workflows/test.yml/badge.svg)](https://github.com/seccomp/libseccomp-golang/actions/workflows/test.yml) The libseccomp library provides an easy to use, platform independent, interface to the Linux Kernel's syscall filtering mechanism. The libseccomp API is @@ -26,26 +28,14 @@ list. * https://groups.google.com/d/forum/libseccomp -Documentation is also available at: +Documentation for this package is also available at: -* https://godoc.org/github.com/seccomp/libseccomp-golang +* https://pkg.go.dev/github.com/seccomp/libseccomp-golang ## Installing the package -The libseccomp-golang bindings require at least Go v1.2.1 and GCC v4.8.4; -earlier versions may yield unpredictable results. If you meet these -requirements you can install this package using the command below: - # go get github.com/seccomp/libseccomp-golang -## Testing the Library - -A number of tests and lint related recipes are provided in the Makefile, if -you want to run the standard regression tests, you can excute the following: - - # make check - -In order to execute the 'make lint' recipe the 'golint' tool is needed, it -can be found at: +## Contributing -* https://github.com/golang/lint +See [CONTRIBUTING.md](CONTRIBUTING.md). diff --git a/vendor/github.com/seccomp/libseccomp-golang/SECURITY.md b/vendor/github.com/seccomp/libseccomp-golang/SECURITY.md new file mode 100644 index 00000000000..c448faa8e80 --- /dev/null +++ b/vendor/github.com/seccomp/libseccomp-golang/SECURITY.md @@ -0,0 +1,47 @@ +The libseccomp-golang Security Vulnerability Handling Process +=============================================================================== +https://github.com/seccomp/libseccomp-golang + +This document document attempts to describe the processes through which +sensitive security relevant bugs can be responsibly disclosed to the +libseccomp-golang project and how the project maintainers should handle these +reports. Just like the other libseccomp-golang process documents, this +document should be treated as a guiding document and not a hard, unyielding set +of regulations; the bug reporters and project maintainers are encouraged to +work together to address the issues as best they can, in a manner which works +best for all parties involved. + +### Reporting Problems + +Problems with the libseccomp-golang library that are not suitable for immediate +public disclosure should be emailed to the current libseccomp-golang +maintainers, the list is below. We typically request at most a 90 day time +period to address the issue before it is made public, but we will make every +effort to address the issue as quickly as possible and shorten the disclosure +window. + +* Paul Moore, paul@paul-moore.com +* Tom Hromatka, tom.hromatka@oracle.com + +### Resolving Sensitive Security Issues + +Upon disclosure of a bug, the maintainers should work together to investigate +the problem and decide on a solution. In order to prevent an early disclosure +of the problem, those working on the solution should do so privately and +outside of the traditional libseccomp-golang development practices. One +possible solution to this is to leverage the GitHub "Security" functionality to +create a private development fork that can be shared among the maintainers, and +optionally the reporter. A placeholder GitHub issue may be created, but +details should remain extremely limited until such time as the problem has been +fixed and responsibly disclosed. If a CVE, or other tag, has been assigned to +the problem, the GitHub issue title should include the vulnerability tag once +the problem has been disclosed. + +### Public Disclosure + +Whenever possible, responsible reporting and patching practices should be +followed, including notification to the linux-distros and oss-security mailing +lists. + +* https://oss-security.openwall.org/wiki/mailing-lists/distros +* https://oss-security.openwall.org/wiki/mailing-lists/oss-security diff --git a/vendor/github.com/seccomp/libseccomp-golang/seccomp.go b/vendor/github.com/seccomp/libseccomp-golang/seccomp.go index e9b92e2219a..8dad12fdbb9 100644 --- a/vendor/github.com/seccomp/libseccomp-golang/seccomp.go +++ b/vendor/github.com/seccomp/libseccomp-golang/seccomp.go @@ -1,5 +1,3 @@ -// +build linux - // Public API specification for libseccomp Go bindings // Contains public API for the bindings @@ -18,48 +16,36 @@ import ( "unsafe" ) -// C wrapping code - -// To compile libseccomp-golang against a specific version of libseccomp: -// cd ../libseccomp && mkdir -p prefix -// ./configure --prefix=$PWD/prefix && make && make install -// cd ../libseccomp-golang -// PKG_CONFIG_PATH=$PWD/../libseccomp/prefix/lib/pkgconfig/ make -// LD_PRELOAD=$PWD/../libseccomp/prefix/lib/libseccomp.so.2.5.0 PKG_CONFIG_PATH=$PWD/../libseccomp/prefix/lib/pkgconfig/ make test - -// #cgo pkg-config: libseccomp // #include // #include import "C" // Exported types -// VersionError denotes that the system libseccomp version is incompatible -// with this package. +// VersionError represents an error when either the system libseccomp version +// or the kernel version is too old to perform the operation requested. type VersionError struct { - message string - minimum string + op string // operation that failed or would fail + major, minor, micro uint // minimally required libseccomp version + curAPI, minAPI uint // current and minimally required API versions } func init() { // This forces the cgo libseccomp to initialize its internal API support state, // which is necessary on older versions of libseccomp in order to work // correctly. - GetAPI() + _, _ = getAPI() } func (e VersionError) Error() string { - messageStr := "" - if e.message != "" { - messageStr = e.message + ": " + if e.minAPI != 0 { + return fmt.Sprintf("%s requires libseccomp >= %d.%d.%d and API level >= %d "+ + "(current version: %d.%d.%d, API level: %d)", + e.op, e.major, e.minor, e.micro, e.minAPI, + verMajor, verMinor, verMicro, e.curAPI) } - minimumStr := "" - if e.minimum != "" { - minimumStr = e.minimum - } else { - minimumStr = "2.2.0" - } - return fmt.Sprintf("Libseccomp version too low: %sminimum supported is %s: detected %d.%d.%d", messageStr, minimumStr, verMajor, verMinor, verMicro) + return fmt.Sprintf("%s requires libseccomp >= %d.%d.%d (current version: %d.%d.%d)", + e.op, e.major, e.minor, e.micro, verMajor, verMinor, verMicro) } // ScmpArch represents a CPU architecture. Seccomp can restrict syscalls on a @@ -148,44 +134,46 @@ const ( // variables are invalid ArchInvalid ScmpArch = iota // ArchNative is the native architecture of the kernel - ArchNative ScmpArch = iota + ArchNative // ArchX86 represents 32-bit x86 syscalls - ArchX86 ScmpArch = iota + ArchX86 // ArchAMD64 represents 64-bit x86-64 syscalls - ArchAMD64 ScmpArch = iota + ArchAMD64 // ArchX32 represents 64-bit x86-64 syscalls (32-bit pointers) - ArchX32 ScmpArch = iota + ArchX32 // ArchARM represents 32-bit ARM syscalls - ArchARM ScmpArch = iota + ArchARM // ArchARM64 represents 64-bit ARM syscalls - ArchARM64 ScmpArch = iota + ArchARM64 // ArchMIPS represents 32-bit MIPS syscalls - ArchMIPS ScmpArch = iota + ArchMIPS // ArchMIPS64 represents 64-bit MIPS syscalls - ArchMIPS64 ScmpArch = iota + ArchMIPS64 // ArchMIPS64N32 represents 64-bit MIPS syscalls (32-bit pointers) - ArchMIPS64N32 ScmpArch = iota + ArchMIPS64N32 // ArchMIPSEL represents 32-bit MIPS syscalls (little endian) - ArchMIPSEL ScmpArch = iota + ArchMIPSEL // ArchMIPSEL64 represents 64-bit MIPS syscalls (little endian) - ArchMIPSEL64 ScmpArch = iota + ArchMIPSEL64 // ArchMIPSEL64N32 represents 64-bit MIPS syscalls (little endian, // 32-bit pointers) - ArchMIPSEL64N32 ScmpArch = iota + ArchMIPSEL64N32 // ArchPPC represents 32-bit POWERPC syscalls - ArchPPC ScmpArch = iota + ArchPPC // ArchPPC64 represents 64-bit POWER syscalls (big endian) - ArchPPC64 ScmpArch = iota + ArchPPC64 // ArchPPC64LE represents 64-bit POWER syscalls (little endian) - ArchPPC64LE ScmpArch = iota + ArchPPC64LE // ArchS390 represents 31-bit System z/390 syscalls - ArchS390 ScmpArch = iota + ArchS390 // ArchS390X represents 64-bit System z/390 syscalls - ArchS390X ScmpArch = iota + ArchS390X // ArchPARISC represents 32-bit PA-RISC - ArchPARISC ScmpArch = iota + ArchPARISC // ArchPARISC64 represents 64-bit PA-RISC - ArchPARISC64 ScmpArch = iota + ArchPARISC64 + // ArchRISCV64 represents RISCV64 + ArchRISCV64 ) const ( @@ -194,34 +182,36 @@ const ( // ActInvalid is a placeholder to ensure uninitialized ScmpAction // variables are invalid ActInvalid ScmpAction = iota - // ActKill kills the thread that violated the rule. It is the same as ActKillThread. + // ActKillThread kills the thread that violated the rule. // All other threads from the same thread group will continue to execute. - ActKill ScmpAction = iota + ActKillThread // ActTrap throws SIGSYS - ActTrap ScmpAction = iota + ActTrap // ActNotify triggers a userspace notification. This action is only usable when // libseccomp API level 6 or higher is supported. - ActNotify ScmpAction = iota + ActNotify // ActErrno causes the syscall to return a negative error code. This // code can be set with the SetReturnCode method - ActErrno ScmpAction = iota + ActErrno // ActTrace causes the syscall to notify tracing processes with the // given error code. This code can be set with the SetReturnCode method - ActTrace ScmpAction = iota + ActTrace // ActAllow permits the syscall to continue execution - ActAllow ScmpAction = iota + ActAllow // ActLog permits the syscall to continue execution after logging it. // This action is only usable when libseccomp API level 3 or higher is // supported. - ActLog ScmpAction = iota - // ActKillThread kills the thread that violated the rule. It is the same as ActKill. - // All other threads from the same thread group will continue to execute. - ActKillThread ScmpAction = iota + ActLog // ActKillProcess kills the process that violated the rule. // All threads in the thread group are also terminated. // This action is only usable when libseccomp API level 3 or higher is // supported. - ActKillProcess ScmpAction = iota + ActKillProcess + // ActKill kills the thread that violated the rule. + // All other threads from the same thread group will continue to execute. + // + // Deprecated: use ActKillThread + ActKill = ActKillThread ) const ( @@ -234,36 +224,35 @@ const ( CompareInvalid ScmpCompareOp = iota // CompareNotEqual returns true if the argument is not equal to the // given value - CompareNotEqual ScmpCompareOp = iota + CompareNotEqual // CompareLess returns true if the argument is less than the given value - CompareLess ScmpCompareOp = iota + CompareLess // CompareLessOrEqual returns true if the argument is less than or equal // to the given value - CompareLessOrEqual ScmpCompareOp = iota + CompareLessOrEqual // CompareEqual returns true if the argument is equal to the given value - CompareEqual ScmpCompareOp = iota + CompareEqual // CompareGreaterEqual returns true if the argument is greater than or // equal to the given value - CompareGreaterEqual ScmpCompareOp = iota + CompareGreaterEqual // CompareGreater returns true if the argument is greater than the given // value - CompareGreater ScmpCompareOp = iota - // CompareMaskedEqual returns true if the argument is equal to the given - // value, when masked (bitwise &) against the second given value - CompareMaskedEqual ScmpCompareOp = iota + CompareGreater + // CompareMaskedEqual returns true if the masked argument value is + // equal to the masked datum value. Mask is the first argument, and + // datum is the second one. + CompareMaskedEqual ) -var ( - // ErrSyscallDoesNotExist represents an error condition where - // libseccomp is unable to resolve the syscall - ErrSyscallDoesNotExist = fmt.Errorf("could not resolve syscall name") -) +// ErrSyscallDoesNotExist represents an error condition where +// libseccomp is unable to resolve the syscall +var ErrSyscallDoesNotExist = fmt.Errorf("could not resolve syscall name") const ( // Userspace notification response flags // NotifRespFlagContinue tells the kernel to continue executing the system - // call that triggered the notification. Must only be used when the notication + // call that triggered the notification. Must only be used when the notification // response's error is 0. NotifRespFlagContinue uint32 = 1 ) @@ -314,6 +303,8 @@ func GetArchFromString(arch string) (ScmpArch, error) { return ArchPARISC, nil case "parisc64": return ArchPARISC64, nil + case "riscv64": + return ArchRISCV64, nil default: return ArchInvalid, fmt.Errorf("cannot convert unrecognized string %q", arch) } @@ -358,6 +349,8 @@ func (a ScmpArch) String() string { return "parisc" case ArchPARISC64: return "parisc64" + case ArchRISCV64: + return "riscv64" case ArchNative: return "native" case ArchInvalid: @@ -394,7 +387,7 @@ func (a ScmpCompareOp) String() string { // String returns a string representation of a seccomp match action func (a ScmpAction) String() string { switch a & 0xFFFF { - case ActKill, ActKillThread: + case ActKillThread: return "Action: Kill thread" case ActKillProcess: return "Action: Kill process" @@ -556,8 +549,8 @@ func MakeCondition(arg uint, comparison ScmpCompareOp, values ...uint64) (ScmpCo return condStruct, err } - if comparison == CompareInvalid { - return condStruct, fmt.Errorf("invalid comparison operator") + if err := sanitizeCompareOp(comparison); err != nil { + return condStruct, err } else if arg > 5 { return condStruct, fmt.Errorf("syscalls only have up to 6 arguments (%d given)", arg) } else if len(values) > 2 { @@ -874,10 +867,8 @@ func (f *ScmpFilter) GetNoNewPrivsBit() (bool, error) { func (f *ScmpFilter) GetLogBit() (bool, error) { log, err := f.getFilterAttr(filterAttrLog) if err != nil { - // Ignore error, if not supported returns apiLevel == 0 - apiLevel, _ := GetAPI() - if apiLevel < 3 { - return false, fmt.Errorf("getting the log bit is only supported in libseccomp 2.4.0 and newer with API level 3 or higher") + if e := checkAPI("GetLogBit", 3, 2, 4, 0); e != nil { + err = e } return false, err @@ -899,9 +890,8 @@ func (f *ScmpFilter) GetLogBit() (bool, error) { func (f *ScmpFilter) GetSSB() (bool, error) { ssb, err := f.getFilterAttr(filterAttrSSB) if err != nil { - api, apiErr := getAPI() - if (apiErr != nil && api == 0) || (apiErr == nil && api < 4) { - return false, fmt.Errorf("getting the SSB flag is only supported in libseccomp 2.5.0 and newer with API level 4 or higher") + if e := checkAPI("GetSSB", 4, 2, 5, 0); e != nil { + err = e } return false, err @@ -914,6 +904,42 @@ func (f *ScmpFilter) GetSSB() (bool, error) { return true, nil } +// GetOptimize returns the current optimization level of the filter, +// or an error if an issue was encountered retrieving the value. +// See SetOptimize for more details. +func (f *ScmpFilter) GetOptimize() (int, error) { + level, err := f.getFilterAttr(filterAttrOptimize) + if err != nil { + if e := checkAPI("GetOptimize", 4, 2, 5, 0); e != nil { + err = e + } + + return 0, err + } + + return int(level), nil +} + +// GetRawRC returns the current state of RawRC flag, or an error +// if an issue was encountered retrieving the value. +// See SetRawRC for more details. +func (f *ScmpFilter) GetRawRC() (bool, error) { + rawrc, err := f.getFilterAttr(filterAttrRawRC) + if err != nil { + if e := checkAPI("GetRawRC", 4, 2, 5, 0); e != nil { + err = e + } + + return false, err + } + + if rawrc == 0 { + return false, nil + } + + return true, nil +} + // SetBadArchAction sets the default action taken on a syscall for an // architecture not in the filter, or an error if an issue was encountered // setting the value. @@ -953,10 +979,8 @@ func (f *ScmpFilter) SetLogBit(state bool) error { err := f.setFilterAttr(filterAttrLog, toSet) if err != nil { - // Ignore error, if not supported returns apiLevel == 0 - apiLevel, _ := GetAPI() - if apiLevel < 3 { - return fmt.Errorf("setting the log bit is only supported in libseccomp 2.4.0 and newer with API level 3 or higher") + if e := checkAPI("SetLogBit", 3, 2, 4, 0); e != nil { + err = e } } @@ -976,9 +1000,52 @@ func (f *ScmpFilter) SetSSB(state bool) error { err := f.setFilterAttr(filterAttrSSB, toSet) if err != nil { - api, apiErr := getAPI() - if (apiErr != nil && api == 0) || (apiErr == nil && api < 4) { - return fmt.Errorf("setting the SSB flag is only supported in libseccomp 2.5.0 and newer with API level 4 or higher") + if e := checkAPI("SetSSB", 4, 2, 5, 0); e != nil { + err = e + } + } + + return err +} + +// SetOptimize sets optimization level of the seccomp filter. By default +// libseccomp generates a set of sequential "if" statements for each rule in +// the filter. SetSyscallPriority can be used to prioritize the order for the +// default cause. The binary tree optimization sorts by syscall numbers and +// generates consistent O(log n) filter traversal for every rule in the filter. +// The binary tree may be advantageous for large filters. Note that +// SetSyscallPriority is ignored when level == 2. +// +// The different optimization levels are: +// 0: Reserved value, not currently used. +// 1: Rules sorted by priority and complexity (DEFAULT). +// 2: Binary tree sorted by syscall number. +func (f *ScmpFilter) SetOptimize(level int) error { + cLevel := C.uint32_t(level) + + err := f.setFilterAttr(filterAttrOptimize, cLevel) + if err != nil { + if e := checkAPI("SetOptimize", 4, 2, 5, 0); e != nil { + err = e + } + } + + return err +} + +// SetRawRC sets whether libseccomp should pass system error codes back to the +// caller, instead of the default ECANCELED. Defaults to false. +func (f *ScmpFilter) SetRawRC(state bool) error { + var toSet C.uint32_t = 0x0 + + if state { + toSet = 0x1 + } + + err := f.setFilterAttr(filterAttrRawRC, toSet) + if err != nil { + if e := checkAPI("SetRawRC", 4, 2, 5, 0); e != nil { + err = e } } @@ -1029,9 +1096,6 @@ func (f *ScmpFilter) AddRuleExact(call ScmpSyscall, action ScmpAction) error { // AddRuleConditional adds a single rule for a conditional action on a syscall. // Returns an error if an issue was encountered adding the rule. // All conditions must match for the rule to match. -// There is a bug in library versions below v2.2.1 which can, in some cases, -// cause conditions to be lost when more than one are used. Consequently, -// AddRuleConditional is disabled on library versions lower than v2.2.1 func (f *ScmpFilter) AddRuleConditional(call ScmpSyscall, action ScmpAction, conds []ScmpCondition) error { return f.addRuleGeneric(call, action, false, conds) } @@ -1043,9 +1107,6 @@ func (f *ScmpFilter) AddRuleConditional(call ScmpSyscall, action ScmpAction, con // The rule will function exactly as described, but it may not function identically // (or be able to be applied to) all architectures. // Returns an error if an issue was encountered adding the rule. -// There is a bug in library versions below v2.2.1 which can, in some cases, -// cause conditions to be lost when more than one are used. Consequently, -// AddRuleConditionalExact is disabled on library versions lower than v2.2.1 func (f *ScmpFilter) AddRuleConditionalExact(call ScmpSyscall, action ScmpAction, conds []ScmpCondition) error { return f.addRuleGeneric(call, action, true, conds) } diff --git a/vendor/github.com/seccomp/libseccomp-golang/seccomp_internal.go b/vendor/github.com/seccomp/libseccomp-golang/seccomp_internal.go index 8dc7b296f3b..df4dfb7eba8 100644 --- a/vendor/github.com/seccomp/libseccomp-golang/seccomp_internal.go +++ b/vendor/github.com/seccomp/libseccomp-golang/seccomp_internal.go @@ -1,11 +1,10 @@ -// +build linux - // Internal functions for libseccomp Go bindings // No exported functions package seccomp import ( + "errors" "fmt" "syscall" ) @@ -27,10 +26,10 @@ import ( #include #include -#if SCMP_VER_MAJOR < 2 -#error Minimum supported version of Libseccomp is v2.2.0 -#elif SCMP_VER_MAJOR == 2 && SCMP_VER_MINOR < 2 -#error Minimum supported version of Libseccomp is v2.2.0 +#if (SCMP_VER_MAJOR < 2) || \ + (SCMP_VER_MAJOR == 2 && SCMP_VER_MINOR < 3) || \ + (SCMP_VER_MAJOR == 2 && SCMP_VER_MINOR == 3 && SCMP_VER_MICRO < 1) +#error This package requires libseccomp >= v2.3.1 #endif #define ARCH_BAD ~0 @@ -65,6 +64,10 @@ const uint32_t C_ARCH_BAD = ARCH_BAD; #define SCMP_ARCH_PARISC64 ARCH_BAD #endif +#ifndef SCMP_ARCH_RISCV64 +#define SCMP_ARCH_RISCV64 ARCH_BAD +#endif + const uint32_t C_ARCH_NATIVE = SCMP_ARCH_NATIVE; const uint32_t C_ARCH_X86 = SCMP_ARCH_X86; const uint32_t C_ARCH_X86_64 = SCMP_ARCH_X86_64; @@ -84,6 +87,7 @@ const uint32_t C_ARCH_S390 = SCMP_ARCH_S390; const uint32_t C_ARCH_S390X = SCMP_ARCH_S390X; const uint32_t C_ARCH_PARISC = SCMP_ARCH_PARISC; const uint32_t C_ARCH_PARISC64 = SCMP_ARCH_PARISC64; +const uint32_t C_ARCH_RISCV64 = SCMP_ARCH_RISCV64; #ifndef SCMP_ACT_LOG #define SCMP_ACT_LOG 0x7ffc0000U @@ -113,20 +117,25 @@ const uint32_t C_ACT_NOTIFY = SCMP_ACT_NOTIFY; // The libseccomp SCMP_FLTATR_CTL_LOG member of the scmp_filter_attr enum was // added in v2.4.0 -#if (SCMP_VER_MAJOR < 2) || \ - (SCMP_VER_MAJOR == 2 && SCMP_VER_MINOR < 4) +#if SCMP_VER_MAJOR == 2 && SCMP_VER_MINOR < 4 #define SCMP_FLTATR_CTL_LOG _SCMP_FLTATR_MIN #endif + +// The following SCMP_FLTATR_* were added in libseccomp v2.5.0. #if SCMP_VER_MAJOR == 2 && SCMP_VER_MINOR < 5 -#define SCMP_FLTATR_CTL_SSB _SCMP_FLTATR_MIN +#define SCMP_FLTATR_CTL_SSB _SCMP_FLTATR_MIN +#define SCMP_FLTATR_CTL_OPTIMIZE _SCMP_FLTATR_MIN +#define SCMP_FLTATR_API_SYSRAWRC _SCMP_FLTATR_MIN #endif -const uint32_t C_ATTRIBUTE_DEFAULT = (uint32_t)SCMP_FLTATR_ACT_DEFAULT; -const uint32_t C_ATTRIBUTE_BADARCH = (uint32_t)SCMP_FLTATR_ACT_BADARCH; -const uint32_t C_ATTRIBUTE_NNP = (uint32_t)SCMP_FLTATR_CTL_NNP; -const uint32_t C_ATTRIBUTE_TSYNC = (uint32_t)SCMP_FLTATR_CTL_TSYNC; -const uint32_t C_ATTRIBUTE_LOG = (uint32_t)SCMP_FLTATR_CTL_LOG; -const uint32_t C_ATTRIBUTE_SSB = (uint32_t)SCMP_FLTATR_CTL_SSB; +const uint32_t C_ATTRIBUTE_DEFAULT = (uint32_t)SCMP_FLTATR_ACT_DEFAULT; +const uint32_t C_ATTRIBUTE_BADARCH = (uint32_t)SCMP_FLTATR_ACT_BADARCH; +const uint32_t C_ATTRIBUTE_NNP = (uint32_t)SCMP_FLTATR_CTL_NNP; +const uint32_t C_ATTRIBUTE_TSYNC = (uint32_t)SCMP_FLTATR_CTL_TSYNC; +const uint32_t C_ATTRIBUTE_LOG = (uint32_t)SCMP_FLTATR_CTL_LOG; +const uint32_t C_ATTRIBUTE_SSB = (uint32_t)SCMP_FLTATR_CTL_SSB; +const uint32_t C_ATTRIBUTE_OPTIMIZE = (uint32_t)SCMP_FLTATR_CTL_OPTIMIZE; +const uint32_t C_ATTRIBUTE_SYSRAWRC = (uint32_t)SCMP_FLTATR_API_SYSRAWRC; const int C_CMP_NE = (int)SCMP_CMP_NE; const int C_CMP_LT = (int)SCMP_CMP_LT; @@ -173,8 +182,7 @@ unsigned int get_micro_version() #endif // The libseccomp API level functions were added in v2.4.0 -#if (SCMP_VER_MAJOR < 2) || \ - (SCMP_VER_MAJOR == 2 && SCMP_VER_MINOR < 4) +#if SCMP_VER_MAJOR == 2 && SCMP_VER_MINOR < 4 const unsigned int seccomp_api_get(void) { // libseccomp-golang requires libseccomp v2.2.0, at a minimum, which @@ -217,8 +225,7 @@ void add_struct_arg_cmp( } // The seccomp notify API functions were added in v2.5.0 -#if (SCMP_VER_MAJOR < 2) || \ - (SCMP_VER_MAJOR == 2 && SCMP_VER_MINOR < 5) +#if SCMP_VER_MAJOR == 2 && SCMP_VER_MINOR < 5 struct seccomp_data { int nr; @@ -270,11 +277,13 @@ type scmpFilterAttr uint32 const ( filterAttrActDefault scmpFilterAttr = iota - filterAttrActBadArch scmpFilterAttr = iota - filterAttrNNP scmpFilterAttr = iota - filterAttrTsync scmpFilterAttr = iota - filterAttrLog scmpFilterAttr = iota - filterAttrSSB scmpFilterAttr = iota + filterAttrActBadArch + filterAttrNNP + filterAttrTsync + filterAttrLog + filterAttrSSB + filterAttrOptimize + filterAttrRawRC ) const ( @@ -282,9 +291,9 @@ const ( scmpError C.int = -1 // Comparison boundaries to check for architecture validity archStart ScmpArch = ArchNative - archEnd ScmpArch = ArchPARISC64 + archEnd ScmpArch = ArchRISCV64 // Comparison boundaries to check for action validity - actionStart ScmpAction = ActKill + actionStart ScmpAction = ActKillThread actionEnd ScmpAction = ActKillProcess // Comparison boundaries to check for comparison operator validity compareOpStart ScmpCompareOp = CompareNotEqual @@ -292,8 +301,9 @@ const ( ) var ( - // Error thrown on bad filter context - errBadFilter = fmt.Errorf("filter is invalid or uninitialized") + // errBadFilter is thrown on bad filter context. + errBadFilter = errors.New("filter is invalid or uninitialized") + errDefAction = errors.New("requested action matches default action of filter") // Constants representing library major, minor, and micro versions verMajor = uint(C.get_major_version()) verMinor = uint(C.get_minor_version()) @@ -302,19 +312,28 @@ var ( // Nonexported functions -// Check if library version is greater than or equal to the given one -func checkVersionAbove(major, minor, micro uint) bool { - return (verMajor > major) || +// checkVersion returns an error if the libseccomp version being used +// is less than the one specified by major, minor, and micro arguments. +// Argument op is an arbitrary non-empty operation description, which +// is used as a part of the error message returned. +// +// Most users should use checkAPI instead. +func checkVersion(op string, major, minor, micro uint) error { + if (verMajor > major) || (verMajor == major && verMinor > minor) || - (verMajor == major && verMinor == minor && verMicro >= micro) + (verMajor == major && verMinor == minor && verMicro >= micro) { + return nil + } + return &VersionError{ + op: op, + major: major, + minor: minor, + micro: micro, + } } -// Ensure that the library is supported, i.e. >= 2.2.0. func ensureSupportedVersion() error { - if !checkVersionAbove(2, 2, 0) { - return VersionError{} - } - return nil + return checkVersion("seccomp", 2, 3, 1) } // Get the API level @@ -406,8 +425,10 @@ func (f *ScmpFilter) addRuleWrapper(call ScmpSyscall, action ScmpAction, exact b switch e := errRc(retCode); e { case syscall.EFAULT: return fmt.Errorf("unrecognized syscall %#x", int32(call)) - case syscall.EPERM: - return fmt.Errorf("requested action matches default action of filter") + // libseccomp >= v2.5.0 returns EACCES, older versions return EPERM. + // TODO: remove EPERM once libseccomp < v2.5.0 is not supported. + case syscall.EPERM, syscall.EACCES: + return errDefAction case syscall.EINVAL: return fmt.Errorf("two checks on same syscall argument") default: @@ -432,14 +453,6 @@ func (f *ScmpFilter) addRuleGeneric(call ScmpSyscall, action ScmpAction, exact b return err } } else { - // We don't support conditional filtering in library version v2.1 - if !checkVersionAbove(2, 2, 1) { - return VersionError{ - message: "conditional filtering is not supported", - minimum: "2.2.1", - } - } - argsArr := C.make_arg_cmp_array(C.uint(len(conds))) if argsArr == nil { return fmt.Errorf("error allocating memory for conditions") @@ -536,6 +549,8 @@ func archFromNative(a C.uint32_t) (ScmpArch, error) { return ArchPARISC, nil case C.C_ARCH_PARISC64: return ArchPARISC64, nil + case C.C_ARCH_RISCV64: + return ArchRISCV64, nil default: return 0x0, fmt.Errorf("unrecognized architecture %#x", uint32(a)) } @@ -580,6 +595,8 @@ func (a ScmpArch) toNative() C.uint32_t { return C.C_ARCH_PARISC case ArchPARISC64: return C.C_ARCH_PARISC64 + case ArchRISCV64: + return C.C_ARCH_RISCV64 case ArchNative: return C.C_ARCH_NATIVE default: @@ -612,8 +629,6 @@ func (a ScmpCompareOp) toNative() C.int { func actionFromNative(a C.uint32_t) (ScmpAction, error) { aTmp := a & 0xFFFF switch a & 0xFFFF0000 { - case C.C_ACT_KILL: - return ActKill, nil case C.C_ACT_KILL_PROCESS: return ActKillProcess, nil case C.C_ACT_KILL_THREAD: @@ -638,8 +653,6 @@ func actionFromNative(a C.uint32_t) (ScmpAction, error) { // Only use with sanitized actions, no error handling func (a ScmpAction) toNative() C.uint32_t { switch a & 0xFFFF { - case ActKill: - return C.C_ACT_KILL case ActKillProcess: return C.C_ACT_KILL_PROCESS case ActKillThread: @@ -676,15 +689,15 @@ func (a scmpFilterAttr) toNative() uint32 { return uint32(C.C_ATTRIBUTE_LOG) case filterAttrSSB: return uint32(C.C_ATTRIBUTE_SSB) + case filterAttrOptimize: + return uint32(C.C_ATTRIBUTE_OPTIMIZE) + case filterAttrRawRC: + return uint32(C.C_ATTRIBUTE_SYSRAWRC) default: return 0x0 } } -func (a ScmpSyscall) toNative() C.uint32_t { - return C.uint32_t(a) -} - func syscallFromNative(a C.int) ScmpSyscall { return ScmpSyscall(a) } @@ -724,9 +737,34 @@ func (scmpResp *ScmpNotifResp) toNative(resp *C.struct_seccomp_notif_resp) { resp.flags = C.__u32(scmpResp.Flags) } +// checkAPI checks that both the API level and the seccomp version is equal to +// or greater than the specified minLevel and major, minor, micro, +// respectively, and returns an error otherwise. Argument op is an arbitrary +// non-empty operation description, used as a part of the error message +// returned. +func checkAPI(op string, minLevel uint, major, minor, micro uint) error { + // Ignore error from getAPI, as it returns level == 0 in case of error. + level, _ := getAPI() + if level >= minLevel { + return checkVersion(op, major, minor, micro) + } + return &VersionError{ + op: op, + curAPI: level, + minAPI: minLevel, + major: major, + minor: minor, + micro: micro, + } +} + // Userspace Notification API // Calls to C.seccomp_notify* hidden from seccomp.go +func notifSupported() error { + return checkAPI("seccomp notification", 6, 2, 5, 0) +} + func (f *ScmpFilter) getNotifFd() (ScmpFd, error) { f.lock.Lock() defer f.lock.Unlock() @@ -734,11 +772,8 @@ func (f *ScmpFilter) getNotifFd() (ScmpFd, error) { if !f.valid { return -1, errBadFilter } - - // Ignore error, if not supported returns apiLevel == 0 - apiLevel, _ := GetAPI() - if apiLevel < 6 { - return -1, fmt.Errorf("seccomp notification requires API level >= 6; current level = %d", apiLevel) + if err := notifSupported(); err != nil { + return -1, err } fd := C.seccomp_notify_fd(f.filterCtx) @@ -750,10 +785,8 @@ func notifReceive(fd ScmpFd) (*ScmpNotifReq, error) { var req *C.struct_seccomp_notif var resp *C.struct_seccomp_notif_resp - // Ignore error, if not supported returns apiLevel == 0 - apiLevel, _ := GetAPI() - if apiLevel < 6 { - return nil, fmt.Errorf("seccomp notification requires API level >= 6; current level = %d", apiLevel) + if err := notifSupported(); err != nil { + return nil, err } // we only use the request here; the response is unused @@ -789,13 +822,11 @@ func notifRespond(fd ScmpFd, scmpResp *ScmpNotifResp) error { var req *C.struct_seccomp_notif var resp *C.struct_seccomp_notif_resp - // Ignore error, if not supported returns apiLevel == 0 - apiLevel, _ := GetAPI() - if apiLevel < 6 { - return fmt.Errorf("seccomp notification requires API level >= 6; current level = %d", apiLevel) + if err := notifSupported(); err != nil { + return err } - // we only use the reponse here; the request is discarded + // we only use the response here; the request is discarded if retCode := C.seccomp_notify_alloc(&req, &resp); retCode != 0 { return errRc(retCode) } @@ -827,10 +858,8 @@ func notifRespond(fd ScmpFd, scmpResp *ScmpNotifResp) error { } func notifIDValid(fd ScmpFd, id uint64) error { - // Ignore error, if not supported returns apiLevel == 0 - apiLevel, _ := GetAPI() - if apiLevel < 6 { - return fmt.Errorf("seccomp notification requires API level >= 6; current level = %d", apiLevel) + if err := notifSupported(); err != nil { + return err } for { diff --git a/vendor/modules.txt b/vendor/modules.txt index 714a2540101..ea5adb7f0d2 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -48,7 +48,7 @@ github.com/opencontainers/selinux/pkg/pwalkdir # github.com/russross/blackfriday/v2 v2.0.1 ## explicit github.com/russross/blackfriday/v2 -# github.com/seccomp/libseccomp-golang v0.9.2-0.20210429002308-3879420cc921 +# github.com/seccomp/libseccomp-golang v0.9.2-0.20220502022130-f33da4d89646 ## explicit; go 1.14 github.com/seccomp/libseccomp-golang # github.com/shurcooL/sanitized_anchor_name v1.0.0 From 68427f33d07b91603ed99692f5f73ba689e84e3a Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 3 May 2022 17:23:08 -0700 Subject: [PATCH 0023/1176] libct/seccomp/config: add missing KillThread, KillProcess OCI spec added SCMP_ACT_KILL_THREAD and SCMP_ACT_KILL_PROCESS almost two years ago ([1], [2]), but runc support was half-finished [3]. Add these actions, and modify the test case to check them. In addition, "runc features" now lists the new actions. [1] https://github.com/opencontainers/runtime-spec/pull/1044 [2] https://github.com/opencontainers/runtime-spec/pull/1064 [3] https://github.com/opencontainers/runc/pulls/3204 Fixes: 4a4d4f109b6b257a7189e Signed-off-by: Kir Kolyshkin (cherry picked from commit e74fdeb88ad7cfeae7409ce7bc5a7e557b84b22d) --- libcontainer/seccomp/config.go | 16 +++++++++------- libcontainer/specconv/spec_linux_test.go | 21 ++++++++++++++++++--- 2 files changed, 27 insertions(+), 10 deletions(-) diff --git a/libcontainer/seccomp/config.go b/libcontainer/seccomp/config.go index d0c9bb71fb0..98e08e8f0b6 100644 --- a/libcontainer/seccomp/config.go +++ b/libcontainer/seccomp/config.go @@ -29,13 +29,15 @@ func KnownOperators() []string { } var actions = map[string]configs.Action{ - "SCMP_ACT_KILL": configs.Kill, - "SCMP_ACT_ERRNO": configs.Errno, - "SCMP_ACT_TRAP": configs.Trap, - "SCMP_ACT_ALLOW": configs.Allow, - "SCMP_ACT_TRACE": configs.Trace, - "SCMP_ACT_LOG": configs.Log, - "SCMP_ACT_NOTIFY": configs.Notify, + "SCMP_ACT_KILL": configs.Kill, + "SCMP_ACT_ERRNO": configs.Errno, + "SCMP_ACT_TRAP": configs.Trap, + "SCMP_ACT_ALLOW": configs.Allow, + "SCMP_ACT_TRACE": configs.Trace, + "SCMP_ACT_LOG": configs.Log, + "SCMP_ACT_NOTIFY": configs.Notify, + "SCMP_ACT_KILL_THREAD": configs.KillThread, + "SCMP_ACT_KILL_PROCESS": configs.KillProcess, } // KnownActions returns the list of the known actions. diff --git a/libcontainer/specconv/spec_linux_test.go b/libcontainer/specconv/spec_linux_test.go index d5a22d89012..d84853bc75c 100644 --- a/libcontainer/specconv/spec_linux_test.go +++ b/libcontainer/specconv/spec_linux_test.go @@ -234,6 +234,14 @@ func TestSetupSeccomp(t *testing.T) { Names: []string{"mknod"}, Action: "SCMP_ACT_NOTIFY", }, + { + Names: []string{"rmdir"}, + Action: "SCMP_ACT_KILL_THREAD", + }, + { + Names: []string{"mkdir"}, + Action: "SCMP_ACT_KILL_PROCESS", + }, }, } seccomp, err := SetupSeccomp(conf) @@ -263,9 +271,8 @@ func TestSetupSeccomp(t *testing.T) { calls := seccomp.Syscalls - callsLength := len(calls) - if callsLength != 8 { - t.Errorf("Expected 8 syscalls, got :%d", callsLength) + if len(calls) != len(conf.Syscalls) { + t.Error("Mismatched number of syscalls") } for _, call := range calls { @@ -317,6 +324,14 @@ func TestSetupSeccomp(t *testing.T) { if call.Action != configs.Notify { t.Errorf("Wrong conversion for the %s syscall action", call.Name) } + case "rmdir": + if call.Action != configs.KillThread { + t.Errorf("Wrong conversion for the %s syscall action", call.Name) + } + case "mkdir": + if call.Action != configs.KillProcess { + t.Errorf("Wrong conversion for the %s syscall action", call.Name) + } default: t.Errorf("Unexpected syscall %s found", call.Name) } From 2ce40b6ad72b4bd4391380cafc5ef1bad1fa0b31 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 4 May 2022 14:56:16 -0700 Subject: [PATCH 0024/1176] Remove tun/tap from the default device rules Looking through git blame, this was added by commit 9fac18329 aka "Initial commit of runc binary", most probably by mistake. Obviously, a container should not have access to tun/tap device, unless it is explicitly specified in configuration. Now, removing this might create a compatibility issue, but I see no other choice. Aside from the obvious misconfiguration, this should also fix the annoying > Apr 26 03:46:56 foo.bar systemd[1]: Couldn't stat device /dev/char/10:200: No such file or directory messages from systemd on every container start, when runc uses systemd cgroup driver, and the system runs an old (< v240) version of systemd (the message was presumably eliminated by [1]). [1] https://github.com/systemd/systemd/pull/10996/commits/d5aecba6e0b7c73657c4cf544ce57289115098e7 Signed-off-by: Kir Kolyshkin --- .../ebpf/devicefilter/devicefilter_test.go | 19 ++++++------------- libcontainer/specconv/spec_linux.go | 10 ---------- 2 files changed, 6 insertions(+), 23 deletions(-) diff --git a/libcontainer/cgroups/ebpf/devicefilter/devicefilter_test.go b/libcontainer/cgroups/ebpf/devicefilter/devicefilter_test.go index d279335821d..25703be5ad7 100644 --- a/libcontainer/cgroups/ebpf/devicefilter/devicefilter_test.go +++ b/libcontainer/cgroups/ebpf/devicefilter/devicefilter_test.go @@ -120,21 +120,14 @@ block-8: 51: Mov32Imm dst: r0 imm: 1 52: Exit block-9: -// tuntap (c, 10, 200, rwm, allow) +// /dev/pts (c, 136, wildcard, rwm, true) 53: JNEImm dst: r2 off: -1 imm: 2 - 54: JNEImm dst: r4 off: -1 imm: 10 - 55: JNEImm dst: r5 off: -1 imm: 200 - 56: Mov32Imm dst: r0 imm: 1 - 57: Exit + 54: JNEImm dst: r4 off: -1 imm: 136 + 55: Mov32Imm dst: r0 imm: 1 + 56: Exit block-10: -// /dev/pts (c, 136, wildcard, rwm, true) - 58: JNEImm dst: r2 off: -1 imm: 2 - 59: JNEImm dst: r4 off: -1 imm: 136 - 60: Mov32Imm dst: r0 imm: 1 - 61: Exit -block-11: - 62: Mov32Imm dst: r0 imm: 0 - 63: Exit + 57: Mov32Imm dst: r0 imm: 0 + 58: Exit ` var devices []*devices.Rule for _, device := range specconv.AllowedDevices { diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go index 5ae95c6c18b..83c7a2c348c 100644 --- a/libcontainer/specconv/spec_linux.go +++ b/libcontainer/specconv/spec_linux.go @@ -302,16 +302,6 @@ var AllowedDevices = []*devices.Device{ Allow: true, }, }, - // tuntap - { - Rule: devices.Rule{ - Type: devices.CharDevice, - Major: 10, - Minor: 200, - Permissions: "rwm", - Allow: true, - }, - }, } type CreateOpts struct { From 4d3e52f207fce34119a51c79247fb6bf455754a7 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 6 May 2022 13:45:31 -0700 Subject: [PATCH 0025/1176] tests/int: fix a bad typo As a result, cgroup v1 only tests are being skipped. Fixes: a2123baf63fd Signed-off-by: Kir Kolyshkin --- tests/integration/helpers.bash | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/integration/helpers.bash b/tests/integration/helpers.bash index 0198cc98c1b..19a50f5232f 100644 --- a/tests/integration/helpers.bash +++ b/tests/integration/helpers.bash @@ -405,7 +405,7 @@ function requires() { ;; cgroups_v1) init_cgroup_paths - if [ ! -v GROUP_V1 ]; then + if [ ! -v CGROUP_V1 ]; then skip_me=1 fi ;; From 009e627cb02beeda55275dc4cdebc3e1bcf1eb7a Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 11 May 2022 15:03:32 -0700 Subject: [PATCH 0026/1176] Vagrantfile.fedora: fix build wrt new git With the updated git in Fedora 35, we can't build it via sudo: ssh default 'sudo -i make -C /vagrant localunittest' make: Entering directory '/vagrant' fatal: unsafe repository ('/vagrant' is owned by someone else) To add an exception for this directory, call: git config --global --add safe.directory /vagrant go build -trimpath "-buildmode=pie" -tags "seccomp" -ldflags "-X main.gitCommit= -X main.version=1.1.0+dev " -o runc . error obtaining VCS status: exit status 128 Use -buildvcs=false to disable VCS stamping. make: Leaving directory '/vagrant' This commit should fix this. Signed-off-by: Kir Kolyshkin --- Vagrantfile.fedora | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Vagrantfile.fedora b/Vagrantfile.fedora index bbc71f4068f..511e9692e27 100644 --- a/Vagrantfile.fedora +++ b/Vagrantfile.fedora @@ -29,6 +29,9 @@ EOF done dnf clean all + # Prevent the "fatal: unsafe repository" git complain during build. + git config --global --add safe.directory /vagrant + # Install golang. # FIXME go back to golang-go rpm once switched to Fedora 36. curl -fsSL https://go.dev/dl/go1.18.linux-amd64.tar.gz | tar Cxz /usr/local From 98fe566c527479195ce3c8167136d2a555fe6b65 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 1 Mar 2022 12:04:43 -0800 Subject: [PATCH 0027/1176] runc: do not set inheritable capabilities Do not set inheritable capabilities in runc spec, runc exec --cap, and in libcontainer integration tests. Signed-off-by: Kir Kolyshkin --- exec.go | 1 - libcontainer/README.md | 16 ---------------- libcontainer/integration/exec_test.go | 2 -- libcontainer/integration/template_test.go | 16 ---------------- libcontainer/specconv/example.go | 5 ----- 5 files changed, 40 deletions(-) diff --git a/exec.go b/exec.go index cdc9859ca7f..982520f72b8 100644 --- a/exec.go +++ b/exec.go @@ -227,7 +227,6 @@ func getProcess(context *cli.Context, bundle string) (*specs.Process, error) { if caps := context.StringSlice("cap"); len(caps) > 0 { for _, c := range caps { p.Capabilities.Bounding = append(p.Capabilities.Bounding, c) - p.Capabilities.Inheritable = append(p.Capabilities.Inheritable, c) p.Capabilities.Effective = append(p.Capabilities.Effective, c) p.Capabilities.Permitted = append(p.Capabilities.Permitted, c) p.Capabilities.Ambient = append(p.Capabilities.Ambient, c) diff --git a/libcontainer/README.md b/libcontainer/README.md index addd6a95681..20a215dc1bd 100644 --- a/libcontainer/README.md +++ b/libcontainer/README.md @@ -84,22 +84,6 @@ config := &configs.Config{ "CAP_KILL", "CAP_AUDIT_WRITE", }, - Inheritable: []string{ - "CAP_CHOWN", - "CAP_DAC_OVERRIDE", - "CAP_FSETID", - "CAP_FOWNER", - "CAP_MKNOD", - "CAP_NET_RAW", - "CAP_SETGID", - "CAP_SETUID", - "CAP_SETFCAP", - "CAP_SETPCAP", - "CAP_NET_BIND_SERVICE", - "CAP_SYS_CHROOT", - "CAP_KILL", - "CAP_AUDIT_WRITE", - }, Permitted: []string{ "CAP_CHOWN", "CAP_DAC_OVERRIDE", diff --git a/libcontainer/integration/exec_test.go b/libcontainer/integration/exec_test.go index d91201e53ba..cb5c1b70f32 100644 --- a/libcontainer/integration/exec_test.go +++ b/libcontainer/integration/exec_test.go @@ -364,7 +364,6 @@ func TestProcessCaps(t *testing.T) { pconfig.Capabilities.Bounding = append(config.Capabilities.Bounding, "CAP_NET_ADMIN") pconfig.Capabilities.Permitted = append(config.Capabilities.Permitted, "CAP_NET_ADMIN") pconfig.Capabilities.Effective = append(config.Capabilities.Effective, "CAP_NET_ADMIN") - pconfig.Capabilities.Inheritable = append(config.Capabilities.Inheritable, "CAP_NET_ADMIN") err = container.Run(&pconfig) ok(t, err) @@ -1360,7 +1359,6 @@ func TestRootfsPropagationSharedMount(t *testing.T) { pconfig2.Capabilities.Bounding = append(config.Capabilities.Bounding, "CAP_SYS_ADMIN") pconfig2.Capabilities.Permitted = append(config.Capabilities.Permitted, "CAP_SYS_ADMIN") pconfig2.Capabilities.Effective = append(config.Capabilities.Effective, "CAP_SYS_ADMIN") - pconfig2.Capabilities.Inheritable = append(config.Capabilities.Inheritable, "CAP_SYS_ADMIN") err = container.Run(pconfig2) _ = stdinR2.Close() diff --git a/libcontainer/integration/template_test.go b/libcontainer/integration/template_test.go index f56db8956a7..0e054b55b45 100644 --- a/libcontainer/integration/template_test.go +++ b/libcontainer/integration/template_test.go @@ -75,22 +75,6 @@ func newTemplateConfig(t *testing.T, p *tParam) *configs.Config { "CAP_KILL", "CAP_AUDIT_WRITE", }, - Inheritable: []string{ - "CAP_CHOWN", - "CAP_DAC_OVERRIDE", - "CAP_FSETID", - "CAP_FOWNER", - "CAP_MKNOD", - "CAP_NET_RAW", - "CAP_SETGID", - "CAP_SETUID", - "CAP_SETFCAP", - "CAP_SETPCAP", - "CAP_NET_BIND_SERVICE", - "CAP_SYS_CHROOT", - "CAP_KILL", - "CAP_AUDIT_WRITE", - }, Ambient: []string{ "CAP_CHOWN", "CAP_DAC_OVERRIDE", diff --git a/libcontainer/specconv/example.go b/libcontainer/specconv/example.go index 56bab3bfbfa..152d938a50a 100644 --- a/libcontainer/specconv/example.go +++ b/libcontainer/specconv/example.go @@ -41,11 +41,6 @@ func Example() *specs.Spec { "CAP_KILL", "CAP_NET_BIND_SERVICE", }, - Inheritable: []string{ - "CAP_AUDIT_WRITE", - "CAP_KILL", - "CAP_NET_BIND_SERVICE", - }, Ambient: []string{ "CAP_AUDIT_WRITE", "CAP_KILL", From d542ad65ba3c3bb8487ffb074f113a5401993340 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 31 Mar 2022 17:30:35 -0700 Subject: [PATCH 0028/1176] Dockerfile: nit We do not use all the files from scripts, only seccomp.sh and lib.sh. This prevents unneeded rebuild of the image if e.g. scripts/release_build.sh has changed. Signed-off-by: Kir Kolyshkin --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 89369fe71b8..e4c92ceec14 100644 --- a/Dockerfile +++ b/Dockerfile @@ -54,7 +54,7 @@ RUN cd /tmp \ # install libseccomp ARG LIBSECCOMP_VERSION -COPY script/* /tmp/script/ +COPY script/seccomp.sh script/lib.sh /tmp/script/ RUN mkdir -p /opt/libseccomp \ && /tmp/script/seccomp.sh "$LIBSECCOMP_VERSION" /opt/libseccomp arm64 armel armhf ppc64le s390x ENV LIBSECCOMP_VERSION=$LIBSECCOMP_VERSION From 476aa18abe91586daa2822b9e49f6d2fd5c2a198 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 1 Apr 2022 08:17:40 -0700 Subject: [PATCH 0029/1176] Dockerfile: rm dpkg --add-architecture lines Dockerfile used to install libseccomp-dev packages for different architectures. This is no longer true since commit f30244ee1b222, which changed to cross-compiling libseccomp (so we can get a static library to link against). Thus, adding extra architectures is no longer needed. Signed-off-by: Kir Kolyshkin --- Dockerfile | 4 ---- 1 file changed, 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index e4c92ceec14..d66315c2f55 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,10 +9,6 @@ ARG CRIU_REPO=https://download.opensuse.org/repositories/devel:/tools:/criu/Debi RUN KEYFILE=/usr/share/keyrings/criu-repo-keyring.gpg; \ wget -nv $CRIU_REPO/Release.key -O- | gpg --dearmor > "$KEYFILE" \ && echo "deb [signed-by=$KEYFILE] $CRIU_REPO/ /" > /etc/apt/sources.list.d/criu.list \ - && dpkg --add-architecture armel \ - && dpkg --add-architecture armhf \ - && dpkg --add-architecture arm64 \ - && dpkg --add-architecture ppc64el \ && apt-get update \ && apt-get install -y --no-install-recommends \ build-essential \ From f0f1b5f9693b08e7c379db6214f29a74e204ff34 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 1 Apr 2022 14:24:57 -0700 Subject: [PATCH 0030/1176] Dockerfile: don't use crossbuild-essential-* All we need is gcc, libc-dev, and binutils. In addition to that, crossbuild-essential installs g++, libstdc++-dev, and a bunch of perl packages and libraries which we do not need. This should speed up image building, as well as make it smaller. Signed-off-by: Kir Kolyshkin --- Dockerfile | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index d66315c2f55..1b429157825 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,11 +13,11 @@ RUN KEYFILE=/usr/share/keyrings/criu-repo-keyring.gpg; \ && apt-get install -y --no-install-recommends \ build-essential \ criu \ - crossbuild-essential-arm64 \ - crossbuild-essential-armel \ - crossbuild-essential-armhf \ - crossbuild-essential-ppc64el \ - crossbuild-essential-s390x \ + gcc-aarch64-linux-gnu libc-dev-arm64-cross \ + gcc-arm-linux-gnueabi libc-dev-armel-cross \ + gcc-arm-linux-gnueabihf libc-dev-armhf-cross \ + gcc-powerpc64le-linux-gnu libc-dev-ppc64el-cross \ + gcc-s390x-linux-gnu libc-dev-s390x-cross \ curl \ gawk \ gcc \ From f2f6e59937486ee61b1ce6ac35caff37e76db177 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 31 Mar 2022 15:56:14 -0700 Subject: [PATCH 0031/1176] Makefile: add LDFLAGS_COMMON and LDFLAGS_STATIC LDFLAGS_COMMON are used from two places, so it makes sense to dedup. LDFLAGS_STATIC is a preparation for the next commit. Signed-off-by: Kir Kolyshkin --- Makefile | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index dcceb0b1693..58e740cc370 100644 --- a/Makefile +++ b/Makefile @@ -10,8 +10,10 @@ GIT_BRANCH_CLEAN := $(shell echo $(GIT_BRANCH) | sed -e "s/[^[:alnum:]]/-/g") RUNC_IMAGE := runc_dev$(if $(GIT_BRANCH_CLEAN),:$(GIT_BRANCH_CLEAN)) PROJECT := github.com/opencontainers/runc BUILDTAGS ?= seccomp + COMMIT ?= $(shell git describe --dirty --long --always) VERSION := $(shell cat ./VERSION) +LDFLAGS_COMMON := -X main.gitCommit=$(COMMIT) -X main.version=$(VERSION) ifeq ($(shell $(GO) env GOOS),linux) ifeq (,$(filter $(shell $(GO) env GOARCH),mips mipsle mips64 mips64le ppc64)) @@ -21,9 +23,11 @@ ifeq ($(shell $(GO) env GOOS),linux) endif endif GO_BUILD := $(GO) build -trimpath $(GO_BUILDMODE) $(EXTRA_FLAGS) -tags "$(BUILDTAGS)" \ - -ldflags "-X main.gitCommit=$(COMMIT) -X main.version=$(VERSION) $(EXTRA_LDFLAGS)" + -ldflags "$(LDFLAGS_COMMON) $(EXTRA_LDFLAGS)" + +LDFLAGS_STATIC := -extldflags -static GO_BUILD_STATIC := CGO_ENABLED=1 $(GO) build -trimpath $(EXTRA_FLAGS) -tags "$(BUILDTAGS) netgo osusergo" \ - -ldflags "-extldflags -static -X main.gitCommit=$(COMMIT) -X main.version=$(VERSION) $(EXTRA_LDFLAGS)" + -ldflags "$(LDFLAGS_COMMON) $(LDFLAGS_STATIC) $(EXTRA_LDFLAGS)" GPG_KEYID ?= asarai@suse.de From ab5c60d02fcd9a4b7e870bcd631c3673e5b7dd2a Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 31 Mar 2022 17:51:11 -0700 Subject: [PATCH 0032/1176] Makefile: fix GO_BUILDMODE setting 1. Set to empty value by default. 2. Assume Linux (remove GOOS check, since we do not support other OSes). 3. Instead of using a "not-supported" list, use a "supported" list (as Go release notes usually say which platforms are supported). As of today, -buildmode=pie is supported for: * linux/386, linux/amd64, linux/arm, linux/arm64, and linux/ppc64le (since Go 1.6, see https://tip.golang.org/doc/go1.6#compiler) * linux/s390x (since Go 1.7, which adds the initial port) * linux/riscv64 (since Go 1.16, see https://tip.golang.org/doc/go1.16#riscv) NOTE this does not mean we support these architectures; it is merely a way to see if -buildmode=pie can be used. Signed-off-by: Kir Kolyshkin --- Makefile | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/Makefile b/Makefile index 58e740cc370..697aacceea3 100644 --- a/Makefile +++ b/Makefile @@ -15,11 +15,11 @@ COMMIT ?= $(shell git describe --dirty --long --always) VERSION := $(shell cat ./VERSION) LDFLAGS_COMMON := -X main.gitCommit=$(COMMIT) -X main.version=$(VERSION) -ifeq ($(shell $(GO) env GOOS),linux) - ifeq (,$(filter $(shell $(GO) env GOARCH),mips mipsle mips64 mips64le ppc64)) - ifeq (,$(findstring -race,$(EXTRA_FLAGS))) - GO_BUILDMODE := "-buildmode=pie" - endif +GO_BUILDMODE := +# Enable dynamic PIE executables on supported platforms. +ifneq (,$(filter $(shell $(GO) env GOARCH),386 amd64 arm arm64 ppc64le riscv64 s390x)) + ifeq (,$(findstring -race,$(EXTRA_FLAGS))) + GO_BUILDMODE := "-buildmode=pie" endif endif GO_BUILD := $(GO) build -trimpath $(GO_BUILDMODE) $(EXTRA_FLAGS) -tags "$(BUILDTAGS)" \ From 21e32d47d38ffe35972f845146c576461f6fb5a0 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 31 Mar 2022 18:27:40 -0700 Subject: [PATCH 0033/1176] Makefile: add support for static PIE Signed-off-by: Kir Kolyshkin --- Makefile | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index 697aacceea3..a882a3aa1fd 100644 --- a/Makefile +++ b/Makefile @@ -15,18 +15,33 @@ COMMIT ?= $(shell git describe --dirty --long --always) VERSION := $(shell cat ./VERSION) LDFLAGS_COMMON := -X main.gitCommit=$(COMMIT) -X main.version=$(VERSION) +GOARCH := $(shell $(GO) env GOARCH) + GO_BUILDMODE := # Enable dynamic PIE executables on supported platforms. -ifneq (,$(filter $(shell $(GO) env GOARCH),386 amd64 arm arm64 ppc64le riscv64 s390x)) +ifneq (,$(filter $(GOARCH),386 amd64 arm arm64 ppc64le riscv64 s390x)) ifeq (,$(findstring -race,$(EXTRA_FLAGS))) GO_BUILDMODE := "-buildmode=pie" endif endif -GO_BUILD := $(GO) build -trimpath $(GO_BUILDMODE) $(EXTRA_FLAGS) -tags "$(BUILDTAGS)" \ +GO_BUILD := $(GO) build -trimpath $(GO_BUILDMODE) \ + $(EXTRA_FLAGS) -tags "$(BUILDTAGS)" \ -ldflags "$(LDFLAGS_COMMON) $(EXTRA_LDFLAGS)" +GO_BUILDMODE_STATIC := LDFLAGS_STATIC := -extldflags -static -GO_BUILD_STATIC := CGO_ENABLED=1 $(GO) build -trimpath $(EXTRA_FLAGS) -tags "$(BUILDTAGS) netgo osusergo" \ +# Enable static PIE executables on supported platforms. +# This (among the other things) requires libc support (rcrt1.o), which seems +# to be available only for arm64 and amd64 (Debian Bullseye). +ifneq (,$(filter $(GOARCH),arm64 amd64)) + ifeq (,$(findstring -race,$(EXTRA_FLAGS))) + GO_BUILDMODE_STATIC := -buildmode=pie + LDFLAGS_STATIC := -linkmode external -extldflags --static-pie + endif +endif +# Enable static PIE binaries on supported platforms. +GO_BUILD_STATIC := CGO_ENABLED=1 $(GO) build -trimpath $(GO_BUILDMODE_STATIC) \ + $(EXTRA_FLAGS) -tags "$(BUILDTAGS) netgo osusergo" \ -ldflags "$(LDFLAGS_COMMON) $(LDFLAGS_STATIC) $(EXTRA_LDFLAGS)" GPG_KEYID ?= asarai@suse.de From dafcacb5225a0668c06fbd0a6e002da1ef2f7d69 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 31 Mar 2022 18:32:36 -0700 Subject: [PATCH 0034/1176] Makefile: set CGO_ENABLED=1 when needed It doesn't matter whether static or dynamic linking is used, runc always needs libcontainer/nsenter, which is written in C and thus requires cgo. Same is true for libcontainer/integration. In addition, contrib/pkg/seccompagent also needs cgo (if seccomp build tag is set), as it need to be linked against libseccomp C library. By default, cgo is disabled when cross-compiling, meaning that CGO_ENABLED=1 has to be set explicitly in such cases. In all other cases (e.g. other contrib binaries) we do not need cgo. Remove CGO_ENABLED=1 from GO_BUILD_STATIC (as it does not have anything to do with static linking), and add it to all targets that require it. Signed-off-by: Kir Kolyshkin --- .github/workflows/test.yml | 3 +-- Makefile | 11 ++++++++++- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 8ba81bb01b5..5aae7b7bc04 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -126,5 +126,4 @@ jobs: go-version: 1.x # Latest stable - name: unit test - # cgo is disabled by default when cross-compiling - run: sudo -E PATH="$PATH" -- make GOARCH=386 CGO_ENABLED=1 localunittest + run: sudo -E PATH="$PATH" -- make GOARCH=386 localunittest diff --git a/Makefile b/Makefile index a882a3aa1fd..9c49e5d8f85 100644 --- a/Makefile +++ b/Makefile @@ -40,12 +40,21 @@ ifneq (,$(filter $(GOARCH),arm64 amd64)) endif endif # Enable static PIE binaries on supported platforms. -GO_BUILD_STATIC := CGO_ENABLED=1 $(GO) build -trimpath $(GO_BUILDMODE_STATIC) \ +GO_BUILD_STATIC := $(GO) build -trimpath $(GO_BUILDMODE_STATIC) \ $(EXTRA_FLAGS) -tags "$(BUILDTAGS) netgo osusergo" \ -ldflags "$(LDFLAGS_COMMON) $(LDFLAGS_STATIC) $(EXTRA_LDFLAGS)" GPG_KEYID ?= asarai@suse.de +# Some targets need cgo, which is disabled by default when cross compiling. +# Enable cgo explicitly for those. +# Both runc and libcontainer/integration need libcontainer/nsenter. +runc static localunittest: export CGO_ENABLED=1 +# seccompagent needs libseccomp (when seccomp build tag is set). +ifneq (,$(filter $(BUILDTAGS),seccomp)) +seccompagent: export CGO_ENABLED=1 +endif + .DEFAULT: runc runc: From 1d7b297128d0d8914290b458333984625c4d1180 Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Thu, 28 Apr 2022 16:49:46 +0900 Subject: [PATCH 0035/1176] libct/seccomp: add riscv64 Co-authored-by: Kir Kolyshkin Signed-off-by: Akihiro Suda Signed-off-by: Kir Kolyshkin --- libcontainer/seccomp/config.go | 1 + libcontainer/seccomp/patchbpf/enosys_linux.go | 10 ++++++++++ 2 files changed, 11 insertions(+) diff --git a/libcontainer/seccomp/config.go b/libcontainer/seccomp/config.go index 98e08e8f0b6..2b15576ac90 100644 --- a/libcontainer/seccomp/config.go +++ b/libcontainer/seccomp/config.go @@ -66,6 +66,7 @@ var archs = map[string]string{ "SCMP_ARCH_PPC": "ppc", "SCMP_ARCH_PPC64": "ppc64", "SCMP_ARCH_PPC64LE": "ppc64le", + "SCMP_ARCH_RISCV64": "riscv64", "SCMP_ARCH_S390": "s390", "SCMP_ARCH_S390X": "s390x", } diff --git a/libcontainer/seccomp/patchbpf/enosys_linux.go b/libcontainer/seccomp/patchbpf/enosys_linux.go index dfb8a0a8e59..095fba7fd91 100644 --- a/libcontainer/seccomp/patchbpf/enosys_linux.go +++ b/libcontainer/seccomp/patchbpf/enosys_linux.go @@ -48,6 +48,13 @@ const uintptr_t C_FILTER_FLAG_LOG = SECCOMP_FILTER_FLAG_LOG; #endif const uintptr_t C_FILTER_FLAG_NEW_LISTENER = SECCOMP_FILTER_FLAG_NEW_LISTENER; +#ifndef AUDIT_ARCH_RISCV64 +#ifndef EM_RISCV +#define EM_RISCV 243 +#endif +#define AUDIT_ARCH_RISCV64 (EM_RISCV|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) +#endif + // We use the AUDIT_ARCH_* values because those are the ones used by the kernel // and SCMP_ARCH_* sometimes has fake values (such as SCMP_ARCH_X32). But we // use so we get libseccomp's fallback definitions of AUDIT_ARCH_*. @@ -67,6 +74,7 @@ const uint32_t C_AUDIT_ARCH_PPC64 = AUDIT_ARCH_PPC64; const uint32_t C_AUDIT_ARCH_PPC64LE = AUDIT_ARCH_PPC64LE; const uint32_t C_AUDIT_ARCH_S390 = AUDIT_ARCH_S390; const uint32_t C_AUDIT_ARCH_S390X = AUDIT_ARCH_S390X; +const uint32_t C_AUDIT_ARCH_RISCV64 = AUDIT_ARCH_RISCV64; */ import "C" @@ -197,6 +205,8 @@ func archToNative(arch libseccomp.ScmpArch) (nativeArch, error) { return nativeArch(C.C_AUDIT_ARCH_S390), nil case libseccomp.ArchS390X: return nativeArch(C.C_AUDIT_ARCH_S390X), nil + case libseccomp.ArchRISCV64: + return nativeArch(C.C_AUDIT_ARCH_RISCV64), nil default: return invalidArch, fmt.Errorf("unknown architecture: %v", arch) } From a14cc4059dfaec80537964bfad577fd5e102c947 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 1 Apr 2022 14:28:38 -0700 Subject: [PATCH 0036/1176] release: add riscv64 binary Signed-off-by: Kir Kolyshkin --- Dockerfile | 3 ++- Makefile | 2 +- script/lib.sh | 3 +++ 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 1b429157825..bd2615438f2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -18,6 +18,7 @@ RUN KEYFILE=/usr/share/keyrings/criu-repo-keyring.gpg; \ gcc-arm-linux-gnueabihf libc-dev-armhf-cross \ gcc-powerpc64le-linux-gnu libc-dev-ppc64el-cross \ gcc-s390x-linux-gnu libc-dev-s390x-cross \ + gcc-riscv64-linux-gnu libc-dev-riscv64-cross \ curl \ gawk \ gcc \ @@ -52,7 +53,7 @@ RUN cd /tmp \ ARG LIBSECCOMP_VERSION COPY script/seccomp.sh script/lib.sh /tmp/script/ RUN mkdir -p /opt/libseccomp \ - && /tmp/script/seccomp.sh "$LIBSECCOMP_VERSION" /opt/libseccomp arm64 armel armhf ppc64le s390x + && /tmp/script/seccomp.sh "$LIBSECCOMP_VERSION" /opt/libseccomp arm64 armel armhf ppc64le riscv64 s390x ENV LIBSECCOMP_VERSION=$LIBSECCOMP_VERSION ENV LD_LIBRARY_PATH=/opt/libseccomp/lib ENV PKG_CONFIG_PATH=/opt/libseccomp/lib/pkgconfig diff --git a/Makefile b/Makefile index 9c49e5d8f85..8473877d129 100644 --- a/Makefile +++ b/Makefile @@ -68,7 +68,7 @@ recvtty sd-helper seccompagent: static: $(GO_BUILD_STATIC) -o runc . -releaseall: RELEASE_ARGS := "-a arm64 -a armel -a armhf -a ppc64le -a s390x" +releaseall: RELEASE_ARGS := "-a arm64 -a armel -a armhf -a ppc64le -a riscv64 -a s390x" releaseall: release release: runcimage diff --git a/script/lib.sh b/script/lib.sh index 9afa0b4cba1..9fee8e29f38 100644 --- a/script/lib.sh +++ b/script/lib.sh @@ -23,6 +23,9 @@ function set_cross_vars() { ppc64le) HOST=powerpc64le-linux-gnu ;; + riscv64) + HOST=riscv64-linux-gnu + ;; s390x) HOST=s390x-linux-gnu ;; From cab388857521b0564bd29c51c2283e82e8a7419b Mon Sep 17 00:00:00 2001 From: wineway Date: Thu, 7 Apr 2022 04:46:28 +0000 Subject: [PATCH 0037/1176] go.mod: golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5 to include https://go-review.googlesource.com/c/sys/+/387194 which ensured unix::Getwd returned path is absolute Signed-off-by: wineway --- go.mod | 2 +- go.sum | 4 +- vendor/golang.org/x/sys/unix/ioctl_linux.go | 23 + vendor/golang.org/x/sys/unix/mkerrors.sh | 6 + vendor/golang.org/x/sys/unix/syscall_aix.go | 6 +- .../golang.org/x/sys/unix/syscall_darwin.go | 6 +- .../x/sys/unix/syscall_dragonfly.go | 10 +- .../golang.org/x/sys/unix/syscall_freebsd.go | 6 +- vendor/golang.org/x/sys/unix/syscall_linux.go | 62 +- .../x/sys/unix/syscall_linux_386.go | 8 - .../x/sys/unix/syscall_linux_alarm.go | 14 + .../x/sys/unix/syscall_linux_amd64.go | 1 - .../x/sys/unix/syscall_linux_arm.go | 1 - .../x/sys/unix/syscall_linux_arm64.go | 1 - .../x/sys/unix/syscall_linux_mips64x.go | 1 - .../x/sys/unix/syscall_linux_mipsx.go | 1 - .../x/sys/unix/syscall_linux_ppc.go | 1 - .../x/sys/unix/syscall_linux_ppc64x.go | 1 - .../x/sys/unix/syscall_linux_riscv64.go | 1 - .../x/sys/unix/syscall_linux_s390x.go | 9 - .../x/sys/unix/syscall_linux_sparc64.go | 1 - .../golang.org/x/sys/unix/syscall_netbsd.go | 14 +- .../golang.org/x/sys/unix/syscall_openbsd.go | 6 +- .../golang.org/x/sys/unix/syscall_solaris.go | 12 +- .../x/sys/unix/syscall_zos_s390x.go | 6 +- vendor/golang.org/x/sys/unix/zerrors_linux.go | 53 +- .../x/sys/unix/zerrors_linux_386.go | 3 + .../x/sys/unix/zerrors_linux_amd64.go | 3 + .../x/sys/unix/zerrors_linux_arm.go | 3 + .../x/sys/unix/zerrors_linux_arm64.go | 3 + .../x/sys/unix/zerrors_linux_mips.go | 3 + .../x/sys/unix/zerrors_linux_mips64.go | 3 + .../x/sys/unix/zerrors_linux_mips64le.go | 3 + .../x/sys/unix/zerrors_linux_mipsle.go | 3 + .../x/sys/unix/zerrors_linux_ppc.go | 3 + .../x/sys/unix/zerrors_linux_ppc64.go | 3 + .../x/sys/unix/zerrors_linux_ppc64le.go | 3 + .../x/sys/unix/zerrors_linux_riscv64.go | 3 + .../x/sys/unix/zerrors_linux_s390x.go | 3 + .../x/sys/unix/zerrors_linux_sparc64.go | 3 + .../golang.org/x/sys/unix/zsyscall_linux.go | 20 + .../x/sys/unix/zsyscall_linux_386.go | 13 +- .../x/sys/unix/zsyscall_linux_amd64.go | 24 +- .../x/sys/unix/zsyscall_linux_arm.go | 11 - .../x/sys/unix/zsyscall_linux_arm64.go | 11 - .../x/sys/unix/zsyscall_linux_mips.go | 24 +- .../x/sys/unix/zsyscall_linux_mips64.go | 24 +- .../x/sys/unix/zsyscall_linux_mips64le.go | 11 - .../x/sys/unix/zsyscall_linux_mipsle.go | 24 +- .../x/sys/unix/zsyscall_linux_ppc.go | 24 +- .../x/sys/unix/zsyscall_linux_ppc64.go | 24 +- .../x/sys/unix/zsyscall_linux_ppc64le.go | 24 +- .../x/sys/unix/zsyscall_linux_riscv64.go | 11 - .../x/sys/unix/zsyscall_linux_s390x.go | 13 +- .../x/sys/unix/zsyscall_linux_sparc64.go | 24 +- .../x/sys/unix/zsyscall_netbsd_386.go | 12 - .../x/sys/unix/zsyscall_netbsd_amd64.go | 12 - .../x/sys/unix/zsyscall_netbsd_arm.go | 12 - .../x/sys/unix/zsyscall_netbsd_arm64.go | 12 - .../x/sys/unix/zsysnum_linux_386.go | 1 + .../x/sys/unix/zsysnum_linux_amd64.go | 1 + .../x/sys/unix/zsysnum_linux_arm.go | 1 + .../x/sys/unix/zsysnum_linux_arm64.go | 1 + .../x/sys/unix/zsysnum_linux_mips.go | 1 + .../x/sys/unix/zsysnum_linux_mips64.go | 1 + .../x/sys/unix/zsysnum_linux_mips64le.go | 1 + .../x/sys/unix/zsysnum_linux_mipsle.go | 1 + .../x/sys/unix/zsysnum_linux_ppc.go | 1 + .../x/sys/unix/zsysnum_linux_ppc64.go | 1 + .../x/sys/unix/zsysnum_linux_ppc64le.go | 1 + .../x/sys/unix/zsysnum_linux_riscv64.go | 1 + .../x/sys/unix/zsysnum_linux_s390x.go | 1 + .../x/sys/unix/zsysnum_linux_sparc64.go | 1 + vendor/golang.org/x/sys/unix/ztypes_linux.go | 1574 ++++++++++++++++- .../x/sys/unix/ztypes_linux_s390x.go | 4 +- .../golang.org/x/sys/windows/exec_windows.go | 37 +- vendor/golang.org/x/sys/windows/mksyscall.go | 2 +- .../x/sys/windows/setupapi_windows.go | 1425 +++++++++++++++ .../x/sys/windows/setupapierrors_windows.go | 100 -- .../x/sys/windows/syscall_windows.go | 5 + .../golang.org/x/sys/windows/types_windows.go | 60 +- .../x/sys/windows/zsyscall_windows.go | 327 ++++ vendor/modules.txt | 2 +- 83 files changed, 3790 insertions(+), 388 deletions(-) create mode 100644 vendor/golang.org/x/sys/unix/syscall_linux_alarm.go create mode 100644 vendor/golang.org/x/sys/windows/setupapi_windows.go delete mode 100644 vendor/golang.org/x/sys/windows/setupapierrors_windows.go diff --git a/go.mod b/go.mod index 6aa69b486c4..a2c363ce1d4 100644 --- a/go.mod +++ b/go.mod @@ -20,7 +20,7 @@ require ( github.com/urfave/cli v1.22.6 github.com/vishvananda/netlink v1.1.0 golang.org/x/net v0.0.0-20201224014010-6772e930b67b - golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c + golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5 google.golang.org/protobuf v1.28.0 ) diff --git a/go.sum b/go.sum index bfd380fd333..30d6ee33207 100644 --- a/go.sum +++ b/go.sum @@ -71,8 +71,8 @@ golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210906170528-6f6e22806c34/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c h1:DHcbWVXeY+0Y8HHKR+rbLwnoh2F4tNCY7rTiHJ30RmA= -golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5 h1:y/woIyUBFbpQGKS0u1aHF/40WUDnek3fPOyD08H5Vng= +golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= diff --git a/vendor/golang.org/x/sys/unix/ioctl_linux.go b/vendor/golang.org/x/sys/unix/ioctl_linux.go index 1dadead21e6..884430b810c 100644 --- a/vendor/golang.org/x/sys/unix/ioctl_linux.go +++ b/vendor/golang.org/x/sys/unix/ioctl_linux.go @@ -194,3 +194,26 @@ func ioctlIfreqData(fd int, req uint, value *ifreqData) error { // identical so pass *IfreqData directly. return ioctlPtr(fd, req, unsafe.Pointer(value)) } + +// IoctlKCMClone attaches a new file descriptor to a multiplexor by cloning an +// existing KCM socket, returning a structure containing the file descriptor of +// the new socket. +func IoctlKCMClone(fd int) (*KCMClone, error) { + var info KCMClone + if err := ioctlPtr(fd, SIOCKCMCLONE, unsafe.Pointer(&info)); err != nil { + return nil, err + } + + return &info, nil +} + +// IoctlKCMAttach attaches a TCP socket and associated BPF program file +// descriptor to a multiplexor. +func IoctlKCMAttach(fd int, info KCMAttach) error { + return ioctlPtr(fd, SIOCKCMATTACH, unsafe.Pointer(&info)) +} + +// IoctlKCMUnattach unattaches a TCP socket file descriptor from a multiplexor. +func IoctlKCMUnattach(fd int, info KCMUnattach) error { + return ioctlPtr(fd, SIOCKCMUNATTACH, unsafe.Pointer(&info)) +} diff --git a/vendor/golang.org/x/sys/unix/mkerrors.sh b/vendor/golang.org/x/sys/unix/mkerrors.sh index 4945739ea0a..a037087481d 100644 --- a/vendor/golang.org/x/sys/unix/mkerrors.sh +++ b/vendor/golang.org/x/sys/unix/mkerrors.sh @@ -205,6 +205,7 @@ struct ltchars { #include #include #include +#include #include #include #include @@ -231,6 +232,7 @@ struct ltchars { #include #include #include +#include #include #include #include @@ -261,6 +263,7 @@ struct ltchars { #include #include #include +#include #include #include @@ -502,6 +505,7 @@ ccflags="$@" $2 ~ /^O?XTABS$/ || $2 ~ /^TC[IO](ON|OFF)$/ || $2 ~ /^IN_/ || + $2 ~ /^KCM/ || $2 ~ /^LANDLOCK_/ || $2 ~ /^LOCK_(SH|EX|NB|UN)$/ || $2 ~ /^LO_(KEY|NAME)_SIZE$/ || @@ -596,6 +600,7 @@ ccflags="$@" $2 ~ /^DEVLINK_/ || $2 ~ /^ETHTOOL_/ || $2 ~ /^LWTUNNEL_IP/ || + $2 ~ /^ITIMER_/ || $2 !~ "WMESGLEN" && $2 ~ /^W[A-Z0-9]+$/ || $2 ~/^PPPIOC/ || @@ -606,6 +611,7 @@ ccflags="$@" $2 ~ /^MTD/ || $2 ~ /^OTP/ || $2 ~ /^MEM/ || + $2 ~ /^WG/ || $2 ~ /^BLK[A-Z]*(GET$|SET$|BUF$|PART$|SIZE)/ {printf("\t%s = C.%s\n", $2, $2)} $2 ~ /^__WCOREFLAG$/ {next} $2 ~ /^__W[A-Z0-9]+$/ {printf("\t%s = C.%s\n", substr($2,3), $2)} diff --git a/vendor/golang.org/x/sys/unix/syscall_aix.go b/vendor/golang.org/x/sys/unix/syscall_aix.go index 6192750ce31..4f55c8d9996 100644 --- a/vendor/golang.org/x/sys/unix/syscall_aix.go +++ b/vendor/golang.org/x/sys/unix/syscall_aix.go @@ -519,8 +519,10 @@ func Pipe(p []int) (err error) { } var pp [2]_C_int err = pipe(&pp) - p[0] = int(pp[0]) - p[1] = int(pp[1]) + if err == nil { + p[0] = int(pp[0]) + p[1] = int(pp[1]) + } return } diff --git a/vendor/golang.org/x/sys/unix/syscall_darwin.go b/vendor/golang.org/x/sys/unix/syscall_darwin.go index 8826f41435e..0eaab91314c 100644 --- a/vendor/golang.org/x/sys/unix/syscall_darwin.go +++ b/vendor/golang.org/x/sys/unix/syscall_darwin.go @@ -159,8 +159,10 @@ func Pipe(p []int) (err error) { } var x [2]int32 err = pipe(&x) - p[0] = int(x[0]) - p[1] = int(x[1]) + if err == nil { + p[0] = int(x[0]) + p[1] = int(x[1]) + } return } diff --git a/vendor/golang.org/x/sys/unix/syscall_dragonfly.go b/vendor/golang.org/x/sys/unix/syscall_dragonfly.go index 5af108a5038..2e37c3167f3 100644 --- a/vendor/golang.org/x/sys/unix/syscall_dragonfly.go +++ b/vendor/golang.org/x/sys/unix/syscall_dragonfly.go @@ -101,7 +101,10 @@ func Pipe(p []int) (err error) { if len(p) != 2 { return EINVAL } - p[0], p[1], err = pipe() + r, w, err := pipe() + if err == nil { + p[0], p[1] = r, w + } return } @@ -114,7 +117,10 @@ func Pipe2(p []int, flags int) (err error) { var pp [2]_C_int // pipe2 on dragonfly takes an fds array as an argument, but still // returns the file descriptors. - p[0], p[1], err = pipe2(&pp, flags) + r, w, err := pipe2(&pp, flags) + if err == nil { + p[0], p[1] = r, w + } return err } diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd.go b/vendor/golang.org/x/sys/unix/syscall_freebsd.go index 18c392cf369..2f650ae665c 100644 --- a/vendor/golang.org/x/sys/unix/syscall_freebsd.go +++ b/vendor/golang.org/x/sys/unix/syscall_freebsd.go @@ -110,8 +110,10 @@ func Pipe2(p []int, flags int) error { } var pp [2]_C_int err := pipe2(&pp, flags) - p[0] = int(pp[0]) - p[1] = int(pp[1]) + if err == nil { + p[0] = int(pp[0]) + p[1] = int(pp[1]) + } return err } diff --git a/vendor/golang.org/x/sys/unix/syscall_linux.go b/vendor/golang.org/x/sys/unix/syscall_linux.go index 4bc5baf77d9..5f28f8fdeda 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux.go @@ -14,6 +14,7 @@ package unix import ( "encoding/binary" "syscall" + "time" "unsafe" ) @@ -131,8 +132,10 @@ func Pipe2(p []int, flags int) error { } var pp [2]_C_int err := pipe2(&pp, flags) - p[0] = int(pp[0]) - p[1] = int(pp[1]) + if err == nil { + p[0] = int(pp[0]) + p[1] = int(pp[1]) + } return err } @@ -247,6 +250,13 @@ func Getwd() (wd string, err error) { if n < 1 || n > len(buf) || buf[n-1] != 0 { return "", EINVAL } + // In some cases, Linux can return a path that starts with the + // "(unreachable)" prefix, which can potentially be a valid relative + // path. To work around that, return ENOENT if path is not absolute. + if buf[0] != '/' { + return "", ENOENT + } + return string(buf[0 : n-1]), nil } @@ -2312,11 +2322,56 @@ type RemoteIovec struct { //sys shmdt(addr uintptr) (err error) //sys shmget(key int, size int, flag int) (id int, err error) +//sys getitimer(which int, currValue *Itimerval) (err error) +//sys setitimer(which int, newValue *Itimerval, oldValue *Itimerval) (err error) + +// MakeItimerval creates an Itimerval from interval and value durations. +func MakeItimerval(interval, value time.Duration) Itimerval { + return Itimerval{ + Interval: NsecToTimeval(interval.Nanoseconds()), + Value: NsecToTimeval(value.Nanoseconds()), + } +} + +// A value which may be passed to the which parameter for Getitimer and +// Setitimer. +type ItimerWhich int + +// Possible which values for Getitimer and Setitimer. +const ( + ItimerReal ItimerWhich = ITIMER_REAL + ItimerVirtual ItimerWhich = ITIMER_VIRTUAL + ItimerProf ItimerWhich = ITIMER_PROF +) + +// Getitimer wraps getitimer(2) to return the current value of the timer +// specified by which. +func Getitimer(which ItimerWhich) (Itimerval, error) { + var it Itimerval + if err := getitimer(int(which), &it); err != nil { + return Itimerval{}, err + } + + return it, nil +} + +// Setitimer wraps setitimer(2) to arm or disarm the timer specified by which. +// It returns the previous value of the timer. +// +// If the Itimerval argument is the zero value, the timer will be disarmed. +func Setitimer(which ItimerWhich, it Itimerval) (Itimerval, error) { + var prev Itimerval + if err := setitimer(int(which), &it, &prev); err != nil { + return Itimerval{}, err + } + + return prev, nil +} + /* * Unimplemented */ // AfsSyscall -// Alarm // ArchPrctl // Brk // ClockNanosleep @@ -2332,7 +2387,6 @@ type RemoteIovec struct { // GetMempolicy // GetRobustList // GetThreadArea -// Getitimer // Getpmsg // IoCancel // IoDestroy diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_386.go b/vendor/golang.org/x/sys/unix/syscall_linux_386.go index 5f757e8aa77..d44b8ad5339 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_386.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_386.go @@ -173,14 +173,6 @@ const ( _SENDMMSG = 20 ) -func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) { - fd, e := socketcall(_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), 0, 0, 0) - if e != 0 { - err = e - } - return -} - func accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) { fd, e := socketcall(_ACCEPT4, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0) if e != 0 { diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_alarm.go b/vendor/golang.org/x/sys/unix/syscall_linux_alarm.go new file mode 100644 index 00000000000..08086ac6a4c --- /dev/null +++ b/vendor/golang.org/x/sys/unix/syscall_linux_alarm.go @@ -0,0 +1,14 @@ +// Copyright 2022 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build linux && (386 || amd64 || mips || mipsle || mips64 || mipsle || ppc64 || ppc64le || ppc || s390x || sparc64) +// +build linux +// +build 386 amd64 mips mipsle mips64 mipsle ppc64 ppc64le ppc s390x sparc64 + +package unix + +// SYS_ALARM is not defined on arm or riscv, but is available for other GOARCH +// values. + +//sys Alarm(seconds uint) (remaining uint, err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go b/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go index 4299125aa7c..bd21d93bf84 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go @@ -62,7 +62,6 @@ func Stat(path string, stat *Stat_t) (err error) { //sys SyncFileRange(fd int, off int64, n int64, flags int) (err error) //sys Truncate(path string, length int64) (err error) //sys Ustat(dev int, ubuf *Ustat_t) (err error) -//sys accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) //sys accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) //sys bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) //sys connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_arm.go b/vendor/golang.org/x/sys/unix/syscall_linux_arm.go index 79edeb9cb14..343c91f6b31 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_arm.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_arm.go @@ -27,7 +27,6 @@ func Seek(fd int, offset int64, whence int) (newoffset int64, err error) { return newoffset, nil } -//sys accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) //sys accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) //sys bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) //sys connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go b/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go index 862890de29b..8c562868480 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go @@ -66,7 +66,6 @@ func Ustat(dev int, ubuf *Ustat_t) (err error) { return ENOSYS } -//sys accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) //sys accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) //sys bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) //sys connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go b/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go index 8932e34ad2a..f0b138002c1 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go @@ -48,7 +48,6 @@ func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err //sys SyncFileRange(fd int, off int64, n int64, flags int) (err error) //sys Truncate(path string, length int64) (err error) //sys Ustat(dev int, ubuf *Ustat_t) (err error) -//sys accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) //sys accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) //sys bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) //sys connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go b/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go index 7821c25d9f7..e6163c30fe9 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go @@ -41,7 +41,6 @@ func Syscall9(trap, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, //sys SyncFileRange(fd int, off int64, n int64, flags int) (err error) //sys Truncate(path string, length int64) (err error) = SYS_TRUNCATE64 //sys Ustat(dev int, ubuf *Ustat_t) (err error) -//sys accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) //sys accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) //sys bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) //sys connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go b/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go index c5053a0f03f..4740e80a8ec 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go @@ -43,7 +43,6 @@ import ( //sys Stat(path string, stat *Stat_t) (err error) = SYS_STAT64 //sys Truncate(path string, length int64) (err error) = SYS_TRUNCATE64 //sys Ustat(dev int, ubuf *Ustat_t) (err error) -//sys accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) //sys accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) //sys bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) //sys connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go b/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go index 25786c4216b..78bc9166ef6 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go @@ -45,7 +45,6 @@ package unix //sys Statfs(path string, buf *Statfs_t) (err error) //sys Truncate(path string, length int64) (err error) //sys Ustat(dev int, ubuf *Ustat_t) (err error) -//sys accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) //sys accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) //sys bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) //sys connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go b/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go index 6f9f710414f..3d6c4eb0681 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go @@ -65,7 +65,6 @@ func Ustat(dev int, ubuf *Ustat_t) (err error) { return ENOSYS } -//sys accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) //sys accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) //sys bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) //sys connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go b/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go index 6aa59cb270d..89ce84a4168 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go @@ -145,15 +145,6 @@ const ( netSendMMsg = 20 ) -func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (int, error) { - args := [3]uintptr{uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))} - fd, _, err := Syscall(SYS_SOCKETCALL, netAccept, uintptr(unsafe.Pointer(&args)), 0) - if err != 0 { - return 0, err - } - return int(fd), nil -} - func accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (int, error) { args := [4]uintptr{uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags)} fd, _, err := Syscall(SYS_SOCKETCALL, netAccept4, uintptr(unsafe.Pointer(&args)), 0) diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go b/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go index bbe8d174f8c..35bdb098c5b 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go @@ -42,7 +42,6 @@ package unix //sys Statfs(path string, buf *Statfs_t) (err error) //sys SyncFileRange(fd int, off int64, n int64, flags int) (err error) //sys Truncate(path string, length int64) (err error) -//sys accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) //sys accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) //sys bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) //sys connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_netbsd.go b/vendor/golang.org/x/sys/unix/syscall_netbsd.go index 853d5f0f436..696fed496f6 100644 --- a/vendor/golang.org/x/sys/unix/syscall_netbsd.go +++ b/vendor/golang.org/x/sys/unix/syscall_netbsd.go @@ -110,14 +110,8 @@ func direntNamlen(buf []byte) (uint64, bool) { return readInt(buf, unsafe.Offsetof(Dirent{}.Namlen), unsafe.Sizeof(Dirent{}.Namlen)) } -//sysnb pipe() (fd1 int, fd2 int, err error) - func Pipe(p []int) (err error) { - if len(p) != 2 { - return EINVAL - } - p[0], p[1], err = pipe() - return + return Pipe2(p, 0) } //sysnb pipe2(p *[2]_C_int, flags int) (err error) @@ -128,8 +122,10 @@ func Pipe2(p []int, flags int) error { } var pp [2]_C_int err := pipe2(&pp, flags) - p[0] = int(pp[0]) - p[1] = int(pp[1]) + if err == nil { + p[0] = int(pp[0]) + p[1] = int(pp[1]) + } return err } diff --git a/vendor/golang.org/x/sys/unix/syscall_openbsd.go b/vendor/golang.org/x/sys/unix/syscall_openbsd.go index 22b55038501..11b1d419da9 100644 --- a/vendor/golang.org/x/sys/unix/syscall_openbsd.go +++ b/vendor/golang.org/x/sys/unix/syscall_openbsd.go @@ -87,8 +87,10 @@ func Pipe2(p []int, flags int) error { } var pp [2]_C_int err := pipe2(&pp, flags) - p[0] = int(pp[0]) - p[1] = int(pp[1]) + if err == nil { + p[0] = int(pp[0]) + p[1] = int(pp[1]) + } return err } diff --git a/vendor/golang.org/x/sys/unix/syscall_solaris.go b/vendor/golang.org/x/sys/unix/syscall_solaris.go index 8b88ac21333..5c813921e85 100644 --- a/vendor/golang.org/x/sys/unix/syscall_solaris.go +++ b/vendor/golang.org/x/sys/unix/syscall_solaris.go @@ -66,8 +66,10 @@ func Pipe(p []int) (err error) { if n != 0 { return err } - p[0] = int(pp[0]) - p[1] = int(pp[1]) + if err == nil { + p[0] = int(pp[0]) + p[1] = int(pp[1]) + } return nil } @@ -79,8 +81,10 @@ func Pipe2(p []int, flags int) error { } var pp [2]_C_int err := pipe2(&pp, flags) - p[0] = int(pp[0]) - p[1] = int(pp[1]) + if err == nil { + p[0] = int(pp[0]) + p[1] = int(pp[1]) + } return err } diff --git a/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go b/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go index 5fb76a14684..f8616f454ec 100644 --- a/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go +++ b/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go @@ -579,8 +579,10 @@ func Pipe(p []int) (err error) { } var pp [2]_C_int err = pipe(&pp) - p[0] = int(pp[0]) - p[1] = int(pp[1]) + if err == nil { + p[0] = int(pp[0]) + p[1] = int(pp[1]) + } return } diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux.go b/vendor/golang.org/x/sys/unix/zerrors_linux.go index d175aae896c..bc7c9d07559 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux.go @@ -38,7 +38,8 @@ const ( AF_KEY = 0xf AF_LLC = 0x1a AF_LOCAL = 0x1 - AF_MAX = 0x2d + AF_MAX = 0x2e + AF_MCTP = 0x2d AF_MPLS = 0x1c AF_NETBEUI = 0xd AF_NETLINK = 0x10 @@ -259,6 +260,17 @@ const ( BUS_USB = 0x3 BUS_VIRTUAL = 0x6 CAN_BCM = 0x2 + CAN_CTRLMODE_3_SAMPLES = 0x4 + CAN_CTRLMODE_BERR_REPORTING = 0x10 + CAN_CTRLMODE_CC_LEN8_DLC = 0x100 + CAN_CTRLMODE_FD = 0x20 + CAN_CTRLMODE_FD_NON_ISO = 0x80 + CAN_CTRLMODE_LISTENONLY = 0x2 + CAN_CTRLMODE_LOOPBACK = 0x1 + CAN_CTRLMODE_ONE_SHOT = 0x8 + CAN_CTRLMODE_PRESUME_ACK = 0x40 + CAN_CTRLMODE_TDC_AUTO = 0x200 + CAN_CTRLMODE_TDC_MANUAL = 0x400 CAN_EFF_FLAG = 0x80000000 CAN_EFF_ID_BITS = 0x1d CAN_EFF_MASK = 0x1fffffff @@ -336,6 +348,7 @@ const ( CAN_RTR_FLAG = 0x40000000 CAN_SFF_ID_BITS = 0xb CAN_SFF_MASK = 0x7ff + CAN_TERMINATION_DISABLED = 0x0 CAN_TP16 = 0x3 CAN_TP20 = 0x4 CAP_AUDIT_CONTROL = 0x1e @@ -741,6 +754,7 @@ const ( ETH_P_QINQ2 = 0x9200 ETH_P_QINQ3 = 0x9300 ETH_P_RARP = 0x8035 + ETH_P_REALTEK = 0x8899 ETH_P_SCA = 0x6007 ETH_P_SLOW = 0x8809 ETH_P_SNAP = 0x5 @@ -810,10 +824,12 @@ const ( FAN_EPIDFD = -0x2 FAN_EVENT_INFO_TYPE_DFID = 0x3 FAN_EVENT_INFO_TYPE_DFID_NAME = 0x2 + FAN_EVENT_INFO_TYPE_ERROR = 0x5 FAN_EVENT_INFO_TYPE_FID = 0x1 FAN_EVENT_INFO_TYPE_PIDFD = 0x4 FAN_EVENT_METADATA_LEN = 0x18 FAN_EVENT_ON_CHILD = 0x8000000 + FAN_FS_ERROR = 0x8000 FAN_MARK_ADD = 0x1 FAN_MARK_DONT_FOLLOW = 0x4 FAN_MARK_FILESYSTEM = 0x100 @@ -1264,9 +1280,14 @@ const ( IP_XFRM_POLICY = 0x11 ISOFS_SUPER_MAGIC = 0x9660 ISTRIP = 0x20 + ITIMER_PROF = 0x2 + ITIMER_REAL = 0x0 + ITIMER_VIRTUAL = 0x1 IUTF8 = 0x4000 IXANY = 0x800 JFFS2_SUPER_MAGIC = 0x72b6 + KCMPROTO_CONNECTED = 0x0 + KCM_RECV_DISABLE = 0x1 KEXEC_ARCH_386 = 0x30000 KEXEC_ARCH_68K = 0x40000 KEXEC_ARCH_AARCH64 = 0xb70000 @@ -1827,6 +1848,8 @@ const ( PERF_MEM_BLK_DATA = 0x2 PERF_MEM_BLK_NA = 0x1 PERF_MEM_BLK_SHIFT = 0x28 + PERF_MEM_HOPS_0 = 0x1 + PERF_MEM_HOPS_SHIFT = 0x2b PERF_MEM_LOCK_LOCKED = 0x2 PERF_MEM_LOCK_NA = 0x1 PERF_MEM_LOCK_SHIFT = 0x18 @@ -1986,6 +2009,9 @@ const ( PR_SCHED_CORE_CREATE = 0x1 PR_SCHED_CORE_GET = 0x0 PR_SCHED_CORE_MAX = 0x4 + PR_SCHED_CORE_SCOPE_PROCESS_GROUP = 0x2 + PR_SCHED_CORE_SCOPE_THREAD = 0x0 + PR_SCHED_CORE_SCOPE_THREAD_GROUP = 0x1 PR_SCHED_CORE_SHARE_FROM = 0x3 PR_SCHED_CORE_SHARE_TO = 0x2 PR_SET_CHILD_SUBREAPER = 0x24 @@ -2167,12 +2193,23 @@ const ( RTCF_NAT = 0x800000 RTCF_VALVE = 0x200000 RTC_AF = 0x20 + RTC_BSM_DIRECT = 0x1 + RTC_BSM_DISABLED = 0x0 + RTC_BSM_LEVEL = 0x2 + RTC_BSM_STANDBY = 0x3 RTC_FEATURE_ALARM = 0x0 + RTC_FEATURE_ALARM_RES_2S = 0x3 RTC_FEATURE_ALARM_RES_MINUTE = 0x1 - RTC_FEATURE_CNT = 0x3 + RTC_FEATURE_BACKUP_SWITCH_MODE = 0x6 + RTC_FEATURE_CNT = 0x7 + RTC_FEATURE_CORRECTION = 0x5 RTC_FEATURE_NEED_WEEK_DAY = 0x2 + RTC_FEATURE_UPDATE_INTERRUPT = 0x4 RTC_IRQF = 0x80 RTC_MAX_FREQ = 0x2000 + RTC_PARAM_BACKUP_SWITCH_MODE = 0x2 + RTC_PARAM_CORRECTION = 0x1 + RTC_PARAM_FEATURES = 0x0 RTC_PF = 0x40 RTC_UF = 0x10 RTF_ADDRCLASSMASK = 0xf8000000 @@ -2423,6 +2460,9 @@ const ( SIOCGSTAMPNS = 0x8907 SIOCGSTAMPNS_OLD = 0x8907 SIOCGSTAMP_OLD = 0x8906 + SIOCKCMATTACH = 0x89e0 + SIOCKCMCLONE = 0x89e2 + SIOCKCMUNATTACH = 0x89e1 SIOCOUTQNSD = 0x894b SIOCPROTOPRIVATE = 0x89e0 SIOCRTMSG = 0x890d @@ -2532,6 +2572,8 @@ const ( SO_VM_SOCKETS_BUFFER_MIN_SIZE = 0x1 SO_VM_SOCKETS_BUFFER_SIZE = 0x0 SO_VM_SOCKETS_CONNECT_TIMEOUT = 0x6 + SO_VM_SOCKETS_CONNECT_TIMEOUT_NEW = 0x8 + SO_VM_SOCKETS_CONNECT_TIMEOUT_OLD = 0x6 SO_VM_SOCKETS_NONBLOCK_TXRX = 0x7 SO_VM_SOCKETS_PEER_HOST_VM_ID = 0x3 SO_VM_SOCKETS_TRUSTED = 0x5 @@ -2826,6 +2868,13 @@ const ( WDIOS_TEMPPANIC = 0x4 WDIOS_UNKNOWN = -0x1 WEXITED = 0x4 + WGALLOWEDIP_A_MAX = 0x3 + WGDEVICE_A_MAX = 0x8 + WGPEER_A_MAX = 0xa + WG_CMD_MAX = 0x1 + WG_GENL_NAME = "wireguard" + WG_GENL_VERSION = 0x1 + WG_KEY_LEN = 0x20 WIN_ACKMEDIACHANGE = 0xdb WIN_CHECKPOWERMODE1 = 0xe5 WIN_CHECKPOWERMODE2 = 0x98 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go index 3ca40ca7f02..234fd4a5d1a 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go @@ -250,6 +250,8 @@ const ( RTC_EPOCH_SET = 0x4004700e RTC_IRQP_READ = 0x8004700b RTC_IRQP_SET = 0x4004700c + RTC_PARAM_GET = 0x40187013 + RTC_PARAM_SET = 0x40187014 RTC_PIE_OFF = 0x7006 RTC_PIE_ON = 0x7005 RTC_PLL_GET = 0x801c7011 @@ -327,6 +329,7 @@ const ( SO_RCVTIMEO = 0x14 SO_RCVTIMEO_NEW = 0x42 SO_RCVTIMEO_OLD = 0x14 + SO_RESERVE_MEM = 0x49 SO_REUSEADDR = 0x2 SO_REUSEPORT = 0xf SO_RXQ_OVFL = 0x28 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go index ead332091af..58619b7589b 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go @@ -251,6 +251,8 @@ const ( RTC_EPOCH_SET = 0x4008700e RTC_IRQP_READ = 0x8008700b RTC_IRQP_SET = 0x4008700c + RTC_PARAM_GET = 0x40187013 + RTC_PARAM_SET = 0x40187014 RTC_PIE_OFF = 0x7006 RTC_PIE_ON = 0x7005 RTC_PLL_GET = 0x80207011 @@ -328,6 +330,7 @@ const ( SO_RCVTIMEO = 0x14 SO_RCVTIMEO_NEW = 0x42 SO_RCVTIMEO_OLD = 0x14 + SO_RESERVE_MEM = 0x49 SO_REUSEADDR = 0x2 SO_REUSEPORT = 0xf SO_RXQ_OVFL = 0x28 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go index 39bdc945589..3a64ff59dce 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go @@ -257,6 +257,8 @@ const ( RTC_EPOCH_SET = 0x4004700e RTC_IRQP_READ = 0x8004700b RTC_IRQP_SET = 0x4004700c + RTC_PARAM_GET = 0x40187013 + RTC_PARAM_SET = 0x40187014 RTC_PIE_OFF = 0x7006 RTC_PIE_ON = 0x7005 RTC_PLL_GET = 0x801c7011 @@ -334,6 +336,7 @@ const ( SO_RCVTIMEO = 0x14 SO_RCVTIMEO_NEW = 0x42 SO_RCVTIMEO_OLD = 0x14 + SO_RESERVE_MEM = 0x49 SO_REUSEADDR = 0x2 SO_REUSEPORT = 0xf SO_RXQ_OVFL = 0x28 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go index 9aec987db1c..abe0b925789 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go @@ -247,6 +247,8 @@ const ( RTC_EPOCH_SET = 0x4008700e RTC_IRQP_READ = 0x8008700b RTC_IRQP_SET = 0x4008700c + RTC_PARAM_GET = 0x40187013 + RTC_PARAM_SET = 0x40187014 RTC_PIE_OFF = 0x7006 RTC_PIE_ON = 0x7005 RTC_PLL_GET = 0x80207011 @@ -324,6 +326,7 @@ const ( SO_RCVTIMEO = 0x14 SO_RCVTIMEO_NEW = 0x42 SO_RCVTIMEO_OLD = 0x14 + SO_RESERVE_MEM = 0x49 SO_REUSEADDR = 0x2 SO_REUSEPORT = 0xf SO_RXQ_OVFL = 0x28 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go index a8bba9491e8..14d7a84399d 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go @@ -250,6 +250,8 @@ const ( RTC_EPOCH_SET = 0x8004700e RTC_IRQP_READ = 0x4004700b RTC_IRQP_SET = 0x8004700c + RTC_PARAM_GET = 0x80187013 + RTC_PARAM_SET = 0x80187014 RTC_PIE_OFF = 0x20007006 RTC_PIE_ON = 0x20007005 RTC_PLL_GET = 0x401c7011 @@ -327,6 +329,7 @@ const ( SO_RCVTIMEO = 0x1006 SO_RCVTIMEO_NEW = 0x42 SO_RCVTIMEO_OLD = 0x1006 + SO_RESERVE_MEM = 0x49 SO_REUSEADDR = 0x4 SO_REUSEPORT = 0x200 SO_RXQ_OVFL = 0x28 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go index ee9e7e2020e..99e7c4ac0b4 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go @@ -250,6 +250,8 @@ const ( RTC_EPOCH_SET = 0x8008700e RTC_IRQP_READ = 0x4008700b RTC_IRQP_SET = 0x8008700c + RTC_PARAM_GET = 0x80187013 + RTC_PARAM_SET = 0x80187014 RTC_PIE_OFF = 0x20007006 RTC_PIE_ON = 0x20007005 RTC_PLL_GET = 0x40207011 @@ -327,6 +329,7 @@ const ( SO_RCVTIMEO = 0x1006 SO_RCVTIMEO_NEW = 0x42 SO_RCVTIMEO_OLD = 0x1006 + SO_RESERVE_MEM = 0x49 SO_REUSEADDR = 0x4 SO_REUSEPORT = 0x200 SO_RXQ_OVFL = 0x28 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go index ba4b288a3c0..496364c33cc 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go @@ -250,6 +250,8 @@ const ( RTC_EPOCH_SET = 0x8008700e RTC_IRQP_READ = 0x4008700b RTC_IRQP_SET = 0x8008700c + RTC_PARAM_GET = 0x80187013 + RTC_PARAM_SET = 0x80187014 RTC_PIE_OFF = 0x20007006 RTC_PIE_ON = 0x20007005 RTC_PLL_GET = 0x40207011 @@ -327,6 +329,7 @@ const ( SO_RCVTIMEO = 0x1006 SO_RCVTIMEO_NEW = 0x42 SO_RCVTIMEO_OLD = 0x1006 + SO_RESERVE_MEM = 0x49 SO_REUSEADDR = 0x4 SO_REUSEPORT = 0x200 SO_RXQ_OVFL = 0x28 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go index bc93afc3675..3e40830857d 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go @@ -250,6 +250,8 @@ const ( RTC_EPOCH_SET = 0x8004700e RTC_IRQP_READ = 0x4004700b RTC_IRQP_SET = 0x8004700c + RTC_PARAM_GET = 0x80187013 + RTC_PARAM_SET = 0x80187014 RTC_PIE_OFF = 0x20007006 RTC_PIE_ON = 0x20007005 RTC_PLL_GET = 0x401c7011 @@ -327,6 +329,7 @@ const ( SO_RCVTIMEO = 0x1006 SO_RCVTIMEO_NEW = 0x42 SO_RCVTIMEO_OLD = 0x1006 + SO_RESERVE_MEM = 0x49 SO_REUSEADDR = 0x4 SO_REUSEPORT = 0x200 SO_RXQ_OVFL = 0x28 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go index 9295e694785..1151a7dfab3 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go @@ -305,6 +305,8 @@ const ( RTC_EPOCH_SET = 0x8004700e RTC_IRQP_READ = 0x4004700b RTC_IRQP_SET = 0x8004700c + RTC_PARAM_GET = 0x80187013 + RTC_PARAM_SET = 0x80187014 RTC_PIE_OFF = 0x20007006 RTC_PIE_ON = 0x20007005 RTC_PLL_GET = 0x401c7011 @@ -382,6 +384,7 @@ const ( SO_RCVTIMEO = 0x12 SO_RCVTIMEO_NEW = 0x42 SO_RCVTIMEO_OLD = 0x12 + SO_RESERVE_MEM = 0x49 SO_REUSEADDR = 0x2 SO_REUSEPORT = 0xf SO_RXQ_OVFL = 0x28 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go index 1fa081c9a67..ed17f249e75 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go @@ -309,6 +309,8 @@ const ( RTC_EPOCH_SET = 0x8008700e RTC_IRQP_READ = 0x4008700b RTC_IRQP_SET = 0x8008700c + RTC_PARAM_GET = 0x80187013 + RTC_PARAM_SET = 0x80187014 RTC_PIE_OFF = 0x20007006 RTC_PIE_ON = 0x20007005 RTC_PLL_GET = 0x40207011 @@ -386,6 +388,7 @@ const ( SO_RCVTIMEO = 0x12 SO_RCVTIMEO_NEW = 0x42 SO_RCVTIMEO_OLD = 0x12 + SO_RESERVE_MEM = 0x49 SO_REUSEADDR = 0x2 SO_REUSEPORT = 0xf SO_RXQ_OVFL = 0x28 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go index 74b32114946..d84a37c1ac2 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go @@ -309,6 +309,8 @@ const ( RTC_EPOCH_SET = 0x8008700e RTC_IRQP_READ = 0x4008700b RTC_IRQP_SET = 0x8008700c + RTC_PARAM_GET = 0x80187013 + RTC_PARAM_SET = 0x80187014 RTC_PIE_OFF = 0x20007006 RTC_PIE_ON = 0x20007005 RTC_PLL_GET = 0x40207011 @@ -386,6 +388,7 @@ const ( SO_RCVTIMEO = 0x12 SO_RCVTIMEO_NEW = 0x42 SO_RCVTIMEO_OLD = 0x12 + SO_RESERVE_MEM = 0x49 SO_REUSEADDR = 0x2 SO_REUSEPORT = 0xf SO_RXQ_OVFL = 0x28 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go index c91c8ac5b01..5cafba83f6b 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go @@ -238,6 +238,8 @@ const ( RTC_EPOCH_SET = 0x4008700e RTC_IRQP_READ = 0x8008700b RTC_IRQP_SET = 0x4008700c + RTC_PARAM_GET = 0x40187013 + RTC_PARAM_SET = 0x40187014 RTC_PIE_OFF = 0x7006 RTC_PIE_ON = 0x7005 RTC_PLL_GET = 0x80207011 @@ -315,6 +317,7 @@ const ( SO_RCVTIMEO = 0x14 SO_RCVTIMEO_NEW = 0x42 SO_RCVTIMEO_OLD = 0x14 + SO_RESERVE_MEM = 0x49 SO_REUSEADDR = 0x2 SO_REUSEPORT = 0xf SO_RXQ_OVFL = 0x28 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go index b66bf222894..6d122da41c5 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go @@ -313,6 +313,8 @@ const ( RTC_EPOCH_SET = 0x4008700e RTC_IRQP_READ = 0x8008700b RTC_IRQP_SET = 0x4008700c + RTC_PARAM_GET = 0x40187013 + RTC_PARAM_SET = 0x40187014 RTC_PIE_OFF = 0x7006 RTC_PIE_ON = 0x7005 RTC_PLL_GET = 0x80207011 @@ -390,6 +392,7 @@ const ( SO_RCVTIMEO = 0x14 SO_RCVTIMEO_NEW = 0x42 SO_RCVTIMEO_OLD = 0x14 + SO_RESERVE_MEM = 0x49 SO_REUSEADDR = 0x2 SO_REUSEPORT = 0xf SO_RXQ_OVFL = 0x28 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go index f7fb149b0c9..6bd19e51dbb 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go @@ -304,6 +304,8 @@ const ( RTC_EPOCH_SET = 0x8008700e RTC_IRQP_READ = 0x4008700b RTC_IRQP_SET = 0x8008700c + RTC_PARAM_GET = 0x80187013 + RTC_PARAM_SET = 0x80187014 RTC_PIE_OFF = 0x20007006 RTC_PIE_ON = 0x20007005 RTC_PLL_GET = 0x40207011 @@ -381,6 +383,7 @@ const ( SO_RCVTIMEO = 0x2000 SO_RCVTIMEO_NEW = 0x44 SO_RCVTIMEO_OLD = 0x2000 + SO_RESERVE_MEM = 0x52 SO_REUSEADDR = 0x4 SO_REUSEPORT = 0x200 SO_RXQ_OVFL = 0x24 diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux.go b/vendor/golang.org/x/sys/unix/zsyscall_linux.go index 93edda4c493..30fa4055ec1 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux.go @@ -2032,3 +2032,23 @@ func shmget(key int, size int, flag int) (id int, err error) { } return } + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func getitimer(which int, currValue *Itimerval) (err error) { + _, _, e1 := Syscall(SYS_GETITIMER, uintptr(which), uintptr(unsafe.Pointer(currValue)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func setitimer(which int, newValue *Itimerval, oldValue *Itimerval) (err error) { + _, _, e1 := Syscall(SYS_SETITIMER, uintptr(which), uintptr(unsafe.Pointer(newValue)), uintptr(unsafe.Pointer(oldValue))) + if e1 != 0 { + err = errnoErr(e1) + } + return +} diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go index ff90c81e730..2fc6271f47c 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go @@ -1,4 +1,4 @@ -// go run mksyscall.go -l32 -tags linux,386 syscall_linux.go syscall_linux_386.go +// go run mksyscall.go -l32 -tags linux,386 syscall_linux.go syscall_linux_386.go syscall_linux_alarm.go // Code generated by the command above; see README.md. DO NOT EDIT. //go:build linux && 386 @@ -524,3 +524,14 @@ func utimes(path string, times *[2]Timeval) (err error) { } return } + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Alarm(seconds uint) (remaining uint, err error) { + r0, _, e1 := Syscall(SYS_ALARM, uintptr(seconds), 0, 0) + remaining = uint(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go index fa7d3dbe4e9..43d9f012814 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go @@ -1,4 +1,4 @@ -// go run mksyscall.go -tags linux,amd64 syscall_linux.go syscall_linux_amd64.go +// go run mksyscall.go -tags linux,amd64 syscall_linux.go syscall_linux_amd64.go syscall_linux_alarm.go // Code generated by the command above; see README.md. DO NOT EDIT. //go:build linux && amd64 @@ -444,17 +444,6 @@ func Ustat(dev int, ubuf *Ustat_t) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) { - r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) - fd = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) { r0, _, e1 := Syscall6(SYS_ACCEPT4, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0) fd = int(r0) @@ -691,3 +680,14 @@ func kexecFileLoad(kernelFd int, initrdFd int, cmdlineLen int, cmdline string, f } return } + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Alarm(seconds uint) (remaining uint, err error) { + r0, _, e1 := Syscall(SYS_ALARM, uintptr(seconds), 0, 0) + remaining = uint(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go index 654f91530f6..7df0cb17958 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go @@ -46,17 +46,6 @@ func Tee(rfd int, wfd int, len int, flags int) (n int64, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) { - r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) - fd = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) { r0, _, e1 := Syscall6(SYS_ACCEPT4, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0) fd = int(r0) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go index e893f987f91..076e8f1c5bb 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go @@ -389,17 +389,6 @@ func Truncate(path string, length int64) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) { - r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) - fd = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) { r0, _, e1 := Syscall6(SYS_ACCEPT4, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0) fd = int(r0) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go index 6d155288531..7b3c8474678 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go @@ -1,4 +1,4 @@ -// go run mksyscall.go -b32 -arm -tags linux,mips syscall_linux.go syscall_linux_mipsx.go +// go run mksyscall.go -b32 -arm -tags linux,mips syscall_linux.go syscall_linux_mipsx.go syscall_linux_alarm.go // Code generated by the command above; see README.md. DO NOT EDIT. //go:build linux && mips @@ -344,17 +344,6 @@ func Ustat(dev int, ubuf *Ustat_t) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) { - r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) - fd = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) { r0, _, e1 := Syscall6(SYS_ACCEPT4, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0) fd = int(r0) @@ -702,3 +691,14 @@ func setrlimit(resource int, rlim *rlimit32) (err error) { } return } + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Alarm(seconds uint) (remaining uint, err error) { + r0, _, e1 := Syscall(SYS_ALARM, uintptr(seconds), 0, 0) + remaining = uint(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go index 1e20d72df21..0d3c45fbdda 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go @@ -1,4 +1,4 @@ -// go run mksyscall.go -tags linux,mips64 syscall_linux.go syscall_linux_mips64x.go +// go run mksyscall.go -tags linux,mips64 syscall_linux.go syscall_linux_mips64x.go syscall_linux_alarm.go // Code generated by the command above; see README.md. DO NOT EDIT. //go:build linux && mips64 @@ -399,17 +399,6 @@ func Ustat(dev int, ubuf *Ustat_t) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) { - r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) - fd = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) { r0, _, e1 := Syscall6(SYS_ACCEPT4, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0) fd = int(r0) @@ -696,3 +685,14 @@ func stat(path string, st *stat_t) (err error) { } return } + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Alarm(seconds uint) (remaining uint, err error) { + r0, _, e1 := Syscall(SYS_ALARM, uintptr(seconds), 0, 0) + remaining = uint(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go index 82b5e2d9eda..cb46b2aaa22 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go @@ -399,17 +399,6 @@ func Ustat(dev int, ubuf *Ustat_t) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) { - r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) - fd = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) { r0, _, e1 := Syscall6(SYS_ACCEPT4, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0) fd = int(r0) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go index a0440c1d43b..21c9baa6ab1 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go @@ -1,4 +1,4 @@ -// go run mksyscall.go -l32 -arm -tags linux,mipsle syscall_linux.go syscall_linux_mipsx.go +// go run mksyscall.go -l32 -arm -tags linux,mipsle syscall_linux.go syscall_linux_mipsx.go syscall_linux_alarm.go // Code generated by the command above; see README.md. DO NOT EDIT. //go:build linux && mipsle @@ -344,17 +344,6 @@ func Ustat(dev int, ubuf *Ustat_t) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) { - r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) - fd = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) { r0, _, e1 := Syscall6(SYS_ACCEPT4, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0) fd = int(r0) @@ -702,3 +691,14 @@ func setrlimit(resource int, rlim *rlimit32) (err error) { } return } + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Alarm(seconds uint) (remaining uint, err error) { + r0, _, e1 := Syscall(SYS_ALARM, uintptr(seconds), 0, 0) + remaining = uint(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go index 5864b9ca649..02b8f08871e 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go @@ -1,4 +1,4 @@ -// go run mksyscall.go -b32 -tags linux,ppc syscall_linux.go syscall_linux_ppc.go +// go run mksyscall.go -b32 -tags linux,ppc syscall_linux.go syscall_linux_ppc.go syscall_linux_alarm.go // Code generated by the command above; see README.md. DO NOT EDIT. //go:build linux && ppc @@ -409,17 +409,6 @@ func Ustat(dev int, ubuf *Ustat_t) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) { - r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) - fd = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) { r0, _, e1 := Syscall6(SYS_ACCEPT4, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0) fd = int(r0) @@ -707,3 +696,14 @@ func kexecFileLoad(kernelFd int, initrdFd int, cmdlineLen int, cmdline string, f } return } + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Alarm(seconds uint) (remaining uint, err error) { + r0, _, e1 := Syscall(SYS_ALARM, uintptr(seconds), 0, 0) + remaining = uint(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go index beeb49e3421..ac8cb09ba35 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go @@ -1,4 +1,4 @@ -// go run mksyscall.go -tags linux,ppc64 syscall_linux.go syscall_linux_ppc64x.go +// go run mksyscall.go -tags linux,ppc64 syscall_linux.go syscall_linux_ppc64x.go syscall_linux_alarm.go // Code generated by the command above; see README.md. DO NOT EDIT. //go:build linux && ppc64 @@ -475,17 +475,6 @@ func Ustat(dev int, ubuf *Ustat_t) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) { - r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) - fd = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) { r0, _, e1 := Syscall6(SYS_ACCEPT4, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0) fd = int(r0) @@ -753,3 +742,14 @@ func kexecFileLoad(kernelFd int, initrdFd int, cmdlineLen int, cmdline string, f } return } + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Alarm(seconds uint) (remaining uint, err error) { + r0, _, e1 := Syscall(SYS_ALARM, uintptr(seconds), 0, 0) + remaining = uint(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go index 53139b82c7b..bd08d887a14 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go @@ -1,4 +1,4 @@ -// go run mksyscall.go -tags linux,ppc64le syscall_linux.go syscall_linux_ppc64x.go +// go run mksyscall.go -tags linux,ppc64le syscall_linux.go syscall_linux_ppc64x.go syscall_linux_alarm.go // Code generated by the command above; see README.md. DO NOT EDIT. //go:build linux && ppc64le @@ -475,17 +475,6 @@ func Ustat(dev int, ubuf *Ustat_t) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) { - r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) - fd = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) { r0, _, e1 := Syscall6(SYS_ACCEPT4, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0) fd = int(r0) @@ -753,3 +742,14 @@ func kexecFileLoad(kernelFd int, initrdFd int, cmdlineLen int, cmdline string, f } return } + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Alarm(seconds uint) (remaining uint, err error) { + r0, _, e1 := Syscall(SYS_ALARM, uintptr(seconds), 0, 0) + remaining = uint(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go index 63b393b8027..a834d217304 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go @@ -369,17 +369,6 @@ func Truncate(path string, length int64) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) { - r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) - fd = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) { r0, _, e1 := Syscall6(SYS_ACCEPT4, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0) fd = int(r0) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go index 202add37d10..9e462a96fbe 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go @@ -1,4 +1,4 @@ -// go run mksyscall.go -tags linux,s390x syscall_linux.go syscall_linux_s390x.go +// go run mksyscall.go -tags linux,s390x syscall_linux.go syscall_linux_s390x.go syscall_linux_alarm.go // Code generated by the command above; see README.md. DO NOT EDIT. //go:build linux && s390x @@ -533,3 +533,14 @@ func kexecFileLoad(kernelFd int, initrdFd int, cmdlineLen int, cmdline string, f } return } + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Alarm(seconds uint) (remaining uint, err error) { + r0, _, e1 := Syscall(SYS_ALARM, uintptr(seconds), 0, 0) + remaining = uint(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go index 2ab268c3435..96d340242c4 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go @@ -1,4 +1,4 @@ -// go run mksyscall.go -tags linux,sparc64 syscall_linux.go syscall_linux_sparc64.go +// go run mksyscall.go -tags linux,sparc64 syscall_linux.go syscall_linux_sparc64.go syscall_linux_alarm.go // Code generated by the command above; see README.md. DO NOT EDIT. //go:build linux && sparc64 @@ -455,17 +455,6 @@ func Truncate(path string, length int64) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) { - r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) - fd = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) { r0, _, e1 := Syscall6(SYS_ACCEPT4, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0) fd = int(r0) @@ -697,3 +686,14 @@ func utimes(path string, times *[2]Timeval) (err error) { } return } + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Alarm(seconds uint) (remaining uint, err error) { + r0, _, e1 := Syscall(SYS_ALARM, uintptr(seconds), 0, 0) + remaining = uint(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go index 4726ab30a8f..51d0c0742bf 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go @@ -351,18 +351,6 @@ func Munlockall() (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func pipe() (fd1 int, fd2 int, err error) { - r0, r1, e1 := RawSyscall(SYS_PIPE, 0, 0, 0) - fd1 = int(r0) - fd2 = int(r1) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func pipe2(p *[2]_C_int, flags int) (err error) { _, _, e1 := RawSyscall(SYS_PIPE2, uintptr(unsafe.Pointer(p)), uintptr(flags), 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go index fe71456dbc0..df2efb6db3f 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go @@ -351,18 +351,6 @@ func Munlockall() (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func pipe() (fd1 int, fd2 int, err error) { - r0, r1, e1 := RawSyscall(SYS_PIPE, 0, 0, 0) - fd1 = int(r0) - fd2 = int(r1) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func pipe2(p *[2]_C_int, flags int) (err error) { _, _, e1 := RawSyscall(SYS_PIPE2, uintptr(unsafe.Pointer(p)), uintptr(flags), 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go index 0b5b2f0143b..c8536c2c9f0 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go @@ -351,18 +351,6 @@ func Munlockall() (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func pipe() (fd1 int, fd2 int, err error) { - r0, r1, e1 := RawSyscall(SYS_PIPE, 0, 0, 0) - fd1 = int(r0) - fd2 = int(r1) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func pipe2(p *[2]_C_int, flags int) (err error) { _, _, e1 := RawSyscall(SYS_PIPE2, uintptr(unsafe.Pointer(p)), uintptr(flags), 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go index bfca28648fb..8b981bfc2eb 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go @@ -351,18 +351,6 @@ func Munlockall() (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func pipe() (fd1 int, fd2 int, err error) { - r0, r1, e1 := RawSyscall(SYS_PIPE, 0, 0, 0) - fd1 = int(r0) - fd2 = int(r1) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func pipe2(p *[2]_C_int, flags int) (err error) { _, _, e1 := RawSyscall(SYS_PIPE2, uintptr(unsafe.Pointer(p)), uintptr(flags), 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go index 31847d2305f..cac1f758bf7 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go @@ -445,4 +445,5 @@ const ( SYS_LANDLOCK_RESTRICT_SELF = 446 SYS_MEMFD_SECRET = 447 SYS_PROCESS_MRELEASE = 448 + SYS_FUTEX_WAITV = 449 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go index 3503cbbde38..f327e4a0bcc 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go @@ -367,4 +367,5 @@ const ( SYS_LANDLOCK_RESTRICT_SELF = 446 SYS_MEMFD_SECRET = 447 SYS_PROCESS_MRELEASE = 448 + SYS_FUTEX_WAITV = 449 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go index 5ecd24bf683..fb06a08d4ee 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go @@ -409,4 +409,5 @@ const ( SYS_LANDLOCK_ADD_RULE = 445 SYS_LANDLOCK_RESTRICT_SELF = 446 SYS_PROCESS_MRELEASE = 448 + SYS_FUTEX_WAITV = 449 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go index 7e5c94cc7fe..58285646eb7 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go @@ -312,4 +312,5 @@ const ( SYS_LANDLOCK_RESTRICT_SELF = 446 SYS_MEMFD_SECRET = 447 SYS_PROCESS_MRELEASE = 448 + SYS_FUTEX_WAITV = 449 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go index e1e2a2bf59e..3b0418e6894 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go @@ -429,4 +429,5 @@ const ( SYS_LANDLOCK_ADD_RULE = 4445 SYS_LANDLOCK_RESTRICT_SELF = 4446 SYS_PROCESS_MRELEASE = 4448 + SYS_FUTEX_WAITV = 4449 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go index 7651915a3ad..314ebf166ab 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go @@ -359,4 +359,5 @@ const ( SYS_LANDLOCK_ADD_RULE = 5445 SYS_LANDLOCK_RESTRICT_SELF = 5446 SYS_PROCESS_MRELEASE = 5448 + SYS_FUTEX_WAITV = 5449 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go index a26a2c050bc..b8fbb937a33 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go @@ -359,4 +359,5 @@ const ( SYS_LANDLOCK_ADD_RULE = 5445 SYS_LANDLOCK_RESTRICT_SELF = 5446 SYS_PROCESS_MRELEASE = 5448 + SYS_FUTEX_WAITV = 5449 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go index fda9a6a9913..ee309b2bac9 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go @@ -429,4 +429,5 @@ const ( SYS_LANDLOCK_ADD_RULE = 4445 SYS_LANDLOCK_RESTRICT_SELF = 4446 SYS_PROCESS_MRELEASE = 4448 + SYS_FUTEX_WAITV = 4449 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go index e8496150d41..ac3748104ed 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go @@ -436,4 +436,5 @@ const ( SYS_LANDLOCK_ADD_RULE = 445 SYS_LANDLOCK_RESTRICT_SELF = 446 SYS_PROCESS_MRELEASE = 448 + SYS_FUTEX_WAITV = 449 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go index 5ee0678a360..5aa47211104 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go @@ -408,4 +408,5 @@ const ( SYS_LANDLOCK_ADD_RULE = 445 SYS_LANDLOCK_RESTRICT_SELF = 446 SYS_PROCESS_MRELEASE = 448 + SYS_FUTEX_WAITV = 449 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go index 29c0f9a39ea..0793ac1a65b 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go @@ -408,4 +408,5 @@ const ( SYS_LANDLOCK_ADD_RULE = 445 SYS_LANDLOCK_RESTRICT_SELF = 446 SYS_PROCESS_MRELEASE = 448 + SYS_FUTEX_WAITV = 449 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go index 5c9a9a3b61c..a520962e395 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go @@ -310,4 +310,5 @@ const ( SYS_LANDLOCK_ADD_RULE = 445 SYS_LANDLOCK_RESTRICT_SELF = 446 SYS_PROCESS_MRELEASE = 448 + SYS_FUTEX_WAITV = 449 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go index 913f50f98b9..d1738586b4f 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go @@ -373,4 +373,5 @@ const ( SYS_LANDLOCK_ADD_RULE = 445 SYS_LANDLOCK_RESTRICT_SELF = 446 SYS_PROCESS_MRELEASE = 448 + SYS_FUTEX_WAITV = 449 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go index 0de03a7227c..dfd5660f974 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go @@ -387,4 +387,5 @@ const ( SYS_LANDLOCK_ADD_RULE = 445 SYS_LANDLOCK_RESTRICT_SELF = 446 SYS_PROCESS_MRELEASE = 448 + SYS_FUTEX_WAITV = 449 ) diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux.go b/vendor/golang.org/x/sys/unix/ztypes_linux.go index 37b521436bc..2c26466e07c 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux.go @@ -24,6 +24,11 @@ type ItimerSpec struct { Value Timespec } +type Itimerval struct { + Interval Timeval + Value Timeval +} + const ( TIME_OK = 0x0 TIME_INS = 0x1 @@ -867,6 +872,7 @@ const ( CTRL_CMD_NEWMCAST_GRP = 0x7 CTRL_CMD_DELMCAST_GRP = 0x8 CTRL_CMD_GETMCAST_GRP = 0x9 + CTRL_CMD_GETPOLICY = 0xa CTRL_ATTR_UNSPEC = 0x0 CTRL_ATTR_FAMILY_ID = 0x1 CTRL_ATTR_FAMILY_NAME = 0x2 @@ -875,12 +881,19 @@ const ( CTRL_ATTR_MAXATTR = 0x5 CTRL_ATTR_OPS = 0x6 CTRL_ATTR_MCAST_GROUPS = 0x7 + CTRL_ATTR_POLICY = 0x8 + CTRL_ATTR_OP_POLICY = 0x9 + CTRL_ATTR_OP = 0xa CTRL_ATTR_OP_UNSPEC = 0x0 CTRL_ATTR_OP_ID = 0x1 CTRL_ATTR_OP_FLAGS = 0x2 CTRL_ATTR_MCAST_GRP_UNSPEC = 0x0 CTRL_ATTR_MCAST_GRP_NAME = 0x1 CTRL_ATTR_MCAST_GRP_ID = 0x2 + CTRL_ATTR_POLICY_UNSPEC = 0x0 + CTRL_ATTR_POLICY_DO = 0x1 + CTRL_ATTR_POLICY_DUMP = 0x2 + CTRL_ATTR_POLICY_DUMP_MAX = 0x2 ) const ( @@ -1136,7 +1149,8 @@ const ( PERF_RECORD_BPF_EVENT = 0x12 PERF_RECORD_CGROUP = 0x13 PERF_RECORD_TEXT_POKE = 0x14 - PERF_RECORD_MAX = 0x15 + PERF_RECORD_AUX_OUTPUT_HW_ID = 0x15 + PERF_RECORD_MAX = 0x16 PERF_RECORD_KSYMBOL_TYPE_UNKNOWN = 0x0 PERF_RECORD_KSYMBOL_TYPE_BPF = 0x1 PERF_RECORD_KSYMBOL_TYPE_OOL = 0x2 @@ -1776,7 +1790,8 @@ const ( const ( NF_NETDEV_INGRESS = 0x0 - NF_NETDEV_NUMHOOKS = 0x1 + NF_NETDEV_EGRESS = 0x1 + NF_NETDEV_NUMHOOKS = 0x2 ) const ( @@ -3158,7 +3173,13 @@ const ( DEVLINK_ATTR_RELOAD_ACTION_INFO = 0xa2 DEVLINK_ATTR_RELOAD_ACTION_STATS = 0xa3 DEVLINK_ATTR_PORT_PCI_SF_NUMBER = 0xa4 - DEVLINK_ATTR_MAX = 0xa9 + DEVLINK_ATTR_RATE_TYPE = 0xa5 + DEVLINK_ATTR_RATE_TX_SHARE = 0xa6 + DEVLINK_ATTR_RATE_TX_MAX = 0xa7 + DEVLINK_ATTR_RATE_NODE_NAME = 0xa8 + DEVLINK_ATTR_RATE_PARENT_NODE_NAME = 0xa9 + DEVLINK_ATTR_REGION_MAX_SNAPSHOTS = 0xaa + DEVLINK_ATTR_MAX = 0xaa DEVLINK_DPIPE_FIELD_MAPPING_TYPE_NONE = 0x0 DEVLINK_DPIPE_FIELD_MAPPING_TYPE_IFINDEX = 0x1 DEVLINK_DPIPE_MATCH_TYPE_FIELD_EXACT = 0x0 @@ -3455,7 +3476,14 @@ const ( ETHTOOL_MSG_CABLE_TEST_ACT = 0x1a ETHTOOL_MSG_CABLE_TEST_TDR_ACT = 0x1b ETHTOOL_MSG_TUNNEL_INFO_GET = 0x1c - ETHTOOL_MSG_USER_MAX = 0x21 + ETHTOOL_MSG_FEC_GET = 0x1d + ETHTOOL_MSG_FEC_SET = 0x1e + ETHTOOL_MSG_MODULE_EEPROM_GET = 0x1f + ETHTOOL_MSG_STATS_GET = 0x20 + ETHTOOL_MSG_PHC_VCLOCKS_GET = 0x21 + ETHTOOL_MSG_MODULE_GET = 0x22 + ETHTOOL_MSG_MODULE_SET = 0x23 + ETHTOOL_MSG_USER_MAX = 0x23 ETHTOOL_MSG_KERNEL_NONE = 0x0 ETHTOOL_MSG_STRSET_GET_REPLY = 0x1 ETHTOOL_MSG_LINKINFO_GET_REPLY = 0x2 @@ -3486,7 +3514,14 @@ const ( ETHTOOL_MSG_CABLE_TEST_NTF = 0x1b ETHTOOL_MSG_CABLE_TEST_TDR_NTF = 0x1c ETHTOOL_MSG_TUNNEL_INFO_GET_REPLY = 0x1d - ETHTOOL_MSG_KERNEL_MAX = 0x22 + ETHTOOL_MSG_FEC_GET_REPLY = 0x1e + ETHTOOL_MSG_FEC_NTF = 0x1f + ETHTOOL_MSG_MODULE_EEPROM_GET_REPLY = 0x20 + ETHTOOL_MSG_STATS_GET_REPLY = 0x21 + ETHTOOL_MSG_PHC_VCLOCKS_GET_REPLY = 0x22 + ETHTOOL_MSG_MODULE_GET_REPLY = 0x23 + ETHTOOL_MSG_MODULE_NTF = 0x24 + ETHTOOL_MSG_KERNEL_MAX = 0x24 ETHTOOL_A_HEADER_UNSPEC = 0x0 ETHTOOL_A_HEADER_DEV_INDEX = 0x1 ETHTOOL_A_HEADER_DEV_NAME = 0x2 @@ -3736,6 +3771,8 @@ const ( ETHTOOL_A_TUNNEL_INFO_MAX = 0x2 ) +const SPEED_UNKNOWN = -0x1 + type EthtoolDrvinfo struct { Cmd uint32 Driver [32]byte @@ -3968,3 +4005,1530 @@ type MountAttr struct { Propagation uint64 Userns_fd uint64 } + +const ( + WG_CMD_GET_DEVICE = 0x0 + WG_CMD_SET_DEVICE = 0x1 + WGDEVICE_F_REPLACE_PEERS = 0x1 + WGDEVICE_A_UNSPEC = 0x0 + WGDEVICE_A_IFINDEX = 0x1 + WGDEVICE_A_IFNAME = 0x2 + WGDEVICE_A_PRIVATE_KEY = 0x3 + WGDEVICE_A_PUBLIC_KEY = 0x4 + WGDEVICE_A_FLAGS = 0x5 + WGDEVICE_A_LISTEN_PORT = 0x6 + WGDEVICE_A_FWMARK = 0x7 + WGDEVICE_A_PEERS = 0x8 + WGPEER_F_REMOVE_ME = 0x1 + WGPEER_F_REPLACE_ALLOWEDIPS = 0x2 + WGPEER_F_UPDATE_ONLY = 0x4 + WGPEER_A_UNSPEC = 0x0 + WGPEER_A_PUBLIC_KEY = 0x1 + WGPEER_A_PRESHARED_KEY = 0x2 + WGPEER_A_FLAGS = 0x3 + WGPEER_A_ENDPOINT = 0x4 + WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL = 0x5 + WGPEER_A_LAST_HANDSHAKE_TIME = 0x6 + WGPEER_A_RX_BYTES = 0x7 + WGPEER_A_TX_BYTES = 0x8 + WGPEER_A_ALLOWEDIPS = 0x9 + WGPEER_A_PROTOCOL_VERSION = 0xa + WGALLOWEDIP_A_UNSPEC = 0x0 + WGALLOWEDIP_A_FAMILY = 0x1 + WGALLOWEDIP_A_IPADDR = 0x2 + WGALLOWEDIP_A_CIDR_MASK = 0x3 +) + +const ( + NL_ATTR_TYPE_INVALID = 0x0 + NL_ATTR_TYPE_FLAG = 0x1 + NL_ATTR_TYPE_U8 = 0x2 + NL_ATTR_TYPE_U16 = 0x3 + NL_ATTR_TYPE_U32 = 0x4 + NL_ATTR_TYPE_U64 = 0x5 + NL_ATTR_TYPE_S8 = 0x6 + NL_ATTR_TYPE_S16 = 0x7 + NL_ATTR_TYPE_S32 = 0x8 + NL_ATTR_TYPE_S64 = 0x9 + NL_ATTR_TYPE_BINARY = 0xa + NL_ATTR_TYPE_STRING = 0xb + NL_ATTR_TYPE_NUL_STRING = 0xc + NL_ATTR_TYPE_NESTED = 0xd + NL_ATTR_TYPE_NESTED_ARRAY = 0xe + NL_ATTR_TYPE_BITFIELD32 = 0xf + + NL_POLICY_TYPE_ATTR_UNSPEC = 0x0 + NL_POLICY_TYPE_ATTR_TYPE = 0x1 + NL_POLICY_TYPE_ATTR_MIN_VALUE_S = 0x2 + NL_POLICY_TYPE_ATTR_MAX_VALUE_S = 0x3 + NL_POLICY_TYPE_ATTR_MIN_VALUE_U = 0x4 + NL_POLICY_TYPE_ATTR_MAX_VALUE_U = 0x5 + NL_POLICY_TYPE_ATTR_MIN_LENGTH = 0x6 + NL_POLICY_TYPE_ATTR_MAX_LENGTH = 0x7 + NL_POLICY_TYPE_ATTR_POLICY_IDX = 0x8 + NL_POLICY_TYPE_ATTR_POLICY_MAXTYPE = 0x9 + NL_POLICY_TYPE_ATTR_BITFIELD32_MASK = 0xa + NL_POLICY_TYPE_ATTR_PAD = 0xb + NL_POLICY_TYPE_ATTR_MASK = 0xc + NL_POLICY_TYPE_ATTR_MAX = 0xc +) + +type CANBitTiming struct { + Bitrate uint32 + Sample_point uint32 + Tq uint32 + Prop_seg uint32 + Phase_seg1 uint32 + Phase_seg2 uint32 + Sjw uint32 + Brp uint32 +} + +type CANBitTimingConst struct { + Name [16]uint8 + Tseg1_min uint32 + Tseg1_max uint32 + Tseg2_min uint32 + Tseg2_max uint32 + Sjw_max uint32 + Brp_min uint32 + Brp_max uint32 + Brp_inc uint32 +} + +type CANClock struct { + Freq uint32 +} + +type CANBusErrorCounters struct { + Txerr uint16 + Rxerr uint16 +} + +type CANCtrlMode struct { + Mask uint32 + Flags uint32 +} + +type CANDeviceStats struct { + Bus_error uint32 + Error_warning uint32 + Error_passive uint32 + Bus_off uint32 + Arbitration_lost uint32 + Restarts uint32 +} + +const ( + CAN_STATE_ERROR_ACTIVE = 0x0 + CAN_STATE_ERROR_WARNING = 0x1 + CAN_STATE_ERROR_PASSIVE = 0x2 + CAN_STATE_BUS_OFF = 0x3 + CAN_STATE_STOPPED = 0x4 + CAN_STATE_SLEEPING = 0x5 + CAN_STATE_MAX = 0x6 +) + +const ( + IFLA_CAN_UNSPEC = 0x0 + IFLA_CAN_BITTIMING = 0x1 + IFLA_CAN_BITTIMING_CONST = 0x2 + IFLA_CAN_CLOCK = 0x3 + IFLA_CAN_STATE = 0x4 + IFLA_CAN_CTRLMODE = 0x5 + IFLA_CAN_RESTART_MS = 0x6 + IFLA_CAN_RESTART = 0x7 + IFLA_CAN_BERR_COUNTER = 0x8 + IFLA_CAN_DATA_BITTIMING = 0x9 + IFLA_CAN_DATA_BITTIMING_CONST = 0xa + IFLA_CAN_TERMINATION = 0xb + IFLA_CAN_TERMINATION_CONST = 0xc + IFLA_CAN_BITRATE_CONST = 0xd + IFLA_CAN_DATA_BITRATE_CONST = 0xe + IFLA_CAN_BITRATE_MAX = 0xf +) + +type KCMAttach struct { + Fd int32 + Bpf_fd int32 +} + +type KCMUnattach struct { + Fd int32 +} + +type KCMClone struct { + Fd int32 +} + +const ( + NL80211_AC_BE = 0x2 + NL80211_AC_BK = 0x3 + NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED = 0x0 + NL80211_ACL_POLICY_DENY_UNLESS_LISTED = 0x1 + NL80211_AC_VI = 0x1 + NL80211_AC_VO = 0x0 + NL80211_ATTR_4ADDR = 0x53 + NL80211_ATTR_ACK = 0x5c + NL80211_ATTR_ACK_SIGNAL = 0x107 + NL80211_ATTR_ACL_POLICY = 0xa5 + NL80211_ATTR_ADMITTED_TIME = 0xd4 + NL80211_ATTR_AIRTIME_WEIGHT = 0x112 + NL80211_ATTR_AKM_SUITES = 0x4c + NL80211_ATTR_AP_ISOLATE = 0x60 + NL80211_ATTR_AUTH_DATA = 0x9c + NL80211_ATTR_AUTH_TYPE = 0x35 + NL80211_ATTR_BANDS = 0xef + NL80211_ATTR_BEACON_HEAD = 0xe + NL80211_ATTR_BEACON_INTERVAL = 0xc + NL80211_ATTR_BEACON_TAIL = 0xf + NL80211_ATTR_BG_SCAN_PERIOD = 0x98 + NL80211_ATTR_BSS_BASIC_RATES = 0x24 + NL80211_ATTR_BSS = 0x2f + NL80211_ATTR_BSS_CTS_PROT = 0x1c + NL80211_ATTR_BSS_HT_OPMODE = 0x6d + NL80211_ATTR_BSSID = 0xf5 + NL80211_ATTR_BSS_SELECT = 0xe3 + NL80211_ATTR_BSS_SHORT_PREAMBLE = 0x1d + NL80211_ATTR_BSS_SHORT_SLOT_TIME = 0x1e + NL80211_ATTR_CENTER_FREQ1 = 0xa0 + NL80211_ATTR_CENTER_FREQ1_OFFSET = 0x123 + NL80211_ATTR_CENTER_FREQ2 = 0xa1 + NL80211_ATTR_CHANNEL_WIDTH = 0x9f + NL80211_ATTR_CH_SWITCH_BLOCK_TX = 0xb8 + NL80211_ATTR_CH_SWITCH_COUNT = 0xb7 + NL80211_ATTR_CIPHER_SUITE_GROUP = 0x4a + NL80211_ATTR_CIPHER_SUITES = 0x39 + NL80211_ATTR_CIPHER_SUITES_PAIRWISE = 0x49 + NL80211_ATTR_CNTDWN_OFFS_BEACON = 0xba + NL80211_ATTR_CNTDWN_OFFS_PRESP = 0xbb + NL80211_ATTR_COALESCE_RULE = 0xb6 + NL80211_ATTR_COALESCE_RULE_CONDITION = 0x2 + NL80211_ATTR_COALESCE_RULE_DELAY = 0x1 + NL80211_ATTR_COALESCE_RULE_MAX = 0x3 + NL80211_ATTR_COALESCE_RULE_PKT_PATTERN = 0x3 + NL80211_ATTR_CONN_FAILED_REASON = 0x9b + NL80211_ATTR_CONTROL_PORT = 0x44 + NL80211_ATTR_CONTROL_PORT_ETHERTYPE = 0x66 + NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT = 0x67 + NL80211_ATTR_CONTROL_PORT_NO_PREAUTH = 0x11e + NL80211_ATTR_CONTROL_PORT_OVER_NL80211 = 0x108 + NL80211_ATTR_COOKIE = 0x58 + NL80211_ATTR_CQM_BEACON_LOSS_EVENT = 0x8 + NL80211_ATTR_CQM = 0x5e + NL80211_ATTR_CQM_MAX = 0x9 + NL80211_ATTR_CQM_PKT_LOSS_EVENT = 0x4 + NL80211_ATTR_CQM_RSSI_HYST = 0x2 + NL80211_ATTR_CQM_RSSI_LEVEL = 0x9 + NL80211_ATTR_CQM_RSSI_THOLD = 0x1 + NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT = 0x3 + NL80211_ATTR_CQM_TXE_INTVL = 0x7 + NL80211_ATTR_CQM_TXE_PKTS = 0x6 + NL80211_ATTR_CQM_TXE_RATE = 0x5 + NL80211_ATTR_CRIT_PROT_ID = 0xb3 + NL80211_ATTR_CSA_C_OFF_BEACON = 0xba + NL80211_ATTR_CSA_C_OFF_PRESP = 0xbb + NL80211_ATTR_CSA_C_OFFSETS_TX = 0xcd + NL80211_ATTR_CSA_IES = 0xb9 + NL80211_ATTR_DEVICE_AP_SME = 0x8d + NL80211_ATTR_DFS_CAC_TIME = 0x7 + NL80211_ATTR_DFS_REGION = 0x92 + NL80211_ATTR_DISABLE_HE = 0x12d + NL80211_ATTR_DISABLE_HT = 0x93 + NL80211_ATTR_DISABLE_VHT = 0xaf + NL80211_ATTR_DISCONNECTED_BY_AP = 0x47 + NL80211_ATTR_DONT_WAIT_FOR_ACK = 0x8e + NL80211_ATTR_DTIM_PERIOD = 0xd + NL80211_ATTR_DURATION = 0x57 + NL80211_ATTR_EXT_CAPA = 0xa9 + NL80211_ATTR_EXT_CAPA_MASK = 0xaa + NL80211_ATTR_EXTERNAL_AUTH_ACTION = 0x104 + NL80211_ATTR_EXTERNAL_AUTH_SUPPORT = 0x105 + NL80211_ATTR_EXT_FEATURES = 0xd9 + NL80211_ATTR_FEATURE_FLAGS = 0x8f + NL80211_ATTR_FILS_CACHE_ID = 0xfd + NL80211_ATTR_FILS_DISCOVERY = 0x126 + NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM = 0xfb + NL80211_ATTR_FILS_ERP_REALM = 0xfa + NL80211_ATTR_FILS_ERP_RRK = 0xfc + NL80211_ATTR_FILS_ERP_USERNAME = 0xf9 + NL80211_ATTR_FILS_KEK = 0xf2 + NL80211_ATTR_FILS_NONCES = 0xf3 + NL80211_ATTR_FRAME = 0x33 + NL80211_ATTR_FRAME_MATCH = 0x5b + NL80211_ATTR_FRAME_TYPE = 0x65 + NL80211_ATTR_FREQ_AFTER = 0x3b + NL80211_ATTR_FREQ_BEFORE = 0x3a + NL80211_ATTR_FREQ_FIXED = 0x3c + NL80211_ATTR_FREQ_RANGE_END = 0x3 + NL80211_ATTR_FREQ_RANGE_MAX_BW = 0x4 + NL80211_ATTR_FREQ_RANGE_START = 0x2 + NL80211_ATTR_FTM_RESPONDER = 0x10e + NL80211_ATTR_FTM_RESPONDER_STATS = 0x10f + NL80211_ATTR_GENERATION = 0x2e + NL80211_ATTR_HANDLE_DFS = 0xbf + NL80211_ATTR_HE_6GHZ_CAPABILITY = 0x125 + NL80211_ATTR_HE_BSS_COLOR = 0x11b + NL80211_ATTR_HE_CAPABILITY = 0x10d + NL80211_ATTR_HE_OBSS_PD = 0x117 + NL80211_ATTR_HIDDEN_SSID = 0x7e + NL80211_ATTR_HT_CAPABILITY = 0x1f + NL80211_ATTR_HT_CAPABILITY_MASK = 0x94 + NL80211_ATTR_IE_ASSOC_RESP = 0x80 + NL80211_ATTR_IE = 0x2a + NL80211_ATTR_IE_PROBE_RESP = 0x7f + NL80211_ATTR_IE_RIC = 0xb2 + NL80211_ATTR_IFACE_SOCKET_OWNER = 0xcc + NL80211_ATTR_IFINDEX = 0x3 + NL80211_ATTR_IFNAME = 0x4 + NL80211_ATTR_IFTYPE_AKM_SUITES = 0x11c + NL80211_ATTR_IFTYPE = 0x5 + NL80211_ATTR_IFTYPE_EXT_CAPA = 0xe6 + NL80211_ATTR_INACTIVITY_TIMEOUT = 0x96 + NL80211_ATTR_INTERFACE_COMBINATIONS = 0x78 + NL80211_ATTR_KEY_CIPHER = 0x9 + NL80211_ATTR_KEY = 0x50 + NL80211_ATTR_KEY_DATA = 0x7 + NL80211_ATTR_KEY_DEFAULT = 0xb + NL80211_ATTR_KEY_DEFAULT_MGMT = 0x28 + NL80211_ATTR_KEY_DEFAULT_TYPES = 0x6e + NL80211_ATTR_KEY_IDX = 0x8 + NL80211_ATTR_KEYS = 0x51 + NL80211_ATTR_KEY_SEQ = 0xa + NL80211_ATTR_KEY_TYPE = 0x37 + NL80211_ATTR_LOCAL_MESH_POWER_MODE = 0xa4 + NL80211_ATTR_LOCAL_STATE_CHANGE = 0x5f + NL80211_ATTR_MAC_ACL_MAX = 0xa7 + NL80211_ATTR_MAC_ADDRS = 0xa6 + NL80211_ATTR_MAC = 0x6 + NL80211_ATTR_MAC_HINT = 0xc8 + NL80211_ATTR_MAC_MASK = 0xd7 + NL80211_ATTR_MAX_AP_ASSOC_STA = 0xca + NL80211_ATTR_MAX = 0x133 + NL80211_ATTR_MAX_CRIT_PROT_DURATION = 0xb4 + NL80211_ATTR_MAX_CSA_COUNTERS = 0xce + NL80211_ATTR_MAX_MATCH_SETS = 0x85 + NL80211_ATTR_MAX_NUM_PMKIDS = 0x56 + NL80211_ATTR_MAX_NUM_SCAN_SSIDS = 0x2b + NL80211_ATTR_MAX_NUM_SCHED_SCAN_PLANS = 0xde + NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS = 0x7b + NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION = 0x6f + NL80211_ATTR_MAX_SCAN_IE_LEN = 0x38 + NL80211_ATTR_MAX_SCAN_PLAN_INTERVAL = 0xdf + NL80211_ATTR_MAX_SCAN_PLAN_ITERATIONS = 0xe0 + NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN = 0x7c + NL80211_ATTR_MCAST_RATE = 0x6b + NL80211_ATTR_MDID = 0xb1 + NL80211_ATTR_MEASUREMENT_DURATION = 0xeb + NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY = 0xec + NL80211_ATTR_MESH_CONFIG = 0x23 + NL80211_ATTR_MESH_ID = 0x18 + NL80211_ATTR_MESH_PEER_AID = 0xed + NL80211_ATTR_MESH_SETUP = 0x70 + NL80211_ATTR_MGMT_SUBTYPE = 0x29 + NL80211_ATTR_MNTR_FLAGS = 0x17 + NL80211_ATTR_MPATH_INFO = 0x1b + NL80211_ATTR_MPATH_NEXT_HOP = 0x1a + NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED = 0xf4 + NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR = 0xe8 + NL80211_ATTR_MU_MIMO_GROUP_DATA = 0xe7 + NL80211_ATTR_NAN_FUNC = 0xf0 + NL80211_ATTR_NAN_MASTER_PREF = 0xee + NL80211_ATTR_NAN_MATCH = 0xf1 + NL80211_ATTR_NETNS_FD = 0xdb + NL80211_ATTR_NOACK_MAP = 0x95 + NL80211_ATTR_NSS = 0x106 + NL80211_ATTR_OFFCHANNEL_TX_OK = 0x6c + NL80211_ATTR_OPER_CLASS = 0xd6 + NL80211_ATTR_OPMODE_NOTIF = 0xc2 + NL80211_ATTR_P2P_CTWINDOW = 0xa2 + NL80211_ATTR_P2P_OPPPS = 0xa3 + NL80211_ATTR_PAD = 0xe5 + NL80211_ATTR_PBSS = 0xe2 + NL80211_ATTR_PEER_AID = 0xb5 + NL80211_ATTR_PEER_MEASUREMENTS = 0x111 + NL80211_ATTR_PID = 0x52 + NL80211_ATTR_PMK = 0xfe + NL80211_ATTR_PMKID = 0x55 + NL80211_ATTR_PMK_LIFETIME = 0x11f + NL80211_ATTR_PMKR0_NAME = 0x102 + NL80211_ATTR_PMK_REAUTH_THRESHOLD = 0x120 + NL80211_ATTR_PMKSA_CANDIDATE = 0x86 + NL80211_ATTR_PORT_AUTHORIZED = 0x103 + NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN = 0x5 + NL80211_ATTR_POWER_RULE_MAX_EIRP = 0x6 + NL80211_ATTR_PREV_BSSID = 0x4f + NL80211_ATTR_PRIVACY = 0x46 + NL80211_ATTR_PROBE_RESP = 0x91 + NL80211_ATTR_PROBE_RESP_OFFLOAD = 0x90 + NL80211_ATTR_PROTOCOL_FEATURES = 0xad + NL80211_ATTR_PS_STATE = 0x5d + NL80211_ATTR_QOS_MAP = 0xc7 + NL80211_ATTR_RADAR_EVENT = 0xa8 + NL80211_ATTR_REASON_CODE = 0x36 + NL80211_ATTR_RECEIVE_MULTICAST = 0x121 + NL80211_ATTR_RECONNECT_REQUESTED = 0x12b + NL80211_ATTR_REG_ALPHA2 = 0x21 + NL80211_ATTR_REG_INDOOR = 0xdd + NL80211_ATTR_REG_INITIATOR = 0x30 + NL80211_ATTR_REG_RULE_FLAGS = 0x1 + NL80211_ATTR_REG_RULES = 0x22 + NL80211_ATTR_REG_TYPE = 0x31 + NL80211_ATTR_REKEY_DATA = 0x7a + NL80211_ATTR_REQ_IE = 0x4d + NL80211_ATTR_RESP_IE = 0x4e + NL80211_ATTR_ROAM_SUPPORT = 0x83 + NL80211_ATTR_RX_FRAME_TYPES = 0x64 + NL80211_ATTR_RXMGMT_FLAGS = 0xbc + NL80211_ATTR_RX_SIGNAL_DBM = 0x97 + NL80211_ATTR_S1G_CAPABILITY = 0x128 + NL80211_ATTR_S1G_CAPABILITY_MASK = 0x129 + NL80211_ATTR_SAE_DATA = 0x9c + NL80211_ATTR_SAE_PASSWORD = 0x115 + NL80211_ATTR_SAE_PWE = 0x12a + NL80211_ATTR_SAR_SPEC = 0x12c + NL80211_ATTR_SCAN_FLAGS = 0x9e + NL80211_ATTR_SCAN_FREQ_KHZ = 0x124 + NL80211_ATTR_SCAN_FREQUENCIES = 0x2c + NL80211_ATTR_SCAN_GENERATION = 0x2e + NL80211_ATTR_SCAN_SSIDS = 0x2d + NL80211_ATTR_SCAN_START_TIME_TSF_BSSID = 0xea + NL80211_ATTR_SCAN_START_TIME_TSF = 0xe9 + NL80211_ATTR_SCAN_SUPP_RATES = 0x7d + NL80211_ATTR_SCHED_SCAN_DELAY = 0xdc + NL80211_ATTR_SCHED_SCAN_INTERVAL = 0x77 + NL80211_ATTR_SCHED_SCAN_MATCH = 0x84 + NL80211_ATTR_SCHED_SCAN_MATCH_SSID = 0x1 + NL80211_ATTR_SCHED_SCAN_MAX_REQS = 0x100 + NL80211_ATTR_SCHED_SCAN_MULTI = 0xff + NL80211_ATTR_SCHED_SCAN_PLANS = 0xe1 + NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI = 0xf6 + NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST = 0xf7 + NL80211_ATTR_SMPS_MODE = 0xd5 + NL80211_ATTR_SOCKET_OWNER = 0xcc + NL80211_ATTR_SOFTWARE_IFTYPES = 0x79 + NL80211_ATTR_SPLIT_WIPHY_DUMP = 0xae + NL80211_ATTR_SSID = 0x34 + NL80211_ATTR_STA_AID = 0x10 + NL80211_ATTR_STA_CAPABILITY = 0xab + NL80211_ATTR_STA_EXT_CAPABILITY = 0xac + NL80211_ATTR_STA_FLAGS2 = 0x43 + NL80211_ATTR_STA_FLAGS = 0x11 + NL80211_ATTR_STA_INFO = 0x15 + NL80211_ATTR_STA_LISTEN_INTERVAL = 0x12 + NL80211_ATTR_STA_PLINK_ACTION = 0x19 + NL80211_ATTR_STA_PLINK_STATE = 0x74 + NL80211_ATTR_STA_SUPPORTED_CHANNELS = 0xbd + NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES = 0xbe + NL80211_ATTR_STA_SUPPORTED_RATES = 0x13 + NL80211_ATTR_STA_SUPPORT_P2P_PS = 0xe4 + NL80211_ATTR_STATUS_CODE = 0x48 + NL80211_ATTR_STA_TX_POWER = 0x114 + NL80211_ATTR_STA_TX_POWER_SETTING = 0x113 + NL80211_ATTR_STA_VLAN = 0x14 + NL80211_ATTR_STA_WME = 0x81 + NL80211_ATTR_SUPPORT_10_MHZ = 0xc1 + NL80211_ATTR_SUPPORT_5_MHZ = 0xc0 + NL80211_ATTR_SUPPORT_AP_UAPSD = 0x82 + NL80211_ATTR_SUPPORTED_COMMANDS = 0x32 + NL80211_ATTR_SUPPORTED_IFTYPES = 0x20 + NL80211_ATTR_SUPPORT_IBSS_RSN = 0x68 + NL80211_ATTR_SUPPORT_MESH_AUTH = 0x73 + NL80211_ATTR_SURVEY_INFO = 0x54 + NL80211_ATTR_SURVEY_RADIO_STATS = 0xda + NL80211_ATTR_TDLS_ACTION = 0x88 + NL80211_ATTR_TDLS_DIALOG_TOKEN = 0x89 + NL80211_ATTR_TDLS_EXTERNAL_SETUP = 0x8c + NL80211_ATTR_TDLS_INITIATOR = 0xcf + NL80211_ATTR_TDLS_OPERATION = 0x8a + NL80211_ATTR_TDLS_PEER_CAPABILITY = 0xcb + NL80211_ATTR_TDLS_SUPPORT = 0x8b + NL80211_ATTR_TESTDATA = 0x45 + NL80211_ATTR_TID_CONFIG = 0x11d + NL80211_ATTR_TIMED_OUT = 0x41 + NL80211_ATTR_TIMEOUT = 0x110 + NL80211_ATTR_TIMEOUT_REASON = 0xf8 + NL80211_ATTR_TSID = 0xd2 + NL80211_ATTR_TWT_RESPONDER = 0x116 + NL80211_ATTR_TX_FRAME_TYPES = 0x63 + NL80211_ATTR_TX_NO_CCK_RATE = 0x87 + NL80211_ATTR_TXQ_LIMIT = 0x10a + NL80211_ATTR_TXQ_MEMORY_LIMIT = 0x10b + NL80211_ATTR_TXQ_QUANTUM = 0x10c + NL80211_ATTR_TXQ_STATS = 0x109 + NL80211_ATTR_TX_RATES = 0x5a + NL80211_ATTR_UNSOL_BCAST_PROBE_RESP = 0x127 + NL80211_ATTR_UNSPEC = 0x0 + NL80211_ATTR_USE_MFP = 0x42 + NL80211_ATTR_USER_PRIO = 0xd3 + NL80211_ATTR_USER_REG_HINT_TYPE = 0x9a + NL80211_ATTR_USE_RRM = 0xd0 + NL80211_ATTR_VENDOR_DATA = 0xc5 + NL80211_ATTR_VENDOR_EVENTS = 0xc6 + NL80211_ATTR_VENDOR_ID = 0xc3 + NL80211_ATTR_VENDOR_SUBCMD = 0xc4 + NL80211_ATTR_VHT_CAPABILITY = 0x9d + NL80211_ATTR_VHT_CAPABILITY_MASK = 0xb0 + NL80211_ATTR_VLAN_ID = 0x11a + NL80211_ATTR_WANT_1X_4WAY_HS = 0x101 + NL80211_ATTR_WDEV = 0x99 + NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX = 0x72 + NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX = 0x71 + NL80211_ATTR_WIPHY_ANTENNA_RX = 0x6a + NL80211_ATTR_WIPHY_ANTENNA_TX = 0x69 + NL80211_ATTR_WIPHY_BANDS = 0x16 + NL80211_ATTR_WIPHY_CHANNEL_TYPE = 0x27 + NL80211_ATTR_WIPHY = 0x1 + NL80211_ATTR_WIPHY_COVERAGE_CLASS = 0x59 + NL80211_ATTR_WIPHY_DYN_ACK = 0xd1 + NL80211_ATTR_WIPHY_EDMG_BW_CONFIG = 0x119 + NL80211_ATTR_WIPHY_EDMG_CHANNELS = 0x118 + NL80211_ATTR_WIPHY_FRAG_THRESHOLD = 0x3f + NL80211_ATTR_WIPHY_FREQ = 0x26 + NL80211_ATTR_WIPHY_FREQ_HINT = 0xc9 + NL80211_ATTR_WIPHY_FREQ_OFFSET = 0x122 + NL80211_ATTR_WIPHY_NAME = 0x2 + NL80211_ATTR_WIPHY_RETRY_LONG = 0x3e + NL80211_ATTR_WIPHY_RETRY_SHORT = 0x3d + NL80211_ATTR_WIPHY_RTS_THRESHOLD = 0x40 + NL80211_ATTR_WIPHY_SELF_MANAGED_REG = 0xd8 + NL80211_ATTR_WIPHY_TX_POWER_LEVEL = 0x62 + NL80211_ATTR_WIPHY_TX_POWER_SETTING = 0x61 + NL80211_ATTR_WIPHY_TXQ_PARAMS = 0x25 + NL80211_ATTR_WOWLAN_TRIGGERS = 0x75 + NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED = 0x76 + NL80211_ATTR_WPA_VERSIONS = 0x4b + NL80211_AUTHTYPE_AUTOMATIC = 0x8 + NL80211_AUTHTYPE_FILS_PK = 0x7 + NL80211_AUTHTYPE_FILS_SK = 0x5 + NL80211_AUTHTYPE_FILS_SK_PFS = 0x6 + NL80211_AUTHTYPE_FT = 0x2 + NL80211_AUTHTYPE_MAX = 0x7 + NL80211_AUTHTYPE_NETWORK_EAP = 0x3 + NL80211_AUTHTYPE_OPEN_SYSTEM = 0x0 + NL80211_AUTHTYPE_SAE = 0x4 + NL80211_AUTHTYPE_SHARED_KEY = 0x1 + NL80211_BAND_2GHZ = 0x0 + NL80211_BAND_5GHZ = 0x1 + NL80211_BAND_60GHZ = 0x2 + NL80211_BAND_6GHZ = 0x3 + NL80211_BAND_ATTR_EDMG_BW_CONFIG = 0xb + NL80211_BAND_ATTR_EDMG_CHANNELS = 0xa + NL80211_BAND_ATTR_FREQS = 0x1 + NL80211_BAND_ATTR_HT_AMPDU_DENSITY = 0x6 + NL80211_BAND_ATTR_HT_AMPDU_FACTOR = 0x5 + NL80211_BAND_ATTR_HT_CAPA = 0x4 + NL80211_BAND_ATTR_HT_MCS_SET = 0x3 + NL80211_BAND_ATTR_IFTYPE_DATA = 0x9 + NL80211_BAND_ATTR_MAX = 0xb + NL80211_BAND_ATTR_RATES = 0x2 + NL80211_BAND_ATTR_VHT_CAPA = 0x8 + NL80211_BAND_ATTR_VHT_MCS_SET = 0x7 + NL80211_BAND_IFTYPE_ATTR_HE_6GHZ_CAPA = 0x6 + NL80211_BAND_IFTYPE_ATTR_HE_CAP_MAC = 0x2 + NL80211_BAND_IFTYPE_ATTR_HE_CAP_MCS_SET = 0x4 + NL80211_BAND_IFTYPE_ATTR_HE_CAP_PHY = 0x3 + NL80211_BAND_IFTYPE_ATTR_HE_CAP_PPE = 0x5 + NL80211_BAND_IFTYPE_ATTR_IFTYPES = 0x1 + NL80211_BAND_IFTYPE_ATTR_MAX = 0x7 + NL80211_BAND_S1GHZ = 0x4 + NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE = 0x2 + NL80211_BITRATE_ATTR_MAX = 0x2 + NL80211_BITRATE_ATTR_RATE = 0x1 + NL80211_BSS_BEACON_IES = 0xb + NL80211_BSS_BEACON_INTERVAL = 0x4 + NL80211_BSS_BEACON_TSF = 0xd + NL80211_BSS_BSSID = 0x1 + NL80211_BSS_CAPABILITY = 0x5 + NL80211_BSS_CHAIN_SIGNAL = 0x13 + NL80211_BSS_CHAN_WIDTH_10 = 0x1 + NL80211_BSS_CHAN_WIDTH_1 = 0x3 + NL80211_BSS_CHAN_WIDTH_20 = 0x0 + NL80211_BSS_CHAN_WIDTH_2 = 0x4 + NL80211_BSS_CHAN_WIDTH_5 = 0x2 + NL80211_BSS_CHAN_WIDTH = 0xc + NL80211_BSS_FREQUENCY = 0x2 + NL80211_BSS_FREQUENCY_OFFSET = 0x14 + NL80211_BSS_INFORMATION_ELEMENTS = 0x6 + NL80211_BSS_LAST_SEEN_BOOTTIME = 0xf + NL80211_BSS_MAX = 0x14 + NL80211_BSS_PAD = 0x10 + NL80211_BSS_PARENT_BSSID = 0x12 + NL80211_BSS_PARENT_TSF = 0x11 + NL80211_BSS_PRESP_DATA = 0xe + NL80211_BSS_SEEN_MS_AGO = 0xa + NL80211_BSS_SELECT_ATTR_BAND_PREF = 0x2 + NL80211_BSS_SELECT_ATTR_MAX = 0x3 + NL80211_BSS_SELECT_ATTR_RSSI_ADJUST = 0x3 + NL80211_BSS_SELECT_ATTR_RSSI = 0x1 + NL80211_BSS_SIGNAL_MBM = 0x7 + NL80211_BSS_SIGNAL_UNSPEC = 0x8 + NL80211_BSS_STATUS_ASSOCIATED = 0x1 + NL80211_BSS_STATUS_AUTHENTICATED = 0x0 + NL80211_BSS_STATUS = 0x9 + NL80211_BSS_STATUS_IBSS_JOINED = 0x2 + NL80211_BSS_TSF = 0x3 + NL80211_CHAN_HT20 = 0x1 + NL80211_CHAN_HT40MINUS = 0x2 + NL80211_CHAN_HT40PLUS = 0x3 + NL80211_CHAN_NO_HT = 0x0 + NL80211_CHAN_WIDTH_10 = 0x7 + NL80211_CHAN_WIDTH_160 = 0x5 + NL80211_CHAN_WIDTH_16 = 0xc + NL80211_CHAN_WIDTH_1 = 0x8 + NL80211_CHAN_WIDTH_20 = 0x1 + NL80211_CHAN_WIDTH_20_NOHT = 0x0 + NL80211_CHAN_WIDTH_2 = 0x9 + NL80211_CHAN_WIDTH_40 = 0x2 + NL80211_CHAN_WIDTH_4 = 0xa + NL80211_CHAN_WIDTH_5 = 0x6 + NL80211_CHAN_WIDTH_80 = 0x3 + NL80211_CHAN_WIDTH_80P80 = 0x4 + NL80211_CHAN_WIDTH_8 = 0xb + NL80211_CMD_ABORT_SCAN = 0x72 + NL80211_CMD_ACTION = 0x3b + NL80211_CMD_ACTION_TX_STATUS = 0x3c + NL80211_CMD_ADD_NAN_FUNCTION = 0x75 + NL80211_CMD_ADD_TX_TS = 0x69 + NL80211_CMD_ASSOCIATE = 0x26 + NL80211_CMD_AUTHENTICATE = 0x25 + NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL = 0x38 + NL80211_CMD_CHANGE_NAN_CONFIG = 0x77 + NL80211_CMD_CHANNEL_SWITCH = 0x66 + NL80211_CMD_CH_SWITCH_NOTIFY = 0x58 + NL80211_CMD_CH_SWITCH_STARTED_NOTIFY = 0x6e + NL80211_CMD_CONNECT = 0x2e + NL80211_CMD_CONN_FAILED = 0x5b + NL80211_CMD_CONTROL_PORT_FRAME = 0x81 + NL80211_CMD_CONTROL_PORT_FRAME_TX_STATUS = 0x8b + NL80211_CMD_CRIT_PROTOCOL_START = 0x62 + NL80211_CMD_CRIT_PROTOCOL_STOP = 0x63 + NL80211_CMD_DEAUTHENTICATE = 0x27 + NL80211_CMD_DEL_BEACON = 0x10 + NL80211_CMD_DEL_INTERFACE = 0x8 + NL80211_CMD_DEL_KEY = 0xc + NL80211_CMD_DEL_MPATH = 0x18 + NL80211_CMD_DEL_NAN_FUNCTION = 0x76 + NL80211_CMD_DEL_PMK = 0x7c + NL80211_CMD_DEL_PMKSA = 0x35 + NL80211_CMD_DEL_STATION = 0x14 + NL80211_CMD_DEL_TX_TS = 0x6a + NL80211_CMD_DEL_WIPHY = 0x4 + NL80211_CMD_DISASSOCIATE = 0x28 + NL80211_CMD_DISCONNECT = 0x30 + NL80211_CMD_EXTERNAL_AUTH = 0x7f + NL80211_CMD_FLUSH_PMKSA = 0x36 + NL80211_CMD_FRAME = 0x3b + NL80211_CMD_FRAME_TX_STATUS = 0x3c + NL80211_CMD_FRAME_WAIT_CANCEL = 0x43 + NL80211_CMD_FT_EVENT = 0x61 + NL80211_CMD_GET_BEACON = 0xd + NL80211_CMD_GET_COALESCE = 0x64 + NL80211_CMD_GET_FTM_RESPONDER_STATS = 0x82 + NL80211_CMD_GET_INTERFACE = 0x5 + NL80211_CMD_GET_KEY = 0x9 + NL80211_CMD_GET_MESH_CONFIG = 0x1c + NL80211_CMD_GET_MESH_PARAMS = 0x1c + NL80211_CMD_GET_MPATH = 0x15 + NL80211_CMD_GET_MPP = 0x6b + NL80211_CMD_GET_POWER_SAVE = 0x3e + NL80211_CMD_GET_PROTOCOL_FEATURES = 0x5f + NL80211_CMD_GET_REG = 0x1f + NL80211_CMD_GET_SCAN = 0x20 + NL80211_CMD_GET_STATION = 0x11 + NL80211_CMD_GET_SURVEY = 0x32 + NL80211_CMD_GET_WIPHY = 0x1 + NL80211_CMD_GET_WOWLAN = 0x49 + NL80211_CMD_JOIN_IBSS = 0x2b + NL80211_CMD_JOIN_MESH = 0x44 + NL80211_CMD_JOIN_OCB = 0x6c + NL80211_CMD_LEAVE_IBSS = 0x2c + NL80211_CMD_LEAVE_MESH = 0x45 + NL80211_CMD_LEAVE_OCB = 0x6d + NL80211_CMD_MAX = 0x92 + NL80211_CMD_MICHAEL_MIC_FAILURE = 0x29 + NL80211_CMD_NAN_MATCH = 0x78 + NL80211_CMD_NEW_BEACON = 0xf + NL80211_CMD_NEW_INTERFACE = 0x7 + NL80211_CMD_NEW_KEY = 0xb + NL80211_CMD_NEW_MPATH = 0x17 + NL80211_CMD_NEW_PEER_CANDIDATE = 0x48 + NL80211_CMD_NEW_SCAN_RESULTS = 0x22 + NL80211_CMD_NEW_STATION = 0x13 + NL80211_CMD_NEW_SURVEY_RESULTS = 0x33 + NL80211_CMD_NEW_WIPHY = 0x3 + NL80211_CMD_NOTIFY_CQM = 0x40 + NL80211_CMD_NOTIFY_RADAR = 0x86 + NL80211_CMD_PEER_MEASUREMENT_COMPLETE = 0x85 + NL80211_CMD_PEER_MEASUREMENT_RESULT = 0x84 + NL80211_CMD_PEER_MEASUREMENT_START = 0x83 + NL80211_CMD_PMKSA_CANDIDATE = 0x50 + NL80211_CMD_PORT_AUTHORIZED = 0x7d + NL80211_CMD_PROBE_CLIENT = 0x54 + NL80211_CMD_PROBE_MESH_LINK = 0x88 + NL80211_CMD_RADAR_DETECT = 0x5e + NL80211_CMD_REG_BEACON_HINT = 0x2a + NL80211_CMD_REG_CHANGE = 0x24 + NL80211_CMD_REGISTER_ACTION = 0x3a + NL80211_CMD_REGISTER_BEACONS = 0x55 + NL80211_CMD_REGISTER_FRAME = 0x3a + NL80211_CMD_RELOAD_REGDB = 0x7e + NL80211_CMD_REMAIN_ON_CHANNEL = 0x37 + NL80211_CMD_REQ_SET_REG = 0x1b + NL80211_CMD_ROAM = 0x2f + NL80211_CMD_SCAN_ABORTED = 0x23 + NL80211_CMD_SCHED_SCAN_RESULTS = 0x4d + NL80211_CMD_SCHED_SCAN_STOPPED = 0x4e + NL80211_CMD_SET_BEACON = 0xe + NL80211_CMD_SET_BSS = 0x19 + NL80211_CMD_SET_CHANNEL = 0x41 + NL80211_CMD_SET_COALESCE = 0x65 + NL80211_CMD_SET_CQM = 0x3f + NL80211_CMD_SET_INTERFACE = 0x6 + NL80211_CMD_SET_KEY = 0xa + NL80211_CMD_SET_MAC_ACL = 0x5d + NL80211_CMD_SET_MCAST_RATE = 0x5c + NL80211_CMD_SET_MESH_CONFIG = 0x1d + NL80211_CMD_SET_MESH_PARAMS = 0x1d + NL80211_CMD_SET_MGMT_EXTRA_IE = 0x1e + NL80211_CMD_SET_MPATH = 0x16 + NL80211_CMD_SET_MULTICAST_TO_UNICAST = 0x79 + NL80211_CMD_SET_NOACK_MAP = 0x57 + NL80211_CMD_SET_PMK = 0x7b + NL80211_CMD_SET_PMKSA = 0x34 + NL80211_CMD_SET_POWER_SAVE = 0x3d + NL80211_CMD_SET_QOS_MAP = 0x68 + NL80211_CMD_SET_REG = 0x1a + NL80211_CMD_SET_REKEY_OFFLOAD = 0x4f + NL80211_CMD_SET_SAR_SPECS = 0x8c + NL80211_CMD_SET_STATION = 0x12 + NL80211_CMD_SET_TID_CONFIG = 0x89 + NL80211_CMD_SET_TX_BITRATE_MASK = 0x39 + NL80211_CMD_SET_WDS_PEER = 0x42 + NL80211_CMD_SET_WIPHY = 0x2 + NL80211_CMD_SET_WIPHY_NETNS = 0x31 + NL80211_CMD_SET_WOWLAN = 0x4a + NL80211_CMD_STA_OPMODE_CHANGED = 0x80 + NL80211_CMD_START_AP = 0xf + NL80211_CMD_START_NAN = 0x73 + NL80211_CMD_START_P2P_DEVICE = 0x59 + NL80211_CMD_START_SCHED_SCAN = 0x4b + NL80211_CMD_STOP_AP = 0x10 + NL80211_CMD_STOP_NAN = 0x74 + NL80211_CMD_STOP_P2P_DEVICE = 0x5a + NL80211_CMD_STOP_SCHED_SCAN = 0x4c + NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH = 0x70 + NL80211_CMD_TDLS_CHANNEL_SWITCH = 0x6f + NL80211_CMD_TDLS_MGMT = 0x52 + NL80211_CMD_TDLS_OPER = 0x51 + NL80211_CMD_TESTMODE = 0x2d + NL80211_CMD_TRIGGER_SCAN = 0x21 + NL80211_CMD_UNEXPECTED_4ADDR_FRAME = 0x56 + NL80211_CMD_UNEXPECTED_FRAME = 0x53 + NL80211_CMD_UNPROT_BEACON = 0x8a + NL80211_CMD_UNPROT_DEAUTHENTICATE = 0x46 + NL80211_CMD_UNPROT_DISASSOCIATE = 0x47 + NL80211_CMD_UNSPEC = 0x0 + NL80211_CMD_UPDATE_CONNECT_PARAMS = 0x7a + NL80211_CMD_UPDATE_FT_IES = 0x60 + NL80211_CMD_UPDATE_OWE_INFO = 0x87 + NL80211_CMD_VENDOR = 0x67 + NL80211_CMD_WIPHY_REG_CHANGE = 0x71 + NL80211_COALESCE_CONDITION_MATCH = 0x0 + NL80211_COALESCE_CONDITION_NO_MATCH = 0x1 + NL80211_CONN_FAIL_BLOCKED_CLIENT = 0x1 + NL80211_CONN_FAIL_MAX_CLIENTS = 0x0 + NL80211_CQM_RSSI_BEACON_LOSS_EVENT = 0x2 + NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH = 0x1 + NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW = 0x0 + NL80211_CQM_TXE_MAX_INTVL = 0x708 + NL80211_CRIT_PROTO_APIPA = 0x3 + NL80211_CRIT_PROTO_DHCP = 0x1 + NL80211_CRIT_PROTO_EAPOL = 0x2 + NL80211_CRIT_PROTO_MAX_DURATION = 0x1388 + NL80211_CRIT_PROTO_UNSPEC = 0x0 + NL80211_DFS_AVAILABLE = 0x2 + NL80211_DFS_ETSI = 0x2 + NL80211_DFS_FCC = 0x1 + NL80211_DFS_JP = 0x3 + NL80211_DFS_UNAVAILABLE = 0x1 + NL80211_DFS_UNSET = 0x0 + NL80211_DFS_USABLE = 0x0 + NL80211_EDMG_BW_CONFIG_MAX = 0xf + NL80211_EDMG_BW_CONFIG_MIN = 0x4 + NL80211_EDMG_CHANNELS_MAX = 0x3c + NL80211_EDMG_CHANNELS_MIN = 0x1 + NL80211_EXTERNAL_AUTH_ABORT = 0x1 + NL80211_EXTERNAL_AUTH_START = 0x0 + NL80211_EXT_FEATURE_4WAY_HANDSHAKE_AP_PSK = 0x32 + NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X = 0x10 + NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK = 0xf + NL80211_EXT_FEATURE_ACCEPT_BCAST_PROBE_RESP = 0x12 + NL80211_EXT_FEATURE_ACK_SIGNAL_SUPPORT = 0x1b + NL80211_EXT_FEATURE_AIRTIME_FAIRNESS = 0x21 + NL80211_EXT_FEATURE_AP_PMKSA_CACHING = 0x22 + NL80211_EXT_FEATURE_AQL = 0x28 + NL80211_EXT_FEATURE_BEACON_PROTECTION_CLIENT = 0x2e + NL80211_EXT_FEATURE_BEACON_PROTECTION = 0x29 + NL80211_EXT_FEATURE_BEACON_RATE_HE = 0x36 + NL80211_EXT_FEATURE_BEACON_RATE_HT = 0x7 + NL80211_EXT_FEATURE_BEACON_RATE_LEGACY = 0x6 + NL80211_EXT_FEATURE_BEACON_RATE_VHT = 0x8 + NL80211_EXT_FEATURE_BSS_PARENT_TSF = 0x4 + NL80211_EXT_FEATURE_CAN_REPLACE_PTK0 = 0x1f + NL80211_EXT_FEATURE_CONTROL_PORT_NO_PREAUTH = 0x2a + NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211 = 0x1a + NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211_TX_STATUS = 0x30 + NL80211_EXT_FEATURE_CQM_RSSI_LIST = 0xd + NL80211_EXT_FEATURE_DATA_ACK_SIGNAL_SUPPORT = 0x1b + NL80211_EXT_FEATURE_DEL_IBSS_STA = 0x2c + NL80211_EXT_FEATURE_DFS_OFFLOAD = 0x19 + NL80211_EXT_FEATURE_ENABLE_FTM_RESPONDER = 0x20 + NL80211_EXT_FEATURE_EXT_KEY_ID = 0x24 + NL80211_EXT_FEATURE_FILS_DISCOVERY = 0x34 + NL80211_EXT_FEATURE_FILS_MAX_CHANNEL_TIME = 0x11 + NL80211_EXT_FEATURE_FILS_SK_OFFLOAD = 0xe + NL80211_EXT_FEATURE_FILS_STA = 0x9 + NL80211_EXT_FEATURE_HIGH_ACCURACY_SCAN = 0x18 + NL80211_EXT_FEATURE_LOW_POWER_SCAN = 0x17 + NL80211_EXT_FEATURE_LOW_SPAN_SCAN = 0x16 + NL80211_EXT_FEATURE_MFP_OPTIONAL = 0x15 + NL80211_EXT_FEATURE_MGMT_TX_RANDOM_TA = 0xa + NL80211_EXT_FEATURE_MGMT_TX_RANDOM_TA_CONNECTED = 0xb + NL80211_EXT_FEATURE_MULTICAST_REGISTRATIONS = 0x2d + NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER = 0x2 + NL80211_EXT_FEATURE_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION = 0x14 + NL80211_EXT_FEATURE_OCE_PROBE_REQ_HIGH_TX_RATE = 0x13 + NL80211_EXT_FEATURE_OPERATING_CHANNEL_VALIDATION = 0x31 + NL80211_EXT_FEATURE_PROTECTED_TWT = 0x2b + NL80211_EXT_FEATURE_PROT_RANGE_NEGO_AND_MEASURE = 0x39 + NL80211_EXT_FEATURE_RRM = 0x1 + NL80211_EXT_FEATURE_SAE_OFFLOAD_AP = 0x33 + NL80211_EXT_FEATURE_SAE_OFFLOAD = 0x26 + NL80211_EXT_FEATURE_SCAN_FREQ_KHZ = 0x2f + NL80211_EXT_FEATURE_SCAN_MIN_PREQ_CONTENT = 0x1e + NL80211_EXT_FEATURE_SCAN_RANDOM_SN = 0x1d + NL80211_EXT_FEATURE_SCAN_START_TIME = 0x3 + NL80211_EXT_FEATURE_SCHED_SCAN_BAND_SPECIFIC_RSSI_THOLD = 0x23 + NL80211_EXT_FEATURE_SCHED_SCAN_RELATIVE_RSSI = 0xc + NL80211_EXT_FEATURE_SECURE_LTF = 0x37 + NL80211_EXT_FEATURE_SECURE_RTT = 0x38 + NL80211_EXT_FEATURE_SET_SCAN_DWELL = 0x5 + NL80211_EXT_FEATURE_STA_TX_PWR = 0x25 + NL80211_EXT_FEATURE_TXQS = 0x1c + NL80211_EXT_FEATURE_UNSOL_BCAST_PROBE_RESP = 0x35 + NL80211_EXT_FEATURE_VHT_IBSS = 0x0 + NL80211_EXT_FEATURE_VLAN_OFFLOAD = 0x27 + NL80211_FEATURE_ACKTO_ESTIMATION = 0x800000 + NL80211_FEATURE_ACTIVE_MONITOR = 0x20000 + NL80211_FEATURE_ADVERTISE_CHAN_LIMITS = 0x4000 + NL80211_FEATURE_AP_MODE_CHAN_WIDTH_CHANGE = 0x40000 + NL80211_FEATURE_AP_SCAN = 0x100 + NL80211_FEATURE_CELL_BASE_REG_HINTS = 0x8 + NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES = 0x80000 + NL80211_FEATURE_DYNAMIC_SMPS = 0x2000000 + NL80211_FEATURE_FULL_AP_CLIENT_STATE = 0x8000 + NL80211_FEATURE_HT_IBSS = 0x2 + NL80211_FEATURE_INACTIVITY_TIMER = 0x4 + NL80211_FEATURE_LOW_PRIORITY_SCAN = 0x40 + NL80211_FEATURE_MAC_ON_CREATE = 0x8000000 + NL80211_FEATURE_ND_RANDOM_MAC_ADDR = 0x80000000 + NL80211_FEATURE_NEED_OBSS_SCAN = 0x400 + NL80211_FEATURE_P2P_DEVICE_NEEDS_CHANNEL = 0x10 + NL80211_FEATURE_P2P_GO_CTWIN = 0x800 + NL80211_FEATURE_P2P_GO_OPPPS = 0x1000 + NL80211_FEATURE_QUIET = 0x200000 + NL80211_FEATURE_SAE = 0x20 + NL80211_FEATURE_SCAN_FLUSH = 0x80 + NL80211_FEATURE_SCAN_RANDOM_MAC_ADDR = 0x20000000 + NL80211_FEATURE_SCHED_SCAN_RANDOM_MAC_ADDR = 0x40000000 + NL80211_FEATURE_SK_TX_STATUS = 0x1 + NL80211_FEATURE_STATIC_SMPS = 0x1000000 + NL80211_FEATURE_SUPPORTS_WMM_ADMISSION = 0x4000000 + NL80211_FEATURE_TDLS_CHANNEL_SWITCH = 0x10000000 + NL80211_FEATURE_TX_POWER_INSERTION = 0x400000 + NL80211_FEATURE_USERSPACE_MPM = 0x10000 + NL80211_FEATURE_VIF_TXPOWER = 0x200 + NL80211_FEATURE_WFA_TPC_IE_IN_PROBES = 0x100000 + NL80211_FILS_DISCOVERY_ATTR_INT_MAX = 0x2 + NL80211_FILS_DISCOVERY_ATTR_INT_MIN = 0x1 + NL80211_FILS_DISCOVERY_ATTR_MAX = 0x3 + NL80211_FILS_DISCOVERY_ATTR_TMPL = 0x3 + NL80211_FILS_DISCOVERY_TMPL_MIN_LEN = 0x2a + NL80211_FREQUENCY_ATTR_16MHZ = 0x19 + NL80211_FREQUENCY_ATTR_1MHZ = 0x15 + NL80211_FREQUENCY_ATTR_2MHZ = 0x16 + NL80211_FREQUENCY_ATTR_4MHZ = 0x17 + NL80211_FREQUENCY_ATTR_8MHZ = 0x18 + NL80211_FREQUENCY_ATTR_DFS_CAC_TIME = 0xd + NL80211_FREQUENCY_ATTR_DFS_STATE = 0x7 + NL80211_FREQUENCY_ATTR_DFS_TIME = 0x8 + NL80211_FREQUENCY_ATTR_DISABLED = 0x2 + NL80211_FREQUENCY_ATTR_FREQ = 0x1 + NL80211_FREQUENCY_ATTR_GO_CONCURRENT = 0xf + NL80211_FREQUENCY_ATTR_INDOOR_ONLY = 0xe + NL80211_FREQUENCY_ATTR_IR_CONCURRENT = 0xf + NL80211_FREQUENCY_ATTR_MAX = 0x19 + NL80211_FREQUENCY_ATTR_MAX_TX_POWER = 0x6 + NL80211_FREQUENCY_ATTR_NO_10MHZ = 0x11 + NL80211_FREQUENCY_ATTR_NO_160MHZ = 0xc + NL80211_FREQUENCY_ATTR_NO_20MHZ = 0x10 + NL80211_FREQUENCY_ATTR_NO_80MHZ = 0xb + NL80211_FREQUENCY_ATTR_NO_HE = 0x13 + NL80211_FREQUENCY_ATTR_NO_HT40_MINUS = 0x9 + NL80211_FREQUENCY_ATTR_NO_HT40_PLUS = 0xa + NL80211_FREQUENCY_ATTR_NO_IBSS = 0x3 + NL80211_FREQUENCY_ATTR_NO_IR = 0x3 + NL80211_FREQUENCY_ATTR_OFFSET = 0x14 + NL80211_FREQUENCY_ATTR_PASSIVE_SCAN = 0x3 + NL80211_FREQUENCY_ATTR_RADAR = 0x5 + NL80211_FREQUENCY_ATTR_WMM = 0x12 + NL80211_FTM_RESP_ATTR_CIVICLOC = 0x3 + NL80211_FTM_RESP_ATTR_ENABLED = 0x1 + NL80211_FTM_RESP_ATTR_LCI = 0x2 + NL80211_FTM_RESP_ATTR_MAX = 0x3 + NL80211_FTM_STATS_ASAP_NUM = 0x4 + NL80211_FTM_STATS_FAILED_NUM = 0x3 + NL80211_FTM_STATS_MAX = 0xa + NL80211_FTM_STATS_NON_ASAP_NUM = 0x5 + NL80211_FTM_STATS_OUT_OF_WINDOW_TRIGGERS_NUM = 0x9 + NL80211_FTM_STATS_PAD = 0xa + NL80211_FTM_STATS_PARTIAL_NUM = 0x2 + NL80211_FTM_STATS_RESCHEDULE_REQUESTS_NUM = 0x8 + NL80211_FTM_STATS_SUCCESS_NUM = 0x1 + NL80211_FTM_STATS_TOTAL_DURATION_MSEC = 0x6 + NL80211_FTM_STATS_UNKNOWN_TRIGGERS_NUM = 0x7 + NL80211_GENL_NAME = "nl80211" + NL80211_HE_BSS_COLOR_ATTR_COLOR = 0x1 + NL80211_HE_BSS_COLOR_ATTR_DISABLED = 0x2 + NL80211_HE_BSS_COLOR_ATTR_MAX = 0x3 + NL80211_HE_BSS_COLOR_ATTR_PARTIAL = 0x3 + NL80211_HE_MAX_CAPABILITY_LEN = 0x36 + NL80211_HE_MIN_CAPABILITY_LEN = 0x10 + NL80211_HE_NSS_MAX = 0x8 + NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP = 0x4 + NL80211_HE_OBSS_PD_ATTR_MAX = 0x6 + NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET = 0x2 + NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET = 0x1 + NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET = 0x3 + NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP = 0x5 + NL80211_HE_OBSS_PD_ATTR_SR_CTRL = 0x6 + NL80211_HIDDEN_SSID_NOT_IN_USE = 0x0 + NL80211_HIDDEN_SSID_ZERO_CONTENTS = 0x2 + NL80211_HIDDEN_SSID_ZERO_LEN = 0x1 + NL80211_HT_CAPABILITY_LEN = 0x1a + NL80211_IFACE_COMB_BI_MIN_GCD = 0x7 + NL80211_IFACE_COMB_LIMITS = 0x1 + NL80211_IFACE_COMB_MAXNUM = 0x2 + NL80211_IFACE_COMB_NUM_CHANNELS = 0x4 + NL80211_IFACE_COMB_RADAR_DETECT_REGIONS = 0x6 + NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS = 0x5 + NL80211_IFACE_COMB_STA_AP_BI_MATCH = 0x3 + NL80211_IFACE_COMB_UNSPEC = 0x0 + NL80211_IFACE_LIMIT_MAX = 0x1 + NL80211_IFACE_LIMIT_TYPES = 0x2 + NL80211_IFACE_LIMIT_UNSPEC = 0x0 + NL80211_IFTYPE_ADHOC = 0x1 + NL80211_IFTYPE_AKM_ATTR_IFTYPES = 0x1 + NL80211_IFTYPE_AKM_ATTR_MAX = 0x2 + NL80211_IFTYPE_AKM_ATTR_SUITES = 0x2 + NL80211_IFTYPE_AP = 0x3 + NL80211_IFTYPE_AP_VLAN = 0x4 + NL80211_IFTYPE_MAX = 0xc + NL80211_IFTYPE_MESH_POINT = 0x7 + NL80211_IFTYPE_MONITOR = 0x6 + NL80211_IFTYPE_NAN = 0xc + NL80211_IFTYPE_OCB = 0xb + NL80211_IFTYPE_P2P_CLIENT = 0x8 + NL80211_IFTYPE_P2P_DEVICE = 0xa + NL80211_IFTYPE_P2P_GO = 0x9 + NL80211_IFTYPE_STATION = 0x2 + NL80211_IFTYPE_UNSPECIFIED = 0x0 + NL80211_IFTYPE_WDS = 0x5 + NL80211_KCK_EXT_LEN = 0x18 + NL80211_KCK_LEN = 0x10 + NL80211_KEK_EXT_LEN = 0x20 + NL80211_KEK_LEN = 0x10 + NL80211_KEY_CIPHER = 0x3 + NL80211_KEY_DATA = 0x1 + NL80211_KEY_DEFAULT_BEACON = 0xa + NL80211_KEY_DEFAULT = 0x5 + NL80211_KEY_DEFAULT_MGMT = 0x6 + NL80211_KEY_DEFAULT_TYPE_MULTICAST = 0x2 + NL80211_KEY_DEFAULT_TYPES = 0x8 + NL80211_KEY_DEFAULT_TYPE_UNICAST = 0x1 + NL80211_KEY_IDX = 0x2 + NL80211_KEY_MAX = 0xa + NL80211_KEY_MODE = 0x9 + NL80211_KEY_NO_TX = 0x1 + NL80211_KEY_RX_TX = 0x0 + NL80211_KEY_SEQ = 0x4 + NL80211_KEY_SET_TX = 0x2 + NL80211_KEY_TYPE = 0x7 + NL80211_KEYTYPE_GROUP = 0x0 + NL80211_KEYTYPE_PAIRWISE = 0x1 + NL80211_KEYTYPE_PEERKEY = 0x2 + NL80211_MAX_NR_AKM_SUITES = 0x2 + NL80211_MAX_NR_CIPHER_SUITES = 0x5 + NL80211_MAX_SUPP_HT_RATES = 0x4d + NL80211_MAX_SUPP_RATES = 0x20 + NL80211_MAX_SUPP_REG_RULES = 0x80 + NL80211_MESHCONF_ATTR_MAX = 0x1f + NL80211_MESHCONF_AUTO_OPEN_PLINKS = 0x7 + NL80211_MESHCONF_AWAKE_WINDOW = 0x1b + NL80211_MESHCONF_CONFIRM_TIMEOUT = 0x2 + NL80211_MESHCONF_CONNECTED_TO_AS = 0x1f + NL80211_MESHCONF_CONNECTED_TO_GATE = 0x1d + NL80211_MESHCONF_ELEMENT_TTL = 0xf + NL80211_MESHCONF_FORWARDING = 0x13 + NL80211_MESHCONF_GATE_ANNOUNCEMENTS = 0x11 + NL80211_MESHCONF_HOLDING_TIMEOUT = 0x3 + NL80211_MESHCONF_HT_OPMODE = 0x16 + NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT = 0xb + NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL = 0x19 + NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES = 0x8 + NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME = 0xd + NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT = 0x17 + NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL = 0x12 + NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL = 0xc + NL80211_MESHCONF_HWMP_RANN_INTERVAL = 0x10 + NL80211_MESHCONF_HWMP_ROOT_INTERVAL = 0x18 + NL80211_MESHCONF_HWMP_ROOTMODE = 0xe + NL80211_MESHCONF_MAX_PEER_LINKS = 0x4 + NL80211_MESHCONF_MAX_RETRIES = 0x5 + NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT = 0xa + NL80211_MESHCONF_NOLEARN = 0x1e + NL80211_MESHCONF_PATH_REFRESH_TIME = 0x9 + NL80211_MESHCONF_PLINK_TIMEOUT = 0x1c + NL80211_MESHCONF_POWER_MODE = 0x1a + NL80211_MESHCONF_RETRY_TIMEOUT = 0x1 + NL80211_MESHCONF_RSSI_THRESHOLD = 0x14 + NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR = 0x15 + NL80211_MESHCONF_TTL = 0x6 + NL80211_MESH_POWER_ACTIVE = 0x1 + NL80211_MESH_POWER_DEEP_SLEEP = 0x3 + NL80211_MESH_POWER_LIGHT_SLEEP = 0x2 + NL80211_MESH_POWER_MAX = 0x3 + NL80211_MESH_POWER_UNKNOWN = 0x0 + NL80211_MESH_SETUP_ATTR_MAX = 0x8 + NL80211_MESH_SETUP_AUTH_PROTOCOL = 0x8 + NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC = 0x2 + NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL = 0x1 + NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC = 0x6 + NL80211_MESH_SETUP_IE = 0x3 + NL80211_MESH_SETUP_USERSPACE_AMPE = 0x5 + NL80211_MESH_SETUP_USERSPACE_AUTH = 0x4 + NL80211_MESH_SETUP_USERSPACE_MPM = 0x7 + NL80211_MESH_SETUP_VENDOR_PATH_SEL_IE = 0x3 + NL80211_MFP_NO = 0x0 + NL80211_MFP_OPTIONAL = 0x2 + NL80211_MFP_REQUIRED = 0x1 + NL80211_MIN_REMAIN_ON_CHANNEL_TIME = 0xa + NL80211_MNTR_FLAG_ACTIVE = 0x6 + NL80211_MNTR_FLAG_CONTROL = 0x3 + NL80211_MNTR_FLAG_COOK_FRAMES = 0x5 + NL80211_MNTR_FLAG_FCSFAIL = 0x1 + NL80211_MNTR_FLAG_MAX = 0x6 + NL80211_MNTR_FLAG_OTHER_BSS = 0x4 + NL80211_MNTR_FLAG_PLCPFAIL = 0x2 + NL80211_MPATH_FLAG_ACTIVE = 0x1 + NL80211_MPATH_FLAG_FIXED = 0x8 + NL80211_MPATH_FLAG_RESOLVED = 0x10 + NL80211_MPATH_FLAG_RESOLVING = 0x2 + NL80211_MPATH_FLAG_SN_VALID = 0x4 + NL80211_MPATH_INFO_DISCOVERY_RETRIES = 0x7 + NL80211_MPATH_INFO_DISCOVERY_TIMEOUT = 0x6 + NL80211_MPATH_INFO_EXPTIME = 0x4 + NL80211_MPATH_INFO_FLAGS = 0x5 + NL80211_MPATH_INFO_FRAME_QLEN = 0x1 + NL80211_MPATH_INFO_HOP_COUNT = 0x8 + NL80211_MPATH_INFO_MAX = 0x9 + NL80211_MPATH_INFO_METRIC = 0x3 + NL80211_MPATH_INFO_PATH_CHANGE = 0x9 + NL80211_MPATH_INFO_SN = 0x2 + NL80211_MULTICAST_GROUP_CONFIG = "config" + NL80211_MULTICAST_GROUP_MLME = "mlme" + NL80211_MULTICAST_GROUP_NAN = "nan" + NL80211_MULTICAST_GROUP_REG = "regulatory" + NL80211_MULTICAST_GROUP_SCAN = "scan" + NL80211_MULTICAST_GROUP_TESTMODE = "testmode" + NL80211_MULTICAST_GROUP_VENDOR = "vendor" + NL80211_NAN_FUNC_ATTR_MAX = 0x10 + NL80211_NAN_FUNC_CLOSE_RANGE = 0x9 + NL80211_NAN_FUNC_FOLLOW_UP = 0x2 + NL80211_NAN_FUNC_FOLLOW_UP_DEST = 0x8 + NL80211_NAN_FUNC_FOLLOW_UP_ID = 0x6 + NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID = 0x7 + NL80211_NAN_FUNC_INSTANCE_ID = 0xf + NL80211_NAN_FUNC_MAX_TYPE = 0x2 + NL80211_NAN_FUNC_PUBLISH_BCAST = 0x4 + NL80211_NAN_FUNC_PUBLISH = 0x0 + NL80211_NAN_FUNC_PUBLISH_TYPE = 0x3 + NL80211_NAN_FUNC_RX_MATCH_FILTER = 0xd + NL80211_NAN_FUNC_SERVICE_ID = 0x2 + NL80211_NAN_FUNC_SERVICE_ID_LEN = 0x6 + NL80211_NAN_FUNC_SERVICE_INFO = 0xb + NL80211_NAN_FUNC_SERVICE_SPEC_INFO_MAX_LEN = 0xff + NL80211_NAN_FUNC_SRF = 0xc + NL80211_NAN_FUNC_SRF_MAX_LEN = 0xff + NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE = 0x5 + NL80211_NAN_FUNC_SUBSCRIBE = 0x1 + NL80211_NAN_FUNC_TERM_REASON = 0x10 + NL80211_NAN_FUNC_TERM_REASON_ERROR = 0x2 + NL80211_NAN_FUNC_TERM_REASON_TTL_EXPIRED = 0x1 + NL80211_NAN_FUNC_TERM_REASON_USER_REQUEST = 0x0 + NL80211_NAN_FUNC_TTL = 0xa + NL80211_NAN_FUNC_TX_MATCH_FILTER = 0xe + NL80211_NAN_FUNC_TYPE = 0x1 + NL80211_NAN_MATCH_ATTR_MAX = 0x2 + NL80211_NAN_MATCH_FUNC_LOCAL = 0x1 + NL80211_NAN_MATCH_FUNC_PEER = 0x2 + NL80211_NAN_SOLICITED_PUBLISH = 0x1 + NL80211_NAN_SRF_ATTR_MAX = 0x4 + NL80211_NAN_SRF_BF = 0x2 + NL80211_NAN_SRF_BF_IDX = 0x3 + NL80211_NAN_SRF_INCLUDE = 0x1 + NL80211_NAN_SRF_MAC_ADDRS = 0x4 + NL80211_NAN_UNSOLICITED_PUBLISH = 0x2 + NL80211_NUM_ACS = 0x4 + NL80211_P2P_PS_SUPPORTED = 0x1 + NL80211_P2P_PS_UNSUPPORTED = 0x0 + NL80211_PKTPAT_MASK = 0x1 + NL80211_PKTPAT_OFFSET = 0x3 + NL80211_PKTPAT_PATTERN = 0x2 + NL80211_PLINK_ACTION_BLOCK = 0x2 + NL80211_PLINK_ACTION_NO_ACTION = 0x0 + NL80211_PLINK_ACTION_OPEN = 0x1 + NL80211_PLINK_BLOCKED = 0x6 + NL80211_PLINK_CNF_RCVD = 0x3 + NL80211_PLINK_ESTAB = 0x4 + NL80211_PLINK_HOLDING = 0x5 + NL80211_PLINK_LISTEN = 0x0 + NL80211_PLINK_OPN_RCVD = 0x2 + NL80211_PLINK_OPN_SNT = 0x1 + NL80211_PMKSA_CANDIDATE_BSSID = 0x2 + NL80211_PMKSA_CANDIDATE_INDEX = 0x1 + NL80211_PMKSA_CANDIDATE_PREAUTH = 0x3 + NL80211_PMSR_ATTR_MAX = 0x5 + NL80211_PMSR_ATTR_MAX_PEERS = 0x1 + NL80211_PMSR_ATTR_PEERS = 0x5 + NL80211_PMSR_ATTR_RANDOMIZE_MAC_ADDR = 0x3 + NL80211_PMSR_ATTR_REPORT_AP_TSF = 0x2 + NL80211_PMSR_ATTR_TYPE_CAPA = 0x4 + NL80211_PMSR_FTM_CAPA_ATTR_ASAP = 0x1 + NL80211_PMSR_FTM_CAPA_ATTR_BANDWIDTHS = 0x6 + NL80211_PMSR_FTM_CAPA_ATTR_MAX_BURSTS_EXPONENT = 0x7 + NL80211_PMSR_FTM_CAPA_ATTR_MAX = 0xa + NL80211_PMSR_FTM_CAPA_ATTR_MAX_FTMS_PER_BURST = 0x8 + NL80211_PMSR_FTM_CAPA_ATTR_NON_ASAP = 0x2 + NL80211_PMSR_FTM_CAPA_ATTR_NON_TRIGGER_BASED = 0xa + NL80211_PMSR_FTM_CAPA_ATTR_PREAMBLES = 0x5 + NL80211_PMSR_FTM_CAPA_ATTR_REQ_CIVICLOC = 0x4 + NL80211_PMSR_FTM_CAPA_ATTR_REQ_LCI = 0x3 + NL80211_PMSR_FTM_CAPA_ATTR_TRIGGER_BASED = 0x9 + NL80211_PMSR_FTM_FAILURE_BAD_CHANGED_PARAMS = 0x7 + NL80211_PMSR_FTM_FAILURE_INVALID_TIMESTAMP = 0x5 + NL80211_PMSR_FTM_FAILURE_NO_RESPONSE = 0x1 + NL80211_PMSR_FTM_FAILURE_PEER_BUSY = 0x6 + NL80211_PMSR_FTM_FAILURE_PEER_NOT_CAPABLE = 0x4 + NL80211_PMSR_FTM_FAILURE_REJECTED = 0x2 + NL80211_PMSR_FTM_FAILURE_UNSPECIFIED = 0x0 + NL80211_PMSR_FTM_FAILURE_WRONG_CHANNEL = 0x3 + NL80211_PMSR_FTM_REQ_ATTR_ASAP = 0x1 + NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION = 0x5 + NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD = 0x4 + NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST = 0x6 + NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK = 0xc + NL80211_PMSR_FTM_REQ_ATTR_MAX = 0xd + NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED = 0xb + NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP = 0x3 + NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES = 0x7 + NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE = 0x2 + NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC = 0x9 + NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI = 0x8 + NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED = 0xa + NL80211_PMSR_FTM_RESP_ATTR_BURST_DURATION = 0x7 + NL80211_PMSR_FTM_RESP_ATTR_BURST_INDEX = 0x2 + NL80211_PMSR_FTM_RESP_ATTR_BUSY_RETRY_TIME = 0x5 + NL80211_PMSR_FTM_RESP_ATTR_CIVICLOC = 0x14 + NL80211_PMSR_FTM_RESP_ATTR_DIST_AVG = 0x10 + NL80211_PMSR_FTM_RESP_ATTR_DIST_SPREAD = 0x12 + NL80211_PMSR_FTM_RESP_ATTR_DIST_VARIANCE = 0x11 + NL80211_PMSR_FTM_RESP_ATTR_FAIL_REASON = 0x1 + NL80211_PMSR_FTM_RESP_ATTR_FTMS_PER_BURST = 0x8 + NL80211_PMSR_FTM_RESP_ATTR_LCI = 0x13 + NL80211_PMSR_FTM_RESP_ATTR_MAX = 0x15 + NL80211_PMSR_FTM_RESP_ATTR_NUM_BURSTS_EXP = 0x6 + NL80211_PMSR_FTM_RESP_ATTR_NUM_FTMR_ATTEMPTS = 0x3 + NL80211_PMSR_FTM_RESP_ATTR_NUM_FTMR_SUCCESSES = 0x4 + NL80211_PMSR_FTM_RESP_ATTR_PAD = 0x15 + NL80211_PMSR_FTM_RESP_ATTR_RSSI_AVG = 0x9 + NL80211_PMSR_FTM_RESP_ATTR_RSSI_SPREAD = 0xa + NL80211_PMSR_FTM_RESP_ATTR_RTT_AVG = 0xd + NL80211_PMSR_FTM_RESP_ATTR_RTT_SPREAD = 0xf + NL80211_PMSR_FTM_RESP_ATTR_RTT_VARIANCE = 0xe + NL80211_PMSR_FTM_RESP_ATTR_RX_RATE = 0xc + NL80211_PMSR_FTM_RESP_ATTR_TX_RATE = 0xb + NL80211_PMSR_PEER_ATTR_ADDR = 0x1 + NL80211_PMSR_PEER_ATTR_CHAN = 0x2 + NL80211_PMSR_PEER_ATTR_MAX = 0x4 + NL80211_PMSR_PEER_ATTR_REQ = 0x3 + NL80211_PMSR_PEER_ATTR_RESP = 0x4 + NL80211_PMSR_REQ_ATTR_DATA = 0x1 + NL80211_PMSR_REQ_ATTR_GET_AP_TSF = 0x2 + NL80211_PMSR_REQ_ATTR_MAX = 0x2 + NL80211_PMSR_RESP_ATTR_AP_TSF = 0x4 + NL80211_PMSR_RESP_ATTR_DATA = 0x1 + NL80211_PMSR_RESP_ATTR_FINAL = 0x5 + NL80211_PMSR_RESP_ATTR_HOST_TIME = 0x3 + NL80211_PMSR_RESP_ATTR_MAX = 0x6 + NL80211_PMSR_RESP_ATTR_PAD = 0x6 + NL80211_PMSR_RESP_ATTR_STATUS = 0x2 + NL80211_PMSR_STATUS_FAILURE = 0x3 + NL80211_PMSR_STATUS_REFUSED = 0x1 + NL80211_PMSR_STATUS_SUCCESS = 0x0 + NL80211_PMSR_STATUS_TIMEOUT = 0x2 + NL80211_PMSR_TYPE_FTM = 0x1 + NL80211_PMSR_TYPE_INVALID = 0x0 + NL80211_PMSR_TYPE_MAX = 0x1 + NL80211_PREAMBLE_DMG = 0x3 + NL80211_PREAMBLE_HE = 0x4 + NL80211_PREAMBLE_HT = 0x1 + NL80211_PREAMBLE_LEGACY = 0x0 + NL80211_PREAMBLE_VHT = 0x2 + NL80211_PROBE_RESP_OFFLOAD_SUPPORT_80211U = 0x8 + NL80211_PROBE_RESP_OFFLOAD_SUPPORT_P2P = 0x4 + NL80211_PROBE_RESP_OFFLOAD_SUPPORT_WPS2 = 0x2 + NL80211_PROBE_RESP_OFFLOAD_SUPPORT_WPS = 0x1 + NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP = 0x1 + NL80211_PS_DISABLED = 0x0 + NL80211_PS_ENABLED = 0x1 + NL80211_RADAR_CAC_ABORTED = 0x2 + NL80211_RADAR_CAC_FINISHED = 0x1 + NL80211_RADAR_CAC_STARTED = 0x5 + NL80211_RADAR_DETECTED = 0x0 + NL80211_RADAR_NOP_FINISHED = 0x3 + NL80211_RADAR_PRE_CAC_EXPIRED = 0x4 + NL80211_RATE_INFO_10_MHZ_WIDTH = 0xb + NL80211_RATE_INFO_160_MHZ_WIDTH = 0xa + NL80211_RATE_INFO_40_MHZ_WIDTH = 0x3 + NL80211_RATE_INFO_5_MHZ_WIDTH = 0xc + NL80211_RATE_INFO_80_MHZ_WIDTH = 0x8 + NL80211_RATE_INFO_80P80_MHZ_WIDTH = 0x9 + NL80211_RATE_INFO_BITRATE32 = 0x5 + NL80211_RATE_INFO_BITRATE = 0x1 + NL80211_RATE_INFO_HE_1XLTF = 0x0 + NL80211_RATE_INFO_HE_2XLTF = 0x1 + NL80211_RATE_INFO_HE_4XLTF = 0x2 + NL80211_RATE_INFO_HE_DCM = 0x10 + NL80211_RATE_INFO_HE_GI_0_8 = 0x0 + NL80211_RATE_INFO_HE_GI_1_6 = 0x1 + NL80211_RATE_INFO_HE_GI_3_2 = 0x2 + NL80211_RATE_INFO_HE_GI = 0xf + NL80211_RATE_INFO_HE_MCS = 0xd + NL80211_RATE_INFO_HE_NSS = 0xe + NL80211_RATE_INFO_HE_RU_ALLOC_106 = 0x2 + NL80211_RATE_INFO_HE_RU_ALLOC_242 = 0x3 + NL80211_RATE_INFO_HE_RU_ALLOC_26 = 0x0 + NL80211_RATE_INFO_HE_RU_ALLOC_2x996 = 0x6 + NL80211_RATE_INFO_HE_RU_ALLOC_484 = 0x4 + NL80211_RATE_INFO_HE_RU_ALLOC_52 = 0x1 + NL80211_RATE_INFO_HE_RU_ALLOC_996 = 0x5 + NL80211_RATE_INFO_HE_RU_ALLOC = 0x11 + NL80211_RATE_INFO_MAX = 0x11 + NL80211_RATE_INFO_MCS = 0x2 + NL80211_RATE_INFO_SHORT_GI = 0x4 + NL80211_RATE_INFO_VHT_MCS = 0x6 + NL80211_RATE_INFO_VHT_NSS = 0x7 + NL80211_REGDOM_SET_BY_CORE = 0x0 + NL80211_REGDOM_SET_BY_COUNTRY_IE = 0x3 + NL80211_REGDOM_SET_BY_DRIVER = 0x2 + NL80211_REGDOM_SET_BY_USER = 0x1 + NL80211_REGDOM_TYPE_COUNTRY = 0x0 + NL80211_REGDOM_TYPE_CUSTOM_WORLD = 0x2 + NL80211_REGDOM_TYPE_INTERSECTION = 0x3 + NL80211_REGDOM_TYPE_WORLD = 0x1 + NL80211_REG_RULE_ATTR_MAX = 0x7 + NL80211_REKEY_DATA_AKM = 0x4 + NL80211_REKEY_DATA_KCK = 0x2 + NL80211_REKEY_DATA_KEK = 0x1 + NL80211_REKEY_DATA_REPLAY_CTR = 0x3 + NL80211_REPLAY_CTR_LEN = 0x8 + NL80211_RRF_AUTO_BW = 0x800 + NL80211_RRF_DFS = 0x10 + NL80211_RRF_GO_CONCURRENT = 0x1000 + NL80211_RRF_IR_CONCURRENT = 0x1000 + NL80211_RRF_NO_160MHZ = 0x10000 + NL80211_RRF_NO_80MHZ = 0x8000 + NL80211_RRF_NO_CCK = 0x2 + NL80211_RRF_NO_HE = 0x20000 + NL80211_RRF_NO_HT40 = 0x6000 + NL80211_RRF_NO_HT40MINUS = 0x2000 + NL80211_RRF_NO_HT40PLUS = 0x4000 + NL80211_RRF_NO_IBSS = 0x80 + NL80211_RRF_NO_INDOOR = 0x4 + NL80211_RRF_NO_IR_ALL = 0x180 + NL80211_RRF_NO_IR = 0x80 + NL80211_RRF_NO_OFDM = 0x1 + NL80211_RRF_NO_OUTDOOR = 0x8 + NL80211_RRF_PASSIVE_SCAN = 0x80 + NL80211_RRF_PTMP_ONLY = 0x40 + NL80211_RRF_PTP_ONLY = 0x20 + NL80211_RXMGMT_FLAG_ANSWERED = 0x1 + NL80211_RXMGMT_FLAG_EXTERNAL_AUTH = 0x2 + NL80211_SAE_PWE_BOTH = 0x3 + NL80211_SAE_PWE_HASH_TO_ELEMENT = 0x2 + NL80211_SAE_PWE_HUNT_AND_PECK = 0x1 + NL80211_SAE_PWE_UNSPECIFIED = 0x0 + NL80211_SAR_ATTR_MAX = 0x2 + NL80211_SAR_ATTR_SPECS = 0x2 + NL80211_SAR_ATTR_SPECS_END_FREQ = 0x4 + NL80211_SAR_ATTR_SPECS_MAX = 0x4 + NL80211_SAR_ATTR_SPECS_POWER = 0x1 + NL80211_SAR_ATTR_SPECS_RANGE_INDEX = 0x2 + NL80211_SAR_ATTR_SPECS_START_FREQ = 0x3 + NL80211_SAR_ATTR_TYPE = 0x1 + NL80211_SAR_TYPE_POWER = 0x0 + NL80211_SCAN_FLAG_ACCEPT_BCAST_PROBE_RESP = 0x20 + NL80211_SCAN_FLAG_AP = 0x4 + NL80211_SCAN_FLAG_COLOCATED_6GHZ = 0x4000 + NL80211_SCAN_FLAG_FILS_MAX_CHANNEL_TIME = 0x10 + NL80211_SCAN_FLAG_FLUSH = 0x2 + NL80211_SCAN_FLAG_FREQ_KHZ = 0x2000 + NL80211_SCAN_FLAG_HIGH_ACCURACY = 0x400 + NL80211_SCAN_FLAG_LOW_POWER = 0x200 + NL80211_SCAN_FLAG_LOW_PRIORITY = 0x1 + NL80211_SCAN_FLAG_LOW_SPAN = 0x100 + NL80211_SCAN_FLAG_MIN_PREQ_CONTENT = 0x1000 + NL80211_SCAN_FLAG_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION = 0x80 + NL80211_SCAN_FLAG_OCE_PROBE_REQ_HIGH_TX_RATE = 0x40 + NL80211_SCAN_FLAG_RANDOM_ADDR = 0x8 + NL80211_SCAN_FLAG_RANDOM_SN = 0x800 + NL80211_SCAN_RSSI_THOLD_OFF = -0x12c + NL80211_SCHED_SCAN_MATCH_ATTR_BSSID = 0x5 + NL80211_SCHED_SCAN_MATCH_ATTR_MAX = 0x6 + NL80211_SCHED_SCAN_MATCH_ATTR_RELATIVE_RSSI = 0x3 + NL80211_SCHED_SCAN_MATCH_ATTR_RSSI_ADJUST = 0x4 + NL80211_SCHED_SCAN_MATCH_ATTR_RSSI = 0x2 + NL80211_SCHED_SCAN_MATCH_ATTR_SSID = 0x1 + NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI = 0x6 + NL80211_SCHED_SCAN_PLAN_INTERVAL = 0x1 + NL80211_SCHED_SCAN_PLAN_ITERATIONS = 0x2 + NL80211_SCHED_SCAN_PLAN_MAX = 0x2 + NL80211_SMPS_DYNAMIC = 0x2 + NL80211_SMPS_MAX = 0x2 + NL80211_SMPS_OFF = 0x0 + NL80211_SMPS_STATIC = 0x1 + NL80211_STA_BSS_PARAM_BEACON_INTERVAL = 0x5 + NL80211_STA_BSS_PARAM_CTS_PROT = 0x1 + NL80211_STA_BSS_PARAM_DTIM_PERIOD = 0x4 + NL80211_STA_BSS_PARAM_MAX = 0x5 + NL80211_STA_BSS_PARAM_SHORT_PREAMBLE = 0x2 + NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME = 0x3 + NL80211_STA_FLAG_ASSOCIATED = 0x7 + NL80211_STA_FLAG_AUTHENTICATED = 0x5 + NL80211_STA_FLAG_AUTHORIZED = 0x1 + NL80211_STA_FLAG_MAX = 0x7 + NL80211_STA_FLAG_MAX_OLD_API = 0x6 + NL80211_STA_FLAG_MFP = 0x4 + NL80211_STA_FLAG_SHORT_PREAMBLE = 0x2 + NL80211_STA_FLAG_TDLS_PEER = 0x6 + NL80211_STA_FLAG_WME = 0x3 + NL80211_STA_INFO_ACK_SIGNAL_AVG = 0x23 + NL80211_STA_INFO_ACK_SIGNAL = 0x22 + NL80211_STA_INFO_AIRTIME_LINK_METRIC = 0x29 + NL80211_STA_INFO_AIRTIME_WEIGHT = 0x28 + NL80211_STA_INFO_ASSOC_AT_BOOTTIME = 0x2a + NL80211_STA_INFO_BEACON_LOSS = 0x12 + NL80211_STA_INFO_BEACON_RX = 0x1d + NL80211_STA_INFO_BEACON_SIGNAL_AVG = 0x1e + NL80211_STA_INFO_BSS_PARAM = 0xf + NL80211_STA_INFO_CHAIN_SIGNAL_AVG = 0x1a + NL80211_STA_INFO_CHAIN_SIGNAL = 0x19 + NL80211_STA_INFO_CONNECTED_TIME = 0x10 + NL80211_STA_INFO_CONNECTED_TO_AS = 0x2b + NL80211_STA_INFO_CONNECTED_TO_GATE = 0x26 + NL80211_STA_INFO_DATA_ACK_SIGNAL_AVG = 0x23 + NL80211_STA_INFO_EXPECTED_THROUGHPUT = 0x1b + NL80211_STA_INFO_FCS_ERROR_COUNT = 0x25 + NL80211_STA_INFO_INACTIVE_TIME = 0x1 + NL80211_STA_INFO_LLID = 0x4 + NL80211_STA_INFO_LOCAL_PM = 0x14 + NL80211_STA_INFO_MAX = 0x2b + NL80211_STA_INFO_NONPEER_PM = 0x16 + NL80211_STA_INFO_PAD = 0x21 + NL80211_STA_INFO_PEER_PM = 0x15 + NL80211_STA_INFO_PLID = 0x5 + NL80211_STA_INFO_PLINK_STATE = 0x6 + NL80211_STA_INFO_RX_BITRATE = 0xe + NL80211_STA_INFO_RX_BYTES64 = 0x17 + NL80211_STA_INFO_RX_BYTES = 0x2 + NL80211_STA_INFO_RX_DROP_MISC = 0x1c + NL80211_STA_INFO_RX_DURATION = 0x20 + NL80211_STA_INFO_RX_MPDUS = 0x24 + NL80211_STA_INFO_RX_PACKETS = 0x9 + NL80211_STA_INFO_SIGNAL_AVG = 0xd + NL80211_STA_INFO_SIGNAL = 0x7 + NL80211_STA_INFO_STA_FLAGS = 0x11 + NL80211_STA_INFO_TID_STATS = 0x1f + NL80211_STA_INFO_T_OFFSET = 0x13 + NL80211_STA_INFO_TX_BITRATE = 0x8 + NL80211_STA_INFO_TX_BYTES64 = 0x18 + NL80211_STA_INFO_TX_BYTES = 0x3 + NL80211_STA_INFO_TX_DURATION = 0x27 + NL80211_STA_INFO_TX_FAILED = 0xc + NL80211_STA_INFO_TX_PACKETS = 0xa + NL80211_STA_INFO_TX_RETRIES = 0xb + NL80211_STA_WME_MAX = 0x2 + NL80211_STA_WME_MAX_SP = 0x2 + NL80211_STA_WME_UAPSD_QUEUES = 0x1 + NL80211_SURVEY_INFO_CHANNEL_TIME_BUSY = 0x5 + NL80211_SURVEY_INFO_CHANNEL_TIME = 0x4 + NL80211_SURVEY_INFO_CHANNEL_TIME_EXT_BUSY = 0x6 + NL80211_SURVEY_INFO_CHANNEL_TIME_RX = 0x7 + NL80211_SURVEY_INFO_CHANNEL_TIME_TX = 0x8 + NL80211_SURVEY_INFO_FREQUENCY = 0x1 + NL80211_SURVEY_INFO_FREQUENCY_OFFSET = 0xc + NL80211_SURVEY_INFO_IN_USE = 0x3 + NL80211_SURVEY_INFO_MAX = 0xc + NL80211_SURVEY_INFO_NOISE = 0x2 + NL80211_SURVEY_INFO_PAD = 0xa + NL80211_SURVEY_INFO_TIME_BSS_RX = 0xb + NL80211_SURVEY_INFO_TIME_BUSY = 0x5 + NL80211_SURVEY_INFO_TIME = 0x4 + NL80211_SURVEY_INFO_TIME_EXT_BUSY = 0x6 + NL80211_SURVEY_INFO_TIME_RX = 0x7 + NL80211_SURVEY_INFO_TIME_SCAN = 0x9 + NL80211_SURVEY_INFO_TIME_TX = 0x8 + NL80211_TDLS_DISABLE_LINK = 0x4 + NL80211_TDLS_DISCOVERY_REQ = 0x0 + NL80211_TDLS_ENABLE_LINK = 0x3 + NL80211_TDLS_PEER_HE = 0x8 + NL80211_TDLS_PEER_HT = 0x1 + NL80211_TDLS_PEER_VHT = 0x2 + NL80211_TDLS_PEER_WMM = 0x4 + NL80211_TDLS_SETUP = 0x1 + NL80211_TDLS_TEARDOWN = 0x2 + NL80211_TID_CONFIG_ATTR_AMPDU_CTRL = 0x9 + NL80211_TID_CONFIG_ATTR_AMSDU_CTRL = 0xb + NL80211_TID_CONFIG_ATTR_MAX = 0xd + NL80211_TID_CONFIG_ATTR_NOACK = 0x6 + NL80211_TID_CONFIG_ATTR_OVERRIDE = 0x4 + NL80211_TID_CONFIG_ATTR_PAD = 0x1 + NL80211_TID_CONFIG_ATTR_PEER_SUPP = 0x3 + NL80211_TID_CONFIG_ATTR_RETRY_LONG = 0x8 + NL80211_TID_CONFIG_ATTR_RETRY_SHORT = 0x7 + NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL = 0xa + NL80211_TID_CONFIG_ATTR_TIDS = 0x5 + NL80211_TID_CONFIG_ATTR_TX_RATE = 0xd + NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE = 0xc + NL80211_TID_CONFIG_ATTR_VIF_SUPP = 0x2 + NL80211_TID_CONFIG_DISABLE = 0x1 + NL80211_TID_CONFIG_ENABLE = 0x0 + NL80211_TID_STATS_MAX = 0x6 + NL80211_TID_STATS_PAD = 0x5 + NL80211_TID_STATS_RX_MSDU = 0x1 + NL80211_TID_STATS_TX_MSDU = 0x2 + NL80211_TID_STATS_TX_MSDU_FAILED = 0x4 + NL80211_TID_STATS_TX_MSDU_RETRIES = 0x3 + NL80211_TID_STATS_TXQ_STATS = 0x6 + NL80211_TIMEOUT_ASSOC = 0x3 + NL80211_TIMEOUT_AUTH = 0x2 + NL80211_TIMEOUT_SCAN = 0x1 + NL80211_TIMEOUT_UNSPECIFIED = 0x0 + NL80211_TKIP_DATA_OFFSET_ENCR_KEY = 0x0 + NL80211_TKIP_DATA_OFFSET_RX_MIC_KEY = 0x18 + NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY = 0x10 + NL80211_TX_POWER_AUTOMATIC = 0x0 + NL80211_TX_POWER_FIXED = 0x2 + NL80211_TX_POWER_LIMITED = 0x1 + NL80211_TXQ_ATTR_AC = 0x1 + NL80211_TXQ_ATTR_AIFS = 0x5 + NL80211_TXQ_ATTR_CWMAX = 0x4 + NL80211_TXQ_ATTR_CWMIN = 0x3 + NL80211_TXQ_ATTR_MAX = 0x5 + NL80211_TXQ_ATTR_QUEUE = 0x1 + NL80211_TXQ_ATTR_TXOP = 0x2 + NL80211_TXQ_Q_BE = 0x2 + NL80211_TXQ_Q_BK = 0x3 + NL80211_TXQ_Q_VI = 0x1 + NL80211_TXQ_Q_VO = 0x0 + NL80211_TXQ_STATS_BACKLOG_BYTES = 0x1 + NL80211_TXQ_STATS_BACKLOG_PACKETS = 0x2 + NL80211_TXQ_STATS_COLLISIONS = 0x8 + NL80211_TXQ_STATS_DROPS = 0x4 + NL80211_TXQ_STATS_ECN_MARKS = 0x5 + NL80211_TXQ_STATS_FLOWS = 0x3 + NL80211_TXQ_STATS_MAX = 0xb + NL80211_TXQ_STATS_MAX_FLOWS = 0xb + NL80211_TXQ_STATS_OVERLIMIT = 0x6 + NL80211_TXQ_STATS_OVERMEMORY = 0x7 + NL80211_TXQ_STATS_TX_BYTES = 0x9 + NL80211_TXQ_STATS_TX_PACKETS = 0xa + NL80211_TX_RATE_AUTOMATIC = 0x0 + NL80211_TXRATE_DEFAULT_GI = 0x0 + NL80211_TX_RATE_FIXED = 0x2 + NL80211_TXRATE_FORCE_LGI = 0x2 + NL80211_TXRATE_FORCE_SGI = 0x1 + NL80211_TXRATE_GI = 0x4 + NL80211_TXRATE_HE = 0x5 + NL80211_TXRATE_HE_GI = 0x6 + NL80211_TXRATE_HE_LTF = 0x7 + NL80211_TXRATE_HT = 0x2 + NL80211_TXRATE_LEGACY = 0x1 + NL80211_TX_RATE_LIMITED = 0x1 + NL80211_TXRATE_MAX = 0x7 + NL80211_TXRATE_MCS = 0x2 + NL80211_TXRATE_VHT = 0x3 + NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_INT = 0x1 + NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_MAX = 0x2 + NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL = 0x2 + NL80211_USER_REG_HINT_CELL_BASE = 0x1 + NL80211_USER_REG_HINT_INDOOR = 0x2 + NL80211_USER_REG_HINT_USER = 0x0 + NL80211_VENDOR_ID_IS_LINUX = 0x80000000 + NL80211_VHT_CAPABILITY_LEN = 0xc + NL80211_VHT_NSS_MAX = 0x8 + NL80211_WIPHY_NAME_MAXLEN = 0x40 + NL80211_WMMR_AIFSN = 0x3 + NL80211_WMMR_CW_MAX = 0x2 + NL80211_WMMR_CW_MIN = 0x1 + NL80211_WMMR_MAX = 0x4 + NL80211_WMMR_TXOP = 0x4 + NL80211_WOWLAN_PKTPAT_MASK = 0x1 + NL80211_WOWLAN_PKTPAT_OFFSET = 0x3 + NL80211_WOWLAN_PKTPAT_PATTERN = 0x2 + NL80211_WOWLAN_TCP_DATA_INTERVAL = 0x9 + NL80211_WOWLAN_TCP_DATA_PAYLOAD = 0x6 + NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ = 0x7 + NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN = 0x8 + NL80211_WOWLAN_TCP_DST_IPV4 = 0x2 + NL80211_WOWLAN_TCP_DST_MAC = 0x3 + NL80211_WOWLAN_TCP_DST_PORT = 0x5 + NL80211_WOWLAN_TCP_SRC_IPV4 = 0x1 + NL80211_WOWLAN_TCP_SRC_PORT = 0x4 + NL80211_WOWLAN_TCP_WAKE_MASK = 0xb + NL80211_WOWLAN_TCP_WAKE_PAYLOAD = 0xa + NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE = 0x8 + NL80211_WOWLAN_TRIG_ANY = 0x1 + NL80211_WOWLAN_TRIG_DISCONNECT = 0x2 + NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST = 0x7 + NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE = 0x6 + NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED = 0x5 + NL80211_WOWLAN_TRIG_MAGIC_PKT = 0x3 + NL80211_WOWLAN_TRIG_NET_DETECT = 0x12 + NL80211_WOWLAN_TRIG_NET_DETECT_RESULTS = 0x13 + NL80211_WOWLAN_TRIG_PKT_PATTERN = 0x4 + NL80211_WOWLAN_TRIG_RFKILL_RELEASE = 0x9 + NL80211_WOWLAN_TRIG_TCP_CONNECTION = 0xe + NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211 = 0xa + NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211_LEN = 0xb + NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023 = 0xc + NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023_LEN = 0xd + NL80211_WOWLAN_TRIG_WAKEUP_TCP_CONNLOST = 0x10 + NL80211_WOWLAN_TRIG_WAKEUP_TCP_MATCH = 0xf + NL80211_WOWLAN_TRIG_WAKEUP_TCP_NOMORETOKENS = 0x11 + NL80211_WPA_VERSION_1 = 0x1 + NL80211_WPA_VERSION_2 = 0x2 + NL80211_WPA_VERSION_3 = 0x4 +) diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go b/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go index 6358806106f..c426c35763a 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go @@ -210,8 +210,8 @@ type PtraceFpregs struct { } type PtracePer struct { - _ [0]uint64 - _ [32]byte + Control_regs [3]uint64 + _ [8]byte Starting_addr uint64 Ending_addr uint64 Perc_atmid uint16 diff --git a/vendor/golang.org/x/sys/windows/exec_windows.go b/vendor/golang.org/x/sys/windows/exec_windows.go index 7a11e83b7ec..855698bb282 100644 --- a/vendor/golang.org/x/sys/windows/exec_windows.go +++ b/vendor/golang.org/x/sys/windows/exec_windows.go @@ -9,8 +9,6 @@ package windows import ( errorspkg "errors" "unsafe" - - "golang.org/x/sys/internal/unsafeheader" ) // EscapeArg rewrites command line argument s as prescribed @@ -147,8 +145,12 @@ func NewProcThreadAttributeList(maxAttrCount uint32) (*ProcThreadAttributeListCo } return nil, err } + alloc, err := LocalAlloc(LMEM_FIXED, uint32(size)) + if err != nil { + return nil, err + } // size is guaranteed to be ≥1 by InitializeProcThreadAttributeList. - al := &ProcThreadAttributeListContainer{data: (*ProcThreadAttributeList)(unsafe.Pointer(&make([]byte, size)[0]))} + al := &ProcThreadAttributeListContainer{data: (*ProcThreadAttributeList)(unsafe.Pointer(alloc))} err = initializeProcThreadAttributeList(al.data, maxAttrCount, 0, &size) if err != nil { return nil, err @@ -157,36 +159,17 @@ func NewProcThreadAttributeList(maxAttrCount uint32) (*ProcThreadAttributeListCo } // Update modifies the ProcThreadAttributeList using UpdateProcThreadAttribute. -// Note that the value passed to this function will be copied into memory -// allocated by LocalAlloc, the contents of which should not contain any -// Go-managed pointers, even if the passed value itself is a Go-managed -// pointer. func (al *ProcThreadAttributeListContainer) Update(attribute uintptr, value unsafe.Pointer, size uintptr) error { - alloc, err := LocalAlloc(LMEM_FIXED, uint32(size)) - if err != nil { - return err - } - var src, dst []byte - hdr := (*unsafeheader.Slice)(unsafe.Pointer(&src)) - hdr.Data = value - hdr.Cap = int(size) - hdr.Len = int(size) - hdr = (*unsafeheader.Slice)(unsafe.Pointer(&dst)) - hdr.Data = unsafe.Pointer(alloc) - hdr.Cap = int(size) - hdr.Len = int(size) - copy(dst, src) - al.heapAllocations = append(al.heapAllocations, alloc) - return updateProcThreadAttribute(al.data, 0, attribute, unsafe.Pointer(alloc), size, nil, nil) + al.pointers = append(al.pointers, value) + return updateProcThreadAttribute(al.data, 0, attribute, value, size, nil, nil) } // Delete frees ProcThreadAttributeList's resources. func (al *ProcThreadAttributeListContainer) Delete() { deleteProcThreadAttributeList(al.data) - for i := range al.heapAllocations { - LocalFree(Handle(al.heapAllocations[i])) - } - al.heapAllocations = nil + LocalFree(Handle(unsafe.Pointer(al.data))) + al.data = nil + al.pointers = nil } // List returns the actual ProcThreadAttributeList to be passed to StartupInfoEx. diff --git a/vendor/golang.org/x/sys/windows/mksyscall.go b/vendor/golang.org/x/sys/windows/mksyscall.go index 6102910989b..8563f79c57f 100644 --- a/vendor/golang.org/x/sys/windows/mksyscall.go +++ b/vendor/golang.org/x/sys/windows/mksyscall.go @@ -7,4 +7,4 @@ package windows -//go:generate go run golang.org/x/sys/windows/mkwinsyscall -output zsyscall_windows.go eventlog.go service.go syscall_windows.go security_windows.go +//go:generate go run golang.org/x/sys/windows/mkwinsyscall -output zsyscall_windows.go eventlog.go service.go syscall_windows.go security_windows.go setupapi_windows.go diff --git a/vendor/golang.org/x/sys/windows/setupapi_windows.go b/vendor/golang.org/x/sys/windows/setupapi_windows.go new file mode 100644 index 00000000000..14027da3f3f --- /dev/null +++ b/vendor/golang.org/x/sys/windows/setupapi_windows.go @@ -0,0 +1,1425 @@ +// Copyright 2021 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package windows + +import ( + "encoding/binary" + "errors" + "fmt" + "runtime" + "strings" + "syscall" + "unsafe" +) + +// This file contains functions that wrap SetupAPI.dll and CfgMgr32.dll, +// core system functions for managing hardware devices, drivers, and the PnP tree. +// Information about these APIs can be found at: +// https://docs.microsoft.com/en-us/windows-hardware/drivers/install/setupapi +// https://docs.microsoft.com/en-us/windows/win32/devinst/cfgmgr32- + +const ( + ERROR_EXPECTED_SECTION_NAME Errno = 0x20000000 | 0xC0000000 | 0 + ERROR_BAD_SECTION_NAME_LINE Errno = 0x20000000 | 0xC0000000 | 1 + ERROR_SECTION_NAME_TOO_LONG Errno = 0x20000000 | 0xC0000000 | 2 + ERROR_GENERAL_SYNTAX Errno = 0x20000000 | 0xC0000000 | 3 + ERROR_WRONG_INF_STYLE Errno = 0x20000000 | 0xC0000000 | 0x100 + ERROR_SECTION_NOT_FOUND Errno = 0x20000000 | 0xC0000000 | 0x101 + ERROR_LINE_NOT_FOUND Errno = 0x20000000 | 0xC0000000 | 0x102 + ERROR_NO_BACKUP Errno = 0x20000000 | 0xC0000000 | 0x103 + ERROR_NO_ASSOCIATED_CLASS Errno = 0x20000000 | 0xC0000000 | 0x200 + ERROR_CLASS_MISMATCH Errno = 0x20000000 | 0xC0000000 | 0x201 + ERROR_DUPLICATE_FOUND Errno = 0x20000000 | 0xC0000000 | 0x202 + ERROR_NO_DRIVER_SELECTED Errno = 0x20000000 | 0xC0000000 | 0x203 + ERROR_KEY_DOES_NOT_EXIST Errno = 0x20000000 | 0xC0000000 | 0x204 + ERROR_INVALID_DEVINST_NAME Errno = 0x20000000 | 0xC0000000 | 0x205 + ERROR_INVALID_CLASS Errno = 0x20000000 | 0xC0000000 | 0x206 + ERROR_DEVINST_ALREADY_EXISTS Errno = 0x20000000 | 0xC0000000 | 0x207 + ERROR_DEVINFO_NOT_REGISTERED Errno = 0x20000000 | 0xC0000000 | 0x208 + ERROR_INVALID_REG_PROPERTY Errno = 0x20000000 | 0xC0000000 | 0x209 + ERROR_NO_INF Errno = 0x20000000 | 0xC0000000 | 0x20A + ERROR_NO_SUCH_DEVINST Errno = 0x20000000 | 0xC0000000 | 0x20B + ERROR_CANT_LOAD_CLASS_ICON Errno = 0x20000000 | 0xC0000000 | 0x20C + ERROR_INVALID_CLASS_INSTALLER Errno = 0x20000000 | 0xC0000000 | 0x20D + ERROR_DI_DO_DEFAULT Errno = 0x20000000 | 0xC0000000 | 0x20E + ERROR_DI_NOFILECOPY Errno = 0x20000000 | 0xC0000000 | 0x20F + ERROR_INVALID_HWPROFILE Errno = 0x20000000 | 0xC0000000 | 0x210 + ERROR_NO_DEVICE_SELECTED Errno = 0x20000000 | 0xC0000000 | 0x211 + ERROR_DEVINFO_LIST_LOCKED Errno = 0x20000000 | 0xC0000000 | 0x212 + ERROR_DEVINFO_DATA_LOCKED Errno = 0x20000000 | 0xC0000000 | 0x213 + ERROR_DI_BAD_PATH Errno = 0x20000000 | 0xC0000000 | 0x214 + ERROR_NO_CLASSINSTALL_PARAMS Errno = 0x20000000 | 0xC0000000 | 0x215 + ERROR_FILEQUEUE_LOCKED Errno = 0x20000000 | 0xC0000000 | 0x216 + ERROR_BAD_SERVICE_INSTALLSECT Errno = 0x20000000 | 0xC0000000 | 0x217 + ERROR_NO_CLASS_DRIVER_LIST Errno = 0x20000000 | 0xC0000000 | 0x218 + ERROR_NO_ASSOCIATED_SERVICE Errno = 0x20000000 | 0xC0000000 | 0x219 + ERROR_NO_DEFAULT_DEVICE_INTERFACE Errno = 0x20000000 | 0xC0000000 | 0x21A + ERROR_DEVICE_INTERFACE_ACTIVE Errno = 0x20000000 | 0xC0000000 | 0x21B + ERROR_DEVICE_INTERFACE_REMOVED Errno = 0x20000000 | 0xC0000000 | 0x21C + ERROR_BAD_INTERFACE_INSTALLSECT Errno = 0x20000000 | 0xC0000000 | 0x21D + ERROR_NO_SUCH_INTERFACE_CLASS Errno = 0x20000000 | 0xC0000000 | 0x21E + ERROR_INVALID_REFERENCE_STRING Errno = 0x20000000 | 0xC0000000 | 0x21F + ERROR_INVALID_MACHINENAME Errno = 0x20000000 | 0xC0000000 | 0x220 + ERROR_REMOTE_COMM_FAILURE Errno = 0x20000000 | 0xC0000000 | 0x221 + ERROR_MACHINE_UNAVAILABLE Errno = 0x20000000 | 0xC0000000 | 0x222 + ERROR_NO_CONFIGMGR_SERVICES Errno = 0x20000000 | 0xC0000000 | 0x223 + ERROR_INVALID_PROPPAGE_PROVIDER Errno = 0x20000000 | 0xC0000000 | 0x224 + ERROR_NO_SUCH_DEVICE_INTERFACE Errno = 0x20000000 | 0xC0000000 | 0x225 + ERROR_DI_POSTPROCESSING_REQUIRED Errno = 0x20000000 | 0xC0000000 | 0x226 + ERROR_INVALID_COINSTALLER Errno = 0x20000000 | 0xC0000000 | 0x227 + ERROR_NO_COMPAT_DRIVERS Errno = 0x20000000 | 0xC0000000 | 0x228 + ERROR_NO_DEVICE_ICON Errno = 0x20000000 | 0xC0000000 | 0x229 + ERROR_INVALID_INF_LOGCONFIG Errno = 0x20000000 | 0xC0000000 | 0x22A + ERROR_DI_DONT_INSTALL Errno = 0x20000000 | 0xC0000000 | 0x22B + ERROR_INVALID_FILTER_DRIVER Errno = 0x20000000 | 0xC0000000 | 0x22C + ERROR_NON_WINDOWS_NT_DRIVER Errno = 0x20000000 | 0xC0000000 | 0x22D + ERROR_NON_WINDOWS_DRIVER Errno = 0x20000000 | 0xC0000000 | 0x22E + ERROR_NO_CATALOG_FOR_OEM_INF Errno = 0x20000000 | 0xC0000000 | 0x22F + ERROR_DEVINSTALL_QUEUE_NONNATIVE Errno = 0x20000000 | 0xC0000000 | 0x230 + ERROR_NOT_DISABLEABLE Errno = 0x20000000 | 0xC0000000 | 0x231 + ERROR_CANT_REMOVE_DEVINST Errno = 0x20000000 | 0xC0000000 | 0x232 + ERROR_INVALID_TARGET Errno = 0x20000000 | 0xC0000000 | 0x233 + ERROR_DRIVER_NONNATIVE Errno = 0x20000000 | 0xC0000000 | 0x234 + ERROR_IN_WOW64 Errno = 0x20000000 | 0xC0000000 | 0x235 + ERROR_SET_SYSTEM_RESTORE_POINT Errno = 0x20000000 | 0xC0000000 | 0x236 + ERROR_SCE_DISABLED Errno = 0x20000000 | 0xC0000000 | 0x238 + ERROR_UNKNOWN_EXCEPTION Errno = 0x20000000 | 0xC0000000 | 0x239 + ERROR_PNP_REGISTRY_ERROR Errno = 0x20000000 | 0xC0000000 | 0x23A + ERROR_REMOTE_REQUEST_UNSUPPORTED Errno = 0x20000000 | 0xC0000000 | 0x23B + ERROR_NOT_AN_INSTALLED_OEM_INF Errno = 0x20000000 | 0xC0000000 | 0x23C + ERROR_INF_IN_USE_BY_DEVICES Errno = 0x20000000 | 0xC0000000 | 0x23D + ERROR_DI_FUNCTION_OBSOLETE Errno = 0x20000000 | 0xC0000000 | 0x23E + ERROR_NO_AUTHENTICODE_CATALOG Errno = 0x20000000 | 0xC0000000 | 0x23F + ERROR_AUTHENTICODE_DISALLOWED Errno = 0x20000000 | 0xC0000000 | 0x240 + ERROR_AUTHENTICODE_TRUSTED_PUBLISHER Errno = 0x20000000 | 0xC0000000 | 0x241 + ERROR_AUTHENTICODE_TRUST_NOT_ESTABLISHED Errno = 0x20000000 | 0xC0000000 | 0x242 + ERROR_AUTHENTICODE_PUBLISHER_NOT_TRUSTED Errno = 0x20000000 | 0xC0000000 | 0x243 + ERROR_SIGNATURE_OSATTRIBUTE_MISMATCH Errno = 0x20000000 | 0xC0000000 | 0x244 + ERROR_ONLY_VALIDATE_VIA_AUTHENTICODE Errno = 0x20000000 | 0xC0000000 | 0x245 + ERROR_DEVICE_INSTALLER_NOT_READY Errno = 0x20000000 | 0xC0000000 | 0x246 + ERROR_DRIVER_STORE_ADD_FAILED Errno = 0x20000000 | 0xC0000000 | 0x247 + ERROR_DEVICE_INSTALL_BLOCKED Errno = 0x20000000 | 0xC0000000 | 0x248 + ERROR_DRIVER_INSTALL_BLOCKED Errno = 0x20000000 | 0xC0000000 | 0x249 + ERROR_WRONG_INF_TYPE Errno = 0x20000000 | 0xC0000000 | 0x24A + ERROR_FILE_HASH_NOT_IN_CATALOG Errno = 0x20000000 | 0xC0000000 | 0x24B + ERROR_DRIVER_STORE_DELETE_FAILED Errno = 0x20000000 | 0xC0000000 | 0x24C + ERROR_UNRECOVERABLE_STACK_OVERFLOW Errno = 0x20000000 | 0xC0000000 | 0x300 + EXCEPTION_SPAPI_UNRECOVERABLE_STACK_OVERFLOW Errno = ERROR_UNRECOVERABLE_STACK_OVERFLOW + ERROR_NO_DEFAULT_INTERFACE_DEVICE Errno = ERROR_NO_DEFAULT_DEVICE_INTERFACE + ERROR_INTERFACE_DEVICE_ACTIVE Errno = ERROR_DEVICE_INTERFACE_ACTIVE + ERROR_INTERFACE_DEVICE_REMOVED Errno = ERROR_DEVICE_INTERFACE_REMOVED + ERROR_NO_SUCH_INTERFACE_DEVICE Errno = ERROR_NO_SUCH_DEVICE_INTERFACE +) + +const ( + MAX_DEVICE_ID_LEN = 200 + MAX_DEVNODE_ID_LEN = MAX_DEVICE_ID_LEN + MAX_GUID_STRING_LEN = 39 // 38 chars + terminator null + MAX_CLASS_NAME_LEN = 32 + MAX_PROFILE_LEN = 80 + MAX_CONFIG_VALUE = 9999 + MAX_INSTANCE_VALUE = 9999 + CONFIGMG_VERSION = 0x0400 +) + +// Maximum string length constants +const ( + LINE_LEN = 256 // Windows 9x-compatible maximum for displayable strings coming from a device INF. + MAX_INF_STRING_LENGTH = 4096 // Actual maximum size of an INF string (including string substitutions). + MAX_INF_SECTION_NAME_LENGTH = 255 // For Windows 9x compatibility, INF section names should be constrained to 32 characters. + MAX_TITLE_LEN = 60 + MAX_INSTRUCTION_LEN = 256 + MAX_LABEL_LEN = 30 + MAX_SERVICE_NAME_LEN = 256 + MAX_SUBTITLE_LEN = 256 +) + +const ( + // SP_MAX_MACHINENAME_LENGTH defines maximum length of a machine name in the format expected by ConfigMgr32 CM_Connect_Machine (i.e., "\\\\MachineName\0"). + SP_MAX_MACHINENAME_LENGTH = MAX_PATH + 3 +) + +// HSPFILEQ is type for setup file queue +type HSPFILEQ uintptr + +// DevInfo holds reference to device information set +type DevInfo Handle + +// DEVINST is a handle usually recognized by cfgmgr32 APIs +type DEVINST uint32 + +// DevInfoData is a device information structure (references a device instance that is a member of a device information set) +type DevInfoData struct { + size uint32 + ClassGUID GUID + DevInst DEVINST + _ uintptr +} + +// DevInfoListDetailData is a structure for detailed information on a device information set (used for SetupDiGetDeviceInfoListDetail which supersedes the functionality of SetupDiGetDeviceInfoListClass). +type DevInfoListDetailData struct { + size uint32 // Use unsafeSizeOf method + ClassGUID GUID + RemoteMachineHandle Handle + remoteMachineName [SP_MAX_MACHINENAME_LENGTH]uint16 +} + +func (*DevInfoListDetailData) unsafeSizeOf() uint32 { + if unsafe.Sizeof(uintptr(0)) == 4 { + // Windows declares this with pshpack1.h + return uint32(unsafe.Offsetof(DevInfoListDetailData{}.remoteMachineName) + unsafe.Sizeof(DevInfoListDetailData{}.remoteMachineName)) + } + return uint32(unsafe.Sizeof(DevInfoListDetailData{})) +} + +func (data *DevInfoListDetailData) RemoteMachineName() string { + return UTF16ToString(data.remoteMachineName[:]) +} + +func (data *DevInfoListDetailData) SetRemoteMachineName(remoteMachineName string) error { + str, err := UTF16FromString(remoteMachineName) + if err != nil { + return err + } + copy(data.remoteMachineName[:], str) + return nil +} + +// DI_FUNCTION is function type for device installer +type DI_FUNCTION uint32 + +const ( + DIF_SELECTDEVICE DI_FUNCTION = 0x00000001 + DIF_INSTALLDEVICE DI_FUNCTION = 0x00000002 + DIF_ASSIGNRESOURCES DI_FUNCTION = 0x00000003 + DIF_PROPERTIES DI_FUNCTION = 0x00000004 + DIF_REMOVE DI_FUNCTION = 0x00000005 + DIF_FIRSTTIMESETUP DI_FUNCTION = 0x00000006 + DIF_FOUNDDEVICE DI_FUNCTION = 0x00000007 + DIF_SELECTCLASSDRIVERS DI_FUNCTION = 0x00000008 + DIF_VALIDATECLASSDRIVERS DI_FUNCTION = 0x00000009 + DIF_INSTALLCLASSDRIVERS DI_FUNCTION = 0x0000000A + DIF_CALCDISKSPACE DI_FUNCTION = 0x0000000B + DIF_DESTROYPRIVATEDATA DI_FUNCTION = 0x0000000C + DIF_VALIDATEDRIVER DI_FUNCTION = 0x0000000D + DIF_DETECT DI_FUNCTION = 0x0000000F + DIF_INSTALLWIZARD DI_FUNCTION = 0x00000010 + DIF_DESTROYWIZARDDATA DI_FUNCTION = 0x00000011 + DIF_PROPERTYCHANGE DI_FUNCTION = 0x00000012 + DIF_ENABLECLASS DI_FUNCTION = 0x00000013 + DIF_DETECTVERIFY DI_FUNCTION = 0x00000014 + DIF_INSTALLDEVICEFILES DI_FUNCTION = 0x00000015 + DIF_UNREMOVE DI_FUNCTION = 0x00000016 + DIF_SELECTBESTCOMPATDRV DI_FUNCTION = 0x00000017 + DIF_ALLOW_INSTALL DI_FUNCTION = 0x00000018 + DIF_REGISTERDEVICE DI_FUNCTION = 0x00000019 + DIF_NEWDEVICEWIZARD_PRESELECT DI_FUNCTION = 0x0000001A + DIF_NEWDEVICEWIZARD_SELECT DI_FUNCTION = 0x0000001B + DIF_NEWDEVICEWIZARD_PREANALYZE DI_FUNCTION = 0x0000001C + DIF_NEWDEVICEWIZARD_POSTANALYZE DI_FUNCTION = 0x0000001D + DIF_NEWDEVICEWIZARD_FINISHINSTALL DI_FUNCTION = 0x0000001E + DIF_INSTALLINTERFACES DI_FUNCTION = 0x00000020 + DIF_DETECTCANCEL DI_FUNCTION = 0x00000021 + DIF_REGISTER_COINSTALLERS DI_FUNCTION = 0x00000022 + DIF_ADDPROPERTYPAGE_ADVANCED DI_FUNCTION = 0x00000023 + DIF_ADDPROPERTYPAGE_BASIC DI_FUNCTION = 0x00000024 + DIF_TROUBLESHOOTER DI_FUNCTION = 0x00000026 + DIF_POWERMESSAGEWAKE DI_FUNCTION = 0x00000027 + DIF_ADDREMOTEPROPERTYPAGE_ADVANCED DI_FUNCTION = 0x00000028 + DIF_UPDATEDRIVER_UI DI_FUNCTION = 0x00000029 + DIF_FINISHINSTALL_ACTION DI_FUNCTION = 0x0000002A +) + +// DevInstallParams is device installation parameters structure (associated with a particular device information element, or globally with a device information set) +type DevInstallParams struct { + size uint32 + Flags DI_FLAGS + FlagsEx DI_FLAGSEX + hwndParent uintptr + InstallMsgHandler uintptr + InstallMsgHandlerContext uintptr + FileQueue HSPFILEQ + _ uintptr + _ uint32 + driverPath [MAX_PATH]uint16 +} + +func (params *DevInstallParams) DriverPath() string { + return UTF16ToString(params.driverPath[:]) +} + +func (params *DevInstallParams) SetDriverPath(driverPath string) error { + str, err := UTF16FromString(driverPath) + if err != nil { + return err + } + copy(params.driverPath[:], str) + return nil +} + +// DI_FLAGS is SP_DEVINSTALL_PARAMS.Flags values +type DI_FLAGS uint32 + +const ( + // Flags for choosing a device + DI_SHOWOEM DI_FLAGS = 0x00000001 // support Other... button + DI_SHOWCOMPAT DI_FLAGS = 0x00000002 // show compatibility list + DI_SHOWCLASS DI_FLAGS = 0x00000004 // show class list + DI_SHOWALL DI_FLAGS = 0x00000007 // both class & compat list shown + DI_NOVCP DI_FLAGS = 0x00000008 // don't create a new copy queue--use caller-supplied FileQueue + DI_DIDCOMPAT DI_FLAGS = 0x00000010 // Searched for compatible devices + DI_DIDCLASS DI_FLAGS = 0x00000020 // Searched for class devices + DI_AUTOASSIGNRES DI_FLAGS = 0x00000040 // No UI for resources if possible + + // Flags returned by DiInstallDevice to indicate need to reboot/restart + DI_NEEDRESTART DI_FLAGS = 0x00000080 // Reboot required to take effect + DI_NEEDREBOOT DI_FLAGS = 0x00000100 // "" + + // Flags for device installation + DI_NOBROWSE DI_FLAGS = 0x00000200 // no Browse... in InsertDisk + + // Flags set by DiBuildDriverInfoList + DI_MULTMFGS DI_FLAGS = 0x00000400 // Set if multiple manufacturers in class driver list + + // Flag indicates that device is disabled + DI_DISABLED DI_FLAGS = 0x00000800 // Set if device disabled + + // Flags for Device/Class Properties + DI_GENERALPAGE_ADDED DI_FLAGS = 0x00001000 + DI_RESOURCEPAGE_ADDED DI_FLAGS = 0x00002000 + + // Flag to indicate the setting properties for this Device (or class) caused a change so the Dev Mgr UI probably needs to be updated. + DI_PROPERTIES_CHANGE DI_FLAGS = 0x00004000 + + // Flag to indicate that the sorting from the INF file should be used. + DI_INF_IS_SORTED DI_FLAGS = 0x00008000 + + // Flag to indicate that only the the INF specified by SP_DEVINSTALL_PARAMS.DriverPath should be searched. + DI_ENUMSINGLEINF DI_FLAGS = 0x00010000 + + // Flag that prevents ConfigMgr from removing/re-enumerating devices during device + // registration, installation, and deletion. + DI_DONOTCALLCONFIGMG DI_FLAGS = 0x00020000 + + // The following flag can be used to install a device disabled + DI_INSTALLDISABLED DI_FLAGS = 0x00040000 + + // Flag that causes SetupDiBuildDriverInfoList to build a device's compatible driver + // list from its existing class driver list, instead of the normal INF search. + DI_COMPAT_FROM_CLASS DI_FLAGS = 0x00080000 + + // This flag is set if the Class Install params should be used. + DI_CLASSINSTALLPARAMS DI_FLAGS = 0x00100000 + + // This flag is set if the caller of DiCallClassInstaller does NOT want the internal default action performed if the Class installer returns ERROR_DI_DO_DEFAULT. + DI_NODI_DEFAULTACTION DI_FLAGS = 0x00200000 + + // Flags for device installation + DI_QUIETINSTALL DI_FLAGS = 0x00800000 // don't confuse the user with questions or excess info + DI_NOFILECOPY DI_FLAGS = 0x01000000 // No file Copy necessary + DI_FORCECOPY DI_FLAGS = 0x02000000 // Force files to be copied from install path + DI_DRIVERPAGE_ADDED DI_FLAGS = 0x04000000 // Prop provider added Driver page. + DI_USECI_SELECTSTRINGS DI_FLAGS = 0x08000000 // Use Class Installer Provided strings in the Select Device Dlg + DI_OVERRIDE_INFFLAGS DI_FLAGS = 0x10000000 // Override INF flags + DI_PROPS_NOCHANGEUSAGE DI_FLAGS = 0x20000000 // No Enable/Disable in General Props + + DI_NOSELECTICONS DI_FLAGS = 0x40000000 // No small icons in select device dialogs + + DI_NOWRITE_IDS DI_FLAGS = 0x80000000 // Don't write HW & Compat IDs on install +) + +// DI_FLAGSEX is SP_DEVINSTALL_PARAMS.FlagsEx values +type DI_FLAGSEX uint32 + +const ( + DI_FLAGSEX_CI_FAILED DI_FLAGSEX = 0x00000004 // Failed to Load/Call class installer + DI_FLAGSEX_FINISHINSTALL_ACTION DI_FLAGSEX = 0x00000008 // Class/co-installer wants to get a DIF_FINISH_INSTALL action in client context. + DI_FLAGSEX_DIDINFOLIST DI_FLAGSEX = 0x00000010 // Did the Class Info List + DI_FLAGSEX_DIDCOMPATINFO DI_FLAGSEX = 0x00000020 // Did the Compat Info List + DI_FLAGSEX_FILTERCLASSES DI_FLAGSEX = 0x00000040 + DI_FLAGSEX_SETFAILEDINSTALL DI_FLAGSEX = 0x00000080 + DI_FLAGSEX_DEVICECHANGE DI_FLAGSEX = 0x00000100 + DI_FLAGSEX_ALWAYSWRITEIDS DI_FLAGSEX = 0x00000200 + DI_FLAGSEX_PROPCHANGE_PENDING DI_FLAGSEX = 0x00000400 // One or more device property sheets have had changes made to them, and need to have a DIF_PROPERTYCHANGE occur. + DI_FLAGSEX_ALLOWEXCLUDEDDRVS DI_FLAGSEX = 0x00000800 + DI_FLAGSEX_NOUIONQUERYREMOVE DI_FLAGSEX = 0x00001000 + DI_FLAGSEX_USECLASSFORCOMPAT DI_FLAGSEX = 0x00002000 // Use the device's class when building compat drv list. (Ignored if DI_COMPAT_FROM_CLASS flag is specified.) + DI_FLAGSEX_NO_DRVREG_MODIFY DI_FLAGSEX = 0x00008000 // Don't run AddReg and DelReg for device's software (driver) key. + DI_FLAGSEX_IN_SYSTEM_SETUP DI_FLAGSEX = 0x00010000 // Installation is occurring during initial system setup. + DI_FLAGSEX_INET_DRIVER DI_FLAGSEX = 0x00020000 // Driver came from Windows Update + DI_FLAGSEX_APPENDDRIVERLIST DI_FLAGSEX = 0x00040000 // Cause SetupDiBuildDriverInfoList to append a new driver list to an existing list. + DI_FLAGSEX_PREINSTALLBACKUP DI_FLAGSEX = 0x00080000 // not used + DI_FLAGSEX_BACKUPONREPLACE DI_FLAGSEX = 0x00100000 // not used + DI_FLAGSEX_DRIVERLIST_FROM_URL DI_FLAGSEX = 0x00200000 // build driver list from INF(s) retrieved from URL specified in SP_DEVINSTALL_PARAMS.DriverPath (empty string means Windows Update website) + DI_FLAGSEX_EXCLUDE_OLD_INET_DRIVERS DI_FLAGSEX = 0x00800000 // Don't include old Internet drivers when building a driver list. Ignored on Windows Vista and later. + DI_FLAGSEX_POWERPAGE_ADDED DI_FLAGSEX = 0x01000000 // class installer added their own power page + DI_FLAGSEX_FILTERSIMILARDRIVERS DI_FLAGSEX = 0x02000000 // only include similar drivers in class list + DI_FLAGSEX_INSTALLEDDRIVER DI_FLAGSEX = 0x04000000 // only add the installed driver to the class or compat driver list. Used in calls to SetupDiBuildDriverInfoList + DI_FLAGSEX_NO_CLASSLIST_NODE_MERGE DI_FLAGSEX = 0x08000000 // Don't remove identical driver nodes from the class list + DI_FLAGSEX_ALTPLATFORM_DRVSEARCH DI_FLAGSEX = 0x10000000 // Build driver list based on alternate platform information specified in associated file queue + DI_FLAGSEX_RESTART_DEVICE_ONLY DI_FLAGSEX = 0x20000000 // only restart the device drivers are being installed on as opposed to restarting all devices using those drivers. + DI_FLAGSEX_RECURSIVESEARCH DI_FLAGSEX = 0x40000000 // Tell SetupDiBuildDriverInfoList to do a recursive search + DI_FLAGSEX_SEARCH_PUBLISHED_INFS DI_FLAGSEX = 0x80000000 // Tell SetupDiBuildDriverInfoList to do a "published INF" search +) + +// ClassInstallHeader is the first member of any class install parameters structure. It contains the device installation request code that defines the format of the rest of the install parameters structure. +type ClassInstallHeader struct { + size uint32 + InstallFunction DI_FUNCTION +} + +func MakeClassInstallHeader(installFunction DI_FUNCTION) *ClassInstallHeader { + hdr := &ClassInstallHeader{InstallFunction: installFunction} + hdr.size = uint32(unsafe.Sizeof(*hdr)) + return hdr +} + +// DICS_STATE specifies values indicating a change in a device's state +type DICS_STATE uint32 + +const ( + DICS_ENABLE DICS_STATE = 0x00000001 // The device is being enabled. + DICS_DISABLE DICS_STATE = 0x00000002 // The device is being disabled. + DICS_PROPCHANGE DICS_STATE = 0x00000003 // The properties of the device have changed. + DICS_START DICS_STATE = 0x00000004 // The device is being started (if the request is for the currently active hardware profile). + DICS_STOP DICS_STATE = 0x00000005 // The device is being stopped. The driver stack will be unloaded and the CSCONFIGFLAG_DO_NOT_START flag will be set for the device. +) + +// DICS_FLAG specifies the scope of a device property change +type DICS_FLAG uint32 + +const ( + DICS_FLAG_GLOBAL DICS_FLAG = 0x00000001 // make change in all hardware profiles + DICS_FLAG_CONFIGSPECIFIC DICS_FLAG = 0x00000002 // make change in specified profile only + DICS_FLAG_CONFIGGENERAL DICS_FLAG = 0x00000004 // 1 or more hardware profile-specific changes to follow (obsolete) +) + +// PropChangeParams is a structure corresponding to a DIF_PROPERTYCHANGE install function. +type PropChangeParams struct { + ClassInstallHeader ClassInstallHeader + StateChange DICS_STATE + Scope DICS_FLAG + HwProfile uint32 +} + +// DI_REMOVEDEVICE specifies the scope of the device removal +type DI_REMOVEDEVICE uint32 + +const ( + DI_REMOVEDEVICE_GLOBAL DI_REMOVEDEVICE = 0x00000001 // Make this change in all hardware profiles. Remove information about the device from the registry. + DI_REMOVEDEVICE_CONFIGSPECIFIC DI_REMOVEDEVICE = 0x00000002 // Make this change to only the hardware profile specified by HwProfile. this flag only applies to root-enumerated devices. When Windows removes the device from the last hardware profile in which it was configured, Windows performs a global removal. +) + +// RemoveDeviceParams is a structure corresponding to a DIF_REMOVE install function. +type RemoveDeviceParams struct { + ClassInstallHeader ClassInstallHeader + Scope DI_REMOVEDEVICE + HwProfile uint32 +} + +// DrvInfoData is driver information structure (member of a driver info list that may be associated with a particular device instance, or (globally) with a device information set) +type DrvInfoData struct { + size uint32 + DriverType uint32 + _ uintptr + description [LINE_LEN]uint16 + mfgName [LINE_LEN]uint16 + providerName [LINE_LEN]uint16 + DriverDate Filetime + DriverVersion uint64 +} + +func (data *DrvInfoData) Description() string { + return UTF16ToString(data.description[:]) +} + +func (data *DrvInfoData) SetDescription(description string) error { + str, err := UTF16FromString(description) + if err != nil { + return err + } + copy(data.description[:], str) + return nil +} + +func (data *DrvInfoData) MfgName() string { + return UTF16ToString(data.mfgName[:]) +} + +func (data *DrvInfoData) SetMfgName(mfgName string) error { + str, err := UTF16FromString(mfgName) + if err != nil { + return err + } + copy(data.mfgName[:], str) + return nil +} + +func (data *DrvInfoData) ProviderName() string { + return UTF16ToString(data.providerName[:]) +} + +func (data *DrvInfoData) SetProviderName(providerName string) error { + str, err := UTF16FromString(providerName) + if err != nil { + return err + } + copy(data.providerName[:], str) + return nil +} + +// IsNewer method returns true if DrvInfoData date and version is newer than supplied parameters. +func (data *DrvInfoData) IsNewer(driverDate Filetime, driverVersion uint64) bool { + if data.DriverDate.HighDateTime > driverDate.HighDateTime { + return true + } + if data.DriverDate.HighDateTime < driverDate.HighDateTime { + return false + } + + if data.DriverDate.LowDateTime > driverDate.LowDateTime { + return true + } + if data.DriverDate.LowDateTime < driverDate.LowDateTime { + return false + } + + if data.DriverVersion > driverVersion { + return true + } + if data.DriverVersion < driverVersion { + return false + } + + return false +} + +// DrvInfoDetailData is driver information details structure (provides detailed information about a particular driver information structure) +type DrvInfoDetailData struct { + size uint32 // Use unsafeSizeOf method + InfDate Filetime + compatIDsOffset uint32 + compatIDsLength uint32 + _ uintptr + sectionName [LINE_LEN]uint16 + infFileName [MAX_PATH]uint16 + drvDescription [LINE_LEN]uint16 + hardwareID [1]uint16 +} + +func (*DrvInfoDetailData) unsafeSizeOf() uint32 { + if unsafe.Sizeof(uintptr(0)) == 4 { + // Windows declares this with pshpack1.h + return uint32(unsafe.Offsetof(DrvInfoDetailData{}.hardwareID) + unsafe.Sizeof(DrvInfoDetailData{}.hardwareID)) + } + return uint32(unsafe.Sizeof(DrvInfoDetailData{})) +} + +func (data *DrvInfoDetailData) SectionName() string { + return UTF16ToString(data.sectionName[:]) +} + +func (data *DrvInfoDetailData) InfFileName() string { + return UTF16ToString(data.infFileName[:]) +} + +func (data *DrvInfoDetailData) DrvDescription() string { + return UTF16ToString(data.drvDescription[:]) +} + +func (data *DrvInfoDetailData) HardwareID() string { + if data.compatIDsOffset > 1 { + bufW := data.getBuf() + return UTF16ToString(bufW[:wcslen(bufW)]) + } + + return "" +} + +func (data *DrvInfoDetailData) CompatIDs() []string { + a := make([]string, 0) + + if data.compatIDsLength > 0 { + bufW := data.getBuf() + bufW = bufW[data.compatIDsOffset : data.compatIDsOffset+data.compatIDsLength] + for i := 0; i < len(bufW); { + j := i + wcslen(bufW[i:]) + if i < j { + a = append(a, UTF16ToString(bufW[i:j])) + } + i = j + 1 + } + } + + return a +} + +func (data *DrvInfoDetailData) getBuf() []uint16 { + len := (data.size - uint32(unsafe.Offsetof(data.hardwareID))) / 2 + sl := struct { + addr *uint16 + len int + cap int + }{&data.hardwareID[0], int(len), int(len)} + return *(*[]uint16)(unsafe.Pointer(&sl)) +} + +// IsCompatible method tests if given hardware ID matches the driver or is listed on the compatible ID list. +func (data *DrvInfoDetailData) IsCompatible(hwid string) bool { + hwidLC := strings.ToLower(hwid) + if strings.ToLower(data.HardwareID()) == hwidLC { + return true + } + a := data.CompatIDs() + for i := range a { + if strings.ToLower(a[i]) == hwidLC { + return true + } + } + + return false +} + +// DICD flags control SetupDiCreateDeviceInfo +type DICD uint32 + +const ( + DICD_GENERATE_ID DICD = 0x00000001 + DICD_INHERIT_CLASSDRVS DICD = 0x00000002 +) + +// SUOI flags control SetupUninstallOEMInf +type SUOI uint32 + +const ( + SUOI_FORCEDELETE SUOI = 0x0001 +) + +// SPDIT flags to distinguish between class drivers and +// device drivers. (Passed in 'DriverType' parameter of +// driver information list APIs) +type SPDIT uint32 + +const ( + SPDIT_NODRIVER SPDIT = 0x00000000 + SPDIT_CLASSDRIVER SPDIT = 0x00000001 + SPDIT_COMPATDRIVER SPDIT = 0x00000002 +) + +// DIGCF flags control what is included in the device information set built by SetupDiGetClassDevs +type DIGCF uint32 + +const ( + DIGCF_DEFAULT DIGCF = 0x00000001 // only valid with DIGCF_DEVICEINTERFACE + DIGCF_PRESENT DIGCF = 0x00000002 + DIGCF_ALLCLASSES DIGCF = 0x00000004 + DIGCF_PROFILE DIGCF = 0x00000008 + DIGCF_DEVICEINTERFACE DIGCF = 0x00000010 +) + +// DIREG specifies values for SetupDiCreateDevRegKey, SetupDiOpenDevRegKey, and SetupDiDeleteDevRegKey. +type DIREG uint32 + +const ( + DIREG_DEV DIREG = 0x00000001 // Open/Create/Delete device key + DIREG_DRV DIREG = 0x00000002 // Open/Create/Delete driver key + DIREG_BOTH DIREG = 0x00000004 // Delete both driver and Device key +) + +// SPDRP specifies device registry property codes +// (Codes marked as read-only (R) may only be used for +// SetupDiGetDeviceRegistryProperty) +// +// These values should cover the same set of registry properties +// as defined by the CM_DRP codes in cfgmgr32.h. +// +// Note that SPDRP codes are zero based while CM_DRP codes are one based! +type SPDRP uint32 + +const ( + SPDRP_DEVICEDESC SPDRP = 0x00000000 // DeviceDesc (R/W) + SPDRP_HARDWAREID SPDRP = 0x00000001 // HardwareID (R/W) + SPDRP_COMPATIBLEIDS SPDRP = 0x00000002 // CompatibleIDs (R/W) + SPDRP_SERVICE SPDRP = 0x00000004 // Service (R/W) + SPDRP_CLASS SPDRP = 0x00000007 // Class (R--tied to ClassGUID) + SPDRP_CLASSGUID SPDRP = 0x00000008 // ClassGUID (R/W) + SPDRP_DRIVER SPDRP = 0x00000009 // Driver (R/W) + SPDRP_CONFIGFLAGS SPDRP = 0x0000000A // ConfigFlags (R/W) + SPDRP_MFG SPDRP = 0x0000000B // Mfg (R/W) + SPDRP_FRIENDLYNAME SPDRP = 0x0000000C // FriendlyName (R/W) + SPDRP_LOCATION_INFORMATION SPDRP = 0x0000000D // LocationInformation (R/W) + SPDRP_PHYSICAL_DEVICE_OBJECT_NAME SPDRP = 0x0000000E // PhysicalDeviceObjectName (R) + SPDRP_CAPABILITIES SPDRP = 0x0000000F // Capabilities (R) + SPDRP_UI_NUMBER SPDRP = 0x00000010 // UiNumber (R) + SPDRP_UPPERFILTERS SPDRP = 0x00000011 // UpperFilters (R/W) + SPDRP_LOWERFILTERS SPDRP = 0x00000012 // LowerFilters (R/W) + SPDRP_BUSTYPEGUID SPDRP = 0x00000013 // BusTypeGUID (R) + SPDRP_LEGACYBUSTYPE SPDRP = 0x00000014 // LegacyBusType (R) + SPDRP_BUSNUMBER SPDRP = 0x00000015 // BusNumber (R) + SPDRP_ENUMERATOR_NAME SPDRP = 0x00000016 // Enumerator Name (R) + SPDRP_SECURITY SPDRP = 0x00000017 // Security (R/W, binary form) + SPDRP_SECURITY_SDS SPDRP = 0x00000018 // Security (W, SDS form) + SPDRP_DEVTYPE SPDRP = 0x00000019 // Device Type (R/W) + SPDRP_EXCLUSIVE SPDRP = 0x0000001A // Device is exclusive-access (R/W) + SPDRP_CHARACTERISTICS SPDRP = 0x0000001B // Device Characteristics (R/W) + SPDRP_ADDRESS SPDRP = 0x0000001C // Device Address (R) + SPDRP_UI_NUMBER_DESC_FORMAT SPDRP = 0x0000001D // UiNumberDescFormat (R/W) + SPDRP_DEVICE_POWER_DATA SPDRP = 0x0000001E // Device Power Data (R) + SPDRP_REMOVAL_POLICY SPDRP = 0x0000001F // Removal Policy (R) + SPDRP_REMOVAL_POLICY_HW_DEFAULT SPDRP = 0x00000020 // Hardware Removal Policy (R) + SPDRP_REMOVAL_POLICY_OVERRIDE SPDRP = 0x00000021 // Removal Policy Override (RW) + SPDRP_INSTALL_STATE SPDRP = 0x00000022 // Device Install State (R) + SPDRP_LOCATION_PATHS SPDRP = 0x00000023 // Device Location Paths (R) + SPDRP_BASE_CONTAINERID SPDRP = 0x00000024 // Base ContainerID (R) + + SPDRP_MAXIMUM_PROPERTY SPDRP = 0x00000025 // Upper bound on ordinals +) + +// DEVPROPTYPE represents the property-data-type identifier that specifies the +// data type of a device property value in the unified device property model. +type DEVPROPTYPE uint32 + +const ( + DEVPROP_TYPEMOD_ARRAY DEVPROPTYPE = 0x00001000 + DEVPROP_TYPEMOD_LIST DEVPROPTYPE = 0x00002000 + + DEVPROP_TYPE_EMPTY DEVPROPTYPE = 0x00000000 + DEVPROP_TYPE_NULL DEVPROPTYPE = 0x00000001 + DEVPROP_TYPE_SBYTE DEVPROPTYPE = 0x00000002 + DEVPROP_TYPE_BYTE DEVPROPTYPE = 0x00000003 + DEVPROP_TYPE_INT16 DEVPROPTYPE = 0x00000004 + DEVPROP_TYPE_UINT16 DEVPROPTYPE = 0x00000005 + DEVPROP_TYPE_INT32 DEVPROPTYPE = 0x00000006 + DEVPROP_TYPE_UINT32 DEVPROPTYPE = 0x00000007 + DEVPROP_TYPE_INT64 DEVPROPTYPE = 0x00000008 + DEVPROP_TYPE_UINT64 DEVPROPTYPE = 0x00000009 + DEVPROP_TYPE_FLOAT DEVPROPTYPE = 0x0000000A + DEVPROP_TYPE_DOUBLE DEVPROPTYPE = 0x0000000B + DEVPROP_TYPE_DECIMAL DEVPROPTYPE = 0x0000000C + DEVPROP_TYPE_GUID DEVPROPTYPE = 0x0000000D + DEVPROP_TYPE_CURRENCY DEVPROPTYPE = 0x0000000E + DEVPROP_TYPE_DATE DEVPROPTYPE = 0x0000000F + DEVPROP_TYPE_FILETIME DEVPROPTYPE = 0x00000010 + DEVPROP_TYPE_BOOLEAN DEVPROPTYPE = 0x00000011 + DEVPROP_TYPE_STRING DEVPROPTYPE = 0x00000012 + DEVPROP_TYPE_STRING_LIST DEVPROPTYPE = DEVPROP_TYPE_STRING | DEVPROP_TYPEMOD_LIST + DEVPROP_TYPE_SECURITY_DESCRIPTOR DEVPROPTYPE = 0x00000013 + DEVPROP_TYPE_SECURITY_DESCRIPTOR_STRING DEVPROPTYPE = 0x00000014 + DEVPROP_TYPE_DEVPROPKEY DEVPROPTYPE = 0x00000015 + DEVPROP_TYPE_DEVPROPTYPE DEVPROPTYPE = 0x00000016 + DEVPROP_TYPE_BINARY DEVPROPTYPE = DEVPROP_TYPE_BYTE | DEVPROP_TYPEMOD_ARRAY + DEVPROP_TYPE_ERROR DEVPROPTYPE = 0x00000017 + DEVPROP_TYPE_NTSTATUS DEVPROPTYPE = 0x00000018 + DEVPROP_TYPE_STRING_INDIRECT DEVPROPTYPE = 0x00000019 + + MAX_DEVPROP_TYPE DEVPROPTYPE = 0x00000019 + MAX_DEVPROP_TYPEMOD DEVPROPTYPE = 0x00002000 + + DEVPROP_MASK_TYPE DEVPROPTYPE = 0x00000FFF + DEVPROP_MASK_TYPEMOD DEVPROPTYPE = 0x0000F000 +) + +// DEVPROPGUID specifies a property category. +type DEVPROPGUID GUID + +// DEVPROPID uniquely identifies the property within the property category. +type DEVPROPID uint32 + +const DEVPROPID_FIRST_USABLE DEVPROPID = 2 + +// DEVPROPKEY represents a device property key for a device property in the +// unified device property model. +type DEVPROPKEY struct { + FmtID DEVPROPGUID + PID DEVPROPID +} + +// CONFIGRET is a return value or error code from cfgmgr32 APIs +type CONFIGRET uint32 + +func (ret CONFIGRET) Error() string { + if win32Error, ok := ret.Unwrap().(Errno); ok { + return fmt.Sprintf("%s (CfgMgr error: 0x%08x)", win32Error.Error(), uint32(ret)) + } + return fmt.Sprintf("CfgMgr error: 0x%08x", uint32(ret)) +} + +func (ret CONFIGRET) Win32Error(defaultError Errno) Errno { + return cm_MapCrToWin32Err(ret, defaultError) +} + +func (ret CONFIGRET) Unwrap() error { + const noMatch = Errno(^uintptr(0)) + win32Error := ret.Win32Error(noMatch) + if win32Error == noMatch { + return nil + } + return win32Error +} + +const ( + CR_SUCCESS CONFIGRET = 0x00000000 + CR_DEFAULT CONFIGRET = 0x00000001 + CR_OUT_OF_MEMORY CONFIGRET = 0x00000002 + CR_INVALID_POINTER CONFIGRET = 0x00000003 + CR_INVALID_FLAG CONFIGRET = 0x00000004 + CR_INVALID_DEVNODE CONFIGRET = 0x00000005 + CR_INVALID_DEVINST = CR_INVALID_DEVNODE + CR_INVALID_RES_DES CONFIGRET = 0x00000006 + CR_INVALID_LOG_CONF CONFIGRET = 0x00000007 + CR_INVALID_ARBITRATOR CONFIGRET = 0x00000008 + CR_INVALID_NODELIST CONFIGRET = 0x00000009 + CR_DEVNODE_HAS_REQS CONFIGRET = 0x0000000A + CR_DEVINST_HAS_REQS = CR_DEVNODE_HAS_REQS + CR_INVALID_RESOURCEID CONFIGRET = 0x0000000B + CR_DLVXD_NOT_FOUND CONFIGRET = 0x0000000C + CR_NO_SUCH_DEVNODE CONFIGRET = 0x0000000D + CR_NO_SUCH_DEVINST = CR_NO_SUCH_DEVNODE + CR_NO_MORE_LOG_CONF CONFIGRET = 0x0000000E + CR_NO_MORE_RES_DES CONFIGRET = 0x0000000F + CR_ALREADY_SUCH_DEVNODE CONFIGRET = 0x00000010 + CR_ALREADY_SUCH_DEVINST = CR_ALREADY_SUCH_DEVNODE + CR_INVALID_RANGE_LIST CONFIGRET = 0x00000011 + CR_INVALID_RANGE CONFIGRET = 0x00000012 + CR_FAILURE CONFIGRET = 0x00000013 + CR_NO_SUCH_LOGICAL_DEV CONFIGRET = 0x00000014 + CR_CREATE_BLOCKED CONFIGRET = 0x00000015 + CR_NOT_SYSTEM_VM CONFIGRET = 0x00000016 + CR_REMOVE_VETOED CONFIGRET = 0x00000017 + CR_APM_VETOED CONFIGRET = 0x00000018 + CR_INVALID_LOAD_TYPE CONFIGRET = 0x00000019 + CR_BUFFER_SMALL CONFIGRET = 0x0000001A + CR_NO_ARBITRATOR CONFIGRET = 0x0000001B + CR_NO_REGISTRY_HANDLE CONFIGRET = 0x0000001C + CR_REGISTRY_ERROR CONFIGRET = 0x0000001D + CR_INVALID_DEVICE_ID CONFIGRET = 0x0000001E + CR_INVALID_DATA CONFIGRET = 0x0000001F + CR_INVALID_API CONFIGRET = 0x00000020 + CR_DEVLOADER_NOT_READY CONFIGRET = 0x00000021 + CR_NEED_RESTART CONFIGRET = 0x00000022 + CR_NO_MORE_HW_PROFILES CONFIGRET = 0x00000023 + CR_DEVICE_NOT_THERE CONFIGRET = 0x00000024 + CR_NO_SUCH_VALUE CONFIGRET = 0x00000025 + CR_WRONG_TYPE CONFIGRET = 0x00000026 + CR_INVALID_PRIORITY CONFIGRET = 0x00000027 + CR_NOT_DISABLEABLE CONFIGRET = 0x00000028 + CR_FREE_RESOURCES CONFIGRET = 0x00000029 + CR_QUERY_VETOED CONFIGRET = 0x0000002A + CR_CANT_SHARE_IRQ CONFIGRET = 0x0000002B + CR_NO_DEPENDENT CONFIGRET = 0x0000002C + CR_SAME_RESOURCES CONFIGRET = 0x0000002D + CR_NO_SUCH_REGISTRY_KEY CONFIGRET = 0x0000002E + CR_INVALID_MACHINENAME CONFIGRET = 0x0000002F + CR_REMOTE_COMM_FAILURE CONFIGRET = 0x00000030 + CR_MACHINE_UNAVAILABLE CONFIGRET = 0x00000031 + CR_NO_CM_SERVICES CONFIGRET = 0x00000032 + CR_ACCESS_DENIED CONFIGRET = 0x00000033 + CR_CALL_NOT_IMPLEMENTED CONFIGRET = 0x00000034 + CR_INVALID_PROPERTY CONFIGRET = 0x00000035 + CR_DEVICE_INTERFACE_ACTIVE CONFIGRET = 0x00000036 + CR_NO_SUCH_DEVICE_INTERFACE CONFIGRET = 0x00000037 + CR_INVALID_REFERENCE_STRING CONFIGRET = 0x00000038 + CR_INVALID_CONFLICT_LIST CONFIGRET = 0x00000039 + CR_INVALID_INDEX CONFIGRET = 0x0000003A + CR_INVALID_STRUCTURE_SIZE CONFIGRET = 0x0000003B + NUM_CR_RESULTS CONFIGRET = 0x0000003C +) + +const ( + CM_GET_DEVICE_INTERFACE_LIST_PRESENT = 0 // only currently 'live' device interfaces + CM_GET_DEVICE_INTERFACE_LIST_ALL_DEVICES = 1 // all registered device interfaces, live or not +) + +const ( + DN_ROOT_ENUMERATED = 0x00000001 // Was enumerated by ROOT + DN_DRIVER_LOADED = 0x00000002 // Has Register_Device_Driver + DN_ENUM_LOADED = 0x00000004 // Has Register_Enumerator + DN_STARTED = 0x00000008 // Is currently configured + DN_MANUAL = 0x00000010 // Manually installed + DN_NEED_TO_ENUM = 0x00000020 // May need reenumeration + DN_NOT_FIRST_TIME = 0x00000040 // Has received a config + DN_HARDWARE_ENUM = 0x00000080 // Enum generates hardware ID + DN_LIAR = 0x00000100 // Lied about can reconfig once + DN_HAS_MARK = 0x00000200 // Not CM_Create_DevInst lately + DN_HAS_PROBLEM = 0x00000400 // Need device installer + DN_FILTERED = 0x00000800 // Is filtered + DN_MOVED = 0x00001000 // Has been moved + DN_DISABLEABLE = 0x00002000 // Can be disabled + DN_REMOVABLE = 0x00004000 // Can be removed + DN_PRIVATE_PROBLEM = 0x00008000 // Has a private problem + DN_MF_PARENT = 0x00010000 // Multi function parent + DN_MF_CHILD = 0x00020000 // Multi function child + DN_WILL_BE_REMOVED = 0x00040000 // DevInst is being removed + DN_NOT_FIRST_TIMEE = 0x00080000 // Has received a config enumerate + DN_STOP_FREE_RES = 0x00100000 // When child is stopped, free resources + DN_REBAL_CANDIDATE = 0x00200000 // Don't skip during rebalance + DN_BAD_PARTIAL = 0x00400000 // This devnode's log_confs do not have same resources + DN_NT_ENUMERATOR = 0x00800000 // This devnode's is an NT enumerator + DN_NT_DRIVER = 0x01000000 // This devnode's is an NT driver + DN_NEEDS_LOCKING = 0x02000000 // Devnode need lock resume processing + DN_ARM_WAKEUP = 0x04000000 // Devnode can be the wakeup device + DN_APM_ENUMERATOR = 0x08000000 // APM aware enumerator + DN_APM_DRIVER = 0x10000000 // APM aware driver + DN_SILENT_INSTALL = 0x20000000 // Silent install + DN_NO_SHOW_IN_DM = 0x40000000 // No show in device manager + DN_BOOT_LOG_PROB = 0x80000000 // Had a problem during preassignment of boot log conf + DN_NEED_RESTART = DN_LIAR // System needs to be restarted for this Devnode to work properly + DN_DRIVER_BLOCKED = DN_NOT_FIRST_TIME // One or more drivers are blocked from loading for this Devnode + DN_LEGACY_DRIVER = DN_MOVED // This device is using a legacy driver + DN_CHILD_WITH_INVALID_ID = DN_HAS_MARK // One or more children have invalid IDs + DN_DEVICE_DISCONNECTED = DN_NEEDS_LOCKING // The function driver for a device reported that the device is not connected. Typically this means a wireless device is out of range. + DN_QUERY_REMOVE_PENDING = DN_MF_PARENT // Device is part of a set of related devices collectively pending query-removal + DN_QUERY_REMOVE_ACTIVE = DN_MF_CHILD // Device is actively engaged in a query-remove IRP + DN_CHANGEABLE_FLAGS = DN_NOT_FIRST_TIME | DN_HARDWARE_ENUM | DN_HAS_MARK | DN_DISABLEABLE | DN_REMOVABLE | DN_MF_CHILD | DN_MF_PARENT | DN_NOT_FIRST_TIMEE | DN_STOP_FREE_RES | DN_REBAL_CANDIDATE | DN_NT_ENUMERATOR | DN_NT_DRIVER | DN_SILENT_INSTALL | DN_NO_SHOW_IN_DM +) + +//sys setupDiCreateDeviceInfoListEx(classGUID *GUID, hwndParent uintptr, machineName *uint16, reserved uintptr) (handle DevInfo, err error) [failretval==DevInfo(InvalidHandle)] = setupapi.SetupDiCreateDeviceInfoListExW + +// SetupDiCreateDeviceInfoListEx function creates an empty device information set on a remote or a local computer and optionally associates the set with a device setup class. +func SetupDiCreateDeviceInfoListEx(classGUID *GUID, hwndParent uintptr, machineName string) (deviceInfoSet DevInfo, err error) { + var machineNameUTF16 *uint16 + if machineName != "" { + machineNameUTF16, err = UTF16PtrFromString(machineName) + if err != nil { + return + } + } + return setupDiCreateDeviceInfoListEx(classGUID, hwndParent, machineNameUTF16, 0) +} + +//sys setupDiGetDeviceInfoListDetail(deviceInfoSet DevInfo, deviceInfoSetDetailData *DevInfoListDetailData) (err error) = setupapi.SetupDiGetDeviceInfoListDetailW + +// SetupDiGetDeviceInfoListDetail function retrieves information associated with a device information set including the class GUID, remote computer handle, and remote computer name. +func SetupDiGetDeviceInfoListDetail(deviceInfoSet DevInfo) (deviceInfoSetDetailData *DevInfoListDetailData, err error) { + data := &DevInfoListDetailData{} + data.size = data.unsafeSizeOf() + + return data, setupDiGetDeviceInfoListDetail(deviceInfoSet, data) +} + +// DeviceInfoListDetail method retrieves information associated with a device information set including the class GUID, remote computer handle, and remote computer name. +func (deviceInfoSet DevInfo) DeviceInfoListDetail() (*DevInfoListDetailData, error) { + return SetupDiGetDeviceInfoListDetail(deviceInfoSet) +} + +//sys setupDiCreateDeviceInfo(deviceInfoSet DevInfo, DeviceName *uint16, classGUID *GUID, DeviceDescription *uint16, hwndParent uintptr, CreationFlags DICD, deviceInfoData *DevInfoData) (err error) = setupapi.SetupDiCreateDeviceInfoW + +// SetupDiCreateDeviceInfo function creates a new device information element and adds it as a new member to the specified device information set. +func SetupDiCreateDeviceInfo(deviceInfoSet DevInfo, deviceName string, classGUID *GUID, deviceDescription string, hwndParent uintptr, creationFlags DICD) (deviceInfoData *DevInfoData, err error) { + deviceNameUTF16, err := UTF16PtrFromString(deviceName) + if err != nil { + return + } + + var deviceDescriptionUTF16 *uint16 + if deviceDescription != "" { + deviceDescriptionUTF16, err = UTF16PtrFromString(deviceDescription) + if err != nil { + return + } + } + + data := &DevInfoData{} + data.size = uint32(unsafe.Sizeof(*data)) + + return data, setupDiCreateDeviceInfo(deviceInfoSet, deviceNameUTF16, classGUID, deviceDescriptionUTF16, hwndParent, creationFlags, data) +} + +// CreateDeviceInfo method creates a new device information element and adds it as a new member to the specified device information set. +func (deviceInfoSet DevInfo) CreateDeviceInfo(deviceName string, classGUID *GUID, deviceDescription string, hwndParent uintptr, creationFlags DICD) (*DevInfoData, error) { + return SetupDiCreateDeviceInfo(deviceInfoSet, deviceName, classGUID, deviceDescription, hwndParent, creationFlags) +} + +//sys setupDiEnumDeviceInfo(deviceInfoSet DevInfo, memberIndex uint32, deviceInfoData *DevInfoData) (err error) = setupapi.SetupDiEnumDeviceInfo + +// SetupDiEnumDeviceInfo function returns a DevInfoData structure that specifies a device information element in a device information set. +func SetupDiEnumDeviceInfo(deviceInfoSet DevInfo, memberIndex int) (*DevInfoData, error) { + data := &DevInfoData{} + data.size = uint32(unsafe.Sizeof(*data)) + + return data, setupDiEnumDeviceInfo(deviceInfoSet, uint32(memberIndex), data) +} + +// EnumDeviceInfo method returns a DevInfoData structure that specifies a device information element in a device information set. +func (deviceInfoSet DevInfo) EnumDeviceInfo(memberIndex int) (*DevInfoData, error) { + return SetupDiEnumDeviceInfo(deviceInfoSet, memberIndex) +} + +// SetupDiDestroyDeviceInfoList function deletes a device information set and frees all associated memory. +//sys SetupDiDestroyDeviceInfoList(deviceInfoSet DevInfo) (err error) = setupapi.SetupDiDestroyDeviceInfoList + +// Close method deletes a device information set and frees all associated memory. +func (deviceInfoSet DevInfo) Close() error { + return SetupDiDestroyDeviceInfoList(deviceInfoSet) +} + +//sys SetupDiBuildDriverInfoList(deviceInfoSet DevInfo, deviceInfoData *DevInfoData, driverType SPDIT) (err error) = setupapi.SetupDiBuildDriverInfoList + +// BuildDriverInfoList method builds a list of drivers that is associated with a specific device or with the global class driver list for a device information set. +func (deviceInfoSet DevInfo) BuildDriverInfoList(deviceInfoData *DevInfoData, driverType SPDIT) error { + return SetupDiBuildDriverInfoList(deviceInfoSet, deviceInfoData, driverType) +} + +//sys SetupDiCancelDriverInfoSearch(deviceInfoSet DevInfo) (err error) = setupapi.SetupDiCancelDriverInfoSearch + +// CancelDriverInfoSearch method cancels a driver list search that is currently in progress in a different thread. +func (deviceInfoSet DevInfo) CancelDriverInfoSearch() error { + return SetupDiCancelDriverInfoSearch(deviceInfoSet) +} + +//sys setupDiEnumDriverInfo(deviceInfoSet DevInfo, deviceInfoData *DevInfoData, driverType SPDIT, memberIndex uint32, driverInfoData *DrvInfoData) (err error) = setupapi.SetupDiEnumDriverInfoW + +// SetupDiEnumDriverInfo function enumerates the members of a driver list. +func SetupDiEnumDriverInfo(deviceInfoSet DevInfo, deviceInfoData *DevInfoData, driverType SPDIT, memberIndex int) (*DrvInfoData, error) { + data := &DrvInfoData{} + data.size = uint32(unsafe.Sizeof(*data)) + + return data, setupDiEnumDriverInfo(deviceInfoSet, deviceInfoData, driverType, uint32(memberIndex), data) +} + +// EnumDriverInfo method enumerates the members of a driver list. +func (deviceInfoSet DevInfo) EnumDriverInfo(deviceInfoData *DevInfoData, driverType SPDIT, memberIndex int) (*DrvInfoData, error) { + return SetupDiEnumDriverInfo(deviceInfoSet, deviceInfoData, driverType, memberIndex) +} + +//sys setupDiGetSelectedDriver(deviceInfoSet DevInfo, deviceInfoData *DevInfoData, driverInfoData *DrvInfoData) (err error) = setupapi.SetupDiGetSelectedDriverW + +// SetupDiGetSelectedDriver function retrieves the selected driver for a device information set or a particular device information element. +func SetupDiGetSelectedDriver(deviceInfoSet DevInfo, deviceInfoData *DevInfoData) (*DrvInfoData, error) { + data := &DrvInfoData{} + data.size = uint32(unsafe.Sizeof(*data)) + + return data, setupDiGetSelectedDriver(deviceInfoSet, deviceInfoData, data) +} + +// SelectedDriver method retrieves the selected driver for a device information set or a particular device information element. +func (deviceInfoSet DevInfo) SelectedDriver(deviceInfoData *DevInfoData) (*DrvInfoData, error) { + return SetupDiGetSelectedDriver(deviceInfoSet, deviceInfoData) +} + +//sys SetupDiSetSelectedDriver(deviceInfoSet DevInfo, deviceInfoData *DevInfoData, driverInfoData *DrvInfoData) (err error) = setupapi.SetupDiSetSelectedDriverW + +// SetSelectedDriver method sets, or resets, the selected driver for a device information element or the selected class driver for a device information set. +func (deviceInfoSet DevInfo) SetSelectedDriver(deviceInfoData *DevInfoData, driverInfoData *DrvInfoData) error { + return SetupDiSetSelectedDriver(deviceInfoSet, deviceInfoData, driverInfoData) +} + +//sys setupDiGetDriverInfoDetail(deviceInfoSet DevInfo, deviceInfoData *DevInfoData, driverInfoData *DrvInfoData, driverInfoDetailData *DrvInfoDetailData, driverInfoDetailDataSize uint32, requiredSize *uint32) (err error) = setupapi.SetupDiGetDriverInfoDetailW + +// SetupDiGetDriverInfoDetail function retrieves driver information detail for a device information set or a particular device information element in the device information set. +func SetupDiGetDriverInfoDetail(deviceInfoSet DevInfo, deviceInfoData *DevInfoData, driverInfoData *DrvInfoData) (*DrvInfoDetailData, error) { + reqSize := uint32(2048) + for { + buf := make([]byte, reqSize) + data := (*DrvInfoDetailData)(unsafe.Pointer(&buf[0])) + data.size = data.unsafeSizeOf() + err := setupDiGetDriverInfoDetail(deviceInfoSet, deviceInfoData, driverInfoData, data, uint32(len(buf)), &reqSize) + if err == ERROR_INSUFFICIENT_BUFFER { + continue + } + if err != nil { + return nil, err + } + data.size = reqSize + return data, nil + } +} + +// DriverInfoDetail method retrieves driver information detail for a device information set or a particular device information element in the device information set. +func (deviceInfoSet DevInfo) DriverInfoDetail(deviceInfoData *DevInfoData, driverInfoData *DrvInfoData) (*DrvInfoDetailData, error) { + return SetupDiGetDriverInfoDetail(deviceInfoSet, deviceInfoData, driverInfoData) +} + +//sys SetupDiDestroyDriverInfoList(deviceInfoSet DevInfo, deviceInfoData *DevInfoData, driverType SPDIT) (err error) = setupapi.SetupDiDestroyDriverInfoList + +// DestroyDriverInfoList method deletes a driver list. +func (deviceInfoSet DevInfo) DestroyDriverInfoList(deviceInfoData *DevInfoData, driverType SPDIT) error { + return SetupDiDestroyDriverInfoList(deviceInfoSet, deviceInfoData, driverType) +} + +//sys setupDiGetClassDevsEx(classGUID *GUID, Enumerator *uint16, hwndParent uintptr, Flags DIGCF, deviceInfoSet DevInfo, machineName *uint16, reserved uintptr) (handle DevInfo, err error) [failretval==DevInfo(InvalidHandle)] = setupapi.SetupDiGetClassDevsExW + +// SetupDiGetClassDevsEx function returns a handle to a device information set that contains requested device information elements for a local or a remote computer. +func SetupDiGetClassDevsEx(classGUID *GUID, enumerator string, hwndParent uintptr, flags DIGCF, deviceInfoSet DevInfo, machineName string) (handle DevInfo, err error) { + var enumeratorUTF16 *uint16 + if enumerator != "" { + enumeratorUTF16, err = UTF16PtrFromString(enumerator) + if err != nil { + return + } + } + var machineNameUTF16 *uint16 + if machineName != "" { + machineNameUTF16, err = UTF16PtrFromString(machineName) + if err != nil { + return + } + } + return setupDiGetClassDevsEx(classGUID, enumeratorUTF16, hwndParent, flags, deviceInfoSet, machineNameUTF16, 0) +} + +// SetupDiCallClassInstaller function calls the appropriate class installer, and any registered co-installers, with the specified installation request (DIF code). +//sys SetupDiCallClassInstaller(installFunction DI_FUNCTION, deviceInfoSet DevInfo, deviceInfoData *DevInfoData) (err error) = setupapi.SetupDiCallClassInstaller + +// CallClassInstaller member calls the appropriate class installer, and any registered co-installers, with the specified installation request (DIF code). +func (deviceInfoSet DevInfo) CallClassInstaller(installFunction DI_FUNCTION, deviceInfoData *DevInfoData) error { + return SetupDiCallClassInstaller(installFunction, deviceInfoSet, deviceInfoData) +} + +// SetupDiOpenDevRegKey function opens a registry key for device-specific configuration information. +//sys SetupDiOpenDevRegKey(deviceInfoSet DevInfo, deviceInfoData *DevInfoData, Scope DICS_FLAG, HwProfile uint32, KeyType DIREG, samDesired uint32) (key Handle, err error) [failretval==InvalidHandle] = setupapi.SetupDiOpenDevRegKey + +// OpenDevRegKey method opens a registry key for device-specific configuration information. +func (deviceInfoSet DevInfo) OpenDevRegKey(DeviceInfoData *DevInfoData, Scope DICS_FLAG, HwProfile uint32, KeyType DIREG, samDesired uint32) (Handle, error) { + return SetupDiOpenDevRegKey(deviceInfoSet, DeviceInfoData, Scope, HwProfile, KeyType, samDesired) +} + +//sys setupDiGetDeviceProperty(deviceInfoSet DevInfo, deviceInfoData *DevInfoData, propertyKey *DEVPROPKEY, propertyType *DEVPROPTYPE, propertyBuffer *byte, propertyBufferSize uint32, requiredSize *uint32, flags uint32) (err error) = setupapi.SetupDiGetDevicePropertyW + +// SetupDiGetDeviceProperty function retrieves a specified device instance property. +func SetupDiGetDeviceProperty(deviceInfoSet DevInfo, deviceInfoData *DevInfoData, propertyKey *DEVPROPKEY) (value interface{}, err error) { + reqSize := uint32(256) + for { + var dataType DEVPROPTYPE + buf := make([]byte, reqSize) + err = setupDiGetDeviceProperty(deviceInfoSet, deviceInfoData, propertyKey, &dataType, &buf[0], uint32(len(buf)), &reqSize, 0) + if err == ERROR_INSUFFICIENT_BUFFER { + continue + } + if err != nil { + return + } + switch dataType { + case DEVPROP_TYPE_STRING: + ret := UTF16ToString(bufToUTF16(buf)) + runtime.KeepAlive(buf) + return ret, nil + } + return nil, errors.New("unimplemented property type") + } +} + +//sys setupDiGetDeviceRegistryProperty(deviceInfoSet DevInfo, deviceInfoData *DevInfoData, property SPDRP, propertyRegDataType *uint32, propertyBuffer *byte, propertyBufferSize uint32, requiredSize *uint32) (err error) = setupapi.SetupDiGetDeviceRegistryPropertyW + +// SetupDiGetDeviceRegistryProperty function retrieves a specified Plug and Play device property. +func SetupDiGetDeviceRegistryProperty(deviceInfoSet DevInfo, deviceInfoData *DevInfoData, property SPDRP) (value interface{}, err error) { + reqSize := uint32(256) + for { + var dataType uint32 + buf := make([]byte, reqSize) + err = setupDiGetDeviceRegistryProperty(deviceInfoSet, deviceInfoData, property, &dataType, &buf[0], uint32(len(buf)), &reqSize) + if err == ERROR_INSUFFICIENT_BUFFER { + continue + } + if err != nil { + return + } + return getRegistryValue(buf[:reqSize], dataType) + } +} + +func getRegistryValue(buf []byte, dataType uint32) (interface{}, error) { + switch dataType { + case REG_SZ: + ret := UTF16ToString(bufToUTF16(buf)) + runtime.KeepAlive(buf) + return ret, nil + case REG_EXPAND_SZ: + value := UTF16ToString(bufToUTF16(buf)) + if value == "" { + return "", nil + } + p, err := syscall.UTF16PtrFromString(value) + if err != nil { + return "", err + } + ret := make([]uint16, 100) + for { + n, err := ExpandEnvironmentStrings(p, &ret[0], uint32(len(ret))) + if err != nil { + return "", err + } + if n <= uint32(len(ret)) { + return UTF16ToString(ret[:n]), nil + } + ret = make([]uint16, n) + } + case REG_BINARY: + return buf, nil + case REG_DWORD_LITTLE_ENDIAN: + return binary.LittleEndian.Uint32(buf), nil + case REG_DWORD_BIG_ENDIAN: + return binary.BigEndian.Uint32(buf), nil + case REG_MULTI_SZ: + bufW := bufToUTF16(buf) + a := []string{} + for i := 0; i < len(bufW); { + j := i + wcslen(bufW[i:]) + if i < j { + a = append(a, UTF16ToString(bufW[i:j])) + } + i = j + 1 + } + runtime.KeepAlive(buf) + return a, nil + case REG_QWORD_LITTLE_ENDIAN: + return binary.LittleEndian.Uint64(buf), nil + default: + return nil, fmt.Errorf("Unsupported registry value type: %v", dataType) + } +} + +// bufToUTF16 function reinterprets []byte buffer as []uint16 +func bufToUTF16(buf []byte) []uint16 { + sl := struct { + addr *uint16 + len int + cap int + }{(*uint16)(unsafe.Pointer(&buf[0])), len(buf) / 2, cap(buf) / 2} + return *(*[]uint16)(unsafe.Pointer(&sl)) +} + +// utf16ToBuf function reinterprets []uint16 as []byte +func utf16ToBuf(buf []uint16) []byte { + sl := struct { + addr *byte + len int + cap int + }{(*byte)(unsafe.Pointer(&buf[0])), len(buf) * 2, cap(buf) * 2} + return *(*[]byte)(unsafe.Pointer(&sl)) +} + +func wcslen(str []uint16) int { + for i := 0; i < len(str); i++ { + if str[i] == 0 { + return i + } + } + return len(str) +} + +// DeviceRegistryProperty method retrieves a specified Plug and Play device property. +func (deviceInfoSet DevInfo) DeviceRegistryProperty(deviceInfoData *DevInfoData, property SPDRP) (interface{}, error) { + return SetupDiGetDeviceRegistryProperty(deviceInfoSet, deviceInfoData, property) +} + +//sys setupDiSetDeviceRegistryProperty(deviceInfoSet DevInfo, deviceInfoData *DevInfoData, property SPDRP, propertyBuffer *byte, propertyBufferSize uint32) (err error) = setupapi.SetupDiSetDeviceRegistryPropertyW + +// SetupDiSetDeviceRegistryProperty function sets a Plug and Play device property for a device. +func SetupDiSetDeviceRegistryProperty(deviceInfoSet DevInfo, deviceInfoData *DevInfoData, property SPDRP, propertyBuffers []byte) error { + return setupDiSetDeviceRegistryProperty(deviceInfoSet, deviceInfoData, property, &propertyBuffers[0], uint32(len(propertyBuffers))) +} + +// SetDeviceRegistryProperty function sets a Plug and Play device property for a device. +func (deviceInfoSet DevInfo) SetDeviceRegistryProperty(deviceInfoData *DevInfoData, property SPDRP, propertyBuffers []byte) error { + return SetupDiSetDeviceRegistryProperty(deviceInfoSet, deviceInfoData, property, propertyBuffers) +} + +// SetDeviceRegistryPropertyString method sets a Plug and Play device property string for a device. +func (deviceInfoSet DevInfo) SetDeviceRegistryPropertyString(deviceInfoData *DevInfoData, property SPDRP, str string) error { + str16, err := UTF16FromString(str) + if err != nil { + return err + } + err = SetupDiSetDeviceRegistryProperty(deviceInfoSet, deviceInfoData, property, utf16ToBuf(append(str16, 0))) + runtime.KeepAlive(str16) + return err +} + +//sys setupDiGetDeviceInstallParams(deviceInfoSet DevInfo, deviceInfoData *DevInfoData, deviceInstallParams *DevInstallParams) (err error) = setupapi.SetupDiGetDeviceInstallParamsW + +// SetupDiGetDeviceInstallParams function retrieves device installation parameters for a device information set or a particular device information element. +func SetupDiGetDeviceInstallParams(deviceInfoSet DevInfo, deviceInfoData *DevInfoData) (*DevInstallParams, error) { + params := &DevInstallParams{} + params.size = uint32(unsafe.Sizeof(*params)) + + return params, setupDiGetDeviceInstallParams(deviceInfoSet, deviceInfoData, params) +} + +// DeviceInstallParams method retrieves device installation parameters for a device information set or a particular device information element. +func (deviceInfoSet DevInfo) DeviceInstallParams(deviceInfoData *DevInfoData) (*DevInstallParams, error) { + return SetupDiGetDeviceInstallParams(deviceInfoSet, deviceInfoData) +} + +//sys setupDiGetDeviceInstanceId(deviceInfoSet DevInfo, deviceInfoData *DevInfoData, instanceId *uint16, instanceIdSize uint32, instanceIdRequiredSize *uint32) (err error) = setupapi.SetupDiGetDeviceInstanceIdW + +// SetupDiGetDeviceInstanceId function retrieves the instance ID of the device. +func SetupDiGetDeviceInstanceId(deviceInfoSet DevInfo, deviceInfoData *DevInfoData) (string, error) { + reqSize := uint32(1024) + for { + buf := make([]uint16, reqSize) + err := setupDiGetDeviceInstanceId(deviceInfoSet, deviceInfoData, &buf[0], uint32(len(buf)), &reqSize) + if err == ERROR_INSUFFICIENT_BUFFER { + continue + } + if err != nil { + return "", err + } + return UTF16ToString(buf), nil + } +} + +// DeviceInstanceID method retrieves the instance ID of the device. +func (deviceInfoSet DevInfo) DeviceInstanceID(deviceInfoData *DevInfoData) (string, error) { + return SetupDiGetDeviceInstanceId(deviceInfoSet, deviceInfoData) +} + +// SetupDiGetClassInstallParams function retrieves class installation parameters for a device information set or a particular device information element. +//sys SetupDiGetClassInstallParams(deviceInfoSet DevInfo, deviceInfoData *DevInfoData, classInstallParams *ClassInstallHeader, classInstallParamsSize uint32, requiredSize *uint32) (err error) = setupapi.SetupDiGetClassInstallParamsW + +// ClassInstallParams method retrieves class installation parameters for a device information set or a particular device information element. +func (deviceInfoSet DevInfo) ClassInstallParams(deviceInfoData *DevInfoData, classInstallParams *ClassInstallHeader, classInstallParamsSize uint32, requiredSize *uint32) error { + return SetupDiGetClassInstallParams(deviceInfoSet, deviceInfoData, classInstallParams, classInstallParamsSize, requiredSize) +} + +//sys SetupDiSetDeviceInstallParams(deviceInfoSet DevInfo, deviceInfoData *DevInfoData, deviceInstallParams *DevInstallParams) (err error) = setupapi.SetupDiSetDeviceInstallParamsW + +// SetDeviceInstallParams member sets device installation parameters for a device information set or a particular device information element. +func (deviceInfoSet DevInfo) SetDeviceInstallParams(deviceInfoData *DevInfoData, deviceInstallParams *DevInstallParams) error { + return SetupDiSetDeviceInstallParams(deviceInfoSet, deviceInfoData, deviceInstallParams) +} + +// SetupDiSetClassInstallParams function sets or clears class install parameters for a device information set or a particular device information element. +//sys SetupDiSetClassInstallParams(deviceInfoSet DevInfo, deviceInfoData *DevInfoData, classInstallParams *ClassInstallHeader, classInstallParamsSize uint32) (err error) = setupapi.SetupDiSetClassInstallParamsW + +// SetClassInstallParams method sets or clears class install parameters for a device information set or a particular device information element. +func (deviceInfoSet DevInfo) SetClassInstallParams(deviceInfoData *DevInfoData, classInstallParams *ClassInstallHeader, classInstallParamsSize uint32) error { + return SetupDiSetClassInstallParams(deviceInfoSet, deviceInfoData, classInstallParams, classInstallParamsSize) +} + +//sys setupDiClassNameFromGuidEx(classGUID *GUID, className *uint16, classNameSize uint32, requiredSize *uint32, machineName *uint16, reserved uintptr) (err error) = setupapi.SetupDiClassNameFromGuidExW + +// SetupDiClassNameFromGuidEx function retrieves the class name associated with a class GUID. The class can be installed on a local or remote computer. +func SetupDiClassNameFromGuidEx(classGUID *GUID, machineName string) (className string, err error) { + var classNameUTF16 [MAX_CLASS_NAME_LEN]uint16 + + var machineNameUTF16 *uint16 + if machineName != "" { + machineNameUTF16, err = UTF16PtrFromString(machineName) + if err != nil { + return + } + } + + err = setupDiClassNameFromGuidEx(classGUID, &classNameUTF16[0], MAX_CLASS_NAME_LEN, nil, machineNameUTF16, 0) + if err != nil { + return + } + + className = UTF16ToString(classNameUTF16[:]) + return +} + +//sys setupDiClassGuidsFromNameEx(className *uint16, classGuidList *GUID, classGuidListSize uint32, requiredSize *uint32, machineName *uint16, reserved uintptr) (err error) = setupapi.SetupDiClassGuidsFromNameExW + +// SetupDiClassGuidsFromNameEx function retrieves the GUIDs associated with the specified class name. This resulting list contains the classes currently installed on a local or remote computer. +func SetupDiClassGuidsFromNameEx(className string, machineName string) ([]GUID, error) { + classNameUTF16, err := UTF16PtrFromString(className) + if err != nil { + return nil, err + } + + var machineNameUTF16 *uint16 + if machineName != "" { + machineNameUTF16, err = UTF16PtrFromString(machineName) + if err != nil { + return nil, err + } + } + + reqSize := uint32(4) + for { + buf := make([]GUID, reqSize) + err = setupDiClassGuidsFromNameEx(classNameUTF16, &buf[0], uint32(len(buf)), &reqSize, machineNameUTF16, 0) + if err == ERROR_INSUFFICIENT_BUFFER { + continue + } + if err != nil { + return nil, err + } + return buf[:reqSize], nil + } +} + +//sys setupDiGetSelectedDevice(deviceInfoSet DevInfo, deviceInfoData *DevInfoData) (err error) = setupapi.SetupDiGetSelectedDevice + +// SetupDiGetSelectedDevice function retrieves the selected device information element in a device information set. +func SetupDiGetSelectedDevice(deviceInfoSet DevInfo) (*DevInfoData, error) { + data := &DevInfoData{} + data.size = uint32(unsafe.Sizeof(*data)) + + return data, setupDiGetSelectedDevice(deviceInfoSet, data) +} + +// SelectedDevice method retrieves the selected device information element in a device information set. +func (deviceInfoSet DevInfo) SelectedDevice() (*DevInfoData, error) { + return SetupDiGetSelectedDevice(deviceInfoSet) +} + +// SetupDiSetSelectedDevice function sets a device information element as the selected member of a device information set. This function is typically used by an installation wizard. +//sys SetupDiSetSelectedDevice(deviceInfoSet DevInfo, deviceInfoData *DevInfoData) (err error) = setupapi.SetupDiSetSelectedDevice + +// SetSelectedDevice method sets a device information element as the selected member of a device information set. This function is typically used by an installation wizard. +func (deviceInfoSet DevInfo) SetSelectedDevice(deviceInfoData *DevInfoData) error { + return SetupDiSetSelectedDevice(deviceInfoSet, deviceInfoData) +} + +//sys setupUninstallOEMInf(infFileName *uint16, flags SUOI, reserved uintptr) (err error) = setupapi.SetupUninstallOEMInfW + +// SetupUninstallOEMInf uninstalls the specified driver. +func SetupUninstallOEMInf(infFileName string, flags SUOI) error { + infFileName16, err := UTF16PtrFromString(infFileName) + if err != nil { + return err + } + return setupUninstallOEMInf(infFileName16, flags, 0) +} + +//sys cm_MapCrToWin32Err(configRet CONFIGRET, defaultWin32Error Errno) (ret Errno) = CfgMgr32.CM_MapCrToWin32Err + +//sys cm_Get_Device_Interface_List_Size(len *uint32, interfaceClass *GUID, deviceID *uint16, flags uint32) (ret CONFIGRET) = CfgMgr32.CM_Get_Device_Interface_List_SizeW +//sys cm_Get_Device_Interface_List(interfaceClass *GUID, deviceID *uint16, buffer *uint16, bufferLen uint32, flags uint32) (ret CONFIGRET) = CfgMgr32.CM_Get_Device_Interface_ListW + +func CM_Get_Device_Interface_List(deviceID string, interfaceClass *GUID, flags uint32) ([]string, error) { + deviceID16, err := UTF16PtrFromString(deviceID) + if err != nil { + return nil, err + } + var buf []uint16 + var buflen uint32 + for { + if ret := cm_Get_Device_Interface_List_Size(&buflen, interfaceClass, deviceID16, flags); ret != CR_SUCCESS { + return nil, ret + } + buf = make([]uint16, buflen) + if ret := cm_Get_Device_Interface_List(interfaceClass, deviceID16, &buf[0], buflen, flags); ret == CR_SUCCESS { + break + } else if ret != CR_BUFFER_SMALL { + return nil, ret + } + } + var interfaces []string + for i := 0; i < len(buf); { + j := i + wcslen(buf[i:]) + if i < j { + interfaces = append(interfaces, UTF16ToString(buf[i:j])) + } + i = j + 1 + } + if interfaces == nil { + return nil, ERROR_NO_SUCH_DEVICE_INTERFACE + } + return interfaces, nil +} + +//sys cm_Get_DevNode_Status(status *uint32, problemNumber *uint32, devInst DEVINST, flags uint32) (ret CONFIGRET) = CfgMgr32.CM_Get_DevNode_Status + +func CM_Get_DevNode_Status(status *uint32, problemNumber *uint32, devInst DEVINST, flags uint32) error { + ret := cm_Get_DevNode_Status(status, problemNumber, devInst, flags) + if ret == CR_SUCCESS { + return nil + } + return ret +} diff --git a/vendor/golang.org/x/sys/windows/setupapierrors_windows.go b/vendor/golang.org/x/sys/windows/setupapierrors_windows.go deleted file mode 100644 index 1681810e048..00000000000 --- a/vendor/golang.org/x/sys/windows/setupapierrors_windows.go +++ /dev/null @@ -1,100 +0,0 @@ -// Copyright 2020 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package windows - -import "syscall" - -const ( - ERROR_EXPECTED_SECTION_NAME syscall.Errno = 0x20000000 | 0xC0000000 | 0 - ERROR_BAD_SECTION_NAME_LINE syscall.Errno = 0x20000000 | 0xC0000000 | 1 - ERROR_SECTION_NAME_TOO_LONG syscall.Errno = 0x20000000 | 0xC0000000 | 2 - ERROR_GENERAL_SYNTAX syscall.Errno = 0x20000000 | 0xC0000000 | 3 - ERROR_WRONG_INF_STYLE syscall.Errno = 0x20000000 | 0xC0000000 | 0x100 - ERROR_SECTION_NOT_FOUND syscall.Errno = 0x20000000 | 0xC0000000 | 0x101 - ERROR_LINE_NOT_FOUND syscall.Errno = 0x20000000 | 0xC0000000 | 0x102 - ERROR_NO_BACKUP syscall.Errno = 0x20000000 | 0xC0000000 | 0x103 - ERROR_NO_ASSOCIATED_CLASS syscall.Errno = 0x20000000 | 0xC0000000 | 0x200 - ERROR_CLASS_MISMATCH syscall.Errno = 0x20000000 | 0xC0000000 | 0x201 - ERROR_DUPLICATE_FOUND syscall.Errno = 0x20000000 | 0xC0000000 | 0x202 - ERROR_NO_DRIVER_SELECTED syscall.Errno = 0x20000000 | 0xC0000000 | 0x203 - ERROR_KEY_DOES_NOT_EXIST syscall.Errno = 0x20000000 | 0xC0000000 | 0x204 - ERROR_INVALID_DEVINST_NAME syscall.Errno = 0x20000000 | 0xC0000000 | 0x205 - ERROR_INVALID_CLASS syscall.Errno = 0x20000000 | 0xC0000000 | 0x206 - ERROR_DEVINST_ALREADY_EXISTS syscall.Errno = 0x20000000 | 0xC0000000 | 0x207 - ERROR_DEVINFO_NOT_REGISTERED syscall.Errno = 0x20000000 | 0xC0000000 | 0x208 - ERROR_INVALID_REG_PROPERTY syscall.Errno = 0x20000000 | 0xC0000000 | 0x209 - ERROR_NO_INF syscall.Errno = 0x20000000 | 0xC0000000 | 0x20A - ERROR_NO_SUCH_DEVINST syscall.Errno = 0x20000000 | 0xC0000000 | 0x20B - ERROR_CANT_LOAD_CLASS_ICON syscall.Errno = 0x20000000 | 0xC0000000 | 0x20C - ERROR_INVALID_CLASS_INSTALLER syscall.Errno = 0x20000000 | 0xC0000000 | 0x20D - ERROR_DI_DO_DEFAULT syscall.Errno = 0x20000000 | 0xC0000000 | 0x20E - ERROR_DI_NOFILECOPY syscall.Errno = 0x20000000 | 0xC0000000 | 0x20F - ERROR_INVALID_HWPROFILE syscall.Errno = 0x20000000 | 0xC0000000 | 0x210 - ERROR_NO_DEVICE_SELECTED syscall.Errno = 0x20000000 | 0xC0000000 | 0x211 - ERROR_DEVINFO_LIST_LOCKED syscall.Errno = 0x20000000 | 0xC0000000 | 0x212 - ERROR_DEVINFO_DATA_LOCKED syscall.Errno = 0x20000000 | 0xC0000000 | 0x213 - ERROR_DI_BAD_PATH syscall.Errno = 0x20000000 | 0xC0000000 | 0x214 - ERROR_NO_CLASSINSTALL_PARAMS syscall.Errno = 0x20000000 | 0xC0000000 | 0x215 - ERROR_FILEQUEUE_LOCKED syscall.Errno = 0x20000000 | 0xC0000000 | 0x216 - ERROR_BAD_SERVICE_INSTALLSECT syscall.Errno = 0x20000000 | 0xC0000000 | 0x217 - ERROR_NO_CLASS_DRIVER_LIST syscall.Errno = 0x20000000 | 0xC0000000 | 0x218 - ERROR_NO_ASSOCIATED_SERVICE syscall.Errno = 0x20000000 | 0xC0000000 | 0x219 - ERROR_NO_DEFAULT_DEVICE_INTERFACE syscall.Errno = 0x20000000 | 0xC0000000 | 0x21A - ERROR_DEVICE_INTERFACE_ACTIVE syscall.Errno = 0x20000000 | 0xC0000000 | 0x21B - ERROR_DEVICE_INTERFACE_REMOVED syscall.Errno = 0x20000000 | 0xC0000000 | 0x21C - ERROR_BAD_INTERFACE_INSTALLSECT syscall.Errno = 0x20000000 | 0xC0000000 | 0x21D - ERROR_NO_SUCH_INTERFACE_CLASS syscall.Errno = 0x20000000 | 0xC0000000 | 0x21E - ERROR_INVALID_REFERENCE_STRING syscall.Errno = 0x20000000 | 0xC0000000 | 0x21F - ERROR_INVALID_MACHINENAME syscall.Errno = 0x20000000 | 0xC0000000 | 0x220 - ERROR_REMOTE_COMM_FAILURE syscall.Errno = 0x20000000 | 0xC0000000 | 0x221 - ERROR_MACHINE_UNAVAILABLE syscall.Errno = 0x20000000 | 0xC0000000 | 0x222 - ERROR_NO_CONFIGMGR_SERVICES syscall.Errno = 0x20000000 | 0xC0000000 | 0x223 - ERROR_INVALID_PROPPAGE_PROVIDER syscall.Errno = 0x20000000 | 0xC0000000 | 0x224 - ERROR_NO_SUCH_DEVICE_INTERFACE syscall.Errno = 0x20000000 | 0xC0000000 | 0x225 - ERROR_DI_POSTPROCESSING_REQUIRED syscall.Errno = 0x20000000 | 0xC0000000 | 0x226 - ERROR_INVALID_COINSTALLER syscall.Errno = 0x20000000 | 0xC0000000 | 0x227 - ERROR_NO_COMPAT_DRIVERS syscall.Errno = 0x20000000 | 0xC0000000 | 0x228 - ERROR_NO_DEVICE_ICON syscall.Errno = 0x20000000 | 0xC0000000 | 0x229 - ERROR_INVALID_INF_LOGCONFIG syscall.Errno = 0x20000000 | 0xC0000000 | 0x22A - ERROR_DI_DONT_INSTALL syscall.Errno = 0x20000000 | 0xC0000000 | 0x22B - ERROR_INVALID_FILTER_DRIVER syscall.Errno = 0x20000000 | 0xC0000000 | 0x22C - ERROR_NON_WINDOWS_NT_DRIVER syscall.Errno = 0x20000000 | 0xC0000000 | 0x22D - ERROR_NON_WINDOWS_DRIVER syscall.Errno = 0x20000000 | 0xC0000000 | 0x22E - ERROR_NO_CATALOG_FOR_OEM_INF syscall.Errno = 0x20000000 | 0xC0000000 | 0x22F - ERROR_DEVINSTALL_QUEUE_NONNATIVE syscall.Errno = 0x20000000 | 0xC0000000 | 0x230 - ERROR_NOT_DISABLEABLE syscall.Errno = 0x20000000 | 0xC0000000 | 0x231 - ERROR_CANT_REMOVE_DEVINST syscall.Errno = 0x20000000 | 0xC0000000 | 0x232 - ERROR_INVALID_TARGET syscall.Errno = 0x20000000 | 0xC0000000 | 0x233 - ERROR_DRIVER_NONNATIVE syscall.Errno = 0x20000000 | 0xC0000000 | 0x234 - ERROR_IN_WOW64 syscall.Errno = 0x20000000 | 0xC0000000 | 0x235 - ERROR_SET_SYSTEM_RESTORE_POINT syscall.Errno = 0x20000000 | 0xC0000000 | 0x236 - ERROR_SCE_DISABLED syscall.Errno = 0x20000000 | 0xC0000000 | 0x238 - ERROR_UNKNOWN_EXCEPTION syscall.Errno = 0x20000000 | 0xC0000000 | 0x239 - ERROR_PNP_REGISTRY_ERROR syscall.Errno = 0x20000000 | 0xC0000000 | 0x23A - ERROR_REMOTE_REQUEST_UNSUPPORTED syscall.Errno = 0x20000000 | 0xC0000000 | 0x23B - ERROR_NOT_AN_INSTALLED_OEM_INF syscall.Errno = 0x20000000 | 0xC0000000 | 0x23C - ERROR_INF_IN_USE_BY_DEVICES syscall.Errno = 0x20000000 | 0xC0000000 | 0x23D - ERROR_DI_FUNCTION_OBSOLETE syscall.Errno = 0x20000000 | 0xC0000000 | 0x23E - ERROR_NO_AUTHENTICODE_CATALOG syscall.Errno = 0x20000000 | 0xC0000000 | 0x23F - ERROR_AUTHENTICODE_DISALLOWED syscall.Errno = 0x20000000 | 0xC0000000 | 0x240 - ERROR_AUTHENTICODE_TRUSTED_PUBLISHER syscall.Errno = 0x20000000 | 0xC0000000 | 0x241 - ERROR_AUTHENTICODE_TRUST_NOT_ESTABLISHED syscall.Errno = 0x20000000 | 0xC0000000 | 0x242 - ERROR_AUTHENTICODE_PUBLISHER_NOT_TRUSTED syscall.Errno = 0x20000000 | 0xC0000000 | 0x243 - ERROR_SIGNATURE_OSATTRIBUTE_MISMATCH syscall.Errno = 0x20000000 | 0xC0000000 | 0x244 - ERROR_ONLY_VALIDATE_VIA_AUTHENTICODE syscall.Errno = 0x20000000 | 0xC0000000 | 0x245 - ERROR_DEVICE_INSTALLER_NOT_READY syscall.Errno = 0x20000000 | 0xC0000000 | 0x246 - ERROR_DRIVER_STORE_ADD_FAILED syscall.Errno = 0x20000000 | 0xC0000000 | 0x247 - ERROR_DEVICE_INSTALL_BLOCKED syscall.Errno = 0x20000000 | 0xC0000000 | 0x248 - ERROR_DRIVER_INSTALL_BLOCKED syscall.Errno = 0x20000000 | 0xC0000000 | 0x249 - ERROR_WRONG_INF_TYPE syscall.Errno = 0x20000000 | 0xC0000000 | 0x24A - ERROR_FILE_HASH_NOT_IN_CATALOG syscall.Errno = 0x20000000 | 0xC0000000 | 0x24B - ERROR_DRIVER_STORE_DELETE_FAILED syscall.Errno = 0x20000000 | 0xC0000000 | 0x24C - ERROR_UNRECOVERABLE_STACK_OVERFLOW syscall.Errno = 0x20000000 | 0xC0000000 | 0x300 - EXCEPTION_SPAPI_UNRECOVERABLE_STACK_OVERFLOW syscall.Errno = ERROR_UNRECOVERABLE_STACK_OVERFLOW - ERROR_NO_DEFAULT_INTERFACE_DEVICE syscall.Errno = ERROR_NO_DEFAULT_DEVICE_INTERFACE - ERROR_INTERFACE_DEVICE_ACTIVE syscall.Errno = ERROR_DEVICE_INTERFACE_ACTIVE - ERROR_INTERFACE_DEVICE_REMOVED syscall.Errno = ERROR_DEVICE_INTERFACE_REMOVED - ERROR_NO_SUCH_INTERFACE_DEVICE syscall.Errno = ERROR_NO_SUCH_DEVICE_INTERFACE -) diff --git a/vendor/golang.org/x/sys/windows/syscall_windows.go b/vendor/golang.org/x/sys/windows/syscall_windows.go index 2ff6aa0470d..cf44e693379 100644 --- a/vendor/golang.org/x/sys/windows/syscall_windows.go +++ b/vendor/golang.org/x/sys/windows/syscall_windows.go @@ -248,6 +248,7 @@ func NewCallbackCDecl(fn interface{}) uintptr { //sys FreeEnvironmentStrings(envs *uint16) (err error) = kernel32.FreeEnvironmentStringsW //sys GetEnvironmentVariable(name *uint16, buffer *uint16, size uint32) (n uint32, err error) = kernel32.GetEnvironmentVariableW //sys SetEnvironmentVariable(name *uint16, value *uint16) (err error) = kernel32.SetEnvironmentVariableW +//sys ExpandEnvironmentStrings(src *uint16, dst *uint16, size uint32) (n uint32, err error) = kernel32.ExpandEnvironmentStringsW //sys CreateEnvironmentBlock(block **uint16, token Token, inheritExisting bool) (err error) = userenv.CreateEnvironmentBlock //sys DestroyEnvironmentBlock(block *uint16) (err error) = userenv.DestroyEnvironmentBlock //sys getTickCount64() (ms uint64) = kernel32.GetTickCount64 @@ -322,6 +323,8 @@ func NewCallbackCDecl(fn interface{}) uintptr { //sys WriteConsole(console Handle, buf *uint16, towrite uint32, written *uint32, reserved *byte) (err error) = kernel32.WriteConsoleW //sys ReadConsole(console Handle, buf *uint16, toread uint32, read *uint32, inputControl *byte) (err error) = kernel32.ReadConsoleW //sys CreateToolhelp32Snapshot(flags uint32, processId uint32) (handle Handle, err error) [failretval==InvalidHandle] = kernel32.CreateToolhelp32Snapshot +//sys Module32First(snapshot Handle, moduleEntry *ModuleEntry32) (err error) = kernel32.Module32FirstW +//sys Module32Next(snapshot Handle, moduleEntry *ModuleEntry32) (err error) = kernel32.Module32NextW //sys Process32First(snapshot Handle, procEntry *ProcessEntry32) (err error) = kernel32.Process32FirstW //sys Process32Next(snapshot Handle, procEntry *ProcessEntry32) (err error) = kernel32.Process32NextW //sys Thread32First(snapshot Handle, threadEntry *ThreadEntry32) (err error) @@ -360,6 +363,8 @@ func NewCallbackCDecl(fn interface{}) uintptr { //sys SetProcessWorkingSetSizeEx(hProcess Handle, dwMinimumWorkingSetSize uintptr, dwMaximumWorkingSetSize uintptr, flags uint32) (err error) //sys GetCommTimeouts(handle Handle, timeouts *CommTimeouts) (err error) //sys SetCommTimeouts(handle Handle, timeouts *CommTimeouts) (err error) +//sys GetActiveProcessorCount(groupNumber uint16) (ret uint32) +//sys GetMaximumProcessorCount(groupNumber uint16) (ret uint32) // Volume Management Functions //sys DefineDosDevice(flags uint32, deviceName *uint16, targetPath *uint16) (err error) = DefineDosDeviceW diff --git a/vendor/golang.org/x/sys/windows/types_windows.go b/vendor/golang.org/x/sys/windows/types_windows.go index 286dd1eab95..e19471c6a85 100644 --- a/vendor/golang.org/x/sys/windows/types_windows.go +++ b/vendor/golang.org/x/sys/windows/types_windows.go @@ -156,6 +156,8 @@ const ( MAX_PATH = 260 MAX_LONG_PATH = 32768 + MAX_MODULE_NAME32 = 255 + MAX_COMPUTERNAME_LENGTH = 15 TIME_ZONE_ID_UNKNOWN = 0 @@ -936,8 +938,8 @@ type StartupInfoEx struct { type ProcThreadAttributeList struct{} type ProcThreadAttributeListContainer struct { - data *ProcThreadAttributeList - heapAllocations []uintptr + data *ProcThreadAttributeList + pointers []unsafe.Pointer } type ProcessInformation struct { @@ -970,6 +972,21 @@ type ThreadEntry32 struct { Flags uint32 } +type ModuleEntry32 struct { + Size uint32 + ModuleID uint32 + ProcessID uint32 + GlblcntUsage uint32 + ProccntUsage uint32 + ModBaseAddr uintptr + ModBaseSize uint32 + ModuleHandle Handle + Module [MAX_MODULE_NAME32 + 1]uint16 + ExePath [MAX_PATH]uint16 +} + +const SizeofModuleEntry32 = unsafe.Sizeof(ModuleEntry32{}) + type Systemtime struct { Year uint16 Month uint16 @@ -2732,6 +2749,43 @@ type PROCESS_BASIC_INFORMATION struct { InheritedFromUniqueProcessId uintptr } +type SYSTEM_PROCESS_INFORMATION struct { + NextEntryOffset uint32 + NumberOfThreads uint32 + WorkingSetPrivateSize int64 + HardFaultCount uint32 + NumberOfThreadsHighWatermark uint32 + CycleTime uint64 + CreateTime int64 + UserTime int64 + KernelTime int64 + ImageName NTUnicodeString + BasePriority int32 + UniqueProcessID uintptr + InheritedFromUniqueProcessID uintptr + HandleCount uint32 + SessionID uint32 + UniqueProcessKey *uint32 + PeakVirtualSize uintptr + VirtualSize uintptr + PageFaultCount uint32 + PeakWorkingSetSize uintptr + WorkingSetSize uintptr + QuotaPeakPagedPoolUsage uintptr + QuotaPagedPoolUsage uintptr + QuotaPeakNonPagedPoolUsage uintptr + QuotaNonPagedPoolUsage uintptr + PagefileUsage uintptr + PeakPagefileUsage uintptr + PrivatePageCount uintptr + ReadOperationCount int64 + WriteOperationCount int64 + OtherOperationCount int64 + ReadTransferCount int64 + WriteTransferCount int64 + OtherTransferCount int64 +} + // SystemInformationClasses for NtQuerySystemInformation and NtSetSystemInformation const ( SystemBasicInformation = iota @@ -3118,3 +3172,5 @@ type ModuleInfo struct { SizeOfImage uint32 EntryPoint uintptr } + +const ALL_PROCESSOR_GROUPS = 0xFFFF diff --git a/vendor/golang.org/x/sys/windows/zsyscall_windows.go b/vendor/golang.org/x/sys/windows/zsyscall_windows.go index 91817d6dcbb..9ea1a44f04d 100644 --- a/vendor/golang.org/x/sys/windows/zsyscall_windows.go +++ b/vendor/golang.org/x/sys/windows/zsyscall_windows.go @@ -36,6 +36,7 @@ func errnoErr(e syscall.Errno) error { } var ( + modCfgMgr32 = NewLazySystemDLL("CfgMgr32.dll") modadvapi32 = NewLazySystemDLL("advapi32.dll") modcrypt32 = NewLazySystemDLL("crypt32.dll") moddnsapi = NewLazySystemDLL("dnsapi.dll") @@ -48,6 +49,7 @@ var ( modpsapi = NewLazySystemDLL("psapi.dll") modsechost = NewLazySystemDLL("sechost.dll") modsecur32 = NewLazySystemDLL("secur32.dll") + modsetupapi = NewLazySystemDLL("setupapi.dll") modshell32 = NewLazySystemDLL("shell32.dll") moduser32 = NewLazySystemDLL("user32.dll") moduserenv = NewLazySystemDLL("userenv.dll") @@ -56,6 +58,10 @@ var ( modws2_32 = NewLazySystemDLL("ws2_32.dll") modwtsapi32 = NewLazySystemDLL("wtsapi32.dll") + procCM_Get_DevNode_Status = modCfgMgr32.NewProc("CM_Get_DevNode_Status") + procCM_Get_Device_Interface_ListW = modCfgMgr32.NewProc("CM_Get_Device_Interface_ListW") + procCM_Get_Device_Interface_List_SizeW = modCfgMgr32.NewProc("CM_Get_Device_Interface_List_SizeW") + procCM_MapCrToWin32Err = modCfgMgr32.NewProc("CM_MapCrToWin32Err") procAdjustTokenGroups = modadvapi32.NewProc("AdjustTokenGroups") procAdjustTokenPrivileges = modadvapi32.NewProc("AdjustTokenPrivileges") procAllocateAndInitializeSid = modadvapi32.NewProc("AllocateAndInitializeSid") @@ -199,6 +205,7 @@ var ( procDeviceIoControl = modkernel32.NewProc("DeviceIoControl") procDuplicateHandle = modkernel32.NewProc("DuplicateHandle") procExitProcess = modkernel32.NewProc("ExitProcess") + procExpandEnvironmentStringsW = modkernel32.NewProc("ExpandEnvironmentStringsW") procFindClose = modkernel32.NewProc("FindClose") procFindCloseChangeNotification = modkernel32.NewProc("FindCloseChangeNotification") procFindFirstChangeNotificationW = modkernel32.NewProc("FindFirstChangeNotificationW") @@ -219,6 +226,7 @@ var ( procFreeLibrary = modkernel32.NewProc("FreeLibrary") procGenerateConsoleCtrlEvent = modkernel32.NewProc("GenerateConsoleCtrlEvent") procGetACP = modkernel32.NewProc("GetACP") + procGetActiveProcessorCount = modkernel32.NewProc("GetActiveProcessorCount") procGetCommTimeouts = modkernel32.NewProc("GetCommTimeouts") procGetCommandLineW = modkernel32.NewProc("GetCommandLineW") procGetComputerNameExW = modkernel32.NewProc("GetComputerNameExW") @@ -244,6 +252,7 @@ var ( procGetLogicalDriveStringsW = modkernel32.NewProc("GetLogicalDriveStringsW") procGetLogicalDrives = modkernel32.NewProc("GetLogicalDrives") procGetLongPathNameW = modkernel32.NewProc("GetLongPathNameW") + procGetMaximumProcessorCount = modkernel32.NewProc("GetMaximumProcessorCount") procGetModuleFileNameW = modkernel32.NewProc("GetModuleFileNameW") procGetModuleHandleExW = modkernel32.NewProc("GetModuleHandleExW") procGetNamedPipeHandleStateW = modkernel32.NewProc("GetNamedPipeHandleStateW") @@ -288,6 +297,8 @@ var ( procLockFileEx = modkernel32.NewProc("LockFileEx") procLockResource = modkernel32.NewProc("LockResource") procMapViewOfFile = modkernel32.NewProc("MapViewOfFile") + procModule32FirstW = modkernel32.NewProc("Module32FirstW") + procModule32NextW = modkernel32.NewProc("Module32NextW") procMoveFileExW = modkernel32.NewProc("MoveFileExW") procMoveFileW = modkernel32.NewProc("MoveFileW") procMultiByteToWideChar = modkernel32.NewProc("MultiByteToWideChar") @@ -400,6 +411,34 @@ var ( procUnsubscribeServiceChangeNotifications = modsechost.NewProc("UnsubscribeServiceChangeNotifications") procGetUserNameExW = modsecur32.NewProc("GetUserNameExW") procTranslateNameW = modsecur32.NewProc("TranslateNameW") + procSetupDiBuildDriverInfoList = modsetupapi.NewProc("SetupDiBuildDriverInfoList") + procSetupDiCallClassInstaller = modsetupapi.NewProc("SetupDiCallClassInstaller") + procSetupDiCancelDriverInfoSearch = modsetupapi.NewProc("SetupDiCancelDriverInfoSearch") + procSetupDiClassGuidsFromNameExW = modsetupapi.NewProc("SetupDiClassGuidsFromNameExW") + procSetupDiClassNameFromGuidExW = modsetupapi.NewProc("SetupDiClassNameFromGuidExW") + procSetupDiCreateDeviceInfoListExW = modsetupapi.NewProc("SetupDiCreateDeviceInfoListExW") + procSetupDiCreateDeviceInfoW = modsetupapi.NewProc("SetupDiCreateDeviceInfoW") + procSetupDiDestroyDeviceInfoList = modsetupapi.NewProc("SetupDiDestroyDeviceInfoList") + procSetupDiDestroyDriverInfoList = modsetupapi.NewProc("SetupDiDestroyDriverInfoList") + procSetupDiEnumDeviceInfo = modsetupapi.NewProc("SetupDiEnumDeviceInfo") + procSetupDiEnumDriverInfoW = modsetupapi.NewProc("SetupDiEnumDriverInfoW") + procSetupDiGetClassDevsExW = modsetupapi.NewProc("SetupDiGetClassDevsExW") + procSetupDiGetClassInstallParamsW = modsetupapi.NewProc("SetupDiGetClassInstallParamsW") + procSetupDiGetDeviceInfoListDetailW = modsetupapi.NewProc("SetupDiGetDeviceInfoListDetailW") + procSetupDiGetDeviceInstallParamsW = modsetupapi.NewProc("SetupDiGetDeviceInstallParamsW") + procSetupDiGetDeviceInstanceIdW = modsetupapi.NewProc("SetupDiGetDeviceInstanceIdW") + procSetupDiGetDevicePropertyW = modsetupapi.NewProc("SetupDiGetDevicePropertyW") + procSetupDiGetDeviceRegistryPropertyW = modsetupapi.NewProc("SetupDiGetDeviceRegistryPropertyW") + procSetupDiGetDriverInfoDetailW = modsetupapi.NewProc("SetupDiGetDriverInfoDetailW") + procSetupDiGetSelectedDevice = modsetupapi.NewProc("SetupDiGetSelectedDevice") + procSetupDiGetSelectedDriverW = modsetupapi.NewProc("SetupDiGetSelectedDriverW") + procSetupDiOpenDevRegKey = modsetupapi.NewProc("SetupDiOpenDevRegKey") + procSetupDiSetClassInstallParamsW = modsetupapi.NewProc("SetupDiSetClassInstallParamsW") + procSetupDiSetDeviceInstallParamsW = modsetupapi.NewProc("SetupDiSetDeviceInstallParamsW") + procSetupDiSetDeviceRegistryPropertyW = modsetupapi.NewProc("SetupDiSetDeviceRegistryPropertyW") + procSetupDiSetSelectedDevice = modsetupapi.NewProc("SetupDiSetSelectedDevice") + procSetupDiSetSelectedDriverW = modsetupapi.NewProc("SetupDiSetSelectedDriverW") + procSetupUninstallOEMInfW = modsetupapi.NewProc("SetupUninstallOEMInfW") procCommandLineToArgvW = modshell32.NewProc("CommandLineToArgvW") procSHGetKnownFolderPath = modshell32.NewProc("SHGetKnownFolderPath") procShellExecuteW = modshell32.NewProc("ShellExecuteW") @@ -447,6 +486,30 @@ var ( procWTSQueryUserToken = modwtsapi32.NewProc("WTSQueryUserToken") ) +func cm_Get_DevNode_Status(status *uint32, problemNumber *uint32, devInst DEVINST, flags uint32) (ret CONFIGRET) { + r0, _, _ := syscall.Syscall6(procCM_Get_DevNode_Status.Addr(), 4, uintptr(unsafe.Pointer(status)), uintptr(unsafe.Pointer(problemNumber)), uintptr(devInst), uintptr(flags), 0, 0) + ret = CONFIGRET(r0) + return +} + +func cm_Get_Device_Interface_List(interfaceClass *GUID, deviceID *uint16, buffer *uint16, bufferLen uint32, flags uint32) (ret CONFIGRET) { + r0, _, _ := syscall.Syscall6(procCM_Get_Device_Interface_ListW.Addr(), 5, uintptr(unsafe.Pointer(interfaceClass)), uintptr(unsafe.Pointer(deviceID)), uintptr(unsafe.Pointer(buffer)), uintptr(bufferLen), uintptr(flags), 0) + ret = CONFIGRET(r0) + return +} + +func cm_Get_Device_Interface_List_Size(len *uint32, interfaceClass *GUID, deviceID *uint16, flags uint32) (ret CONFIGRET) { + r0, _, _ := syscall.Syscall6(procCM_Get_Device_Interface_List_SizeW.Addr(), 4, uintptr(unsafe.Pointer(len)), uintptr(unsafe.Pointer(interfaceClass)), uintptr(unsafe.Pointer(deviceID)), uintptr(flags), 0, 0) + ret = CONFIGRET(r0) + return +} + +func cm_MapCrToWin32Err(configRet CONFIGRET, defaultWin32Error Errno) (ret Errno) { + r0, _, _ := syscall.Syscall(procCM_MapCrToWin32Err.Addr(), 2, uintptr(configRet), uintptr(defaultWin32Error), 0) + ret = Errno(r0) + return +} + func AdjustTokenGroups(token Token, resetToDefault bool, newstate *Tokengroups, buflen uint32, prevstate *Tokengroups, returnlen *uint32) (err error) { var _p0 uint32 if resetToDefault { @@ -1716,6 +1779,15 @@ func ExitProcess(exitcode uint32) { return } +func ExpandEnvironmentStrings(src *uint16, dst *uint16, size uint32) (n uint32, err error) { + r0, _, e1 := syscall.Syscall(procExpandEnvironmentStringsW.Addr(), 3, uintptr(unsafe.Pointer(src)), uintptr(unsafe.Pointer(dst)), uintptr(size)) + n = uint32(r0) + if n == 0 { + err = errnoErr(e1) + } + return +} + func FindClose(handle Handle) (err error) { r1, _, e1 := syscall.Syscall(procFindClose.Addr(), 1, uintptr(handle), 0, 0) if r1 == 0 { @@ -1897,6 +1969,12 @@ func GetACP() (acp uint32) { return } +func GetActiveProcessorCount(groupNumber uint16) (ret uint32) { + r0, _, _ := syscall.Syscall(procGetActiveProcessorCount.Addr(), 1, uintptr(groupNumber), 0, 0) + ret = uint32(r0) + return +} + func GetCommTimeouts(handle Handle, timeouts *CommTimeouts) (err error) { r1, _, e1 := syscall.Syscall(procGetCommTimeouts.Addr(), 2, uintptr(handle), uintptr(unsafe.Pointer(timeouts)), 0) if r1 == 0 { @@ -2099,6 +2177,12 @@ func GetLongPathName(path *uint16, buf *uint16, buflen uint32) (n uint32, err er return } +func GetMaximumProcessorCount(groupNumber uint16) (ret uint32) { + r0, _, _ := syscall.Syscall(procGetMaximumProcessorCount.Addr(), 1, uintptr(groupNumber), 0, 0) + ret = uint32(r0) + return +} + func GetModuleFileName(module Handle, filename *uint16, size uint32) (n uint32, err error) { r0, _, e1 := syscall.Syscall(procGetModuleFileNameW.Addr(), 3, uintptr(module), uintptr(unsafe.Pointer(filename)), uintptr(size)) n = uint32(r0) @@ -2499,6 +2583,22 @@ func MapViewOfFile(handle Handle, access uint32, offsetHigh uint32, offsetLow ui return } +func Module32First(snapshot Handle, moduleEntry *ModuleEntry32) (err error) { + r1, _, e1 := syscall.Syscall(procModule32FirstW.Addr(), 2, uintptr(snapshot), uintptr(unsafe.Pointer(moduleEntry)), 0) + if r1 == 0 { + err = errnoErr(e1) + } + return +} + +func Module32Next(snapshot Handle, moduleEntry *ModuleEntry32) (err error) { + r1, _, e1 := syscall.Syscall(procModule32NextW.Addr(), 2, uintptr(snapshot), uintptr(unsafe.Pointer(moduleEntry)), 0) + if r1 == 0 { + err = errnoErr(e1) + } + return +} + func MoveFileEx(from *uint16, to *uint16, flags uint32) (err error) { r1, _, e1 := syscall.Syscall(procMoveFileExW.Addr(), 3, uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(to)), uintptr(flags)) if r1 == 0 { @@ -3432,6 +3532,233 @@ func TranslateName(accName *uint16, accNameFormat uint32, desiredNameFormat uint return } +func SetupDiBuildDriverInfoList(deviceInfoSet DevInfo, deviceInfoData *DevInfoData, driverType SPDIT) (err error) { + r1, _, e1 := syscall.Syscall(procSetupDiBuildDriverInfoList.Addr(), 3, uintptr(deviceInfoSet), uintptr(unsafe.Pointer(deviceInfoData)), uintptr(driverType)) + if r1 == 0 { + err = errnoErr(e1) + } + return +} + +func SetupDiCallClassInstaller(installFunction DI_FUNCTION, deviceInfoSet DevInfo, deviceInfoData *DevInfoData) (err error) { + r1, _, e1 := syscall.Syscall(procSetupDiCallClassInstaller.Addr(), 3, uintptr(installFunction), uintptr(deviceInfoSet), uintptr(unsafe.Pointer(deviceInfoData))) + if r1 == 0 { + err = errnoErr(e1) + } + return +} + +func SetupDiCancelDriverInfoSearch(deviceInfoSet DevInfo) (err error) { + r1, _, e1 := syscall.Syscall(procSetupDiCancelDriverInfoSearch.Addr(), 1, uintptr(deviceInfoSet), 0, 0) + if r1 == 0 { + err = errnoErr(e1) + } + return +} + +func setupDiClassGuidsFromNameEx(className *uint16, classGuidList *GUID, classGuidListSize uint32, requiredSize *uint32, machineName *uint16, reserved uintptr) (err error) { + r1, _, e1 := syscall.Syscall6(procSetupDiClassGuidsFromNameExW.Addr(), 6, uintptr(unsafe.Pointer(className)), uintptr(unsafe.Pointer(classGuidList)), uintptr(classGuidListSize), uintptr(unsafe.Pointer(requiredSize)), uintptr(unsafe.Pointer(machineName)), uintptr(reserved)) + if r1 == 0 { + err = errnoErr(e1) + } + return +} + +func setupDiClassNameFromGuidEx(classGUID *GUID, className *uint16, classNameSize uint32, requiredSize *uint32, machineName *uint16, reserved uintptr) (err error) { + r1, _, e1 := syscall.Syscall6(procSetupDiClassNameFromGuidExW.Addr(), 6, uintptr(unsafe.Pointer(classGUID)), uintptr(unsafe.Pointer(className)), uintptr(classNameSize), uintptr(unsafe.Pointer(requiredSize)), uintptr(unsafe.Pointer(machineName)), uintptr(reserved)) + if r1 == 0 { + err = errnoErr(e1) + } + return +} + +func setupDiCreateDeviceInfoListEx(classGUID *GUID, hwndParent uintptr, machineName *uint16, reserved uintptr) (handle DevInfo, err error) { + r0, _, e1 := syscall.Syscall6(procSetupDiCreateDeviceInfoListExW.Addr(), 4, uintptr(unsafe.Pointer(classGUID)), uintptr(hwndParent), uintptr(unsafe.Pointer(machineName)), uintptr(reserved), 0, 0) + handle = DevInfo(r0) + if handle == DevInfo(InvalidHandle) { + err = errnoErr(e1) + } + return +} + +func setupDiCreateDeviceInfo(deviceInfoSet DevInfo, DeviceName *uint16, classGUID *GUID, DeviceDescription *uint16, hwndParent uintptr, CreationFlags DICD, deviceInfoData *DevInfoData) (err error) { + r1, _, e1 := syscall.Syscall9(procSetupDiCreateDeviceInfoW.Addr(), 7, uintptr(deviceInfoSet), uintptr(unsafe.Pointer(DeviceName)), uintptr(unsafe.Pointer(classGUID)), uintptr(unsafe.Pointer(DeviceDescription)), uintptr(hwndParent), uintptr(CreationFlags), uintptr(unsafe.Pointer(deviceInfoData)), 0, 0) + if r1 == 0 { + err = errnoErr(e1) + } + return +} + +func SetupDiDestroyDeviceInfoList(deviceInfoSet DevInfo) (err error) { + r1, _, e1 := syscall.Syscall(procSetupDiDestroyDeviceInfoList.Addr(), 1, uintptr(deviceInfoSet), 0, 0) + if r1 == 0 { + err = errnoErr(e1) + } + return +} + +func SetupDiDestroyDriverInfoList(deviceInfoSet DevInfo, deviceInfoData *DevInfoData, driverType SPDIT) (err error) { + r1, _, e1 := syscall.Syscall(procSetupDiDestroyDriverInfoList.Addr(), 3, uintptr(deviceInfoSet), uintptr(unsafe.Pointer(deviceInfoData)), uintptr(driverType)) + if r1 == 0 { + err = errnoErr(e1) + } + return +} + +func setupDiEnumDeviceInfo(deviceInfoSet DevInfo, memberIndex uint32, deviceInfoData *DevInfoData) (err error) { + r1, _, e1 := syscall.Syscall(procSetupDiEnumDeviceInfo.Addr(), 3, uintptr(deviceInfoSet), uintptr(memberIndex), uintptr(unsafe.Pointer(deviceInfoData))) + if r1 == 0 { + err = errnoErr(e1) + } + return +} + +func setupDiEnumDriverInfo(deviceInfoSet DevInfo, deviceInfoData *DevInfoData, driverType SPDIT, memberIndex uint32, driverInfoData *DrvInfoData) (err error) { + r1, _, e1 := syscall.Syscall6(procSetupDiEnumDriverInfoW.Addr(), 5, uintptr(deviceInfoSet), uintptr(unsafe.Pointer(deviceInfoData)), uintptr(driverType), uintptr(memberIndex), uintptr(unsafe.Pointer(driverInfoData)), 0) + if r1 == 0 { + err = errnoErr(e1) + } + return +} + +func setupDiGetClassDevsEx(classGUID *GUID, Enumerator *uint16, hwndParent uintptr, Flags DIGCF, deviceInfoSet DevInfo, machineName *uint16, reserved uintptr) (handle DevInfo, err error) { + r0, _, e1 := syscall.Syscall9(procSetupDiGetClassDevsExW.Addr(), 7, uintptr(unsafe.Pointer(classGUID)), uintptr(unsafe.Pointer(Enumerator)), uintptr(hwndParent), uintptr(Flags), uintptr(deviceInfoSet), uintptr(unsafe.Pointer(machineName)), uintptr(reserved), 0, 0) + handle = DevInfo(r0) + if handle == DevInfo(InvalidHandle) { + err = errnoErr(e1) + } + return +} + +func SetupDiGetClassInstallParams(deviceInfoSet DevInfo, deviceInfoData *DevInfoData, classInstallParams *ClassInstallHeader, classInstallParamsSize uint32, requiredSize *uint32) (err error) { + r1, _, e1 := syscall.Syscall6(procSetupDiGetClassInstallParamsW.Addr(), 5, uintptr(deviceInfoSet), uintptr(unsafe.Pointer(deviceInfoData)), uintptr(unsafe.Pointer(classInstallParams)), uintptr(classInstallParamsSize), uintptr(unsafe.Pointer(requiredSize)), 0) + if r1 == 0 { + err = errnoErr(e1) + } + return +} + +func setupDiGetDeviceInfoListDetail(deviceInfoSet DevInfo, deviceInfoSetDetailData *DevInfoListDetailData) (err error) { + r1, _, e1 := syscall.Syscall(procSetupDiGetDeviceInfoListDetailW.Addr(), 2, uintptr(deviceInfoSet), uintptr(unsafe.Pointer(deviceInfoSetDetailData)), 0) + if r1 == 0 { + err = errnoErr(e1) + } + return +} + +func setupDiGetDeviceInstallParams(deviceInfoSet DevInfo, deviceInfoData *DevInfoData, deviceInstallParams *DevInstallParams) (err error) { + r1, _, e1 := syscall.Syscall(procSetupDiGetDeviceInstallParamsW.Addr(), 3, uintptr(deviceInfoSet), uintptr(unsafe.Pointer(deviceInfoData)), uintptr(unsafe.Pointer(deviceInstallParams))) + if r1 == 0 { + err = errnoErr(e1) + } + return +} + +func setupDiGetDeviceInstanceId(deviceInfoSet DevInfo, deviceInfoData *DevInfoData, instanceId *uint16, instanceIdSize uint32, instanceIdRequiredSize *uint32) (err error) { + r1, _, e1 := syscall.Syscall6(procSetupDiGetDeviceInstanceIdW.Addr(), 5, uintptr(deviceInfoSet), uintptr(unsafe.Pointer(deviceInfoData)), uintptr(unsafe.Pointer(instanceId)), uintptr(instanceIdSize), uintptr(unsafe.Pointer(instanceIdRequiredSize)), 0) + if r1 == 0 { + err = errnoErr(e1) + } + return +} + +func setupDiGetDeviceProperty(deviceInfoSet DevInfo, deviceInfoData *DevInfoData, propertyKey *DEVPROPKEY, propertyType *DEVPROPTYPE, propertyBuffer *byte, propertyBufferSize uint32, requiredSize *uint32, flags uint32) (err error) { + r1, _, e1 := syscall.Syscall9(procSetupDiGetDevicePropertyW.Addr(), 8, uintptr(deviceInfoSet), uintptr(unsafe.Pointer(deviceInfoData)), uintptr(unsafe.Pointer(propertyKey)), uintptr(unsafe.Pointer(propertyType)), uintptr(unsafe.Pointer(propertyBuffer)), uintptr(propertyBufferSize), uintptr(unsafe.Pointer(requiredSize)), uintptr(flags), 0) + if r1 == 0 { + err = errnoErr(e1) + } + return +} + +func setupDiGetDeviceRegistryProperty(deviceInfoSet DevInfo, deviceInfoData *DevInfoData, property SPDRP, propertyRegDataType *uint32, propertyBuffer *byte, propertyBufferSize uint32, requiredSize *uint32) (err error) { + r1, _, e1 := syscall.Syscall9(procSetupDiGetDeviceRegistryPropertyW.Addr(), 7, uintptr(deviceInfoSet), uintptr(unsafe.Pointer(deviceInfoData)), uintptr(property), uintptr(unsafe.Pointer(propertyRegDataType)), uintptr(unsafe.Pointer(propertyBuffer)), uintptr(propertyBufferSize), uintptr(unsafe.Pointer(requiredSize)), 0, 0) + if r1 == 0 { + err = errnoErr(e1) + } + return +} + +func setupDiGetDriverInfoDetail(deviceInfoSet DevInfo, deviceInfoData *DevInfoData, driverInfoData *DrvInfoData, driverInfoDetailData *DrvInfoDetailData, driverInfoDetailDataSize uint32, requiredSize *uint32) (err error) { + r1, _, e1 := syscall.Syscall6(procSetupDiGetDriverInfoDetailW.Addr(), 6, uintptr(deviceInfoSet), uintptr(unsafe.Pointer(deviceInfoData)), uintptr(unsafe.Pointer(driverInfoData)), uintptr(unsafe.Pointer(driverInfoDetailData)), uintptr(driverInfoDetailDataSize), uintptr(unsafe.Pointer(requiredSize))) + if r1 == 0 { + err = errnoErr(e1) + } + return +} + +func setupDiGetSelectedDevice(deviceInfoSet DevInfo, deviceInfoData *DevInfoData) (err error) { + r1, _, e1 := syscall.Syscall(procSetupDiGetSelectedDevice.Addr(), 2, uintptr(deviceInfoSet), uintptr(unsafe.Pointer(deviceInfoData)), 0) + if r1 == 0 { + err = errnoErr(e1) + } + return +} + +func setupDiGetSelectedDriver(deviceInfoSet DevInfo, deviceInfoData *DevInfoData, driverInfoData *DrvInfoData) (err error) { + r1, _, e1 := syscall.Syscall(procSetupDiGetSelectedDriverW.Addr(), 3, uintptr(deviceInfoSet), uintptr(unsafe.Pointer(deviceInfoData)), uintptr(unsafe.Pointer(driverInfoData))) + if r1 == 0 { + err = errnoErr(e1) + } + return +} + +func SetupDiOpenDevRegKey(deviceInfoSet DevInfo, deviceInfoData *DevInfoData, Scope DICS_FLAG, HwProfile uint32, KeyType DIREG, samDesired uint32) (key Handle, err error) { + r0, _, e1 := syscall.Syscall6(procSetupDiOpenDevRegKey.Addr(), 6, uintptr(deviceInfoSet), uintptr(unsafe.Pointer(deviceInfoData)), uintptr(Scope), uintptr(HwProfile), uintptr(KeyType), uintptr(samDesired)) + key = Handle(r0) + if key == InvalidHandle { + err = errnoErr(e1) + } + return +} + +func SetupDiSetClassInstallParams(deviceInfoSet DevInfo, deviceInfoData *DevInfoData, classInstallParams *ClassInstallHeader, classInstallParamsSize uint32) (err error) { + r1, _, e1 := syscall.Syscall6(procSetupDiSetClassInstallParamsW.Addr(), 4, uintptr(deviceInfoSet), uintptr(unsafe.Pointer(deviceInfoData)), uintptr(unsafe.Pointer(classInstallParams)), uintptr(classInstallParamsSize), 0, 0) + if r1 == 0 { + err = errnoErr(e1) + } + return +} + +func SetupDiSetDeviceInstallParams(deviceInfoSet DevInfo, deviceInfoData *DevInfoData, deviceInstallParams *DevInstallParams) (err error) { + r1, _, e1 := syscall.Syscall(procSetupDiSetDeviceInstallParamsW.Addr(), 3, uintptr(deviceInfoSet), uintptr(unsafe.Pointer(deviceInfoData)), uintptr(unsafe.Pointer(deviceInstallParams))) + if r1 == 0 { + err = errnoErr(e1) + } + return +} + +func setupDiSetDeviceRegistryProperty(deviceInfoSet DevInfo, deviceInfoData *DevInfoData, property SPDRP, propertyBuffer *byte, propertyBufferSize uint32) (err error) { + r1, _, e1 := syscall.Syscall6(procSetupDiSetDeviceRegistryPropertyW.Addr(), 5, uintptr(deviceInfoSet), uintptr(unsafe.Pointer(deviceInfoData)), uintptr(property), uintptr(unsafe.Pointer(propertyBuffer)), uintptr(propertyBufferSize), 0) + if r1 == 0 { + err = errnoErr(e1) + } + return +} + +func SetupDiSetSelectedDevice(deviceInfoSet DevInfo, deviceInfoData *DevInfoData) (err error) { + r1, _, e1 := syscall.Syscall(procSetupDiSetSelectedDevice.Addr(), 2, uintptr(deviceInfoSet), uintptr(unsafe.Pointer(deviceInfoData)), 0) + if r1 == 0 { + err = errnoErr(e1) + } + return +} + +func SetupDiSetSelectedDriver(deviceInfoSet DevInfo, deviceInfoData *DevInfoData, driverInfoData *DrvInfoData) (err error) { + r1, _, e1 := syscall.Syscall(procSetupDiSetSelectedDriverW.Addr(), 3, uintptr(deviceInfoSet), uintptr(unsafe.Pointer(deviceInfoData)), uintptr(unsafe.Pointer(driverInfoData))) + if r1 == 0 { + err = errnoErr(e1) + } + return +} + +func setupUninstallOEMInf(infFileName *uint16, flags SUOI, reserved uintptr) (err error) { + r1, _, e1 := syscall.Syscall(procSetupUninstallOEMInfW.Addr(), 3, uintptr(unsafe.Pointer(infFileName)), uintptr(flags), uintptr(reserved)) + if r1 == 0 { + err = errnoErr(e1) + } + return +} + func CommandLineToArgv(cmd *uint16, argc *int32) (argv *[8192]*[8192]uint16, err error) { r0, _, e1 := syscall.Syscall(procCommandLineToArgvW.Addr(), 2, uintptr(unsafe.Pointer(cmd)), uintptr(unsafe.Pointer(argc)), 0) argv = (*[8192]*[8192]uint16)(unsafe.Pointer(r0)) diff --git a/vendor/modules.txt b/vendor/modules.txt index ea5adb7f0d2..5271e38fb2d 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -74,7 +74,7 @@ github.com/vishvananda/netns # golang.org/x/net v0.0.0-20201224014010-6772e930b67b ## explicit; go 1.11 golang.org/x/net/bpf -# golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c +# golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5 ## explicit; go 1.17 golang.org/x/sys/execabs golang.org/x/sys/internal/unsafeheader From d16011605580a97889cfdade0eb0517dd5650e22 Mon Sep 17 00:00:00 2001 From: wineway Date: Thu, 7 Apr 2022 04:48:50 +0000 Subject: [PATCH 0038/1176] libct: use `unix.Getwd` instead of `os.Getwd` to avoid symlink Signed-off-by: wineway --- libcontainer/specconv/spec_linux.go | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go index 83c7a2c348c..7ff9f098d6a 100644 --- a/libcontainer/specconv/spec_linux.go +++ b/libcontainer/specconv/spec_linux.go @@ -314,15 +314,25 @@ type CreateOpts struct { RootlessCgroups bool } +// getwd is a wrapper similar to os.Getwd, except it always gets +// the value from the kernel, which guarantees the returned value +// to be absolute and clean. +func getwd() (wd string, err error) { + for { + wd, err = unix.Getwd() + //nolint:errorlint // unix errors are bare + if err != unix.EINTR { + break + } + } + return wd, os.NewSyscallError("getwd", err) +} + // CreateLibcontainerConfig creates a new libcontainer configuration from a // given specification and a cgroup name func CreateLibcontainerConfig(opts *CreateOpts) (*configs.Config, error) { // runc's cwd will always be the bundle path - rcwd, err := os.Getwd() - if err != nil { - return nil, err - } - cwd, err := filepath.Abs(rcwd) + cwd, err := getwd() if err != nil { return nil, err } From 25f18562363a31e6a304a7bd4187605b15abb192 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 22 Mar 2022 17:43:35 -0700 Subject: [PATCH 0039/1176] libct/cg/sd: factor out devices.go This moves the functionality related to devices, SkipDevices, and SkipFreezeOnSet to a separate file, in preparation for the next commit. No code changes. Signed-off-by: Kir Kolyshkin --- libcontainer/cgroups/systemd/common.go | 213 ------- libcontainer/cgroups/systemd/devices.go | 293 ++++++++++ libcontainer/cgroups/systemd/devices_test.go | 580 +++++++++++++++++++ libcontainer/cgroups/systemd/systemd_test.go | 362 ------------ libcontainer/cgroups/systemd/v1.go | 67 --- libcontainer/cgroups/systemd/v1_test.go | 220 ------- 6 files changed, 873 insertions(+), 862 deletions(-) create mode 100644 libcontainer/cgroups/systemd/devices.go create mode 100644 libcontainer/cgroups/systemd/devices_test.go delete mode 100644 libcontainer/cgroups/systemd/v1_test.go diff --git a/libcontainer/cgroups/systemd/common.go b/libcontainer/cgroups/systemd/common.go index 98ccc51655c..ddb9c44dc10 100644 --- a/libcontainer/cgroups/systemd/common.go +++ b/libcontainer/cgroups/systemd/common.go @@ -1,7 +1,6 @@ package systemd import ( - "bufio" "context" "errors" "fmt" @@ -17,9 +16,7 @@ import ( dbus "github.com/godbus/dbus/v5" "github.com/sirupsen/logrus" - cgroupdevices "github.com/opencontainers/runc/libcontainer/cgroups/devices" "github.com/opencontainers/runc/libcontainer/configs" - "github.com/opencontainers/runc/libcontainer/devices" ) const ( @@ -86,216 +83,6 @@ func ExpandSlice(slice string) (string, error) { return path, nil } -func groupPrefix(ruleType devices.Type) (string, error) { - switch ruleType { - case devices.BlockDevice: - return "block-", nil - case devices.CharDevice: - return "char-", nil - default: - return "", fmt.Errorf("device type %v has no group prefix", ruleType) - } -} - -// findDeviceGroup tries to find the device group name (as listed in -// /proc/devices) with the type prefixed as required for DeviceAllow, for a -// given (type, major) combination. If more than one device group exists, an -// arbitrary one is chosen. -func findDeviceGroup(ruleType devices.Type, ruleMajor int64) (string, error) { - fh, err := os.Open("/proc/devices") - if err != nil { - return "", err - } - defer fh.Close() - - prefix, err := groupPrefix(ruleType) - if err != nil { - return "", err - } - - scanner := bufio.NewScanner(fh) - var currentType devices.Type - for scanner.Scan() { - // We need to strip spaces because the first number is column-aligned. - line := strings.TrimSpace(scanner.Text()) - - // Handle the "header" lines. - switch line { - case "Block devices:": - currentType = devices.BlockDevice - continue - case "Character devices:": - currentType = devices.CharDevice - continue - case "": - continue - } - - // Skip lines unrelated to our type. - if currentType != ruleType { - continue - } - - // Parse out the (major, name). - var ( - currMajor int64 - currName string - ) - if n, err := fmt.Sscanf(line, "%d %s", &currMajor, &currName); err != nil || n != 2 { - if err == nil { - err = errors.New("wrong number of fields") - } - return "", fmt.Errorf("scan /proc/devices line %q: %w", line, err) - } - - if currMajor == ruleMajor { - return prefix + currName, nil - } - } - if err := scanner.Err(); err != nil { - return "", fmt.Errorf("reading /proc/devices: %w", err) - } - // Couldn't find the device group. - return "", nil -} - -// DeviceAllow is the dbus type "a(ss)" which means we need a struct -// to represent it in Go. -type deviceAllowEntry struct { - Path string - Perms string -} - -func allowAllDevices() []systemdDbus.Property { - // Setting mode to auto and removing all DeviceAllow rules - // results in allowing access to all devices. - return []systemdDbus.Property{ - newProp("DevicePolicy", "auto"), - newProp("DeviceAllow", []deviceAllowEntry{}), - } -} - -// generateDeviceProperties takes the configured device rules and generates a -// corresponding set of systemd properties to configure the devices correctly. -func generateDeviceProperties(r *configs.Resources) ([]systemdDbus.Property, error) { - if r.SkipDevices { - return nil, nil - } - - properties := []systemdDbus.Property{ - // Always run in the strictest white-list mode. - newProp("DevicePolicy", "strict"), - // Empty the DeviceAllow array before filling it. - newProp("DeviceAllow", []deviceAllowEntry{}), - } - - // Figure out the set of rules. - configEmu := &cgroupdevices.Emulator{} - for _, rule := range r.Devices { - if err := configEmu.Apply(*rule); err != nil { - return nil, fmt.Errorf("unable to apply rule for systemd: %w", err) - } - } - // systemd doesn't support blacklists. So we log a warning, and tell - // systemd to act as a deny-all whitelist. This ruleset will be replaced - // with our normal fallback code. This may result in spurious errors, but - // the only other option is to error out here. - if configEmu.IsBlacklist() { - // However, if we're dealing with an allow-all rule then we can do it. - if configEmu.IsAllowAll() { - return allowAllDevices(), nil - } - logrus.Warn("systemd doesn't support blacklist device rules -- applying temporary deny-all rule") - return properties, nil - } - - // Now generate the set of rules we actually need to apply. Unlike the - // normal devices cgroup, in "strict" mode systemd defaults to a deny-all - // whitelist which is the default for devices.Emulator. - finalRules, err := configEmu.Rules() - if err != nil { - return nil, fmt.Errorf("unable to get simplified rules for systemd: %w", err) - } - var deviceAllowList []deviceAllowEntry - for _, rule := range finalRules { - if !rule.Allow { - // Should never happen. - return nil, fmt.Errorf("[internal error] cannot add deny rule to systemd DeviceAllow list: %v", *rule) - } - switch rule.Type { - case devices.BlockDevice, devices.CharDevice: - default: - // Should never happen. - return nil, fmt.Errorf("invalid device type for DeviceAllow: %v", rule.Type) - } - - entry := deviceAllowEntry{ - Perms: string(rule.Permissions), - } - - // systemd has a fairly odd (though understandable) syntax here, and - // because of the OCI configuration format we have to do quite a bit of - // trickery to convert things: - // - // * Concrete rules with non-wildcard major/minor numbers have to use - // /dev/{block,char} paths. This is slightly odd because it means - // that we cannot add whitelist rules for devices that don't exist, - // but there's not too much we can do about that. - // - // However, path globbing is not support for path-based rules so we - // need to handle wildcards in some other manner. - // - // * Wildcard-minor rules have to specify a "device group name" (the - // second column in /proc/devices). - // - // * Wildcard (major and minor) rules can just specify a glob with the - // type ("char-*" or "block-*"). - // - // The only type of rule we can't handle is wildcard-major rules, and - // so we'll give a warning in that case (note that the fallback code - // will insert any rules systemd couldn't handle). What amazing fun. - - if rule.Major == devices.Wildcard { - // "_ *:n _" rules aren't supported by systemd. - if rule.Minor != devices.Wildcard { - logrus.Warnf("systemd doesn't support '*:n' device rules -- temporarily ignoring rule: %v", *rule) - continue - } - - // "_ *:* _" rules just wildcard everything. - prefix, err := groupPrefix(rule.Type) - if err != nil { - return nil, err - } - entry.Path = prefix + "*" - } else if rule.Minor == devices.Wildcard { - // "_ n:* _" rules require a device group from /proc/devices. - group, err := findDeviceGroup(rule.Type, rule.Major) - if err != nil { - return nil, fmt.Errorf("unable to find device '%v/%d': %w", rule.Type, rule.Major, err) - } - if group == "" { - // Couldn't find a group. - logrus.Warnf("could not find device group for '%v/%d' in /proc/devices -- temporarily ignoring rule: %v", rule.Type, rule.Major, *rule) - continue - } - entry.Path = group - } else { - // "_ n:m _" rules are just a path in /dev/{block,char}/. - switch rule.Type { - case devices.BlockDevice: - entry.Path = fmt.Sprintf("/dev/block/%d:%d", rule.Major, rule.Minor) - case devices.CharDevice: - entry.Path = fmt.Sprintf("/dev/char/%d:%d", rule.Major, rule.Minor) - } - } - deviceAllowList = append(deviceAllowList, entry) - } - - properties = append(properties, newProp("DeviceAllow", deviceAllowList)) - return properties, nil -} - func newProp(name string, units interface{}) systemdDbus.Property { return systemdDbus.Property{ Name: name, diff --git a/libcontainer/cgroups/systemd/devices.go b/libcontainer/cgroups/systemd/devices.go new file mode 100644 index 00000000000..221c978942c --- /dev/null +++ b/libcontainer/cgroups/systemd/devices.go @@ -0,0 +1,293 @@ +package systemd + +import ( + "bufio" + "errors" + "fmt" + "os" + "reflect" + "strings" + + systemdDbus "github.com/coreos/go-systemd/v22/dbus" + dbus "github.com/godbus/dbus/v5" + "github.com/sirupsen/logrus" + + cgroupdevices "github.com/opencontainers/runc/libcontainer/cgroups/devices" + "github.com/opencontainers/runc/libcontainer/configs" + "github.com/opencontainers/runc/libcontainer/devices" +) + +// freezeBeforeSet answers whether there is a need to freeze the cgroup before +// applying its systemd unit properties, and thaw after, while avoiding +// unnecessary freezer state changes. +// +// The reason why we have to freeze is that systemd's application of device +// rules is done disruptively, resulting in spurious errors to common devices +// (unlike our fs driver, they will happily write deny-all rules to running +// containers). So we have to freeze the container to avoid the container get +// an occasional "permission denied" error. +func (m *legacyManager) freezeBeforeSet(unitName string, r *configs.Resources) (needsFreeze, needsThaw bool, err error) { + // Special case for SkipDevices, as used by Kubernetes to create pod + // cgroups with allow-all device policy). + if r.SkipDevices { + if r.SkipFreezeOnSet { + // Both needsFreeze and needsThaw are false. + return + } + + // No need to freeze if SkipDevices is set, and either + // (1) systemd unit does not (yet) exist, or + // (2) it has DevicePolicy=auto and empty DeviceAllow list. + // + // Interestingly, (1) and (2) are the same here because + // a non-existent unit returns default properties, + // and settings in (2) are the defaults. + // + // Do not return errors from getUnitTypeProperty, as they alone + // should not prevent Set from working. + + unitType := getUnitType(unitName) + + devPolicy, e := getUnitTypeProperty(m.dbus, unitName, unitType, "DevicePolicy") + if e == nil && devPolicy.Value == dbus.MakeVariant("auto") { + devAllow, e := getUnitTypeProperty(m.dbus, unitName, unitType, "DeviceAllow") + if e == nil { + if rv := reflect.ValueOf(devAllow.Value.Value()); rv.Kind() == reflect.Slice && rv.Len() == 0 { + needsFreeze = false + needsThaw = false + return + } + } + } + } + + needsFreeze = true + needsThaw = true + + // Check the current freezer state. + freezerState, err := m.GetFreezerState() + if err != nil { + return + } + if freezerState == configs.Frozen { + // Already frozen, and should stay frozen. + needsFreeze = false + needsThaw = false + } + + if r.Freezer == configs.Frozen { + // Will be frozen anyway -- no need to thaw. + needsThaw = false + } + return +} + +func groupPrefix(ruleType devices.Type) (string, error) { + switch ruleType { + case devices.BlockDevice: + return "block-", nil + case devices.CharDevice: + return "char-", nil + default: + return "", fmt.Errorf("device type %v has no group prefix", ruleType) + } +} + +// findDeviceGroup tries to find the device group name (as listed in +// /proc/devices) with the type prefixed as required for DeviceAllow, for a +// given (type, major) combination. If more than one device group exists, an +// arbitrary one is chosen. +func findDeviceGroup(ruleType devices.Type, ruleMajor int64) (string, error) { + fh, err := os.Open("/proc/devices") + if err != nil { + return "", err + } + defer fh.Close() + + prefix, err := groupPrefix(ruleType) + if err != nil { + return "", err + } + + scanner := bufio.NewScanner(fh) + var currentType devices.Type + for scanner.Scan() { + // We need to strip spaces because the first number is column-aligned. + line := strings.TrimSpace(scanner.Text()) + + // Handle the "header" lines. + switch line { + case "Block devices:": + currentType = devices.BlockDevice + continue + case "Character devices:": + currentType = devices.CharDevice + continue + case "": + continue + } + + // Skip lines unrelated to our type. + if currentType != ruleType { + continue + } + + // Parse out the (major, name). + var ( + currMajor int64 + currName string + ) + if n, err := fmt.Sscanf(line, "%d %s", &currMajor, &currName); err != nil || n != 2 { + if err == nil { + err = errors.New("wrong number of fields") + } + return "", fmt.Errorf("scan /proc/devices line %q: %w", line, err) + } + + if currMajor == ruleMajor { + return prefix + currName, nil + } + } + if err := scanner.Err(); err != nil { + return "", fmt.Errorf("reading /proc/devices: %w", err) + } + // Couldn't find the device group. + return "", nil +} + +// DeviceAllow is the dbus type "a(ss)" which means we need a struct +// to represent it in Go. +type deviceAllowEntry struct { + Path string + Perms string +} + +func allowAllDevices() []systemdDbus.Property { + // Setting mode to auto and removing all DeviceAllow rules + // results in allowing access to all devices. + return []systemdDbus.Property{ + newProp("DevicePolicy", "auto"), + newProp("DeviceAllow", []deviceAllowEntry{}), + } +} + +// generateDeviceProperties takes the configured device rules and generates a +// corresponding set of systemd properties to configure the devices correctly. +func generateDeviceProperties(r *configs.Resources) ([]systemdDbus.Property, error) { + if r.SkipDevices { + return nil, nil + } + + properties := []systemdDbus.Property{ + // Always run in the strictest white-list mode. + newProp("DevicePolicy", "strict"), + // Empty the DeviceAllow array before filling it. + newProp("DeviceAllow", []deviceAllowEntry{}), + } + + // Figure out the set of rules. + configEmu := &cgroupdevices.Emulator{} + for _, rule := range r.Devices { + if err := configEmu.Apply(*rule); err != nil { + return nil, fmt.Errorf("unable to apply rule for systemd: %w", err) + } + } + // systemd doesn't support blacklists. So we log a warning, and tell + // systemd to act as a deny-all whitelist. This ruleset will be replaced + // with our normal fallback code. This may result in spurious errors, but + // the only other option is to error out here. + if configEmu.IsBlacklist() { + // However, if we're dealing with an allow-all rule then we can do it. + if configEmu.IsAllowAll() { + return allowAllDevices(), nil + } + logrus.Warn("systemd doesn't support blacklist device rules -- applying temporary deny-all rule") + return properties, nil + } + + // Now generate the set of rules we actually need to apply. Unlike the + // normal devices cgroup, in "strict" mode systemd defaults to a deny-all + // whitelist which is the default for devices.Emulator. + finalRules, err := configEmu.Rules() + if err != nil { + return nil, fmt.Errorf("unable to get simplified rules for systemd: %w", err) + } + var deviceAllowList []deviceAllowEntry + for _, rule := range finalRules { + if !rule.Allow { + // Should never happen. + return nil, fmt.Errorf("[internal error] cannot add deny rule to systemd DeviceAllow list: %v", *rule) + } + switch rule.Type { + case devices.BlockDevice, devices.CharDevice: + default: + // Should never happen. + return nil, fmt.Errorf("invalid device type for DeviceAllow: %v", rule.Type) + } + + entry := deviceAllowEntry{ + Perms: string(rule.Permissions), + } + + // systemd has a fairly odd (though understandable) syntax here, and + // because of the OCI configuration format we have to do quite a bit of + // trickery to convert things: + // + // * Concrete rules with non-wildcard major/minor numbers have to use + // /dev/{block,char} paths. This is slightly odd because it means + // that we cannot add whitelist rules for devices that don't exist, + // but there's not too much we can do about that. + // + // However, path globbing is not support for path-based rules so we + // need to handle wildcards in some other manner. + // + // * Wildcard-minor rules have to specify a "device group name" (the + // second column in /proc/devices). + // + // * Wildcard (major and minor) rules can just specify a glob with the + // type ("char-*" or "block-*"). + // + // The only type of rule we can't handle is wildcard-major rules, and + // so we'll give a warning in that case (note that the fallback code + // will insert any rules systemd couldn't handle). What amazing fun. + + if rule.Major == devices.Wildcard { + // "_ *:n _" rules aren't supported by systemd. + if rule.Minor != devices.Wildcard { + logrus.Warnf("systemd doesn't support '*:n' device rules -- temporarily ignoring rule: %v", *rule) + continue + } + + // "_ *:* _" rules just wildcard everything. + prefix, err := groupPrefix(rule.Type) + if err != nil { + return nil, err + } + entry.Path = prefix + "*" + } else if rule.Minor == devices.Wildcard { + // "_ n:* _" rules require a device group from /proc/devices. + group, err := findDeviceGroup(rule.Type, rule.Major) + if err != nil { + return nil, fmt.Errorf("unable to find device '%v/%d': %w", rule.Type, rule.Major, err) + } + if group == "" { + // Couldn't find a group. + logrus.Warnf("could not find device group for '%v/%d' in /proc/devices -- temporarily ignoring rule: %v", rule.Type, rule.Major, *rule) + continue + } + entry.Path = group + } else { + // "_ n:m _" rules are just a path in /dev/{block,char}/. + switch rule.Type { + case devices.BlockDevice: + entry.Path = fmt.Sprintf("/dev/block/%d:%d", rule.Major, rule.Minor) + case devices.CharDevice: + entry.Path = fmt.Sprintf("/dev/char/%d:%d", rule.Major, rule.Minor) + } + } + deviceAllowList = append(deviceAllowList, entry) + } + + properties = append(properties, newProp("DeviceAllow", deviceAllowList)) + return properties, nil +} diff --git a/libcontainer/cgroups/systemd/devices_test.go b/libcontainer/cgroups/systemd/devices_test.go new file mode 100644 index 00000000000..74ce2572b1e --- /dev/null +++ b/libcontainer/cgroups/systemd/devices_test.go @@ -0,0 +1,580 @@ +package systemd + +import ( + "bufio" + "bytes" + "os" + "os/exec" + "strings" + "testing" + + "golang.org/x/sys/unix" + + "github.com/opencontainers/runc/libcontainer/cgroups" + "github.com/opencontainers/runc/libcontainer/configs" + "github.com/opencontainers/runc/libcontainer/devices" +) + +// TestPodSkipDevicesUpdate checks that updating a pod having SkipDevices: true +// does not result in spurious "permission denied" errors in a container +// running under the pod. The test is somewhat similar in nature to the +// @test "update devices [minimal transition rules]" in tests/integration, +// but uses a pod. +func TestPodSkipDevicesUpdate(t *testing.T) { + if !IsRunningSystemd() { + t.Skip("Test requires systemd.") + } + if os.Geteuid() != 0 { + t.Skip("Test requires root.") + } + + podName := "system-runc_test_pod" + t.Name() + ".slice" + podConfig := &configs.Cgroup{ + Systemd: true, + Parent: "system.slice", + Name: podName, + Resources: &configs.Resources{ + PidsLimit: 42, + Memory: 32 * 1024 * 1024, + SkipDevices: true, + }, + } + // Create "pod" cgroup (a systemd slice to hold containers). + pm := newManager(t, podConfig) + if err := pm.Apply(-1); err != nil { + t.Fatal(err) + } + if err := pm.Set(podConfig.Resources); err != nil { + t.Fatal(err) + } + + containerConfig := &configs.Cgroup{ + Parent: podName, + ScopePrefix: "test", + Name: "PodSkipDevicesUpdate", + Resources: &configs.Resources{ + Devices: []*devices.Rule{ + // Allow access to /dev/null. + { + Type: devices.CharDevice, + Major: 1, + Minor: 3, + Permissions: "rwm", + Allow: true, + }, + }, + }, + } + + // Create a "container" within the "pod" cgroup. + // This is not a real container, just a process in the cgroup. + cmd := exec.Command("bash", "-c", "while true; do echo > /dev/null; done") + cmd.Env = append(os.Environ(), "LANG=C") + var stderr bytes.Buffer + cmd.Stderr = &stderr + if err := cmd.Start(); err != nil { + t.Fatal(err) + } + // Make sure to not leave a zombie. + defer func() { + // These may fail, we don't care. + _ = cmd.Process.Kill() + _ = cmd.Wait() + }() + + // Put the process into a cgroup. + cm := newManager(t, containerConfig) + if err := cm.Apply(cmd.Process.Pid); err != nil { + t.Fatal(err) + } + // Check that we put the "container" into the "pod" cgroup. + if !strings.HasPrefix(cm.Path("devices"), pm.Path("devices")) { + t.Fatalf("expected container cgroup path %q to be under pod cgroup path %q", + cm.Path("devices"), pm.Path("devices")) + } + if err := cm.Set(containerConfig.Resources); err != nil { + t.Fatal(err) + } + + // Now update the pod a few times. + for i := 0; i < 42; i++ { + podConfig.Resources.PidsLimit++ + podConfig.Resources.Memory += 1024 * 1024 + if err := pm.Set(podConfig.Resources); err != nil { + t.Fatal(err) + } + } + // Kill the "container". + if err := cmd.Process.Kill(); err != nil { + t.Fatal(err) + } + + _ = cmd.Wait() + + // "Container" stderr should be empty. + if stderr.Len() != 0 { + t.Fatalf("container stderr not empty: %s", stderr.String()) + } +} + +func testSkipDevices(t *testing.T, skipDevices bool, expected []string) { + if !IsRunningSystemd() { + t.Skip("Test requires systemd.") + } + if os.Geteuid() != 0 { + t.Skip("Test requires root.") + } + + podConfig := &configs.Cgroup{ + Parent: "system.slice", + Name: "system-runc_test_pods.slice", + Resources: &configs.Resources{ + SkipDevices: skipDevices, + }, + } + // Create "pods" cgroup (a systemd slice to hold containers). + pm := newManager(t, podConfig) + if err := pm.Apply(-1); err != nil { + t.Fatal(err) + } + if err := pm.Set(podConfig.Resources); err != nil { + t.Fatal(err) + } + + config := &configs.Cgroup{ + Parent: "system-runc_test_pods.slice", + ScopePrefix: "test", + Name: "SkipDevices", + Resources: &configs.Resources{ + Devices: []*devices.Rule{ + // Allow access to /dev/full only. + { + Type: devices.CharDevice, + Major: 1, + Minor: 7, + Permissions: "rwm", + Allow: true, + }, + }, + }, + } + + // Create a "container" within the "pods" cgroup. + // This is not a real container, just a process in the cgroup. + cmd := exec.Command("bash", "-c", "read; echo > /dev/full; cat /dev/null; true") + cmd.Env = append(os.Environ(), "LANG=C") + stdinR, stdinW, err := os.Pipe() + if err != nil { + t.Fatal(err) + } + cmd.Stdin = stdinR + var stderr bytes.Buffer + cmd.Stderr = &stderr + err = cmd.Start() + stdinR.Close() + defer stdinW.Close() + if err != nil { + t.Fatal(err) + } + // Make sure to not leave a zombie. + defer func() { + // These may fail, we don't care. + _, _ = stdinW.WriteString("hey\n") + _ = cmd.Wait() + }() + + // Put the process into a cgroup. + m := newManager(t, config) + if err := m.Apply(cmd.Process.Pid); err != nil { + t.Fatal(err) + } + // Check that we put the "container" into the "pod" cgroup. + if !strings.HasPrefix(m.Path("devices"), pm.Path("devices")) { + t.Fatalf("expected container cgroup path %q to be under pod cgroup path %q", + m.Path("devices"), pm.Path("devices")) + } + if err := m.Set(config.Resources); err != nil { + // failed to write "c 1:7 rwm": write /sys/fs/cgroup/devices/system.slice/system-runc_test_pods.slice/test-SkipDevices.scope/devices.allow: operation not permitted + if skipDevices == false && strings.HasSuffix(err.Error(), "/devices.allow: operation not permitted") { + // Cgroup v1 devices controller gives EPERM on trying + // to enable devices that are not enabled + // (skipDevices=false) in a parent cgroup. + // If this happens, test is passing. + return + } + t.Fatal(err) + } + + // Check that we can access /dev/full but not /dev/zero. + if _, err := stdinW.WriteString("wow\n"); err != nil { + t.Fatal(err) + } + if err := cmd.Wait(); err != nil { + t.Fatal(err) + } + for _, exp := range expected { + if !strings.Contains(stderr.String(), exp) { + t.Errorf("expected %q, got: %s", exp, stderr.String()) + } + } +} + +func TestSkipDevicesTrue(t *testing.T) { + testSkipDevices(t, true, []string{ + "echo: write error: No space left on device", + "cat: /dev/null: Operation not permitted", + }) +} + +func TestSkipDevicesFalse(t *testing.T) { + // If SkipDevices is not set for the parent slice, access to both + // devices should fail. This is done to assess the test correctness. + // For cgroup v1, we check for m.Set returning EPERM. + // For cgroup v2, we check for the errors below. + testSkipDevices(t, false, []string{ + "/dev/full: Operation not permitted", + "cat: /dev/null: Operation not permitted", + }) +} + +func TestFreezeBeforeSet(t *testing.T) { + requireV1(t) + + testCases := []struct { + desc string + // Test input. + cg *configs.Cgroup + preFreeze bool + // Expected values. + // Before unit creation (Apply). + freeze0, thaw0 bool + // After unit creation. + freeze1, thaw1 bool + }{ + { + // A slice with SkipDevices. + desc: "slice,skip-devices", + cg: &configs.Cgroup{ + Name: "system-runc_test_freeze_1.slice", + Parent: "system.slice", + Resources: &configs.Resources{ + SkipDevices: true, + }, + }, + // Expected. + freeze0: false, + thaw0: false, + freeze1: false, + thaw1: false, + }, + { + // A scope with SkipDevices. Not a realistic scenario with runc + // (as container can't have SkipDevices == true), but possible + // for a standalone cgroup manager. + desc: "scope,skip-devices", + cg: &configs.Cgroup{ + ScopePrefix: "test", + Name: "testFreeze2", + Parent: "system.slice", + Resources: &configs.Resources{ + SkipDevices: true, + }, + }, + // Expected. + freeze0: false, + thaw0: false, + freeze1: false, + thaw1: false, + }, + { + // A slice that is about to be frozen in Set. + desc: "slice,will-freeze", + cg: &configs.Cgroup{ + Name: "system-runc_test_freeze_3.slice", + Parent: "system.slice", + Resources: &configs.Resources{ + Freezer: configs.Frozen, + }, + }, + // Expected. + freeze0: true, + thaw0: false, + freeze1: true, + thaw1: false, + }, + { + // A pre-frozen slice that should stay frozen. + desc: "slice,pre-frozen,will-freeze", + cg: &configs.Cgroup{ + Name: "system-runc_test_freeze_4.slice", + Parent: "system.slice", + Resources: &configs.Resources{ + Freezer: configs.Frozen, + }, + }, + preFreeze: true, + // Expected. + freeze0: true, // not actually frozen yet. + thaw0: false, + freeze1: false, + thaw1: false, + }, + { + // A pre-frozen scope with skip devices set. + desc: "scope,pre-frozen,skip-devices", + cg: &configs.Cgroup{ + ScopePrefix: "test", + Name: "testFreeze5", + Parent: "system.slice", + Resources: &configs.Resources{ + SkipDevices: true, + }, + }, + preFreeze: true, + // Expected. + freeze0: false, + thaw0: false, + freeze1: false, + thaw1: false, + }, + { + // A pre-frozen scope which will be thawed. + desc: "scope,pre-frozen", + cg: &configs.Cgroup{ + ScopePrefix: "test", + Name: "testFreeze6", + Parent: "system.slice", + Resources: &configs.Resources{}, + }, + preFreeze: true, + // Expected. + freeze0: true, // not actually frozen yet. + thaw0: true, + freeze1: false, + thaw1: false, + }, + } + + for _, tc := range testCases { + tc := tc + t.Run(tc.desc, func(t *testing.T) { + m, err := NewLegacyManager(tc.cg, nil) + if err != nil { + t.Fatal(err) + } + defer m.Destroy() //nolint:errcheck + lm := m.(*legacyManager) + + // Checks for a non-existent unit. + freeze, thaw, err := lm.freezeBeforeSet(getUnitName(tc.cg), tc.cg.Resources) + if err != nil { + t.Fatal(err) + } + if freeze != tc.freeze0 || thaw != tc.thaw0 { + t.Errorf("before Apply (non-existent unit): expected freeze: %v, thaw: %v, got freeze: %v, thaw: %v", + tc.freeze0, tc.thaw0, freeze, thaw) + } + + // Create systemd unit. + pid := -1 + if strings.HasSuffix(getUnitName(tc.cg), ".scope") { + // Scopes require a process inside. + cmd := exec.Command("bash", "-c", "sleep 1m") + if err := cmd.Start(); err != nil { + t.Fatal(err) + } + pid = cmd.Process.Pid + // Make sure to not leave a zombie. + defer func() { + // These may fail, we don't care. + _ = cmd.Process.Kill() + _ = cmd.Wait() + }() + } + if err := m.Apply(pid); err != nil { + t.Fatal(err) + } + if tc.preFreeze { + if err := m.Freeze(configs.Frozen); err != nil { + t.Error(err) + return // no more checks + } + } + freeze, thaw, err = lm.freezeBeforeSet(getUnitName(tc.cg), tc.cg.Resources) + if err != nil { + t.Error(err) + return // no more checks + } + if freeze != tc.freeze1 || thaw != tc.thaw1 { + t.Errorf("expected freeze: %v, thaw: %v, got freeze: %v, thaw: %v", + tc.freeze1, tc.thaw1, freeze, thaw) + } + // Destroy() timeouts on a frozen container, so we need to thaw it. + if tc.preFreeze { + if err := m.Freeze(configs.Thawed); err != nil { + t.Error(err) + } + } + // Destroy() does not kill processes in cgroup, so we should. + if pid != -1 { + if err = unix.Kill(pid, unix.SIGKILL); err != nil { + t.Errorf("unable to kill pid %d: %s", pid, err) + } + } + // Not really needed, but may help catch some bugs. + if err := m.Destroy(); err != nil { + t.Errorf("destroy: %s", err) + } + }) + } +} + +// requireV1 skips the test unless a set of requirements (cgroup v1, +// systemd, root) is met. +func requireV1(t *testing.T) { + t.Helper() + if cgroups.IsCgroup2UnifiedMode() { + t.Skip("Test requires cgroup v1.") + } + if !IsRunningSystemd() { + t.Skip("Test requires systemd.") + } + if os.Geteuid() != 0 { + t.Skip("Test requires root.") + } +} + +func TestFreezePodCgroup(t *testing.T) { + if !IsRunningSystemd() { + t.Skip("Test requires systemd.") + } + if os.Geteuid() != 0 { + t.Skip("Test requires root.") + } + + podConfig := &configs.Cgroup{ + Parent: "system.slice", + Name: "system-runc_test_pod.slice", + Resources: &configs.Resources{ + SkipDevices: true, + Freezer: configs.Frozen, + }, + } + // Create a "pod" cgroup (a systemd slice to hold containers), + // which is frozen initially. + pm := newManager(t, podConfig) + if err := pm.Apply(-1); err != nil { + t.Fatal(err) + } + + if err := pm.Set(podConfig.Resources); err != nil { + t.Fatal(err) + } + + // Check the pod is frozen. + pf, err := pm.GetFreezerState() + if err != nil { + t.Fatal(err) + } + if pf != configs.Frozen { + t.Fatalf("expected pod to be frozen, got %v", pf) + } + + // Create a "container" within the "pod" cgroup. + // This is not a real container, just a process in the cgroup. + containerConfig := &configs.Cgroup{ + Parent: "system-runc_test_pod.slice", + ScopePrefix: "test", + Name: "inner-container", + Resources: &configs.Resources{}, + } + + cmd := exec.Command("bash", "-c", "while read; do echo $REPLY; done") + cmd.Env = append(os.Environ(), "LANG=C") + + // Setup stdin. + stdinR, stdinW, err := os.Pipe() + if err != nil { + t.Fatal(err) + } + cmd.Stdin = stdinR + + // Setup stdout. + stdoutR, stdoutW, err := os.Pipe() + if err != nil { + t.Fatal(err) + } + cmd.Stdout = stdoutW + rdr := bufio.NewReader(stdoutR) + + // Setup stderr. + var stderr bytes.Buffer + cmd.Stderr = &stderr + + err = cmd.Start() + stdinR.Close() + stdoutW.Close() + defer func() { + _ = stdinW.Close() + _ = stdoutR.Close() + }() + if err != nil { + t.Fatal(err) + } + // Make sure to not leave a zombie. + defer func() { + // These may fail, we don't care. + _ = cmd.Process.Kill() + _ = cmd.Wait() + }() + + // Put the process into a cgroup. + cm := newManager(t, containerConfig) + + if err := cm.Apply(cmd.Process.Pid); err != nil { + t.Fatal(err) + } + if err := cm.Set(containerConfig.Resources); err != nil { + t.Fatal(err) + } + // Check that we put the "container" into the "pod" cgroup. + if !strings.HasPrefix(cm.Path("freezer"), pm.Path("freezer")) { + t.Fatalf("expected container cgroup path %q to be under pod cgroup path %q", + cm.Path("freezer"), pm.Path("freezer")) + } + // Check the container is not reported as frozen despite the frozen parent. + cf, err := cm.GetFreezerState() + if err != nil { + t.Fatal(err) + } + if cf != configs.Thawed { + t.Fatalf("expected container to be thawed, got %v", cf) + } + + // Unfreeze the pod. + if err := pm.Freeze(configs.Thawed); err != nil { + t.Fatal(err) + } + + cf, err = cm.GetFreezerState() + if err != nil { + t.Fatal(err) + } + if cf != configs.Thawed { + t.Fatalf("expected container to be thawed, got %v", cf) + } + + // Check the "container" works. + marker := "one two\n" + _, err = stdinW.WriteString(marker) + if err != nil { + t.Fatal(err) + } + reply, err := rdr.ReadString('\n') + if err != nil { + t.Fatalf("reading from container: %v", err) + } + if reply != marker { + t.Fatalf("expected %q, got %q", marker, reply) + } +} diff --git a/libcontainer/cgroups/systemd/systemd_test.go b/libcontainer/cgroups/systemd/systemd_test.go index 7417bf28789..d280a3090aa 100644 --- a/libcontainer/cgroups/systemd/systemd_test.go +++ b/libcontainer/cgroups/systemd/systemd_test.go @@ -1,16 +1,11 @@ package systemd import ( - "bufio" - "bytes" "os" - "os/exec" - "strings" "testing" "github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/configs" - "github.com/opencontainers/runc/libcontainer/devices" ) func newManager(t *testing.T, config *configs.Cgroup) (m cgroups.Manager) { @@ -74,228 +69,6 @@ func TestValidUnitTypes(t *testing.T) { } } -// TestPodSkipDevicesUpdate checks that updating a pod having SkipDevices: true -// does not result in spurious "permission denied" errors in a container -// running under the pod. The test is somewhat similar in nature to the -// @test "update devices [minimal transition rules]" in tests/integration, -// but uses a pod. -func TestPodSkipDevicesUpdate(t *testing.T) { - if !IsRunningSystemd() { - t.Skip("Test requires systemd.") - } - if os.Geteuid() != 0 { - t.Skip("Test requires root.") - } - - podName := "system-runc_test_pod" + t.Name() + ".slice" - podConfig := &configs.Cgroup{ - Systemd: true, - Parent: "system.slice", - Name: podName, - Resources: &configs.Resources{ - PidsLimit: 42, - Memory: 32 * 1024 * 1024, - SkipDevices: true, - }, - } - // Create "pod" cgroup (a systemd slice to hold containers). - pm := newManager(t, podConfig) - if err := pm.Apply(-1); err != nil { - t.Fatal(err) - } - if err := pm.Set(podConfig.Resources); err != nil { - t.Fatal(err) - } - - containerConfig := &configs.Cgroup{ - Parent: podName, - ScopePrefix: "test", - Name: "PodSkipDevicesUpdate", - Resources: &configs.Resources{ - Devices: []*devices.Rule{ - // Allow access to /dev/null. - { - Type: devices.CharDevice, - Major: 1, - Minor: 3, - Permissions: "rwm", - Allow: true, - }, - }, - }, - } - - // Create a "container" within the "pod" cgroup. - // This is not a real container, just a process in the cgroup. - cmd := exec.Command("bash", "-c", "while true; do echo > /dev/null; done") - cmd.Env = append(os.Environ(), "LANG=C") - var stderr bytes.Buffer - cmd.Stderr = &stderr - if err := cmd.Start(); err != nil { - t.Fatal(err) - } - // Make sure to not leave a zombie. - defer func() { - // These may fail, we don't care. - _ = cmd.Process.Kill() - _ = cmd.Wait() - }() - - // Put the process into a cgroup. - cm := newManager(t, containerConfig) - if err := cm.Apply(cmd.Process.Pid); err != nil { - t.Fatal(err) - } - // Check that we put the "container" into the "pod" cgroup. - if !strings.HasPrefix(cm.Path("devices"), pm.Path("devices")) { - t.Fatalf("expected container cgroup path %q to be under pod cgroup path %q", - cm.Path("devices"), pm.Path("devices")) - } - if err := cm.Set(containerConfig.Resources); err != nil { - t.Fatal(err) - } - - // Now update the pod a few times. - for i := 0; i < 42; i++ { - podConfig.Resources.PidsLimit++ - podConfig.Resources.Memory += 1024 * 1024 - if err := pm.Set(podConfig.Resources); err != nil { - t.Fatal(err) - } - } - // Kill the "container". - if err := cmd.Process.Kill(); err != nil { - t.Fatal(err) - } - - _ = cmd.Wait() - - // "Container" stderr should be empty. - if stderr.Len() != 0 { - t.Fatalf("container stderr not empty: %s", stderr.String()) - } -} - -func testSkipDevices(t *testing.T, skipDevices bool, expected []string) { - if !IsRunningSystemd() { - t.Skip("Test requires systemd.") - } - if os.Geteuid() != 0 { - t.Skip("Test requires root.") - } - - podConfig := &configs.Cgroup{ - Parent: "system.slice", - Name: "system-runc_test_pods.slice", - Resources: &configs.Resources{ - SkipDevices: skipDevices, - }, - } - // Create "pods" cgroup (a systemd slice to hold containers). - pm := newManager(t, podConfig) - if err := pm.Apply(-1); err != nil { - t.Fatal(err) - } - if err := pm.Set(podConfig.Resources); err != nil { - t.Fatal(err) - } - - config := &configs.Cgroup{ - Parent: "system-runc_test_pods.slice", - ScopePrefix: "test", - Name: "SkipDevices", - Resources: &configs.Resources{ - Devices: []*devices.Rule{ - // Allow access to /dev/full only. - { - Type: devices.CharDevice, - Major: 1, - Minor: 7, - Permissions: "rwm", - Allow: true, - }, - }, - }, - } - - // Create a "container" within the "pods" cgroup. - // This is not a real container, just a process in the cgroup. - cmd := exec.Command("bash", "-c", "read; echo > /dev/full; cat /dev/null; true") - cmd.Env = append(os.Environ(), "LANG=C") - stdinR, stdinW, err := os.Pipe() - if err != nil { - t.Fatal(err) - } - cmd.Stdin = stdinR - var stderr bytes.Buffer - cmd.Stderr = &stderr - err = cmd.Start() - stdinR.Close() - defer stdinW.Close() - if err != nil { - t.Fatal(err) - } - // Make sure to not leave a zombie. - defer func() { - // These may fail, we don't care. - _, _ = stdinW.WriteString("hey\n") - _ = cmd.Wait() - }() - - // Put the process into a cgroup. - m := newManager(t, config) - if err := m.Apply(cmd.Process.Pid); err != nil { - t.Fatal(err) - } - // Check that we put the "container" into the "pod" cgroup. - if !strings.HasPrefix(m.Path("devices"), pm.Path("devices")) { - t.Fatalf("expected container cgroup path %q to be under pod cgroup path %q", - m.Path("devices"), pm.Path("devices")) - } - if err := m.Set(config.Resources); err != nil { - // failed to write "c 1:7 rwm": write /sys/fs/cgroup/devices/system.slice/system-runc_test_pods.slice/test-SkipDevices.scope/devices.allow: operation not permitted - if skipDevices == false && strings.HasSuffix(err.Error(), "/devices.allow: operation not permitted") { - // Cgroup v1 devices controller gives EPERM on trying - // to enable devices that are not enabled - // (skipDevices=false) in a parent cgroup. - // If this happens, test is passing. - return - } - t.Fatal(err) - } - - // Check that we can access /dev/full but not /dev/zero. - if _, err := stdinW.WriteString("wow\n"); err != nil { - t.Fatal(err) - } - if err := cmd.Wait(); err != nil { - t.Fatal(err) - } - for _, exp := range expected { - if !strings.Contains(stderr.String(), exp) { - t.Errorf("expected %q, got: %s", exp, stderr.String()) - } - } -} - -func TestSkipDevicesTrue(t *testing.T) { - testSkipDevices(t, true, []string{ - "echo: write error: No space left on device", - "cat: /dev/null: Operation not permitted", - }) -} - -func TestSkipDevicesFalse(t *testing.T) { - // If SkipDevices is not set for the parent slice, access to both - // devices should fail. This is done to assess the test correctness. - // For cgroup v1, we check for m.Set returning EPERM. - // For cgroup v2, we check for the errors below. - testSkipDevices(t, false, []string{ - "/dev/full: Operation not permitted", - "cat: /dev/null: Operation not permitted", - }) -} - func TestUnitExistsIgnored(t *testing.T) { if !IsRunningSystemd() { t.Skip("Test requires systemd.") @@ -319,138 +92,3 @@ func TestUnitExistsIgnored(t *testing.T) { } } } - -func TestFreezePodCgroup(t *testing.T) { - if !IsRunningSystemd() { - t.Skip("Test requires systemd.") - } - if os.Geteuid() != 0 { - t.Skip("Test requires root.") - } - - podConfig := &configs.Cgroup{ - Parent: "system.slice", - Name: "system-runc_test_pod.slice", - Resources: &configs.Resources{ - SkipDevices: true, - Freezer: configs.Frozen, - }, - } - // Create a "pod" cgroup (a systemd slice to hold containers), - // which is frozen initially. - pm := newManager(t, podConfig) - if err := pm.Apply(-1); err != nil { - t.Fatal(err) - } - - if err := pm.Set(podConfig.Resources); err != nil { - t.Fatal(err) - } - - // Check the pod is frozen. - pf, err := pm.GetFreezerState() - if err != nil { - t.Fatal(err) - } - if pf != configs.Frozen { - t.Fatalf("expected pod to be frozen, got %v", pf) - } - - // Create a "container" within the "pod" cgroup. - // This is not a real container, just a process in the cgroup. - containerConfig := &configs.Cgroup{ - Parent: "system-runc_test_pod.slice", - ScopePrefix: "test", - Name: "inner-container", - Resources: &configs.Resources{}, - } - - cmd := exec.Command("bash", "-c", "while read; do echo $REPLY; done") - cmd.Env = append(os.Environ(), "LANG=C") - - // Setup stdin. - stdinR, stdinW, err := os.Pipe() - if err != nil { - t.Fatal(err) - } - cmd.Stdin = stdinR - - // Setup stdout. - stdoutR, stdoutW, err := os.Pipe() - if err != nil { - t.Fatal(err) - } - cmd.Stdout = stdoutW - rdr := bufio.NewReader(stdoutR) - - // Setup stderr. - var stderr bytes.Buffer - cmd.Stderr = &stderr - - err = cmd.Start() - stdinR.Close() - stdoutW.Close() - defer func() { - _ = stdinW.Close() - _ = stdoutR.Close() - }() - if err != nil { - t.Fatal(err) - } - // Make sure to not leave a zombie. - defer func() { - // These may fail, we don't care. - _ = cmd.Process.Kill() - _ = cmd.Wait() - }() - - // Put the process into a cgroup. - cm := newManager(t, containerConfig) - - if err := cm.Apply(cmd.Process.Pid); err != nil { - t.Fatal(err) - } - if err := cm.Set(containerConfig.Resources); err != nil { - t.Fatal(err) - } - // Check that we put the "container" into the "pod" cgroup. - if !strings.HasPrefix(cm.Path("freezer"), pm.Path("freezer")) { - t.Fatalf("expected container cgroup path %q to be under pod cgroup path %q", - cm.Path("freezer"), pm.Path("freezer")) - } - // Check the container is not reported as frozen despite the frozen parent. - cf, err := cm.GetFreezerState() - if err != nil { - t.Fatal(err) - } - if cf != configs.Thawed { - t.Fatalf("expected container to be thawed, got %v", cf) - } - - // Unfreeze the pod. - if err := pm.Freeze(configs.Thawed); err != nil { - t.Fatal(err) - } - - cf, err = cm.GetFreezerState() - if err != nil { - t.Fatal(err) - } - if cf != configs.Thawed { - t.Fatalf("expected container to be thawed, got %v", cf) - } - - // Check the "container" works. - marker := "one two\n" - _, err = stdinW.WriteString(marker) - if err != nil { - t.Fatal(err) - } - reply, err := rdr.ReadString('\n') - if err != nil { - t.Fatalf("reading from container: %v", err) - } - if reply != marker { - t.Fatalf("expected %q, got %q", marker, reply) - } -} diff --git a/libcontainer/cgroups/systemd/v1.go b/libcontainer/cgroups/systemd/v1.go index a74a05a5cd0..1e4c582127d 100644 --- a/libcontainer/cgroups/systemd/v1.go +++ b/libcontainer/cgroups/systemd/v1.go @@ -4,12 +4,10 @@ import ( "errors" "os" "path/filepath" - "reflect" "strings" "sync" systemdDbus "github.com/coreos/go-systemd/v22/dbus" - "github.com/godbus/dbus/v5" "github.com/sirupsen/logrus" "github.com/opencontainers/runc/libcontainer/cgroups" @@ -336,71 +334,6 @@ func (m *legacyManager) GetStats() (*cgroups.Stats, error) { return stats, nil } -// freezeBeforeSet answers whether there is a need to freeze the cgroup before -// applying its systemd unit properties, and thaw after, while avoiding -// unnecessary freezer state changes. -// -// The reason why we have to freeze is that systemd's application of device -// rules is done disruptively, resulting in spurious errors to common devices -// (unlike our fs driver, they will happily write deny-all rules to running -// containers). So we have to freeze the container to avoid the container get -// an occasional "permission denied" error. -func (m *legacyManager) freezeBeforeSet(unitName string, r *configs.Resources) (needsFreeze, needsThaw bool, err error) { - // Special case for SkipDevices, as used by Kubernetes to create pod - // cgroups with allow-all device policy). - if r.SkipDevices { - if r.SkipFreezeOnSet { - // Both needsFreeze and needsThaw are false. - return - } - - // No need to freeze if SkipDevices is set, and either - // (1) systemd unit does not (yet) exist, or - // (2) it has DevicePolicy=auto and empty DeviceAllow list. - // - // Interestingly, (1) and (2) are the same here because - // a non-existent unit returns default properties, - // and settings in (2) are the defaults. - // - // Do not return errors from getUnitTypeProperty, as they alone - // should not prevent Set from working. - - unitType := getUnitType(unitName) - - devPolicy, e := getUnitTypeProperty(m.dbus, unitName, unitType, "DevicePolicy") - if e == nil && devPolicy.Value == dbus.MakeVariant("auto") { - devAllow, e := getUnitTypeProperty(m.dbus, unitName, unitType, "DeviceAllow") - if e == nil { - if rv := reflect.ValueOf(devAllow.Value.Value()); rv.Kind() == reflect.Slice && rv.Len() == 0 { - needsFreeze = false - needsThaw = false - return - } - } - } - } - - needsFreeze = true - needsThaw = true - - // Check the current freezer state. - freezerState, err := m.GetFreezerState() - if err != nil { - return - } - if freezerState == configs.Frozen { - // Already frozen, and should stay frozen. - needsFreeze = false - needsThaw = false - } - - if r.Freezer == configs.Frozen { - // Will be frozen anyway -- no need to thaw. - needsThaw = false - } - return -} - func (m *legacyManager) Set(r *configs.Resources) error { if r == nil { return nil diff --git a/libcontainer/cgroups/systemd/v1_test.go b/libcontainer/cgroups/systemd/v1_test.go deleted file mode 100644 index 7c7ef55fca1..00000000000 --- a/libcontainer/cgroups/systemd/v1_test.go +++ /dev/null @@ -1,220 +0,0 @@ -package systemd - -import ( - "os" - "os/exec" - "strings" - "testing" - - "golang.org/x/sys/unix" - - "github.com/opencontainers/runc/libcontainer/cgroups" - "github.com/opencontainers/runc/libcontainer/configs" -) - -func TestFreezeBeforeSet(t *testing.T) { - requireV1(t) - - testCases := []struct { - desc string - // Test input. - cg *configs.Cgroup - preFreeze bool - // Expected values. - // Before unit creation (Apply). - freeze0, thaw0 bool - // After unit creation. - freeze1, thaw1 bool - }{ - { - // A slice with SkipDevices. - desc: "slice,skip-devices", - cg: &configs.Cgroup{ - Name: "system-runc_test_freeze_1.slice", - Parent: "system.slice", - Resources: &configs.Resources{ - SkipDevices: true, - }, - }, - // Expected. - freeze0: false, - thaw0: false, - freeze1: false, - thaw1: false, - }, - { - // A scope with SkipDevices. Not a realistic scenario with runc - // (as container can't have SkipDevices == true), but possible - // for a standalone cgroup manager. - desc: "scope,skip-devices", - cg: &configs.Cgroup{ - ScopePrefix: "test", - Name: "testFreeze2", - Parent: "system.slice", - Resources: &configs.Resources{ - SkipDevices: true, - }, - }, - // Expected. - freeze0: false, - thaw0: false, - freeze1: false, - thaw1: false, - }, - { - // A slice that is about to be frozen in Set. - desc: "slice,will-freeze", - cg: &configs.Cgroup{ - Name: "system-runc_test_freeze_3.slice", - Parent: "system.slice", - Resources: &configs.Resources{ - Freezer: configs.Frozen, - }, - }, - // Expected. - freeze0: true, - thaw0: false, - freeze1: true, - thaw1: false, - }, - { - // A pre-frozen slice that should stay frozen. - desc: "slice,pre-frozen,will-freeze", - cg: &configs.Cgroup{ - Name: "system-runc_test_freeze_4.slice", - Parent: "system.slice", - Resources: &configs.Resources{ - Freezer: configs.Frozen, - }, - }, - preFreeze: true, - // Expected. - freeze0: true, // not actually frozen yet. - thaw0: false, - freeze1: false, - thaw1: false, - }, - { - // A pre-frozen scope with skip devices set. - desc: "scope,pre-frozen,skip-devices", - cg: &configs.Cgroup{ - ScopePrefix: "test", - Name: "testFreeze5", - Parent: "system.slice", - Resources: &configs.Resources{ - SkipDevices: true, - }, - }, - preFreeze: true, - // Expected. - freeze0: false, - thaw0: false, - freeze1: false, - thaw1: false, - }, - { - // A pre-frozen scope which will be thawed. - desc: "scope,pre-frozen", - cg: &configs.Cgroup{ - ScopePrefix: "test", - Name: "testFreeze6", - Parent: "system.slice", - Resources: &configs.Resources{}, - }, - preFreeze: true, - // Expected. - freeze0: true, // not actually frozen yet. - thaw0: true, - freeze1: false, - thaw1: false, - }, - } - - for _, tc := range testCases { - tc := tc - t.Run(tc.desc, func(t *testing.T) { - m, err := NewLegacyManager(tc.cg, nil) - if err != nil { - t.Fatal(err) - } - defer m.Destroy() //nolint:errcheck - lm := m.(*legacyManager) - - // Checks for a non-existent unit. - freeze, thaw, err := lm.freezeBeforeSet(getUnitName(tc.cg), tc.cg.Resources) - if err != nil { - t.Fatal(err) - } - if freeze != tc.freeze0 || thaw != tc.thaw0 { - t.Errorf("before Apply (non-existent unit): expected freeze: %v, thaw: %v, got freeze: %v, thaw: %v", - tc.freeze0, tc.thaw0, freeze, thaw) - } - - // Create systemd unit. - pid := -1 - if strings.HasSuffix(getUnitName(tc.cg), ".scope") { - // Scopes require a process inside. - cmd := exec.Command("bash", "-c", "sleep 1m") - if err := cmd.Start(); err != nil { - t.Fatal(err) - } - pid = cmd.Process.Pid - // Make sure to not leave a zombie. - defer func() { - // These may fail, we don't care. - _ = cmd.Process.Kill() - _ = cmd.Wait() - }() - } - if err := m.Apply(pid); err != nil { - t.Fatal(err) - } - if tc.preFreeze { - if err := m.Freeze(configs.Frozen); err != nil { - t.Error(err) - return // no more checks - } - } - freeze, thaw, err = lm.freezeBeforeSet(getUnitName(tc.cg), tc.cg.Resources) - if err != nil { - t.Error(err) - return // no more checks - } - if freeze != tc.freeze1 || thaw != tc.thaw1 { - t.Errorf("expected freeze: %v, thaw: %v, got freeze: %v, thaw: %v", - tc.freeze1, tc.thaw1, freeze, thaw) - } - // Destroy() timeouts on a frozen container, so we need to thaw it. - if tc.preFreeze { - if err := m.Freeze(configs.Thawed); err != nil { - t.Error(err) - } - } - // Destroy() does not kill processes in cgroup, so we should. - if pid != -1 { - if err = unix.Kill(pid, unix.SIGKILL); err != nil { - t.Errorf("unable to kill pid %d: %s", pid, err) - } - } - // Not really needed, but may help catch some bugs. - if err := m.Destroy(); err != nil { - t.Errorf("destroy: %s", err) - } - }) - } -} - -// requireV1 skips the test unless a set of requirements (cgroup v1, -// systemd, root) is met. -func requireV1(t *testing.T) { - t.Helper() - if cgroups.IsCgroup2UnifiedMode() { - t.Skip("Test requires cgroup v1.") - } - if !IsRunningSystemd() { - t.Skip("Test requires systemd.") - } - if os.Geteuid() != 0 { - t.Skip("Test requires root.") - } -} From b6967fa84c26b3fc8a870d178ccdf8d40785894a Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 6 Apr 2022 20:47:25 -0700 Subject: [PATCH 0040/1176] Decouple cgroup devices handling This commit separates the functionality of setting cgroup device rules out of libct/cgroups to libct/cgroups/devices package. This package, if imported, sets the function variables in libct/cgroups and libct/cgroups/systemd, so that a cgroup manager can use those to manage devices. If those function variables are nil (when libct/cgroups/devices are not imported), a cgroup manager returns the ErrDevicesUnsupported in case any device rules are set in Resources. It also consolidates the code from libct/cgroups/ebpf and libct/cgroups/ebpf/devicefilter into libct/cgroups/devices. Moved some tests in libct/cg/sd that require device management to libct/sd/devices. Signed-off-by: Kir Kolyshkin --- libcontainer/cgroups/cgroups.go | 15 ++ .../devicefilter => devices}/devicefilter.go | 9 +- .../devicefilter_test.go | 2 +- libcontainer/cgroups/devices/devices.go | 16 ++ .../cgroups/{ebpf => devices}/ebpf_linux.go | 2 +- libcontainer/cgroups/devices/systemd.go | 233 ++++++++++++++++ libcontainer/cgroups/devices/systemd_test.go | 253 ++++++++++++++++++ libcontainer/cgroups/devices/v1.go | 84 ++++++ .../devices_test.go => devices/v1_test.go} | 30 ++- .../cgroups/{fs2/devices.go => devices/v2.go} | 10 +- libcontainer/cgroups/fs/devices.go | 82 +----- libcontainer/cgroups/fs/fs.go | 2 +- libcontainer/cgroups/fs2/fs2.go | 16 +- libcontainer/cgroups/systemd/common.go | 16 ++ libcontainer/cgroups/systemd/devices.go | 219 --------------- .../{devices_test.go => freeze_test.go} | 226 +--------------- libcontainer/factory_linux.go | 2 + libcontainer/integration/init_test.go | 2 + 18 files changed, 674 insertions(+), 545 deletions(-) rename libcontainer/cgroups/{ebpf/devicefilter => devices}/devicefilter.go (95%) rename libcontainer/cgroups/{ebpf/devicefilter => devices}/devicefilter_test.go (99%) create mode 100644 libcontainer/cgroups/devices/devices.go rename libcontainer/cgroups/{ebpf => devices}/ebpf_linux.go (99%) create mode 100644 libcontainer/cgroups/devices/systemd.go create mode 100644 libcontainer/cgroups/devices/systemd_test.go create mode 100644 libcontainer/cgroups/devices/v1.go rename libcontainer/cgroups/{fs/devices_test.go => devices/v1_test.go} (60%) rename libcontainer/cgroups/{fs2/devices.go => devices/v2.go} (83%) rename libcontainer/cgroups/systemd/{devices_test.go => freeze_test.go} (57%) diff --git a/libcontainer/cgroups/cgroups.go b/libcontainer/cgroups/cgroups.go index ba2b2266c9d..b9ba889b7a0 100644 --- a/libcontainer/cgroups/cgroups.go +++ b/libcontainer/cgroups/cgroups.go @@ -1,9 +1,24 @@ package cgroups import ( + "errors" + "github.com/opencontainers/runc/libcontainer/configs" ) +var ( + // ErrDevicesUnsupported is an error returned when a cgroup manager + // is not configured to set device rules. + ErrDevicesUnsupported = errors.New("cgroup manager is not configured to set device rules") + + // DevicesSetV1 and DevicesSetV2 are functions to set devices for + // cgroup v1 and v2, respectively. Unless libcontainer/cgroups/devices + // package is imported, it is set to nil, so cgroup managers can't + // manage devices. + DevicesSetV1 func(path string, r *configs.Resources) error + DevicesSetV2 func(path string, r *configs.Resources) error +) + type Manager interface { // Apply creates a cgroup, if not yet created, and adds a process // with the specified pid into that cgroup. A special value of -1 diff --git a/libcontainer/cgroups/ebpf/devicefilter/devicefilter.go b/libcontainer/cgroups/devices/devicefilter.go similarity index 95% rename from libcontainer/cgroups/ebpf/devicefilter/devicefilter.go rename to libcontainer/cgroups/devices/devicefilter.go index 4e69b35bcda..3849810b30e 100644 --- a/libcontainer/cgroups/ebpf/devicefilter/devicefilter.go +++ b/libcontainer/cgroups/devices/devicefilter.go @@ -1,10 +1,10 @@ -// Package devicefilter contains eBPF device filter program +// Implements creation of eBPF device filter program. // -// The implementation is based on https://github.com/containers/crun/blob/0.10.2/src/libcrun/ebpf.c +// Based on https://github.com/containers/crun/blob/0.10.2/src/libcrun/ebpf.c // // Although ebpf.c is originally licensed under LGPL-3.0-or-later, the author (Giuseppe Scrivano) // agreed to relicense the file in Apache License 2.0: https://github.com/opencontainers/runc/issues/2144#issuecomment-543116397 -package devicefilter +package devices import ( "errors" @@ -13,7 +13,6 @@ import ( "strconv" "github.com/cilium/ebpf/asm" - devicesemulator "github.com/opencontainers/runc/libcontainer/cgroups/devices" "github.com/opencontainers/runc/libcontainer/devices" "golang.org/x/sys/unix" ) @@ -30,7 +29,7 @@ func DeviceFilter(rules []*devices.Rule) (asm.Instructions, string, error) { // gives us a guarantee that the behaviour of devices filtering is the same // as cgroupv1, including security hardenings to avoid misconfiguration // (such as punching holes in wildcard rules). - emu := new(devicesemulator.Emulator) + emu := new(Emulator) for _, rule := range rules { if err := emu.Apply(*rule); err != nil { return nil, "", err diff --git a/libcontainer/cgroups/ebpf/devicefilter/devicefilter_test.go b/libcontainer/cgroups/devices/devicefilter_test.go similarity index 99% rename from libcontainer/cgroups/ebpf/devicefilter/devicefilter_test.go rename to libcontainer/cgroups/devices/devicefilter_test.go index 25703be5ad7..7cabf0673f5 100644 --- a/libcontainer/cgroups/ebpf/devicefilter/devicefilter_test.go +++ b/libcontainer/cgroups/devices/devicefilter_test.go @@ -1,4 +1,4 @@ -package devicefilter +package devices import ( "strings" diff --git a/libcontainer/cgroups/devices/devices.go b/libcontainer/cgroups/devices/devices.go new file mode 100644 index 00000000000..844d0563b59 --- /dev/null +++ b/libcontainer/cgroups/devices/devices.go @@ -0,0 +1,16 @@ +// Package devices contains functionality to manage cgroup devices, which +// is exposed indirectly via libcontainer/cgroups managers. +// +// To enable cgroup managers to manage devices, this package must be imported. +package devices + +import ( + "github.com/opencontainers/runc/libcontainer/cgroups" + "github.com/opencontainers/runc/libcontainer/cgroups/systemd" +) + +func init() { + cgroups.DevicesSetV1 = setV1 + cgroups.DevicesSetV2 = setV2 + systemd.GenerateDeviceProps = systemdProperties +} diff --git a/libcontainer/cgroups/ebpf/ebpf_linux.go b/libcontainer/cgroups/devices/ebpf_linux.go similarity index 99% rename from libcontainer/cgroups/ebpf/ebpf_linux.go rename to libcontainer/cgroups/devices/ebpf_linux.go index 104c74a890f..77277f93bb7 100644 --- a/libcontainer/cgroups/ebpf/ebpf_linux.go +++ b/libcontainer/cgroups/devices/ebpf_linux.go @@ -1,4 +1,4 @@ -package ebpf +package devices import ( "errors" diff --git a/libcontainer/cgroups/devices/systemd.go b/libcontainer/cgroups/devices/systemd.go new file mode 100644 index 00000000000..02962540058 --- /dev/null +++ b/libcontainer/cgroups/devices/systemd.go @@ -0,0 +1,233 @@ +package devices + +import ( + "bufio" + "errors" + "fmt" + "os" + "strings" + + systemdDbus "github.com/coreos/go-systemd/v22/dbus" + "github.com/godbus/dbus/v5" + "github.com/sirupsen/logrus" + + "github.com/opencontainers/runc/libcontainer/configs" + "github.com/opencontainers/runc/libcontainer/devices" +) + +// systemdProperties takes the configured device rules and generates a +// corresponding set of systemd properties to configure the devices correctly. +func systemdProperties(r *configs.Resources) ([]systemdDbus.Property, error) { + if r.SkipDevices { + return nil, nil + } + + properties := []systemdDbus.Property{ + // Always run in the strictest white-list mode. + newProp("DevicePolicy", "strict"), + // Empty the DeviceAllow array before filling it. + newProp("DeviceAllow", []deviceAllowEntry{}), + } + + // Figure out the set of rules. + configEmu := Emulator{} + for _, rule := range r.Devices { + if err := configEmu.Apply(*rule); err != nil { + return nil, fmt.Errorf("unable to apply rule for systemd: %w", err) + } + } + // systemd doesn't support blacklists. So we log a warning, and tell + // systemd to act as a deny-all whitelist. This ruleset will be replaced + // with our normal fallback code. This may result in spurious errors, but + // the only other option is to error out here. + if configEmu.IsBlacklist() { + // However, if we're dealing with an allow-all rule then we can do it. + if configEmu.IsAllowAll() { + return allowAllDevices(), nil + } + logrus.Warn("systemd doesn't support blacklist device rules -- applying temporary deny-all rule") + return properties, nil + } + + // Now generate the set of rules we actually need to apply. Unlike the + // normal devices cgroup, in "strict" mode systemd defaults to a deny-all + // whitelist which is the default for devices.Emulator. + finalRules, err := configEmu.Rules() + if err != nil { + return nil, fmt.Errorf("unable to get simplified rules for systemd: %w", err) + } + var deviceAllowList []deviceAllowEntry + for _, rule := range finalRules { + if !rule.Allow { + // Should never happen. + return nil, fmt.Errorf("[internal error] cannot add deny rule to systemd DeviceAllow list: %v", *rule) + } + switch rule.Type { + case devices.BlockDevice, devices.CharDevice: + default: + // Should never happen. + return nil, fmt.Errorf("invalid device type for DeviceAllow: %v", rule.Type) + } + + entry := deviceAllowEntry{ + Perms: string(rule.Permissions), + } + + // systemd has a fairly odd (though understandable) syntax here, and + // because of the OCI configuration format we have to do quite a bit of + // trickery to convert things: + // + // * Concrete rules with non-wildcard major/minor numbers have to use + // /dev/{block,char} paths. This is slightly odd because it means + // that we cannot add whitelist rules for devices that don't exist, + // but there's not too much we can do about that. + // + // However, path globbing is not support for path-based rules so we + // need to handle wildcards in some other manner. + // + // * Wildcard-minor rules have to specify a "device group name" (the + // second column in /proc/devices). + // + // * Wildcard (major and minor) rules can just specify a glob with the + // type ("char-*" or "block-*"). + // + // The only type of rule we can't handle is wildcard-major rules, and + // so we'll give a warning in that case (note that the fallback code + // will insert any rules systemd couldn't handle). What amazing fun. + + if rule.Major == devices.Wildcard { + // "_ *:n _" rules aren't supported by systemd. + if rule.Minor != devices.Wildcard { + logrus.Warnf("systemd doesn't support '*:n' device rules -- temporarily ignoring rule: %v", *rule) + continue + } + + // "_ *:* _" rules just wildcard everything. + prefix, err := groupPrefix(rule.Type) + if err != nil { + return nil, err + } + entry.Path = prefix + "*" + } else if rule.Minor == devices.Wildcard { + // "_ n:* _" rules require a device group from /proc/devices. + group, err := findDeviceGroup(rule.Type, rule.Major) + if err != nil { + return nil, fmt.Errorf("unable to find device '%v/%d': %w", rule.Type, rule.Major, err) + } + if group == "" { + // Couldn't find a group. + logrus.Warnf("could not find device group for '%v/%d' in /proc/devices -- temporarily ignoring rule: %v", rule.Type, rule.Major, *rule) + continue + } + entry.Path = group + } else { + // "_ n:m _" rules are just a path in /dev/{block,char}/. + switch rule.Type { + case devices.BlockDevice: + entry.Path = fmt.Sprintf("/dev/block/%d:%d", rule.Major, rule.Minor) + case devices.CharDevice: + entry.Path = fmt.Sprintf("/dev/char/%d:%d", rule.Major, rule.Minor) + } + } + deviceAllowList = append(deviceAllowList, entry) + } + + properties = append(properties, newProp("DeviceAllow", deviceAllowList)) + return properties, nil +} + +func newProp(name string, units interface{}) systemdDbus.Property { + return systemdDbus.Property{ + Name: name, + Value: dbus.MakeVariant(units), + } +} + +func groupPrefix(ruleType devices.Type) (string, error) { + switch ruleType { + case devices.BlockDevice: + return "block-", nil + case devices.CharDevice: + return "char-", nil + default: + return "", fmt.Errorf("device type %v has no group prefix", ruleType) + } +} + +// findDeviceGroup tries to find the device group name (as listed in +// /proc/devices) with the type prefixed as required for DeviceAllow, for a +// given (type, major) combination. If more than one device group exists, an +// arbitrary one is chosen. +func findDeviceGroup(ruleType devices.Type, ruleMajor int64) (string, error) { + fh, err := os.Open("/proc/devices") + if err != nil { + return "", err + } + defer fh.Close() + + prefix, err := groupPrefix(ruleType) + if err != nil { + return "", err + } + + scanner := bufio.NewScanner(fh) + var currentType devices.Type + for scanner.Scan() { + // We need to strip spaces because the first number is column-aligned. + line := strings.TrimSpace(scanner.Text()) + + // Handle the "header" lines. + switch line { + case "Block devices:": + currentType = devices.BlockDevice + continue + case "Character devices:": + currentType = devices.CharDevice + continue + case "": + continue + } + + // Skip lines unrelated to our type. + if currentType != ruleType { + continue + } + + // Parse out the (major, name). + var ( + currMajor int64 + currName string + ) + if n, err := fmt.Sscanf(line, "%d %s", &currMajor, &currName); err != nil || n != 2 { + if err == nil { + err = errors.New("wrong number of fields") + } + return "", fmt.Errorf("scan /proc/devices line %q: %w", line, err) + } + + if currMajor == ruleMajor { + return prefix + currName, nil + } + } + if err := scanner.Err(); err != nil { + return "", fmt.Errorf("reading /proc/devices: %w", err) + } + // Couldn't find the device group. + return "", nil +} + +// DeviceAllow is the dbus type "a(ss)" which means we need a struct +// to represent it in Go. +type deviceAllowEntry struct { + Path string + Perms string +} + +func allowAllDevices() []systemdDbus.Property { + // Setting mode to auto and removing all DeviceAllow rules + // results in allowing access to all devices. + return []systemdDbus.Property{ + newProp("DevicePolicy", "auto"), + newProp("DeviceAllow", []deviceAllowEntry{}), + } +} diff --git a/libcontainer/cgroups/devices/systemd_test.go b/libcontainer/cgroups/devices/systemd_test.go new file mode 100644 index 00000000000..e20b57c5d40 --- /dev/null +++ b/libcontainer/cgroups/devices/systemd_test.go @@ -0,0 +1,253 @@ +package devices + +import ( + "bytes" + "os" + "os/exec" + "strings" + "testing" + + "github.com/opencontainers/runc/libcontainer/cgroups" + "github.com/opencontainers/runc/libcontainer/cgroups/systemd" + "github.com/opencontainers/runc/libcontainer/configs" + "github.com/opencontainers/runc/libcontainer/devices" +) + +// TestPodSkipDevicesUpdate checks that updating a pod having SkipDevices: true +// does not result in spurious "permission denied" errors in a container +// running under the pod. The test is somewhat similar in nature to the +// @test "update devices [minimal transition rules]" in tests/integration, +// but uses a pod. +func TestPodSkipDevicesUpdate(t *testing.T) { + if !systemd.IsRunningSystemd() { + t.Skip("Test requires systemd.") + } + if os.Geteuid() != 0 { + t.Skip("Test requires root.") + } + + podName := "system-runc_test_pod" + t.Name() + ".slice" + podConfig := &configs.Cgroup{ + Systemd: true, + Parent: "system.slice", + Name: podName, + Resources: &configs.Resources{ + PidsLimit: 42, + Memory: 32 * 1024 * 1024, + SkipDevices: true, + }, + } + // Create "pod" cgroup (a systemd slice to hold containers). + pm := newManager(t, podConfig) + if err := pm.Apply(-1); err != nil { + t.Fatal(err) + } + if err := pm.Set(podConfig.Resources); err != nil { + t.Fatal(err) + } + + containerConfig := &configs.Cgroup{ + Parent: podName, + ScopePrefix: "test", + Name: "PodSkipDevicesUpdate", + Resources: &configs.Resources{ + Devices: []*devices.Rule{ + // Allow access to /dev/null. + { + Type: devices.CharDevice, + Major: 1, + Minor: 3, + Permissions: "rwm", + Allow: true, + }, + }, + }, + } + + // Create a "container" within the "pod" cgroup. + // This is not a real container, just a process in the cgroup. + cmd := exec.Command("bash", "-c", "while true; do echo > /dev/null; done") + cmd.Env = append(os.Environ(), "LANG=C") + var stderr bytes.Buffer + cmd.Stderr = &stderr + if err := cmd.Start(); err != nil { + t.Fatal(err) + } + // Make sure to not leave a zombie. + defer func() { + // These may fail, we don't care. + _ = cmd.Process.Kill() + _ = cmd.Wait() + }() + + // Put the process into a cgroup. + cm := newManager(t, containerConfig) + if err := cm.Apply(cmd.Process.Pid); err != nil { + t.Fatal(err) + } + // Check that we put the "container" into the "pod" cgroup. + if !strings.HasPrefix(cm.Path("devices"), pm.Path("devices")) { + t.Fatalf("expected container cgroup path %q to be under pod cgroup path %q", + cm.Path("devices"), pm.Path("devices")) + } + if err := cm.Set(containerConfig.Resources); err != nil { + t.Fatal(err) + } + + // Now update the pod a few times. + for i := 0; i < 42; i++ { + podConfig.Resources.PidsLimit++ + podConfig.Resources.Memory += 1024 * 1024 + if err := pm.Set(podConfig.Resources); err != nil { + t.Fatal(err) + } + } + // Kill the "container". + if err := cmd.Process.Kill(); err != nil { + t.Fatal(err) + } + + _ = cmd.Wait() + + // "Container" stderr should be empty. + if stderr.Len() != 0 { + t.Fatalf("container stderr not empty: %s", stderr.String()) + } +} + +func testSkipDevices(t *testing.T, skipDevices bool, expected []string) { + if !systemd.IsRunningSystemd() { + t.Skip("Test requires systemd.") + } + if os.Geteuid() != 0 { + t.Skip("Test requires root.") + } + + podConfig := &configs.Cgroup{ + Parent: "system.slice", + Name: "system-runc_test_pods.slice", + Resources: &configs.Resources{ + SkipDevices: skipDevices, + }, + } + // Create "pods" cgroup (a systemd slice to hold containers). + pm := newManager(t, podConfig) + if err := pm.Apply(-1); err != nil { + t.Fatal(err) + } + if err := pm.Set(podConfig.Resources); err != nil { + t.Fatal(err) + } + + config := &configs.Cgroup{ + Parent: "system-runc_test_pods.slice", + ScopePrefix: "test", + Name: "SkipDevices", + Resources: &configs.Resources{ + Devices: []*devices.Rule{ + // Allow access to /dev/full only. + { + Type: devices.CharDevice, + Major: 1, + Minor: 7, + Permissions: "rwm", + Allow: true, + }, + }, + }, + } + + // Create a "container" within the "pods" cgroup. + // This is not a real container, just a process in the cgroup. + cmd := exec.Command("bash", "-c", "read; echo > /dev/full; cat /dev/null; true") + cmd.Env = append(os.Environ(), "LANG=C") + stdinR, stdinW, err := os.Pipe() + if err != nil { + t.Fatal(err) + } + cmd.Stdin = stdinR + var stderr bytes.Buffer + cmd.Stderr = &stderr + err = cmd.Start() + stdinR.Close() + defer stdinW.Close() + if err != nil { + t.Fatal(err) + } + // Make sure to not leave a zombie. + defer func() { + // These may fail, we don't care. + _, _ = stdinW.WriteString("hey\n") + _ = cmd.Wait() + }() + + // Put the process into a cgroup. + m := newManager(t, config) + if err := m.Apply(cmd.Process.Pid); err != nil { + t.Fatal(err) + } + // Check that we put the "container" into the "pod" cgroup. + if !strings.HasPrefix(m.Path("devices"), pm.Path("devices")) { + t.Fatalf("expected container cgroup path %q to be under pod cgroup path %q", + m.Path("devices"), pm.Path("devices")) + } + if err := m.Set(config.Resources); err != nil { + // failed to write "c 1:7 rwm": write /sys/fs/cgroup/devices/system.slice/system-runc_test_pods.slice/test-SkipDevices.scope/devices.allow: operation not permitted + if skipDevices == false && strings.HasSuffix(err.Error(), "/devices.allow: operation not permitted") { + // Cgroup v1 devices controller gives EPERM on trying + // to enable devices that are not enabled + // (skipDevices=false) in a parent cgroup. + // If this happens, test is passing. + return + } + t.Fatal(err) + } + + // Check that we can access /dev/full but not /dev/zero. + if _, err := stdinW.WriteString("wow\n"); err != nil { + t.Fatal(err) + } + if err := cmd.Wait(); err != nil { + t.Fatal(err) + } + for _, exp := range expected { + if !strings.Contains(stderr.String(), exp) { + t.Errorf("expected %q, got: %s", exp, stderr.String()) + } + } +} + +func TestSkipDevicesTrue(t *testing.T) { + testSkipDevices(t, true, []string{ + "echo: write error: No space left on device", + "cat: /dev/null: Operation not permitted", + }) +} + +func TestSkipDevicesFalse(t *testing.T) { + // If SkipDevices is not set for the parent slice, access to both + // devices should fail. This is done to assess the test correctness. + // For cgroup v1, we check for m.Set returning EPERM. + // For cgroup v2, we check for the errors below. + testSkipDevices(t, false, []string{ + "/dev/full: Operation not permitted", + "cat: /dev/null: Operation not permitted", + }) +} + +func newManager(t *testing.T, config *configs.Cgroup) (m cgroups.Manager) { + t.Helper() + var err error + + if cgroups.IsCgroup2UnifiedMode() { + m, err = systemd.NewUnifiedManager(config, "") + } else { + m, err = systemd.NewLegacyManager(config, nil) + } + if err != nil { + t.Fatal(err) + } + t.Cleanup(func() { _ = m.Destroy() }) + + return m +} diff --git a/libcontainer/cgroups/devices/v1.go b/libcontainer/cgroups/devices/v1.go new file mode 100644 index 00000000000..64eadd12f11 --- /dev/null +++ b/libcontainer/cgroups/devices/v1.go @@ -0,0 +1,84 @@ +package devices + +import ( + "bytes" + "errors" + "reflect" + + "github.com/opencontainers/runc/libcontainer/cgroups" + "github.com/opencontainers/runc/libcontainer/configs" + "github.com/opencontainers/runc/libcontainer/devices" + "github.com/opencontainers/runc/libcontainer/userns" +) + +var testingSkipFinalCheck bool + +func setV1(path string, r *configs.Resources) error { + if userns.RunningInUserNS() || r.SkipDevices { + return nil + } + // Generate two emulators, one for the current state of the cgroup and one + // for the requested state by the user. + current, err := loadEmulator(path) + if err != nil { + return err + } + target, err := buildEmulator(r.Devices) + if err != nil { + return err + } + + // Compute the minimal set of transition rules needed to achieve the + // requested state. + transitionRules, err := current.Transition(target) + if err != nil { + return err + } + for _, rule := range transitionRules { + file := "devices.deny" + if rule.Allow { + file = "devices.allow" + } + if err := cgroups.WriteFile(path, file, rule.CgroupString()); err != nil { + return err + } + } + + // Final safety check -- ensure that the resulting state is what was + // requested. This is only really correct for white-lists, but for + // black-lists we can at least check that the cgroup is in the right mode. + // + // This safety-check is skipped for the unit tests because we cannot + // currently mock devices.list correctly. + if !testingSkipFinalCheck { + currentAfter, err := loadEmulator(path) + if err != nil { + return err + } + if !target.IsBlacklist() && !reflect.DeepEqual(currentAfter, target) { + return errors.New("resulting devices cgroup doesn't precisely match target") + } else if target.IsBlacklist() != currentAfter.IsBlacklist() { + return errors.New("resulting devices cgroup doesn't match target mode") + } + } + return nil +} + +func loadEmulator(path string) (*Emulator, error) { + list, err := cgroups.ReadFile(path, "devices.list") + if err != nil { + return nil, err + } + return EmulatorFromList(bytes.NewBufferString(list)) +} + +func buildEmulator(rules []*devices.Rule) (*Emulator, error) { + // This defaults to a white-list -- which is what we want! + emu := &Emulator{} + for _, rule := range rules { + if err := emu.Apply(*rule); err != nil { + return nil, err + } + } + return emu, nil +} diff --git a/libcontainer/cgroups/fs/devices_test.go b/libcontainer/cgroups/devices/v1_test.go similarity index 60% rename from libcontainer/cgroups/fs/devices_test.go rename to libcontainer/cgroups/devices/v1_test.go index bdd1967836e..1d1c4c3770a 100644 --- a/libcontainer/cgroups/fs/devices_test.go +++ b/libcontainer/cgroups/devices/v1_test.go @@ -1,21 +1,34 @@ -package fs +package devices import ( + "os" + "path" "testing" + "github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/cgroups/fscommon" "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/devices" ) -func TestDevicesSetAllow(t *testing.T) { - path := tempDir(t, "devices") +func init() { + testingSkipFinalCheck = true + cgroups.TestMode = true +} + +func TestSetV1Allow(t *testing.T) { + dir := t.TempDir() - writeFileContents(t, path, map[string]string{ + for file, contents := range map[string]string{ "devices.allow": "", "devices.deny": "", "devices.list": "a *:* rwm", - }) + } { + err := os.WriteFile(path.Join(dir, file), []byte(contents), 0o600) + if err != nil { + t.Fatal(err) + } + } r := &configs.Resources{ Devices: []*devices.Rule{ @@ -29,13 +42,12 @@ func TestDevicesSetAllow(t *testing.T) { }, } - d := &DevicesGroup{TestingSkipFinalCheck: true} - if err := d.Set(path, r); err != nil { + if err := setV1(dir, r); err != nil { t.Fatal(err) } // The default deny rule must be written. - value, err := fscommon.GetCgroupParamString(path, "devices.deny") + value, err := fscommon.GetCgroupParamString(dir, "devices.deny") if err != nil { t.Fatal(err) } @@ -44,7 +56,7 @@ func TestDevicesSetAllow(t *testing.T) { } // Permitted rule must be written. - if value, err := fscommon.GetCgroupParamString(path, "devices.allow"); err != nil { + if value, err := fscommon.GetCgroupParamString(dir, "devices.allow"); err != nil { t.Fatal(err) } else if value != "c 1:5 rwm" { t.Errorf("Got the wrong value (%q), set devices.allow failed.", value) diff --git a/libcontainer/cgroups/fs2/devices.go b/libcontainer/cgroups/devices/v2.go similarity index 83% rename from libcontainer/cgroups/fs2/devices.go rename to libcontainer/cgroups/devices/v2.go index 0d23456072c..a1b3f3a5a5e 100644 --- a/libcontainer/cgroups/fs2/devices.go +++ b/libcontainer/cgroups/devices/v2.go @@ -1,12 +1,10 @@ -package fs2 +package devices import ( "fmt" "golang.org/x/sys/unix" - "github.com/opencontainers/runc/libcontainer/cgroups/ebpf" - "github.com/opencontainers/runc/libcontainer/cgroups/ebpf/devicefilter" "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/devices" "github.com/opencontainers/runc/libcontainer/userns" @@ -53,11 +51,11 @@ func canSkipEBPFError(r *configs.Resources) bool { return true } -func setDevices(dirPath string, r *configs.Resources) error { +func setV2(dirPath string, r *configs.Resources) error { if r.SkipDevices { return nil } - insts, license, err := devicefilter.DeviceFilter(r.Devices) + insts, license, err := DeviceFilter(r.Devices) if err != nil { return err } @@ -66,7 +64,7 @@ func setDevices(dirPath string, r *configs.Resources) error { return fmt.Errorf("cannot get dir FD for %s", dirPath) } defer unix.Close(dirFD) - if _, err := ebpf.LoadAttachCgroupDeviceFilter(insts, license, dirFD); err != nil { + if _, err := LoadAttachCgroupDeviceFilter(insts, license, dirFD); err != nil { if !canSkipEBPFError(r) { return err } diff --git a/libcontainer/cgroups/fs/devices.go b/libcontainer/cgroups/fs/devices.go index 4527a70ebfc..0bf3d9debb9 100644 --- a/libcontainer/cgroups/fs/devices.go +++ b/libcontainer/cgroups/fs/devices.go @@ -1,20 +1,11 @@ package fs import ( - "bytes" - "errors" - "reflect" - "github.com/opencontainers/runc/libcontainer/cgroups" - cgroupdevices "github.com/opencontainers/runc/libcontainer/cgroups/devices" "github.com/opencontainers/runc/libcontainer/configs" - "github.com/opencontainers/runc/libcontainer/devices" - "github.com/opencontainers/runc/libcontainer/userns" ) -type DevicesGroup struct { - TestingSkipFinalCheck bool -} +type DevicesGroup struct{} func (s *DevicesGroup) Name() string { return "devices" @@ -33,75 +24,14 @@ func (s *DevicesGroup) Apply(path string, r *configs.Resources, pid int) error { return apply(path, pid) } -func loadEmulator(path string) (*cgroupdevices.Emulator, error) { - list, err := cgroups.ReadFile(path, "devices.list") - if err != nil { - return nil, err - } - return cgroupdevices.EmulatorFromList(bytes.NewBufferString(list)) -} - -func buildEmulator(rules []*devices.Rule) (*cgroupdevices.Emulator, error) { - // This defaults to a white-list -- which is what we want! - emu := &cgroupdevices.Emulator{} - for _, rule := range rules { - if err := emu.Apply(*rule); err != nil { - return nil, err - } - } - return emu, nil -} - func (s *DevicesGroup) Set(path string, r *configs.Resources) error { - if userns.RunningInUserNS() || r.SkipDevices { - return nil - } - - // Generate two emulators, one for the current state of the cgroup and one - // for the requested state by the user. - current, err := loadEmulator(path) - if err != nil { - return err - } - target, err := buildEmulator(r.Devices) - if err != nil { - return err - } - - // Compute the minimal set of transition rules needed to achieve the - // requested state. - transitionRules, err := current.Transition(target) - if err != nil { - return err - } - for _, rule := range transitionRules { - file := "devices.deny" - if rule.Allow { - file = "devices.allow" - } - if err := cgroups.WriteFile(path, file, rule.CgroupString()); err != nil { - return err + if cgroups.DevicesSetV1 == nil { + if len(r.Devices) == 0 { + return nil } + return cgroups.ErrDevicesUnsupported } - - // Final safety check -- ensure that the resulting state is what was - // requested. This is only really correct for white-lists, but for - // black-lists we can at least check that the cgroup is in the right mode. - // - // This safety-check is skipped for the unit tests because we cannot - // currently mock devices.list correctly. - if !s.TestingSkipFinalCheck { - currentAfter, err := loadEmulator(path) - if err != nil { - return err - } - if !target.IsBlacklist() && !reflect.DeepEqual(currentAfter, target) { - return errors.New("resulting devices cgroup doesn't precisely match target") - } else if target.IsBlacklist() != currentAfter.IsBlacklist() { - return errors.New("resulting devices cgroup doesn't match target mode") - } - } - return nil + return cgroups.DevicesSetV1(path, r) } func (s *DevicesGroup) GetStats(path string, stats *cgroups.Stats) error { diff --git a/libcontainer/cgroups/fs/fs.go b/libcontainer/cgroups/fs/fs.go index fb4fcc7f75b..be4dcc341bb 100644 --- a/libcontainer/cgroups/fs/fs.go +++ b/libcontainer/cgroups/fs/fs.go @@ -182,7 +182,7 @@ func (m *manager) Set(r *configs.Resources) error { if err := sys.Set(path, r); err != nil { // When rootless is true, errors from the device subsystem // are ignored, as it is really not expected to work. - if m.cgroups.Rootless && sys.Name() == "devices" { + if m.cgroups.Rootless && sys.Name() == "devices" && !errors.Is(err, cgroups.ErrDevicesUnsupported) { continue } // However, errors from other subsystems are not ignored. diff --git a/libcontainer/cgroups/fs2/fs2.go b/libcontainer/cgroups/fs2/fs2.go index 492778e3105..d5208d7782f 100644 --- a/libcontainer/cgroups/fs2/fs2.go +++ b/libcontainer/cgroups/fs2/fs2.go @@ -175,8 +175,10 @@ func (m *manager) Set(r *configs.Resources) error { // When rootless is true, errors from the device subsystem are ignored because it is really not expected to work. // However, errors from other subsystems are not ignored. // see @test "runc create (rootless + limits + no cgrouppath + no permission) fails with informative error" - if err := setDevices(m.dirPath, r); err != nil && !m.config.Rootless { - return err + if err := setDevices(m.dirPath, r); err != nil { + if !m.config.Rootless || errors.Is(err, cgroups.ErrDevicesUnsupported) { + return err + } } // cpuset (since kernel 5.0) if err := setCpuset(m.dirPath, r); err != nil { @@ -201,6 +203,16 @@ func (m *manager) Set(r *configs.Resources) error { return nil } +func setDevices(dirPath string, r *configs.Resources) error { + if cgroups.DevicesSetV2 == nil { + if len(r.Devices) > 0 { + return cgroups.ErrDevicesUnsupported + } + return nil + } + return cgroups.DevicesSetV2(dirPath, r) +} + func (m *manager) setUnified(res map[string]string) error { for k, v := range res { if strings.Contains(k, "/") { diff --git a/libcontainer/cgroups/systemd/common.go b/libcontainer/cgroups/systemd/common.go index ddb9c44dc10..0c3562e6bfe 100644 --- a/libcontainer/cgroups/systemd/common.go +++ b/libcontainer/cgroups/systemd/common.go @@ -16,6 +16,7 @@ import ( dbus "github.com/godbus/dbus/v5" "github.com/sirupsen/logrus" + "github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/configs" ) @@ -32,6 +33,8 @@ var ( isRunningSystemdOnce sync.Once isRunningSystemd bool + + GenerateDeviceProps func(*configs.Resources) ([]systemdDbus.Property, error) ) // NOTE: This function comes from package github.com/coreos/go-systemd/util @@ -313,3 +316,16 @@ func addCpuset(cm *dbusConnManager, props *[]systemdDbus.Property, cpus, mems st } return nil } + +// generateDeviceProperties takes the configured device rules and generates a +// corresponding set of systemd properties to configure the devices correctly. +func generateDeviceProperties(r *configs.Resources) ([]systemdDbus.Property, error) { + if GenerateDeviceProps == nil { + if len(r.Devices) > 0 { + return nil, cgroups.ErrDevicesUnsupported + } + return nil, nil + } + + return GenerateDeviceProps(r) +} diff --git a/libcontainer/cgroups/systemd/devices.go b/libcontainer/cgroups/systemd/devices.go index 221c978942c..edd1f158568 100644 --- a/libcontainer/cgroups/systemd/devices.go +++ b/libcontainer/cgroups/systemd/devices.go @@ -1,20 +1,11 @@ package systemd import ( - "bufio" - "errors" - "fmt" - "os" "reflect" - "strings" - systemdDbus "github.com/coreos/go-systemd/v22/dbus" dbus "github.com/godbus/dbus/v5" - "github.com/sirupsen/logrus" - cgroupdevices "github.com/opencontainers/runc/libcontainer/cgroups/devices" "github.com/opencontainers/runc/libcontainer/configs" - "github.com/opencontainers/runc/libcontainer/devices" ) // freezeBeforeSet answers whether there is a need to freeze the cgroup before @@ -81,213 +72,3 @@ func (m *legacyManager) freezeBeforeSet(unitName string, r *configs.Resources) ( } return } - -func groupPrefix(ruleType devices.Type) (string, error) { - switch ruleType { - case devices.BlockDevice: - return "block-", nil - case devices.CharDevice: - return "char-", nil - default: - return "", fmt.Errorf("device type %v has no group prefix", ruleType) - } -} - -// findDeviceGroup tries to find the device group name (as listed in -// /proc/devices) with the type prefixed as required for DeviceAllow, for a -// given (type, major) combination. If more than one device group exists, an -// arbitrary one is chosen. -func findDeviceGroup(ruleType devices.Type, ruleMajor int64) (string, error) { - fh, err := os.Open("/proc/devices") - if err != nil { - return "", err - } - defer fh.Close() - - prefix, err := groupPrefix(ruleType) - if err != nil { - return "", err - } - - scanner := bufio.NewScanner(fh) - var currentType devices.Type - for scanner.Scan() { - // We need to strip spaces because the first number is column-aligned. - line := strings.TrimSpace(scanner.Text()) - - // Handle the "header" lines. - switch line { - case "Block devices:": - currentType = devices.BlockDevice - continue - case "Character devices:": - currentType = devices.CharDevice - continue - case "": - continue - } - - // Skip lines unrelated to our type. - if currentType != ruleType { - continue - } - - // Parse out the (major, name). - var ( - currMajor int64 - currName string - ) - if n, err := fmt.Sscanf(line, "%d %s", &currMajor, &currName); err != nil || n != 2 { - if err == nil { - err = errors.New("wrong number of fields") - } - return "", fmt.Errorf("scan /proc/devices line %q: %w", line, err) - } - - if currMajor == ruleMajor { - return prefix + currName, nil - } - } - if err := scanner.Err(); err != nil { - return "", fmt.Errorf("reading /proc/devices: %w", err) - } - // Couldn't find the device group. - return "", nil -} - -// DeviceAllow is the dbus type "a(ss)" which means we need a struct -// to represent it in Go. -type deviceAllowEntry struct { - Path string - Perms string -} - -func allowAllDevices() []systemdDbus.Property { - // Setting mode to auto and removing all DeviceAllow rules - // results in allowing access to all devices. - return []systemdDbus.Property{ - newProp("DevicePolicy", "auto"), - newProp("DeviceAllow", []deviceAllowEntry{}), - } -} - -// generateDeviceProperties takes the configured device rules and generates a -// corresponding set of systemd properties to configure the devices correctly. -func generateDeviceProperties(r *configs.Resources) ([]systemdDbus.Property, error) { - if r.SkipDevices { - return nil, nil - } - - properties := []systemdDbus.Property{ - // Always run in the strictest white-list mode. - newProp("DevicePolicy", "strict"), - // Empty the DeviceAllow array before filling it. - newProp("DeviceAllow", []deviceAllowEntry{}), - } - - // Figure out the set of rules. - configEmu := &cgroupdevices.Emulator{} - for _, rule := range r.Devices { - if err := configEmu.Apply(*rule); err != nil { - return nil, fmt.Errorf("unable to apply rule for systemd: %w", err) - } - } - // systemd doesn't support blacklists. So we log a warning, and tell - // systemd to act as a deny-all whitelist. This ruleset will be replaced - // with our normal fallback code. This may result in spurious errors, but - // the only other option is to error out here. - if configEmu.IsBlacklist() { - // However, if we're dealing with an allow-all rule then we can do it. - if configEmu.IsAllowAll() { - return allowAllDevices(), nil - } - logrus.Warn("systemd doesn't support blacklist device rules -- applying temporary deny-all rule") - return properties, nil - } - - // Now generate the set of rules we actually need to apply. Unlike the - // normal devices cgroup, in "strict" mode systemd defaults to a deny-all - // whitelist which is the default for devices.Emulator. - finalRules, err := configEmu.Rules() - if err != nil { - return nil, fmt.Errorf("unable to get simplified rules for systemd: %w", err) - } - var deviceAllowList []deviceAllowEntry - for _, rule := range finalRules { - if !rule.Allow { - // Should never happen. - return nil, fmt.Errorf("[internal error] cannot add deny rule to systemd DeviceAllow list: %v", *rule) - } - switch rule.Type { - case devices.BlockDevice, devices.CharDevice: - default: - // Should never happen. - return nil, fmt.Errorf("invalid device type for DeviceAllow: %v", rule.Type) - } - - entry := deviceAllowEntry{ - Perms: string(rule.Permissions), - } - - // systemd has a fairly odd (though understandable) syntax here, and - // because of the OCI configuration format we have to do quite a bit of - // trickery to convert things: - // - // * Concrete rules with non-wildcard major/minor numbers have to use - // /dev/{block,char} paths. This is slightly odd because it means - // that we cannot add whitelist rules for devices that don't exist, - // but there's not too much we can do about that. - // - // However, path globbing is not support for path-based rules so we - // need to handle wildcards in some other manner. - // - // * Wildcard-minor rules have to specify a "device group name" (the - // second column in /proc/devices). - // - // * Wildcard (major and minor) rules can just specify a glob with the - // type ("char-*" or "block-*"). - // - // The only type of rule we can't handle is wildcard-major rules, and - // so we'll give a warning in that case (note that the fallback code - // will insert any rules systemd couldn't handle). What amazing fun. - - if rule.Major == devices.Wildcard { - // "_ *:n _" rules aren't supported by systemd. - if rule.Minor != devices.Wildcard { - logrus.Warnf("systemd doesn't support '*:n' device rules -- temporarily ignoring rule: %v", *rule) - continue - } - - // "_ *:* _" rules just wildcard everything. - prefix, err := groupPrefix(rule.Type) - if err != nil { - return nil, err - } - entry.Path = prefix + "*" - } else if rule.Minor == devices.Wildcard { - // "_ n:* _" rules require a device group from /proc/devices. - group, err := findDeviceGroup(rule.Type, rule.Major) - if err != nil { - return nil, fmt.Errorf("unable to find device '%v/%d': %w", rule.Type, rule.Major, err) - } - if group == "" { - // Couldn't find a group. - logrus.Warnf("could not find device group for '%v/%d' in /proc/devices -- temporarily ignoring rule: %v", rule.Type, rule.Major, *rule) - continue - } - entry.Path = group - } else { - // "_ n:m _" rules are just a path in /dev/{block,char}/. - switch rule.Type { - case devices.BlockDevice: - entry.Path = fmt.Sprintf("/dev/block/%d:%d", rule.Major, rule.Minor) - case devices.CharDevice: - entry.Path = fmt.Sprintf("/dev/char/%d:%d", rule.Major, rule.Minor) - } - } - deviceAllowList = append(deviceAllowList, entry) - } - - properties = append(properties, newProp("DeviceAllow", deviceAllowList)) - return properties, nil -} diff --git a/libcontainer/cgroups/systemd/devices_test.go b/libcontainer/cgroups/systemd/freeze_test.go similarity index 57% rename from libcontainer/cgroups/systemd/devices_test.go rename to libcontainer/cgroups/systemd/freeze_test.go index 74ce2572b1e..76057865433 100644 --- a/libcontainer/cgroups/systemd/devices_test.go +++ b/libcontainer/cgroups/systemd/freeze_test.go @@ -8,235 +8,11 @@ import ( "strings" "testing" - "golang.org/x/sys/unix" - "github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/configs" - "github.com/opencontainers/runc/libcontainer/devices" + "golang.org/x/sys/unix" ) -// TestPodSkipDevicesUpdate checks that updating a pod having SkipDevices: true -// does not result in spurious "permission denied" errors in a container -// running under the pod. The test is somewhat similar in nature to the -// @test "update devices [minimal transition rules]" in tests/integration, -// but uses a pod. -func TestPodSkipDevicesUpdate(t *testing.T) { - if !IsRunningSystemd() { - t.Skip("Test requires systemd.") - } - if os.Geteuid() != 0 { - t.Skip("Test requires root.") - } - - podName := "system-runc_test_pod" + t.Name() + ".slice" - podConfig := &configs.Cgroup{ - Systemd: true, - Parent: "system.slice", - Name: podName, - Resources: &configs.Resources{ - PidsLimit: 42, - Memory: 32 * 1024 * 1024, - SkipDevices: true, - }, - } - // Create "pod" cgroup (a systemd slice to hold containers). - pm := newManager(t, podConfig) - if err := pm.Apply(-1); err != nil { - t.Fatal(err) - } - if err := pm.Set(podConfig.Resources); err != nil { - t.Fatal(err) - } - - containerConfig := &configs.Cgroup{ - Parent: podName, - ScopePrefix: "test", - Name: "PodSkipDevicesUpdate", - Resources: &configs.Resources{ - Devices: []*devices.Rule{ - // Allow access to /dev/null. - { - Type: devices.CharDevice, - Major: 1, - Minor: 3, - Permissions: "rwm", - Allow: true, - }, - }, - }, - } - - // Create a "container" within the "pod" cgroup. - // This is not a real container, just a process in the cgroup. - cmd := exec.Command("bash", "-c", "while true; do echo > /dev/null; done") - cmd.Env = append(os.Environ(), "LANG=C") - var stderr bytes.Buffer - cmd.Stderr = &stderr - if err := cmd.Start(); err != nil { - t.Fatal(err) - } - // Make sure to not leave a zombie. - defer func() { - // These may fail, we don't care. - _ = cmd.Process.Kill() - _ = cmd.Wait() - }() - - // Put the process into a cgroup. - cm := newManager(t, containerConfig) - if err := cm.Apply(cmd.Process.Pid); err != nil { - t.Fatal(err) - } - // Check that we put the "container" into the "pod" cgroup. - if !strings.HasPrefix(cm.Path("devices"), pm.Path("devices")) { - t.Fatalf("expected container cgroup path %q to be under pod cgroup path %q", - cm.Path("devices"), pm.Path("devices")) - } - if err := cm.Set(containerConfig.Resources); err != nil { - t.Fatal(err) - } - - // Now update the pod a few times. - for i := 0; i < 42; i++ { - podConfig.Resources.PidsLimit++ - podConfig.Resources.Memory += 1024 * 1024 - if err := pm.Set(podConfig.Resources); err != nil { - t.Fatal(err) - } - } - // Kill the "container". - if err := cmd.Process.Kill(); err != nil { - t.Fatal(err) - } - - _ = cmd.Wait() - - // "Container" stderr should be empty. - if stderr.Len() != 0 { - t.Fatalf("container stderr not empty: %s", stderr.String()) - } -} - -func testSkipDevices(t *testing.T, skipDevices bool, expected []string) { - if !IsRunningSystemd() { - t.Skip("Test requires systemd.") - } - if os.Geteuid() != 0 { - t.Skip("Test requires root.") - } - - podConfig := &configs.Cgroup{ - Parent: "system.slice", - Name: "system-runc_test_pods.slice", - Resources: &configs.Resources{ - SkipDevices: skipDevices, - }, - } - // Create "pods" cgroup (a systemd slice to hold containers). - pm := newManager(t, podConfig) - if err := pm.Apply(-1); err != nil { - t.Fatal(err) - } - if err := pm.Set(podConfig.Resources); err != nil { - t.Fatal(err) - } - - config := &configs.Cgroup{ - Parent: "system-runc_test_pods.slice", - ScopePrefix: "test", - Name: "SkipDevices", - Resources: &configs.Resources{ - Devices: []*devices.Rule{ - // Allow access to /dev/full only. - { - Type: devices.CharDevice, - Major: 1, - Minor: 7, - Permissions: "rwm", - Allow: true, - }, - }, - }, - } - - // Create a "container" within the "pods" cgroup. - // This is not a real container, just a process in the cgroup. - cmd := exec.Command("bash", "-c", "read; echo > /dev/full; cat /dev/null; true") - cmd.Env = append(os.Environ(), "LANG=C") - stdinR, stdinW, err := os.Pipe() - if err != nil { - t.Fatal(err) - } - cmd.Stdin = stdinR - var stderr bytes.Buffer - cmd.Stderr = &stderr - err = cmd.Start() - stdinR.Close() - defer stdinW.Close() - if err != nil { - t.Fatal(err) - } - // Make sure to not leave a zombie. - defer func() { - // These may fail, we don't care. - _, _ = stdinW.WriteString("hey\n") - _ = cmd.Wait() - }() - - // Put the process into a cgroup. - m := newManager(t, config) - if err := m.Apply(cmd.Process.Pid); err != nil { - t.Fatal(err) - } - // Check that we put the "container" into the "pod" cgroup. - if !strings.HasPrefix(m.Path("devices"), pm.Path("devices")) { - t.Fatalf("expected container cgroup path %q to be under pod cgroup path %q", - m.Path("devices"), pm.Path("devices")) - } - if err := m.Set(config.Resources); err != nil { - // failed to write "c 1:7 rwm": write /sys/fs/cgroup/devices/system.slice/system-runc_test_pods.slice/test-SkipDevices.scope/devices.allow: operation not permitted - if skipDevices == false && strings.HasSuffix(err.Error(), "/devices.allow: operation not permitted") { - // Cgroup v1 devices controller gives EPERM on trying - // to enable devices that are not enabled - // (skipDevices=false) in a parent cgroup. - // If this happens, test is passing. - return - } - t.Fatal(err) - } - - // Check that we can access /dev/full but not /dev/zero. - if _, err := stdinW.WriteString("wow\n"); err != nil { - t.Fatal(err) - } - if err := cmd.Wait(); err != nil { - t.Fatal(err) - } - for _, exp := range expected { - if !strings.Contains(stderr.String(), exp) { - t.Errorf("expected %q, got: %s", exp, stderr.String()) - } - } -} - -func TestSkipDevicesTrue(t *testing.T) { - testSkipDevices(t, true, []string{ - "echo: write error: No space left on device", - "cat: /dev/null: Operation not permitted", - }) -} - -func TestSkipDevicesFalse(t *testing.T) { - // If SkipDevices is not set for the parent slice, access to both - // devices should fail. This is done to assess the test correctness. - // For cgroup v1, we check for m.Set returning EPERM. - // For cgroup v2, we check for the errors below. - testSkipDevices(t, false, []string{ - "/dev/full: Operation not permitted", - "cat: /dev/null: Operation not permitted", - }) -} - func TestFreezeBeforeSet(t *testing.T) { requireV1(t) diff --git a/libcontainer/factory_linux.go b/libcontainer/factory_linux.go index 10ca0eeea7e..17b05a55298 100644 --- a/libcontainer/factory_linux.go +++ b/libcontainer/factory_linux.go @@ -12,6 +12,8 @@ import ( securejoin "github.com/cyphar/filepath-securejoin" "golang.org/x/sys/unix" + //nolint:revive // Enable cgroup manager to manage devices + _ "github.com/opencontainers/runc/libcontainer/cgroups/devices" "github.com/opencontainers/runc/libcontainer/cgroups/manager" "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/configs/validate" diff --git a/libcontainer/integration/init_test.go b/libcontainer/integration/init_test.go index b6a3714d493..76638ffc7fa 100644 --- a/libcontainer/integration/init_test.go +++ b/libcontainer/integration/init_test.go @@ -6,6 +6,8 @@ import ( "testing" "github.com/opencontainers/runc/libcontainer" + //nolint:revive // Enable cgroup manager to manage devices + _ "github.com/opencontainers/runc/libcontainer/cgroups/devices" _ "github.com/opencontainers/runc/libcontainer/nsenter" "github.com/sirupsen/logrus" From 47e09976a3159a8e2bf6160e7e0aedcfeadb5cfe Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 8 Apr 2022 17:14:41 -0700 Subject: [PATCH 0041/1176] libct/cg/dev: privatize some functions These are only used from inside the package, and we don't want them to be public. The only two methods left are Enable and Disable. While at it, fix or suppress found lint-extra warnings. Signed-off-by: Kir Kolyshkin --- libcontainer/cgroups/devices/devicefilter.go | 6 +- .../cgroups/devices/devicefilter_test.go | 2 +- .../cgroups/devices/devices_emulator.go | 32 +++--- .../cgroups/devices/devices_emulator_test.go | 108 +++++++++--------- libcontainer/cgroups/devices/ebpf_linux.go | 4 +- libcontainer/cgroups/devices/systemd.go | 2 +- libcontainer/cgroups/devices/v1.go | 8 +- libcontainer/cgroups/devices/v2.go | 4 +- 8 files changed, 83 insertions(+), 83 deletions(-) diff --git a/libcontainer/cgroups/devices/devicefilter.go b/libcontainer/cgroups/devices/devicefilter.go index 3849810b30e..c8cfb5ab57b 100644 --- a/libcontainer/cgroups/devices/devicefilter.go +++ b/libcontainer/cgroups/devices/devicefilter.go @@ -22,14 +22,14 @@ const ( license = "Apache" ) -// DeviceFilter returns eBPF device filter program and its license string -func DeviceFilter(rules []*devices.Rule) (asm.Instructions, string, error) { +// deviceFilter returns eBPF device filter program and its license string. +func deviceFilter(rules []*devices.Rule) (asm.Instructions, string, error) { // Generate the minimum ruleset for the device rules we are given. While we // don't care about minimum transitions in cgroupv2, using the emulator // gives us a guarantee that the behaviour of devices filtering is the same // as cgroupv1, including security hardenings to avoid misconfiguration // (such as punching holes in wildcard rules). - emu := new(Emulator) + emu := new(emulator) for _, rule := range rules { if err := emu.Apply(*rule); err != nil { return nil, "", err diff --git a/libcontainer/cgroups/devices/devicefilter_test.go b/libcontainer/cgroups/devices/devicefilter_test.go index 7cabf0673f5..7b6424d332f 100644 --- a/libcontainer/cgroups/devices/devicefilter_test.go +++ b/libcontainer/cgroups/devices/devicefilter_test.go @@ -21,7 +21,7 @@ func hash(s, comm string) string { } func testDeviceFilter(t testing.TB, devices []*devices.Rule, expectedStr string) { - insts, _, err := DeviceFilter(devices) + insts, _, err := deviceFilter(devices) if err != nil { t.Fatalf("%s: %v (devices: %+v)", t.Name(), err, devices) } diff --git a/libcontainer/cgroups/devices/devices_emulator.go b/libcontainer/cgroups/devices/devices_emulator.go index 6c61ee4c033..3e1f49f0f7a 100644 --- a/libcontainer/cgroups/devices/devices_emulator.go +++ b/libcontainer/cgroups/devices/devices_emulator.go @@ -63,16 +63,16 @@ func (r deviceRules) orderedEntries() []deviceRule { return rules } -type Emulator struct { +type emulator struct { defaultAllow bool rules deviceRules } -func (e *Emulator) IsBlacklist() bool { +func (e *emulator) IsBlacklist() bool { return e.defaultAllow } -func (e *Emulator) IsAllowAll() bool { +func (e *emulator) IsAllowAll() bool { return e.IsBlacklist() && len(e.rules) == 0 } @@ -139,7 +139,7 @@ func parseLine(line string) (*deviceRule, error) { return &rule, nil } -func (e *Emulator) addRule(rule deviceRule) error { //nolint:unparam +func (e *emulator) addRule(rule deviceRule) error { //nolint:unparam if e.rules == nil { e.rules = make(map[deviceMeta]devices.Permissions) } @@ -151,7 +151,7 @@ func (e *Emulator) addRule(rule deviceRule) error { //nolint:unparam return nil } -func (e *Emulator) rmRule(rule deviceRule) error { +func (e *emulator) rmRule(rule deviceRule) error { // Give an error if any of the permissions requested to be removed are // present in a partially-matching wildcard rule, because such rules will // be ignored by cgroupv1. @@ -196,11 +196,11 @@ func (e *Emulator) rmRule(rule deviceRule) error { return nil } -func (e *Emulator) allow(rule *deviceRule) error { +func (e *emulator) allow(rule *deviceRule) error { // This cgroup is configured as a black-list. Reset the entire emulator, // and put is into black-list mode. if rule == nil || rule.meta.node == devices.WildcardDevice { - *e = Emulator{ + *e = emulator{ defaultAllow: true, rules: nil, } @@ -216,11 +216,11 @@ func (e *Emulator) allow(rule *deviceRule) error { return err } -func (e *Emulator) deny(rule *deviceRule) error { +func (e *emulator) deny(rule *deviceRule) error { // This cgroup is configured as a white-list. Reset the entire emulator, // and put is into white-list mode. if rule == nil || rule.meta.node == devices.WildcardDevice { - *e = Emulator{ + *e = emulator{ defaultAllow: false, rules: nil, } @@ -236,7 +236,7 @@ func (e *Emulator) deny(rule *deviceRule) error { return err } -func (e *Emulator) Apply(rule devices.Rule) error { +func (e *emulator) Apply(rule devices.Rule) error { if !rule.Type.CanCgroup() { return fmt.Errorf("cannot add rule [%#v] with non-cgroup type %q", rule, rule.Type) } @@ -260,17 +260,17 @@ func (e *Emulator) Apply(rule devices.Rule) error { return e.deny(innerRule) } -// EmulatorFromList takes a reader to a "devices.list"-like source, and returns +// emulatorFromList takes a reader to a "devices.list"-like source, and returns // a new Emulator that represents the state of the devices cgroup. Note that // black-list devices cgroups cannot be fully reconstructed, due to limitations // in the devices cgroup API. Instead, such cgroups are always treated as // "allow all" cgroups. -func EmulatorFromList(list io.Reader) (*Emulator, error) { +func emulatorFromList(list io.Reader) (*emulator, error) { // Normally cgroups are in black-list mode by default, but the way we // figure out the current mode is whether or not devices.list has an // allow-all rule. So we default to a white-list, and the existence of an // "a *:* rwm" entry will tell us otherwise. - e := &Emulator{ + e := &emulator{ defaultAllow: false, } @@ -304,7 +304,7 @@ func EmulatorFromList(list io.Reader) (*Emulator, error) { // This function is the sole reason for all of Emulator -- to allow us // to figure out how to update a containers' cgroups without causing spurious // device errors (if possible). -func (source *Emulator) Transition(target *Emulator) ([]*devices.Rule, error) { +func (source *emulator) Transition(target *emulator) ([]*devices.Rule, error) { //nolint:revive // Ignore receiver-naming warning. var transitionRules []*devices.Rule oldRules := source.rules @@ -373,8 +373,8 @@ func (source *Emulator) Transition(target *Emulator) ([]*devices.Rule, error) { // cgroup to the emulated filter state (note that this is not the same as a // default cgroupv1 cgroup -- which is allow-all). This is effectively just a // wrapper around Transition() with the source emulator being an empty cgroup. -func (e *Emulator) Rules() ([]*devices.Rule, error) { - defaultCgroup := &Emulator{defaultAllow: false} +func (e *emulator) Rules() ([]*devices.Rule, error) { + defaultCgroup := &emulator{defaultAllow: false} return defaultCgroup.Transition(e) } diff --git a/libcontainer/cgroups/devices/devices_emulator_test.go b/libcontainer/cgroups/devices/devices_emulator_test.go index 4dac242cffa..51c1f521eb0 100644 --- a/libcontainer/cgroups/devices/devices_emulator_test.go +++ b/libcontainer/cgroups/devices/devices_emulator_test.go @@ -31,19 +31,19 @@ import ( func TestDeviceEmulatorLoad(t *testing.T) { tests := []struct { name, list string - expected *Emulator + expected *emulator }{ { name: "BlacklistMode", list: `a *:* rwm`, - expected: &Emulator{ + expected: &emulator{ defaultAllow: true, }, }, { name: "WhitelistBasic", list: `c 4:2 rw`, - expected: &Emulator{ + expected: &emulator{ defaultAllow: false, rules: deviceRules{ { @@ -57,7 +57,7 @@ func TestDeviceEmulatorLoad(t *testing.T) { { name: "WhitelistWildcard", list: `b 0:* m`, - expected: &Emulator{ + expected: &emulator{ defaultAllow: false, rules: deviceRules{ { @@ -72,7 +72,7 @@ func TestDeviceEmulatorLoad(t *testing.T) { name: "WhitelistDuplicate", list: `c *:* rwm c 1:1 r`, - expected: &Emulator{ + expected: &emulator{ defaultAllow: false, rules: deviceRules{ { @@ -102,7 +102,7 @@ c 5:0 rwm c 5:2 rwm c 136:* rwm c 10:200 rwm`, - expected: &Emulator{ + expected: &emulator{ defaultAllow: false, rules: deviceRules{ { @@ -205,7 +205,7 @@ c 10:200 rwm`, test := test // capture range variable t.Run(test.name, func(t *testing.T) { list := bytes.NewBufferString(test.list) - emu, err := EmulatorFromList(list) + emu, err := emulatorFromList(list) if err != nil && test.expected != nil { t.Fatalf("unexpected failure when creating emulator: %v", err) } else if err == nil && test.expected == nil { @@ -223,7 +223,7 @@ func testDeviceEmulatorApply(t *testing.T, baseDefaultAllow bool) { tests := []struct { name string rule devices.Rule - base, expected *Emulator + base, expected *emulator }{ // Switch between default modes. { @@ -235,7 +235,7 @@ func testDeviceEmulatorApply(t *testing.T, baseDefaultAllow bool) { Permissions: devices.Permissions("rwm"), Allow: !baseDefaultAllow, }, - base: &Emulator{ + base: &emulator{ defaultAllow: baseDefaultAllow, rules: deviceRules{ { @@ -250,7 +250,7 @@ func testDeviceEmulatorApply(t *testing.T, baseDefaultAllow bool) { }: devices.Permissions("r"), }, }, - expected: &Emulator{ + expected: &emulator{ defaultAllow: !baseDefaultAllow, rules: nil, }, @@ -264,11 +264,11 @@ func testDeviceEmulatorApply(t *testing.T, baseDefaultAllow bool) { Permissions: devices.Permissions("rwm"), Allow: baseDefaultAllow, }, - base: &Emulator{ + base: &emulator{ defaultAllow: baseDefaultAllow, rules: nil, }, - expected: &Emulator{ + expected: &emulator{ defaultAllow: baseDefaultAllow, rules: nil, }, @@ -282,7 +282,7 @@ func testDeviceEmulatorApply(t *testing.T, baseDefaultAllow bool) { Permissions: devices.Permissions("rwm"), Allow: baseDefaultAllow, }, - base: &Emulator{ + base: &emulator{ defaultAllow: baseDefaultAllow, rules: deviceRules{ { @@ -297,7 +297,7 @@ func testDeviceEmulatorApply(t *testing.T, baseDefaultAllow bool) { }: devices.Permissions("r"), }, }, - expected: &Emulator{ + expected: &emulator{ defaultAllow: baseDefaultAllow, rules: nil, }, @@ -312,7 +312,7 @@ func testDeviceEmulatorApply(t *testing.T, baseDefaultAllow bool) { Permissions: devices.Permissions("rm"), Allow: !baseDefaultAllow, }, - base: &Emulator{ + base: &emulator{ defaultAllow: baseDefaultAllow, rules: deviceRules{ { @@ -327,7 +327,7 @@ func testDeviceEmulatorApply(t *testing.T, baseDefaultAllow bool) { }: devices.Permissions("r"), }, }, - expected: &Emulator{ + expected: &emulator{ defaultAllow: baseDefaultAllow, rules: deviceRules{ { @@ -357,7 +357,7 @@ func testDeviceEmulatorApply(t *testing.T, baseDefaultAllow bool) { Permissions: devices.Permissions("rm"), Allow: !baseDefaultAllow, }, - base: &Emulator{ + base: &emulator{ defaultAllow: baseDefaultAllow, rules: deviceRules{ { @@ -367,7 +367,7 @@ func testDeviceEmulatorApply(t *testing.T, baseDefaultAllow bool) { }: devices.Permissions("rwm"), }, }, - expected: &Emulator{ + expected: &emulator{ defaultAllow: baseDefaultAllow, rules: deviceRules{ { @@ -393,7 +393,7 @@ func testDeviceEmulatorApply(t *testing.T, baseDefaultAllow bool) { Permissions: devices.Permissions("rm"), Allow: !baseDefaultAllow, }, - base: &Emulator{ + base: &emulator{ defaultAllow: baseDefaultAllow, rules: deviceRules{ { @@ -403,7 +403,7 @@ func testDeviceEmulatorApply(t *testing.T, baseDefaultAllow bool) { }: devices.Permissions("rm"), }, }, - expected: &Emulator{ + expected: &emulator{ defaultAllow: baseDefaultAllow, rules: deviceRules{ { @@ -423,7 +423,7 @@ func testDeviceEmulatorApply(t *testing.T, baseDefaultAllow bool) { Permissions: devices.Permissions("rm"), Allow: !baseDefaultAllow, }, - base: &Emulator{ + base: &emulator{ defaultAllow: baseDefaultAllow, rules: deviceRules{ { @@ -438,7 +438,7 @@ func testDeviceEmulatorApply(t *testing.T, baseDefaultAllow bool) { }: devices.Permissions("rw"), }, }, - expected: &Emulator{ + expected: &emulator{ defaultAllow: baseDefaultAllow, rules: deviceRules{ { @@ -463,7 +463,7 @@ func testDeviceEmulatorApply(t *testing.T, baseDefaultAllow bool) { Permissions: devices.Permissions("rm"), Allow: !baseDefaultAllow, }, - base: &Emulator{ + base: &emulator{ defaultAllow: baseDefaultAllow, rules: deviceRules{ { @@ -478,7 +478,7 @@ func testDeviceEmulatorApply(t *testing.T, baseDefaultAllow bool) { }: devices.Permissions("rw"), }, }, - expected: &Emulator{ + expected: &emulator{ defaultAllow: baseDefaultAllow, rules: deviceRules{ { @@ -503,7 +503,7 @@ func testDeviceEmulatorApply(t *testing.T, baseDefaultAllow bool) { Permissions: devices.Permissions("r"), Allow: !baseDefaultAllow, }, - base: &Emulator{ + base: &emulator{ defaultAllow: baseDefaultAllow, rules: deviceRules{ { @@ -518,7 +518,7 @@ func testDeviceEmulatorApply(t *testing.T, baseDefaultAllow bool) { }: devices.Permissions("rw"), }, }, - expected: &Emulator{ + expected: &emulator{ defaultAllow: baseDefaultAllow, rules: deviceRules{ { @@ -544,7 +544,7 @@ func testDeviceEmulatorApply(t *testing.T, baseDefaultAllow bool) { Permissions: devices.Permissions("rm"), Allow: baseDefaultAllow, }, - base: &Emulator{ + base: &emulator{ defaultAllow: baseDefaultAllow, rules: deviceRules{ { @@ -559,7 +559,7 @@ func testDeviceEmulatorApply(t *testing.T, baseDefaultAllow bool) { }: devices.Permissions("r"), }, }, - expected: &Emulator{ + expected: &emulator{ defaultAllow: baseDefaultAllow, rules: deviceRules{ { @@ -579,7 +579,7 @@ func testDeviceEmulatorApply(t *testing.T, baseDefaultAllow bool) { Permissions: devices.Permissions("rw"), Allow: baseDefaultAllow, }, - base: &Emulator{ + base: &emulator{ defaultAllow: baseDefaultAllow, rules: deviceRules{ { @@ -589,7 +589,7 @@ func testDeviceEmulatorApply(t *testing.T, baseDefaultAllow bool) { }: devices.Permissions("r"), }, }, - expected: &Emulator{ + expected: &emulator{ defaultAllow: baseDefaultAllow, rules: deviceRules{ { @@ -609,7 +609,7 @@ func testDeviceEmulatorApply(t *testing.T, baseDefaultAllow bool) { Permissions: devices.Permissions("rw"), Allow: baseDefaultAllow, }, - base: &Emulator{ + base: &emulator{ defaultAllow: baseDefaultAllow, rules: deviceRules{ { @@ -624,7 +624,7 @@ func testDeviceEmulatorApply(t *testing.T, baseDefaultAllow bool) { }: devices.Permissions("r"), }, }, - expected: &Emulator{ + expected: &emulator{ defaultAllow: baseDefaultAllow, rules: deviceRules{ { @@ -644,7 +644,7 @@ func testDeviceEmulatorApply(t *testing.T, baseDefaultAllow bool) { Permissions: devices.Permissions("r"), Allow: baseDefaultAllow, }, - base: &Emulator{ + base: &emulator{ defaultAllow: baseDefaultAllow, rules: deviceRules{ { @@ -659,7 +659,7 @@ func testDeviceEmulatorApply(t *testing.T, baseDefaultAllow bool) { }: devices.Permissions("r"), }, }, - expected: &Emulator{ + expected: &emulator{ defaultAllow: baseDefaultAllow, rules: deviceRules{ { @@ -686,7 +686,7 @@ func testDeviceEmulatorApply(t *testing.T, baseDefaultAllow bool) { Permissions: devices.Permissions("r"), Allow: baseDefaultAllow, }, - base: &Emulator{ + base: &emulator{ defaultAllow: baseDefaultAllow, rules: deviceRules{ { @@ -712,7 +712,7 @@ func testDeviceEmulatorApply(t *testing.T, baseDefaultAllow bool) { Permissions: devices.Permissions("r"), Allow: baseDefaultAllow, }, - base: &Emulator{ + base: &emulator{ defaultAllow: baseDefaultAllow, rules: deviceRules{ { @@ -727,7 +727,7 @@ func testDeviceEmulatorApply(t *testing.T, baseDefaultAllow bool) { }: devices.Permissions("r"), }, }, - expected: &Emulator{ + expected: &emulator{ defaultAllow: baseDefaultAllow, rules: deviceRules{ { @@ -768,13 +768,13 @@ func TestDeviceEmulatorBlacklistApply(t *testing.T) { func testDeviceEmulatorTransition(t *testing.T, sourceDefaultAllow bool) { tests := []struct { name string - source, target *Emulator + source, target *emulator expected []*devices.Rule }{ // No-op changes. { name: "Noop", - source: &Emulator{ + source: &emulator{ defaultAllow: sourceDefaultAllow, rules: deviceRules{ { @@ -784,7 +784,7 @@ func testDeviceEmulatorTransition(t *testing.T, sourceDefaultAllow bool) { }: devices.Permissions("wm"), }, }, - target: &Emulator{ + target: &emulator{ defaultAllow: sourceDefaultAllow, rules: deviceRules{ { @@ -800,7 +800,7 @@ func testDeviceEmulatorTransition(t *testing.T, sourceDefaultAllow bool) { // Switching modes. { name: "SwitchToOtherMode", - source: &Emulator{ + source: &emulator{ defaultAllow: sourceDefaultAllow, rules: deviceRules{ { @@ -810,7 +810,7 @@ func testDeviceEmulatorTransition(t *testing.T, sourceDefaultAllow bool) { }: devices.Permissions("rwm"), }, }, - target: &Emulator{ + target: &emulator{ defaultAllow: !sourceDefaultAllow, rules: deviceRules{ { @@ -842,7 +842,7 @@ func testDeviceEmulatorTransition(t *testing.T, sourceDefaultAllow bool) { // Rule changes. { name: "RuleAddition", - source: &Emulator{ + source: &emulator{ defaultAllow: sourceDefaultAllow, rules: deviceRules{ { @@ -852,7 +852,7 @@ func testDeviceEmulatorTransition(t *testing.T, sourceDefaultAllow bool) { }: devices.Permissions("rwm"), }, }, - target: &Emulator{ + target: &emulator{ defaultAllow: sourceDefaultAllow, rules: deviceRules{ { @@ -879,7 +879,7 @@ func testDeviceEmulatorTransition(t *testing.T, sourceDefaultAllow bool) { }, { name: "RuleRemoval", - source: &Emulator{ + source: &emulator{ defaultAllow: sourceDefaultAllow, rules: deviceRules{ { @@ -894,7 +894,7 @@ func testDeviceEmulatorTransition(t *testing.T, sourceDefaultAllow bool) { }: devices.Permissions("rwm"), }, }, - target: &Emulator{ + target: &emulator{ defaultAllow: sourceDefaultAllow, rules: deviceRules{ { @@ -916,7 +916,7 @@ func testDeviceEmulatorTransition(t *testing.T, sourceDefaultAllow bool) { }, { name: "RuleMultipleAdditionRemoval", - source: &Emulator{ + source: &emulator{ defaultAllow: sourceDefaultAllow, rules: deviceRules{ { @@ -931,7 +931,7 @@ func testDeviceEmulatorTransition(t *testing.T, sourceDefaultAllow bool) { }: devices.Permissions("rw"), }, }, - target: &Emulator{ + target: &emulator{ defaultAllow: sourceDefaultAllow, rules: deviceRules{ { @@ -954,7 +954,7 @@ func testDeviceEmulatorTransition(t *testing.T, sourceDefaultAllow bool) { // Modifying the access permissions. { name: "RulePartialAddition", - source: &Emulator{ + source: &emulator{ defaultAllow: sourceDefaultAllow, rules: deviceRules{ { @@ -964,7 +964,7 @@ func testDeviceEmulatorTransition(t *testing.T, sourceDefaultAllow bool) { }: devices.Permissions("r"), }, }, - target: &Emulator{ + target: &emulator{ defaultAllow: sourceDefaultAllow, rules: deviceRules{ { @@ -986,7 +986,7 @@ func testDeviceEmulatorTransition(t *testing.T, sourceDefaultAllow bool) { }, { name: "RulePartialRemoval", - source: &Emulator{ + source: &emulator{ defaultAllow: sourceDefaultAllow, rules: deviceRules{ { @@ -996,7 +996,7 @@ func testDeviceEmulatorTransition(t *testing.T, sourceDefaultAllow bool) { }: devices.Permissions("rw"), }, }, - target: &Emulator{ + target: &emulator{ defaultAllow: sourceDefaultAllow, rules: deviceRules{ { @@ -1018,7 +1018,7 @@ func testDeviceEmulatorTransition(t *testing.T, sourceDefaultAllow bool) { }, { name: "RulePartialBoth", - source: &Emulator{ + source: &emulator{ defaultAllow: sourceDefaultAllow, rules: deviceRules{ { @@ -1028,7 +1028,7 @@ func testDeviceEmulatorTransition(t *testing.T, sourceDefaultAllow bool) { }: devices.Permissions("rw"), }, }, - target: &Emulator{ + target: &emulator{ defaultAllow: sourceDefaultAllow, rules: deviceRules{ { diff --git a/libcontainer/cgroups/devices/ebpf_linux.go b/libcontainer/cgroups/devices/ebpf_linux.go index 77277f93bb7..499b4677edb 100644 --- a/libcontainer/cgroups/devices/ebpf_linux.go +++ b/libcontainer/cgroups/devices/ebpf_linux.go @@ -143,12 +143,12 @@ func haveBpfProgReplace() bool { return haveBpfProgReplaceBool } -// LoadAttachCgroupDeviceFilter installs eBPF device filter program to /sys/fs/cgroup/ directory. +// loadAttachCgroupDeviceFilter installs eBPF device filter program to /sys/fs/cgroup/ directory. // // Requires the system to be running in cgroup2 unified-mode with kernel >= 4.15 . // // https://github.com/torvalds/linux/commit/ebc614f687369f9df99828572b1d85a7c2de3d92 -func LoadAttachCgroupDeviceFilter(insts asm.Instructions, license string, dirFd int) (func() error, error) { +func loadAttachCgroupDeviceFilter(insts asm.Instructions, license string, dirFd int) (func() error, error) { // Increase `ulimit -l` limit to avoid BPF_PROG_LOAD error (#2167). // This limit is not inherited into the container. memlockLimit := &unix.Rlimit{ diff --git a/libcontainer/cgroups/devices/systemd.go b/libcontainer/cgroups/devices/systemd.go index 02962540058..7e3c6fda8ce 100644 --- a/libcontainer/cgroups/devices/systemd.go +++ b/libcontainer/cgroups/devices/systemd.go @@ -30,7 +30,7 @@ func systemdProperties(r *configs.Resources) ([]systemdDbus.Property, error) { } // Figure out the set of rules. - configEmu := Emulator{} + configEmu := emulator{} for _, rule := range r.Devices { if err := configEmu.Apply(*rule); err != nil { return nil, fmt.Errorf("unable to apply rule for systemd: %w", err) diff --git a/libcontainer/cgroups/devices/v1.go b/libcontainer/cgroups/devices/v1.go index 64eadd12f11..397c00c8d46 100644 --- a/libcontainer/cgroups/devices/v1.go +++ b/libcontainer/cgroups/devices/v1.go @@ -64,17 +64,17 @@ func setV1(path string, r *configs.Resources) error { return nil } -func loadEmulator(path string) (*Emulator, error) { +func loadEmulator(path string) (*emulator, error) { list, err := cgroups.ReadFile(path, "devices.list") if err != nil { return nil, err } - return EmulatorFromList(bytes.NewBufferString(list)) + return emulatorFromList(bytes.NewBufferString(list)) } -func buildEmulator(rules []*devices.Rule) (*Emulator, error) { +func buildEmulator(rules []*devices.Rule) (*emulator, error) { // This defaults to a white-list -- which is what we want! - emu := &Emulator{} + emu := &emulator{} for _, rule := range rules { if err := emu.Apply(*rule); err != nil { return nil, err diff --git a/libcontainer/cgroups/devices/v2.go b/libcontainer/cgroups/devices/v2.go index a1b3f3a5a5e..4bcf860b5bb 100644 --- a/libcontainer/cgroups/devices/v2.go +++ b/libcontainer/cgroups/devices/v2.go @@ -55,7 +55,7 @@ func setV2(dirPath string, r *configs.Resources) error { if r.SkipDevices { return nil } - insts, license, err := DeviceFilter(r.Devices) + insts, license, err := deviceFilter(r.Devices) if err != nil { return err } @@ -64,7 +64,7 @@ func setV2(dirPath string, r *configs.Resources) error { return fmt.Errorf("cannot get dir FD for %s", dirPath) } defer unix.Close(dirFD) - if _, err := LoadAttachCgroupDeviceFilter(insts, license, dirFD); err != nil { + if _, err := loadAttachCgroupDeviceFilter(insts, license, dirFD); err != nil { if !canSkipEBPFError(r) { return err } From 0ca0bb9feeaa88b80d0f95a554a5fe02d97b75d5 Mon Sep 17 00:00:00 2001 From: Kang Chen Date: Fri, 20 May 2022 14:33:59 +0800 Subject: [PATCH 0042/1176] libct/cg/sd: check dbus.ErrClosed instead of isDbusError Signed-off-by: Kang Chen --- libcontainer/cgroups/systemd/dbus.go | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/libcontainer/cgroups/systemd/dbus.go b/libcontainer/cgroups/systemd/dbus.go index 3e547e282b5..bb87ae83aef 100644 --- a/libcontainer/cgroups/systemd/dbus.go +++ b/libcontainer/cgroups/systemd/dbus.go @@ -2,6 +2,7 @@ package systemd import ( "context" + "errors" "fmt" "sync" @@ -80,8 +81,6 @@ func (d *dbusConnManager) resetConnection(conn *systemdDbus.Conn) { } } -var errDbusConnClosed = dbus.ErrClosed.Error() - // retryOnDisconnect calls op, and if the error it returns is about closed dbus // connection, the connection is re-established and the op is retried. This helps // with the situation when dbus is restarted and we have a stale connection. @@ -92,7 +91,10 @@ func (d *dbusConnManager) retryOnDisconnect(op func(*systemdDbus.Conn) error) er return err } err = op(conn) - if !isDbusError(err, errDbusConnClosed) { + if err == nil { + return nil + } + if !errors.Is(err, dbus.ErrClosed) { return err } d.resetConnection(conn) From be6488a5a9a62088176d8220356b1d2650f301df Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Fri, 20 May 2022 10:39:41 +1000 Subject: [PATCH 0043/1176] seccomp: enosys: always return -ENOSYS for setup(2) on s390(x) On s390x, syscalls above 255 are multiplexed using the (now otherwise unused) setup(2) syscall (syscall number 0). If the kernel supports the syscall then it will correctly translate the syscall number such that seccomp will correctly detect it -- however, for unknown syscalls the syscall number remains unchanged. This can be verified by running the following program under strace: int main(void) { scmp_filter_ctx ctx = seccomp_init(SCMP_ACT_TRAP); seccomp_load(ctx); return syscall(439, AT_FDCWD, "asdf", X_OK, 0); } Which will then die with the following signal (on pre-5.8 kernels): --- SIGSYS {si_signo=SIGSYS, si_code=SYS_SECCOMP, si_call_addr=0x3ffb3006c22, si_syscall=__NR_setup, si_arch=AUDIT_ARCH_S390X} --- (Note that the si_syscall is __NR_setup, not __NR_faccessat2.) As a result, the -ENOSYS handling we had previously did not work completely correctly on s390x because any syscall not supported by the kernel would be treated as syscall number 0 rather than the actual syscall number. Always returning -ENOSYS will not cause any issues because in all of the cases where this multiplexing occurs, seccomp will see the remapped syscall number -- and no userspace program will call setup(2) intentionally (the syscall has not existed in Linux for decades and was originally a hack used early in Linux init prior to spawning pid1 -- so you will get -ENOSYS from the kernel anyway). Signed-off-by: Aleksa Sarai --- CHANGELOG.md | 4 ++ libcontainer/seccomp/patchbpf/enosys_linux.go | 48 ++++++++++++++----- .../seccomp/patchbpf/enosys_linux_test.go | 13 +++++ 3 files changed, 54 insertions(+), 11 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8bc692fb99e..5d4d881bb1a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -22,6 +22,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 * In case the runc binary resides on tmpfs, `runc init` no longer re-execs itself twice. (#3342) + * Our seccomp `-ENOSYS` stub now correctly handles multiplexed syscalls on + s390 and s390x. This solves the issue where syscalls the host kernel did not + support would return `-EPERM` despite the existence of the `-ENOSYS` stub + code (this was due to how s390x does syscall multiplexing). (#3474) ## [1.1.0] - 2022-01-14 diff --git a/libcontainer/seccomp/patchbpf/enosys_linux.go b/libcontainer/seccomp/patchbpf/enosys_linux.go index 095fba7fd91..6376512b086 100644 --- a/libcontainer/seccomp/patchbpf/enosys_linux.go +++ b/libcontainer/seccomp/patchbpf/enosys_linux.go @@ -80,6 +80,11 @@ import "C" var retErrnoEnosys = uint32(C.C_ACT_ERRNO_ENOSYS) +// This syscall is used for multiplexing "large" syscalls on s390(x). Unknown +// syscalls will end up with this syscall number, so we need to explcitly +// return -ENOSYS for this syscall on those architectures. +const s390xMultiplexSyscall libseccomp.ScmpSyscall = 0 + func isAllowAction(action configs.Action) bool { switch action { // Trace is considered an "allow" action because a good tracer should @@ -315,7 +320,7 @@ func generateEnosysStub(lastSyscalls lastSyscallMap) ([]bpf.Instruction, error) // directly from the arch code so we need to do it here. Sadly we can't // share this code between architecture branches. section := []bpf.Instruction{ - // load [0] + // load [0] (syscall number) bpf.LoadAbsolute{Off: 0, Size: 4}, // NOTE: We assume sizeof(int) == 4. } @@ -324,10 +329,37 @@ func generateEnosysStub(lastSyscalls lastSyscallMap) ([]bpf.Instruction, error) // No syscalls found for this arch -- skip it and move on. continue case 1: - // Get the only syscall in the map. - var sysno libseccomp.ScmpSyscall - for _, no := range maxSyscalls { + // Get the only syscall and scmpArch in the map. + var ( + scmpArch libseccomp.ScmpArch + sysno libseccomp.ScmpSyscall + ) + for arch, no := range maxSyscalls { sysno = no + scmpArch = arch + } + + switch scmpArch { + // Return -ENOSYS for setup(2) on s390(x). This syscall is used for + // multiplexing "large syscall number" syscalls, but if the syscall + // number is not known to the kernel then the syscall number is + // left unchanged (and because it is sysno=0, you'll end up with + // EPERM for syscalls the kernel doesn't know about). + // + // The actual setup(2) syscall is never used by userspace anymore + // (and hasn't existed for decades) outside of this multiplexing + // scheme so returning -ENOSYS is fine. + case libseccomp.ArchS390, libseccomp.ArchS390X: + section = append(section, []bpf.Instruction{ + // jne [setup=0],1 + bpf.JumpIf{ + Cond: bpf.JumpNotEqual, + Val: uint32(s390xMultiplexSyscall), + SkipTrue: 1, + }, + // ret [ENOSYS] + bpf.RetConstant{Val: retErrnoEnosys}, + }...) } // The simplest case just boils down to a single jgt instruction, @@ -359,12 +391,6 @@ func generateEnosysStub(lastSyscalls lastSyscallMap) ([]bpf.Instruction, error) // If we're on x86 we need to add a check for x32 and if we're in // the wrong mode we jump over the section. if uint32(nativeArch) == uint32(C.C_AUDIT_ARCH_X86_64) { - // Grab the only architecture in the map. - var scmpArch libseccomp.ScmpArch - for arch := range maxSyscalls { - scmpArch = arch - } - // Generate a prefix to check the mode. switch scmpArch { case libseccomp.ArchAMD64: @@ -522,7 +548,7 @@ func generateEnosysStub(lastSyscalls lastSyscallMap) ([]bpf.Instruction, error) // Prepend the load instruction for the architecture. programTail = append([]bpf.Instruction{ - // load [4] + // load [4] (architecture) bpf.LoadAbsolute{Off: 4, Size: 4}, // NOTE: We assume sizeof(int) == 4. }, programTail...) diff --git a/libcontainer/seccomp/patchbpf/enosys_linux_test.go b/libcontainer/seccomp/patchbpf/enosys_linux_test.go index 727800aa50c..e2d363a43bd 100644 --- a/libcontainer/seccomp/patchbpf/enosys_linux_test.go +++ b/libcontainer/seccomp/patchbpf/enosys_linux_test.go @@ -213,6 +213,19 @@ func testEnosysStub(t *testing.T, defaultAction configs.Action, arches []string) }) } + // If we're on s390(x) make sure you get -ENOSYS for the "setup" + // syscall (this is done to work around an issue with s390x's + // syscall multiplexing which results in unknown syscalls being a + // setup(2) invocation). + switch scmpArch { + case libseccomp.ArchS390, libseccomp.ArchS390X: + syscallTests = append(syscallTests, syscallTest{ + sysno: s390xMultiplexSyscall, + syscall: "setup", + expected: retErrnoEnosys, + }) + } + // Test syscalls in the explicit list. for _, test := range syscallTests { // Override the expected value in the two special cases. From 6a79271c311d85d6e9afa38200902da2525fe463 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Mon, 23 May 2022 12:50:55 +1000 Subject: [PATCH 0044/1176] seccomp: patchbpf: minor cleanups Define sizeof(int) as a constant, and also return ENOSYS earlier in the filter if it doesn't increase the number of instructions we generate (this is a negligible performance improvement but it does make it easier to understand the generated filter stub). Signed-off-by: Aleksa Sarai --- libcontainer/seccomp/patchbpf/enosys_linux.go | 22 ++++++++++--------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/libcontainer/seccomp/patchbpf/enosys_linux.go b/libcontainer/seccomp/patchbpf/enosys_linux.go index 6376512b086..29302db8b66 100644 --- a/libcontainer/seccomp/patchbpf/enosys_linux.go +++ b/libcontainer/seccomp/patchbpf/enosys_linux.go @@ -80,6 +80,9 @@ import "C" var retErrnoEnosys = uint32(C.C_ACT_ERRNO_ENOSYS) +// Assume sizeof(int) == 4 in the BPF program. +const bpfSizeofInt = 4 + // This syscall is used for multiplexing "large" syscalls on s390(x). Unknown // syscalls will end up with this syscall number, so we need to explcitly // return -ENOSYS for this syscall on those architectures. @@ -99,7 +102,6 @@ func isAllowAction(action configs.Action) bool { func parseProgram(rdr io.Reader) ([]bpf.RawInstruction, error) { var program []bpf.RawInstruction -loop: for { // Read the next instruction. We have to use NativeEndian because // seccomp_export_bpf outputs the program in *host* endian-ness. @@ -107,7 +109,7 @@ loop: if err := binary.Read(rdr, utils.NativeEndian, &insn); err != nil { if errors.Is(err, io.EOF) { // Parsing complete. - break loop + break } if errors.Is(err, io.ErrUnexpectedEOF) { // Parsing stopped mid-instruction. @@ -321,7 +323,7 @@ func generateEnosysStub(lastSyscalls lastSyscallMap) ([]bpf.Instruction, error) // share this code between architecture branches. section := []bpf.Instruction{ // load [0] (syscall number) - bpf.LoadAbsolute{Off: 0, Size: 4}, // NOTE: We assume sizeof(int) == 4. + bpf.LoadAbsolute{Off: 0, Size: bpfSizeofInt}, } switch len(maxSyscalls) { @@ -381,8 +383,8 @@ func generateEnosysStub(lastSyscalls lastSyscallMap) ([]bpf.Instruction, error) sectionTail = []bpf.Instruction{ // jle [syscall],1 bpf.JumpIf{Cond: bpf.JumpLessOrEqual, Val: uint32(sysno), SkipTrue: 1}, - // ja [baseJumpEnosys+1] - bpf.Jump{Skip: baseJumpEnosys + 1}, + // ret [ENOSYS] + bpf.RetConstant{Val: retErrnoEnosys}, // ja [baseJumpFilter] bpf.Jump{Skip: baseJumpFilter}, } @@ -466,7 +468,7 @@ func generateEnosysStub(lastSyscalls lastSyscallMap) ([]bpf.Instruction, error) // jset (1<<30),1 // jgt [x86 syscall],1,2 // jle [x32 syscall],1 - // ja [baseJumpEnosys+1] + // ret [ENOSYS] // ja [baseJumpFilter] section = append(section, []bpf.Instruction{ // jset (1<<30),1 @@ -477,14 +479,14 @@ func generateEnosysStub(lastSyscalls lastSyscallMap) ([]bpf.Instruction, error) Val: uint32(x86sysno), SkipTrue: 1, SkipFalse: 2, }, - // jle [x32 syscall],[baseJumpEnosys] + // jle [x32 syscall],1 bpf.JumpIf{ Cond: bpf.JumpLessOrEqual, Val: uint32(x32sysno), SkipTrue: 1, }, - // ja [baseJumpEnosys+1] - bpf.Jump{Skip: baseJumpEnosys + 1}, + // ret [ENOSYS] + bpf.RetConstant{Val: retErrnoEnosys}, // ja [baseJumpFilter] bpf.Jump{Skip: baseJumpFilter}, }...) @@ -549,7 +551,7 @@ func generateEnosysStub(lastSyscalls lastSyscallMap) ([]bpf.Instruction, error) // Prepend the load instruction for the architecture. programTail = append([]bpf.Instruction{ // load [4] (architecture) - bpf.LoadAbsolute{Off: 4, Size: 4}, // NOTE: We assume sizeof(int) == 4. + bpf.LoadAbsolute{Off: bpfSizeofInt, Size: bpfSizeofInt}, }, programTail...) // And that's all folks! From f7b07fd54c67b322fa436413d3ecb479c2f4579e Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 23 May 2022 12:56:35 -0700 Subject: [PATCH 0045/1176] Dockerfile,scripts/release: bump libseccomp to v2.5.4 Release notes: https://github.com/seccomp/libseccomp/releases/tag/v2.5.4 This affects the released static binaries (as they are statically linked against libseccomp). Signed-off-by: Kir Kolyshkin --- Dockerfile | 2 +- script/release_build.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index bd2615438f2..1b41b7fc1ff 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ ARG GO_VERSION=1.18 ARG BATS_VERSION=v1.3.0 -ARG LIBSECCOMP_VERSION=2.5.3 +ARG LIBSECCOMP_VERSION=2.5.4 FROM golang:${GO_VERSION}-bullseye ARG DEBIAN_FRONTEND=noninteractive diff --git a/script/release_build.sh b/script/release_build.sh index 2525161585c..af238628cbd 100755 --- a/script/release_build.sh +++ b/script/release_build.sh @@ -19,7 +19,7 @@ set -e ## ---> # Project-specific options and functions. In *theory* you shouldn't need to # touch anything else in this script in order to use this elsewhere. -: "${LIBSECCOMP_VERSION:=2.5.3}" +: "${LIBSECCOMP_VERSION:=2.5.4}" project="runc" root="$(readlink -f "$(dirname "${BASH_SOURCE[0]}")/..")" From fbafaf315eb0a64541b5a277ec4929c82e697182 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 23 May 2022 12:51:06 -0700 Subject: [PATCH 0046/1176] ci: drop docker layer caching from release job This job is failing with "No space left on device" lately, and this helps to fix it. Besides, it seems that caching does not help to shorten execution times (validate/release job succeeds in under 8 minutes now; ymmv). Signed-off-by: Kir Kolyshkin --- .github/workflows/validate.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 42846b91272..3f21270ab1d 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -186,8 +186,6 @@ jobs: # under Docker will emerge, it will be good to have a separate make # runcimage job and share its result (the docker image) with whoever # needs it. - - uses: satackey/action-docker-layer-caching@v0.0.11 - continue-on-error: true - name: build docker image run: make runcimage - name: make releaseall From e1d04cdfebd16057a10f251ad6a5a5df2e700a1b Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 24 May 2022 10:50:18 -0700 Subject: [PATCH 0047/1176] script/seccomp.sh: check tarball sha256 Add checking of downloaded tarball checksum. In case it doesn't match the hardcoded value, the error is like this: libseccomp-2.5.4.tar.gz: FAILED sha256sum: WARNING: 1 computed checksum did NOT match In case the checksum for a particular version is not specified in the script, the error will look like this: ./script/seccomp.sh: line 29: SECCOMP_SHA256[${ver}]: unbound variable In case the the hardcoded value in the file is of wrong format/length, we'll get: sha256sum: 'standard input': no properly formatted SHA256 checksum lines found In any of these cases, the script aborts (due to set -e). Signed-off-by: Kir Kolyshkin --- script/seccomp.sh | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/script/seccomp.sh b/script/seccomp.sh index 2c2ea84e0f4..beea612ac83 100755 --- a/script/seccomp.sh +++ b/script/seccomp.sh @@ -5,6 +5,11 @@ set -e -u -o pipefail # shellcheck source=./script/lib.sh source "$(dirname "${BASH_SOURCE[0]}")/lib.sh" +# sha256 checksums for seccomp release tarballs. +declare -A SECCOMP_SHA256=( + ["2.5.4"]=d82902400405cf0068574ef3dc1fe5f5926207543ba1ae6f8e7a1576351dcbdb +) + # Due to libseccomp being LGPL we must include its sources, # so download, install and build against it. # Parameters: @@ -19,8 +24,10 @@ function build_libseccomp() { local arches=("$@") local tar="libseccomp-${ver}.tar.gz" - # Download and extract. + # Download, check, and extract. wget "https://github.com/seccomp/libseccomp/releases/download/v${ver}/${tar}"{,.asc} + sha256sum --strict --check - <<<"${SECCOMP_SHA256[${ver}]} *${tar}" + local srcdir srcdir="$(mktemp -d)" tar xf "$tar" -C "$srcdir" From 6b96cbdd59f5ed482a8f0b06720bad08cbc57c79 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 25 May 2022 18:48:10 -0700 Subject: [PATCH 0048/1176] ci: improve shellcheck job 1. Use env directive instead of adding to $GITHUB_ENV. 2. Use bash herefile to feed sha256sum instead of pipe to grep. 3. Fix the hardcoded checksum (it was missing the first character). Signed-off-by: Kir Kolyshkin --- .github/workflows/validate.yml | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 3f21270ab1d..979b0510dfd 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -90,24 +90,23 @@ jobs: runs-on: ubuntu-20.04 steps: - uses: actions/checkout@v3 - - name: vars - run: | - echo 'VERSION=v0.8.0' >> $GITHUB_ENV - echo 'BASEURL=https://github.com/koalaman/shellcheck/releases/download' >> $GITHUB_ENV - echo 'SHA256SUM=f4bce23c11c3919c1b20bcb0f206f6b44c44e26f2bc95f8aa708716095fa0651' >> $GITHUB_ENV - echo ~/bin >> $GITHUB_PATH - name: install shellcheck + env: + VERSION: v0.8.0 + BASEURL: https://github.com/koalaman/shellcheck/releases/download + SHA256: f4bce23c11c3919c1b20bcb0f206f6b44c44e26f2bc95f8aa708716095fa0651 run: | mkdir ~/bin curl -sSfL --retry 5 $BASEURL/$VERSION/shellcheck-$VERSION.linux.x86_64.tar.xz | tar xfJ - -C ~/bin --strip 1 shellcheck-$VERSION/shellcheck - sha256sum ~/bin/shellcheck | grep -q $SHA256SUM + sha256sum --strict --check - <<<"$SHA256 *$HOME/bin/shellcheck" # make sure to remove the old version sudo rm -f /usr/bin/shellcheck + # Add ~/bin to $PATH. + echo ~/bin >> $GITHUB_PATH - uses: lumaxis/shellcheck-problem-matchers@v1 - - name: shellcheck - run: | - make shellcheck + - name: run + run: make shellcheck - name: check-config.sh run : ./script/check-config.sh From e0406b4ba62071d40f1eaa443945764e0ef56c41 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 26 May 2022 13:33:16 -0700 Subject: [PATCH 0049/1176] vendor: bump cilium/ebpf to v0.9.0 Also, change the deprecated Sym to WithSymbol. Signed-off-by: Kir Kolyshkin --- go.mod | 2 +- go.sum | 4 +- libcontainer/cgroups/devices/devicefilter.go | 4 +- vendor/github.com/cilium/ebpf/MAINTAINERS.md | 8 + vendor/github.com/cilium/ebpf/Makefile | 22 +- vendor/github.com/cilium/ebpf/asm/func.go | 6 + .../github.com/cilium/ebpf/asm/instruction.go | 364 +++++++-- vendor/github.com/cilium/ebpf/asm/jump.go | 60 +- vendor/github.com/cilium/ebpf/asm/metadata.go | 80 ++ vendor/github.com/cilium/ebpf/asm/opcode.go | 19 +- .../cilium/ebpf/{internal => }/btf/btf.go | 388 ++++------ .../ebpf/{internal => }/btf/btf_types.go | 21 +- .../{internal => }/btf/btf_types_string.go | 0 .../cilium/ebpf/{internal => }/btf/core.go | 481 +++++++----- .../cilium/ebpf/{internal => }/btf/doc.go | 3 - vendor/github.com/cilium/ebpf/btf/ext_info.go | 721 ++++++++++++++++++ .../cilium/ebpf/{internal => }/btf/format.go | 48 +- .../cilium/ebpf/{internal => }/btf/info.go | 0 vendor/github.com/cilium/ebpf/btf/strings.go | 112 +++ .../cilium/ebpf/{internal => }/btf/types.go | 583 +++++++++----- vendor/github.com/cilium/ebpf/collection.go | 203 +++-- vendor/github.com/cilium/ebpf/doc.go | 9 + vendor/github.com/cilium/ebpf/elf_reader.go | 255 ++++--- vendor/github.com/cilium/ebpf/info.go | 9 +- .../cilium/ebpf/internal/btf/ext_info.go | 497 ------------ .../cilium/ebpf/internal/btf/strings.go | 54 -- vendor/github.com/cilium/ebpf/internal/elf.go | 23 + .../github.com/cilium/ebpf/internal/endian.go | 29 - .../cilium/ebpf/internal/endian_be.go | 13 + .../cilium/ebpf/internal/endian_le.go | 13 + .../github.com/cilium/ebpf/internal/errors.go | 10 +- .../cilium/ebpf/internal/feature.go | 10 +- vendor/github.com/cilium/ebpf/internal/io.go | 2 +- .../cilium/ebpf/internal/sys/doc.go | 4 +- .../cilium/ebpf/internal/sys/types.go | 136 +++- .../cilium/ebpf/internal/unix/types_linux.go | 1 + .../cilium/ebpf/internal/unix/types_other.go | 1 + vendor/github.com/cilium/ebpf/link/kprobe.go | 160 +++- vendor/github.com/cilium/ebpf/link/link.go | 6 +- .../github.com/cilium/ebpf/link/perf_event.go | 252 ++++-- .../github.com/cilium/ebpf/link/syscalls.go | 6 +- .../github.com/cilium/ebpf/link/tracepoint.go | 33 +- vendor/github.com/cilium/ebpf/link/tracing.go | 7 +- vendor/github.com/cilium/ebpf/link/uprobe.go | 48 +- vendor/github.com/cilium/ebpf/linker.go | 195 +++-- vendor/github.com/cilium/ebpf/map.go | 106 ++- vendor/github.com/cilium/ebpf/marshalers.go | 9 +- vendor/github.com/cilium/ebpf/prog.go | 262 +++---- vendor/github.com/cilium/ebpf/run-tests.sh | 45 +- vendor/github.com/cilium/ebpf/syscalls.go | 46 +- vendor/modules.txt | 6 +- 51 files changed, 3341 insertions(+), 2035 deletions(-) create mode 100644 vendor/github.com/cilium/ebpf/MAINTAINERS.md create mode 100644 vendor/github.com/cilium/ebpf/asm/metadata.go rename vendor/github.com/cilium/ebpf/{internal => }/btf/btf.go (71%) rename vendor/github.com/cilium/ebpf/{internal => }/btf/btf_types.go (89%) rename vendor/github.com/cilium/ebpf/{internal => }/btf/btf_types_string.go (100%) rename vendor/github.com/cilium/ebpf/{internal => }/btf/core.go (66%) rename vendor/github.com/cilium/ebpf/{internal => }/btf/doc.go (71%) create mode 100644 vendor/github.com/cilium/ebpf/btf/ext_info.go rename vendor/github.com/cilium/ebpf/{internal => }/btf/format.go (91%) rename vendor/github.com/cilium/ebpf/{internal => }/btf/info.go (100%) create mode 100644 vendor/github.com/cilium/ebpf/btf/strings.go rename vendor/github.com/cilium/ebpf/{internal => }/btf/types.go (57%) delete mode 100644 vendor/github.com/cilium/ebpf/internal/btf/ext_info.go delete mode 100644 vendor/github.com/cilium/ebpf/internal/btf/strings.go delete mode 100644 vendor/github.com/cilium/ebpf/internal/endian.go create mode 100644 vendor/github.com/cilium/ebpf/internal/endian_be.go create mode 100644 vendor/github.com/cilium/ebpf/internal/endian_le.go diff --git a/go.mod b/go.mod index a2c363ce1d4..0dac0b56750 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.17 require ( github.com/checkpoint-restore/go-criu/v5 v5.3.0 - github.com/cilium/ebpf v0.8.1 + github.com/cilium/ebpf v0.9.0 github.com/containerd/console v1.0.3 github.com/coreos/go-systemd/v22 v22.3.2 github.com/cyphar/filepath-securejoin v0.2.3 diff --git a/go.sum b/go.sum index 30d6ee33207..2c89516a42b 100644 --- a/go.sum +++ b/go.sum @@ -1,8 +1,8 @@ github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/checkpoint-restore/go-criu/v5 v5.3.0 h1:wpFFOoomK3389ue2lAb0Boag6XPht5QYpipxmSNL4d8= github.com/checkpoint-restore/go-criu/v5 v5.3.0/go.mod h1:E/eQpaFtUKGOOSEBZgmKAcn+zUUwWxqcaKZlF54wK8E= -github.com/cilium/ebpf v0.8.1 h1:bLSSEbBLqGPXxls55pGr5qWZaTqcmfDJHhou7t254ao= -github.com/cilium/ebpf v0.8.1/go.mod h1:f5zLIM0FSNuAkSyLAN7X+Hy6yznlF1mNiWUMfxMtrgk= +github.com/cilium/ebpf v0.9.0 h1:ldiV+FscPCQ/p3mNEV4O02EPbUZJFsoEtHvIr9xLTvk= +github.com/cilium/ebpf v0.9.0/go.mod h1:+OhNOIXx/Fnu1IE8bJz2dzOA+VSfyTfdNUVdlQnxUFY= github.com/containerd/console v1.0.3 h1:lIr7SlA5PxZyMV30bDW0MGbiOPXwc63yRuCP0ARubLw= github.com/containerd/console v1.0.3/go.mod h1:7LqA/THxQ86k76b8c/EMSiaJ3h1eZkMkXar0TQ1gf3U= github.com/coreos/go-systemd/v22 v22.3.2 h1:D9/bQk5vlXQFZ6Kwuu6zaiXJ9oTPe68++AzAJc1DzSI= diff --git a/libcontainer/cgroups/devices/devicefilter.go b/libcontainer/cgroups/devices/devicefilter.go index c8cfb5ab57b..5f59352bb04 100644 --- a/libcontainer/cgroups/devices/devicefilter.go +++ b/libcontainer/cgroups/devices/devicefilter.go @@ -174,7 +174,7 @@ func (p *program) appendRule(rule *devices.Rule) error { } p.insts = append(p.insts, acceptBlock(rule.Allow)...) // set blockSym to the first instruction we added in this iteration - p.insts[prevBlockLastIdx+1] = p.insts[prevBlockLastIdx+1].Sym(blockSym) + p.insts[prevBlockLastIdx+1] = p.insts[prevBlockLastIdx+1].WithSymbol(blockSym) p.blockID++ return nil } @@ -187,7 +187,7 @@ func (p *program) finalize() asm.Instructions { blockSym := "block-" + strconv.Itoa(p.blockID) p.insts = append(p.insts, // R0 <- v - asm.Mov.Imm32(asm.R0, v).Sym(blockSym), + asm.Mov.Imm32(asm.R0, v).WithSymbol(blockSym), asm.Return(), ) p.blockID = -1 diff --git a/vendor/github.com/cilium/ebpf/MAINTAINERS.md b/vendor/github.com/cilium/ebpf/MAINTAINERS.md new file mode 100644 index 00000000000..9c18e7e76f5 --- /dev/null +++ b/vendor/github.com/cilium/ebpf/MAINTAINERS.md @@ -0,0 +1,8 @@ +# Maintainers + + * [Lorenz Bauer] + * [Timo Beckers] (Isovalent) + + +[Lorenz Bauer]: https://github.com/lmb +[Timo Beckers]: https://github.com/ti-mo diff --git a/vendor/github.com/cilium/ebpf/Makefile b/vendor/github.com/cilium/ebpf/Makefile index 76a448caa15..3a1da886ae0 100644 --- a/vendor/github.com/cilium/ebpf/Makefile +++ b/vendor/github.com/cilium/ebpf/Makefile @@ -1,8 +1,8 @@ # The development version of clang is distributed as the 'clang' binary, # while stable/released versions have a version number attached. # Pin the default clang to a stable version. -CLANG ?= clang-13 -STRIP ?= llvm-strip-13 +CLANG ?= clang-14 +STRIP ?= llvm-strip-14 CFLAGS := -O2 -g -Wall -Werror $(CFLAGS) # Obtain an absolute path to the directory of the Makefile. @@ -13,7 +13,7 @@ UIDGID := $(shell stat -c '%u:%g' ${REPODIR}) # Prefer podman if installed, otherwise use docker. # Note: Setting the var at runtime will always override. CONTAINER_ENGINE ?= $(if $(shell command -v podman), podman, docker) -CONTAINER_RUN_ARGS ?= $(if $(filter ${CONTAINER_ENGINE}, podman),, --user "${UIDGID}") +CONTAINER_RUN_ARGS ?= $(if $(filter ${CONTAINER_ENGINE}, podman), --log-driver=none, --user "${UIDGID}") IMAGE := $(shell cat ${REPODIR}/testdata/docker/IMAGE) VERSION := $(shell cat ${REPODIR}/testdata/docker/VERSION) @@ -35,7 +35,9 @@ TARGETS := \ testdata/map_spin_lock \ testdata/subprog_reloc \ testdata/fwd_decl \ - internal/btf/testdata/relocs + btf/testdata/relocs \ + btf/testdata/relocs_read \ + btf/testdata/relocs_read_tgt .PHONY: all clean container-all container-shell generate @@ -58,9 +60,12 @@ container-shell: clean: -$(RM) testdata/*.elf - -$(RM) internal/btf/testdata/*.elf + -$(RM) btf/testdata/*.elf -all: $(addsuffix -el.elf,$(TARGETS)) $(addsuffix -eb.elf,$(TARGETS)) generate +format: + find . -type f -name "*.c" | xargs clang-format -i + +all: format $(addsuffix -el.elf,$(TARGETS)) $(addsuffix -eb.elf,$(TARGETS)) generate ln -srf testdata/loader-$(CLANG)-el.elf testdata/loader-el.elf ln -srf testdata/loader-$(CLANG)-eb.elf testdata/loader-eb.elf @@ -69,6 +74,7 @@ generate: export BPF_CLANG := $(CLANG) generate: export BPF_CFLAGS := $(CFLAGS) generate: go generate ./cmd/bpf2go/test + go generate ./internal/sys cd examples/ && go generate ./... testdata/loader-%-el.elf: testdata/loader.c @@ -89,6 +95,6 @@ testdata/loader-%-eb.elf: testdata/loader.c # Usage: make VMLINUX=/path/to/vmlinux vmlinux-btf .PHONY: vmlinux-btf -vmlinux-btf: internal/btf/testdata/vmlinux-btf.gz -internal/btf/testdata/vmlinux-btf.gz: $(VMLINUX) +vmlinux-btf: btf/testdata/vmlinux-btf.gz +btf/testdata/vmlinux-btf.gz: $(VMLINUX) objcopy --dump-section .BTF=/dev/stdout "$<" /dev/null | gzip > "$@" diff --git a/vendor/github.com/cilium/ebpf/asm/func.go b/vendor/github.com/cilium/ebpf/asm/func.go index b75a2934ee6..ba0a107c733 100644 --- a/vendor/github.com/cilium/ebpf/asm/func.go +++ b/vendor/github.com/cilium/ebpf/asm/func.go @@ -5,6 +5,10 @@ package asm // BuiltinFunc is a built-in eBPF function. type BuiltinFunc int32 +func (_ BuiltinFunc) Max() BuiltinFunc { + return maxBuiltinFunc - 1 +} + // eBPF built-in functions // // You can regenerate this list using the following gawk script: @@ -197,6 +201,8 @@ const ( FnGetFuncIp FnGetAttachCookie FnTaskPtRegs + + maxBuiltinFunc ) // Call emits a function call. diff --git a/vendor/github.com/cilium/ebpf/asm/instruction.go b/vendor/github.com/cilium/ebpf/asm/instruction.go index 22975e8f72b..5bf9920dedf 100644 --- a/vendor/github.com/cilium/ebpf/asm/instruction.go +++ b/vendor/github.com/cilium/ebpf/asm/instruction.go @@ -10,6 +10,7 @@ import ( "math" "strings" + "github.com/cilium/ebpf/internal/sys" "github.com/cilium/ebpf/internal/unix" ) @@ -19,6 +20,10 @@ const InstructionSize = 8 // RawInstructionOffset is an offset in units of raw BPF instructions. type RawInstructionOffset uint64 +var ErrUnreferencedSymbol = errors.New("unreferenced symbol") +var ErrUnsatisfiedMapReference = errors.New("unsatisfied map reference") +var ErrUnsatisfiedProgramReference = errors.New("unsatisfied program reference") + // Bytes returns the offset of an instruction in bytes. func (rio RawInstructionOffset) Bytes() uint64 { return uint64(rio) * InstructionSize @@ -32,17 +37,8 @@ type Instruction struct { Offset int16 Constant int64 - // Reference denotes a reference (e.g. a jump) to another symbol. - Reference string - - // Symbol denotes an instruction at the start of a function body. - Symbol string -} - -// Sym creates a symbol. -func (ins Instruction) Sym(name string) Instruction { - ins.Symbol = name - return ins + // Metadata contains optional metadata about this instruction. + Metadata Metadata } // Unmarshal decodes a BPF instruction. @@ -133,31 +129,65 @@ func (ins Instruction) Marshal(w io.Writer, bo binary.ByteOrder) (uint64, error) return 2 * InstructionSize, nil } +// AssociateMap associates a Map with this Instruction. +// +// Implicitly clears the Instruction's Reference field. +// +// Returns an error if the Instruction is not a map load. +func (ins *Instruction) AssociateMap(m FDer) error { + if !ins.IsLoadFromMap() { + return errors.New("not a load from a map") + } + + ins.Metadata.Set(referenceMeta{}, nil) + ins.Metadata.Set(mapMeta{}, m) + + return nil +} + // RewriteMapPtr changes an instruction to use a new map fd. // // Returns an error if the instruction doesn't load a map. +// +// Deprecated: use AssociateMap instead. If you cannot provide a Map, +// wrap an fd in a type implementing FDer. func (ins *Instruction) RewriteMapPtr(fd int) error { - if !ins.OpCode.IsDWordLoad() { - return fmt.Errorf("%s is not a 64 bit load", ins.OpCode) - } - - if ins.Src != PseudoMapFD && ins.Src != PseudoMapValue { + if !ins.IsLoadFromMap() { return errors.New("not a load from a map") } + ins.encodeMapFD(fd) + + return nil +} + +func (ins *Instruction) encodeMapFD(fd int) { // Preserve the offset value for direct map loads. offset := uint64(ins.Constant) & (math.MaxUint32 << 32) rawFd := uint64(uint32(fd)) ins.Constant = int64(offset | rawFd) - return nil } // MapPtr returns the map fd for this instruction. // // The result is undefined if the instruction is not a load from a map, // see IsLoadFromMap. +// +// Deprecated: use Map() instead. func (ins *Instruction) MapPtr() int { - return int(int32(uint64(ins.Constant) & math.MaxUint32)) + // If there is a map associated with the instruction, return its FD. + if fd := ins.Metadata.Get(mapMeta{}); fd != nil { + return fd.(FDer).FD() + } + + // Fall back to the fd stored in the Constant field + return ins.mapFd() +} + +// mapFd returns the map file descriptor stored in the 32 least significant +// bits of ins' Constant field. +func (ins *Instruction) mapFd() int { + return int(int32(ins.Constant)) } // RewriteMapOffset changes the offset of a direct load from a map. @@ -239,13 +269,22 @@ func (ins Instruction) Format(f fmt.State, c rune) { } if ins.IsLoadFromMap() { - fd := ins.MapPtr() + fd := ins.mapFd() + m := ins.Map() switch ins.Src { case PseudoMapFD: - fmt.Fprintf(f, "LoadMapPtr dst: %s fd: %d", ins.Dst, fd) + if m != nil { + fmt.Fprintf(f, "LoadMapPtr dst: %s map: %s", ins.Dst, m) + } else { + fmt.Fprintf(f, "LoadMapPtr dst: %s fd: %d", ins.Dst, fd) + } case PseudoMapValue: - fmt.Fprintf(f, "LoadMapValue dst: %s, fd: %d off: %d", ins.Dst, fd, ins.mapOffset()) + if m != nil { + fmt.Fprintf(f, "LoadMapValue dst: %s, map: %s off: %d", ins.Dst, m, ins.mapOffset()) + } else { + fmt.Fprintf(f, "LoadMapValue dst: %s, fd: %d off: %d", ins.Dst, fd, ins.mapOffset()) + } } goto ref @@ -296,16 +335,103 @@ func (ins Instruction) Format(f fmt.State, c rune) { } ref: - if ins.Reference != "" { - fmt.Fprintf(f, " <%s>", ins.Reference) + if ins.Reference() != "" { + fmt.Fprintf(f, " <%s>", ins.Reference()) } } +func (ins Instruction) equal(other Instruction) bool { + return ins.OpCode == other.OpCode && + ins.Dst == other.Dst && + ins.Src == other.Src && + ins.Offset == other.Offset && + ins.Constant == other.Constant +} + // Size returns the amount of bytes ins would occupy in binary form. func (ins Instruction) Size() uint64 { return uint64(InstructionSize * ins.OpCode.rawInstructions()) } +type symbolMeta struct{} + +// WithSymbol marks the Instruction as a Symbol, which other Instructions +// can point to using corresponding calls to WithReference. +func (ins Instruction) WithSymbol(name string) Instruction { + ins.Metadata.Set(symbolMeta{}, name) + return ins +} + +// Sym creates a symbol. +// +// Deprecated: use WithSymbol instead. +func (ins Instruction) Sym(name string) Instruction { + return ins.WithSymbol(name) +} + +// Symbol returns the value ins has been marked with using WithSymbol, +// otherwise returns an empty string. A symbol is often an Instruction +// at the start of a function body. +func (ins Instruction) Symbol() string { + sym, _ := ins.Metadata.Get(symbolMeta{}).(string) + return sym +} + +type referenceMeta struct{} + +// WithReference makes ins reference another Symbol or map by name. +func (ins Instruction) WithReference(ref string) Instruction { + ins.Metadata.Set(referenceMeta{}, ref) + return ins +} + +// Reference returns the Symbol or map name referenced by ins, if any. +func (ins Instruction) Reference() string { + ref, _ := ins.Metadata.Get(referenceMeta{}).(string) + return ref +} + +type mapMeta struct{} + +// Map returns the Map referenced by ins, if any. +// An Instruction will contain a Map if e.g. it references an existing, +// pinned map that was opened during ELF loading. +func (ins Instruction) Map() FDer { + fd, _ := ins.Metadata.Get(mapMeta{}).(FDer) + return fd +} + +type sourceMeta struct{} + +// WithSource adds source information about the Instruction. +func (ins Instruction) WithSource(src fmt.Stringer) Instruction { + ins.Metadata.Set(sourceMeta{}, src) + return ins +} + +// Source returns source information about the Instruction. The field is +// present when the compiler emits BTF line info about the Instruction and +// usually contains the line of source code responsible for it. +func (ins Instruction) Source() fmt.Stringer { + str, _ := ins.Metadata.Get(sourceMeta{}).(fmt.Stringer) + return str +} + +// A Comment can be passed to Instruction.WithSource to add a comment +// to an instruction. +type Comment string + +func (s Comment) String() string { + return string(s) +} + +// FDer represents a resource tied to an underlying file descriptor. +// Used as a stand-in for e.g. ebpf.Map since that type cannot be +// imported here and FD() is the only method we rely on. +type FDer interface { + FD() int +} + // Instructions is an eBPF program. type Instructions []Instruction @@ -339,7 +465,7 @@ func (insns Instructions) Name() string { if len(insns) == 0 { return "" } - return insns[0].Symbol + return insns[0].Symbol() } func (insns Instructions) String() string { @@ -355,30 +481,66 @@ func (insns Instructions) Size() uint64 { return sum } +// AssociateMap updates all Instructions that Reference the given symbol +// to point to an existing Map m instead. +// +// Returns ErrUnreferencedSymbol error if no references to symbol are found +// in insns. If symbol is anything else than the symbol name of map (e.g. +// a bpf2bpf subprogram), an error is returned. +func (insns Instructions) AssociateMap(symbol string, m FDer) error { + if symbol == "" { + return errors.New("empty symbol") + } + + var found bool + for i := range insns { + ins := &insns[i] + if ins.Reference() != symbol { + continue + } + + if err := ins.AssociateMap(m); err != nil { + return err + } + + found = true + } + + if !found { + return fmt.Errorf("symbol %s: %w", symbol, ErrUnreferencedSymbol) + } + + return nil +} + // RewriteMapPtr rewrites all loads of a specific map pointer to a new fd. // -// Returns an error if the symbol isn't used, see IsUnreferencedSymbol. +// Returns ErrUnreferencedSymbol if the symbol isn't used. +// +// Deprecated: use AssociateMap instead. func (insns Instructions) RewriteMapPtr(symbol string, fd int) error { if symbol == "" { return errors.New("empty symbol") } - found := false + var found bool for i := range insns { ins := &insns[i] - if ins.Reference != symbol { + if ins.Reference() != symbol { continue } - if err := ins.RewriteMapPtr(fd); err != nil { - return err + if !ins.IsLoadFromMap() { + return errors.New("not a load from a map") } + ins.encodeMapFD(fd) + found = true } if !found { - return &unreferencedSymbolError{symbol} + return fmt.Errorf("symbol %s: %w", symbol, ErrUnreferencedSymbol) } return nil @@ -390,15 +552,15 @@ func (insns Instructions) SymbolOffsets() (map[string]int, error) { offsets := make(map[string]int) for i, ins := range insns { - if ins.Symbol == "" { + if ins.Symbol() == "" { continue } - if _, ok := offsets[ins.Symbol]; ok { - return nil, fmt.Errorf("duplicate symbol %s", ins.Symbol) + if _, ok := offsets[ins.Symbol()]; ok { + return nil, fmt.Errorf("duplicate symbol %s", ins.Symbol()) } - offsets[ins.Symbol] = i + offsets[ins.Symbol()] = i } return offsets, nil @@ -415,7 +577,7 @@ func (insns Instructions) FunctionReferences() map[string]bool { continue } - if ins.Reference == "" { + if ins.Reference() == "" { continue } @@ -423,7 +585,7 @@ func (insns Instructions) FunctionReferences() map[string]bool { continue } - calls[ins.Reference] = true + calls[ins.Reference()] = true } return calls @@ -435,11 +597,11 @@ func (insns Instructions) ReferenceOffsets() map[string][]int { offsets := make(map[string][]int) for i, ins := range insns { - if ins.Reference == "" { + if ins.Reference() == "" { continue } - offsets[ins.Reference] = append(offsets[ins.Reference], i) + offsets[ins.Reference()] = append(offsets[ins.Reference()], i) } return offsets @@ -490,18 +652,34 @@ func (insns Instructions) Format(f fmt.State, c rune) { iter := insns.Iterate() for iter.Next() { - if iter.Ins.Symbol != "" { - fmt.Fprintf(f, "%s%s:\n", symIndent, iter.Ins.Symbol) + if iter.Ins.Symbol() != "" { + fmt.Fprintf(f, "%s%s:\n", symIndent, iter.Ins.Symbol()) + } + if src := iter.Ins.Source(); src != nil { + line := strings.TrimSpace(src.String()) + if line != "" { + fmt.Fprintf(f, "%s%*s; %s\n", indent, offsetWidth, " ", line) + } } fmt.Fprintf(f, "%s%*d: %v\n", indent, offsetWidth, iter.Offset, iter.Ins) } } // Marshal encodes a BPF program into the kernel format. +// +// Returns ErrUnsatisfiedProgramReference if there is a Reference Instruction +// without a matching Symbol Instruction within insns. func (insns Instructions) Marshal(w io.Writer, bo binary.ByteOrder) error { + if err := insns.encodeFunctionReferences(); err != nil { + return err + } + + if err := insns.encodeMapPointers(); err != nil { + return err + } + for i, ins := range insns { - _, err := ins.Marshal(w, bo) - if err != nil { + if _, err := ins.Marshal(w, bo); err != nil { return fmt.Errorf("instruction %d: %w", i, err) } } @@ -527,6 +705,95 @@ func (insns Instructions) Tag(bo binary.ByteOrder) (string, error) { return hex.EncodeToString(h.Sum(nil)[:unix.BPF_TAG_SIZE]), nil } +// encodeFunctionReferences populates the Offset (or Constant, depending on +// the instruction type) field of instructions with a Reference field to point +// to the offset of the corresponding instruction with a matching Symbol field. +// +// Only Reference Instructions that are either jumps or BPF function references +// (calls or function pointer loads) are populated. +// +// Returns ErrUnsatisfiedProgramReference if there is a Reference Instruction +// without at least one corresponding Symbol Instruction within insns. +func (insns Instructions) encodeFunctionReferences() error { + // Index the offsets of instructions tagged as a symbol. + symbolOffsets := make(map[string]RawInstructionOffset) + iter := insns.Iterate() + for iter.Next() { + ins := iter.Ins + + if ins.Symbol() == "" { + continue + } + + if _, ok := symbolOffsets[ins.Symbol()]; ok { + return fmt.Errorf("duplicate symbol %s", ins.Symbol()) + } + + symbolOffsets[ins.Symbol()] = iter.Offset + } + + // Find all instructions tagged as references to other symbols. + // Depending on the instruction type, populate their constant or offset + // fields to point to the symbol they refer to within the insn stream. + iter = insns.Iterate() + for iter.Next() { + i := iter.Index + offset := iter.Offset + ins := iter.Ins + + if ins.Reference() == "" { + continue + } + + switch { + case ins.IsFunctionReference() && ins.Constant == -1: + symOffset, ok := symbolOffsets[ins.Reference()] + if !ok { + return fmt.Errorf("%s at insn %d: symbol %q: %w", ins.OpCode, i, ins.Reference(), ErrUnsatisfiedProgramReference) + } + + ins.Constant = int64(symOffset - offset - 1) + + case ins.OpCode.Class().IsJump() && ins.Offset == -1: + symOffset, ok := symbolOffsets[ins.Reference()] + if !ok { + return fmt.Errorf("%s at insn %d: symbol %q: %w", ins.OpCode, i, ins.Reference(), ErrUnsatisfiedProgramReference) + } + + ins.Offset = int16(symOffset - offset - 1) + } + } + + return nil +} + +// encodeMapPointers finds all Map Instructions and encodes their FDs +// into their Constant fields. +func (insns Instructions) encodeMapPointers() error { + iter := insns.Iterate() + for iter.Next() { + ins := iter.Ins + + if !ins.IsLoadFromMap() { + continue + } + + m := ins.Map() + if m == nil { + continue + } + + fd := m.FD() + if fd < 0 { + return fmt.Errorf("map %s: %w", m, sys.ErrClosedFd) + } + + ins.encodeMapFD(m.FD()) + } + + return nil +} + // Iterate allows iterating a BPF program while keeping track of // various offsets. // @@ -575,17 +842,10 @@ func newBPFRegisters(dst, src Register, bo binary.ByteOrder) (bpfRegisters, erro } } -type unreferencedSymbolError struct { - symbol string -} - -func (use *unreferencedSymbolError) Error() string { - return fmt.Sprintf("unreferenced symbol %s", use.symbol) -} - // IsUnreferencedSymbol returns true if err was caused by // an unreferenced symbol. +// +// Deprecated: use errors.Is(err, asm.ErrUnreferencedSymbol). func IsUnreferencedSymbol(err error) bool { - _, ok := err.(*unreferencedSymbolError) - return ok + return errors.Is(err, ErrUnreferencedSymbol) } diff --git a/vendor/github.com/cilium/ebpf/asm/jump.go b/vendor/github.com/cilium/ebpf/asm/jump.go index 199c0694064..e31e42cac52 100644 --- a/vendor/github.com/cilium/ebpf/asm/jump.go +++ b/vendor/github.com/cilium/ebpf/asm/jump.go @@ -63,47 +63,43 @@ func (op JumpOp) Op(source Source) OpCode { // Imm compares 64 bit dst to 64 bit value (sign extended), and adjusts PC by offset if the condition is fulfilled. func (op JumpOp) Imm(dst Register, value int32, label string) Instruction { return Instruction{ - OpCode: op.opCode(JumpClass, ImmSource), - Dst: dst, - Offset: -1, - Constant: int64(value), - Reference: label, - } + OpCode: op.opCode(JumpClass, ImmSource), + Dst: dst, + Offset: -1, + Constant: int64(value), + }.WithReference(label) } // Imm32 compares 32 bit dst to 32 bit value, and adjusts PC by offset if the condition is fulfilled. // Requires kernel 5.1. func (op JumpOp) Imm32(dst Register, value int32, label string) Instruction { return Instruction{ - OpCode: op.opCode(Jump32Class, ImmSource), - Dst: dst, - Offset: -1, - Constant: int64(value), - Reference: label, - } + OpCode: op.opCode(Jump32Class, ImmSource), + Dst: dst, + Offset: -1, + Constant: int64(value), + }.WithReference(label) } // Reg compares 64 bit dst to 64 bit src, and adjusts PC by offset if the condition is fulfilled. func (op JumpOp) Reg(dst, src Register, label string) Instruction { return Instruction{ - OpCode: op.opCode(JumpClass, RegSource), - Dst: dst, - Src: src, - Offset: -1, - Reference: label, - } + OpCode: op.opCode(JumpClass, RegSource), + Dst: dst, + Src: src, + Offset: -1, + }.WithReference(label) } // Reg32 compares 32 bit dst to 32 bit src, and adjusts PC by offset if the condition is fulfilled. // Requires kernel 5.1. func (op JumpOp) Reg32(dst, src Register, label string) Instruction { return Instruction{ - OpCode: op.opCode(Jump32Class, RegSource), - Dst: dst, - Src: src, - Offset: -1, - Reference: label, - } + OpCode: op.opCode(Jump32Class, RegSource), + Dst: dst, + Src: src, + Offset: -1, + }.WithReference(label) } func (op JumpOp) opCode(class Class, source Source) OpCode { @@ -118,16 +114,14 @@ func (op JumpOp) opCode(class Class, source Source) OpCode { func (op JumpOp) Label(label string) Instruction { if op == Call { return Instruction{ - OpCode: OpCode(JumpClass).SetJumpOp(Call), - Src: PseudoCall, - Constant: -1, - Reference: label, - } + OpCode: OpCode(JumpClass).SetJumpOp(Call), + Src: PseudoCall, + Constant: -1, + }.WithReference(label) } return Instruction{ - OpCode: OpCode(JumpClass).SetJumpOp(op), - Offset: -1, - Reference: label, - } + OpCode: OpCode(JumpClass).SetJumpOp(op), + Offset: -1, + }.WithReference(label) } diff --git a/vendor/github.com/cilium/ebpf/asm/metadata.go b/vendor/github.com/cilium/ebpf/asm/metadata.go new file mode 100644 index 00000000000..dd368a93603 --- /dev/null +++ b/vendor/github.com/cilium/ebpf/asm/metadata.go @@ -0,0 +1,80 @@ +package asm + +// Metadata contains metadata about an instruction. +type Metadata struct { + head *metaElement +} + +type metaElement struct { + next *metaElement + key, value interface{} +} + +// Find the element containing key. +// +// Returns nil if there is no such element. +func (m *Metadata) find(key interface{}) *metaElement { + for e := m.head; e != nil; e = e.next { + if e.key == key { + return e + } + } + return nil +} + +// Remove an element from the linked list. +// +// Copies as many elements of the list as necessary to remove r, but doesn't +// perform a full copy. +func (m *Metadata) remove(r *metaElement) { + current := &m.head + for e := m.head; e != nil; e = e.next { + if e == r { + // We've found the element we want to remove. + *current = e.next + + // No need to copy the tail. + return + } + + // There is another element in front of the one we want to remove. + // We have to copy it to be able to change metaElement.next. + cpy := &metaElement{key: e.key, value: e.value} + *current = cpy + current = &cpy.next + } +} + +// Set a key to a value. +// +// If value is nil, the key is removed. Avoids modifying old metadata by +// copying if necessary. +func (m *Metadata) Set(key, value interface{}) { + if e := m.find(key); e != nil { + if e.value == value { + // Key is present and the value is the same. Nothing to do. + return + } + + // Key is present with a different value. Create a copy of the list + // which doesn't have the element in it. + m.remove(e) + } + + // m.head is now a linked list that doesn't contain key. + if value == nil { + return + } + + m.head = &metaElement{key: key, value: value, next: m.head} +} + +// Get the value of a key. +// +// Returns nil if no value with the given key is present. +func (m *Metadata) Get(key interface{}) interface{} { + if e := m.find(key); e != nil { + return e.value + } + return nil +} diff --git a/vendor/github.com/cilium/ebpf/asm/opcode.go b/vendor/github.com/cilium/ebpf/asm/opcode.go index f6d8e0668a8..b11917e18bb 100644 --- a/vendor/github.com/cilium/ebpf/asm/opcode.go +++ b/vendor/github.com/cilium/ebpf/asm/opcode.go @@ -18,22 +18,23 @@ type Class uint8 const classMask OpCode = 0x07 const ( - // LdClass load memory + // LdClass loads immediate values into registers. + // Also used for non-standard load operations from cBPF. LdClass Class = 0x00 - // LdXClass load memory from constant + // LdXClass loads memory into registers. LdXClass Class = 0x01 - // StClass load register from memory + // StClass stores immediate values to memory. StClass Class = 0x02 - // StXClass load register from constant + // StXClass stores registers to memory. StXClass Class = 0x03 - // ALUClass arithmetic operators + // ALUClass describes arithmetic operators. ALUClass Class = 0x04 - // JumpClass jump operators + // JumpClass describes jump operators. JumpClass Class = 0x05 - // Jump32Class jump operators with 32 bit comparaisons - // Requires kernel 5.1 + // Jump32Class describes jump operators with 32-bit comparisons. + // Requires kernel 5.1. Jump32Class Class = 0x06 - // ALU64Class arithmetic in 64 bit mode + // ALU64Class describes arithmetic operators in 64-bit mode. ALU64Class Class = 0x07 ) diff --git a/vendor/github.com/cilium/ebpf/internal/btf/btf.go b/vendor/github.com/cilium/ebpf/btf/btf.go similarity index 71% rename from vendor/github.com/cilium/ebpf/internal/btf/btf.go rename to vendor/github.com/cilium/ebpf/btf/btf.go index df4f78efd44..22bb724906a 100644 --- a/vendor/github.com/cilium/ebpf/internal/btf/btf.go +++ b/vendor/github.com/cilium/ebpf/btf/btf.go @@ -1,6 +1,7 @@ package btf import ( + "bufio" "bytes" "debug/elf" "encoding/binary" @@ -10,7 +11,6 @@ import ( "math" "os" "reflect" - "sync" "github.com/cilium/ebpf/internal" "github.com/cilium/ebpf/internal/sys" @@ -33,20 +33,19 @@ type ID uint32 type Spec struct { // Data from .BTF. rawTypes []rawType - strings stringTable + strings *stringTable - // Inflated Types. - types []Type + // All types contained by the spec, the position of a type in the slice + // is its ID. + types types + + // Type IDs indexed by type. + typeIDs map[Type]TypeID // Types indexed by essential name. // Includes all struct flavors and types with the same name. namedTypes map[essentialName][]Type - // Data from .BTF.ext. - funcInfos map[string]FuncInfo - lineInfos map[string]LineInfos - coreRelos map[string]CoreRelos - byteOrder binary.ByteOrder } @@ -74,25 +73,60 @@ func (h *btfHeader) stringStart() int64 { return int64(h.HdrLen + h.StringOff) } +// LoadSpec opens file and calls LoadSpecFromReader on it. +func LoadSpec(file string) (*Spec, error) { + fh, err := os.Open(file) + if err != nil { + return nil, err + } + defer fh.Close() + + return LoadSpecFromReader(fh) +} + // LoadSpecFromReader reads from an ELF or a raw BTF blob. // -// Returns ErrNotFound if reading from an ELF which contains no BTF. +// Returns ErrNotFound if reading from an ELF which contains no BTF. ExtInfos +// may be nil. func LoadSpecFromReader(rd io.ReaderAt) (*Spec, error) { file, err := internal.NewSafeELFFile(rd) if err != nil { if bo := guessRawBTFByteOrder(rd); bo != nil { // Try to parse a naked BTF blob. This will return an error if // we encounter a Datasec, since we can't fix it up. - return loadRawSpec(io.NewSectionReader(rd, 0, math.MaxInt64), bo, nil, nil) + spec, err := loadRawSpec(io.NewSectionReader(rd, 0, math.MaxInt64), bo, nil, nil) + return spec, err } return nil, err } - defer file.Close() return loadSpecFromELF(file) } +// LoadSpecAndExtInfosFromReader reads from an ELF. +// +// ExtInfos may be nil if the ELF doesn't contain section metadta. +// Returns ErrNotFound if the ELF contains no BTF. +func LoadSpecAndExtInfosFromReader(rd io.ReaderAt) (*Spec, *ExtInfos, error) { + file, err := internal.NewSafeELFFile(rd) + if err != nil { + return nil, nil, err + } + + spec, err := loadSpecFromELF(file) + if err != nil { + return nil, nil, err + } + + extInfos, err := loadExtInfosFromELF(file, spec.types, spec.strings) + if err != nil && !errors.Is(err, ErrNotFound) { + return nil, nil, err + } + + return spec, extInfos, nil +} + // variableOffsets extracts all symbols offsets from an ELF and indexes them by // section and variable name. // @@ -131,17 +165,14 @@ func variableOffsets(file *internal.SafeELFFile) (map[variable]uint32, error) { func loadSpecFromELF(file *internal.SafeELFFile) (*Spec, error) { var ( - btfSection *elf.Section - btfExtSection *elf.Section - sectionSizes = make(map[string]uint32) + btfSection *elf.Section + sectionSizes = make(map[string]uint32) ) for _, sec := range file.Sections { switch sec.Name { case ".BTF": btfSection = sec - case ".BTF.ext": - btfExtSection = sec default: if sec.Type != elf.SHT_PROGBITS && sec.Type != elf.SHT_NOBITS { break @@ -164,108 +195,14 @@ func loadSpecFromELF(file *internal.SafeELFFile) (*Spec, error) { return nil, err } - spec, err := loadRawSpec(btfSection.Open(), file.ByteOrder, sectionSizes, vars) - if err != nil { - return nil, err - } - - if btfExtSection == nil { - return spec, nil - } - - if btfExtSection.ReaderAt == nil { - return nil, fmt.Errorf("compressed ext_info is not supported") - } - - extInfo, err := loadExtInfos(btfExtSection, file.ByteOrder, spec.strings) - if err != nil { - return nil, fmt.Errorf("can't parse ext info: %w", err) - } - - if err := spec.splitExtInfos(extInfo); err != nil { - return nil, fmt.Errorf("linking funcInfos and lineInfos: %w", err) + if btfSection.ReaderAt == nil { + return nil, fmt.Errorf("compressed BTF is not supported") } - return spec, nil + return loadRawSpec(btfSection.ReaderAt, file.ByteOrder, sectionSizes, vars) } -// splitExtInfos takes FuncInfos, LineInfos and CoreRelos indexed by section and -// transforms them to be indexed by function. Retrieves function names from -// the BTF spec. -func (spec *Spec) splitExtInfos(info *extInfo) error { - - ofi := make(map[string]FuncInfo) - oli := make(map[string]LineInfos) - ocr := make(map[string]CoreRelos) - - for secName, secFuncs := range info.funcInfos { - // Collect functions from each section and organize them by name. - for _, fi := range secFuncs { - name, err := fi.Name(spec) - if err != nil { - return fmt.Errorf("looking up function name: %w", err) - } - - // FuncInfo offsets are scoped to the ELF section. Zero them out - // since they are meaningless outside of that context. The linker - // will determine the offset of the function within the final - // instruction stream before handing it off to the kernel. - fi.InsnOff = 0 - - ofi[name] = fi - } - - // Attribute LineInfo records to their respective functions, if any. - if lines := info.lineInfos[secName]; lines != nil { - for _, li := range lines { - fi := secFuncs.funcForOffset(li.InsnOff) - if fi == nil { - return fmt.Errorf("section %s: error looking up FuncInfo for LineInfo %v", secName, li) - } - - // Offsets are ELF section-scoped, make them function-scoped by - // subtracting the function's start offset. - li.InsnOff -= fi.InsnOff - - name, err := fi.Name(spec) - if err != nil { - return fmt.Errorf("looking up function name: %w", err) - } - - oli[name] = append(oli[name], li) - } - } - - // Attribute CO-RE relocations to their respective functions, if any. - if relos := info.relos[secName]; relos != nil { - for _, r := range relos { - fi := secFuncs.funcForOffset(r.insnOff) - if fi == nil { - return fmt.Errorf("section %s: error looking up FuncInfo for CO-RE relocation %v", secName, r) - } - - // Offsets are ELF section-scoped, make them function-scoped by - // subtracting the function's start offset. - r.insnOff -= fi.InsnOff - - name, err := fi.Name(spec) - if err != nil { - return fmt.Errorf("looking up function name: %w", err) - } - - ocr[name] = append(ocr[name], r) - } - } - } - - spec.funcInfos = ofi - spec.lineInfos = oli - spec.coreRelos = ocr - - return nil -} - -func loadRawSpec(btf io.Reader, bo binary.ByteOrder, sectionSizes map[string]uint32, variableOffsets map[variable]uint32) (*Spec, error) { +func loadRawSpec(btf io.ReaderAt, bo binary.ByteOrder, sectionSizes map[string]uint32, variableOffsets map[variable]uint32) (*Spec, error) { rawTypes, rawStrings, err := parseBTF(btf, bo) if err != nil { return nil, err @@ -276,46 +213,52 @@ func loadRawSpec(btf io.Reader, bo binary.ByteOrder, sectionSizes map[string]uin return nil, err } - types, typesByName, err := inflateRawTypes(rawTypes, rawStrings) + types, err := inflateRawTypes(rawTypes, rawStrings) if err != nil { return nil, err } + typeIDs, typesByName := indexTypes(types) + return &Spec{ rawTypes: rawTypes, namedTypes: typesByName, + typeIDs: typeIDs, types: types, strings: rawStrings, byteOrder: bo, }, nil } -var kernelBTF struct { - sync.Mutex - *Spec -} +func indexTypes(types []Type) (map[Type]TypeID, map[essentialName][]Type) { + namedTypes := 0 + for _, typ := range types { + if typ.TypeName() != "" { + // Do a pre-pass to figure out how big types by name has to be. + // Most types have unique names, so it's OK to ignore essentialName + // here. + namedTypes++ + } + } -// LoadKernelSpec returns the current kernel's BTF information. -// -// Requires a >= 5.5 kernel with CONFIG_DEBUG_INFO_BTF enabled. Returns -// ErrNotSupported if BTF is not enabled. -func LoadKernelSpec() (*Spec, error) { - kernelBTF.Lock() - defer kernelBTF.Unlock() + typeIDs := make(map[Type]TypeID, len(types)) + typesByName := make(map[essentialName][]Type, namedTypes) - if kernelBTF.Spec != nil { - return kernelBTF.Spec, nil + for i, typ := range types { + if name := newEssentialName(typ.TypeName()); name != "" { + typesByName[name] = append(typesByName[name], typ) + } + typeIDs[typ] = TypeID(i) } - var err error - kernelBTF.Spec, err = loadKernelSpec() - return kernelBTF.Spec, err + return typeIDs, typesByName } -// loadKernelSpec attempts to load the raw vmlinux BTF blob at -// /sys/kernel/btf/vmlinux and falls back to scanning the file system -// for vmlinux ELFs. -func loadKernelSpec() (*Spec, error) { +// LoadKernelSpec returns the current kernel's BTF information. +// +// Defaults to /sys/kernel/btf/vmlinux and falls back to scanning the file system +// for vmlinux ELFs. Returns an error wrapping ErrNotSupported if BTF is not enabled. +func LoadKernelSpec() (*Spec, error) { fh, err := os.Open("/sys/kernel/btf/vmlinux") if err == nil { defer fh.Close() @@ -352,11 +295,11 @@ func findVMLinux() (*internal.SafeELFFile, error) { } for _, loc := range locations { - fh, err := os.Open(fmt.Sprintf(loc, release)) - if err != nil { + file, err := internal.OpenSafeELFFile(fmt.Sprintf(loc, release)) + if errors.Is(err, os.ErrNotExist) { continue } - return internal.NewSafeELFFile(fh) + return file, err } return nil, fmt.Errorf("no BTF found for kernel version %s: %w", release, internal.ErrNotSupported) @@ -394,11 +337,13 @@ func parseBTFHeader(r io.Reader, bo binary.ByteOrder) (*btfHeader, error) { } func guessRawBTFByteOrder(r io.ReaderAt) binary.ByteOrder { + buf := new(bufio.Reader) for _, bo := range []binary.ByteOrder{ binary.LittleEndian, binary.BigEndian, } { - if _, err := parseBTFHeader(io.NewSectionReader(r, 0, math.MaxInt64), bo); err == nil { + buf.Reset(io.NewSectionReader(r, 0, math.MaxInt64)) + if _, err := parseBTFHeader(buf, bo); err == nil { return bo } } @@ -408,26 +353,20 @@ func guessRawBTFByteOrder(r io.ReaderAt) binary.ByteOrder { // parseBTF reads a .BTF section into memory and parses it into a list of // raw types and a string table. -func parseBTF(btf io.Reader, bo binary.ByteOrder) ([]rawType, stringTable, error) { - rawBTF, err := io.ReadAll(btf) - if err != nil { - return nil, nil, fmt.Errorf("can't read BTF: %v", err) - } - rd := bytes.NewReader(rawBTF) - - header, err := parseBTFHeader(rd, bo) +func parseBTF(btf io.ReaderAt, bo binary.ByteOrder) ([]rawType, *stringTable, error) { + buf := internal.NewBufferedSectionReader(btf, 0, math.MaxInt64) + header, err := parseBTFHeader(buf, bo) if err != nil { return nil, nil, fmt.Errorf("parsing .BTF header: %v", err) } - buf := io.NewSectionReader(rd, header.stringStart(), int64(header.StringLen)) - rawStrings, err := readStringTable(buf) + rawStrings, err := readStringTable(io.NewSectionReader(btf, header.stringStart(), int64(header.StringLen))) if err != nil { return nil, nil, fmt.Errorf("can't read type names: %w", err) } - buf = io.NewSectionReader(rd, header.typeStart(), int64(header.TypeLen)) - rawTypes, err := readTypes(buf, bo) + buf.Reset(io.NewSectionReader(btf, header.typeStart(), int64(header.TypeLen))) + rawTypes, err := readTypes(buf, bo, header.TypeLen) if err != nil { return nil, nil, fmt.Errorf("can't read types: %w", err) } @@ -440,7 +379,7 @@ type variable struct { name string } -func fixupDatasec(rawTypes []rawType, rawStrings stringTable, sectionSizes map[string]uint32, variableOffsets map[variable]uint32) error { +func fixupDatasec(rawTypes []rawType, rawStrings *stringTable, sectionSizes map[string]uint32, variableOffsets map[variable]uint32) error { for i, rawType := range rawTypes { if rawType.Kind() != kindDatasec { continue @@ -492,25 +431,17 @@ func fixupDatasec(rawTypes []rawType, rawStrings stringTable, sectionSizes map[s // Copy creates a copy of Spec. func (s *Spec) Copy() *Spec { - types, _ := copyTypes(s.types, nil) + types := copyTypes(s.types, nil) - namedTypes := make(map[essentialName][]Type) - for _, typ := range types { - if name := typ.TypeName(); name != "" { - en := newEssentialName(name) - namedTypes[en] = append(namedTypes[en], typ) - } - } + typeIDs, typesByName := indexTypes(types) // NB: Other parts of spec are not copied since they are immutable. return &Spec{ s.rawTypes, s.strings, types, - namedTypes, - s.funcInfos, - s.lineInfos, - s.coreRelos, + typeIDs, + typesByName, s.byteOrder, } } @@ -546,7 +477,11 @@ func (s *Spec) marshal(opts marshalOpts) ([]byte, error) { typeLen := uint32(buf.Len() - headerLen) // Write string section after type section. - _, _ = buf.Write(s.strings) + stringsLen := s.strings.Length() + buf.Grow(stringsLen) + if err := s.strings.Marshal(&buf); err != nil { + return nil, err + } // Fill out the header, and write it out. header = &btfHeader{ @@ -557,7 +492,7 @@ func (s *Spec) marshal(opts marshalOpts) ([]byte, error) { TypeOff: 0, TypeLen: typeLen, StringOff: typeLen, - StringLen: uint32(len(s.strings)), + StringLen: uint32(stringsLen), } raw := buf.Bytes() @@ -579,35 +514,29 @@ func (sw sliceWriter) Write(p []byte) (int, error) { return copy(sw, p), nil } -// Program finds the BTF for a specific function. -// -// Returns an error which may wrap ErrNoExtendedInfo if the Spec doesn't -// contain extended BTF info. -func (s *Spec) Program(name string) (*Program, error) { - if s.funcInfos == nil && s.lineInfos == nil && s.coreRelos == nil { - return nil, fmt.Errorf("BTF for function %s: %w", name, ErrNoExtendedInfo) - } - - funcInfos, funcOK := s.funcInfos[name] - lineInfos, lineOK := s.lineInfos[name] - relos, coreOK := s.coreRelos[name] - - if !funcOK && !lineOK && !coreOK { - return nil, fmt.Errorf("no extended BTF info for function %s", name) - } - - return &Program{s, funcInfos, lineInfos, relos}, nil -} - // TypeByID returns the BTF Type with the given type ID. // // Returns an error wrapping ErrNotFound if a Type with the given ID // does not exist in the Spec. func (s *Spec) TypeByID(id TypeID) (Type, error) { - if int(id) > len(s.types) { - return nil, fmt.Errorf("type ID %d: %w", id, ErrNotFound) + return s.types.ByID(id) +} + +// TypeID returns the ID for a given Type. +// +// Returns an error wrapping ErrNoFound if the type isn't part of the Spec. +func (s *Spec) TypeID(typ Type) (TypeID, error) { + if _, ok := typ.(*Void); ok { + // Equality is weird for void, since it is a zero sized type. + return 0, nil + } + + id, ok := s.typeIDs[typ] + if !ok { + return 0, fmt.Errorf("no ID for type %s: %w", typ, ErrNotFound) } - return s.types[id], nil + + return id, nil } // AnyTypesByName returns a list of BTF Types with the given name. @@ -635,6 +564,22 @@ func (s *Spec) AnyTypesByName(name string) ([]Type, error) { return result, nil } +// AnyTypeByName returns a Type with the given name. +// +// Returns an error if multiple types of that name exist. +func (s *Spec) AnyTypeByName(name string) (Type, error) { + types, err := s.AnyTypesByName(name) + if err != nil { + return nil, err + } + + if len(types) > 1 { + return nil, fmt.Errorf("found multiple types: %v", types) + } + + return types[0], nil +} + // TypeByName searches for a Type with a specific name. Since multiple // Types with the same name can exist, the parameter typ is taken to // narrow down the search in case of a clash. @@ -688,6 +633,30 @@ func (s *Spec) TypeByName(name string, typ interface{}) error { return nil } +// TypesIterator iterates over types of a given spec. +type TypesIterator struct { + spec *Spec + index int + // The last visited type in the spec. + Type Type +} + +// Iterate returns the types iterator. +func (s *Spec) Iterate() *TypesIterator { + return &TypesIterator{spec: s, index: 0} +} + +// Next returns true as long as there are any remaining types. +func (iter *TypesIterator) Next() bool { + if len(iter.spec.types) <= iter.index { + return false + } + + iter.Type = iter.spec.types[iter.index] + iter.index++ + return true +} + // Handle is a reference to BTF loaded into the kernel. type Handle struct { spec *Spec @@ -730,6 +699,7 @@ func NewHandle(spec *Spec) (*Handle, error) { attr.BtfLogSize = uint32(len(logBuf)) attr.BtfLogLevel = 1 _, logErr := sys.BtfLoad(attr) + // NB: The syscall will never return ENOSPC as of 5.18-rc4. return nil, internal.ErrorWithLog(err, logBuf, logErr) } @@ -775,44 +745,6 @@ func (h *Handle) FD() int { return h.fd.Int() } -// Map is the BTF for a map. -type Map struct { - Spec *Spec - Key, Value Type -} - -// Program is the BTF information for a stream of instructions. -type Program struct { - spec *Spec - FuncInfo FuncInfo - LineInfos LineInfos - CoreRelos CoreRelos -} - -// Spec returns the BTF spec of this program. -func (p *Program) Spec() *Spec { - return p.spec -} - -// Fixups returns the changes required to adjust the program to the target. -// -// Passing a nil target will relocate against the running kernel. -func (p *Program) Fixups(target *Spec) (COREFixups, error) { - if len(p.CoreRelos) == 0 { - return nil, nil - } - - if target == nil { - var err error - target, err = LoadKernelSpec() - if err != nil { - return nil, err - } - } - - return coreRelocate(p.spec, target, p.CoreRelos) -} - func marshalBTF(types interface{}, strings []byte, bo binary.ByteOrder) []byte { const minHeaderLength = 24 diff --git a/vendor/github.com/cilium/ebpf/internal/btf/btf_types.go b/vendor/github.com/cilium/ebpf/btf/btf_types.go similarity index 89% rename from vendor/github.com/cilium/ebpf/internal/btf/btf_types.go rename to vendor/github.com/cilium/ebpf/btf/btf_types.go index d98c73ca594..a62b3c96b91 100644 --- a/vendor/github.com/cilium/ebpf/internal/btf/btf_types.go +++ b/vendor/github.com/cilium/ebpf/btf/btf_types.go @@ -177,6 +177,10 @@ func (bt *btfType) Size() uint32 { return bt.SizeType } +func (bt *btfType) SetSize(size uint32) { + bt.SizeType = size +} + type rawType struct { btfType data interface{} @@ -226,11 +230,14 @@ type btfParam struct { Type TypeID } -func readTypes(r io.Reader, bo binary.ByteOrder) ([]rawType, error) { - var ( - header btfType - types []rawType - ) +func readTypes(r io.Reader, bo binary.ByteOrder, typeLen uint32) ([]rawType, error) { + var header btfType + // because of the interleaving between types and struct members it is difficult to + // precompute the numbers of raw types this will parse + // this "guess" is a good first estimation + sizeOfbtfType := uintptr(binary.Size(btfType{})) + tyMaxCount := uintptr(typeLen) / sizeOfbtfType / 2 + types := make([]rawType, 0, tyMaxCount) for id := TypeID(1); ; id++ { if err := binary.Read(r, bo, &header); err == io.EOF { @@ -282,6 +289,6 @@ func readTypes(r io.Reader, bo binary.ByteOrder) ([]rawType, error) { } } -func intEncoding(raw uint32) (IntEncoding, uint32, byte) { - return IntEncoding((raw & 0x0f000000) >> 24), (raw & 0x00ff0000) >> 16, byte(raw & 0x000000ff) +func intEncoding(raw uint32) (IntEncoding, Bits, Bits) { + return IntEncoding((raw & 0x0f000000) >> 24), Bits(raw&0x00ff0000) >> 16, Bits(raw & 0x000000ff) } diff --git a/vendor/github.com/cilium/ebpf/internal/btf/btf_types_string.go b/vendor/github.com/cilium/ebpf/btf/btf_types_string.go similarity index 100% rename from vendor/github.com/cilium/ebpf/internal/btf/btf_types_string.go rename to vendor/github.com/cilium/ebpf/btf/btf_types_string.go diff --git a/vendor/github.com/cilium/ebpf/internal/btf/core.go b/vendor/github.com/cilium/ebpf/btf/core.go similarity index 66% rename from vendor/github.com/cilium/ebpf/internal/btf/core.go rename to vendor/github.com/cilium/ebpf/btf/core.go index 95908308a15..c4875480935 100644 --- a/vendor/github.com/cilium/ebpf/internal/btf/core.go +++ b/vendor/github.com/cilium/ebpf/btf/core.go @@ -1,11 +1,11 @@ package btf import ( + "encoding/binary" "errors" "fmt" "math" "reflect" - "sort" "strconv" "strings" @@ -17,50 +17,58 @@ import ( // COREFixup is the result of computing a CO-RE relocation for a target. type COREFixup struct { - Kind COREKind - Local uint32 - Target uint32 - Poison bool + kind coreKind + local uint32 + target uint32 + // True if there is no valid fixup. The instruction is replaced with an + // invalid dummy. + poison bool + // True if the validation of the local value should be skipped. Used by + // some kinds of bitfield relocations. + skipLocalValidation bool } -func (f COREFixup) equal(other COREFixup) bool { - return f.Local == other.Local && f.Target == other.Target +func (f *COREFixup) equal(other COREFixup) bool { + return f.local == other.local && f.target == other.target } -func (f COREFixup) String() string { - if f.Poison { - return fmt.Sprintf("%s=poison", f.Kind) +func (f *COREFixup) String() string { + if f.poison { + return fmt.Sprintf("%s=poison", f.kind) } - return fmt.Sprintf("%s=%d->%d", f.Kind, f.Local, f.Target) + return fmt.Sprintf("%s=%d->%d", f.kind, f.local, f.target) } -func (f COREFixup) apply(ins *asm.Instruction) error { - if f.Poison { - return errors.New("can't poison individual instruction") +func (f *COREFixup) Apply(ins *asm.Instruction) error { + if f.poison { + const badRelo = 0xbad2310 + + *ins = asm.BuiltinFunc(badRelo).Call() + return nil } switch class := ins.OpCode.Class(); class { case asm.LdXClass, asm.StClass, asm.StXClass: - if want := int16(f.Local); want != ins.Offset { - return fmt.Errorf("invalid offset %d, expected %d", ins.Offset, want) + if want := int16(f.local); !f.skipLocalValidation && want != ins.Offset { + return fmt.Errorf("invalid offset %d, expected %d", ins.Offset, f.local) } - if f.Target > math.MaxInt16 { - return fmt.Errorf("offset %d exceeds MaxInt16", f.Target) + if f.target > math.MaxInt16 { + return fmt.Errorf("offset %d exceeds MaxInt16", f.target) } - ins.Offset = int16(f.Target) + ins.Offset = int16(f.target) case asm.LdClass: if !ins.IsConstantLoad(asm.DWord) { return fmt.Errorf("not a dword-sized immediate load") } - if want := int64(f.Local); want != ins.Constant { - return fmt.Errorf("invalid immediate %d, expected %d", ins.Constant, want) + if want := int64(f.local); !f.skipLocalValidation && want != ins.Constant { + return fmt.Errorf("invalid immediate %d, expected %d (fixup: %v)", ins.Constant, want, f) } - ins.Constant = int64(f.Target) + ins.Constant = int64(f.target) case asm.ALUClass: if ins.OpCode.ALUOp() == asm.Swap { @@ -74,15 +82,15 @@ func (f COREFixup) apply(ins *asm.Instruction) error { return fmt.Errorf("invalid source %s", src) } - if want := int64(f.Local); want != ins.Constant { - return fmt.Errorf("invalid immediate %d, expected %d", ins.Constant, want) + if want := int64(f.local); !f.skipLocalValidation && want != ins.Constant { + return fmt.Errorf("invalid immediate %d, expected %d (fixup: %v, kind: %v, ins: %v)", ins.Constant, want, f, f.kind, ins) } - if f.Target > math.MaxInt32 { - return fmt.Errorf("immediate %d exceeds MaxInt32", f.Target) + if f.target > math.MaxInt32 { + return fmt.Errorf("immediate %d exceeds MaxInt32", f.target) } - ins.Constant = int64(f.Target) + ins.Constant = int64(f.target) default: return fmt.Errorf("invalid class %s", class) @@ -92,57 +100,14 @@ func (f COREFixup) apply(ins *asm.Instruction) error { } func (f COREFixup) isNonExistant() bool { - return f.Kind.checksForExistence() && f.Target == 0 + return f.kind.checksForExistence() && f.target == 0 } -type COREFixups map[uint64]COREFixup - -// Apply returns a copy of insns with CO-RE relocations applied. -func (fs COREFixups) Apply(insns asm.Instructions) (asm.Instructions, error) { - if len(fs) == 0 { - cpy := make(asm.Instructions, len(insns)) - copy(cpy, insns) - return insns, nil - } - - cpy := make(asm.Instructions, 0, len(insns)) - iter := insns.Iterate() - for iter.Next() { - fixup, ok := fs[iter.Offset.Bytes()] - if !ok { - cpy = append(cpy, *iter.Ins) - continue - } - - ins := *iter.Ins - if fixup.Poison { - const badRelo = asm.BuiltinFunc(0xbad2310) - - cpy = append(cpy, badRelo.Call()) - if ins.OpCode.IsDWordLoad() { - // 64 bit constant loads occupy two raw bpf instructions, so - // we need to add another instruction as padding. - cpy = append(cpy, badRelo.Call()) - } - - continue - } - - if err := fixup.apply(&ins); err != nil { - return nil, fmt.Errorf("instruction %d, offset %d: %s: %w", iter.Index, iter.Offset.Bytes(), fixup.Kind, err) - } - - cpy = append(cpy, ins) - } - - return cpy, nil -} - -// COREKind is the type of CO-RE relocation -type COREKind uint32 +// coreKind is the type of CO-RE relocation as specified in BPF source code. +type coreKind uint32 const ( - reloFieldByteOffset COREKind = iota /* field byte offset */ + reloFieldByteOffset coreKind = iota /* field byte offset */ reloFieldByteSize /* field size in bytes */ reloFieldExists /* field existence in target kernel */ reloFieldSigned /* field signedness (0 - unsigned, 1 - signed) */ @@ -156,7 +121,11 @@ const ( reloEnumvalValue /* enum value integer value */ ) -func (k COREKind) String() string { +func (k coreKind) checksForExistence() bool { + return k == reloEnumvalExists || k == reloTypeExists || k == reloFieldExists +} + +func (k coreKind) String() string { switch k { case reloFieldByteOffset: return "byte_off" @@ -187,19 +156,28 @@ func (k COREKind) String() string { } } -func (k COREKind) checksForExistence() bool { - return k == reloEnumvalExists || k == reloTypeExists || k == reloFieldExists -} - -func coreRelocate(local, target *Spec, relos CoreRelos) (COREFixups, error) { +// CORERelocate calculates the difference in types between local and target. +// +// Returns a list of fixups which can be applied to instructions to make them +// match the target type(s). +// +// Fixups are returned in the order of relos, e.g. fixup[i] is the solution +// for relos[i]. +func CORERelocate(local, target *Spec, relos []*CORERelocation) ([]COREFixup, error) { if local.byteOrder != target.byteOrder { return nil, fmt.Errorf("can't relocate %s against %s", local.byteOrder, target.byteOrder) } - var ids []TypeID - relosByID := make(map[TypeID]CoreRelos) - result := make(COREFixups, len(relos)) - for _, relo := range relos { + type reloGroup struct { + relos []*CORERelocation + // Position of each relocation in relos. + indices []int + } + + // Split relocations into per Type lists. + relosByType := make(map[Type]*reloGroup) + result := make([]COREFixup, len(relos)) + for i, relo := range relos { if relo.kind == reloTypeIDLocal { // Filtering out reloTypeIDLocal here makes our lives a lot easier // down the line, since it doesn't have a target at all. @@ -207,47 +185,42 @@ func coreRelocate(local, target *Spec, relos CoreRelos) (COREFixups, error) { return nil, fmt.Errorf("%s: unexpected accessor %v", relo.kind, relo.accessor) } - result[uint64(relo.insnOff)] = COREFixup{ - relo.kind, - uint32(relo.typeID), - uint32(relo.typeID), - false, + id, err := local.TypeID(relo.typ) + if err != nil { + return nil, fmt.Errorf("%s: %w", relo.kind, err) + } + + result[i] = COREFixup{ + kind: relo.kind, + local: uint32(id), + target: uint32(id), } continue } - relos, ok := relosByID[relo.typeID] + group, ok := relosByType[relo.typ] if !ok { - ids = append(ids, relo.typeID) + group = &reloGroup{} + relosByType[relo.typ] = group } - relosByID[relo.typeID] = append(relos, relo) + group.relos = append(group.relos, relo) + group.indices = append(group.indices, i) } - // Ensure we work on relocations in a deterministic order. - sort.Slice(ids, func(i, j int) bool { - return ids[i] < ids[j] - }) - - for _, id := range ids { - if int(id) >= len(local.types) { - return nil, fmt.Errorf("invalid type id %d", id) - } - - localType := local.types[id] + for localType, group := range relosByType { localTypeName := localType.TypeName() if localTypeName == "" { return nil, fmt.Errorf("relocate unnamed or anonymous type %s: %w", localType, ErrNotSupported) } - relos := relosByID[id] targets := target.namedTypes[newEssentialName(localTypeName)] - fixups, err := coreCalculateFixups(localType, targets, relos) + fixups, err := coreCalculateFixups(local, target, localType, targets, group.relos) if err != nil { return nil, fmt.Errorf("relocate %s: %w", localType, err) } - for i, relo := range relos { - result[uint64(relo.insnOff)] = fixups[i] + for j, index := range group.indices { + result[index] = fixups[j] } } @@ -262,30 +235,30 @@ var errImpossibleRelocation = errors.New("impossible relocation") // // The best target is determined by scoring: the less poisoning we have to do // the better the target is. -func coreCalculateFixups(local Type, targets []Type, relos CoreRelos) ([]COREFixup, error) { - localID := local.ID() - local, err := copyType(local, skipQualifiersAndTypedefs) +func coreCalculateFixups(localSpec, targetSpec *Spec, local Type, targets []Type, relos []*CORERelocation) ([]COREFixup, error) { + localID, err := localSpec.TypeID(local) if err != nil { - return nil, err + return nil, fmt.Errorf("local type ID: %w", err) } + local = Copy(local, UnderlyingType) bestScore := len(relos) var bestFixups []COREFixup for i := range targets { - targetID := targets[i].ID() - target, err := copyType(targets[i], skipQualifiersAndTypedefs) + targetID, err := targetSpec.TypeID(targets[i]) if err != nil { - return nil, err + return nil, fmt.Errorf("target type ID: %w", err) } + target := Copy(targets[i], UnderlyingType) score := 0 // lower is better fixups := make([]COREFixup, 0, len(relos)) for _, relo := range relos { - fixup, err := coreCalculateFixup(local, localID, target, targetID, relo) + fixup, err := coreCalculateFixup(localSpec.byteOrder, local, localID, target, targetID, relo) if err != nil { return nil, fmt.Errorf("target %s: %w", target, err) } - if fixup.Poison || fixup.isNonExistant() { + if fixup.poison || fixup.isNonExistant() { score++ } fixups = append(fixups, fixup) @@ -307,17 +280,23 @@ func coreCalculateFixups(local Type, targets []Type, relos CoreRelos) ([]COREFix // the fixups agree with each other. for i, fixup := range bestFixups { if !fixup.equal(fixups[i]) { - return nil, fmt.Errorf("%s: multiple types match: %w", fixup.Kind, errAmbiguousRelocation) + return nil, fmt.Errorf("%s: multiple types match: %w", fixup.kind, errAmbiguousRelocation) } } } if bestFixups == nil { // Nothing at all matched, probably because there are no suitable - // targets at all. Poison everything! + // targets at all. + // + // Poison everything except checksForExistence. bestFixups = make([]COREFixup, len(relos)) for i, relo := range relos { - bestFixups[i] = COREFixup{Kind: relo.kind, Poison: true} + if relo.kind.checksForExistence() { + bestFixups[i] = COREFixup{kind: relo.kind, local: 1, target: 0} + } else { + bestFixups[i] = COREFixup{kind: relo.kind, poison: true} + } } } @@ -326,15 +305,18 @@ func coreCalculateFixups(local Type, targets []Type, relos CoreRelos) ([]COREFix // coreCalculateFixup calculates the fixup for a single local type, target type // and relocation. -func coreCalculateFixup(local Type, localID TypeID, target Type, targetID TypeID, relo CoreRelo) (COREFixup, error) { +func coreCalculateFixup(byteOrder binary.ByteOrder, local Type, localID TypeID, target Type, targetID TypeID, relo *CORERelocation) (COREFixup, error) { fixup := func(local, target uint32) (COREFixup, error) { - return COREFixup{relo.kind, local, target, false}, nil + return COREFixup{kind: relo.kind, local: local, target: target}, nil + } + fixupWithoutValidation := func(local, target uint32) (COREFixup, error) { + return COREFixup{kind: relo.kind, local: local, target: target, skipLocalValidation: true}, nil } poison := func() (COREFixup, error) { if relo.kind.checksForExistence() { return fixup(1, 0) } - return COREFixup{relo.kind, 0, 0, true}, nil + return COREFixup{kind: relo.kind, poison: true}, nil } zero := COREFixup{} @@ -390,7 +372,20 @@ func coreCalculateFixup(local Type, localID TypeID, target Type, targetID TypeID return fixup(uint32(localValue.Value), uint32(targetValue.Value)) } - case reloFieldByteOffset, reloFieldByteSize, reloFieldExists: + case reloFieldSigned: + switch local.(type) { + case *Enum: + return fixup(1, 1) + case *Int: + return fixup( + uint32(local.(*Int).Encoding&Signed), + uint32(target.(*Int).Encoding&Signed), + ) + default: + return fixupWithoutValidation(0, 0) + } + + case reloFieldByteOffset, reloFieldByteSize, reloFieldExists, reloFieldLShiftU64, reloFieldRShiftU64: if _, ok := target.(*Fwd); ok { // We can't relocate fields using a forward declaration, so // skip it. If a non-forward declaration is present in the BTF @@ -406,12 +401,17 @@ func coreCalculateFixup(local Type, localID TypeID, target Type, targetID TypeID return zero, fmt.Errorf("target %s: %w", target, err) } + maybeSkipValidation := func(f COREFixup, err error) (COREFixup, error) { + f.skipLocalValidation = localField.bitfieldSize > 0 + return f, err + } + switch relo.kind { case reloFieldExists: return fixup(1, 1) case reloFieldByteOffset: - return fixup(localField.offset/8, targetField.offset/8) + return maybeSkipValidation(fixup(localField.offset, targetField.offset)) case reloFieldByteSize: localSize, err := Sizeof(localField.Type) @@ -423,9 +423,34 @@ func coreCalculateFixup(local Type, localID TypeID, target Type, targetID TypeID if err != nil { return zero, err } + return maybeSkipValidation(fixup(uint32(localSize), uint32(targetSize))) + + case reloFieldLShiftU64: + var target uint32 + if byteOrder == binary.LittleEndian { + targetSize, err := targetField.sizeBits() + if err != nil { + return zero, err + } - return fixup(uint32(localSize), uint32(targetSize)) + target = uint32(64 - targetField.bitfieldOffset - targetSize) + } else { + loadWidth, err := Sizeof(targetField.Type) + if err != nil { + return zero, err + } + target = uint32(64 - Bits(loadWidth*8) + targetField.bitfieldOffset) + } + return fixupWithoutValidation(0, target) + + case reloFieldRShiftU64: + targetSize, err := targetField.sizeBits() + if err != nil { + return zero, err + } + + return fixupWithoutValidation(0, uint32(64-targetSize)) } } @@ -462,7 +487,7 @@ func coreCalculateFixup(local Type, localID TypeID, target Type, targetID TypeID */ type coreAccessor []int -func parseCoreAccessor(accessor string) (coreAccessor, error) { +func parseCOREAccessor(accessor string) (coreAccessor, error) { if accessor == "" { return nil, fmt.Errorf("empty accessor") } @@ -508,18 +533,73 @@ func (ca coreAccessor) enumValue(t Type) (*EnumValue, error) { return &e.Values[i], nil } +// coreField represents the position of a "child" of a composite type from the +// start of that type. +// +// /- start of composite +// | offset * 8 | bitfieldOffset | bitfieldSize | ... | +// \- start of field end of field -/ type coreField struct { - Type Type + Type Type + + // The position of the field from the start of the composite type in bytes. offset uint32 + + // The offset of the bitfield in bits from the start of the field. + bitfieldOffset Bits + + // The size of the bitfield in bits. + // + // Zero if the field is not a bitfield. + bitfieldSize Bits } -func adjustOffset(base uint32, t Type, n int) (uint32, error) { - size, err := Sizeof(t) +func (cf *coreField) adjustOffsetToNthElement(n int) error { + size, err := Sizeof(cf.Type) if err != nil { - return 0, err + return err } - return base + (uint32(n) * uint32(size) * 8), nil + cf.offset += uint32(n) * uint32(size) + return nil +} + +func (cf *coreField) adjustOffsetBits(offset Bits) error { + align, err := alignof(cf.Type) + if err != nil { + return err + } + + // We can compute the load offset by: + // 1) converting the bit offset to bytes with a flooring division. + // 2) dividing and multiplying that offset by the alignment, yielding the + // load size aligned offset. + offsetBytes := uint32(offset/8) / uint32(align) * uint32(align) + + // The number of bits remaining is the bit offset less the number of bits + // we can "skip" with the aligned offset. + cf.bitfieldOffset = offset - Bits(offsetBytes*8) + + // We know that cf.offset is aligned at to at least align since we get it + // from the compiler via BTF. Adding an aligned offsetBytes preserves the + // alignment. + cf.offset += offsetBytes + return nil +} + +func (cf *coreField) sizeBits() (Bits, error) { + if cf.bitfieldSize > 0 { + return cf.bitfieldSize, nil + } + + // Someone is trying to access a non-bitfield via a bit shift relocation. + // This happens when a field changes from a bitfield to a regular field + // between kernel versions. Synthesise the size to make the shifts work. + size, err := Sizeof(cf.Type) + if err != nil { + return 0, nil + } + return Bits(size * 8), nil } // coreFindField descends into the local type using the accessor and tries to @@ -527,32 +607,33 @@ func adjustOffset(base uint32, t Type, n int) (uint32, error) { // // Returns the field and the offset of the field from the start of // target in bits. -func coreFindField(local Type, localAcc coreAccessor, target Type) (_, _ coreField, _ error) { +func coreFindField(localT Type, localAcc coreAccessor, targetT Type) (coreField, coreField, error) { + local := coreField{Type: localT} + target := coreField{Type: targetT} + // The first index is used to offset a pointer of the base type like // when accessing an array. - localOffset, err := adjustOffset(0, local, localAcc[0]) - if err != nil { + if err := local.adjustOffsetToNthElement(localAcc[0]); err != nil { return coreField{}, coreField{}, err } - targetOffset, err := adjustOffset(0, target, localAcc[0]) - if err != nil { + if err := target.adjustOffsetToNthElement(localAcc[0]); err != nil { return coreField{}, coreField{}, err } - if err := coreAreMembersCompatible(local, target); err != nil { + if err := coreAreMembersCompatible(local.Type, target.Type); err != nil { return coreField{}, coreField{}, fmt.Errorf("fields: %w", err) } var localMaybeFlex, targetMaybeFlex bool - for _, acc := range localAcc[1:] { - switch localType := local.(type) { + for i, acc := range localAcc[1:] { + switch localType := local.Type.(type) { case composite: // For composite types acc is used to find the field in the local type, // and then we try to find a field in target with the same name. localMembers := localType.members() if acc >= len(localMembers) { - return coreField{}, coreField{}, fmt.Errorf("invalid accessor %d for %s", acc, local) + return coreField{}, coreField{}, fmt.Errorf("invalid accessor %d for %s", acc, localType) } localMember := localMembers[acc] @@ -563,13 +644,15 @@ func coreFindField(local Type, localAcc coreAccessor, target Type) (_, _ coreFie } // This is an anonymous struct or union, ignore it. - local = localMember.Type - localOffset += localMember.OffsetBits + local = coreField{ + Type: localMember.Type, + offset: local.offset + localMember.Offset.Bytes(), + } localMaybeFlex = false continue } - targetType, ok := target.(composite) + targetType, ok := target.Type.(composite) if !ok { return coreField{}, coreField{}, fmt.Errorf("target not composite: %w", errImpossibleRelocation) } @@ -579,20 +662,43 @@ func coreFindField(local Type, localAcc coreAccessor, target Type) (_, _ coreFie return coreField{}, coreField{}, err } - if targetMember.BitfieldSize > 0 { - return coreField{}, coreField{}, fmt.Errorf("field %q is a bitfield: %w", targetMember.Name, ErrNotSupported) + local = coreField{ + Type: localMember.Type, + offset: local.offset, + bitfieldSize: localMember.BitfieldSize, } - - local = localMember.Type localMaybeFlex = acc == len(localMembers)-1 - localOffset += localMember.OffsetBits - target = targetMember.Type + + target = coreField{ + Type: targetMember.Type, + offset: target.offset, + bitfieldSize: targetMember.BitfieldSize, + } targetMaybeFlex = last - targetOffset += targetMember.OffsetBits + + if local.bitfieldSize == 0 && target.bitfieldSize == 0 { + local.offset += localMember.Offset.Bytes() + target.offset += targetMember.Offset.Bytes() + break + } + + // Either of the members is a bitfield. Make sure we're at the + // end of the accessor. + if next := i + 1; next < len(localAcc[1:]) { + return coreField{}, coreField{}, fmt.Errorf("can't descend into bitfield") + } + + if err := local.adjustOffsetBits(localMember.Offset); err != nil { + return coreField{}, coreField{}, err + } + + if err := target.adjustOffsetBits(targetMember.Offset); err != nil { + return coreField{}, coreField{}, err + } case *Array: // For arrays, acc is the index in the target. - targetType, ok := target.(*Array) + targetType, ok := target.Type.(*Array) if !ok { return coreField{}, coreField{}, fmt.Errorf("target not array: %w", errImpossibleRelocation) } @@ -611,17 +717,23 @@ func coreFindField(local Type, localAcc coreAccessor, target Type) (_, _ coreFie return coreField{}, coreField{}, fmt.Errorf("out of bounds access of target: %w", errImpossibleRelocation) } - local = localType.Type + local = coreField{ + Type: localType.Type, + offset: local.offset, + } localMaybeFlex = false - localOffset, err = adjustOffset(localOffset, local, acc) - if err != nil { + + if err := local.adjustOffsetToNthElement(acc); err != nil { return coreField{}, coreField{}, err } - target = targetType.Type + target = coreField{ + Type: targetType.Type, + offset: target.offset, + } targetMaybeFlex = false - targetOffset, err = adjustOffset(targetOffset, target, acc) - if err != nil { + + if err := target.adjustOffsetToNthElement(acc); err != nil { return coreField{}, coreField{}, err } @@ -629,12 +741,12 @@ func coreFindField(local Type, localAcc coreAccessor, target Type) (_, _ coreFie return coreField{}, coreField{}, fmt.Errorf("relocate field of %T: %w", localType, ErrNotSupported) } - if err := coreAreMembersCompatible(local, target); err != nil { + if err := coreAreMembersCompatible(local.Type, target.Type); err != nil { return coreField{}, coreField{}, err } } - return coreField{local, localOffset}, coreField{target, targetOffset}, nil + return local, target, nil } // coreFindMember finds a member in a composite type while handling anonymous @@ -646,7 +758,7 @@ func coreFindMember(typ composite, name string) (Member, bool, error) { type offsetTarget struct { composite - offset uint32 + offset Bits } targets := []offsetTarget{{typ, 0}} @@ -670,7 +782,7 @@ func coreFindMember(typ composite, name string) (Member, bool, error) { for j, member := range members { if member.Name == name { // NB: This is safe because member is a copy. - member.OffsetBits += target.offset + member.Offset += target.offset return member, j == len(members)-1, nil } @@ -685,7 +797,7 @@ func coreFindMember(typ composite, name string) (Member, bool, error) { return Member{}, false, fmt.Errorf("anonymous non-composite type %T not allowed", member.Type) } - targets = append(targets, offsetTarget{comp, target.offset + member.OffsetBits}) + targets = append(targets, offsetTarget{comp, target.offset + member.Offset}) } } @@ -759,15 +871,9 @@ func coreAreTypesCompatible(localType Type, targetType Type) error { } switch lv := (localType).(type) { - case *Void, *Struct, *Union, *Enum, *Fwd: + case *Void, *Struct, *Union, *Enum, *Fwd, *Int: // Nothing to do here - case *Int: - tv := targetType.(*Int) - if lv.isBitfield() || tv.isBitfield() { - return fmt.Errorf("bitfield: %w", errImpossibleRelocation) - } - case *Pointer, *Array: depth++ localType.walk(&localTs) @@ -849,7 +955,7 @@ func coreAreMembersCompatible(localType Type, targetType Type) error { } switch lv := localType.(type) { - case *Array, *Pointer, *Float: + case *Array, *Pointer, *Float, *Int: return nil case *Enum: @@ -860,42 +966,7 @@ func coreAreMembersCompatible(localType Type, targetType Type) error { tv := targetType.(*Fwd) return doNamesMatch(lv.Name, tv.Name) - case *Int: - tv := targetType.(*Int) - if lv.isBitfield() || tv.isBitfield() { - return fmt.Errorf("bitfield: %w", errImpossibleRelocation) - } - return nil - default: return fmt.Errorf("type %s: %w", localType, ErrNotSupported) } } - -func skipQualifiersAndTypedefs(typ Type) (Type, error) { - result := typ - for depth := 0; depth <= maxTypeDepth; depth++ { - switch v := (result).(type) { - case qualifier: - result = v.qualify() - case *Typedef: - result = v.Type - default: - return result, nil - } - } - return nil, errors.New("exceeded type depth") -} - -func skipQualifiers(typ Type) (Type, error) { - result := typ - for depth := 0; depth <= maxTypeDepth; depth++ { - switch v := (result).(type) { - case qualifier: - result = v.qualify() - default: - return result, nil - } - } - return nil, errors.New("exceeded type depth") -} diff --git a/vendor/github.com/cilium/ebpf/internal/btf/doc.go b/vendor/github.com/cilium/ebpf/btf/doc.go similarity index 71% rename from vendor/github.com/cilium/ebpf/internal/btf/doc.go rename to vendor/github.com/cilium/ebpf/btf/doc.go index ad2576cb23c..b1f4b1fc3eb 100644 --- a/vendor/github.com/cilium/ebpf/internal/btf/doc.go +++ b/vendor/github.com/cilium/ebpf/btf/doc.go @@ -2,7 +2,4 @@ // // The canonical documentation lives in the Linux kernel repository and is // available at https://www.kernel.org/doc/html/latest/bpf/btf.html -// -// The API is very much unstable. You should only use this via the main -// ebpf library. package btf diff --git a/vendor/github.com/cilium/ebpf/btf/ext_info.go b/vendor/github.com/cilium/ebpf/btf/ext_info.go new file mode 100644 index 00000000000..2c0e1afe299 --- /dev/null +++ b/vendor/github.com/cilium/ebpf/btf/ext_info.go @@ -0,0 +1,721 @@ +package btf + +import ( + "bytes" + "encoding/binary" + "errors" + "fmt" + "io" + "math" + "sort" + + "github.com/cilium/ebpf/asm" + "github.com/cilium/ebpf/internal" +) + +// ExtInfos contains ELF section metadata. +type ExtInfos struct { + // The slices are sorted by offset in ascending order. + funcInfos map[string][]funcInfo + lineInfos map[string][]lineInfo + relocationInfos map[string][]coreRelocationInfo +} + +// loadExtInfosFromELF parses ext infos from the .BTF.ext section in an ELF. +// +// Returns an error wrapping ErrNotFound if no ext infos are present. +func loadExtInfosFromELF(file *internal.SafeELFFile, ts types, strings *stringTable) (*ExtInfos, error) { + section := file.Section(".BTF.ext") + if section == nil { + return nil, fmt.Errorf("btf ext infos: %w", ErrNotFound) + } + + if section.ReaderAt == nil { + return nil, fmt.Errorf("compressed ext_info is not supported") + } + + return loadExtInfos(section.ReaderAt, file.ByteOrder, ts, strings) +} + +// loadExtInfos parses bare ext infos. +func loadExtInfos(r io.ReaderAt, bo binary.ByteOrder, ts types, strings *stringTable) (*ExtInfos, error) { + // Open unbuffered section reader. binary.Read() calls io.ReadFull on + // the header structs, resulting in one syscall per header. + headerRd := io.NewSectionReader(r, 0, math.MaxInt64) + extHeader, err := parseBTFExtHeader(headerRd, bo) + if err != nil { + return nil, fmt.Errorf("parsing BTF extension header: %w", err) + } + + coreHeader, err := parseBTFExtCOREHeader(headerRd, bo, extHeader) + if err != nil { + return nil, fmt.Errorf("parsing BTF CO-RE header: %w", err) + } + + buf := internal.NewBufferedSectionReader(r, extHeader.funcInfoStart(), int64(extHeader.FuncInfoLen)) + btfFuncInfos, err := parseFuncInfos(buf, bo, strings) + if err != nil { + return nil, fmt.Errorf("parsing BTF function info: %w", err) + } + + funcInfos := make(map[string][]funcInfo, len(btfFuncInfos)) + for section, bfis := range btfFuncInfos { + funcInfos[section], err = newFuncInfos(bfis, ts) + if err != nil { + return nil, fmt.Errorf("section %s: func infos: %w", section, err) + } + } + + buf = internal.NewBufferedSectionReader(r, extHeader.lineInfoStart(), int64(extHeader.LineInfoLen)) + btfLineInfos, err := parseLineInfos(buf, bo, strings) + if err != nil { + return nil, fmt.Errorf("parsing BTF line info: %w", err) + } + + lineInfos := make(map[string][]lineInfo, len(btfLineInfos)) + for section, blis := range btfLineInfos { + lineInfos[section], err = newLineInfos(blis, strings) + if err != nil { + return nil, fmt.Errorf("section %s: line infos: %w", section, err) + } + } + + if coreHeader == nil || coreHeader.COREReloLen == 0 { + return &ExtInfos{funcInfos, lineInfos, nil}, nil + } + + var btfCORERelos map[string][]bpfCORERelo + buf = internal.NewBufferedSectionReader(r, extHeader.coreReloStart(coreHeader), int64(coreHeader.COREReloLen)) + btfCORERelos, err = parseCORERelos(buf, bo, strings) + if err != nil { + return nil, fmt.Errorf("parsing CO-RE relocation info: %w", err) + } + + coreRelos := make(map[string][]coreRelocationInfo, len(btfCORERelos)) + for section, brs := range btfCORERelos { + coreRelos[section], err = newRelocationInfos(brs, ts, strings) + if err != nil { + return nil, fmt.Errorf("section %s: CO-RE relocations: %w", section, err) + } + } + + return &ExtInfos{funcInfos, lineInfos, coreRelos}, nil +} + +type funcInfoMeta struct{} +type coreRelocationMeta struct{} + +// Assign per-section metadata from BTF to a section's instructions. +func (ei *ExtInfos) Assign(insns asm.Instructions, section string) { + funcInfos := ei.funcInfos[section] + lineInfos := ei.lineInfos[section] + reloInfos := ei.relocationInfos[section] + + iter := insns.Iterate() + for iter.Next() { + if len(funcInfos) > 0 && funcInfos[0].offset == iter.Offset { + iter.Ins.Metadata.Set(funcInfoMeta{}, funcInfos[0].fn) + funcInfos = funcInfos[1:] + } + + if len(lineInfos) > 0 && lineInfos[0].offset == iter.Offset { + *iter.Ins = iter.Ins.WithSource(lineInfos[0].line) + lineInfos = lineInfos[1:] + } + + if len(reloInfos) > 0 && reloInfos[0].offset == iter.Offset { + iter.Ins.Metadata.Set(coreRelocationMeta{}, reloInfos[0].relo) + reloInfos = reloInfos[1:] + } + } +} + +// MarshalExtInfos encodes function and line info embedded in insns into kernel +// wire format. +func MarshalExtInfos(insns asm.Instructions, typeID func(Type) (TypeID, error)) (funcInfos, lineInfos []byte, _ error) { + iter := insns.Iterate() + var fiBuf, liBuf bytes.Buffer + for iter.Next() { + if fn := FuncMetadata(iter.Ins); fn != nil { + fi := &funcInfo{ + fn: fn, + offset: iter.Offset, + } + if err := fi.marshal(&fiBuf, typeID); err != nil { + return nil, nil, fmt.Errorf("write func info: %w", err) + } + } + + if line, ok := iter.Ins.Source().(*Line); ok { + li := &lineInfo{ + line: line, + offset: iter.Offset, + } + if err := li.marshal(&liBuf); err != nil { + return nil, nil, fmt.Errorf("write line info: %w", err) + } + } + } + return fiBuf.Bytes(), liBuf.Bytes(), nil +} + +// btfExtHeader is found at the start of the .BTF.ext section. +type btfExtHeader struct { + Magic uint16 + Version uint8 + Flags uint8 + + // HdrLen is larger than the size of struct btfExtHeader when it is + // immediately followed by a btfExtCOREHeader. + HdrLen uint32 + + FuncInfoOff uint32 + FuncInfoLen uint32 + LineInfoOff uint32 + LineInfoLen uint32 +} + +// parseBTFExtHeader parses the header of the .BTF.ext section. +func parseBTFExtHeader(r io.Reader, bo binary.ByteOrder) (*btfExtHeader, error) { + var header btfExtHeader + if err := binary.Read(r, bo, &header); err != nil { + return nil, fmt.Errorf("can't read header: %v", err) + } + + if header.Magic != btfMagic { + return nil, fmt.Errorf("incorrect magic value %v", header.Magic) + } + + if header.Version != 1 { + return nil, fmt.Errorf("unexpected version %v", header.Version) + } + + if header.Flags != 0 { + return nil, fmt.Errorf("unsupported flags %v", header.Flags) + } + + if int64(header.HdrLen) < int64(binary.Size(&header)) { + return nil, fmt.Errorf("header length shorter than btfExtHeader size") + } + + return &header, nil +} + +// funcInfoStart returns the offset from the beginning of the .BTF.ext section +// to the start of its func_info entries. +func (h *btfExtHeader) funcInfoStart() int64 { + return int64(h.HdrLen + h.FuncInfoOff) +} + +// lineInfoStart returns the offset from the beginning of the .BTF.ext section +// to the start of its line_info entries. +func (h *btfExtHeader) lineInfoStart() int64 { + return int64(h.HdrLen + h.LineInfoOff) +} + +// coreReloStart returns the offset from the beginning of the .BTF.ext section +// to the start of its CO-RE relocation entries. +func (h *btfExtHeader) coreReloStart(ch *btfExtCOREHeader) int64 { + return int64(h.HdrLen + ch.COREReloOff) +} + +// btfExtCOREHeader is found right after the btfExtHeader when its HdrLen +// field is larger than its size. +type btfExtCOREHeader struct { + COREReloOff uint32 + COREReloLen uint32 +} + +// parseBTFExtCOREHeader parses the tail of the .BTF.ext header. If additional +// header bytes are present, extHeader.HdrLen will be larger than the struct, +// indicating the presence of a CO-RE extension header. +func parseBTFExtCOREHeader(r io.Reader, bo binary.ByteOrder, extHeader *btfExtHeader) (*btfExtCOREHeader, error) { + extHdrSize := int64(binary.Size(&extHeader)) + remainder := int64(extHeader.HdrLen) - extHdrSize + + if remainder == 0 { + return nil, nil + } + + var coreHeader btfExtCOREHeader + if err := binary.Read(r, bo, &coreHeader); err != nil { + return nil, fmt.Errorf("can't read header: %v", err) + } + + return &coreHeader, nil +} + +type btfExtInfoSec struct { + SecNameOff uint32 + NumInfo uint32 +} + +// parseExtInfoSec parses a btf_ext_info_sec header within .BTF.ext, +// appearing within func_info and line_info sub-sections. +// These headers appear once for each program section in the ELF and are +// followed by one or more func/line_info records for the section. +func parseExtInfoSec(r io.Reader, bo binary.ByteOrder, strings *stringTable) (string, *btfExtInfoSec, error) { + var infoHeader btfExtInfoSec + if err := binary.Read(r, bo, &infoHeader); err != nil { + return "", nil, fmt.Errorf("read ext info header: %w", err) + } + + secName, err := strings.Lookup(infoHeader.SecNameOff) + if err != nil { + return "", nil, fmt.Errorf("get section name: %w", err) + } + if secName == "" { + return "", nil, fmt.Errorf("extinfo header refers to empty section name") + } + + if infoHeader.NumInfo == 0 { + return "", nil, fmt.Errorf("section %s has zero records", secName) + } + + return secName, &infoHeader, nil +} + +// parseExtInfoRecordSize parses the uint32 at the beginning of a func_infos +// or line_infos segment that describes the length of all extInfoRecords in +// that segment. +func parseExtInfoRecordSize(r io.Reader, bo binary.ByteOrder) (uint32, error) { + const maxRecordSize = 256 + + var recordSize uint32 + if err := binary.Read(r, bo, &recordSize); err != nil { + return 0, fmt.Errorf("can't read record size: %v", err) + } + + if recordSize < 4 { + // Need at least InsnOff worth of bytes per record. + return 0, errors.New("record size too short") + } + if recordSize > maxRecordSize { + return 0, fmt.Errorf("record size %v exceeds %v", recordSize, maxRecordSize) + } + + return recordSize, nil +} + +// The size of a FuncInfo in BTF wire format. +var FuncInfoSize = uint32(binary.Size(bpfFuncInfo{})) + +type funcInfo struct { + fn *Func + offset asm.RawInstructionOffset +} + +type bpfFuncInfo struct { + // Instruction offset of the function within an ELF section. + InsnOff uint32 + TypeID TypeID +} + +func newFuncInfo(fi bpfFuncInfo, ts types) (*funcInfo, error) { + typ, err := ts.ByID(fi.TypeID) + if err != nil { + return nil, err + } + + fn, ok := typ.(*Func) + if !ok { + return nil, fmt.Errorf("type ID %d is a %T, but expected a Func", fi.TypeID, typ) + } + + // C doesn't have anonymous functions, but check just in case. + if fn.Name == "" { + return nil, fmt.Errorf("func with type ID %d doesn't have a name", fi.TypeID) + } + + return &funcInfo{ + fn, + asm.RawInstructionOffset(fi.InsnOff), + }, nil +} + +func newFuncInfos(bfis []bpfFuncInfo, ts types) ([]funcInfo, error) { + fis := make([]funcInfo, 0, len(bfis)) + for _, bfi := range bfis { + fi, err := newFuncInfo(bfi, ts) + if err != nil { + return nil, fmt.Errorf("offset %d: %w", bfi.InsnOff, err) + } + fis = append(fis, *fi) + } + sort.Slice(fis, func(i, j int) bool { + return fis[i].offset <= fis[j].offset + }) + return fis, nil +} + +// marshal into the BTF wire format. +func (fi *funcInfo) marshal(w io.Writer, typeID func(Type) (TypeID, error)) error { + id, err := typeID(fi.fn) + if err != nil { + return err + } + bfi := bpfFuncInfo{ + InsnOff: uint32(fi.offset), + TypeID: id, + } + return binary.Write(w, internal.NativeEndian, &bfi) +} + +// parseLineInfos parses a func_info sub-section within .BTF.ext ito a map of +// func infos indexed by section name. +func parseFuncInfos(r io.Reader, bo binary.ByteOrder, strings *stringTable) (map[string][]bpfFuncInfo, error) { + recordSize, err := parseExtInfoRecordSize(r, bo) + if err != nil { + return nil, err + } + + result := make(map[string][]bpfFuncInfo) + for { + secName, infoHeader, err := parseExtInfoSec(r, bo, strings) + if errors.Is(err, io.EOF) { + return result, nil + } + if err != nil { + return nil, err + } + + records, err := parseFuncInfoRecords(r, bo, recordSize, infoHeader.NumInfo) + if err != nil { + return nil, fmt.Errorf("section %v: %w", secName, err) + } + + result[secName] = records + } +} + +// parseFuncInfoRecords parses a stream of func_infos into a funcInfos. +// These records appear after a btf_ext_info_sec header in the func_info +// sub-section of .BTF.ext. +func parseFuncInfoRecords(r io.Reader, bo binary.ByteOrder, recordSize uint32, recordNum uint32) ([]bpfFuncInfo, error) { + var out []bpfFuncInfo + var fi bpfFuncInfo + + if exp, got := FuncInfoSize, recordSize; exp != got { + // BTF blob's record size is longer than we know how to parse. + return nil, fmt.Errorf("expected FuncInfo record size %d, but BTF blob contains %d", exp, got) + } + + for i := uint32(0); i < recordNum; i++ { + if err := binary.Read(r, bo, &fi); err != nil { + return nil, fmt.Errorf("can't read function info: %v", err) + } + + if fi.InsnOff%asm.InstructionSize != 0 { + return nil, fmt.Errorf("offset %v is not aligned with instruction size", fi.InsnOff) + } + + // ELF tracks offset in bytes, the kernel expects raw BPF instructions. + // Convert as early as possible. + fi.InsnOff /= asm.InstructionSize + + out = append(out, fi) + } + + return out, nil +} + +var LineInfoSize = uint32(binary.Size(bpfLineInfo{})) + +// Line represents the location and contents of a single line of source +// code a BPF ELF was compiled from. +type Line struct { + fileName string + line string + lineNumber uint32 + lineColumn uint32 + + // TODO: We should get rid of the fields below, but for that we need to be + // able to write BTF. + + fileNameOff uint32 + lineOff uint32 +} + +func (li *Line) FileName() string { + return li.fileName +} + +func (li *Line) Line() string { + return li.line +} + +func (li *Line) LineNumber() uint32 { + return li.lineNumber +} + +func (li *Line) LineColumn() uint32 { + return li.lineColumn +} + +func (li *Line) String() string { + return li.line +} + +type lineInfo struct { + line *Line + offset asm.RawInstructionOffset +} + +// Constants for the format of bpfLineInfo.LineCol. +const ( + bpfLineShift = 10 + bpfLineMax = (1 << (32 - bpfLineShift)) - 1 + bpfColumnMax = (1 << bpfLineShift) - 1 +) + +type bpfLineInfo struct { + // Instruction offset of the line within the whole instruction stream, in instructions. + InsnOff uint32 + FileNameOff uint32 + LineOff uint32 + LineCol uint32 +} + +func newLineInfo(li bpfLineInfo, strings *stringTable) (*lineInfo, error) { + line, err := strings.Lookup(li.LineOff) + if err != nil { + return nil, fmt.Errorf("lookup of line: %w", err) + } + + fileName, err := strings.Lookup(li.FileNameOff) + if err != nil { + return nil, fmt.Errorf("lookup of filename: %w", err) + } + + lineNumber := li.LineCol >> bpfLineShift + lineColumn := li.LineCol & bpfColumnMax + + return &lineInfo{ + &Line{ + fileName, + line, + lineNumber, + lineColumn, + li.FileNameOff, + li.LineOff, + }, + asm.RawInstructionOffset(li.InsnOff), + }, nil +} + +func newLineInfos(blis []bpfLineInfo, strings *stringTable) ([]lineInfo, error) { + lis := make([]lineInfo, 0, len(blis)) + for _, bli := range blis { + li, err := newLineInfo(bli, strings) + if err != nil { + return nil, fmt.Errorf("offset %d: %w", bli.InsnOff, err) + } + lis = append(lis, *li) + } + sort.Slice(lis, func(i, j int) bool { + return lis[i].offset <= lis[j].offset + }) + return lis, nil +} + +// marshal writes the binary representation of the LineInfo to w. +func (li *lineInfo) marshal(w io.Writer) error { + line := li.line + if line.lineNumber > bpfLineMax { + return fmt.Errorf("line %d exceeds %d", line.lineNumber, bpfLineMax) + } + + if line.lineColumn > bpfColumnMax { + return fmt.Errorf("column %d exceeds %d", line.lineColumn, bpfColumnMax) + } + + bli := bpfLineInfo{ + uint32(li.offset), + line.fileNameOff, + line.lineOff, + (line.lineNumber << bpfLineShift) | line.lineColumn, + } + return binary.Write(w, internal.NativeEndian, &bli) +} + +// parseLineInfos parses a line_info sub-section within .BTF.ext ito a map of +// line infos indexed by section name. +func parseLineInfos(r io.Reader, bo binary.ByteOrder, strings *stringTable) (map[string][]bpfLineInfo, error) { + recordSize, err := parseExtInfoRecordSize(r, bo) + if err != nil { + return nil, err + } + + result := make(map[string][]bpfLineInfo) + for { + secName, infoHeader, err := parseExtInfoSec(r, bo, strings) + if errors.Is(err, io.EOF) { + return result, nil + } + if err != nil { + return nil, err + } + + records, err := parseLineInfoRecords(r, bo, recordSize, infoHeader.NumInfo) + if err != nil { + return nil, fmt.Errorf("section %v: %w", secName, err) + } + + result[secName] = records + } +} + +// parseLineInfoRecords parses a stream of line_infos into a lineInfos. +// These records appear after a btf_ext_info_sec header in the line_info +// sub-section of .BTF.ext. +func parseLineInfoRecords(r io.Reader, bo binary.ByteOrder, recordSize uint32, recordNum uint32) ([]bpfLineInfo, error) { + var out []bpfLineInfo + var li bpfLineInfo + + if exp, got := uint32(binary.Size(li)), recordSize; exp != got { + // BTF blob's record size is longer than we know how to parse. + return nil, fmt.Errorf("expected LineInfo record size %d, but BTF blob contains %d", exp, got) + } + + for i := uint32(0); i < recordNum; i++ { + if err := binary.Read(r, bo, &li); err != nil { + return nil, fmt.Errorf("can't read line info: %v", err) + } + + if li.InsnOff%asm.InstructionSize != 0 { + return nil, fmt.Errorf("offset %v is not aligned with instruction size", li.InsnOff) + } + + // ELF tracks offset in bytes, the kernel expects raw BPF instructions. + // Convert as early as possible. + li.InsnOff /= asm.InstructionSize + + out = append(out, li) + } + + return out, nil +} + +// bpfCORERelo matches the kernel's struct bpf_core_relo. +type bpfCORERelo struct { + InsnOff uint32 + TypeID TypeID + AccessStrOff uint32 + Kind coreKind +} + +type CORERelocation struct { + typ Type + accessor coreAccessor + kind coreKind +} + +func CORERelocationMetadata(ins *asm.Instruction) *CORERelocation { + relo, _ := ins.Metadata.Get(coreRelocationMeta{}).(*CORERelocation) + return relo +} + +type coreRelocationInfo struct { + relo *CORERelocation + offset asm.RawInstructionOffset +} + +func newRelocationInfo(relo bpfCORERelo, ts types, strings *stringTable) (*coreRelocationInfo, error) { + typ, err := ts.ByID(relo.TypeID) + if err != nil { + return nil, err + } + + accessorStr, err := strings.Lookup(relo.AccessStrOff) + if err != nil { + return nil, err + } + + accessor, err := parseCOREAccessor(accessorStr) + if err != nil { + return nil, fmt.Errorf("accessor %q: %s", accessorStr, err) + } + + return &coreRelocationInfo{ + &CORERelocation{ + typ, + accessor, + relo.Kind, + }, + asm.RawInstructionOffset(relo.InsnOff), + }, nil +} + +func newRelocationInfos(brs []bpfCORERelo, ts types, strings *stringTable) ([]coreRelocationInfo, error) { + rs := make([]coreRelocationInfo, 0, len(brs)) + for _, br := range brs { + relo, err := newRelocationInfo(br, ts, strings) + if err != nil { + return nil, fmt.Errorf("offset %d: %w", br.InsnOff, err) + } + rs = append(rs, *relo) + } + sort.Slice(rs, func(i, j int) bool { + return rs[i].offset < rs[j].offset + }) + return rs, nil +} + +var extInfoReloSize = binary.Size(bpfCORERelo{}) + +// parseCORERelos parses a core_relos sub-section within .BTF.ext ito a map of +// CO-RE relocations indexed by section name. +func parseCORERelos(r io.Reader, bo binary.ByteOrder, strings *stringTable) (map[string][]bpfCORERelo, error) { + recordSize, err := parseExtInfoRecordSize(r, bo) + if err != nil { + return nil, err + } + + if recordSize != uint32(extInfoReloSize) { + return nil, fmt.Errorf("expected record size %d, got %d", extInfoReloSize, recordSize) + } + + result := make(map[string][]bpfCORERelo) + for { + secName, infoHeader, err := parseExtInfoSec(r, bo, strings) + if errors.Is(err, io.EOF) { + return result, nil + } + if err != nil { + return nil, err + } + + records, err := parseCOREReloRecords(r, bo, recordSize, infoHeader.NumInfo) + if err != nil { + return nil, fmt.Errorf("section %v: %w", secName, err) + } + + result[secName] = records + } +} + +// parseCOREReloRecords parses a stream of CO-RE relocation entries into a +// coreRelos. These records appear after a btf_ext_info_sec header in the +// core_relos sub-section of .BTF.ext. +func parseCOREReloRecords(r io.Reader, bo binary.ByteOrder, recordSize uint32, recordNum uint32) ([]bpfCORERelo, error) { + var out []bpfCORERelo + + var relo bpfCORERelo + for i := uint32(0); i < recordNum; i++ { + if err := binary.Read(r, bo, &relo); err != nil { + return nil, fmt.Errorf("can't read CO-RE relocation: %v", err) + } + + if relo.InsnOff%asm.InstructionSize != 0 { + return nil, fmt.Errorf("offset %v is not aligned with instruction size", relo.InsnOff) + } + + // ELF tracks offset in bytes, the kernel expects raw BPF instructions. + // Convert as early as possible. + relo.InsnOff /= asm.InstructionSize + + out = append(out, relo) + } + + return out, nil +} diff --git a/vendor/github.com/cilium/ebpf/internal/btf/format.go b/vendor/github.com/cilium/ebpf/btf/format.go similarity index 91% rename from vendor/github.com/cilium/ebpf/internal/btf/format.go rename to vendor/github.com/cilium/ebpf/btf/format.go index 159319c33c9..c773312d867 100644 --- a/vendor/github.com/cilium/ebpf/internal/btf/format.go +++ b/vendor/github.com/cilium/ebpf/btf/format.go @@ -63,12 +63,7 @@ func (gf *GoFormatter) writeTypeDecl(name string, typ Type) error { return fmt.Errorf("need a name for type %s", typ) } - typ, err := skipQualifiers(typ) - if err != nil { - return err - } - - switch v := typ.(type) { + switch v := skipQualifiers(typ).(type) { case *Enum: fmt.Fprintf(&gf.w, "type %s int32", name) if len(v.Values) == 0 { @@ -83,10 +78,11 @@ func (gf *GoFormatter) writeTypeDecl(name string, typ Type) error { gf.w.WriteString(")") return nil - } - fmt.Fprintf(&gf.w, "type %s ", name) - return gf.writeTypeLit(typ, 0) + default: + fmt.Fprintf(&gf.w, "type %s ", name) + return gf.writeTypeLit(v, 0) + } } // writeType outputs the name of a named type or a literal describing the type. @@ -96,10 +92,7 @@ func (gf *GoFormatter) writeTypeDecl(name string, typ Type) error { // foo (if foo is a named type) // uint32 func (gf *GoFormatter) writeType(typ Type, depth int) error { - typ, err := skipQualifiers(typ) - if err != nil { - return err - } + typ = skipQualifiers(typ) name := gf.Names[typ] if name != "" { @@ -124,12 +117,8 @@ func (gf *GoFormatter) writeTypeLit(typ Type, depth int) error { return errNestedTooDeep } - typ, err := skipQualifiers(typ) - if err != nil { - return err - } - - switch v := typ.(type) { + var err error + switch v := skipQualifiers(typ).(type) { case *Int: gf.writeIntLit(v) @@ -154,7 +143,7 @@ func (gf *GoFormatter) writeTypeLit(typ Type, depth int) error { err = gf.writeDatasecLit(v, depth) default: - return fmt.Errorf("type %s: %w", typ, ErrNotSupported) + return fmt.Errorf("type %T: %w", v, ErrNotSupported) } if err != nil { @@ -190,7 +179,7 @@ func (gf *GoFormatter) writeStructLit(size uint32, members []Member, depth int) continue } - offset := m.OffsetBits / 8 + offset := m.Offset.Bytes() if n := offset - prevOffset; skippedBitfield && n > 0 { fmt.Fprintf(&gf.w, "_ [%d]byte /* unsupported bitfield */; ", n) } else { @@ -217,8 +206,8 @@ func (gf *GoFormatter) writeStructField(m Member, depth int) error { if m.BitfieldSize > 0 { return fmt.Errorf("bitfields are not supported") } - if m.OffsetBits%8 != 0 { - return fmt.Errorf("unsupported offset %d", m.OffsetBits) + if m.Offset%8 != 0 { + return fmt.Errorf("unsupported offset %d", m.Offset) } if m.Name == "" { @@ -302,3 +291,16 @@ func (gf *GoFormatter) writePadding(bytes uint32) { fmt.Fprintf(&gf.w, "_ [%d]byte; ", bytes) } } + +func skipQualifiers(typ Type) Type { + result := typ + for depth := 0; depth <= maxTypeDepth; depth++ { + switch v := (result).(type) { + case qualifier: + result = v.qualify() + default: + return result + } + } + return &cycle{typ} +} diff --git a/vendor/github.com/cilium/ebpf/internal/btf/info.go b/vendor/github.com/cilium/ebpf/btf/info.go similarity index 100% rename from vendor/github.com/cilium/ebpf/internal/btf/info.go rename to vendor/github.com/cilium/ebpf/btf/info.go diff --git a/vendor/github.com/cilium/ebpf/btf/strings.go b/vendor/github.com/cilium/ebpf/btf/strings.go new file mode 100644 index 00000000000..2f3bf831f70 --- /dev/null +++ b/vendor/github.com/cilium/ebpf/btf/strings.go @@ -0,0 +1,112 @@ +package btf + +import ( + "bufio" + "bytes" + "errors" + "fmt" + "io" +) + +type stringTable struct { + offsets []uint32 + strings []string +} + +// sizedReader is implemented by bytes.Reader, io.SectionReader, strings.Reader, etc. +type sizedReader interface { + io.Reader + Size() int64 +} + +func readStringTable(r sizedReader) (*stringTable, error) { + // Derived from vmlinux BTF. + const averageStringLength = 16 + + n := int(r.Size() / averageStringLength) + offsets := make([]uint32, 0, n) + strings := make([]string, 0, n) + + offset := uint32(0) + scanner := bufio.NewScanner(r) + scanner.Split(splitNull) + for scanner.Scan() { + str := scanner.Text() + offsets = append(offsets, offset) + strings = append(strings, str) + offset += uint32(len(str)) + 1 + } + if err := scanner.Err(); err != nil { + return nil, err + } + + if len(strings) == 0 { + return nil, errors.New("string table is empty") + } + + if strings[0] != "" { + return nil, errors.New("first item in string table is non-empty") + } + + return &stringTable{offsets, strings}, nil +} + +func splitNull(data []byte, atEOF bool) (advance int, token []byte, err error) { + i := bytes.IndexByte(data, 0) + if i == -1 { + if atEOF && len(data) > 0 { + return 0, nil, errors.New("string table isn't null terminated") + } + return 0, nil, nil + } + + return i + 1, data[:i], nil +} + +func (st *stringTable) Lookup(offset uint32) (string, error) { + i := search(st.offsets, offset) + if i == len(st.offsets) || st.offsets[i] != offset { + return "", fmt.Errorf("offset %d isn't start of a string", offset) + } + + return st.strings[i], nil +} + +func (st *stringTable) Length() int { + last := len(st.offsets) - 1 + return int(st.offsets[last]) + len(st.strings[last]) + 1 +} + +func (st *stringTable) Marshal(w io.Writer) error { + for _, str := range st.strings { + _, err := io.WriteString(w, str) + if err != nil { + return err + } + _, err = w.Write([]byte{0}) + if err != nil { + return err + } + } + return nil +} + +// search is a copy of sort.Search specialised for uint32. +// +// Licensed under https://go.dev/LICENSE +func search(ints []uint32, needle uint32) int { + // Define f(-1) == false and f(n) == true. + // Invariant: f(i-1) == false, f(j) == true. + i, j := 0, len(ints) + for i < j { + h := int(uint(i+j) >> 1) // avoid overflow when computing h + // i ≤ h < j + if !(ints[h] >= needle) { + i = h + 1 // preserves f(i-1) == false + } else { + j = h // preserves f(j) == true + } + } + // i == j, f(i-1) == false, and f(j) (= f(i)) == true => answer is i. + return i +} diff --git a/vendor/github.com/cilium/ebpf/internal/btf/types.go b/vendor/github.com/cilium/ebpf/btf/types.go similarity index 57% rename from vendor/github.com/cilium/ebpf/internal/btf/types.go rename to vendor/github.com/cilium/ebpf/btf/types.go index a6b5a10aae5..82e7fea5823 100644 --- a/vendor/github.com/cilium/ebpf/internal/btf/types.go +++ b/vendor/github.com/cilium/ebpf/btf/types.go @@ -2,8 +2,12 @@ package btf import ( "fmt" + "io" "math" + "reflect" "strings" + + "github.com/cilium/ebpf/asm" ) const maxTypeDepth = 32 @@ -11,15 +15,18 @@ const maxTypeDepth = 32 // TypeID identifies a type in a BTF section. type TypeID uint32 -// ID implements part of the Type interface. -func (tid TypeID) ID() TypeID { - return tid -} - // Type represents a type described by BTF. type Type interface { - // The type ID of the Type within this BTF spec. - ID() TypeID + // Type can be formatted using the %s and %v verbs. %s outputs only the + // identity of the type, without any detail. %v outputs additional detail. + // + // Use the '+' flag to include the address of the type. + // + // Use the width to specify how many levels of detail to output, for example + // %1v will output detail for the root type and a short description of its + // children. %2v would output details of the root type and its children + // as well as a short description of the grandchildren. + fmt.Formatter // Name of the type, empty for anonymous types and types that cannot // carry a name, like Void and Pointer. @@ -31,8 +38,6 @@ type Type interface { // Enumerate all nested Types. Repeated calls must visit nested // types in the same order. walk(*typeDeque) - - String() string } var ( @@ -48,15 +53,26 @@ var ( _ Type = (*Float)(nil) ) +// types is a list of Type. +// +// The order determines the ID of a type. +type types []Type + +func (ts types) ByID(id TypeID) (Type, error) { + if int(id) > len(ts) { + return nil, fmt.Errorf("type ID %d: %w", id, ErrNotFound) + } + return ts[id], nil +} + // Void is the unit type of BTF. type Void struct{} -func (v *Void) ID() TypeID { return 0 } -func (v *Void) String() string { return "void#0" } -func (v *Void) TypeName() string { return "" } -func (v *Void) size() uint32 { return 0 } -func (v *Void) copy() Type { return (*Void)(nil) } -func (v *Void) walk(*typeDeque) {} +func (v *Void) Format(fs fmt.State, verb rune) { formatType(fs, verb, v) } +func (v *Void) TypeName() string { return "" } +func (v *Void) size() uint32 { return 0 } +func (v *Void) copy() Type { return (*Void)(nil) } +func (v *Void) walk(*typeDeque) {} type IntEncoding byte @@ -78,44 +94,34 @@ func (ie IntEncoding) IsBool() bool { return ie&Bool != 0 } +func (ie IntEncoding) String() string { + switch { + case ie.IsChar() && ie.IsSigned(): + return "char" + case ie.IsChar() && !ie.IsSigned(): + return "uchar" + case ie.IsBool(): + return "bool" + case ie.IsSigned(): + return "signed" + default: + return "unsigned" + } +} + // Int is an integer of a given length. +// +// See https://www.kernel.org/doc/html/latest/bpf/btf.html#btf-kind-int type Int struct { - TypeID - Name string // The size of the integer in bytes. Size uint32 Encoding IntEncoding - // OffsetBits is the starting bit offset. Currently always 0. - // See https://www.kernel.org/doc/html/latest/bpf/btf.html#btf-kind-int - OffsetBits uint32 - Bits byte } -func (i *Int) String() string { - var s strings.Builder - - switch { - case i.Encoding.IsChar(): - s.WriteString("char") - case i.Encoding.IsBool(): - s.WriteString("bool") - default: - if !i.Encoding.IsSigned() { - s.WriteRune('u') - } - s.WriteString("int") - fmt.Fprintf(&s, "%d", i.Size*8) - } - - fmt.Fprintf(&s, "#%d", i.TypeID) - - if i.Bits > 0 { - fmt.Fprintf(&s, "[bits=%d]", i.Bits) - } - - return s.String() +func (i *Int) Format(fs fmt.State, verb rune) { + formatType(fs, verb, i, i.Encoding, "size=", i.Size*8) } func (i *Int) TypeName() string { return i.Name } @@ -126,18 +132,13 @@ func (i *Int) copy() Type { return &cpy } -func (i *Int) isBitfield() bool { - return i.OffsetBits > 0 -} - // Pointer is a pointer to another type. type Pointer struct { - TypeID Target Type } -func (p *Pointer) String() string { - return fmt.Sprintf("pointer#%d[target=#%d]", p.TypeID, p.Target.ID()) +func (p *Pointer) Format(fs fmt.State, verb rune) { + formatType(fs, verb, p, "target=", p.Target) } func (p *Pointer) TypeName() string { return "" } @@ -150,13 +151,12 @@ func (p *Pointer) copy() Type { // Array is an array with a fixed number of elements. type Array struct { - TypeID Type Type Nelems uint32 } -func (arr *Array) String() string { - return fmt.Sprintf("array#%d[type=#%d n=%d]", arr.TypeID, arr.Type.ID(), arr.Nelems) +func (arr *Array) Format(fs fmt.State, verb rune) { + formatType(fs, verb, arr, "type=", arr.Type, "n=", arr.Nelems) } func (arr *Array) TypeName() string { return "" } @@ -169,15 +169,14 @@ func (arr *Array) copy() Type { // Struct is a compound type of consecutive members. type Struct struct { - TypeID Name string // The size of the struct including padding, in bytes Size uint32 Members []Member } -func (s *Struct) String() string { - return fmt.Sprintf("struct#%d[%q]", s.TypeID, s.Name) +func (s *Struct) Format(fs fmt.State, verb rune) { + formatType(fs, verb, s, "fields=", len(s.Members)) } func (s *Struct) TypeName() string { return s.Name } @@ -202,15 +201,14 @@ func (s *Struct) members() []Member { // Union is a compound type where members occupy the same memory. type Union struct { - TypeID Name string // The size of the union including padding, in bytes. Size uint32 Members []Member } -func (u *Union) String() string { - return fmt.Sprintf("union#%d[%q]", u.TypeID, u.Name) +func (u *Union) Format(fs fmt.State, verb rune) { + formatType(fs, verb, u, "fields=", len(u.Members)) } func (u *Union) TypeName() string { return u.Name } @@ -248,26 +246,32 @@ var ( _ composite = (*Union)(nil) ) +// A value in bits. +type Bits uint32 + +// Bytes converts a bit value into bytes. +func (b Bits) Bytes() uint32 { + return uint32(b / 8) +} + // Member is part of a Struct or Union. // // It is not a valid Type. type Member struct { - Name string - Type Type - // OffsetBits is the bit offset of this member. - OffsetBits uint32 - BitfieldSize uint32 + Name string + Type Type + Offset Bits + BitfieldSize Bits } // Enum lists possible values. type Enum struct { - TypeID Name string Values []EnumValue } -func (e *Enum) String() string { - return fmt.Sprintf("enum#%d[%q]", e.TypeID, e.Name) +func (e *Enum) Format(fs fmt.State, verb rune) { + formatType(fs, verb, e, "values=", len(e.Values)) } func (e *Enum) TypeName() string { return e.Name } @@ -311,13 +315,12 @@ func (fk FwdKind) String() string { // Fwd is a forward declaration of a Type. type Fwd struct { - TypeID Name string Kind FwdKind } -func (f *Fwd) String() string { - return fmt.Sprintf("fwd#%d[%s %q]", f.TypeID, f.Kind, f.Name) +func (f *Fwd) Format(fs fmt.State, verb rune) { + formatType(fs, verb, f, f.Kind) } func (f *Fwd) TypeName() string { return f.Name } @@ -330,13 +333,12 @@ func (f *Fwd) copy() Type { // Typedef is an alias of a Type. type Typedef struct { - TypeID Name string Type Type } -func (td *Typedef) String() string { - return fmt.Sprintf("typedef#%d[%q #%d]", td.TypeID, td.Name, td.Type.ID()) +func (td *Typedef) Format(fs fmt.State, verb rune) { + formatType(fs, verb, td, td.Type) } func (td *Typedef) TypeName() string { return td.Name } @@ -349,12 +351,11 @@ func (td *Typedef) copy() Type { // Volatile is a qualifier. type Volatile struct { - TypeID Type Type } -func (v *Volatile) String() string { - return fmt.Sprintf("volatile#%d[#%d]", v.TypeID, v.Type.ID()) +func (v *Volatile) Format(fs fmt.State, verb rune) { + formatType(fs, verb, v, v.Type) } func (v *Volatile) TypeName() string { return "" } @@ -368,12 +369,11 @@ func (v *Volatile) copy() Type { // Const is a qualifier. type Const struct { - TypeID Type Type } -func (c *Const) String() string { - return fmt.Sprintf("const#%d[#%d]", c.TypeID, c.Type.ID()) +func (c *Const) Format(fs fmt.State, verb rune) { + formatType(fs, verb, c, c.Type) } func (c *Const) TypeName() string { return "" } @@ -387,12 +387,11 @@ func (c *Const) copy() Type { // Restrict is a qualifier. type Restrict struct { - TypeID Type Type } -func (r *Restrict) String() string { - return fmt.Sprintf("restrict#%d[#%d]", r.TypeID, r.Type.ID()) +func (r *Restrict) Format(fs fmt.State, verb rune) { + formatType(fs, verb, r, r.Type) } func (r *Restrict) TypeName() string { return "" } @@ -406,14 +405,18 @@ func (r *Restrict) copy() Type { // Func is a function definition. type Func struct { - TypeID Name string Type Type Linkage FuncLinkage } -func (f *Func) String() string { - return fmt.Sprintf("func#%d[%s %q proto=#%d]", f.TypeID, f.Linkage, f.Name, f.Type.ID()) +func FuncMetadata(ins *asm.Instruction) *Func { + fn, _ := ins.Metadata.Get(funcInfoMeta{}).(*Func) + return fn +} + +func (f *Func) Format(fs fmt.State, verb rune) { + formatType(fs, verb, f, f.Linkage, "proto=", f.Type) } func (f *Func) TypeName() string { return f.Name } @@ -426,19 +429,12 @@ func (f *Func) copy() Type { // FuncProto is a function declaration. type FuncProto struct { - TypeID Return Type Params []FuncParam } -func (fp *FuncProto) String() string { - var s strings.Builder - fmt.Fprintf(&s, "proto#%d[", fp.TypeID) - for _, param := range fp.Params { - fmt.Fprintf(&s, "%q=#%d, ", param.Name, param.Type.ID()) - } - fmt.Fprintf(&s, "return=#%d]", fp.Return.ID()) - return s.String() +func (fp *FuncProto) Format(fs fmt.State, verb rune) { + formatType(fs, verb, fp, "args=", len(fp.Params), "return=", fp.Return) } func (fp *FuncProto) TypeName() string { return "" } @@ -464,14 +460,13 @@ type FuncParam struct { // Var is a global variable. type Var struct { - TypeID Name string Type Type Linkage VarLinkage } -func (v *Var) String() string { - return fmt.Sprintf("var#%d[%s %q]", v.TypeID, v.Linkage, v.Name) +func (v *Var) Format(fs fmt.State, verb rune) { + formatType(fs, verb, v, v.Linkage) } func (v *Var) TypeName() string { return v.Name } @@ -484,14 +479,13 @@ func (v *Var) copy() Type { // Datasec is a global program section containing data. type Datasec struct { - TypeID Name string Size uint32 Vars []VarSecinfo } -func (ds *Datasec) String() string { - return fmt.Sprintf("section#%d[%q]", ds.TypeID, ds.Name) +func (ds *Datasec) Format(fs fmt.State, verb rune) { + formatType(fs, verb, ds) } func (ds *Datasec) TypeName() string { return ds.Name } @@ -522,15 +516,14 @@ type VarSecinfo struct { // Float is a float of a given length. type Float struct { - TypeID Name string // The size of the float in bytes. Size uint32 } -func (f *Float) String() string { - return fmt.Sprintf("float%d#%d[%q]", f.Size*8, f.TypeID, f.Name) +func (f *Float) Format(fs fmt.State, verb rune) { + formatType(fs, verb, f, "size=", f.Size*8) } func (f *Float) TypeName() string { return f.Name } @@ -541,6 +534,20 @@ func (f *Float) copy() Type { return &cpy } +// cycle is a type which had to be elided since it exceeded maxTypeDepth. +type cycle struct { + root Type +} + +func (c *cycle) ID() TypeID { return math.MaxUint32 } +func (c *cycle) Format(fs fmt.State, verb rune) { formatType(fs, verb, c, "root=", c.root) } +func (c *cycle) TypeName() string { return "" } +func (c *cycle) walk(*typeDeque) {} +func (c *cycle) copy() Type { + cpy := *c + return &cpy +} + type sizer interface { size() uint32 } @@ -616,44 +623,54 @@ func Sizeof(typ Type) (int, error) { return 0, fmt.Errorf("type %s: exceeded type depth", typ) } -// Copy a Type recursively. -func Copy(typ Type) Type { - typ, _ = copyType(typ, nil) - return typ +// alignof returns the alignment of a type. +// +// Currently only supports the subset of types necessary for bitfield relocations. +func alignof(typ Type) (int, error) { + switch t := UnderlyingType(typ).(type) { + case *Enum: + return int(t.size()), nil + case *Int: + return int(t.Size), nil + default: + return 0, fmt.Errorf("can't calculate alignment of %T", t) + } } -// copy a Type recursively. +// Transformer modifies a given Type and returns the result. // -// typ may form a cycle. +// For example, UnderlyingType removes any qualifiers or typedefs from a type. +// See the example on Copy for how to use a transform. +type Transformer func(Type) Type + +// Copy a Type recursively. // -// Returns any errors from transform verbatim. -func copyType(typ Type, transform func(Type) (Type, error)) (Type, error) { +// typ may form a cycle. If transform is not nil, it is called with the +// to be copied type, and the returned value is copied instead. +func Copy(typ Type, transform Transformer) Type { copies := make(copier) - return typ, copies.copy(&typ, transform) + copies.copy(&typ, transform) + return typ } // copy a slice of Types recursively. // -// Types may form a cycle. -// -// Returns any errors from transform verbatim. -func copyTypes(types []Type, transform func(Type) (Type, error)) ([]Type, error) { +// See Copy for the semantics. +func copyTypes(types []Type, transform Transformer) []Type { result := make([]Type, len(types)) copy(result, types) copies := make(copier) for i := range result { - if err := copies.copy(&result[i], transform); err != nil { - return nil, err - } + copies.copy(&result[i], transform) } - return result, nil + return result } type copier map[Type]Type -func (c copier) copy(typ *Type, transform func(Type) (Type, error)) error { +func (c copier) copy(typ *Type, transform Transformer) { var work typeDeque for t := typ; t != nil; t = work.pop() { // *t is the identity of the type. @@ -664,11 +681,7 @@ func (c copier) copy(typ *Type, transform func(Type) (Type, error)) error { var cpy Type if transform != nil { - tf, err := transform(*t) - if err != nil { - return fmt.Errorf("copy %s: %w", *t, err) - } - cpy = tf.copy() + cpy = transform(*t).copy() } else { cpy = (*t).copy() } @@ -679,8 +692,6 @@ func (c copier) copy(typ *Type, transform func(Type) (Type, error)) error { // Mark any nested types for copying. cpy.walk(&work) } - - return nil } // typeDeque keeps track of pointers to types which still @@ -763,18 +774,52 @@ func (dq *typeDeque) all() []*Type { // Returns a map of named types (so, where NameOff is non-zero) and a slice of types // indexed by TypeID. Since BTF ignores compilation units, multiple types may share // the same name. A Type may form a cyclic graph by pointing at itself. -func inflateRawTypes(rawTypes []rawType, rawStrings stringTable) (types []Type, namedTypes map[essentialName][]Type, err error) { +func inflateRawTypes(rawTypes []rawType, rawStrings *stringTable) ([]Type, error) { + types := make([]Type, 0, len(rawTypes)+1) + types = append(types, (*Void)(nil)) + type fixupDef struct { - id TypeID - expectedKind btfKind - typ *Type + id TypeID + typ *Type } var fixups []fixupDef - fixup := func(id TypeID, expectedKind btfKind, typ *Type) { - fixups = append(fixups, fixupDef{id, expectedKind, typ}) + fixup := func(id TypeID, typ *Type) { + if id < TypeID(len(types)) { + // We've already inflated this type, fix it up immediately. + *typ = types[id] + return + } + fixups = append(fixups, fixupDef{id, typ}) } + type assertion struct { + typ *Type + want reflect.Type + } + + var assertions []assertion + assert := func(typ *Type, want reflect.Type) error { + if *typ != nil { + // The type has already been fixed up, check the type immediately. + if reflect.TypeOf(*typ) != want { + return fmt.Errorf("expected %s, got %T", want, *typ) + } + return nil + } + assertions = append(assertions, assertion{typ, want}) + return nil + } + + type bitfieldFixupDef struct { + id TypeID + m *Member + } + + var ( + legacyBitfields = make(map[TypeID][2]Bits) // offset, size + bitfieldFixups []bitfieldFixupDef + ) convertMembers := func(raw []btfMember, kindFlag bool) ([]Member, error) { // NB: The fixup below relies on pre-allocating this array to // work, since otherwise append might re-allocate members. @@ -784,26 +829,52 @@ func inflateRawTypes(rawTypes []rawType, rawStrings stringTable) (types []Type, if err != nil { return nil, fmt.Errorf("can't get name for member %d: %w", i, err) } - m := Member{ - Name: name, - OffsetBits: btfMember.Offset, - } + + members = append(members, Member{ + Name: name, + Offset: Bits(btfMember.Offset), + }) + + m := &members[i] + fixup(raw[i].Type, &m.Type) + if kindFlag { - m.BitfieldSize = btfMember.Offset >> 24 - m.OffsetBits &= 0xffffff + m.BitfieldSize = Bits(btfMember.Offset >> 24) + m.Offset &= 0xffffff + // We ignore legacy bitfield definitions if the current composite + // is a new-style bitfield. This is kind of safe since offset and + // size on the type of the member must be zero if kindFlat is set + // according to spec. + continue } - members = append(members, m) - } - for i := range members { - fixup(raw[i].Type, kindUnknown, &members[i].Type) + + // This may be a legacy bitfield, try to fix it up. + data, ok := legacyBitfields[raw[i].Type] + if ok { + // Bingo! + m.Offset += data[0] + m.BitfieldSize = data[1] + continue + } + + if m.Type != nil { + // We couldn't find a legacy bitfield, but we know that the member's + // type has already been inflated. Hence we know that it can't be + // a legacy bitfield and there is nothing left to do. + continue + } + + // We don't have fixup data, and the type we're pointing + // at hasn't been inflated yet. No choice but to defer + // the fixup. + bitfieldFixups = append(bitfieldFixups, bitfieldFixupDef{ + raw[i].Type, + m, + }) } return members, nil } - types = make([]Type, 0, len(rawTypes)) - types = append(types, (*Void)(nil)) - namedTypes = make(map[essentialName][]Type) - for i, raw := range rawTypes { var ( // Void is defined to always be type ID 0, and is thus @@ -814,17 +885,21 @@ func inflateRawTypes(rawTypes []rawType, rawStrings stringTable) (types []Type, name, err := rawStrings.Lookup(raw.NameOff) if err != nil { - return nil, nil, fmt.Errorf("get name for type id %d: %w", id, err) + return nil, fmt.Errorf("get name for type id %d: %w", id, err) } switch raw.Kind() { case kindInt: + size := raw.Size() encoding, offset, bits := intEncoding(*raw.data.(*uint32)) - typ = &Int{id, name, raw.Size(), encoding, offset, bits} + if offset > 0 || bits.Bytes() != size { + legacyBitfields[id] = [2]Bits{offset, bits} + } + typ = &Int{name, size, encoding} case kindPointer: - ptr := &Pointer{id, nil} - fixup(raw.Type(), kindUnknown, &ptr.Target) + ptr := &Pointer{nil} + fixup(raw.Type(), &ptr.Target) typ = ptr case kindArray: @@ -832,23 +907,23 @@ func inflateRawTypes(rawTypes []rawType, rawStrings stringTable) (types []Type, // IndexType is unused according to btf.rst. // Don't make it available right now. - arr := &Array{id, nil, btfArr.Nelems} - fixup(btfArr.Type, kindUnknown, &arr.Type) + arr := &Array{nil, btfArr.Nelems} + fixup(btfArr.Type, &arr.Type) typ = arr case kindStruct: members, err := convertMembers(raw.data.([]btfMember), raw.KindFlag()) if err != nil { - return nil, nil, fmt.Errorf("struct %s (id %d): %w", name, id, err) + return nil, fmt.Errorf("struct %s (id %d): %w", name, id, err) } - typ = &Struct{id, name, raw.Size(), members} + typ = &Struct{name, raw.Size(), members} case kindUnion: members, err := convertMembers(raw.data.([]btfMember), raw.KindFlag()) if err != nil { - return nil, nil, fmt.Errorf("union %s (id %d): %w", name, id, err) + return nil, fmt.Errorf("union %s (id %d): %w", name, id, err) } - typ = &Union{id, name, raw.Size(), members} + typ = &Union{name, raw.Size(), members} case kindEnum: rawvals := raw.data.([]btfEnum) @@ -856,45 +931,48 @@ func inflateRawTypes(rawTypes []rawType, rawStrings stringTable) (types []Type, for i, btfVal := range rawvals { name, err := rawStrings.Lookup(btfVal.NameOff) if err != nil { - return nil, nil, fmt.Errorf("get name for enum value %d: %s", i, err) + return nil, fmt.Errorf("get name for enum value %d: %s", i, err) } vals = append(vals, EnumValue{ Name: name, Value: btfVal.Val, }) } - typ = &Enum{id, name, vals} + typ = &Enum{name, vals} case kindForward: if raw.KindFlag() { - typ = &Fwd{id, name, FwdUnion} + typ = &Fwd{name, FwdUnion} } else { - typ = &Fwd{id, name, FwdStruct} + typ = &Fwd{name, FwdStruct} } case kindTypedef: - typedef := &Typedef{id, name, nil} - fixup(raw.Type(), kindUnknown, &typedef.Type) + typedef := &Typedef{name, nil} + fixup(raw.Type(), &typedef.Type) typ = typedef case kindVolatile: - volatile := &Volatile{id, nil} - fixup(raw.Type(), kindUnknown, &volatile.Type) + volatile := &Volatile{nil} + fixup(raw.Type(), &volatile.Type) typ = volatile case kindConst: - cnst := &Const{id, nil} - fixup(raw.Type(), kindUnknown, &cnst.Type) + cnst := &Const{nil} + fixup(raw.Type(), &cnst.Type) typ = cnst case kindRestrict: - restrict := &Restrict{id, nil} - fixup(raw.Type(), kindUnknown, &restrict.Type) + restrict := &Restrict{nil} + fixup(raw.Type(), &restrict.Type) typ = restrict case kindFunc: - fn := &Func{id, name, nil, raw.Linkage()} - fixup(raw.Type(), kindFuncProto, &fn.Type) + fn := &Func{name, nil, raw.Linkage()} + fixup(raw.Type(), &fn.Type) + if err := assert(&fn.Type, reflect.TypeOf((*FuncProto)(nil))); err != nil { + return nil, err + } typ = fn case kindFuncProto: @@ -903,24 +981,24 @@ func inflateRawTypes(rawTypes []rawType, rawStrings stringTable) (types []Type, for i, param := range rawparams { name, err := rawStrings.Lookup(param.NameOff) if err != nil { - return nil, nil, fmt.Errorf("get name for func proto parameter %d: %s", i, err) + return nil, fmt.Errorf("get name for func proto parameter %d: %s", i, err) } params = append(params, FuncParam{ Name: name, }) } for i := range params { - fixup(rawparams[i].Type, kindUnknown, ¶ms[i].Type) + fixup(rawparams[i].Type, ¶ms[i].Type) } - fp := &FuncProto{id, nil, params} - fixup(raw.Type(), kindUnknown, &fp.Return) + fp := &FuncProto{nil, params} + fixup(raw.Type(), &fp.Return) typ = fp case kindVar: variable := raw.data.(*btfVariable) - v := &Var{id, name, nil, VarLinkage(variable.Linkage)} - fixup(raw.Type(), kindUnknown, &v.Type) + v := &Var{name, nil, VarLinkage(variable.Linkage)} + fixup(raw.Type(), &v.Type) typ = v case kindDatasec: @@ -933,44 +1011,48 @@ func inflateRawTypes(rawTypes []rawType, rawStrings stringTable) (types []Type, }) } for i := range vars { - fixup(btfVars[i].Type, kindVar, &vars[i].Type) + fixup(btfVars[i].Type, &vars[i].Type) + if err := assert(&vars[i].Type, reflect.TypeOf((*Var)(nil))); err != nil { + return nil, err + } } - typ = &Datasec{id, name, raw.SizeType, vars} + typ = &Datasec{name, raw.SizeType, vars} case kindFloat: - typ = &Float{id, name, raw.Size()} + typ = &Float{name, raw.Size()} default: - return nil, nil, fmt.Errorf("type id %d: unknown kind: %v", id, raw.Kind()) + return nil, fmt.Errorf("type id %d: unknown kind: %v", id, raw.Kind()) } types = append(types, typ) - - if name := newEssentialName(typ.TypeName()); name != "" { - namedTypes[name] = append(namedTypes[name], typ) - } } for _, fixup := range fixups { i := int(fixup.id) if i >= len(types) { - return nil, nil, fmt.Errorf("reference to invalid type id: %d", fixup.id) + return nil, fmt.Errorf("reference to invalid type id: %d", fixup.id) } - // Default void (id 0) to unknown - rawKind := kindUnknown - if i > 0 { - rawKind = rawTypes[i-1].Kind() - } + *fixup.typ = types[i] + } - if expected := fixup.expectedKind; expected != kindUnknown && rawKind != expected { - return nil, nil, fmt.Errorf("expected type id %d to have kind %s, found %s", fixup.id, expected, rawKind) + for _, bitfieldFixup := range bitfieldFixups { + data, ok := legacyBitfields[bitfieldFixup.id] + if ok { + // This is indeed a legacy bitfield, fix it up. + bitfieldFixup.m.Offset += data[0] + bitfieldFixup.m.BitfieldSize = data[1] } + } - *fixup.typ = types[i] + for _, assertion := range assertions { + if reflect.TypeOf(*assertion.typ) != assertion.want { + return nil, fmt.Errorf("expected %s, got %T", assertion.want, *assertion.typ) + } } - return types, namedTypes, nil + return types, nil } // essentialName represents the name of a BTF type stripped of any flavor @@ -984,9 +1066,116 @@ type essentialName string // in a type name is ignored for the purpose of finding a candidate type // in the kernel's BTF. func newEssentialName(name string) essentialName { + if name == "" { + return "" + } lastIdx := strings.LastIndex(name, "___") if lastIdx > 0 { return essentialName(name[:lastIdx]) } return essentialName(name) } + +// UnderlyingType skips qualifiers and Typedefs. +func UnderlyingType(typ Type) Type { + result := typ + for depth := 0; depth <= maxTypeDepth; depth++ { + switch v := (result).(type) { + case qualifier: + result = v.qualify() + case *Typedef: + result = v.Type + default: + return result + } + } + return &cycle{typ} +} + +type formatState struct { + fmt.State + depth int +} + +// formattableType is a subset of Type, to ease unit testing of formatType. +type formattableType interface { + fmt.Formatter + TypeName() string +} + +// formatType formats a type in a canonical form. +// +// Handles cyclical types by only printing cycles up to a certain depth. Elements +// in extra are separated by spaces unless the preceding element is a string +// ending in '='. +func formatType(f fmt.State, verb rune, t formattableType, extra ...interface{}) { + if verb != 'v' && verb != 's' { + fmt.Fprintf(f, "{UNRECOGNIZED: %c}", verb) + return + } + + // This is the same as %T, but elides the package name. Assumes that + // formattableType is implemented by a pointer receiver. + goTypeName := reflect.TypeOf(t).Elem().Name() + _, _ = io.WriteString(f, goTypeName) + + if name := t.TypeName(); name != "" { + // Output BTF type name if present. + fmt.Fprintf(f, ":%q", name) + } + + if f.Flag('+') { + // Output address if requested. + fmt.Fprintf(f, ":%#p", t) + } + + if verb == 's' { + // %s omits details. + return + } + + var depth int + if ps, ok := f.(*formatState); ok { + depth = ps.depth + f = ps.State + } + + maxDepth, ok := f.Width() + if !ok { + maxDepth = 0 + } + + if depth > maxDepth { + // We've reached the maximum depth. This avoids infinite recursion even + // for cyclical types. + return + } + + if len(extra) == 0 { + return + } + + wantSpace := false + _, _ = io.WriteString(f, "[") + for _, arg := range extra { + if wantSpace { + _, _ = io.WriteString(f, " ") + } + + switch v := arg.(type) { + case string: + _, _ = io.WriteString(f, v) + wantSpace = len(v) > 0 && v[len(v)-1] != '=' + continue + + case formattableType: + v.Format(&formatState{f, depth + 1}, verb) + + default: + fmt.Fprint(f, arg) + } + + wantSpace = true + } + _, _ = io.WriteString(f, "]") +} diff --git a/vendor/github.com/cilium/ebpf/collection.go b/vendor/github.com/cilium/ebpf/collection.go index fb32ada88a3..22b7c7a35bc 100644 --- a/vendor/github.com/cilium/ebpf/collection.go +++ b/vendor/github.com/cilium/ebpf/collection.go @@ -4,14 +4,11 @@ import ( "encoding/binary" "errors" "fmt" - "io" - "math" "reflect" "strings" "github.com/cilium/ebpf/asm" - "github.com/cilium/ebpf/internal/btf" - "github.com/cilium/ebpf/internal/sys" + "github.com/cilium/ebpf/btf" ) // CollectionOptions control loading a collection into the kernel. @@ -20,6 +17,17 @@ import ( type CollectionOptions struct { Maps MapOptions Programs ProgramOptions + + // MapReplacements takes a set of Maps that will be used instead of + // creating new ones when loading the CollectionSpec. + // + // For each given Map, there must be a corresponding MapSpec in + // CollectionSpec.Maps, and its type, key/value size, max entries and flags + // must match the values of the MapSpec. + // + // The given Maps are Clone()d before being used in the Collection, so the + // caller can Close() them freely when they are no longer needed. + MapReplacements map[string]*Map } // CollectionSpec describes a collection. @@ -27,6 +35,10 @@ type CollectionSpec struct { Maps map[string]*MapSpec Programs map[string]*ProgramSpec + // Types holds type information about Maps and Programs. + // Modifications to Types are currently undefined behaviour. + Types *btf.Spec + // ByteOrder specifies whether the ELF was compiled for // big-endian or little-endian architectures. ByteOrder binary.ByteOrder @@ -42,6 +54,7 @@ func (cs *CollectionSpec) Copy() *CollectionSpec { Maps: make(map[string]*MapSpec, len(cs.Maps)), Programs: make(map[string]*ProgramSpec, len(cs.Programs)), ByteOrder: cs.ByteOrder, + Types: cs.Types, } for name, spec := range cs.Maps { @@ -61,19 +74,21 @@ func (cs *CollectionSpec) Copy() *CollectionSpec { // when calling NewCollection. Any named maps are removed from CollectionSpec.Maps. // // Returns an error if a named map isn't used in at least one program. +// +// Deprecated: Pass CollectionOptions.MapReplacements when loading the Collection +// instead. func (cs *CollectionSpec) RewriteMaps(maps map[string]*Map) error { for symbol, m := range maps { // have we seen a program that uses this symbol / map seen := false - fd := m.FD() for progName, progSpec := range cs.Programs { - err := progSpec.Instructions.RewriteMapPtr(symbol, fd) + err := progSpec.Instructions.AssociateMap(symbol, m) switch { case err == nil: seen = true - case asm.IsUnreferencedSymbol(err): + case errors.Is(err, asm.ErrUnreferencedSymbol): // Not all programs need to use the map default: @@ -107,34 +122,67 @@ func (cs *CollectionSpec) RewriteMaps(maps map[string]*Map) error { // // Returns an error if a constant doesn't exist. func (cs *CollectionSpec) RewriteConstants(consts map[string]interface{}) error { - rodata := cs.Maps[".rodata"] - if rodata == nil { - return errors.New("missing .rodata section") - } + replaced := make(map[string]bool) - if rodata.BTF == nil { - return errors.New(".rodata section has no BTF") - } + for name, spec := range cs.Maps { + if !strings.HasPrefix(name, ".rodata") { + continue + } - if n := len(rodata.Contents); n != 1 { - return fmt.Errorf("expected one key in .rodata, found %d", n) - } + b, ds, err := spec.dataSection() + if errors.Is(err, errMapNoBTFValue) { + // Data sections without a BTF Datasec are valid, but don't support + // constant replacements. + continue + } + if err != nil { + return fmt.Errorf("map %s: %w", name, err) + } + + // MapSpec.Copy() performs a shallow copy. Fully copy the byte slice + // to avoid any changes affecting other copies of the MapSpec. + cpy := make([]byte, len(b)) + copy(cpy, b) + + for _, v := range ds.Vars { + vname := v.Type.TypeName() + replacement, ok := consts[vname] + if !ok { + continue + } - kv := rodata.Contents[0] - value, ok := kv.Value.([]byte) - if !ok { - return fmt.Errorf("first value in .rodata is %T not []byte", kv.Value) + if replaced[vname] { + return fmt.Errorf("section %s: duplicate variable %s", name, vname) + } + + if int(v.Offset+v.Size) > len(cpy) { + return fmt.Errorf("section %s: offset %d(+%d) for variable %s is out of bounds", name, v.Offset, v.Size, vname) + } + + b, err := marshalBytes(replacement, int(v.Size)) + if err != nil { + return fmt.Errorf("marshaling constant replacement %s: %w", vname, err) + } + + copy(cpy[v.Offset:v.Offset+v.Size], b) + + replaced[vname] = true + } + + spec.Contents[0] = MapKV{Key: uint32(0), Value: cpy} } - buf := make([]byte, len(value)) - copy(buf, value) + var missing []string + for c := range consts { + if !replaced[c] { + missing = append(missing, c) + } + } - err := patchValue(buf, rodata.BTF.Value, consts) - if err != nil { - return err + if len(missing) != 0 { + return fmt.Errorf("spec is missing one or more constants: %s", strings.Join(missing, ",")) } - rodata.Contents[0] = MapKV{kv.Key, buf} return nil } @@ -187,6 +235,9 @@ func (cs *CollectionSpec) Assign(to interface{}) error { // LoadAndAssign loads Maps and Programs into the kernel and assigns them // to a struct. // +// Omitting Map/Program.Close() during application shutdown is an error. +// See the package documentation for details around Map and Program lifecycle. +// // This function is a shortcut to manually checking the presence // of maps and programs in a CollectionSpec. Consider using bpf2go // if this sounds useful. @@ -209,7 +260,10 @@ func (cs *CollectionSpec) Assign(to interface{}) error { // Returns an error if any of the fields can't be found, or // if the same Map or Program is assigned multiple times. func (cs *CollectionSpec) LoadAndAssign(to interface{}, opts *CollectionOptions) error { - loader := newCollectionLoader(cs, opts) + loader, err := newCollectionLoader(cs, opts) + if err != nil { + return err + } defer loader.cleanup() // Support assigning Programs and Maps, lazy-loading the required objects. @@ -269,14 +323,25 @@ type Collection struct { Maps map[string]*Map } -// NewCollection creates a Collection from a specification. +// NewCollection creates a Collection from the given spec, creating and +// loading its declared resources into the kernel. +// +// Omitting Collection.Close() during application shutdown is an error. +// See the package documentation for details around Map and Program lifecycle. func NewCollection(spec *CollectionSpec) (*Collection, error) { return NewCollectionWithOptions(spec, CollectionOptions{}) } -// NewCollectionWithOptions creates a Collection from a specification. +// NewCollectionWithOptions creates a Collection from the given spec using +// options, creating and loading its declared resources into the kernel. +// +// Omitting Collection.Close() during application shutdown is an error. +// See the package documentation for details around Map and Program lifecycle. func NewCollectionWithOptions(spec *CollectionSpec, opts CollectionOptions) (*Collection, error) { - loader := newCollectionLoader(spec, &opts) + loader, err := newCollectionLoader(spec, &opts) + if err != nil { + return nil, err + } defer loader.cleanup() // Create maps first, as their fds need to be linked into programs. @@ -314,13 +379,11 @@ func NewCollectionWithOptions(spec *CollectionSpec, opts CollectionOptions) (*Co type handleCache struct { btfHandles map[*btf.Spec]*btf.Handle - btfSpecs map[io.ReaderAt]*btf.Spec } func newHandleCache() *handleCache { return &handleCache{ btfHandles: make(map[*btf.Spec]*btf.Handle), - btfSpecs: make(map[io.ReaderAt]*btf.Spec), } } @@ -338,20 +401,6 @@ func (hc handleCache) btfHandle(spec *btf.Spec) (*btf.Handle, error) { return handle, nil } -func (hc handleCache) btfSpec(rd io.ReaderAt) (*btf.Spec, error) { - if hc.btfSpecs[rd] != nil { - return hc.btfSpecs[rd], nil - } - - spec, err := btf.LoadSpecFromReader(rd) - if err != nil { - return nil, err - } - - hc.btfSpecs[rd] = spec - return spec, nil -} - func (hc handleCache) close() { for _, handle := range hc.btfHandles { handle.Close() @@ -366,18 +415,30 @@ type collectionLoader struct { handles *handleCache } -func newCollectionLoader(coll *CollectionSpec, opts *CollectionOptions) *collectionLoader { +func newCollectionLoader(coll *CollectionSpec, opts *CollectionOptions) (*collectionLoader, error) { if opts == nil { opts = &CollectionOptions{} } + // Check for existing MapSpecs in the CollectionSpec for all provided replacement maps. + for name, m := range opts.MapReplacements { + spec, ok := coll.Maps[name] + if !ok { + return nil, fmt.Errorf("replacement map %s not found in CollectionSpec", name) + } + + if err := spec.checkCompatibility(m); err != nil { + return nil, fmt.Errorf("using replacement map %s: %w", spec.Name, err) + } + } + return &collectionLoader{ coll, opts, make(map[string]*Map), make(map[string]*Program), newHandleCache(), - } + }, nil } // finalize should be called when all the collectionLoader's resources @@ -409,6 +470,21 @@ func (cl *collectionLoader) loadMap(mapName string) (*Map, error) { return nil, fmt.Errorf("missing map %s", mapName) } + if mapSpec.BTF != nil && cl.coll.Types != mapSpec.BTF { + return nil, fmt.Errorf("map %s: BTF doesn't match collection", mapName) + } + + if replaceMap, ok := cl.opts.MapReplacements[mapName]; ok { + // Clone the map to avoid closing user's map later on. + m, err := replaceMap.Clone() + if err != nil { + return nil, err + } + + cl.maps[mapName] = m + return m, nil + } + m, err := newMapWithOptions(mapSpec, cl.opts.Maps, cl.handles) if err != nil { return nil, fmt.Errorf("map %s: %w", mapName, err) @@ -434,6 +510,10 @@ func (cl *collectionLoader) loadProgram(progName string) (*Program, error) { return nil, fmt.Errorf("cannot load program %s: program type is unspecified", progName) } + if progSpec.BTF != nil && cl.coll.Types != progSpec.BTF { + return nil, fmt.Errorf("program %s: BTF doesn't match collection", progName) + } + progSpec = progSpec.Copy() // Rewrite any reference to a valid map in the program's instructions, @@ -441,27 +521,24 @@ func (cl *collectionLoader) loadProgram(progName string) (*Program, error) { for i := range progSpec.Instructions { ins := &progSpec.Instructions[i] - if !ins.IsLoadFromMap() || ins.Reference == "" { + if !ins.IsLoadFromMap() || ins.Reference() == "" { continue } - if uint32(ins.Constant) != math.MaxUint32 { - // Don't overwrite maps already rewritten, users can - // rewrite programs in the spec themselves + // Don't overwrite map loads containing non-zero map fd's, + // they can be manually included by the caller. + // Map FDs/IDs are placed in the lower 32 bits of Constant. + if int32(ins.Constant) > 0 { continue } - m, err := cl.loadMap(ins.Reference) + m, err := cl.loadMap(ins.Reference()) if err != nil { return nil, fmt.Errorf("program %s: %w", progName, err) } - fd := m.FD() - if fd < 0 { - return nil, fmt.Errorf("map %s: %w", ins.Reference, sys.ErrClosedFd) - } - if err := ins.RewriteMapPtr(m.FD()); err != nil { - return nil, fmt.Errorf("program %s: map %s: %w", progName, ins.Reference, err) + if err := ins.AssociateMap(m); err != nil { + return nil, fmt.Errorf("program %s: map %s: %w", progName, ins.Reference(), err) } } @@ -519,7 +596,11 @@ func (cl *collectionLoader) populateMaps() error { return nil } -// LoadCollection parses an object file and converts it to a collection. +// LoadCollection reads an object file and creates and loads its declared +// resources into the kernel. +// +// Omitting Collection.Close() during application shutdown is an error. +// See the package documentation for details around Map and Program lifecycle. func LoadCollection(file string) (*Collection, error) { spec, err := LoadCollectionSpec(file) if err != nil { diff --git a/vendor/github.com/cilium/ebpf/doc.go b/vendor/github.com/cilium/ebpf/doc.go index f7f34da8f44..396b3394d33 100644 --- a/vendor/github.com/cilium/ebpf/doc.go +++ b/vendor/github.com/cilium/ebpf/doc.go @@ -13,4 +13,13 @@ // your application as any other resource. // // Use the link subpackage to attach a loaded program to a hook in the kernel. +// +// Note that losing all references to Map and Program resources will cause +// their underlying file descriptors to be closed, potentially removing those +// objects from the kernel. Always retain a reference by e.g. deferring a +// Close() of a Collection or LoadAndAssign object until application exit. +// +// Special care needs to be taken when handling maps of type ProgramArray, +// as the kernel erases its contents when the last userspace or bpffs +// reference disappears, regardless of the map being in active use. package ebpf diff --git a/vendor/github.com/cilium/ebpf/elf_reader.go b/vendor/github.com/cilium/ebpf/elf_reader.go index bbc88310844..3337ba84ba0 100644 --- a/vendor/github.com/cilium/ebpf/elf_reader.go +++ b/vendor/github.com/cilium/ebpf/elf_reader.go @@ -13,8 +13,8 @@ import ( "strings" "github.com/cilium/ebpf/asm" + "github.com/cilium/ebpf/btf" "github.com/cilium/ebpf/internal" - "github.com/cilium/ebpf/internal/btf" "github.com/cilium/ebpf/internal/unix" ) @@ -26,6 +26,7 @@ type elfCode struct { license string version uint32 btf *btf.Spec + extInfo *btf.ExtInfos } // LoadCollectionSpec parses an ELF file into a CollectionSpec. @@ -49,7 +50,6 @@ func LoadCollectionSpecFromReader(rd io.ReaderAt) (*CollectionSpec, error) { if err != nil { return nil, err } - defer f.Close() var ( licenseSection *elf.Section @@ -95,7 +95,7 @@ func LoadCollectionSpecFromReader(rd io.ReaderAt) (*CollectionSpec, error) { return nil, fmt.Errorf("load version: %w", err) } - btfSpec, err := btf.LoadSpecFromReader(rd) + btfSpec, btfExtInfo, err := btf.LoadSpecAndExtInfosFromReader(rd) if err != nil && !errors.Is(err, btf.ErrNotFound) { return nil, fmt.Errorf("load BTF: %w", err) } @@ -106,6 +106,7 @@ func LoadCollectionSpecFromReader(rd io.ReaderAt) (*CollectionSpec, error) { license: license, version: version, btf: btfSpec, + extInfo: btfExtInfo, } symbols, err := f.Symbols() @@ -115,33 +116,8 @@ func LoadCollectionSpecFromReader(rd io.ReaderAt) (*CollectionSpec, error) { ec.assignSymbols(symbols) - // Go through relocation sections, and parse the ones for sections we're - // interested in. Make sure that relocations point at valid sections. - for idx, relSection := range relSections { - section := sections[idx] - if section == nil { - continue - } - - rels, err := ec.loadRelocations(relSection, symbols) - if err != nil { - return nil, fmt.Errorf("relocation for section %q: %w", section.Name, err) - } - - for _, rel := range rels { - target := sections[rel.Section] - if target == nil { - return nil, fmt.Errorf("section %q: reference to %q in section %s: %w", section.Name, rel.Name, rel.Section, ErrNotSupported) - } - - if target.Flags&elf.SHF_STRINGS > 0 { - return nil, fmt.Errorf("section %q: string is not stack allocated: %w", section.Name, ErrNotSupported) - } - - target.references++ - } - - section.relocations = rels + if err := ec.loadRelocations(relSections, symbols); err != nil { + return nil, fmt.Errorf("load relocations: %w", err) } // Collect all the various ways to define maps. @@ -164,7 +140,7 @@ func LoadCollectionSpecFromReader(rd io.ReaderAt) (*CollectionSpec, error) { return nil, fmt.Errorf("load programs: %w", err) } - return &CollectionSpec{maps, progs, ec.ByteOrder}, nil + return &CollectionSpec{maps, progs, btfSpec, ec.ByteOrder}, nil } func loadLicense(sec *elf.Section) (string, error) { @@ -265,6 +241,39 @@ func (ec *elfCode) assignSymbols(symbols []elf.Symbol) { } } +// loadRelocations iterates .rel* sections and extracts relocation entries for +// sections of interest. Makes sure relocations point at valid sections. +func (ec *elfCode) loadRelocations(relSections map[elf.SectionIndex]*elf.Section, symbols []elf.Symbol) error { + for idx, relSection := range relSections { + section := ec.sections[idx] + if section == nil { + continue + } + + rels, err := ec.loadSectionRelocations(relSection, symbols) + if err != nil { + return fmt.Errorf("relocation for section %q: %w", section.Name, err) + } + + for _, rel := range rels { + target := ec.sections[rel.Section] + if target == nil { + return fmt.Errorf("section %q: reference to %q in section %s: %w", section.Name, rel.Name, rel.Section, ErrNotSupported) + } + + if target.Flags&elf.SHF_STRINGS > 0 { + return fmt.Errorf("section %q: string is not stack allocated: %w", section.Name, ErrNotSupported) + } + + target.references++ + } + + section.relocations = rels + } + + return nil +} + // loadProgramSections iterates ec's sections and emits a ProgramSpec // for each function it finds. // @@ -302,13 +311,7 @@ func (ec *elfCode) loadProgramSections() (map[string]*ProgramSpec, error) { KernelVersion: ec.version, Instructions: insns, ByteOrder: ec.ByteOrder, - } - - if ec.btf != nil { - spec.BTF, err = ec.btf.Program(name) - if err != nil && !errors.Is(err, btf.ErrNoExtendedInfo) { - return nil, fmt.Errorf("program %s: %w", name, err) - } + BTF: ec.btf, } // Function names must be unique within a single ELF blob. @@ -342,73 +345,72 @@ func (ec *elfCode) loadProgramSections() (map[string]*ProgramSpec, error) { // // The resulting map is indexed by function name. func (ec *elfCode) loadFunctions(section *elfSection) (map[string]asm.Instructions, error) { - var ( - r = bufio.NewReader(section.Open()) - funcs = make(map[string]asm.Instructions) - offset uint64 - insns asm.Instructions - ) - for { - ins := asm.Instruction{ - // Symbols denote the first instruction of a function body. - Symbol: section.symbols[offset].Name, - } + r := bufio.NewReader(section.Open()) - // Pull one instruction from the instruction stream. - n, err := ins.Unmarshal(r, ec.ByteOrder) - if errors.Is(err, io.EOF) { - fn := insns.Name() - if fn == "" { - return nil, errors.New("reached EOF before finding a valid symbol") - } + // Decode the section's instruction stream. + var insns asm.Instructions + if err := insns.Unmarshal(r, ec.ByteOrder); err != nil { + return nil, fmt.Errorf("decoding instructions for section %s: %w", section.Name, err) + } + if len(insns) == 0 { + return nil, fmt.Errorf("no instructions found in section %s", section.Name) + } - // Reached the end of the section and the decoded instruction buffer - // contains at least one valid instruction belonging to a function. - // Store the result and stop processing instructions. - funcs[fn] = insns - break - } - if err != nil { - return nil, fmt.Errorf("offset %d: %w", offset, err) - } + iter := insns.Iterate() + for iter.Next() { + ins := iter.Ins + offset := iter.Offset.Bytes() - // Decoded the first instruction of a function body but insns already - // holds a valid instruction stream. Store the result and flush insns. - if ins.Symbol != "" && insns.Name() != "" { - funcs[insns.Name()] = insns - insns = nil + // Tag Symbol Instructions. + if sym, ok := section.symbols[offset]; ok { + *ins = ins.WithSymbol(sym.Name) } + // Apply any relocations for the current instruction. + // If no relocation is present, resolve any section-relative function calls. if rel, ok := section.relocations[offset]; ok { - // A relocation was found for the current offset. Apply it to the insn. - if err = ec.relocateInstruction(&ins, rel); err != nil { - return nil, fmt.Errorf("offset %d: relocate instruction: %w", offset, err) + if err := ec.relocateInstruction(ins, rel); err != nil { + return nil, fmt.Errorf("offset %d: relocating instruction: %w", offset, err) } } else { - // Up to LLVM 9, calls to subprograms within the same ELF section are - // sometimes encoded using relative jumps without relocation entries. - // If, after all relocations entries have been processed, there are - // still relative pseudocalls left, they must point to an existing - // symbol within the section. - // When splitting sections into subprograms, the targets of these calls - // are no longer in scope, so they must be resolved here. - if ins.IsFunctionReference() && ins.Constant != -1 { - tgt := jumpTarget(offset, ins) - sym := section.symbols[tgt].Name - if sym == "" { - return nil, fmt.Errorf("offset %d: no jump target found at offset %d", offset, tgt) - } - - ins.Reference = sym - ins.Constant = -1 + if err := referenceRelativeJump(ins, offset, section.symbols); err != nil { + return nil, fmt.Errorf("offset %d: resolving relative jump: %w", offset, err) } } + } - insns = append(insns, ins) - offset += n + if ec.extInfo != nil { + ec.extInfo.Assign(insns, section.Name) } - return funcs, nil + return splitSymbols(insns) +} + +// referenceRelativeJump turns a relative jump to another bpf subprogram within +// the same ELF section into a Reference Instruction. +// +// Up to LLVM 9, calls to subprograms within the same ELF section are sometimes +// encoded using relative jumps instead of relocation entries. These jumps go +// out of bounds of the current program, so their targets must be memoized +// before the section's instruction stream is split. +// +// The relative jump Constant is blinded to -1 and the target Symbol is set as +// the Instruction's Reference so it can be resolved by the linker. +func referenceRelativeJump(ins *asm.Instruction, offset uint64, symbols map[uint64]elf.Symbol) error { + if !ins.IsFunctionReference() || ins.Constant == -1 { + return nil + } + + tgt := jumpTarget(offset, *ins) + sym := symbols[tgt].Name + if sym == "" { + return fmt.Errorf("no jump target found at offset %d", tgt) + } + + *ins = ins.WithReference(sym) + ins.Constant = -1 + + return nil } // jumpTarget takes ins' offset within an instruction stream (in bytes) @@ -452,18 +454,12 @@ func (ec *elfCode) relocateInstruction(ins *asm.Instruction, rel elf.Symbol) err ins.Src = asm.PseudoMapFD - // Mark the instruction as needing an update when creating the - // collection. - if err := ins.RewriteMapPtr(-1); err != nil { - return err - } - case dataSection: var offset uint32 switch typ { case elf.STT_SECTION: if bind != elf.STB_LOCAL { - return fmt.Errorf("direct load: %s: unsupported relocation %s", name, bind) + return fmt.Errorf("direct load: %s: unsupported section relocation %s", name, bind) } // This is really a reference to a static symbol, which clang doesn't @@ -472,8 +468,17 @@ func (ec *elfCode) relocateInstruction(ins *asm.Instruction, rel elf.Symbol) err offset = uint32(uint64(ins.Constant)) case elf.STT_OBJECT: - if bind != elf.STB_GLOBAL { - return fmt.Errorf("direct load: %s: unsupported relocation %s", name, bind) + // LLVM 9 emits OBJECT-LOCAL symbols for anonymous constants. + if bind != elf.STB_GLOBAL && bind != elf.STB_LOCAL { + return fmt.Errorf("direct load: %s: unsupported object relocation %s", name, bind) + } + + offset = uint32(rel.Value) + + case elf.STT_NOTYPE: + // LLVM 7 emits NOTYPE-LOCAL symbols for anonymous constants. + if bind != elf.STB_LOCAL { + return fmt.Errorf("direct load: %s: unsupported untyped relocation %s", name, bind) } offset = uint32(rel.Value) @@ -491,12 +496,6 @@ func (ec *elfCode) relocateInstruction(ins *asm.Instruction, rel elf.Symbol) err ins.Constant = int64(uint64(offset) << 32) ins.Src = asm.PseudoMapValue - // Mark the instruction as needing an update when creating the - // collection. - if err := ins.RewriteMapPtr(-1); err != nil { - return err - } - case programSection: switch opCode := ins.OpCode; { case opCode.JumpOp() == asm.Call: @@ -579,7 +578,7 @@ func (ec *elfCode) relocateInstruction(ins *asm.Instruction, rel elf.Symbol) err return fmt.Errorf("relocation to %q: %w", target.Name, ErrNotSupported) } - ins.Reference = name + *ins = ins.WithReference(name) return nil } @@ -914,7 +913,9 @@ func mapSpecFromBTF(es *elfSection, vs *btf.VarSecinfo, def *btf.Struct, spec *b ValueSize: valueSize, MaxEntries: maxEntries, Flags: flags, - BTF: &btf.Map{Spec: spec, Key: key, Value: value}, + Key: key, + Value: value, + BTF: spec, Pinning: pinType, InnerMap: innerMapSpec, Contents: contents, @@ -966,7 +967,7 @@ func resolveBTFValuesContents(es *elfSection, vs *btf.VarSecinfo, member btf.Mem // The offset of the 'values' member within the _struct_ (in bits) // is the starting point of the array. Convert to bytes. Add VarSecinfo // offset to get the absolute position in the ELF blob. - start := (member.OffsetBits / 8) + vs.Offset + start := member.Offset.Bytes() + vs.Offset // 'values' is encoded in BTF as a zero (variable) length struct // member, and its contents run until the end of the VarSecinfo. // Add VarSecinfo offset to get the absolute position in the ELF blob. @@ -1024,15 +1025,6 @@ func (ec *elfCode) loadDataSections(maps map[string]*MapSpec) error { continue } - if ec.btf == nil { - return errors.New("data sections require BTF, make sure all consts are marked as static") - } - - var datasec *btf.Datasec - if err := ec.btf.TypeByName(sec.Name, &datasec); err != nil { - return fmt.Errorf("data section %s: can't get BTF: %w", sec.Name, err) - } - data, err := sec.Data() if err != nil { return fmt.Errorf("data section %s: can't get contents: %w", sec.Name, err) @@ -1049,14 +1041,25 @@ func (ec *elfCode) loadDataSections(maps map[string]*MapSpec) error { ValueSize: uint32(len(data)), MaxEntries: 1, Contents: []MapKV{{uint32(0), data}}, - BTF: &btf.Map{Spec: ec.btf, Key: &btf.Void{}, Value: datasec}, } - switch sec.Name { - case ".rodata": + // It is possible for a data section to exist without a corresponding BTF Datasec + // if it only contains anonymous values like macro-defined arrays. + if ec.btf != nil { + var ds *btf.Datasec + if ec.btf.TypeByName(sec.Name, &ds) == nil { + // Assign the spec's key and BTF only if the Datasec lookup was successful. + mapSpec.BTF = ec.btf + mapSpec.Key = &btf.Void{} + mapSpec.Value = ds + } + } + + switch n := sec.Name; { + case strings.HasPrefix(n, ".rodata"): mapSpec.Flags = unix.BPF_F_RDONLY_PROG mapSpec.Freeze = true - case ".bss": + case n == ".bss": // The kernel already zero-initializes the map mapSpec.Contents = nil } @@ -1114,8 +1117,8 @@ func getProgType(sectionName string) (ProgramType, AttachType, uint32, string) { {"cgroup_skb/ingress", CGroupSKB, AttachCGroupInetIngress, 0}, {"cgroup_skb/egress", CGroupSKB, AttachCGroupInetEgress, 0}, {"cgroup/skb", CGroupSKB, AttachNone, 0}, - {"cgroup/sock_create", CGroupSKB, AttachCGroupInetSockCreate, 0}, - {"cgroup/sock_release", CGroupSKB, AttachCgroupInetSockRelease, 0}, + {"cgroup/sock_create", CGroupSock, AttachCGroupInetSockCreate, 0}, + {"cgroup/sock_release", CGroupSock, AttachCgroupInetSockRelease, 0}, {"cgroup/sock", CGroupSock, AttachCGroupInetSockCreate, 0}, {"cgroup/post_bind4", CGroupSock, AttachCGroupInet4PostBind, 0}, {"cgroup/post_bind6", CGroupSock, AttachCGroupInet6PostBind, 0}, @@ -1163,7 +1166,7 @@ func getProgType(sectionName string) (ProgramType, AttachType, uint32, string) { return UnspecifiedProgram, AttachNone, 0, "" } -func (ec *elfCode) loadRelocations(sec *elf.Section, symbols []elf.Symbol) (map[uint64]elf.Symbol, error) { +func (ec *elfCode) loadSectionRelocations(sec *elf.Section, symbols []elf.Symbol) (map[uint64]elf.Symbol, error) { rels := make(map[uint64]elf.Symbol) if sec.Entsize < 16 { diff --git a/vendor/github.com/cilium/ebpf/info.go b/vendor/github.com/cilium/ebpf/info.go index cf692c762ef..2474017b180 100644 --- a/vendor/github.com/cilium/ebpf/info.go +++ b/vendor/github.com/cilium/ebpf/info.go @@ -14,8 +14,8 @@ import ( "unsafe" "github.com/cilium/ebpf/asm" + "github.com/cilium/ebpf/btf" "github.com/cilium/ebpf/internal" - "github.com/cilium/ebpf/internal/btf" "github.com/cilium/ebpf/internal/sys" "github.com/cilium/ebpf/internal/unix" ) @@ -214,7 +214,10 @@ func (pi *ProgramInfo) Runtime() (time.Duration, bool) { // inspecting loaded programs for troubleshooting, dumping, etc. // // For example, map accesses are made to reference their kernel map IDs, -// not the FDs they had when the program was inserted. +// not the FDs they had when the program was inserted. Note that before +// the introduction of bpf_insn_prepare_dump in kernel 4.16, xlated +// instructions were not sanitized, making the output even less reusable +// and less likely to round-trip or evaluate to the same program Tag. // // The first instruction is marked as a symbol using the Program's name. // @@ -233,7 +236,7 @@ func (pi *ProgramInfo) Instructions() (asm.Instructions, error) { } // Tag the first instruction with the name of the program, if available. - insns[0] = insns[0].Sym(pi.Name) + insns[0] = insns[0].WithSymbol(pi.Name) return insns, nil } diff --git a/vendor/github.com/cilium/ebpf/internal/btf/ext_info.go b/vendor/github.com/cilium/ebpf/internal/btf/ext_info.go deleted file mode 100644 index c4da1e489d9..00000000000 --- a/vendor/github.com/cilium/ebpf/internal/btf/ext_info.go +++ /dev/null @@ -1,497 +0,0 @@ -package btf - -import ( - "encoding/binary" - "errors" - "fmt" - "io" - "math" - - "github.com/cilium/ebpf/asm" - "github.com/cilium/ebpf/internal" -) - -// extInfo contains extended program metadata. -// -// It is indexed per section. -type extInfo struct { - funcInfos map[string]FuncInfos - lineInfos map[string]LineInfos - relos map[string]CoreRelos -} - -// loadExtInfos parses the .BTF.ext section into its constituent parts. -func loadExtInfos(r io.ReaderAt, bo binary.ByteOrder, strings stringTable) (*extInfo, error) { - // Open unbuffered section reader. binary.Read() calls io.ReadFull on - // the header structs, resulting in one syscall per header. - headerRd := io.NewSectionReader(r, 0, math.MaxInt64) - extHeader, err := parseBTFExtHeader(headerRd, bo) - if err != nil { - return nil, fmt.Errorf("parsing BTF extension header: %w", err) - } - - coreHeader, err := parseBTFExtCoreHeader(headerRd, bo, extHeader) - if err != nil { - return nil, fmt.Errorf("parsing BTF CO-RE header: %w", err) - } - - buf := internal.NewBufferedSectionReader(r, extHeader.funcInfoStart(), int64(extHeader.FuncInfoLen)) - funcInfos, err := parseFuncInfos(buf, bo, strings) - if err != nil { - return nil, fmt.Errorf("parsing BTF function info: %w", err) - } - - buf = internal.NewBufferedSectionReader(r, extHeader.lineInfoStart(), int64(extHeader.LineInfoLen)) - lineInfos, err := parseLineInfos(buf, bo, strings) - if err != nil { - return nil, fmt.Errorf("parsing BTF line info: %w", err) - } - - relos := make(map[string]CoreRelos) - if coreHeader != nil && coreHeader.CoreReloOff > 0 && coreHeader.CoreReloLen > 0 { - buf = internal.NewBufferedSectionReader(r, extHeader.coreReloStart(coreHeader), int64(coreHeader.CoreReloLen)) - relos, err = parseCoreRelos(buf, bo, strings) - if err != nil { - return nil, fmt.Errorf("parsing CO-RE relocation info: %w", err) - } - } - - return &extInfo{funcInfos, lineInfos, relos}, nil -} - -// btfExtHeader is found at the start of the .BTF.ext section. -type btfExtHeader struct { - Magic uint16 - Version uint8 - Flags uint8 - - // HdrLen is larger than the size of struct btfExtHeader when it is - // immediately followed by a btfExtCoreHeader. - HdrLen uint32 - - FuncInfoOff uint32 - FuncInfoLen uint32 - LineInfoOff uint32 - LineInfoLen uint32 -} - -// parseBTFExtHeader parses the header of the .BTF.ext section. -func parseBTFExtHeader(r io.Reader, bo binary.ByteOrder) (*btfExtHeader, error) { - var header btfExtHeader - if err := binary.Read(r, bo, &header); err != nil { - return nil, fmt.Errorf("can't read header: %v", err) - } - - if header.Magic != btfMagic { - return nil, fmt.Errorf("incorrect magic value %v", header.Magic) - } - - if header.Version != 1 { - return nil, fmt.Errorf("unexpected version %v", header.Version) - } - - if header.Flags != 0 { - return nil, fmt.Errorf("unsupported flags %v", header.Flags) - } - - if int64(header.HdrLen) < int64(binary.Size(&header)) { - return nil, fmt.Errorf("header length shorter than btfExtHeader size") - } - - return &header, nil -} - -// funcInfoStart returns the offset from the beginning of the .BTF.ext section -// to the start of its func_info entries. -func (h *btfExtHeader) funcInfoStart() int64 { - return int64(h.HdrLen + h.FuncInfoOff) -} - -// lineInfoStart returns the offset from the beginning of the .BTF.ext section -// to the start of its line_info entries. -func (h *btfExtHeader) lineInfoStart() int64 { - return int64(h.HdrLen + h.LineInfoOff) -} - -// coreReloStart returns the offset from the beginning of the .BTF.ext section -// to the start of its CO-RE relocation entries. -func (h *btfExtHeader) coreReloStart(ch *btfExtCoreHeader) int64 { - return int64(h.HdrLen + ch.CoreReloOff) -} - -// btfExtCoreHeader is found right after the btfExtHeader when its HdrLen -// field is larger than its size. -type btfExtCoreHeader struct { - CoreReloOff uint32 - CoreReloLen uint32 -} - -// parseBTFExtCoreHeader parses the tail of the .BTF.ext header. If additional -// header bytes are present, extHeader.HdrLen will be larger than the struct, -// indicating the presence of a CO-RE extension header. -func parseBTFExtCoreHeader(r io.Reader, bo binary.ByteOrder, extHeader *btfExtHeader) (*btfExtCoreHeader, error) { - extHdrSize := int64(binary.Size(&extHeader)) - remainder := int64(extHeader.HdrLen) - extHdrSize - - if remainder == 0 { - return nil, nil - } - - var coreHeader btfExtCoreHeader - if err := binary.Read(r, bo, &coreHeader); err != nil { - return nil, fmt.Errorf("can't read header: %v", err) - } - - return &coreHeader, nil -} - -type btfExtInfoSec struct { - SecNameOff uint32 - NumInfo uint32 -} - -// parseExtInfoSec parses a btf_ext_info_sec header within .BTF.ext, -// appearing within func_info and line_info sub-sections. -// These headers appear once for each program section in the ELF and are -// followed by one or more func/line_info records for the section. -func parseExtInfoSec(r io.Reader, bo binary.ByteOrder, strings stringTable) (string, *btfExtInfoSec, error) { - var infoHeader btfExtInfoSec - if err := binary.Read(r, bo, &infoHeader); err != nil { - return "", nil, fmt.Errorf("read ext info header: %w", err) - } - - secName, err := strings.Lookup(infoHeader.SecNameOff) - if err != nil { - return "", nil, fmt.Errorf("get section name: %w", err) - } - if secName == "" { - return "", nil, fmt.Errorf("extinfo header refers to empty section name") - } - - if infoHeader.NumInfo == 0 { - return "", nil, fmt.Errorf("section %s has zero records", secName) - } - - return secName, &infoHeader, nil -} - -// parseExtInfoRecordSize parses the uint32 at the beginning of a func_infos -// or line_infos segment that describes the length of all extInfoRecords in -// that segment. -func parseExtInfoRecordSize(r io.Reader, bo binary.ByteOrder) (uint32, error) { - const maxRecordSize = 256 - - var recordSize uint32 - if err := binary.Read(r, bo, &recordSize); err != nil { - return 0, fmt.Errorf("can't read record size: %v", err) - } - - if recordSize < 4 { - // Need at least InsnOff worth of bytes per record. - return 0, errors.New("record size too short") - } - if recordSize > maxRecordSize { - return 0, fmt.Errorf("record size %v exceeds %v", recordSize, maxRecordSize) - } - - return recordSize, nil -} - -// FuncInfo represents the location and type ID of a function in a BPF ELF. -type FuncInfo struct { - // Instruction offset of the function within an ELF section. - // Always zero after parsing a funcinfo from an ELF, instruction streams - // are split on function boundaries. - InsnOff uint32 - TypeID TypeID -} - -// Name looks up the FuncInfo's corresponding function name in the given spec. -func (fi FuncInfo) Name(spec *Spec) (string, error) { - // Look up function name based on type ID. - typ, err := spec.TypeByID(fi.TypeID) - if err != nil { - return "", fmt.Errorf("looking up type by ID: %w", err) - } - if _, ok := typ.(*Func); !ok { - return "", fmt.Errorf("type ID %d is a %T, but expected a Func", fi.TypeID, typ) - } - - // C doesn't have anonymous functions, but check just in case. - if name := typ.TypeName(); name != "" { - return name, nil - } - - return "", fmt.Errorf("Func with type ID %d doesn't have a name", fi.TypeID) -} - -// Marshal writes the binary representation of the FuncInfo to w. -// The function offset is converted from bytes to instructions. -func (fi FuncInfo) Marshal(w io.Writer, offset uint64) error { - fi.InsnOff += uint32(offset) - // The kernel expects offsets in number of raw bpf instructions, - // while the ELF tracks it in bytes. - fi.InsnOff /= asm.InstructionSize - return binary.Write(w, internal.NativeEndian, fi) -} - -type FuncInfos []FuncInfo - -// funcForOffset returns the function that the instruction at the given -// ELF section offset belongs to. -// -// For example, consider an ELF section that contains 3 functions (a, b, c) -// at offsets 0, 10 and 15 respectively. Offset 5 will return function a, -// offset 12 will return b, offset >= 15 will return c, etc. -func (infos FuncInfos) funcForOffset(offset uint32) *FuncInfo { - for n, fi := range infos { - // Iterator went past the offset the caller is looking for, - // no point in continuing the search. - if offset < fi.InsnOff { - return nil - } - - // If there is no next item in the list, or if the given offset - // is smaller than the next function, the offset belongs to - // the current function. - if n+1 >= len(infos) || offset < infos[n+1].InsnOff { - return &fi - } - } - - return nil -} - -// parseLineInfos parses a func_info sub-section within .BTF.ext ito a map of -// func infos indexed by section name. -func parseFuncInfos(r io.Reader, bo binary.ByteOrder, strings stringTable) (map[string]FuncInfos, error) { - recordSize, err := parseExtInfoRecordSize(r, bo) - if err != nil { - return nil, err - } - - result := make(map[string]FuncInfos) - for { - secName, infoHeader, err := parseExtInfoSec(r, bo, strings) - if errors.Is(err, io.EOF) { - return result, nil - } - if err != nil { - return nil, err - } - - records, err := parseFuncInfoRecords(r, bo, recordSize, infoHeader.NumInfo) - if err != nil { - return nil, fmt.Errorf("section %v: %w", secName, err) - } - - result[secName] = records - } -} - -// parseFuncInfoRecords parses a stream of func_infos into a funcInfos. -// These records appear after a btf_ext_info_sec header in the func_info -// sub-section of .BTF.ext. -func parseFuncInfoRecords(r io.Reader, bo binary.ByteOrder, recordSize uint32, recordNum uint32) (FuncInfos, error) { - var out FuncInfos - var fi FuncInfo - - if exp, got := uint32(binary.Size(fi)), recordSize; exp != got { - // BTF blob's record size is longer than we know how to parse. - return nil, fmt.Errorf("expected FuncInfo record size %d, but BTF blob contains %d", exp, got) - } - - for i := uint32(0); i < recordNum; i++ { - if err := binary.Read(r, bo, &fi); err != nil { - return nil, fmt.Errorf("can't read function info: %v", err) - } - - if fi.InsnOff%asm.InstructionSize != 0 { - return nil, fmt.Errorf("offset %v is not aligned with instruction size", fi.InsnOff) - } - - out = append(out, fi) - } - - return out, nil -} - -// LineInfo represents the location and contents of a single line of source -// code a BPF ELF was compiled from. -type LineInfo struct { - // Instruction offset of the function within an ELF section. - // After parsing a LineInfo from an ELF, this offset is relative to - // the function body instead of an ELF section. - InsnOff uint32 - FileNameOff uint32 - LineOff uint32 - LineCol uint32 -} - -// Marshal writes the binary representation of the LineInfo to w. -// The instruction offset is converted from bytes to instructions. -func (li LineInfo) Marshal(w io.Writer, offset uint64) error { - li.InsnOff += uint32(offset) - // The kernel expects offsets in number of raw bpf instructions, - // while the ELF tracks it in bytes. - li.InsnOff /= asm.InstructionSize - return binary.Write(w, internal.NativeEndian, li) -} - -type LineInfos []LineInfo - -// Marshal writes the binary representation of the LineInfos to w. -func (li LineInfos) Marshal(w io.Writer, off uint64) error { - if len(li) == 0 { - return nil - } - - for _, info := range li { - if err := info.Marshal(w, off); err != nil { - return err - } - } - - return nil -} - -// parseLineInfos parses a line_info sub-section within .BTF.ext ito a map of -// line infos indexed by section name. -func parseLineInfos(r io.Reader, bo binary.ByteOrder, strings stringTable) (map[string]LineInfos, error) { - recordSize, err := parseExtInfoRecordSize(r, bo) - if err != nil { - return nil, err - } - - result := make(map[string]LineInfos) - for { - secName, infoHeader, err := parseExtInfoSec(r, bo, strings) - if errors.Is(err, io.EOF) { - return result, nil - } - if err != nil { - return nil, err - } - - records, err := parseLineInfoRecords(r, bo, recordSize, infoHeader.NumInfo) - if err != nil { - return nil, fmt.Errorf("section %v: %w", secName, err) - } - - result[secName] = records - } -} - -// parseLineInfoRecords parses a stream of line_infos into a lineInfos. -// These records appear after a btf_ext_info_sec header in the line_info -// sub-section of .BTF.ext. -func parseLineInfoRecords(r io.Reader, bo binary.ByteOrder, recordSize uint32, recordNum uint32) (LineInfos, error) { - var out LineInfos - var li LineInfo - - if exp, got := uint32(binary.Size(li)), recordSize; exp != got { - // BTF blob's record size is longer than we know how to parse. - return nil, fmt.Errorf("expected LineInfo record size %d, but BTF blob contains %d", exp, got) - } - - for i := uint32(0); i < recordNum; i++ { - if err := binary.Read(r, bo, &li); err != nil { - return nil, fmt.Errorf("can't read line info: %v", err) - } - - if li.InsnOff%asm.InstructionSize != 0 { - return nil, fmt.Errorf("offset %v is not aligned with instruction size", li.InsnOff) - } - - out = append(out, li) - } - - return out, nil -} - -// bpfCoreRelo matches the kernel's struct bpf_core_relo. -type bpfCoreRelo struct { - InsnOff uint32 - TypeID TypeID - AccessStrOff uint32 - Kind COREKind -} - -type CoreRelo struct { - insnOff uint32 - typeID TypeID - accessor coreAccessor - kind COREKind -} - -type CoreRelos []CoreRelo - -var extInfoReloSize = binary.Size(bpfCoreRelo{}) - -// parseCoreRelos parses a core_relos sub-section within .BTF.ext ito a map of -// CO-RE relocations indexed by section name. -func parseCoreRelos(r io.Reader, bo binary.ByteOrder, strings stringTable) (map[string]CoreRelos, error) { - recordSize, err := parseExtInfoRecordSize(r, bo) - if err != nil { - return nil, err - } - - if recordSize != uint32(extInfoReloSize) { - return nil, fmt.Errorf("expected record size %d, got %d", extInfoReloSize, recordSize) - } - - result := make(map[string]CoreRelos) - for { - secName, infoHeader, err := parseExtInfoSec(r, bo, strings) - if errors.Is(err, io.EOF) { - return result, nil - } - if err != nil { - return nil, err - } - - records, err := parseCoreReloRecords(r, bo, recordSize, infoHeader.NumInfo, strings) - if err != nil { - return nil, fmt.Errorf("section %v: %w", secName, err) - } - - result[secName] = records - } -} - -// parseCoreReloRecords parses a stream of CO-RE relocation entries into a -// coreRelos. These records appear after a btf_ext_info_sec header in the -// core_relos sub-section of .BTF.ext. -func parseCoreReloRecords(r io.Reader, bo binary.ByteOrder, recordSize uint32, recordNum uint32, strings stringTable) (CoreRelos, error) { - var out CoreRelos - - var relo bpfCoreRelo - for i := uint32(0); i < recordNum; i++ { - if err := binary.Read(r, bo, &relo); err != nil { - return nil, fmt.Errorf("can't read CO-RE relocation: %v", err) - } - - if relo.InsnOff%asm.InstructionSize != 0 { - return nil, fmt.Errorf("offset %v is not aligned with instruction size", relo.InsnOff) - } - - accessorStr, err := strings.Lookup(relo.AccessStrOff) - if err != nil { - return nil, err - } - - accessor, err := parseCoreAccessor(accessorStr) - if err != nil { - return nil, fmt.Errorf("accessor %q: %s", accessorStr, err) - } - - out = append(out, CoreRelo{ - relo.InsnOff, - relo.TypeID, - accessor, - relo.Kind, - }) - } - - return out, nil -} diff --git a/vendor/github.com/cilium/ebpf/internal/btf/strings.go b/vendor/github.com/cilium/ebpf/internal/btf/strings.go deleted file mode 100644 index 9876aa227c0..00000000000 --- a/vendor/github.com/cilium/ebpf/internal/btf/strings.go +++ /dev/null @@ -1,54 +0,0 @@ -package btf - -import ( - "bytes" - "errors" - "fmt" - "io" -) - -type stringTable []byte - -func readStringTable(r io.Reader) (stringTable, error) { - contents, err := io.ReadAll(r) - if err != nil { - return nil, fmt.Errorf("can't read string table: %v", err) - } - - if len(contents) < 1 { - return nil, errors.New("string table is empty") - } - - if contents[0] != '\x00' { - return nil, errors.New("first item in string table is non-empty") - } - - if contents[len(contents)-1] != '\x00' { - return nil, errors.New("string table isn't null terminated") - } - - return stringTable(contents), nil -} - -func (st stringTable) Lookup(offset uint32) (string, error) { - if int64(offset) > int64(^uint(0)>>1) { - return "", fmt.Errorf("offset %d overflows int", offset) - } - - pos := int(offset) - if pos >= len(st) { - return "", fmt.Errorf("offset %d is out of bounds", offset) - } - - if pos > 0 && st[pos-1] != '\x00' { - return "", fmt.Errorf("offset %d isn't start of a string", offset) - } - - str := st[pos:] - end := bytes.IndexByte(str, '\x00') - if end == -1 { - return "", fmt.Errorf("offset %d isn't null terminated", offset) - } - - return string(str[:end]), nil -} diff --git a/vendor/github.com/cilium/ebpf/internal/elf.go b/vendor/github.com/cilium/ebpf/internal/elf.go index 758d34f7075..011581938d9 100644 --- a/vendor/github.com/cilium/ebpf/internal/elf.go +++ b/vendor/github.com/cilium/ebpf/internal/elf.go @@ -35,6 +35,29 @@ func NewSafeELFFile(r io.ReaderAt) (safe *SafeELFFile, err error) { return &SafeELFFile{file}, nil } +// OpenSafeELFFile reads an ELF from a file. +// +// It works like NewSafeELFFile, with the exception that safe.Close will +// close the underlying file. +func OpenSafeELFFile(path string) (safe *SafeELFFile, err error) { + defer func() { + r := recover() + if r == nil { + return + } + + safe = nil + err = fmt.Errorf("reading ELF file panicked: %s", r) + }() + + file, err := elf.Open(path) + if err != nil { + return nil, err + } + + return &SafeELFFile{file}, nil +} + // Symbols is the safe version of elf.File.Symbols. func (se *SafeELFFile) Symbols() (syms []elf.Symbol, err error) { defer func() { diff --git a/vendor/github.com/cilium/ebpf/internal/endian.go b/vendor/github.com/cilium/ebpf/internal/endian.go deleted file mode 100644 index 6ae99fcd5f3..00000000000 --- a/vendor/github.com/cilium/ebpf/internal/endian.go +++ /dev/null @@ -1,29 +0,0 @@ -package internal - -import ( - "encoding/binary" - "unsafe" -) - -// NativeEndian is set to either binary.BigEndian or binary.LittleEndian, -// depending on the host's endianness. -var NativeEndian binary.ByteOrder - -// Clang is set to either "el" or "eb" depending on the host's endianness. -var ClangEndian string - -func init() { - if isBigEndian() { - NativeEndian = binary.BigEndian - ClangEndian = "eb" - } else { - NativeEndian = binary.LittleEndian - ClangEndian = "el" - } -} - -func isBigEndian() (ret bool) { - i := int(0x1) - bs := (*[int(unsafe.Sizeof(i))]byte)(unsafe.Pointer(&i)) - return bs[0] == 0 -} diff --git a/vendor/github.com/cilium/ebpf/internal/endian_be.go b/vendor/github.com/cilium/ebpf/internal/endian_be.go new file mode 100644 index 00000000000..ad33cda8511 --- /dev/null +++ b/vendor/github.com/cilium/ebpf/internal/endian_be.go @@ -0,0 +1,13 @@ +//go:build armbe || arm64be || mips || mips64 || mips64p32 || ppc64 || s390 || s390x || sparc || sparc64 +// +build armbe arm64be mips mips64 mips64p32 ppc64 s390 s390x sparc sparc64 + +package internal + +import "encoding/binary" + +// NativeEndian is set to either binary.BigEndian or binary.LittleEndian, +// depending on the host's endianness. +var NativeEndian binary.ByteOrder = binary.BigEndian + +// ClangEndian is set to either "el" or "eb" depending on the host's endianness. +const ClangEndian = "eb" diff --git a/vendor/github.com/cilium/ebpf/internal/endian_le.go b/vendor/github.com/cilium/ebpf/internal/endian_le.go new file mode 100644 index 00000000000..41a68224c83 --- /dev/null +++ b/vendor/github.com/cilium/ebpf/internal/endian_le.go @@ -0,0 +1,13 @@ +//go:build 386 || amd64 || amd64p32 || arm || arm64 || mipsle || mips64le || mips64p32le || ppc64le || riscv64 +// +build 386 amd64 amd64p32 arm arm64 mipsle mips64le mips64p32le ppc64le riscv64 + +package internal + +import "encoding/binary" + +// NativeEndian is set to either binary.BigEndian or binary.LittleEndian, +// depending on the host's endianness. +var NativeEndian binary.ByteOrder = binary.LittleEndian + +// ClangEndian is set to either "el" or "eb" depending on the host's endianness. +const ClangEndian = "el" diff --git a/vendor/github.com/cilium/ebpf/internal/errors.go b/vendor/github.com/cilium/ebpf/internal/errors.go index b9716cd612f..5ff158ea561 100644 --- a/vendor/github.com/cilium/ebpf/internal/errors.go +++ b/vendor/github.com/cilium/ebpf/internal/errors.go @@ -1,9 +1,9 @@ package internal import ( + "bytes" "errors" "fmt" - "strings" "github.com/cilium/ebpf/internal/unix" ) @@ -14,7 +14,13 @@ import ( // logErr should be the error returned by the syscall that generated // the log. It is used to check for truncation of the output. func ErrorWithLog(err error, log []byte, logErr error) error { - logStr := strings.Trim(unix.ByteSliceToString(log), "\t\r\n ") + // Convert verifier log C string by truncating it on the first 0 byte + // and trimming trailing whitespace before interpreting as a Go string. + if i := bytes.IndexByte(log, 0); i != -1 { + log = log[:i] + } + logStr := string(bytes.Trim(log, "\t\r\n ")) + if errors.Is(logErr, unix.ENOSPC) { logStr += " (truncated...)" } diff --git a/vendor/github.com/cilium/ebpf/internal/feature.go b/vendor/github.com/cilium/ebpf/internal/feature.go index c94a2e1ee01..0a6c2d1d528 100644 --- a/vendor/github.com/cilium/ebpf/internal/feature.go +++ b/vendor/github.com/cilium/ebpf/internal/feature.go @@ -54,11 +54,6 @@ type FeatureTestFn func() error // // Returns an error wrapping ErrNotSupported if the feature is not supported. func FeatureTest(name, version string, fn FeatureTestFn) func() error { - v, err := NewVersion(version) - if err != nil { - return func() error { return err } - } - ft := new(featureTest) return func() error { ft.RLock() @@ -79,6 +74,11 @@ func FeatureTest(name, version string, fn FeatureTestFn) func() error { err := fn() switch { case errors.Is(err, ErrNotSupported): + v, err := NewVersion(version) + if err != nil { + return err + } + ft.result = &UnsupportedFeatureError{ MinimumVersion: v, Name: name, diff --git a/vendor/github.com/cilium/ebpf/internal/io.go b/vendor/github.com/cilium/ebpf/internal/io.go index 7177e596aa2..30b6641f076 100644 --- a/vendor/github.com/cilium/ebpf/internal/io.go +++ b/vendor/github.com/cilium/ebpf/internal/io.go @@ -18,7 +18,7 @@ import ( // end up being read completely anyway. // // Use instead of the r.Seek() + io.LimitReader() pattern. -func NewBufferedSectionReader(ra io.ReaderAt, off, n int64) io.Reader { +func NewBufferedSectionReader(ra io.ReaderAt, off, n int64) *bufio.Reader { // Clamp the size of the buffer to one page to avoid slurping large parts // of a file into memory. bufio.NewReader uses a hardcoded default buffer // of 4096. Allow arches with larger pages to allocate more, but don't diff --git a/vendor/github.com/cilium/ebpf/internal/sys/doc.go b/vendor/github.com/cilium/ebpf/internal/sys/doc.go index 4b7245e2d0a..23480e3432e 100644 --- a/vendor/github.com/cilium/ebpf/internal/sys/doc.go +++ b/vendor/github.com/cilium/ebpf/internal/sys/doc.go @@ -1,4 +1,6 @@ // Package sys contains bindings for the BPF syscall. package sys -//go:generate go run github.com/cilium/ebpf/internal/cmd/gentypes ../btf/testdata/vmlinux-btf.gz +// Regenerate types.go by invoking go generate in the current directory. + +//go:generate go run github.com/cilium/ebpf/internal/cmd/gentypes ../../btf/testdata/vmlinux-btf.gz diff --git a/vendor/github.com/cilium/ebpf/internal/sys/types.go b/vendor/github.com/cilium/ebpf/internal/sys/types.go index ab40cef6def..586c5d00151 100644 --- a/vendor/github.com/cilium/ebpf/internal/sys/types.go +++ b/vendor/github.com/cilium/ebpf/internal/sys/types.go @@ -16,46 +16,49 @@ const ( type AttachType int32 const ( - BPF_CGROUP_INET_INGRESS AttachType = 0 - BPF_CGROUP_INET_EGRESS AttachType = 1 - BPF_CGROUP_INET_SOCK_CREATE AttachType = 2 - BPF_CGROUP_SOCK_OPS AttachType = 3 - BPF_SK_SKB_STREAM_PARSER AttachType = 4 - BPF_SK_SKB_STREAM_VERDICT AttachType = 5 - BPF_CGROUP_DEVICE AttachType = 6 - BPF_SK_MSG_VERDICT AttachType = 7 - BPF_CGROUP_INET4_BIND AttachType = 8 - BPF_CGROUP_INET6_BIND AttachType = 9 - BPF_CGROUP_INET4_CONNECT AttachType = 10 - BPF_CGROUP_INET6_CONNECT AttachType = 11 - BPF_CGROUP_INET4_POST_BIND AttachType = 12 - BPF_CGROUP_INET6_POST_BIND AttachType = 13 - BPF_CGROUP_UDP4_SENDMSG AttachType = 14 - BPF_CGROUP_UDP6_SENDMSG AttachType = 15 - BPF_LIRC_MODE2 AttachType = 16 - BPF_FLOW_DISSECTOR AttachType = 17 - BPF_CGROUP_SYSCTL AttachType = 18 - BPF_CGROUP_UDP4_RECVMSG AttachType = 19 - BPF_CGROUP_UDP6_RECVMSG AttachType = 20 - BPF_CGROUP_GETSOCKOPT AttachType = 21 - BPF_CGROUP_SETSOCKOPT AttachType = 22 - BPF_TRACE_RAW_TP AttachType = 23 - BPF_TRACE_FENTRY AttachType = 24 - BPF_TRACE_FEXIT AttachType = 25 - BPF_MODIFY_RETURN AttachType = 26 - BPF_LSM_MAC AttachType = 27 - BPF_TRACE_ITER AttachType = 28 - BPF_CGROUP_INET4_GETPEERNAME AttachType = 29 - BPF_CGROUP_INET6_GETPEERNAME AttachType = 30 - BPF_CGROUP_INET4_GETSOCKNAME AttachType = 31 - BPF_CGROUP_INET6_GETSOCKNAME AttachType = 32 - BPF_XDP_DEVMAP AttachType = 33 - BPF_CGROUP_INET_SOCK_RELEASE AttachType = 34 - BPF_XDP_CPUMAP AttachType = 35 - BPF_SK_LOOKUP AttachType = 36 - BPF_XDP AttachType = 37 - BPF_SK_SKB_VERDICT AttachType = 38 - __MAX_BPF_ATTACH_TYPE AttachType = 39 + BPF_CGROUP_INET_INGRESS AttachType = 0 + BPF_CGROUP_INET_EGRESS AttachType = 1 + BPF_CGROUP_INET_SOCK_CREATE AttachType = 2 + BPF_CGROUP_SOCK_OPS AttachType = 3 + BPF_SK_SKB_STREAM_PARSER AttachType = 4 + BPF_SK_SKB_STREAM_VERDICT AttachType = 5 + BPF_CGROUP_DEVICE AttachType = 6 + BPF_SK_MSG_VERDICT AttachType = 7 + BPF_CGROUP_INET4_BIND AttachType = 8 + BPF_CGROUP_INET6_BIND AttachType = 9 + BPF_CGROUP_INET4_CONNECT AttachType = 10 + BPF_CGROUP_INET6_CONNECT AttachType = 11 + BPF_CGROUP_INET4_POST_BIND AttachType = 12 + BPF_CGROUP_INET6_POST_BIND AttachType = 13 + BPF_CGROUP_UDP4_SENDMSG AttachType = 14 + BPF_CGROUP_UDP6_SENDMSG AttachType = 15 + BPF_LIRC_MODE2 AttachType = 16 + BPF_FLOW_DISSECTOR AttachType = 17 + BPF_CGROUP_SYSCTL AttachType = 18 + BPF_CGROUP_UDP4_RECVMSG AttachType = 19 + BPF_CGROUP_UDP6_RECVMSG AttachType = 20 + BPF_CGROUP_GETSOCKOPT AttachType = 21 + BPF_CGROUP_SETSOCKOPT AttachType = 22 + BPF_TRACE_RAW_TP AttachType = 23 + BPF_TRACE_FENTRY AttachType = 24 + BPF_TRACE_FEXIT AttachType = 25 + BPF_MODIFY_RETURN AttachType = 26 + BPF_LSM_MAC AttachType = 27 + BPF_TRACE_ITER AttachType = 28 + BPF_CGROUP_INET4_GETPEERNAME AttachType = 29 + BPF_CGROUP_INET6_GETPEERNAME AttachType = 30 + BPF_CGROUP_INET4_GETSOCKNAME AttachType = 31 + BPF_CGROUP_INET6_GETSOCKNAME AttachType = 32 + BPF_XDP_DEVMAP AttachType = 33 + BPF_CGROUP_INET_SOCK_RELEASE AttachType = 34 + BPF_XDP_CPUMAP AttachType = 35 + BPF_SK_LOOKUP AttachType = 36 + BPF_XDP AttachType = 37 + BPF_SK_SKB_VERDICT AttachType = 38 + BPF_SK_REUSEPORT_SELECT AttachType = 39 + BPF_SK_REUSEPORT_SELECT_OR_MIGRATE AttachType = 40 + BPF_PERF_EVENT AttachType = 41 + __MAX_BPF_ATTACH_TYPE AttachType = 42 ) type Cmd int32 @@ -72,6 +75,7 @@ const ( BPF_PROG_ATTACH Cmd = 8 BPF_PROG_DETACH Cmd = 9 BPF_PROG_TEST_RUN Cmd = 10 + BPF_PROG_RUN Cmd = 10 BPF_PROG_GET_NEXT_ID Cmd = 11 BPF_MAP_GET_NEXT_ID Cmd = 12 BPF_PROG_GET_FD_BY_ID Cmd = 13 @@ -268,7 +272,27 @@ const ( BPF_FUNC_check_mtu FunctionId = 163 BPF_FUNC_for_each_map_elem FunctionId = 164 BPF_FUNC_snprintf FunctionId = 165 - __BPF_FUNC_MAX_ID FunctionId = 166 + BPF_FUNC_sys_bpf FunctionId = 166 + BPF_FUNC_btf_find_by_name_kind FunctionId = 167 + BPF_FUNC_sys_close FunctionId = 168 + BPF_FUNC_timer_init FunctionId = 169 + BPF_FUNC_timer_set_callback FunctionId = 170 + BPF_FUNC_timer_start FunctionId = 171 + BPF_FUNC_timer_cancel FunctionId = 172 + BPF_FUNC_get_func_ip FunctionId = 173 + BPF_FUNC_get_attach_cookie FunctionId = 174 + BPF_FUNC_task_pt_regs FunctionId = 175 + BPF_FUNC_get_branch_snapshot FunctionId = 176 + BPF_FUNC_trace_vprintk FunctionId = 177 + BPF_FUNC_skc_to_unix_sock FunctionId = 178 + BPF_FUNC_kallsyms_lookup_name FunctionId = 179 + BPF_FUNC_find_vma FunctionId = 180 + BPF_FUNC_loop FunctionId = 181 + BPF_FUNC_strncmp FunctionId = 182 + BPF_FUNC_get_func_arg FunctionId = 183 + BPF_FUNC_get_func_ret FunctionId = 184 + BPF_FUNC_get_func_arg_cnt FunctionId = 185 + __BPF_FUNC_MAX_ID FunctionId = 186 ) type HdrStartOff int32 @@ -288,7 +312,8 @@ const ( BPF_LINK_TYPE_ITER LinkType = 4 BPF_LINK_TYPE_NETNS LinkType = 5 BPF_LINK_TYPE_XDP LinkType = 6 - MAX_BPF_LINK_TYPE LinkType = 7 + BPF_LINK_TYPE_PERF_EVENT LinkType = 7 + MAX_BPF_LINK_TYPE LinkType = 8 ) type MapType int32 @@ -324,6 +349,7 @@ const ( BPF_MAP_TYPE_RINGBUF MapType = 27 BPF_MAP_TYPE_INODE_STORAGE MapType = 28 BPF_MAP_TYPE_TASK_STORAGE MapType = 29 + BPF_MAP_TYPE_BLOOM_FILTER MapType = 30 ) type ProgType int32 @@ -360,6 +386,7 @@ const ( BPF_PROG_TYPE_EXT ProgType = 28 BPF_PROG_TYPE_LSM ProgType = 29 BPF_PROG_TYPE_SK_LOOKUP ProgType = 30 + BPF_PROG_TYPE_SYSCALL ProgType = 31 ) type RetCode int32 @@ -447,6 +474,7 @@ type MapInfo struct { BtfKeyTypeId uint32 BtfValueTypeId uint32 _ [4]byte + MapExtra uint64 } type ProgInfo struct { @@ -485,6 +513,8 @@ type ProgInfo struct { RunTimeNs uint64 RunCnt uint64 RecursionMisses uint64 + VerifiedInsns uint32 + _ [4]byte } type BtfGetFdByIdAttr struct{ Id uint32 } @@ -572,6 +602,23 @@ func LinkCreateIter(attr *LinkCreateIterAttr) (*FD, error) { return NewFD(int(fd)) } +type LinkCreatePerfEventAttr struct { + ProgFd uint32 + TargetFd uint32 + AttachType AttachType + Flags uint32 + BpfCookie uint64 + _ [8]byte +} + +func LinkCreatePerfEvent(attr *LinkCreatePerfEventAttr) (*FD, error) { + fd, err := BPF(BPF_LINK_CREATE, unsafe.Pointer(attr), unsafe.Sizeof(*attr)) + if err != nil { + return nil, err + } + return NewFD(int(fd)) +} + type LinkUpdateAttr struct { LinkFd uint32 NewProgFd uint32 @@ -598,6 +645,7 @@ type MapCreateAttr struct { BtfKeyTypeId uint32 BtfValueTypeId uint32 BtfVmlinuxValueTypeId uint32 + MapExtra uint64 } func MapCreate(attr *MapCreateAttr) (*FD, error) { @@ -876,6 +924,10 @@ type ProgLoadAttr struct { LineInfoCnt uint32 AttachBtfId uint32 AttachProgFd uint32 + CoreReloCnt uint32 + FdArray Pointer + CoreRelos Pointer + CoreReloRecSize uint32 _ [4]byte } diff --git a/vendor/github.com/cilium/ebpf/internal/unix/types_linux.go b/vendor/github.com/cilium/ebpf/internal/unix/types_linux.go index 0a7c648a66d..db4a1f5bf9e 100644 --- a/vendor/github.com/cilium/ebpf/internal/unix/types_linux.go +++ b/vendor/github.com/cilium/ebpf/internal/unix/types_linux.go @@ -23,6 +23,7 @@ const ( EBADF = linux.EBADF E2BIG = linux.E2BIG EFAULT = linux.EFAULT + EACCES = linux.EACCES // ENOTSUPP is not the same as ENOTSUP or EOPNOTSUP ENOTSUPP = syscall.Errno(0x20c) diff --git a/vendor/github.com/cilium/ebpf/internal/unix/types_other.go b/vendor/github.com/cilium/ebpf/internal/unix/types_other.go index abd8ea93dd1..133c267dbc3 100644 --- a/vendor/github.com/cilium/ebpf/internal/unix/types_other.go +++ b/vendor/github.com/cilium/ebpf/internal/unix/types_other.go @@ -24,6 +24,7 @@ const ( EBADF = syscall.Errno(0) E2BIG = syscall.Errno(0) EFAULT = syscall.EFAULT + EACCES = syscall.Errno(0) // ENOTSUPP is not the same as ENOTSUP or EOPNOTSUP ENOTSUPP = syscall.Errno(0x20c) diff --git a/vendor/github.com/cilium/ebpf/link/kprobe.go b/vendor/github.com/cilium/ebpf/link/kprobe.go index 6b896360d64..286e3c66a16 100644 --- a/vendor/github.com/cilium/ebpf/link/kprobe.go +++ b/vendor/github.com/cilium/ebpf/link/kprobe.go @@ -8,7 +8,9 @@ import ( "os" "path/filepath" "runtime" + "strings" "sync" + "syscall" "unsafe" "github.com/cilium/ebpf" @@ -29,10 +31,24 @@ var ( type probeType uint8 type probeArgs struct { - symbol, group, path string - offset, refCtrOffset uint64 - pid int - ret bool + symbol, group, path string + offset, refCtrOffset, cookie uint64 + pid int + ret bool +} + +// KprobeOptions defines additional parameters that will be used +// when loading Kprobes. +type KprobeOptions struct { + // Arbitrary value that can be fetched from an eBPF program + // via `bpf_get_attach_cookie()`. + // + // Needs kernel 5.15+. + Cookie uint64 + // Offset of the kprobe relative to the traced symbol. + // Can be used to insert kprobes at arbitrary offsets in kernel functions, + // e.g. in places where functions have been inlined. + Offset uint64 } const ( @@ -78,61 +94,88 @@ func (pt probeType) RetprobeBit() (uint64, error) { // given kernel symbol starts executing. See /proc/kallsyms for available // symbols. For example, printk(): // -// kp, err := Kprobe("printk", prog) +// kp, err := Kprobe("printk", prog, nil) // // Losing the reference to the resulting Link (kp) will close the Kprobe // and prevent further execution of prog. The Link must be Closed during // program shutdown to avoid leaking system resources. -func Kprobe(symbol string, prog *ebpf.Program) (Link, error) { - k, err := kprobe(symbol, prog, false) +func Kprobe(symbol string, prog *ebpf.Program, opts *KprobeOptions) (Link, error) { + k, err := kprobe(symbol, prog, opts, false) if err != nil { return nil, err } - err = k.attach(prog) + lnk, err := attachPerfEvent(k, prog) if err != nil { k.Close() return nil, err } - return k, nil + return lnk, nil } // Kretprobe attaches the given eBPF program to a perf event that fires right // before the given kernel symbol exits, with the function stack left intact. // See /proc/kallsyms for available symbols. For example, printk(): // -// kp, err := Kretprobe("printk", prog) +// kp, err := Kretprobe("printk", prog, nil) // // Losing the reference to the resulting Link (kp) will close the Kretprobe // and prevent further execution of prog. The Link must be Closed during // program shutdown to avoid leaking system resources. -func Kretprobe(symbol string, prog *ebpf.Program) (Link, error) { - k, err := kprobe(symbol, prog, true) +func Kretprobe(symbol string, prog *ebpf.Program, opts *KprobeOptions) (Link, error) { + k, err := kprobe(symbol, prog, opts, true) if err != nil { return nil, err } - err = k.attach(prog) + lnk, err := attachPerfEvent(k, prog) if err != nil { k.Close() return nil, err } - return k, nil + return lnk, nil +} + +// isValidKprobeSymbol implements the equivalent of a regex match +// against "^[a-zA-Z_][0-9a-zA-Z_.]*$". +func isValidKprobeSymbol(s string) bool { + if len(s) < 1 { + return false + } + + for i, c := range []byte(s) { + switch { + case c >= 'a' && c <= 'z': + case c >= 'A' && c <= 'Z': + case c == '_': + case i > 0 && c >= '0' && c <= '9': + + // Allow `.` in symbol name. GCC-compiled kernel may change symbol name + // to have a `.isra.$n` suffix, like `udp_send_skb.isra.52`. + // See: https://gcc.gnu.org/gcc-10/changes.html + case i > 0 && c == '.': + + default: + return false + } + } + + return true } // kprobe opens a perf event on the given symbol and attaches prog to it. // If ret is true, create a kretprobe. -func kprobe(symbol string, prog *ebpf.Program, ret bool) (*perfEvent, error) { +func kprobe(symbol string, prog *ebpf.Program, opts *KprobeOptions, ret bool) (*perfEvent, error) { if symbol == "" { return nil, fmt.Errorf("symbol name cannot be empty: %w", errInvalidInput) } if prog == nil { return nil, fmt.Errorf("prog cannot be nil: %w", errInvalidInput) } - if !rgxTraceEvent.MatchString(symbol) { - return nil, fmt.Errorf("symbol '%s' must be alphanumeric or underscore: %w", symbol, errInvalidInput) + if !isValidKprobeSymbol(symbol) { + return nil, fmt.Errorf("symbol '%s' must be a valid symbol in /proc/kallsyms: %w", symbol, errInvalidInput) } if prog.Type() != ebpf.Kprobe { return nil, fmt.Errorf("eBPF program type %s is not a Kprobe: %w", prog.Type(), errInvalidInput) @@ -140,14 +183,19 @@ func kprobe(symbol string, prog *ebpf.Program, ret bool) (*perfEvent, error) { args := probeArgs{ pid: perfAllThreads, - symbol: platformPrefix(symbol), + symbol: symbol, ret: ret, } + if opts != nil { + args.cookie = opts.Cookie + args.offset = opts.Offset + } + // Use kprobe PMU if the kernel has it available. tp, err := pmuKprobe(args) if errors.Is(err, os.ErrNotExist) { - args.symbol = symbol + args.symbol = platformPrefix(symbol) tp, err = pmuKprobe(args) } if err == nil { @@ -158,10 +206,10 @@ func kprobe(symbol string, prog *ebpf.Program, ret bool) (*perfEvent, error) { } // Use tracefs if kprobe PMU is missing. - args.symbol = platformPrefix(symbol) + args.symbol = symbol tp, err = tracefsKprobe(args) if errors.Is(err, os.ErrNotExist) { - args.symbol = symbol + args.symbol = platformPrefix(symbol) tp, err = tracefsKprobe(args) } if err != nil { @@ -214,8 +262,12 @@ func pmuProbe(typ probeType, args probeArgs) (*perfEvent, error) { } attr = unix.PerfEventAttr{ + // The minimum size required for PMU kprobes is PERF_ATTR_SIZE_VER1, + // since it added the config2 (Ext2) field. Use Ext2 as probe_offset. + Size: unix.PERF_ATTR_SIZE_VER1, Type: uint32(et), // PMU event type read from sysfs Ext1: uint64(uintptr(sp)), // Kernel symbol to trace + Ext2: args.offset, // Kernel symbol offset Config: config, // Retprobe flag } case uprobeType: @@ -243,11 +295,22 @@ func pmuProbe(typ probeType, args probeArgs) (*perfEvent, error) { rawFd, err := unix.PerfEventOpen(&attr, args.pid, 0, -1, unix.PERF_FLAG_FD_CLOEXEC) + // On some old kernels, kprobe PMU doesn't allow `.` in symbol names and + // return -EINVAL. Return ErrNotSupported to allow falling back to tracefs. + // https://github.com/torvalds/linux/blob/94710cac0ef4/kernel/trace/trace_kprobe.c#L340-L343 + if errors.Is(err, unix.EINVAL) && strings.Contains(args.symbol, ".") { + return nil, fmt.Errorf("symbol '%s+%#x': older kernels don't accept dots: %w", args.symbol, args.offset, ErrNotSupported) + } // Since commit 97c753e62e6c, ENOENT is correctly returned instead of EINVAL // when trying to create a kretprobe for a missing symbol. Make sure ENOENT // is returned to the caller. if errors.Is(err, os.ErrNotExist) || errors.Is(err, unix.EINVAL) { - return nil, fmt.Errorf("symbol '%s' not found: %w", args.symbol, os.ErrNotExist) + return nil, fmt.Errorf("symbol '%s+%#x' not found: %w", args.symbol, args.offset, os.ErrNotExist) + } + // Since commit ab105a4fb894, -EILSEQ is returned when a kprobe sym+offset is resolved + // to an invalid insn boundary. + if errors.Is(err, syscall.EILSEQ) { + return nil, fmt.Errorf("symbol '%s+%#x' not found (bad insn boundary): %w", args.symbol, args.offset, os.ErrNotExist) } // Since at least commit cb9a19fe4aa51, ENOTSUPP is returned // when attempting to set a uprobe on a trap instruction. @@ -268,10 +331,11 @@ func pmuProbe(typ probeType, args probeArgs) (*perfEvent, error) { // Kernel has perf_[k,u]probe PMU available, initialize perf event. return &perfEvent{ - fd: fd, - pmuID: et, - name: args.symbol, - typ: typ.PerfEventType(args.ret), + typ: typ.PerfEventType(args.ret), + name: args.symbol, + pmuID: et, + cookie: args.cookie, + fd: fd, }, nil } @@ -326,11 +390,12 @@ func tracefsProbe(typ probeType, args probeArgs) (*perfEvent, error) { } return &perfEvent{ - fd: fd, + typ: typ.PerfEventType(args.ret), group: group, name: args.symbol, tracefsID: tid, - typ: typ.PerfEventType(args.ret), + cookie: args.cookie, + fd: fd, }, nil } @@ -346,7 +411,7 @@ func createTraceFSProbeEvent(typ probeType, args probeArgs) error { } defer f.Close() - var pe string + var pe, token string switch typ { case kprobeType: // The kprobe_events syntax is as follows (see Documentation/trace/kprobetrace.txt): @@ -363,7 +428,8 @@ func createTraceFSProbeEvent(typ probeType, args probeArgs) error { // subsampling or rate limiting logic can be more accurately implemented in // the eBPF program itself. // See Documentation/kprobes.txt for more details. - pe = fmt.Sprintf("%s:%s/%s %s", probePrefix(args.ret), args.group, args.symbol, args.symbol) + token = kprobeToken(args) + pe = fmt.Sprintf("%s:%s/%s %s", probePrefix(args.ret), args.group, sanitizeSymbol(args.symbol), token) case uprobeType: // The uprobe_events syntax is as follows: // p[:[GRP/]EVENT] PATH:OFFSET [FETCHARGS] : Set a probe @@ -375,14 +441,27 @@ func createTraceFSProbeEvent(typ probeType, args probeArgs) error { // p:ebpf_5678/main_mySymbol /bin/mybin:0x12345(0x123) // // See Documentation/trace/uprobetracer.txt for more details. - pe = fmt.Sprintf("%s:%s/%s %s", probePrefix(args.ret), args.group, args.symbol, uprobeToken(args)) + token = uprobeToken(args) + pe = fmt.Sprintf("%s:%s/%s %s", probePrefix(args.ret), args.group, args.symbol, token) } _, err = f.WriteString(pe) // Since commit 97c753e62e6c, ENOENT is correctly returned instead of EINVAL // when trying to create a kretprobe for a missing symbol. Make sure ENOENT // is returned to the caller. + // EINVAL is also returned on pre-5.2 kernels when the `SYM[+offs]` token + // is resolved to an invalid insn boundary. if errors.Is(err, os.ErrNotExist) || errors.Is(err, unix.EINVAL) { - return fmt.Errorf("symbol %s not found: %w", args.symbol, os.ErrNotExist) + return fmt.Errorf("token %s: %w", token, os.ErrNotExist) + } + // Since commit ab105a4fb894, -EILSEQ is returned when a kprobe sym+offset is resolved + // to an invalid insn boundary. + if errors.Is(err, syscall.EILSEQ) { + return fmt.Errorf("token %s: bad insn boundary: %w", token, os.ErrNotExist) + } + // ERANGE is returned when the `SYM[+offs]` token is too big and cannot + // be resolved. + if errors.Is(err, syscall.ERANGE) { + return fmt.Errorf("token %s: offset too big: %w", token, os.ErrNotExist) } if err != nil { return fmt.Errorf("writing '%s' to '%s': %w", pe, typ.EventsPath(), err) @@ -402,7 +481,7 @@ func closeTraceFSProbeEvent(typ probeType, group, symbol string) error { // See [k,u]probe_events syntax above. The probe type does not need to be specified // for removals. - pe := fmt.Sprintf("-:%s/%s", group, symbol) + pe := fmt.Sprintf("-:%s/%s", group, sanitizeSymbol(symbol)) if _, err = f.WriteString(pe); err != nil { return fmt.Errorf("writing '%s' to '%s': %w", pe, typ.EventsPath(), err) } @@ -413,9 +492,9 @@ func closeTraceFSProbeEvent(typ probeType, group, symbol string) error { // randomGroup generates a pseudorandom string for use as a tracefs group name. // Returns an error when the output string would exceed 63 characters (kernel // limitation), when rand.Read() fails or when prefix contains characters not -// allowed by rgxTraceEvent. +// allowed by isValidTraceID. func randomGroup(prefix string) (string, error) { - if !rgxTraceEvent.MatchString(prefix) { + if !isValidTraceID(prefix) { return "", fmt.Errorf("prefix '%s' must be alphanumeric or underscore: %w", prefix, errInvalidInput) } @@ -467,3 +546,14 @@ func kretprobeBit() (uint64, error) { }) return kprobeRetprobeBit.value, kprobeRetprobeBit.err } + +// kprobeToken creates the SYM[+offs] token for the tracefs api. +func kprobeToken(args probeArgs) string { + po := args.symbol + + if args.offset != 0 { + po += fmt.Sprintf("+%#x", args.offset) + } + + return po +} diff --git a/vendor/github.com/cilium/ebpf/link/link.go b/vendor/github.com/cilium/ebpf/link/link.go index 3aa49a68e35..bb84e9db788 100644 --- a/vendor/github.com/cilium/ebpf/link/link.go +++ b/vendor/github.com/cilium/ebpf/link/link.go @@ -6,8 +6,8 @@ import ( "fmt" "github.com/cilium/ebpf" + "github.com/cilium/ebpf/btf" "github.com/cilium/ebpf/internal" - "github.com/cilium/ebpf/internal/btf" "github.com/cilium/ebpf/internal/sys" ) @@ -325,11 +325,13 @@ func (l *RawLink) Info() (*Info, error) { extra = &TracingInfo{} case XDPType: extra = &XDPInfo{} + case PerfEventType: + // no extra default: return nil, fmt.Errorf("unknown link info type: %d", info.Type) } - if info.Type != RawTracepointType && info.Type != IterType { + if info.Type != RawTracepointType && info.Type != IterType && info.Type != PerfEventType { buf := bytes.NewReader(info.Extra[:]) err := binary.Read(buf, internal.NativeEndian, extra) if err != nil { diff --git a/vendor/github.com/cilium/ebpf/link/perf_event.go b/vendor/github.com/cilium/ebpf/link/perf_event.go index ef24660f44a..0e5bd47911b 100644 --- a/vendor/github.com/cilium/ebpf/link/perf_event.go +++ b/vendor/github.com/cilium/ebpf/link/perf_event.go @@ -6,13 +6,14 @@ import ( "fmt" "os" "path/filepath" - "regexp" "runtime" "strconv" "strings" "unsafe" "github.com/cilium/ebpf" + "github.com/cilium/ebpf/asm" + "github.com/cilium/ebpf/internal" "github.com/cilium/ebpf/internal/sys" "github.com/cilium/ebpf/internal/unix" ) @@ -43,11 +44,6 @@ import ( var ( tracefsPath = "/sys/kernel/debug/tracing" - // Trace event groups, names and kernel symbols must adhere to this set - // of characters. Non-empty, first character must not be a number, all - // characters must be alphanumeric or underscore. - rgxTraceEvent = regexp.MustCompile("^[a-zA-Z_][0-9a-zA-Z_]*$") - errInvalidInput = errors.New("invalid input") ) @@ -69,6 +65,8 @@ const ( // can be attached to it. It is created based on a tracefs trace event or a // Performance Monitoring Unit (PMU). type perfEvent struct { + // The event type determines the types of programs that can be attached. + typ perfEventType // Group and name of the tracepoint/kprobe/uprobe. group string @@ -79,52 +77,15 @@ type perfEvent struct { // ID of the trace event read from tracefs. Valid IDs are non-zero. tracefsID uint64 - // The event type determines the types of programs that can be attached. - typ perfEventType + // User provided arbitrary value. + cookie uint64 + // This is the perf event FD. fd *sys.FD } -func (pe *perfEvent) isLink() {} - -func (pe *perfEvent) Pin(string) error { - return fmt.Errorf("pin perf event: %w", ErrNotSupported) -} - -func (pe *perfEvent) Unpin() error { - return fmt.Errorf("unpin perf event: %w", ErrNotSupported) -} - -// Since 4.15 (e87c6bc3852b "bpf: permit multiple bpf attachments for a single perf event"), -// calling PERF_EVENT_IOC_SET_BPF appends the given program to a prog_array -// owned by the perf event, which means multiple programs can be attached -// simultaneously. -// -// Before 4.15, calling PERF_EVENT_IOC_SET_BPF more than once on a perf event -// returns EEXIST. -// -// Detaching a program from a perf event is currently not possible, so a -// program replacement mechanism cannot be implemented for perf events. -func (pe *perfEvent) Update(prog *ebpf.Program) error { - return fmt.Errorf("can't replace eBPF program in perf event: %w", ErrNotSupported) -} - -func (pe *perfEvent) Info() (*Info, error) { - return nil, fmt.Errorf("can't get perf event info: %w", ErrNotSupported) -} - func (pe *perfEvent) Close() error { - if pe.fd == nil { - return nil - } - - err := unix.IoctlSetInt(pe.fd.Int(), unix.PERF_EVENT_IOC_DISABLE, 0) - if err != nil { - return fmt.Errorf("disabling perf event: %w", err) - } - - err = pe.fd.Close() - if err != nil { + if err := pe.fd.Close(); err != nil { return fmt.Errorf("closing perf event fd: %w", err) } @@ -147,48 +108,150 @@ func (pe *perfEvent) Close() error { return nil } +// perfEventLink represents a bpf perf link. +type perfEventLink struct { + RawLink + pe *perfEvent +} + +func (pl *perfEventLink) isLink() {} + +// Pinning requires the underlying perf event FD to stay open. +// +// | PerfEvent FD | BpfLink FD | Works | +// |--------------|------------|-------| +// | Open | Open | Yes | +// | Closed | Open | No | +// | Open | Closed | No (Pin() -> EINVAL) | +// | Closed | Closed | No (Pin() -> EINVAL) | +// +// There is currently no pretty way to recover the perf event FD +// when loading a pinned link, so leave as not supported for now. +func (pl *perfEventLink) Pin(string) error { + return fmt.Errorf("perf event link pin: %w", ErrNotSupported) +} + +func (pl *perfEventLink) Unpin() error { + return fmt.Errorf("perf event link unpin: %w", ErrNotSupported) +} + +func (pl *perfEventLink) Close() error { + if err := pl.pe.Close(); err != nil { + return fmt.Errorf("perf event link close: %w", err) + } + return pl.fd.Close() +} + +func (pl *perfEventLink) Update(prog *ebpf.Program) error { + return fmt.Errorf("perf event link update: %w", ErrNotSupported) +} + +// perfEventIoctl implements Link and handles the perf event lifecycle +// via ioctl(). +type perfEventIoctl struct { + *perfEvent +} + +func (pi *perfEventIoctl) isLink() {} + +// Since 4.15 (e87c6bc3852b "bpf: permit multiple bpf attachments for a single perf event"), +// calling PERF_EVENT_IOC_SET_BPF appends the given program to a prog_array +// owned by the perf event, which means multiple programs can be attached +// simultaneously. +// +// Before 4.15, calling PERF_EVENT_IOC_SET_BPF more than once on a perf event +// returns EEXIST. +// +// Detaching a program from a perf event is currently not possible, so a +// program replacement mechanism cannot be implemented for perf events. +func (pi *perfEventIoctl) Update(prog *ebpf.Program) error { + return fmt.Errorf("perf event ioctl update: %w", ErrNotSupported) +} + +func (pi *perfEventIoctl) Pin(string) error { + return fmt.Errorf("perf event ioctl pin: %w", ErrNotSupported) +} + +func (pi *perfEventIoctl) Unpin() error { + return fmt.Errorf("perf event ioctl unpin: %w", ErrNotSupported) +} + +func (pi *perfEventIoctl) Info() (*Info, error) { + return nil, fmt.Errorf("perf event ioctl info: %w", ErrNotSupported) +} + // attach the given eBPF prog to the perf event stored in pe. // pe must contain a valid perf event fd. // prog's type must match the program type stored in pe. -func (pe *perfEvent) attach(prog *ebpf.Program) error { +func attachPerfEvent(pe *perfEvent, prog *ebpf.Program) (Link, error) { if prog == nil { - return errors.New("cannot attach a nil program") - } - if pe.fd == nil { - return errors.New("cannot attach to nil perf event") + return nil, errors.New("cannot attach a nil program") } if prog.FD() < 0 { - return fmt.Errorf("invalid program: %w", sys.ErrClosedFd) + return nil, fmt.Errorf("invalid program: %w", sys.ErrClosedFd) } + switch pe.typ { case kprobeEvent, kretprobeEvent, uprobeEvent, uretprobeEvent: if t := prog.Type(); t != ebpf.Kprobe { - return fmt.Errorf("invalid program type (expected %s): %s", ebpf.Kprobe, t) + return nil, fmt.Errorf("invalid program type (expected %s): %s", ebpf.Kprobe, t) } case tracepointEvent: if t := prog.Type(); t != ebpf.TracePoint { - return fmt.Errorf("invalid program type (expected %s): %s", ebpf.TracePoint, t) + return nil, fmt.Errorf("invalid program type (expected %s): %s", ebpf.TracePoint, t) } default: - return fmt.Errorf("unknown perf event type: %d", pe.typ) + return nil, fmt.Errorf("unknown perf event type: %d", pe.typ) + } + + if err := haveBPFLinkPerfEvent(); err == nil { + return attachPerfEventLink(pe, prog) } + return attachPerfEventIoctl(pe, prog) +} - kfd := pe.fd.Int() +func attachPerfEventIoctl(pe *perfEvent, prog *ebpf.Program) (*perfEventIoctl, error) { + if pe.cookie != 0 { + return nil, fmt.Errorf("cookies are not supported: %w", ErrNotSupported) + } // Assign the eBPF program to the perf event. - err := unix.IoctlSetInt(int(kfd), unix.PERF_EVENT_IOC_SET_BPF, prog.FD()) + err := unix.IoctlSetInt(pe.fd.Int(), unix.PERF_EVENT_IOC_SET_BPF, prog.FD()) if err != nil { - return fmt.Errorf("setting perf event bpf program: %w", err) + return nil, fmt.Errorf("setting perf event bpf program: %w", err) } // PERF_EVENT_IOC_ENABLE and _DISABLE ignore their given values. - if err := unix.IoctlSetInt(int(kfd), unix.PERF_EVENT_IOC_ENABLE, 0); err != nil { - return fmt.Errorf("enable perf event: %s", err) + if err := unix.IoctlSetInt(pe.fd.Int(), unix.PERF_EVENT_IOC_ENABLE, 0); err != nil { + return nil, fmt.Errorf("enable perf event: %s", err) + } + + pi := &perfEventIoctl{pe} + + // Close the perf event when its reference is lost to avoid leaking system resources. + runtime.SetFinalizer(pi, (*perfEventIoctl).Close) + return pi, nil +} + +// Use the bpf api to attach the perf event (BPF_LINK_TYPE_PERF_EVENT, 5.15+). +// +// https://github.com/torvalds/linux/commit/b89fbfbb854c9afc3047e8273cc3a694650b802e +func attachPerfEventLink(pe *perfEvent, prog *ebpf.Program) (*perfEventLink, error) { + fd, err := sys.LinkCreatePerfEvent(&sys.LinkCreatePerfEventAttr{ + ProgFd: uint32(prog.FD()), + TargetFd: pe.fd.Uint(), + AttachType: sys.BPF_PERF_EVENT, + BpfCookie: pe.cookie, + }) + if err != nil { + return nil, fmt.Errorf("cannot create bpf perf link: %v", err) } + pl := &perfEventLink{RawLink{fd: fd}, pe} + // Close the perf event when its reference is lost to avoid leaking system resources. - runtime.SetFinalizer(pe, (*perfEvent).Close) - return nil + runtime.SetFinalizer(pl, (*perfEventLink).Close) + return pl, nil } // unsafeStringPtr returns an unsafe.Pointer to a NUL-terminated copy of str. @@ -201,8 +264,12 @@ func unsafeStringPtr(str string) (unsafe.Pointer, error) { } // getTraceEventID reads a trace event's ID from tracefs given its group and name. -// group and name must be alphanumeric or underscore, as required by the kernel. +// The kernel requires group and name to be alphanumeric or underscore. +// +// name automatically has its invalid symbols converted to underscores so the caller +// can pass a raw symbol name, e.g. a kernel symbol containing dots. func getTraceEventID(group, name string) (uint64, error) { + name = sanitizeSymbol(name) tid, err := uint64FromFile(tracefsPath, "events", group, name, "id") if errors.Is(err, os.ErrNotExist) { return 0, fmt.Errorf("trace event %s/%s: %w", group, name, os.ErrNotExist) @@ -268,3 +335,60 @@ func uint64FromFile(base string, path ...string) (uint64, error) { et := bytes.TrimSpace(data) return strconv.ParseUint(string(et), 10, 64) } + +// Probe BPF perf link. +// +// https://elixir.bootlin.com/linux/v5.16.8/source/kernel/bpf/syscall.c#L4307 +// https://github.com/torvalds/linux/commit/b89fbfbb854c9afc3047e8273cc3a694650b802e +var haveBPFLinkPerfEvent = internal.FeatureTest("bpf_link_perf_event", "5.15", func() error { + prog, err := ebpf.NewProgram(&ebpf.ProgramSpec{ + Name: "probe_bpf_perf_link", + Type: ebpf.Kprobe, + Instructions: asm.Instructions{ + asm.Mov.Imm(asm.R0, 0), + asm.Return(), + }, + License: "MIT", + }) + if err != nil { + return err + } + defer prog.Close() + + _, err = sys.LinkCreatePerfEvent(&sys.LinkCreatePerfEventAttr{ + ProgFd: uint32(prog.FD()), + AttachType: sys.BPF_PERF_EVENT, + }) + if errors.Is(err, unix.EINVAL) { + return internal.ErrNotSupported + } + if errors.Is(err, unix.EBADF) { + return nil + } + return err +}) + +// isValidTraceID implements the equivalent of a regex match +// against "^[a-zA-Z_][0-9a-zA-Z_]*$". +// +// Trace event groups, names and kernel symbols must adhere to this set +// of characters. Non-empty, first character must not be a number, all +// characters must be alphanumeric or underscore. +func isValidTraceID(s string) bool { + if len(s) < 1 { + return false + } + for i, c := range []byte(s) { + switch { + case c >= 'a' && c <= 'z': + case c >= 'A' && c <= 'Z': + case c == '_': + case i > 0 && c >= '0' && c <= '9': + + default: + return false + } + } + + return true +} diff --git a/vendor/github.com/cilium/ebpf/link/syscalls.go b/vendor/github.com/cilium/ebpf/link/syscalls.go index 072dfade273..a661395b360 100644 --- a/vendor/github.com/cilium/ebpf/link/syscalls.go +++ b/vendor/github.com/cilium/ebpf/link/syscalls.go @@ -22,13 +22,13 @@ const ( IterType = sys.BPF_LINK_TYPE_ITER NetNsType = sys.BPF_LINK_TYPE_NETNS XDPType = sys.BPF_LINK_TYPE_XDP + PerfEventType = sys.BPF_LINK_TYPE_PERF_EVENT ) var haveProgAttach = internal.FeatureTest("BPF_PROG_ATTACH", "4.10", func() error { prog, err := ebpf.NewProgram(&ebpf.ProgramSpec{ - Type: ebpf.CGroupSKB, - AttachType: ebpf.AttachCGroupInetIngress, - License: "MIT", + Type: ebpf.CGroupSKB, + License: "MIT", Instructions: asm.Instructions{ asm.Mov.Imm(asm.R0, 0), asm.Return(), diff --git a/vendor/github.com/cilium/ebpf/link/tracepoint.go b/vendor/github.com/cilium/ebpf/link/tracepoint.go index 7423df86b13..a59ef9d1c52 100644 --- a/vendor/github.com/cilium/ebpf/link/tracepoint.go +++ b/vendor/github.com/cilium/ebpf/link/tracepoint.go @@ -6,12 +6,22 @@ import ( "github.com/cilium/ebpf" ) +// TracepointOptions defines additional parameters that will be used +// when loading Tracepoints. +type TracepointOptions struct { + // Arbitrary value that can be fetched from an eBPF program + // via `bpf_get_attach_cookie()`. + // + // Needs kernel 5.15+. + Cookie uint64 +} + // Tracepoint attaches the given eBPF program to the tracepoint with the given // group and name. See /sys/kernel/debug/tracing/events to find available // tracepoints. The top-level directory is the group, the event's subdirectory // is the name. Example: // -// tp, err := Tracepoint("syscalls", "sys_enter_fork", prog) +// tp, err := Tracepoint("syscalls", "sys_enter_fork", prog, nil) // // Losing the reference to the resulting Link (tp) will close the Tracepoint // and prevent further execution of prog. The Link must be Closed during @@ -19,14 +29,14 @@ import ( // // Note that attaching eBPF programs to syscalls (sys_enter_*/sys_exit_*) is // only possible as of kernel 4.14 (commit cf5f5ce). -func Tracepoint(group, name string, prog *ebpf.Program) (Link, error) { +func Tracepoint(group, name string, prog *ebpf.Program, opts *TracepointOptions) (Link, error) { if group == "" || name == "" { return nil, fmt.Errorf("group and name cannot be empty: %w", errInvalidInput) } if prog == nil { return nil, fmt.Errorf("prog cannot be nil: %w", errInvalidInput) } - if !rgxTraceEvent.MatchString(group) || !rgxTraceEvent.MatchString(name) { + if !isValidTraceID(group) || !isValidTraceID(name) { return nil, fmt.Errorf("group and name '%s/%s' must be alphanumeric or underscore: %w", group, name, errInvalidInput) } if prog.Type() != ebpf.TracePoint { @@ -43,18 +53,25 @@ func Tracepoint(group, name string, prog *ebpf.Program) (Link, error) { return nil, err } + var cookie uint64 + if opts != nil { + cookie = opts.Cookie + } + pe := &perfEvent{ - fd: fd, - tracefsID: tid, + typ: tracepointEvent, group: group, name: name, - typ: tracepointEvent, + tracefsID: tid, + cookie: cookie, + fd: fd, } - if err := pe.attach(prog); err != nil { + lnk, err := attachPerfEvent(pe, prog) + if err != nil { pe.Close() return nil, err } - return pe, nil + return lnk, nil } diff --git a/vendor/github.com/cilium/ebpf/link/tracing.go b/vendor/github.com/cilium/ebpf/link/tracing.go index 5913592c67c..e26bea748a2 100644 --- a/vendor/github.com/cilium/ebpf/link/tracing.go +++ b/vendor/github.com/cilium/ebpf/link/tracing.go @@ -4,7 +4,7 @@ import ( "fmt" "github.com/cilium/ebpf" - "github.com/cilium/ebpf/internal/btf" + "github.com/cilium/ebpf/btf" "github.com/cilium/ebpf/internal/sys" ) @@ -61,7 +61,10 @@ func AttachFreplace(targetProg *ebpf.Program, name string, prog *ebpf.Program) ( } target = targetProg.FD() - typeID = function.ID() + typeID, err = btfHandle.Spec().TypeID(function) + if err != nil { + return nil, err + } } link, err := AttachRawLink(RawLinkOptions{ diff --git a/vendor/github.com/cilium/ebpf/link/uprobe.go b/vendor/github.com/cilium/ebpf/link/uprobe.go index d603575ca55..ca11f376b91 100644 --- a/vendor/github.com/cilium/ebpf/link/uprobe.go +++ b/vendor/github.com/cilium/ebpf/link/uprobe.go @@ -6,7 +6,7 @@ import ( "fmt" "os" "path/filepath" - "regexp" + "strings" "sync" "github.com/cilium/ebpf" @@ -16,10 +16,6 @@ import ( var ( uprobeEventsPath = filepath.Join(tracefsPath, "uprobe_events") - // rgxUprobeSymbol is used to strip invalid characters from the uprobe symbol - // as they are not allowed to be used as the EVENT token in tracefs. - rgxUprobeSymbol = regexp.MustCompile("[^a-zA-Z0-9]+") - uprobeRetprobeBit = struct { once sync.Once value uint64 @@ -70,6 +66,11 @@ type UprobeOptions struct { // github.com/torvalds/linux/commit/1cc33161a83d // github.com/torvalds/linux/commit/a6ca88b241d5 RefCtrOffset uint64 + // Arbitrary value that can be fetched from an eBPF program + // via `bpf_get_attach_cookie()`. + // + // Needs kernel 5.15+. + Cookie uint64 } // To open a new Executable, use: @@ -197,13 +198,13 @@ func (ex *Executable) Uprobe(symbol string, prog *ebpf.Program, opts *UprobeOpti return nil, err } - err = u.attach(prog) + lnk, err := attachPerfEvent(u, prog) if err != nil { u.Close() return nil, err } - return u, nil + return lnk, nil } // Uretprobe attaches the given eBPF program to a perf event that fires right @@ -229,13 +230,13 @@ func (ex *Executable) Uretprobe(symbol string, prog *ebpf.Program, opts *UprobeO return nil, err } - err = u.attach(prog) + lnk, err := attachPerfEvent(u, prog) if err != nil { u.Close() return nil, err } - return u, nil + return lnk, nil } // uprobe opens a perf event for the given binary/symbol and attaches prog to it. @@ -278,6 +279,7 @@ func (ex *Executable) uprobe(symbol string, prog *ebpf.Program, opts *UprobeOpti pid: pid, refCtrOffset: opts.RefCtrOffset, ret: ret, + cookie: opts.Cookie, } // Use uprobe PMU if the kernel has it available. @@ -290,7 +292,7 @@ func (ex *Executable) uprobe(symbol string, prog *ebpf.Program, opts *UprobeOpti } // Use tracefs if uprobe PMU is missing. - args.symbol = uprobeSanitizedSymbol(symbol) + args.symbol = sanitizeSymbol(symbol) tp, err = tracefsUprobe(args) if err != nil { return nil, fmt.Errorf("creating trace event '%s:%s' in tracefs: %w", ex.path, symbol, err) @@ -309,9 +311,29 @@ func tracefsUprobe(args probeArgs) (*perfEvent, error) { return tracefsProbe(uprobeType, args) } -// uprobeSanitizedSymbol replaces every invalid characted for the tracefs api with an underscore. -func uprobeSanitizedSymbol(symbol string) string { - return rgxUprobeSymbol.ReplaceAllString(symbol, "_") +// sanitizeSymbol replaces every invalid character for the tracefs api with an underscore. +// It is equivalent to calling regexp.MustCompile("[^a-zA-Z0-9]+").ReplaceAllString("_"). +func sanitizeSymbol(s string) string { + var b strings.Builder + b.Grow(len(s)) + var skip bool + for _, c := range []byte(s) { + switch { + case c >= 'a' && c <= 'z', + c >= 'A' && c <= 'Z', + c >= '0' && c <= '9': + skip = false + b.WriteByte(c) + + default: + if !skip { + b.WriteByte('_') + skip = true + } + } + } + + return b.String() } // uprobeToken creates the PATH:OFFSET(REF_CTR_OFFSET) token for the tracefs api. diff --git a/vendor/github.com/cilium/ebpf/linker.go b/vendor/github.com/cilium/ebpf/linker.go index b056f99aecd..97f7c510d26 100644 --- a/vendor/github.com/cilium/ebpf/linker.go +++ b/vendor/github.com/cilium/ebpf/linker.go @@ -1,14 +1,43 @@ package ebpf import ( - "bytes" - "encoding/binary" + "errors" "fmt" + "sync" "github.com/cilium/ebpf/asm" - "github.com/cilium/ebpf/internal/btf" + "github.com/cilium/ebpf/btf" ) +// splitSymbols splits insns into subsections delimited by Symbol Instructions. +// insns cannot be empty and must start with a Symbol Instruction. +// +// The resulting map is indexed by Symbol name. +func splitSymbols(insns asm.Instructions) (map[string]asm.Instructions, error) { + if len(insns) == 0 { + return nil, errors.New("insns is empty") + } + + if insns[0].Symbol() == "" { + return nil, errors.New("insns must start with a Symbol") + } + + var name string + progs := make(map[string]asm.Instructions) + for _, ins := range insns { + if sym := ins.Symbol(); sym != "" { + if progs[sym] != nil { + return nil, fmt.Errorf("insns contains duplicate Symbol %s", sym) + } + name = sym + } + + progs[name] = append(progs[name], ins) + } + + return progs, nil +} + // The linker is responsible for resolving bpf-to-bpf calls between programs // within an ELF. Each BPF program must be a self-contained binary blob, // so when an instruction in one ELF program section wants to jump to @@ -82,112 +111,116 @@ func findReferences(progs map[string]*ProgramSpec) error { return nil } -// marshalFuncInfos returns the BTF func infos of all progs in order. -func marshalFuncInfos(layout []reference) ([]byte, error) { - if len(layout) == 0 { - return nil, nil +// hasReferences returns true if insns contains one or more bpf2bpf +// function references. +func hasReferences(insns asm.Instructions) bool { + for _, i := range insns { + if i.IsFunctionReference() { + return true + } } + return false +} - buf := bytes.NewBuffer(make([]byte, 0, binary.Size(&btf.FuncInfo{})*len(layout))) - for _, sym := range layout { - if err := sym.spec.BTF.FuncInfo.Marshal(buf, sym.offset); err != nil { - return nil, fmt.Errorf("marshaling prog %s func info: %w", sym.spec.Name, err) +// applyRelocations collects and applies any CO-RE relocations in insns. +// +// Passing a nil target will relocate against the running kernel. insns are +// modified in place. +func applyRelocations(insns asm.Instructions, local, target *btf.Spec) error { + var relos []*btf.CORERelocation + var reloInsns []*asm.Instruction + iter := insns.Iterate() + for iter.Next() { + if relo := btf.CORERelocationMetadata(iter.Ins); relo != nil { + relos = append(relos, relo) + reloInsns = append(reloInsns, iter.Ins) } } - return buf.Bytes(), nil -} + if len(relos) == 0 { + return nil + } + + target, err := maybeLoadKernelBTF(target) + if err != nil { + return err + } -// marshalLineInfos returns the BTF line infos of all progs in order. -func marshalLineInfos(layout []reference) ([]byte, error) { - if len(layout) == 0 { - return nil, nil + fixups, err := btf.CORERelocate(local, target, relos) + if err != nil { + return err } - buf := bytes.NewBuffer(make([]byte, 0, binary.Size(&btf.LineInfo{})*len(layout))) - for _, sym := range layout { - if err := sym.spec.BTF.LineInfos.Marshal(buf, sym.offset); err != nil { - return nil, fmt.Errorf("marshaling prog %s line infos: %w", sym.spec.Name, err) + for i, fixup := range fixups { + if err := fixup.Apply(reloInsns[i]); err != nil { + return fmt.Errorf("apply fixup %s: %w", &fixup, err) } } - return buf.Bytes(), nil + return nil } -func fixupJumpsAndCalls(insns asm.Instructions) error { - symbolOffsets := make(map[string]asm.RawInstructionOffset) +// fixupAndValidate is called by the ELF reader right before marshaling the +// instruction stream. It performs last-minute adjustments to the program and +// runs some sanity checks before sending it off to the kernel. +func fixupAndValidate(insns asm.Instructions) error { iter := insns.Iterate() for iter.Next() { ins := iter.Ins - if ins.Symbol == "" { - continue - } - - if _, ok := symbolOffsets[ins.Symbol]; ok { - return fmt.Errorf("duplicate symbol %s", ins.Symbol) + // Map load was tagged with a Reference, but does not contain a Map pointer. + if ins.IsLoadFromMap() && ins.Reference() != "" && ins.Map() == nil { + return fmt.Errorf("instruction %d: map %s: %w", iter.Index, ins.Reference(), asm.ErrUnsatisfiedMapReference) } - symbolOffsets[ins.Symbol] = iter.Offset + fixupProbeReadKernel(ins) } - iter = insns.Iterate() - for iter.Next() { - i := iter.Index - offset := iter.Offset - ins := iter.Ins - - if ins.Reference == "" { - continue - } - - symOffset, ok := symbolOffsets[ins.Reference] - switch { - case ins.IsFunctionReference() && ins.Constant == -1: - if !ok { - break - } + return nil +} - ins.Constant = int64(symOffset - offset - 1) - continue +// fixupProbeReadKernel replaces calls to bpf_probe_read_{kernel,user}(_str) +// with bpf_probe_read(_str) on kernels that don't support it yet. +func fixupProbeReadKernel(ins *asm.Instruction) { + if !ins.IsBuiltinCall() { + return + } - case ins.OpCode.Class().IsJump() && ins.Offset == -1: - if !ok { - break - } + // Kernel supports bpf_probe_read_kernel, nothing to do. + if haveProbeReadKernel() == nil { + return + } - ins.Offset = int16(symOffset - offset - 1) - continue + switch asm.BuiltinFunc(ins.Constant) { + case asm.FnProbeReadKernel, asm.FnProbeReadUser: + ins.Constant = int64(asm.FnProbeRead) + case asm.FnProbeReadKernelStr, asm.FnProbeReadUserStr: + ins.Constant = int64(asm.FnProbeReadStr) + } +} - case ins.IsLoadFromMap() && ins.MapPtr() == -1: - return fmt.Errorf("map %s: %w", ins.Reference, errUnsatisfiedMap) - default: - // no fixup needed - continue - } +var kernelBTF struct { + sync.Mutex + spec *btf.Spec +} - return fmt.Errorf("%s at insn %d: symbol %q: %w", ins.OpCode, i, ins.Reference, errUnsatisfiedProgram) +// maybeLoadKernelBTF loads the current kernel's BTF if spec is nil, otherwise +// it returns spec unchanged. +// +// The kernel BTF is cached for the lifetime of the process. +func maybeLoadKernelBTF(spec *btf.Spec) (*btf.Spec, error) { + if spec != nil { + return spec, nil } - // fixupBPFCalls replaces bpf_probe_read_{kernel,user}[_str] with bpf_probe_read[_str] on older kernels - // https://github.com/libbpf/libbpf/blob/master/src/libbpf.c#L6009 - iter = insns.Iterate() - for iter.Next() { - ins := iter.Ins - if !ins.IsBuiltinCall() { - continue - } - switch asm.BuiltinFunc(ins.Constant) { - case asm.FnProbeReadKernel, asm.FnProbeReadUser: - if err := haveProbeReadKernel(); err != nil { - ins.Constant = int64(asm.FnProbeRead) - } - case asm.FnProbeReadKernelStr, asm.FnProbeReadUserStr: - if err := haveProbeReadKernel(); err != nil { - ins.Constant = int64(asm.FnProbeReadStr) - } - } + kernelBTF.Lock() + defer kernelBTF.Unlock() + + if kernelBTF.spec != nil { + return kernelBTF.spec, nil } - return nil + var err error + kernelBTF.spec, err = btf.LoadKernelSpec() + return kernelBTF.spec, err } diff --git a/vendor/github.com/cilium/ebpf/map.go b/vendor/github.com/cilium/ebpf/map.go index b49b4018798..e6d26db4014 100644 --- a/vendor/github.com/cilium/ebpf/map.go +++ b/vendor/github.com/cilium/ebpf/map.go @@ -8,12 +8,11 @@ import ( "math/rand" "path/filepath" "reflect" - "strings" "time" "unsafe" + "github.com/cilium/ebpf/btf" "github.com/cilium/ebpf/internal" - "github.com/cilium/ebpf/internal/btf" "github.com/cilium/ebpf/internal/sys" "github.com/cilium/ebpf/internal/unix" ) @@ -24,7 +23,8 @@ var ( ErrKeyNotExist = errors.New("key does not exist") ErrKeyExist = errors.New("key already exists") ErrIterationAborted = errors.New("iteration aborted") - ErrMapIncompatible = errors.New("map's spec is incompatible with pinned map") + ErrMapIncompatible = errors.New("map spec is incompatible with existing map") + errMapNoBTFValue = errors.New("map spec does not contain a BTF Value") ) // MapOptions control loading a map into the kernel. @@ -76,8 +76,11 @@ type MapSpec struct { // Must be nil or empty before instantiating the MapSpec into a Map. Extra *bytes.Reader + // The key and value type of this map. May be nil. + Key, Value btf.Type + // The BTF associated with this map. - BTF *btf.Map + BTF *btf.Spec } func (ms *MapSpec) String() string { @@ -125,6 +128,31 @@ func (ms *MapSpec) clampPerfEventArraySize() error { return nil } +// dataSection returns the contents and BTF Datasec descriptor of the spec. +func (ms *MapSpec) dataSection() ([]byte, *btf.Datasec, error) { + + if ms.Value == nil { + return nil, nil, errMapNoBTFValue + } + + ds, ok := ms.Value.(*btf.Datasec) + if !ok { + return nil, nil, fmt.Errorf("map value BTF is a %T, not a *btf.Datasec", ms.Value) + } + + if n := len(ms.Contents); n != 1 { + return nil, nil, fmt.Errorf("expected one key, found %d", n) + } + + kv := ms.Contents[0] + value, ok := kv.Value.([]byte) + if !ok { + return nil, nil, fmt.Errorf("value at first map key is %T, not []byte", kv.Value) + } + + return value, ds, nil +} + // MapKV is used to initialize the contents of a Map. type MapKV struct { Key interface{} @@ -398,15 +426,25 @@ func (spec *MapSpec) createMap(inner *sys.FD, opts MapOptions, handles *handleCa } if spec.hasBTF() { - handle, err := handles.btfHandle(spec.BTF.Spec) + handle, err := handles.btfHandle(spec.BTF) if err != nil && !errors.Is(err, btf.ErrNotSupported) { return nil, fmt.Errorf("load BTF: %w", err) } if handle != nil { + keyTypeID, err := spec.BTF.TypeID(spec.Key) + if err != nil { + return nil, err + } + + valueTypeID, err := spec.BTF.TypeID(spec.Value) + if err != nil { + return nil, err + } + attr.BtfFd = uint32(handle.FD()) - attr.BtfKeyTypeId = uint32(spec.BTF.Key.ID()) - attr.BtfValueTypeId = uint32(spec.BTF.Value.ID()) + attr.BtfKeyTypeId = uint32(keyTypeID) + attr.BtfValueTypeId = uint32(valueTypeID) } } @@ -1269,60 +1307,6 @@ func marshalMap(m *Map, length int) ([]byte, error) { return buf, nil } -func patchValue(value []byte, typ btf.Type, replacements map[string]interface{}) error { - replaced := make(map[string]bool) - replace := func(name string, offset, size int, replacement interface{}) error { - if offset+size > len(value) { - return fmt.Errorf("%s: offset %d(+%d) is out of bounds", name, offset, size) - } - - buf, err := marshalBytes(replacement, size) - if err != nil { - return fmt.Errorf("marshal %s: %w", name, err) - } - - copy(value[offset:offset+size], buf) - replaced[name] = true - return nil - } - - switch parent := typ.(type) { - case *btf.Datasec: - for _, secinfo := range parent.Vars { - name := string(secinfo.Type.(*btf.Var).Name) - replacement, ok := replacements[name] - if !ok { - continue - } - - err := replace(name, int(secinfo.Offset), int(secinfo.Size), replacement) - if err != nil { - return err - } - } - - default: - return fmt.Errorf("patching %T is not supported", typ) - } - - if len(replaced) == len(replacements) { - return nil - } - - var missing []string - for name := range replacements { - if !replaced[name] { - missing = append(missing, name) - } - } - - if len(missing) == 1 { - return fmt.Errorf("unknown field: %s", missing[0]) - } - - return fmt.Errorf("unknown fields: %s", strings.Join(missing, ",")) -} - // MapIterator iterates a Map. // // See Map.Iterate. diff --git a/vendor/github.com/cilium/ebpf/marshalers.go b/vendor/github.com/cilium/ebpf/marshalers.go index 4351cc57f40..544d17f35e1 100644 --- a/vendor/github.com/cilium/ebpf/marshalers.go +++ b/vendor/github.com/cilium/ebpf/marshalers.go @@ -99,14 +99,7 @@ var bytesReaderPool = sync.Pool{ func unmarshalBytes(data interface{}, buf []byte) error { switch value := data.(type) { case unsafe.Pointer: - var dst []byte - // Use unsafe.Slice when we drop support for pre1.17 (https://github.com/golang/go/issues/19367) - // We could opt for removing unsafe.Pointer support in the lib as well - sh := (*reflect.SliceHeader)(unsafe.Pointer(&dst)) - sh.Data = uintptr(value) - sh.Len = len(buf) - sh.Cap = len(buf) - + dst := unsafe.Slice((*byte)(value), len(buf)) copy(dst, buf) runtime.KeepAlive(value) return nil diff --git a/vendor/github.com/cilium/ebpf/prog.go b/vendor/github.com/cilium/ebpf/prog.go index 523e6a54e7c..93398b236cc 100644 --- a/vendor/github.com/cilium/ebpf/prog.go +++ b/vendor/github.com/cilium/ebpf/prog.go @@ -5,15 +5,15 @@ import ( "encoding/binary" "errors" "fmt" - "io" "math" "path/filepath" + "runtime" "strings" "time" "github.com/cilium/ebpf/asm" + "github.com/cilium/ebpf/btf" "github.com/cilium/ebpf/internal" - "github.com/cilium/ebpf/internal/btf" "github.com/cilium/ebpf/internal/sys" "github.com/cilium/ebpf/internal/unix" ) @@ -21,9 +21,6 @@ import ( // ErrNotSupported is returned whenever the kernel doesn't support a feature. var ErrNotSupported = internal.ErrNotSupported -var errUnsatisfiedMap = errors.New("unsatisfied map reference") -var errUnsatisfiedProgram = errors.New("unsatisfied program reference") - // ProgramID represents the unique ID of an eBPF program. type ProgramID uint32 @@ -46,12 +43,13 @@ type ProgramOptions struct { // Controls the output buffer size for the verifier. Defaults to // DefaultVerifierLogSize. LogSize int - // An ELF containing the target BTF for this program. It is used both to - // find the correct function to trace and to apply CO-RE relocations. + // Type information used for CO-RE relocations and when attaching to + // kernel functions. + // // This is useful in environments where the kernel BTF is not available // (containers) or where it is in a non-standard location. Defaults to - // use the kernel BTF from a well-known location. - TargetBTF io.ReaderAt + // use the kernel BTF from a well-known location if nil. + KernelTypes *btf.Spec } // ProgramSpec defines a Program. @@ -61,7 +59,12 @@ type ProgramSpec struct { Name string // Type determines at which hook in the kernel a program will run. - Type ProgramType + Type ProgramType + + // AttachType of the program, needed to differentiate allowed context + // accesses in some newer program types like CGroupSockAddr. + // + // Available on kernels 4.17 and later. AttachType AttachType // Name of a kernel data structure or function to attach to. Its @@ -95,7 +98,7 @@ type ProgramSpec struct { // The BTF associated with this program. Changing Instructions // will most likely invalidate the contained data, and may // result in errors when attempting to load it into the kernel. - BTF *btf.Program + BTF *btf.Spec // The byte order this program was compiled for, may be nil. ByteOrder binary.ByteOrder @@ -160,46 +163,6 @@ func (spec *ProgramSpec) flatten(visited map[*ProgramSpec]bool) (asm.Instruction return insns, progs } -// A reference describes a byte offset an Symbol Instruction pointing -// to another ProgramSpec. -type reference struct { - offset uint64 - spec *ProgramSpec -} - -// layout returns a unique list of programs that must be included -// in spec's instruction stream when inserting it into the kernel. -// Always returns spec itself as the first entry in the chain. -func (spec *ProgramSpec) layout() ([]reference, error) { - out := []reference{{0, spec}} - - name := spec.Instructions.Name() - - var ins *asm.Instruction - iter := spec.Instructions.Iterate() - for iter.Next() { - ins = iter.Ins - - // Skip non-symbols and symbols that describe the ProgramSpec itself, - // which is usually the first instruction in Instructions. - // ProgramSpec itself is already included and not present in references. - if ins.Symbol == "" || ins.Symbol == name { - continue - } - - // Failure to look up a reference is not an error. There are existing tests - // with valid progs that contain multiple symbols and don't have references - // populated. Assume ProgramSpec is used similarly in the wild, so don't - // alter this behaviour. - ref := spec.references[ins.Symbol] - if ref != nil { - out = append(out, reference{iter.Offset.Bytes(), ref}) - } - } - - return out, nil -} - // Program represents BPF program loaded into the kernel. // // It is not safe to close a Program which is used by other goroutines. @@ -235,7 +198,7 @@ func NewProgramWithOptions(spec *ProgramSpec, opts ProgramOptions) (*Program, er defer handles.close() prog, err := newProgramWithOptions(spec, opts, handles) - if errors.Is(err, errUnsatisfiedMap) { + if errors.Is(err, asm.ErrUnsatisfiedMapReference) { return nil, fmt.Errorf("cannot load program without loading its whole collection: %w", err) } return prog, err @@ -279,29 +242,18 @@ func newProgramWithOptions(spec *ProgramSpec, opts ProgramOptions, handles *hand attr.ProgName = sys.NewObjName(spec.Name) } - var err error - var targetBTF *btf.Spec - if opts.TargetBTF != nil { - targetBTF, err = handles.btfSpec(opts.TargetBTF) - if err != nil { - return nil, fmt.Errorf("load target BTF: %w", err) - } - } + kernelTypes := opts.KernelTypes - layout, err := spec.layout() - if err != nil { - return nil, fmt.Errorf("get program layout: %w", err) - } + insns := make(asm.Instructions, len(spec.Instructions)) + copy(insns, spec.Instructions) var btfDisabled bool - var core btf.COREFixups if spec.BTF != nil { - core, err = spec.BTF.Fixups(targetBTF) - if err != nil { - return nil, fmt.Errorf("CO-RE relocations: %w", err) + if err := applyRelocations(insns, spec.BTF, kernelTypes); err != nil { + return nil, fmt.Errorf("apply CO-RE relocations: %w", err) } - handle, err := handles.btfHandle(spec.BTF.Spec()) + handle, err := handles.btfHandle(spec.BTF) btfDisabled = errors.Is(err, btf.ErrNotSupported) if err != nil && !btfDisabled { return nil, fmt.Errorf("load BTF: %w", err) @@ -310,35 +262,27 @@ func newProgramWithOptions(spec *ProgramSpec, opts ProgramOptions, handles *hand if handle != nil { attr.ProgBtfFd = uint32(handle.FD()) - fib, err := marshalFuncInfos(layout) + fib, lib, err := btf.MarshalExtInfos(insns, spec.BTF.TypeID) if err != nil { return nil, err } - attr.FuncInfoRecSize = uint32(binary.Size(btf.FuncInfo{})) - attr.FuncInfoCnt = uint32(len(fib)) / attr.FuncInfoRecSize + + attr.FuncInfoRecSize = btf.FuncInfoSize + attr.FuncInfoCnt = uint32(len(fib)) / btf.FuncInfoSize attr.FuncInfo = sys.NewSlicePointer(fib) - lib, err := marshalLineInfos(layout) - if err != nil { - return nil, err - } - attr.LineInfoRecSize = uint32(binary.Size(btf.LineInfo{})) - attr.LineInfoCnt = uint32(len(lib)) / attr.LineInfoRecSize + attr.LineInfoRecSize = btf.LineInfoSize + attr.LineInfoCnt = uint32(len(lib)) / btf.LineInfoSize attr.LineInfo = sys.NewSlicePointer(lib) } } - insns, err := core.Apply(spec.Instructions) - if err != nil { - return nil, fmt.Errorf("CO-RE fixup: %w", err) - } - - if err := fixupJumpsAndCalls(insns); err != nil { + if err := fixupAndValidate(insns); err != nil { return nil, err } buf := bytes.NewBuffer(make([]byte, 0, insns.Size())) - err = insns.Marshal(buf, internal.NativeEndian) + err := insns.Marshal(buf, internal.NativeEndian) if err != nil { return nil, err } @@ -347,39 +291,24 @@ func newProgramWithOptions(spec *ProgramSpec, opts ProgramOptions, handles *hand attr.Insns = sys.NewSlicePointer(bytecode) attr.InsnCnt = uint32(len(bytecode) / asm.InstructionSize) - if spec.AttachTo != "" { - if spec.AttachTarget != nil { - info, err := spec.AttachTarget.Info() - if err != nil { - return nil, fmt.Errorf("load target BTF: %w", err) - } - - btfID, ok := info.BTFID() - if !ok { - return nil, fmt.Errorf("load target BTF: no BTF info available") - } - btfHandle, err := btf.NewHandleFromID(btfID) - if err != nil { - return nil, fmt.Errorf("load target BTF: %w", err) - } - defer btfHandle.Close() - - targetBTF = btfHandle.Spec() - if err != nil { - return nil, fmt.Errorf("load target BTF: %w", err) - } - } - - target, err := resolveBTFType(targetBTF, spec.AttachTo, spec.Type, spec.AttachType) + if spec.AttachTarget != nil { + targetID, err := findTargetInProgram(spec.AttachTarget, spec.AttachTo, spec.Type, spec.AttachType) if err != nil { - return nil, err + return nil, fmt.Errorf("attach %s/%s: %w", spec.Type, spec.AttachType, err) } - if target != nil { - attr.AttachBtfId = uint32(target.ID()) - } - if spec.AttachTarget != nil { - attr.AttachProgFd = uint32(spec.AttachTarget.FD()) + + attr.AttachBtfId = uint32(targetID) + attr.AttachProgFd = uint32(spec.AttachTarget.FD()) + defer runtime.KeepAlive(spec.AttachTarget) + } else if spec.AttachTo != "" { + targetID, err := findTargetInKernel(kernelTypes, spec.AttachTo, spec.Type, spec.AttachType) + if err != nil && !errors.Is(err, errUnrecognizedAttachType) { + // We ignore errUnrecognizedAttachType since AttachTo may be non-empty + // for programs that don't attach anywhere. + return nil, fmt.Errorf("attach %s/%s: %w", spec.Type, spec.AttachType, err) } + + attr.AttachBtfId = uint32(targetID) } logSize := DefaultVerifierLogSize @@ -414,6 +343,12 @@ func newProgramWithOptions(spec *ProgramSpec, opts ProgramOptions, handles *hand } } + if (errors.Is(err, unix.EINVAL) || errors.Is(err, unix.EPERM)) && hasReferences(spec.Instructions) { + if err := haveBPFToBPFCalls(); err != nil { + return nil, fmt.Errorf("load program: %w", internal.ErrorWithLog(err, logBuf, logErr)) + } + } + if errors.Is(logErr, unix.EPERM) && len(logBuf) > 0 && logBuf[0] == 0 { // EPERM due to RLIMIT_MEMLOCK happens before the verifier, so we can // check that the log is empty to reduce false positives. @@ -587,6 +522,7 @@ func (p *Program) Benchmark(in []byte, repeat int, reset func()) (uint32, time.D var haveProgTestRun = internal.FeatureTest("BPF_PROG_TEST_RUN", "4.12", func() error { prog, err := NewProgram(&ProgramSpec{ + // SocketFilter does not require privileges on newer kernels. Type: SocketFilter, Instructions: asm.Instructions{ asm.LoadImm(asm.R0, 0, asm.DWord), @@ -609,15 +545,23 @@ var haveProgTestRun = internal.FeatureTest("BPF_PROG_TEST_RUN", "4.12", func() e } err = sys.ProgRun(&attr) - if errors.Is(err, unix.EINVAL) { + switch { + case errors.Is(err, unix.EINVAL): // Check for EINVAL specifically, rather than err != nil since we // otherwise misdetect due to insufficient permissions. return internal.ErrNotSupported - } - if errors.Is(err, unix.EINTR) { + + case errors.Is(err, unix.EINTR): // We know that PROG_TEST_RUN is supported if we get EINTR. return nil + + case errors.Is(err, unix.ENOTSUPP): + // The first PROG_TEST_RUN patches shipped in 4.12 didn't include + // a test runner for SocketFilter. ENOTSUPP means PROG_TEST_RUN is + // supported, but not for the program type used in the probe. + return nil } + return err }) @@ -667,6 +611,10 @@ func (p *Program) testRun(in []byte, repeat int, reset func()) (uint32, []byte, continue } + if errors.Is(err, unix.ENOTSUPP) { + return 0, nil, 0, fmt.Errorf("kernel doesn't support testing program type %s: %w", p.Type(), ErrNotSupported) + } + return 0, nil, 0, fmt.Errorf("can't run test: %w", err) } @@ -810,7 +758,15 @@ func (p *Program) BindMap(m *Map) error { return sys.ProgBindMap(attr) } -func resolveBTFType(spec *btf.Spec, name string, progType ProgramType, attachType AttachType) (btf.Type, error) { +var errUnrecognizedAttachType = errors.New("unrecognized attach type") + +// find an attach target type in the kernel. +// +// spec may be nil and defaults to the canonical kernel BTF. name together with +// progType and attachType determine which type we need to attach to. +// +// Returns errUnrecognizedAttachType. +func findTargetInKernel(spec *btf.Spec, name string, progType ProgramType, attachType AttachType) (btf.TypeID, error) { type match struct { p ProgramType a AttachType @@ -828,9 +784,6 @@ func resolveBTFType(spec *btf.Spec, name string, progType ProgramType, attachTyp case match{Tracing, AttachTraceIter}: typeName = "bpf_iter_" + name featureName = name + " iterator" - case match{Extension, AttachNone}: - typeName = name - featureName = fmt.Sprintf("freplace %s", name) case match{Tracing, AttachTraceFEntry}: typeName = name featureName = fmt.Sprintf("fentry %s", name) @@ -845,20 +798,15 @@ func resolveBTFType(spec *btf.Spec, name string, progType ProgramType, attachTyp featureName = fmt.Sprintf("raw_tp %s", name) isBTFTypeFunc = false default: - return nil, nil + return 0, errUnrecognizedAttachType } - var ( - target btf.Type - err error - ) - if spec == nil { - spec, err = btf.LoadKernelSpec() - if err != nil { - return nil, fmt.Errorf("load kernel spec: %w", err) - } + spec, err := maybeLoadKernelBTF(spec) + if err != nil { + return 0, fmt.Errorf("load kernel spec: %w", err) } + var target btf.Type if isBTFTypeFunc { var targetFunc *btf.Func err = spec.TypeByName(typeName, &targetFunc) @@ -871,12 +819,56 @@ func resolveBTFType(spec *btf.Spec, name string, progType ProgramType, attachTyp if err != nil { if errors.Is(err, btf.ErrNotFound) { - return nil, &internal.UnsupportedFeatureError{ + return 0, &internal.UnsupportedFeatureError{ Name: featureName, } } - return nil, fmt.Errorf("resolve BTF for %s: %w", featureName, err) + return 0, fmt.Errorf("find target for %s: %w", featureName, err) + } + + return spec.TypeID(target) +} + +// find an attach target type in a program. +// +// Returns errUnrecognizedAttachType. +func findTargetInProgram(prog *Program, name string, progType ProgramType, attachType AttachType) (btf.TypeID, error) { + type match struct { + p ProgramType + a AttachType + } + + var typeName string + switch (match{progType, attachType}) { + case match{Extension, AttachNone}: + typeName = name + default: + return 0, errUnrecognizedAttachType + } + + info, err := prog.Info() + if err != nil { + return 0, fmt.Errorf("load target BTF: %w", err) + } + + btfID, ok := info.BTFID() + if !ok { + return 0, fmt.Errorf("load target BTF: no BTF info available") + } + + btfHandle, err := btf.NewHandleFromID(btfID) + if err != nil { + return 0, fmt.Errorf("load target BTF: %w", err) + } + defer btfHandle.Close() + + spec := btfHandle.Spec() + + var targetFunc *btf.Func + err = spec.TypeByName(typeName, &targetFunc) + if err != nil { + return 0, fmt.Errorf("find target %s: %w", typeName, err) } - return target, nil + return spec.TypeID(targetFunc) } diff --git a/vendor/github.com/cilium/ebpf/run-tests.sh b/vendor/github.com/cilium/ebpf/run-tests.sh index 472bc4f1a75..8501e65aaa5 100644 --- a/vendor/github.com/cilium/ebpf/run-tests.sh +++ b/vendor/github.com/cilium/ebpf/run-tests.sh @@ -48,21 +48,31 @@ if [[ "${1:-}" = "--exec-vm" ]]; then rm "${output}/fake-stdin" fi - if ! $sudo virtme-run --kimg "${input}/bzImage" --memory 768M --pwd \ - --rwdir="${testdir}=${testdir}" \ - --rodir=/run/input="${input}" \ - --rwdir=/run/output="${output}" \ - --script-sh "PATH=\"$PATH\" CI_MAX_KERNEL_VERSION="${CI_MAX_KERNEL_VERSION:-}" \"$script\" --exec-test $cmd" \ - --kopt possible_cpus=2; then # need at least two CPUs for some tests - exit 23 - fi + for ((i = 0; i < 3; i++)); do + if ! $sudo virtme-run --kimg "${input}/bzImage" --memory 768M --pwd \ + --rwdir="${testdir}=${testdir}" \ + --rodir=/run/input="${input}" \ + --rwdir=/run/output="${output}" \ + --script-sh "PATH=\"$PATH\" CI_MAX_KERNEL_VERSION="${CI_MAX_KERNEL_VERSION:-}" \"$script\" --exec-test $cmd" \ + --kopt possible_cpus=2; then # need at least two CPUs for some tests + exit 23 + fi + + if [[ -e "${output}/status" ]]; then + break + fi + + if [[ -v CI ]]; then + echo "Retrying test run due to qemu crash" + continue + fi - if [[ ! -e "${output}/success" ]]; then exit 42 - fi + done + rc=$(<"${output}/status") $sudo rm -r "$output" - exit 0 + exit $rc elif [[ "${1:-}" = "--exec-test" ]]; then shift @@ -73,13 +83,12 @@ elif [[ "${1:-}" = "--exec-test" ]]; then export KERNEL_SELFTESTS="/run/input/bpf" fi - dmesg -C - if ! "$@"; then - dmesg - exit 1 # this return code is "swallowed" by qemu - fi - touch "/run/output/success" - exit 0 + dmesg --clear + rc=0 + "$@" || rc=$? + dmesg + echo $rc > "/run/output/status" + exit $rc # this return code is "swallowed" by qemu fi readonly kernel_version="${1:-}" diff --git a/vendor/github.com/cilium/ebpf/syscalls.go b/vendor/github.com/cilium/ebpf/syscalls.go index ccbbe096e8c..b90ff7b3d8a 100644 --- a/vendor/github.com/cilium/ebpf/syscalls.go +++ b/vendor/github.com/cilium/ebpf/syscalls.go @@ -38,6 +38,21 @@ func invalidBPFObjNameChar(char rune) bool { } } +func progLoad(insns asm.Instructions, typ ProgramType, license string) (*sys.FD, error) { + buf := bytes.NewBuffer(make([]byte, 0, insns.Size())) + if err := insns.Marshal(buf, internal.NativeEndian); err != nil { + return nil, err + } + bytecode := buf.Bytes() + + return sys.ProgLoad(&sys.ProgLoadAttr{ + ProgType: sys.ProgType(typ), + License: sys.NewStringPointer(license), + Insns: sys.NewSlicePointer(bytecode), + InsnCnt: uint32(len(bytecode) / asm.InstructionSize), + }) +} + var haveNestedMaps = internal.FeatureTest("nested maps", "4.12", func() error { _, err := sys.MapCreate(&sys.MapCreateAttr{ MapType: sys.MapType(ArrayOfMaps), @@ -226,21 +241,30 @@ var haveProbeReadKernel = internal.FeatureTest("bpf_probe_read_kernel", "5.5", f asm.FnProbeReadKernel.Call(), asm.Return(), } - buf := bytes.NewBuffer(make([]byte, 0, insns.Size())) - if err := insns.Marshal(buf, internal.NativeEndian); err != nil { - return err - } - bytecode := buf.Bytes() - fd, err := sys.ProgLoad(&sys.ProgLoadAttr{ - ProgType: sys.ProgType(Kprobe), - License: sys.NewStringPointer("GPL"), - Insns: sys.NewSlicePointer(bytecode), - InsnCnt: uint32(len(bytecode) / asm.InstructionSize), - }) + fd, err := progLoad(insns, Kprobe, "GPL") if err != nil { return internal.ErrNotSupported } _ = fd.Close() return nil }) + +var haveBPFToBPFCalls = internal.FeatureTest("bpf2bpf calls", "4.16", func() error { + insns := asm.Instructions{ + asm.Call.Label("prog2").WithSymbol("prog1"), + asm.Return(), + asm.Mov.Imm(asm.R0, 0).WithSymbol("prog2"), + asm.Return(), + } + + fd, err := progLoad(insns, SocketFilter, "MIT") + if errors.Is(err, unix.EINVAL) { + return internal.ErrNotSupported + } + if err != nil { + return err + } + _ = fd.Close() + return nil +}) diff --git a/vendor/modules.txt b/vendor/modules.txt index 5271e38fb2d..55a6af5c721 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -2,12 +2,12 @@ ## explicit; go 1.13 github.com/checkpoint-restore/go-criu/v5 github.com/checkpoint-restore/go-criu/v5/rpc -# github.com/cilium/ebpf v0.8.1 -## explicit; go 1.16 +# github.com/cilium/ebpf v0.9.0 +## explicit; go 1.17 github.com/cilium/ebpf github.com/cilium/ebpf/asm +github.com/cilium/ebpf/btf github.com/cilium/ebpf/internal -github.com/cilium/ebpf/internal/btf github.com/cilium/ebpf/internal/sys github.com/cilium/ebpf/internal/unix github.com/cilium/ebpf/link From 65f41d57d9bbaf56a5ab4e289dbaf2f82ba530aa Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 24 May 2022 11:39:17 -0700 Subject: [PATCH 0050/1176] vendor: bump urfave/cli, add urfave_cli_no_docs tag This removes the runc dependency on cpuguy83/md2man and russross/blackfriday, which saves more than 400 KB (more than 300 KB once stripped) from the binary. Signed-off-by: Kir Kolyshkin --- Makefile | 2 +- go.mod | 2 +- go.sum | 4 ++-- vendor/github.com/urfave/cli/README.md | 10 ++++++++++ vendor/github.com/urfave/cli/docs.go | 3 +++ vendor/github.com/urfave/cli/flag.go | 6 ++++-- vendor/modules.txt | 2 +- 7 files changed, 22 insertions(+), 7 deletions(-) diff --git a/Makefile b/Makefile index 8473877d129..e789e7c372c 100644 --- a/Makefile +++ b/Makefile @@ -9,7 +9,7 @@ GIT_BRANCH := $(shell git rev-parse --abbrev-ref HEAD 2>/dev/null) GIT_BRANCH_CLEAN := $(shell echo $(GIT_BRANCH) | sed -e "s/[^[:alnum:]]/-/g") RUNC_IMAGE := runc_dev$(if $(GIT_BRANCH_CLEAN),:$(GIT_BRANCH_CLEAN)) PROJECT := github.com/opencontainers/runc -BUILDTAGS ?= seccomp +BUILDTAGS ?= seccomp urfave_cli_no_docs COMMIT ?= $(shell git describe --dirty --long --always) VERSION := $(shell cat ./VERSION) diff --git a/go.mod b/go.mod index a2c363ce1d4..95849214973 100644 --- a/go.mod +++ b/go.mod @@ -17,7 +17,7 @@ require ( github.com/seccomp/libseccomp-golang v0.9.2-0.20220502022130-f33da4d89646 github.com/sirupsen/logrus v1.8.1 github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 - github.com/urfave/cli v1.22.6 + github.com/urfave/cli v1.22.9 github.com/vishvananda/netlink v1.1.0 golang.org/x/net v0.0.0-20201224014010-6772e930b67b golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5 diff --git a/go.sum b/go.sum index 30d6ee33207..143377f1c21 100644 --- a/go.sum +++ b/go.sum @@ -56,8 +56,8 @@ github.com/stretchr/testify v1.2.2 h1:bSDNvY7ZPG5RlJ8otE/7V6gMiyenm9RtJ7IUVIAoJ1 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 h1:kdXcSzyDtseVEc4yCz2qF8ZrQvIDBJLl4S1c3GCXmoI= github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= -github.com/urfave/cli v1.22.6 h1:fceBvTciht0l37ZXw49pexwy3YcwRzxYqj5NV1vxalI= -github.com/urfave/cli v1.22.6/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= +github.com/urfave/cli v1.22.9 h1:cv3/KhXGBGjEXLC4bH0sLuJ9BewaAbpk5oyMOveu4pw= +github.com/urfave/cli v1.22.9/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/vishvananda/netlink v1.1.0 h1:1iyaYNBLmP6L0220aDnYQpo1QEV4t4hJ+xEEhhJH8j0= github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE= github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df h1:OviZH7qLw/7ZovXvuNyL3XQl8UFofeikI1NW1Gypu7k= diff --git a/vendor/github.com/urfave/cli/README.md b/vendor/github.com/urfave/cli/README.md index b2abbcf9db0..9c2cf851a32 100644 --- a/vendor/github.com/urfave/cli/README.md +++ b/vendor/github.com/urfave/cli/README.md @@ -39,6 +39,16 @@ cli is tested against multiple versions of Go on Linux, and against the latest released version of Go on OS X and Windows. For full details, see [`./.travis.yml`](./.travis.yml) and [`./appveyor.yml`](./appveyor.yml). +### Build tags + +You can use the following build tags: + +#### `urfave_cli_no_docs` + +When set, this removes `ToMarkdown` and `ToMan` methods, so your application +won't be able to call those. This reduces the resulting binary size by about +300-400 KB (measured using Go 1.18.1 on Linux/amd64), due to less dependencies. + ### Using `v1` releases ``` diff --git a/vendor/github.com/urfave/cli/docs.go b/vendor/github.com/urfave/cli/docs.go index 5b945661287..725fa7ff2be 100644 --- a/vendor/github.com/urfave/cli/docs.go +++ b/vendor/github.com/urfave/cli/docs.go @@ -1,3 +1,6 @@ +//go:build !urfave_cli_no_docs +// +build !urfave_cli_no_docs + package cli import ( diff --git a/vendor/github.com/urfave/cli/flag.go b/vendor/github.com/urfave/cli/flag.go index 1cfa1cdb216..5b7ae6c3f0b 100644 --- a/vendor/github.com/urfave/cli/flag.go +++ b/vendor/github.com/urfave/cli/flag.go @@ -338,8 +338,10 @@ func flagFromFileEnv(filePath, envName string) (val string, ok bool) { } } for _, fileVar := range strings.Split(filePath, ",") { - if data, err := ioutil.ReadFile(fileVar); err == nil { - return string(data), true + if fileVar != "" { + if data, err := ioutil.ReadFile(fileVar); err == nil { + return string(data), true + } } } return "", false diff --git a/vendor/modules.txt b/vendor/modules.txt index 5271e38fb2d..73b13c1fe63 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -61,7 +61,7 @@ github.com/sirupsen/logrus/hooks/test # github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 ## explicit github.com/syndtr/gocapability/capability -# github.com/urfave/cli v1.22.6 +# github.com/urfave/cli v1.22.9 ## explicit; go 1.11 github.com/urfave/cli # github.com/vishvananda/netlink v1.1.0 From 72ad20994b1d0cc536d2dc6ad7784dca9c8f1d59 Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Fri, 27 May 2022 17:41:24 +0900 Subject: [PATCH 0051/1176] docs/cgroup-v2.md: update the distro list Signed-off-by: Akihiro Suda --- docs/cgroup-v2.md | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/docs/cgroup-v2.md b/docs/cgroup-v2.md index 3d573d53373..95cc640460c 100644 --- a/docs/cgroup-v2.md +++ b/docs/cgroup-v2.md @@ -3,7 +3,15 @@ runc fully supports cgroup v2 (unified mode) since v1.0.0-rc93. To use cgroup v2, you might need to change the configuration of the host init system. -Fedora (>= 31) uses cgroup v2 by default and no extra configuration is required. +The following distributions are known to use cgroup v2 by default: + +- Fedora (since 31) +- Arch Linux (since April 2021) +- openSUSE Tumbleweed (since c. 2021) +- Debian GNU/Linux (since 11) +- Ubuntu (since 21.10) +- RHEL and RHEL-like distributions (since 9) + On other systemd-based distros, cgroup v2 can be enabled by adding `systemd.unified_cgroup_hierarchy=1` to the kernel cmdline. ## Am I using cgroup v2? From 03a210d0f29032a6573dd5401eadfc52f7af053e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Sj=C3=B6lund?= Date: Thu, 26 May 2022 12:15:26 +0200 Subject: [PATCH 0052/1176] libcontainer: relax getenv_int sanity check MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Remove upper bound in integer sanity check to not restrict the number of socket-activated sockets passed in. Closes #3488 Signed-off-by: Erik Sjölund --- libcontainer/nsenter/nsexec.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/libcontainer/nsenter/nsexec.c b/libcontainer/nsenter/nsexec.c index c53fb3d7923..52e4521c523 100644 --- a/libcontainer/nsenter/nsexec.c +++ b/libcontainer/nsenter/nsexec.c @@ -416,11 +416,9 @@ static int getenv_int(const char *name) if (val == endptr || *endptr != '\0') bail("unable to parse %s=%s", name, val); /* - * Sanity check: this must be a small non-negative number. - * Practically, we pass two fds (3 and 4) and a log level, - * for which the maximum is 6 (TRACE). - * */ - if (ret < 0 || ret > TRACE) + * Sanity check: this must be a non-negative number. + */ + if (ret < 0) bail("bad value for %s=%s (%d)", name, val, ret); return ret; From 343951a22b58c38feb044a5cea501dae92f8540e Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Thu, 2 Jun 2022 12:07:00 +1000 Subject: [PATCH 0053/1176] cgroups: systemd: skip adding device paths that don't exist systemd emits very loud warnings when the path specified doesn't exist (which can be the case for some of our default rules). We don't need the ruleset we give systemd to be completely accurate (we discard some kinds of wildcard rules anyway) so we can safely skip adding these. Signed-off-by: Aleksa Sarai --- libcontainer/cgroups/devices/systemd.go | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/libcontainer/cgroups/devices/systemd.go b/libcontainer/cgroups/devices/systemd.go index 7e3c6fda8ce..19f643ec9b3 100644 --- a/libcontainer/cgroups/devices/systemd.go +++ b/libcontainer/cgroups/devices/systemd.go @@ -129,7 +129,13 @@ func systemdProperties(r *configs.Resources) ([]systemdDbus.Property, error) { entry.Path = fmt.Sprintf("/dev/char/%d:%d", rule.Major, rule.Minor) } } - deviceAllowList = append(deviceAllowList, entry) + // systemd will issue a warning if the path we give here doesn't exist. + // Since all of this logic is best-effort anyway (we manually set these + // rules separately to systemd) we can safely skip entries that don't + // have a corresponding path. + if _, err := os.Stat(entry.Path); err == nil { + deviceAllowList = append(deviceAllowList, entry) + } } properties = append(properties, newProp("DeviceAllow", deviceAllowList)) From 5ed3fdff8f456c4f05c652fc92a82aaeb5f7ae5f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 7 Jun 2022 04:14:12 +0000 Subject: [PATCH 0054/1176] build(deps): bump github.com/moby/sys/mountinfo from 0.6.1 to 0.6.2 Bumps [github.com/moby/sys/mountinfo](https://github.com/moby/sys) from 0.6.1 to 0.6.2. - [Release notes](https://github.com/moby/sys/releases) - [Commits](https://github.com/moby/sys/compare/mountinfo/v0.6.1...mountinfo/v0.6.2) --- updated-dependencies: - dependency-name: github.com/moby/sys/mountinfo dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 4 +- go.sum | 9 +- .../moby/sys/mountinfo/mounted_linux.go | 2 +- .../moby/sys/mountinfo/mounted_unix.go | 4 +- .../moby/sys/mountinfo/mountinfo.go | 2 +- .../moby/sys/mountinfo/mountinfo_bsd.go | 44 +- .../sys/mountinfo/mountinfo_freebsdlike.go | 14 + .../moby/sys/mountinfo/mountinfo_openbsd.go | 11 + .../sys/mountinfo/mountinfo_unsupported.go | 4 +- vendor/golang.org/x/sys/execabs/execabs.go | 2 +- .../golang.org/x/sys/execabs/execabs_go118.go | 12 + .../golang.org/x/sys/execabs/execabs_go119.go | 15 + .../golang.org/x/sys/unix/asm_linux_loong64.s | 54 ++ vendor/golang.org/x/sys/unix/endian_little.go | 4 +- vendor/golang.org/x/sys/unix/ifreq_linux.go | 9 +- vendor/golang.org/x/sys/unix/mkerrors.sh | 3 + vendor/golang.org/x/sys/unix/syscall_aix.go | 22 +- vendor/golang.org/x/sys/unix/syscall_bsd.go | 35 +- .../golang.org/x/sys/unix/syscall_darwin.go | 47 +- .../x/sys/unix/syscall_dragonfly.go | 11 +- .../golang.org/x/sys/unix/syscall_freebsd.go | 9 +- vendor/golang.org/x/sys/unix/syscall_linux.go | 148 ++-- .../x/sys/unix/syscall_linux_386.go | 4 +- .../x/sys/unix/syscall_linux_amd64.go | 5 +- .../x/sys/unix/syscall_linux_arm.go | 4 +- .../x/sys/unix/syscall_linux_arm64.go | 5 +- .../x/sys/unix/syscall_linux_loong64.go | 191 ++++ .../x/sys/unix/syscall_linux_mips64x.go | 4 +- .../x/sys/unix/syscall_linux_mipsx.go | 4 +- .../x/sys/unix/syscall_linux_ppc.go | 4 +- .../x/sys/unix/syscall_linux_ppc64x.go | 4 +- .../x/sys/unix/syscall_linux_riscv64.go | 4 +- .../x/sys/unix/syscall_linux_s390x.go | 4 +- .../x/sys/unix/syscall_linux_sparc64.go | 4 +- .../golang.org/x/sys/unix/syscall_netbsd.go | 9 +- .../golang.org/x/sys/unix/syscall_openbsd.go | 11 +- .../golang.org/x/sys/unix/syscall_solaris.go | 148 ++-- vendor/golang.org/x/sys/unix/syscall_unix.go | 51 ++ vendor/golang.org/x/sys/unix/zerrors_linux.go | 30 +- .../x/sys/unix/zerrors_linux_386.go | 2 +- .../x/sys/unix/zerrors_linux_amd64.go | 2 +- .../x/sys/unix/zerrors_linux_arm.go | 2 +- .../x/sys/unix/zerrors_linux_arm64.go | 2 +- .../x/sys/unix/zerrors_linux_loong64.go | 818 ++++++++++++++++++ .../x/sys/unix/zerrors_linux_mips.go | 2 +- .../x/sys/unix/zerrors_linux_mips64.go | 2 +- .../x/sys/unix/zerrors_linux_mips64le.go | 2 +- .../x/sys/unix/zerrors_linux_mipsle.go | 2 +- .../x/sys/unix/zerrors_linux_ppc.go | 2 +- .../x/sys/unix/zerrors_linux_ppc64.go | 2 +- .../x/sys/unix/zerrors_linux_ppc64le.go | 2 +- .../x/sys/unix/zerrors_linux_riscv64.go | 2 +- .../x/sys/unix/zerrors_linux_s390x.go | 2 +- .../x/sys/unix/zerrors_linux_sparc64.go | 2 +- .../golang.org/x/sys/unix/zsyscall_aix_ppc.go | 4 +- .../x/sys/unix/zsyscall_aix_ppc64.go | 4 +- .../x/sys/unix/zsyscall_darwin_amd64.go | 41 +- .../x/sys/unix/zsyscall_darwin_amd64.s | 14 +- .../x/sys/unix/zsyscall_darwin_arm64.go | 41 +- .../x/sys/unix/zsyscall_darwin_arm64.s | 14 +- .../x/sys/unix/zsyscall_freebsd_386.go | 4 +- .../x/sys/unix/zsyscall_freebsd_amd64.go | 4 +- .../x/sys/unix/zsyscall_freebsd_arm.go | 4 +- .../x/sys/unix/zsyscall_freebsd_arm64.go | 4 +- .../golang.org/x/sys/unix/zsyscall_linux.go | 99 +++ .../x/sys/unix/zsyscall_linux_386.go | 4 +- .../x/sys/unix/zsyscall_linux_amd64.go | 15 +- .../x/sys/unix/zsyscall_linux_arm.go | 4 +- .../x/sys/unix/zsyscall_linux_arm64.go | 15 +- .../x/sys/unix/zsyscall_linux_loong64.go | 552 ++++++++++++ .../x/sys/unix/zsyscall_linux_mips.go | 4 +- .../x/sys/unix/zsyscall_linux_mips64.go | 4 +- .../x/sys/unix/zsyscall_linux_mips64le.go | 4 +- .../x/sys/unix/zsyscall_linux_mipsle.go | 4 +- .../x/sys/unix/zsyscall_linux_ppc.go | 4 +- .../x/sys/unix/zsyscall_linux_ppc64.go | 4 +- .../x/sys/unix/zsyscall_linux_ppc64le.go | 4 +- .../x/sys/unix/zsyscall_linux_riscv64.go | 4 +- .../x/sys/unix/zsyscall_linux_s390x.go | 4 +- .../x/sys/unix/zsyscall_linux_sparc64.go | 4 +- .../x/sys/unix/zsyscall_netbsd_386.go | 4 +- .../x/sys/unix/zsyscall_netbsd_amd64.go | 4 +- .../x/sys/unix/zsyscall_netbsd_arm.go | 4 +- .../x/sys/unix/zsyscall_netbsd_arm64.go | 4 +- .../x/sys/unix/zsyscall_openbsd_386.go | 4 +- .../x/sys/unix/zsyscall_openbsd_amd64.go | 4 +- .../x/sys/unix/zsyscall_openbsd_arm.go | 4 +- .../x/sys/unix/zsyscall_openbsd_arm64.go | 4 +- .../x/sys/unix/zsyscall_openbsd_mips64.go | 4 +- .../x/sys/unix/zsyscall_solaris_amd64.go | 16 +- .../x/sys/unix/zsysnum_linux_386.go | 1 + .../x/sys/unix/zsysnum_linux_amd64.go | 1 + .../x/sys/unix/zsysnum_linux_arm.go | 1 + .../x/sys/unix/zsysnum_linux_arm64.go | 1 + .../x/sys/unix/zsysnum_linux_loong64.go | 313 +++++++ .../x/sys/unix/zsysnum_linux_mips.go | 1 + .../x/sys/unix/zsysnum_linux_mips64.go | 1 + .../x/sys/unix/zsysnum_linux_mips64le.go | 1 + .../x/sys/unix/zsysnum_linux_mipsle.go | 1 + .../x/sys/unix/zsysnum_linux_ppc.go | 1 + .../x/sys/unix/zsysnum_linux_ppc64.go | 1 + .../x/sys/unix/zsysnum_linux_ppc64le.go | 1 + .../x/sys/unix/zsysnum_linux_riscv64.go | 1 + .../x/sys/unix/zsysnum_linux_s390x.go | 1 + .../x/sys/unix/zsysnum_linux_sparc64.go | 1 + vendor/golang.org/x/sys/unix/ztypes_linux.go | 62 +- .../golang.org/x/sys/unix/ztypes_linux_386.go | 15 +- .../x/sys/unix/ztypes_linux_amd64.go | 16 +- .../golang.org/x/sys/unix/ztypes_linux_arm.go | 15 +- .../x/sys/unix/ztypes_linux_arm64.go | 16 +- .../x/sys/unix/ztypes_linux_loong64.go | 679 +++++++++++++++ .../x/sys/unix/ztypes_linux_mips.go | 15 +- .../x/sys/unix/ztypes_linux_mips64.go | 16 +- .../x/sys/unix/ztypes_linux_mips64le.go | 16 +- .../x/sys/unix/ztypes_linux_mipsle.go | 15 +- .../golang.org/x/sys/unix/ztypes_linux_ppc.go | 15 +- .../x/sys/unix/ztypes_linux_ppc64.go | 16 +- .../x/sys/unix/ztypes_linux_ppc64le.go | 16 +- .../x/sys/unix/ztypes_linux_riscv64.go | 16 +- .../x/sys/unix/ztypes_linux_s390x.go | 16 +- .../x/sys/unix/ztypes_linux_sparc64.go | 16 +- .../x/sys/unix/ztypes_openbsd_386.go | 8 +- .../x/sys/unix/ztypes_openbsd_amd64.go | 8 +- .../x/sys/unix/ztypes_openbsd_arm.go | 8 +- .../x/sys/unix/ztypes_openbsd_arm64.go | 8 +- .../x/sys/unix/ztypes_openbsd_mips64.go | 8 +- .../golang.org/x/sys/windows/exec_windows.go | 10 +- .../x/sys/windows/syscall_windows.go | 43 +- .../x/sys/windows/zsyscall_windows.go | 4 +- vendor/modules.txt | 4 +- 130 files changed, 3605 insertions(+), 495 deletions(-) create mode 100644 vendor/github.com/moby/sys/mountinfo/mountinfo_freebsdlike.go create mode 100644 vendor/github.com/moby/sys/mountinfo/mountinfo_openbsd.go create mode 100644 vendor/golang.org/x/sys/execabs/execabs_go118.go create mode 100644 vendor/golang.org/x/sys/execabs/execabs_go119.go create mode 100644 vendor/golang.org/x/sys/unix/asm_linux_loong64.s create mode 100644 vendor/golang.org/x/sys/unix/syscall_linux_loong64.go create mode 100644 vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go create mode 100644 vendor/golang.org/x/sys/unix/zsyscall_linux_loong64.go create mode 100644 vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go create mode 100644 vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go diff --git a/go.mod b/go.mod index 839524ca131..eda829ea48e 100644 --- a/go.mod +++ b/go.mod @@ -10,7 +10,7 @@ require ( github.com/cyphar/filepath-securejoin v0.2.3 github.com/docker/go-units v0.4.0 github.com/godbus/dbus/v5 v5.1.0 - github.com/moby/sys/mountinfo v0.6.1 + github.com/moby/sys/mountinfo v0.6.2 github.com/mrunalp/fileutils v0.5.0 github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 github.com/opencontainers/selinux v1.10.1 @@ -20,7 +20,7 @@ require ( github.com/urfave/cli v1.22.9 github.com/vishvananda/netlink v1.1.0 golang.org/x/net v0.0.0-20201224014010-6772e930b67b - golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5 + golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a google.golang.org/protobuf v1.28.0 ) diff --git a/go.sum b/go.sum index ed20f5d8a11..4a0f6068439 100644 --- a/go.sum +++ b/go.sum @@ -32,8 +32,8 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -github.com/moby/sys/mountinfo v0.6.1 h1:+H/KnGEAGRpTrEAqNVQ2AM3SiwMgJUt/TXj+Z8cmCIc= -github.com/moby/sys/mountinfo v0.6.1/go.mod h1:3bMD3Rg+zkqx8MRYPi7Pyb0Ie97QEBmdxbhnCLlSvSU= +github.com/moby/sys/mountinfo v0.6.2 h1:BzJjoreD5BMFNmD9Rus6gdd1pLuecOFPt8wC+Vygl78= +github.com/moby/sys/mountinfo v0.6.2/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI= github.com/mrunalp/fileutils v0.5.0 h1:NKzVxiH7eSk+OQ4M+ZYW1K6h27RUV3MI6NUTsHhU6Z4= github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ= github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 h1:3snG66yBm59tKhhSPQrQ/0bCrv1LQbKt40LnUPiUxdc= @@ -70,9 +70,8 @@ golang.org/x/sys v0.0.0-20191115151921-52ab43148777/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210906170528-6f6e22806c34/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5 h1:y/woIyUBFbpQGKS0u1aHF/40WUDnek3fPOyD08H5Vng= -golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a h1:dGzPydgVsqGcTRVwiLJ1jVbufYwmzD3LfVPLKsKg+0k= +golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= diff --git a/vendor/github.com/moby/sys/mountinfo/mounted_linux.go b/vendor/github.com/moby/sys/mountinfo/mounted_linux.go index bf221e687f1..e78e726196e 100644 --- a/vendor/github.com/moby/sys/mountinfo/mounted_linux.go +++ b/vendor/github.com/moby/sys/mountinfo/mounted_linux.go @@ -15,7 +15,7 @@ import ( // // If a non-existent path is specified, an appropriate error is returned. // In case the caller is not interested in this particular error, it should -// be handled separately using e.g. errors.Is(err, os.ErrNotExist). +// be handled separately using e.g. errors.Is(err, fs.ErrNotExist). // // This function is only available on Linux. When available (since kernel // v5.6), openat2(2) syscall is used to reliably detect all mounts. Otherwise, diff --git a/vendor/github.com/moby/sys/mountinfo/mounted_unix.go b/vendor/github.com/moby/sys/mountinfo/mounted_unix.go index 242f82cc72a..c7b7678f9a0 100644 --- a/vendor/github.com/moby/sys/mountinfo/mounted_unix.go +++ b/vendor/github.com/moby/sys/mountinfo/mounted_unix.go @@ -1,5 +1,5 @@ -//go:build linux || (freebsd && cgo) || (openbsd && cgo) || (darwin && cgo) -// +build linux freebsd,cgo openbsd,cgo darwin,cgo +//go:build linux || freebsd || openbsd || darwin +// +build linux freebsd openbsd darwin package mountinfo diff --git a/vendor/github.com/moby/sys/mountinfo/mountinfo.go b/vendor/github.com/moby/sys/mountinfo/mountinfo.go index c7e5cb42aca..574aeb8767a 100644 --- a/vendor/github.com/moby/sys/mountinfo/mountinfo.go +++ b/vendor/github.com/moby/sys/mountinfo/mountinfo.go @@ -15,7 +15,7 @@ func GetMounts(f FilterFunc) ([]*Info, error) { // // If a non-existent path is specified, an appropriate error is returned. // In case the caller is not interested in this particular error, it should -// be handled separately using e.g. errors.Is(err, os.ErrNotExist). +// be handled separately using e.g. errors.Is(err, fs.ErrNotExist). func Mounted(path string) (bool, error) { // root is always mounted if path == string(os.PathSeparator) { diff --git a/vendor/github.com/moby/sys/mountinfo/mountinfo_bsd.go b/vendor/github.com/moby/sys/mountinfo/mountinfo_bsd.go index d5513a26d2f..8420f58c7a9 100644 --- a/vendor/github.com/moby/sys/mountinfo/mountinfo_bsd.go +++ b/vendor/github.com/moby/sys/mountinfo/mountinfo_bsd.go @@ -1,53 +1,37 @@ -//go:build (freebsd && cgo) || (openbsd && cgo) || (darwin && cgo) -// +build freebsd,cgo openbsd,cgo darwin,cgo +//go:build freebsd || openbsd || darwin +// +build freebsd openbsd darwin package mountinfo -/* -#include -#include -#include -*/ -import "C" - -import ( - "fmt" - "reflect" - "unsafe" -) +import "golang.org/x/sys/unix" // parseMountTable returns information about mounted filesystems func parseMountTable(filter FilterFunc) ([]*Info, error) { - var rawEntries *C.struct_statfs - - count := int(C.getmntinfo(&rawEntries, C.MNT_WAIT)) - if count == 0 { - return nil, fmt.Errorf("failed to call getmntinfo") + count, err := unix.Getfsstat(nil, unix.MNT_WAIT) + if err != nil { + return nil, err } - var entries []C.struct_statfs - header := (*reflect.SliceHeader)(unsafe.Pointer(&entries)) - header.Cap = count - header.Len = count - header.Data = uintptr(unsafe.Pointer(rawEntries)) + entries := make([]unix.Statfs_t, count) + _, err = unix.Getfsstat(entries, unix.MNT_WAIT) + if err != nil { + return nil, err + } var out []*Info for _, entry := range entries { - var mountinfo Info var skip, stop bool - mountinfo.Mountpoint = C.GoString(&entry.f_mntonname[0]) - mountinfo.FSType = C.GoString(&entry.f_fstypename[0]) - mountinfo.Source = C.GoString(&entry.f_mntfromname[0]) + mountinfo := getMountinfo(&entry) if filter != nil { // filter out entries we're not interested in - skip, stop = filter(&mountinfo) + skip, stop = filter(mountinfo) if skip { continue } } - out = append(out, &mountinfo) + out = append(out, mountinfo) if stop { break } diff --git a/vendor/github.com/moby/sys/mountinfo/mountinfo_freebsdlike.go b/vendor/github.com/moby/sys/mountinfo/mountinfo_freebsdlike.go new file mode 100644 index 00000000000..ecaaa7a9c11 --- /dev/null +++ b/vendor/github.com/moby/sys/mountinfo/mountinfo_freebsdlike.go @@ -0,0 +1,14 @@ +//go:build freebsd || darwin +// +build freebsd darwin + +package mountinfo + +import "golang.org/x/sys/unix" + +func getMountinfo(entry *unix.Statfs_t) *Info { + return &Info{ + Mountpoint: unix.ByteSliceToString(entry.Mntonname[:]), + FSType: unix.ByteSliceToString(entry.Fstypename[:]), + Source: unix.ByteSliceToString(entry.Mntfromname[:]), + } +} diff --git a/vendor/github.com/moby/sys/mountinfo/mountinfo_openbsd.go b/vendor/github.com/moby/sys/mountinfo/mountinfo_openbsd.go new file mode 100644 index 00000000000..f682c2d3b59 --- /dev/null +++ b/vendor/github.com/moby/sys/mountinfo/mountinfo_openbsd.go @@ -0,0 +1,11 @@ +package mountinfo + +import "golang.org/x/sys/unix" + +func getMountinfo(entry *unix.Statfs_t) *Info { + return &Info{ + Mountpoint: unix.ByteSliceToString(entry.F_mntonname[:]), + FSType: unix.ByteSliceToString(entry.F_fstypename[:]), + Source: unix.ByteSliceToString(entry.F_mntfromname[:]), + } +} diff --git a/vendor/github.com/moby/sys/mountinfo/mountinfo_unsupported.go b/vendor/github.com/moby/sys/mountinfo/mountinfo_unsupported.go index 95769a76dad..c2e64bc81c7 100644 --- a/vendor/github.com/moby/sys/mountinfo/mountinfo_unsupported.go +++ b/vendor/github.com/moby/sys/mountinfo/mountinfo_unsupported.go @@ -1,5 +1,5 @@ -//go:build (!windows && !linux && !freebsd && !openbsd && !darwin) || (freebsd && !cgo) || (openbsd && !cgo) || (darwin && !cgo) -// +build !windows,!linux,!freebsd,!openbsd,!darwin freebsd,!cgo openbsd,!cgo darwin,!cgo +//go:build !windows && !linux && !freebsd && !openbsd && !darwin +// +build !windows,!linux,!freebsd,!openbsd,!darwin package mountinfo diff --git a/vendor/golang.org/x/sys/execabs/execabs.go b/vendor/golang.org/x/sys/execabs/execabs.go index 78192498db0..b981cfbb4ae 100644 --- a/vendor/golang.org/x/sys/execabs/execabs.go +++ b/vendor/golang.org/x/sys/execabs/execabs.go @@ -53,7 +53,7 @@ func relError(file, path string) error { // LookPath instead returns an error. func LookPath(file string) (string, error) { path, err := exec.LookPath(file) - if err != nil { + if err != nil && !isGo119ErrDot(err) { return "", err } if filepath.Base(file) == file && !filepath.IsAbs(path) { diff --git a/vendor/golang.org/x/sys/execabs/execabs_go118.go b/vendor/golang.org/x/sys/execabs/execabs_go118.go new file mode 100644 index 00000000000..6ab5f50894e --- /dev/null +++ b/vendor/golang.org/x/sys/execabs/execabs_go118.go @@ -0,0 +1,12 @@ +// Copyright 2022 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build !go1.19 +// +build !go1.19 + +package execabs + +func isGo119ErrDot(err error) bool { + return false +} diff --git a/vendor/golang.org/x/sys/execabs/execabs_go119.go b/vendor/golang.org/x/sys/execabs/execabs_go119.go new file mode 100644 index 00000000000..1e7a9ada0b0 --- /dev/null +++ b/vendor/golang.org/x/sys/execabs/execabs_go119.go @@ -0,0 +1,15 @@ +// Copyright 2022 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build go1.19 +// +build go1.19 + +package execabs + +import "strings" + +func isGo119ErrDot(err error) bool { + // TODO: return errors.Is(err, exec.ErrDot) + return strings.Contains(err.Error(), "current directory") +} diff --git a/vendor/golang.org/x/sys/unix/asm_linux_loong64.s b/vendor/golang.org/x/sys/unix/asm_linux_loong64.s new file mode 100644 index 00000000000..6abd48eef0d --- /dev/null +++ b/vendor/golang.org/x/sys/unix/asm_linux_loong64.s @@ -0,0 +1,54 @@ +// Copyright 2022 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build linux && loong64 && gc +// +build linux +// +build loong64 +// +build gc + +#include "textflag.h" + + +// Just jump to package syscall's implementation for all these functions. +// The runtime may know about them. + +TEXT ·Syscall(SB),NOSPLIT,$0-56 + JMP syscall·Syscall(SB) + +TEXT ·Syscall6(SB),NOSPLIT,$0-80 + JMP syscall·Syscall6(SB) + +TEXT ·SyscallNoError(SB),NOSPLIT,$0-48 + JAL runtime·entersyscall(SB) + MOVV a1+8(FP), R4 + MOVV a2+16(FP), R5 + MOVV a3+24(FP), R6 + MOVV R0, R7 + MOVV R0, R8 + MOVV R0, R9 + MOVV trap+0(FP), R11 // syscall entry + SYSCALL + MOVV R4, r1+32(FP) + MOVV R5, r2+40(FP) + JAL runtime·exitsyscall(SB) + RET + +TEXT ·RawSyscall(SB),NOSPLIT,$0-56 + JMP syscall·RawSyscall(SB) + +TEXT ·RawSyscall6(SB),NOSPLIT,$0-80 + JMP syscall·RawSyscall6(SB) + +TEXT ·RawSyscallNoError(SB),NOSPLIT,$0-48 + MOVV a1+8(FP), R4 + MOVV a2+16(FP), R5 + MOVV a3+24(FP), R6 + MOVV R0, R7 + MOVV R0, R8 + MOVV R0, R9 + MOVV trap+0(FP), R11 // syscall entry + SYSCALL + MOVV R4, r1+32(FP) + MOVV R5, r2+40(FP) + RET diff --git a/vendor/golang.org/x/sys/unix/endian_little.go b/vendor/golang.org/x/sys/unix/endian_little.go index 4362f47e2c0..b0f2bc4ae3b 100644 --- a/vendor/golang.org/x/sys/unix/endian_little.go +++ b/vendor/golang.org/x/sys/unix/endian_little.go @@ -2,8 +2,8 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. // -//go:build 386 || amd64 || amd64p32 || alpha || arm || arm64 || mipsle || mips64le || mips64p32le || nios2 || ppc64le || riscv || riscv64 || sh -// +build 386 amd64 amd64p32 alpha arm arm64 mipsle mips64le mips64p32le nios2 ppc64le riscv riscv64 sh +//go:build 386 || amd64 || amd64p32 || alpha || arm || arm64 || loong64 || mipsle || mips64le || mips64p32le || nios2 || ppc64le || riscv || riscv64 || sh +// +build 386 amd64 amd64p32 alpha arm arm64 loong64 mipsle mips64le mips64p32le nios2 ppc64le riscv riscv64 sh package unix diff --git a/vendor/golang.org/x/sys/unix/ifreq_linux.go b/vendor/golang.org/x/sys/unix/ifreq_linux.go index 934af313c32..15721a5104e 100644 --- a/vendor/golang.org/x/sys/unix/ifreq_linux.go +++ b/vendor/golang.org/x/sys/unix/ifreq_linux.go @@ -8,7 +8,6 @@ package unix import ( - "bytes" "unsafe" ) @@ -45,13 +44,7 @@ func NewIfreq(name string) (*Ifreq, error) { // Name returns the interface name associated with the Ifreq. func (ifr *Ifreq) Name() string { - // BytePtrToString requires a NULL terminator or the program may crash. If - // one is not present, just return the empty string. - if !bytes.Contains(ifr.raw.Ifrn[:], []byte{0x00}) { - return "" - } - - return BytePtrToString(&ifr.raw.Ifrn[0]) + return ByteSliceToString(ifr.raw.Ifrn[:]) } // According to netdevice(7), only AF_INET addresses are returned for numerous diff --git a/vendor/golang.org/x/sys/unix/mkerrors.sh b/vendor/golang.org/x/sys/unix/mkerrors.sh index a037087481d..d888fb77036 100644 --- a/vendor/golang.org/x/sys/unix/mkerrors.sh +++ b/vendor/golang.org/x/sys/unix/mkerrors.sh @@ -215,6 +215,7 @@ struct ltchars { #include #include #include +#include #include #include #include @@ -603,6 +604,7 @@ ccflags="$@" $2 ~ /^ITIMER_/ || $2 !~ "WMESGLEN" && $2 ~ /^W[A-Z0-9]+$/ || + $2 ~ /^P_/ || $2 ~/^PPPIOC/ || $2 ~ /^FAN_|FANOTIFY_/ || $2 == "HID_MAX_DESCRIPTOR_SIZE" || @@ -612,6 +614,7 @@ ccflags="$@" $2 ~ /^OTP/ || $2 ~ /^MEM/ || $2 ~ /^WG/ || + $2 ~ /^FIB_RULE_/ || $2 ~ /^BLK[A-Z]*(GET$|SET$|BUF$|PART$|SIZE)/ {printf("\t%s = C.%s\n", $2, $2)} $2 ~ /^__WCOREFLAG$/ {next} $2 ~ /^__W[A-Z0-9]+$/ {printf("\t%s = C.%s\n", substr($2,3), $2)} diff --git a/vendor/golang.org/x/sys/unix/syscall_aix.go b/vendor/golang.org/x/sys/unix/syscall_aix.go index 4f55c8d9996..ad22c33db3d 100644 --- a/vendor/golang.org/x/sys/unix/syscall_aix.go +++ b/vendor/golang.org/x/sys/unix/syscall_aix.go @@ -37,6 +37,7 @@ func Creat(path string, mode uint32) (fd int, err error) { } //sys utimes(path string, times *[2]Timeval) (err error) + func Utimes(path string, tv []Timeval) error { if len(tv) != 2 { return EINVAL @@ -45,6 +46,7 @@ func Utimes(path string, tv []Timeval) error { } //sys utimensat(dirfd int, path string, times *[2]Timespec, flag int) (err error) + func UtimesNano(path string, ts []Timespec) error { if len(ts) != 2 { return EINVAL @@ -215,18 +217,12 @@ func Accept(fd int) (nfd int, sa Sockaddr, err error) { return } -func Recvmsg(fd int, p, oob []byte, flags int) (n, oobn int, recvflags int, from Sockaddr, err error) { +func recvmsgRaw(fd int, p, oob []byte, flags int, rsa *RawSockaddrAny) (n, oobn int, recvflags int, err error) { // Recvmsg not implemented on AIX - sa := new(SockaddrUnix) - return -1, -1, -1, sa, ENOSYS -} - -func Sendmsg(fd int, p, oob []byte, to Sockaddr, flags int) (err error) { - _, err = SendmsgN(fd, p, oob, to, flags) - return + return -1, -1, -1, ENOSYS } -func SendmsgN(fd int, p, oob []byte, to Sockaddr, flags int) (n int, err error) { +func sendmsgN(fd int, p, oob []byte, ptr unsafe.Pointer, salen _Socklen, flags int) (n int, err error) { // SendmsgN not implemented on AIX return -1, ENOSYS } @@ -306,11 +302,13 @@ func direntNamlen(buf []byte) (uint64, bool) { } //sys getdirent(fd int, buf []byte) (n int, err error) + func Getdents(fd int, buf []byte) (n int, err error) { return getdirent(fd, buf) } //sys wait4(pid Pid_t, status *_C_int, options int, rusage *Rusage) (wpid Pid_t, err error) + func Wait4(pid int, wstatus *WaitStatus, options int, rusage *Rusage) (wpid int, err error) { var status _C_int var r Pid_t @@ -378,6 +376,7 @@ func (w WaitStatus) TrapCause() int { return -1 } //sys fcntl(fd int, cmd int, arg int) (val int, err error) //sys fsyncRange(fd int, how int, start int64, length int64) (err error) = fsync_range + func Fsync(fd int) error { return fsyncRange(fd, O_SYNC, 0, 0) } @@ -458,8 +457,8 @@ func Fsync(fd int) error { //sys Listen(s int, n int) (err error) //sys lstat(path string, stat *Stat_t) (err error) //sys Pause() (err error) -//sys Pread(fd int, p []byte, offset int64) (n int, err error) = pread64 -//sys Pwrite(fd int, p []byte, offset int64) (n int, err error) = pwrite64 +//sys pread(fd int, p []byte, offset int64) (n int, err error) = pread64 +//sys pwrite(fd int, p []byte, offset int64) (n int, err error) = pwrite64 //sys Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) //sys Pselect(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timespec, sigmask *Sigset_t) (n int, err error) //sysnb Setregid(rgid int, egid int) (err error) @@ -542,6 +541,7 @@ func Poll(fds []PollFd, timeout int) (n int, err error) { //sys Getsystemcfg(label int) (n uint64) //sys umount(target string) (err error) + func Unmount(target string, flags int) (err error) { if flags != 0 { // AIX doesn't have any flags for umount. diff --git a/vendor/golang.org/x/sys/unix/syscall_bsd.go b/vendor/golang.org/x/sys/unix/syscall_bsd.go index 0ce45232611..9c87c5f07f8 100644 --- a/vendor/golang.org/x/sys/unix/syscall_bsd.go +++ b/vendor/golang.org/x/sys/unix/syscall_bsd.go @@ -325,10 +325,9 @@ func GetsockoptString(fd, level, opt int) (string, error) { //sys sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) //sys recvmsg(s int, msg *Msghdr, flags int) (n int, err error) -func Recvmsg(fd int, p, oob []byte, flags int) (n, oobn int, recvflags int, from Sockaddr, err error) { +func recvmsgRaw(fd int, p, oob []byte, flags int, rsa *RawSockaddrAny) (n, oobn int, recvflags int, err error) { var msg Msghdr - var rsa RawSockaddrAny - msg.Name = (*byte)(unsafe.Pointer(&rsa)) + msg.Name = (*byte)(unsafe.Pointer(rsa)) msg.Namelen = uint32(SizeofSockaddrAny) var iov Iovec if len(p) > 0 { @@ -352,29 +351,12 @@ func Recvmsg(fd int, p, oob []byte, flags int) (n, oobn int, recvflags int, from } oobn = int(msg.Controllen) recvflags = int(msg.Flags) - // source address is only specified if the socket is unconnected - if rsa.Addr.Family != AF_UNSPEC { - from, err = anyToSockaddr(fd, &rsa) - } return } //sys sendmsg(s int, msg *Msghdr, flags int) (n int, err error) -func Sendmsg(fd int, p, oob []byte, to Sockaddr, flags int) (err error) { - _, err = SendmsgN(fd, p, oob, to, flags) - return -} - -func SendmsgN(fd int, p, oob []byte, to Sockaddr, flags int) (n int, err error) { - var ptr unsafe.Pointer - var salen _Socklen - if to != nil { - ptr, salen, err = to.sockaddr() - if err != nil { - return 0, err - } - } +func sendmsgN(fd int, p, oob []byte, ptr unsafe.Pointer, salen _Socklen, flags int) (n int, err error) { var msg Msghdr msg.Name = (*byte)(unsafe.Pointer(ptr)) msg.Namelen = uint32(salen) @@ -571,12 +553,7 @@ func UtimesNano(path string, ts []Timespec) error { if len(ts) != 2 { return EINVAL } - // Darwin setattrlist can set nanosecond timestamps - err := setattrlistTimes(path, ts, 0) - if err != ENOSYS { - return err - } - err = utimensat(AT_FDCWD, path, (*[2]Timespec)(unsafe.Pointer(&ts[0])), 0) + err := utimensat(AT_FDCWD, path, (*[2]Timespec)(unsafe.Pointer(&ts[0])), 0) if err != ENOSYS { return err } @@ -596,10 +573,6 @@ func UtimesNanoAt(dirfd int, path string, ts []Timespec, flags int) error { if len(ts) != 2 { return EINVAL } - err := setattrlistTimes(path, ts, flags) - if err != ENOSYS { - return err - } return utimensat(dirfd, path, (*[2]Timespec)(unsafe.Pointer(&ts[0])), flags) } diff --git a/vendor/golang.org/x/sys/unix/syscall_darwin.go b/vendor/golang.org/x/sys/unix/syscall_darwin.go index 0eaab91314c..e5448cc93ca 100644 --- a/vendor/golang.org/x/sys/unix/syscall_darwin.go +++ b/vendor/golang.org/x/sys/unix/syscall_darwin.go @@ -141,16 +141,6 @@ func direntNamlen(buf []byte) (uint64, bool) { func PtraceAttach(pid int) (err error) { return ptrace(PT_ATTACH, pid, 0, 0) } func PtraceDetach(pid int) (err error) { return ptrace(PT_DETACH, pid, 0, 0) } -type attrList struct { - bitmapCount uint16 - _ uint16 - CommonAttr uint32 - VolAttr uint32 - DirAttr uint32 - FileAttr uint32 - Forkattr uint32 -} - //sysnb pipe(p *[2]int32) (err error) func Pipe(p []int) (err error) { @@ -282,36 +272,7 @@ func Flistxattr(fd int, dest []byte) (sz int, err error) { return flistxattr(fd, xattrPointer(dest), len(dest), 0) } -func setattrlistTimes(path string, times []Timespec, flags int) error { - _p0, err := BytePtrFromString(path) - if err != nil { - return err - } - - var attrList attrList - attrList.bitmapCount = ATTR_BIT_MAP_COUNT - attrList.CommonAttr = ATTR_CMN_MODTIME | ATTR_CMN_ACCTIME - - // order is mtime, atime: the opposite of Chtimes - attributes := [2]Timespec{times[1], times[0]} - options := 0 - if flags&AT_SYMLINK_NOFOLLOW != 0 { - options |= FSOPT_NOFOLLOW - } - return setattrlist( - _p0, - unsafe.Pointer(&attrList), - unsafe.Pointer(&attributes), - unsafe.Sizeof(attributes), - options) -} - -//sys setattrlist(path *byte, list unsafe.Pointer, buf unsafe.Pointer, size uintptr, options int) (err error) - -func utimensat(dirfd int, path string, times *[2]Timespec, flags int) error { - // Darwin doesn't support SYS_UTIMENSAT - return ENOSYS -} +//sys utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) /* * Wrapped @@ -543,11 +504,12 @@ func SysctlKinfoProcSlice(name string, args ...int) ([]KinfoProc, error) { //sys Mkdirat(dirfd int, path string, mode uint32) (err error) //sys Mkfifo(path string, mode uint32) (err error) //sys Mknod(path string, mode uint32, dev int) (err error) +//sys Mount(fsType string, dir string, flags int, data unsafe.Pointer) (err error) //sys Open(path string, mode int, perm uint32) (fd int, err error) //sys Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error) //sys Pathconf(path string, name int) (val int, err error) -//sys Pread(fd int, p []byte, offset int64) (n int, err error) -//sys Pwrite(fd int, p []byte, offset int64) (n int, err error) +//sys pread(fd int, p []byte, offset int64) (n int, err error) +//sys pwrite(fd int, p []byte, offset int64) (n int, err error) //sys read(fd int, p []byte) (n int, err error) //sys Readlink(path string, buf []byte) (n int, err error) //sys Readlinkat(dirfd int, path string, buf []byte) (n int, err error) @@ -611,7 +573,6 @@ func SysctlKinfoProcSlice(name string, args ...int) ([]KinfoProc, error) { // Nfssvc // Getfh // Quotactl -// Mount // Csops // Waitid // Add_profil diff --git a/vendor/golang.org/x/sys/unix/syscall_dragonfly.go b/vendor/golang.org/x/sys/unix/syscall_dragonfly.go index 2e37c3167f3..61c0d0de15d 100644 --- a/vendor/golang.org/x/sys/unix/syscall_dragonfly.go +++ b/vendor/golang.org/x/sys/unix/syscall_dragonfly.go @@ -125,12 +125,14 @@ func Pipe2(p []int, flags int) (err error) { } //sys extpread(fd int, p []byte, flags int, offset int64) (n int, err error) -func Pread(fd int, p []byte, offset int64) (n int, err error) { + +func pread(fd int, p []byte, offset int64) (n int, err error) { return extpread(fd, p, 0, offset) } //sys extpwrite(fd int, p []byte, flags int, offset int64) (n int, err error) -func Pwrite(fd int, p []byte, offset int64) (n int, err error) { + +func pwrite(fd int, p []byte, offset int64) (n int, err error) { return extpwrite(fd, p, 0, offset) } @@ -169,11 +171,6 @@ func Getfsstat(buf []Statfs_t, flags int) (n int, err error) { return } -func setattrlistTimes(path string, times []Timespec, flags int) error { - // used on Darwin for UtimesNano - return ENOSYS -} - //sys ioctl(fd int, req uint, arg uintptr) (err error) //sys sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) = SYS___SYSCTL diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd.go b/vendor/golang.org/x/sys/unix/syscall_freebsd.go index 2f650ae665c..6f6c510f413 100644 --- a/vendor/golang.org/x/sys/unix/syscall_freebsd.go +++ b/vendor/golang.org/x/sys/unix/syscall_freebsd.go @@ -194,11 +194,6 @@ func Getfsstat(buf []Statfs_t, flags int) (n int, err error) { return } -func setattrlistTimes(path string, times []Timespec, flags int) error { - // used on Darwin for UtimesNano - return ENOSYS -} - //sys ioctl(fd int, req uint, arg uintptr) (err error) //sys sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) = SYS___SYSCTL @@ -638,8 +633,8 @@ func PtraceSingleStep(pid int) (err error) { //sys Open(path string, mode int, perm uint32) (fd int, err error) //sys Openat(fdat int, path string, mode int, perm uint32) (fd int, err error) //sys Pathconf(path string, name int) (val int, err error) -//sys Pread(fd int, p []byte, offset int64) (n int, err error) -//sys Pwrite(fd int, p []byte, offset int64) (n int, err error) +//sys pread(fd int, p []byte, offset int64) (n int, err error) +//sys pwrite(fd int, p []byte, offset int64) (n int, err error) //sys read(fd int, p []byte) (n int, err error) //sys Readlink(path string, buf []byte) (n int, err error) //sys Readlinkat(dirfd int, path string, buf []byte) (n int, err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_linux.go b/vendor/golang.org/x/sys/unix/syscall_linux.go index 5f28f8fdeda..c8d20321251 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux.go @@ -366,6 +366,8 @@ func Wait4(pid int, wstatus *WaitStatus, options int, rusage *Rusage) (wpid int, return } +//sys Waitid(idType int, id int, info *Siginfo, options int, rusage *Rusage) (err error) + func Mkfifo(path string, mode uint32) error { return Mknod(path, mode|S_IFIFO, 0) } @@ -510,24 +512,24 @@ func (sa *SockaddrL2) sockaddr() (unsafe.Pointer, _Socklen, error) { // // Server example: // -// fd, _ := Socket(AF_BLUETOOTH, SOCK_STREAM, BTPROTO_RFCOMM) -// _ = unix.Bind(fd, &unix.SockaddrRFCOMM{ -// Channel: 1, -// Addr: [6]uint8{0, 0, 0, 0, 0, 0}, // BDADDR_ANY or 00:00:00:00:00:00 -// }) -// _ = Listen(fd, 1) -// nfd, sa, _ := Accept(fd) -// fmt.Printf("conn addr=%v fd=%d", sa.(*unix.SockaddrRFCOMM).Addr, nfd) -// Read(nfd, buf) +// fd, _ := Socket(AF_BLUETOOTH, SOCK_STREAM, BTPROTO_RFCOMM) +// _ = unix.Bind(fd, &unix.SockaddrRFCOMM{ +// Channel: 1, +// Addr: [6]uint8{0, 0, 0, 0, 0, 0}, // BDADDR_ANY or 00:00:00:00:00:00 +// }) +// _ = Listen(fd, 1) +// nfd, sa, _ := Accept(fd) +// fmt.Printf("conn addr=%v fd=%d", sa.(*unix.SockaddrRFCOMM).Addr, nfd) +// Read(nfd, buf) // // Client example: // -// fd, _ := Socket(AF_BLUETOOTH, SOCK_STREAM, BTPROTO_RFCOMM) -// _ = Connect(fd, &SockaddrRFCOMM{ -// Channel: 1, -// Addr: [6]byte{0x11, 0x22, 0x33, 0xaa, 0xbb, 0xcc}, // CC:BB:AA:33:22:11 -// }) -// Write(fd, []byte(`hello`)) +// fd, _ := Socket(AF_BLUETOOTH, SOCK_STREAM, BTPROTO_RFCOMM) +// _ = Connect(fd, &SockaddrRFCOMM{ +// Channel: 1, +// Addr: [6]byte{0x11, 0x22, 0x33, 0xaa, 0xbb, 0xcc}, // CC:BB:AA:33:22:11 +// }) +// Write(fd, []byte(`hello`)) type SockaddrRFCOMM struct { // Addr represents a bluetooth address, byte ordering is little-endian. Addr [6]uint8 @@ -554,12 +556,12 @@ func (sa *SockaddrRFCOMM) sockaddr() (unsafe.Pointer, _Socklen, error) { // The SockaddrCAN struct must be bound to the socket file descriptor // using Bind before the CAN socket can be used. // -// // Read one raw CAN frame -// fd, _ := Socket(AF_CAN, SOCK_RAW, CAN_RAW) -// addr := &SockaddrCAN{Ifindex: index} -// Bind(fd, addr) -// frame := make([]byte, 16) -// Read(fd, frame) +// // Read one raw CAN frame +// fd, _ := Socket(AF_CAN, SOCK_RAW, CAN_RAW) +// addr := &SockaddrCAN{Ifindex: index} +// Bind(fd, addr) +// frame := make([]byte, 16) +// Read(fd, frame) // // The full SocketCAN documentation can be found in the linux kernel // archives at: https://www.kernel.org/doc/Documentation/networking/can.txt @@ -630,13 +632,13 @@ func (sa *SockaddrCANJ1939) sockaddr() (unsafe.Pointer, _Socklen, error) { // Here is an example of using an AF_ALG socket with SHA1 hashing. // The initial socket setup process is as follows: // -// // Open a socket to perform SHA1 hashing. -// fd, _ := unix.Socket(unix.AF_ALG, unix.SOCK_SEQPACKET, 0) -// addr := &unix.SockaddrALG{Type: "hash", Name: "sha1"} -// unix.Bind(fd, addr) -// // Note: unix.Accept does not work at this time; must invoke accept() -// // manually using unix.Syscall. -// hashfd, _, _ := unix.Syscall(unix.SYS_ACCEPT, uintptr(fd), 0, 0) +// // Open a socket to perform SHA1 hashing. +// fd, _ := unix.Socket(unix.AF_ALG, unix.SOCK_SEQPACKET, 0) +// addr := &unix.SockaddrALG{Type: "hash", Name: "sha1"} +// unix.Bind(fd, addr) +// // Note: unix.Accept does not work at this time; must invoke accept() +// // manually using unix.Syscall. +// hashfd, _, _ := unix.Syscall(unix.SYS_ACCEPT, uintptr(fd), 0, 0) // // Once a file descriptor has been returned from Accept, it may be used to // perform SHA1 hashing. The descriptor is not safe for concurrent use, but @@ -645,39 +647,39 @@ func (sa *SockaddrCANJ1939) sockaddr() (unsafe.Pointer, _Socklen, error) { // When hashing a small byte slice or string, a single Write and Read may // be used: // -// // Assume hashfd is already configured using the setup process. -// hash := os.NewFile(hashfd, "sha1") -// // Hash an input string and read the results. Each Write discards -// // previous hash state. Read always reads the current state. -// b := make([]byte, 20) -// for i := 0; i < 2; i++ { -// io.WriteString(hash, "Hello, world.") -// hash.Read(b) -// fmt.Println(hex.EncodeToString(b)) -// } -// // Output: -// // 2ae01472317d1935a84797ec1983ae243fc6aa28 -// // 2ae01472317d1935a84797ec1983ae243fc6aa28 +// // Assume hashfd is already configured using the setup process. +// hash := os.NewFile(hashfd, "sha1") +// // Hash an input string and read the results. Each Write discards +// // previous hash state. Read always reads the current state. +// b := make([]byte, 20) +// for i := 0; i < 2; i++ { +// io.WriteString(hash, "Hello, world.") +// hash.Read(b) +// fmt.Println(hex.EncodeToString(b)) +// } +// // Output: +// // 2ae01472317d1935a84797ec1983ae243fc6aa28 +// // 2ae01472317d1935a84797ec1983ae243fc6aa28 // // For hashing larger byte slices, or byte streams such as those read from // a file or socket, use Sendto with MSG_MORE to instruct the kernel to update // the hash digest instead of creating a new one for a given chunk and finalizing it. // -// // Assume hashfd and addr are already configured using the setup process. -// hash := os.NewFile(hashfd, "sha1") -// // Hash the contents of a file. -// f, _ := os.Open("/tmp/linux-4.10-rc7.tar.xz") -// b := make([]byte, 4096) -// for { -// n, err := f.Read(b) -// if err == io.EOF { -// break -// } -// unix.Sendto(hashfd, b[:n], unix.MSG_MORE, addr) -// } -// hash.Read(b) -// fmt.Println(hex.EncodeToString(b)) -// // Output: 85cdcad0c06eef66f805ecce353bec9accbeecc5 +// // Assume hashfd and addr are already configured using the setup process. +// hash := os.NewFile(hashfd, "sha1") +// // Hash the contents of a file. +// f, _ := os.Open("/tmp/linux-4.10-rc7.tar.xz") +// b := make([]byte, 4096) +// for { +// n, err := f.Read(b) +// if err == io.EOF { +// break +// } +// unix.Sendto(hashfd, b[:n], unix.MSG_MORE, addr) +// } +// hash.Read(b) +// fmt.Println(hex.EncodeToString(b)) +// // Output: 85cdcad0c06eef66f805ecce353bec9accbeecc5 // // For more information, see: http://www.chronox.de/crypto-API/crypto/userspace-if.html. type SockaddrALG struct { @@ -1497,10 +1499,9 @@ func KeyctlRestrictKeyring(ringid int, keyType string, restriction string) error //sys keyctlRestrictKeyringByType(cmd int, arg2 int, keyType string, restriction string) (err error) = SYS_KEYCTL //sys keyctlRestrictKeyring(cmd int, arg2 int) (err error) = SYS_KEYCTL -func Recvmsg(fd int, p, oob []byte, flags int) (n, oobn int, recvflags int, from Sockaddr, err error) { +func recvmsgRaw(fd int, p, oob []byte, flags int, rsa *RawSockaddrAny) (n, oobn int, recvflags int, err error) { var msg Msghdr - var rsa RawSockaddrAny - msg.Name = (*byte)(unsafe.Pointer(&rsa)) + msg.Name = (*byte)(unsafe.Pointer(rsa)) msg.Namelen = uint32(SizeofSockaddrAny) var iov Iovec if len(p) > 0 { @@ -1531,28 +1532,10 @@ func Recvmsg(fd int, p, oob []byte, flags int) (n, oobn int, recvflags int, from } oobn = int(msg.Controllen) recvflags = int(msg.Flags) - // source address is only specified if the socket is unconnected - if rsa.Addr.Family != AF_UNSPEC { - from, err = anyToSockaddr(fd, &rsa) - } - return -} - -func Sendmsg(fd int, p, oob []byte, to Sockaddr, flags int) (err error) { - _, err = SendmsgN(fd, p, oob, to, flags) return } -func SendmsgN(fd int, p, oob []byte, to Sockaddr, flags int) (n int, err error) { - var ptr unsafe.Pointer - var salen _Socklen - if to != nil { - var err error - ptr, salen, err = to.sockaddr() - if err != nil { - return 0, err - } - } +func sendmsgN(fd int, p, oob []byte, ptr unsafe.Pointer, salen _Socklen, flags int) (n int, err error) { var msg Msghdr msg.Name = (*byte)(ptr) msg.Namelen = uint32(salen) @@ -1846,6 +1829,9 @@ func Dup2(oldfd, newfd int) error { //sys Fremovexattr(fd int, attr string) (err error) //sys Fsetxattr(fd int, attr string, dest []byte, flags int) (err error) //sys Fsync(fd int) (err error) +//sys Fsmount(fd int, flags int, mountAttrs int) (fsfd int, err error) +//sys Fsopen(fsName string, flags int) (fd int, err error) +//sys Fspick(dirfd int, pathName string, flags int) (fd int, err error) //sys Getdents(fd int, buf []byte) (n int, err error) = SYS_GETDENTS64 //sysnb Getpgid(pid int) (pgid int, err error) @@ -1876,7 +1862,9 @@ func Getpgrp() (pid int) { //sys MemfdCreate(name string, flags int) (fd int, err error) //sys Mkdirat(dirfd int, path string, mode uint32) (err error) //sys Mknodat(dirfd int, path string, mode uint32, dev int) (err error) +//sys MoveMount(fromDirfd int, fromPathName string, toDirfd int, toPathName string, flags int) (err error) //sys Nanosleep(time *Timespec, leftover *Timespec) (err error) +//sys OpenTree(dfd int, fileName string, flags uint) (r int, err error) //sys PerfEventOpen(attr *PerfEventAttr, pid int, cpu int, groupFd int, flags int) (fd int, err error) //sys PivotRoot(newroot string, putold string) (err error) = SYS_PIVOT_ROOT //sysnb Prlimit(pid int, resource int, newlimit *Rlimit, old *Rlimit) (err error) = SYS_PRLIMIT64 @@ -2201,7 +2189,7 @@ func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) { gid = Getgid() } - if uint32(gid) == st.Gid || isGroupMember(gid) { + if uint32(gid) == st.Gid || isGroupMember(int(st.Gid)) { fmode = (st.Mode >> 3) & 7 } else { fmode = st.Mode & 7 @@ -2316,6 +2304,7 @@ type RemoteIovec struct { //sys PidfdOpen(pid int, flags int) (fd int, err error) = SYS_PIDFD_OPEN //sys PidfdGetfd(pidfd int, targetfd int, flags int) (fd int, err error) = SYS_PIDFD_GETFD +//sys PidfdSendSignal(pidfd int, sig Signal, info *Siginfo, flags int) (err error) = SYS_PIDFD_SEND_SIGNAL //sys shmat(id int, addr uintptr, flag int) (ret uintptr, err error) //sys shmctl(id int, cmd int, buf *SysvShmDesc) (result int, err error) @@ -2464,5 +2453,4 @@ func Setitimer(which ItimerWhich, it Itimerval) (Itimerval, error) { // Vfork // Vhangup // Vserver -// Waitid // _Sysctl diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_386.go b/vendor/golang.org/x/sys/unix/syscall_linux_386.go index d44b8ad5339..518e476e6dd 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_386.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_386.go @@ -35,8 +35,8 @@ func setTimeval(sec, usec int64) Timeval { //sys Iopl(level int) (err error) //sys Lchown(path string, uid int, gid int) (err error) = SYS_LCHOWN32 //sys Lstat(path string, stat *Stat_t) (err error) = SYS_LSTAT64 -//sys Pread(fd int, p []byte, offset int64) (n int, err error) = SYS_PREAD64 -//sys Pwrite(fd int, p []byte, offset int64) (n int, err error) = SYS_PWRITE64 +//sys pread(fd int, p []byte, offset int64) (n int, err error) = SYS_PREAD64 +//sys pwrite(fd int, p []byte, offset int64) (n int, err error) = SYS_PWRITE64 //sys Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) //sys sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) = SYS_SENDFILE64 //sys setfsgid(gid int) (prev int, err error) = SYS_SETFSGID32 diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go b/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go index bd21d93bf84..f5e9d6bef10 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go @@ -28,9 +28,10 @@ func Lstat(path string, stat *Stat_t) (err error) { return Fstatat(AT_FDCWD, path, stat, AT_SYMLINK_NOFOLLOW) } +//sys MemfdSecret(flags int) (fd int, err error) //sys Pause() (err error) -//sys Pread(fd int, p []byte, offset int64) (n int, err error) = SYS_PREAD64 -//sys Pwrite(fd int, p []byte, offset int64) (n int, err error) = SYS_PWRITE64 +//sys pread(fd int, p []byte, offset int64) (n int, err error) = SYS_PREAD64 +//sys pwrite(fd int, p []byte, offset int64) (n int, err error) = SYS_PWRITE64 //sys Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) //sys Seek(fd int, offset int64, whence int) (off int64, err error) = SYS_LSEEK diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_arm.go b/vendor/golang.org/x/sys/unix/syscall_linux_arm.go index 343c91f6b31..c1a7778f105 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_arm.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_arm.go @@ -96,8 +96,8 @@ func Utime(path string, buf *Utimbuf) error { //sys utimes(path string, times *[2]Timeval) (err error) -//sys Pread(fd int, p []byte, offset int64) (n int, err error) = SYS_PREAD64 -//sys Pwrite(fd int, p []byte, offset int64) (n int, err error) = SYS_PWRITE64 +//sys pread(fd int, p []byte, offset int64) (n int, err error) = SYS_PREAD64 +//sys pwrite(fd int, p []byte, offset int64) (n int, err error) = SYS_PWRITE64 //sys Truncate(path string, length int64) (err error) = SYS_TRUNCATE64 //sys Ftruncate(fd int, length int64) (err error) = SYS_FTRUNCATE64 diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go b/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go index 8c562868480..d83e2c65716 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go @@ -22,8 +22,9 @@ import "unsafe" //sysnb getrlimit(resource int, rlim *Rlimit) (err error) //sysnb Getuid() (uid int) //sys Listen(s int, n int) (err error) -//sys Pread(fd int, p []byte, offset int64) (n int, err error) = SYS_PREAD64 -//sys Pwrite(fd int, p []byte, offset int64) (n int, err error) = SYS_PWRITE64 +//sys MemfdSecret(flags int) (fd int, err error) +//sys pread(fd int, p []byte, offset int64) (n int, err error) = SYS_PREAD64 +//sys pwrite(fd int, p []byte, offset int64) (n int, err error) = SYS_PWRITE64 //sys Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) //sys Seek(fd int, offset int64, whence int) (off int64, err error) = SYS_LSEEK diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go b/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go new file mode 100644 index 00000000000..28ba7b8cb71 --- /dev/null +++ b/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go @@ -0,0 +1,191 @@ +// Copyright 2022 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build loong64 && linux +// +build loong64,linux + +package unix + +import "unsafe" + +//sys EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error) = SYS_EPOLL_PWAIT +//sys Fadvise(fd int, offset int64, length int64, advice int) (err error) = SYS_FADVISE64 +//sys Fchown(fd int, uid int, gid int) (err error) +//sys Fstat(fd int, stat *Stat_t) (err error) +//sys Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) +//sys Fstatfs(fd int, buf *Statfs_t) (err error) +//sys Ftruncate(fd int, length int64) (err error) +//sysnb Getegid() (egid int) +//sysnb Geteuid() (euid int) +//sysnb Getgid() (gid int) +//sysnb Getuid() (uid int) +//sys Listen(s int, n int) (err error) +//sys pread(fd int, p []byte, offset int64) (n int, err error) = SYS_PREAD64 +//sys pwrite(fd int, p []byte, offset int64) (n int, err error) = SYS_PWRITE64 +//sys Seek(fd int, offset int64, whence int) (off int64, err error) = SYS_LSEEK + +func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) { + var ts *Timespec + if timeout != nil { + ts = &Timespec{Sec: timeout.Sec, Nsec: timeout.Usec * 1000} + } + return Pselect(nfd, r, w, e, ts, nil) +} + +//sys sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) +//sys setfsgid(gid int) (prev int, err error) +//sys setfsuid(uid int) (prev int, err error) +//sysnb Setregid(rgid int, egid int) (err error) +//sysnb Setresgid(rgid int, egid int, sgid int) (err error) +//sysnb Setresuid(ruid int, euid int, suid int) (err error) +//sysnb Setreuid(ruid int, euid int) (err error) +//sys Shutdown(fd int, how int) (err error) +//sys Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error) + +func Stat(path string, stat *Stat_t) (err error) { + return Fstatat(AT_FDCWD, path, stat, 0) +} + +func Lchown(path string, uid int, gid int) (err error) { + return Fchownat(AT_FDCWD, path, uid, gid, AT_SYMLINK_NOFOLLOW) +} + +func Lstat(path string, stat *Stat_t) (err error) { + return Fstatat(AT_FDCWD, path, stat, AT_SYMLINK_NOFOLLOW) +} + +//sys Statfs(path string, buf *Statfs_t) (err error) +//sys SyncFileRange(fd int, off int64, n int64, flags int) (err error) +//sys Truncate(path string, length int64) (err error) + +func Ustat(dev int, ubuf *Ustat_t) (err error) { + return ENOSYS +} + +//sys accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) +//sys bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) +//sys connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) +//sysnb getgroups(n int, list *_Gid_t) (nn int, err error) +//sysnb setgroups(n int, list *_Gid_t) (err error) +//sys getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) +//sys setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) +//sysnb socket(domain int, typ int, proto int) (fd int, err error) +//sysnb socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) +//sysnb getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) +//sysnb getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) +//sys recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) +//sys sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) +//sys recvmsg(s int, msg *Msghdr, flags int) (n int, err error) +//sys sendmsg(s int, msg *Msghdr, flags int) (n int, err error) +//sys mmap(addr uintptr, length uintptr, prot int, flags int, fd int, offset int64) (xaddr uintptr, err error) + +//sysnb Gettimeofday(tv *Timeval) (err error) + +func setTimespec(sec, nsec int64) Timespec { + return Timespec{Sec: sec, Nsec: nsec} +} + +func setTimeval(sec, usec int64) Timeval { + return Timeval{Sec: sec, Usec: usec} +} + +func Getrlimit(resource int, rlim *Rlimit) (err error) { + err = Prlimit(0, resource, nil, rlim) + return +} + +func Setrlimit(resource int, rlim *Rlimit) (err error) { + err = Prlimit(0, resource, rlim, nil) + return +} + +func futimesat(dirfd int, path string, tv *[2]Timeval) (err error) { + if tv == nil { + return utimensat(dirfd, path, nil, 0) + } + + ts := []Timespec{ + NsecToTimespec(TimevalToNsec(tv[0])), + NsecToTimespec(TimevalToNsec(tv[1])), + } + return utimensat(dirfd, path, (*[2]Timespec)(unsafe.Pointer(&ts[0])), 0) +} + +func Time(t *Time_t) (Time_t, error) { + var tv Timeval + err := Gettimeofday(&tv) + if err != nil { + return 0, err + } + if t != nil { + *t = Time_t(tv.Sec) + } + return Time_t(tv.Sec), nil +} + +func Utime(path string, buf *Utimbuf) error { + tv := []Timeval{ + {Sec: buf.Actime}, + {Sec: buf.Modtime}, + } + return Utimes(path, tv) +} + +func utimes(path string, tv *[2]Timeval) (err error) { + if tv == nil { + return utimensat(AT_FDCWD, path, nil, 0) + } + + ts := []Timespec{ + NsecToTimespec(TimevalToNsec(tv[0])), + NsecToTimespec(TimevalToNsec(tv[1])), + } + return utimensat(AT_FDCWD, path, (*[2]Timespec)(unsafe.Pointer(&ts[0])), 0) +} + +func (r *PtraceRegs) PC() uint64 { return r.Era } + +func (r *PtraceRegs) SetPC(era uint64) { r.Era = era } + +func (iov *Iovec) SetLen(length int) { + iov.Len = uint64(length) +} + +func (msghdr *Msghdr) SetControllen(length int) { + msghdr.Controllen = uint64(length) +} + +func (msghdr *Msghdr) SetIovlen(length int) { + msghdr.Iovlen = uint64(length) +} + +func (cmsg *Cmsghdr) SetLen(length int) { + cmsg.Len = uint64(length) +} + +func (rsa *RawSockaddrNFCLLCP) SetServiceNameLen(length int) { + rsa.Service_name_len = uint64(length) +} + +func Pause() error { + _, err := ppoll(nil, 0, nil, nil) + return err +} + +func Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) { + return Renameat2(olddirfd, oldpath, newdirfd, newpath, 0) +} + +//sys kexecFileLoad(kernelFd int, initrdFd int, cmdlineLen int, cmdline string, flags int) (err error) + +func KexecFileLoad(kernelFd int, initrdFd int, cmdline string, flags int) error { + cmdlineLen := len(cmdline) + if cmdlineLen > 0 { + // Account for the additional NULL byte added by + // BytePtrFromString in kexecFileLoad. The kexec_file_load + // syscall expects a NULL-terminated string. + cmdlineLen++ + } + return kexecFileLoad(kernelFd, initrdFd, cmdlineLen, cmdline, flags) +} diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go b/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go index f0b138002c1..98a2660b91f 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go @@ -21,8 +21,8 @@ package unix //sys Lchown(path string, uid int, gid int) (err error) //sys Listen(s int, n int) (err error) //sys Pause() (err error) -//sys Pread(fd int, p []byte, offset int64) (n int, err error) = SYS_PREAD64 -//sys Pwrite(fd int, p []byte, offset int64) (n int, err error) = SYS_PWRITE64 +//sys pread(fd int, p []byte, offset int64) (n int, err error) = SYS_PREAD64 +//sys pwrite(fd int, p []byte, offset int64) (n int, err error) = SYS_PWRITE64 //sys Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) //sys Seek(fd int, offset int64, whence int) (off int64, err error) = SYS_LSEEK diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go b/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go index e6163c30fe9..b8a18c0ad22 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go @@ -25,8 +25,8 @@ func Syscall9(trap, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, //sysnb Getuid() (uid int) //sys Lchown(path string, uid int, gid int) (err error) //sys Listen(s int, n int) (err error) -//sys Pread(fd int, p []byte, offset int64) (n int, err error) = SYS_PREAD64 -//sys Pwrite(fd int, p []byte, offset int64) (n int, err error) = SYS_PWRITE64 +//sys pread(fd int, p []byte, offset int64) (n int, err error) = SYS_PREAD64 +//sys pwrite(fd int, p []byte, offset int64) (n int, err error) = SYS_PWRITE64 //sys Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) //sys Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) = SYS__NEWSELECT //sys sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) = SYS_SENDFILE64 diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go b/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go index 4740e80a8ec..4ed9e67c6df 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go @@ -27,8 +27,8 @@ import ( //sys Listen(s int, n int) (err error) //sys Lstat(path string, stat *Stat_t) (err error) = SYS_LSTAT64 //sys Pause() (err error) -//sys Pread(fd int, p []byte, offset int64) (n int, err error) = SYS_PREAD64 -//sys Pwrite(fd int, p []byte, offset int64) (n int, err error) = SYS_PWRITE64 +//sys pread(fd int, p []byte, offset int64) (n int, err error) = SYS_PREAD64 +//sys pwrite(fd int, p []byte, offset int64) (n int, err error) = SYS_PWRITE64 //sys Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) //sys Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) = SYS__NEWSELECT //sys sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) = SYS_SENDFILE64 diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go b/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go index 78bc9166ef6..db63d384c5b 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go @@ -26,8 +26,8 @@ package unix //sys Listen(s int, n int) (err error) //sys Lstat(path string, stat *Stat_t) (err error) //sys Pause() (err error) -//sys Pread(fd int, p []byte, offset int64) (n int, err error) = SYS_PREAD64 -//sys Pwrite(fd int, p []byte, offset int64) (n int, err error) = SYS_PWRITE64 +//sys pread(fd int, p []byte, offset int64) (n int, err error) = SYS_PREAD64 +//sys pwrite(fd int, p []byte, offset int64) (n int, err error) = SYS_PWRITE64 //sys Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) //sys Seek(fd int, offset int64, whence int) (off int64, err error) = SYS_LSEEK //sys Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) = SYS__NEWSELECT diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go b/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go index 3d6c4eb0681..8ff7adba039 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go @@ -22,8 +22,8 @@ import "unsafe" //sysnb Getrlimit(resource int, rlim *Rlimit) (err error) //sysnb Getuid() (uid int) //sys Listen(s int, n int) (err error) -//sys Pread(fd int, p []byte, offset int64) (n int, err error) = SYS_PREAD64 -//sys Pwrite(fd int, p []byte, offset int64) (n int, err error) = SYS_PWRITE64 +//sys pread(fd int, p []byte, offset int64) (n int, err error) = SYS_PREAD64 +//sys pwrite(fd int, p []byte, offset int64) (n int, err error) = SYS_PWRITE64 //sys Seek(fd int, offset int64, whence int) (off int64, err error) = SYS_LSEEK func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) { diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go b/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go index 89ce84a4168..6fcf277b0d7 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go @@ -26,8 +26,8 @@ import ( //sys Lchown(path string, uid int, gid int) (err error) //sys Lstat(path string, stat *Stat_t) (err error) //sys Pause() (err error) -//sys Pread(fd int, p []byte, offset int64) (n int, err error) = SYS_PREAD64 -//sys Pwrite(fd int, p []byte, offset int64) (n int, err error) = SYS_PWRITE64 +//sys pread(fd int, p []byte, offset int64) (n int, err error) = SYS_PREAD64 +//sys pwrite(fd int, p []byte, offset int64) (n int, err error) = SYS_PWRITE64 //sys Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) //sys Seek(fd int, offset int64, whence int) (off int64, err error) = SYS_LSEEK //sys Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go b/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go index 35bdb098c5b..02a45d9cc06 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go @@ -23,8 +23,8 @@ package unix //sys Listen(s int, n int) (err error) //sys Lstat(path string, stat *Stat_t) (err error) //sys Pause() (err error) -//sys Pread(fd int, p []byte, offset int64) (n int, err error) = SYS_PREAD64 -//sys Pwrite(fd int, p []byte, offset int64) (n int, err error) = SYS_PWRITE64 +//sys pread(fd int, p []byte, offset int64) (n int, err error) = SYS_PREAD64 +//sys pwrite(fd int, p []byte, offset int64) (n int, err error) = SYS_PWRITE64 //sys Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) //sys Seek(fd int, offset int64, whence int) (off int64, err error) = SYS_LSEEK //sys Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_netbsd.go b/vendor/golang.org/x/sys/unix/syscall_netbsd.go index 696fed496f6..666f0a1b33d 100644 --- a/vendor/golang.org/x/sys/unix/syscall_netbsd.go +++ b/vendor/golang.org/x/sys/unix/syscall_netbsd.go @@ -163,11 +163,6 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e return -1, ENOSYS } -func setattrlistTimes(path string, times []Timespec, flags int) error { - // used on Darwin for UtimesNano - return ENOSYS -} - //sys ioctl(fd int, req uint, arg uintptr) (err error) //sys sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) = SYS___SYSCTL @@ -313,8 +308,8 @@ func Statvfs(path string, buf *Statvfs_t) (err error) { //sys Open(path string, mode int, perm uint32) (fd int, err error) //sys Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error) //sys Pathconf(path string, name int) (val int, err error) -//sys Pread(fd int, p []byte, offset int64) (n int, err error) -//sys Pwrite(fd int, p []byte, offset int64) (n int, err error) +//sys pread(fd int, p []byte, offset int64) (n int, err error) +//sys pwrite(fd int, p []byte, offset int64) (n int, err error) //sys read(fd int, p []byte) (n int, err error) //sys Readlink(path string, buf []byte) (n int, err error) //sys Readlinkat(dirfd int, path string, buf []byte) (n int, err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_openbsd.go b/vendor/golang.org/x/sys/unix/syscall_openbsd.go index 11b1d419da9..78daceb338b 100644 --- a/vendor/golang.org/x/sys/unix/syscall_openbsd.go +++ b/vendor/golang.org/x/sys/unix/syscall_openbsd.go @@ -81,6 +81,7 @@ func Pipe(p []int) (err error) { } //sysnb pipe2(p *[2]_C_int, flags int) (err error) + func Pipe2(p []int, flags int) error { if len(p) != 2 { return EINVAL @@ -95,6 +96,7 @@ func Pipe2(p []int, flags int) error { } //sys Getdents(fd int, buf []byte) (n int, err error) + func Getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) { n, err = Getdents(fd, buf) if err != nil || basep == nil { @@ -149,11 +151,6 @@ func Getfsstat(buf []Statfs_t, flags int) (n int, err error) { return } -func setattrlistTimes(path string, times []Timespec, flags int) error { - // used on Darwin for UtimesNano - return ENOSYS -} - //sys ioctl(fd int, req uint, arg uintptr) (err error) //sys sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) = SYS___SYSCTL @@ -274,8 +271,8 @@ func Uname(uname *Utsname) error { //sys Open(path string, mode int, perm uint32) (fd int, err error) //sys Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error) //sys Pathconf(path string, name int) (val int, err error) -//sys Pread(fd int, p []byte, offset int64) (n int, err error) -//sys Pwrite(fd int, p []byte, offset int64) (n int, err error) +//sys pread(fd int, p []byte, offset int64) (n int, err error) +//sys pwrite(fd int, p []byte, offset int64) (n int, err error) //sys read(fd int, p []byte) (n int, err error) //sys Readlink(path string, buf []byte) (n int, err error) //sys Readlinkat(dirfd int, path string, buf []byte) (n int, err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_solaris.go b/vendor/golang.org/x/sys/unix/syscall_solaris.go index 5c813921e85..5c2003cec65 100644 --- a/vendor/golang.org/x/sys/unix/syscall_solaris.go +++ b/vendor/golang.org/x/sys/unix/syscall_solaris.go @@ -451,10 +451,9 @@ func Accept(fd int) (nfd int, sa Sockaddr, err error) { //sys recvmsg(s int, msg *Msghdr, flags int) (n int, err error) = libsocket.__xnet_recvmsg -func Recvmsg(fd int, p, oob []byte, flags int) (n, oobn int, recvflags int, from Sockaddr, err error) { +func recvmsgRaw(fd int, p, oob []byte, flags int, rsa *RawSockaddrAny) (n, oobn int, recvflags int, err error) { var msg Msghdr - var rsa RawSockaddrAny - msg.Name = (*byte)(unsafe.Pointer(&rsa)) + msg.Name = (*byte)(unsafe.Pointer(rsa)) msg.Namelen = uint32(SizeofSockaddrAny) var iov Iovec if len(p) > 0 { @@ -476,29 +475,12 @@ func Recvmsg(fd int, p, oob []byte, flags int) (n, oobn int, recvflags int, from return } oobn = int(msg.Accrightslen) - // source address is only specified if the socket is unconnected - if rsa.Addr.Family != AF_UNSPEC { - from, err = anyToSockaddr(fd, &rsa) - } - return -} - -func Sendmsg(fd int, p, oob []byte, to Sockaddr, flags int) (err error) { - _, err = SendmsgN(fd, p, oob, to, flags) return } //sys sendmsg(s int, msg *Msghdr, flags int) (n int, err error) = libsocket.__xnet_sendmsg -func SendmsgN(fd int, p, oob []byte, to Sockaddr, flags int) (n int, err error) { - var ptr unsafe.Pointer - var salen _Socklen - if to != nil { - ptr, salen, err = to.sockaddr() - if err != nil { - return 0, err - } - } +func sendmsgN(fd int, p, oob []byte, ptr unsafe.Pointer, salen _Socklen, flags int) (n int, err error) { var msg Msghdr msg.Name = (*byte)(unsafe.Pointer(ptr)) msg.Namelen = uint32(salen) @@ -661,8 +643,8 @@ func Sendfile(outfd int, infd int, offset *int64, count int) (written int, err e //sys Openat(dirfd int, path string, flags int, mode uint32) (fd int, err error) //sys Pathconf(path string, name int) (val int, err error) //sys Pause() (err error) -//sys Pread(fd int, p []byte, offset int64) (n int, err error) -//sys Pwrite(fd int, p []byte, offset int64) (n int, err error) +//sys pread(fd int, p []byte, offset int64) (n int, err error) +//sys pwrite(fd int, p []byte, offset int64) (n int, err error) //sys read(fd int, p []byte) (n int, err error) //sys Readlink(path string, buf []byte) (n int, err error) //sys Rename(from string, to string) (err error) @@ -755,8 +737,20 @@ type fileObjCookie struct { type EventPort struct { port int mu sync.Mutex - fds map[uintptr]interface{} + fds map[uintptr]*fileObjCookie paths map[string]*fileObjCookie + // The user cookie presents an interesting challenge from a memory management perspective. + // There are two paths by which we can discover that it is no longer in use: + // 1. The user calls port_dissociate before any events fire + // 2. An event fires and we return it to the user + // The tricky situation is if the event has fired in the kernel but + // the user hasn't requested/received it yet. + // If the user wants to port_dissociate before the event has been processed, + // we should handle things gracefully. To do so, we need to keep an extra + // reference to the cookie around until the event is processed + // thus the otherwise seemingly extraneous "cookies" map + // The key of this map is a pointer to the corresponding &fCookie.cookie + cookies map[*interface{}]*fileObjCookie } // PortEvent is an abstraction of the port_event C struct. @@ -780,9 +774,10 @@ func NewEventPort() (*EventPort, error) { return nil, err } e := &EventPort{ - port: port, - fds: make(map[uintptr]interface{}), - paths: make(map[string]*fileObjCookie), + port: port, + fds: make(map[uintptr]*fileObjCookie), + paths: make(map[string]*fileObjCookie), + cookies: make(map[*interface{}]*fileObjCookie), } return e, nil } @@ -797,9 +792,13 @@ func NewEventPort() (*EventPort, error) { func (e *EventPort) Close() error { e.mu.Lock() defer e.mu.Unlock() + err := Close(e.port) + if err != nil { + return err + } e.fds = nil e.paths = nil - return Close(e.port) + return nil } // PathIsWatched checks to see if path is associated with this EventPort. @@ -836,6 +835,7 @@ func (e *EventPort) AssociatePath(path string, stat os.FileInfo, events int, coo return err } e.paths[path] = fCookie + e.cookies[&fCookie.cookie] = fCookie return nil } @@ -848,11 +848,19 @@ func (e *EventPort) DissociatePath(path string) error { return fmt.Errorf("%v is not associated with this Event Port", path) } _, err := port_dissociate(e.port, PORT_SOURCE_FILE, uintptr(unsafe.Pointer(f.fobj))) - if err != nil { + // If the path is no longer associated with this event port (ENOENT) + // we should delete it from our map. We can still return ENOENT to the caller. + // But we need to save the cookie + if err != nil && err != ENOENT { return err } + if err == nil { + // dissociate was successful, safe to delete the cookie + fCookie := e.paths[path] + delete(e.cookies, &fCookie.cookie) + } delete(e.paths, path) - return nil + return err } // AssociateFd wraps calls to port_associate(3c) on file descriptors. @@ -862,12 +870,13 @@ func (e *EventPort) AssociateFd(fd uintptr, events int, cookie interface{}) erro if _, found := e.fds[fd]; found { return fmt.Errorf("%v is already associated with this Event Port", fd) } - pcookie := &cookie - _, err := port_associate(e.port, PORT_SOURCE_FD, fd, events, (*byte)(unsafe.Pointer(pcookie))) + fCookie := &fileObjCookie{nil, cookie} + _, err := port_associate(e.port, PORT_SOURCE_FD, fd, events, (*byte)(unsafe.Pointer(&fCookie.cookie))) if err != nil { return err } - e.fds[fd] = pcookie + e.fds[fd] = fCookie + e.cookies[&fCookie.cookie] = fCookie return nil } @@ -880,11 +889,16 @@ func (e *EventPort) DissociateFd(fd uintptr) error { return fmt.Errorf("%v is not associated with this Event Port", fd) } _, err := port_dissociate(e.port, PORT_SOURCE_FD, fd) - if err != nil { + if err != nil && err != ENOENT { return err } + if err == nil { + // dissociate was successful, safe to delete the cookie + fCookie := e.fds[fd] + delete(e.cookies, &fCookie.cookie) + } delete(e.fds, fd) - return nil + return err } func createFileObj(name string, stat os.FileInfo) (*fileObj, error) { @@ -912,24 +926,46 @@ func (e *EventPort) GetOne(t *Timespec) (*PortEvent, error) { return nil, err } p := new(PortEvent) - p.Events = pe.Events - p.Source = pe.Source e.mu.Lock() defer e.mu.Unlock() - switch pe.Source { + e.peIntToExt(pe, p) + return p, nil +} + +// peIntToExt converts a cgo portEvent struct into the friendlier PortEvent +// NOTE: Always call this function while holding the e.mu mutex +func (e *EventPort) peIntToExt(peInt *portEvent, peExt *PortEvent) { + peExt.Events = peInt.Events + peExt.Source = peInt.Source + cookie := (*interface{})(unsafe.Pointer(peInt.User)) + peExt.Cookie = *cookie + switch peInt.Source { case PORT_SOURCE_FD: - p.Fd = uintptr(pe.Object) - cookie := (*interface{})(unsafe.Pointer(pe.User)) - p.Cookie = *cookie - delete(e.fds, p.Fd) + delete(e.cookies, cookie) + peExt.Fd = uintptr(peInt.Object) + // Only remove the fds entry if it exists and this cookie matches + if fobj, ok := e.fds[peExt.Fd]; ok { + if &fobj.cookie == cookie { + delete(e.fds, peExt.Fd) + } + } case PORT_SOURCE_FILE: - p.fobj = (*fileObj)(unsafe.Pointer(uintptr(pe.Object))) - p.Path = BytePtrToString((*byte)(unsafe.Pointer(p.fobj.Name))) - cookie := (*interface{})(unsafe.Pointer(pe.User)) - p.Cookie = *cookie - delete(e.paths, p.Path) + if fCookie, ok := e.cookies[cookie]; ok && uintptr(unsafe.Pointer(fCookie.fobj)) == uintptr(peInt.Object) { + // Use our stashed reference rather than using unsafe on what we got back + // the unsafe version would be (*fileObj)(unsafe.Pointer(uintptr(peInt.Object))) + peExt.fobj = fCookie.fobj + } else { + panic("mismanaged memory") + } + delete(e.cookies, cookie) + peExt.Path = BytePtrToString((*byte)(unsafe.Pointer(peExt.fobj.Name))) + // Only remove the paths entry if it exists and this cookie matches + if fobj, ok := e.paths[peExt.Path]; ok { + if &fobj.cookie == cookie { + delete(e.paths, peExt.Path) + } + } } - return p, nil } // Pending wraps port_getn(3c) and returns how many events are pending. @@ -962,21 +998,7 @@ func (e *EventPort) Get(s []PortEvent, min int, timeout *Timespec) (int, error) e.mu.Lock() defer e.mu.Unlock() for i := 0; i < int(got); i++ { - s[i].Events = ps[i].Events - s[i].Source = ps[i].Source - switch ps[i].Source { - case PORT_SOURCE_FD: - s[i].Fd = uintptr(ps[i].Object) - cookie := (*interface{})(unsafe.Pointer(ps[i].User)) - s[i].Cookie = *cookie - delete(e.fds, s[i].Fd) - case PORT_SOURCE_FILE: - s[i].fobj = (*fileObj)(unsafe.Pointer(uintptr(ps[i].Object))) - s[i].Path = BytePtrToString((*byte)(unsafe.Pointer(s[i].fobj.Name))) - cookie := (*interface{})(unsafe.Pointer(ps[i].User)) - s[i].Cookie = *cookie - delete(e.paths, s[i].Path) - } + e.peIntToExt(&ps[i], &s[i]) } return int(got), err } diff --git a/vendor/golang.org/x/sys/unix/syscall_unix.go b/vendor/golang.org/x/sys/unix/syscall_unix.go index cf296a2433a..70508afc1d1 100644 --- a/vendor/golang.org/x/sys/unix/syscall_unix.go +++ b/vendor/golang.org/x/sys/unix/syscall_unix.go @@ -177,6 +177,30 @@ func Write(fd int, p []byte) (n int, err error) { return } +func Pread(fd int, p []byte, offset int64) (n int, err error) { + n, err = pread(fd, p, offset) + if raceenabled { + if n > 0 { + raceWriteRange(unsafe.Pointer(&p[0]), n) + } + if err == nil { + raceAcquire(unsafe.Pointer(&ioSync)) + } + } + return +} + +func Pwrite(fd int, p []byte, offset int64) (n int, err error) { + if raceenabled { + raceReleaseMerge(unsafe.Pointer(&ioSync)) + } + n, err = pwrite(fd, p, offset) + if raceenabled && n > 0 { + raceReadRange(unsafe.Pointer(&p[0]), n) + } + return +} + // For testing: clients can set this flag to force // creation of IPv6 sockets to return EAFNOSUPPORT. var SocketDisableIPv6 bool @@ -313,6 +337,33 @@ func Recvfrom(fd int, p []byte, flags int) (n int, from Sockaddr, err error) { return } +func Recvmsg(fd int, p, oob []byte, flags int) (n, oobn int, recvflags int, from Sockaddr, err error) { + var rsa RawSockaddrAny + n, oobn, recvflags, err = recvmsgRaw(fd, p, oob, flags, &rsa) + // source address is only specified if the socket is unconnected + if rsa.Addr.Family != AF_UNSPEC { + from, err = anyToSockaddr(fd, &rsa) + } + return +} + +func Sendmsg(fd int, p, oob []byte, to Sockaddr, flags int) (err error) { + _, err = SendmsgN(fd, p, oob, to, flags) + return +} + +func SendmsgN(fd int, p, oob []byte, to Sockaddr, flags int) (n int, err error) { + var ptr unsafe.Pointer + var salen _Socklen + if to != nil { + ptr, salen, err = to.sockaddr() + if err != nil { + return 0, err + } + } + return sendmsgN(fd, p, oob, ptr, salen, flags) +} + func Send(s int, buf []byte, flags int) (err error) { return sendto(s, buf, flags, nil, 0) } diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux.go b/vendor/golang.org/x/sys/unix/zerrors_linux.go index bc7c9d07559..c0a43f8ba6f 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux.go @@ -393,9 +393,11 @@ const ( CAP_SYS_TIME = 0x19 CAP_SYS_TTY_CONFIG = 0x1a CAP_WAKE_ALARM = 0x23 + CEPH_SUPER_MAGIC = 0xc36400 CFLUSH = 0xf CGROUP2_SUPER_MAGIC = 0x63677270 CGROUP_SUPER_MAGIC = 0x27e0eb + CIFS_SUPER_MAGIC = 0xff534d42 CLOCK_BOOTTIME = 0x7 CLOCK_BOOTTIME_ALARM = 0x9 CLOCK_DEFAULT = 0x0 @@ -784,6 +786,7 @@ const ( EV_SYN = 0x0 EV_VERSION = 0x10001 EXABYTE_ENABLE_NEST = 0xf0 + EXFAT_SUPER_MAGIC = 0x2011bab0 EXT2_SUPER_MAGIC = 0xef53 EXT3_SUPER_MAGIC = 0xef53 EXT4_SUPER_MAGIC = 0xef53 @@ -826,6 +829,8 @@ const ( FAN_EVENT_INFO_TYPE_DFID_NAME = 0x2 FAN_EVENT_INFO_TYPE_ERROR = 0x5 FAN_EVENT_INFO_TYPE_FID = 0x1 + FAN_EVENT_INFO_TYPE_NEW_DFID_NAME = 0xc + FAN_EVENT_INFO_TYPE_OLD_DFID_NAME = 0xa FAN_EVENT_INFO_TYPE_PIDFD = 0x4 FAN_EVENT_METADATA_LEN = 0x18 FAN_EVENT_ON_CHILD = 0x8000000 @@ -854,17 +859,27 @@ const ( FAN_OPEN_EXEC_PERM = 0x40000 FAN_OPEN_PERM = 0x10000 FAN_Q_OVERFLOW = 0x4000 + FAN_RENAME = 0x10000000 FAN_REPORT_DFID_NAME = 0xc00 + FAN_REPORT_DFID_NAME_TARGET = 0x1e00 FAN_REPORT_DIR_FID = 0x400 FAN_REPORT_FID = 0x200 FAN_REPORT_NAME = 0x800 FAN_REPORT_PIDFD = 0x80 + FAN_REPORT_TARGET_FID = 0x1000 FAN_REPORT_TID = 0x100 FAN_UNLIMITED_MARKS = 0x20 FAN_UNLIMITED_QUEUE = 0x10 FD_CLOEXEC = 0x1 FD_SETSIZE = 0x400 FF0 = 0x0 + FIB_RULE_DEV_DETACHED = 0x8 + FIB_RULE_FIND_SADDR = 0x10000 + FIB_RULE_IIF_DETACHED = 0x8 + FIB_RULE_INVERT = 0x2 + FIB_RULE_OIF_DETACHED = 0x10 + FIB_RULE_PERMANENT = 0x1 + FIB_RULE_UNRESOLVED = 0x4 FIDEDUPERANGE = 0xc0189436 FSCRYPT_KEY_DESCRIPTOR_SIZE = 0x8 FSCRYPT_KEY_DESC_PREFIX = "fscrypt:" @@ -927,6 +942,7 @@ const ( FS_VERITY_METADATA_TYPE_DESCRIPTOR = 0x2 FS_VERITY_METADATA_TYPE_MERKLE_TREE = 0x1 FS_VERITY_METADATA_TYPE_SIGNATURE = 0x3 + FUSE_SUPER_MAGIC = 0x65735546 FUTEXFS_SUPER_MAGIC = 0xbad1dea F_ADD_SEALS = 0x409 F_DUPFD = 0x0 @@ -1294,6 +1310,7 @@ const ( KEXEC_ARCH_ARM = 0x280000 KEXEC_ARCH_DEFAULT = 0x0 KEXEC_ARCH_IA_64 = 0x320000 + KEXEC_ARCH_LOONGARCH = 0x1020000 KEXEC_ARCH_MASK = 0xffff0000 KEXEC_ARCH_MIPS = 0x80000 KEXEC_ARCH_MIPS_LE = 0xa0000 @@ -1495,6 +1512,7 @@ const ( MNT_DETACH = 0x2 MNT_EXPIRE = 0x4 MNT_FORCE = 0x1 + MODULE_INIT_COMPRESSED_FILE = 0x4 MODULE_INIT_IGNORE_MODVERSIONS = 0x1 MODULE_INIT_IGNORE_VERMAGIC = 0x2 MOUNT_ATTR_IDMAP = 0x100000 @@ -1849,6 +1867,9 @@ const ( PERF_MEM_BLK_NA = 0x1 PERF_MEM_BLK_SHIFT = 0x28 PERF_MEM_HOPS_0 = 0x1 + PERF_MEM_HOPS_1 = 0x2 + PERF_MEM_HOPS_2 = 0x3 + PERF_MEM_HOPS_3 = 0x4 PERF_MEM_HOPS_SHIFT = 0x2b PERF_MEM_LOCK_LOCKED = 0x2 PERF_MEM_LOCK_NA = 0x1 @@ -2052,6 +2073,8 @@ const ( PR_SET_TIMING = 0xe PR_SET_TSC = 0x1a PR_SET_UNALIGN = 0x6 + PR_SET_VMA = 0x53564d41 + PR_SET_VMA_ANON_NAME = 0x0 PR_SPEC_DISABLE = 0x4 PR_SPEC_DISABLE_NOEXEC = 0x10 PR_SPEC_ENABLE = 0x2 @@ -2135,6 +2158,10 @@ const ( PTRACE_SYSCALL_INFO_NONE = 0x0 PTRACE_SYSCALL_INFO_SECCOMP = 0x3 PTRACE_TRACEME = 0x0 + P_ALL = 0x0 + P_PGID = 0x2 + P_PID = 0x1 + P_PIDFD = 0x3 QNX4_SUPER_MAGIC = 0x2f QNX6_SUPER_MAGIC = 0x68191122 RAMFS_MAGIC = 0x858458f6 @@ -2505,6 +2532,7 @@ const ( SMART_STATUS = 0xda SMART_WRITE_LOG_SECTOR = 0xd6 SMART_WRITE_THRESHOLDS = 0xd7 + SMB2_SUPER_MAGIC = 0xfe534d42 SMB_SUPER_MAGIC = 0x517b SOCKFS_MAGIC = 0x534f434b SOCK_BUF_LOCK_MASK = 0x3 @@ -2646,7 +2674,7 @@ const ( TASKSTATS_GENL_NAME = "TASKSTATS" TASKSTATS_GENL_VERSION = 0x1 TASKSTATS_TYPE_MAX = 0x6 - TASKSTATS_VERSION = 0xa + TASKSTATS_VERSION = 0xb TCIFLUSH = 0x0 TCIOFF = 0x2 TCIOFLUSH = 0x2 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go index 234fd4a5d1a..1b305fab1b8 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go @@ -5,7 +5,7 @@ // +build 386,linux // Code generated by cmd/cgo -godefs; DO NOT EDIT. -// cgo -godefs -- -Wall -Werror -static -I/tmp/include -m32 /build/unix/_const.go +// cgo -godefs -- -Wall -Werror -static -I/tmp/include -m32 _const.go package unix diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go index 58619b7589b..6bcdef5dd6b 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go @@ -5,7 +5,7 @@ // +build amd64,linux // Code generated by cmd/cgo -godefs; DO NOT EDIT. -// cgo -godefs -- -Wall -Werror -static -I/tmp/include -m64 /build/unix/_const.go +// cgo -godefs -- -Wall -Werror -static -I/tmp/include -m64 _const.go package unix diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go index 3a64ff59dce..e65df0f8d19 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go @@ -5,7 +5,7 @@ // +build arm,linux // Code generated by cmd/cgo -godefs; DO NOT EDIT. -// cgo -godefs -- -Wall -Werror -static -I/tmp/include /build/unix/_const.go +// cgo -godefs -- -Wall -Werror -static -I/tmp/include _const.go package unix diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go index abe0b925789..c7021115aa9 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go @@ -5,7 +5,7 @@ // +build arm64,linux // Code generated by cmd/cgo -godefs; DO NOT EDIT. -// cgo -godefs -- -Wall -Werror -static -I/tmp/include -fsigned-char /build/unix/_const.go +// cgo -godefs -- -Wall -Werror -static -I/tmp/include -fsigned-char _const.go package unix diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go new file mode 100644 index 00000000000..0d83a1cd45d --- /dev/null +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go @@ -0,0 +1,818 @@ +// mkerrors.sh -Wall -Werror -static -I/tmp/include +// Code generated by the command above; see README.md. DO NOT EDIT. + +//go:build loong64 && linux +// +build loong64,linux + +// Code generated by cmd/cgo -godefs; DO NOT EDIT. +// cgo -godefs -- -Wall -Werror -static -I/tmp/include _const.go + +package unix + +import "syscall" + +const ( + B1000000 = 0x1008 + B115200 = 0x1002 + B1152000 = 0x1009 + B1500000 = 0x100a + B2000000 = 0x100b + B230400 = 0x1003 + B2500000 = 0x100c + B3000000 = 0x100d + B3500000 = 0x100e + B4000000 = 0x100f + B460800 = 0x1004 + B500000 = 0x1005 + B57600 = 0x1001 + B576000 = 0x1006 + B921600 = 0x1007 + BLKBSZGET = 0x80081270 + BLKBSZSET = 0x40081271 + BLKFLSBUF = 0x1261 + BLKFRAGET = 0x1265 + BLKFRASET = 0x1264 + BLKGETSIZE = 0x1260 + BLKGETSIZE64 = 0x80081272 + BLKPBSZGET = 0x127b + BLKRAGET = 0x1263 + BLKRASET = 0x1262 + BLKROGET = 0x125e + BLKROSET = 0x125d + BLKRRPART = 0x125f + BLKSECTGET = 0x1267 + BLKSECTSET = 0x1266 + BLKSSZGET = 0x1268 + BOTHER = 0x1000 + BS1 = 0x2000 + BSDLY = 0x2000 + CBAUD = 0x100f + CBAUDEX = 0x1000 + CIBAUD = 0x100f0000 + CLOCAL = 0x800 + CR1 = 0x200 + CR2 = 0x400 + CR3 = 0x600 + CRDLY = 0x600 + CREAD = 0x80 + CS6 = 0x10 + CS7 = 0x20 + CS8 = 0x30 + CSIZE = 0x30 + CSTOPB = 0x40 + ECCGETLAYOUT = 0x81484d11 + ECCGETSTATS = 0x80104d12 + ECHOCTL = 0x200 + ECHOE = 0x10 + ECHOK = 0x20 + ECHOKE = 0x800 + ECHONL = 0x40 + ECHOPRT = 0x400 + EFD_CLOEXEC = 0x80000 + EFD_NONBLOCK = 0x800 + EPOLL_CLOEXEC = 0x80000 + EXTPROC = 0x10000 + FF1 = 0x8000 + FFDLY = 0x8000 + FICLONE = 0x40049409 + FICLONERANGE = 0x4020940d + FLUSHO = 0x1000 + FPU_CTX_MAGIC = 0x46505501 + FS_IOC_ENABLE_VERITY = 0x40806685 + FS_IOC_GETFLAGS = 0x80086601 + FS_IOC_GET_ENCRYPTION_NONCE = 0x8010661b + FS_IOC_GET_ENCRYPTION_POLICY = 0x400c6615 + FS_IOC_GET_ENCRYPTION_PWSALT = 0x40106614 + FS_IOC_SETFLAGS = 0x40086602 + FS_IOC_SET_ENCRYPTION_POLICY = 0x800c6613 + F_GETLK = 0x5 + F_GETLK64 = 0x5 + F_GETOWN = 0x9 + F_RDLCK = 0x0 + F_SETLK = 0x6 + F_SETLK64 = 0x6 + F_SETLKW = 0x7 + F_SETLKW64 = 0x7 + F_SETOWN = 0x8 + F_UNLCK = 0x2 + F_WRLCK = 0x1 + HIDIOCGRAWINFO = 0x80084803 + HIDIOCGRDESC = 0x90044802 + HIDIOCGRDESCSIZE = 0x80044801 + HUPCL = 0x400 + ICANON = 0x2 + IEXTEN = 0x8000 + IN_CLOEXEC = 0x80000 + IN_NONBLOCK = 0x800 + IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x7b9 + ISIG = 0x1 + IUCLC = 0x200 + IXOFF = 0x1000 + IXON = 0x400 + LASX_CTX_MAGIC = 0x41535801 + LSX_CTX_MAGIC = 0x53580001 + MAP_ANON = 0x20 + MAP_ANONYMOUS = 0x20 + MAP_DENYWRITE = 0x800 + MAP_EXECUTABLE = 0x1000 + MAP_GROWSDOWN = 0x100 + MAP_HUGETLB = 0x40000 + MAP_LOCKED = 0x2000 + MAP_NONBLOCK = 0x10000 + MAP_NORESERVE = 0x4000 + MAP_POPULATE = 0x8000 + MAP_STACK = 0x20000 + MAP_SYNC = 0x80000 + MCL_CURRENT = 0x1 + MCL_FUTURE = 0x2 + MCL_ONFAULT = 0x4 + MEMERASE = 0x40084d02 + MEMERASE64 = 0x40104d14 + MEMGETBADBLOCK = 0x40084d0b + MEMGETINFO = 0x80204d01 + MEMGETOOBSEL = 0x80c84d0a + MEMGETREGIONCOUNT = 0x80044d07 + MEMISLOCKED = 0x80084d17 + MEMLOCK = 0x40084d05 + MEMREADOOB = 0xc0104d04 + MEMSETBADBLOCK = 0x40084d0c + MEMUNLOCK = 0x40084d06 + MEMWRITEOOB = 0xc0104d03 + MTDFILEMODE = 0x4d13 + NFDBITS = 0x40 + NLDLY = 0x100 + NOFLSH = 0x80 + NS_GET_NSTYPE = 0xb703 + NS_GET_OWNER_UID = 0xb704 + NS_GET_PARENT = 0xb702 + NS_GET_USERNS = 0xb701 + OLCUC = 0x2 + ONLCR = 0x4 + OTPERASE = 0x400c4d19 + OTPGETREGIONCOUNT = 0x40044d0e + OTPGETREGIONINFO = 0x400c4d0f + OTPLOCK = 0x800c4d10 + OTPSELECT = 0x80044d0d + O_APPEND = 0x400 + O_ASYNC = 0x2000 + O_CLOEXEC = 0x80000 + O_CREAT = 0x40 + O_DIRECT = 0x4000 + O_DIRECTORY = 0x10000 + O_DSYNC = 0x1000 + O_EXCL = 0x80 + O_FSYNC = 0x101000 + O_LARGEFILE = 0x0 + O_NDELAY = 0x800 + O_NOATIME = 0x40000 + O_NOCTTY = 0x100 + O_NOFOLLOW = 0x20000 + O_NONBLOCK = 0x800 + O_PATH = 0x200000 + O_RSYNC = 0x101000 + O_SYNC = 0x101000 + O_TMPFILE = 0x410000 + O_TRUNC = 0x200 + PARENB = 0x100 + PARODD = 0x200 + PENDIN = 0x4000 + PERF_EVENT_IOC_DISABLE = 0x2401 + PERF_EVENT_IOC_ENABLE = 0x2400 + PERF_EVENT_IOC_ID = 0x80082407 + PERF_EVENT_IOC_MODIFY_ATTRIBUTES = 0x4008240b + PERF_EVENT_IOC_PAUSE_OUTPUT = 0x40042409 + PERF_EVENT_IOC_PERIOD = 0x40082404 + PERF_EVENT_IOC_QUERY_BPF = 0xc008240a + PERF_EVENT_IOC_REFRESH = 0x2402 + PERF_EVENT_IOC_RESET = 0x2403 + PERF_EVENT_IOC_SET_BPF = 0x40042408 + PERF_EVENT_IOC_SET_FILTER = 0x40082406 + PERF_EVENT_IOC_SET_OUTPUT = 0x2405 + PPPIOCATTACH = 0x4004743d + PPPIOCATTCHAN = 0x40047438 + PPPIOCBRIDGECHAN = 0x40047435 + PPPIOCCONNECT = 0x4004743a + PPPIOCDETACH = 0x4004743c + PPPIOCDISCONN = 0x7439 + PPPIOCGASYNCMAP = 0x80047458 + PPPIOCGCHAN = 0x80047437 + PPPIOCGDEBUG = 0x80047441 + PPPIOCGFLAGS = 0x8004745a + PPPIOCGIDLE = 0x8010743f + PPPIOCGIDLE32 = 0x8008743f + PPPIOCGIDLE64 = 0x8010743f + PPPIOCGL2TPSTATS = 0x80487436 + PPPIOCGMRU = 0x80047453 + PPPIOCGRASYNCMAP = 0x80047455 + PPPIOCGUNIT = 0x80047456 + PPPIOCGXASYNCMAP = 0x80207450 + PPPIOCSACTIVE = 0x40107446 + PPPIOCSASYNCMAP = 0x40047457 + PPPIOCSCOMPRESS = 0x4010744d + PPPIOCSDEBUG = 0x40047440 + PPPIOCSFLAGS = 0x40047459 + PPPIOCSMAXCID = 0x40047451 + PPPIOCSMRRU = 0x4004743b + PPPIOCSMRU = 0x40047452 + PPPIOCSNPMODE = 0x4008744b + PPPIOCSPASS = 0x40107447 + PPPIOCSRASYNCMAP = 0x40047454 + PPPIOCSXASYNCMAP = 0x4020744f + PPPIOCUNBRIDGECHAN = 0x7434 + PPPIOCXFERUNIT = 0x744e + PR_SET_PTRACER_ANY = 0xffffffffffffffff + PTRACE_SYSEMU = 0x1f + PTRACE_SYSEMU_SINGLESTEP = 0x20 + RLIMIT_AS = 0x9 + RLIMIT_MEMLOCK = 0x8 + RLIMIT_NOFILE = 0x7 + RLIMIT_NPROC = 0x6 + RLIMIT_RSS = 0x5 + RNDADDENTROPY = 0x40085203 + RNDADDTOENTCNT = 0x40045201 + RNDCLEARPOOL = 0x5206 + RNDGETENTCNT = 0x80045200 + RNDGETPOOL = 0x80085202 + RNDRESEEDCRNG = 0x5207 + RNDZAPENTCNT = 0x5204 + RTC_AIE_OFF = 0x7002 + RTC_AIE_ON = 0x7001 + RTC_ALM_READ = 0x80247008 + RTC_ALM_SET = 0x40247007 + RTC_EPOCH_READ = 0x8008700d + RTC_EPOCH_SET = 0x4008700e + RTC_IRQP_READ = 0x8008700b + RTC_IRQP_SET = 0x4008700c + RTC_PARAM_GET = 0x40187013 + RTC_PARAM_SET = 0x40187014 + RTC_PIE_OFF = 0x7006 + RTC_PIE_ON = 0x7005 + RTC_PLL_GET = 0x80207011 + RTC_PLL_SET = 0x40207012 + RTC_RD_TIME = 0x80247009 + RTC_SET_TIME = 0x4024700a + RTC_UIE_OFF = 0x7004 + RTC_UIE_ON = 0x7003 + RTC_VL_CLR = 0x7014 + RTC_VL_READ = 0x80047013 + RTC_WIE_OFF = 0x7010 + RTC_WIE_ON = 0x700f + RTC_WKALM_RD = 0x80287010 + RTC_WKALM_SET = 0x4028700f + SCM_TIMESTAMPING = 0x25 + SCM_TIMESTAMPING_OPT_STATS = 0x36 + SCM_TIMESTAMPING_PKTINFO = 0x3a + SCM_TIMESTAMPNS = 0x23 + SCM_TXTIME = 0x3d + SCM_WIFI_STATUS = 0x29 + SFD_CLOEXEC = 0x80000 + SFD_NONBLOCK = 0x800 + SIOCATMARK = 0x8905 + SIOCGPGRP = 0x8904 + SIOCGSTAMPNS_NEW = 0x80108907 + SIOCGSTAMP_NEW = 0x80108906 + SIOCINQ = 0x541b + SIOCOUTQ = 0x5411 + SIOCSPGRP = 0x8902 + SOCK_CLOEXEC = 0x80000 + SOCK_DGRAM = 0x2 + SOCK_NONBLOCK = 0x800 + SOCK_STREAM = 0x1 + SOL_SOCKET = 0x1 + SO_ACCEPTCONN = 0x1e + SO_ATTACH_BPF = 0x32 + SO_ATTACH_REUSEPORT_CBPF = 0x33 + SO_ATTACH_REUSEPORT_EBPF = 0x34 + SO_BINDTODEVICE = 0x19 + SO_BINDTOIFINDEX = 0x3e + SO_BPF_EXTENSIONS = 0x30 + SO_BROADCAST = 0x6 + SO_BSDCOMPAT = 0xe + SO_BUF_LOCK = 0x48 + SO_BUSY_POLL = 0x2e + SO_BUSY_POLL_BUDGET = 0x46 + SO_CNX_ADVICE = 0x35 + SO_COOKIE = 0x39 + SO_DETACH_REUSEPORT_BPF = 0x44 + SO_DOMAIN = 0x27 + SO_DONTROUTE = 0x5 + SO_ERROR = 0x4 + SO_INCOMING_CPU = 0x31 + SO_INCOMING_NAPI_ID = 0x38 + SO_KEEPALIVE = 0x9 + SO_LINGER = 0xd + SO_LOCK_FILTER = 0x2c + SO_MARK = 0x24 + SO_MAX_PACING_RATE = 0x2f + SO_MEMINFO = 0x37 + SO_NETNS_COOKIE = 0x47 + SO_NOFCS = 0x2b + SO_OOBINLINE = 0xa + SO_PASSCRED = 0x10 + SO_PASSSEC = 0x22 + SO_PEEK_OFF = 0x2a + SO_PEERCRED = 0x11 + SO_PEERGROUPS = 0x3b + SO_PEERSEC = 0x1f + SO_PREFER_BUSY_POLL = 0x45 + SO_PROTOCOL = 0x26 + SO_RCVBUF = 0x8 + SO_RCVBUFFORCE = 0x21 + SO_RCVLOWAT = 0x12 + SO_RCVTIMEO = 0x14 + SO_RCVTIMEO_NEW = 0x42 + SO_RCVTIMEO_OLD = 0x14 + SO_RESERVE_MEM = 0x49 + SO_REUSEADDR = 0x2 + SO_REUSEPORT = 0xf + SO_RXQ_OVFL = 0x28 + SO_SECURITY_AUTHENTICATION = 0x16 + SO_SECURITY_ENCRYPTION_NETWORK = 0x18 + SO_SECURITY_ENCRYPTION_TRANSPORT = 0x17 + SO_SELECT_ERR_QUEUE = 0x2d + SO_SNDBUF = 0x7 + SO_SNDBUFFORCE = 0x20 + SO_SNDLOWAT = 0x13 + SO_SNDTIMEO = 0x15 + SO_SNDTIMEO_NEW = 0x43 + SO_SNDTIMEO_OLD = 0x15 + SO_TIMESTAMPING = 0x25 + SO_TIMESTAMPING_NEW = 0x41 + SO_TIMESTAMPING_OLD = 0x25 + SO_TIMESTAMPNS = 0x23 + SO_TIMESTAMPNS_NEW = 0x40 + SO_TIMESTAMPNS_OLD = 0x23 + SO_TIMESTAMP_NEW = 0x3f + SO_TXTIME = 0x3d + SO_TYPE = 0x3 + SO_WIFI_STATUS = 0x29 + SO_ZEROCOPY = 0x3c + TAB1 = 0x800 + TAB2 = 0x1000 + TAB3 = 0x1800 + TABDLY = 0x1800 + TCFLSH = 0x540b + TCGETA = 0x5405 + TCGETS = 0x5401 + TCGETS2 = 0x802c542a + TCGETX = 0x5432 + TCSAFLUSH = 0x2 + TCSBRK = 0x5409 + TCSBRKP = 0x5425 + TCSETA = 0x5406 + TCSETAF = 0x5408 + TCSETAW = 0x5407 + TCSETS = 0x5402 + TCSETS2 = 0x402c542b + TCSETSF = 0x5404 + TCSETSF2 = 0x402c542d + TCSETSW = 0x5403 + TCSETSW2 = 0x402c542c + TCSETX = 0x5433 + TCSETXF = 0x5434 + TCSETXW = 0x5435 + TCXONC = 0x540a + TFD_CLOEXEC = 0x80000 + TFD_NONBLOCK = 0x800 + TIOCCBRK = 0x5428 + TIOCCONS = 0x541d + TIOCEXCL = 0x540c + TIOCGDEV = 0x80045432 + TIOCGETD = 0x5424 + TIOCGEXCL = 0x80045440 + TIOCGICOUNT = 0x545d + TIOCGISO7816 = 0x80285442 + TIOCGLCKTRMIOS = 0x5456 + TIOCGPGRP = 0x540f + TIOCGPKT = 0x80045438 + TIOCGPTLCK = 0x80045439 + TIOCGPTN = 0x80045430 + TIOCGPTPEER = 0x5441 + TIOCGRS485 = 0x542e + TIOCGSERIAL = 0x541e + TIOCGSID = 0x5429 + TIOCGSOFTCAR = 0x5419 + TIOCGWINSZ = 0x5413 + TIOCINQ = 0x541b + TIOCLINUX = 0x541c + TIOCMBIC = 0x5417 + TIOCMBIS = 0x5416 + TIOCMGET = 0x5415 + TIOCMIWAIT = 0x545c + TIOCMSET = 0x5418 + TIOCM_CAR = 0x40 + TIOCM_CD = 0x40 + TIOCM_CTS = 0x20 + TIOCM_DSR = 0x100 + TIOCM_RI = 0x80 + TIOCM_RNG = 0x80 + TIOCM_SR = 0x10 + TIOCM_ST = 0x8 + TIOCNOTTY = 0x5422 + TIOCNXCL = 0x540d + TIOCOUTQ = 0x5411 + TIOCPKT = 0x5420 + TIOCSBRK = 0x5427 + TIOCSCTTY = 0x540e + TIOCSERCONFIG = 0x5453 + TIOCSERGETLSR = 0x5459 + TIOCSERGETMULTI = 0x545a + TIOCSERGSTRUCT = 0x5458 + TIOCSERGWILD = 0x5454 + TIOCSERSETMULTI = 0x545b + TIOCSERSWILD = 0x5455 + TIOCSER_TEMT = 0x1 + TIOCSETD = 0x5423 + TIOCSIG = 0x40045436 + TIOCSISO7816 = 0xc0285443 + TIOCSLCKTRMIOS = 0x5457 + TIOCSPGRP = 0x5410 + TIOCSPTLCK = 0x40045431 + TIOCSRS485 = 0x542f + TIOCSSERIAL = 0x541f + TIOCSSOFTCAR = 0x541a + TIOCSTI = 0x5412 + TIOCSWINSZ = 0x5414 + TIOCVHANGUP = 0x5437 + TOSTOP = 0x100 + TUNATTACHFILTER = 0x401054d5 + TUNDETACHFILTER = 0x401054d6 + TUNGETDEVNETNS = 0x54e3 + TUNGETFEATURES = 0x800454cf + TUNGETFILTER = 0x801054db + TUNGETIFF = 0x800454d2 + TUNGETSNDBUF = 0x800454d3 + TUNGETVNETBE = 0x800454df + TUNGETVNETHDRSZ = 0x800454d7 + TUNGETVNETLE = 0x800454dd + TUNSETCARRIER = 0x400454e2 + TUNSETDEBUG = 0x400454c9 + TUNSETFILTEREBPF = 0x800454e1 + TUNSETGROUP = 0x400454ce + TUNSETIFF = 0x400454ca + TUNSETIFINDEX = 0x400454da + TUNSETLINK = 0x400454cd + TUNSETNOCSUM = 0x400454c8 + TUNSETOFFLOAD = 0x400454d0 + TUNSETOWNER = 0x400454cc + TUNSETPERSIST = 0x400454cb + TUNSETQUEUE = 0x400454d9 + TUNSETSNDBUF = 0x400454d4 + TUNSETSTEERINGEBPF = 0x800454e0 + TUNSETTXFILTER = 0x400454d1 + TUNSETVNETBE = 0x400454de + TUNSETVNETHDRSZ = 0x400454d8 + TUNSETVNETLE = 0x400454dc + UBI_IOCATT = 0x40186f40 + UBI_IOCDET = 0x40046f41 + UBI_IOCEBCH = 0x40044f02 + UBI_IOCEBER = 0x40044f01 + UBI_IOCEBISMAP = 0x80044f05 + UBI_IOCEBMAP = 0x40084f03 + UBI_IOCEBUNMAP = 0x40044f04 + UBI_IOCMKVOL = 0x40986f00 + UBI_IOCRMVOL = 0x40046f01 + UBI_IOCRNVOL = 0x51106f03 + UBI_IOCRPEB = 0x40046f04 + UBI_IOCRSVOL = 0x400c6f02 + UBI_IOCSETVOLPROP = 0x40104f06 + UBI_IOCSPEB = 0x40046f05 + UBI_IOCVOLCRBLK = 0x40804f07 + UBI_IOCVOLRMBLK = 0x4f08 + UBI_IOCVOLUP = 0x40084f00 + VDISCARD = 0xd + VEOF = 0x4 + VEOL = 0xb + VEOL2 = 0x10 + VMIN = 0x6 + VREPRINT = 0xc + VSTART = 0x8 + VSTOP = 0x9 + VSUSP = 0xa + VSWTC = 0x7 + VT1 = 0x4000 + VTDLY = 0x4000 + VTIME = 0x5 + VWERASE = 0xe + WDIOC_GETBOOTSTATUS = 0x80045702 + WDIOC_GETPRETIMEOUT = 0x80045709 + WDIOC_GETSTATUS = 0x80045701 + WDIOC_GETSUPPORT = 0x80285700 + WDIOC_GETTEMP = 0x80045703 + WDIOC_GETTIMELEFT = 0x8004570a + WDIOC_GETTIMEOUT = 0x80045707 + WDIOC_KEEPALIVE = 0x80045705 + WDIOC_SETOPTIONS = 0x80045704 + WORDSIZE = 0x40 + XCASE = 0x4 + XTABS = 0x1800 + _HIDIOCGRAWNAME = 0x80804804 + _HIDIOCGRAWPHYS = 0x80404805 + _HIDIOCGRAWUNIQ = 0x80404808 +) + +// Errors +const ( + EADDRINUSE = syscall.Errno(0x62) + EADDRNOTAVAIL = syscall.Errno(0x63) + EADV = syscall.Errno(0x44) + EAFNOSUPPORT = syscall.Errno(0x61) + EALREADY = syscall.Errno(0x72) + EBADE = syscall.Errno(0x34) + EBADFD = syscall.Errno(0x4d) + EBADMSG = syscall.Errno(0x4a) + EBADR = syscall.Errno(0x35) + EBADRQC = syscall.Errno(0x38) + EBADSLT = syscall.Errno(0x39) + EBFONT = syscall.Errno(0x3b) + ECANCELED = syscall.Errno(0x7d) + ECHRNG = syscall.Errno(0x2c) + ECOMM = syscall.Errno(0x46) + ECONNABORTED = syscall.Errno(0x67) + ECONNREFUSED = syscall.Errno(0x6f) + ECONNRESET = syscall.Errno(0x68) + EDEADLK = syscall.Errno(0x23) + EDEADLOCK = syscall.Errno(0x23) + EDESTADDRREQ = syscall.Errno(0x59) + EDOTDOT = syscall.Errno(0x49) + EDQUOT = syscall.Errno(0x7a) + EHOSTDOWN = syscall.Errno(0x70) + EHOSTUNREACH = syscall.Errno(0x71) + EHWPOISON = syscall.Errno(0x85) + EIDRM = syscall.Errno(0x2b) + EILSEQ = syscall.Errno(0x54) + EINPROGRESS = syscall.Errno(0x73) + EISCONN = syscall.Errno(0x6a) + EISNAM = syscall.Errno(0x78) + EKEYEXPIRED = syscall.Errno(0x7f) + EKEYREJECTED = syscall.Errno(0x81) + EKEYREVOKED = syscall.Errno(0x80) + EL2HLT = syscall.Errno(0x33) + EL2NSYNC = syscall.Errno(0x2d) + EL3HLT = syscall.Errno(0x2e) + EL3RST = syscall.Errno(0x2f) + ELIBACC = syscall.Errno(0x4f) + ELIBBAD = syscall.Errno(0x50) + ELIBEXEC = syscall.Errno(0x53) + ELIBMAX = syscall.Errno(0x52) + ELIBSCN = syscall.Errno(0x51) + ELNRNG = syscall.Errno(0x30) + ELOOP = syscall.Errno(0x28) + EMEDIUMTYPE = syscall.Errno(0x7c) + EMSGSIZE = syscall.Errno(0x5a) + EMULTIHOP = syscall.Errno(0x48) + ENAMETOOLONG = syscall.Errno(0x24) + ENAVAIL = syscall.Errno(0x77) + ENETDOWN = syscall.Errno(0x64) + ENETRESET = syscall.Errno(0x66) + ENETUNREACH = syscall.Errno(0x65) + ENOANO = syscall.Errno(0x37) + ENOBUFS = syscall.Errno(0x69) + ENOCSI = syscall.Errno(0x32) + ENODATA = syscall.Errno(0x3d) + ENOKEY = syscall.Errno(0x7e) + ENOLCK = syscall.Errno(0x25) + ENOLINK = syscall.Errno(0x43) + ENOMEDIUM = syscall.Errno(0x7b) + ENOMSG = syscall.Errno(0x2a) + ENONET = syscall.Errno(0x40) + ENOPKG = syscall.Errno(0x41) + ENOPROTOOPT = syscall.Errno(0x5c) + ENOSR = syscall.Errno(0x3f) + ENOSTR = syscall.Errno(0x3c) + ENOSYS = syscall.Errno(0x26) + ENOTCONN = syscall.Errno(0x6b) + ENOTEMPTY = syscall.Errno(0x27) + ENOTNAM = syscall.Errno(0x76) + ENOTRECOVERABLE = syscall.Errno(0x83) + ENOTSOCK = syscall.Errno(0x58) + ENOTSUP = syscall.Errno(0x5f) + ENOTUNIQ = syscall.Errno(0x4c) + EOPNOTSUPP = syscall.Errno(0x5f) + EOVERFLOW = syscall.Errno(0x4b) + EOWNERDEAD = syscall.Errno(0x82) + EPFNOSUPPORT = syscall.Errno(0x60) + EPROTO = syscall.Errno(0x47) + EPROTONOSUPPORT = syscall.Errno(0x5d) + EPROTOTYPE = syscall.Errno(0x5b) + EREMCHG = syscall.Errno(0x4e) + EREMOTE = syscall.Errno(0x42) + EREMOTEIO = syscall.Errno(0x79) + ERESTART = syscall.Errno(0x55) + ERFKILL = syscall.Errno(0x84) + ESHUTDOWN = syscall.Errno(0x6c) + ESOCKTNOSUPPORT = syscall.Errno(0x5e) + ESRMNT = syscall.Errno(0x45) + ESTALE = syscall.Errno(0x74) + ESTRPIPE = syscall.Errno(0x56) + ETIME = syscall.Errno(0x3e) + ETIMEDOUT = syscall.Errno(0x6e) + ETOOMANYREFS = syscall.Errno(0x6d) + EUCLEAN = syscall.Errno(0x75) + EUNATCH = syscall.Errno(0x31) + EUSERS = syscall.Errno(0x57) + EXFULL = syscall.Errno(0x36) +) + +// Signals +const ( + SIGBUS = syscall.Signal(0x7) + SIGCHLD = syscall.Signal(0x11) + SIGCLD = syscall.Signal(0x11) + SIGCONT = syscall.Signal(0x12) + SIGIO = syscall.Signal(0x1d) + SIGPOLL = syscall.Signal(0x1d) + SIGPROF = syscall.Signal(0x1b) + SIGPWR = syscall.Signal(0x1e) + SIGSTKFLT = syscall.Signal(0x10) + SIGSTOP = syscall.Signal(0x13) + SIGSYS = syscall.Signal(0x1f) + SIGTSTP = syscall.Signal(0x14) + SIGTTIN = syscall.Signal(0x15) + SIGTTOU = syscall.Signal(0x16) + SIGURG = syscall.Signal(0x17) + SIGUSR1 = syscall.Signal(0xa) + SIGUSR2 = syscall.Signal(0xc) + SIGVTALRM = syscall.Signal(0x1a) + SIGWINCH = syscall.Signal(0x1c) + SIGXCPU = syscall.Signal(0x18) + SIGXFSZ = syscall.Signal(0x19) +) + +// Error table +var errorList = [...]struct { + num syscall.Errno + name string + desc string +}{ + {1, "EPERM", "operation not permitted"}, + {2, "ENOENT", "no such file or directory"}, + {3, "ESRCH", "no such process"}, + {4, "EINTR", "interrupted system call"}, + {5, "EIO", "input/output error"}, + {6, "ENXIO", "no such device or address"}, + {7, "E2BIG", "argument list too long"}, + {8, "ENOEXEC", "exec format error"}, + {9, "EBADF", "bad file descriptor"}, + {10, "ECHILD", "no child processes"}, + {11, "EAGAIN", "resource temporarily unavailable"}, + {12, "ENOMEM", "cannot allocate memory"}, + {13, "EACCES", "permission denied"}, + {14, "EFAULT", "bad address"}, + {15, "ENOTBLK", "block device required"}, + {16, "EBUSY", "device or resource busy"}, + {17, "EEXIST", "file exists"}, + {18, "EXDEV", "invalid cross-device link"}, + {19, "ENODEV", "no such device"}, + {20, "ENOTDIR", "not a directory"}, + {21, "EISDIR", "is a directory"}, + {22, "EINVAL", "invalid argument"}, + {23, "ENFILE", "too many open files in system"}, + {24, "EMFILE", "too many open files"}, + {25, "ENOTTY", "inappropriate ioctl for device"}, + {26, "ETXTBSY", "text file busy"}, + {27, "EFBIG", "file too large"}, + {28, "ENOSPC", "no space left on device"}, + {29, "ESPIPE", "illegal seek"}, + {30, "EROFS", "read-only file system"}, + {31, "EMLINK", "too many links"}, + {32, "EPIPE", "broken pipe"}, + {33, "EDOM", "numerical argument out of domain"}, + {34, "ERANGE", "numerical result out of range"}, + {35, "EDEADLK", "resource deadlock avoided"}, + {36, "ENAMETOOLONG", "file name too long"}, + {37, "ENOLCK", "no locks available"}, + {38, "ENOSYS", "function not implemented"}, + {39, "ENOTEMPTY", "directory not empty"}, + {40, "ELOOP", "too many levels of symbolic links"}, + {42, "ENOMSG", "no message of desired type"}, + {43, "EIDRM", "identifier removed"}, + {44, "ECHRNG", "channel number out of range"}, + {45, "EL2NSYNC", "level 2 not synchronized"}, + {46, "EL3HLT", "level 3 halted"}, + {47, "EL3RST", "level 3 reset"}, + {48, "ELNRNG", "link number out of range"}, + {49, "EUNATCH", "protocol driver not attached"}, + {50, "ENOCSI", "no CSI structure available"}, + {51, "EL2HLT", "level 2 halted"}, + {52, "EBADE", "invalid exchange"}, + {53, "EBADR", "invalid request descriptor"}, + {54, "EXFULL", "exchange full"}, + {55, "ENOANO", "no anode"}, + {56, "EBADRQC", "invalid request code"}, + {57, "EBADSLT", "invalid slot"}, + {59, "EBFONT", "bad font file format"}, + {60, "ENOSTR", "device not a stream"}, + {61, "ENODATA", "no data available"}, + {62, "ETIME", "timer expired"}, + {63, "ENOSR", "out of streams resources"}, + {64, "ENONET", "machine is not on the network"}, + {65, "ENOPKG", "package not installed"}, + {66, "EREMOTE", "object is remote"}, + {67, "ENOLINK", "link has been severed"}, + {68, "EADV", "advertise error"}, + {69, "ESRMNT", "srmount error"}, + {70, "ECOMM", "communication error on send"}, + {71, "EPROTO", "protocol error"}, + {72, "EMULTIHOP", "multihop attempted"}, + {73, "EDOTDOT", "RFS specific error"}, + {74, "EBADMSG", "bad message"}, + {75, "EOVERFLOW", "value too large for defined data type"}, + {76, "ENOTUNIQ", "name not unique on network"}, + {77, "EBADFD", "file descriptor in bad state"}, + {78, "EREMCHG", "remote address changed"}, + {79, "ELIBACC", "can not access a needed shared library"}, + {80, "ELIBBAD", "accessing a corrupted shared library"}, + {81, "ELIBSCN", ".lib section in a.out corrupted"}, + {82, "ELIBMAX", "attempting to link in too many shared libraries"}, + {83, "ELIBEXEC", "cannot exec a shared library directly"}, + {84, "EILSEQ", "invalid or incomplete multibyte or wide character"}, + {85, "ERESTART", "interrupted system call should be restarted"}, + {86, "ESTRPIPE", "streams pipe error"}, + {87, "EUSERS", "too many users"}, + {88, "ENOTSOCK", "socket operation on non-socket"}, + {89, "EDESTADDRREQ", "destination address required"}, + {90, "EMSGSIZE", "message too long"}, + {91, "EPROTOTYPE", "protocol wrong type for socket"}, + {92, "ENOPROTOOPT", "protocol not available"}, + {93, "EPROTONOSUPPORT", "protocol not supported"}, + {94, "ESOCKTNOSUPPORT", "socket type not supported"}, + {95, "ENOTSUP", "operation not supported"}, + {96, "EPFNOSUPPORT", "protocol family not supported"}, + {97, "EAFNOSUPPORT", "address family not supported by protocol"}, + {98, "EADDRINUSE", "address already in use"}, + {99, "EADDRNOTAVAIL", "cannot assign requested address"}, + {100, "ENETDOWN", "network is down"}, + {101, "ENETUNREACH", "network is unreachable"}, + {102, "ENETRESET", "network dropped connection on reset"}, + {103, "ECONNABORTED", "software caused connection abort"}, + {104, "ECONNRESET", "connection reset by peer"}, + {105, "ENOBUFS", "no buffer space available"}, + {106, "EISCONN", "transport endpoint is already connected"}, + {107, "ENOTCONN", "transport endpoint is not connected"}, + {108, "ESHUTDOWN", "cannot send after transport endpoint shutdown"}, + {109, "ETOOMANYREFS", "too many references: cannot splice"}, + {110, "ETIMEDOUT", "connection timed out"}, + {111, "ECONNREFUSED", "connection refused"}, + {112, "EHOSTDOWN", "host is down"}, + {113, "EHOSTUNREACH", "no route to host"}, + {114, "EALREADY", "operation already in progress"}, + {115, "EINPROGRESS", "operation now in progress"}, + {116, "ESTALE", "stale file handle"}, + {117, "EUCLEAN", "structure needs cleaning"}, + {118, "ENOTNAM", "not a XENIX named type file"}, + {119, "ENAVAIL", "no XENIX semaphores available"}, + {120, "EISNAM", "is a named type file"}, + {121, "EREMOTEIO", "remote I/O error"}, + {122, "EDQUOT", "disk quota exceeded"}, + {123, "ENOMEDIUM", "no medium found"}, + {124, "EMEDIUMTYPE", "wrong medium type"}, + {125, "ECANCELED", "operation canceled"}, + {126, "ENOKEY", "required key not available"}, + {127, "EKEYEXPIRED", "key has expired"}, + {128, "EKEYREVOKED", "key has been revoked"}, + {129, "EKEYREJECTED", "key was rejected by service"}, + {130, "EOWNERDEAD", "owner died"}, + {131, "ENOTRECOVERABLE", "state not recoverable"}, + {132, "ERFKILL", "operation not possible due to RF-kill"}, + {133, "EHWPOISON", "memory page has hardware error"}, +} + +// Signal table +var signalList = [...]struct { + num syscall.Signal + name string + desc string +}{ + {1, "SIGHUP", "hangup"}, + {2, "SIGINT", "interrupt"}, + {3, "SIGQUIT", "quit"}, + {4, "SIGILL", "illegal instruction"}, + {5, "SIGTRAP", "trace/breakpoint trap"}, + {6, "SIGABRT", "aborted"}, + {7, "SIGBUS", "bus error"}, + {8, "SIGFPE", "floating point exception"}, + {9, "SIGKILL", "killed"}, + {10, "SIGUSR1", "user defined signal 1"}, + {11, "SIGSEGV", "segmentation fault"}, + {12, "SIGUSR2", "user defined signal 2"}, + {13, "SIGPIPE", "broken pipe"}, + {14, "SIGALRM", "alarm clock"}, + {15, "SIGTERM", "terminated"}, + {16, "SIGSTKFLT", "stack fault"}, + {17, "SIGCHLD", "child exited"}, + {18, "SIGCONT", "continued"}, + {19, "SIGSTOP", "stopped (signal)"}, + {20, "SIGTSTP", "stopped"}, + {21, "SIGTTIN", "stopped (tty input)"}, + {22, "SIGTTOU", "stopped (tty output)"}, + {23, "SIGURG", "urgent I/O condition"}, + {24, "SIGXCPU", "CPU time limit exceeded"}, + {25, "SIGXFSZ", "file size limit exceeded"}, + {26, "SIGVTALRM", "virtual timer expired"}, + {27, "SIGPROF", "profiling timer expired"}, + {28, "SIGWINCH", "window changed"}, + {29, "SIGIO", "I/O possible"}, + {30, "SIGPWR", "power failure"}, + {31, "SIGSYS", "bad system call"}, +} diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go index 14d7a84399d..7f44a495b7e 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go @@ -5,7 +5,7 @@ // +build mips,linux // Code generated by cmd/cgo -godefs; DO NOT EDIT. -// cgo -godefs -- -Wall -Werror -static -I/tmp/include /build/unix/_const.go +// cgo -godefs -- -Wall -Werror -static -I/tmp/include _const.go package unix diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go index 99e7c4ac0b4..2f92b4e48ed 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go @@ -5,7 +5,7 @@ // +build mips64,linux // Code generated by cmd/cgo -godefs; DO NOT EDIT. -// cgo -godefs -- -Wall -Werror -static -I/tmp/include /build/unix/_const.go +// cgo -godefs -- -Wall -Werror -static -I/tmp/include _const.go package unix diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go index 496364c33cc..f5367a966b3 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go @@ -5,7 +5,7 @@ // +build mips64le,linux // Code generated by cmd/cgo -godefs; DO NOT EDIT. -// cgo -godefs -- -Wall -Werror -static -I/tmp/include /build/unix/_const.go +// cgo -godefs -- -Wall -Werror -static -I/tmp/include _const.go package unix diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go index 3e40830857d..2e22337d7cf 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go @@ -5,7 +5,7 @@ // +build mipsle,linux // Code generated by cmd/cgo -godefs; DO NOT EDIT. -// cgo -godefs -- -Wall -Werror -static -I/tmp/include /build/unix/_const.go +// cgo -godefs -- -Wall -Werror -static -I/tmp/include _const.go package unix diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go index 1151a7dfab3..858c4f30f5b 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go @@ -5,7 +5,7 @@ // +build ppc,linux // Code generated by cmd/cgo -godefs; DO NOT EDIT. -// cgo -godefs -- -Wall -Werror -static -I/tmp/include /build/unix/_const.go +// cgo -godefs -- -Wall -Werror -static -I/tmp/include _const.go package unix diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go index ed17f249e75..af2a7ba6e61 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go @@ -5,7 +5,7 @@ // +build ppc64,linux // Code generated by cmd/cgo -godefs; DO NOT EDIT. -// cgo -godefs -- -Wall -Werror -static -I/tmp/include /build/unix/_const.go +// cgo -godefs -- -Wall -Werror -static -I/tmp/include _const.go package unix diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go index d84a37c1ac2..eaa2eb8e246 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go @@ -5,7 +5,7 @@ // +build ppc64le,linux // Code generated by cmd/cgo -godefs; DO NOT EDIT. -// cgo -godefs -- -Wall -Werror -static -I/tmp/include /build/unix/_const.go +// cgo -godefs -- -Wall -Werror -static -I/tmp/include _const.go package unix diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go index 5cafba83f6b..faaa9f06378 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go @@ -5,7 +5,7 @@ // +build riscv64,linux // Code generated by cmd/cgo -godefs; DO NOT EDIT. -// cgo -godefs -- -Wall -Werror -static -I/tmp/include /build/unix/_const.go +// cgo -godefs -- -Wall -Werror -static -I/tmp/include _const.go package unix diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go index 6d122da41c5..0d161f0b75f 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go @@ -5,7 +5,7 @@ // +build s390x,linux // Code generated by cmd/cgo -godefs; DO NOT EDIT. -// cgo -godefs -- -Wall -Werror -static -I/tmp/include -fsigned-char /build/unix/_const.go +// cgo -godefs -- -Wall -Werror -static -I/tmp/include -fsigned-char _const.go package unix diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go index 6bd19e51dbb..4fd497a3e39 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go @@ -5,7 +5,7 @@ // +build sparc64,linux // Code generated by cmd/cgo -godefs; DO NOT EDIT. -// cgo -godefs -- -Wall -Werror -static -I/tmp/include /build/unix/_const.go +// cgo -godefs -- -Wall -Werror -static -I/tmp/include _const.go package unix diff --git a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go index 85e0cc38667..870215d2c47 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go @@ -975,7 +975,7 @@ func Pause() (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Pread(fd int, p []byte, offset int64) (n int, err error) { +func pread(fd int, p []byte, offset int64) (n int, err error) { var _p0 *byte if len(p) > 0 { _p0 = &p[0] @@ -992,7 +992,7 @@ func Pread(fd int, p []byte, offset int64) (n int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Pwrite(fd int, p []byte, offset int64) (n int, err error) { +func pwrite(fd int, p []byte, offset int64) (n int, err error) { var _p0 *byte if len(p) > 0 { _p0 = &p[0] diff --git a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go index f1d4a73b089..a89b0bfa53c 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go @@ -931,7 +931,7 @@ func Pause() (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Pread(fd int, p []byte, offset int64) (n int, err error) { +func pread(fd int, p []byte, offset int64) (n int, err error) { var _p0 *byte if len(p) > 0 { _p0 = &p[0] @@ -946,7 +946,7 @@ func Pread(fd int, p []byte, offset int64) (n int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Pwrite(fd int, p []byte, offset int64) (n int, err error) { +func pwrite(fd int, p []byte, offset int64) (n int, err error) { var _p0 *byte if len(p) > 0 { _p0 = &p[0] diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go index 0ae0ed4cb8a..467deed7633 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go @@ -643,17 +643,22 @@ var libc_flistxattr_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func setattrlist(path *byte, list unsafe.Pointer, buf unsafe.Pointer, size uintptr, options int) (err error) { - _, _, e1 := syscall_syscall6(libc_setattrlist_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(list), uintptr(buf), uintptr(size), uintptr(options), 0) +func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := syscall_syscall6(libc_utimensat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), uintptr(flags), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } -var libc_setattrlist_trampoline_addr uintptr +var libc_utimensat_trampoline_addr uintptr -//go:cgo_import_dynamic libc_setattrlist setattrlist "/usr/lib/libSystem.B.dylib" +//go:cgo_import_dynamic libc_utimensat utimensat "/usr/lib/libSystem.B.dylib" // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT @@ -1638,6 +1643,30 @@ var libc_mknod_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func Mount(fsType string, dir string, flags int, data unsafe.Pointer) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(fsType) + if err != nil { + return + } + var _p1 *byte + _p1, err = BytePtrFromString(dir) + if err != nil { + return + } + _, _, e1 := syscall_syscall6(libc_mount_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(flags), uintptr(data), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_mount_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mount mount "/usr/lib/libSystem.B.dylib" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func Open(path string, mode int, perm uint32) (fd int, err error) { var _p0 *byte _p0, err = BytePtrFromString(path) @@ -1698,7 +1727,7 @@ var libc_pathconf_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Pread(fd int, p []byte, offset int64) (n int, err error) { +func pread(fd int, p []byte, offset int64) (n int, err error) { var _p0 unsafe.Pointer if len(p) > 0 { _p0 = unsafe.Pointer(&p[0]) @@ -1719,7 +1748,7 @@ var libc_pread_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Pwrite(fd int, p []byte, offset int64) (n int, err error) { +func pwrite(fd int, p []byte, offset int64) (n int, err error) { var _p0 unsafe.Pointer if len(p) > 0 { _p0 = unsafe.Pointer(&p[0]) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s index eac6ca806f4..7e308a476d9 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s +++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s @@ -228,11 +228,11 @@ TEXT libc_flistxattr_trampoline<>(SB),NOSPLIT,$0-0 GLOBL ·libc_flistxattr_trampoline_addr(SB), RODATA, $8 DATA ·libc_flistxattr_trampoline_addr(SB)/8, $libc_flistxattr_trampoline<>(SB) -TEXT libc_setattrlist_trampoline<>(SB),NOSPLIT,$0-0 - JMP libc_setattrlist(SB) +TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_utimensat(SB) -GLOBL ·libc_setattrlist_trampoline_addr(SB), RODATA, $8 -DATA ·libc_setattrlist_trampoline_addr(SB)/8, $libc_setattrlist_trampoline<>(SB) +GLOBL ·libc_utimensat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_utimensat_trampoline_addr(SB)/8, $libc_utimensat_trampoline<>(SB) TEXT libc_fcntl_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fcntl(SB) @@ -600,6 +600,12 @@ TEXT libc_mknod_trampoline<>(SB),NOSPLIT,$0-0 GLOBL ·libc_mknod_trampoline_addr(SB), RODATA, $8 DATA ·libc_mknod_trampoline_addr(SB)/8, $libc_mknod_trampoline<>(SB) +TEXT libc_mount_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_mount(SB) + +GLOBL ·libc_mount_trampoline_addr(SB), RODATA, $8 +DATA ·libc_mount_trampoline_addr(SB)/8, $libc_mount_trampoline<>(SB) + TEXT libc_open_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_open(SB) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go index cf71be3edb3..35938d34ff8 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go @@ -643,17 +643,22 @@ var libc_flistxattr_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func setattrlist(path *byte, list unsafe.Pointer, buf unsafe.Pointer, size uintptr, options int) (err error) { - _, _, e1 := syscall_syscall6(libc_setattrlist_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(list), uintptr(buf), uintptr(size), uintptr(options), 0) +func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := syscall_syscall6(libc_utimensat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), uintptr(flags), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } -var libc_setattrlist_trampoline_addr uintptr +var libc_utimensat_trampoline_addr uintptr -//go:cgo_import_dynamic libc_setattrlist setattrlist "/usr/lib/libSystem.B.dylib" +//go:cgo_import_dynamic libc_utimensat utimensat "/usr/lib/libSystem.B.dylib" // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT @@ -1638,6 +1643,30 @@ var libc_mknod_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func Mount(fsType string, dir string, flags int, data unsafe.Pointer) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(fsType) + if err != nil { + return + } + var _p1 *byte + _p1, err = BytePtrFromString(dir) + if err != nil { + return + } + _, _, e1 := syscall_syscall6(libc_mount_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(flags), uintptr(data), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_mount_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mount mount "/usr/lib/libSystem.B.dylib" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func Open(path string, mode int, perm uint32) (fd int, err error) { var _p0 *byte _p0, err = BytePtrFromString(path) @@ -1698,7 +1727,7 @@ var libc_pathconf_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Pread(fd int, p []byte, offset int64) (n int, err error) { +func pread(fd int, p []byte, offset int64) (n int, err error) { var _p0 unsafe.Pointer if len(p) > 0 { _p0 = unsafe.Pointer(&p[0]) @@ -1719,7 +1748,7 @@ var libc_pread_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Pwrite(fd int, p []byte, offset int64) (n int, err error) { +func pwrite(fd int, p []byte, offset int64) (n int, err error) { var _p0 unsafe.Pointer if len(p) > 0 { _p0 = unsafe.Pointer(&p[0]) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s index 4ebcf217585..b09e5bb0e20 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s +++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s @@ -228,11 +228,11 @@ TEXT libc_flistxattr_trampoline<>(SB),NOSPLIT,$0-0 GLOBL ·libc_flistxattr_trampoline_addr(SB), RODATA, $8 DATA ·libc_flistxattr_trampoline_addr(SB)/8, $libc_flistxattr_trampoline<>(SB) -TEXT libc_setattrlist_trampoline<>(SB),NOSPLIT,$0-0 - JMP libc_setattrlist(SB) +TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_utimensat(SB) -GLOBL ·libc_setattrlist_trampoline_addr(SB), RODATA, $8 -DATA ·libc_setattrlist_trampoline_addr(SB)/8, $libc_setattrlist_trampoline<>(SB) +GLOBL ·libc_utimensat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_utimensat_trampoline_addr(SB)/8, $libc_utimensat_trampoline<>(SB) TEXT libc_fcntl_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fcntl(SB) @@ -600,6 +600,12 @@ TEXT libc_mknod_trampoline<>(SB),NOSPLIT,$0-0 GLOBL ·libc_mknod_trampoline_addr(SB), RODATA, $8 DATA ·libc_mknod_trampoline_addr(SB)/8, $libc_mknod_trampoline<>(SB) +TEXT libc_mount_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_mount(SB) + +GLOBL ·libc_mount_trampoline_addr(SB), RODATA, $8 +DATA ·libc_mount_trampoline_addr(SB)/8, $libc_mount_trampoline<>(SB) + TEXT libc_open_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_open(SB) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go index 3e9bddb7b22..e9d9997eeda 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go @@ -1420,7 +1420,7 @@ func Pathconf(path string, name int) (val int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Pread(fd int, p []byte, offset int64) (n int, err error) { +func pread(fd int, p []byte, offset int64) (n int, err error) { var _p0 unsafe.Pointer if len(p) > 0 { _p0 = unsafe.Pointer(&p[0]) @@ -1437,7 +1437,7 @@ func Pread(fd int, p []byte, offset int64) (n int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Pwrite(fd int, p []byte, offset int64) (n int, err error) { +func pwrite(fd int, p []byte, offset int64) (n int, err error) { var _p0 unsafe.Pointer if len(p) > 0 { _p0 = unsafe.Pointer(&p[0]) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go index c72a462b91e..edd373b1a56 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go @@ -1420,7 +1420,7 @@ func Pathconf(path string, name int) (val int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Pread(fd int, p []byte, offset int64) (n int, err error) { +func pread(fd int, p []byte, offset int64) (n int, err error) { var _p0 unsafe.Pointer if len(p) > 0 { _p0 = unsafe.Pointer(&p[0]) @@ -1437,7 +1437,7 @@ func Pread(fd int, p []byte, offset int64) (n int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Pwrite(fd int, p []byte, offset int64) (n int, err error) { +func pwrite(fd int, p []byte, offset int64) (n int, err error) { var _p0 unsafe.Pointer if len(p) > 0 { _p0 = unsafe.Pointer(&p[0]) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go index 530d5df90c0..82e9764b257 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go @@ -1420,7 +1420,7 @@ func Pathconf(path string, name int) (val int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Pread(fd int, p []byte, offset int64) (n int, err error) { +func pread(fd int, p []byte, offset int64) (n int, err error) { var _p0 unsafe.Pointer if len(p) > 0 { _p0 = unsafe.Pointer(&p[0]) @@ -1437,7 +1437,7 @@ func Pread(fd int, p []byte, offset int64) (n int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Pwrite(fd int, p []byte, offset int64) (n int, err error) { +func pwrite(fd int, p []byte, offset int64) (n int, err error) { var _p0 unsafe.Pointer if len(p) > 0 { _p0 = unsafe.Pointer(&p[0]) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go index 71e7df9e855..a6479acd1fc 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go @@ -1420,7 +1420,7 @@ func Pathconf(path string, name int) (val int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Pread(fd int, p []byte, offset int64) (n int, err error) { +func pread(fd int, p []byte, offset int64) (n int, err error) { var _p0 unsafe.Pointer if len(p) > 0 { _p0 = unsafe.Pointer(&p[0]) @@ -1437,7 +1437,7 @@ func Pread(fd int, p []byte, offset int64) (n int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Pwrite(fd int, p []byte, offset int64) (n int, err error) { +func pwrite(fd int, p []byte, offset int64) (n int, err error) { var _p0 unsafe.Pointer if len(p) > 0 { _p0 = unsafe.Pointer(&p[0]) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux.go b/vendor/golang.org/x/sys/unix/zsyscall_linux.go index 30fa4055ec1..bc4a2753114 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux.go @@ -231,6 +231,16 @@ func wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func Waitid(idType int, id int, info *Siginfo, options int, rusage *Rusage) (err error) { + _, _, e1 := Syscall6(SYS_WAITID, uintptr(idType), uintptr(id), uintptr(unsafe.Pointer(info)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func KeyctlInt(cmd int, arg2 int, arg3 int, arg4 int, arg5 int) (ret int, err error) { r0, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), uintptr(arg3), uintptr(arg4), uintptr(arg5), 0) ret = int(r0) @@ -818,6 +828,49 @@ func Fsync(fd int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func Fsmount(fd int, flags int, mountAttrs int) (fsfd int, err error) { + r0, _, e1 := Syscall(SYS_FSMOUNT, uintptr(fd), uintptr(flags), uintptr(mountAttrs)) + fsfd = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Fsopen(fsName string, flags int) (fd int, err error) { + var _p0 *byte + _p0, err = BytePtrFromString(fsName) + if err != nil { + return + } + r0, _, e1 := Syscall(SYS_FSOPEN, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0) + fd = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Fspick(dirfd int, pathName string, flags int) (fd int, err error) { + var _p0 *byte + _p0, err = BytePtrFromString(pathName) + if err != nil { + return + } + r0, _, e1 := Syscall(SYS_FSPICK, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags)) + fd = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func Getdents(fd int, buf []byte) (n int, err error) { var _p0 unsafe.Pointer if len(buf) > 0 { @@ -1195,6 +1248,26 @@ func Mknodat(dirfd int, path string, mode uint32, dev int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func MoveMount(fromDirfd int, fromPathName string, toDirfd int, toPathName string, flags int) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(fromPathName) + if err != nil { + return + } + var _p1 *byte + _p1, err = BytePtrFromString(toPathName) + if err != nil { + return + } + _, _, e1 := Syscall6(SYS_MOVE_MOUNT, uintptr(fromDirfd), uintptr(unsafe.Pointer(_p0)), uintptr(toDirfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func Nanosleep(time *Timespec, leftover *Timespec) (err error) { _, _, e1 := Syscall(SYS_NANOSLEEP, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0) if e1 != 0 { @@ -1205,6 +1278,22 @@ func Nanosleep(time *Timespec, leftover *Timespec) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func OpenTree(dfd int, fileName string, flags uint) (r int, err error) { + var _p0 *byte + _p0, err = BytePtrFromString(fileName) + if err != nil { + return + } + r0, _, e1 := Syscall(SYS_OPEN_TREE, uintptr(dfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags)) + r = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func PerfEventOpen(attr *PerfEventAttr, pid int, cpu int, groupFd int, flags int) (fd int, err error) { r0, _, e1 := Syscall6(SYS_PERF_EVENT_OPEN, uintptr(unsafe.Pointer(attr)), uintptr(pid), uintptr(cpu), uintptr(groupFd), uintptr(flags), 0) fd = int(r0) @@ -1992,6 +2081,16 @@ func PidfdGetfd(pidfd int, targetfd int, flags int) (fd int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func PidfdSendSignal(pidfd int, sig Signal, info *Siginfo, flags int) (err error) { + _, _, e1 := Syscall6(SYS_PIDFD_SEND_SIGNAL, uintptr(pidfd), uintptr(sig), uintptr(unsafe.Pointer(info)), uintptr(flags), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func shmat(id int, addr uintptr, flag int) (ret uintptr, err error) { r0, _, e1 := Syscall(SYS_SHMAT, uintptr(id), uintptr(addr), uintptr(flag)) ret = uintptr(r0) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go index 2fc6271f47c..88af526b7e2 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go @@ -200,7 +200,7 @@ func Lstat(path string, stat *Stat_t) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Pread(fd int, p []byte, offset int64) (n int, err error) { +func pread(fd int, p []byte, offset int64) (n int, err error) { var _p0 unsafe.Pointer if len(p) > 0 { _p0 = unsafe.Pointer(&p[0]) @@ -217,7 +217,7 @@ func Pread(fd int, p []byte, offset int64) (n int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Pwrite(fd int, p []byte, offset int64) (n int, err error) { +func pwrite(fd int, p []byte, offset int64) (n int, err error) { var _p0 unsafe.Pointer if len(p) > 0 { _p0 = unsafe.Pointer(&p[0]) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go index 43d9f012814..2a0c4aa6a63 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go @@ -215,6 +215,17 @@ func Listen(s int, n int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func MemfdSecret(flags int) (fd int, err error) { + r0, _, e1 := Syscall(SYS_MEMFD_SECRET, uintptr(flags), 0, 0) + fd = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func Pause() (err error) { _, _, e1 := Syscall(SYS_PAUSE, 0, 0, 0) if e1 != 0 { @@ -225,7 +236,7 @@ func Pause() (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Pread(fd int, p []byte, offset int64) (n int, err error) { +func pread(fd int, p []byte, offset int64) (n int, err error) { var _p0 unsafe.Pointer if len(p) > 0 { _p0 = unsafe.Pointer(&p[0]) @@ -242,7 +253,7 @@ func Pread(fd int, p []byte, offset int64) (n int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Pwrite(fd int, p []byte, offset int64) (n int, err error) { +func pwrite(fd int, p []byte, offset int64) (n int, err error) { var _p0 unsafe.Pointer if len(p) > 0 { _p0 = unsafe.Pointer(&p[0]) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go index 7df0cb17958..4882bde3af0 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go @@ -538,7 +538,7 @@ func utimes(path string, times *[2]Timeval) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Pread(fd int, p []byte, offset int64) (n int, err error) { +func pread(fd int, p []byte, offset int64) (n int, err error) { var _p0 unsafe.Pointer if len(p) > 0 { _p0 = unsafe.Pointer(&p[0]) @@ -555,7 +555,7 @@ func Pread(fd int, p []byte, offset int64) (n int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Pwrite(fd int, p []byte, offset int64) (n int, err error) { +func pwrite(fd int, p []byte, offset int64) (n int, err error) { var _p0 unsafe.Pointer if len(p) > 0 { _p0 = unsafe.Pointer(&p[0]) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go index 076e8f1c5bb..9f8c24e4343 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go @@ -180,7 +180,18 @@ func Listen(s int, n int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Pread(fd int, p []byte, offset int64) (n int, err error) { +func MemfdSecret(flags int) (fd int, err error) { + r0, _, e1 := Syscall(SYS_MEMFD_SECRET, uintptr(flags), 0, 0) + fd = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func pread(fd int, p []byte, offset int64) (n int, err error) { var _p0 unsafe.Pointer if len(p) > 0 { _p0 = unsafe.Pointer(&p[0]) @@ -197,7 +208,7 @@ func Pread(fd int, p []byte, offset int64) (n int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Pwrite(fd int, p []byte, offset int64) (n int, err error) { +func pwrite(fd int, p []byte, offset int64) (n int, err error) { var _p0 unsafe.Pointer if len(p) > 0 { _p0 = unsafe.Pointer(&p[0]) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_loong64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_loong64.go new file mode 100644 index 00000000000..8cdfbe71e68 --- /dev/null +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_loong64.go @@ -0,0 +1,552 @@ +// go run mksyscall.go -tags linux,loong64 syscall_linux.go syscall_linux_loong64.go +// Code generated by the command above; see README.md. DO NOT EDIT. + +//go:build linux && loong64 +// +build linux,loong64 + +package unix + +import ( + "syscall" + "unsafe" +) + +var _ syscall.Errno + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func fanotifyMark(fd int, flags uint, mask uint64, dirFd int, pathname *byte) (err error) { + _, _, e1 := Syscall6(SYS_FANOTIFY_MARK, uintptr(fd), uintptr(flags), uintptr(mask), uintptr(dirFd), uintptr(unsafe.Pointer(pathname)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Fallocate(fd int, mode uint32, off int64, len int64) (err error) { + _, _, e1 := Syscall6(SYS_FALLOCATE, uintptr(fd), uintptr(mode), uintptr(off), uintptr(len), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Tee(rfd int, wfd int, len int, flags int) (n int64, err error) { + r0, _, e1 := Syscall6(SYS_TEE, uintptr(rfd), uintptr(wfd), uintptr(len), uintptr(flags), 0, 0) + n = int64(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error) { + var _p0 unsafe.Pointer + if len(events) > 0 { + _p0 = unsafe.Pointer(&events[0]) + } else { + _p0 = unsafe.Pointer(&_zero) + } + r0, _, e1 := Syscall6(SYS_EPOLL_PWAIT, uintptr(epfd), uintptr(_p0), uintptr(len(events)), uintptr(msec), 0, 0) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Fadvise(fd int, offset int64, length int64, advice int) (err error) { + _, _, e1 := Syscall6(SYS_FADVISE64, uintptr(fd), uintptr(offset), uintptr(length), uintptr(advice), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Fchown(fd int, uid int, gid int) (err error) { + _, _, e1 := Syscall(SYS_FCHOWN, uintptr(fd), uintptr(uid), uintptr(gid)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Fstat(fd int, stat *Stat_t) (err error) { + _, _, e1 := Syscall(SYS_FSTAT, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := Syscall6(SYS_FSTATAT, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Fstatfs(fd int, buf *Statfs_t) (err error) { + _, _, e1 := Syscall(SYS_FSTATFS, uintptr(fd), uintptr(unsafe.Pointer(buf)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Ftruncate(fd int, length int64) (err error) { + _, _, e1 := Syscall(SYS_FTRUNCATE, uintptr(fd), uintptr(length), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Getegid() (egid int) { + r0, _ := RawSyscallNoError(SYS_GETEGID, 0, 0, 0) + egid = int(r0) + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Geteuid() (euid int) { + r0, _ := RawSyscallNoError(SYS_GETEUID, 0, 0, 0) + euid = int(r0) + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Getgid() (gid int) { + r0, _ := RawSyscallNoError(SYS_GETGID, 0, 0, 0) + gid = int(r0) + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Getuid() (uid int) { + r0, _ := RawSyscallNoError(SYS_GETUID, 0, 0, 0) + uid = int(r0) + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Listen(s int, n int) (err error) { + _, _, e1 := Syscall(SYS_LISTEN, uintptr(s), uintptr(n), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func pread(fd int, p []byte, offset int64) (n int, err error) { + var _p0 unsafe.Pointer + if len(p) > 0 { + _p0 = unsafe.Pointer(&p[0]) + } else { + _p0 = unsafe.Pointer(&_zero) + } + r0, _, e1 := Syscall6(SYS_PREAD64, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func pwrite(fd int, p []byte, offset int64) (n int, err error) { + var _p0 unsafe.Pointer + if len(p) > 0 { + _p0 = unsafe.Pointer(&p[0]) + } else { + _p0 = unsafe.Pointer(&_zero) + } + r0, _, e1 := Syscall6(SYS_PWRITE64, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Seek(fd int, offset int64, whence int) (off int64, err error) { + r0, _, e1 := Syscall(SYS_LSEEK, uintptr(fd), uintptr(offset), uintptr(whence)) + off = int64(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) { + r0, _, e1 := Syscall6(SYS_SENDFILE, uintptr(outfd), uintptr(infd), uintptr(unsafe.Pointer(offset)), uintptr(count), 0, 0) + written = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func setfsgid(gid int) (prev int, err error) { + r0, _, e1 := Syscall(SYS_SETFSGID, uintptr(gid), 0, 0) + prev = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func setfsuid(uid int) (prev int, err error) { + r0, _, e1 := Syscall(SYS_SETFSUID, uintptr(uid), 0, 0) + prev = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Setregid(rgid int, egid int) (err error) { + _, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Setresgid(rgid int, egid int, sgid int) (err error) { + _, _, e1 := RawSyscall(SYS_SETRESGID, uintptr(rgid), uintptr(egid), uintptr(sgid)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Setresuid(ruid int, euid int, suid int) (err error) { + _, _, e1 := RawSyscall(SYS_SETRESUID, uintptr(ruid), uintptr(euid), uintptr(suid)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Setreuid(ruid int, euid int) (err error) { + _, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Shutdown(fd int, how int) (err error) { + _, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error) { + r0, _, e1 := Syscall6(SYS_SPLICE, uintptr(rfd), uintptr(unsafe.Pointer(roff)), uintptr(wfd), uintptr(unsafe.Pointer(woff)), uintptr(len), uintptr(flags)) + n = int64(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Statfs(path string, buf *Statfs_t) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := Syscall(SYS_STATFS, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(buf)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func SyncFileRange(fd int, off int64, n int64, flags int) (err error) { + _, _, e1 := Syscall6(SYS_SYNC_FILE_RANGE, uintptr(fd), uintptr(off), uintptr(n), uintptr(flags), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Truncate(path string, length int64) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := Syscall(SYS_TRUNCATE, uintptr(unsafe.Pointer(_p0)), uintptr(length), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) { + r0, _, e1 := Syscall6(SYS_ACCEPT4, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0) + fd = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) { + _, _, e1 := Syscall(SYS_BIND, uintptr(s), uintptr(addr), uintptr(addrlen)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) { + _, _, e1 := Syscall(SYS_CONNECT, uintptr(s), uintptr(addr), uintptr(addrlen)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func getgroups(n int, list *_Gid_t) (nn int, err error) { + r0, _, e1 := RawSyscall(SYS_GETGROUPS, uintptr(n), uintptr(unsafe.Pointer(list)), 0) + nn = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func setgroups(n int, list *_Gid_t) (err error) { + _, _, e1 := RawSyscall(SYS_SETGROUPS, uintptr(n), uintptr(unsafe.Pointer(list)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) { + _, _, e1 := Syscall6(SYS_GETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) { + _, _, e1 := Syscall6(SYS_SETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func socket(domain int, typ int, proto int) (fd int, err error) { + r0, _, e1 := RawSyscall(SYS_SOCKET, uintptr(domain), uintptr(typ), uintptr(proto)) + fd = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) { + _, _, e1 := RawSyscall6(SYS_SOCKETPAIR, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) { + _, _, e1 := RawSyscall(SYS_GETPEERNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) { + _, _, e1 := RawSyscall(SYS_GETSOCKNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) { + var _p0 unsafe.Pointer + if len(p) > 0 { + _p0 = unsafe.Pointer(&p[0]) + } else { + _p0 = unsafe.Pointer(&_zero) + } + r0, _, e1 := Syscall6(SYS_RECVFROM, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen))) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) { + var _p0 unsafe.Pointer + if len(buf) > 0 { + _p0 = unsafe.Pointer(&buf[0]) + } else { + _p0 = unsafe.Pointer(&_zero) + } + _, _, e1 := Syscall6(SYS_SENDTO, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) { + r0, _, e1 := Syscall(SYS_RECVMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags)) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) { + r0, _, e1 := Syscall(SYS_SENDMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags)) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func mmap(addr uintptr, length uintptr, prot int, flags int, fd int, offset int64) (xaddr uintptr, err error) { + r0, _, e1 := Syscall6(SYS_MMAP, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flags), uintptr(fd), uintptr(offset)) + xaddr = uintptr(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Gettimeofday(tv *Timeval) (err error) { + _, _, e1 := RawSyscall(SYS_GETTIMEOFDAY, uintptr(unsafe.Pointer(tv)), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func kexecFileLoad(kernelFd int, initrdFd int, cmdlineLen int, cmdline string, flags int) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(cmdline) + if err != nil { + return + } + _, _, e1 := Syscall6(SYS_KEXEC_FILE_LOAD, uintptr(kernelFd), uintptr(initrdFd), uintptr(cmdlineLen), uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go index 7b3c8474678..d7d6f42441b 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go @@ -150,7 +150,7 @@ func Listen(s int, n int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Pread(fd int, p []byte, offset int64) (n int, err error) { +func pread(fd int, p []byte, offset int64) (n int, err error) { var _p0 unsafe.Pointer if len(p) > 0 { _p0 = unsafe.Pointer(&p[0]) @@ -167,7 +167,7 @@ func Pread(fd int, p []byte, offset int64) (n int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Pwrite(fd int, p []byte, offset int64) (n int, err error) { +func pwrite(fd int, p []byte, offset int64) (n int, err error) { var _p0 unsafe.Pointer if len(p) > 0 { _p0 = unsafe.Pointer(&p[0]) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go index 0d3c45fbdda..7f1f8e65339 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go @@ -180,7 +180,7 @@ func Pause() (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Pread(fd int, p []byte, offset int64) (n int, err error) { +func pread(fd int, p []byte, offset int64) (n int, err error) { var _p0 unsafe.Pointer if len(p) > 0 { _p0 = unsafe.Pointer(&p[0]) @@ -197,7 +197,7 @@ func Pread(fd int, p []byte, offset int64) (n int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Pwrite(fd int, p []byte, offset int64) (n int, err error) { +func pwrite(fd int, p []byte, offset int64) (n int, err error) { var _p0 unsafe.Pointer if len(p) > 0 { _p0 = unsafe.Pointer(&p[0]) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go index cb46b2aaa22..f933d0f51a1 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go @@ -180,7 +180,7 @@ func Pause() (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Pread(fd int, p []byte, offset int64) (n int, err error) { +func pread(fd int, p []byte, offset int64) (n int, err error) { var _p0 unsafe.Pointer if len(p) > 0 { _p0 = unsafe.Pointer(&p[0]) @@ -197,7 +197,7 @@ func Pread(fd int, p []byte, offset int64) (n int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Pwrite(fd int, p []byte, offset int64) (n int, err error) { +func pwrite(fd int, p []byte, offset int64) (n int, err error) { var _p0 unsafe.Pointer if len(p) > 0 { _p0 = unsafe.Pointer(&p[0]) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go index 21c9baa6ab1..297d0a99822 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go @@ -150,7 +150,7 @@ func Listen(s int, n int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Pread(fd int, p []byte, offset int64) (n int, err error) { +func pread(fd int, p []byte, offset int64) (n int, err error) { var _p0 unsafe.Pointer if len(p) > 0 { _p0 = unsafe.Pointer(&p[0]) @@ -167,7 +167,7 @@ func Pread(fd int, p []byte, offset int64) (n int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Pwrite(fd int, p []byte, offset int64) (n int, err error) { +func pwrite(fd int, p []byte, offset int64) (n int, err error) { var _p0 unsafe.Pointer if len(p) > 0 { _p0 = unsafe.Pointer(&p[0]) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go index 02b8f08871e..2e32e7a449f 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go @@ -210,7 +210,7 @@ func Pause() (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Pread(fd int, p []byte, offset int64) (n int, err error) { +func pread(fd int, p []byte, offset int64) (n int, err error) { var _p0 unsafe.Pointer if len(p) > 0 { _p0 = unsafe.Pointer(&p[0]) @@ -227,7 +227,7 @@ func Pread(fd int, p []byte, offset int64) (n int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Pwrite(fd int, p []byte, offset int64) (n int, err error) { +func pwrite(fd int, p []byte, offset int64) (n int, err error) { var _p0 unsafe.Pointer if len(p) > 0 { _p0 = unsafe.Pointer(&p[0]) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go index ac8cb09ba35..3c531704647 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go @@ -240,7 +240,7 @@ func Pause() (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Pread(fd int, p []byte, offset int64) (n int, err error) { +func pread(fd int, p []byte, offset int64) (n int, err error) { var _p0 unsafe.Pointer if len(p) > 0 { _p0 = unsafe.Pointer(&p[0]) @@ -257,7 +257,7 @@ func Pread(fd int, p []byte, offset int64) (n int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Pwrite(fd int, p []byte, offset int64) (n int, err error) { +func pwrite(fd int, p []byte, offset int64) (n int, err error) { var _p0 unsafe.Pointer if len(p) > 0 { _p0 = unsafe.Pointer(&p[0]) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go index bd08d887a14..a00c6744ecb 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go @@ -240,7 +240,7 @@ func Pause() (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Pread(fd int, p []byte, offset int64) (n int, err error) { +func pread(fd int, p []byte, offset int64) (n int, err error) { var _p0 unsafe.Pointer if len(p) > 0 { _p0 = unsafe.Pointer(&p[0]) @@ -257,7 +257,7 @@ func Pread(fd int, p []byte, offset int64) (n int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Pwrite(fd int, p []byte, offset int64) (n int, err error) { +func pwrite(fd int, p []byte, offset int64) (n int, err error) { var _p0 unsafe.Pointer if len(p) > 0 { _p0 = unsafe.Pointer(&p[0]) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go index a834d217304..a1a9bcbbdf6 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go @@ -180,7 +180,7 @@ func Listen(s int, n int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Pread(fd int, p []byte, offset int64) (n int, err error) { +func pread(fd int, p []byte, offset int64) (n int, err error) { var _p0 unsafe.Pointer if len(p) > 0 { _p0 = unsafe.Pointer(&p[0]) @@ -197,7 +197,7 @@ func Pread(fd int, p []byte, offset int64) (n int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Pwrite(fd int, p []byte, offset int64) (n int, err error) { +func pwrite(fd int, p []byte, offset int64) (n int, err error) { var _p0 unsafe.Pointer if len(p) > 0 { _p0 = unsafe.Pointer(&p[0]) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go index 9e462a96fbe..e0dabc60278 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go @@ -210,7 +210,7 @@ func Pause() (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Pread(fd int, p []byte, offset int64) (n int, err error) { +func pread(fd int, p []byte, offset int64) (n int, err error) { var _p0 unsafe.Pointer if len(p) > 0 { _p0 = unsafe.Pointer(&p[0]) @@ -227,7 +227,7 @@ func Pread(fd int, p []byte, offset int64) (n int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Pwrite(fd int, p []byte, offset int64) (n int, err error) { +func pwrite(fd int, p []byte, offset int64) (n int, err error) { var _p0 unsafe.Pointer if len(p) > 0 { _p0 = unsafe.Pointer(&p[0]) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go index 96d340242c4..368623c0f2e 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go @@ -220,7 +220,7 @@ func Pause() (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Pread(fd int, p []byte, offset int64) (n int, err error) { +func pread(fd int, p []byte, offset int64) (n int, err error) { var _p0 unsafe.Pointer if len(p) > 0 { _p0 = unsafe.Pointer(&p[0]) @@ -237,7 +237,7 @@ func Pread(fd int, p []byte, offset int64) (n int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Pwrite(fd int, p []byte, offset int64) (n int, err error) { +func pwrite(fd int, p []byte, offset int64) (n int, err error) { var _p0 unsafe.Pointer if len(p) > 0 { _p0 = unsafe.Pointer(&p[0]) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go index 51d0c0742bf..4af561a48d8 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go @@ -1330,7 +1330,7 @@ func Pathconf(path string, name int) (val int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Pread(fd int, p []byte, offset int64) (n int, err error) { +func pread(fd int, p []byte, offset int64) (n int, err error) { var _p0 unsafe.Pointer if len(p) > 0 { _p0 = unsafe.Pointer(&p[0]) @@ -1347,7 +1347,7 @@ func Pread(fd int, p []byte, offset int64) (n int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Pwrite(fd int, p []byte, offset int64) (n int, err error) { +func pwrite(fd int, p []byte, offset int64) (n int, err error) { var _p0 unsafe.Pointer if len(p) > 0 { _p0 = unsafe.Pointer(&p[0]) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go index df2efb6db3f..3b90e9448ad 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go @@ -1330,7 +1330,7 @@ func Pathconf(path string, name int) (val int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Pread(fd int, p []byte, offset int64) (n int, err error) { +func pread(fd int, p []byte, offset int64) (n int, err error) { var _p0 unsafe.Pointer if len(p) > 0 { _p0 = unsafe.Pointer(&p[0]) @@ -1347,7 +1347,7 @@ func Pread(fd int, p []byte, offset int64) (n int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Pwrite(fd int, p []byte, offset int64) (n int, err error) { +func pwrite(fd int, p []byte, offset int64) (n int, err error) { var _p0 unsafe.Pointer if len(p) > 0 { _p0 = unsafe.Pointer(&p[0]) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go index c8536c2c9f0..890f4ccd131 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go @@ -1330,7 +1330,7 @@ func Pathconf(path string, name int) (val int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Pread(fd int, p []byte, offset int64) (n int, err error) { +func pread(fd int, p []byte, offset int64) (n int, err error) { var _p0 unsafe.Pointer if len(p) > 0 { _p0 = unsafe.Pointer(&p[0]) @@ -1347,7 +1347,7 @@ func Pread(fd int, p []byte, offset int64) (n int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Pwrite(fd int, p []byte, offset int64) (n int, err error) { +func pwrite(fd int, p []byte, offset int64) (n int, err error) { var _p0 unsafe.Pointer if len(p) > 0 { _p0 = unsafe.Pointer(&p[0]) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go index 8b981bfc2eb..c79f071fc6a 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go @@ -1330,7 +1330,7 @@ func Pathconf(path string, name int) (val int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Pread(fd int, p []byte, offset int64) (n int, err error) { +func pread(fd int, p []byte, offset int64) (n int, err error) { var _p0 unsafe.Pointer if len(p) > 0 { _p0 = unsafe.Pointer(&p[0]) @@ -1347,7 +1347,7 @@ func Pread(fd int, p []byte, offset int64) (n int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Pwrite(fd int, p []byte, offset int64) (n int, err error) { +func pwrite(fd int, p []byte, offset int64) (n int, err error) { var _p0 unsafe.Pointer if len(p) > 0 { _p0 = unsafe.Pointer(&p[0]) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go index 8f80f4ade51..a057fc5d351 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go @@ -1128,7 +1128,7 @@ func Pathconf(path string, name int) (val int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Pread(fd int, p []byte, offset int64) (n int, err error) { +func pread(fd int, p []byte, offset int64) (n int, err error) { var _p0 unsafe.Pointer if len(p) > 0 { _p0 = unsafe.Pointer(&p[0]) @@ -1145,7 +1145,7 @@ func Pread(fd int, p []byte, offset int64) (n int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Pwrite(fd int, p []byte, offset int64) (n int, err error) { +func pwrite(fd int, p []byte, offset int64) (n int, err error) { var _p0 unsafe.Pointer if len(p) > 0 { _p0 = unsafe.Pointer(&p[0]) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go index 3a47aca7bf7..04db8fa2fea 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go @@ -1128,7 +1128,7 @@ func Pathconf(path string, name int) (val int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Pread(fd int, p []byte, offset int64) (n int, err error) { +func pread(fd int, p []byte, offset int64) (n int, err error) { var _p0 unsafe.Pointer if len(p) > 0 { _p0 = unsafe.Pointer(&p[0]) @@ -1145,7 +1145,7 @@ func Pread(fd int, p []byte, offset int64) (n int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Pwrite(fd int, p []byte, offset int64) (n int, err error) { +func pwrite(fd int, p []byte, offset int64) (n int, err error) { var _p0 unsafe.Pointer if len(p) > 0 { _p0 = unsafe.Pointer(&p[0]) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go index 883a9b45e8e..69f80300674 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go @@ -1128,7 +1128,7 @@ func Pathconf(path string, name int) (val int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Pread(fd int, p []byte, offset int64) (n int, err error) { +func pread(fd int, p []byte, offset int64) (n int, err error) { var _p0 unsafe.Pointer if len(p) > 0 { _p0 = unsafe.Pointer(&p[0]) @@ -1145,7 +1145,7 @@ func Pread(fd int, p []byte, offset int64) (n int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Pwrite(fd int, p []byte, offset int64) (n int, err error) { +func pwrite(fd int, p []byte, offset int64) (n int, err error) { var _p0 unsafe.Pointer if len(p) > 0 { _p0 = unsafe.Pointer(&p[0]) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go index aac7fdc95e2..c96a505178f 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go @@ -1128,7 +1128,7 @@ func Pathconf(path string, name int) (val int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Pread(fd int, p []byte, offset int64) (n int, err error) { +func pread(fd int, p []byte, offset int64) (n int, err error) { var _p0 unsafe.Pointer if len(p) > 0 { _p0 = unsafe.Pointer(&p[0]) @@ -1145,7 +1145,7 @@ func Pread(fd int, p []byte, offset int64) (n int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Pwrite(fd int, p []byte, offset int64) (n int, err error) { +func pwrite(fd int, p []byte, offset int64) (n int, err error) { var _p0 unsafe.Pointer if len(p) > 0 { _p0 = unsafe.Pointer(&p[0]) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go index 8776187462b..016d959bc66 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go @@ -1128,7 +1128,7 @@ func Pathconf(path string, name int) (val int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Pread(fd int, p []byte, offset int64) (n int, err error) { +func pread(fd int, p []byte, offset int64) (n int, err error) { var _p0 unsafe.Pointer if len(p) > 0 { _p0 = unsafe.Pointer(&p[0]) @@ -1145,7 +1145,7 @@ func Pread(fd int, p []byte, offset int64) (n int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Pwrite(fd int, p []byte, offset int64) (n int, err error) { +func pwrite(fd int, p []byte, offset int64) (n int, err error) { var _p0 unsafe.Pointer if len(p) > 0 { _p0 = unsafe.Pointer(&p[0]) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go index b5f926cee2a..d12f4fbfea5 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go @@ -227,8 +227,8 @@ import ( //go:linkname procOpenat libc_openat //go:linkname procPathconf libc_pathconf //go:linkname procPause libc_pause -//go:linkname procPread libc_pread -//go:linkname procPwrite libc_pwrite +//go:linkname procpread libc_pread +//go:linkname procpwrite libc_pwrite //go:linkname procread libc_read //go:linkname procReadlink libc_readlink //go:linkname procRename libc_rename @@ -364,8 +364,8 @@ var ( procOpenat, procPathconf, procPause, - procPread, - procPwrite, + procpread, + procpwrite, procread, procReadlink, procRename, @@ -1380,12 +1380,12 @@ func Pause() (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Pread(fd int, p []byte, offset int64) (n int, err error) { +func pread(fd int, p []byte, offset int64) (n int, err error) { var _p0 *byte if len(p) > 0 { _p0 = &p[0] } - r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procPread)), 4, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(len(p)), uintptr(offset), 0, 0) + r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procpread)), 4, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(len(p)), uintptr(offset), 0, 0) n = int(r0) if e1 != 0 { err = e1 @@ -1395,12 +1395,12 @@ func Pread(fd int, p []byte, offset int64) (n int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Pwrite(fd int, p []byte, offset int64) (n int, err error) { +func pwrite(fd int, p []byte, offset int64) (n int, err error) { var _p0 *byte if len(p) > 0 { _p0 = &p[0] } - r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procPwrite)), 4, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(len(p)), uintptr(offset), 0, 0) + r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procpwrite)), 4, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(len(p)), uintptr(offset), 0, 0) n = int(r0) if e1 != 0 { err = e1 diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go index cac1f758bf7..62192e1de2a 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go @@ -446,4 +446,5 @@ const ( SYS_MEMFD_SECRET = 447 SYS_PROCESS_MRELEASE = 448 SYS_FUTEX_WAITV = 449 + SYS_SET_MEMPOLICY_HOME_NODE = 450 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go index f327e4a0bcc..490aab5d215 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go @@ -368,4 +368,5 @@ const ( SYS_MEMFD_SECRET = 447 SYS_PROCESS_MRELEASE = 448 SYS_FUTEX_WAITV = 449 + SYS_SET_MEMPOLICY_HOME_NODE = 450 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go index fb06a08d4ee..aca17b6fad4 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go @@ -410,4 +410,5 @@ const ( SYS_LANDLOCK_RESTRICT_SELF = 446 SYS_PROCESS_MRELEASE = 448 SYS_FUTEX_WAITV = 449 + SYS_SET_MEMPOLICY_HOME_NODE = 450 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go index 58285646eb7..54b4dfa547f 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go @@ -313,4 +313,5 @@ const ( SYS_MEMFD_SECRET = 447 SYS_PROCESS_MRELEASE = 448 SYS_FUTEX_WAITV = 449 + SYS_SET_MEMPOLICY_HOME_NODE = 450 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go new file mode 100644 index 00000000000..e443f9a322c --- /dev/null +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go @@ -0,0 +1,313 @@ +// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/include /tmp/include/asm/unistd.h +// Code generated by the command above; see README.md. DO NOT EDIT. + +//go:build loong64 && linux +// +build loong64,linux + +package unix + +const ( + SYS_IO_SETUP = 0 + SYS_IO_DESTROY = 1 + SYS_IO_SUBMIT = 2 + SYS_IO_CANCEL = 3 + SYS_IO_GETEVENTS = 4 + SYS_SETXATTR = 5 + SYS_LSETXATTR = 6 + SYS_FSETXATTR = 7 + SYS_GETXATTR = 8 + SYS_LGETXATTR = 9 + SYS_FGETXATTR = 10 + SYS_LISTXATTR = 11 + SYS_LLISTXATTR = 12 + SYS_FLISTXATTR = 13 + SYS_REMOVEXATTR = 14 + SYS_LREMOVEXATTR = 15 + SYS_FREMOVEXATTR = 16 + SYS_GETCWD = 17 + SYS_LOOKUP_DCOOKIE = 18 + SYS_EVENTFD2 = 19 + SYS_EPOLL_CREATE1 = 20 + SYS_EPOLL_CTL = 21 + SYS_EPOLL_PWAIT = 22 + SYS_DUP = 23 + SYS_DUP3 = 24 + SYS_FCNTL = 25 + SYS_INOTIFY_INIT1 = 26 + SYS_INOTIFY_ADD_WATCH = 27 + SYS_INOTIFY_RM_WATCH = 28 + SYS_IOCTL = 29 + SYS_IOPRIO_SET = 30 + SYS_IOPRIO_GET = 31 + SYS_FLOCK = 32 + SYS_MKNODAT = 33 + SYS_MKDIRAT = 34 + SYS_UNLINKAT = 35 + SYS_SYMLINKAT = 36 + SYS_LINKAT = 37 + SYS_UMOUNT2 = 39 + SYS_MOUNT = 40 + SYS_PIVOT_ROOT = 41 + SYS_NFSSERVCTL = 42 + SYS_STATFS = 43 + SYS_FSTATFS = 44 + SYS_TRUNCATE = 45 + SYS_FTRUNCATE = 46 + SYS_FALLOCATE = 47 + SYS_FACCESSAT = 48 + SYS_CHDIR = 49 + SYS_FCHDIR = 50 + SYS_CHROOT = 51 + SYS_FCHMOD = 52 + SYS_FCHMODAT = 53 + SYS_FCHOWNAT = 54 + SYS_FCHOWN = 55 + SYS_OPENAT = 56 + SYS_CLOSE = 57 + SYS_VHANGUP = 58 + SYS_PIPE2 = 59 + SYS_QUOTACTL = 60 + SYS_GETDENTS64 = 61 + SYS_LSEEK = 62 + SYS_READ = 63 + SYS_WRITE = 64 + SYS_READV = 65 + SYS_WRITEV = 66 + SYS_PREAD64 = 67 + SYS_PWRITE64 = 68 + SYS_PREADV = 69 + SYS_PWRITEV = 70 + SYS_SENDFILE = 71 + SYS_PSELECT6 = 72 + SYS_PPOLL = 73 + SYS_SIGNALFD4 = 74 + SYS_VMSPLICE = 75 + SYS_SPLICE = 76 + SYS_TEE = 77 + SYS_READLINKAT = 78 + SYS_FSTATAT = 79 + SYS_FSTAT = 80 + SYS_SYNC = 81 + SYS_FSYNC = 82 + SYS_FDATASYNC = 83 + SYS_SYNC_FILE_RANGE = 84 + SYS_TIMERFD_CREATE = 85 + SYS_TIMERFD_SETTIME = 86 + SYS_TIMERFD_GETTIME = 87 + SYS_UTIMENSAT = 88 + SYS_ACCT = 89 + SYS_CAPGET = 90 + SYS_CAPSET = 91 + SYS_PERSONALITY = 92 + SYS_EXIT = 93 + SYS_EXIT_GROUP = 94 + SYS_WAITID = 95 + SYS_SET_TID_ADDRESS = 96 + SYS_UNSHARE = 97 + SYS_FUTEX = 98 + SYS_SET_ROBUST_LIST = 99 + SYS_GET_ROBUST_LIST = 100 + SYS_NANOSLEEP = 101 + SYS_GETITIMER = 102 + SYS_SETITIMER = 103 + SYS_KEXEC_LOAD = 104 + SYS_INIT_MODULE = 105 + SYS_DELETE_MODULE = 106 + SYS_TIMER_CREATE = 107 + SYS_TIMER_GETTIME = 108 + SYS_TIMER_GETOVERRUN = 109 + SYS_TIMER_SETTIME = 110 + SYS_TIMER_DELETE = 111 + SYS_CLOCK_SETTIME = 112 + SYS_CLOCK_GETTIME = 113 + SYS_CLOCK_GETRES = 114 + SYS_CLOCK_NANOSLEEP = 115 + SYS_SYSLOG = 116 + SYS_PTRACE = 117 + SYS_SCHED_SETPARAM = 118 + SYS_SCHED_SETSCHEDULER = 119 + SYS_SCHED_GETSCHEDULER = 120 + SYS_SCHED_GETPARAM = 121 + SYS_SCHED_SETAFFINITY = 122 + SYS_SCHED_GETAFFINITY = 123 + SYS_SCHED_YIELD = 124 + SYS_SCHED_GET_PRIORITY_MAX = 125 + SYS_SCHED_GET_PRIORITY_MIN = 126 + SYS_SCHED_RR_GET_INTERVAL = 127 + SYS_RESTART_SYSCALL = 128 + SYS_KILL = 129 + SYS_TKILL = 130 + SYS_TGKILL = 131 + SYS_SIGALTSTACK = 132 + SYS_RT_SIGSUSPEND = 133 + SYS_RT_SIGACTION = 134 + SYS_RT_SIGPROCMASK = 135 + SYS_RT_SIGPENDING = 136 + SYS_RT_SIGTIMEDWAIT = 137 + SYS_RT_SIGQUEUEINFO = 138 + SYS_RT_SIGRETURN = 139 + SYS_SETPRIORITY = 140 + SYS_GETPRIORITY = 141 + SYS_REBOOT = 142 + SYS_SETREGID = 143 + SYS_SETGID = 144 + SYS_SETREUID = 145 + SYS_SETUID = 146 + SYS_SETRESUID = 147 + SYS_GETRESUID = 148 + SYS_SETRESGID = 149 + SYS_GETRESGID = 150 + SYS_SETFSUID = 151 + SYS_SETFSGID = 152 + SYS_TIMES = 153 + SYS_SETPGID = 154 + SYS_GETPGID = 155 + SYS_GETSID = 156 + SYS_SETSID = 157 + SYS_GETGROUPS = 158 + SYS_SETGROUPS = 159 + SYS_UNAME = 160 + SYS_SETHOSTNAME = 161 + SYS_SETDOMAINNAME = 162 + SYS_GETRUSAGE = 165 + SYS_UMASK = 166 + SYS_PRCTL = 167 + SYS_GETCPU = 168 + SYS_GETTIMEOFDAY = 169 + SYS_SETTIMEOFDAY = 170 + SYS_ADJTIMEX = 171 + SYS_GETPID = 172 + SYS_GETPPID = 173 + SYS_GETUID = 174 + SYS_GETEUID = 175 + SYS_GETGID = 176 + SYS_GETEGID = 177 + SYS_GETTID = 178 + SYS_SYSINFO = 179 + SYS_MQ_OPEN = 180 + SYS_MQ_UNLINK = 181 + SYS_MQ_TIMEDSEND = 182 + SYS_MQ_TIMEDRECEIVE = 183 + SYS_MQ_NOTIFY = 184 + SYS_MQ_GETSETATTR = 185 + SYS_MSGGET = 186 + SYS_MSGCTL = 187 + SYS_MSGRCV = 188 + SYS_MSGSND = 189 + SYS_SEMGET = 190 + SYS_SEMCTL = 191 + SYS_SEMTIMEDOP = 192 + SYS_SEMOP = 193 + SYS_SHMGET = 194 + SYS_SHMCTL = 195 + SYS_SHMAT = 196 + SYS_SHMDT = 197 + SYS_SOCKET = 198 + SYS_SOCKETPAIR = 199 + SYS_BIND = 200 + SYS_LISTEN = 201 + SYS_ACCEPT = 202 + SYS_CONNECT = 203 + SYS_GETSOCKNAME = 204 + SYS_GETPEERNAME = 205 + SYS_SENDTO = 206 + SYS_RECVFROM = 207 + SYS_SETSOCKOPT = 208 + SYS_GETSOCKOPT = 209 + SYS_SHUTDOWN = 210 + SYS_SENDMSG = 211 + SYS_RECVMSG = 212 + SYS_READAHEAD = 213 + SYS_BRK = 214 + SYS_MUNMAP = 215 + SYS_MREMAP = 216 + SYS_ADD_KEY = 217 + SYS_REQUEST_KEY = 218 + SYS_KEYCTL = 219 + SYS_CLONE = 220 + SYS_EXECVE = 221 + SYS_MMAP = 222 + SYS_FADVISE64 = 223 + SYS_SWAPON = 224 + SYS_SWAPOFF = 225 + SYS_MPROTECT = 226 + SYS_MSYNC = 227 + SYS_MLOCK = 228 + SYS_MUNLOCK = 229 + SYS_MLOCKALL = 230 + SYS_MUNLOCKALL = 231 + SYS_MINCORE = 232 + SYS_MADVISE = 233 + SYS_REMAP_FILE_PAGES = 234 + SYS_MBIND = 235 + SYS_GET_MEMPOLICY = 236 + SYS_SET_MEMPOLICY = 237 + SYS_MIGRATE_PAGES = 238 + SYS_MOVE_PAGES = 239 + SYS_RT_TGSIGQUEUEINFO = 240 + SYS_PERF_EVENT_OPEN = 241 + SYS_ACCEPT4 = 242 + SYS_RECVMMSG = 243 + SYS_ARCH_SPECIFIC_SYSCALL = 244 + SYS_WAIT4 = 260 + SYS_PRLIMIT64 = 261 + SYS_FANOTIFY_INIT = 262 + SYS_FANOTIFY_MARK = 263 + SYS_NAME_TO_HANDLE_AT = 264 + SYS_OPEN_BY_HANDLE_AT = 265 + SYS_CLOCK_ADJTIME = 266 + SYS_SYNCFS = 267 + SYS_SETNS = 268 + SYS_SENDMMSG = 269 + SYS_PROCESS_VM_READV = 270 + SYS_PROCESS_VM_WRITEV = 271 + SYS_KCMP = 272 + SYS_FINIT_MODULE = 273 + SYS_SCHED_SETATTR = 274 + SYS_SCHED_GETATTR = 275 + SYS_RENAMEAT2 = 276 + SYS_SECCOMP = 277 + SYS_GETRANDOM = 278 + SYS_MEMFD_CREATE = 279 + SYS_BPF = 280 + SYS_EXECVEAT = 281 + SYS_USERFAULTFD = 282 + SYS_MEMBARRIER = 283 + SYS_MLOCK2 = 284 + SYS_COPY_FILE_RANGE = 285 + SYS_PREADV2 = 286 + SYS_PWRITEV2 = 287 + SYS_PKEY_MPROTECT = 288 + SYS_PKEY_ALLOC = 289 + SYS_PKEY_FREE = 290 + SYS_STATX = 291 + SYS_IO_PGETEVENTS = 292 + SYS_RSEQ = 293 + SYS_KEXEC_FILE_LOAD = 294 + SYS_PIDFD_SEND_SIGNAL = 424 + SYS_IO_URING_SETUP = 425 + SYS_IO_URING_ENTER = 426 + SYS_IO_URING_REGISTER = 427 + SYS_OPEN_TREE = 428 + SYS_MOVE_MOUNT = 429 + SYS_FSOPEN = 430 + SYS_FSCONFIG = 431 + SYS_FSMOUNT = 432 + SYS_FSPICK = 433 + SYS_PIDFD_OPEN = 434 + SYS_CLONE3 = 435 + SYS_CLOSE_RANGE = 436 + SYS_OPENAT2 = 437 + SYS_PIDFD_GETFD = 438 + SYS_FACCESSAT2 = 439 + SYS_PROCESS_MADVISE = 440 + SYS_EPOLL_PWAIT2 = 441 + SYS_MOUNT_SETATTR = 442 + SYS_QUOTACTL_FD = 443 + SYS_LANDLOCK_CREATE_RULESET = 444 + SYS_LANDLOCK_ADD_RULE = 445 + SYS_LANDLOCK_RESTRICT_SELF = 446 + SYS_PROCESS_MRELEASE = 448 + SYS_FUTEX_WAITV = 449 + SYS_SET_MEMPOLICY_HOME_NODE = 450 +) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go index 3b0418e6894..65a99efc236 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go @@ -430,4 +430,5 @@ const ( SYS_LANDLOCK_RESTRICT_SELF = 4446 SYS_PROCESS_MRELEASE = 4448 SYS_FUTEX_WAITV = 4449 + SYS_SET_MEMPOLICY_HOME_NODE = 4450 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go index 314ebf166ab..841c8a66820 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go @@ -360,4 +360,5 @@ const ( SYS_LANDLOCK_RESTRICT_SELF = 5446 SYS_PROCESS_MRELEASE = 5448 SYS_FUTEX_WAITV = 5449 + SYS_SET_MEMPOLICY_HOME_NODE = 5450 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go index b8fbb937a33..e26a7c7658e 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go @@ -360,4 +360,5 @@ const ( SYS_LANDLOCK_RESTRICT_SELF = 5446 SYS_PROCESS_MRELEASE = 5448 SYS_FUTEX_WAITV = 5449 + SYS_SET_MEMPOLICY_HOME_NODE = 5450 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go index ee309b2bac9..26447260a9e 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go @@ -430,4 +430,5 @@ const ( SYS_LANDLOCK_RESTRICT_SELF = 4446 SYS_PROCESS_MRELEASE = 4448 SYS_FUTEX_WAITV = 4449 + SYS_SET_MEMPOLICY_HOME_NODE = 4450 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go index ac3748104ed..26aefc1869a 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go @@ -437,4 +437,5 @@ const ( SYS_LANDLOCK_RESTRICT_SELF = 446 SYS_PROCESS_MRELEASE = 448 SYS_FUTEX_WAITV = 449 + SYS_SET_MEMPOLICY_HOME_NODE = 450 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go index 5aa47211104..8d4cd9d99d4 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go @@ -409,4 +409,5 @@ const ( SYS_LANDLOCK_RESTRICT_SELF = 446 SYS_PROCESS_MRELEASE = 448 SYS_FUTEX_WAITV = 449 + SYS_SET_MEMPOLICY_HOME_NODE = 450 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go index 0793ac1a65b..3b405d1f82a 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go @@ -409,4 +409,5 @@ const ( SYS_LANDLOCK_RESTRICT_SELF = 446 SYS_PROCESS_MRELEASE = 448 SYS_FUTEX_WAITV = 449 + SYS_SET_MEMPOLICY_HOME_NODE = 450 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go index a520962e395..c3a5af8623b 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go @@ -311,4 +311,5 @@ const ( SYS_LANDLOCK_RESTRICT_SELF = 446 SYS_PROCESS_MRELEASE = 448 SYS_FUTEX_WAITV = 449 + SYS_SET_MEMPOLICY_HOME_NODE = 450 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go index d1738586b4f..8ffa66469ef 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go @@ -374,4 +374,5 @@ const ( SYS_LANDLOCK_RESTRICT_SELF = 446 SYS_PROCESS_MRELEASE = 448 SYS_FUTEX_WAITV = 449 + SYS_SET_MEMPOLICY_HOME_NODE = 450 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go index dfd5660f974..6a39640e76d 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go @@ -388,4 +388,5 @@ const ( SYS_LANDLOCK_RESTRICT_SELF = 446 SYS_PROCESS_MRELEASE = 448 SYS_FUTEX_WAITV = 449 + SYS_SET_MEMPOLICY_HOME_NODE = 450 ) diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux.go b/vendor/golang.org/x/sys/unix/ztypes_linux.go index 2c26466e07c..9962d26bb30 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux.go @@ -754,6 +754,25 @@ const ( AT_SYMLINK_NOFOLLOW = 0x100 AT_EACCESS = 0x200 + + OPEN_TREE_CLONE = 0x1 + + MOVE_MOUNT_F_SYMLINKS = 0x1 + MOVE_MOUNT_F_AUTOMOUNTS = 0x2 + MOVE_MOUNT_F_EMPTY_PATH = 0x4 + MOVE_MOUNT_T_SYMLINKS = 0x10 + MOVE_MOUNT_T_AUTOMOUNTS = 0x20 + MOVE_MOUNT_T_EMPTY_PATH = 0x40 + MOVE_MOUNT_SET_GROUP = 0x100 + + FSOPEN_CLOEXEC = 0x1 + + FSPICK_CLOEXEC = 0x1 + FSPICK_SYMLINK_NOFOLLOW = 0x2 + FSPICK_NO_AUTOMOUNT = 0x4 + FSPICK_EMPTY_PATH = 0x8 + + FSMOUNT_CLOEXEC = 0x1 ) type OpenHow struct { @@ -3619,7 +3638,7 @@ const ( ETHTOOL_A_RINGS_RX_MINI = 0x7 ETHTOOL_A_RINGS_RX_JUMBO = 0x8 ETHTOOL_A_RINGS_TX = 0x9 - ETHTOOL_A_RINGS_MAX = 0x9 + ETHTOOL_A_RINGS_MAX = 0xa ETHTOOL_A_CHANNELS_UNSPEC = 0x0 ETHTOOL_A_CHANNELS_HEADER = 0x1 ETHTOOL_A_CHANNELS_RX_MAX = 0x2 @@ -4304,7 +4323,7 @@ const ( NL80211_ATTR_MAC_HINT = 0xc8 NL80211_ATTR_MAC_MASK = 0xd7 NL80211_ATTR_MAX_AP_ASSOC_STA = 0xca - NL80211_ATTR_MAX = 0x133 + NL80211_ATTR_MAX = 0x135 NL80211_ATTR_MAX_CRIT_PROT_DURATION = 0xb4 NL80211_ATTR_MAX_CSA_COUNTERS = 0xce NL80211_ATTR_MAX_MATCH_SETS = 0x85 @@ -4645,7 +4664,7 @@ const ( NL80211_CMD_LEAVE_IBSS = 0x2c NL80211_CMD_LEAVE_MESH = 0x45 NL80211_CMD_LEAVE_OCB = 0x6d - NL80211_CMD_MAX = 0x92 + NL80211_CMD_MAX = 0x93 NL80211_CMD_MICHAEL_MIC_FAILURE = 0x29 NL80211_CMD_NAN_MATCH = 0x78 NL80211_CMD_NEW_BEACON = 0xf @@ -5532,3 +5551,40 @@ const ( NL80211_WPA_VERSION_2 = 0x2 NL80211_WPA_VERSION_3 = 0x4 ) + +const ( + FRA_UNSPEC = 0x0 + FRA_DST = 0x1 + FRA_SRC = 0x2 + FRA_IIFNAME = 0x3 + FRA_GOTO = 0x4 + FRA_UNUSED2 = 0x5 + FRA_PRIORITY = 0x6 + FRA_UNUSED3 = 0x7 + FRA_UNUSED4 = 0x8 + FRA_UNUSED5 = 0x9 + FRA_FWMARK = 0xa + FRA_FLOW = 0xb + FRA_TUN_ID = 0xc + FRA_SUPPRESS_IFGROUP = 0xd + FRA_SUPPRESS_PREFIXLEN = 0xe + FRA_TABLE = 0xf + FRA_FWMASK = 0x10 + FRA_OIFNAME = 0x11 + FRA_PAD = 0x12 + FRA_L3MDEV = 0x13 + FRA_UID_RANGE = 0x14 + FRA_PROTOCOL = 0x15 + FRA_IP_PROTO = 0x16 + FRA_SPORT_RANGE = 0x17 + FRA_DPORT_RANGE = 0x18 + FR_ACT_UNSPEC = 0x0 + FR_ACT_TO_TBL = 0x1 + FR_ACT_GOTO = 0x2 + FR_ACT_NOP = 0x3 + FR_ACT_RES3 = 0x4 + FR_ACT_RES4 = 0x5 + FR_ACT_BLACKHOLE = 0x6 + FR_ACT_UNREACHABLE = 0x7 + FR_ACT_PROHIBIT = 0x8 +) diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_386.go b/vendor/golang.org/x/sys/unix/ztypes_linux_386.go index bea2549455e..4948362f2c2 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_386.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_386.go @@ -1,4 +1,4 @@ -// cgo -godefs -- -Wall -Werror -static -I/tmp/include -m32 /build/unix/linux/types.go | go run mkpost.go +// cgo -godefs -- -Wall -Werror -static -I/tmp/include -m32 linux/types.go | go run mkpost.go // Code generated by the command above; see README.md. DO NOT EDIT. //go:build 386 && linux @@ -240,6 +240,10 @@ type EpollEvent struct { Pad int32 } +const ( + OPEN_TREE_CLOEXEC = 0x80000 +) + const ( POLLRDHUP = 0x2000 ) @@ -250,6 +254,13 @@ type Sigset_t struct { const _C__NSIG = 0x41 +type Siginfo struct { + Signo int32 + Errno int32 + Code int32 + _ [116]byte +} + type Termios struct { Iflag uint32 Oflag uint32 @@ -311,6 +322,8 @@ type Taskstats struct { Thrashing_count uint64 Thrashing_delay_total uint64 Ac_btime64 uint64 + Compact_count uint64 + Compact_delay_total uint64 } type cpuMask uint32 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go index b8c8f289433..f64345e0e2f 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go @@ -1,4 +1,4 @@ -// cgo -godefs -- -Wall -Werror -static -I/tmp/include -m64 /build/unix/linux/types.go | go run mkpost.go +// cgo -godefs -- -Wall -Werror -static -I/tmp/include -m64 linux/types.go | go run mkpost.go // Code generated by the command above; see README.md. DO NOT EDIT. //go:build amd64 && linux @@ -255,6 +255,10 @@ type EpollEvent struct { Pad int32 } +const ( + OPEN_TREE_CLOEXEC = 0x80000 +) + const ( POLLRDHUP = 0x2000 ) @@ -265,6 +269,14 @@ type Sigset_t struct { const _C__NSIG = 0x41 +type Siginfo struct { + Signo int32 + Errno int32 + Code int32 + _ int32 + _ [112]byte +} + type Termios struct { Iflag uint32 Oflag uint32 @@ -324,6 +336,8 @@ type Taskstats struct { Thrashing_count uint64 Thrashing_delay_total uint64 Ac_btime64 uint64 + Compact_count uint64 + Compact_delay_total uint64 } type cpuMask uint64 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go b/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go index 4db44301632..72469c79e75 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go @@ -1,4 +1,4 @@ -// cgo -godefs -- -Wall -Werror -static -I/tmp/include /build/unix/linux/types.go | go run mkpost.go +// cgo -godefs -- -Wall -Werror -static -I/tmp/include linux/types.go | go run mkpost.go // Code generated by the command above; see README.md. DO NOT EDIT. //go:build arm && linux @@ -231,6 +231,10 @@ type EpollEvent struct { Pad int32 } +const ( + OPEN_TREE_CLOEXEC = 0x80000 +) + const ( POLLRDHUP = 0x2000 ) @@ -241,6 +245,13 @@ type Sigset_t struct { const _C__NSIG = 0x41 +type Siginfo struct { + Signo int32 + Errno int32 + Code int32 + _ [116]byte +} + type Termios struct { Iflag uint32 Oflag uint32 @@ -302,6 +313,8 @@ type Taskstats struct { Thrashing_count uint64 Thrashing_delay_total uint64 Ac_btime64 uint64 + Compact_count uint64 + Compact_delay_total uint64 } type cpuMask uint32 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go index 3ebcad8a887..68f072283a0 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go @@ -1,4 +1,4 @@ -// cgo -godefs -- -Wall -Werror -static -I/tmp/include -fsigned-char /build/unix/linux/types.go | go run mkpost.go +// cgo -godefs -- -Wall -Werror -static -I/tmp/include -fsigned-char linux/types.go | go run mkpost.go // Code generated by the command above; see README.md. DO NOT EDIT. //go:build arm64 && linux @@ -234,6 +234,10 @@ type EpollEvent struct { Pad int32 } +const ( + OPEN_TREE_CLOEXEC = 0x80000 +) + const ( POLLRDHUP = 0x2000 ) @@ -244,6 +248,14 @@ type Sigset_t struct { const _C__NSIG = 0x41 +type Siginfo struct { + Signo int32 + Errno int32 + Code int32 + _ int32 + _ [112]byte +} + type Termios struct { Iflag uint32 Oflag uint32 @@ -303,6 +315,8 @@ type Taskstats struct { Thrashing_count uint64 Thrashing_delay_total uint64 Ac_btime64 uint64 + Compact_count uint64 + Compact_delay_total uint64 } type cpuMask uint64 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go new file mode 100644 index 00000000000..090ae46c675 --- /dev/null +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go @@ -0,0 +1,679 @@ +// cgo -godefs -- -Wall -Werror -static -I/tmp/include linux/types.go | go run mkpost.go +// Code generated by the command above; see README.md. DO NOT EDIT. + +//go:build loong64 && linux +// +build loong64,linux + +package unix + +const ( + SizeofPtr = 0x8 + SizeofLong = 0x8 +) + +type ( + _C_long int64 +) + +type Timespec struct { + Sec int64 + Nsec int64 +} + +type Timeval struct { + Sec int64 + Usec int64 +} + +type Timex struct { + Modes uint32 + Offset int64 + Freq int64 + Maxerror int64 + Esterror int64 + Status int32 + Constant int64 + Precision int64 + Tolerance int64 + Time Timeval + Tick int64 + Ppsfreq int64 + Jitter int64 + Shift int32 + Stabil int64 + Jitcnt int64 + Calcnt int64 + Errcnt int64 + Stbcnt int64 + Tai int32 + _ [44]byte +} + +type Time_t int64 + +type Tms struct { + Utime int64 + Stime int64 + Cutime int64 + Cstime int64 +} + +type Utimbuf struct { + Actime int64 + Modtime int64 +} + +type Rusage struct { + Utime Timeval + Stime Timeval + Maxrss int64 + Ixrss int64 + Idrss int64 + Isrss int64 + Minflt int64 + Majflt int64 + Nswap int64 + Inblock int64 + Oublock int64 + Msgsnd int64 + Msgrcv int64 + Nsignals int64 + Nvcsw int64 + Nivcsw int64 +} + +type Stat_t struct { + Dev uint64 + Ino uint64 + Mode uint32 + Nlink uint32 + Uid uint32 + Gid uint32 + Rdev uint64 + _ uint64 + Size int64 + Blksize int32 + _ int32 + Blocks int64 + Atim Timespec + Mtim Timespec + Ctim Timespec + _ [2]int32 +} + +type Dirent struct { + Ino uint64 + Off int64 + Reclen uint16 + Type uint8 + Name [256]int8 + _ [5]byte +} + +type Flock_t struct { + Type int16 + Whence int16 + Start int64 + Len int64 + Pid int32 + _ [4]byte +} + +type DmNameList struct { + Dev uint64 + Next uint32 + Name [0]byte + _ [4]byte +} + +const ( + FADV_DONTNEED = 0x4 + FADV_NOREUSE = 0x5 +) + +type RawSockaddrNFCLLCP struct { + Sa_family uint16 + Dev_idx uint32 + Target_idx uint32 + Nfc_protocol uint32 + Dsap uint8 + Ssap uint8 + Service_name [63]uint8 + Service_name_len uint64 +} + +type RawSockaddr struct { + Family uint16 + Data [14]int8 +} + +type RawSockaddrAny struct { + Addr RawSockaddr + Pad [96]int8 +} + +type Iovec struct { + Base *byte + Len uint64 +} + +type Msghdr struct { + Name *byte + Namelen uint32 + Iov *Iovec + Iovlen uint64 + Control *byte + Controllen uint64 + Flags int32 + _ [4]byte +} + +type Cmsghdr struct { + Len uint64 + Level int32 + Type int32 +} + +type ifreq struct { + Ifrn [16]byte + Ifru [24]byte +} + +const ( + SizeofSockaddrNFCLLCP = 0x60 + SizeofIovec = 0x10 + SizeofMsghdr = 0x38 + SizeofCmsghdr = 0x10 +) + +const ( + SizeofSockFprog = 0x10 +) + +type PtraceRegs struct { + Regs [32]uint64 + Orig_a0 uint64 + Era uint64 + Badv uint64 + Reserved [10]uint64 +} + +type FdSet struct { + Bits [16]int64 +} + +type Sysinfo_t struct { + Uptime int64 + Loads [3]uint64 + Totalram uint64 + Freeram uint64 + Sharedram uint64 + Bufferram uint64 + Totalswap uint64 + Freeswap uint64 + Procs uint16 + Pad uint16 + Totalhigh uint64 + Freehigh uint64 + Unit uint32 + _ [0]int8 + _ [4]byte +} + +type Ustat_t struct { + Tfree int32 + Tinode uint64 + Fname [6]int8 + Fpack [6]int8 + _ [4]byte +} + +type EpollEvent struct { + Events uint32 + _ int32 + Fd int32 + Pad int32 +} + +const ( + OPEN_TREE_CLOEXEC = 0x80000 +) + +const ( + POLLRDHUP = 0x2000 +) + +type Sigset_t struct { + Val [16]uint64 +} + +const _C__NSIG = 0x41 + +type Siginfo struct { + Signo int32 + Errno int32 + Code int32 + _ int32 + _ [112]byte +} + +type Termios struct { + Iflag uint32 + Oflag uint32 + Cflag uint32 + Lflag uint32 + Line uint8 + Cc [19]uint8 + Ispeed uint32 + Ospeed uint32 +} + +type Taskstats struct { + Version uint16 + Ac_exitcode uint32 + Ac_flag uint8 + Ac_nice uint8 + Cpu_count uint64 + Cpu_delay_total uint64 + Blkio_count uint64 + Blkio_delay_total uint64 + Swapin_count uint64 + Swapin_delay_total uint64 + Cpu_run_real_total uint64 + Cpu_run_virtual_total uint64 + Ac_comm [32]int8 + Ac_sched uint8 + Ac_pad [3]uint8 + _ [4]byte + Ac_uid uint32 + Ac_gid uint32 + Ac_pid uint32 + Ac_ppid uint32 + Ac_btime uint32 + Ac_etime uint64 + Ac_utime uint64 + Ac_stime uint64 + Ac_minflt uint64 + Ac_majflt uint64 + Coremem uint64 + Virtmem uint64 + Hiwater_rss uint64 + Hiwater_vm uint64 + Read_char uint64 + Write_char uint64 + Read_syscalls uint64 + Write_syscalls uint64 + Read_bytes uint64 + Write_bytes uint64 + Cancelled_write_bytes uint64 + Nvcsw uint64 + Nivcsw uint64 + Ac_utimescaled uint64 + Ac_stimescaled uint64 + Cpu_scaled_run_real_total uint64 + Freepages_count uint64 + Freepages_delay_total uint64 + Thrashing_count uint64 + Thrashing_delay_total uint64 + Ac_btime64 uint64 + Compact_count uint64 + Compact_delay_total uint64 +} + +type cpuMask uint64 + +const ( + _NCPUBITS = 0x40 +) + +const ( + CBitFieldMaskBit0 = 0x1 + CBitFieldMaskBit1 = 0x2 + CBitFieldMaskBit2 = 0x4 + CBitFieldMaskBit3 = 0x8 + CBitFieldMaskBit4 = 0x10 + CBitFieldMaskBit5 = 0x20 + CBitFieldMaskBit6 = 0x40 + CBitFieldMaskBit7 = 0x80 + CBitFieldMaskBit8 = 0x100 + CBitFieldMaskBit9 = 0x200 + CBitFieldMaskBit10 = 0x400 + CBitFieldMaskBit11 = 0x800 + CBitFieldMaskBit12 = 0x1000 + CBitFieldMaskBit13 = 0x2000 + CBitFieldMaskBit14 = 0x4000 + CBitFieldMaskBit15 = 0x8000 + CBitFieldMaskBit16 = 0x10000 + CBitFieldMaskBit17 = 0x20000 + CBitFieldMaskBit18 = 0x40000 + CBitFieldMaskBit19 = 0x80000 + CBitFieldMaskBit20 = 0x100000 + CBitFieldMaskBit21 = 0x200000 + CBitFieldMaskBit22 = 0x400000 + CBitFieldMaskBit23 = 0x800000 + CBitFieldMaskBit24 = 0x1000000 + CBitFieldMaskBit25 = 0x2000000 + CBitFieldMaskBit26 = 0x4000000 + CBitFieldMaskBit27 = 0x8000000 + CBitFieldMaskBit28 = 0x10000000 + CBitFieldMaskBit29 = 0x20000000 + CBitFieldMaskBit30 = 0x40000000 + CBitFieldMaskBit31 = 0x80000000 + CBitFieldMaskBit32 = 0x100000000 + CBitFieldMaskBit33 = 0x200000000 + CBitFieldMaskBit34 = 0x400000000 + CBitFieldMaskBit35 = 0x800000000 + CBitFieldMaskBit36 = 0x1000000000 + CBitFieldMaskBit37 = 0x2000000000 + CBitFieldMaskBit38 = 0x4000000000 + CBitFieldMaskBit39 = 0x8000000000 + CBitFieldMaskBit40 = 0x10000000000 + CBitFieldMaskBit41 = 0x20000000000 + CBitFieldMaskBit42 = 0x40000000000 + CBitFieldMaskBit43 = 0x80000000000 + CBitFieldMaskBit44 = 0x100000000000 + CBitFieldMaskBit45 = 0x200000000000 + CBitFieldMaskBit46 = 0x400000000000 + CBitFieldMaskBit47 = 0x800000000000 + CBitFieldMaskBit48 = 0x1000000000000 + CBitFieldMaskBit49 = 0x2000000000000 + CBitFieldMaskBit50 = 0x4000000000000 + CBitFieldMaskBit51 = 0x8000000000000 + CBitFieldMaskBit52 = 0x10000000000000 + CBitFieldMaskBit53 = 0x20000000000000 + CBitFieldMaskBit54 = 0x40000000000000 + CBitFieldMaskBit55 = 0x80000000000000 + CBitFieldMaskBit56 = 0x100000000000000 + CBitFieldMaskBit57 = 0x200000000000000 + CBitFieldMaskBit58 = 0x400000000000000 + CBitFieldMaskBit59 = 0x800000000000000 + CBitFieldMaskBit60 = 0x1000000000000000 + CBitFieldMaskBit61 = 0x2000000000000000 + CBitFieldMaskBit62 = 0x4000000000000000 + CBitFieldMaskBit63 = 0x8000000000000000 +) + +type SockaddrStorage struct { + Family uint16 + _ [118]int8 + _ uint64 +} + +type HDGeometry struct { + Heads uint8 + Sectors uint8 + Cylinders uint16 + Start uint64 +} + +type Statfs_t struct { + Type int64 + Bsize int64 + Blocks uint64 + Bfree uint64 + Bavail uint64 + Files uint64 + Ffree uint64 + Fsid Fsid + Namelen int64 + Frsize int64 + Flags int64 + Spare [4]int64 +} + +type TpacketHdr struct { + Status uint64 + Len uint32 + Snaplen uint32 + Mac uint16 + Net uint16 + Sec uint32 + Usec uint32 + _ [4]byte +} + +const ( + SizeofTpacketHdr = 0x20 +) + +type RTCPLLInfo struct { + Ctrl int32 + Value int32 + Max int32 + Min int32 + Posmult int32 + Negmult int32 + Clock int64 +} + +type BlkpgPartition struct { + Start int64 + Length int64 + Pno int32 + Devname [64]uint8 + Volname [64]uint8 + _ [4]byte +} + +const ( + BLKPG = 0x1269 +) + +type XDPUmemReg struct { + Addr uint64 + Len uint64 + Size uint32 + Headroom uint32 + Flags uint32 + _ [4]byte +} + +type CryptoUserAlg struct { + Name [64]int8 + Driver_name [64]int8 + Module_name [64]int8 + Type uint32 + Mask uint32 + Refcnt uint32 + Flags uint32 +} + +type CryptoStatAEAD struct { + Type [64]int8 + Encrypt_cnt uint64 + Encrypt_tlen uint64 + Decrypt_cnt uint64 + Decrypt_tlen uint64 + Err_cnt uint64 +} + +type CryptoStatAKCipher struct { + Type [64]int8 + Encrypt_cnt uint64 + Encrypt_tlen uint64 + Decrypt_cnt uint64 + Decrypt_tlen uint64 + Verify_cnt uint64 + Sign_cnt uint64 + Err_cnt uint64 +} + +type CryptoStatCipher struct { + Type [64]int8 + Encrypt_cnt uint64 + Encrypt_tlen uint64 + Decrypt_cnt uint64 + Decrypt_tlen uint64 + Err_cnt uint64 +} + +type CryptoStatCompress struct { + Type [64]int8 + Compress_cnt uint64 + Compress_tlen uint64 + Decompress_cnt uint64 + Decompress_tlen uint64 + Err_cnt uint64 +} + +type CryptoStatHash struct { + Type [64]int8 + Hash_cnt uint64 + Hash_tlen uint64 + Err_cnt uint64 +} + +type CryptoStatKPP struct { + Type [64]int8 + Setsecret_cnt uint64 + Generate_public_key_cnt uint64 + Compute_shared_secret_cnt uint64 + Err_cnt uint64 +} + +type CryptoStatRNG struct { + Type [64]int8 + Generate_cnt uint64 + Generate_tlen uint64 + Seed_cnt uint64 + Err_cnt uint64 +} + +type CryptoStatLarval struct { + Type [64]int8 +} + +type CryptoReportLarval struct { + Type [64]int8 +} + +type CryptoReportHash struct { + Type [64]int8 + Blocksize uint32 + Digestsize uint32 +} + +type CryptoReportCipher struct { + Type [64]int8 + Blocksize uint32 + Min_keysize uint32 + Max_keysize uint32 +} + +type CryptoReportBlkCipher struct { + Type [64]int8 + Geniv [64]int8 + Blocksize uint32 + Min_keysize uint32 + Max_keysize uint32 + Ivsize uint32 +} + +type CryptoReportAEAD struct { + Type [64]int8 + Geniv [64]int8 + Blocksize uint32 + Maxauthsize uint32 + Ivsize uint32 +} + +type CryptoReportComp struct { + Type [64]int8 +} + +type CryptoReportRNG struct { + Type [64]int8 + Seedsize uint32 +} + +type CryptoReportAKCipher struct { + Type [64]int8 +} + +type CryptoReportKPP struct { + Type [64]int8 +} + +type CryptoReportAcomp struct { + Type [64]int8 +} + +type LoopInfo struct { + Number int32 + Device uint32 + Inode uint64 + Rdevice uint32 + Offset int32 + Encrypt_type int32 + Encrypt_key_size int32 + Flags int32 + Name [64]int8 + Encrypt_key [32]uint8 + Init [2]uint64 + Reserved [4]int8 + _ [4]byte +} + +type TIPCSubscr struct { + Seq TIPCServiceRange + Timeout uint32 + Filter uint32 + Handle [8]int8 +} + +type TIPCSIOCLNReq struct { + Peer uint32 + Id uint32 + Linkname [68]int8 +} + +type TIPCSIOCNodeIDReq struct { + Peer uint32 + Id [16]int8 +} + +type PPSKInfo struct { + Assert_sequence uint32 + Clear_sequence uint32 + Assert_tu PPSKTime + Clear_tu PPSKTime + Current_mode int32 + _ [4]byte +} + +const ( + PPS_GETPARAMS = 0x800870a1 + PPS_SETPARAMS = 0x400870a2 + PPS_GETCAP = 0x800870a3 + PPS_FETCH = 0xc00870a4 +) + +const ( + PIDFD_NONBLOCK = 0x800 +) + +type SysvIpcPerm struct { + Key int32 + Uid uint32 + Gid uint32 + Cuid uint32 + Cgid uint32 + Mode uint32 + _ [0]uint8 + Seq uint16 + _ uint16 + _ uint64 + _ uint64 +} +type SysvShmDesc struct { + Perm SysvIpcPerm + Segsz uint64 + Atime int64 + Dtime int64 + Ctime int64 + Cpid int32 + Lpid int32 + Nattch uint64 + _ uint64 + _ uint64 +} diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go index 3eb33e48ab5..03604cca135 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go @@ -1,4 +1,4 @@ -// cgo -godefs -- -Wall -Werror -static -I/tmp/include /build/unix/linux/types.go | go run mkpost.go +// cgo -godefs -- -Wall -Werror -static -I/tmp/include linux/types.go | go run mkpost.go // Code generated by the command above; see README.md. DO NOT EDIT. //go:build mips && linux @@ -236,6 +236,10 @@ type EpollEvent struct { Pad int32 } +const ( + OPEN_TREE_CLOEXEC = 0x80000 +) + const ( POLLRDHUP = 0x2000 ) @@ -246,6 +250,13 @@ type Sigset_t struct { const _C__NSIG = 0x80 +type Siginfo struct { + Signo int32 + Code int32 + Errno int32 + _ [116]byte +} + type Termios struct { Iflag uint32 Oflag uint32 @@ -307,6 +318,8 @@ type Taskstats struct { Thrashing_count uint64 Thrashing_delay_total uint64 Ac_btime64 uint64 + Compact_count uint64 + Compact_delay_total uint64 } type cpuMask uint32 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go index 79a94467252..fe57a7b2653 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go @@ -1,4 +1,4 @@ -// cgo -godefs -- -Wall -Werror -static -I/tmp/include /build/unix/linux/types.go | go run mkpost.go +// cgo -godefs -- -Wall -Werror -static -I/tmp/include linux/types.go | go run mkpost.go // Code generated by the command above; see README.md. DO NOT EDIT. //go:build mips64 && linux @@ -237,6 +237,10 @@ type EpollEvent struct { Pad int32 } +const ( + OPEN_TREE_CLOEXEC = 0x80000 +) + const ( POLLRDHUP = 0x2000 ) @@ -247,6 +251,14 @@ type Sigset_t struct { const _C__NSIG = 0x80 +type Siginfo struct { + Signo int32 + Code int32 + Errno int32 + _ int32 + _ [112]byte +} + type Termios struct { Iflag uint32 Oflag uint32 @@ -306,6 +318,8 @@ type Taskstats struct { Thrashing_count uint64 Thrashing_delay_total uint64 Ac_btime64 uint64 + Compact_count uint64 + Compact_delay_total uint64 } type cpuMask uint64 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go index 8f4b107cad3..3f0db4da81e 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go @@ -1,4 +1,4 @@ -// cgo -godefs -- -Wall -Werror -static -I/tmp/include /build/unix/linux/types.go | go run mkpost.go +// cgo -godefs -- -Wall -Werror -static -I/tmp/include linux/types.go | go run mkpost.go // Code generated by the command above; see README.md. DO NOT EDIT. //go:build mips64le && linux @@ -237,6 +237,10 @@ type EpollEvent struct { Pad int32 } +const ( + OPEN_TREE_CLOEXEC = 0x80000 +) + const ( POLLRDHUP = 0x2000 ) @@ -247,6 +251,14 @@ type Sigset_t struct { const _C__NSIG = 0x80 +type Siginfo struct { + Signo int32 + Code int32 + Errno int32 + _ int32 + _ [112]byte +} + type Termios struct { Iflag uint32 Oflag uint32 @@ -306,6 +318,8 @@ type Taskstats struct { Thrashing_count uint64 Thrashing_delay_total uint64 Ac_btime64 uint64 + Compact_count uint64 + Compact_delay_total uint64 } type cpuMask uint64 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go index e4eb2179811..70ecd3b239f 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go @@ -1,4 +1,4 @@ -// cgo -godefs -- -Wall -Werror -static -I/tmp/include /build/unix/linux/types.go | go run mkpost.go +// cgo -godefs -- -Wall -Werror -static -I/tmp/include linux/types.go | go run mkpost.go // Code generated by the command above; see README.md. DO NOT EDIT. //go:build mipsle && linux @@ -236,6 +236,10 @@ type EpollEvent struct { Pad int32 } +const ( + OPEN_TREE_CLOEXEC = 0x80000 +) + const ( POLLRDHUP = 0x2000 ) @@ -246,6 +250,13 @@ type Sigset_t struct { const _C__NSIG = 0x80 +type Siginfo struct { + Signo int32 + Code int32 + Errno int32 + _ [116]byte +} + type Termios struct { Iflag uint32 Oflag uint32 @@ -307,6 +318,8 @@ type Taskstats struct { Thrashing_count uint64 Thrashing_delay_total uint64 Ac_btime64 uint64 + Compact_count uint64 + Compact_delay_total uint64 } type cpuMask uint32 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go index d5b21f0f7da..4e700120db9 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go @@ -1,4 +1,4 @@ -// cgo -godefs -- -Wall -Werror -static -I/tmp/include /build/unix/linux/types.go | go run mkpost.go +// cgo -godefs -- -Wall -Werror -static -I/tmp/include linux/types.go | go run mkpost.go // Code generated by the command above; see README.md. DO NOT EDIT. //go:build ppc && linux @@ -243,6 +243,10 @@ type EpollEvent struct { Pad int32 } +const ( + OPEN_TREE_CLOEXEC = 0x80000 +) + const ( POLLRDHUP = 0x2000 ) @@ -253,6 +257,13 @@ type Sigset_t struct { const _C__NSIG = 0x41 +type Siginfo struct { + Signo int32 + Errno int32 + Code int32 + _ [116]byte +} + type Termios struct { Iflag uint32 Oflag uint32 @@ -314,6 +325,8 @@ type Taskstats struct { Thrashing_count uint64 Thrashing_delay_total uint64 Ac_btime64 uint64 + Compact_count uint64 + Compact_delay_total uint64 } type cpuMask uint32 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go index 5188d142b9f..34a57c69928 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go @@ -1,4 +1,4 @@ -// cgo -godefs -- -Wall -Werror -static -I/tmp/include /build/unix/linux/types.go | go run mkpost.go +// cgo -godefs -- -Wall -Werror -static -I/tmp/include linux/types.go | go run mkpost.go // Code generated by the command above; see README.md. DO NOT EDIT. //go:build ppc64 && linux @@ -244,6 +244,10 @@ type EpollEvent struct { Pad int32 } +const ( + OPEN_TREE_CLOEXEC = 0x80000 +) + const ( POLLRDHUP = 0x2000 ) @@ -254,6 +258,14 @@ type Sigset_t struct { const _C__NSIG = 0x41 +type Siginfo struct { + Signo int32 + Errno int32 + Code int32 + _ int32 + _ [112]byte +} + type Termios struct { Iflag uint32 Oflag uint32 @@ -313,6 +325,8 @@ type Taskstats struct { Thrashing_count uint64 Thrashing_delay_total uint64 Ac_btime64 uint64 + Compact_count uint64 + Compact_delay_total uint64 } type cpuMask uint64 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go index de4dd4c736e..6b84a47296f 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go @@ -1,4 +1,4 @@ -// cgo -godefs -- -Wall -Werror -static -I/tmp/include /build/unix/linux/types.go | go run mkpost.go +// cgo -godefs -- -Wall -Werror -static -I/tmp/include linux/types.go | go run mkpost.go // Code generated by the command above; see README.md. DO NOT EDIT. //go:build ppc64le && linux @@ -244,6 +244,10 @@ type EpollEvent struct { Pad int32 } +const ( + OPEN_TREE_CLOEXEC = 0x80000 +) + const ( POLLRDHUP = 0x2000 ) @@ -254,6 +258,14 @@ type Sigset_t struct { const _C__NSIG = 0x41 +type Siginfo struct { + Signo int32 + Errno int32 + Code int32 + _ int32 + _ [112]byte +} + type Termios struct { Iflag uint32 Oflag uint32 @@ -313,6 +325,8 @@ type Taskstats struct { Thrashing_count uint64 Thrashing_delay_total uint64 Ac_btime64 uint64 + Compact_count uint64 + Compact_delay_total uint64 } type cpuMask uint64 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go index dccbf9b0604..c4a305fe2e7 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go @@ -1,4 +1,4 @@ -// cgo -godefs -- -Wall -Werror -static -I/tmp/include /build/unix/linux/types.go | go run mkpost.go +// cgo -godefs -- -Wall -Werror -static -I/tmp/include linux/types.go | go run mkpost.go // Code generated by the command above; see README.md. DO NOT EDIT. //go:build riscv64 && linux @@ -262,6 +262,10 @@ type EpollEvent struct { Pad int32 } +const ( + OPEN_TREE_CLOEXEC = 0x80000 +) + const ( POLLRDHUP = 0x2000 ) @@ -272,6 +276,14 @@ type Sigset_t struct { const _C__NSIG = 0x41 +type Siginfo struct { + Signo int32 + Errno int32 + Code int32 + _ int32 + _ [112]byte +} + type Termios struct { Iflag uint32 Oflag uint32 @@ -331,6 +343,8 @@ type Taskstats struct { Thrashing_count uint64 Thrashing_delay_total uint64 Ac_btime64 uint64 + Compact_count uint64 + Compact_delay_total uint64 } type cpuMask uint64 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go b/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go index c426c35763a..a1f1e4c9e18 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go @@ -1,4 +1,4 @@ -// cgo -godefs -- -Wall -Werror -static -I/tmp/include -fsigned-char /build/unix/linux/types.go | go run mkpost.go +// cgo -godefs -- -Wall -Werror -static -I/tmp/include -fsigned-char linux/types.go | go run mkpost.go // Code generated by the command above; see README.md. DO NOT EDIT. //go:build s390x && linux @@ -257,6 +257,10 @@ type EpollEvent struct { Pad int32 } +const ( + OPEN_TREE_CLOEXEC = 0x80000 +) + const ( POLLRDHUP = 0x2000 ) @@ -267,6 +271,14 @@ type Sigset_t struct { const _C__NSIG = 0x41 +type Siginfo struct { + Signo int32 + Errno int32 + Code int32 + _ int32 + _ [112]byte +} + type Termios struct { Iflag uint32 Oflag uint32 @@ -326,6 +338,8 @@ type Taskstats struct { Thrashing_count uint64 Thrashing_delay_total uint64 Ac_btime64 uint64 + Compact_count uint64 + Compact_delay_total uint64 } type cpuMask uint64 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go index 765edc13ff2..df95ebf3a1b 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go @@ -1,4 +1,4 @@ -// cgo -godefs -- -Wall -Werror -static -I/tmp/include /build/unix/linux/types.go | go run mkpost.go +// cgo -godefs -- -Wall -Werror -static -I/tmp/include linux/types.go | go run mkpost.go // Code generated by the command above; see README.md. DO NOT EDIT. //go:build sparc64 && linux @@ -239,6 +239,10 @@ type EpollEvent struct { Pad int32 } +const ( + OPEN_TREE_CLOEXEC = 0x400000 +) + const ( POLLRDHUP = 0x800 ) @@ -249,6 +253,14 @@ type Sigset_t struct { const _C__NSIG = 0x41 +type Siginfo struct { + Signo int32 + Errno int32 + Code int32 + _ int32 + _ [112]byte +} + type Termios struct { Iflag uint32 Oflag uint32 @@ -308,6 +320,8 @@ type Taskstats struct { Thrashing_count uint64 Thrashing_delay_total uint64 Ac_btime64 uint64 + Compact_count uint64 + Compact_delay_total uint64 } type cpuMask uint64 diff --git a/vendor/golang.org/x/sys/unix/ztypes_openbsd_386.go b/vendor/golang.org/x/sys/unix/ztypes_openbsd_386.go index baf5fe65044..2ed718ca06a 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_openbsd_386.go +++ b/vendor/golang.org/x/sys/unix/ztypes_openbsd_386.go @@ -94,10 +94,10 @@ type Statfs_t struct { F_namemax uint32 F_owner uint32 F_ctime uint64 - F_fstypename [16]int8 - F_mntonname [90]int8 - F_mntfromname [90]int8 - F_mntfromspec [90]int8 + F_fstypename [16]byte + F_mntonname [90]byte + F_mntfromname [90]byte + F_mntfromspec [90]byte Pad_cgo_0 [2]byte Mount_info [160]byte } diff --git a/vendor/golang.org/x/sys/unix/ztypes_openbsd_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_openbsd_amd64.go index e21ae8ecfa6..b4fb97ebe65 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_openbsd_amd64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_openbsd_amd64.go @@ -96,10 +96,10 @@ type Statfs_t struct { F_namemax uint32 F_owner uint32 F_ctime uint64 - F_fstypename [16]int8 - F_mntonname [90]int8 - F_mntfromname [90]int8 - F_mntfromspec [90]int8 + F_fstypename [16]byte + F_mntonname [90]byte + F_mntfromname [90]byte + F_mntfromspec [90]byte _ [2]byte Mount_info [160]byte } diff --git a/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm.go b/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm.go index f190651cd96..2c4675040ef 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm.go +++ b/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm.go @@ -98,10 +98,10 @@ type Statfs_t struct { F_namemax uint32 F_owner uint32 F_ctime uint64 - F_fstypename [16]int8 - F_mntonname [90]int8 - F_mntfromname [90]int8 - F_mntfromspec [90]int8 + F_fstypename [16]byte + F_mntonname [90]byte + F_mntfromname [90]byte + F_mntfromspec [90]byte _ [2]byte Mount_info [160]byte } diff --git a/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm64.go b/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm64.go index 84747c582cf..ddee0451470 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm64.go @@ -94,10 +94,10 @@ type Statfs_t struct { F_namemax uint32 F_owner uint32 F_ctime uint64 - F_fstypename [16]int8 - F_mntonname [90]int8 - F_mntfromname [90]int8 - F_mntfromspec [90]int8 + F_fstypename [16]byte + F_mntonname [90]byte + F_mntfromname [90]byte + F_mntfromspec [90]byte _ [2]byte Mount_info [160]byte } diff --git a/vendor/golang.org/x/sys/unix/ztypes_openbsd_mips64.go b/vendor/golang.org/x/sys/unix/ztypes_openbsd_mips64.go index ac5c8b6370b..eb13d4e8bfc 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_openbsd_mips64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_openbsd_mips64.go @@ -94,10 +94,10 @@ type Statfs_t struct { F_namemax uint32 F_owner uint32 F_ctime uint64 - F_fstypename [16]int8 - F_mntonname [90]int8 - F_mntfromname [90]int8 - F_mntfromspec [90]int8 + F_fstypename [16]byte + F_mntonname [90]byte + F_mntfromname [90]byte + F_mntfromspec [90]byte _ [2]byte Mount_info [160]byte } diff --git a/vendor/golang.org/x/sys/windows/exec_windows.go b/vendor/golang.org/x/sys/windows/exec_windows.go index 855698bb282..75980fd44ad 100644 --- a/vendor/golang.org/x/sys/windows/exec_windows.go +++ b/vendor/golang.org/x/sys/windows/exec_windows.go @@ -15,11 +15,11 @@ import ( // in http://msdn.microsoft.com/en-us/library/ms880421. // This function returns "" (2 double quotes) if s is empty. // Alternatively, these transformations are done: -// - every back slash (\) is doubled, but only if immediately -// followed by double quote ("); -// - every double quote (") is escaped by back slash (\); -// - finally, s is wrapped with double quotes (arg -> "arg"), -// but only if there is space or tab inside s. +// - every back slash (\) is doubled, but only if immediately +// followed by double quote ("); +// - every double quote (") is escaped by back slash (\); +// - finally, s is wrapped with double quotes (arg -> "arg"), +// but only if there is space or tab inside s. func EscapeArg(s string) string { if len(s) == 0 { return "\"\"" diff --git a/vendor/golang.org/x/sys/windows/syscall_windows.go b/vendor/golang.org/x/sys/windows/syscall_windows.go index cf44e693379..636e5de60e3 100644 --- a/vendor/golang.org/x/sys/windows/syscall_windows.go +++ b/vendor/golang.org/x/sys/windows/syscall_windows.go @@ -10,6 +10,7 @@ import ( errorspkg "errors" "fmt" "runtime" + "strings" "sync" "syscall" "time" @@ -86,10 +87,8 @@ func StringToUTF16(s string) []uint16 { // s, with a terminating NUL added. If s contains a NUL byte at any // location, it returns (nil, syscall.EINVAL). func UTF16FromString(s string) ([]uint16, error) { - for i := 0; i < len(s); i++ { - if s[i] == 0 { - return nil, syscall.EINVAL - } + if strings.IndexByte(s, 0) != -1 { + return nil, syscall.EINVAL } return utf16.Encode([]rune(s + "\x00")), nil } @@ -186,8 +185,8 @@ func NewCallbackCDecl(fn interface{}) uintptr { //sys GetNamedPipeInfo(pipe Handle, flags *uint32, outSize *uint32, inSize *uint32, maxInstances *uint32) (err error) //sys GetNamedPipeHandleState(pipe Handle, state *uint32, curInstances *uint32, maxCollectionCount *uint32, collectDataTimeout *uint32, userName *uint16, maxUserNameSize uint32) (err error) = GetNamedPipeHandleStateW //sys SetNamedPipeHandleState(pipe Handle, state *uint32, maxCollectionCount *uint32, collectDataTimeout *uint32) (err error) = SetNamedPipeHandleState -//sys ReadFile(handle Handle, buf []byte, done *uint32, overlapped *Overlapped) (err error) -//sys WriteFile(handle Handle, buf []byte, done *uint32, overlapped *Overlapped) (err error) +//sys readFile(handle Handle, buf []byte, done *uint32, overlapped *Overlapped) (err error) = ReadFile +//sys writeFile(handle Handle, buf []byte, done *uint32, overlapped *Overlapped) (err error) = WriteFile //sys GetOverlappedResult(handle Handle, overlapped *Overlapped, done *uint32, wait bool) (err error) //sys SetFilePointer(handle Handle, lowoffset int32, highoffsetptr *int32, whence uint32) (newlowoffset uint32, err error) [failretval==0xffffffff] //sys CloseHandle(handle Handle) (err error) @@ -549,12 +548,6 @@ func Read(fd Handle, p []byte) (n int, err error) { } return 0, e } - if raceenabled { - if done > 0 { - raceWriteRange(unsafe.Pointer(&p[0]), int(done)) - } - raceAcquire(unsafe.Pointer(&ioSync)) - } return int(done), nil } @@ -567,12 +560,31 @@ func Write(fd Handle, p []byte) (n int, err error) { if e != nil { return 0, e } - if raceenabled && done > 0 { - raceReadRange(unsafe.Pointer(&p[0]), int(done)) - } return int(done), nil } +func ReadFile(fd Handle, p []byte, done *uint32, overlapped *Overlapped) error { + err := readFile(fd, p, done, overlapped) + if raceenabled { + if *done > 0 { + raceWriteRange(unsafe.Pointer(&p[0]), int(*done)) + } + raceAcquire(unsafe.Pointer(&ioSync)) + } + return err +} + +func WriteFile(fd Handle, p []byte, done *uint32, overlapped *Overlapped) error { + if raceenabled { + raceReleaseMerge(unsafe.Pointer(&ioSync)) + } + err := writeFile(fd, p, done, overlapped) + if raceenabled && *done > 0 { + raceReadRange(unsafe.Pointer(&p[0]), int(*done)) + } + return err +} + var ioSync int64 func Seek(fd Handle, offset int64, whence int) (newoffset int64, err error) { @@ -611,7 +623,6 @@ var ( func getStdHandle(stdhandle uint32) (fd Handle) { r, _ := GetStdHandle(stdhandle) - CloseOnExec(r) return r } diff --git a/vendor/golang.org/x/sys/windows/zsyscall_windows.go b/vendor/golang.org/x/sys/windows/zsyscall_windows.go index 9ea1a44f04d..68f52c1e61e 100644 --- a/vendor/golang.org/x/sys/windows/zsyscall_windows.go +++ b/vendor/golang.org/x/sys/windows/zsyscall_windows.go @@ -2761,7 +2761,7 @@ func ReadDirectoryChanges(handle Handle, buf *byte, buflen uint32, watchSubTree return } -func ReadFile(handle Handle, buf []byte, done *uint32, overlapped *Overlapped) (err error) { +func readFile(handle Handle, buf []byte, done *uint32, overlapped *Overlapped) (err error) { var _p0 *byte if len(buf) > 0 { _p0 = &buf[0] @@ -3203,7 +3203,7 @@ func WriteConsole(console Handle, buf *uint16, towrite uint32, written *uint32, return } -func WriteFile(handle Handle, buf []byte, done *uint32, overlapped *Overlapped) (err error) { +func writeFile(handle Handle, buf []byte, done *uint32, overlapped *Overlapped) (err error) { var _p0 *byte if len(buf) > 0 { _p0 = &buf[0] diff --git a/vendor/modules.txt b/vendor/modules.txt index 314a8f53a2f..efe3c06eb0f 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -30,7 +30,7 @@ github.com/docker/go-units # github.com/godbus/dbus/v5 v5.1.0 ## explicit; go 1.12 github.com/godbus/dbus/v5 -# github.com/moby/sys/mountinfo v0.6.1 +# github.com/moby/sys/mountinfo v0.6.2 ## explicit; go 1.16 github.com/moby/sys/mountinfo # github.com/mrunalp/fileutils v0.5.0 @@ -74,7 +74,7 @@ github.com/vishvananda/netns # golang.org/x/net v0.0.0-20201224014010-6772e930b67b ## explicit; go 1.11 golang.org/x/net/bpf -# golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5 +# golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a ## explicit; go 1.17 golang.org/x/sys/execabs golang.org/x/sys/internal/unsafeheader From cc0feb4b6c8458f94a4c439e7711e057df72d0f4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 8 Jun 2022 04:12:16 +0000 Subject: [PATCH 0055/1176] build(deps): bump actions/cache from 3.0.2 to 3.0.4 Bumps [actions/cache](https://github.com/actions/cache) from 3.0.2 to 3.0.4. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/v3.0.2...v3.0.4) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/validate.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 979b0510dfd..5a213409e58 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -72,7 +72,7 @@ jobs: echo "VERSION=3.3.1" >> $GITHUB_ENV echo "$(go env GOPATH)/bin" >> $GITHUB_PATH - name: cache go mod and $GOCACHE - uses: actions/cache@v3.0.2 + uses: actions/cache@v3.0.4 with: path: | ~/go/pkg/mod @@ -119,7 +119,7 @@ jobs: with: go-version: "${{ env.GO_VERSION }}" - name: cache go mod and $GOCACHE - uses: actions/cache@v3.0.2 + uses: actions/cache@v3.0.4 with: path: | ~/go/pkg/mod From 56fcc9385c521fc0e9175e62e52b67f187ce4d70 Mon Sep 17 00:00:00 2001 From: Davanum Srinivas Date: Fri, 10 Jun 2022 15:27:30 -0400 Subject: [PATCH 0056/1176] Switch to newer v0.10.0 release of libseccomp-golang Signed-off-by: Davanum Srinivas --- go.mod | 2 +- go.sum | 4 +-- .../seccomp/libseccomp-golang/CHANGELOG | 25 +++++++++++++++ .../seccomp/libseccomp-golang/README.md | 32 +++++++++++++++---- .../seccomp/libseccomp-golang/SECURITY.md | 1 + .../seccomp/libseccomp-golang/seccomp.go | 15 +++++---- .../libseccomp-golang/seccomp_internal.go | 17 +++++----- vendor/modules.txt | 2 +- 8 files changed, 72 insertions(+), 26 deletions(-) diff --git a/go.mod b/go.mod index eda829ea48e..dd18d1fa7a7 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/mrunalp/fileutils v0.5.0 github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 github.com/opencontainers/selinux v1.10.1 - github.com/seccomp/libseccomp-golang v0.9.2-0.20220502022130-f33da4d89646 + github.com/seccomp/libseccomp-golang v0.10.0 github.com/sirupsen/logrus v1.8.1 github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 github.com/urfave/cli v1.22.9 diff --git a/go.sum b/go.sum index 4a0f6068439..3c81d97bcf9 100644 --- a/go.sum +++ b/go.sum @@ -46,8 +46,8 @@ github.com/rogpeppe/go-internal v1.6.1 h1:/FiVV8dS/e+YqF2JvO3yXRFbBLTIuSDkuC7aBO github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= github.com/russross/blackfriday/v2 v2.0.1 h1:lPqVAte+HuHNfhJ/0LC98ESWRz8afy9tM/0RK8m9o+Q= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= -github.com/seccomp/libseccomp-golang v0.9.2-0.20220502022130-f33da4d89646 h1:RpforrEYXWkmGwJHIGnLZ3tTWStkjVVstwzNGqxX2Ds= -github.com/seccomp/libseccomp-golang v0.9.2-0.20220502022130-f33da4d89646/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg= +github.com/seccomp/libseccomp-golang v0.10.0 h1:aA4bp+/Zzi0BnWZ2F1wgNBs5gTpm+na2rWM6M9YjLpY= +github.com/seccomp/libseccomp-golang v0.10.0/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg= github.com/shurcooL/sanitized_anchor_name v1.0.0 h1:PdmoCO6wvbs+7yrJyMORt4/BmY5IYyJwS/kOiWx8mHo= github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE= diff --git a/vendor/github.com/seccomp/libseccomp-golang/CHANGELOG b/vendor/github.com/seccomp/libseccomp-golang/CHANGELOG index a01d9a722d9..905a9b5cdc8 100644 --- a/vendor/github.com/seccomp/libseccomp-golang/CHANGELOG +++ b/vendor/github.com/seccomp/libseccomp-golang/CHANGELOG @@ -2,6 +2,31 @@ libseccomp-golang: Releases =============================================================================== https://github.com/seccomp/libseccomp-golang +* Version 0.10.0 - June 9, 2022 +- Minimum supported version of libseccomp bumped to v2.3.1 +- Add seccomp userspace notification API (ActNotify, filter.*Notif*) +- Add filter.{Get,Set}SSB (to support SCMP_FLTATR_CTL_SSB) +- Add filter.{Get,Set}Optimize (to support SCMP_FLTATR_CTL_OPTIMIZE) +- Add filter.{Get,Set}RawRC (to support SCMP_FLTATR_API_SYSRAWRC) +- Add ArchPARISC, ArchPARISC64, ArchRISCV64 +- Add ActKillProcess and ActKillThread; deprecate ActKill +- Add go module support +- Return ErrSyscallDoesNotExist when unable to resolve a syscall +- Fix some functions to check for both kernel level API and libseccomp version +- Fix MakeCondition to use sanitizeCompareOp +- Fix AddRule to handle EACCES (from libseccomp >= 2.5.0) +- Updated the main docs and converted to README.md +- Added CONTRIBUTING.md, SECURITY.md, and administrative docs under doc/admin +- Add GitHub action CI, enable more linters +- test: test against various libseccomp versions +- test: fix and simplify execInSubprocess +- test: fix APILevelIsSupported +- Refactor the Errno(-1 * retCode) pattern +- Refactor/unify libseccomp version / API level checks +- Code cleanups (linter, formatting, spelling fixes) +- Cleanup: use errors.New instead of fmt.Errorf where appropriate +- Cleanup: remove duplicated cgo stuff, redundant linux build tag + * Version 0.9.1 - May 21, 2019 - Minimum supported version of libseccomp bumped to v2.2.0 - Use Libseccomp's `seccomp_version` API to retrieve library version diff --git a/vendor/github.com/seccomp/libseccomp-golang/README.md b/vendor/github.com/seccomp/libseccomp-golang/README.md index 6430f1c9e25..312135ee59e 100644 --- a/vendor/github.com/seccomp/libseccomp-golang/README.md +++ b/vendor/github.com/seccomp/libseccomp-golang/README.md @@ -22,19 +22,37 @@ The library source repository currently lives on GitHub at the following URLs: * https://github.com/seccomp/libseccomp-golang * https://github.com/seccomp/libseccomp -The project mailing list is currently hosted on Google Groups at the URL below, -please note that a Google account is not required to subscribe to the mailing -list. - -* https://groups.google.com/d/forum/libseccomp - Documentation for this package is also available at: * https://pkg.go.dev/github.com/seccomp/libseccomp-golang +## Verifying Releases + +Starting with libseccomp-golang v0.10.0, the git tag corresponding to each +release should be signed by one of the libseccomp-golang maintainers. It is +recommended that before use you verify the release tags using the following +command: + + % git tag -v + +At present, only the following keys, specified via the fingerprints below, are +authorized to sign official libseccomp-golang release tags: + + Paul Moore + 7100 AADF AE6E 6E94 0D2E 0AD6 55E4 5A5A E8CA 7C8A + + Tom Hromatka + 47A6 8FCE 37C7 D702 4FD6 5E11 356C E62C 2B52 4099 + + Kir Kolyshkin + C242 8CD7 5720 FACD CF76 B6EA 17DE 5ECB 75A1 100E + +More information on GnuPG and git tag verification can be found at their +respective websites: https://git-scm.com/docs/git and https://gnupg.org. + ## Installing the package - # go get github.com/seccomp/libseccomp-golang + % go get github.com/seccomp/libseccomp-golang ## Contributing diff --git a/vendor/github.com/seccomp/libseccomp-golang/SECURITY.md b/vendor/github.com/seccomp/libseccomp-golang/SECURITY.md index c448faa8e80..f645d4efec9 100644 --- a/vendor/github.com/seccomp/libseccomp-golang/SECURITY.md +++ b/vendor/github.com/seccomp/libseccomp-golang/SECURITY.md @@ -22,6 +22,7 @@ window. * Paul Moore, paul@paul-moore.com * Tom Hromatka, tom.hromatka@oracle.com +* Kir Kolyshkin, kolyshkin@gmail.com ### Resolving Sensitive Security Issues diff --git a/vendor/github.com/seccomp/libseccomp-golang/seccomp.go b/vendor/github.com/seccomp/libseccomp-golang/seccomp.go index 8dad12fdbb9..c23406754c6 100644 --- a/vendor/github.com/seccomp/libseccomp-golang/seccomp.go +++ b/vendor/github.com/seccomp/libseccomp-golang/seccomp.go @@ -7,6 +7,7 @@ package seccomp import ( + "errors" "fmt" "os" "runtime" @@ -245,8 +246,8 @@ const ( ) // ErrSyscallDoesNotExist represents an error condition where -// libseccomp is unable to resolve the syscall -var ErrSyscallDoesNotExist = fmt.Errorf("could not resolve syscall name") +// libseccomp is unable to resolve the syscall. +var ErrSyscallDoesNotExist = errors.New("could not resolve syscall name") const ( // Userspace notification response flags @@ -556,7 +557,7 @@ func MakeCondition(arg uint, comparison ScmpCompareOp, values ...uint64) (ScmpCo } else if len(values) > 2 { return condStruct, fmt.Errorf("conditions can have at most 2 arguments (%d given)", len(values)) } else if len(values) == 0 { - return condStruct, fmt.Errorf("must provide at least one value to compare against") + return condStruct, errors.New("must provide at least one value to compare against") } condStruct.Argument = arg @@ -611,7 +612,7 @@ func NewFilter(defaultAction ScmpAction) (*ScmpFilter, error) { fPtr := C.seccomp_init(defaultAction.toNative()) if fPtr == nil { - return nil, fmt.Errorf("could not create filter") + return nil, errors.New("could not create filter") } filter := new(ScmpFilter) @@ -623,7 +624,7 @@ func NewFilter(defaultAction ScmpAction) (*ScmpFilter, error) { // If the kernel does not support TSYNC, allow us to continue without error. if err := filter.setFilterAttr(filterAttrTsync, 0x1); err != nil && err != syscall.ENOTSUP { filter.Release() - return nil, fmt.Errorf("could not create filter - error setting tsync bit: %v", err) + return nil, fmt.Errorf("could not create filter: error setting tsync bit: %w", err) } return filter, nil @@ -695,14 +696,14 @@ func (f *ScmpFilter) Merge(src *ScmpFilter) error { defer src.lock.Unlock() if !src.valid || !f.valid { - return fmt.Errorf("one or more of the filter contexts is invalid or uninitialized") + return errors.New("one or more of the filter contexts is invalid or uninitialized") } // Merge the filters if retCode := C.seccomp_merge(f.filterCtx, src.filterCtx); retCode != 0 { e := errRc(retCode) if e == syscall.EINVAL { - return fmt.Errorf("filters could not be merged due to a mismatch in attributes or invalid filter") + return fmt.Errorf("filters could not be merged due to a mismatch in attributes or invalid filter: %w", e) } return e } diff --git a/vendor/github.com/seccomp/libseccomp-golang/seccomp_internal.go b/vendor/github.com/seccomp/libseccomp-golang/seccomp_internal.go index df4dfb7eba8..0a7fd34f510 100644 --- a/vendor/github.com/seccomp/libseccomp-golang/seccomp_internal.go +++ b/vendor/github.com/seccomp/libseccomp-golang/seccomp_internal.go @@ -340,7 +340,7 @@ func ensureSupportedVersion() error { func getAPI() (uint, error) { api := C.seccomp_api_get() if api == 0 { - return 0, fmt.Errorf("API level operations are not supported") + return 0, errors.New("API level operations are not supported") } return uint(api), nil @@ -349,11 +349,12 @@ func getAPI() (uint, error) { // Set the API level func setAPI(api uint) error { if retCode := C.seccomp_api_set(C.uint(api)); retCode != 0 { - if errRc(retCode) == syscall.EOPNOTSUPP { - return fmt.Errorf("API level operations are not supported") + e := errRc(retCode) + if e == syscall.EOPNOTSUPP { + return errors.New("API level operations are not supported") } - return fmt.Errorf("could not set API level: %v", retCode) + return fmt.Errorf("could not set API level: %w", e) } return nil @@ -411,7 +412,7 @@ func (f *ScmpFilter) setFilterAttr(attr scmpFilterAttr, value C.uint32_t) error // Wrapper for seccomp_rule_add_... functions func (f *ScmpFilter) addRuleWrapper(call ScmpSyscall, action ScmpAction, exact bool, length C.uint, cond C.scmp_cast_t) error { if length != 0 && cond == nil { - return fmt.Errorf("null conditions list, but length is nonzero") + return errors.New("null conditions list, but length is nonzero") } var retCode C.int @@ -430,7 +431,7 @@ func (f *ScmpFilter) addRuleWrapper(call ScmpSyscall, action ScmpAction, exact b case syscall.EPERM, syscall.EACCES: return errDefAction case syscall.EINVAL: - return fmt.Errorf("two checks on same syscall argument") + return errors.New("two checks on same syscall argument") default: return e } @@ -455,7 +456,7 @@ func (f *ScmpFilter) addRuleGeneric(call ScmpSyscall, action ScmpAction, exact b } else { argsArr := C.make_arg_cmp_array(C.uint(len(conds))) if argsArr == nil { - return fmt.Errorf("error allocating memory for conditions") + return errors.New("error allocating memory for conditions") } defer C.free(argsArr) @@ -495,7 +496,7 @@ func sanitizeAction(in ScmpAction) error { } if inTmp != ActTrace && inTmp != ActErrno && (in&0xFFFF0000) != 0 { - return fmt.Errorf("highest 16 bits must be zeroed except for Trace and Errno") + return errors.New("highest 16 bits must be zeroed except for Trace and Errno") } return nil diff --git a/vendor/modules.txt b/vendor/modules.txt index efe3c06eb0f..60fb5857e2e 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -48,7 +48,7 @@ github.com/opencontainers/selinux/pkg/pwalkdir # github.com/russross/blackfriday/v2 v2.0.1 ## explicit github.com/russross/blackfriday/v2 -# github.com/seccomp/libseccomp-golang v0.9.2-0.20220502022130-f33da4d89646 +# github.com/seccomp/libseccomp-golang v0.10.0 ## explicit; go 1.14 github.com/seccomp/libseccomp-golang # github.com/shurcooL/sanitized_anchor_name v1.0.0 From c0be1aa2d101dcd3074b5a0e486d58d3f9568d81 Mon Sep 17 00:00:00 2001 From: cdoern Date: Mon, 13 Jun 2022 13:35:56 -0400 Subject: [PATCH 0057/1176] export blockIODevice the struct blockIODevice is used in an exported struct but it is not itself exported rendering that type inaccessible to outside projects Signed-off-by: cdoern --- libcontainer/configs/blkio_device.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/libcontainer/configs/blkio_device.go b/libcontainer/configs/blkio_device.go index fa195bf90f8..865344f99c4 100644 --- a/libcontainer/configs/blkio_device.go +++ b/libcontainer/configs/blkio_device.go @@ -2,8 +2,8 @@ package configs import "fmt" -// blockIODevice holds major:minor format supported in blkio cgroup -type blockIODevice struct { +// BlockIODevice holds major:minor format supported in blkio cgroup. +type BlockIODevice struct { // Major is the device's major number Major int64 `json:"major"` // Minor is the device's minor number @@ -12,7 +12,7 @@ type blockIODevice struct { // WeightDevice struct holds a `major:minor weight`|`major:minor leaf_weight` pair type WeightDevice struct { - blockIODevice + BlockIODevice // Weight is the bandwidth rate for the device, range is from 10 to 1000 Weight uint16 `json:"weight"` // LeafWeight is the bandwidth rate for the device while competing with the cgroup's child cgroups, range is from 10 to 1000, cfq scheduler only @@ -41,7 +41,7 @@ func (wd *WeightDevice) LeafWeightString() string { // ThrottleDevice struct holds a `major:minor rate_per_second` pair type ThrottleDevice struct { - blockIODevice + BlockIODevice // Rate is the IO rate limit per cgroup per device Rate uint64 `json:"rate"` } From d370e3c04660201e72ba6968342ce964c31a2d7f Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 14 Jun 2022 17:19:10 -0700 Subject: [PATCH 0058/1176] libct: fix mounting via wrong proc fd Due to a bug in commit 9c444070ec7, when the user and mount namespaces are used, and the bind mount is followed by the cgroup mount in the spec, the cgroup is mounted using the bind mount's mount fd. This can be reproduced with podman 4.1 (when configured to use runc): $ podman run --uidmap 0:100:10000 quay.io/libpod/testimage:20210610 mount Error: /home/kir/git/runc/runc: runc create failed: unable to start container process: error during container init: error mounting "cgroup" to rootfs at "/sys/fs/cgroup": mount /proc/self/fd/11:/sys/fs/cgroup/systemd (via /proc/self/fd/12), flags: 0x20502f: operation not permitted: OCI permission denied or manually with the spec mounts containing something like this: { "destination": "/etc/resolv.conf", "type": "bind", "source": "/userdata/resolv.conf", "options": [ "bind" ] }, { "destination": "/sys/fs/cgroup", "type": "cgroup", "source": "cgroup", "options": [ "rprivate", "nosuid", "noexec", "nodev", "relatime", "ro" ] } The issue was not found earlier since it requires using userns, and even then mount fd is ignored by mountToRootfs, except for bind mounts, and all the bind mounts have mountfd set, except for the case of cgroup v1's /sys/fs/cgroup which is internally transformed into a bunch of bind mounts. This is a minimal fix for the issue, suitable for backporting. A test case is added which reproduces the issue without the fix applied. Fixes: 9c444070ec7 ("Open bind mount sources from the host userns") Signed-off-by: Kir Kolyshkin --- libcontainer/rootfs_linux.go | 2 ++ tests/integration/userns.bats | 19 +++++++++++++++++++ 2 files changed, 21 insertions(+) diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index e8d8211b198..2a98372b561 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -73,6 +73,8 @@ func prepareRootfs(pipe io.ReadWriter, iConfig *initConfig, mountFds []int) (err // Therefore, we can access mountFds[i] without any concerns. if mountFds != nil && mountFds[i] != -1 { mountConfig.fd = &mountFds[i] + } else { + mountConfig.fd = nil } if err := mountToRootfs(m, mountConfig); err != nil { diff --git a/tests/integration/userns.bats b/tests/integration/userns.bats index f6c677bcb26..d52444cacc5 100644 --- a/tests/integration/userns.bats +++ b/tests/integration/userns.bats @@ -64,3 +64,22 @@ function teardown() { runc exec test_busybox stat /tmp/mount-1/foo.txt /tmp/mount-2/foo.txt [ "$status" -eq 0 ] } + +# Issue fixed by https://github.com/opencontainers/runc/pull/3510. +@test "userns with bind mount before a cgroupfs mount" { + # This can only be reproduced on cgroup v1 (and no cgroupns) due to the + # way it is mounted in such case (a bunch of of bind mounts). + requires cgroups_v1 + + # Add a bind mount right before the /sys/fs/cgroup mount, + # and make sure cgroupns is not enabled. + update_config ' .mounts |= map(if .destination == "/sys/fs/cgroup" then ({"source": "source-accessible/dir", "destination": "/tmp/mount-1", "options": ["bind"]}, .) else . end) + | .linux.namespaces -= [{"type": "cgroup"}]' + + runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox + [ "$status" -eq 0 ] + + # Make sure this is real cgroupfs. + runc exec test_busybox cat /sys/fs/cgroup/{pids,memory}/tasks + [ "$status" -eq 0 ] +} From 66625701105c6b38260fa4bbe465e0615135d018 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 16 Jun 2022 16:31:42 -0700 Subject: [PATCH 0059/1176] libct: fix staticcheck warning A new version of staticcheck (included into golangci-lint 1.46.2) gives this new warning: > libcontainer/factory_linux.go:230:59: SA9008: e refers to the result of a failed type assertion and is a zero value, not the value that was being type-asserted (staticcheck) > err = fmt.Errorf("panic from initialization: %v, %s", e, debug.Stack()) > ^ > libcontainer/factory_linux.go:226:7: SA9008(related information): this is the variable being read (staticcheck) > if e, ok := e.(error); ok { > ^ Apparently, this is indeed a bug. Fix by using a different name for a new variable, so we can access the old one under "else". Signed-off-by: Kir Kolyshkin --- libcontainer/factory_linux.go | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/libcontainer/factory_linux.go b/libcontainer/factory_linux.go index 17b05a55298..cd39ca38fae 100644 --- a/libcontainer/factory_linux.go +++ b/libcontainer/factory_linux.go @@ -223,10 +223,9 @@ func StartInitialization() (err error) { defer func() { if e := recover(); e != nil { - if e, ok := e.(error); ok { - err = fmt.Errorf("panic from initialization: %w, %s", e, debug.Stack()) + if ee, ok := e.(error); ok { + err = fmt.Errorf("panic from initialization: %w, %s", ee, debug.Stack()) } else { - //nolint:errorlint // here e is not of error type err = fmt.Errorf("panic from initialization: %v, %s", e, debug.Stack()) } } From 7481c3c97b67ae085cda4283191b1f002a22d601 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 16 Jun 2022 16:33:55 -0700 Subject: [PATCH 0060/1176] ci: bump golangci-lint to 1.46 Signed-off-by: Kir Kolyshkin --- .github/workflows/validate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 5a213409e58..8846215db36 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -32,7 +32,7 @@ jobs: sudo apt -q install libseccomp-dev - uses: golangci/golangci-lint-action@v3 with: - version: v1.45 + version: v1.46 # Extra linters, only checking new code from a pull request. - name: lint-extra if: github.event_name == 'pull_request' From 35e6c3bf794326ad7844aa2e25efd4946a7addbe Mon Sep 17 00:00:00 2001 From: guodong Date: Sun, 5 Jun 2022 23:57:36 +0800 Subject: [PATCH 0061/1176] libct/nsenter: switch to sane_kill() Signed-off-by: guodong --- libcontainer/nsenter/nsexec.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/libcontainer/nsenter/nsexec.c b/libcontainer/nsenter/nsexec.c index 52e4521c523..9ecf791e93f 100644 --- a/libcontainer/nsenter/nsexec.c +++ b/libcontainer/nsenter/nsexec.c @@ -1068,7 +1068,7 @@ void nsexec(void) s = SYNC_MOUNTSOURCES_ACK; if (write(syncfd, &s, sizeof(s)) != sizeof(s)) { - kill(stage1_pid, SIGKILL); + sane_kill(stage1_pid, SIGKILL); bail("failed to sync with child: write(SYNC_MOUNTSOURCES_ACK)"); } break; @@ -1230,7 +1230,7 @@ void nsexec(void) if (config.mountsources) { s = SYNC_MOUNTSOURCES_PLS; if (write(syncfd, &s, sizeof(s)) != sizeof(s)) { - kill(stage2_pid, SIGKILL); + sane_kill(stage2_pid, SIGKILL); bail("failed to sync with parent: write(SYNC_MOUNTSOURCES_PLS)"); } @@ -1239,11 +1239,11 @@ void nsexec(void) /* Parent finished to send the mount sources fds. */ if (read(syncfd, &s, sizeof(s)) != sizeof(s)) { - kill(stage2_pid, SIGKILL); + sane_kill(stage2_pid, SIGKILL); bail("failed to sync with parent: read(SYNC_MOUNTSOURCES_ACK)"); } if (s != SYNC_MOUNTSOURCES_ACK) { - kill(stage2_pid, SIGKILL); + sane_kill(stage2_pid, SIGKILL); bail("failed to sync with parent: SYNC_MOUNTSOURCES_ACK: got %u", s); } } From 086ddb15429ed15bf08782290a2b45e727618466 Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Wed, 30 Mar 2022 13:40:29 +0900 Subject: [PATCH 0062/1176] Vagrantfile.fedora: upgrade Fedora to 36 Signed-off-by: Akihiro Suda --- Vagrantfile.fedora | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/Vagrantfile.fedora b/Vagrantfile.fedora index 511e9692e27..7d35e3861d1 100644 --- a/Vagrantfile.fedora +++ b/Vagrantfile.fedora @@ -3,7 +3,7 @@ Vagrant.configure("2") do |config| # Fedora box is used for testing cgroup v2 support - config.vm.box = "fedora/35-cloud-base" + config.vm.box = "fedora/36-cloud-base" config.vm.provider :virtualbox do |v| v.memory = 2048 v.cpus = 2 @@ -23,7 +23,7 @@ Vagrant.configure("2") do |config| cat << EOF | dnf -y --exclude=kernel,kernel-core shell && break config install_weak_deps false update -install iptables gcc make glibc-static libseccomp-devel bats jq git-core criu fuse-sshfs +install iptables gcc golang-go make glibc-static libseccomp-devel bats jq git-core criu fuse-sshfs ts run EOF done @@ -32,11 +32,6 @@ EOF # Prevent the "fatal: unsafe repository" git complain during build. git config --global --add safe.directory /vagrant - # Install golang. - # FIXME go back to golang-go rpm once switched to Fedora 36. - curl -fsSL https://go.dev/dl/go1.18.linux-amd64.tar.gz | tar Cxz /usr/local - echo 'export PATH=/usr/local/go/bin:$PATH' >> /etc/profile.d/golang.sh - # Add a user for rootless tests useradd -u2000 -m -d/home/rootless -s/bin/bash rootless From 957d97bcf43f41beef9670fe22ec78ccb5c5c101 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 30 Jun 2022 12:44:46 -0700 Subject: [PATCH 0063/1176] Fix error from runc run on noexec fs When starting a new container, and the very last step of executing of a user process fails (last lines of (*linuxStandardInit).Init), it is too late to print a proper error since both the log pipe and the init pipe are closed. This is partially mitigated by using exec.LookPath() which is supposed to say whether we will be able to execute or not. Alas, it fails to do so when the binary to be executed resides on a filesystem mounted with noexec flag. A workaround would be to use access(2) with X_OK flag. Alas, it is not working when runc itself is a setuid (or setgid) binary. In this case, faccessat2(2) with AT_EACCESS can be used, but it is only available since Linux v5.8. So, use faccessat2(2) with AT_EACCESS if available. If not, fall back to access(2) for non-setuid runc, and do nothing for setuid runc (as there is nothing we can do). Note that this check if in addition to whatever exec.LookPath does. Fixes https://github.com/opencontainers/runc/issues/3520 Signed-off-by: Kir Kolyshkin --- libcontainer/standard_init_linux.go | 7 +++++++ libcontainer/system/linux.go | 19 +++++++++++++++++++ 2 files changed, 26 insertions(+) diff --git a/libcontainer/standard_init_linux.go b/libcontainer/standard_init_linux.go index 1a9c4979c26..6ad25c9a4df 100644 --- a/libcontainer/standard_init_linux.go +++ b/libcontainer/standard_init_linux.go @@ -198,6 +198,13 @@ func (l *linuxStandardInit) Init() error { if err != nil { return err } + // exec.LookPath might return no error for an executable residing on a + // file system mounted with noexec flag, so perform this extra check + // now while we can still return a proper error. + if err := system.Eaccess(name); err != nil { + return &os.PathError{Op: "exec", Path: name, Err: err} + } + // Set seccomp as close to execve as possible, so as few syscalls take // place afterward (reducing the amount of syscalls that users need to // enable in their seccomp profiles). However, this needs to be done diff --git a/libcontainer/system/linux.go b/libcontainer/system/linux.go index e1d6eb18034..039059a444c 100644 --- a/libcontainer/system/linux.go +++ b/libcontainer/system/linux.go @@ -31,6 +31,25 @@ func (p ParentDeathSignal) Set() error { return SetParentDeathSignal(uintptr(p)) } +// Eaccess is similar to unix.Access except for setuid/setgid binaries +// it checks against the effective (rather than real) uid and gid. +func Eaccess(path string) error { + err := unix.Faccessat2(unix.AT_FDCWD, path, unix.X_OK, unix.AT_EACCESS) + if err != unix.ENOSYS && err != unix.EPERM { //nolint:errorlint // unix errors are bare + return err + } + + // Faccessat2() not available; check if we are a set[ug]id binary. + if os.Getuid() == os.Geteuid() && os.Getgid() == os.Getegid() { + // For a non-set[ug]id binary, use access(2). + return unix.Access(path, unix.X_OK) + } + + // For a setuid/setgid binary, there is no fallback way + // so assume we can execute the binary. + return nil +} + func Execv(cmd string, args []string, env []string) error { name, err := exec.LookPath(cmd) if err != nil { From d2a5acd22a7c435fc180be197eab890c45c41c0b Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 1 Jul 2022 15:49:57 -0700 Subject: [PATCH 0064/1176] CHANGELOG.md: forward-port 1.1.x changes This is a forward-port of commit 91fa032da406 ("ci: add basic checks for CHANGELOG.md"), plus whatever changes were made in release-1.1 branch (up to v1.1.3). Signed-off-by: Kir Kolyshkin --- .github/workflows/validate.yml | 5 +- CHANGELOG.md | 84 ++++++++++++++++++++++++++++++---- Makefile | 10 +++- 3 files changed, 89 insertions(+), 10 deletions(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 8846215db36..83f1603c722 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -151,7 +151,6 @@ jobs: pattern: '^.{0,72}(\n.*)*$' error: 'Subject too long (max 72)' - cfmt: runs-on: ubuntu-20.04 steps: @@ -176,6 +175,10 @@ jobs: uses: actions/checkout@v3 with: fetch-depth: 0 + + - name: check CHANGELOG.md + run: make verify-changelog + # We have to run this under Docker as Ubuntu (host) does not support all # the architectures we want to compile test against, and Dockerfile uses # Debian (which does). diff --git a/CHANGELOG.md b/CHANGELOG.md index 5d4d881bb1a..ae8b82981d7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,4 @@ -# Changelog/ +# Changelog This file documents all notable changes made to this project since runc 1.0. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), @@ -27,6 +27,70 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 support would return `-EPERM` despite the existence of the `-ENOSYS` stub code (this was due to how s390x does syscall multiplexing). (#3474) + +## [1.1.3] - 2022-06-09 + +> In the beginning there was nothing, which exploded. + +### Fixed + * Our seccomp `-ENOSYS` stub now correctly handles multiplexed syscalls on + s390 and s390x. This solves the issue where syscalls the host kernel did not + support would return `-EPERM` despite the existence of the `-ENOSYS` stub + code (this was due to how s390x does syscall multiplexing). (#3478) + * Retry on dbus disconnect logic in libcontainer/cgroups/systemd now works as + intended; this fix does not affect runc binary itself but is important for + libcontainer users such as Kubernetes. (#3476) + * Inability to compile with recent clang due to an issue with duplicate + constants in libseccomp-golang. (#3477) + * When using systemd cgroup driver, skip adding device paths that don't exist, + to stop systemd from emitting warnings about those paths. (#3504) + * Socket activation was failing when more than 3 sockets were used. (#3494) + * Various CI fixes. (#3472, #3479) + +### Added + * Allow to bind mount /proc/sys/kernel/ns_last_pid to inside container. (#3493) + +### Changed + * runc static binaries are now linked against libseccomp v2.5.4. (#3481) + + +## [1.1.2] - 2022-05-11 + +> I should think I'm going to be a perpetual student. + +### Security + * A bug was found in runc where runc exec --cap executed processes with + non-empty inheritable Linux process capabilities, creating an atypical Linux + environment. For more information, see [GHSA-f3fp-gc8g-vw66][] and + CVE-2022-29162. + +### Changed + * `runc spec` no longer sets any inheritable capabilities in the created + example OCI spec (`config.json`) file. + +[GHSA-f3fp-gc8g-vw66]: https://github.com/opencontainers/runc/security/advisories/GHSA-f3fp-gc8g-vw66 + + +## [1.1.1] - 2022-03-28 + +> Violence is the last refuge of the incompetent. + +### Added + * CI is now also run on centos-stream-9. (#3436) + +### Fixed + * `runc run/start` can now run a container with read-only `/dev` in OCI spec, + rather than error out. (#3355) + * `runc exec` now ensures that `--cgroup` argument is a sub-cgroup. (#3403) + * libcontainer systemd v2 manager no longer errors out if one of the files + listed in `/sys/kernel/cgroup/delegate` do not exist in container's cgroup. + (#3387, #3404) + * Loose OCI spec validation to avoid bogus "Intel RDT is not supported" error. + (#3406) + * libcontainer/cgroups no longer panics in cgroup v1 managers if `stat` + of `/sys/fs/cgroup/unified` returns an error other than ENOENT. (#3435) + + ## [1.1.0] - 2022-01-14 > A plan depends as much upon execution as it does upon concept. @@ -37,6 +101,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 should avoid folks accidentally creating broken runc binaries (and incorrectly importing our internal libraries into their projects). (#3331) + ## [1.1.0-rc.1] - 2021-12-14 > He who controls the spice controls the universe. @@ -62,7 +127,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 binary etc.) and failures of the command being executed. (#3073) * runc run: new `--keep` option to skip removal exited containers artefacts. This might be useful to check the state (e.g. of cgroup controllers) after - the container hasexited. (#2817, #2825) + the container has exited. (#2817, #2825) * seccomp: add support for `SCMP_ACT_KILL_PROCESS` and `SCMP_ACT_KILL_THREAD` (the latter is just an alias for `SCMP_ACT_KILL`). (#3204) * seccomp: add support for `SCMP_ACT_NOTIFY` (seccomp actions). This allows @@ -151,13 +216,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Fixed * Fixed inability to start a container with read-write bind mount of a read-only fuse host mount. (#3283, #3292) - * Fixed inability to start when read-only /dev in set in spec (#3276, #3277) + * Fixed inability to start when read-only /dev in set in spec. (#3276, #3277) * Fixed not removing sub-cgroups upon container delete, when rootless cgroup v2 is used with older systemd. (#3226, #3297) * Fixed returning error from GetStats when hugetlb is unsupported (which causes excessive logging for Kubernetes). (#3233, #3295) * Improved an error message when dbus-user-session is not installed and - rootless + cgroup2 + systemd are used (#3212) + rootless + cgroup2 + systemd are used. (#3212) [GHSA-v95c-p5hm-xq8f]: https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f @@ -237,7 +302,7 @@ implementation (libcontainer) is *not* covered by this policy. code, optimize the method for checking whether a cgroup is frozen. (#2955) * cgroups/systemd: fixed "retry on dbus disconnect" logic introduced in rc94 * cgroups/systemd: fixed returning "unit already exists" error from a systemd - cgroup manager (regression in rc94) (#2997, #2996) + cgroup manager (regression in rc94). (#2997, #2996) ### Added * cgroupv2: support SkipDevices with systemd driver. (#2958, #3019) @@ -246,7 +311,7 @@ implementation (libcontainer) is *not* covered by this policy. (#3022) ### Changed - * cgroup/systemd: return, not ignore, stop unit error from Destroy (#2946) + * cgroup/systemd: return, not ignore, stop unit error from Destroy. (#2946) * Fix all golangci-lint failures. (#2781, #2962) * Make `runc --version` output sane even when built with `go get` or otherwise outside of our build scripts. (#2962) @@ -254,7 +319,7 @@ implementation (libcontainer) is *not* covered by this policy. cgroups at all during `runc update`). (#2994) -[Unreleased]: https://github.com/opencontainers/runc/compare/v1.1.0...HEAD +[Unreleased]: https://github.com/opencontainers/runc/compare/v1.1.3...HEAD [1.1.0]: https://github.com/opencontainers/runc/compare/v1.1.0-rc.1...v1.1.0 [1.0.0]: https://github.com/opencontainers/runc/releases/tag/v1.0.0 @@ -265,5 +330,8 @@ implementation (libcontainer) is *not* covered by this policy. [1.0.1]: https://github.com/opencontainers/runc/compare/v1.0.0...v1.0.1 -[Unreleased 1.1.z]: https://github.com/opencontainers/runc/compare/v1.1.0...release-1.1 +[Unreleased 1.1.z]: https://github.com/opencontainers/runc/compare/v1.1.3...release-1.1 +[1.1.3]: https://github.com/opencontainers/runc/compare/v1.1.2...v1.1.3 +[1.1.2]: https://github.com/opencontainers/runc/compare/v1.1.1...v1.1.2 +[1.1.1]: https://github.com/opencontainers/runc/compare/v1.1.0...v1.1.1 [1.1.0-rc.1]: https://github.com/opencontainers/runc/compare/v1.0.0...v1.1.0-rc.1 diff --git a/Makefile b/Makefile index e789e7c372c..9ebf0c61d2c 100644 --- a/Makefile +++ b/Makefile @@ -175,6 +175,14 @@ vendor: $(GO) mod vendor $(GO) mod verify +verify-changelog: + # No non-ASCII characters. + ! LC_ALL=C grep -n -P '[\x80-\xFF]' CHANGELOG.md + # No space at EOL. + ! grep -n '\s$$' CHANGELOG.md + # Period before issue/PR references. + ! grep -n '[0-9a-zA-Z][^.] (#[1-9][0-9, #]*)$$' CHANGELOG.md + verify-dependencies: vendor @test -z "$$(git status --porcelain -- go.mod go.sum vendor/)" \ || (echo -e "git status:\n $$(git status -- go.mod go.sum vendor/)\nerror: vendor/, go.mod and/or go.sum not up to date. Run \"make vendor\" to update"; exit 1) \ @@ -185,4 +193,4 @@ verify-dependencies: vendor test localtest unittest localunittest integration localintegration \ rootlessintegration localrootlessintegration shell install install-bash \ install-man clean cfmt shfmt shellcheck \ - vendor verify-dependencies + vendor verify-changelog verify-dependencies From e119db7a23c773ca94b84a9f0086d1e5a12890f4 Mon Sep 17 00:00:00 2001 From: Shengjing Zhu Date: Mon, 4 Jul 2022 16:03:31 +0800 Subject: [PATCH 0065/1176] tests: enable seccomp default action tests on arm Signed-off-by: Shengjing Zhu --- tests/integration/seccomp.bats | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/tests/integration/seccomp.bats b/tests/integration/seccomp.bats index e81beca3357..c24eeb26a0f 100644 --- a/tests/integration/seccomp.bats +++ b/tests/integration/seccomp.bats @@ -43,8 +43,8 @@ function teardown() { | .process.noNewPrivileges = false | .linux.seccomp = { "defaultAction":"SCMP_ACT_ALLOW", - "architectures":["SCMP_ARCH_X86","SCMP_ARCH_X32"], - "syscalls":[{"names":["mkdir"], "action":"SCMP_ACT_ERRNO"}] + "architectures":["SCMP_ARCH_X86","SCMP_ARCH_X32","SCMP_ARCH_X86_64","SCMP_ARCH_AARCH64","SCMP_ARCH_ARM"], + "syscalls":[{"names":["mkdir","mkdirat"], "action":"SCMP_ACT_ERRNO"}] }' runc run test_busybox @@ -57,8 +57,8 @@ function teardown() { | .process.noNewPrivileges = false | .linux.seccomp = { "defaultAction":"SCMP_ACT_ALLOW", - "architectures":["SCMP_ARCH_X86","SCMP_ARCH_X32"], - "syscalls":[{"names":["mkdir"], "action":"SCMP_ACT_ERRNO", "errnoRet": 100}] + "architectures":["SCMP_ARCH_X86","SCMP_ARCH_X32","SCMP_ARCH_X86_64","SCMP_ARCH_AARCH64","SCMP_ARCH_ARM"], + "syscalls":[{"names":["mkdir","mkdirat"], "action":"SCMP_ACT_ERRNO", "errnoRet": 100}] }' runc run test_busybox @@ -71,8 +71,8 @@ function teardown() { | .process.noNewPrivileges = false | .linux.seccomp = { "defaultAction":"SCMP_ACT_ALLOW", - "architectures":["SCMP_ARCH_X86","SCMP_ARCH_X32"], - "syscalls":[{"names":["mkdir"], "action":"SCMP_ACT_KILL"}] + "architectures":["SCMP_ARCH_X86","SCMP_ARCH_X32","SCMP_ARCH_X86_64","SCMP_ARCH_AARCH64","SCMP_ARCH_ARM"], + "syscalls":[{"names":["mkdir","mkdirat"], "action":"SCMP_ACT_KILL"}] }' runc run test_busybox @@ -84,8 +84,8 @@ function teardown() { update_config ' .process.args = ["/bin/true"] | .linux.seccomp = { "defaultAction":"SCMP_ACT_ALLOW", - "architectures":["SCMP_ARCH_X86","SCMP_ARCH_X32"], - "syscalls":[{"names":["mkdir"], "action":"SCMP_ACT_KILL"}] + "architectures":["SCMP_ARCH_X86","SCMP_ARCH_X32","SCMP_ARCH_X86_64","SCMP_ARCH_AARCH64","SCMP_ARCH_ARM"], + "syscalls":[{"names":["mkdir","mkdirat"], "action":"SCMP_ACT_KILL"}] } | .hooks = { "startContainer": [ { From 66bf3718b4829490b433e25b7be6e92d60121a15 Mon Sep 17 00:00:00 2001 From: Shengjing Zhu Date: Tue, 5 Jul 2022 02:12:56 +0800 Subject: [PATCH 0066/1176] tests: replace local hello world bundle with busybox bundle Currently only amd64 and arm64v8 tarball have been checked in testdata, while busybox bundle is downloaded on fly, and supports multiple architectures. To enable integration tests for more architectures, the hello world bundle is replaced by busybox one. Signed-off-by: Shengjing Zhu --- tests/integration/README.md | 3 +-- tests/integration/debug.bats | 3 ++- tests/integration/get-images.sh | 4 ---- tests/integration/helpers.bash | 5 ----- tests/integration/mounts_sshfs.bats | 3 ++- tests/integration/run.bats | 3 ++- tests/integration/spec.bats | 3 ++- tests/integration/start_hello.bats | 3 ++- .../integration/testdata/hello-world-amd64.tar | Bin 9216 -> 0 bytes .../testdata/hello-world-arm64v8.tar | Bin 12800 -> 0 bytes 10 files changed, 11 insertions(+), 16 deletions(-) delete mode 100644 tests/integration/testdata/hello-world-amd64.tar delete mode 100644 tests/integration/testdata/hello-world-arm64v8.tar diff --git a/tests/integration/README.md b/tests/integration/README.md index 6d0201c16fb..8712caef428 100644 --- a/tests/integration/README.md +++ b/tests/integration/README.md @@ -60,7 +60,7 @@ load helpers # setup is called at the beginning of every test. function setup() { - setup_hello + setup_busybox } # teardown is called at the end of every test. @@ -77,5 +77,4 @@ function teardown() { # check expected output [[ "${output}" == *"Hello"* ]] } - ``` diff --git a/tests/integration/debug.bats b/tests/integration/debug.bats index 333745e3969..9db676b89b2 100644 --- a/tests/integration/debug.bats +++ b/tests/integration/debug.bats @@ -3,7 +3,8 @@ load helpers function setup() { - setup_hello + setup_busybox + update_config '.process.args = ["/bin/echo", "Hello World"]' } function teardown() { diff --git a/tests/integration/get-images.sh b/tests/integration/get-images.sh index 9f1bf96add2..63ce40cdad1 100755 --- a/tests/integration/get-images.sh +++ b/tests/integration/get-images.sh @@ -64,7 +64,3 @@ DEBIAN_IMAGE="$TESTDATA/debian-${arch}.tar.xz" get "$DEBIAN_IMAGE" \ "https://github.com/debuerreotype/docker-debian-artifacts/raw/dist-${arch}/buster/slim/rootfs.tar.xz" echo "DEBIAN_IMAGE=$DEBIAN_IMAGE" - -# hello-world is local, no need to download. -HELLO_IMAGE="$TESTDATA/hello-world-${arch}.tar" -echo "HELLO_IMAGE=$HELLO_IMAGE" diff --git a/tests/integration/helpers.bash b/tests/integration/helpers.bash index 19a50f5232f..1c8ef1a225d 100644 --- a/tests/integration/helpers.bash +++ b/tests/integration/helpers.bash @@ -564,11 +564,6 @@ function setup_busybox() { setup_bundle "$BUSYBOX_IMAGE" } -function setup_hello() { - setup_bundle "$HELLO_IMAGE" - update_config '(.. | select(.? == "sh")) |= "/hello"' -} - function setup_debian() { setup_bundle "$DEBIAN_IMAGE" } diff --git a/tests/integration/mounts_sshfs.bats b/tests/integration/mounts_sshfs.bats index abf82357d51..41f1cf4ebc9 100644 --- a/tests/integration/mounts_sshfs.bats +++ b/tests/integration/mounts_sshfs.bats @@ -16,7 +16,8 @@ function setup() { skip "test requires working sshfs mounts" fi - setup_hello + setup_busybox + update_config '.process.args = ["/bin/echo", "Hello World"]' } function teardown() { diff --git a/tests/integration/run.bats b/tests/integration/run.bats index 16ee6a01152..2cef4fdbc4f 100644 --- a/tests/integration/run.bats +++ b/tests/integration/run.bats @@ -3,7 +3,8 @@ load helpers function setup() { - setup_hello + setup_busybox + update_config '.process.args = ["/bin/echo", "Hello World"]' } function teardown() { diff --git a/tests/integration/spec.bats b/tests/integration/spec.bats index b24c6b7142f..8091ba339a5 100644 --- a/tests/integration/spec.bats +++ b/tests/integration/spec.bats @@ -3,7 +3,8 @@ load helpers function setup() { - setup_hello + setup_busybox + update_config '.process.args = ["/bin/echo", "Hello World"]' } function teardown() { diff --git a/tests/integration/start_hello.bats b/tests/integration/start_hello.bats index 231f3a7979d..77398c951f2 100644 --- a/tests/integration/start_hello.bats +++ b/tests/integration/start_hello.bats @@ -3,7 +3,8 @@ load helpers function setup() { - setup_hello + setup_busybox + update_config '.process.args = ["/bin/echo", "Hello World"]' } function teardown() { diff --git a/tests/integration/testdata/hello-world-amd64.tar b/tests/integration/testdata/hello-world-amd64.tar deleted file mode 100644 index aec830e2ec6c6a2ea81a7359a6396f7833c47e22..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 9216 zcmeHM!E)0u5H&Ep_`)wN49AklPU0{O!}I`558Nmppx8>SsV!wBxoJ;)3ctZ{06vXf zDJ>z>hT_BwGqn%4CG9?~-qXgCGAML@CX7($QD+xR7@JNe5ewJmlWL$t&?)~Z^)ZVs*$$iH_Q1pTFwuCvZt=s#v@uYYHPtN|C|e7IKZ z-I_dS_pUSr*372=OJ@woo|Ji8N>wmjy`)eWnOKqLvb!Q8J z7T^C#*02BfC-N4gEB);jn_Zh)=#S?B{rYcL-tXd1`qz%n?qb{4h9xPRPVrnPT$@j- z-8lalB^jRoq{D^L7@lsF>ui4B^Zg&`Zv<}t&Ih;+oVS&DtKZ+}f138^KU*o?TVpAz zO79KrW}rXlpGtNUCVO)@zt`UL{Qva!{kw+`9$a(sFnS$P z=^{Gvb>Z$`uWv`u3vWXeWP5PkLN7?wfpJ+H0N*L}0g8afgT=j;o`V3nH%ryqGB!BC~!oG|l z8NdlPgs>p5q)-mQmE*Y+g?C!D64Pr=ta|zY3XsT*u|J0}BbBweqo`S4tgnsN4 z!3ylSnIY2XCZya597q8ilvsvPBo6Kh0yzqh%Tnegm_`wEA_ly~g~%IR2UNrZ8se9? zXma5VKsRpDc!Gf&0eOQ2DkKoFzXB=2c*ZxyV;vgQeryQ2LP0UsMiXc|gb>)Wo&J_&}@bPhmD+jD0O*|1x=}J`Y z85DjldAsM*K@$vT+?H|tp`<~2rVx@hPS-R&X!^`?3Q(OYLf3?cY|o8Ymj`&B)0zc) zDxJf*G8~pDTIdr$vvnN5($Rj+hYHprv3i^4$SUuVlTTr`=tn5=+CD8|3ABn+avT0^bGV2Y+>LhVv;7b diff --git a/tests/integration/testdata/hello-world-arm64v8.tar b/tests/integration/testdata/hello-world-arm64v8.tar deleted file mode 100644 index 186c8aefc47da2e2acc74c636e53204c63253c41..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 12800 zcmeHNO^*~s7_Qmob1=aJi6k1R1rCNRJ>4@qGek^WScLT>M%N|rhCSW2(;d3ICSBG0 zAqUsQ9{|R)axu}lani(t_z#Q`f;Sa0d-Q4o!T0U%f@Z=JcHAZ=R3+V2_161U&(k&2 zRWqi?-3u&X@e--5Shi(#+ihayWwb^qv0HYx)9$odU7J|8-E6f8wJOV~LH^o=~W)TlbDWle9Af3Rp0+O9e=^so7ExI7j-WR;;k#`>SO+j{+1Mo7sq zuK$4)m3{_{vHm-4ORxVDO_eo~f8j^}JN{d?=D#x1OOBazE9D+Tjj{f%R#)?1qN%bb z^6zsYV<)QY1z?Qt|8}RNzyB*Ez2sQ&FG{klZjQmfZNvBff8LWl$wZ#<_kZL+l1}eQ zpc+@lvYS@7+a2BatNtVQ|8N)p`~PNRkZ?$kr?IT;`PBS35(eA9B@?!Ri{n!KSi8-y z|7O$DpZ|}=bgKq^7KVJQoNeGI1c6$5Cq4=w|)v+tZE*T1iwn0?{qSF=a2e)+|X{U5OP!@rhu zxqI=4ZzceaQ*`&`S#Ry6Hv2FOLv3+>k*fIRe*f|89Uk=`R?dmB)7OolRZ-DQ8X!i-knEdT~!(LKhPr(bL&a3X}B(KM*uxLO6X!h0m7-mA)hCDo+y{ z#BlH)hK>w)Or61iISCAN+GBK?Cl`XaPhFlQ%$4D)S+6f}+GjCK9Ld1R1HV&6G%)2C zV1&^{4v8$Iy^w4mUa3>tqzf>Rr$yZ`V6g<}v2aV-7f83Pd1F_FyT><}B{RJQ}HBNk0V}@RzSzT-#V`AI+0(D+g*XK6fzdqx>bf zKD=}9-tkPLZyEuOfJQ(gpb^jrXaqC@8iCCtp!TC1TAIR#w|_hVHe)WC*^g7Rmj`m7Zd!U$do-Hh}q{b2sd*O$_)c-ZeS0n<6a&1omo-)dbQs_ zQpi=M_UWpB02;7gh4YELsB?^KD1`E9UfsWs;)DKCRmGp1n1LQ4bA{kAZp=$%SE-H7 zDY(k^gY7dYCWGP}#L9XPZlm@c7($s*OiZ1JsB??a`HuEq1zU`-(j2uPov(_o>XRe( z>&3audT~y(AI8f?*{Ql5yR1iwz;8Yz%yS(P>F!fRAp3=-;&@~H{@-ls-~TISC3i1Y ctNrg6Mj3;D+tUC4d@B6wAQ}OUz_W|Mzje)nnE(I) From 5fd3d09e254c800fb3ca61fab630372e62ab2fab Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 14 Jul 2022 04:15:30 +0000 Subject: [PATCH 0067/1176] build(deps): bump actions/cache from 3.0.4 to 3.0.5 Bumps [actions/cache](https://github.com/actions/cache) from 3.0.4 to 3.0.5. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/v3.0.4...v3.0.5) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/validate.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 8846215db36..863072a6e7c 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -72,7 +72,7 @@ jobs: echo "VERSION=3.3.1" >> $GITHUB_ENV echo "$(go env GOPATH)/bin" >> $GITHUB_PATH - name: cache go mod and $GOCACHE - uses: actions/cache@v3.0.4 + uses: actions/cache@v3.0.5 with: path: | ~/go/pkg/mod @@ -119,7 +119,7 @@ jobs: with: go-version: "${{ env.GO_VERSION }}" - name: cache go mod and $GOCACHE - uses: actions/cache@v3.0.4 + uses: actions/cache@v3.0.5 with: path: | ~/go/pkg/mod From 4fd4af5b1c6f0a03f36276afb74d42968c3de265 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 27 Jul 2022 16:20:02 -0700 Subject: [PATCH 0068/1176] CI: workaround CentOS Stream 9 criu issue Older criu builds fail to work properly on CentOS Stream 9 due to changes in glibc's rseq. Skip criu tests if an older criu version is found. Fixes: https://github.com/opencontainers/runc/issues/3532 Signed-off-by: Kir Kolyshkin --- libcontainer/integration/checkpoint_test.go | 7 +++++++ tests/integration/helpers.bash | 15 +++++++++++---- 2 files changed, 18 insertions(+), 4 deletions(-) diff --git a/libcontainer/integration/checkpoint_test.go b/libcontainer/integration/checkpoint_test.go index cc45134b621..4783feed0fd 100644 --- a/libcontainer/integration/checkpoint_test.go +++ b/libcontainer/integration/checkpoint_test.go @@ -6,6 +6,7 @@ import ( "os" "os/exec" "path/filepath" + "regexp" "strings" "testing" @@ -61,6 +62,12 @@ func testCheckpoint(t *testing.T, userns bool) { t.Skipf("criu binary not found: %v", err) } + // Workaround for https://github.com/opencontainers/runc/issues/3532. + out, err := exec.Command("rpm", "-q", "criu").CombinedOutput() + if err == nil && regexp.MustCompile(`^criu-3\.17-[123]\.el9`).Match(out) { + t.Skip("Test requires criu >= 3.17-4 on CentOS Stream 9.") + } + config := newTemplateConfig(t, &tParam{userns: userns}) stateDir := t.TempDir() diff --git a/tests/integration/helpers.bash b/tests/integration/helpers.bash index 1c8ef1a225d..e61096c2499 100644 --- a/tests/integration/helpers.bash +++ b/tests/integration/helpers.bash @@ -29,9 +29,6 @@ SECCOMP_AGENT="${INTEGRATION_ROOT}/../../contrib/cmd/seccompagent/seccompagent" # shellcheck disable=SC2034 TESTDATA="${INTEGRATION_ROOT}/testdata" -# Whether we have criu binary. -command -v criu &>/dev/null && HAVE_CRIU=yes - # Kernel version KERNEL_VERSION="$(uname -r)" KERNEL_MAJOR="${KERNEL_VERSION%%.*}" @@ -345,6 +342,16 @@ function rootless_cgroup() { [[ "$ROOTLESS_FEATURES" == *"cgroup"* || -v RUNC_USE_SYSTEMD ]] } +# Check if criu is available and working. +function have_criu() { + command -v criu &>/dev/null || return 1 + + # Workaround for https://github.com/opencontainers/runc/issues/3532. + local ver + ver=$(rpm -q criu 2>/dev/null || true) + ! grep -q '^criu-3\.17-[123]\.el9' <<<"$ver" +} + # Allows a test to specify what things it requires. If the environment can't # support it, the test is skipped with a message. function requires() { @@ -352,7 +359,7 @@ function requires() { local skip_me case $var in criu) - if [ ! -v HAVE_CRIU ]; then + if ! have_criu; then skip_me=1 fi ;; From c152e8310f4dbf7b2342a39a137206139419e58d Mon Sep 17 00:00:00 2001 From: Alban Crequy Date: Tue, 19 Jul 2022 16:23:22 +0200 Subject: [PATCH 0069/1176] go.mod: update runtime-spec Signed-off-by: Alban Crequy --- go.mod | 2 +- go.sum | 4 +- .../runtime-spec/specs-go/config.go | 97 ++++++++++++++++--- vendor/modules.txt | 2 +- 4 files changed, 85 insertions(+), 20 deletions(-) diff --git a/go.mod b/go.mod index dd18d1fa7a7..5a16982dd6b 100644 --- a/go.mod +++ b/go.mod @@ -12,7 +12,7 @@ require ( github.com/godbus/dbus/v5 v5.1.0 github.com/moby/sys/mountinfo v0.6.2 github.com/mrunalp/fileutils v0.5.0 - github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 + github.com/opencontainers/runtime-spec v1.0.3-0.20220718201635-a8106e99982b github.com/opencontainers/selinux v1.10.1 github.com/seccomp/libseccomp-golang v0.10.0 github.com/sirupsen/logrus v1.8.1 diff --git a/go.sum b/go.sum index 3c81d97bcf9..4f2794ae064 100644 --- a/go.sum +++ b/go.sum @@ -36,8 +36,8 @@ github.com/moby/sys/mountinfo v0.6.2 h1:BzJjoreD5BMFNmD9Rus6gdd1pLuecOFPt8wC+Vyg github.com/moby/sys/mountinfo v0.6.2/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI= github.com/mrunalp/fileutils v0.5.0 h1:NKzVxiH7eSk+OQ4M+ZYW1K6h27RUV3MI6NUTsHhU6Z4= github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ= -github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 h1:3snG66yBm59tKhhSPQrQ/0bCrv1LQbKt40LnUPiUxdc= -github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= +github.com/opencontainers/runtime-spec v1.0.3-0.20220718201635-a8106e99982b h1:udwtfS44rxYE/ViMLchHQBjfE60GZSB1arY7BFbyxLs= +github.com/opencontainers/runtime-spec v1.0.3-0.20220718201635-a8106e99982b/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/selinux v1.10.1 h1:09LIPVRP3uuZGQvgR+SgMSNBd1Eb3vlRbGqQpoHsF8w= github.com/opencontainers/selinux v1.10.1/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= diff --git a/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go b/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go index 6a7a91e5596..cf1b338c81a 100644 --- a/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go +++ b/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go @@ -15,7 +15,7 @@ type Spec struct { // Mounts configures additional mounts (on top of Root). Mounts []Mount `json:"mounts,omitempty"` // Hooks configures callbacks for container lifecycle events. - Hooks *Hooks `json:"hooks,omitempty" platform:"linux,solaris"` + Hooks *Hooks `json:"hooks,omitempty" platform:"linux,solaris,zos"` // Annotations contains arbitrary metadata for the container. Annotations map[string]string `json:"annotations,omitempty"` @@ -27,6 +27,8 @@ type Spec struct { Windows *Windows `json:"windows,omitempty" platform:"windows"` // VM specifies configuration for virtual-machine-based containers. VM *VM `json:"vm,omitempty" platform:"vm"` + // ZOS is platform-specific configuration for z/OS based containers. + ZOS *ZOS `json:"zos,omitempty" platform:"zos"` } // Process contains information to start a specific application inside the container. @@ -49,7 +51,7 @@ type Process struct { // Capabilities are Linux capabilities that are kept for the process. Capabilities *LinuxCapabilities `json:"capabilities,omitempty" platform:"linux"` // Rlimits specifies rlimit options to apply to the process. - Rlimits []POSIXRlimit `json:"rlimits,omitempty" platform:"linux,solaris"` + Rlimits []POSIXRlimit `json:"rlimits,omitempty" platform:"linux,solaris,zos"` // NoNewPrivileges controls whether additional privileges could be gained by processes in the container. NoNewPrivileges bool `json:"noNewPrivileges,omitempty" platform:"linux"` // ApparmorProfile specifies the apparmor profile for the container. @@ -86,11 +88,11 @@ type Box struct { // User specifies specific user (and group) information for the container process. type User struct { // UID is the user id. - UID uint32 `json:"uid" platform:"linux,solaris"` + UID uint32 `json:"uid" platform:"linux,solaris,zos"` // GID is the group id. - GID uint32 `json:"gid" platform:"linux,solaris"` + GID uint32 `json:"gid" platform:"linux,solaris,zos"` // Umask is the umask for the init process. - Umask *uint32 `json:"umask,omitempty" platform:"linux,solaris"` + Umask *uint32 `json:"umask,omitempty" platform:"linux,solaris,zos"` // AdditionalGids are additional group ids set for the container's process. AdditionalGids []uint32 `json:"additionalGids,omitempty" platform:"linux,solaris"` // Username is the user name. @@ -110,11 +112,16 @@ type Mount struct { // Destination is the absolute path where the mount will be placed in the container. Destination string `json:"destination"` // Type specifies the mount kind. - Type string `json:"type,omitempty" platform:"linux,solaris"` + Type string `json:"type,omitempty" platform:"linux,solaris,zos"` // Source specifies the source path of the mount. Source string `json:"source,omitempty"` // Options are fstab style mount options. Options []string `json:"options,omitempty"` + + // UID/GID mappings used for changing file owners w/o calling chown, fs should support it. + // Every mount point could have its own mapping. + UIDMappings []LinuxIDMapping `json:"uidMappings,omitempty" platform:"linux"` + GIDMappings []LinuxIDMapping `json:"gidMappings,omitempty" platform:"linux"` } // Hook specifies a command that is run at a particular event in the lifecycle of a container @@ -178,7 +185,7 @@ type Linux struct { // MountLabel specifies the selinux context for the mounts in the container. MountLabel string `json:"mountLabel,omitempty"` // IntelRdt contains Intel Resource Director Technology (RDT) information for - // handling resource constraints (e.g., L3 cache, memory bandwidth) for the container + // handling resource constraints and monitoring metrics (e.g., L3 cache, memory bandwidth) for the container IntelRdt *LinuxIntelRdt `json:"intelRdt,omitempty"` // Personality contains configuration for the Linux personality syscall Personality *LinuxPersonality `json:"personality,omitempty"` @@ -250,8 +257,8 @@ type LinuxInterfacePriority struct { Priority uint32 `json:"priority"` } -// linuxBlockIODevice holds major:minor format supported in blkio cgroup -type linuxBlockIODevice struct { +// LinuxBlockIODevice holds major:minor format supported in blkio cgroup +type LinuxBlockIODevice struct { // Major is the device's major number. Major int64 `json:"major"` // Minor is the device's minor number. @@ -260,7 +267,7 @@ type linuxBlockIODevice struct { // LinuxWeightDevice struct holds a `major:minor weight` pair for weightDevice type LinuxWeightDevice struct { - linuxBlockIODevice + LinuxBlockIODevice // Weight is the bandwidth rate for the device. Weight *uint16 `json:"weight,omitempty"` // LeafWeight is the bandwidth rate for the device while competing with the cgroup's child cgroups, CFQ scheduler only @@ -269,7 +276,7 @@ type LinuxWeightDevice struct { // LinuxThrottleDevice struct holds a `major:minor rate_per_second` pair type LinuxThrottleDevice struct { - linuxBlockIODevice + LinuxBlockIODevice // Rate is the IO rate limit per cgroup per device Rate uint64 `json:"rate"` } @@ -328,6 +335,8 @@ type LinuxCPU struct { Cpus string `json:"cpus,omitempty"` // List of memory nodes in the cpuset. Default is to use any available memory node. Mems string `json:"mems,omitempty"` + // cgroups are configured with minimum weight, 0: default behavior, 1: SCHED_IDLE. + Idle *int64 `json:"idle,omitempty"` } // LinuxPids for Linux cgroup 'pids' resource management (Linux 4.3) @@ -522,11 +531,21 @@ type WindowsMemoryResources struct { // WindowsCPUResources contains CPU resource management settings. type WindowsCPUResources struct { - // Number of CPUs available to the container. + // Count is the number of CPUs available to the container. It represents the + // fraction of the configured processor `count` in a container in relation + // to the processors available in the host. The fraction ultimately + // determines the portion of processor cycles that the threads in a + // container can use during each scheduling interval, as the number of + // cycles per 10,000 cycles. Count *uint64 `json:"count,omitempty"` - // CPU shares (relative weight to other containers with cpu shares). + // Shares limits the share of processor time given to the container relative + // to other workloads on the processor. The processor `shares` (`weight` at + // the platform level) is a value between 0 and 10000. Shares *uint16 `json:"shares,omitempty"` - // Specifies the portion of processor cycles that this container can use as a percentage times 100. + // Maximum determines the portion of processor cycles that the threads in a + // container can use during each scheduling interval, as the number of + // cycles per 10,000 cycles. Set processor `maximum` to a percentage times + // 100. Maximum *uint16 `json:"maximum,omitempty"` } @@ -613,6 +632,19 @@ type Arch string // LinuxSeccompFlag is a flag to pass to seccomp(2). type LinuxSeccompFlag string +const ( + // LinuxSeccompFlagLog is a seccomp flag to request all returned + // actions except SECCOMP_RET_ALLOW to be logged. An administrator may + // override this filter flag by preventing specific actions from being + // logged via the /proc/sys/kernel/seccomp/actions_logged file. (since + // Linux 4.14) + LinuxSeccompFlagLog LinuxSeccompFlag = "SECCOMP_FILTER_FLAG_LOG" + + // LinuxSeccompFlagSpecAllow can be used to disable Speculative Store + // Bypass mitigation. (since Linux 4.17) + LinuxSeccompFlagSpecAllow LinuxSeccompFlag = "SECCOMP_FILTER_FLAG_SPEC_ALLOW" +) + // Additional architectures permitted to be used for system calls // By default only the native architecture of the kernel is permitted const ( @@ -683,8 +715,9 @@ type LinuxSyscall struct { Args []LinuxSeccompArg `json:"args,omitempty"` } -// LinuxIntelRdt has container runtime resource constraints for Intel RDT -// CAT and MBA features which introduced in Linux 4.10 and 4.12 kernel +// LinuxIntelRdt has container runtime resource constraints for Intel RDT CAT and MBA +// features and flags enabling Intel RDT CMT and MBM features. +// Intel RDT features are available in Linux 4.14 and newer kernel versions. type LinuxIntelRdt struct { // The identity for RDT Class of Service ClosID string `json:"closID,omitempty"` @@ -697,4 +730,36 @@ type LinuxIntelRdt struct { // The unit of memory bandwidth is specified in "percentages" by // default, and in "MBps" if MBA Software Controller is enabled. MemBwSchema string `json:"memBwSchema,omitempty"` + + // EnableCMT is the flag to indicate if the Intel RDT CMT is enabled. CMT (Cache Monitoring Technology) supports monitoring of + // the last-level cache (LLC) occupancy for the container. + EnableCMT bool `json:"enableCMT,omitempty"` + + // EnableMBM is the flag to indicate if the Intel RDT MBM is enabled. MBM (Memory Bandwidth Monitoring) supports monitoring of + // total and local memory bandwidth for the container. + EnableMBM bool `json:"enableMBM,omitempty"` +} + +// ZOS contains platform-specific configuration for z/OS based containers. +type ZOS struct { + // Devices are a list of device nodes that are created for the container + Devices []ZOSDevice `json:"devices,omitempty"` +} + +// ZOSDevice represents the mknod information for a z/OS special device file +type ZOSDevice struct { + // Path to the device. + Path string `json:"path"` + // Device type, block, char, etc. + Type string `json:"type"` + // Major is the device's major number. + Major int64 `json:"major"` + // Minor is the device's minor number. + Minor int64 `json:"minor"` + // FileMode permission bits for the device. + FileMode *os.FileMode `json:"fileMode,omitempty"` + // UID of the device. + UID *uint32 `json:"uid,omitempty"` + // Gid of the device. + GID *uint32 `json:"gid,omitempty"` } diff --git a/vendor/modules.txt b/vendor/modules.txt index 60fb5857e2e..28c13ef36a7 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -36,7 +36,7 @@ github.com/moby/sys/mountinfo # github.com/mrunalp/fileutils v0.5.0 ## explicit; go 1.13 github.com/mrunalp/fileutils -# github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 +# github.com/opencontainers/runtime-spec v1.0.3-0.20220718201635-a8106e99982b ## explicit github.com/opencontainers/runtime-spec/specs-go # github.com/opencontainers/selinux v1.10.1 From 58ea21daefea8e3447db70a50dad47d8e10463c4 Mon Sep 17 00:00:00 2001 From: Alban Crequy Date: Tue, 22 Feb 2022 15:58:46 +0100 Subject: [PATCH 0070/1176] seccomp: add support for flags List of seccomp flags defined in runtime-spec: * SECCOMP_FILTER_FLAG_TSYNC * SECCOMP_FILTER_FLAG_LOG * SECCOMP_FILTER_FLAG_SPEC_ALLOW Note that runc does not apply SECCOMP_FILTER_FLAG_TSYNC. It does not make sense to apply the seccomp filter on only one thread; other threads will be terminated after exec anyway. See similar commit in crun: https://github.com/containers/crun/commit/fefabffa2816ea343068ed036a86944393db189a Note that SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV (introduced by https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/commit/?id=c2aa2dfef243 in Linux 5.19-rc1) is not added yet because Linux 5.19 is not released yet. Signed-off-by: Alban Crequy --- libcontainer/configs/config.go | 13 ++++++----- libcontainer/seccomp/seccomp_linux.go | 24 ++++++++++++++++++++ libcontainer/specconv/spec_linux.go | 18 ++++++++++----- tests/integration/seccomp.bats | 32 +++++++++++++++++++++++++++ 4 files changed, 76 insertions(+), 11 deletions(-) diff --git a/libcontainer/configs/config.go b/libcontainer/configs/config.go index 7cf2fb65751..18955cf95c9 100644 --- a/libcontainer/configs/config.go +++ b/libcontainer/configs/config.go @@ -31,12 +31,13 @@ type IDMap struct { // for syscalls. Additional architectures can be added by specifying them in // Architectures. type Seccomp struct { - DefaultAction Action `json:"default_action"` - Architectures []string `json:"architectures"` - Syscalls []*Syscall `json:"syscalls"` - DefaultErrnoRet *uint `json:"default_errno_ret"` - ListenerPath string `json:"listener_path,omitempty"` - ListenerMetadata string `json:"listener_metadata,omitempty"` + DefaultAction Action `json:"default_action"` + Architectures []string `json:"architectures"` + Flags []specs.LinuxSeccompFlag `json:"flags"` + Syscalls []*Syscall `json:"syscalls"` + DefaultErrnoRet *uint `json:"default_errno_ret"` + ListenerPath string `json:"listener_path,omitempty"` + ListenerMetadata string `json:"listener_metadata,omitempty"` } // Action is taken upon rule match in Seccomp diff --git a/libcontainer/seccomp/seccomp_linux.go b/libcontainer/seccomp/seccomp_linux.go index 8c12af72be9..ffbe537e7e3 100644 --- a/libcontainer/seccomp/seccomp_linux.go +++ b/libcontainer/seccomp/seccomp_linux.go @@ -13,6 +13,7 @@ import ( "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/seccomp/patchbpf" + "github.com/opencontainers/runtime-spec/specs-go" ) var ( @@ -86,6 +87,29 @@ func InitSeccomp(config *configs.Seccomp) (int, error) { } } + // Add extra flags + for _, flag := range config.Flags { + switch flag { + case "SECCOMP_FILTER_FLAG_TSYNC": + // libseccomp-golang always use filterAttrTsync when + // possible so all goroutines will receive the same + // rules, so there is nothing to do. It does not make + // sense to apply the seccomp filter on only one + // thread; other threads will be terminated after exec + // anyway. + case specs.LinuxSeccompFlagLog: + if err := filter.SetLogBit(true); err != nil { + return -1, fmt.Errorf("error adding log flag to seccomp filter: %w", err) + } + case specs.LinuxSeccompFlagSpecAllow: + if err := filter.SetSSB(true); err != nil { + return -1, fmt.Errorf("error adding SSB flag to seccomp filter: %w", err) + } + default: + return -1, fmt.Errorf("seccomp flags %q not yet supported by runc", flag) + } + } + // Unset no new privs bit if err := filter.SetNoNewPrivsBit(false); err != nil { return -1, fmt.Errorf("error setting no new privileges: %w", err) diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go index 7ff9f098d6a..55ccabeef08 100644 --- a/libcontainer/specconv/spec_linux.go +++ b/libcontainer/specconv/spec_linux.go @@ -1016,14 +1016,22 @@ func SetupSeccomp(config *specs.LinuxSeccomp) (*configs.Seccomp, error) { return nil, nil } - // We don't currently support seccomp flags. - if len(config.Flags) != 0 { - return nil, errors.New("seccomp flags are not yet supported by runc") - } - newConfig := new(configs.Seccomp) newConfig.Syscalls = []*configs.Syscall{} + // The list of flags defined in runtime-spec is a subset of the flags + // in the seccomp() syscall + for _, flag := range config.Flags { + switch flag { + case "SECCOMP_FILTER_FLAG_TSYNC": + // Tsync can be silently ignored + case specs.LinuxSeccompFlagLog, specs.LinuxSeccompFlagSpecAllow: + newConfig.Flags = append(newConfig.Flags, flag) + default: + return nil, fmt.Errorf("seccomp flag %q not yet supported by runc", flag) + } + } + if len(config.Architectures) > 0 { newConfig.Architectures = []string{} for _, arch := range config.Architectures { diff --git a/tests/integration/seccomp.bats b/tests/integration/seccomp.bats index c24eeb26a0f..55e6dc817ab 100644 --- a/tests/integration/seccomp.bats +++ b/tests/integration/seccomp.bats @@ -66,6 +66,38 @@ function teardown() { [[ "$output" == *"Network is down"* ]] } +@test "runc run [seccomp] (SECCOMP_FILTER_FLAG_*)" { + # Linux 4.14: SECCOMP_FILTER_FLAG_LOG + # Linux 4.17: SECCOMP_FILTER_FLAG_SPEC_ALLOW + requires_kernel 4.17 + SECCOMP_FILTER_FLAGS=( + '' # no flag + '"SECCOMP_FILTER_FLAG_LOG"' + '"SECCOMP_FILTER_FLAG_SPEC_ALLOW"' + '"SECCOMP_FILTER_FLAG_TSYNC"' + '"SECCOMP_FILTER_FLAG_LOG","SECCOMP_FILTER_FLAG_SPEC_ALLOW"' + '"SECCOMP_FILTER_FLAG_LOG","SECCOMP_FILTER_FLAG_TSYNC"' + '"SECCOMP_FILTER_FLAG_SPEC_ALLOW","SECCOMP_FILTER_FLAG_TSYNC"' + '"SECCOMP_FILTER_FLAG_LOG","SECCOMP_FILTER_FLAG_SPEC_ALLOW","SECCOMP_FILTER_FLAG_TSYNC"' + ) + for flags in "${SECCOMP_FILTER_FLAGS[@]}"; do + update_config ' .process.args = ["/bin/sh", "-c", "mkdir /dev/shm/foo"] + | .process.noNewPrivileges = false + | .linux.seccomp = { + "defaultAction":"SCMP_ACT_ALLOW", + "architectures":["SCMP_ARCH_X86","SCMP_ARCH_X32","SCMP_ARCH_X86_64","SCMP_ARCH_AARCH64","SCMP_ARCH_ARM"], + "flags":['"${flags}"'], + "syscalls":[{"names":["mkdir"], "action":"SCMP_ACT_ERRNO"}] + }' + + # This test checks that the flags are accepted without errors but does + # not check they are effectively applied + runc run test_busybox + [ "$status" -ne 0 ] + [[ "$output" == *"mkdir:"*"/dev/shm/foo"*"Operation not permitted"* ]] + done +} + @test "runc run [seccomp] (SCMP_ACT_KILL)" { update_config ' .process.args = ["/bin/sh", "-c", "mkdir /dev/shm/foo"] | .process.noNewPrivileges = false From d9a3acb9fc530938abf395c292e1fb2fda0f2e6b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 28 Jul 2022 19:05:50 +0000 Subject: [PATCH 0071/1176] build(deps): bump github.com/cilium/ebpf from 0.9.0 to 0.9.1 Bumps [github.com/cilium/ebpf](https://github.com/cilium/ebpf) from 0.9.0 to 0.9.1. - [Release notes](https://github.com/cilium/ebpf/releases) - [Commits](https://github.com/cilium/ebpf/compare/v0.9.0...v0.9.1) --- updated-dependencies: - dependency-name: github.com/cilium/ebpf dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 +- vendor/github.com/cilium/ebpf/Makefile | 20 +- vendor/github.com/cilium/ebpf/README.md | 3 +- vendor/github.com/cilium/ebpf/asm/func.go | 28 ++ .../github.com/cilium/ebpf/asm/func_string.go | 33 +- .../github.com/cilium/ebpf/asm/instruction.go | 18 +- vendor/github.com/cilium/ebpf/btf/btf.go | 110 +++++-- .../github.com/cilium/ebpf/btf/btf_types.go | 65 +++- vendor/github.com/cilium/ebpf/btf/format.go | 15 +- vendor/github.com/cilium/ebpf/btf/handle.go | 121 +++++++ vendor/github.com/cilium/ebpf/btf/info.go | 51 --- vendor/github.com/cilium/ebpf/btf/strings.go | 24 +- vendor/github.com/cilium/ebpf/btf/types.go | 85 +++-- vendor/github.com/cilium/ebpf/collection.go | 31 +- vendor/github.com/cilium/ebpf/elf_reader.go | 10 +- vendor/github.com/cilium/ebpf/info.go | 1 + .../github.com/cilium/ebpf/internal/errors.go | 195 ++++++++++- .../cilium/ebpf/internal/pinning.go | 13 +- .../cilium/ebpf/internal/sys/doc.go | 2 +- .../cilium/ebpf/internal/sys/syscall.go | 3 + .../cilium/ebpf/internal/sys/types.go | 60 +++- vendor/github.com/cilium/ebpf/link/cgroup.go | 12 - vendor/github.com/cilium/ebpf/link/iter.go | 12 - vendor/github.com/cilium/ebpf/link/kprobe.go | 11 +- vendor/github.com/cilium/ebpf/link/link.go | 35 -- vendor/github.com/cilium/ebpf/link/netns.go | 12 - vendor/github.com/cilium/ebpf/link/tracing.go | 27 +- vendor/github.com/cilium/ebpf/link/uprobe.go | 76 +++-- vendor/github.com/cilium/ebpf/linker.go | 134 ++++---- vendor/github.com/cilium/ebpf/map.go | 37 +-- vendor/github.com/cilium/ebpf/prog.go | 307 +++++++++--------- vendor/github.com/cilium/ebpf/run-tests.sh | 8 +- vendor/github.com/cilium/ebpf/syscalls.go | 6 - vendor/modules.txt | 2 +- 35 files changed, 1025 insertions(+), 548 deletions(-) create mode 100644 vendor/github.com/cilium/ebpf/btf/handle.go delete mode 100644 vendor/github.com/cilium/ebpf/btf/info.go diff --git a/go.mod b/go.mod index dd18d1fa7a7..5ee27bbd5d8 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.17 require ( github.com/checkpoint-restore/go-criu/v5 v5.3.0 - github.com/cilium/ebpf v0.9.0 + github.com/cilium/ebpf v0.9.1 github.com/containerd/console v1.0.3 github.com/coreos/go-systemd/v22 v22.3.2 github.com/cyphar/filepath-securejoin v0.2.3 diff --git a/go.sum b/go.sum index 3c81d97bcf9..c71250231fb 100644 --- a/go.sum +++ b/go.sum @@ -1,8 +1,8 @@ github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/checkpoint-restore/go-criu/v5 v5.3.0 h1:wpFFOoomK3389ue2lAb0Boag6XPht5QYpipxmSNL4d8= github.com/checkpoint-restore/go-criu/v5 v5.3.0/go.mod h1:E/eQpaFtUKGOOSEBZgmKAcn+zUUwWxqcaKZlF54wK8E= -github.com/cilium/ebpf v0.9.0 h1:ldiV+FscPCQ/p3mNEV4O02EPbUZJFsoEtHvIr9xLTvk= -github.com/cilium/ebpf v0.9.0/go.mod h1:+OhNOIXx/Fnu1IE8bJz2dzOA+VSfyTfdNUVdlQnxUFY= +github.com/cilium/ebpf v0.9.1 h1:64sn2K3UKw8NbP/blsixRpF3nXuyhz/VjRlRzvlBRu4= +github.com/cilium/ebpf v0.9.1/go.mod h1:+OhNOIXx/Fnu1IE8bJz2dzOA+VSfyTfdNUVdlQnxUFY= github.com/containerd/console v1.0.3 h1:lIr7SlA5PxZyMV30bDW0MGbiOPXwc63yRuCP0ARubLw= github.com/containerd/console v1.0.3/go.mod h1:7LqA/THxQ86k76b8c/EMSiaJ3h1eZkMkXar0TQ1gf3U= github.com/coreos/go-systemd/v22 v22.3.2 h1:D9/bQk5vlXQFZ6Kwuu6zaiXJ9oTPe68++AzAJc1DzSI= diff --git a/vendor/github.com/cilium/ebpf/Makefile b/vendor/github.com/cilium/ebpf/Makefile index 3a1da886ae0..2d5f04c370e 100644 --- a/vendor/github.com/cilium/ebpf/Makefile +++ b/vendor/github.com/cilium/ebpf/Makefile @@ -3,8 +3,11 @@ # Pin the default clang to a stable version. CLANG ?= clang-14 STRIP ?= llvm-strip-14 +OBJCOPY ?= llvm-objcopy-14 CFLAGS := -O2 -g -Wall -Werror $(CFLAGS) +CI_KERNEL_URL ?= https://github.com/cilium/ci-kernels/raw/master/ + # Obtain an absolute path to the directory of the Makefile. # Assume the Makefile is in the root of the repository. REPODIR := $(shell dirname $(realpath $(firstword $(MAKEFILE_LIST)))) @@ -18,6 +21,7 @@ CONTAINER_RUN_ARGS ?= $(if $(filter ${CONTAINER_ENGINE}, podman), --log-driver=n IMAGE := $(shell cat ${REPODIR}/testdata/docker/IMAGE) VERSION := $(shell cat ${REPODIR}/testdata/docker/VERSION) + # clang <8 doesn't tag relocs properly (STT_NOTYPE) # clang 9 is the first version emitting BTF TARGETS := \ @@ -93,8 +97,14 @@ testdata/loader-%-eb.elf: testdata/loader.c $(CLANG) $(CFLAGS) -target bpfeb -c $< -o $@ $(STRIP) -g $@ -# Usage: make VMLINUX=/path/to/vmlinux vmlinux-btf -.PHONY: vmlinux-btf -vmlinux-btf: btf/testdata/vmlinux-btf.gz -btf/testdata/vmlinux-btf.gz: $(VMLINUX) - objcopy --dump-section .BTF=/dev/stdout "$<" /dev/null | gzip > "$@" +.PHONY: generate-btf +generate-btf: KERNEL_VERSION?=5.18 +generate-btf: + $(eval TMP := $(shell mktemp -d)) + curl -fL "$(CI_KERNEL_URL)/linux-$(KERNEL_VERSION).bz" -o "$(TMP)/bzImage" + ./testdata/extract-vmlinux "$(TMP)/bzImage" > "$(TMP)/vmlinux" + $(OBJCOPY) --dump-section .BTF=/dev/stdout "$(TMP)/vmlinux" /dev/null | gzip > "btf/testdata/vmlinux.btf.gz" + curl -fL "$(CI_KERNEL_URL)/linux-$(KERNEL_VERSION)-selftests-bpf.tgz" -o "$(TMP)/selftests.tgz" + tar -xf "$(TMP)/selftests.tgz" --to-stdout tools/testing/selftests/bpf/bpf_testmod/bpf_testmod.ko | \ + $(OBJCOPY) --dump-section .BTF="btf/testdata/btf_testmod.btf" - /dev/null + $(RM) -r "$(TMP)" diff --git a/vendor/github.com/cilium/ebpf/README.md b/vendor/github.com/cilium/ebpf/README.md index 69a6bb0e968..3e490de7110 100644 --- a/vendor/github.com/cilium/ebpf/README.md +++ b/vendor/github.com/cilium/ebpf/README.md @@ -54,7 +54,8 @@ This library includes the following packages: * A version of Go that is [supported by upstream](https://golang.org/doc/devel/release.html#policy) -* Linux >= 4.4. CI is run against LTS releases. +* Linux >= 4.9. CI is run against kernel.org LTS releases. 4.4 should work but is + not tested against. ## Regenerating Testdata diff --git a/vendor/github.com/cilium/ebpf/asm/func.go b/vendor/github.com/cilium/ebpf/asm/func.go index ba0a107c733..a14e9e2c3ce 100644 --- a/vendor/github.com/cilium/ebpf/asm/func.go +++ b/vendor/github.com/cilium/ebpf/asm/func.go @@ -201,6 +201,34 @@ const ( FnGetFuncIp FnGetAttachCookie FnTaskPtRegs + FnGetBranchSnapshot + FnTraceVprintk + FnSkcToUnixSock + FnKallsymsLookupName + FnFindVma + FnLoop + FnStrncmp + FnGetFuncArg + FnGetFuncRet + FnGetFuncArgCnt + FnGetRetval + FnSetRetval + FnXdpGetBuffLen + FnXdpLoadBytes + FnXdpStoreBytes + FnCopyFromUserTask + FnSkbSetTstamp + FnImaFileHash + FnKptrXchg + FnMapLookupPercpuElem + FnSkcToMptcpSock + FnDynptrFromMem + FnRingbufReserveDynptr + FnRingbufSubmitDynptr + FnRingbufDiscardDynptr + FnDynptrRead + FnDynptrWrite + FnDynptrData maxBuiltinFunc ) diff --git a/vendor/github.com/cilium/ebpf/asm/func_string.go b/vendor/github.com/cilium/ebpf/asm/func_string.go index 179bc24f1a3..b7431b7f605 100644 --- a/vendor/github.com/cilium/ebpf/asm/func_string.go +++ b/vendor/github.com/cilium/ebpf/asm/func_string.go @@ -184,11 +184,40 @@ func _() { _ = x[FnGetFuncIp-173] _ = x[FnGetAttachCookie-174] _ = x[FnTaskPtRegs-175] + _ = x[FnGetBranchSnapshot-176] + _ = x[FnTraceVprintk-177] + _ = x[FnSkcToUnixSock-178] + _ = x[FnKallsymsLookupName-179] + _ = x[FnFindVma-180] + _ = x[FnLoop-181] + _ = x[FnStrncmp-182] + _ = x[FnGetFuncArg-183] + _ = x[FnGetFuncRet-184] + _ = x[FnGetFuncArgCnt-185] + _ = x[FnGetRetval-186] + _ = x[FnSetRetval-187] + _ = x[FnXdpGetBuffLen-188] + _ = x[FnXdpLoadBytes-189] + _ = x[FnXdpStoreBytes-190] + _ = x[FnCopyFromUserTask-191] + _ = x[FnSkbSetTstamp-192] + _ = x[FnImaFileHash-193] + _ = x[FnKptrXchg-194] + _ = x[FnMapLookupPercpuElem-195] + _ = x[FnSkcToMptcpSock-196] + _ = x[FnDynptrFromMem-197] + _ = x[FnRingbufReserveDynptr-198] + _ = x[FnRingbufSubmitDynptr-199] + _ = x[FnRingbufDiscardDynptr-200] + _ = x[FnDynptrRead-201] + _ = x[FnDynptrWrite-202] + _ = x[FnDynptrData-203] + _ = x[maxBuiltinFunc-204] } -const _BuiltinFunc_name = "FnUnspecFnMapLookupElemFnMapUpdateElemFnMapDeleteElemFnProbeReadFnKtimeGetNsFnTracePrintkFnGetPrandomU32FnGetSmpProcessorIdFnSkbStoreBytesFnL3CsumReplaceFnL4CsumReplaceFnTailCallFnCloneRedirectFnGetCurrentPidTgidFnGetCurrentUidGidFnGetCurrentCommFnGetCgroupClassidFnSkbVlanPushFnSkbVlanPopFnSkbGetTunnelKeyFnSkbSetTunnelKeyFnPerfEventReadFnRedirectFnGetRouteRealmFnPerfEventOutputFnSkbLoadBytesFnGetStackidFnCsumDiffFnSkbGetTunnelOptFnSkbSetTunnelOptFnSkbChangeProtoFnSkbChangeTypeFnSkbUnderCgroupFnGetHashRecalcFnGetCurrentTaskFnProbeWriteUserFnCurrentTaskUnderCgroupFnSkbChangeTailFnSkbPullDataFnCsumUpdateFnSetHashInvalidFnGetNumaNodeIdFnSkbChangeHeadFnXdpAdjustHeadFnProbeReadStrFnGetSocketCookieFnGetSocketUidFnSetHashFnSetsockoptFnSkbAdjustRoomFnRedirectMapFnSkRedirectMapFnSockMapUpdateFnXdpAdjustMetaFnPerfEventReadValueFnPerfProgReadValueFnGetsockoptFnOverrideReturnFnSockOpsCbFlagsSetFnMsgRedirectMapFnMsgApplyBytesFnMsgCorkBytesFnMsgPullDataFnBindFnXdpAdjustTailFnSkbGetXfrmStateFnGetStackFnSkbLoadBytesRelativeFnFibLookupFnSockHashUpdateFnMsgRedirectHashFnSkRedirectHashFnLwtPushEncapFnLwtSeg6StoreBytesFnLwtSeg6AdjustSrhFnLwtSeg6ActionFnRcRepeatFnRcKeydownFnSkbCgroupIdFnGetCurrentCgroupIdFnGetLocalStorageFnSkSelectReuseportFnSkbAncestorCgroupIdFnSkLookupTcpFnSkLookupUdpFnSkReleaseFnMapPushElemFnMapPopElemFnMapPeekElemFnMsgPushDataFnMsgPopDataFnRcPointerRelFnSpinLockFnSpinUnlockFnSkFullsockFnTcpSockFnSkbEcnSetCeFnGetListenerSockFnSkcLookupTcpFnTcpCheckSyncookieFnSysctlGetNameFnSysctlGetCurrentValueFnSysctlGetNewValueFnSysctlSetNewValueFnStrtolFnStrtoulFnSkStorageGetFnSkStorageDeleteFnSendSignalFnTcpGenSyncookieFnSkbOutputFnProbeReadUserFnProbeReadKernelFnProbeReadUserStrFnProbeReadKernelStrFnTcpSendAckFnSendSignalThreadFnJiffies64FnReadBranchRecordsFnGetNsCurrentPidTgidFnXdpOutputFnGetNetnsCookieFnGetCurrentAncestorCgroupIdFnSkAssignFnKtimeGetBootNsFnSeqPrintfFnSeqWriteFnSkCgroupIdFnSkAncestorCgroupIdFnRingbufOutputFnRingbufReserveFnRingbufSubmitFnRingbufDiscardFnRingbufQueryFnCsumLevelFnSkcToTcp6SockFnSkcToTcpSockFnSkcToTcpTimewaitSockFnSkcToTcpRequestSockFnSkcToUdp6SockFnGetTaskStackFnLoadHdrOptFnStoreHdrOptFnReserveHdrOptFnInodeStorageGetFnInodeStorageDeleteFnDPathFnCopyFromUserFnSnprintfBtfFnSeqPrintfBtfFnSkbCgroupClassidFnRedirectNeighFnPerCpuPtrFnThisCpuPtrFnRedirectPeerFnTaskStorageGetFnTaskStorageDeleteFnGetCurrentTaskBtfFnBprmOptsSetFnKtimeGetCoarseNsFnImaInodeHashFnSockFromFileFnCheckMtuFnForEachMapElemFnSnprintfFnSysBpfFnBtfFindByNameKindFnSysCloseFnTimerInitFnTimerSetCallbackFnTimerStartFnTimerCancelFnGetFuncIpFnGetAttachCookieFnTaskPtRegs" +const _BuiltinFunc_name = "FnUnspecFnMapLookupElemFnMapUpdateElemFnMapDeleteElemFnProbeReadFnKtimeGetNsFnTracePrintkFnGetPrandomU32FnGetSmpProcessorIdFnSkbStoreBytesFnL3CsumReplaceFnL4CsumReplaceFnTailCallFnCloneRedirectFnGetCurrentPidTgidFnGetCurrentUidGidFnGetCurrentCommFnGetCgroupClassidFnSkbVlanPushFnSkbVlanPopFnSkbGetTunnelKeyFnSkbSetTunnelKeyFnPerfEventReadFnRedirectFnGetRouteRealmFnPerfEventOutputFnSkbLoadBytesFnGetStackidFnCsumDiffFnSkbGetTunnelOptFnSkbSetTunnelOptFnSkbChangeProtoFnSkbChangeTypeFnSkbUnderCgroupFnGetHashRecalcFnGetCurrentTaskFnProbeWriteUserFnCurrentTaskUnderCgroupFnSkbChangeTailFnSkbPullDataFnCsumUpdateFnSetHashInvalidFnGetNumaNodeIdFnSkbChangeHeadFnXdpAdjustHeadFnProbeReadStrFnGetSocketCookieFnGetSocketUidFnSetHashFnSetsockoptFnSkbAdjustRoomFnRedirectMapFnSkRedirectMapFnSockMapUpdateFnXdpAdjustMetaFnPerfEventReadValueFnPerfProgReadValueFnGetsockoptFnOverrideReturnFnSockOpsCbFlagsSetFnMsgRedirectMapFnMsgApplyBytesFnMsgCorkBytesFnMsgPullDataFnBindFnXdpAdjustTailFnSkbGetXfrmStateFnGetStackFnSkbLoadBytesRelativeFnFibLookupFnSockHashUpdateFnMsgRedirectHashFnSkRedirectHashFnLwtPushEncapFnLwtSeg6StoreBytesFnLwtSeg6AdjustSrhFnLwtSeg6ActionFnRcRepeatFnRcKeydownFnSkbCgroupIdFnGetCurrentCgroupIdFnGetLocalStorageFnSkSelectReuseportFnSkbAncestorCgroupIdFnSkLookupTcpFnSkLookupUdpFnSkReleaseFnMapPushElemFnMapPopElemFnMapPeekElemFnMsgPushDataFnMsgPopDataFnRcPointerRelFnSpinLockFnSpinUnlockFnSkFullsockFnTcpSockFnSkbEcnSetCeFnGetListenerSockFnSkcLookupTcpFnTcpCheckSyncookieFnSysctlGetNameFnSysctlGetCurrentValueFnSysctlGetNewValueFnSysctlSetNewValueFnStrtolFnStrtoulFnSkStorageGetFnSkStorageDeleteFnSendSignalFnTcpGenSyncookieFnSkbOutputFnProbeReadUserFnProbeReadKernelFnProbeReadUserStrFnProbeReadKernelStrFnTcpSendAckFnSendSignalThreadFnJiffies64FnReadBranchRecordsFnGetNsCurrentPidTgidFnXdpOutputFnGetNetnsCookieFnGetCurrentAncestorCgroupIdFnSkAssignFnKtimeGetBootNsFnSeqPrintfFnSeqWriteFnSkCgroupIdFnSkAncestorCgroupIdFnRingbufOutputFnRingbufReserveFnRingbufSubmitFnRingbufDiscardFnRingbufQueryFnCsumLevelFnSkcToTcp6SockFnSkcToTcpSockFnSkcToTcpTimewaitSockFnSkcToTcpRequestSockFnSkcToUdp6SockFnGetTaskStackFnLoadHdrOptFnStoreHdrOptFnReserveHdrOptFnInodeStorageGetFnInodeStorageDeleteFnDPathFnCopyFromUserFnSnprintfBtfFnSeqPrintfBtfFnSkbCgroupClassidFnRedirectNeighFnPerCpuPtrFnThisCpuPtrFnRedirectPeerFnTaskStorageGetFnTaskStorageDeleteFnGetCurrentTaskBtfFnBprmOptsSetFnKtimeGetCoarseNsFnImaInodeHashFnSockFromFileFnCheckMtuFnForEachMapElemFnSnprintfFnSysBpfFnBtfFindByNameKindFnSysCloseFnTimerInitFnTimerSetCallbackFnTimerStartFnTimerCancelFnGetFuncIpFnGetAttachCookieFnTaskPtRegsFnGetBranchSnapshotFnTraceVprintkFnSkcToUnixSockFnKallsymsLookupNameFnFindVmaFnLoopFnStrncmpFnGetFuncArgFnGetFuncRetFnGetFuncArgCntFnGetRetvalFnSetRetvalFnXdpGetBuffLenFnXdpLoadBytesFnXdpStoreBytesFnCopyFromUserTaskFnSkbSetTstampFnImaFileHashFnKptrXchgFnMapLookupPercpuElemFnSkcToMptcpSockFnDynptrFromMemFnRingbufReserveDynptrFnRingbufSubmitDynptrFnRingbufDiscardDynptrFnDynptrReadFnDynptrWriteFnDynptrDatamaxBuiltinFunc" -var _BuiltinFunc_index = [...]uint16{0, 8, 23, 38, 53, 64, 76, 89, 104, 123, 138, 153, 168, 178, 193, 212, 230, 246, 264, 277, 289, 306, 323, 338, 348, 363, 380, 394, 406, 416, 433, 450, 466, 481, 497, 512, 528, 544, 568, 583, 596, 608, 624, 639, 654, 669, 683, 700, 714, 723, 735, 750, 763, 778, 793, 808, 828, 847, 859, 875, 894, 910, 925, 939, 952, 958, 973, 990, 1000, 1022, 1033, 1049, 1066, 1082, 1096, 1115, 1133, 1148, 1158, 1169, 1182, 1202, 1219, 1238, 1259, 1272, 1285, 1296, 1309, 1321, 1334, 1347, 1359, 1373, 1383, 1395, 1407, 1416, 1429, 1446, 1460, 1479, 1494, 1517, 1536, 1555, 1563, 1572, 1586, 1603, 1615, 1632, 1643, 1658, 1675, 1693, 1713, 1725, 1743, 1754, 1773, 1794, 1805, 1821, 1849, 1859, 1875, 1886, 1896, 1908, 1928, 1943, 1959, 1974, 1990, 2004, 2015, 2030, 2044, 2066, 2087, 2102, 2116, 2128, 2141, 2156, 2173, 2193, 2200, 2214, 2227, 2241, 2259, 2274, 2285, 2297, 2311, 2327, 2346, 2365, 2378, 2396, 2410, 2424, 2434, 2450, 2460, 2468, 2487, 2497, 2508, 2526, 2538, 2551, 2562, 2579, 2591} +var _BuiltinFunc_index = [...]uint16{0, 8, 23, 38, 53, 64, 76, 89, 104, 123, 138, 153, 168, 178, 193, 212, 230, 246, 264, 277, 289, 306, 323, 338, 348, 363, 380, 394, 406, 416, 433, 450, 466, 481, 497, 512, 528, 544, 568, 583, 596, 608, 624, 639, 654, 669, 683, 700, 714, 723, 735, 750, 763, 778, 793, 808, 828, 847, 859, 875, 894, 910, 925, 939, 952, 958, 973, 990, 1000, 1022, 1033, 1049, 1066, 1082, 1096, 1115, 1133, 1148, 1158, 1169, 1182, 1202, 1219, 1238, 1259, 1272, 1285, 1296, 1309, 1321, 1334, 1347, 1359, 1373, 1383, 1395, 1407, 1416, 1429, 1446, 1460, 1479, 1494, 1517, 1536, 1555, 1563, 1572, 1586, 1603, 1615, 1632, 1643, 1658, 1675, 1693, 1713, 1725, 1743, 1754, 1773, 1794, 1805, 1821, 1849, 1859, 1875, 1886, 1896, 1908, 1928, 1943, 1959, 1974, 1990, 2004, 2015, 2030, 2044, 2066, 2087, 2102, 2116, 2128, 2141, 2156, 2173, 2193, 2200, 2214, 2227, 2241, 2259, 2274, 2285, 2297, 2311, 2327, 2346, 2365, 2378, 2396, 2410, 2424, 2434, 2450, 2460, 2468, 2487, 2497, 2508, 2526, 2538, 2551, 2562, 2579, 2591, 2610, 2624, 2639, 2659, 2668, 2674, 2683, 2695, 2707, 2722, 2733, 2744, 2759, 2773, 2788, 2806, 2820, 2833, 2843, 2864, 2880, 2895, 2917, 2938, 2960, 2972, 2985, 2997, 3011} func (i BuiltinFunc) String() string { if i < 0 || i >= BuiltinFunc(len(_BuiltinFunc_index)-1) { diff --git a/vendor/github.com/cilium/ebpf/asm/instruction.go b/vendor/github.com/cilium/ebpf/asm/instruction.go index 5bf9920dedf..f17d88b5186 100644 --- a/vendor/github.com/cilium/ebpf/asm/instruction.go +++ b/vendor/github.com/cilium/ebpf/asm/instruction.go @@ -8,6 +8,7 @@ import ( "fmt" "io" "math" + "sort" "strings" "github.com/cilium/ebpf/internal/sys" @@ -568,9 +569,8 @@ func (insns Instructions) SymbolOffsets() (map[string]int, error) { // FunctionReferences returns a set of symbol names these Instructions make // bpf-to-bpf calls to. -func (insns Instructions) FunctionReferences() map[string]bool { - calls := make(map[string]bool) - +func (insns Instructions) FunctionReferences() []string { + calls := make(map[string]struct{}) for _, ins := range insns { if ins.Constant != -1 { // BPF-to-BPF calls have -1 constants. @@ -585,10 +585,16 @@ func (insns Instructions) FunctionReferences() map[string]bool { continue } - calls[ins.Reference()] = true + calls[ins.Reference()] = struct{}{} + } + + result := make([]string, 0, len(calls)) + for call := range calls { + result = append(result, call) } - return calls + sort.Strings(result) + return result } // ReferenceOffsets returns the set of references and their offset in @@ -667,6 +673,8 @@ func (insns Instructions) Format(f fmt.State, c rune) { // Marshal encodes a BPF program into the kernel format. // +// insns may be modified if there are unresolved jumps or bpf2bpf calls. +// // Returns ErrUnsatisfiedProgramReference if there is a Reference Instruction // without a matching Symbol Instruction within insns. func (insns Instructions) Marshal(w io.Writer, bo binary.ByteOrder) error { diff --git a/vendor/github.com/cilium/ebpf/btf/btf.go b/vendor/github.com/cilium/ebpf/btf/btf.go index 22bb724906a..a5969332aaa 100644 --- a/vendor/github.com/cilium/ebpf/btf/btf.go +++ b/vendor/github.com/cilium/ebpf/btf/btf.go @@ -27,7 +27,7 @@ var ( ) // ID represents the unique ID of a BTF object. -type ID uint32 +type ID = sys.BTFID // Spec represents decoded BTF. type Spec struct { @@ -35,8 +35,8 @@ type Spec struct { rawTypes []rawType strings *stringTable - // All types contained by the spec, the position of a type in the slice - // is its ID. + // All types contained by the spec. For the base type, the position of + // a type in the slice is its ID. types types // Type IDs indexed by type. @@ -199,26 +199,39 @@ func loadSpecFromELF(file *internal.SafeELFFile) (*Spec, error) { return nil, fmt.Errorf("compressed BTF is not supported") } - return loadRawSpec(btfSection.ReaderAt, file.ByteOrder, sectionSizes, vars) -} + rawTypes, rawStrings, err := parseBTF(btfSection.ReaderAt, file.ByteOrder, nil) + if err != nil { + return nil, err + } -func loadRawSpec(btf io.ReaderAt, bo binary.ByteOrder, sectionSizes map[string]uint32, variableOffsets map[variable]uint32) (*Spec, error) { - rawTypes, rawStrings, err := parseBTF(btf, bo) + err = fixupDatasec(rawTypes, rawStrings, sectionSizes, vars) if err != nil { return nil, err } - err = fixupDatasec(rawTypes, rawStrings, sectionSizes, variableOffsets) + return inflateSpec(rawTypes, rawStrings, file.ByteOrder, nil) +} + +func loadRawSpec(btf io.ReaderAt, bo binary.ByteOrder, + baseTypes types, baseStrings *stringTable) (*Spec, error) { + + rawTypes, rawStrings, err := parseBTF(btf, bo, baseStrings) if err != nil { return nil, err } - types, err := inflateRawTypes(rawTypes, rawStrings) + return inflateSpec(rawTypes, rawStrings, bo, baseTypes) +} + +func inflateSpec(rawTypes []rawType, rawStrings *stringTable, bo binary.ByteOrder, + baseTypes types) (*Spec, error) { + + types, err := inflateRawTypes(rawTypes, baseTypes, rawStrings) if err != nil { return nil, err } - typeIDs, typesByName := indexTypes(types) + typeIDs, typesByName := indexTypes(types, TypeID(len(baseTypes))) return &Spec{ rawTypes: rawTypes, @@ -230,7 +243,7 @@ func loadRawSpec(btf io.ReaderAt, bo binary.ByteOrder, sectionSizes map[string]u }, nil } -func indexTypes(types []Type) (map[Type]TypeID, map[essentialName][]Type) { +func indexTypes(types []Type, typeIDOffset TypeID) (map[Type]TypeID, map[essentialName][]Type) { namedTypes := 0 for _, typ := range types { if typ.TypeName() != "" { @@ -248,7 +261,7 @@ func indexTypes(types []Type) (map[Type]TypeID, map[essentialName][]Type) { if name := newEssentialName(typ.TypeName()); name != "" { typesByName[name] = append(typesByName[name], typ) } - typeIDs[typ] = TypeID(i) + typeIDs[typ] = TypeID(i) + typeIDOffset } return typeIDs, typesByName @@ -353,14 +366,15 @@ func guessRawBTFByteOrder(r io.ReaderAt) binary.ByteOrder { // parseBTF reads a .BTF section into memory and parses it into a list of // raw types and a string table. -func parseBTF(btf io.ReaderAt, bo binary.ByteOrder) ([]rawType, *stringTable, error) { +func parseBTF(btf io.ReaderAt, bo binary.ByteOrder, baseStrings *stringTable) ([]rawType, *stringTable, error) { buf := internal.NewBufferedSectionReader(btf, 0, math.MaxInt64) header, err := parseBTFHeader(buf, bo) if err != nil { return nil, nil, fmt.Errorf("parsing .BTF header: %v", err) } - rawStrings, err := readStringTable(io.NewSectionReader(btf, header.stringStart(), int64(header.StringLen))) + rawStrings, err := readStringTable(io.NewSectionReader(btf, header.stringStart(), int64(header.StringLen)), + baseStrings) if err != nil { return nil, nil, fmt.Errorf("can't read type names: %w", err) } @@ -433,7 +447,11 @@ func fixupDatasec(rawTypes []rawType, rawStrings *stringTable, sectionSizes map[ func (s *Spec) Copy() *Spec { types := copyTypes(s.types, nil) - typeIDs, typesByName := indexTypes(types) + typeIDOffset := TypeID(0) + if len(s.types) != 0 { + typeIDOffset = s.typeIDs[s.types[0]] + } + typeIDs, typesByName := indexTypes(types, typeIDOffset) // NB: Other parts of spec are not copied since they are immutable. return &Spec{ @@ -633,6 +651,14 @@ func (s *Spec) TypeByName(name string, typ interface{}) error { return nil } +// LoadSplitSpecFromReader loads split BTF from a reader. +// +// Types from base are used to resolve references in the split BTF. +// The returned Spec only contains types from the split BTF, not from the base. +func LoadSplitSpecFromReader(r io.ReaderAt, base *Spec) (*Spec, error) { + return loadRawSpec(r, internal.NativeEndian, base.types, base.strings) +} + // TypesIterator iterates over types of a given spec. type TypesIterator struct { spec *Spec @@ -659,8 +685,10 @@ func (iter *TypesIterator) Next() bool { // Handle is a reference to BTF loaded into the kernel. type Handle struct { - spec *Spec - fd *sys.FD + fd *sys.FD + + // Size of the raw BTF in bytes. + size uint32 } // NewHandle loads BTF into the kernel. @@ -698,16 +726,18 @@ func NewHandle(spec *Spec) (*Handle, error) { attr.BtfLogBuf = sys.NewSlicePointer(logBuf) attr.BtfLogSize = uint32(len(logBuf)) attr.BtfLogLevel = 1 - _, logErr := sys.BtfLoad(attr) // NB: The syscall will never return ENOSPC as of 5.18-rc4. - return nil, internal.ErrorWithLog(err, logBuf, logErr) + _, _ = sys.BtfLoad(attr) + return nil, internal.ErrorWithLog(err, logBuf) } - return &Handle{spec.Copy(), fd}, nil + return &Handle{fd, attr.BtfSize}, nil } // NewHandleFromID returns the BTF handle for a given id. // +// Prefer calling [ebpf.Program.Handle] or [ebpf.Map.Handle] if possible. +// // Returns ErrNotExist, if there is no BTF with the given id. // // Requires CAP_SYS_ADMIN. @@ -716,27 +746,48 @@ func NewHandleFromID(id ID) (*Handle, error) { Id: uint32(id), }) if err != nil { - return nil, fmt.Errorf("get BTF by id: %w", err) + return nil, fmt.Errorf("get FD for ID %d: %w", id, err) } - info, err := newInfoFromFd(fd) + info, err := newHandleInfoFromFD(fd) if err != nil { _ = fd.Close() - return nil, fmt.Errorf("get BTF spec for handle: %w", err) + return nil, err } - return &Handle{info.BTF, fd}, nil + return &Handle{fd, info.size}, nil } -// Spec returns the Spec that defined the BTF loaded into the kernel. -func (h *Handle) Spec() *Spec { - return h.spec +// Spec parses the kernel BTF into Go types. +// +// base is used to decode split BTF and may be nil. +func (h *Handle) Spec(base *Spec) (*Spec, error) { + var btfInfo sys.BtfInfo + btfBuffer := make([]byte, h.size) + btfInfo.Btf, btfInfo.BtfSize = sys.NewSlicePointerLen(btfBuffer) + + if err := sys.ObjInfo(h.fd, &btfInfo); err != nil { + return nil, err + } + + var baseTypes types + var baseStrings *stringTable + if base != nil { + baseTypes = base.types + baseStrings = base.strings + } + + return loadRawSpec(bytes.NewReader(btfBuffer), internal.NativeEndian, baseTypes, baseStrings) } // Close destroys the handle. // // Subsequent calls to FD will return an invalid value. func (h *Handle) Close() error { + if h == nil { + return nil + } + return h.fd.Close() } @@ -745,6 +796,11 @@ func (h *Handle) FD() int { return h.fd.Int() } +// Info returns metadata about the handle. +func (h *Handle) Info() (*HandleInfo, error) { + return newHandleInfoFromFD(h.fd) +} + func marshalBTF(types interface{}, strings []byte, bo binary.ByteOrder) []byte { const minHeaderLength = 24 diff --git a/vendor/github.com/cilium/ebpf/btf/btf_types.go b/vendor/github.com/cilium/ebpf/btf/btf_types.go index a62b3c96b91..4810180494e 100644 --- a/vendor/github.com/cilium/ebpf/btf/btf_types.go +++ b/vendor/github.com/cilium/ebpf/btf/btf_types.go @@ -130,13 +130,22 @@ func mask(len uint32) uint32 { return (1 << len) - 1 } +func readBits(value, len, shift uint32) uint32 { + return (value >> shift) & mask(len) +} + +func writeBits(value, len, shift, new uint32) uint32 { + value &^= mask(len) << shift + value |= (new & mask(len)) << shift + return value +} + func (bt *btfType) info(len, shift uint32) uint32 { - return (bt.Info >> shift) & mask(len) + return readBits(bt.Info, len, shift) } func (bt *btfType) setInfo(value, len, shift uint32) { - bt.Info &^= mask(len) << shift - bt.Info |= (value & mask(len)) << shift + bt.Info = writeBits(bt.Info, len, shift, value) } func (bt *btfType) Kind() btfKind { @@ -198,6 +207,50 @@ func (rt *rawType) Marshal(w io.Writer, bo binary.ByteOrder) error { return binary.Write(w, bo, rt.data) } +// btfInt encodes additional data for integers. +// +// ? ? ? ? e e e e o o o o o o o o ? ? ? ? ? ? ? ? b b b b b b b b +// ? = undefined +// e = encoding +// o = offset (bitfields?) +// b = bits (bitfields) +type btfInt struct { + Raw uint32 +} + +const ( + btfIntEncodingLen = 4 + btfIntEncodingShift = 24 + btfIntOffsetLen = 8 + btfIntOffsetShift = 16 + btfIntBitsLen = 8 + btfIntBitsShift = 0 +) + +func (bi btfInt) Encoding() IntEncoding { + return IntEncoding(readBits(bi.Raw, btfIntEncodingLen, btfIntEncodingShift)) +} + +func (bi *btfInt) SetEncoding(e IntEncoding) { + bi.Raw = writeBits(uint32(bi.Raw), btfIntEncodingLen, btfIntEncodingShift, uint32(e)) +} + +func (bi btfInt) Offset() Bits { + return Bits(readBits(bi.Raw, btfIntOffsetLen, btfIntOffsetShift)) +} + +func (bi *btfInt) SetOffset(offset uint32) { + bi.Raw = writeBits(bi.Raw, btfIntOffsetLen, btfIntOffsetShift, offset) +} + +func (bi btfInt) Bits() Bits { + return Bits(readBits(bi.Raw, btfIntBitsLen, btfIntBitsShift)) +} + +func (bi *btfInt) SetBits(bits byte) { + bi.Raw = writeBits(bi.Raw, btfIntBitsLen, btfIntBitsShift, uint32(bits)) +} + type btfArray struct { Type TypeID IndexType TypeID @@ -249,7 +302,7 @@ func readTypes(r io.Reader, bo binary.ByteOrder, typeLen uint32) ([]rawType, err var data interface{} switch header.Kind() { case kindInt: - data = new(uint32) + data = new(btfInt) case kindPointer: case kindArray: data = new(btfArray) @@ -288,7 +341,3 @@ func readTypes(r io.Reader, bo binary.ByteOrder, typeLen uint32) ([]rawType, err types = append(types, rawType{header, data}) } } - -func intEncoding(raw uint32) (IntEncoding, Bits, Bits) { - return IntEncoding((raw & 0x0f000000) >> 24), Bits(raw&0x00ff0000) >> 16, Bits(raw & 0x000000ff) -} diff --git a/vendor/github.com/cilium/ebpf/btf/format.go b/vendor/github.com/cilium/ebpf/btf/format.go index c773312d867..e7688a2a6e8 100644 --- a/vendor/github.com/cilium/ebpf/btf/format.go +++ b/vendor/github.com/cilium/ebpf/btf/format.go @@ -65,7 +65,20 @@ func (gf *GoFormatter) writeTypeDecl(name string, typ Type) error { switch v := skipQualifiers(typ).(type) { case *Enum: - fmt.Fprintf(&gf.w, "type %s int32", name) + fmt.Fprintf(&gf.w, "type %s ", name) + switch v.Size { + case 1: + gf.w.WriteString("int8") + case 2: + gf.w.WriteString("int16") + case 4: + gf.w.WriteString("int32") + case 8: + gf.w.WriteString("int64") + default: + return fmt.Errorf("%s: invalid enum size %d", typ, v.Size) + } + if len(v.Values) == 0 { return nil } diff --git a/vendor/github.com/cilium/ebpf/btf/handle.go b/vendor/github.com/cilium/ebpf/btf/handle.go new file mode 100644 index 00000000000..128e9b35cf3 --- /dev/null +++ b/vendor/github.com/cilium/ebpf/btf/handle.go @@ -0,0 +1,121 @@ +package btf + +import ( + "errors" + "fmt" + "os" + + "github.com/cilium/ebpf/internal/sys" + "github.com/cilium/ebpf/internal/unix" +) + +// HandleInfo describes a Handle. +type HandleInfo struct { + // ID of this handle in the kernel. The ID is only valid as long as the + // associated handle is kept alive. + ID ID + + // Name is an identifying name for the BTF, currently only used by the + // kernel. + Name string + + // IsKernel is true if the BTF originated with the kernel and not + // userspace. + IsKernel bool + + // Size of the raw BTF in bytes. + size uint32 +} + +func newHandleInfoFromFD(fd *sys.FD) (*HandleInfo, error) { + // We invoke the syscall once with a empty BTF and name buffers to get size + // information to allocate buffers. Then we invoke it a second time with + // buffers to receive the data. + var btfInfo sys.BtfInfo + if err := sys.ObjInfo(fd, &btfInfo); err != nil { + return nil, fmt.Errorf("get BTF info for fd %s: %w", fd, err) + } + + if btfInfo.NameLen > 0 { + // NameLen doesn't account for the terminating NUL. + btfInfo.NameLen++ + } + + // Don't pull raw BTF by default, since it may be quite large. + btfSize := btfInfo.BtfSize + btfInfo.BtfSize = 0 + + nameBuffer := make([]byte, btfInfo.NameLen) + btfInfo.Name, btfInfo.NameLen = sys.NewSlicePointerLen(nameBuffer) + if err := sys.ObjInfo(fd, &btfInfo); err != nil { + return nil, err + } + + return &HandleInfo{ + ID: ID(btfInfo.Id), + Name: unix.ByteSliceToString(nameBuffer), + IsKernel: btfInfo.KernelBtf != 0, + size: btfSize, + }, nil +} + +// IsModule returns true if the BTF is for the kernel itself. +func (i *HandleInfo) IsVmlinux() bool { + return i.IsKernel && i.Name == "vmlinux" +} + +// IsModule returns true if the BTF is for a kernel module. +func (i *HandleInfo) IsModule() bool { + return i.IsKernel && i.Name != "vmlinux" +} + +// HandleIterator allows enumerating BTF blobs loaded into the kernel. +type HandleIterator struct { + // The ID of the last retrieved handle. Only valid after a call to Next. + ID ID + err error +} + +// Next retrieves a handle for the next BTF blob. +// +// [Handle.Close] is called if *handle is non-nil to avoid leaking fds. +// +// Returns true if another BTF blob was found. Call [HandleIterator.Err] after +// the function returns false. +func (it *HandleIterator) Next(handle **Handle) bool { + if *handle != nil { + (*handle).Close() + *handle = nil + } + + id := it.ID + for { + attr := &sys.BtfGetNextIdAttr{Id: id} + err := sys.BtfGetNextId(attr) + if errors.Is(err, os.ErrNotExist) { + // There are no more BTF objects. + return false + } else if err != nil { + it.err = fmt.Errorf("get next BTF ID: %w", err) + return false + } + + id = attr.NextId + *handle, err = NewHandleFromID(id) + if errors.Is(err, os.ErrNotExist) { + // Try again with the next ID. + continue + } else if err != nil { + it.err = fmt.Errorf("retrieve handle for ID %d: %w", id, err) + return false + } + + it.ID = id + return true + } +} + +// Err returns an error if iteration failed for some reason. +func (it *HandleIterator) Err() error { + return it.err +} diff --git a/vendor/github.com/cilium/ebpf/btf/info.go b/vendor/github.com/cilium/ebpf/btf/info.go deleted file mode 100644 index dd44a0be675..00000000000 --- a/vendor/github.com/cilium/ebpf/btf/info.go +++ /dev/null @@ -1,51 +0,0 @@ -package btf - -import ( - "bytes" - - "github.com/cilium/ebpf/internal" - "github.com/cilium/ebpf/internal/sys" - "github.com/cilium/ebpf/internal/unix" -) - -// info describes a BTF object. -type info struct { - BTF *Spec - ID ID - // Name is an identifying name for the BTF, currently only used by the - // kernel. - Name string - // KernelBTF is true if the BTf originated with the kernel and not - // userspace. - KernelBTF bool -} - -func newInfoFromFd(fd *sys.FD) (*info, error) { - // We invoke the syscall once with a empty BTF and name buffers to get size - // information to allocate buffers. Then we invoke it a second time with - // buffers to receive the data. - var btfInfo sys.BtfInfo - if err := sys.ObjInfo(fd, &btfInfo); err != nil { - return nil, err - } - - btfBuffer := make([]byte, btfInfo.BtfSize) - nameBuffer := make([]byte, btfInfo.NameLen) - btfInfo.Btf, btfInfo.BtfSize = sys.NewSlicePointerLen(btfBuffer) - btfInfo.Name, btfInfo.NameLen = sys.NewSlicePointerLen(nameBuffer) - if err := sys.ObjInfo(fd, &btfInfo); err != nil { - return nil, err - } - - spec, err := loadRawSpec(bytes.NewReader(btfBuffer), internal.NativeEndian, nil, nil) - if err != nil { - return nil, err - } - - return &info{ - BTF: spec, - ID: ID(btfInfo.Id), - Name: unix.ByteSliceToString(nameBuffer), - KernelBTF: btfInfo.KernelBtf != 0, - }, nil -} diff --git a/vendor/github.com/cilium/ebpf/btf/strings.go b/vendor/github.com/cilium/ebpf/btf/strings.go index 2f3bf831f70..67626e0dd17 100644 --- a/vendor/github.com/cilium/ebpf/btf/strings.go +++ b/vendor/github.com/cilium/ebpf/btf/strings.go @@ -9,6 +9,7 @@ import ( ) type stringTable struct { + base *stringTable offsets []uint32 strings []string } @@ -19,7 +20,15 @@ type sizedReader interface { Size() int64 } -func readStringTable(r sizedReader) (*stringTable, error) { +func readStringTable(r sizedReader, base *stringTable) (*stringTable, error) { + // When parsing split BTF's string table, the first entry offset is derived + // from the last entry offset of the base BTF. + firstStringOffset := uint32(0) + if base != nil { + idx := len(base.offsets) - 1 + firstStringOffset = base.offsets[idx] + uint32(len(base.strings[idx])) + 1 + } + // Derived from vmlinux BTF. const averageStringLength = 16 @@ -27,7 +36,7 @@ func readStringTable(r sizedReader) (*stringTable, error) { offsets := make([]uint32, 0, n) strings := make([]string, 0, n) - offset := uint32(0) + offset := firstStringOffset scanner := bufio.NewScanner(r) scanner.Split(splitNull) for scanner.Scan() { @@ -44,11 +53,11 @@ func readStringTable(r sizedReader) (*stringTable, error) { return nil, errors.New("string table is empty") } - if strings[0] != "" { + if firstStringOffset == 0 && strings[0] != "" { return nil, errors.New("first item in string table is non-empty") } - return &stringTable{offsets, strings}, nil + return &stringTable{base, offsets, strings}, nil } func splitNull(data []byte, atEOF bool) (advance int, token []byte, err error) { @@ -64,6 +73,13 @@ func splitNull(data []byte, atEOF bool) (advance int, token []byte, err error) { } func (st *stringTable) Lookup(offset uint32) (string, error) { + if st.base != nil && offset <= st.base.offsets[len(st.base.offsets)-1] { + return st.base.lookup(offset) + } + return st.lookup(offset) +} + +func (st *stringTable) lookup(offset uint32) (string, error) { i := search(st.offsets, offset) if i == len(st.offsets) || st.offsets[i] != offset { return "", fmt.Errorf("offset %d isn't start of a string", offset) diff --git a/vendor/github.com/cilium/ebpf/btf/types.go b/vendor/github.com/cilium/ebpf/btf/types.go index 82e7fea5823..402a363c28a 100644 --- a/vendor/github.com/cilium/ebpf/btf/types.go +++ b/vendor/github.com/cilium/ebpf/btf/types.go @@ -151,17 +151,22 @@ func (p *Pointer) copy() Type { // Array is an array with a fixed number of elements. type Array struct { + Index Type Type Type Nelems uint32 } func (arr *Array) Format(fs fmt.State, verb rune) { - formatType(fs, verb, arr, "type=", arr.Type, "n=", arr.Nelems) + formatType(fs, verb, arr, "index=", arr.Index, "type=", arr.Type, "n=", arr.Nelems) } func (arr *Array) TypeName() string { return "" } -func (arr *Array) walk(tdq *typeDeque) { tdq.push(&arr.Type) } +func (arr *Array) walk(tdq *typeDeque) { + tdq.push(&arr.Index) + tdq.push(&arr.Type) +} + func (arr *Array) copy() Type { cpy := *arr return &cpy @@ -266,12 +271,14 @@ type Member struct { // Enum lists possible values. type Enum struct { - Name string + Name string + // Size of the enum value in bytes. + Size uint32 Values []EnumValue } func (e *Enum) Format(fs fmt.State, verb rune) { - formatType(fs, verb, e, "values=", len(e.Values)) + formatType(fs, verb, e, "size=", e.Size, "values=", len(e.Values)) } func (e *Enum) TypeName() string { return e.Name } @@ -284,7 +291,7 @@ type EnumValue struct { Value int32 } -func (e *Enum) size() uint32 { return 4 } +func (e *Enum) size() uint32 { return e.Size } func (e *Enum) walk(*typeDeque) {} func (e *Enum) copy() Type { cpy := *e @@ -771,12 +778,24 @@ func (dq *typeDeque) all() []*Type { // inflateRawTypes takes a list of raw btf types linked via type IDs, and turns // it into a graph of Types connected via pointers. // -// Returns a map of named types (so, where NameOff is non-zero) and a slice of types -// indexed by TypeID. Since BTF ignores compilation units, multiple types may share -// the same name. A Type may form a cyclic graph by pointing at itself. -func inflateRawTypes(rawTypes []rawType, rawStrings *stringTable) ([]Type, error) { - types := make([]Type, 0, len(rawTypes)+1) - types = append(types, (*Void)(nil)) +// If baseTypes are provided, then the raw types are +// considered to be of a split BTF (e.g., a kernel module). +// +// Returns a slice of types indexed by TypeID. Since BTF ignores compilation +// units, multiple types may share the same name. A Type may form a cyclic graph +// by pointing at itself. +func inflateRawTypes(rawTypes []rawType, baseTypes types, rawStrings *stringTable) ([]Type, error) { + types := make([]Type, 0, len(rawTypes)+1) // +1 for Void added to base types + + typeIDOffset := TypeID(1) // Void is TypeID(0), so the rest starts from TypeID(1) + + if baseTypes == nil { + // Void is defined to always be type ID 0, and is thus omitted from BTF. + types = append(types, (*Void)(nil)) + } else { + // For split BTF, the next ID is max base BTF type ID + 1 + typeIDOffset = TypeID(len(baseTypes)) + } type fixupDef struct { id TypeID @@ -785,9 +804,18 @@ func inflateRawTypes(rawTypes []rawType, rawStrings *stringTable) ([]Type, error var fixups []fixupDef fixup := func(id TypeID, typ *Type) { - if id < TypeID(len(types)) { + if id < TypeID(len(baseTypes)) { + *typ = baseTypes[id] + return + } + + idx := id + if baseTypes != nil { + idx = id - TypeID(len(baseTypes)) + } + if idx < TypeID(len(types)) { // We've already inflated this type, fix it up immediately. - *typ = types[id] + *typ = types[idx] return } fixups = append(fixups, fixupDef{id, typ}) @@ -877,9 +905,7 @@ func inflateRawTypes(rawTypes []rawType, rawStrings *stringTable) ([]Type, error for i, raw := range rawTypes { var ( - // Void is defined to always be type ID 0, and is thus - // omitted from BTF. - id = TypeID(i + 1) + id = typeIDOffset + TypeID(i) typ Type ) @@ -891,11 +917,11 @@ func inflateRawTypes(rawTypes []rawType, rawStrings *stringTable) ([]Type, error switch raw.Kind() { case kindInt: size := raw.Size() - encoding, offset, bits := intEncoding(*raw.data.(*uint32)) - if offset > 0 || bits.Bytes() != size { - legacyBitfields[id] = [2]Bits{offset, bits} + bi := raw.data.(*btfInt) + if bi.Offset() > 0 || bi.Bits().Bytes() != size { + legacyBitfields[id] = [2]Bits{bi.Offset(), bi.Bits()} } - typ = &Int{name, size, encoding} + typ = &Int{name, raw.Size(), bi.Encoding()} case kindPointer: ptr := &Pointer{nil} @@ -904,10 +930,8 @@ func inflateRawTypes(rawTypes []rawType, rawStrings *stringTable) ([]Type, error case kindArray: btfArr := raw.data.(*btfArray) - - // IndexType is unused according to btf.rst. - // Don't make it available right now. - arr := &Array{nil, btfArr.Nelems} + arr := &Array{nil, nil, btfArr.Nelems} + fixup(btfArr.IndexType, &arr.Index) fixup(btfArr.Type, &arr.Type) typ = arr @@ -938,7 +962,7 @@ func inflateRawTypes(rawTypes []rawType, rawStrings *stringTable) ([]Type, error Value: btfVal.Val, }) } - typ = &Enum{name, vals} + typ = &Enum{name, raw.Size(), vals} case kindForward: if raw.KindFlag() { @@ -1030,14 +1054,21 @@ func inflateRawTypes(rawTypes []rawType, rawStrings *stringTable) ([]Type, error for _, fixup := range fixups { i := int(fixup.id) - if i >= len(types) { + if i >= len(types)+len(baseTypes) { return nil, fmt.Errorf("reference to invalid type id: %d", fixup.id) } + if i < len(baseTypes) { + return nil, fmt.Errorf("fixup for base type id %d is not expected", i) + } - *fixup.typ = types[i] + *fixup.typ = types[i-len(baseTypes)] } for _, bitfieldFixup := range bitfieldFixups { + if bitfieldFixup.id < TypeID(len(baseTypes)) { + return nil, fmt.Errorf("bitfield fixup from split to base types is not expected") + } + data, ok := legacyBitfields[bitfieldFixup.id] if ok { // This is indeed a legacy bitfield, fix it up. diff --git a/vendor/github.com/cilium/ebpf/collection.go b/vendor/github.com/cilium/ebpf/collection.go index 22b7c7a35bc..8c2ddc38021 100644 --- a/vendor/github.com/cilium/ebpf/collection.go +++ b/vendor/github.com/cilium/ebpf/collection.go @@ -264,14 +264,17 @@ func (cs *CollectionSpec) LoadAndAssign(to interface{}, opts *CollectionOptions) if err != nil { return err } - defer loader.cleanup() + defer loader.close() // Support assigning Programs and Maps, lazy-loading the required objects. assignedMaps := make(map[string]bool) + assignedProgs := make(map[string]bool) + getValue := func(typ reflect.Type, name string) (interface{}, error) { switch typ { case reflect.TypeOf((*Program)(nil)): + assignedProgs[name] = true return loader.loadProgram(name) case reflect.TypeOf((*Map)(nil)): @@ -311,7 +314,13 @@ func (cs *CollectionSpec) LoadAndAssign(to interface{}, opts *CollectionOptions) } } - loader.finalize() + // Prevent loader.cleanup() from closing assigned Maps and Programs. + for m := range assignedMaps { + delete(loader.maps, m) + } + for p := range assignedProgs { + delete(loader.programs, p) + } return nil } @@ -342,7 +351,7 @@ func NewCollectionWithOptions(spec *CollectionSpec, opts CollectionOptions) (*Co if err != nil { return nil, err } - defer loader.cleanup() + defer loader.close() // Create maps first, as their fds need to be linked into programs. for mapName := range spec.Maps { @@ -367,9 +376,9 @@ func NewCollectionWithOptions(spec *CollectionSpec, opts CollectionOptions) (*Co return nil, err } + // Prevent loader.cleanup from closing maps and programs. maps, progs := loader.maps, loader.programs - - loader.finalize() + loader.maps, loader.programs = nil, nil return &Collection{ progs, @@ -441,16 +450,8 @@ func newCollectionLoader(coll *CollectionSpec, opts *CollectionOptions) (*collec }, nil } -// finalize should be called when all the collectionLoader's resources -// have been successfully loaded into the kernel and populated with values. -func (cl *collectionLoader) finalize() { - cl.maps, cl.programs = nil, nil -} - -// cleanup cleans up all resources left over in the collectionLoader. -// Call finalize() when Map and Program creation/population is successful -// to prevent them from getting closed. -func (cl *collectionLoader) cleanup() { +// close all resources left over in the collectionLoader. +func (cl *collectionLoader) close() { cl.handles.close() for _, m := range cl.maps { m.Close() diff --git a/vendor/github.com/cilium/ebpf/elf_reader.go b/vendor/github.com/cilium/ebpf/elf_reader.go index 3337ba84ba0..df278895c63 100644 --- a/vendor/github.com/cilium/ebpf/elf_reader.go +++ b/vendor/github.com/cilium/ebpf/elf_reader.go @@ -283,6 +283,7 @@ func (ec *elfCode) loadProgramSections() (map[string]*ProgramSpec, error) { progs := make(map[string]*ProgramSpec) // Generate a ProgramSpec for each function found in each program section. + var export []string for _, sec := range ec.sections { if sec.kind != programSection { continue @@ -319,13 +320,14 @@ func (ec *elfCode) loadProgramSections() (map[string]*ProgramSpec, error) { return nil, fmt.Errorf("duplicate program name %s", name) } progs[name] = spec + + if spec.SectionName != ".text" { + export = append(export, name) + } } } - // Populate each prog's references with pointers to all of its callees. - if err := populateReferences(progs); err != nil { - return nil, fmt.Errorf("populating references: %w", err) - } + flattenPrograms(progs, export) // Hide programs (e.g. library functions) that were not explicitly emitted // to an ELF section. These could be exposed in a separate CollectionSpec diff --git a/vendor/github.com/cilium/ebpf/info.go b/vendor/github.com/cilium/ebpf/info.go index 2474017b180..ae77bc6197f 100644 --- a/vendor/github.com/cilium/ebpf/info.go +++ b/vendor/github.com/cilium/ebpf/info.go @@ -177,6 +177,7 @@ func (pi *ProgramInfo) ID() (ProgramID, bool) { // BTFID returns the BTF ID associated with the program. // +// The ID is only valid as long as the associated program is kept alive. // Available from 5.0. // // The bool return value indicates whether this optional field is available and diff --git a/vendor/github.com/cilium/ebpf/internal/errors.go b/vendor/github.com/cilium/ebpf/internal/errors.go index 5ff158ea561..b5ccdd7d053 100644 --- a/vendor/github.com/cilium/ebpf/internal/errors.go +++ b/vendor/github.com/cilium/ebpf/internal/errors.go @@ -2,46 +2,205 @@ package internal import ( "bytes" - "errors" "fmt" - - "github.com/cilium/ebpf/internal/unix" + "io" + "strings" ) -// ErrorWithLog returns an error that includes logs from the -// kernel verifier. +// ErrorWithLog returns an error which includes logs from the kernel verifier. +// +// The default error output is a summary of the full log. The latter can be +// accessed via VerifierError.Log or by formatting the error, see Format. // -// logErr should be the error returned by the syscall that generated -// the log. It is used to check for truncation of the output. -func ErrorWithLog(err error, log []byte, logErr error) error { +// A set of heuristics is used to determine whether the log has been truncated. +func ErrorWithLog(err error, log []byte) *VerifierError { + const whitespace = "\t\r\v\n " + // Convert verifier log C string by truncating it on the first 0 byte // and trimming trailing whitespace before interpreting as a Go string. + truncated := false if i := bytes.IndexByte(log, 0); i != -1 { + if i == len(log)-1 && !bytes.HasSuffix(log[:i], []byte{'\n'}) { + // The null byte is at the end of the buffer and it's not preceded + // by a newline character. Most likely the buffer was too short. + truncated = true + } + log = log[:i] + } else if len(log) > 0 { + // No null byte? Dodgy! + truncated = true } - logStr := string(bytes.Trim(log, "\t\r\n ")) - if errors.Is(logErr, unix.ENOSPC) { - logStr += " (truncated...)" + log = bytes.Trim(log, whitespace) + logLines := bytes.Split(log, []byte{'\n'}) + lines := make([]string, 0, len(logLines)) + for _, line := range logLines { + // Don't remove leading white space on individual lines. We rely on it + // when outputting logs. + lines = append(lines, string(bytes.TrimRight(line, whitespace))) } - return &VerifierError{err, logStr} + return &VerifierError{err, lines, truncated} } // VerifierError includes information from the eBPF verifier. +// +// It summarises the log output, see Format if you want to output the full contents. type VerifierError struct { - cause error - log string + // The error which caused this error. + Cause error + // The verifier output split into lines. + Log []string + // Whether the log output is truncated, based on several heuristics. + Truncated bool } func (le *VerifierError) Unwrap() error { - return le.cause + return le.Cause } func (le *VerifierError) Error() string { - if le.log == "" { - return le.cause.Error() + log := le.Log + if n := len(log); n > 0 && strings.HasPrefix(log[n-1], "processed ") { + // Get rid of "processed 39 insns (limit 1000000) ..." from summary. + log = log[:n-1] + } + + n := len(log) + if n == 0 { + return le.Cause.Error() + } + + lines := log[n-1:] + if n >= 2 && (includePreviousLine(log[n-1]) || le.Truncated) { + // Add one more line of context if it aids understanding the error. + lines = log[n-2:] + } + + var b strings.Builder + fmt.Fprintf(&b, "%s: ", le.Cause.Error()) + + for i, line := range lines { + b.WriteString(strings.TrimSpace(line)) + if i != len(lines)-1 { + b.WriteString(": ") + } + } + + omitted := len(le.Log) - len(lines) + if omitted == 0 && !le.Truncated { + return b.String() } - return fmt.Sprintf("%s: %s", le.cause, le.log) + b.WriteString(" (") + if le.Truncated { + b.WriteString("truncated") + } + + if omitted > 0 { + if le.Truncated { + b.WriteString(", ") + } + fmt.Fprintf(&b, "%d line(s) omitted", omitted) + } + b.WriteString(")") + + return b.String() +} + +// includePreviousLine returns true if the given line likely is better +// understood with additional context from the preceding line. +func includePreviousLine(line string) bool { + // We need to find a good trade off between understandable error messages + // and too much complexity here. Checking the string prefix is ok, requiring + // regular expressions to do it is probably overkill. + + if strings.HasPrefix(line, "\t") { + // [13] STRUCT drm_rect size=16 vlen=4 + // \tx1 type_id=2 + return true + } + + if len(line) >= 2 && line[0] == 'R' && line[1] >= '0' && line[1] <= '9' { + // 0: (95) exit + // R0 !read_ok + return true + } + + if strings.HasPrefix(line, "invalid bpf_context access") { + // 0: (79) r6 = *(u64 *)(r1 +0) + // func '__x64_sys_recvfrom' arg0 type FWD is not a struct + // invalid bpf_context access off=0 size=8 + return true + } + + return false +} + +// Format the error. +// +// Understood verbs are %s and %v, which are equivalent to calling Error(). %v +// allows outputting additional information using the following flags: +// +// + Output the first lines, or all lines if no width is given. +// - Output the last lines, or all lines if no width is given. +// +// Use width to specify how many lines to output. Use the '-' flag to output +// lines from the end of the log instead of the beginning. +func (le *VerifierError) Format(f fmt.State, verb rune) { + switch verb { + case 's': + _, _ = io.WriteString(f, le.Error()) + + case 'v': + n, haveWidth := f.Width() + if !haveWidth || n > len(le.Log) { + n = len(le.Log) + } + + if !f.Flag('+') && !f.Flag('-') { + if haveWidth { + _, _ = io.WriteString(f, "%!v(BADWIDTH)") + return + } + + _, _ = io.WriteString(f, le.Error()) + return + } + + if f.Flag('+') && f.Flag('-') { + _, _ = io.WriteString(f, "%!v(BADFLAG)") + return + } + + fmt.Fprintf(f, "%s:", le.Cause.Error()) + + omitted := len(le.Log) - n + lines := le.Log[:n] + if f.Flag('-') { + // Print last instead of first lines. + lines = le.Log[len(le.Log)-n:] + if omitted > 0 { + fmt.Fprintf(f, "\n\t(%d line(s) omitted)", omitted) + } + } + + for _, line := range lines { + fmt.Fprintf(f, "\n\t%s", line) + } + + if !f.Flag('-') { + if omitted > 0 { + fmt.Fprintf(f, "\n\t(%d line(s) omitted)", omitted) + } + } + + if le.Truncated { + fmt.Fprintf(f, "\n\t(truncated)") + } + + default: + fmt.Fprintf(f, "%%!%c(BADVERB)", verb) + } } diff --git a/vendor/github.com/cilium/ebpf/internal/pinning.go b/vendor/github.com/cilium/ebpf/internal/pinning.go index 9fa3146c70b..c711353c3ea 100644 --- a/vendor/github.com/cilium/ebpf/internal/pinning.go +++ b/vendor/github.com/cilium/ebpf/internal/pinning.go @@ -6,6 +6,7 @@ import ( "os" "path/filepath" "runtime" + "unsafe" "github.com/cilium/ebpf/internal/sys" "github.com/cilium/ebpf/internal/unix" @@ -24,7 +25,17 @@ func Pin(currentPath, newPath string, fd *sys.FD) error { var statfs unix.Statfs_t if err := unix.Statfs(filepath.Dir(newPath), &statfs); err != nil { return err - } else if uint64(statfs.Type) != bpfFSType { + } + + fsType := int64(statfs.Type) + if unsafe.Sizeof(statfs.Type) == 4 { + // We're on a 32 bit arch, where statfs.Type is int32. bpfFSType is a + // negative number when interpreted as int32 so we need to cast via + // uint32 to avoid sign extension. + fsType = int64(uint32(statfs.Type)) + } + + if fsType != bpfFSType { return fmt.Errorf("%s is not on a bpf filesystem", newPath) } diff --git a/vendor/github.com/cilium/ebpf/internal/sys/doc.go b/vendor/github.com/cilium/ebpf/internal/sys/doc.go index 23480e3432e..dfe174448e1 100644 --- a/vendor/github.com/cilium/ebpf/internal/sys/doc.go +++ b/vendor/github.com/cilium/ebpf/internal/sys/doc.go @@ -3,4 +3,4 @@ package sys // Regenerate types.go by invoking go generate in the current directory. -//go:generate go run github.com/cilium/ebpf/internal/cmd/gentypes ../../btf/testdata/vmlinux-btf.gz +//go:generate go run github.com/cilium/ebpf/internal/cmd/gentypes ../../btf/testdata/vmlinux.btf.gz diff --git a/vendor/github.com/cilium/ebpf/internal/sys/syscall.go b/vendor/github.com/cilium/ebpf/internal/sys/syscall.go index dd515f0eba3..2a5935dc912 100644 --- a/vendor/github.com/cilium/ebpf/internal/sys/syscall.go +++ b/vendor/github.com/cilium/ebpf/internal/sys/syscall.go @@ -93,6 +93,9 @@ func NewObjName(name string) ObjName { // LinkID uniquely identifies a bpf_link. type LinkID uint32 +// BTFID uniquely identifies a BTF blob loaded into the kernel. +type BTFID uint32 + // wrappedErrno wraps syscall.Errno to prevent direct comparisons with // syscall.E* or unix.E* constants. // diff --git a/vendor/github.com/cilium/ebpf/internal/sys/types.go b/vendor/github.com/cilium/ebpf/internal/sys/types.go index 586c5d00151..291e3a6196c 100644 --- a/vendor/github.com/cilium/ebpf/internal/sys/types.go +++ b/vendor/github.com/cilium/ebpf/internal/sys/types.go @@ -58,7 +58,8 @@ const ( BPF_SK_REUSEPORT_SELECT AttachType = 39 BPF_SK_REUSEPORT_SELECT_OR_MIGRATE AttachType = 40 BPF_PERF_EVENT AttachType = 41 - __MAX_BPF_ATTACH_TYPE AttachType = 42 + BPF_TRACE_KPROBE_MULTI AttachType = 42 + __MAX_BPF_ATTACH_TYPE AttachType = 43 ) type Cmd int32 @@ -292,7 +293,15 @@ const ( BPF_FUNC_get_func_arg FunctionId = 183 BPF_FUNC_get_func_ret FunctionId = 184 BPF_FUNC_get_func_arg_cnt FunctionId = 185 - __BPF_FUNC_MAX_ID FunctionId = 186 + BPF_FUNC_get_retval FunctionId = 186 + BPF_FUNC_set_retval FunctionId = 187 + BPF_FUNC_xdp_get_buff_len FunctionId = 188 + BPF_FUNC_xdp_load_bytes FunctionId = 189 + BPF_FUNC_xdp_store_bytes FunctionId = 190 + BPF_FUNC_copy_from_user_task FunctionId = 191 + BPF_FUNC_skb_set_tstamp FunctionId = 192 + BPF_FUNC_ima_file_hash FunctionId = 193 + __BPF_FUNC_MAX_ID FunctionId = 194 ) type HdrStartOff int32 @@ -313,7 +322,8 @@ const ( BPF_LINK_TYPE_NETNS LinkType = 5 BPF_LINK_TYPE_XDP LinkType = 6 BPF_LINK_TYPE_PERF_EVENT LinkType = 7 - MAX_BPF_LINK_TYPE LinkType = 8 + BPF_LINK_TYPE_KPROBE_MULTI LinkType = 8 + MAX_BPF_LINK_TYPE LinkType = 9 ) type MapType int32 @@ -432,7 +442,7 @@ const ( type BtfInfo struct { Btf Pointer BtfSize uint32 - Id uint32 + Id BTFID Name Pointer NameLen uint32 KernelBtf uint32 @@ -517,6 +527,30 @@ type ProgInfo struct { _ [4]byte } +type SkLookup struct { + Cookie uint64 + Family uint32 + Protocol uint32 + RemoteIp4 [4]uint8 + RemoteIp6 [16]uint8 + RemotePort uint16 + _ [2]byte + LocalIp4 [4]uint8 + LocalIp6 [16]uint8 + LocalPort uint32 + IngressIfindex uint32 + _ [4]byte +} + +type XdpMd struct { + Data uint32 + DataEnd uint32 + DataMeta uint32 + IngressIfindex uint32 + RxQueueIndex uint32 + EgressIfindex uint32 +} + type BtfGetFdByIdAttr struct{ Id uint32 } func BtfGetFdById(attr *BtfGetFdByIdAttr) (*FD, error) { @@ -527,6 +561,16 @@ func BtfGetFdById(attr *BtfGetFdByIdAttr) (*FD, error) { return NewFD(int(fd)) } +type BtfGetNextIdAttr struct { + Id BTFID + NextId BTFID +} + +func BtfGetNextId(attr *BtfGetNextIdAttr) error { + _, err := BPF(BPF_BTF_GET_NEXT_ID, unsafe.Pointer(attr), unsafe.Sizeof(*attr)) + return err +} + type BtfLoadAttr struct { Btf Pointer BtfLogBuf Pointer @@ -573,7 +617,7 @@ type LinkCreateAttr struct { AttachType AttachType Flags uint32 TargetBtfId uint32 - _ [12]byte + _ [28]byte } func LinkCreate(attr *LinkCreateAttr) (*FD, error) { @@ -591,7 +635,7 @@ type LinkCreateIterAttr struct { Flags uint32 IterInfo Pointer IterInfoLen uint32 - _ [4]byte + _ [20]byte } func LinkCreateIter(attr *LinkCreateIterAttr) (*FD, error) { @@ -608,7 +652,7 @@ type LinkCreatePerfEventAttr struct { AttachType AttachType Flags uint32 BpfCookie uint64 - _ [8]byte + _ [24]byte } func LinkCreatePerfEvent(attr *LinkCreatePerfEventAttr) (*FD, error) { @@ -954,6 +998,8 @@ type ProgRunAttr struct { CtxOut Pointer Flags uint32 Cpu uint32 + BatchSize uint32 + _ [4]byte } func ProgRun(attr *ProgRunAttr) error { diff --git a/vendor/github.com/cilium/ebpf/link/cgroup.go b/vendor/github.com/cilium/ebpf/link/cgroup.go index b3e65cfecd8..003b0638e89 100644 --- a/vendor/github.com/cilium/ebpf/link/cgroup.go +++ b/vendor/github.com/cilium/ebpf/link/cgroup.go @@ -56,18 +56,6 @@ func AttachCgroup(opts CgroupOptions) (Link, error) { return cg, nil } -// LoadPinnedCgroup loads a pinned cgroup from a bpffs. -// -// Deprecated: use LoadPinnedLink instead. -func LoadPinnedCgroup(fileName string, opts *ebpf.LoadPinOptions) (Link, error) { - link, err := LoadPinnedRawLink(fileName, CgroupType, opts) - if err != nil { - return nil, err - } - - return &linkCgroup{*link}, nil -} - type progAttachCgroup struct { cgroup *os.File current *ebpf.Program diff --git a/vendor/github.com/cilium/ebpf/link/iter.go b/vendor/github.com/cilium/ebpf/link/iter.go index 289733e4709..d2b32ef331c 100644 --- a/vendor/github.com/cilium/ebpf/link/iter.go +++ b/vendor/github.com/cilium/ebpf/link/iter.go @@ -58,18 +58,6 @@ func AttachIter(opts IterOptions) (*Iter, error) { return &Iter{RawLink{fd, ""}}, err } -// LoadPinnedIter loads a pinned iterator from a bpffs. -// -// Deprecated: use LoadPinnedLink instead. -func LoadPinnedIter(fileName string, opts *ebpf.LoadPinOptions) (*Iter, error) { - link, err := LoadPinnedRawLink(fileName, IterType, opts) - if err != nil { - return nil, err - } - - return &Iter{*link}, err -} - // Iter represents an attached bpf_iter. type Iter struct { RawLink diff --git a/vendor/github.com/cilium/ebpf/link/kprobe.go b/vendor/github.com/cilium/ebpf/link/kprobe.go index 286e3c66a16..fdf622a0c07 100644 --- a/vendor/github.com/cilium/ebpf/link/kprobe.go +++ b/vendor/github.com/cilium/ebpf/link/kprobe.go @@ -350,7 +350,7 @@ func tracefsKprobe(args probeArgs) (*perfEvent, error) { // Path and offset are only set in the case of uprobe(s) and are used to set // the executable/library path on the filesystem and the offset where the probe is inserted. // A perf event is then opened on the newly-created trace event and returned to the caller. -func tracefsProbe(typ probeType, args probeArgs) (*perfEvent, error) { +func tracefsProbe(typ probeType, args probeArgs) (_ *perfEvent, err error) { // Generate a random string for each trace event we attempt to create. // This value is used as the 'group' token in tracefs to allow creating // multiple kprobe trace events with the same name. @@ -376,6 +376,15 @@ func tracefsProbe(typ probeType, args probeArgs) (*perfEvent, error) { if err := createTraceFSProbeEvent(typ, args); err != nil { return nil, fmt.Errorf("creating probe entry on tracefs: %w", err) } + defer func() { + if err != nil { + // Make sure we clean up the created tracefs event when we return error. + // If a livepatch handler is already active on the symbol, the write to + // tracefs will succeed, a trace event will show up, but creating the + // perf event will fail with EBUSY. + _ = closeTraceFSProbeEvent(typ, args.group, args.symbol) + } + }() // Get the newly-created trace event's id. tid, err := getTraceEventID(group, args.symbol) diff --git a/vendor/github.com/cilium/ebpf/link/link.go b/vendor/github.com/cilium/ebpf/link/link.go index bb84e9db788..067d0101aa9 100644 --- a/vendor/github.com/cilium/ebpf/link/link.go +++ b/vendor/github.com/cilium/ebpf/link/link.go @@ -107,11 +107,6 @@ type Info struct { extra interface{} } -// RawLinkInfo contains information on a raw link. -// -// Deprecated: use Info instead. -type RawLinkInfo = Info - type TracingInfo sys.TracingLinkInfo type CgroupInfo sys.CgroupLinkInfo type NetNsInfo sys.NetNsLinkInfo @@ -188,36 +183,6 @@ func AttachRawLink(opts RawLinkOptions) (*RawLink, error) { return &RawLink{fd, ""}, nil } -// LoadPinnedRawLink loads a persisted link from a bpffs. -// -// Returns an error if the pinned link type doesn't match linkType. Pass -// UnspecifiedType to disable this behaviour. -// -// Deprecated: use LoadPinnedLink instead. -func LoadPinnedRawLink(fileName string, linkType Type, opts *ebpf.LoadPinOptions) (*RawLink, error) { - link, err := loadPinnedRawLink(fileName, opts) - if err != nil { - return nil, err - } - - if linkType == UnspecifiedType { - return link, nil - } - - info, err := link.Info() - if err != nil { - link.Close() - return nil, fmt.Errorf("get pinned link info: %w", err) - } - - if info.Type != linkType { - link.Close() - return nil, fmt.Errorf("link type %v doesn't match %v", info.Type, linkType) - } - - return link, nil -} - func loadPinnedRawLink(fileName string, opts *ebpf.LoadPinOptions) (*RawLink, error) { fd, err := sys.ObjGet(&sys.ObjGetAttr{ Pathname: sys.NewStringPointer(fileName), diff --git a/vendor/github.com/cilium/ebpf/link/netns.go b/vendor/github.com/cilium/ebpf/link/netns.go index f49cbe4d73b..344ecced6be 100644 --- a/vendor/github.com/cilium/ebpf/link/netns.go +++ b/vendor/github.com/cilium/ebpf/link/netns.go @@ -34,15 +34,3 @@ func AttachNetNs(ns int, prog *ebpf.Program) (*NetNsLink, error) { return &NetNsLink{*link}, nil } - -// LoadPinnedNetNs loads a network namespace link from bpffs. -// -// Deprecated: use LoadPinnedLink instead. -func LoadPinnedNetNs(fileName string, opts *ebpf.LoadPinOptions) (*NetNsLink, error) { - link, err := LoadPinnedRawLink(fileName, NetNsType, opts) - if err != nil { - return nil, err - } - - return &NetNsLink{*link}, nil -} diff --git a/vendor/github.com/cilium/ebpf/link/tracing.go b/vendor/github.com/cilium/ebpf/link/tracing.go index e26bea748a2..e47e61a3b84 100644 --- a/vendor/github.com/cilium/ebpf/link/tracing.go +++ b/vendor/github.com/cilium/ebpf/link/tracing.go @@ -41,27 +41,24 @@ func AttachFreplace(targetProg *ebpf.Program, name string, prog *ebpf.Program) ( typeID btf.TypeID ) if targetProg != nil { - info, err := targetProg.Info() + btfHandle, err := targetProg.Handle() if err != nil { return nil, err } - btfID, ok := info.BTFID() - if !ok { - return nil, fmt.Errorf("could not get BTF ID for program %s: %w", info.Name, errInvalidInput) - } - btfHandle, err := btf.NewHandleFromID(btfID) + defer btfHandle.Close() + + spec, err := btfHandle.Spec(nil) if err != nil { return nil, err } - defer btfHandle.Close() var function *btf.Func - if err := btfHandle.Spec().TypeByName(name, &function); err != nil { + if err := spec.TypeByName(name, &function); err != nil { return nil, err } target = targetProg.FD() - typeID, err = btfHandle.Spec().TypeID(function) + typeID, err = spec.TypeID(function) if err != nil { return nil, err } @@ -80,18 +77,6 @@ func AttachFreplace(targetProg *ebpf.Program, name string, prog *ebpf.Program) ( return &tracing{*link}, nil } -// LoadPinnedFreplace loads a pinned iterator from a bpffs. -// -// Deprecated: use LoadPinnedLink instead. -func LoadPinnedFreplace(fileName string, opts *ebpf.LoadPinOptions) (Link, error) { - link, err := LoadPinnedRawLink(fileName, TracingType, opts) - if err != nil { - return nil, err - } - - return &tracing{*link}, err -} - type TracingOptions struct { // Program must be of type Tracing with attach type // AttachTraceFEntry/AttachTraceFExit/AttachModifyReturn or diff --git a/vendor/github.com/cilium/ebpf/link/uprobe.go b/vendor/github.com/cilium/ebpf/link/uprobe.go index ca11f376b91..edf925b5702 100644 --- a/vendor/github.com/cilium/ebpf/link/uprobe.go +++ b/vendor/github.com/cilium/ebpf/link/uprobe.go @@ -42,15 +42,21 @@ var ( type Executable struct { // Path of the executable on the filesystem. path string - // Parsed ELF symbols and dynamic symbols offsets. - offsets map[string]uint64 + // Parsed ELF and dynamic symbols' addresses. + addresses map[string]uint64 } // UprobeOptions defines additional parameters that will be used // when loading Uprobes. type UprobeOptions struct { - // Symbol offset. Must be provided in case of external symbols (shared libs). - // If set, overrides the offset eventually parsed from the executable. + // Symbol address. Must be provided in case of external symbols (shared libs). + // If set, overrides the address eventually parsed from the executable. + Address uint64 + // The offset relative to given symbol. Useful when tracing an arbitrary point + // inside the frame of given symbol. + // + // Note: this field changed from being an absolute offset to being relative + // to Address. Offset uint64 // Only set the uprobe on the given process ID. Useful when tracing // shared library calls or programs that have many running instances. @@ -100,8 +106,8 @@ func OpenExecutable(path string) (*Executable, error) { } ex := Executable{ - path: path, - offsets: make(map[string]uint64), + path: path, + addresses: make(map[string]uint64), } if err := ex.load(se); err != nil { @@ -130,7 +136,7 @@ func (ex *Executable) load(f *internal.SafeELFFile) error { continue } - off := s.Value + address := s.Value // Loop over ELF segments. for _, prog := range f.Progs { @@ -146,32 +152,42 @@ func (ex *Executable) load(f *internal.SafeELFFile) error { // fn symbol offset = fn symbol VA - .text VA + .text offset // // stackoverflow.com/a/40249502 - off = s.Value - prog.Vaddr + prog.Off + address = s.Value - prog.Vaddr + prog.Off break } } - ex.offsets[s.Name] = off + ex.addresses[s.Name] = address } return nil } -func (ex *Executable) offset(symbol string) (uint64, error) { - if off, ok := ex.offsets[symbol]; ok { - // Symbols with location 0 from section undef are shared library calls and - // are relocated before the binary is executed. Dynamic linking is not - // implemented by the library, so mark this as unsupported for now. - // - // Since only offset values are stored and not elf.Symbol, if the value is 0, - // assume it's an external symbol. - if off == 0 { - return 0, fmt.Errorf("cannot resolve %s library call '%s', "+ - "consider providing the offset via options: %w", ex.path, symbol, ErrNotSupported) - } - return off, nil +// address calculates the address of a symbol in the executable. +// +// opts must not be nil. +func (ex *Executable) address(symbol string, opts *UprobeOptions) (uint64, error) { + if opts.Address > 0 { + return opts.Address + opts.Offset, nil + } + + address, ok := ex.addresses[symbol] + if !ok { + return 0, fmt.Errorf("symbol %s: %w", symbol, ErrNoSymbol) + } + + // Symbols with location 0 from section undef are shared library calls and + // are relocated before the binary is executed. Dynamic linking is not + // implemented by the library, so mark this as unsupported for now. + // + // Since only offset values are stored and not elf.Symbol, if the value is 0, + // assume it's an external symbol. + if address == 0 { + return 0, fmt.Errorf("cannot resolve %s library call '%s': %w "+ + "(consider providing UprobeOptions.Address)", ex.path, symbol, ErrNotSupported) } - return 0, fmt.Errorf("symbol %s: %w", symbol, ErrNoSymbol) + + return address + opts.Offset, nil } // Uprobe attaches the given eBPF program to a perf event that fires when the @@ -186,6 +202,8 @@ func (ex *Executable) offset(symbol string) (uint64, error) { // // up, err := ex.Uprobe("main", prog, &UprobeOptions{Offset: 0x123}) // +// Note: Setting the Offset field in the options supersedes the symbol's offset. +// // Losing the reference to the resulting Link (up) will close the Uprobe // and prevent further execution of prog. The Link must be Closed during // program shutdown to avoid leaking system resources. @@ -218,6 +236,8 @@ func (ex *Executable) Uprobe(symbol string, prog *ebpf.Program, opts *UprobeOpti // // up, err := ex.Uretprobe("main", prog, &UprobeOptions{Offset: 0x123}) // +// Note: Setting the Offset field in the options supersedes the symbol's offset. +// // Losing the reference to the resulting Link (up) will close the Uprobe // and prevent further execution of prog. The Link must be Closed during // program shutdown to avoid leaking system resources. @@ -252,13 +272,9 @@ func (ex *Executable) uprobe(symbol string, prog *ebpf.Program, opts *UprobeOpti opts = &UprobeOptions{} } - offset := opts.Offset - if offset == 0 { - off, err := ex.offset(symbol) - if err != nil { - return nil, err - } - offset = off + offset, err := ex.address(symbol, opts) + if err != nil { + return nil, err } pid := opts.PID diff --git a/vendor/github.com/cilium/ebpf/linker.go b/vendor/github.com/cilium/ebpf/linker.go index 97f7c510d26..e6276b1829b 100644 --- a/vendor/github.com/cilium/ebpf/linker.go +++ b/vendor/github.com/cilium/ebpf/linker.go @@ -52,68 +52,9 @@ func splitSymbols(insns asm.Instructions) (map[string]asm.Instructions, error) { // Each function is denoted by an ELF symbol and the compiler takes care of // register setup before each jump instruction. -// populateReferences populates all of progs' Instructions and references -// with their full dependency chains including transient dependencies. -func populateReferences(progs map[string]*ProgramSpec) error { - type props struct { - insns asm.Instructions - refs map[string]*ProgramSpec - } - - out := make(map[string]props) - - // Resolve and store direct references between all progs. - if err := findReferences(progs); err != nil { - return fmt.Errorf("finding references: %w", err) - } - - // Flatten all progs' instruction streams. - for name, prog := range progs { - insns, refs := prog.flatten(nil) - - prop := props{ - insns: insns, - refs: refs, - } - - out[name] = prop - } - - // Replace all progs' instructions and references - for name, props := range out { - progs[name].Instructions = props.insns - progs[name].references = props.refs - } - - return nil -} - -// findReferences finds bpf-to-bpf calls between progs and populates each -// prog's references field with its direct neighbours. -func findReferences(progs map[string]*ProgramSpec) error { - // Check all ProgramSpecs in the collection against each other. - for _, prog := range progs { - prog.references = make(map[string]*ProgramSpec) - - // Look up call targets in progs and store pointers to their corresponding - // ProgramSpecs as direct references. - for refname := range prog.Instructions.FunctionReferences() { - ref := progs[refname] - // Call targets are allowed to be missing from an ELF. This occurs when - // a program calls into a forward function declaration that is left - // unimplemented. This is caught at load time during fixups. - if ref != nil { - prog.references[refname] = ref - } - } - } - - return nil -} - -// hasReferences returns true if insns contains one or more bpf2bpf +// hasFunctionReferences returns true if insns contains one or more bpf2bpf // function references. -func hasReferences(insns asm.Instructions) bool { +func hasFunctionReferences(insns asm.Instructions) bool { for _, i := range insns { if i.IsFunctionReference() { return true @@ -160,6 +101,77 @@ func applyRelocations(insns asm.Instructions, local, target *btf.Spec) error { return nil } +// flattenPrograms resolves bpf-to-bpf calls for a set of programs. +// +// Links all programs in names by modifying their ProgramSpec in progs. +func flattenPrograms(progs map[string]*ProgramSpec, names []string) { + // Pre-calculate all function references. + refs := make(map[*ProgramSpec][]string) + for _, prog := range progs { + refs[prog] = prog.Instructions.FunctionReferences() + } + + // Create a flattened instruction stream, but don't modify progs yet to + // avoid linking multiple times. + flattened := make([]asm.Instructions, 0, len(names)) + for _, name := range names { + flattened = append(flattened, flattenInstructions(name, progs, refs)) + } + + // Finally, assign the flattened instructions. + for i, name := range names { + progs[name].Instructions = flattened[i] + } +} + +// flattenInstructions resolves bpf-to-bpf calls for a single program. +// +// Flattens the instructions of prog by concatenating the instructions of all +// direct and indirect dependencies. +// +// progs contains all referenceable programs, while refs contain the direct +// dependencies of each program. +func flattenInstructions(name string, progs map[string]*ProgramSpec, refs map[*ProgramSpec][]string) asm.Instructions { + prog := progs[name] + + insns := make(asm.Instructions, len(prog.Instructions)) + copy(insns, prog.Instructions) + + // Add all direct references of prog to the list of to be linked programs. + pending := make([]string, len(refs[prog])) + copy(pending, refs[prog]) + + // All references for which we've appended instructions. + linked := make(map[string]bool) + + // Iterate all pending references. We can't use a range since pending is + // modified in the body below. + for len(pending) > 0 { + var ref string + ref, pending = pending[0], pending[1:] + + if linked[ref] { + // We've already linked this ref, don't append instructions again. + continue + } + + progRef := progs[ref] + if progRef == nil { + // We don't have instructions that go with this reference. This + // happens when calling extern functions. + continue + } + + insns = append(insns, progRef.Instructions...) + linked[ref] = true + + // Make sure we link indirect references. + pending = append(pending, refs[progRef]...) + } + + return insns +} + // fixupAndValidate is called by the ELF reader right before marshaling the // instruction stream. It performs last-minute adjustments to the program and // runs some sanity checks before sending it off to the kernel. diff --git a/vendor/github.com/cilium/ebpf/map.go b/vendor/github.com/cilium/ebpf/map.go index e6d26db4014..e4a6c87e924 100644 --- a/vendor/github.com/cilium/ebpf/map.go +++ b/vendor/github.com/cilium/ebpf/map.go @@ -19,7 +19,6 @@ import ( // Errors returned by Map and MapIterator methods. var ( - errFirstKeyNotFound = errors.New("first key not found") ErrKeyNotExist = errors.New("key does not exist") ErrKeyExist = errors.New("key already exists") ErrIterationAborted = errors.New("iteration aborted") @@ -170,7 +169,8 @@ func (ms *MapSpec) checkCompatibility(m *Map) error { case m.valueSize != ms.ValueSize: return fmt.Errorf("expected value size %v, got %v: %w", ms.ValueSize, m.valueSize, ErrMapIncompatible) - case m.maxEntries != ms.MaxEntries: + case !(ms.Type == PerfEventArray && ms.MaxEntries == 0) && + m.maxEntries != ms.MaxEntries: return fmt.Errorf("expected max entries %v, got %v: %w", ms.MaxEntries, m.maxEntries, ErrMapIncompatible) case m.flags != ms.Flags: @@ -249,8 +249,8 @@ func NewMapWithOptions(spec *MapSpec, opts MapOptions) (*Map, error) { return nil, fmt.Errorf("creating map: %w", err) } - err = m.finalize(spec) - if err != nil { + if err := m.finalize(spec); err != nil { + m.Close() return nil, fmt.Errorf("populating map: %w", err) } @@ -456,6 +456,9 @@ func (spec *MapSpec) createMap(inner *sys.FD, opts MapOptions, handles *handleCa if !spec.hasBTF() { return nil, fmt.Errorf("map create without BTF: %w", err) } + if errors.Is(err, unix.EINVAL) && attr.MaxEntries == 0 { + return nil, fmt.Errorf("map create: %w (MaxEntries may be incorrectly set to zero)", err) + } return nil, fmt.Errorf("map create: %w", err) } defer closeOnError(fd) @@ -776,14 +779,14 @@ func (m *Map) nextKey(key interface{}, nextKeyOut sys.Pointer) error { // Kernels 4.4.131 and earlier return EFAULT instead of a pointer to the // first map element when a nil key pointer is specified. if key == nil && errors.Is(err, unix.EFAULT) { - var guessKey sys.Pointer + var guessKey []byte guessKey, err = m.guessNonExistentKey() if err != nil { - return fmt.Errorf("can't guess starting key: %w", err) + return err } // Retry the syscall with a valid non-existing key. - attr.Key = guessKey + attr.Key = sys.NewSlicePointer(guessKey) if err = sys.MapGetNextKey(&attr); err == nil { return nil } @@ -798,7 +801,7 @@ func (m *Map) nextKey(key interface{}, nextKeyOut sys.Pointer) error { // guessNonExistentKey attempts to perform a map lookup that returns ENOENT. // This is necessary on kernels before 4.4.132, since those don't support // iterating maps from the start by providing an invalid key pointer. -func (m *Map) guessNonExistentKey() (startKey sys.Pointer, err error) { +func (m *Map) guessNonExistentKey() ([]byte, error) { // Provide an invalid value pointer to prevent a copy on the kernel side. valuePtr := sys.NewPointer(unsafe.Pointer(^uintptr(0))) randKey := make([]byte, int(m.keySize)) @@ -830,11 +833,11 @@ func (m *Map) guessNonExistentKey() (startKey sys.Pointer, err error) { err := m.lookup(randKey, valuePtr, 0) if errors.Is(err, ErrKeyNotExist) { - return sys.NewSlicePointer(randKey), nil + return randKey, nil } } - return sys.Pointer{}, errFirstKeyNotFound + return nil, errors.New("couldn't find non-existing key") } // BatchLookup looks up many elements in a map at once. @@ -1036,7 +1039,8 @@ func (m *Map) Iterate() *MapIterator { return newMapIterator(m) } -// Close removes a Map +// Close the Map's underlying file descriptor, which could unload the +// Map from the kernel if it is not pinned or in use by a loaded Program. func (m *Map) Close() error { if m == nil { // This makes it easier to clean up when iterating maps @@ -1418,14 +1422,3 @@ func NewMapFromID(id MapID) (*Map, error) { return newMapFromFD(fd) } - -// ID returns the systemwide unique ID of the map. -// -// Deprecated: use MapInfo.ID() instead. -func (m *Map) ID() (MapID, error) { - var info sys.MapInfo - if err := sys.ObjInfo(m.fd, &info); err != nil { - return MapID(0), err - } - return MapID(info.Id), nil -} diff --git a/vendor/github.com/cilium/ebpf/prog.go b/vendor/github.com/cilium/ebpf/prog.go index 93398b236cc..675edc711d7 100644 --- a/vendor/github.com/cilium/ebpf/prog.go +++ b/vendor/github.com/cilium/ebpf/prog.go @@ -102,9 +102,6 @@ type ProgramSpec struct { // The byte order this program was compiled for, may be nil. ByteOrder binary.ByteOrder - - // Programs called by this ProgramSpec. Includes all dependencies. - references map[string]*ProgramSpec } // Copy returns a copy of the spec. @@ -126,42 +123,7 @@ func (ps *ProgramSpec) Tag() (string, error) { return ps.Instructions.Tag(internal.NativeEndian) } -// flatten returns spec's full instruction stream including all of its -// dependencies and an expanded map of references that includes all symbols -// appearing in the instruction stream. -// -// Returns nil, nil if spec was already visited. -func (spec *ProgramSpec) flatten(visited map[*ProgramSpec]bool) (asm.Instructions, map[string]*ProgramSpec) { - if visited == nil { - visited = make(map[*ProgramSpec]bool) - } - - // This program and its dependencies were already collected. - if visited[spec] { - return nil, nil - } - - visited[spec] = true - - // Start off with spec's direct references and instructions. - progs := spec.references - insns := spec.Instructions - - // Recurse into each reference and append/merge its references into - // a temporary buffer as to not interfere with the resolution process. - for _, ref := range spec.references { - if ri, rp := ref.flatten(visited); ri != nil || rp != nil { - insns = append(insns, ri...) - - // Merge nested references into the top-level scope. - for n, p := range rp { - progs[n] = p - } - } - } - - return insns, progs -} +type VerifierError = internal.VerifierError // Program represents BPF program loaded into the kernel. // @@ -179,8 +141,7 @@ type Program struct { // NewProgram creates a new Program. // -// Loading a program for the first time will perform -// feature detection by loading small, temporary programs. +// See NewProgramWithOptions for details. func NewProgram(spec *ProgramSpec) (*Program, error) { return NewProgramWithOptions(spec, ProgramOptions{}) } @@ -189,6 +150,9 @@ func NewProgram(spec *ProgramSpec) (*Program, error) { // // Loading a program for the first time will perform // feature detection by loading small, temporary programs. +// +// Returns an error wrapping VerifierError if the program or its BTF is rejected +// by the kernel. func NewProgramWithOptions(spec *ProgramSpec, opts ProgramOptions) (*Program, error) { if spec == nil { return nil, errors.New("can't load a program from a nil spec") @@ -329,35 +293,36 @@ func newProgramWithOptions(spec *ProgramSpec, opts ProgramOptions, handles *hand return &Program{unix.ByteSliceToString(logBuf), fd, spec.Name, "", spec.Type}, nil } - logErr := err if opts.LogLevel == 0 && opts.LogSize >= 0 { // Re-run with the verifier enabled to get better error messages. logBuf = make([]byte, logSize) attr.LogLevel = 1 attr.LogSize = uint32(len(logBuf)) attr.LogBuf = sys.NewSlicePointer(logBuf) - - fd, logErr = sys.ProgLoad(attr) - if logErr == nil { - fd.Close() - } + _, _ = sys.ProgLoad(attr) } - if (errors.Is(err, unix.EINVAL) || errors.Is(err, unix.EPERM)) && hasReferences(spec.Instructions) { - if err := haveBPFToBPFCalls(); err != nil { - return nil, fmt.Errorf("load program: %w", internal.ErrorWithLog(err, logBuf, logErr)) + switch { + case errors.Is(err, unix.EPERM): + if len(logBuf) > 0 && logBuf[0] == 0 { + // EPERM due to RLIMIT_MEMLOCK happens before the verifier, so we can + // check that the log is empty to reduce false positives. + return nil, fmt.Errorf("load program: %w (MEMLOCK may be too low, consider rlimit.RemoveMemlock)", err) } - } - if errors.Is(logErr, unix.EPERM) && len(logBuf) > 0 && logBuf[0] == 0 { - // EPERM due to RLIMIT_MEMLOCK happens before the verifier, so we can - // check that the log is empty to reduce false positives. - return nil, fmt.Errorf("load program: %w (MEMLOCK may be too low, consider rlimit.RemoveMemlock)", logErr) + fallthrough + + case errors.Is(err, unix.EINVAL): + if hasFunctionReferences(spec.Instructions) { + if err := haveBPFToBPFCalls(); err != nil { + return nil, fmt.Errorf("load program: %w", err) + } + } } - err = internal.ErrorWithLog(err, logBuf, logErr) + err = internal.ErrorWithLog(err, logBuf) if btfDisabled { - return nil, fmt.Errorf("load program without BTF: %w", err) + return nil, fmt.Errorf("load program: %w (BTF disabled)", err) } return nil, fmt.Errorf("load program: %w", err) } @@ -419,6 +384,24 @@ func (p *Program) Info() (*ProgramInfo, error) { return newProgramInfoFromFd(p.fd) } +// Handle returns a reference to the program's type information in the kernel. +// +// Returns ErrNotSupported if the kernel has no BTF support, or if there is no +// BTF associated with the program. +func (p *Program) Handle() (*btf.Handle, error) { + info, err := p.Info() + if err != nil { + return nil, err + } + + id, ok := info.BTFID() + if !ok { + return nil, fmt.Errorf("program %s: retrieve BTF ID: %w", p, ErrNotSupported) + } + + return btf.NewHandleFromID(id) +} + // FD gets the file descriptor of the Program. // // It is invalid to call this function after Close has been called. @@ -477,7 +460,9 @@ func (p *Program) IsPinned() bool { return p.pinnedPath != "" } -// Close unloads the program from the kernel. +// Close the Program's underlying file descriptor, which could unload +// the program from the kernel if it is not pinned or attached to a +// kernel hook. func (p *Program) Close() error { if p == nil { return nil @@ -486,6 +471,28 @@ func (p *Program) Close() error { return p.fd.Close() } +// Various options for Run'ing a Program +type RunOptions struct { + // Program's data input. Required field. + Data []byte + // Program's data after Program has run. Caller must allocate. Optional field. + DataOut []byte + // Program's context input. Optional field. + Context interface{} + // Program's context after Program has run. Must be a pointer or slice. Optional field. + ContextOut interface{} + // Number of times to run Program. Optional field. Defaults to 1. + Repeat uint32 + // Optional flags. + Flags uint32 + // CPU to run Program on. Optional field. + // Note not all program types support this field. + CPU uint32 + // Called whenever the syscall is interrupted, and should be set to testing.B.ResetTimer + // or similar. Typically used during benchmarking. Optional field. + Reset func() +} + // Test runs the Program in the kernel with the given input and returns the // value returned by the eBPF program. outLen may be zero. // @@ -494,11 +501,38 @@ func (p *Program) Close() error { // // This function requires at least Linux 4.12. func (p *Program) Test(in []byte) (uint32, []byte, error) { - ret, out, _, err := p.testRun(in, 1, nil) + // Older kernels ignore the dataSizeOut argument when copying to user space. + // Combined with things like bpf_xdp_adjust_head() we don't really know what the final + // size will be. Hence we allocate an output buffer which we hope will always be large + // enough, and panic if the kernel wrote past the end of the allocation. + // See https://patchwork.ozlabs.org/cover/1006822/ + var out []byte + if len(in) > 0 { + out = make([]byte, len(in)+outputPad) + } + + opts := RunOptions{ + Data: in, + DataOut: out, + Repeat: 1, + } + + ret, _, err := p.testRun(&opts) if err != nil { return ret, nil, fmt.Errorf("can't test program: %w", err) } - return ret, out, nil + return ret, opts.DataOut, nil +} + +// Run runs the Program in kernel with given RunOptions. +// +// Note: the same restrictions from Test apply. +func (p *Program) Run(opts *RunOptions) (uint32, error) { + ret, _, err := p.testRun(opts) + if err != nil { + return ret, fmt.Errorf("can't test program: %w", err) + } + return ret, nil } // Benchmark runs the Program with the given input for a number of times @@ -513,7 +547,17 @@ func (p *Program) Test(in []byte) (uint32, []byte, error) { // // This function requires at least Linux 4.12. func (p *Program) Benchmark(in []byte, repeat int, reset func()) (uint32, time.Duration, error) { - ret, _, total, err := p.testRun(in, repeat, reset) + if uint(repeat) > math.MaxUint32 { + return 0, 0, fmt.Errorf("repeat is too high") + } + + opts := RunOptions{ + Data: in, + Repeat: uint32(repeat), + Reset: reset, + } + + ret, total, err := p.testRun(&opts) if err != nil { return ret, total, fmt.Errorf("can't benchmark program: %w", err) } @@ -565,37 +609,42 @@ var haveProgTestRun = internal.FeatureTest("BPF_PROG_TEST_RUN", "4.12", func() e return err }) -func (p *Program) testRun(in []byte, repeat int, reset func()) (uint32, []byte, time.Duration, error) { - if uint(repeat) > math.MaxUint32 { - return 0, nil, 0, fmt.Errorf("repeat is too high") +func (p *Program) testRun(opts *RunOptions) (uint32, time.Duration, error) { + if uint(len(opts.Data)) > math.MaxUint32 { + return 0, 0, fmt.Errorf("input is too long") } - if len(in) == 0 { - return 0, nil, 0, fmt.Errorf("missing input") + if err := haveProgTestRun(); err != nil { + return 0, 0, err } - if uint(len(in)) > math.MaxUint32 { - return 0, nil, 0, fmt.Errorf("input is too long") + var ctxBytes []byte + if opts.Context != nil { + ctx := new(bytes.Buffer) + if err := binary.Write(ctx, internal.NativeEndian, opts.Context); err != nil { + return 0, 0, fmt.Errorf("cannot serialize context: %v", err) + } + ctxBytes = ctx.Bytes() } - if err := haveProgTestRun(); err != nil { - return 0, nil, 0, err + var ctxOut []byte + if opts.ContextOut != nil { + ctxOut = make([]byte, binary.Size(opts.ContextOut)) } - // Older kernels ignore the dataSizeOut argument when copying to user space. - // Combined with things like bpf_xdp_adjust_head() we don't really know what the final - // size will be. Hence we allocate an output buffer which we hope will always be large - // enough, and panic if the kernel wrote past the end of the allocation. - // See https://patchwork.ozlabs.org/cover/1006822/ - out := make([]byte, len(in)+outputPad) - attr := sys.ProgRunAttr{ ProgFd: p.fd.Uint(), - DataSizeIn: uint32(len(in)), - DataSizeOut: uint32(len(out)), - DataIn: sys.NewSlicePointer(in), - DataOut: sys.NewSlicePointer(out), - Repeat: uint32(repeat), + DataSizeIn: uint32(len(opts.Data)), + DataSizeOut: uint32(len(opts.DataOut)), + DataIn: sys.NewSlicePointer(opts.Data), + DataOut: sys.NewSlicePointer(opts.DataOut), + Repeat: uint32(opts.Repeat), + CtxSizeIn: uint32(len(ctxBytes)), + CtxSizeOut: uint32(len(ctxOut)), + CtxIn: sys.NewSlicePointer(ctxBytes), + CtxOut: sys.NewSlicePointer(ctxOut), + Flags: opts.Flags, + Cpu: opts.CPU, } for { @@ -605,28 +654,37 @@ func (p *Program) testRun(in []byte, repeat int, reset func()) (uint32, []byte, } if errors.Is(err, unix.EINTR) { - if reset != nil { - reset() + if opts.Reset != nil { + opts.Reset() } continue } if errors.Is(err, unix.ENOTSUPP) { - return 0, nil, 0, fmt.Errorf("kernel doesn't support testing program type %s: %w", p.Type(), ErrNotSupported) + return 0, 0, fmt.Errorf("kernel doesn't support testing program type %s: %w", p.Type(), ErrNotSupported) } - return 0, nil, 0, fmt.Errorf("can't run test: %w", err) + return 0, 0, fmt.Errorf("can't run test: %w", err) + } + + if opts.DataOut != nil { + if int(attr.DataSizeOut) > cap(opts.DataOut) { + // Houston, we have a problem. The program created more data than we allocated, + // and the kernel wrote past the end of our buffer. + panic("kernel wrote past end of output buffer") + } + opts.DataOut = opts.DataOut[:int(attr.DataSizeOut)] } - if int(attr.DataSizeOut) > cap(out) { - // Houston, we have a problem. The program created more data than we allocated, - // and the kernel wrote past the end of our buffer. - panic("kernel wrote past end of output buffer") + if len(ctxOut) != 0 { + b := bytes.NewReader(ctxOut) + if err := binary.Read(b, internal.NativeEndian, opts.ContextOut); err != nil { + return 0, 0, fmt.Errorf("failed to decode ContextOut: %v", err) + } } - out = out[:int(attr.DataSizeOut)] total := time.Duration(attr.Duration) * time.Nanosecond - return attr.Retval, out, total, nil + return attr.Retval, total, nil } func unmarshalProgram(buf []byte) (*Program, error) { @@ -650,45 +708,6 @@ func marshalProgram(p *Program, length int) ([]byte, error) { return buf, nil } -// Attach a Program. -// -// Deprecated: use link.RawAttachProgram instead. -func (p *Program) Attach(fd int, typ AttachType, flags AttachFlags) error { - if fd < 0 { - return errors.New("invalid fd") - } - - attr := sys.ProgAttachAttr{ - TargetFd: uint32(fd), - AttachBpfFd: p.fd.Uint(), - AttachType: uint32(typ), - AttachFlags: uint32(flags), - } - - return sys.ProgAttach(&attr) -} - -// Detach a Program. -// -// Deprecated: use link.RawDetachProgram instead. -func (p *Program) Detach(fd int, typ AttachType, flags AttachFlags) error { - if fd < 0 { - return errors.New("invalid fd") - } - - if flags != 0 { - return errors.New("flags must be zero") - } - - attr := sys.ProgAttachAttr{ - TargetFd: uint32(fd), - AttachBpfFd: p.fd.Uint(), - AttachType: uint32(typ), - } - - return sys.ProgAttach(&attr) -} - // LoadPinnedProgram loads a Program from a BPF file. // // Requires at least Linux 4.11. @@ -734,17 +753,6 @@ func ProgramGetNextID(startID ProgramID) (ProgramID, error) { return ProgramID(attr.NextId), sys.ProgGetNextId(attr) } -// ID returns the systemwide unique ID of the program. -// -// Deprecated: use ProgramInfo.ID() instead. -func (p *Program) ID() (ProgramID, error) { - var info sys.ProgInfo - if err := sys.ObjInfo(p.fd, &info); err != nil { - return ProgramID(0), err - } - return ProgramID(info.Id), nil -} - // BindMap binds map to the program and is only released once program is released. // // This may be used in cases where metadata should be associated with the program @@ -846,23 +854,16 @@ func findTargetInProgram(prog *Program, name string, progType ProgramType, attac return 0, errUnrecognizedAttachType } - info, err := prog.Info() + btfHandle, err := prog.Handle() if err != nil { return 0, fmt.Errorf("load target BTF: %w", err) } + defer btfHandle.Close() - btfID, ok := info.BTFID() - if !ok { - return 0, fmt.Errorf("load target BTF: no BTF info available") - } - - btfHandle, err := btf.NewHandleFromID(btfID) + spec, err := btfHandle.Spec(nil) if err != nil { - return 0, fmt.Errorf("load target BTF: %w", err) + return 0, err } - defer btfHandle.Close() - - spec := btfHandle.Spec() var targetFunc *btf.Func err = spec.TypeByName(typeName, &targetFunc) diff --git a/vendor/github.com/cilium/ebpf/run-tests.sh b/vendor/github.com/cilium/ebpf/run-tests.sh index 8501e65aaa5..c21cca9e5e7 100644 --- a/vendor/github.com/cilium/ebpf/run-tests.sh +++ b/vendor/github.com/cilium/ebpf/run-tests.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # Test the current package under a different kernel. # Requires virtme and qemu to be installed. # Examples: @@ -61,7 +61,7 @@ if [[ "${1:-}" = "--exec-vm" ]]; then if [[ -e "${output}/status" ]]; then break fi - + if [[ -v CI ]]; then echo "Retrying test run due to qemu crash" continue @@ -83,6 +83,10 @@ elif [[ "${1:-}" = "--exec-test" ]]; then export KERNEL_SELFTESTS="/run/input/bpf" fi + if [[ -f "/run/input/bpf/bpf_testmod/bpf_testmod.ko" ]]; then + insmod "/run/input/bpf/bpf_testmod/bpf_testmod.ko" + fi + dmesg --clear rc=0 "$@" || rc=$? diff --git a/vendor/github.com/cilium/ebpf/syscalls.go b/vendor/github.com/cilium/ebpf/syscalls.go index b90ff7b3d8a..e5c270a5585 100644 --- a/vendor/github.com/cilium/ebpf/syscalls.go +++ b/vendor/github.com/cilium/ebpf/syscalls.go @@ -4,7 +4,6 @@ import ( "bytes" "errors" "fmt" - "os" "github.com/cilium/ebpf/asm" "github.com/cilium/ebpf/internal" @@ -12,11 +11,6 @@ import ( "github.com/cilium/ebpf/internal/unix" ) -// ErrNotExist is returned when loading a non-existing map or program. -// -// Deprecated: use os.ErrNotExist instead. -var ErrNotExist = os.ErrNotExist - // invalidBPFObjNameChar returns true if char may not appear in // a BPF object name. func invalidBPFObjNameChar(char rune) bool { diff --git a/vendor/modules.txt b/vendor/modules.txt index 60fb5857e2e..09dcfab685f 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -2,7 +2,7 @@ ## explicit; go 1.13 github.com/checkpoint-restore/go-criu/v5 github.com/checkpoint-restore/go-criu/v5/rpc -# github.com/cilium/ebpf v0.9.0 +# github.com/cilium/ebpf v0.9.1 ## explicit; go 1.17 github.com/cilium/ebpf github.com/cilium/ebpf/asm From 13674f43d3ff08a6896ecefd1dd201f948cc7e0c Mon Sep 17 00:00:00 2001 From: Cory Snider Date: Tue, 26 Jul 2022 15:36:47 -0400 Subject: [PATCH 0072/1176] libct/intelrdt: delete IsMBAScEnabled() This function is unused, and removing it simplifies the changes which follow this commit. Signed-off-by: Cory Snider --- libcontainer/intelrdt/intelrdt.go | 20 +------------------- 1 file changed, 1 insertion(+), 19 deletions(-) diff --git a/libcontainer/intelrdt/intelrdt.go b/libcontainer/intelrdt/intelrdt.go index 3953f930d25..6ea5b2851c9 100644 --- a/libcontainer/intelrdt/intelrdt.go +++ b/libcontainer/intelrdt/intelrdt.go @@ -182,8 +182,6 @@ var ( catEnabled bool // The flag to indicate if Intel RDT/MBA is enabled mbaEnabled bool - // The flag to indicate if Intel RDT/MBA Software Controller is enabled - mbaScEnabled bool // For Intel RDT initialization initOnce sync.Once @@ -216,12 +214,7 @@ func featuresInit() { catEnabled = true } } - if mbaScEnabled { - // We confirm MBA Software Controller is enabled in step 2, - // MBA should be enabled because MBA Software Controller - // depends on MBA - mbaEnabled = true - } else if flagsSet.MBA { + if flagsSet.MBA { if _, err := os.Stat(filepath.Join(root, "info", "MB")); err == nil { mbaEnabled = true } @@ -260,11 +253,6 @@ func findIntelRdtMountpointDir() (string, error) { return "", errNotFound } - // Check if MBA Software Controller is enabled through mount option "-o mba_MBps" - if strings.Contains(","+mi[0].VFSOptions+",", ",mba_MBps,") { - mbaScEnabled = true - } - return mi[0].Mountpoint, nil } @@ -493,12 +481,6 @@ func IsMBAEnabled() bool { return mbaEnabled } -// Check if Intel RDT/MBA Software Controller is enabled -func IsMBAScEnabled() bool { - featuresInit() - return mbaScEnabled -} - // Get the path of the clos group in "resource control" filesystem that the container belongs to func (m *Manager) getIntelRdtPath() (string, error) { rootPath, err := Root() From 9f107489b0742825cd32f6d9328b30174a00aef1 Mon Sep 17 00:00:00 2001 From: Cory Snider Date: Tue, 26 Jul 2022 15:36:47 -0400 Subject: [PATCH 0073/1176] libct/intelrdt: skip reading /proc/cpuinfo Reading /proc/cpuinfo is a surprisingly expensive operation. Since kernel version 4.12 [1], opening /proc/cpuinfo on an x86 system can block for around 20 milliseconds while the kernel samples the current CPU frequency. There is a very recent patch [2] which gets rid of the delay, but has yet to make it into the mainline kenel. Regardless, kernels for which opening /proc/cpuinfo takes 20ms will continue to be run in production for years to come. libcontainer only opens /proc/cpuinfo to read the processor feature flags so all the delays to get an accurate snapshot of the CPU frequency are just wasted time. If we wanted to, we could interrogate the CPU features directly from userspace using the `CPUID` instruction. However, Intel and AMD CPUs have flags in different positions for their analogous sub-features and there are CPU quirks [3] which would need to be accounted for. Some Haswell server CPUs support RDT/CAT but are missing the `CPUID` flags advertising their support; the kernel checks for support on that processor family by probing the the hardware using privileged RDMSR/WRMSR instructions [4]. This sort of probing could not be implemented in userspace so it would not be possible to check for RDT feature support in userspace without false negatives on some hardware configurations. It looks like libcontainer reads the CPU feature flags as a kind of optimization so that it can skip checking whether the kernel supports an RDT sub-feature if the hardware support is missing. As the kernel only exposes subtrees in the `resctrl` filesystem for RDT sub-features with hardware and kernel support, checking the CPU feature flags is redundant from a correctness point of view. Remove the /proc/cpuinfo check as it is an optimization which actually hurts performance. [1]: https://unix.stackexchange.com/a/526679 [2]: https://lore.kernel.org/all/20220415161206.875029458@linutronix.de/ [3]: https://github.com/torvalds/linux/blob/7cf6a8a17f5b134b7e783c2d45c53298faef82a7/arch/x86/kernel/cpu/resctrl/core.c#L834-L851 [4]: https://github.com/torvalds/linux/blob/a6b450573b912316ad36262bfc70e7c3870c56d1/arch/x86/kernel/cpu/resctrl/core.c#L111-L153 Signed-off-by: Cory Snider --- libcontainer/intelrdt/intelrdt.go | 101 ++++++------------------------ 1 file changed, 18 insertions(+), 83 deletions(-) diff --git a/libcontainer/intelrdt/intelrdt.go b/libcontainer/intelrdt/intelrdt.go index 6ea5b2851c9..82bfd32859d 100644 --- a/libcontainer/intelrdt/intelrdt.go +++ b/libcontainer/intelrdt/intelrdt.go @@ -1,7 +1,6 @@ package intelrdt import ( - "bufio" "bytes" "errors" "fmt" @@ -199,40 +198,28 @@ func featuresInit() { return } - // 2. Check if hardware and kernel support Intel RDT sub-features. - flagsSet, err := parseCpuInfoFile("/proc/cpuinfo") - if err != nil { - return - } - - // 3. Double check if Intel RDT sub-features are available in - // "resource control" filesystem. Intel RDT sub-features can be + // 2. Check if Intel RDT sub-features are available in "resource + // control" filesystem. Intel RDT sub-features can be // selectively disabled or enabled by kernel command line // (e.g., rdt=!l3cat,mba) in 4.14 and newer kernel - if flagsSet.CAT { - if _, err := os.Stat(filepath.Join(root, "info", "L3")); err == nil { - catEnabled = true - } + if _, err := os.Stat(filepath.Join(root, "info", "L3")); err == nil { + catEnabled = true } - if flagsSet.MBA { - if _, err := os.Stat(filepath.Join(root, "info", "MB")); err == nil { - mbaEnabled = true - } + if _, err := os.Stat(filepath.Join(root, "info", "MB")); err == nil { + mbaEnabled = true } - if flagsSet.MBMTotal || flagsSet.MBMLocal || flagsSet.CMT { - if _, err := os.Stat(filepath.Join(root, "info", "L3_MON")); err != nil { - return - } - enabledMonFeatures, err = getMonFeatures(root) - if err != nil { - return - } - if enabledMonFeatures.mbmTotalBytes || enabledMonFeatures.mbmLocalBytes { - mbmEnabled = true - } - if enabledMonFeatures.llcOccupancy { - cmtEnabled = true - } + if _, err := os.Stat(filepath.Join(root, "info", "L3_MON")); err != nil { + return + } + enabledMonFeatures, err = getMonFeatures(root) + if err != nil { + return + } + if enabledMonFeatures.mbmTotalBytes || enabledMonFeatures.mbmLocalBytes { + mbmEnabled = true + } + if enabledMonFeatures.llcOccupancy { + cmtEnabled = true } }) } @@ -286,58 +273,6 @@ func Root() (string, error) { return intelRdtRoot, intelRdtRootErr } -type cpuInfoFlags struct { - CAT bool // Cache Allocation Technology - MBA bool // Memory Bandwidth Allocation - - // Memory Bandwidth Monitoring related. - MBMTotal bool - MBMLocal bool - - CMT bool // Cache Monitoring Technology -} - -func parseCpuInfoFile(path string) (cpuInfoFlags, error) { - infoFlags := cpuInfoFlags{} - - f, err := os.Open(path) - if err != nil { - return infoFlags, err - } - defer f.Close() - - s := bufio.NewScanner(f) - for s.Scan() { - line := s.Text() - - // Search "cat_l3" and "mba" flags in first "flags" line - if strings.HasPrefix(line, "flags") { - flags := strings.Split(line, " ") - // "cat_l3" flag for CAT and "mba" flag for MBA - for _, flag := range flags { - switch flag { - case "cat_l3": - infoFlags.CAT = true - case "mba": - infoFlags.MBA = true - case "cqm_mbm_total": - infoFlags.MBMTotal = true - case "cqm_mbm_local": - infoFlags.MBMLocal = true - case "cqm_occup_llc": - infoFlags.CMT = true - } - } - return infoFlags, nil - } - } - if err := s.Err(); err != nil { - return infoFlags, err - } - - return infoFlags, nil -} - // Gets a single uint64 value from the specified file. func getIntelRdtParamUint(path, file string) (uint64, error) { fileName := filepath.Join(path, file) From c156bde7cc9bb721f7110b987992d7f9c8b951a0 Mon Sep 17 00:00:00 2001 From: Cory Snider Date: Tue, 26 Jul 2022 15:36:47 -0400 Subject: [PATCH 0074/1176] libct/intelrdt: elide parsing mountinfo The intelrdt package only needs to parse mountinfo to find the mount point of the resctrl filesystem. Users are generally going to mount the resctrl filesystem to the pre-created /sys/fs/resctrl directory, so there is a common case where mountinfo parsing is not required. Optimize for the common case with a fast path which checks both for the existence of the /sys/fs/resctrl directory and whether the resctrl filesystem was mounted to that path using a single statfs syscall. Signed-off-by: Cory Snider --- libcontainer/intelrdt/intelrdt.go | 28 ++++++++++++++++++---------- 1 file changed, 18 insertions(+), 10 deletions(-) diff --git a/libcontainer/intelrdt/intelrdt.go b/libcontainer/intelrdt/intelrdt.go index 82bfd32859d..4cd9ffc108f 100644 --- a/libcontainer/intelrdt/intelrdt.go +++ b/libcontainer/intelrdt/intelrdt.go @@ -224,7 +224,7 @@ func featuresInit() { }) } -// Return the mount point path of Intel RDT "resource control" filesystem. +// findIntelRdtMountpointDir returns the mount point of the Intel RDT "resource control" filesystem. func findIntelRdtMountpointDir() (string, error) { mi, err := mountinfo.GetMounts(func(m *mountinfo.Info) (bool, bool) { // similar to mountinfo.FSTypeFilter but stops after the first match @@ -250,24 +250,32 @@ var ( rootOnce sync.Once ) +// The kernel creates this (empty) directory if resctrl is supported by the +// hardware and kernel. The user is responsible for mounting the resctrl +// filesystem, and they could mount it somewhere else if they wanted to. +const defaultResctrlMountpoint = "/sys/fs/resctrl" + // Root returns the Intel RDT "resource control" filesystem mount point. func Root() (string, error) { rootOnce.Do(func() { - // If resctrl is available, kernel creates this directory. - if unix.Access("/sys/fs/resctrl", unix.F_OK) != nil { - intelRdtRootErr = errNotFound + // Does this system support resctrl? + var statfs unix.Statfs_t + if err := unix.Statfs(defaultResctrlMountpoint, &statfs); err != nil { + if errors.Is(err, unix.ENOENT) { + err = errNotFound + } + intelRdtRootErr = err return } - // NB: ideally, we could just do statfs and RDTGROUP_SUPER_MAGIC check, but - // we have to parse mountinfo since we're also interested in mount options. - root, err := findIntelRdtMountpointDir() - if err != nil { - intelRdtRootErr = err + // Has the resctrl fs been mounted to the default mount point? + if statfs.Type == unix.RDTGROUP_SUPER_MAGIC { + intelRdtRoot = defaultResctrlMountpoint return } - intelRdtRoot = root + // The resctrl fs could have been mounted somewhere nonstandard. + intelRdtRoot, intelRdtRootErr = findIntelRdtMountpointDir() }) return intelRdtRoot, intelRdtRootErr From 56daf36be2c5c944f3ee7a8d37cf809c514ffcf7 Mon Sep 17 00:00:00 2001 From: Cory Snider Date: Tue, 26 Jul 2022 15:36:47 -0400 Subject: [PATCH 0075/1176] libct/intelrdt: skip remove unless configured The OCI runtime spec mandates "[i]f intelRdt is not set, the runtime MUST NOT manipulate any resctrl pseudo-filesystems." Attempting to delete files counts as manipulating, so stop doing that when the container's RDT configuration is nil. Signed-off-by: Cory Snider --- libcontainer/intelrdt/intelrdt.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libcontainer/intelrdt/intelrdt.go b/libcontainer/intelrdt/intelrdt.go index 4cd9ffc108f..8eb87a3f09e 100644 --- a/libcontainer/intelrdt/intelrdt.go +++ b/libcontainer/intelrdt/intelrdt.go @@ -479,7 +479,7 @@ func (m *Manager) Destroy() error { // Don't remove resctrl group if closid has been explicitly specified. The // group is likely externally managed, i.e. by some other entity than us. // There are probably other containers/tasks sharing the same group. - if m.config.IntelRdt == nil || m.config.IntelRdt.ClosID == "" { + if m.config.IntelRdt != nil && m.config.IntelRdt.ClosID == "" { m.mu.Lock() defer m.mu.Unlock() if err := os.RemoveAll(m.GetPath()); err != nil { From ea0bd7826846da19d16d805cf1f8582f01448300 Mon Sep 17 00:00:00 2001 From: Cory Snider Date: Tue, 26 Jul 2022 15:36:47 -0400 Subject: [PATCH 0076/1176] libct/intelrdt: check if available iff configured Unless the container's runtime config has intelRdt configuration set, any checks for whether Intel RDT is supported or the resctrl filesystem is mounted are a waste of time as, per the OCI Runtime Spec, "the runtime MUST NOT manipulate any resctrl pseudo-filesystems." And in the likely case where Intel RDT is supported by both the hardware and kernel but the resctrl filesystem is not mounted, these checks can get expensive as the intelrdt package needs to parse mountinfo to check whether the filesystem has been mounted to a non-standard path. Optimize for the common case of containers with no intelRdt configuration by only performing the checks when the container has opted in. Signed-off-by: Cory Snider --- libcontainer/intelrdt/intelrdt.go | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/libcontainer/intelrdt/intelrdt.go b/libcontainer/intelrdt/intelrdt.go index 8eb87a3f09e..0f5c457b099 100644 --- a/libcontainer/intelrdt/intelrdt.go +++ b/libcontainer/intelrdt/intelrdt.go @@ -152,9 +152,13 @@ type Manager struct { path string } -// NewManager returns a new instance of Manager, or nil, if the Intel RDT -// functionality is not available from hardware or not enabled in the kernel. +// NewManager returns a new instance of Manager, or nil if the Intel RDT +// functionality is not specified in the config, available from hardware or +// enabled in the kernel. func NewManager(config *configs.Config, id string, path string) *Manager { + if config.IntelRdt == nil { + return nil + } if _, err := Root(); err != nil { // Intel RDT is not available. return nil From 6d00bf6cc37b408d2fd82abe27b1f3da5bfa97b5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 29 Jul 2022 14:49:27 +0000 Subject: [PATCH 0077/1176] build(deps): bump github.com/sirupsen/logrus from 1.8.1 to 1.9.0 Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.8.1 to 1.9.0. - [Release notes](https://github.com/sirupsen/logrus/releases) - [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md) - [Commits](https://github.com/sirupsen/logrus/compare/v1.8.1...v1.9.0) --- updated-dependencies: - dependency-name: github.com/sirupsen/logrus dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 4 +- go.sum | 16 +- vendor/github.com/sirupsen/logrus/README.md | 4 +- .../github.com/sirupsen/logrus/buffer_pool.go | 9 - vendor/github.com/sirupsen/logrus/entry.go | 21 +- vendor/github.com/sirupsen/logrus/logger.go | 13 + .../golang.org/x/sys/unix/asm_bsd_riscv64.s | 29 + .../golang.org/x/sys/unix/asm_linux_loong64.s | 4 +- .../x/sys/unix/errors_freebsd_386.go | 233 -- .../x/sys/unix/errors_freebsd_amd64.go | 233 -- .../x/sys/unix/errors_freebsd_arm.go | 226 -- .../x/sys/unix/errors_freebsd_arm64.go | 17 - vendor/golang.org/x/sys/unix/mkall.sh | 13 +- vendor/golang.org/x/sys/unix/mkerrors.sh | 6 +- vendor/golang.org/x/sys/unix/syscall_aix.go | 4 +- vendor/golang.org/x/sys/unix/syscall_bsd.go | 46 +- .../golang.org/x/sys/unix/syscall_darwin.go | 7 + .../golang.org/x/sys/unix/syscall_freebsd.go | 327 +-- .../x/sys/unix/syscall_freebsd_386.go | 4 +- .../x/sys/unix/syscall_freebsd_amd64.go | 4 +- .../x/sys/unix/syscall_freebsd_arm.go | 2 +- .../x/sys/unix/syscall_freebsd_arm64.go | 2 +- .../x/sys/unix/syscall_freebsd_riscv64.go | 63 + .../golang.org/x/sys/unix/syscall_illumos.go | 5 +- vendor/golang.org/x/sys/unix/syscall_linux.go | 45 +- .../x/sys/unix/syscall_linux_loong64.go | 39 +- .../x/sys/unix/syscall_linux_riscv64.go | 1 + .../x/sys/unix/syscall_openbsd_mips64.go | 4 + .../golang.org/x/sys/unix/syscall_solaris.go | 51 +- vendor/golang.org/x/sys/unix/syscall_unix.go | 74 +- .../x/sys/unix/zerrors_freebsd_386.go | 109 +- .../x/sys/unix/zerrors_freebsd_amd64.go | 107 +- .../x/sys/unix/zerrors_freebsd_arm.go | 220 +- .../x/sys/unix/zerrors_freebsd_arm64.go | 100 +- .../x/sys/unix/zerrors_freebsd_riscv64.go | 2148 +++++++++++++++++ vendor/golang.org/x/sys/unix/zerrors_linux.go | 388 ++- .../x/sys/unix/zerrors_linux_386.go | 2 + .../x/sys/unix/zerrors_linux_amd64.go | 2 + .../x/sys/unix/zerrors_linux_arm.go | 2 + .../x/sys/unix/zerrors_linux_arm64.go | 3 + .../x/sys/unix/zerrors_linux_loong64.go | 4 +- .../x/sys/unix/zerrors_linux_mips.go | 2 + .../x/sys/unix/zerrors_linux_mips64.go | 2 + .../x/sys/unix/zerrors_linux_mips64le.go | 2 + .../x/sys/unix/zerrors_linux_mipsle.go | 2 + .../x/sys/unix/zerrors_linux_ppc.go | 2 + .../x/sys/unix/zerrors_linux_ppc64.go | 2 + .../x/sys/unix/zerrors_linux_ppc64le.go | 2 + .../x/sys/unix/zerrors_linux_riscv64.go | 2 + .../x/sys/unix/zerrors_linux_s390x.go | 2 + .../x/sys/unix/zerrors_linux_sparc64.go | 2 + .../x/sys/unix/zsyscall_freebsd_386.go | 141 +- .../x/sys/unix/zsyscall_freebsd_amd64.go | 139 +- .../x/sys/unix/zsyscall_freebsd_arm.go | 173 +- .../x/sys/unix/zsyscall_freebsd_arm64.go | 139 +- .../x/sys/unix/zsyscall_freebsd_riscv64.go | 1889 +++++++++++++++ .../x/sys/unix/zsyscall_linux_loong64.go | 25 - .../x/sys/unix/zsyscall_linux_riscv64.go | 11 + .../x/sys/unix/zsyscall_solaris_amd64.go | 14 + .../x/sys/unix/zsysnum_freebsd_386.go | 107 +- .../x/sys/unix/zsysnum_freebsd_amd64.go | 107 +- .../x/sys/unix/zsysnum_freebsd_arm.go | 107 +- .../x/sys/unix/zsysnum_freebsd_arm64.go | 107 +- .../x/sys/unix/zsysnum_freebsd_riscv64.go | 394 +++ .../x/sys/unix/zsysnum_linux_loong64.go | 2 - .../x/sys/unix/zsysnum_linux_riscv64.go | 1 + .../x/sys/unix/ztypes_darwin_amd64.go | 73 +- .../x/sys/unix/ztypes_darwin_arm64.go | 73 +- .../x/sys/unix/ztypes_freebsd_386.go | 97 +- .../x/sys/unix/ztypes_freebsd_amd64.go | 94 +- .../x/sys/unix/ztypes_freebsd_arm.go | 145 +- .../x/sys/unix/ztypes_freebsd_arm64.go | 92 +- .../x/sys/unix/ztypes_freebsd_riscv64.go | 626 +++++ vendor/golang.org/x/sys/unix/ztypes_linux.go | 27 +- .../golang.org/x/sys/unix/ztypes_linux_386.go | 7 + .../x/sys/unix/ztypes_linux_amd64.go | 6 + .../golang.org/x/sys/unix/ztypes_linux_arm.go | 7 + .../x/sys/unix/ztypes_linux_arm64.go | 6 + .../x/sys/unix/ztypes_linux_loong64.go | 6 + .../x/sys/unix/ztypes_linux_mips.go | 7 + .../x/sys/unix/ztypes_linux_mips64.go | 6 + .../x/sys/unix/ztypes_linux_mips64le.go | 6 + .../x/sys/unix/ztypes_linux_mipsle.go | 7 + .../golang.org/x/sys/unix/ztypes_linux_ppc.go | 7 + .../x/sys/unix/ztypes_linux_ppc64.go | 6 + .../x/sys/unix/ztypes_linux_ppc64le.go | 6 + .../x/sys/unix/ztypes_linux_riscv64.go | 6 + .../x/sys/unix/ztypes_linux_s390x.go | 6 + .../x/sys/unix/ztypes_linux_sparc64.go | 6 + .../x/sys/unix/ztypes_solaris_amd64.go | 2 +- .../x/sys/windows/syscall_windows.go | 9 + .../golang.org/x/sys/windows/types_windows.go | 81 +- .../x/sys/windows/zsyscall_windows.go | 9 + vendor/modules.txt | 4 +- 94 files changed, 6979 insertions(+), 2415 deletions(-) create mode 100644 vendor/golang.org/x/sys/unix/asm_bsd_riscv64.s delete mode 100644 vendor/golang.org/x/sys/unix/errors_freebsd_386.go delete mode 100644 vendor/golang.org/x/sys/unix/errors_freebsd_amd64.go delete mode 100644 vendor/golang.org/x/sys/unix/errors_freebsd_arm.go delete mode 100644 vendor/golang.org/x/sys/unix/errors_freebsd_arm64.go create mode 100644 vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go create mode 100644 vendor/golang.org/x/sys/unix/zerrors_freebsd_riscv64.go create mode 100644 vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go create mode 100644 vendor/golang.org/x/sys/unix/zsysnum_freebsd_riscv64.go create mode 100644 vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go diff --git a/go.mod b/go.mod index 5a16982dd6b..c3c1428193c 100644 --- a/go.mod +++ b/go.mod @@ -15,12 +15,12 @@ require ( github.com/opencontainers/runtime-spec v1.0.3-0.20220718201635-a8106e99982b github.com/opencontainers/selinux v1.10.1 github.com/seccomp/libseccomp-golang v0.10.0 - github.com/sirupsen/logrus v1.8.1 + github.com/sirupsen/logrus v1.9.0 github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 github.com/urfave/cli v1.22.9 github.com/vishvananda/netlink v1.1.0 golang.org/x/net v0.0.0-20201224014010-6772e930b67b - golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a + golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8 google.golang.org/protobuf v1.28.0 ) diff --git a/go.sum b/go.sum index 4f2794ae064..8f10a167b8d 100644 --- a/go.sum +++ b/go.sum @@ -12,6 +12,7 @@ github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:ma github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/cyphar/filepath-securejoin v0.2.3 h1:YX6ebbZCZP7VkM3scTTokDgBL2TY741X51MTk3ycuNI= github.com/cyphar/filepath-securejoin v0.2.3/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/docker/go-units v0.4.0 h1:3uh0PgVws3nIA0Q+MwDC8yjEPf9zjRfZZWXZYDct3Tw= @@ -50,10 +51,11 @@ github.com/seccomp/libseccomp-golang v0.10.0 h1:aA4bp+/Zzi0BnWZ2F1wgNBs5gTpm+na2 github.com/seccomp/libseccomp-golang v0.10.0/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg= github.com/shurcooL/sanitized_anchor_name v1.0.0 h1:PdmoCO6wvbs+7yrJyMORt4/BmY5IYyJwS/kOiWx8mHo= github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= -github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE= -github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= -github.com/stretchr/testify v1.2.2 h1:bSDNvY7ZPG5RlJ8otE/7V6gMiyenm9RtJ7IUVIAoJ1w= -github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= +github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0= +github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY= +github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 h1:kdXcSzyDtseVEc4yCz2qF8ZrQvIDBJLl4S1c3GCXmoI= github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= github.com/urfave/cli v1.22.9 h1:cv3/KhXGBGjEXLC4bH0sLuJ9BewaAbpk5oyMOveu4pw= @@ -65,13 +67,13 @@ github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17 golang.org/x/net v0.0.0-20201224014010-6772e930b67b h1:iFwSg7t5GZmB/Q5TjiEAsdoLDrdJRC1RiF2WhuV29Qw= golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191115151921-52ab43148777/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210906170528-6f6e22806c34/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a h1:dGzPydgVsqGcTRVwiLJ1jVbufYwmzD3LfVPLKsKg+0k= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8 h1:0A+M6Uqn+Eje4kHMK80dtF3JCXC4ykBgQG4Fe06QRhQ= +golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -85,3 +87,5 @@ gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/vendor/github.com/sirupsen/logrus/README.md b/vendor/github.com/sirupsen/logrus/README.md index 5152b6aa406..b042c896f25 100644 --- a/vendor/github.com/sirupsen/logrus/README.md +++ b/vendor/github.com/sirupsen/logrus/README.md @@ -1,4 +1,4 @@ -# Logrus :walrus: [![Build Status](https://travis-ci.org/sirupsen/logrus.svg?branch=master)](https://travis-ci.org/sirupsen/logrus) [![GoDoc](https://godoc.org/github.com/sirupsen/logrus?status.svg)](https://godoc.org/github.com/sirupsen/logrus) +# Logrus :walrus: [![Build Status](https://github.com/sirupsen/logrus/workflows/CI/badge.svg)](https://github.com/sirupsen/logrus/actions?query=workflow%3ACI) [![Build Status](https://travis-ci.org/sirupsen/logrus.svg?branch=master)](https://travis-ci.org/sirupsen/logrus) [![Go Reference](https://pkg.go.dev/badge/github.com/sirupsen/logrus.svg)](https://pkg.go.dev/github.com/sirupsen/logrus) Logrus is a structured logger for Go (golang), completely API compatible with the standard library logger. @@ -341,7 +341,7 @@ import ( log "github.com/sirupsen/logrus" ) -init() { +func init() { // do something here to set environment depending on an environment variable // or command-line flag if Environment == "production" { diff --git a/vendor/github.com/sirupsen/logrus/buffer_pool.go b/vendor/github.com/sirupsen/logrus/buffer_pool.go index 4545dec07d8..c7787f77cbf 100644 --- a/vendor/github.com/sirupsen/logrus/buffer_pool.go +++ b/vendor/github.com/sirupsen/logrus/buffer_pool.go @@ -26,15 +26,6 @@ func (p *defaultPool) Get() *bytes.Buffer { return p.pool.Get().(*bytes.Buffer) } -func getBuffer() *bytes.Buffer { - return bufferPool.Get() -} - -func putBuffer(buf *bytes.Buffer) { - buf.Reset() - bufferPool.Put(buf) -} - // SetBufferPool allows to replace the default logrus buffer pool // to better meets the specific needs of an application. func SetBufferPool(bp BufferPool) { diff --git a/vendor/github.com/sirupsen/logrus/entry.go b/vendor/github.com/sirupsen/logrus/entry.go index 07a1e5fa724..71cdbbc35d2 100644 --- a/vendor/github.com/sirupsen/logrus/entry.go +++ b/vendor/github.com/sirupsen/logrus/entry.go @@ -232,6 +232,7 @@ func (entry *Entry) log(level Level, msg string) { newEntry.Logger.mu.Lock() reportCaller := newEntry.Logger.ReportCaller + bufPool := newEntry.getBufferPool() newEntry.Logger.mu.Unlock() if reportCaller { @@ -239,11 +240,11 @@ func (entry *Entry) log(level Level, msg string) { } newEntry.fireHooks() - - buffer = getBuffer() + buffer = bufPool.Get() defer func() { newEntry.Buffer = nil - putBuffer(buffer) + buffer.Reset() + bufPool.Put(buffer) }() buffer.Reset() newEntry.Buffer = buffer @@ -260,6 +261,13 @@ func (entry *Entry) log(level Level, msg string) { } } +func (entry *Entry) getBufferPool() (pool BufferPool) { + if entry.Logger.BufferPool != nil { + return entry.Logger.BufferPool + } + return bufferPool +} + func (entry *Entry) fireHooks() { var tmpHooks LevelHooks entry.Logger.mu.Lock() @@ -276,18 +284,21 @@ func (entry *Entry) fireHooks() { } func (entry *Entry) write() { + entry.Logger.mu.Lock() + defer entry.Logger.mu.Unlock() serialized, err := entry.Logger.Formatter.Format(entry) if err != nil { fmt.Fprintf(os.Stderr, "Failed to obtain reader, %v\n", err) return } - entry.Logger.mu.Lock() - defer entry.Logger.mu.Unlock() if _, err := entry.Logger.Out.Write(serialized); err != nil { fmt.Fprintf(os.Stderr, "Failed to write to log, %v\n", err) } } +// Log will log a message at the level given as parameter. +// Warning: using Log at Panic or Fatal level will not respectively Panic nor Exit. +// For this behaviour Entry.Panic or Entry.Fatal should be used instead. func (entry *Entry) Log(level Level, args ...interface{}) { if entry.Logger.IsLevelEnabled(level) { entry.log(level, fmt.Sprint(args...)) diff --git a/vendor/github.com/sirupsen/logrus/logger.go b/vendor/github.com/sirupsen/logrus/logger.go index 337704457a2..5ff0aef6d3f 100644 --- a/vendor/github.com/sirupsen/logrus/logger.go +++ b/vendor/github.com/sirupsen/logrus/logger.go @@ -44,6 +44,9 @@ type Logger struct { entryPool sync.Pool // Function to exit the application, defaults to `os.Exit()` ExitFunc exitFunc + // The buffer pool used to format the log. If it is nil, the default global + // buffer pool will be used. + BufferPool BufferPool } type exitFunc func(int) @@ -192,6 +195,9 @@ func (logger *Logger) Panicf(format string, args ...interface{}) { logger.Logf(PanicLevel, format, args...) } +// Log will log a message at the level given as parameter. +// Warning: using Log at Panic or Fatal level will not respectively Panic nor Exit. +// For this behaviour Logger.Panic or Logger.Fatal should be used instead. func (logger *Logger) Log(level Level, args ...interface{}) { if logger.IsLevelEnabled(level) { entry := logger.newEntry() @@ -402,3 +408,10 @@ func (logger *Logger) ReplaceHooks(hooks LevelHooks) LevelHooks { logger.mu.Unlock() return oldHooks } + +// SetBufferPool sets the logger buffer pool. +func (logger *Logger) SetBufferPool(pool BufferPool) { + logger.mu.Lock() + defer logger.mu.Unlock() + logger.BufferPool = pool +} diff --git a/vendor/golang.org/x/sys/unix/asm_bsd_riscv64.s b/vendor/golang.org/x/sys/unix/asm_bsd_riscv64.s new file mode 100644 index 00000000000..d560019ea29 --- /dev/null +++ b/vendor/golang.org/x/sys/unix/asm_bsd_riscv64.s @@ -0,0 +1,29 @@ +// Copyright 2021 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build (darwin || freebsd || netbsd || openbsd) && gc +// +build darwin freebsd netbsd openbsd +// +build gc + +#include "textflag.h" + +// System call support for RISCV64 BSD + +// Just jump to package syscall's implementation for all these functions. +// The runtime may know about them. + +TEXT ·Syscall(SB),NOSPLIT,$0-56 + JMP syscall·Syscall(SB) + +TEXT ·Syscall6(SB),NOSPLIT,$0-80 + JMP syscall·Syscall6(SB) + +TEXT ·Syscall9(SB),NOSPLIT,$0-104 + JMP syscall·Syscall9(SB) + +TEXT ·RawSyscall(SB),NOSPLIT,$0-56 + JMP syscall·RawSyscall(SB) + +TEXT ·RawSyscall6(SB),NOSPLIT,$0-80 + JMP syscall·RawSyscall6(SB) diff --git a/vendor/golang.org/x/sys/unix/asm_linux_loong64.s b/vendor/golang.org/x/sys/unix/asm_linux_loong64.s index 6abd48eef0d..565357288a8 100644 --- a/vendor/golang.org/x/sys/unix/asm_linux_loong64.s +++ b/vendor/golang.org/x/sys/unix/asm_linux_loong64.s @@ -30,7 +30,7 @@ TEXT ·SyscallNoError(SB),NOSPLIT,$0-48 MOVV trap+0(FP), R11 // syscall entry SYSCALL MOVV R4, r1+32(FP) - MOVV R5, r2+40(FP) + MOVV R0, r2+40(FP) // r2 is not used. Always set to 0 JAL runtime·exitsyscall(SB) RET @@ -50,5 +50,5 @@ TEXT ·RawSyscallNoError(SB),NOSPLIT,$0-48 MOVV trap+0(FP), R11 // syscall entry SYSCALL MOVV R4, r1+32(FP) - MOVV R5, r2+40(FP) + MOVV R0, r2+40(FP) // r2 is not used. Always set to 0 RET diff --git a/vendor/golang.org/x/sys/unix/errors_freebsd_386.go b/vendor/golang.org/x/sys/unix/errors_freebsd_386.go deleted file mode 100644 index 761db66efec..00000000000 --- a/vendor/golang.org/x/sys/unix/errors_freebsd_386.go +++ /dev/null @@ -1,233 +0,0 @@ -// Copyright 2017 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// Constants that were deprecated or moved to enums in the FreeBSD headers. Keep -// them here for backwards compatibility. - -package unix - -const ( - DLT_HHDLC = 0x79 - IFF_SMART = 0x20 - IFT_1822 = 0x2 - IFT_A12MPPSWITCH = 0x82 - IFT_AAL2 = 0xbb - IFT_AAL5 = 0x31 - IFT_ADSL = 0x5e - IFT_AFLANE8023 = 0x3b - IFT_AFLANE8025 = 0x3c - IFT_ARAP = 0x58 - IFT_ARCNET = 0x23 - IFT_ARCNETPLUS = 0x24 - IFT_ASYNC = 0x54 - IFT_ATM = 0x25 - IFT_ATMDXI = 0x69 - IFT_ATMFUNI = 0x6a - IFT_ATMIMA = 0x6b - IFT_ATMLOGICAL = 0x50 - IFT_ATMRADIO = 0xbd - IFT_ATMSUBINTERFACE = 0x86 - IFT_ATMVCIENDPT = 0xc2 - IFT_ATMVIRTUAL = 0x95 - IFT_BGPPOLICYACCOUNTING = 0xa2 - IFT_BSC = 0x53 - IFT_CCTEMUL = 0x3d - IFT_CEPT = 0x13 - IFT_CES = 0x85 - IFT_CHANNEL = 0x46 - IFT_CNR = 0x55 - IFT_COFFEE = 0x84 - IFT_COMPOSITELINK = 0x9b - IFT_DCN = 0x8d - IFT_DIGITALPOWERLINE = 0x8a - IFT_DIGITALWRAPPEROVERHEADCHANNEL = 0xba - IFT_DLSW = 0x4a - IFT_DOCSCABLEDOWNSTREAM = 0x80 - IFT_DOCSCABLEMACLAYER = 0x7f - IFT_DOCSCABLEUPSTREAM = 0x81 - IFT_DS0 = 0x51 - IFT_DS0BUNDLE = 0x52 - IFT_DS1FDL = 0xaa - IFT_DS3 = 0x1e - IFT_DTM = 0x8c - IFT_DVBASILN = 0xac - IFT_DVBASIOUT = 0xad - IFT_DVBRCCDOWNSTREAM = 0x93 - IFT_DVBRCCMACLAYER = 0x92 - IFT_DVBRCCUPSTREAM = 0x94 - IFT_ENC = 0xf4 - IFT_EON = 0x19 - IFT_EPLRS = 0x57 - IFT_ESCON = 0x49 - IFT_ETHER = 0x6 - IFT_FAITH = 0xf2 - IFT_FAST = 0x7d - IFT_FASTETHER = 0x3e - IFT_FASTETHERFX = 0x45 - IFT_FDDI = 0xf - IFT_FIBRECHANNEL = 0x38 - IFT_FRAMERELAYINTERCONNECT = 0x3a - IFT_FRAMERELAYMPI = 0x5c - IFT_FRDLCIENDPT = 0xc1 - IFT_FRELAY = 0x20 - IFT_FRELAYDCE = 0x2c - IFT_FRF16MFRBUNDLE = 0xa3 - IFT_FRFORWARD = 0x9e - IFT_G703AT2MB = 0x43 - IFT_G703AT64K = 0x42 - IFT_GIF = 0xf0 - IFT_GIGABITETHERNET = 0x75 - IFT_GR303IDT = 0xb2 - IFT_GR303RDT = 0xb1 - IFT_H323GATEKEEPER = 0xa4 - IFT_H323PROXY = 0xa5 - IFT_HDH1822 = 0x3 - IFT_HDLC = 0x76 - IFT_HDSL2 = 0xa8 - IFT_HIPERLAN2 = 0xb7 - IFT_HIPPI = 0x2f - IFT_HIPPIINTERFACE = 0x39 - IFT_HOSTPAD = 0x5a - IFT_HSSI = 0x2e - IFT_HY = 0xe - IFT_IBM370PARCHAN = 0x48 - IFT_IDSL = 0x9a - IFT_IEEE80211 = 0x47 - IFT_IEEE80212 = 0x37 - IFT_IEEE8023ADLAG = 0xa1 - IFT_IFGSN = 0x91 - IFT_IMT = 0xbe - IFT_INTERLEAVE = 0x7c - IFT_IP = 0x7e - IFT_IPFORWARD = 0x8e - IFT_IPOVERATM = 0x72 - IFT_IPOVERCDLC = 0x6d - IFT_IPOVERCLAW = 0x6e - IFT_IPSWITCH = 0x4e - IFT_IPXIP = 0xf9 - IFT_ISDN = 0x3f - IFT_ISDNBASIC = 0x14 - IFT_ISDNPRIMARY = 0x15 - IFT_ISDNS = 0x4b - IFT_ISDNU = 0x4c - IFT_ISO88022LLC = 0x29 - IFT_ISO88023 = 0x7 - IFT_ISO88024 = 0x8 - IFT_ISO88025 = 0x9 - IFT_ISO88025CRFPINT = 0x62 - IFT_ISO88025DTR = 0x56 - IFT_ISO88025FIBER = 0x73 - IFT_ISO88026 = 0xa - IFT_ISUP = 0xb3 - IFT_L3IPXVLAN = 0x89 - IFT_LAPB = 0x10 - IFT_LAPD = 0x4d - IFT_LAPF = 0x77 - IFT_LOCALTALK = 0x2a - IFT_LOOP = 0x18 - IFT_MEDIAMAILOVERIP = 0x8b - IFT_MFSIGLINK = 0xa7 - IFT_MIOX25 = 0x26 - IFT_MODEM = 0x30 - IFT_MPC = 0x71 - IFT_MPLS = 0xa6 - IFT_MPLSTUNNEL = 0x96 - IFT_MSDSL = 0x8f - IFT_MVL = 0xbf - IFT_MYRINET = 0x63 - IFT_NFAS = 0xaf - IFT_NSIP = 0x1b - IFT_OPTICALCHANNEL = 0xc3 - IFT_OPTICALTRANSPORT = 0xc4 - IFT_OTHER = 0x1 - IFT_P10 = 0xc - IFT_P80 = 0xd - IFT_PARA = 0x22 - IFT_PFLOG = 0xf6 - IFT_PFSYNC = 0xf7 - IFT_PLC = 0xae - IFT_POS = 0xab - IFT_PPPMULTILINKBUNDLE = 0x6c - IFT_PROPBWAP2MP = 0xb8 - IFT_PROPCNLS = 0x59 - IFT_PROPDOCSWIRELESSDOWNSTREAM = 0xb5 - IFT_PROPDOCSWIRELESSMACLAYER = 0xb4 - IFT_PROPDOCSWIRELESSUPSTREAM = 0xb6 - IFT_PROPMUX = 0x36 - IFT_PROPWIRELESSP2P = 0x9d - IFT_PTPSERIAL = 0x16 - IFT_PVC = 0xf1 - IFT_QLLC = 0x44 - IFT_RADIOMAC = 0xbc - IFT_RADSL = 0x5f - IFT_REACHDSL = 0xc0 - IFT_RFC1483 = 0x9f - IFT_RS232 = 0x21 - IFT_RSRB = 0x4f - IFT_SDLC = 0x11 - IFT_SDSL = 0x60 - IFT_SHDSL = 0xa9 - IFT_SIP = 0x1f - IFT_SLIP = 0x1c - IFT_SMDSDXI = 0x2b - IFT_SMDSICIP = 0x34 - IFT_SONET = 0x27 - IFT_SONETOVERHEADCHANNEL = 0xb9 - IFT_SONETPATH = 0x32 - IFT_SONETVT = 0x33 - IFT_SRP = 0x97 - IFT_SS7SIGLINK = 0x9c - IFT_STACKTOSTACK = 0x6f - IFT_STARLAN = 0xb - IFT_STF = 0xd7 - IFT_T1 = 0x12 - IFT_TDLC = 0x74 - IFT_TERMPAD = 0x5b - IFT_TR008 = 0xb0 - IFT_TRANSPHDLC = 0x7b - IFT_TUNNEL = 0x83 - IFT_ULTRA = 0x1d - IFT_USB = 0xa0 - IFT_V11 = 0x40 - IFT_V35 = 0x2d - IFT_V36 = 0x41 - IFT_V37 = 0x78 - IFT_VDSL = 0x61 - IFT_VIRTUALIPADDRESS = 0x70 - IFT_VOICEEM = 0x64 - IFT_VOICEENCAP = 0x67 - IFT_VOICEFXO = 0x65 - IFT_VOICEFXS = 0x66 - IFT_VOICEOVERATM = 0x98 - IFT_VOICEOVERFRAMERELAY = 0x99 - IFT_VOICEOVERIP = 0x68 - IFT_X213 = 0x5d - IFT_X25 = 0x5 - IFT_X25DDN = 0x4 - IFT_X25HUNTGROUP = 0x7a - IFT_X25MLP = 0x79 - IFT_X25PLE = 0x28 - IFT_XETHER = 0x1a - IPPROTO_MAXID = 0x34 - IPV6_FAITH = 0x1d - IPV6_MIN_MEMBERSHIPS = 0x1f - IP_FAITH = 0x16 - IP_MAX_SOURCE_FILTER = 0x400 - IP_MIN_MEMBERSHIPS = 0x1f - MAP_NORESERVE = 0x40 - MAP_RENAME = 0x20 - NET_RT_MAXID = 0x6 - RTF_PRCLONING = 0x10000 - RTM_OLDADD = 0x9 - RTM_OLDDEL = 0xa - RT_CACHING_CONTEXT = 0x1 - RT_NORTREF = 0x2 - SIOCADDRT = 0x8030720a - SIOCALIFADDR = 0x8118691b - SIOCDELRT = 0x8030720b - SIOCDLIFADDR = 0x8118691d - SIOCGLIFADDR = 0xc118691c - SIOCGLIFPHYADDR = 0xc118694b - SIOCSLIFPHYADDR = 0x8118694a -) diff --git a/vendor/golang.org/x/sys/unix/errors_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/errors_freebsd_amd64.go deleted file mode 100644 index 070f44b6510..00000000000 --- a/vendor/golang.org/x/sys/unix/errors_freebsd_amd64.go +++ /dev/null @@ -1,233 +0,0 @@ -// Copyright 2017 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// Constants that were deprecated or moved to enums in the FreeBSD headers. Keep -// them here for backwards compatibility. - -package unix - -const ( - DLT_HHDLC = 0x79 - IFF_SMART = 0x20 - IFT_1822 = 0x2 - IFT_A12MPPSWITCH = 0x82 - IFT_AAL2 = 0xbb - IFT_AAL5 = 0x31 - IFT_ADSL = 0x5e - IFT_AFLANE8023 = 0x3b - IFT_AFLANE8025 = 0x3c - IFT_ARAP = 0x58 - IFT_ARCNET = 0x23 - IFT_ARCNETPLUS = 0x24 - IFT_ASYNC = 0x54 - IFT_ATM = 0x25 - IFT_ATMDXI = 0x69 - IFT_ATMFUNI = 0x6a - IFT_ATMIMA = 0x6b - IFT_ATMLOGICAL = 0x50 - IFT_ATMRADIO = 0xbd - IFT_ATMSUBINTERFACE = 0x86 - IFT_ATMVCIENDPT = 0xc2 - IFT_ATMVIRTUAL = 0x95 - IFT_BGPPOLICYACCOUNTING = 0xa2 - IFT_BSC = 0x53 - IFT_CCTEMUL = 0x3d - IFT_CEPT = 0x13 - IFT_CES = 0x85 - IFT_CHANNEL = 0x46 - IFT_CNR = 0x55 - IFT_COFFEE = 0x84 - IFT_COMPOSITELINK = 0x9b - IFT_DCN = 0x8d - IFT_DIGITALPOWERLINE = 0x8a - IFT_DIGITALWRAPPEROVERHEADCHANNEL = 0xba - IFT_DLSW = 0x4a - IFT_DOCSCABLEDOWNSTREAM = 0x80 - IFT_DOCSCABLEMACLAYER = 0x7f - IFT_DOCSCABLEUPSTREAM = 0x81 - IFT_DS0 = 0x51 - IFT_DS0BUNDLE = 0x52 - IFT_DS1FDL = 0xaa - IFT_DS3 = 0x1e - IFT_DTM = 0x8c - IFT_DVBASILN = 0xac - IFT_DVBASIOUT = 0xad - IFT_DVBRCCDOWNSTREAM = 0x93 - IFT_DVBRCCMACLAYER = 0x92 - IFT_DVBRCCUPSTREAM = 0x94 - IFT_ENC = 0xf4 - IFT_EON = 0x19 - IFT_EPLRS = 0x57 - IFT_ESCON = 0x49 - IFT_ETHER = 0x6 - IFT_FAITH = 0xf2 - IFT_FAST = 0x7d - IFT_FASTETHER = 0x3e - IFT_FASTETHERFX = 0x45 - IFT_FDDI = 0xf - IFT_FIBRECHANNEL = 0x38 - IFT_FRAMERELAYINTERCONNECT = 0x3a - IFT_FRAMERELAYMPI = 0x5c - IFT_FRDLCIENDPT = 0xc1 - IFT_FRELAY = 0x20 - IFT_FRELAYDCE = 0x2c - IFT_FRF16MFRBUNDLE = 0xa3 - IFT_FRFORWARD = 0x9e - IFT_G703AT2MB = 0x43 - IFT_G703AT64K = 0x42 - IFT_GIF = 0xf0 - IFT_GIGABITETHERNET = 0x75 - IFT_GR303IDT = 0xb2 - IFT_GR303RDT = 0xb1 - IFT_H323GATEKEEPER = 0xa4 - IFT_H323PROXY = 0xa5 - IFT_HDH1822 = 0x3 - IFT_HDLC = 0x76 - IFT_HDSL2 = 0xa8 - IFT_HIPERLAN2 = 0xb7 - IFT_HIPPI = 0x2f - IFT_HIPPIINTERFACE = 0x39 - IFT_HOSTPAD = 0x5a - IFT_HSSI = 0x2e - IFT_HY = 0xe - IFT_IBM370PARCHAN = 0x48 - IFT_IDSL = 0x9a - IFT_IEEE80211 = 0x47 - IFT_IEEE80212 = 0x37 - IFT_IEEE8023ADLAG = 0xa1 - IFT_IFGSN = 0x91 - IFT_IMT = 0xbe - IFT_INTERLEAVE = 0x7c - IFT_IP = 0x7e - IFT_IPFORWARD = 0x8e - IFT_IPOVERATM = 0x72 - IFT_IPOVERCDLC = 0x6d - IFT_IPOVERCLAW = 0x6e - IFT_IPSWITCH = 0x4e - IFT_IPXIP = 0xf9 - IFT_ISDN = 0x3f - IFT_ISDNBASIC = 0x14 - IFT_ISDNPRIMARY = 0x15 - IFT_ISDNS = 0x4b - IFT_ISDNU = 0x4c - IFT_ISO88022LLC = 0x29 - IFT_ISO88023 = 0x7 - IFT_ISO88024 = 0x8 - IFT_ISO88025 = 0x9 - IFT_ISO88025CRFPINT = 0x62 - IFT_ISO88025DTR = 0x56 - IFT_ISO88025FIBER = 0x73 - IFT_ISO88026 = 0xa - IFT_ISUP = 0xb3 - IFT_L3IPXVLAN = 0x89 - IFT_LAPB = 0x10 - IFT_LAPD = 0x4d - IFT_LAPF = 0x77 - IFT_LOCALTALK = 0x2a - IFT_LOOP = 0x18 - IFT_MEDIAMAILOVERIP = 0x8b - IFT_MFSIGLINK = 0xa7 - IFT_MIOX25 = 0x26 - IFT_MODEM = 0x30 - IFT_MPC = 0x71 - IFT_MPLS = 0xa6 - IFT_MPLSTUNNEL = 0x96 - IFT_MSDSL = 0x8f - IFT_MVL = 0xbf - IFT_MYRINET = 0x63 - IFT_NFAS = 0xaf - IFT_NSIP = 0x1b - IFT_OPTICALCHANNEL = 0xc3 - IFT_OPTICALTRANSPORT = 0xc4 - IFT_OTHER = 0x1 - IFT_P10 = 0xc - IFT_P80 = 0xd - IFT_PARA = 0x22 - IFT_PFLOG = 0xf6 - IFT_PFSYNC = 0xf7 - IFT_PLC = 0xae - IFT_POS = 0xab - IFT_PPPMULTILINKBUNDLE = 0x6c - IFT_PROPBWAP2MP = 0xb8 - IFT_PROPCNLS = 0x59 - IFT_PROPDOCSWIRELESSDOWNSTREAM = 0xb5 - IFT_PROPDOCSWIRELESSMACLAYER = 0xb4 - IFT_PROPDOCSWIRELESSUPSTREAM = 0xb6 - IFT_PROPMUX = 0x36 - IFT_PROPWIRELESSP2P = 0x9d - IFT_PTPSERIAL = 0x16 - IFT_PVC = 0xf1 - IFT_QLLC = 0x44 - IFT_RADIOMAC = 0xbc - IFT_RADSL = 0x5f - IFT_REACHDSL = 0xc0 - IFT_RFC1483 = 0x9f - IFT_RS232 = 0x21 - IFT_RSRB = 0x4f - IFT_SDLC = 0x11 - IFT_SDSL = 0x60 - IFT_SHDSL = 0xa9 - IFT_SIP = 0x1f - IFT_SLIP = 0x1c - IFT_SMDSDXI = 0x2b - IFT_SMDSICIP = 0x34 - IFT_SONET = 0x27 - IFT_SONETOVERHEADCHANNEL = 0xb9 - IFT_SONETPATH = 0x32 - IFT_SONETVT = 0x33 - IFT_SRP = 0x97 - IFT_SS7SIGLINK = 0x9c - IFT_STACKTOSTACK = 0x6f - IFT_STARLAN = 0xb - IFT_STF = 0xd7 - IFT_T1 = 0x12 - IFT_TDLC = 0x74 - IFT_TERMPAD = 0x5b - IFT_TR008 = 0xb0 - IFT_TRANSPHDLC = 0x7b - IFT_TUNNEL = 0x83 - IFT_ULTRA = 0x1d - IFT_USB = 0xa0 - IFT_V11 = 0x40 - IFT_V35 = 0x2d - IFT_V36 = 0x41 - IFT_V37 = 0x78 - IFT_VDSL = 0x61 - IFT_VIRTUALIPADDRESS = 0x70 - IFT_VOICEEM = 0x64 - IFT_VOICEENCAP = 0x67 - IFT_VOICEFXO = 0x65 - IFT_VOICEFXS = 0x66 - IFT_VOICEOVERATM = 0x98 - IFT_VOICEOVERFRAMERELAY = 0x99 - IFT_VOICEOVERIP = 0x68 - IFT_X213 = 0x5d - IFT_X25 = 0x5 - IFT_X25DDN = 0x4 - IFT_X25HUNTGROUP = 0x7a - IFT_X25MLP = 0x79 - IFT_X25PLE = 0x28 - IFT_XETHER = 0x1a - IPPROTO_MAXID = 0x34 - IPV6_FAITH = 0x1d - IPV6_MIN_MEMBERSHIPS = 0x1f - IP_FAITH = 0x16 - IP_MAX_SOURCE_FILTER = 0x400 - IP_MIN_MEMBERSHIPS = 0x1f - MAP_NORESERVE = 0x40 - MAP_RENAME = 0x20 - NET_RT_MAXID = 0x6 - RTF_PRCLONING = 0x10000 - RTM_OLDADD = 0x9 - RTM_OLDDEL = 0xa - RT_CACHING_CONTEXT = 0x1 - RT_NORTREF = 0x2 - SIOCADDRT = 0x8040720a - SIOCALIFADDR = 0x8118691b - SIOCDELRT = 0x8040720b - SIOCDLIFADDR = 0x8118691d - SIOCGLIFADDR = 0xc118691c - SIOCGLIFPHYADDR = 0xc118694b - SIOCSLIFPHYADDR = 0x8118694a -) diff --git a/vendor/golang.org/x/sys/unix/errors_freebsd_arm.go b/vendor/golang.org/x/sys/unix/errors_freebsd_arm.go deleted file mode 100644 index 856dca32543..00000000000 --- a/vendor/golang.org/x/sys/unix/errors_freebsd_arm.go +++ /dev/null @@ -1,226 +0,0 @@ -// Copyright 2017 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package unix - -const ( - IFT_1822 = 0x2 - IFT_A12MPPSWITCH = 0x82 - IFT_AAL2 = 0xbb - IFT_AAL5 = 0x31 - IFT_ADSL = 0x5e - IFT_AFLANE8023 = 0x3b - IFT_AFLANE8025 = 0x3c - IFT_ARAP = 0x58 - IFT_ARCNET = 0x23 - IFT_ARCNETPLUS = 0x24 - IFT_ASYNC = 0x54 - IFT_ATM = 0x25 - IFT_ATMDXI = 0x69 - IFT_ATMFUNI = 0x6a - IFT_ATMIMA = 0x6b - IFT_ATMLOGICAL = 0x50 - IFT_ATMRADIO = 0xbd - IFT_ATMSUBINTERFACE = 0x86 - IFT_ATMVCIENDPT = 0xc2 - IFT_ATMVIRTUAL = 0x95 - IFT_BGPPOLICYACCOUNTING = 0xa2 - IFT_BSC = 0x53 - IFT_CCTEMUL = 0x3d - IFT_CEPT = 0x13 - IFT_CES = 0x85 - IFT_CHANNEL = 0x46 - IFT_CNR = 0x55 - IFT_COFFEE = 0x84 - IFT_COMPOSITELINK = 0x9b - IFT_DCN = 0x8d - IFT_DIGITALPOWERLINE = 0x8a - IFT_DIGITALWRAPPEROVERHEADCHANNEL = 0xba - IFT_DLSW = 0x4a - IFT_DOCSCABLEDOWNSTREAM = 0x80 - IFT_DOCSCABLEMACLAYER = 0x7f - IFT_DOCSCABLEUPSTREAM = 0x81 - IFT_DS0 = 0x51 - IFT_DS0BUNDLE = 0x52 - IFT_DS1FDL = 0xaa - IFT_DS3 = 0x1e - IFT_DTM = 0x8c - IFT_DVBASILN = 0xac - IFT_DVBASIOUT = 0xad - IFT_DVBRCCDOWNSTREAM = 0x93 - IFT_DVBRCCMACLAYER = 0x92 - IFT_DVBRCCUPSTREAM = 0x94 - IFT_ENC = 0xf4 - IFT_EON = 0x19 - IFT_EPLRS = 0x57 - IFT_ESCON = 0x49 - IFT_ETHER = 0x6 - IFT_FAST = 0x7d - IFT_FASTETHER = 0x3e - IFT_FASTETHERFX = 0x45 - IFT_FDDI = 0xf - IFT_FIBRECHANNEL = 0x38 - IFT_FRAMERELAYINTERCONNECT = 0x3a - IFT_FRAMERELAYMPI = 0x5c - IFT_FRDLCIENDPT = 0xc1 - IFT_FRELAY = 0x20 - IFT_FRELAYDCE = 0x2c - IFT_FRF16MFRBUNDLE = 0xa3 - IFT_FRFORWARD = 0x9e - IFT_G703AT2MB = 0x43 - IFT_G703AT64K = 0x42 - IFT_GIF = 0xf0 - IFT_GIGABITETHERNET = 0x75 - IFT_GR303IDT = 0xb2 - IFT_GR303RDT = 0xb1 - IFT_H323GATEKEEPER = 0xa4 - IFT_H323PROXY = 0xa5 - IFT_HDH1822 = 0x3 - IFT_HDLC = 0x76 - IFT_HDSL2 = 0xa8 - IFT_HIPERLAN2 = 0xb7 - IFT_HIPPI = 0x2f - IFT_HIPPIINTERFACE = 0x39 - IFT_HOSTPAD = 0x5a - IFT_HSSI = 0x2e - IFT_HY = 0xe - IFT_IBM370PARCHAN = 0x48 - IFT_IDSL = 0x9a - IFT_IEEE80211 = 0x47 - IFT_IEEE80212 = 0x37 - IFT_IEEE8023ADLAG = 0xa1 - IFT_IFGSN = 0x91 - IFT_IMT = 0xbe - IFT_INTERLEAVE = 0x7c - IFT_IP = 0x7e - IFT_IPFORWARD = 0x8e - IFT_IPOVERATM = 0x72 - IFT_IPOVERCDLC = 0x6d - IFT_IPOVERCLAW = 0x6e - IFT_IPSWITCH = 0x4e - IFT_ISDN = 0x3f - IFT_ISDNBASIC = 0x14 - IFT_ISDNPRIMARY = 0x15 - IFT_ISDNS = 0x4b - IFT_ISDNU = 0x4c - IFT_ISO88022LLC = 0x29 - IFT_ISO88023 = 0x7 - IFT_ISO88024 = 0x8 - IFT_ISO88025 = 0x9 - IFT_ISO88025CRFPINT = 0x62 - IFT_ISO88025DTR = 0x56 - IFT_ISO88025FIBER = 0x73 - IFT_ISO88026 = 0xa - IFT_ISUP = 0xb3 - IFT_L3IPXVLAN = 0x89 - IFT_LAPB = 0x10 - IFT_LAPD = 0x4d - IFT_LAPF = 0x77 - IFT_LOCALTALK = 0x2a - IFT_LOOP = 0x18 - IFT_MEDIAMAILOVERIP = 0x8b - IFT_MFSIGLINK = 0xa7 - IFT_MIOX25 = 0x26 - IFT_MODEM = 0x30 - IFT_MPC = 0x71 - IFT_MPLS = 0xa6 - IFT_MPLSTUNNEL = 0x96 - IFT_MSDSL = 0x8f - IFT_MVL = 0xbf - IFT_MYRINET = 0x63 - IFT_NFAS = 0xaf - IFT_NSIP = 0x1b - IFT_OPTICALCHANNEL = 0xc3 - IFT_OPTICALTRANSPORT = 0xc4 - IFT_OTHER = 0x1 - IFT_P10 = 0xc - IFT_P80 = 0xd - IFT_PARA = 0x22 - IFT_PFLOG = 0xf6 - IFT_PFSYNC = 0xf7 - IFT_PLC = 0xae - IFT_POS = 0xab - IFT_PPPMULTILINKBUNDLE = 0x6c - IFT_PROPBWAP2MP = 0xb8 - IFT_PROPCNLS = 0x59 - IFT_PROPDOCSWIRELESSDOWNSTREAM = 0xb5 - IFT_PROPDOCSWIRELESSMACLAYER = 0xb4 - IFT_PROPDOCSWIRELESSUPSTREAM = 0xb6 - IFT_PROPMUX = 0x36 - IFT_PROPWIRELESSP2P = 0x9d - IFT_PTPSERIAL = 0x16 - IFT_PVC = 0xf1 - IFT_QLLC = 0x44 - IFT_RADIOMAC = 0xbc - IFT_RADSL = 0x5f - IFT_REACHDSL = 0xc0 - IFT_RFC1483 = 0x9f - IFT_RS232 = 0x21 - IFT_RSRB = 0x4f - IFT_SDLC = 0x11 - IFT_SDSL = 0x60 - IFT_SHDSL = 0xa9 - IFT_SIP = 0x1f - IFT_SLIP = 0x1c - IFT_SMDSDXI = 0x2b - IFT_SMDSICIP = 0x34 - IFT_SONET = 0x27 - IFT_SONETOVERHEADCHANNEL = 0xb9 - IFT_SONETPATH = 0x32 - IFT_SONETVT = 0x33 - IFT_SRP = 0x97 - IFT_SS7SIGLINK = 0x9c - IFT_STACKTOSTACK = 0x6f - IFT_STARLAN = 0xb - IFT_STF = 0xd7 - IFT_T1 = 0x12 - IFT_TDLC = 0x74 - IFT_TERMPAD = 0x5b - IFT_TR008 = 0xb0 - IFT_TRANSPHDLC = 0x7b - IFT_TUNNEL = 0x83 - IFT_ULTRA = 0x1d - IFT_USB = 0xa0 - IFT_V11 = 0x40 - IFT_V35 = 0x2d - IFT_V36 = 0x41 - IFT_V37 = 0x78 - IFT_VDSL = 0x61 - IFT_VIRTUALIPADDRESS = 0x70 - IFT_VOICEEM = 0x64 - IFT_VOICEENCAP = 0x67 - IFT_VOICEFXO = 0x65 - IFT_VOICEFXS = 0x66 - IFT_VOICEOVERATM = 0x98 - IFT_VOICEOVERFRAMERELAY = 0x99 - IFT_VOICEOVERIP = 0x68 - IFT_X213 = 0x5d - IFT_X25 = 0x5 - IFT_X25DDN = 0x4 - IFT_X25HUNTGROUP = 0x7a - IFT_X25MLP = 0x79 - IFT_X25PLE = 0x28 - IFT_XETHER = 0x1a - - // missing constants on FreeBSD-11.1-RELEASE, copied from old values in ztypes_freebsd_arm.go - IFF_SMART = 0x20 - IFT_FAITH = 0xf2 - IFT_IPXIP = 0xf9 - IPPROTO_MAXID = 0x34 - IPV6_FAITH = 0x1d - IP_FAITH = 0x16 - MAP_NORESERVE = 0x40 - MAP_RENAME = 0x20 - NET_RT_MAXID = 0x6 - RTF_PRCLONING = 0x10000 - RTM_OLDADD = 0x9 - RTM_OLDDEL = 0xa - SIOCADDRT = 0x8030720a - SIOCALIFADDR = 0x8118691b - SIOCDELRT = 0x8030720b - SIOCDLIFADDR = 0x8118691d - SIOCGLIFADDR = 0xc118691c - SIOCGLIFPHYADDR = 0xc118694b - SIOCSLIFPHYADDR = 0x8118694a -) diff --git a/vendor/golang.org/x/sys/unix/errors_freebsd_arm64.go b/vendor/golang.org/x/sys/unix/errors_freebsd_arm64.go deleted file mode 100644 index 946dcf3fc7e..00000000000 --- a/vendor/golang.org/x/sys/unix/errors_freebsd_arm64.go +++ /dev/null @@ -1,17 +0,0 @@ -// Copyright 2020 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// Constants that were deprecated or moved to enums in the FreeBSD headers. Keep -// them here for backwards compatibility. - -package unix - -const ( - DLT_HHDLC = 0x79 - IPV6_MIN_MEMBERSHIPS = 0x1f - IP_MAX_SOURCE_FILTER = 0x400 - IP_MIN_MEMBERSHIPS = 0x1f - RT_CACHING_CONTEXT = 0x1 - RT_NORTREF = 0x2 -) diff --git a/vendor/golang.org/x/sys/unix/mkall.sh b/vendor/golang.org/x/sys/unix/mkall.sh index ee73623489b..dcef4de6f18 100644 --- a/vendor/golang.org/x/sys/unix/mkall.sh +++ b/vendor/golang.org/x/sys/unix/mkall.sh @@ -89,25 +89,30 @@ dragonfly_amd64) freebsd_386) mkerrors="$mkerrors -m32" mksyscall="go run mksyscall.go -l32" - mksysnum="go run mksysnum.go 'https://svn.freebsd.org/base/stable/11/sys/kern/syscalls.master'" + mksysnum="go run mksysnum.go 'https://cgit.freebsd.org/src/plain/sys/kern/syscalls.master?h=stable/12'" mktypes="GOARCH=$GOARCH go tool cgo -godefs" ;; freebsd_amd64) mkerrors="$mkerrors -m64" - mksysnum="go run mksysnum.go 'https://svn.freebsd.org/base/stable/11/sys/kern/syscalls.master'" + mksysnum="go run mksysnum.go 'https://cgit.freebsd.org/src/plain/sys/kern/syscalls.master?h=stable/12'" mktypes="GOARCH=$GOARCH go tool cgo -godefs" ;; freebsd_arm) mkerrors="$mkerrors" mksyscall="go run mksyscall.go -l32 -arm" - mksysnum="go run mksysnum.go 'https://svn.freebsd.org/base/stable/11/sys/kern/syscalls.master'" + mksysnum="go run mksysnum.go 'https://cgit.freebsd.org/src/plain/sys/kern/syscalls.master?h=stable/12'" # Let the type of C char be signed for making the bare syscall # API consistent across platforms. mktypes="GOARCH=$GOARCH go tool cgo -godefs -- -fsigned-char" ;; freebsd_arm64) mkerrors="$mkerrors -m64" - mksysnum="go run mksysnum.go 'https://svn.freebsd.org/base/stable/11/sys/kern/syscalls.master'" + mksysnum="go run mksysnum.go 'https://cgit.freebsd.org/src/plain/sys/kern/syscalls.master?h=stable/12'" + mktypes="GOARCH=$GOARCH go tool cgo -godefs -- -fsigned-char" + ;; +freebsd_riscv64) + mkerrors="$mkerrors -m64" + mksysnum="go run mksysnum.go 'https://cgit.freebsd.org/src/plain/sys/kern/syscalls.master?h=stable/12'" mktypes="GOARCH=$GOARCH go tool cgo -godefs -- -fsigned-char" ;; netbsd_386) diff --git a/vendor/golang.org/x/sys/unix/mkerrors.sh b/vendor/golang.org/x/sys/unix/mkerrors.sh index d888fb77036..ca50e4e14dd 100644 --- a/vendor/golang.org/x/sys/unix/mkerrors.sh +++ b/vendor/golang.org/x/sys/unix/mkerrors.sh @@ -128,6 +128,7 @@ includes_FreeBSD=' #include #include #include +#include #include #include #include @@ -202,6 +203,7 @@ struct ltchars { #include #include #include +#include #include #include #include @@ -529,7 +531,7 @@ ccflags="$@" $2 ~ /^(MS|MNT|MOUNT|UMOUNT)_/ || $2 ~ /^NS_GET_/ || $2 ~ /^TUN(SET|GET|ATTACH|DETACH)/ || - $2 ~ /^(O|F|[ES]?FD|NAME|S|PTRACE|PT|TFD)_/ || + $2 ~ /^(O|F|[ES]?FD|NAME|S|PTRACE|PT|PIOD|TFD)_/ || $2 ~ /^KEXEC_/ || $2 ~ /^LINUX_REBOOT_CMD_/ || $2 ~ /^LINUX_REBOOT_MAGIC[12]$/ || @@ -553,6 +555,7 @@ ccflags="$@" $2 ~ /^CLONE_[A-Z_]+/ || $2 !~ /^(BPF_TIMEVAL|BPF_FIB_LOOKUP_[A-Z]+)$/ && $2 ~ /^(BPF|DLT)_/ || + $2 ~ /^AUDIT_/ || $2 ~ /^(CLOCK|TIMER)_/ || $2 ~ /^CAN_/ || $2 ~ /^CAP_/ || @@ -575,7 +578,6 @@ ccflags="$@" $2 ~ /^SEEK_/ || $2 ~ /^SPLICE_/ || $2 ~ /^SYNC_FILE_RANGE_/ || - $2 !~ /^AUDIT_RECORD_MAGIC/ && $2 !~ /IOC_MAGIC/ && $2 ~ /^[A-Z][A-Z0-9_]+_MAGIC2?$/ || $2 ~ /^(VM|VMADDR)_/ || diff --git a/vendor/golang.org/x/sys/unix/syscall_aix.go b/vendor/golang.org/x/sys/unix/syscall_aix.go index ad22c33db3d..ac579c60feb 100644 --- a/vendor/golang.org/x/sys/unix/syscall_aix.go +++ b/vendor/golang.org/x/sys/unix/syscall_aix.go @@ -217,12 +217,12 @@ func Accept(fd int) (nfd int, sa Sockaddr, err error) { return } -func recvmsgRaw(fd int, p, oob []byte, flags int, rsa *RawSockaddrAny) (n, oobn int, recvflags int, err error) { +func recvmsgRaw(fd int, iov []Iovec, oob []byte, flags int, rsa *RawSockaddrAny) (n, oobn int, recvflags int, err error) { // Recvmsg not implemented on AIX return -1, -1, -1, ENOSYS } -func sendmsgN(fd int, p, oob []byte, ptr unsafe.Pointer, salen _Socklen, flags int) (n int, err error) { +func sendmsgN(fd int, iov []Iovec, oob []byte, ptr unsafe.Pointer, salen _Socklen, flags int) (n int, err error) { // SendmsgN not implemented on AIX return -1, ENOSYS } diff --git a/vendor/golang.org/x/sys/unix/syscall_bsd.go b/vendor/golang.org/x/sys/unix/syscall_bsd.go index 9c87c5f07f8..c437fc5d7bb 100644 --- a/vendor/golang.org/x/sys/unix/syscall_bsd.go +++ b/vendor/golang.org/x/sys/unix/syscall_bsd.go @@ -325,27 +325,26 @@ func GetsockoptString(fd, level, opt int) (string, error) { //sys sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) //sys recvmsg(s int, msg *Msghdr, flags int) (n int, err error) -func recvmsgRaw(fd int, p, oob []byte, flags int, rsa *RawSockaddrAny) (n, oobn int, recvflags int, err error) { +func recvmsgRaw(fd int, iov []Iovec, oob []byte, flags int, rsa *RawSockaddrAny) (n, oobn int, recvflags int, err error) { var msg Msghdr msg.Name = (*byte)(unsafe.Pointer(rsa)) msg.Namelen = uint32(SizeofSockaddrAny) - var iov Iovec - if len(p) > 0 { - iov.Base = (*byte)(unsafe.Pointer(&p[0])) - iov.SetLen(len(p)) - } var dummy byte if len(oob) > 0 { // receive at least one normal byte - if len(p) == 0 { - iov.Base = &dummy - iov.SetLen(1) + if emptyIovecs(iov) { + var iova [1]Iovec + iova[0].Base = &dummy + iova[0].SetLen(1) + iov = iova[:] } msg.Control = (*byte)(unsafe.Pointer(&oob[0])) msg.SetControllen(len(oob)) } - msg.Iov = &iov - msg.Iovlen = 1 + if len(iov) > 0 { + msg.Iov = &iov[0] + msg.SetIovlen(len(iov)) + } if n, err = recvmsg(fd, &msg, flags); err != nil { return } @@ -356,31 +355,32 @@ func recvmsgRaw(fd int, p, oob []byte, flags int, rsa *RawSockaddrAny) (n, oobn //sys sendmsg(s int, msg *Msghdr, flags int) (n int, err error) -func sendmsgN(fd int, p, oob []byte, ptr unsafe.Pointer, salen _Socklen, flags int) (n int, err error) { +func sendmsgN(fd int, iov []Iovec, oob []byte, ptr unsafe.Pointer, salen _Socklen, flags int) (n int, err error) { var msg Msghdr msg.Name = (*byte)(unsafe.Pointer(ptr)) msg.Namelen = uint32(salen) - var iov Iovec - if len(p) > 0 { - iov.Base = (*byte)(unsafe.Pointer(&p[0])) - iov.SetLen(len(p)) - } var dummy byte + var empty bool if len(oob) > 0 { // send at least one normal byte - if len(p) == 0 { - iov.Base = &dummy - iov.SetLen(1) + empty := emptyIovecs(iov) + if empty { + var iova [1]Iovec + iova[0].Base = &dummy + iova[0].SetLen(1) + iov = iova[:] } msg.Control = (*byte)(unsafe.Pointer(&oob[0])) msg.SetControllen(len(oob)) } - msg.Iov = &iov - msg.Iovlen = 1 + if len(iov) > 0 { + msg.Iov = &iov[0] + msg.SetIovlen(len(iov)) + } if n, err = sendmsg(fd, &msg, flags); err != nil { return 0, err } - if len(oob) > 0 && len(p) == 0 { + if len(oob) > 0 && empty { n = 0 } return n, nil diff --git a/vendor/golang.org/x/sys/unix/syscall_darwin.go b/vendor/golang.org/x/sys/unix/syscall_darwin.go index e5448cc93ca..4f87f16ea7c 100644 --- a/vendor/golang.org/x/sys/unix/syscall_darwin.go +++ b/vendor/golang.org/x/sys/unix/syscall_darwin.go @@ -393,6 +393,13 @@ func GetsockoptXucred(fd, level, opt int) (*Xucred, error) { return x, err } +func GetsockoptTCPConnectionInfo(fd, level, opt int) (*TCPConnectionInfo, error) { + var value TCPConnectionInfo + vallen := _Socklen(SizeofTCPConnectionInfo) + err := getsockopt(fd, level, opt, unsafe.Pointer(&value), &vallen) + return &value, err +} + func SysctlKinfoProc(name string, args ...int) (*KinfoProc, error) { mib, err := sysctlmib(name, args...) if err != nil { diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd.go b/vendor/golang.org/x/sys/unix/syscall_freebsd.go index 6f6c510f413..de7c23e0648 100644 --- a/vendor/golang.org/x/sys/unix/syscall_freebsd.go +++ b/vendor/golang.org/x/sys/unix/syscall_freebsd.go @@ -17,25 +17,12 @@ import ( "unsafe" ) -const ( - SYS_FSTAT_FREEBSD12 = 551 // { int fstat(int fd, _Out_ struct stat *sb); } - SYS_FSTATAT_FREEBSD12 = 552 // { int fstatat(int fd, _In_z_ char *path, \ - SYS_GETDIRENTRIES_FREEBSD12 = 554 // { ssize_t getdirentries(int fd, \ - SYS_STATFS_FREEBSD12 = 555 // { int statfs(_In_z_ char *path, \ - SYS_FSTATFS_FREEBSD12 = 556 // { int fstatfs(int fd, \ - SYS_GETFSSTAT_FREEBSD12 = 557 // { int getfsstat( \ - SYS_MKNODAT_FREEBSD12 = 559 // { int mknodat(int fd, _In_z_ char *path, \ -) - // See https://www.freebsd.org/doc/en_US.ISO8859-1/books/porters-handbook/versions.html. var ( osreldateOnce sync.Once osreldate uint32 ) -// INO64_FIRST from /usr/src/lib/libc/sys/compat-ino64.h -const _ino64First = 1200031 - func supportsABI(ver uint32) bool { osreldateOnce.Do(func() { osreldate, _ = SysctlUint32("kern.osreldate") }) return osreldate >= ver @@ -159,38 +146,18 @@ func Accept4(fd, flags int) (nfd int, sa Sockaddr, err error) { func Getfsstat(buf []Statfs_t, flags int) (n int, err error) { var ( - _p0 unsafe.Pointer - bufsize uintptr - oldBuf []statfs_freebsd11_t - needsConvert bool + _p0 unsafe.Pointer + bufsize uintptr ) - if len(buf) > 0 { - if supportsABI(_ino64First) { - _p0 = unsafe.Pointer(&buf[0]) - bufsize = unsafe.Sizeof(Statfs_t{}) * uintptr(len(buf)) - } else { - n := len(buf) - oldBuf = make([]statfs_freebsd11_t, n) - _p0 = unsafe.Pointer(&oldBuf[0]) - bufsize = unsafe.Sizeof(statfs_freebsd11_t{}) * uintptr(n) - needsConvert = true - } + _p0 = unsafe.Pointer(&buf[0]) + bufsize = unsafe.Sizeof(Statfs_t{}) * uintptr(len(buf)) } - var sysno uintptr = SYS_GETFSSTAT - if supportsABI(_ino64First) { - sysno = SYS_GETFSSTAT_FREEBSD12 - } - r0, _, e1 := Syscall(sysno, uintptr(_p0), bufsize, uintptr(flags)) + r0, _, e1 := Syscall(SYS_GETFSSTAT, uintptr(_p0), bufsize, uintptr(flags)) n = int(r0) if e1 != 0 { err = e1 } - if e1 == 0 && needsConvert { - for i := range oldBuf { - buf[i].convertFrom(&oldBuf[i]) - } - } return } @@ -245,87 +212,11 @@ func Uname(uname *Utsname) error { } func Stat(path string, st *Stat_t) (err error) { - var oldStat stat_freebsd11_t - if supportsABI(_ino64First) { - return fstatat_freebsd12(AT_FDCWD, path, st, 0) - } - err = stat(path, &oldStat) - if err != nil { - return err - } - - st.convertFrom(&oldStat) - return nil + return Fstatat(AT_FDCWD, path, st, 0) } func Lstat(path string, st *Stat_t) (err error) { - var oldStat stat_freebsd11_t - if supportsABI(_ino64First) { - return fstatat_freebsd12(AT_FDCWD, path, st, AT_SYMLINK_NOFOLLOW) - } - err = lstat(path, &oldStat) - if err != nil { - return err - } - - st.convertFrom(&oldStat) - return nil -} - -func Fstat(fd int, st *Stat_t) (err error) { - var oldStat stat_freebsd11_t - if supportsABI(_ino64First) { - return fstat_freebsd12(fd, st) - } - err = fstat(fd, &oldStat) - if err != nil { - return err - } - - st.convertFrom(&oldStat) - return nil -} - -func Fstatat(fd int, path string, st *Stat_t, flags int) (err error) { - var oldStat stat_freebsd11_t - if supportsABI(_ino64First) { - return fstatat_freebsd12(fd, path, st, flags) - } - err = fstatat(fd, path, &oldStat, flags) - if err != nil { - return err - } - - st.convertFrom(&oldStat) - return nil -} - -func Statfs(path string, st *Statfs_t) (err error) { - var oldStatfs statfs_freebsd11_t - if supportsABI(_ino64First) { - return statfs_freebsd12(path, st) - } - err = statfs(path, &oldStatfs) - if err != nil { - return err - } - - st.convertFrom(&oldStatfs) - return nil -} - -func Fstatfs(fd int, st *Statfs_t) (err error) { - var oldStatfs statfs_freebsd11_t - if supportsABI(_ino64First) { - return fstatfs_freebsd12(fd, st) - } - err = fstatfs(fd, &oldStatfs) - if err != nil { - return err - } - - st.convertFrom(&oldStatfs) - return nil + return Fstatat(AT_FDCWD, path, st, AT_SYMLINK_NOFOLLOW) } func Getdents(fd int, buf []byte) (n int, err error) { @@ -333,162 +224,25 @@ func Getdents(fd int, buf []byte) (n int, err error) { } func Getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) { - if supportsABI(_ino64First) { - if basep == nil || unsafe.Sizeof(*basep) == 8 { - return getdirentries_freebsd12(fd, buf, (*uint64)(unsafe.Pointer(basep))) - } - // The freebsd12 syscall needs a 64-bit base. On 32-bit machines - // we can't just use the basep passed in. See #32498. - var base uint64 = uint64(*basep) - n, err = getdirentries_freebsd12(fd, buf, &base) - *basep = uintptr(base) - if base>>32 != 0 { - // We can't stuff the base back into a uintptr, so any - // future calls would be suspect. Generate an error. - // EIO is allowed by getdirentries. - err = EIO - } - return - } - - // The old syscall entries are smaller than the new. Use 1/4 of the original - // buffer size rounded up to DIRBLKSIZ (see /usr/src/lib/libc/sys/getdirentries.c). - oldBufLen := roundup(len(buf)/4, _dirblksiz) - oldBuf := make([]byte, oldBufLen) - n, err = getdirentries(fd, oldBuf, basep) - if err == nil && n > 0 { - n = convertFromDirents11(buf, oldBuf[:n]) + if basep == nil || unsafe.Sizeof(*basep) == 8 { + return getdirentries(fd, buf, (*uint64)(unsafe.Pointer(basep))) + } + // The syscall needs a 64-bit base. On 32-bit machines + // we can't just use the basep passed in. See #32498. + var base uint64 = uint64(*basep) + n, err = getdirentries(fd, buf, &base) + *basep = uintptr(base) + if base>>32 != 0 { + // We can't stuff the base back into a uintptr, so any + // future calls would be suspect. Generate an error. + // EIO is allowed by getdirentries. + err = EIO } return } func Mknod(path string, mode uint32, dev uint64) (err error) { - var oldDev int - if supportsABI(_ino64First) { - return mknodat_freebsd12(AT_FDCWD, path, mode, dev) - } - oldDev = int(dev) - return mknod(path, mode, oldDev) -} - -func Mknodat(fd int, path string, mode uint32, dev uint64) (err error) { - var oldDev int - if supportsABI(_ino64First) { - return mknodat_freebsd12(fd, path, mode, dev) - } - oldDev = int(dev) - return mknodat(fd, path, mode, oldDev) -} - -// round x to the nearest multiple of y, larger or equal to x. -// -// from /usr/include/sys/param.h Macros for counting and rounding. -// #define roundup(x, y) ((((x)+((y)-1))/(y))*(y)) -func roundup(x, y int) int { - return ((x + y - 1) / y) * y -} - -func (s *Stat_t) convertFrom(old *stat_freebsd11_t) { - *s = Stat_t{ - Dev: uint64(old.Dev), - Ino: uint64(old.Ino), - Nlink: uint64(old.Nlink), - Mode: old.Mode, - Uid: old.Uid, - Gid: old.Gid, - Rdev: uint64(old.Rdev), - Atim: old.Atim, - Mtim: old.Mtim, - Ctim: old.Ctim, - Btim: old.Btim, - Size: old.Size, - Blocks: old.Blocks, - Blksize: old.Blksize, - Flags: old.Flags, - Gen: uint64(old.Gen), - } -} - -func (s *Statfs_t) convertFrom(old *statfs_freebsd11_t) { - *s = Statfs_t{ - Version: _statfsVersion, - Type: old.Type, - Flags: old.Flags, - Bsize: old.Bsize, - Iosize: old.Iosize, - Blocks: old.Blocks, - Bfree: old.Bfree, - Bavail: old.Bavail, - Files: old.Files, - Ffree: old.Ffree, - Syncwrites: old.Syncwrites, - Asyncwrites: old.Asyncwrites, - Syncreads: old.Syncreads, - Asyncreads: old.Asyncreads, - // Spare - Namemax: old.Namemax, - Owner: old.Owner, - Fsid: old.Fsid, - // Charspare - // Fstypename - // Mntfromname - // Mntonname - } - - sl := old.Fstypename[:] - n := clen(*(*[]byte)(unsafe.Pointer(&sl))) - copy(s.Fstypename[:], old.Fstypename[:n]) - - sl = old.Mntfromname[:] - n = clen(*(*[]byte)(unsafe.Pointer(&sl))) - copy(s.Mntfromname[:], old.Mntfromname[:n]) - - sl = old.Mntonname[:] - n = clen(*(*[]byte)(unsafe.Pointer(&sl))) - copy(s.Mntonname[:], old.Mntonname[:n]) -} - -func convertFromDirents11(buf []byte, old []byte) int { - const ( - fixedSize = int(unsafe.Offsetof(Dirent{}.Name)) - oldFixedSize = int(unsafe.Offsetof(dirent_freebsd11{}.Name)) - ) - - dstPos := 0 - srcPos := 0 - for dstPos+fixedSize < len(buf) && srcPos+oldFixedSize < len(old) { - var dstDirent Dirent - var srcDirent dirent_freebsd11 - - // If multiple direntries are written, sometimes when we reach the final one, - // we may have cap of old less than size of dirent_freebsd11. - copy((*[unsafe.Sizeof(srcDirent)]byte)(unsafe.Pointer(&srcDirent))[:], old[srcPos:]) - - reclen := roundup(fixedSize+int(srcDirent.Namlen)+1, 8) - if dstPos+reclen > len(buf) { - break - } - - dstDirent.Fileno = uint64(srcDirent.Fileno) - dstDirent.Off = 0 - dstDirent.Reclen = uint16(reclen) - dstDirent.Type = srcDirent.Type - dstDirent.Pad0 = 0 - dstDirent.Namlen = uint16(srcDirent.Namlen) - dstDirent.Pad1 = 0 - - copy(dstDirent.Name[:], srcDirent.Name[:srcDirent.Namlen]) - copy(buf[dstPos:], (*[unsafe.Sizeof(dstDirent)]byte)(unsafe.Pointer(&dstDirent))[:]) - padding := buf[dstPos+fixedSize+int(dstDirent.Namlen) : dstPos+reclen] - for i := range padding { - padding[i] = 0 - } - - dstPos += int(dstDirent.Reclen) - srcPos += int(srcDirent.Reclen) - } - - return dstPos + return Mknodat(AT_FDCWD, path, mode, dev) } func Sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) { @@ -501,31 +255,31 @@ func Sendfile(outfd int, infd int, offset *int64, count int) (written int, err e //sys ptrace(request int, pid int, addr uintptr, data int) (err error) func PtraceAttach(pid int) (err error) { - return ptrace(PTRACE_ATTACH, pid, 0, 0) + return ptrace(PT_ATTACH, pid, 0, 0) } func PtraceCont(pid int, signal int) (err error) { - return ptrace(PTRACE_CONT, pid, 1, signal) + return ptrace(PT_CONTINUE, pid, 1, signal) } func PtraceDetach(pid int) (err error) { - return ptrace(PTRACE_DETACH, pid, 1, 0) + return ptrace(PT_DETACH, pid, 1, 0) } func PtraceGetFpRegs(pid int, fpregsout *FpReg) (err error) { - return ptrace(PTRACE_GETFPREGS, pid, uintptr(unsafe.Pointer(fpregsout)), 0) + return ptrace(PT_GETFPREGS, pid, uintptr(unsafe.Pointer(fpregsout)), 0) } func PtraceGetRegs(pid int, regsout *Reg) (err error) { - return ptrace(PTRACE_GETREGS, pid, uintptr(unsafe.Pointer(regsout)), 0) + return ptrace(PT_GETREGS, pid, uintptr(unsafe.Pointer(regsout)), 0) } func PtraceLwpEvents(pid int, enable int) (err error) { - return ptrace(PTRACE_LWPEVENTS, pid, 0, enable) + return ptrace(PT_LWP_EVENTS, pid, 0, enable) } func PtraceLwpInfo(pid int, info uintptr) (err error) { - return ptrace(PTRACE_LWPINFO, pid, info, int(unsafe.Sizeof(PtraceLwpInfoStruct{}))) + return ptrace(PT_LWPINFO, pid, info, int(unsafe.Sizeof(PtraceLwpInfoStruct{}))) } func PtracePeekData(pid int, addr uintptr, out []byte) (count int, err error) { @@ -545,11 +299,11 @@ func PtracePokeText(pid int, addr uintptr, data []byte) (count int, err error) { } func PtraceSetRegs(pid int, regs *Reg) (err error) { - return ptrace(PTRACE_SETREGS, pid, uintptr(unsafe.Pointer(regs)), 0) + return ptrace(PT_SETREGS, pid, uintptr(unsafe.Pointer(regs)), 0) } func PtraceSingleStep(pid int) (err error) { - return ptrace(PTRACE_SINGLESTEP, pid, 1, 0) + return ptrace(PT_STEP, pid, 1, 0) } /* @@ -591,16 +345,12 @@ func PtraceSingleStep(pid int) (err error) { //sys Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) //sys Flock(fd int, how int) (err error) //sys Fpathconf(fd int, name int) (val int, err error) -//sys fstat(fd int, stat *stat_freebsd11_t) (err error) -//sys fstat_freebsd12(fd int, stat *Stat_t) (err error) -//sys fstatat(fd int, path string, stat *stat_freebsd11_t, flags int) (err error) -//sys fstatat_freebsd12(fd int, path string, stat *Stat_t, flags int) (err error) -//sys fstatfs(fd int, stat *statfs_freebsd11_t) (err error) -//sys fstatfs_freebsd12(fd int, stat *Statfs_t) (err error) +//sys Fstat(fd int, stat *Stat_t) (err error) +//sys Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) +//sys Fstatfs(fd int, stat *Statfs_t) (err error) //sys Fsync(fd int) (err error) //sys Ftruncate(fd int, length int64) (err error) -//sys getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) -//sys getdirentries_freebsd12(fd int, buf []byte, basep *uint64) (n int, err error) +//sys getdirentries(fd int, buf []byte, basep *uint64) (n int, err error) //sys Getdtablesize() (size int) //sysnb Getegid() (egid int) //sysnb Geteuid() (uid int) @@ -622,13 +372,10 @@ func PtraceSingleStep(pid int) (err error) { //sys Link(path string, link string) (err error) //sys Linkat(pathfd int, path string, linkfd int, link string, flags int) (err error) //sys Listen(s int, backlog int) (err error) -//sys lstat(path string, stat *stat_freebsd11_t) (err error) //sys Mkdir(path string, mode uint32) (err error) //sys Mkdirat(dirfd int, path string, mode uint32) (err error) //sys Mkfifo(path string, mode uint32) (err error) -//sys mknod(path string, mode uint32, dev int) (err error) -//sys mknodat(fd int, path string, mode uint32, dev int) (err error) -//sys mknodat_freebsd12(fd int, path string, mode uint32, dev uint64) (err error) +//sys Mknodat(fd int, path string, mode uint32, dev uint64) (err error) //sys Nanosleep(time *Timespec, leftover *Timespec) (err error) //sys Open(path string, mode int, perm uint32) (fd int, err error) //sys Openat(fdat int, path string, mode int, perm uint32) (fd int, err error) @@ -658,9 +405,7 @@ func PtraceSingleStep(pid int) (err error) { //sysnb Setsid() (pid int, err error) //sysnb Settimeofday(tp *Timeval) (err error) //sysnb Setuid(uid int) (err error) -//sys stat(path string, stat *stat_freebsd11_t) (err error) -//sys statfs(path string, stat *statfs_freebsd11_t) (err error) -//sys statfs_freebsd12(path string, stat *Statfs_t) (err error) +//sys Statfs(path string, stat *Statfs_t) (err error) //sys Symlink(path string, link string) (err error) //sys Symlinkat(oldpath string, newdirfd int, newpath string) (err error) //sys Sync() (err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go index 342fc32b168..c3c4c698e07 100644 --- a/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go +++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go @@ -57,11 +57,11 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno) func PtraceGetFsBase(pid int, fsbase *int64) (err error) { - return ptrace(PTRACE_GETFSBASE, pid, uintptr(unsafe.Pointer(fsbase)), 0) + return ptrace(PT_GETFSBASE, pid, uintptr(unsafe.Pointer(fsbase)), 0) } func PtraceIO(req int, pid int, addr uintptr, out []byte, countin int) (count int, err error) { ioDesc := PtraceIoDesc{Op: int32(req), Offs: (*byte)(unsafe.Pointer(addr)), Addr: (*byte)(unsafe.Pointer(&out[0])), Len: uint32(countin)} - err = ptrace(PTRACE_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0) + err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0) return int(ioDesc.Len), err } diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go index a32d5aa4aed..82be61a2f98 100644 --- a/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go +++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go @@ -57,11 +57,11 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno) func PtraceGetFsBase(pid int, fsbase *int64) (err error) { - return ptrace(PTRACE_GETFSBASE, pid, uintptr(unsafe.Pointer(fsbase)), 0) + return ptrace(PT_GETFSBASE, pid, uintptr(unsafe.Pointer(fsbase)), 0) } func PtraceIO(req int, pid int, addr uintptr, out []byte, countin int) (count int, err error) { ioDesc := PtraceIoDesc{Op: int32(req), Offs: (*byte)(unsafe.Pointer(addr)), Addr: (*byte)(unsafe.Pointer(&out[0])), Len: uint64(countin)} - err = ptrace(PTRACE_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0) + err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0) return int(ioDesc.Len), err } diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go index 1e36d39abe0..cd58f1026c0 100644 --- a/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go +++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go @@ -58,6 +58,6 @@ func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, func PtraceIO(req int, pid int, addr uintptr, out []byte, countin int) (count int, err error) { ioDesc := PtraceIoDesc{Op: int32(req), Offs: (*byte)(unsafe.Pointer(addr)), Addr: (*byte)(unsafe.Pointer(&out[0])), Len: uint32(countin)} - err = ptrace(PTRACE_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0) + err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0) return int(ioDesc.Len), err } diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go index a09a1537bd6..d6f538f9e00 100644 --- a/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go +++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go @@ -58,6 +58,6 @@ func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, func PtraceIO(req int, pid int, addr uintptr, out []byte, countin int) (count int, err error) { ioDesc := PtraceIoDesc{Op: int32(req), Offs: (*byte)(unsafe.Pointer(addr)), Addr: (*byte)(unsafe.Pointer(&out[0])), Len: uint64(countin)} - err = ptrace(PTRACE_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0) + err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0) return int(ioDesc.Len), err } diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go new file mode 100644 index 00000000000..8ea6e96100a --- /dev/null +++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go @@ -0,0 +1,63 @@ +// Copyright 2022 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build riscv64 && freebsd +// +build riscv64,freebsd + +package unix + +import ( + "syscall" + "unsafe" +) + +func setTimespec(sec, nsec int64) Timespec { + return Timespec{Sec: sec, Nsec: nsec} +} + +func setTimeval(sec, usec int64) Timeval { + return Timeval{Sec: sec, Usec: usec} +} + +func SetKevent(k *Kevent_t, fd, mode, flags int) { + k.Ident = uint64(fd) + k.Filter = int16(mode) + k.Flags = uint16(flags) +} + +func (iov *Iovec) SetLen(length int) { + iov.Len = uint64(length) +} + +func (msghdr *Msghdr) SetControllen(length int) { + msghdr.Controllen = uint32(length) +} + +func (msghdr *Msghdr) SetIovlen(length int) { + msghdr.Iovlen = int32(length) +} + +func (cmsg *Cmsghdr) SetLen(length int) { + cmsg.Len = uint32(length) +} + +func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) { + var writtenOut uint64 = 0 + _, _, e1 := Syscall9(SYS_SENDFILE, uintptr(infd), uintptr(outfd), uintptr(*offset), uintptr(count), 0, uintptr(unsafe.Pointer(&writtenOut)), 0, 0, 0) + + written = int(writtenOut) + + if e1 != 0 { + err = e1 + } + return +} + +func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno) + +func PtraceIO(req int, pid int, addr uintptr, out []byte, countin int) (count int, err error) { + ioDesc := PtraceIoDesc{Op: int32(req), Offs: (*byte)(unsafe.Pointer(addr)), Addr: (*byte)(unsafe.Pointer(&out[0])), Len: uint64(countin)} + err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0) + return int(ioDesc.Len), err +} diff --git a/vendor/golang.org/x/sys/unix/syscall_illumos.go b/vendor/golang.org/x/sys/unix/syscall_illumos.go index 8d5f294c425..e48244a9c9a 100644 --- a/vendor/golang.org/x/sys/unix/syscall_illumos.go +++ b/vendor/golang.org/x/sys/unix/syscall_illumos.go @@ -20,10 +20,9 @@ func bytes2iovec(bs [][]byte) []Iovec { for i, b := range bs { iovecs[i].SetLen(len(b)) if len(b) > 0 { - // somehow Iovec.Base on illumos is (*int8), not (*byte) - iovecs[i].Base = (*int8)(unsafe.Pointer(&b[0])) + iovecs[i].Base = &b[0] } else { - iovecs[i].Base = (*int8)(unsafe.Pointer(&_zero)) + iovecs[i].Base = (*byte)(unsafe.Pointer(&_zero)) } } return iovecs diff --git a/vendor/golang.org/x/sys/unix/syscall_linux.go b/vendor/golang.org/x/sys/unix/syscall_linux.go index c8d20321251..5e4a94f7311 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux.go @@ -1499,18 +1499,13 @@ func KeyctlRestrictKeyring(ringid int, keyType string, restriction string) error //sys keyctlRestrictKeyringByType(cmd int, arg2 int, keyType string, restriction string) (err error) = SYS_KEYCTL //sys keyctlRestrictKeyring(cmd int, arg2 int) (err error) = SYS_KEYCTL -func recvmsgRaw(fd int, p, oob []byte, flags int, rsa *RawSockaddrAny) (n, oobn int, recvflags int, err error) { +func recvmsgRaw(fd int, iov []Iovec, oob []byte, flags int, rsa *RawSockaddrAny) (n, oobn int, recvflags int, err error) { var msg Msghdr msg.Name = (*byte)(unsafe.Pointer(rsa)) msg.Namelen = uint32(SizeofSockaddrAny) - var iov Iovec - if len(p) > 0 { - iov.Base = &p[0] - iov.SetLen(len(p)) - } var dummy byte if len(oob) > 0 { - if len(p) == 0 { + if emptyIovecs(iov) { var sockType int sockType, err = GetsockoptInt(fd, SOL_SOCKET, SO_TYPE) if err != nil { @@ -1518,15 +1513,19 @@ func recvmsgRaw(fd int, p, oob []byte, flags int, rsa *RawSockaddrAny) (n, oobn } // receive at least one normal byte if sockType != SOCK_DGRAM { - iov.Base = &dummy - iov.SetLen(1) + var iova [1]Iovec + iova[0].Base = &dummy + iova[0].SetLen(1) + iov = iova[:] } } msg.Control = &oob[0] msg.SetControllen(len(oob)) } - msg.Iov = &iov - msg.Iovlen = 1 + if len(iov) > 0 { + msg.Iov = &iov[0] + msg.SetIovlen(len(iov)) + } if n, err = recvmsg(fd, &msg, flags); err != nil { return } @@ -1535,18 +1534,15 @@ func recvmsgRaw(fd int, p, oob []byte, flags int, rsa *RawSockaddrAny) (n, oobn return } -func sendmsgN(fd int, p, oob []byte, ptr unsafe.Pointer, salen _Socklen, flags int) (n int, err error) { +func sendmsgN(fd int, iov []Iovec, oob []byte, ptr unsafe.Pointer, salen _Socklen, flags int) (n int, err error) { var msg Msghdr msg.Name = (*byte)(ptr) msg.Namelen = uint32(salen) - var iov Iovec - if len(p) > 0 { - iov.Base = &p[0] - iov.SetLen(len(p)) - } var dummy byte + var empty bool if len(oob) > 0 { - if len(p) == 0 { + empty := emptyIovecs(iov) + if empty { var sockType int sockType, err = GetsockoptInt(fd, SOL_SOCKET, SO_TYPE) if err != nil { @@ -1554,19 +1550,22 @@ func sendmsgN(fd int, p, oob []byte, ptr unsafe.Pointer, salen _Socklen, flags i } // send at least one normal byte if sockType != SOCK_DGRAM { - iov.Base = &dummy - iov.SetLen(1) + var iova [1]Iovec + iova[0].Base = &dummy + iova[0].SetLen(1) } } msg.Control = &oob[0] msg.SetControllen(len(oob)) } - msg.Iov = &iov - msg.Iovlen = 1 + if len(iov) > 0 { + msg.Iov = &iov[0] + msg.SetIovlen(len(iov)) + } if n, err = sendmsg(fd, &msg, flags); err != nil { return 0, err } - if len(oob) > 0 && len(p) == 0 { + if len(oob) > 0 && empty { n = 0 } return n, nil diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go b/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go index 28ba7b8cb71..0b69c3eff96 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go @@ -12,8 +12,6 @@ import "unsafe" //sys EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error) = SYS_EPOLL_PWAIT //sys Fadvise(fd int, offset int64, length int64, advice int) (err error) = SYS_FADVISE64 //sys Fchown(fd int, uid int, gid int) (err error) -//sys Fstat(fd int, stat *Stat_t) (err error) -//sys Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) //sys Fstatfs(fd int, buf *Statfs_t) (err error) //sys Ftruncate(fd int, length int64) (err error) //sysnb Getegid() (egid int) @@ -43,6 +41,43 @@ func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err //sys Shutdown(fd int, how int) (err error) //sys Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error) +func timespecFromStatxTimestamp(x StatxTimestamp) Timespec { + return Timespec{ + Sec: x.Sec, + Nsec: int64(x.Nsec), + } +} + +func Fstatat(fd int, path string, stat *Stat_t, flags int) error { + var r Statx_t + // Do it the glibc way, add AT_NO_AUTOMOUNT. + if err := Statx(fd, path, AT_NO_AUTOMOUNT|flags, STATX_BASIC_STATS, &r); err != nil { + return err + } + + stat.Dev = Mkdev(r.Dev_major, r.Dev_minor) + stat.Ino = r.Ino + stat.Mode = uint32(r.Mode) + stat.Nlink = r.Nlink + stat.Uid = r.Uid + stat.Gid = r.Gid + stat.Rdev = Mkdev(r.Rdev_major, r.Rdev_minor) + // hope we don't get to process files so large to overflow these size + // fields... + stat.Size = int64(r.Size) + stat.Blksize = int32(r.Blksize) + stat.Blocks = int64(r.Blocks) + stat.Atim = timespecFromStatxTimestamp(r.Atime) + stat.Mtim = timespecFromStatxTimestamp(r.Mtime) + stat.Ctim = timespecFromStatxTimestamp(r.Ctime) + + return nil +} + +func Fstat(fd int, stat *Stat_t) (err error) { + return Fstatat(fd, "", stat, AT_EMPTY_PATH) +} + func Stat(path string, stat *Stat_t) (err error) { return Fstatat(AT_FDCWD, path, stat, 0) } diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go b/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go index 8ff7adba039..925a748a39b 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go @@ -22,6 +22,7 @@ import "unsafe" //sysnb Getrlimit(resource int, rlim *Rlimit) (err error) //sysnb Getuid() (uid int) //sys Listen(s int, n int) (err error) +//sys MemfdSecret(flags int) (fd int, err error) //sys pread(fd int, p []byte, offset int64) (n int, err error) = SYS_PREAD64 //sys pwrite(fd int, p []byte, offset int64) (n int, err error) = SYS_PWRITE64 //sys Seek(fd int, offset int64, whence int) (off int64, err error) = SYS_LSEEK diff --git a/vendor/golang.org/x/sys/unix/syscall_openbsd_mips64.go b/vendor/golang.org/x/sys/unix/syscall_openbsd_mips64.go index 30f285343ee..1378489f8d7 100644 --- a/vendor/golang.org/x/sys/unix/syscall_openbsd_mips64.go +++ b/vendor/golang.org/x/sys/unix/syscall_openbsd_mips64.go @@ -26,6 +26,10 @@ func (msghdr *Msghdr) SetControllen(length int) { msghdr.Controllen = uint32(length) } +func (msghdr *Msghdr) SetIovlen(length int) { + msghdr.Iovlen = uint32(length) +} + func (cmsg *Cmsghdr) SetLen(length int) { cmsg.Len = uint32(length) } diff --git a/vendor/golang.org/x/sys/unix/syscall_solaris.go b/vendor/golang.org/x/sys/unix/syscall_solaris.go index 5c2003cec65..b5ec457cdcc 100644 --- a/vendor/golang.org/x/sys/unix/syscall_solaris.go +++ b/vendor/golang.org/x/sys/unix/syscall_solaris.go @@ -451,26 +451,25 @@ func Accept(fd int) (nfd int, sa Sockaddr, err error) { //sys recvmsg(s int, msg *Msghdr, flags int) (n int, err error) = libsocket.__xnet_recvmsg -func recvmsgRaw(fd int, p, oob []byte, flags int, rsa *RawSockaddrAny) (n, oobn int, recvflags int, err error) { +func recvmsgRaw(fd int, iov []Iovec, oob []byte, flags int, rsa *RawSockaddrAny) (n, oobn int, recvflags int, err error) { var msg Msghdr msg.Name = (*byte)(unsafe.Pointer(rsa)) msg.Namelen = uint32(SizeofSockaddrAny) - var iov Iovec - if len(p) > 0 { - iov.Base = (*int8)(unsafe.Pointer(&p[0])) - iov.SetLen(len(p)) - } - var dummy int8 + var dummy byte if len(oob) > 0 { // receive at least one normal byte - if len(p) == 0 { - iov.Base = &dummy - iov.SetLen(1) + if emptyIovecs(iov) { + var iova [1]Iovec + iova[0].Base = &dummy + iova[0].SetLen(1) + iov = iova[:] } msg.Accrightslen = int32(len(oob)) } - msg.Iov = &iov - msg.Iovlen = 1 + if len(iov) > 0 { + msg.Iov = &iov[0] + msg.SetIovlen(len(iov)) + } if n, err = recvmsg(fd, &msg, flags); n == -1 { return } @@ -480,30 +479,31 @@ func recvmsgRaw(fd int, p, oob []byte, flags int, rsa *RawSockaddrAny) (n, oobn //sys sendmsg(s int, msg *Msghdr, flags int) (n int, err error) = libsocket.__xnet_sendmsg -func sendmsgN(fd int, p, oob []byte, ptr unsafe.Pointer, salen _Socklen, flags int) (n int, err error) { +func sendmsgN(fd int, iov []Iovec, oob []byte, ptr unsafe.Pointer, salen _Socklen, flags int) (n int, err error) { var msg Msghdr msg.Name = (*byte)(unsafe.Pointer(ptr)) msg.Namelen = uint32(salen) - var iov Iovec - if len(p) > 0 { - iov.Base = (*int8)(unsafe.Pointer(&p[0])) - iov.SetLen(len(p)) - } - var dummy int8 + var dummy byte + var empty bool if len(oob) > 0 { // send at least one normal byte - if len(p) == 0 { - iov.Base = &dummy - iov.SetLen(1) + empty = emptyIovecs(iov) + if empty { + var iova [1]Iovec + iova[0].Base = &dummy + iova[0].SetLen(1) + iov = iova[:] } msg.Accrightslen = int32(len(oob)) } - msg.Iov = &iov - msg.Iovlen = 1 + if len(iov) > 0 { + msg.Iov = &iov[0] + msg.SetIovlen(len(iov)) + } if n, err = sendmsg(fd, &msg, flags); err != nil { return 0, err } - if len(oob) > 0 && len(p) == 0 { + if len(oob) > 0 && empty { n = 0 } return n, nil @@ -618,6 +618,7 @@ func Sendfile(outfd int, infd int, offset *int64, count int) (written int, err e //sys Getpriority(which int, who int) (n int, err error) //sysnb Getrlimit(which int, lim *Rlimit) (err error) //sysnb Getrusage(who int, rusage *Rusage) (err error) +//sysnb Getsid(pid int) (sid int, err error) //sysnb Gettimeofday(tv *Timeval) (err error) //sysnb Getuid() (uid int) //sys Kill(pid int, signum syscall.Signal) (err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_unix.go b/vendor/golang.org/x/sys/unix/syscall_unix.go index 70508afc1d1..1ff5060b512 100644 --- a/vendor/golang.org/x/sys/unix/syscall_unix.go +++ b/vendor/golang.org/x/sys/unix/syscall_unix.go @@ -338,8 +338,13 @@ func Recvfrom(fd int, p []byte, flags int) (n int, from Sockaddr, err error) { } func Recvmsg(fd int, p, oob []byte, flags int) (n, oobn int, recvflags int, from Sockaddr, err error) { + var iov [1]Iovec + if len(p) > 0 { + iov[0].Base = &p[0] + iov[0].SetLen(len(p)) + } var rsa RawSockaddrAny - n, oobn, recvflags, err = recvmsgRaw(fd, p, oob, flags, &rsa) + n, oobn, recvflags, err = recvmsgRaw(fd, iov[:], oob, flags, &rsa) // source address is only specified if the socket is unconnected if rsa.Addr.Family != AF_UNSPEC { from, err = anyToSockaddr(fd, &rsa) @@ -347,12 +352,67 @@ func Recvmsg(fd int, p, oob []byte, flags int) (n, oobn int, recvflags int, from return } +// RecvmsgBuffers receives a message from a socket using the recvmsg +// system call. The flags are passed to recvmsg. Any non-control data +// read is scattered into the buffers slices. The results are: +// - n is the number of non-control data read into bufs +// - oobn is the number of control data read into oob; this may be interpreted using [ParseSocketControlMessage] +// - recvflags is flags returned by recvmsg +// - from is the address of the sender +func RecvmsgBuffers(fd int, buffers [][]byte, oob []byte, flags int) (n, oobn int, recvflags int, from Sockaddr, err error) { + iov := make([]Iovec, len(buffers)) + for i := range buffers { + if len(buffers[i]) > 0 { + iov[i].Base = &buffers[i][0] + iov[i].SetLen(len(buffers[i])) + } else { + iov[i].Base = (*byte)(unsafe.Pointer(&_zero)) + } + } + var rsa RawSockaddrAny + n, oobn, recvflags, err = recvmsgRaw(fd, iov, oob, flags, &rsa) + if err == nil && rsa.Addr.Family != AF_UNSPEC { + from, err = anyToSockaddr(fd, &rsa) + } + return +} + func Sendmsg(fd int, p, oob []byte, to Sockaddr, flags int) (err error) { _, err = SendmsgN(fd, p, oob, to, flags) return } func SendmsgN(fd int, p, oob []byte, to Sockaddr, flags int) (n int, err error) { + var iov [1]Iovec + if len(p) > 0 { + iov[0].Base = &p[0] + iov[0].SetLen(len(p)) + } + var ptr unsafe.Pointer + var salen _Socklen + if to != nil { + ptr, salen, err = to.sockaddr() + if err != nil { + return 0, err + } + } + return sendmsgN(fd, iov[:], oob, ptr, salen, flags) +} + +// SendmsgBuffers sends a message on a socket to an address using the sendmsg +// system call. The flags are passed to sendmsg. Any non-control data written +// is gathered from buffers. The function returns the number of bytes written +// to the socket. +func SendmsgBuffers(fd int, buffers [][]byte, oob []byte, to Sockaddr, flags int) (n int, err error) { + iov := make([]Iovec, len(buffers)) + for i := range buffers { + if len(buffers[i]) > 0 { + iov[i].Base = &buffers[i][0] + iov[i].SetLen(len(buffers[i])) + } else { + iov[i].Base = (*byte)(unsafe.Pointer(&_zero)) + } + } var ptr unsafe.Pointer var salen _Socklen if to != nil { @@ -361,7 +421,7 @@ func SendmsgN(fd int, p, oob []byte, to Sockaddr, flags int) (n int, err error) return 0, err } } - return sendmsgN(fd, p, oob, ptr, salen, flags) + return sendmsgN(fd, iov, oob, ptr, salen, flags) } func Send(s int, buf []byte, flags int) (err error) { @@ -484,3 +544,13 @@ func Lutimes(path string, tv []Timeval) error { } return UtimesNanoAt(AT_FDCWD, path, ts, AT_SYMLINK_NOFOLLOW) } + +// emptyIovec reports whether there are no bytes in the slice of Iovec. +func emptyIovecs(iov []Iovec) bool { + for i := range iov { + if iov[i].Len > 0 { + return false + } + } + return true +} diff --git a/vendor/golang.org/x/sys/unix/zerrors_freebsd_386.go b/vendor/golang.org/x/sys/unix/zerrors_freebsd_386.go index 440900112cd..f8c2c513874 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_freebsd_386.go +++ b/vendor/golang.org/x/sys/unix/zerrors_freebsd_386.go @@ -151,6 +151,7 @@ const ( BIOCSETF = 0x80084267 BIOCSETFNR = 0x80084282 BIOCSETIF = 0x8020426c + BIOCSETVLANPCP = 0x80044285 BIOCSETWF = 0x8008427b BIOCSETZBUF = 0x800c4281 BIOCSHDRCMPLT = 0x80044275 @@ -447,7 +448,7 @@ const ( DLT_IEEE802_16_MAC_CPS_RADIO = 0xc1 DLT_INFINIBAND = 0xf7 DLT_IPFILTER = 0x74 - DLT_IPMB = 0xc7 + DLT_IPMB_KONTRON = 0xc7 DLT_IPMB_LINUX = 0xd1 DLT_IPMI_HPM_2 = 0x104 DLT_IPNET = 0xe2 @@ -487,10 +488,11 @@ const ( DLT_LINUX_LAPD = 0xb1 DLT_LINUX_PPP_WITHDIRECTION = 0xa6 DLT_LINUX_SLL = 0x71 + DLT_LINUX_SLL2 = 0x114 DLT_LOOP = 0x6c DLT_LORATAP = 0x10e DLT_LTALK = 0x72 - DLT_MATCHING_MAX = 0x113 + DLT_MATCHING_MAX = 0x114 DLT_MATCHING_MIN = 0x68 DLT_MFR = 0xb6 DLT_MOST = 0xd3 @@ -734,6 +736,7 @@ const ( IPPROTO_CMTP = 0x26 IPPROTO_CPHB = 0x49 IPPROTO_CPNX = 0x48 + IPPROTO_DCCP = 0x21 IPPROTO_DDP = 0x25 IPPROTO_DGP = 0x56 IPPROTO_DIVERT = 0x102 @@ -814,7 +817,6 @@ const ( IPPROTO_SCTP = 0x84 IPPROTO_SDRP = 0x2a IPPROTO_SEND = 0x103 - IPPROTO_SEP = 0x21 IPPROTO_SHIM6 = 0x8c IPPROTO_SKIP = 0x39 IPPROTO_SPACER = 0x7fff @@ -911,6 +913,7 @@ const ( IPV6_V6ONLY = 0x1b IPV6_VERSION = 0x60 IPV6_VERSION_MASK = 0xf0 + IPV6_VLAN_PCP = 0x4b IP_ADD_MEMBERSHIP = 0xc IP_ADD_SOURCE_MEMBERSHIP = 0x46 IP_BINDANY = 0x18 @@ -989,8 +992,12 @@ const ( IP_TOS = 0x3 IP_TTL = 0x4 IP_UNBLOCK_SOURCE = 0x49 + IP_VLAN_PCP = 0x4b ISIG = 0x80 ISTRIP = 0x20 + ITIMER_PROF = 0x2 + ITIMER_REAL = 0x0 + ITIMER_VIRTUAL = 0x1 IXANY = 0x800 IXOFF = 0x400 IXON = 0x200 @@ -1000,7 +1007,6 @@ const ( KERN_VERSION = 0x4 LOCAL_CONNWAIT = 0x4 LOCAL_CREDS = 0x2 - LOCAL_CREDS_PERSISTENT = 0x3 LOCAL_PEERCRED = 0x1 LOCAL_VENDOR = 0x80000000 LOCK_EX = 0x2 @@ -1179,6 +1185,8 @@ const ( O_NONBLOCK = 0x4 O_RDONLY = 0x0 O_RDWR = 0x2 + O_RESOLVE_BENEATH = 0x800000 + O_SEARCH = 0x40000 O_SHLOCK = 0x10 O_SYNC = 0x80 O_TRUNC = 0x400 @@ -1189,6 +1197,10 @@ const ( PARMRK = 0x8 PARODD = 0x2000 PENDIN = 0x20000000 + PIOD_READ_D = 0x1 + PIOD_READ_I = 0x3 + PIOD_WRITE_D = 0x2 + PIOD_WRITE_I = 0x4 PRIO_PGRP = 0x1 PRIO_PROCESS = 0x0 PRIO_USER = 0x2 @@ -1196,6 +1208,60 @@ const ( PROT_NONE = 0x0 PROT_READ = 0x1 PROT_WRITE = 0x2 + PTRACE_DEFAULT = 0x1 + PTRACE_EXEC = 0x1 + PTRACE_FORK = 0x8 + PTRACE_LWP = 0x10 + PTRACE_SCE = 0x2 + PTRACE_SCX = 0x4 + PTRACE_SYSCALL = 0x6 + PTRACE_VFORK = 0x20 + PT_ATTACH = 0xa + PT_CLEARSTEP = 0x10 + PT_CONTINUE = 0x7 + PT_DETACH = 0xb + PT_FIRSTMACH = 0x40 + PT_FOLLOW_FORK = 0x17 + PT_GETDBREGS = 0x25 + PT_GETFPREGS = 0x23 + PT_GETFSBASE = 0x47 + PT_GETGSBASE = 0x49 + PT_GETLWPLIST = 0xf + PT_GETNUMLWPS = 0xe + PT_GETREGS = 0x21 + PT_GETXMMREGS = 0x40 + PT_GETXSTATE = 0x45 + PT_GETXSTATE_INFO = 0x44 + PT_GET_EVENT_MASK = 0x19 + PT_GET_SC_ARGS = 0x1b + PT_GET_SC_RET = 0x1c + PT_IO = 0xc + PT_KILL = 0x8 + PT_LWPINFO = 0xd + PT_LWP_EVENTS = 0x18 + PT_READ_D = 0x2 + PT_READ_I = 0x1 + PT_RESUME = 0x13 + PT_SETDBREGS = 0x26 + PT_SETFPREGS = 0x24 + PT_SETFSBASE = 0x48 + PT_SETGSBASE = 0x4a + PT_SETREGS = 0x22 + PT_SETSTEP = 0x11 + PT_SETXMMREGS = 0x41 + PT_SETXSTATE = 0x46 + PT_SET_EVENT_MASK = 0x1a + PT_STEP = 0x9 + PT_SUSPEND = 0x12 + PT_SYSCALL = 0x16 + PT_TO_SCE = 0x14 + PT_TO_SCX = 0x15 + PT_TRACE_ME = 0x0 + PT_VM_ENTRY = 0x29 + PT_VM_TIMESTAMP = 0x28 + PT_WRITE_D = 0x5 + PT_WRITE_I = 0x4 + P_ZONEID = 0xc RLIMIT_AS = 0xa RLIMIT_CORE = 0x4 RLIMIT_CPU = 0x0 @@ -1320,10 +1386,12 @@ const ( SIOCGHWADDR = 0xc020693e SIOCGI2C = 0xc020693d SIOCGIFADDR = 0xc0206921 + SIOCGIFALIAS = 0xc044692d SIOCGIFBRDADDR = 0xc0206923 SIOCGIFCAP = 0xc020691f SIOCGIFCONF = 0xc0086924 SIOCGIFDESCR = 0xc020692a + SIOCGIFDOWNREASON = 0xc058699a SIOCGIFDSTADDR = 0xc0206922 SIOCGIFFIB = 0xc020695c SIOCGIFFLAGS = 0xc0206911 @@ -1414,6 +1482,7 @@ const ( SO_RCVBUF = 0x1002 SO_RCVLOWAT = 0x1004 SO_RCVTIMEO = 0x1006 + SO_RERROR = 0x20000 SO_REUSEADDR = 0x4 SO_REUSEPORT = 0x200 SO_REUSEPORT_LB = 0x10000 @@ -1472,22 +1541,40 @@ const ( TCOFLUSH = 0x2 TCOOFF = 0x1 TCOON = 0x2 + TCPOPT_EOL = 0x0 + TCPOPT_FAST_OPEN = 0x22 + TCPOPT_MAXSEG = 0x2 + TCPOPT_NOP = 0x1 + TCPOPT_PAD = 0x0 + TCPOPT_SACK = 0x5 + TCPOPT_SACK_PERMITTED = 0x4 + TCPOPT_SIGNATURE = 0x13 + TCPOPT_TIMESTAMP = 0x8 + TCPOPT_WINDOW = 0x3 TCP_BBR_ACK_COMP_ALG = 0x448 + TCP_BBR_ALGORITHM = 0x43b TCP_BBR_DRAIN_INC_EXTRA = 0x43c TCP_BBR_DRAIN_PG = 0x42e TCP_BBR_EXTRA_GAIN = 0x449 + TCP_BBR_EXTRA_STATE = 0x453 + TCP_BBR_FLOOR_MIN_TSO = 0x454 + TCP_BBR_HDWR_PACE = 0x451 + TCP_BBR_HOLD_TARGET = 0x436 TCP_BBR_IWINTSO = 0x42b TCP_BBR_LOWGAIN_FD = 0x436 TCP_BBR_LOWGAIN_HALF = 0x435 TCP_BBR_LOWGAIN_THRESH = 0x434 TCP_BBR_MAX_RTO = 0x439 TCP_BBR_MIN_RTO = 0x438 + TCP_BBR_MIN_TOPACEOUT = 0x455 TCP_BBR_ONE_RETRAN = 0x431 TCP_BBR_PACE_CROSS = 0x442 TCP_BBR_PACE_DEL_TAR = 0x43f + TCP_BBR_PACE_OH = 0x435 TCP_BBR_PACE_PER_SEC = 0x43e TCP_BBR_PACE_SEG_MAX = 0x440 TCP_BBR_PACE_SEG_MIN = 0x441 + TCP_BBR_POLICER_DETECT = 0x457 TCP_BBR_PROBE_RTT_GAIN = 0x44d TCP_BBR_PROBE_RTT_INT = 0x430 TCP_BBR_PROBE_RTT_LEN = 0x44e @@ -1496,12 +1583,18 @@ const ( TCP_BBR_REC_OVER_HPTS = 0x43a TCP_BBR_RETRAN_WTSO = 0x44b TCP_BBR_RWND_IS_APP = 0x42f + TCP_BBR_SEND_IWND_IN_TSO = 0x44f TCP_BBR_STARTUP_EXIT_EPOCH = 0x43d TCP_BBR_STARTUP_LOSS_EXIT = 0x432 TCP_BBR_STARTUP_PG = 0x42d + TCP_BBR_TMR_PACE_OH = 0x448 + TCP_BBR_TSLIMITS = 0x434 + TCP_BBR_TSTMP_RAISES = 0x456 TCP_BBR_UNLIMITED = 0x43b TCP_BBR_USEDEL_RATE = 0x437 TCP_BBR_USE_LOWGAIN = 0x433 + TCP_BBR_USE_RACK_CHEAT = 0x450 + TCP_BBR_UTTER_MAX_TSO = 0x452 TCP_CA_NAME_MAX = 0x10 TCP_CCALGOOPT = 0x41 TCP_CONGESTION = 0x40 @@ -1541,6 +1634,7 @@ const ( TCP_PCAP_OUT = 0x800 TCP_RACK_EARLY_RECOV = 0x423 TCP_RACK_EARLY_SEG = 0x424 + TCP_RACK_GP_INCREASE = 0x446 TCP_RACK_IDLE_REDUCE_HIGH = 0x444 TCP_RACK_MIN_PACE = 0x445 TCP_RACK_MIN_PACE_SEG = 0x446 @@ -1554,7 +1648,6 @@ const ( TCP_RACK_PRR_SENDALOT = 0x421 TCP_RACK_REORD_FADE = 0x426 TCP_RACK_REORD_THRESH = 0x425 - TCP_RACK_SESS_CWV = 0x42a TCP_RACK_TLP_INC_VAR = 0x429 TCP_RACK_TLP_REDUCE = 0x41c TCP_RACK_TLP_THRESH = 0x427 @@ -1694,12 +1787,13 @@ const ( EIDRM = syscall.Errno(0x52) EILSEQ = syscall.Errno(0x56) EINPROGRESS = syscall.Errno(0x24) + EINTEGRITY = syscall.Errno(0x61) EINTR = syscall.Errno(0x4) EINVAL = syscall.Errno(0x16) EIO = syscall.Errno(0x5) EISCONN = syscall.Errno(0x38) EISDIR = syscall.Errno(0x15) - ELAST = syscall.Errno(0x60) + ELAST = syscall.Errno(0x61) ELOOP = syscall.Errno(0x3e) EMFILE = syscall.Errno(0x18) EMLINK = syscall.Errno(0x1f) @@ -1842,7 +1936,7 @@ var errorList = [...]struct { {32, "EPIPE", "broken pipe"}, {33, "EDOM", "numerical argument out of domain"}, {34, "ERANGE", "result too large"}, - {35, "EAGAIN", "resource temporarily unavailable"}, + {35, "EWOULDBLOCK", "resource temporarily unavailable"}, {36, "EINPROGRESS", "operation now in progress"}, {37, "EALREADY", "operation already in progress"}, {38, "ENOTSOCK", "socket operation on non-socket"}, @@ -1904,6 +1998,7 @@ var errorList = [...]struct { {94, "ECAPMODE", "not permitted in capability mode"}, {95, "ENOTRECOVERABLE", "state not recoverable"}, {96, "EOWNERDEAD", "previous owner died"}, + {97, "EINTEGRITY", "integrity check failed"}, } // Signal table diff --git a/vendor/golang.org/x/sys/unix/zerrors_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_freebsd_amd64.go index 64520d31226..96310c3be1b 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_freebsd_amd64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_freebsd_amd64.go @@ -151,6 +151,7 @@ const ( BIOCSETF = 0x80104267 BIOCSETFNR = 0x80104282 BIOCSETIF = 0x8020426c + BIOCSETVLANPCP = 0x80044285 BIOCSETWF = 0x8010427b BIOCSETZBUF = 0x80184281 BIOCSHDRCMPLT = 0x80044275 @@ -447,7 +448,7 @@ const ( DLT_IEEE802_16_MAC_CPS_RADIO = 0xc1 DLT_INFINIBAND = 0xf7 DLT_IPFILTER = 0x74 - DLT_IPMB = 0xc7 + DLT_IPMB_KONTRON = 0xc7 DLT_IPMB_LINUX = 0xd1 DLT_IPMI_HPM_2 = 0x104 DLT_IPNET = 0xe2 @@ -487,10 +488,11 @@ const ( DLT_LINUX_LAPD = 0xb1 DLT_LINUX_PPP_WITHDIRECTION = 0xa6 DLT_LINUX_SLL = 0x71 + DLT_LINUX_SLL2 = 0x114 DLT_LOOP = 0x6c DLT_LORATAP = 0x10e DLT_LTALK = 0x72 - DLT_MATCHING_MAX = 0x113 + DLT_MATCHING_MAX = 0x114 DLT_MATCHING_MIN = 0x68 DLT_MFR = 0xb6 DLT_MOST = 0xd3 @@ -734,6 +736,7 @@ const ( IPPROTO_CMTP = 0x26 IPPROTO_CPHB = 0x49 IPPROTO_CPNX = 0x48 + IPPROTO_DCCP = 0x21 IPPROTO_DDP = 0x25 IPPROTO_DGP = 0x56 IPPROTO_DIVERT = 0x102 @@ -814,7 +817,6 @@ const ( IPPROTO_SCTP = 0x84 IPPROTO_SDRP = 0x2a IPPROTO_SEND = 0x103 - IPPROTO_SEP = 0x21 IPPROTO_SHIM6 = 0x8c IPPROTO_SKIP = 0x39 IPPROTO_SPACER = 0x7fff @@ -911,6 +913,7 @@ const ( IPV6_V6ONLY = 0x1b IPV6_VERSION = 0x60 IPV6_VERSION_MASK = 0xf0 + IPV6_VLAN_PCP = 0x4b IP_ADD_MEMBERSHIP = 0xc IP_ADD_SOURCE_MEMBERSHIP = 0x46 IP_BINDANY = 0x18 @@ -989,8 +992,12 @@ const ( IP_TOS = 0x3 IP_TTL = 0x4 IP_UNBLOCK_SOURCE = 0x49 + IP_VLAN_PCP = 0x4b ISIG = 0x80 ISTRIP = 0x20 + ITIMER_PROF = 0x2 + ITIMER_REAL = 0x0 + ITIMER_VIRTUAL = 0x1 IXANY = 0x800 IXOFF = 0x400 IXON = 0x200 @@ -1000,7 +1007,6 @@ const ( KERN_VERSION = 0x4 LOCAL_CONNWAIT = 0x4 LOCAL_CREDS = 0x2 - LOCAL_CREDS_PERSISTENT = 0x3 LOCAL_PEERCRED = 0x1 LOCAL_VENDOR = 0x80000000 LOCK_EX = 0x2 @@ -1180,6 +1186,8 @@ const ( O_NONBLOCK = 0x4 O_RDONLY = 0x0 O_RDWR = 0x2 + O_RESOLVE_BENEATH = 0x800000 + O_SEARCH = 0x40000 O_SHLOCK = 0x10 O_SYNC = 0x80 O_TRUNC = 0x400 @@ -1190,6 +1198,10 @@ const ( PARMRK = 0x8 PARODD = 0x2000 PENDIN = 0x20000000 + PIOD_READ_D = 0x1 + PIOD_READ_I = 0x3 + PIOD_WRITE_D = 0x2 + PIOD_WRITE_I = 0x4 PRIO_PGRP = 0x1 PRIO_PROCESS = 0x0 PRIO_USER = 0x2 @@ -1197,6 +1209,58 @@ const ( PROT_NONE = 0x0 PROT_READ = 0x1 PROT_WRITE = 0x2 + PTRACE_DEFAULT = 0x1 + PTRACE_EXEC = 0x1 + PTRACE_FORK = 0x8 + PTRACE_LWP = 0x10 + PTRACE_SCE = 0x2 + PTRACE_SCX = 0x4 + PTRACE_SYSCALL = 0x6 + PTRACE_VFORK = 0x20 + PT_ATTACH = 0xa + PT_CLEARSTEP = 0x10 + PT_CONTINUE = 0x7 + PT_DETACH = 0xb + PT_FIRSTMACH = 0x40 + PT_FOLLOW_FORK = 0x17 + PT_GETDBREGS = 0x25 + PT_GETFPREGS = 0x23 + PT_GETFSBASE = 0x47 + PT_GETGSBASE = 0x49 + PT_GETLWPLIST = 0xf + PT_GETNUMLWPS = 0xe + PT_GETREGS = 0x21 + PT_GETXSTATE = 0x45 + PT_GETXSTATE_INFO = 0x44 + PT_GET_EVENT_MASK = 0x19 + PT_GET_SC_ARGS = 0x1b + PT_GET_SC_RET = 0x1c + PT_IO = 0xc + PT_KILL = 0x8 + PT_LWPINFO = 0xd + PT_LWP_EVENTS = 0x18 + PT_READ_D = 0x2 + PT_READ_I = 0x1 + PT_RESUME = 0x13 + PT_SETDBREGS = 0x26 + PT_SETFPREGS = 0x24 + PT_SETFSBASE = 0x48 + PT_SETGSBASE = 0x4a + PT_SETREGS = 0x22 + PT_SETSTEP = 0x11 + PT_SETXSTATE = 0x46 + PT_SET_EVENT_MASK = 0x1a + PT_STEP = 0x9 + PT_SUSPEND = 0x12 + PT_SYSCALL = 0x16 + PT_TO_SCE = 0x14 + PT_TO_SCX = 0x15 + PT_TRACE_ME = 0x0 + PT_VM_ENTRY = 0x29 + PT_VM_TIMESTAMP = 0x28 + PT_WRITE_D = 0x5 + PT_WRITE_I = 0x4 + P_ZONEID = 0xc RLIMIT_AS = 0xa RLIMIT_CORE = 0x4 RLIMIT_CPU = 0x0 @@ -1321,10 +1385,12 @@ const ( SIOCGHWADDR = 0xc020693e SIOCGI2C = 0xc020693d SIOCGIFADDR = 0xc0206921 + SIOCGIFALIAS = 0xc044692d SIOCGIFBRDADDR = 0xc0206923 SIOCGIFCAP = 0xc020691f SIOCGIFCONF = 0xc0106924 SIOCGIFDESCR = 0xc020692a + SIOCGIFDOWNREASON = 0xc058699a SIOCGIFDSTADDR = 0xc0206922 SIOCGIFFIB = 0xc020695c SIOCGIFFLAGS = 0xc0206911 @@ -1415,6 +1481,7 @@ const ( SO_RCVBUF = 0x1002 SO_RCVLOWAT = 0x1004 SO_RCVTIMEO = 0x1006 + SO_RERROR = 0x20000 SO_REUSEADDR = 0x4 SO_REUSEPORT = 0x200 SO_REUSEPORT_LB = 0x10000 @@ -1473,22 +1540,40 @@ const ( TCOFLUSH = 0x2 TCOOFF = 0x1 TCOON = 0x2 + TCPOPT_EOL = 0x0 + TCPOPT_FAST_OPEN = 0x22 + TCPOPT_MAXSEG = 0x2 + TCPOPT_NOP = 0x1 + TCPOPT_PAD = 0x0 + TCPOPT_SACK = 0x5 + TCPOPT_SACK_PERMITTED = 0x4 + TCPOPT_SIGNATURE = 0x13 + TCPOPT_TIMESTAMP = 0x8 + TCPOPT_WINDOW = 0x3 TCP_BBR_ACK_COMP_ALG = 0x448 + TCP_BBR_ALGORITHM = 0x43b TCP_BBR_DRAIN_INC_EXTRA = 0x43c TCP_BBR_DRAIN_PG = 0x42e TCP_BBR_EXTRA_GAIN = 0x449 + TCP_BBR_EXTRA_STATE = 0x453 + TCP_BBR_FLOOR_MIN_TSO = 0x454 + TCP_BBR_HDWR_PACE = 0x451 + TCP_BBR_HOLD_TARGET = 0x436 TCP_BBR_IWINTSO = 0x42b TCP_BBR_LOWGAIN_FD = 0x436 TCP_BBR_LOWGAIN_HALF = 0x435 TCP_BBR_LOWGAIN_THRESH = 0x434 TCP_BBR_MAX_RTO = 0x439 TCP_BBR_MIN_RTO = 0x438 + TCP_BBR_MIN_TOPACEOUT = 0x455 TCP_BBR_ONE_RETRAN = 0x431 TCP_BBR_PACE_CROSS = 0x442 TCP_BBR_PACE_DEL_TAR = 0x43f + TCP_BBR_PACE_OH = 0x435 TCP_BBR_PACE_PER_SEC = 0x43e TCP_BBR_PACE_SEG_MAX = 0x440 TCP_BBR_PACE_SEG_MIN = 0x441 + TCP_BBR_POLICER_DETECT = 0x457 TCP_BBR_PROBE_RTT_GAIN = 0x44d TCP_BBR_PROBE_RTT_INT = 0x430 TCP_BBR_PROBE_RTT_LEN = 0x44e @@ -1497,12 +1582,18 @@ const ( TCP_BBR_REC_OVER_HPTS = 0x43a TCP_BBR_RETRAN_WTSO = 0x44b TCP_BBR_RWND_IS_APP = 0x42f + TCP_BBR_SEND_IWND_IN_TSO = 0x44f TCP_BBR_STARTUP_EXIT_EPOCH = 0x43d TCP_BBR_STARTUP_LOSS_EXIT = 0x432 TCP_BBR_STARTUP_PG = 0x42d + TCP_BBR_TMR_PACE_OH = 0x448 + TCP_BBR_TSLIMITS = 0x434 + TCP_BBR_TSTMP_RAISES = 0x456 TCP_BBR_UNLIMITED = 0x43b TCP_BBR_USEDEL_RATE = 0x437 TCP_BBR_USE_LOWGAIN = 0x433 + TCP_BBR_USE_RACK_CHEAT = 0x450 + TCP_BBR_UTTER_MAX_TSO = 0x452 TCP_CA_NAME_MAX = 0x10 TCP_CCALGOOPT = 0x41 TCP_CONGESTION = 0x40 @@ -1542,6 +1633,7 @@ const ( TCP_PCAP_OUT = 0x800 TCP_RACK_EARLY_RECOV = 0x423 TCP_RACK_EARLY_SEG = 0x424 + TCP_RACK_GP_INCREASE = 0x446 TCP_RACK_IDLE_REDUCE_HIGH = 0x444 TCP_RACK_MIN_PACE = 0x445 TCP_RACK_MIN_PACE_SEG = 0x446 @@ -1555,7 +1647,6 @@ const ( TCP_RACK_PRR_SENDALOT = 0x421 TCP_RACK_REORD_FADE = 0x426 TCP_RACK_REORD_THRESH = 0x425 - TCP_RACK_SESS_CWV = 0x42a TCP_RACK_TLP_INC_VAR = 0x429 TCP_RACK_TLP_REDUCE = 0x41c TCP_RACK_TLP_THRESH = 0x427 @@ -1693,12 +1784,13 @@ const ( EIDRM = syscall.Errno(0x52) EILSEQ = syscall.Errno(0x56) EINPROGRESS = syscall.Errno(0x24) + EINTEGRITY = syscall.Errno(0x61) EINTR = syscall.Errno(0x4) EINVAL = syscall.Errno(0x16) EIO = syscall.Errno(0x5) EISCONN = syscall.Errno(0x38) EISDIR = syscall.Errno(0x15) - ELAST = syscall.Errno(0x60) + ELAST = syscall.Errno(0x61) ELOOP = syscall.Errno(0x3e) EMFILE = syscall.Errno(0x18) EMLINK = syscall.Errno(0x1f) @@ -1841,7 +1933,7 @@ var errorList = [...]struct { {32, "EPIPE", "broken pipe"}, {33, "EDOM", "numerical argument out of domain"}, {34, "ERANGE", "result too large"}, - {35, "EAGAIN", "resource temporarily unavailable"}, + {35, "EWOULDBLOCK", "resource temporarily unavailable"}, {36, "EINPROGRESS", "operation now in progress"}, {37, "EALREADY", "operation already in progress"}, {38, "ENOTSOCK", "socket operation on non-socket"}, @@ -1903,6 +1995,7 @@ var errorList = [...]struct { {94, "ECAPMODE", "not permitted in capability mode"}, {95, "ENOTRECOVERABLE", "state not recoverable"}, {96, "EOWNERDEAD", "previous owner died"}, + {97, "EINTEGRITY", "integrity check failed"}, } // Signal table diff --git a/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm.go b/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm.go index 99e9a0e06e9..777b69defa0 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm.go +++ b/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm.go @@ -151,6 +151,7 @@ const ( BIOCSETF = 0x80084267 BIOCSETFNR = 0x80084282 BIOCSETIF = 0x8020426c + BIOCSETVLANPCP = 0x80044285 BIOCSETWF = 0x8008427b BIOCSETZBUF = 0x800c4281 BIOCSHDRCMPLT = 0x80044275 @@ -362,7 +363,7 @@ const ( CTL_KERN = 0x1 CTL_MAXNAME = 0x18 CTL_NET = 0x4 - DIOCGATTR = 0xc144648e + DIOCGATTR = 0xc148648e DIOCGDELETE = 0x80106488 DIOCGFLUSH = 0x20006487 DIOCGFRONTSTUFF = 0x40086486 @@ -377,7 +378,7 @@ const ( DIOCGSTRIPESIZE = 0x4008648b DIOCSKERNELDUMP = 0x804c6490 DIOCSKERNELDUMP_FREEBSD11 = 0x80046485 - DIOCZONECMD = 0xc06c648f + DIOCZONECMD = 0xc078648f DLT_A429 = 0xb8 DLT_A653_ICM = 0xb9 DLT_AIRONET_HEADER = 0x78 @@ -407,7 +408,9 @@ const ( DLT_C_HDLC_WITH_DIR = 0xcd DLT_DBUS = 0xe7 DLT_DECT = 0xdd + DLT_DISPLAYPORT_AUX = 0x113 DLT_DOCSIS = 0x8f + DLT_DOCSIS31_XRA31 = 0x111 DLT_DVB_CI = 0xeb DLT_ECONET = 0x73 DLT_EN10MB = 0x1 @@ -417,6 +420,7 @@ const ( DLT_ERF = 0xc5 DLT_ERF_ETH = 0xaf DLT_ERF_POS = 0xb0 + DLT_ETHERNET_MPACKET = 0x112 DLT_FC_2 = 0xe0 DLT_FC_2_WITH_FRAME_DELIMS = 0xe1 DLT_FDDI = 0xa @@ -444,7 +448,7 @@ const ( DLT_IEEE802_16_MAC_CPS_RADIO = 0xc1 DLT_INFINIBAND = 0xf7 DLT_IPFILTER = 0x74 - DLT_IPMB = 0xc7 + DLT_IPMB_KONTRON = 0xc7 DLT_IPMB_LINUX = 0xd1 DLT_IPMI_HPM_2 = 0x104 DLT_IPNET = 0xe2 @@ -484,9 +488,11 @@ const ( DLT_LINUX_LAPD = 0xb1 DLT_LINUX_PPP_WITHDIRECTION = 0xa6 DLT_LINUX_SLL = 0x71 + DLT_LINUX_SLL2 = 0x114 DLT_LOOP = 0x6c + DLT_LORATAP = 0x10e DLT_LTALK = 0x72 - DLT_MATCHING_MAX = 0x109 + DLT_MATCHING_MAX = 0x114 DLT_MATCHING_MIN = 0x68 DLT_MFR = 0xb6 DLT_MOST = 0xd3 @@ -502,7 +508,9 @@ const ( DLT_NFC_LLCP = 0xf5 DLT_NFLOG = 0xef DLT_NG40 = 0xf4 + DLT_NORDIC_BLE = 0x110 DLT_NULL = 0x0 + DLT_OPENFLOW = 0x10b DLT_PCI_EXP = 0x7d DLT_PFLOG = 0x75 DLT_PFSYNC = 0x79 @@ -526,15 +534,18 @@ const ( DLT_RTAC_SERIAL = 0xfa DLT_SCCP = 0x8e DLT_SCTP = 0xf8 + DLT_SDLC = 0x10c DLT_SITA = 0xc4 DLT_SLIP = 0x8 DLT_SLIP_BSDOS = 0xd DLT_STANAG_5066_D_PDU = 0xed DLT_SUNATM = 0x7b DLT_SYMANTEC_FIREWALL = 0x63 + DLT_TI_LLN_SNIFFER = 0x10d DLT_TZSP = 0x80 DLT_USB = 0xba DLT_USBPCAP = 0xf9 + DLT_USB_DARWIN = 0x10a DLT_USB_FREEBSD = 0xba DLT_USB_LINUX = 0xbd DLT_USB_LINUX_MMAPPED = 0xdc @@ -554,6 +565,7 @@ const ( DLT_USER7 = 0x9a DLT_USER8 = 0x9b DLT_USER9 = 0x9c + DLT_VSOCK = 0x10f DLT_WATTSTOPPER_DLM = 0x107 DLT_WIHART = 0xdf DLT_WIRESHARK_UPPER_PDU = 0xfc @@ -578,6 +590,7 @@ const ( ECHONL = 0x10 ECHOPRT = 0x20 EVFILT_AIO = -0x3 + EVFILT_EMPTY = -0xd EVFILT_FS = -0x9 EVFILT_LIO = -0xa EVFILT_PROC = -0x5 @@ -585,11 +598,12 @@ const ( EVFILT_READ = -0x1 EVFILT_SENDFILE = -0xc EVFILT_SIGNAL = -0x6 - EVFILT_SYSCOUNT = 0xc + EVFILT_SYSCOUNT = 0xd EVFILT_TIMER = -0x7 EVFILT_USER = -0xb EVFILT_VNODE = -0x4 EVFILT_WRITE = -0x2 + EVNAMEMAP_NAME_SIZE = 0x40 EV_ADD = 0x1 EV_CLEAR = 0x20 EV_DELETE = 0x2 @@ -606,6 +620,7 @@ const ( EV_RECEIPT = 0x40 EV_SYSFLAGS = 0xf000 EXTA = 0x4b00 + EXTATTR_MAXNAMELEN = 0xff EXTATTR_NAMESPACE_EMPTY = 0x0 EXTATTR_NAMESPACE_SYSTEM = 0x2 EXTATTR_NAMESPACE_USER = 0x1 @@ -647,6 +662,7 @@ const ( IEXTEN = 0x400 IFAN_ARRIVAL = 0x0 IFAN_DEPARTURE = 0x1 + IFCAP_WOL_MAGIC = 0x2000 IFF_ALLMULTI = 0x200 IFF_ALTPHYS = 0x4000 IFF_BROADCAST = 0x2 @@ -663,6 +679,7 @@ const ( IFF_MONITOR = 0x40000 IFF_MULTICAST = 0x8000 IFF_NOARP = 0x80 + IFF_NOGROUP = 0x800000 IFF_OACTIVE = 0x400 IFF_POINTOPOINT = 0x10 IFF_PPROMISC = 0x20000 @@ -719,6 +736,7 @@ const ( IPPROTO_CMTP = 0x26 IPPROTO_CPHB = 0x49 IPPROTO_CPNX = 0x48 + IPPROTO_DCCP = 0x21 IPPROTO_DDP = 0x25 IPPROTO_DGP = 0x56 IPPROTO_DIVERT = 0x102 @@ -799,7 +817,6 @@ const ( IPPROTO_SCTP = 0x84 IPPROTO_SDRP = 0x2a IPPROTO_SEND = 0x103 - IPPROTO_SEP = 0x21 IPPROTO_SHIM6 = 0x8c IPPROTO_SKIP = 0x39 IPPROTO_SPACER = 0x7fff @@ -837,6 +854,7 @@ const ( IPV6_DSTOPTS = 0x32 IPV6_FLOWID = 0x43 IPV6_FLOWINFO_MASK = 0xffffff0f + IPV6_FLOWLABEL_LEN = 0x14 IPV6_FLOWLABEL_MASK = 0xffff0f00 IPV6_FLOWTYPE = 0x44 IPV6_FRAGTTL = 0x78 @@ -857,13 +875,13 @@ const ( IPV6_MAX_GROUP_SRC_FILTER = 0x200 IPV6_MAX_MEMBERSHIPS = 0xfff IPV6_MAX_SOCK_SRC_FILTER = 0x80 - IPV6_MIN_MEMBERSHIPS = 0x1f IPV6_MMTU = 0x500 IPV6_MSFILTER = 0x4a IPV6_MULTICAST_HOPS = 0xa IPV6_MULTICAST_IF = 0x9 IPV6_MULTICAST_LOOP = 0xb IPV6_NEXTHOP = 0x30 + IPV6_ORIGDSTADDR = 0x48 IPV6_PATHMTU = 0x2c IPV6_PKTINFO = 0x2e IPV6_PORTRANGE = 0xe @@ -875,6 +893,7 @@ const ( IPV6_RECVFLOWID = 0x46 IPV6_RECVHOPLIMIT = 0x25 IPV6_RECVHOPOPTS = 0x27 + IPV6_RECVORIGDSTADDR = 0x48 IPV6_RECVPATHMTU = 0x2b IPV6_RECVPKTINFO = 0x24 IPV6_RECVRSSBUCKETID = 0x47 @@ -894,6 +913,7 @@ const ( IPV6_V6ONLY = 0x1b IPV6_VERSION = 0x60 IPV6_VERSION_MASK = 0xf0 + IPV6_VLAN_PCP = 0x4b IP_ADD_MEMBERSHIP = 0xc IP_ADD_SOURCE_MEMBERSHIP = 0x46 IP_BINDANY = 0x18 @@ -935,10 +955,8 @@ const ( IP_MAX_MEMBERSHIPS = 0xfff IP_MAX_SOCK_MUTE_FILTER = 0x80 IP_MAX_SOCK_SRC_FILTER = 0x80 - IP_MAX_SOURCE_FILTER = 0x400 IP_MF = 0x2000 IP_MINTTL = 0x42 - IP_MIN_MEMBERSHIPS = 0x1f IP_MSFILTER = 0x4a IP_MSS = 0x240 IP_MULTICAST_IF = 0x9 @@ -948,6 +966,7 @@ const ( IP_OFFMASK = 0x1fff IP_ONESBCAST = 0x17 IP_OPTIONS = 0x1 + IP_ORIGDSTADDR = 0x1b IP_PORTRANGE = 0x13 IP_PORTRANGE_DEFAULT = 0x0 IP_PORTRANGE_HIGH = 0x1 @@ -956,6 +975,7 @@ const ( IP_RECVFLOWID = 0x5d IP_RECVIF = 0x14 IP_RECVOPTS = 0x5 + IP_RECVORIGDSTADDR = 0x1b IP_RECVRETOPTS = 0x6 IP_RECVRSSBUCKETID = 0x5e IP_RECVTOS = 0x44 @@ -972,8 +992,12 @@ const ( IP_TOS = 0x3 IP_TTL = 0x4 IP_UNBLOCK_SOURCE = 0x49 + IP_VLAN_PCP = 0x4b ISIG = 0x80 ISTRIP = 0x20 + ITIMER_PROF = 0x2 + ITIMER_REAL = 0x0 + ITIMER_VIRTUAL = 0x1 IXANY = 0x800 IXOFF = 0x400 IXON = 0x200 @@ -983,7 +1007,6 @@ const ( KERN_VERSION = 0x4 LOCAL_CONNWAIT = 0x4 LOCAL_CREDS = 0x2 - LOCAL_CREDS_PERSISTENT = 0x3 LOCAL_PEERCRED = 0x1 LOCAL_VENDOR = 0x80000000 LOCK_EX = 0x2 @@ -1071,10 +1094,12 @@ const ( MNT_SUSPEND = 0x4 MNT_SYNCHRONOUS = 0x2 MNT_UNION = 0x20 + MNT_UNTRUSTED = 0x800000000 MNT_UPDATE = 0x10000 - MNT_UPDATEMASK = 0x2d8d0807e + MNT_UPDATEMASK = 0xad8d0807e MNT_USER = 0x8000 - MNT_VISFLAGMASK = 0x3fef0ffff + MNT_VERIFIED = 0x400000000 + MNT_VISFLAGMASK = 0xffef0ffff MNT_WAIT = 0x1 MSG_CMSG_CLOEXEC = 0x40000 MSG_COMPAT = 0x8000 @@ -1103,6 +1128,7 @@ const ( NFDBITS = 0x20 NOFLSH = 0x80000000 NOKERNINFO = 0x2000000 + NOTE_ABSTIME = 0x10 NOTE_ATTRIB = 0x8 NOTE_CHILD = 0x4 NOTE_CLOSE = 0x100 @@ -1159,6 +1185,8 @@ const ( O_NONBLOCK = 0x4 O_RDONLY = 0x0 O_RDWR = 0x2 + O_RESOLVE_BENEATH = 0x800000 + O_SEARCH = 0x40000 O_SHLOCK = 0x10 O_SYNC = 0x80 O_TRUNC = 0x400 @@ -1169,6 +1197,10 @@ const ( PARMRK = 0x8 PARODD = 0x2000 PENDIN = 0x20000000 + PIOD_READ_D = 0x1 + PIOD_READ_I = 0x3 + PIOD_WRITE_D = 0x2 + PIOD_WRITE_I = 0x4 PRIO_PGRP = 0x1 PRIO_PROCESS = 0x0 PRIO_USER = 0x2 @@ -1176,6 +1208,53 @@ const ( PROT_NONE = 0x0 PROT_READ = 0x1 PROT_WRITE = 0x2 + PTRACE_DEFAULT = 0x1 + PTRACE_EXEC = 0x1 + PTRACE_FORK = 0x8 + PTRACE_LWP = 0x10 + PTRACE_SCE = 0x2 + PTRACE_SCX = 0x4 + PTRACE_SYSCALL = 0x6 + PTRACE_VFORK = 0x20 + PT_ATTACH = 0xa + PT_CLEARSTEP = 0x10 + PT_CONTINUE = 0x7 + PT_DETACH = 0xb + PT_FIRSTMACH = 0x40 + PT_FOLLOW_FORK = 0x17 + PT_GETDBREGS = 0x25 + PT_GETFPREGS = 0x23 + PT_GETLWPLIST = 0xf + PT_GETNUMLWPS = 0xe + PT_GETREGS = 0x21 + PT_GETVFPREGS = 0x40 + PT_GET_EVENT_MASK = 0x19 + PT_GET_SC_ARGS = 0x1b + PT_GET_SC_RET = 0x1c + PT_IO = 0xc + PT_KILL = 0x8 + PT_LWPINFO = 0xd + PT_LWP_EVENTS = 0x18 + PT_READ_D = 0x2 + PT_READ_I = 0x1 + PT_RESUME = 0x13 + PT_SETDBREGS = 0x26 + PT_SETFPREGS = 0x24 + PT_SETREGS = 0x22 + PT_SETSTEP = 0x11 + PT_SETVFPREGS = 0x41 + PT_SET_EVENT_MASK = 0x1a + PT_STEP = 0x9 + PT_SUSPEND = 0x12 + PT_SYSCALL = 0x16 + PT_TO_SCE = 0x14 + PT_TO_SCX = 0x15 + PT_TRACE_ME = 0x0 + PT_VM_ENTRY = 0x29 + PT_VM_TIMESTAMP = 0x28 + PT_WRITE_D = 0x5 + PT_WRITE_I = 0x4 + P_ZONEID = 0xc RLIMIT_AS = 0xa RLIMIT_CORE = 0x4 RLIMIT_CPU = 0x0 @@ -1257,7 +1336,6 @@ const ( RTV_WEIGHT = 0x100 RT_ALL_FIBS = -0x1 RT_BLACKHOLE = 0x40 - RT_CACHING_CONTEXT = 0x1 RT_DEFAULT_FIB = 0x0 RT_HAS_GW = 0x80 RT_HAS_HEADER = 0x10 @@ -1267,15 +1345,17 @@ const ( RT_LLE_CACHE = 0x100 RT_MAY_LOOP = 0x8 RT_MAY_LOOP_BIT = 0x3 - RT_NORTREF = 0x2 RT_REJECT = 0x20 RUSAGE_CHILDREN = -0x1 RUSAGE_SELF = 0x0 RUSAGE_THREAD = 0x1 SCM_BINTIME = 0x4 SCM_CREDS = 0x3 + SCM_MONOTONIC = 0x6 + SCM_REALTIME = 0x5 SCM_RIGHTS = 0x1 SCM_TIMESTAMP = 0x2 + SCM_TIME_INFO = 0x7 SEEK_CUR = 0x1 SEEK_DATA = 0x3 SEEK_END = 0x2 @@ -1299,10 +1379,12 @@ const ( SIOCGHWADDR = 0xc020693e SIOCGI2C = 0xc020693d SIOCGIFADDR = 0xc0206921 + SIOCGIFALIAS = 0xc044692d SIOCGIFBRDADDR = 0xc0206923 SIOCGIFCAP = 0xc020691f SIOCGIFCONF = 0xc0086924 SIOCGIFDESCR = 0xc020692a + SIOCGIFDOWNREASON = 0xc058699a SIOCGIFDSTADDR = 0xc0206922 SIOCGIFFIB = 0xc020695c SIOCGIFFLAGS = 0xc0206911 @@ -1318,8 +1400,11 @@ const ( SIOCGIFPDSTADDR = 0xc0206948 SIOCGIFPHYS = 0xc0206935 SIOCGIFPSRCADDR = 0xc0206947 + SIOCGIFRSSHASH = 0xc0186997 + SIOCGIFRSSKEY = 0xc0946996 SIOCGIFSTATUS = 0xc331693b SIOCGIFXMEDIA = 0xc028698b + SIOCGLANPCP = 0xc0206998 SIOCGLOWAT = 0x40047303 SIOCGPGRP = 0x40047309 SIOCGPRIVATE_0 = 0xc0206950 @@ -1350,6 +1435,7 @@ const ( SIOCSIFPHYS = 0x80206936 SIOCSIFRVNET = 0xc020695b SIOCSIFVNET = 0xc020695a + SIOCSLANPCP = 0x80206999 SIOCSLOWAT = 0x80047302 SIOCSPGRP = 0x80047308 SIOCSTUNFIB = 0x8020695f @@ -1369,6 +1455,7 @@ const ( SO_BINTIME = 0x2000 SO_BROADCAST = 0x20 SO_DEBUG = 0x1 + SO_DOMAIN = 0x1019 SO_DONTROUTE = 0x10 SO_ERROR = 0x1007 SO_KEEPALIVE = 0x8 @@ -1377,6 +1464,7 @@ const ( SO_LISTENINCQLEN = 0x1013 SO_LISTENQLEN = 0x1012 SO_LISTENQLIMIT = 0x1011 + SO_MAX_PACING_RATE = 0x1018 SO_NOSIGPIPE = 0x800 SO_NO_DDP = 0x8000 SO_NO_OFFLOAD = 0x4000 @@ -1387,13 +1475,22 @@ const ( SO_RCVBUF = 0x1002 SO_RCVLOWAT = 0x1004 SO_RCVTIMEO = 0x1006 + SO_RERROR = 0x20000 SO_REUSEADDR = 0x4 SO_REUSEPORT = 0x200 + SO_REUSEPORT_LB = 0x10000 SO_SETFIB = 0x1014 SO_SNDBUF = 0x1001 SO_SNDLOWAT = 0x1003 SO_SNDTIMEO = 0x1005 SO_TIMESTAMP = 0x400 + SO_TS_BINTIME = 0x1 + SO_TS_CLOCK = 0x1017 + SO_TS_CLOCK_MAX = 0x3 + SO_TS_DEFAULT = 0x0 + SO_TS_MONOTONIC = 0x3 + SO_TS_REALTIME = 0x2 + SO_TS_REALTIME_MICRO = 0x0 SO_TYPE = 0x1008 SO_USELOOPBACK = 0x40 SO_USER_COOKIE = 0x1015 @@ -1437,10 +1534,69 @@ const ( TCOFLUSH = 0x2 TCOOFF = 0x1 TCOON = 0x2 + TCPOPT_EOL = 0x0 + TCPOPT_FAST_OPEN = 0x22 + TCPOPT_MAXSEG = 0x2 + TCPOPT_NOP = 0x1 + TCPOPT_PAD = 0x0 + TCPOPT_SACK = 0x5 + TCPOPT_SACK_PERMITTED = 0x4 + TCPOPT_SIGNATURE = 0x13 + TCPOPT_TIMESTAMP = 0x8 + TCPOPT_WINDOW = 0x3 + TCP_BBR_ACK_COMP_ALG = 0x448 + TCP_BBR_ALGORITHM = 0x43b + TCP_BBR_DRAIN_INC_EXTRA = 0x43c + TCP_BBR_DRAIN_PG = 0x42e + TCP_BBR_EXTRA_GAIN = 0x449 + TCP_BBR_EXTRA_STATE = 0x453 + TCP_BBR_FLOOR_MIN_TSO = 0x454 + TCP_BBR_HDWR_PACE = 0x451 + TCP_BBR_HOLD_TARGET = 0x436 + TCP_BBR_IWINTSO = 0x42b + TCP_BBR_LOWGAIN_FD = 0x436 + TCP_BBR_LOWGAIN_HALF = 0x435 + TCP_BBR_LOWGAIN_THRESH = 0x434 + TCP_BBR_MAX_RTO = 0x439 + TCP_BBR_MIN_RTO = 0x438 + TCP_BBR_MIN_TOPACEOUT = 0x455 + TCP_BBR_ONE_RETRAN = 0x431 + TCP_BBR_PACE_CROSS = 0x442 + TCP_BBR_PACE_DEL_TAR = 0x43f + TCP_BBR_PACE_OH = 0x435 + TCP_BBR_PACE_PER_SEC = 0x43e + TCP_BBR_PACE_SEG_MAX = 0x440 + TCP_BBR_PACE_SEG_MIN = 0x441 + TCP_BBR_POLICER_DETECT = 0x457 + TCP_BBR_PROBE_RTT_GAIN = 0x44d + TCP_BBR_PROBE_RTT_INT = 0x430 + TCP_BBR_PROBE_RTT_LEN = 0x44e + TCP_BBR_RACK_RTT_USE = 0x44a + TCP_BBR_RECFORCE = 0x42c + TCP_BBR_REC_OVER_HPTS = 0x43a + TCP_BBR_RETRAN_WTSO = 0x44b + TCP_BBR_RWND_IS_APP = 0x42f + TCP_BBR_SEND_IWND_IN_TSO = 0x44f + TCP_BBR_STARTUP_EXIT_EPOCH = 0x43d + TCP_BBR_STARTUP_LOSS_EXIT = 0x432 + TCP_BBR_STARTUP_PG = 0x42d + TCP_BBR_TMR_PACE_OH = 0x448 + TCP_BBR_TSLIMITS = 0x434 + TCP_BBR_TSTMP_RAISES = 0x456 + TCP_BBR_UNLIMITED = 0x43b + TCP_BBR_USEDEL_RATE = 0x437 + TCP_BBR_USE_LOWGAIN = 0x433 + TCP_BBR_USE_RACK_CHEAT = 0x450 + TCP_BBR_UTTER_MAX_TSO = 0x452 TCP_CA_NAME_MAX = 0x10 TCP_CCALGOOPT = 0x41 TCP_CONGESTION = 0x40 + TCP_DATA_AFTER_CLOSE = 0x44c + TCP_DELACK = 0x48 TCP_FASTOPEN = 0x401 + TCP_FASTOPEN_MAX_COOKIE_LEN = 0x10 + TCP_FASTOPEN_MIN_COOKIE_LEN = 0x4 + TCP_FASTOPEN_PSK_LEN = 0x10 TCP_FUNCTION_BLK = 0x2000 TCP_FUNCTION_NAME_LEN_MAX = 0x20 TCP_INFO = 0x20 @@ -1448,6 +1604,12 @@ const ( TCP_KEEPIDLE = 0x100 TCP_KEEPINIT = 0x80 TCP_KEEPINTVL = 0x200 + TCP_LOG = 0x22 + TCP_LOGBUF = 0x23 + TCP_LOGDUMP = 0x25 + TCP_LOGDUMPID = 0x26 + TCP_LOGID = 0x24 + TCP_LOG_ID_LEN = 0x40 TCP_MAXBURST = 0x4 TCP_MAXHLEN = 0x3c TCP_MAXOLEN = 0x28 @@ -1463,8 +1625,30 @@ const ( TCP_NOPUSH = 0x4 TCP_PCAP_IN = 0x1000 TCP_PCAP_OUT = 0x800 + TCP_RACK_EARLY_RECOV = 0x423 + TCP_RACK_EARLY_SEG = 0x424 + TCP_RACK_GP_INCREASE = 0x446 + TCP_RACK_IDLE_REDUCE_HIGH = 0x444 + TCP_RACK_MIN_PACE = 0x445 + TCP_RACK_MIN_PACE_SEG = 0x446 + TCP_RACK_MIN_TO = 0x422 + TCP_RACK_PACE_ALWAYS = 0x41f + TCP_RACK_PACE_MAX_SEG = 0x41e + TCP_RACK_PACE_REDUCE = 0x41d + TCP_RACK_PKT_DELAY = 0x428 + TCP_RACK_PROP = 0x41b + TCP_RACK_PROP_RATE = 0x420 + TCP_RACK_PRR_SENDALOT = 0x421 + TCP_RACK_REORD_FADE = 0x426 + TCP_RACK_REORD_THRESH = 0x425 + TCP_RACK_TLP_INC_VAR = 0x429 + TCP_RACK_TLP_REDUCE = 0x41c + TCP_RACK_TLP_THRESH = 0x427 + TCP_RACK_TLP_USE = 0x447 TCP_VENDOR = 0x80000000 TCSAFLUSH = 0x2 + TIMER_ABSTIME = 0x1 + TIMER_RELTIME = 0x0 TIOCCBRK = 0x2000747a TIOCCDTR = 0x20007478 TIOCCONS = 0x80047462 @@ -1528,6 +1712,8 @@ const ( TIOCTIMESTAMP = 0x40107459 TIOCUCNTL = 0x80047466 TOSTOP = 0x400000 + UTIME_NOW = -0x1 + UTIME_OMIT = -0x2 VDISCARD = 0xf VDSUSP = 0xb VEOF = 0x0 @@ -1592,12 +1778,13 @@ const ( EIDRM = syscall.Errno(0x52) EILSEQ = syscall.Errno(0x56) EINPROGRESS = syscall.Errno(0x24) + EINTEGRITY = syscall.Errno(0x61) EINTR = syscall.Errno(0x4) EINVAL = syscall.Errno(0x16) EIO = syscall.Errno(0x5) EISCONN = syscall.Errno(0x38) EISDIR = syscall.Errno(0x15) - ELAST = syscall.Errno(0x60) + ELAST = syscall.Errno(0x61) ELOOP = syscall.Errno(0x3e) EMFILE = syscall.Errno(0x18) EMLINK = syscall.Errno(0x1f) @@ -1740,7 +1927,7 @@ var errorList = [...]struct { {32, "EPIPE", "broken pipe"}, {33, "EDOM", "numerical argument out of domain"}, {34, "ERANGE", "result too large"}, - {35, "EAGAIN", "resource temporarily unavailable"}, + {35, "EWOULDBLOCK", "resource temporarily unavailable"}, {36, "EINPROGRESS", "operation now in progress"}, {37, "EALREADY", "operation already in progress"}, {38, "ENOTSOCK", "socket operation on non-socket"}, @@ -1802,6 +1989,7 @@ var errorList = [...]struct { {94, "ECAPMODE", "not permitted in capability mode"}, {95, "ENOTRECOVERABLE", "state not recoverable"}, {96, "EOWNERDEAD", "previous owner died"}, + {97, "EINTEGRITY", "integrity check failed"}, } // Signal table diff --git a/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm64.go index 4c837711493..c557ac2db31 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm64.go @@ -151,6 +151,7 @@ const ( BIOCSETF = 0x80104267 BIOCSETFNR = 0x80104282 BIOCSETIF = 0x8020426c + BIOCSETVLANPCP = 0x80044285 BIOCSETWF = 0x8010427b BIOCSETZBUF = 0x80184281 BIOCSHDRCMPLT = 0x80044275 @@ -447,7 +448,7 @@ const ( DLT_IEEE802_16_MAC_CPS_RADIO = 0xc1 DLT_INFINIBAND = 0xf7 DLT_IPFILTER = 0x74 - DLT_IPMB = 0xc7 + DLT_IPMB_KONTRON = 0xc7 DLT_IPMB_LINUX = 0xd1 DLT_IPMI_HPM_2 = 0x104 DLT_IPNET = 0xe2 @@ -487,10 +488,11 @@ const ( DLT_LINUX_LAPD = 0xb1 DLT_LINUX_PPP_WITHDIRECTION = 0xa6 DLT_LINUX_SLL = 0x71 + DLT_LINUX_SLL2 = 0x114 DLT_LOOP = 0x6c DLT_LORATAP = 0x10e DLT_LTALK = 0x72 - DLT_MATCHING_MAX = 0x113 + DLT_MATCHING_MAX = 0x114 DLT_MATCHING_MIN = 0x68 DLT_MFR = 0xb6 DLT_MOST = 0xd3 @@ -734,6 +736,7 @@ const ( IPPROTO_CMTP = 0x26 IPPROTO_CPHB = 0x49 IPPROTO_CPNX = 0x48 + IPPROTO_DCCP = 0x21 IPPROTO_DDP = 0x25 IPPROTO_DGP = 0x56 IPPROTO_DIVERT = 0x102 @@ -814,7 +817,6 @@ const ( IPPROTO_SCTP = 0x84 IPPROTO_SDRP = 0x2a IPPROTO_SEND = 0x103 - IPPROTO_SEP = 0x21 IPPROTO_SHIM6 = 0x8c IPPROTO_SKIP = 0x39 IPPROTO_SPACER = 0x7fff @@ -911,6 +913,7 @@ const ( IPV6_V6ONLY = 0x1b IPV6_VERSION = 0x60 IPV6_VERSION_MASK = 0xf0 + IPV6_VLAN_PCP = 0x4b IP_ADD_MEMBERSHIP = 0xc IP_ADD_SOURCE_MEMBERSHIP = 0x46 IP_BINDANY = 0x18 @@ -989,8 +992,12 @@ const ( IP_TOS = 0x3 IP_TTL = 0x4 IP_UNBLOCK_SOURCE = 0x49 + IP_VLAN_PCP = 0x4b ISIG = 0x80 ISTRIP = 0x20 + ITIMER_PROF = 0x2 + ITIMER_REAL = 0x0 + ITIMER_VIRTUAL = 0x1 IXANY = 0x800 IXOFF = 0x400 IXON = 0x200 @@ -1000,7 +1007,6 @@ const ( KERN_VERSION = 0x4 LOCAL_CONNWAIT = 0x4 LOCAL_CREDS = 0x2 - LOCAL_CREDS_PERSISTENT = 0x3 LOCAL_PEERCRED = 0x1 LOCAL_VENDOR = 0x80000000 LOCK_EX = 0x2 @@ -1180,6 +1186,8 @@ const ( O_NONBLOCK = 0x4 O_RDONLY = 0x0 O_RDWR = 0x2 + O_RESOLVE_BENEATH = 0x800000 + O_SEARCH = 0x40000 O_SHLOCK = 0x10 O_SYNC = 0x80 O_TRUNC = 0x400 @@ -1190,6 +1198,10 @@ const ( PARMRK = 0x8 PARODD = 0x2000 PENDIN = 0x20000000 + PIOD_READ_D = 0x1 + PIOD_READ_I = 0x3 + PIOD_WRITE_D = 0x2 + PIOD_WRITE_I = 0x4 PRIO_PGRP = 0x1 PRIO_PROCESS = 0x0 PRIO_USER = 0x2 @@ -1197,6 +1209,51 @@ const ( PROT_NONE = 0x0 PROT_READ = 0x1 PROT_WRITE = 0x2 + PTRACE_DEFAULT = 0x1 + PTRACE_EXEC = 0x1 + PTRACE_FORK = 0x8 + PTRACE_LWP = 0x10 + PTRACE_SCE = 0x2 + PTRACE_SCX = 0x4 + PTRACE_SYSCALL = 0x6 + PTRACE_VFORK = 0x20 + PT_ATTACH = 0xa + PT_CLEARSTEP = 0x10 + PT_CONTINUE = 0x7 + PT_DETACH = 0xb + PT_FIRSTMACH = 0x40 + PT_FOLLOW_FORK = 0x17 + PT_GETDBREGS = 0x25 + PT_GETFPREGS = 0x23 + PT_GETLWPLIST = 0xf + PT_GETNUMLWPS = 0xe + PT_GETREGS = 0x21 + PT_GET_EVENT_MASK = 0x19 + PT_GET_SC_ARGS = 0x1b + PT_GET_SC_RET = 0x1c + PT_IO = 0xc + PT_KILL = 0x8 + PT_LWPINFO = 0xd + PT_LWP_EVENTS = 0x18 + PT_READ_D = 0x2 + PT_READ_I = 0x1 + PT_RESUME = 0x13 + PT_SETDBREGS = 0x26 + PT_SETFPREGS = 0x24 + PT_SETREGS = 0x22 + PT_SETSTEP = 0x11 + PT_SET_EVENT_MASK = 0x1a + PT_STEP = 0x9 + PT_SUSPEND = 0x12 + PT_SYSCALL = 0x16 + PT_TO_SCE = 0x14 + PT_TO_SCX = 0x15 + PT_TRACE_ME = 0x0 + PT_VM_ENTRY = 0x29 + PT_VM_TIMESTAMP = 0x28 + PT_WRITE_D = 0x5 + PT_WRITE_I = 0x4 + P_ZONEID = 0xc RLIMIT_AS = 0xa RLIMIT_CORE = 0x4 RLIMIT_CPU = 0x0 @@ -1321,10 +1378,12 @@ const ( SIOCGHWADDR = 0xc020693e SIOCGI2C = 0xc020693d SIOCGIFADDR = 0xc0206921 + SIOCGIFALIAS = 0xc044692d SIOCGIFBRDADDR = 0xc0206923 SIOCGIFCAP = 0xc020691f SIOCGIFCONF = 0xc0106924 SIOCGIFDESCR = 0xc020692a + SIOCGIFDOWNREASON = 0xc058699a SIOCGIFDSTADDR = 0xc0206922 SIOCGIFFIB = 0xc020695c SIOCGIFFLAGS = 0xc0206911 @@ -1415,6 +1474,7 @@ const ( SO_RCVBUF = 0x1002 SO_RCVLOWAT = 0x1004 SO_RCVTIMEO = 0x1006 + SO_RERROR = 0x20000 SO_REUSEADDR = 0x4 SO_REUSEPORT = 0x200 SO_REUSEPORT_LB = 0x10000 @@ -1473,22 +1533,40 @@ const ( TCOFLUSH = 0x2 TCOOFF = 0x1 TCOON = 0x2 + TCPOPT_EOL = 0x0 + TCPOPT_FAST_OPEN = 0x22 + TCPOPT_MAXSEG = 0x2 + TCPOPT_NOP = 0x1 + TCPOPT_PAD = 0x0 + TCPOPT_SACK = 0x5 + TCPOPT_SACK_PERMITTED = 0x4 + TCPOPT_SIGNATURE = 0x13 + TCPOPT_TIMESTAMP = 0x8 + TCPOPT_WINDOW = 0x3 TCP_BBR_ACK_COMP_ALG = 0x448 + TCP_BBR_ALGORITHM = 0x43b TCP_BBR_DRAIN_INC_EXTRA = 0x43c TCP_BBR_DRAIN_PG = 0x42e TCP_BBR_EXTRA_GAIN = 0x449 + TCP_BBR_EXTRA_STATE = 0x453 + TCP_BBR_FLOOR_MIN_TSO = 0x454 + TCP_BBR_HDWR_PACE = 0x451 + TCP_BBR_HOLD_TARGET = 0x436 TCP_BBR_IWINTSO = 0x42b TCP_BBR_LOWGAIN_FD = 0x436 TCP_BBR_LOWGAIN_HALF = 0x435 TCP_BBR_LOWGAIN_THRESH = 0x434 TCP_BBR_MAX_RTO = 0x439 TCP_BBR_MIN_RTO = 0x438 + TCP_BBR_MIN_TOPACEOUT = 0x455 TCP_BBR_ONE_RETRAN = 0x431 TCP_BBR_PACE_CROSS = 0x442 TCP_BBR_PACE_DEL_TAR = 0x43f + TCP_BBR_PACE_OH = 0x435 TCP_BBR_PACE_PER_SEC = 0x43e TCP_BBR_PACE_SEG_MAX = 0x440 TCP_BBR_PACE_SEG_MIN = 0x441 + TCP_BBR_POLICER_DETECT = 0x457 TCP_BBR_PROBE_RTT_GAIN = 0x44d TCP_BBR_PROBE_RTT_INT = 0x430 TCP_BBR_PROBE_RTT_LEN = 0x44e @@ -1497,12 +1575,18 @@ const ( TCP_BBR_REC_OVER_HPTS = 0x43a TCP_BBR_RETRAN_WTSO = 0x44b TCP_BBR_RWND_IS_APP = 0x42f + TCP_BBR_SEND_IWND_IN_TSO = 0x44f TCP_BBR_STARTUP_EXIT_EPOCH = 0x43d TCP_BBR_STARTUP_LOSS_EXIT = 0x432 TCP_BBR_STARTUP_PG = 0x42d + TCP_BBR_TMR_PACE_OH = 0x448 + TCP_BBR_TSLIMITS = 0x434 + TCP_BBR_TSTMP_RAISES = 0x456 TCP_BBR_UNLIMITED = 0x43b TCP_BBR_USEDEL_RATE = 0x437 TCP_BBR_USE_LOWGAIN = 0x433 + TCP_BBR_USE_RACK_CHEAT = 0x450 + TCP_BBR_UTTER_MAX_TSO = 0x452 TCP_CA_NAME_MAX = 0x10 TCP_CCALGOOPT = 0x41 TCP_CONGESTION = 0x40 @@ -1542,6 +1626,7 @@ const ( TCP_PCAP_OUT = 0x800 TCP_RACK_EARLY_RECOV = 0x423 TCP_RACK_EARLY_SEG = 0x424 + TCP_RACK_GP_INCREASE = 0x446 TCP_RACK_IDLE_REDUCE_HIGH = 0x444 TCP_RACK_MIN_PACE = 0x445 TCP_RACK_MIN_PACE_SEG = 0x446 @@ -1555,7 +1640,6 @@ const ( TCP_RACK_PRR_SENDALOT = 0x421 TCP_RACK_REORD_FADE = 0x426 TCP_RACK_REORD_THRESH = 0x425 - TCP_RACK_SESS_CWV = 0x42a TCP_RACK_TLP_INC_VAR = 0x429 TCP_RACK_TLP_REDUCE = 0x41c TCP_RACK_TLP_THRESH = 0x427 @@ -1694,12 +1778,13 @@ const ( EIDRM = syscall.Errno(0x52) EILSEQ = syscall.Errno(0x56) EINPROGRESS = syscall.Errno(0x24) + EINTEGRITY = syscall.Errno(0x61) EINTR = syscall.Errno(0x4) EINVAL = syscall.Errno(0x16) EIO = syscall.Errno(0x5) EISCONN = syscall.Errno(0x38) EISDIR = syscall.Errno(0x15) - ELAST = syscall.Errno(0x60) + ELAST = syscall.Errno(0x61) ELOOP = syscall.Errno(0x3e) EMFILE = syscall.Errno(0x18) EMLINK = syscall.Errno(0x1f) @@ -1842,7 +1927,7 @@ var errorList = [...]struct { {32, "EPIPE", "broken pipe"}, {33, "EDOM", "numerical argument out of domain"}, {34, "ERANGE", "result too large"}, - {35, "EAGAIN", "resource temporarily unavailable"}, + {35, "EWOULDBLOCK", "resource temporarily unavailable"}, {36, "EINPROGRESS", "operation now in progress"}, {37, "EALREADY", "operation already in progress"}, {38, "ENOTSOCK", "socket operation on non-socket"}, @@ -1904,6 +1989,7 @@ var errorList = [...]struct { {94, "ECAPMODE", "not permitted in capability mode"}, {95, "ENOTRECOVERABLE", "state not recoverable"}, {96, "EOWNERDEAD", "previous owner died"}, + {97, "EINTEGRITY", "integrity check failed"}, } // Signal table diff --git a/vendor/golang.org/x/sys/unix/zerrors_freebsd_riscv64.go b/vendor/golang.org/x/sys/unix/zerrors_freebsd_riscv64.go new file mode 100644 index 00000000000..341b4d96265 --- /dev/null +++ b/vendor/golang.org/x/sys/unix/zerrors_freebsd_riscv64.go @@ -0,0 +1,2148 @@ +// mkerrors.sh -m64 +// Code generated by the command above; see README.md. DO NOT EDIT. + +//go:build riscv64 && freebsd +// +build riscv64,freebsd + +// Code generated by cmd/cgo -godefs; DO NOT EDIT. +// cgo -godefs -- -m64 _const.go + +package unix + +import "syscall" + +const ( + AF_APPLETALK = 0x10 + AF_ARP = 0x23 + AF_ATM = 0x1e + AF_BLUETOOTH = 0x24 + AF_CCITT = 0xa + AF_CHAOS = 0x5 + AF_CNT = 0x15 + AF_COIP = 0x14 + AF_DATAKIT = 0x9 + AF_DECnet = 0xc + AF_DLI = 0xd + AF_E164 = 0x1a + AF_ECMA = 0x8 + AF_HYLINK = 0xf + AF_HYPERV = 0x2b + AF_IEEE80211 = 0x25 + AF_IMPLINK = 0x3 + AF_INET = 0x2 + AF_INET6 = 0x1c + AF_INET6_SDP = 0x2a + AF_INET_SDP = 0x28 + AF_IPX = 0x17 + AF_ISDN = 0x1a + AF_ISO = 0x7 + AF_LAT = 0xe + AF_LINK = 0x12 + AF_LOCAL = 0x1 + AF_MAX = 0x2b + AF_NATM = 0x1d + AF_NETBIOS = 0x6 + AF_NETGRAPH = 0x20 + AF_OSI = 0x7 + AF_PUP = 0x4 + AF_ROUTE = 0x11 + AF_SCLUSTER = 0x22 + AF_SIP = 0x18 + AF_SLOW = 0x21 + AF_SNA = 0xb + AF_UNIX = 0x1 + AF_UNSPEC = 0x0 + AF_VENDOR00 = 0x27 + AF_VENDOR01 = 0x29 + AF_VENDOR03 = 0x2d + AF_VENDOR04 = 0x2f + AF_VENDOR05 = 0x31 + AF_VENDOR06 = 0x33 + AF_VENDOR07 = 0x35 + AF_VENDOR08 = 0x37 + AF_VENDOR09 = 0x39 + AF_VENDOR10 = 0x3b + AF_VENDOR11 = 0x3d + AF_VENDOR12 = 0x3f + AF_VENDOR13 = 0x41 + AF_VENDOR14 = 0x43 + AF_VENDOR15 = 0x45 + AF_VENDOR16 = 0x47 + AF_VENDOR17 = 0x49 + AF_VENDOR18 = 0x4b + AF_VENDOR19 = 0x4d + AF_VENDOR20 = 0x4f + AF_VENDOR21 = 0x51 + AF_VENDOR22 = 0x53 + AF_VENDOR23 = 0x55 + AF_VENDOR24 = 0x57 + AF_VENDOR25 = 0x59 + AF_VENDOR26 = 0x5b + AF_VENDOR27 = 0x5d + AF_VENDOR28 = 0x5f + AF_VENDOR29 = 0x61 + AF_VENDOR30 = 0x63 + AF_VENDOR31 = 0x65 + AF_VENDOR32 = 0x67 + AF_VENDOR33 = 0x69 + AF_VENDOR34 = 0x6b + AF_VENDOR35 = 0x6d + AF_VENDOR36 = 0x6f + AF_VENDOR37 = 0x71 + AF_VENDOR38 = 0x73 + AF_VENDOR39 = 0x75 + AF_VENDOR40 = 0x77 + AF_VENDOR41 = 0x79 + AF_VENDOR42 = 0x7b + AF_VENDOR43 = 0x7d + AF_VENDOR44 = 0x7f + AF_VENDOR45 = 0x81 + AF_VENDOR46 = 0x83 + AF_VENDOR47 = 0x85 + ALTWERASE = 0x200 + B0 = 0x0 + B1000000 = 0xf4240 + B110 = 0x6e + B115200 = 0x1c200 + B1200 = 0x4b0 + B134 = 0x86 + B14400 = 0x3840 + B150 = 0x96 + B1500000 = 0x16e360 + B1800 = 0x708 + B19200 = 0x4b00 + B200 = 0xc8 + B2000000 = 0x1e8480 + B230400 = 0x38400 + B2400 = 0x960 + B2500000 = 0x2625a0 + B28800 = 0x7080 + B300 = 0x12c + B3000000 = 0x2dc6c0 + B3500000 = 0x3567e0 + B38400 = 0x9600 + B4000000 = 0x3d0900 + B460800 = 0x70800 + B4800 = 0x12c0 + B50 = 0x32 + B500000 = 0x7a120 + B57600 = 0xe100 + B600 = 0x258 + B7200 = 0x1c20 + B75 = 0x4b + B76800 = 0x12c00 + B921600 = 0xe1000 + B9600 = 0x2580 + BIOCFEEDBACK = 0x8004427c + BIOCFLUSH = 0x20004268 + BIOCGBLEN = 0x40044266 + BIOCGDIRECTION = 0x40044276 + BIOCGDLT = 0x4004426a + BIOCGDLTLIST = 0xc0104279 + BIOCGETBUFMODE = 0x4004427d + BIOCGETIF = 0x4020426b + BIOCGETZMAX = 0x4008427f + BIOCGHDRCMPLT = 0x40044274 + BIOCGRSIG = 0x40044272 + BIOCGRTIMEOUT = 0x4010426e + BIOCGSEESENT = 0x40044276 + BIOCGSTATS = 0x4008426f + BIOCGTSTAMP = 0x40044283 + BIOCIMMEDIATE = 0x80044270 + BIOCLOCK = 0x2000427a + BIOCPROMISC = 0x20004269 + BIOCROTZBUF = 0x40184280 + BIOCSBLEN = 0xc0044266 + BIOCSDIRECTION = 0x80044277 + BIOCSDLT = 0x80044278 + BIOCSETBUFMODE = 0x8004427e + BIOCSETF = 0x80104267 + BIOCSETFNR = 0x80104282 + BIOCSETIF = 0x8020426c + BIOCSETVLANPCP = 0x80044285 + BIOCSETWF = 0x8010427b + BIOCSETZBUF = 0x80184281 + BIOCSHDRCMPLT = 0x80044275 + BIOCSRSIG = 0x80044273 + BIOCSRTIMEOUT = 0x8010426d + BIOCSSEESENT = 0x80044277 + BIOCSTSTAMP = 0x80044284 + BIOCVERSION = 0x40044271 + BPF_A = 0x10 + BPF_ABS = 0x20 + BPF_ADD = 0x0 + BPF_ALIGNMENT = 0x8 + BPF_ALU = 0x4 + BPF_AND = 0x50 + BPF_B = 0x10 + BPF_BUFMODE_BUFFER = 0x1 + BPF_BUFMODE_ZBUF = 0x2 + BPF_DIV = 0x30 + BPF_H = 0x8 + BPF_IMM = 0x0 + BPF_IND = 0x40 + BPF_JA = 0x0 + BPF_JEQ = 0x10 + BPF_JGE = 0x30 + BPF_JGT = 0x20 + BPF_JMP = 0x5 + BPF_JSET = 0x40 + BPF_K = 0x0 + BPF_LD = 0x0 + BPF_LDX = 0x1 + BPF_LEN = 0x80 + BPF_LSH = 0x60 + BPF_MAJOR_VERSION = 0x1 + BPF_MAXBUFSIZE = 0x80000 + BPF_MAXINSNS = 0x200 + BPF_MEM = 0x60 + BPF_MEMWORDS = 0x10 + BPF_MINBUFSIZE = 0x20 + BPF_MINOR_VERSION = 0x1 + BPF_MISC = 0x7 + BPF_MOD = 0x90 + BPF_MSH = 0xa0 + BPF_MUL = 0x20 + BPF_NEG = 0x80 + BPF_OR = 0x40 + BPF_RELEASE = 0x30bb6 + BPF_RET = 0x6 + BPF_RSH = 0x70 + BPF_ST = 0x2 + BPF_STX = 0x3 + BPF_SUB = 0x10 + BPF_TAX = 0x0 + BPF_TXA = 0x80 + BPF_T_BINTIME = 0x2 + BPF_T_BINTIME_FAST = 0x102 + BPF_T_BINTIME_MONOTONIC = 0x202 + BPF_T_BINTIME_MONOTONIC_FAST = 0x302 + BPF_T_FAST = 0x100 + BPF_T_FLAG_MASK = 0x300 + BPF_T_FORMAT_MASK = 0x3 + BPF_T_MICROTIME = 0x0 + BPF_T_MICROTIME_FAST = 0x100 + BPF_T_MICROTIME_MONOTONIC = 0x200 + BPF_T_MICROTIME_MONOTONIC_FAST = 0x300 + BPF_T_MONOTONIC = 0x200 + BPF_T_MONOTONIC_FAST = 0x300 + BPF_T_NANOTIME = 0x1 + BPF_T_NANOTIME_FAST = 0x101 + BPF_T_NANOTIME_MONOTONIC = 0x201 + BPF_T_NANOTIME_MONOTONIC_FAST = 0x301 + BPF_T_NONE = 0x3 + BPF_T_NORMAL = 0x0 + BPF_W = 0x0 + BPF_X = 0x8 + BPF_XOR = 0xa0 + BRKINT = 0x2 + CAP_ACCEPT = 0x200000020000000 + CAP_ACL_CHECK = 0x400000000010000 + CAP_ACL_DELETE = 0x400000000020000 + CAP_ACL_GET = 0x400000000040000 + CAP_ACL_SET = 0x400000000080000 + CAP_ALL0 = 0x20007ffffffffff + CAP_ALL1 = 0x4000000001fffff + CAP_BIND = 0x200000040000000 + CAP_BINDAT = 0x200008000000400 + CAP_CHFLAGSAT = 0x200000000001400 + CAP_CONNECT = 0x200000080000000 + CAP_CONNECTAT = 0x200010000000400 + CAP_CREATE = 0x200000000000040 + CAP_EVENT = 0x400000000000020 + CAP_EXTATTR_DELETE = 0x400000000001000 + CAP_EXTATTR_GET = 0x400000000002000 + CAP_EXTATTR_LIST = 0x400000000004000 + CAP_EXTATTR_SET = 0x400000000008000 + CAP_FCHDIR = 0x200000000000800 + CAP_FCHFLAGS = 0x200000000001000 + CAP_FCHMOD = 0x200000000002000 + CAP_FCHMODAT = 0x200000000002400 + CAP_FCHOWN = 0x200000000004000 + CAP_FCHOWNAT = 0x200000000004400 + CAP_FCNTL = 0x200000000008000 + CAP_FCNTL_ALL = 0x78 + CAP_FCNTL_GETFL = 0x8 + CAP_FCNTL_GETOWN = 0x20 + CAP_FCNTL_SETFL = 0x10 + CAP_FCNTL_SETOWN = 0x40 + CAP_FEXECVE = 0x200000000000080 + CAP_FLOCK = 0x200000000010000 + CAP_FPATHCONF = 0x200000000020000 + CAP_FSCK = 0x200000000040000 + CAP_FSTAT = 0x200000000080000 + CAP_FSTATAT = 0x200000000080400 + CAP_FSTATFS = 0x200000000100000 + CAP_FSYNC = 0x200000000000100 + CAP_FTRUNCATE = 0x200000000000200 + CAP_FUTIMES = 0x200000000200000 + CAP_FUTIMESAT = 0x200000000200400 + CAP_GETPEERNAME = 0x200000100000000 + CAP_GETSOCKNAME = 0x200000200000000 + CAP_GETSOCKOPT = 0x200000400000000 + CAP_IOCTL = 0x400000000000080 + CAP_IOCTLS_ALL = 0x7fffffffffffffff + CAP_KQUEUE = 0x400000000100040 + CAP_KQUEUE_CHANGE = 0x400000000100000 + CAP_KQUEUE_EVENT = 0x400000000000040 + CAP_LINKAT_SOURCE = 0x200020000000400 + CAP_LINKAT_TARGET = 0x200000000400400 + CAP_LISTEN = 0x200000800000000 + CAP_LOOKUP = 0x200000000000400 + CAP_MAC_GET = 0x400000000000001 + CAP_MAC_SET = 0x400000000000002 + CAP_MKDIRAT = 0x200000000800400 + CAP_MKFIFOAT = 0x200000001000400 + CAP_MKNODAT = 0x200000002000400 + CAP_MMAP = 0x200000000000010 + CAP_MMAP_R = 0x20000000000001d + CAP_MMAP_RW = 0x20000000000001f + CAP_MMAP_RWX = 0x20000000000003f + CAP_MMAP_RX = 0x20000000000003d + CAP_MMAP_W = 0x20000000000001e + CAP_MMAP_WX = 0x20000000000003e + CAP_MMAP_X = 0x20000000000003c + CAP_PDGETPID = 0x400000000000200 + CAP_PDKILL = 0x400000000000800 + CAP_PDWAIT = 0x400000000000400 + CAP_PEELOFF = 0x200001000000000 + CAP_POLL_EVENT = 0x400000000000020 + CAP_PREAD = 0x20000000000000d + CAP_PWRITE = 0x20000000000000e + CAP_READ = 0x200000000000001 + CAP_RECV = 0x200000000000001 + CAP_RENAMEAT_SOURCE = 0x200000004000400 + CAP_RENAMEAT_TARGET = 0x200040000000400 + CAP_RIGHTS_VERSION = 0x0 + CAP_RIGHTS_VERSION_00 = 0x0 + CAP_SEEK = 0x20000000000000c + CAP_SEEK_TELL = 0x200000000000004 + CAP_SEM_GETVALUE = 0x400000000000004 + CAP_SEM_POST = 0x400000000000008 + CAP_SEM_WAIT = 0x400000000000010 + CAP_SEND = 0x200000000000002 + CAP_SETSOCKOPT = 0x200002000000000 + CAP_SHUTDOWN = 0x200004000000000 + CAP_SOCK_CLIENT = 0x200007780000003 + CAP_SOCK_SERVER = 0x200007f60000003 + CAP_SYMLINKAT = 0x200000008000400 + CAP_TTYHOOK = 0x400000000000100 + CAP_UNLINKAT = 0x200000010000400 + CAP_UNUSED0_44 = 0x200080000000000 + CAP_UNUSED0_57 = 0x300000000000000 + CAP_UNUSED1_22 = 0x400000000200000 + CAP_UNUSED1_57 = 0x500000000000000 + CAP_WRITE = 0x200000000000002 + CFLUSH = 0xf + CLOCAL = 0x8000 + CLOCK_BOOTTIME = 0x5 + CLOCK_MONOTONIC = 0x4 + CLOCK_MONOTONIC_COARSE = 0xc + CLOCK_MONOTONIC_FAST = 0xc + CLOCK_MONOTONIC_PRECISE = 0xb + CLOCK_PROCESS_CPUTIME_ID = 0xf + CLOCK_PROF = 0x2 + CLOCK_REALTIME = 0x0 + CLOCK_REALTIME_COARSE = 0xa + CLOCK_REALTIME_FAST = 0xa + CLOCK_REALTIME_PRECISE = 0x9 + CLOCK_SECOND = 0xd + CLOCK_THREAD_CPUTIME_ID = 0xe + CLOCK_UPTIME = 0x5 + CLOCK_UPTIME_FAST = 0x8 + CLOCK_UPTIME_PRECISE = 0x7 + CLOCK_VIRTUAL = 0x1 + CPUSTATES = 0x5 + CP_IDLE = 0x4 + CP_INTR = 0x3 + CP_NICE = 0x1 + CP_SYS = 0x2 + CP_USER = 0x0 + CREAD = 0x800 + CRTSCTS = 0x30000 + CS5 = 0x0 + CS6 = 0x100 + CS7 = 0x200 + CS8 = 0x300 + CSIZE = 0x300 + CSTART = 0x11 + CSTATUS = 0x14 + CSTOP = 0x13 + CSTOPB = 0x400 + CSUSP = 0x1a + CTL_HW = 0x6 + CTL_KERN = 0x1 + CTL_MAXNAME = 0x18 + CTL_NET = 0x4 + DIOCGATTR = 0xc148648e + DIOCGDELETE = 0x80106488 + DIOCGFLUSH = 0x20006487 + DIOCGFWHEADS = 0x40046483 + DIOCGFWSECTORS = 0x40046482 + DIOCGIDENT = 0x41006489 + DIOCGKERNELDUMP = 0xc0986492 + DIOCGMEDIASIZE = 0x40086481 + DIOCGPHYSPATH = 0x4400648d + DIOCGPROVIDERNAME = 0x4400648a + DIOCGSECTORSIZE = 0x40046480 + DIOCGSTRIPEOFFSET = 0x4008648c + DIOCGSTRIPESIZE = 0x4008648b + DIOCSKERNELDUMP = 0x80986491 + DIOCSKERNELDUMP_FREEBSD11 = 0x80046485 + DIOCSKERNELDUMP_FREEBSD12 = 0x80506490 + DIOCZONECMD = 0xc080648f + DLT_A429 = 0xb8 + DLT_A653_ICM = 0xb9 + DLT_AIRONET_HEADER = 0x78 + DLT_AOS = 0xde + DLT_APPLE_IP_OVER_IEEE1394 = 0x8a + DLT_ARCNET = 0x7 + DLT_ARCNET_LINUX = 0x81 + DLT_ATM_CLIP = 0x13 + DLT_ATM_RFC1483 = 0xb + DLT_AURORA = 0x7e + DLT_AX25 = 0x3 + DLT_AX25_KISS = 0xca + DLT_BACNET_MS_TP = 0xa5 + DLT_BLUETOOTH_BREDR_BB = 0xff + DLT_BLUETOOTH_HCI_H4 = 0xbb + DLT_BLUETOOTH_HCI_H4_WITH_PHDR = 0xc9 + DLT_BLUETOOTH_LE_LL = 0xfb + DLT_BLUETOOTH_LE_LL_WITH_PHDR = 0x100 + DLT_BLUETOOTH_LINUX_MONITOR = 0xfe + DLT_CAN20B = 0xbe + DLT_CAN_SOCKETCAN = 0xe3 + DLT_CHAOS = 0x5 + DLT_CHDLC = 0x68 + DLT_CISCO_IOS = 0x76 + DLT_CLASS_NETBSD_RAWAF = 0x2240000 + DLT_C_HDLC = 0x68 + DLT_C_HDLC_WITH_DIR = 0xcd + DLT_DBUS = 0xe7 + DLT_DECT = 0xdd + DLT_DISPLAYPORT_AUX = 0x113 + DLT_DOCSIS = 0x8f + DLT_DOCSIS31_XRA31 = 0x111 + DLT_DVB_CI = 0xeb + DLT_ECONET = 0x73 + DLT_EN10MB = 0x1 + DLT_EN3MB = 0x2 + DLT_ENC = 0x6d + DLT_EPON = 0x103 + DLT_ERF = 0xc5 + DLT_ERF_ETH = 0xaf + DLT_ERF_POS = 0xb0 + DLT_ETHERNET_MPACKET = 0x112 + DLT_FC_2 = 0xe0 + DLT_FC_2_WITH_FRAME_DELIMS = 0xe1 + DLT_FDDI = 0xa + DLT_FLEXRAY = 0xd2 + DLT_FRELAY = 0x6b + DLT_FRELAY_WITH_DIR = 0xce + DLT_GCOM_SERIAL = 0xad + DLT_GCOM_T1E1 = 0xac + DLT_GPF_F = 0xab + DLT_GPF_T = 0xaa + DLT_GPRS_LLC = 0xa9 + DLT_GSMTAP_ABIS = 0xda + DLT_GSMTAP_UM = 0xd9 + DLT_IBM_SN = 0x92 + DLT_IBM_SP = 0x91 + DLT_IEEE802 = 0x6 + DLT_IEEE802_11 = 0x69 + DLT_IEEE802_11_RADIO = 0x7f + DLT_IEEE802_11_RADIO_AVS = 0xa3 + DLT_IEEE802_15_4 = 0xc3 + DLT_IEEE802_15_4_LINUX = 0xbf + DLT_IEEE802_15_4_NOFCS = 0xe6 + DLT_IEEE802_15_4_NONASK_PHY = 0xd7 + DLT_IEEE802_16_MAC_CPS = 0xbc + DLT_IEEE802_16_MAC_CPS_RADIO = 0xc1 + DLT_INFINIBAND = 0xf7 + DLT_IPFILTER = 0x74 + DLT_IPMB_KONTRON = 0xc7 + DLT_IPMB_LINUX = 0xd1 + DLT_IPMI_HPM_2 = 0x104 + DLT_IPNET = 0xe2 + DLT_IPOIB = 0xf2 + DLT_IPV4 = 0xe4 + DLT_IPV6 = 0xe5 + DLT_IP_OVER_FC = 0x7a + DLT_ISO_14443 = 0x108 + DLT_JUNIPER_ATM1 = 0x89 + DLT_JUNIPER_ATM2 = 0x87 + DLT_JUNIPER_ATM_CEMIC = 0xee + DLT_JUNIPER_CHDLC = 0xb5 + DLT_JUNIPER_ES = 0x84 + DLT_JUNIPER_ETHER = 0xb2 + DLT_JUNIPER_FIBRECHANNEL = 0xea + DLT_JUNIPER_FRELAY = 0xb4 + DLT_JUNIPER_GGSN = 0x85 + DLT_JUNIPER_ISM = 0xc2 + DLT_JUNIPER_MFR = 0x86 + DLT_JUNIPER_MLFR = 0x83 + DLT_JUNIPER_MLPPP = 0x82 + DLT_JUNIPER_MONITOR = 0xa4 + DLT_JUNIPER_PIC_PEER = 0xae + DLT_JUNIPER_PPP = 0xb3 + DLT_JUNIPER_PPPOE = 0xa7 + DLT_JUNIPER_PPPOE_ATM = 0xa8 + DLT_JUNIPER_SERVICES = 0x88 + DLT_JUNIPER_SRX_E2E = 0xe9 + DLT_JUNIPER_ST = 0xc8 + DLT_JUNIPER_VP = 0xb7 + DLT_JUNIPER_VS = 0xe8 + DLT_LAPB_WITH_DIR = 0xcf + DLT_LAPD = 0xcb + DLT_LIN = 0xd4 + DLT_LINUX_EVDEV = 0xd8 + DLT_LINUX_IRDA = 0x90 + DLT_LINUX_LAPD = 0xb1 + DLT_LINUX_PPP_WITHDIRECTION = 0xa6 + DLT_LINUX_SLL = 0x71 + DLT_LINUX_SLL2 = 0x114 + DLT_LOOP = 0x6c + DLT_LORATAP = 0x10e + DLT_LTALK = 0x72 + DLT_MATCHING_MAX = 0x114 + DLT_MATCHING_MIN = 0x68 + DLT_MFR = 0xb6 + DLT_MOST = 0xd3 + DLT_MPEG_2_TS = 0xf3 + DLT_MPLS = 0xdb + DLT_MTP2 = 0x8c + DLT_MTP2_WITH_PHDR = 0x8b + DLT_MTP3 = 0x8d + DLT_MUX27010 = 0xec + DLT_NETANALYZER = 0xf0 + DLT_NETANALYZER_TRANSPARENT = 0xf1 + DLT_NETLINK = 0xfd + DLT_NFC_LLCP = 0xf5 + DLT_NFLOG = 0xef + DLT_NG40 = 0xf4 + DLT_NORDIC_BLE = 0x110 + DLT_NULL = 0x0 + DLT_OPENFLOW = 0x10b + DLT_PCI_EXP = 0x7d + DLT_PFLOG = 0x75 + DLT_PFSYNC = 0x79 + DLT_PKTAP = 0x102 + DLT_PPI = 0xc0 + DLT_PPP = 0x9 + DLT_PPP_BSDOS = 0xe + DLT_PPP_ETHER = 0x33 + DLT_PPP_PPPD = 0xa6 + DLT_PPP_SERIAL = 0x32 + DLT_PPP_WITH_DIR = 0xcc + DLT_PPP_WITH_DIRECTION = 0xa6 + DLT_PRISM_HEADER = 0x77 + DLT_PROFIBUS_DL = 0x101 + DLT_PRONET = 0x4 + DLT_RAIF1 = 0xc6 + DLT_RAW = 0xc + DLT_RDS = 0x109 + DLT_REDBACK_SMARTEDGE = 0x20 + DLT_RIO = 0x7c + DLT_RTAC_SERIAL = 0xfa + DLT_SCCP = 0x8e + DLT_SCTP = 0xf8 + DLT_SDLC = 0x10c + DLT_SITA = 0xc4 + DLT_SLIP = 0x8 + DLT_SLIP_BSDOS = 0xd + DLT_STANAG_5066_D_PDU = 0xed + DLT_SUNATM = 0x7b + DLT_SYMANTEC_FIREWALL = 0x63 + DLT_TI_LLN_SNIFFER = 0x10d + DLT_TZSP = 0x80 + DLT_USB = 0xba + DLT_USBPCAP = 0xf9 + DLT_USB_DARWIN = 0x10a + DLT_USB_FREEBSD = 0xba + DLT_USB_LINUX = 0xbd + DLT_USB_LINUX_MMAPPED = 0xdc + DLT_USER0 = 0x93 + DLT_USER1 = 0x94 + DLT_USER10 = 0x9d + DLT_USER11 = 0x9e + DLT_USER12 = 0x9f + DLT_USER13 = 0xa0 + DLT_USER14 = 0xa1 + DLT_USER15 = 0xa2 + DLT_USER2 = 0x95 + DLT_USER3 = 0x96 + DLT_USER4 = 0x97 + DLT_USER5 = 0x98 + DLT_USER6 = 0x99 + DLT_USER7 = 0x9a + DLT_USER8 = 0x9b + DLT_USER9 = 0x9c + DLT_VSOCK = 0x10f + DLT_WATTSTOPPER_DLM = 0x107 + DLT_WIHART = 0xdf + DLT_WIRESHARK_UPPER_PDU = 0xfc + DLT_X2E_SERIAL = 0xd5 + DLT_X2E_XORAYA = 0xd6 + DLT_ZWAVE_R1_R2 = 0x105 + DLT_ZWAVE_R3 = 0x106 + DT_BLK = 0x6 + DT_CHR = 0x2 + DT_DIR = 0x4 + DT_FIFO = 0x1 + DT_LNK = 0xa + DT_REG = 0x8 + DT_SOCK = 0xc + DT_UNKNOWN = 0x0 + DT_WHT = 0xe + ECHO = 0x8 + ECHOCTL = 0x40 + ECHOE = 0x2 + ECHOK = 0x4 + ECHOKE = 0x1 + ECHONL = 0x10 + ECHOPRT = 0x20 + EHE_DEAD_PRIORITY = -0x1 + EVFILT_AIO = -0x3 + EVFILT_EMPTY = -0xd + EVFILT_FS = -0x9 + EVFILT_LIO = -0xa + EVFILT_PROC = -0x5 + EVFILT_PROCDESC = -0x8 + EVFILT_READ = -0x1 + EVFILT_SENDFILE = -0xc + EVFILT_SIGNAL = -0x6 + EVFILT_SYSCOUNT = 0xd + EVFILT_TIMER = -0x7 + EVFILT_USER = -0xb + EVFILT_VNODE = -0x4 + EVFILT_WRITE = -0x2 + EVNAMEMAP_NAME_SIZE = 0x40 + EV_ADD = 0x1 + EV_CLEAR = 0x20 + EV_DELETE = 0x2 + EV_DISABLE = 0x8 + EV_DISPATCH = 0x80 + EV_DROP = 0x1000 + EV_ENABLE = 0x4 + EV_EOF = 0x8000 + EV_ERROR = 0x4000 + EV_FLAG1 = 0x2000 + EV_FLAG2 = 0x4000 + EV_FORCEONESHOT = 0x100 + EV_ONESHOT = 0x10 + EV_RECEIPT = 0x40 + EV_SYSFLAGS = 0xf000 + EXTA = 0x4b00 + EXTATTR_MAXNAMELEN = 0xff + EXTATTR_NAMESPACE_EMPTY = 0x0 + EXTATTR_NAMESPACE_SYSTEM = 0x2 + EXTATTR_NAMESPACE_USER = 0x1 + EXTB = 0x9600 + EXTPROC = 0x800 + FD_CLOEXEC = 0x1 + FD_NONE = -0xc8 + FD_SETSIZE = 0x400 + FLUSHO = 0x800000 + F_ADD_SEALS = 0x13 + F_CANCEL = 0x5 + F_DUP2FD = 0xa + F_DUP2FD_CLOEXEC = 0x12 + F_DUPFD = 0x0 + F_DUPFD_CLOEXEC = 0x11 + F_GETFD = 0x1 + F_GETFL = 0x3 + F_GETLK = 0xb + F_GETOWN = 0x5 + F_GET_SEALS = 0x14 + F_ISUNIONSTACK = 0x15 + F_KINFO = 0x16 + F_OGETLK = 0x7 + F_OK = 0x0 + F_OSETLK = 0x8 + F_OSETLKW = 0x9 + F_RDAHEAD = 0x10 + F_RDLCK = 0x1 + F_READAHEAD = 0xf + F_SEAL_GROW = 0x4 + F_SEAL_SEAL = 0x1 + F_SEAL_SHRINK = 0x2 + F_SEAL_WRITE = 0x8 + F_SETFD = 0x2 + F_SETFL = 0x4 + F_SETLK = 0xc + F_SETLKW = 0xd + F_SETLK_REMOTE = 0xe + F_SETOWN = 0x6 + F_UNLCK = 0x2 + F_UNLCKSYS = 0x4 + F_WRLCK = 0x3 + HUPCL = 0x4000 + HW_MACHINE = 0x1 + ICANON = 0x100 + ICMP6_FILTER = 0x12 + ICRNL = 0x100 + IEXTEN = 0x400 + IFAN_ARRIVAL = 0x0 + IFAN_DEPARTURE = 0x1 + IFCAP_WOL_MAGIC = 0x2000 + IFF_ALLMULTI = 0x200 + IFF_ALTPHYS = 0x4000 + IFF_BROADCAST = 0x2 + IFF_CANTCHANGE = 0x218f72 + IFF_CANTCONFIG = 0x10000 + IFF_DEBUG = 0x4 + IFF_DRV_OACTIVE = 0x400 + IFF_DRV_RUNNING = 0x40 + IFF_DYING = 0x200000 + IFF_KNOWSEPOCH = 0x20 + IFF_LINK0 = 0x1000 + IFF_LINK1 = 0x2000 + IFF_LINK2 = 0x4000 + IFF_LOOPBACK = 0x8 + IFF_MONITOR = 0x40000 + IFF_MULTICAST = 0x8000 + IFF_NOARP = 0x80 + IFF_NOGROUP = 0x800000 + IFF_OACTIVE = 0x400 + IFF_POINTOPOINT = 0x10 + IFF_PPROMISC = 0x20000 + IFF_PROMISC = 0x100 + IFF_RENAMING = 0x400000 + IFF_RUNNING = 0x40 + IFF_SIMPLEX = 0x800 + IFF_STATICARP = 0x80000 + IFF_UP = 0x1 + IFNAMSIZ = 0x10 + IFT_BRIDGE = 0xd1 + IFT_CARP = 0xf8 + IFT_IEEE1394 = 0x90 + IFT_INFINIBAND = 0xc7 + IFT_L2VLAN = 0x87 + IFT_L3IPVLAN = 0x88 + IFT_PPP = 0x17 + IFT_PROPVIRTUAL = 0x35 + IGNBRK = 0x1 + IGNCR = 0x80 + IGNPAR = 0x4 + IMAXBEL = 0x2000 + INLCR = 0x40 + INPCK = 0x10 + IN_CLASSA_HOST = 0xffffff + IN_CLASSA_MAX = 0x80 + IN_CLASSA_NET = 0xff000000 + IN_CLASSA_NSHIFT = 0x18 + IN_CLASSB_HOST = 0xffff + IN_CLASSB_MAX = 0x10000 + IN_CLASSB_NET = 0xffff0000 + IN_CLASSB_NSHIFT = 0x10 + IN_CLASSC_HOST = 0xff + IN_CLASSC_NET = 0xffffff00 + IN_CLASSC_NSHIFT = 0x8 + IN_CLASSD_HOST = 0xfffffff + IN_CLASSD_NET = 0xf0000000 + IN_CLASSD_NSHIFT = 0x1c + IN_LOOPBACKNET = 0x7f + IN_NETMASK_DEFAULT = 0xffffff00 + IN_RFC3021_MASK = 0xfffffffe + IPPROTO_3PC = 0x22 + IPPROTO_ADFS = 0x44 + IPPROTO_AH = 0x33 + IPPROTO_AHIP = 0x3d + IPPROTO_APES = 0x63 + IPPROTO_ARGUS = 0xd + IPPROTO_AX25 = 0x5d + IPPROTO_BHA = 0x31 + IPPROTO_BLT = 0x1e + IPPROTO_BRSATMON = 0x4c + IPPROTO_CARP = 0x70 + IPPROTO_CFTP = 0x3e + IPPROTO_CHAOS = 0x10 + IPPROTO_CMTP = 0x26 + IPPROTO_CPHB = 0x49 + IPPROTO_CPNX = 0x48 + IPPROTO_DCCP = 0x21 + IPPROTO_DDP = 0x25 + IPPROTO_DGP = 0x56 + IPPROTO_DIVERT = 0x102 + IPPROTO_DONE = 0x101 + IPPROTO_DSTOPTS = 0x3c + IPPROTO_EGP = 0x8 + IPPROTO_EMCON = 0xe + IPPROTO_ENCAP = 0x62 + IPPROTO_EON = 0x50 + IPPROTO_ESP = 0x32 + IPPROTO_ETHERIP = 0x61 + IPPROTO_FRAGMENT = 0x2c + IPPROTO_GGP = 0x3 + IPPROTO_GMTP = 0x64 + IPPROTO_GRE = 0x2f + IPPROTO_HELLO = 0x3f + IPPROTO_HIP = 0x8b + IPPROTO_HMP = 0x14 + IPPROTO_HOPOPTS = 0x0 + IPPROTO_ICMP = 0x1 + IPPROTO_ICMPV6 = 0x3a + IPPROTO_IDP = 0x16 + IPPROTO_IDPR = 0x23 + IPPROTO_IDRP = 0x2d + IPPROTO_IGMP = 0x2 + IPPROTO_IGP = 0x55 + IPPROTO_IGRP = 0x58 + IPPROTO_IL = 0x28 + IPPROTO_INLSP = 0x34 + IPPROTO_INP = 0x20 + IPPROTO_IP = 0x0 + IPPROTO_IPCOMP = 0x6c + IPPROTO_IPCV = 0x47 + IPPROTO_IPEIP = 0x5e + IPPROTO_IPIP = 0x4 + IPPROTO_IPPC = 0x43 + IPPROTO_IPV4 = 0x4 + IPPROTO_IPV6 = 0x29 + IPPROTO_IRTP = 0x1c + IPPROTO_KRYPTOLAN = 0x41 + IPPROTO_LARP = 0x5b + IPPROTO_LEAF1 = 0x19 + IPPROTO_LEAF2 = 0x1a + IPPROTO_MAX = 0x100 + IPPROTO_MEAS = 0x13 + IPPROTO_MH = 0x87 + IPPROTO_MHRP = 0x30 + IPPROTO_MICP = 0x5f + IPPROTO_MOBILE = 0x37 + IPPROTO_MPLS = 0x89 + IPPROTO_MTP = 0x5c + IPPROTO_MUX = 0x12 + IPPROTO_ND = 0x4d + IPPROTO_NHRP = 0x36 + IPPROTO_NONE = 0x3b + IPPROTO_NSP = 0x1f + IPPROTO_NVPII = 0xb + IPPROTO_OLD_DIVERT = 0xfe + IPPROTO_OSPFIGP = 0x59 + IPPROTO_PFSYNC = 0xf0 + IPPROTO_PGM = 0x71 + IPPROTO_PIGP = 0x9 + IPPROTO_PIM = 0x67 + IPPROTO_PRM = 0x15 + IPPROTO_PUP = 0xc + IPPROTO_PVP = 0x4b + IPPROTO_RAW = 0xff + IPPROTO_RCCMON = 0xa + IPPROTO_RDP = 0x1b + IPPROTO_RESERVED_253 = 0xfd + IPPROTO_RESERVED_254 = 0xfe + IPPROTO_ROUTING = 0x2b + IPPROTO_RSVP = 0x2e + IPPROTO_RVD = 0x42 + IPPROTO_SATEXPAK = 0x40 + IPPROTO_SATMON = 0x45 + IPPROTO_SCCSP = 0x60 + IPPROTO_SCTP = 0x84 + IPPROTO_SDRP = 0x2a + IPPROTO_SEND = 0x103 + IPPROTO_SHIM6 = 0x8c + IPPROTO_SKIP = 0x39 + IPPROTO_SPACER = 0x7fff + IPPROTO_SRPC = 0x5a + IPPROTO_ST = 0x7 + IPPROTO_SVMTP = 0x52 + IPPROTO_SWIPE = 0x35 + IPPROTO_TCF = 0x57 + IPPROTO_TCP = 0x6 + IPPROTO_TLSP = 0x38 + IPPROTO_TP = 0x1d + IPPROTO_TPXX = 0x27 + IPPROTO_TRUNK1 = 0x17 + IPPROTO_TRUNK2 = 0x18 + IPPROTO_TTP = 0x54 + IPPROTO_UDP = 0x11 + IPPROTO_UDPLITE = 0x88 + IPPROTO_VINES = 0x53 + IPPROTO_VISA = 0x46 + IPPROTO_VMTP = 0x51 + IPPROTO_WBEXPAK = 0x4f + IPPROTO_WBMON = 0x4e + IPPROTO_WSN = 0x4a + IPPROTO_XNET = 0xf + IPPROTO_XTP = 0x24 + IPV6_AUTOFLOWLABEL = 0x3b + IPV6_BINDANY = 0x40 + IPV6_BINDMULTI = 0x41 + IPV6_BINDV6ONLY = 0x1b + IPV6_CHECKSUM = 0x1a + IPV6_DEFAULT_MULTICAST_HOPS = 0x1 + IPV6_DEFAULT_MULTICAST_LOOP = 0x1 + IPV6_DEFHLIM = 0x40 + IPV6_DONTFRAG = 0x3e + IPV6_DSTOPTS = 0x32 + IPV6_FLOWID = 0x43 + IPV6_FLOWINFO_MASK = 0xffffff0f + IPV6_FLOWLABEL_LEN = 0x14 + IPV6_FLOWLABEL_MASK = 0xffff0f00 + IPV6_FLOWTYPE = 0x44 + IPV6_FRAGTTL = 0x78 + IPV6_FW_ADD = 0x1e + IPV6_FW_DEL = 0x1f + IPV6_FW_FLUSH = 0x20 + IPV6_FW_GET = 0x22 + IPV6_FW_ZERO = 0x21 + IPV6_HLIMDEC = 0x1 + IPV6_HOPLIMIT = 0x2f + IPV6_HOPOPTS = 0x31 + IPV6_IPSEC_POLICY = 0x1c + IPV6_JOIN_GROUP = 0xc + IPV6_LEAVE_GROUP = 0xd + IPV6_MAXHLIM = 0xff + IPV6_MAXOPTHDR = 0x800 + IPV6_MAXPACKET = 0xffff + IPV6_MAX_GROUP_SRC_FILTER = 0x200 + IPV6_MAX_MEMBERSHIPS = 0xfff + IPV6_MAX_SOCK_SRC_FILTER = 0x80 + IPV6_MMTU = 0x500 + IPV6_MSFILTER = 0x4a + IPV6_MULTICAST_HOPS = 0xa + IPV6_MULTICAST_IF = 0x9 + IPV6_MULTICAST_LOOP = 0xb + IPV6_NEXTHOP = 0x30 + IPV6_ORIGDSTADDR = 0x48 + IPV6_PATHMTU = 0x2c + IPV6_PKTINFO = 0x2e + IPV6_PORTRANGE = 0xe + IPV6_PORTRANGE_DEFAULT = 0x0 + IPV6_PORTRANGE_HIGH = 0x1 + IPV6_PORTRANGE_LOW = 0x2 + IPV6_PREFER_TEMPADDR = 0x3f + IPV6_RECVDSTOPTS = 0x28 + IPV6_RECVFLOWID = 0x46 + IPV6_RECVHOPLIMIT = 0x25 + IPV6_RECVHOPOPTS = 0x27 + IPV6_RECVORIGDSTADDR = 0x48 + IPV6_RECVPATHMTU = 0x2b + IPV6_RECVPKTINFO = 0x24 + IPV6_RECVRSSBUCKETID = 0x47 + IPV6_RECVRTHDR = 0x26 + IPV6_RECVTCLASS = 0x39 + IPV6_RSSBUCKETID = 0x45 + IPV6_RSS_LISTEN_BUCKET = 0x42 + IPV6_RTHDR = 0x33 + IPV6_RTHDRDSTOPTS = 0x23 + IPV6_RTHDR_LOOSE = 0x0 + IPV6_RTHDR_STRICT = 0x1 + IPV6_RTHDR_TYPE_0 = 0x0 + IPV6_SOCKOPT_RESERVED1 = 0x3 + IPV6_TCLASS = 0x3d + IPV6_UNICAST_HOPS = 0x4 + IPV6_USE_MIN_MTU = 0x2a + IPV6_V6ONLY = 0x1b + IPV6_VERSION = 0x60 + IPV6_VERSION_MASK = 0xf0 + IPV6_VLAN_PCP = 0x4b + IP_ADD_MEMBERSHIP = 0xc + IP_ADD_SOURCE_MEMBERSHIP = 0x46 + IP_BINDANY = 0x18 + IP_BINDMULTI = 0x19 + IP_BLOCK_SOURCE = 0x48 + IP_DEFAULT_MULTICAST_LOOP = 0x1 + IP_DEFAULT_MULTICAST_TTL = 0x1 + IP_DF = 0x4000 + IP_DONTFRAG = 0x43 + IP_DROP_MEMBERSHIP = 0xd + IP_DROP_SOURCE_MEMBERSHIP = 0x47 + IP_DUMMYNET3 = 0x31 + IP_DUMMYNET_CONFIGURE = 0x3c + IP_DUMMYNET_DEL = 0x3d + IP_DUMMYNET_FLUSH = 0x3e + IP_DUMMYNET_GET = 0x40 + IP_FLOWID = 0x5a + IP_FLOWTYPE = 0x5b + IP_FW3 = 0x30 + IP_FW_ADD = 0x32 + IP_FW_DEL = 0x33 + IP_FW_FLUSH = 0x34 + IP_FW_GET = 0x36 + IP_FW_NAT_CFG = 0x38 + IP_FW_NAT_DEL = 0x39 + IP_FW_NAT_GET_CONFIG = 0x3a + IP_FW_NAT_GET_LOG = 0x3b + IP_FW_RESETLOG = 0x37 + IP_FW_TABLE_ADD = 0x28 + IP_FW_TABLE_DEL = 0x29 + IP_FW_TABLE_FLUSH = 0x2a + IP_FW_TABLE_GETSIZE = 0x2b + IP_FW_TABLE_LIST = 0x2c + IP_FW_ZERO = 0x35 + IP_HDRINCL = 0x2 + IP_IPSEC_POLICY = 0x15 + IP_MAXPACKET = 0xffff + IP_MAX_GROUP_SRC_FILTER = 0x200 + IP_MAX_MEMBERSHIPS = 0xfff + IP_MAX_SOCK_MUTE_FILTER = 0x80 + IP_MAX_SOCK_SRC_FILTER = 0x80 + IP_MF = 0x2000 + IP_MINTTL = 0x42 + IP_MSFILTER = 0x4a + IP_MSS = 0x240 + IP_MULTICAST_IF = 0x9 + IP_MULTICAST_LOOP = 0xb + IP_MULTICAST_TTL = 0xa + IP_MULTICAST_VIF = 0xe + IP_OFFMASK = 0x1fff + IP_ONESBCAST = 0x17 + IP_OPTIONS = 0x1 + IP_ORIGDSTADDR = 0x1b + IP_PORTRANGE = 0x13 + IP_PORTRANGE_DEFAULT = 0x0 + IP_PORTRANGE_HIGH = 0x1 + IP_PORTRANGE_LOW = 0x2 + IP_RECVDSTADDR = 0x7 + IP_RECVFLOWID = 0x5d + IP_RECVIF = 0x14 + IP_RECVOPTS = 0x5 + IP_RECVORIGDSTADDR = 0x1b + IP_RECVRETOPTS = 0x6 + IP_RECVRSSBUCKETID = 0x5e + IP_RECVTOS = 0x44 + IP_RECVTTL = 0x41 + IP_RETOPTS = 0x8 + IP_RF = 0x8000 + IP_RSSBUCKETID = 0x5c + IP_RSS_LISTEN_BUCKET = 0x1a + IP_RSVP_OFF = 0x10 + IP_RSVP_ON = 0xf + IP_RSVP_VIF_OFF = 0x12 + IP_RSVP_VIF_ON = 0x11 + IP_SENDSRCADDR = 0x7 + IP_TOS = 0x3 + IP_TTL = 0x4 + IP_UNBLOCK_SOURCE = 0x49 + IP_VLAN_PCP = 0x4b + ISIG = 0x80 + ISTRIP = 0x20 + ITIMER_PROF = 0x2 + ITIMER_REAL = 0x0 + ITIMER_VIRTUAL = 0x1 + IXANY = 0x800 + IXOFF = 0x400 + IXON = 0x200 + KERN_HOSTNAME = 0xa + KERN_OSRELEASE = 0x2 + KERN_OSTYPE = 0x1 + KERN_VERSION = 0x4 + LOCAL_CONNWAIT = 0x4 + LOCAL_CREDS = 0x2 + LOCAL_CREDS_PERSISTENT = 0x3 + LOCAL_PEERCRED = 0x1 + LOCAL_VENDOR = 0x80000000 + LOCK_EX = 0x2 + LOCK_NB = 0x4 + LOCK_SH = 0x1 + LOCK_UN = 0x8 + MADV_AUTOSYNC = 0x7 + MADV_CORE = 0x9 + MADV_DONTNEED = 0x4 + MADV_FREE = 0x5 + MADV_NOCORE = 0x8 + MADV_NORMAL = 0x0 + MADV_NOSYNC = 0x6 + MADV_PROTECT = 0xa + MADV_RANDOM = 0x1 + MADV_SEQUENTIAL = 0x2 + MADV_WILLNEED = 0x3 + MAP_32BIT = 0x80000 + MAP_ALIGNED_SUPER = 0x1000000 + MAP_ALIGNMENT_MASK = -0x1000000 + MAP_ALIGNMENT_SHIFT = 0x18 + MAP_ANON = 0x1000 + MAP_ANONYMOUS = 0x1000 + MAP_COPY = 0x2 + MAP_EXCL = 0x4000 + MAP_FILE = 0x0 + MAP_FIXED = 0x10 + MAP_GUARD = 0x2000 + MAP_HASSEMAPHORE = 0x200 + MAP_NOCORE = 0x20000 + MAP_NOSYNC = 0x800 + MAP_PREFAULT_READ = 0x40000 + MAP_PRIVATE = 0x2 + MAP_RESERVED0020 = 0x20 + MAP_RESERVED0040 = 0x40 + MAP_RESERVED0080 = 0x80 + MAP_RESERVED0100 = 0x100 + MAP_SHARED = 0x1 + MAP_STACK = 0x400 + MCAST_BLOCK_SOURCE = 0x54 + MCAST_EXCLUDE = 0x2 + MCAST_INCLUDE = 0x1 + MCAST_JOIN_GROUP = 0x50 + MCAST_JOIN_SOURCE_GROUP = 0x52 + MCAST_LEAVE_GROUP = 0x51 + MCAST_LEAVE_SOURCE_GROUP = 0x53 + MCAST_UNBLOCK_SOURCE = 0x55 + MCAST_UNDEFINED = 0x0 + MCL_CURRENT = 0x1 + MCL_FUTURE = 0x2 + MFD_ALLOW_SEALING = 0x2 + MFD_CLOEXEC = 0x1 + MFD_HUGETLB = 0x4 + MFD_HUGE_16GB = -0x78000000 + MFD_HUGE_16MB = 0x60000000 + MFD_HUGE_1GB = 0x78000000 + MFD_HUGE_1MB = 0x50000000 + MFD_HUGE_256MB = 0x70000000 + MFD_HUGE_2GB = 0x7c000000 + MFD_HUGE_2MB = 0x54000000 + MFD_HUGE_32MB = 0x64000000 + MFD_HUGE_512KB = 0x4c000000 + MFD_HUGE_512MB = 0x74000000 + MFD_HUGE_64KB = 0x40000000 + MFD_HUGE_8MB = 0x5c000000 + MFD_HUGE_MASK = 0xfc000000 + MFD_HUGE_SHIFT = 0x1a + MNT_ACLS = 0x8000000 + MNT_ASYNC = 0x40 + MNT_AUTOMOUNTED = 0x200000000 + MNT_BYFSID = 0x8000000 + MNT_CMDFLAGS = 0x300d0f0000 + MNT_DEFEXPORTED = 0x200 + MNT_DELEXPORT = 0x20000 + MNT_EMPTYDIR = 0x2000000000 + MNT_EXKERB = 0x800 + MNT_EXPORTANON = 0x400 + MNT_EXPORTED = 0x100 + MNT_EXPUBLIC = 0x20000000 + MNT_EXRDONLY = 0x80 + MNT_EXTLS = 0x4000000000 + MNT_EXTLSCERT = 0x8000000000 + MNT_EXTLSCERTUSER = 0x10000000000 + MNT_FORCE = 0x80000 + MNT_GJOURNAL = 0x2000000 + MNT_IGNORE = 0x800000 + MNT_LAZY = 0x3 + MNT_LOCAL = 0x1000 + MNT_MULTILABEL = 0x4000000 + MNT_NFS4ACLS = 0x10 + MNT_NOATIME = 0x10000000 + MNT_NOCLUSTERR = 0x40000000 + MNT_NOCLUSTERW = 0x80000000 + MNT_NOCOVER = 0x1000000000 + MNT_NOEXEC = 0x4 + MNT_NONBUSY = 0x4000000 + MNT_NOSUID = 0x8 + MNT_NOSYMFOLLOW = 0x400000 + MNT_NOWAIT = 0x2 + MNT_QUOTA = 0x2000 + MNT_RDONLY = 0x1 + MNT_RELOAD = 0x40000 + MNT_ROOTFS = 0x4000 + MNT_SNAPSHOT = 0x1000000 + MNT_SOFTDEP = 0x200000 + MNT_SUIDDIR = 0x100000 + MNT_SUJ = 0x100000000 + MNT_SUSPEND = 0x4 + MNT_SYNCHRONOUS = 0x2 + MNT_UNION = 0x20 + MNT_UNTRUSTED = 0x800000000 + MNT_UPDATE = 0x10000 + MNT_UPDATEMASK = 0xad8d0807e + MNT_USER = 0x8000 + MNT_VERIFIED = 0x400000000 + MNT_VISFLAGMASK = 0xffef0ffff + MNT_WAIT = 0x1 + MSG_CMSG_CLOEXEC = 0x40000 + MSG_COMPAT = 0x8000 + MSG_CTRUNC = 0x20 + MSG_DONTROUTE = 0x4 + MSG_DONTWAIT = 0x80 + MSG_EOF = 0x100 + MSG_EOR = 0x8 + MSG_NBIO = 0x4000 + MSG_NOSIGNAL = 0x20000 + MSG_NOTIFICATION = 0x2000 + MSG_OOB = 0x1 + MSG_PEEK = 0x2 + MSG_TRUNC = 0x10 + MSG_WAITALL = 0x40 + MSG_WAITFORONE = 0x80000 + MS_ASYNC = 0x1 + MS_INVALIDATE = 0x2 + MS_SYNC = 0x0 + NAME_MAX = 0xff + NET_RT_DUMP = 0x1 + NET_RT_FLAGS = 0x2 + NET_RT_IFLIST = 0x3 + NET_RT_IFLISTL = 0x5 + NET_RT_IFMALIST = 0x4 + NET_RT_NHGRP = 0x7 + NET_RT_NHOP = 0x6 + NFDBITS = 0x40 + NOFLSH = 0x80000000 + NOKERNINFO = 0x2000000 + NOTE_ABSTIME = 0x10 + NOTE_ATTRIB = 0x8 + NOTE_CHILD = 0x4 + NOTE_CLOSE = 0x100 + NOTE_CLOSE_WRITE = 0x200 + NOTE_DELETE = 0x1 + NOTE_EXEC = 0x20000000 + NOTE_EXIT = 0x80000000 + NOTE_EXTEND = 0x4 + NOTE_FFAND = 0x40000000 + NOTE_FFCOPY = 0xc0000000 + NOTE_FFCTRLMASK = 0xc0000000 + NOTE_FFLAGSMASK = 0xffffff + NOTE_FFNOP = 0x0 + NOTE_FFOR = 0x80000000 + NOTE_FILE_POLL = 0x2 + NOTE_FORK = 0x40000000 + NOTE_LINK = 0x10 + NOTE_LOWAT = 0x1 + NOTE_MSECONDS = 0x2 + NOTE_NSECONDS = 0x8 + NOTE_OPEN = 0x80 + NOTE_PCTRLMASK = 0xf0000000 + NOTE_PDATAMASK = 0xfffff + NOTE_READ = 0x400 + NOTE_RENAME = 0x20 + NOTE_REVOKE = 0x40 + NOTE_SECONDS = 0x1 + NOTE_TRACK = 0x1 + NOTE_TRACKERR = 0x2 + NOTE_TRIGGER = 0x1000000 + NOTE_USECONDS = 0x4 + NOTE_WRITE = 0x2 + OCRNL = 0x10 + ONLCR = 0x2 + ONLRET = 0x40 + ONOCR = 0x20 + ONOEOT = 0x8 + OPOST = 0x1 + OXTABS = 0x4 + O_ACCMODE = 0x3 + O_APPEND = 0x8 + O_ASYNC = 0x40 + O_CLOEXEC = 0x100000 + O_CREAT = 0x200 + O_DIRECT = 0x10000 + O_DIRECTORY = 0x20000 + O_DSYNC = 0x1000000 + O_EMPTY_PATH = 0x2000000 + O_EXCL = 0x800 + O_EXEC = 0x40000 + O_EXLOCK = 0x20 + O_FSYNC = 0x80 + O_NDELAY = 0x4 + O_NOCTTY = 0x8000 + O_NOFOLLOW = 0x100 + O_NONBLOCK = 0x4 + O_PATH = 0x400000 + O_RDONLY = 0x0 + O_RDWR = 0x2 + O_RESOLVE_BENEATH = 0x800000 + O_SEARCH = 0x40000 + O_SHLOCK = 0x10 + O_SYNC = 0x80 + O_TRUNC = 0x400 + O_TTY_INIT = 0x80000 + O_VERIFY = 0x200000 + O_WRONLY = 0x1 + PARENB = 0x1000 + PARMRK = 0x8 + PARODD = 0x2000 + PENDIN = 0x20000000 + PIOD_READ_D = 0x1 + PIOD_READ_I = 0x3 + PIOD_WRITE_D = 0x2 + PIOD_WRITE_I = 0x4 + PRIO_PGRP = 0x1 + PRIO_PROCESS = 0x0 + PRIO_USER = 0x2 + PROT_EXEC = 0x4 + PROT_NONE = 0x0 + PROT_READ = 0x1 + PROT_WRITE = 0x2 + PTRACE_DEFAULT = 0x1 + PTRACE_EXEC = 0x1 + PTRACE_FORK = 0x8 + PTRACE_LWP = 0x10 + PTRACE_SCE = 0x2 + PTRACE_SCX = 0x4 + PTRACE_SYSCALL = 0x6 + PTRACE_VFORK = 0x20 + PT_ATTACH = 0xa + PT_CLEARSTEP = 0x10 + PT_CONTINUE = 0x7 + PT_COREDUMP = 0x1d + PT_DETACH = 0xb + PT_FIRSTMACH = 0x40 + PT_FOLLOW_FORK = 0x17 + PT_GETDBREGS = 0x25 + PT_GETFPREGS = 0x23 + PT_GETLWPLIST = 0xf + PT_GETNUMLWPS = 0xe + PT_GETREGS = 0x21 + PT_GET_EVENT_MASK = 0x19 + PT_GET_SC_ARGS = 0x1b + PT_GET_SC_RET = 0x1c + PT_IO = 0xc + PT_KILL = 0x8 + PT_LWPINFO = 0xd + PT_LWP_EVENTS = 0x18 + PT_READ_D = 0x2 + PT_READ_I = 0x1 + PT_RESUME = 0x13 + PT_SETDBREGS = 0x26 + PT_SETFPREGS = 0x24 + PT_SETREGS = 0x22 + PT_SETSTEP = 0x11 + PT_SET_EVENT_MASK = 0x1a + PT_STEP = 0x9 + PT_SUSPEND = 0x12 + PT_SYSCALL = 0x16 + PT_TO_SCE = 0x14 + PT_TO_SCX = 0x15 + PT_TRACE_ME = 0x0 + PT_VM_ENTRY = 0x29 + PT_VM_TIMESTAMP = 0x28 + PT_WRITE_D = 0x5 + PT_WRITE_I = 0x4 + P_ZONEID = 0xc + RLIMIT_AS = 0xa + RLIMIT_CORE = 0x4 + RLIMIT_CPU = 0x0 + RLIMIT_DATA = 0x2 + RLIMIT_FSIZE = 0x1 + RLIMIT_MEMLOCK = 0x6 + RLIMIT_NOFILE = 0x8 + RLIMIT_NPROC = 0x7 + RLIMIT_RSS = 0x5 + RLIMIT_STACK = 0x3 + RLIM_INFINITY = 0x7fffffffffffffff + RTAX_AUTHOR = 0x6 + RTAX_BRD = 0x7 + RTAX_DST = 0x0 + RTAX_GATEWAY = 0x1 + RTAX_GENMASK = 0x3 + RTAX_IFA = 0x5 + RTAX_IFP = 0x4 + RTAX_MAX = 0x8 + RTAX_NETMASK = 0x2 + RTA_AUTHOR = 0x40 + RTA_BRD = 0x80 + RTA_DST = 0x1 + RTA_GATEWAY = 0x2 + RTA_GENMASK = 0x8 + RTA_IFA = 0x20 + RTA_IFP = 0x10 + RTA_NETMASK = 0x4 + RTF_BLACKHOLE = 0x1000 + RTF_BROADCAST = 0x400000 + RTF_DONE = 0x40 + RTF_DYNAMIC = 0x10 + RTF_FIXEDMTU = 0x80000 + RTF_FMASK = 0x1004d808 + RTF_GATEWAY = 0x2 + RTF_GWFLAG_COMPAT = 0x80000000 + RTF_HOST = 0x4 + RTF_LLDATA = 0x400 + RTF_LLINFO = 0x400 + RTF_LOCAL = 0x200000 + RTF_MODIFIED = 0x20 + RTF_MULTICAST = 0x800000 + RTF_PINNED = 0x100000 + RTF_PROTO1 = 0x8000 + RTF_PROTO2 = 0x4000 + RTF_PROTO3 = 0x40000 + RTF_REJECT = 0x8 + RTF_STATIC = 0x800 + RTF_STICKY = 0x10000000 + RTF_UP = 0x1 + RTF_XRESOLVE = 0x200 + RTM_ADD = 0x1 + RTM_CHANGE = 0x3 + RTM_DELADDR = 0xd + RTM_DELETE = 0x2 + RTM_DELMADDR = 0x10 + RTM_GET = 0x4 + RTM_IEEE80211 = 0x12 + RTM_IFANNOUNCE = 0x11 + RTM_IFINFO = 0xe + RTM_LOCK = 0x8 + RTM_LOSING = 0x5 + RTM_MISS = 0x7 + RTM_NEWADDR = 0xc + RTM_NEWMADDR = 0xf + RTM_REDIRECT = 0x6 + RTM_RESOLVE = 0xb + RTM_RTTUNIT = 0xf4240 + RTM_VERSION = 0x5 + RTV_EXPIRE = 0x4 + RTV_HOPCOUNT = 0x2 + RTV_MTU = 0x1 + RTV_RPIPE = 0x8 + RTV_RTT = 0x40 + RTV_RTTVAR = 0x80 + RTV_SPIPE = 0x10 + RTV_SSTHRESH = 0x20 + RTV_WEIGHT = 0x100 + RT_ALL_FIBS = -0x1 + RT_BLACKHOLE = 0x40 + RT_DEFAULT_FIB = 0x0 + RT_DEFAULT_WEIGHT = 0x1 + RT_HAS_GW = 0x80 + RT_HAS_HEADER = 0x10 + RT_HAS_HEADER_BIT = 0x4 + RT_L2_ME = 0x4 + RT_L2_ME_BIT = 0x2 + RT_LLE_CACHE = 0x100 + RT_MAX_WEIGHT = 0xffffff + RT_MAY_LOOP = 0x8 + RT_MAY_LOOP_BIT = 0x3 + RT_REJECT = 0x20 + RUSAGE_CHILDREN = -0x1 + RUSAGE_SELF = 0x0 + RUSAGE_THREAD = 0x1 + SCM_BINTIME = 0x4 + SCM_CREDS = 0x3 + SCM_CREDS2 = 0x8 + SCM_MONOTONIC = 0x6 + SCM_REALTIME = 0x5 + SCM_RIGHTS = 0x1 + SCM_TIMESTAMP = 0x2 + SCM_TIME_INFO = 0x7 + SEEK_CUR = 0x1 + SEEK_DATA = 0x3 + SEEK_END = 0x2 + SEEK_HOLE = 0x4 + SEEK_SET = 0x0 + SHUT_RD = 0x0 + SHUT_RDWR = 0x2 + SHUT_WR = 0x1 + SIOCADDMULTI = 0x80206931 + SIOCAIFADDR = 0x8040691a + SIOCAIFGROUP = 0x80286987 + SIOCATMARK = 0x40047307 + SIOCDELMULTI = 0x80206932 + SIOCDIFADDR = 0x80206919 + SIOCDIFGROUP = 0x80286989 + SIOCDIFPHYADDR = 0x80206949 + SIOCGDRVSPEC = 0xc028697b + SIOCGETSGCNT = 0xc0207210 + SIOCGETVIFCNT = 0xc028720f + SIOCGHIWAT = 0x40047301 + SIOCGHWADDR = 0xc020693e + SIOCGI2C = 0xc020693d + SIOCGIFADDR = 0xc0206921 + SIOCGIFALIAS = 0xc044692d + SIOCGIFBRDADDR = 0xc0206923 + SIOCGIFCAP = 0xc020691f + SIOCGIFCONF = 0xc0106924 + SIOCGIFDATA = 0x8020692c + SIOCGIFDESCR = 0xc020692a + SIOCGIFDOWNREASON = 0xc058699a + SIOCGIFDSTADDR = 0xc0206922 + SIOCGIFFIB = 0xc020695c + SIOCGIFFLAGS = 0xc0206911 + SIOCGIFGENERIC = 0xc020693a + SIOCGIFGMEMB = 0xc028698a + SIOCGIFGROUP = 0xc0286988 + SIOCGIFINDEX = 0xc0206920 + SIOCGIFMAC = 0xc0206926 + SIOCGIFMEDIA = 0xc0306938 + SIOCGIFMETRIC = 0xc0206917 + SIOCGIFMTU = 0xc0206933 + SIOCGIFNETMASK = 0xc0206925 + SIOCGIFPDSTADDR = 0xc0206948 + SIOCGIFPHYS = 0xc0206935 + SIOCGIFPSRCADDR = 0xc0206947 + SIOCGIFRSSHASH = 0xc0186997 + SIOCGIFRSSKEY = 0xc0946996 + SIOCGIFSTATUS = 0xc331693b + SIOCGIFXMEDIA = 0xc030698b + SIOCGLANPCP = 0xc0206998 + SIOCGLOWAT = 0x40047303 + SIOCGPGRP = 0x40047309 + SIOCGPRIVATE_0 = 0xc0206950 + SIOCGPRIVATE_1 = 0xc0206951 + SIOCGTUNFIB = 0xc020695e + SIOCIFCREATE = 0xc020697a + SIOCIFCREATE2 = 0xc020697c + SIOCIFDESTROY = 0x80206979 + SIOCIFGCLONERS = 0xc0106978 + SIOCSDRVSPEC = 0x8028697b + SIOCSHIWAT = 0x80047300 + SIOCSIFADDR = 0x8020690c + SIOCSIFBRDADDR = 0x80206913 + SIOCSIFCAP = 0x8020691e + SIOCSIFDESCR = 0x80206929 + SIOCSIFDSTADDR = 0x8020690e + SIOCSIFFIB = 0x8020695d + SIOCSIFFLAGS = 0x80206910 + SIOCSIFGENERIC = 0x80206939 + SIOCSIFLLADDR = 0x8020693c + SIOCSIFMAC = 0x80206927 + SIOCSIFMEDIA = 0xc0206937 + SIOCSIFMETRIC = 0x80206918 + SIOCSIFMTU = 0x80206934 + SIOCSIFNAME = 0x80206928 + SIOCSIFNETMASK = 0x80206916 + SIOCSIFPHYADDR = 0x80406946 + SIOCSIFPHYS = 0x80206936 + SIOCSIFRVNET = 0xc020695b + SIOCSIFVNET = 0xc020695a + SIOCSLANPCP = 0x80206999 + SIOCSLOWAT = 0x80047302 + SIOCSPGRP = 0x80047308 + SIOCSTUNFIB = 0x8020695f + SOCK_CLOEXEC = 0x10000000 + SOCK_DGRAM = 0x2 + SOCK_MAXADDRLEN = 0xff + SOCK_NONBLOCK = 0x20000000 + SOCK_RAW = 0x3 + SOCK_RDM = 0x4 + SOCK_SEQPACKET = 0x5 + SOCK_STREAM = 0x1 + SOL_LOCAL = 0x0 + SOL_SOCKET = 0xffff + SOMAXCONN = 0x80 + SO_ACCEPTCONN = 0x2 + SO_ACCEPTFILTER = 0x1000 + SO_BINTIME = 0x2000 + SO_BROADCAST = 0x20 + SO_DEBUG = 0x1 + SO_DOMAIN = 0x1019 + SO_DONTROUTE = 0x10 + SO_ERROR = 0x1007 + SO_KEEPALIVE = 0x8 + SO_LABEL = 0x1009 + SO_LINGER = 0x80 + SO_LISTENINCQLEN = 0x1013 + SO_LISTENQLEN = 0x1012 + SO_LISTENQLIMIT = 0x1011 + SO_MAX_PACING_RATE = 0x1018 + SO_NOSIGPIPE = 0x800 + SO_NO_DDP = 0x8000 + SO_NO_OFFLOAD = 0x4000 + SO_OOBINLINE = 0x100 + SO_PEERLABEL = 0x1010 + SO_PROTOCOL = 0x1016 + SO_PROTOTYPE = 0x1016 + SO_RCVBUF = 0x1002 + SO_RCVLOWAT = 0x1004 + SO_RCVTIMEO = 0x1006 + SO_RERROR = 0x20000 + SO_REUSEADDR = 0x4 + SO_REUSEPORT = 0x200 + SO_REUSEPORT_LB = 0x10000 + SO_SETFIB = 0x1014 + SO_SNDBUF = 0x1001 + SO_SNDLOWAT = 0x1003 + SO_SNDTIMEO = 0x1005 + SO_TIMESTAMP = 0x400 + SO_TS_BINTIME = 0x1 + SO_TS_CLOCK = 0x1017 + SO_TS_CLOCK_MAX = 0x3 + SO_TS_DEFAULT = 0x0 + SO_TS_MONOTONIC = 0x3 + SO_TS_REALTIME = 0x2 + SO_TS_REALTIME_MICRO = 0x0 + SO_TYPE = 0x1008 + SO_USELOOPBACK = 0x40 + SO_USER_COOKIE = 0x1015 + SO_VENDOR = 0x80000000 + S_BLKSIZE = 0x200 + S_IEXEC = 0x40 + S_IFBLK = 0x6000 + S_IFCHR = 0x2000 + S_IFDIR = 0x4000 + S_IFIFO = 0x1000 + S_IFLNK = 0xa000 + S_IFMT = 0xf000 + S_IFREG = 0x8000 + S_IFSOCK = 0xc000 + S_IFWHT = 0xe000 + S_IREAD = 0x100 + S_IRGRP = 0x20 + S_IROTH = 0x4 + S_IRUSR = 0x100 + S_IRWXG = 0x38 + S_IRWXO = 0x7 + S_IRWXU = 0x1c0 + S_ISGID = 0x400 + S_ISTXT = 0x200 + S_ISUID = 0x800 + S_ISVTX = 0x200 + S_IWGRP = 0x10 + S_IWOTH = 0x2 + S_IWRITE = 0x80 + S_IWUSR = 0x80 + S_IXGRP = 0x8 + S_IXOTH = 0x1 + S_IXUSR = 0x40 + TAB0 = 0x0 + TAB3 = 0x4 + TABDLY = 0x4 + TCIFLUSH = 0x1 + TCIOFF = 0x3 + TCIOFLUSH = 0x3 + TCION = 0x4 + TCOFLUSH = 0x2 + TCOOFF = 0x1 + TCOON = 0x2 + TCPOPT_EOL = 0x0 + TCPOPT_FAST_OPEN = 0x22 + TCPOPT_MAXSEG = 0x2 + TCPOPT_NOP = 0x1 + TCPOPT_PAD = 0x0 + TCPOPT_SACK = 0x5 + TCPOPT_SACK_PERMITTED = 0x4 + TCPOPT_SIGNATURE = 0x13 + TCPOPT_TIMESTAMP = 0x8 + TCPOPT_WINDOW = 0x3 + TCP_BBR_ACK_COMP_ALG = 0x448 + TCP_BBR_ALGORITHM = 0x43b + TCP_BBR_DRAIN_INC_EXTRA = 0x43c + TCP_BBR_DRAIN_PG = 0x42e + TCP_BBR_EXTRA_GAIN = 0x449 + TCP_BBR_EXTRA_STATE = 0x453 + TCP_BBR_FLOOR_MIN_TSO = 0x454 + TCP_BBR_HDWR_PACE = 0x451 + TCP_BBR_HOLD_TARGET = 0x436 + TCP_BBR_IWINTSO = 0x42b + TCP_BBR_LOWGAIN_FD = 0x436 + TCP_BBR_LOWGAIN_HALF = 0x435 + TCP_BBR_LOWGAIN_THRESH = 0x434 + TCP_BBR_MAX_RTO = 0x439 + TCP_BBR_MIN_RTO = 0x438 + TCP_BBR_MIN_TOPACEOUT = 0x455 + TCP_BBR_ONE_RETRAN = 0x431 + TCP_BBR_PACE_CROSS = 0x442 + TCP_BBR_PACE_DEL_TAR = 0x43f + TCP_BBR_PACE_OH = 0x435 + TCP_BBR_PACE_PER_SEC = 0x43e + TCP_BBR_PACE_SEG_MAX = 0x440 + TCP_BBR_PACE_SEG_MIN = 0x441 + TCP_BBR_POLICER_DETECT = 0x457 + TCP_BBR_PROBE_RTT_GAIN = 0x44d + TCP_BBR_PROBE_RTT_INT = 0x430 + TCP_BBR_PROBE_RTT_LEN = 0x44e + TCP_BBR_RACK_INIT_RATE = 0x458 + TCP_BBR_RACK_RTT_USE = 0x44a + TCP_BBR_RECFORCE = 0x42c + TCP_BBR_REC_OVER_HPTS = 0x43a + TCP_BBR_RETRAN_WTSO = 0x44b + TCP_BBR_RWND_IS_APP = 0x42f + TCP_BBR_SEND_IWND_IN_TSO = 0x44f + TCP_BBR_STARTUP_EXIT_EPOCH = 0x43d + TCP_BBR_STARTUP_LOSS_EXIT = 0x432 + TCP_BBR_STARTUP_PG = 0x42d + TCP_BBR_TMR_PACE_OH = 0x448 + TCP_BBR_TSLIMITS = 0x434 + TCP_BBR_TSTMP_RAISES = 0x456 + TCP_BBR_UNLIMITED = 0x43b + TCP_BBR_USEDEL_RATE = 0x437 + TCP_BBR_USE_LOWGAIN = 0x433 + TCP_BBR_USE_RACK_CHEAT = 0x450 + TCP_BBR_USE_RACK_RR = 0x450 + TCP_BBR_UTTER_MAX_TSO = 0x452 + TCP_CA_NAME_MAX = 0x10 + TCP_CCALGOOPT = 0x41 + TCP_CONGESTION = 0x40 + TCP_DATA_AFTER_CLOSE = 0x44c + TCP_DEFER_OPTIONS = 0x470 + TCP_DELACK = 0x48 + TCP_FASTOPEN = 0x401 + TCP_FASTOPEN_MAX_COOKIE_LEN = 0x10 + TCP_FASTOPEN_MIN_COOKIE_LEN = 0x4 + TCP_FASTOPEN_PSK_LEN = 0x10 + TCP_FAST_RSM_HACK = 0x471 + TCP_FIN_IS_RST = 0x49 + TCP_FUNCTION_BLK = 0x2000 + TCP_FUNCTION_NAME_LEN_MAX = 0x20 + TCP_HDWR_RATE_CAP = 0x46a + TCP_HDWR_UP_ONLY = 0x46c + TCP_IDLE_REDUCE = 0x46 + TCP_INFO = 0x20 + TCP_IWND_NB = 0x2b + TCP_IWND_NSEG = 0x2c + TCP_KEEPCNT = 0x400 + TCP_KEEPIDLE = 0x100 + TCP_KEEPINIT = 0x80 + TCP_KEEPINTVL = 0x200 + TCP_LOG = 0x22 + TCP_LOGBUF = 0x23 + TCP_LOGDUMP = 0x25 + TCP_LOGDUMPID = 0x26 + TCP_LOGID = 0x24 + TCP_LOGID_CNT = 0x2e + TCP_LOG_ID_LEN = 0x40 + TCP_LOG_LIMIT = 0x4a + TCP_LOG_TAG = 0x2f + TCP_MAXBURST = 0x4 + TCP_MAXHLEN = 0x3c + TCP_MAXOLEN = 0x28 + TCP_MAXPEAKRATE = 0x45 + TCP_MAXSEG = 0x2 + TCP_MAXUNACKTIME = 0x44 + TCP_MAXWIN = 0xffff + TCP_MAX_SACK = 0x4 + TCP_MAX_WINSHIFT = 0xe + TCP_MD5SIG = 0x10 + TCP_MINMSS = 0xd8 + TCP_MSS = 0x218 + TCP_NODELAY = 0x1 + TCP_NOOPT = 0x8 + TCP_NOPUSH = 0x4 + TCP_NO_PRR = 0x462 + TCP_PACING_RATE_CAP = 0x46b + TCP_PCAP_IN = 0x1000 + TCP_PCAP_OUT = 0x800 + TCP_PERF_INFO = 0x4e + TCP_PROC_ACCOUNTING = 0x4c + TCP_RACK_ABC_VAL = 0x46d + TCP_RACK_CHEAT_NOT_CONF_RATE = 0x459 + TCP_RACK_DO_DETECTION = 0x449 + TCP_RACK_EARLY_RECOV = 0x423 + TCP_RACK_EARLY_SEG = 0x424 + TCP_RACK_FORCE_MSEG = 0x45d + TCP_RACK_GP_INCREASE = 0x446 + TCP_RACK_GP_INCREASE_CA = 0x45a + TCP_RACK_GP_INCREASE_REC = 0x45c + TCP_RACK_GP_INCREASE_SS = 0x45b + TCP_RACK_IDLE_REDUCE_HIGH = 0x444 + TCP_RACK_MBUF_QUEUE = 0x41a + TCP_RACK_MEASURE_CNT = 0x46f + TCP_RACK_MIN_PACE = 0x445 + TCP_RACK_MIN_PACE_SEG = 0x446 + TCP_RACK_MIN_TO = 0x422 + TCP_RACK_NONRXT_CFG_RATE = 0x463 + TCP_RACK_NO_PUSH_AT_MAX = 0x466 + TCP_RACK_PACE_ALWAYS = 0x41f + TCP_RACK_PACE_MAX_SEG = 0x41e + TCP_RACK_PACE_RATE_CA = 0x45e + TCP_RACK_PACE_RATE_REC = 0x460 + TCP_RACK_PACE_RATE_SS = 0x45f + TCP_RACK_PACE_REDUCE = 0x41d + TCP_RACK_PACE_TO_FILL = 0x467 + TCP_RACK_PACING_BETA = 0x472 + TCP_RACK_PACING_BETA_ECN = 0x473 + TCP_RACK_PKT_DELAY = 0x428 + TCP_RACK_PROFILE = 0x469 + TCP_RACK_PROP = 0x41b + TCP_RACK_PROP_RATE = 0x420 + TCP_RACK_PRR_SENDALOT = 0x421 + TCP_RACK_REORD_FADE = 0x426 + TCP_RACK_REORD_THRESH = 0x425 + TCP_RACK_RR_CONF = 0x459 + TCP_RACK_TIMER_SLOP = 0x474 + TCP_RACK_TLP_INC_VAR = 0x429 + TCP_RACK_TLP_REDUCE = 0x41c + TCP_RACK_TLP_THRESH = 0x427 + TCP_RACK_TLP_USE = 0x447 + TCP_REC_ABC_VAL = 0x46e + TCP_REMOTE_UDP_ENCAPS_PORT = 0x47 + TCP_REUSPORT_LB_NUMA = 0x402 + TCP_REUSPORT_LB_NUMA_CURDOM = -0x1 + TCP_REUSPORT_LB_NUMA_NODOM = -0x2 + TCP_RXTLS_ENABLE = 0x29 + TCP_RXTLS_MODE = 0x2a + TCP_SHARED_CWND_ALLOWED = 0x4b + TCP_SHARED_CWND_ENABLE = 0x464 + TCP_SHARED_CWND_TIME_LIMIT = 0x468 + TCP_STATS = 0x21 + TCP_TIMELY_DYN_ADJ = 0x465 + TCP_TLS_MODE_IFNET = 0x2 + TCP_TLS_MODE_NONE = 0x0 + TCP_TLS_MODE_SW = 0x1 + TCP_TLS_MODE_TOE = 0x3 + TCP_TXTLS_ENABLE = 0x27 + TCP_TXTLS_MODE = 0x28 + TCP_USER_LOG = 0x30 + TCP_USE_CMP_ACKS = 0x4d + TCP_VENDOR = 0x80000000 + TCSAFLUSH = 0x2 + TIMER_ABSTIME = 0x1 + TIMER_RELTIME = 0x0 + TIOCCBRK = 0x2000747a + TIOCCDTR = 0x20007478 + TIOCCONS = 0x80047462 + TIOCDRAIN = 0x2000745e + TIOCEXCL = 0x2000740d + TIOCEXT = 0x80047460 + TIOCFLUSH = 0x80047410 + TIOCGDRAINWAIT = 0x40047456 + TIOCGETA = 0x402c7413 + TIOCGETD = 0x4004741a + TIOCGPGRP = 0x40047477 + TIOCGPTN = 0x4004740f + TIOCGSID = 0x40047463 + TIOCGWINSZ = 0x40087468 + TIOCMBIC = 0x8004746b + TIOCMBIS = 0x8004746c + TIOCMGDTRWAIT = 0x4004745a + TIOCMGET = 0x4004746a + TIOCMSDTRWAIT = 0x8004745b + TIOCMSET = 0x8004746d + TIOCM_CAR = 0x40 + TIOCM_CD = 0x40 + TIOCM_CTS = 0x20 + TIOCM_DCD = 0x40 + TIOCM_DSR = 0x100 + TIOCM_DTR = 0x2 + TIOCM_LE = 0x1 + TIOCM_RI = 0x80 + TIOCM_RNG = 0x80 + TIOCM_RTS = 0x4 + TIOCM_SR = 0x10 + TIOCM_ST = 0x8 + TIOCNOTTY = 0x20007471 + TIOCNXCL = 0x2000740e + TIOCOUTQ = 0x40047473 + TIOCPKT = 0x80047470 + TIOCPKT_DATA = 0x0 + TIOCPKT_DOSTOP = 0x20 + TIOCPKT_FLUSHREAD = 0x1 + TIOCPKT_FLUSHWRITE = 0x2 + TIOCPKT_IOCTL = 0x40 + TIOCPKT_NOSTOP = 0x10 + TIOCPKT_START = 0x8 + TIOCPKT_STOP = 0x4 + TIOCPTMASTER = 0x2000741c + TIOCSBRK = 0x2000747b + TIOCSCTTY = 0x20007461 + TIOCSDRAINWAIT = 0x80047457 + TIOCSDTR = 0x20007479 + TIOCSETA = 0x802c7414 + TIOCSETAF = 0x802c7416 + TIOCSETAW = 0x802c7415 + TIOCSETD = 0x8004741b + TIOCSIG = 0x2004745f + TIOCSPGRP = 0x80047476 + TIOCSTART = 0x2000746e + TIOCSTAT = 0x20007465 + TIOCSTI = 0x80017472 + TIOCSTOP = 0x2000746f + TIOCSWINSZ = 0x80087467 + TIOCTIMESTAMP = 0x40107459 + TIOCUCNTL = 0x80047466 + TOSTOP = 0x400000 + UTIME_NOW = -0x1 + UTIME_OMIT = -0x2 + VDISCARD = 0xf + VDSUSP = 0xb + VEOF = 0x0 + VEOL = 0x1 + VEOL2 = 0x2 + VERASE = 0x3 + VERASE2 = 0x7 + VINTR = 0x8 + VKILL = 0x5 + VLNEXT = 0xe + VMIN = 0x10 + VQUIT = 0x9 + VREPRINT = 0x6 + VSTART = 0xc + VSTATUS = 0x12 + VSTOP = 0xd + VSUSP = 0xa + VTIME = 0x11 + VWERASE = 0x4 + WCONTINUED = 0x4 + WCOREFLAG = 0x80 + WEXITED = 0x10 + WLINUXCLONE = 0x80000000 + WNOHANG = 0x1 + WNOWAIT = 0x8 + WSTOPPED = 0x2 + WTRAPPED = 0x20 + WUNTRACED = 0x2 +) + +// Errors +const ( + E2BIG = syscall.Errno(0x7) + EACCES = syscall.Errno(0xd) + EADDRINUSE = syscall.Errno(0x30) + EADDRNOTAVAIL = syscall.Errno(0x31) + EAFNOSUPPORT = syscall.Errno(0x2f) + EAGAIN = syscall.Errno(0x23) + EALREADY = syscall.Errno(0x25) + EAUTH = syscall.Errno(0x50) + EBADF = syscall.Errno(0x9) + EBADMSG = syscall.Errno(0x59) + EBADRPC = syscall.Errno(0x48) + EBUSY = syscall.Errno(0x10) + ECANCELED = syscall.Errno(0x55) + ECAPMODE = syscall.Errno(0x5e) + ECHILD = syscall.Errno(0xa) + ECONNABORTED = syscall.Errno(0x35) + ECONNREFUSED = syscall.Errno(0x3d) + ECONNRESET = syscall.Errno(0x36) + EDEADLK = syscall.Errno(0xb) + EDESTADDRREQ = syscall.Errno(0x27) + EDOM = syscall.Errno(0x21) + EDOOFUS = syscall.Errno(0x58) + EDQUOT = syscall.Errno(0x45) + EEXIST = syscall.Errno(0x11) + EFAULT = syscall.Errno(0xe) + EFBIG = syscall.Errno(0x1b) + EFTYPE = syscall.Errno(0x4f) + EHOSTDOWN = syscall.Errno(0x40) + EHOSTUNREACH = syscall.Errno(0x41) + EIDRM = syscall.Errno(0x52) + EILSEQ = syscall.Errno(0x56) + EINPROGRESS = syscall.Errno(0x24) + EINTEGRITY = syscall.Errno(0x61) + EINTR = syscall.Errno(0x4) + EINVAL = syscall.Errno(0x16) + EIO = syscall.Errno(0x5) + EISCONN = syscall.Errno(0x38) + EISDIR = syscall.Errno(0x15) + ELAST = syscall.Errno(0x61) + ELOOP = syscall.Errno(0x3e) + EMFILE = syscall.Errno(0x18) + EMLINK = syscall.Errno(0x1f) + EMSGSIZE = syscall.Errno(0x28) + EMULTIHOP = syscall.Errno(0x5a) + ENAMETOOLONG = syscall.Errno(0x3f) + ENEEDAUTH = syscall.Errno(0x51) + ENETDOWN = syscall.Errno(0x32) + ENETRESET = syscall.Errno(0x34) + ENETUNREACH = syscall.Errno(0x33) + ENFILE = syscall.Errno(0x17) + ENOATTR = syscall.Errno(0x57) + ENOBUFS = syscall.Errno(0x37) + ENODEV = syscall.Errno(0x13) + ENOENT = syscall.Errno(0x2) + ENOEXEC = syscall.Errno(0x8) + ENOLCK = syscall.Errno(0x4d) + ENOLINK = syscall.Errno(0x5b) + ENOMEM = syscall.Errno(0xc) + ENOMSG = syscall.Errno(0x53) + ENOPROTOOPT = syscall.Errno(0x2a) + ENOSPC = syscall.Errno(0x1c) + ENOSYS = syscall.Errno(0x4e) + ENOTBLK = syscall.Errno(0xf) + ENOTCAPABLE = syscall.Errno(0x5d) + ENOTCONN = syscall.Errno(0x39) + ENOTDIR = syscall.Errno(0x14) + ENOTEMPTY = syscall.Errno(0x42) + ENOTRECOVERABLE = syscall.Errno(0x5f) + ENOTSOCK = syscall.Errno(0x26) + ENOTSUP = syscall.Errno(0x2d) + ENOTTY = syscall.Errno(0x19) + ENXIO = syscall.Errno(0x6) + EOPNOTSUPP = syscall.Errno(0x2d) + EOVERFLOW = syscall.Errno(0x54) + EOWNERDEAD = syscall.Errno(0x60) + EPERM = syscall.Errno(0x1) + EPFNOSUPPORT = syscall.Errno(0x2e) + EPIPE = syscall.Errno(0x20) + EPROCLIM = syscall.Errno(0x43) + EPROCUNAVAIL = syscall.Errno(0x4c) + EPROGMISMATCH = syscall.Errno(0x4b) + EPROGUNAVAIL = syscall.Errno(0x4a) + EPROTO = syscall.Errno(0x5c) + EPROTONOSUPPORT = syscall.Errno(0x2b) + EPROTOTYPE = syscall.Errno(0x29) + ERANGE = syscall.Errno(0x22) + EREMOTE = syscall.Errno(0x47) + EROFS = syscall.Errno(0x1e) + ERPCMISMATCH = syscall.Errno(0x49) + ESHUTDOWN = syscall.Errno(0x3a) + ESOCKTNOSUPPORT = syscall.Errno(0x2c) + ESPIPE = syscall.Errno(0x1d) + ESRCH = syscall.Errno(0x3) + ESTALE = syscall.Errno(0x46) + ETIMEDOUT = syscall.Errno(0x3c) + ETOOMANYREFS = syscall.Errno(0x3b) + ETXTBSY = syscall.Errno(0x1a) + EUSERS = syscall.Errno(0x44) + EWOULDBLOCK = syscall.Errno(0x23) + EXDEV = syscall.Errno(0x12) +) + +// Signals +const ( + SIGABRT = syscall.Signal(0x6) + SIGALRM = syscall.Signal(0xe) + SIGBUS = syscall.Signal(0xa) + SIGCHLD = syscall.Signal(0x14) + SIGCONT = syscall.Signal(0x13) + SIGEMT = syscall.Signal(0x7) + SIGFPE = syscall.Signal(0x8) + SIGHUP = syscall.Signal(0x1) + SIGILL = syscall.Signal(0x4) + SIGINFO = syscall.Signal(0x1d) + SIGINT = syscall.Signal(0x2) + SIGIO = syscall.Signal(0x17) + SIGIOT = syscall.Signal(0x6) + SIGKILL = syscall.Signal(0x9) + SIGLIBRT = syscall.Signal(0x21) + SIGLWP = syscall.Signal(0x20) + SIGPIPE = syscall.Signal(0xd) + SIGPROF = syscall.Signal(0x1b) + SIGQUIT = syscall.Signal(0x3) + SIGSEGV = syscall.Signal(0xb) + SIGSTOP = syscall.Signal(0x11) + SIGSYS = syscall.Signal(0xc) + SIGTERM = syscall.Signal(0xf) + SIGTHR = syscall.Signal(0x20) + SIGTRAP = syscall.Signal(0x5) + SIGTSTP = syscall.Signal(0x12) + SIGTTIN = syscall.Signal(0x15) + SIGTTOU = syscall.Signal(0x16) + SIGURG = syscall.Signal(0x10) + SIGUSR1 = syscall.Signal(0x1e) + SIGUSR2 = syscall.Signal(0x1f) + SIGVTALRM = syscall.Signal(0x1a) + SIGWINCH = syscall.Signal(0x1c) + SIGXCPU = syscall.Signal(0x18) + SIGXFSZ = syscall.Signal(0x19) +) + +// Error table +var errorList = [...]struct { + num syscall.Errno + name string + desc string +}{ + {1, "EPERM", "operation not permitted"}, + {2, "ENOENT", "no such file or directory"}, + {3, "ESRCH", "no such process"}, + {4, "EINTR", "interrupted system call"}, + {5, "EIO", "input/output error"}, + {6, "ENXIO", "device not configured"}, + {7, "E2BIG", "argument list too long"}, + {8, "ENOEXEC", "exec format error"}, + {9, "EBADF", "bad file descriptor"}, + {10, "ECHILD", "no child processes"}, + {11, "EDEADLK", "resource deadlock avoided"}, + {12, "ENOMEM", "cannot allocate memory"}, + {13, "EACCES", "permission denied"}, + {14, "EFAULT", "bad address"}, + {15, "ENOTBLK", "block device required"}, + {16, "EBUSY", "device busy"}, + {17, "EEXIST", "file exists"}, + {18, "EXDEV", "cross-device link"}, + {19, "ENODEV", "operation not supported by device"}, + {20, "ENOTDIR", "not a directory"}, + {21, "EISDIR", "is a directory"}, + {22, "EINVAL", "invalid argument"}, + {23, "ENFILE", "too many open files in system"}, + {24, "EMFILE", "too many open files"}, + {25, "ENOTTY", "inappropriate ioctl for device"}, + {26, "ETXTBSY", "text file busy"}, + {27, "EFBIG", "file too large"}, + {28, "ENOSPC", "no space left on device"}, + {29, "ESPIPE", "illegal seek"}, + {30, "EROFS", "read-only file system"}, + {31, "EMLINK", "too many links"}, + {32, "EPIPE", "broken pipe"}, + {33, "EDOM", "numerical argument out of domain"}, + {34, "ERANGE", "result too large"}, + {35, "EWOULDBLOCK", "resource temporarily unavailable"}, + {36, "EINPROGRESS", "operation now in progress"}, + {37, "EALREADY", "operation already in progress"}, + {38, "ENOTSOCK", "socket operation on non-socket"}, + {39, "EDESTADDRREQ", "destination address required"}, + {40, "EMSGSIZE", "message too long"}, + {41, "EPROTOTYPE", "protocol wrong type for socket"}, + {42, "ENOPROTOOPT", "protocol not available"}, + {43, "EPROTONOSUPPORT", "protocol not supported"}, + {44, "ESOCKTNOSUPPORT", "socket type not supported"}, + {45, "EOPNOTSUPP", "operation not supported"}, + {46, "EPFNOSUPPORT", "protocol family not supported"}, + {47, "EAFNOSUPPORT", "address family not supported by protocol family"}, + {48, "EADDRINUSE", "address already in use"}, + {49, "EADDRNOTAVAIL", "can't assign requested address"}, + {50, "ENETDOWN", "network is down"}, + {51, "ENETUNREACH", "network is unreachable"}, + {52, "ENETRESET", "network dropped connection on reset"}, + {53, "ECONNABORTED", "software caused connection abort"}, + {54, "ECONNRESET", "connection reset by peer"}, + {55, "ENOBUFS", "no buffer space available"}, + {56, "EISCONN", "socket is already connected"}, + {57, "ENOTCONN", "socket is not connected"}, + {58, "ESHUTDOWN", "can't send after socket shutdown"}, + {59, "ETOOMANYREFS", "too many references: can't splice"}, + {60, "ETIMEDOUT", "operation timed out"}, + {61, "ECONNREFUSED", "connection refused"}, + {62, "ELOOP", "too many levels of symbolic links"}, + {63, "ENAMETOOLONG", "file name too long"}, + {64, "EHOSTDOWN", "host is down"}, + {65, "EHOSTUNREACH", "no route to host"}, + {66, "ENOTEMPTY", "directory not empty"}, + {67, "EPROCLIM", "too many processes"}, + {68, "EUSERS", "too many users"}, + {69, "EDQUOT", "disc quota exceeded"}, + {70, "ESTALE", "stale NFS file handle"}, + {71, "EREMOTE", "too many levels of remote in path"}, + {72, "EBADRPC", "RPC struct is bad"}, + {73, "ERPCMISMATCH", "RPC version wrong"}, + {74, "EPROGUNAVAIL", "RPC prog. not avail"}, + {75, "EPROGMISMATCH", "program version wrong"}, + {76, "EPROCUNAVAIL", "bad procedure for program"}, + {77, "ENOLCK", "no locks available"}, + {78, "ENOSYS", "function not implemented"}, + {79, "EFTYPE", "inappropriate file type or format"}, + {80, "EAUTH", "authentication error"}, + {81, "ENEEDAUTH", "need authenticator"}, + {82, "EIDRM", "identifier removed"}, + {83, "ENOMSG", "no message of desired type"}, + {84, "EOVERFLOW", "value too large to be stored in data type"}, + {85, "ECANCELED", "operation canceled"}, + {86, "EILSEQ", "illegal byte sequence"}, + {87, "ENOATTR", "attribute not found"}, + {88, "EDOOFUS", "programming error"}, + {89, "EBADMSG", "bad message"}, + {90, "EMULTIHOP", "multihop attempted"}, + {91, "ENOLINK", "link has been severed"}, + {92, "EPROTO", "protocol error"}, + {93, "ENOTCAPABLE", "capabilities insufficient"}, + {94, "ECAPMODE", "not permitted in capability mode"}, + {95, "ENOTRECOVERABLE", "state not recoverable"}, + {96, "EOWNERDEAD", "previous owner died"}, + {97, "EINTEGRITY", "integrity check failed"}, +} + +// Signal table +var signalList = [...]struct { + num syscall.Signal + name string + desc string +}{ + {1, "SIGHUP", "hangup"}, + {2, "SIGINT", "interrupt"}, + {3, "SIGQUIT", "quit"}, + {4, "SIGILL", "illegal instruction"}, + {5, "SIGTRAP", "trace/BPT trap"}, + {6, "SIGIOT", "abort trap"}, + {7, "SIGEMT", "EMT trap"}, + {8, "SIGFPE", "floating point exception"}, + {9, "SIGKILL", "killed"}, + {10, "SIGBUS", "bus error"}, + {11, "SIGSEGV", "segmentation fault"}, + {12, "SIGSYS", "bad system call"}, + {13, "SIGPIPE", "broken pipe"}, + {14, "SIGALRM", "alarm clock"}, + {15, "SIGTERM", "terminated"}, + {16, "SIGURG", "urgent I/O condition"}, + {17, "SIGSTOP", "suspended (signal)"}, + {18, "SIGTSTP", "suspended"}, + {19, "SIGCONT", "continued"}, + {20, "SIGCHLD", "child exited"}, + {21, "SIGTTIN", "stopped (tty input)"}, + {22, "SIGTTOU", "stopped (tty output)"}, + {23, "SIGIO", "I/O possible"}, + {24, "SIGXCPU", "cputime limit exceeded"}, + {25, "SIGXFSZ", "filesize limit exceeded"}, + {26, "SIGVTALRM", "virtual timer expired"}, + {27, "SIGPROF", "profiling timer expired"}, + {28, "SIGWINCH", "window size changes"}, + {29, "SIGINFO", "information request"}, + {30, "SIGUSR1", "user defined signal 1"}, + {31, "SIGUSR2", "user defined signal 2"}, + {32, "SIGTHR", "unknown signal"}, + {33, "SIGLIBRT", "unknown signal"}, +} diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux.go b/vendor/golang.org/x/sys/unix/zerrors_linux.go index c0a43f8ba6f..b0d6c27386c 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux.go @@ -140,6 +140,306 @@ const ( ARPHRD_VOID = 0xffff ARPHRD_VSOCKMON = 0x33a ARPHRD_X25 = 0x10f + AUDIT_ADD = 0x3eb + AUDIT_ADD_RULE = 0x3f3 + AUDIT_ALWAYS = 0x2 + AUDIT_ANOM_ABEND = 0x6a5 + AUDIT_ANOM_CREAT = 0x6a7 + AUDIT_ANOM_LINK = 0x6a6 + AUDIT_ANOM_PROMISCUOUS = 0x6a4 + AUDIT_ARCH = 0xb + AUDIT_ARCH_AARCH64 = 0xc00000b7 + AUDIT_ARCH_ALPHA = 0xc0009026 + AUDIT_ARCH_ARCOMPACT = 0x4000005d + AUDIT_ARCH_ARCOMPACTBE = 0x5d + AUDIT_ARCH_ARCV2 = 0x400000c3 + AUDIT_ARCH_ARCV2BE = 0xc3 + AUDIT_ARCH_ARM = 0x40000028 + AUDIT_ARCH_ARMEB = 0x28 + AUDIT_ARCH_C6X = 0x4000008c + AUDIT_ARCH_C6XBE = 0x8c + AUDIT_ARCH_CRIS = 0x4000004c + AUDIT_ARCH_CSKY = 0x400000fc + AUDIT_ARCH_FRV = 0x5441 + AUDIT_ARCH_H8300 = 0x2e + AUDIT_ARCH_HEXAGON = 0xa4 + AUDIT_ARCH_I386 = 0x40000003 + AUDIT_ARCH_IA64 = 0xc0000032 + AUDIT_ARCH_LOONGARCH32 = 0x40000102 + AUDIT_ARCH_LOONGARCH64 = 0xc0000102 + AUDIT_ARCH_M32R = 0x58 + AUDIT_ARCH_M68K = 0x4 + AUDIT_ARCH_MICROBLAZE = 0xbd + AUDIT_ARCH_MIPS = 0x8 + AUDIT_ARCH_MIPS64 = 0x80000008 + AUDIT_ARCH_MIPS64N32 = 0xa0000008 + AUDIT_ARCH_MIPSEL = 0x40000008 + AUDIT_ARCH_MIPSEL64 = 0xc0000008 + AUDIT_ARCH_MIPSEL64N32 = 0xe0000008 + AUDIT_ARCH_NDS32 = 0x400000a7 + AUDIT_ARCH_NDS32BE = 0xa7 + AUDIT_ARCH_NIOS2 = 0x40000071 + AUDIT_ARCH_OPENRISC = 0x5c + AUDIT_ARCH_PARISC = 0xf + AUDIT_ARCH_PARISC64 = 0x8000000f + AUDIT_ARCH_PPC = 0x14 + AUDIT_ARCH_PPC64 = 0x80000015 + AUDIT_ARCH_PPC64LE = 0xc0000015 + AUDIT_ARCH_RISCV32 = 0x400000f3 + AUDIT_ARCH_RISCV64 = 0xc00000f3 + AUDIT_ARCH_S390 = 0x16 + AUDIT_ARCH_S390X = 0x80000016 + AUDIT_ARCH_SH = 0x2a + AUDIT_ARCH_SH64 = 0x8000002a + AUDIT_ARCH_SHEL = 0x4000002a + AUDIT_ARCH_SHEL64 = 0xc000002a + AUDIT_ARCH_SPARC = 0x2 + AUDIT_ARCH_SPARC64 = 0x8000002b + AUDIT_ARCH_TILEGX = 0xc00000bf + AUDIT_ARCH_TILEGX32 = 0x400000bf + AUDIT_ARCH_TILEPRO = 0x400000bc + AUDIT_ARCH_UNICORE = 0x4000006e + AUDIT_ARCH_X86_64 = 0xc000003e + AUDIT_ARCH_XTENSA = 0x5e + AUDIT_ARG0 = 0xc8 + AUDIT_ARG1 = 0xc9 + AUDIT_ARG2 = 0xca + AUDIT_ARG3 = 0xcb + AUDIT_AVC = 0x578 + AUDIT_AVC_PATH = 0x57a + AUDIT_BITMASK_SIZE = 0x40 + AUDIT_BIT_MASK = 0x8000000 + AUDIT_BIT_TEST = 0x48000000 + AUDIT_BPF = 0x536 + AUDIT_BPRM_FCAPS = 0x529 + AUDIT_CAPSET = 0x52a + AUDIT_CLASS_CHATTR = 0x2 + AUDIT_CLASS_CHATTR_32 = 0x3 + AUDIT_CLASS_DIR_WRITE = 0x0 + AUDIT_CLASS_DIR_WRITE_32 = 0x1 + AUDIT_CLASS_READ = 0x4 + AUDIT_CLASS_READ_32 = 0x5 + AUDIT_CLASS_SIGNAL = 0x8 + AUDIT_CLASS_SIGNAL_32 = 0x9 + AUDIT_CLASS_WRITE = 0x6 + AUDIT_CLASS_WRITE_32 = 0x7 + AUDIT_COMPARE_AUID_TO_EUID = 0x10 + AUDIT_COMPARE_AUID_TO_FSUID = 0xe + AUDIT_COMPARE_AUID_TO_OBJ_UID = 0x5 + AUDIT_COMPARE_AUID_TO_SUID = 0xf + AUDIT_COMPARE_EGID_TO_FSGID = 0x17 + AUDIT_COMPARE_EGID_TO_OBJ_GID = 0x4 + AUDIT_COMPARE_EGID_TO_SGID = 0x18 + AUDIT_COMPARE_EUID_TO_FSUID = 0x12 + AUDIT_COMPARE_EUID_TO_OBJ_UID = 0x3 + AUDIT_COMPARE_EUID_TO_SUID = 0x11 + AUDIT_COMPARE_FSGID_TO_OBJ_GID = 0x9 + AUDIT_COMPARE_FSUID_TO_OBJ_UID = 0x8 + AUDIT_COMPARE_GID_TO_EGID = 0x14 + AUDIT_COMPARE_GID_TO_FSGID = 0x15 + AUDIT_COMPARE_GID_TO_OBJ_GID = 0x2 + AUDIT_COMPARE_GID_TO_SGID = 0x16 + AUDIT_COMPARE_SGID_TO_FSGID = 0x19 + AUDIT_COMPARE_SGID_TO_OBJ_GID = 0x7 + AUDIT_COMPARE_SUID_TO_FSUID = 0x13 + AUDIT_COMPARE_SUID_TO_OBJ_UID = 0x6 + AUDIT_COMPARE_UID_TO_AUID = 0xa + AUDIT_COMPARE_UID_TO_EUID = 0xb + AUDIT_COMPARE_UID_TO_FSUID = 0xc + AUDIT_COMPARE_UID_TO_OBJ_UID = 0x1 + AUDIT_COMPARE_UID_TO_SUID = 0xd + AUDIT_CONFIG_CHANGE = 0x519 + AUDIT_CWD = 0x51b + AUDIT_DAEMON_ABORT = 0x4b2 + AUDIT_DAEMON_CONFIG = 0x4b3 + AUDIT_DAEMON_END = 0x4b1 + AUDIT_DAEMON_START = 0x4b0 + AUDIT_DEL = 0x3ec + AUDIT_DEL_RULE = 0x3f4 + AUDIT_DEVMAJOR = 0x64 + AUDIT_DEVMINOR = 0x65 + AUDIT_DIR = 0x6b + AUDIT_DM_CTRL = 0x53a + AUDIT_DM_EVENT = 0x53b + AUDIT_EGID = 0x6 + AUDIT_EOE = 0x528 + AUDIT_EQUAL = 0x40000000 + AUDIT_EUID = 0x2 + AUDIT_EVENT_LISTENER = 0x537 + AUDIT_EXE = 0x70 + AUDIT_EXECVE = 0x51d + AUDIT_EXIT = 0x67 + AUDIT_FAIL_PANIC = 0x2 + AUDIT_FAIL_PRINTK = 0x1 + AUDIT_FAIL_SILENT = 0x0 + AUDIT_FANOTIFY = 0x533 + AUDIT_FD_PAIR = 0x525 + AUDIT_FEATURE_BITMAP_ALL = 0x7f + AUDIT_FEATURE_BITMAP_BACKLOG_LIMIT = 0x1 + AUDIT_FEATURE_BITMAP_BACKLOG_WAIT_TIME = 0x2 + AUDIT_FEATURE_BITMAP_EXCLUDE_EXTEND = 0x8 + AUDIT_FEATURE_BITMAP_EXECUTABLE_PATH = 0x4 + AUDIT_FEATURE_BITMAP_FILTER_FS = 0x40 + AUDIT_FEATURE_BITMAP_LOST_RESET = 0x20 + AUDIT_FEATURE_BITMAP_SESSIONID_FILTER = 0x10 + AUDIT_FEATURE_CHANGE = 0x530 + AUDIT_FEATURE_LOGINUID_IMMUTABLE = 0x1 + AUDIT_FEATURE_ONLY_UNSET_LOGINUID = 0x0 + AUDIT_FEATURE_VERSION = 0x1 + AUDIT_FIELD_COMPARE = 0x6f + AUDIT_FILETYPE = 0x6c + AUDIT_FILTERKEY = 0xd2 + AUDIT_FILTER_ENTRY = 0x2 + AUDIT_FILTER_EXCLUDE = 0x5 + AUDIT_FILTER_EXIT = 0x4 + AUDIT_FILTER_FS = 0x6 + AUDIT_FILTER_PREPEND = 0x10 + AUDIT_FILTER_TASK = 0x1 + AUDIT_FILTER_TYPE = 0x5 + AUDIT_FILTER_URING_EXIT = 0x7 + AUDIT_FILTER_USER = 0x0 + AUDIT_FILTER_WATCH = 0x3 + AUDIT_FIRST_KERN_ANOM_MSG = 0x6a4 + AUDIT_FIRST_USER_MSG = 0x44c + AUDIT_FIRST_USER_MSG2 = 0x834 + AUDIT_FSGID = 0x8 + AUDIT_FSTYPE = 0x1a + AUDIT_FSUID = 0x4 + AUDIT_GET = 0x3e8 + AUDIT_GET_FEATURE = 0x3fb + AUDIT_GID = 0x5 + AUDIT_GREATER_THAN = 0x20000000 + AUDIT_GREATER_THAN_OR_EQUAL = 0x60000000 + AUDIT_INODE = 0x66 + AUDIT_INTEGRITY_DATA = 0x708 + AUDIT_INTEGRITY_EVM_XATTR = 0x70e + AUDIT_INTEGRITY_HASH = 0x70b + AUDIT_INTEGRITY_METADATA = 0x709 + AUDIT_INTEGRITY_PCR = 0x70c + AUDIT_INTEGRITY_POLICY_RULE = 0x70f + AUDIT_INTEGRITY_RULE = 0x70d + AUDIT_INTEGRITY_STATUS = 0x70a + AUDIT_IPC = 0x517 + AUDIT_IPC_SET_PERM = 0x51f + AUDIT_KERNEL = 0x7d0 + AUDIT_KERNEL_OTHER = 0x524 + AUDIT_KERN_MODULE = 0x532 + AUDIT_LAST_FEATURE = 0x1 + AUDIT_LAST_KERN_ANOM_MSG = 0x707 + AUDIT_LAST_USER_MSG = 0x4af + AUDIT_LAST_USER_MSG2 = 0xbb7 + AUDIT_LESS_THAN = 0x10000000 + AUDIT_LESS_THAN_OR_EQUAL = 0x50000000 + AUDIT_LIST = 0x3ea + AUDIT_LIST_RULES = 0x3f5 + AUDIT_LOGIN = 0x3ee + AUDIT_LOGINUID = 0x9 + AUDIT_LOGINUID_SET = 0x18 + AUDIT_MAC_CALIPSO_ADD = 0x58a + AUDIT_MAC_CALIPSO_DEL = 0x58b + AUDIT_MAC_CIPSOV4_ADD = 0x57f + AUDIT_MAC_CIPSOV4_DEL = 0x580 + AUDIT_MAC_CONFIG_CHANGE = 0x57d + AUDIT_MAC_IPSEC_ADDSA = 0x583 + AUDIT_MAC_IPSEC_ADDSPD = 0x585 + AUDIT_MAC_IPSEC_DELSA = 0x584 + AUDIT_MAC_IPSEC_DELSPD = 0x586 + AUDIT_MAC_IPSEC_EVENT = 0x587 + AUDIT_MAC_MAP_ADD = 0x581 + AUDIT_MAC_MAP_DEL = 0x582 + AUDIT_MAC_POLICY_LOAD = 0x57b + AUDIT_MAC_STATUS = 0x57c + AUDIT_MAC_UNLBL_ALLOW = 0x57e + AUDIT_MAC_UNLBL_STCADD = 0x588 + AUDIT_MAC_UNLBL_STCDEL = 0x589 + AUDIT_MAKE_EQUIV = 0x3f7 + AUDIT_MAX_FIELDS = 0x40 + AUDIT_MAX_FIELD_COMPARE = 0x19 + AUDIT_MAX_KEY_LEN = 0x100 + AUDIT_MESSAGE_TEXT_MAX = 0x2170 + AUDIT_MMAP = 0x52b + AUDIT_MQ_GETSETATTR = 0x523 + AUDIT_MQ_NOTIFY = 0x522 + AUDIT_MQ_OPEN = 0x520 + AUDIT_MQ_SENDRECV = 0x521 + AUDIT_MSGTYPE = 0xc + AUDIT_NEGATE = 0x80000000 + AUDIT_NETFILTER_CFG = 0x52d + AUDIT_NETFILTER_PKT = 0x52c + AUDIT_NEVER = 0x0 + AUDIT_NLGRP_MAX = 0x1 + AUDIT_NOT_EQUAL = 0x30000000 + AUDIT_NR_FILTERS = 0x8 + AUDIT_OBJ_GID = 0x6e + AUDIT_OBJ_LEV_HIGH = 0x17 + AUDIT_OBJ_LEV_LOW = 0x16 + AUDIT_OBJ_PID = 0x526 + AUDIT_OBJ_ROLE = 0x14 + AUDIT_OBJ_TYPE = 0x15 + AUDIT_OBJ_UID = 0x6d + AUDIT_OBJ_USER = 0x13 + AUDIT_OPENAT2 = 0x539 + AUDIT_OPERATORS = 0x78000000 + AUDIT_PATH = 0x516 + AUDIT_PERM = 0x6a + AUDIT_PERM_ATTR = 0x8 + AUDIT_PERM_EXEC = 0x1 + AUDIT_PERM_READ = 0x4 + AUDIT_PERM_WRITE = 0x2 + AUDIT_PERS = 0xa + AUDIT_PID = 0x0 + AUDIT_POSSIBLE = 0x1 + AUDIT_PPID = 0x12 + AUDIT_PROCTITLE = 0x52f + AUDIT_REPLACE = 0x531 + AUDIT_SADDR_FAM = 0x71 + AUDIT_SECCOMP = 0x52e + AUDIT_SELINUX_ERR = 0x579 + AUDIT_SESSIONID = 0x19 + AUDIT_SET = 0x3e9 + AUDIT_SET_FEATURE = 0x3fa + AUDIT_SGID = 0x7 + AUDIT_SID_UNSET = 0xffffffff + AUDIT_SIGNAL_INFO = 0x3f2 + AUDIT_SOCKADDR = 0x51a + AUDIT_SOCKETCALL = 0x518 + AUDIT_STATUS_BACKLOG_LIMIT = 0x10 + AUDIT_STATUS_BACKLOG_WAIT_TIME = 0x20 + AUDIT_STATUS_BACKLOG_WAIT_TIME_ACTUAL = 0x80 + AUDIT_STATUS_ENABLED = 0x1 + AUDIT_STATUS_FAILURE = 0x2 + AUDIT_STATUS_LOST = 0x40 + AUDIT_STATUS_PID = 0x4 + AUDIT_STATUS_RATE_LIMIT = 0x8 + AUDIT_SUBJ_CLR = 0x11 + AUDIT_SUBJ_ROLE = 0xe + AUDIT_SUBJ_SEN = 0x10 + AUDIT_SUBJ_TYPE = 0xf + AUDIT_SUBJ_USER = 0xd + AUDIT_SUCCESS = 0x68 + AUDIT_SUID = 0x3 + AUDIT_SYSCALL = 0x514 + AUDIT_SYSCALL_CLASSES = 0x10 + AUDIT_TIME_ADJNTPVAL = 0x535 + AUDIT_TIME_INJOFFSET = 0x534 + AUDIT_TRIM = 0x3f6 + AUDIT_TTY = 0x527 + AUDIT_TTY_GET = 0x3f8 + AUDIT_TTY_SET = 0x3f9 + AUDIT_UID = 0x1 + AUDIT_UID_UNSET = 0xffffffff + AUDIT_UNUSED_BITS = 0x7fffc00 + AUDIT_URINGOP = 0x538 + AUDIT_USER = 0x3ed + AUDIT_USER_AVC = 0x453 + AUDIT_USER_TTY = 0x464 + AUDIT_VERSION_BACKLOG_LIMIT = 0x1 + AUDIT_VERSION_BACKLOG_WAIT_TIME = 0x2 + AUDIT_VERSION_LATEST = 0x7f + AUDIT_WATCH = 0x69 + AUDIT_WATCH_INS = 0x3ef + AUDIT_WATCH_LIST = 0x3f1 + AUDIT_WATCH_REM = 0x3f0 AUTOFS_SUPER_MAGIC = 0x187 B0 = 0x0 B110 = 0x3 @@ -184,6 +484,7 @@ const ( BPF_F_ALLOW_MULTI = 0x2 BPF_F_ALLOW_OVERRIDE = 0x1 BPF_F_ANY_ALIGNMENT = 0x2 + BPF_F_KPROBE_MULTI_RETURN = 0x1 BPF_F_QUERY_EFFECTIVE = 0x1 BPF_F_REPLACE = 0x4 BPF_F_SLEEPABLE = 0x10 @@ -191,6 +492,8 @@ const ( BPF_F_TEST_RND_HI32 = 0x4 BPF_F_TEST_RUN_ON_CPU = 0x1 BPF_F_TEST_STATE_FREQ = 0x8 + BPF_F_TEST_XDP_LIVE_FRAMES = 0x2 + BPF_F_XDP_HAS_FRAGS = 0x20 BPF_H = 0x8 BPF_IMM = 0x0 BPF_IND = 0x40 @@ -517,9 +820,9 @@ const ( DM_UUID_FLAG = 0x4000 DM_UUID_LEN = 0x81 DM_VERSION = 0xc138fd00 - DM_VERSION_EXTRA = "-ioctl (2021-03-22)" + DM_VERSION_EXTRA = "-ioctl (2022-02-22)" DM_VERSION_MAJOR = 0x4 - DM_VERSION_MINOR = 0x2d + DM_VERSION_MINOR = 0x2e DM_VERSION_PATCHLEVEL = 0x0 DT_BLK = 0x6 DT_CHR = 0x2 @@ -535,6 +838,55 @@ const ( EFD_SEMAPHORE = 0x1 EFIVARFS_MAGIC = 0xde5e81e4 EFS_SUPER_MAGIC = 0x414a53 + EM_386 = 0x3 + EM_486 = 0x6 + EM_68K = 0x4 + EM_860 = 0x7 + EM_88K = 0x5 + EM_AARCH64 = 0xb7 + EM_ALPHA = 0x9026 + EM_ALTERA_NIOS2 = 0x71 + EM_ARCOMPACT = 0x5d + EM_ARCV2 = 0xc3 + EM_ARM = 0x28 + EM_BLACKFIN = 0x6a + EM_BPF = 0xf7 + EM_CRIS = 0x4c + EM_CSKY = 0xfc + EM_CYGNUS_M32R = 0x9041 + EM_CYGNUS_MN10300 = 0xbeef + EM_FRV = 0x5441 + EM_H8_300 = 0x2e + EM_HEXAGON = 0xa4 + EM_IA_64 = 0x32 + EM_LOONGARCH = 0x102 + EM_M32 = 0x1 + EM_M32R = 0x58 + EM_MICROBLAZE = 0xbd + EM_MIPS = 0x8 + EM_MIPS_RS3_LE = 0xa + EM_MIPS_RS4_BE = 0xa + EM_MN10300 = 0x59 + EM_NDS32 = 0xa7 + EM_NONE = 0x0 + EM_OPENRISC = 0x5c + EM_PARISC = 0xf + EM_PPC = 0x14 + EM_PPC64 = 0x15 + EM_RISCV = 0xf3 + EM_S390 = 0x16 + EM_S390_OLD = 0xa390 + EM_SH = 0x2a + EM_SPARC = 0x2 + EM_SPARC32PLUS = 0x12 + EM_SPARCV9 = 0x2b + EM_SPU = 0x17 + EM_TILEGX = 0xbf + EM_TILEPRO = 0xbc + EM_TI_C6000 = 0x8c + EM_UNICORE = 0x6e + EM_X86_64 = 0x3e + EM_XTENSA = 0x5e ENCODING_DEFAULT = 0x0 ENCODING_FM_MARK = 0x3 ENCODING_FM_SPACE = 0x4 @@ -712,6 +1064,7 @@ const ( ETH_P_EDSA = 0xdada ETH_P_ERSPAN = 0x88be ETH_P_ERSPAN2 = 0x22eb + ETH_P_ETHERCAT = 0x88a4 ETH_P_FCOE = 0x8906 ETH_P_FIP = 0x8914 ETH_P_HDLC = 0x19 @@ -749,6 +1102,7 @@ const ( ETH_P_PPP_MP = 0x8 ETH_P_PPP_SES = 0x8864 ETH_P_PREAUTH = 0x88c7 + ETH_P_PROFINET = 0x8892 ETH_P_PRP = 0x88fb ETH_P_PUP = 0x200 ETH_P_PUPAT = 0x201 @@ -837,6 +1191,7 @@ const ( FAN_FS_ERROR = 0x8000 FAN_MARK_ADD = 0x1 FAN_MARK_DONT_FOLLOW = 0x4 + FAN_MARK_EVICTABLE = 0x200 FAN_MARK_FILESYSTEM = 0x100 FAN_MARK_FLUSH = 0x80 FAN_MARK_IGNORED_MASK = 0x20 @@ -1055,7 +1410,7 @@ const ( IFA_F_STABLE_PRIVACY = 0x800 IFA_F_TEMPORARY = 0x1 IFA_F_TENTATIVE = 0x40 - IFA_MAX = 0xa + IFA_MAX = 0xb IFF_ALLMULTI = 0x200 IFF_ATTACH_QUEUE = 0x200 IFF_AUTOMEDIA = 0x4000 @@ -1403,6 +1758,7 @@ const ( LANDLOCK_ACCESS_FS_MAKE_SYM = 0x1000 LANDLOCK_ACCESS_FS_READ_DIR = 0x8 LANDLOCK_ACCESS_FS_READ_FILE = 0x4 + LANDLOCK_ACCESS_FS_REFER = 0x2000 LANDLOCK_ACCESS_FS_REMOVE_DIR = 0x10 LANDLOCK_ACCESS_FS_REMOVE_FILE = 0x20 LANDLOCK_ACCESS_FS_WRITE_FILE = 0x2 @@ -1758,6 +2114,7 @@ const ( NLM_F_ACK_TLVS = 0x200 NLM_F_APPEND = 0x800 NLM_F_ATOMIC = 0x400 + NLM_F_BULK = 0x200 NLM_F_CAPPED = 0x100 NLM_F_CREATE = 0x400 NLM_F_DUMP = 0x300 @@ -2075,6 +2432,11 @@ const ( PR_SET_UNALIGN = 0x6 PR_SET_VMA = 0x53564d41 PR_SET_VMA_ANON_NAME = 0x0 + PR_SME_GET_VL = 0x40 + PR_SME_SET_VL = 0x3f + PR_SME_SET_VL_ONEXEC = 0x40000 + PR_SME_VL_INHERIT = 0x20000 + PR_SME_VL_LEN_MASK = 0xffff PR_SPEC_DISABLE = 0x4 PR_SPEC_DISABLE_NOEXEC = 0x10 PR_SPEC_ENABLE = 0x2 @@ -2227,8 +2589,9 @@ const ( RTC_FEATURE_ALARM = 0x0 RTC_FEATURE_ALARM_RES_2S = 0x3 RTC_FEATURE_ALARM_RES_MINUTE = 0x1 + RTC_FEATURE_ALARM_WAKEUP_ONLY = 0x7 RTC_FEATURE_BACKUP_SWITCH_MODE = 0x6 - RTC_FEATURE_CNT = 0x7 + RTC_FEATURE_CNT = 0x8 RTC_FEATURE_CORRECTION = 0x5 RTC_FEATURE_NEED_WEEK_DAY = 0x2 RTC_FEATURE_UPDATE_INTERRUPT = 0x4 @@ -2302,6 +2665,7 @@ const ( RTM_DELRULE = 0x21 RTM_DELTCLASS = 0x29 RTM_DELTFILTER = 0x2d + RTM_DELTUNNEL = 0x79 RTM_DELVLAN = 0x71 RTM_F_CLONED = 0x200 RTM_F_EQUALIZE = 0x400 @@ -2334,8 +2698,9 @@ const ( RTM_GETSTATS = 0x5e RTM_GETTCLASS = 0x2a RTM_GETTFILTER = 0x2e + RTM_GETTUNNEL = 0x7a RTM_GETVLAN = 0x72 - RTM_MAX = 0x77 + RTM_MAX = 0x7b RTM_NEWACTION = 0x30 RTM_NEWADDR = 0x14 RTM_NEWADDRLABEL = 0x48 @@ -2359,11 +2724,13 @@ const ( RTM_NEWSTATS = 0x5c RTM_NEWTCLASS = 0x28 RTM_NEWTFILTER = 0x2c - RTM_NR_FAMILIES = 0x1a - RTM_NR_MSGTYPES = 0x68 + RTM_NEWTUNNEL = 0x78 + RTM_NR_FAMILIES = 0x1b + RTM_NR_MSGTYPES = 0x6c RTM_SETDCB = 0x4f RTM_SETLINK = 0x13 RTM_SETNEIGHTBL = 0x43 + RTM_SETSTATS = 0x5f RTNH_ALIGNTO = 0x4 RTNH_COMPARE_MASK = 0x59 RTNH_F_DEAD = 0x1 @@ -2544,6 +2911,9 @@ const ( SOCK_RDM = 0x4 SOCK_SEQPACKET = 0x5 SOCK_SNDBUF_LOCK = 0x1 + SOCK_TXREHASH_DEFAULT = 0xff + SOCK_TXREHASH_DISABLED = 0x0 + SOCK_TXREHASH_ENABLED = 0x1 SOL_AAL = 0x109 SOL_ALG = 0x117 SOL_ATM = 0x108 @@ -2559,6 +2929,8 @@ const ( SOL_IUCV = 0x115 SOL_KCM = 0x119 SOL_LLC = 0x10c + SOL_MCTP = 0x11d + SOL_MPTCP = 0x11c SOL_NETBEUI = 0x10b SOL_NETLINK = 0x10e SOL_NFC = 0x118 @@ -2674,7 +3046,7 @@ const ( TASKSTATS_GENL_NAME = "TASKSTATS" TASKSTATS_GENL_VERSION = 0x1 TASKSTATS_TYPE_MAX = 0x6 - TASKSTATS_VERSION = 0xb + TASKSTATS_VERSION = 0xd TCIFLUSH = 0x0 TCIOFF = 0x2 TCIOFLUSH = 0x2 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go index 1b305fab1b8..274e2dabdfe 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go @@ -326,6 +326,7 @@ const ( SO_RCVBUF = 0x8 SO_RCVBUFFORCE = 0x21 SO_RCVLOWAT = 0x12 + SO_RCVMARK = 0x4b SO_RCVTIMEO = 0x14 SO_RCVTIMEO_NEW = 0x42 SO_RCVTIMEO_OLD = 0x14 @@ -350,6 +351,7 @@ const ( SO_TIMESTAMPNS_NEW = 0x40 SO_TIMESTAMPNS_OLD = 0x23 SO_TIMESTAMP_NEW = 0x3f + SO_TXREHASH = 0x4a SO_TXTIME = 0x3d SO_TYPE = 0x3 SO_WIFI_STATUS = 0x29 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go index 6bcdef5dd6b..95b6eeedfec 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go @@ -327,6 +327,7 @@ const ( SO_RCVBUF = 0x8 SO_RCVBUFFORCE = 0x21 SO_RCVLOWAT = 0x12 + SO_RCVMARK = 0x4b SO_RCVTIMEO = 0x14 SO_RCVTIMEO_NEW = 0x42 SO_RCVTIMEO_OLD = 0x14 @@ -351,6 +352,7 @@ const ( SO_TIMESTAMPNS_NEW = 0x40 SO_TIMESTAMPNS_OLD = 0x23 SO_TIMESTAMP_NEW = 0x3f + SO_TXREHASH = 0x4a SO_TXTIME = 0x3d SO_TYPE = 0x3 SO_WIFI_STATUS = 0x29 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go index e65df0f8d19..918cd130ec8 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go @@ -333,6 +333,7 @@ const ( SO_RCVBUF = 0x8 SO_RCVBUFFORCE = 0x21 SO_RCVLOWAT = 0x12 + SO_RCVMARK = 0x4b SO_RCVTIMEO = 0x14 SO_RCVTIMEO_NEW = 0x42 SO_RCVTIMEO_OLD = 0x14 @@ -357,6 +358,7 @@ const ( SO_TIMESTAMPNS_NEW = 0x40 SO_TIMESTAMPNS_OLD = 0x23 SO_TIMESTAMP_NEW = 0x3f + SO_TXREHASH = 0x4a SO_TXTIME = 0x3d SO_TYPE = 0x3 SO_WIFI_STATUS = 0x29 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go index c7021115aa9..3907dc5a90e 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go @@ -323,6 +323,7 @@ const ( SO_RCVBUF = 0x8 SO_RCVBUFFORCE = 0x21 SO_RCVLOWAT = 0x12 + SO_RCVMARK = 0x4b SO_RCVTIMEO = 0x14 SO_RCVTIMEO_NEW = 0x42 SO_RCVTIMEO_OLD = 0x14 @@ -347,6 +348,7 @@ const ( SO_TIMESTAMPNS_NEW = 0x40 SO_TIMESTAMPNS_OLD = 0x23 SO_TIMESTAMP_NEW = 0x3f + SO_TXREHASH = 0x4a SO_TXTIME = 0x3d SO_TYPE = 0x3 SO_WIFI_STATUS = 0x29 @@ -511,6 +513,7 @@ const ( WORDSIZE = 0x40 XCASE = 0x4 XTABS = 0x1800 + ZA_MAGIC = 0x54366345 _HIDIOCGRAWNAME = 0x80804804 _HIDIOCGRAWPHYS = 0x80404805 _HIDIOCGRAWUNIQ = 0x80404808 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go index 0d83a1cd45d..03d5c105a38 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go @@ -109,8 +109,6 @@ const ( IUCLC = 0x200 IXOFF = 0x1000 IXON = 0x400 - LASX_CTX_MAGIC = 0x41535801 - LSX_CTX_MAGIC = 0x53580001 MAP_ANON = 0x20 MAP_ANONYMOUS = 0x20 MAP_DENYWRITE = 0x800 @@ -319,6 +317,7 @@ const ( SO_RCVBUF = 0x8 SO_RCVBUFFORCE = 0x21 SO_RCVLOWAT = 0x12 + SO_RCVMARK = 0x4b SO_RCVTIMEO = 0x14 SO_RCVTIMEO_NEW = 0x42 SO_RCVTIMEO_OLD = 0x14 @@ -343,6 +342,7 @@ const ( SO_TIMESTAMPNS_NEW = 0x40 SO_TIMESTAMPNS_OLD = 0x23 SO_TIMESTAMP_NEW = 0x3f + SO_TXREHASH = 0x4a SO_TXTIME = 0x3d SO_TYPE = 0x3 SO_WIFI_STATUS = 0x29 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go index 7f44a495b7e..bd794e0108e 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go @@ -326,6 +326,7 @@ const ( SO_RCVBUF = 0x1002 SO_RCVBUFFORCE = 0x21 SO_RCVLOWAT = 0x1004 + SO_RCVMARK = 0x4b SO_RCVTIMEO = 0x1006 SO_RCVTIMEO_NEW = 0x42 SO_RCVTIMEO_OLD = 0x1006 @@ -351,6 +352,7 @@ const ( SO_TIMESTAMPNS_NEW = 0x40 SO_TIMESTAMPNS_OLD = 0x23 SO_TIMESTAMP_NEW = 0x3f + SO_TXREHASH = 0x4a SO_TXTIME = 0x3d SO_TYPE = 0x1008 SO_WIFI_STATUS = 0x29 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go index 2f92b4e48ed..6c741b05476 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go @@ -326,6 +326,7 @@ const ( SO_RCVBUF = 0x1002 SO_RCVBUFFORCE = 0x21 SO_RCVLOWAT = 0x1004 + SO_RCVMARK = 0x4b SO_RCVTIMEO = 0x1006 SO_RCVTIMEO_NEW = 0x42 SO_RCVTIMEO_OLD = 0x1006 @@ -351,6 +352,7 @@ const ( SO_TIMESTAMPNS_NEW = 0x40 SO_TIMESTAMPNS_OLD = 0x23 SO_TIMESTAMP_NEW = 0x3f + SO_TXREHASH = 0x4a SO_TXTIME = 0x3d SO_TYPE = 0x1008 SO_WIFI_STATUS = 0x29 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go index f5367a966b3..807b8cd2a8d 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go @@ -326,6 +326,7 @@ const ( SO_RCVBUF = 0x1002 SO_RCVBUFFORCE = 0x21 SO_RCVLOWAT = 0x1004 + SO_RCVMARK = 0x4b SO_RCVTIMEO = 0x1006 SO_RCVTIMEO_NEW = 0x42 SO_RCVTIMEO_OLD = 0x1006 @@ -351,6 +352,7 @@ const ( SO_TIMESTAMPNS_NEW = 0x40 SO_TIMESTAMPNS_OLD = 0x23 SO_TIMESTAMP_NEW = 0x3f + SO_TXREHASH = 0x4a SO_TXTIME = 0x3d SO_TYPE = 0x1008 SO_WIFI_STATUS = 0x29 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go index 2e22337d7cf..a39e4f5c206 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go @@ -326,6 +326,7 @@ const ( SO_RCVBUF = 0x1002 SO_RCVBUFFORCE = 0x21 SO_RCVLOWAT = 0x1004 + SO_RCVMARK = 0x4b SO_RCVTIMEO = 0x1006 SO_RCVTIMEO_NEW = 0x42 SO_RCVTIMEO_OLD = 0x1006 @@ -351,6 +352,7 @@ const ( SO_TIMESTAMPNS_NEW = 0x40 SO_TIMESTAMPNS_OLD = 0x23 SO_TIMESTAMP_NEW = 0x3f + SO_TXREHASH = 0x4a SO_TXTIME = 0x3d SO_TYPE = 0x1008 SO_WIFI_STATUS = 0x29 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go index 858c4f30f5b..c0fcda86b4c 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go @@ -381,6 +381,7 @@ const ( SO_RCVBUF = 0x8 SO_RCVBUFFORCE = 0x21 SO_RCVLOWAT = 0x10 + SO_RCVMARK = 0x4b SO_RCVTIMEO = 0x12 SO_RCVTIMEO_NEW = 0x42 SO_RCVTIMEO_OLD = 0x12 @@ -405,6 +406,7 @@ const ( SO_TIMESTAMPNS_NEW = 0x40 SO_TIMESTAMPNS_OLD = 0x23 SO_TIMESTAMP_NEW = 0x3f + SO_TXREHASH = 0x4a SO_TXTIME = 0x3d SO_TYPE = 0x3 SO_WIFI_STATUS = 0x29 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go index af2a7ba6e61..f3b72407aa6 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go @@ -385,6 +385,7 @@ const ( SO_RCVBUF = 0x8 SO_RCVBUFFORCE = 0x21 SO_RCVLOWAT = 0x10 + SO_RCVMARK = 0x4b SO_RCVTIMEO = 0x12 SO_RCVTIMEO_NEW = 0x42 SO_RCVTIMEO_OLD = 0x12 @@ -409,6 +410,7 @@ const ( SO_TIMESTAMPNS_NEW = 0x40 SO_TIMESTAMPNS_OLD = 0x23 SO_TIMESTAMP_NEW = 0x3f + SO_TXREHASH = 0x4a SO_TXTIME = 0x3d SO_TYPE = 0x3 SO_WIFI_STATUS = 0x29 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go index eaa2eb8e246..72f2a45d503 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go @@ -385,6 +385,7 @@ const ( SO_RCVBUF = 0x8 SO_RCVBUFFORCE = 0x21 SO_RCVLOWAT = 0x10 + SO_RCVMARK = 0x4b SO_RCVTIMEO = 0x12 SO_RCVTIMEO_NEW = 0x42 SO_RCVTIMEO_OLD = 0x12 @@ -409,6 +410,7 @@ const ( SO_TIMESTAMPNS_NEW = 0x40 SO_TIMESTAMPNS_OLD = 0x23 SO_TIMESTAMP_NEW = 0x3f + SO_TXREHASH = 0x4a SO_TXTIME = 0x3d SO_TYPE = 0x3 SO_WIFI_STATUS = 0x29 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go index faaa9f06378..45b214b4d3a 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go @@ -314,6 +314,7 @@ const ( SO_RCVBUF = 0x8 SO_RCVBUFFORCE = 0x21 SO_RCVLOWAT = 0x12 + SO_RCVMARK = 0x4b SO_RCVTIMEO = 0x14 SO_RCVTIMEO_NEW = 0x42 SO_RCVTIMEO_OLD = 0x14 @@ -338,6 +339,7 @@ const ( SO_TIMESTAMPNS_NEW = 0x40 SO_TIMESTAMPNS_OLD = 0x23 SO_TIMESTAMP_NEW = 0x3f + SO_TXREHASH = 0x4a SO_TXTIME = 0x3d SO_TYPE = 0x3 SO_WIFI_STATUS = 0x29 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go index 0d161f0b75f..1897f207bb3 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go @@ -389,6 +389,7 @@ const ( SO_RCVBUF = 0x8 SO_RCVBUFFORCE = 0x21 SO_RCVLOWAT = 0x12 + SO_RCVMARK = 0x4b SO_RCVTIMEO = 0x14 SO_RCVTIMEO_NEW = 0x42 SO_RCVTIMEO_OLD = 0x14 @@ -413,6 +414,7 @@ const ( SO_TIMESTAMPNS_NEW = 0x40 SO_TIMESTAMPNS_OLD = 0x23 SO_TIMESTAMP_NEW = 0x3f + SO_TXREHASH = 0x4a SO_TXTIME = 0x3d SO_TYPE = 0x3 SO_WIFI_STATUS = 0x29 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go index 4fd497a3e39..1fb7a3953a9 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go @@ -380,6 +380,7 @@ const ( SO_RCVBUF = 0x1002 SO_RCVBUFFORCE = 0x100b SO_RCVLOWAT = 0x800 + SO_RCVMARK = 0x54 SO_RCVTIMEO = 0x2000 SO_RCVTIMEO_NEW = 0x44 SO_RCVTIMEO_OLD = 0x2000 @@ -404,6 +405,7 @@ const ( SO_TIMESTAMPNS_NEW = 0x42 SO_TIMESTAMPNS_OLD = 0x21 SO_TIMESTAMP_NEW = 0x46 + SO_TXREHASH = 0x53 SO_TXTIME = 0x3f SO_TYPE = 0x1008 SO_WIFI_STATUS = 0x25 diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go index e9d9997eeda..039c4aa06c2 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go @@ -912,7 +912,7 @@ func Fpathconf(fd int, name int) (val int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func fstat(fd int, stat *stat_freebsd11_t) (err error) { +func Fstat(fd int, stat *Stat_t) (err error) { _, _, e1 := Syscall(SYS_FSTAT, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0) if e1 != 0 { err = errnoErr(e1) @@ -922,17 +922,7 @@ func fstat(fd int, stat *stat_freebsd11_t) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func fstat_freebsd12(fd int, stat *Stat_t) (err error) { - _, _, e1 := Syscall(SYS_FSTAT_FREEBSD12, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func fstatat(fd int, path string, stat *stat_freebsd11_t, flags int) (err error) { +func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) if err != nil { @@ -947,22 +937,7 @@ func fstatat(fd int, path string, stat *stat_freebsd11_t, flags int) (err error) // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func fstatat_freebsd12(fd int, path string, stat *Stat_t, flags int) (err error) { - var _p0 *byte - _p0, err = BytePtrFromString(path) - if err != nil { - return - } - _, _, e1 := Syscall6(SYS_FSTATAT_FREEBSD12, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func fstatfs(fd int, stat *statfs_freebsd11_t) (err error) { +func Fstatfs(fd int, stat *Statfs_t) (err error) { _, _, e1 := Syscall(SYS_FSTATFS, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0) if e1 != 0 { err = errnoErr(e1) @@ -972,16 +947,6 @@ func fstatfs(fd int, stat *statfs_freebsd11_t) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func fstatfs_freebsd12(fd int, stat *Statfs_t) (err error) { - _, _, e1 := Syscall(SYS_FSTATFS_FREEBSD12, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Fsync(fd int) (err error) { _, _, e1 := Syscall(SYS_FSYNC, uintptr(fd), 0, 0) if e1 != 0 { @@ -1002,7 +967,7 @@ func Ftruncate(fd int, length int64) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) { +func getdirentries(fd int, buf []byte, basep *uint64) (n int, err error) { var _p0 unsafe.Pointer if len(buf) > 0 { _p0 = unsafe.Pointer(&buf[0]) @@ -1019,23 +984,6 @@ func getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func getdirentries_freebsd12(fd int, buf []byte, basep *uint64) (n int, err error) { - var _p0 unsafe.Pointer - if len(buf) > 0 { - _p0 = unsafe.Pointer(&buf[0]) - } else { - _p0 = unsafe.Pointer(&_zero) - } - r0, _, e1 := Syscall6(SYS_GETDIRENTRIES_FREEBSD12, uintptr(fd), uintptr(_p0), uintptr(len(buf)), uintptr(unsafe.Pointer(basep)), 0, 0) - n = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Getdtablesize() (size int) { r0, _, _ := Syscall(SYS_GETDTABLESIZE, 0, 0, 0) size = int(r0) @@ -1257,21 +1205,6 @@ func Listen(s int, backlog int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func lstat(path string, stat *stat_freebsd11_t) (err error) { - var _p0 *byte - _p0, err = BytePtrFromString(path) - if err != nil { - return - } - _, _, e1 := Syscall(SYS_LSTAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Mkdir(path string, mode uint32) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) @@ -1317,43 +1250,13 @@ func Mkfifo(path string, mode uint32) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func mknod(path string, mode uint32, dev int) (err error) { - var _p0 *byte - _p0, err = BytePtrFromString(path) - if err != nil { - return - } - _, _, e1 := Syscall(SYS_MKNOD, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev)) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func mknodat(fd int, path string, mode uint32, dev int) (err error) { - var _p0 *byte - _p0, err = BytePtrFromString(path) - if err != nil { - return - } - _, _, e1 := Syscall6(SYS_MKNODAT, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func mknodat_freebsd12(fd int, path string, mode uint32, dev uint64) (err error) { +func Mknodat(fd int, path string, mode uint32, dev uint64) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) if err != nil { return } - _, _, e1 := Syscall6(SYS_MKNODAT_FREEBSD12, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), uintptr(dev>>32), 0) + _, _, e1 := Syscall6(SYS_MKNODAT, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), uintptr(dev>>32), 0) if e1 != 0 { err = errnoErr(e1) } @@ -1753,22 +1656,7 @@ func Setuid(uid int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func stat(path string, stat *stat_freebsd11_t) (err error) { - var _p0 *byte - _p0, err = BytePtrFromString(path) - if err != nil { - return - } - _, _, e1 := Syscall(SYS_STAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func statfs(path string, stat *statfs_freebsd11_t) (err error) { +func Statfs(path string, stat *Statfs_t) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) if err != nil { @@ -1783,21 +1671,6 @@ func statfs(path string, stat *statfs_freebsd11_t) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func statfs_freebsd12(path string, stat *Statfs_t) (err error) { - var _p0 *byte - _p0, err = BytePtrFromString(path) - if err != nil { - return - } - _, _, e1 := Syscall(SYS_STATFS_FREEBSD12, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Symlink(path string, link string) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go index edd373b1a56..0535d3cfdf2 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go @@ -912,7 +912,7 @@ func Fpathconf(fd int, name int) (val int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func fstat(fd int, stat *stat_freebsd11_t) (err error) { +func Fstat(fd int, stat *Stat_t) (err error) { _, _, e1 := Syscall(SYS_FSTAT, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0) if e1 != 0 { err = errnoErr(e1) @@ -922,17 +922,7 @@ func fstat(fd int, stat *stat_freebsd11_t) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func fstat_freebsd12(fd int, stat *Stat_t) (err error) { - _, _, e1 := Syscall(SYS_FSTAT_FREEBSD12, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func fstatat(fd int, path string, stat *stat_freebsd11_t, flags int) (err error) { +func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) if err != nil { @@ -947,22 +937,7 @@ func fstatat(fd int, path string, stat *stat_freebsd11_t, flags int) (err error) // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func fstatat_freebsd12(fd int, path string, stat *Stat_t, flags int) (err error) { - var _p0 *byte - _p0, err = BytePtrFromString(path) - if err != nil { - return - } - _, _, e1 := Syscall6(SYS_FSTATAT_FREEBSD12, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func fstatfs(fd int, stat *statfs_freebsd11_t) (err error) { +func Fstatfs(fd int, stat *Statfs_t) (err error) { _, _, e1 := Syscall(SYS_FSTATFS, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0) if e1 != 0 { err = errnoErr(e1) @@ -972,16 +947,6 @@ func fstatfs(fd int, stat *statfs_freebsd11_t) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func fstatfs_freebsd12(fd int, stat *Statfs_t) (err error) { - _, _, e1 := Syscall(SYS_FSTATFS_FREEBSD12, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Fsync(fd int) (err error) { _, _, e1 := Syscall(SYS_FSYNC, uintptr(fd), 0, 0) if e1 != 0 { @@ -1002,7 +967,7 @@ func Ftruncate(fd int, length int64) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) { +func getdirentries(fd int, buf []byte, basep *uint64) (n int, err error) { var _p0 unsafe.Pointer if len(buf) > 0 { _p0 = unsafe.Pointer(&buf[0]) @@ -1019,23 +984,6 @@ func getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func getdirentries_freebsd12(fd int, buf []byte, basep *uint64) (n int, err error) { - var _p0 unsafe.Pointer - if len(buf) > 0 { - _p0 = unsafe.Pointer(&buf[0]) - } else { - _p0 = unsafe.Pointer(&_zero) - } - r0, _, e1 := Syscall6(SYS_GETDIRENTRIES_FREEBSD12, uintptr(fd), uintptr(_p0), uintptr(len(buf)), uintptr(unsafe.Pointer(basep)), 0, 0) - n = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Getdtablesize() (size int) { r0, _, _ := Syscall(SYS_GETDTABLESIZE, 0, 0, 0) size = int(r0) @@ -1257,21 +1205,6 @@ func Listen(s int, backlog int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func lstat(path string, stat *stat_freebsd11_t) (err error) { - var _p0 *byte - _p0, err = BytePtrFromString(path) - if err != nil { - return - } - _, _, e1 := Syscall(SYS_LSTAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Mkdir(path string, mode uint32) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) @@ -1317,22 +1250,7 @@ func Mkfifo(path string, mode uint32) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func mknod(path string, mode uint32, dev int) (err error) { - var _p0 *byte - _p0, err = BytePtrFromString(path) - if err != nil { - return - } - _, _, e1 := Syscall(SYS_MKNOD, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev)) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func mknodat(fd int, path string, mode uint32, dev int) (err error) { +func Mknodat(fd int, path string, mode uint32, dev uint64) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) if err != nil { @@ -1347,21 +1265,6 @@ func mknodat(fd int, path string, mode uint32, dev int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func mknodat_freebsd12(fd int, path string, mode uint32, dev uint64) (err error) { - var _p0 *byte - _p0, err = BytePtrFromString(path) - if err != nil { - return - } - _, _, e1 := Syscall6(SYS_MKNODAT_FREEBSD12, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Nanosleep(time *Timespec, leftover *Timespec) (err error) { _, _, e1 := Syscall(SYS_NANOSLEEP, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0) if e1 != 0 { @@ -1753,22 +1656,7 @@ func Setuid(uid int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func stat(path string, stat *stat_freebsd11_t) (err error) { - var _p0 *byte - _p0, err = BytePtrFromString(path) - if err != nil { - return - } - _, _, e1 := Syscall(SYS_STAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func statfs(path string, stat *statfs_freebsd11_t) (err error) { +func Statfs(path string, stat *Statfs_t) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) if err != nil { @@ -1783,21 +1671,6 @@ func statfs(path string, stat *statfs_freebsd11_t) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func statfs_freebsd12(path string, stat *Statfs_t) (err error) { - var _p0 *byte - _p0, err = BytePtrFromString(path) - if err != nil { - return - } - _, _, e1 := Syscall(SYS_STATFS_FREEBSD12, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Symlink(path string, link string) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go index 82e9764b257..1018b522170 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go @@ -351,22 +351,6 @@ func Munlockall() (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { - var _p0 unsafe.Pointer - if len(mib) > 0 { - _p0 = unsafe.Pointer(&mib[0]) - } else { - _p0 = unsafe.Pointer(&_zero) - } - _, _, e1 := Syscall6(SYS___SYSCTL, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen)) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func pipe2(p *[2]_C_int, flags int) (err error) { _, _, e1 := RawSyscall(SYS_PIPE2, uintptr(unsafe.Pointer(p)), uintptr(flags), 0) if e1 != 0 { @@ -404,6 +388,22 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { + var _p0 unsafe.Pointer + if len(mib) > 0 { + _p0 = unsafe.Pointer(&mib[0]) + } else { + _p0 = unsafe.Pointer(&_zero) + } + _, _, e1 := Syscall6(SYS___SYSCTL, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func ptrace(request int, pid int, addr uintptr, data int) (err error) { _, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0) if e1 != 0 { @@ -912,7 +912,7 @@ func Fpathconf(fd int, name int) (val int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func fstat(fd int, stat *stat_freebsd11_t) (err error) { +func Fstat(fd int, stat *Stat_t) (err error) { _, _, e1 := Syscall(SYS_FSTAT, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0) if e1 != 0 { err = errnoErr(e1) @@ -922,17 +922,7 @@ func fstat(fd int, stat *stat_freebsd11_t) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func fstat_freebsd12(fd int, stat *Stat_t) (err error) { - _, _, e1 := Syscall(SYS_FSTAT_FREEBSD12, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func fstatat(fd int, path string, stat *stat_freebsd11_t, flags int) (err error) { +func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) if err != nil { @@ -947,22 +937,7 @@ func fstatat(fd int, path string, stat *stat_freebsd11_t, flags int) (err error) // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func fstatat_freebsd12(fd int, path string, stat *Stat_t, flags int) (err error) { - var _p0 *byte - _p0, err = BytePtrFromString(path) - if err != nil { - return - } - _, _, e1 := Syscall6(SYS_FSTATAT_FREEBSD12, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func fstatfs(fd int, stat *statfs_freebsd11_t) (err error) { +func Fstatfs(fd int, stat *Statfs_t) (err error) { _, _, e1 := Syscall(SYS_FSTATFS, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0) if e1 != 0 { err = errnoErr(e1) @@ -972,16 +947,6 @@ func fstatfs(fd int, stat *statfs_freebsd11_t) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func fstatfs_freebsd12(fd int, stat *Statfs_t) (err error) { - _, _, e1 := Syscall(SYS_FSTATFS_FREEBSD12, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Fsync(fd int) (err error) { _, _, e1 := Syscall(SYS_FSYNC, uintptr(fd), 0, 0) if e1 != 0 { @@ -1002,7 +967,7 @@ func Ftruncate(fd int, length int64) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) { +func getdirentries(fd int, buf []byte, basep *uint64) (n int, err error) { var _p0 unsafe.Pointer if len(buf) > 0 { _p0 = unsafe.Pointer(&buf[0]) @@ -1019,23 +984,6 @@ func getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func getdirentries_freebsd12(fd int, buf []byte, basep *uint64) (n int, err error) { - var _p0 unsafe.Pointer - if len(buf) > 0 { - _p0 = unsafe.Pointer(&buf[0]) - } else { - _p0 = unsafe.Pointer(&_zero) - } - r0, _, e1 := Syscall6(SYS_GETDIRENTRIES_FREEBSD12, uintptr(fd), uintptr(_p0), uintptr(len(buf)), uintptr(unsafe.Pointer(basep)), 0, 0) - n = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Getdtablesize() (size int) { r0, _, _ := Syscall(SYS_GETDTABLESIZE, 0, 0, 0) size = int(r0) @@ -1257,21 +1205,6 @@ func Listen(s int, backlog int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func lstat(path string, stat *stat_freebsd11_t) (err error) { - var _p0 *byte - _p0, err = BytePtrFromString(path) - if err != nil { - return - } - _, _, e1 := Syscall(SYS_LSTAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Mkdir(path string, mode uint32) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) @@ -1317,43 +1250,13 @@ func Mkfifo(path string, mode uint32) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func mknod(path string, mode uint32, dev int) (err error) { - var _p0 *byte - _p0, err = BytePtrFromString(path) - if err != nil { - return - } - _, _, e1 := Syscall(SYS_MKNOD, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev)) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func mknodat(fd int, path string, mode uint32, dev int) (err error) { - var _p0 *byte - _p0, err = BytePtrFromString(path) - if err != nil { - return - } - _, _, e1 := Syscall6(SYS_MKNODAT, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func mknodat_freebsd12(fd int, path string, mode uint32, dev uint64) (err error) { +func Mknodat(fd int, path string, mode uint32, dev uint64) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) if err != nil { return } - _, _, e1 := Syscall6(SYS_MKNODAT_FREEBSD12, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0) + _, _, e1 := Syscall6(SYS_MKNODAT, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0, uintptr(dev), uintptr(dev>>32)) if e1 != 0 { err = errnoErr(e1) } @@ -1753,22 +1656,7 @@ func Setuid(uid int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func stat(path string, stat *stat_freebsd11_t) (err error) { - var _p0 *byte - _p0, err = BytePtrFromString(path) - if err != nil { - return - } - _, _, e1 := Syscall(SYS_STAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func statfs(path string, stat *statfs_freebsd11_t) (err error) { +func Statfs(path string, stat *Statfs_t) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) if err != nil { @@ -1783,21 +1671,6 @@ func statfs(path string, stat *statfs_freebsd11_t) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func statfs_freebsd12(path string, stat *Statfs_t) (err error) { - var _p0 *byte - _p0, err = BytePtrFromString(path) - if err != nil { - return - } - _, _, e1 := Syscall(SYS_STATFS_FREEBSD12, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Symlink(path string, link string) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go index a6479acd1fc..3802f4b379a 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go @@ -912,7 +912,7 @@ func Fpathconf(fd int, name int) (val int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func fstat(fd int, stat *stat_freebsd11_t) (err error) { +func Fstat(fd int, stat *Stat_t) (err error) { _, _, e1 := Syscall(SYS_FSTAT, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0) if e1 != 0 { err = errnoErr(e1) @@ -922,17 +922,7 @@ func fstat(fd int, stat *stat_freebsd11_t) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func fstat_freebsd12(fd int, stat *Stat_t) (err error) { - _, _, e1 := Syscall(SYS_FSTAT_FREEBSD12, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func fstatat(fd int, path string, stat *stat_freebsd11_t, flags int) (err error) { +func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) if err != nil { @@ -947,22 +937,7 @@ func fstatat(fd int, path string, stat *stat_freebsd11_t, flags int) (err error) // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func fstatat_freebsd12(fd int, path string, stat *Stat_t, flags int) (err error) { - var _p0 *byte - _p0, err = BytePtrFromString(path) - if err != nil { - return - } - _, _, e1 := Syscall6(SYS_FSTATAT_FREEBSD12, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func fstatfs(fd int, stat *statfs_freebsd11_t) (err error) { +func Fstatfs(fd int, stat *Statfs_t) (err error) { _, _, e1 := Syscall(SYS_FSTATFS, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0) if e1 != 0 { err = errnoErr(e1) @@ -972,16 +947,6 @@ func fstatfs(fd int, stat *statfs_freebsd11_t) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func fstatfs_freebsd12(fd int, stat *Statfs_t) (err error) { - _, _, e1 := Syscall(SYS_FSTATFS_FREEBSD12, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Fsync(fd int) (err error) { _, _, e1 := Syscall(SYS_FSYNC, uintptr(fd), 0, 0) if e1 != 0 { @@ -1002,7 +967,7 @@ func Ftruncate(fd int, length int64) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) { +func getdirentries(fd int, buf []byte, basep *uint64) (n int, err error) { var _p0 unsafe.Pointer if len(buf) > 0 { _p0 = unsafe.Pointer(&buf[0]) @@ -1019,23 +984,6 @@ func getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func getdirentries_freebsd12(fd int, buf []byte, basep *uint64) (n int, err error) { - var _p0 unsafe.Pointer - if len(buf) > 0 { - _p0 = unsafe.Pointer(&buf[0]) - } else { - _p0 = unsafe.Pointer(&_zero) - } - r0, _, e1 := Syscall6(SYS_GETDIRENTRIES_FREEBSD12, uintptr(fd), uintptr(_p0), uintptr(len(buf)), uintptr(unsafe.Pointer(basep)), 0, 0) - n = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Getdtablesize() (size int) { r0, _, _ := Syscall(SYS_GETDTABLESIZE, 0, 0, 0) size = int(r0) @@ -1257,21 +1205,6 @@ func Listen(s int, backlog int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func lstat(path string, stat *stat_freebsd11_t) (err error) { - var _p0 *byte - _p0, err = BytePtrFromString(path) - if err != nil { - return - } - _, _, e1 := Syscall(SYS_LSTAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Mkdir(path string, mode uint32) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) @@ -1317,22 +1250,7 @@ func Mkfifo(path string, mode uint32) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func mknod(path string, mode uint32, dev int) (err error) { - var _p0 *byte - _p0, err = BytePtrFromString(path) - if err != nil { - return - } - _, _, e1 := Syscall(SYS_MKNOD, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev)) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func mknodat(fd int, path string, mode uint32, dev int) (err error) { +func Mknodat(fd int, path string, mode uint32, dev uint64) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) if err != nil { @@ -1347,21 +1265,6 @@ func mknodat(fd int, path string, mode uint32, dev int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func mknodat_freebsd12(fd int, path string, mode uint32, dev uint64) (err error) { - var _p0 *byte - _p0, err = BytePtrFromString(path) - if err != nil { - return - } - _, _, e1 := Syscall6(SYS_MKNODAT_FREEBSD12, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Nanosleep(time *Timespec, leftover *Timespec) (err error) { _, _, e1 := Syscall(SYS_NANOSLEEP, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0) if e1 != 0 { @@ -1753,22 +1656,7 @@ func Setuid(uid int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func stat(path string, stat *stat_freebsd11_t) (err error) { - var _p0 *byte - _p0, err = BytePtrFromString(path) - if err != nil { - return - } - _, _, e1 := Syscall(SYS_STAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func statfs(path string, stat *statfs_freebsd11_t) (err error) { +func Statfs(path string, stat *Statfs_t) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) if err != nil { @@ -1783,21 +1671,6 @@ func statfs(path string, stat *statfs_freebsd11_t) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func statfs_freebsd12(path string, stat *Statfs_t) (err error) { - var _p0 *byte - _p0, err = BytePtrFromString(path) - if err != nil { - return - } - _, _, e1 := Syscall(SYS_STATFS_FREEBSD12, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Symlink(path string, link string) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go new file mode 100644 index 00000000000..8a2db7da9f3 --- /dev/null +++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go @@ -0,0 +1,1889 @@ +// go run mksyscall.go -tags freebsd,riscv64 syscall_bsd.go syscall_freebsd.go syscall_freebsd_riscv64.go +// Code generated by the command above; see README.md. DO NOT EDIT. + +//go:build freebsd && riscv64 +// +build freebsd,riscv64 + +package unix + +import ( + "syscall" + "unsafe" +) + +var _ syscall.Errno + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func getgroups(ngid int, gid *_Gid_t) (n int, err error) { + r0, _, e1 := RawSyscall(SYS_GETGROUPS, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func setgroups(ngid int, gid *_Gid_t) (err error) { + _, _, e1 := RawSyscall(SYS_SETGROUPS, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err error) { + r0, _, e1 := Syscall6(SYS_WAIT4, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0, 0) + wpid = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) { + r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) + fd = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) { + _, _, e1 := Syscall(SYS_BIND, uintptr(s), uintptr(addr), uintptr(addrlen)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) { + _, _, e1 := Syscall(SYS_CONNECT, uintptr(s), uintptr(addr), uintptr(addrlen)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func socket(domain int, typ int, proto int) (fd int, err error) { + r0, _, e1 := RawSyscall(SYS_SOCKET, uintptr(domain), uintptr(typ), uintptr(proto)) + fd = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) { + _, _, e1 := Syscall6(SYS_GETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) { + _, _, e1 := Syscall6(SYS_SETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) { + _, _, e1 := RawSyscall(SYS_GETPEERNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) { + _, _, e1 := RawSyscall(SYS_GETSOCKNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Shutdown(s int, how int) (err error) { + _, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(s), uintptr(how), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) { + _, _, e1 := RawSyscall6(SYS_SOCKETPAIR, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) { + var _p0 unsafe.Pointer + if len(p) > 0 { + _p0 = unsafe.Pointer(&p[0]) + } else { + _p0 = unsafe.Pointer(&_zero) + } + r0, _, e1 := Syscall6(SYS_RECVFROM, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen))) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) { + var _p0 unsafe.Pointer + if len(buf) > 0 { + _p0 = unsafe.Pointer(&buf[0]) + } else { + _p0 = unsafe.Pointer(&_zero) + } + _, _, e1 := Syscall6(SYS_SENDTO, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) { + r0, _, e1 := Syscall(SYS_RECVMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags)) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) { + r0, _, e1 := Syscall(SYS_SENDMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags)) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func kevent(kq int, change unsafe.Pointer, nchange int, event unsafe.Pointer, nevent int, timeout *Timespec) (n int, err error) { + r0, _, e1 := Syscall6(SYS_KEVENT, uintptr(kq), uintptr(change), uintptr(nchange), uintptr(event), uintptr(nevent), uintptr(unsafe.Pointer(timeout))) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func utimes(path string, timeval *[2]Timeval) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := Syscall(SYS_UTIMES, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(timeval)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func futimes(fd int, timeval *[2]Timeval) (err error) { + _, _, e1 := Syscall(SYS_FUTIMES, uintptr(fd), uintptr(unsafe.Pointer(timeval)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func poll(fds *PollFd, nfds int, timeout int) (n int, err error) { + r0, _, e1 := Syscall(SYS_POLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout)) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Madvise(b []byte, behav int) (err error) { + var _p0 unsafe.Pointer + if len(b) > 0 { + _p0 = unsafe.Pointer(&b[0]) + } else { + _p0 = unsafe.Pointer(&_zero) + } + _, _, e1 := Syscall(SYS_MADVISE, uintptr(_p0), uintptr(len(b)), uintptr(behav)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Mlock(b []byte) (err error) { + var _p0 unsafe.Pointer + if len(b) > 0 { + _p0 = unsafe.Pointer(&b[0]) + } else { + _p0 = unsafe.Pointer(&_zero) + } + _, _, e1 := Syscall(SYS_MLOCK, uintptr(_p0), uintptr(len(b)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Mlockall(flags int) (err error) { + _, _, e1 := Syscall(SYS_MLOCKALL, uintptr(flags), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Mprotect(b []byte, prot int) (err error) { + var _p0 unsafe.Pointer + if len(b) > 0 { + _p0 = unsafe.Pointer(&b[0]) + } else { + _p0 = unsafe.Pointer(&_zero) + } + _, _, e1 := Syscall(SYS_MPROTECT, uintptr(_p0), uintptr(len(b)), uintptr(prot)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Msync(b []byte, flags int) (err error) { + var _p0 unsafe.Pointer + if len(b) > 0 { + _p0 = unsafe.Pointer(&b[0]) + } else { + _p0 = unsafe.Pointer(&_zero) + } + _, _, e1 := Syscall(SYS_MSYNC, uintptr(_p0), uintptr(len(b)), uintptr(flags)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Munlock(b []byte) (err error) { + var _p0 unsafe.Pointer + if len(b) > 0 { + _p0 = unsafe.Pointer(&b[0]) + } else { + _p0 = unsafe.Pointer(&_zero) + } + _, _, e1 := Syscall(SYS_MUNLOCK, uintptr(_p0), uintptr(len(b)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Munlockall() (err error) { + _, _, e1 := Syscall(SYS_MUNLOCKALL, 0, 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func pipe2(p *[2]_C_int, flags int) (err error) { + _, _, e1 := RawSyscall(SYS_PIPE2, uintptr(unsafe.Pointer(p)), uintptr(flags), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Getcwd(buf []byte) (n int, err error) { + var _p0 unsafe.Pointer + if len(buf) > 0 { + _p0 = unsafe.Pointer(&buf[0]) + } else { + _p0 = unsafe.Pointer(&_zero) + } + r0, _, e1 := Syscall(SYS___GETCWD, uintptr(_p0), uintptr(len(buf)), 0) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func ioctl(fd int, req uint, arg uintptr) (err error) { + _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { + var _p0 unsafe.Pointer + if len(mib) > 0 { + _p0 = unsafe.Pointer(&mib[0]) + } else { + _p0 = unsafe.Pointer(&_zero) + } + _, _, e1 := Syscall6(SYS___SYSCTL, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func ptrace(request int, pid int, addr uintptr, data int) (err error) { + _, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Access(path string, mode uint32) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := Syscall(SYS_ACCESS, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Adjtime(delta *Timeval, olddelta *Timeval) (err error) { + _, _, e1 := Syscall(SYS_ADJTIME, uintptr(unsafe.Pointer(delta)), uintptr(unsafe.Pointer(olddelta)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func CapEnter() (err error) { + _, _, e1 := Syscall(SYS_CAP_ENTER, 0, 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func capRightsGet(version int, fd int, rightsp *CapRights) (err error) { + _, _, e1 := Syscall(SYS___CAP_RIGHTS_GET, uintptr(version), uintptr(fd), uintptr(unsafe.Pointer(rightsp))) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func capRightsLimit(fd int, rightsp *CapRights) (err error) { + _, _, e1 := Syscall(SYS_CAP_RIGHTS_LIMIT, uintptr(fd), uintptr(unsafe.Pointer(rightsp)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Chdir(path string) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := Syscall(SYS_CHDIR, uintptr(unsafe.Pointer(_p0)), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Chflags(path string, flags int) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := Syscall(SYS_CHFLAGS, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Chmod(path string, mode uint32) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := Syscall(SYS_CHMOD, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Chown(path string, uid int, gid int) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := Syscall(SYS_CHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Chroot(path string) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := Syscall(SYS_CHROOT, uintptr(unsafe.Pointer(_p0)), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Close(fd int) (err error) { + _, _, e1 := Syscall(SYS_CLOSE, uintptr(fd), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Dup(fd int) (nfd int, err error) { + r0, _, e1 := Syscall(SYS_DUP, uintptr(fd), 0, 0) + nfd = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Dup2(from int, to int) (err error) { + _, _, e1 := Syscall(SYS_DUP2, uintptr(from), uintptr(to), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Exit(code int) { + Syscall(SYS_EXIT, uintptr(code), 0, 0) + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func ExtattrGetFd(fd int, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) { + var _p0 *byte + _p0, err = BytePtrFromString(attrname) + if err != nil { + return + } + r0, _, e1 := Syscall6(SYS_EXTATTR_GET_FD, uintptr(fd), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p0)), uintptr(data), uintptr(nbytes), 0) + ret = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func ExtattrSetFd(fd int, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) { + var _p0 *byte + _p0, err = BytePtrFromString(attrname) + if err != nil { + return + } + r0, _, e1 := Syscall6(SYS_EXTATTR_SET_FD, uintptr(fd), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p0)), uintptr(data), uintptr(nbytes), 0) + ret = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func ExtattrDeleteFd(fd int, attrnamespace int, attrname string) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(attrname) + if err != nil { + return + } + _, _, e1 := Syscall(SYS_EXTATTR_DELETE_FD, uintptr(fd), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p0))) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func ExtattrListFd(fd int, attrnamespace int, data uintptr, nbytes int) (ret int, err error) { + r0, _, e1 := Syscall6(SYS_EXTATTR_LIST_FD, uintptr(fd), uintptr(attrnamespace), uintptr(data), uintptr(nbytes), 0, 0) + ret = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func ExtattrGetFile(file string, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) { + var _p0 *byte + _p0, err = BytePtrFromString(file) + if err != nil { + return + } + var _p1 *byte + _p1, err = BytePtrFromString(attrname) + if err != nil { + return + } + r0, _, e1 := Syscall6(SYS_EXTATTR_GET_FILE, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)), uintptr(data), uintptr(nbytes), 0) + ret = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func ExtattrSetFile(file string, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) { + var _p0 *byte + _p0, err = BytePtrFromString(file) + if err != nil { + return + } + var _p1 *byte + _p1, err = BytePtrFromString(attrname) + if err != nil { + return + } + r0, _, e1 := Syscall6(SYS_EXTATTR_SET_FILE, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)), uintptr(data), uintptr(nbytes), 0) + ret = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func ExtattrDeleteFile(file string, attrnamespace int, attrname string) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(file) + if err != nil { + return + } + var _p1 *byte + _p1, err = BytePtrFromString(attrname) + if err != nil { + return + } + _, _, e1 := Syscall(SYS_EXTATTR_DELETE_FILE, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1))) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func ExtattrListFile(file string, attrnamespace int, data uintptr, nbytes int) (ret int, err error) { + var _p0 *byte + _p0, err = BytePtrFromString(file) + if err != nil { + return + } + r0, _, e1 := Syscall6(SYS_EXTATTR_LIST_FILE, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(data), uintptr(nbytes), 0, 0) + ret = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func ExtattrGetLink(link string, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) { + var _p0 *byte + _p0, err = BytePtrFromString(link) + if err != nil { + return + } + var _p1 *byte + _p1, err = BytePtrFromString(attrname) + if err != nil { + return + } + r0, _, e1 := Syscall6(SYS_EXTATTR_GET_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)), uintptr(data), uintptr(nbytes), 0) + ret = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func ExtattrSetLink(link string, attrnamespace int, attrname string, data uintptr, nbytes int) (ret int, err error) { + var _p0 *byte + _p0, err = BytePtrFromString(link) + if err != nil { + return + } + var _p1 *byte + _p1, err = BytePtrFromString(attrname) + if err != nil { + return + } + r0, _, e1 := Syscall6(SYS_EXTATTR_SET_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1)), uintptr(data), uintptr(nbytes), 0) + ret = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func ExtattrDeleteLink(link string, attrnamespace int, attrname string) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(link) + if err != nil { + return + } + var _p1 *byte + _p1, err = BytePtrFromString(attrname) + if err != nil { + return + } + _, _, e1 := Syscall(SYS_EXTATTR_DELETE_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(unsafe.Pointer(_p1))) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func ExtattrListLink(link string, attrnamespace int, data uintptr, nbytes int) (ret int, err error) { + var _p0 *byte + _p0, err = BytePtrFromString(link) + if err != nil { + return + } + r0, _, e1 := Syscall6(SYS_EXTATTR_LIST_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(attrnamespace), uintptr(data), uintptr(nbytes), 0, 0) + ret = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Fadvise(fd int, offset int64, length int64, advice int) (err error) { + _, _, e1 := Syscall6(SYS_POSIX_FADVISE, uintptr(fd), uintptr(offset), uintptr(length), uintptr(advice), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := Syscall6(SYS_FACCESSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Fchdir(fd int) (err error) { + _, _, e1 := Syscall(SYS_FCHDIR, uintptr(fd), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Fchflags(fd int, flags int) (err error) { + _, _, e1 := Syscall(SYS_FCHFLAGS, uintptr(fd), uintptr(flags), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Fchmod(fd int, mode uint32) (err error) { + _, _, e1 := Syscall(SYS_FCHMOD, uintptr(fd), uintptr(mode), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := Syscall6(SYS_FCHMODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Fchown(fd int, uid int, gid int) (err error) { + _, _, e1 := Syscall(SYS_FCHOWN, uintptr(fd), uintptr(uid), uintptr(gid)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := Syscall6(SYS_FCHOWNAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Flock(fd int, how int) (err error) { + _, _, e1 := Syscall(SYS_FLOCK, uintptr(fd), uintptr(how), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Fpathconf(fd int, name int) (val int, err error) { + r0, _, e1 := Syscall(SYS_FPATHCONF, uintptr(fd), uintptr(name), 0) + val = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Fstat(fd int, stat *Stat_t) (err error) { + _, _, e1 := Syscall(SYS_FSTAT, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := Syscall6(SYS_FSTATAT, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Fstatfs(fd int, stat *Statfs_t) (err error) { + _, _, e1 := Syscall(SYS_FSTATFS, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Fsync(fd int) (err error) { + _, _, e1 := Syscall(SYS_FSYNC, uintptr(fd), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Ftruncate(fd int, length int64) (err error) { + _, _, e1 := Syscall(SYS_FTRUNCATE, uintptr(fd), uintptr(length), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func getdirentries(fd int, buf []byte, basep *uint64) (n int, err error) { + var _p0 unsafe.Pointer + if len(buf) > 0 { + _p0 = unsafe.Pointer(&buf[0]) + } else { + _p0 = unsafe.Pointer(&_zero) + } + r0, _, e1 := Syscall6(SYS_GETDIRENTRIES, uintptr(fd), uintptr(_p0), uintptr(len(buf)), uintptr(unsafe.Pointer(basep)), 0, 0) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Getdtablesize() (size int) { + r0, _, _ := Syscall(SYS_GETDTABLESIZE, 0, 0, 0) + size = int(r0) + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Getegid() (egid int) { + r0, _, _ := RawSyscall(SYS_GETEGID, 0, 0, 0) + egid = int(r0) + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Geteuid() (uid int) { + r0, _, _ := RawSyscall(SYS_GETEUID, 0, 0, 0) + uid = int(r0) + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Getgid() (gid int) { + r0, _, _ := RawSyscall(SYS_GETGID, 0, 0, 0) + gid = int(r0) + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Getpgid(pid int) (pgid int, err error) { + r0, _, e1 := RawSyscall(SYS_GETPGID, uintptr(pid), 0, 0) + pgid = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Getpgrp() (pgrp int) { + r0, _, _ := RawSyscall(SYS_GETPGRP, 0, 0, 0) + pgrp = int(r0) + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Getpid() (pid int) { + r0, _, _ := RawSyscall(SYS_GETPID, 0, 0, 0) + pid = int(r0) + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Getppid() (ppid int) { + r0, _, _ := RawSyscall(SYS_GETPPID, 0, 0, 0) + ppid = int(r0) + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Getpriority(which int, who int) (prio int, err error) { + r0, _, e1 := Syscall(SYS_GETPRIORITY, uintptr(which), uintptr(who), 0) + prio = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Getrlimit(which int, lim *Rlimit) (err error) { + _, _, e1 := RawSyscall(SYS_GETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Getrusage(who int, rusage *Rusage) (err error) { + _, _, e1 := RawSyscall(SYS_GETRUSAGE, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Getsid(pid int) (sid int, err error) { + r0, _, e1 := RawSyscall(SYS_GETSID, uintptr(pid), 0, 0) + sid = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Gettimeofday(tv *Timeval) (err error) { + _, _, e1 := RawSyscall(SYS_GETTIMEOFDAY, uintptr(unsafe.Pointer(tv)), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Getuid() (uid int) { + r0, _, _ := RawSyscall(SYS_GETUID, 0, 0, 0) + uid = int(r0) + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Issetugid() (tainted bool) { + r0, _, _ := Syscall(SYS_ISSETUGID, 0, 0, 0) + tainted = bool(r0 != 0) + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Kill(pid int, signum syscall.Signal) (err error) { + _, _, e1 := Syscall(SYS_KILL, uintptr(pid), uintptr(signum), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Kqueue() (fd int, err error) { + r0, _, e1 := Syscall(SYS_KQUEUE, 0, 0, 0) + fd = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Lchown(path string, uid int, gid int) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := Syscall(SYS_LCHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Link(path string, link string) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + var _p1 *byte + _p1, err = BytePtrFromString(link) + if err != nil { + return + } + _, _, e1 := Syscall(SYS_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Linkat(pathfd int, path string, linkfd int, link string, flags int) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + var _p1 *byte + _p1, err = BytePtrFromString(link) + if err != nil { + return + } + _, _, e1 := Syscall6(SYS_LINKAT, uintptr(pathfd), uintptr(unsafe.Pointer(_p0)), uintptr(linkfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Listen(s int, backlog int) (err error) { + _, _, e1 := Syscall(SYS_LISTEN, uintptr(s), uintptr(backlog), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Mkdir(path string, mode uint32) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := Syscall(SYS_MKDIR, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Mkdirat(dirfd int, path string, mode uint32) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := Syscall(SYS_MKDIRAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Mkfifo(path string, mode uint32) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := Syscall(SYS_MKFIFO, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Mknodat(fd int, path string, mode uint32, dev uint64) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := Syscall6(SYS_MKNODAT, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Nanosleep(time *Timespec, leftover *Timespec) (err error) { + _, _, e1 := Syscall(SYS_NANOSLEEP, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Open(path string, mode int, perm uint32) (fd int, err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + r0, _, e1 := Syscall(SYS_OPEN, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm)) + fd = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Openat(fdat int, path string, mode int, perm uint32) (fd int, err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + r0, _, e1 := Syscall6(SYS_OPENAT, uintptr(fdat), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm), 0, 0) + fd = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Pathconf(path string, name int) (val int, err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + r0, _, e1 := Syscall(SYS_PATHCONF, uintptr(unsafe.Pointer(_p0)), uintptr(name), 0) + val = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func pread(fd int, p []byte, offset int64) (n int, err error) { + var _p0 unsafe.Pointer + if len(p) > 0 { + _p0 = unsafe.Pointer(&p[0]) + } else { + _p0 = unsafe.Pointer(&_zero) + } + r0, _, e1 := Syscall6(SYS_PREAD, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func pwrite(fd int, p []byte, offset int64) (n int, err error) { + var _p0 unsafe.Pointer + if len(p) > 0 { + _p0 = unsafe.Pointer(&p[0]) + } else { + _p0 = unsafe.Pointer(&_zero) + } + r0, _, e1 := Syscall6(SYS_PWRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func read(fd int, p []byte) (n int, err error) { + var _p0 unsafe.Pointer + if len(p) > 0 { + _p0 = unsafe.Pointer(&p[0]) + } else { + _p0 = unsafe.Pointer(&_zero) + } + r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(_p0), uintptr(len(p))) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Readlink(path string, buf []byte) (n int, err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + var _p1 unsafe.Pointer + if len(buf) > 0 { + _p1 = unsafe.Pointer(&buf[0]) + } else { + _p1 = unsafe.Pointer(&_zero) + } + r0, _, e1 := Syscall(SYS_READLINK, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf))) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + var _p1 unsafe.Pointer + if len(buf) > 0 { + _p1 = unsafe.Pointer(&buf[0]) + } else { + _p1 = unsafe.Pointer(&_zero) + } + r0, _, e1 := Syscall6(SYS_READLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Rename(from string, to string) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(from) + if err != nil { + return + } + var _p1 *byte + _p1, err = BytePtrFromString(to) + if err != nil { + return + } + _, _, e1 := Syscall(SYS_RENAME, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Renameat(fromfd int, from string, tofd int, to string) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(from) + if err != nil { + return + } + var _p1 *byte + _p1, err = BytePtrFromString(to) + if err != nil { + return + } + _, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(fromfd), uintptr(unsafe.Pointer(_p0)), uintptr(tofd), uintptr(unsafe.Pointer(_p1)), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Revoke(path string) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := Syscall(SYS_REVOKE, uintptr(unsafe.Pointer(_p0)), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Rmdir(path string) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := Syscall(SYS_RMDIR, uintptr(unsafe.Pointer(_p0)), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Seek(fd int, offset int64, whence int) (newoffset int64, err error) { + r0, _, e1 := Syscall(SYS_LSEEK, uintptr(fd), uintptr(offset), uintptr(whence)) + newoffset = int64(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) { + r0, _, e1 := Syscall6(SYS_SELECT, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Setegid(egid int) (err error) { + _, _, e1 := RawSyscall(SYS_SETEGID, uintptr(egid), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Seteuid(euid int) (err error) { + _, _, e1 := RawSyscall(SYS_SETEUID, uintptr(euid), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Setgid(gid int) (err error) { + _, _, e1 := RawSyscall(SYS_SETGID, uintptr(gid), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Setlogin(name string) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(name) + if err != nil { + return + } + _, _, e1 := Syscall(SYS_SETLOGIN, uintptr(unsafe.Pointer(_p0)), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Setpgid(pid int, pgid int) (err error) { + _, _, e1 := RawSyscall(SYS_SETPGID, uintptr(pid), uintptr(pgid), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Setpriority(which int, who int, prio int) (err error) { + _, _, e1 := Syscall(SYS_SETPRIORITY, uintptr(which), uintptr(who), uintptr(prio)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Setregid(rgid int, egid int) (err error) { + _, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Setreuid(ruid int, euid int) (err error) { + _, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Setresgid(rgid int, egid int, sgid int) (err error) { + _, _, e1 := RawSyscall(SYS_SETRESGID, uintptr(rgid), uintptr(egid), uintptr(sgid)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Setresuid(ruid int, euid int, suid int) (err error) { + _, _, e1 := RawSyscall(SYS_SETRESUID, uintptr(ruid), uintptr(euid), uintptr(suid)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Setrlimit(which int, lim *Rlimit) (err error) { + _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Setsid() (pid int, err error) { + r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0) + pid = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Settimeofday(tp *Timeval) (err error) { + _, _, e1 := RawSyscall(SYS_SETTIMEOFDAY, uintptr(unsafe.Pointer(tp)), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Setuid(uid int) (err error) { + _, _, e1 := RawSyscall(SYS_SETUID, uintptr(uid), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Statfs(path string, stat *Statfs_t) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := Syscall(SYS_STATFS, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Symlink(path string, link string) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + var _p1 *byte + _p1, err = BytePtrFromString(link) + if err != nil { + return + } + _, _, e1 := Syscall(SYS_SYMLINK, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(oldpath) + if err != nil { + return + } + var _p1 *byte + _p1, err = BytePtrFromString(newpath) + if err != nil { + return + } + _, _, e1 := Syscall(SYS_SYMLINKAT, uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1))) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Sync() (err error) { + _, _, e1 := Syscall(SYS_SYNC, 0, 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Truncate(path string, length int64) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := Syscall(SYS_TRUNCATE, uintptr(unsafe.Pointer(_p0)), uintptr(length), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Umask(newmask int) (oldmask int) { + r0, _, _ := Syscall(SYS_UMASK, uintptr(newmask), 0, 0) + oldmask = int(r0) + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Undelete(path string) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := Syscall(SYS_UNDELETE, uintptr(unsafe.Pointer(_p0)), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Unlink(path string) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := Syscall(SYS_UNLINK, uintptr(unsafe.Pointer(_p0)), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Unlinkat(dirfd int, path string, flags int) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := Syscall(SYS_UNLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Unmount(path string, flags int) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := Syscall(SYS_UNMOUNT, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func write(fd int, p []byte) (n int, err error) { + var _p0 unsafe.Pointer + if len(p) > 0 { + _p0 = unsafe.Pointer(&p[0]) + } else { + _p0 = unsafe.Pointer(&_zero) + } + r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(_p0), uintptr(len(p))) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error) { + r0, _, e1 := Syscall6(SYS_MMAP, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flag), uintptr(fd), uintptr(pos)) + ret = uintptr(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func munmap(addr uintptr, length uintptr) (err error) { + _, _, e1 := Syscall(SYS_MUNMAP, uintptr(addr), uintptr(length), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func readlen(fd int, buf *byte, nbuf int) (n int, err error) { + r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf)) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func writelen(fd int, buf *byte, nbuf int) (n int, err error) { + r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf)) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func accept4(fd int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (nfd int, err error) { + r0, _, e1 := Syscall6(SYS_ACCEPT4, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0) + nfd = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := Syscall6(SYS_UTIMENSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), uintptr(flags), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_loong64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_loong64.go index 8cdfbe71e68..523f2ba03e4 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_loong64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_loong64.go @@ -83,31 +83,6 @@ func Fchown(fd int, uid int, gid int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Fstat(fd int, stat *Stat_t) (err error) { - _, _, e1 := Syscall(SYS_FSTAT, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) { - var _p0 *byte - _p0, err = BytePtrFromString(path) - if err != nil { - return - } - _, _, e1 := Syscall6(SYS_FSTATAT, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Fstatfs(fd int, buf *Statfs_t) (err error) { _, _, e1 := Syscall(SYS_FSTATFS, uintptr(fd), uintptr(unsafe.Pointer(buf)), 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go index a1a9bcbbdf6..1239cc2de9c 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go @@ -180,6 +180,17 @@ func Listen(s int, n int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func MemfdSecret(flags int) (fd int, err error) { + r0, _, e1 := Syscall(SYS_MEMFD_SECRET, uintptr(flags), 0, 0) + fd = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func pread(fd int, p []byte, offset int64) (n int, err error) { var _p0 unsafe.Pointer if len(p) > 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go index d12f4fbfea5..fdf53f8daf3 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go @@ -66,6 +66,7 @@ import ( //go:cgo_import_dynamic libc_getpriority getpriority "libc.so" //go:cgo_import_dynamic libc_getrlimit getrlimit "libc.so" //go:cgo_import_dynamic libc_getrusage getrusage "libc.so" +//go:cgo_import_dynamic libc_getsid getsid "libc.so" //go:cgo_import_dynamic libc_gettimeofday gettimeofday "libc.so" //go:cgo_import_dynamic libc_getuid getuid "libc.so" //go:cgo_import_dynamic libc_kill kill "libc.so" @@ -202,6 +203,7 @@ import ( //go:linkname procGetpriority libc_getpriority //go:linkname procGetrlimit libc_getrlimit //go:linkname procGetrusage libc_getrusage +//go:linkname procGetsid libc_getsid //go:linkname procGettimeofday libc_gettimeofday //go:linkname procGetuid libc_getuid //go:linkname procKill libc_kill @@ -339,6 +341,7 @@ var ( procGetpriority, procGetrlimit, procGetrusage, + procGetsid, procGettimeofday, procGetuid, procKill, @@ -1044,6 +1047,17 @@ func Getrusage(who int, rusage *Rusage) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func Getsid(pid int) (sid int, err error) { + r0, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procGetsid)), 1, uintptr(pid), 0, 0, 0, 0, 0) + sid = int(r0) + if e1 != 0 { + err = e1 + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func Gettimeofday(tv *Timeval) (err error) { _, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procGettimeofday)), 1, uintptr(unsafe.Pointer(tv)), 0, 0, 0, 0, 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsysnum_freebsd_386.go b/vendor/golang.org/x/sys/unix/zsysnum_freebsd_386.go index 59d5dfc2092..4e0d96107b9 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_freebsd_386.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_freebsd_386.go @@ -1,4 +1,4 @@ -// go run mksysnum.go https://svn.freebsd.org/base/stable/11/sys/kern/syscalls.master +// go run mksysnum.go https://cgit.freebsd.org/src/plain/sys/kern/syscalls.master?h=stable/12 // Code generated by the command above; see README.md. DO NOT EDIT. //go:build 386 && freebsd @@ -19,10 +19,9 @@ const ( SYS_UNLINK = 10 // { int unlink(char *path); } SYS_CHDIR = 12 // { int chdir(char *path); } SYS_FCHDIR = 13 // { int fchdir(int fd); } - SYS_MKNOD = 14 // { int mknod(char *path, int mode, int dev); } SYS_CHMOD = 15 // { int chmod(char *path, int mode); } SYS_CHOWN = 16 // { int chown(char *path, int uid, int gid); } - SYS_OBREAK = 17 // { int obreak(char *nsize); } break obreak_args int + SYS_BREAK = 17 // { caddr_t break(char *nsize); } SYS_GETPID = 20 // { pid_t getpid(void); } SYS_MOUNT = 21 // { int mount(char *type, char *path, int flags, caddr_t data); } SYS_UNMOUNT = 22 // { int unmount(char *path, int flags); } @@ -43,7 +42,6 @@ const ( SYS_KILL = 37 // { int kill(int pid, int signum); } SYS_GETPPID = 39 // { pid_t getppid(void); } SYS_DUP = 41 // { int dup(u_int fd); } - SYS_PIPE = 42 // { int pipe(void); } SYS_GETEGID = 43 // { gid_t getegid(void); } SYS_PROFIL = 44 // { int profil(caddr_t samples, size_t size, size_t offset, u_int scale); } SYS_KTRACE = 45 // { int ktrace(const char *fname, int ops, int facs, int pid); } @@ -58,15 +56,14 @@ const ( SYS_SYMLINK = 57 // { int symlink(char *path, char *link); } SYS_READLINK = 58 // { ssize_t readlink(char *path, char *buf, size_t count); } SYS_EXECVE = 59 // { int execve(char *fname, char **argv, char **envv); } - SYS_UMASK = 60 // { int umask(int newmask); } umask umask_args int + SYS_UMASK = 60 // { int umask(int newmask); } SYS_CHROOT = 61 // { int chroot(char *path); } SYS_MSYNC = 65 // { int msync(void *addr, size_t len, int flags); } SYS_VFORK = 66 // { int vfork(void); } SYS_SBRK = 69 // { int sbrk(int incr); } SYS_SSTK = 70 // { int sstk(int incr); } - SYS_OVADVISE = 72 // { int ovadvise(int anom); } vadvise ovadvise_args int SYS_MUNMAP = 73 // { int munmap(void *addr, size_t len); } - SYS_MPROTECT = 74 // { int mprotect(const void *addr, size_t len, int prot); } + SYS_MPROTECT = 74 // { int mprotect(void *addr, size_t len, int prot); } SYS_MADVISE = 75 // { int madvise(void *addr, size_t len, int behav); } SYS_MINCORE = 78 // { int mincore(const void *addr, size_t len, char *vec); } SYS_GETGROUPS = 79 // { int getgroups(u_int gidsetsize, gid_t *gidset); } @@ -124,14 +121,10 @@ const ( SYS_SETGID = 181 // { int setgid(gid_t gid); } SYS_SETEGID = 182 // { int setegid(gid_t egid); } SYS_SETEUID = 183 // { int seteuid(uid_t euid); } - SYS_STAT = 188 // { int stat(char *path, struct stat *ub); } - SYS_FSTAT = 189 // { int fstat(int fd, struct stat *sb); } - SYS_LSTAT = 190 // { int lstat(char *path, struct stat *ub); } SYS_PATHCONF = 191 // { int pathconf(char *path, int name); } SYS_FPATHCONF = 192 // { int fpathconf(int fd, int name); } SYS_GETRLIMIT = 194 // { int getrlimit(u_int which, struct rlimit *rlp); } getrlimit __getrlimit_args int SYS_SETRLIMIT = 195 // { int setrlimit(u_int which, struct rlimit *rlp); } setrlimit __setrlimit_args int - SYS_GETDIRENTRIES = 196 // { int getdirentries(int fd, char *buf, u_int count, long *basep); } SYS___SYSCTL = 202 // { int __sysctl(int *name, u_int namelen, void *old, size_t *oldlenp, void *new, size_t newlen); } __sysctl sysctl_args int SYS_MLOCK = 203 // { int mlock(const void *addr, size_t len); } SYS_MUNLOCK = 204 // { int munlock(const void *addr, size_t len); } @@ -143,12 +136,12 @@ const ( SYS_SEMOP = 222 // { int semop(int semid, struct sembuf *sops, size_t nsops); } SYS_MSGGET = 225 // { int msgget(key_t key, int msgflg); } SYS_MSGSND = 226 // { int msgsnd(int msqid, const void *msgp, size_t msgsz, int msgflg); } - SYS_MSGRCV = 227 // { int msgrcv(int msqid, void *msgp, size_t msgsz, long msgtyp, int msgflg); } + SYS_MSGRCV = 227 // { ssize_t msgrcv(int msqid, void *msgp, size_t msgsz, long msgtyp, int msgflg); } SYS_SHMAT = 228 // { int shmat(int shmid, const void *shmaddr, int shmflg); } SYS_SHMDT = 230 // { int shmdt(const void *shmaddr); } SYS_SHMGET = 231 // { int shmget(key_t key, size_t size, int shmflg); } SYS_CLOCK_GETTIME = 232 // { int clock_gettime(clockid_t clock_id, struct timespec *tp); } - SYS_CLOCK_SETTIME = 233 // { int clock_settime( clockid_t clock_id, const struct timespec *tp); } + SYS_CLOCK_SETTIME = 233 // { int clock_settime(clockid_t clock_id, const struct timespec *tp); } SYS_CLOCK_GETRES = 234 // { int clock_getres(clockid_t clock_id, struct timespec *tp); } SYS_KTIMER_CREATE = 235 // { int ktimer_create(clockid_t clock_id, struct sigevent *evp, int *timerid); } SYS_KTIMER_DELETE = 236 // { int ktimer_delete(int timerid); } @@ -157,50 +150,44 @@ const ( SYS_KTIMER_GETOVERRUN = 239 // { int ktimer_getoverrun(int timerid); } SYS_NANOSLEEP = 240 // { int nanosleep(const struct timespec *rqtp, struct timespec *rmtp); } SYS_FFCLOCK_GETCOUNTER = 241 // { int ffclock_getcounter(ffcounter *ffcount); } - SYS_FFCLOCK_SETESTIMATE = 242 // { int ffclock_setestimate( struct ffclock_estimate *cest); } - SYS_FFCLOCK_GETESTIMATE = 243 // { int ffclock_getestimate( struct ffclock_estimate *cest); } + SYS_FFCLOCK_SETESTIMATE = 242 // { int ffclock_setestimate(struct ffclock_estimate *cest); } + SYS_FFCLOCK_GETESTIMATE = 243 // { int ffclock_getestimate(struct ffclock_estimate *cest); } SYS_CLOCK_NANOSLEEP = 244 // { int clock_nanosleep(clockid_t clock_id, int flags, const struct timespec *rqtp, struct timespec *rmtp); } - SYS_CLOCK_GETCPUCLOCKID2 = 247 // { int clock_getcpuclockid2(id_t id,int which, clockid_t *clock_id); } + SYS_CLOCK_GETCPUCLOCKID2 = 247 // { int clock_getcpuclockid2(id_t id, int which, clockid_t *clock_id); } SYS_NTP_GETTIME = 248 // { int ntp_gettime(struct ntptimeval *ntvp); } SYS_MINHERIT = 250 // { int minherit(void *addr, size_t len, int inherit); } SYS_RFORK = 251 // { int rfork(int flags); } - SYS_OPENBSD_POLL = 252 // { int openbsd_poll(struct pollfd *fds, u_int nfds, int timeout); } SYS_ISSETUGID = 253 // { int issetugid(void); } SYS_LCHOWN = 254 // { int lchown(char *path, int uid, int gid); } SYS_AIO_READ = 255 // { int aio_read(struct aiocb *aiocbp); } SYS_AIO_WRITE = 256 // { int aio_write(struct aiocb *aiocbp); } - SYS_LIO_LISTIO = 257 // { int lio_listio(int mode, struct aiocb * const *acb_list, int nent, struct sigevent *sig); } - SYS_GETDENTS = 272 // { int getdents(int fd, char *buf, size_t count); } + SYS_LIO_LISTIO = 257 // { int lio_listio(int mode, struct aiocb* const *acb_list, int nent, struct sigevent *sig); } SYS_LCHMOD = 274 // { int lchmod(char *path, mode_t mode); } SYS_LUTIMES = 276 // { int lutimes(char *path, struct timeval *tptr); } - SYS_NSTAT = 278 // { int nstat(char *path, struct nstat *ub); } - SYS_NFSTAT = 279 // { int nfstat(int fd, struct nstat *sb); } - SYS_NLSTAT = 280 // { int nlstat(char *path, struct nstat *ub); } SYS_PREADV = 289 // { ssize_t preadv(int fd, struct iovec *iovp, u_int iovcnt, off_t offset); } SYS_PWRITEV = 290 // { ssize_t pwritev(int fd, struct iovec *iovp, u_int iovcnt, off_t offset); } SYS_FHOPEN = 298 // { int fhopen(const struct fhandle *u_fhp, int flags); } - SYS_FHSTAT = 299 // { int fhstat(const struct fhandle *u_fhp, struct stat *sb); } SYS_MODNEXT = 300 // { int modnext(int modid); } - SYS_MODSTAT = 301 // { int modstat(int modid, struct module_stat *stat); } + SYS_MODSTAT = 301 // { int modstat(int modid, struct module_stat* stat); } SYS_MODFNEXT = 302 // { int modfnext(int modid); } SYS_MODFIND = 303 // { int modfind(const char *name); } SYS_KLDLOAD = 304 // { int kldload(const char *file); } SYS_KLDUNLOAD = 305 // { int kldunload(int fileid); } SYS_KLDFIND = 306 // { int kldfind(const char *file); } SYS_KLDNEXT = 307 // { int kldnext(int fileid); } - SYS_KLDSTAT = 308 // { int kldstat(int fileid, struct kld_file_stat* stat); } + SYS_KLDSTAT = 308 // { int kldstat(int fileid, struct kld_file_stat *stat); } SYS_KLDFIRSTMOD = 309 // { int kldfirstmod(int fileid); } SYS_GETSID = 310 // { int getsid(pid_t pid); } SYS_SETRESUID = 311 // { int setresuid(uid_t ruid, uid_t euid, uid_t suid); } SYS_SETRESGID = 312 // { int setresgid(gid_t rgid, gid_t egid, gid_t sgid); } SYS_AIO_RETURN = 314 // { ssize_t aio_return(struct aiocb *aiocbp); } - SYS_AIO_SUSPEND = 315 // { int aio_suspend( struct aiocb * const * aiocbp, int nent, const struct timespec *timeout); } + SYS_AIO_SUSPEND = 315 // { int aio_suspend(struct aiocb * const * aiocbp, int nent, const struct timespec *timeout); } SYS_AIO_CANCEL = 316 // { int aio_cancel(int fd, struct aiocb *aiocbp); } SYS_AIO_ERROR = 317 // { int aio_error(struct aiocb *aiocbp); } SYS_YIELD = 321 // { int yield(void); } SYS_MLOCKALL = 324 // { int mlockall(int how); } SYS_MUNLOCKALL = 325 // { int munlockall(void); } - SYS___GETCWD = 326 // { int __getcwd(char *buf, u_int buflen); } + SYS___GETCWD = 326 // { int __getcwd(char *buf, size_t buflen); } SYS_SCHED_SETPARAM = 327 // { int sched_setparam (pid_t pid, const struct sched_param *param); } SYS_SCHED_GETPARAM = 328 // { int sched_getparam (pid_t pid, struct sched_param *param); } SYS_SCHED_SETSCHEDULER = 329 // { int sched_setscheduler (pid_t pid, int policy, const struct sched_param *param); } @@ -226,14 +213,13 @@ const ( SYS___ACL_ACLCHECK_FILE = 353 // { int __acl_aclcheck_file(const char *path, acl_type_t type, struct acl *aclp); } SYS___ACL_ACLCHECK_FD = 354 // { int __acl_aclcheck_fd(int filedes, acl_type_t type, struct acl *aclp); } SYS_EXTATTRCTL = 355 // { int extattrctl(const char *path, int cmd, const char *filename, int attrnamespace, const char *attrname); } - SYS_EXTATTR_SET_FILE = 356 // { ssize_t extattr_set_file( const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); } - SYS_EXTATTR_GET_FILE = 357 // { ssize_t extattr_get_file( const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); } + SYS_EXTATTR_SET_FILE = 356 // { ssize_t extattr_set_file(const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); } + SYS_EXTATTR_GET_FILE = 357 // { ssize_t extattr_get_file(const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); } SYS_EXTATTR_DELETE_FILE = 358 // { int extattr_delete_file(const char *path, int attrnamespace, const char *attrname); } - SYS_AIO_WAITCOMPLETE = 359 // { ssize_t aio_waitcomplete( struct aiocb **aiocbp, struct timespec *timeout); } + SYS_AIO_WAITCOMPLETE = 359 // { ssize_t aio_waitcomplete(struct aiocb **aiocbp, struct timespec *timeout); } SYS_GETRESUID = 360 // { int getresuid(uid_t *ruid, uid_t *euid, uid_t *suid); } SYS_GETRESGID = 361 // { int getresgid(gid_t *rgid, gid_t *egid, gid_t *sgid); } SYS_KQUEUE = 362 // { int kqueue(void); } - SYS_KEVENT = 363 // { int kevent(int fd, struct kevent *changelist, int nchanges, struct kevent *eventlist, int nevents, const struct timespec *timeout); } SYS_EXTATTR_SET_FD = 371 // { ssize_t extattr_set_fd(int fd, int attrnamespace, const char *attrname, void *data, size_t nbytes); } SYS_EXTATTR_GET_FD = 372 // { ssize_t extattr_get_fd(int fd, int attrnamespace, const char *attrname, void *data, size_t nbytes); } SYS_EXTATTR_DELETE_FD = 373 // { int extattr_delete_fd(int fd, int attrnamespace, const char *attrname); } @@ -251,10 +237,6 @@ const ( SYS_UUIDGEN = 392 // { int uuidgen(struct uuid *store, int count); } SYS_SENDFILE = 393 // { int sendfile(int fd, int s, off_t offset, size_t nbytes, struct sf_hdtr *hdtr, off_t *sbytes, int flags); } SYS_MAC_SYSCALL = 394 // { int mac_syscall(const char *policy, int call, void *arg); } - SYS_GETFSSTAT = 395 // { int getfsstat(struct statfs *buf, long bufsize, int mode); } - SYS_STATFS = 396 // { int statfs(char *path, struct statfs *buf); } - SYS_FSTATFS = 397 // { int fstatfs(int fd, struct statfs *buf); } - SYS_FHSTATFS = 398 // { int fhstatfs(const struct fhandle *u_fhp, struct statfs *buf); } SYS_KSEM_CLOSE = 400 // { int ksem_close(semid_t id); } SYS_KSEM_POST = 401 // { int ksem_post(semid_t id); } SYS_KSEM_WAIT = 402 // { int ksem_wait(semid_t id); } @@ -267,14 +249,14 @@ const ( SYS___MAC_GET_PID = 409 // { int __mac_get_pid(pid_t pid, struct mac *mac_p); } SYS___MAC_GET_LINK = 410 // { int __mac_get_link(const char *path_p, struct mac *mac_p); } SYS___MAC_SET_LINK = 411 // { int __mac_set_link(const char *path_p, struct mac *mac_p); } - SYS_EXTATTR_SET_LINK = 412 // { ssize_t extattr_set_link( const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); } - SYS_EXTATTR_GET_LINK = 413 // { ssize_t extattr_get_link( const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); } - SYS_EXTATTR_DELETE_LINK = 414 // { int extattr_delete_link( const char *path, int attrnamespace, const char *attrname); } + SYS_EXTATTR_SET_LINK = 412 // { ssize_t extattr_set_link(const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); } + SYS_EXTATTR_GET_LINK = 413 // { ssize_t extattr_get_link(const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); } + SYS_EXTATTR_DELETE_LINK = 414 // { int extattr_delete_link(const char *path, int attrnamespace, const char *attrname); } SYS___MAC_EXECVE = 415 // { int __mac_execve(char *fname, char **argv, char **envv, struct mac *mac_p); } SYS_SIGACTION = 416 // { int sigaction(int sig, const struct sigaction *act, struct sigaction *oact); } - SYS_SIGRETURN = 417 // { int sigreturn( const struct __ucontext *sigcntxp); } + SYS_SIGRETURN = 417 // { int sigreturn(const struct __ucontext *sigcntxp); } SYS_GETCONTEXT = 421 // { int getcontext(struct __ucontext *ucp); } - SYS_SETCONTEXT = 422 // { int setcontext( const struct __ucontext *ucp); } + SYS_SETCONTEXT = 422 // { int setcontext(const struct __ucontext *ucp); } SYS_SWAPCONTEXT = 423 // { int swapcontext(struct __ucontext *oucp, const struct __ucontext *ucp); } SYS_SWAPOFF = 424 // { int swapoff(const char *name); } SYS___ACL_GET_LINK = 425 // { int __acl_get_link(const char *path, acl_type_t type, struct acl *aclp); } @@ -288,10 +270,10 @@ const ( SYS_THR_KILL = 433 // { int thr_kill(long id, int sig); } SYS_JAIL_ATTACH = 436 // { int jail_attach(int jid); } SYS_EXTATTR_LIST_FD = 437 // { ssize_t extattr_list_fd(int fd, int attrnamespace, void *data, size_t nbytes); } - SYS_EXTATTR_LIST_FILE = 438 // { ssize_t extattr_list_file( const char *path, int attrnamespace, void *data, size_t nbytes); } - SYS_EXTATTR_LIST_LINK = 439 // { ssize_t extattr_list_link( const char *path, int attrnamespace, void *data, size_t nbytes); } + SYS_EXTATTR_LIST_FILE = 438 // { ssize_t extattr_list_file(const char *path, int attrnamespace, void *data, size_t nbytes); } + SYS_EXTATTR_LIST_LINK = 439 // { ssize_t extattr_list_link(const char *path, int attrnamespace, void *data, size_t nbytes); } SYS_KSEM_TIMEDWAIT = 441 // { int ksem_timedwait(semid_t id, const struct timespec *abstime); } - SYS_THR_SUSPEND = 442 // { int thr_suspend( const struct timespec *timeout); } + SYS_THR_SUSPEND = 442 // { int thr_suspend(const struct timespec *timeout); } SYS_THR_WAKE = 443 // { int thr_wake(long id); } SYS_KLDUNLOADF = 444 // { int kldunloadf(int fileid, int flags); } SYS_AUDIT = 445 // { int audit(const void *record, u_int length); } @@ -300,17 +282,17 @@ const ( SYS_SETAUID = 448 // { int setauid(uid_t *auid); } SYS_GETAUDIT = 449 // { int getaudit(struct auditinfo *auditinfo); } SYS_SETAUDIT = 450 // { int setaudit(struct auditinfo *auditinfo); } - SYS_GETAUDIT_ADDR = 451 // { int getaudit_addr( struct auditinfo_addr *auditinfo_addr, u_int length); } - SYS_SETAUDIT_ADDR = 452 // { int setaudit_addr( struct auditinfo_addr *auditinfo_addr, u_int length); } + SYS_GETAUDIT_ADDR = 451 // { int getaudit_addr(struct auditinfo_addr *auditinfo_addr, u_int length); } + SYS_SETAUDIT_ADDR = 452 // { int setaudit_addr(struct auditinfo_addr *auditinfo_addr, u_int length); } SYS_AUDITCTL = 453 // { int auditctl(char *path); } SYS__UMTX_OP = 454 // { int _umtx_op(void *obj, int op, u_long val, void *uaddr1, void *uaddr2); } SYS_THR_NEW = 455 // { int thr_new(struct thr_param *param, int param_size); } SYS_SIGQUEUE = 456 // { int sigqueue(pid_t pid, int signum, void *value); } SYS_KMQ_OPEN = 457 // { int kmq_open(const char *path, int flags, mode_t mode, const struct mq_attr *attr); } - SYS_KMQ_SETATTR = 458 // { int kmq_setattr(int mqd, const struct mq_attr *attr, struct mq_attr *oattr); } - SYS_KMQ_TIMEDRECEIVE = 459 // { int kmq_timedreceive(int mqd, char *msg_ptr, size_t msg_len, unsigned *msg_prio, const struct timespec *abs_timeout); } - SYS_KMQ_TIMEDSEND = 460 // { int kmq_timedsend(int mqd, const char *msg_ptr, size_t msg_len,unsigned msg_prio, const struct timespec *abs_timeout);} - SYS_KMQ_NOTIFY = 461 // { int kmq_notify(int mqd, const struct sigevent *sigev); } + SYS_KMQ_SETATTR = 458 // { int kmq_setattr(int mqd, const struct mq_attr *attr, struct mq_attr *oattr); } + SYS_KMQ_TIMEDRECEIVE = 459 // { int kmq_timedreceive(int mqd, char *msg_ptr, size_t msg_len, unsigned *msg_prio, const struct timespec *abs_timeout); } + SYS_KMQ_TIMEDSEND = 460 // { int kmq_timedsend(int mqd, const char *msg_ptr, size_t msg_len, unsigned msg_prio, const struct timespec *abs_timeout); } + SYS_KMQ_NOTIFY = 461 // { int kmq_notify(int mqd, const struct sigevent *sigev); } SYS_KMQ_UNLINK = 462 // { int kmq_unlink(const char *path); } SYS_ABORT2 = 463 // { int abort2(const char *why, int nargs, void **args); } SYS_THR_SET_NAME = 464 // { int thr_set_name(long id, const char *name); } @@ -319,7 +301,7 @@ const ( SYS_SCTP_PEELOFF = 471 // { int sctp_peeloff(int sd, uint32_t name); } SYS_SCTP_GENERIC_SENDMSG = 472 // { int sctp_generic_sendmsg(int sd, caddr_t msg, int mlen, caddr_t to, __socklen_t tolen, struct sctp_sndrcvinfo *sinfo, int flags); } SYS_SCTP_GENERIC_SENDMSG_IOV = 473 // { int sctp_generic_sendmsg_iov(int sd, struct iovec *iov, int iovlen, caddr_t to, __socklen_t tolen, struct sctp_sndrcvinfo *sinfo, int flags); } - SYS_SCTP_GENERIC_RECVMSG = 474 // { int sctp_generic_recvmsg(int sd, struct iovec *iov, int iovlen, struct sockaddr * from, __socklen_t *fromlenaddr, struct sctp_sndrcvinfo *sinfo, int *msg_flags); } + SYS_SCTP_GENERIC_RECVMSG = 474 // { int sctp_generic_recvmsg(int sd, struct iovec *iov, int iovlen, struct sockaddr *from, __socklen_t *fromlenaddr, struct sctp_sndrcvinfo *sinfo, int *msg_flags); } SYS_PREAD = 475 // { ssize_t pread(int fd, void *buf, size_t nbyte, off_t offset); } SYS_PWRITE = 476 // { ssize_t pwrite(int fd, const void *buf, size_t nbyte, off_t offset); } SYS_MMAP = 477 // { caddr_t mmap(caddr_t addr, size_t len, int prot, int flags, int fd, off_t pos); } @@ -338,14 +320,12 @@ const ( SYS_FCHMODAT = 490 // { int fchmodat(int fd, char *path, mode_t mode, int flag); } SYS_FCHOWNAT = 491 // { int fchownat(int fd, char *path, uid_t uid, gid_t gid, int flag); } SYS_FEXECVE = 492 // { int fexecve(int fd, char **argv, char **envv); } - SYS_FSTATAT = 493 // { int fstatat(int fd, char *path, struct stat *buf, int flag); } SYS_FUTIMESAT = 494 // { int futimesat(int fd, char *path, struct timeval *times); } SYS_LINKAT = 495 // { int linkat(int fd1, char *path1, int fd2, char *path2, int flag); } SYS_MKDIRAT = 496 // { int mkdirat(int fd, char *path, mode_t mode); } SYS_MKFIFOAT = 497 // { int mkfifoat(int fd, char *path, mode_t mode); } - SYS_MKNODAT = 498 // { int mknodat(int fd, char *path, mode_t mode, dev_t dev); } SYS_OPENAT = 499 // { int openat(int fd, char *path, int flag, mode_t mode); } - SYS_READLINKAT = 500 // { int readlinkat(int fd, char *path, char *buf, size_t bufsize); } + SYS_READLINKAT = 500 // { ssize_t readlinkat(int fd, char *path, char *buf, size_t bufsize); } SYS_RENAMEAT = 501 // { int renameat(int oldfd, char *old, int newfd, char *new); } SYS_SYMLINKAT = 502 // { int symlinkat(char *path1, int fd, char *path2); } SYS_UNLINKAT = 503 // { int unlinkat(int fd, char *path, int flag); } @@ -391,7 +371,24 @@ const ( SYS_PPOLL = 545 // { int ppoll(struct pollfd *fds, u_int nfds, const struct timespec *ts, const sigset_t *set); } SYS_FUTIMENS = 546 // { int futimens(int fd, struct timespec *times); } SYS_UTIMENSAT = 547 // { int utimensat(int fd, char *path, struct timespec *times, int flag); } - SYS_NUMA_GETAFFINITY = 548 // { int numa_getaffinity(cpuwhich_t which, id_t id, struct vm_domain_policy_entry *policy); } - SYS_NUMA_SETAFFINITY = 549 // { int numa_setaffinity(cpuwhich_t which, id_t id, const struct vm_domain_policy_entry *policy); } SYS_FDATASYNC = 550 // { int fdatasync(int fd); } + SYS_FSTAT = 551 // { int fstat(int fd, struct stat *sb); } + SYS_FSTATAT = 552 // { int fstatat(int fd, char *path, struct stat *buf, int flag); } + SYS_FHSTAT = 553 // { int fhstat(const struct fhandle *u_fhp, struct stat *sb); } + SYS_GETDIRENTRIES = 554 // { ssize_t getdirentries(int fd, char *buf, size_t count, off_t *basep); } + SYS_STATFS = 555 // { int statfs(char *path, struct statfs *buf); } + SYS_FSTATFS = 556 // { int fstatfs(int fd, struct statfs *buf); } + SYS_GETFSSTAT = 557 // { int getfsstat(struct statfs *buf, long bufsize, int mode); } + SYS_FHSTATFS = 558 // { int fhstatfs(const struct fhandle *u_fhp, struct statfs *buf); } + SYS_MKNODAT = 559 // { int mknodat(int fd, char *path, mode_t mode, dev_t dev); } + SYS_KEVENT = 560 // { int kevent(int fd, struct kevent *changelist, int nchanges, struct kevent *eventlist, int nevents, const struct timespec *timeout); } + SYS_CPUSET_GETDOMAIN = 561 // { int cpuset_getdomain(cpulevel_t level, cpuwhich_t which, id_t id, size_t domainsetsize, domainset_t *mask, int *policy); } + SYS_CPUSET_SETDOMAIN = 562 // { int cpuset_setdomain(cpulevel_t level, cpuwhich_t which, id_t id, size_t domainsetsize, domainset_t *mask, int policy); } + SYS_GETRANDOM = 563 // { int getrandom(void *buf, size_t buflen, unsigned int flags); } + SYS_GETFHAT = 564 // { int getfhat(int fd, char *path, struct fhandle *fhp, int flags); } + SYS_FHLINK = 565 // { int fhlink(struct fhandle *fhp, const char *to); } + SYS_FHLINKAT = 566 // { int fhlinkat(struct fhandle *fhp, int tofd, const char *to,); } + SYS_FHREADLINK = 567 // { int fhreadlink(struct fhandle *fhp, char *buf, size_t bufsize); } + SYS___SYSCTLBYNAME = 570 // { int __sysctlbyname(const char *name, size_t namelen, void *old, size_t *oldlenp, void *new, size_t newlen); } + SYS_CLOSE_RANGE = 575 // { int close_range(u_int lowfd, u_int highfd, int flags); } ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/zsysnum_freebsd_amd64.go index 342d471d2eb..01636b838d3 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_freebsd_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_freebsd_amd64.go @@ -1,4 +1,4 @@ -// go run mksysnum.go https://svn.freebsd.org/base/stable/11/sys/kern/syscalls.master +// go run mksysnum.go https://cgit.freebsd.org/src/plain/sys/kern/syscalls.master?h=stable/12 // Code generated by the command above; see README.md. DO NOT EDIT. //go:build amd64 && freebsd @@ -19,10 +19,9 @@ const ( SYS_UNLINK = 10 // { int unlink(char *path); } SYS_CHDIR = 12 // { int chdir(char *path); } SYS_FCHDIR = 13 // { int fchdir(int fd); } - SYS_MKNOD = 14 // { int mknod(char *path, int mode, int dev); } SYS_CHMOD = 15 // { int chmod(char *path, int mode); } SYS_CHOWN = 16 // { int chown(char *path, int uid, int gid); } - SYS_OBREAK = 17 // { int obreak(char *nsize); } break obreak_args int + SYS_BREAK = 17 // { caddr_t break(char *nsize); } SYS_GETPID = 20 // { pid_t getpid(void); } SYS_MOUNT = 21 // { int mount(char *type, char *path, int flags, caddr_t data); } SYS_UNMOUNT = 22 // { int unmount(char *path, int flags); } @@ -43,7 +42,6 @@ const ( SYS_KILL = 37 // { int kill(int pid, int signum); } SYS_GETPPID = 39 // { pid_t getppid(void); } SYS_DUP = 41 // { int dup(u_int fd); } - SYS_PIPE = 42 // { int pipe(void); } SYS_GETEGID = 43 // { gid_t getegid(void); } SYS_PROFIL = 44 // { int profil(caddr_t samples, size_t size, size_t offset, u_int scale); } SYS_KTRACE = 45 // { int ktrace(const char *fname, int ops, int facs, int pid); } @@ -58,15 +56,14 @@ const ( SYS_SYMLINK = 57 // { int symlink(char *path, char *link); } SYS_READLINK = 58 // { ssize_t readlink(char *path, char *buf, size_t count); } SYS_EXECVE = 59 // { int execve(char *fname, char **argv, char **envv); } - SYS_UMASK = 60 // { int umask(int newmask); } umask umask_args int + SYS_UMASK = 60 // { int umask(int newmask); } SYS_CHROOT = 61 // { int chroot(char *path); } SYS_MSYNC = 65 // { int msync(void *addr, size_t len, int flags); } SYS_VFORK = 66 // { int vfork(void); } SYS_SBRK = 69 // { int sbrk(int incr); } SYS_SSTK = 70 // { int sstk(int incr); } - SYS_OVADVISE = 72 // { int ovadvise(int anom); } vadvise ovadvise_args int SYS_MUNMAP = 73 // { int munmap(void *addr, size_t len); } - SYS_MPROTECT = 74 // { int mprotect(const void *addr, size_t len, int prot); } + SYS_MPROTECT = 74 // { int mprotect(void *addr, size_t len, int prot); } SYS_MADVISE = 75 // { int madvise(void *addr, size_t len, int behav); } SYS_MINCORE = 78 // { int mincore(const void *addr, size_t len, char *vec); } SYS_GETGROUPS = 79 // { int getgroups(u_int gidsetsize, gid_t *gidset); } @@ -124,14 +121,10 @@ const ( SYS_SETGID = 181 // { int setgid(gid_t gid); } SYS_SETEGID = 182 // { int setegid(gid_t egid); } SYS_SETEUID = 183 // { int seteuid(uid_t euid); } - SYS_STAT = 188 // { int stat(char *path, struct stat *ub); } - SYS_FSTAT = 189 // { int fstat(int fd, struct stat *sb); } - SYS_LSTAT = 190 // { int lstat(char *path, struct stat *ub); } SYS_PATHCONF = 191 // { int pathconf(char *path, int name); } SYS_FPATHCONF = 192 // { int fpathconf(int fd, int name); } SYS_GETRLIMIT = 194 // { int getrlimit(u_int which, struct rlimit *rlp); } getrlimit __getrlimit_args int SYS_SETRLIMIT = 195 // { int setrlimit(u_int which, struct rlimit *rlp); } setrlimit __setrlimit_args int - SYS_GETDIRENTRIES = 196 // { int getdirentries(int fd, char *buf, u_int count, long *basep); } SYS___SYSCTL = 202 // { int __sysctl(int *name, u_int namelen, void *old, size_t *oldlenp, void *new, size_t newlen); } __sysctl sysctl_args int SYS_MLOCK = 203 // { int mlock(const void *addr, size_t len); } SYS_MUNLOCK = 204 // { int munlock(const void *addr, size_t len); } @@ -143,12 +136,12 @@ const ( SYS_SEMOP = 222 // { int semop(int semid, struct sembuf *sops, size_t nsops); } SYS_MSGGET = 225 // { int msgget(key_t key, int msgflg); } SYS_MSGSND = 226 // { int msgsnd(int msqid, const void *msgp, size_t msgsz, int msgflg); } - SYS_MSGRCV = 227 // { int msgrcv(int msqid, void *msgp, size_t msgsz, long msgtyp, int msgflg); } + SYS_MSGRCV = 227 // { ssize_t msgrcv(int msqid, void *msgp, size_t msgsz, long msgtyp, int msgflg); } SYS_SHMAT = 228 // { int shmat(int shmid, const void *shmaddr, int shmflg); } SYS_SHMDT = 230 // { int shmdt(const void *shmaddr); } SYS_SHMGET = 231 // { int shmget(key_t key, size_t size, int shmflg); } SYS_CLOCK_GETTIME = 232 // { int clock_gettime(clockid_t clock_id, struct timespec *tp); } - SYS_CLOCK_SETTIME = 233 // { int clock_settime( clockid_t clock_id, const struct timespec *tp); } + SYS_CLOCK_SETTIME = 233 // { int clock_settime(clockid_t clock_id, const struct timespec *tp); } SYS_CLOCK_GETRES = 234 // { int clock_getres(clockid_t clock_id, struct timespec *tp); } SYS_KTIMER_CREATE = 235 // { int ktimer_create(clockid_t clock_id, struct sigevent *evp, int *timerid); } SYS_KTIMER_DELETE = 236 // { int ktimer_delete(int timerid); } @@ -157,50 +150,44 @@ const ( SYS_KTIMER_GETOVERRUN = 239 // { int ktimer_getoverrun(int timerid); } SYS_NANOSLEEP = 240 // { int nanosleep(const struct timespec *rqtp, struct timespec *rmtp); } SYS_FFCLOCK_GETCOUNTER = 241 // { int ffclock_getcounter(ffcounter *ffcount); } - SYS_FFCLOCK_SETESTIMATE = 242 // { int ffclock_setestimate( struct ffclock_estimate *cest); } - SYS_FFCLOCK_GETESTIMATE = 243 // { int ffclock_getestimate( struct ffclock_estimate *cest); } + SYS_FFCLOCK_SETESTIMATE = 242 // { int ffclock_setestimate(struct ffclock_estimate *cest); } + SYS_FFCLOCK_GETESTIMATE = 243 // { int ffclock_getestimate(struct ffclock_estimate *cest); } SYS_CLOCK_NANOSLEEP = 244 // { int clock_nanosleep(clockid_t clock_id, int flags, const struct timespec *rqtp, struct timespec *rmtp); } - SYS_CLOCK_GETCPUCLOCKID2 = 247 // { int clock_getcpuclockid2(id_t id,int which, clockid_t *clock_id); } + SYS_CLOCK_GETCPUCLOCKID2 = 247 // { int clock_getcpuclockid2(id_t id, int which, clockid_t *clock_id); } SYS_NTP_GETTIME = 248 // { int ntp_gettime(struct ntptimeval *ntvp); } SYS_MINHERIT = 250 // { int minherit(void *addr, size_t len, int inherit); } SYS_RFORK = 251 // { int rfork(int flags); } - SYS_OPENBSD_POLL = 252 // { int openbsd_poll(struct pollfd *fds, u_int nfds, int timeout); } SYS_ISSETUGID = 253 // { int issetugid(void); } SYS_LCHOWN = 254 // { int lchown(char *path, int uid, int gid); } SYS_AIO_READ = 255 // { int aio_read(struct aiocb *aiocbp); } SYS_AIO_WRITE = 256 // { int aio_write(struct aiocb *aiocbp); } - SYS_LIO_LISTIO = 257 // { int lio_listio(int mode, struct aiocb * const *acb_list, int nent, struct sigevent *sig); } - SYS_GETDENTS = 272 // { int getdents(int fd, char *buf, size_t count); } + SYS_LIO_LISTIO = 257 // { int lio_listio(int mode, struct aiocb* const *acb_list, int nent, struct sigevent *sig); } SYS_LCHMOD = 274 // { int lchmod(char *path, mode_t mode); } SYS_LUTIMES = 276 // { int lutimes(char *path, struct timeval *tptr); } - SYS_NSTAT = 278 // { int nstat(char *path, struct nstat *ub); } - SYS_NFSTAT = 279 // { int nfstat(int fd, struct nstat *sb); } - SYS_NLSTAT = 280 // { int nlstat(char *path, struct nstat *ub); } SYS_PREADV = 289 // { ssize_t preadv(int fd, struct iovec *iovp, u_int iovcnt, off_t offset); } SYS_PWRITEV = 290 // { ssize_t pwritev(int fd, struct iovec *iovp, u_int iovcnt, off_t offset); } SYS_FHOPEN = 298 // { int fhopen(const struct fhandle *u_fhp, int flags); } - SYS_FHSTAT = 299 // { int fhstat(const struct fhandle *u_fhp, struct stat *sb); } SYS_MODNEXT = 300 // { int modnext(int modid); } - SYS_MODSTAT = 301 // { int modstat(int modid, struct module_stat *stat); } + SYS_MODSTAT = 301 // { int modstat(int modid, struct module_stat* stat); } SYS_MODFNEXT = 302 // { int modfnext(int modid); } SYS_MODFIND = 303 // { int modfind(const char *name); } SYS_KLDLOAD = 304 // { int kldload(const char *file); } SYS_KLDUNLOAD = 305 // { int kldunload(int fileid); } SYS_KLDFIND = 306 // { int kldfind(const char *file); } SYS_KLDNEXT = 307 // { int kldnext(int fileid); } - SYS_KLDSTAT = 308 // { int kldstat(int fileid, struct kld_file_stat* stat); } + SYS_KLDSTAT = 308 // { int kldstat(int fileid, struct kld_file_stat *stat); } SYS_KLDFIRSTMOD = 309 // { int kldfirstmod(int fileid); } SYS_GETSID = 310 // { int getsid(pid_t pid); } SYS_SETRESUID = 311 // { int setresuid(uid_t ruid, uid_t euid, uid_t suid); } SYS_SETRESGID = 312 // { int setresgid(gid_t rgid, gid_t egid, gid_t sgid); } SYS_AIO_RETURN = 314 // { ssize_t aio_return(struct aiocb *aiocbp); } - SYS_AIO_SUSPEND = 315 // { int aio_suspend( struct aiocb * const * aiocbp, int nent, const struct timespec *timeout); } + SYS_AIO_SUSPEND = 315 // { int aio_suspend(struct aiocb * const * aiocbp, int nent, const struct timespec *timeout); } SYS_AIO_CANCEL = 316 // { int aio_cancel(int fd, struct aiocb *aiocbp); } SYS_AIO_ERROR = 317 // { int aio_error(struct aiocb *aiocbp); } SYS_YIELD = 321 // { int yield(void); } SYS_MLOCKALL = 324 // { int mlockall(int how); } SYS_MUNLOCKALL = 325 // { int munlockall(void); } - SYS___GETCWD = 326 // { int __getcwd(char *buf, u_int buflen); } + SYS___GETCWD = 326 // { int __getcwd(char *buf, size_t buflen); } SYS_SCHED_SETPARAM = 327 // { int sched_setparam (pid_t pid, const struct sched_param *param); } SYS_SCHED_GETPARAM = 328 // { int sched_getparam (pid_t pid, struct sched_param *param); } SYS_SCHED_SETSCHEDULER = 329 // { int sched_setscheduler (pid_t pid, int policy, const struct sched_param *param); } @@ -226,14 +213,13 @@ const ( SYS___ACL_ACLCHECK_FILE = 353 // { int __acl_aclcheck_file(const char *path, acl_type_t type, struct acl *aclp); } SYS___ACL_ACLCHECK_FD = 354 // { int __acl_aclcheck_fd(int filedes, acl_type_t type, struct acl *aclp); } SYS_EXTATTRCTL = 355 // { int extattrctl(const char *path, int cmd, const char *filename, int attrnamespace, const char *attrname); } - SYS_EXTATTR_SET_FILE = 356 // { ssize_t extattr_set_file( const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); } - SYS_EXTATTR_GET_FILE = 357 // { ssize_t extattr_get_file( const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); } + SYS_EXTATTR_SET_FILE = 356 // { ssize_t extattr_set_file(const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); } + SYS_EXTATTR_GET_FILE = 357 // { ssize_t extattr_get_file(const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); } SYS_EXTATTR_DELETE_FILE = 358 // { int extattr_delete_file(const char *path, int attrnamespace, const char *attrname); } - SYS_AIO_WAITCOMPLETE = 359 // { ssize_t aio_waitcomplete( struct aiocb **aiocbp, struct timespec *timeout); } + SYS_AIO_WAITCOMPLETE = 359 // { ssize_t aio_waitcomplete(struct aiocb **aiocbp, struct timespec *timeout); } SYS_GETRESUID = 360 // { int getresuid(uid_t *ruid, uid_t *euid, uid_t *suid); } SYS_GETRESGID = 361 // { int getresgid(gid_t *rgid, gid_t *egid, gid_t *sgid); } SYS_KQUEUE = 362 // { int kqueue(void); } - SYS_KEVENT = 363 // { int kevent(int fd, struct kevent *changelist, int nchanges, struct kevent *eventlist, int nevents, const struct timespec *timeout); } SYS_EXTATTR_SET_FD = 371 // { ssize_t extattr_set_fd(int fd, int attrnamespace, const char *attrname, void *data, size_t nbytes); } SYS_EXTATTR_GET_FD = 372 // { ssize_t extattr_get_fd(int fd, int attrnamespace, const char *attrname, void *data, size_t nbytes); } SYS_EXTATTR_DELETE_FD = 373 // { int extattr_delete_fd(int fd, int attrnamespace, const char *attrname); } @@ -251,10 +237,6 @@ const ( SYS_UUIDGEN = 392 // { int uuidgen(struct uuid *store, int count); } SYS_SENDFILE = 393 // { int sendfile(int fd, int s, off_t offset, size_t nbytes, struct sf_hdtr *hdtr, off_t *sbytes, int flags); } SYS_MAC_SYSCALL = 394 // { int mac_syscall(const char *policy, int call, void *arg); } - SYS_GETFSSTAT = 395 // { int getfsstat(struct statfs *buf, long bufsize, int mode); } - SYS_STATFS = 396 // { int statfs(char *path, struct statfs *buf); } - SYS_FSTATFS = 397 // { int fstatfs(int fd, struct statfs *buf); } - SYS_FHSTATFS = 398 // { int fhstatfs(const struct fhandle *u_fhp, struct statfs *buf); } SYS_KSEM_CLOSE = 400 // { int ksem_close(semid_t id); } SYS_KSEM_POST = 401 // { int ksem_post(semid_t id); } SYS_KSEM_WAIT = 402 // { int ksem_wait(semid_t id); } @@ -267,14 +249,14 @@ const ( SYS___MAC_GET_PID = 409 // { int __mac_get_pid(pid_t pid, struct mac *mac_p); } SYS___MAC_GET_LINK = 410 // { int __mac_get_link(const char *path_p, struct mac *mac_p); } SYS___MAC_SET_LINK = 411 // { int __mac_set_link(const char *path_p, struct mac *mac_p); } - SYS_EXTATTR_SET_LINK = 412 // { ssize_t extattr_set_link( const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); } - SYS_EXTATTR_GET_LINK = 413 // { ssize_t extattr_get_link( const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); } - SYS_EXTATTR_DELETE_LINK = 414 // { int extattr_delete_link( const char *path, int attrnamespace, const char *attrname); } + SYS_EXTATTR_SET_LINK = 412 // { ssize_t extattr_set_link(const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); } + SYS_EXTATTR_GET_LINK = 413 // { ssize_t extattr_get_link(const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); } + SYS_EXTATTR_DELETE_LINK = 414 // { int extattr_delete_link(const char *path, int attrnamespace, const char *attrname); } SYS___MAC_EXECVE = 415 // { int __mac_execve(char *fname, char **argv, char **envv, struct mac *mac_p); } SYS_SIGACTION = 416 // { int sigaction(int sig, const struct sigaction *act, struct sigaction *oact); } - SYS_SIGRETURN = 417 // { int sigreturn( const struct __ucontext *sigcntxp); } + SYS_SIGRETURN = 417 // { int sigreturn(const struct __ucontext *sigcntxp); } SYS_GETCONTEXT = 421 // { int getcontext(struct __ucontext *ucp); } - SYS_SETCONTEXT = 422 // { int setcontext( const struct __ucontext *ucp); } + SYS_SETCONTEXT = 422 // { int setcontext(const struct __ucontext *ucp); } SYS_SWAPCONTEXT = 423 // { int swapcontext(struct __ucontext *oucp, const struct __ucontext *ucp); } SYS_SWAPOFF = 424 // { int swapoff(const char *name); } SYS___ACL_GET_LINK = 425 // { int __acl_get_link(const char *path, acl_type_t type, struct acl *aclp); } @@ -288,10 +270,10 @@ const ( SYS_THR_KILL = 433 // { int thr_kill(long id, int sig); } SYS_JAIL_ATTACH = 436 // { int jail_attach(int jid); } SYS_EXTATTR_LIST_FD = 437 // { ssize_t extattr_list_fd(int fd, int attrnamespace, void *data, size_t nbytes); } - SYS_EXTATTR_LIST_FILE = 438 // { ssize_t extattr_list_file( const char *path, int attrnamespace, void *data, size_t nbytes); } - SYS_EXTATTR_LIST_LINK = 439 // { ssize_t extattr_list_link( const char *path, int attrnamespace, void *data, size_t nbytes); } + SYS_EXTATTR_LIST_FILE = 438 // { ssize_t extattr_list_file(const char *path, int attrnamespace, void *data, size_t nbytes); } + SYS_EXTATTR_LIST_LINK = 439 // { ssize_t extattr_list_link(const char *path, int attrnamespace, void *data, size_t nbytes); } SYS_KSEM_TIMEDWAIT = 441 // { int ksem_timedwait(semid_t id, const struct timespec *abstime); } - SYS_THR_SUSPEND = 442 // { int thr_suspend( const struct timespec *timeout); } + SYS_THR_SUSPEND = 442 // { int thr_suspend(const struct timespec *timeout); } SYS_THR_WAKE = 443 // { int thr_wake(long id); } SYS_KLDUNLOADF = 444 // { int kldunloadf(int fileid, int flags); } SYS_AUDIT = 445 // { int audit(const void *record, u_int length); } @@ -300,17 +282,17 @@ const ( SYS_SETAUID = 448 // { int setauid(uid_t *auid); } SYS_GETAUDIT = 449 // { int getaudit(struct auditinfo *auditinfo); } SYS_SETAUDIT = 450 // { int setaudit(struct auditinfo *auditinfo); } - SYS_GETAUDIT_ADDR = 451 // { int getaudit_addr( struct auditinfo_addr *auditinfo_addr, u_int length); } - SYS_SETAUDIT_ADDR = 452 // { int setaudit_addr( struct auditinfo_addr *auditinfo_addr, u_int length); } + SYS_GETAUDIT_ADDR = 451 // { int getaudit_addr(struct auditinfo_addr *auditinfo_addr, u_int length); } + SYS_SETAUDIT_ADDR = 452 // { int setaudit_addr(struct auditinfo_addr *auditinfo_addr, u_int length); } SYS_AUDITCTL = 453 // { int auditctl(char *path); } SYS__UMTX_OP = 454 // { int _umtx_op(void *obj, int op, u_long val, void *uaddr1, void *uaddr2); } SYS_THR_NEW = 455 // { int thr_new(struct thr_param *param, int param_size); } SYS_SIGQUEUE = 456 // { int sigqueue(pid_t pid, int signum, void *value); } SYS_KMQ_OPEN = 457 // { int kmq_open(const char *path, int flags, mode_t mode, const struct mq_attr *attr); } - SYS_KMQ_SETATTR = 458 // { int kmq_setattr(int mqd, const struct mq_attr *attr, struct mq_attr *oattr); } - SYS_KMQ_TIMEDRECEIVE = 459 // { int kmq_timedreceive(int mqd, char *msg_ptr, size_t msg_len, unsigned *msg_prio, const struct timespec *abs_timeout); } - SYS_KMQ_TIMEDSEND = 460 // { int kmq_timedsend(int mqd, const char *msg_ptr, size_t msg_len,unsigned msg_prio, const struct timespec *abs_timeout);} - SYS_KMQ_NOTIFY = 461 // { int kmq_notify(int mqd, const struct sigevent *sigev); } + SYS_KMQ_SETATTR = 458 // { int kmq_setattr(int mqd, const struct mq_attr *attr, struct mq_attr *oattr); } + SYS_KMQ_TIMEDRECEIVE = 459 // { int kmq_timedreceive(int mqd, char *msg_ptr, size_t msg_len, unsigned *msg_prio, const struct timespec *abs_timeout); } + SYS_KMQ_TIMEDSEND = 460 // { int kmq_timedsend(int mqd, const char *msg_ptr, size_t msg_len, unsigned msg_prio, const struct timespec *abs_timeout); } + SYS_KMQ_NOTIFY = 461 // { int kmq_notify(int mqd, const struct sigevent *sigev); } SYS_KMQ_UNLINK = 462 // { int kmq_unlink(const char *path); } SYS_ABORT2 = 463 // { int abort2(const char *why, int nargs, void **args); } SYS_THR_SET_NAME = 464 // { int thr_set_name(long id, const char *name); } @@ -319,7 +301,7 @@ const ( SYS_SCTP_PEELOFF = 471 // { int sctp_peeloff(int sd, uint32_t name); } SYS_SCTP_GENERIC_SENDMSG = 472 // { int sctp_generic_sendmsg(int sd, caddr_t msg, int mlen, caddr_t to, __socklen_t tolen, struct sctp_sndrcvinfo *sinfo, int flags); } SYS_SCTP_GENERIC_SENDMSG_IOV = 473 // { int sctp_generic_sendmsg_iov(int sd, struct iovec *iov, int iovlen, caddr_t to, __socklen_t tolen, struct sctp_sndrcvinfo *sinfo, int flags); } - SYS_SCTP_GENERIC_RECVMSG = 474 // { int sctp_generic_recvmsg(int sd, struct iovec *iov, int iovlen, struct sockaddr * from, __socklen_t *fromlenaddr, struct sctp_sndrcvinfo *sinfo, int *msg_flags); } + SYS_SCTP_GENERIC_RECVMSG = 474 // { int sctp_generic_recvmsg(int sd, struct iovec *iov, int iovlen, struct sockaddr *from, __socklen_t *fromlenaddr, struct sctp_sndrcvinfo *sinfo, int *msg_flags); } SYS_PREAD = 475 // { ssize_t pread(int fd, void *buf, size_t nbyte, off_t offset); } SYS_PWRITE = 476 // { ssize_t pwrite(int fd, const void *buf, size_t nbyte, off_t offset); } SYS_MMAP = 477 // { caddr_t mmap(caddr_t addr, size_t len, int prot, int flags, int fd, off_t pos); } @@ -338,14 +320,12 @@ const ( SYS_FCHMODAT = 490 // { int fchmodat(int fd, char *path, mode_t mode, int flag); } SYS_FCHOWNAT = 491 // { int fchownat(int fd, char *path, uid_t uid, gid_t gid, int flag); } SYS_FEXECVE = 492 // { int fexecve(int fd, char **argv, char **envv); } - SYS_FSTATAT = 493 // { int fstatat(int fd, char *path, struct stat *buf, int flag); } SYS_FUTIMESAT = 494 // { int futimesat(int fd, char *path, struct timeval *times); } SYS_LINKAT = 495 // { int linkat(int fd1, char *path1, int fd2, char *path2, int flag); } SYS_MKDIRAT = 496 // { int mkdirat(int fd, char *path, mode_t mode); } SYS_MKFIFOAT = 497 // { int mkfifoat(int fd, char *path, mode_t mode); } - SYS_MKNODAT = 498 // { int mknodat(int fd, char *path, mode_t mode, dev_t dev); } SYS_OPENAT = 499 // { int openat(int fd, char *path, int flag, mode_t mode); } - SYS_READLINKAT = 500 // { int readlinkat(int fd, char *path, char *buf, size_t bufsize); } + SYS_READLINKAT = 500 // { ssize_t readlinkat(int fd, char *path, char *buf, size_t bufsize); } SYS_RENAMEAT = 501 // { int renameat(int oldfd, char *old, int newfd, char *new); } SYS_SYMLINKAT = 502 // { int symlinkat(char *path1, int fd, char *path2); } SYS_UNLINKAT = 503 // { int unlinkat(int fd, char *path, int flag); } @@ -391,7 +371,24 @@ const ( SYS_PPOLL = 545 // { int ppoll(struct pollfd *fds, u_int nfds, const struct timespec *ts, const sigset_t *set); } SYS_FUTIMENS = 546 // { int futimens(int fd, struct timespec *times); } SYS_UTIMENSAT = 547 // { int utimensat(int fd, char *path, struct timespec *times, int flag); } - SYS_NUMA_GETAFFINITY = 548 // { int numa_getaffinity(cpuwhich_t which, id_t id, struct vm_domain_policy_entry *policy); } - SYS_NUMA_SETAFFINITY = 549 // { int numa_setaffinity(cpuwhich_t which, id_t id, const struct vm_domain_policy_entry *policy); } SYS_FDATASYNC = 550 // { int fdatasync(int fd); } + SYS_FSTAT = 551 // { int fstat(int fd, struct stat *sb); } + SYS_FSTATAT = 552 // { int fstatat(int fd, char *path, struct stat *buf, int flag); } + SYS_FHSTAT = 553 // { int fhstat(const struct fhandle *u_fhp, struct stat *sb); } + SYS_GETDIRENTRIES = 554 // { ssize_t getdirentries(int fd, char *buf, size_t count, off_t *basep); } + SYS_STATFS = 555 // { int statfs(char *path, struct statfs *buf); } + SYS_FSTATFS = 556 // { int fstatfs(int fd, struct statfs *buf); } + SYS_GETFSSTAT = 557 // { int getfsstat(struct statfs *buf, long bufsize, int mode); } + SYS_FHSTATFS = 558 // { int fhstatfs(const struct fhandle *u_fhp, struct statfs *buf); } + SYS_MKNODAT = 559 // { int mknodat(int fd, char *path, mode_t mode, dev_t dev); } + SYS_KEVENT = 560 // { int kevent(int fd, struct kevent *changelist, int nchanges, struct kevent *eventlist, int nevents, const struct timespec *timeout); } + SYS_CPUSET_GETDOMAIN = 561 // { int cpuset_getdomain(cpulevel_t level, cpuwhich_t which, id_t id, size_t domainsetsize, domainset_t *mask, int *policy); } + SYS_CPUSET_SETDOMAIN = 562 // { int cpuset_setdomain(cpulevel_t level, cpuwhich_t which, id_t id, size_t domainsetsize, domainset_t *mask, int policy); } + SYS_GETRANDOM = 563 // { int getrandom(void *buf, size_t buflen, unsigned int flags); } + SYS_GETFHAT = 564 // { int getfhat(int fd, char *path, struct fhandle *fhp, int flags); } + SYS_FHLINK = 565 // { int fhlink(struct fhandle *fhp, const char *to); } + SYS_FHLINKAT = 566 // { int fhlinkat(struct fhandle *fhp, int tofd, const char *to,); } + SYS_FHREADLINK = 567 // { int fhreadlink(struct fhandle *fhp, char *buf, size_t bufsize); } + SYS___SYSCTLBYNAME = 570 // { int __sysctlbyname(const char *name, size_t namelen, void *old, size_t *oldlenp, void *new, size_t newlen); } + SYS_CLOSE_RANGE = 575 // { int close_range(u_int lowfd, u_int highfd, int flags); } ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm.go b/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm.go index e2e3d72c5b0..ad99bc106a8 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm.go @@ -1,4 +1,4 @@ -// go run mksysnum.go https://svn.freebsd.org/base/stable/11/sys/kern/syscalls.master +// go run mksysnum.go https://cgit.freebsd.org/src/plain/sys/kern/syscalls.master?h=stable/12 // Code generated by the command above; see README.md. DO NOT EDIT. //go:build arm && freebsd @@ -19,10 +19,9 @@ const ( SYS_UNLINK = 10 // { int unlink(char *path); } SYS_CHDIR = 12 // { int chdir(char *path); } SYS_FCHDIR = 13 // { int fchdir(int fd); } - SYS_MKNOD = 14 // { int mknod(char *path, int mode, int dev); } SYS_CHMOD = 15 // { int chmod(char *path, int mode); } SYS_CHOWN = 16 // { int chown(char *path, int uid, int gid); } - SYS_OBREAK = 17 // { int obreak(char *nsize); } break obreak_args int + SYS_BREAK = 17 // { caddr_t break(char *nsize); } SYS_GETPID = 20 // { pid_t getpid(void); } SYS_MOUNT = 21 // { int mount(char *type, char *path, int flags, caddr_t data); } SYS_UNMOUNT = 22 // { int unmount(char *path, int flags); } @@ -43,7 +42,6 @@ const ( SYS_KILL = 37 // { int kill(int pid, int signum); } SYS_GETPPID = 39 // { pid_t getppid(void); } SYS_DUP = 41 // { int dup(u_int fd); } - SYS_PIPE = 42 // { int pipe(void); } SYS_GETEGID = 43 // { gid_t getegid(void); } SYS_PROFIL = 44 // { int profil(caddr_t samples, size_t size, size_t offset, u_int scale); } SYS_KTRACE = 45 // { int ktrace(const char *fname, int ops, int facs, int pid); } @@ -58,15 +56,14 @@ const ( SYS_SYMLINK = 57 // { int symlink(char *path, char *link); } SYS_READLINK = 58 // { ssize_t readlink(char *path, char *buf, size_t count); } SYS_EXECVE = 59 // { int execve(char *fname, char **argv, char **envv); } - SYS_UMASK = 60 // { int umask(int newmask); } umask umask_args int + SYS_UMASK = 60 // { int umask(int newmask); } SYS_CHROOT = 61 // { int chroot(char *path); } SYS_MSYNC = 65 // { int msync(void *addr, size_t len, int flags); } SYS_VFORK = 66 // { int vfork(void); } SYS_SBRK = 69 // { int sbrk(int incr); } SYS_SSTK = 70 // { int sstk(int incr); } - SYS_OVADVISE = 72 // { int ovadvise(int anom); } vadvise ovadvise_args int SYS_MUNMAP = 73 // { int munmap(void *addr, size_t len); } - SYS_MPROTECT = 74 // { int mprotect(const void *addr, size_t len, int prot); } + SYS_MPROTECT = 74 // { int mprotect(void *addr, size_t len, int prot); } SYS_MADVISE = 75 // { int madvise(void *addr, size_t len, int behav); } SYS_MINCORE = 78 // { int mincore(const void *addr, size_t len, char *vec); } SYS_GETGROUPS = 79 // { int getgroups(u_int gidsetsize, gid_t *gidset); } @@ -124,14 +121,10 @@ const ( SYS_SETGID = 181 // { int setgid(gid_t gid); } SYS_SETEGID = 182 // { int setegid(gid_t egid); } SYS_SETEUID = 183 // { int seteuid(uid_t euid); } - SYS_STAT = 188 // { int stat(char *path, struct stat *ub); } - SYS_FSTAT = 189 // { int fstat(int fd, struct stat *sb); } - SYS_LSTAT = 190 // { int lstat(char *path, struct stat *ub); } SYS_PATHCONF = 191 // { int pathconf(char *path, int name); } SYS_FPATHCONF = 192 // { int fpathconf(int fd, int name); } SYS_GETRLIMIT = 194 // { int getrlimit(u_int which, struct rlimit *rlp); } getrlimit __getrlimit_args int SYS_SETRLIMIT = 195 // { int setrlimit(u_int which, struct rlimit *rlp); } setrlimit __setrlimit_args int - SYS_GETDIRENTRIES = 196 // { int getdirentries(int fd, char *buf, u_int count, long *basep); } SYS___SYSCTL = 202 // { int __sysctl(int *name, u_int namelen, void *old, size_t *oldlenp, void *new, size_t newlen); } __sysctl sysctl_args int SYS_MLOCK = 203 // { int mlock(const void *addr, size_t len); } SYS_MUNLOCK = 204 // { int munlock(const void *addr, size_t len); } @@ -143,12 +136,12 @@ const ( SYS_SEMOP = 222 // { int semop(int semid, struct sembuf *sops, size_t nsops); } SYS_MSGGET = 225 // { int msgget(key_t key, int msgflg); } SYS_MSGSND = 226 // { int msgsnd(int msqid, const void *msgp, size_t msgsz, int msgflg); } - SYS_MSGRCV = 227 // { int msgrcv(int msqid, void *msgp, size_t msgsz, long msgtyp, int msgflg); } + SYS_MSGRCV = 227 // { ssize_t msgrcv(int msqid, void *msgp, size_t msgsz, long msgtyp, int msgflg); } SYS_SHMAT = 228 // { int shmat(int shmid, const void *shmaddr, int shmflg); } SYS_SHMDT = 230 // { int shmdt(const void *shmaddr); } SYS_SHMGET = 231 // { int shmget(key_t key, size_t size, int shmflg); } SYS_CLOCK_GETTIME = 232 // { int clock_gettime(clockid_t clock_id, struct timespec *tp); } - SYS_CLOCK_SETTIME = 233 // { int clock_settime( clockid_t clock_id, const struct timespec *tp); } + SYS_CLOCK_SETTIME = 233 // { int clock_settime(clockid_t clock_id, const struct timespec *tp); } SYS_CLOCK_GETRES = 234 // { int clock_getres(clockid_t clock_id, struct timespec *tp); } SYS_KTIMER_CREATE = 235 // { int ktimer_create(clockid_t clock_id, struct sigevent *evp, int *timerid); } SYS_KTIMER_DELETE = 236 // { int ktimer_delete(int timerid); } @@ -157,50 +150,44 @@ const ( SYS_KTIMER_GETOVERRUN = 239 // { int ktimer_getoverrun(int timerid); } SYS_NANOSLEEP = 240 // { int nanosleep(const struct timespec *rqtp, struct timespec *rmtp); } SYS_FFCLOCK_GETCOUNTER = 241 // { int ffclock_getcounter(ffcounter *ffcount); } - SYS_FFCLOCK_SETESTIMATE = 242 // { int ffclock_setestimate( struct ffclock_estimate *cest); } - SYS_FFCLOCK_GETESTIMATE = 243 // { int ffclock_getestimate( struct ffclock_estimate *cest); } + SYS_FFCLOCK_SETESTIMATE = 242 // { int ffclock_setestimate(struct ffclock_estimate *cest); } + SYS_FFCLOCK_GETESTIMATE = 243 // { int ffclock_getestimate(struct ffclock_estimate *cest); } SYS_CLOCK_NANOSLEEP = 244 // { int clock_nanosleep(clockid_t clock_id, int flags, const struct timespec *rqtp, struct timespec *rmtp); } - SYS_CLOCK_GETCPUCLOCKID2 = 247 // { int clock_getcpuclockid2(id_t id,int which, clockid_t *clock_id); } + SYS_CLOCK_GETCPUCLOCKID2 = 247 // { int clock_getcpuclockid2(id_t id, int which, clockid_t *clock_id); } SYS_NTP_GETTIME = 248 // { int ntp_gettime(struct ntptimeval *ntvp); } SYS_MINHERIT = 250 // { int minherit(void *addr, size_t len, int inherit); } SYS_RFORK = 251 // { int rfork(int flags); } - SYS_OPENBSD_POLL = 252 // { int openbsd_poll(struct pollfd *fds, u_int nfds, int timeout); } SYS_ISSETUGID = 253 // { int issetugid(void); } SYS_LCHOWN = 254 // { int lchown(char *path, int uid, int gid); } SYS_AIO_READ = 255 // { int aio_read(struct aiocb *aiocbp); } SYS_AIO_WRITE = 256 // { int aio_write(struct aiocb *aiocbp); } - SYS_LIO_LISTIO = 257 // { int lio_listio(int mode, struct aiocb * const *acb_list, int nent, struct sigevent *sig); } - SYS_GETDENTS = 272 // { int getdents(int fd, char *buf, size_t count); } + SYS_LIO_LISTIO = 257 // { int lio_listio(int mode, struct aiocb* const *acb_list, int nent, struct sigevent *sig); } SYS_LCHMOD = 274 // { int lchmod(char *path, mode_t mode); } SYS_LUTIMES = 276 // { int lutimes(char *path, struct timeval *tptr); } - SYS_NSTAT = 278 // { int nstat(char *path, struct nstat *ub); } - SYS_NFSTAT = 279 // { int nfstat(int fd, struct nstat *sb); } - SYS_NLSTAT = 280 // { int nlstat(char *path, struct nstat *ub); } SYS_PREADV = 289 // { ssize_t preadv(int fd, struct iovec *iovp, u_int iovcnt, off_t offset); } SYS_PWRITEV = 290 // { ssize_t pwritev(int fd, struct iovec *iovp, u_int iovcnt, off_t offset); } SYS_FHOPEN = 298 // { int fhopen(const struct fhandle *u_fhp, int flags); } - SYS_FHSTAT = 299 // { int fhstat(const struct fhandle *u_fhp, struct stat *sb); } SYS_MODNEXT = 300 // { int modnext(int modid); } - SYS_MODSTAT = 301 // { int modstat(int modid, struct module_stat *stat); } + SYS_MODSTAT = 301 // { int modstat(int modid, struct module_stat* stat); } SYS_MODFNEXT = 302 // { int modfnext(int modid); } SYS_MODFIND = 303 // { int modfind(const char *name); } SYS_KLDLOAD = 304 // { int kldload(const char *file); } SYS_KLDUNLOAD = 305 // { int kldunload(int fileid); } SYS_KLDFIND = 306 // { int kldfind(const char *file); } SYS_KLDNEXT = 307 // { int kldnext(int fileid); } - SYS_KLDSTAT = 308 // { int kldstat(int fileid, struct kld_file_stat* stat); } + SYS_KLDSTAT = 308 // { int kldstat(int fileid, struct kld_file_stat *stat); } SYS_KLDFIRSTMOD = 309 // { int kldfirstmod(int fileid); } SYS_GETSID = 310 // { int getsid(pid_t pid); } SYS_SETRESUID = 311 // { int setresuid(uid_t ruid, uid_t euid, uid_t suid); } SYS_SETRESGID = 312 // { int setresgid(gid_t rgid, gid_t egid, gid_t sgid); } SYS_AIO_RETURN = 314 // { ssize_t aio_return(struct aiocb *aiocbp); } - SYS_AIO_SUSPEND = 315 // { int aio_suspend( struct aiocb * const * aiocbp, int nent, const struct timespec *timeout); } + SYS_AIO_SUSPEND = 315 // { int aio_suspend(struct aiocb * const * aiocbp, int nent, const struct timespec *timeout); } SYS_AIO_CANCEL = 316 // { int aio_cancel(int fd, struct aiocb *aiocbp); } SYS_AIO_ERROR = 317 // { int aio_error(struct aiocb *aiocbp); } SYS_YIELD = 321 // { int yield(void); } SYS_MLOCKALL = 324 // { int mlockall(int how); } SYS_MUNLOCKALL = 325 // { int munlockall(void); } - SYS___GETCWD = 326 // { int __getcwd(char *buf, u_int buflen); } + SYS___GETCWD = 326 // { int __getcwd(char *buf, size_t buflen); } SYS_SCHED_SETPARAM = 327 // { int sched_setparam (pid_t pid, const struct sched_param *param); } SYS_SCHED_GETPARAM = 328 // { int sched_getparam (pid_t pid, struct sched_param *param); } SYS_SCHED_SETSCHEDULER = 329 // { int sched_setscheduler (pid_t pid, int policy, const struct sched_param *param); } @@ -226,14 +213,13 @@ const ( SYS___ACL_ACLCHECK_FILE = 353 // { int __acl_aclcheck_file(const char *path, acl_type_t type, struct acl *aclp); } SYS___ACL_ACLCHECK_FD = 354 // { int __acl_aclcheck_fd(int filedes, acl_type_t type, struct acl *aclp); } SYS_EXTATTRCTL = 355 // { int extattrctl(const char *path, int cmd, const char *filename, int attrnamespace, const char *attrname); } - SYS_EXTATTR_SET_FILE = 356 // { ssize_t extattr_set_file( const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); } - SYS_EXTATTR_GET_FILE = 357 // { ssize_t extattr_get_file( const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); } + SYS_EXTATTR_SET_FILE = 356 // { ssize_t extattr_set_file(const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); } + SYS_EXTATTR_GET_FILE = 357 // { ssize_t extattr_get_file(const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); } SYS_EXTATTR_DELETE_FILE = 358 // { int extattr_delete_file(const char *path, int attrnamespace, const char *attrname); } - SYS_AIO_WAITCOMPLETE = 359 // { ssize_t aio_waitcomplete( struct aiocb **aiocbp, struct timespec *timeout); } + SYS_AIO_WAITCOMPLETE = 359 // { ssize_t aio_waitcomplete(struct aiocb **aiocbp, struct timespec *timeout); } SYS_GETRESUID = 360 // { int getresuid(uid_t *ruid, uid_t *euid, uid_t *suid); } SYS_GETRESGID = 361 // { int getresgid(gid_t *rgid, gid_t *egid, gid_t *sgid); } SYS_KQUEUE = 362 // { int kqueue(void); } - SYS_KEVENT = 363 // { int kevent(int fd, struct kevent *changelist, int nchanges, struct kevent *eventlist, int nevents, const struct timespec *timeout); } SYS_EXTATTR_SET_FD = 371 // { ssize_t extattr_set_fd(int fd, int attrnamespace, const char *attrname, void *data, size_t nbytes); } SYS_EXTATTR_GET_FD = 372 // { ssize_t extattr_get_fd(int fd, int attrnamespace, const char *attrname, void *data, size_t nbytes); } SYS_EXTATTR_DELETE_FD = 373 // { int extattr_delete_fd(int fd, int attrnamespace, const char *attrname); } @@ -251,10 +237,6 @@ const ( SYS_UUIDGEN = 392 // { int uuidgen(struct uuid *store, int count); } SYS_SENDFILE = 393 // { int sendfile(int fd, int s, off_t offset, size_t nbytes, struct sf_hdtr *hdtr, off_t *sbytes, int flags); } SYS_MAC_SYSCALL = 394 // { int mac_syscall(const char *policy, int call, void *arg); } - SYS_GETFSSTAT = 395 // { int getfsstat(struct statfs *buf, long bufsize, int mode); } - SYS_STATFS = 396 // { int statfs(char *path, struct statfs *buf); } - SYS_FSTATFS = 397 // { int fstatfs(int fd, struct statfs *buf); } - SYS_FHSTATFS = 398 // { int fhstatfs(const struct fhandle *u_fhp, struct statfs *buf); } SYS_KSEM_CLOSE = 400 // { int ksem_close(semid_t id); } SYS_KSEM_POST = 401 // { int ksem_post(semid_t id); } SYS_KSEM_WAIT = 402 // { int ksem_wait(semid_t id); } @@ -267,14 +249,14 @@ const ( SYS___MAC_GET_PID = 409 // { int __mac_get_pid(pid_t pid, struct mac *mac_p); } SYS___MAC_GET_LINK = 410 // { int __mac_get_link(const char *path_p, struct mac *mac_p); } SYS___MAC_SET_LINK = 411 // { int __mac_set_link(const char *path_p, struct mac *mac_p); } - SYS_EXTATTR_SET_LINK = 412 // { ssize_t extattr_set_link( const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); } - SYS_EXTATTR_GET_LINK = 413 // { ssize_t extattr_get_link( const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); } - SYS_EXTATTR_DELETE_LINK = 414 // { int extattr_delete_link( const char *path, int attrnamespace, const char *attrname); } + SYS_EXTATTR_SET_LINK = 412 // { ssize_t extattr_set_link(const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); } + SYS_EXTATTR_GET_LINK = 413 // { ssize_t extattr_get_link(const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); } + SYS_EXTATTR_DELETE_LINK = 414 // { int extattr_delete_link(const char *path, int attrnamespace, const char *attrname); } SYS___MAC_EXECVE = 415 // { int __mac_execve(char *fname, char **argv, char **envv, struct mac *mac_p); } SYS_SIGACTION = 416 // { int sigaction(int sig, const struct sigaction *act, struct sigaction *oact); } - SYS_SIGRETURN = 417 // { int sigreturn( const struct __ucontext *sigcntxp); } + SYS_SIGRETURN = 417 // { int sigreturn(const struct __ucontext *sigcntxp); } SYS_GETCONTEXT = 421 // { int getcontext(struct __ucontext *ucp); } - SYS_SETCONTEXT = 422 // { int setcontext( const struct __ucontext *ucp); } + SYS_SETCONTEXT = 422 // { int setcontext(const struct __ucontext *ucp); } SYS_SWAPCONTEXT = 423 // { int swapcontext(struct __ucontext *oucp, const struct __ucontext *ucp); } SYS_SWAPOFF = 424 // { int swapoff(const char *name); } SYS___ACL_GET_LINK = 425 // { int __acl_get_link(const char *path, acl_type_t type, struct acl *aclp); } @@ -288,10 +270,10 @@ const ( SYS_THR_KILL = 433 // { int thr_kill(long id, int sig); } SYS_JAIL_ATTACH = 436 // { int jail_attach(int jid); } SYS_EXTATTR_LIST_FD = 437 // { ssize_t extattr_list_fd(int fd, int attrnamespace, void *data, size_t nbytes); } - SYS_EXTATTR_LIST_FILE = 438 // { ssize_t extattr_list_file( const char *path, int attrnamespace, void *data, size_t nbytes); } - SYS_EXTATTR_LIST_LINK = 439 // { ssize_t extattr_list_link( const char *path, int attrnamespace, void *data, size_t nbytes); } + SYS_EXTATTR_LIST_FILE = 438 // { ssize_t extattr_list_file(const char *path, int attrnamespace, void *data, size_t nbytes); } + SYS_EXTATTR_LIST_LINK = 439 // { ssize_t extattr_list_link(const char *path, int attrnamespace, void *data, size_t nbytes); } SYS_KSEM_TIMEDWAIT = 441 // { int ksem_timedwait(semid_t id, const struct timespec *abstime); } - SYS_THR_SUSPEND = 442 // { int thr_suspend( const struct timespec *timeout); } + SYS_THR_SUSPEND = 442 // { int thr_suspend(const struct timespec *timeout); } SYS_THR_WAKE = 443 // { int thr_wake(long id); } SYS_KLDUNLOADF = 444 // { int kldunloadf(int fileid, int flags); } SYS_AUDIT = 445 // { int audit(const void *record, u_int length); } @@ -300,17 +282,17 @@ const ( SYS_SETAUID = 448 // { int setauid(uid_t *auid); } SYS_GETAUDIT = 449 // { int getaudit(struct auditinfo *auditinfo); } SYS_SETAUDIT = 450 // { int setaudit(struct auditinfo *auditinfo); } - SYS_GETAUDIT_ADDR = 451 // { int getaudit_addr( struct auditinfo_addr *auditinfo_addr, u_int length); } - SYS_SETAUDIT_ADDR = 452 // { int setaudit_addr( struct auditinfo_addr *auditinfo_addr, u_int length); } + SYS_GETAUDIT_ADDR = 451 // { int getaudit_addr(struct auditinfo_addr *auditinfo_addr, u_int length); } + SYS_SETAUDIT_ADDR = 452 // { int setaudit_addr(struct auditinfo_addr *auditinfo_addr, u_int length); } SYS_AUDITCTL = 453 // { int auditctl(char *path); } SYS__UMTX_OP = 454 // { int _umtx_op(void *obj, int op, u_long val, void *uaddr1, void *uaddr2); } SYS_THR_NEW = 455 // { int thr_new(struct thr_param *param, int param_size); } SYS_SIGQUEUE = 456 // { int sigqueue(pid_t pid, int signum, void *value); } SYS_KMQ_OPEN = 457 // { int kmq_open(const char *path, int flags, mode_t mode, const struct mq_attr *attr); } - SYS_KMQ_SETATTR = 458 // { int kmq_setattr(int mqd, const struct mq_attr *attr, struct mq_attr *oattr); } - SYS_KMQ_TIMEDRECEIVE = 459 // { int kmq_timedreceive(int mqd, char *msg_ptr, size_t msg_len, unsigned *msg_prio, const struct timespec *abs_timeout); } - SYS_KMQ_TIMEDSEND = 460 // { int kmq_timedsend(int mqd, const char *msg_ptr, size_t msg_len,unsigned msg_prio, const struct timespec *abs_timeout);} - SYS_KMQ_NOTIFY = 461 // { int kmq_notify(int mqd, const struct sigevent *sigev); } + SYS_KMQ_SETATTR = 458 // { int kmq_setattr(int mqd, const struct mq_attr *attr, struct mq_attr *oattr); } + SYS_KMQ_TIMEDRECEIVE = 459 // { int kmq_timedreceive(int mqd, char *msg_ptr, size_t msg_len, unsigned *msg_prio, const struct timespec *abs_timeout); } + SYS_KMQ_TIMEDSEND = 460 // { int kmq_timedsend(int mqd, const char *msg_ptr, size_t msg_len, unsigned msg_prio, const struct timespec *abs_timeout); } + SYS_KMQ_NOTIFY = 461 // { int kmq_notify(int mqd, const struct sigevent *sigev); } SYS_KMQ_UNLINK = 462 // { int kmq_unlink(const char *path); } SYS_ABORT2 = 463 // { int abort2(const char *why, int nargs, void **args); } SYS_THR_SET_NAME = 464 // { int thr_set_name(long id, const char *name); } @@ -319,7 +301,7 @@ const ( SYS_SCTP_PEELOFF = 471 // { int sctp_peeloff(int sd, uint32_t name); } SYS_SCTP_GENERIC_SENDMSG = 472 // { int sctp_generic_sendmsg(int sd, caddr_t msg, int mlen, caddr_t to, __socklen_t tolen, struct sctp_sndrcvinfo *sinfo, int flags); } SYS_SCTP_GENERIC_SENDMSG_IOV = 473 // { int sctp_generic_sendmsg_iov(int sd, struct iovec *iov, int iovlen, caddr_t to, __socklen_t tolen, struct sctp_sndrcvinfo *sinfo, int flags); } - SYS_SCTP_GENERIC_RECVMSG = 474 // { int sctp_generic_recvmsg(int sd, struct iovec *iov, int iovlen, struct sockaddr * from, __socklen_t *fromlenaddr, struct sctp_sndrcvinfo *sinfo, int *msg_flags); } + SYS_SCTP_GENERIC_RECVMSG = 474 // { int sctp_generic_recvmsg(int sd, struct iovec *iov, int iovlen, struct sockaddr *from, __socklen_t *fromlenaddr, struct sctp_sndrcvinfo *sinfo, int *msg_flags); } SYS_PREAD = 475 // { ssize_t pread(int fd, void *buf, size_t nbyte, off_t offset); } SYS_PWRITE = 476 // { ssize_t pwrite(int fd, const void *buf, size_t nbyte, off_t offset); } SYS_MMAP = 477 // { caddr_t mmap(caddr_t addr, size_t len, int prot, int flags, int fd, off_t pos); } @@ -338,14 +320,12 @@ const ( SYS_FCHMODAT = 490 // { int fchmodat(int fd, char *path, mode_t mode, int flag); } SYS_FCHOWNAT = 491 // { int fchownat(int fd, char *path, uid_t uid, gid_t gid, int flag); } SYS_FEXECVE = 492 // { int fexecve(int fd, char **argv, char **envv); } - SYS_FSTATAT = 493 // { int fstatat(int fd, char *path, struct stat *buf, int flag); } SYS_FUTIMESAT = 494 // { int futimesat(int fd, char *path, struct timeval *times); } SYS_LINKAT = 495 // { int linkat(int fd1, char *path1, int fd2, char *path2, int flag); } SYS_MKDIRAT = 496 // { int mkdirat(int fd, char *path, mode_t mode); } SYS_MKFIFOAT = 497 // { int mkfifoat(int fd, char *path, mode_t mode); } - SYS_MKNODAT = 498 // { int mknodat(int fd, char *path, mode_t mode, dev_t dev); } SYS_OPENAT = 499 // { int openat(int fd, char *path, int flag, mode_t mode); } - SYS_READLINKAT = 500 // { int readlinkat(int fd, char *path, char *buf, size_t bufsize); } + SYS_READLINKAT = 500 // { ssize_t readlinkat(int fd, char *path, char *buf, size_t bufsize); } SYS_RENAMEAT = 501 // { int renameat(int oldfd, char *old, int newfd, char *new); } SYS_SYMLINKAT = 502 // { int symlinkat(char *path1, int fd, char *path2); } SYS_UNLINKAT = 503 // { int unlinkat(int fd, char *path, int flag); } @@ -391,7 +371,24 @@ const ( SYS_PPOLL = 545 // { int ppoll(struct pollfd *fds, u_int nfds, const struct timespec *ts, const sigset_t *set); } SYS_FUTIMENS = 546 // { int futimens(int fd, struct timespec *times); } SYS_UTIMENSAT = 547 // { int utimensat(int fd, char *path, struct timespec *times, int flag); } - SYS_NUMA_GETAFFINITY = 548 // { int numa_getaffinity(cpuwhich_t which, id_t id, struct vm_domain_policy_entry *policy); } - SYS_NUMA_SETAFFINITY = 549 // { int numa_setaffinity(cpuwhich_t which, id_t id, const struct vm_domain_policy_entry *policy); } SYS_FDATASYNC = 550 // { int fdatasync(int fd); } + SYS_FSTAT = 551 // { int fstat(int fd, struct stat *sb); } + SYS_FSTATAT = 552 // { int fstatat(int fd, char *path, struct stat *buf, int flag); } + SYS_FHSTAT = 553 // { int fhstat(const struct fhandle *u_fhp, struct stat *sb); } + SYS_GETDIRENTRIES = 554 // { ssize_t getdirentries(int fd, char *buf, size_t count, off_t *basep); } + SYS_STATFS = 555 // { int statfs(char *path, struct statfs *buf); } + SYS_FSTATFS = 556 // { int fstatfs(int fd, struct statfs *buf); } + SYS_GETFSSTAT = 557 // { int getfsstat(struct statfs *buf, long bufsize, int mode); } + SYS_FHSTATFS = 558 // { int fhstatfs(const struct fhandle *u_fhp, struct statfs *buf); } + SYS_MKNODAT = 559 // { int mknodat(int fd, char *path, mode_t mode, dev_t dev); } + SYS_KEVENT = 560 // { int kevent(int fd, struct kevent *changelist, int nchanges, struct kevent *eventlist, int nevents, const struct timespec *timeout); } + SYS_CPUSET_GETDOMAIN = 561 // { int cpuset_getdomain(cpulevel_t level, cpuwhich_t which, id_t id, size_t domainsetsize, domainset_t *mask, int *policy); } + SYS_CPUSET_SETDOMAIN = 562 // { int cpuset_setdomain(cpulevel_t level, cpuwhich_t which, id_t id, size_t domainsetsize, domainset_t *mask, int policy); } + SYS_GETRANDOM = 563 // { int getrandom(void *buf, size_t buflen, unsigned int flags); } + SYS_GETFHAT = 564 // { int getfhat(int fd, char *path, struct fhandle *fhp, int flags); } + SYS_FHLINK = 565 // { int fhlink(struct fhandle *fhp, const char *to); } + SYS_FHLINKAT = 566 // { int fhlinkat(struct fhandle *fhp, int tofd, const char *to,); } + SYS_FHREADLINK = 567 // { int fhreadlink(struct fhandle *fhp, char *buf, size_t bufsize); } + SYS___SYSCTLBYNAME = 570 // { int __sysctlbyname(const char *name, size_t namelen, void *old, size_t *oldlenp, void *new, size_t newlen); } + SYS_CLOSE_RANGE = 575 // { int close_range(u_int lowfd, u_int highfd, int flags); } ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm64.go b/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm64.go index 61ad5ca3c19..89dcc427476 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm64.go @@ -1,4 +1,4 @@ -// go run mksysnum.go https://svn.freebsd.org/base/stable/11/sys/kern/syscalls.master +// go run mksysnum.go https://cgit.freebsd.org/src/plain/sys/kern/syscalls.master?h=stable/12 // Code generated by the command above; see README.md. DO NOT EDIT. //go:build arm64 && freebsd @@ -19,10 +19,9 @@ const ( SYS_UNLINK = 10 // { int unlink(char *path); } SYS_CHDIR = 12 // { int chdir(char *path); } SYS_FCHDIR = 13 // { int fchdir(int fd); } - SYS_MKNOD = 14 // { int mknod(char *path, int mode, int dev); } SYS_CHMOD = 15 // { int chmod(char *path, int mode); } SYS_CHOWN = 16 // { int chown(char *path, int uid, int gid); } - SYS_OBREAK = 17 // { int obreak(char *nsize); } break obreak_args int + SYS_BREAK = 17 // { caddr_t break(char *nsize); } SYS_GETPID = 20 // { pid_t getpid(void); } SYS_MOUNT = 21 // { int mount(char *type, char *path, int flags, caddr_t data); } SYS_UNMOUNT = 22 // { int unmount(char *path, int flags); } @@ -43,7 +42,6 @@ const ( SYS_KILL = 37 // { int kill(int pid, int signum); } SYS_GETPPID = 39 // { pid_t getppid(void); } SYS_DUP = 41 // { int dup(u_int fd); } - SYS_PIPE = 42 // { int pipe(void); } SYS_GETEGID = 43 // { gid_t getegid(void); } SYS_PROFIL = 44 // { int profil(caddr_t samples, size_t size, size_t offset, u_int scale); } SYS_KTRACE = 45 // { int ktrace(const char *fname, int ops, int facs, int pid); } @@ -58,15 +56,14 @@ const ( SYS_SYMLINK = 57 // { int symlink(char *path, char *link); } SYS_READLINK = 58 // { ssize_t readlink(char *path, char *buf, size_t count); } SYS_EXECVE = 59 // { int execve(char *fname, char **argv, char **envv); } - SYS_UMASK = 60 // { int umask(int newmask); } umask umask_args int + SYS_UMASK = 60 // { int umask(int newmask); } SYS_CHROOT = 61 // { int chroot(char *path); } SYS_MSYNC = 65 // { int msync(void *addr, size_t len, int flags); } SYS_VFORK = 66 // { int vfork(void); } SYS_SBRK = 69 // { int sbrk(int incr); } SYS_SSTK = 70 // { int sstk(int incr); } - SYS_OVADVISE = 72 // { int ovadvise(int anom); } vadvise ovadvise_args int SYS_MUNMAP = 73 // { int munmap(void *addr, size_t len); } - SYS_MPROTECT = 74 // { int mprotect(const void *addr, size_t len, int prot); } + SYS_MPROTECT = 74 // { int mprotect(void *addr, size_t len, int prot); } SYS_MADVISE = 75 // { int madvise(void *addr, size_t len, int behav); } SYS_MINCORE = 78 // { int mincore(const void *addr, size_t len, char *vec); } SYS_GETGROUPS = 79 // { int getgroups(u_int gidsetsize, gid_t *gidset); } @@ -124,14 +121,10 @@ const ( SYS_SETGID = 181 // { int setgid(gid_t gid); } SYS_SETEGID = 182 // { int setegid(gid_t egid); } SYS_SETEUID = 183 // { int seteuid(uid_t euid); } - SYS_STAT = 188 // { int stat(char *path, struct stat *ub); } - SYS_FSTAT = 189 // { int fstat(int fd, struct stat *sb); } - SYS_LSTAT = 190 // { int lstat(char *path, struct stat *ub); } SYS_PATHCONF = 191 // { int pathconf(char *path, int name); } SYS_FPATHCONF = 192 // { int fpathconf(int fd, int name); } SYS_GETRLIMIT = 194 // { int getrlimit(u_int which, struct rlimit *rlp); } getrlimit __getrlimit_args int SYS_SETRLIMIT = 195 // { int setrlimit(u_int which, struct rlimit *rlp); } setrlimit __setrlimit_args int - SYS_GETDIRENTRIES = 196 // { int getdirentries(int fd, char *buf, u_int count, long *basep); } SYS___SYSCTL = 202 // { int __sysctl(int *name, u_int namelen, void *old, size_t *oldlenp, void *new, size_t newlen); } __sysctl sysctl_args int SYS_MLOCK = 203 // { int mlock(const void *addr, size_t len); } SYS_MUNLOCK = 204 // { int munlock(const void *addr, size_t len); } @@ -143,12 +136,12 @@ const ( SYS_SEMOP = 222 // { int semop(int semid, struct sembuf *sops, size_t nsops); } SYS_MSGGET = 225 // { int msgget(key_t key, int msgflg); } SYS_MSGSND = 226 // { int msgsnd(int msqid, const void *msgp, size_t msgsz, int msgflg); } - SYS_MSGRCV = 227 // { int msgrcv(int msqid, void *msgp, size_t msgsz, long msgtyp, int msgflg); } + SYS_MSGRCV = 227 // { ssize_t msgrcv(int msqid, void *msgp, size_t msgsz, long msgtyp, int msgflg); } SYS_SHMAT = 228 // { int shmat(int shmid, const void *shmaddr, int shmflg); } SYS_SHMDT = 230 // { int shmdt(const void *shmaddr); } SYS_SHMGET = 231 // { int shmget(key_t key, size_t size, int shmflg); } SYS_CLOCK_GETTIME = 232 // { int clock_gettime(clockid_t clock_id, struct timespec *tp); } - SYS_CLOCK_SETTIME = 233 // { int clock_settime( clockid_t clock_id, const struct timespec *tp); } + SYS_CLOCK_SETTIME = 233 // { int clock_settime(clockid_t clock_id, const struct timespec *tp); } SYS_CLOCK_GETRES = 234 // { int clock_getres(clockid_t clock_id, struct timespec *tp); } SYS_KTIMER_CREATE = 235 // { int ktimer_create(clockid_t clock_id, struct sigevent *evp, int *timerid); } SYS_KTIMER_DELETE = 236 // { int ktimer_delete(int timerid); } @@ -157,50 +150,44 @@ const ( SYS_KTIMER_GETOVERRUN = 239 // { int ktimer_getoverrun(int timerid); } SYS_NANOSLEEP = 240 // { int nanosleep(const struct timespec *rqtp, struct timespec *rmtp); } SYS_FFCLOCK_GETCOUNTER = 241 // { int ffclock_getcounter(ffcounter *ffcount); } - SYS_FFCLOCK_SETESTIMATE = 242 // { int ffclock_setestimate( struct ffclock_estimate *cest); } - SYS_FFCLOCK_GETESTIMATE = 243 // { int ffclock_getestimate( struct ffclock_estimate *cest); } + SYS_FFCLOCK_SETESTIMATE = 242 // { int ffclock_setestimate(struct ffclock_estimate *cest); } + SYS_FFCLOCK_GETESTIMATE = 243 // { int ffclock_getestimate(struct ffclock_estimate *cest); } SYS_CLOCK_NANOSLEEP = 244 // { int clock_nanosleep(clockid_t clock_id, int flags, const struct timespec *rqtp, struct timespec *rmtp); } - SYS_CLOCK_GETCPUCLOCKID2 = 247 // { int clock_getcpuclockid2(id_t id,int which, clockid_t *clock_id); } + SYS_CLOCK_GETCPUCLOCKID2 = 247 // { int clock_getcpuclockid2(id_t id, int which, clockid_t *clock_id); } SYS_NTP_GETTIME = 248 // { int ntp_gettime(struct ntptimeval *ntvp); } SYS_MINHERIT = 250 // { int minherit(void *addr, size_t len, int inherit); } SYS_RFORK = 251 // { int rfork(int flags); } - SYS_OPENBSD_POLL = 252 // { int openbsd_poll(struct pollfd *fds, u_int nfds, int timeout); } SYS_ISSETUGID = 253 // { int issetugid(void); } SYS_LCHOWN = 254 // { int lchown(char *path, int uid, int gid); } SYS_AIO_READ = 255 // { int aio_read(struct aiocb *aiocbp); } SYS_AIO_WRITE = 256 // { int aio_write(struct aiocb *aiocbp); } - SYS_LIO_LISTIO = 257 // { int lio_listio(int mode, struct aiocb * const *acb_list, int nent, struct sigevent *sig); } - SYS_GETDENTS = 272 // { int getdents(int fd, char *buf, size_t count); } + SYS_LIO_LISTIO = 257 // { int lio_listio(int mode, struct aiocb* const *acb_list, int nent, struct sigevent *sig); } SYS_LCHMOD = 274 // { int lchmod(char *path, mode_t mode); } SYS_LUTIMES = 276 // { int lutimes(char *path, struct timeval *tptr); } - SYS_NSTAT = 278 // { int nstat(char *path, struct nstat *ub); } - SYS_NFSTAT = 279 // { int nfstat(int fd, struct nstat *sb); } - SYS_NLSTAT = 280 // { int nlstat(char *path, struct nstat *ub); } SYS_PREADV = 289 // { ssize_t preadv(int fd, struct iovec *iovp, u_int iovcnt, off_t offset); } SYS_PWRITEV = 290 // { ssize_t pwritev(int fd, struct iovec *iovp, u_int iovcnt, off_t offset); } SYS_FHOPEN = 298 // { int fhopen(const struct fhandle *u_fhp, int flags); } - SYS_FHSTAT = 299 // { int fhstat(const struct fhandle *u_fhp, struct stat *sb); } SYS_MODNEXT = 300 // { int modnext(int modid); } - SYS_MODSTAT = 301 // { int modstat(int modid, struct module_stat *stat); } + SYS_MODSTAT = 301 // { int modstat(int modid, struct module_stat* stat); } SYS_MODFNEXT = 302 // { int modfnext(int modid); } SYS_MODFIND = 303 // { int modfind(const char *name); } SYS_KLDLOAD = 304 // { int kldload(const char *file); } SYS_KLDUNLOAD = 305 // { int kldunload(int fileid); } SYS_KLDFIND = 306 // { int kldfind(const char *file); } SYS_KLDNEXT = 307 // { int kldnext(int fileid); } - SYS_KLDSTAT = 308 // { int kldstat(int fileid, struct kld_file_stat* stat); } + SYS_KLDSTAT = 308 // { int kldstat(int fileid, struct kld_file_stat *stat); } SYS_KLDFIRSTMOD = 309 // { int kldfirstmod(int fileid); } SYS_GETSID = 310 // { int getsid(pid_t pid); } SYS_SETRESUID = 311 // { int setresuid(uid_t ruid, uid_t euid, uid_t suid); } SYS_SETRESGID = 312 // { int setresgid(gid_t rgid, gid_t egid, gid_t sgid); } SYS_AIO_RETURN = 314 // { ssize_t aio_return(struct aiocb *aiocbp); } - SYS_AIO_SUSPEND = 315 // { int aio_suspend( struct aiocb * const * aiocbp, int nent, const struct timespec *timeout); } + SYS_AIO_SUSPEND = 315 // { int aio_suspend(struct aiocb * const * aiocbp, int nent, const struct timespec *timeout); } SYS_AIO_CANCEL = 316 // { int aio_cancel(int fd, struct aiocb *aiocbp); } SYS_AIO_ERROR = 317 // { int aio_error(struct aiocb *aiocbp); } SYS_YIELD = 321 // { int yield(void); } SYS_MLOCKALL = 324 // { int mlockall(int how); } SYS_MUNLOCKALL = 325 // { int munlockall(void); } - SYS___GETCWD = 326 // { int __getcwd(char *buf, u_int buflen); } + SYS___GETCWD = 326 // { int __getcwd(char *buf, size_t buflen); } SYS_SCHED_SETPARAM = 327 // { int sched_setparam (pid_t pid, const struct sched_param *param); } SYS_SCHED_GETPARAM = 328 // { int sched_getparam (pid_t pid, struct sched_param *param); } SYS_SCHED_SETSCHEDULER = 329 // { int sched_setscheduler (pid_t pid, int policy, const struct sched_param *param); } @@ -226,14 +213,13 @@ const ( SYS___ACL_ACLCHECK_FILE = 353 // { int __acl_aclcheck_file(const char *path, acl_type_t type, struct acl *aclp); } SYS___ACL_ACLCHECK_FD = 354 // { int __acl_aclcheck_fd(int filedes, acl_type_t type, struct acl *aclp); } SYS_EXTATTRCTL = 355 // { int extattrctl(const char *path, int cmd, const char *filename, int attrnamespace, const char *attrname); } - SYS_EXTATTR_SET_FILE = 356 // { ssize_t extattr_set_file( const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); } - SYS_EXTATTR_GET_FILE = 357 // { ssize_t extattr_get_file( const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); } + SYS_EXTATTR_SET_FILE = 356 // { ssize_t extattr_set_file(const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); } + SYS_EXTATTR_GET_FILE = 357 // { ssize_t extattr_get_file(const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); } SYS_EXTATTR_DELETE_FILE = 358 // { int extattr_delete_file(const char *path, int attrnamespace, const char *attrname); } - SYS_AIO_WAITCOMPLETE = 359 // { ssize_t aio_waitcomplete( struct aiocb **aiocbp, struct timespec *timeout); } + SYS_AIO_WAITCOMPLETE = 359 // { ssize_t aio_waitcomplete(struct aiocb **aiocbp, struct timespec *timeout); } SYS_GETRESUID = 360 // { int getresuid(uid_t *ruid, uid_t *euid, uid_t *suid); } SYS_GETRESGID = 361 // { int getresgid(gid_t *rgid, gid_t *egid, gid_t *sgid); } SYS_KQUEUE = 362 // { int kqueue(void); } - SYS_KEVENT = 363 // { int kevent(int fd, struct kevent *changelist, int nchanges, struct kevent *eventlist, int nevents, const struct timespec *timeout); } SYS_EXTATTR_SET_FD = 371 // { ssize_t extattr_set_fd(int fd, int attrnamespace, const char *attrname, void *data, size_t nbytes); } SYS_EXTATTR_GET_FD = 372 // { ssize_t extattr_get_fd(int fd, int attrnamespace, const char *attrname, void *data, size_t nbytes); } SYS_EXTATTR_DELETE_FD = 373 // { int extattr_delete_fd(int fd, int attrnamespace, const char *attrname); } @@ -251,10 +237,6 @@ const ( SYS_UUIDGEN = 392 // { int uuidgen(struct uuid *store, int count); } SYS_SENDFILE = 393 // { int sendfile(int fd, int s, off_t offset, size_t nbytes, struct sf_hdtr *hdtr, off_t *sbytes, int flags); } SYS_MAC_SYSCALL = 394 // { int mac_syscall(const char *policy, int call, void *arg); } - SYS_GETFSSTAT = 395 // { int getfsstat(struct statfs *buf, long bufsize, int mode); } - SYS_STATFS = 396 // { int statfs(char *path, struct statfs *buf); } - SYS_FSTATFS = 397 // { int fstatfs(int fd, struct statfs *buf); } - SYS_FHSTATFS = 398 // { int fhstatfs(const struct fhandle *u_fhp, struct statfs *buf); } SYS_KSEM_CLOSE = 400 // { int ksem_close(semid_t id); } SYS_KSEM_POST = 401 // { int ksem_post(semid_t id); } SYS_KSEM_WAIT = 402 // { int ksem_wait(semid_t id); } @@ -267,14 +249,14 @@ const ( SYS___MAC_GET_PID = 409 // { int __mac_get_pid(pid_t pid, struct mac *mac_p); } SYS___MAC_GET_LINK = 410 // { int __mac_get_link(const char *path_p, struct mac *mac_p); } SYS___MAC_SET_LINK = 411 // { int __mac_set_link(const char *path_p, struct mac *mac_p); } - SYS_EXTATTR_SET_LINK = 412 // { ssize_t extattr_set_link( const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); } - SYS_EXTATTR_GET_LINK = 413 // { ssize_t extattr_get_link( const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); } - SYS_EXTATTR_DELETE_LINK = 414 // { int extattr_delete_link( const char *path, int attrnamespace, const char *attrname); } + SYS_EXTATTR_SET_LINK = 412 // { ssize_t extattr_set_link(const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); } + SYS_EXTATTR_GET_LINK = 413 // { ssize_t extattr_get_link(const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); } + SYS_EXTATTR_DELETE_LINK = 414 // { int extattr_delete_link(const char *path, int attrnamespace, const char *attrname); } SYS___MAC_EXECVE = 415 // { int __mac_execve(char *fname, char **argv, char **envv, struct mac *mac_p); } SYS_SIGACTION = 416 // { int sigaction(int sig, const struct sigaction *act, struct sigaction *oact); } - SYS_SIGRETURN = 417 // { int sigreturn( const struct __ucontext *sigcntxp); } + SYS_SIGRETURN = 417 // { int sigreturn(const struct __ucontext *sigcntxp); } SYS_GETCONTEXT = 421 // { int getcontext(struct __ucontext *ucp); } - SYS_SETCONTEXT = 422 // { int setcontext( const struct __ucontext *ucp); } + SYS_SETCONTEXT = 422 // { int setcontext(const struct __ucontext *ucp); } SYS_SWAPCONTEXT = 423 // { int swapcontext(struct __ucontext *oucp, const struct __ucontext *ucp); } SYS_SWAPOFF = 424 // { int swapoff(const char *name); } SYS___ACL_GET_LINK = 425 // { int __acl_get_link(const char *path, acl_type_t type, struct acl *aclp); } @@ -288,10 +270,10 @@ const ( SYS_THR_KILL = 433 // { int thr_kill(long id, int sig); } SYS_JAIL_ATTACH = 436 // { int jail_attach(int jid); } SYS_EXTATTR_LIST_FD = 437 // { ssize_t extattr_list_fd(int fd, int attrnamespace, void *data, size_t nbytes); } - SYS_EXTATTR_LIST_FILE = 438 // { ssize_t extattr_list_file( const char *path, int attrnamespace, void *data, size_t nbytes); } - SYS_EXTATTR_LIST_LINK = 439 // { ssize_t extattr_list_link( const char *path, int attrnamespace, void *data, size_t nbytes); } + SYS_EXTATTR_LIST_FILE = 438 // { ssize_t extattr_list_file(const char *path, int attrnamespace, void *data, size_t nbytes); } + SYS_EXTATTR_LIST_LINK = 439 // { ssize_t extattr_list_link(const char *path, int attrnamespace, void *data, size_t nbytes); } SYS_KSEM_TIMEDWAIT = 441 // { int ksem_timedwait(semid_t id, const struct timespec *abstime); } - SYS_THR_SUSPEND = 442 // { int thr_suspend( const struct timespec *timeout); } + SYS_THR_SUSPEND = 442 // { int thr_suspend(const struct timespec *timeout); } SYS_THR_WAKE = 443 // { int thr_wake(long id); } SYS_KLDUNLOADF = 444 // { int kldunloadf(int fileid, int flags); } SYS_AUDIT = 445 // { int audit(const void *record, u_int length); } @@ -300,17 +282,17 @@ const ( SYS_SETAUID = 448 // { int setauid(uid_t *auid); } SYS_GETAUDIT = 449 // { int getaudit(struct auditinfo *auditinfo); } SYS_SETAUDIT = 450 // { int setaudit(struct auditinfo *auditinfo); } - SYS_GETAUDIT_ADDR = 451 // { int getaudit_addr( struct auditinfo_addr *auditinfo_addr, u_int length); } - SYS_SETAUDIT_ADDR = 452 // { int setaudit_addr( struct auditinfo_addr *auditinfo_addr, u_int length); } + SYS_GETAUDIT_ADDR = 451 // { int getaudit_addr(struct auditinfo_addr *auditinfo_addr, u_int length); } + SYS_SETAUDIT_ADDR = 452 // { int setaudit_addr(struct auditinfo_addr *auditinfo_addr, u_int length); } SYS_AUDITCTL = 453 // { int auditctl(char *path); } SYS__UMTX_OP = 454 // { int _umtx_op(void *obj, int op, u_long val, void *uaddr1, void *uaddr2); } SYS_THR_NEW = 455 // { int thr_new(struct thr_param *param, int param_size); } SYS_SIGQUEUE = 456 // { int sigqueue(pid_t pid, int signum, void *value); } SYS_KMQ_OPEN = 457 // { int kmq_open(const char *path, int flags, mode_t mode, const struct mq_attr *attr); } - SYS_KMQ_SETATTR = 458 // { int kmq_setattr(int mqd, const struct mq_attr *attr, struct mq_attr *oattr); } - SYS_KMQ_TIMEDRECEIVE = 459 // { int kmq_timedreceive(int mqd, char *msg_ptr, size_t msg_len, unsigned *msg_prio, const struct timespec *abs_timeout); } - SYS_KMQ_TIMEDSEND = 460 // { int kmq_timedsend(int mqd, const char *msg_ptr, size_t msg_len,unsigned msg_prio, const struct timespec *abs_timeout);} - SYS_KMQ_NOTIFY = 461 // { int kmq_notify(int mqd, const struct sigevent *sigev); } + SYS_KMQ_SETATTR = 458 // { int kmq_setattr(int mqd, const struct mq_attr *attr, struct mq_attr *oattr); } + SYS_KMQ_TIMEDRECEIVE = 459 // { int kmq_timedreceive(int mqd, char *msg_ptr, size_t msg_len, unsigned *msg_prio, const struct timespec *abs_timeout); } + SYS_KMQ_TIMEDSEND = 460 // { int kmq_timedsend(int mqd, const char *msg_ptr, size_t msg_len, unsigned msg_prio, const struct timespec *abs_timeout); } + SYS_KMQ_NOTIFY = 461 // { int kmq_notify(int mqd, const struct sigevent *sigev); } SYS_KMQ_UNLINK = 462 // { int kmq_unlink(const char *path); } SYS_ABORT2 = 463 // { int abort2(const char *why, int nargs, void **args); } SYS_THR_SET_NAME = 464 // { int thr_set_name(long id, const char *name); } @@ -319,7 +301,7 @@ const ( SYS_SCTP_PEELOFF = 471 // { int sctp_peeloff(int sd, uint32_t name); } SYS_SCTP_GENERIC_SENDMSG = 472 // { int sctp_generic_sendmsg(int sd, caddr_t msg, int mlen, caddr_t to, __socklen_t tolen, struct sctp_sndrcvinfo *sinfo, int flags); } SYS_SCTP_GENERIC_SENDMSG_IOV = 473 // { int sctp_generic_sendmsg_iov(int sd, struct iovec *iov, int iovlen, caddr_t to, __socklen_t tolen, struct sctp_sndrcvinfo *sinfo, int flags); } - SYS_SCTP_GENERIC_RECVMSG = 474 // { int sctp_generic_recvmsg(int sd, struct iovec *iov, int iovlen, struct sockaddr * from, __socklen_t *fromlenaddr, struct sctp_sndrcvinfo *sinfo, int *msg_flags); } + SYS_SCTP_GENERIC_RECVMSG = 474 // { int sctp_generic_recvmsg(int sd, struct iovec *iov, int iovlen, struct sockaddr *from, __socklen_t *fromlenaddr, struct sctp_sndrcvinfo *sinfo, int *msg_flags); } SYS_PREAD = 475 // { ssize_t pread(int fd, void *buf, size_t nbyte, off_t offset); } SYS_PWRITE = 476 // { ssize_t pwrite(int fd, const void *buf, size_t nbyte, off_t offset); } SYS_MMAP = 477 // { caddr_t mmap(caddr_t addr, size_t len, int prot, int flags, int fd, off_t pos); } @@ -338,14 +320,12 @@ const ( SYS_FCHMODAT = 490 // { int fchmodat(int fd, char *path, mode_t mode, int flag); } SYS_FCHOWNAT = 491 // { int fchownat(int fd, char *path, uid_t uid, gid_t gid, int flag); } SYS_FEXECVE = 492 // { int fexecve(int fd, char **argv, char **envv); } - SYS_FSTATAT = 493 // { int fstatat(int fd, char *path, struct stat *buf, int flag); } SYS_FUTIMESAT = 494 // { int futimesat(int fd, char *path, struct timeval *times); } SYS_LINKAT = 495 // { int linkat(int fd1, char *path1, int fd2, char *path2, int flag); } SYS_MKDIRAT = 496 // { int mkdirat(int fd, char *path, mode_t mode); } SYS_MKFIFOAT = 497 // { int mkfifoat(int fd, char *path, mode_t mode); } - SYS_MKNODAT = 498 // { int mknodat(int fd, char *path, mode_t mode, dev_t dev); } SYS_OPENAT = 499 // { int openat(int fd, char *path, int flag, mode_t mode); } - SYS_READLINKAT = 500 // { int readlinkat(int fd, char *path, char *buf, size_t bufsize); } + SYS_READLINKAT = 500 // { ssize_t readlinkat(int fd, char *path, char *buf, size_t bufsize); } SYS_RENAMEAT = 501 // { int renameat(int oldfd, char *old, int newfd, char *new); } SYS_SYMLINKAT = 502 // { int symlinkat(char *path1, int fd, char *path2); } SYS_UNLINKAT = 503 // { int unlinkat(int fd, char *path, int flag); } @@ -391,7 +371,24 @@ const ( SYS_PPOLL = 545 // { int ppoll(struct pollfd *fds, u_int nfds, const struct timespec *ts, const sigset_t *set); } SYS_FUTIMENS = 546 // { int futimens(int fd, struct timespec *times); } SYS_UTIMENSAT = 547 // { int utimensat(int fd, char *path, struct timespec *times, int flag); } - SYS_NUMA_GETAFFINITY = 548 // { int numa_getaffinity(cpuwhich_t which, id_t id, struct vm_domain_policy_entry *policy); } - SYS_NUMA_SETAFFINITY = 549 // { int numa_setaffinity(cpuwhich_t which, id_t id, const struct vm_domain_policy_entry *policy); } SYS_FDATASYNC = 550 // { int fdatasync(int fd); } + SYS_FSTAT = 551 // { int fstat(int fd, struct stat *sb); } + SYS_FSTATAT = 552 // { int fstatat(int fd, char *path, struct stat *buf, int flag); } + SYS_FHSTAT = 553 // { int fhstat(const struct fhandle *u_fhp, struct stat *sb); } + SYS_GETDIRENTRIES = 554 // { ssize_t getdirentries(int fd, char *buf, size_t count, off_t *basep); } + SYS_STATFS = 555 // { int statfs(char *path, struct statfs *buf); } + SYS_FSTATFS = 556 // { int fstatfs(int fd, struct statfs *buf); } + SYS_GETFSSTAT = 557 // { int getfsstat(struct statfs *buf, long bufsize, int mode); } + SYS_FHSTATFS = 558 // { int fhstatfs(const struct fhandle *u_fhp, struct statfs *buf); } + SYS_MKNODAT = 559 // { int mknodat(int fd, char *path, mode_t mode, dev_t dev); } + SYS_KEVENT = 560 // { int kevent(int fd, struct kevent *changelist, int nchanges, struct kevent *eventlist, int nevents, const struct timespec *timeout); } + SYS_CPUSET_GETDOMAIN = 561 // { int cpuset_getdomain(cpulevel_t level, cpuwhich_t which, id_t id, size_t domainsetsize, domainset_t *mask, int *policy); } + SYS_CPUSET_SETDOMAIN = 562 // { int cpuset_setdomain(cpulevel_t level, cpuwhich_t which, id_t id, size_t domainsetsize, domainset_t *mask, int policy); } + SYS_GETRANDOM = 563 // { int getrandom(void *buf, size_t buflen, unsigned int flags); } + SYS_GETFHAT = 564 // { int getfhat(int fd, char *path, struct fhandle *fhp, int flags); } + SYS_FHLINK = 565 // { int fhlink(struct fhandle *fhp, const char *to); } + SYS_FHLINKAT = 566 // { int fhlinkat(struct fhandle *fhp, int tofd, const char *to,); } + SYS_FHREADLINK = 567 // { int fhreadlink(struct fhandle *fhp, char *buf, size_t bufsize); } + SYS___SYSCTLBYNAME = 570 // { int __sysctlbyname(const char *name, size_t namelen, void *old, size_t *oldlenp, void *new, size_t newlen); } + SYS_CLOSE_RANGE = 575 // { int close_range(u_int lowfd, u_int highfd, int flags); } ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_freebsd_riscv64.go b/vendor/golang.org/x/sys/unix/zsysnum_freebsd_riscv64.go new file mode 100644 index 00000000000..ee37aaa0c90 --- /dev/null +++ b/vendor/golang.org/x/sys/unix/zsysnum_freebsd_riscv64.go @@ -0,0 +1,394 @@ +// go run mksysnum.go https://cgit.freebsd.org/src/plain/sys/kern/syscalls.master?h=stable/12 +// Code generated by the command above; see README.md. DO NOT EDIT. + +//go:build riscv64 && freebsd +// +build riscv64,freebsd + +package unix + +const ( + // SYS_NOSYS = 0; // { int nosys(void); } syscall nosys_args int + SYS_EXIT = 1 // { void sys_exit(int rval); } exit sys_exit_args void + SYS_FORK = 2 // { int fork(void); } + SYS_READ = 3 // { ssize_t read(int fd, void *buf, size_t nbyte); } + SYS_WRITE = 4 // { ssize_t write(int fd, const void *buf, size_t nbyte); } + SYS_OPEN = 5 // { int open(char *path, int flags, int mode); } + SYS_CLOSE = 6 // { int close(int fd); } + SYS_WAIT4 = 7 // { int wait4(int pid, int *status, int options, struct rusage *rusage); } + SYS_LINK = 9 // { int link(char *path, char *link); } + SYS_UNLINK = 10 // { int unlink(char *path); } + SYS_CHDIR = 12 // { int chdir(char *path); } + SYS_FCHDIR = 13 // { int fchdir(int fd); } + SYS_CHMOD = 15 // { int chmod(char *path, int mode); } + SYS_CHOWN = 16 // { int chown(char *path, int uid, int gid); } + SYS_BREAK = 17 // { caddr_t break(char *nsize); } + SYS_GETPID = 20 // { pid_t getpid(void); } + SYS_MOUNT = 21 // { int mount(char *type, char *path, int flags, caddr_t data); } + SYS_UNMOUNT = 22 // { int unmount(char *path, int flags); } + SYS_SETUID = 23 // { int setuid(uid_t uid); } + SYS_GETUID = 24 // { uid_t getuid(void); } + SYS_GETEUID = 25 // { uid_t geteuid(void); } + SYS_PTRACE = 26 // { int ptrace(int req, pid_t pid, caddr_t addr, int data); } + SYS_RECVMSG = 27 // { int recvmsg(int s, struct msghdr *msg, int flags); } + SYS_SENDMSG = 28 // { int sendmsg(int s, struct msghdr *msg, int flags); } + SYS_RECVFROM = 29 // { int recvfrom(int s, caddr_t buf, size_t len, int flags, struct sockaddr * __restrict from, __socklen_t * __restrict fromlenaddr); } + SYS_ACCEPT = 30 // { int accept(int s, struct sockaddr * __restrict name, __socklen_t * __restrict anamelen); } + SYS_GETPEERNAME = 31 // { int getpeername(int fdes, struct sockaddr * __restrict asa, __socklen_t * __restrict alen); } + SYS_GETSOCKNAME = 32 // { int getsockname(int fdes, struct sockaddr * __restrict asa, __socklen_t * __restrict alen); } + SYS_ACCESS = 33 // { int access(char *path, int amode); } + SYS_CHFLAGS = 34 // { int chflags(const char *path, u_long flags); } + SYS_FCHFLAGS = 35 // { int fchflags(int fd, u_long flags); } + SYS_SYNC = 36 // { int sync(void); } + SYS_KILL = 37 // { int kill(int pid, int signum); } + SYS_GETPPID = 39 // { pid_t getppid(void); } + SYS_DUP = 41 // { int dup(u_int fd); } + SYS_GETEGID = 43 // { gid_t getegid(void); } + SYS_PROFIL = 44 // { int profil(caddr_t samples, size_t size, size_t offset, u_int scale); } + SYS_KTRACE = 45 // { int ktrace(const char *fname, int ops, int facs, int pid); } + SYS_GETGID = 47 // { gid_t getgid(void); } + SYS_GETLOGIN = 49 // { int getlogin(char *namebuf, u_int namelen); } + SYS_SETLOGIN = 50 // { int setlogin(char *namebuf); } + SYS_ACCT = 51 // { int acct(char *path); } + SYS_SIGALTSTACK = 53 // { int sigaltstack(stack_t *ss, stack_t *oss); } + SYS_IOCTL = 54 // { int ioctl(int fd, u_long com, caddr_t data); } + SYS_REBOOT = 55 // { int reboot(int opt); } + SYS_REVOKE = 56 // { int revoke(char *path); } + SYS_SYMLINK = 57 // { int symlink(char *path, char *link); } + SYS_READLINK = 58 // { ssize_t readlink(char *path, char *buf, size_t count); } + SYS_EXECVE = 59 // { int execve(char *fname, char **argv, char **envv); } + SYS_UMASK = 60 // { int umask(int newmask); } + SYS_CHROOT = 61 // { int chroot(char *path); } + SYS_MSYNC = 65 // { int msync(void *addr, size_t len, int flags); } + SYS_VFORK = 66 // { int vfork(void); } + SYS_SBRK = 69 // { int sbrk(int incr); } + SYS_SSTK = 70 // { int sstk(int incr); } + SYS_MUNMAP = 73 // { int munmap(void *addr, size_t len); } + SYS_MPROTECT = 74 // { int mprotect(void *addr, size_t len, int prot); } + SYS_MADVISE = 75 // { int madvise(void *addr, size_t len, int behav); } + SYS_MINCORE = 78 // { int mincore(const void *addr, size_t len, char *vec); } + SYS_GETGROUPS = 79 // { int getgroups(u_int gidsetsize, gid_t *gidset); } + SYS_SETGROUPS = 80 // { int setgroups(u_int gidsetsize, gid_t *gidset); } + SYS_GETPGRP = 81 // { int getpgrp(void); } + SYS_SETPGID = 82 // { int setpgid(int pid, int pgid); } + SYS_SETITIMER = 83 // { int setitimer(u_int which, struct itimerval *itv, struct itimerval *oitv); } + SYS_SWAPON = 85 // { int swapon(char *name); } + SYS_GETITIMER = 86 // { int getitimer(u_int which, struct itimerval *itv); } + SYS_GETDTABLESIZE = 89 // { int getdtablesize(void); } + SYS_DUP2 = 90 // { int dup2(u_int from, u_int to); } + SYS_FCNTL = 92 // { int fcntl(int fd, int cmd, long arg); } + SYS_SELECT = 93 // { int select(int nd, fd_set *in, fd_set *ou, fd_set *ex, struct timeval *tv); } + SYS_FSYNC = 95 // { int fsync(int fd); } + SYS_SETPRIORITY = 96 // { int setpriority(int which, int who, int prio); } + SYS_SOCKET = 97 // { int socket(int domain, int type, int protocol); } + SYS_CONNECT = 98 // { int connect(int s, caddr_t name, int namelen); } + SYS_GETPRIORITY = 100 // { int getpriority(int which, int who); } + SYS_BIND = 104 // { int bind(int s, caddr_t name, int namelen); } + SYS_SETSOCKOPT = 105 // { int setsockopt(int s, int level, int name, caddr_t val, int valsize); } + SYS_LISTEN = 106 // { int listen(int s, int backlog); } + SYS_GETTIMEOFDAY = 116 // { int gettimeofday(struct timeval *tp, struct timezone *tzp); } + SYS_GETRUSAGE = 117 // { int getrusage(int who, struct rusage *rusage); } + SYS_GETSOCKOPT = 118 // { int getsockopt(int s, int level, int name, caddr_t val, int *avalsize); } + SYS_READV = 120 // { int readv(int fd, struct iovec *iovp, u_int iovcnt); } + SYS_WRITEV = 121 // { int writev(int fd, struct iovec *iovp, u_int iovcnt); } + SYS_SETTIMEOFDAY = 122 // { int settimeofday(struct timeval *tv, struct timezone *tzp); } + SYS_FCHOWN = 123 // { int fchown(int fd, int uid, int gid); } + SYS_FCHMOD = 124 // { int fchmod(int fd, int mode); } + SYS_SETREUID = 126 // { int setreuid(int ruid, int euid); } + SYS_SETREGID = 127 // { int setregid(int rgid, int egid); } + SYS_RENAME = 128 // { int rename(char *from, char *to); } + SYS_FLOCK = 131 // { int flock(int fd, int how); } + SYS_MKFIFO = 132 // { int mkfifo(char *path, int mode); } + SYS_SENDTO = 133 // { int sendto(int s, caddr_t buf, size_t len, int flags, caddr_t to, int tolen); } + SYS_SHUTDOWN = 134 // { int shutdown(int s, int how); } + SYS_SOCKETPAIR = 135 // { int socketpair(int domain, int type, int protocol, int *rsv); } + SYS_MKDIR = 136 // { int mkdir(char *path, int mode); } + SYS_RMDIR = 137 // { int rmdir(char *path); } + SYS_UTIMES = 138 // { int utimes(char *path, struct timeval *tptr); } + SYS_ADJTIME = 140 // { int adjtime(struct timeval *delta, struct timeval *olddelta); } + SYS_SETSID = 147 // { int setsid(void); } + SYS_QUOTACTL = 148 // { int quotactl(char *path, int cmd, int uid, caddr_t arg); } + SYS_NLM_SYSCALL = 154 // { int nlm_syscall(int debug_level, int grace_period, int addr_count, char **addrs); } + SYS_NFSSVC = 155 // { int nfssvc(int flag, caddr_t argp); } + SYS_LGETFH = 160 // { int lgetfh(char *fname, struct fhandle *fhp); } + SYS_GETFH = 161 // { int getfh(char *fname, struct fhandle *fhp); } + SYS_SYSARCH = 165 // { int sysarch(int op, char *parms); } + SYS_RTPRIO = 166 // { int rtprio(int function, pid_t pid, struct rtprio *rtp); } + SYS_SEMSYS = 169 // { int semsys(int which, int a2, int a3, int a4, int a5); } + SYS_MSGSYS = 170 // { int msgsys(int which, int a2, int a3, int a4, int a5, int a6); } + SYS_SHMSYS = 171 // { int shmsys(int which, int a2, int a3, int a4); } + SYS_SETFIB = 175 // { int setfib(int fibnum); } + SYS_NTP_ADJTIME = 176 // { int ntp_adjtime(struct timex *tp); } + SYS_SETGID = 181 // { int setgid(gid_t gid); } + SYS_SETEGID = 182 // { int setegid(gid_t egid); } + SYS_SETEUID = 183 // { int seteuid(uid_t euid); } + SYS_PATHCONF = 191 // { int pathconf(char *path, int name); } + SYS_FPATHCONF = 192 // { int fpathconf(int fd, int name); } + SYS_GETRLIMIT = 194 // { int getrlimit(u_int which, struct rlimit *rlp); } getrlimit __getrlimit_args int + SYS_SETRLIMIT = 195 // { int setrlimit(u_int which, struct rlimit *rlp); } setrlimit __setrlimit_args int + SYS___SYSCTL = 202 // { int __sysctl(int *name, u_int namelen, void *old, size_t *oldlenp, void *new, size_t newlen); } __sysctl sysctl_args int + SYS_MLOCK = 203 // { int mlock(const void *addr, size_t len); } + SYS_MUNLOCK = 204 // { int munlock(const void *addr, size_t len); } + SYS_UNDELETE = 205 // { int undelete(char *path); } + SYS_FUTIMES = 206 // { int futimes(int fd, struct timeval *tptr); } + SYS_GETPGID = 207 // { int getpgid(pid_t pid); } + SYS_POLL = 209 // { int poll(struct pollfd *fds, u_int nfds, int timeout); } + SYS_SEMGET = 221 // { int semget(key_t key, int nsems, int semflg); } + SYS_SEMOP = 222 // { int semop(int semid, struct sembuf *sops, size_t nsops); } + SYS_MSGGET = 225 // { int msgget(key_t key, int msgflg); } + SYS_MSGSND = 226 // { int msgsnd(int msqid, const void *msgp, size_t msgsz, int msgflg); } + SYS_MSGRCV = 227 // { ssize_t msgrcv(int msqid, void *msgp, size_t msgsz, long msgtyp, int msgflg); } + SYS_SHMAT = 228 // { int shmat(int shmid, const void *shmaddr, int shmflg); } + SYS_SHMDT = 230 // { int shmdt(const void *shmaddr); } + SYS_SHMGET = 231 // { int shmget(key_t key, size_t size, int shmflg); } + SYS_CLOCK_GETTIME = 232 // { int clock_gettime(clockid_t clock_id, struct timespec *tp); } + SYS_CLOCK_SETTIME = 233 // { int clock_settime(clockid_t clock_id, const struct timespec *tp); } + SYS_CLOCK_GETRES = 234 // { int clock_getres(clockid_t clock_id, struct timespec *tp); } + SYS_KTIMER_CREATE = 235 // { int ktimer_create(clockid_t clock_id, struct sigevent *evp, int *timerid); } + SYS_KTIMER_DELETE = 236 // { int ktimer_delete(int timerid); } + SYS_KTIMER_SETTIME = 237 // { int ktimer_settime(int timerid, int flags, const struct itimerspec *value, struct itimerspec *ovalue); } + SYS_KTIMER_GETTIME = 238 // { int ktimer_gettime(int timerid, struct itimerspec *value); } + SYS_KTIMER_GETOVERRUN = 239 // { int ktimer_getoverrun(int timerid); } + SYS_NANOSLEEP = 240 // { int nanosleep(const struct timespec *rqtp, struct timespec *rmtp); } + SYS_FFCLOCK_GETCOUNTER = 241 // { int ffclock_getcounter(ffcounter *ffcount); } + SYS_FFCLOCK_SETESTIMATE = 242 // { int ffclock_setestimate(struct ffclock_estimate *cest); } + SYS_FFCLOCK_GETESTIMATE = 243 // { int ffclock_getestimate(struct ffclock_estimate *cest); } + SYS_CLOCK_NANOSLEEP = 244 // { int clock_nanosleep(clockid_t clock_id, int flags, const struct timespec *rqtp, struct timespec *rmtp); } + SYS_CLOCK_GETCPUCLOCKID2 = 247 // { int clock_getcpuclockid2(id_t id, int which, clockid_t *clock_id); } + SYS_NTP_GETTIME = 248 // { int ntp_gettime(struct ntptimeval *ntvp); } + SYS_MINHERIT = 250 // { int minherit(void *addr, size_t len, int inherit); } + SYS_RFORK = 251 // { int rfork(int flags); } + SYS_ISSETUGID = 253 // { int issetugid(void); } + SYS_LCHOWN = 254 // { int lchown(char *path, int uid, int gid); } + SYS_AIO_READ = 255 // { int aio_read(struct aiocb *aiocbp); } + SYS_AIO_WRITE = 256 // { int aio_write(struct aiocb *aiocbp); } + SYS_LIO_LISTIO = 257 // { int lio_listio(int mode, struct aiocb* const *acb_list, int nent, struct sigevent *sig); } + SYS_LCHMOD = 274 // { int lchmod(char *path, mode_t mode); } + SYS_LUTIMES = 276 // { int lutimes(char *path, struct timeval *tptr); } + SYS_PREADV = 289 // { ssize_t preadv(int fd, struct iovec *iovp, u_int iovcnt, off_t offset); } + SYS_PWRITEV = 290 // { ssize_t pwritev(int fd, struct iovec *iovp, u_int iovcnt, off_t offset); } + SYS_FHOPEN = 298 // { int fhopen(const struct fhandle *u_fhp, int flags); } + SYS_MODNEXT = 300 // { int modnext(int modid); } + SYS_MODSTAT = 301 // { int modstat(int modid, struct module_stat* stat); } + SYS_MODFNEXT = 302 // { int modfnext(int modid); } + SYS_MODFIND = 303 // { int modfind(const char *name); } + SYS_KLDLOAD = 304 // { int kldload(const char *file); } + SYS_KLDUNLOAD = 305 // { int kldunload(int fileid); } + SYS_KLDFIND = 306 // { int kldfind(const char *file); } + SYS_KLDNEXT = 307 // { int kldnext(int fileid); } + SYS_KLDSTAT = 308 // { int kldstat(int fileid, struct kld_file_stat *stat); } + SYS_KLDFIRSTMOD = 309 // { int kldfirstmod(int fileid); } + SYS_GETSID = 310 // { int getsid(pid_t pid); } + SYS_SETRESUID = 311 // { int setresuid(uid_t ruid, uid_t euid, uid_t suid); } + SYS_SETRESGID = 312 // { int setresgid(gid_t rgid, gid_t egid, gid_t sgid); } + SYS_AIO_RETURN = 314 // { ssize_t aio_return(struct aiocb *aiocbp); } + SYS_AIO_SUSPEND = 315 // { int aio_suspend(struct aiocb * const * aiocbp, int nent, const struct timespec *timeout); } + SYS_AIO_CANCEL = 316 // { int aio_cancel(int fd, struct aiocb *aiocbp); } + SYS_AIO_ERROR = 317 // { int aio_error(struct aiocb *aiocbp); } + SYS_YIELD = 321 // { int yield(void); } + SYS_MLOCKALL = 324 // { int mlockall(int how); } + SYS_MUNLOCKALL = 325 // { int munlockall(void); } + SYS___GETCWD = 326 // { int __getcwd(char *buf, size_t buflen); } + SYS_SCHED_SETPARAM = 327 // { int sched_setparam (pid_t pid, const struct sched_param *param); } + SYS_SCHED_GETPARAM = 328 // { int sched_getparam (pid_t pid, struct sched_param *param); } + SYS_SCHED_SETSCHEDULER = 329 // { int sched_setscheduler (pid_t pid, int policy, const struct sched_param *param); } + SYS_SCHED_GETSCHEDULER = 330 // { int sched_getscheduler (pid_t pid); } + SYS_SCHED_YIELD = 331 // { int sched_yield (void); } + SYS_SCHED_GET_PRIORITY_MAX = 332 // { int sched_get_priority_max (int policy); } + SYS_SCHED_GET_PRIORITY_MIN = 333 // { int sched_get_priority_min (int policy); } + SYS_SCHED_RR_GET_INTERVAL = 334 // { int sched_rr_get_interval (pid_t pid, struct timespec *interval); } + SYS_UTRACE = 335 // { int utrace(const void *addr, size_t len); } + SYS_KLDSYM = 337 // { int kldsym(int fileid, int cmd, void *data); } + SYS_JAIL = 338 // { int jail(struct jail *jail); } + SYS_SIGPROCMASK = 340 // { int sigprocmask(int how, const sigset_t *set, sigset_t *oset); } + SYS_SIGSUSPEND = 341 // { int sigsuspend(const sigset_t *sigmask); } + SYS_SIGPENDING = 343 // { int sigpending(sigset_t *set); } + SYS_SIGTIMEDWAIT = 345 // { int sigtimedwait(const sigset_t *set, siginfo_t *info, const struct timespec *timeout); } + SYS_SIGWAITINFO = 346 // { int sigwaitinfo(const sigset_t *set, siginfo_t *info); } + SYS___ACL_GET_FILE = 347 // { int __acl_get_file(const char *path, acl_type_t type, struct acl *aclp); } + SYS___ACL_SET_FILE = 348 // { int __acl_set_file(const char *path, acl_type_t type, struct acl *aclp); } + SYS___ACL_GET_FD = 349 // { int __acl_get_fd(int filedes, acl_type_t type, struct acl *aclp); } + SYS___ACL_SET_FD = 350 // { int __acl_set_fd(int filedes, acl_type_t type, struct acl *aclp); } + SYS___ACL_DELETE_FILE = 351 // { int __acl_delete_file(const char *path, acl_type_t type); } + SYS___ACL_DELETE_FD = 352 // { int __acl_delete_fd(int filedes, acl_type_t type); } + SYS___ACL_ACLCHECK_FILE = 353 // { int __acl_aclcheck_file(const char *path, acl_type_t type, struct acl *aclp); } + SYS___ACL_ACLCHECK_FD = 354 // { int __acl_aclcheck_fd(int filedes, acl_type_t type, struct acl *aclp); } + SYS_EXTATTRCTL = 355 // { int extattrctl(const char *path, int cmd, const char *filename, int attrnamespace, const char *attrname); } + SYS_EXTATTR_SET_FILE = 356 // { ssize_t extattr_set_file(const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); } + SYS_EXTATTR_GET_FILE = 357 // { ssize_t extattr_get_file(const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); } + SYS_EXTATTR_DELETE_FILE = 358 // { int extattr_delete_file(const char *path, int attrnamespace, const char *attrname); } + SYS_AIO_WAITCOMPLETE = 359 // { ssize_t aio_waitcomplete(struct aiocb **aiocbp, struct timespec *timeout); } + SYS_GETRESUID = 360 // { int getresuid(uid_t *ruid, uid_t *euid, uid_t *suid); } + SYS_GETRESGID = 361 // { int getresgid(gid_t *rgid, gid_t *egid, gid_t *sgid); } + SYS_KQUEUE = 362 // { int kqueue(void); } + SYS_EXTATTR_SET_FD = 371 // { ssize_t extattr_set_fd(int fd, int attrnamespace, const char *attrname, void *data, size_t nbytes); } + SYS_EXTATTR_GET_FD = 372 // { ssize_t extattr_get_fd(int fd, int attrnamespace, const char *attrname, void *data, size_t nbytes); } + SYS_EXTATTR_DELETE_FD = 373 // { int extattr_delete_fd(int fd, int attrnamespace, const char *attrname); } + SYS___SETUGID = 374 // { int __setugid(int flag); } + SYS_EACCESS = 376 // { int eaccess(char *path, int amode); } + SYS_NMOUNT = 378 // { int nmount(struct iovec *iovp, unsigned int iovcnt, int flags); } + SYS___MAC_GET_PROC = 384 // { int __mac_get_proc(struct mac *mac_p); } + SYS___MAC_SET_PROC = 385 // { int __mac_set_proc(struct mac *mac_p); } + SYS___MAC_GET_FD = 386 // { int __mac_get_fd(int fd, struct mac *mac_p); } + SYS___MAC_GET_FILE = 387 // { int __mac_get_file(const char *path_p, struct mac *mac_p); } + SYS___MAC_SET_FD = 388 // { int __mac_set_fd(int fd, struct mac *mac_p); } + SYS___MAC_SET_FILE = 389 // { int __mac_set_file(const char *path_p, struct mac *mac_p); } + SYS_KENV = 390 // { int kenv(int what, const char *name, char *value, int len); } + SYS_LCHFLAGS = 391 // { int lchflags(const char *path, u_long flags); } + SYS_UUIDGEN = 392 // { int uuidgen(struct uuid *store, int count); } + SYS_SENDFILE = 393 // { int sendfile(int fd, int s, off_t offset, size_t nbytes, struct sf_hdtr *hdtr, off_t *sbytes, int flags); } + SYS_MAC_SYSCALL = 394 // { int mac_syscall(const char *policy, int call, void *arg); } + SYS_KSEM_CLOSE = 400 // { int ksem_close(semid_t id); } + SYS_KSEM_POST = 401 // { int ksem_post(semid_t id); } + SYS_KSEM_WAIT = 402 // { int ksem_wait(semid_t id); } + SYS_KSEM_TRYWAIT = 403 // { int ksem_trywait(semid_t id); } + SYS_KSEM_INIT = 404 // { int ksem_init(semid_t *idp, unsigned int value); } + SYS_KSEM_OPEN = 405 // { int ksem_open(semid_t *idp, const char *name, int oflag, mode_t mode, unsigned int value); } + SYS_KSEM_UNLINK = 406 // { int ksem_unlink(const char *name); } + SYS_KSEM_GETVALUE = 407 // { int ksem_getvalue(semid_t id, int *val); } + SYS_KSEM_DESTROY = 408 // { int ksem_destroy(semid_t id); } + SYS___MAC_GET_PID = 409 // { int __mac_get_pid(pid_t pid, struct mac *mac_p); } + SYS___MAC_GET_LINK = 410 // { int __mac_get_link(const char *path_p, struct mac *mac_p); } + SYS___MAC_SET_LINK = 411 // { int __mac_set_link(const char *path_p, struct mac *mac_p); } + SYS_EXTATTR_SET_LINK = 412 // { ssize_t extattr_set_link(const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); } + SYS_EXTATTR_GET_LINK = 413 // { ssize_t extattr_get_link(const char *path, int attrnamespace, const char *attrname, void *data, size_t nbytes); } + SYS_EXTATTR_DELETE_LINK = 414 // { int extattr_delete_link(const char *path, int attrnamespace, const char *attrname); } + SYS___MAC_EXECVE = 415 // { int __mac_execve(char *fname, char **argv, char **envv, struct mac *mac_p); } + SYS_SIGACTION = 416 // { int sigaction(int sig, const struct sigaction *act, struct sigaction *oact); } + SYS_SIGRETURN = 417 // { int sigreturn(const struct __ucontext *sigcntxp); } + SYS_GETCONTEXT = 421 // { int getcontext(struct __ucontext *ucp); } + SYS_SETCONTEXT = 422 // { int setcontext(const struct __ucontext *ucp); } + SYS_SWAPCONTEXT = 423 // { int swapcontext(struct __ucontext *oucp, const struct __ucontext *ucp); } + SYS_SWAPOFF = 424 // { int swapoff(const char *name); } + SYS___ACL_GET_LINK = 425 // { int __acl_get_link(const char *path, acl_type_t type, struct acl *aclp); } + SYS___ACL_SET_LINK = 426 // { int __acl_set_link(const char *path, acl_type_t type, struct acl *aclp); } + SYS___ACL_DELETE_LINK = 427 // { int __acl_delete_link(const char *path, acl_type_t type); } + SYS___ACL_ACLCHECK_LINK = 428 // { int __acl_aclcheck_link(const char *path, acl_type_t type, struct acl *aclp); } + SYS_SIGWAIT = 429 // { int sigwait(const sigset_t *set, int *sig); } + SYS_THR_CREATE = 430 // { int thr_create(ucontext_t *ctx, long *id, int flags); } + SYS_THR_EXIT = 431 // { void thr_exit(long *state); } + SYS_THR_SELF = 432 // { int thr_self(long *id); } + SYS_THR_KILL = 433 // { int thr_kill(long id, int sig); } + SYS_JAIL_ATTACH = 436 // { int jail_attach(int jid); } + SYS_EXTATTR_LIST_FD = 437 // { ssize_t extattr_list_fd(int fd, int attrnamespace, void *data, size_t nbytes); } + SYS_EXTATTR_LIST_FILE = 438 // { ssize_t extattr_list_file(const char *path, int attrnamespace, void *data, size_t nbytes); } + SYS_EXTATTR_LIST_LINK = 439 // { ssize_t extattr_list_link(const char *path, int attrnamespace, void *data, size_t nbytes); } + SYS_KSEM_TIMEDWAIT = 441 // { int ksem_timedwait(semid_t id, const struct timespec *abstime); } + SYS_THR_SUSPEND = 442 // { int thr_suspend(const struct timespec *timeout); } + SYS_THR_WAKE = 443 // { int thr_wake(long id); } + SYS_KLDUNLOADF = 444 // { int kldunloadf(int fileid, int flags); } + SYS_AUDIT = 445 // { int audit(const void *record, u_int length); } + SYS_AUDITON = 446 // { int auditon(int cmd, void *data, u_int length); } + SYS_GETAUID = 447 // { int getauid(uid_t *auid); } + SYS_SETAUID = 448 // { int setauid(uid_t *auid); } + SYS_GETAUDIT = 449 // { int getaudit(struct auditinfo *auditinfo); } + SYS_SETAUDIT = 450 // { int setaudit(struct auditinfo *auditinfo); } + SYS_GETAUDIT_ADDR = 451 // { int getaudit_addr(struct auditinfo_addr *auditinfo_addr, u_int length); } + SYS_SETAUDIT_ADDR = 452 // { int setaudit_addr(struct auditinfo_addr *auditinfo_addr, u_int length); } + SYS_AUDITCTL = 453 // { int auditctl(char *path); } + SYS__UMTX_OP = 454 // { int _umtx_op(void *obj, int op, u_long val, void *uaddr1, void *uaddr2); } + SYS_THR_NEW = 455 // { int thr_new(struct thr_param *param, int param_size); } + SYS_SIGQUEUE = 456 // { int sigqueue(pid_t pid, int signum, void *value); } + SYS_KMQ_OPEN = 457 // { int kmq_open(const char *path, int flags, mode_t mode, const struct mq_attr *attr); } + SYS_KMQ_SETATTR = 458 // { int kmq_setattr(int mqd, const struct mq_attr *attr, struct mq_attr *oattr); } + SYS_KMQ_TIMEDRECEIVE = 459 // { int kmq_timedreceive(int mqd, char *msg_ptr, size_t msg_len, unsigned *msg_prio, const struct timespec *abs_timeout); } + SYS_KMQ_TIMEDSEND = 460 // { int kmq_timedsend(int mqd, const char *msg_ptr, size_t msg_len, unsigned msg_prio, const struct timespec *abs_timeout); } + SYS_KMQ_NOTIFY = 461 // { int kmq_notify(int mqd, const struct sigevent *sigev); } + SYS_KMQ_UNLINK = 462 // { int kmq_unlink(const char *path); } + SYS_ABORT2 = 463 // { int abort2(const char *why, int nargs, void **args); } + SYS_THR_SET_NAME = 464 // { int thr_set_name(long id, const char *name); } + SYS_AIO_FSYNC = 465 // { int aio_fsync(int op, struct aiocb *aiocbp); } + SYS_RTPRIO_THREAD = 466 // { int rtprio_thread(int function, lwpid_t lwpid, struct rtprio *rtp); } + SYS_SCTP_PEELOFF = 471 // { int sctp_peeloff(int sd, uint32_t name); } + SYS_SCTP_GENERIC_SENDMSG = 472 // { int sctp_generic_sendmsg(int sd, caddr_t msg, int mlen, caddr_t to, __socklen_t tolen, struct sctp_sndrcvinfo *sinfo, int flags); } + SYS_SCTP_GENERIC_SENDMSG_IOV = 473 // { int sctp_generic_sendmsg_iov(int sd, struct iovec *iov, int iovlen, caddr_t to, __socklen_t tolen, struct sctp_sndrcvinfo *sinfo, int flags); } + SYS_SCTP_GENERIC_RECVMSG = 474 // { int sctp_generic_recvmsg(int sd, struct iovec *iov, int iovlen, struct sockaddr *from, __socklen_t *fromlenaddr, struct sctp_sndrcvinfo *sinfo, int *msg_flags); } + SYS_PREAD = 475 // { ssize_t pread(int fd, void *buf, size_t nbyte, off_t offset); } + SYS_PWRITE = 476 // { ssize_t pwrite(int fd, const void *buf, size_t nbyte, off_t offset); } + SYS_MMAP = 477 // { caddr_t mmap(caddr_t addr, size_t len, int prot, int flags, int fd, off_t pos); } + SYS_LSEEK = 478 // { off_t lseek(int fd, off_t offset, int whence); } + SYS_TRUNCATE = 479 // { int truncate(char *path, off_t length); } + SYS_FTRUNCATE = 480 // { int ftruncate(int fd, off_t length); } + SYS_THR_KILL2 = 481 // { int thr_kill2(pid_t pid, long id, int sig); } + SYS_SHM_OPEN = 482 // { int shm_open(const char *path, int flags, mode_t mode); } + SYS_SHM_UNLINK = 483 // { int shm_unlink(const char *path); } + SYS_CPUSET = 484 // { int cpuset(cpusetid_t *setid); } + SYS_CPUSET_SETID = 485 // { int cpuset_setid(cpuwhich_t which, id_t id, cpusetid_t setid); } + SYS_CPUSET_GETID = 486 // { int cpuset_getid(cpulevel_t level, cpuwhich_t which, id_t id, cpusetid_t *setid); } + SYS_CPUSET_GETAFFINITY = 487 // { int cpuset_getaffinity(cpulevel_t level, cpuwhich_t which, id_t id, size_t cpusetsize, cpuset_t *mask); } + SYS_CPUSET_SETAFFINITY = 488 // { int cpuset_setaffinity(cpulevel_t level, cpuwhich_t which, id_t id, size_t cpusetsize, const cpuset_t *mask); } + SYS_FACCESSAT = 489 // { int faccessat(int fd, char *path, int amode, int flag); } + SYS_FCHMODAT = 490 // { int fchmodat(int fd, char *path, mode_t mode, int flag); } + SYS_FCHOWNAT = 491 // { int fchownat(int fd, char *path, uid_t uid, gid_t gid, int flag); } + SYS_FEXECVE = 492 // { int fexecve(int fd, char **argv, char **envv); } + SYS_FUTIMESAT = 494 // { int futimesat(int fd, char *path, struct timeval *times); } + SYS_LINKAT = 495 // { int linkat(int fd1, char *path1, int fd2, char *path2, int flag); } + SYS_MKDIRAT = 496 // { int mkdirat(int fd, char *path, mode_t mode); } + SYS_MKFIFOAT = 497 // { int mkfifoat(int fd, char *path, mode_t mode); } + SYS_OPENAT = 499 // { int openat(int fd, char *path, int flag, mode_t mode); } + SYS_READLINKAT = 500 // { ssize_t readlinkat(int fd, char *path, char *buf, size_t bufsize); } + SYS_RENAMEAT = 501 // { int renameat(int oldfd, char *old, int newfd, char *new); } + SYS_SYMLINKAT = 502 // { int symlinkat(char *path1, int fd, char *path2); } + SYS_UNLINKAT = 503 // { int unlinkat(int fd, char *path, int flag); } + SYS_POSIX_OPENPT = 504 // { int posix_openpt(int flags); } + SYS_GSSD_SYSCALL = 505 // { int gssd_syscall(char *path); } + SYS_JAIL_GET = 506 // { int jail_get(struct iovec *iovp, unsigned int iovcnt, int flags); } + SYS_JAIL_SET = 507 // { int jail_set(struct iovec *iovp, unsigned int iovcnt, int flags); } + SYS_JAIL_REMOVE = 508 // { int jail_remove(int jid); } + SYS_CLOSEFROM = 509 // { int closefrom(int lowfd); } + SYS___SEMCTL = 510 // { int __semctl(int semid, int semnum, int cmd, union semun *arg); } + SYS_MSGCTL = 511 // { int msgctl(int msqid, int cmd, struct msqid_ds *buf); } + SYS_SHMCTL = 512 // { int shmctl(int shmid, int cmd, struct shmid_ds *buf); } + SYS_LPATHCONF = 513 // { int lpathconf(char *path, int name); } + SYS___CAP_RIGHTS_GET = 515 // { int __cap_rights_get(int version, int fd, cap_rights_t *rightsp); } + SYS_CAP_ENTER = 516 // { int cap_enter(void); } + SYS_CAP_GETMODE = 517 // { int cap_getmode(u_int *modep); } + SYS_PDFORK = 518 // { int pdfork(int *fdp, int flags); } + SYS_PDKILL = 519 // { int pdkill(int fd, int signum); } + SYS_PDGETPID = 520 // { int pdgetpid(int fd, pid_t *pidp); } + SYS_PSELECT = 522 // { int pselect(int nd, fd_set *in, fd_set *ou, fd_set *ex, const struct timespec *ts, const sigset_t *sm); } + SYS_GETLOGINCLASS = 523 // { int getloginclass(char *namebuf, size_t namelen); } + SYS_SETLOGINCLASS = 524 // { int setloginclass(const char *namebuf); } + SYS_RCTL_GET_RACCT = 525 // { int rctl_get_racct(const void *inbufp, size_t inbuflen, void *outbufp, size_t outbuflen); } + SYS_RCTL_GET_RULES = 526 // { int rctl_get_rules(const void *inbufp, size_t inbuflen, void *outbufp, size_t outbuflen); } + SYS_RCTL_GET_LIMITS = 527 // { int rctl_get_limits(const void *inbufp, size_t inbuflen, void *outbufp, size_t outbuflen); } + SYS_RCTL_ADD_RULE = 528 // { int rctl_add_rule(const void *inbufp, size_t inbuflen, void *outbufp, size_t outbuflen); } + SYS_RCTL_REMOVE_RULE = 529 // { int rctl_remove_rule(const void *inbufp, size_t inbuflen, void *outbufp, size_t outbuflen); } + SYS_POSIX_FALLOCATE = 530 // { int posix_fallocate(int fd, off_t offset, off_t len); } + SYS_POSIX_FADVISE = 531 // { int posix_fadvise(int fd, off_t offset, off_t len, int advice); } + SYS_WAIT6 = 532 // { int wait6(idtype_t idtype, id_t id, int *status, int options, struct __wrusage *wrusage, siginfo_t *info); } + SYS_CAP_RIGHTS_LIMIT = 533 // { int cap_rights_limit(int fd, cap_rights_t *rightsp); } + SYS_CAP_IOCTLS_LIMIT = 534 // { int cap_ioctls_limit(int fd, const u_long *cmds, size_t ncmds); } + SYS_CAP_IOCTLS_GET = 535 // { ssize_t cap_ioctls_get(int fd, u_long *cmds, size_t maxcmds); } + SYS_CAP_FCNTLS_LIMIT = 536 // { int cap_fcntls_limit(int fd, uint32_t fcntlrights); } + SYS_CAP_FCNTLS_GET = 537 // { int cap_fcntls_get(int fd, uint32_t *fcntlrightsp); } + SYS_BINDAT = 538 // { int bindat(int fd, int s, caddr_t name, int namelen); } + SYS_CONNECTAT = 539 // { int connectat(int fd, int s, caddr_t name, int namelen); } + SYS_CHFLAGSAT = 540 // { int chflagsat(int fd, const char *path, u_long flags, int atflag); } + SYS_ACCEPT4 = 541 // { int accept4(int s, struct sockaddr * __restrict name, __socklen_t * __restrict anamelen, int flags); } + SYS_PIPE2 = 542 // { int pipe2(int *fildes, int flags); } + SYS_AIO_MLOCK = 543 // { int aio_mlock(struct aiocb *aiocbp); } + SYS_PROCCTL = 544 // { int procctl(idtype_t idtype, id_t id, int com, void *data); } + SYS_PPOLL = 545 // { int ppoll(struct pollfd *fds, u_int nfds, const struct timespec *ts, const sigset_t *set); } + SYS_FUTIMENS = 546 // { int futimens(int fd, struct timespec *times); } + SYS_UTIMENSAT = 547 // { int utimensat(int fd, char *path, struct timespec *times, int flag); } + SYS_FDATASYNC = 550 // { int fdatasync(int fd); } + SYS_FSTAT = 551 // { int fstat(int fd, struct stat *sb); } + SYS_FSTATAT = 552 // { int fstatat(int fd, char *path, struct stat *buf, int flag); } + SYS_FHSTAT = 553 // { int fhstat(const struct fhandle *u_fhp, struct stat *sb); } + SYS_GETDIRENTRIES = 554 // { ssize_t getdirentries(int fd, char *buf, size_t count, off_t *basep); } + SYS_STATFS = 555 // { int statfs(char *path, struct statfs *buf); } + SYS_FSTATFS = 556 // { int fstatfs(int fd, struct statfs *buf); } + SYS_GETFSSTAT = 557 // { int getfsstat(struct statfs *buf, long bufsize, int mode); } + SYS_FHSTATFS = 558 // { int fhstatfs(const struct fhandle *u_fhp, struct statfs *buf); } + SYS_MKNODAT = 559 // { int mknodat(int fd, char *path, mode_t mode, dev_t dev); } + SYS_KEVENT = 560 // { int kevent(int fd, struct kevent *changelist, int nchanges, struct kevent *eventlist, int nevents, const struct timespec *timeout); } + SYS_CPUSET_GETDOMAIN = 561 // { int cpuset_getdomain(cpulevel_t level, cpuwhich_t which, id_t id, size_t domainsetsize, domainset_t *mask, int *policy); } + SYS_CPUSET_SETDOMAIN = 562 // { int cpuset_setdomain(cpulevel_t level, cpuwhich_t which, id_t id, size_t domainsetsize, domainset_t *mask, int policy); } + SYS_GETRANDOM = 563 // { int getrandom(void *buf, size_t buflen, unsigned int flags); } + SYS_GETFHAT = 564 // { int getfhat(int fd, char *path, struct fhandle *fhp, int flags); } + SYS_FHLINK = 565 // { int fhlink(struct fhandle *fhp, const char *to); } + SYS_FHLINKAT = 566 // { int fhlinkat(struct fhandle *fhp, int tofd, const char *to,); } + SYS_FHREADLINK = 567 // { int fhreadlink(struct fhandle *fhp, char *buf, size_t bufsize); } + SYS___SYSCTLBYNAME = 570 // { int __sysctlbyname(const char *name, size_t namelen, void *old, size_t *oldlenp, void *new, size_t newlen); } + SYS_CLOSE_RANGE = 575 // { int close_range(u_int lowfd, u_int highfd, int flags); } +) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go index e443f9a322c..44a764c9917 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go @@ -85,8 +85,6 @@ const ( SYS_SPLICE = 76 SYS_TEE = 77 SYS_READLINKAT = 78 - SYS_FSTATAT = 79 - SYS_FSTAT = 80 SYS_SYNC = 81 SYS_FSYNC = 82 SYS_FDATASYNC = 83 diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go index c3a5af8623b..3a9c96b2882 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go @@ -309,6 +309,7 @@ const ( SYS_LANDLOCK_CREATE_RULESET = 444 SYS_LANDLOCK_ADD_RULE = 445 SYS_LANDLOCK_RESTRICT_SELF = 446 + SYS_MEMFD_SECRET = 447 SYS_PROCESS_MRELEASE = 448 SYS_FUTEX_WAITV = 449 SYS_SET_MEMPOLICY_HOME_NODE = 450 diff --git a/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go index 885842c0eb4..e2a64f0991a 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go @@ -366,30 +366,57 @@ type ICMPv6Filter struct { Filt [8]uint32 } +type TCPConnectionInfo struct { + State uint8 + Snd_wscale uint8 + Rcv_wscale uint8 + _ uint8 + Options uint32 + Flags uint32 + Rto uint32 + Maxseg uint32 + Snd_ssthresh uint32 + Snd_cwnd uint32 + Snd_wnd uint32 + Snd_sbbytes uint32 + Rcv_wnd uint32 + Rttcur uint32 + Srtt uint32 + Rttvar uint32 + Txpackets uint64 + Txbytes uint64 + Txretransmitbytes uint64 + Rxpackets uint64 + Rxbytes uint64 + Rxoutoforderbytes uint64 + Txretransmitpackets uint64 +} + const ( - SizeofSockaddrInet4 = 0x10 - SizeofSockaddrInet6 = 0x1c - SizeofSockaddrAny = 0x6c - SizeofSockaddrUnix = 0x6a - SizeofSockaddrDatalink = 0x14 - SizeofSockaddrCtl = 0x20 - SizeofSockaddrVM = 0xc - SizeofXvsockpcb = 0xa8 - SizeofXSocket = 0x64 - SizeofXSockbuf = 0x18 - SizeofXVSockPgen = 0x20 - SizeofXucred = 0x4c - SizeofLinger = 0x8 - SizeofIovec = 0x10 - SizeofIPMreq = 0x8 - SizeofIPMreqn = 0xc - SizeofIPv6Mreq = 0x14 - SizeofMsghdr = 0x30 - SizeofCmsghdr = 0xc - SizeofInet4Pktinfo = 0xc - SizeofInet6Pktinfo = 0x14 - SizeofIPv6MTUInfo = 0x20 - SizeofICMPv6Filter = 0x20 + SizeofSockaddrInet4 = 0x10 + SizeofSockaddrInet6 = 0x1c + SizeofSockaddrAny = 0x6c + SizeofSockaddrUnix = 0x6a + SizeofSockaddrDatalink = 0x14 + SizeofSockaddrCtl = 0x20 + SizeofSockaddrVM = 0xc + SizeofXvsockpcb = 0xa8 + SizeofXSocket = 0x64 + SizeofXSockbuf = 0x18 + SizeofXVSockPgen = 0x20 + SizeofXucred = 0x4c + SizeofLinger = 0x8 + SizeofIovec = 0x10 + SizeofIPMreq = 0x8 + SizeofIPMreqn = 0xc + SizeofIPv6Mreq = 0x14 + SizeofMsghdr = 0x30 + SizeofCmsghdr = 0xc + SizeofInet4Pktinfo = 0xc + SizeofInet6Pktinfo = 0x14 + SizeofIPv6MTUInfo = 0x20 + SizeofICMPv6Filter = 0x20 + SizeofTCPConnectionInfo = 0x70 ) const ( diff --git a/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go b/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go index b23c02337db..34aa775219f 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go @@ -366,30 +366,57 @@ type ICMPv6Filter struct { Filt [8]uint32 } +type TCPConnectionInfo struct { + State uint8 + Snd_wscale uint8 + Rcv_wscale uint8 + _ uint8 + Options uint32 + Flags uint32 + Rto uint32 + Maxseg uint32 + Snd_ssthresh uint32 + Snd_cwnd uint32 + Snd_wnd uint32 + Snd_sbbytes uint32 + Rcv_wnd uint32 + Rttcur uint32 + Srtt uint32 + Rttvar uint32 + Txpackets uint64 + Txbytes uint64 + Txretransmitbytes uint64 + Rxpackets uint64 + Rxbytes uint64 + Rxoutoforderbytes uint64 + Txretransmitpackets uint64 +} + const ( - SizeofSockaddrInet4 = 0x10 - SizeofSockaddrInet6 = 0x1c - SizeofSockaddrAny = 0x6c - SizeofSockaddrUnix = 0x6a - SizeofSockaddrDatalink = 0x14 - SizeofSockaddrCtl = 0x20 - SizeofSockaddrVM = 0xc - SizeofXvsockpcb = 0xa8 - SizeofXSocket = 0x64 - SizeofXSockbuf = 0x18 - SizeofXVSockPgen = 0x20 - SizeofXucred = 0x4c - SizeofLinger = 0x8 - SizeofIovec = 0x10 - SizeofIPMreq = 0x8 - SizeofIPMreqn = 0xc - SizeofIPv6Mreq = 0x14 - SizeofMsghdr = 0x30 - SizeofCmsghdr = 0xc - SizeofInet4Pktinfo = 0xc - SizeofInet6Pktinfo = 0x14 - SizeofIPv6MTUInfo = 0x20 - SizeofICMPv6Filter = 0x20 + SizeofSockaddrInet4 = 0x10 + SizeofSockaddrInet6 = 0x1c + SizeofSockaddrAny = 0x6c + SizeofSockaddrUnix = 0x6a + SizeofSockaddrDatalink = 0x14 + SizeofSockaddrCtl = 0x20 + SizeofSockaddrVM = 0xc + SizeofXvsockpcb = 0xa8 + SizeofXSocket = 0x64 + SizeofXSockbuf = 0x18 + SizeofXVSockPgen = 0x20 + SizeofXucred = 0x4c + SizeofLinger = 0x8 + SizeofIovec = 0x10 + SizeofIPMreq = 0x8 + SizeofIPMreqn = 0xc + SizeofIPv6Mreq = 0x14 + SizeofMsghdr = 0x30 + SizeofCmsghdr = 0xc + SizeofInet4Pktinfo = 0xc + SizeofInet6Pktinfo = 0x14 + SizeofIPv6MTUInfo = 0x20 + SizeofICMPv6Filter = 0x20 + SizeofTCPConnectionInfo = 0x70 ) const ( diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go index 4eec078e524..dea0c9a607d 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go +++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go @@ -90,27 +90,6 @@ type Stat_t struct { Spare [10]uint64 } -type stat_freebsd11_t struct { - Dev uint32 - Ino uint32 - Mode uint16 - Nlink uint16 - Uid uint32 - Gid uint32 - Rdev uint32 - Atim Timespec - Mtim Timespec - Ctim Timespec - Size int64 - Blocks int64 - Blksize int32 - Flags uint32 - Gen uint32 - Lspare int32 - Btim Timespec - _ [8]byte -} - type Statfs_t struct { Version uint32 Type uint32 @@ -136,31 +115,6 @@ type Statfs_t struct { Mntonname [1024]byte } -type statfs_freebsd11_t struct { - Version uint32 - Type uint32 - Flags uint64 - Bsize uint64 - Iosize uint64 - Blocks uint64 - Bfree uint64 - Bavail int64 - Files uint64 - Ffree int64 - Syncwrites uint64 - Asyncwrites uint64 - Syncreads uint64 - Asyncreads uint64 - Spare [10]uint64 - Namemax uint32 - Owner uint32 - Fsid Fsid - Charspare [80]int8 - Fstypename [16]byte - Mntfromname [88]byte - Mntonname [88]byte -} - type Flock_t struct { Start int64 Len int64 @@ -181,14 +135,6 @@ type Dirent struct { Name [256]int8 } -type dirent_freebsd11 struct { - Fileno uint32 - Reclen uint16 - Type uint8 - Namlen uint8 - Name [256]int8 -} - type Fsid struct { Val [2]int32 } @@ -337,41 +283,9 @@ const ( ) const ( - PTRACE_ATTACH = 0xa - PTRACE_CONT = 0x7 - PTRACE_DETACH = 0xb - PTRACE_GETFPREGS = 0x23 - PTRACE_GETFSBASE = 0x47 - PTRACE_GETLWPLIST = 0xf - PTRACE_GETNUMLWPS = 0xe - PTRACE_GETREGS = 0x21 - PTRACE_GETXSTATE = 0x45 - PTRACE_IO = 0xc - PTRACE_KILL = 0x8 - PTRACE_LWPEVENTS = 0x18 - PTRACE_LWPINFO = 0xd - PTRACE_SETFPREGS = 0x24 - PTRACE_SETREGS = 0x22 - PTRACE_SINGLESTEP = 0x9 - PTRACE_TRACEME = 0x0 -) - -const ( - PIOD_READ_D = 0x1 - PIOD_WRITE_D = 0x2 - PIOD_READ_I = 0x3 - PIOD_WRITE_I = 0x4 -) - -const ( - PL_FLAG_BORN = 0x100 - PL_FLAG_EXITED = 0x200 - PL_FLAG_SI = 0x20 -) - -const ( - TRAP_BRKPT = 0x1 - TRAP_TRACE = 0x2 + PTRACE_TRACEME = 0x0 + PTRACE_CONT = 0x7 + PTRACE_KILL = 0x8 ) type PtraceLwpInfoStruct struct { @@ -432,6 +346,8 @@ type FpReg struct { Pad [64]uint8 } +type FpExtendedPrecision struct{} + type PtraceIoDesc struct { Op int32 Offs *byte @@ -444,8 +360,9 @@ type Kevent_t struct { Filter int16 Flags uint16 Fflags uint32 - Data int32 + Data int64 Udata *byte + Ext [4]uint64 } type FdSet struct { diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go index 7622904a532..da0ea0d608a 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go @@ -86,26 +86,6 @@ type Stat_t struct { Spare [10]uint64 } -type stat_freebsd11_t struct { - Dev uint32 - Ino uint32 - Mode uint16 - Nlink uint16 - Uid uint32 - Gid uint32 - Rdev uint32 - Atim Timespec - Mtim Timespec - Ctim Timespec - Size int64 - Blocks int64 - Blksize int32 - Flags uint32 - Gen uint32 - Lspare int32 - Btim Timespec -} - type Statfs_t struct { Version uint32 Type uint32 @@ -131,31 +111,6 @@ type Statfs_t struct { Mntonname [1024]byte } -type statfs_freebsd11_t struct { - Version uint32 - Type uint32 - Flags uint64 - Bsize uint64 - Iosize uint64 - Blocks uint64 - Bfree uint64 - Bavail int64 - Files uint64 - Ffree int64 - Syncwrites uint64 - Asyncwrites uint64 - Syncreads uint64 - Asyncreads uint64 - Spare [10]uint64 - Namemax uint32 - Owner uint32 - Fsid Fsid - Charspare [80]int8 - Fstypename [16]byte - Mntfromname [88]byte - Mntonname [88]byte -} - type Flock_t struct { Start int64 Len int64 @@ -177,14 +132,6 @@ type Dirent struct { Name [256]int8 } -type dirent_freebsd11 struct { - Fileno uint32 - Reclen uint16 - Type uint8 - Namlen uint8 - Name [256]int8 -} - type Fsid struct { Val [2]int32 } @@ -333,41 +280,9 @@ const ( ) const ( - PTRACE_ATTACH = 0xa - PTRACE_CONT = 0x7 - PTRACE_DETACH = 0xb - PTRACE_GETFPREGS = 0x23 - PTRACE_GETFSBASE = 0x47 - PTRACE_GETLWPLIST = 0xf - PTRACE_GETNUMLWPS = 0xe - PTRACE_GETREGS = 0x21 - PTRACE_GETXSTATE = 0x45 - PTRACE_IO = 0xc - PTRACE_KILL = 0x8 - PTRACE_LWPEVENTS = 0x18 - PTRACE_LWPINFO = 0xd - PTRACE_SETFPREGS = 0x24 - PTRACE_SETREGS = 0x22 - PTRACE_SINGLESTEP = 0x9 - PTRACE_TRACEME = 0x0 -) - -const ( - PIOD_READ_D = 0x1 - PIOD_WRITE_D = 0x2 - PIOD_READ_I = 0x3 - PIOD_WRITE_I = 0x4 -) - -const ( - PL_FLAG_BORN = 0x100 - PL_FLAG_EXITED = 0x200 - PL_FLAG_SI = 0x20 -) - -const ( - TRAP_BRKPT = 0x1 - TRAP_TRACE = 0x2 + PTRACE_TRACEME = 0x0 + PTRACE_CONT = 0x7 + PTRACE_KILL = 0x8 ) type PtraceLwpInfoStruct struct { @@ -435,6 +350,8 @@ type FpReg struct { Spare [12]uint64 } +type FpExtendedPrecision struct{} + type PtraceIoDesc struct { Op int32 Offs *byte @@ -449,6 +366,7 @@ type Kevent_t struct { Fflags uint32 Data int64 Udata *byte + Ext [4]uint64 } type FdSet struct { diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go index 19223ce8ecf..da8f7404509 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go +++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go @@ -33,7 +33,7 @@ type Timeval struct { _ [4]byte } -type Time_t int32 +type Time_t int64 type Rusage struct { Utime Timeval @@ -88,26 +88,6 @@ type Stat_t struct { Spare [10]uint64 } -type stat_freebsd11_t struct { - Dev uint32 - Ino uint32 - Mode uint16 - Nlink uint16 - Uid uint32 - Gid uint32 - Rdev uint32 - Atim Timespec - Mtim Timespec - Ctim Timespec - Size int64 - Blocks int64 - Blksize int32 - Flags uint32 - Gen uint32 - Lspare int32 - Btim Timespec -} - type Statfs_t struct { Version uint32 Type uint32 @@ -133,31 +113,6 @@ type Statfs_t struct { Mntonname [1024]byte } -type statfs_freebsd11_t struct { - Version uint32 - Type uint32 - Flags uint64 - Bsize uint64 - Iosize uint64 - Blocks uint64 - Bfree uint64 - Bavail int64 - Files uint64 - Ffree int64 - Syncwrites uint64 - Asyncwrites uint64 - Syncreads uint64 - Asyncreads uint64 - Spare [10]uint64 - Namemax uint32 - Owner uint32 - Fsid Fsid - Charspare [80]int8 - Fstypename [16]byte - Mntfromname [88]byte - Mntonname [88]byte -} - type Flock_t struct { Start int64 Len int64 @@ -179,14 +134,6 @@ type Dirent struct { Name [256]int8 } -type dirent_freebsd11 struct { - Fileno uint32 - Reclen uint16 - Type uint8 - Namlen uint8 - Name [256]int8 -} - type Fsid struct { Val [2]int32 } @@ -335,41 +282,9 @@ const ( ) const ( - PTRACE_ATTACH = 0xa - PTRACE_CONT = 0x7 - PTRACE_DETACH = 0xb - PTRACE_GETFPREGS = 0x23 - PTRACE_GETFSBASE = 0x47 - PTRACE_GETLWPLIST = 0xf - PTRACE_GETNUMLWPS = 0xe - PTRACE_GETREGS = 0x21 - PTRACE_GETXSTATE = 0x45 - PTRACE_IO = 0xc - PTRACE_KILL = 0x8 - PTRACE_LWPEVENTS = 0x18 - PTRACE_LWPINFO = 0xd - PTRACE_SETFPREGS = 0x24 - PTRACE_SETREGS = 0x22 - PTRACE_SINGLESTEP = 0x9 - PTRACE_TRACEME = 0x0 -) - -const ( - PIOD_READ_D = 0x1 - PIOD_WRITE_D = 0x2 - PIOD_READ_I = 0x3 - PIOD_WRITE_I = 0x4 -) - -const ( - PL_FLAG_BORN = 0x100 - PL_FLAG_EXITED = 0x200 - PL_FLAG_SI = 0x20 -) - -const ( - TRAP_BRKPT = 0x1 - TRAP_TRACE = 0x2 + PTRACE_TRACEME = 0x0 + PTRACE_CONT = 0x7 + PTRACE_KILL = 0x8 ) type PtraceLwpInfoStruct struct { @@ -386,15 +301,15 @@ type PtraceLwpInfoStruct struct { } type __Siginfo struct { - Signo int32 - Errno int32 - Code int32 - Pid int32 - Uid uint32 - Status int32 - Addr *byte - Value [4]byte - X_reason [32]byte + Signo int32 + Errno int32 + Code int32 + Pid int32 + Uid uint32 + Status int32 + Addr *byte + Value [4]byte + _ [32]byte } type Sigset_t struct { @@ -402,16 +317,22 @@ type Sigset_t struct { } type Reg struct { - R [13]uint32 - R_sp uint32 - R_lr uint32 - R_pc uint32 - R_cpsr uint32 + R [13]uint32 + Sp uint32 + Lr uint32 + Pc uint32 + Cpsr uint32 } type FpReg struct { - Fpr_fpsr uint32 - Fpr [8][3]uint32 + Fpsr uint32 + Fpr [8]FpExtendedPrecision +} + +type FpExtendedPrecision struct { + Exponent uint32 + Mantissa_hi uint32 + Mantissa_lo uint32 } type PtraceIoDesc struct { @@ -426,8 +347,11 @@ type Kevent_t struct { Filter int16 Flags uint16 Fflags uint32 - Data int32 + _ [4]byte + Data int64 Udata *byte + _ [4]byte + Ext [4]uint64 } type FdSet struct { @@ -453,7 +377,7 @@ type ifMsghdr struct { Addrs int32 Flags int32 Index uint16 - _ [2]byte + _ uint16 Data ifData } @@ -464,7 +388,6 @@ type IfMsghdr struct { Addrs int32 Flags int32 Index uint16 - _ [2]byte Data IfData } @@ -532,7 +455,7 @@ type IfaMsghdr struct { Addrs int32 Flags int32 Index uint16 - _ [2]byte + _ uint16 Metric int32 } @@ -543,7 +466,7 @@ type IfmaMsghdr struct { Addrs int32 Flags int32 Index uint16 - _ [2]byte + _ uint16 } type IfAnnounceMsghdr struct { @@ -560,7 +483,7 @@ type RtMsghdr struct { Version uint8 Type uint8 Index uint16 - _ [2]byte + _ uint16 Flags int32 Addrs int32 Pid int32 diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go index 8e3e33f6790..d69988e5e58 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go @@ -86,26 +86,6 @@ type Stat_t struct { Spare [10]uint64 } -type stat_freebsd11_t struct { - Dev uint32 - Ino uint32 - Mode uint16 - Nlink uint16 - Uid uint32 - Gid uint32 - Rdev uint32 - Atim Timespec - Mtim Timespec - Ctim Timespec - Size int64 - Blocks int64 - Blksize int32 - Flags uint32 - Gen uint32 - Lspare int32 - Btim Timespec -} - type Statfs_t struct { Version uint32 Type uint32 @@ -131,31 +111,6 @@ type Statfs_t struct { Mntonname [1024]byte } -type statfs_freebsd11_t struct { - Version uint32 - Type uint32 - Flags uint64 - Bsize uint64 - Iosize uint64 - Blocks uint64 - Bfree uint64 - Bavail int64 - Files uint64 - Ffree int64 - Syncwrites uint64 - Asyncwrites uint64 - Syncreads uint64 - Asyncreads uint64 - Spare [10]uint64 - Namemax uint32 - Owner uint32 - Fsid Fsid - Charspare [80]int8 - Fstypename [16]byte - Mntfromname [88]byte - Mntonname [88]byte -} - type Flock_t struct { Start int64 Len int64 @@ -177,14 +132,6 @@ type Dirent struct { Name [256]int8 } -type dirent_freebsd11 struct { - Fileno uint32 - Reclen uint16 - Type uint8 - Namlen uint8 - Name [256]int8 -} - type Fsid struct { Val [2]int32 } @@ -333,39 +280,9 @@ const ( ) const ( - PTRACE_ATTACH = 0xa - PTRACE_CONT = 0x7 - PTRACE_DETACH = 0xb - PTRACE_GETFPREGS = 0x23 - PTRACE_GETLWPLIST = 0xf - PTRACE_GETNUMLWPS = 0xe - PTRACE_GETREGS = 0x21 - PTRACE_IO = 0xc - PTRACE_KILL = 0x8 - PTRACE_LWPEVENTS = 0x18 - PTRACE_LWPINFO = 0xd - PTRACE_SETFPREGS = 0x24 - PTRACE_SETREGS = 0x22 - PTRACE_SINGLESTEP = 0x9 - PTRACE_TRACEME = 0x0 -) - -const ( - PIOD_READ_D = 0x1 - PIOD_WRITE_D = 0x2 - PIOD_READ_I = 0x3 - PIOD_WRITE_I = 0x4 -) - -const ( - PL_FLAG_BORN = 0x100 - PL_FLAG_EXITED = 0x200 - PL_FLAG_SI = 0x20 -) - -const ( - TRAP_BRKPT = 0x1 - TRAP_TRACE = 0x2 + PTRACE_TRACEME = 0x0 + PTRACE_CONT = 0x7 + PTRACE_KILL = 0x8 ) type PtraceLwpInfoStruct struct { @@ -413,6 +330,8 @@ type FpReg struct { _ [8]byte } +type FpExtendedPrecision struct{} + type PtraceIoDesc struct { Op int32 Offs *byte @@ -427,6 +346,7 @@ type Kevent_t struct { Fflags uint32 Data int64 Udata *byte + Ext [4]uint64 } type FdSet struct { diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go new file mode 100644 index 00000000000..d6fd9e88382 --- /dev/null +++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go @@ -0,0 +1,626 @@ +// cgo -godefs -- -fsigned-char types_freebsd.go | go run mkpost.go +// Code generated by the command above; see README.md. DO NOT EDIT. + +//go:build riscv64 && freebsd +// +build riscv64,freebsd + +package unix + +const ( + SizeofPtr = 0x8 + SizeofShort = 0x2 + SizeofInt = 0x4 + SizeofLong = 0x8 + SizeofLongLong = 0x8 +) + +type ( + _C_short int16 + _C_int int32 + _C_long int64 + _C_long_long int64 +) + +type Timespec struct { + Sec int64 + Nsec int64 +} + +type Timeval struct { + Sec int64 + Usec int64 +} + +type Time_t int64 + +type Rusage struct { + Utime Timeval + Stime Timeval + Maxrss int64 + Ixrss int64 + Idrss int64 + Isrss int64 + Minflt int64 + Majflt int64 + Nswap int64 + Inblock int64 + Oublock int64 + Msgsnd int64 + Msgrcv int64 + Nsignals int64 + Nvcsw int64 + Nivcsw int64 +} + +type Rlimit struct { + Cur int64 + Max int64 +} + +type _Gid_t uint32 + +const ( + _statfsVersion = 0x20140518 + _dirblksiz = 0x400 +) + +type Stat_t struct { + Dev uint64 + Ino uint64 + Nlink uint64 + Mode uint16 + _0 int16 + Uid uint32 + Gid uint32 + _1 int32 + Rdev uint64 + Atim Timespec + Mtim Timespec + Ctim Timespec + Btim Timespec + Size int64 + Blocks int64 + Blksize int32 + Flags uint32 + Gen uint64 + Spare [10]uint64 +} + +type Statfs_t struct { + Version uint32 + Type uint32 + Flags uint64 + Bsize uint64 + Iosize uint64 + Blocks uint64 + Bfree uint64 + Bavail int64 + Files uint64 + Ffree int64 + Syncwrites uint64 + Asyncwrites uint64 + Syncreads uint64 + Asyncreads uint64 + Spare [10]uint64 + Namemax uint32 + Owner uint32 + Fsid Fsid + Charspare [80]int8 + Fstypename [16]byte + Mntfromname [1024]byte + Mntonname [1024]byte +} + +type Flock_t struct { + Start int64 + Len int64 + Pid int32 + Type int16 + Whence int16 + Sysid int32 + _ [4]byte +} + +type Dirent struct { + Fileno uint64 + Off int64 + Reclen uint16 + Type uint8 + Pad0 uint8 + Namlen uint16 + Pad1 uint16 + Name [256]int8 +} + +type Fsid struct { + Val [2]int32 +} + +const ( + PathMax = 0x400 +) + +const ( + FADV_NORMAL = 0x0 + FADV_RANDOM = 0x1 + FADV_SEQUENTIAL = 0x2 + FADV_WILLNEED = 0x3 + FADV_DONTNEED = 0x4 + FADV_NOREUSE = 0x5 +) + +type RawSockaddrInet4 struct { + Len uint8 + Family uint8 + Port uint16 + Addr [4]byte /* in_addr */ + Zero [8]int8 +} + +type RawSockaddrInet6 struct { + Len uint8 + Family uint8 + Port uint16 + Flowinfo uint32 + Addr [16]byte /* in6_addr */ + Scope_id uint32 +} + +type RawSockaddrUnix struct { + Len uint8 + Family uint8 + Path [104]int8 +} + +type RawSockaddrDatalink struct { + Len uint8 + Family uint8 + Index uint16 + Type uint8 + Nlen uint8 + Alen uint8 + Slen uint8 + Data [46]int8 +} + +type RawSockaddr struct { + Len uint8 + Family uint8 + Data [14]int8 +} + +type RawSockaddrAny struct { + Addr RawSockaddr + Pad [92]int8 +} + +type _Socklen uint32 + +type Xucred struct { + Version uint32 + Uid uint32 + Ngroups int16 + Groups [16]uint32 + _ *byte +} + +type Linger struct { + Onoff int32 + Linger int32 +} + +type Iovec struct { + Base *byte + Len uint64 +} + +type IPMreq struct { + Multiaddr [4]byte /* in_addr */ + Interface [4]byte /* in_addr */ +} + +type IPMreqn struct { + Multiaddr [4]byte /* in_addr */ + Address [4]byte /* in_addr */ + Ifindex int32 +} + +type IPv6Mreq struct { + Multiaddr [16]byte /* in6_addr */ + Interface uint32 +} + +type Msghdr struct { + Name *byte + Namelen uint32 + Iov *Iovec + Iovlen int32 + Control *byte + Controllen uint32 + Flags int32 +} + +type Cmsghdr struct { + Len uint32 + Level int32 + Type int32 +} + +type Inet6Pktinfo struct { + Addr [16]byte /* in6_addr */ + Ifindex uint32 +} + +type IPv6MTUInfo struct { + Addr RawSockaddrInet6 + Mtu uint32 +} + +type ICMPv6Filter struct { + Filt [8]uint32 +} + +const ( + SizeofSockaddrInet4 = 0x10 + SizeofSockaddrInet6 = 0x1c + SizeofSockaddrAny = 0x6c + SizeofSockaddrUnix = 0x6a + SizeofSockaddrDatalink = 0x36 + SizeofXucred = 0x58 + SizeofLinger = 0x8 + SizeofIovec = 0x10 + SizeofIPMreq = 0x8 + SizeofIPMreqn = 0xc + SizeofIPv6Mreq = 0x14 + SizeofMsghdr = 0x30 + SizeofCmsghdr = 0xc + SizeofInet6Pktinfo = 0x14 + SizeofIPv6MTUInfo = 0x20 + SizeofICMPv6Filter = 0x20 +) + +const ( + PTRACE_TRACEME = 0x0 + PTRACE_CONT = 0x7 + PTRACE_KILL = 0x8 +) + +type PtraceLwpInfoStruct struct { + Lwpid int32 + Event int32 + Flags int32 + Sigmask Sigset_t + Siglist Sigset_t + Siginfo __Siginfo + Tdname [20]int8 + Child_pid int32 + Syscall_code uint32 + Syscall_narg uint32 +} + +type __Siginfo struct { + Signo int32 + Errno int32 + Code int32 + Pid int32 + Uid uint32 + Status int32 + Addr *byte + Value [8]byte + _ [40]byte +} + +type Sigset_t struct { + Val [4]uint32 +} + +type Reg struct { + Ra uint64 + Sp uint64 + Gp uint64 + Tp uint64 + T [7]uint64 + S [12]uint64 + A [8]uint64 + Sepc uint64 + Sstatus uint64 +} + +type FpReg struct { + X [32][2]uint64 + Fcsr uint64 +} + +type FpExtendedPrecision struct{} + +type PtraceIoDesc struct { + Op int32 + Offs *byte + Addr *byte + Len uint64 +} + +type Kevent_t struct { + Ident uint64 + Filter int16 + Flags uint16 + Fflags uint32 + Data int64 + Udata *byte + Ext [4]uint64 +} + +type FdSet struct { + Bits [16]uint64 +} + +const ( + sizeofIfMsghdr = 0xa8 + SizeofIfMsghdr = 0xa8 + sizeofIfData = 0x98 + SizeofIfData = 0x98 + SizeofIfaMsghdr = 0x14 + SizeofIfmaMsghdr = 0x10 + SizeofIfAnnounceMsghdr = 0x18 + SizeofRtMsghdr = 0x98 + SizeofRtMetrics = 0x70 +) + +type ifMsghdr struct { + Msglen uint16 + Version uint8 + Type uint8 + Addrs int32 + Flags int32 + Index uint16 + _ uint16 + Data ifData +} + +type IfMsghdr struct { + Msglen uint16 + Version uint8 + Type uint8 + Addrs int32 + Flags int32 + Index uint16 + Data IfData +} + +type ifData struct { + Type uint8 + Physical uint8 + Addrlen uint8 + Hdrlen uint8 + Link_state uint8 + Vhid uint8 + Datalen uint16 + Mtu uint32 + Metric uint32 + Baudrate uint64 + Ipackets uint64 + Ierrors uint64 + Opackets uint64 + Oerrors uint64 + Collisions uint64 + Ibytes uint64 + Obytes uint64 + Imcasts uint64 + Omcasts uint64 + Iqdrops uint64 + Oqdrops uint64 + Noproto uint64 + Hwassist uint64 + _ [8]byte + _ [16]byte +} + +type IfData struct { + Type uint8 + Physical uint8 + Addrlen uint8 + Hdrlen uint8 + Link_state uint8 + Spare_char1 uint8 + Spare_char2 uint8 + Datalen uint8 + Mtu uint64 + Metric uint64 + Baudrate uint64 + Ipackets uint64 + Ierrors uint64 + Opackets uint64 + Oerrors uint64 + Collisions uint64 + Ibytes uint64 + Obytes uint64 + Imcasts uint64 + Omcasts uint64 + Iqdrops uint64 + Noproto uint64 + Hwassist uint64 + Epoch int64 + Lastchange Timeval +} + +type IfaMsghdr struct { + Msglen uint16 + Version uint8 + Type uint8 + Addrs int32 + Flags int32 + Index uint16 + _ uint16 + Metric int32 +} + +type IfmaMsghdr struct { + Msglen uint16 + Version uint8 + Type uint8 + Addrs int32 + Flags int32 + Index uint16 + _ uint16 +} + +type IfAnnounceMsghdr struct { + Msglen uint16 + Version uint8 + Type uint8 + Index uint16 + Name [16]int8 + What uint16 +} + +type RtMsghdr struct { + Msglen uint16 + Version uint8 + Type uint8 + Index uint16 + _ uint16 + Flags int32 + Addrs int32 + Pid int32 + Seq int32 + Errno int32 + Fmask int32 + Inits uint64 + Rmx RtMetrics +} + +type RtMetrics struct { + Locks uint64 + Mtu uint64 + Hopcount uint64 + Expire uint64 + Recvpipe uint64 + Sendpipe uint64 + Ssthresh uint64 + Rtt uint64 + Rttvar uint64 + Pksent uint64 + Weight uint64 + Nhidx uint64 + Filler [2]uint64 +} + +const ( + SizeofBpfVersion = 0x4 + SizeofBpfStat = 0x8 + SizeofBpfZbuf = 0x18 + SizeofBpfProgram = 0x10 + SizeofBpfInsn = 0x8 + SizeofBpfHdr = 0x20 + SizeofBpfZbufHeader = 0x20 +) + +type BpfVersion struct { + Major uint16 + Minor uint16 +} + +type BpfStat struct { + Recv uint32 + Drop uint32 +} + +type BpfZbuf struct { + Bufa *byte + Bufb *byte + Buflen uint64 +} + +type BpfProgram struct { + Len uint32 + Insns *BpfInsn +} + +type BpfInsn struct { + Code uint16 + Jt uint8 + Jf uint8 + K uint32 +} + +type BpfHdr struct { + Tstamp Timeval + Caplen uint32 + Datalen uint32 + Hdrlen uint16 + _ [6]byte +} + +type BpfZbufHeader struct { + Kernel_gen uint32 + Kernel_len uint32 + User_gen uint32 + _ [5]uint32 +} + +type Termios struct { + Iflag uint32 + Oflag uint32 + Cflag uint32 + Lflag uint32 + Cc [20]uint8 + Ispeed uint32 + Ospeed uint32 +} + +type Winsize struct { + Row uint16 + Col uint16 + Xpixel uint16 + Ypixel uint16 +} + +const ( + AT_FDCWD = -0x64 + AT_EACCESS = 0x100 + AT_SYMLINK_NOFOLLOW = 0x200 + AT_SYMLINK_FOLLOW = 0x400 + AT_REMOVEDIR = 0x800 +) + +type PollFd struct { + Fd int32 + Events int16 + Revents int16 +} + +const ( + POLLERR = 0x8 + POLLHUP = 0x10 + POLLIN = 0x1 + POLLINIGNEOF = 0x2000 + POLLNVAL = 0x20 + POLLOUT = 0x4 + POLLPRI = 0x2 + POLLRDBAND = 0x80 + POLLRDNORM = 0x40 + POLLWRBAND = 0x100 + POLLWRNORM = 0x4 +) + +type CapRights struct { + Rights [2]uint64 +} + +type Utsname struct { + Sysname [256]byte + Nodename [256]byte + Release [256]byte + Version [256]byte + Machine [256]byte +} + +const SizeofClockinfo = 0x14 + +type Clockinfo struct { + Hz int32 + Tick int32 + Spare int32 + Stathz int32 + Profhz int32 +} diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux.go b/vendor/golang.org/x/sys/unix/ztypes_linux.go index 9962d26bb30..86984798754 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux.go @@ -1127,7 +1127,9 @@ const ( PERF_BR_SYSRET = 0x8 PERF_BR_COND_CALL = 0x9 PERF_BR_COND_RET = 0xa - PERF_BR_MAX = 0xb + PERF_BR_ERET = 0xb + PERF_BR_IRQ = 0xc + PERF_BR_MAX = 0xd PERF_SAMPLE_REGS_ABI_NONE = 0x0 PERF_SAMPLE_REGS_ABI_32 = 0x1 PERF_SAMPLE_REGS_ABI_64 = 0x2 @@ -2969,7 +2971,7 @@ const ( DEVLINK_CMD_TRAP_POLICER_NEW = 0x47 DEVLINK_CMD_TRAP_POLICER_DEL = 0x48 DEVLINK_CMD_HEALTH_REPORTER_TEST = 0x49 - DEVLINK_CMD_MAX = 0x4d + DEVLINK_CMD_MAX = 0x51 DEVLINK_PORT_TYPE_NOTSET = 0x0 DEVLINK_PORT_TYPE_AUTO = 0x1 DEVLINK_PORT_TYPE_ETH = 0x2 @@ -3198,7 +3200,7 @@ const ( DEVLINK_ATTR_RATE_NODE_NAME = 0xa8 DEVLINK_ATTR_RATE_PARENT_NODE_NAME = 0xa9 DEVLINK_ATTR_REGION_MAX_SNAPSHOTS = 0xaa - DEVLINK_ATTR_MAX = 0xaa + DEVLINK_ATTR_MAX = 0xae DEVLINK_DPIPE_FIELD_MAPPING_TYPE_NONE = 0x0 DEVLINK_DPIPE_FIELD_MAPPING_TYPE_IFINDEX = 0x1 DEVLINK_DPIPE_MATCH_TYPE_FIELD_EXACT = 0x0 @@ -3638,7 +3640,11 @@ const ( ETHTOOL_A_RINGS_RX_MINI = 0x7 ETHTOOL_A_RINGS_RX_JUMBO = 0x8 ETHTOOL_A_RINGS_TX = 0x9 - ETHTOOL_A_RINGS_MAX = 0xa + ETHTOOL_A_RINGS_RX_BUF_LEN = 0xa + ETHTOOL_A_RINGS_TCP_DATA_SPLIT = 0xb + ETHTOOL_A_RINGS_CQE_SIZE = 0xc + ETHTOOL_A_RINGS_TX_PUSH = 0xd + ETHTOOL_A_RINGS_MAX = 0xd ETHTOOL_A_CHANNELS_UNSPEC = 0x0 ETHTOOL_A_CHANNELS_HEADER = 0x1 ETHTOOL_A_CHANNELS_RX_MAX = 0x2 @@ -4323,7 +4329,7 @@ const ( NL80211_ATTR_MAC_HINT = 0xc8 NL80211_ATTR_MAC_MASK = 0xd7 NL80211_ATTR_MAX_AP_ASSOC_STA = 0xca - NL80211_ATTR_MAX = 0x135 + NL80211_ATTR_MAX = 0x137 NL80211_ATTR_MAX_CRIT_PROT_DURATION = 0xb4 NL80211_ATTR_MAX_CSA_COUNTERS = 0xce NL80211_ATTR_MAX_MATCH_SETS = 0x85 @@ -4549,7 +4555,7 @@ const ( NL80211_BAND_IFTYPE_ATTR_HE_CAP_PHY = 0x3 NL80211_BAND_IFTYPE_ATTR_HE_CAP_PPE = 0x5 NL80211_BAND_IFTYPE_ATTR_IFTYPES = 0x1 - NL80211_BAND_IFTYPE_ATTR_MAX = 0x7 + NL80211_BAND_IFTYPE_ATTR_MAX = 0xb NL80211_BAND_S1GHZ = 0x4 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE = 0x2 NL80211_BITRATE_ATTR_MAX = 0x2 @@ -4887,7 +4893,7 @@ const ( NL80211_FREQUENCY_ATTR_GO_CONCURRENT = 0xf NL80211_FREQUENCY_ATTR_INDOOR_ONLY = 0xe NL80211_FREQUENCY_ATTR_IR_CONCURRENT = 0xf - NL80211_FREQUENCY_ATTR_MAX = 0x19 + NL80211_FREQUENCY_ATTR_MAX = 0x1b NL80211_FREQUENCY_ATTR_MAX_TX_POWER = 0x6 NL80211_FREQUENCY_ATTR_NO_10MHZ = 0x11 NL80211_FREQUENCY_ATTR_NO_160MHZ = 0xc @@ -5254,7 +5260,7 @@ const ( NL80211_RATE_INFO_HE_RU_ALLOC_52 = 0x1 NL80211_RATE_INFO_HE_RU_ALLOC_996 = 0x5 NL80211_RATE_INFO_HE_RU_ALLOC = 0x11 - NL80211_RATE_INFO_MAX = 0x11 + NL80211_RATE_INFO_MAX = 0x16 NL80211_RATE_INFO_MCS = 0x2 NL80211_RATE_INFO_SHORT_GI = 0x4 NL80211_RATE_INFO_VHT_MCS = 0x6 @@ -5588,3 +5594,8 @@ const ( FR_ACT_UNREACHABLE = 0x7 FR_ACT_PROHIBIT = 0x8 ) + +const ( + AUDIT_NLGRP_NONE = 0x0 + AUDIT_NLGRP_READLOG = 0x1 +) diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_386.go b/vendor/golang.org/x/sys/unix/ztypes_linux_386.go index 4948362f2c2..7551af48318 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_386.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_386.go @@ -324,6 +324,13 @@ type Taskstats struct { Ac_btime64 uint64 Compact_count uint64 Compact_delay_total uint64 + Ac_tgid uint32 + _ [4]byte + Ac_tgetime uint64 + Ac_exe_dev uint64 + Ac_exe_inode uint64 + Wpcopy_count uint64 + Wpcopy_delay_total uint64 } type cpuMask uint32 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go index f64345e0e2f..3e738ac0bbf 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go @@ -338,6 +338,12 @@ type Taskstats struct { Ac_btime64 uint64 Compact_count uint64 Compact_delay_total uint64 + Ac_tgid uint32 + Ac_tgetime uint64 + Ac_exe_dev uint64 + Ac_exe_inode uint64 + Wpcopy_count uint64 + Wpcopy_delay_total uint64 } type cpuMask uint64 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go b/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go index 72469c79e75..6183eef4a40 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go @@ -315,6 +315,13 @@ type Taskstats struct { Ac_btime64 uint64 Compact_count uint64 Compact_delay_total uint64 + Ac_tgid uint32 + _ [4]byte + Ac_tgetime uint64 + Ac_exe_dev uint64 + Ac_exe_inode uint64 + Wpcopy_count uint64 + Wpcopy_delay_total uint64 } type cpuMask uint32 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go index 68f072283a0..968cecb17e8 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go @@ -317,6 +317,12 @@ type Taskstats struct { Ac_btime64 uint64 Compact_count uint64 Compact_delay_total uint64 + Ac_tgid uint32 + Ac_tgetime uint64 + Ac_exe_dev uint64 + Ac_exe_inode uint64 + Wpcopy_count uint64 + Wpcopy_delay_total uint64 } type cpuMask uint64 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go index 090ae46c675..8fe4c522a9c 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go @@ -318,6 +318,12 @@ type Taskstats struct { Ac_btime64 uint64 Compact_count uint64 Compact_delay_total uint64 + Ac_tgid uint32 + Ac_tgetime uint64 + Ac_exe_dev uint64 + Ac_exe_inode uint64 + Wpcopy_count uint64 + Wpcopy_delay_total uint64 } type cpuMask uint64 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go index 03604cca135..11426a3010b 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go @@ -320,6 +320,13 @@ type Taskstats struct { Ac_btime64 uint64 Compact_count uint64 Compact_delay_total uint64 + Ac_tgid uint32 + _ [4]byte + Ac_tgetime uint64 + Ac_exe_dev uint64 + Ac_exe_inode uint64 + Wpcopy_count uint64 + Wpcopy_delay_total uint64 } type cpuMask uint32 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go index fe57a7b2653..ad1c3b3de59 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go @@ -320,6 +320,12 @@ type Taskstats struct { Ac_btime64 uint64 Compact_count uint64 Compact_delay_total uint64 + Ac_tgid uint32 + Ac_tgetime uint64 + Ac_exe_dev uint64 + Ac_exe_inode uint64 + Wpcopy_count uint64 + Wpcopy_delay_total uint64 } type cpuMask uint64 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go index 3f0db4da81e..15fd84e4dd0 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go @@ -320,6 +320,12 @@ type Taskstats struct { Ac_btime64 uint64 Compact_count uint64 Compact_delay_total uint64 + Ac_tgid uint32 + Ac_tgetime uint64 + Ac_exe_dev uint64 + Ac_exe_inode uint64 + Wpcopy_count uint64 + Wpcopy_delay_total uint64 } type cpuMask uint64 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go index 70ecd3b239f..49c49825ab3 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go @@ -320,6 +320,13 @@ type Taskstats struct { Ac_btime64 uint64 Compact_count uint64 Compact_delay_total uint64 + Ac_tgid uint32 + _ [4]byte + Ac_tgetime uint64 + Ac_exe_dev uint64 + Ac_exe_inode uint64 + Wpcopy_count uint64 + Wpcopy_delay_total uint64 } type cpuMask uint32 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go index 4e700120db9..cd36d0da26a 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go @@ -327,6 +327,13 @@ type Taskstats struct { Ac_btime64 uint64 Compact_count uint64 Compact_delay_total uint64 + Ac_tgid uint32 + _ [4]byte + Ac_tgetime uint64 + Ac_exe_dev uint64 + Ac_exe_inode uint64 + Wpcopy_count uint64 + Wpcopy_delay_total uint64 } type cpuMask uint32 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go index 34a57c69928..8c6fce03950 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go @@ -327,6 +327,12 @@ type Taskstats struct { Ac_btime64 uint64 Compact_count uint64 Compact_delay_total uint64 + Ac_tgid uint32 + Ac_tgetime uint64 + Ac_exe_dev uint64 + Ac_exe_inode uint64 + Wpcopy_count uint64 + Wpcopy_delay_total uint64 } type cpuMask uint64 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go index 6b84a47296f..20910f2ad78 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go @@ -327,6 +327,12 @@ type Taskstats struct { Ac_btime64 uint64 Compact_count uint64 Compact_delay_total uint64 + Ac_tgid uint32 + Ac_tgetime uint64 + Ac_exe_dev uint64 + Ac_exe_inode uint64 + Wpcopy_count uint64 + Wpcopy_delay_total uint64 } type cpuMask uint64 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go index c4a305fe2e7..71b7b3331db 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go @@ -345,6 +345,12 @@ type Taskstats struct { Ac_btime64 uint64 Compact_count uint64 Compact_delay_total uint64 + Ac_tgid uint32 + Ac_tgetime uint64 + Ac_exe_dev uint64 + Ac_exe_inode uint64 + Wpcopy_count uint64 + Wpcopy_delay_total uint64 } type cpuMask uint64 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go b/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go index a1f1e4c9e18..71184cc2cda 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go @@ -340,6 +340,12 @@ type Taskstats struct { Ac_btime64 uint64 Compact_count uint64 Compact_delay_total uint64 + Ac_tgid uint32 + Ac_tgetime uint64 + Ac_exe_dev uint64 + Ac_exe_inode uint64 + Wpcopy_count uint64 + Wpcopy_delay_total uint64 } type cpuMask uint64 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go index df95ebf3a1b..06156285d9e 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go @@ -322,6 +322,12 @@ type Taskstats struct { Ac_btime64 uint64 Compact_count uint64 Compact_delay_total uint64 + Ac_tgid uint32 + Ac_tgetime uint64 + Ac_exe_dev uint64 + Ac_exe_inode uint64 + Wpcopy_count uint64 + Wpcopy_delay_total uint64 } type cpuMask uint64 diff --git a/vendor/golang.org/x/sys/unix/ztypes_solaris_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_solaris_amd64.go index ad4aad27968..c1a9b83ad5e 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_solaris_amd64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_solaris_amd64.go @@ -178,7 +178,7 @@ type Linger struct { } type Iovec struct { - Base *int8 + Base *byte Len uint64 } diff --git a/vendor/golang.org/x/sys/windows/syscall_windows.go b/vendor/golang.org/x/sys/windows/syscall_windows.go index 636e5de60e3..be3ec2bd467 100644 --- a/vendor/golang.org/x/sys/windows/syscall_windows.go +++ b/vendor/golang.org/x/sys/windows/syscall_windows.go @@ -861,6 +861,7 @@ const socket_error = uintptr(^uint32(0)) //sys GetAdaptersAddresses(family uint32, flags uint32, reserved uintptr, adapterAddresses *IpAdapterAddresses, sizePointer *uint32) (errcode error) = iphlpapi.GetAdaptersAddresses //sys GetACP() (acp uint32) = kernel32.GetACP //sys MultiByteToWideChar(codePage uint32, dwFlags uint32, str *byte, nstr int32, wchar *uint16, nwchar int32) (nwrite int32, err error) = kernel32.MultiByteToWideChar +//sys getBestInterfaceEx(sockaddr unsafe.Pointer, pdwBestIfIndex *uint32) (errcode error) = iphlpapi.GetBestInterfaceEx // For testing: clients can set this flag to force // creation of IPv6 sockets to return EAFNOSUPPORT. @@ -1045,6 +1046,14 @@ func Connect(fd Handle, sa Sockaddr) (err error) { return connect(fd, ptr, n) } +func GetBestInterfaceEx(sa Sockaddr, pdwBestIfIndex *uint32) (err error) { + ptr, _, err := sa.sockaddr() + if err != nil { + return err + } + return getBestInterfaceEx(ptr, pdwBestIfIndex) +} + func Getsockname(fd Handle) (sa Sockaddr, err error) { var rsa RawSockaddrAny l := int32(unsafe.Sizeof(rsa)) diff --git a/vendor/golang.org/x/sys/windows/types_windows.go b/vendor/golang.org/x/sys/windows/types_windows.go index e19471c6a85..f9eaca528ed 100644 --- a/vendor/golang.org/x/sys/windows/types_windows.go +++ b/vendor/golang.org/x/sys/windows/types_windows.go @@ -160,6 +160,10 @@ const ( MAX_COMPUTERNAME_LENGTH = 15 + MAX_DHCPV6_DUID_LENGTH = 130 + + MAX_DNS_SUFFIX_STRING_LENGTH = 256 + TIME_ZONE_ID_UNKNOWN = 0 TIME_ZONE_ID_STANDARD = 1 @@ -2000,27 +2004,62 @@ type IpAdapterPrefix struct { } type IpAdapterAddresses struct { - Length uint32 - IfIndex uint32 - Next *IpAdapterAddresses - AdapterName *byte - FirstUnicastAddress *IpAdapterUnicastAddress - FirstAnycastAddress *IpAdapterAnycastAddress - FirstMulticastAddress *IpAdapterMulticastAddress - FirstDnsServerAddress *IpAdapterDnsServerAdapter - DnsSuffix *uint16 - Description *uint16 - FriendlyName *uint16 - PhysicalAddress [syscall.MAX_ADAPTER_ADDRESS_LENGTH]byte - PhysicalAddressLength uint32 - Flags uint32 - Mtu uint32 - IfType uint32 - OperStatus uint32 - Ipv6IfIndex uint32 - ZoneIndices [16]uint32 - FirstPrefix *IpAdapterPrefix - /* more fields might be present here. */ + Length uint32 + IfIndex uint32 + Next *IpAdapterAddresses + AdapterName *byte + FirstUnicastAddress *IpAdapterUnicastAddress + FirstAnycastAddress *IpAdapterAnycastAddress + FirstMulticastAddress *IpAdapterMulticastAddress + FirstDnsServerAddress *IpAdapterDnsServerAdapter + DnsSuffix *uint16 + Description *uint16 + FriendlyName *uint16 + PhysicalAddress [syscall.MAX_ADAPTER_ADDRESS_LENGTH]byte + PhysicalAddressLength uint32 + Flags uint32 + Mtu uint32 + IfType uint32 + OperStatus uint32 + Ipv6IfIndex uint32 + ZoneIndices [16]uint32 + FirstPrefix *IpAdapterPrefix + TransmitLinkSpeed uint64 + ReceiveLinkSpeed uint64 + FirstWinsServerAddress *IpAdapterWinsServerAddress + FirstGatewayAddress *IpAdapterGatewayAddress + Ipv4Metric uint32 + Ipv6Metric uint32 + Luid uint64 + Dhcpv4Server SocketAddress + CompartmentId uint32 + NetworkGuid GUID + ConnectionType uint32 + TunnelType uint32 + Dhcpv6Server SocketAddress + Dhcpv6ClientDuid [MAX_DHCPV6_DUID_LENGTH]byte + Dhcpv6ClientDuidLength uint32 + Dhcpv6Iaid uint32 + FirstDnsSuffix *IpAdapterDNSSuffix +} + +type IpAdapterWinsServerAddress struct { + Length uint32 + Reserved uint32 + Next *IpAdapterWinsServerAddress + Address SocketAddress +} + +type IpAdapterGatewayAddress struct { + Length uint32 + Reserved uint32 + Next *IpAdapterGatewayAddress + Address SocketAddress +} + +type IpAdapterDNSSuffix struct { + Next *IpAdapterDNSSuffix + String [MAX_DNS_SUFFIX_STRING_LENGTH]uint16 } const ( diff --git a/vendor/golang.org/x/sys/windows/zsyscall_windows.go b/vendor/golang.org/x/sys/windows/zsyscall_windows.go index 68f52c1e61e..678262cda17 100644 --- a/vendor/golang.org/x/sys/windows/zsyscall_windows.go +++ b/vendor/golang.org/x/sys/windows/zsyscall_windows.go @@ -177,6 +177,7 @@ var ( procDnsRecordListFree = moddnsapi.NewProc("DnsRecordListFree") procGetAdaptersAddresses = modiphlpapi.NewProc("GetAdaptersAddresses") procGetAdaptersInfo = modiphlpapi.NewProc("GetAdaptersInfo") + procGetBestInterfaceEx = modiphlpapi.NewProc("GetBestInterfaceEx") procGetIfEntry = modiphlpapi.NewProc("GetIfEntry") procAssignProcessToJobObject = modkernel32.NewProc("AssignProcessToJobObject") procCancelIo = modkernel32.NewProc("CancelIo") @@ -1539,6 +1540,14 @@ func GetAdaptersInfo(ai *IpAdapterInfo, ol *uint32) (errcode error) { return } +func getBestInterfaceEx(sockaddr unsafe.Pointer, pdwBestIfIndex *uint32) (errcode error) { + r0, _, _ := syscall.Syscall(procGetBestInterfaceEx.Addr(), 2, uintptr(sockaddr), uintptr(unsafe.Pointer(pdwBestIfIndex)), 0) + if r0 != 0 { + errcode = syscall.Errno(r0) + } + return +} + func GetIfEntry(pIfRow *MibIfRow) (errcode error) { r0, _, _ := syscall.Syscall(procGetIfEntry.Addr(), 1, uintptr(unsafe.Pointer(pIfRow)), 0, 0) if r0 != 0 { diff --git a/vendor/modules.txt b/vendor/modules.txt index 28c13ef36a7..675dc2d1411 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -54,7 +54,7 @@ github.com/seccomp/libseccomp-golang # github.com/shurcooL/sanitized_anchor_name v1.0.0 ## explicit github.com/shurcooL/sanitized_anchor_name -# github.com/sirupsen/logrus v1.8.1 +# github.com/sirupsen/logrus v1.9.0 ## explicit; go 1.13 github.com/sirupsen/logrus github.com/sirupsen/logrus/hooks/test @@ -74,7 +74,7 @@ github.com/vishvananda/netns # golang.org/x/net v0.0.0-20201224014010-6772e930b67b ## explicit; go 1.11 golang.org/x/net/bpf -# golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a +# golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8 ## explicit; go 1.17 golang.org/x/sys/execabs golang.org/x/sys/internal/unsafeheader From 450dd3e237cc64ac8c0328ff5fbba0ca2fc4d9f2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 29 Jul 2022 23:51:56 +0000 Subject: [PATCH 0078/1176] build(deps): bump google.golang.org/protobuf from 1.28.0 to 1.28.1 Bumps [google.golang.org/protobuf](https://github.com/protocolbuffers/protobuf-go) from 1.28.0 to 1.28.1. - [Release notes](https://github.com/protocolbuffers/protobuf-go/releases) - [Changelog](https://github.com/protocolbuffers/protobuf-go/blob/master/release.bash) - [Commits](https://github.com/protocolbuffers/protobuf-go/compare/v1.28.0...v1.28.1) --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 +- vendor/google.golang.org/protobuf/AUTHORS | 3 - .../google.golang.org/protobuf/CONTRIBUTORS | 3 - .../protobuf/encoding/prototext/decode.go | 116 +++--- .../protobuf/encoding/prototext/encode.go | 39 +- .../protobuf/encoding/protowire/wire.go | 4 + .../protobuf/internal/descfmt/stringer.go | 66 +-- .../internal/encoding/defval/default.go | 78 ++-- .../encoding/messageset/messageset.go | 7 +- .../protobuf/internal/encoding/tag/tag.go | 96 ++--- .../protobuf/internal/encoding/text/decode.go | 30 +- .../internal/encoding/text/decode_number.go | 6 +- .../protobuf/internal/encoding/text/doc.go | 4 +- .../protobuf/internal/filedesc/build.go | 19 +- .../protobuf/internal/filedesc/desc.go | 380 +++++++++--------- .../protobuf/internal/filedesc/desc_init.go | 36 +- .../protobuf/internal/filedesc/desc_lazy.go | 80 ++-- .../protobuf/internal/filedesc/desc_list.go | 167 ++++---- .../protobuf/internal/filedesc/placeholder.go | 136 ++++--- .../protobuf/internal/filetype/build.go | 87 ++-- .../protobuf/internal/impl/api_export.go | 42 +- .../protobuf/internal/impl/checkinit.go | 12 +- .../protobuf/internal/impl/codec_extension.go | 36 +- .../protobuf/internal/impl/codec_field.go | 90 ++--- .../protobuf/internal/impl/codec_map.go | 20 +- .../protobuf/internal/impl/codec_message.go | 30 +- .../protobuf/internal/impl/codec_tables.go | 290 ++++++------- .../protobuf/internal/impl/convert.go | 228 +++++------ .../protobuf/internal/impl/convert_list.go | 42 +- .../protobuf/internal/impl/convert_map.go | 32 +- .../protobuf/internal/impl/decode.go | 21 +- .../protobuf/internal/impl/enum.go | 10 +- .../protobuf/internal/impl/extension.go | 26 +- .../protobuf/internal/impl/legacy_enum.go | 57 ++- .../protobuf/internal/impl/legacy_export.go | 18 +- .../internal/impl/legacy_extension.go | 100 ++--- .../protobuf/internal/impl/legacy_message.go | 122 +++--- .../protobuf/internal/impl/merge.go | 32 +- .../protobuf/internal/impl/message.go | 41 +- .../protobuf/internal/impl/message_reflect.go | 74 ++-- .../internal/impl/message_reflect_field.go | 118 +++--- .../protobuf/internal/impl/validate.go | 50 +-- .../protobuf/internal/impl/weak.go | 16 +- .../protobuf/internal/order/order.go | 16 +- .../protobuf/internal/order/range.go | 22 +- .../protobuf/internal/strs/strings_unsafe.go | 6 +- .../protobuf/internal/version/version.go | 54 +-- .../protobuf/proto/decode.go | 3 +- .../google.golang.org/protobuf/proto/doc.go | 21 +- .../protobuf/proto/encode.go | 5 +- .../google.golang.org/protobuf/proto/equal.go | 50 +-- .../protobuf/reflect/protoreflect/proto.go | 32 +- .../protobuf/reflect/protoreflect/source.go | 1 + .../protobuf/reflect/protoreflect/type.go | 1 + .../reflect/protoreflect/value_union.go | 2 + .../reflect/protoregistry/registry.go | 2 + .../protobuf/runtime/protoimpl/version.go | 8 +- vendor/modules.txt | 2 +- 59 files changed, 1570 insertions(+), 1525 deletions(-) delete mode 100644 vendor/google.golang.org/protobuf/AUTHORS delete mode 100644 vendor/google.golang.org/protobuf/CONTRIBUTORS diff --git a/go.mod b/go.mod index c3c1428193c..12b82e1546e 100644 --- a/go.mod +++ b/go.mod @@ -21,7 +21,7 @@ require ( github.com/vishvananda/netlink v1.1.0 golang.org/x/net v0.0.0-20201224014010-6772e930b67b golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8 - google.golang.org/protobuf v1.28.0 + google.golang.org/protobuf v1.28.1 ) require ( diff --git a/go.sum b/go.sum index 8f10a167b8d..3a74e152e75 100644 --- a/go.sum +++ b/go.sum @@ -81,8 +81,8 @@ golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IV golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.28.0 h1:w43yiav+6bVFTBQFZX0r7ipe9JQ1QsbMgHwbBziscLw= -google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w= +google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= diff --git a/vendor/google.golang.org/protobuf/AUTHORS b/vendor/google.golang.org/protobuf/AUTHORS deleted file mode 100644 index 2b00ddba0df..00000000000 --- a/vendor/google.golang.org/protobuf/AUTHORS +++ /dev/null @@ -1,3 +0,0 @@ -# This source code refers to The Go Authors for copyright purposes. -# The master list of authors is in the main Go distribution, -# visible at https://tip.golang.org/AUTHORS. diff --git a/vendor/google.golang.org/protobuf/CONTRIBUTORS b/vendor/google.golang.org/protobuf/CONTRIBUTORS deleted file mode 100644 index 1fbd3e976fa..00000000000 --- a/vendor/google.golang.org/protobuf/CONTRIBUTORS +++ /dev/null @@ -1,3 +0,0 @@ -# This source code was written by the Go contributors. -# The master list of contributors is in the main Go distribution, -# visible at https://tip.golang.org/CONTRIBUTORS. diff --git a/vendor/google.golang.org/protobuf/encoding/prototext/decode.go b/vendor/google.golang.org/protobuf/encoding/prototext/decode.go index 179d6e8fc1c..4921b2d4a76 100644 --- a/vendor/google.golang.org/protobuf/encoding/prototext/decode.go +++ b/vendor/google.golang.org/protobuf/encoding/prototext/decode.go @@ -17,7 +17,7 @@ import ( "google.golang.org/protobuf/internal/set" "google.golang.org/protobuf/internal/strs" "google.golang.org/protobuf/proto" - pref "google.golang.org/protobuf/reflect/protoreflect" + "google.golang.org/protobuf/reflect/protoreflect" "google.golang.org/protobuf/reflect/protoregistry" ) @@ -103,7 +103,7 @@ func (d decoder) syntaxError(pos int, f string, x ...interface{}) error { } // unmarshalMessage unmarshals into the given protoreflect.Message. -func (d decoder) unmarshalMessage(m pref.Message, checkDelims bool) error { +func (d decoder) unmarshalMessage(m protoreflect.Message, checkDelims bool) error { messageDesc := m.Descriptor() if !flags.ProtoLegacy && messageset.IsMessageSet(messageDesc) { return errors.New("no support for proto1 MessageSets") @@ -150,24 +150,24 @@ func (d decoder) unmarshalMessage(m pref.Message, checkDelims bool) error { } // Resolve the field descriptor. - var name pref.Name - var fd pref.FieldDescriptor - var xt pref.ExtensionType + var name protoreflect.Name + var fd protoreflect.FieldDescriptor + var xt protoreflect.ExtensionType var xtErr error var isFieldNumberName bool switch tok.NameKind() { case text.IdentName: - name = pref.Name(tok.IdentName()) + name = protoreflect.Name(tok.IdentName()) fd = fieldDescs.ByTextName(string(name)) case text.TypeName: // Handle extensions only. This code path is not for Any. - xt, xtErr = d.opts.Resolver.FindExtensionByName(pref.FullName(tok.TypeName())) + xt, xtErr = d.opts.Resolver.FindExtensionByName(protoreflect.FullName(tok.TypeName())) case text.FieldNumber: isFieldNumberName = true - num := pref.FieldNumber(tok.FieldNumber()) + num := protoreflect.FieldNumber(tok.FieldNumber()) if !num.IsValid() { return d.newError(tok.Pos(), "invalid field number: %d", num) } @@ -215,7 +215,7 @@ func (d decoder) unmarshalMessage(m pref.Message, checkDelims bool) error { switch { case fd.IsList(): kind := fd.Kind() - if kind != pref.MessageKind && kind != pref.GroupKind && !tok.HasSeparator() { + if kind != protoreflect.MessageKind && kind != protoreflect.GroupKind && !tok.HasSeparator() { return d.syntaxError(tok.Pos(), "missing field separator :") } @@ -232,7 +232,7 @@ func (d decoder) unmarshalMessage(m pref.Message, checkDelims bool) error { default: kind := fd.Kind() - if kind != pref.MessageKind && kind != pref.GroupKind && !tok.HasSeparator() { + if kind != protoreflect.MessageKind && kind != protoreflect.GroupKind && !tok.HasSeparator() { return d.syntaxError(tok.Pos(), "missing field separator :") } @@ -262,11 +262,11 @@ func (d decoder) unmarshalMessage(m pref.Message, checkDelims bool) error { // unmarshalSingular unmarshals a non-repeated field value specified by the // given FieldDescriptor. -func (d decoder) unmarshalSingular(fd pref.FieldDescriptor, m pref.Message) error { - var val pref.Value +func (d decoder) unmarshalSingular(fd protoreflect.FieldDescriptor, m protoreflect.Message) error { + var val protoreflect.Value var err error switch fd.Kind() { - case pref.MessageKind, pref.GroupKind: + case protoreflect.MessageKind, protoreflect.GroupKind: val = m.NewField(fd) err = d.unmarshalMessage(val.Message(), true) default: @@ -280,94 +280,94 @@ func (d decoder) unmarshalSingular(fd pref.FieldDescriptor, m pref.Message) erro // unmarshalScalar unmarshals a scalar/enum protoreflect.Value specified by the // given FieldDescriptor. -func (d decoder) unmarshalScalar(fd pref.FieldDescriptor) (pref.Value, error) { +func (d decoder) unmarshalScalar(fd protoreflect.FieldDescriptor) (protoreflect.Value, error) { tok, err := d.Read() if err != nil { - return pref.Value{}, err + return protoreflect.Value{}, err } if tok.Kind() != text.Scalar { - return pref.Value{}, d.unexpectedTokenError(tok) + return protoreflect.Value{}, d.unexpectedTokenError(tok) } kind := fd.Kind() switch kind { - case pref.BoolKind: + case protoreflect.BoolKind: if b, ok := tok.Bool(); ok { - return pref.ValueOfBool(b), nil + return protoreflect.ValueOfBool(b), nil } - case pref.Int32Kind, pref.Sint32Kind, pref.Sfixed32Kind: + case protoreflect.Int32Kind, protoreflect.Sint32Kind, protoreflect.Sfixed32Kind: if n, ok := tok.Int32(); ok { - return pref.ValueOfInt32(n), nil + return protoreflect.ValueOfInt32(n), nil } - case pref.Int64Kind, pref.Sint64Kind, pref.Sfixed64Kind: + case protoreflect.Int64Kind, protoreflect.Sint64Kind, protoreflect.Sfixed64Kind: if n, ok := tok.Int64(); ok { - return pref.ValueOfInt64(n), nil + return protoreflect.ValueOfInt64(n), nil } - case pref.Uint32Kind, pref.Fixed32Kind: + case protoreflect.Uint32Kind, protoreflect.Fixed32Kind: if n, ok := tok.Uint32(); ok { - return pref.ValueOfUint32(n), nil + return protoreflect.ValueOfUint32(n), nil } - case pref.Uint64Kind, pref.Fixed64Kind: + case protoreflect.Uint64Kind, protoreflect.Fixed64Kind: if n, ok := tok.Uint64(); ok { - return pref.ValueOfUint64(n), nil + return protoreflect.ValueOfUint64(n), nil } - case pref.FloatKind: + case protoreflect.FloatKind: if n, ok := tok.Float32(); ok { - return pref.ValueOfFloat32(n), nil + return protoreflect.ValueOfFloat32(n), nil } - case pref.DoubleKind: + case protoreflect.DoubleKind: if n, ok := tok.Float64(); ok { - return pref.ValueOfFloat64(n), nil + return protoreflect.ValueOfFloat64(n), nil } - case pref.StringKind: + case protoreflect.StringKind: if s, ok := tok.String(); ok { if strs.EnforceUTF8(fd) && !utf8.ValidString(s) { - return pref.Value{}, d.newError(tok.Pos(), "contains invalid UTF-8") + return protoreflect.Value{}, d.newError(tok.Pos(), "contains invalid UTF-8") } - return pref.ValueOfString(s), nil + return protoreflect.ValueOfString(s), nil } - case pref.BytesKind: + case protoreflect.BytesKind: if b, ok := tok.String(); ok { - return pref.ValueOfBytes([]byte(b)), nil + return protoreflect.ValueOfBytes([]byte(b)), nil } - case pref.EnumKind: + case protoreflect.EnumKind: if lit, ok := tok.Enum(); ok { // Lookup EnumNumber based on name. - if enumVal := fd.Enum().Values().ByName(pref.Name(lit)); enumVal != nil { - return pref.ValueOfEnum(enumVal.Number()), nil + if enumVal := fd.Enum().Values().ByName(protoreflect.Name(lit)); enumVal != nil { + return protoreflect.ValueOfEnum(enumVal.Number()), nil } } if num, ok := tok.Int32(); ok { - return pref.ValueOfEnum(pref.EnumNumber(num)), nil + return protoreflect.ValueOfEnum(protoreflect.EnumNumber(num)), nil } default: panic(fmt.Sprintf("invalid scalar kind %v", kind)) } - return pref.Value{}, d.newError(tok.Pos(), "invalid value for %v type: %v", kind, tok.RawString()) + return protoreflect.Value{}, d.newError(tok.Pos(), "invalid value for %v type: %v", kind, tok.RawString()) } // unmarshalList unmarshals into given protoreflect.List. A list value can // either be in [] syntax or simply just a single scalar/message value. -func (d decoder) unmarshalList(fd pref.FieldDescriptor, list pref.List) error { +func (d decoder) unmarshalList(fd protoreflect.FieldDescriptor, list protoreflect.List) error { tok, err := d.Peek() if err != nil { return err } switch fd.Kind() { - case pref.MessageKind, pref.GroupKind: + case protoreflect.MessageKind, protoreflect.GroupKind: switch tok.Kind() { case text.ListOpen: d.Read() @@ -441,22 +441,22 @@ func (d decoder) unmarshalList(fd pref.FieldDescriptor, list pref.List) error { // unmarshalMap unmarshals into given protoreflect.Map. A map value is a // textproto message containing {key: , value: }. -func (d decoder) unmarshalMap(fd pref.FieldDescriptor, mmap pref.Map) error { +func (d decoder) unmarshalMap(fd protoreflect.FieldDescriptor, mmap protoreflect.Map) error { // Determine ahead whether map entry is a scalar type or a message type in // order to call the appropriate unmarshalMapValue func inside // unmarshalMapEntry. - var unmarshalMapValue func() (pref.Value, error) + var unmarshalMapValue func() (protoreflect.Value, error) switch fd.MapValue().Kind() { - case pref.MessageKind, pref.GroupKind: - unmarshalMapValue = func() (pref.Value, error) { + case protoreflect.MessageKind, protoreflect.GroupKind: + unmarshalMapValue = func() (protoreflect.Value, error) { pval := mmap.NewValue() if err := d.unmarshalMessage(pval.Message(), true); err != nil { - return pref.Value{}, err + return protoreflect.Value{}, err } return pval, nil } default: - unmarshalMapValue = func() (pref.Value, error) { + unmarshalMapValue = func() (protoreflect.Value, error) { return d.unmarshalScalar(fd.MapValue()) } } @@ -494,9 +494,9 @@ func (d decoder) unmarshalMap(fd pref.FieldDescriptor, mmap pref.Map) error { // unmarshalMap unmarshals into given protoreflect.Map. A map value is a // textproto message containing {key: , value: }. -func (d decoder) unmarshalMapEntry(fd pref.FieldDescriptor, mmap pref.Map, unmarshalMapValue func() (pref.Value, error)) error { - var key pref.MapKey - var pval pref.Value +func (d decoder) unmarshalMapEntry(fd protoreflect.FieldDescriptor, mmap protoreflect.Map, unmarshalMapValue func() (protoreflect.Value, error)) error { + var key protoreflect.MapKey + var pval protoreflect.Value Loop: for { // Read field name. @@ -520,7 +520,7 @@ Loop: return d.unexpectedTokenError(tok) } - switch name := pref.Name(tok.IdentName()); name { + switch name := protoreflect.Name(tok.IdentName()); name { case genid.MapEntry_Key_field_name: if !tok.HasSeparator() { return d.syntaxError(tok.Pos(), "missing field separator :") @@ -535,7 +535,7 @@ Loop: key = val.MapKey() case genid.MapEntry_Value_field_name: - if kind := fd.MapValue().Kind(); (kind != pref.MessageKind) && (kind != pref.GroupKind) { + if kind := fd.MapValue().Kind(); (kind != protoreflect.MessageKind) && (kind != protoreflect.GroupKind) { if !tok.HasSeparator() { return d.syntaxError(tok.Pos(), "missing field separator :") } @@ -561,7 +561,7 @@ Loop: } if !pval.IsValid() { switch fd.MapValue().Kind() { - case pref.MessageKind, pref.GroupKind: + case protoreflect.MessageKind, protoreflect.GroupKind: // If value field is not set for message/group types, construct an // empty one as default. pval = mmap.NewValue() @@ -575,7 +575,7 @@ Loop: // unmarshalAny unmarshals an Any textproto. It can either be in expanded form // or non-expanded form. -func (d decoder) unmarshalAny(m pref.Message, checkDelims bool) error { +func (d decoder) unmarshalAny(m protoreflect.Message, checkDelims bool) error { var typeURL string var bValue []byte var seenTypeUrl bool @@ -619,7 +619,7 @@ Loop: return d.syntaxError(tok.Pos(), "missing field separator :") } - switch name := pref.Name(tok.IdentName()); name { + switch name := protoreflect.Name(tok.IdentName()); name { case genid.Any_TypeUrl_field_name: if seenTypeUrl { return d.newError(tok.Pos(), "duplicate %v field", genid.Any_TypeUrl_field_fullname) @@ -686,10 +686,10 @@ Loop: fds := m.Descriptor().Fields() if len(typeURL) > 0 { - m.Set(fds.ByNumber(genid.Any_TypeUrl_field_number), pref.ValueOfString(typeURL)) + m.Set(fds.ByNumber(genid.Any_TypeUrl_field_number), protoreflect.ValueOfString(typeURL)) } if len(bValue) > 0 { - m.Set(fds.ByNumber(genid.Any_Value_field_number), pref.ValueOfBytes(bValue)) + m.Set(fds.ByNumber(genid.Any_Value_field_number), protoreflect.ValueOfBytes(bValue)) } return nil } diff --git a/vendor/google.golang.org/protobuf/encoding/prototext/encode.go b/vendor/google.golang.org/protobuf/encoding/prototext/encode.go index 8d5304dc5b3..ebf6c65284d 100644 --- a/vendor/google.golang.org/protobuf/encoding/prototext/encode.go +++ b/vendor/google.golang.org/protobuf/encoding/prototext/encode.go @@ -20,7 +20,6 @@ import ( "google.golang.org/protobuf/internal/strs" "google.golang.org/protobuf/proto" "google.golang.org/protobuf/reflect/protoreflect" - pref "google.golang.org/protobuf/reflect/protoreflect" "google.golang.org/protobuf/reflect/protoregistry" ) @@ -150,7 +149,7 @@ type encoder struct { } // marshalMessage marshals the given protoreflect.Message. -func (e encoder) marshalMessage(m pref.Message, inclDelims bool) error { +func (e encoder) marshalMessage(m protoreflect.Message, inclDelims bool) error { messageDesc := m.Descriptor() if !flags.ProtoLegacy && messageset.IsMessageSet(messageDesc) { return errors.New("no support for proto1 MessageSets") @@ -190,7 +189,7 @@ func (e encoder) marshalMessage(m pref.Message, inclDelims bool) error { } // marshalField marshals the given field with protoreflect.Value. -func (e encoder) marshalField(name string, val pref.Value, fd pref.FieldDescriptor) error { +func (e encoder) marshalField(name string, val protoreflect.Value, fd protoreflect.FieldDescriptor) error { switch { case fd.IsList(): return e.marshalList(name, val.List(), fd) @@ -204,40 +203,40 @@ func (e encoder) marshalField(name string, val pref.Value, fd pref.FieldDescript // marshalSingular marshals the given non-repeated field value. This includes // all scalar types, enums, messages, and groups. -func (e encoder) marshalSingular(val pref.Value, fd pref.FieldDescriptor) error { +func (e encoder) marshalSingular(val protoreflect.Value, fd protoreflect.FieldDescriptor) error { kind := fd.Kind() switch kind { - case pref.BoolKind: + case protoreflect.BoolKind: e.WriteBool(val.Bool()) - case pref.StringKind: + case protoreflect.StringKind: s := val.String() if !e.opts.allowInvalidUTF8 && strs.EnforceUTF8(fd) && !utf8.ValidString(s) { return errors.InvalidUTF8(string(fd.FullName())) } e.WriteString(s) - case pref.Int32Kind, pref.Int64Kind, - pref.Sint32Kind, pref.Sint64Kind, - pref.Sfixed32Kind, pref.Sfixed64Kind: + case protoreflect.Int32Kind, protoreflect.Int64Kind, + protoreflect.Sint32Kind, protoreflect.Sint64Kind, + protoreflect.Sfixed32Kind, protoreflect.Sfixed64Kind: e.WriteInt(val.Int()) - case pref.Uint32Kind, pref.Uint64Kind, - pref.Fixed32Kind, pref.Fixed64Kind: + case protoreflect.Uint32Kind, protoreflect.Uint64Kind, + protoreflect.Fixed32Kind, protoreflect.Fixed64Kind: e.WriteUint(val.Uint()) - case pref.FloatKind: + case protoreflect.FloatKind: // Encoder.WriteFloat handles the special numbers NaN and infinites. e.WriteFloat(val.Float(), 32) - case pref.DoubleKind: + case protoreflect.DoubleKind: // Encoder.WriteFloat handles the special numbers NaN and infinites. e.WriteFloat(val.Float(), 64) - case pref.BytesKind: + case protoreflect.BytesKind: e.WriteString(string(val.Bytes())) - case pref.EnumKind: + case protoreflect.EnumKind: num := val.Enum() if desc := fd.Enum().Values().ByNumber(num); desc != nil { e.WriteLiteral(string(desc.Name())) @@ -246,7 +245,7 @@ func (e encoder) marshalSingular(val pref.Value, fd pref.FieldDescriptor) error e.WriteInt(int64(num)) } - case pref.MessageKind, pref.GroupKind: + case protoreflect.MessageKind, protoreflect.GroupKind: return e.marshalMessage(val.Message(), true) default: @@ -256,7 +255,7 @@ func (e encoder) marshalSingular(val pref.Value, fd pref.FieldDescriptor) error } // marshalList marshals the given protoreflect.List as multiple name-value fields. -func (e encoder) marshalList(name string, list pref.List, fd pref.FieldDescriptor) error { +func (e encoder) marshalList(name string, list protoreflect.List, fd protoreflect.FieldDescriptor) error { size := list.Len() for i := 0; i < size; i++ { e.WriteName(name) @@ -268,9 +267,9 @@ func (e encoder) marshalList(name string, list pref.List, fd pref.FieldDescripto } // marshalMap marshals the given protoreflect.Map as multiple name-value fields. -func (e encoder) marshalMap(name string, mmap pref.Map, fd pref.FieldDescriptor) error { +func (e encoder) marshalMap(name string, mmap protoreflect.Map, fd protoreflect.FieldDescriptor) error { var err error - order.RangeEntries(mmap, order.GenericKeyOrder, func(key pref.MapKey, val pref.Value) bool { + order.RangeEntries(mmap, order.GenericKeyOrder, func(key protoreflect.MapKey, val protoreflect.Value) bool { e.WriteName(name) e.StartMessage() defer e.EndMessage() @@ -334,7 +333,7 @@ func (e encoder) marshalUnknown(b []byte) { // marshalAny marshals the given google.protobuf.Any message in expanded form. // It returns true if it was able to marshal, else false. -func (e encoder) marshalAny(any pref.Message) bool { +func (e encoder) marshalAny(any protoreflect.Message) bool { // Construct the embedded message. fds := any.Descriptor().Fields() fdType := fds.ByNumber(genid.Any_TypeUrl_field_number) diff --git a/vendor/google.golang.org/protobuf/encoding/protowire/wire.go b/vendor/google.golang.org/protobuf/encoding/protowire/wire.go index 9c61112f58d..ce57f57ebd4 100644 --- a/vendor/google.golang.org/protobuf/encoding/protowire/wire.go +++ b/vendor/google.golang.org/protobuf/encoding/protowire/wire.go @@ -516,6 +516,7 @@ func EncodeTag(num Number, typ Type) uint64 { } // DecodeZigZag decodes a zig-zag-encoded uint64 as an int64. +// // Input: {…, 5, 3, 1, 0, 2, 4, 6, …} // Output: {…, -3, -2, -1, 0, +1, +2, +3, …} func DecodeZigZag(x uint64) int64 { @@ -523,6 +524,7 @@ func DecodeZigZag(x uint64) int64 { } // EncodeZigZag encodes an int64 as a zig-zag-encoded uint64. +// // Input: {…, -3, -2, -1, 0, +1, +2, +3, …} // Output: {…, 5, 3, 1, 0, 2, 4, 6, …} func EncodeZigZag(x int64) uint64 { @@ -530,6 +532,7 @@ func EncodeZigZag(x int64) uint64 { } // DecodeBool decodes a uint64 as a bool. +// // Input: { 0, 1, 2, …} // Output: {false, true, true, …} func DecodeBool(x uint64) bool { @@ -537,6 +540,7 @@ func DecodeBool(x uint64) bool { } // EncodeBool encodes a bool as a uint64. +// // Input: {false, true} // Output: { 0, 1} func EncodeBool(x bool) uint64 { diff --git a/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go b/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go index 360c63329d4..db5248e1b51 100644 --- a/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go +++ b/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go @@ -14,7 +14,7 @@ import ( "google.golang.org/protobuf/internal/detrand" "google.golang.org/protobuf/internal/pragma" - pref "google.golang.org/protobuf/reflect/protoreflect" + "google.golang.org/protobuf/reflect/protoreflect" ) type list interface { @@ -30,17 +30,17 @@ func formatListOpt(vs list, isRoot, allowMulti bool) string { if isRoot { var name string switch vs.(type) { - case pref.Names: + case protoreflect.Names: name = "Names" - case pref.FieldNumbers: + case protoreflect.FieldNumbers: name = "FieldNumbers" - case pref.FieldRanges: + case protoreflect.FieldRanges: name = "FieldRanges" - case pref.EnumRanges: + case protoreflect.EnumRanges: name = "EnumRanges" - case pref.FileImports: + case protoreflect.FileImports: name = "FileImports" - case pref.Descriptor: + case protoreflect.Descriptor: name = reflect.ValueOf(vs).MethodByName("Get").Type().Out(0).Name() + "s" default: name = reflect.ValueOf(vs).Elem().Type().Name() @@ -50,17 +50,17 @@ func formatListOpt(vs list, isRoot, allowMulti bool) string { var ss []string switch vs := vs.(type) { - case pref.Names: + case protoreflect.Names: for i := 0; i < vs.Len(); i++ { ss = append(ss, fmt.Sprint(vs.Get(i))) } return start + joinStrings(ss, false) + end - case pref.FieldNumbers: + case protoreflect.FieldNumbers: for i := 0; i < vs.Len(); i++ { ss = append(ss, fmt.Sprint(vs.Get(i))) } return start + joinStrings(ss, false) + end - case pref.FieldRanges: + case protoreflect.FieldRanges: for i := 0; i < vs.Len(); i++ { r := vs.Get(i) if r[0]+1 == r[1] { @@ -70,7 +70,7 @@ func formatListOpt(vs list, isRoot, allowMulti bool) string { } } return start + joinStrings(ss, false) + end - case pref.EnumRanges: + case protoreflect.EnumRanges: for i := 0; i < vs.Len(); i++ { r := vs.Get(i) if r[0] == r[1] { @@ -80,7 +80,7 @@ func formatListOpt(vs list, isRoot, allowMulti bool) string { } } return start + joinStrings(ss, false) + end - case pref.FileImports: + case protoreflect.FileImports: for i := 0; i < vs.Len(); i++ { var rs records rs.Append(reflect.ValueOf(vs.Get(i)), "Path", "Package", "IsPublic", "IsWeak") @@ -88,11 +88,11 @@ func formatListOpt(vs list, isRoot, allowMulti bool) string { } return start + joinStrings(ss, allowMulti) + end default: - _, isEnumValue := vs.(pref.EnumValueDescriptors) + _, isEnumValue := vs.(protoreflect.EnumValueDescriptors) for i := 0; i < vs.Len(); i++ { m := reflect.ValueOf(vs).MethodByName("Get") v := m.Call([]reflect.Value{reflect.ValueOf(i)})[0].Interface() - ss = append(ss, formatDescOpt(v.(pref.Descriptor), false, allowMulti && !isEnumValue)) + ss = append(ss, formatDescOpt(v.(protoreflect.Descriptor), false, allowMulti && !isEnumValue)) } return start + joinStrings(ss, allowMulti && isEnumValue) + end } @@ -106,20 +106,20 @@ func formatListOpt(vs list, isRoot, allowMulti bool) string { // // Using a list allows us to print the accessors in a sensible order. var descriptorAccessors = map[reflect.Type][]string{ - reflect.TypeOf((*pref.FileDescriptor)(nil)).Elem(): {"Path", "Package", "Imports", "Messages", "Enums", "Extensions", "Services"}, - reflect.TypeOf((*pref.MessageDescriptor)(nil)).Elem(): {"IsMapEntry", "Fields", "Oneofs", "ReservedNames", "ReservedRanges", "RequiredNumbers", "ExtensionRanges", "Messages", "Enums", "Extensions"}, - reflect.TypeOf((*pref.FieldDescriptor)(nil)).Elem(): {"Number", "Cardinality", "Kind", "HasJSONName", "JSONName", "HasPresence", "IsExtension", "IsPacked", "IsWeak", "IsList", "IsMap", "MapKey", "MapValue", "HasDefault", "Default", "ContainingOneof", "ContainingMessage", "Message", "Enum"}, - reflect.TypeOf((*pref.OneofDescriptor)(nil)).Elem(): {"Fields"}, // not directly used; must keep in sync with formatDescOpt - reflect.TypeOf((*pref.EnumDescriptor)(nil)).Elem(): {"Values", "ReservedNames", "ReservedRanges"}, - reflect.TypeOf((*pref.EnumValueDescriptor)(nil)).Elem(): {"Number"}, - reflect.TypeOf((*pref.ServiceDescriptor)(nil)).Elem(): {"Methods"}, - reflect.TypeOf((*pref.MethodDescriptor)(nil)).Elem(): {"Input", "Output", "IsStreamingClient", "IsStreamingServer"}, + reflect.TypeOf((*protoreflect.FileDescriptor)(nil)).Elem(): {"Path", "Package", "Imports", "Messages", "Enums", "Extensions", "Services"}, + reflect.TypeOf((*protoreflect.MessageDescriptor)(nil)).Elem(): {"IsMapEntry", "Fields", "Oneofs", "ReservedNames", "ReservedRanges", "RequiredNumbers", "ExtensionRanges", "Messages", "Enums", "Extensions"}, + reflect.TypeOf((*protoreflect.FieldDescriptor)(nil)).Elem(): {"Number", "Cardinality", "Kind", "HasJSONName", "JSONName", "HasPresence", "IsExtension", "IsPacked", "IsWeak", "IsList", "IsMap", "MapKey", "MapValue", "HasDefault", "Default", "ContainingOneof", "ContainingMessage", "Message", "Enum"}, + reflect.TypeOf((*protoreflect.OneofDescriptor)(nil)).Elem(): {"Fields"}, // not directly used; must keep in sync with formatDescOpt + reflect.TypeOf((*protoreflect.EnumDescriptor)(nil)).Elem(): {"Values", "ReservedNames", "ReservedRanges"}, + reflect.TypeOf((*protoreflect.EnumValueDescriptor)(nil)).Elem(): {"Number"}, + reflect.TypeOf((*protoreflect.ServiceDescriptor)(nil)).Elem(): {"Methods"}, + reflect.TypeOf((*protoreflect.MethodDescriptor)(nil)).Elem(): {"Input", "Output", "IsStreamingClient", "IsStreamingServer"}, } -func FormatDesc(s fmt.State, r rune, t pref.Descriptor) { +func FormatDesc(s fmt.State, r rune, t protoreflect.Descriptor) { io.WriteString(s, formatDescOpt(t, true, r == 'v' && (s.Flag('+') || s.Flag('#')))) } -func formatDescOpt(t pref.Descriptor, isRoot, allowMulti bool) string { +func formatDescOpt(t protoreflect.Descriptor, isRoot, allowMulti bool) string { rv := reflect.ValueOf(t) rt := rv.MethodByName("ProtoType").Type().In(0) @@ -128,7 +128,7 @@ func formatDescOpt(t pref.Descriptor, isRoot, allowMulti bool) string { start = rt.Name() + "{" } - _, isFile := t.(pref.FileDescriptor) + _, isFile := t.(protoreflect.FileDescriptor) rs := records{allowMulti: allowMulti} if t.IsPlaceholder() { if isFile { @@ -146,7 +146,7 @@ func formatDescOpt(t pref.Descriptor, isRoot, allowMulti bool) string { rs.Append(rv, "Name") } switch t := t.(type) { - case pref.FieldDescriptor: + case protoreflect.FieldDescriptor: for _, s := range descriptorAccessors[rt] { switch s { case "MapKey": @@ -156,9 +156,9 @@ func formatDescOpt(t pref.Descriptor, isRoot, allowMulti bool) string { case "MapValue": if v := t.MapValue(); v != nil { switch v.Kind() { - case pref.EnumKind: + case protoreflect.EnumKind: rs.recs = append(rs.recs, [2]string{"MapValue", string(v.Enum().FullName())}) - case pref.MessageKind, pref.GroupKind: + case protoreflect.MessageKind, protoreflect.GroupKind: rs.recs = append(rs.recs, [2]string{"MapValue", string(v.Message().FullName())}) default: rs.recs = append(rs.recs, [2]string{"MapValue", v.Kind().String()}) @@ -180,7 +180,7 @@ func formatDescOpt(t pref.Descriptor, isRoot, allowMulti bool) string { rs.Append(rv, s) } } - case pref.OneofDescriptor: + case protoreflect.OneofDescriptor: var ss []string fs := t.Fields() for i := 0; i < fs.Len(); i++ { @@ -216,7 +216,7 @@ func (rs *records) Append(v reflect.Value, accessors ...string) { if !rv.IsValid() { panic(fmt.Sprintf("unknown accessor: %v.%s", v.Type(), a)) } - if _, ok := rv.Interface().(pref.Value); ok { + if _, ok := rv.Interface().(protoreflect.Value); ok { rv = rv.MethodByName("Interface").Call(nil)[0] if !rv.IsNil() { rv = rv.Elem() @@ -250,9 +250,9 @@ func (rs *records) Append(v reflect.Value, accessors ...string) { switch v := v.(type) { case list: s = formatListOpt(v, false, rs.allowMulti) - case pref.FieldDescriptor, pref.OneofDescriptor, pref.EnumValueDescriptor, pref.MethodDescriptor: - s = string(v.(pref.Descriptor).Name()) - case pref.Descriptor: + case protoreflect.FieldDescriptor, protoreflect.OneofDescriptor, protoreflect.EnumValueDescriptor, protoreflect.MethodDescriptor: + s = string(v.(protoreflect.Descriptor).Name()) + case protoreflect.Descriptor: s = string(v.FullName()) case string: s = strconv.Quote(v) diff --git a/vendor/google.golang.org/protobuf/internal/encoding/defval/default.go b/vendor/google.golang.org/protobuf/internal/encoding/defval/default.go index fdd9b13f2fc..328dc733b04 100644 --- a/vendor/google.golang.org/protobuf/internal/encoding/defval/default.go +++ b/vendor/google.golang.org/protobuf/internal/encoding/defval/default.go @@ -15,8 +15,8 @@ import ( "strconv" ptext "google.golang.org/protobuf/internal/encoding/text" - errors "google.golang.org/protobuf/internal/errors" - pref "google.golang.org/protobuf/reflect/protoreflect" + "google.golang.org/protobuf/internal/errors" + "google.golang.org/protobuf/reflect/protoreflect" ) // Format is the serialization format used to represent the default value. @@ -35,56 +35,56 @@ const ( // Unmarshal deserializes the default string s according to the given kind k. // When k is an enum, a list of enum value descriptors must be provided. -func Unmarshal(s string, k pref.Kind, evs pref.EnumValueDescriptors, f Format) (pref.Value, pref.EnumValueDescriptor, error) { +func Unmarshal(s string, k protoreflect.Kind, evs protoreflect.EnumValueDescriptors, f Format) (protoreflect.Value, protoreflect.EnumValueDescriptor, error) { switch k { - case pref.BoolKind: + case protoreflect.BoolKind: if f == GoTag { switch s { case "1": - return pref.ValueOfBool(true), nil, nil + return protoreflect.ValueOfBool(true), nil, nil case "0": - return pref.ValueOfBool(false), nil, nil + return protoreflect.ValueOfBool(false), nil, nil } } else { switch s { case "true": - return pref.ValueOfBool(true), nil, nil + return protoreflect.ValueOfBool(true), nil, nil case "false": - return pref.ValueOfBool(false), nil, nil + return protoreflect.ValueOfBool(false), nil, nil } } - case pref.EnumKind: + case protoreflect.EnumKind: if f == GoTag { // Go tags use the numeric form of the enum value. if n, err := strconv.ParseInt(s, 10, 32); err == nil { - if ev := evs.ByNumber(pref.EnumNumber(n)); ev != nil { - return pref.ValueOfEnum(ev.Number()), ev, nil + if ev := evs.ByNumber(protoreflect.EnumNumber(n)); ev != nil { + return protoreflect.ValueOfEnum(ev.Number()), ev, nil } } } else { // Descriptor default_value use the enum identifier. - ev := evs.ByName(pref.Name(s)) + ev := evs.ByName(protoreflect.Name(s)) if ev != nil { - return pref.ValueOfEnum(ev.Number()), ev, nil + return protoreflect.ValueOfEnum(ev.Number()), ev, nil } } - case pref.Int32Kind, pref.Sint32Kind, pref.Sfixed32Kind: + case protoreflect.Int32Kind, protoreflect.Sint32Kind, protoreflect.Sfixed32Kind: if v, err := strconv.ParseInt(s, 10, 32); err == nil { - return pref.ValueOfInt32(int32(v)), nil, nil + return protoreflect.ValueOfInt32(int32(v)), nil, nil } - case pref.Int64Kind, pref.Sint64Kind, pref.Sfixed64Kind: + case protoreflect.Int64Kind, protoreflect.Sint64Kind, protoreflect.Sfixed64Kind: if v, err := strconv.ParseInt(s, 10, 64); err == nil { - return pref.ValueOfInt64(int64(v)), nil, nil + return protoreflect.ValueOfInt64(int64(v)), nil, nil } - case pref.Uint32Kind, pref.Fixed32Kind: + case protoreflect.Uint32Kind, protoreflect.Fixed32Kind: if v, err := strconv.ParseUint(s, 10, 32); err == nil { - return pref.ValueOfUint32(uint32(v)), nil, nil + return protoreflect.ValueOfUint32(uint32(v)), nil, nil } - case pref.Uint64Kind, pref.Fixed64Kind: + case protoreflect.Uint64Kind, protoreflect.Fixed64Kind: if v, err := strconv.ParseUint(s, 10, 64); err == nil { - return pref.ValueOfUint64(uint64(v)), nil, nil + return protoreflect.ValueOfUint64(uint64(v)), nil, nil } - case pref.FloatKind, pref.DoubleKind: + case protoreflect.FloatKind, protoreflect.DoubleKind: var v float64 var err error switch s { @@ -98,29 +98,29 @@ func Unmarshal(s string, k pref.Kind, evs pref.EnumValueDescriptors, f Format) ( v, err = strconv.ParseFloat(s, 64) } if err == nil { - if k == pref.FloatKind { - return pref.ValueOfFloat32(float32(v)), nil, nil + if k == protoreflect.FloatKind { + return protoreflect.ValueOfFloat32(float32(v)), nil, nil } else { - return pref.ValueOfFloat64(float64(v)), nil, nil + return protoreflect.ValueOfFloat64(float64(v)), nil, nil } } - case pref.StringKind: + case protoreflect.StringKind: // String values are already unescaped and can be used as is. - return pref.ValueOfString(s), nil, nil - case pref.BytesKind: + return protoreflect.ValueOfString(s), nil, nil + case protoreflect.BytesKind: if b, ok := unmarshalBytes(s); ok { - return pref.ValueOfBytes(b), nil, nil + return protoreflect.ValueOfBytes(b), nil, nil } } - return pref.Value{}, nil, errors.New("could not parse value for %v: %q", k, s) + return protoreflect.Value{}, nil, errors.New("could not parse value for %v: %q", k, s) } // Marshal serializes v as the default string according to the given kind k. // When specifying the Descriptor format for an enum kind, the associated // enum value descriptor must be provided. -func Marshal(v pref.Value, ev pref.EnumValueDescriptor, k pref.Kind, f Format) (string, error) { +func Marshal(v protoreflect.Value, ev protoreflect.EnumValueDescriptor, k protoreflect.Kind, f Format) (string, error) { switch k { - case pref.BoolKind: + case protoreflect.BoolKind: if f == GoTag { if v.Bool() { return "1", nil @@ -134,17 +134,17 @@ func Marshal(v pref.Value, ev pref.EnumValueDescriptor, k pref.Kind, f Format) ( return "false", nil } } - case pref.EnumKind: + case protoreflect.EnumKind: if f == GoTag { return strconv.FormatInt(int64(v.Enum()), 10), nil } else { return string(ev.Name()), nil } - case pref.Int32Kind, pref.Sint32Kind, pref.Sfixed32Kind, pref.Int64Kind, pref.Sint64Kind, pref.Sfixed64Kind: + case protoreflect.Int32Kind, protoreflect.Sint32Kind, protoreflect.Sfixed32Kind, protoreflect.Int64Kind, protoreflect.Sint64Kind, protoreflect.Sfixed64Kind: return strconv.FormatInt(v.Int(), 10), nil - case pref.Uint32Kind, pref.Fixed32Kind, pref.Uint64Kind, pref.Fixed64Kind: + case protoreflect.Uint32Kind, protoreflect.Fixed32Kind, protoreflect.Uint64Kind, protoreflect.Fixed64Kind: return strconv.FormatUint(v.Uint(), 10), nil - case pref.FloatKind, pref.DoubleKind: + case protoreflect.FloatKind, protoreflect.DoubleKind: f := v.Float() switch { case math.IsInf(f, -1): @@ -154,16 +154,16 @@ func Marshal(v pref.Value, ev pref.EnumValueDescriptor, k pref.Kind, f Format) ( case math.IsNaN(f): return "nan", nil default: - if k == pref.FloatKind { + if k == protoreflect.FloatKind { return strconv.FormatFloat(f, 'g', -1, 32), nil } else { return strconv.FormatFloat(f, 'g', -1, 64), nil } } - case pref.StringKind: + case protoreflect.StringKind: // String values are serialized as is without any escaping. return v.String(), nil - case pref.BytesKind: + case protoreflect.BytesKind: if s, ok := marshalBytes(v.Bytes()); ok { return s, nil } diff --git a/vendor/google.golang.org/protobuf/internal/encoding/messageset/messageset.go b/vendor/google.golang.org/protobuf/internal/encoding/messageset/messageset.go index c1866f3c1a7..a6693f0a2f3 100644 --- a/vendor/google.golang.org/protobuf/internal/encoding/messageset/messageset.go +++ b/vendor/google.golang.org/protobuf/internal/encoding/messageset/messageset.go @@ -10,7 +10,7 @@ import ( "google.golang.org/protobuf/encoding/protowire" "google.golang.org/protobuf/internal/errors" - pref "google.golang.org/protobuf/reflect/protoreflect" + "google.golang.org/protobuf/reflect/protoreflect" ) // The MessageSet wire format is equivalent to a message defined as follows, @@ -33,6 +33,7 @@ const ( // ExtensionName is the field name for extensions of MessageSet. // // A valid MessageSet extension must be of the form: +// // message MyMessage { // extend proto2.bridge.MessageSet { // optional MyMessage message_set_extension = 1234; @@ -42,13 +43,13 @@ const ( const ExtensionName = "message_set_extension" // IsMessageSet returns whether the message uses the MessageSet wire format. -func IsMessageSet(md pref.MessageDescriptor) bool { +func IsMessageSet(md protoreflect.MessageDescriptor) bool { xmd, ok := md.(interface{ IsMessageSet() bool }) return ok && xmd.IsMessageSet() } // IsMessageSetExtension reports this field properly extends a MessageSet. -func IsMessageSetExtension(fd pref.FieldDescriptor) bool { +func IsMessageSetExtension(fd protoreflect.FieldDescriptor) bool { switch { case fd.Name() != ExtensionName: return false diff --git a/vendor/google.golang.org/protobuf/internal/encoding/tag/tag.go b/vendor/google.golang.org/protobuf/internal/encoding/tag/tag.go index 38f1931c6fd..373d208374f 100644 --- a/vendor/google.golang.org/protobuf/internal/encoding/tag/tag.go +++ b/vendor/google.golang.org/protobuf/internal/encoding/tag/tag.go @@ -11,10 +11,10 @@ import ( "strconv" "strings" - defval "google.golang.org/protobuf/internal/encoding/defval" - fdesc "google.golang.org/protobuf/internal/filedesc" + "google.golang.org/protobuf/internal/encoding/defval" + "google.golang.org/protobuf/internal/filedesc" "google.golang.org/protobuf/internal/strs" - pref "google.golang.org/protobuf/reflect/protoreflect" + "google.golang.org/protobuf/reflect/protoreflect" ) var byteType = reflect.TypeOf(byte(0)) @@ -29,9 +29,9 @@ var byteType = reflect.TypeOf(byte(0)) // This does not populate the Enum or Message (except for weak message). // // This function is a best effort attempt; parsing errors are ignored. -func Unmarshal(tag string, goType reflect.Type, evs pref.EnumValueDescriptors) pref.FieldDescriptor { - f := new(fdesc.Field) - f.L0.ParentFile = fdesc.SurrogateProto2 +func Unmarshal(tag string, goType reflect.Type, evs protoreflect.EnumValueDescriptors) protoreflect.FieldDescriptor { + f := new(filedesc.Field) + f.L0.ParentFile = filedesc.SurrogateProto2 for len(tag) > 0 { i := strings.IndexByte(tag, ',') if i < 0 { @@ -39,68 +39,68 @@ func Unmarshal(tag string, goType reflect.Type, evs pref.EnumValueDescriptors) p } switch s := tag[:i]; { case strings.HasPrefix(s, "name="): - f.L0.FullName = pref.FullName(s[len("name="):]) + f.L0.FullName = protoreflect.FullName(s[len("name="):]) case strings.Trim(s, "0123456789") == "": n, _ := strconv.ParseUint(s, 10, 32) - f.L1.Number = pref.FieldNumber(n) + f.L1.Number = protoreflect.FieldNumber(n) case s == "opt": - f.L1.Cardinality = pref.Optional + f.L1.Cardinality = protoreflect.Optional case s == "req": - f.L1.Cardinality = pref.Required + f.L1.Cardinality = protoreflect.Required case s == "rep": - f.L1.Cardinality = pref.Repeated + f.L1.Cardinality = protoreflect.Repeated case s == "varint": switch goType.Kind() { case reflect.Bool: - f.L1.Kind = pref.BoolKind + f.L1.Kind = protoreflect.BoolKind case reflect.Int32: - f.L1.Kind = pref.Int32Kind + f.L1.Kind = protoreflect.Int32Kind case reflect.Int64: - f.L1.Kind = pref.Int64Kind + f.L1.Kind = protoreflect.Int64Kind case reflect.Uint32: - f.L1.Kind = pref.Uint32Kind + f.L1.Kind = protoreflect.Uint32Kind case reflect.Uint64: - f.L1.Kind = pref.Uint64Kind + f.L1.Kind = protoreflect.Uint64Kind } case s == "zigzag32": if goType.Kind() == reflect.Int32 { - f.L1.Kind = pref.Sint32Kind + f.L1.Kind = protoreflect.Sint32Kind } case s == "zigzag64": if goType.Kind() == reflect.Int64 { - f.L1.Kind = pref.Sint64Kind + f.L1.Kind = protoreflect.Sint64Kind } case s == "fixed32": switch goType.Kind() { case reflect.Int32: - f.L1.Kind = pref.Sfixed32Kind + f.L1.Kind = protoreflect.Sfixed32Kind case reflect.Uint32: - f.L1.Kind = pref.Fixed32Kind + f.L1.Kind = protoreflect.Fixed32Kind case reflect.Float32: - f.L1.Kind = pref.FloatKind + f.L1.Kind = protoreflect.FloatKind } case s == "fixed64": switch goType.Kind() { case reflect.Int64: - f.L1.Kind = pref.Sfixed64Kind + f.L1.Kind = protoreflect.Sfixed64Kind case reflect.Uint64: - f.L1.Kind = pref.Fixed64Kind + f.L1.Kind = protoreflect.Fixed64Kind case reflect.Float64: - f.L1.Kind = pref.DoubleKind + f.L1.Kind = protoreflect.DoubleKind } case s == "bytes": switch { case goType.Kind() == reflect.String: - f.L1.Kind = pref.StringKind + f.L1.Kind = protoreflect.StringKind case goType.Kind() == reflect.Slice && goType.Elem() == byteType: - f.L1.Kind = pref.BytesKind + f.L1.Kind = protoreflect.BytesKind default: - f.L1.Kind = pref.MessageKind + f.L1.Kind = protoreflect.MessageKind } case s == "group": - f.L1.Kind = pref.GroupKind + f.L1.Kind = protoreflect.GroupKind case strings.HasPrefix(s, "enum="): - f.L1.Kind = pref.EnumKind + f.L1.Kind = protoreflect.EnumKind case strings.HasPrefix(s, "json="): jsonName := s[len("json="):] if jsonName != strs.JSONCamelCase(string(f.L0.FullName.Name())) { @@ -111,23 +111,23 @@ func Unmarshal(tag string, goType reflect.Type, evs pref.EnumValueDescriptors) p f.L1.IsPacked = true case strings.HasPrefix(s, "weak="): f.L1.IsWeak = true - f.L1.Message = fdesc.PlaceholderMessage(pref.FullName(s[len("weak="):])) + f.L1.Message = filedesc.PlaceholderMessage(protoreflect.FullName(s[len("weak="):])) case strings.HasPrefix(s, "def="): // The default tag is special in that everything afterwards is the // default regardless of the presence of commas. s, i = tag[len("def="):], len(tag) v, ev, _ := defval.Unmarshal(s, f.L1.Kind, evs, defval.GoTag) - f.L1.Default = fdesc.DefaultValue(v, ev) + f.L1.Default = filedesc.DefaultValue(v, ev) case s == "proto3": - f.L0.ParentFile = fdesc.SurrogateProto3 + f.L0.ParentFile = filedesc.SurrogateProto3 } tag = strings.TrimPrefix(tag[i:], ",") } // The generator uses the group message name instead of the field name. // We obtain the real field name by lowercasing the group name. - if f.L1.Kind == pref.GroupKind { - f.L0.FullName = pref.FullName(strings.ToLower(string(f.L0.FullName))) + if f.L1.Kind == protoreflect.GroupKind { + f.L0.FullName = protoreflect.FullName(strings.ToLower(string(f.L0.FullName))) } return f } @@ -140,38 +140,38 @@ func Unmarshal(tag string, goType reflect.Type, evs pref.EnumValueDescriptors) p // Depending on the context on how Marshal is called, there are different ways // through which that information is determined. As such it is the caller's // responsibility to provide a function to obtain that information. -func Marshal(fd pref.FieldDescriptor, enumName string) string { +func Marshal(fd protoreflect.FieldDescriptor, enumName string) string { var tag []string switch fd.Kind() { - case pref.BoolKind, pref.EnumKind, pref.Int32Kind, pref.Uint32Kind, pref.Int64Kind, pref.Uint64Kind: + case protoreflect.BoolKind, protoreflect.EnumKind, protoreflect.Int32Kind, protoreflect.Uint32Kind, protoreflect.Int64Kind, protoreflect.Uint64Kind: tag = append(tag, "varint") - case pref.Sint32Kind: + case protoreflect.Sint32Kind: tag = append(tag, "zigzag32") - case pref.Sint64Kind: + case protoreflect.Sint64Kind: tag = append(tag, "zigzag64") - case pref.Sfixed32Kind, pref.Fixed32Kind, pref.FloatKind: + case protoreflect.Sfixed32Kind, protoreflect.Fixed32Kind, protoreflect.FloatKind: tag = append(tag, "fixed32") - case pref.Sfixed64Kind, pref.Fixed64Kind, pref.DoubleKind: + case protoreflect.Sfixed64Kind, protoreflect.Fixed64Kind, protoreflect.DoubleKind: tag = append(tag, "fixed64") - case pref.StringKind, pref.BytesKind, pref.MessageKind: + case protoreflect.StringKind, protoreflect.BytesKind, protoreflect.MessageKind: tag = append(tag, "bytes") - case pref.GroupKind: + case protoreflect.GroupKind: tag = append(tag, "group") } tag = append(tag, strconv.Itoa(int(fd.Number()))) switch fd.Cardinality() { - case pref.Optional: + case protoreflect.Optional: tag = append(tag, "opt") - case pref.Required: + case protoreflect.Required: tag = append(tag, "req") - case pref.Repeated: + case protoreflect.Repeated: tag = append(tag, "rep") } if fd.IsPacked() { tag = append(tag, "packed") } name := string(fd.Name()) - if fd.Kind() == pref.GroupKind { + if fd.Kind() == protoreflect.GroupKind { // The name of the FieldDescriptor for a group field is // lowercased. To find the original capitalization, we // look in the field's MessageType. @@ -189,10 +189,10 @@ func Marshal(fd pref.FieldDescriptor, enumName string) string { // The previous implementation does not tag extension fields as proto3, // even when the field is defined in a proto3 file. Match that behavior // for consistency. - if fd.Syntax() == pref.Proto3 && !fd.IsExtension() { + if fd.Syntax() == protoreflect.Proto3 && !fd.IsExtension() { tag = append(tag, "proto3") } - if fd.Kind() == pref.EnumKind && enumName != "" { + if fd.Kind() == protoreflect.EnumKind && enumName != "" { tag = append(tag, "enum="+enumName) } if fd.ContainingOneof() != nil { diff --git a/vendor/google.golang.org/protobuf/internal/encoding/text/decode.go b/vendor/google.golang.org/protobuf/internal/encoding/text/decode.go index 37803773fa3..427c62d037f 100644 --- a/vendor/google.golang.org/protobuf/internal/encoding/text/decode.go +++ b/vendor/google.golang.org/protobuf/internal/encoding/text/decode.go @@ -8,7 +8,6 @@ import ( "bytes" "fmt" "io" - "regexp" "strconv" "unicode/utf8" @@ -421,7 +420,7 @@ func (d *Decoder) parseFieldName() (tok Token, err error) { return Token{}, d.newSyntaxError("invalid field number: %s", d.in[:num.size]) } - return Token{}, d.newSyntaxError("invalid field name: %s", errRegexp.Find(d.in)) + return Token{}, d.newSyntaxError("invalid field name: %s", errId(d.in)) } // parseTypeName parses Any type URL or extension field name. The name is @@ -571,7 +570,7 @@ func (d *Decoder) parseScalar() (Token, error) { return tok, nil } - return Token{}, d.newSyntaxError("invalid scalar value: %s", errRegexp.Find(d.in)) + return Token{}, d.newSyntaxError("invalid scalar value: %s", errId(d.in)) } // parseLiteralValue parses a literal value. A literal value is used for @@ -653,8 +652,29 @@ func consume(b []byte, n int) []byte { return b } -// Any sequence that looks like a non-delimiter (for error reporting). -var errRegexp = regexp.MustCompile(`^([-+._a-zA-Z0-9\/]+|.)`) +// errId extracts a byte sequence that looks like an invalid ID +// (for the purposes of error reporting). +func errId(seq []byte) []byte { + const maxLen = 32 + for i := 0; i < len(seq); { + if i > maxLen { + return append(seq[:i:i], "…"...) + } + r, size := utf8.DecodeRune(seq[i:]) + if r > utf8.RuneSelf || (r != '/' && isDelim(byte(r))) { + if i == 0 { + // Either the first byte is invalid UTF-8 or a + // delimiter, or the first rune is non-ASCII. + // Return it as-is. + i = size + } + return seq[:i:i] + } + i += size + } + // No delimiter found. + return seq +} // isDelim returns true if given byte is a delimiter character. func isDelim(c byte) bool { diff --git a/vendor/google.golang.org/protobuf/internal/encoding/text/decode_number.go b/vendor/google.golang.org/protobuf/internal/encoding/text/decode_number.go index f2d90b78999..81a5d8c8613 100644 --- a/vendor/google.golang.org/protobuf/internal/encoding/text/decode_number.go +++ b/vendor/google.golang.org/protobuf/internal/encoding/text/decode_number.go @@ -50,8 +50,10 @@ type number struct { // parseNumber constructs a number object from given input. It allows for the // following patterns: -// integer: ^-?([1-9][0-9]*|0[xX][0-9a-fA-F]+|0[0-7]*) -// float: ^-?((0|[1-9][0-9]*)?([.][0-9]*)?([eE][+-]?[0-9]+)?[fF]?) +// +// integer: ^-?([1-9][0-9]*|0[xX][0-9a-fA-F]+|0[0-7]*) +// float: ^-?((0|[1-9][0-9]*)?([.][0-9]*)?([eE][+-]?[0-9]+)?[fF]?) +// // It also returns the number of parsed bytes for the given number, 0 if it is // not a number. func parseNumber(input []byte) number { diff --git a/vendor/google.golang.org/protobuf/internal/encoding/text/doc.go b/vendor/google.golang.org/protobuf/internal/encoding/text/doc.go index 0ce8d6fb83d..7ae6c2a3c26 100644 --- a/vendor/google.golang.org/protobuf/internal/encoding/text/doc.go +++ b/vendor/google.golang.org/protobuf/internal/encoding/text/doc.go @@ -24,6 +24,6 @@ // the Go implementation should as well. // // The text format is almost a superset of JSON except: -// * message keys are not quoted strings, but identifiers -// * the top-level value must be a message without the delimiters +// - message keys are not quoted strings, but identifiers +// - the top-level value must be a message without the delimiters package text diff --git a/vendor/google.golang.org/protobuf/internal/filedesc/build.go b/vendor/google.golang.org/protobuf/internal/filedesc/build.go index b293b694736..7cac1c19016 100644 --- a/vendor/google.golang.org/protobuf/internal/filedesc/build.go +++ b/vendor/google.golang.org/protobuf/internal/filedesc/build.go @@ -12,8 +12,7 @@ import ( "google.golang.org/protobuf/encoding/protowire" "google.golang.org/protobuf/internal/genid" "google.golang.org/protobuf/reflect/protoreflect" - pref "google.golang.org/protobuf/reflect/protoreflect" - preg "google.golang.org/protobuf/reflect/protoregistry" + "google.golang.org/protobuf/reflect/protoregistry" ) // Builder construct a protoreflect.FileDescriptor from the raw descriptor. @@ -38,7 +37,7 @@ type Builder struct { // TypeResolver resolves extension field types for descriptor options. // If nil, it uses protoregistry.GlobalTypes. TypeResolver interface { - preg.ExtensionTypeResolver + protoregistry.ExtensionTypeResolver } // FileRegistry is use to lookup file, enum, and message dependencies. @@ -46,8 +45,8 @@ type Builder struct { // If nil, it uses protoregistry.GlobalFiles. FileRegistry interface { FindFileByPath(string) (protoreflect.FileDescriptor, error) - FindDescriptorByName(pref.FullName) (pref.Descriptor, error) - RegisterFile(pref.FileDescriptor) error + FindDescriptorByName(protoreflect.FullName) (protoreflect.Descriptor, error) + RegisterFile(protoreflect.FileDescriptor) error } } @@ -55,8 +54,8 @@ type Builder struct { // If so, it permits looking up an enum or message dependency based on the // sub-list and element index into filetype.Builder.DependencyIndexes. type resolverByIndex interface { - FindEnumByIndex(int32, int32, []Enum, []Message) pref.EnumDescriptor - FindMessageByIndex(int32, int32, []Enum, []Message) pref.MessageDescriptor + FindEnumByIndex(int32, int32, []Enum, []Message) protoreflect.EnumDescriptor + FindMessageByIndex(int32, int32, []Enum, []Message) protoreflect.MessageDescriptor } // Indexes of each sub-list in filetype.Builder.DependencyIndexes. @@ -70,7 +69,7 @@ const ( // Out is the output of the Builder. type Out struct { - File pref.FileDescriptor + File protoreflect.FileDescriptor // Enums is all enum descriptors in "flattened ordering". Enums []Enum @@ -97,10 +96,10 @@ func (db Builder) Build() (out Out) { // Initialize resolvers and registries if unpopulated. if db.TypeResolver == nil { - db.TypeResolver = preg.GlobalTypes + db.TypeResolver = protoregistry.GlobalTypes } if db.FileRegistry == nil { - db.FileRegistry = preg.GlobalFiles + db.FileRegistry = protoregistry.GlobalFiles } fd := newRawFile(db) diff --git a/vendor/google.golang.org/protobuf/internal/filedesc/desc.go b/vendor/google.golang.org/protobuf/internal/filedesc/desc.go index 98ab142aeee..7c3689baee8 100644 --- a/vendor/google.golang.org/protobuf/internal/filedesc/desc.go +++ b/vendor/google.golang.org/protobuf/internal/filedesc/desc.go @@ -17,7 +17,7 @@ import ( "google.golang.org/protobuf/internal/genid" "google.golang.org/protobuf/internal/pragma" "google.golang.org/protobuf/internal/strs" - pref "google.golang.org/protobuf/reflect/protoreflect" + "google.golang.org/protobuf/reflect/protoreflect" "google.golang.org/protobuf/reflect/protoregistry" ) @@ -43,9 +43,9 @@ type ( L2 *FileL2 } FileL1 struct { - Syntax pref.Syntax + Syntax protoreflect.Syntax Path string - Package pref.FullName + Package protoreflect.FullName Enums Enums Messages Messages @@ -53,36 +53,36 @@ type ( Services Services } FileL2 struct { - Options func() pref.ProtoMessage + Options func() protoreflect.ProtoMessage Imports FileImports Locations SourceLocations } ) -func (fd *File) ParentFile() pref.FileDescriptor { return fd } -func (fd *File) Parent() pref.Descriptor { return nil } -func (fd *File) Index() int { return 0 } -func (fd *File) Syntax() pref.Syntax { return fd.L1.Syntax } -func (fd *File) Name() pref.Name { return fd.L1.Package.Name() } -func (fd *File) FullName() pref.FullName { return fd.L1.Package } -func (fd *File) IsPlaceholder() bool { return false } -func (fd *File) Options() pref.ProtoMessage { +func (fd *File) ParentFile() protoreflect.FileDescriptor { return fd } +func (fd *File) Parent() protoreflect.Descriptor { return nil } +func (fd *File) Index() int { return 0 } +func (fd *File) Syntax() protoreflect.Syntax { return fd.L1.Syntax } +func (fd *File) Name() protoreflect.Name { return fd.L1.Package.Name() } +func (fd *File) FullName() protoreflect.FullName { return fd.L1.Package } +func (fd *File) IsPlaceholder() bool { return false } +func (fd *File) Options() protoreflect.ProtoMessage { if f := fd.lazyInit().Options; f != nil { return f() } return descopts.File } -func (fd *File) Path() string { return fd.L1.Path } -func (fd *File) Package() pref.FullName { return fd.L1.Package } -func (fd *File) Imports() pref.FileImports { return &fd.lazyInit().Imports } -func (fd *File) Enums() pref.EnumDescriptors { return &fd.L1.Enums } -func (fd *File) Messages() pref.MessageDescriptors { return &fd.L1.Messages } -func (fd *File) Extensions() pref.ExtensionDescriptors { return &fd.L1.Extensions } -func (fd *File) Services() pref.ServiceDescriptors { return &fd.L1.Services } -func (fd *File) SourceLocations() pref.SourceLocations { return &fd.lazyInit().Locations } -func (fd *File) Format(s fmt.State, r rune) { descfmt.FormatDesc(s, r, fd) } -func (fd *File) ProtoType(pref.FileDescriptor) {} -func (fd *File) ProtoInternal(pragma.DoNotImplement) {} +func (fd *File) Path() string { return fd.L1.Path } +func (fd *File) Package() protoreflect.FullName { return fd.L1.Package } +func (fd *File) Imports() protoreflect.FileImports { return &fd.lazyInit().Imports } +func (fd *File) Enums() protoreflect.EnumDescriptors { return &fd.L1.Enums } +func (fd *File) Messages() protoreflect.MessageDescriptors { return &fd.L1.Messages } +func (fd *File) Extensions() protoreflect.ExtensionDescriptors { return &fd.L1.Extensions } +func (fd *File) Services() protoreflect.ServiceDescriptors { return &fd.L1.Services } +func (fd *File) SourceLocations() protoreflect.SourceLocations { return &fd.lazyInit().Locations } +func (fd *File) Format(s fmt.State, r rune) { descfmt.FormatDesc(s, r, fd) } +func (fd *File) ProtoType(protoreflect.FileDescriptor) {} +func (fd *File) ProtoInternal(pragma.DoNotImplement) {} func (fd *File) lazyInit() *FileL2 { if atomic.LoadUint32(&fd.once) == 0 { @@ -119,7 +119,7 @@ type ( eagerValues bool // controls whether EnumL2.Values is already populated } EnumL2 struct { - Options func() pref.ProtoMessage + Options func() protoreflect.ProtoMessage Values EnumValues ReservedNames Names ReservedRanges EnumRanges @@ -130,41 +130,41 @@ type ( L1 EnumValueL1 } EnumValueL1 struct { - Options func() pref.ProtoMessage - Number pref.EnumNumber + Options func() protoreflect.ProtoMessage + Number protoreflect.EnumNumber } ) -func (ed *Enum) Options() pref.ProtoMessage { +func (ed *Enum) Options() protoreflect.ProtoMessage { if f := ed.lazyInit().Options; f != nil { return f() } return descopts.Enum } -func (ed *Enum) Values() pref.EnumValueDescriptors { +func (ed *Enum) Values() protoreflect.EnumValueDescriptors { if ed.L1.eagerValues { return &ed.L2.Values } return &ed.lazyInit().Values } -func (ed *Enum) ReservedNames() pref.Names { return &ed.lazyInit().ReservedNames } -func (ed *Enum) ReservedRanges() pref.EnumRanges { return &ed.lazyInit().ReservedRanges } -func (ed *Enum) Format(s fmt.State, r rune) { descfmt.FormatDesc(s, r, ed) } -func (ed *Enum) ProtoType(pref.EnumDescriptor) {} +func (ed *Enum) ReservedNames() protoreflect.Names { return &ed.lazyInit().ReservedNames } +func (ed *Enum) ReservedRanges() protoreflect.EnumRanges { return &ed.lazyInit().ReservedRanges } +func (ed *Enum) Format(s fmt.State, r rune) { descfmt.FormatDesc(s, r, ed) } +func (ed *Enum) ProtoType(protoreflect.EnumDescriptor) {} func (ed *Enum) lazyInit() *EnumL2 { ed.L0.ParentFile.lazyInit() // implicitly initializes L2 return ed.L2 } -func (ed *EnumValue) Options() pref.ProtoMessage { +func (ed *EnumValue) Options() protoreflect.ProtoMessage { if f := ed.L1.Options; f != nil { return f() } return descopts.EnumValue } -func (ed *EnumValue) Number() pref.EnumNumber { return ed.L1.Number } -func (ed *EnumValue) Format(s fmt.State, r rune) { descfmt.FormatDesc(s, r, ed) } -func (ed *EnumValue) ProtoType(pref.EnumValueDescriptor) {} +func (ed *EnumValue) Number() protoreflect.EnumNumber { return ed.L1.Number } +func (ed *EnumValue) Format(s fmt.State, r rune) { descfmt.FormatDesc(s, r, ed) } +func (ed *EnumValue) ProtoType(protoreflect.EnumValueDescriptor) {} type ( Message struct { @@ -180,14 +180,14 @@ type ( IsMessageSet bool // promoted from google.protobuf.MessageOptions } MessageL2 struct { - Options func() pref.ProtoMessage + Options func() protoreflect.ProtoMessage Fields Fields Oneofs Oneofs ReservedNames Names ReservedRanges FieldRanges RequiredNumbers FieldNumbers // must be consistent with Fields.Cardinality ExtensionRanges FieldRanges - ExtensionRangeOptions []func() pref.ProtoMessage // must be same length as ExtensionRanges + ExtensionRangeOptions []func() protoreflect.ProtoMessage // must be same length as ExtensionRanges } Field struct { @@ -195,10 +195,10 @@ type ( L1 FieldL1 } FieldL1 struct { - Options func() pref.ProtoMessage - Number pref.FieldNumber - Cardinality pref.Cardinality // must be consistent with Message.RequiredNumbers - Kind pref.Kind + Options func() protoreflect.ProtoMessage + Number protoreflect.FieldNumber + Cardinality protoreflect.Cardinality // must be consistent with Message.RequiredNumbers + Kind protoreflect.Kind StringName stringName IsProto3Optional bool // promoted from google.protobuf.FieldDescriptorProto IsWeak bool // promoted from google.protobuf.FieldOptions @@ -207,9 +207,9 @@ type ( HasEnforceUTF8 bool // promoted from google.protobuf.FieldOptions EnforceUTF8 bool // promoted from google.protobuf.FieldOptions Default defaultValue - ContainingOneof pref.OneofDescriptor // must be consistent with Message.Oneofs.Fields - Enum pref.EnumDescriptor - Message pref.MessageDescriptor + ContainingOneof protoreflect.OneofDescriptor // must be consistent with Message.Oneofs.Fields + Enum protoreflect.EnumDescriptor + Message protoreflect.MessageDescriptor } Oneof struct { @@ -217,35 +217,35 @@ type ( L1 OneofL1 } OneofL1 struct { - Options func() pref.ProtoMessage + Options func() protoreflect.ProtoMessage Fields OneofFields // must be consistent with Message.Fields.ContainingOneof } ) -func (md *Message) Options() pref.ProtoMessage { +func (md *Message) Options() protoreflect.ProtoMessage { if f := md.lazyInit().Options; f != nil { return f() } return descopts.Message } -func (md *Message) IsMapEntry() bool { return md.L1.IsMapEntry } -func (md *Message) Fields() pref.FieldDescriptors { return &md.lazyInit().Fields } -func (md *Message) Oneofs() pref.OneofDescriptors { return &md.lazyInit().Oneofs } -func (md *Message) ReservedNames() pref.Names { return &md.lazyInit().ReservedNames } -func (md *Message) ReservedRanges() pref.FieldRanges { return &md.lazyInit().ReservedRanges } -func (md *Message) RequiredNumbers() pref.FieldNumbers { return &md.lazyInit().RequiredNumbers } -func (md *Message) ExtensionRanges() pref.FieldRanges { return &md.lazyInit().ExtensionRanges } -func (md *Message) ExtensionRangeOptions(i int) pref.ProtoMessage { +func (md *Message) IsMapEntry() bool { return md.L1.IsMapEntry } +func (md *Message) Fields() protoreflect.FieldDescriptors { return &md.lazyInit().Fields } +func (md *Message) Oneofs() protoreflect.OneofDescriptors { return &md.lazyInit().Oneofs } +func (md *Message) ReservedNames() protoreflect.Names { return &md.lazyInit().ReservedNames } +func (md *Message) ReservedRanges() protoreflect.FieldRanges { return &md.lazyInit().ReservedRanges } +func (md *Message) RequiredNumbers() protoreflect.FieldNumbers { return &md.lazyInit().RequiredNumbers } +func (md *Message) ExtensionRanges() protoreflect.FieldRanges { return &md.lazyInit().ExtensionRanges } +func (md *Message) ExtensionRangeOptions(i int) protoreflect.ProtoMessage { if f := md.lazyInit().ExtensionRangeOptions[i]; f != nil { return f() } return descopts.ExtensionRange } -func (md *Message) Enums() pref.EnumDescriptors { return &md.L1.Enums } -func (md *Message) Messages() pref.MessageDescriptors { return &md.L1.Messages } -func (md *Message) Extensions() pref.ExtensionDescriptors { return &md.L1.Extensions } -func (md *Message) ProtoType(pref.MessageDescriptor) {} -func (md *Message) Format(s fmt.State, r rune) { descfmt.FormatDesc(s, r, md) } +func (md *Message) Enums() protoreflect.EnumDescriptors { return &md.L1.Enums } +func (md *Message) Messages() protoreflect.MessageDescriptors { return &md.L1.Messages } +func (md *Message) Extensions() protoreflect.ExtensionDescriptors { return &md.L1.Extensions } +func (md *Message) ProtoType(protoreflect.MessageDescriptor) {} +func (md *Message) Format(s fmt.State, r rune) { descfmt.FormatDesc(s, r, md) } func (md *Message) lazyInit() *MessageL2 { md.L0.ParentFile.lazyInit() // implicitly initializes L2 return md.L2 @@ -260,28 +260,28 @@ func (md *Message) IsMessageSet() bool { return md.L1.IsMessageSet } -func (fd *Field) Options() pref.ProtoMessage { +func (fd *Field) Options() protoreflect.ProtoMessage { if f := fd.L1.Options; f != nil { return f() } return descopts.Field } -func (fd *Field) Number() pref.FieldNumber { return fd.L1.Number } -func (fd *Field) Cardinality() pref.Cardinality { return fd.L1.Cardinality } -func (fd *Field) Kind() pref.Kind { return fd.L1.Kind } -func (fd *Field) HasJSONName() bool { return fd.L1.StringName.hasJSON } -func (fd *Field) JSONName() string { return fd.L1.StringName.getJSON(fd) } -func (fd *Field) TextName() string { return fd.L1.StringName.getText(fd) } +func (fd *Field) Number() protoreflect.FieldNumber { return fd.L1.Number } +func (fd *Field) Cardinality() protoreflect.Cardinality { return fd.L1.Cardinality } +func (fd *Field) Kind() protoreflect.Kind { return fd.L1.Kind } +func (fd *Field) HasJSONName() bool { return fd.L1.StringName.hasJSON } +func (fd *Field) JSONName() string { return fd.L1.StringName.getJSON(fd) } +func (fd *Field) TextName() string { return fd.L1.StringName.getText(fd) } func (fd *Field) HasPresence() bool { - return fd.L1.Cardinality != pref.Repeated && (fd.L0.ParentFile.L1.Syntax == pref.Proto2 || fd.L1.Message != nil || fd.L1.ContainingOneof != nil) + return fd.L1.Cardinality != protoreflect.Repeated && (fd.L0.ParentFile.L1.Syntax == protoreflect.Proto2 || fd.L1.Message != nil || fd.L1.ContainingOneof != nil) } func (fd *Field) HasOptionalKeyword() bool { - return (fd.L0.ParentFile.L1.Syntax == pref.Proto2 && fd.L1.Cardinality == pref.Optional && fd.L1.ContainingOneof == nil) || fd.L1.IsProto3Optional + return (fd.L0.ParentFile.L1.Syntax == protoreflect.Proto2 && fd.L1.Cardinality == protoreflect.Optional && fd.L1.ContainingOneof == nil) || fd.L1.IsProto3Optional } func (fd *Field) IsPacked() bool { - if !fd.L1.HasPacked && fd.L0.ParentFile.L1.Syntax != pref.Proto2 && fd.L1.Cardinality == pref.Repeated { + if !fd.L1.HasPacked && fd.L0.ParentFile.L1.Syntax != protoreflect.Proto2 && fd.L1.Cardinality == protoreflect.Repeated { switch fd.L1.Kind { - case pref.StringKind, pref.BytesKind, pref.MessageKind, pref.GroupKind: + case protoreflect.StringKind, protoreflect.BytesKind, protoreflect.MessageKind, protoreflect.GroupKind: default: return true } @@ -290,40 +290,40 @@ func (fd *Field) IsPacked() bool { } func (fd *Field) IsExtension() bool { return false } func (fd *Field) IsWeak() bool { return fd.L1.IsWeak } -func (fd *Field) IsList() bool { return fd.Cardinality() == pref.Repeated && !fd.IsMap() } +func (fd *Field) IsList() bool { return fd.Cardinality() == protoreflect.Repeated && !fd.IsMap() } func (fd *Field) IsMap() bool { return fd.Message() != nil && fd.Message().IsMapEntry() } -func (fd *Field) MapKey() pref.FieldDescriptor { +func (fd *Field) MapKey() protoreflect.FieldDescriptor { if !fd.IsMap() { return nil } return fd.Message().Fields().ByNumber(genid.MapEntry_Key_field_number) } -func (fd *Field) MapValue() pref.FieldDescriptor { +func (fd *Field) MapValue() protoreflect.FieldDescriptor { if !fd.IsMap() { return nil } return fd.Message().Fields().ByNumber(genid.MapEntry_Value_field_number) } -func (fd *Field) HasDefault() bool { return fd.L1.Default.has } -func (fd *Field) Default() pref.Value { return fd.L1.Default.get(fd) } -func (fd *Field) DefaultEnumValue() pref.EnumValueDescriptor { return fd.L1.Default.enum } -func (fd *Field) ContainingOneof() pref.OneofDescriptor { return fd.L1.ContainingOneof } -func (fd *Field) ContainingMessage() pref.MessageDescriptor { - return fd.L0.Parent.(pref.MessageDescriptor) +func (fd *Field) HasDefault() bool { return fd.L1.Default.has } +func (fd *Field) Default() protoreflect.Value { return fd.L1.Default.get(fd) } +func (fd *Field) DefaultEnumValue() protoreflect.EnumValueDescriptor { return fd.L1.Default.enum } +func (fd *Field) ContainingOneof() protoreflect.OneofDescriptor { return fd.L1.ContainingOneof } +func (fd *Field) ContainingMessage() protoreflect.MessageDescriptor { + return fd.L0.Parent.(protoreflect.MessageDescriptor) } -func (fd *Field) Enum() pref.EnumDescriptor { +func (fd *Field) Enum() protoreflect.EnumDescriptor { return fd.L1.Enum } -func (fd *Field) Message() pref.MessageDescriptor { +func (fd *Field) Message() protoreflect.MessageDescriptor { if fd.L1.IsWeak { if d, _ := protoregistry.GlobalFiles.FindDescriptorByName(fd.L1.Message.FullName()); d != nil { - return d.(pref.MessageDescriptor) + return d.(protoreflect.MessageDescriptor) } } return fd.L1.Message } -func (fd *Field) Format(s fmt.State, r rune) { descfmt.FormatDesc(s, r, fd) } -func (fd *Field) ProtoType(pref.FieldDescriptor) {} +func (fd *Field) Format(s fmt.State, r rune) { descfmt.FormatDesc(s, r, fd) } +func (fd *Field) ProtoType(protoreflect.FieldDescriptor) {} // EnforceUTF8 is a pseudo-internal API to determine whether to enforce UTF-8 // validation for the string field. This exists for Google-internal use only @@ -336,21 +336,21 @@ func (fd *Field) EnforceUTF8() bool { if fd.L1.HasEnforceUTF8 { return fd.L1.EnforceUTF8 } - return fd.L0.ParentFile.L1.Syntax == pref.Proto3 + return fd.L0.ParentFile.L1.Syntax == protoreflect.Proto3 } func (od *Oneof) IsSynthetic() bool { - return od.L0.ParentFile.L1.Syntax == pref.Proto3 && len(od.L1.Fields.List) == 1 && od.L1.Fields.List[0].HasOptionalKeyword() + return od.L0.ParentFile.L1.Syntax == protoreflect.Proto3 && len(od.L1.Fields.List) == 1 && od.L1.Fields.List[0].HasOptionalKeyword() } -func (od *Oneof) Options() pref.ProtoMessage { +func (od *Oneof) Options() protoreflect.ProtoMessage { if f := od.L1.Options; f != nil { return f() } return descopts.Oneof } -func (od *Oneof) Fields() pref.FieldDescriptors { return &od.L1.Fields } -func (od *Oneof) Format(s fmt.State, r rune) { descfmt.FormatDesc(s, r, od) } -func (od *Oneof) ProtoType(pref.OneofDescriptor) {} +func (od *Oneof) Fields() protoreflect.FieldDescriptors { return &od.L1.Fields } +func (od *Oneof) Format(s fmt.State, r rune) { descfmt.FormatDesc(s, r, od) } +func (od *Oneof) ProtoType(protoreflect.OneofDescriptor) {} type ( Extension struct { @@ -359,55 +359,57 @@ type ( L2 *ExtensionL2 // protected by fileDesc.once } ExtensionL1 struct { - Number pref.FieldNumber - Extendee pref.MessageDescriptor - Cardinality pref.Cardinality - Kind pref.Kind + Number protoreflect.FieldNumber + Extendee protoreflect.MessageDescriptor + Cardinality protoreflect.Cardinality + Kind protoreflect.Kind } ExtensionL2 struct { - Options func() pref.ProtoMessage + Options func() protoreflect.ProtoMessage StringName stringName IsProto3Optional bool // promoted from google.protobuf.FieldDescriptorProto IsPacked bool // promoted from google.protobuf.FieldOptions Default defaultValue - Enum pref.EnumDescriptor - Message pref.MessageDescriptor + Enum protoreflect.EnumDescriptor + Message protoreflect.MessageDescriptor } ) -func (xd *Extension) Options() pref.ProtoMessage { +func (xd *Extension) Options() protoreflect.ProtoMessage { if f := xd.lazyInit().Options; f != nil { return f() } return descopts.Field } -func (xd *Extension) Number() pref.FieldNumber { return xd.L1.Number } -func (xd *Extension) Cardinality() pref.Cardinality { return xd.L1.Cardinality } -func (xd *Extension) Kind() pref.Kind { return xd.L1.Kind } -func (xd *Extension) HasJSONName() bool { return xd.lazyInit().StringName.hasJSON } -func (xd *Extension) JSONName() string { return xd.lazyInit().StringName.getJSON(xd) } -func (xd *Extension) TextName() string { return xd.lazyInit().StringName.getText(xd) } -func (xd *Extension) HasPresence() bool { return xd.L1.Cardinality != pref.Repeated } +func (xd *Extension) Number() protoreflect.FieldNumber { return xd.L1.Number } +func (xd *Extension) Cardinality() protoreflect.Cardinality { return xd.L1.Cardinality } +func (xd *Extension) Kind() protoreflect.Kind { return xd.L1.Kind } +func (xd *Extension) HasJSONName() bool { return xd.lazyInit().StringName.hasJSON } +func (xd *Extension) JSONName() string { return xd.lazyInit().StringName.getJSON(xd) } +func (xd *Extension) TextName() string { return xd.lazyInit().StringName.getText(xd) } +func (xd *Extension) HasPresence() bool { return xd.L1.Cardinality != protoreflect.Repeated } func (xd *Extension) HasOptionalKeyword() bool { - return (xd.L0.ParentFile.L1.Syntax == pref.Proto2 && xd.L1.Cardinality == pref.Optional) || xd.lazyInit().IsProto3Optional -} -func (xd *Extension) IsPacked() bool { return xd.lazyInit().IsPacked } -func (xd *Extension) IsExtension() bool { return true } -func (xd *Extension) IsWeak() bool { return false } -func (xd *Extension) IsList() bool { return xd.Cardinality() == pref.Repeated } -func (xd *Extension) IsMap() bool { return false } -func (xd *Extension) MapKey() pref.FieldDescriptor { return nil } -func (xd *Extension) MapValue() pref.FieldDescriptor { return nil } -func (xd *Extension) HasDefault() bool { return xd.lazyInit().Default.has } -func (xd *Extension) Default() pref.Value { return xd.lazyInit().Default.get(xd) } -func (xd *Extension) DefaultEnumValue() pref.EnumValueDescriptor { return xd.lazyInit().Default.enum } -func (xd *Extension) ContainingOneof() pref.OneofDescriptor { return nil } -func (xd *Extension) ContainingMessage() pref.MessageDescriptor { return xd.L1.Extendee } -func (xd *Extension) Enum() pref.EnumDescriptor { return xd.lazyInit().Enum } -func (xd *Extension) Message() pref.MessageDescriptor { return xd.lazyInit().Message } -func (xd *Extension) Format(s fmt.State, r rune) { descfmt.FormatDesc(s, r, xd) } -func (xd *Extension) ProtoType(pref.FieldDescriptor) {} -func (xd *Extension) ProtoInternal(pragma.DoNotImplement) {} + return (xd.L0.ParentFile.L1.Syntax == protoreflect.Proto2 && xd.L1.Cardinality == protoreflect.Optional) || xd.lazyInit().IsProto3Optional +} +func (xd *Extension) IsPacked() bool { return xd.lazyInit().IsPacked } +func (xd *Extension) IsExtension() bool { return true } +func (xd *Extension) IsWeak() bool { return false } +func (xd *Extension) IsList() bool { return xd.Cardinality() == protoreflect.Repeated } +func (xd *Extension) IsMap() bool { return false } +func (xd *Extension) MapKey() protoreflect.FieldDescriptor { return nil } +func (xd *Extension) MapValue() protoreflect.FieldDescriptor { return nil } +func (xd *Extension) HasDefault() bool { return xd.lazyInit().Default.has } +func (xd *Extension) Default() protoreflect.Value { return xd.lazyInit().Default.get(xd) } +func (xd *Extension) DefaultEnumValue() protoreflect.EnumValueDescriptor { + return xd.lazyInit().Default.enum +} +func (xd *Extension) ContainingOneof() protoreflect.OneofDescriptor { return nil } +func (xd *Extension) ContainingMessage() protoreflect.MessageDescriptor { return xd.L1.Extendee } +func (xd *Extension) Enum() protoreflect.EnumDescriptor { return xd.lazyInit().Enum } +func (xd *Extension) Message() protoreflect.MessageDescriptor { return xd.lazyInit().Message } +func (xd *Extension) Format(s fmt.State, r rune) { descfmt.FormatDesc(s, r, xd) } +func (xd *Extension) ProtoType(protoreflect.FieldDescriptor) {} +func (xd *Extension) ProtoInternal(pragma.DoNotImplement) {} func (xd *Extension) lazyInit() *ExtensionL2 { xd.L0.ParentFile.lazyInit() // implicitly initializes L2 return xd.L2 @@ -421,7 +423,7 @@ type ( } ServiceL1 struct{} ServiceL2 struct { - Options func() pref.ProtoMessage + Options func() protoreflect.ProtoMessage Methods Methods } @@ -430,48 +432,48 @@ type ( L1 MethodL1 } MethodL1 struct { - Options func() pref.ProtoMessage - Input pref.MessageDescriptor - Output pref.MessageDescriptor + Options func() protoreflect.ProtoMessage + Input protoreflect.MessageDescriptor + Output protoreflect.MessageDescriptor IsStreamingClient bool IsStreamingServer bool } ) -func (sd *Service) Options() pref.ProtoMessage { +func (sd *Service) Options() protoreflect.ProtoMessage { if f := sd.lazyInit().Options; f != nil { return f() } return descopts.Service } -func (sd *Service) Methods() pref.MethodDescriptors { return &sd.lazyInit().Methods } -func (sd *Service) Format(s fmt.State, r rune) { descfmt.FormatDesc(s, r, sd) } -func (sd *Service) ProtoType(pref.ServiceDescriptor) {} -func (sd *Service) ProtoInternal(pragma.DoNotImplement) {} +func (sd *Service) Methods() protoreflect.MethodDescriptors { return &sd.lazyInit().Methods } +func (sd *Service) Format(s fmt.State, r rune) { descfmt.FormatDesc(s, r, sd) } +func (sd *Service) ProtoType(protoreflect.ServiceDescriptor) {} +func (sd *Service) ProtoInternal(pragma.DoNotImplement) {} func (sd *Service) lazyInit() *ServiceL2 { sd.L0.ParentFile.lazyInit() // implicitly initializes L2 return sd.L2 } -func (md *Method) Options() pref.ProtoMessage { +func (md *Method) Options() protoreflect.ProtoMessage { if f := md.L1.Options; f != nil { return f() } return descopts.Method } -func (md *Method) Input() pref.MessageDescriptor { return md.L1.Input } -func (md *Method) Output() pref.MessageDescriptor { return md.L1.Output } -func (md *Method) IsStreamingClient() bool { return md.L1.IsStreamingClient } -func (md *Method) IsStreamingServer() bool { return md.L1.IsStreamingServer } -func (md *Method) Format(s fmt.State, r rune) { descfmt.FormatDesc(s, r, md) } -func (md *Method) ProtoType(pref.MethodDescriptor) {} -func (md *Method) ProtoInternal(pragma.DoNotImplement) {} +func (md *Method) Input() protoreflect.MessageDescriptor { return md.L1.Input } +func (md *Method) Output() protoreflect.MessageDescriptor { return md.L1.Output } +func (md *Method) IsStreamingClient() bool { return md.L1.IsStreamingClient } +func (md *Method) IsStreamingServer() bool { return md.L1.IsStreamingServer } +func (md *Method) Format(s fmt.State, r rune) { descfmt.FormatDesc(s, r, md) } +func (md *Method) ProtoType(protoreflect.MethodDescriptor) {} +func (md *Method) ProtoInternal(pragma.DoNotImplement) {} // Surrogate files are can be used to create standalone descriptors // where the syntax is only information derived from the parent file. var ( - SurrogateProto2 = &File{L1: FileL1{Syntax: pref.Proto2}, L2: &FileL2{}} - SurrogateProto3 = &File{L1: FileL1{Syntax: pref.Proto3}, L2: &FileL2{}} + SurrogateProto2 = &File{L1: FileL1{Syntax: protoreflect.Proto2}, L2: &FileL2{}} + SurrogateProto3 = &File{L1: FileL1{Syntax: protoreflect.Proto3}, L2: &FileL2{}} ) type ( @@ -479,24 +481,24 @@ type ( L0 BaseL0 } BaseL0 struct { - FullName pref.FullName // must be populated - ParentFile *File // must be populated - Parent pref.Descriptor + FullName protoreflect.FullName // must be populated + ParentFile *File // must be populated + Parent protoreflect.Descriptor Index int } ) -func (d *Base) Name() pref.Name { return d.L0.FullName.Name() } -func (d *Base) FullName() pref.FullName { return d.L0.FullName } -func (d *Base) ParentFile() pref.FileDescriptor { +func (d *Base) Name() protoreflect.Name { return d.L0.FullName.Name() } +func (d *Base) FullName() protoreflect.FullName { return d.L0.FullName } +func (d *Base) ParentFile() protoreflect.FileDescriptor { if d.L0.ParentFile == SurrogateProto2 || d.L0.ParentFile == SurrogateProto3 { return nil // surrogate files are not real parents } return d.L0.ParentFile } -func (d *Base) Parent() pref.Descriptor { return d.L0.Parent } +func (d *Base) Parent() protoreflect.Descriptor { return d.L0.Parent } func (d *Base) Index() int { return d.L0.Index } -func (d *Base) Syntax() pref.Syntax { return d.L0.ParentFile.Syntax() } +func (d *Base) Syntax() protoreflect.Syntax { return d.L0.ParentFile.Syntax() } func (d *Base) IsPlaceholder() bool { return false } func (d *Base) ProtoInternal(pragma.DoNotImplement) {} @@ -513,7 +515,7 @@ func (s *stringName) InitJSON(name string) { s.nameJSON = name } -func (s *stringName) lazyInit(fd pref.FieldDescriptor) *stringName { +func (s *stringName) lazyInit(fd protoreflect.FieldDescriptor) *stringName { s.once.Do(func() { if fd.IsExtension() { // For extensions, JSON and text are formatted the same way. @@ -533,7 +535,7 @@ func (s *stringName) lazyInit(fd pref.FieldDescriptor) *stringName { // Format the text name. s.nameText = string(fd.Name()) - if fd.Kind() == pref.GroupKind { + if fd.Kind() == protoreflect.GroupKind { s.nameText = string(fd.Message().Name()) } } @@ -541,10 +543,10 @@ func (s *stringName) lazyInit(fd pref.FieldDescriptor) *stringName { return s } -func (s *stringName) getJSON(fd pref.FieldDescriptor) string { return s.lazyInit(fd).nameJSON } -func (s *stringName) getText(fd pref.FieldDescriptor) string { return s.lazyInit(fd).nameText } +func (s *stringName) getJSON(fd protoreflect.FieldDescriptor) string { return s.lazyInit(fd).nameJSON } +func (s *stringName) getText(fd protoreflect.FieldDescriptor) string { return s.lazyInit(fd).nameText } -func DefaultValue(v pref.Value, ev pref.EnumValueDescriptor) defaultValue { +func DefaultValue(v protoreflect.Value, ev protoreflect.EnumValueDescriptor) defaultValue { dv := defaultValue{has: v.IsValid(), val: v, enum: ev} if b, ok := v.Interface().([]byte); ok { // Store a copy of the default bytes, so that we can detect @@ -554,9 +556,9 @@ func DefaultValue(v pref.Value, ev pref.EnumValueDescriptor) defaultValue { return dv } -func unmarshalDefault(b []byte, k pref.Kind, pf *File, ed pref.EnumDescriptor) defaultValue { - var evs pref.EnumValueDescriptors - if k == pref.EnumKind { +func unmarshalDefault(b []byte, k protoreflect.Kind, pf *File, ed protoreflect.EnumDescriptor) defaultValue { + var evs protoreflect.EnumValueDescriptors + if k == protoreflect.EnumKind { // If the enum is declared within the same file, be careful not to // blindly call the Values method, lest we bind ourselves in a deadlock. if e, ok := ed.(*Enum); ok && e.L0.ParentFile == pf { @@ -567,9 +569,9 @@ func unmarshalDefault(b []byte, k pref.Kind, pf *File, ed pref.EnumDescriptor) d // If we are unable to resolve the enum dependency, use a placeholder // enum value since we will not be able to parse the default value. - if ed.IsPlaceholder() && pref.Name(b).IsValid() { - v := pref.ValueOfEnum(0) - ev := PlaceholderEnumValue(ed.FullName().Parent().Append(pref.Name(b))) + if ed.IsPlaceholder() && protoreflect.Name(b).IsValid() { + v := protoreflect.ValueOfEnum(0) + ev := PlaceholderEnumValue(ed.FullName().Parent().Append(protoreflect.Name(b))) return DefaultValue(v, ev) } } @@ -583,41 +585,41 @@ func unmarshalDefault(b []byte, k pref.Kind, pf *File, ed pref.EnumDescriptor) d type defaultValue struct { has bool - val pref.Value - enum pref.EnumValueDescriptor + val protoreflect.Value + enum protoreflect.EnumValueDescriptor bytes []byte } -func (dv *defaultValue) get(fd pref.FieldDescriptor) pref.Value { +func (dv *defaultValue) get(fd protoreflect.FieldDescriptor) protoreflect.Value { // Return the zero value as the default if unpopulated. if !dv.has { - if fd.Cardinality() == pref.Repeated { - return pref.Value{} + if fd.Cardinality() == protoreflect.Repeated { + return protoreflect.Value{} } switch fd.Kind() { - case pref.BoolKind: - return pref.ValueOfBool(false) - case pref.Int32Kind, pref.Sint32Kind, pref.Sfixed32Kind: - return pref.ValueOfInt32(0) - case pref.Int64Kind, pref.Sint64Kind, pref.Sfixed64Kind: - return pref.ValueOfInt64(0) - case pref.Uint32Kind, pref.Fixed32Kind: - return pref.ValueOfUint32(0) - case pref.Uint64Kind, pref.Fixed64Kind: - return pref.ValueOfUint64(0) - case pref.FloatKind: - return pref.ValueOfFloat32(0) - case pref.DoubleKind: - return pref.ValueOfFloat64(0) - case pref.StringKind: - return pref.ValueOfString("") - case pref.BytesKind: - return pref.ValueOfBytes(nil) - case pref.EnumKind: + case protoreflect.BoolKind: + return protoreflect.ValueOfBool(false) + case protoreflect.Int32Kind, protoreflect.Sint32Kind, protoreflect.Sfixed32Kind: + return protoreflect.ValueOfInt32(0) + case protoreflect.Int64Kind, protoreflect.Sint64Kind, protoreflect.Sfixed64Kind: + return protoreflect.ValueOfInt64(0) + case protoreflect.Uint32Kind, protoreflect.Fixed32Kind: + return protoreflect.ValueOfUint32(0) + case protoreflect.Uint64Kind, protoreflect.Fixed64Kind: + return protoreflect.ValueOfUint64(0) + case protoreflect.FloatKind: + return protoreflect.ValueOfFloat32(0) + case protoreflect.DoubleKind: + return protoreflect.ValueOfFloat64(0) + case protoreflect.StringKind: + return protoreflect.ValueOfString("") + case protoreflect.BytesKind: + return protoreflect.ValueOfBytes(nil) + case protoreflect.EnumKind: if evs := fd.Enum().Values(); evs.Len() > 0 { - return pref.ValueOfEnum(evs.Get(0).Number()) + return protoreflect.ValueOfEnum(evs.Get(0).Number()) } - return pref.ValueOfEnum(0) + return protoreflect.ValueOfEnum(0) } } diff --git a/vendor/google.golang.org/protobuf/internal/filedesc/desc_init.go b/vendor/google.golang.org/protobuf/internal/filedesc/desc_init.go index 66e1fee5224..4a1584c9d29 100644 --- a/vendor/google.golang.org/protobuf/internal/filedesc/desc_init.go +++ b/vendor/google.golang.org/protobuf/internal/filedesc/desc_init.go @@ -10,7 +10,7 @@ import ( "google.golang.org/protobuf/encoding/protowire" "google.golang.org/protobuf/internal/genid" "google.golang.org/protobuf/internal/strs" - pref "google.golang.org/protobuf/reflect/protoreflect" + "google.golang.org/protobuf/reflect/protoreflect" ) // fileRaw is a data struct used when initializing a file descriptor from @@ -95,7 +95,7 @@ func (fd *File) unmarshalSeed(b []byte) { sb := getBuilder() defer putBuilder(sb) - var prevField pref.FieldNumber + var prevField protoreflect.FieldNumber var numEnums, numMessages, numExtensions, numServices int var posEnums, posMessages, posExtensions, posServices int b0 := b @@ -110,16 +110,16 @@ func (fd *File) unmarshalSeed(b []byte) { case genid.FileDescriptorProto_Syntax_field_number: switch string(v) { case "proto2": - fd.L1.Syntax = pref.Proto2 + fd.L1.Syntax = protoreflect.Proto2 case "proto3": - fd.L1.Syntax = pref.Proto3 + fd.L1.Syntax = protoreflect.Proto3 default: panic("invalid syntax") } case genid.FileDescriptorProto_Name_field_number: fd.L1.Path = sb.MakeString(v) case genid.FileDescriptorProto_Package_field_number: - fd.L1.Package = pref.FullName(sb.MakeString(v)) + fd.L1.Package = protoreflect.FullName(sb.MakeString(v)) case genid.FileDescriptorProto_EnumType_field_number: if prevField != genid.FileDescriptorProto_EnumType_field_number { if numEnums > 0 { @@ -163,7 +163,7 @@ func (fd *File) unmarshalSeed(b []byte) { // If syntax is missing, it is assumed to be proto2. if fd.L1.Syntax == 0 { - fd.L1.Syntax = pref.Proto2 + fd.L1.Syntax = protoreflect.Proto2 } // Must allocate all declarations before parsing each descriptor type @@ -219,7 +219,7 @@ func (fd *File) unmarshalSeed(b []byte) { } } -func (ed *Enum) unmarshalSeed(b []byte, sb *strs.Builder, pf *File, pd pref.Descriptor, i int) { +func (ed *Enum) unmarshalSeed(b []byte, sb *strs.Builder, pf *File, pd protoreflect.Descriptor, i int) { ed.L0.ParentFile = pf ed.L0.Parent = pd ed.L0.Index = i @@ -271,12 +271,12 @@ func (ed *Enum) unmarshalSeed(b []byte, sb *strs.Builder, pf *File, pd pref.Desc } } -func (md *Message) unmarshalSeed(b []byte, sb *strs.Builder, pf *File, pd pref.Descriptor, i int) { +func (md *Message) unmarshalSeed(b []byte, sb *strs.Builder, pf *File, pd protoreflect.Descriptor, i int) { md.L0.ParentFile = pf md.L0.Parent = pd md.L0.Index = i - var prevField pref.FieldNumber + var prevField protoreflect.FieldNumber var numEnums, numMessages, numExtensions int var posEnums, posMessages, posExtensions int b0 := b @@ -387,7 +387,7 @@ func (md *Message) unmarshalSeedOptions(b []byte) { } } -func (xd *Extension) unmarshalSeed(b []byte, sb *strs.Builder, pf *File, pd pref.Descriptor, i int) { +func (xd *Extension) unmarshalSeed(b []byte, sb *strs.Builder, pf *File, pd protoreflect.Descriptor, i int) { xd.L0.ParentFile = pf xd.L0.Parent = pd xd.L0.Index = i @@ -401,11 +401,11 @@ func (xd *Extension) unmarshalSeed(b []byte, sb *strs.Builder, pf *File, pd pref b = b[m:] switch num { case genid.FieldDescriptorProto_Number_field_number: - xd.L1.Number = pref.FieldNumber(v) + xd.L1.Number = protoreflect.FieldNumber(v) case genid.FieldDescriptorProto_Label_field_number: - xd.L1.Cardinality = pref.Cardinality(v) + xd.L1.Cardinality = protoreflect.Cardinality(v) case genid.FieldDescriptorProto_Type_field_number: - xd.L1.Kind = pref.Kind(v) + xd.L1.Kind = protoreflect.Kind(v) } case protowire.BytesType: v, m := protowire.ConsumeBytes(b) @@ -423,7 +423,7 @@ func (xd *Extension) unmarshalSeed(b []byte, sb *strs.Builder, pf *File, pd pref } } -func (sd *Service) unmarshalSeed(b []byte, sb *strs.Builder, pf *File, pd pref.Descriptor, i int) { +func (sd *Service) unmarshalSeed(b []byte, sb *strs.Builder, pf *File, pd protoreflect.Descriptor, i int) { sd.L0.ParentFile = pf sd.L0.Parent = pd sd.L0.Index = i @@ -459,13 +459,13 @@ func putBuilder(b *strs.Builder) { // makeFullName converts b to a protoreflect.FullName, // where b must start with a leading dot. -func makeFullName(sb *strs.Builder, b []byte) pref.FullName { +func makeFullName(sb *strs.Builder, b []byte) protoreflect.FullName { if len(b) == 0 || b[0] != '.' { panic("name reference must be fully qualified") } - return pref.FullName(sb.MakeString(b[1:])) + return protoreflect.FullName(sb.MakeString(b[1:])) } -func appendFullName(sb *strs.Builder, prefix pref.FullName, suffix []byte) pref.FullName { - return sb.AppendFullName(prefix, pref.Name(strs.UnsafeString(suffix))) +func appendFullName(sb *strs.Builder, prefix protoreflect.FullName, suffix []byte) protoreflect.FullName { + return sb.AppendFullName(prefix, protoreflect.Name(strs.UnsafeString(suffix))) } diff --git a/vendor/google.golang.org/protobuf/internal/filedesc/desc_lazy.go b/vendor/google.golang.org/protobuf/internal/filedesc/desc_lazy.go index 198451e3ec9..736a19a75bc 100644 --- a/vendor/google.golang.org/protobuf/internal/filedesc/desc_lazy.go +++ b/vendor/google.golang.org/protobuf/internal/filedesc/desc_lazy.go @@ -13,7 +13,7 @@ import ( "google.golang.org/protobuf/internal/genid" "google.golang.org/protobuf/internal/strs" "google.golang.org/protobuf/proto" - pref "google.golang.org/protobuf/reflect/protoreflect" + "google.golang.org/protobuf/reflect/protoreflect" ) func (fd *File) lazyRawInit() { @@ -39,10 +39,10 @@ func (file *File) resolveMessages() { // Resolve message field dependency. switch fd.L1.Kind { - case pref.EnumKind: + case protoreflect.EnumKind: fd.L1.Enum = file.resolveEnumDependency(fd.L1.Enum, listFieldDeps, depIdx) depIdx++ - case pref.MessageKind, pref.GroupKind: + case protoreflect.MessageKind, protoreflect.GroupKind: fd.L1.Message = file.resolveMessageDependency(fd.L1.Message, listFieldDeps, depIdx) depIdx++ } @@ -62,10 +62,10 @@ func (file *File) resolveExtensions() { // Resolve extension field dependency. switch xd.L1.Kind { - case pref.EnumKind: + case protoreflect.EnumKind: xd.L2.Enum = file.resolveEnumDependency(xd.L2.Enum, listExtDeps, depIdx) depIdx++ - case pref.MessageKind, pref.GroupKind: + case protoreflect.MessageKind, protoreflect.GroupKind: xd.L2.Message = file.resolveMessageDependency(xd.L2.Message, listExtDeps, depIdx) depIdx++ } @@ -92,7 +92,7 @@ func (file *File) resolveServices() { } } -func (file *File) resolveEnumDependency(ed pref.EnumDescriptor, i, j int32) pref.EnumDescriptor { +func (file *File) resolveEnumDependency(ed protoreflect.EnumDescriptor, i, j int32) protoreflect.EnumDescriptor { r := file.builder.FileRegistry if r, ok := r.(resolverByIndex); ok { if ed2 := r.FindEnumByIndex(i, j, file.allEnums, file.allMessages); ed2 != nil { @@ -105,12 +105,12 @@ func (file *File) resolveEnumDependency(ed pref.EnumDescriptor, i, j int32) pref } } if d, _ := r.FindDescriptorByName(ed.FullName()); d != nil { - return d.(pref.EnumDescriptor) + return d.(protoreflect.EnumDescriptor) } return ed } -func (file *File) resolveMessageDependency(md pref.MessageDescriptor, i, j int32) pref.MessageDescriptor { +func (file *File) resolveMessageDependency(md protoreflect.MessageDescriptor, i, j int32) protoreflect.MessageDescriptor { r := file.builder.FileRegistry if r, ok := r.(resolverByIndex); ok { if md2 := r.FindMessageByIndex(i, j, file.allEnums, file.allMessages); md2 != nil { @@ -123,7 +123,7 @@ func (file *File) resolveMessageDependency(md pref.MessageDescriptor, i, j int32 } } if d, _ := r.FindDescriptorByName(md.FullName()); d != nil { - return d.(pref.MessageDescriptor) + return d.(protoreflect.MessageDescriptor) } return md } @@ -158,7 +158,7 @@ func (fd *File) unmarshalFull(b []byte) { if imp == nil { imp = PlaceholderFile(path) } - fd.L2.Imports = append(fd.L2.Imports, pref.FileImport{FileDescriptor: imp}) + fd.L2.Imports = append(fd.L2.Imports, protoreflect.FileImport{FileDescriptor: imp}) case genid.FileDescriptorProto_EnumType_field_number: fd.L1.Enums.List[enumIdx].unmarshalFull(v, sb) enumIdx++ @@ -199,7 +199,7 @@ func (ed *Enum) unmarshalFull(b []byte, sb *strs.Builder) { case genid.EnumDescriptorProto_Value_field_number: rawValues = append(rawValues, v) case genid.EnumDescriptorProto_ReservedName_field_number: - ed.L2.ReservedNames.List = append(ed.L2.ReservedNames.List, pref.Name(sb.MakeString(v))) + ed.L2.ReservedNames.List = append(ed.L2.ReservedNames.List, protoreflect.Name(sb.MakeString(v))) case genid.EnumDescriptorProto_ReservedRange_field_number: ed.L2.ReservedRanges.List = append(ed.L2.ReservedRanges.List, unmarshalEnumReservedRange(v)) case genid.EnumDescriptorProto_Options_field_number: @@ -219,7 +219,7 @@ func (ed *Enum) unmarshalFull(b []byte, sb *strs.Builder) { ed.L2.Options = ed.L0.ParentFile.builder.optionsUnmarshaler(&descopts.Enum, rawOptions) } -func unmarshalEnumReservedRange(b []byte) (r [2]pref.EnumNumber) { +func unmarshalEnumReservedRange(b []byte) (r [2]protoreflect.EnumNumber) { for len(b) > 0 { num, typ, n := protowire.ConsumeTag(b) b = b[n:] @@ -229,9 +229,9 @@ func unmarshalEnumReservedRange(b []byte) (r [2]pref.EnumNumber) { b = b[m:] switch num { case genid.EnumDescriptorProto_EnumReservedRange_Start_field_number: - r[0] = pref.EnumNumber(v) + r[0] = protoreflect.EnumNumber(v) case genid.EnumDescriptorProto_EnumReservedRange_End_field_number: - r[1] = pref.EnumNumber(v) + r[1] = protoreflect.EnumNumber(v) } default: m := protowire.ConsumeFieldValue(num, typ, b) @@ -241,7 +241,7 @@ func unmarshalEnumReservedRange(b []byte) (r [2]pref.EnumNumber) { return r } -func (vd *EnumValue) unmarshalFull(b []byte, sb *strs.Builder, pf *File, pd pref.Descriptor, i int) { +func (vd *EnumValue) unmarshalFull(b []byte, sb *strs.Builder, pf *File, pd protoreflect.Descriptor, i int) { vd.L0.ParentFile = pf vd.L0.Parent = pd vd.L0.Index = i @@ -256,7 +256,7 @@ func (vd *EnumValue) unmarshalFull(b []byte, sb *strs.Builder, pf *File, pd pref b = b[m:] switch num { case genid.EnumValueDescriptorProto_Number_field_number: - vd.L1.Number = pref.EnumNumber(v) + vd.L1.Number = protoreflect.EnumNumber(v) } case protowire.BytesType: v, m := protowire.ConsumeBytes(b) @@ -294,7 +294,7 @@ func (md *Message) unmarshalFull(b []byte, sb *strs.Builder) { case genid.DescriptorProto_OneofDecl_field_number: rawOneofs = append(rawOneofs, v) case genid.DescriptorProto_ReservedName_field_number: - md.L2.ReservedNames.List = append(md.L2.ReservedNames.List, pref.Name(sb.MakeString(v))) + md.L2.ReservedNames.List = append(md.L2.ReservedNames.List, protoreflect.Name(sb.MakeString(v))) case genid.DescriptorProto_ReservedRange_field_number: md.L2.ReservedRanges.List = append(md.L2.ReservedRanges.List, unmarshalMessageReservedRange(v)) case genid.DescriptorProto_ExtensionRange_field_number: @@ -326,7 +326,7 @@ func (md *Message) unmarshalFull(b []byte, sb *strs.Builder) { for i, b := range rawFields { fd := &md.L2.Fields.List[i] fd.unmarshalFull(b, sb, md.L0.ParentFile, md, i) - if fd.L1.Cardinality == pref.Required { + if fd.L1.Cardinality == protoreflect.Required { md.L2.RequiredNumbers.List = append(md.L2.RequiredNumbers.List, fd.L1.Number) } } @@ -359,7 +359,7 @@ func (md *Message) unmarshalOptions(b []byte) { } } -func unmarshalMessageReservedRange(b []byte) (r [2]pref.FieldNumber) { +func unmarshalMessageReservedRange(b []byte) (r [2]protoreflect.FieldNumber) { for len(b) > 0 { num, typ, n := protowire.ConsumeTag(b) b = b[n:] @@ -369,9 +369,9 @@ func unmarshalMessageReservedRange(b []byte) (r [2]pref.FieldNumber) { b = b[m:] switch num { case genid.DescriptorProto_ReservedRange_Start_field_number: - r[0] = pref.FieldNumber(v) + r[0] = protoreflect.FieldNumber(v) case genid.DescriptorProto_ReservedRange_End_field_number: - r[1] = pref.FieldNumber(v) + r[1] = protoreflect.FieldNumber(v) } default: m := protowire.ConsumeFieldValue(num, typ, b) @@ -381,7 +381,7 @@ func unmarshalMessageReservedRange(b []byte) (r [2]pref.FieldNumber) { return r } -func unmarshalMessageExtensionRange(b []byte) (r [2]pref.FieldNumber, rawOptions []byte) { +func unmarshalMessageExtensionRange(b []byte) (r [2]protoreflect.FieldNumber, rawOptions []byte) { for len(b) > 0 { num, typ, n := protowire.ConsumeTag(b) b = b[n:] @@ -391,9 +391,9 @@ func unmarshalMessageExtensionRange(b []byte) (r [2]pref.FieldNumber, rawOptions b = b[m:] switch num { case genid.DescriptorProto_ExtensionRange_Start_field_number: - r[0] = pref.FieldNumber(v) + r[0] = protoreflect.FieldNumber(v) case genid.DescriptorProto_ExtensionRange_End_field_number: - r[1] = pref.FieldNumber(v) + r[1] = protoreflect.FieldNumber(v) } case protowire.BytesType: v, m := protowire.ConsumeBytes(b) @@ -410,7 +410,7 @@ func unmarshalMessageExtensionRange(b []byte) (r [2]pref.FieldNumber, rawOptions return r, rawOptions } -func (fd *Field) unmarshalFull(b []byte, sb *strs.Builder, pf *File, pd pref.Descriptor, i int) { +func (fd *Field) unmarshalFull(b []byte, sb *strs.Builder, pf *File, pd protoreflect.Descriptor, i int) { fd.L0.ParentFile = pf fd.L0.Parent = pd fd.L0.Index = i @@ -426,11 +426,11 @@ func (fd *Field) unmarshalFull(b []byte, sb *strs.Builder, pf *File, pd pref.Des b = b[m:] switch num { case genid.FieldDescriptorProto_Number_field_number: - fd.L1.Number = pref.FieldNumber(v) + fd.L1.Number = protoreflect.FieldNumber(v) case genid.FieldDescriptorProto_Label_field_number: - fd.L1.Cardinality = pref.Cardinality(v) + fd.L1.Cardinality = protoreflect.Cardinality(v) case genid.FieldDescriptorProto_Type_field_number: - fd.L1.Kind = pref.Kind(v) + fd.L1.Kind = protoreflect.Kind(v) case genid.FieldDescriptorProto_OneofIndex_field_number: // In Message.unmarshalFull, we allocate slices for both // the field and oneof descriptors before unmarshaling either @@ -453,7 +453,7 @@ func (fd *Field) unmarshalFull(b []byte, sb *strs.Builder, pf *File, pd pref.Des case genid.FieldDescriptorProto_JsonName_field_number: fd.L1.StringName.InitJSON(sb.MakeString(v)) case genid.FieldDescriptorProto_DefaultValue_field_number: - fd.L1.Default.val = pref.ValueOfBytes(v) // temporarily store as bytes; later resolved in resolveMessages + fd.L1.Default.val = protoreflect.ValueOfBytes(v) // temporarily store as bytes; later resolved in resolveMessages case genid.FieldDescriptorProto_TypeName_field_number: rawTypeName = v case genid.FieldDescriptorProto_Options_field_number: @@ -468,9 +468,9 @@ func (fd *Field) unmarshalFull(b []byte, sb *strs.Builder, pf *File, pd pref.Des if rawTypeName != nil { name := makeFullName(sb, rawTypeName) switch fd.L1.Kind { - case pref.EnumKind: + case protoreflect.EnumKind: fd.L1.Enum = PlaceholderEnum(name) - case pref.MessageKind, pref.GroupKind: + case protoreflect.MessageKind, protoreflect.GroupKind: fd.L1.Message = PlaceholderMessage(name) } } @@ -504,7 +504,7 @@ func (fd *Field) unmarshalOptions(b []byte) { } } -func (od *Oneof) unmarshalFull(b []byte, sb *strs.Builder, pf *File, pd pref.Descriptor, i int) { +func (od *Oneof) unmarshalFull(b []byte, sb *strs.Builder, pf *File, pd protoreflect.Descriptor, i int) { od.L0.ParentFile = pf od.L0.Parent = pd od.L0.Index = i @@ -553,7 +553,7 @@ func (xd *Extension) unmarshalFull(b []byte, sb *strs.Builder) { case genid.FieldDescriptorProto_JsonName_field_number: xd.L2.StringName.InitJSON(sb.MakeString(v)) case genid.FieldDescriptorProto_DefaultValue_field_number: - xd.L2.Default.val = pref.ValueOfBytes(v) // temporarily store as bytes; later resolved in resolveExtensions + xd.L2.Default.val = protoreflect.ValueOfBytes(v) // temporarily store as bytes; later resolved in resolveExtensions case genid.FieldDescriptorProto_TypeName_field_number: rawTypeName = v case genid.FieldDescriptorProto_Options_field_number: @@ -568,9 +568,9 @@ func (xd *Extension) unmarshalFull(b []byte, sb *strs.Builder) { if rawTypeName != nil { name := makeFullName(sb, rawTypeName) switch xd.L1.Kind { - case pref.EnumKind: + case protoreflect.EnumKind: xd.L2.Enum = PlaceholderEnum(name) - case pref.MessageKind, pref.GroupKind: + case protoreflect.MessageKind, protoreflect.GroupKind: xd.L2.Message = PlaceholderMessage(name) } } @@ -627,7 +627,7 @@ func (sd *Service) unmarshalFull(b []byte, sb *strs.Builder) { sd.L2.Options = sd.L0.ParentFile.builder.optionsUnmarshaler(&descopts.Service, rawOptions) } -func (md *Method) unmarshalFull(b []byte, sb *strs.Builder, pf *File, pd pref.Descriptor, i int) { +func (md *Method) unmarshalFull(b []byte, sb *strs.Builder, pf *File, pd protoreflect.Descriptor, i int) { md.L0.ParentFile = pf md.L0.Parent = pd md.L0.Index = i @@ -680,18 +680,18 @@ func appendOptions(dst, src []byte) []byte { // // The type of message to unmarshal to is passed as a pointer since the // vars in descopts may not yet be populated at the time this function is called. -func (db *Builder) optionsUnmarshaler(p *pref.ProtoMessage, b []byte) func() pref.ProtoMessage { +func (db *Builder) optionsUnmarshaler(p *protoreflect.ProtoMessage, b []byte) func() protoreflect.ProtoMessage { if b == nil { return nil } - var opts pref.ProtoMessage + var opts protoreflect.ProtoMessage var once sync.Once - return func() pref.ProtoMessage { + return func() protoreflect.ProtoMessage { once.Do(func() { if *p == nil { panic("Descriptor.Options called without importing the descriptor package") } - opts = reflect.New(reflect.TypeOf(*p).Elem()).Interface().(pref.ProtoMessage) + opts = reflect.New(reflect.TypeOf(*p).Elem()).Interface().(protoreflect.ProtoMessage) if err := (proto.UnmarshalOptions{ AllowPartial: true, Resolver: db.TypeResolver, diff --git a/vendor/google.golang.org/protobuf/internal/filedesc/desc_list.go b/vendor/google.golang.org/protobuf/internal/filedesc/desc_list.go index aa294fff99a..e3b6587da63 100644 --- a/vendor/google.golang.org/protobuf/internal/filedesc/desc_list.go +++ b/vendor/google.golang.org/protobuf/internal/filedesc/desc_list.go @@ -17,31 +17,30 @@ import ( "google.golang.org/protobuf/internal/errors" "google.golang.org/protobuf/internal/pragma" "google.golang.org/protobuf/reflect/protoreflect" - pref "google.golang.org/protobuf/reflect/protoreflect" ) -type FileImports []pref.FileImport +type FileImports []protoreflect.FileImport func (p *FileImports) Len() int { return len(*p) } -func (p *FileImports) Get(i int) pref.FileImport { return (*p)[i] } +func (p *FileImports) Get(i int) protoreflect.FileImport { return (*p)[i] } func (p *FileImports) Format(s fmt.State, r rune) { descfmt.FormatList(s, r, p) } func (p *FileImports) ProtoInternal(pragma.DoNotImplement) {} type Names struct { - List []pref.Name + List []protoreflect.Name once sync.Once - has map[pref.Name]int // protected by once + has map[protoreflect.Name]int // protected by once } func (p *Names) Len() int { return len(p.List) } -func (p *Names) Get(i int) pref.Name { return p.List[i] } -func (p *Names) Has(s pref.Name) bool { return p.lazyInit().has[s] > 0 } +func (p *Names) Get(i int) protoreflect.Name { return p.List[i] } +func (p *Names) Has(s protoreflect.Name) bool { return p.lazyInit().has[s] > 0 } func (p *Names) Format(s fmt.State, r rune) { descfmt.FormatList(s, r, p) } func (p *Names) ProtoInternal(pragma.DoNotImplement) {} func (p *Names) lazyInit() *Names { p.once.Do(func() { if len(p.List) > 0 { - p.has = make(map[pref.Name]int, len(p.List)) + p.has = make(map[protoreflect.Name]int, len(p.List)) for _, s := range p.List { p.has[s] = p.has[s] + 1 } @@ -67,14 +66,14 @@ func (p *Names) CheckValid() error { } type EnumRanges struct { - List [][2]pref.EnumNumber // start inclusive; end inclusive + List [][2]protoreflect.EnumNumber // start inclusive; end inclusive once sync.Once - sorted [][2]pref.EnumNumber // protected by once + sorted [][2]protoreflect.EnumNumber // protected by once } -func (p *EnumRanges) Len() int { return len(p.List) } -func (p *EnumRanges) Get(i int) [2]pref.EnumNumber { return p.List[i] } -func (p *EnumRanges) Has(n pref.EnumNumber) bool { +func (p *EnumRanges) Len() int { return len(p.List) } +func (p *EnumRanges) Get(i int) [2]protoreflect.EnumNumber { return p.List[i] } +func (p *EnumRanges) Has(n protoreflect.EnumNumber) bool { for ls := p.lazyInit().sorted; len(ls) > 0; { i := len(ls) / 2 switch r := enumRange(ls[i]); { @@ -129,14 +128,14 @@ func (r enumRange) String() string { } type FieldRanges struct { - List [][2]pref.FieldNumber // start inclusive; end exclusive + List [][2]protoreflect.FieldNumber // start inclusive; end exclusive once sync.Once - sorted [][2]pref.FieldNumber // protected by once + sorted [][2]protoreflect.FieldNumber // protected by once } -func (p *FieldRanges) Len() int { return len(p.List) } -func (p *FieldRanges) Get(i int) [2]pref.FieldNumber { return p.List[i] } -func (p *FieldRanges) Has(n pref.FieldNumber) bool { +func (p *FieldRanges) Len() int { return len(p.List) } +func (p *FieldRanges) Get(i int) [2]protoreflect.FieldNumber { return p.List[i] } +func (p *FieldRanges) Has(n protoreflect.FieldNumber) bool { for ls := p.lazyInit().sorted; len(ls) > 0; { i := len(ls) / 2 switch r := fieldRange(ls[i]); { @@ -221,17 +220,17 @@ func (r fieldRange) String() string { } type FieldNumbers struct { - List []pref.FieldNumber + List []protoreflect.FieldNumber once sync.Once - has map[pref.FieldNumber]struct{} // protected by once + has map[protoreflect.FieldNumber]struct{} // protected by once } -func (p *FieldNumbers) Len() int { return len(p.List) } -func (p *FieldNumbers) Get(i int) pref.FieldNumber { return p.List[i] } -func (p *FieldNumbers) Has(n pref.FieldNumber) bool { +func (p *FieldNumbers) Len() int { return len(p.List) } +func (p *FieldNumbers) Get(i int) protoreflect.FieldNumber { return p.List[i] } +func (p *FieldNumbers) Has(n protoreflect.FieldNumber) bool { p.once.Do(func() { if len(p.List) > 0 { - p.has = make(map[pref.FieldNumber]struct{}, len(p.List)) + p.has = make(map[protoreflect.FieldNumber]struct{}, len(p.List)) for _, n := range p.List { p.has[n] = struct{}{} } @@ -244,30 +243,38 @@ func (p *FieldNumbers) Format(s fmt.State, r rune) { descfmt.FormatList func (p *FieldNumbers) ProtoInternal(pragma.DoNotImplement) {} type OneofFields struct { - List []pref.FieldDescriptor + List []protoreflect.FieldDescriptor once sync.Once - byName map[pref.Name]pref.FieldDescriptor // protected by once - byJSON map[string]pref.FieldDescriptor // protected by once - byText map[string]pref.FieldDescriptor // protected by once - byNum map[pref.FieldNumber]pref.FieldDescriptor // protected by once + byName map[protoreflect.Name]protoreflect.FieldDescriptor // protected by once + byJSON map[string]protoreflect.FieldDescriptor // protected by once + byText map[string]protoreflect.FieldDescriptor // protected by once + byNum map[protoreflect.FieldNumber]protoreflect.FieldDescriptor // protected by once } -func (p *OneofFields) Len() int { return len(p.List) } -func (p *OneofFields) Get(i int) pref.FieldDescriptor { return p.List[i] } -func (p *OneofFields) ByName(s pref.Name) pref.FieldDescriptor { return p.lazyInit().byName[s] } -func (p *OneofFields) ByJSONName(s string) pref.FieldDescriptor { return p.lazyInit().byJSON[s] } -func (p *OneofFields) ByTextName(s string) pref.FieldDescriptor { return p.lazyInit().byText[s] } -func (p *OneofFields) ByNumber(n pref.FieldNumber) pref.FieldDescriptor { return p.lazyInit().byNum[n] } -func (p *OneofFields) Format(s fmt.State, r rune) { descfmt.FormatList(s, r, p) } -func (p *OneofFields) ProtoInternal(pragma.DoNotImplement) {} +func (p *OneofFields) Len() int { return len(p.List) } +func (p *OneofFields) Get(i int) protoreflect.FieldDescriptor { return p.List[i] } +func (p *OneofFields) ByName(s protoreflect.Name) protoreflect.FieldDescriptor { + return p.lazyInit().byName[s] +} +func (p *OneofFields) ByJSONName(s string) protoreflect.FieldDescriptor { + return p.lazyInit().byJSON[s] +} +func (p *OneofFields) ByTextName(s string) protoreflect.FieldDescriptor { + return p.lazyInit().byText[s] +} +func (p *OneofFields) ByNumber(n protoreflect.FieldNumber) protoreflect.FieldDescriptor { + return p.lazyInit().byNum[n] +} +func (p *OneofFields) Format(s fmt.State, r rune) { descfmt.FormatList(s, r, p) } +func (p *OneofFields) ProtoInternal(pragma.DoNotImplement) {} func (p *OneofFields) lazyInit() *OneofFields { p.once.Do(func() { if len(p.List) > 0 { - p.byName = make(map[pref.Name]pref.FieldDescriptor, len(p.List)) - p.byJSON = make(map[string]pref.FieldDescriptor, len(p.List)) - p.byText = make(map[string]pref.FieldDescriptor, len(p.List)) - p.byNum = make(map[pref.FieldNumber]pref.FieldDescriptor, len(p.List)) + p.byName = make(map[protoreflect.Name]protoreflect.FieldDescriptor, len(p.List)) + p.byJSON = make(map[string]protoreflect.FieldDescriptor, len(p.List)) + p.byText = make(map[string]protoreflect.FieldDescriptor, len(p.List)) + p.byNum = make(map[protoreflect.FieldNumber]protoreflect.FieldDescriptor, len(p.List)) for _, f := range p.List { // Field names and numbers are guaranteed to be unique. p.byName[f.Name()] = f @@ -284,123 +291,123 @@ type SourceLocations struct { // List is a list of SourceLocations. // The SourceLocation.Next field does not need to be populated // as it will be lazily populated upon first need. - List []pref.SourceLocation + List []protoreflect.SourceLocation // File is the parent file descriptor that these locations are relative to. // If non-nil, ByDescriptor verifies that the provided descriptor // is a child of this file descriptor. - File pref.FileDescriptor + File protoreflect.FileDescriptor once sync.Once byPath map[pathKey]int } -func (p *SourceLocations) Len() int { return len(p.List) } -func (p *SourceLocations) Get(i int) pref.SourceLocation { return p.lazyInit().List[i] } -func (p *SourceLocations) byKey(k pathKey) pref.SourceLocation { +func (p *SourceLocations) Len() int { return len(p.List) } +func (p *SourceLocations) Get(i int) protoreflect.SourceLocation { return p.lazyInit().List[i] } +func (p *SourceLocations) byKey(k pathKey) protoreflect.SourceLocation { if i, ok := p.lazyInit().byPath[k]; ok { return p.List[i] } - return pref.SourceLocation{} + return protoreflect.SourceLocation{} } -func (p *SourceLocations) ByPath(path pref.SourcePath) pref.SourceLocation { +func (p *SourceLocations) ByPath(path protoreflect.SourcePath) protoreflect.SourceLocation { return p.byKey(newPathKey(path)) } -func (p *SourceLocations) ByDescriptor(desc pref.Descriptor) pref.SourceLocation { +func (p *SourceLocations) ByDescriptor(desc protoreflect.Descriptor) protoreflect.SourceLocation { if p.File != nil && desc != nil && p.File != desc.ParentFile() { - return pref.SourceLocation{} // mismatching parent files + return protoreflect.SourceLocation{} // mismatching parent files } var pathArr [16]int32 path := pathArr[:0] for { switch desc.(type) { - case pref.FileDescriptor: + case protoreflect.FileDescriptor: // Reverse the path since it was constructed in reverse. for i, j := 0, len(path)-1; i < j; i, j = i+1, j-1 { path[i], path[j] = path[j], path[i] } return p.byKey(newPathKey(path)) - case pref.MessageDescriptor: + case protoreflect.MessageDescriptor: path = append(path, int32(desc.Index())) desc = desc.Parent() switch desc.(type) { - case pref.FileDescriptor: + case protoreflect.FileDescriptor: path = append(path, int32(genid.FileDescriptorProto_MessageType_field_number)) - case pref.MessageDescriptor: + case protoreflect.MessageDescriptor: path = append(path, int32(genid.DescriptorProto_NestedType_field_number)) default: - return pref.SourceLocation{} + return protoreflect.SourceLocation{} } - case pref.FieldDescriptor: - isExtension := desc.(pref.FieldDescriptor).IsExtension() + case protoreflect.FieldDescriptor: + isExtension := desc.(protoreflect.FieldDescriptor).IsExtension() path = append(path, int32(desc.Index())) desc = desc.Parent() if isExtension { switch desc.(type) { - case pref.FileDescriptor: + case protoreflect.FileDescriptor: path = append(path, int32(genid.FileDescriptorProto_Extension_field_number)) - case pref.MessageDescriptor: + case protoreflect.MessageDescriptor: path = append(path, int32(genid.DescriptorProto_Extension_field_number)) default: - return pref.SourceLocation{} + return protoreflect.SourceLocation{} } } else { switch desc.(type) { - case pref.MessageDescriptor: + case protoreflect.MessageDescriptor: path = append(path, int32(genid.DescriptorProto_Field_field_number)) default: - return pref.SourceLocation{} + return protoreflect.SourceLocation{} } } - case pref.OneofDescriptor: + case protoreflect.OneofDescriptor: path = append(path, int32(desc.Index())) desc = desc.Parent() switch desc.(type) { - case pref.MessageDescriptor: + case protoreflect.MessageDescriptor: path = append(path, int32(genid.DescriptorProto_OneofDecl_field_number)) default: - return pref.SourceLocation{} + return protoreflect.SourceLocation{} } - case pref.EnumDescriptor: + case protoreflect.EnumDescriptor: path = append(path, int32(desc.Index())) desc = desc.Parent() switch desc.(type) { - case pref.FileDescriptor: + case protoreflect.FileDescriptor: path = append(path, int32(genid.FileDescriptorProto_EnumType_field_number)) - case pref.MessageDescriptor: + case protoreflect.MessageDescriptor: path = append(path, int32(genid.DescriptorProto_EnumType_field_number)) default: - return pref.SourceLocation{} + return protoreflect.SourceLocation{} } - case pref.EnumValueDescriptor: + case protoreflect.EnumValueDescriptor: path = append(path, int32(desc.Index())) desc = desc.Parent() switch desc.(type) { - case pref.EnumDescriptor: + case protoreflect.EnumDescriptor: path = append(path, int32(genid.EnumDescriptorProto_Value_field_number)) default: - return pref.SourceLocation{} + return protoreflect.SourceLocation{} } - case pref.ServiceDescriptor: + case protoreflect.ServiceDescriptor: path = append(path, int32(desc.Index())) desc = desc.Parent() switch desc.(type) { - case pref.FileDescriptor: + case protoreflect.FileDescriptor: path = append(path, int32(genid.FileDescriptorProto_Service_field_number)) default: - return pref.SourceLocation{} + return protoreflect.SourceLocation{} } - case pref.MethodDescriptor: + case protoreflect.MethodDescriptor: path = append(path, int32(desc.Index())) desc = desc.Parent() switch desc.(type) { - case pref.ServiceDescriptor: + case protoreflect.ServiceDescriptor: path = append(path, int32(genid.ServiceDescriptorProto_Method_field_number)) default: - return pref.SourceLocation{} + return protoreflect.SourceLocation{} } default: - return pref.SourceLocation{} + return protoreflect.SourceLocation{} } } } @@ -435,7 +442,7 @@ type pathKey struct { str string // used if the path does not fit in arr } -func newPathKey(p pref.SourcePath) (k pathKey) { +func newPathKey(p protoreflect.SourcePath) (k pathKey) { if len(p) < len(k.arr) { for i, ps := range p { if ps < 0 || math.MaxUint8 <= ps { diff --git a/vendor/google.golang.org/protobuf/internal/filedesc/placeholder.go b/vendor/google.golang.org/protobuf/internal/filedesc/placeholder.go index dbf2c605bfe..28240ebc5c4 100644 --- a/vendor/google.golang.org/protobuf/internal/filedesc/placeholder.go +++ b/vendor/google.golang.org/protobuf/internal/filedesc/placeholder.go @@ -7,7 +7,7 @@ package filedesc import ( "google.golang.org/protobuf/internal/descopts" "google.golang.org/protobuf/internal/pragma" - pref "google.golang.org/protobuf/reflect/protoreflect" + "google.golang.org/protobuf/reflect/protoreflect" ) var ( @@ -30,78 +30,80 @@ var ( // PlaceholderFile is a placeholder, representing only the file path. type PlaceholderFile string -func (f PlaceholderFile) ParentFile() pref.FileDescriptor { return f } -func (f PlaceholderFile) Parent() pref.Descriptor { return nil } -func (f PlaceholderFile) Index() int { return 0 } -func (f PlaceholderFile) Syntax() pref.Syntax { return 0 } -func (f PlaceholderFile) Name() pref.Name { return "" } -func (f PlaceholderFile) FullName() pref.FullName { return "" } -func (f PlaceholderFile) IsPlaceholder() bool { return true } -func (f PlaceholderFile) Options() pref.ProtoMessage { return descopts.File } -func (f PlaceholderFile) Path() string { return string(f) } -func (f PlaceholderFile) Package() pref.FullName { return "" } -func (f PlaceholderFile) Imports() pref.FileImports { return emptyFiles } -func (f PlaceholderFile) Messages() pref.MessageDescriptors { return emptyMessages } -func (f PlaceholderFile) Enums() pref.EnumDescriptors { return emptyEnums } -func (f PlaceholderFile) Extensions() pref.ExtensionDescriptors { return emptyExtensions } -func (f PlaceholderFile) Services() pref.ServiceDescriptors { return emptyServices } -func (f PlaceholderFile) SourceLocations() pref.SourceLocations { return emptySourceLocations } -func (f PlaceholderFile) ProtoType(pref.FileDescriptor) { return } -func (f PlaceholderFile) ProtoInternal(pragma.DoNotImplement) { return } +func (f PlaceholderFile) ParentFile() protoreflect.FileDescriptor { return f } +func (f PlaceholderFile) Parent() protoreflect.Descriptor { return nil } +func (f PlaceholderFile) Index() int { return 0 } +func (f PlaceholderFile) Syntax() protoreflect.Syntax { return 0 } +func (f PlaceholderFile) Name() protoreflect.Name { return "" } +func (f PlaceholderFile) FullName() protoreflect.FullName { return "" } +func (f PlaceholderFile) IsPlaceholder() bool { return true } +func (f PlaceholderFile) Options() protoreflect.ProtoMessage { return descopts.File } +func (f PlaceholderFile) Path() string { return string(f) } +func (f PlaceholderFile) Package() protoreflect.FullName { return "" } +func (f PlaceholderFile) Imports() protoreflect.FileImports { return emptyFiles } +func (f PlaceholderFile) Messages() protoreflect.MessageDescriptors { return emptyMessages } +func (f PlaceholderFile) Enums() protoreflect.EnumDescriptors { return emptyEnums } +func (f PlaceholderFile) Extensions() protoreflect.ExtensionDescriptors { return emptyExtensions } +func (f PlaceholderFile) Services() protoreflect.ServiceDescriptors { return emptyServices } +func (f PlaceholderFile) SourceLocations() protoreflect.SourceLocations { return emptySourceLocations } +func (f PlaceholderFile) ProtoType(protoreflect.FileDescriptor) { return } +func (f PlaceholderFile) ProtoInternal(pragma.DoNotImplement) { return } // PlaceholderEnum is a placeholder, representing only the full name. -type PlaceholderEnum pref.FullName +type PlaceholderEnum protoreflect.FullName -func (e PlaceholderEnum) ParentFile() pref.FileDescriptor { return nil } -func (e PlaceholderEnum) Parent() pref.Descriptor { return nil } -func (e PlaceholderEnum) Index() int { return 0 } -func (e PlaceholderEnum) Syntax() pref.Syntax { return 0 } -func (e PlaceholderEnum) Name() pref.Name { return pref.FullName(e).Name() } -func (e PlaceholderEnum) FullName() pref.FullName { return pref.FullName(e) } -func (e PlaceholderEnum) IsPlaceholder() bool { return true } -func (e PlaceholderEnum) Options() pref.ProtoMessage { return descopts.Enum } -func (e PlaceholderEnum) Values() pref.EnumValueDescriptors { return emptyEnumValues } -func (e PlaceholderEnum) ReservedNames() pref.Names { return emptyNames } -func (e PlaceholderEnum) ReservedRanges() pref.EnumRanges { return emptyEnumRanges } -func (e PlaceholderEnum) ProtoType(pref.EnumDescriptor) { return } -func (e PlaceholderEnum) ProtoInternal(pragma.DoNotImplement) { return } +func (e PlaceholderEnum) ParentFile() protoreflect.FileDescriptor { return nil } +func (e PlaceholderEnum) Parent() protoreflect.Descriptor { return nil } +func (e PlaceholderEnum) Index() int { return 0 } +func (e PlaceholderEnum) Syntax() protoreflect.Syntax { return 0 } +func (e PlaceholderEnum) Name() protoreflect.Name { return protoreflect.FullName(e).Name() } +func (e PlaceholderEnum) FullName() protoreflect.FullName { return protoreflect.FullName(e) } +func (e PlaceholderEnum) IsPlaceholder() bool { return true } +func (e PlaceholderEnum) Options() protoreflect.ProtoMessage { return descopts.Enum } +func (e PlaceholderEnum) Values() protoreflect.EnumValueDescriptors { return emptyEnumValues } +func (e PlaceholderEnum) ReservedNames() protoreflect.Names { return emptyNames } +func (e PlaceholderEnum) ReservedRanges() protoreflect.EnumRanges { return emptyEnumRanges } +func (e PlaceholderEnum) ProtoType(protoreflect.EnumDescriptor) { return } +func (e PlaceholderEnum) ProtoInternal(pragma.DoNotImplement) { return } // PlaceholderEnumValue is a placeholder, representing only the full name. -type PlaceholderEnumValue pref.FullName +type PlaceholderEnumValue protoreflect.FullName -func (e PlaceholderEnumValue) ParentFile() pref.FileDescriptor { return nil } -func (e PlaceholderEnumValue) Parent() pref.Descriptor { return nil } -func (e PlaceholderEnumValue) Index() int { return 0 } -func (e PlaceholderEnumValue) Syntax() pref.Syntax { return 0 } -func (e PlaceholderEnumValue) Name() pref.Name { return pref.FullName(e).Name() } -func (e PlaceholderEnumValue) FullName() pref.FullName { return pref.FullName(e) } -func (e PlaceholderEnumValue) IsPlaceholder() bool { return true } -func (e PlaceholderEnumValue) Options() pref.ProtoMessage { return descopts.EnumValue } -func (e PlaceholderEnumValue) Number() pref.EnumNumber { return 0 } -func (e PlaceholderEnumValue) ProtoType(pref.EnumValueDescriptor) { return } -func (e PlaceholderEnumValue) ProtoInternal(pragma.DoNotImplement) { return } +func (e PlaceholderEnumValue) ParentFile() protoreflect.FileDescriptor { return nil } +func (e PlaceholderEnumValue) Parent() protoreflect.Descriptor { return nil } +func (e PlaceholderEnumValue) Index() int { return 0 } +func (e PlaceholderEnumValue) Syntax() protoreflect.Syntax { return 0 } +func (e PlaceholderEnumValue) Name() protoreflect.Name { return protoreflect.FullName(e).Name() } +func (e PlaceholderEnumValue) FullName() protoreflect.FullName { return protoreflect.FullName(e) } +func (e PlaceholderEnumValue) IsPlaceholder() bool { return true } +func (e PlaceholderEnumValue) Options() protoreflect.ProtoMessage { return descopts.EnumValue } +func (e PlaceholderEnumValue) Number() protoreflect.EnumNumber { return 0 } +func (e PlaceholderEnumValue) ProtoType(protoreflect.EnumValueDescriptor) { return } +func (e PlaceholderEnumValue) ProtoInternal(pragma.DoNotImplement) { return } // PlaceholderMessage is a placeholder, representing only the full name. -type PlaceholderMessage pref.FullName +type PlaceholderMessage protoreflect.FullName -func (m PlaceholderMessage) ParentFile() pref.FileDescriptor { return nil } -func (m PlaceholderMessage) Parent() pref.Descriptor { return nil } -func (m PlaceholderMessage) Index() int { return 0 } -func (m PlaceholderMessage) Syntax() pref.Syntax { return 0 } -func (m PlaceholderMessage) Name() pref.Name { return pref.FullName(m).Name() } -func (m PlaceholderMessage) FullName() pref.FullName { return pref.FullName(m) } -func (m PlaceholderMessage) IsPlaceholder() bool { return true } -func (m PlaceholderMessage) Options() pref.ProtoMessage { return descopts.Message } -func (m PlaceholderMessage) IsMapEntry() bool { return false } -func (m PlaceholderMessage) Fields() pref.FieldDescriptors { return emptyFields } -func (m PlaceholderMessage) Oneofs() pref.OneofDescriptors { return emptyOneofs } -func (m PlaceholderMessage) ReservedNames() pref.Names { return emptyNames } -func (m PlaceholderMessage) ReservedRanges() pref.FieldRanges { return emptyFieldRanges } -func (m PlaceholderMessage) RequiredNumbers() pref.FieldNumbers { return emptyFieldNumbers } -func (m PlaceholderMessage) ExtensionRanges() pref.FieldRanges { return emptyFieldRanges } -func (m PlaceholderMessage) ExtensionRangeOptions(int) pref.ProtoMessage { panic("index out of range") } -func (m PlaceholderMessage) Messages() pref.MessageDescriptors { return emptyMessages } -func (m PlaceholderMessage) Enums() pref.EnumDescriptors { return emptyEnums } -func (m PlaceholderMessage) Extensions() pref.ExtensionDescriptors { return emptyExtensions } -func (m PlaceholderMessage) ProtoType(pref.MessageDescriptor) { return } -func (m PlaceholderMessage) ProtoInternal(pragma.DoNotImplement) { return } +func (m PlaceholderMessage) ParentFile() protoreflect.FileDescriptor { return nil } +func (m PlaceholderMessage) Parent() protoreflect.Descriptor { return nil } +func (m PlaceholderMessage) Index() int { return 0 } +func (m PlaceholderMessage) Syntax() protoreflect.Syntax { return 0 } +func (m PlaceholderMessage) Name() protoreflect.Name { return protoreflect.FullName(m).Name() } +func (m PlaceholderMessage) FullName() protoreflect.FullName { return protoreflect.FullName(m) } +func (m PlaceholderMessage) IsPlaceholder() bool { return true } +func (m PlaceholderMessage) Options() protoreflect.ProtoMessage { return descopts.Message } +func (m PlaceholderMessage) IsMapEntry() bool { return false } +func (m PlaceholderMessage) Fields() protoreflect.FieldDescriptors { return emptyFields } +func (m PlaceholderMessage) Oneofs() protoreflect.OneofDescriptors { return emptyOneofs } +func (m PlaceholderMessage) ReservedNames() protoreflect.Names { return emptyNames } +func (m PlaceholderMessage) ReservedRanges() protoreflect.FieldRanges { return emptyFieldRanges } +func (m PlaceholderMessage) RequiredNumbers() protoreflect.FieldNumbers { return emptyFieldNumbers } +func (m PlaceholderMessage) ExtensionRanges() protoreflect.FieldRanges { return emptyFieldRanges } +func (m PlaceholderMessage) ExtensionRangeOptions(int) protoreflect.ProtoMessage { + panic("index out of range") +} +func (m PlaceholderMessage) Messages() protoreflect.MessageDescriptors { return emptyMessages } +func (m PlaceholderMessage) Enums() protoreflect.EnumDescriptors { return emptyEnums } +func (m PlaceholderMessage) Extensions() protoreflect.ExtensionDescriptors { return emptyExtensions } +func (m PlaceholderMessage) ProtoType(protoreflect.MessageDescriptor) { return } +func (m PlaceholderMessage) ProtoInternal(pragma.DoNotImplement) { return } diff --git a/vendor/google.golang.org/protobuf/internal/filetype/build.go b/vendor/google.golang.org/protobuf/internal/filetype/build.go index 0a0dd35de5a..f0e38c4ef4e 100644 --- a/vendor/google.golang.org/protobuf/internal/filetype/build.go +++ b/vendor/google.golang.org/protobuf/internal/filetype/build.go @@ -10,17 +10,16 @@ import ( "reflect" "google.golang.org/protobuf/internal/descopts" - fdesc "google.golang.org/protobuf/internal/filedesc" + "google.golang.org/protobuf/internal/filedesc" pimpl "google.golang.org/protobuf/internal/impl" - pref "google.golang.org/protobuf/reflect/protoreflect" - preg "google.golang.org/protobuf/reflect/protoregistry" + "google.golang.org/protobuf/reflect/protoreflect" + "google.golang.org/protobuf/reflect/protoregistry" ) // Builder constructs type descriptors from a raw file descriptor // and associated Go types for each enum and message declaration. // -// -// Flattened Ordering +// # Flattened Ordering // // The protobuf type system represents declarations as a tree. Certain nodes in // the tree require us to either associate it with a concrete Go type or to @@ -52,7 +51,7 @@ import ( // that children themselves may have. type Builder struct { // File is the underlying file descriptor builder. - File fdesc.Builder + File filedesc.Builder // GoTypes is a unique set of the Go types for all declarations and // dependencies. Each type is represented as a zero value of the Go type. @@ -108,22 +107,22 @@ type Builder struct { // TypeRegistry is the registry to register each type descriptor. // If nil, it uses protoregistry.GlobalTypes. TypeRegistry interface { - RegisterMessage(pref.MessageType) error - RegisterEnum(pref.EnumType) error - RegisterExtension(pref.ExtensionType) error + RegisterMessage(protoreflect.MessageType) error + RegisterEnum(protoreflect.EnumType) error + RegisterExtension(protoreflect.ExtensionType) error } } // Out is the output of the builder. type Out struct { - File pref.FileDescriptor + File protoreflect.FileDescriptor } func (tb Builder) Build() (out Out) { // Replace the resolver with one that resolves dependencies by index, // which is faster and more reliable than relying on the global registry. if tb.File.FileRegistry == nil { - tb.File.FileRegistry = preg.GlobalFiles + tb.File.FileRegistry = protoregistry.GlobalFiles } tb.File.FileRegistry = &resolverByIndex{ goTypes: tb.GoTypes, @@ -133,7 +132,7 @@ func (tb Builder) Build() (out Out) { // Initialize registry if unpopulated. if tb.TypeRegistry == nil { - tb.TypeRegistry = preg.GlobalTypes + tb.TypeRegistry = protoregistry.GlobalTypes } fbOut := tb.File.Build() @@ -183,23 +182,23 @@ func (tb Builder) Build() (out Out) { for i := range fbOut.Messages { switch fbOut.Messages[i].Name() { case "FileOptions": - descopts.File = messageGoTypes[i].(pref.ProtoMessage) + descopts.File = messageGoTypes[i].(protoreflect.ProtoMessage) case "EnumOptions": - descopts.Enum = messageGoTypes[i].(pref.ProtoMessage) + descopts.Enum = messageGoTypes[i].(protoreflect.ProtoMessage) case "EnumValueOptions": - descopts.EnumValue = messageGoTypes[i].(pref.ProtoMessage) + descopts.EnumValue = messageGoTypes[i].(protoreflect.ProtoMessage) case "MessageOptions": - descopts.Message = messageGoTypes[i].(pref.ProtoMessage) + descopts.Message = messageGoTypes[i].(protoreflect.ProtoMessage) case "FieldOptions": - descopts.Field = messageGoTypes[i].(pref.ProtoMessage) + descopts.Field = messageGoTypes[i].(protoreflect.ProtoMessage) case "OneofOptions": - descopts.Oneof = messageGoTypes[i].(pref.ProtoMessage) + descopts.Oneof = messageGoTypes[i].(protoreflect.ProtoMessage) case "ExtensionRangeOptions": - descopts.ExtensionRange = messageGoTypes[i].(pref.ProtoMessage) + descopts.ExtensionRange = messageGoTypes[i].(protoreflect.ProtoMessage) case "ServiceOptions": - descopts.Service = messageGoTypes[i].(pref.ProtoMessage) + descopts.Service = messageGoTypes[i].(protoreflect.ProtoMessage) case "MethodOptions": - descopts.Method = messageGoTypes[i].(pref.ProtoMessage) + descopts.Method = messageGoTypes[i].(protoreflect.ProtoMessage) } } } @@ -216,11 +215,11 @@ func (tb Builder) Build() (out Out) { const listExtDeps = 2 var goType reflect.Type switch fbOut.Extensions[i].L1.Kind { - case pref.EnumKind: + case protoreflect.EnumKind: j := depIdxs.Get(tb.DependencyIndexes, listExtDeps, depIdx) goType = reflect.TypeOf(tb.GoTypes[j]) depIdx++ - case pref.MessageKind, pref.GroupKind: + case protoreflect.MessageKind, protoreflect.GroupKind: j := depIdxs.Get(tb.DependencyIndexes, listExtDeps, depIdx) goType = reflect.TypeOf(tb.GoTypes[j]) depIdx++ @@ -242,22 +241,22 @@ func (tb Builder) Build() (out Out) { return out } -var goTypeForPBKind = map[pref.Kind]reflect.Type{ - pref.BoolKind: reflect.TypeOf(bool(false)), - pref.Int32Kind: reflect.TypeOf(int32(0)), - pref.Sint32Kind: reflect.TypeOf(int32(0)), - pref.Sfixed32Kind: reflect.TypeOf(int32(0)), - pref.Int64Kind: reflect.TypeOf(int64(0)), - pref.Sint64Kind: reflect.TypeOf(int64(0)), - pref.Sfixed64Kind: reflect.TypeOf(int64(0)), - pref.Uint32Kind: reflect.TypeOf(uint32(0)), - pref.Fixed32Kind: reflect.TypeOf(uint32(0)), - pref.Uint64Kind: reflect.TypeOf(uint64(0)), - pref.Fixed64Kind: reflect.TypeOf(uint64(0)), - pref.FloatKind: reflect.TypeOf(float32(0)), - pref.DoubleKind: reflect.TypeOf(float64(0)), - pref.StringKind: reflect.TypeOf(string("")), - pref.BytesKind: reflect.TypeOf([]byte(nil)), +var goTypeForPBKind = map[protoreflect.Kind]reflect.Type{ + protoreflect.BoolKind: reflect.TypeOf(bool(false)), + protoreflect.Int32Kind: reflect.TypeOf(int32(0)), + protoreflect.Sint32Kind: reflect.TypeOf(int32(0)), + protoreflect.Sfixed32Kind: reflect.TypeOf(int32(0)), + protoreflect.Int64Kind: reflect.TypeOf(int64(0)), + protoreflect.Sint64Kind: reflect.TypeOf(int64(0)), + protoreflect.Sfixed64Kind: reflect.TypeOf(int64(0)), + protoreflect.Uint32Kind: reflect.TypeOf(uint32(0)), + protoreflect.Fixed32Kind: reflect.TypeOf(uint32(0)), + protoreflect.Uint64Kind: reflect.TypeOf(uint64(0)), + protoreflect.Fixed64Kind: reflect.TypeOf(uint64(0)), + protoreflect.FloatKind: reflect.TypeOf(float32(0)), + protoreflect.DoubleKind: reflect.TypeOf(float64(0)), + protoreflect.StringKind: reflect.TypeOf(string("")), + protoreflect.BytesKind: reflect.TypeOf([]byte(nil)), } type depIdxs []int32 @@ -274,13 +273,13 @@ type ( fileRegistry } fileRegistry interface { - FindFileByPath(string) (pref.FileDescriptor, error) - FindDescriptorByName(pref.FullName) (pref.Descriptor, error) - RegisterFile(pref.FileDescriptor) error + FindFileByPath(string) (protoreflect.FileDescriptor, error) + FindDescriptorByName(protoreflect.FullName) (protoreflect.Descriptor, error) + RegisterFile(protoreflect.FileDescriptor) error } ) -func (r *resolverByIndex) FindEnumByIndex(i, j int32, es []fdesc.Enum, ms []fdesc.Message) pref.EnumDescriptor { +func (r *resolverByIndex) FindEnumByIndex(i, j int32, es []filedesc.Enum, ms []filedesc.Message) protoreflect.EnumDescriptor { if depIdx := int(r.depIdxs.Get(i, j)); int(depIdx) < len(es)+len(ms) { return &es[depIdx] } else { @@ -288,7 +287,7 @@ func (r *resolverByIndex) FindEnumByIndex(i, j int32, es []fdesc.Enum, ms []fdes } } -func (r *resolverByIndex) FindMessageByIndex(i, j int32, es []fdesc.Enum, ms []fdesc.Message) pref.MessageDescriptor { +func (r *resolverByIndex) FindMessageByIndex(i, j int32, es []filedesc.Enum, ms []filedesc.Message) protoreflect.MessageDescriptor { if depIdx := int(r.depIdxs.Get(i, j)); depIdx < len(es)+len(ms) { return &ms[depIdx-len(es)] } else { diff --git a/vendor/google.golang.org/protobuf/internal/impl/api_export.go b/vendor/google.golang.org/protobuf/internal/impl/api_export.go index abee5f30e9f..a371f98de14 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/api_export.go +++ b/vendor/google.golang.org/protobuf/internal/impl/api_export.go @@ -12,8 +12,8 @@ import ( "google.golang.org/protobuf/encoding/prototext" "google.golang.org/protobuf/internal/errors" "google.golang.org/protobuf/proto" - pref "google.golang.org/protobuf/reflect/protoreflect" - piface "google.golang.org/protobuf/runtime/protoiface" + "google.golang.org/protobuf/reflect/protoreflect" + "google.golang.org/protobuf/runtime/protoiface" ) // Export is a zero-length named type that exists only to export a set of @@ -32,11 +32,11 @@ type enum = interface{} // EnumOf returns the protoreflect.Enum interface over e. // It returns nil if e is nil. -func (Export) EnumOf(e enum) pref.Enum { +func (Export) EnumOf(e enum) protoreflect.Enum { switch e := e.(type) { case nil: return nil - case pref.Enum: + case protoreflect.Enum: return e default: return legacyWrapEnum(reflect.ValueOf(e)) @@ -45,11 +45,11 @@ func (Export) EnumOf(e enum) pref.Enum { // EnumDescriptorOf returns the protoreflect.EnumDescriptor for e. // It returns nil if e is nil. -func (Export) EnumDescriptorOf(e enum) pref.EnumDescriptor { +func (Export) EnumDescriptorOf(e enum) protoreflect.EnumDescriptor { switch e := e.(type) { case nil: return nil - case pref.Enum: + case protoreflect.Enum: return e.Descriptor() default: return LegacyLoadEnumDesc(reflect.TypeOf(e)) @@ -58,11 +58,11 @@ func (Export) EnumDescriptorOf(e enum) pref.EnumDescriptor { // EnumTypeOf returns the protoreflect.EnumType for e. // It returns nil if e is nil. -func (Export) EnumTypeOf(e enum) pref.EnumType { +func (Export) EnumTypeOf(e enum) protoreflect.EnumType { switch e := e.(type) { case nil: return nil - case pref.Enum: + case protoreflect.Enum: return e.Type() default: return legacyLoadEnumType(reflect.TypeOf(e)) @@ -71,7 +71,7 @@ func (Export) EnumTypeOf(e enum) pref.EnumType { // EnumStringOf returns the enum value as a string, either as the name if // the number is resolvable, or the number formatted as a string. -func (Export) EnumStringOf(ed pref.EnumDescriptor, n pref.EnumNumber) string { +func (Export) EnumStringOf(ed protoreflect.EnumDescriptor, n protoreflect.EnumNumber) string { ev := ed.Values().ByNumber(n) if ev != nil { return string(ev.Name()) @@ -84,7 +84,7 @@ func (Export) EnumStringOf(ed pref.EnumDescriptor, n pref.EnumNumber) string { type message = interface{} // legacyMessageWrapper wraps a v2 message as a v1 message. -type legacyMessageWrapper struct{ m pref.ProtoMessage } +type legacyMessageWrapper struct{ m protoreflect.ProtoMessage } func (m legacyMessageWrapper) Reset() { proto.Reset(m.m) } func (m legacyMessageWrapper) String() string { return Export{}.MessageStringOf(m.m) } @@ -92,30 +92,30 @@ func (m legacyMessageWrapper) ProtoMessage() {} // ProtoMessageV1Of converts either a v1 or v2 message to a v1 message. // It returns nil if m is nil. -func (Export) ProtoMessageV1Of(m message) piface.MessageV1 { +func (Export) ProtoMessageV1Of(m message) protoiface.MessageV1 { switch mv := m.(type) { case nil: return nil - case piface.MessageV1: + case protoiface.MessageV1: return mv case unwrapper: return Export{}.ProtoMessageV1Of(mv.protoUnwrap()) - case pref.ProtoMessage: + case protoreflect.ProtoMessage: return legacyMessageWrapper{mv} default: panic(fmt.Sprintf("message %T is neither a v1 or v2 Message", m)) } } -func (Export) protoMessageV2Of(m message) pref.ProtoMessage { +func (Export) protoMessageV2Of(m message) protoreflect.ProtoMessage { switch mv := m.(type) { case nil: return nil - case pref.ProtoMessage: + case protoreflect.ProtoMessage: return mv case legacyMessageWrapper: return mv.m - case piface.MessageV1: + case protoiface.MessageV1: return nil default: panic(fmt.Sprintf("message %T is neither a v1 or v2 Message", m)) @@ -124,7 +124,7 @@ func (Export) protoMessageV2Of(m message) pref.ProtoMessage { // ProtoMessageV2Of converts either a v1 or v2 message to a v2 message. // It returns nil if m is nil. -func (Export) ProtoMessageV2Of(m message) pref.ProtoMessage { +func (Export) ProtoMessageV2Of(m message) protoreflect.ProtoMessage { if m == nil { return nil } @@ -136,7 +136,7 @@ func (Export) ProtoMessageV2Of(m message) pref.ProtoMessage { // MessageOf returns the protoreflect.Message interface over m. // It returns nil if m is nil. -func (Export) MessageOf(m message) pref.Message { +func (Export) MessageOf(m message) protoreflect.Message { if m == nil { return nil } @@ -148,7 +148,7 @@ func (Export) MessageOf(m message) pref.Message { // MessageDescriptorOf returns the protoreflect.MessageDescriptor for m. // It returns nil if m is nil. -func (Export) MessageDescriptorOf(m message) pref.MessageDescriptor { +func (Export) MessageDescriptorOf(m message) protoreflect.MessageDescriptor { if m == nil { return nil } @@ -160,7 +160,7 @@ func (Export) MessageDescriptorOf(m message) pref.MessageDescriptor { // MessageTypeOf returns the protoreflect.MessageType for m. // It returns nil if m is nil. -func (Export) MessageTypeOf(m message) pref.MessageType { +func (Export) MessageTypeOf(m message) protoreflect.MessageType { if m == nil { return nil } @@ -172,6 +172,6 @@ func (Export) MessageTypeOf(m message) pref.MessageType { // MessageStringOf returns the message value as a string, // which is the message serialized in the protobuf text format. -func (Export) MessageStringOf(m pref.ProtoMessage) string { +func (Export) MessageStringOf(m protoreflect.ProtoMessage) string { return prototext.MarshalOptions{Multiline: false}.Format(m) } diff --git a/vendor/google.golang.org/protobuf/internal/impl/checkinit.go b/vendor/google.golang.org/protobuf/internal/impl/checkinit.go index b82341e575c..bff041edc94 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/checkinit.go +++ b/vendor/google.golang.org/protobuf/internal/impl/checkinit.go @@ -8,18 +8,18 @@ import ( "sync" "google.golang.org/protobuf/internal/errors" - pref "google.golang.org/protobuf/reflect/protoreflect" - piface "google.golang.org/protobuf/runtime/protoiface" + "google.golang.org/protobuf/reflect/protoreflect" + "google.golang.org/protobuf/runtime/protoiface" ) -func (mi *MessageInfo) checkInitialized(in piface.CheckInitializedInput) (piface.CheckInitializedOutput, error) { +func (mi *MessageInfo) checkInitialized(in protoiface.CheckInitializedInput) (protoiface.CheckInitializedOutput, error) { var p pointer if ms, ok := in.Message.(*messageState); ok { p = ms.pointer() } else { p = in.Message.(*messageReflectWrapper).pointer() } - return piface.CheckInitializedOutput{}, mi.checkInitializedPointer(p) + return protoiface.CheckInitializedOutput{}, mi.checkInitializedPointer(p) } func (mi *MessageInfo) checkInitializedPointer(p pointer) error { @@ -90,7 +90,7 @@ var ( // needsInitCheck reports whether a message needs to be checked for partial initialization. // // It returns true if the message transitively includes any required or extension fields. -func needsInitCheck(md pref.MessageDescriptor) bool { +func needsInitCheck(md protoreflect.MessageDescriptor) bool { if v, ok := needsInitCheckMap.Load(md); ok { if has, ok := v.(bool); ok { return has @@ -101,7 +101,7 @@ func needsInitCheck(md pref.MessageDescriptor) bool { return needsInitCheckLocked(md) } -func needsInitCheckLocked(md pref.MessageDescriptor) (has bool) { +func needsInitCheckLocked(md protoreflect.MessageDescriptor) (has bool) { if v, ok := needsInitCheckMap.Load(md); ok { // If has is true, we've previously determined that this message // needs init checks. diff --git a/vendor/google.golang.org/protobuf/internal/impl/codec_extension.go b/vendor/google.golang.org/protobuf/internal/impl/codec_extension.go index 08d35170b66..e74cefdc506 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/codec_extension.go +++ b/vendor/google.golang.org/protobuf/internal/impl/codec_extension.go @@ -10,7 +10,7 @@ import ( "google.golang.org/protobuf/encoding/protowire" "google.golang.org/protobuf/internal/errors" - pref "google.golang.org/protobuf/reflect/protoreflect" + "google.golang.org/protobuf/reflect/protoreflect" ) type extensionFieldInfo struct { @@ -23,7 +23,7 @@ type extensionFieldInfo struct { var legacyExtensionFieldInfoCache sync.Map // map[protoreflect.ExtensionType]*extensionFieldInfo -func getExtensionFieldInfo(xt pref.ExtensionType) *extensionFieldInfo { +func getExtensionFieldInfo(xt protoreflect.ExtensionType) *extensionFieldInfo { if xi, ok := xt.(*ExtensionInfo); ok { xi.lazyInit() return xi.info @@ -32,7 +32,7 @@ func getExtensionFieldInfo(xt pref.ExtensionType) *extensionFieldInfo { } // legacyLoadExtensionFieldInfo dynamically loads a *ExtensionInfo for xt. -func legacyLoadExtensionFieldInfo(xt pref.ExtensionType) *extensionFieldInfo { +func legacyLoadExtensionFieldInfo(xt protoreflect.ExtensionType) *extensionFieldInfo { if xi, ok := legacyExtensionFieldInfoCache.Load(xt); ok { return xi.(*extensionFieldInfo) } @@ -43,7 +43,7 @@ func legacyLoadExtensionFieldInfo(xt pref.ExtensionType) *extensionFieldInfo { return e } -func makeExtensionFieldInfo(xd pref.ExtensionDescriptor) *extensionFieldInfo { +func makeExtensionFieldInfo(xd protoreflect.ExtensionDescriptor) *extensionFieldInfo { var wiretag uint64 if !xd.IsPacked() { wiretag = protowire.EncodeTag(xd.Number(), wireTypes[xd.Kind()]) @@ -59,10 +59,10 @@ func makeExtensionFieldInfo(xd pref.ExtensionDescriptor) *extensionFieldInfo { // This is true for composite types, where we pass in a message, list, or map to fill in, // and for enums, where we pass in a prototype value to specify the concrete enum type. switch xd.Kind() { - case pref.MessageKind, pref.GroupKind, pref.EnumKind: + case protoreflect.MessageKind, protoreflect.GroupKind, protoreflect.EnumKind: e.unmarshalNeedsValue = true default: - if xd.Cardinality() == pref.Repeated { + if xd.Cardinality() == protoreflect.Repeated { e.unmarshalNeedsValue = true } } @@ -73,21 +73,21 @@ type lazyExtensionValue struct { atomicOnce uint32 // atomically set if value is valid mu sync.Mutex xi *extensionFieldInfo - value pref.Value + value protoreflect.Value b []byte - fn func() pref.Value + fn func() protoreflect.Value } type ExtensionField struct { - typ pref.ExtensionType + typ protoreflect.ExtensionType // value is either the value of GetValue, // or a *lazyExtensionValue that then returns the value of GetValue. - value pref.Value + value protoreflect.Value lazy *lazyExtensionValue } -func (f *ExtensionField) appendLazyBytes(xt pref.ExtensionType, xi *extensionFieldInfo, num protowire.Number, wtyp protowire.Type, b []byte) { +func (f *ExtensionField) appendLazyBytes(xt protoreflect.ExtensionType, xi *extensionFieldInfo, num protowire.Number, wtyp protowire.Type, b []byte) { if f.lazy == nil { f.lazy = &lazyExtensionValue{xi: xi} } @@ -97,7 +97,7 @@ func (f *ExtensionField) appendLazyBytes(xt pref.ExtensionType, xi *extensionFie f.lazy.b = append(f.lazy.b, b...) } -func (f *ExtensionField) canLazy(xt pref.ExtensionType) bool { +func (f *ExtensionField) canLazy(xt protoreflect.ExtensionType) bool { if f.typ == nil { return true } @@ -154,7 +154,7 @@ func (f *ExtensionField) lazyInit() { // Set sets the type and value of the extension field. // This must not be called concurrently. -func (f *ExtensionField) Set(t pref.ExtensionType, v pref.Value) { +func (f *ExtensionField) Set(t protoreflect.ExtensionType, v protoreflect.Value) { f.typ = t f.value = v f.lazy = nil @@ -162,14 +162,14 @@ func (f *ExtensionField) Set(t pref.ExtensionType, v pref.Value) { // SetLazy sets the type and a value that is to be lazily evaluated upon first use. // This must not be called concurrently. -func (f *ExtensionField) SetLazy(t pref.ExtensionType, fn func() pref.Value) { +func (f *ExtensionField) SetLazy(t protoreflect.ExtensionType, fn func() protoreflect.Value) { f.typ = t f.lazy = &lazyExtensionValue{fn: fn} } // Value returns the value of the extension field. // This may be called concurrently. -func (f *ExtensionField) Value() pref.Value { +func (f *ExtensionField) Value() protoreflect.Value { if f.lazy != nil { if atomic.LoadUint32(&f.lazy.atomicOnce) == 0 { f.lazyInit() @@ -181,7 +181,7 @@ func (f *ExtensionField) Value() pref.Value { // Type returns the type of the extension field. // This may be called concurrently. -func (f ExtensionField) Type() pref.ExtensionType { +func (f ExtensionField) Type() protoreflect.ExtensionType { return f.typ } @@ -193,7 +193,7 @@ func (f ExtensionField) IsSet() bool { // IsLazy reports whether a field is lazily encoded. // It is exported for testing. -func IsLazy(m pref.Message, fd pref.FieldDescriptor) bool { +func IsLazy(m protoreflect.Message, fd protoreflect.FieldDescriptor) bool { var mi *MessageInfo var p pointer switch m := m.(type) { @@ -206,7 +206,7 @@ func IsLazy(m pref.Message, fd pref.FieldDescriptor) bool { default: return false } - xd, ok := fd.(pref.ExtensionTypeDescriptor) + xd, ok := fd.(protoreflect.ExtensionTypeDescriptor) if !ok { return false } diff --git a/vendor/google.golang.org/protobuf/internal/impl/codec_field.go b/vendor/google.golang.org/protobuf/internal/impl/codec_field.go index cb4b482d166..3fadd241e1c 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/codec_field.go +++ b/vendor/google.golang.org/protobuf/internal/impl/codec_field.go @@ -12,9 +12,9 @@ import ( "google.golang.org/protobuf/encoding/protowire" "google.golang.org/protobuf/internal/errors" "google.golang.org/protobuf/proto" - pref "google.golang.org/protobuf/reflect/protoreflect" - preg "google.golang.org/protobuf/reflect/protoregistry" - piface "google.golang.org/protobuf/runtime/protoiface" + "google.golang.org/protobuf/reflect/protoreflect" + "google.golang.org/protobuf/reflect/protoregistry" + "google.golang.org/protobuf/runtime/protoiface" ) type errInvalidUTF8 struct{} @@ -30,7 +30,7 @@ func (errInvalidUTF8) Unwrap() error { return errors.Error } // to the appropriate field-specific function as necessary. // // The unmarshal function is set on each field individually as usual. -func (mi *MessageInfo) initOneofFieldCoders(od pref.OneofDescriptor, si structInfo) { +func (mi *MessageInfo) initOneofFieldCoders(od protoreflect.OneofDescriptor, si structInfo) { fs := si.oneofsByName[od.Name()] ft := fs.Type oneofFields := make(map[reflect.Type]*coderFieldInfo) @@ -118,13 +118,13 @@ func (mi *MessageInfo) initOneofFieldCoders(od pref.OneofDescriptor, si structIn } } -func makeWeakMessageFieldCoder(fd pref.FieldDescriptor) pointerCoderFuncs { +func makeWeakMessageFieldCoder(fd protoreflect.FieldDescriptor) pointerCoderFuncs { var once sync.Once - var messageType pref.MessageType + var messageType protoreflect.MessageType lazyInit := func() { once.Do(func() { messageName := fd.Message().FullName() - messageType, _ = preg.GlobalTypes.FindMessageByName(messageName) + messageType, _ = protoregistry.GlobalTypes.FindMessageByName(messageName) }) } @@ -190,7 +190,7 @@ func makeWeakMessageFieldCoder(fd pref.FieldDescriptor) pointerCoderFuncs { } } -func makeMessageFieldCoder(fd pref.FieldDescriptor, ft reflect.Type) pointerCoderFuncs { +func makeMessageFieldCoder(fd protoreflect.FieldDescriptor, ft reflect.Type) pointerCoderFuncs { if mi := getMessageInfo(ft); mi != nil { funcs := pointerCoderFuncs{ size: sizeMessageInfo, @@ -280,7 +280,7 @@ func consumeMessage(b []byte, m proto.Message, wtyp protowire.Type, opts unmarsh if n < 0 { return out, errDecode } - o, err := opts.Options().UnmarshalState(piface.UnmarshalInput{ + o, err := opts.Options().UnmarshalState(protoiface.UnmarshalInput{ Buf: v, Message: m.ProtoReflect(), }) @@ -288,27 +288,27 @@ func consumeMessage(b []byte, m proto.Message, wtyp protowire.Type, opts unmarsh return out, err } out.n = n - out.initialized = o.Flags&piface.UnmarshalInitialized != 0 + out.initialized = o.Flags&protoiface.UnmarshalInitialized != 0 return out, nil } -func sizeMessageValue(v pref.Value, tagsize int, opts marshalOptions) int { +func sizeMessageValue(v protoreflect.Value, tagsize int, opts marshalOptions) int { m := v.Message().Interface() return sizeMessage(m, tagsize, opts) } -func appendMessageValue(b []byte, v pref.Value, wiretag uint64, opts marshalOptions) ([]byte, error) { +func appendMessageValue(b []byte, v protoreflect.Value, wiretag uint64, opts marshalOptions) ([]byte, error) { m := v.Message().Interface() return appendMessage(b, m, wiretag, opts) } -func consumeMessageValue(b []byte, v pref.Value, _ protowire.Number, wtyp protowire.Type, opts unmarshalOptions) (pref.Value, unmarshalOutput, error) { +func consumeMessageValue(b []byte, v protoreflect.Value, _ protowire.Number, wtyp protowire.Type, opts unmarshalOptions) (protoreflect.Value, unmarshalOutput, error) { m := v.Message().Interface() out, err := consumeMessage(b, m, wtyp, opts) return v, out, err } -func isInitMessageValue(v pref.Value) error { +func isInitMessageValue(v protoreflect.Value) error { m := v.Message().Interface() return proto.CheckInitialized(m) } @@ -321,17 +321,17 @@ var coderMessageValue = valueCoderFuncs{ merge: mergeMessageValue, } -func sizeGroupValue(v pref.Value, tagsize int, opts marshalOptions) int { +func sizeGroupValue(v protoreflect.Value, tagsize int, opts marshalOptions) int { m := v.Message().Interface() return sizeGroup(m, tagsize, opts) } -func appendGroupValue(b []byte, v pref.Value, wiretag uint64, opts marshalOptions) ([]byte, error) { +func appendGroupValue(b []byte, v protoreflect.Value, wiretag uint64, opts marshalOptions) ([]byte, error) { m := v.Message().Interface() return appendGroup(b, m, wiretag, opts) } -func consumeGroupValue(b []byte, v pref.Value, num protowire.Number, wtyp protowire.Type, opts unmarshalOptions) (pref.Value, unmarshalOutput, error) { +func consumeGroupValue(b []byte, v protoreflect.Value, num protowire.Number, wtyp protowire.Type, opts unmarshalOptions) (protoreflect.Value, unmarshalOutput, error) { m := v.Message().Interface() out, err := consumeGroup(b, m, num, wtyp, opts) return v, out, err @@ -345,7 +345,7 @@ var coderGroupValue = valueCoderFuncs{ merge: mergeMessageValue, } -func makeGroupFieldCoder(fd pref.FieldDescriptor, ft reflect.Type) pointerCoderFuncs { +func makeGroupFieldCoder(fd protoreflect.FieldDescriptor, ft reflect.Type) pointerCoderFuncs { num := fd.Number() if mi := getMessageInfo(ft); mi != nil { funcs := pointerCoderFuncs{ @@ -424,7 +424,7 @@ func consumeGroup(b []byte, m proto.Message, num protowire.Number, wtyp protowir if n < 0 { return out, errDecode } - o, err := opts.Options().UnmarshalState(piface.UnmarshalInput{ + o, err := opts.Options().UnmarshalState(protoiface.UnmarshalInput{ Buf: b, Message: m.ProtoReflect(), }) @@ -432,11 +432,11 @@ func consumeGroup(b []byte, m proto.Message, num protowire.Number, wtyp protowir return out, err } out.n = n - out.initialized = o.Flags&piface.UnmarshalInitialized != 0 + out.initialized = o.Flags&protoiface.UnmarshalInitialized != 0 return out, nil } -func makeMessageSliceFieldCoder(fd pref.FieldDescriptor, ft reflect.Type) pointerCoderFuncs { +func makeMessageSliceFieldCoder(fd protoreflect.FieldDescriptor, ft reflect.Type) pointerCoderFuncs { if mi := getMessageInfo(ft); mi != nil { funcs := pointerCoderFuncs{ size: sizeMessageSliceInfo, @@ -555,7 +555,7 @@ func consumeMessageSlice(b []byte, p pointer, goType reflect.Type, wtyp protowir return out, errDecode } mp := reflect.New(goType.Elem()) - o, err := opts.Options().UnmarshalState(piface.UnmarshalInput{ + o, err := opts.Options().UnmarshalState(protoiface.UnmarshalInput{ Buf: v, Message: asMessage(mp).ProtoReflect(), }) @@ -564,7 +564,7 @@ func consumeMessageSlice(b []byte, p pointer, goType reflect.Type, wtyp protowir } p.AppendPointerSlice(pointerOfValue(mp)) out.n = n - out.initialized = o.Flags&piface.UnmarshalInitialized != 0 + out.initialized = o.Flags&protoiface.UnmarshalInitialized != 0 return out, nil } @@ -581,7 +581,7 @@ func isInitMessageSlice(p pointer, goType reflect.Type) error { // Slices of messages -func sizeMessageSliceValue(listv pref.Value, tagsize int, opts marshalOptions) int { +func sizeMessageSliceValue(listv protoreflect.Value, tagsize int, opts marshalOptions) int { list := listv.List() n := 0 for i, llen := 0, list.Len(); i < llen; i++ { @@ -591,7 +591,7 @@ func sizeMessageSliceValue(listv pref.Value, tagsize int, opts marshalOptions) i return n } -func appendMessageSliceValue(b []byte, listv pref.Value, wiretag uint64, opts marshalOptions) ([]byte, error) { +func appendMessageSliceValue(b []byte, listv protoreflect.Value, wiretag uint64, opts marshalOptions) ([]byte, error) { list := listv.List() mopts := opts.Options() for i, llen := 0, list.Len(); i < llen; i++ { @@ -608,30 +608,30 @@ func appendMessageSliceValue(b []byte, listv pref.Value, wiretag uint64, opts ma return b, nil } -func consumeMessageSliceValue(b []byte, listv pref.Value, _ protowire.Number, wtyp protowire.Type, opts unmarshalOptions) (_ pref.Value, out unmarshalOutput, err error) { +func consumeMessageSliceValue(b []byte, listv protoreflect.Value, _ protowire.Number, wtyp protowire.Type, opts unmarshalOptions) (_ protoreflect.Value, out unmarshalOutput, err error) { list := listv.List() if wtyp != protowire.BytesType { - return pref.Value{}, out, errUnknown + return protoreflect.Value{}, out, errUnknown } v, n := protowire.ConsumeBytes(b) if n < 0 { - return pref.Value{}, out, errDecode + return protoreflect.Value{}, out, errDecode } m := list.NewElement() - o, err := opts.Options().UnmarshalState(piface.UnmarshalInput{ + o, err := opts.Options().UnmarshalState(protoiface.UnmarshalInput{ Buf: v, Message: m.Message(), }) if err != nil { - return pref.Value{}, out, err + return protoreflect.Value{}, out, err } list.Append(m) out.n = n - out.initialized = o.Flags&piface.UnmarshalInitialized != 0 + out.initialized = o.Flags&protoiface.UnmarshalInitialized != 0 return listv, out, nil } -func isInitMessageSliceValue(listv pref.Value) error { +func isInitMessageSliceValue(listv protoreflect.Value) error { list := listv.List() for i, llen := 0, list.Len(); i < llen; i++ { m := list.Get(i).Message().Interface() @@ -650,7 +650,7 @@ var coderMessageSliceValue = valueCoderFuncs{ merge: mergeMessageListValue, } -func sizeGroupSliceValue(listv pref.Value, tagsize int, opts marshalOptions) int { +func sizeGroupSliceValue(listv protoreflect.Value, tagsize int, opts marshalOptions) int { list := listv.List() n := 0 for i, llen := 0, list.Len(); i < llen; i++ { @@ -660,7 +660,7 @@ func sizeGroupSliceValue(listv pref.Value, tagsize int, opts marshalOptions) int return n } -func appendGroupSliceValue(b []byte, listv pref.Value, wiretag uint64, opts marshalOptions) ([]byte, error) { +func appendGroupSliceValue(b []byte, listv protoreflect.Value, wiretag uint64, opts marshalOptions) ([]byte, error) { list := listv.List() mopts := opts.Options() for i, llen := 0, list.Len(); i < llen; i++ { @@ -676,26 +676,26 @@ func appendGroupSliceValue(b []byte, listv pref.Value, wiretag uint64, opts mars return b, nil } -func consumeGroupSliceValue(b []byte, listv pref.Value, num protowire.Number, wtyp protowire.Type, opts unmarshalOptions) (_ pref.Value, out unmarshalOutput, err error) { +func consumeGroupSliceValue(b []byte, listv protoreflect.Value, num protowire.Number, wtyp protowire.Type, opts unmarshalOptions) (_ protoreflect.Value, out unmarshalOutput, err error) { list := listv.List() if wtyp != protowire.StartGroupType { - return pref.Value{}, out, errUnknown + return protoreflect.Value{}, out, errUnknown } b, n := protowire.ConsumeGroup(num, b) if n < 0 { - return pref.Value{}, out, errDecode + return protoreflect.Value{}, out, errDecode } m := list.NewElement() - o, err := opts.Options().UnmarshalState(piface.UnmarshalInput{ + o, err := opts.Options().UnmarshalState(protoiface.UnmarshalInput{ Buf: b, Message: m.Message(), }) if err != nil { - return pref.Value{}, out, err + return protoreflect.Value{}, out, err } list.Append(m) out.n = n - out.initialized = o.Flags&piface.UnmarshalInitialized != 0 + out.initialized = o.Flags&protoiface.UnmarshalInitialized != 0 return listv, out, nil } @@ -707,7 +707,7 @@ var coderGroupSliceValue = valueCoderFuncs{ merge: mergeMessageListValue, } -func makeGroupSliceFieldCoder(fd pref.FieldDescriptor, ft reflect.Type) pointerCoderFuncs { +func makeGroupSliceFieldCoder(fd protoreflect.FieldDescriptor, ft reflect.Type) pointerCoderFuncs { num := fd.Number() if mi := getMessageInfo(ft); mi != nil { funcs := pointerCoderFuncs{ @@ -772,7 +772,7 @@ func consumeGroupSlice(b []byte, p pointer, num protowire.Number, wtyp protowire return out, errDecode } mp := reflect.New(goType.Elem()) - o, err := opts.Options().UnmarshalState(piface.UnmarshalInput{ + o, err := opts.Options().UnmarshalState(protoiface.UnmarshalInput{ Buf: b, Message: asMessage(mp).ProtoReflect(), }) @@ -781,7 +781,7 @@ func consumeGroupSlice(b []byte, p pointer, num protowire.Number, wtyp protowire } p.AppendPointerSlice(pointerOfValue(mp)) out.n = n - out.initialized = o.Flags&piface.UnmarshalInitialized != 0 + out.initialized = o.Flags&protoiface.UnmarshalInitialized != 0 return out, nil } @@ -822,8 +822,8 @@ func consumeGroupSliceInfo(b []byte, p pointer, wtyp protowire.Type, f *coderFie return out, nil } -func asMessage(v reflect.Value) pref.ProtoMessage { - if m, ok := v.Interface().(pref.ProtoMessage); ok { +func asMessage(v reflect.Value) protoreflect.ProtoMessage { + if m, ok := v.Interface().(protoreflect.ProtoMessage); ok { return m } return legacyWrapMessage(v).Interface() diff --git a/vendor/google.golang.org/protobuf/internal/impl/codec_map.go b/vendor/google.golang.org/protobuf/internal/impl/codec_map.go index c1245fef487..111b9d16f99 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/codec_map.go +++ b/vendor/google.golang.org/protobuf/internal/impl/codec_map.go @@ -10,7 +10,7 @@ import ( "google.golang.org/protobuf/encoding/protowire" "google.golang.org/protobuf/internal/genid" - pref "google.golang.org/protobuf/reflect/protoreflect" + "google.golang.org/protobuf/reflect/protoreflect" ) type mapInfo struct { @@ -19,12 +19,12 @@ type mapInfo struct { valWiretag uint64 keyFuncs valueCoderFuncs valFuncs valueCoderFuncs - keyZero pref.Value - keyKind pref.Kind + keyZero protoreflect.Value + keyKind protoreflect.Kind conv *mapConverter } -func encoderFuncsForMap(fd pref.FieldDescriptor, ft reflect.Type) (valueMessage *MessageInfo, funcs pointerCoderFuncs) { +func encoderFuncsForMap(fd protoreflect.FieldDescriptor, ft reflect.Type) (valueMessage *MessageInfo, funcs pointerCoderFuncs) { // TODO: Consider generating specialized map coders. keyField := fd.MapKey() valField := fd.MapValue() @@ -44,7 +44,7 @@ func encoderFuncsForMap(fd pref.FieldDescriptor, ft reflect.Type) (valueMessage keyKind: keyField.Kind(), conv: conv, } - if valField.Kind() == pref.MessageKind { + if valField.Kind() == protoreflect.MessageKind { valueMessage = getMessageInfo(ft.Elem()) } @@ -68,9 +68,9 @@ func encoderFuncsForMap(fd pref.FieldDescriptor, ft reflect.Type) (valueMessage }, } switch valField.Kind() { - case pref.MessageKind: + case protoreflect.MessageKind: funcs.merge = mergeMapOfMessage - case pref.BytesKind: + case protoreflect.BytesKind: funcs.merge = mergeMapOfBytes default: funcs.merge = mergeMap @@ -135,7 +135,7 @@ func consumeMap(b []byte, mapv reflect.Value, wtyp protowire.Type, mapi *mapInfo err := errUnknown switch num { case genid.MapEntry_Key_field_number: - var v pref.Value + var v protoreflect.Value var o unmarshalOutput v, o, err = mapi.keyFuncs.unmarshal(b, key, num, wtyp, opts) if err != nil { @@ -144,7 +144,7 @@ func consumeMap(b []byte, mapv reflect.Value, wtyp protowire.Type, mapi *mapInfo key = v n = o.n case genid.MapEntry_Value_field_number: - var v pref.Value + var v protoreflect.Value var o unmarshalOutput v, o, err = mapi.valFuncs.unmarshal(b, val, num, wtyp, opts) if err != nil { @@ -192,7 +192,7 @@ func consumeMapOfMessage(b []byte, mapv reflect.Value, wtyp protowire.Type, mapi err := errUnknown switch num { case 1: - var v pref.Value + var v protoreflect.Value var o unmarshalOutput v, o, err = mapi.keyFuncs.unmarshal(b, key, num, wtyp, opts) if err != nil { diff --git a/vendor/google.golang.org/protobuf/internal/impl/codec_message.go b/vendor/google.golang.org/protobuf/internal/impl/codec_message.go index cd40527ff64..6b2fdbb739a 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/codec_message.go +++ b/vendor/google.golang.org/protobuf/internal/impl/codec_message.go @@ -12,15 +12,15 @@ import ( "google.golang.org/protobuf/encoding/protowire" "google.golang.org/protobuf/internal/encoding/messageset" "google.golang.org/protobuf/internal/order" - pref "google.golang.org/protobuf/reflect/protoreflect" - piface "google.golang.org/protobuf/runtime/protoiface" + "google.golang.org/protobuf/reflect/protoreflect" + "google.golang.org/protobuf/runtime/protoiface" ) // coderMessageInfo contains per-message information used by the fast-path functions. // This is a different type from MessageInfo to keep MessageInfo as general-purpose as // possible. type coderMessageInfo struct { - methods piface.Methods + methods protoiface.Methods orderedCoderFields []*coderFieldInfo denseCoderFields []*coderFieldInfo @@ -38,13 +38,13 @@ type coderFieldInfo struct { funcs pointerCoderFuncs // fast-path per-field functions mi *MessageInfo // field's message ft reflect.Type - validation validationInfo // information used by message validation - num pref.FieldNumber // field number - offset offset // struct field offset - wiretag uint64 // field tag (number + wire type) - tagsize int // size of the varint-encoded tag - isPointer bool // true if IsNil may be called on the struct field - isRequired bool // true if field is required + validation validationInfo // information used by message validation + num protoreflect.FieldNumber // field number + offset offset // struct field offset + wiretag uint64 // field tag (number + wire type) + tagsize int // size of the varint-encoded tag + isPointer bool // true if IsNil may be called on the struct field + isRequired bool // true if field is required } func (mi *MessageInfo) makeCoderMethods(t reflect.Type, si structInfo) { @@ -125,8 +125,8 @@ func (mi *MessageInfo) makeCoderMethods(t reflect.Type, si structInfo) { funcs: funcs, mi: childMessage, validation: newFieldValidationInfo(mi, si, fd, ft), - isPointer: fd.Cardinality() == pref.Repeated || fd.HasPresence(), - isRequired: fd.Cardinality() == pref.Required, + isPointer: fd.Cardinality() == protoreflect.Repeated || fd.HasPresence(), + isRequired: fd.Cardinality() == protoreflect.Required, } mi.orderedCoderFields = append(mi.orderedCoderFields, cf) mi.coderFields[cf.num] = cf @@ -149,7 +149,7 @@ func (mi *MessageInfo) makeCoderMethods(t reflect.Type, si structInfo) { return mi.orderedCoderFields[i].num < mi.orderedCoderFields[j].num }) - var maxDense pref.FieldNumber + var maxDense protoreflect.FieldNumber for _, cf := range mi.orderedCoderFields { if cf.num >= 16 && cf.num >= 2*maxDense { break @@ -175,12 +175,12 @@ func (mi *MessageInfo) makeCoderMethods(t reflect.Type, si structInfo) { mi.needsInitCheck = needsInitCheck(mi.Desc) if mi.methods.Marshal == nil && mi.methods.Size == nil { - mi.methods.Flags |= piface.SupportMarshalDeterministic + mi.methods.Flags |= protoiface.SupportMarshalDeterministic mi.methods.Marshal = mi.marshal mi.methods.Size = mi.size } if mi.methods.Unmarshal == nil { - mi.methods.Flags |= piface.SupportUnmarshalDiscardUnknown + mi.methods.Flags |= protoiface.SupportUnmarshalDiscardUnknown mi.methods.Unmarshal = mi.unmarshal } if mi.methods.CheckInitialized == nil { diff --git a/vendor/google.golang.org/protobuf/internal/impl/codec_tables.go b/vendor/google.golang.org/protobuf/internal/impl/codec_tables.go index e8997123887..576dcf3aac5 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/codec_tables.go +++ b/vendor/google.golang.org/protobuf/internal/impl/codec_tables.go @@ -10,7 +10,7 @@ import ( "google.golang.org/protobuf/encoding/protowire" "google.golang.org/protobuf/internal/strs" - pref "google.golang.org/protobuf/reflect/protoreflect" + "google.golang.org/protobuf/reflect/protoreflect" ) // pointerCoderFuncs is a set of pointer encoding functions. @@ -25,83 +25,83 @@ type pointerCoderFuncs struct { // valueCoderFuncs is a set of protoreflect.Value encoding functions. type valueCoderFuncs struct { - size func(v pref.Value, tagsize int, opts marshalOptions) int - marshal func(b []byte, v pref.Value, wiretag uint64, opts marshalOptions) ([]byte, error) - unmarshal func(b []byte, v pref.Value, num protowire.Number, wtyp protowire.Type, opts unmarshalOptions) (pref.Value, unmarshalOutput, error) - isInit func(v pref.Value) error - merge func(dst, src pref.Value, opts mergeOptions) pref.Value + size func(v protoreflect.Value, tagsize int, opts marshalOptions) int + marshal func(b []byte, v protoreflect.Value, wiretag uint64, opts marshalOptions) ([]byte, error) + unmarshal func(b []byte, v protoreflect.Value, num protowire.Number, wtyp protowire.Type, opts unmarshalOptions) (protoreflect.Value, unmarshalOutput, error) + isInit func(v protoreflect.Value) error + merge func(dst, src protoreflect.Value, opts mergeOptions) protoreflect.Value } // fieldCoder returns pointer functions for a field, used for operating on // struct fields. -func fieldCoder(fd pref.FieldDescriptor, ft reflect.Type) (*MessageInfo, pointerCoderFuncs) { +func fieldCoder(fd protoreflect.FieldDescriptor, ft reflect.Type) (*MessageInfo, pointerCoderFuncs) { switch { case fd.IsMap(): return encoderFuncsForMap(fd, ft) - case fd.Cardinality() == pref.Repeated && !fd.IsPacked(): + case fd.Cardinality() == protoreflect.Repeated && !fd.IsPacked(): // Repeated fields (not packed). if ft.Kind() != reflect.Slice { break } ft := ft.Elem() switch fd.Kind() { - case pref.BoolKind: + case protoreflect.BoolKind: if ft.Kind() == reflect.Bool { return nil, coderBoolSlice } - case pref.EnumKind: + case protoreflect.EnumKind: if ft.Kind() == reflect.Int32 { return nil, coderEnumSlice } - case pref.Int32Kind: + case protoreflect.Int32Kind: if ft.Kind() == reflect.Int32 { return nil, coderInt32Slice } - case pref.Sint32Kind: + case protoreflect.Sint32Kind: if ft.Kind() == reflect.Int32 { return nil, coderSint32Slice } - case pref.Uint32Kind: + case protoreflect.Uint32Kind: if ft.Kind() == reflect.Uint32 { return nil, coderUint32Slice } - case pref.Int64Kind: + case protoreflect.Int64Kind: if ft.Kind() == reflect.Int64 { return nil, coderInt64Slice } - case pref.Sint64Kind: + case protoreflect.Sint64Kind: if ft.Kind() == reflect.Int64 { return nil, coderSint64Slice } - case pref.Uint64Kind: + case protoreflect.Uint64Kind: if ft.Kind() == reflect.Uint64 { return nil, coderUint64Slice } - case pref.Sfixed32Kind: + case protoreflect.Sfixed32Kind: if ft.Kind() == reflect.Int32 { return nil, coderSfixed32Slice } - case pref.Fixed32Kind: + case protoreflect.Fixed32Kind: if ft.Kind() == reflect.Uint32 { return nil, coderFixed32Slice } - case pref.FloatKind: + case protoreflect.FloatKind: if ft.Kind() == reflect.Float32 { return nil, coderFloatSlice } - case pref.Sfixed64Kind: + case protoreflect.Sfixed64Kind: if ft.Kind() == reflect.Int64 { return nil, coderSfixed64Slice } - case pref.Fixed64Kind: + case protoreflect.Fixed64Kind: if ft.Kind() == reflect.Uint64 { return nil, coderFixed64Slice } - case pref.DoubleKind: + case protoreflect.DoubleKind: if ft.Kind() == reflect.Float64 { return nil, coderDoubleSlice } - case pref.StringKind: + case protoreflect.StringKind: if ft.Kind() == reflect.String && strs.EnforceUTF8(fd) { return nil, coderStringSliceValidateUTF8 } @@ -114,19 +114,19 @@ func fieldCoder(fd pref.FieldDescriptor, ft reflect.Type) (*MessageInfo, pointer if ft.Kind() == reflect.Slice && ft.Elem().Kind() == reflect.Uint8 { return nil, coderBytesSlice } - case pref.BytesKind: + case protoreflect.BytesKind: if ft.Kind() == reflect.String { return nil, coderStringSlice } if ft.Kind() == reflect.Slice && ft.Elem().Kind() == reflect.Uint8 { return nil, coderBytesSlice } - case pref.MessageKind: + case protoreflect.MessageKind: return getMessageInfo(ft), makeMessageSliceFieldCoder(fd, ft) - case pref.GroupKind: + case protoreflect.GroupKind: return getMessageInfo(ft), makeGroupSliceFieldCoder(fd, ft) } - case fd.Cardinality() == pref.Repeated && fd.IsPacked(): + case fd.Cardinality() == protoreflect.Repeated && fd.IsPacked(): // Packed repeated fields. // // Only repeated fields of primitive numeric types @@ -136,128 +136,128 @@ func fieldCoder(fd pref.FieldDescriptor, ft reflect.Type) (*MessageInfo, pointer } ft := ft.Elem() switch fd.Kind() { - case pref.BoolKind: + case protoreflect.BoolKind: if ft.Kind() == reflect.Bool { return nil, coderBoolPackedSlice } - case pref.EnumKind: + case protoreflect.EnumKind: if ft.Kind() == reflect.Int32 { return nil, coderEnumPackedSlice } - case pref.Int32Kind: + case protoreflect.Int32Kind: if ft.Kind() == reflect.Int32 { return nil, coderInt32PackedSlice } - case pref.Sint32Kind: + case protoreflect.Sint32Kind: if ft.Kind() == reflect.Int32 { return nil, coderSint32PackedSlice } - case pref.Uint32Kind: + case protoreflect.Uint32Kind: if ft.Kind() == reflect.Uint32 { return nil, coderUint32PackedSlice } - case pref.Int64Kind: + case protoreflect.Int64Kind: if ft.Kind() == reflect.Int64 { return nil, coderInt64PackedSlice } - case pref.Sint64Kind: + case protoreflect.Sint64Kind: if ft.Kind() == reflect.Int64 { return nil, coderSint64PackedSlice } - case pref.Uint64Kind: + case protoreflect.Uint64Kind: if ft.Kind() == reflect.Uint64 { return nil, coderUint64PackedSlice } - case pref.Sfixed32Kind: + case protoreflect.Sfixed32Kind: if ft.Kind() == reflect.Int32 { return nil, coderSfixed32PackedSlice } - case pref.Fixed32Kind: + case protoreflect.Fixed32Kind: if ft.Kind() == reflect.Uint32 { return nil, coderFixed32PackedSlice } - case pref.FloatKind: + case protoreflect.FloatKind: if ft.Kind() == reflect.Float32 { return nil, coderFloatPackedSlice } - case pref.Sfixed64Kind: + case protoreflect.Sfixed64Kind: if ft.Kind() == reflect.Int64 { return nil, coderSfixed64PackedSlice } - case pref.Fixed64Kind: + case protoreflect.Fixed64Kind: if ft.Kind() == reflect.Uint64 { return nil, coderFixed64PackedSlice } - case pref.DoubleKind: + case protoreflect.DoubleKind: if ft.Kind() == reflect.Float64 { return nil, coderDoublePackedSlice } } - case fd.Kind() == pref.MessageKind: + case fd.Kind() == protoreflect.MessageKind: return getMessageInfo(ft), makeMessageFieldCoder(fd, ft) - case fd.Kind() == pref.GroupKind: + case fd.Kind() == protoreflect.GroupKind: return getMessageInfo(ft), makeGroupFieldCoder(fd, ft) - case fd.Syntax() == pref.Proto3 && fd.ContainingOneof() == nil: + case fd.Syntax() == protoreflect.Proto3 && fd.ContainingOneof() == nil: // Populated oneof fields always encode even if set to the zero value, // which normally are not encoded in proto3. switch fd.Kind() { - case pref.BoolKind: + case protoreflect.BoolKind: if ft.Kind() == reflect.Bool { return nil, coderBoolNoZero } - case pref.EnumKind: + case protoreflect.EnumKind: if ft.Kind() == reflect.Int32 { return nil, coderEnumNoZero } - case pref.Int32Kind: + case protoreflect.Int32Kind: if ft.Kind() == reflect.Int32 { return nil, coderInt32NoZero } - case pref.Sint32Kind: + case protoreflect.Sint32Kind: if ft.Kind() == reflect.Int32 { return nil, coderSint32NoZero } - case pref.Uint32Kind: + case protoreflect.Uint32Kind: if ft.Kind() == reflect.Uint32 { return nil, coderUint32NoZero } - case pref.Int64Kind: + case protoreflect.Int64Kind: if ft.Kind() == reflect.Int64 { return nil, coderInt64NoZero } - case pref.Sint64Kind: + case protoreflect.Sint64Kind: if ft.Kind() == reflect.Int64 { return nil, coderSint64NoZero } - case pref.Uint64Kind: + case protoreflect.Uint64Kind: if ft.Kind() == reflect.Uint64 { return nil, coderUint64NoZero } - case pref.Sfixed32Kind: + case protoreflect.Sfixed32Kind: if ft.Kind() == reflect.Int32 { return nil, coderSfixed32NoZero } - case pref.Fixed32Kind: + case protoreflect.Fixed32Kind: if ft.Kind() == reflect.Uint32 { return nil, coderFixed32NoZero } - case pref.FloatKind: + case protoreflect.FloatKind: if ft.Kind() == reflect.Float32 { return nil, coderFloatNoZero } - case pref.Sfixed64Kind: + case protoreflect.Sfixed64Kind: if ft.Kind() == reflect.Int64 { return nil, coderSfixed64NoZero } - case pref.Fixed64Kind: + case protoreflect.Fixed64Kind: if ft.Kind() == reflect.Uint64 { return nil, coderFixed64NoZero } - case pref.DoubleKind: + case protoreflect.DoubleKind: if ft.Kind() == reflect.Float64 { return nil, coderDoubleNoZero } - case pref.StringKind: + case protoreflect.StringKind: if ft.Kind() == reflect.String && strs.EnforceUTF8(fd) { return nil, coderStringNoZeroValidateUTF8 } @@ -270,7 +270,7 @@ func fieldCoder(fd pref.FieldDescriptor, ft reflect.Type) (*MessageInfo, pointer if ft.Kind() == reflect.Slice && ft.Elem().Kind() == reflect.Uint8 { return nil, coderBytesNoZero } - case pref.BytesKind: + case protoreflect.BytesKind: if ft.Kind() == reflect.String { return nil, coderStringNoZero } @@ -281,133 +281,133 @@ func fieldCoder(fd pref.FieldDescriptor, ft reflect.Type) (*MessageInfo, pointer case ft.Kind() == reflect.Ptr: ft := ft.Elem() switch fd.Kind() { - case pref.BoolKind: + case protoreflect.BoolKind: if ft.Kind() == reflect.Bool { return nil, coderBoolPtr } - case pref.EnumKind: + case protoreflect.EnumKind: if ft.Kind() == reflect.Int32 { return nil, coderEnumPtr } - case pref.Int32Kind: + case protoreflect.Int32Kind: if ft.Kind() == reflect.Int32 { return nil, coderInt32Ptr } - case pref.Sint32Kind: + case protoreflect.Sint32Kind: if ft.Kind() == reflect.Int32 { return nil, coderSint32Ptr } - case pref.Uint32Kind: + case protoreflect.Uint32Kind: if ft.Kind() == reflect.Uint32 { return nil, coderUint32Ptr } - case pref.Int64Kind: + case protoreflect.Int64Kind: if ft.Kind() == reflect.Int64 { return nil, coderInt64Ptr } - case pref.Sint64Kind: + case protoreflect.Sint64Kind: if ft.Kind() == reflect.Int64 { return nil, coderSint64Ptr } - case pref.Uint64Kind: + case protoreflect.Uint64Kind: if ft.Kind() == reflect.Uint64 { return nil, coderUint64Ptr } - case pref.Sfixed32Kind: + case protoreflect.Sfixed32Kind: if ft.Kind() == reflect.Int32 { return nil, coderSfixed32Ptr } - case pref.Fixed32Kind: + case protoreflect.Fixed32Kind: if ft.Kind() == reflect.Uint32 { return nil, coderFixed32Ptr } - case pref.FloatKind: + case protoreflect.FloatKind: if ft.Kind() == reflect.Float32 { return nil, coderFloatPtr } - case pref.Sfixed64Kind: + case protoreflect.Sfixed64Kind: if ft.Kind() == reflect.Int64 { return nil, coderSfixed64Ptr } - case pref.Fixed64Kind: + case protoreflect.Fixed64Kind: if ft.Kind() == reflect.Uint64 { return nil, coderFixed64Ptr } - case pref.DoubleKind: + case protoreflect.DoubleKind: if ft.Kind() == reflect.Float64 { return nil, coderDoublePtr } - case pref.StringKind: + case protoreflect.StringKind: if ft.Kind() == reflect.String && strs.EnforceUTF8(fd) { return nil, coderStringPtrValidateUTF8 } if ft.Kind() == reflect.String { return nil, coderStringPtr } - case pref.BytesKind: + case protoreflect.BytesKind: if ft.Kind() == reflect.String { return nil, coderStringPtr } } default: switch fd.Kind() { - case pref.BoolKind: + case protoreflect.BoolKind: if ft.Kind() == reflect.Bool { return nil, coderBool } - case pref.EnumKind: + case protoreflect.EnumKind: if ft.Kind() == reflect.Int32 { return nil, coderEnum } - case pref.Int32Kind: + case protoreflect.Int32Kind: if ft.Kind() == reflect.Int32 { return nil, coderInt32 } - case pref.Sint32Kind: + case protoreflect.Sint32Kind: if ft.Kind() == reflect.Int32 { return nil, coderSint32 } - case pref.Uint32Kind: + case protoreflect.Uint32Kind: if ft.Kind() == reflect.Uint32 { return nil, coderUint32 } - case pref.Int64Kind: + case protoreflect.Int64Kind: if ft.Kind() == reflect.Int64 { return nil, coderInt64 } - case pref.Sint64Kind: + case protoreflect.Sint64Kind: if ft.Kind() == reflect.Int64 { return nil, coderSint64 } - case pref.Uint64Kind: + case protoreflect.Uint64Kind: if ft.Kind() == reflect.Uint64 { return nil, coderUint64 } - case pref.Sfixed32Kind: + case protoreflect.Sfixed32Kind: if ft.Kind() == reflect.Int32 { return nil, coderSfixed32 } - case pref.Fixed32Kind: + case protoreflect.Fixed32Kind: if ft.Kind() == reflect.Uint32 { return nil, coderFixed32 } - case pref.FloatKind: + case protoreflect.FloatKind: if ft.Kind() == reflect.Float32 { return nil, coderFloat } - case pref.Sfixed64Kind: + case protoreflect.Sfixed64Kind: if ft.Kind() == reflect.Int64 { return nil, coderSfixed64 } - case pref.Fixed64Kind: + case protoreflect.Fixed64Kind: if ft.Kind() == reflect.Uint64 { return nil, coderFixed64 } - case pref.DoubleKind: + case protoreflect.DoubleKind: if ft.Kind() == reflect.Float64 { return nil, coderDouble } - case pref.StringKind: + case protoreflect.StringKind: if ft.Kind() == reflect.String && strs.EnforceUTF8(fd) { return nil, coderStringValidateUTF8 } @@ -420,7 +420,7 @@ func fieldCoder(fd pref.FieldDescriptor, ft reflect.Type) (*MessageInfo, pointer if ft.Kind() == reflect.Slice && ft.Elem().Kind() == reflect.Uint8 { return nil, coderBytes } - case pref.BytesKind: + case protoreflect.BytesKind: if ft.Kind() == reflect.String { return nil, coderString } @@ -434,122 +434,122 @@ func fieldCoder(fd pref.FieldDescriptor, ft reflect.Type) (*MessageInfo, pointer // encoderFuncsForValue returns value functions for a field, used for // extension values and map encoding. -func encoderFuncsForValue(fd pref.FieldDescriptor) valueCoderFuncs { +func encoderFuncsForValue(fd protoreflect.FieldDescriptor) valueCoderFuncs { switch { - case fd.Cardinality() == pref.Repeated && !fd.IsPacked(): + case fd.Cardinality() == protoreflect.Repeated && !fd.IsPacked(): switch fd.Kind() { - case pref.BoolKind: + case protoreflect.BoolKind: return coderBoolSliceValue - case pref.EnumKind: + case protoreflect.EnumKind: return coderEnumSliceValue - case pref.Int32Kind: + case protoreflect.Int32Kind: return coderInt32SliceValue - case pref.Sint32Kind: + case protoreflect.Sint32Kind: return coderSint32SliceValue - case pref.Uint32Kind: + case protoreflect.Uint32Kind: return coderUint32SliceValue - case pref.Int64Kind: + case protoreflect.Int64Kind: return coderInt64SliceValue - case pref.Sint64Kind: + case protoreflect.Sint64Kind: return coderSint64SliceValue - case pref.Uint64Kind: + case protoreflect.Uint64Kind: return coderUint64SliceValue - case pref.Sfixed32Kind: + case protoreflect.Sfixed32Kind: return coderSfixed32SliceValue - case pref.Fixed32Kind: + case protoreflect.Fixed32Kind: return coderFixed32SliceValue - case pref.FloatKind: + case protoreflect.FloatKind: return coderFloatSliceValue - case pref.Sfixed64Kind: + case protoreflect.Sfixed64Kind: return coderSfixed64SliceValue - case pref.Fixed64Kind: + case protoreflect.Fixed64Kind: return coderFixed64SliceValue - case pref.DoubleKind: + case protoreflect.DoubleKind: return coderDoubleSliceValue - case pref.StringKind: + case protoreflect.StringKind: // We don't have a UTF-8 validating coder for repeated string fields. // Value coders are used for extensions and maps. // Extensions are never proto3, and maps never contain lists. return coderStringSliceValue - case pref.BytesKind: + case protoreflect.BytesKind: return coderBytesSliceValue - case pref.MessageKind: + case protoreflect.MessageKind: return coderMessageSliceValue - case pref.GroupKind: + case protoreflect.GroupKind: return coderGroupSliceValue } - case fd.Cardinality() == pref.Repeated && fd.IsPacked(): + case fd.Cardinality() == protoreflect.Repeated && fd.IsPacked(): switch fd.Kind() { - case pref.BoolKind: + case protoreflect.BoolKind: return coderBoolPackedSliceValue - case pref.EnumKind: + case protoreflect.EnumKind: return coderEnumPackedSliceValue - case pref.Int32Kind: + case protoreflect.Int32Kind: return coderInt32PackedSliceValue - case pref.Sint32Kind: + case protoreflect.Sint32Kind: return coderSint32PackedSliceValue - case pref.Uint32Kind: + case protoreflect.Uint32Kind: return coderUint32PackedSliceValue - case pref.Int64Kind: + case protoreflect.Int64Kind: return coderInt64PackedSliceValue - case pref.Sint64Kind: + case protoreflect.Sint64Kind: return coderSint64PackedSliceValue - case pref.Uint64Kind: + case protoreflect.Uint64Kind: return coderUint64PackedSliceValue - case pref.Sfixed32Kind: + case protoreflect.Sfixed32Kind: return coderSfixed32PackedSliceValue - case pref.Fixed32Kind: + case protoreflect.Fixed32Kind: return coderFixed32PackedSliceValue - case pref.FloatKind: + case protoreflect.FloatKind: return coderFloatPackedSliceValue - case pref.Sfixed64Kind: + case protoreflect.Sfixed64Kind: return coderSfixed64PackedSliceValue - case pref.Fixed64Kind: + case protoreflect.Fixed64Kind: return coderFixed64PackedSliceValue - case pref.DoubleKind: + case protoreflect.DoubleKind: return coderDoublePackedSliceValue } default: switch fd.Kind() { default: - case pref.BoolKind: + case protoreflect.BoolKind: return coderBoolValue - case pref.EnumKind: + case protoreflect.EnumKind: return coderEnumValue - case pref.Int32Kind: + case protoreflect.Int32Kind: return coderInt32Value - case pref.Sint32Kind: + case protoreflect.Sint32Kind: return coderSint32Value - case pref.Uint32Kind: + case protoreflect.Uint32Kind: return coderUint32Value - case pref.Int64Kind: + case protoreflect.Int64Kind: return coderInt64Value - case pref.Sint64Kind: + case protoreflect.Sint64Kind: return coderSint64Value - case pref.Uint64Kind: + case protoreflect.Uint64Kind: return coderUint64Value - case pref.Sfixed32Kind: + case protoreflect.Sfixed32Kind: return coderSfixed32Value - case pref.Fixed32Kind: + case protoreflect.Fixed32Kind: return coderFixed32Value - case pref.FloatKind: + case protoreflect.FloatKind: return coderFloatValue - case pref.Sfixed64Kind: + case protoreflect.Sfixed64Kind: return coderSfixed64Value - case pref.Fixed64Kind: + case protoreflect.Fixed64Kind: return coderFixed64Value - case pref.DoubleKind: + case protoreflect.DoubleKind: return coderDoubleValue - case pref.StringKind: + case protoreflect.StringKind: if strs.EnforceUTF8(fd) { return coderStringValueValidateUTF8 } return coderStringValue - case pref.BytesKind: + case protoreflect.BytesKind: return coderBytesValue - case pref.MessageKind: + case protoreflect.MessageKind: return coderMessageValue - case pref.GroupKind: + case protoreflect.GroupKind: return coderGroupValue } } diff --git a/vendor/google.golang.org/protobuf/internal/impl/convert.go b/vendor/google.golang.org/protobuf/internal/impl/convert.go index acd61bb50b2..11a6128ba56 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/convert.go +++ b/vendor/google.golang.org/protobuf/internal/impl/convert.go @@ -8,7 +8,7 @@ import ( "fmt" "reflect" - pref "google.golang.org/protobuf/reflect/protoreflect" + "google.golang.org/protobuf/reflect/protoreflect" ) // unwrapper unwraps the value to the underlying value. @@ -20,13 +20,13 @@ type unwrapper interface { // A Converter coverts to/from Go reflect.Value types and protobuf protoreflect.Value types. type Converter interface { // PBValueOf converts a reflect.Value to a protoreflect.Value. - PBValueOf(reflect.Value) pref.Value + PBValueOf(reflect.Value) protoreflect.Value // GoValueOf converts a protoreflect.Value to a reflect.Value. - GoValueOf(pref.Value) reflect.Value + GoValueOf(protoreflect.Value) reflect.Value // IsValidPB returns whether a protoreflect.Value is compatible with this type. - IsValidPB(pref.Value) bool + IsValidPB(protoreflect.Value) bool // IsValidGo returns whether a reflect.Value is compatible with this type. IsValidGo(reflect.Value) bool @@ -34,12 +34,12 @@ type Converter interface { // New returns a new field value. // For scalars, it returns the default value of the field. // For composite types, it returns a new mutable value. - New() pref.Value + New() protoreflect.Value // Zero returns a new field value. // For scalars, it returns the default value of the field. // For composite types, it returns an immutable, empty value. - Zero() pref.Value + Zero() protoreflect.Value } // NewConverter matches a Go type with a protobuf field and returns a Converter @@ -50,7 +50,7 @@ type Converter interface { // This matcher deliberately supports a wider range of Go types than what // protoc-gen-go historically generated to be able to automatically wrap some // v1 messages generated by other forks of protoc-gen-go. -func NewConverter(t reflect.Type, fd pref.FieldDescriptor) Converter { +func NewConverter(t reflect.Type, fd protoreflect.FieldDescriptor) Converter { switch { case fd.IsList(): return newListConverter(t, fd) @@ -76,68 +76,68 @@ var ( ) var ( - boolZero = pref.ValueOfBool(false) - int32Zero = pref.ValueOfInt32(0) - int64Zero = pref.ValueOfInt64(0) - uint32Zero = pref.ValueOfUint32(0) - uint64Zero = pref.ValueOfUint64(0) - float32Zero = pref.ValueOfFloat32(0) - float64Zero = pref.ValueOfFloat64(0) - stringZero = pref.ValueOfString("") - bytesZero = pref.ValueOfBytes(nil) + boolZero = protoreflect.ValueOfBool(false) + int32Zero = protoreflect.ValueOfInt32(0) + int64Zero = protoreflect.ValueOfInt64(0) + uint32Zero = protoreflect.ValueOfUint32(0) + uint64Zero = protoreflect.ValueOfUint64(0) + float32Zero = protoreflect.ValueOfFloat32(0) + float64Zero = protoreflect.ValueOfFloat64(0) + stringZero = protoreflect.ValueOfString("") + bytesZero = protoreflect.ValueOfBytes(nil) ) -func newSingularConverter(t reflect.Type, fd pref.FieldDescriptor) Converter { - defVal := func(fd pref.FieldDescriptor, zero pref.Value) pref.Value { - if fd.Cardinality() == pref.Repeated { +func newSingularConverter(t reflect.Type, fd protoreflect.FieldDescriptor) Converter { + defVal := func(fd protoreflect.FieldDescriptor, zero protoreflect.Value) protoreflect.Value { + if fd.Cardinality() == protoreflect.Repeated { // Default isn't defined for repeated fields. return zero } return fd.Default() } switch fd.Kind() { - case pref.BoolKind: + case protoreflect.BoolKind: if t.Kind() == reflect.Bool { return &boolConverter{t, defVal(fd, boolZero)} } - case pref.Int32Kind, pref.Sint32Kind, pref.Sfixed32Kind: + case protoreflect.Int32Kind, protoreflect.Sint32Kind, protoreflect.Sfixed32Kind: if t.Kind() == reflect.Int32 { return &int32Converter{t, defVal(fd, int32Zero)} } - case pref.Int64Kind, pref.Sint64Kind, pref.Sfixed64Kind: + case protoreflect.Int64Kind, protoreflect.Sint64Kind, protoreflect.Sfixed64Kind: if t.Kind() == reflect.Int64 { return &int64Converter{t, defVal(fd, int64Zero)} } - case pref.Uint32Kind, pref.Fixed32Kind: + case protoreflect.Uint32Kind, protoreflect.Fixed32Kind: if t.Kind() == reflect.Uint32 { return &uint32Converter{t, defVal(fd, uint32Zero)} } - case pref.Uint64Kind, pref.Fixed64Kind: + case protoreflect.Uint64Kind, protoreflect.Fixed64Kind: if t.Kind() == reflect.Uint64 { return &uint64Converter{t, defVal(fd, uint64Zero)} } - case pref.FloatKind: + case protoreflect.FloatKind: if t.Kind() == reflect.Float32 { return &float32Converter{t, defVal(fd, float32Zero)} } - case pref.DoubleKind: + case protoreflect.DoubleKind: if t.Kind() == reflect.Float64 { return &float64Converter{t, defVal(fd, float64Zero)} } - case pref.StringKind: + case protoreflect.StringKind: if t.Kind() == reflect.String || (t.Kind() == reflect.Slice && t.Elem() == byteType) { return &stringConverter{t, defVal(fd, stringZero)} } - case pref.BytesKind: + case protoreflect.BytesKind: if t.Kind() == reflect.String || (t.Kind() == reflect.Slice && t.Elem() == byteType) { return &bytesConverter{t, defVal(fd, bytesZero)} } - case pref.EnumKind: + case protoreflect.EnumKind: // Handle enums, which must be a named int32 type. if t.Kind() == reflect.Int32 { return newEnumConverter(t, fd) } - case pref.MessageKind, pref.GroupKind: + case protoreflect.MessageKind, protoreflect.GroupKind: return newMessageConverter(t) } panic(fmt.Sprintf("invalid Go type %v for field %v", t, fd.FullName())) @@ -145,184 +145,184 @@ func newSingularConverter(t reflect.Type, fd pref.FieldDescriptor) Converter { type boolConverter struct { goType reflect.Type - def pref.Value + def protoreflect.Value } -func (c *boolConverter) PBValueOf(v reflect.Value) pref.Value { +func (c *boolConverter) PBValueOf(v reflect.Value) protoreflect.Value { if v.Type() != c.goType { panic(fmt.Sprintf("invalid type: got %v, want %v", v.Type(), c.goType)) } - return pref.ValueOfBool(v.Bool()) + return protoreflect.ValueOfBool(v.Bool()) } -func (c *boolConverter) GoValueOf(v pref.Value) reflect.Value { +func (c *boolConverter) GoValueOf(v protoreflect.Value) reflect.Value { return reflect.ValueOf(v.Bool()).Convert(c.goType) } -func (c *boolConverter) IsValidPB(v pref.Value) bool { +func (c *boolConverter) IsValidPB(v protoreflect.Value) bool { _, ok := v.Interface().(bool) return ok } func (c *boolConverter) IsValidGo(v reflect.Value) bool { return v.IsValid() && v.Type() == c.goType } -func (c *boolConverter) New() pref.Value { return c.def } -func (c *boolConverter) Zero() pref.Value { return c.def } +func (c *boolConverter) New() protoreflect.Value { return c.def } +func (c *boolConverter) Zero() protoreflect.Value { return c.def } type int32Converter struct { goType reflect.Type - def pref.Value + def protoreflect.Value } -func (c *int32Converter) PBValueOf(v reflect.Value) pref.Value { +func (c *int32Converter) PBValueOf(v reflect.Value) protoreflect.Value { if v.Type() != c.goType { panic(fmt.Sprintf("invalid type: got %v, want %v", v.Type(), c.goType)) } - return pref.ValueOfInt32(int32(v.Int())) + return protoreflect.ValueOfInt32(int32(v.Int())) } -func (c *int32Converter) GoValueOf(v pref.Value) reflect.Value { +func (c *int32Converter) GoValueOf(v protoreflect.Value) reflect.Value { return reflect.ValueOf(int32(v.Int())).Convert(c.goType) } -func (c *int32Converter) IsValidPB(v pref.Value) bool { +func (c *int32Converter) IsValidPB(v protoreflect.Value) bool { _, ok := v.Interface().(int32) return ok } func (c *int32Converter) IsValidGo(v reflect.Value) bool { return v.IsValid() && v.Type() == c.goType } -func (c *int32Converter) New() pref.Value { return c.def } -func (c *int32Converter) Zero() pref.Value { return c.def } +func (c *int32Converter) New() protoreflect.Value { return c.def } +func (c *int32Converter) Zero() protoreflect.Value { return c.def } type int64Converter struct { goType reflect.Type - def pref.Value + def protoreflect.Value } -func (c *int64Converter) PBValueOf(v reflect.Value) pref.Value { +func (c *int64Converter) PBValueOf(v reflect.Value) protoreflect.Value { if v.Type() != c.goType { panic(fmt.Sprintf("invalid type: got %v, want %v", v.Type(), c.goType)) } - return pref.ValueOfInt64(int64(v.Int())) + return protoreflect.ValueOfInt64(int64(v.Int())) } -func (c *int64Converter) GoValueOf(v pref.Value) reflect.Value { +func (c *int64Converter) GoValueOf(v protoreflect.Value) reflect.Value { return reflect.ValueOf(int64(v.Int())).Convert(c.goType) } -func (c *int64Converter) IsValidPB(v pref.Value) bool { +func (c *int64Converter) IsValidPB(v protoreflect.Value) bool { _, ok := v.Interface().(int64) return ok } func (c *int64Converter) IsValidGo(v reflect.Value) bool { return v.IsValid() && v.Type() == c.goType } -func (c *int64Converter) New() pref.Value { return c.def } -func (c *int64Converter) Zero() pref.Value { return c.def } +func (c *int64Converter) New() protoreflect.Value { return c.def } +func (c *int64Converter) Zero() protoreflect.Value { return c.def } type uint32Converter struct { goType reflect.Type - def pref.Value + def protoreflect.Value } -func (c *uint32Converter) PBValueOf(v reflect.Value) pref.Value { +func (c *uint32Converter) PBValueOf(v reflect.Value) protoreflect.Value { if v.Type() != c.goType { panic(fmt.Sprintf("invalid type: got %v, want %v", v.Type(), c.goType)) } - return pref.ValueOfUint32(uint32(v.Uint())) + return protoreflect.ValueOfUint32(uint32(v.Uint())) } -func (c *uint32Converter) GoValueOf(v pref.Value) reflect.Value { +func (c *uint32Converter) GoValueOf(v protoreflect.Value) reflect.Value { return reflect.ValueOf(uint32(v.Uint())).Convert(c.goType) } -func (c *uint32Converter) IsValidPB(v pref.Value) bool { +func (c *uint32Converter) IsValidPB(v protoreflect.Value) bool { _, ok := v.Interface().(uint32) return ok } func (c *uint32Converter) IsValidGo(v reflect.Value) bool { return v.IsValid() && v.Type() == c.goType } -func (c *uint32Converter) New() pref.Value { return c.def } -func (c *uint32Converter) Zero() pref.Value { return c.def } +func (c *uint32Converter) New() protoreflect.Value { return c.def } +func (c *uint32Converter) Zero() protoreflect.Value { return c.def } type uint64Converter struct { goType reflect.Type - def pref.Value + def protoreflect.Value } -func (c *uint64Converter) PBValueOf(v reflect.Value) pref.Value { +func (c *uint64Converter) PBValueOf(v reflect.Value) protoreflect.Value { if v.Type() != c.goType { panic(fmt.Sprintf("invalid type: got %v, want %v", v.Type(), c.goType)) } - return pref.ValueOfUint64(uint64(v.Uint())) + return protoreflect.ValueOfUint64(uint64(v.Uint())) } -func (c *uint64Converter) GoValueOf(v pref.Value) reflect.Value { +func (c *uint64Converter) GoValueOf(v protoreflect.Value) reflect.Value { return reflect.ValueOf(uint64(v.Uint())).Convert(c.goType) } -func (c *uint64Converter) IsValidPB(v pref.Value) bool { +func (c *uint64Converter) IsValidPB(v protoreflect.Value) bool { _, ok := v.Interface().(uint64) return ok } func (c *uint64Converter) IsValidGo(v reflect.Value) bool { return v.IsValid() && v.Type() == c.goType } -func (c *uint64Converter) New() pref.Value { return c.def } -func (c *uint64Converter) Zero() pref.Value { return c.def } +func (c *uint64Converter) New() protoreflect.Value { return c.def } +func (c *uint64Converter) Zero() protoreflect.Value { return c.def } type float32Converter struct { goType reflect.Type - def pref.Value + def protoreflect.Value } -func (c *float32Converter) PBValueOf(v reflect.Value) pref.Value { +func (c *float32Converter) PBValueOf(v reflect.Value) protoreflect.Value { if v.Type() != c.goType { panic(fmt.Sprintf("invalid type: got %v, want %v", v.Type(), c.goType)) } - return pref.ValueOfFloat32(float32(v.Float())) + return protoreflect.ValueOfFloat32(float32(v.Float())) } -func (c *float32Converter) GoValueOf(v pref.Value) reflect.Value { +func (c *float32Converter) GoValueOf(v protoreflect.Value) reflect.Value { return reflect.ValueOf(float32(v.Float())).Convert(c.goType) } -func (c *float32Converter) IsValidPB(v pref.Value) bool { +func (c *float32Converter) IsValidPB(v protoreflect.Value) bool { _, ok := v.Interface().(float32) return ok } func (c *float32Converter) IsValidGo(v reflect.Value) bool { return v.IsValid() && v.Type() == c.goType } -func (c *float32Converter) New() pref.Value { return c.def } -func (c *float32Converter) Zero() pref.Value { return c.def } +func (c *float32Converter) New() protoreflect.Value { return c.def } +func (c *float32Converter) Zero() protoreflect.Value { return c.def } type float64Converter struct { goType reflect.Type - def pref.Value + def protoreflect.Value } -func (c *float64Converter) PBValueOf(v reflect.Value) pref.Value { +func (c *float64Converter) PBValueOf(v reflect.Value) protoreflect.Value { if v.Type() != c.goType { panic(fmt.Sprintf("invalid type: got %v, want %v", v.Type(), c.goType)) } - return pref.ValueOfFloat64(float64(v.Float())) + return protoreflect.ValueOfFloat64(float64(v.Float())) } -func (c *float64Converter) GoValueOf(v pref.Value) reflect.Value { +func (c *float64Converter) GoValueOf(v protoreflect.Value) reflect.Value { return reflect.ValueOf(float64(v.Float())).Convert(c.goType) } -func (c *float64Converter) IsValidPB(v pref.Value) bool { +func (c *float64Converter) IsValidPB(v protoreflect.Value) bool { _, ok := v.Interface().(float64) return ok } func (c *float64Converter) IsValidGo(v reflect.Value) bool { return v.IsValid() && v.Type() == c.goType } -func (c *float64Converter) New() pref.Value { return c.def } -func (c *float64Converter) Zero() pref.Value { return c.def } +func (c *float64Converter) New() protoreflect.Value { return c.def } +func (c *float64Converter) Zero() protoreflect.Value { return c.def } type stringConverter struct { goType reflect.Type - def pref.Value + def protoreflect.Value } -func (c *stringConverter) PBValueOf(v reflect.Value) pref.Value { +func (c *stringConverter) PBValueOf(v reflect.Value) protoreflect.Value { if v.Type() != c.goType { panic(fmt.Sprintf("invalid type: got %v, want %v", v.Type(), c.goType)) } - return pref.ValueOfString(v.Convert(stringType).String()) + return protoreflect.ValueOfString(v.Convert(stringType).String()) } -func (c *stringConverter) GoValueOf(v pref.Value) reflect.Value { +func (c *stringConverter) GoValueOf(v protoreflect.Value) reflect.Value { // pref.Value.String never panics, so we go through an interface // conversion here to check the type. s := v.Interface().(string) @@ -331,71 +331,71 @@ func (c *stringConverter) GoValueOf(v pref.Value) reflect.Value { } return reflect.ValueOf(s).Convert(c.goType) } -func (c *stringConverter) IsValidPB(v pref.Value) bool { +func (c *stringConverter) IsValidPB(v protoreflect.Value) bool { _, ok := v.Interface().(string) return ok } func (c *stringConverter) IsValidGo(v reflect.Value) bool { return v.IsValid() && v.Type() == c.goType } -func (c *stringConverter) New() pref.Value { return c.def } -func (c *stringConverter) Zero() pref.Value { return c.def } +func (c *stringConverter) New() protoreflect.Value { return c.def } +func (c *stringConverter) Zero() protoreflect.Value { return c.def } type bytesConverter struct { goType reflect.Type - def pref.Value + def protoreflect.Value } -func (c *bytesConverter) PBValueOf(v reflect.Value) pref.Value { +func (c *bytesConverter) PBValueOf(v reflect.Value) protoreflect.Value { if v.Type() != c.goType { panic(fmt.Sprintf("invalid type: got %v, want %v", v.Type(), c.goType)) } if c.goType.Kind() == reflect.String && v.Len() == 0 { - return pref.ValueOfBytes(nil) // ensure empty string is []byte(nil) + return protoreflect.ValueOfBytes(nil) // ensure empty string is []byte(nil) } - return pref.ValueOfBytes(v.Convert(bytesType).Bytes()) + return protoreflect.ValueOfBytes(v.Convert(bytesType).Bytes()) } -func (c *bytesConverter) GoValueOf(v pref.Value) reflect.Value { +func (c *bytesConverter) GoValueOf(v protoreflect.Value) reflect.Value { return reflect.ValueOf(v.Bytes()).Convert(c.goType) } -func (c *bytesConverter) IsValidPB(v pref.Value) bool { +func (c *bytesConverter) IsValidPB(v protoreflect.Value) bool { _, ok := v.Interface().([]byte) return ok } func (c *bytesConverter) IsValidGo(v reflect.Value) bool { return v.IsValid() && v.Type() == c.goType } -func (c *bytesConverter) New() pref.Value { return c.def } -func (c *bytesConverter) Zero() pref.Value { return c.def } +func (c *bytesConverter) New() protoreflect.Value { return c.def } +func (c *bytesConverter) Zero() protoreflect.Value { return c.def } type enumConverter struct { goType reflect.Type - def pref.Value + def protoreflect.Value } -func newEnumConverter(goType reflect.Type, fd pref.FieldDescriptor) Converter { - var def pref.Value - if fd.Cardinality() == pref.Repeated { - def = pref.ValueOfEnum(fd.Enum().Values().Get(0).Number()) +func newEnumConverter(goType reflect.Type, fd protoreflect.FieldDescriptor) Converter { + var def protoreflect.Value + if fd.Cardinality() == protoreflect.Repeated { + def = protoreflect.ValueOfEnum(fd.Enum().Values().Get(0).Number()) } else { def = fd.Default() } return &enumConverter{goType, def} } -func (c *enumConverter) PBValueOf(v reflect.Value) pref.Value { +func (c *enumConverter) PBValueOf(v reflect.Value) protoreflect.Value { if v.Type() != c.goType { panic(fmt.Sprintf("invalid type: got %v, want %v", v.Type(), c.goType)) } - return pref.ValueOfEnum(pref.EnumNumber(v.Int())) + return protoreflect.ValueOfEnum(protoreflect.EnumNumber(v.Int())) } -func (c *enumConverter) GoValueOf(v pref.Value) reflect.Value { +func (c *enumConverter) GoValueOf(v protoreflect.Value) reflect.Value { return reflect.ValueOf(v.Enum()).Convert(c.goType) } -func (c *enumConverter) IsValidPB(v pref.Value) bool { - _, ok := v.Interface().(pref.EnumNumber) +func (c *enumConverter) IsValidPB(v protoreflect.Value) bool { + _, ok := v.Interface().(protoreflect.EnumNumber) return ok } @@ -403,11 +403,11 @@ func (c *enumConverter) IsValidGo(v reflect.Value) bool { return v.IsValid() && v.Type() == c.goType } -func (c *enumConverter) New() pref.Value { +func (c *enumConverter) New() protoreflect.Value { return c.def } -func (c *enumConverter) Zero() pref.Value { +func (c *enumConverter) Zero() protoreflect.Value { return c.def } @@ -419,7 +419,7 @@ func newMessageConverter(goType reflect.Type) Converter { return &messageConverter{goType} } -func (c *messageConverter) PBValueOf(v reflect.Value) pref.Value { +func (c *messageConverter) PBValueOf(v reflect.Value) protoreflect.Value { if v.Type() != c.goType { panic(fmt.Sprintf("invalid type: got %v, want %v", v.Type(), c.goType)) } @@ -430,13 +430,13 @@ func (c *messageConverter) PBValueOf(v reflect.Value) pref.Value { v = reflect.Zero(reflect.PtrTo(v.Type())) } } - if m, ok := v.Interface().(pref.ProtoMessage); ok { - return pref.ValueOfMessage(m.ProtoReflect()) + if m, ok := v.Interface().(protoreflect.ProtoMessage); ok { + return protoreflect.ValueOfMessage(m.ProtoReflect()) } - return pref.ValueOfMessage(legacyWrapMessage(v)) + return protoreflect.ValueOfMessage(legacyWrapMessage(v)) } -func (c *messageConverter) GoValueOf(v pref.Value) reflect.Value { +func (c *messageConverter) GoValueOf(v protoreflect.Value) reflect.Value { m := v.Message() var rv reflect.Value if u, ok := m.(unwrapper); ok { @@ -460,7 +460,7 @@ func (c *messageConverter) GoValueOf(v pref.Value) reflect.Value { return rv } -func (c *messageConverter) IsValidPB(v pref.Value) bool { +func (c *messageConverter) IsValidPB(v protoreflect.Value) bool { m := v.Message() var rv reflect.Value if u, ok := m.(unwrapper); ok { @@ -478,14 +478,14 @@ func (c *messageConverter) IsValidGo(v reflect.Value) bool { return v.IsValid() && v.Type() == c.goType } -func (c *messageConverter) New() pref.Value { +func (c *messageConverter) New() protoreflect.Value { if c.isNonPointer() { return c.PBValueOf(reflect.New(c.goType).Elem()) } return c.PBValueOf(reflect.New(c.goType.Elem())) } -func (c *messageConverter) Zero() pref.Value { +func (c *messageConverter) Zero() protoreflect.Value { return c.PBValueOf(reflect.Zero(c.goType)) } diff --git a/vendor/google.golang.org/protobuf/internal/impl/convert_list.go b/vendor/google.golang.org/protobuf/internal/impl/convert_list.go index 6fccab520e5..f89136516f9 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/convert_list.go +++ b/vendor/google.golang.org/protobuf/internal/impl/convert_list.go @@ -8,10 +8,10 @@ import ( "fmt" "reflect" - pref "google.golang.org/protobuf/reflect/protoreflect" + "google.golang.org/protobuf/reflect/protoreflect" ) -func newListConverter(t reflect.Type, fd pref.FieldDescriptor) Converter { +func newListConverter(t reflect.Type, fd protoreflect.FieldDescriptor) Converter { switch { case t.Kind() == reflect.Ptr && t.Elem().Kind() == reflect.Slice: return &listPtrConverter{t, newSingularConverter(t.Elem().Elem(), fd)} @@ -26,16 +26,16 @@ type listConverter struct { c Converter } -func (c *listConverter) PBValueOf(v reflect.Value) pref.Value { +func (c *listConverter) PBValueOf(v reflect.Value) protoreflect.Value { if v.Type() != c.goType { panic(fmt.Sprintf("invalid type: got %v, want %v", v.Type(), c.goType)) } pv := reflect.New(c.goType) pv.Elem().Set(v) - return pref.ValueOfList(&listReflect{pv, c.c}) + return protoreflect.ValueOfList(&listReflect{pv, c.c}) } -func (c *listConverter) GoValueOf(v pref.Value) reflect.Value { +func (c *listConverter) GoValueOf(v protoreflect.Value) reflect.Value { rv := v.List().(*listReflect).v if rv.IsNil() { return reflect.Zero(c.goType) @@ -43,7 +43,7 @@ func (c *listConverter) GoValueOf(v pref.Value) reflect.Value { return rv.Elem() } -func (c *listConverter) IsValidPB(v pref.Value) bool { +func (c *listConverter) IsValidPB(v protoreflect.Value) bool { list, ok := v.Interface().(*listReflect) if !ok { return false @@ -55,12 +55,12 @@ func (c *listConverter) IsValidGo(v reflect.Value) bool { return v.IsValid() && v.Type() == c.goType } -func (c *listConverter) New() pref.Value { - return pref.ValueOfList(&listReflect{reflect.New(c.goType), c.c}) +func (c *listConverter) New() protoreflect.Value { + return protoreflect.ValueOfList(&listReflect{reflect.New(c.goType), c.c}) } -func (c *listConverter) Zero() pref.Value { - return pref.ValueOfList(&listReflect{reflect.Zero(reflect.PtrTo(c.goType)), c.c}) +func (c *listConverter) Zero() protoreflect.Value { + return protoreflect.ValueOfList(&listReflect{reflect.Zero(reflect.PtrTo(c.goType)), c.c}) } type listPtrConverter struct { @@ -68,18 +68,18 @@ type listPtrConverter struct { c Converter } -func (c *listPtrConverter) PBValueOf(v reflect.Value) pref.Value { +func (c *listPtrConverter) PBValueOf(v reflect.Value) protoreflect.Value { if v.Type() != c.goType { panic(fmt.Sprintf("invalid type: got %v, want %v", v.Type(), c.goType)) } - return pref.ValueOfList(&listReflect{v, c.c}) + return protoreflect.ValueOfList(&listReflect{v, c.c}) } -func (c *listPtrConverter) GoValueOf(v pref.Value) reflect.Value { +func (c *listPtrConverter) GoValueOf(v protoreflect.Value) reflect.Value { return v.List().(*listReflect).v } -func (c *listPtrConverter) IsValidPB(v pref.Value) bool { +func (c *listPtrConverter) IsValidPB(v protoreflect.Value) bool { list, ok := v.Interface().(*listReflect) if !ok { return false @@ -91,11 +91,11 @@ func (c *listPtrConverter) IsValidGo(v reflect.Value) bool { return v.IsValid() && v.Type() == c.goType } -func (c *listPtrConverter) New() pref.Value { +func (c *listPtrConverter) New() protoreflect.Value { return c.PBValueOf(reflect.New(c.goType.Elem())) } -func (c *listPtrConverter) Zero() pref.Value { +func (c *listPtrConverter) Zero() protoreflect.Value { return c.PBValueOf(reflect.Zero(c.goType)) } @@ -110,16 +110,16 @@ func (ls *listReflect) Len() int { } return ls.v.Elem().Len() } -func (ls *listReflect) Get(i int) pref.Value { +func (ls *listReflect) Get(i int) protoreflect.Value { return ls.conv.PBValueOf(ls.v.Elem().Index(i)) } -func (ls *listReflect) Set(i int, v pref.Value) { +func (ls *listReflect) Set(i int, v protoreflect.Value) { ls.v.Elem().Index(i).Set(ls.conv.GoValueOf(v)) } -func (ls *listReflect) Append(v pref.Value) { +func (ls *listReflect) Append(v protoreflect.Value) { ls.v.Elem().Set(reflect.Append(ls.v.Elem(), ls.conv.GoValueOf(v))) } -func (ls *listReflect) AppendMutable() pref.Value { +func (ls *listReflect) AppendMutable() protoreflect.Value { if _, ok := ls.conv.(*messageConverter); !ok { panic("invalid AppendMutable on list with non-message type") } @@ -130,7 +130,7 @@ func (ls *listReflect) AppendMutable() pref.Value { func (ls *listReflect) Truncate(i int) { ls.v.Elem().Set(ls.v.Elem().Slice(0, i)) } -func (ls *listReflect) NewElement() pref.Value { +func (ls *listReflect) NewElement() protoreflect.Value { return ls.conv.New() } func (ls *listReflect) IsValid() bool { diff --git a/vendor/google.golang.org/protobuf/internal/impl/convert_map.go b/vendor/google.golang.org/protobuf/internal/impl/convert_map.go index de06b2593f8..f30b0a0576d 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/convert_map.go +++ b/vendor/google.golang.org/protobuf/internal/impl/convert_map.go @@ -8,7 +8,7 @@ import ( "fmt" "reflect" - pref "google.golang.org/protobuf/reflect/protoreflect" + "google.golang.org/protobuf/reflect/protoreflect" ) type mapConverter struct { @@ -16,7 +16,7 @@ type mapConverter struct { keyConv, valConv Converter } -func newMapConverter(t reflect.Type, fd pref.FieldDescriptor) *mapConverter { +func newMapConverter(t reflect.Type, fd protoreflect.FieldDescriptor) *mapConverter { if t.Kind() != reflect.Map { panic(fmt.Sprintf("invalid Go type %v for field %v", t, fd.FullName())) } @@ -27,18 +27,18 @@ func newMapConverter(t reflect.Type, fd pref.FieldDescriptor) *mapConverter { } } -func (c *mapConverter) PBValueOf(v reflect.Value) pref.Value { +func (c *mapConverter) PBValueOf(v reflect.Value) protoreflect.Value { if v.Type() != c.goType { panic(fmt.Sprintf("invalid type: got %v, want %v", v.Type(), c.goType)) } - return pref.ValueOfMap(&mapReflect{v, c.keyConv, c.valConv}) + return protoreflect.ValueOfMap(&mapReflect{v, c.keyConv, c.valConv}) } -func (c *mapConverter) GoValueOf(v pref.Value) reflect.Value { +func (c *mapConverter) GoValueOf(v protoreflect.Value) reflect.Value { return v.Map().(*mapReflect).v } -func (c *mapConverter) IsValidPB(v pref.Value) bool { +func (c *mapConverter) IsValidPB(v protoreflect.Value) bool { mapv, ok := v.Interface().(*mapReflect) if !ok { return false @@ -50,11 +50,11 @@ func (c *mapConverter) IsValidGo(v reflect.Value) bool { return v.IsValid() && v.Type() == c.goType } -func (c *mapConverter) New() pref.Value { +func (c *mapConverter) New() protoreflect.Value { return c.PBValueOf(reflect.MakeMap(c.goType)) } -func (c *mapConverter) Zero() pref.Value { +func (c *mapConverter) Zero() protoreflect.Value { return c.PBValueOf(reflect.Zero(c.goType)) } @@ -67,29 +67,29 @@ type mapReflect struct { func (ms *mapReflect) Len() int { return ms.v.Len() } -func (ms *mapReflect) Has(k pref.MapKey) bool { +func (ms *mapReflect) Has(k protoreflect.MapKey) bool { rk := ms.keyConv.GoValueOf(k.Value()) rv := ms.v.MapIndex(rk) return rv.IsValid() } -func (ms *mapReflect) Get(k pref.MapKey) pref.Value { +func (ms *mapReflect) Get(k protoreflect.MapKey) protoreflect.Value { rk := ms.keyConv.GoValueOf(k.Value()) rv := ms.v.MapIndex(rk) if !rv.IsValid() { - return pref.Value{} + return protoreflect.Value{} } return ms.valConv.PBValueOf(rv) } -func (ms *mapReflect) Set(k pref.MapKey, v pref.Value) { +func (ms *mapReflect) Set(k protoreflect.MapKey, v protoreflect.Value) { rk := ms.keyConv.GoValueOf(k.Value()) rv := ms.valConv.GoValueOf(v) ms.v.SetMapIndex(rk, rv) } -func (ms *mapReflect) Clear(k pref.MapKey) { +func (ms *mapReflect) Clear(k protoreflect.MapKey) { rk := ms.keyConv.GoValueOf(k.Value()) ms.v.SetMapIndex(rk, reflect.Value{}) } -func (ms *mapReflect) Mutable(k pref.MapKey) pref.Value { +func (ms *mapReflect) Mutable(k protoreflect.MapKey) protoreflect.Value { if _, ok := ms.valConv.(*messageConverter); !ok { panic("invalid Mutable on map with non-message value type") } @@ -100,7 +100,7 @@ func (ms *mapReflect) Mutable(k pref.MapKey) pref.Value { } return v } -func (ms *mapReflect) Range(f func(pref.MapKey, pref.Value) bool) { +func (ms *mapReflect) Range(f func(protoreflect.MapKey, protoreflect.Value) bool) { iter := mapRange(ms.v) for iter.Next() { k := ms.keyConv.PBValueOf(iter.Key()).MapKey() @@ -110,7 +110,7 @@ func (ms *mapReflect) Range(f func(pref.MapKey, pref.Value) bool) { } } } -func (ms *mapReflect) NewValue() pref.Value { +func (ms *mapReflect) NewValue() protoreflect.Value { return ms.valConv.New() } func (ms *mapReflect) IsValid() bool { diff --git a/vendor/google.golang.org/protobuf/internal/impl/decode.go b/vendor/google.golang.org/protobuf/internal/impl/decode.go index c65b0325c17..cda0520c275 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/decode.go +++ b/vendor/google.golang.org/protobuf/internal/impl/decode.go @@ -12,9 +12,8 @@ import ( "google.golang.org/protobuf/internal/flags" "google.golang.org/protobuf/proto" "google.golang.org/protobuf/reflect/protoreflect" - preg "google.golang.org/protobuf/reflect/protoregistry" + "google.golang.org/protobuf/reflect/protoregistry" "google.golang.org/protobuf/runtime/protoiface" - piface "google.golang.org/protobuf/runtime/protoiface" ) var errDecode = errors.New("cannot parse invalid wire-format data") @@ -38,14 +37,16 @@ func (o unmarshalOptions) Options() proto.UnmarshalOptions { } } -func (o unmarshalOptions) DiscardUnknown() bool { return o.flags&piface.UnmarshalDiscardUnknown != 0 } +func (o unmarshalOptions) DiscardUnknown() bool { + return o.flags&protoiface.UnmarshalDiscardUnknown != 0 +} func (o unmarshalOptions) IsDefault() bool { - return o.flags == 0 && o.resolver == preg.GlobalTypes + return o.flags == 0 && o.resolver == protoregistry.GlobalTypes } var lazyUnmarshalOptions = unmarshalOptions{ - resolver: preg.GlobalTypes, + resolver: protoregistry.GlobalTypes, depth: protowire.DefaultRecursionLimit, } @@ -55,7 +56,7 @@ type unmarshalOutput struct { } // unmarshal is protoreflect.Methods.Unmarshal. -func (mi *MessageInfo) unmarshal(in piface.UnmarshalInput) (piface.UnmarshalOutput, error) { +func (mi *MessageInfo) unmarshal(in protoiface.UnmarshalInput) (protoiface.UnmarshalOutput, error) { var p pointer if ms, ok := in.Message.(*messageState); ok { p = ms.pointer() @@ -67,11 +68,11 @@ func (mi *MessageInfo) unmarshal(in piface.UnmarshalInput) (piface.UnmarshalOutp resolver: in.Resolver, depth: in.Depth, }) - var flags piface.UnmarshalOutputFlags + var flags protoiface.UnmarshalOutputFlags if out.initialized { - flags |= piface.UnmarshalInitialized + flags |= protoiface.UnmarshalInitialized } - return piface.UnmarshalOutput{ + return protoiface.UnmarshalOutput{ Flags: flags, }, err } @@ -210,7 +211,7 @@ func (mi *MessageInfo) unmarshalExtension(b []byte, num protowire.Number, wtyp p var err error xt, err = opts.resolver.FindExtensionByNumber(mi.Desc.FullName(), num) if err != nil { - if err == preg.NotFound { + if err == protoregistry.NotFound { return out, errUnknown } return out, errors.New("%v: unable to resolve extension %v: %v", mi.Desc.FullName(), num, err) diff --git a/vendor/google.golang.org/protobuf/internal/impl/enum.go b/vendor/google.golang.org/protobuf/internal/impl/enum.go index 8c1eab4bfd8..5f3ef5ad732 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/enum.go +++ b/vendor/google.golang.org/protobuf/internal/impl/enum.go @@ -7,15 +7,15 @@ package impl import ( "reflect" - pref "google.golang.org/protobuf/reflect/protoreflect" + "google.golang.org/protobuf/reflect/protoreflect" ) type EnumInfo struct { GoReflectType reflect.Type // int32 kind - Desc pref.EnumDescriptor + Desc protoreflect.EnumDescriptor } -func (t *EnumInfo) New(n pref.EnumNumber) pref.Enum { - return reflect.ValueOf(n).Convert(t.GoReflectType).Interface().(pref.Enum) +func (t *EnumInfo) New(n protoreflect.EnumNumber) protoreflect.Enum { + return reflect.ValueOf(n).Convert(t.GoReflectType).Interface().(protoreflect.Enum) } -func (t *EnumInfo) Descriptor() pref.EnumDescriptor { return t.Desc } +func (t *EnumInfo) Descriptor() protoreflect.EnumDescriptor { return t.Desc } diff --git a/vendor/google.golang.org/protobuf/internal/impl/extension.go b/vendor/google.golang.org/protobuf/internal/impl/extension.go index e904fd99365..cb25b0bae1d 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/extension.go +++ b/vendor/google.golang.org/protobuf/internal/impl/extension.go @@ -9,8 +9,8 @@ import ( "sync" "sync/atomic" - pref "google.golang.org/protobuf/reflect/protoreflect" - piface "google.golang.org/protobuf/runtime/protoiface" + "google.golang.org/protobuf/reflect/protoreflect" + "google.golang.org/protobuf/runtime/protoiface" ) // ExtensionInfo implements ExtensionType. @@ -45,7 +45,7 @@ type ExtensionInfo struct { // since the message may no longer implement the MessageV1 interface. // // Deprecated: Use the ExtendedType method instead. - ExtendedType piface.MessageV1 + ExtendedType protoiface.MessageV1 // ExtensionType is the zero value of the extension type. // @@ -83,31 +83,31 @@ const ( extensionInfoFullInit = 2 ) -func InitExtensionInfo(xi *ExtensionInfo, xd pref.ExtensionDescriptor, goType reflect.Type) { +func InitExtensionInfo(xi *ExtensionInfo, xd protoreflect.ExtensionDescriptor, goType reflect.Type) { xi.goType = goType xi.desc = extensionTypeDescriptor{xd, xi} xi.init = extensionInfoDescInit } -func (xi *ExtensionInfo) New() pref.Value { +func (xi *ExtensionInfo) New() protoreflect.Value { return xi.lazyInit().New() } -func (xi *ExtensionInfo) Zero() pref.Value { +func (xi *ExtensionInfo) Zero() protoreflect.Value { return xi.lazyInit().Zero() } -func (xi *ExtensionInfo) ValueOf(v interface{}) pref.Value { +func (xi *ExtensionInfo) ValueOf(v interface{}) protoreflect.Value { return xi.lazyInit().PBValueOf(reflect.ValueOf(v)) } -func (xi *ExtensionInfo) InterfaceOf(v pref.Value) interface{} { +func (xi *ExtensionInfo) InterfaceOf(v protoreflect.Value) interface{} { return xi.lazyInit().GoValueOf(v).Interface() } -func (xi *ExtensionInfo) IsValidValue(v pref.Value) bool { +func (xi *ExtensionInfo) IsValidValue(v protoreflect.Value) bool { return xi.lazyInit().IsValidPB(v) } func (xi *ExtensionInfo) IsValidInterface(v interface{}) bool { return xi.lazyInit().IsValidGo(reflect.ValueOf(v)) } -func (xi *ExtensionInfo) TypeDescriptor() pref.ExtensionTypeDescriptor { +func (xi *ExtensionInfo) TypeDescriptor() protoreflect.ExtensionTypeDescriptor { if atomic.LoadUint32(&xi.init) < extensionInfoDescInit { xi.lazyInitSlow() } @@ -144,13 +144,13 @@ func (xi *ExtensionInfo) lazyInitSlow() { } type extensionTypeDescriptor struct { - pref.ExtensionDescriptor + protoreflect.ExtensionDescriptor xi *ExtensionInfo } -func (xtd *extensionTypeDescriptor) Type() pref.ExtensionType { +func (xtd *extensionTypeDescriptor) Type() protoreflect.ExtensionType { return xtd.xi } -func (xtd *extensionTypeDescriptor) Descriptor() pref.ExtensionDescriptor { +func (xtd *extensionTypeDescriptor) Descriptor() protoreflect.ExtensionDescriptor { return xtd.ExtensionDescriptor } diff --git a/vendor/google.golang.org/protobuf/internal/impl/legacy_enum.go b/vendor/google.golang.org/protobuf/internal/impl/legacy_enum.go index f7d7ffb5103..c2a803bb2f9 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/legacy_enum.go +++ b/vendor/google.golang.org/protobuf/internal/impl/legacy_enum.go @@ -13,13 +13,12 @@ import ( "google.golang.org/protobuf/internal/filedesc" "google.golang.org/protobuf/internal/strs" "google.golang.org/protobuf/reflect/protoreflect" - pref "google.golang.org/protobuf/reflect/protoreflect" ) // legacyEnumName returns the name of enums used in legacy code. // It is neither the protobuf full name nor the qualified Go name, // but rather an odd hybrid of both. -func legacyEnumName(ed pref.EnumDescriptor) string { +func legacyEnumName(ed protoreflect.EnumDescriptor) string { var protoPkg string enumName := string(ed.FullName()) if fd := ed.ParentFile(); fd != nil { @@ -34,68 +33,68 @@ func legacyEnumName(ed pref.EnumDescriptor) string { // legacyWrapEnum wraps v as a protoreflect.Enum, // where v must be a int32 kind and not implement the v2 API already. -func legacyWrapEnum(v reflect.Value) pref.Enum { +func legacyWrapEnum(v reflect.Value) protoreflect.Enum { et := legacyLoadEnumType(v.Type()) - return et.New(pref.EnumNumber(v.Int())) + return et.New(protoreflect.EnumNumber(v.Int())) } var legacyEnumTypeCache sync.Map // map[reflect.Type]protoreflect.EnumType // legacyLoadEnumType dynamically loads a protoreflect.EnumType for t, // where t must be an int32 kind and not implement the v2 API already. -func legacyLoadEnumType(t reflect.Type) pref.EnumType { +func legacyLoadEnumType(t reflect.Type) protoreflect.EnumType { // Fast-path: check if a EnumType is cached for this concrete type. if et, ok := legacyEnumTypeCache.Load(t); ok { - return et.(pref.EnumType) + return et.(protoreflect.EnumType) } // Slow-path: derive enum descriptor and initialize EnumType. - var et pref.EnumType + var et protoreflect.EnumType ed := LegacyLoadEnumDesc(t) et = &legacyEnumType{ desc: ed, goType: t, } if et, ok := legacyEnumTypeCache.LoadOrStore(t, et); ok { - return et.(pref.EnumType) + return et.(protoreflect.EnumType) } return et } type legacyEnumType struct { - desc pref.EnumDescriptor + desc protoreflect.EnumDescriptor goType reflect.Type m sync.Map // map[protoreflect.EnumNumber]proto.Enum } -func (t *legacyEnumType) New(n pref.EnumNumber) pref.Enum { +func (t *legacyEnumType) New(n protoreflect.EnumNumber) protoreflect.Enum { if e, ok := t.m.Load(n); ok { - return e.(pref.Enum) + return e.(protoreflect.Enum) } e := &legacyEnumWrapper{num: n, pbTyp: t, goTyp: t.goType} t.m.Store(n, e) return e } -func (t *legacyEnumType) Descriptor() pref.EnumDescriptor { +func (t *legacyEnumType) Descriptor() protoreflect.EnumDescriptor { return t.desc } type legacyEnumWrapper struct { - num pref.EnumNumber - pbTyp pref.EnumType + num protoreflect.EnumNumber + pbTyp protoreflect.EnumType goTyp reflect.Type } -func (e *legacyEnumWrapper) Descriptor() pref.EnumDescriptor { +func (e *legacyEnumWrapper) Descriptor() protoreflect.EnumDescriptor { return e.pbTyp.Descriptor() } -func (e *legacyEnumWrapper) Type() pref.EnumType { +func (e *legacyEnumWrapper) Type() protoreflect.EnumType { return e.pbTyp } -func (e *legacyEnumWrapper) Number() pref.EnumNumber { +func (e *legacyEnumWrapper) Number() protoreflect.EnumNumber { return e.num } -func (e *legacyEnumWrapper) ProtoReflect() pref.Enum { +func (e *legacyEnumWrapper) ProtoReflect() protoreflect.Enum { return e } func (e *legacyEnumWrapper) protoUnwrap() interface{} { @@ -105,8 +104,8 @@ func (e *legacyEnumWrapper) protoUnwrap() interface{} { } var ( - _ pref.Enum = (*legacyEnumWrapper)(nil) - _ unwrapper = (*legacyEnumWrapper)(nil) + _ protoreflect.Enum = (*legacyEnumWrapper)(nil) + _ unwrapper = (*legacyEnumWrapper)(nil) ) var legacyEnumDescCache sync.Map // map[reflect.Type]protoreflect.EnumDescriptor @@ -115,15 +114,15 @@ var legacyEnumDescCache sync.Map // map[reflect.Type]protoreflect.EnumDescriptor // which must be an int32 kind and not implement the v2 API already. // // This is exported for testing purposes. -func LegacyLoadEnumDesc(t reflect.Type) pref.EnumDescriptor { +func LegacyLoadEnumDesc(t reflect.Type) protoreflect.EnumDescriptor { // Fast-path: check if an EnumDescriptor is cached for this concrete type. if ed, ok := legacyEnumDescCache.Load(t); ok { - return ed.(pref.EnumDescriptor) + return ed.(protoreflect.EnumDescriptor) } // Slow-path: initialize EnumDescriptor from the raw descriptor. ev := reflect.Zero(t).Interface() - if _, ok := ev.(pref.Enum); ok { + if _, ok := ev.(protoreflect.Enum); ok { panic(fmt.Sprintf("%v already implements proto.Enum", t)) } edV1, ok := ev.(enumV1) @@ -132,7 +131,7 @@ func LegacyLoadEnumDesc(t reflect.Type) pref.EnumDescriptor { } b, idxs := edV1.EnumDescriptor() - var ed pref.EnumDescriptor + var ed protoreflect.EnumDescriptor if len(idxs) == 1 { ed = legacyLoadFileDesc(b).Enums().Get(idxs[0]) } else { @@ -158,10 +157,10 @@ var aberrantEnumDescCache sync.Map // map[reflect.Type]protoreflect.EnumDescript // We are unable to use the global enum registry since it is // unfortunately keyed by the protobuf full name, which we also do not know. // Thus, this produces some bogus enum descriptor based on the Go type name. -func aberrantLoadEnumDesc(t reflect.Type) pref.EnumDescriptor { +func aberrantLoadEnumDesc(t reflect.Type) protoreflect.EnumDescriptor { // Fast-path: check if an EnumDescriptor is cached for this concrete type. if ed, ok := aberrantEnumDescCache.Load(t); ok { - return ed.(pref.EnumDescriptor) + return ed.(protoreflect.EnumDescriptor) } // Slow-path: construct a bogus, but unique EnumDescriptor. @@ -182,7 +181,7 @@ func aberrantLoadEnumDesc(t reflect.Type) pref.EnumDescriptor { // An exhaustive query is clearly impractical, but can be best-effort. if ed, ok := aberrantEnumDescCache.LoadOrStore(t, ed); ok { - return ed.(pref.EnumDescriptor) + return ed.(protoreflect.EnumDescriptor) } return ed } @@ -192,7 +191,7 @@ func aberrantLoadEnumDesc(t reflect.Type) pref.EnumDescriptor { // It should be sufficiently unique within a program. // // This is exported for testing purposes. -func AberrantDeriveFullName(t reflect.Type) pref.FullName { +func AberrantDeriveFullName(t reflect.Type) protoreflect.FullName { sanitize := func(r rune) rune { switch { case r == '/': @@ -215,5 +214,5 @@ func AberrantDeriveFullName(t reflect.Type) pref.FullName { ss[i] = "x" + s } } - return pref.FullName(strings.Join(ss, ".")) + return protoreflect.FullName(strings.Join(ss, ".")) } diff --git a/vendor/google.golang.org/protobuf/internal/impl/legacy_export.go b/vendor/google.golang.org/protobuf/internal/impl/legacy_export.go index e3fb0b57858..9b64ad5bba2 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/legacy_export.go +++ b/vendor/google.golang.org/protobuf/internal/impl/legacy_export.go @@ -12,21 +12,21 @@ import ( "reflect" "google.golang.org/protobuf/internal/errors" - pref "google.golang.org/protobuf/reflect/protoreflect" - piface "google.golang.org/protobuf/runtime/protoiface" + "google.golang.org/protobuf/reflect/protoreflect" + "google.golang.org/protobuf/runtime/protoiface" ) // These functions exist to support exported APIs in generated protobufs. // While these are deprecated, they cannot be removed for compatibility reasons. // LegacyEnumName returns the name of enums used in legacy code. -func (Export) LegacyEnumName(ed pref.EnumDescriptor) string { +func (Export) LegacyEnumName(ed protoreflect.EnumDescriptor) string { return legacyEnumName(ed) } // LegacyMessageTypeOf returns the protoreflect.MessageType for m, // with name used as the message name if necessary. -func (Export) LegacyMessageTypeOf(m piface.MessageV1, name pref.FullName) pref.MessageType { +func (Export) LegacyMessageTypeOf(m protoiface.MessageV1, name protoreflect.FullName) protoreflect.MessageType { if mv := (Export{}).protoMessageV2Of(m); mv != nil { return mv.ProtoReflect().Type() } @@ -36,9 +36,9 @@ func (Export) LegacyMessageTypeOf(m piface.MessageV1, name pref.FullName) pref.M // UnmarshalJSONEnum unmarshals an enum from a JSON-encoded input. // The input can either be a string representing the enum value by name, // or a number representing the enum number itself. -func (Export) UnmarshalJSONEnum(ed pref.EnumDescriptor, b []byte) (pref.EnumNumber, error) { +func (Export) UnmarshalJSONEnum(ed protoreflect.EnumDescriptor, b []byte) (protoreflect.EnumNumber, error) { if b[0] == '"' { - var name pref.Name + var name protoreflect.Name if err := json.Unmarshal(b, &name); err != nil { return 0, errors.New("invalid input for enum %v: %s", ed.FullName(), b) } @@ -48,7 +48,7 @@ func (Export) UnmarshalJSONEnum(ed pref.EnumDescriptor, b []byte) (pref.EnumNumb } return ev.Number(), nil } else { - var num pref.EnumNumber + var num protoreflect.EnumNumber if err := json.Unmarshal(b, &num); err != nil { return 0, errors.New("invalid input for enum %v: %s", ed.FullName(), b) } @@ -81,8 +81,8 @@ func (Export) CompressGZIP(in []byte) (out []byte) { blockHeader[0] = 0x01 // final bit per RFC 1951, section 3.2.3. blockSize = len(in) } - binary.LittleEndian.PutUint16(blockHeader[1:3], uint16(blockSize)^0x0000) - binary.LittleEndian.PutUint16(blockHeader[3:5], uint16(blockSize)^0xffff) + binary.LittleEndian.PutUint16(blockHeader[1:3], uint16(blockSize)) + binary.LittleEndian.PutUint16(blockHeader[3:5], ^uint16(blockSize)) out = append(out, blockHeader[:]...) out = append(out, in[:blockSize]...) in = in[blockSize:] diff --git a/vendor/google.golang.org/protobuf/internal/impl/legacy_extension.go b/vendor/google.golang.org/protobuf/internal/impl/legacy_extension.go index 49e723161c0..87b30d0504c 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/legacy_extension.go +++ b/vendor/google.golang.org/protobuf/internal/impl/legacy_extension.go @@ -12,16 +12,16 @@ import ( ptag "google.golang.org/protobuf/internal/encoding/tag" "google.golang.org/protobuf/internal/filedesc" "google.golang.org/protobuf/internal/pragma" - pref "google.golang.org/protobuf/reflect/protoreflect" - preg "google.golang.org/protobuf/reflect/protoregistry" - piface "google.golang.org/protobuf/runtime/protoiface" + "google.golang.org/protobuf/reflect/protoreflect" + "google.golang.org/protobuf/reflect/protoregistry" + "google.golang.org/protobuf/runtime/protoiface" ) func (xi *ExtensionInfo) initToLegacy() { xd := xi.desc - var parent piface.MessageV1 + var parent protoiface.MessageV1 messageName := xd.ContainingMessage().FullName() - if mt, _ := preg.GlobalTypes.FindMessageByName(messageName); mt != nil { + if mt, _ := protoregistry.GlobalTypes.FindMessageByName(messageName); mt != nil { // Create a new parent message and unwrap it if possible. mv := mt.New().Interface() t := reflect.TypeOf(mv) @@ -31,7 +31,7 @@ func (xi *ExtensionInfo) initToLegacy() { // Check whether the message implements the legacy v1 Message interface. mz := reflect.Zero(t).Interface() - if mz, ok := mz.(piface.MessageV1); ok { + if mz, ok := mz.(protoiface.MessageV1); ok { parent = mz } } @@ -46,7 +46,7 @@ func (xi *ExtensionInfo) initToLegacy() { // Reconstruct the legacy enum full name. var enumName string - if xd.Kind() == pref.EnumKind { + if xd.Kind() == protoreflect.EnumKind { enumName = legacyEnumName(xd.Enum()) } @@ -77,16 +77,16 @@ func (xi *ExtensionInfo) initFromLegacy() { // field number is specified. In such a case, use a placeholder. if xi.ExtendedType == nil || xi.ExtensionType == nil { xd := placeholderExtension{ - name: pref.FullName(xi.Name), - number: pref.FieldNumber(xi.Field), + name: protoreflect.FullName(xi.Name), + number: protoreflect.FieldNumber(xi.Field), } xi.desc = extensionTypeDescriptor{xd, xi} return } // Resolve enum or message dependencies. - var ed pref.EnumDescriptor - var md pref.MessageDescriptor + var ed protoreflect.EnumDescriptor + var md protoreflect.MessageDescriptor t := reflect.TypeOf(xi.ExtensionType) isOptional := t.Kind() == reflect.Ptr && t.Elem().Kind() != reflect.Struct isRepeated := t.Kind() == reflect.Slice && t.Elem().Kind() != reflect.Uint8 @@ -94,18 +94,18 @@ func (xi *ExtensionInfo) initFromLegacy() { t = t.Elem() } switch v := reflect.Zero(t).Interface().(type) { - case pref.Enum: + case protoreflect.Enum: ed = v.Descriptor() case enumV1: ed = LegacyLoadEnumDesc(t) - case pref.ProtoMessage: + case protoreflect.ProtoMessage: md = v.ProtoReflect().Descriptor() case messageV1: md = LegacyLoadMessageDesc(t) } // Derive basic field information from the struct tag. - var evs pref.EnumValueDescriptors + var evs protoreflect.EnumValueDescriptors if ed != nil { evs = ed.Values() } @@ -114,8 +114,8 @@ func (xi *ExtensionInfo) initFromLegacy() { // Construct a v2 ExtensionType. xd := &filedesc.Extension{L2: new(filedesc.ExtensionL2)} xd.L0.ParentFile = filedesc.SurrogateProto2 - xd.L0.FullName = pref.FullName(xi.Name) - xd.L1.Number = pref.FieldNumber(xi.Field) + xd.L0.FullName = protoreflect.FullName(xi.Name) + xd.L1.Number = protoreflect.FieldNumber(xi.Field) xd.L1.Cardinality = fd.L1.Cardinality xd.L1.Kind = fd.L1.Kind xd.L2.IsPacked = fd.L1.IsPacked @@ -138,39 +138,39 @@ func (xi *ExtensionInfo) initFromLegacy() { } type placeholderExtension struct { - name pref.FullName - number pref.FieldNumber + name protoreflect.FullName + number protoreflect.FieldNumber } -func (x placeholderExtension) ParentFile() pref.FileDescriptor { return nil } -func (x placeholderExtension) Parent() pref.Descriptor { return nil } -func (x placeholderExtension) Index() int { return 0 } -func (x placeholderExtension) Syntax() pref.Syntax { return 0 } -func (x placeholderExtension) Name() pref.Name { return x.name.Name() } -func (x placeholderExtension) FullName() pref.FullName { return x.name } -func (x placeholderExtension) IsPlaceholder() bool { return true } -func (x placeholderExtension) Options() pref.ProtoMessage { return descopts.Field } -func (x placeholderExtension) Number() pref.FieldNumber { return x.number } -func (x placeholderExtension) Cardinality() pref.Cardinality { return 0 } -func (x placeholderExtension) Kind() pref.Kind { return 0 } -func (x placeholderExtension) HasJSONName() bool { return false } -func (x placeholderExtension) JSONName() string { return "[" + string(x.name) + "]" } -func (x placeholderExtension) TextName() string { return "[" + string(x.name) + "]" } -func (x placeholderExtension) HasPresence() bool { return false } -func (x placeholderExtension) HasOptionalKeyword() bool { return false } -func (x placeholderExtension) IsExtension() bool { return true } -func (x placeholderExtension) IsWeak() bool { return false } -func (x placeholderExtension) IsPacked() bool { return false } -func (x placeholderExtension) IsList() bool { return false } -func (x placeholderExtension) IsMap() bool { return false } -func (x placeholderExtension) MapKey() pref.FieldDescriptor { return nil } -func (x placeholderExtension) MapValue() pref.FieldDescriptor { return nil } -func (x placeholderExtension) HasDefault() bool { return false } -func (x placeholderExtension) Default() pref.Value { return pref.Value{} } -func (x placeholderExtension) DefaultEnumValue() pref.EnumValueDescriptor { return nil } -func (x placeholderExtension) ContainingOneof() pref.OneofDescriptor { return nil } -func (x placeholderExtension) ContainingMessage() pref.MessageDescriptor { return nil } -func (x placeholderExtension) Enum() pref.EnumDescriptor { return nil } -func (x placeholderExtension) Message() pref.MessageDescriptor { return nil } -func (x placeholderExtension) ProtoType(pref.FieldDescriptor) { return } -func (x placeholderExtension) ProtoInternal(pragma.DoNotImplement) { return } +func (x placeholderExtension) ParentFile() protoreflect.FileDescriptor { return nil } +func (x placeholderExtension) Parent() protoreflect.Descriptor { return nil } +func (x placeholderExtension) Index() int { return 0 } +func (x placeholderExtension) Syntax() protoreflect.Syntax { return 0 } +func (x placeholderExtension) Name() protoreflect.Name { return x.name.Name() } +func (x placeholderExtension) FullName() protoreflect.FullName { return x.name } +func (x placeholderExtension) IsPlaceholder() bool { return true } +func (x placeholderExtension) Options() protoreflect.ProtoMessage { return descopts.Field } +func (x placeholderExtension) Number() protoreflect.FieldNumber { return x.number } +func (x placeholderExtension) Cardinality() protoreflect.Cardinality { return 0 } +func (x placeholderExtension) Kind() protoreflect.Kind { return 0 } +func (x placeholderExtension) HasJSONName() bool { return false } +func (x placeholderExtension) JSONName() string { return "[" + string(x.name) + "]" } +func (x placeholderExtension) TextName() string { return "[" + string(x.name) + "]" } +func (x placeholderExtension) HasPresence() bool { return false } +func (x placeholderExtension) HasOptionalKeyword() bool { return false } +func (x placeholderExtension) IsExtension() bool { return true } +func (x placeholderExtension) IsWeak() bool { return false } +func (x placeholderExtension) IsPacked() bool { return false } +func (x placeholderExtension) IsList() bool { return false } +func (x placeholderExtension) IsMap() bool { return false } +func (x placeholderExtension) MapKey() protoreflect.FieldDescriptor { return nil } +func (x placeholderExtension) MapValue() protoreflect.FieldDescriptor { return nil } +func (x placeholderExtension) HasDefault() bool { return false } +func (x placeholderExtension) Default() protoreflect.Value { return protoreflect.Value{} } +func (x placeholderExtension) DefaultEnumValue() protoreflect.EnumValueDescriptor { return nil } +func (x placeholderExtension) ContainingOneof() protoreflect.OneofDescriptor { return nil } +func (x placeholderExtension) ContainingMessage() protoreflect.MessageDescriptor { return nil } +func (x placeholderExtension) Enum() protoreflect.EnumDescriptor { return nil } +func (x placeholderExtension) Message() protoreflect.MessageDescriptor { return nil } +func (x placeholderExtension) ProtoType(protoreflect.FieldDescriptor) { return } +func (x placeholderExtension) ProtoInternal(pragma.DoNotImplement) { return } diff --git a/vendor/google.golang.org/protobuf/internal/impl/legacy_message.go b/vendor/google.golang.org/protobuf/internal/impl/legacy_message.go index 029feeefd79..61c483fac06 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/legacy_message.go +++ b/vendor/google.golang.org/protobuf/internal/impl/legacy_message.go @@ -16,14 +16,12 @@ import ( "google.golang.org/protobuf/internal/filedesc" "google.golang.org/protobuf/internal/strs" "google.golang.org/protobuf/reflect/protoreflect" - pref "google.golang.org/protobuf/reflect/protoreflect" "google.golang.org/protobuf/runtime/protoiface" - piface "google.golang.org/protobuf/runtime/protoiface" ) // legacyWrapMessage wraps v as a protoreflect.Message, // where v must be a *struct kind and not implement the v2 API already. -func legacyWrapMessage(v reflect.Value) pref.Message { +func legacyWrapMessage(v reflect.Value) protoreflect.Message { t := v.Type() if t.Kind() != reflect.Ptr || t.Elem().Kind() != reflect.Struct { return aberrantMessage{v: v} @@ -35,7 +33,7 @@ func legacyWrapMessage(v reflect.Value) pref.Message { // legacyLoadMessageType dynamically loads a protoreflect.Type for t, // where t must be not implement the v2 API already. // The provided name is used if it cannot be determined from the message. -func legacyLoadMessageType(t reflect.Type, name pref.FullName) protoreflect.MessageType { +func legacyLoadMessageType(t reflect.Type, name protoreflect.FullName) protoreflect.MessageType { if t.Kind() != reflect.Ptr || t.Elem().Kind() != reflect.Struct { return aberrantMessageType{t} } @@ -47,7 +45,7 @@ var legacyMessageTypeCache sync.Map // map[reflect.Type]*MessageInfo // legacyLoadMessageInfo dynamically loads a *MessageInfo for t, // where t must be a *struct kind and not implement the v2 API already. // The provided name is used if it cannot be determined from the message. -func legacyLoadMessageInfo(t reflect.Type, name pref.FullName) *MessageInfo { +func legacyLoadMessageInfo(t reflect.Type, name protoreflect.FullName) *MessageInfo { // Fast-path: check if a MessageInfo is cached for this concrete type. if mt, ok := legacyMessageTypeCache.Load(t); ok { return mt.(*MessageInfo) @@ -68,7 +66,7 @@ func legacyLoadMessageInfo(t reflect.Type, name pref.FullName) *MessageInfo { // supports deterministic serialization or not, but this // preserves the v1 implementation's behavior of always // calling Marshal methods when present. - mi.methods.Flags |= piface.SupportMarshalDeterministic + mi.methods.Flags |= protoiface.SupportMarshalDeterministic } if _, hasUnmarshal = v.(legacyUnmarshaler); hasUnmarshal { mi.methods.Unmarshal = legacyUnmarshal @@ -89,18 +87,18 @@ var legacyMessageDescCache sync.Map // map[reflect.Type]protoreflect.MessageDesc // which should be a *struct kind and must not implement the v2 API already. // // This is exported for testing purposes. -func LegacyLoadMessageDesc(t reflect.Type) pref.MessageDescriptor { +func LegacyLoadMessageDesc(t reflect.Type) protoreflect.MessageDescriptor { return legacyLoadMessageDesc(t, "") } -func legacyLoadMessageDesc(t reflect.Type, name pref.FullName) pref.MessageDescriptor { +func legacyLoadMessageDesc(t reflect.Type, name protoreflect.FullName) protoreflect.MessageDescriptor { // Fast-path: check if a MessageDescriptor is cached for this concrete type. if mi, ok := legacyMessageDescCache.Load(t); ok { - return mi.(pref.MessageDescriptor) + return mi.(protoreflect.MessageDescriptor) } // Slow-path: initialize MessageDescriptor from the raw descriptor. mv := reflect.Zero(t).Interface() - if _, ok := mv.(pref.ProtoMessage); ok { + if _, ok := mv.(protoreflect.ProtoMessage); ok { panic(fmt.Sprintf("%v already implements proto.Message", t)) } mdV1, ok := mv.(messageV1) @@ -164,7 +162,7 @@ var ( // // This is a best-effort derivation of the message descriptor using the protobuf // tags on the struct fields. -func aberrantLoadMessageDesc(t reflect.Type, name pref.FullName) pref.MessageDescriptor { +func aberrantLoadMessageDesc(t reflect.Type, name protoreflect.FullName) protoreflect.MessageDescriptor { aberrantMessageDescLock.Lock() defer aberrantMessageDescLock.Unlock() if aberrantMessageDescCache == nil { @@ -172,7 +170,7 @@ func aberrantLoadMessageDesc(t reflect.Type, name pref.FullName) pref.MessageDes } return aberrantLoadMessageDescReentrant(t, name) } -func aberrantLoadMessageDescReentrant(t reflect.Type, name pref.FullName) pref.MessageDescriptor { +func aberrantLoadMessageDescReentrant(t reflect.Type, name protoreflect.FullName) protoreflect.MessageDescriptor { // Fast-path: check if an MessageDescriptor is cached for this concrete type. if md, ok := aberrantMessageDescCache[t]; ok { return md @@ -225,9 +223,9 @@ func aberrantLoadMessageDescReentrant(t reflect.Type, name pref.FullName) pref.M vs := fn.Func.Call([]reflect.Value{reflect.Zero(fn.Type.In(0))})[0] for i := 0; i < vs.Len(); i++ { v := vs.Index(i) - md.L2.ExtensionRanges.List = append(md.L2.ExtensionRanges.List, [2]pref.FieldNumber{ - pref.FieldNumber(v.FieldByName("Start").Int()), - pref.FieldNumber(v.FieldByName("End").Int() + 1), + md.L2.ExtensionRanges.List = append(md.L2.ExtensionRanges.List, [2]protoreflect.FieldNumber{ + protoreflect.FieldNumber(v.FieldByName("Start").Int()), + protoreflect.FieldNumber(v.FieldByName("End").Int() + 1), }) md.L2.ExtensionRangeOptions = append(md.L2.ExtensionRangeOptions, nil) } @@ -245,7 +243,7 @@ func aberrantLoadMessageDescReentrant(t reflect.Type, name pref.FullName) pref.M n := len(md.L2.Oneofs.List) md.L2.Oneofs.List = append(md.L2.Oneofs.List, filedesc.Oneof{}) od := &md.L2.Oneofs.List[n] - od.L0.FullName = md.FullName().Append(pref.Name(tag)) + od.L0.FullName = md.FullName().Append(protoreflect.Name(tag)) od.L0.ParentFile = md.L0.ParentFile od.L0.Parent = md od.L0.Index = n @@ -267,14 +265,14 @@ func aberrantLoadMessageDescReentrant(t reflect.Type, name pref.FullName) pref.M return md } -func aberrantDeriveMessageName(t reflect.Type, name pref.FullName) pref.FullName { +func aberrantDeriveMessageName(t reflect.Type, name protoreflect.FullName) protoreflect.FullName { if name.IsValid() { return name } func() { defer func() { recover() }() // swallow possible nil panics if m, ok := reflect.Zero(t).Interface().(interface{ XXX_MessageName() string }); ok { - name = pref.FullName(m.XXX_MessageName()) + name = protoreflect.FullName(m.XXX_MessageName()) } }() if name.IsValid() { @@ -305,7 +303,7 @@ func aberrantAppendField(md *filedesc.Message, goType reflect.Type, tag, tagKey, fd.L0.Index = n if fd.L1.IsWeak || fd.L1.HasPacked { - fd.L1.Options = func() pref.ProtoMessage { + fd.L1.Options = func() protoreflect.ProtoMessage { opts := descopts.Field.ProtoReflect().New() if fd.L1.IsWeak { opts.Set(opts.Descriptor().Fields().ByName("weak"), protoreflect.ValueOfBool(true)) @@ -318,17 +316,17 @@ func aberrantAppendField(md *filedesc.Message, goType reflect.Type, tag, tagKey, } // Populate Enum and Message. - if fd.Enum() == nil && fd.Kind() == pref.EnumKind { + if fd.Enum() == nil && fd.Kind() == protoreflect.EnumKind { switch v := reflect.Zero(t).Interface().(type) { - case pref.Enum: + case protoreflect.Enum: fd.L1.Enum = v.Descriptor() default: fd.L1.Enum = LegacyLoadEnumDesc(t) } } - if fd.Message() == nil && (fd.Kind() == pref.MessageKind || fd.Kind() == pref.GroupKind) { + if fd.Message() == nil && (fd.Kind() == protoreflect.MessageKind || fd.Kind() == protoreflect.GroupKind) { switch v := reflect.Zero(t).Interface().(type) { - case pref.ProtoMessage: + case protoreflect.ProtoMessage: fd.L1.Message = v.ProtoReflect().Descriptor() case messageV1: fd.L1.Message = LegacyLoadMessageDesc(t) @@ -337,13 +335,13 @@ func aberrantAppendField(md *filedesc.Message, goType reflect.Type, tag, tagKey, n := len(md.L1.Messages.List) md.L1.Messages.List = append(md.L1.Messages.List, filedesc.Message{L2: new(filedesc.MessageL2)}) md2 := &md.L1.Messages.List[n] - md2.L0.FullName = md.FullName().Append(pref.Name(strs.MapEntryName(string(fd.Name())))) + md2.L0.FullName = md.FullName().Append(protoreflect.Name(strs.MapEntryName(string(fd.Name())))) md2.L0.ParentFile = md.L0.ParentFile md2.L0.Parent = md md2.L0.Index = n md2.L1.IsMapEntry = true - md2.L2.Options = func() pref.ProtoMessage { + md2.L2.Options = func() protoreflect.ProtoMessage { opts := descopts.Message.ProtoReflect().New() opts.Set(opts.Descriptor().Fields().ByName("map_entry"), protoreflect.ValueOfBool(true)) return opts.Interface() @@ -364,8 +362,8 @@ type placeholderEnumValues struct { protoreflect.EnumValueDescriptors } -func (placeholderEnumValues) ByNumber(n pref.EnumNumber) pref.EnumValueDescriptor { - return filedesc.PlaceholderEnumValue(pref.FullName(fmt.Sprintf("UNKNOWN_%d", n))) +func (placeholderEnumValues) ByNumber(n protoreflect.EnumNumber) protoreflect.EnumValueDescriptor { + return filedesc.PlaceholderEnumValue(protoreflect.FullName(fmt.Sprintf("UNKNOWN_%d", n))) } // legacyMarshaler is the proto.Marshaler interface superseded by protoiface.Methoder. @@ -383,7 +381,7 @@ type legacyMerger interface { Merge(protoiface.MessageV1) } -var aberrantProtoMethods = &piface.Methods{ +var aberrantProtoMethods = &protoiface.Methods{ Marshal: legacyMarshal, Unmarshal: legacyUnmarshal, Merge: legacyMerge, @@ -392,40 +390,40 @@ var aberrantProtoMethods = &piface.Methods{ // supports deterministic serialization or not, but this // preserves the v1 implementation's behavior of always // calling Marshal methods when present. - Flags: piface.SupportMarshalDeterministic, + Flags: protoiface.SupportMarshalDeterministic, } -func legacyMarshal(in piface.MarshalInput) (piface.MarshalOutput, error) { +func legacyMarshal(in protoiface.MarshalInput) (protoiface.MarshalOutput, error) { v := in.Message.(unwrapper).protoUnwrap() marshaler, ok := v.(legacyMarshaler) if !ok { - return piface.MarshalOutput{}, errors.New("%T does not implement Marshal", v) + return protoiface.MarshalOutput{}, errors.New("%T does not implement Marshal", v) } out, err := marshaler.Marshal() if in.Buf != nil { out = append(in.Buf, out...) } - return piface.MarshalOutput{ + return protoiface.MarshalOutput{ Buf: out, }, err } -func legacyUnmarshal(in piface.UnmarshalInput) (piface.UnmarshalOutput, error) { +func legacyUnmarshal(in protoiface.UnmarshalInput) (protoiface.UnmarshalOutput, error) { v := in.Message.(unwrapper).protoUnwrap() unmarshaler, ok := v.(legacyUnmarshaler) if !ok { - return piface.UnmarshalOutput{}, errors.New("%T does not implement Unmarshal", v) + return protoiface.UnmarshalOutput{}, errors.New("%T does not implement Unmarshal", v) } - return piface.UnmarshalOutput{}, unmarshaler.Unmarshal(in.Buf) + return protoiface.UnmarshalOutput{}, unmarshaler.Unmarshal(in.Buf) } -func legacyMerge(in piface.MergeInput) piface.MergeOutput { +func legacyMerge(in protoiface.MergeInput) protoiface.MergeOutput { // Check whether this supports the legacy merger. dstv := in.Destination.(unwrapper).protoUnwrap() merger, ok := dstv.(legacyMerger) if ok { merger.Merge(Export{}.ProtoMessageV1Of(in.Source)) - return piface.MergeOutput{Flags: piface.MergeComplete} + return protoiface.MergeOutput{Flags: protoiface.MergeComplete} } // If legacy merger is unavailable, implement merge in terms of @@ -433,29 +431,29 @@ func legacyMerge(in piface.MergeInput) piface.MergeOutput { srcv := in.Source.(unwrapper).protoUnwrap() marshaler, ok := srcv.(legacyMarshaler) if !ok { - return piface.MergeOutput{} + return protoiface.MergeOutput{} } dstv = in.Destination.(unwrapper).protoUnwrap() unmarshaler, ok := dstv.(legacyUnmarshaler) if !ok { - return piface.MergeOutput{} + return protoiface.MergeOutput{} } if !in.Source.IsValid() { // Legacy Marshal methods may not function on nil messages. // Check for a typed nil source only after we confirm that // legacy Marshal/Unmarshal methods are present, for // consistency. - return piface.MergeOutput{Flags: piface.MergeComplete} + return protoiface.MergeOutput{Flags: protoiface.MergeComplete} } b, err := marshaler.Marshal() if err != nil { - return piface.MergeOutput{} + return protoiface.MergeOutput{} } err = unmarshaler.Unmarshal(b) if err != nil { - return piface.MergeOutput{} + return protoiface.MergeOutput{} } - return piface.MergeOutput{Flags: piface.MergeComplete} + return protoiface.MergeOutput{Flags: protoiface.MergeComplete} } // aberrantMessageType implements MessageType for all types other than pointer-to-struct. @@ -463,19 +461,19 @@ type aberrantMessageType struct { t reflect.Type } -func (mt aberrantMessageType) New() pref.Message { +func (mt aberrantMessageType) New() protoreflect.Message { if mt.t.Kind() == reflect.Ptr { return aberrantMessage{reflect.New(mt.t.Elem())} } return aberrantMessage{reflect.Zero(mt.t)} } -func (mt aberrantMessageType) Zero() pref.Message { +func (mt aberrantMessageType) Zero() protoreflect.Message { return aberrantMessage{reflect.Zero(mt.t)} } func (mt aberrantMessageType) GoType() reflect.Type { return mt.t } -func (mt aberrantMessageType) Descriptor() pref.MessageDescriptor { +func (mt aberrantMessageType) Descriptor() protoreflect.MessageDescriptor { return LegacyLoadMessageDesc(mt.t) } @@ -499,56 +497,56 @@ func (m aberrantMessage) Reset() { } } -func (m aberrantMessage) ProtoReflect() pref.Message { +func (m aberrantMessage) ProtoReflect() protoreflect.Message { return m } -func (m aberrantMessage) Descriptor() pref.MessageDescriptor { +func (m aberrantMessage) Descriptor() protoreflect.MessageDescriptor { return LegacyLoadMessageDesc(m.v.Type()) } -func (m aberrantMessage) Type() pref.MessageType { +func (m aberrantMessage) Type() protoreflect.MessageType { return aberrantMessageType{m.v.Type()} } -func (m aberrantMessage) New() pref.Message { +func (m aberrantMessage) New() protoreflect.Message { if m.v.Type().Kind() == reflect.Ptr { return aberrantMessage{reflect.New(m.v.Type().Elem())} } return aberrantMessage{reflect.Zero(m.v.Type())} } -func (m aberrantMessage) Interface() pref.ProtoMessage { +func (m aberrantMessage) Interface() protoreflect.ProtoMessage { return m } -func (m aberrantMessage) Range(f func(pref.FieldDescriptor, pref.Value) bool) { +func (m aberrantMessage) Range(f func(protoreflect.FieldDescriptor, protoreflect.Value) bool) { return } -func (m aberrantMessage) Has(pref.FieldDescriptor) bool { +func (m aberrantMessage) Has(protoreflect.FieldDescriptor) bool { return false } -func (m aberrantMessage) Clear(pref.FieldDescriptor) { +func (m aberrantMessage) Clear(protoreflect.FieldDescriptor) { panic("invalid Message.Clear on " + string(m.Descriptor().FullName())) } -func (m aberrantMessage) Get(fd pref.FieldDescriptor) pref.Value { +func (m aberrantMessage) Get(fd protoreflect.FieldDescriptor) protoreflect.Value { if fd.Default().IsValid() { return fd.Default() } panic("invalid Message.Get on " + string(m.Descriptor().FullName())) } -func (m aberrantMessage) Set(pref.FieldDescriptor, pref.Value) { +func (m aberrantMessage) Set(protoreflect.FieldDescriptor, protoreflect.Value) { panic("invalid Message.Set on " + string(m.Descriptor().FullName())) } -func (m aberrantMessage) Mutable(pref.FieldDescriptor) pref.Value { +func (m aberrantMessage) Mutable(protoreflect.FieldDescriptor) protoreflect.Value { panic("invalid Message.Mutable on " + string(m.Descriptor().FullName())) } -func (m aberrantMessage) NewField(pref.FieldDescriptor) pref.Value { +func (m aberrantMessage) NewField(protoreflect.FieldDescriptor) protoreflect.Value { panic("invalid Message.NewField on " + string(m.Descriptor().FullName())) } -func (m aberrantMessage) WhichOneof(pref.OneofDescriptor) pref.FieldDescriptor { +func (m aberrantMessage) WhichOneof(protoreflect.OneofDescriptor) protoreflect.FieldDescriptor { panic("invalid Message.WhichOneof descriptor on " + string(m.Descriptor().FullName())) } -func (m aberrantMessage) GetUnknown() pref.RawFields { +func (m aberrantMessage) GetUnknown() protoreflect.RawFields { return nil } -func (m aberrantMessage) SetUnknown(pref.RawFields) { +func (m aberrantMessage) SetUnknown(protoreflect.RawFields) { // SetUnknown discards its input on messages which don't support unknown field storage. } func (m aberrantMessage) IsValid() bool { @@ -557,7 +555,7 @@ func (m aberrantMessage) IsValid() bool { } return false } -func (m aberrantMessage) ProtoMethods() *piface.Methods { +func (m aberrantMessage) ProtoMethods() *protoiface.Methods { return aberrantProtoMethods } func (m aberrantMessage) protoUnwrap() interface{} { diff --git a/vendor/google.golang.org/protobuf/internal/impl/merge.go b/vendor/google.golang.org/protobuf/internal/impl/merge.go index c65bbc0446e..7e65f64f28e 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/merge.go +++ b/vendor/google.golang.org/protobuf/internal/impl/merge.go @@ -9,8 +9,8 @@ import ( "reflect" "google.golang.org/protobuf/proto" - pref "google.golang.org/protobuf/reflect/protoreflect" - piface "google.golang.org/protobuf/runtime/protoiface" + "google.golang.org/protobuf/reflect/protoreflect" + "google.golang.org/protobuf/runtime/protoiface" ) type mergeOptions struct{} @@ -20,17 +20,17 @@ func (o mergeOptions) Merge(dst, src proto.Message) { } // merge is protoreflect.Methods.Merge. -func (mi *MessageInfo) merge(in piface.MergeInput) piface.MergeOutput { +func (mi *MessageInfo) merge(in protoiface.MergeInput) protoiface.MergeOutput { dp, ok := mi.getPointer(in.Destination) if !ok { - return piface.MergeOutput{} + return protoiface.MergeOutput{} } sp, ok := mi.getPointer(in.Source) if !ok { - return piface.MergeOutput{} + return protoiface.MergeOutput{} } mi.mergePointer(dp, sp, mergeOptions{}) - return piface.MergeOutput{Flags: piface.MergeComplete} + return protoiface.MergeOutput{Flags: protoiface.MergeComplete} } func (mi *MessageInfo) mergePointer(dst, src pointer, opts mergeOptions) { @@ -64,7 +64,7 @@ func (mi *MessageInfo) mergePointer(dst, src pointer, opts mergeOptions) { continue } dx := (*dext)[num] - var dv pref.Value + var dv protoreflect.Value if dx.Type() == sx.Type() { dv = dx.Value() } @@ -85,15 +85,15 @@ func (mi *MessageInfo) mergePointer(dst, src pointer, opts mergeOptions) { } } -func mergeScalarValue(dst, src pref.Value, opts mergeOptions) pref.Value { +func mergeScalarValue(dst, src protoreflect.Value, opts mergeOptions) protoreflect.Value { return src } -func mergeBytesValue(dst, src pref.Value, opts mergeOptions) pref.Value { - return pref.ValueOfBytes(append(emptyBuf[:], src.Bytes()...)) +func mergeBytesValue(dst, src protoreflect.Value, opts mergeOptions) protoreflect.Value { + return protoreflect.ValueOfBytes(append(emptyBuf[:], src.Bytes()...)) } -func mergeListValue(dst, src pref.Value, opts mergeOptions) pref.Value { +func mergeListValue(dst, src protoreflect.Value, opts mergeOptions) protoreflect.Value { dstl := dst.List() srcl := src.List() for i, llen := 0, srcl.Len(); i < llen; i++ { @@ -102,29 +102,29 @@ func mergeListValue(dst, src pref.Value, opts mergeOptions) pref.Value { return dst } -func mergeBytesListValue(dst, src pref.Value, opts mergeOptions) pref.Value { +func mergeBytesListValue(dst, src protoreflect.Value, opts mergeOptions) protoreflect.Value { dstl := dst.List() srcl := src.List() for i, llen := 0, srcl.Len(); i < llen; i++ { sb := srcl.Get(i).Bytes() db := append(emptyBuf[:], sb...) - dstl.Append(pref.ValueOfBytes(db)) + dstl.Append(protoreflect.ValueOfBytes(db)) } return dst } -func mergeMessageListValue(dst, src pref.Value, opts mergeOptions) pref.Value { +func mergeMessageListValue(dst, src protoreflect.Value, opts mergeOptions) protoreflect.Value { dstl := dst.List() srcl := src.List() for i, llen := 0, srcl.Len(); i < llen; i++ { sm := srcl.Get(i).Message() dm := proto.Clone(sm.Interface()).ProtoReflect() - dstl.Append(pref.ValueOfMessage(dm)) + dstl.Append(protoreflect.ValueOfMessage(dm)) } return dst } -func mergeMessageValue(dst, src pref.Value, opts mergeOptions) pref.Value { +func mergeMessageValue(dst, src protoreflect.Value, opts mergeOptions) protoreflect.Value { opts.Merge(dst.Message().Interface(), src.Message().Interface()) return dst } diff --git a/vendor/google.golang.org/protobuf/internal/impl/message.go b/vendor/google.golang.org/protobuf/internal/impl/message.go index a104e28e858..4f5fb67a0dd 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/message.go +++ b/vendor/google.golang.org/protobuf/internal/impl/message.go @@ -14,8 +14,7 @@ import ( "google.golang.org/protobuf/internal/genid" "google.golang.org/protobuf/reflect/protoreflect" - pref "google.golang.org/protobuf/reflect/protoreflect" - preg "google.golang.org/protobuf/reflect/protoregistry" + "google.golang.org/protobuf/reflect/protoregistry" ) // MessageInfo provides protobuf related functionality for a given Go type @@ -29,7 +28,7 @@ type MessageInfo struct { GoReflectType reflect.Type // pointer to struct // Desc is the underlying message descriptor type and must be populated. - Desc pref.MessageDescriptor + Desc protoreflect.MessageDescriptor // Exporter must be provided in a purego environment in order to provide // access to unexported fields. @@ -54,7 +53,7 @@ type exporter func(v interface{}, i int) interface{} // is generated by our implementation of protoc-gen-go (for v2 and on). // If it is unable to obtain a MessageInfo, it returns nil. func getMessageInfo(mt reflect.Type) *MessageInfo { - m, ok := reflect.Zero(mt).Interface().(pref.ProtoMessage) + m, ok := reflect.Zero(mt).Interface().(protoreflect.ProtoMessage) if !ok { return nil } @@ -97,7 +96,7 @@ func (mi *MessageInfo) initOnce() { // getPointer returns the pointer for a message, which should be of // the type of the MessageInfo. If the message is of a different type, // it returns ok==false. -func (mi *MessageInfo) getPointer(m pref.Message) (p pointer, ok bool) { +func (mi *MessageInfo) getPointer(m protoreflect.Message) (p pointer, ok bool) { switch m := m.(type) { case *messageState: return m.pointer(), m.messageInfo() == mi @@ -134,10 +133,10 @@ type structInfo struct { extensionOffset offset extensionType reflect.Type - fieldsByNumber map[pref.FieldNumber]reflect.StructField - oneofsByName map[pref.Name]reflect.StructField - oneofWrappersByType map[reflect.Type]pref.FieldNumber - oneofWrappersByNumber map[pref.FieldNumber]reflect.Type + fieldsByNumber map[protoreflect.FieldNumber]reflect.StructField + oneofsByName map[protoreflect.Name]reflect.StructField + oneofWrappersByType map[reflect.Type]protoreflect.FieldNumber + oneofWrappersByNumber map[protoreflect.FieldNumber]reflect.Type } func (mi *MessageInfo) makeStructInfo(t reflect.Type) structInfo { @@ -147,10 +146,10 @@ func (mi *MessageInfo) makeStructInfo(t reflect.Type) structInfo { unknownOffset: invalidOffset, extensionOffset: invalidOffset, - fieldsByNumber: map[pref.FieldNumber]reflect.StructField{}, - oneofsByName: map[pref.Name]reflect.StructField{}, - oneofWrappersByType: map[reflect.Type]pref.FieldNumber{}, - oneofWrappersByNumber: map[pref.FieldNumber]reflect.Type{}, + fieldsByNumber: map[protoreflect.FieldNumber]reflect.StructField{}, + oneofsByName: map[protoreflect.Name]reflect.StructField{}, + oneofWrappersByType: map[reflect.Type]protoreflect.FieldNumber{}, + oneofWrappersByNumber: map[protoreflect.FieldNumber]reflect.Type{}, } fieldLoop: @@ -180,12 +179,12 @@ fieldLoop: for _, s := range strings.Split(f.Tag.Get("protobuf"), ",") { if len(s) > 0 && strings.Trim(s, "0123456789") == "" { n, _ := strconv.ParseUint(s, 10, 64) - si.fieldsByNumber[pref.FieldNumber(n)] = f + si.fieldsByNumber[protoreflect.FieldNumber(n)] = f continue fieldLoop } } if s := f.Tag.Get("protobuf_oneof"); len(s) > 0 { - si.oneofsByName[pref.Name(s)] = f + si.oneofsByName[protoreflect.Name(s)] = f continue fieldLoop } } @@ -208,8 +207,8 @@ fieldLoop: for _, s := range strings.Split(f.Tag.Get("protobuf"), ",") { if len(s) > 0 && strings.Trim(s, "0123456789") == "" { n, _ := strconv.ParseUint(s, 10, 64) - si.oneofWrappersByType[tf] = pref.FieldNumber(n) - si.oneofWrappersByNumber[pref.FieldNumber(n)] = tf + si.oneofWrappersByType[tf] = protoreflect.FieldNumber(n) + si.oneofWrappersByNumber[protoreflect.FieldNumber(n)] = tf break } } @@ -219,7 +218,11 @@ fieldLoop: } func (mi *MessageInfo) New() protoreflect.Message { - return mi.MessageOf(reflect.New(mi.GoReflectType.Elem()).Interface()) + m := reflect.New(mi.GoReflectType.Elem()).Interface() + if r, ok := m.(protoreflect.ProtoMessage); ok { + return r.ProtoReflect() + } + return mi.MessageOf(m) } func (mi *MessageInfo) Zero() protoreflect.Message { return mi.MessageOf(reflect.Zero(mi.GoReflectType).Interface()) @@ -237,7 +240,7 @@ func (mi *MessageInfo) Message(i int) protoreflect.MessageType { fd := mi.Desc.Fields().Get(i) switch { case fd.IsWeak(): - mt, _ := preg.GlobalTypes.FindMessageByName(fd.Message().FullName()) + mt, _ := protoregistry.GlobalTypes.FindMessageByName(fd.Message().FullName()) return mt case fd.IsMap(): return mapEntryType{fd.Message(), mi.fieldTypes[fd.Number()]} diff --git a/vendor/google.golang.org/protobuf/internal/impl/message_reflect.go b/vendor/google.golang.org/protobuf/internal/impl/message_reflect.go index 9488b726131..d9ea010bef9 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/message_reflect.go +++ b/vendor/google.golang.org/protobuf/internal/impl/message_reflect.go @@ -10,17 +10,17 @@ import ( "google.golang.org/protobuf/internal/detrand" "google.golang.org/protobuf/internal/pragma" - pref "google.golang.org/protobuf/reflect/protoreflect" + "google.golang.org/protobuf/reflect/protoreflect" ) type reflectMessageInfo struct { - fields map[pref.FieldNumber]*fieldInfo - oneofs map[pref.Name]*oneofInfo + fields map[protoreflect.FieldNumber]*fieldInfo + oneofs map[protoreflect.Name]*oneofInfo // fieldTypes contains the zero value of an enum or message field. // For lists, it contains the element type. // For maps, it contains the entry value type. - fieldTypes map[pref.FieldNumber]interface{} + fieldTypes map[protoreflect.FieldNumber]interface{} // denseFields is a subset of fields where: // 0 < fieldDesc.Number() < len(denseFields) @@ -30,8 +30,8 @@ type reflectMessageInfo struct { // rangeInfos is a list of all fields (not belonging to a oneof) and oneofs. rangeInfos []interface{} // either *fieldInfo or *oneofInfo - getUnknown func(pointer) pref.RawFields - setUnknown func(pointer, pref.RawFields) + getUnknown func(pointer) protoreflect.RawFields + setUnknown func(pointer, protoreflect.RawFields) extensionMap func(pointer) *extensionMap nilMessage atomicNilMessage @@ -52,7 +52,7 @@ func (mi *MessageInfo) makeReflectFuncs(t reflect.Type, si structInfo) { // This code assumes that the struct is well-formed and panics if there are // any discrepancies. func (mi *MessageInfo) makeKnownFieldsFunc(si structInfo) { - mi.fields = map[pref.FieldNumber]*fieldInfo{} + mi.fields = map[protoreflect.FieldNumber]*fieldInfo{} md := mi.Desc fds := md.Fields() for i := 0; i < fds.Len(); i++ { @@ -82,7 +82,7 @@ func (mi *MessageInfo) makeKnownFieldsFunc(si structInfo) { mi.fields[fd.Number()] = &fi } - mi.oneofs = map[pref.Name]*oneofInfo{} + mi.oneofs = map[protoreflect.Name]*oneofInfo{} for i := 0; i < md.Oneofs().Len(); i++ { od := md.Oneofs().Get(i) mi.oneofs[od.Name()] = makeOneofInfo(od, si, mi.Exporter) @@ -117,13 +117,13 @@ func (mi *MessageInfo) makeUnknownFieldsFunc(t reflect.Type, si structInfo) { switch { case si.unknownOffset.IsValid() && si.unknownType == unknownFieldsAType: // Handle as []byte. - mi.getUnknown = func(p pointer) pref.RawFields { + mi.getUnknown = func(p pointer) protoreflect.RawFields { if p.IsNil() { return nil } return *p.Apply(mi.unknownOffset).Bytes() } - mi.setUnknown = func(p pointer, b pref.RawFields) { + mi.setUnknown = func(p pointer, b protoreflect.RawFields) { if p.IsNil() { panic("invalid SetUnknown on nil Message") } @@ -131,7 +131,7 @@ func (mi *MessageInfo) makeUnknownFieldsFunc(t reflect.Type, si structInfo) { } case si.unknownOffset.IsValid() && si.unknownType == unknownFieldsBType: // Handle as *[]byte. - mi.getUnknown = func(p pointer) pref.RawFields { + mi.getUnknown = func(p pointer) protoreflect.RawFields { if p.IsNil() { return nil } @@ -141,7 +141,7 @@ func (mi *MessageInfo) makeUnknownFieldsFunc(t reflect.Type, si structInfo) { } return **bp } - mi.setUnknown = func(p pointer, b pref.RawFields) { + mi.setUnknown = func(p pointer, b protoreflect.RawFields) { if p.IsNil() { panic("invalid SetUnknown on nil Message") } @@ -152,10 +152,10 @@ func (mi *MessageInfo) makeUnknownFieldsFunc(t reflect.Type, si structInfo) { **bp = b } default: - mi.getUnknown = func(pointer) pref.RawFields { + mi.getUnknown = func(pointer) protoreflect.RawFields { return nil } - mi.setUnknown = func(p pointer, _ pref.RawFields) { + mi.setUnknown = func(p pointer, _ protoreflect.RawFields) { if p.IsNil() { panic("invalid SetUnknown on nil Message") } @@ -224,7 +224,7 @@ func (mi *MessageInfo) makeFieldTypes(si structInfo) { } if ft != nil { if mi.fieldTypes == nil { - mi.fieldTypes = make(map[pref.FieldNumber]interface{}) + mi.fieldTypes = make(map[protoreflect.FieldNumber]interface{}) } mi.fieldTypes[fd.Number()] = reflect.Zero(ft).Interface() } @@ -233,7 +233,7 @@ func (mi *MessageInfo) makeFieldTypes(si structInfo) { type extensionMap map[int32]ExtensionField -func (m *extensionMap) Range(f func(pref.FieldDescriptor, pref.Value) bool) { +func (m *extensionMap) Range(f func(protoreflect.FieldDescriptor, protoreflect.Value) bool) { if m != nil { for _, x := range *m { xd := x.Type().TypeDescriptor() @@ -247,7 +247,7 @@ func (m *extensionMap) Range(f func(pref.FieldDescriptor, pref.Value) bool) { } } } -func (m *extensionMap) Has(xt pref.ExtensionType) (ok bool) { +func (m *extensionMap) Has(xt protoreflect.ExtensionType) (ok bool) { if m == nil { return false } @@ -266,10 +266,10 @@ func (m *extensionMap) Has(xt pref.ExtensionType) (ok bool) { } return true } -func (m *extensionMap) Clear(xt pref.ExtensionType) { +func (m *extensionMap) Clear(xt protoreflect.ExtensionType) { delete(*m, int32(xt.TypeDescriptor().Number())) } -func (m *extensionMap) Get(xt pref.ExtensionType) pref.Value { +func (m *extensionMap) Get(xt protoreflect.ExtensionType) protoreflect.Value { xd := xt.TypeDescriptor() if m != nil { if x, ok := (*m)[int32(xd.Number())]; ok { @@ -278,7 +278,7 @@ func (m *extensionMap) Get(xt pref.ExtensionType) pref.Value { } return xt.Zero() } -func (m *extensionMap) Set(xt pref.ExtensionType, v pref.Value) { +func (m *extensionMap) Set(xt protoreflect.ExtensionType, v protoreflect.Value) { xd := xt.TypeDescriptor() isValid := true switch { @@ -302,9 +302,9 @@ func (m *extensionMap) Set(xt pref.ExtensionType, v pref.Value) { x.Set(xt, v) (*m)[int32(xd.Number())] = x } -func (m *extensionMap) Mutable(xt pref.ExtensionType) pref.Value { +func (m *extensionMap) Mutable(xt protoreflect.ExtensionType) protoreflect.Value { xd := xt.TypeDescriptor() - if xd.Kind() != pref.MessageKind && xd.Kind() != pref.GroupKind && !xd.IsList() && !xd.IsMap() { + if xd.Kind() != protoreflect.MessageKind && xd.Kind() != protoreflect.GroupKind && !xd.IsList() && !xd.IsMap() { panic("invalid Mutable on field with non-composite type") } if x, ok := (*m)[int32(xd.Number())]; ok { @@ -320,7 +320,6 @@ func (m *extensionMap) Mutable(xt pref.ExtensionType) pref.Value { // in an allocation-free way without needing to have a shadow Go type generated // for every message type. This technique only works using unsafe. // -// // Example generated code: // // type M struct { @@ -351,12 +350,11 @@ func (m *extensionMap) Mutable(xt pref.ExtensionType) pref.Value { // It has access to the message info as its first field, and a pointer to the // MessageState is identical to a pointer to the concrete message value. // -// // Requirements: -// • The type M must implement protoreflect.ProtoMessage. -// • The address of m must not be nil. -// • The address of m and the address of m.state must be equal, -// even though they are different Go types. +// - The type M must implement protoreflect.ProtoMessage. +// - The address of m must not be nil. +// - The address of m and the address of m.state must be equal, +// even though they are different Go types. type MessageState struct { pragma.NoUnkeyedLiterals pragma.DoNotCompare @@ -368,8 +366,8 @@ type MessageState struct { type messageState MessageState var ( - _ pref.Message = (*messageState)(nil) - _ unwrapper = (*messageState)(nil) + _ protoreflect.Message = (*messageState)(nil) + _ unwrapper = (*messageState)(nil) ) // messageDataType is a tuple of a pointer to the message data and @@ -387,16 +385,16 @@ type ( ) var ( - _ pref.Message = (*messageReflectWrapper)(nil) - _ unwrapper = (*messageReflectWrapper)(nil) - _ pref.ProtoMessage = (*messageIfaceWrapper)(nil) - _ unwrapper = (*messageIfaceWrapper)(nil) + _ protoreflect.Message = (*messageReflectWrapper)(nil) + _ unwrapper = (*messageReflectWrapper)(nil) + _ protoreflect.ProtoMessage = (*messageIfaceWrapper)(nil) + _ unwrapper = (*messageIfaceWrapper)(nil) ) // MessageOf returns a reflective view over a message. The input must be a // pointer to a named Go struct. If the provided type has a ProtoReflect method, // it must be implemented by calling this method. -func (mi *MessageInfo) MessageOf(m interface{}) pref.Message { +func (mi *MessageInfo) MessageOf(m interface{}) protoreflect.Message { if reflect.TypeOf(m) != mi.GoReflectType { panic(fmt.Sprintf("type mismatch: got %T, want %v", m, mi.GoReflectType)) } @@ -421,7 +419,7 @@ func (m *messageIfaceWrapper) Reset() { rv.Elem().Set(reflect.Zero(rv.Type().Elem())) } } -func (m *messageIfaceWrapper) ProtoReflect() pref.Message { +func (m *messageIfaceWrapper) ProtoReflect() protoreflect.Message { return (*messageReflectWrapper)(m) } func (m *messageIfaceWrapper) protoUnwrap() interface{} { @@ -430,7 +428,7 @@ func (m *messageIfaceWrapper) protoUnwrap() interface{} { // checkField verifies that the provided field descriptor is valid. // Exactly one of the returned values is populated. -func (mi *MessageInfo) checkField(fd pref.FieldDescriptor) (*fieldInfo, pref.ExtensionType) { +func (mi *MessageInfo) checkField(fd protoreflect.FieldDescriptor) (*fieldInfo, protoreflect.ExtensionType) { var fi *fieldInfo if n := fd.Number(); 0 < n && int(n) < len(mi.denseFields) { fi = mi.denseFields[n] @@ -455,7 +453,7 @@ func (mi *MessageInfo) checkField(fd pref.FieldDescriptor) (*fieldInfo, pref.Ext if !mi.Desc.ExtensionRanges().Has(fd.Number()) { panic(fmt.Sprintf("extension %v extends %v outside the extension range", fd.FullName(), mi.Desc.FullName())) } - xtd, ok := fd.(pref.ExtensionTypeDescriptor) + xtd, ok := fd.(protoreflect.ExtensionTypeDescriptor) if !ok { panic(fmt.Sprintf("extension %v does not implement protoreflect.ExtensionTypeDescriptor", fd.FullName())) } diff --git a/vendor/google.golang.org/protobuf/internal/impl/message_reflect_field.go b/vendor/google.golang.org/protobuf/internal/impl/message_reflect_field.go index 343cf872197..5e736c60efc 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/message_reflect_field.go +++ b/vendor/google.golang.org/protobuf/internal/impl/message_reflect_field.go @@ -11,24 +11,24 @@ import ( "sync" "google.golang.org/protobuf/internal/flags" - pref "google.golang.org/protobuf/reflect/protoreflect" - preg "google.golang.org/protobuf/reflect/protoregistry" + "google.golang.org/protobuf/reflect/protoreflect" + "google.golang.org/protobuf/reflect/protoregistry" ) type fieldInfo struct { - fieldDesc pref.FieldDescriptor + fieldDesc protoreflect.FieldDescriptor // These fields are used for protobuf reflection support. has func(pointer) bool clear func(pointer) - get func(pointer) pref.Value - set func(pointer, pref.Value) - mutable func(pointer) pref.Value - newMessage func() pref.Message - newField func() pref.Value + get func(pointer) protoreflect.Value + set func(pointer, protoreflect.Value) + mutable func(pointer) protoreflect.Value + newMessage func() protoreflect.Message + newField func() protoreflect.Value } -func fieldInfoForMissing(fd pref.FieldDescriptor) fieldInfo { +func fieldInfoForMissing(fd protoreflect.FieldDescriptor) fieldInfo { // This never occurs for generated message types. // It implies that a hand-crafted type has missing Go fields // for specific protobuf message fields. @@ -40,19 +40,19 @@ func fieldInfoForMissing(fd pref.FieldDescriptor) fieldInfo { clear: func(p pointer) { panic("missing Go struct field for " + string(fd.FullName())) }, - get: func(p pointer) pref.Value { + get: func(p pointer) protoreflect.Value { return fd.Default() }, - set: func(p pointer, v pref.Value) { + set: func(p pointer, v protoreflect.Value) { panic("missing Go struct field for " + string(fd.FullName())) }, - mutable: func(p pointer) pref.Value { + mutable: func(p pointer) protoreflect.Value { panic("missing Go struct field for " + string(fd.FullName())) }, - newMessage: func() pref.Message { + newMessage: func() protoreflect.Message { panic("missing Go struct field for " + string(fd.FullName())) }, - newField: func() pref.Value { + newField: func() protoreflect.Value { if v := fd.Default(); v.IsValid() { return v } @@ -61,7 +61,7 @@ func fieldInfoForMissing(fd pref.FieldDescriptor) fieldInfo { } } -func fieldInfoForOneof(fd pref.FieldDescriptor, fs reflect.StructField, x exporter, ot reflect.Type) fieldInfo { +func fieldInfoForOneof(fd protoreflect.FieldDescriptor, fs reflect.StructField, x exporter, ot reflect.Type) fieldInfo { ft := fs.Type if ft.Kind() != reflect.Interface { panic(fmt.Sprintf("field %v has invalid type: got %v, want interface kind", fd.FullName(), ft)) @@ -102,7 +102,7 @@ func fieldInfoForOneof(fd pref.FieldDescriptor, fs reflect.StructField, x export } rv.Set(reflect.Zero(rv.Type())) }, - get: func(p pointer) pref.Value { + get: func(p pointer) protoreflect.Value { if p.IsNil() { return conv.Zero() } @@ -113,7 +113,7 @@ func fieldInfoForOneof(fd pref.FieldDescriptor, fs reflect.StructField, x export rv = rv.Elem().Elem().Field(0) return conv.PBValueOf(rv) }, - set: func(p pointer, v pref.Value) { + set: func(p pointer, v protoreflect.Value) { rv := p.Apply(fieldOffset).AsValueOf(fs.Type).Elem() if rv.IsNil() || rv.Elem().Type().Elem() != ot || rv.Elem().IsNil() { rv.Set(reflect.New(ot)) @@ -121,7 +121,7 @@ func fieldInfoForOneof(fd pref.FieldDescriptor, fs reflect.StructField, x export rv = rv.Elem().Elem().Field(0) rv.Set(conv.GoValueOf(v)) }, - mutable: func(p pointer) pref.Value { + mutable: func(p pointer) protoreflect.Value { if !isMessage { panic(fmt.Sprintf("field %v with invalid Mutable call on field with non-composite type", fd.FullName())) } @@ -131,20 +131,20 @@ func fieldInfoForOneof(fd pref.FieldDescriptor, fs reflect.StructField, x export } rv = rv.Elem().Elem().Field(0) if rv.Kind() == reflect.Ptr && rv.IsNil() { - rv.Set(conv.GoValueOf(pref.ValueOfMessage(conv.New().Message()))) + rv.Set(conv.GoValueOf(protoreflect.ValueOfMessage(conv.New().Message()))) } return conv.PBValueOf(rv) }, - newMessage: func() pref.Message { + newMessage: func() protoreflect.Message { return conv.New().Message() }, - newField: func() pref.Value { + newField: func() protoreflect.Value { return conv.New() }, } } -func fieldInfoForMap(fd pref.FieldDescriptor, fs reflect.StructField, x exporter) fieldInfo { +func fieldInfoForMap(fd protoreflect.FieldDescriptor, fs reflect.StructField, x exporter) fieldInfo { ft := fs.Type if ft.Kind() != reflect.Map { panic(fmt.Sprintf("field %v has invalid type: got %v, want map kind", fd.FullName(), ft)) @@ -166,7 +166,7 @@ func fieldInfoForMap(fd pref.FieldDescriptor, fs reflect.StructField, x exporter rv := p.Apply(fieldOffset).AsValueOf(fs.Type).Elem() rv.Set(reflect.Zero(rv.Type())) }, - get: func(p pointer) pref.Value { + get: func(p pointer) protoreflect.Value { if p.IsNil() { return conv.Zero() } @@ -176,7 +176,7 @@ func fieldInfoForMap(fd pref.FieldDescriptor, fs reflect.StructField, x exporter } return conv.PBValueOf(rv) }, - set: func(p pointer, v pref.Value) { + set: func(p pointer, v protoreflect.Value) { rv := p.Apply(fieldOffset).AsValueOf(fs.Type).Elem() pv := conv.GoValueOf(v) if pv.IsNil() { @@ -184,20 +184,20 @@ func fieldInfoForMap(fd pref.FieldDescriptor, fs reflect.StructField, x exporter } rv.Set(pv) }, - mutable: func(p pointer) pref.Value { + mutable: func(p pointer) protoreflect.Value { v := p.Apply(fieldOffset).AsValueOf(fs.Type).Elem() if v.IsNil() { v.Set(reflect.MakeMap(fs.Type)) } return conv.PBValueOf(v) }, - newField: func() pref.Value { + newField: func() protoreflect.Value { return conv.New() }, } } -func fieldInfoForList(fd pref.FieldDescriptor, fs reflect.StructField, x exporter) fieldInfo { +func fieldInfoForList(fd protoreflect.FieldDescriptor, fs reflect.StructField, x exporter) fieldInfo { ft := fs.Type if ft.Kind() != reflect.Slice { panic(fmt.Sprintf("field %v has invalid type: got %v, want slice kind", fd.FullName(), ft)) @@ -219,7 +219,7 @@ func fieldInfoForList(fd pref.FieldDescriptor, fs reflect.StructField, x exporte rv := p.Apply(fieldOffset).AsValueOf(fs.Type).Elem() rv.Set(reflect.Zero(rv.Type())) }, - get: func(p pointer) pref.Value { + get: func(p pointer) protoreflect.Value { if p.IsNil() { return conv.Zero() } @@ -229,7 +229,7 @@ func fieldInfoForList(fd pref.FieldDescriptor, fs reflect.StructField, x exporte } return conv.PBValueOf(rv) }, - set: func(p pointer, v pref.Value) { + set: func(p pointer, v protoreflect.Value) { rv := p.Apply(fieldOffset).AsValueOf(fs.Type).Elem() pv := conv.GoValueOf(v) if pv.IsNil() { @@ -237,11 +237,11 @@ func fieldInfoForList(fd pref.FieldDescriptor, fs reflect.StructField, x exporte } rv.Set(pv.Elem()) }, - mutable: func(p pointer) pref.Value { + mutable: func(p pointer) protoreflect.Value { v := p.Apply(fieldOffset).AsValueOf(fs.Type) return conv.PBValueOf(v) }, - newField: func() pref.Value { + newField: func() protoreflect.Value { return conv.New() }, } @@ -252,7 +252,7 @@ var ( emptyBytes = reflect.ValueOf([]byte{}) ) -func fieldInfoForScalar(fd pref.FieldDescriptor, fs reflect.StructField, x exporter) fieldInfo { +func fieldInfoForScalar(fd protoreflect.FieldDescriptor, fs reflect.StructField, x exporter) fieldInfo { ft := fs.Type nullable := fd.HasPresence() isBytes := ft.Kind() == reflect.Slice && ft.Elem().Kind() == reflect.Uint8 @@ -300,7 +300,7 @@ func fieldInfoForScalar(fd pref.FieldDescriptor, fs reflect.StructField, x expor rv := p.Apply(fieldOffset).AsValueOf(fs.Type).Elem() rv.Set(reflect.Zero(rv.Type())) }, - get: func(p pointer) pref.Value { + get: func(p pointer) protoreflect.Value { if p.IsNil() { return conv.Zero() } @@ -315,7 +315,7 @@ func fieldInfoForScalar(fd pref.FieldDescriptor, fs reflect.StructField, x expor } return conv.PBValueOf(rv) }, - set: func(p pointer, v pref.Value) { + set: func(p pointer, v protoreflect.Value) { rv := p.Apply(fieldOffset).AsValueOf(fs.Type).Elem() if nullable && rv.Kind() == reflect.Ptr { if rv.IsNil() { @@ -332,23 +332,23 @@ func fieldInfoForScalar(fd pref.FieldDescriptor, fs reflect.StructField, x expor } } }, - newField: func() pref.Value { + newField: func() protoreflect.Value { return conv.New() }, } } -func fieldInfoForWeakMessage(fd pref.FieldDescriptor, weakOffset offset) fieldInfo { +func fieldInfoForWeakMessage(fd protoreflect.FieldDescriptor, weakOffset offset) fieldInfo { if !flags.ProtoLegacy { panic("no support for proto1 weak fields") } var once sync.Once - var messageType pref.MessageType + var messageType protoreflect.MessageType lazyInit := func() { once.Do(func() { messageName := fd.Message().FullName() - messageType, _ = preg.GlobalTypes.FindMessageByName(messageName) + messageType, _ = protoregistry.GlobalTypes.FindMessageByName(messageName) if messageType == nil { panic(fmt.Sprintf("weak message %v for field %v is not linked in", messageName, fd.FullName())) } @@ -368,18 +368,18 @@ func fieldInfoForWeakMessage(fd pref.FieldDescriptor, weakOffset offset) fieldIn clear: func(p pointer) { p.Apply(weakOffset).WeakFields().clear(num) }, - get: func(p pointer) pref.Value { + get: func(p pointer) protoreflect.Value { lazyInit() if p.IsNil() { - return pref.ValueOfMessage(messageType.Zero()) + return protoreflect.ValueOfMessage(messageType.Zero()) } m, ok := p.Apply(weakOffset).WeakFields().get(num) if !ok { - return pref.ValueOfMessage(messageType.Zero()) + return protoreflect.ValueOfMessage(messageType.Zero()) } - return pref.ValueOfMessage(m.ProtoReflect()) + return protoreflect.ValueOfMessage(m.ProtoReflect()) }, - set: func(p pointer, v pref.Value) { + set: func(p pointer, v protoreflect.Value) { lazyInit() m := v.Message() if m.Descriptor() != messageType.Descriptor() { @@ -390,7 +390,7 @@ func fieldInfoForWeakMessage(fd pref.FieldDescriptor, weakOffset offset) fieldIn } p.Apply(weakOffset).WeakFields().set(num, m.Interface()) }, - mutable: func(p pointer) pref.Value { + mutable: func(p pointer) protoreflect.Value { lazyInit() fs := p.Apply(weakOffset).WeakFields() m, ok := fs.get(num) @@ -398,20 +398,20 @@ func fieldInfoForWeakMessage(fd pref.FieldDescriptor, weakOffset offset) fieldIn m = messageType.New().Interface() fs.set(num, m) } - return pref.ValueOfMessage(m.ProtoReflect()) + return protoreflect.ValueOfMessage(m.ProtoReflect()) }, - newMessage: func() pref.Message { + newMessage: func() protoreflect.Message { lazyInit() return messageType.New() }, - newField: func() pref.Value { + newField: func() protoreflect.Value { lazyInit() - return pref.ValueOfMessage(messageType.New()) + return protoreflect.ValueOfMessage(messageType.New()) }, } } -func fieldInfoForMessage(fd pref.FieldDescriptor, fs reflect.StructField, x exporter) fieldInfo { +func fieldInfoForMessage(fd protoreflect.FieldDescriptor, fs reflect.StructField, x exporter) fieldInfo { ft := fs.Type conv := NewConverter(ft, fd) @@ -433,47 +433,47 @@ func fieldInfoForMessage(fd pref.FieldDescriptor, fs reflect.StructField, x expo rv := p.Apply(fieldOffset).AsValueOf(fs.Type).Elem() rv.Set(reflect.Zero(rv.Type())) }, - get: func(p pointer) pref.Value { + get: func(p pointer) protoreflect.Value { if p.IsNil() { return conv.Zero() } rv := p.Apply(fieldOffset).AsValueOf(fs.Type).Elem() return conv.PBValueOf(rv) }, - set: func(p pointer, v pref.Value) { + set: func(p pointer, v protoreflect.Value) { rv := p.Apply(fieldOffset).AsValueOf(fs.Type).Elem() rv.Set(conv.GoValueOf(v)) if fs.Type.Kind() == reflect.Ptr && rv.IsNil() { panic(fmt.Sprintf("field %v has invalid nil pointer", fd.FullName())) } }, - mutable: func(p pointer) pref.Value { + mutable: func(p pointer) protoreflect.Value { rv := p.Apply(fieldOffset).AsValueOf(fs.Type).Elem() if fs.Type.Kind() == reflect.Ptr && rv.IsNil() { rv.Set(conv.GoValueOf(conv.New())) } return conv.PBValueOf(rv) }, - newMessage: func() pref.Message { + newMessage: func() protoreflect.Message { return conv.New().Message() }, - newField: func() pref.Value { + newField: func() protoreflect.Value { return conv.New() }, } } type oneofInfo struct { - oneofDesc pref.OneofDescriptor - which func(pointer) pref.FieldNumber + oneofDesc protoreflect.OneofDescriptor + which func(pointer) protoreflect.FieldNumber } -func makeOneofInfo(od pref.OneofDescriptor, si structInfo, x exporter) *oneofInfo { +func makeOneofInfo(od protoreflect.OneofDescriptor, si structInfo, x exporter) *oneofInfo { oi := &oneofInfo{oneofDesc: od} if od.IsSynthetic() { fs := si.fieldsByNumber[od.Fields().Get(0).Number()] fieldOffset := offsetOf(fs, x) - oi.which = func(p pointer) pref.FieldNumber { + oi.which = func(p pointer) protoreflect.FieldNumber { if p.IsNil() { return 0 } @@ -486,7 +486,7 @@ func makeOneofInfo(od pref.OneofDescriptor, si structInfo, x exporter) *oneofInf } else { fs := si.oneofsByName[od.Name()] fieldOffset := offsetOf(fs, x) - oi.which = func(p pointer) pref.FieldNumber { + oi.which = func(p pointer) protoreflect.FieldNumber { if p.IsNil() { return 0 } diff --git a/vendor/google.golang.org/protobuf/internal/impl/validate.go b/vendor/google.golang.org/protobuf/internal/impl/validate.go index 08cfb6054b4..a24e6bbd7a5 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/validate.go +++ b/vendor/google.golang.org/protobuf/internal/impl/validate.go @@ -16,9 +16,9 @@ import ( "google.golang.org/protobuf/internal/flags" "google.golang.org/protobuf/internal/genid" "google.golang.org/protobuf/internal/strs" - pref "google.golang.org/protobuf/reflect/protoreflect" - preg "google.golang.org/protobuf/reflect/protoregistry" - piface "google.golang.org/protobuf/runtime/protoiface" + "google.golang.org/protobuf/reflect/protoreflect" + "google.golang.org/protobuf/reflect/protoregistry" + "google.golang.org/protobuf/runtime/protoiface" ) // ValidationStatus is the result of validating the wire-format encoding of a message. @@ -56,20 +56,20 @@ func (v ValidationStatus) String() string { // of the message type. // // This function is exposed for testing. -func Validate(mt pref.MessageType, in piface.UnmarshalInput) (out piface.UnmarshalOutput, _ ValidationStatus) { +func Validate(mt protoreflect.MessageType, in protoiface.UnmarshalInput) (out protoiface.UnmarshalOutput, _ ValidationStatus) { mi, ok := mt.(*MessageInfo) if !ok { return out, ValidationUnknown } if in.Resolver == nil { - in.Resolver = preg.GlobalTypes + in.Resolver = protoregistry.GlobalTypes } o, st := mi.validate(in.Buf, 0, unmarshalOptions{ flags: in.Flags, resolver: in.Resolver, }) if o.initialized { - out.Flags |= piface.UnmarshalInitialized + out.Flags |= protoiface.UnmarshalInitialized } return out, st } @@ -106,22 +106,22 @@ const ( validationTypeMessageSetItem ) -func newFieldValidationInfo(mi *MessageInfo, si structInfo, fd pref.FieldDescriptor, ft reflect.Type) validationInfo { +func newFieldValidationInfo(mi *MessageInfo, si structInfo, fd protoreflect.FieldDescriptor, ft reflect.Type) validationInfo { var vi validationInfo switch { case fd.ContainingOneof() != nil && !fd.ContainingOneof().IsSynthetic(): switch fd.Kind() { - case pref.MessageKind: + case protoreflect.MessageKind: vi.typ = validationTypeMessage if ot, ok := si.oneofWrappersByNumber[fd.Number()]; ok { vi.mi = getMessageInfo(ot.Field(0).Type) } - case pref.GroupKind: + case protoreflect.GroupKind: vi.typ = validationTypeGroup if ot, ok := si.oneofWrappersByNumber[fd.Number()]; ok { vi.mi = getMessageInfo(ot.Field(0).Type) } - case pref.StringKind: + case protoreflect.StringKind: if strs.EnforceUTF8(fd) { vi.typ = validationTypeUTF8String } @@ -129,7 +129,7 @@ func newFieldValidationInfo(mi *MessageInfo, si structInfo, fd pref.FieldDescrip default: vi = newValidationInfo(fd, ft) } - if fd.Cardinality() == pref.Required { + if fd.Cardinality() == protoreflect.Required { // Avoid overflow. The required field check is done with a 64-bit mask, with // any message containing more than 64 required fields always reported as // potentially uninitialized, so it is not important to get a precise count @@ -142,22 +142,22 @@ func newFieldValidationInfo(mi *MessageInfo, si structInfo, fd pref.FieldDescrip return vi } -func newValidationInfo(fd pref.FieldDescriptor, ft reflect.Type) validationInfo { +func newValidationInfo(fd protoreflect.FieldDescriptor, ft reflect.Type) validationInfo { var vi validationInfo switch { case fd.IsList(): switch fd.Kind() { - case pref.MessageKind: + case protoreflect.MessageKind: vi.typ = validationTypeMessage if ft.Kind() == reflect.Slice { vi.mi = getMessageInfo(ft.Elem()) } - case pref.GroupKind: + case protoreflect.GroupKind: vi.typ = validationTypeGroup if ft.Kind() == reflect.Slice { vi.mi = getMessageInfo(ft.Elem()) } - case pref.StringKind: + case protoreflect.StringKind: vi.typ = validationTypeBytes if strs.EnforceUTF8(fd) { vi.typ = validationTypeUTF8String @@ -175,33 +175,33 @@ func newValidationInfo(fd pref.FieldDescriptor, ft reflect.Type) validationInfo case fd.IsMap(): vi.typ = validationTypeMap switch fd.MapKey().Kind() { - case pref.StringKind: + case protoreflect.StringKind: if strs.EnforceUTF8(fd) { vi.keyType = validationTypeUTF8String } } switch fd.MapValue().Kind() { - case pref.MessageKind: + case protoreflect.MessageKind: vi.valType = validationTypeMessage if ft.Kind() == reflect.Map { vi.mi = getMessageInfo(ft.Elem()) } - case pref.StringKind: + case protoreflect.StringKind: if strs.EnforceUTF8(fd) { vi.valType = validationTypeUTF8String } } default: switch fd.Kind() { - case pref.MessageKind: + case protoreflect.MessageKind: vi.typ = validationTypeMessage if !fd.IsWeak() { vi.mi = getMessageInfo(ft) } - case pref.GroupKind: + case protoreflect.GroupKind: vi.typ = validationTypeGroup vi.mi = getMessageInfo(ft) - case pref.StringKind: + case protoreflect.StringKind: vi.typ = validationTypeBytes if strs.EnforceUTF8(fd) { vi.typ = validationTypeUTF8String @@ -314,11 +314,11 @@ State: break } messageName := fd.Message().FullName() - messageType, err := preg.GlobalTypes.FindMessageByName(messageName) + messageType, err := protoregistry.GlobalTypes.FindMessageByName(messageName) switch err { case nil: vi.mi, _ = messageType.(*MessageInfo) - case preg.NotFound: + case protoregistry.NotFound: vi.typ = validationTypeBytes default: return out, ValidationUnknown @@ -335,7 +335,7 @@ State: // unmarshaling to begin failing. Supporting this requires some way to // determine if the resolver is frozen. xt, err := opts.resolver.FindExtensionByNumber(st.mi.Desc.FullName(), num) - if err != nil && err != preg.NotFound { + if err != nil && err != protoregistry.NotFound { return out, ValidationUnknown } if err == nil { @@ -513,7 +513,7 @@ State: } xt, err := opts.resolver.FindExtensionByNumber(st.mi.Desc.FullName(), typeid) switch { - case err == preg.NotFound: + case err == protoregistry.NotFound: b = b[n:] case err != nil: return out, ValidationUnknown diff --git a/vendor/google.golang.org/protobuf/internal/impl/weak.go b/vendor/google.golang.org/protobuf/internal/impl/weak.go index 009cbefd1ed..eb79a7ba94c 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/weak.go +++ b/vendor/google.golang.org/protobuf/internal/impl/weak.go @@ -7,7 +7,7 @@ package impl import ( "fmt" - pref "google.golang.org/protobuf/reflect/protoreflect" + "google.golang.org/protobuf/reflect/protoreflect" "google.golang.org/protobuf/reflect/protoregistry" ) @@ -17,32 +17,32 @@ import ( // defined directly on it. type weakFields WeakFields -func (w weakFields) get(num pref.FieldNumber) (pref.ProtoMessage, bool) { +func (w weakFields) get(num protoreflect.FieldNumber) (protoreflect.ProtoMessage, bool) { m, ok := w[int32(num)] return m, ok } -func (w *weakFields) set(num pref.FieldNumber, m pref.ProtoMessage) { +func (w *weakFields) set(num protoreflect.FieldNumber, m protoreflect.ProtoMessage) { if *w == nil { *w = make(weakFields) } (*w)[int32(num)] = m } -func (w *weakFields) clear(num pref.FieldNumber) { +func (w *weakFields) clear(num protoreflect.FieldNumber) { delete(*w, int32(num)) } -func (Export) HasWeak(w WeakFields, num pref.FieldNumber) bool { +func (Export) HasWeak(w WeakFields, num protoreflect.FieldNumber) bool { _, ok := w[int32(num)] return ok } -func (Export) ClearWeak(w *WeakFields, num pref.FieldNumber) { +func (Export) ClearWeak(w *WeakFields, num protoreflect.FieldNumber) { delete(*w, int32(num)) } -func (Export) GetWeak(w WeakFields, num pref.FieldNumber, name pref.FullName) pref.ProtoMessage { +func (Export) GetWeak(w WeakFields, num protoreflect.FieldNumber, name protoreflect.FullName) protoreflect.ProtoMessage { if m, ok := w[int32(num)]; ok { return m } @@ -53,7 +53,7 @@ func (Export) GetWeak(w WeakFields, num pref.FieldNumber, name pref.FullName) pr return mt.Zero().Interface() } -func (Export) SetWeak(w *WeakFields, num pref.FieldNumber, name pref.FullName, m pref.ProtoMessage) { +func (Export) SetWeak(w *WeakFields, num protoreflect.FieldNumber, name protoreflect.FullName, m protoreflect.ProtoMessage) { if m != nil { mt, _ := protoregistry.GlobalTypes.FindMessageByName(name) if mt == nil { diff --git a/vendor/google.golang.org/protobuf/internal/order/order.go b/vendor/google.golang.org/protobuf/internal/order/order.go index 2a24953f6a4..33745ed0625 100644 --- a/vendor/google.golang.org/protobuf/internal/order/order.go +++ b/vendor/google.golang.org/protobuf/internal/order/order.go @@ -5,12 +5,12 @@ package order import ( - pref "google.golang.org/protobuf/reflect/protoreflect" + "google.golang.org/protobuf/reflect/protoreflect" ) // FieldOrder specifies the ordering to visit message fields. // It is a function that reports whether x is ordered before y. -type FieldOrder func(x, y pref.FieldDescriptor) bool +type FieldOrder func(x, y protoreflect.FieldDescriptor) bool var ( // AnyFieldOrder specifies no specific field ordering. @@ -18,9 +18,9 @@ var ( // LegacyFieldOrder sorts fields in the same ordering as emitted by // wire serialization in the github.com/golang/protobuf implementation. - LegacyFieldOrder FieldOrder = func(x, y pref.FieldDescriptor) bool { + LegacyFieldOrder FieldOrder = func(x, y protoreflect.FieldDescriptor) bool { ox, oy := x.ContainingOneof(), y.ContainingOneof() - inOneof := func(od pref.OneofDescriptor) bool { + inOneof := func(od protoreflect.OneofDescriptor) bool { return od != nil && !od.IsSynthetic() } @@ -41,14 +41,14 @@ var ( } // NumberFieldOrder sorts fields by their field number. - NumberFieldOrder FieldOrder = func(x, y pref.FieldDescriptor) bool { + NumberFieldOrder FieldOrder = func(x, y protoreflect.FieldDescriptor) bool { return x.Number() < y.Number() } // IndexNameFieldOrder sorts non-extension fields before extension fields. // Non-extensions are sorted according to their declaration index. // Extensions are sorted according to their full name. - IndexNameFieldOrder FieldOrder = func(x, y pref.FieldDescriptor) bool { + IndexNameFieldOrder FieldOrder = func(x, y protoreflect.FieldDescriptor) bool { // Non-extension fields sort before extension fields. if x.IsExtension() != y.IsExtension() { return !x.IsExtension() && y.IsExtension() @@ -64,7 +64,7 @@ var ( // KeyOrder specifies the ordering to visit map entries. // It is a function that reports whether x is ordered before y. -type KeyOrder func(x, y pref.MapKey) bool +type KeyOrder func(x, y protoreflect.MapKey) bool var ( // AnyKeyOrder specifies no specific key ordering. @@ -72,7 +72,7 @@ var ( // GenericKeyOrder sorts false before true, numeric keys in ascending order, // and strings in lexicographical ordering according to UTF-8 codepoints. - GenericKeyOrder KeyOrder = func(x, y pref.MapKey) bool { + GenericKeyOrder KeyOrder = func(x, y protoreflect.MapKey) bool { switch x.Interface().(type) { case bool: return !x.Bool() && y.Bool() diff --git a/vendor/google.golang.org/protobuf/internal/order/range.go b/vendor/google.golang.org/protobuf/internal/order/range.go index c8090e0c547..1665a68e5b7 100644 --- a/vendor/google.golang.org/protobuf/internal/order/range.go +++ b/vendor/google.golang.org/protobuf/internal/order/range.go @@ -9,12 +9,12 @@ import ( "sort" "sync" - pref "google.golang.org/protobuf/reflect/protoreflect" + "google.golang.org/protobuf/reflect/protoreflect" ) type messageField struct { - fd pref.FieldDescriptor - v pref.Value + fd protoreflect.FieldDescriptor + v protoreflect.Value } var messageFieldPool = sync.Pool{ @@ -25,8 +25,8 @@ type ( // FieldRnger is an interface for visiting all fields in a message. // The protoreflect.Message type implements this interface. FieldRanger interface{ Range(VisitField) } - // VisitField is called everytime a message field is visited. - VisitField = func(pref.FieldDescriptor, pref.Value) bool + // VisitField is called every time a message field is visited. + VisitField = func(protoreflect.FieldDescriptor, protoreflect.Value) bool ) // RangeFields iterates over the fields of fs according to the specified order. @@ -47,7 +47,7 @@ func RangeFields(fs FieldRanger, less FieldOrder, fn VisitField) { }() // Collect all fields in the message and sort them. - fs.Range(func(fd pref.FieldDescriptor, v pref.Value) bool { + fs.Range(func(fd protoreflect.FieldDescriptor, v protoreflect.Value) bool { fields = append(fields, messageField{fd, v}) return true }) @@ -64,8 +64,8 @@ func RangeFields(fs FieldRanger, less FieldOrder, fn VisitField) { } type mapEntry struct { - k pref.MapKey - v pref.Value + k protoreflect.MapKey + v protoreflect.Value } var mapEntryPool = sync.Pool{ @@ -76,8 +76,8 @@ type ( // EntryRanger is an interface for visiting all fields in a message. // The protoreflect.Map type implements this interface. EntryRanger interface{ Range(VisitEntry) } - // VisitEntry is called everytime a map entry is visited. - VisitEntry = func(pref.MapKey, pref.Value) bool + // VisitEntry is called every time a map entry is visited. + VisitEntry = func(protoreflect.MapKey, protoreflect.Value) bool ) // RangeEntries iterates over the entries of es according to the specified order. @@ -98,7 +98,7 @@ func RangeEntries(es EntryRanger, less KeyOrder, fn VisitEntry) { }() // Collect all entries in the map and sort them. - es.Range(func(k pref.MapKey, v pref.Value) bool { + es.Range(func(k protoreflect.MapKey, v protoreflect.Value) bool { entries = append(entries, mapEntry{k, v}) return true }) diff --git a/vendor/google.golang.org/protobuf/internal/strs/strings_unsafe.go b/vendor/google.golang.org/protobuf/internal/strs/strings_unsafe.go index 56a8a4ed3c9..fea589c457e 100644 --- a/vendor/google.golang.org/protobuf/internal/strs/strings_unsafe.go +++ b/vendor/google.golang.org/protobuf/internal/strs/strings_unsafe.go @@ -10,7 +10,7 @@ package strs import ( "unsafe" - pref "google.golang.org/protobuf/reflect/protoreflect" + "google.golang.org/protobuf/reflect/protoreflect" ) type ( @@ -59,7 +59,7 @@ type Builder struct { // AppendFullName is equivalent to protoreflect.FullName.Append, // but optimized for large batches where each name has a shared lifetime. -func (sb *Builder) AppendFullName(prefix pref.FullName, name pref.Name) pref.FullName { +func (sb *Builder) AppendFullName(prefix protoreflect.FullName, name protoreflect.Name) protoreflect.FullName { n := len(prefix) + len(".") + len(name) if len(prefix) == 0 { n -= len(".") @@ -68,7 +68,7 @@ func (sb *Builder) AppendFullName(prefix pref.FullName, name pref.Name) pref.Ful sb.buf = append(sb.buf, prefix...) sb.buf = append(sb.buf, '.') sb.buf = append(sb.buf, name...) - return pref.FullName(sb.last(n)) + return protoreflect.FullName(sb.last(n)) } // MakeString is equivalent to string(b), but optimized for large batches diff --git a/vendor/google.golang.org/protobuf/internal/version/version.go b/vendor/google.golang.org/protobuf/internal/version/version.go index 3d40d5249e9..b480c5010f1 100644 --- a/vendor/google.golang.org/protobuf/internal/version/version.go +++ b/vendor/google.golang.org/protobuf/internal/version/version.go @@ -12,54 +12,54 @@ import ( // These constants determine the current version of this module. // -// // For our release process, we enforce the following rules: -// * Tagged releases use a tag that is identical to String. -// * Tagged releases never reference a commit where the String -// contains "devel". -// * The set of all commits in this repository where String -// does not contain "devel" must have a unique String. -// +// - Tagged releases use a tag that is identical to String. +// - Tagged releases never reference a commit where the String +// contains "devel". +// - The set of all commits in this repository where String +// does not contain "devel" must have a unique String. // // Steps for tagging a new release: -// 1. Create a new CL. // -// 2. Update Minor, Patch, and/or PreRelease as necessary. -// PreRelease must not contain the string "devel". +// 1. Create a new CL. // -// 3. Since the last released minor version, have there been any changes to -// generator that relies on new functionality in the runtime? -// If yes, then increment RequiredGenerated. +// 2. Update Minor, Patch, and/or PreRelease as necessary. +// PreRelease must not contain the string "devel". // -// 4. Since the last released minor version, have there been any changes to -// the runtime that removes support for old .pb.go source code? -// If yes, then increment SupportMinimum. +// 3. Since the last released minor version, have there been any changes to +// generator that relies on new functionality in the runtime? +// If yes, then increment RequiredGenerated. // -// 5. Send out the CL for review and submit it. -// Note that the next CL in step 8 must be submitted after this CL -// without any other CLs in-between. +// 4. Since the last released minor version, have there been any changes to +// the runtime that removes support for old .pb.go source code? +// If yes, then increment SupportMinimum. // -// 6. Tag a new version, where the tag is is the current String. +// 5. Send out the CL for review and submit it. +// Note that the next CL in step 8 must be submitted after this CL +// without any other CLs in-between. // -// 7. Write release notes for all notable changes -// between this release and the last release. +// 6. Tag a new version, where the tag is is the current String. // -// 8. Create a new CL. +// 7. Write release notes for all notable changes +// between this release and the last release. // -// 9. Update PreRelease to include the string "devel". -// For example: "" -> "devel" or "rc.1" -> "rc.1.devel" +// 8. Create a new CL. // -// 10. Send out the CL for review and submit it. +// 9. Update PreRelease to include the string "devel". +// For example: "" -> "devel" or "rc.1" -> "rc.1.devel" +// +// 10. Send out the CL for review and submit it. const ( Major = 1 Minor = 28 - Patch = 0 + Patch = 1 PreRelease = "" ) // String formats the version string for this module in semver format. // // Examples: +// // v1.20.1 // v1.21.0-rc.1 func String() string { diff --git a/vendor/google.golang.org/protobuf/proto/decode.go b/vendor/google.golang.org/protobuf/proto/decode.go index 11bf7173be9..48d47946bb1 100644 --- a/vendor/google.golang.org/protobuf/proto/decode.go +++ b/vendor/google.golang.org/protobuf/proto/decode.go @@ -19,7 +19,8 @@ import ( // UnmarshalOptions configures the unmarshaler. // // Example usage: -// err := UnmarshalOptions{DiscardUnknown: true}.Unmarshal(b, m) +// +// err := UnmarshalOptions{DiscardUnknown: true}.Unmarshal(b, m) type UnmarshalOptions struct { pragma.NoUnkeyedLiterals diff --git a/vendor/google.golang.org/protobuf/proto/doc.go b/vendor/google.golang.org/protobuf/proto/doc.go index c52d8c4ab79..08d2a46f535 100644 --- a/vendor/google.golang.org/protobuf/proto/doc.go +++ b/vendor/google.golang.org/protobuf/proto/doc.go @@ -6,18 +6,17 @@ // // For documentation on protocol buffers in general, see: // -// https://developers.google.com/protocol-buffers +// https://developers.google.com/protocol-buffers // // For a tutorial on using protocol buffers with Go, see: // -// https://developers.google.com/protocol-buffers/docs/gotutorial +// https://developers.google.com/protocol-buffers/docs/gotutorial // // For a guide to generated Go protocol buffer code, see: // -// https://developers.google.com/protocol-buffers/docs/reference/go-generated +// https://developers.google.com/protocol-buffers/docs/reference/go-generated // -// -// Binary serialization +// # Binary serialization // // This package contains functions to convert to and from the wire format, // an efficient binary serialization of protocol buffers. @@ -30,8 +29,7 @@ // • Unmarshal converts a message from the wire format. // The UnmarshalOptions type provides more control over wire unmarshaling. // -// -// Basic message operations +// # Basic message operations // // • Clone makes a deep copy of a message. // @@ -45,8 +43,7 @@ // // • CheckInitialized reports whether all required fields in a message are set. // -// -// Optional scalar constructors +// # Optional scalar constructors // // The API for some generated messages represents optional scalar fields // as pointers to a value. For example, an optional string field has the @@ -61,16 +58,14 @@ // // Optional scalar fields are only supported in proto2. // -// -// Extension accessors +// # Extension accessors // // • HasExtension, GetExtension, SetExtension, and ClearExtension // access extension field values in a protocol buffer message. // // Extension fields are only supported in proto2. // -// -// Related packages +// # Related packages // // • Package "google.golang.org/protobuf/encoding/protojson" converts messages to // and from JSON. diff --git a/vendor/google.golang.org/protobuf/proto/encode.go b/vendor/google.golang.org/protobuf/proto/encode.go index d18239c2372..bf7f816d0e8 100644 --- a/vendor/google.golang.org/protobuf/proto/encode.go +++ b/vendor/google.golang.org/protobuf/proto/encode.go @@ -16,7 +16,8 @@ import ( // MarshalOptions configures the marshaler. // // Example usage: -// b, err := MarshalOptions{Deterministic: true}.Marshal(m) +// +// b, err := MarshalOptions{Deterministic: true}.Marshal(m) type MarshalOptions struct { pragma.NoUnkeyedLiterals @@ -101,7 +102,9 @@ func (o MarshalOptions) Marshal(m Message) ([]byte, error) { // otherwise it returns a non-nil empty buffer. // // This is to assist the edge-case where user-code does the following: +// // m1.OptionalBytes, _ = proto.Marshal(m2) +// // where they expect the proto2 "optional_bytes" field to be populated // if any only if m2 is a valid message. func emptyBytesForMessage(m Message) []byte { diff --git a/vendor/google.golang.org/protobuf/proto/equal.go b/vendor/google.golang.org/protobuf/proto/equal.go index 4dba2b96997..67948dd1df8 100644 --- a/vendor/google.golang.org/protobuf/proto/equal.go +++ b/vendor/google.golang.org/protobuf/proto/equal.go @@ -10,7 +10,7 @@ import ( "reflect" "google.golang.org/protobuf/encoding/protowire" - pref "google.golang.org/protobuf/reflect/protoreflect" + "google.golang.org/protobuf/reflect/protoreflect" ) // Equal reports whether two messages are equal. @@ -33,6 +33,10 @@ func Equal(x, y Message) bool { if x == nil || y == nil { return x == nil && y == nil } + if reflect.TypeOf(x).Kind() == reflect.Ptr && x == y { + // Avoid an expensive comparison if both inputs are identical pointers. + return true + } mx := x.ProtoReflect() my := y.ProtoReflect() if mx.IsValid() != my.IsValid() { @@ -42,14 +46,14 @@ func Equal(x, y Message) bool { } // equalMessage compares two messages. -func equalMessage(mx, my pref.Message) bool { +func equalMessage(mx, my protoreflect.Message) bool { if mx.Descriptor() != my.Descriptor() { return false } nx := 0 equal := true - mx.Range(func(fd pref.FieldDescriptor, vx pref.Value) bool { + mx.Range(func(fd protoreflect.FieldDescriptor, vx protoreflect.Value) bool { nx++ vy := my.Get(fd) equal = my.Has(fd) && equalField(fd, vx, vy) @@ -59,7 +63,7 @@ func equalMessage(mx, my pref.Message) bool { return false } ny := 0 - my.Range(func(fd pref.FieldDescriptor, vx pref.Value) bool { + my.Range(func(fd protoreflect.FieldDescriptor, vx protoreflect.Value) bool { ny++ return true }) @@ -71,7 +75,7 @@ func equalMessage(mx, my pref.Message) bool { } // equalField compares two fields. -func equalField(fd pref.FieldDescriptor, x, y pref.Value) bool { +func equalField(fd protoreflect.FieldDescriptor, x, y protoreflect.Value) bool { switch { case fd.IsList(): return equalList(fd, x.List(), y.List()) @@ -83,12 +87,12 @@ func equalField(fd pref.FieldDescriptor, x, y pref.Value) bool { } // equalMap compares two maps. -func equalMap(fd pref.FieldDescriptor, x, y pref.Map) bool { +func equalMap(fd protoreflect.FieldDescriptor, x, y protoreflect.Map) bool { if x.Len() != y.Len() { return false } equal := true - x.Range(func(k pref.MapKey, vx pref.Value) bool { + x.Range(func(k protoreflect.MapKey, vx protoreflect.Value) bool { vy := y.Get(k) equal = y.Has(k) && equalValue(fd.MapValue(), vx, vy) return equal @@ -97,7 +101,7 @@ func equalMap(fd pref.FieldDescriptor, x, y pref.Map) bool { } // equalList compares two lists. -func equalList(fd pref.FieldDescriptor, x, y pref.List) bool { +func equalList(fd protoreflect.FieldDescriptor, x, y protoreflect.List) bool { if x.Len() != y.Len() { return false } @@ -110,31 +114,31 @@ func equalList(fd pref.FieldDescriptor, x, y pref.List) bool { } // equalValue compares two singular values. -func equalValue(fd pref.FieldDescriptor, x, y pref.Value) bool { +func equalValue(fd protoreflect.FieldDescriptor, x, y protoreflect.Value) bool { switch fd.Kind() { - case pref.BoolKind: + case protoreflect.BoolKind: return x.Bool() == y.Bool() - case pref.EnumKind: + case protoreflect.EnumKind: return x.Enum() == y.Enum() - case pref.Int32Kind, pref.Sint32Kind, - pref.Int64Kind, pref.Sint64Kind, - pref.Sfixed32Kind, pref.Sfixed64Kind: + case protoreflect.Int32Kind, protoreflect.Sint32Kind, + protoreflect.Int64Kind, protoreflect.Sint64Kind, + protoreflect.Sfixed32Kind, protoreflect.Sfixed64Kind: return x.Int() == y.Int() - case pref.Uint32Kind, pref.Uint64Kind, - pref.Fixed32Kind, pref.Fixed64Kind: + case protoreflect.Uint32Kind, protoreflect.Uint64Kind, + protoreflect.Fixed32Kind, protoreflect.Fixed64Kind: return x.Uint() == y.Uint() - case pref.FloatKind, pref.DoubleKind: + case protoreflect.FloatKind, protoreflect.DoubleKind: fx := x.Float() fy := y.Float() if math.IsNaN(fx) || math.IsNaN(fy) { return math.IsNaN(fx) && math.IsNaN(fy) } return fx == fy - case pref.StringKind: + case protoreflect.StringKind: return x.String() == y.String() - case pref.BytesKind: + case protoreflect.BytesKind: return bytes.Equal(x.Bytes(), y.Bytes()) - case pref.MessageKind, pref.GroupKind: + case protoreflect.MessageKind, protoreflect.GroupKind: return equalMessage(x.Message(), y.Message()) default: return x.Interface() == y.Interface() @@ -143,7 +147,7 @@ func equalValue(fd pref.FieldDescriptor, x, y pref.Value) bool { // equalUnknown compares unknown fields by direct comparison on the raw bytes // of each individual field number. -func equalUnknown(x, y pref.RawFields) bool { +func equalUnknown(x, y protoreflect.RawFields) bool { if len(x) != len(y) { return false } @@ -151,8 +155,8 @@ func equalUnknown(x, y pref.RawFields) bool { return true } - mx := make(map[pref.FieldNumber]pref.RawFields) - my := make(map[pref.FieldNumber]pref.RawFields) + mx := make(map[protoreflect.FieldNumber]protoreflect.RawFields) + my := make(map[protoreflect.FieldNumber]protoreflect.RawFields) for len(x) > 0 { fnum, _, n := protowire.ConsumeField(x) mx[fnum] = append(mx[fnum], x[:n]...) diff --git a/vendor/google.golang.org/protobuf/reflect/protoreflect/proto.go b/vendor/google.golang.org/protobuf/reflect/protoreflect/proto.go index dd85915bd4b..55aa14922b0 100644 --- a/vendor/google.golang.org/protobuf/reflect/protoreflect/proto.go +++ b/vendor/google.golang.org/protobuf/reflect/protoreflect/proto.go @@ -8,8 +8,7 @@ // defined in proto source files and value interfaces which provide the // ability to examine and manipulate the contents of messages. // -// -// Protocol Buffer Descriptors +// # Protocol Buffer Descriptors // // Protobuf descriptors (e.g., EnumDescriptor or MessageDescriptor) // are immutable objects that represent protobuf type information. @@ -26,8 +25,7 @@ // The "google.golang.org/protobuf/reflect/protodesc" package converts between // google.protobuf.DescriptorProto messages and protobuf descriptors. // -// -// Go Type Descriptors +// # Go Type Descriptors // // A type descriptor (e.g., EnumType or MessageType) is a constructor for // a concrete Go type that represents the associated protobuf descriptor. @@ -41,8 +39,7 @@ // The "google.golang.org/protobuf/types/dynamicpb" package can be used to // create Go type descriptors from protobuf descriptors. // -// -// Value Interfaces +// # Value Interfaces // // The Enum and Message interfaces provide a reflective view over an // enum or message instance. For enums, it provides the ability to retrieve @@ -55,13 +52,11 @@ // The "github.com/golang/protobuf/proto".MessageReflect function can be used // to obtain a reflective view on older messages. // -// -// Relationships +// # Relationships // // The following diagrams demonstrate the relationships between // various types declared in this package. // -// // ┌───────────────────────────────────┠// V │ // ┌────────────── New(n) ─────────────┠│ @@ -83,7 +78,6 @@ // // • An Enum is a concrete enum instance. Generated enums implement Enum. // -// // ┌──────────────── New() ─────────────────┠// │ │ // │ ┌─── Descriptor() ─────┠│ ┌── Interface() ───┠@@ -98,12 +92,22 @@ // // • A MessageType describes a concrete Go message type. // It has a MessageDescriptor and can construct a Message instance. +// Just as how Go's reflect.Type is a reflective description of a Go type, +// a MessageType is a reflective description of a Go type for a protobuf message. // // • A MessageDescriptor describes an abstract protobuf message type. -// -// • A Message is a concrete message instance. Generated messages implement -// ProtoMessage, which can convert to/from a Message. -// +// It has no understanding of Go types. In order to construct a MessageType +// from just a MessageDescriptor, you can consider looking up the message type +// in the global registry using protoregistry.GlobalTypes.FindMessageByName +// or constructing a dynamic MessageType using dynamicpb.NewMessageType. +// +// • A Message is a reflective view over a concrete message instance. +// Generated messages implement ProtoMessage, which can convert to a Message. +// Just as how Go's reflect.Value is a reflective view over a Go value, +// a Message is a reflective view over a concrete protobuf message instance. +// Using Go reflection as an analogy, the ProtoReflect method is similar to +// calling reflect.ValueOf, and the Message.Interface method is similar to +// calling reflect.Value.Interface. // // ┌── TypeDescriptor() ──┠┌───── Descriptor() ─────┠// │ V │ V diff --git a/vendor/google.golang.org/protobuf/reflect/protoreflect/source.go b/vendor/google.golang.org/protobuf/reflect/protoreflect/source.go index 121ba3a07bb..0b99428855f 100644 --- a/vendor/google.golang.org/protobuf/reflect/protoreflect/source.go +++ b/vendor/google.golang.org/protobuf/reflect/protoreflect/source.go @@ -87,6 +87,7 @@ func (p1 SourcePath) Equal(p2 SourcePath) bool { // in a future version of this module. // // Example output: +// // .message_type[6].nested_type[15].field[3] func (p SourcePath) String() string { b := p.appendFileDescriptorProto(nil) diff --git a/vendor/google.golang.org/protobuf/reflect/protoreflect/type.go b/vendor/google.golang.org/protobuf/reflect/protoreflect/type.go index 8e53c44a918..3867470d30a 100644 --- a/vendor/google.golang.org/protobuf/reflect/protoreflect/type.go +++ b/vendor/google.golang.org/protobuf/reflect/protoreflect/type.go @@ -480,6 +480,7 @@ type ExtensionDescriptors interface { // relative to the parent that it is declared within. // // For example: +// // syntax = "proto2"; // package example; // message FooMessage { diff --git a/vendor/google.golang.org/protobuf/reflect/protoreflect/value_union.go b/vendor/google.golang.org/protobuf/reflect/protoreflect/value_union.go index eb7764c307c..ca8e28c5bc8 100644 --- a/vendor/google.golang.org/protobuf/reflect/protoreflect/value_union.go +++ b/vendor/google.golang.org/protobuf/reflect/protoreflect/value_union.go @@ -50,6 +50,7 @@ import ( // always references the source object. // // For example: +// // // Append a 0 to a "repeated int32" field. // // Since the Value returned by Mutable is guaranteed to alias // // the source message, modifying the Value modifies the message. @@ -392,6 +393,7 @@ func (v Value) MapKey() MapKey { // â•â•â•â•â•â•â•â•â•â•â•§â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â• // // A MapKey is constructed and accessed through a Value: +// // k := ValueOf("hash").MapKey() // convert string to MapKey // s := k.String() // convert MapKey to string // diff --git a/vendor/google.golang.org/protobuf/reflect/protoregistry/registry.go b/vendor/google.golang.org/protobuf/reflect/protoregistry/registry.go index 59f024c444f..58352a6978b 100644 --- a/vendor/google.golang.org/protobuf/reflect/protoregistry/registry.go +++ b/vendor/google.golang.org/protobuf/reflect/protoregistry/registry.go @@ -30,9 +30,11 @@ import ( // conflictPolicy configures the policy for handling registration conflicts. // // It can be over-written at compile time with a linker-initialized variable: +// // go build -ldflags "-X google.golang.org/protobuf/reflect/protoregistry.conflictPolicy=warn" // // It can be over-written at program execution with an environment variable: +// // GOLANG_PROTOBUF_REGISTRATION_CONFLICT=warn ./main // // Neither of the above are covered by the compatibility promise and diff --git a/vendor/google.golang.org/protobuf/runtime/protoimpl/version.go b/vendor/google.golang.org/protobuf/runtime/protoimpl/version.go index ff094e1ba44..a105cb23e03 100644 --- a/vendor/google.golang.org/protobuf/runtime/protoimpl/version.go +++ b/vendor/google.golang.org/protobuf/runtime/protoimpl/version.go @@ -26,16 +26,19 @@ const ( // EnforceVersion is used by code generated by protoc-gen-go // to statically enforce minimum and maximum versions of this package. // A compilation failure implies either that: -// * the runtime package is too old and needs to be updated OR -// * the generated code is too old and needs to be regenerated. +// - the runtime package is too old and needs to be updated OR +// - the generated code is too old and needs to be regenerated. // // The runtime package can be upgraded by running: +// // go get google.golang.org/protobuf // // The generated code can be regenerated by running: +// // protoc --go_out=${PROTOC_GEN_GO_ARGS} ${PROTO_FILES} // // Example usage by generated code: +// // const ( // // Verify that this generated code is sufficiently up-to-date. // _ = protoimpl.EnforceVersion(genVersion - protoimpl.MinVersion) @@ -49,6 +52,7 @@ const ( type EnforceVersion uint // This enforces the following invariant: +// // MinVersion ≤ GenVersion ≤ MaxVersion const ( _ = EnforceVersion(GenVersion - MinVersion) diff --git a/vendor/modules.txt b/vendor/modules.txt index 675dc2d1411..7a1b5766c14 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -80,7 +80,7 @@ golang.org/x/sys/execabs golang.org/x/sys/internal/unsafeheader golang.org/x/sys/unix golang.org/x/sys/windows -# google.golang.org/protobuf v1.28.0 +# google.golang.org/protobuf v1.28.1 ## explicit; go 1.11 google.golang.org/protobuf/encoding/prototext google.golang.org/protobuf/encoding/protowire From 589a9d5082a05932d7848f2db1f2253b751ba453 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 10 Aug 2022 18:43:52 -0700 Subject: [PATCH 0079/1176] ci/gha: fix cross-386 job vs go 1.19 When golang 1.19 is used to build unit tests on 386, it fails like this: sudo -E PATH="$PATH" -- make GOARCH=386 CGO_ENABLED=1 localunittest <...> go test -timeout 3m -tags "seccomp" -v ./... <...> # github.com/opencontainers/runc/libcontainer/capabilities.test runtime/cgo(.text): unknown symbol __stack_chk_fail_local in pcrel runtime/cgo(.text): unknown symbol __stack_chk_fail_local in pcrel runtime/cgo(.text): unknown symbol __stack_chk_fail_local in pcrel runtime/cgo(.text): unknown symbol __stack_chk_fail_local in pcrel runtime/cgo(.text): unknown symbol __stack_chk_fail_local in pcrel runtime/cgo(.text): relocation target __stack_chk_fail_local not defined runtime/cgo(.text): relocation target __stack_chk_fail_local not defined The fix is to add CGO_CFLAGS=-fno-stack-protector. See also: - https://github.com/docker-library/golang/pull/426 - https://go.dev/issue/52919 - https://go.dev/issue/54313 - https://go-review.googlesource.com/c/go/+/421935 Signed-off-by: Kir Kolyshkin --- .github/workflows/test.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 5aae7b7bc04..eb6080095c9 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -126,4 +126,5 @@ jobs: go-version: 1.x # Latest stable - name: unit test - run: sudo -E PATH="$PATH" -- make GOARCH=386 localunittest + # See https://go-review.googlesource.com/c/go/+/421935 + run: sudo -E PATH="$PATH" -- make GOARCH=386 CGO_CFLAGS=-fno-stack-protector localunittest From bf8d7c713ba53282b1934b27bdeafc08c76c6f3f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 13 Aug 2022 16:56:03 +0000 Subject: [PATCH 0080/1176] build(deps): bump actions/cache from 3.0.5 to 3.0.7 Bumps [actions/cache](https://github.com/actions/cache) from 3.0.5 to 3.0.7. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/v3.0.5...v3.0.7) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/validate.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 9f9091cd13b..b1eadf40b79 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -72,7 +72,7 @@ jobs: echo "VERSION=3.3.1" >> $GITHUB_ENV echo "$(go env GOPATH)/bin" >> $GITHUB_PATH - name: cache go mod and $GOCACHE - uses: actions/cache@v3.0.5 + uses: actions/cache@v3.0.7 with: path: | ~/go/pkg/mod @@ -119,7 +119,7 @@ jobs: with: go-version: "${{ env.GO_VERSION }}" - name: cache go mod and $GOCACHE - uses: actions/cache@v3.0.5 + uses: actions/cache@v3.0.7 with: path: | ~/go/pkg/mod From 45cc290f0297bda1b0e13962ca40e42ad861ec18 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 3 Aug 2022 15:10:25 -0700 Subject: [PATCH 0081/1176] libct: fixes for godoc 1.19 Since Go 1.19, godoc recognizes lists, code blocks, headings etc. It also reformats the sources making it more apparent that these features are used. Fix a few places where it misinterpreted the formatting (such as indented vs unindented), and format the result using the gofumpt from HEAD, which already incorporates gofmt 1.19 changes. Some more fixes (and enhancements) might be required. Signed-off-by: Kir Kolyshkin --- libcontainer/cgroups/devices/ebpf_linux.go | 2 +- libcontainer/cgroups/utils.go | 6 ++++-- libcontainer/configs/validate/validator.go | 5 ++--- libcontainer/specconv/spec_linux.go | 21 +++++++++++---------- libcontainer/sync.go | 14 +++++++------- libcontainer/user/user.go | 14 +++++++------- 6 files changed, 32 insertions(+), 30 deletions(-) diff --git a/libcontainer/cgroups/devices/ebpf_linux.go b/libcontainer/cgroups/devices/ebpf_linux.go index 499b4677edb..b7125fa5f6d 100644 --- a/libcontainer/cgroups/devices/ebpf_linux.go +++ b/libcontainer/cgroups/devices/ebpf_linux.go @@ -93,7 +93,7 @@ var ( ) // Loosely based on the BPF_F_REPLACE support check in -// . +// https://github.com/cilium/ebpf/blob/v0.6.0/link/syscalls.go. // // TODO: move this logic to cilium/ebpf func haveBpfProgReplace() bool { diff --git a/libcontainer/cgroups/utils.go b/libcontainer/cgroups/utils.go index b32af4ee530..fc4ae44a485 100644 --- a/libcontainer/cgroups/utils.go +++ b/libcontainer/cgroups/utils.go @@ -162,8 +162,10 @@ func readProcsFile(dir string) ([]int, error) { // ParseCgroupFile parses the given cgroup file, typically /proc/self/cgroup // or /proc//cgroup, into a map of subsystems to cgroup paths, e.g. -// "cpu": "/user.slice/user-1000.slice" -// "pids": "/user.slice/user-1000.slice" +// +// "cpu": "/user.slice/user-1000.slice" +// "pids": "/user.slice/user-1000.slice" +// // etc. // // Note that for cgroup v2 unified hierarchy, there are no per-controller diff --git a/libcontainer/configs/validate/validator.go b/libcontainer/configs/validate/validator.go index f69c07c04a3..2027a37203e 100644 --- a/libcontainer/configs/validate/validator.go +++ b/libcontainer/configs/validate/validator.go @@ -118,9 +118,8 @@ func namespaces(config *configs.Config) error { // convertSysctlVariableToDotsSeparator can return sysctl variables in dots separator format. // The '/' separator is also accepted in place of a '.'. // Convert the sysctl variables to dots separator format for validation. -// More info: -// https://man7.org/linux/man-pages/man8/sysctl.8.html -// https://man7.org/linux/man-pages/man5/sysctl.d.5.html +// More info: sysctl(8), sysctl.d(5). +// // For example: // Input sysctl variable "net/ipv4/conf/eno2.100.rp_filter" // will return the converted value "net.ipv4.conf.eno2/100.rp_filter" diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go index 55ccabeef08..d62e34be713 100644 --- a/libcontainer/specconv/spec_linux.go +++ b/libcontainer/specconv/spec_linux.go @@ -173,18 +173,19 @@ func KnownMountOptions() []string { // AllowedDevices is the set of devices which are automatically included for // all containers. // -// XXX (cyphar) -// This behaviour is at the very least "questionable" (if not outright -// wrong) according to the runtime-spec. +// # XXX (cyphar) // -// Yes, we have to include certain devices other than the ones the user -// specifies, but several devices listed here are not part of the spec -// (including "mknod for any device"?!). In addition, these rules are -// appended to the user-provided set which means that users *cannot disable -// this behaviour*. +// This behaviour is at the very least "questionable" (if not outright +// wrong) according to the runtime-spec. // -// ... unfortunately I'm too scared to change this now because who knows how -// many people depend on this (incorrect and arguably insecure) behaviour. +// Yes, we have to include certain devices other than the ones the user +// specifies, but several devices listed here are not part of the spec +// (including "mknod for any device"?!). In addition, these rules are +// appended to the user-provided set which means that users *cannot disable +// this behaviour*. +// +// ... unfortunately I'm too scared to change this now because who knows how +// many people depend on this (incorrect and arguably insecure) behaviour. var AllowedDevices = []*devices.Device{ // allow mknod for any device { diff --git a/libcontainer/sync.go b/libcontainer/sync.go index c9a23ef3a76..25dc2863071 100644 --- a/libcontainer/sync.go +++ b/libcontainer/sync.go @@ -15,16 +15,16 @@ type syncType string // during container setup. They come in pairs (with procError being a generic // response which is followed by an &initError). // -// [ child ] <-> [ parent ] +// [ child ] <-> [ parent ] // -// procHooks --> [run hooks] -// <-- procResume +// procHooks --> [run hooks] +// <-- procResume // -// procReady --> [final setup] -// <-- procRun +// procReady --> [final setup] +// <-- procRun // -// procSeccomp --> [pick up seccomp fd with pidfd_getfd()] -// <-- procSeccompDone +// procSeccomp --> [pick up seccomp fd with pidfd_getfd()] +// <-- procSeccompDone const ( procError syncType = "procError" procReady syncType = "procReady" diff --git a/libcontainer/user/user.go b/libcontainer/user/user.go index 2473c5eaddc..a1e216683d9 100644 --- a/libcontainer/user/user.go +++ b/libcontainer/user/user.go @@ -280,13 +280,13 @@ func GetExecUserPath(userSpec string, defaults *ExecUser, passwdPath, groupPath // found in any entry in passwd and group respectively. // // Examples of valid user specifications are: -// * "" -// * "user" -// * "uid" -// * "user:group" -// * "uid:gid -// * "user:gid" -// * "uid:group" +// - "" +// - "user" +// - "uid" +// - "user:group" +// - "uid:gid +// - "user:gid" +// - "uid:group" // // It should be noted that if you specify a numeric user or group id, they will // not be evaluated as usernames (only the metadata will be filled). So attempting From 0f4bf2c840acd7836088404aab220bbc6b1d6bfd Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 3 Aug 2022 14:37:56 -0700 Subject: [PATCH 0082/1176] ci/gha: bump golangci-lint to 1.48 This version works with go 1.19, i.e. it fixes https://github.com/golangci/golangci-lint/issues/2922. Signed-off-by: Kir Kolyshkin --- .github/workflows/validate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 9f9091cd13b..dd9d132abf4 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -32,7 +32,7 @@ jobs: sudo apt -q install libseccomp-dev - uses: golangci/golangci-lint-action@v3 with: - version: v1.46 + version: v1.48 # Extra linters, only checking new code from a pull request. - name: lint-extra if: github.event_name == 'pull_request' From b7dcdcecb432f186ad218a1f1782dc3b138ee2ad Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 16 Jun 2022 10:29:10 -0700 Subject: [PATCH 0083/1176] Add go 1.19, require go 1.18, drop go 1.17 Signed-off-by: Kir Kolyshkin --- .github/workflows/test.yml | 2 +- .github/workflows/validate.yml | 2 +- README.md | 2 +- go.mod | 2 +- go.sum | 12 ------------ 5 files changed, 4 insertions(+), 16 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index eb6080095c9..b324282c544 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -23,7 +23,7 @@ jobs: strategy: fail-fast: false matrix: - go-version: [1.17.x, 1.18.x] + go-version: [1.18.x, 1.19.x] rootless: ["rootless", ""] race: ["-race", ""] criu: [""] diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index dd9d132abf4..352b5a3196e 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -8,7 +8,7 @@ on: - release-* pull_request: env: - GO_VERSION: 1.18.x + GO_VERSION: 1.19.x permissions: contents: read diff --git a/README.md b/README.md index 3db72c81de8..d0fa9e1dfb0 100644 --- a/README.md +++ b/README.md @@ -24,7 +24,7 @@ A third party security audit was performed by Cure53, you can see the full repor ## Building -`runc` only supports Linux. It must be built with Go version 1.17 or higher. +`runc` only supports Linux. It must be built with Go version 1.18 or higher. In order to enable seccomp support you will need to install `libseccomp` on your platform. > e.g. `libseccomp-devel` for CentOS, or `libseccomp-dev` for Ubuntu diff --git a/go.mod b/go.mod index 62dd948507d..8a561c953ff 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/opencontainers/runc -go 1.17 +go 1.18 require ( github.com/checkpoint-restore/go-criu/v5 v5.3.0 diff --git a/go.sum b/go.sum index 327510921a9..bd86719d32a 100644 --- a/go.sum +++ b/go.sum @@ -9,7 +9,6 @@ github.com/coreos/go-systemd/v22 v22.3.2 h1:D9/bQk5vlXQFZ6Kwuu6zaiXJ9oTPe68++AzA github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d h1:U+s90UTSYgptZMwQh2aRr3LuazLJIa+Pg3Kc1ylSYVY= github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= -github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/cyphar/filepath-securejoin v0.2.3 h1:YX6ebbZCZP7VkM3scTTokDgBL2TY741X51MTk3ycuNI= github.com/cyphar/filepath-securejoin v0.2.3/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -18,21 +17,14 @@ github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs github.com/docker/go-units v0.4.0 h1:3uh0PgVws3nIA0Q+MwDC8yjEPf9zjRfZZWXZYDct3Tw= github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= github.com/frankban/quicktest v1.14.0 h1:+cqqvzZV87b4adx/5ayVOaYZ2CrvM4ejQvUdBzPPUss= -github.com/frankban/quicktest v1.14.0/go.mod h1:NeW+ay9A/U67EYXNFA1nPE8e/tnQv/09mUdL/ijj8og= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk= github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ= -github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0= -github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk= -github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= -github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= -github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/moby/sys/mountinfo v0.6.2 h1:BzJjoreD5BMFNmD9Rus6gdd1pLuecOFPt8wC+Vygl78= github.com/moby/sys/mountinfo v0.6.2/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI= github.com/mrunalp/fileutils v0.5.0 h1:NKzVxiH7eSk+OQ4M+ZYW1K6h27RUV3MI6NUTsHhU6Z4= @@ -44,7 +36,6 @@ github.com/opencontainers/selinux v1.10.1/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuh github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/rogpeppe/go-internal v1.6.1 h1:/FiVV8dS/e+YqF2JvO3yXRFbBLTIuSDkuC7aBOAvL+k= -github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= github.com/russross/blackfriday/v2 v2.0.1 h1:lPqVAte+HuHNfhJ/0LC98ESWRz8afy9tM/0RK8m9o+Q= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/seccomp/libseccomp-golang v0.10.0 h1:aA4bp+/Zzi0BnWZ2F1wgNBs5gTpm+na2rWM6M9YjLpY= @@ -70,7 +61,6 @@ golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20191115151921-52ab43148777/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210906170528-6f6e22806c34/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8 h1:0A+M6Uqn+Eje4kHMK80dtF3JCXC4ykBgQG4Fe06QRhQ= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -84,8 +74,6 @@ google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQ google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w= google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= From df9e32bc6abd5dffe469fb294865321ebed3bd17 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 17 Aug 2022 15:43:16 -0700 Subject: [PATCH 0084/1176] ci: fix for codespell 2.2 Recently released codespell 2.2 adds some more false positives, such as: ./Makefile:78: ro ==> to, row, rob, rod, roe, rot ./Makefile:88: ro ==> to, row, rob, rod, roe, rot ./notify_socket.go:51: ro ==> to, row, rob, rod, roe, rot ./LICENSE:128: complies ==> compiles ./go.sum:59: BU ==> BY ./types/features/features.go:17: ro ==> to, row, rob, rod, roe, rot ./libcontainer/rootfs_linux.go:52: ro ==> to, row, rob, rod, roe, rot ./libcontainer/rootfs_linux.go:166: ro ==> to, row, rob, rod, roe, rot .... ./tests/integration/cgroup_delegation.bats:38: inh ==> in ... To fix: - exclude go.sum; - add ro and complies to the list of ignored words; - s/inh/inherit in cgroup_delegation.bats. Signed-off-by: Kir Kolyshkin --- .codespellrc | 4 ++-- tests/integration/cgroup_delegation.bats | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.codespellrc b/.codespellrc index c626cb1fb45..cd594b8d3c7 100644 --- a/.codespellrc +++ b/.codespellrc @@ -1,3 +1,3 @@ [codespell] -skip = ./vendor,./.git -ignore-words-list = clos,creat +skip = ./vendor,./.git,./go.sum +ignore-words-list = clos,creat,ro,complies diff --git a/tests/integration/cgroup_delegation.bats b/tests/integration/cgroup_delegation.bats index db1407ce3b1..c0f734e8330 100644 --- a/tests/integration/cgroup_delegation.bats +++ b/tests/integration/cgroup_delegation.bats @@ -35,7 +35,7 @@ function setup() { [ "$output" = "nobody" ] # /sys/fs/cgroup owned by unmapped user } -@test "runc exec (cgroup v2, rw cgroupfs, inh cgroupns) does not chown cgroup" { +@test "runc exec (cgroup v2, rw cgroupfs, inherit cgroupns) does not chown cgroup" { set_cgroup_mount_writable # inherit cgroup namespace (remove cgroup from namespaces list) From 58b1374f0ad98cc9390adc43dc22ddbb4f84d72e Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 10 Aug 2022 17:09:23 -0700 Subject: [PATCH 0085/1176] Fix failed exec after systemctl daemon-reload A regression reported for runc v1.1.3 says that "runc exec -t" fails after doing "systemctl daemon-reload": > exec failed: unable to start container process: open /dev/pts/0: operation not permitted: unknown Apparently, with commit 7219387eb7db69b we are no longer adding "DeviceAllow=char-pts rwm" rule (because os.Stat("char-pts") returns ENOENT). The bug can only be seen after "systemctl daemon-reload" because runc also applies the same rules manually (by writing to devices.allow for cgroup v1), and apparently reloading systemd leads to re-applying the rules that systemd has (thus removing the char-pts access). The fix is to do os.Stat only for "/dev" paths. Also, emit a warning that the path was skipped. Since the original idea was to emit less warnings, demote the level to debug. Note this also fixes the issue of not adding "m" permission for block-* and char-* devices. A test case is added, which reliably fails before the fix on both cgroup v1 and v2. Fixes: https://github.com/opencontainers/runc/issues/3551 Fixes: 7219387eb7db69b4dae740c9d37d973d9a735801 Signed-off-by: Kir Kolyshkin --- libcontainer/cgroups/devices/systemd.go | 16 +++++++++------- tests/integration/dev.bats | 16 ++++++++++++++++ 2 files changed, 25 insertions(+), 7 deletions(-) diff --git a/libcontainer/cgroups/devices/systemd.go b/libcontainer/cgroups/devices/systemd.go index 19f643ec9b3..6594d9c05a9 100644 --- a/libcontainer/cgroups/devices/systemd.go +++ b/libcontainer/cgroups/devices/systemd.go @@ -128,14 +128,16 @@ func systemdProperties(r *configs.Resources) ([]systemdDbus.Property, error) { case devices.CharDevice: entry.Path = fmt.Sprintf("/dev/char/%d:%d", rule.Major, rule.Minor) } + // systemd will issue a warning if the path we give here doesn't exist. + // Since all of this logic is best-effort anyway (we manually set these + // rules separately to systemd) we can safely skip entries that don't + // have a corresponding path. + if _, err := os.Stat(entry.Path); err != nil { + logrus.Debugf("skipping device %s for systemd: %s", entry.Path, err) + continue + } } - // systemd will issue a warning if the path we give here doesn't exist. - // Since all of this logic is best-effort anyway (we manually set these - // rules separately to systemd) we can safely skip entries that don't - // have a corresponding path. - if _, err := os.Stat(entry.Path); err == nil { - deviceAllowList = append(deviceAllowList, entry) - } + deviceAllowList = append(deviceAllowList, entry) } properties = append(properties, newProp("DeviceAllow", deviceAllowList)) diff --git a/tests/integration/dev.bats b/tests/integration/dev.bats index 95675fd301f..6d972335095 100644 --- a/tests/integration/dev.bats +++ b/tests/integration/dev.bats @@ -128,3 +128,19 @@ function teardown() { runc exec test_allow_block sh -c 'fdisk -l '"$device"'' [ "$status" -eq 0 ] } + +# https://github.com/opencontainers/runc/issues/3551 +@test "runc exec vs systemctl daemon-reload" { + requires systemd root + + runc run -d --console-socket "$CONSOLE_SOCKET" test_exec + [ "$status" -eq 0 ] + + runc exec -t test_exec sh -c "ls -l /proc/self/fd/0; echo 123" + [ "$status" -eq 0 ] + + systemctl daemon-reload + + runc exec -t test_exec sh -c "ls -l /proc/self/fd/0; echo 123" + [ "$status" -eq 0 ] +} From 8206f5b2aae290650547f096132f6ebca3a83322 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 23 Aug 2022 04:19:26 +0000 Subject: [PATCH 0086/1176] build(deps): bump actions/cache from 3.0.7 to 3.0.8 Bumps [actions/cache](https://github.com/actions/cache) from 3.0.7 to 3.0.8. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/v3.0.7...v3.0.8) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/validate.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index d91ba4469e8..6154088030f 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -72,7 +72,7 @@ jobs: echo "VERSION=3.3.1" >> $GITHUB_ENV echo "$(go env GOPATH)/bin" >> $GITHUB_PATH - name: cache go mod and $GOCACHE - uses: actions/cache@v3.0.7 + uses: actions/cache@v3.0.8 with: path: | ~/go/pkg/mod @@ -119,7 +119,7 @@ jobs: with: go-version: "${{ env.GO_VERSION }}" - name: cache go mod and $GOCACHE - uses: actions/cache@v3.0.7 + uses: actions/cache@v3.0.8 with: path: | ~/go/pkg/mod From c7dc8b1fedc67c65b12d51fd98a27b547c4f3b93 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 29 Aug 2022 15:35:35 -0700 Subject: [PATCH 0087/1176] libct/seccomp/patchbpf: support SPEC_ALLOW Commit 58ea21daefea8e3447db added support for seccomp flags such as SPEC_ALLOW, but it does not work as expected, because since commit 7a8d7162f9d72f20d83ea we do not use libseccomp-golang's Load(), but handle flags separately in patchbfp. This fixes setting SPEC_ALLOW flag. Add a comment to not forget to amend filterFlags when adding new flags. Signed-off-by: Kir Kolyshkin --- libcontainer/seccomp/patchbpf/enosys_linux.go | 14 ++++++++++++-- libcontainer/seccomp/seccomp_linux.go | 1 + 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/libcontainer/seccomp/patchbpf/enosys_linux.go b/libcontainer/seccomp/patchbpf/enosys_linux.go index 29302db8b66..ab97726d457 100644 --- a/libcontainer/seccomp/patchbpf/enosys_linux.go +++ b/libcontainer/seccomp/patchbpf/enosys_linux.go @@ -43,6 +43,11 @@ const uintptr_t C_SET_MODE_FILTER = SECCOMP_SET_MODE_FILTER; #endif const uintptr_t C_FILTER_FLAG_LOG = SECCOMP_FILTER_FLAG_LOG; +#ifndef SECCOMP_FILTER_FLAG_SPEC_ALLOW +# define SECCOMP_FILTER_FLAG_SPEC_ALLOW (1UL << 2) +#endif +const uintptr_t C_FILTER_FLAG_SPEC_ALLOW = SECCOMP_FILTER_FLAG_SPEC_ALLOW; + #ifndef SECCOMP_FILTER_FLAG_NEW_LISTENER # define SECCOMP_FILTER_FLAG_NEW_LISTENER (1UL << 3) #endif @@ -641,8 +646,13 @@ func filterFlags(config *configs.Seccomp, filter *libseccomp.ScmpFilter) (flags flags |= uint(C.C_FILTER_FLAG_LOG) } } - - // TODO: Support seccomp flags not yet added to libseccomp-golang... + if apiLevel >= 4 { + if ssb, err := filter.GetSSB(); err != nil { + return 0, false, fmt.Errorf("unable to fetch SECCOMP_FILTER_FLAG_SPEC_ALLOW bit: %w", err) + } else if ssb { + flags |= uint(C.C_FILTER_FLAG_SPEC_ALLOW) + } + } for _, call := range config.Syscalls { if call.Action == configs.Notify { diff --git a/libcontainer/seccomp/seccomp_linux.go b/libcontainer/seccomp/seccomp_linux.go index ffbe537e7e3..59549f5b489 100644 --- a/libcontainer/seccomp/seccomp_linux.go +++ b/libcontainer/seccomp/seccomp_linux.go @@ -105,6 +105,7 @@ func InitSeccomp(config *configs.Seccomp) (int, error) { if err := filter.SetSSB(true); err != nil { return -1, fmt.Errorf("error adding SSB flag to seccomp filter: %w", err) } + // NOTE when adding more flags, make sure to also modify filterFlags in patchbpf. default: return -1, fmt.Errorf("seccomp flags %q not yet supported by runc", flag) } From 26dc55ef1a56ea0279492a58c52636b549796510 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 30 Aug 2022 16:45:58 -0700 Subject: [PATCH 0088/1176] seccomp: fix flag test to actually check the value Add a debug print of seccomp flags value, so the test can check those (without using something like strace, that is). Amend the flags setting test with the numeric values expected, and the logic to check those. Signed-off-by: Kir Kolyshkin --- libcontainer/seccomp/patchbpf/enosys_linux.go | 3 + tests/integration/seccomp.bats | 60 ++++++++++++------- 2 files changed, 41 insertions(+), 22 deletions(-) diff --git a/libcontainer/seccomp/patchbpf/enosys_linux.go b/libcontainer/seccomp/patchbpf/enosys_linux.go index ab97726d457..b92eba8922e 100644 --- a/libcontainer/seccomp/patchbpf/enosys_linux.go +++ b/libcontainer/seccomp/patchbpf/enosys_linux.go @@ -665,6 +665,9 @@ func filterFlags(config *configs.Seccomp, filter *libseccomp.ScmpFilter) (flags } func sysSeccompSetFilter(flags uint, filter []unix.SockFilter) (fd int, err error) { + // This debug output is validated in tests/integration/seccomp.bats + // by the SECCOMP_FILTER_FLAG_* test. + logrus.Debugf("seccomp filter flags: %d", flags) fprog := unix.SockFprog{ Len: uint16(len(filter)), Filter: &filter[0], diff --git a/tests/integration/seccomp.bats b/tests/integration/seccomp.bats index 55e6dc817ab..f3e12bbce93 100644 --- a/tests/integration/seccomp.bats +++ b/tests/integration/seccomp.bats @@ -70,31 +70,47 @@ function teardown() { # Linux 4.14: SECCOMP_FILTER_FLAG_LOG # Linux 4.17: SECCOMP_FILTER_FLAG_SPEC_ALLOW requires_kernel 4.17 - SECCOMP_FILTER_FLAGS=( - '' # no flag - '"SECCOMP_FILTER_FLAG_LOG"' - '"SECCOMP_FILTER_FLAG_SPEC_ALLOW"' - '"SECCOMP_FILTER_FLAG_TSYNC"' - '"SECCOMP_FILTER_FLAG_LOG","SECCOMP_FILTER_FLAG_SPEC_ALLOW"' - '"SECCOMP_FILTER_FLAG_LOG","SECCOMP_FILTER_FLAG_TSYNC"' - '"SECCOMP_FILTER_FLAG_SPEC_ALLOW","SECCOMP_FILTER_FLAG_TSYNC"' - '"SECCOMP_FILTER_FLAG_LOG","SECCOMP_FILTER_FLAG_SPEC_ALLOW","SECCOMP_FILTER_FLAG_TSYNC"' + + update_config ' .process.args = ["/bin/sh", "-c", "mkdir /dev/shm/foo"] + | .process.noNewPrivileges = false + | .linux.seccomp = { + "defaultAction":"SCMP_ACT_ALLOW", + "architectures":["SCMP_ARCH_X86","SCMP_ARCH_X32","SCMP_ARCH_X86_64","SCMP_ARCH_AARCH64","SCMP_ARCH_ARM"], + "syscalls":[{"names":["mkdir"], "action":"SCMP_ACT_ERRNO"}] + }' + + declare -A FLAGS=( + ['REMOVE']=0 # No setting, use built-in default. + ['EMPTY']=0 # Empty set of flags. + ['"SECCOMP_FILTER_FLAG_LOG"']=2 + ['"SECCOMP_FILTER_FLAG_SPEC_ALLOW"']=4 + ['"SECCOMP_FILTER_FLAG_TSYNC"']=0 # tsync flag is ignored. + ['"SECCOMP_FILTER_FLAG_LOG","SECCOMP_FILTER_FLAG_SPEC_ALLOW"']=6 + ['"SECCOMP_FILTER_FLAG_LOG","SECCOMP_FILTER_FLAG_TSYNC"']=2 + ['"SECCOMP_FILTER_FLAG_SPEC_ALLOW","SECCOMP_FILTER_FLAG_TSYNC"']=4 + ['"SECCOMP_FILTER_FLAG_LOG","SECCOMP_FILTER_FLAG_SPEC_ALLOW","SECCOMP_FILTER_FLAG_TSYNC"']=6 ) - for flags in "${SECCOMP_FILTER_FLAGS[@]}"; do - update_config ' .process.args = ["/bin/sh", "-c", "mkdir /dev/shm/foo"] - | .process.noNewPrivileges = false - | .linux.seccomp = { - "defaultAction":"SCMP_ACT_ALLOW", - "architectures":["SCMP_ARCH_X86","SCMP_ARCH_X32","SCMP_ARCH_X86_64","SCMP_ARCH_AARCH64","SCMP_ARCH_ARM"], - "flags":['"${flags}"'], - "syscalls":[{"names":["mkdir"], "action":"SCMP_ACT_ERRNO"}] - }' - - # This test checks that the flags are accepted without errors but does - # not check they are effectively applied - runc run test_busybox + for key in "${!FLAGS[@]}"; do + case "$key" in + 'REMOVE') + update_config ' del(.linux.seccomp.flags)' + ;; + 'EMPTY') + update_config ' .linux.seccomp.flags = []' + ;; + *) + update_config ' .linux.seccomp.flags = [ '"${key}"' ]' + ;; + esac + + runc --debug run test_busybox [ "$status" -ne 0 ] [[ "$output" == *"mkdir:"*"/dev/shm/foo"*"Operation not permitted"* ]] + + # Check the numeric flags value, as printed in the debug log, is as expected. + exp="\"seccomp filter flags: ${FLAGS[$key]}\"" + echo "flags $key, expecting $exp" + [[ "$output" == *"$exp"* ]] done } From 45041985e37a0cc411e08cec868a91dfdce5e118 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 1 Sep 2022 04:15:34 +0000 Subject: [PATCH 0089/1176] build(deps): bump github.com/docker/go-units from 0.4.0 to 0.5.0 Bumps [github.com/docker/go-units](https://github.com/docker/go-units) from 0.4.0 to 0.5.0. - [Release notes](https://github.com/docker/go-units/releases) - [Commits](https://github.com/docker/go-units/compare/v0.4.0...v0.5.0) --- updated-dependencies: - dependency-name: github.com/docker/go-units dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 +- vendor/github.com/docker/go-units/size.go | 70 +++++++++++++++++++---- vendor/modules.txt | 2 +- 4 files changed, 62 insertions(+), 16 deletions(-) diff --git a/go.mod b/go.mod index 8a561c953ff..8fa86049334 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( github.com/containerd/console v1.0.3 github.com/coreos/go-systemd/v22 v22.3.2 github.com/cyphar/filepath-securejoin v0.2.3 - github.com/docker/go-units v0.4.0 + github.com/docker/go-units v0.5.0 github.com/godbus/dbus/v5 v5.1.0 github.com/moby/sys/mountinfo v0.6.2 github.com/mrunalp/fileutils v0.5.0 diff --git a/go.sum b/go.sum index bd86719d32a..1e24b6a5191 100644 --- a/go.sum +++ b/go.sum @@ -14,8 +14,8 @@ github.com/cyphar/filepath-securejoin v0.2.3/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxG github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/docker/go-units v0.4.0 h1:3uh0PgVws3nIA0Q+MwDC8yjEPf9zjRfZZWXZYDct3Tw= -github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= +github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4= +github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= github.com/frankban/quicktest v1.14.0 h1:+cqqvzZV87b4adx/5ayVOaYZ2CrvM4ejQvUdBzPPUss= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk= diff --git a/vendor/github.com/docker/go-units/size.go b/vendor/github.com/docker/go-units/size.go index 85f6ab07155..c245a89513f 100644 --- a/vendor/github.com/docker/go-units/size.go +++ b/vendor/github.com/docker/go-units/size.go @@ -2,7 +2,6 @@ package units import ( "fmt" - "regexp" "strconv" "strings" ) @@ -26,16 +25,17 @@ const ( PiB = 1024 * TiB ) -type unitMap map[string]int64 +type unitMap map[byte]int64 var ( - decimalMap = unitMap{"k": KB, "m": MB, "g": GB, "t": TB, "p": PB} - binaryMap = unitMap{"k": KiB, "m": MiB, "g": GiB, "t": TiB, "p": PiB} - sizeRegex = regexp.MustCompile(`^(\d+(\.\d+)*) ?([kKmMgGtTpP])?[iI]?[bB]?$`) + decimalMap = unitMap{'k': KB, 'm': MB, 'g': GB, 't': TB, 'p': PB} + binaryMap = unitMap{'k': KiB, 'm': MiB, 'g': GiB, 't': TiB, 'p': PiB} ) -var decimapAbbrs = []string{"B", "kB", "MB", "GB", "TB", "PB", "EB", "ZB", "YB"} -var binaryAbbrs = []string{"B", "KiB", "MiB", "GiB", "TiB", "PiB", "EiB", "ZiB", "YiB"} +var ( + decimapAbbrs = []string{"B", "kB", "MB", "GB", "TB", "PB", "EB", "ZB", "YB"} + binaryAbbrs = []string{"B", "KiB", "MiB", "GiB", "TiB", "PiB", "EiB", "ZiB", "YiB"} +) func getSizeAndUnit(size float64, base float64, _map []string) (float64, string) { i := 0 @@ -89,20 +89,66 @@ func RAMInBytes(size string) (int64, error) { // Parses the human-readable size string into the amount it represents. func parseSize(sizeStr string, uMap unitMap) (int64, error) { - matches := sizeRegex.FindStringSubmatch(sizeStr) - if len(matches) != 4 { + // TODO: rewrite to use strings.Cut if there's a space + // once Go < 1.18 is deprecated. + sep := strings.LastIndexAny(sizeStr, "01234567890. ") + if sep == -1 { + // There should be at least a digit. return -1, fmt.Errorf("invalid size: '%s'", sizeStr) } + var num, sfx string + if sizeStr[sep] != ' ' { + num = sizeStr[:sep+1] + sfx = sizeStr[sep+1:] + } else { + // Omit the space separator. + num = sizeStr[:sep] + sfx = sizeStr[sep+1:] + } - size, err := strconv.ParseFloat(matches[1], 64) + size, err := strconv.ParseFloat(num, 64) if err != nil { return -1, err } + // Backward compatibility: reject negative sizes. + if size < 0 { + return -1, fmt.Errorf("invalid size: '%s'", sizeStr) + } + + if len(sfx) == 0 { + return int64(size), nil + } - unitPrefix := strings.ToLower(matches[3]) - if mul, ok := uMap[unitPrefix]; ok { + // Process the suffix. + + if len(sfx) > 3 { // Too long. + goto badSuffix + } + sfx = strings.ToLower(sfx) + // Trivial case: b suffix. + if sfx[0] == 'b' { + if len(sfx) > 1 { // no extra characters allowed after b. + goto badSuffix + } + return int64(size), nil + } + // A suffix from the map. + if mul, ok := uMap[sfx[0]]; ok { size *= float64(mul) + } else { + goto badSuffix + } + + // The suffix may have extra "b" or "ib" (e.g. KiB or MB). + switch { + case len(sfx) == 2 && sfx[1] != 'b': + goto badSuffix + case len(sfx) == 3 && sfx[1:] != "ib": + goto badSuffix } return int64(size), nil + +badSuffix: + return -1, fmt.Errorf("invalid suffix: '%s'", sfx) } diff --git a/vendor/modules.txt b/vendor/modules.txt index 0ec273774df..d8ed97abae5 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -24,7 +24,7 @@ github.com/cpuguy83/go-md2man/v2/md2man # github.com/cyphar/filepath-securejoin v0.2.3 ## explicit; go 1.13 github.com/cyphar/filepath-securejoin -# github.com/docker/go-units v0.4.0 +# github.com/docker/go-units v0.5.0 ## explicit github.com/docker/go-units # github.com/godbus/dbus/v5 v5.1.0 From 746f45807df5165f09defb7077461c412c05d204 Mon Sep 17 00:00:00 2001 From: Prajwal S N Date: Thu, 1 Sep 2022 16:38:17 +0530 Subject: [PATCH 0090/1176] deps: bump go-criu to v6 The v6.0.0 release of go-criu has deprecated the `rpc` package in favour of the `crit` package. This commit provides the changes required to use this version in runc. Signed-off-by: Prajwal S N --- checkpoint.go | 2 +- go.mod | 7 +- go.sum | 16 +- libcontainer/container_linux.go | 4 +- libcontainer/criu_opts_linux.go | 2 +- .../checkpoint-restore/go-criu/v5/.gitignore | 6 - .../checkpoint-restore/go-criu/v5/Makefile | 107 - .../go-criu/v5/rpc/rpc.pb.go | 2237 ---------- .../checkpoint-restore/go-criu/v6/.gitignore | 13 + .../go-criu/{v5 => v6}/.golangci.yml | 10 +- .../go-criu/{v5 => v6}/LICENSE | 0 .../checkpoint-restore/go-criu/v6/Makefile | 29 + .../go-criu/{v5 => v6}/README.md | 25 +- .../go-criu/v6/crit/images/apparmor.pb.go | 301 ++ .../go-criu/v6/crit/images/apparmor.proto | 17 + .../go-criu/v6/crit/images/autofs.pb.go | 217 + .../go-criu/v6/crit/images/autofs.proto | 18 + .../go-criu/v6/crit/images/binfmt-misc.pb.go | 210 + .../go-criu/v6/crit/images/binfmt-misc.proto | 15 + .../go-criu/v6/crit/images/bpfmap-data.pb.go | 172 + .../go-criu/v6/crit/images/bpfmap-data.proto | 11 + .../go-criu/v6/crit/images/bpfmap-file.pb.go | 302 ++ .../go-criu/v6/crit/images/bpfmap-file.proto | 26 + .../go-criu/v6/crit/images/cgroup.pb.go | 651 +++ .../go-criu/v6/crit/images/cgroup.proto | 44 + .../go-criu/v6/crit/images/core-aarch64.pb.go | 354 ++ .../go-criu/v6/crit/images/core-aarch64.proto | 26 + .../go-criu/v6/crit/images/core-arm.pb.go | 498 +++ .../go-criu/v6/crit/images/core-arm.proto | 42 + .../go-criu/v6/crit/images/core-mips.pb.go | 964 ++++ .../go-criu/v6/crit/images/core-mips.proto | 93 + .../go-criu/v6/crit/images/core-ppc64.pb.go | 698 +++ .../go-criu/v6/crit/images/core-ppc64.proto | 74 + .../go-criu/v6/crit/images/core-s390.pb.go | 683 +++ .../go-criu/v6/crit/images/core-s390.proto | 54 + .../go-criu/v6/crit/images/core-x86.pb.go | 1031 +++++ .../go-criu/v6/crit/images/core-x86.proto | 111 + .../go-criu/v6/crit/images/core.pb.go | 1206 +++++ .../go-criu/v6/crit/images/core.proto | 135 + .../go-criu/v6/crit/images/cpuinfo.pb.go | 593 +++ .../go-criu/v6/crit/images/cpuinfo.proto | 50 + .../go-criu/v6/crit/images/creds.pb.go | 295 ++ .../go-criu/v6/crit/images/creds.proto | 28 + .../go-criu/v6/crit/images/eventfd.pb.go | 175 + .../go-criu/v6/crit/images/eventfd.proto | 13 + .../go-criu/v6/crit/images/eventpoll.pb.go | 297 ++ .../go-criu/v6/crit/images/eventpoll.proto | 25 + .../go-criu/v6/crit/images/ext-file.pb.go | 156 + .../go-criu/v6/crit/images/ext-file.proto | 11 + .../go-criu/v6/crit/images/fdinfo.pb.go | 667 +++ .../go-criu/v6/crit/images/fdinfo.proto | 82 + .../go-criu/v6/crit/images/fh.pb.go | 322 ++ .../go-criu/v6/crit/images/fh.proto | 26 + .../go-criu/v6/crit/images/fifo.pb.go | 161 + .../go-criu/v6/crit/images/fifo.proto | 10 + .../go-criu/v6/crit/images/file-lock.pb.go | 188 + .../go-criu/v6/crit/images/file-lock.proto | 13 + .../go-criu/v6/crit/images/fown.pb.go | 179 + .../go-criu/v6/crit/images/fown.proto | 12 + .../go-criu/v6/crit/images/fs.pb.go | 161 + .../go-criu/v6/crit/images/fs.proto | 10 + .../go-criu/v6/crit/images/fsnotify.pb.go | 767 ++++ .../go-criu/v6/crit/images/fsnotify.proto | 63 + .../go-criu/v6/crit/images/ghost-file.pb.go | 318 ++ .../go-criu/v6/crit/images/ghost-file.proto | 28 + .../go-criu/v6/crit/images/handler.go | 142 + .../go-criu/v6/crit/images/img-streamer.pb.go | 214 + .../go-criu/v6/crit/images/img-streamer.proto | 19 + .../go-criu/v6/crit/images/inventory.pb.go | 306 ++ .../go-criu/v6/crit/images/inventory.proto | 25 + .../go-criu/v6/crit/images/ipc-desc.pb.go | 197 + .../go-criu/v6/crit/images/ipc-desc.proto | 14 + .../go-criu/v6/crit/images/ipc-msg.pb.go | 238 + .../go-criu/v6/crit/images/ipc-msg.proto | 17 + .../go-criu/v6/crit/images/ipc-sem.pb.go | 157 + .../go-criu/v6/crit/images/ipc-sem.proto | 11 + .../go-criu/v6/crit/images/ipc-shm.pb.go | 177 + .../go-criu/v6/crit/images/ipc-shm.proto | 13 + .../go-criu/v6/crit/images/ipc-var.pb.go | 305 ++ .../go-criu/v6/crit/images/ipc-var.proto | 24 + .../go-criu/v6/crit/images/macvlan.pb.go | 152 + .../go-criu/v6/crit/images/macvlan.proto | 9 + .../go-criu/v6/crit/images/memfd.pb.go | 317 ++ .../go-criu/v6/crit/images/memfd.proto | 26 + .../go-criu/v6/crit/images/mm.pb.go | 396 ++ .../go-criu/v6/crit/images/mm.proto | 36 + .../go-criu/v6/crit/images/mnt.pb.go | 445 ++ .../go-criu/v6/crit/images/mnt.proto | 63 + .../go-criu/v6/crit/images/netdev.pb.go | 620 +++ .../go-criu/v6/crit/images/netdev.proto | 78 + .../go-criu/v6/crit/images/ns.pb.go | 170 + .../go-criu/v6/crit/images/ns.proto | 11 + .../go-criu/v6/crit/images/opts.pb.go | 228 + .../go-criu/v6/crit/images/opts.proto | 21 + .../go-criu/v6/crit/images/packet-sock.pb.go | 552 +++ .../go-criu/v6/crit/images/packet-sock.proto | 50 + .../go-criu/v6/crit/images/pagemap.pb.go | 237 + .../go-criu/v6/crit/images/pagemap.proto | 17 + .../go-criu/v6/crit/images/pidns.pb.go | 142 + .../go-criu/v6/crit/images/pidns.proto | 8 + .../go-criu/v6/crit/images/pipe-data.pb.go | 161 + .../go-criu/v6/crit/images/pipe-data.proto | 10 + .../go-criu/v6/crit/images/pipe.pb.go | 177 + .../go-criu/v6/crit/images/pipe.proto | 14 + .../go-criu/v6/crit/images/pstree.pb.go | 179 + .../go-criu/v6/crit/images/pstree.proto | 12 + .../go-criu/v6/crit/images/regfile.pb.go | 276 ++ .../go-criu/v6/crit/images/regfile.proto | 37 + .../v6/crit/images/remap-file-path.pb.go | 230 + .../v6/crit/images/remap-file-path.proto | 19 + .../go-criu/v6/crit/images/rlimit.pb.go | 151 + .../go-criu/v6/crit/images/rlimit.proto | 9 + .../go-criu/v6/crit/images/rpc.pb.go | 2330 ++++++++++ .../{v5/rpc => v6/crit/images}/rpc.proto | 10 + .../go-criu/v6/crit/images/rseq.pb.go | 174 + .../go-criu/v6/crit/images/rseq.proto | 11 + .../go-criu/v6/crit/images/sa.pb.go | 195 + .../go-criu/v6/crit/images/sa.proto | 15 + .../go-criu/v6/crit/images/seccomp.pb.go | 227 + .../go-criu/v6/crit/images/seccomp.proto | 14 + .../go-criu/v6/crit/images/siginfo.pb.go | 208 + .../go-criu/v6/crit/images/siginfo.proto | 12 + .../go-criu/v6/crit/images/signalfd.pb.go | 178 + .../go-criu/v6/crit/images/signalfd.proto | 14 + .../go-criu/v6/crit/images/sit.pb.go | 292 ++ .../go-criu/v6/crit/images/sit.proto | 25 + .../go-criu/v6/crit/images/sk-inet.pb.go | 510 +++ .../go-criu/v6/crit/images/sk-inet.proto | 56 + .../go-criu/v6/crit/images/sk-netlink.pb.go | 259 ++ .../go-criu/v6/crit/images/sk-netlink.proto | 25 + .../go-criu/v6/crit/images/sk-opts.pb.go | 453 ++ .../go-criu/v6/crit/images/sk-opts.proto | 44 + .../go-criu/v6/crit/images/sk-packet.pb.go | 237 + .../go-criu/v6/crit/images/sk-packet.proto | 19 + .../go-criu/v6/crit/images/sk-unix.pb.go | 411 ++ .../go-criu/v6/crit/images/sk-unix.proto | 58 + .../go-criu/v6/crit/images/stats.pb.go | 462 ++ .../go-criu/v6/crit/images/stats.proto | 41 + .../go-criu/v6/crit/images/sysctl.pb.go | 224 + .../go-criu/v6/crit/images/sysctl.proto | 16 + .../go-criu/v6/crit/images/tcp-stream.pb.go | 300 ++ .../go-criu/v6/crit/images/tcp-stream.proto | 30 + .../go-criu/v6/crit/images/time.pb.go | 151 + .../go-criu/v6/crit/images/time.proto | 9 + .../go-criu/v6/crit/images/timens.pb.go | 228 + .../go-criu/v6/crit/images/timens.proto | 13 + .../go-criu/v6/crit/images/timer.pb.go | 430 ++ .../go-criu/v6/crit/images/timer.proto | 33 + .../go-criu/v6/crit/images/timerfd.pb.go | 235 + .../go-criu/v6/crit/images/timerfd.proto | 22 + .../go-criu/v6/crit/images/tty.pb.go | 834 ++++ .../go-criu/v6/crit/images/tty.proto | 93 + .../go-criu/v6/crit/images/tun.pb.go | 273 ++ .../go-criu/v6/crit/images/tun.proto | 21 + .../go-criu/v6/crit/images/userns.pb.go | 239 + .../go-criu/v6/crit/images/userns.proto | 15 + .../go-criu/v6/crit/images/utsns.pb.go | 152 + .../go-criu/v6/crit/images/utsns.proto | 9 + .../go-criu/v6/crit/images/vma.pb.go | 237 + .../go-criu/v6/crit/images/vma.proto | 28 + .../go-criu/{v5 => v6}/features.go | 8 +- .../go-criu/{v5 => v6}/main.go | 40 +- .../go-criu/{v5 => v6}/notify.go | 0 .../cpuguy83/go-md2man/v2/md2man/roff.go | 105 +- .../russross/blackfriday/v2/README.md | 90 +- .../russross/blackfriday/v2/block.go | 30 +- .../github.com/russross/blackfriday/v2/doc.go | 28 + .../russross/blackfriday/v2/entities.go | 2236 ++++++++++ .../github.com/russross/blackfriday/v2/esc.go | 42 +- .../russross/blackfriday/v2/html.go | 9 +- .../russross/blackfriday/v2/inline.go | 2 +- .../russross/blackfriday/v2/node.go | 12 +- .../sanitized_anchor_name/.travis.yml | 16 - .../shurcooL/sanitized_anchor_name/LICENSE | 21 - .../shurcooL/sanitized_anchor_name/README.md | 36 - .../shurcooL/sanitized_anchor_name/main.go | 29 - .../types/descriptorpb/descriptor.pb.go | 3957 +++++++++++++++++ vendor/modules.txt | 18 +- 178 files changed, 35716 insertions(+), 2608 deletions(-) delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v5/.gitignore delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v5/Makefile delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v5/rpc/rpc.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/.gitignore rename vendor/github.com/checkpoint-restore/go-criu/{v5 => v6}/.golangci.yml (51%) rename vendor/github.com/checkpoint-restore/go-criu/{v5 => v6}/LICENSE (100%) create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/Makefile rename vendor/github.com/checkpoint-restore/go-criu/{v5 => v6}/README.md (82%) create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/apparmor.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/apparmor.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/autofs.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/autofs.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/binfmt-misc.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/binfmt-misc.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/bpfmap-data.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/bpfmap-data.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/bpfmap-file.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/bpfmap-file.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/cgroup.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/cgroup.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-aarch64.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-aarch64.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-arm.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-arm.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-mips.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-mips.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-ppc64.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-ppc64.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-s390.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-s390.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-x86.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-x86.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/cpuinfo.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/cpuinfo.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/creds.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/creds.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/eventfd.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/eventfd.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/eventpoll.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/eventpoll.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ext-file.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ext-file.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fdinfo.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fdinfo.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fh.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fh.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fifo.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fifo.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/file-lock.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/file-lock.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fown.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fown.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fs.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fs.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fsnotify.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fsnotify.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ghost-file.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ghost-file.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/handler.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/img-streamer.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/img-streamer.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/inventory.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/inventory.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-desc.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-desc.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-msg.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-msg.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-sem.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-sem.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-shm.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-shm.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-var.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-var.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/macvlan.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/macvlan.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/memfd.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/memfd.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/mm.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/mm.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/mnt.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/mnt.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/netdev.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/netdev.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ns.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ns.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/opts.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/opts.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/packet-sock.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/packet-sock.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pagemap.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pagemap.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pidns.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pidns.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pipe-data.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pipe-data.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pipe.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pipe.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pstree.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pstree.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/regfile.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/regfile.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/remap-file-path.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/remap-file-path.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/rlimit.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/rlimit.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/rpc.pb.go rename vendor/github.com/checkpoint-restore/go-criu/{v5/rpc => v6/crit/images}/rpc.proto (96%) create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/rseq.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/rseq.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sa.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sa.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/seccomp.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/seccomp.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/siginfo.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/siginfo.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/signalfd.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/signalfd.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sit.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sit.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-inet.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-inet.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-netlink.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-netlink.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-opts.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-opts.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-packet.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-packet.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-unix.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-unix.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/stats.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/stats.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sysctl.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sysctl.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tcp-stream.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tcp-stream.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/time.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/time.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timens.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timens.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timer.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timer.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timerfd.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timerfd.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tty.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tty.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tun.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tun.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/userns.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/userns.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/utsns.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/utsns.proto create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/vma.pb.go create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/vma.proto rename vendor/github.com/checkpoint-restore/go-criu/{v5 => v6}/features.go (82%) rename vendor/github.com/checkpoint-restore/go-criu/{v5 => v6}/main.go (78%) rename vendor/github.com/checkpoint-restore/go-criu/{v5 => v6}/notify.go (100%) create mode 100644 vendor/github.com/russross/blackfriday/v2/entities.go delete mode 100644 vendor/github.com/shurcooL/sanitized_anchor_name/.travis.yml delete mode 100644 vendor/github.com/shurcooL/sanitized_anchor_name/LICENSE delete mode 100644 vendor/github.com/shurcooL/sanitized_anchor_name/README.md delete mode 100644 vendor/github.com/shurcooL/sanitized_anchor_name/main.go create mode 100644 vendor/google.golang.org/protobuf/types/descriptorpb/descriptor.pb.go diff --git a/checkpoint.go b/checkpoint.go index 7597e552df9..95e666918b6 100644 --- a/checkpoint.go +++ b/checkpoint.go @@ -8,7 +8,7 @@ import ( "path/filepath" "strconv" - criu "github.com/checkpoint-restore/go-criu/v5/rpc" + criu "github.com/checkpoint-restore/go-criu/v6/crit/images" "github.com/opencontainers/runc/libcontainer" "github.com/opencontainers/runc/libcontainer/userns" "github.com/opencontainers/runtime-spec/specs-go" diff --git a/go.mod b/go.mod index 8fa86049334..000dbb5644b 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module github.com/opencontainers/runc go 1.18 require ( - github.com/checkpoint-restore/go-criu/v5 v5.3.0 + github.com/checkpoint-restore/go-criu/v6 v6.1.0 github.com/cilium/ebpf v0.9.1 github.com/containerd/console v1.0.3 github.com/coreos/go-systemd/v22 v22.3.2 @@ -25,8 +25,7 @@ require ( ) require ( - github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d // indirect - github.com/russross/blackfriday/v2 v2.0.1 // indirect - github.com/shurcooL/sanitized_anchor_name v1.0.0 // indirect + github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect + github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df // indirect ) diff --git a/go.sum b/go.sum index 1e24b6a5191..578c5b555ff 100644 --- a/go.sum +++ b/go.sum @@ -1,14 +1,15 @@ github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/checkpoint-restore/go-criu/v5 v5.3.0 h1:wpFFOoomK3389ue2lAb0Boag6XPht5QYpipxmSNL4d8= -github.com/checkpoint-restore/go-criu/v5 v5.3.0/go.mod h1:E/eQpaFtUKGOOSEBZgmKAcn+zUUwWxqcaKZlF54wK8E= +github.com/checkpoint-restore/go-criu/v6 v6.1.0 h1:unOFSW/95ND2WjV9QWzdpWRmRuK8DsggmPfeqbfrhUM= +github.com/checkpoint-restore/go-criu/v6 v6.1.0/go.mod h1:rrRTN/uSwY2X+BPRl/gkulo9gsKOSAeVp9/K2tv7xZI= github.com/cilium/ebpf v0.9.1 h1:64sn2K3UKw8NbP/blsixRpF3nXuyhz/VjRlRzvlBRu4= github.com/cilium/ebpf v0.9.1/go.mod h1:+OhNOIXx/Fnu1IE8bJz2dzOA+VSfyTfdNUVdlQnxUFY= github.com/containerd/console v1.0.3 h1:lIr7SlA5PxZyMV30bDW0MGbiOPXwc63yRuCP0ARubLw= github.com/containerd/console v1.0.3/go.mod h1:7LqA/THxQ86k76b8c/EMSiaJ3h1eZkMkXar0TQ1gf3U= github.com/coreos/go-systemd/v22 v22.3.2 h1:D9/bQk5vlXQFZ6Kwuu6zaiXJ9oTPe68++AzAJc1DzSI= github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= -github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d h1:U+s90UTSYgptZMwQh2aRr3LuazLJIa+Pg3Kc1ylSYVY= github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= +github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w= +github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/cyphar/filepath-securejoin v0.2.3 h1:YX6ebbZCZP7VkM3scTTokDgBL2TY741X51MTk3ycuNI= github.com/cyphar/filepath-securejoin v0.2.3/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -23,6 +24,7 @@ github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5x github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ= +github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/moby/sys/mountinfo v0.6.2 h1:BzJjoreD5BMFNmD9Rus6gdd1pLuecOFPt8wC+Vygl78= @@ -36,14 +38,16 @@ github.com/opencontainers/selinux v1.10.1/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuh github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/rogpeppe/go-internal v1.6.1 h1:/FiVV8dS/e+YqF2JvO3yXRFbBLTIuSDkuC7aBOAvL+k= -github.com/russross/blackfriday/v2 v2.0.1 h1:lPqVAte+HuHNfhJ/0LC98ESWRz8afy9tM/0RK8m9o+Q= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= +github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= +github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/seccomp/libseccomp-golang v0.10.0 h1:aA4bp+/Zzi0BnWZ2F1wgNBs5gTpm+na2rWM6M9YjLpY= github.com/seccomp/libseccomp-golang v0.10.0/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg= -github.com/shurcooL/sanitized_anchor_name v1.0.0 h1:PdmoCO6wvbs+7yrJyMORt4/BmY5IYyJwS/kOiWx8mHo= github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0= github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= +github.com/spf13/cobra v1.5.0/go.mod h1:dWXEIy2H428czQCjInthrTRUg7yKbok+2Qi/yBIJoUM= +github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= @@ -70,10 +74,10 @@ golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGm golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= -google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w= google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index a2ceb7857db..34f38f34e0c 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -17,8 +17,8 @@ import ( "sync" "time" - "github.com/checkpoint-restore/go-criu/v5" - criurpc "github.com/checkpoint-restore/go-criu/v5/rpc" + "github.com/checkpoint-restore/go-criu/v6" + criurpc "github.com/checkpoint-restore/go-criu/v6/crit/images" securejoin "github.com/cyphar/filepath-securejoin" "github.com/opencontainers/runtime-spec/specs-go" "github.com/sirupsen/logrus" diff --git a/libcontainer/criu_opts_linux.go b/libcontainer/criu_opts_linux.go index b39476ef352..2f700eaa6ef 100644 --- a/libcontainer/criu_opts_linux.go +++ b/libcontainer/criu_opts_linux.go @@ -1,6 +1,6 @@ package libcontainer -import criu "github.com/checkpoint-restore/go-criu/v5/rpc" +import criu "github.com/checkpoint-restore/go-criu/v6/crit/images" type CriuPageServerInfo struct { Address string // IP address of CRIU page server diff --git a/vendor/github.com/checkpoint-restore/go-criu/v5/.gitignore b/vendor/github.com/checkpoint-restore/go-criu/v5/.gitignore deleted file mode 100644 index 1b87ff10e6b..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v5/.gitignore +++ /dev/null @@ -1,6 +0,0 @@ -test/test -test/test.coverage -test/piggie/piggie -test/phaul/phaul -test/phaul/phaul.coverage -image diff --git a/vendor/github.com/checkpoint-restore/go-criu/v5/Makefile b/vendor/github.com/checkpoint-restore/go-criu/v5/Makefile deleted file mode 100644 index 67c43a05b32..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v5/Makefile +++ /dev/null @@ -1,107 +0,0 @@ -SHELL = /bin/bash -GO ?= go -CC ?= gcc -COVERAGE_PATH ?= $(shell pwd)/.coverage -CRIU_FEATURE_MEM_TRACK = $(shell if criu check --feature mem_dirty_track > /dev/null; then echo 1; else echo 0; fi) -CRIU_FEATURE_LAZY_PAGES = $(shell if criu check --feature uffd-noncoop > /dev/null; then echo 1; else echo 0; fi) -CRIU_FEATURE_PIDFD_STORE = $(shell if criu check --feature pidfd_store > /dev/null; then echo 1; else echo 0; fi) - -export CRIU_FEATURE_MEM_TRACK CRIU_FEATURE_LAZY_PAGES CRIU_FEATURE_PIDFD_STORE - -all: build test phaul-test - -lint: - golangci-lint run ./... - -build: - $(GO) build -v ./... - -TEST_PAYLOAD := test/piggie/piggie -TEST_BINARIES := test/test $(TEST_PAYLOAD) test/phaul/phaul -COVERAGE_BINARIES := test/test.coverage test/phaul/phaul.coverage -test-bin: $(TEST_BINARIES) - -test/piggie/piggie: test/piggie/piggie.c - $(CC) $^ -o $@ - -test/test: test/main.go - $(GO) build -v -o $@ $^ - -test: $(TEST_BINARIES) - mkdir -p image - PID=$$(test/piggie/piggie) && { \ - test/test dump $$PID image && \ - test/test restore image; \ - pkill -9 piggie; \ - } - rm -rf image - -test/phaul/phaul: test/phaul/main.go - $(GO) build -v -o $@ $^ - -phaul-test: $(TEST_BINARIES) - rm -rf image - PID=$$(test/piggie/piggie) && { \ - test/phaul/phaul $$PID; \ - pkill -9 piggie; \ - } - -test/test.coverage: test/*.go - $(GO) test \ - -covermode=count \ - -coverpkg=./... \ - -mod=vendor \ - -tags coverage \ - -buildmode=pie -c -o $@ $^ - -test/phaul/phaul.coverage: test/phaul/*.go - $(GO) test \ - -covermode=count \ - -coverpkg=./... \ - -mod=vendor \ - -tags coverage \ - -buildmode=pie -c -o $@ $^ - -coverage: $(COVERAGE_BINARIES) $(TEST_PAYLOAD) - mkdir -p $(COVERAGE_PATH) - mkdir -p image - PID=$$(test/piggie/piggie) && { \ - test/test.coverage -test.coverprofile=coverprofile.integration.$$RANDOM -test.outputdir=${COVERAGE_PATH} COVERAGE dump $$PID image && \ - test/test.coverage -test.coverprofile=coverprofile.integration.$$RANDOM -test.outputdir=${COVERAGE_PATH} COVERAGE restore image; \ - pkill -9 piggie; \ - } - rm -rf image - PID=$$(test/piggie/piggie) && { \ - test/phaul/phaul.coverage -test.coverprofile=coverprofile.integration.$$RANDOM -test.outputdir=${COVERAGE_PATH} COVERAGE $$PID; \ - pkill -9 piggie; \ - } - echo "mode: set" > .coverage/coverage.out && cat .coverage/coverprofile* | \ - grep -v mode: | sort -r | awk '{if($$1 != last) {print $$0;last=$$1}}' >> .coverage/coverage.out - -clean: - @rm -f $(TEST_BINARIES) $(COVERAGE_BINARIES) codecov - @rm -rf image $(COVERAGE_PATH) - -rpc/rpc.proto: - curl -sSL https://raw.githubusercontent.com/checkpoint-restore/criu/master/images/rpc.proto -o $@ - -stats/stats.proto: - curl -sSL https://raw.githubusercontent.com/checkpoint-restore/criu/master/images/stats.proto -o $@ - -rpc/rpc.pb.go: rpc/rpc.proto - protoc --go_out=. --go_opt=M$^=rpc/ $^ - -stats/stats.pb.go: stats/stats.proto - protoc --go_out=. --go_opt=M$^=stats/ $^ - -vendor: - GO111MODULE=on $(GO) mod tidy - GO111MODULE=on $(GO) mod vendor - GO111MODULE=on $(GO) mod verify - -codecov: - curl -Os https://uploader.codecov.io/latest/linux/codecov - chmod +x codecov - ./codecov -f '.coverage/coverage.out' - -.PHONY: build test phaul-test test-bin clean lint vendor coverage codecov diff --git a/vendor/github.com/checkpoint-restore/go-criu/v5/rpc/rpc.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v5/rpc/rpc.pb.go deleted file mode 100644 index 15e33fea52f..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v5/rpc/rpc.pb.go +++ /dev/null @@ -1,2237 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.27.1 -// protoc v3.12.4 -// source: rpc/rpc.proto - -package rpc - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type CriuCgMode int32 - -const ( - CriuCgMode_IGNORE CriuCgMode = 0 - CriuCgMode_CG_NONE CriuCgMode = 1 - CriuCgMode_PROPS CriuCgMode = 2 - CriuCgMode_SOFT CriuCgMode = 3 - CriuCgMode_FULL CriuCgMode = 4 - CriuCgMode_STRICT CriuCgMode = 5 - CriuCgMode_DEFAULT CriuCgMode = 6 -) - -// Enum value maps for CriuCgMode. -var ( - CriuCgMode_name = map[int32]string{ - 0: "IGNORE", - 1: "CG_NONE", - 2: "PROPS", - 3: "SOFT", - 4: "FULL", - 5: "STRICT", - 6: "DEFAULT", - } - CriuCgMode_value = map[string]int32{ - "IGNORE": 0, - "CG_NONE": 1, - "PROPS": 2, - "SOFT": 3, - "FULL": 4, - "STRICT": 5, - "DEFAULT": 6, - } -) - -func (x CriuCgMode) Enum() *CriuCgMode { - p := new(CriuCgMode) - *p = x - return p -} - -func (x CriuCgMode) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (CriuCgMode) Descriptor() protoreflect.EnumDescriptor { - return file_rpc_rpc_proto_enumTypes[0].Descriptor() -} - -func (CriuCgMode) Type() protoreflect.EnumType { - return &file_rpc_rpc_proto_enumTypes[0] -} - -func (x CriuCgMode) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Do not use. -func (x *CriuCgMode) UnmarshalJSON(b []byte) error { - num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b) - if err != nil { - return err - } - *x = CriuCgMode(num) - return nil -} - -// Deprecated: Use CriuCgMode.Descriptor instead. -func (CriuCgMode) EnumDescriptor() ([]byte, []int) { - return file_rpc_rpc_proto_rawDescGZIP(), []int{0} -} - -type CriuPreDumpMode int32 - -const ( - CriuPreDumpMode_SPLICE CriuPreDumpMode = 1 - CriuPreDumpMode_VM_READ CriuPreDumpMode = 2 -) - -// Enum value maps for CriuPreDumpMode. -var ( - CriuPreDumpMode_name = map[int32]string{ - 1: "SPLICE", - 2: "VM_READ", - } - CriuPreDumpMode_value = map[string]int32{ - "SPLICE": 1, - "VM_READ": 2, - } -) - -func (x CriuPreDumpMode) Enum() *CriuPreDumpMode { - p := new(CriuPreDumpMode) - *p = x - return p -} - -func (x CriuPreDumpMode) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (CriuPreDumpMode) Descriptor() protoreflect.EnumDescriptor { - return file_rpc_rpc_proto_enumTypes[1].Descriptor() -} - -func (CriuPreDumpMode) Type() protoreflect.EnumType { - return &file_rpc_rpc_proto_enumTypes[1] -} - -func (x CriuPreDumpMode) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Do not use. -func (x *CriuPreDumpMode) UnmarshalJSON(b []byte) error { - num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b) - if err != nil { - return err - } - *x = CriuPreDumpMode(num) - return nil -} - -// Deprecated: Use CriuPreDumpMode.Descriptor instead. -func (CriuPreDumpMode) EnumDescriptor() ([]byte, []int) { - return file_rpc_rpc_proto_rawDescGZIP(), []int{1} -} - -type CriuReqType int32 - -const ( - CriuReqType_EMPTY CriuReqType = 0 - CriuReqType_DUMP CriuReqType = 1 - CriuReqType_RESTORE CriuReqType = 2 - CriuReqType_CHECK CriuReqType = 3 - CriuReqType_PRE_DUMP CriuReqType = 4 - CriuReqType_PAGE_SERVER CriuReqType = 5 - CriuReqType_NOTIFY CriuReqType = 6 - CriuReqType_CPUINFO_DUMP CriuReqType = 7 - CriuReqType_CPUINFO_CHECK CriuReqType = 8 - CriuReqType_FEATURE_CHECK CriuReqType = 9 - CriuReqType_VERSION CriuReqType = 10 - CriuReqType_WAIT_PID CriuReqType = 11 - CriuReqType_PAGE_SERVER_CHLD CriuReqType = 12 -) - -// Enum value maps for CriuReqType. -var ( - CriuReqType_name = map[int32]string{ - 0: "EMPTY", - 1: "DUMP", - 2: "RESTORE", - 3: "CHECK", - 4: "PRE_DUMP", - 5: "PAGE_SERVER", - 6: "NOTIFY", - 7: "CPUINFO_DUMP", - 8: "CPUINFO_CHECK", - 9: "FEATURE_CHECK", - 10: "VERSION", - 11: "WAIT_PID", - 12: "PAGE_SERVER_CHLD", - } - CriuReqType_value = map[string]int32{ - "EMPTY": 0, - "DUMP": 1, - "RESTORE": 2, - "CHECK": 3, - "PRE_DUMP": 4, - "PAGE_SERVER": 5, - "NOTIFY": 6, - "CPUINFO_DUMP": 7, - "CPUINFO_CHECK": 8, - "FEATURE_CHECK": 9, - "VERSION": 10, - "WAIT_PID": 11, - "PAGE_SERVER_CHLD": 12, - } -) - -func (x CriuReqType) Enum() *CriuReqType { - p := new(CriuReqType) - *p = x - return p -} - -func (x CriuReqType) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (CriuReqType) Descriptor() protoreflect.EnumDescriptor { - return file_rpc_rpc_proto_enumTypes[2].Descriptor() -} - -func (CriuReqType) Type() protoreflect.EnumType { - return &file_rpc_rpc_proto_enumTypes[2] -} - -func (x CriuReqType) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Do not use. -func (x *CriuReqType) UnmarshalJSON(b []byte) error { - num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b) - if err != nil { - return err - } - *x = CriuReqType(num) - return nil -} - -// Deprecated: Use CriuReqType.Descriptor instead. -func (CriuReqType) EnumDescriptor() ([]byte, []int) { - return file_rpc_rpc_proto_rawDescGZIP(), []int{2} -} - -type CriuPageServerInfo struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Address *string `protobuf:"bytes,1,opt,name=address" json:"address,omitempty"` - Port *int32 `protobuf:"varint,2,opt,name=port" json:"port,omitempty"` - Pid *int32 `protobuf:"varint,3,opt,name=pid" json:"pid,omitempty"` - Fd *int32 `protobuf:"varint,4,opt,name=fd" json:"fd,omitempty"` -} - -func (x *CriuPageServerInfo) Reset() { - *x = CriuPageServerInfo{} - if protoimpl.UnsafeEnabled { - mi := &file_rpc_rpc_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *CriuPageServerInfo) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*CriuPageServerInfo) ProtoMessage() {} - -func (x *CriuPageServerInfo) ProtoReflect() protoreflect.Message { - mi := &file_rpc_rpc_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use CriuPageServerInfo.ProtoReflect.Descriptor instead. -func (*CriuPageServerInfo) Descriptor() ([]byte, []int) { - return file_rpc_rpc_proto_rawDescGZIP(), []int{0} -} - -func (x *CriuPageServerInfo) GetAddress() string { - if x != nil && x.Address != nil { - return *x.Address - } - return "" -} - -func (x *CriuPageServerInfo) GetPort() int32 { - if x != nil && x.Port != nil { - return *x.Port - } - return 0 -} - -func (x *CriuPageServerInfo) GetPid() int32 { - if x != nil && x.Pid != nil { - return *x.Pid - } - return 0 -} - -func (x *CriuPageServerInfo) GetFd() int32 { - if x != nil && x.Fd != nil { - return *x.Fd - } - return 0 -} - -type CriuVethPair struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - IfIn *string `protobuf:"bytes,1,req,name=if_in,json=ifIn" json:"if_in,omitempty"` - IfOut *string `protobuf:"bytes,2,req,name=if_out,json=ifOut" json:"if_out,omitempty"` -} - -func (x *CriuVethPair) Reset() { - *x = CriuVethPair{} - if protoimpl.UnsafeEnabled { - mi := &file_rpc_rpc_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *CriuVethPair) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*CriuVethPair) ProtoMessage() {} - -func (x *CriuVethPair) ProtoReflect() protoreflect.Message { - mi := &file_rpc_rpc_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use CriuVethPair.ProtoReflect.Descriptor instead. -func (*CriuVethPair) Descriptor() ([]byte, []int) { - return file_rpc_rpc_proto_rawDescGZIP(), []int{1} -} - -func (x *CriuVethPair) GetIfIn() string { - if x != nil && x.IfIn != nil { - return *x.IfIn - } - return "" -} - -func (x *CriuVethPair) GetIfOut() string { - if x != nil && x.IfOut != nil { - return *x.IfOut - } - return "" -} - -type ExtMountMap struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Key *string `protobuf:"bytes,1,req,name=key" json:"key,omitempty"` - Val *string `protobuf:"bytes,2,req,name=val" json:"val,omitempty"` -} - -func (x *ExtMountMap) Reset() { - *x = ExtMountMap{} - if protoimpl.UnsafeEnabled { - mi := &file_rpc_rpc_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ExtMountMap) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ExtMountMap) ProtoMessage() {} - -func (x *ExtMountMap) ProtoReflect() protoreflect.Message { - mi := &file_rpc_rpc_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ExtMountMap.ProtoReflect.Descriptor instead. -func (*ExtMountMap) Descriptor() ([]byte, []int) { - return file_rpc_rpc_proto_rawDescGZIP(), []int{2} -} - -func (x *ExtMountMap) GetKey() string { - if x != nil && x.Key != nil { - return *x.Key - } - return "" -} - -func (x *ExtMountMap) GetVal() string { - if x != nil && x.Val != nil { - return *x.Val - } - return "" -} - -type JoinNamespace struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Ns *string `protobuf:"bytes,1,req,name=ns" json:"ns,omitempty"` - NsFile *string `protobuf:"bytes,2,req,name=ns_file,json=nsFile" json:"ns_file,omitempty"` - ExtraOpt *string `protobuf:"bytes,3,opt,name=extra_opt,json=extraOpt" json:"extra_opt,omitempty"` -} - -func (x *JoinNamespace) Reset() { - *x = JoinNamespace{} - if protoimpl.UnsafeEnabled { - mi := &file_rpc_rpc_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *JoinNamespace) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*JoinNamespace) ProtoMessage() {} - -func (x *JoinNamespace) ProtoReflect() protoreflect.Message { - mi := &file_rpc_rpc_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use JoinNamespace.ProtoReflect.Descriptor instead. -func (*JoinNamespace) Descriptor() ([]byte, []int) { - return file_rpc_rpc_proto_rawDescGZIP(), []int{3} -} - -func (x *JoinNamespace) GetNs() string { - if x != nil && x.Ns != nil { - return *x.Ns - } - return "" -} - -func (x *JoinNamespace) GetNsFile() string { - if x != nil && x.NsFile != nil { - return *x.NsFile - } - return "" -} - -func (x *JoinNamespace) GetExtraOpt() string { - if x != nil && x.ExtraOpt != nil { - return *x.ExtraOpt - } - return "" -} - -type InheritFd struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Key *string `protobuf:"bytes,1,req,name=key" json:"key,omitempty"` - Fd *int32 `protobuf:"varint,2,req,name=fd" json:"fd,omitempty"` -} - -func (x *InheritFd) Reset() { - *x = InheritFd{} - if protoimpl.UnsafeEnabled { - mi := &file_rpc_rpc_proto_msgTypes[4] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *InheritFd) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*InheritFd) ProtoMessage() {} - -func (x *InheritFd) ProtoReflect() protoreflect.Message { - mi := &file_rpc_rpc_proto_msgTypes[4] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use InheritFd.ProtoReflect.Descriptor instead. -func (*InheritFd) Descriptor() ([]byte, []int) { - return file_rpc_rpc_proto_rawDescGZIP(), []int{4} -} - -func (x *InheritFd) GetKey() string { - if x != nil && x.Key != nil { - return *x.Key - } - return "" -} - -func (x *InheritFd) GetFd() int32 { - if x != nil && x.Fd != nil { - return *x.Fd - } - return 0 -} - -type CgroupRoot struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Ctrl *string `protobuf:"bytes,1,opt,name=ctrl" json:"ctrl,omitempty"` - Path *string `protobuf:"bytes,2,req,name=path" json:"path,omitempty"` -} - -func (x *CgroupRoot) Reset() { - *x = CgroupRoot{} - if protoimpl.UnsafeEnabled { - mi := &file_rpc_rpc_proto_msgTypes[5] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *CgroupRoot) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*CgroupRoot) ProtoMessage() {} - -func (x *CgroupRoot) ProtoReflect() protoreflect.Message { - mi := &file_rpc_rpc_proto_msgTypes[5] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use CgroupRoot.ProtoReflect.Descriptor instead. -func (*CgroupRoot) Descriptor() ([]byte, []int) { - return file_rpc_rpc_proto_rawDescGZIP(), []int{5} -} - -func (x *CgroupRoot) GetCtrl() string { - if x != nil && x.Ctrl != nil { - return *x.Ctrl - } - return "" -} - -func (x *CgroupRoot) GetPath() string { - if x != nil && x.Path != nil { - return *x.Path - } - return "" -} - -type UnixSk struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Inode *uint32 `protobuf:"varint,1,req,name=inode" json:"inode,omitempty"` -} - -func (x *UnixSk) Reset() { - *x = UnixSk{} - if protoimpl.UnsafeEnabled { - mi := &file_rpc_rpc_proto_msgTypes[6] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *UnixSk) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*UnixSk) ProtoMessage() {} - -func (x *UnixSk) ProtoReflect() protoreflect.Message { - mi := &file_rpc_rpc_proto_msgTypes[6] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use UnixSk.ProtoReflect.Descriptor instead. -func (*UnixSk) Descriptor() ([]byte, []int) { - return file_rpc_rpc_proto_rawDescGZIP(), []int{6} -} - -func (x *UnixSk) GetInode() uint32 { - if x != nil && x.Inode != nil { - return *x.Inode - } - return 0 -} - -type CriuOpts struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - ImagesDirFd *int32 `protobuf:"varint,1,req,name=images_dir_fd,json=imagesDirFd" json:"images_dir_fd,omitempty"` - Pid *int32 `protobuf:"varint,2,opt,name=pid" json:"pid,omitempty"` // if not set on dump, will dump requesting process - LeaveRunning *bool `protobuf:"varint,3,opt,name=leave_running,json=leaveRunning" json:"leave_running,omitempty"` - ExtUnixSk *bool `protobuf:"varint,4,opt,name=ext_unix_sk,json=extUnixSk" json:"ext_unix_sk,omitempty"` - TcpEstablished *bool `protobuf:"varint,5,opt,name=tcp_established,json=tcpEstablished" json:"tcp_established,omitempty"` - EvasiveDevices *bool `protobuf:"varint,6,opt,name=evasive_devices,json=evasiveDevices" json:"evasive_devices,omitempty"` - ShellJob *bool `protobuf:"varint,7,opt,name=shell_job,json=shellJob" json:"shell_job,omitempty"` - FileLocks *bool `protobuf:"varint,8,opt,name=file_locks,json=fileLocks" json:"file_locks,omitempty"` - LogLevel *int32 `protobuf:"varint,9,opt,name=log_level,json=logLevel,def=2" json:"log_level,omitempty"` - LogFile *string `protobuf:"bytes,10,opt,name=log_file,json=logFile" json:"log_file,omitempty"` // No subdirs are allowed. Consider using work-dir - Ps *CriuPageServerInfo `protobuf:"bytes,11,opt,name=ps" json:"ps,omitempty"` - NotifyScripts *bool `protobuf:"varint,12,opt,name=notify_scripts,json=notifyScripts" json:"notify_scripts,omitempty"` - Root *string `protobuf:"bytes,13,opt,name=root" json:"root,omitempty"` - ParentImg *string `protobuf:"bytes,14,opt,name=parent_img,json=parentImg" json:"parent_img,omitempty"` - TrackMem *bool `protobuf:"varint,15,opt,name=track_mem,json=trackMem" json:"track_mem,omitempty"` - AutoDedup *bool `protobuf:"varint,16,opt,name=auto_dedup,json=autoDedup" json:"auto_dedup,omitempty"` - WorkDirFd *int32 `protobuf:"varint,17,opt,name=work_dir_fd,json=workDirFd" json:"work_dir_fd,omitempty"` - LinkRemap *bool `protobuf:"varint,18,opt,name=link_remap,json=linkRemap" json:"link_remap,omitempty"` - Veths []*CriuVethPair `protobuf:"bytes,19,rep,name=veths" json:"veths,omitempty"` // DEPRECATED, use external instead - CpuCap *uint32 `protobuf:"varint,20,opt,name=cpu_cap,json=cpuCap,def=4294967295" json:"cpu_cap,omitempty"` - ForceIrmap *bool `protobuf:"varint,21,opt,name=force_irmap,json=forceIrmap" json:"force_irmap,omitempty"` - ExecCmd []string `protobuf:"bytes,22,rep,name=exec_cmd,json=execCmd" json:"exec_cmd,omitempty"` - ExtMnt []*ExtMountMap `protobuf:"bytes,23,rep,name=ext_mnt,json=extMnt" json:"ext_mnt,omitempty"` // DEPRECATED, use external instead - ManageCgroups *bool `protobuf:"varint,24,opt,name=manage_cgroups,json=manageCgroups" json:"manage_cgroups,omitempty"` // backward compatibility - CgRoot []*CgroupRoot `protobuf:"bytes,25,rep,name=cg_root,json=cgRoot" json:"cg_root,omitempty"` - RstSibling *bool `protobuf:"varint,26,opt,name=rst_sibling,json=rstSibling" json:"rst_sibling,omitempty"` // swrk only - InheritFd []*InheritFd `protobuf:"bytes,27,rep,name=inherit_fd,json=inheritFd" json:"inherit_fd,omitempty"` // swrk only - AutoExtMnt *bool `protobuf:"varint,28,opt,name=auto_ext_mnt,json=autoExtMnt" json:"auto_ext_mnt,omitempty"` - ExtSharing *bool `protobuf:"varint,29,opt,name=ext_sharing,json=extSharing" json:"ext_sharing,omitempty"` - ExtMasters *bool `protobuf:"varint,30,opt,name=ext_masters,json=extMasters" json:"ext_masters,omitempty"` - SkipMnt []string `protobuf:"bytes,31,rep,name=skip_mnt,json=skipMnt" json:"skip_mnt,omitempty"` - EnableFs []string `protobuf:"bytes,32,rep,name=enable_fs,json=enableFs" json:"enable_fs,omitempty"` - UnixSkIno []*UnixSk `protobuf:"bytes,33,rep,name=unix_sk_ino,json=unixSkIno" json:"unix_sk_ino,omitempty"` // DEPRECATED, use external instead - ManageCgroupsMode *CriuCgMode `protobuf:"varint,34,opt,name=manage_cgroups_mode,json=manageCgroupsMode,enum=CriuCgMode" json:"manage_cgroups_mode,omitempty"` - GhostLimit *uint32 `protobuf:"varint,35,opt,name=ghost_limit,json=ghostLimit,def=1048576" json:"ghost_limit,omitempty"` - IrmapScanPaths []string `protobuf:"bytes,36,rep,name=irmap_scan_paths,json=irmapScanPaths" json:"irmap_scan_paths,omitempty"` - External []string `protobuf:"bytes,37,rep,name=external" json:"external,omitempty"` - EmptyNs *uint32 `protobuf:"varint,38,opt,name=empty_ns,json=emptyNs" json:"empty_ns,omitempty"` - JoinNs []*JoinNamespace `protobuf:"bytes,39,rep,name=join_ns,json=joinNs" json:"join_ns,omitempty"` - CgroupProps *string `protobuf:"bytes,41,opt,name=cgroup_props,json=cgroupProps" json:"cgroup_props,omitempty"` - CgroupPropsFile *string `protobuf:"bytes,42,opt,name=cgroup_props_file,json=cgroupPropsFile" json:"cgroup_props_file,omitempty"` - CgroupDumpController []string `protobuf:"bytes,43,rep,name=cgroup_dump_controller,json=cgroupDumpController" json:"cgroup_dump_controller,omitempty"` - FreezeCgroup *string `protobuf:"bytes,44,opt,name=freeze_cgroup,json=freezeCgroup" json:"freeze_cgroup,omitempty"` - Timeout *uint32 `protobuf:"varint,45,opt,name=timeout" json:"timeout,omitempty"` - TcpSkipInFlight *bool `protobuf:"varint,46,opt,name=tcp_skip_in_flight,json=tcpSkipInFlight" json:"tcp_skip_in_flight,omitempty"` - WeakSysctls *bool `protobuf:"varint,47,opt,name=weak_sysctls,json=weakSysctls" json:"weak_sysctls,omitempty"` - LazyPages *bool `protobuf:"varint,48,opt,name=lazy_pages,json=lazyPages" json:"lazy_pages,omitempty"` - StatusFd *int32 `protobuf:"varint,49,opt,name=status_fd,json=statusFd" json:"status_fd,omitempty"` - OrphanPtsMaster *bool `protobuf:"varint,50,opt,name=orphan_pts_master,json=orphanPtsMaster" json:"orphan_pts_master,omitempty"` - ConfigFile *string `protobuf:"bytes,51,opt,name=config_file,json=configFile" json:"config_file,omitempty"` - TcpClose *bool `protobuf:"varint,52,opt,name=tcp_close,json=tcpClose" json:"tcp_close,omitempty"` - LsmProfile *string `protobuf:"bytes,53,opt,name=lsm_profile,json=lsmProfile" json:"lsm_profile,omitempty"` - TlsCacert *string `protobuf:"bytes,54,opt,name=tls_cacert,json=tlsCacert" json:"tls_cacert,omitempty"` - TlsCacrl *string `protobuf:"bytes,55,opt,name=tls_cacrl,json=tlsCacrl" json:"tls_cacrl,omitempty"` - TlsCert *string `protobuf:"bytes,56,opt,name=tls_cert,json=tlsCert" json:"tls_cert,omitempty"` - TlsKey *string `protobuf:"bytes,57,opt,name=tls_key,json=tlsKey" json:"tls_key,omitempty"` - Tls *bool `protobuf:"varint,58,opt,name=tls" json:"tls,omitempty"` - TlsNoCnVerify *bool `protobuf:"varint,59,opt,name=tls_no_cn_verify,json=tlsNoCnVerify" json:"tls_no_cn_verify,omitempty"` - CgroupYard *string `protobuf:"bytes,60,opt,name=cgroup_yard,json=cgroupYard" json:"cgroup_yard,omitempty"` - PreDumpMode *CriuPreDumpMode `protobuf:"varint,61,opt,name=pre_dump_mode,json=preDumpMode,enum=CriuPreDumpMode,def=1" json:"pre_dump_mode,omitempty"` - PidfdStoreSk *int32 `protobuf:"varint,62,opt,name=pidfd_store_sk,json=pidfdStoreSk" json:"pidfd_store_sk,omitempty"` - LsmMountContext *string `protobuf:"bytes,63,opt,name=lsm_mount_context,json=lsmMountContext" json:"lsm_mount_context,omitempty"` // optional bool check_mounts = 128; -} - -// Default values for CriuOpts fields. -const ( - Default_CriuOpts_LogLevel = int32(2) - Default_CriuOpts_CpuCap = uint32(4294967295) - Default_CriuOpts_GhostLimit = uint32(1048576) - Default_CriuOpts_PreDumpMode = CriuPreDumpMode_SPLICE -) - -func (x *CriuOpts) Reset() { - *x = CriuOpts{} - if protoimpl.UnsafeEnabled { - mi := &file_rpc_rpc_proto_msgTypes[7] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *CriuOpts) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*CriuOpts) ProtoMessage() {} - -func (x *CriuOpts) ProtoReflect() protoreflect.Message { - mi := &file_rpc_rpc_proto_msgTypes[7] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use CriuOpts.ProtoReflect.Descriptor instead. -func (*CriuOpts) Descriptor() ([]byte, []int) { - return file_rpc_rpc_proto_rawDescGZIP(), []int{7} -} - -func (x *CriuOpts) GetImagesDirFd() int32 { - if x != nil && x.ImagesDirFd != nil { - return *x.ImagesDirFd - } - return 0 -} - -func (x *CriuOpts) GetPid() int32 { - if x != nil && x.Pid != nil { - return *x.Pid - } - return 0 -} - -func (x *CriuOpts) GetLeaveRunning() bool { - if x != nil && x.LeaveRunning != nil { - return *x.LeaveRunning - } - return false -} - -func (x *CriuOpts) GetExtUnixSk() bool { - if x != nil && x.ExtUnixSk != nil { - return *x.ExtUnixSk - } - return false -} - -func (x *CriuOpts) GetTcpEstablished() bool { - if x != nil && x.TcpEstablished != nil { - return *x.TcpEstablished - } - return false -} - -func (x *CriuOpts) GetEvasiveDevices() bool { - if x != nil && x.EvasiveDevices != nil { - return *x.EvasiveDevices - } - return false -} - -func (x *CriuOpts) GetShellJob() bool { - if x != nil && x.ShellJob != nil { - return *x.ShellJob - } - return false -} - -func (x *CriuOpts) GetFileLocks() bool { - if x != nil && x.FileLocks != nil { - return *x.FileLocks - } - return false -} - -func (x *CriuOpts) GetLogLevel() int32 { - if x != nil && x.LogLevel != nil { - return *x.LogLevel - } - return Default_CriuOpts_LogLevel -} - -func (x *CriuOpts) GetLogFile() string { - if x != nil && x.LogFile != nil { - return *x.LogFile - } - return "" -} - -func (x *CriuOpts) GetPs() *CriuPageServerInfo { - if x != nil { - return x.Ps - } - return nil -} - -func (x *CriuOpts) GetNotifyScripts() bool { - if x != nil && x.NotifyScripts != nil { - return *x.NotifyScripts - } - return false -} - -func (x *CriuOpts) GetRoot() string { - if x != nil && x.Root != nil { - return *x.Root - } - return "" -} - -func (x *CriuOpts) GetParentImg() string { - if x != nil && x.ParentImg != nil { - return *x.ParentImg - } - return "" -} - -func (x *CriuOpts) GetTrackMem() bool { - if x != nil && x.TrackMem != nil { - return *x.TrackMem - } - return false -} - -func (x *CriuOpts) GetAutoDedup() bool { - if x != nil && x.AutoDedup != nil { - return *x.AutoDedup - } - return false -} - -func (x *CriuOpts) GetWorkDirFd() int32 { - if x != nil && x.WorkDirFd != nil { - return *x.WorkDirFd - } - return 0 -} - -func (x *CriuOpts) GetLinkRemap() bool { - if x != nil && x.LinkRemap != nil { - return *x.LinkRemap - } - return false -} - -func (x *CriuOpts) GetVeths() []*CriuVethPair { - if x != nil { - return x.Veths - } - return nil -} - -func (x *CriuOpts) GetCpuCap() uint32 { - if x != nil && x.CpuCap != nil { - return *x.CpuCap - } - return Default_CriuOpts_CpuCap -} - -func (x *CriuOpts) GetForceIrmap() bool { - if x != nil && x.ForceIrmap != nil { - return *x.ForceIrmap - } - return false -} - -func (x *CriuOpts) GetExecCmd() []string { - if x != nil { - return x.ExecCmd - } - return nil -} - -func (x *CriuOpts) GetExtMnt() []*ExtMountMap { - if x != nil { - return x.ExtMnt - } - return nil -} - -func (x *CriuOpts) GetManageCgroups() bool { - if x != nil && x.ManageCgroups != nil { - return *x.ManageCgroups - } - return false -} - -func (x *CriuOpts) GetCgRoot() []*CgroupRoot { - if x != nil { - return x.CgRoot - } - return nil -} - -func (x *CriuOpts) GetRstSibling() bool { - if x != nil && x.RstSibling != nil { - return *x.RstSibling - } - return false -} - -func (x *CriuOpts) GetInheritFd() []*InheritFd { - if x != nil { - return x.InheritFd - } - return nil -} - -func (x *CriuOpts) GetAutoExtMnt() bool { - if x != nil && x.AutoExtMnt != nil { - return *x.AutoExtMnt - } - return false -} - -func (x *CriuOpts) GetExtSharing() bool { - if x != nil && x.ExtSharing != nil { - return *x.ExtSharing - } - return false -} - -func (x *CriuOpts) GetExtMasters() bool { - if x != nil && x.ExtMasters != nil { - return *x.ExtMasters - } - return false -} - -func (x *CriuOpts) GetSkipMnt() []string { - if x != nil { - return x.SkipMnt - } - return nil -} - -func (x *CriuOpts) GetEnableFs() []string { - if x != nil { - return x.EnableFs - } - return nil -} - -func (x *CriuOpts) GetUnixSkIno() []*UnixSk { - if x != nil { - return x.UnixSkIno - } - return nil -} - -func (x *CriuOpts) GetManageCgroupsMode() CriuCgMode { - if x != nil && x.ManageCgroupsMode != nil { - return *x.ManageCgroupsMode - } - return CriuCgMode_IGNORE -} - -func (x *CriuOpts) GetGhostLimit() uint32 { - if x != nil && x.GhostLimit != nil { - return *x.GhostLimit - } - return Default_CriuOpts_GhostLimit -} - -func (x *CriuOpts) GetIrmapScanPaths() []string { - if x != nil { - return x.IrmapScanPaths - } - return nil -} - -func (x *CriuOpts) GetExternal() []string { - if x != nil { - return x.External - } - return nil -} - -func (x *CriuOpts) GetEmptyNs() uint32 { - if x != nil && x.EmptyNs != nil { - return *x.EmptyNs - } - return 0 -} - -func (x *CriuOpts) GetJoinNs() []*JoinNamespace { - if x != nil { - return x.JoinNs - } - return nil -} - -func (x *CriuOpts) GetCgroupProps() string { - if x != nil && x.CgroupProps != nil { - return *x.CgroupProps - } - return "" -} - -func (x *CriuOpts) GetCgroupPropsFile() string { - if x != nil && x.CgroupPropsFile != nil { - return *x.CgroupPropsFile - } - return "" -} - -func (x *CriuOpts) GetCgroupDumpController() []string { - if x != nil { - return x.CgroupDumpController - } - return nil -} - -func (x *CriuOpts) GetFreezeCgroup() string { - if x != nil && x.FreezeCgroup != nil { - return *x.FreezeCgroup - } - return "" -} - -func (x *CriuOpts) GetTimeout() uint32 { - if x != nil && x.Timeout != nil { - return *x.Timeout - } - return 0 -} - -func (x *CriuOpts) GetTcpSkipInFlight() bool { - if x != nil && x.TcpSkipInFlight != nil { - return *x.TcpSkipInFlight - } - return false -} - -func (x *CriuOpts) GetWeakSysctls() bool { - if x != nil && x.WeakSysctls != nil { - return *x.WeakSysctls - } - return false -} - -func (x *CriuOpts) GetLazyPages() bool { - if x != nil && x.LazyPages != nil { - return *x.LazyPages - } - return false -} - -func (x *CriuOpts) GetStatusFd() int32 { - if x != nil && x.StatusFd != nil { - return *x.StatusFd - } - return 0 -} - -func (x *CriuOpts) GetOrphanPtsMaster() bool { - if x != nil && x.OrphanPtsMaster != nil { - return *x.OrphanPtsMaster - } - return false -} - -func (x *CriuOpts) GetConfigFile() string { - if x != nil && x.ConfigFile != nil { - return *x.ConfigFile - } - return "" -} - -func (x *CriuOpts) GetTcpClose() bool { - if x != nil && x.TcpClose != nil { - return *x.TcpClose - } - return false -} - -func (x *CriuOpts) GetLsmProfile() string { - if x != nil && x.LsmProfile != nil { - return *x.LsmProfile - } - return "" -} - -func (x *CriuOpts) GetTlsCacert() string { - if x != nil && x.TlsCacert != nil { - return *x.TlsCacert - } - return "" -} - -func (x *CriuOpts) GetTlsCacrl() string { - if x != nil && x.TlsCacrl != nil { - return *x.TlsCacrl - } - return "" -} - -func (x *CriuOpts) GetTlsCert() string { - if x != nil && x.TlsCert != nil { - return *x.TlsCert - } - return "" -} - -func (x *CriuOpts) GetTlsKey() string { - if x != nil && x.TlsKey != nil { - return *x.TlsKey - } - return "" -} - -func (x *CriuOpts) GetTls() bool { - if x != nil && x.Tls != nil { - return *x.Tls - } - return false -} - -func (x *CriuOpts) GetTlsNoCnVerify() bool { - if x != nil && x.TlsNoCnVerify != nil { - return *x.TlsNoCnVerify - } - return false -} - -func (x *CriuOpts) GetCgroupYard() string { - if x != nil && x.CgroupYard != nil { - return *x.CgroupYard - } - return "" -} - -func (x *CriuOpts) GetPreDumpMode() CriuPreDumpMode { - if x != nil && x.PreDumpMode != nil { - return *x.PreDumpMode - } - return Default_CriuOpts_PreDumpMode -} - -func (x *CriuOpts) GetPidfdStoreSk() int32 { - if x != nil && x.PidfdStoreSk != nil { - return *x.PidfdStoreSk - } - return 0 -} - -func (x *CriuOpts) GetLsmMountContext() string { - if x != nil && x.LsmMountContext != nil { - return *x.LsmMountContext - } - return "" -} - -type CriuDumpResp struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Restored *bool `protobuf:"varint,1,opt,name=restored" json:"restored,omitempty"` -} - -func (x *CriuDumpResp) Reset() { - *x = CriuDumpResp{} - if protoimpl.UnsafeEnabled { - mi := &file_rpc_rpc_proto_msgTypes[8] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *CriuDumpResp) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*CriuDumpResp) ProtoMessage() {} - -func (x *CriuDumpResp) ProtoReflect() protoreflect.Message { - mi := &file_rpc_rpc_proto_msgTypes[8] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use CriuDumpResp.ProtoReflect.Descriptor instead. -func (*CriuDumpResp) Descriptor() ([]byte, []int) { - return file_rpc_rpc_proto_rawDescGZIP(), []int{8} -} - -func (x *CriuDumpResp) GetRestored() bool { - if x != nil && x.Restored != nil { - return *x.Restored - } - return false -} - -type CriuRestoreResp struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Pid *int32 `protobuf:"varint,1,req,name=pid" json:"pid,omitempty"` -} - -func (x *CriuRestoreResp) Reset() { - *x = CriuRestoreResp{} - if protoimpl.UnsafeEnabled { - mi := &file_rpc_rpc_proto_msgTypes[9] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *CriuRestoreResp) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*CriuRestoreResp) ProtoMessage() {} - -func (x *CriuRestoreResp) ProtoReflect() protoreflect.Message { - mi := &file_rpc_rpc_proto_msgTypes[9] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use CriuRestoreResp.ProtoReflect.Descriptor instead. -func (*CriuRestoreResp) Descriptor() ([]byte, []int) { - return file_rpc_rpc_proto_rawDescGZIP(), []int{9} -} - -func (x *CriuRestoreResp) GetPid() int32 { - if x != nil && x.Pid != nil { - return *x.Pid - } - return 0 -} - -type CriuNotify struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Script *string `protobuf:"bytes,1,opt,name=script" json:"script,omitempty"` - Pid *int32 `protobuf:"varint,2,opt,name=pid" json:"pid,omitempty"` -} - -func (x *CriuNotify) Reset() { - *x = CriuNotify{} - if protoimpl.UnsafeEnabled { - mi := &file_rpc_rpc_proto_msgTypes[10] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *CriuNotify) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*CriuNotify) ProtoMessage() {} - -func (x *CriuNotify) ProtoReflect() protoreflect.Message { - mi := &file_rpc_rpc_proto_msgTypes[10] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use CriuNotify.ProtoReflect.Descriptor instead. -func (*CriuNotify) Descriptor() ([]byte, []int) { - return file_rpc_rpc_proto_rawDescGZIP(), []int{10} -} - -func (x *CriuNotify) GetScript() string { - if x != nil && x.Script != nil { - return *x.Script - } - return "" -} - -func (x *CriuNotify) GetPid() int32 { - if x != nil && x.Pid != nil { - return *x.Pid - } - return 0 -} - -// -// List of features which can queried via -// CRIU_REQ_TYPE__FEATURE_CHECK -type CriuFeatures struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - MemTrack *bool `protobuf:"varint,1,opt,name=mem_track,json=memTrack" json:"mem_track,omitempty"` - LazyPages *bool `protobuf:"varint,2,opt,name=lazy_pages,json=lazyPages" json:"lazy_pages,omitempty"` - PidfdStore *bool `protobuf:"varint,3,opt,name=pidfd_store,json=pidfdStore" json:"pidfd_store,omitempty"` -} - -func (x *CriuFeatures) Reset() { - *x = CriuFeatures{} - if protoimpl.UnsafeEnabled { - mi := &file_rpc_rpc_proto_msgTypes[11] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *CriuFeatures) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*CriuFeatures) ProtoMessage() {} - -func (x *CriuFeatures) ProtoReflect() protoreflect.Message { - mi := &file_rpc_rpc_proto_msgTypes[11] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use CriuFeatures.ProtoReflect.Descriptor instead. -func (*CriuFeatures) Descriptor() ([]byte, []int) { - return file_rpc_rpc_proto_rawDescGZIP(), []int{11} -} - -func (x *CriuFeatures) GetMemTrack() bool { - if x != nil && x.MemTrack != nil { - return *x.MemTrack - } - return false -} - -func (x *CriuFeatures) GetLazyPages() bool { - if x != nil && x.LazyPages != nil { - return *x.LazyPages - } - return false -} - -func (x *CriuFeatures) GetPidfdStore() bool { - if x != nil && x.PidfdStore != nil { - return *x.PidfdStore - } - return false -} - -type CriuReq struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Type *CriuReqType `protobuf:"varint,1,req,name=type,enum=CriuReqType" json:"type,omitempty"` - Opts *CriuOpts `protobuf:"bytes,2,opt,name=opts" json:"opts,omitempty"` - NotifySuccess *bool `protobuf:"varint,3,opt,name=notify_success,json=notifySuccess" json:"notify_success,omitempty"` - // - // When set service won't close the connection but - // will wait for more req-s to appear. Works not - // for all request types. - KeepOpen *bool `protobuf:"varint,4,opt,name=keep_open,json=keepOpen" json:"keep_open,omitempty"` - // - // 'features' can be used to query which features - // are supported by the installed criu/kernel - // via RPC. - Features *CriuFeatures `protobuf:"bytes,5,opt,name=features" json:"features,omitempty"` - // 'pid' is used for WAIT_PID - Pid *uint32 `protobuf:"varint,6,opt,name=pid" json:"pid,omitempty"` -} - -func (x *CriuReq) Reset() { - *x = CriuReq{} - if protoimpl.UnsafeEnabled { - mi := &file_rpc_rpc_proto_msgTypes[12] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *CriuReq) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*CriuReq) ProtoMessage() {} - -func (x *CriuReq) ProtoReflect() protoreflect.Message { - mi := &file_rpc_rpc_proto_msgTypes[12] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use CriuReq.ProtoReflect.Descriptor instead. -func (*CriuReq) Descriptor() ([]byte, []int) { - return file_rpc_rpc_proto_rawDescGZIP(), []int{12} -} - -func (x *CriuReq) GetType() CriuReqType { - if x != nil && x.Type != nil { - return *x.Type - } - return CriuReqType_EMPTY -} - -func (x *CriuReq) GetOpts() *CriuOpts { - if x != nil { - return x.Opts - } - return nil -} - -func (x *CriuReq) GetNotifySuccess() bool { - if x != nil && x.NotifySuccess != nil { - return *x.NotifySuccess - } - return false -} - -func (x *CriuReq) GetKeepOpen() bool { - if x != nil && x.KeepOpen != nil { - return *x.KeepOpen - } - return false -} - -func (x *CriuReq) GetFeatures() *CriuFeatures { - if x != nil { - return x.Features - } - return nil -} - -func (x *CriuReq) GetPid() uint32 { - if x != nil && x.Pid != nil { - return *x.Pid - } - return 0 -} - -type CriuResp struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Type *CriuReqType `protobuf:"varint,1,req,name=type,enum=CriuReqType" json:"type,omitempty"` - Success *bool `protobuf:"varint,2,req,name=success" json:"success,omitempty"` - Dump *CriuDumpResp `protobuf:"bytes,3,opt,name=dump" json:"dump,omitempty"` - Restore *CriuRestoreResp `protobuf:"bytes,4,opt,name=restore" json:"restore,omitempty"` - Notify *CriuNotify `protobuf:"bytes,5,opt,name=notify" json:"notify,omitempty"` - Ps *CriuPageServerInfo `protobuf:"bytes,6,opt,name=ps" json:"ps,omitempty"` - CrErrno *int32 `protobuf:"varint,7,opt,name=cr_errno,json=crErrno" json:"cr_errno,omitempty"` - Features *CriuFeatures `protobuf:"bytes,8,opt,name=features" json:"features,omitempty"` - CrErrmsg *string `protobuf:"bytes,9,opt,name=cr_errmsg,json=crErrmsg" json:"cr_errmsg,omitempty"` - Version *CriuVersion `protobuf:"bytes,10,opt,name=version" json:"version,omitempty"` - Status *int32 `protobuf:"varint,11,opt,name=status" json:"status,omitempty"` -} - -func (x *CriuResp) Reset() { - *x = CriuResp{} - if protoimpl.UnsafeEnabled { - mi := &file_rpc_rpc_proto_msgTypes[13] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *CriuResp) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*CriuResp) ProtoMessage() {} - -func (x *CriuResp) ProtoReflect() protoreflect.Message { - mi := &file_rpc_rpc_proto_msgTypes[13] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use CriuResp.ProtoReflect.Descriptor instead. -func (*CriuResp) Descriptor() ([]byte, []int) { - return file_rpc_rpc_proto_rawDescGZIP(), []int{13} -} - -func (x *CriuResp) GetType() CriuReqType { - if x != nil && x.Type != nil { - return *x.Type - } - return CriuReqType_EMPTY -} - -func (x *CriuResp) GetSuccess() bool { - if x != nil && x.Success != nil { - return *x.Success - } - return false -} - -func (x *CriuResp) GetDump() *CriuDumpResp { - if x != nil { - return x.Dump - } - return nil -} - -func (x *CriuResp) GetRestore() *CriuRestoreResp { - if x != nil { - return x.Restore - } - return nil -} - -func (x *CriuResp) GetNotify() *CriuNotify { - if x != nil { - return x.Notify - } - return nil -} - -func (x *CriuResp) GetPs() *CriuPageServerInfo { - if x != nil { - return x.Ps - } - return nil -} - -func (x *CriuResp) GetCrErrno() int32 { - if x != nil && x.CrErrno != nil { - return *x.CrErrno - } - return 0 -} - -func (x *CriuResp) GetFeatures() *CriuFeatures { - if x != nil { - return x.Features - } - return nil -} - -func (x *CriuResp) GetCrErrmsg() string { - if x != nil && x.CrErrmsg != nil { - return *x.CrErrmsg - } - return "" -} - -func (x *CriuResp) GetVersion() *CriuVersion { - if x != nil { - return x.Version - } - return nil -} - -func (x *CriuResp) GetStatus() int32 { - if x != nil && x.Status != nil { - return *x.Status - } - return 0 -} - -// Answer for criu_req_type.VERSION requests -type CriuVersion struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - MajorNumber *int32 `protobuf:"varint,1,req,name=major_number,json=majorNumber" json:"major_number,omitempty"` - MinorNumber *int32 `protobuf:"varint,2,req,name=minor_number,json=minorNumber" json:"minor_number,omitempty"` - Gitid *string `protobuf:"bytes,3,opt,name=gitid" json:"gitid,omitempty"` - Sublevel *int32 `protobuf:"varint,4,opt,name=sublevel" json:"sublevel,omitempty"` - Extra *int32 `protobuf:"varint,5,opt,name=extra" json:"extra,omitempty"` - Name *string `protobuf:"bytes,6,opt,name=name" json:"name,omitempty"` -} - -func (x *CriuVersion) Reset() { - *x = CriuVersion{} - if protoimpl.UnsafeEnabled { - mi := &file_rpc_rpc_proto_msgTypes[14] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *CriuVersion) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*CriuVersion) ProtoMessage() {} - -func (x *CriuVersion) ProtoReflect() protoreflect.Message { - mi := &file_rpc_rpc_proto_msgTypes[14] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use CriuVersion.ProtoReflect.Descriptor instead. -func (*CriuVersion) Descriptor() ([]byte, []int) { - return file_rpc_rpc_proto_rawDescGZIP(), []int{14} -} - -func (x *CriuVersion) GetMajorNumber() int32 { - if x != nil && x.MajorNumber != nil { - return *x.MajorNumber - } - return 0 -} - -func (x *CriuVersion) GetMinorNumber() int32 { - if x != nil && x.MinorNumber != nil { - return *x.MinorNumber - } - return 0 -} - -func (x *CriuVersion) GetGitid() string { - if x != nil && x.Gitid != nil { - return *x.Gitid - } - return "" -} - -func (x *CriuVersion) GetSublevel() int32 { - if x != nil && x.Sublevel != nil { - return *x.Sublevel - } - return 0 -} - -func (x *CriuVersion) GetExtra() int32 { - if x != nil && x.Extra != nil { - return *x.Extra - } - return 0 -} - -func (x *CriuVersion) GetName() string { - if x != nil && x.Name != nil { - return *x.Name - } - return "" -} - -var File_rpc_rpc_proto protoreflect.FileDescriptor - -var file_rpc_rpc_proto_rawDesc = []byte{ - 0x0a, 0x0d, 0x72, 0x70, 0x63, 0x2f, 0x72, 0x70, 0x63, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, - 0x67, 0x0a, 0x15, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x70, 0x61, 0x67, 0x65, 0x5f, 0x73, 0x65, 0x72, - 0x76, 0x65, 0x72, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x12, 0x18, 0x0a, 0x07, 0x61, 0x64, 0x64, 0x72, - 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, - 0x73, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, - 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x70, 0x69, 0x64, 0x18, 0x03, 0x20, - 0x01, 0x28, 0x05, 0x52, 0x03, 0x70, 0x69, 0x64, 0x12, 0x0e, 0x0a, 0x02, 0x66, 0x64, 0x18, 0x04, - 0x20, 0x01, 0x28, 0x05, 0x52, 0x02, 0x66, 0x64, 0x22, 0x3c, 0x0a, 0x0e, 0x63, 0x72, 0x69, 0x75, - 0x5f, 0x76, 0x65, 0x74, 0x68, 0x5f, 0x70, 0x61, 0x69, 0x72, 0x12, 0x13, 0x0a, 0x05, 0x69, 0x66, - 0x5f, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x02, 0x28, 0x09, 0x52, 0x04, 0x69, 0x66, 0x49, 0x6e, 0x12, - 0x15, 0x0a, 0x06, 0x69, 0x66, 0x5f, 0x6f, 0x75, 0x74, 0x18, 0x02, 0x20, 0x02, 0x28, 0x09, 0x52, - 0x05, 0x69, 0x66, 0x4f, 0x75, 0x74, 0x22, 0x33, 0x0a, 0x0d, 0x65, 0x78, 0x74, 0x5f, 0x6d, 0x6f, - 0x75, 0x6e, 0x74, 0x5f, 0x6d, 0x61, 0x70, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, - 0x20, 0x02, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x76, 0x61, 0x6c, - 0x18, 0x02, 0x20, 0x02, 0x28, 0x09, 0x52, 0x03, 0x76, 0x61, 0x6c, 0x22, 0x56, 0x0a, 0x0e, 0x6a, - 0x6f, 0x69, 0x6e, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x0e, 0x0a, - 0x02, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x02, 0x28, 0x09, 0x52, 0x02, 0x6e, 0x73, 0x12, 0x17, 0x0a, - 0x07, 0x6e, 0x73, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x02, 0x28, 0x09, 0x52, 0x06, - 0x6e, 0x73, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x1b, 0x0a, 0x09, 0x65, 0x78, 0x74, 0x72, 0x61, 0x5f, - 0x6f, 0x70, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x65, 0x78, 0x74, 0x72, 0x61, - 0x4f, 0x70, 0x74, 0x22, 0x2e, 0x0a, 0x0a, 0x69, 0x6e, 0x68, 0x65, 0x72, 0x69, 0x74, 0x5f, 0x66, - 0x64, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x02, 0x28, 0x09, 0x52, 0x03, - 0x6b, 0x65, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x66, 0x64, 0x18, 0x02, 0x20, 0x02, 0x28, 0x05, 0x52, - 0x02, 0x66, 0x64, 0x22, 0x35, 0x0a, 0x0b, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x72, 0x6f, - 0x6f, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x63, 0x74, 0x72, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x04, 0x63, 0x74, 0x72, 0x6c, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x02, - 0x20, 0x02, 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x22, 0x1f, 0x0a, 0x07, 0x75, 0x6e, - 0x69, 0x78, 0x5f, 0x73, 0x6b, 0x12, 0x14, 0x0a, 0x05, 0x69, 0x6e, 0x6f, 0x64, 0x65, 0x18, 0x01, - 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x69, 0x6e, 0x6f, 0x64, 0x65, 0x22, 0x8c, 0x11, 0x0a, 0x09, - 0x63, 0x72, 0x69, 0x75, 0x5f, 0x6f, 0x70, 0x74, 0x73, 0x12, 0x22, 0x0a, 0x0d, 0x69, 0x6d, 0x61, - 0x67, 0x65, 0x73, 0x5f, 0x64, 0x69, 0x72, 0x5f, 0x66, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x05, - 0x52, 0x0b, 0x69, 0x6d, 0x61, 0x67, 0x65, 0x73, 0x44, 0x69, 0x72, 0x46, 0x64, 0x12, 0x10, 0x0a, - 0x03, 0x70, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x70, 0x69, 0x64, 0x12, - 0x23, 0x0a, 0x0d, 0x6c, 0x65, 0x61, 0x76, 0x65, 0x5f, 0x72, 0x75, 0x6e, 0x6e, 0x69, 0x6e, 0x67, - 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0c, 0x6c, 0x65, 0x61, 0x76, 0x65, 0x52, 0x75, 0x6e, - 0x6e, 0x69, 0x6e, 0x67, 0x12, 0x1e, 0x0a, 0x0b, 0x65, 0x78, 0x74, 0x5f, 0x75, 0x6e, 0x69, 0x78, - 0x5f, 0x73, 0x6b, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x65, 0x78, 0x74, 0x55, 0x6e, - 0x69, 0x78, 0x53, 0x6b, 0x12, 0x27, 0x0a, 0x0f, 0x74, 0x63, 0x70, 0x5f, 0x65, 0x73, 0x74, 0x61, - 0x62, 0x6c, 0x69, 0x73, 0x68, 0x65, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0e, 0x74, - 0x63, 0x70, 0x45, 0x73, 0x74, 0x61, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x65, 0x64, 0x12, 0x27, 0x0a, - 0x0f, 0x65, 0x76, 0x61, 0x73, 0x69, 0x76, 0x65, 0x5f, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x73, - 0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0e, 0x65, 0x76, 0x61, 0x73, 0x69, 0x76, 0x65, 0x44, - 0x65, 0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x73, 0x68, 0x65, 0x6c, 0x6c, 0x5f, - 0x6a, 0x6f, 0x62, 0x18, 0x07, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x73, 0x68, 0x65, 0x6c, 0x6c, - 0x4a, 0x6f, 0x62, 0x12, 0x1d, 0x0a, 0x0a, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x6c, 0x6f, 0x63, 0x6b, - 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x66, 0x69, 0x6c, 0x65, 0x4c, 0x6f, 0x63, - 0x6b, 0x73, 0x12, 0x1e, 0x0a, 0x09, 0x6c, 0x6f, 0x67, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x18, - 0x09, 0x20, 0x01, 0x28, 0x05, 0x3a, 0x01, 0x32, 0x52, 0x08, 0x6c, 0x6f, 0x67, 0x4c, 0x65, 0x76, - 0x65, 0x6c, 0x12, 0x19, 0x0a, 0x08, 0x6c, 0x6f, 0x67, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x0a, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x6c, 0x6f, 0x67, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x26, 0x0a, - 0x02, 0x70, 0x73, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x63, 0x72, 0x69, 0x75, - 0x5f, 0x70, 0x61, 0x67, 0x65, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x69, 0x6e, 0x66, - 0x6f, 0x52, 0x02, 0x70, 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x5f, - 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x73, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0d, 0x6e, - 0x6f, 0x74, 0x69, 0x66, 0x79, 0x53, 0x63, 0x72, 0x69, 0x70, 0x74, 0x73, 0x12, 0x12, 0x0a, 0x04, - 0x72, 0x6f, 0x6f, 0x74, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x72, 0x6f, 0x6f, 0x74, - 0x12, 0x1d, 0x0a, 0x0a, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x5f, 0x69, 0x6d, 0x67, 0x18, 0x0e, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x49, 0x6d, 0x67, 0x12, - 0x1b, 0x0a, 0x09, 0x74, 0x72, 0x61, 0x63, 0x6b, 0x5f, 0x6d, 0x65, 0x6d, 0x18, 0x0f, 0x20, 0x01, - 0x28, 0x08, 0x52, 0x08, 0x74, 0x72, 0x61, 0x63, 0x6b, 0x4d, 0x65, 0x6d, 0x12, 0x1d, 0x0a, 0x0a, - 0x61, 0x75, 0x74, 0x6f, 0x5f, 0x64, 0x65, 0x64, 0x75, 0x70, 0x18, 0x10, 0x20, 0x01, 0x28, 0x08, - 0x52, 0x09, 0x61, 0x75, 0x74, 0x6f, 0x44, 0x65, 0x64, 0x75, 0x70, 0x12, 0x1e, 0x0a, 0x0b, 0x77, - 0x6f, 0x72, 0x6b, 0x5f, 0x64, 0x69, 0x72, 0x5f, 0x66, 0x64, 0x18, 0x11, 0x20, 0x01, 0x28, 0x05, - 0x52, 0x09, 0x77, 0x6f, 0x72, 0x6b, 0x44, 0x69, 0x72, 0x46, 0x64, 0x12, 0x1d, 0x0a, 0x0a, 0x6c, - 0x69, 0x6e, 0x6b, 0x5f, 0x72, 0x65, 0x6d, 0x61, 0x70, 0x18, 0x12, 0x20, 0x01, 0x28, 0x08, 0x52, - 0x09, 0x6c, 0x69, 0x6e, 0x6b, 0x52, 0x65, 0x6d, 0x61, 0x70, 0x12, 0x25, 0x0a, 0x05, 0x76, 0x65, - 0x74, 0x68, 0x73, 0x18, 0x13, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x63, 0x72, 0x69, 0x75, - 0x5f, 0x76, 0x65, 0x74, 0x68, 0x5f, 0x70, 0x61, 0x69, 0x72, 0x52, 0x05, 0x76, 0x65, 0x74, 0x68, - 0x73, 0x12, 0x23, 0x0a, 0x07, 0x63, 0x70, 0x75, 0x5f, 0x63, 0x61, 0x70, 0x18, 0x14, 0x20, 0x01, - 0x28, 0x0d, 0x3a, 0x0a, 0x34, 0x32, 0x39, 0x34, 0x39, 0x36, 0x37, 0x32, 0x39, 0x35, 0x52, 0x06, - 0x63, 0x70, 0x75, 0x43, 0x61, 0x70, 0x12, 0x1f, 0x0a, 0x0b, 0x66, 0x6f, 0x72, 0x63, 0x65, 0x5f, - 0x69, 0x72, 0x6d, 0x61, 0x70, 0x18, 0x15, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x66, 0x6f, 0x72, - 0x63, 0x65, 0x49, 0x72, 0x6d, 0x61, 0x70, 0x12, 0x19, 0x0a, 0x08, 0x65, 0x78, 0x65, 0x63, 0x5f, - 0x63, 0x6d, 0x64, 0x18, 0x16, 0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x65, 0x78, 0x65, 0x63, 0x43, - 0x6d, 0x64, 0x12, 0x27, 0x0a, 0x07, 0x65, 0x78, 0x74, 0x5f, 0x6d, 0x6e, 0x74, 0x18, 0x17, 0x20, - 0x03, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x65, 0x78, 0x74, 0x5f, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x5f, - 0x6d, 0x61, 0x70, 0x52, 0x06, 0x65, 0x78, 0x74, 0x4d, 0x6e, 0x74, 0x12, 0x25, 0x0a, 0x0e, 0x6d, - 0x61, 0x6e, 0x61, 0x67, 0x65, 0x5f, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x18, 0x18, 0x20, - 0x01, 0x28, 0x08, 0x52, 0x0d, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x43, 0x67, 0x72, 0x6f, 0x75, - 0x70, 0x73, 0x12, 0x25, 0x0a, 0x07, 0x63, 0x67, 0x5f, 0x72, 0x6f, 0x6f, 0x74, 0x18, 0x19, 0x20, - 0x03, 0x28, 0x0b, 0x32, 0x0c, 0x2e, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x72, 0x6f, 0x6f, - 0x74, 0x52, 0x06, 0x63, 0x67, 0x52, 0x6f, 0x6f, 0x74, 0x12, 0x1f, 0x0a, 0x0b, 0x72, 0x73, 0x74, - 0x5f, 0x73, 0x69, 0x62, 0x6c, 0x69, 0x6e, 0x67, 0x18, 0x1a, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, - 0x72, 0x73, 0x74, 0x53, 0x69, 0x62, 0x6c, 0x69, 0x6e, 0x67, 0x12, 0x2a, 0x0a, 0x0a, 0x69, 0x6e, - 0x68, 0x65, 0x72, 0x69, 0x74, 0x5f, 0x66, 0x64, 0x18, 0x1b, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0b, - 0x2e, 0x69, 0x6e, 0x68, 0x65, 0x72, 0x69, 0x74, 0x5f, 0x66, 0x64, 0x52, 0x09, 0x69, 0x6e, 0x68, - 0x65, 0x72, 0x69, 0x74, 0x46, 0x64, 0x12, 0x20, 0x0a, 0x0c, 0x61, 0x75, 0x74, 0x6f, 0x5f, 0x65, - 0x78, 0x74, 0x5f, 0x6d, 0x6e, 0x74, 0x18, 0x1c, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x61, 0x75, - 0x74, 0x6f, 0x45, 0x78, 0x74, 0x4d, 0x6e, 0x74, 0x12, 0x1f, 0x0a, 0x0b, 0x65, 0x78, 0x74, 0x5f, - 0x73, 0x68, 0x61, 0x72, 0x69, 0x6e, 0x67, 0x18, 0x1d, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x65, - 0x78, 0x74, 0x53, 0x68, 0x61, 0x72, 0x69, 0x6e, 0x67, 0x12, 0x1f, 0x0a, 0x0b, 0x65, 0x78, 0x74, - 0x5f, 0x6d, 0x61, 0x73, 0x74, 0x65, 0x72, 0x73, 0x18, 0x1e, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, - 0x65, 0x78, 0x74, 0x4d, 0x61, 0x73, 0x74, 0x65, 0x72, 0x73, 0x12, 0x19, 0x0a, 0x08, 0x73, 0x6b, - 0x69, 0x70, 0x5f, 0x6d, 0x6e, 0x74, 0x18, 0x1f, 0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x73, 0x6b, - 0x69, 0x70, 0x4d, 0x6e, 0x74, 0x12, 0x1b, 0x0a, 0x09, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x5f, - 0x66, 0x73, 0x18, 0x20, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, - 0x46, 0x73, 0x12, 0x28, 0x0a, 0x0b, 0x75, 0x6e, 0x69, 0x78, 0x5f, 0x73, 0x6b, 0x5f, 0x69, 0x6e, - 0x6f, 0x18, 0x21, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x08, 0x2e, 0x75, 0x6e, 0x69, 0x78, 0x5f, 0x73, - 0x6b, 0x52, 0x09, 0x75, 0x6e, 0x69, 0x78, 0x53, 0x6b, 0x49, 0x6e, 0x6f, 0x12, 0x3d, 0x0a, 0x13, - 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x5f, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x5f, 0x6d, - 0x6f, 0x64, 0x65, 0x18, 0x22, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x0d, 0x2e, 0x63, 0x72, 0x69, 0x75, - 0x5f, 0x63, 0x67, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x52, 0x11, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, - 0x43, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x28, 0x0a, 0x0b, 0x67, - 0x68, 0x6f, 0x73, 0x74, 0x5f, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x18, 0x23, 0x20, 0x01, 0x28, 0x0d, - 0x3a, 0x07, 0x31, 0x30, 0x34, 0x38, 0x35, 0x37, 0x36, 0x52, 0x0a, 0x67, 0x68, 0x6f, 0x73, 0x74, - 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x12, 0x28, 0x0a, 0x10, 0x69, 0x72, 0x6d, 0x61, 0x70, 0x5f, 0x73, - 0x63, 0x61, 0x6e, 0x5f, 0x70, 0x61, 0x74, 0x68, 0x73, 0x18, 0x24, 0x20, 0x03, 0x28, 0x09, 0x52, - 0x0e, 0x69, 0x72, 0x6d, 0x61, 0x70, 0x53, 0x63, 0x61, 0x6e, 0x50, 0x61, 0x74, 0x68, 0x73, 0x12, - 0x1a, 0x0a, 0x08, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x18, 0x25, 0x20, 0x03, 0x28, - 0x09, 0x52, 0x08, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x12, 0x19, 0x0a, 0x08, 0x65, - 0x6d, 0x70, 0x74, 0x79, 0x5f, 0x6e, 0x73, 0x18, 0x26, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x07, 0x65, - 0x6d, 0x70, 0x74, 0x79, 0x4e, 0x73, 0x12, 0x28, 0x0a, 0x07, 0x6a, 0x6f, 0x69, 0x6e, 0x5f, 0x6e, - 0x73, 0x18, 0x27, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x6a, 0x6f, 0x69, 0x6e, 0x5f, 0x6e, - 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x52, 0x06, 0x6a, 0x6f, 0x69, 0x6e, 0x4e, 0x73, - 0x12, 0x21, 0x0a, 0x0c, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x70, 0x72, 0x6f, 0x70, 0x73, - 0x18, 0x29, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x50, 0x72, - 0x6f, 0x70, 0x73, 0x12, 0x2a, 0x0a, 0x11, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x70, 0x72, - 0x6f, 0x70, 0x73, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x2a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, - 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x50, 0x72, 0x6f, 0x70, 0x73, 0x46, 0x69, 0x6c, 0x65, 0x12, - 0x34, 0x0a, 0x16, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x64, 0x75, 0x6d, 0x70, 0x5f, 0x63, - 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x18, 0x2b, 0x20, 0x03, 0x28, 0x09, 0x52, - 0x14, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x44, 0x75, 0x6d, 0x70, 0x43, 0x6f, 0x6e, 0x74, 0x72, - 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x12, 0x23, 0x0a, 0x0d, 0x66, 0x72, 0x65, 0x65, 0x7a, 0x65, 0x5f, - 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x18, 0x2c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x66, 0x72, - 0x65, 0x65, 0x7a, 0x65, 0x43, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x18, 0x0a, 0x07, 0x74, 0x69, - 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x2d, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x07, 0x74, 0x69, 0x6d, - 0x65, 0x6f, 0x75, 0x74, 0x12, 0x2b, 0x0a, 0x12, 0x74, 0x63, 0x70, 0x5f, 0x73, 0x6b, 0x69, 0x70, - 0x5f, 0x69, 0x6e, 0x5f, 0x66, 0x6c, 0x69, 0x67, 0x68, 0x74, 0x18, 0x2e, 0x20, 0x01, 0x28, 0x08, - 0x52, 0x0f, 0x74, 0x63, 0x70, 0x53, 0x6b, 0x69, 0x70, 0x49, 0x6e, 0x46, 0x6c, 0x69, 0x67, 0x68, - 0x74, 0x12, 0x21, 0x0a, 0x0c, 0x77, 0x65, 0x61, 0x6b, 0x5f, 0x73, 0x79, 0x73, 0x63, 0x74, 0x6c, - 0x73, 0x18, 0x2f, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0b, 0x77, 0x65, 0x61, 0x6b, 0x53, 0x79, 0x73, - 0x63, 0x74, 0x6c, 0x73, 0x12, 0x1d, 0x0a, 0x0a, 0x6c, 0x61, 0x7a, 0x79, 0x5f, 0x70, 0x61, 0x67, - 0x65, 0x73, 0x18, 0x30, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x6c, 0x61, 0x7a, 0x79, 0x50, 0x61, - 0x67, 0x65, 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x5f, 0x66, 0x64, - 0x18, 0x31, 0x20, 0x01, 0x28, 0x05, 0x52, 0x08, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x46, 0x64, - 0x12, 0x2a, 0x0a, 0x11, 0x6f, 0x72, 0x70, 0x68, 0x61, 0x6e, 0x5f, 0x70, 0x74, 0x73, 0x5f, 0x6d, - 0x61, 0x73, 0x74, 0x65, 0x72, 0x18, 0x32, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0f, 0x6f, 0x72, 0x70, - 0x68, 0x61, 0x6e, 0x50, 0x74, 0x73, 0x4d, 0x61, 0x73, 0x74, 0x65, 0x72, 0x12, 0x1f, 0x0a, 0x0b, - 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x33, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x0a, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x1b, 0x0a, - 0x09, 0x74, 0x63, 0x70, 0x5f, 0x63, 0x6c, 0x6f, 0x73, 0x65, 0x18, 0x34, 0x20, 0x01, 0x28, 0x08, - 0x52, 0x08, 0x74, 0x63, 0x70, 0x43, 0x6c, 0x6f, 0x73, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x6c, 0x73, - 0x6d, 0x5f, 0x70, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x35, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x0a, 0x6c, 0x73, 0x6d, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x74, - 0x6c, 0x73, 0x5f, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x18, 0x36, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x09, 0x74, 0x6c, 0x73, 0x43, 0x61, 0x63, 0x65, 0x72, 0x74, 0x12, 0x1b, 0x0a, 0x09, 0x74, 0x6c, - 0x73, 0x5f, 0x63, 0x61, 0x63, 0x72, 0x6c, 0x18, 0x37, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x74, - 0x6c, 0x73, 0x43, 0x61, 0x63, 0x72, 0x6c, 0x12, 0x19, 0x0a, 0x08, 0x74, 0x6c, 0x73, 0x5f, 0x63, - 0x65, 0x72, 0x74, 0x18, 0x38, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x74, 0x6c, 0x73, 0x43, 0x65, - 0x72, 0x74, 0x12, 0x17, 0x0a, 0x07, 0x74, 0x6c, 0x73, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x39, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x06, 0x74, 0x6c, 0x73, 0x4b, 0x65, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x74, - 0x6c, 0x73, 0x18, 0x3a, 0x20, 0x01, 0x28, 0x08, 0x52, 0x03, 0x74, 0x6c, 0x73, 0x12, 0x27, 0x0a, - 0x10, 0x74, 0x6c, 0x73, 0x5f, 0x6e, 0x6f, 0x5f, 0x63, 0x6e, 0x5f, 0x76, 0x65, 0x72, 0x69, 0x66, - 0x79, 0x18, 0x3b, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0d, 0x74, 0x6c, 0x73, 0x4e, 0x6f, 0x43, 0x6e, - 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x12, 0x1f, 0x0a, 0x0b, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, - 0x5f, 0x79, 0x61, 0x72, 0x64, 0x18, 0x3c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x63, 0x67, 0x72, - 0x6f, 0x75, 0x70, 0x59, 0x61, 0x72, 0x64, 0x12, 0x3f, 0x0a, 0x0d, 0x70, 0x72, 0x65, 0x5f, 0x64, - 0x75, 0x6d, 0x70, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x3d, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x13, - 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x70, 0x72, 0x65, 0x5f, 0x64, 0x75, 0x6d, 0x70, 0x5f, 0x6d, - 0x6f, 0x64, 0x65, 0x3a, 0x06, 0x53, 0x50, 0x4c, 0x49, 0x43, 0x45, 0x52, 0x0b, 0x70, 0x72, 0x65, - 0x44, 0x75, 0x6d, 0x70, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x24, 0x0a, 0x0e, 0x70, 0x69, 0x64, 0x66, - 0x64, 0x5f, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x5f, 0x73, 0x6b, 0x18, 0x3e, 0x20, 0x01, 0x28, 0x05, - 0x52, 0x0c, 0x70, 0x69, 0x64, 0x66, 0x64, 0x53, 0x74, 0x6f, 0x72, 0x65, 0x53, 0x6b, 0x12, 0x2a, - 0x0a, 0x11, 0x6c, 0x73, 0x6d, 0x5f, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x63, 0x6f, 0x6e, 0x74, - 0x65, 0x78, 0x74, 0x18, 0x3f, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x6c, 0x73, 0x6d, 0x4d, 0x6f, - 0x75, 0x6e, 0x74, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x22, 0x2c, 0x0a, 0x0e, 0x63, 0x72, - 0x69, 0x75, 0x5f, 0x64, 0x75, 0x6d, 0x70, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x12, 0x1a, 0x0a, 0x08, - 0x72, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, - 0x72, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x64, 0x22, 0x25, 0x0a, 0x11, 0x63, 0x72, 0x69, 0x75, - 0x5f, 0x72, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x12, 0x10, 0x0a, - 0x03, 0x70, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x05, 0x52, 0x03, 0x70, 0x69, 0x64, 0x22, - 0x37, 0x0a, 0x0b, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x12, 0x16, - 0x0a, 0x06, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, - 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x70, 0x69, 0x64, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x05, 0x52, 0x03, 0x70, 0x69, 0x64, 0x22, 0x6c, 0x0a, 0x0d, 0x63, 0x72, 0x69, 0x75, - 0x5f, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x6d, 0x65, 0x6d, - 0x5f, 0x74, 0x72, 0x61, 0x63, 0x6b, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x6d, 0x65, - 0x6d, 0x54, 0x72, 0x61, 0x63, 0x6b, 0x12, 0x1d, 0x0a, 0x0a, 0x6c, 0x61, 0x7a, 0x79, 0x5f, 0x70, - 0x61, 0x67, 0x65, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x6c, 0x61, 0x7a, 0x79, - 0x50, 0x61, 0x67, 0x65, 0x73, 0x12, 0x1f, 0x0a, 0x0b, 0x70, 0x69, 0x64, 0x66, 0x64, 0x5f, 0x73, - 0x74, 0x6f, 0x72, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x70, 0x69, 0x64, 0x66, - 0x64, 0x53, 0x74, 0x6f, 0x72, 0x65, 0x22, 0xd0, 0x01, 0x0a, 0x08, 0x63, 0x72, 0x69, 0x75, 0x5f, - 0x72, 0x65, 0x71, 0x12, 0x22, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, - 0x0e, 0x32, 0x0e, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x72, 0x65, 0x71, 0x5f, 0x74, 0x79, 0x70, - 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x1e, 0x0a, 0x04, 0x6f, 0x70, 0x74, 0x73, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0a, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x6f, 0x70, 0x74, - 0x73, 0x52, 0x04, 0x6f, 0x70, 0x74, 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x6e, 0x6f, 0x74, 0x69, 0x66, - 0x79, 0x5f, 0x73, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, - 0x0d, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x1b, - 0x0a, 0x09, 0x6b, 0x65, 0x65, 0x70, 0x5f, 0x6f, 0x70, 0x65, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, - 0x08, 0x52, 0x08, 0x6b, 0x65, 0x65, 0x70, 0x4f, 0x70, 0x65, 0x6e, 0x12, 0x2a, 0x0a, 0x08, 0x66, - 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0e, 0x2e, - 0x63, 0x72, 0x69, 0x75, 0x5f, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x52, 0x08, 0x66, - 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x12, 0x10, 0x0a, 0x03, 0x70, 0x69, 0x64, 0x18, 0x06, - 0x20, 0x01, 0x28, 0x0d, 0x52, 0x03, 0x70, 0x69, 0x64, 0x22, 0x8f, 0x03, 0x0a, 0x09, 0x63, 0x72, - 0x69, 0x75, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x12, 0x22, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, - 0x01, 0x20, 0x02, 0x28, 0x0e, 0x32, 0x0e, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x72, 0x65, 0x71, - 0x5f, 0x74, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x73, - 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x08, 0x52, 0x07, 0x73, 0x75, - 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x23, 0x0a, 0x04, 0x64, 0x75, 0x6d, 0x70, 0x18, 0x03, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x64, 0x75, 0x6d, 0x70, 0x5f, - 0x72, 0x65, 0x73, 0x70, 0x52, 0x04, 0x64, 0x75, 0x6d, 0x70, 0x12, 0x2c, 0x0a, 0x07, 0x72, 0x65, - 0x73, 0x74, 0x6f, 0x72, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x63, 0x72, - 0x69, 0x75, 0x5f, 0x72, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x52, - 0x07, 0x72, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x12, 0x24, 0x0a, 0x06, 0x6e, 0x6f, 0x74, 0x69, - 0x66, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0c, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, - 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x52, 0x06, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x12, 0x26, - 0x0a, 0x02, 0x70, 0x73, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x63, 0x72, 0x69, - 0x75, 0x5f, 0x70, 0x61, 0x67, 0x65, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x69, 0x6e, - 0x66, 0x6f, 0x52, 0x02, 0x70, 0x73, 0x12, 0x19, 0x0a, 0x08, 0x63, 0x72, 0x5f, 0x65, 0x72, 0x72, - 0x6e, 0x6f, 0x18, 0x07, 0x20, 0x01, 0x28, 0x05, 0x52, 0x07, 0x63, 0x72, 0x45, 0x72, 0x72, 0x6e, - 0x6f, 0x12, 0x2a, 0x0a, 0x08, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x18, 0x08, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x66, 0x65, 0x61, 0x74, 0x75, - 0x72, 0x65, 0x73, 0x52, 0x08, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x12, 0x1b, 0x0a, - 0x09, 0x63, 0x72, 0x5f, 0x65, 0x72, 0x72, 0x6d, 0x73, 0x67, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x08, 0x63, 0x72, 0x45, 0x72, 0x72, 0x6d, 0x73, 0x67, 0x12, 0x27, 0x0a, 0x07, 0x76, 0x65, - 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0d, 0x2e, 0x63, 0x72, - 0x69, 0x75, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x07, 0x76, 0x65, 0x72, 0x73, - 0x69, 0x6f, 0x6e, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x0b, 0x20, - 0x01, 0x28, 0x05, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x22, 0xb0, 0x01, 0x0a, 0x0c, - 0x63, 0x72, 0x69, 0x75, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x21, 0x0a, 0x0c, - 0x6d, 0x61, 0x6a, 0x6f, 0x72, 0x5f, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x01, 0x20, 0x02, - 0x28, 0x05, 0x52, 0x0b, 0x6d, 0x61, 0x6a, 0x6f, 0x72, 0x4e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, - 0x21, 0x0a, 0x0c, 0x6d, 0x69, 0x6e, 0x6f, 0x72, 0x5f, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, - 0x02, 0x20, 0x02, 0x28, 0x05, 0x52, 0x0b, 0x6d, 0x69, 0x6e, 0x6f, 0x72, 0x4e, 0x75, 0x6d, 0x62, - 0x65, 0x72, 0x12, 0x14, 0x0a, 0x05, 0x67, 0x69, 0x74, 0x69, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x05, 0x67, 0x69, 0x74, 0x69, 0x64, 0x12, 0x1a, 0x0a, 0x08, 0x73, 0x75, 0x62, 0x6c, - 0x65, 0x76, 0x65, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x05, 0x52, 0x08, 0x73, 0x75, 0x62, 0x6c, - 0x65, 0x76, 0x65, 0x6c, 0x12, 0x14, 0x0a, 0x05, 0x65, 0x78, 0x74, 0x72, 0x61, 0x18, 0x05, 0x20, - 0x01, 0x28, 0x05, 0x52, 0x05, 0x65, 0x78, 0x74, 0x72, 0x61, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, - 0x6d, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x2a, 0x5f, - 0x0a, 0x0c, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x63, 0x67, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x0a, - 0x0a, 0x06, 0x49, 0x47, 0x4e, 0x4f, 0x52, 0x45, 0x10, 0x00, 0x12, 0x0b, 0x0a, 0x07, 0x43, 0x47, - 0x5f, 0x4e, 0x4f, 0x4e, 0x45, 0x10, 0x01, 0x12, 0x09, 0x0a, 0x05, 0x50, 0x52, 0x4f, 0x50, 0x53, - 0x10, 0x02, 0x12, 0x08, 0x0a, 0x04, 0x53, 0x4f, 0x46, 0x54, 0x10, 0x03, 0x12, 0x08, 0x0a, 0x04, - 0x46, 0x55, 0x4c, 0x4c, 0x10, 0x04, 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x54, 0x52, 0x49, 0x43, 0x54, - 0x10, 0x05, 0x12, 0x0b, 0x0a, 0x07, 0x44, 0x45, 0x46, 0x41, 0x55, 0x4c, 0x54, 0x10, 0x06, 0x2a, - 0x2d, 0x0a, 0x12, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x70, 0x72, 0x65, 0x5f, 0x64, 0x75, 0x6d, 0x70, - 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x50, 0x4c, 0x49, 0x43, 0x45, 0x10, - 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x56, 0x4d, 0x5f, 0x52, 0x45, 0x41, 0x44, 0x10, 0x02, 0x2a, 0xd0, - 0x01, 0x0a, 0x0d, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x72, 0x65, 0x71, 0x5f, 0x74, 0x79, 0x70, 0x65, - 0x12, 0x09, 0x0a, 0x05, 0x45, 0x4d, 0x50, 0x54, 0x59, 0x10, 0x00, 0x12, 0x08, 0x0a, 0x04, 0x44, - 0x55, 0x4d, 0x50, 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x52, 0x45, 0x53, 0x54, 0x4f, 0x52, 0x45, - 0x10, 0x02, 0x12, 0x09, 0x0a, 0x05, 0x43, 0x48, 0x45, 0x43, 0x4b, 0x10, 0x03, 0x12, 0x0c, 0x0a, - 0x08, 0x50, 0x52, 0x45, 0x5f, 0x44, 0x55, 0x4d, 0x50, 0x10, 0x04, 0x12, 0x0f, 0x0a, 0x0b, 0x50, - 0x41, 0x47, 0x45, 0x5f, 0x53, 0x45, 0x52, 0x56, 0x45, 0x52, 0x10, 0x05, 0x12, 0x0a, 0x0a, 0x06, - 0x4e, 0x4f, 0x54, 0x49, 0x46, 0x59, 0x10, 0x06, 0x12, 0x10, 0x0a, 0x0c, 0x43, 0x50, 0x55, 0x49, - 0x4e, 0x46, 0x4f, 0x5f, 0x44, 0x55, 0x4d, 0x50, 0x10, 0x07, 0x12, 0x11, 0x0a, 0x0d, 0x43, 0x50, - 0x55, 0x49, 0x4e, 0x46, 0x4f, 0x5f, 0x43, 0x48, 0x45, 0x43, 0x4b, 0x10, 0x08, 0x12, 0x11, 0x0a, - 0x0d, 0x46, 0x45, 0x41, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x43, 0x48, 0x45, 0x43, 0x4b, 0x10, 0x09, - 0x12, 0x0b, 0x0a, 0x07, 0x56, 0x45, 0x52, 0x53, 0x49, 0x4f, 0x4e, 0x10, 0x0a, 0x12, 0x0c, 0x0a, - 0x08, 0x57, 0x41, 0x49, 0x54, 0x5f, 0x50, 0x49, 0x44, 0x10, 0x0b, 0x12, 0x14, 0x0a, 0x10, 0x50, - 0x41, 0x47, 0x45, 0x5f, 0x53, 0x45, 0x52, 0x56, 0x45, 0x52, 0x5f, 0x43, 0x48, 0x4c, 0x44, 0x10, - 0x0c, -} - -var ( - file_rpc_rpc_proto_rawDescOnce sync.Once - file_rpc_rpc_proto_rawDescData = file_rpc_rpc_proto_rawDesc -) - -func file_rpc_rpc_proto_rawDescGZIP() []byte { - file_rpc_rpc_proto_rawDescOnce.Do(func() { - file_rpc_rpc_proto_rawDescData = protoimpl.X.CompressGZIP(file_rpc_rpc_proto_rawDescData) - }) - return file_rpc_rpc_proto_rawDescData -} - -var file_rpc_rpc_proto_enumTypes = make([]protoimpl.EnumInfo, 3) -var file_rpc_rpc_proto_msgTypes = make([]protoimpl.MessageInfo, 15) -var file_rpc_rpc_proto_goTypes = []interface{}{ - (CriuCgMode)(0), // 0: criu_cg_mode - (CriuPreDumpMode)(0), // 1: criu_pre_dump_mode - (CriuReqType)(0), // 2: criu_req_type - (*CriuPageServerInfo)(nil), // 3: criu_page_server_info - (*CriuVethPair)(nil), // 4: criu_veth_pair - (*ExtMountMap)(nil), // 5: ext_mount_map - (*JoinNamespace)(nil), // 6: join_namespace - (*InheritFd)(nil), // 7: inherit_fd - (*CgroupRoot)(nil), // 8: cgroup_root - (*UnixSk)(nil), // 9: unix_sk - (*CriuOpts)(nil), // 10: criu_opts - (*CriuDumpResp)(nil), // 11: criu_dump_resp - (*CriuRestoreResp)(nil), // 12: criu_restore_resp - (*CriuNotify)(nil), // 13: criu_notify - (*CriuFeatures)(nil), // 14: criu_features - (*CriuReq)(nil), // 15: criu_req - (*CriuResp)(nil), // 16: criu_resp - (*CriuVersion)(nil), // 17: criu_version -} -var file_rpc_rpc_proto_depIdxs = []int32{ - 3, // 0: criu_opts.ps:type_name -> criu_page_server_info - 4, // 1: criu_opts.veths:type_name -> criu_veth_pair - 5, // 2: criu_opts.ext_mnt:type_name -> ext_mount_map - 8, // 3: criu_opts.cg_root:type_name -> cgroup_root - 7, // 4: criu_opts.inherit_fd:type_name -> inherit_fd - 9, // 5: criu_opts.unix_sk_ino:type_name -> unix_sk - 0, // 6: criu_opts.manage_cgroups_mode:type_name -> criu_cg_mode - 6, // 7: criu_opts.join_ns:type_name -> join_namespace - 1, // 8: criu_opts.pre_dump_mode:type_name -> criu_pre_dump_mode - 2, // 9: criu_req.type:type_name -> criu_req_type - 10, // 10: criu_req.opts:type_name -> criu_opts - 14, // 11: criu_req.features:type_name -> criu_features - 2, // 12: criu_resp.type:type_name -> criu_req_type - 11, // 13: criu_resp.dump:type_name -> criu_dump_resp - 12, // 14: criu_resp.restore:type_name -> criu_restore_resp - 13, // 15: criu_resp.notify:type_name -> criu_notify - 3, // 16: criu_resp.ps:type_name -> criu_page_server_info - 14, // 17: criu_resp.features:type_name -> criu_features - 17, // 18: criu_resp.version:type_name -> criu_version - 19, // [19:19] is the sub-list for method output_type - 19, // [19:19] is the sub-list for method input_type - 19, // [19:19] is the sub-list for extension type_name - 19, // [19:19] is the sub-list for extension extendee - 0, // [0:19] is the sub-list for field type_name -} - -func init() { file_rpc_rpc_proto_init() } -func file_rpc_rpc_proto_init() { - if File_rpc_rpc_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_rpc_rpc_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*CriuPageServerInfo); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_rpc_rpc_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*CriuVethPair); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_rpc_rpc_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ExtMountMap); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_rpc_rpc_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*JoinNamespace); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_rpc_rpc_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*InheritFd); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_rpc_rpc_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*CgroupRoot); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_rpc_rpc_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*UnixSk); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_rpc_rpc_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*CriuOpts); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_rpc_rpc_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*CriuDumpResp); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_rpc_rpc_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*CriuRestoreResp); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_rpc_rpc_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*CriuNotify); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_rpc_rpc_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*CriuFeatures); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_rpc_rpc_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*CriuReq); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_rpc_rpc_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*CriuResp); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_rpc_rpc_proto_msgTypes[14].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*CriuVersion); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_rpc_rpc_proto_rawDesc, - NumEnums: 3, - NumMessages: 15, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_rpc_rpc_proto_goTypes, - DependencyIndexes: file_rpc_rpc_proto_depIdxs, - EnumInfos: file_rpc_rpc_proto_enumTypes, - MessageInfos: file_rpc_rpc_proto_msgTypes, - }.Build() - File_rpc_rpc_proto = out.File - file_rpc_rpc_proto_rawDesc = nil - file_rpc_rpc_proto_goTypes = nil - file_rpc_rpc_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/.gitignore b/vendor/github.com/checkpoint-restore/go-criu/v6/.gitignore new file mode 100644 index 00000000000..5518060133d --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/.gitignore @@ -0,0 +1,13 @@ +test/test +test/test.coverage +test/piggie/piggie +test/phaul/phaul +test/phaul/phaul.coverage +test/loop/loop +test/crit/crit-test +test/crit/test-imgs +image +scripts/*.h +scripts/expected.go +scripts/output.go +crit/bin diff --git a/vendor/github.com/checkpoint-restore/go-criu/v5/.golangci.yml b/vendor/github.com/checkpoint-restore/go-criu/v6/.golangci.yml similarity index 51% rename from vendor/github.com/checkpoint-restore/go-criu/v5/.golangci.yml rename to vendor/github.com/checkpoint-restore/go-criu/v6/.golangci.yml index fbbac4b4173..c4515109b1f 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v5/.golangci.yml +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/.golangci.yml @@ -1,12 +1,10 @@ -run: - skip_dirs: - - rpc - - stats - linters: - disable-all: false presets: - bugs - performance - unused - format + +linters-settings: + exhaustive: + default-signifies-exhaustive: true diff --git a/vendor/github.com/checkpoint-restore/go-criu/v5/LICENSE b/vendor/github.com/checkpoint-restore/go-criu/v6/LICENSE similarity index 100% rename from vendor/github.com/checkpoint-restore/go-criu/v5/LICENSE rename to vendor/github.com/checkpoint-restore/go-criu/v6/LICENSE diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/Makefile b/vendor/github.com/checkpoint-restore/go-criu/v6/Makefile new file mode 100644 index 00000000000..ae3560aae6c --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/Makefile @@ -0,0 +1,29 @@ +SHELL = /bin/bash +GO ?= go +CC ?= gcc + +all: build + +lint: + golangci-lint run ./... + +build: + $(GO) build -v ./... + # Build crit binary + $(MAKE) -C crit bin/crit + +test: build + $(MAKE) -C test + +coverage: + $(MAKE) -C test coverage + +codecov: + $(MAKE) -C test codecov + +vendor: + GO111MODULE=on $(GO) mod tidy + GO111MODULE=on $(GO) mod vendor + GO111MODULE=on $(GO) mod verify + +.PHONY: build test lint vendor coverage codecov diff --git a/vendor/github.com/checkpoint-restore/go-criu/v5/README.md b/vendor/github.com/checkpoint-restore/go-criu/v6/README.md similarity index 82% rename from vendor/github.com/checkpoint-restore/go-criu/v5/README.md rename to vendor/github.com/checkpoint-restore/go-criu/v6/README.md index a7483321b5c..81b8ba03ed6 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v5/README.md +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/README.md @@ -4,19 +4,20 @@ ## go-criu -- Go bindings for CRIU -This repository provides Go bindings for [CRIU](https://criu.org/). The code is based on the Go-based PHaul -implementation from the CRIU repository. For easier inclusion into other Go projects the -CRIU Go bindings have been moved to this repository. +This repository provides Go bindings for [CRIU](https://criu.org/). +The code is based on the Go-based PHaul implementation from the CRIU repository. +For easier inclusion into other Go projects, the CRIU Go bindings have been moved to this repository. -The Go bindings provide an easy way to use the CRIU RPC calls from Go without the need -to set up all the infrastructure to make the actual RPC connection to CRIU. +### CRIU +The Go bindings provide an easy way to use the CRIU RPC calls from Go without +the need to set up all the infrastructure to make the actual RPC connection to CRIU. The following example would print the version of CRIU: ```go import ( "log" - "github.com/checkpoint-restore/go-criu/v5" + "github.com/checkpoint-restore/go-criu/v6" ) func main() { @@ -36,6 +37,13 @@ or to just check if at least a certain CRIU version is installed: result, err := c.IsCriuAtLeast(31100) ``` +### CRIT + +The `crit` package provides bindings to decode, encode, and manipulate +CRIU image files natively within Go. It also provides a CLI tool similar +to the original CRIT Python tool. To get started with this, see the docs +at https://criu.org/CRIT_(Go_library). + ## Releases The first go-criu release was 3.11 based on CRIU 3.11. The initial plan @@ -50,7 +58,8 @@ The following table shows the relation between go-criu and criu versions: | Major version | Latest release | CRIU version | | -------------- | -------------- | ------------ | -| v5             | 5.2.0         | 3.16         | +| v6             | 6.0.0         | 3.17         | +| v5             | 5.3.0         | 3.16         | | v5             | 5.0.0         | 3.15         | | v4             | 4.1.0         | 3.14         | @@ -86,7 +95,7 @@ by adding a "Signed-off-by" line containing the contributor's name and e-mail to every commit message. Your signature certifies that you wrote the patch or otherwise have the right to pass it on as an open-source patch. -### License and copyright +## License and copyright Unless mentioned otherwise in a specific file's header, all code in this project is released under the Apache 2.0 license. diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/apparmor.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/apparmor.pb.go new file mode 100644 index 00000000000..ebdbef658ca --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/apparmor.pb.go @@ -0,0 +1,301 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: apparmor.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type AaPolicy struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Name *string `protobuf:"bytes,1,req,name=name" json:"name,omitempty"` + Blob []byte `protobuf:"bytes,2,req,name=blob" json:"blob,omitempty"` +} + +func (x *AaPolicy) Reset() { + *x = AaPolicy{} + if protoimpl.UnsafeEnabled { + mi := &file_apparmor_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *AaPolicy) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*AaPolicy) ProtoMessage() {} + +func (x *AaPolicy) ProtoReflect() protoreflect.Message { + mi := &file_apparmor_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use AaPolicy.ProtoReflect.Descriptor instead. +func (*AaPolicy) Descriptor() ([]byte, []int) { + return file_apparmor_proto_rawDescGZIP(), []int{0} +} + +func (x *AaPolicy) GetName() string { + if x != nil && x.Name != nil { + return *x.Name + } + return "" +} + +func (x *AaPolicy) GetBlob() []byte { + if x != nil { + return x.Blob + } + return nil +} + +type AaNamespace struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Name *string `protobuf:"bytes,1,req,name=name" json:"name,omitempty"` + Policies []*AaPolicy `protobuf:"bytes,2,rep,name=policies" json:"policies,omitempty"` + Namespaces []*AaNamespace `protobuf:"bytes,3,rep,name=namespaces" json:"namespaces,omitempty"` +} + +func (x *AaNamespace) Reset() { + *x = AaNamespace{} + if protoimpl.UnsafeEnabled { + mi := &file_apparmor_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *AaNamespace) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*AaNamespace) ProtoMessage() {} + +func (x *AaNamespace) ProtoReflect() protoreflect.Message { + mi := &file_apparmor_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use AaNamespace.ProtoReflect.Descriptor instead. +func (*AaNamespace) Descriptor() ([]byte, []int) { + return file_apparmor_proto_rawDescGZIP(), []int{1} +} + +func (x *AaNamespace) GetName() string { + if x != nil && x.Name != nil { + return *x.Name + } + return "" +} + +func (x *AaNamespace) GetPolicies() []*AaPolicy { + if x != nil { + return x.Policies + } + return nil +} + +func (x *AaNamespace) GetNamespaces() []*AaNamespace { + if x != nil { + return x.Namespaces + } + return nil +} + +type ApparmorEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Namespaces []*AaNamespace `protobuf:"bytes,1,rep,name=namespaces" json:"namespaces,omitempty"` +} + +func (x *ApparmorEntry) Reset() { + *x = ApparmorEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_apparmor_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ApparmorEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ApparmorEntry) ProtoMessage() {} + +func (x *ApparmorEntry) ProtoReflect() protoreflect.Message { + mi := &file_apparmor_proto_msgTypes[2] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ApparmorEntry.ProtoReflect.Descriptor instead. +func (*ApparmorEntry) Descriptor() ([]byte, []int) { + return file_apparmor_proto_rawDescGZIP(), []int{2} +} + +func (x *ApparmorEntry) GetNamespaces() []*AaNamespace { + if x != nil { + return x.Namespaces + } + return nil +} + +var File_apparmor_proto protoreflect.FileDescriptor + +var file_apparmor_proto_rawDesc = []byte{ + 0x0a, 0x0e, 0x61, 0x70, 0x70, 0x61, 0x72, 0x6d, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x12, 0x04, 0x63, 0x72, 0x69, 0x75, 0x22, 0x33, 0x0a, 0x09, 0x61, 0x61, 0x5f, 0x70, 0x6f, 0x6c, + 0x69, 0x63, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, + 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x62, 0x6c, 0x6f, 0x62, 0x18, + 0x02, 0x20, 0x02, 0x28, 0x0c, 0x52, 0x04, 0x62, 0x6c, 0x6f, 0x62, 0x22, 0x83, 0x01, 0x0a, 0x0c, + 0x61, 0x61, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x12, 0x0a, 0x04, + 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, + 0x12, 0x2b, 0x0a, 0x08, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, + 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x61, 0x61, 0x5f, 0x70, 0x6f, 0x6c, + 0x69, 0x63, 0x79, 0x52, 0x08, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x12, 0x32, 0x0a, + 0x0a, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, + 0x0b, 0x32, 0x12, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x61, 0x61, 0x5f, 0x6e, 0x61, 0x6d, 0x65, + 0x73, 0x70, 0x61, 0x63, 0x65, 0x52, 0x0a, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, + 0x73, 0x22, 0x44, 0x0a, 0x0e, 0x61, 0x70, 0x70, 0x61, 0x72, 0x6d, 0x6f, 0x72, 0x5f, 0x65, 0x6e, + 0x74, 0x72, 0x79, 0x12, 0x32, 0x0a, 0x0a, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, + 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x61, + 0x61, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x52, 0x0a, 0x6e, 0x61, 0x6d, + 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x73, +} + +var ( + file_apparmor_proto_rawDescOnce sync.Once + file_apparmor_proto_rawDescData = file_apparmor_proto_rawDesc +) + +func file_apparmor_proto_rawDescGZIP() []byte { + file_apparmor_proto_rawDescOnce.Do(func() { + file_apparmor_proto_rawDescData = protoimpl.X.CompressGZIP(file_apparmor_proto_rawDescData) + }) + return file_apparmor_proto_rawDescData +} + +var file_apparmor_proto_msgTypes = make([]protoimpl.MessageInfo, 3) +var file_apparmor_proto_goTypes = []interface{}{ + (*AaPolicy)(nil), // 0: criu.aa_policy + (*AaNamespace)(nil), // 1: criu.aa_namespace + (*ApparmorEntry)(nil), // 2: criu.apparmor_entry +} +var file_apparmor_proto_depIdxs = []int32{ + 0, // 0: criu.aa_namespace.policies:type_name -> criu.aa_policy + 1, // 1: criu.aa_namespace.namespaces:type_name -> criu.aa_namespace + 1, // 2: criu.apparmor_entry.namespaces:type_name -> criu.aa_namespace + 3, // [3:3] is the sub-list for method output_type + 3, // [3:3] is the sub-list for method input_type + 3, // [3:3] is the sub-list for extension type_name + 3, // [3:3] is the sub-list for extension extendee + 0, // [0:3] is the sub-list for field type_name +} + +func init() { file_apparmor_proto_init() } +func file_apparmor_proto_init() { + if File_apparmor_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_apparmor_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*AaPolicy); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_apparmor_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*AaNamespace); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_apparmor_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ApparmorEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_apparmor_proto_rawDesc, + NumEnums: 0, + NumMessages: 3, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_apparmor_proto_goTypes, + DependencyIndexes: file_apparmor_proto_depIdxs, + MessageInfos: file_apparmor_proto_msgTypes, + }.Build() + File_apparmor_proto = out.File + file_apparmor_proto_rawDesc = nil + file_apparmor_proto_goTypes = nil + file_apparmor_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/apparmor.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/apparmor.proto new file mode 100644 index 00000000000..4a2c64c8a9b --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/apparmor.proto @@ -0,0 +1,17 @@ +syntax = "proto2"; +package criu; + +message aa_policy { + required string name = 1; + required bytes blob = 2; +} + +message aa_namespace { + required string name = 1; + repeated aa_policy policies = 2; + repeated aa_namespace namespaces = 3; +} + +message apparmor_entry { + repeated aa_namespace namespaces = 1; +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/autofs.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/autofs.pb.go new file mode 100644 index 00000000000..b27696dbfe0 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/autofs.pb.go @@ -0,0 +1,217 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: autofs.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type AutofsEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Fd *int32 `protobuf:"varint,1,req,name=fd" json:"fd,omitempty"` + Pgrp *int32 `protobuf:"varint,2,req,name=pgrp" json:"pgrp,omitempty"` + Timeout *int32 `protobuf:"varint,3,req,name=timeout" json:"timeout,omitempty"` + Minproto *int32 `protobuf:"varint,4,req,name=minproto" json:"minproto,omitempty"` + Maxproto *int32 `protobuf:"varint,5,req,name=maxproto" json:"maxproto,omitempty"` + Mode *int32 `protobuf:"varint,6,req,name=mode" json:"mode,omitempty"` + Uid *int32 `protobuf:"varint,7,opt,name=uid" json:"uid,omitempty"` + Gid *int32 `protobuf:"varint,8,opt,name=gid" json:"gid,omitempty"` + ReadFd *int32 `protobuf:"varint,9,opt,name=read_fd,json=readFd" json:"read_fd,omitempty"` +} + +func (x *AutofsEntry) Reset() { + *x = AutofsEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_autofs_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *AutofsEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*AutofsEntry) ProtoMessage() {} + +func (x *AutofsEntry) ProtoReflect() protoreflect.Message { + mi := &file_autofs_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use AutofsEntry.ProtoReflect.Descriptor instead. +func (*AutofsEntry) Descriptor() ([]byte, []int) { + return file_autofs_proto_rawDescGZIP(), []int{0} +} + +func (x *AutofsEntry) GetFd() int32 { + if x != nil && x.Fd != nil { + return *x.Fd + } + return 0 +} + +func (x *AutofsEntry) GetPgrp() int32 { + if x != nil && x.Pgrp != nil { + return *x.Pgrp + } + return 0 +} + +func (x *AutofsEntry) GetTimeout() int32 { + if x != nil && x.Timeout != nil { + return *x.Timeout + } + return 0 +} + +func (x *AutofsEntry) GetMinproto() int32 { + if x != nil && x.Minproto != nil { + return *x.Minproto + } + return 0 +} + +func (x *AutofsEntry) GetMaxproto() int32 { + if x != nil && x.Maxproto != nil { + return *x.Maxproto + } + return 0 +} + +func (x *AutofsEntry) GetMode() int32 { + if x != nil && x.Mode != nil { + return *x.Mode + } + return 0 +} + +func (x *AutofsEntry) GetUid() int32 { + if x != nil && x.Uid != nil { + return *x.Uid + } + return 0 +} + +func (x *AutofsEntry) GetGid() int32 { + if x != nil && x.Gid != nil { + return *x.Gid + } + return 0 +} + +func (x *AutofsEntry) GetReadFd() int32 { + if x != nil && x.ReadFd != nil { + return *x.ReadFd + } + return 0 +} + +var File_autofs_proto protoreflect.FileDescriptor + +var file_autofs_proto_rawDesc = []byte{ + 0x0a, 0x0c, 0x61, 0x75, 0x74, 0x6f, 0x66, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, + 0x63, 0x72, 0x69, 0x75, 0x22, 0xd5, 0x01, 0x0a, 0x0c, 0x61, 0x75, 0x74, 0x6f, 0x66, 0x73, 0x5f, + 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x66, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, + 0x05, 0x52, 0x02, 0x66, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x67, 0x72, 0x70, 0x18, 0x02, 0x20, + 0x02, 0x28, 0x05, 0x52, 0x04, 0x70, 0x67, 0x72, 0x70, 0x12, 0x18, 0x0a, 0x07, 0x74, 0x69, 0x6d, + 0x65, 0x6f, 0x75, 0x74, 0x18, 0x03, 0x20, 0x02, 0x28, 0x05, 0x52, 0x07, 0x74, 0x69, 0x6d, 0x65, + 0x6f, 0x75, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x6d, 0x69, 0x6e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x18, + 0x04, 0x20, 0x02, 0x28, 0x05, 0x52, 0x08, 0x6d, 0x69, 0x6e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, + 0x1a, 0x0a, 0x08, 0x6d, 0x61, 0x78, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x18, 0x05, 0x20, 0x02, 0x28, + 0x05, 0x52, 0x08, 0x6d, 0x61, 0x78, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x6d, + 0x6f, 0x64, 0x65, 0x18, 0x06, 0x20, 0x02, 0x28, 0x05, 0x52, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x12, + 0x10, 0x0a, 0x03, 0x75, 0x69, 0x64, 0x18, 0x07, 0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x75, 0x69, + 0x64, 0x12, 0x10, 0x0a, 0x03, 0x67, 0x69, 0x64, 0x18, 0x08, 0x20, 0x01, 0x28, 0x05, 0x52, 0x03, + 0x67, 0x69, 0x64, 0x12, 0x17, 0x0a, 0x07, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x66, 0x64, 0x18, 0x09, + 0x20, 0x01, 0x28, 0x05, 0x52, 0x06, 0x72, 0x65, 0x61, 0x64, 0x46, 0x64, +} + +var ( + file_autofs_proto_rawDescOnce sync.Once + file_autofs_proto_rawDescData = file_autofs_proto_rawDesc +) + +func file_autofs_proto_rawDescGZIP() []byte { + file_autofs_proto_rawDescOnce.Do(func() { + file_autofs_proto_rawDescData = protoimpl.X.CompressGZIP(file_autofs_proto_rawDescData) + }) + return file_autofs_proto_rawDescData +} + +var file_autofs_proto_msgTypes = make([]protoimpl.MessageInfo, 1) +var file_autofs_proto_goTypes = []interface{}{ + (*AutofsEntry)(nil), // 0: criu.autofs_entry +} +var file_autofs_proto_depIdxs = []int32{ + 0, // [0:0] is the sub-list for method output_type + 0, // [0:0] is the sub-list for method input_type + 0, // [0:0] is the sub-list for extension type_name + 0, // [0:0] is the sub-list for extension extendee + 0, // [0:0] is the sub-list for field type_name +} + +func init() { file_autofs_proto_init() } +func file_autofs_proto_init() { + if File_autofs_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_autofs_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*AutofsEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_autofs_proto_rawDesc, + NumEnums: 0, + NumMessages: 1, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_autofs_proto_goTypes, + DependencyIndexes: file_autofs_proto_depIdxs, + MessageInfos: file_autofs_proto_msgTypes, + }.Build() + File_autofs_proto = out.File + file_autofs_proto_rawDesc = nil + file_autofs_proto_goTypes = nil + file_autofs_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/autofs.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/autofs.proto new file mode 100644 index 00000000000..1b830c3720a --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/autofs.proto @@ -0,0 +1,18 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +message autofs_entry { + required int32 fd = 1; + required int32 pgrp = 2; + required int32 timeout = 3; + required int32 minproto = 4; + required int32 maxproto = 5; + required int32 mode = 6; + + optional int32 uid = 7; + optional int32 gid = 8; + + optional int32 read_fd = 9; +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/binfmt-misc.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/binfmt-misc.pb.go new file mode 100644 index 00000000000..04115c6b695 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/binfmt-misc.pb.go @@ -0,0 +1,210 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: binfmt-misc.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type BinfmtMiscEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Name *string `protobuf:"bytes,1,req,name=name" json:"name,omitempty"` + Enabled *bool `protobuf:"varint,2,req,name=enabled" json:"enabled,omitempty"` + Interpreter *string `protobuf:"bytes,3,req,name=interpreter" json:"interpreter,omitempty"` + Flags *string `protobuf:"bytes,4,opt,name=flags" json:"flags,omitempty"` + Extension *string `protobuf:"bytes,5,opt,name=extension" json:"extension,omitempty"` + Magic *string `protobuf:"bytes,6,opt,name=magic" json:"magic,omitempty"` + Mask *string `protobuf:"bytes,7,opt,name=mask" json:"mask,omitempty"` + Offset *int32 `protobuf:"varint,8,opt,name=offset" json:"offset,omitempty"` +} + +func (x *BinfmtMiscEntry) Reset() { + *x = BinfmtMiscEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_binfmt_misc_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *BinfmtMiscEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*BinfmtMiscEntry) ProtoMessage() {} + +func (x *BinfmtMiscEntry) ProtoReflect() protoreflect.Message { + mi := &file_binfmt_misc_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use BinfmtMiscEntry.ProtoReflect.Descriptor instead. +func (*BinfmtMiscEntry) Descriptor() ([]byte, []int) { + return file_binfmt_misc_proto_rawDescGZIP(), []int{0} +} + +func (x *BinfmtMiscEntry) GetName() string { + if x != nil && x.Name != nil { + return *x.Name + } + return "" +} + +func (x *BinfmtMiscEntry) GetEnabled() bool { + if x != nil && x.Enabled != nil { + return *x.Enabled + } + return false +} + +func (x *BinfmtMiscEntry) GetInterpreter() string { + if x != nil && x.Interpreter != nil { + return *x.Interpreter + } + return "" +} + +func (x *BinfmtMiscEntry) GetFlags() string { + if x != nil && x.Flags != nil { + return *x.Flags + } + return "" +} + +func (x *BinfmtMiscEntry) GetExtension() string { + if x != nil && x.Extension != nil { + return *x.Extension + } + return "" +} + +func (x *BinfmtMiscEntry) GetMagic() string { + if x != nil && x.Magic != nil { + return *x.Magic + } + return "" +} + +func (x *BinfmtMiscEntry) GetMask() string { + if x != nil && x.Mask != nil { + return *x.Mask + } + return "" +} + +func (x *BinfmtMiscEntry) GetOffset() int32 { + if x != nil && x.Offset != nil { + return *x.Offset + } + return 0 +} + +var File_binfmt_misc_proto protoreflect.FileDescriptor + +var file_binfmt_misc_proto_rawDesc = []byte{ + 0x0a, 0x11, 0x62, 0x69, 0x6e, 0x66, 0x6d, 0x74, 0x2d, 0x6d, 0x69, 0x73, 0x63, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x63, 0x72, 0x69, 0x75, 0x22, 0xd9, 0x01, 0x0a, 0x11, 0x62, 0x69, + 0x6e, 0x66, 0x6d, 0x74, 0x5f, 0x6d, 0x69, 0x73, 0x63, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, + 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x09, 0x52, 0x04, 0x6e, + 0x61, 0x6d, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x02, + 0x20, 0x02, 0x28, 0x08, 0x52, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x12, 0x20, 0x0a, + 0x0b, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x72, 0x18, 0x03, 0x20, 0x02, + 0x28, 0x09, 0x52, 0x0b, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x72, 0x12, + 0x14, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, + 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x1c, 0x0a, 0x09, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, + 0x6f, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, + 0x69, 0x6f, 0x6e, 0x12, 0x14, 0x0a, 0x05, 0x6d, 0x61, 0x67, 0x69, 0x63, 0x18, 0x06, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x05, 0x6d, 0x61, 0x67, 0x69, 0x63, 0x12, 0x12, 0x0a, 0x04, 0x6d, 0x61, 0x73, + 0x6b, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6d, 0x61, 0x73, 0x6b, 0x12, 0x16, 0x0a, + 0x06, 0x6f, 0x66, 0x66, 0x73, 0x65, 0x74, 0x18, 0x08, 0x20, 0x01, 0x28, 0x05, 0x52, 0x06, 0x6f, + 0x66, 0x66, 0x73, 0x65, 0x74, +} + +var ( + file_binfmt_misc_proto_rawDescOnce sync.Once + file_binfmt_misc_proto_rawDescData = file_binfmt_misc_proto_rawDesc +) + +func file_binfmt_misc_proto_rawDescGZIP() []byte { + file_binfmt_misc_proto_rawDescOnce.Do(func() { + file_binfmt_misc_proto_rawDescData = protoimpl.X.CompressGZIP(file_binfmt_misc_proto_rawDescData) + }) + return file_binfmt_misc_proto_rawDescData +} + +var file_binfmt_misc_proto_msgTypes = make([]protoimpl.MessageInfo, 1) +var file_binfmt_misc_proto_goTypes = []interface{}{ + (*BinfmtMiscEntry)(nil), // 0: criu.binfmt_misc_entry +} +var file_binfmt_misc_proto_depIdxs = []int32{ + 0, // [0:0] is the sub-list for method output_type + 0, // [0:0] is the sub-list for method input_type + 0, // [0:0] is the sub-list for extension type_name + 0, // [0:0] is the sub-list for extension extendee + 0, // [0:0] is the sub-list for field type_name +} + +func init() { file_binfmt_misc_proto_init() } +func file_binfmt_misc_proto_init() { + if File_binfmt_misc_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_binfmt_misc_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*BinfmtMiscEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_binfmt_misc_proto_rawDesc, + NumEnums: 0, + NumMessages: 1, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_binfmt_misc_proto_goTypes, + DependencyIndexes: file_binfmt_misc_proto_depIdxs, + MessageInfos: file_binfmt_misc_proto_msgTypes, + }.Build() + File_binfmt_misc_proto = out.File + file_binfmt_misc_proto_rawDesc = nil + file_binfmt_misc_proto_goTypes = nil + file_binfmt_misc_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/binfmt-misc.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/binfmt-misc.proto new file mode 100644 index 00000000000..ce6401e4a9c --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/binfmt-misc.proto @@ -0,0 +1,15 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +message binfmt_misc_entry { + required string name = 1; + required bool enabled = 2; + required string interpreter = 3; + optional string flags = 4; + optional string extension = 5; + optional string magic = 6; + optional string mask = 7; + optional int32 offset = 8; +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/bpfmap-data.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/bpfmap-data.pb.go new file mode 100644 index 00000000000..1e7002ef66d --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/bpfmap-data.pb.go @@ -0,0 +1,172 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: bpfmap-data.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type BpfmapDataEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + MapId *uint32 `protobuf:"varint,1,req,name=map_id,json=mapId" json:"map_id,omitempty"` + KeysBytes *uint32 `protobuf:"varint,2,req,name=keys_bytes,json=keysBytes" json:"keys_bytes,omitempty"` // Bytes required to store keys + ValuesBytes *uint32 `protobuf:"varint,3,req,name=values_bytes,json=valuesBytes" json:"values_bytes,omitempty"` // Bytes required to store values + Count *uint32 `protobuf:"varint,4,req,name=count" json:"count,omitempty"` // Number of key-value pairs stored +} + +func (x *BpfmapDataEntry) Reset() { + *x = BpfmapDataEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_bpfmap_data_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *BpfmapDataEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*BpfmapDataEntry) ProtoMessage() {} + +func (x *BpfmapDataEntry) ProtoReflect() protoreflect.Message { + mi := &file_bpfmap_data_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use BpfmapDataEntry.ProtoReflect.Descriptor instead. +func (*BpfmapDataEntry) Descriptor() ([]byte, []int) { + return file_bpfmap_data_proto_rawDescGZIP(), []int{0} +} + +func (x *BpfmapDataEntry) GetMapId() uint32 { + if x != nil && x.MapId != nil { + return *x.MapId + } + return 0 +} + +func (x *BpfmapDataEntry) GetKeysBytes() uint32 { + if x != nil && x.KeysBytes != nil { + return *x.KeysBytes + } + return 0 +} + +func (x *BpfmapDataEntry) GetValuesBytes() uint32 { + if x != nil && x.ValuesBytes != nil { + return *x.ValuesBytes + } + return 0 +} + +func (x *BpfmapDataEntry) GetCount() uint32 { + if x != nil && x.Count != nil { + return *x.Count + } + return 0 +} + +var File_bpfmap_data_proto protoreflect.FileDescriptor + +var file_bpfmap_data_proto_rawDesc = []byte{ + 0x0a, 0x11, 0x62, 0x70, 0x66, 0x6d, 0x61, 0x70, 0x2d, 0x64, 0x61, 0x74, 0x61, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x63, 0x72, 0x69, 0x75, 0x22, 0x82, 0x01, 0x0a, 0x11, 0x62, 0x70, + 0x66, 0x6d, 0x61, 0x70, 0x5f, 0x64, 0x61, 0x74, 0x61, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, + 0x15, 0x0a, 0x06, 0x6d, 0x61, 0x70, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, + 0x05, 0x6d, 0x61, 0x70, 0x49, 0x64, 0x12, 0x1d, 0x0a, 0x0a, 0x6b, 0x65, 0x79, 0x73, 0x5f, 0x62, + 0x79, 0x74, 0x65, 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x09, 0x6b, 0x65, 0x79, 0x73, + 0x42, 0x79, 0x74, 0x65, 0x73, 0x12, 0x21, 0x0a, 0x0c, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x73, 0x5f, + 0x62, 0x79, 0x74, 0x65, 0x73, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x0b, 0x76, 0x61, 0x6c, + 0x75, 0x65, 0x73, 0x42, 0x79, 0x74, 0x65, 0x73, 0x12, 0x14, 0x0a, 0x05, 0x63, 0x6f, 0x75, 0x6e, + 0x74, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x63, 0x6f, 0x75, 0x6e, 0x74, +} + +var ( + file_bpfmap_data_proto_rawDescOnce sync.Once + file_bpfmap_data_proto_rawDescData = file_bpfmap_data_proto_rawDesc +) + +func file_bpfmap_data_proto_rawDescGZIP() []byte { + file_bpfmap_data_proto_rawDescOnce.Do(func() { + file_bpfmap_data_proto_rawDescData = protoimpl.X.CompressGZIP(file_bpfmap_data_proto_rawDescData) + }) + return file_bpfmap_data_proto_rawDescData +} + +var file_bpfmap_data_proto_msgTypes = make([]protoimpl.MessageInfo, 1) +var file_bpfmap_data_proto_goTypes = []interface{}{ + (*BpfmapDataEntry)(nil), // 0: criu.bpfmap_data_entry +} +var file_bpfmap_data_proto_depIdxs = []int32{ + 0, // [0:0] is the sub-list for method output_type + 0, // [0:0] is the sub-list for method input_type + 0, // [0:0] is the sub-list for extension type_name + 0, // [0:0] is the sub-list for extension extendee + 0, // [0:0] is the sub-list for field type_name +} + +func init() { file_bpfmap_data_proto_init() } +func file_bpfmap_data_proto_init() { + if File_bpfmap_data_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_bpfmap_data_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*BpfmapDataEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_bpfmap_data_proto_rawDesc, + NumEnums: 0, + NumMessages: 1, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_bpfmap_data_proto_goTypes, + DependencyIndexes: file_bpfmap_data_proto_depIdxs, + MessageInfos: file_bpfmap_data_proto_msgTypes, + }.Build() + File_bpfmap_data_proto = out.File + file_bpfmap_data_proto_rawDesc = nil + file_bpfmap_data_proto_goTypes = nil + file_bpfmap_data_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/bpfmap-data.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/bpfmap-data.proto new file mode 100644 index 00000000000..f8d0f355e54 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/bpfmap-data.proto @@ -0,0 +1,11 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +message bpfmap_data_entry { + required uint32 map_id = 1; + required uint32 keys_bytes = 2; /* Bytes required to store keys */ + required uint32 values_bytes = 3; /* Bytes required to store values */ + required uint32 count = 4; /* Number of key-value pairs stored */ +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/bpfmap-file.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/bpfmap-file.pb.go new file mode 100644 index 00000000000..644bd1d733c --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/bpfmap-file.pb.go @@ -0,0 +1,302 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: bpfmap-file.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type BpfmapFileEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Id *uint32 `protobuf:"varint,1,req,name=id" json:"id,omitempty"` + Flags *uint32 `protobuf:"varint,2,req,name=flags" json:"flags,omitempty"` + Pos *uint64 `protobuf:"varint,3,req,name=pos" json:"pos,omitempty"` + Fown *FownEntry `protobuf:"bytes,4,req,name=fown" json:"fown,omitempty"` + MapType *uint32 `protobuf:"varint,5,req,name=map_type,json=mapType" json:"map_type,omitempty"` + KeySize *uint32 `protobuf:"varint,6,req,name=key_size,json=keySize" json:"key_size,omitempty"` + ValueSize *uint32 `protobuf:"varint,7,req,name=value_size,json=valueSize" json:"value_size,omitempty"` + MapId *uint32 `protobuf:"varint,8,req,name=map_id,json=mapId" json:"map_id,omitempty"` + MaxEntries *uint32 `protobuf:"varint,9,req,name=max_entries,json=maxEntries" json:"max_entries,omitempty"` + MapFlags *uint32 `protobuf:"varint,10,req,name=map_flags,json=mapFlags" json:"map_flags,omitempty"` + Memlock *uint64 `protobuf:"varint,11,req,name=memlock" json:"memlock,omitempty"` + Frozen *bool `protobuf:"varint,12,req,name=frozen,def=0" json:"frozen,omitempty"` + MapName *string `protobuf:"bytes,13,req,name=map_name,json=mapName" json:"map_name,omitempty"` + Ifindex *uint32 `protobuf:"varint,14,req,name=ifindex,def=0" json:"ifindex,omitempty"` + MntId *int32 `protobuf:"zigzag32,15,opt,name=mnt_id,json=mntId,def=-1" json:"mnt_id,omitempty"` + MapExtra *uint64 `protobuf:"varint,16,opt,name=map_extra,json=mapExtra" json:"map_extra,omitempty"` +} + +// Default values for BpfmapFileEntry fields. +const ( + Default_BpfmapFileEntry_Frozen = bool(false) + Default_BpfmapFileEntry_Ifindex = uint32(0) + Default_BpfmapFileEntry_MntId = int32(-1) +) + +func (x *BpfmapFileEntry) Reset() { + *x = BpfmapFileEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_bpfmap_file_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *BpfmapFileEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*BpfmapFileEntry) ProtoMessage() {} + +func (x *BpfmapFileEntry) ProtoReflect() protoreflect.Message { + mi := &file_bpfmap_file_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use BpfmapFileEntry.ProtoReflect.Descriptor instead. +func (*BpfmapFileEntry) Descriptor() ([]byte, []int) { + return file_bpfmap_file_proto_rawDescGZIP(), []int{0} +} + +func (x *BpfmapFileEntry) GetId() uint32 { + if x != nil && x.Id != nil { + return *x.Id + } + return 0 +} + +func (x *BpfmapFileEntry) GetFlags() uint32 { + if x != nil && x.Flags != nil { + return *x.Flags + } + return 0 +} + +func (x *BpfmapFileEntry) GetPos() uint64 { + if x != nil && x.Pos != nil { + return *x.Pos + } + return 0 +} + +func (x *BpfmapFileEntry) GetFown() *FownEntry { + if x != nil { + return x.Fown + } + return nil +} + +func (x *BpfmapFileEntry) GetMapType() uint32 { + if x != nil && x.MapType != nil { + return *x.MapType + } + return 0 +} + +func (x *BpfmapFileEntry) GetKeySize() uint32 { + if x != nil && x.KeySize != nil { + return *x.KeySize + } + return 0 +} + +func (x *BpfmapFileEntry) GetValueSize() uint32 { + if x != nil && x.ValueSize != nil { + return *x.ValueSize + } + return 0 +} + +func (x *BpfmapFileEntry) GetMapId() uint32 { + if x != nil && x.MapId != nil { + return *x.MapId + } + return 0 +} + +func (x *BpfmapFileEntry) GetMaxEntries() uint32 { + if x != nil && x.MaxEntries != nil { + return *x.MaxEntries + } + return 0 +} + +func (x *BpfmapFileEntry) GetMapFlags() uint32 { + if x != nil && x.MapFlags != nil { + return *x.MapFlags + } + return 0 +} + +func (x *BpfmapFileEntry) GetMemlock() uint64 { + if x != nil && x.Memlock != nil { + return *x.Memlock + } + return 0 +} + +func (x *BpfmapFileEntry) GetFrozen() bool { + if x != nil && x.Frozen != nil { + return *x.Frozen + } + return Default_BpfmapFileEntry_Frozen +} + +func (x *BpfmapFileEntry) GetMapName() string { + if x != nil && x.MapName != nil { + return *x.MapName + } + return "" +} + +func (x *BpfmapFileEntry) GetIfindex() uint32 { + if x != nil && x.Ifindex != nil { + return *x.Ifindex + } + return Default_BpfmapFileEntry_Ifindex +} + +func (x *BpfmapFileEntry) GetMntId() int32 { + if x != nil && x.MntId != nil { + return *x.MntId + } + return Default_BpfmapFileEntry_MntId +} + +func (x *BpfmapFileEntry) GetMapExtra() uint64 { + if x != nil && x.MapExtra != nil { + return *x.MapExtra + } + return 0 +} + +var File_bpfmap_file_proto protoreflect.FileDescriptor + +var file_bpfmap_file_proto_rawDesc = []byte{ + 0x0a, 0x11, 0x62, 0x70, 0x66, 0x6d, 0x61, 0x70, 0x2d, 0x66, 0x69, 0x6c, 0x65, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x63, 0x72, 0x69, 0x75, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x66, 0x6f, 0x77, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x22, 0xd6, 0x03, 0x0a, 0x11, 0x62, 0x70, 0x66, 0x6d, 0x61, 0x70, 0x5f, 0x66, 0x69, 0x6c, + 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, + 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, 0x26, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, + 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x10, 0xd2, 0x3f, 0x0d, 0x1a, 0x0b, 0x72, 0x66, 0x69, + 0x6c, 0x65, 0x2e, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, + 0x10, 0x0a, 0x03, 0x70, 0x6f, 0x73, 0x18, 0x03, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x70, 0x6f, + 0x73, 0x12, 0x24, 0x0a, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0b, 0x32, + 0x10, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x66, 0x6f, 0x77, 0x6e, 0x5f, 0x65, 0x6e, 0x74, 0x72, + 0x79, 0x52, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x12, 0x19, 0x0a, 0x08, 0x6d, 0x61, 0x70, 0x5f, 0x74, + 0x79, 0x70, 0x65, 0x18, 0x05, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x6d, 0x61, 0x70, 0x54, 0x79, + 0x70, 0x65, 0x12, 0x19, 0x0a, 0x08, 0x6b, 0x65, 0x79, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x06, + 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x6b, 0x65, 0x79, 0x53, 0x69, 0x7a, 0x65, 0x12, 0x1d, 0x0a, + 0x0a, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x07, 0x20, 0x02, 0x28, + 0x0d, 0x52, 0x09, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x53, 0x69, 0x7a, 0x65, 0x12, 0x15, 0x0a, 0x06, + 0x6d, 0x61, 0x70, 0x5f, 0x69, 0x64, 0x18, 0x08, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x6d, 0x61, + 0x70, 0x49, 0x64, 0x12, 0x1f, 0x0a, 0x0b, 0x6d, 0x61, 0x78, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x69, + 0x65, 0x73, 0x18, 0x09, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x0a, 0x6d, 0x61, 0x78, 0x45, 0x6e, 0x74, + 0x72, 0x69, 0x65, 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x6d, 0x61, 0x70, 0x5f, 0x66, 0x6c, 0x61, 0x67, + 0x73, 0x18, 0x0a, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x08, 0x6d, 0x61, 0x70, 0x46, 0x6c, 0x61, 0x67, + 0x73, 0x12, 0x18, 0x0a, 0x07, 0x6d, 0x65, 0x6d, 0x6c, 0x6f, 0x63, 0x6b, 0x18, 0x0b, 0x20, 0x02, + 0x28, 0x04, 0x52, 0x07, 0x6d, 0x65, 0x6d, 0x6c, 0x6f, 0x63, 0x6b, 0x12, 0x1d, 0x0a, 0x06, 0x66, + 0x72, 0x6f, 0x7a, 0x65, 0x6e, 0x18, 0x0c, 0x20, 0x02, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, + 0x73, 0x65, 0x52, 0x06, 0x66, 0x72, 0x6f, 0x7a, 0x65, 0x6e, 0x12, 0x19, 0x0a, 0x08, 0x6d, 0x61, + 0x70, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x0d, 0x20, 0x02, 0x28, 0x09, 0x52, 0x07, 0x6d, 0x61, + 0x70, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1b, 0x0a, 0x07, 0x69, 0x66, 0x69, 0x6e, 0x64, 0x65, 0x78, + 0x18, 0x0e, 0x20, 0x02, 0x28, 0x0d, 0x3a, 0x01, 0x30, 0x52, 0x07, 0x69, 0x66, 0x69, 0x6e, 0x64, + 0x65, 0x78, 0x12, 0x19, 0x0a, 0x06, 0x6d, 0x6e, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x0f, 0x20, 0x01, + 0x28, 0x11, 0x3a, 0x02, 0x2d, 0x31, 0x52, 0x05, 0x6d, 0x6e, 0x74, 0x49, 0x64, 0x12, 0x1b, 0x0a, + 0x09, 0x6d, 0x61, 0x70, 0x5f, 0x65, 0x78, 0x74, 0x72, 0x61, 0x18, 0x10, 0x20, 0x01, 0x28, 0x04, + 0x52, 0x08, 0x6d, 0x61, 0x70, 0x45, 0x78, 0x74, 0x72, 0x61, +} + +var ( + file_bpfmap_file_proto_rawDescOnce sync.Once + file_bpfmap_file_proto_rawDescData = file_bpfmap_file_proto_rawDesc +) + +func file_bpfmap_file_proto_rawDescGZIP() []byte { + file_bpfmap_file_proto_rawDescOnce.Do(func() { + file_bpfmap_file_proto_rawDescData = protoimpl.X.CompressGZIP(file_bpfmap_file_proto_rawDescData) + }) + return file_bpfmap_file_proto_rawDescData +} + +var file_bpfmap_file_proto_msgTypes = make([]protoimpl.MessageInfo, 1) +var file_bpfmap_file_proto_goTypes = []interface{}{ + (*BpfmapFileEntry)(nil), // 0: criu.bpfmap_file_entry + (*FownEntry)(nil), // 1: criu.fown_entry +} +var file_bpfmap_file_proto_depIdxs = []int32{ + 1, // 0: criu.bpfmap_file_entry.fown:type_name -> criu.fown_entry + 1, // [1:1] is the sub-list for method output_type + 1, // [1:1] is the sub-list for method input_type + 1, // [1:1] is the sub-list for extension type_name + 1, // [1:1] is the sub-list for extension extendee + 0, // [0:1] is the sub-list for field type_name +} + +func init() { file_bpfmap_file_proto_init() } +func file_bpfmap_file_proto_init() { + if File_bpfmap_file_proto != nil { + return + } + file_opts_proto_init() + file_fown_proto_init() + if !protoimpl.UnsafeEnabled { + file_bpfmap_file_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*BpfmapFileEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_bpfmap_file_proto_rawDesc, + NumEnums: 0, + NumMessages: 1, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_bpfmap_file_proto_goTypes, + DependencyIndexes: file_bpfmap_file_proto_depIdxs, + MessageInfos: file_bpfmap_file_proto_msgTypes, + }.Build() + File_bpfmap_file_proto = out.File + file_bpfmap_file_proto_rawDesc = nil + file_bpfmap_file_proto_goTypes = nil + file_bpfmap_file_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/bpfmap-file.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/bpfmap-file.proto new file mode 100644 index 00000000000..3b3d59e0562 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/bpfmap-file.proto @@ -0,0 +1,26 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +import "opts.proto"; +import "fown.proto"; + +message bpfmap_file_entry { + required uint32 id = 1; + required uint32 flags = 2 [(criu).flags = "rfile.flags"]; + required uint64 pos = 3; + required fown_entry fown = 4; + required uint32 map_type = 5; + required uint32 key_size = 6; + required uint32 value_size = 7; + required uint32 map_id = 8; + required uint32 max_entries = 9; + required uint32 map_flags = 10; + required uint64 memlock = 11; + required bool frozen = 12 [default = false]; + required string map_name = 13; + required uint32 ifindex = 14 [default = 0]; + optional sint32 mnt_id = 15 [default = -1]; + optional uint64 map_extra = 16; +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/cgroup.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/cgroup.pb.go new file mode 100644 index 00000000000..ec7a6e97d4d --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/cgroup.pb.go @@ -0,0 +1,651 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: cgroup.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type CgroupPerms struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Mode *uint32 `protobuf:"varint,1,req,name=mode" json:"mode,omitempty"` + Uid *uint32 `protobuf:"varint,2,req,name=uid" json:"uid,omitempty"` + Gid *uint32 `protobuf:"varint,3,req,name=gid" json:"gid,omitempty"` +} + +func (x *CgroupPerms) Reset() { + *x = CgroupPerms{} + if protoimpl.UnsafeEnabled { + mi := &file_cgroup_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *CgroupPerms) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*CgroupPerms) ProtoMessage() {} + +func (x *CgroupPerms) ProtoReflect() protoreflect.Message { + mi := &file_cgroup_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use CgroupPerms.ProtoReflect.Descriptor instead. +func (*CgroupPerms) Descriptor() ([]byte, []int) { + return file_cgroup_proto_rawDescGZIP(), []int{0} +} + +func (x *CgroupPerms) GetMode() uint32 { + if x != nil && x.Mode != nil { + return *x.Mode + } + return 0 +} + +func (x *CgroupPerms) GetUid() uint32 { + if x != nil && x.Uid != nil { + return *x.Uid + } + return 0 +} + +func (x *CgroupPerms) GetGid() uint32 { + if x != nil && x.Gid != nil { + return *x.Gid + } + return 0 +} + +type CgroupPropEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Name *string `protobuf:"bytes,1,req,name=name" json:"name,omitempty"` + Value *string `protobuf:"bytes,2,req,name=value" json:"value,omitempty"` + Perms *CgroupPerms `protobuf:"bytes,3,opt,name=perms" json:"perms,omitempty"` +} + +func (x *CgroupPropEntry) Reset() { + *x = CgroupPropEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_cgroup_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *CgroupPropEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*CgroupPropEntry) ProtoMessage() {} + +func (x *CgroupPropEntry) ProtoReflect() protoreflect.Message { + mi := &file_cgroup_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use CgroupPropEntry.ProtoReflect.Descriptor instead. +func (*CgroupPropEntry) Descriptor() ([]byte, []int) { + return file_cgroup_proto_rawDescGZIP(), []int{1} +} + +func (x *CgroupPropEntry) GetName() string { + if x != nil && x.Name != nil { + return *x.Name + } + return "" +} + +func (x *CgroupPropEntry) GetValue() string { + if x != nil && x.Value != nil { + return *x.Value + } + return "" +} + +func (x *CgroupPropEntry) GetPerms() *CgroupPerms { + if x != nil { + return x.Perms + } + return nil +} + +type CgroupDirEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + DirName *string `protobuf:"bytes,1,req,name=dir_name,json=dirName" json:"dir_name,omitempty"` + Children []*CgroupDirEntry `protobuf:"bytes,2,rep,name=children" json:"children,omitempty"` + Properties []*CgroupPropEntry `protobuf:"bytes,3,rep,name=properties" json:"properties,omitempty"` + DirPerms *CgroupPerms `protobuf:"bytes,4,opt,name=dir_perms,json=dirPerms" json:"dir_perms,omitempty"` +} + +func (x *CgroupDirEntry) Reset() { + *x = CgroupDirEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_cgroup_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *CgroupDirEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*CgroupDirEntry) ProtoMessage() {} + +func (x *CgroupDirEntry) ProtoReflect() protoreflect.Message { + mi := &file_cgroup_proto_msgTypes[2] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use CgroupDirEntry.ProtoReflect.Descriptor instead. +func (*CgroupDirEntry) Descriptor() ([]byte, []int) { + return file_cgroup_proto_rawDescGZIP(), []int{2} +} + +func (x *CgroupDirEntry) GetDirName() string { + if x != nil && x.DirName != nil { + return *x.DirName + } + return "" +} + +func (x *CgroupDirEntry) GetChildren() []*CgroupDirEntry { + if x != nil { + return x.Children + } + return nil +} + +func (x *CgroupDirEntry) GetProperties() []*CgroupPropEntry { + if x != nil { + return x.Properties + } + return nil +} + +func (x *CgroupDirEntry) GetDirPerms() *CgroupPerms { + if x != nil { + return x.DirPerms + } + return nil +} + +type CgControllerEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Cnames []string `protobuf:"bytes,1,rep,name=cnames" json:"cnames,omitempty"` + Dirs []*CgroupDirEntry `protobuf:"bytes,2,rep,name=dirs" json:"dirs,omitempty"` +} + +func (x *CgControllerEntry) Reset() { + *x = CgControllerEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_cgroup_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *CgControllerEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*CgControllerEntry) ProtoMessage() {} + +func (x *CgControllerEntry) ProtoReflect() protoreflect.Message { + mi := &file_cgroup_proto_msgTypes[3] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use CgControllerEntry.ProtoReflect.Descriptor instead. +func (*CgControllerEntry) Descriptor() ([]byte, []int) { + return file_cgroup_proto_rawDescGZIP(), []int{3} +} + +func (x *CgControllerEntry) GetCnames() []string { + if x != nil { + return x.Cnames + } + return nil +} + +func (x *CgControllerEntry) GetDirs() []*CgroupDirEntry { + if x != nil { + return x.Dirs + } + return nil +} + +type CgMemberEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Name *string `protobuf:"bytes,1,req,name=name" json:"name,omitempty"` + Path *string `protobuf:"bytes,2,req,name=path" json:"path,omitempty"` + CgnsPrefix *uint32 `protobuf:"varint,3,opt,name=cgns_prefix,json=cgnsPrefix" json:"cgns_prefix,omitempty"` +} + +func (x *CgMemberEntry) Reset() { + *x = CgMemberEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_cgroup_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *CgMemberEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*CgMemberEntry) ProtoMessage() {} + +func (x *CgMemberEntry) ProtoReflect() protoreflect.Message { + mi := &file_cgroup_proto_msgTypes[4] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use CgMemberEntry.ProtoReflect.Descriptor instead. +func (*CgMemberEntry) Descriptor() ([]byte, []int) { + return file_cgroup_proto_rawDescGZIP(), []int{4} +} + +func (x *CgMemberEntry) GetName() string { + if x != nil && x.Name != nil { + return *x.Name + } + return "" +} + +func (x *CgMemberEntry) GetPath() string { + if x != nil && x.Path != nil { + return *x.Path + } + return "" +} + +func (x *CgMemberEntry) GetCgnsPrefix() uint32 { + if x != nil && x.CgnsPrefix != nil { + return *x.CgnsPrefix + } + return 0 +} + +type CgSetEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Id *uint32 `protobuf:"varint,1,req,name=id" json:"id,omitempty"` + Ctls []*CgMemberEntry `protobuf:"bytes,2,rep,name=ctls" json:"ctls,omitempty"` +} + +func (x *CgSetEntry) Reset() { + *x = CgSetEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_cgroup_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *CgSetEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*CgSetEntry) ProtoMessage() {} + +func (x *CgSetEntry) ProtoReflect() protoreflect.Message { + mi := &file_cgroup_proto_msgTypes[5] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use CgSetEntry.ProtoReflect.Descriptor instead. +func (*CgSetEntry) Descriptor() ([]byte, []int) { + return file_cgroup_proto_rawDescGZIP(), []int{5} +} + +func (x *CgSetEntry) GetId() uint32 { + if x != nil && x.Id != nil { + return *x.Id + } + return 0 +} + +func (x *CgSetEntry) GetCtls() []*CgMemberEntry { + if x != nil { + return x.Ctls + } + return nil +} + +type CgroupEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Sets []*CgSetEntry `protobuf:"bytes,1,rep,name=sets" json:"sets,omitempty"` + Controllers []*CgControllerEntry `protobuf:"bytes,2,rep,name=controllers" json:"controllers,omitempty"` +} + +func (x *CgroupEntry) Reset() { + *x = CgroupEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_cgroup_proto_msgTypes[6] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *CgroupEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*CgroupEntry) ProtoMessage() {} + +func (x *CgroupEntry) ProtoReflect() protoreflect.Message { + mi := &file_cgroup_proto_msgTypes[6] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use CgroupEntry.ProtoReflect.Descriptor instead. +func (*CgroupEntry) Descriptor() ([]byte, []int) { + return file_cgroup_proto_rawDescGZIP(), []int{6} +} + +func (x *CgroupEntry) GetSets() []*CgSetEntry { + if x != nil { + return x.Sets + } + return nil +} + +func (x *CgroupEntry) GetControllers() []*CgControllerEntry { + if x != nil { + return x.Controllers + } + return nil +} + +var File_cgroup_proto protoreflect.FileDescriptor + +var file_cgroup_proto_rawDesc = []byte{ + 0x0a, 0x0c, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, + 0x63, 0x72, 0x69, 0x75, 0x22, 0x46, 0x0a, 0x0c, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x70, + 0x65, 0x72, 0x6d, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x02, + 0x28, 0x0d, 0x52, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x69, 0x64, 0x18, + 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, 0x75, 0x69, 0x64, 0x12, 0x10, 0x0a, 0x03, 0x67, 0x69, + 0x64, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, 0x67, 0x69, 0x64, 0x22, 0x67, 0x0a, 0x11, + 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x70, 0x72, 0x6f, 0x70, 0x5f, 0x65, 0x6e, 0x74, 0x72, + 0x79, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x09, 0x52, + 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, + 0x20, 0x02, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x28, 0x0a, 0x05, 0x70, + 0x65, 0x72, 0x6d, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x63, 0x72, 0x69, + 0x75, 0x2e, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x70, 0x65, 0x72, 0x6d, 0x73, 0x52, 0x05, + 0x70, 0x65, 0x72, 0x6d, 0x73, 0x22, 0xcb, 0x01, 0x0a, 0x10, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, + 0x5f, 0x64, 0x69, 0x72, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x19, 0x0a, 0x08, 0x64, 0x69, + 0x72, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x09, 0x52, 0x07, 0x64, 0x69, + 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x32, 0x0a, 0x08, 0x63, 0x68, 0x69, 0x6c, 0x64, 0x72, 0x65, + 0x6e, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x63, + 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x64, 0x69, 0x72, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, + 0x08, 0x63, 0x68, 0x69, 0x6c, 0x64, 0x72, 0x65, 0x6e, 0x12, 0x37, 0x0a, 0x0a, 0x70, 0x72, 0x6f, + 0x70, 0x65, 0x72, 0x74, 0x69, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x17, 0x2e, + 0x63, 0x72, 0x69, 0x75, 0x2e, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x70, 0x72, 0x6f, 0x70, + 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0a, 0x70, 0x72, 0x6f, 0x70, 0x65, 0x72, 0x74, 0x69, + 0x65, 0x73, 0x12, 0x2f, 0x0a, 0x09, 0x64, 0x69, 0x72, 0x5f, 0x70, 0x65, 0x72, 0x6d, 0x73, 0x18, + 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x63, 0x67, 0x72, + 0x6f, 0x75, 0x70, 0x5f, 0x70, 0x65, 0x72, 0x6d, 0x73, 0x52, 0x08, 0x64, 0x69, 0x72, 0x50, 0x65, + 0x72, 0x6d, 0x73, 0x22, 0x59, 0x0a, 0x13, 0x63, 0x67, 0x5f, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, + 0x6c, 0x6c, 0x65, 0x72, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x16, 0x0a, 0x06, 0x63, 0x6e, + 0x61, 0x6d, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x06, 0x63, 0x6e, 0x61, 0x6d, + 0x65, 0x73, 0x12, 0x2a, 0x0a, 0x04, 0x64, 0x69, 0x72, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, + 0x32, 0x16, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x64, + 0x69, 0x72, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x64, 0x69, 0x72, 0x73, 0x22, 0x5a, + 0x0a, 0x0f, 0x63, 0x67, 0x5f, 0x6d, 0x65, 0x6d, 0x62, 0x65, 0x72, 0x5f, 0x65, 0x6e, 0x74, 0x72, + 0x79, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x09, 0x52, + 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x02, 0x20, + 0x02, 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x12, 0x1f, 0x0a, 0x0b, 0x63, 0x67, 0x6e, + 0x73, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0a, + 0x63, 0x67, 0x6e, 0x73, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x22, 0x49, 0x0a, 0x0c, 0x63, 0x67, + 0x5f, 0x73, 0x65, 0x74, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, + 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, 0x29, 0x0a, 0x04, 0x63, 0x74, + 0x6c, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, + 0x63, 0x67, 0x5f, 0x6d, 0x65, 0x6d, 0x62, 0x65, 0x72, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, + 0x04, 0x63, 0x74, 0x6c, 0x73, 0x22, 0x73, 0x0a, 0x0c, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, + 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x26, 0x0a, 0x04, 0x73, 0x65, 0x74, 0x73, 0x18, 0x01, 0x20, + 0x03, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x63, 0x67, 0x5f, 0x73, 0x65, + 0x74, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x73, 0x65, 0x74, 0x73, 0x12, 0x3b, 0x0a, + 0x0b, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x73, 0x18, 0x02, 0x20, 0x03, + 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x63, 0x67, 0x5f, 0x63, 0x6f, 0x6e, + 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0b, 0x63, + 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x73, +} + +var ( + file_cgroup_proto_rawDescOnce sync.Once + file_cgroup_proto_rawDescData = file_cgroup_proto_rawDesc +) + +func file_cgroup_proto_rawDescGZIP() []byte { + file_cgroup_proto_rawDescOnce.Do(func() { + file_cgroup_proto_rawDescData = protoimpl.X.CompressGZIP(file_cgroup_proto_rawDescData) + }) + return file_cgroup_proto_rawDescData +} + +var file_cgroup_proto_msgTypes = make([]protoimpl.MessageInfo, 7) +var file_cgroup_proto_goTypes = []interface{}{ + (*CgroupPerms)(nil), // 0: criu.cgroup_perms + (*CgroupPropEntry)(nil), // 1: criu.cgroup_prop_entry + (*CgroupDirEntry)(nil), // 2: criu.cgroup_dir_entry + (*CgControllerEntry)(nil), // 3: criu.cg_controller_entry + (*CgMemberEntry)(nil), // 4: criu.cg_member_entry + (*CgSetEntry)(nil), // 5: criu.cg_set_entry + (*CgroupEntry)(nil), // 6: criu.cgroup_entry +} +var file_cgroup_proto_depIdxs = []int32{ + 0, // 0: criu.cgroup_prop_entry.perms:type_name -> criu.cgroup_perms + 2, // 1: criu.cgroup_dir_entry.children:type_name -> criu.cgroup_dir_entry + 1, // 2: criu.cgroup_dir_entry.properties:type_name -> criu.cgroup_prop_entry + 0, // 3: criu.cgroup_dir_entry.dir_perms:type_name -> criu.cgroup_perms + 2, // 4: criu.cg_controller_entry.dirs:type_name -> criu.cgroup_dir_entry + 4, // 5: criu.cg_set_entry.ctls:type_name -> criu.cg_member_entry + 5, // 6: criu.cgroup_entry.sets:type_name -> criu.cg_set_entry + 3, // 7: criu.cgroup_entry.controllers:type_name -> criu.cg_controller_entry + 8, // [8:8] is the sub-list for method output_type + 8, // [8:8] is the sub-list for method input_type + 8, // [8:8] is the sub-list for extension type_name + 8, // [8:8] is the sub-list for extension extendee + 0, // [0:8] is the sub-list for field type_name +} + +func init() { file_cgroup_proto_init() } +func file_cgroup_proto_init() { + if File_cgroup_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_cgroup_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*CgroupPerms); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_cgroup_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*CgroupPropEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_cgroup_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*CgroupDirEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_cgroup_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*CgControllerEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_cgroup_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*CgMemberEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_cgroup_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*CgSetEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_cgroup_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*CgroupEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_cgroup_proto_rawDesc, + NumEnums: 0, + NumMessages: 7, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_cgroup_proto_goTypes, + DependencyIndexes: file_cgroup_proto_depIdxs, + MessageInfos: file_cgroup_proto_msgTypes, + }.Build() + File_cgroup_proto = out.File + file_cgroup_proto_rawDesc = nil + file_cgroup_proto_goTypes = nil + file_cgroup_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/cgroup.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/cgroup.proto new file mode 100644 index 00000000000..d89ebabdf93 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/cgroup.proto @@ -0,0 +1,44 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +message cgroup_perms { + required uint32 mode = 1; + required uint32 uid = 2; + required uint32 gid = 3; +} + +message cgroup_prop_entry { + required string name = 1; + required string value = 2; + optional cgroup_perms perms = 3; +} + +message cgroup_dir_entry { + required string dir_name = 1; + repeated cgroup_dir_entry children = 2; + repeated cgroup_prop_entry properties = 3; + optional cgroup_perms dir_perms = 4; +} + +message cg_controller_entry { + repeated string cnames = 1; + repeated cgroup_dir_entry dirs = 2; +} + +message cg_member_entry { + required string name = 1; + required string path = 2; + optional uint32 cgns_prefix = 3; +} + +message cg_set_entry { + required uint32 id = 1; + repeated cg_member_entry ctls = 2; +} + +message cgroup_entry { + repeated cg_set_entry sets = 1; + repeated cg_controller_entry controllers = 2; +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-aarch64.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-aarch64.pb.go new file mode 100644 index 00000000000..23ea4b30240 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-aarch64.pb.go @@ -0,0 +1,354 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: core-aarch64.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type UserAarch64RegsEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Regs []uint64 `protobuf:"varint,1,rep,name=regs" json:"regs,omitempty"` + Sp *uint64 `protobuf:"varint,2,req,name=sp" json:"sp,omitempty"` + Pc *uint64 `protobuf:"varint,3,req,name=pc" json:"pc,omitempty"` + Pstate *uint64 `protobuf:"varint,4,req,name=pstate" json:"pstate,omitempty"` +} + +func (x *UserAarch64RegsEntry) Reset() { + *x = UserAarch64RegsEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_core_aarch64_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *UserAarch64RegsEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*UserAarch64RegsEntry) ProtoMessage() {} + +func (x *UserAarch64RegsEntry) ProtoReflect() protoreflect.Message { + mi := &file_core_aarch64_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use UserAarch64RegsEntry.ProtoReflect.Descriptor instead. +func (*UserAarch64RegsEntry) Descriptor() ([]byte, []int) { + return file_core_aarch64_proto_rawDescGZIP(), []int{0} +} + +func (x *UserAarch64RegsEntry) GetRegs() []uint64 { + if x != nil { + return x.Regs + } + return nil +} + +func (x *UserAarch64RegsEntry) GetSp() uint64 { + if x != nil && x.Sp != nil { + return *x.Sp + } + return 0 +} + +func (x *UserAarch64RegsEntry) GetPc() uint64 { + if x != nil && x.Pc != nil { + return *x.Pc + } + return 0 +} + +func (x *UserAarch64RegsEntry) GetPstate() uint64 { + if x != nil && x.Pstate != nil { + return *x.Pstate + } + return 0 +} + +type UserAarch64FpsimdContextEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Vregs []uint64 `protobuf:"varint,1,rep,name=vregs" json:"vregs,omitempty"` + Fpsr *uint32 `protobuf:"varint,2,req,name=fpsr" json:"fpsr,omitempty"` + Fpcr *uint32 `protobuf:"varint,3,req,name=fpcr" json:"fpcr,omitempty"` +} + +func (x *UserAarch64FpsimdContextEntry) Reset() { + *x = UserAarch64FpsimdContextEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_core_aarch64_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *UserAarch64FpsimdContextEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*UserAarch64FpsimdContextEntry) ProtoMessage() {} + +func (x *UserAarch64FpsimdContextEntry) ProtoReflect() protoreflect.Message { + mi := &file_core_aarch64_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use UserAarch64FpsimdContextEntry.ProtoReflect.Descriptor instead. +func (*UserAarch64FpsimdContextEntry) Descriptor() ([]byte, []int) { + return file_core_aarch64_proto_rawDescGZIP(), []int{1} +} + +func (x *UserAarch64FpsimdContextEntry) GetVregs() []uint64 { + if x != nil { + return x.Vregs + } + return nil +} + +func (x *UserAarch64FpsimdContextEntry) GetFpsr() uint32 { + if x != nil && x.Fpsr != nil { + return *x.Fpsr + } + return 0 +} + +func (x *UserAarch64FpsimdContextEntry) GetFpcr() uint32 { + if x != nil && x.Fpcr != nil { + return *x.Fpcr + } + return 0 +} + +type ThreadInfoAarch64 struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + ClearTidAddr *uint64 `protobuf:"varint,1,req,name=clear_tid_addr,json=clearTidAddr" json:"clear_tid_addr,omitempty"` + Tls *uint64 `protobuf:"varint,2,req,name=tls" json:"tls,omitempty"` + Gpregs *UserAarch64RegsEntry `protobuf:"bytes,3,req,name=gpregs" json:"gpregs,omitempty"` + Fpsimd *UserAarch64FpsimdContextEntry `protobuf:"bytes,4,req,name=fpsimd" json:"fpsimd,omitempty"` +} + +func (x *ThreadInfoAarch64) Reset() { + *x = ThreadInfoAarch64{} + if protoimpl.UnsafeEnabled { + mi := &file_core_aarch64_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ThreadInfoAarch64) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ThreadInfoAarch64) ProtoMessage() {} + +func (x *ThreadInfoAarch64) ProtoReflect() protoreflect.Message { + mi := &file_core_aarch64_proto_msgTypes[2] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ThreadInfoAarch64.ProtoReflect.Descriptor instead. +func (*ThreadInfoAarch64) Descriptor() ([]byte, []int) { + return file_core_aarch64_proto_rawDescGZIP(), []int{2} +} + +func (x *ThreadInfoAarch64) GetClearTidAddr() uint64 { + if x != nil && x.ClearTidAddr != nil { + return *x.ClearTidAddr + } + return 0 +} + +func (x *ThreadInfoAarch64) GetTls() uint64 { + if x != nil && x.Tls != nil { + return *x.Tls + } + return 0 +} + +func (x *ThreadInfoAarch64) GetGpregs() *UserAarch64RegsEntry { + if x != nil { + return x.Gpregs + } + return nil +} + +func (x *ThreadInfoAarch64) GetFpsimd() *UserAarch64FpsimdContextEntry { + if x != nil { + return x.Fpsimd + } + return nil +} + +var File_core_aarch64_proto protoreflect.FileDescriptor + +var file_core_aarch64_proto_rawDesc = []byte{ + 0x0a, 0x12, 0x63, 0x6f, 0x72, 0x65, 0x2d, 0x61, 0x61, 0x72, 0x63, 0x68, 0x36, 0x34, 0x2e, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x63, 0x72, 0x69, 0x75, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x65, 0x0a, 0x17, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x61, + 0x61, 0x72, 0x63, 0x68, 0x36, 0x34, 0x5f, 0x72, 0x65, 0x67, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, + 0x79, 0x12, 0x12, 0x0a, 0x04, 0x72, 0x65, 0x67, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x04, 0x52, + 0x04, 0x72, 0x65, 0x67, 0x73, 0x12, 0x0e, 0x0a, 0x02, 0x73, 0x70, 0x18, 0x02, 0x20, 0x02, 0x28, + 0x04, 0x52, 0x02, 0x73, 0x70, 0x12, 0x0e, 0x0a, 0x02, 0x70, 0x63, 0x18, 0x03, 0x20, 0x02, 0x28, + 0x04, 0x52, 0x02, 0x70, 0x63, 0x12, 0x16, 0x0a, 0x06, 0x70, 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, + 0x04, 0x20, 0x02, 0x28, 0x04, 0x52, 0x06, 0x70, 0x73, 0x74, 0x61, 0x74, 0x65, 0x22, 0x61, 0x0a, + 0x21, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x61, 0x61, 0x72, 0x63, 0x68, 0x36, 0x34, 0x5f, 0x66, 0x70, + 0x73, 0x69, 0x6d, 0x64, 0x5f, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x5f, 0x65, 0x6e, 0x74, + 0x72, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x72, 0x65, 0x67, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, + 0x04, 0x52, 0x05, 0x76, 0x72, 0x65, 0x67, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x66, 0x70, 0x73, 0x72, + 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x66, 0x70, 0x73, 0x72, 0x12, 0x12, 0x0a, 0x04, + 0x66, 0x70, 0x63, 0x72, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x66, 0x70, 0x63, 0x72, + 0x22, 0xd3, 0x01, 0x0a, 0x13, 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x69, 0x6e, 0x66, 0x6f, + 0x5f, 0x61, 0x61, 0x72, 0x63, 0x68, 0x36, 0x34, 0x12, 0x2b, 0x0a, 0x0e, 0x63, 0x6c, 0x65, 0x61, + 0x72, 0x5f, 0x74, 0x69, 0x64, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, + 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x0c, 0x63, 0x6c, 0x65, 0x61, 0x72, 0x54, 0x69, + 0x64, 0x41, 0x64, 0x64, 0x72, 0x12, 0x10, 0x0a, 0x03, 0x74, 0x6c, 0x73, 0x18, 0x02, 0x20, 0x02, + 0x28, 0x04, 0x52, 0x03, 0x74, 0x6c, 0x73, 0x12, 0x3c, 0x0a, 0x06, 0x67, 0x70, 0x72, 0x65, 0x67, + 0x73, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x75, + 0x73, 0x65, 0x72, 0x5f, 0x61, 0x61, 0x72, 0x63, 0x68, 0x36, 0x34, 0x5f, 0x72, 0x65, 0x67, 0x73, + 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x06, 0x67, + 0x70, 0x72, 0x65, 0x67, 0x73, 0x12, 0x3f, 0x0a, 0x06, 0x66, 0x70, 0x73, 0x69, 0x6d, 0x64, 0x18, + 0x04, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x75, 0x73, 0x65, + 0x72, 0x5f, 0x61, 0x61, 0x72, 0x63, 0x68, 0x36, 0x34, 0x5f, 0x66, 0x70, 0x73, 0x69, 0x6d, 0x64, + 0x5f, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x06, + 0x66, 0x70, 0x73, 0x69, 0x6d, 0x64, +} + +var ( + file_core_aarch64_proto_rawDescOnce sync.Once + file_core_aarch64_proto_rawDescData = file_core_aarch64_proto_rawDesc +) + +func file_core_aarch64_proto_rawDescGZIP() []byte { + file_core_aarch64_proto_rawDescOnce.Do(func() { + file_core_aarch64_proto_rawDescData = protoimpl.X.CompressGZIP(file_core_aarch64_proto_rawDescData) + }) + return file_core_aarch64_proto_rawDescData +} + +var file_core_aarch64_proto_msgTypes = make([]protoimpl.MessageInfo, 3) +var file_core_aarch64_proto_goTypes = []interface{}{ + (*UserAarch64RegsEntry)(nil), // 0: criu.user_aarch64_regs_entry + (*UserAarch64FpsimdContextEntry)(nil), // 1: criu.user_aarch64_fpsimd_context_entry + (*ThreadInfoAarch64)(nil), // 2: criu.thread_info_aarch64 +} +var file_core_aarch64_proto_depIdxs = []int32{ + 0, // 0: criu.thread_info_aarch64.gpregs:type_name -> criu.user_aarch64_regs_entry + 1, // 1: criu.thread_info_aarch64.fpsimd:type_name -> criu.user_aarch64_fpsimd_context_entry + 2, // [2:2] is the sub-list for method output_type + 2, // [2:2] is the sub-list for method input_type + 2, // [2:2] is the sub-list for extension type_name + 2, // [2:2] is the sub-list for extension extendee + 0, // [0:2] is the sub-list for field type_name +} + +func init() { file_core_aarch64_proto_init() } +func file_core_aarch64_proto_init() { + if File_core_aarch64_proto != nil { + return + } + file_opts_proto_init() + if !protoimpl.UnsafeEnabled { + file_core_aarch64_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*UserAarch64RegsEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_core_aarch64_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*UserAarch64FpsimdContextEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_core_aarch64_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ThreadInfoAarch64); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_core_aarch64_proto_rawDesc, + NumEnums: 0, + NumMessages: 3, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_core_aarch64_proto_goTypes, + DependencyIndexes: file_core_aarch64_proto_depIdxs, + MessageInfos: file_core_aarch64_proto_msgTypes, + }.Build() + File_core_aarch64_proto = out.File + file_core_aarch64_proto_rawDesc = nil + file_core_aarch64_proto_goTypes = nil + file_core_aarch64_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-aarch64.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-aarch64.proto new file mode 100644 index 00000000000..45d6d99b7f7 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-aarch64.proto @@ -0,0 +1,26 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +import "opts.proto"; + +message user_aarch64_regs_entry { + repeated uint64 regs = 1; + required uint64 sp = 2; + required uint64 pc = 3; + required uint64 pstate = 4; +} + +message user_aarch64_fpsimd_context_entry { + repeated uint64 vregs = 1; + required uint32 fpsr = 2; + required uint32 fpcr = 3; +} + +message thread_info_aarch64 { + required uint64 clear_tid_addr = 1[(criu).hex = true]; + required uint64 tls = 2; + required user_aarch64_regs_entry gpregs = 3[(criu).hex = true]; + required user_aarch64_fpsimd_context_entry fpsimd = 4; +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-arm.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-arm.pb.go new file mode 100644 index 00000000000..0414c0606cd --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-arm.pb.go @@ -0,0 +1,498 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: core-arm.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type UserArmRegsEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + R0 *uint32 `protobuf:"varint,1,req,name=r0" json:"r0,omitempty"` + R1 *uint32 `protobuf:"varint,2,req,name=r1" json:"r1,omitempty"` + R2 *uint32 `protobuf:"varint,3,req,name=r2" json:"r2,omitempty"` + R3 *uint32 `protobuf:"varint,4,req,name=r3" json:"r3,omitempty"` + R4 *uint32 `protobuf:"varint,5,req,name=r4" json:"r4,omitempty"` + R5 *uint32 `protobuf:"varint,6,req,name=r5" json:"r5,omitempty"` + R6 *uint32 `protobuf:"varint,7,req,name=r6" json:"r6,omitempty"` + R7 *uint32 `protobuf:"varint,8,req,name=r7" json:"r7,omitempty"` + R8 *uint32 `protobuf:"varint,9,req,name=r8" json:"r8,omitempty"` + R9 *uint32 `protobuf:"varint,10,req,name=r9" json:"r9,omitempty"` + R10 *uint32 `protobuf:"varint,11,req,name=r10" json:"r10,omitempty"` + Fp *uint32 `protobuf:"varint,12,req,name=fp" json:"fp,omitempty"` + Ip *uint32 `protobuf:"varint,13,req,name=ip" json:"ip,omitempty"` + Sp *uint32 `protobuf:"varint,14,req,name=sp" json:"sp,omitempty"` + Lr *uint32 `protobuf:"varint,15,req,name=lr" json:"lr,omitempty"` + Pc *uint32 `protobuf:"varint,16,req,name=pc" json:"pc,omitempty"` + Cpsr *uint32 `protobuf:"varint,17,req,name=cpsr" json:"cpsr,omitempty"` + OrigR0 *uint32 `protobuf:"varint,18,req,name=orig_r0,json=origR0" json:"orig_r0,omitempty"` +} + +func (x *UserArmRegsEntry) Reset() { + *x = UserArmRegsEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_core_arm_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *UserArmRegsEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*UserArmRegsEntry) ProtoMessage() {} + +func (x *UserArmRegsEntry) ProtoReflect() protoreflect.Message { + mi := &file_core_arm_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use UserArmRegsEntry.ProtoReflect.Descriptor instead. +func (*UserArmRegsEntry) Descriptor() ([]byte, []int) { + return file_core_arm_proto_rawDescGZIP(), []int{0} +} + +func (x *UserArmRegsEntry) GetR0() uint32 { + if x != nil && x.R0 != nil { + return *x.R0 + } + return 0 +} + +func (x *UserArmRegsEntry) GetR1() uint32 { + if x != nil && x.R1 != nil { + return *x.R1 + } + return 0 +} + +func (x *UserArmRegsEntry) GetR2() uint32 { + if x != nil && x.R2 != nil { + return *x.R2 + } + return 0 +} + +func (x *UserArmRegsEntry) GetR3() uint32 { + if x != nil && x.R3 != nil { + return *x.R3 + } + return 0 +} + +func (x *UserArmRegsEntry) GetR4() uint32 { + if x != nil && x.R4 != nil { + return *x.R4 + } + return 0 +} + +func (x *UserArmRegsEntry) GetR5() uint32 { + if x != nil && x.R5 != nil { + return *x.R5 + } + return 0 +} + +func (x *UserArmRegsEntry) GetR6() uint32 { + if x != nil && x.R6 != nil { + return *x.R6 + } + return 0 +} + +func (x *UserArmRegsEntry) GetR7() uint32 { + if x != nil && x.R7 != nil { + return *x.R7 + } + return 0 +} + +func (x *UserArmRegsEntry) GetR8() uint32 { + if x != nil && x.R8 != nil { + return *x.R8 + } + return 0 +} + +func (x *UserArmRegsEntry) GetR9() uint32 { + if x != nil && x.R9 != nil { + return *x.R9 + } + return 0 +} + +func (x *UserArmRegsEntry) GetR10() uint32 { + if x != nil && x.R10 != nil { + return *x.R10 + } + return 0 +} + +func (x *UserArmRegsEntry) GetFp() uint32 { + if x != nil && x.Fp != nil { + return *x.Fp + } + return 0 +} + +func (x *UserArmRegsEntry) GetIp() uint32 { + if x != nil && x.Ip != nil { + return *x.Ip + } + return 0 +} + +func (x *UserArmRegsEntry) GetSp() uint32 { + if x != nil && x.Sp != nil { + return *x.Sp + } + return 0 +} + +func (x *UserArmRegsEntry) GetLr() uint32 { + if x != nil && x.Lr != nil { + return *x.Lr + } + return 0 +} + +func (x *UserArmRegsEntry) GetPc() uint32 { + if x != nil && x.Pc != nil { + return *x.Pc + } + return 0 +} + +func (x *UserArmRegsEntry) GetCpsr() uint32 { + if x != nil && x.Cpsr != nil { + return *x.Cpsr + } + return 0 +} + +func (x *UserArmRegsEntry) GetOrigR0() uint32 { + if x != nil && x.OrigR0 != nil { + return *x.OrigR0 + } + return 0 +} + +type UserArmVfpstateEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + VfpRegs []uint64 `protobuf:"varint,1,rep,name=vfp_regs,json=vfpRegs" json:"vfp_regs,omitempty"` + Fpscr *uint32 `protobuf:"varint,2,req,name=fpscr" json:"fpscr,omitempty"` + Fpexc *uint32 `protobuf:"varint,3,req,name=fpexc" json:"fpexc,omitempty"` + Fpinst *uint32 `protobuf:"varint,4,req,name=fpinst" json:"fpinst,omitempty"` + Fpinst2 *uint32 `protobuf:"varint,5,req,name=fpinst2" json:"fpinst2,omitempty"` +} + +func (x *UserArmVfpstateEntry) Reset() { + *x = UserArmVfpstateEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_core_arm_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *UserArmVfpstateEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*UserArmVfpstateEntry) ProtoMessage() {} + +func (x *UserArmVfpstateEntry) ProtoReflect() protoreflect.Message { + mi := &file_core_arm_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use UserArmVfpstateEntry.ProtoReflect.Descriptor instead. +func (*UserArmVfpstateEntry) Descriptor() ([]byte, []int) { + return file_core_arm_proto_rawDescGZIP(), []int{1} +} + +func (x *UserArmVfpstateEntry) GetVfpRegs() []uint64 { + if x != nil { + return x.VfpRegs + } + return nil +} + +func (x *UserArmVfpstateEntry) GetFpscr() uint32 { + if x != nil && x.Fpscr != nil { + return *x.Fpscr + } + return 0 +} + +func (x *UserArmVfpstateEntry) GetFpexc() uint32 { + if x != nil && x.Fpexc != nil { + return *x.Fpexc + } + return 0 +} + +func (x *UserArmVfpstateEntry) GetFpinst() uint32 { + if x != nil && x.Fpinst != nil { + return *x.Fpinst + } + return 0 +} + +func (x *UserArmVfpstateEntry) GetFpinst2() uint32 { + if x != nil && x.Fpinst2 != nil { + return *x.Fpinst2 + } + return 0 +} + +type ThreadInfoArm struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + ClearTidAddr *uint64 `protobuf:"varint,1,req,name=clear_tid_addr,json=clearTidAddr" json:"clear_tid_addr,omitempty"` + Tls *uint32 `protobuf:"varint,2,req,name=tls" json:"tls,omitempty"` + Gpregs *UserArmRegsEntry `protobuf:"bytes,3,req,name=gpregs" json:"gpregs,omitempty"` + Fpstate *UserArmVfpstateEntry `protobuf:"bytes,4,req,name=fpstate" json:"fpstate,omitempty"` +} + +func (x *ThreadInfoArm) Reset() { + *x = ThreadInfoArm{} + if protoimpl.UnsafeEnabled { + mi := &file_core_arm_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ThreadInfoArm) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ThreadInfoArm) ProtoMessage() {} + +func (x *ThreadInfoArm) ProtoReflect() protoreflect.Message { + mi := &file_core_arm_proto_msgTypes[2] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ThreadInfoArm.ProtoReflect.Descriptor instead. +func (*ThreadInfoArm) Descriptor() ([]byte, []int) { + return file_core_arm_proto_rawDescGZIP(), []int{2} +} + +func (x *ThreadInfoArm) GetClearTidAddr() uint64 { + if x != nil && x.ClearTidAddr != nil { + return *x.ClearTidAddr + } + return 0 +} + +func (x *ThreadInfoArm) GetTls() uint32 { + if x != nil && x.Tls != nil { + return *x.Tls + } + return 0 +} + +func (x *ThreadInfoArm) GetGpregs() *UserArmRegsEntry { + if x != nil { + return x.Gpregs + } + return nil +} + +func (x *ThreadInfoArm) GetFpstate() *UserArmVfpstateEntry { + if x != nil { + return x.Fpstate + } + return nil +} + +var File_core_arm_proto protoreflect.FileDescriptor + +var file_core_arm_proto_rawDesc = []byte{ + 0x0a, 0x0e, 0x63, 0x6f, 0x72, 0x65, 0x2d, 0x61, 0x72, 0x6d, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x12, 0x04, 0x63, 0x72, 0x69, 0x75, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x22, 0xc4, 0x02, 0x0a, 0x13, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x61, 0x72, 0x6d, 0x5f, + 0x72, 0x65, 0x67, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x30, + 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x72, 0x30, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x31, + 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x72, 0x31, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x32, + 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x72, 0x32, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x33, + 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x72, 0x33, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x34, + 0x18, 0x05, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x72, 0x34, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x35, + 0x18, 0x06, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x72, 0x35, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x36, + 0x18, 0x07, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x72, 0x36, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x37, + 0x18, 0x08, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x72, 0x37, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x38, + 0x18, 0x09, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x72, 0x38, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x39, + 0x18, 0x0a, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x72, 0x39, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, + 0x30, 0x18, 0x0b, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, 0x72, 0x31, 0x30, 0x12, 0x0e, 0x0a, 0x02, + 0x66, 0x70, 0x18, 0x0c, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x66, 0x70, 0x12, 0x0e, 0x0a, 0x02, + 0x69, 0x70, 0x18, 0x0d, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x70, 0x12, 0x0e, 0x0a, 0x02, + 0x73, 0x70, 0x18, 0x0e, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x73, 0x70, 0x12, 0x0e, 0x0a, 0x02, + 0x6c, 0x72, 0x18, 0x0f, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x6c, 0x72, 0x12, 0x0e, 0x0a, 0x02, + 0x70, 0x63, 0x18, 0x10, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x70, 0x63, 0x12, 0x12, 0x0a, 0x04, + 0x63, 0x70, 0x73, 0x72, 0x18, 0x11, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x63, 0x70, 0x73, 0x72, + 0x12, 0x17, 0x0a, 0x07, 0x6f, 0x72, 0x69, 0x67, 0x5f, 0x72, 0x30, 0x18, 0x12, 0x20, 0x02, 0x28, + 0x0d, 0x52, 0x06, 0x6f, 0x72, 0x69, 0x67, 0x52, 0x30, 0x22, 0x92, 0x01, 0x0a, 0x17, 0x75, 0x73, + 0x65, 0x72, 0x5f, 0x61, 0x72, 0x6d, 0x5f, 0x76, 0x66, 0x70, 0x73, 0x74, 0x61, 0x74, 0x65, 0x5f, + 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x19, 0x0a, 0x08, 0x76, 0x66, 0x70, 0x5f, 0x72, 0x65, 0x67, + 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x04, 0x52, 0x07, 0x76, 0x66, 0x70, 0x52, 0x65, 0x67, 0x73, + 0x12, 0x14, 0x0a, 0x05, 0x66, 0x70, 0x73, 0x63, 0x72, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, + 0x05, 0x66, 0x70, 0x73, 0x63, 0x72, 0x12, 0x14, 0x0a, 0x05, 0x66, 0x70, 0x65, 0x78, 0x63, 0x18, + 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x66, 0x70, 0x65, 0x78, 0x63, 0x12, 0x16, 0x0a, 0x06, + 0x66, 0x70, 0x69, 0x6e, 0x73, 0x74, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x06, 0x66, 0x70, + 0x69, 0x6e, 0x73, 0x74, 0x12, 0x18, 0x0a, 0x07, 0x66, 0x70, 0x69, 0x6e, 0x73, 0x74, 0x32, 0x18, + 0x05, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x66, 0x70, 0x69, 0x6e, 0x73, 0x74, 0x32, 0x22, 0xc3, + 0x01, 0x0a, 0x0f, 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x61, + 0x72, 0x6d, 0x12, 0x2b, 0x0a, 0x0e, 0x63, 0x6c, 0x65, 0x61, 0x72, 0x5f, 0x74, 0x69, 0x64, 0x5f, + 0x61, 0x64, 0x64, 0x72, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, + 0x01, 0x52, 0x0c, 0x63, 0x6c, 0x65, 0x61, 0x72, 0x54, 0x69, 0x64, 0x41, 0x64, 0x64, 0x72, 0x12, + 0x10, 0x0a, 0x03, 0x74, 0x6c, 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, 0x74, 0x6c, + 0x73, 0x12, 0x38, 0x0a, 0x06, 0x67, 0x70, 0x72, 0x65, 0x67, 0x73, 0x18, 0x03, 0x20, 0x02, 0x28, + 0x0b, 0x32, 0x19, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x61, 0x72, + 0x6d, 0x5f, 0x72, 0x65, 0x67, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x42, 0x05, 0xd2, 0x3f, + 0x02, 0x08, 0x01, 0x52, 0x06, 0x67, 0x70, 0x72, 0x65, 0x67, 0x73, 0x12, 0x37, 0x0a, 0x07, 0x66, + 0x70, 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x63, + 0x72, 0x69, 0x75, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x61, 0x72, 0x6d, 0x5f, 0x76, 0x66, 0x70, + 0x73, 0x74, 0x61, 0x74, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x66, 0x70, 0x73, + 0x74, 0x61, 0x74, 0x65, +} + +var ( + file_core_arm_proto_rawDescOnce sync.Once + file_core_arm_proto_rawDescData = file_core_arm_proto_rawDesc +) + +func file_core_arm_proto_rawDescGZIP() []byte { + file_core_arm_proto_rawDescOnce.Do(func() { + file_core_arm_proto_rawDescData = protoimpl.X.CompressGZIP(file_core_arm_proto_rawDescData) + }) + return file_core_arm_proto_rawDescData +} + +var file_core_arm_proto_msgTypes = make([]protoimpl.MessageInfo, 3) +var file_core_arm_proto_goTypes = []interface{}{ + (*UserArmRegsEntry)(nil), // 0: criu.user_arm_regs_entry + (*UserArmVfpstateEntry)(nil), // 1: criu.user_arm_vfpstate_entry + (*ThreadInfoArm)(nil), // 2: criu.thread_info_arm +} +var file_core_arm_proto_depIdxs = []int32{ + 0, // 0: criu.thread_info_arm.gpregs:type_name -> criu.user_arm_regs_entry + 1, // 1: criu.thread_info_arm.fpstate:type_name -> criu.user_arm_vfpstate_entry + 2, // [2:2] is the sub-list for method output_type + 2, // [2:2] is the sub-list for method input_type + 2, // [2:2] is the sub-list for extension type_name + 2, // [2:2] is the sub-list for extension extendee + 0, // [0:2] is the sub-list for field type_name +} + +func init() { file_core_arm_proto_init() } +func file_core_arm_proto_init() { + if File_core_arm_proto != nil { + return + } + file_opts_proto_init() + if !protoimpl.UnsafeEnabled { + file_core_arm_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*UserArmRegsEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_core_arm_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*UserArmVfpstateEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_core_arm_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ThreadInfoArm); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_core_arm_proto_rawDesc, + NumEnums: 0, + NumMessages: 3, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_core_arm_proto_goTypes, + DependencyIndexes: file_core_arm_proto_depIdxs, + MessageInfos: file_core_arm_proto_msgTypes, + }.Build() + File_core_arm_proto = out.File + file_core_arm_proto_rawDesc = nil + file_core_arm_proto_goTypes = nil + file_core_arm_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-arm.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-arm.proto new file mode 100644 index 00000000000..3562c5a64e8 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-arm.proto @@ -0,0 +1,42 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +import "opts.proto"; + +message user_arm_regs_entry { + required uint32 r0 = 1; + required uint32 r1 = 2; + required uint32 r2 = 3; + required uint32 r3 = 4; + required uint32 r4 = 5; + required uint32 r5 = 6; + required uint32 r6 = 7; + required uint32 r7 = 8; + required uint32 r8 = 9; + required uint32 r9 = 10; + required uint32 r10 = 11; + required uint32 fp = 12; + required uint32 ip = 13; + required uint32 sp = 14; + required uint32 lr = 15; + required uint32 pc = 16; + required uint32 cpsr = 17; + required uint32 orig_r0 = 18; +} + +message user_arm_vfpstate_entry { + repeated uint64 vfp_regs = 1; + required uint32 fpscr = 2; + required uint32 fpexc = 3; + required uint32 fpinst = 4; + required uint32 fpinst2 = 5; +} + +message thread_info_arm { + required uint64 clear_tid_addr = 1[(criu).hex = true]; + required uint32 tls = 2; + required user_arm_regs_entry gpregs = 3[(criu).hex = true]; + required user_arm_vfpstate_entry fpstate = 4; +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-mips.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-mips.pb.go new file mode 100644 index 00000000000..963d7bb265b --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-mips.pb.go @@ -0,0 +1,964 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: core-mips.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type UserMipsRegsEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + R0 *uint64 `protobuf:"varint,1,req,name=r0" json:"r0,omitempty"` + R1 *uint64 `protobuf:"varint,2,req,name=r1" json:"r1,omitempty"` + R2 *uint64 `protobuf:"varint,3,req,name=r2" json:"r2,omitempty"` + R3 *uint64 `protobuf:"varint,4,req,name=r3" json:"r3,omitempty"` + R4 *uint64 `protobuf:"varint,5,req,name=r4" json:"r4,omitempty"` + R5 *uint64 `protobuf:"varint,6,req,name=r5" json:"r5,omitempty"` + R6 *uint64 `protobuf:"varint,7,req,name=r6" json:"r6,omitempty"` + R7 *uint64 `protobuf:"varint,8,req,name=r7" json:"r7,omitempty"` + R8 *uint64 `protobuf:"varint,9,req,name=r8" json:"r8,omitempty"` + R9 *uint64 `protobuf:"varint,10,req,name=r9" json:"r9,omitempty"` + R10 *uint64 `protobuf:"varint,11,req,name=r10" json:"r10,omitempty"` + R11 *uint64 `protobuf:"varint,12,req,name=r11" json:"r11,omitempty"` + R12 *uint64 `protobuf:"varint,13,req,name=r12" json:"r12,omitempty"` + R13 *uint64 `protobuf:"varint,14,req,name=r13" json:"r13,omitempty"` + R14 *uint64 `protobuf:"varint,15,req,name=r14" json:"r14,omitempty"` + R15 *uint64 `protobuf:"varint,16,req,name=r15" json:"r15,omitempty"` + R16 *uint64 `protobuf:"varint,17,req,name=r16" json:"r16,omitempty"` + R17 *uint64 `protobuf:"varint,18,req,name=r17" json:"r17,omitempty"` + R18 *uint64 `protobuf:"varint,19,req,name=r18" json:"r18,omitempty"` + R19 *uint64 `protobuf:"varint,20,req,name=r19" json:"r19,omitempty"` + R20 *uint64 `protobuf:"varint,21,req,name=r20" json:"r20,omitempty"` + R21 *uint64 `protobuf:"varint,22,req,name=r21" json:"r21,omitempty"` + R22 *uint64 `protobuf:"varint,23,req,name=r22" json:"r22,omitempty"` + R23 *uint64 `protobuf:"varint,24,req,name=r23" json:"r23,omitempty"` + R24 *uint64 `protobuf:"varint,25,req,name=r24" json:"r24,omitempty"` + R25 *uint64 `protobuf:"varint,26,req,name=r25" json:"r25,omitempty"` + R26 *uint64 `protobuf:"varint,27,req,name=r26" json:"r26,omitempty"` + R27 *uint64 `protobuf:"varint,28,req,name=r27" json:"r27,omitempty"` + R28 *uint64 `protobuf:"varint,29,req,name=r28" json:"r28,omitempty"` + R29 *uint64 `protobuf:"varint,30,req,name=r29" json:"r29,omitempty"` + R30 *uint64 `protobuf:"varint,31,req,name=r30" json:"r30,omitempty"` + R31 *uint64 `protobuf:"varint,32,req,name=r31" json:"r31,omitempty"` + Lo *uint64 `protobuf:"varint,33,req,name=lo" json:"lo,omitempty"` + Hi *uint64 `protobuf:"varint,34,req,name=hi" json:"hi,omitempty"` + Cp0Epc *uint64 `protobuf:"varint,35,req,name=cp0_epc,json=cp0Epc" json:"cp0_epc,omitempty"` + Cp0Badvaddr *uint64 `protobuf:"varint,36,req,name=cp0_badvaddr,json=cp0Badvaddr" json:"cp0_badvaddr,omitempty"` + Cp0Status *uint64 `protobuf:"varint,37,req,name=cp0_status,json=cp0Status" json:"cp0_status,omitempty"` + Cp0Cause *uint64 `protobuf:"varint,38,req,name=cp0_cause,json=cp0Cause" json:"cp0_cause,omitempty"` +} + +func (x *UserMipsRegsEntry) Reset() { + *x = UserMipsRegsEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_core_mips_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *UserMipsRegsEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*UserMipsRegsEntry) ProtoMessage() {} + +func (x *UserMipsRegsEntry) ProtoReflect() protoreflect.Message { + mi := &file_core_mips_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use UserMipsRegsEntry.ProtoReflect.Descriptor instead. +func (*UserMipsRegsEntry) Descriptor() ([]byte, []int) { + return file_core_mips_proto_rawDescGZIP(), []int{0} +} + +func (x *UserMipsRegsEntry) GetR0() uint64 { + if x != nil && x.R0 != nil { + return *x.R0 + } + return 0 +} + +func (x *UserMipsRegsEntry) GetR1() uint64 { + if x != nil && x.R1 != nil { + return *x.R1 + } + return 0 +} + +func (x *UserMipsRegsEntry) GetR2() uint64 { + if x != nil && x.R2 != nil { + return *x.R2 + } + return 0 +} + +func (x *UserMipsRegsEntry) GetR3() uint64 { + if x != nil && x.R3 != nil { + return *x.R3 + } + return 0 +} + +func (x *UserMipsRegsEntry) GetR4() uint64 { + if x != nil && x.R4 != nil { + return *x.R4 + } + return 0 +} + +func (x *UserMipsRegsEntry) GetR5() uint64 { + if x != nil && x.R5 != nil { + return *x.R5 + } + return 0 +} + +func (x *UserMipsRegsEntry) GetR6() uint64 { + if x != nil && x.R6 != nil { + return *x.R6 + } + return 0 +} + +func (x *UserMipsRegsEntry) GetR7() uint64 { + if x != nil && x.R7 != nil { + return *x.R7 + } + return 0 +} + +func (x *UserMipsRegsEntry) GetR8() uint64 { + if x != nil && x.R8 != nil { + return *x.R8 + } + return 0 +} + +func (x *UserMipsRegsEntry) GetR9() uint64 { + if x != nil && x.R9 != nil { + return *x.R9 + } + return 0 +} + +func (x *UserMipsRegsEntry) GetR10() uint64 { + if x != nil && x.R10 != nil { + return *x.R10 + } + return 0 +} + +func (x *UserMipsRegsEntry) GetR11() uint64 { + if x != nil && x.R11 != nil { + return *x.R11 + } + return 0 +} + +func (x *UserMipsRegsEntry) GetR12() uint64 { + if x != nil && x.R12 != nil { + return *x.R12 + } + return 0 +} + +func (x *UserMipsRegsEntry) GetR13() uint64 { + if x != nil && x.R13 != nil { + return *x.R13 + } + return 0 +} + +func (x *UserMipsRegsEntry) GetR14() uint64 { + if x != nil && x.R14 != nil { + return *x.R14 + } + return 0 +} + +func (x *UserMipsRegsEntry) GetR15() uint64 { + if x != nil && x.R15 != nil { + return *x.R15 + } + return 0 +} + +func (x *UserMipsRegsEntry) GetR16() uint64 { + if x != nil && x.R16 != nil { + return *x.R16 + } + return 0 +} + +func (x *UserMipsRegsEntry) GetR17() uint64 { + if x != nil && x.R17 != nil { + return *x.R17 + } + return 0 +} + +func (x *UserMipsRegsEntry) GetR18() uint64 { + if x != nil && x.R18 != nil { + return *x.R18 + } + return 0 +} + +func (x *UserMipsRegsEntry) GetR19() uint64 { + if x != nil && x.R19 != nil { + return *x.R19 + } + return 0 +} + +func (x *UserMipsRegsEntry) GetR20() uint64 { + if x != nil && x.R20 != nil { + return *x.R20 + } + return 0 +} + +func (x *UserMipsRegsEntry) GetR21() uint64 { + if x != nil && x.R21 != nil { + return *x.R21 + } + return 0 +} + +func (x *UserMipsRegsEntry) GetR22() uint64 { + if x != nil && x.R22 != nil { + return *x.R22 + } + return 0 +} + +func (x *UserMipsRegsEntry) GetR23() uint64 { + if x != nil && x.R23 != nil { + return *x.R23 + } + return 0 +} + +func (x *UserMipsRegsEntry) GetR24() uint64 { + if x != nil && x.R24 != nil { + return *x.R24 + } + return 0 +} + +func (x *UserMipsRegsEntry) GetR25() uint64 { + if x != nil && x.R25 != nil { + return *x.R25 + } + return 0 +} + +func (x *UserMipsRegsEntry) GetR26() uint64 { + if x != nil && x.R26 != nil { + return *x.R26 + } + return 0 +} + +func (x *UserMipsRegsEntry) GetR27() uint64 { + if x != nil && x.R27 != nil { + return *x.R27 + } + return 0 +} + +func (x *UserMipsRegsEntry) GetR28() uint64 { + if x != nil && x.R28 != nil { + return *x.R28 + } + return 0 +} + +func (x *UserMipsRegsEntry) GetR29() uint64 { + if x != nil && x.R29 != nil { + return *x.R29 + } + return 0 +} + +func (x *UserMipsRegsEntry) GetR30() uint64 { + if x != nil && x.R30 != nil { + return *x.R30 + } + return 0 +} + +func (x *UserMipsRegsEntry) GetR31() uint64 { + if x != nil && x.R31 != nil { + return *x.R31 + } + return 0 +} + +func (x *UserMipsRegsEntry) GetLo() uint64 { + if x != nil && x.Lo != nil { + return *x.Lo + } + return 0 +} + +func (x *UserMipsRegsEntry) GetHi() uint64 { + if x != nil && x.Hi != nil { + return *x.Hi + } + return 0 +} + +func (x *UserMipsRegsEntry) GetCp0Epc() uint64 { + if x != nil && x.Cp0Epc != nil { + return *x.Cp0Epc + } + return 0 +} + +func (x *UserMipsRegsEntry) GetCp0Badvaddr() uint64 { + if x != nil && x.Cp0Badvaddr != nil { + return *x.Cp0Badvaddr + } + return 0 +} + +func (x *UserMipsRegsEntry) GetCp0Status() uint64 { + if x != nil && x.Cp0Status != nil { + return *x.Cp0Status + } + return 0 +} + +func (x *UserMipsRegsEntry) GetCp0Cause() uint64 { + if x != nil && x.Cp0Cause != nil { + return *x.Cp0Cause + } + return 0 +} + +type UserMipsFpregsEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + R0 *uint64 `protobuf:"varint,1,req,name=r0" json:"r0,omitempty"` + R1 *uint64 `protobuf:"varint,2,req,name=r1" json:"r1,omitempty"` + R2 *uint64 `protobuf:"varint,3,req,name=r2" json:"r2,omitempty"` + R3 *uint64 `protobuf:"varint,4,req,name=r3" json:"r3,omitempty"` + R4 *uint64 `protobuf:"varint,5,req,name=r4" json:"r4,omitempty"` + R5 *uint64 `protobuf:"varint,6,req,name=r5" json:"r5,omitempty"` + R6 *uint64 `protobuf:"varint,7,req,name=r6" json:"r6,omitempty"` + R7 *uint64 `protobuf:"varint,8,req,name=r7" json:"r7,omitempty"` + R8 *uint64 `protobuf:"varint,9,req,name=r8" json:"r8,omitempty"` + R9 *uint64 `protobuf:"varint,10,req,name=r9" json:"r9,omitempty"` + R10 *uint64 `protobuf:"varint,11,req,name=r10" json:"r10,omitempty"` + R11 *uint64 `protobuf:"varint,12,req,name=r11" json:"r11,omitempty"` + R12 *uint64 `protobuf:"varint,13,req,name=r12" json:"r12,omitempty"` + R13 *uint64 `protobuf:"varint,14,req,name=r13" json:"r13,omitempty"` + R14 *uint64 `protobuf:"varint,15,req,name=r14" json:"r14,omitempty"` + R15 *uint64 `protobuf:"varint,16,req,name=r15" json:"r15,omitempty"` + R16 *uint64 `protobuf:"varint,17,req,name=r16" json:"r16,omitempty"` + R17 *uint64 `protobuf:"varint,18,req,name=r17" json:"r17,omitempty"` + R18 *uint64 `protobuf:"varint,19,req,name=r18" json:"r18,omitempty"` + R19 *uint64 `protobuf:"varint,20,req,name=r19" json:"r19,omitempty"` + R20 *uint64 `protobuf:"varint,21,req,name=r20" json:"r20,omitempty"` + R21 *uint64 `protobuf:"varint,22,req,name=r21" json:"r21,omitempty"` + R22 *uint64 `protobuf:"varint,23,req,name=r22" json:"r22,omitempty"` + R23 *uint64 `protobuf:"varint,24,req,name=r23" json:"r23,omitempty"` + R24 *uint64 `protobuf:"varint,25,req,name=r24" json:"r24,omitempty"` + R25 *uint64 `protobuf:"varint,26,req,name=r25" json:"r25,omitempty"` + R26 *uint64 `protobuf:"varint,27,req,name=r26" json:"r26,omitempty"` + R27 *uint64 `protobuf:"varint,28,req,name=r27" json:"r27,omitempty"` + R28 *uint64 `protobuf:"varint,29,req,name=r28" json:"r28,omitempty"` + R29 *uint64 `protobuf:"varint,30,req,name=r29" json:"r29,omitempty"` + R30 *uint64 `protobuf:"varint,31,req,name=r30" json:"r30,omitempty"` + R31 *uint64 `protobuf:"varint,32,req,name=r31" json:"r31,omitempty"` + Lo *uint64 `protobuf:"varint,33,req,name=lo" json:"lo,omitempty"` + Hi *uint64 `protobuf:"varint,34,req,name=hi" json:"hi,omitempty"` + FpuFcr31 *uint32 `protobuf:"varint,35,req,name=fpu_fcr31,json=fpuFcr31" json:"fpu_fcr31,omitempty"` + FpuId *uint32 `protobuf:"varint,36,req,name=fpu_id,json=fpuId" json:"fpu_id,omitempty"` +} + +func (x *UserMipsFpregsEntry) Reset() { + *x = UserMipsFpregsEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_core_mips_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *UserMipsFpregsEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*UserMipsFpregsEntry) ProtoMessage() {} + +func (x *UserMipsFpregsEntry) ProtoReflect() protoreflect.Message { + mi := &file_core_mips_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use UserMipsFpregsEntry.ProtoReflect.Descriptor instead. +func (*UserMipsFpregsEntry) Descriptor() ([]byte, []int) { + return file_core_mips_proto_rawDescGZIP(), []int{1} +} + +func (x *UserMipsFpregsEntry) GetR0() uint64 { + if x != nil && x.R0 != nil { + return *x.R0 + } + return 0 +} + +func (x *UserMipsFpregsEntry) GetR1() uint64 { + if x != nil && x.R1 != nil { + return *x.R1 + } + return 0 +} + +func (x *UserMipsFpregsEntry) GetR2() uint64 { + if x != nil && x.R2 != nil { + return *x.R2 + } + return 0 +} + +func (x *UserMipsFpregsEntry) GetR3() uint64 { + if x != nil && x.R3 != nil { + return *x.R3 + } + return 0 +} + +func (x *UserMipsFpregsEntry) GetR4() uint64 { + if x != nil && x.R4 != nil { + return *x.R4 + } + return 0 +} + +func (x *UserMipsFpregsEntry) GetR5() uint64 { + if x != nil && x.R5 != nil { + return *x.R5 + } + return 0 +} + +func (x *UserMipsFpregsEntry) GetR6() uint64 { + if x != nil && x.R6 != nil { + return *x.R6 + } + return 0 +} + +func (x *UserMipsFpregsEntry) GetR7() uint64 { + if x != nil && x.R7 != nil { + return *x.R7 + } + return 0 +} + +func (x *UserMipsFpregsEntry) GetR8() uint64 { + if x != nil && x.R8 != nil { + return *x.R8 + } + return 0 +} + +func (x *UserMipsFpregsEntry) GetR9() uint64 { + if x != nil && x.R9 != nil { + return *x.R9 + } + return 0 +} + +func (x *UserMipsFpregsEntry) GetR10() uint64 { + if x != nil && x.R10 != nil { + return *x.R10 + } + return 0 +} + +func (x *UserMipsFpregsEntry) GetR11() uint64 { + if x != nil && x.R11 != nil { + return *x.R11 + } + return 0 +} + +func (x *UserMipsFpregsEntry) GetR12() uint64 { + if x != nil && x.R12 != nil { + return *x.R12 + } + return 0 +} + +func (x *UserMipsFpregsEntry) GetR13() uint64 { + if x != nil && x.R13 != nil { + return *x.R13 + } + return 0 +} + +func (x *UserMipsFpregsEntry) GetR14() uint64 { + if x != nil && x.R14 != nil { + return *x.R14 + } + return 0 +} + +func (x *UserMipsFpregsEntry) GetR15() uint64 { + if x != nil && x.R15 != nil { + return *x.R15 + } + return 0 +} + +func (x *UserMipsFpregsEntry) GetR16() uint64 { + if x != nil && x.R16 != nil { + return *x.R16 + } + return 0 +} + +func (x *UserMipsFpregsEntry) GetR17() uint64 { + if x != nil && x.R17 != nil { + return *x.R17 + } + return 0 +} + +func (x *UserMipsFpregsEntry) GetR18() uint64 { + if x != nil && x.R18 != nil { + return *x.R18 + } + return 0 +} + +func (x *UserMipsFpregsEntry) GetR19() uint64 { + if x != nil && x.R19 != nil { + return *x.R19 + } + return 0 +} + +func (x *UserMipsFpregsEntry) GetR20() uint64 { + if x != nil && x.R20 != nil { + return *x.R20 + } + return 0 +} + +func (x *UserMipsFpregsEntry) GetR21() uint64 { + if x != nil && x.R21 != nil { + return *x.R21 + } + return 0 +} + +func (x *UserMipsFpregsEntry) GetR22() uint64 { + if x != nil && x.R22 != nil { + return *x.R22 + } + return 0 +} + +func (x *UserMipsFpregsEntry) GetR23() uint64 { + if x != nil && x.R23 != nil { + return *x.R23 + } + return 0 +} + +func (x *UserMipsFpregsEntry) GetR24() uint64 { + if x != nil && x.R24 != nil { + return *x.R24 + } + return 0 +} + +func (x *UserMipsFpregsEntry) GetR25() uint64 { + if x != nil && x.R25 != nil { + return *x.R25 + } + return 0 +} + +func (x *UserMipsFpregsEntry) GetR26() uint64 { + if x != nil && x.R26 != nil { + return *x.R26 + } + return 0 +} + +func (x *UserMipsFpregsEntry) GetR27() uint64 { + if x != nil && x.R27 != nil { + return *x.R27 + } + return 0 +} + +func (x *UserMipsFpregsEntry) GetR28() uint64 { + if x != nil && x.R28 != nil { + return *x.R28 + } + return 0 +} + +func (x *UserMipsFpregsEntry) GetR29() uint64 { + if x != nil && x.R29 != nil { + return *x.R29 + } + return 0 +} + +func (x *UserMipsFpregsEntry) GetR30() uint64 { + if x != nil && x.R30 != nil { + return *x.R30 + } + return 0 +} + +func (x *UserMipsFpregsEntry) GetR31() uint64 { + if x != nil && x.R31 != nil { + return *x.R31 + } + return 0 +} + +func (x *UserMipsFpregsEntry) GetLo() uint64 { + if x != nil && x.Lo != nil { + return *x.Lo + } + return 0 +} + +func (x *UserMipsFpregsEntry) GetHi() uint64 { + if x != nil && x.Hi != nil { + return *x.Hi + } + return 0 +} + +func (x *UserMipsFpregsEntry) GetFpuFcr31() uint32 { + if x != nil && x.FpuFcr31 != nil { + return *x.FpuFcr31 + } + return 0 +} + +func (x *UserMipsFpregsEntry) GetFpuId() uint32 { + if x != nil && x.FpuId != nil { + return *x.FpuId + } + return 0 +} + +type ThreadInfoMips struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + ClearTidAddr *uint64 `protobuf:"varint,1,req,name=clear_tid_addr,json=clearTidAddr" json:"clear_tid_addr,omitempty"` + Tls *uint64 `protobuf:"varint,2,req,name=tls" json:"tls,omitempty"` + Gpregs *UserMipsRegsEntry `protobuf:"bytes,3,req,name=gpregs" json:"gpregs,omitempty"` + Fpregs *UserMipsFpregsEntry `protobuf:"bytes,4,req,name=fpregs" json:"fpregs,omitempty"` +} + +func (x *ThreadInfoMips) Reset() { + *x = ThreadInfoMips{} + if protoimpl.UnsafeEnabled { + mi := &file_core_mips_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ThreadInfoMips) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ThreadInfoMips) ProtoMessage() {} + +func (x *ThreadInfoMips) ProtoReflect() protoreflect.Message { + mi := &file_core_mips_proto_msgTypes[2] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ThreadInfoMips.ProtoReflect.Descriptor instead. +func (*ThreadInfoMips) Descriptor() ([]byte, []int) { + return file_core_mips_proto_rawDescGZIP(), []int{2} +} + +func (x *ThreadInfoMips) GetClearTidAddr() uint64 { + if x != nil && x.ClearTidAddr != nil { + return *x.ClearTidAddr + } + return 0 +} + +func (x *ThreadInfoMips) GetTls() uint64 { + if x != nil && x.Tls != nil { + return *x.Tls + } + return 0 +} + +func (x *ThreadInfoMips) GetGpregs() *UserMipsRegsEntry { + if x != nil { + return x.Gpregs + } + return nil +} + +func (x *ThreadInfoMips) GetFpregs() *UserMipsFpregsEntry { + if x != nil { + return x.Fpregs + } + return nil +} + +var File_core_mips_proto protoreflect.FileDescriptor + +var file_core_mips_proto_rawDesc = []byte{ + 0x0a, 0x0f, 0x63, 0x6f, 0x72, 0x65, 0x2d, 0x6d, 0x69, 0x70, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x12, 0x04, 0x63, 0x72, 0x69, 0x75, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x22, 0xda, 0x05, 0x0a, 0x14, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x6d, 0x69, 0x70, + 0x73, 0x5f, 0x72, 0x65, 0x67, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, + 0x72, 0x30, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x72, 0x30, 0x12, 0x0e, 0x0a, 0x02, + 0x72, 0x31, 0x18, 0x02, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x72, 0x31, 0x12, 0x0e, 0x0a, 0x02, + 0x72, 0x32, 0x18, 0x03, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x72, 0x32, 0x12, 0x0e, 0x0a, 0x02, + 0x72, 0x33, 0x18, 0x04, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x72, 0x33, 0x12, 0x0e, 0x0a, 0x02, + 0x72, 0x34, 0x18, 0x05, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x72, 0x34, 0x12, 0x0e, 0x0a, 0x02, + 0x72, 0x35, 0x18, 0x06, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x72, 0x35, 0x12, 0x0e, 0x0a, 0x02, + 0x72, 0x36, 0x18, 0x07, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x72, 0x36, 0x12, 0x0e, 0x0a, 0x02, + 0x72, 0x37, 0x18, 0x08, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x72, 0x37, 0x12, 0x0e, 0x0a, 0x02, + 0x72, 0x38, 0x18, 0x09, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x72, 0x38, 0x12, 0x0e, 0x0a, 0x02, + 0x72, 0x39, 0x18, 0x0a, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x72, 0x39, 0x12, 0x10, 0x0a, 0x03, + 0x72, 0x31, 0x30, 0x18, 0x0b, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x30, 0x12, 0x10, + 0x0a, 0x03, 0x72, 0x31, 0x31, 0x18, 0x0c, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x31, + 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, 0x32, 0x18, 0x0d, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, + 0x31, 0x32, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, 0x33, 0x18, 0x0e, 0x20, 0x02, 0x28, 0x04, 0x52, + 0x03, 0x72, 0x31, 0x33, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, 0x34, 0x18, 0x0f, 0x20, 0x02, 0x28, + 0x04, 0x52, 0x03, 0x72, 0x31, 0x34, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, 0x35, 0x18, 0x10, 0x20, + 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x35, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, 0x36, 0x18, + 0x11, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x36, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, + 0x37, 0x18, 0x12, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x37, 0x12, 0x10, 0x0a, 0x03, + 0x72, 0x31, 0x38, 0x18, 0x13, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x38, 0x12, 0x10, + 0x0a, 0x03, 0x72, 0x31, 0x39, 0x18, 0x14, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x39, + 0x12, 0x10, 0x0a, 0x03, 0x72, 0x32, 0x30, 0x18, 0x15, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, + 0x32, 0x30, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x32, 0x31, 0x18, 0x16, 0x20, 0x02, 0x28, 0x04, 0x52, + 0x03, 0x72, 0x32, 0x31, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x32, 0x32, 0x18, 0x17, 0x20, 0x02, 0x28, + 0x04, 0x52, 0x03, 0x72, 0x32, 0x32, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x32, 0x33, 0x18, 0x18, 0x20, + 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x32, 0x33, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x32, 0x34, 0x18, + 0x19, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x32, 0x34, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x32, + 0x35, 0x18, 0x1a, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x32, 0x35, 0x12, 0x10, 0x0a, 0x03, + 0x72, 0x32, 0x36, 0x18, 0x1b, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x32, 0x36, 0x12, 0x10, + 0x0a, 0x03, 0x72, 0x32, 0x37, 0x18, 0x1c, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x32, 0x37, + 0x12, 0x10, 0x0a, 0x03, 0x72, 0x32, 0x38, 0x18, 0x1d, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, + 0x32, 0x38, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x32, 0x39, 0x18, 0x1e, 0x20, 0x02, 0x28, 0x04, 0x52, + 0x03, 0x72, 0x32, 0x39, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x33, 0x30, 0x18, 0x1f, 0x20, 0x02, 0x28, + 0x04, 0x52, 0x03, 0x72, 0x33, 0x30, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x33, 0x31, 0x18, 0x20, 0x20, + 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x33, 0x31, 0x12, 0x0e, 0x0a, 0x02, 0x6c, 0x6f, 0x18, 0x21, + 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x6c, 0x6f, 0x12, 0x0e, 0x0a, 0x02, 0x68, 0x69, 0x18, 0x22, + 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x68, 0x69, 0x12, 0x17, 0x0a, 0x07, 0x63, 0x70, 0x30, 0x5f, + 0x65, 0x70, 0x63, 0x18, 0x23, 0x20, 0x02, 0x28, 0x04, 0x52, 0x06, 0x63, 0x70, 0x30, 0x45, 0x70, + 0x63, 0x12, 0x21, 0x0a, 0x0c, 0x63, 0x70, 0x30, 0x5f, 0x62, 0x61, 0x64, 0x76, 0x61, 0x64, 0x64, + 0x72, 0x18, 0x24, 0x20, 0x02, 0x28, 0x04, 0x52, 0x0b, 0x63, 0x70, 0x30, 0x42, 0x61, 0x64, 0x76, + 0x61, 0x64, 0x64, 0x72, 0x12, 0x1d, 0x0a, 0x0a, 0x63, 0x70, 0x30, 0x5f, 0x73, 0x74, 0x61, 0x74, + 0x75, 0x73, 0x18, 0x25, 0x20, 0x02, 0x28, 0x04, 0x52, 0x09, 0x63, 0x70, 0x30, 0x53, 0x74, 0x61, + 0x74, 0x75, 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x63, 0x70, 0x30, 0x5f, 0x63, 0x61, 0x75, 0x73, 0x65, + 0x18, 0x26, 0x20, 0x02, 0x28, 0x04, 0x52, 0x08, 0x63, 0x70, 0x30, 0x43, 0x61, 0x75, 0x73, 0x65, + 0x22, 0x98, 0x05, 0x0a, 0x16, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x6d, 0x69, 0x70, 0x73, 0x5f, 0x66, + 0x70, 0x72, 0x65, 0x67, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x72, + 0x30, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x72, 0x30, 0x12, 0x0e, 0x0a, 0x02, 0x72, + 0x31, 0x18, 0x02, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x72, 0x31, 0x12, 0x0e, 0x0a, 0x02, 0x72, + 0x32, 0x18, 0x03, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x72, 0x32, 0x12, 0x0e, 0x0a, 0x02, 0x72, + 0x33, 0x18, 0x04, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x72, 0x33, 0x12, 0x0e, 0x0a, 0x02, 0x72, + 0x34, 0x18, 0x05, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x72, 0x34, 0x12, 0x0e, 0x0a, 0x02, 0x72, + 0x35, 0x18, 0x06, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x72, 0x35, 0x12, 0x0e, 0x0a, 0x02, 0x72, + 0x36, 0x18, 0x07, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x72, 0x36, 0x12, 0x0e, 0x0a, 0x02, 0x72, + 0x37, 0x18, 0x08, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x72, 0x37, 0x12, 0x0e, 0x0a, 0x02, 0x72, + 0x38, 0x18, 0x09, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x72, 0x38, 0x12, 0x0e, 0x0a, 0x02, 0x72, + 0x39, 0x18, 0x0a, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x72, 0x39, 0x12, 0x10, 0x0a, 0x03, 0x72, + 0x31, 0x30, 0x18, 0x0b, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x30, 0x12, 0x10, 0x0a, + 0x03, 0x72, 0x31, 0x31, 0x18, 0x0c, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x31, 0x12, + 0x10, 0x0a, 0x03, 0x72, 0x31, 0x32, 0x18, 0x0d, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, + 0x32, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, 0x33, 0x18, 0x0e, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, + 0x72, 0x31, 0x33, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, 0x34, 0x18, 0x0f, 0x20, 0x02, 0x28, 0x04, + 0x52, 0x03, 0x72, 0x31, 0x34, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, 0x35, 0x18, 0x10, 0x20, 0x02, + 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x35, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, 0x36, 0x18, 0x11, + 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x36, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, 0x37, + 0x18, 0x12, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x37, 0x12, 0x10, 0x0a, 0x03, 0x72, + 0x31, 0x38, 0x18, 0x13, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x38, 0x12, 0x10, 0x0a, + 0x03, 0x72, 0x31, 0x39, 0x18, 0x14, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x39, 0x12, + 0x10, 0x0a, 0x03, 0x72, 0x32, 0x30, 0x18, 0x15, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x32, + 0x30, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x32, 0x31, 0x18, 0x16, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, + 0x72, 0x32, 0x31, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x32, 0x32, 0x18, 0x17, 0x20, 0x02, 0x28, 0x04, + 0x52, 0x03, 0x72, 0x32, 0x32, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x32, 0x33, 0x18, 0x18, 0x20, 0x02, + 0x28, 0x04, 0x52, 0x03, 0x72, 0x32, 0x33, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x32, 0x34, 0x18, 0x19, + 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x32, 0x34, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x32, 0x35, + 0x18, 0x1a, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x32, 0x35, 0x12, 0x10, 0x0a, 0x03, 0x72, + 0x32, 0x36, 0x18, 0x1b, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x32, 0x36, 0x12, 0x10, 0x0a, + 0x03, 0x72, 0x32, 0x37, 0x18, 0x1c, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x32, 0x37, 0x12, + 0x10, 0x0a, 0x03, 0x72, 0x32, 0x38, 0x18, 0x1d, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x32, + 0x38, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x32, 0x39, 0x18, 0x1e, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, + 0x72, 0x32, 0x39, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x33, 0x30, 0x18, 0x1f, 0x20, 0x02, 0x28, 0x04, + 0x52, 0x03, 0x72, 0x33, 0x30, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x33, 0x31, 0x18, 0x20, 0x20, 0x02, + 0x28, 0x04, 0x52, 0x03, 0x72, 0x33, 0x31, 0x12, 0x0e, 0x0a, 0x02, 0x6c, 0x6f, 0x18, 0x21, 0x20, + 0x02, 0x28, 0x04, 0x52, 0x02, 0x6c, 0x6f, 0x12, 0x0e, 0x0a, 0x02, 0x68, 0x69, 0x18, 0x22, 0x20, + 0x02, 0x28, 0x04, 0x52, 0x02, 0x68, 0x69, 0x12, 0x1b, 0x0a, 0x09, 0x66, 0x70, 0x75, 0x5f, 0x66, + 0x63, 0x72, 0x33, 0x31, 0x18, 0x23, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x08, 0x66, 0x70, 0x75, 0x46, + 0x63, 0x72, 0x33, 0x31, 0x12, 0x15, 0x0a, 0x06, 0x66, 0x70, 0x75, 0x5f, 0x69, 0x64, 0x18, 0x24, + 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x66, 0x70, 0x75, 0x49, 0x64, 0x22, 0xc9, 0x01, 0x0a, 0x10, + 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x6d, 0x69, 0x70, 0x73, + 0x12, 0x2b, 0x0a, 0x0e, 0x63, 0x6c, 0x65, 0x61, 0x72, 0x5f, 0x74, 0x69, 0x64, 0x5f, 0x61, 0x64, + 0x64, 0x72, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, + 0x0c, 0x63, 0x6c, 0x65, 0x61, 0x72, 0x54, 0x69, 0x64, 0x41, 0x64, 0x64, 0x72, 0x12, 0x10, 0x0a, + 0x03, 0x74, 0x6c, 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x74, 0x6c, 0x73, 0x12, + 0x39, 0x0a, 0x06, 0x67, 0x70, 0x72, 0x65, 0x67, 0x73, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0b, 0x32, + 0x1a, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x6d, 0x69, 0x70, 0x73, + 0x5f, 0x72, 0x65, 0x67, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x42, 0x05, 0xd2, 0x3f, 0x02, + 0x08, 0x01, 0x52, 0x06, 0x67, 0x70, 0x72, 0x65, 0x67, 0x73, 0x12, 0x3b, 0x0a, 0x06, 0x66, 0x70, + 0x72, 0x65, 0x67, 0x73, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x63, 0x72, 0x69, + 0x75, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x6d, 0x69, 0x70, 0x73, 0x5f, 0x66, 0x70, 0x72, 0x65, + 0x67, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, + 0x06, 0x66, 0x70, 0x72, 0x65, 0x67, 0x73, +} + +var ( + file_core_mips_proto_rawDescOnce sync.Once + file_core_mips_proto_rawDescData = file_core_mips_proto_rawDesc +) + +func file_core_mips_proto_rawDescGZIP() []byte { + file_core_mips_proto_rawDescOnce.Do(func() { + file_core_mips_proto_rawDescData = protoimpl.X.CompressGZIP(file_core_mips_proto_rawDescData) + }) + return file_core_mips_proto_rawDescData +} + +var file_core_mips_proto_msgTypes = make([]protoimpl.MessageInfo, 3) +var file_core_mips_proto_goTypes = []interface{}{ + (*UserMipsRegsEntry)(nil), // 0: criu.user_mips_regs_entry + (*UserMipsFpregsEntry)(nil), // 1: criu.user_mips_fpregs_entry + (*ThreadInfoMips)(nil), // 2: criu.thread_info_mips +} +var file_core_mips_proto_depIdxs = []int32{ + 0, // 0: criu.thread_info_mips.gpregs:type_name -> criu.user_mips_regs_entry + 1, // 1: criu.thread_info_mips.fpregs:type_name -> criu.user_mips_fpregs_entry + 2, // [2:2] is the sub-list for method output_type + 2, // [2:2] is the sub-list for method input_type + 2, // [2:2] is the sub-list for extension type_name + 2, // [2:2] is the sub-list for extension extendee + 0, // [0:2] is the sub-list for field type_name +} + +func init() { file_core_mips_proto_init() } +func file_core_mips_proto_init() { + if File_core_mips_proto != nil { + return + } + file_opts_proto_init() + if !protoimpl.UnsafeEnabled { + file_core_mips_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*UserMipsRegsEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_core_mips_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*UserMipsFpregsEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_core_mips_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ThreadInfoMips); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_core_mips_proto_rawDesc, + NumEnums: 0, + NumMessages: 3, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_core_mips_proto_goTypes, + DependencyIndexes: file_core_mips_proto_depIdxs, + MessageInfos: file_core_mips_proto_msgTypes, + }.Build() + File_core_mips_proto = out.File + file_core_mips_proto_rawDesc = nil + file_core_mips_proto_goTypes = nil + file_core_mips_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-mips.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-mips.proto new file mode 100644 index 00000000000..3cf950953bf --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-mips.proto @@ -0,0 +1,93 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +import "opts.proto"; + +message user_mips_regs_entry { + required uint64 r0 = 1; + required uint64 r1 = 2; + required uint64 r2 = 3; + required uint64 r3 = 4; + required uint64 r4 = 5; + required uint64 r5 = 6; + required uint64 r6 = 7; + required uint64 r7 = 8; + required uint64 r8 = 9; + required uint64 r9 = 10; + required uint64 r10 = 11; + required uint64 r11 = 12; + required uint64 r12 = 13; + required uint64 r13 = 14; + required uint64 r14 = 15; + required uint64 r15 = 16; + required uint64 r16 = 17; + required uint64 r17 = 18; + required uint64 r18 = 19; + required uint64 r19 = 20; + required uint64 r20 = 21; + required uint64 r21 = 22; + required uint64 r22 = 23; + required uint64 r23 = 24; + required uint64 r24 = 25; + required uint64 r25 = 26; + required uint64 r26 = 27; + required uint64 r27 = 28; + required uint64 r28 = 29; + required uint64 r29 = 30; + required uint64 r30 = 31; + required uint64 r31 = 32; + required uint64 lo = 33; + required uint64 hi = 34; + required uint64 cp0_epc = 35; + required uint64 cp0_badvaddr = 36; + required uint64 cp0_status = 37; + required uint64 cp0_cause = 38; +} + +message user_mips_fpregs_entry { + required uint64 r0 = 1; + required uint64 r1 = 2; + required uint64 r2 = 3; + required uint64 r3 = 4; + required uint64 r4 = 5; + required uint64 r5 = 6; + required uint64 r6 = 7; + required uint64 r7 = 8; + required uint64 r8 = 9; + required uint64 r9 = 10; + required uint64 r10 = 11; + required uint64 r11 = 12; + required uint64 r12 = 13; + required uint64 r13 = 14; + required uint64 r14 = 15; + required uint64 r15 = 16; + required uint64 r16 = 17; + required uint64 r17 = 18; + required uint64 r18 = 19; + required uint64 r19 = 20; + required uint64 r20 = 21; + required uint64 r21 = 22; + required uint64 r22 = 23; + required uint64 r23 = 24; + required uint64 r24 = 25; + required uint64 r25 = 26; + required uint64 r26 = 27; + required uint64 r27 = 28; + required uint64 r28 = 29; + required uint64 r29 = 30; + required uint64 r30 = 31; + required uint64 r31 = 32; + required uint64 lo = 33; + required uint64 hi = 34; + required uint32 fpu_fcr31 = 35; + required uint32 fpu_id = 36; +} + +message thread_info_mips { + required uint64 clear_tid_addr = 1[(criu).hex = true]; + required uint64 tls = 2; + required user_mips_regs_entry gpregs = 3[(criu).hex = true]; + required user_mips_fpregs_entry fpregs = 4[(criu).hex = true]; +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-ppc64.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-ppc64.pb.go new file mode 100644 index 00000000000..06aabe2c19e --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-ppc64.pb.go @@ -0,0 +1,698 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: core-ppc64.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type UserPpc64RegsEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Following is the list of registers starting at r0. + Gpr []uint64 `protobuf:"varint,1,rep,name=gpr" json:"gpr,omitempty"` + Nip *uint64 `protobuf:"varint,2,req,name=nip" json:"nip,omitempty"` + Msr *uint64 `protobuf:"varint,3,req,name=msr" json:"msr,omitempty"` + OrigGpr3 *uint64 `protobuf:"varint,4,req,name=orig_gpr3,json=origGpr3" json:"orig_gpr3,omitempty"` + Ctr *uint64 `protobuf:"varint,5,req,name=ctr" json:"ctr,omitempty"` + Link *uint64 `protobuf:"varint,6,req,name=link" json:"link,omitempty"` + Xer *uint64 `protobuf:"varint,7,req,name=xer" json:"xer,omitempty"` + Ccr *uint64 `protobuf:"varint,8,req,name=ccr" json:"ccr,omitempty"` + Trap *uint64 `protobuf:"varint,9,req,name=trap" json:"trap,omitempty"` + // For Transactional memory support since P8 + Texasr *uint64 `protobuf:"varint,10,opt,name=texasr" json:"texasr,omitempty"` + Tfhar *uint64 `protobuf:"varint,11,opt,name=tfhar" json:"tfhar,omitempty"` + Tfiar *uint64 `protobuf:"varint,12,opt,name=tfiar" json:"tfiar,omitempty"` +} + +func (x *UserPpc64RegsEntry) Reset() { + *x = UserPpc64RegsEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_core_ppc64_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *UserPpc64RegsEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*UserPpc64RegsEntry) ProtoMessage() {} + +func (x *UserPpc64RegsEntry) ProtoReflect() protoreflect.Message { + mi := &file_core_ppc64_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use UserPpc64RegsEntry.ProtoReflect.Descriptor instead. +func (*UserPpc64RegsEntry) Descriptor() ([]byte, []int) { + return file_core_ppc64_proto_rawDescGZIP(), []int{0} +} + +func (x *UserPpc64RegsEntry) GetGpr() []uint64 { + if x != nil { + return x.Gpr + } + return nil +} + +func (x *UserPpc64RegsEntry) GetNip() uint64 { + if x != nil && x.Nip != nil { + return *x.Nip + } + return 0 +} + +func (x *UserPpc64RegsEntry) GetMsr() uint64 { + if x != nil && x.Msr != nil { + return *x.Msr + } + return 0 +} + +func (x *UserPpc64RegsEntry) GetOrigGpr3() uint64 { + if x != nil && x.OrigGpr3 != nil { + return *x.OrigGpr3 + } + return 0 +} + +func (x *UserPpc64RegsEntry) GetCtr() uint64 { + if x != nil && x.Ctr != nil { + return *x.Ctr + } + return 0 +} + +func (x *UserPpc64RegsEntry) GetLink() uint64 { + if x != nil && x.Link != nil { + return *x.Link + } + return 0 +} + +func (x *UserPpc64RegsEntry) GetXer() uint64 { + if x != nil && x.Xer != nil { + return *x.Xer + } + return 0 +} + +func (x *UserPpc64RegsEntry) GetCcr() uint64 { + if x != nil && x.Ccr != nil { + return *x.Ccr + } + return 0 +} + +func (x *UserPpc64RegsEntry) GetTrap() uint64 { + if x != nil && x.Trap != nil { + return *x.Trap + } + return 0 +} + +func (x *UserPpc64RegsEntry) GetTexasr() uint64 { + if x != nil && x.Texasr != nil { + return *x.Texasr + } + return 0 +} + +func (x *UserPpc64RegsEntry) GetTfhar() uint64 { + if x != nil && x.Tfhar != nil { + return *x.Tfhar + } + return 0 +} + +func (x *UserPpc64RegsEntry) GetTfiar() uint64 { + if x != nil && x.Tfiar != nil { + return *x.Tfiar + } + return 0 +} + +type UserPpc64FpstateEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Following is the list of registers starting at fpr0 + Fpregs []uint64 `protobuf:"varint,1,rep,name=fpregs" json:"fpregs,omitempty"` +} + +func (x *UserPpc64FpstateEntry) Reset() { + *x = UserPpc64FpstateEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_core_ppc64_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *UserPpc64FpstateEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*UserPpc64FpstateEntry) ProtoMessage() {} + +func (x *UserPpc64FpstateEntry) ProtoReflect() protoreflect.Message { + mi := &file_core_ppc64_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use UserPpc64FpstateEntry.ProtoReflect.Descriptor instead. +func (*UserPpc64FpstateEntry) Descriptor() ([]byte, []int) { + return file_core_ppc64_proto_rawDescGZIP(), []int{1} +} + +func (x *UserPpc64FpstateEntry) GetFpregs() []uint64 { + if x != nil { + return x.Fpregs + } + return nil +} + +type UserPpc64VrstateEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Altivec registers + // The vector registers are 128bit registers (VSR[32..63]). + // The following vregs entry will store first the high part then the + // low one: + // + // VR0 = vrregs[0] << 64 | vrregs[1]; + // VR1 = vrregs[2] << 64 | vrregs[3]; + // .. + // + // The last entry stores in a 128bit field the VSCR which is a 32bit + // value returned by the kernel in a 128 field. + Vrregs []uint64 `protobuf:"varint,1,rep,name=vrregs" json:"vrregs,omitempty"` + Vrsave *uint32 `protobuf:"varint,2,req,name=vrsave" json:"vrsave,omitempty"` +} + +func (x *UserPpc64VrstateEntry) Reset() { + *x = UserPpc64VrstateEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_core_ppc64_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *UserPpc64VrstateEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*UserPpc64VrstateEntry) ProtoMessage() {} + +func (x *UserPpc64VrstateEntry) ProtoReflect() protoreflect.Message { + mi := &file_core_ppc64_proto_msgTypes[2] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use UserPpc64VrstateEntry.ProtoReflect.Descriptor instead. +func (*UserPpc64VrstateEntry) Descriptor() ([]byte, []int) { + return file_core_ppc64_proto_rawDescGZIP(), []int{2} +} + +func (x *UserPpc64VrstateEntry) GetVrregs() []uint64 { + if x != nil { + return x.Vrregs + } + return nil +} + +func (x *UserPpc64VrstateEntry) GetVrsave() uint32 { + if x != nil && x.Vrsave != nil { + return *x.Vrsave + } + return 0 +} + +type UserPpc64VsxstateEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // VSX registers + // The vector-scale registers are 128bit registers (VSR[0..64]). + // Since there is an overlapping over the VSX registers by the FPR and + // the Altivec registers, only the lower part of the first 32 VSX + // registers have to be saved. + Vsxregs []uint64 `protobuf:"varint,1,rep,name=vsxregs" json:"vsxregs,omitempty"` +} + +func (x *UserPpc64VsxstateEntry) Reset() { + *x = UserPpc64VsxstateEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_core_ppc64_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *UserPpc64VsxstateEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*UserPpc64VsxstateEntry) ProtoMessage() {} + +func (x *UserPpc64VsxstateEntry) ProtoReflect() protoreflect.Message { + mi := &file_core_ppc64_proto_msgTypes[3] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use UserPpc64VsxstateEntry.ProtoReflect.Descriptor instead. +func (*UserPpc64VsxstateEntry) Descriptor() ([]byte, []int) { + return file_core_ppc64_proto_rawDescGZIP(), []int{3} +} + +func (x *UserPpc64VsxstateEntry) GetVsxregs() []uint64 { + if x != nil { + return x.Vsxregs + } + return nil +} + +// Transactional memory operation's state +type UserPpc64TmRegsEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Gpregs *UserPpc64RegsEntry `protobuf:"bytes,1,req,name=gpregs" json:"gpregs,omitempty"` + Fpstate *UserPpc64FpstateEntry `protobuf:"bytes,2,opt,name=fpstate" json:"fpstate,omitempty"` + Vrstate *UserPpc64VrstateEntry `protobuf:"bytes,3,opt,name=vrstate" json:"vrstate,omitempty"` + Vsxstate *UserPpc64VsxstateEntry `protobuf:"bytes,4,opt,name=vsxstate" json:"vsxstate,omitempty"` +} + +func (x *UserPpc64TmRegsEntry) Reset() { + *x = UserPpc64TmRegsEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_core_ppc64_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *UserPpc64TmRegsEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*UserPpc64TmRegsEntry) ProtoMessage() {} + +func (x *UserPpc64TmRegsEntry) ProtoReflect() protoreflect.Message { + mi := &file_core_ppc64_proto_msgTypes[4] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use UserPpc64TmRegsEntry.ProtoReflect.Descriptor instead. +func (*UserPpc64TmRegsEntry) Descriptor() ([]byte, []int) { + return file_core_ppc64_proto_rawDescGZIP(), []int{4} +} + +func (x *UserPpc64TmRegsEntry) GetGpregs() *UserPpc64RegsEntry { + if x != nil { + return x.Gpregs + } + return nil +} + +func (x *UserPpc64TmRegsEntry) GetFpstate() *UserPpc64FpstateEntry { + if x != nil { + return x.Fpstate + } + return nil +} + +func (x *UserPpc64TmRegsEntry) GetVrstate() *UserPpc64VrstateEntry { + if x != nil { + return x.Vrstate + } + return nil +} + +func (x *UserPpc64TmRegsEntry) GetVsxstate() *UserPpc64VsxstateEntry { + if x != nil { + return x.Vsxstate + } + return nil +} + +type ThreadInfoPpc64 struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + ClearTidAddr *uint64 `protobuf:"varint,1,req,name=clear_tid_addr,json=clearTidAddr" json:"clear_tid_addr,omitempty"` + Gpregs *UserPpc64RegsEntry `protobuf:"bytes,2,req,name=gpregs" json:"gpregs,omitempty"` + Fpstate *UserPpc64FpstateEntry `protobuf:"bytes,3,opt,name=fpstate" json:"fpstate,omitempty"` + Vrstate *UserPpc64VrstateEntry `protobuf:"bytes,4,opt,name=vrstate" json:"vrstate,omitempty"` + Vsxstate *UserPpc64VsxstateEntry `protobuf:"bytes,5,opt,name=vsxstate" json:"vsxstate,omitempty"` + Tmstate *UserPpc64TmRegsEntry `protobuf:"bytes,6,opt,name=tmstate" json:"tmstate,omitempty"` +} + +func (x *ThreadInfoPpc64) Reset() { + *x = ThreadInfoPpc64{} + if protoimpl.UnsafeEnabled { + mi := &file_core_ppc64_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ThreadInfoPpc64) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ThreadInfoPpc64) ProtoMessage() {} + +func (x *ThreadInfoPpc64) ProtoReflect() protoreflect.Message { + mi := &file_core_ppc64_proto_msgTypes[5] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ThreadInfoPpc64.ProtoReflect.Descriptor instead. +func (*ThreadInfoPpc64) Descriptor() ([]byte, []int) { + return file_core_ppc64_proto_rawDescGZIP(), []int{5} +} + +func (x *ThreadInfoPpc64) GetClearTidAddr() uint64 { + if x != nil && x.ClearTidAddr != nil { + return *x.ClearTidAddr + } + return 0 +} + +func (x *ThreadInfoPpc64) GetGpregs() *UserPpc64RegsEntry { + if x != nil { + return x.Gpregs + } + return nil +} + +func (x *ThreadInfoPpc64) GetFpstate() *UserPpc64FpstateEntry { + if x != nil { + return x.Fpstate + } + return nil +} + +func (x *ThreadInfoPpc64) GetVrstate() *UserPpc64VrstateEntry { + if x != nil { + return x.Vrstate + } + return nil +} + +func (x *ThreadInfoPpc64) GetVsxstate() *UserPpc64VsxstateEntry { + if x != nil { + return x.Vsxstate + } + return nil +} + +func (x *ThreadInfoPpc64) GetTmstate() *UserPpc64TmRegsEntry { + if x != nil { + return x.Tmstate + } + return nil +} + +var File_core_ppc64_proto protoreflect.FileDescriptor + +var file_core_ppc64_proto_rawDesc = []byte{ + 0x0a, 0x10, 0x63, 0x6f, 0x72, 0x65, 0x2d, 0x70, 0x70, 0x63, 0x36, 0x34, 0x2e, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x12, 0x04, 0x63, 0x72, 0x69, 0x75, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x8c, 0x02, 0x0a, 0x15, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x70, 0x70, + 0x63, 0x36, 0x34, 0x5f, 0x72, 0x65, 0x67, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, + 0x0a, 0x03, 0x67, 0x70, 0x72, 0x18, 0x01, 0x20, 0x03, 0x28, 0x04, 0x52, 0x03, 0x67, 0x70, 0x72, + 0x12, 0x10, 0x0a, 0x03, 0x6e, 0x69, 0x70, 0x18, 0x02, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x6e, + 0x69, 0x70, 0x12, 0x10, 0x0a, 0x03, 0x6d, 0x73, 0x72, 0x18, 0x03, 0x20, 0x02, 0x28, 0x04, 0x52, + 0x03, 0x6d, 0x73, 0x72, 0x12, 0x1b, 0x0a, 0x09, 0x6f, 0x72, 0x69, 0x67, 0x5f, 0x67, 0x70, 0x72, + 0x33, 0x18, 0x04, 0x20, 0x02, 0x28, 0x04, 0x52, 0x08, 0x6f, 0x72, 0x69, 0x67, 0x47, 0x70, 0x72, + 0x33, 0x12, 0x10, 0x0a, 0x03, 0x63, 0x74, 0x72, 0x18, 0x05, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, + 0x63, 0x74, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x6c, 0x69, 0x6e, 0x6b, 0x18, 0x06, 0x20, 0x02, 0x28, + 0x04, 0x52, 0x04, 0x6c, 0x69, 0x6e, 0x6b, 0x12, 0x10, 0x0a, 0x03, 0x78, 0x65, 0x72, 0x18, 0x07, + 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x78, 0x65, 0x72, 0x12, 0x10, 0x0a, 0x03, 0x63, 0x63, 0x72, + 0x18, 0x08, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x63, 0x63, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x74, + 0x72, 0x61, 0x70, 0x18, 0x09, 0x20, 0x02, 0x28, 0x04, 0x52, 0x04, 0x74, 0x72, 0x61, 0x70, 0x12, + 0x16, 0x0a, 0x06, 0x74, 0x65, 0x78, 0x61, 0x73, 0x72, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x04, 0x52, + 0x06, 0x74, 0x65, 0x78, 0x61, 0x73, 0x72, 0x12, 0x14, 0x0a, 0x05, 0x74, 0x66, 0x68, 0x61, 0x72, + 0x18, 0x0b, 0x20, 0x01, 0x28, 0x04, 0x52, 0x05, 0x74, 0x66, 0x68, 0x61, 0x72, 0x12, 0x14, 0x0a, + 0x05, 0x74, 0x66, 0x69, 0x61, 0x72, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x04, 0x52, 0x05, 0x74, 0x66, + 0x69, 0x61, 0x72, 0x22, 0x32, 0x0a, 0x18, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x70, 0x70, 0x63, 0x36, + 0x34, 0x5f, 0x66, 0x70, 0x73, 0x74, 0x61, 0x74, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, + 0x16, 0x0a, 0x06, 0x66, 0x70, 0x72, 0x65, 0x67, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x04, 0x52, + 0x06, 0x66, 0x70, 0x72, 0x65, 0x67, 0x73, 0x22, 0x4a, 0x0a, 0x18, 0x75, 0x73, 0x65, 0x72, 0x5f, + 0x70, 0x70, 0x63, 0x36, 0x34, 0x5f, 0x76, 0x72, 0x73, 0x74, 0x61, 0x74, 0x65, 0x5f, 0x65, 0x6e, + 0x74, 0x72, 0x79, 0x12, 0x16, 0x0a, 0x06, 0x76, 0x72, 0x72, 0x65, 0x67, 0x73, 0x18, 0x01, 0x20, + 0x03, 0x28, 0x04, 0x52, 0x06, 0x76, 0x72, 0x72, 0x65, 0x67, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x76, + 0x72, 0x73, 0x61, 0x76, 0x65, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x06, 0x76, 0x72, 0x73, + 0x61, 0x76, 0x65, 0x22, 0x35, 0x0a, 0x19, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x70, 0x70, 0x63, 0x36, + 0x34, 0x5f, 0x76, 0x73, 0x78, 0x73, 0x74, 0x61, 0x74, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, + 0x12, 0x18, 0x0a, 0x07, 0x76, 0x73, 0x78, 0x72, 0x65, 0x67, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, + 0x04, 0x52, 0x07, 0x76, 0x73, 0x78, 0x72, 0x65, 0x67, 0x73, 0x22, 0x80, 0x02, 0x0a, 0x18, 0x75, + 0x73, 0x65, 0x72, 0x5f, 0x70, 0x70, 0x63, 0x36, 0x34, 0x5f, 0x74, 0x6d, 0x5f, 0x72, 0x65, 0x67, + 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x33, 0x0a, 0x06, 0x67, 0x70, 0x72, 0x65, 0x67, + 0x73, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x75, + 0x73, 0x65, 0x72, 0x5f, 0x70, 0x70, 0x63, 0x36, 0x34, 0x5f, 0x72, 0x65, 0x67, 0x73, 0x5f, 0x65, + 0x6e, 0x74, 0x72, 0x79, 0x52, 0x06, 0x67, 0x70, 0x72, 0x65, 0x67, 0x73, 0x12, 0x38, 0x0a, 0x07, + 0x66, 0x70, 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, + 0x63, 0x72, 0x69, 0x75, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x70, 0x70, 0x63, 0x36, 0x34, 0x5f, + 0x66, 0x70, 0x73, 0x74, 0x61, 0x74, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x66, + 0x70, 0x73, 0x74, 0x61, 0x74, 0x65, 0x12, 0x38, 0x0a, 0x07, 0x76, 0x72, 0x73, 0x74, 0x61, 0x74, + 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x75, + 0x73, 0x65, 0x72, 0x5f, 0x70, 0x70, 0x63, 0x36, 0x34, 0x5f, 0x76, 0x72, 0x73, 0x74, 0x61, 0x74, + 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x76, 0x72, 0x73, 0x74, 0x61, 0x74, 0x65, + 0x12, 0x3b, 0x0a, 0x08, 0x76, 0x73, 0x78, 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x04, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x70, + 0x70, 0x63, 0x36, 0x34, 0x5f, 0x76, 0x73, 0x78, 0x73, 0x74, 0x61, 0x74, 0x65, 0x5f, 0x65, 0x6e, + 0x74, 0x72, 0x79, 0x52, 0x08, 0x76, 0x73, 0x78, 0x73, 0x74, 0x61, 0x74, 0x65, 0x22, 0xe7, 0x02, + 0x0a, 0x11, 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x70, 0x70, + 0x63, 0x36, 0x34, 0x12, 0x2b, 0x0a, 0x0e, 0x63, 0x6c, 0x65, 0x61, 0x72, 0x5f, 0x74, 0x69, 0x64, + 0x5f, 0x61, 0x64, 0x64, 0x72, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, + 0x08, 0x01, 0x52, 0x0c, 0x63, 0x6c, 0x65, 0x61, 0x72, 0x54, 0x69, 0x64, 0x41, 0x64, 0x64, 0x72, + 0x12, 0x3a, 0x0a, 0x06, 0x67, 0x70, 0x72, 0x65, 0x67, 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0b, + 0x32, 0x1b, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x70, 0x70, 0x63, + 0x36, 0x34, 0x5f, 0x72, 0x65, 0x67, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x42, 0x05, 0xd2, + 0x3f, 0x02, 0x08, 0x01, 0x52, 0x06, 0x67, 0x70, 0x72, 0x65, 0x67, 0x73, 0x12, 0x38, 0x0a, 0x07, + 0x66, 0x70, 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, + 0x63, 0x72, 0x69, 0x75, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x70, 0x70, 0x63, 0x36, 0x34, 0x5f, + 0x66, 0x70, 0x73, 0x74, 0x61, 0x74, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x66, + 0x70, 0x73, 0x74, 0x61, 0x74, 0x65, 0x12, 0x38, 0x0a, 0x07, 0x76, 0x72, 0x73, 0x74, 0x61, 0x74, + 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x75, + 0x73, 0x65, 0x72, 0x5f, 0x70, 0x70, 0x63, 0x36, 0x34, 0x5f, 0x76, 0x72, 0x73, 0x74, 0x61, 0x74, + 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x76, 0x72, 0x73, 0x74, 0x61, 0x74, 0x65, + 0x12, 0x3b, 0x0a, 0x08, 0x76, 0x73, 0x78, 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x05, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x70, + 0x70, 0x63, 0x36, 0x34, 0x5f, 0x76, 0x73, 0x78, 0x73, 0x74, 0x61, 0x74, 0x65, 0x5f, 0x65, 0x6e, + 0x74, 0x72, 0x79, 0x52, 0x08, 0x76, 0x73, 0x78, 0x73, 0x74, 0x61, 0x74, 0x65, 0x12, 0x38, 0x0a, + 0x07, 0x74, 0x6d, 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, + 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x70, 0x70, 0x63, 0x36, 0x34, + 0x5f, 0x74, 0x6d, 0x5f, 0x72, 0x65, 0x67, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, + 0x74, 0x6d, 0x73, 0x74, 0x61, 0x74, 0x65, +} + +var ( + file_core_ppc64_proto_rawDescOnce sync.Once + file_core_ppc64_proto_rawDescData = file_core_ppc64_proto_rawDesc +) + +func file_core_ppc64_proto_rawDescGZIP() []byte { + file_core_ppc64_proto_rawDescOnce.Do(func() { + file_core_ppc64_proto_rawDescData = protoimpl.X.CompressGZIP(file_core_ppc64_proto_rawDescData) + }) + return file_core_ppc64_proto_rawDescData +} + +var file_core_ppc64_proto_msgTypes = make([]protoimpl.MessageInfo, 6) +var file_core_ppc64_proto_goTypes = []interface{}{ + (*UserPpc64RegsEntry)(nil), // 0: criu.user_ppc64_regs_entry + (*UserPpc64FpstateEntry)(nil), // 1: criu.user_ppc64_fpstate_entry + (*UserPpc64VrstateEntry)(nil), // 2: criu.user_ppc64_vrstate_entry + (*UserPpc64VsxstateEntry)(nil), // 3: criu.user_ppc64_vsxstate_entry + (*UserPpc64TmRegsEntry)(nil), // 4: criu.user_ppc64_tm_regs_entry + (*ThreadInfoPpc64)(nil), // 5: criu.thread_info_ppc64 +} +var file_core_ppc64_proto_depIdxs = []int32{ + 0, // 0: criu.user_ppc64_tm_regs_entry.gpregs:type_name -> criu.user_ppc64_regs_entry + 1, // 1: criu.user_ppc64_tm_regs_entry.fpstate:type_name -> criu.user_ppc64_fpstate_entry + 2, // 2: criu.user_ppc64_tm_regs_entry.vrstate:type_name -> criu.user_ppc64_vrstate_entry + 3, // 3: criu.user_ppc64_tm_regs_entry.vsxstate:type_name -> criu.user_ppc64_vsxstate_entry + 0, // 4: criu.thread_info_ppc64.gpregs:type_name -> criu.user_ppc64_regs_entry + 1, // 5: criu.thread_info_ppc64.fpstate:type_name -> criu.user_ppc64_fpstate_entry + 2, // 6: criu.thread_info_ppc64.vrstate:type_name -> criu.user_ppc64_vrstate_entry + 3, // 7: criu.thread_info_ppc64.vsxstate:type_name -> criu.user_ppc64_vsxstate_entry + 4, // 8: criu.thread_info_ppc64.tmstate:type_name -> criu.user_ppc64_tm_regs_entry + 9, // [9:9] is the sub-list for method output_type + 9, // [9:9] is the sub-list for method input_type + 9, // [9:9] is the sub-list for extension type_name + 9, // [9:9] is the sub-list for extension extendee + 0, // [0:9] is the sub-list for field type_name +} + +func init() { file_core_ppc64_proto_init() } +func file_core_ppc64_proto_init() { + if File_core_ppc64_proto != nil { + return + } + file_opts_proto_init() + if !protoimpl.UnsafeEnabled { + file_core_ppc64_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*UserPpc64RegsEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_core_ppc64_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*UserPpc64FpstateEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_core_ppc64_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*UserPpc64VrstateEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_core_ppc64_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*UserPpc64VsxstateEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_core_ppc64_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*UserPpc64TmRegsEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_core_ppc64_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ThreadInfoPpc64); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_core_ppc64_proto_rawDesc, + NumEnums: 0, + NumMessages: 6, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_core_ppc64_proto_goTypes, + DependencyIndexes: file_core_ppc64_proto_depIdxs, + MessageInfos: file_core_ppc64_proto_msgTypes, + }.Build() + File_core_ppc64_proto = out.File + file_core_ppc64_proto_rawDesc = nil + file_core_ppc64_proto_goTypes = nil + file_core_ppc64_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-ppc64.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-ppc64.proto new file mode 100644 index 00000000000..26af11a313f --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-ppc64.proto @@ -0,0 +1,74 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +import "opts.proto"; + +message user_ppc64_regs_entry { + /* Following is the list of registers starting at r0. */ + repeated uint64 gpr = 1; + required uint64 nip = 2; + required uint64 msr = 3; + required uint64 orig_gpr3 = 4; + required uint64 ctr = 5; + required uint64 link = 6; + required uint64 xer = 7; + required uint64 ccr = 8; + required uint64 trap = 9; + /* For Transactional memory support since P8 */ + optional uint64 texasr = 10; + optional uint64 tfhar = 11; + optional uint64 tfiar = 12; +} + +message user_ppc64_fpstate_entry { + /* Following is the list of registers starting at fpr0 */ + repeated uint64 fpregs = 1; +} + +message user_ppc64_vrstate_entry { + /* + * Altivec registers + * The vector registers are 128bit registers (VSR[32..63]). + * The following vregs entry will store first the high part then the + * low one: + * VR0 = vrregs[0] << 64 | vrregs[1]; + * VR1 = vrregs[2] << 64 | vrregs[3]; + * .. + * The last entry stores in a 128bit field the VSCR which is a 32bit + * value returned by the kernel in a 128 field. + */ + repeated uint64 vrregs = 1; + required uint32 vrsave = 2; +} + +message user_ppc64_vsxstate_entry { + /* + * VSX registers + * The vector-scale registers are 128bit registers (VSR[0..64]). + * Since there is an overlapping over the VSX registers by the FPR and + * the Altivec registers, only the lower part of the first 32 VSX + * registers have to be saved. + */ + repeated uint64 vsxregs = 1; +} + +/* + * Transactional memory operation's state + */ +message user_ppc64_tm_regs_entry { + required user_ppc64_regs_entry gpregs = 1; + optional user_ppc64_fpstate_entry fpstate = 2; + optional user_ppc64_vrstate_entry vrstate = 3; + optional user_ppc64_vsxstate_entry vsxstate = 4; +} + +message thread_info_ppc64 { + required uint64 clear_tid_addr = 1[(criu).hex = true]; + required user_ppc64_regs_entry gpregs = 2[(criu).hex = true]; + optional user_ppc64_fpstate_entry fpstate = 3; + optional user_ppc64_vrstate_entry vrstate = 4; + optional user_ppc64_vsxstate_entry vsxstate = 5; + optional user_ppc64_tm_regs_entry tmstate = 6; +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-s390.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-s390.pb.go new file mode 100644 index 00000000000..36da252f2db --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-s390.pb.go @@ -0,0 +1,683 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: core-s390.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type UserS390RegsEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + PswMask *uint64 `protobuf:"varint,1,req,name=psw_mask,json=pswMask" json:"psw_mask,omitempty"` + PswAddr *uint64 `protobuf:"varint,2,req,name=psw_addr,json=pswAddr" json:"psw_addr,omitempty"` + Gprs []uint64 `protobuf:"varint,3,rep,name=gprs" json:"gprs,omitempty"` + Acrs []uint32 `protobuf:"varint,4,rep,name=acrs" json:"acrs,omitempty"` + OrigGpr2 *uint64 `protobuf:"varint,5,req,name=orig_gpr2,json=origGpr2" json:"orig_gpr2,omitempty"` + SystemCall *uint32 `protobuf:"varint,6,req,name=system_call,json=systemCall" json:"system_call,omitempty"` +} + +func (x *UserS390RegsEntry) Reset() { + *x = UserS390RegsEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_core_s390_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *UserS390RegsEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*UserS390RegsEntry) ProtoMessage() {} + +func (x *UserS390RegsEntry) ProtoReflect() protoreflect.Message { + mi := &file_core_s390_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use UserS390RegsEntry.ProtoReflect.Descriptor instead. +func (*UserS390RegsEntry) Descriptor() ([]byte, []int) { + return file_core_s390_proto_rawDescGZIP(), []int{0} +} + +func (x *UserS390RegsEntry) GetPswMask() uint64 { + if x != nil && x.PswMask != nil { + return *x.PswMask + } + return 0 +} + +func (x *UserS390RegsEntry) GetPswAddr() uint64 { + if x != nil && x.PswAddr != nil { + return *x.PswAddr + } + return 0 +} + +func (x *UserS390RegsEntry) GetGprs() []uint64 { + if x != nil { + return x.Gprs + } + return nil +} + +func (x *UserS390RegsEntry) GetAcrs() []uint32 { + if x != nil { + return x.Acrs + } + return nil +} + +func (x *UserS390RegsEntry) GetOrigGpr2() uint64 { + if x != nil && x.OrigGpr2 != nil { + return *x.OrigGpr2 + } + return 0 +} + +func (x *UserS390RegsEntry) GetSystemCall() uint32 { + if x != nil && x.SystemCall != nil { + return *x.SystemCall + } + return 0 +} + +type UserS390VxrsLowEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Regs []uint64 `protobuf:"varint,1,rep,name=regs" json:"regs,omitempty"` +} + +func (x *UserS390VxrsLowEntry) Reset() { + *x = UserS390VxrsLowEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_core_s390_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *UserS390VxrsLowEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*UserS390VxrsLowEntry) ProtoMessage() {} + +func (x *UserS390VxrsLowEntry) ProtoReflect() protoreflect.Message { + mi := &file_core_s390_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use UserS390VxrsLowEntry.ProtoReflect.Descriptor instead. +func (*UserS390VxrsLowEntry) Descriptor() ([]byte, []int) { + return file_core_s390_proto_rawDescGZIP(), []int{1} +} + +func (x *UserS390VxrsLowEntry) GetRegs() []uint64 { + if x != nil { + return x.Regs + } + return nil +} + +// The vxrs_high registers have 128 bit: +// +// vxrs_high_0 = regs[0] << 64 | regs[1]; +// vxrs_high_1 = regs[2] << 64 | regs[3]; +type UserS390VxrsHighEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Regs []uint64 `protobuf:"varint,1,rep,name=regs" json:"regs,omitempty"` +} + +func (x *UserS390VxrsHighEntry) Reset() { + *x = UserS390VxrsHighEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_core_s390_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *UserS390VxrsHighEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*UserS390VxrsHighEntry) ProtoMessage() {} + +func (x *UserS390VxrsHighEntry) ProtoReflect() protoreflect.Message { + mi := &file_core_s390_proto_msgTypes[2] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use UserS390VxrsHighEntry.ProtoReflect.Descriptor instead. +func (*UserS390VxrsHighEntry) Descriptor() ([]byte, []int) { + return file_core_s390_proto_rawDescGZIP(), []int{2} +} + +func (x *UserS390VxrsHighEntry) GetRegs() []uint64 { + if x != nil { + return x.Regs + } + return nil +} + +type UserS390FpregsEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Fpc *uint32 `protobuf:"varint,1,req,name=fpc" json:"fpc,omitempty"` + Fprs []uint64 `protobuf:"varint,2,rep,name=fprs" json:"fprs,omitempty"` +} + +func (x *UserS390FpregsEntry) Reset() { + *x = UserS390FpregsEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_core_s390_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *UserS390FpregsEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*UserS390FpregsEntry) ProtoMessage() {} + +func (x *UserS390FpregsEntry) ProtoReflect() protoreflect.Message { + mi := &file_core_s390_proto_msgTypes[3] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use UserS390FpregsEntry.ProtoReflect.Descriptor instead. +func (*UserS390FpregsEntry) Descriptor() ([]byte, []int) { + return file_core_s390_proto_rawDescGZIP(), []int{3} +} + +func (x *UserS390FpregsEntry) GetFpc() uint32 { + if x != nil && x.Fpc != nil { + return *x.Fpc + } + return 0 +} + +func (x *UserS390FpregsEntry) GetFprs() []uint64 { + if x != nil { + return x.Fprs + } + return nil +} + +type UserS390GsCbEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Regs []uint64 `protobuf:"varint,1,rep,name=regs" json:"regs,omitempty"` +} + +func (x *UserS390GsCbEntry) Reset() { + *x = UserS390GsCbEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_core_s390_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *UserS390GsCbEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*UserS390GsCbEntry) ProtoMessage() {} + +func (x *UserS390GsCbEntry) ProtoReflect() protoreflect.Message { + mi := &file_core_s390_proto_msgTypes[4] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use UserS390GsCbEntry.ProtoReflect.Descriptor instead. +func (*UserS390GsCbEntry) Descriptor() ([]byte, []int) { + return file_core_s390_proto_rawDescGZIP(), []int{4} +} + +func (x *UserS390GsCbEntry) GetRegs() []uint64 { + if x != nil { + return x.Regs + } + return nil +} + +type UserS390RiEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + RiOn *uint32 `protobuf:"varint,1,req,name=ri_on,json=riOn" json:"ri_on,omitempty"` + Regs []uint64 `protobuf:"varint,2,rep,name=regs" json:"regs,omitempty"` +} + +func (x *UserS390RiEntry) Reset() { + *x = UserS390RiEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_core_s390_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *UserS390RiEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*UserS390RiEntry) ProtoMessage() {} + +func (x *UserS390RiEntry) ProtoReflect() protoreflect.Message { + mi := &file_core_s390_proto_msgTypes[5] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use UserS390RiEntry.ProtoReflect.Descriptor instead. +func (*UserS390RiEntry) Descriptor() ([]byte, []int) { + return file_core_s390_proto_rawDescGZIP(), []int{5} +} + +func (x *UserS390RiEntry) GetRiOn() uint32 { + if x != nil && x.RiOn != nil { + return *x.RiOn + } + return 0 +} + +func (x *UserS390RiEntry) GetRegs() []uint64 { + if x != nil { + return x.Regs + } + return nil +} + +type ThreadInfoS390 struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + ClearTidAddr *uint64 `protobuf:"varint,1,req,name=clear_tid_addr,json=clearTidAddr" json:"clear_tid_addr,omitempty"` + Gpregs *UserS390RegsEntry `protobuf:"bytes,2,req,name=gpregs" json:"gpregs,omitempty"` + Fpregs *UserS390FpregsEntry `protobuf:"bytes,3,req,name=fpregs" json:"fpregs,omitempty"` + VxrsLow *UserS390VxrsLowEntry `protobuf:"bytes,4,opt,name=vxrs_low,json=vxrsLow" json:"vxrs_low,omitempty"` + VxrsHigh *UserS390VxrsHighEntry `protobuf:"bytes,5,opt,name=vxrs_high,json=vxrsHigh" json:"vxrs_high,omitempty"` + GsCb *UserS390GsCbEntry `protobuf:"bytes,6,opt,name=gs_cb,json=gsCb" json:"gs_cb,omitempty"` + GsBc *UserS390GsCbEntry `protobuf:"bytes,7,opt,name=gs_bc,json=gsBc" json:"gs_bc,omitempty"` + RiCb *UserS390RiEntry `protobuf:"bytes,8,opt,name=ri_cb,json=riCb" json:"ri_cb,omitempty"` +} + +func (x *ThreadInfoS390) Reset() { + *x = ThreadInfoS390{} + if protoimpl.UnsafeEnabled { + mi := &file_core_s390_proto_msgTypes[6] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ThreadInfoS390) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ThreadInfoS390) ProtoMessage() {} + +func (x *ThreadInfoS390) ProtoReflect() protoreflect.Message { + mi := &file_core_s390_proto_msgTypes[6] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ThreadInfoS390.ProtoReflect.Descriptor instead. +func (*ThreadInfoS390) Descriptor() ([]byte, []int) { + return file_core_s390_proto_rawDescGZIP(), []int{6} +} + +func (x *ThreadInfoS390) GetClearTidAddr() uint64 { + if x != nil && x.ClearTidAddr != nil { + return *x.ClearTidAddr + } + return 0 +} + +func (x *ThreadInfoS390) GetGpregs() *UserS390RegsEntry { + if x != nil { + return x.Gpregs + } + return nil +} + +func (x *ThreadInfoS390) GetFpregs() *UserS390FpregsEntry { + if x != nil { + return x.Fpregs + } + return nil +} + +func (x *ThreadInfoS390) GetVxrsLow() *UserS390VxrsLowEntry { + if x != nil { + return x.VxrsLow + } + return nil +} + +func (x *ThreadInfoS390) GetVxrsHigh() *UserS390VxrsHighEntry { + if x != nil { + return x.VxrsHigh + } + return nil +} + +func (x *ThreadInfoS390) GetGsCb() *UserS390GsCbEntry { + if x != nil { + return x.GsCb + } + return nil +} + +func (x *ThreadInfoS390) GetGsBc() *UserS390GsCbEntry { + if x != nil { + return x.GsBc + } + return nil +} + +func (x *ThreadInfoS390) GetRiCb() *UserS390RiEntry { + if x != nil { + return x.RiCb + } + return nil +} + +var File_core_s390_proto protoreflect.FileDescriptor + +var file_core_s390_proto_rawDesc = []byte{ + 0x0a, 0x0f, 0x63, 0x6f, 0x72, 0x65, 0x2d, 0x73, 0x33, 0x39, 0x30, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x12, 0x04, 0x63, 0x72, 0x69, 0x75, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x22, 0xb2, 0x01, 0x0a, 0x14, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x73, 0x33, 0x39, + 0x30, 0x5f, 0x72, 0x65, 0x67, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x19, 0x0a, 0x08, + 0x70, 0x73, 0x77, 0x5f, 0x6d, 0x61, 0x73, 0x6b, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x52, 0x07, + 0x70, 0x73, 0x77, 0x4d, 0x61, 0x73, 0x6b, 0x12, 0x19, 0x0a, 0x08, 0x70, 0x73, 0x77, 0x5f, 0x61, + 0x64, 0x64, 0x72, 0x18, 0x02, 0x20, 0x02, 0x28, 0x04, 0x52, 0x07, 0x70, 0x73, 0x77, 0x41, 0x64, + 0x64, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x67, 0x70, 0x72, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x04, + 0x52, 0x04, 0x67, 0x70, 0x72, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x61, 0x63, 0x72, 0x73, 0x18, 0x04, + 0x20, 0x03, 0x28, 0x0d, 0x52, 0x04, 0x61, 0x63, 0x72, 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x6f, 0x72, + 0x69, 0x67, 0x5f, 0x67, 0x70, 0x72, 0x32, 0x18, 0x05, 0x20, 0x02, 0x28, 0x04, 0x52, 0x08, 0x6f, + 0x72, 0x69, 0x67, 0x47, 0x70, 0x72, 0x32, 0x12, 0x1f, 0x0a, 0x0b, 0x73, 0x79, 0x73, 0x74, 0x65, + 0x6d, 0x5f, 0x63, 0x61, 0x6c, 0x6c, 0x18, 0x06, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x0a, 0x73, 0x79, + 0x73, 0x74, 0x65, 0x6d, 0x43, 0x61, 0x6c, 0x6c, 0x22, 0x2e, 0x0a, 0x18, 0x75, 0x73, 0x65, 0x72, + 0x5f, 0x73, 0x33, 0x39, 0x30, 0x5f, 0x76, 0x78, 0x72, 0x73, 0x5f, 0x6c, 0x6f, 0x77, 0x5f, 0x65, + 0x6e, 0x74, 0x72, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x72, 0x65, 0x67, 0x73, 0x18, 0x01, 0x20, 0x03, + 0x28, 0x04, 0x52, 0x04, 0x72, 0x65, 0x67, 0x73, 0x22, 0x2f, 0x0a, 0x19, 0x75, 0x73, 0x65, 0x72, + 0x5f, 0x73, 0x33, 0x39, 0x30, 0x5f, 0x76, 0x78, 0x72, 0x73, 0x5f, 0x68, 0x69, 0x67, 0x68, 0x5f, + 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x72, 0x65, 0x67, 0x73, 0x18, 0x01, 0x20, + 0x03, 0x28, 0x04, 0x52, 0x04, 0x72, 0x65, 0x67, 0x73, 0x22, 0x3e, 0x0a, 0x16, 0x75, 0x73, 0x65, + 0x72, 0x5f, 0x73, 0x33, 0x39, 0x30, 0x5f, 0x66, 0x70, 0x72, 0x65, 0x67, 0x73, 0x5f, 0x65, 0x6e, + 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x66, 0x70, 0x63, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, + 0x52, 0x03, 0x66, 0x70, 0x63, 0x12, 0x12, 0x0a, 0x04, 0x66, 0x70, 0x72, 0x73, 0x18, 0x02, 0x20, + 0x03, 0x28, 0x04, 0x52, 0x04, 0x66, 0x70, 0x72, 0x73, 0x22, 0x2b, 0x0a, 0x15, 0x75, 0x73, 0x65, + 0x72, 0x5f, 0x73, 0x33, 0x39, 0x30, 0x5f, 0x67, 0x73, 0x5f, 0x63, 0x62, 0x5f, 0x65, 0x6e, 0x74, + 0x72, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x72, 0x65, 0x67, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x04, + 0x52, 0x04, 0x72, 0x65, 0x67, 0x73, 0x22, 0x3d, 0x0a, 0x12, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x73, + 0x33, 0x39, 0x30, 0x5f, 0x72, 0x69, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x13, 0x0a, 0x05, + 0x72, 0x69, 0x5f, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x72, 0x69, 0x4f, + 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x72, 0x65, 0x67, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x04, 0x52, + 0x04, 0x72, 0x65, 0x67, 0x73, 0x22, 0xe6, 0x03, 0x0a, 0x10, 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, + 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x73, 0x33, 0x39, 0x30, 0x12, 0x2b, 0x0a, 0x0e, 0x63, 0x6c, + 0x65, 0x61, 0x72, 0x5f, 0x74, 0x69, 0x64, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x18, 0x01, 0x20, 0x02, + 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x0c, 0x63, 0x6c, 0x65, 0x61, 0x72, + 0x54, 0x69, 0x64, 0x41, 0x64, 0x64, 0x72, 0x12, 0x39, 0x0a, 0x06, 0x67, 0x70, 0x72, 0x65, 0x67, + 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x75, + 0x73, 0x65, 0x72, 0x5f, 0x73, 0x33, 0x39, 0x30, 0x5f, 0x72, 0x65, 0x67, 0x73, 0x5f, 0x65, 0x6e, + 0x74, 0x72, 0x79, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x06, 0x67, 0x70, 0x72, 0x65, + 0x67, 0x73, 0x12, 0x3b, 0x0a, 0x06, 0x66, 0x70, 0x72, 0x65, 0x67, 0x73, 0x18, 0x03, 0x20, 0x02, + 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x73, + 0x33, 0x39, 0x30, 0x5f, 0x66, 0x70, 0x72, 0x65, 0x67, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, + 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x06, 0x66, 0x70, 0x72, 0x65, 0x67, 0x73, 0x12, + 0x40, 0x0a, 0x08, 0x76, 0x78, 0x72, 0x73, 0x5f, 0x6c, 0x6f, 0x77, 0x18, 0x04, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x1e, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x73, 0x33, + 0x39, 0x30, 0x5f, 0x76, 0x78, 0x72, 0x73, 0x5f, 0x6c, 0x6f, 0x77, 0x5f, 0x65, 0x6e, 0x74, 0x72, + 0x79, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x07, 0x76, 0x78, 0x72, 0x73, 0x4c, 0x6f, + 0x77, 0x12, 0x43, 0x0a, 0x09, 0x76, 0x78, 0x72, 0x73, 0x5f, 0x68, 0x69, 0x67, 0x68, 0x18, 0x05, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x75, 0x73, 0x65, 0x72, + 0x5f, 0x73, 0x33, 0x39, 0x30, 0x5f, 0x76, 0x78, 0x72, 0x73, 0x5f, 0x68, 0x69, 0x67, 0x68, 0x5f, + 0x65, 0x6e, 0x74, 0x72, 0x79, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x08, 0x76, 0x78, + 0x72, 0x73, 0x48, 0x69, 0x67, 0x68, 0x12, 0x37, 0x0a, 0x05, 0x67, 0x73, 0x5f, 0x63, 0x62, 0x18, + 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x75, 0x73, 0x65, + 0x72, 0x5f, 0x73, 0x33, 0x39, 0x30, 0x5f, 0x67, 0x73, 0x5f, 0x63, 0x62, 0x5f, 0x65, 0x6e, 0x74, + 0x72, 0x79, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x04, 0x67, 0x73, 0x43, 0x62, 0x12, + 0x37, 0x0a, 0x05, 0x67, 0x73, 0x5f, 0x62, 0x63, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, + 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x73, 0x33, 0x39, 0x30, 0x5f, + 0x67, 0x73, 0x5f, 0x63, 0x62, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x42, 0x05, 0xd2, 0x3f, 0x02, + 0x08, 0x01, 0x52, 0x04, 0x67, 0x73, 0x42, 0x63, 0x12, 0x34, 0x0a, 0x05, 0x72, 0x69, 0x5f, 0x63, + 0x62, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x75, + 0x73, 0x65, 0x72, 0x5f, 0x73, 0x33, 0x39, 0x30, 0x5f, 0x72, 0x69, 0x5f, 0x65, 0x6e, 0x74, 0x72, + 0x79, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x04, 0x72, 0x69, 0x43, 0x62, +} + +var ( + file_core_s390_proto_rawDescOnce sync.Once + file_core_s390_proto_rawDescData = file_core_s390_proto_rawDesc +) + +func file_core_s390_proto_rawDescGZIP() []byte { + file_core_s390_proto_rawDescOnce.Do(func() { + file_core_s390_proto_rawDescData = protoimpl.X.CompressGZIP(file_core_s390_proto_rawDescData) + }) + return file_core_s390_proto_rawDescData +} + +var file_core_s390_proto_msgTypes = make([]protoimpl.MessageInfo, 7) +var file_core_s390_proto_goTypes = []interface{}{ + (*UserS390RegsEntry)(nil), // 0: criu.user_s390_regs_entry + (*UserS390VxrsLowEntry)(nil), // 1: criu.user_s390_vxrs_low_entry + (*UserS390VxrsHighEntry)(nil), // 2: criu.user_s390_vxrs_high_entry + (*UserS390FpregsEntry)(nil), // 3: criu.user_s390_fpregs_entry + (*UserS390GsCbEntry)(nil), // 4: criu.user_s390_gs_cb_entry + (*UserS390RiEntry)(nil), // 5: criu.user_s390_ri_entry + (*ThreadInfoS390)(nil), // 6: criu.thread_info_s390 +} +var file_core_s390_proto_depIdxs = []int32{ + 0, // 0: criu.thread_info_s390.gpregs:type_name -> criu.user_s390_regs_entry + 3, // 1: criu.thread_info_s390.fpregs:type_name -> criu.user_s390_fpregs_entry + 1, // 2: criu.thread_info_s390.vxrs_low:type_name -> criu.user_s390_vxrs_low_entry + 2, // 3: criu.thread_info_s390.vxrs_high:type_name -> criu.user_s390_vxrs_high_entry + 4, // 4: criu.thread_info_s390.gs_cb:type_name -> criu.user_s390_gs_cb_entry + 4, // 5: criu.thread_info_s390.gs_bc:type_name -> criu.user_s390_gs_cb_entry + 5, // 6: criu.thread_info_s390.ri_cb:type_name -> criu.user_s390_ri_entry + 7, // [7:7] is the sub-list for method output_type + 7, // [7:7] is the sub-list for method input_type + 7, // [7:7] is the sub-list for extension type_name + 7, // [7:7] is the sub-list for extension extendee + 0, // [0:7] is the sub-list for field type_name +} + +func init() { file_core_s390_proto_init() } +func file_core_s390_proto_init() { + if File_core_s390_proto != nil { + return + } + file_opts_proto_init() + if !protoimpl.UnsafeEnabled { + file_core_s390_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*UserS390RegsEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_core_s390_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*UserS390VxrsLowEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_core_s390_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*UserS390VxrsHighEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_core_s390_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*UserS390FpregsEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_core_s390_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*UserS390GsCbEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_core_s390_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*UserS390RiEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_core_s390_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ThreadInfoS390); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_core_s390_proto_rawDesc, + NumEnums: 0, + NumMessages: 7, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_core_s390_proto_goTypes, + DependencyIndexes: file_core_s390_proto_depIdxs, + MessageInfos: file_core_s390_proto_msgTypes, + }.Build() + File_core_s390_proto = out.File + file_core_s390_proto_rawDesc = nil + file_core_s390_proto_goTypes = nil + file_core_s390_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-s390.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-s390.proto new file mode 100644 index 00000000000..1884e2cb42e --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-s390.proto @@ -0,0 +1,54 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +import "opts.proto"; + +message user_s390_regs_entry { + required uint64 psw_mask = 1; + required uint64 psw_addr = 2; + repeated uint64 gprs = 3; + repeated uint32 acrs = 4; + required uint64 orig_gpr2 = 5; + required uint32 system_call = 6; +} + +message user_s390_vxrs_low_entry { + repeated uint64 regs = 1; +} + +/* + * The vxrs_high registers have 128 bit: + * + * vxrs_high_0 = regs[0] << 64 | regs[1]; + * vxrs_high_1 = regs[2] << 64 | regs[3]; + */ +message user_s390_vxrs_high_entry { + repeated uint64 regs = 1; +} + +message user_s390_fpregs_entry { + required uint32 fpc = 1; + repeated uint64 fprs = 2; +} + +message user_s390_gs_cb_entry { + repeated uint64 regs = 1; +} + +message user_s390_ri_entry { + required uint32 ri_on = 1; + repeated uint64 regs = 2; +} + +message thread_info_s390 { + required uint64 clear_tid_addr = 1[(criu).hex = true]; + required user_s390_regs_entry gpregs = 2[(criu).hex = true]; + required user_s390_fpregs_entry fpregs = 3[(criu).hex = true]; + optional user_s390_vxrs_low_entry vxrs_low = 4[(criu).hex = true]; + optional user_s390_vxrs_high_entry vxrs_high = 5[(criu).hex = true]; + optional user_s390_gs_cb_entry gs_cb = 6[(criu).hex = true]; + optional user_s390_gs_cb_entry gs_bc = 7[(criu).hex = true]; + optional user_s390_ri_entry ri_cb = 8[(criu).hex = true]; +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-x86.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-x86.pb.go new file mode 100644 index 00000000000..d109eaca0ee --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-x86.pb.go @@ -0,0 +1,1031 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: core-x86.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type UserX86RegsMode int32 + +const ( + UserX86RegsMode_NATIVE UserX86RegsMode = 1 + UserX86RegsMode_COMPAT UserX86RegsMode = 2 +) + +// Enum value maps for UserX86RegsMode. +var ( + UserX86RegsMode_name = map[int32]string{ + 1: "NATIVE", + 2: "COMPAT", + } + UserX86RegsMode_value = map[string]int32{ + "NATIVE": 1, + "COMPAT": 2, + } +) + +func (x UserX86RegsMode) Enum() *UserX86RegsMode { + p := new(UserX86RegsMode) + *p = x + return p +} + +func (x UserX86RegsMode) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (UserX86RegsMode) Descriptor() protoreflect.EnumDescriptor { + return file_core_x86_proto_enumTypes[0].Descriptor() +} + +func (UserX86RegsMode) Type() protoreflect.EnumType { + return &file_core_x86_proto_enumTypes[0] +} + +func (x UserX86RegsMode) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Do not use. +func (x *UserX86RegsMode) UnmarshalJSON(b []byte) error { + num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b) + if err != nil { + return err + } + *x = UserX86RegsMode(num) + return nil +} + +// Deprecated: Use UserX86RegsMode.Descriptor instead. +func (UserX86RegsMode) EnumDescriptor() ([]byte, []int) { + return file_core_x86_proto_rawDescGZIP(), []int{0} +} + +// Reusing entry for both 64 and 32 bits register sets +type UserX86RegsEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + R15 *uint64 `protobuf:"varint,1,req,name=r15" json:"r15,omitempty"` + R14 *uint64 `protobuf:"varint,2,req,name=r14" json:"r14,omitempty"` + R13 *uint64 `protobuf:"varint,3,req,name=r13" json:"r13,omitempty"` + R12 *uint64 `protobuf:"varint,4,req,name=r12" json:"r12,omitempty"` + Bp *uint64 `protobuf:"varint,5,req,name=bp" json:"bp,omitempty"` + Bx *uint64 `protobuf:"varint,6,req,name=bx" json:"bx,omitempty"` + R11 *uint64 `protobuf:"varint,7,req,name=r11" json:"r11,omitempty"` + R10 *uint64 `protobuf:"varint,8,req,name=r10" json:"r10,omitempty"` + R9 *uint64 `protobuf:"varint,9,req,name=r9" json:"r9,omitempty"` + R8 *uint64 `protobuf:"varint,10,req,name=r8" json:"r8,omitempty"` + Ax *uint64 `protobuf:"varint,11,req,name=ax" json:"ax,omitempty"` + Cx *uint64 `protobuf:"varint,12,req,name=cx" json:"cx,omitempty"` + Dx *uint64 `protobuf:"varint,13,req,name=dx" json:"dx,omitempty"` + Si *uint64 `protobuf:"varint,14,req,name=si" json:"si,omitempty"` + Di *uint64 `protobuf:"varint,15,req,name=di" json:"di,omitempty"` + OrigAx *uint64 `protobuf:"varint,16,req,name=orig_ax,json=origAx" json:"orig_ax,omitempty"` + Ip *uint64 `protobuf:"varint,17,req,name=ip" json:"ip,omitempty"` + Cs *uint64 `protobuf:"varint,18,req,name=cs" json:"cs,omitempty"` + Flags *uint64 `protobuf:"varint,19,req,name=flags" json:"flags,omitempty"` + Sp *uint64 `protobuf:"varint,20,req,name=sp" json:"sp,omitempty"` + Ss *uint64 `protobuf:"varint,21,req,name=ss" json:"ss,omitempty"` + FsBase *uint64 `protobuf:"varint,22,req,name=fs_base,json=fsBase" json:"fs_base,omitempty"` + GsBase *uint64 `protobuf:"varint,23,req,name=gs_base,json=gsBase" json:"gs_base,omitempty"` + Ds *uint64 `protobuf:"varint,24,req,name=ds" json:"ds,omitempty"` + Es *uint64 `protobuf:"varint,25,req,name=es" json:"es,omitempty"` + Fs *uint64 `protobuf:"varint,26,req,name=fs" json:"fs,omitempty"` + Gs *uint64 `protobuf:"varint,27,req,name=gs" json:"gs,omitempty"` + Mode *UserX86RegsMode `protobuf:"varint,28,opt,name=mode,enum=criu.UserX86RegsMode,def=1" json:"mode,omitempty"` +} + +// Default values for UserX86RegsEntry fields. +const ( + Default_UserX86RegsEntry_Mode = UserX86RegsMode_NATIVE +) + +func (x *UserX86RegsEntry) Reset() { + *x = UserX86RegsEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_core_x86_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *UserX86RegsEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*UserX86RegsEntry) ProtoMessage() {} + +func (x *UserX86RegsEntry) ProtoReflect() protoreflect.Message { + mi := &file_core_x86_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use UserX86RegsEntry.ProtoReflect.Descriptor instead. +func (*UserX86RegsEntry) Descriptor() ([]byte, []int) { + return file_core_x86_proto_rawDescGZIP(), []int{0} +} + +func (x *UserX86RegsEntry) GetR15() uint64 { + if x != nil && x.R15 != nil { + return *x.R15 + } + return 0 +} + +func (x *UserX86RegsEntry) GetR14() uint64 { + if x != nil && x.R14 != nil { + return *x.R14 + } + return 0 +} + +func (x *UserX86RegsEntry) GetR13() uint64 { + if x != nil && x.R13 != nil { + return *x.R13 + } + return 0 +} + +func (x *UserX86RegsEntry) GetR12() uint64 { + if x != nil && x.R12 != nil { + return *x.R12 + } + return 0 +} + +func (x *UserX86RegsEntry) GetBp() uint64 { + if x != nil && x.Bp != nil { + return *x.Bp + } + return 0 +} + +func (x *UserX86RegsEntry) GetBx() uint64 { + if x != nil && x.Bx != nil { + return *x.Bx + } + return 0 +} + +func (x *UserX86RegsEntry) GetR11() uint64 { + if x != nil && x.R11 != nil { + return *x.R11 + } + return 0 +} + +func (x *UserX86RegsEntry) GetR10() uint64 { + if x != nil && x.R10 != nil { + return *x.R10 + } + return 0 +} + +func (x *UserX86RegsEntry) GetR9() uint64 { + if x != nil && x.R9 != nil { + return *x.R9 + } + return 0 +} + +func (x *UserX86RegsEntry) GetR8() uint64 { + if x != nil && x.R8 != nil { + return *x.R8 + } + return 0 +} + +func (x *UserX86RegsEntry) GetAx() uint64 { + if x != nil && x.Ax != nil { + return *x.Ax + } + return 0 +} + +func (x *UserX86RegsEntry) GetCx() uint64 { + if x != nil && x.Cx != nil { + return *x.Cx + } + return 0 +} + +func (x *UserX86RegsEntry) GetDx() uint64 { + if x != nil && x.Dx != nil { + return *x.Dx + } + return 0 +} + +func (x *UserX86RegsEntry) GetSi() uint64 { + if x != nil && x.Si != nil { + return *x.Si + } + return 0 +} + +func (x *UserX86RegsEntry) GetDi() uint64 { + if x != nil && x.Di != nil { + return *x.Di + } + return 0 +} + +func (x *UserX86RegsEntry) GetOrigAx() uint64 { + if x != nil && x.OrigAx != nil { + return *x.OrigAx + } + return 0 +} + +func (x *UserX86RegsEntry) GetIp() uint64 { + if x != nil && x.Ip != nil { + return *x.Ip + } + return 0 +} + +func (x *UserX86RegsEntry) GetCs() uint64 { + if x != nil && x.Cs != nil { + return *x.Cs + } + return 0 +} + +func (x *UserX86RegsEntry) GetFlags() uint64 { + if x != nil && x.Flags != nil { + return *x.Flags + } + return 0 +} + +func (x *UserX86RegsEntry) GetSp() uint64 { + if x != nil && x.Sp != nil { + return *x.Sp + } + return 0 +} + +func (x *UserX86RegsEntry) GetSs() uint64 { + if x != nil && x.Ss != nil { + return *x.Ss + } + return 0 +} + +func (x *UserX86RegsEntry) GetFsBase() uint64 { + if x != nil && x.FsBase != nil { + return *x.FsBase + } + return 0 +} + +func (x *UserX86RegsEntry) GetGsBase() uint64 { + if x != nil && x.GsBase != nil { + return *x.GsBase + } + return 0 +} + +func (x *UserX86RegsEntry) GetDs() uint64 { + if x != nil && x.Ds != nil { + return *x.Ds + } + return 0 +} + +func (x *UserX86RegsEntry) GetEs() uint64 { + if x != nil && x.Es != nil { + return *x.Es + } + return 0 +} + +func (x *UserX86RegsEntry) GetFs() uint64 { + if x != nil && x.Fs != nil { + return *x.Fs + } + return 0 +} + +func (x *UserX86RegsEntry) GetGs() uint64 { + if x != nil && x.Gs != nil { + return *x.Gs + } + return 0 +} + +func (x *UserX86RegsEntry) GetMode() UserX86RegsMode { + if x != nil && x.Mode != nil { + return *x.Mode + } + return Default_UserX86RegsEntry_Mode +} + +type UserX86XsaveEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // standard xsave features + XstateBv *uint64 `protobuf:"varint,1,req,name=xstate_bv,json=xstateBv" json:"xstate_bv,omitempty"` + // AVX components: 16x 256-bit ymm registers, hi 128 bits + YmmhSpace []uint32 `protobuf:"varint,2,rep,name=ymmh_space,json=ymmhSpace" json:"ymmh_space,omitempty"` + // MPX components + BndregState []uint64 `protobuf:"varint,3,rep,name=bndreg_state,json=bndregState" json:"bndreg_state,omitempty"` + BndcsrState []uint64 `protobuf:"varint,4,rep,name=bndcsr_state,json=bndcsrState" json:"bndcsr_state,omitempty"` + // AVX512 components: k0-k7, ZMM_Hi256, Hi16_ZMM + OpmaskReg []uint64 `protobuf:"varint,5,rep,name=opmask_reg,json=opmaskReg" json:"opmask_reg,omitempty"` + ZmmUpper []uint64 `protobuf:"varint,6,rep,name=zmm_upper,json=zmmUpper" json:"zmm_upper,omitempty"` + Hi16Zmm []uint64 `protobuf:"varint,7,rep,name=hi16_zmm,json=hi16Zmm" json:"hi16_zmm,omitempty"` + // Protected keys + Pkru []uint32 `protobuf:"varint,8,rep,name=pkru" json:"pkru,omitempty"` +} + +func (x *UserX86XsaveEntry) Reset() { + *x = UserX86XsaveEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_core_x86_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *UserX86XsaveEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*UserX86XsaveEntry) ProtoMessage() {} + +func (x *UserX86XsaveEntry) ProtoReflect() protoreflect.Message { + mi := &file_core_x86_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use UserX86XsaveEntry.ProtoReflect.Descriptor instead. +func (*UserX86XsaveEntry) Descriptor() ([]byte, []int) { + return file_core_x86_proto_rawDescGZIP(), []int{1} +} + +func (x *UserX86XsaveEntry) GetXstateBv() uint64 { + if x != nil && x.XstateBv != nil { + return *x.XstateBv + } + return 0 +} + +func (x *UserX86XsaveEntry) GetYmmhSpace() []uint32 { + if x != nil { + return x.YmmhSpace + } + return nil +} + +func (x *UserX86XsaveEntry) GetBndregState() []uint64 { + if x != nil { + return x.BndregState + } + return nil +} + +func (x *UserX86XsaveEntry) GetBndcsrState() []uint64 { + if x != nil { + return x.BndcsrState + } + return nil +} + +func (x *UserX86XsaveEntry) GetOpmaskReg() []uint64 { + if x != nil { + return x.OpmaskReg + } + return nil +} + +func (x *UserX86XsaveEntry) GetZmmUpper() []uint64 { + if x != nil { + return x.ZmmUpper + } + return nil +} + +func (x *UserX86XsaveEntry) GetHi16Zmm() []uint64 { + if x != nil { + return x.Hi16Zmm + } + return nil +} + +func (x *UserX86XsaveEntry) GetPkru() []uint32 { + if x != nil { + return x.Pkru + } + return nil +} + +type UserX86FpregsEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // fxsave data + Cwd *uint32 `protobuf:"varint,1,req,name=cwd" json:"cwd,omitempty"` + Swd *uint32 `protobuf:"varint,2,req,name=swd" json:"swd,omitempty"` + Twd *uint32 `protobuf:"varint,3,req,name=twd" json:"twd,omitempty"` + Fop *uint32 `protobuf:"varint,4,req,name=fop" json:"fop,omitempty"` + Rip *uint64 `protobuf:"varint,5,req,name=rip" json:"rip,omitempty"` + Rdp *uint64 `protobuf:"varint,6,req,name=rdp" json:"rdp,omitempty"` + Mxcsr *uint32 `protobuf:"varint,7,req,name=mxcsr" json:"mxcsr,omitempty"` + MxcsrMask *uint32 `protobuf:"varint,8,req,name=mxcsr_mask,json=mxcsrMask" json:"mxcsr_mask,omitempty"` + StSpace []uint32 `protobuf:"varint,9,rep,name=st_space,json=stSpace" json:"st_space,omitempty"` + XmmSpace []uint32 `protobuf:"varint,10,rep,name=xmm_space,json=xmmSpace" json:"xmm_space,omitempty"` + // Unused, but present for backward compatibility + Padding []uint32 `protobuf:"varint,11,rep,name=padding" json:"padding,omitempty"` + // xsave extension + Xsave *UserX86XsaveEntry `protobuf:"bytes,13,opt,name=xsave" json:"xsave,omitempty"` +} + +func (x *UserX86FpregsEntry) Reset() { + *x = UserX86FpregsEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_core_x86_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *UserX86FpregsEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*UserX86FpregsEntry) ProtoMessage() {} + +func (x *UserX86FpregsEntry) ProtoReflect() protoreflect.Message { + mi := &file_core_x86_proto_msgTypes[2] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use UserX86FpregsEntry.ProtoReflect.Descriptor instead. +func (*UserX86FpregsEntry) Descriptor() ([]byte, []int) { + return file_core_x86_proto_rawDescGZIP(), []int{2} +} + +func (x *UserX86FpregsEntry) GetCwd() uint32 { + if x != nil && x.Cwd != nil { + return *x.Cwd + } + return 0 +} + +func (x *UserX86FpregsEntry) GetSwd() uint32 { + if x != nil && x.Swd != nil { + return *x.Swd + } + return 0 +} + +func (x *UserX86FpregsEntry) GetTwd() uint32 { + if x != nil && x.Twd != nil { + return *x.Twd + } + return 0 +} + +func (x *UserX86FpregsEntry) GetFop() uint32 { + if x != nil && x.Fop != nil { + return *x.Fop + } + return 0 +} + +func (x *UserX86FpregsEntry) GetRip() uint64 { + if x != nil && x.Rip != nil { + return *x.Rip + } + return 0 +} + +func (x *UserX86FpregsEntry) GetRdp() uint64 { + if x != nil && x.Rdp != nil { + return *x.Rdp + } + return 0 +} + +func (x *UserX86FpregsEntry) GetMxcsr() uint32 { + if x != nil && x.Mxcsr != nil { + return *x.Mxcsr + } + return 0 +} + +func (x *UserX86FpregsEntry) GetMxcsrMask() uint32 { + if x != nil && x.MxcsrMask != nil { + return *x.MxcsrMask + } + return 0 +} + +func (x *UserX86FpregsEntry) GetStSpace() []uint32 { + if x != nil { + return x.StSpace + } + return nil +} + +func (x *UserX86FpregsEntry) GetXmmSpace() []uint32 { + if x != nil { + return x.XmmSpace + } + return nil +} + +func (x *UserX86FpregsEntry) GetPadding() []uint32 { + if x != nil { + return x.Padding + } + return nil +} + +func (x *UserX86FpregsEntry) GetXsave() *UserX86XsaveEntry { + if x != nil { + return x.Xsave + } + return nil +} + +type UserDescT struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + EntryNumber *uint32 `protobuf:"varint,1,req,name=entry_number,json=entryNumber" json:"entry_number,omitempty"` + // this is for GDT, not for MSRs - 32-bit base + BaseAddr *uint32 `protobuf:"varint,2,req,name=base_addr,json=baseAddr" json:"base_addr,omitempty"` + Limit *uint32 `protobuf:"varint,3,req,name=limit" json:"limit,omitempty"` + Seg_32Bit *bool `protobuf:"varint,4,req,name=seg_32bit,json=seg32bit" json:"seg_32bit,omitempty"` + ContentsH *bool `protobuf:"varint,5,req,name=contents_h,json=contentsH" json:"contents_h,omitempty"` + ContentsL *bool `protobuf:"varint,6,req,name=contents_l,json=contentsL" json:"contents_l,omitempty"` + ReadExecOnly *bool `protobuf:"varint,7,req,name=read_exec_only,json=readExecOnly,def=1" json:"read_exec_only,omitempty"` + LimitInPages *bool `protobuf:"varint,8,req,name=limit_in_pages,json=limitInPages" json:"limit_in_pages,omitempty"` + SegNotPresent *bool `protobuf:"varint,9,req,name=seg_not_present,json=segNotPresent,def=1" json:"seg_not_present,omitempty"` + Usable *bool `protobuf:"varint,10,req,name=usable" json:"usable,omitempty"` +} + +// Default values for UserDescT fields. +const ( + Default_UserDescT_ReadExecOnly = bool(true) + Default_UserDescT_SegNotPresent = bool(true) +) + +func (x *UserDescT) Reset() { + *x = UserDescT{} + if protoimpl.UnsafeEnabled { + mi := &file_core_x86_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *UserDescT) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*UserDescT) ProtoMessage() {} + +func (x *UserDescT) ProtoReflect() protoreflect.Message { + mi := &file_core_x86_proto_msgTypes[3] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use UserDescT.ProtoReflect.Descriptor instead. +func (*UserDescT) Descriptor() ([]byte, []int) { + return file_core_x86_proto_rawDescGZIP(), []int{3} +} + +func (x *UserDescT) GetEntryNumber() uint32 { + if x != nil && x.EntryNumber != nil { + return *x.EntryNumber + } + return 0 +} + +func (x *UserDescT) GetBaseAddr() uint32 { + if x != nil && x.BaseAddr != nil { + return *x.BaseAddr + } + return 0 +} + +func (x *UserDescT) GetLimit() uint32 { + if x != nil && x.Limit != nil { + return *x.Limit + } + return 0 +} + +func (x *UserDescT) GetSeg_32Bit() bool { + if x != nil && x.Seg_32Bit != nil { + return *x.Seg_32Bit + } + return false +} + +func (x *UserDescT) GetContentsH() bool { + if x != nil && x.ContentsH != nil { + return *x.ContentsH + } + return false +} + +func (x *UserDescT) GetContentsL() bool { + if x != nil && x.ContentsL != nil { + return *x.ContentsL + } + return false +} + +func (x *UserDescT) GetReadExecOnly() bool { + if x != nil && x.ReadExecOnly != nil { + return *x.ReadExecOnly + } + return Default_UserDescT_ReadExecOnly +} + +func (x *UserDescT) GetLimitInPages() bool { + if x != nil && x.LimitInPages != nil { + return *x.LimitInPages + } + return false +} + +func (x *UserDescT) GetSegNotPresent() bool { + if x != nil && x.SegNotPresent != nil { + return *x.SegNotPresent + } + return Default_UserDescT_SegNotPresent +} + +func (x *UserDescT) GetUsable() bool { + if x != nil && x.Usable != nil { + return *x.Usable + } + return false +} + +type ThreadInfoX86 struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + ClearTidAddr *uint64 `protobuf:"varint,1,req,name=clear_tid_addr,json=clearTidAddr" json:"clear_tid_addr,omitempty"` + Gpregs *UserX86RegsEntry `protobuf:"bytes,2,req,name=gpregs" json:"gpregs,omitempty"` + Fpregs *UserX86FpregsEntry `protobuf:"bytes,3,req,name=fpregs" json:"fpregs,omitempty"` + Tls []*UserDescT `protobuf:"bytes,4,rep,name=tls" json:"tls,omitempty"` +} + +func (x *ThreadInfoX86) Reset() { + *x = ThreadInfoX86{} + if protoimpl.UnsafeEnabled { + mi := &file_core_x86_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ThreadInfoX86) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ThreadInfoX86) ProtoMessage() {} + +func (x *ThreadInfoX86) ProtoReflect() protoreflect.Message { + mi := &file_core_x86_proto_msgTypes[4] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ThreadInfoX86.ProtoReflect.Descriptor instead. +func (*ThreadInfoX86) Descriptor() ([]byte, []int) { + return file_core_x86_proto_rawDescGZIP(), []int{4} +} + +func (x *ThreadInfoX86) GetClearTidAddr() uint64 { + if x != nil && x.ClearTidAddr != nil { + return *x.ClearTidAddr + } + return 0 +} + +func (x *ThreadInfoX86) GetGpregs() *UserX86RegsEntry { + if x != nil { + return x.Gpregs + } + return nil +} + +func (x *ThreadInfoX86) GetFpregs() *UserX86FpregsEntry { + if x != nil { + return x.Fpregs + } + return nil +} + +func (x *ThreadInfoX86) GetTls() []*UserDescT { + if x != nil { + return x.Tls + } + return nil +} + +var File_core_x86_proto protoreflect.FileDescriptor + +var file_core_x86_proto_rawDesc = []byte{ + 0x0a, 0x0e, 0x63, 0x6f, 0x72, 0x65, 0x2d, 0x78, 0x38, 0x36, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x12, 0x04, 0x63, 0x72, 0x69, 0x75, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x22, 0xa8, 0x04, 0x0a, 0x13, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x78, 0x38, 0x36, 0x5f, + 0x72, 0x65, 0x67, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, + 0x35, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x35, 0x12, 0x10, 0x0a, 0x03, + 0x72, 0x31, 0x34, 0x18, 0x02, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x34, 0x12, 0x10, + 0x0a, 0x03, 0x72, 0x31, 0x33, 0x18, 0x03, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x33, + 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, 0x32, 0x18, 0x04, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, + 0x31, 0x32, 0x12, 0x0e, 0x0a, 0x02, 0x62, 0x70, 0x18, 0x05, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, + 0x62, 0x70, 0x12, 0x0e, 0x0a, 0x02, 0x62, 0x78, 0x18, 0x06, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, + 0x62, 0x78, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, 0x31, 0x18, 0x07, 0x20, 0x02, 0x28, 0x04, 0x52, + 0x03, 0x72, 0x31, 0x31, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, 0x30, 0x18, 0x08, 0x20, 0x02, 0x28, + 0x04, 0x52, 0x03, 0x72, 0x31, 0x30, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x39, 0x18, 0x09, 0x20, 0x02, + 0x28, 0x04, 0x52, 0x02, 0x72, 0x39, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x38, 0x18, 0x0a, 0x20, 0x02, + 0x28, 0x04, 0x52, 0x02, 0x72, 0x38, 0x12, 0x0e, 0x0a, 0x02, 0x61, 0x78, 0x18, 0x0b, 0x20, 0x02, + 0x28, 0x04, 0x52, 0x02, 0x61, 0x78, 0x12, 0x0e, 0x0a, 0x02, 0x63, 0x78, 0x18, 0x0c, 0x20, 0x02, + 0x28, 0x04, 0x52, 0x02, 0x63, 0x78, 0x12, 0x0e, 0x0a, 0x02, 0x64, 0x78, 0x18, 0x0d, 0x20, 0x02, + 0x28, 0x04, 0x52, 0x02, 0x64, 0x78, 0x12, 0x0e, 0x0a, 0x02, 0x73, 0x69, 0x18, 0x0e, 0x20, 0x02, + 0x28, 0x04, 0x52, 0x02, 0x73, 0x69, 0x12, 0x0e, 0x0a, 0x02, 0x64, 0x69, 0x18, 0x0f, 0x20, 0x02, + 0x28, 0x04, 0x52, 0x02, 0x64, 0x69, 0x12, 0x17, 0x0a, 0x07, 0x6f, 0x72, 0x69, 0x67, 0x5f, 0x61, + 0x78, 0x18, 0x10, 0x20, 0x02, 0x28, 0x04, 0x52, 0x06, 0x6f, 0x72, 0x69, 0x67, 0x41, 0x78, 0x12, + 0x0e, 0x0a, 0x02, 0x69, 0x70, 0x18, 0x11, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x69, 0x70, 0x12, + 0x0e, 0x0a, 0x02, 0x63, 0x73, 0x18, 0x12, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x63, 0x73, 0x12, + 0x14, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x13, 0x20, 0x02, 0x28, 0x04, 0x52, 0x05, + 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x0e, 0x0a, 0x02, 0x73, 0x70, 0x18, 0x14, 0x20, 0x02, 0x28, + 0x04, 0x52, 0x02, 0x73, 0x70, 0x12, 0x0e, 0x0a, 0x02, 0x73, 0x73, 0x18, 0x15, 0x20, 0x02, 0x28, + 0x04, 0x52, 0x02, 0x73, 0x73, 0x12, 0x17, 0x0a, 0x07, 0x66, 0x73, 0x5f, 0x62, 0x61, 0x73, 0x65, + 0x18, 0x16, 0x20, 0x02, 0x28, 0x04, 0x52, 0x06, 0x66, 0x73, 0x42, 0x61, 0x73, 0x65, 0x12, 0x17, + 0x0a, 0x07, 0x67, 0x73, 0x5f, 0x62, 0x61, 0x73, 0x65, 0x18, 0x17, 0x20, 0x02, 0x28, 0x04, 0x52, + 0x06, 0x67, 0x73, 0x42, 0x61, 0x73, 0x65, 0x12, 0x0e, 0x0a, 0x02, 0x64, 0x73, 0x18, 0x18, 0x20, + 0x02, 0x28, 0x04, 0x52, 0x02, 0x64, 0x73, 0x12, 0x0e, 0x0a, 0x02, 0x65, 0x73, 0x18, 0x19, 0x20, + 0x02, 0x28, 0x04, 0x52, 0x02, 0x65, 0x73, 0x12, 0x0e, 0x0a, 0x02, 0x66, 0x73, 0x18, 0x1a, 0x20, + 0x02, 0x28, 0x04, 0x52, 0x02, 0x66, 0x73, 0x12, 0x0e, 0x0a, 0x02, 0x67, 0x73, 0x18, 0x1b, 0x20, + 0x02, 0x28, 0x04, 0x52, 0x02, 0x67, 0x73, 0x12, 0x34, 0x0a, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x18, + 0x1c, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x18, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x75, 0x73, 0x65, + 0x72, 0x5f, 0x78, 0x38, 0x36, 0x5f, 0x72, 0x65, 0x67, 0x73, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x3a, + 0x06, 0x4e, 0x41, 0x54, 0x49, 0x56, 0x45, 0x52, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x22, 0x83, 0x02, + 0x0a, 0x14, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x78, 0x38, 0x36, 0x5f, 0x78, 0x73, 0x61, 0x76, 0x65, + 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x1b, 0x0a, 0x09, 0x78, 0x73, 0x74, 0x61, 0x74, 0x65, + 0x5f, 0x62, 0x76, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x52, 0x08, 0x78, 0x73, 0x74, 0x61, 0x74, + 0x65, 0x42, 0x76, 0x12, 0x1d, 0x0a, 0x0a, 0x79, 0x6d, 0x6d, 0x68, 0x5f, 0x73, 0x70, 0x61, 0x63, + 0x65, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0d, 0x52, 0x09, 0x79, 0x6d, 0x6d, 0x68, 0x53, 0x70, 0x61, + 0x63, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x62, 0x6e, 0x64, 0x72, 0x65, 0x67, 0x5f, 0x73, 0x74, 0x61, + 0x74, 0x65, 0x18, 0x03, 0x20, 0x03, 0x28, 0x04, 0x52, 0x0b, 0x62, 0x6e, 0x64, 0x72, 0x65, 0x67, + 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x62, 0x6e, 0x64, 0x63, 0x73, 0x72, 0x5f, + 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x04, 0x20, 0x03, 0x28, 0x04, 0x52, 0x0b, 0x62, 0x6e, 0x64, + 0x63, 0x73, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x6f, 0x70, 0x6d, 0x61, + 0x73, 0x6b, 0x5f, 0x72, 0x65, 0x67, 0x18, 0x05, 0x20, 0x03, 0x28, 0x04, 0x52, 0x09, 0x6f, 0x70, + 0x6d, 0x61, 0x73, 0x6b, 0x52, 0x65, 0x67, 0x12, 0x1b, 0x0a, 0x09, 0x7a, 0x6d, 0x6d, 0x5f, 0x75, + 0x70, 0x70, 0x65, 0x72, 0x18, 0x06, 0x20, 0x03, 0x28, 0x04, 0x52, 0x08, 0x7a, 0x6d, 0x6d, 0x55, + 0x70, 0x70, 0x65, 0x72, 0x12, 0x19, 0x0a, 0x08, 0x68, 0x69, 0x31, 0x36, 0x5f, 0x7a, 0x6d, 0x6d, + 0x18, 0x07, 0x20, 0x03, 0x28, 0x04, 0x52, 0x07, 0x68, 0x69, 0x31, 0x36, 0x5a, 0x6d, 0x6d, 0x12, + 0x12, 0x0a, 0x04, 0x70, 0x6b, 0x72, 0x75, 0x18, 0x08, 0x20, 0x03, 0x28, 0x0d, 0x52, 0x04, 0x70, + 0x6b, 0x72, 0x75, 0x22, 0xbc, 0x02, 0x0a, 0x15, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x78, 0x38, 0x36, + 0x5f, 0x66, 0x70, 0x72, 0x65, 0x67, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, + 0x03, 0x63, 0x77, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, 0x63, 0x77, 0x64, 0x12, + 0x10, 0x0a, 0x03, 0x73, 0x77, 0x64, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, 0x73, 0x77, + 0x64, 0x12, 0x10, 0x0a, 0x03, 0x74, 0x77, 0x64, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, + 0x74, 0x77, 0x64, 0x12, 0x10, 0x0a, 0x03, 0x66, 0x6f, 0x70, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, + 0x52, 0x03, 0x66, 0x6f, 0x70, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x69, 0x70, 0x18, 0x05, 0x20, 0x02, + 0x28, 0x04, 0x52, 0x03, 0x72, 0x69, 0x70, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x64, 0x70, 0x18, 0x06, + 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x64, 0x70, 0x12, 0x14, 0x0a, 0x05, 0x6d, 0x78, 0x63, + 0x73, 0x72, 0x18, 0x07, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x6d, 0x78, 0x63, 0x73, 0x72, 0x12, + 0x1d, 0x0a, 0x0a, 0x6d, 0x78, 0x63, 0x73, 0x72, 0x5f, 0x6d, 0x61, 0x73, 0x6b, 0x18, 0x08, 0x20, + 0x02, 0x28, 0x0d, 0x52, 0x09, 0x6d, 0x78, 0x63, 0x73, 0x72, 0x4d, 0x61, 0x73, 0x6b, 0x12, 0x19, + 0x0a, 0x08, 0x73, 0x74, 0x5f, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x09, 0x20, 0x03, 0x28, 0x0d, + 0x52, 0x07, 0x73, 0x74, 0x53, 0x70, 0x61, 0x63, 0x65, 0x12, 0x1b, 0x0a, 0x09, 0x78, 0x6d, 0x6d, + 0x5f, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x0a, 0x20, 0x03, 0x28, 0x0d, 0x52, 0x08, 0x78, 0x6d, + 0x6d, 0x53, 0x70, 0x61, 0x63, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x70, 0x61, 0x64, 0x64, 0x69, 0x6e, + 0x67, 0x18, 0x0b, 0x20, 0x03, 0x28, 0x0d, 0x52, 0x07, 0x70, 0x61, 0x64, 0x64, 0x69, 0x6e, 0x67, + 0x12, 0x30, 0x0a, 0x05, 0x78, 0x73, 0x61, 0x76, 0x65, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x1a, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x78, 0x38, 0x36, 0x5f, + 0x78, 0x73, 0x61, 0x76, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x05, 0x78, 0x73, 0x61, + 0x76, 0x65, 0x22, 0xd6, 0x02, 0x0a, 0x0b, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x64, 0x65, 0x73, 0x63, + 0x5f, 0x74, 0x12, 0x21, 0x0a, 0x0c, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x5f, 0x6e, 0x75, 0x6d, 0x62, + 0x65, 0x72, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x0b, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x4e, + 0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, 0x1b, 0x0a, 0x09, 0x62, 0x61, 0x73, 0x65, 0x5f, 0x61, 0x64, + 0x64, 0x72, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x08, 0x62, 0x61, 0x73, 0x65, 0x41, 0x64, + 0x64, 0x72, 0x12, 0x14, 0x0a, 0x05, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x18, 0x03, 0x20, 0x02, 0x28, + 0x0d, 0x52, 0x05, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x12, 0x1b, 0x0a, 0x09, 0x73, 0x65, 0x67, 0x5f, + 0x33, 0x32, 0x62, 0x69, 0x74, 0x18, 0x04, 0x20, 0x02, 0x28, 0x08, 0x52, 0x08, 0x73, 0x65, 0x67, + 0x33, 0x32, 0x62, 0x69, 0x74, 0x12, 0x1d, 0x0a, 0x0a, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, + 0x73, 0x5f, 0x68, 0x18, 0x05, 0x20, 0x02, 0x28, 0x08, 0x52, 0x09, 0x63, 0x6f, 0x6e, 0x74, 0x65, + 0x6e, 0x74, 0x73, 0x48, 0x12, 0x1d, 0x0a, 0x0a, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x73, + 0x5f, 0x6c, 0x18, 0x06, 0x20, 0x02, 0x28, 0x08, 0x52, 0x09, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, + 0x74, 0x73, 0x4c, 0x12, 0x2a, 0x0a, 0x0e, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x65, 0x78, 0x65, 0x63, + 0x5f, 0x6f, 0x6e, 0x6c, 0x79, 0x18, 0x07, 0x20, 0x02, 0x28, 0x08, 0x3a, 0x04, 0x74, 0x72, 0x75, + 0x65, 0x52, 0x0c, 0x72, 0x65, 0x61, 0x64, 0x45, 0x78, 0x65, 0x63, 0x4f, 0x6e, 0x6c, 0x79, 0x12, + 0x24, 0x0a, 0x0e, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x5f, 0x69, 0x6e, 0x5f, 0x70, 0x61, 0x67, 0x65, + 0x73, 0x18, 0x08, 0x20, 0x02, 0x28, 0x08, 0x52, 0x0c, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x49, 0x6e, + 0x50, 0x61, 0x67, 0x65, 0x73, 0x12, 0x2c, 0x0a, 0x0f, 0x73, 0x65, 0x67, 0x5f, 0x6e, 0x6f, 0x74, + 0x5f, 0x70, 0x72, 0x65, 0x73, 0x65, 0x6e, 0x74, 0x18, 0x09, 0x20, 0x02, 0x28, 0x08, 0x3a, 0x04, + 0x74, 0x72, 0x75, 0x65, 0x52, 0x0d, 0x73, 0x65, 0x67, 0x4e, 0x6f, 0x74, 0x50, 0x72, 0x65, 0x73, + 0x65, 0x6e, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x75, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x18, 0x0a, 0x20, + 0x02, 0x28, 0x08, 0x52, 0x06, 0x75, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x22, 0xd2, 0x01, 0x0a, 0x0f, + 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x78, 0x38, 0x36, 0x12, + 0x2b, 0x0a, 0x0e, 0x63, 0x6c, 0x65, 0x61, 0x72, 0x5f, 0x74, 0x69, 0x64, 0x5f, 0x61, 0x64, 0x64, + 0x72, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x0c, + 0x63, 0x6c, 0x65, 0x61, 0x72, 0x54, 0x69, 0x64, 0x41, 0x64, 0x64, 0x72, 0x12, 0x38, 0x0a, 0x06, + 0x67, 0x70, 0x72, 0x65, 0x67, 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x63, + 0x72, 0x69, 0x75, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x78, 0x38, 0x36, 0x5f, 0x72, 0x65, 0x67, + 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x06, + 0x67, 0x70, 0x72, 0x65, 0x67, 0x73, 0x12, 0x33, 0x0a, 0x06, 0x66, 0x70, 0x72, 0x65, 0x67, 0x73, + 0x18, 0x03, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x75, 0x73, + 0x65, 0x72, 0x5f, 0x78, 0x38, 0x36, 0x5f, 0x66, 0x70, 0x72, 0x65, 0x67, 0x73, 0x5f, 0x65, 0x6e, + 0x74, 0x72, 0x79, 0x52, 0x06, 0x66, 0x70, 0x72, 0x65, 0x67, 0x73, 0x12, 0x23, 0x0a, 0x03, 0x74, + 0x6c, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, + 0x75, 0x73, 0x65, 0x72, 0x5f, 0x64, 0x65, 0x73, 0x63, 0x5f, 0x74, 0x52, 0x03, 0x74, 0x6c, 0x73, + 0x2a, 0x2c, 0x0a, 0x12, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x78, 0x38, 0x36, 0x5f, 0x72, 0x65, 0x67, + 0x73, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x0a, 0x0a, 0x06, 0x4e, 0x41, 0x54, 0x49, 0x56, 0x45, + 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x43, 0x4f, 0x4d, 0x50, 0x41, 0x54, 0x10, 0x02, +} + +var ( + file_core_x86_proto_rawDescOnce sync.Once + file_core_x86_proto_rawDescData = file_core_x86_proto_rawDesc +) + +func file_core_x86_proto_rawDescGZIP() []byte { + file_core_x86_proto_rawDescOnce.Do(func() { + file_core_x86_proto_rawDescData = protoimpl.X.CompressGZIP(file_core_x86_proto_rawDescData) + }) + return file_core_x86_proto_rawDescData +} + +var file_core_x86_proto_enumTypes = make([]protoimpl.EnumInfo, 1) +var file_core_x86_proto_msgTypes = make([]protoimpl.MessageInfo, 5) +var file_core_x86_proto_goTypes = []interface{}{ + (UserX86RegsMode)(0), // 0: criu.user_x86_regs_mode + (*UserX86RegsEntry)(nil), // 1: criu.user_x86_regs_entry + (*UserX86XsaveEntry)(nil), // 2: criu.user_x86_xsave_entry + (*UserX86FpregsEntry)(nil), // 3: criu.user_x86_fpregs_entry + (*UserDescT)(nil), // 4: criu.user_desc_t + (*ThreadInfoX86)(nil), // 5: criu.thread_info_x86 +} +var file_core_x86_proto_depIdxs = []int32{ + 0, // 0: criu.user_x86_regs_entry.mode:type_name -> criu.user_x86_regs_mode + 2, // 1: criu.user_x86_fpregs_entry.xsave:type_name -> criu.user_x86_xsave_entry + 1, // 2: criu.thread_info_x86.gpregs:type_name -> criu.user_x86_regs_entry + 3, // 3: criu.thread_info_x86.fpregs:type_name -> criu.user_x86_fpregs_entry + 4, // 4: criu.thread_info_x86.tls:type_name -> criu.user_desc_t + 5, // [5:5] is the sub-list for method output_type + 5, // [5:5] is the sub-list for method input_type + 5, // [5:5] is the sub-list for extension type_name + 5, // [5:5] is the sub-list for extension extendee + 0, // [0:5] is the sub-list for field type_name +} + +func init() { file_core_x86_proto_init() } +func file_core_x86_proto_init() { + if File_core_x86_proto != nil { + return + } + file_opts_proto_init() + if !protoimpl.UnsafeEnabled { + file_core_x86_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*UserX86RegsEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_core_x86_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*UserX86XsaveEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_core_x86_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*UserX86FpregsEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_core_x86_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*UserDescT); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_core_x86_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ThreadInfoX86); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_core_x86_proto_rawDesc, + NumEnums: 1, + NumMessages: 5, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_core_x86_proto_goTypes, + DependencyIndexes: file_core_x86_proto_depIdxs, + EnumInfos: file_core_x86_proto_enumTypes, + MessageInfos: file_core_x86_proto_msgTypes, + }.Build() + File_core_x86_proto = out.File + file_core_x86_proto_rawDesc = nil + file_core_x86_proto_goTypes = nil + file_core_x86_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-x86.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-x86.proto new file mode 100644 index 00000000000..8296ac42185 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-x86.proto @@ -0,0 +1,111 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +import "opts.proto"; + +enum user_x86_regs_mode { + NATIVE = 1; + COMPAT = 2; +} + +/* Reusing entry for both 64 and 32 bits register sets */ +message user_x86_regs_entry { + required uint64 r15 = 1; + required uint64 r14 = 2; + required uint64 r13 = 3; + required uint64 r12 = 4; + required uint64 bp = 5; + required uint64 bx = 6; + required uint64 r11 = 7; + required uint64 r10 = 8; + required uint64 r9 = 9; + required uint64 r8 = 10; + required uint64 ax = 11; + required uint64 cx = 12; + required uint64 dx = 13; + required uint64 si = 14; + required uint64 di = 15; + required uint64 orig_ax = 16; + required uint64 ip = 17; + required uint64 cs = 18; + required uint64 flags = 19; + required uint64 sp = 20; + required uint64 ss = 21; + required uint64 fs_base = 22; + required uint64 gs_base = 23; + required uint64 ds = 24; + required uint64 es = 25; + required uint64 fs = 26; + required uint64 gs = 27; + optional user_x86_regs_mode mode = 28 [default = NATIVE]; +} + +message user_x86_xsave_entry { + /* standard xsave features */ + required uint64 xstate_bv = 1; + + /* AVX components: 16x 256-bit ymm registers, hi 128 bits */ + repeated uint32 ymmh_space = 2; + + /* MPX components */ + repeated uint64 bndreg_state = 3; + repeated uint64 bndcsr_state = 4; + + /* AVX512 components: k0-k7, ZMM_Hi256, Hi16_ZMM */ + repeated uint64 opmask_reg = 5; + repeated uint64 zmm_upper = 6; + repeated uint64 hi16_zmm = 7; + + /* Protected keys */ + repeated uint32 pkru = 8; + + /* + * Processor trace (PT) and hardware duty cycling (HDC) + * are supervisor state components and only managed by + * xsaves/xrstors on cpl=0, so ignore them. + */ +} + +message user_x86_fpregs_entry { + + /* fxsave data */ + required uint32 cwd = 1; + required uint32 swd = 2; + required uint32 twd = 3; + required uint32 fop = 4; + required uint64 rip = 5; + required uint64 rdp = 6; + required uint32 mxcsr = 7; + required uint32 mxcsr_mask = 8; + repeated uint32 st_space = 9; + repeated uint32 xmm_space = 10; + + /* Unused, but present for backward compatibility */ + repeated uint32 padding = 11; + + /* xsave extension */ + optional user_x86_xsave_entry xsave = 13; +} + +message user_desc_t { + required uint32 entry_number = 1; + /* this is for GDT, not for MSRs - 32-bit base */ + required uint32 base_addr = 2; + required uint32 limit = 3; + required bool seg_32bit = 4; + required bool contents_h = 5; + required bool contents_l = 6; + required bool read_exec_only = 7 [default = true]; + required bool limit_in_pages = 8; + required bool seg_not_present = 9 [default = true]; + required bool usable = 10; +} + +message thread_info_x86 { + required uint64 clear_tid_addr = 1[(criu).hex = true]; + required user_x86_regs_entry gpregs = 2[(criu).hex = true]; + required user_x86_fpregs_entry fpregs = 3; + repeated user_desc_t tls = 4; +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core.pb.go new file mode 100644 index 00000000000..43f9ab3c106 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core.pb.go @@ -0,0 +1,1206 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: core.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// These match the SECCOMP_MODE_* flags from . +type SeccompMode int32 + +const ( + SeccompMode_disabled SeccompMode = 0 + SeccompMode_strict SeccompMode = 1 + SeccompMode_filter SeccompMode = 2 +) + +// Enum value maps for SeccompMode. +var ( + SeccompMode_name = map[int32]string{ + 0: "disabled", + 1: "strict", + 2: "filter", + } + SeccompMode_value = map[string]int32{ + "disabled": 0, + "strict": 1, + "filter": 2, + } +) + +func (x SeccompMode) Enum() *SeccompMode { + p := new(SeccompMode) + *p = x + return p +} + +func (x SeccompMode) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (SeccompMode) Descriptor() protoreflect.EnumDescriptor { + return file_core_proto_enumTypes[0].Descriptor() +} + +func (SeccompMode) Type() protoreflect.EnumType { + return &file_core_proto_enumTypes[0] +} + +func (x SeccompMode) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Do not use. +func (x *SeccompMode) UnmarshalJSON(b []byte) error { + num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b) + if err != nil { + return err + } + *x = SeccompMode(num) + return nil +} + +// Deprecated: Use SeccompMode.Descriptor instead. +func (SeccompMode) EnumDescriptor() ([]byte, []int) { + return file_core_proto_rawDescGZIP(), []int{0} +} + +type CoreEntryMarch int32 + +const ( + CoreEntry_UNKNOWN CoreEntryMarch = 0 + CoreEntry_X86_64 CoreEntryMarch = 1 + CoreEntry_ARM CoreEntryMarch = 2 + CoreEntry_AARCH64 CoreEntryMarch = 3 + CoreEntry_PPC64 CoreEntryMarch = 4 + CoreEntry_S390 CoreEntryMarch = 5 + CoreEntry_MIPS CoreEntryMarch = 6 +) + +// Enum value maps for CoreEntryMarch. +var ( + CoreEntryMarch_name = map[int32]string{ + 0: "UNKNOWN", + 1: "X86_64", + 2: "ARM", + 3: "AARCH64", + 4: "PPC64", + 5: "S390", + 6: "MIPS", + } + CoreEntryMarch_value = map[string]int32{ + "UNKNOWN": 0, + "X86_64": 1, + "ARM": 2, + "AARCH64": 3, + "PPC64": 4, + "S390": 5, + "MIPS": 6, + } +) + +func (x CoreEntryMarch) Enum() *CoreEntryMarch { + p := new(CoreEntryMarch) + *p = x + return p +} + +func (x CoreEntryMarch) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (CoreEntryMarch) Descriptor() protoreflect.EnumDescriptor { + return file_core_proto_enumTypes[1].Descriptor() +} + +func (CoreEntryMarch) Type() protoreflect.EnumType { + return &file_core_proto_enumTypes[1] +} + +func (x CoreEntryMarch) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Do not use. +func (x *CoreEntryMarch) UnmarshalJSON(b []byte) error { + num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b) + if err != nil { + return err + } + *x = CoreEntryMarch(num) + return nil +} + +// Deprecated: Use CoreEntryMarch.Descriptor instead. +func (CoreEntryMarch) EnumDescriptor() ([]byte, []int) { + return file_core_proto_rawDescGZIP(), []int{5, 0} +} + +type TaskCoreEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + TaskState *uint32 `protobuf:"varint,1,req,name=task_state,json=taskState" json:"task_state,omitempty"` + ExitCode *uint32 `protobuf:"varint,2,req,name=exit_code,json=exitCode" json:"exit_code,omitempty"` + Personality *uint32 `protobuf:"varint,3,req,name=personality" json:"personality,omitempty"` + Flags *uint32 `protobuf:"varint,4,req,name=flags" json:"flags,omitempty"` + BlkSigset *uint64 `protobuf:"varint,5,req,name=blk_sigset,json=blkSigset" json:"blk_sigset,omitempty"` + Comm *string `protobuf:"bytes,6,req,name=comm" json:"comm,omitempty"` + Timers *TaskTimersEntry `protobuf:"bytes,7,opt,name=timers" json:"timers,omitempty"` + Rlimits *TaskRlimitsEntry `protobuf:"bytes,8,opt,name=rlimits" json:"rlimits,omitempty"` + CgSet *uint32 `protobuf:"varint,9,opt,name=cg_set,json=cgSet" json:"cg_set,omitempty"` + SignalsS *SignalQueueEntry `protobuf:"bytes,10,opt,name=signals_s,json=signalsS" json:"signals_s,omitempty"` + // These two are deprecated, should be per-thread + OldSeccompMode *SeccompMode `protobuf:"varint,11,opt,name=old_seccomp_mode,json=oldSeccompMode,enum=criu.SeccompMode" json:"old_seccomp_mode,omitempty"` + OldSeccompFilter *uint32 `protobuf:"varint,12,opt,name=old_seccomp_filter,json=oldSeccompFilter" json:"old_seccomp_filter,omitempty"` + Loginuid *uint32 `protobuf:"varint,13,opt,name=loginuid" json:"loginuid,omitempty"` + OomScoreAdj *int32 `protobuf:"varint,14,opt,name=oom_score_adj,json=oomScoreAdj" json:"oom_score_adj,omitempty"` + Sigactions []*SaEntry `protobuf:"bytes,15,rep,name=sigactions" json:"sigactions,omitempty"` + ChildSubreaper *bool `protobuf:"varint,18,opt,name=child_subreaper,json=childSubreaper" json:"child_subreaper,omitempty"` + // Reserved for container relative start time + // optional uint64 start_time = 19; + BlkSigsetExtended *uint64 `protobuf:"varint,20,opt,name=blk_sigset_extended,json=blkSigsetExtended" json:"blk_sigset_extended,omitempty"` +} + +func (x *TaskCoreEntry) Reset() { + *x = TaskCoreEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_core_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *TaskCoreEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*TaskCoreEntry) ProtoMessage() {} + +func (x *TaskCoreEntry) ProtoReflect() protoreflect.Message { + mi := &file_core_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use TaskCoreEntry.ProtoReflect.Descriptor instead. +func (*TaskCoreEntry) Descriptor() ([]byte, []int) { + return file_core_proto_rawDescGZIP(), []int{0} +} + +func (x *TaskCoreEntry) GetTaskState() uint32 { + if x != nil && x.TaskState != nil { + return *x.TaskState + } + return 0 +} + +func (x *TaskCoreEntry) GetExitCode() uint32 { + if x != nil && x.ExitCode != nil { + return *x.ExitCode + } + return 0 +} + +func (x *TaskCoreEntry) GetPersonality() uint32 { + if x != nil && x.Personality != nil { + return *x.Personality + } + return 0 +} + +func (x *TaskCoreEntry) GetFlags() uint32 { + if x != nil && x.Flags != nil { + return *x.Flags + } + return 0 +} + +func (x *TaskCoreEntry) GetBlkSigset() uint64 { + if x != nil && x.BlkSigset != nil { + return *x.BlkSigset + } + return 0 +} + +func (x *TaskCoreEntry) GetComm() string { + if x != nil && x.Comm != nil { + return *x.Comm + } + return "" +} + +func (x *TaskCoreEntry) GetTimers() *TaskTimersEntry { + if x != nil { + return x.Timers + } + return nil +} + +func (x *TaskCoreEntry) GetRlimits() *TaskRlimitsEntry { + if x != nil { + return x.Rlimits + } + return nil +} + +func (x *TaskCoreEntry) GetCgSet() uint32 { + if x != nil && x.CgSet != nil { + return *x.CgSet + } + return 0 +} + +func (x *TaskCoreEntry) GetSignalsS() *SignalQueueEntry { + if x != nil { + return x.SignalsS + } + return nil +} + +func (x *TaskCoreEntry) GetOldSeccompMode() SeccompMode { + if x != nil && x.OldSeccompMode != nil { + return *x.OldSeccompMode + } + return SeccompMode_disabled +} + +func (x *TaskCoreEntry) GetOldSeccompFilter() uint32 { + if x != nil && x.OldSeccompFilter != nil { + return *x.OldSeccompFilter + } + return 0 +} + +func (x *TaskCoreEntry) GetLoginuid() uint32 { + if x != nil && x.Loginuid != nil { + return *x.Loginuid + } + return 0 +} + +func (x *TaskCoreEntry) GetOomScoreAdj() int32 { + if x != nil && x.OomScoreAdj != nil { + return *x.OomScoreAdj + } + return 0 +} + +func (x *TaskCoreEntry) GetSigactions() []*SaEntry { + if x != nil { + return x.Sigactions + } + return nil +} + +func (x *TaskCoreEntry) GetChildSubreaper() bool { + if x != nil && x.ChildSubreaper != nil { + return *x.ChildSubreaper + } + return false +} + +func (x *TaskCoreEntry) GetBlkSigsetExtended() uint64 { + if x != nil && x.BlkSigsetExtended != nil { + return *x.BlkSigsetExtended + } + return 0 +} + +type TaskKobjIdsEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + VmId *uint32 `protobuf:"varint,1,req,name=vm_id,json=vmId" json:"vm_id,omitempty"` + FilesId *uint32 `protobuf:"varint,2,req,name=files_id,json=filesId" json:"files_id,omitempty"` + FsId *uint32 `protobuf:"varint,3,req,name=fs_id,json=fsId" json:"fs_id,omitempty"` + SighandId *uint32 `protobuf:"varint,4,req,name=sighand_id,json=sighandId" json:"sighand_id,omitempty"` + PidNsId *uint32 `protobuf:"varint,5,opt,name=pid_ns_id,json=pidNsId" json:"pid_ns_id,omitempty"` + NetNsId *uint32 `protobuf:"varint,6,opt,name=net_ns_id,json=netNsId" json:"net_ns_id,omitempty"` + IpcNsId *uint32 `protobuf:"varint,7,opt,name=ipc_ns_id,json=ipcNsId" json:"ipc_ns_id,omitempty"` + UtsNsId *uint32 `protobuf:"varint,8,opt,name=uts_ns_id,json=utsNsId" json:"uts_ns_id,omitempty"` + MntNsId *uint32 `protobuf:"varint,9,opt,name=mnt_ns_id,json=mntNsId" json:"mnt_ns_id,omitempty"` + UserNsId *uint32 `protobuf:"varint,10,opt,name=user_ns_id,json=userNsId" json:"user_ns_id,omitempty"` + CgroupNsId *uint32 `protobuf:"varint,11,opt,name=cgroup_ns_id,json=cgroupNsId" json:"cgroup_ns_id,omitempty"` + TimeNsId *uint32 `protobuf:"varint,12,opt,name=time_ns_id,json=timeNsId" json:"time_ns_id,omitempty"` +} + +func (x *TaskKobjIdsEntry) Reset() { + *x = TaskKobjIdsEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_core_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *TaskKobjIdsEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*TaskKobjIdsEntry) ProtoMessage() {} + +func (x *TaskKobjIdsEntry) ProtoReflect() protoreflect.Message { + mi := &file_core_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use TaskKobjIdsEntry.ProtoReflect.Descriptor instead. +func (*TaskKobjIdsEntry) Descriptor() ([]byte, []int) { + return file_core_proto_rawDescGZIP(), []int{1} +} + +func (x *TaskKobjIdsEntry) GetVmId() uint32 { + if x != nil && x.VmId != nil { + return *x.VmId + } + return 0 +} + +func (x *TaskKobjIdsEntry) GetFilesId() uint32 { + if x != nil && x.FilesId != nil { + return *x.FilesId + } + return 0 +} + +func (x *TaskKobjIdsEntry) GetFsId() uint32 { + if x != nil && x.FsId != nil { + return *x.FsId + } + return 0 +} + +func (x *TaskKobjIdsEntry) GetSighandId() uint32 { + if x != nil && x.SighandId != nil { + return *x.SighandId + } + return 0 +} + +func (x *TaskKobjIdsEntry) GetPidNsId() uint32 { + if x != nil && x.PidNsId != nil { + return *x.PidNsId + } + return 0 +} + +func (x *TaskKobjIdsEntry) GetNetNsId() uint32 { + if x != nil && x.NetNsId != nil { + return *x.NetNsId + } + return 0 +} + +func (x *TaskKobjIdsEntry) GetIpcNsId() uint32 { + if x != nil && x.IpcNsId != nil { + return *x.IpcNsId + } + return 0 +} + +func (x *TaskKobjIdsEntry) GetUtsNsId() uint32 { + if x != nil && x.UtsNsId != nil { + return *x.UtsNsId + } + return 0 +} + +func (x *TaskKobjIdsEntry) GetMntNsId() uint32 { + if x != nil && x.MntNsId != nil { + return *x.MntNsId + } + return 0 +} + +func (x *TaskKobjIdsEntry) GetUserNsId() uint32 { + if x != nil && x.UserNsId != nil { + return *x.UserNsId + } + return 0 +} + +func (x *TaskKobjIdsEntry) GetCgroupNsId() uint32 { + if x != nil && x.CgroupNsId != nil { + return *x.CgroupNsId + } + return 0 +} + +func (x *TaskKobjIdsEntry) GetTimeNsId() uint32 { + if x != nil && x.TimeNsId != nil { + return *x.TimeNsId + } + return 0 +} + +type ThreadSasEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + SsSp *uint64 `protobuf:"varint,1,req,name=ss_sp,json=ssSp" json:"ss_sp,omitempty"` + SsSize *uint64 `protobuf:"varint,2,req,name=ss_size,json=ssSize" json:"ss_size,omitempty"` + SsFlags *uint32 `protobuf:"varint,3,req,name=ss_flags,json=ssFlags" json:"ss_flags,omitempty"` +} + +func (x *ThreadSasEntry) Reset() { + *x = ThreadSasEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_core_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ThreadSasEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ThreadSasEntry) ProtoMessage() {} + +func (x *ThreadSasEntry) ProtoReflect() protoreflect.Message { + mi := &file_core_proto_msgTypes[2] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ThreadSasEntry.ProtoReflect.Descriptor instead. +func (*ThreadSasEntry) Descriptor() ([]byte, []int) { + return file_core_proto_rawDescGZIP(), []int{2} +} + +func (x *ThreadSasEntry) GetSsSp() uint64 { + if x != nil && x.SsSp != nil { + return *x.SsSp + } + return 0 +} + +func (x *ThreadSasEntry) GetSsSize() uint64 { + if x != nil && x.SsSize != nil { + return *x.SsSize + } + return 0 +} + +func (x *ThreadSasEntry) GetSsFlags() uint32 { + if x != nil && x.SsFlags != nil { + return *x.SsFlags + } + return 0 +} + +type ThreadCoreEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + FutexRla *uint64 `protobuf:"varint,1,req,name=futex_rla,json=futexRla" json:"futex_rla,omitempty"` + FutexRlaLen *uint32 `protobuf:"varint,2,req,name=futex_rla_len,json=futexRlaLen" json:"futex_rla_len,omitempty"` + SchedNice *int32 `protobuf:"zigzag32,3,opt,name=sched_nice,json=schedNice" json:"sched_nice,omitempty"` + SchedPolicy *uint32 `protobuf:"varint,4,opt,name=sched_policy,json=schedPolicy" json:"sched_policy,omitempty"` + SchedPrio *uint32 `protobuf:"varint,5,opt,name=sched_prio,json=schedPrio" json:"sched_prio,omitempty"` + BlkSigset *uint64 `protobuf:"varint,6,opt,name=blk_sigset,json=blkSigset" json:"blk_sigset,omitempty"` + Sas *ThreadSasEntry `protobuf:"bytes,7,opt,name=sas" json:"sas,omitempty"` + PdeathSig *uint32 `protobuf:"varint,8,opt,name=pdeath_sig,json=pdeathSig" json:"pdeath_sig,omitempty"` + SignalsP *SignalQueueEntry `protobuf:"bytes,9,opt,name=signals_p,json=signalsP" json:"signals_p,omitempty"` + Creds *CredsEntry `protobuf:"bytes,10,opt,name=creds" json:"creds,omitempty"` + SeccompMode *SeccompMode `protobuf:"varint,11,opt,name=seccomp_mode,json=seccompMode,enum=criu.SeccompMode" json:"seccomp_mode,omitempty"` + SeccompFilter *uint32 `protobuf:"varint,12,opt,name=seccomp_filter,json=seccompFilter" json:"seccomp_filter,omitempty"` + Comm *string `protobuf:"bytes,13,opt,name=comm" json:"comm,omitempty"` + BlkSigsetExtended *uint64 `protobuf:"varint,14,opt,name=blk_sigset_extended,json=blkSigsetExtended" json:"blk_sigset_extended,omitempty"` + RseqEntry *RseqEntry `protobuf:"bytes,15,opt,name=rseq_entry,json=rseqEntry" json:"rseq_entry,omitempty"` +} + +func (x *ThreadCoreEntry) Reset() { + *x = ThreadCoreEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_core_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ThreadCoreEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ThreadCoreEntry) ProtoMessage() {} + +func (x *ThreadCoreEntry) ProtoReflect() protoreflect.Message { + mi := &file_core_proto_msgTypes[3] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ThreadCoreEntry.ProtoReflect.Descriptor instead. +func (*ThreadCoreEntry) Descriptor() ([]byte, []int) { + return file_core_proto_rawDescGZIP(), []int{3} +} + +func (x *ThreadCoreEntry) GetFutexRla() uint64 { + if x != nil && x.FutexRla != nil { + return *x.FutexRla + } + return 0 +} + +func (x *ThreadCoreEntry) GetFutexRlaLen() uint32 { + if x != nil && x.FutexRlaLen != nil { + return *x.FutexRlaLen + } + return 0 +} + +func (x *ThreadCoreEntry) GetSchedNice() int32 { + if x != nil && x.SchedNice != nil { + return *x.SchedNice + } + return 0 +} + +func (x *ThreadCoreEntry) GetSchedPolicy() uint32 { + if x != nil && x.SchedPolicy != nil { + return *x.SchedPolicy + } + return 0 +} + +func (x *ThreadCoreEntry) GetSchedPrio() uint32 { + if x != nil && x.SchedPrio != nil { + return *x.SchedPrio + } + return 0 +} + +func (x *ThreadCoreEntry) GetBlkSigset() uint64 { + if x != nil && x.BlkSigset != nil { + return *x.BlkSigset + } + return 0 +} + +func (x *ThreadCoreEntry) GetSas() *ThreadSasEntry { + if x != nil { + return x.Sas + } + return nil +} + +func (x *ThreadCoreEntry) GetPdeathSig() uint32 { + if x != nil && x.PdeathSig != nil { + return *x.PdeathSig + } + return 0 +} + +func (x *ThreadCoreEntry) GetSignalsP() *SignalQueueEntry { + if x != nil { + return x.SignalsP + } + return nil +} + +func (x *ThreadCoreEntry) GetCreds() *CredsEntry { + if x != nil { + return x.Creds + } + return nil +} + +func (x *ThreadCoreEntry) GetSeccompMode() SeccompMode { + if x != nil && x.SeccompMode != nil { + return *x.SeccompMode + } + return SeccompMode_disabled +} + +func (x *ThreadCoreEntry) GetSeccompFilter() uint32 { + if x != nil && x.SeccompFilter != nil { + return *x.SeccompFilter + } + return 0 +} + +func (x *ThreadCoreEntry) GetComm() string { + if x != nil && x.Comm != nil { + return *x.Comm + } + return "" +} + +func (x *ThreadCoreEntry) GetBlkSigsetExtended() uint64 { + if x != nil && x.BlkSigsetExtended != nil { + return *x.BlkSigsetExtended + } + return 0 +} + +func (x *ThreadCoreEntry) GetRseqEntry() *RseqEntry { + if x != nil { + return x.RseqEntry + } + return nil +} + +type TaskRlimitsEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Rlimits []*RlimitEntry `protobuf:"bytes,1,rep,name=rlimits" json:"rlimits,omitempty"` +} + +func (x *TaskRlimitsEntry) Reset() { + *x = TaskRlimitsEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_core_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *TaskRlimitsEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*TaskRlimitsEntry) ProtoMessage() {} + +func (x *TaskRlimitsEntry) ProtoReflect() protoreflect.Message { + mi := &file_core_proto_msgTypes[4] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use TaskRlimitsEntry.ProtoReflect.Descriptor instead. +func (*TaskRlimitsEntry) Descriptor() ([]byte, []int) { + return file_core_proto_rawDescGZIP(), []int{4} +} + +func (x *TaskRlimitsEntry) GetRlimits() []*RlimitEntry { + if x != nil { + return x.Rlimits + } + return nil +} + +type CoreEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Mtype *CoreEntryMarch `protobuf:"varint,1,req,name=mtype,enum=criu.CoreEntryMarch" json:"mtype,omitempty"` + ThreadInfo *ThreadInfoX86 `protobuf:"bytes,2,opt,name=thread_info,json=threadInfo" json:"thread_info,omitempty"` + TiArm *ThreadInfoArm `protobuf:"bytes,6,opt,name=ti_arm,json=tiArm" json:"ti_arm,omitempty"` + TiAarch64 *ThreadInfoAarch64 `protobuf:"bytes,8,opt,name=ti_aarch64,json=tiAarch64" json:"ti_aarch64,omitempty"` + TiPpc64 *ThreadInfoPpc64 `protobuf:"bytes,9,opt,name=ti_ppc64,json=tiPpc64" json:"ti_ppc64,omitempty"` + TiS390 *ThreadInfoS390 `protobuf:"bytes,10,opt,name=ti_s390,json=tiS390" json:"ti_s390,omitempty"` + TiMips *ThreadInfoMips `protobuf:"bytes,11,opt,name=ti_mips,json=tiMips" json:"ti_mips,omitempty"` + Tc *TaskCoreEntry `protobuf:"bytes,3,opt,name=tc" json:"tc,omitempty"` + Ids *TaskKobjIdsEntry `protobuf:"bytes,4,opt,name=ids" json:"ids,omitempty"` + ThreadCore *ThreadCoreEntry `protobuf:"bytes,5,opt,name=thread_core,json=threadCore" json:"thread_core,omitempty"` +} + +func (x *CoreEntry) Reset() { + *x = CoreEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_core_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *CoreEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*CoreEntry) ProtoMessage() {} + +func (x *CoreEntry) ProtoReflect() protoreflect.Message { + mi := &file_core_proto_msgTypes[5] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use CoreEntry.ProtoReflect.Descriptor instead. +func (*CoreEntry) Descriptor() ([]byte, []int) { + return file_core_proto_rawDescGZIP(), []int{5} +} + +func (x *CoreEntry) GetMtype() CoreEntryMarch { + if x != nil && x.Mtype != nil { + return *x.Mtype + } + return CoreEntry_UNKNOWN +} + +func (x *CoreEntry) GetThreadInfo() *ThreadInfoX86 { + if x != nil { + return x.ThreadInfo + } + return nil +} + +func (x *CoreEntry) GetTiArm() *ThreadInfoArm { + if x != nil { + return x.TiArm + } + return nil +} + +func (x *CoreEntry) GetTiAarch64() *ThreadInfoAarch64 { + if x != nil { + return x.TiAarch64 + } + return nil +} + +func (x *CoreEntry) GetTiPpc64() *ThreadInfoPpc64 { + if x != nil { + return x.TiPpc64 + } + return nil +} + +func (x *CoreEntry) GetTiS390() *ThreadInfoS390 { + if x != nil { + return x.TiS390 + } + return nil +} + +func (x *CoreEntry) GetTiMips() *ThreadInfoMips { + if x != nil { + return x.TiMips + } + return nil +} + +func (x *CoreEntry) GetTc() *TaskCoreEntry { + if x != nil { + return x.Tc + } + return nil +} + +func (x *CoreEntry) GetIds() *TaskKobjIdsEntry { + if x != nil { + return x.Ids + } + return nil +} + +func (x *CoreEntry) GetThreadCore() *ThreadCoreEntry { + if x != nil { + return x.ThreadCore + } + return nil +} + +var File_core_proto protoreflect.FileDescriptor + +var file_core_proto_rawDesc = []byte{ + 0x0a, 0x0a, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x63, 0x72, + 0x69, 0x75, 0x1a, 0x0e, 0x63, 0x6f, 0x72, 0x65, 0x2d, 0x78, 0x38, 0x36, 0x2e, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x1a, 0x0e, 0x63, 0x6f, 0x72, 0x65, 0x2d, 0x61, 0x72, 0x6d, 0x2e, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x1a, 0x12, 0x63, 0x6f, 0x72, 0x65, 0x2d, 0x61, 0x61, 0x72, 0x63, 0x68, 0x36, 0x34, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x10, 0x63, 0x6f, 0x72, 0x65, 0x2d, 0x70, 0x70, 0x63, + 0x36, 0x34, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0f, 0x63, 0x6f, 0x72, 0x65, 0x2d, 0x73, + 0x33, 0x39, 0x30, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0f, 0x63, 0x6f, 0x72, 0x65, 0x2d, + 0x6d, 0x69, 0x70, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0c, 0x72, 0x6c, 0x69, 0x6d, + 0x69, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0b, 0x74, 0x69, 0x6d, 0x65, 0x72, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0b, 0x63, 0x72, 0x65, 0x64, 0x73, 0x2e, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x1a, 0x08, 0x73, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0d, 0x73, 0x69, + 0x67, 0x69, 0x6e, 0x66, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x72, 0x73, 0x65, + 0x71, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x22, 0xb8, 0x05, 0x0a, 0x0f, 0x74, 0x61, 0x73, 0x6b, 0x5f, 0x63, 0x6f, 0x72, + 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x27, 0x0a, 0x0a, 0x74, 0x61, 0x73, 0x6b, 0x5f, + 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x08, 0xd2, 0x3f, 0x05, + 0x32, 0x03, 0x67, 0x65, 0x6e, 0x52, 0x09, 0x74, 0x61, 0x73, 0x6b, 0x53, 0x74, 0x61, 0x74, 0x65, + 0x12, 0x1b, 0x0a, 0x09, 0x65, 0x78, 0x69, 0x74, 0x5f, 0x63, 0x6f, 0x64, 0x65, 0x18, 0x02, 0x20, + 0x02, 0x28, 0x0d, 0x52, 0x08, 0x65, 0x78, 0x69, 0x74, 0x43, 0x6f, 0x64, 0x65, 0x12, 0x20, 0x0a, + 0x0b, 0x70, 0x65, 0x72, 0x73, 0x6f, 0x6e, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x18, 0x03, 0x20, 0x02, + 0x28, 0x0d, 0x52, 0x0b, 0x70, 0x65, 0x72, 0x73, 0x6f, 0x6e, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x12, + 0x14, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, + 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x24, 0x0a, 0x0a, 0x62, 0x6c, 0x6b, 0x5f, 0x73, 0x69, 0x67, + 0x73, 0x65, 0x74, 0x18, 0x05, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, + 0x52, 0x09, 0x62, 0x6c, 0x6b, 0x53, 0x69, 0x67, 0x73, 0x65, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x63, + 0x6f, 0x6d, 0x6d, 0x18, 0x06, 0x20, 0x02, 0x28, 0x09, 0x52, 0x04, 0x63, 0x6f, 0x6d, 0x6d, 0x12, + 0x2f, 0x0a, 0x06, 0x74, 0x69, 0x6d, 0x65, 0x72, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x17, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x74, 0x61, 0x73, 0x6b, 0x5f, 0x74, 0x69, 0x6d, 0x65, + 0x72, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x06, 0x74, 0x69, 0x6d, 0x65, 0x72, 0x73, + 0x12, 0x32, 0x0a, 0x07, 0x72, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x18, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x74, 0x61, 0x73, 0x6b, 0x5f, 0x72, 0x6c, + 0x69, 0x6d, 0x69, 0x74, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x72, 0x6c, 0x69, + 0x6d, 0x69, 0x74, 0x73, 0x12, 0x15, 0x0a, 0x06, 0x63, 0x67, 0x5f, 0x73, 0x65, 0x74, 0x18, 0x09, + 0x20, 0x01, 0x28, 0x0d, 0x52, 0x05, 0x63, 0x67, 0x53, 0x65, 0x74, 0x12, 0x35, 0x0a, 0x09, 0x73, + 0x69, 0x67, 0x6e, 0x61, 0x6c, 0x73, 0x5f, 0x73, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x18, + 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x6c, 0x5f, 0x71, 0x75, 0x65, + 0x75, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x08, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x6c, + 0x73, 0x53, 0x12, 0x3c, 0x0a, 0x10, 0x6f, 0x6c, 0x64, 0x5f, 0x73, 0x65, 0x63, 0x63, 0x6f, 0x6d, + 0x70, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x12, 0x2e, 0x63, + 0x72, 0x69, 0x75, 0x2e, 0x73, 0x65, 0x63, 0x63, 0x6f, 0x6d, 0x70, 0x5f, 0x6d, 0x6f, 0x64, 0x65, + 0x52, 0x0e, 0x6f, 0x6c, 0x64, 0x53, 0x65, 0x63, 0x63, 0x6f, 0x6d, 0x70, 0x4d, 0x6f, 0x64, 0x65, + 0x12, 0x2c, 0x0a, 0x12, 0x6f, 0x6c, 0x64, 0x5f, 0x73, 0x65, 0x63, 0x63, 0x6f, 0x6d, 0x70, 0x5f, + 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x10, 0x6f, 0x6c, + 0x64, 0x53, 0x65, 0x63, 0x63, 0x6f, 0x6d, 0x70, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x12, 0x1a, + 0x0a, 0x08, 0x6c, 0x6f, 0x67, 0x69, 0x6e, 0x75, 0x69, 0x64, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x0d, + 0x52, 0x08, 0x6c, 0x6f, 0x67, 0x69, 0x6e, 0x75, 0x69, 0x64, 0x12, 0x22, 0x0a, 0x0d, 0x6f, 0x6f, + 0x6d, 0x5f, 0x73, 0x63, 0x6f, 0x72, 0x65, 0x5f, 0x61, 0x64, 0x6a, 0x18, 0x0e, 0x20, 0x01, 0x28, + 0x05, 0x52, 0x0b, 0x6f, 0x6f, 0x6d, 0x53, 0x63, 0x6f, 0x72, 0x65, 0x41, 0x64, 0x6a, 0x12, 0x2e, + 0x0a, 0x0a, 0x73, 0x69, 0x67, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x0f, 0x20, 0x03, + 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x73, 0x61, 0x5f, 0x65, 0x6e, 0x74, + 0x72, 0x79, 0x52, 0x0a, 0x73, 0x69, 0x67, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x27, + 0x0a, 0x0f, 0x63, 0x68, 0x69, 0x6c, 0x64, 0x5f, 0x73, 0x75, 0x62, 0x72, 0x65, 0x61, 0x70, 0x65, + 0x72, 0x18, 0x12, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0e, 0x63, 0x68, 0x69, 0x6c, 0x64, 0x53, 0x75, + 0x62, 0x72, 0x65, 0x61, 0x70, 0x65, 0x72, 0x12, 0x35, 0x0a, 0x13, 0x62, 0x6c, 0x6b, 0x5f, 0x73, + 0x69, 0x67, 0x73, 0x65, 0x74, 0x5f, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x64, 0x65, 0x64, 0x18, 0x14, + 0x20, 0x01, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x11, 0x62, 0x6c, 0x6b, + 0x53, 0x69, 0x67, 0x73, 0x65, 0x74, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x64, 0x65, 0x64, 0x22, 0xe3, + 0x02, 0x0a, 0x13, 0x74, 0x61, 0x73, 0x6b, 0x5f, 0x6b, 0x6f, 0x62, 0x6a, 0x5f, 0x69, 0x64, 0x73, + 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x13, 0x0a, 0x05, 0x76, 0x6d, 0x5f, 0x69, 0x64, 0x18, + 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x76, 0x6d, 0x49, 0x64, 0x12, 0x19, 0x0a, 0x08, 0x66, + 0x69, 0x6c, 0x65, 0x73, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x66, + 0x69, 0x6c, 0x65, 0x73, 0x49, 0x64, 0x12, 0x13, 0x0a, 0x05, 0x66, 0x73, 0x5f, 0x69, 0x64, 0x18, + 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x66, 0x73, 0x49, 0x64, 0x12, 0x1d, 0x0a, 0x0a, 0x73, + 0x69, 0x67, 0x68, 0x61, 0x6e, 0x64, 0x5f, 0x69, 0x64, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x52, + 0x09, 0x73, 0x69, 0x67, 0x68, 0x61, 0x6e, 0x64, 0x49, 0x64, 0x12, 0x1a, 0x0a, 0x09, 0x70, 0x69, + 0x64, 0x5f, 0x6e, 0x73, 0x5f, 0x69, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x07, 0x70, + 0x69, 0x64, 0x4e, 0x73, 0x49, 0x64, 0x12, 0x1a, 0x0a, 0x09, 0x6e, 0x65, 0x74, 0x5f, 0x6e, 0x73, + 0x5f, 0x69, 0x64, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x07, 0x6e, 0x65, 0x74, 0x4e, 0x73, + 0x49, 0x64, 0x12, 0x1a, 0x0a, 0x09, 0x69, 0x70, 0x63, 0x5f, 0x6e, 0x73, 0x5f, 0x69, 0x64, 0x18, + 0x07, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x07, 0x69, 0x70, 0x63, 0x4e, 0x73, 0x49, 0x64, 0x12, 0x1a, + 0x0a, 0x09, 0x75, 0x74, 0x73, 0x5f, 0x6e, 0x73, 0x5f, 0x69, 0x64, 0x18, 0x08, 0x20, 0x01, 0x28, + 0x0d, 0x52, 0x07, 0x75, 0x74, 0x73, 0x4e, 0x73, 0x49, 0x64, 0x12, 0x1a, 0x0a, 0x09, 0x6d, 0x6e, + 0x74, 0x5f, 0x6e, 0x73, 0x5f, 0x69, 0x64, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x07, 0x6d, + 0x6e, 0x74, 0x4e, 0x73, 0x49, 0x64, 0x12, 0x1c, 0x0a, 0x0a, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x6e, + 0x73, 0x5f, 0x69, 0x64, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x08, 0x75, 0x73, 0x65, 0x72, + 0x4e, 0x73, 0x49, 0x64, 0x12, 0x20, 0x0a, 0x0c, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x6e, + 0x73, 0x5f, 0x69, 0x64, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0a, 0x63, 0x67, 0x72, 0x6f, + 0x75, 0x70, 0x4e, 0x73, 0x49, 0x64, 0x12, 0x1c, 0x0a, 0x0a, 0x74, 0x69, 0x6d, 0x65, 0x5f, 0x6e, + 0x73, 0x5f, 0x69, 0x64, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x08, 0x74, 0x69, 0x6d, 0x65, + 0x4e, 0x73, 0x49, 0x64, 0x22, 0x5b, 0x0a, 0x10, 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x73, + 0x61, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x13, 0x0a, 0x05, 0x73, 0x73, 0x5f, 0x73, + 0x70, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x52, 0x04, 0x73, 0x73, 0x53, 0x70, 0x12, 0x17, 0x0a, + 0x07, 0x73, 0x73, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x02, 0x20, 0x02, 0x28, 0x04, 0x52, 0x06, + 0x73, 0x73, 0x53, 0x69, 0x7a, 0x65, 0x12, 0x19, 0x0a, 0x08, 0x73, 0x73, 0x5f, 0x66, 0x6c, 0x61, + 0x67, 0x73, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x73, 0x73, 0x46, 0x6c, 0x61, 0x67, + 0x73, 0x22, 0xd0, 0x04, 0x0a, 0x11, 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x63, 0x6f, 0x72, + 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x1b, 0x0a, 0x09, 0x66, 0x75, 0x74, 0x65, 0x78, + 0x5f, 0x72, 0x6c, 0x61, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x52, 0x08, 0x66, 0x75, 0x74, 0x65, + 0x78, 0x52, 0x6c, 0x61, 0x12, 0x22, 0x0a, 0x0d, 0x66, 0x75, 0x74, 0x65, 0x78, 0x5f, 0x72, 0x6c, + 0x61, 0x5f, 0x6c, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x0b, 0x66, 0x75, 0x74, + 0x65, 0x78, 0x52, 0x6c, 0x61, 0x4c, 0x65, 0x6e, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x63, 0x68, 0x65, + 0x64, 0x5f, 0x6e, 0x69, 0x63, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x11, 0x52, 0x09, 0x73, 0x63, + 0x68, 0x65, 0x64, 0x4e, 0x69, 0x63, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x63, 0x68, 0x65, 0x64, + 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0b, 0x73, + 0x63, 0x68, 0x65, 0x64, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x63, + 0x68, 0x65, 0x64, 0x5f, 0x70, 0x72, 0x69, 0x6f, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x09, + 0x73, 0x63, 0x68, 0x65, 0x64, 0x50, 0x72, 0x69, 0x6f, 0x12, 0x1d, 0x0a, 0x0a, 0x62, 0x6c, 0x6b, + 0x5f, 0x73, 0x69, 0x67, 0x73, 0x65, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x04, 0x52, 0x09, 0x62, + 0x6c, 0x6b, 0x53, 0x69, 0x67, 0x73, 0x65, 0x74, 0x12, 0x28, 0x0a, 0x03, 0x73, 0x61, 0x73, 0x18, + 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x74, 0x68, 0x72, + 0x65, 0x61, 0x64, 0x5f, 0x73, 0x61, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x73, + 0x61, 0x73, 0x12, 0x1d, 0x0a, 0x0a, 0x70, 0x64, 0x65, 0x61, 0x74, 0x68, 0x5f, 0x73, 0x69, 0x67, + 0x18, 0x08, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x09, 0x70, 0x64, 0x65, 0x61, 0x74, 0x68, 0x53, 0x69, + 0x67, 0x12, 0x35, 0x0a, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x6c, 0x73, 0x5f, 0x70, 0x18, 0x09, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x73, 0x69, 0x67, 0x6e, + 0x61, 0x6c, 0x5f, 0x71, 0x75, 0x65, 0x75, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x08, + 0x73, 0x69, 0x67, 0x6e, 0x61, 0x6c, 0x73, 0x50, 0x12, 0x27, 0x0a, 0x05, 0x63, 0x72, 0x65, 0x64, + 0x73, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x63, + 0x72, 0x65, 0x64, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x05, 0x63, 0x72, 0x65, 0x64, + 0x73, 0x12, 0x35, 0x0a, 0x0c, 0x73, 0x65, 0x63, 0x63, 0x6f, 0x6d, 0x70, 0x5f, 0x6d, 0x6f, 0x64, + 0x65, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x12, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x73, + 0x65, 0x63, 0x63, 0x6f, 0x6d, 0x70, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x52, 0x0b, 0x73, 0x65, 0x63, + 0x63, 0x6f, 0x6d, 0x70, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x25, 0x0a, 0x0e, 0x73, 0x65, 0x63, 0x63, + 0x6f, 0x6d, 0x70, 0x5f, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0d, + 0x52, 0x0d, 0x73, 0x65, 0x63, 0x63, 0x6f, 0x6d, 0x70, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x12, + 0x12, 0x0a, 0x04, 0x63, 0x6f, 0x6d, 0x6d, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x63, + 0x6f, 0x6d, 0x6d, 0x12, 0x2e, 0x0a, 0x13, 0x62, 0x6c, 0x6b, 0x5f, 0x73, 0x69, 0x67, 0x73, 0x65, + 0x74, 0x5f, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x64, 0x65, 0x64, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x04, + 0x52, 0x11, 0x62, 0x6c, 0x6b, 0x53, 0x69, 0x67, 0x73, 0x65, 0x74, 0x45, 0x78, 0x74, 0x65, 0x6e, + 0x64, 0x65, 0x64, 0x12, 0x2f, 0x0a, 0x0a, 0x72, 0x73, 0x65, 0x71, 0x5f, 0x65, 0x6e, 0x74, 0x72, + 0x79, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x72, + 0x73, 0x65, 0x71, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x09, 0x72, 0x73, 0x65, 0x71, 0x45, + 0x6e, 0x74, 0x72, 0x79, 0x22, 0x42, 0x0a, 0x12, 0x74, 0x61, 0x73, 0x6b, 0x5f, 0x72, 0x6c, 0x69, + 0x6d, 0x69, 0x74, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x2c, 0x0a, 0x07, 0x72, 0x6c, + 0x69, 0x6d, 0x69, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x63, 0x72, + 0x69, 0x75, 0x2e, 0x72, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, + 0x07, 0x72, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x22, 0xd5, 0x04, 0x0a, 0x0a, 0x63, 0x6f, 0x72, + 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x2c, 0x0a, 0x05, 0x6d, 0x74, 0x79, 0x70, 0x65, + 0x18, 0x01, 0x20, 0x02, 0x28, 0x0e, 0x32, 0x16, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x63, 0x6f, + 0x72, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x6d, 0x61, 0x72, 0x63, 0x68, 0x52, 0x05, + 0x6d, 0x74, 0x79, 0x70, 0x65, 0x12, 0x36, 0x0a, 0x0b, 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x5f, + 0x69, 0x6e, 0x66, 0x6f, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x63, 0x72, 0x69, + 0x75, 0x2e, 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x78, 0x38, + 0x36, 0x52, 0x0a, 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x2c, 0x0a, + 0x06, 0x74, 0x69, 0x5f, 0x61, 0x72, 0x6d, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x15, 0x2e, + 0x63, 0x72, 0x69, 0x75, 0x2e, 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x69, 0x6e, 0x66, 0x6f, + 0x5f, 0x61, 0x72, 0x6d, 0x52, 0x05, 0x74, 0x69, 0x41, 0x72, 0x6d, 0x12, 0x38, 0x0a, 0x0a, 0x74, + 0x69, 0x5f, 0x61, 0x61, 0x72, 0x63, 0x68, 0x36, 0x34, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x19, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x69, 0x6e, + 0x66, 0x6f, 0x5f, 0x61, 0x61, 0x72, 0x63, 0x68, 0x36, 0x34, 0x52, 0x09, 0x74, 0x69, 0x41, 0x61, + 0x72, 0x63, 0x68, 0x36, 0x34, 0x12, 0x32, 0x0a, 0x08, 0x74, 0x69, 0x5f, 0x70, 0x70, 0x63, 0x36, + 0x34, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x74, + 0x68, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x70, 0x70, 0x63, 0x36, 0x34, + 0x52, 0x07, 0x74, 0x69, 0x50, 0x70, 0x63, 0x36, 0x34, 0x12, 0x2f, 0x0a, 0x07, 0x74, 0x69, 0x5f, + 0x73, 0x33, 0x39, 0x30, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x63, 0x72, 0x69, + 0x75, 0x2e, 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x73, 0x33, + 0x39, 0x30, 0x52, 0x06, 0x74, 0x69, 0x53, 0x33, 0x39, 0x30, 0x12, 0x2f, 0x0a, 0x07, 0x74, 0x69, + 0x5f, 0x6d, 0x69, 0x70, 0x73, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x63, 0x72, + 0x69, 0x75, 0x2e, 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x6d, + 0x69, 0x70, 0x73, 0x52, 0x06, 0x74, 0x69, 0x4d, 0x69, 0x70, 0x73, 0x12, 0x25, 0x0a, 0x02, 0x74, + 0x63, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x74, + 0x61, 0x73, 0x6b, 0x5f, 0x63, 0x6f, 0x72, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x02, + 0x74, 0x63, 0x12, 0x2b, 0x0a, 0x03, 0x69, 0x64, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x19, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x74, 0x61, 0x73, 0x6b, 0x5f, 0x6b, 0x6f, 0x62, 0x6a, + 0x5f, 0x69, 0x64, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x69, 0x64, 0x73, 0x12, + 0x38, 0x0a, 0x0b, 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x63, 0x6f, 0x72, 0x65, 0x18, 0x05, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x74, 0x68, 0x72, 0x65, + 0x61, 0x64, 0x5f, 0x63, 0x6f, 0x72, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0a, 0x74, + 0x68, 0x72, 0x65, 0x61, 0x64, 0x43, 0x6f, 0x72, 0x65, 0x22, 0x55, 0x0a, 0x05, 0x6d, 0x61, 0x72, + 0x63, 0x68, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, + 0x0a, 0x0a, 0x06, 0x58, 0x38, 0x36, 0x5f, 0x36, 0x34, 0x10, 0x01, 0x12, 0x07, 0x0a, 0x03, 0x41, + 0x52, 0x4d, 0x10, 0x02, 0x12, 0x0b, 0x0a, 0x07, 0x41, 0x41, 0x52, 0x43, 0x48, 0x36, 0x34, 0x10, + 0x03, 0x12, 0x09, 0x0a, 0x05, 0x50, 0x50, 0x43, 0x36, 0x34, 0x10, 0x04, 0x12, 0x08, 0x0a, 0x04, + 0x53, 0x33, 0x39, 0x30, 0x10, 0x05, 0x12, 0x08, 0x0a, 0x04, 0x4d, 0x49, 0x50, 0x53, 0x10, 0x06, + 0x2a, 0x34, 0x0a, 0x0c, 0x73, 0x65, 0x63, 0x63, 0x6f, 0x6d, 0x70, 0x5f, 0x6d, 0x6f, 0x64, 0x65, + 0x12, 0x0c, 0x0a, 0x08, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x10, 0x00, 0x12, 0x0a, + 0x0a, 0x06, 0x73, 0x74, 0x72, 0x69, 0x63, 0x74, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x66, 0x69, + 0x6c, 0x74, 0x65, 0x72, 0x10, 0x02, +} + +var ( + file_core_proto_rawDescOnce sync.Once + file_core_proto_rawDescData = file_core_proto_rawDesc +) + +func file_core_proto_rawDescGZIP() []byte { + file_core_proto_rawDescOnce.Do(func() { + file_core_proto_rawDescData = protoimpl.X.CompressGZIP(file_core_proto_rawDescData) + }) + return file_core_proto_rawDescData +} + +var file_core_proto_enumTypes = make([]protoimpl.EnumInfo, 2) +var file_core_proto_msgTypes = make([]protoimpl.MessageInfo, 6) +var file_core_proto_goTypes = []interface{}{ + (SeccompMode)(0), // 0: criu.seccomp_mode + (CoreEntryMarch)(0), // 1: criu.core_entry.march + (*TaskCoreEntry)(nil), // 2: criu.task_core_entry + (*TaskKobjIdsEntry)(nil), // 3: criu.task_kobj_ids_entry + (*ThreadSasEntry)(nil), // 4: criu.thread_sas_entry + (*ThreadCoreEntry)(nil), // 5: criu.thread_core_entry + (*TaskRlimitsEntry)(nil), // 6: criu.task_rlimits_entry + (*CoreEntry)(nil), // 7: criu.core_entry + (*TaskTimersEntry)(nil), // 8: criu.task_timers_entry + (*SignalQueueEntry)(nil), // 9: criu.signal_queue_entry + (*SaEntry)(nil), // 10: criu.sa_entry + (*CredsEntry)(nil), // 11: criu.creds_entry + (*RseqEntry)(nil), // 12: criu.rseq_entry + (*RlimitEntry)(nil), // 13: criu.rlimit_entry + (*ThreadInfoX86)(nil), // 14: criu.thread_info_x86 + (*ThreadInfoArm)(nil), // 15: criu.thread_info_arm + (*ThreadInfoAarch64)(nil), // 16: criu.thread_info_aarch64 + (*ThreadInfoPpc64)(nil), // 17: criu.thread_info_ppc64 + (*ThreadInfoS390)(nil), // 18: criu.thread_info_s390 + (*ThreadInfoMips)(nil), // 19: criu.thread_info_mips +} +var file_core_proto_depIdxs = []int32{ + 8, // 0: criu.task_core_entry.timers:type_name -> criu.task_timers_entry + 6, // 1: criu.task_core_entry.rlimits:type_name -> criu.task_rlimits_entry + 9, // 2: criu.task_core_entry.signals_s:type_name -> criu.signal_queue_entry + 0, // 3: criu.task_core_entry.old_seccomp_mode:type_name -> criu.seccomp_mode + 10, // 4: criu.task_core_entry.sigactions:type_name -> criu.sa_entry + 4, // 5: criu.thread_core_entry.sas:type_name -> criu.thread_sas_entry + 9, // 6: criu.thread_core_entry.signals_p:type_name -> criu.signal_queue_entry + 11, // 7: criu.thread_core_entry.creds:type_name -> criu.creds_entry + 0, // 8: criu.thread_core_entry.seccomp_mode:type_name -> criu.seccomp_mode + 12, // 9: criu.thread_core_entry.rseq_entry:type_name -> criu.rseq_entry + 13, // 10: criu.task_rlimits_entry.rlimits:type_name -> criu.rlimit_entry + 1, // 11: criu.core_entry.mtype:type_name -> criu.core_entry.march + 14, // 12: criu.core_entry.thread_info:type_name -> criu.thread_info_x86 + 15, // 13: criu.core_entry.ti_arm:type_name -> criu.thread_info_arm + 16, // 14: criu.core_entry.ti_aarch64:type_name -> criu.thread_info_aarch64 + 17, // 15: criu.core_entry.ti_ppc64:type_name -> criu.thread_info_ppc64 + 18, // 16: criu.core_entry.ti_s390:type_name -> criu.thread_info_s390 + 19, // 17: criu.core_entry.ti_mips:type_name -> criu.thread_info_mips + 2, // 18: criu.core_entry.tc:type_name -> criu.task_core_entry + 3, // 19: criu.core_entry.ids:type_name -> criu.task_kobj_ids_entry + 5, // 20: criu.core_entry.thread_core:type_name -> criu.thread_core_entry + 21, // [21:21] is the sub-list for method output_type + 21, // [21:21] is the sub-list for method input_type + 21, // [21:21] is the sub-list for extension type_name + 21, // [21:21] is the sub-list for extension extendee + 0, // [0:21] is the sub-list for field type_name +} + +func init() { file_core_proto_init() } +func file_core_proto_init() { + if File_core_proto != nil { + return + } + file_core_x86_proto_init() + file_core_arm_proto_init() + file_core_aarch64_proto_init() + file_core_ppc64_proto_init() + file_core_s390_proto_init() + file_core_mips_proto_init() + file_rlimit_proto_init() + file_timer_proto_init() + file_creds_proto_init() + file_sa_proto_init() + file_siginfo_proto_init() + file_rseq_proto_init() + file_opts_proto_init() + if !protoimpl.UnsafeEnabled { + file_core_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*TaskCoreEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_core_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*TaskKobjIdsEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_core_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ThreadSasEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_core_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ThreadCoreEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_core_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*TaskRlimitsEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_core_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*CoreEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_core_proto_rawDesc, + NumEnums: 2, + NumMessages: 6, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_core_proto_goTypes, + DependencyIndexes: file_core_proto_depIdxs, + EnumInfos: file_core_proto_enumTypes, + MessageInfos: file_core_proto_msgTypes, + }.Build() + File_core_proto = out.File + file_core_proto_rawDesc = nil + file_core_proto_goTypes = nil + file_core_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core.proto new file mode 100644 index 00000000000..e57dd718964 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core.proto @@ -0,0 +1,135 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +import "core-x86.proto"; +import "core-arm.proto"; +import "core-aarch64.proto"; +import "core-ppc64.proto"; +import "core-s390.proto"; +import "core-mips.proto"; + +import "rlimit.proto"; +import "timer.proto"; +import "creds.proto"; +import "sa.proto"; +import "siginfo.proto"; +import "rseq.proto"; + +import "opts.proto"; + +/* + * These match the SECCOMP_MODE_* flags from . + */ +enum seccomp_mode { + disabled = 0; + strict = 1; + filter = 2; +}; + +message task_core_entry { + required uint32 task_state = 1 [(criu).dict = "gen"]; + required uint32 exit_code = 2; + + required uint32 personality = 3; + required uint32 flags = 4; + required uint64 blk_sigset = 5[(criu).hex = true]; + + required string comm = 6; + + optional task_timers_entry timers = 7; + optional task_rlimits_entry rlimits = 8; + + optional uint32 cg_set = 9; + + optional signal_queue_entry signals_s = 10; + + /* These two are deprecated, should be per-thread */ + optional seccomp_mode old_seccomp_mode = 11; + optional uint32 old_seccomp_filter = 12; + + optional uint32 loginuid = 13; + + optional int32 oom_score_adj = 14; + repeated sa_entry sigactions = 15; + // Reserved for tty inheritance + //optional int32 tty_nr = 16; + //optional int32 tty_pgrp = 17; + + optional bool child_subreaper = 18; + // Reserved for container relative start time + //optional uint64 start_time = 19; + optional uint64 blk_sigset_extended = 20[(criu).hex = true]; +} + +message task_kobj_ids_entry { + required uint32 vm_id = 1; + required uint32 files_id = 2; + required uint32 fs_id = 3; + required uint32 sighand_id = 4; + + optional uint32 pid_ns_id = 5; + optional uint32 net_ns_id = 6; + optional uint32 ipc_ns_id = 7; + optional uint32 uts_ns_id = 8; + optional uint32 mnt_ns_id = 9; + optional uint32 user_ns_id = 10; + optional uint32 cgroup_ns_id = 11; + optional uint32 time_ns_id = 12; +} + +message thread_sas_entry { + required uint64 ss_sp = 1; + required uint64 ss_size = 2; + required uint32 ss_flags = 3; +} + +message thread_core_entry { + required uint64 futex_rla = 1; + required uint32 futex_rla_len = 2; + optional sint32 sched_nice = 3; + optional uint32 sched_policy = 4; + optional uint32 sched_prio = 5; + optional uint64 blk_sigset = 6; + optional thread_sas_entry sas = 7; + optional uint32 pdeath_sig = 8; + + optional signal_queue_entry signals_p = 9; + optional creds_entry creds = 10; + + optional seccomp_mode seccomp_mode = 11; + optional uint32 seccomp_filter = 12; + + optional string comm = 13; + optional uint64 blk_sigset_extended = 14; + optional rseq_entry rseq_entry = 15; +} + +message task_rlimits_entry { + repeated rlimit_entry rlimits = 1; +}; + +message core_entry { + enum march { + UNKNOWN = 0; + X86_64 = 1; + ARM = 2; + AARCH64 = 3; + PPC64 = 4; + S390 = 5; + MIPS = 6; + } + + required march mtype = 1; + optional thread_info_x86 thread_info = 2; + optional thread_info_arm ti_arm = 6; + optional thread_info_aarch64 ti_aarch64 = 8; + optional thread_info_ppc64 ti_ppc64 = 9; + optional thread_info_s390 ti_s390 = 10; + optional thread_info_mips ti_mips = 11; + + optional task_core_entry tc = 3; + optional task_kobj_ids_entry ids = 4; + optional thread_core_entry thread_core = 5; +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/cpuinfo.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/cpuinfo.pb.go new file mode 100644 index 00000000000..298f9d1ef81 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/cpuinfo.pb.go @@ -0,0 +1,593 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: cpuinfo.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type CpuinfoX86EntryVendor int32 + +const ( + CpuinfoX86Entry_UNKNOWN CpuinfoX86EntryVendor = 0 + CpuinfoX86Entry_INTEL CpuinfoX86EntryVendor = 1 + CpuinfoX86Entry_AMD CpuinfoX86EntryVendor = 2 +) + +// Enum value maps for CpuinfoX86EntryVendor. +var ( + CpuinfoX86EntryVendor_name = map[int32]string{ + 0: "UNKNOWN", + 1: "INTEL", + 2: "AMD", + } + CpuinfoX86EntryVendor_value = map[string]int32{ + "UNKNOWN": 0, + "INTEL": 1, + "AMD": 2, + } +) + +func (x CpuinfoX86EntryVendor) Enum() *CpuinfoX86EntryVendor { + p := new(CpuinfoX86EntryVendor) + *p = x + return p +} + +func (x CpuinfoX86EntryVendor) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (CpuinfoX86EntryVendor) Descriptor() protoreflect.EnumDescriptor { + return file_cpuinfo_proto_enumTypes[0].Descriptor() +} + +func (CpuinfoX86EntryVendor) Type() protoreflect.EnumType { + return &file_cpuinfo_proto_enumTypes[0] +} + +func (x CpuinfoX86EntryVendor) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Do not use. +func (x *CpuinfoX86EntryVendor) UnmarshalJSON(b []byte) error { + num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b) + if err != nil { + return err + } + *x = CpuinfoX86EntryVendor(num) + return nil +} + +// Deprecated: Use CpuinfoX86EntryVendor.Descriptor instead. +func (CpuinfoX86EntryVendor) EnumDescriptor() ([]byte, []int) { + return file_cpuinfo_proto_rawDescGZIP(), []int{0, 0} +} + +type CpuinfoPpc64EntryEndianness int32 + +const ( + CpuinfoPpc64Entry_BIGENDIAN CpuinfoPpc64EntryEndianness = 0 + CpuinfoPpc64Entry_LITTLEENDIAN CpuinfoPpc64EntryEndianness = 1 +) + +// Enum value maps for CpuinfoPpc64EntryEndianness. +var ( + CpuinfoPpc64EntryEndianness_name = map[int32]string{ + 0: "BIGENDIAN", + 1: "LITTLEENDIAN", + } + CpuinfoPpc64EntryEndianness_value = map[string]int32{ + "BIGENDIAN": 0, + "LITTLEENDIAN": 1, + } +) + +func (x CpuinfoPpc64EntryEndianness) Enum() *CpuinfoPpc64EntryEndianness { + p := new(CpuinfoPpc64EntryEndianness) + *p = x + return p +} + +func (x CpuinfoPpc64EntryEndianness) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (CpuinfoPpc64EntryEndianness) Descriptor() protoreflect.EnumDescriptor { + return file_cpuinfo_proto_enumTypes[1].Descriptor() +} + +func (CpuinfoPpc64EntryEndianness) Type() protoreflect.EnumType { + return &file_cpuinfo_proto_enumTypes[1] +} + +func (x CpuinfoPpc64EntryEndianness) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Do not use. +func (x *CpuinfoPpc64EntryEndianness) UnmarshalJSON(b []byte) error { + num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b) + if err != nil { + return err + } + *x = CpuinfoPpc64EntryEndianness(num) + return nil +} + +// Deprecated: Use CpuinfoPpc64EntryEndianness.Descriptor instead. +func (CpuinfoPpc64EntryEndianness) EnumDescriptor() ([]byte, []int) { + return file_cpuinfo_proto_rawDescGZIP(), []int{1, 0} +} + +type CpuinfoX86Entry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + VendorId *CpuinfoX86EntryVendor `protobuf:"varint,1,req,name=vendor_id,json=vendorId,enum=criu.CpuinfoX86EntryVendor" json:"vendor_id,omitempty"` + CpuFamily *uint32 `protobuf:"varint,2,req,name=cpu_family,json=cpuFamily" json:"cpu_family,omitempty"` + Model *uint32 `protobuf:"varint,3,req,name=model" json:"model,omitempty"` + Stepping *uint32 `protobuf:"varint,4,req,name=stepping" json:"stepping,omitempty"` + CapabilityVer *uint32 `protobuf:"varint,5,req,name=capability_ver,json=capabilityVer" json:"capability_ver,omitempty"` + Capability []uint32 `protobuf:"varint,6,rep,name=capability" json:"capability,omitempty"` + ModelId *string `protobuf:"bytes,7,opt,name=model_id,json=modelId" json:"model_id,omitempty"` + XfeaturesMask *uint64 `protobuf:"varint,8,opt,name=xfeatures_mask,json=xfeaturesMask" json:"xfeatures_mask,omitempty"` + XsaveSize *uint32 `protobuf:"varint,9,opt,name=xsave_size,json=xsaveSize" json:"xsave_size,omitempty"` + XsaveSizeMax *uint32 `protobuf:"varint,10,opt,name=xsave_size_max,json=xsaveSizeMax" json:"xsave_size_max,omitempty"` +} + +func (x *CpuinfoX86Entry) Reset() { + *x = CpuinfoX86Entry{} + if protoimpl.UnsafeEnabled { + mi := &file_cpuinfo_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *CpuinfoX86Entry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*CpuinfoX86Entry) ProtoMessage() {} + +func (x *CpuinfoX86Entry) ProtoReflect() protoreflect.Message { + mi := &file_cpuinfo_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use CpuinfoX86Entry.ProtoReflect.Descriptor instead. +func (*CpuinfoX86Entry) Descriptor() ([]byte, []int) { + return file_cpuinfo_proto_rawDescGZIP(), []int{0} +} + +func (x *CpuinfoX86Entry) GetVendorId() CpuinfoX86EntryVendor { + if x != nil && x.VendorId != nil { + return *x.VendorId + } + return CpuinfoX86Entry_UNKNOWN +} + +func (x *CpuinfoX86Entry) GetCpuFamily() uint32 { + if x != nil && x.CpuFamily != nil { + return *x.CpuFamily + } + return 0 +} + +func (x *CpuinfoX86Entry) GetModel() uint32 { + if x != nil && x.Model != nil { + return *x.Model + } + return 0 +} + +func (x *CpuinfoX86Entry) GetStepping() uint32 { + if x != nil && x.Stepping != nil { + return *x.Stepping + } + return 0 +} + +func (x *CpuinfoX86Entry) GetCapabilityVer() uint32 { + if x != nil && x.CapabilityVer != nil { + return *x.CapabilityVer + } + return 0 +} + +func (x *CpuinfoX86Entry) GetCapability() []uint32 { + if x != nil { + return x.Capability + } + return nil +} + +func (x *CpuinfoX86Entry) GetModelId() string { + if x != nil && x.ModelId != nil { + return *x.ModelId + } + return "" +} + +func (x *CpuinfoX86Entry) GetXfeaturesMask() uint64 { + if x != nil && x.XfeaturesMask != nil { + return *x.XfeaturesMask + } + return 0 +} + +func (x *CpuinfoX86Entry) GetXsaveSize() uint32 { + if x != nil && x.XsaveSize != nil { + return *x.XsaveSize + } + return 0 +} + +func (x *CpuinfoX86Entry) GetXsaveSizeMax() uint32 { + if x != nil && x.XsaveSizeMax != nil { + return *x.XsaveSizeMax + } + return 0 +} + +type CpuinfoPpc64Entry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Endian *CpuinfoPpc64EntryEndianness `protobuf:"varint,1,req,name=endian,enum=criu.CpuinfoPpc64EntryEndianness" json:"endian,omitempty"` + Hwcap []uint64 `protobuf:"varint,2,rep,name=hwcap" json:"hwcap,omitempty"` +} + +func (x *CpuinfoPpc64Entry) Reset() { + *x = CpuinfoPpc64Entry{} + if protoimpl.UnsafeEnabled { + mi := &file_cpuinfo_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *CpuinfoPpc64Entry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*CpuinfoPpc64Entry) ProtoMessage() {} + +func (x *CpuinfoPpc64Entry) ProtoReflect() protoreflect.Message { + mi := &file_cpuinfo_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use CpuinfoPpc64Entry.ProtoReflect.Descriptor instead. +func (*CpuinfoPpc64Entry) Descriptor() ([]byte, []int) { + return file_cpuinfo_proto_rawDescGZIP(), []int{1} +} + +func (x *CpuinfoPpc64Entry) GetEndian() CpuinfoPpc64EntryEndianness { + if x != nil && x.Endian != nil { + return *x.Endian + } + return CpuinfoPpc64Entry_BIGENDIAN +} + +func (x *CpuinfoPpc64Entry) GetHwcap() []uint64 { + if x != nil { + return x.Hwcap + } + return nil +} + +type CpuinfoS390Entry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Hwcap []uint64 `protobuf:"varint,2,rep,name=hwcap" json:"hwcap,omitempty"` +} + +func (x *CpuinfoS390Entry) Reset() { + *x = CpuinfoS390Entry{} + if protoimpl.UnsafeEnabled { + mi := &file_cpuinfo_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *CpuinfoS390Entry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*CpuinfoS390Entry) ProtoMessage() {} + +func (x *CpuinfoS390Entry) ProtoReflect() protoreflect.Message { + mi := &file_cpuinfo_proto_msgTypes[2] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use CpuinfoS390Entry.ProtoReflect.Descriptor instead. +func (*CpuinfoS390Entry) Descriptor() ([]byte, []int) { + return file_cpuinfo_proto_rawDescGZIP(), []int{2} +} + +func (x *CpuinfoS390Entry) GetHwcap() []uint64 { + if x != nil { + return x.Hwcap + } + return nil +} + +type CpuinfoEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Usually on SMP system there should be same CPUs + // installed, but it might happen that system carries + // various CPUs so @repeated used. + X86Entry []*CpuinfoX86Entry `protobuf:"bytes,1,rep,name=x86_entry,json=x86Entry" json:"x86_entry,omitempty"` + Ppc64Entry []*CpuinfoPpc64Entry `protobuf:"bytes,2,rep,name=ppc64_entry,json=ppc64Entry" json:"ppc64_entry,omitempty"` + S390Entry []*CpuinfoS390Entry `protobuf:"bytes,3,rep,name=s390_entry,json=s390Entry" json:"s390_entry,omitempty"` +} + +func (x *CpuinfoEntry) Reset() { + *x = CpuinfoEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_cpuinfo_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *CpuinfoEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*CpuinfoEntry) ProtoMessage() {} + +func (x *CpuinfoEntry) ProtoReflect() protoreflect.Message { + mi := &file_cpuinfo_proto_msgTypes[3] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use CpuinfoEntry.ProtoReflect.Descriptor instead. +func (*CpuinfoEntry) Descriptor() ([]byte, []int) { + return file_cpuinfo_proto_rawDescGZIP(), []int{3} +} + +func (x *CpuinfoEntry) GetX86Entry() []*CpuinfoX86Entry { + if x != nil { + return x.X86Entry + } + return nil +} + +func (x *CpuinfoEntry) GetPpc64Entry() []*CpuinfoPpc64Entry { + if x != nil { + return x.Ppc64Entry + } + return nil +} + +func (x *CpuinfoEntry) GetS390Entry() []*CpuinfoS390Entry { + if x != nil { + return x.S390Entry + } + return nil +} + +var File_cpuinfo_proto protoreflect.FileDescriptor + +var file_cpuinfo_proto_rawDesc = []byte{ + 0x0a, 0x0d, 0x63, 0x70, 0x75, 0x69, 0x6e, 0x66, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, + 0x04, 0x63, 0x72, 0x69, 0x75, 0x22, 0x9a, 0x03, 0x0a, 0x11, 0x63, 0x70, 0x75, 0x69, 0x6e, 0x66, + 0x6f, 0x5f, 0x78, 0x38, 0x36, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x3b, 0x0a, 0x09, 0x76, + 0x65, 0x6e, 0x64, 0x6f, 0x72, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0e, 0x32, 0x1e, + 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x63, 0x70, 0x75, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x78, 0x38, + 0x36, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x76, 0x65, 0x6e, 0x64, 0x6f, 0x72, 0x52, 0x08, + 0x76, 0x65, 0x6e, 0x64, 0x6f, 0x72, 0x49, 0x64, 0x12, 0x1d, 0x0a, 0x0a, 0x63, 0x70, 0x75, 0x5f, + 0x66, 0x61, 0x6d, 0x69, 0x6c, 0x79, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x09, 0x63, 0x70, + 0x75, 0x46, 0x61, 0x6d, 0x69, 0x6c, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x6d, 0x6f, 0x64, 0x65, 0x6c, + 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x12, 0x1a, 0x0a, + 0x08, 0x73, 0x74, 0x65, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x52, + 0x08, 0x73, 0x74, 0x65, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x12, 0x25, 0x0a, 0x0e, 0x63, 0x61, 0x70, + 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x5f, 0x76, 0x65, 0x72, 0x18, 0x05, 0x20, 0x02, 0x28, + 0x0d, 0x52, 0x0d, 0x63, 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x56, 0x65, 0x72, + 0x12, 0x1e, 0x0a, 0x0a, 0x63, 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x18, 0x06, + 0x20, 0x03, 0x28, 0x0d, 0x52, 0x0a, 0x63, 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, + 0x12, 0x19, 0x0a, 0x08, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x5f, 0x69, 0x64, 0x18, 0x07, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x07, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x49, 0x64, 0x12, 0x25, 0x0a, 0x0e, 0x78, + 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x5f, 0x6d, 0x61, 0x73, 0x6b, 0x18, 0x08, 0x20, + 0x01, 0x28, 0x04, 0x52, 0x0d, 0x78, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x4d, 0x61, + 0x73, 0x6b, 0x12, 0x1d, 0x0a, 0x0a, 0x78, 0x73, 0x61, 0x76, 0x65, 0x5f, 0x73, 0x69, 0x7a, 0x65, + 0x18, 0x09, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x09, 0x78, 0x73, 0x61, 0x76, 0x65, 0x53, 0x69, 0x7a, + 0x65, 0x12, 0x24, 0x0a, 0x0e, 0x78, 0x73, 0x61, 0x76, 0x65, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x5f, + 0x6d, 0x61, 0x78, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0c, 0x78, 0x73, 0x61, 0x76, 0x65, + 0x53, 0x69, 0x7a, 0x65, 0x4d, 0x61, 0x78, 0x22, 0x29, 0x0a, 0x06, 0x76, 0x65, 0x6e, 0x64, 0x6f, + 0x72, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x09, + 0x0a, 0x05, 0x49, 0x4e, 0x54, 0x45, 0x4c, 0x10, 0x01, 0x12, 0x07, 0x0a, 0x03, 0x41, 0x4d, 0x44, + 0x10, 0x02, 0x22, 0x98, 0x01, 0x0a, 0x13, 0x63, 0x70, 0x75, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x70, + 0x70, 0x63, 0x36, 0x34, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x3c, 0x0a, 0x06, 0x65, 0x6e, + 0x64, 0x69, 0x61, 0x6e, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0e, 0x32, 0x24, 0x2e, 0x63, 0x72, 0x69, + 0x75, 0x2e, 0x63, 0x70, 0x75, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x70, 0x70, 0x63, 0x36, 0x34, 0x5f, + 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x65, 0x6e, 0x64, 0x69, 0x61, 0x6e, 0x6e, 0x65, 0x73, 0x73, + 0x52, 0x06, 0x65, 0x6e, 0x64, 0x69, 0x61, 0x6e, 0x12, 0x14, 0x0a, 0x05, 0x68, 0x77, 0x63, 0x61, + 0x70, 0x18, 0x02, 0x20, 0x03, 0x28, 0x04, 0x52, 0x05, 0x68, 0x77, 0x63, 0x61, 0x70, 0x22, 0x2d, + 0x0a, 0x0a, 0x65, 0x6e, 0x64, 0x69, 0x61, 0x6e, 0x6e, 0x65, 0x73, 0x73, 0x12, 0x0d, 0x0a, 0x09, + 0x42, 0x49, 0x47, 0x45, 0x4e, 0x44, 0x49, 0x41, 0x4e, 0x10, 0x00, 0x12, 0x10, 0x0a, 0x0c, 0x4c, + 0x49, 0x54, 0x54, 0x4c, 0x45, 0x45, 0x4e, 0x44, 0x49, 0x41, 0x4e, 0x10, 0x01, 0x22, 0x2a, 0x0a, + 0x12, 0x63, 0x70, 0x75, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x73, 0x33, 0x39, 0x30, 0x5f, 0x65, 0x6e, + 0x74, 0x72, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x68, 0x77, 0x63, 0x61, 0x70, 0x18, 0x02, 0x20, 0x03, + 0x28, 0x04, 0x52, 0x05, 0x68, 0x77, 0x63, 0x61, 0x70, 0x22, 0xba, 0x01, 0x0a, 0x0d, 0x63, 0x70, + 0x75, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x34, 0x0a, 0x09, 0x78, + 0x38, 0x36, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x17, + 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x63, 0x70, 0x75, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x78, 0x38, + 0x36, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x08, 0x78, 0x38, 0x36, 0x45, 0x6e, 0x74, 0x72, + 0x79, 0x12, 0x3a, 0x0a, 0x0b, 0x70, 0x70, 0x63, 0x36, 0x34, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, + 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x63, 0x70, + 0x75, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x70, 0x70, 0x63, 0x36, 0x34, 0x5f, 0x65, 0x6e, 0x74, 0x72, + 0x79, 0x52, 0x0a, 0x70, 0x70, 0x63, 0x36, 0x34, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x37, 0x0a, + 0x0a, 0x73, 0x33, 0x39, 0x30, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x18, 0x03, 0x20, 0x03, 0x28, + 0x0b, 0x32, 0x18, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x63, 0x70, 0x75, 0x69, 0x6e, 0x66, 0x6f, + 0x5f, 0x73, 0x33, 0x39, 0x30, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x09, 0x73, 0x33, 0x39, + 0x30, 0x45, 0x6e, 0x74, 0x72, 0x79, +} + +var ( + file_cpuinfo_proto_rawDescOnce sync.Once + file_cpuinfo_proto_rawDescData = file_cpuinfo_proto_rawDesc +) + +func file_cpuinfo_proto_rawDescGZIP() []byte { + file_cpuinfo_proto_rawDescOnce.Do(func() { + file_cpuinfo_proto_rawDescData = protoimpl.X.CompressGZIP(file_cpuinfo_proto_rawDescData) + }) + return file_cpuinfo_proto_rawDescData +} + +var file_cpuinfo_proto_enumTypes = make([]protoimpl.EnumInfo, 2) +var file_cpuinfo_proto_msgTypes = make([]protoimpl.MessageInfo, 4) +var file_cpuinfo_proto_goTypes = []interface{}{ + (CpuinfoX86EntryVendor)(0), // 0: criu.cpuinfo_x86_entry.vendor + (CpuinfoPpc64EntryEndianness)(0), // 1: criu.cpuinfo_ppc64_entry.endianness + (*CpuinfoX86Entry)(nil), // 2: criu.cpuinfo_x86_entry + (*CpuinfoPpc64Entry)(nil), // 3: criu.cpuinfo_ppc64_entry + (*CpuinfoS390Entry)(nil), // 4: criu.cpuinfo_s390_entry + (*CpuinfoEntry)(nil), // 5: criu.cpuinfo_entry +} +var file_cpuinfo_proto_depIdxs = []int32{ + 0, // 0: criu.cpuinfo_x86_entry.vendor_id:type_name -> criu.cpuinfo_x86_entry.vendor + 1, // 1: criu.cpuinfo_ppc64_entry.endian:type_name -> criu.cpuinfo_ppc64_entry.endianness + 2, // 2: criu.cpuinfo_entry.x86_entry:type_name -> criu.cpuinfo_x86_entry + 3, // 3: criu.cpuinfo_entry.ppc64_entry:type_name -> criu.cpuinfo_ppc64_entry + 4, // 4: criu.cpuinfo_entry.s390_entry:type_name -> criu.cpuinfo_s390_entry + 5, // [5:5] is the sub-list for method output_type + 5, // [5:5] is the sub-list for method input_type + 5, // [5:5] is the sub-list for extension type_name + 5, // [5:5] is the sub-list for extension extendee + 0, // [0:5] is the sub-list for field type_name +} + +func init() { file_cpuinfo_proto_init() } +func file_cpuinfo_proto_init() { + if File_cpuinfo_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_cpuinfo_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*CpuinfoX86Entry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_cpuinfo_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*CpuinfoPpc64Entry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_cpuinfo_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*CpuinfoS390Entry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_cpuinfo_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*CpuinfoEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_cpuinfo_proto_rawDesc, + NumEnums: 2, + NumMessages: 4, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_cpuinfo_proto_goTypes, + DependencyIndexes: file_cpuinfo_proto_depIdxs, + EnumInfos: file_cpuinfo_proto_enumTypes, + MessageInfos: file_cpuinfo_proto_msgTypes, + }.Build() + File_cpuinfo_proto = out.File + file_cpuinfo_proto_rawDesc = nil + file_cpuinfo_proto_goTypes = nil + file_cpuinfo_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/cpuinfo.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/cpuinfo.proto new file mode 100644 index 00000000000..0ea16c440ef --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/cpuinfo.proto @@ -0,0 +1,50 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +message cpuinfo_x86_entry { + enum vendor { + UNKNOWN = 0; + INTEL = 1; + AMD = 2; + } + + required vendor vendor_id = 1; + required uint32 cpu_family = 2; + required uint32 model = 3; + required uint32 stepping = 4; + required uint32 capability_ver = 5; + repeated uint32 capability = 6; + + optional string model_id = 7; + + optional uint64 xfeatures_mask = 8; + optional uint32 xsave_size = 9; + optional uint32 xsave_size_max = 10; +} + +message cpuinfo_ppc64_entry { + enum endianness { + BIGENDIAN = 0; + LITTLEENDIAN = 1; + } + + required endianness endian = 1; + repeated uint64 hwcap = 2; +} + +message cpuinfo_s390_entry { + repeated uint64 hwcap = 2; +} + +message cpuinfo_entry { + /* + * Usually on SMP system there should be same CPUs + * installed, but it might happen that system carries + * various CPUs so @repeated used. + */ + repeated cpuinfo_x86_entry x86_entry = 1; + repeated cpuinfo_ppc64_entry ppc64_entry = 2; + repeated cpuinfo_s390_entry s390_entry = 3; +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/creds.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/creds.pb.go new file mode 100644 index 00000000000..1b0592b1810 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/creds.pb.go @@ -0,0 +1,295 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: creds.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type CredsEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Uid *uint32 `protobuf:"varint,1,req,name=uid" json:"uid,omitempty"` + Gid *uint32 `protobuf:"varint,2,req,name=gid" json:"gid,omitempty"` + Euid *uint32 `protobuf:"varint,3,req,name=euid" json:"euid,omitempty"` + Egid *uint32 `protobuf:"varint,4,req,name=egid" json:"egid,omitempty"` + Suid *uint32 `protobuf:"varint,5,req,name=suid" json:"suid,omitempty"` + Sgid *uint32 `protobuf:"varint,6,req,name=sgid" json:"sgid,omitempty"` + Fsuid *uint32 `protobuf:"varint,7,req,name=fsuid" json:"fsuid,omitempty"` + Fsgid *uint32 `protobuf:"varint,8,req,name=fsgid" json:"fsgid,omitempty"` + CapInh []uint32 `protobuf:"varint,9,rep,name=cap_inh,json=capInh" json:"cap_inh,omitempty"` + CapPrm []uint32 `protobuf:"varint,10,rep,name=cap_prm,json=capPrm" json:"cap_prm,omitempty"` + CapEff []uint32 `protobuf:"varint,11,rep,name=cap_eff,json=capEff" json:"cap_eff,omitempty"` + CapBnd []uint32 `protobuf:"varint,12,rep,name=cap_bnd,json=capBnd" json:"cap_bnd,omitempty"` + Secbits *uint32 `protobuf:"varint,13,req,name=secbits" json:"secbits,omitempty"` + Groups []uint32 `protobuf:"varint,14,rep,name=groups" json:"groups,omitempty"` + LsmProfile *string `protobuf:"bytes,15,opt,name=lsm_profile,json=lsmProfile" json:"lsm_profile,omitempty"` + LsmSockcreate *string `protobuf:"bytes,16,opt,name=lsm_sockcreate,json=lsmSockcreate" json:"lsm_sockcreate,omitempty"` + ApparmorData []byte `protobuf:"bytes,17,opt,name=apparmor_data,json=apparmorData" json:"apparmor_data,omitempty"` +} + +func (x *CredsEntry) Reset() { + *x = CredsEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_creds_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *CredsEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*CredsEntry) ProtoMessage() {} + +func (x *CredsEntry) ProtoReflect() protoreflect.Message { + mi := &file_creds_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use CredsEntry.ProtoReflect.Descriptor instead. +func (*CredsEntry) Descriptor() ([]byte, []int) { + return file_creds_proto_rawDescGZIP(), []int{0} +} + +func (x *CredsEntry) GetUid() uint32 { + if x != nil && x.Uid != nil { + return *x.Uid + } + return 0 +} + +func (x *CredsEntry) GetGid() uint32 { + if x != nil && x.Gid != nil { + return *x.Gid + } + return 0 +} + +func (x *CredsEntry) GetEuid() uint32 { + if x != nil && x.Euid != nil { + return *x.Euid + } + return 0 +} + +func (x *CredsEntry) GetEgid() uint32 { + if x != nil && x.Egid != nil { + return *x.Egid + } + return 0 +} + +func (x *CredsEntry) GetSuid() uint32 { + if x != nil && x.Suid != nil { + return *x.Suid + } + return 0 +} + +func (x *CredsEntry) GetSgid() uint32 { + if x != nil && x.Sgid != nil { + return *x.Sgid + } + return 0 +} + +func (x *CredsEntry) GetFsuid() uint32 { + if x != nil && x.Fsuid != nil { + return *x.Fsuid + } + return 0 +} + +func (x *CredsEntry) GetFsgid() uint32 { + if x != nil && x.Fsgid != nil { + return *x.Fsgid + } + return 0 +} + +func (x *CredsEntry) GetCapInh() []uint32 { + if x != nil { + return x.CapInh + } + return nil +} + +func (x *CredsEntry) GetCapPrm() []uint32 { + if x != nil { + return x.CapPrm + } + return nil +} + +func (x *CredsEntry) GetCapEff() []uint32 { + if x != nil { + return x.CapEff + } + return nil +} + +func (x *CredsEntry) GetCapBnd() []uint32 { + if x != nil { + return x.CapBnd + } + return nil +} + +func (x *CredsEntry) GetSecbits() uint32 { + if x != nil && x.Secbits != nil { + return *x.Secbits + } + return 0 +} + +func (x *CredsEntry) GetGroups() []uint32 { + if x != nil { + return x.Groups + } + return nil +} + +func (x *CredsEntry) GetLsmProfile() string { + if x != nil && x.LsmProfile != nil { + return *x.LsmProfile + } + return "" +} + +func (x *CredsEntry) GetLsmSockcreate() string { + if x != nil && x.LsmSockcreate != nil { + return *x.LsmSockcreate + } + return "" +} + +func (x *CredsEntry) GetApparmorData() []byte { + if x != nil { + return x.ApparmorData + } + return nil +} + +var File_creds_proto protoreflect.FileDescriptor + +var file_creds_proto_rawDesc = []byte{ + 0x0a, 0x0b, 0x63, 0x72, 0x65, 0x64, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x63, + 0x72, 0x69, 0x75, 0x22, 0xb0, 0x03, 0x0a, 0x0b, 0x63, 0x72, 0x65, 0x64, 0x73, 0x5f, 0x65, 0x6e, + 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, + 0x52, 0x03, 0x75, 0x69, 0x64, 0x12, 0x10, 0x0a, 0x03, 0x67, 0x69, 0x64, 0x18, 0x02, 0x20, 0x02, + 0x28, 0x0d, 0x52, 0x03, 0x67, 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x65, 0x75, 0x69, 0x64, 0x18, + 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x65, 0x75, 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x65, + 0x67, 0x69, 0x64, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x65, 0x67, 0x69, 0x64, 0x12, + 0x12, 0x0a, 0x04, 0x73, 0x75, 0x69, 0x64, 0x18, 0x05, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x73, + 0x75, 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x73, 0x67, 0x69, 0x64, 0x18, 0x06, 0x20, 0x02, 0x28, + 0x0d, 0x52, 0x04, 0x73, 0x67, 0x69, 0x64, 0x12, 0x14, 0x0a, 0x05, 0x66, 0x73, 0x75, 0x69, 0x64, + 0x18, 0x07, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x66, 0x73, 0x75, 0x69, 0x64, 0x12, 0x14, 0x0a, + 0x05, 0x66, 0x73, 0x67, 0x69, 0x64, 0x18, 0x08, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x66, 0x73, + 0x67, 0x69, 0x64, 0x12, 0x17, 0x0a, 0x07, 0x63, 0x61, 0x70, 0x5f, 0x69, 0x6e, 0x68, 0x18, 0x09, + 0x20, 0x03, 0x28, 0x0d, 0x52, 0x06, 0x63, 0x61, 0x70, 0x49, 0x6e, 0x68, 0x12, 0x17, 0x0a, 0x07, + 0x63, 0x61, 0x70, 0x5f, 0x70, 0x72, 0x6d, 0x18, 0x0a, 0x20, 0x03, 0x28, 0x0d, 0x52, 0x06, 0x63, + 0x61, 0x70, 0x50, 0x72, 0x6d, 0x12, 0x17, 0x0a, 0x07, 0x63, 0x61, 0x70, 0x5f, 0x65, 0x66, 0x66, + 0x18, 0x0b, 0x20, 0x03, 0x28, 0x0d, 0x52, 0x06, 0x63, 0x61, 0x70, 0x45, 0x66, 0x66, 0x12, 0x17, + 0x0a, 0x07, 0x63, 0x61, 0x70, 0x5f, 0x62, 0x6e, 0x64, 0x18, 0x0c, 0x20, 0x03, 0x28, 0x0d, 0x52, + 0x06, 0x63, 0x61, 0x70, 0x42, 0x6e, 0x64, 0x12, 0x18, 0x0a, 0x07, 0x73, 0x65, 0x63, 0x62, 0x69, + 0x74, 0x73, 0x18, 0x0d, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x73, 0x65, 0x63, 0x62, 0x69, 0x74, + 0x73, 0x12, 0x16, 0x0a, 0x06, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x18, 0x0e, 0x20, 0x03, 0x28, + 0x0d, 0x52, 0x06, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x12, 0x1f, 0x0a, 0x0b, 0x6c, 0x73, 0x6d, + 0x5f, 0x70, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, + 0x6c, 0x73, 0x6d, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x12, 0x25, 0x0a, 0x0e, 0x6c, 0x73, + 0x6d, 0x5f, 0x73, 0x6f, 0x63, 0x6b, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x18, 0x10, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x0d, 0x6c, 0x73, 0x6d, 0x53, 0x6f, 0x63, 0x6b, 0x63, 0x72, 0x65, 0x61, 0x74, + 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x61, 0x70, 0x70, 0x61, 0x72, 0x6d, 0x6f, 0x72, 0x5f, 0x64, 0x61, + 0x74, 0x61, 0x18, 0x11, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0c, 0x61, 0x70, 0x70, 0x61, 0x72, 0x6d, + 0x6f, 0x72, 0x44, 0x61, 0x74, 0x61, +} + +var ( + file_creds_proto_rawDescOnce sync.Once + file_creds_proto_rawDescData = file_creds_proto_rawDesc +) + +func file_creds_proto_rawDescGZIP() []byte { + file_creds_proto_rawDescOnce.Do(func() { + file_creds_proto_rawDescData = protoimpl.X.CompressGZIP(file_creds_proto_rawDescData) + }) + return file_creds_proto_rawDescData +} + +var file_creds_proto_msgTypes = make([]protoimpl.MessageInfo, 1) +var file_creds_proto_goTypes = []interface{}{ + (*CredsEntry)(nil), // 0: criu.creds_entry +} +var file_creds_proto_depIdxs = []int32{ + 0, // [0:0] is the sub-list for method output_type + 0, // [0:0] is the sub-list for method input_type + 0, // [0:0] is the sub-list for extension type_name + 0, // [0:0] is the sub-list for extension extendee + 0, // [0:0] is the sub-list for field type_name +} + +func init() { file_creds_proto_init() } +func file_creds_proto_init() { + if File_creds_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_creds_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*CredsEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_creds_proto_rawDesc, + NumEnums: 0, + NumMessages: 1, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_creds_proto_goTypes, + DependencyIndexes: file_creds_proto_depIdxs, + MessageInfos: file_creds_proto_msgTypes, + }.Build() + File_creds_proto = out.File + file_creds_proto_rawDesc = nil + file_creds_proto_goTypes = nil + file_creds_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/creds.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/creds.proto new file mode 100644 index 00000000000..eedcb4de8b3 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/creds.proto @@ -0,0 +1,28 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +message creds_entry { + required uint32 uid = 1; + required uint32 gid = 2; + required uint32 euid = 3; + required uint32 egid = 4; + required uint32 suid = 5; + required uint32 sgid = 6; + required uint32 fsuid = 7; + required uint32 fsgid = 8; + + repeated uint32 cap_inh = 9; + repeated uint32 cap_prm = 10; + repeated uint32 cap_eff = 11; + repeated uint32 cap_bnd = 12; + + required uint32 secbits = 13; + + repeated uint32 groups = 14; + + optional string lsm_profile = 15; + optional string lsm_sockcreate = 16; + optional bytes apparmor_data = 17; +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/eventfd.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/eventfd.pb.go new file mode 100644 index 00000000000..d5150b514b2 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/eventfd.pb.go @@ -0,0 +1,175 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: eventfd.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type EventfdFileEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Id *uint32 `protobuf:"varint,1,req,name=id" json:"id,omitempty"` + Flags *uint32 `protobuf:"varint,2,req,name=flags" json:"flags,omitempty"` + Fown *FownEntry `protobuf:"bytes,3,req,name=fown" json:"fown,omitempty"` + Counter *uint64 `protobuf:"varint,4,req,name=counter" json:"counter,omitempty"` +} + +func (x *EventfdFileEntry) Reset() { + *x = EventfdFileEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_eventfd_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *EventfdFileEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*EventfdFileEntry) ProtoMessage() {} + +func (x *EventfdFileEntry) ProtoReflect() protoreflect.Message { + mi := &file_eventfd_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use EventfdFileEntry.ProtoReflect.Descriptor instead. +func (*EventfdFileEntry) Descriptor() ([]byte, []int) { + return file_eventfd_proto_rawDescGZIP(), []int{0} +} + +func (x *EventfdFileEntry) GetId() uint32 { + if x != nil && x.Id != nil { + return *x.Id + } + return 0 +} + +func (x *EventfdFileEntry) GetFlags() uint32 { + if x != nil && x.Flags != nil { + return *x.Flags + } + return 0 +} + +func (x *EventfdFileEntry) GetFown() *FownEntry { + if x != nil { + return x.Fown + } + return nil +} + +func (x *EventfdFileEntry) GetCounter() uint64 { + if x != nil && x.Counter != nil { + return *x.Counter + } + return 0 +} + +var File_eventfd_proto protoreflect.FileDescriptor + +var file_eventfd_proto_rawDesc = []byte{ + 0x0a, 0x0d, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x66, 0x64, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, + 0x04, 0x63, 0x72, 0x69, 0x75, 0x1a, 0x0a, 0x66, 0x6f, 0x77, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x22, 0x7a, 0x0a, 0x12, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x66, 0x64, 0x5f, 0x66, 0x69, 0x6c, + 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, + 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, 0x14, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, + 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x24, 0x0a, + 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x63, 0x72, + 0x69, 0x75, 0x2e, 0x66, 0x6f, 0x77, 0x6e, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x66, + 0x6f, 0x77, 0x6e, 0x12, 0x18, 0x0a, 0x07, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x04, + 0x20, 0x02, 0x28, 0x04, 0x52, 0x07, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x65, 0x72, +} + +var ( + file_eventfd_proto_rawDescOnce sync.Once + file_eventfd_proto_rawDescData = file_eventfd_proto_rawDesc +) + +func file_eventfd_proto_rawDescGZIP() []byte { + file_eventfd_proto_rawDescOnce.Do(func() { + file_eventfd_proto_rawDescData = protoimpl.X.CompressGZIP(file_eventfd_proto_rawDescData) + }) + return file_eventfd_proto_rawDescData +} + +var file_eventfd_proto_msgTypes = make([]protoimpl.MessageInfo, 1) +var file_eventfd_proto_goTypes = []interface{}{ + (*EventfdFileEntry)(nil), // 0: criu.eventfd_file_entry + (*FownEntry)(nil), // 1: criu.fown_entry +} +var file_eventfd_proto_depIdxs = []int32{ + 1, // 0: criu.eventfd_file_entry.fown:type_name -> criu.fown_entry + 1, // [1:1] is the sub-list for method output_type + 1, // [1:1] is the sub-list for method input_type + 1, // [1:1] is the sub-list for extension type_name + 1, // [1:1] is the sub-list for extension extendee + 0, // [0:1] is the sub-list for field type_name +} + +func init() { file_eventfd_proto_init() } +func file_eventfd_proto_init() { + if File_eventfd_proto != nil { + return + } + file_fown_proto_init() + if !protoimpl.UnsafeEnabled { + file_eventfd_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*EventfdFileEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_eventfd_proto_rawDesc, + NumEnums: 0, + NumMessages: 1, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_eventfd_proto_goTypes, + DependencyIndexes: file_eventfd_proto_depIdxs, + MessageInfos: file_eventfd_proto_msgTypes, + }.Build() + File_eventfd_proto = out.File + file_eventfd_proto_rawDesc = nil + file_eventfd_proto_goTypes = nil + file_eventfd_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/eventfd.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/eventfd.proto new file mode 100644 index 00000000000..538341453f4 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/eventfd.proto @@ -0,0 +1,13 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +import "fown.proto"; + +message eventfd_file_entry { + required uint32 id = 1; + required uint32 flags = 2; + required fown_entry fown = 3; + required uint64 counter = 4; +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/eventpoll.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/eventpoll.pb.go new file mode 100644 index 00000000000..7a593bdee07 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/eventpoll.pb.go @@ -0,0 +1,297 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: eventpoll.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type EventpollTfdEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Id *uint32 `protobuf:"varint,1,req,name=id" json:"id,omitempty"` + Tfd *uint32 `protobuf:"varint,2,req,name=tfd" json:"tfd,omitempty"` + Events *uint32 `protobuf:"varint,3,req,name=events" json:"events,omitempty"` + Data *uint64 `protobuf:"varint,4,req,name=data" json:"data,omitempty"` + // to find dup'ed target files + Dev *uint32 `protobuf:"varint,5,opt,name=dev" json:"dev,omitempty"` + Inode *uint64 `protobuf:"varint,6,opt,name=inode" json:"inode,omitempty"` + Pos *uint64 `protobuf:"varint,7,opt,name=pos" json:"pos,omitempty"` +} + +func (x *EventpollTfdEntry) Reset() { + *x = EventpollTfdEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_eventpoll_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *EventpollTfdEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*EventpollTfdEntry) ProtoMessage() {} + +func (x *EventpollTfdEntry) ProtoReflect() protoreflect.Message { + mi := &file_eventpoll_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use EventpollTfdEntry.ProtoReflect.Descriptor instead. +func (*EventpollTfdEntry) Descriptor() ([]byte, []int) { + return file_eventpoll_proto_rawDescGZIP(), []int{0} +} + +func (x *EventpollTfdEntry) GetId() uint32 { + if x != nil && x.Id != nil { + return *x.Id + } + return 0 +} + +func (x *EventpollTfdEntry) GetTfd() uint32 { + if x != nil && x.Tfd != nil { + return *x.Tfd + } + return 0 +} + +func (x *EventpollTfdEntry) GetEvents() uint32 { + if x != nil && x.Events != nil { + return *x.Events + } + return 0 +} + +func (x *EventpollTfdEntry) GetData() uint64 { + if x != nil && x.Data != nil { + return *x.Data + } + return 0 +} + +func (x *EventpollTfdEntry) GetDev() uint32 { + if x != nil && x.Dev != nil { + return *x.Dev + } + return 0 +} + +func (x *EventpollTfdEntry) GetInode() uint64 { + if x != nil && x.Inode != nil { + return *x.Inode + } + return 0 +} + +func (x *EventpollTfdEntry) GetPos() uint64 { + if x != nil && x.Pos != nil { + return *x.Pos + } + return 0 +} + +type EventpollFileEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Id *uint32 `protobuf:"varint,1,req,name=id" json:"id,omitempty"` + Flags *uint32 `protobuf:"varint,2,req,name=flags" json:"flags,omitempty"` + Fown *FownEntry `protobuf:"bytes,3,req,name=fown" json:"fown,omitempty"` + Tfd []*EventpollTfdEntry `protobuf:"bytes,4,rep,name=tfd" json:"tfd,omitempty"` +} + +func (x *EventpollFileEntry) Reset() { + *x = EventpollFileEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_eventpoll_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *EventpollFileEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*EventpollFileEntry) ProtoMessage() {} + +func (x *EventpollFileEntry) ProtoReflect() protoreflect.Message { + mi := &file_eventpoll_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use EventpollFileEntry.ProtoReflect.Descriptor instead. +func (*EventpollFileEntry) Descriptor() ([]byte, []int) { + return file_eventpoll_proto_rawDescGZIP(), []int{1} +} + +func (x *EventpollFileEntry) GetId() uint32 { + if x != nil && x.Id != nil { + return *x.Id + } + return 0 +} + +func (x *EventpollFileEntry) GetFlags() uint32 { + if x != nil && x.Flags != nil { + return *x.Flags + } + return 0 +} + +func (x *EventpollFileEntry) GetFown() *FownEntry { + if x != nil { + return x.Fown + } + return nil +} + +func (x *EventpollFileEntry) GetTfd() []*EventpollTfdEntry { + if x != nil { + return x.Tfd + } + return nil +} + +var File_eventpoll_proto protoreflect.FileDescriptor + +var file_eventpoll_proto_rawDesc = []byte{ + 0x0a, 0x0f, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x70, 0x6f, 0x6c, 0x6c, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x12, 0x04, 0x63, 0x72, 0x69, 0x75, 0x1a, 0x0a, 0x66, 0x6f, 0x77, 0x6e, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x22, 0x9d, 0x01, 0x0a, 0x13, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x70, 0x6f, 0x6c, + 0x6c, 0x5f, 0x74, 0x66, 0x64, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, + 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, 0x10, 0x0a, 0x03, 0x74, + 0x66, 0x64, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, 0x74, 0x66, 0x64, 0x12, 0x16, 0x0a, + 0x06, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x06, 0x65, + 0x76, 0x65, 0x6e, 0x74, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x64, 0x61, 0x74, 0x61, 0x18, 0x04, 0x20, + 0x02, 0x28, 0x04, 0x52, 0x04, 0x64, 0x61, 0x74, 0x61, 0x12, 0x10, 0x0a, 0x03, 0x64, 0x65, 0x76, + 0x18, 0x05, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x03, 0x64, 0x65, 0x76, 0x12, 0x14, 0x0a, 0x05, 0x69, + 0x6e, 0x6f, 0x64, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x04, 0x52, 0x05, 0x69, 0x6e, 0x6f, 0x64, + 0x65, 0x12, 0x10, 0x0a, 0x03, 0x70, 0x6f, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x04, 0x52, 0x03, + 0x70, 0x6f, 0x73, 0x22, 0x8f, 0x01, 0x0a, 0x14, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x70, 0x6f, 0x6c, + 0x6c, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, + 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, 0x14, 0x0a, 0x05, + 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x66, 0x6c, 0x61, + 0x67, 0x73, 0x12, 0x24, 0x0a, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0b, + 0x32, 0x10, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x66, 0x6f, 0x77, 0x6e, 0x5f, 0x65, 0x6e, 0x74, + 0x72, 0x79, 0x52, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x12, 0x2b, 0x0a, 0x03, 0x74, 0x66, 0x64, 0x18, + 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x65, 0x76, 0x65, + 0x6e, 0x74, 0x70, 0x6f, 0x6c, 0x6c, 0x5f, 0x74, 0x66, 0x64, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, + 0x52, 0x03, 0x74, 0x66, 0x64, +} + +var ( + file_eventpoll_proto_rawDescOnce sync.Once + file_eventpoll_proto_rawDescData = file_eventpoll_proto_rawDesc +) + +func file_eventpoll_proto_rawDescGZIP() []byte { + file_eventpoll_proto_rawDescOnce.Do(func() { + file_eventpoll_proto_rawDescData = protoimpl.X.CompressGZIP(file_eventpoll_proto_rawDescData) + }) + return file_eventpoll_proto_rawDescData +} + +var file_eventpoll_proto_msgTypes = make([]protoimpl.MessageInfo, 2) +var file_eventpoll_proto_goTypes = []interface{}{ + (*EventpollTfdEntry)(nil), // 0: criu.eventpoll_tfd_entry + (*EventpollFileEntry)(nil), // 1: criu.eventpoll_file_entry + (*FownEntry)(nil), // 2: criu.fown_entry +} +var file_eventpoll_proto_depIdxs = []int32{ + 2, // 0: criu.eventpoll_file_entry.fown:type_name -> criu.fown_entry + 0, // 1: criu.eventpoll_file_entry.tfd:type_name -> criu.eventpoll_tfd_entry + 2, // [2:2] is the sub-list for method output_type + 2, // [2:2] is the sub-list for method input_type + 2, // [2:2] is the sub-list for extension type_name + 2, // [2:2] is the sub-list for extension extendee + 0, // [0:2] is the sub-list for field type_name +} + +func init() { file_eventpoll_proto_init() } +func file_eventpoll_proto_init() { + if File_eventpoll_proto != nil { + return + } + file_fown_proto_init() + if !protoimpl.UnsafeEnabled { + file_eventpoll_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*EventpollTfdEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_eventpoll_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*EventpollFileEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_eventpoll_proto_rawDesc, + NumEnums: 0, + NumMessages: 2, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_eventpoll_proto_goTypes, + DependencyIndexes: file_eventpoll_proto_depIdxs, + MessageInfos: file_eventpoll_proto_msgTypes, + }.Build() + File_eventpoll_proto = out.File + file_eventpoll_proto_rawDesc = nil + file_eventpoll_proto_goTypes = nil + file_eventpoll_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/eventpoll.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/eventpoll.proto new file mode 100644 index 00000000000..9d1290265a4 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/eventpoll.proto @@ -0,0 +1,25 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +import "fown.proto"; + +message eventpoll_tfd_entry { + required uint32 id = 1; + required uint32 tfd = 2; + required uint32 events = 3; + required uint64 data = 4; + + /* to find dup'ed target files */ + optional uint32 dev = 5; + optional uint64 inode = 6; + optional uint64 pos = 7; +} + +message eventpoll_file_entry { + required uint32 id = 1; + required uint32 flags = 2; + required fown_entry fown = 3; + repeated eventpoll_tfd_entry tfd = 4; +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ext-file.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ext-file.pb.go new file mode 100644 index 00000000000..a518f95e89e --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ext-file.pb.go @@ -0,0 +1,156 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: ext-file.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type ExtFileEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Id *uint32 `protobuf:"varint,1,req,name=id" json:"id,omitempty"` + Fown *FownEntry `protobuf:"bytes,5,req,name=fown" json:"fown,omitempty"` +} + +func (x *ExtFileEntry) Reset() { + *x = ExtFileEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_ext_file_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ExtFileEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ExtFileEntry) ProtoMessage() {} + +func (x *ExtFileEntry) ProtoReflect() protoreflect.Message { + mi := &file_ext_file_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ExtFileEntry.ProtoReflect.Descriptor instead. +func (*ExtFileEntry) Descriptor() ([]byte, []int) { + return file_ext_file_proto_rawDescGZIP(), []int{0} +} + +func (x *ExtFileEntry) GetId() uint32 { + if x != nil && x.Id != nil { + return *x.Id + } + return 0 +} + +func (x *ExtFileEntry) GetFown() *FownEntry { + if x != nil { + return x.Fown + } + return nil +} + +var File_ext_file_proto protoreflect.FileDescriptor + +var file_ext_file_proto_rawDesc = []byte{ + 0x0a, 0x0e, 0x65, 0x78, 0x74, 0x2d, 0x66, 0x69, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x12, 0x04, 0x63, 0x72, 0x69, 0x75, 0x1a, 0x0a, 0x66, 0x6f, 0x77, 0x6e, 0x2e, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x22, 0x46, 0x0a, 0x0e, 0x65, 0x78, 0x74, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, + 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, + 0x52, 0x02, 0x69, 0x64, 0x12, 0x24, 0x0a, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x18, 0x05, 0x20, 0x02, + 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x66, 0x6f, 0x77, 0x6e, 0x5f, 0x65, + 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x66, 0x6f, 0x77, 0x6e, +} + +var ( + file_ext_file_proto_rawDescOnce sync.Once + file_ext_file_proto_rawDescData = file_ext_file_proto_rawDesc +) + +func file_ext_file_proto_rawDescGZIP() []byte { + file_ext_file_proto_rawDescOnce.Do(func() { + file_ext_file_proto_rawDescData = protoimpl.X.CompressGZIP(file_ext_file_proto_rawDescData) + }) + return file_ext_file_proto_rawDescData +} + +var file_ext_file_proto_msgTypes = make([]protoimpl.MessageInfo, 1) +var file_ext_file_proto_goTypes = []interface{}{ + (*ExtFileEntry)(nil), // 0: criu.ext_file_entry + (*FownEntry)(nil), // 1: criu.fown_entry +} +var file_ext_file_proto_depIdxs = []int32{ + 1, // 0: criu.ext_file_entry.fown:type_name -> criu.fown_entry + 1, // [1:1] is the sub-list for method output_type + 1, // [1:1] is the sub-list for method input_type + 1, // [1:1] is the sub-list for extension type_name + 1, // [1:1] is the sub-list for extension extendee + 0, // [0:1] is the sub-list for field type_name +} + +func init() { file_ext_file_proto_init() } +func file_ext_file_proto_init() { + if File_ext_file_proto != nil { + return + } + file_fown_proto_init() + if !protoimpl.UnsafeEnabled { + file_ext_file_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ExtFileEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_ext_file_proto_rawDesc, + NumEnums: 0, + NumMessages: 1, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_ext_file_proto_goTypes, + DependencyIndexes: file_ext_file_proto_depIdxs, + MessageInfos: file_ext_file_proto_msgTypes, + }.Build() + File_ext_file_proto = out.File + file_ext_file_proto_rawDesc = nil + file_ext_file_proto_goTypes = nil + file_ext_file_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ext-file.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ext-file.proto new file mode 100644 index 00000000000..e1161a0a3f5 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ext-file.proto @@ -0,0 +1,11 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +import "fown.proto"; + +message ext_file_entry { + required uint32 id = 1; + required fown_entry fown = 5; +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fdinfo.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fdinfo.pb.go new file mode 100644 index 00000000000..f7157cbef89 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fdinfo.pb.go @@ -0,0 +1,667 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: fdinfo.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type FdTypes int32 + +const ( + FdTypes_UND FdTypes = 0 + FdTypes_REG FdTypes = 1 + FdTypes_PIPE FdTypes = 2 + FdTypes_FIFO FdTypes = 3 + FdTypes_INETSK FdTypes = 4 + FdTypes_UNIXSK FdTypes = 5 + FdTypes_EVENTFD FdTypes = 6 + FdTypes_EVENTPOLL FdTypes = 7 + FdTypes_INOTIFY FdTypes = 8 + FdTypes_SIGNALFD FdTypes = 9 + FdTypes_PACKETSK FdTypes = 10 + FdTypes_TTY FdTypes = 11 + FdTypes_FANOTIFY FdTypes = 12 + FdTypes_NETLINKSK FdTypes = 13 + FdTypes_NS FdTypes = 14 + FdTypes_TUNF FdTypes = 15 + FdTypes_EXT FdTypes = 16 + FdTypes_TIMERFD FdTypes = 17 + FdTypes_MEMFD FdTypes = 18 + FdTypes_BPFMAP FdTypes = 19 + // Any number above the real used. Not stored to image + FdTypes_CTL_TTY FdTypes = 65534 + FdTypes_AUTOFS_PIPE FdTypes = 65535 +) + +// Enum value maps for FdTypes. +var ( + FdTypes_name = map[int32]string{ + 0: "UND", + 1: "REG", + 2: "PIPE", + 3: "FIFO", + 4: "INETSK", + 5: "UNIXSK", + 6: "EVENTFD", + 7: "EVENTPOLL", + 8: "INOTIFY", + 9: "SIGNALFD", + 10: "PACKETSK", + 11: "TTY", + 12: "FANOTIFY", + 13: "NETLINKSK", + 14: "NS", + 15: "TUNF", + 16: "EXT", + 17: "TIMERFD", + 18: "MEMFD", + 19: "BPFMAP", + 65534: "CTL_TTY", + 65535: "AUTOFS_PIPE", + } + FdTypes_value = map[string]int32{ + "UND": 0, + "REG": 1, + "PIPE": 2, + "FIFO": 3, + "INETSK": 4, + "UNIXSK": 5, + "EVENTFD": 6, + "EVENTPOLL": 7, + "INOTIFY": 8, + "SIGNALFD": 9, + "PACKETSK": 10, + "TTY": 11, + "FANOTIFY": 12, + "NETLINKSK": 13, + "NS": 14, + "TUNF": 15, + "EXT": 16, + "TIMERFD": 17, + "MEMFD": 18, + "BPFMAP": 19, + "CTL_TTY": 65534, + "AUTOFS_PIPE": 65535, + } +) + +func (x FdTypes) Enum() *FdTypes { + p := new(FdTypes) + *p = x + return p +} + +func (x FdTypes) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (FdTypes) Descriptor() protoreflect.EnumDescriptor { + return file_fdinfo_proto_enumTypes[0].Descriptor() +} + +func (FdTypes) Type() protoreflect.EnumType { + return &file_fdinfo_proto_enumTypes[0] +} + +func (x FdTypes) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Do not use. +func (x *FdTypes) UnmarshalJSON(b []byte) error { + num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b) + if err != nil { + return err + } + *x = FdTypes(num) + return nil +} + +// Deprecated: Use FdTypes.Descriptor instead. +func (FdTypes) EnumDescriptor() ([]byte, []int) { + return file_fdinfo_proto_rawDescGZIP(), []int{0} +} + +type FdinfoEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Id *uint32 `protobuf:"varint,1,req,name=id" json:"id,omitempty"` + Flags *uint32 `protobuf:"varint,2,req,name=flags" json:"flags,omitempty"` + Type *FdTypes `protobuf:"varint,3,req,name=type,enum=criu.FdTypes" json:"type,omitempty"` + Fd *uint32 `protobuf:"varint,4,req,name=fd" json:"fd,omitempty"` + XattrSecuritySelinux *string `protobuf:"bytes,5,opt,name=xattr_security_selinux,json=xattrSecuritySelinux" json:"xattr_security_selinux,omitempty"` +} + +func (x *FdinfoEntry) Reset() { + *x = FdinfoEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_fdinfo_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *FdinfoEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*FdinfoEntry) ProtoMessage() {} + +func (x *FdinfoEntry) ProtoReflect() protoreflect.Message { + mi := &file_fdinfo_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use FdinfoEntry.ProtoReflect.Descriptor instead. +func (*FdinfoEntry) Descriptor() ([]byte, []int) { + return file_fdinfo_proto_rawDescGZIP(), []int{0} +} + +func (x *FdinfoEntry) GetId() uint32 { + if x != nil && x.Id != nil { + return *x.Id + } + return 0 +} + +func (x *FdinfoEntry) GetFlags() uint32 { + if x != nil && x.Flags != nil { + return *x.Flags + } + return 0 +} + +func (x *FdinfoEntry) GetType() FdTypes { + if x != nil && x.Type != nil { + return *x.Type + } + return FdTypes_UND +} + +func (x *FdinfoEntry) GetFd() uint32 { + if x != nil && x.Fd != nil { + return *x.Fd + } + return 0 +} + +func (x *FdinfoEntry) GetXattrSecuritySelinux() string { + if x != nil && x.XattrSecuritySelinux != nil { + return *x.XattrSecuritySelinux + } + return "" +} + +type FileEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Type *FdTypes `protobuf:"varint,1,req,name=type,enum=criu.FdTypes" json:"type,omitempty"` + Id *uint32 `protobuf:"varint,2,req,name=id" json:"id,omitempty"` + Reg *RegFileEntry `protobuf:"bytes,3,opt,name=reg" json:"reg,omitempty"` + Isk *InetSkEntry `protobuf:"bytes,4,opt,name=isk" json:"isk,omitempty"` + Nsf *NsFileEntry `protobuf:"bytes,5,opt,name=nsf" json:"nsf,omitempty"` + Psk *PacketSockEntry `protobuf:"bytes,6,opt,name=psk" json:"psk,omitempty"` + Nlsk *NetlinkSkEntry `protobuf:"bytes,7,opt,name=nlsk" json:"nlsk,omitempty"` + Efd *EventfdFileEntry `protobuf:"bytes,8,opt,name=efd" json:"efd,omitempty"` + Epfd *EventpollFileEntry `protobuf:"bytes,9,opt,name=epfd" json:"epfd,omitempty"` + Sgfd *SignalfdEntry `protobuf:"bytes,10,opt,name=sgfd" json:"sgfd,omitempty"` + Tunf *TunfileEntry `protobuf:"bytes,11,opt,name=tunf" json:"tunf,omitempty"` + Tfd *TimerfdEntry `protobuf:"bytes,12,opt,name=tfd" json:"tfd,omitempty"` + Ify *InotifyFileEntry `protobuf:"bytes,13,opt,name=ify" json:"ify,omitempty"` + Ffy *FanotifyFileEntry `protobuf:"bytes,14,opt,name=ffy" json:"ffy,omitempty"` + Ext *ExtFileEntry `protobuf:"bytes,15,opt,name=ext" json:"ext,omitempty"` + Usk *UnixSkEntry `protobuf:"bytes,16,opt,name=usk" json:"usk,omitempty"` + Fifo *FifoEntry `protobuf:"bytes,17,opt,name=fifo" json:"fifo,omitempty"` + Pipe *PipeEntry `protobuf:"bytes,18,opt,name=pipe" json:"pipe,omitempty"` + Tty *TtyFileEntry `protobuf:"bytes,19,opt,name=tty" json:"tty,omitempty"` + Memfd *MemfdFileEntry `protobuf:"bytes,20,opt,name=memfd" json:"memfd,omitempty"` + Bpf *BpfmapFileEntry `protobuf:"bytes,21,opt,name=bpf" json:"bpf,omitempty"` +} + +func (x *FileEntry) Reset() { + *x = FileEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_fdinfo_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *FileEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*FileEntry) ProtoMessage() {} + +func (x *FileEntry) ProtoReflect() protoreflect.Message { + mi := &file_fdinfo_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use FileEntry.ProtoReflect.Descriptor instead. +func (*FileEntry) Descriptor() ([]byte, []int) { + return file_fdinfo_proto_rawDescGZIP(), []int{1} +} + +func (x *FileEntry) GetType() FdTypes { + if x != nil && x.Type != nil { + return *x.Type + } + return FdTypes_UND +} + +func (x *FileEntry) GetId() uint32 { + if x != nil && x.Id != nil { + return *x.Id + } + return 0 +} + +func (x *FileEntry) GetReg() *RegFileEntry { + if x != nil { + return x.Reg + } + return nil +} + +func (x *FileEntry) GetIsk() *InetSkEntry { + if x != nil { + return x.Isk + } + return nil +} + +func (x *FileEntry) GetNsf() *NsFileEntry { + if x != nil { + return x.Nsf + } + return nil +} + +func (x *FileEntry) GetPsk() *PacketSockEntry { + if x != nil { + return x.Psk + } + return nil +} + +func (x *FileEntry) GetNlsk() *NetlinkSkEntry { + if x != nil { + return x.Nlsk + } + return nil +} + +func (x *FileEntry) GetEfd() *EventfdFileEntry { + if x != nil { + return x.Efd + } + return nil +} + +func (x *FileEntry) GetEpfd() *EventpollFileEntry { + if x != nil { + return x.Epfd + } + return nil +} + +func (x *FileEntry) GetSgfd() *SignalfdEntry { + if x != nil { + return x.Sgfd + } + return nil +} + +func (x *FileEntry) GetTunf() *TunfileEntry { + if x != nil { + return x.Tunf + } + return nil +} + +func (x *FileEntry) GetTfd() *TimerfdEntry { + if x != nil { + return x.Tfd + } + return nil +} + +func (x *FileEntry) GetIfy() *InotifyFileEntry { + if x != nil { + return x.Ify + } + return nil +} + +func (x *FileEntry) GetFfy() *FanotifyFileEntry { + if x != nil { + return x.Ffy + } + return nil +} + +func (x *FileEntry) GetExt() *ExtFileEntry { + if x != nil { + return x.Ext + } + return nil +} + +func (x *FileEntry) GetUsk() *UnixSkEntry { + if x != nil { + return x.Usk + } + return nil +} + +func (x *FileEntry) GetFifo() *FifoEntry { + if x != nil { + return x.Fifo + } + return nil +} + +func (x *FileEntry) GetPipe() *PipeEntry { + if x != nil { + return x.Pipe + } + return nil +} + +func (x *FileEntry) GetTty() *TtyFileEntry { + if x != nil { + return x.Tty + } + return nil +} + +func (x *FileEntry) GetMemfd() *MemfdFileEntry { + if x != nil { + return x.Memfd + } + return nil +} + +func (x *FileEntry) GetBpf() *BpfmapFileEntry { + if x != nil { + return x.Bpf + } + return nil +} + +var File_fdinfo_proto protoreflect.FileDescriptor + +var file_fdinfo_proto_rawDesc = []byte{ + 0x0a, 0x0c, 0x66, 0x64, 0x69, 0x6e, 0x66, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, + 0x63, 0x72, 0x69, 0x75, 0x1a, 0x0d, 0x72, 0x65, 0x67, 0x66, 0x69, 0x6c, 0x65, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x1a, 0x0d, 0x73, 0x6b, 0x2d, 0x69, 0x6e, 0x65, 0x74, 0x2e, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x1a, 0x08, 0x6e, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x11, 0x70, 0x61, + 0x63, 0x6b, 0x65, 0x74, 0x2d, 0x73, 0x6f, 0x63, 0x6b, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, + 0x10, 0x73, 0x6b, 0x2d, 0x6e, 0x65, 0x74, 0x6c, 0x69, 0x6e, 0x6b, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x1a, 0x0d, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x66, 0x64, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x1a, 0x0f, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x70, 0x6f, 0x6c, 0x6c, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x1a, 0x0e, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x6c, 0x66, 0x64, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x1a, 0x09, 0x74, 0x75, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0d, 0x74, 0x69, + 0x6d, 0x65, 0x72, 0x66, 0x64, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0e, 0x66, 0x73, 0x6e, + 0x6f, 0x74, 0x69, 0x66, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0e, 0x65, 0x78, 0x74, + 0x2d, 0x66, 0x69, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0d, 0x73, 0x6b, 0x2d, + 0x75, 0x6e, 0x69, 0x78, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x66, 0x69, 0x66, 0x6f, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x70, 0x69, 0x70, 0x65, 0x2e, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x1a, 0x09, 0x74, 0x74, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0b, 0x6d, + 0x65, 0x6d, 0x66, 0x64, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x11, 0x62, 0x70, 0x66, 0x6d, + 0x61, 0x70, 0x2d, 0x66, 0x69, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x9e, 0x01, + 0x0a, 0x0c, 0x66, 0x64, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, + 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, 0x14, + 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x66, + 0x6c, 0x61, 0x67, 0x73, 0x12, 0x22, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x02, + 0x28, 0x0e, 0x32, 0x0e, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x66, 0x64, 0x5f, 0x74, 0x79, 0x70, + 0x65, 0x73, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x0e, 0x0a, 0x02, 0x66, 0x64, 0x18, 0x04, + 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x66, 0x64, 0x12, 0x34, 0x0a, 0x16, 0x78, 0x61, 0x74, 0x74, + 0x72, 0x5f, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x5f, 0x73, 0x65, 0x6c, 0x69, 0x6e, + 0x75, 0x78, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x14, 0x78, 0x61, 0x74, 0x74, 0x72, 0x53, + 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x53, 0x65, 0x6c, 0x69, 0x6e, 0x75, 0x78, 0x22, 0xd8, + 0x06, 0x0a, 0x0a, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x22, 0x0a, + 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0e, 0x32, 0x0e, 0x2e, 0x63, 0x72, + 0x69, 0x75, 0x2e, 0x66, 0x64, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x73, 0x52, 0x04, 0x74, 0x79, 0x70, + 0x65, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, + 0x64, 0x12, 0x26, 0x0a, 0x03, 0x72, 0x65, 0x67, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, + 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x72, 0x65, 0x67, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, + 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x72, 0x65, 0x67, 0x12, 0x25, 0x0a, 0x03, 0x69, 0x73, 0x6b, + 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x69, 0x6e, + 0x65, 0x74, 0x5f, 0x73, 0x6b, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x69, 0x73, 0x6b, + 0x12, 0x25, 0x0a, 0x03, 0x6e, 0x73, 0x66, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, + 0x63, 0x72, 0x69, 0x75, 0x2e, 0x6e, 0x73, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, 0x6e, 0x74, + 0x72, 0x79, 0x52, 0x03, 0x6e, 0x73, 0x66, 0x12, 0x29, 0x0a, 0x03, 0x70, 0x73, 0x6b, 0x18, 0x06, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x70, 0x61, 0x63, 0x6b, + 0x65, 0x74, 0x5f, 0x73, 0x6f, 0x63, 0x6b, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x70, + 0x73, 0x6b, 0x12, 0x2a, 0x0a, 0x04, 0x6e, 0x6c, 0x73, 0x6b, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x16, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x6e, 0x65, 0x74, 0x6c, 0x69, 0x6e, 0x6b, 0x5f, + 0x73, 0x6b, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x6e, 0x6c, 0x73, 0x6b, 0x12, 0x2a, + 0x0a, 0x03, 0x65, 0x66, 0x64, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x63, 0x72, + 0x69, 0x75, 0x2e, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x66, 0x64, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, + 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x65, 0x66, 0x64, 0x12, 0x2e, 0x0a, 0x04, 0x65, 0x70, + 0x66, 0x64, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, + 0x65, 0x76, 0x65, 0x6e, 0x74, 0x70, 0x6f, 0x6c, 0x6c, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, + 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x65, 0x70, 0x66, 0x64, 0x12, 0x28, 0x0a, 0x04, 0x73, 0x67, + 0x66, 0x64, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, + 0x73, 0x69, 0x67, 0x6e, 0x61, 0x6c, 0x66, 0x64, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, + 0x73, 0x67, 0x66, 0x64, 0x12, 0x27, 0x0a, 0x04, 0x74, 0x75, 0x6e, 0x66, 0x18, 0x0b, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x74, 0x75, 0x6e, 0x66, 0x69, 0x6c, + 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x74, 0x75, 0x6e, 0x66, 0x12, 0x25, 0x0a, + 0x03, 0x74, 0x66, 0x64, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x63, 0x72, 0x69, + 0x75, 0x2e, 0x74, 0x69, 0x6d, 0x65, 0x72, 0x66, 0x64, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, + 0x03, 0x74, 0x66, 0x64, 0x12, 0x2a, 0x0a, 0x03, 0x69, 0x66, 0x79, 0x18, 0x0d, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x18, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x69, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, + 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x69, 0x66, 0x79, + 0x12, 0x2b, 0x0a, 0x03, 0x66, 0x66, 0x79, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, + 0x63, 0x72, 0x69, 0x75, 0x2e, 0x66, 0x61, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x5f, 0x66, 0x69, + 0x6c, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x66, 0x66, 0x79, 0x12, 0x26, 0x0a, + 0x03, 0x65, 0x78, 0x74, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x63, 0x72, 0x69, + 0x75, 0x2e, 0x65, 0x78, 0x74, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, + 0x52, 0x03, 0x65, 0x78, 0x74, 0x12, 0x25, 0x0a, 0x03, 0x75, 0x73, 0x6b, 0x18, 0x10, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x75, 0x6e, 0x69, 0x78, 0x5f, 0x73, + 0x6b, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x75, 0x73, 0x6b, 0x12, 0x24, 0x0a, 0x04, + 0x66, 0x69, 0x66, 0x6f, 0x18, 0x11, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x63, 0x72, 0x69, + 0x75, 0x2e, 0x66, 0x69, 0x66, 0x6f, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x66, 0x69, + 0x66, 0x6f, 0x12, 0x24, 0x0a, 0x04, 0x70, 0x69, 0x70, 0x65, 0x18, 0x12, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x10, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x70, 0x69, 0x70, 0x65, 0x5f, 0x65, 0x6e, 0x74, + 0x72, 0x79, 0x52, 0x04, 0x70, 0x69, 0x70, 0x65, 0x12, 0x26, 0x0a, 0x03, 0x74, 0x74, 0x79, 0x18, + 0x13, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x74, 0x74, 0x79, + 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x74, 0x74, 0x79, + 0x12, 0x2c, 0x0a, 0x05, 0x6d, 0x65, 0x6d, 0x66, 0x64, 0x18, 0x14, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x16, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x6d, 0x65, 0x6d, 0x66, 0x64, 0x5f, 0x66, 0x69, 0x6c, + 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x05, 0x6d, 0x65, 0x6d, 0x66, 0x64, 0x12, 0x29, + 0x0a, 0x03, 0x62, 0x70, 0x66, 0x18, 0x15, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x63, 0x72, + 0x69, 0x75, 0x2e, 0x62, 0x70, 0x66, 0x6d, 0x61, 0x70, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, + 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x62, 0x70, 0x66, 0x2a, 0x94, 0x02, 0x0a, 0x08, 0x66, 0x64, + 0x5f, 0x74, 0x79, 0x70, 0x65, 0x73, 0x12, 0x07, 0x0a, 0x03, 0x55, 0x4e, 0x44, 0x10, 0x00, 0x12, + 0x07, 0x0a, 0x03, 0x52, 0x45, 0x47, 0x10, 0x01, 0x12, 0x08, 0x0a, 0x04, 0x50, 0x49, 0x50, 0x45, + 0x10, 0x02, 0x12, 0x08, 0x0a, 0x04, 0x46, 0x49, 0x46, 0x4f, 0x10, 0x03, 0x12, 0x0a, 0x0a, 0x06, + 0x49, 0x4e, 0x45, 0x54, 0x53, 0x4b, 0x10, 0x04, 0x12, 0x0a, 0x0a, 0x06, 0x55, 0x4e, 0x49, 0x58, + 0x53, 0x4b, 0x10, 0x05, 0x12, 0x0b, 0x0a, 0x07, 0x45, 0x56, 0x45, 0x4e, 0x54, 0x46, 0x44, 0x10, + 0x06, 0x12, 0x0d, 0x0a, 0x09, 0x45, 0x56, 0x45, 0x4e, 0x54, 0x50, 0x4f, 0x4c, 0x4c, 0x10, 0x07, + 0x12, 0x0b, 0x0a, 0x07, 0x49, 0x4e, 0x4f, 0x54, 0x49, 0x46, 0x59, 0x10, 0x08, 0x12, 0x0c, 0x0a, + 0x08, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x4c, 0x46, 0x44, 0x10, 0x09, 0x12, 0x0c, 0x0a, 0x08, 0x50, + 0x41, 0x43, 0x4b, 0x45, 0x54, 0x53, 0x4b, 0x10, 0x0a, 0x12, 0x07, 0x0a, 0x03, 0x54, 0x54, 0x59, + 0x10, 0x0b, 0x12, 0x0c, 0x0a, 0x08, 0x46, 0x41, 0x4e, 0x4f, 0x54, 0x49, 0x46, 0x59, 0x10, 0x0c, + 0x12, 0x0d, 0x0a, 0x09, 0x4e, 0x45, 0x54, 0x4c, 0x49, 0x4e, 0x4b, 0x53, 0x4b, 0x10, 0x0d, 0x12, + 0x06, 0x0a, 0x02, 0x4e, 0x53, 0x10, 0x0e, 0x12, 0x08, 0x0a, 0x04, 0x54, 0x55, 0x4e, 0x46, 0x10, + 0x0f, 0x12, 0x07, 0x0a, 0x03, 0x45, 0x58, 0x54, 0x10, 0x10, 0x12, 0x0b, 0x0a, 0x07, 0x54, 0x49, + 0x4d, 0x45, 0x52, 0x46, 0x44, 0x10, 0x11, 0x12, 0x09, 0x0a, 0x05, 0x4d, 0x45, 0x4d, 0x46, 0x44, + 0x10, 0x12, 0x12, 0x0a, 0x0a, 0x06, 0x42, 0x50, 0x46, 0x4d, 0x41, 0x50, 0x10, 0x13, 0x12, 0x0d, + 0x0a, 0x07, 0x43, 0x54, 0x4c, 0x5f, 0x54, 0x54, 0x59, 0x10, 0xfe, 0xff, 0x03, 0x12, 0x11, 0x0a, + 0x0b, 0x41, 0x55, 0x54, 0x4f, 0x46, 0x53, 0x5f, 0x50, 0x49, 0x50, 0x45, 0x10, 0xff, 0xff, 0x03, +} + +var ( + file_fdinfo_proto_rawDescOnce sync.Once + file_fdinfo_proto_rawDescData = file_fdinfo_proto_rawDesc +) + +func file_fdinfo_proto_rawDescGZIP() []byte { + file_fdinfo_proto_rawDescOnce.Do(func() { + file_fdinfo_proto_rawDescData = protoimpl.X.CompressGZIP(file_fdinfo_proto_rawDescData) + }) + return file_fdinfo_proto_rawDescData +} + +var file_fdinfo_proto_enumTypes = make([]protoimpl.EnumInfo, 1) +var file_fdinfo_proto_msgTypes = make([]protoimpl.MessageInfo, 2) +var file_fdinfo_proto_goTypes = []interface{}{ + (FdTypes)(0), // 0: criu.fd_types + (*FdinfoEntry)(nil), // 1: criu.fdinfo_entry + (*FileEntry)(nil), // 2: criu.file_entry + (*RegFileEntry)(nil), // 3: criu.reg_file_entry + (*InetSkEntry)(nil), // 4: criu.inet_sk_entry + (*NsFileEntry)(nil), // 5: criu.ns_file_entry + (*PacketSockEntry)(nil), // 6: criu.packet_sock_entry + (*NetlinkSkEntry)(nil), // 7: criu.netlink_sk_entry + (*EventfdFileEntry)(nil), // 8: criu.eventfd_file_entry + (*EventpollFileEntry)(nil), // 9: criu.eventpoll_file_entry + (*SignalfdEntry)(nil), // 10: criu.signalfd_entry + (*TunfileEntry)(nil), // 11: criu.tunfile_entry + (*TimerfdEntry)(nil), // 12: criu.timerfd_entry + (*InotifyFileEntry)(nil), // 13: criu.inotify_file_entry + (*FanotifyFileEntry)(nil), // 14: criu.fanotify_file_entry + (*ExtFileEntry)(nil), // 15: criu.ext_file_entry + (*UnixSkEntry)(nil), // 16: criu.unix_sk_entry + (*FifoEntry)(nil), // 17: criu.fifo_entry + (*PipeEntry)(nil), // 18: criu.pipe_entry + (*TtyFileEntry)(nil), // 19: criu.tty_file_entry + (*MemfdFileEntry)(nil), // 20: criu.memfd_file_entry + (*BpfmapFileEntry)(nil), // 21: criu.bpfmap_file_entry +} +var file_fdinfo_proto_depIdxs = []int32{ + 0, // 0: criu.fdinfo_entry.type:type_name -> criu.fd_types + 0, // 1: criu.file_entry.type:type_name -> criu.fd_types + 3, // 2: criu.file_entry.reg:type_name -> criu.reg_file_entry + 4, // 3: criu.file_entry.isk:type_name -> criu.inet_sk_entry + 5, // 4: criu.file_entry.nsf:type_name -> criu.ns_file_entry + 6, // 5: criu.file_entry.psk:type_name -> criu.packet_sock_entry + 7, // 6: criu.file_entry.nlsk:type_name -> criu.netlink_sk_entry + 8, // 7: criu.file_entry.efd:type_name -> criu.eventfd_file_entry + 9, // 8: criu.file_entry.epfd:type_name -> criu.eventpoll_file_entry + 10, // 9: criu.file_entry.sgfd:type_name -> criu.signalfd_entry + 11, // 10: criu.file_entry.tunf:type_name -> criu.tunfile_entry + 12, // 11: criu.file_entry.tfd:type_name -> criu.timerfd_entry + 13, // 12: criu.file_entry.ify:type_name -> criu.inotify_file_entry + 14, // 13: criu.file_entry.ffy:type_name -> criu.fanotify_file_entry + 15, // 14: criu.file_entry.ext:type_name -> criu.ext_file_entry + 16, // 15: criu.file_entry.usk:type_name -> criu.unix_sk_entry + 17, // 16: criu.file_entry.fifo:type_name -> criu.fifo_entry + 18, // 17: criu.file_entry.pipe:type_name -> criu.pipe_entry + 19, // 18: criu.file_entry.tty:type_name -> criu.tty_file_entry + 20, // 19: criu.file_entry.memfd:type_name -> criu.memfd_file_entry + 21, // 20: criu.file_entry.bpf:type_name -> criu.bpfmap_file_entry + 21, // [21:21] is the sub-list for method output_type + 21, // [21:21] is the sub-list for method input_type + 21, // [21:21] is the sub-list for extension type_name + 21, // [21:21] is the sub-list for extension extendee + 0, // [0:21] is the sub-list for field type_name +} + +func init() { file_fdinfo_proto_init() } +func file_fdinfo_proto_init() { + if File_fdinfo_proto != nil { + return + } + file_regfile_proto_init() + file_sk_inet_proto_init() + file_ns_proto_init() + file_packet_sock_proto_init() + file_sk_netlink_proto_init() + file_eventfd_proto_init() + file_eventpoll_proto_init() + file_signalfd_proto_init() + file_tun_proto_init() + file_timerfd_proto_init() + file_fsnotify_proto_init() + file_ext_file_proto_init() + file_sk_unix_proto_init() + file_fifo_proto_init() + file_pipe_proto_init() + file_tty_proto_init() + file_memfd_proto_init() + file_bpfmap_file_proto_init() + if !protoimpl.UnsafeEnabled { + file_fdinfo_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*FdinfoEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_fdinfo_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*FileEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_fdinfo_proto_rawDesc, + NumEnums: 1, + NumMessages: 2, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_fdinfo_proto_goTypes, + DependencyIndexes: file_fdinfo_proto_depIdxs, + EnumInfos: file_fdinfo_proto_enumTypes, + MessageInfos: file_fdinfo_proto_msgTypes, + }.Build() + File_fdinfo_proto = out.File + file_fdinfo_proto_rawDesc = nil + file_fdinfo_proto_goTypes = nil + file_fdinfo_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fdinfo.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fdinfo.proto new file mode 100644 index 00000000000..cbb32f2cb2b --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fdinfo.proto @@ -0,0 +1,82 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +import "regfile.proto"; +import "sk-inet.proto"; +import "ns.proto"; +import "packet-sock.proto"; +import "sk-netlink.proto"; +import "eventfd.proto"; +import "eventpoll.proto"; +import "signalfd.proto"; +import "tun.proto"; +import "timerfd.proto"; +import "fsnotify.proto"; +import "ext-file.proto"; +import "sk-unix.proto"; +import "fifo.proto"; +import "pipe.proto"; +import "tty.proto"; +import "memfd.proto"; +import "bpfmap-file.proto"; + +enum fd_types { + UND = 0; + REG = 1; + PIPE = 2; + FIFO = 3; + INETSK = 4; + UNIXSK = 5; + EVENTFD = 6; + EVENTPOLL = 7; + INOTIFY = 8; + SIGNALFD = 9; + PACKETSK = 10; + TTY = 11; + FANOTIFY = 12; + NETLINKSK = 13; + NS = 14; + TUNF = 15; + EXT = 16; + TIMERFD = 17; + MEMFD = 18; + BPFMAP = 19; + + /* Any number above the real used. Not stored to image */ + CTL_TTY = 65534; + AUTOFS_PIPE = 65535; +} + +message fdinfo_entry { + required uint32 id = 1; + required uint32 flags = 2; + required fd_types type = 3; + required uint32 fd = 4; + optional string xattr_security_selinux = 5; +} + +message file_entry { + required fd_types type = 1; + required uint32 id = 2; + optional reg_file_entry reg = 3; + optional inet_sk_entry isk = 4; + optional ns_file_entry nsf = 5; + optional packet_sock_entry psk = 6; + optional netlink_sk_entry nlsk = 7; + optional eventfd_file_entry efd = 8; + optional eventpoll_file_entry epfd = 9; + optional signalfd_entry sgfd = 10; + optional tunfile_entry tunf = 11; + optional timerfd_entry tfd = 12; + optional inotify_file_entry ify = 13; + optional fanotify_file_entry ffy = 14; + optional ext_file_entry ext = 15; + optional unix_sk_entry usk = 16; + optional fifo_entry fifo = 17; + optional pipe_entry pipe = 18; + optional tty_file_entry tty = 19; + optional memfd_file_entry memfd = 20; + optional bpfmap_file_entry bpf = 21; +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fh.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fh.pb.go new file mode 100644 index 00000000000..5cd18c3437b --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fh.pb.go @@ -0,0 +1,322 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: fh.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type FhEntrySizes int32 + +const ( + FhEntrySizes_min_entries FhEntrySizes = 16 +) + +// Enum value maps for FhEntrySizes. +var ( + FhEntrySizes_name = map[int32]string{ + 16: "min_entries", + } + FhEntrySizes_value = map[string]int32{ + "min_entries": 16, + } +) + +func (x FhEntrySizes) Enum() *FhEntrySizes { + p := new(FhEntrySizes) + *p = x + return p +} + +func (x FhEntrySizes) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (FhEntrySizes) Descriptor() protoreflect.EnumDescriptor { + return file_fh_proto_enumTypes[0].Descriptor() +} + +func (FhEntrySizes) Type() protoreflect.EnumType { + return &file_fh_proto_enumTypes[0] +} + +func (x FhEntrySizes) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Do not use. +func (x *FhEntrySizes) UnmarshalJSON(b []byte) error { + num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b) + if err != nil { + return err + } + *x = FhEntrySizes(num) + return nil +} + +// Deprecated: Use FhEntrySizes.Descriptor instead. +func (FhEntrySizes) EnumDescriptor() ([]byte, []int) { + return file_fh_proto_rawDescGZIP(), []int{0} +} + +type FhEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Bytes *uint32 `protobuf:"varint,1,req,name=bytes" json:"bytes,omitempty"` + Type *uint32 `protobuf:"varint,2,req,name=type" json:"type,omitempty"` + // The minimum is fh_n_handle repetitions + Handle []uint64 `protobuf:"varint,3,rep,name=handle" json:"handle,omitempty"` + Path *string `protobuf:"bytes,4,opt,name=path" json:"path,omitempty"` + MntId *uint32 `protobuf:"varint,5,opt,name=mnt_id,json=mntId" json:"mnt_id,omitempty"` +} + +func (x *FhEntry) Reset() { + *x = FhEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_fh_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *FhEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*FhEntry) ProtoMessage() {} + +func (x *FhEntry) ProtoReflect() protoreflect.Message { + mi := &file_fh_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use FhEntry.ProtoReflect.Descriptor instead. +func (*FhEntry) Descriptor() ([]byte, []int) { + return file_fh_proto_rawDescGZIP(), []int{0} +} + +func (x *FhEntry) GetBytes() uint32 { + if x != nil && x.Bytes != nil { + return *x.Bytes + } + return 0 +} + +func (x *FhEntry) GetType() uint32 { + if x != nil && x.Type != nil { + return *x.Type + } + return 0 +} + +func (x *FhEntry) GetHandle() []uint64 { + if x != nil { + return x.Handle + } + return nil +} + +func (x *FhEntry) GetPath() string { + if x != nil && x.Path != nil { + return *x.Path + } + return "" +} + +func (x *FhEntry) GetMntId() uint32 { + if x != nil && x.MntId != nil { + return *x.MntId + } + return 0 +} + +type IrmapCacheEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Dev *uint32 `protobuf:"varint,1,req,name=dev" json:"dev,omitempty"` + Inode *uint64 `protobuf:"varint,2,req,name=inode" json:"inode,omitempty"` + Path *string `protobuf:"bytes,3,req,name=path" json:"path,omitempty"` +} + +func (x *IrmapCacheEntry) Reset() { + *x = IrmapCacheEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_fh_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *IrmapCacheEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*IrmapCacheEntry) ProtoMessage() {} + +func (x *IrmapCacheEntry) ProtoReflect() protoreflect.Message { + mi := &file_fh_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use IrmapCacheEntry.ProtoReflect.Descriptor instead. +func (*IrmapCacheEntry) Descriptor() ([]byte, []int) { + return file_fh_proto_rawDescGZIP(), []int{1} +} + +func (x *IrmapCacheEntry) GetDev() uint32 { + if x != nil && x.Dev != nil { + return *x.Dev + } + return 0 +} + +func (x *IrmapCacheEntry) GetInode() uint64 { + if x != nil && x.Inode != nil { + return *x.Inode + } + return 0 +} + +func (x *IrmapCacheEntry) GetPath() string { + if x != nil && x.Path != nil { + return *x.Path + } + return "" +} + +var File_fh_proto protoreflect.FileDescriptor + +var file_fh_proto_rawDesc = []byte{ + 0x0a, 0x08, 0x66, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x63, 0x72, 0x69, 0x75, + 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x77, 0x0a, 0x08, + 0x66, 0x68, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x62, 0x79, 0x74, 0x65, + 0x73, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x62, 0x79, 0x74, 0x65, 0x73, 0x12, 0x12, + 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x74, 0x79, + 0x70, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x68, 0x61, 0x6e, 0x64, 0x6c, 0x65, 0x18, 0x03, 0x20, 0x03, + 0x28, 0x04, 0x52, 0x06, 0x68, 0x61, 0x6e, 0x64, 0x6c, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61, + 0x74, 0x68, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x12, 0x15, + 0x0a, 0x06, 0x6d, 0x6e, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x05, + 0x6d, 0x6e, 0x74, 0x49, 0x64, 0x22, 0x5b, 0x0a, 0x11, 0x69, 0x72, 0x6d, 0x61, 0x70, 0x5f, 0x63, + 0x61, 0x63, 0x68, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x1c, 0x0a, 0x03, 0x64, 0x65, + 0x76, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x0a, 0xd2, 0x3f, 0x02, 0x20, 0x01, 0xd2, 0x3f, + 0x02, 0x28, 0x01, 0x52, 0x03, 0x64, 0x65, 0x76, 0x12, 0x14, 0x0a, 0x05, 0x69, 0x6e, 0x6f, 0x64, + 0x65, 0x18, 0x02, 0x20, 0x02, 0x28, 0x04, 0x52, 0x05, 0x69, 0x6e, 0x6f, 0x64, 0x65, 0x12, 0x12, + 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x03, 0x20, 0x02, 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, + 0x74, 0x68, 0x2a, 0x21, 0x0a, 0x0e, 0x66, 0x68, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x5f, 0x73, + 0x69, 0x7a, 0x65, 0x73, 0x12, 0x0f, 0x0a, 0x0b, 0x6d, 0x69, 0x6e, 0x5f, 0x65, 0x6e, 0x74, 0x72, + 0x69, 0x65, 0x73, 0x10, 0x10, +} + +var ( + file_fh_proto_rawDescOnce sync.Once + file_fh_proto_rawDescData = file_fh_proto_rawDesc +) + +func file_fh_proto_rawDescGZIP() []byte { + file_fh_proto_rawDescOnce.Do(func() { + file_fh_proto_rawDescData = protoimpl.X.CompressGZIP(file_fh_proto_rawDescData) + }) + return file_fh_proto_rawDescData +} + +var file_fh_proto_enumTypes = make([]protoimpl.EnumInfo, 1) +var file_fh_proto_msgTypes = make([]protoimpl.MessageInfo, 2) +var file_fh_proto_goTypes = []interface{}{ + (FhEntrySizes)(0), // 0: criu.fh_entry_sizes + (*FhEntry)(nil), // 1: criu.fh_entry + (*IrmapCacheEntry)(nil), // 2: criu.irmap_cache_entry +} +var file_fh_proto_depIdxs = []int32{ + 0, // [0:0] is the sub-list for method output_type + 0, // [0:0] is the sub-list for method input_type + 0, // [0:0] is the sub-list for extension type_name + 0, // [0:0] is the sub-list for extension extendee + 0, // [0:0] is the sub-list for field type_name +} + +func init() { file_fh_proto_init() } +func file_fh_proto_init() { + if File_fh_proto != nil { + return + } + file_opts_proto_init() + if !protoimpl.UnsafeEnabled { + file_fh_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*FhEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_fh_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*IrmapCacheEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_fh_proto_rawDesc, + NumEnums: 1, + NumMessages: 2, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_fh_proto_goTypes, + DependencyIndexes: file_fh_proto_depIdxs, + EnumInfos: file_fh_proto_enumTypes, + MessageInfos: file_fh_proto_msgTypes, + }.Build() + File_fh_proto = out.File + file_fh_proto_rawDesc = nil + file_fh_proto_goTypes = nil + file_fh_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fh.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fh.proto new file mode 100644 index 00000000000..e579deb9f3a --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fh.proto @@ -0,0 +1,26 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +import "opts.proto"; + +enum fh_entry_sizes { + min_entries = 16; +} + +message fh_entry { + required uint32 bytes = 1; + required uint32 type = 2; + + /* The minimum is fh_n_handle repetitions */ + repeated uint64 handle = 3; + optional string path = 4; + optional uint32 mnt_id = 5; +} + +message irmap_cache_entry { + required uint32 dev = 1 [(criu).dev = true, (criu).odev = true]; + required uint64 inode = 2; + required string path = 3; +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fifo.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fifo.pb.go new file mode 100644 index 00000000000..10f1fb1d9ed --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fifo.pb.go @@ -0,0 +1,161 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: fifo.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type FifoEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Id *uint32 `protobuf:"varint,1,req,name=id" json:"id,omitempty"` + PipeId *uint32 `protobuf:"varint,2,req,name=pipe_id,json=pipeId" json:"pipe_id,omitempty"` + RegfId *uint32 `protobuf:"varint,3,opt,name=regf_id,json=regfId" json:"regf_id,omitempty"` +} + +func (x *FifoEntry) Reset() { + *x = FifoEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_fifo_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *FifoEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*FifoEntry) ProtoMessage() {} + +func (x *FifoEntry) ProtoReflect() protoreflect.Message { + mi := &file_fifo_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use FifoEntry.ProtoReflect.Descriptor instead. +func (*FifoEntry) Descriptor() ([]byte, []int) { + return file_fifo_proto_rawDescGZIP(), []int{0} +} + +func (x *FifoEntry) GetId() uint32 { + if x != nil && x.Id != nil { + return *x.Id + } + return 0 +} + +func (x *FifoEntry) GetPipeId() uint32 { + if x != nil && x.PipeId != nil { + return *x.PipeId + } + return 0 +} + +func (x *FifoEntry) GetRegfId() uint32 { + if x != nil && x.RegfId != nil { + return *x.RegfId + } + return 0 +} + +var File_fifo_proto protoreflect.FileDescriptor + +var file_fifo_proto_rawDesc = []byte{ + 0x0a, 0x0a, 0x66, 0x69, 0x66, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x63, 0x72, + 0x69, 0x75, 0x22, 0x4e, 0x0a, 0x0a, 0x66, 0x69, 0x66, 0x6f, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, + 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, + 0x12, 0x17, 0x0a, 0x07, 0x70, 0x69, 0x70, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x02, 0x28, + 0x0d, 0x52, 0x06, 0x70, 0x69, 0x70, 0x65, 0x49, 0x64, 0x12, 0x17, 0x0a, 0x07, 0x72, 0x65, 0x67, + 0x66, 0x5f, 0x69, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x06, 0x72, 0x65, 0x67, 0x66, + 0x49, 0x64, +} + +var ( + file_fifo_proto_rawDescOnce sync.Once + file_fifo_proto_rawDescData = file_fifo_proto_rawDesc +) + +func file_fifo_proto_rawDescGZIP() []byte { + file_fifo_proto_rawDescOnce.Do(func() { + file_fifo_proto_rawDescData = protoimpl.X.CompressGZIP(file_fifo_proto_rawDescData) + }) + return file_fifo_proto_rawDescData +} + +var file_fifo_proto_msgTypes = make([]protoimpl.MessageInfo, 1) +var file_fifo_proto_goTypes = []interface{}{ + (*FifoEntry)(nil), // 0: criu.fifo_entry +} +var file_fifo_proto_depIdxs = []int32{ + 0, // [0:0] is the sub-list for method output_type + 0, // [0:0] is the sub-list for method input_type + 0, // [0:0] is the sub-list for extension type_name + 0, // [0:0] is the sub-list for extension extendee + 0, // [0:0] is the sub-list for field type_name +} + +func init() { file_fifo_proto_init() } +func file_fifo_proto_init() { + if File_fifo_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_fifo_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*FifoEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_fifo_proto_rawDesc, + NumEnums: 0, + NumMessages: 1, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_fifo_proto_goTypes, + DependencyIndexes: file_fifo_proto_depIdxs, + MessageInfos: file_fifo_proto_msgTypes, + }.Build() + File_fifo_proto = out.File + file_fifo_proto_rawDesc = nil + file_fifo_proto_goTypes = nil + file_fifo_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fifo.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fifo.proto new file mode 100644 index 00000000000..ef0411340b4 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fifo.proto @@ -0,0 +1,10 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +message fifo_entry { + required uint32 id = 1; + required uint32 pipe_id = 2; + optional uint32 regf_id = 3; +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/file-lock.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/file-lock.pb.go new file mode 100644 index 00000000000..f2c08e174a5 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/file-lock.pb.go @@ -0,0 +1,188 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: file-lock.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type FileLockEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Flag *uint32 `protobuf:"varint,1,req,name=flag" json:"flag,omitempty"` + Type *uint32 `protobuf:"varint,2,req,name=type" json:"type,omitempty"` + Pid *int32 `protobuf:"varint,3,req,name=pid" json:"pid,omitempty"` + Fd *int32 `protobuf:"varint,4,req,name=fd" json:"fd,omitempty"` + Start *int64 `protobuf:"varint,5,req,name=start" json:"start,omitempty"` + Len *int64 `protobuf:"varint,6,req,name=len" json:"len,omitempty"` +} + +func (x *FileLockEntry) Reset() { + *x = FileLockEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_file_lock_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *FileLockEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*FileLockEntry) ProtoMessage() {} + +func (x *FileLockEntry) ProtoReflect() protoreflect.Message { + mi := &file_file_lock_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use FileLockEntry.ProtoReflect.Descriptor instead. +func (*FileLockEntry) Descriptor() ([]byte, []int) { + return file_file_lock_proto_rawDescGZIP(), []int{0} +} + +func (x *FileLockEntry) GetFlag() uint32 { + if x != nil && x.Flag != nil { + return *x.Flag + } + return 0 +} + +func (x *FileLockEntry) GetType() uint32 { + if x != nil && x.Type != nil { + return *x.Type + } + return 0 +} + +func (x *FileLockEntry) GetPid() int32 { + if x != nil && x.Pid != nil { + return *x.Pid + } + return 0 +} + +func (x *FileLockEntry) GetFd() int32 { + if x != nil && x.Fd != nil { + return *x.Fd + } + return 0 +} + +func (x *FileLockEntry) GetStart() int64 { + if x != nil && x.Start != nil { + return *x.Start + } + return 0 +} + +func (x *FileLockEntry) GetLen() int64 { + if x != nil && x.Len != nil { + return *x.Len + } + return 0 +} + +var File_file_lock_proto protoreflect.FileDescriptor + +var file_file_lock_proto_rawDesc = []byte{ + 0x0a, 0x0f, 0x66, 0x69, 0x6c, 0x65, 0x2d, 0x6c, 0x6f, 0x63, 0x6b, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x12, 0x04, 0x63, 0x72, 0x69, 0x75, 0x22, 0x83, 0x01, 0x0a, 0x0f, 0x66, 0x69, 0x6c, 0x65, + 0x5f, 0x6c, 0x6f, 0x63, 0x6b, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x66, + 0x6c, 0x61, 0x67, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x66, 0x6c, 0x61, 0x67, 0x12, + 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x74, + 0x79, 0x70, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x70, 0x69, 0x64, 0x18, 0x03, 0x20, 0x02, 0x28, 0x05, + 0x52, 0x03, 0x70, 0x69, 0x64, 0x12, 0x0e, 0x0a, 0x02, 0x66, 0x64, 0x18, 0x04, 0x20, 0x02, 0x28, + 0x05, 0x52, 0x02, 0x66, 0x64, 0x12, 0x14, 0x0a, 0x05, 0x73, 0x74, 0x61, 0x72, 0x74, 0x18, 0x05, + 0x20, 0x02, 0x28, 0x03, 0x52, 0x05, 0x73, 0x74, 0x61, 0x72, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x6c, + 0x65, 0x6e, 0x18, 0x06, 0x20, 0x02, 0x28, 0x03, 0x52, 0x03, 0x6c, 0x65, 0x6e, +} + +var ( + file_file_lock_proto_rawDescOnce sync.Once + file_file_lock_proto_rawDescData = file_file_lock_proto_rawDesc +) + +func file_file_lock_proto_rawDescGZIP() []byte { + file_file_lock_proto_rawDescOnce.Do(func() { + file_file_lock_proto_rawDescData = protoimpl.X.CompressGZIP(file_file_lock_proto_rawDescData) + }) + return file_file_lock_proto_rawDescData +} + +var file_file_lock_proto_msgTypes = make([]protoimpl.MessageInfo, 1) +var file_file_lock_proto_goTypes = []interface{}{ + (*FileLockEntry)(nil), // 0: criu.file_lock_entry +} +var file_file_lock_proto_depIdxs = []int32{ + 0, // [0:0] is the sub-list for method output_type + 0, // [0:0] is the sub-list for method input_type + 0, // [0:0] is the sub-list for extension type_name + 0, // [0:0] is the sub-list for extension extendee + 0, // [0:0] is the sub-list for field type_name +} + +func init() { file_file_lock_proto_init() } +func file_file_lock_proto_init() { + if File_file_lock_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_file_lock_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*FileLockEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_file_lock_proto_rawDesc, + NumEnums: 0, + NumMessages: 1, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_file_lock_proto_goTypes, + DependencyIndexes: file_file_lock_proto_depIdxs, + MessageInfos: file_file_lock_proto_msgTypes, + }.Build() + File_file_lock_proto = out.File + file_file_lock_proto_rawDesc = nil + file_file_lock_proto_goTypes = nil + file_file_lock_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/file-lock.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/file-lock.proto new file mode 100644 index 00000000000..559de28114a --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/file-lock.proto @@ -0,0 +1,13 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +message file_lock_entry { + required uint32 flag = 1; + required uint32 type = 2; + required int32 pid = 3; + required int32 fd = 4; + required int64 start = 5; + required int64 len = 6; +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fown.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fown.pb.go new file mode 100644 index 00000000000..07fe6cf3a45 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fown.pb.go @@ -0,0 +1,179 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: fown.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type FownEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Uid *uint32 `protobuf:"varint,1,req,name=uid" json:"uid,omitempty"` + Euid *uint32 `protobuf:"varint,2,req,name=euid" json:"euid,omitempty"` + Signum *uint32 `protobuf:"varint,3,req,name=signum" json:"signum,omitempty"` + PidType *uint32 `protobuf:"varint,4,req,name=pid_type,json=pidType" json:"pid_type,omitempty"` + Pid *uint32 `protobuf:"varint,5,req,name=pid" json:"pid,omitempty"` +} + +func (x *FownEntry) Reset() { + *x = FownEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_fown_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *FownEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*FownEntry) ProtoMessage() {} + +func (x *FownEntry) ProtoReflect() protoreflect.Message { + mi := &file_fown_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use FownEntry.ProtoReflect.Descriptor instead. +func (*FownEntry) Descriptor() ([]byte, []int) { + return file_fown_proto_rawDescGZIP(), []int{0} +} + +func (x *FownEntry) GetUid() uint32 { + if x != nil && x.Uid != nil { + return *x.Uid + } + return 0 +} + +func (x *FownEntry) GetEuid() uint32 { + if x != nil && x.Euid != nil { + return *x.Euid + } + return 0 +} + +func (x *FownEntry) GetSignum() uint32 { + if x != nil && x.Signum != nil { + return *x.Signum + } + return 0 +} + +func (x *FownEntry) GetPidType() uint32 { + if x != nil && x.PidType != nil { + return *x.PidType + } + return 0 +} + +func (x *FownEntry) GetPid() uint32 { + if x != nil && x.Pid != nil { + return *x.Pid + } + return 0 +} + +var File_fown_proto protoreflect.FileDescriptor + +var file_fown_proto_rawDesc = []byte{ + 0x0a, 0x0a, 0x66, 0x6f, 0x77, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x63, 0x72, + 0x69, 0x75, 0x22, 0x77, 0x0a, 0x0a, 0x66, 0x6f, 0x77, 0x6e, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, + 0x12, 0x10, 0x0a, 0x03, 0x75, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, 0x75, + 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x65, 0x75, 0x69, 0x64, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, + 0x52, 0x04, 0x65, 0x75, 0x69, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x69, 0x67, 0x6e, 0x75, 0x6d, + 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x06, 0x73, 0x69, 0x67, 0x6e, 0x75, 0x6d, 0x12, 0x19, + 0x0a, 0x08, 0x70, 0x69, 0x64, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, + 0x52, 0x07, 0x70, 0x69, 0x64, 0x54, 0x79, 0x70, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x70, 0x69, 0x64, + 0x18, 0x05, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, 0x70, 0x69, 0x64, +} + +var ( + file_fown_proto_rawDescOnce sync.Once + file_fown_proto_rawDescData = file_fown_proto_rawDesc +) + +func file_fown_proto_rawDescGZIP() []byte { + file_fown_proto_rawDescOnce.Do(func() { + file_fown_proto_rawDescData = protoimpl.X.CompressGZIP(file_fown_proto_rawDescData) + }) + return file_fown_proto_rawDescData +} + +var file_fown_proto_msgTypes = make([]protoimpl.MessageInfo, 1) +var file_fown_proto_goTypes = []interface{}{ + (*FownEntry)(nil), // 0: criu.fown_entry +} +var file_fown_proto_depIdxs = []int32{ + 0, // [0:0] is the sub-list for method output_type + 0, // [0:0] is the sub-list for method input_type + 0, // [0:0] is the sub-list for extension type_name + 0, // [0:0] is the sub-list for extension extendee + 0, // [0:0] is the sub-list for field type_name +} + +func init() { file_fown_proto_init() } +func file_fown_proto_init() { + if File_fown_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_fown_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*FownEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_fown_proto_rawDesc, + NumEnums: 0, + NumMessages: 1, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_fown_proto_goTypes, + DependencyIndexes: file_fown_proto_depIdxs, + MessageInfos: file_fown_proto_msgTypes, + }.Build() + File_fown_proto = out.File + file_fown_proto_rawDesc = nil + file_fown_proto_goTypes = nil + file_fown_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fown.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fown.proto new file mode 100644 index 00000000000..d867f5f6a8c --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fown.proto @@ -0,0 +1,12 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +message fown_entry { + required uint32 uid = 1; + required uint32 euid = 2; + required uint32 signum = 3; + required uint32 pid_type = 4; + required uint32 pid = 5; +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fs.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fs.pb.go new file mode 100644 index 00000000000..3abdcc65118 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fs.pb.go @@ -0,0 +1,161 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: fs.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type FsEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + CwdId *uint32 `protobuf:"varint,1,req,name=cwd_id,json=cwdId" json:"cwd_id,omitempty"` + RootId *uint32 `protobuf:"varint,2,req,name=root_id,json=rootId" json:"root_id,omitempty"` + Umask *uint32 `protobuf:"varint,3,opt,name=umask" json:"umask,omitempty"` +} + +func (x *FsEntry) Reset() { + *x = FsEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_fs_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *FsEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*FsEntry) ProtoMessage() {} + +func (x *FsEntry) ProtoReflect() protoreflect.Message { + mi := &file_fs_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use FsEntry.ProtoReflect.Descriptor instead. +func (*FsEntry) Descriptor() ([]byte, []int) { + return file_fs_proto_rawDescGZIP(), []int{0} +} + +func (x *FsEntry) GetCwdId() uint32 { + if x != nil && x.CwdId != nil { + return *x.CwdId + } + return 0 +} + +func (x *FsEntry) GetRootId() uint32 { + if x != nil && x.RootId != nil { + return *x.RootId + } + return 0 +} + +func (x *FsEntry) GetUmask() uint32 { + if x != nil && x.Umask != nil { + return *x.Umask + } + return 0 +} + +var File_fs_proto protoreflect.FileDescriptor + +var file_fs_proto_rawDesc = []byte{ + 0x0a, 0x08, 0x66, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x63, 0x72, 0x69, 0x75, + 0x22, 0x50, 0x0a, 0x08, 0x66, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x15, 0x0a, 0x06, + 0x63, 0x77, 0x64, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x63, 0x77, + 0x64, 0x49, 0x64, 0x12, 0x17, 0x0a, 0x07, 0x72, 0x6f, 0x6f, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x02, + 0x20, 0x02, 0x28, 0x0d, 0x52, 0x06, 0x72, 0x6f, 0x6f, 0x74, 0x49, 0x64, 0x12, 0x14, 0x0a, 0x05, + 0x75, 0x6d, 0x61, 0x73, 0x6b, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x05, 0x75, 0x6d, 0x61, + 0x73, 0x6b, +} + +var ( + file_fs_proto_rawDescOnce sync.Once + file_fs_proto_rawDescData = file_fs_proto_rawDesc +) + +func file_fs_proto_rawDescGZIP() []byte { + file_fs_proto_rawDescOnce.Do(func() { + file_fs_proto_rawDescData = protoimpl.X.CompressGZIP(file_fs_proto_rawDescData) + }) + return file_fs_proto_rawDescData +} + +var file_fs_proto_msgTypes = make([]protoimpl.MessageInfo, 1) +var file_fs_proto_goTypes = []interface{}{ + (*FsEntry)(nil), // 0: criu.fs_entry +} +var file_fs_proto_depIdxs = []int32{ + 0, // [0:0] is the sub-list for method output_type + 0, // [0:0] is the sub-list for method input_type + 0, // [0:0] is the sub-list for extension type_name + 0, // [0:0] is the sub-list for extension extendee + 0, // [0:0] is the sub-list for field type_name +} + +func init() { file_fs_proto_init() } +func file_fs_proto_init() { + if File_fs_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_fs_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*FsEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_fs_proto_rawDesc, + NumEnums: 0, + NumMessages: 1, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_fs_proto_goTypes, + DependencyIndexes: file_fs_proto_depIdxs, + MessageInfos: file_fs_proto_msgTypes, + }.Build() + File_fs_proto = out.File + file_fs_proto_rawDesc = nil + file_fs_proto_goTypes = nil + file_fs_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fs.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fs.proto new file mode 100644 index 00000000000..e4c483feced --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fs.proto @@ -0,0 +1,10 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +message fs_entry { + required uint32 cwd_id = 1; + required uint32 root_id = 2; + optional uint32 umask = 3; +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fsnotify.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fsnotify.pb.go new file mode 100644 index 00000000000..5d96c65b8f4 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fsnotify.pb.go @@ -0,0 +1,767 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: fsnotify.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type MarkType int32 + +const ( + MarkType_INODE MarkType = 1 + MarkType_MOUNT MarkType = 2 +) + +// Enum value maps for MarkType. +var ( + MarkType_name = map[int32]string{ + 1: "INODE", + 2: "MOUNT", + } + MarkType_value = map[string]int32{ + "INODE": 1, + "MOUNT": 2, + } +) + +func (x MarkType) Enum() *MarkType { + p := new(MarkType) + *p = x + return p +} + +func (x MarkType) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (MarkType) Descriptor() protoreflect.EnumDescriptor { + return file_fsnotify_proto_enumTypes[0].Descriptor() +} + +func (MarkType) Type() protoreflect.EnumType { + return &file_fsnotify_proto_enumTypes[0] +} + +func (x MarkType) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Do not use. +func (x *MarkType) UnmarshalJSON(b []byte) error { + num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b) + if err != nil { + return err + } + *x = MarkType(num) + return nil +} + +// Deprecated: Use MarkType.Descriptor instead. +func (MarkType) EnumDescriptor() ([]byte, []int) { + return file_fsnotify_proto_rawDescGZIP(), []int{0} +} + +type InotifyWdEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Id *uint32 `protobuf:"varint,1,req,name=id" json:"id,omitempty"` + IIno *uint64 `protobuf:"varint,2,req,name=i_ino,json=iIno" json:"i_ino,omitempty"` + Mask *uint32 `protobuf:"varint,3,req,name=mask" json:"mask,omitempty"` + IgnoredMask *uint32 `protobuf:"varint,4,req,name=ignored_mask,json=ignoredMask" json:"ignored_mask,omitempty"` + SDev *uint32 `protobuf:"varint,5,req,name=s_dev,json=sDev" json:"s_dev,omitempty"` + Wd *uint32 `protobuf:"varint,6,req,name=wd" json:"wd,omitempty"` + FHandle *FhEntry `protobuf:"bytes,7,req,name=f_handle,json=fHandle" json:"f_handle,omitempty"` +} + +func (x *InotifyWdEntry) Reset() { + *x = InotifyWdEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_fsnotify_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *InotifyWdEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*InotifyWdEntry) ProtoMessage() {} + +func (x *InotifyWdEntry) ProtoReflect() protoreflect.Message { + mi := &file_fsnotify_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use InotifyWdEntry.ProtoReflect.Descriptor instead. +func (*InotifyWdEntry) Descriptor() ([]byte, []int) { + return file_fsnotify_proto_rawDescGZIP(), []int{0} +} + +func (x *InotifyWdEntry) GetId() uint32 { + if x != nil && x.Id != nil { + return *x.Id + } + return 0 +} + +func (x *InotifyWdEntry) GetIIno() uint64 { + if x != nil && x.IIno != nil { + return *x.IIno + } + return 0 +} + +func (x *InotifyWdEntry) GetMask() uint32 { + if x != nil && x.Mask != nil { + return *x.Mask + } + return 0 +} + +func (x *InotifyWdEntry) GetIgnoredMask() uint32 { + if x != nil && x.IgnoredMask != nil { + return *x.IgnoredMask + } + return 0 +} + +func (x *InotifyWdEntry) GetSDev() uint32 { + if x != nil && x.SDev != nil { + return *x.SDev + } + return 0 +} + +func (x *InotifyWdEntry) GetWd() uint32 { + if x != nil && x.Wd != nil { + return *x.Wd + } + return 0 +} + +func (x *InotifyWdEntry) GetFHandle() *FhEntry { + if x != nil { + return x.FHandle + } + return nil +} + +type InotifyFileEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Id *uint32 `protobuf:"varint,1,req,name=id" json:"id,omitempty"` + Flags *uint32 `protobuf:"varint,2,req,name=flags" json:"flags,omitempty"` + Fown *FownEntry `protobuf:"bytes,4,req,name=fown" json:"fown,omitempty"` + Wd []*InotifyWdEntry `protobuf:"bytes,5,rep,name=wd" json:"wd,omitempty"` +} + +func (x *InotifyFileEntry) Reset() { + *x = InotifyFileEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_fsnotify_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *InotifyFileEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*InotifyFileEntry) ProtoMessage() {} + +func (x *InotifyFileEntry) ProtoReflect() protoreflect.Message { + mi := &file_fsnotify_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use InotifyFileEntry.ProtoReflect.Descriptor instead. +func (*InotifyFileEntry) Descriptor() ([]byte, []int) { + return file_fsnotify_proto_rawDescGZIP(), []int{1} +} + +func (x *InotifyFileEntry) GetId() uint32 { + if x != nil && x.Id != nil { + return *x.Id + } + return 0 +} + +func (x *InotifyFileEntry) GetFlags() uint32 { + if x != nil && x.Flags != nil { + return *x.Flags + } + return 0 +} + +func (x *InotifyFileEntry) GetFown() *FownEntry { + if x != nil { + return x.Fown + } + return nil +} + +func (x *InotifyFileEntry) GetWd() []*InotifyWdEntry { + if x != nil { + return x.Wd + } + return nil +} + +type FanotifyInodeMarkEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + IIno *uint64 `protobuf:"varint,1,req,name=i_ino,json=iIno" json:"i_ino,omitempty"` + FHandle *FhEntry `protobuf:"bytes,2,req,name=f_handle,json=fHandle" json:"f_handle,omitempty"` +} + +func (x *FanotifyInodeMarkEntry) Reset() { + *x = FanotifyInodeMarkEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_fsnotify_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *FanotifyInodeMarkEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*FanotifyInodeMarkEntry) ProtoMessage() {} + +func (x *FanotifyInodeMarkEntry) ProtoReflect() protoreflect.Message { + mi := &file_fsnotify_proto_msgTypes[2] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use FanotifyInodeMarkEntry.ProtoReflect.Descriptor instead. +func (*FanotifyInodeMarkEntry) Descriptor() ([]byte, []int) { + return file_fsnotify_proto_rawDescGZIP(), []int{2} +} + +func (x *FanotifyInodeMarkEntry) GetIIno() uint64 { + if x != nil && x.IIno != nil { + return *x.IIno + } + return 0 +} + +func (x *FanotifyInodeMarkEntry) GetFHandle() *FhEntry { + if x != nil { + return x.FHandle + } + return nil +} + +type FanotifyMountMarkEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + MntId *uint32 `protobuf:"varint,1,req,name=mnt_id,json=mntId" json:"mnt_id,omitempty"` + Path *string `protobuf:"bytes,2,opt,name=path" json:"path,omitempty"` +} + +func (x *FanotifyMountMarkEntry) Reset() { + *x = FanotifyMountMarkEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_fsnotify_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *FanotifyMountMarkEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*FanotifyMountMarkEntry) ProtoMessage() {} + +func (x *FanotifyMountMarkEntry) ProtoReflect() protoreflect.Message { + mi := &file_fsnotify_proto_msgTypes[3] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use FanotifyMountMarkEntry.ProtoReflect.Descriptor instead. +func (*FanotifyMountMarkEntry) Descriptor() ([]byte, []int) { + return file_fsnotify_proto_rawDescGZIP(), []int{3} +} + +func (x *FanotifyMountMarkEntry) GetMntId() uint32 { + if x != nil && x.MntId != nil { + return *x.MntId + } + return 0 +} + +func (x *FanotifyMountMarkEntry) GetPath() string { + if x != nil && x.Path != nil { + return *x.Path + } + return "" +} + +type FanotifyMarkEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Id *uint32 `protobuf:"varint,1,req,name=id" json:"id,omitempty"` + Type *MarkType `protobuf:"varint,2,req,name=type,enum=criu.MarkType" json:"type,omitempty"` + Mflags *uint32 `protobuf:"varint,3,req,name=mflags" json:"mflags,omitempty"` + Mask *uint32 `protobuf:"varint,4,req,name=mask" json:"mask,omitempty"` + IgnoredMask *uint32 `protobuf:"varint,5,req,name=ignored_mask,json=ignoredMask" json:"ignored_mask,omitempty"` + SDev *uint32 `protobuf:"varint,6,req,name=s_dev,json=sDev" json:"s_dev,omitempty"` + Ie *FanotifyInodeMarkEntry `protobuf:"bytes,7,opt,name=ie" json:"ie,omitempty"` + Me *FanotifyMountMarkEntry `protobuf:"bytes,8,opt,name=me" json:"me,omitempty"` +} + +func (x *FanotifyMarkEntry) Reset() { + *x = FanotifyMarkEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_fsnotify_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *FanotifyMarkEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*FanotifyMarkEntry) ProtoMessage() {} + +func (x *FanotifyMarkEntry) ProtoReflect() protoreflect.Message { + mi := &file_fsnotify_proto_msgTypes[4] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use FanotifyMarkEntry.ProtoReflect.Descriptor instead. +func (*FanotifyMarkEntry) Descriptor() ([]byte, []int) { + return file_fsnotify_proto_rawDescGZIP(), []int{4} +} + +func (x *FanotifyMarkEntry) GetId() uint32 { + if x != nil && x.Id != nil { + return *x.Id + } + return 0 +} + +func (x *FanotifyMarkEntry) GetType() MarkType { + if x != nil && x.Type != nil { + return *x.Type + } + return MarkType_INODE +} + +func (x *FanotifyMarkEntry) GetMflags() uint32 { + if x != nil && x.Mflags != nil { + return *x.Mflags + } + return 0 +} + +func (x *FanotifyMarkEntry) GetMask() uint32 { + if x != nil && x.Mask != nil { + return *x.Mask + } + return 0 +} + +func (x *FanotifyMarkEntry) GetIgnoredMask() uint32 { + if x != nil && x.IgnoredMask != nil { + return *x.IgnoredMask + } + return 0 +} + +func (x *FanotifyMarkEntry) GetSDev() uint32 { + if x != nil && x.SDev != nil { + return *x.SDev + } + return 0 +} + +func (x *FanotifyMarkEntry) GetIe() *FanotifyInodeMarkEntry { + if x != nil { + return x.Ie + } + return nil +} + +func (x *FanotifyMarkEntry) GetMe() *FanotifyMountMarkEntry { + if x != nil { + return x.Me + } + return nil +} + +type FanotifyFileEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Id *uint32 `protobuf:"varint,1,req,name=id" json:"id,omitempty"` + Flags *uint32 `protobuf:"varint,2,req,name=flags" json:"flags,omitempty"` + Fown *FownEntry `protobuf:"bytes,3,req,name=fown" json:"fown,omitempty"` + Faflags *uint32 `protobuf:"varint,4,req,name=faflags" json:"faflags,omitempty"` + Evflags *uint32 `protobuf:"varint,5,req,name=evflags" json:"evflags,omitempty"` + Mark []*FanotifyMarkEntry `protobuf:"bytes,6,rep,name=mark" json:"mark,omitempty"` +} + +func (x *FanotifyFileEntry) Reset() { + *x = FanotifyFileEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_fsnotify_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *FanotifyFileEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*FanotifyFileEntry) ProtoMessage() {} + +func (x *FanotifyFileEntry) ProtoReflect() protoreflect.Message { + mi := &file_fsnotify_proto_msgTypes[5] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use FanotifyFileEntry.ProtoReflect.Descriptor instead. +func (*FanotifyFileEntry) Descriptor() ([]byte, []int) { + return file_fsnotify_proto_rawDescGZIP(), []int{5} +} + +func (x *FanotifyFileEntry) GetId() uint32 { + if x != nil && x.Id != nil { + return *x.Id + } + return 0 +} + +func (x *FanotifyFileEntry) GetFlags() uint32 { + if x != nil && x.Flags != nil { + return *x.Flags + } + return 0 +} + +func (x *FanotifyFileEntry) GetFown() *FownEntry { + if x != nil { + return x.Fown + } + return nil +} + +func (x *FanotifyFileEntry) GetFaflags() uint32 { + if x != nil && x.Faflags != nil { + return *x.Faflags + } + return 0 +} + +func (x *FanotifyFileEntry) GetEvflags() uint32 { + if x != nil && x.Evflags != nil { + return *x.Evflags + } + return 0 +} + +func (x *FanotifyFileEntry) GetMark() []*FanotifyMarkEntry { + if x != nil { + return x.Mark + } + return nil +} + +var File_fsnotify_proto protoreflect.FileDescriptor + +var file_fsnotify_proto_rawDesc = []byte{ + 0x0a, 0x0e, 0x66, 0x73, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x12, 0x04, 0x63, 0x72, 0x69, 0x75, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x1a, 0x08, 0x66, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x66, 0x6f, + 0x77, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xd3, 0x01, 0x0a, 0x10, 0x69, 0x6e, 0x6f, + 0x74, 0x69, 0x66, 0x79, 0x5f, 0x77, 0x64, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, + 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, 0x13, 0x0a, + 0x05, 0x69, 0x5f, 0x69, 0x6e, 0x6f, 0x18, 0x02, 0x20, 0x02, 0x28, 0x04, 0x52, 0x04, 0x69, 0x49, + 0x6e, 0x6f, 0x12, 0x19, 0x0a, 0x04, 0x6d, 0x61, 0x73, 0x6b, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, + 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x04, 0x6d, 0x61, 0x73, 0x6b, 0x12, 0x28, 0x0a, + 0x0c, 0x69, 0x67, 0x6e, 0x6f, 0x72, 0x65, 0x64, 0x5f, 0x6d, 0x61, 0x73, 0x6b, 0x18, 0x04, 0x20, + 0x02, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x0b, 0x69, 0x67, 0x6e, 0x6f, + 0x72, 0x65, 0x64, 0x4d, 0x61, 0x73, 0x6b, 0x12, 0x1a, 0x0a, 0x05, 0x73, 0x5f, 0x64, 0x65, 0x76, + 0x18, 0x05, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x20, 0x01, 0x52, 0x04, 0x73, + 0x44, 0x65, 0x76, 0x12, 0x0e, 0x0a, 0x02, 0x77, 0x64, 0x18, 0x06, 0x20, 0x02, 0x28, 0x0d, 0x52, + 0x02, 0x77, 0x64, 0x12, 0x29, 0x0a, 0x08, 0x66, 0x5f, 0x68, 0x61, 0x6e, 0x64, 0x6c, 0x65, 0x18, + 0x07, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x66, 0x68, 0x5f, + 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x66, 0x48, 0x61, 0x6e, 0x64, 0x6c, 0x65, 0x22, 0x8f, + 0x01, 0x0a, 0x12, 0x69, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, + 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, + 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, 0x1b, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x02, + 0x20, 0x02, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x05, 0x66, 0x6c, 0x61, + 0x67, 0x73, 0x12, 0x24, 0x0a, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0b, + 0x32, 0x10, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x66, 0x6f, 0x77, 0x6e, 0x5f, 0x65, 0x6e, 0x74, + 0x72, 0x79, 0x52, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x12, 0x26, 0x0a, 0x02, 0x77, 0x64, 0x18, 0x05, + 0x20, 0x03, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x69, 0x6e, 0x6f, 0x74, + 0x69, 0x66, 0x79, 0x5f, 0x77, 0x64, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x02, 0x77, 0x64, + 0x22, 0x5b, 0x0a, 0x19, 0x66, 0x61, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x5f, 0x69, 0x6e, 0x6f, + 0x64, 0x65, 0x5f, 0x6d, 0x61, 0x72, 0x6b, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x13, 0x0a, + 0x05, 0x69, 0x5f, 0x69, 0x6e, 0x6f, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x52, 0x04, 0x69, 0x49, + 0x6e, 0x6f, 0x12, 0x29, 0x0a, 0x08, 0x66, 0x5f, 0x68, 0x61, 0x6e, 0x64, 0x6c, 0x65, 0x18, 0x02, + 0x20, 0x02, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x66, 0x68, 0x5f, 0x65, + 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x66, 0x48, 0x61, 0x6e, 0x64, 0x6c, 0x65, 0x22, 0x46, 0x0a, + 0x19, 0x66, 0x61, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x5f, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x5f, + 0x6d, 0x61, 0x72, 0x6b, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x15, 0x0a, 0x06, 0x6d, 0x6e, + 0x74, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x6d, 0x6e, 0x74, 0x49, + 0x64, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x04, 0x70, 0x61, 0x74, 0x68, 0x22, 0xac, 0x02, 0x0a, 0x13, 0x66, 0x61, 0x6e, 0x6f, 0x74, 0x69, + 0x66, 0x79, 0x5f, 0x6d, 0x61, 0x72, 0x6b, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, + 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, 0x23, 0x0a, + 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0e, 0x32, 0x0f, 0x2e, 0x63, 0x72, + 0x69, 0x75, 0x2e, 0x6d, 0x61, 0x72, 0x6b, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, + 0x70, 0x65, 0x12, 0x1d, 0x0a, 0x06, 0x6d, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x03, 0x20, 0x02, + 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x06, 0x6d, 0x66, 0x6c, 0x61, 0x67, + 0x73, 0x12, 0x19, 0x0a, 0x04, 0x6d, 0x61, 0x73, 0x6b, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x42, + 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x04, 0x6d, 0x61, 0x73, 0x6b, 0x12, 0x28, 0x0a, 0x0c, + 0x69, 0x67, 0x6e, 0x6f, 0x72, 0x65, 0x64, 0x5f, 0x6d, 0x61, 0x73, 0x6b, 0x18, 0x05, 0x20, 0x02, + 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x0b, 0x69, 0x67, 0x6e, 0x6f, 0x72, + 0x65, 0x64, 0x4d, 0x61, 0x73, 0x6b, 0x12, 0x1a, 0x0a, 0x05, 0x73, 0x5f, 0x64, 0x65, 0x76, 0x18, + 0x06, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x20, 0x01, 0x52, 0x04, 0x73, 0x44, + 0x65, 0x76, 0x12, 0x2f, 0x0a, 0x02, 0x69, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, + 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x66, 0x61, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x5f, 0x69, + 0x6e, 0x6f, 0x64, 0x65, 0x5f, 0x6d, 0x61, 0x72, 0x6b, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, + 0x02, 0x69, 0x65, 0x12, 0x2f, 0x0a, 0x02, 0x6d, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x1f, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x66, 0x61, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x5f, + 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x6d, 0x61, 0x72, 0x6b, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, + 0x52, 0x02, 0x6d, 0x65, 0x22, 0xd9, 0x01, 0x0a, 0x13, 0x66, 0x61, 0x6e, 0x6f, 0x74, 0x69, 0x66, + 0x79, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, + 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, 0x1b, 0x0a, 0x05, + 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, + 0x08, 0x01, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x24, 0x0a, 0x04, 0x66, 0x6f, 0x77, + 0x6e, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x66, + 0x6f, 0x77, 0x6e, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x12, + 0x1f, 0x0a, 0x07, 0x66, 0x61, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, + 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x07, 0x66, 0x61, 0x66, 0x6c, 0x61, 0x67, 0x73, + 0x12, 0x1f, 0x0a, 0x07, 0x65, 0x76, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x05, 0x20, 0x02, 0x28, + 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x07, 0x65, 0x76, 0x66, 0x6c, 0x61, 0x67, + 0x73, 0x12, 0x2d, 0x0a, 0x04, 0x6d, 0x61, 0x72, 0x6b, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, + 0x19, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x66, 0x61, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x5f, + 0x6d, 0x61, 0x72, 0x6b, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x6d, 0x61, 0x72, 0x6b, + 0x2a, 0x21, 0x0a, 0x09, 0x6d, 0x61, 0x72, 0x6b, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x12, 0x09, 0x0a, + 0x05, 0x49, 0x4e, 0x4f, 0x44, 0x45, 0x10, 0x01, 0x12, 0x09, 0x0a, 0x05, 0x4d, 0x4f, 0x55, 0x4e, + 0x54, 0x10, 0x02, +} + +var ( + file_fsnotify_proto_rawDescOnce sync.Once + file_fsnotify_proto_rawDescData = file_fsnotify_proto_rawDesc +) + +func file_fsnotify_proto_rawDescGZIP() []byte { + file_fsnotify_proto_rawDescOnce.Do(func() { + file_fsnotify_proto_rawDescData = protoimpl.X.CompressGZIP(file_fsnotify_proto_rawDescData) + }) + return file_fsnotify_proto_rawDescData +} + +var file_fsnotify_proto_enumTypes = make([]protoimpl.EnumInfo, 1) +var file_fsnotify_proto_msgTypes = make([]protoimpl.MessageInfo, 6) +var file_fsnotify_proto_goTypes = []interface{}{ + (MarkType)(0), // 0: criu.mark_type + (*InotifyWdEntry)(nil), // 1: criu.inotify_wd_entry + (*InotifyFileEntry)(nil), // 2: criu.inotify_file_entry + (*FanotifyInodeMarkEntry)(nil), // 3: criu.fanotify_inode_mark_entry + (*FanotifyMountMarkEntry)(nil), // 4: criu.fanotify_mount_mark_entry + (*FanotifyMarkEntry)(nil), // 5: criu.fanotify_mark_entry + (*FanotifyFileEntry)(nil), // 6: criu.fanotify_file_entry + (*FhEntry)(nil), // 7: criu.fh_entry + (*FownEntry)(nil), // 8: criu.fown_entry +} +var file_fsnotify_proto_depIdxs = []int32{ + 7, // 0: criu.inotify_wd_entry.f_handle:type_name -> criu.fh_entry + 8, // 1: criu.inotify_file_entry.fown:type_name -> criu.fown_entry + 1, // 2: criu.inotify_file_entry.wd:type_name -> criu.inotify_wd_entry + 7, // 3: criu.fanotify_inode_mark_entry.f_handle:type_name -> criu.fh_entry + 0, // 4: criu.fanotify_mark_entry.type:type_name -> criu.mark_type + 3, // 5: criu.fanotify_mark_entry.ie:type_name -> criu.fanotify_inode_mark_entry + 4, // 6: criu.fanotify_mark_entry.me:type_name -> criu.fanotify_mount_mark_entry + 8, // 7: criu.fanotify_file_entry.fown:type_name -> criu.fown_entry + 5, // 8: criu.fanotify_file_entry.mark:type_name -> criu.fanotify_mark_entry + 9, // [9:9] is the sub-list for method output_type + 9, // [9:9] is the sub-list for method input_type + 9, // [9:9] is the sub-list for extension type_name + 9, // [9:9] is the sub-list for extension extendee + 0, // [0:9] is the sub-list for field type_name +} + +func init() { file_fsnotify_proto_init() } +func file_fsnotify_proto_init() { + if File_fsnotify_proto != nil { + return + } + file_opts_proto_init() + file_fh_proto_init() + file_fown_proto_init() + if !protoimpl.UnsafeEnabled { + file_fsnotify_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*InotifyWdEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_fsnotify_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*InotifyFileEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_fsnotify_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*FanotifyInodeMarkEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_fsnotify_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*FanotifyMountMarkEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_fsnotify_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*FanotifyMarkEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_fsnotify_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*FanotifyFileEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_fsnotify_proto_rawDesc, + NumEnums: 1, + NumMessages: 6, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_fsnotify_proto_goTypes, + DependencyIndexes: file_fsnotify_proto_depIdxs, + EnumInfos: file_fsnotify_proto_enumTypes, + MessageInfos: file_fsnotify_proto_msgTypes, + }.Build() + File_fsnotify_proto = out.File + file_fsnotify_proto_rawDesc = nil + file_fsnotify_proto_goTypes = nil + file_fsnotify_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fsnotify.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fsnotify.proto new file mode 100644 index 00000000000..412ee49b856 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fsnotify.proto @@ -0,0 +1,63 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +import "opts.proto"; +import "fh.proto"; +import "fown.proto"; + +message inotify_wd_entry { + required uint32 id = 1; + required uint64 i_ino = 2; + required uint32 mask = 3 [(criu).hex = true]; + required uint32 ignored_mask = 4 [(criu).hex = true]; + required uint32 s_dev = 5 [(criu).dev = true]; + required uint32 wd = 6; + required fh_entry f_handle = 7; +} + +message inotify_file_entry { + required uint32 id = 1; + required uint32 flags = 2 [(criu).hex = true]; + required fown_entry fown = 4; + repeated inotify_wd_entry wd = 5; +} + +enum mark_type { + INODE = 1; + MOUNT = 2; +} + +message fanotify_inode_mark_entry { + required uint64 i_ino = 1; + required fh_entry f_handle = 2; +} + +message fanotify_mount_mark_entry { + required uint32 mnt_id = 1; + optional string path = 2; +} + +message fanotify_mark_entry { + required uint32 id = 1; + required mark_type type = 2; + + required uint32 mflags = 3 [(criu).hex = true]; + required uint32 mask = 4 [(criu).hex = true]; + required uint32 ignored_mask = 5 [(criu).hex = true]; + required uint32 s_dev = 6 [(criu).dev = true]; + + optional fanotify_inode_mark_entry ie = 7; + optional fanotify_mount_mark_entry me = 8; +} + +message fanotify_file_entry { + required uint32 id = 1; + required uint32 flags = 2 [(criu).hex = true]; + required fown_entry fown = 3; + + required uint32 faflags = 4 [(criu).hex = true]; + required uint32 evflags = 5 [(criu).hex = true]; + repeated fanotify_mark_entry mark = 6; +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ghost-file.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ghost-file.pb.go new file mode 100644 index 00000000000..b9f94290bfb --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ghost-file.pb.go @@ -0,0 +1,318 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: ghost-file.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type GhostFileEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Uid *uint32 `protobuf:"varint,1,req,name=uid" json:"uid,omitempty"` + Gid *uint32 `protobuf:"varint,2,req,name=gid" json:"gid,omitempty"` + Mode *uint32 `protobuf:"varint,3,req,name=mode" json:"mode,omitempty"` + Dev *uint32 `protobuf:"varint,4,opt,name=dev" json:"dev,omitempty"` + Ino *uint64 `protobuf:"varint,5,opt,name=ino" json:"ino,omitempty"` + Rdev *uint32 `protobuf:"varint,6,opt,name=rdev" json:"rdev,omitempty"` + Atim *Timeval `protobuf:"bytes,7,opt,name=atim" json:"atim,omitempty"` + Mtim *Timeval `protobuf:"bytes,8,opt,name=mtim" json:"mtim,omitempty"` + Chunks *bool `protobuf:"varint,9,opt,name=chunks" json:"chunks,omitempty"` + Size *uint64 `protobuf:"varint,10,opt,name=size" json:"size,omitempty"` + // this field makes sense only when S_ISLNK(mode) + SymlnkTarget *string `protobuf:"bytes,11,opt,name=symlnk_target,json=symlnkTarget" json:"symlnk_target,omitempty"` +} + +func (x *GhostFileEntry) Reset() { + *x = GhostFileEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_ghost_file_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *GhostFileEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*GhostFileEntry) ProtoMessage() {} + +func (x *GhostFileEntry) ProtoReflect() protoreflect.Message { + mi := &file_ghost_file_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use GhostFileEntry.ProtoReflect.Descriptor instead. +func (*GhostFileEntry) Descriptor() ([]byte, []int) { + return file_ghost_file_proto_rawDescGZIP(), []int{0} +} + +func (x *GhostFileEntry) GetUid() uint32 { + if x != nil && x.Uid != nil { + return *x.Uid + } + return 0 +} + +func (x *GhostFileEntry) GetGid() uint32 { + if x != nil && x.Gid != nil { + return *x.Gid + } + return 0 +} + +func (x *GhostFileEntry) GetMode() uint32 { + if x != nil && x.Mode != nil { + return *x.Mode + } + return 0 +} + +func (x *GhostFileEntry) GetDev() uint32 { + if x != nil && x.Dev != nil { + return *x.Dev + } + return 0 +} + +func (x *GhostFileEntry) GetIno() uint64 { + if x != nil && x.Ino != nil { + return *x.Ino + } + return 0 +} + +func (x *GhostFileEntry) GetRdev() uint32 { + if x != nil && x.Rdev != nil { + return *x.Rdev + } + return 0 +} + +func (x *GhostFileEntry) GetAtim() *Timeval { + if x != nil { + return x.Atim + } + return nil +} + +func (x *GhostFileEntry) GetMtim() *Timeval { + if x != nil { + return x.Mtim + } + return nil +} + +func (x *GhostFileEntry) GetChunks() bool { + if x != nil && x.Chunks != nil { + return *x.Chunks + } + return false +} + +func (x *GhostFileEntry) GetSize() uint64 { + if x != nil && x.Size != nil { + return *x.Size + } + return 0 +} + +func (x *GhostFileEntry) GetSymlnkTarget() string { + if x != nil && x.SymlnkTarget != nil { + return *x.SymlnkTarget + } + return "" +} + +type GhostChunkEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Len *uint64 `protobuf:"varint,1,req,name=len" json:"len,omitempty"` + Off *uint64 `protobuf:"varint,2,req,name=off" json:"off,omitempty"` +} + +func (x *GhostChunkEntry) Reset() { + *x = GhostChunkEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_ghost_file_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *GhostChunkEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*GhostChunkEntry) ProtoMessage() {} + +func (x *GhostChunkEntry) ProtoReflect() protoreflect.Message { + mi := &file_ghost_file_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use GhostChunkEntry.ProtoReflect.Descriptor instead. +func (*GhostChunkEntry) Descriptor() ([]byte, []int) { + return file_ghost_file_proto_rawDescGZIP(), []int{1} +} + +func (x *GhostChunkEntry) GetLen() uint64 { + if x != nil && x.Len != nil { + return *x.Len + } + return 0 +} + +func (x *GhostChunkEntry) GetOff() uint64 { + if x != nil && x.Off != nil { + return *x.Off + } + return 0 +} + +var File_ghost_file_proto protoreflect.FileDescriptor + +var file_ghost_file_proto_rawDesc = []byte{ + 0x0a, 0x10, 0x67, 0x68, 0x6f, 0x73, 0x74, 0x2d, 0x66, 0x69, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x12, 0x04, 0x63, 0x72, 0x69, 0x75, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x74, 0x69, 0x6d, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x22, 0xac, 0x02, 0x0a, 0x10, 0x67, 0x68, 0x6f, 0x73, 0x74, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, + 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, + 0x28, 0x0d, 0x52, 0x03, 0x75, 0x69, 0x64, 0x12, 0x10, 0x0a, 0x03, 0x67, 0x69, 0x64, 0x18, 0x02, + 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, 0x67, 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x6d, 0x6f, 0x64, + 0x65, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x17, 0x0a, + 0x03, 0x64, 0x65, 0x76, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x20, + 0x01, 0x52, 0x03, 0x64, 0x65, 0x76, 0x12, 0x10, 0x0a, 0x03, 0x69, 0x6e, 0x6f, 0x18, 0x05, 0x20, + 0x01, 0x28, 0x04, 0x52, 0x03, 0x69, 0x6e, 0x6f, 0x12, 0x1e, 0x0a, 0x04, 0x72, 0x64, 0x65, 0x76, + 0x18, 0x06, 0x20, 0x01, 0x28, 0x0d, 0x42, 0x0a, 0xd2, 0x3f, 0x02, 0x20, 0x01, 0xd2, 0x3f, 0x02, + 0x28, 0x01, 0x52, 0x04, 0x72, 0x64, 0x65, 0x76, 0x12, 0x21, 0x0a, 0x04, 0x61, 0x74, 0x69, 0x6d, + 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0d, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x74, 0x69, + 0x6d, 0x65, 0x76, 0x61, 0x6c, 0x52, 0x04, 0x61, 0x74, 0x69, 0x6d, 0x12, 0x21, 0x0a, 0x04, 0x6d, + 0x74, 0x69, 0x6d, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0d, 0x2e, 0x63, 0x72, 0x69, 0x75, + 0x2e, 0x74, 0x69, 0x6d, 0x65, 0x76, 0x61, 0x6c, 0x52, 0x04, 0x6d, 0x74, 0x69, 0x6d, 0x12, 0x16, + 0x0a, 0x06, 0x63, 0x68, 0x75, 0x6e, 0x6b, 0x73, 0x18, 0x09, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06, + 0x63, 0x68, 0x75, 0x6e, 0x6b, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x0a, + 0x20, 0x01, 0x28, 0x04, 0x52, 0x04, 0x73, 0x69, 0x7a, 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x73, 0x79, + 0x6d, 0x6c, 0x6e, 0x6b, 0x5f, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x18, 0x0b, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x0c, 0x73, 0x79, 0x6d, 0x6c, 0x6e, 0x6b, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x22, + 0x37, 0x0a, 0x11, 0x67, 0x68, 0x6f, 0x73, 0x74, 0x5f, 0x63, 0x68, 0x75, 0x6e, 0x6b, 0x5f, 0x65, + 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6c, 0x65, 0x6e, 0x18, 0x01, 0x20, 0x02, 0x28, + 0x04, 0x52, 0x03, 0x6c, 0x65, 0x6e, 0x12, 0x10, 0x0a, 0x03, 0x6f, 0x66, 0x66, 0x18, 0x02, 0x20, + 0x02, 0x28, 0x04, 0x52, 0x03, 0x6f, 0x66, 0x66, +} + +var ( + file_ghost_file_proto_rawDescOnce sync.Once + file_ghost_file_proto_rawDescData = file_ghost_file_proto_rawDesc +) + +func file_ghost_file_proto_rawDescGZIP() []byte { + file_ghost_file_proto_rawDescOnce.Do(func() { + file_ghost_file_proto_rawDescData = protoimpl.X.CompressGZIP(file_ghost_file_proto_rawDescData) + }) + return file_ghost_file_proto_rawDescData +} + +var file_ghost_file_proto_msgTypes = make([]protoimpl.MessageInfo, 2) +var file_ghost_file_proto_goTypes = []interface{}{ + (*GhostFileEntry)(nil), // 0: criu.ghost_file_entry + (*GhostChunkEntry)(nil), // 1: criu.ghost_chunk_entry + (*Timeval)(nil), // 2: criu.timeval +} +var file_ghost_file_proto_depIdxs = []int32{ + 2, // 0: criu.ghost_file_entry.atim:type_name -> criu.timeval + 2, // 1: criu.ghost_file_entry.mtim:type_name -> criu.timeval + 2, // [2:2] is the sub-list for method output_type + 2, // [2:2] is the sub-list for method input_type + 2, // [2:2] is the sub-list for extension type_name + 2, // [2:2] is the sub-list for extension extendee + 0, // [0:2] is the sub-list for field type_name +} + +func init() { file_ghost_file_proto_init() } +func file_ghost_file_proto_init() { + if File_ghost_file_proto != nil { + return + } + file_opts_proto_init() + file_time_proto_init() + if !protoimpl.UnsafeEnabled { + file_ghost_file_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*GhostFileEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_ghost_file_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*GhostChunkEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_ghost_file_proto_rawDesc, + NumEnums: 0, + NumMessages: 2, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_ghost_file_proto_goTypes, + DependencyIndexes: file_ghost_file_proto_depIdxs, + MessageInfos: file_ghost_file_proto_msgTypes, + }.Build() + File_ghost_file_proto = out.File + file_ghost_file_proto_rawDesc = nil + file_ghost_file_proto_goTypes = nil + file_ghost_file_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ghost-file.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ghost-file.proto new file mode 100644 index 00000000000..495be12d380 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ghost-file.proto @@ -0,0 +1,28 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +import "opts.proto"; +import "time.proto"; + +message ghost_file_entry { + required uint32 uid = 1; + required uint32 gid = 2; + required uint32 mode = 3; + + optional uint32 dev = 4 [(criu).dev = true]; + optional uint64 ino = 5; + optional uint32 rdev = 6 [(criu).dev = true, (criu).odev = true]; + optional timeval atim = 7; + optional timeval mtim = 8; + optional bool chunks = 9; + optional uint64 size = 10; + /* this field makes sense only when S_ISLNK(mode) */ + optional string symlnk_target = 11; +} + +message ghost_chunk_entry { + required uint64 len = 1; + required uint64 off = 2; +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/handler.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/handler.go new file mode 100644 index 00000000000..f622946c5cf --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/handler.go @@ -0,0 +1,142 @@ +package images + +import ( + "errors" + "fmt" + + "google.golang.org/protobuf/proto" +) + +func ProtoHandler(magic string) (proto.Message, error) { + switch magic { + case "APPARMOR": + return &ApparmorEntry{}, nil + case "AUTOFS": + return &AutofsEntry{}, nil + case "BINFMT_MISC": + return &BinfmtMiscEntry{}, nil + case "BPFMAP_DATA": + return &BpfmapDataEntry{}, nil + case "BPFMAP_FILE": + return &BpfmapFileEntry{}, nil + case "CGROUP": + return &CgroupEntry{}, nil + case "CORE": + return &CoreEntry{}, nil + case "CPUINFO": + return &CpuinfoEntry{}, nil + case "CREDS": + return &CredsEntry{}, nil + case "EVENTFD_FILE": + return &EventfdFileEntry{}, nil + case "EVENTPOLL_FILE": + return &EventpollFileEntry{}, nil + case "EVENTPOLL_TFD": + return &EventpollTfdEntry{}, nil + case "EXT_FILES": + return &ExtFileEntry{}, nil + case "FANOTIFY_FILE": + return &FanotifyFileEntry{}, nil + case "FANOTIFY_MARK": + return &FanotifyMarkEntry{}, nil + case "FDINFO": + return &FdinfoEntry{}, nil + case "FIFO": + return &FifoEntry{}, nil + case "FIFO_DATA": + return &PipeDataEntry{}, nil + case "FILES": + return &FileEntry{}, nil + case "FILE_LOCKS": + return &FileLockEntry{}, nil + case "FS": + return &FsEntry{}, nil + case "IDS": + return &TaskKobjIdsEntry{}, nil + case "INETSK": + return &InetSkEntry{}, nil + case "INOTIFY_FILE": + return &InotifyFileEntry{}, nil + case "INOTIFY_WD": + return &InotifyWdEntry{}, nil + case "INVENTORY": + return &InventoryEntry{}, nil + case "IPCNS_MSG": + return &IpcMsgEntry{}, nil + case "IPCNS_SEM": + return &IpcSemEntry{}, nil + case "IPCNS_SHM": + return &IpcShmEntry{}, nil + case "IPC_VAR": + return &IpcVarEntry{}, nil + case "IRMAP_CACHE": + return &IrmapCacheEntry{}, nil + case "ITIMERS": + return &ItimerEntry{}, nil + case "MEMFD_INODE": + return &MemfdInodeEntry{}, nil + case "MM": + return &MmEntry{}, nil + case "MNTS": + return &MntEntry{}, nil + case "NETDEV": + return &NetDeviceEntry{}, nil + case "NETLINK_SK": + return &NetlinkSkEntry{}, nil + case "NETNS": + return &NetnsEntry{}, nil + case "NS_FILES": + return &NsFileEntry{}, nil + case "PACKETSK": + return &PacketSockEntry{}, nil + case "PIDNS": + return &PidnsEntry{}, nil + case "PIPES": + return &PipeEntry{}, nil + case "PIPES_DATA": + return &PipeDataEntry{}, nil + case "POSIX_TIMERS": + return &PosixTimerEntry{}, nil + case "PSTREE": + return &PstreeEntry{}, nil + case "REG_FILES": + return &RegFileEntry{}, nil + case "REMAP_FPATH": + return &RemapFilePathEntry{}, nil + case "RLIMIT": + return &RlimitEntry{}, nil + case "SECCOMP": + return &SeccompEntry{}, nil + case "SIGACT": + return &SaEntry{}, nil + case "SIGNALFD": + return &SignalfdEntry{}, nil + case "SK_QUEUES": + return &SkPacketEntry{}, nil + case "STATS": + return &StatsEntry{}, nil + case "TCP_STREAM": + return &TcpStreamEntry{}, nil + case "TIMENS": + return &TimensEntry{}, nil + case "TIMERFD": + return &TimerfdEntry{}, nil + case "TTY_DATA": + return &TtyDataEntry{}, nil + case "TTY_FILES": + return &TtyFileEntry{}, nil + case "TTY_INFO": + return &TtyInfoEntry{}, nil + case "TUNFILE": + return &TunfileEntry{}, nil + case "UNIXSK": + return &UnixSkEntry{}, nil + case "USERNS": + return &UsernsEntry{}, nil + case "UTSNS": + return &UtsnsEntry{}, nil + case "VMAS": + return &VmaEntry{}, nil + } + return nil, errors.New(fmt.Sprintf("No handler found for magic 0x%x", magic)) +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/img-streamer.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/img-streamer.pb.go new file mode 100644 index 00000000000..317e8caea42 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/img-streamer.pb.go @@ -0,0 +1,214 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: img-streamer.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// This message is sent from CRIU to the streamer. +// - During dump, it communicates the name of the file that is about to be sent +// to the streamer. +// - During restore, CRIU requests image files from the streamer. The message is +// used to communicate the name of the desired file. +type ImgStreamerRequestEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Filename *string `protobuf:"bytes,1,req,name=filename" json:"filename,omitempty"` +} + +func (x *ImgStreamerRequestEntry) Reset() { + *x = ImgStreamerRequestEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_img_streamer_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ImgStreamerRequestEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ImgStreamerRequestEntry) ProtoMessage() {} + +func (x *ImgStreamerRequestEntry) ProtoReflect() protoreflect.Message { + mi := &file_img_streamer_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ImgStreamerRequestEntry.ProtoReflect.Descriptor instead. +func (*ImgStreamerRequestEntry) Descriptor() ([]byte, []int) { + return file_img_streamer_proto_rawDescGZIP(), []int{0} +} + +func (x *ImgStreamerRequestEntry) GetFilename() string { + if x != nil && x.Filename != nil { + return *x.Filename + } + return "" +} + +// This message is sent from the streamer to CRIU. It is only used during +// restore to report whether the requested file exists. +type ImgStreamerReplyEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Exists *bool `protobuf:"varint,1,req,name=exists" json:"exists,omitempty"` +} + +func (x *ImgStreamerReplyEntry) Reset() { + *x = ImgStreamerReplyEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_img_streamer_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ImgStreamerReplyEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ImgStreamerReplyEntry) ProtoMessage() {} + +func (x *ImgStreamerReplyEntry) ProtoReflect() protoreflect.Message { + mi := &file_img_streamer_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ImgStreamerReplyEntry.ProtoReflect.Descriptor instead. +func (*ImgStreamerReplyEntry) Descriptor() ([]byte, []int) { + return file_img_streamer_proto_rawDescGZIP(), []int{1} +} + +func (x *ImgStreamerReplyEntry) GetExists() bool { + if x != nil && x.Exists != nil { + return *x.Exists + } + return false +} + +var File_img_streamer_proto protoreflect.FileDescriptor + +var file_img_streamer_proto_rawDesc = []byte{ + 0x0a, 0x12, 0x69, 0x6d, 0x67, 0x2d, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x65, 0x72, 0x2e, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x63, 0x72, 0x69, 0x75, 0x22, 0x38, 0x0a, 0x1a, 0x69, 0x6d, + 0x67, 0x5f, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x65, 0x72, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x1a, 0x0a, 0x08, 0x66, 0x69, 0x6c, 0x65, + 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x09, 0x52, 0x08, 0x66, 0x69, 0x6c, 0x65, + 0x6e, 0x61, 0x6d, 0x65, 0x22, 0x32, 0x0a, 0x18, 0x69, 0x6d, 0x67, 0x5f, 0x73, 0x74, 0x72, 0x65, + 0x61, 0x6d, 0x65, 0x72, 0x5f, 0x72, 0x65, 0x70, 0x6c, 0x79, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, + 0x12, 0x16, 0x0a, 0x06, 0x65, 0x78, 0x69, 0x73, 0x74, 0x73, 0x18, 0x01, 0x20, 0x02, 0x28, 0x08, + 0x52, 0x06, 0x65, 0x78, 0x69, 0x73, 0x74, 0x73, +} + +var ( + file_img_streamer_proto_rawDescOnce sync.Once + file_img_streamer_proto_rawDescData = file_img_streamer_proto_rawDesc +) + +func file_img_streamer_proto_rawDescGZIP() []byte { + file_img_streamer_proto_rawDescOnce.Do(func() { + file_img_streamer_proto_rawDescData = protoimpl.X.CompressGZIP(file_img_streamer_proto_rawDescData) + }) + return file_img_streamer_proto_rawDescData +} + +var file_img_streamer_proto_msgTypes = make([]protoimpl.MessageInfo, 2) +var file_img_streamer_proto_goTypes = []interface{}{ + (*ImgStreamerRequestEntry)(nil), // 0: criu.img_streamer_request_entry + (*ImgStreamerReplyEntry)(nil), // 1: criu.img_streamer_reply_entry +} +var file_img_streamer_proto_depIdxs = []int32{ + 0, // [0:0] is the sub-list for method output_type + 0, // [0:0] is the sub-list for method input_type + 0, // [0:0] is the sub-list for extension type_name + 0, // [0:0] is the sub-list for extension extendee + 0, // [0:0] is the sub-list for field type_name +} + +func init() { file_img_streamer_proto_init() } +func file_img_streamer_proto_init() { + if File_img_streamer_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_img_streamer_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ImgStreamerRequestEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_img_streamer_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ImgStreamerReplyEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_img_streamer_proto_rawDesc, + NumEnums: 0, + NumMessages: 2, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_img_streamer_proto_goTypes, + DependencyIndexes: file_img_streamer_proto_depIdxs, + MessageInfos: file_img_streamer_proto_msgTypes, + }.Build() + File_img_streamer_proto = out.File + file_img_streamer_proto_rawDesc = nil + file_img_streamer_proto_goTypes = nil + file_img_streamer_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/img-streamer.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/img-streamer.proto new file mode 100644 index 00000000000..0a1cfb1f190 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/img-streamer.proto @@ -0,0 +1,19 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +// This message is sent from CRIU to the streamer. +// * During dump, it communicates the name of the file that is about to be sent +// to the streamer. +// * During restore, CRIU requests image files from the streamer. The message is +// used to communicate the name of the desired file. +message img_streamer_request_entry { + required string filename = 1; +} + +// This message is sent from the streamer to CRIU. It is only used during +// restore to report whether the requested file exists. +message img_streamer_reply_entry { + required bool exists = 1; +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/inventory.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/inventory.pb.go new file mode 100644 index 00000000000..931363d8bf0 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/inventory.pb.go @@ -0,0 +1,306 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: inventory.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type Lsmtype int32 + +const ( + Lsmtype_NO_LSM Lsmtype = 0 + Lsmtype_SELINUX Lsmtype = 1 + Lsmtype_APPARMOR Lsmtype = 2 +) + +// Enum value maps for Lsmtype. +var ( + Lsmtype_name = map[int32]string{ + 0: "NO_LSM", + 1: "SELINUX", + 2: "APPARMOR", + } + Lsmtype_value = map[string]int32{ + "NO_LSM": 0, + "SELINUX": 1, + "APPARMOR": 2, + } +) + +func (x Lsmtype) Enum() *Lsmtype { + p := new(Lsmtype) + *p = x + return p +} + +func (x Lsmtype) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (Lsmtype) Descriptor() protoreflect.EnumDescriptor { + return file_inventory_proto_enumTypes[0].Descriptor() +} + +func (Lsmtype) Type() protoreflect.EnumType { + return &file_inventory_proto_enumTypes[0] +} + +func (x Lsmtype) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Do not use. +func (x *Lsmtype) UnmarshalJSON(b []byte) error { + num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b) + if err != nil { + return err + } + *x = Lsmtype(num) + return nil +} + +// Deprecated: Use Lsmtype.Descriptor instead. +func (Lsmtype) EnumDescriptor() ([]byte, []int) { + return file_inventory_proto_rawDescGZIP(), []int{0} +} + +type InventoryEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + ImgVersion *uint32 `protobuf:"varint,1,req,name=img_version,json=imgVersion" json:"img_version,omitempty"` + FdinfoPerId *bool `protobuf:"varint,2,opt,name=fdinfo_per_id,json=fdinfoPerId" json:"fdinfo_per_id,omitempty"` + RootIds *TaskKobjIdsEntry `protobuf:"bytes,3,opt,name=root_ids,json=rootIds" json:"root_ids,omitempty"` + NsPerId *bool `protobuf:"varint,4,opt,name=ns_per_id,json=nsPerId" json:"ns_per_id,omitempty"` + RootCgSet *uint32 `protobuf:"varint,5,opt,name=root_cg_set,json=rootCgSet" json:"root_cg_set,omitempty"` + Lsmtype *Lsmtype `protobuf:"varint,6,opt,name=lsmtype,enum=criu.Lsmtype" json:"lsmtype,omitempty"` + DumpUptime *uint64 `protobuf:"varint,8,opt,name=dump_uptime,json=dumpUptime" json:"dump_uptime,omitempty"` + PreDumpMode *uint32 `protobuf:"varint,9,opt,name=pre_dump_mode,json=preDumpMode" json:"pre_dump_mode,omitempty"` + TcpClose *bool `protobuf:"varint,10,opt,name=tcp_close,json=tcpClose" json:"tcp_close,omitempty"` + NetworkLockMethod *uint32 `protobuf:"varint,11,opt,name=network_lock_method,json=networkLockMethod" json:"network_lock_method,omitempty"` +} + +func (x *InventoryEntry) Reset() { + *x = InventoryEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_inventory_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *InventoryEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*InventoryEntry) ProtoMessage() {} + +func (x *InventoryEntry) ProtoReflect() protoreflect.Message { + mi := &file_inventory_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use InventoryEntry.ProtoReflect.Descriptor instead. +func (*InventoryEntry) Descriptor() ([]byte, []int) { + return file_inventory_proto_rawDescGZIP(), []int{0} +} + +func (x *InventoryEntry) GetImgVersion() uint32 { + if x != nil && x.ImgVersion != nil { + return *x.ImgVersion + } + return 0 +} + +func (x *InventoryEntry) GetFdinfoPerId() bool { + if x != nil && x.FdinfoPerId != nil { + return *x.FdinfoPerId + } + return false +} + +func (x *InventoryEntry) GetRootIds() *TaskKobjIdsEntry { + if x != nil { + return x.RootIds + } + return nil +} + +func (x *InventoryEntry) GetNsPerId() bool { + if x != nil && x.NsPerId != nil { + return *x.NsPerId + } + return false +} + +func (x *InventoryEntry) GetRootCgSet() uint32 { + if x != nil && x.RootCgSet != nil { + return *x.RootCgSet + } + return 0 +} + +func (x *InventoryEntry) GetLsmtype() Lsmtype { + if x != nil && x.Lsmtype != nil { + return *x.Lsmtype + } + return Lsmtype_NO_LSM +} + +func (x *InventoryEntry) GetDumpUptime() uint64 { + if x != nil && x.DumpUptime != nil { + return *x.DumpUptime + } + return 0 +} + +func (x *InventoryEntry) GetPreDumpMode() uint32 { + if x != nil && x.PreDumpMode != nil { + return *x.PreDumpMode + } + return 0 +} + +func (x *InventoryEntry) GetTcpClose() bool { + if x != nil && x.TcpClose != nil { + return *x.TcpClose + } + return false +} + +func (x *InventoryEntry) GetNetworkLockMethod() uint32 { + if x != nil && x.NetworkLockMethod != nil { + return *x.NetworkLockMethod + } + return 0 +} + +var File_inventory_proto protoreflect.FileDescriptor + +var file_inventory_proto_rawDesc = []byte{ + 0x0a, 0x0f, 0x69, 0x6e, 0x76, 0x65, 0x6e, 0x74, 0x6f, 0x72, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x12, 0x04, 0x63, 0x72, 0x69, 0x75, 0x1a, 0x0a, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x22, 0x83, 0x03, 0x0a, 0x0f, 0x69, 0x6e, 0x76, 0x65, 0x6e, 0x74, 0x6f, 0x72, + 0x79, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x1f, 0x0a, 0x0b, 0x69, 0x6d, 0x67, 0x5f, 0x76, + 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x0a, 0x69, 0x6d, + 0x67, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x22, 0x0a, 0x0d, 0x66, 0x64, 0x69, 0x6e, + 0x66, 0x6f, 0x5f, 0x70, 0x65, 0x72, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, + 0x0b, 0x66, 0x64, 0x69, 0x6e, 0x66, 0x6f, 0x50, 0x65, 0x72, 0x49, 0x64, 0x12, 0x34, 0x0a, 0x08, + 0x72, 0x6f, 0x6f, 0x74, 0x5f, 0x69, 0x64, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, + 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x74, 0x61, 0x73, 0x6b, 0x5f, 0x6b, 0x6f, 0x62, 0x6a, 0x5f, + 0x69, 0x64, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x72, 0x6f, 0x6f, 0x74, 0x49, + 0x64, 0x73, 0x12, 0x1a, 0x0a, 0x09, 0x6e, 0x73, 0x5f, 0x70, 0x65, 0x72, 0x5f, 0x69, 0x64, 0x18, + 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x6e, 0x73, 0x50, 0x65, 0x72, 0x49, 0x64, 0x12, 0x1e, + 0x0a, 0x0b, 0x72, 0x6f, 0x6f, 0x74, 0x5f, 0x63, 0x67, 0x5f, 0x73, 0x65, 0x74, 0x18, 0x05, 0x20, + 0x01, 0x28, 0x0d, 0x52, 0x09, 0x72, 0x6f, 0x6f, 0x74, 0x43, 0x67, 0x53, 0x65, 0x74, 0x12, 0x27, + 0x0a, 0x07, 0x6c, 0x73, 0x6d, 0x74, 0x79, 0x70, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0e, 0x32, + 0x0d, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x6c, 0x73, 0x6d, 0x74, 0x79, 0x70, 0x65, 0x52, 0x07, + 0x6c, 0x73, 0x6d, 0x74, 0x79, 0x70, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x64, 0x75, 0x6d, 0x70, 0x5f, + 0x75, 0x70, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0a, 0x64, 0x75, + 0x6d, 0x70, 0x55, 0x70, 0x74, 0x69, 0x6d, 0x65, 0x12, 0x22, 0x0a, 0x0d, 0x70, 0x72, 0x65, 0x5f, + 0x64, 0x75, 0x6d, 0x70, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0d, 0x52, + 0x0b, 0x70, 0x72, 0x65, 0x44, 0x75, 0x6d, 0x70, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x1b, 0x0a, 0x09, + 0x74, 0x63, 0x70, 0x5f, 0x63, 0x6c, 0x6f, 0x73, 0x65, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x08, 0x52, + 0x08, 0x74, 0x63, 0x70, 0x43, 0x6c, 0x6f, 0x73, 0x65, 0x12, 0x2e, 0x0a, 0x13, 0x6e, 0x65, 0x74, + 0x77, 0x6f, 0x72, 0x6b, 0x5f, 0x6c, 0x6f, 0x63, 0x6b, 0x5f, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, + 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x11, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x4c, + 0x6f, 0x63, 0x6b, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x2a, 0x30, 0x0a, 0x07, 0x6c, 0x73, 0x6d, + 0x74, 0x79, 0x70, 0x65, 0x12, 0x0a, 0x0a, 0x06, 0x4e, 0x4f, 0x5f, 0x4c, 0x53, 0x4d, 0x10, 0x00, + 0x12, 0x0b, 0x0a, 0x07, 0x53, 0x45, 0x4c, 0x49, 0x4e, 0x55, 0x58, 0x10, 0x01, 0x12, 0x0c, 0x0a, + 0x08, 0x41, 0x50, 0x50, 0x41, 0x52, 0x4d, 0x4f, 0x52, 0x10, 0x02, +} + +var ( + file_inventory_proto_rawDescOnce sync.Once + file_inventory_proto_rawDescData = file_inventory_proto_rawDesc +) + +func file_inventory_proto_rawDescGZIP() []byte { + file_inventory_proto_rawDescOnce.Do(func() { + file_inventory_proto_rawDescData = protoimpl.X.CompressGZIP(file_inventory_proto_rawDescData) + }) + return file_inventory_proto_rawDescData +} + +var file_inventory_proto_enumTypes = make([]protoimpl.EnumInfo, 1) +var file_inventory_proto_msgTypes = make([]protoimpl.MessageInfo, 1) +var file_inventory_proto_goTypes = []interface{}{ + (Lsmtype)(0), // 0: criu.lsmtype + (*InventoryEntry)(nil), // 1: criu.inventory_entry + (*TaskKobjIdsEntry)(nil), // 2: criu.task_kobj_ids_entry +} +var file_inventory_proto_depIdxs = []int32{ + 2, // 0: criu.inventory_entry.root_ids:type_name -> criu.task_kobj_ids_entry + 0, // 1: criu.inventory_entry.lsmtype:type_name -> criu.lsmtype + 2, // [2:2] is the sub-list for method output_type + 2, // [2:2] is the sub-list for method input_type + 2, // [2:2] is the sub-list for extension type_name + 2, // [2:2] is the sub-list for extension extendee + 0, // [0:2] is the sub-list for field type_name +} + +func init() { file_inventory_proto_init() } +func file_inventory_proto_init() { + if File_inventory_proto != nil { + return + } + file_core_proto_init() + if !protoimpl.UnsafeEnabled { + file_inventory_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*InventoryEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_inventory_proto_rawDesc, + NumEnums: 1, + NumMessages: 1, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_inventory_proto_goTypes, + DependencyIndexes: file_inventory_proto_depIdxs, + EnumInfos: file_inventory_proto_enumTypes, + MessageInfos: file_inventory_proto_msgTypes, + }.Build() + File_inventory_proto = out.File + file_inventory_proto_rawDesc = nil + file_inventory_proto_goTypes = nil + file_inventory_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/inventory.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/inventory.proto new file mode 100644 index 00000000000..730877b1bae --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/inventory.proto @@ -0,0 +1,25 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +import "core.proto"; + +enum lsmtype { + NO_LSM = 0; + SELINUX = 1; + APPARMOR = 2; +} + +message inventory_entry { + required uint32 img_version = 1; + optional bool fdinfo_per_id = 2; + optional task_kobj_ids_entry root_ids = 3; + optional bool ns_per_id = 4; + optional uint32 root_cg_set = 5; + optional lsmtype lsmtype = 6; + optional uint64 dump_uptime = 8; + optional uint32 pre_dump_mode = 9; + optional bool tcp_close = 10; + optional uint32 network_lock_method = 11; +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-desc.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-desc.pb.go new file mode 100644 index 00000000000..3e8e6c816a3 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-desc.pb.go @@ -0,0 +1,197 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: ipc-desc.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type IpcDescEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Key *uint32 `protobuf:"varint,1,req,name=key" json:"key,omitempty"` + Uid *uint32 `protobuf:"varint,2,req,name=uid" json:"uid,omitempty"` + Gid *uint32 `protobuf:"varint,3,req,name=gid" json:"gid,omitempty"` + Cuid *uint32 `protobuf:"varint,4,req,name=cuid" json:"cuid,omitempty"` + Cgid *uint32 `protobuf:"varint,5,req,name=cgid" json:"cgid,omitempty"` + Mode *uint32 `protobuf:"varint,6,req,name=mode" json:"mode,omitempty"` + Id *uint32 `protobuf:"varint,7,req,name=id" json:"id,omitempty"` +} + +func (x *IpcDescEntry) Reset() { + *x = IpcDescEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_ipc_desc_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *IpcDescEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*IpcDescEntry) ProtoMessage() {} + +func (x *IpcDescEntry) ProtoReflect() protoreflect.Message { + mi := &file_ipc_desc_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use IpcDescEntry.ProtoReflect.Descriptor instead. +func (*IpcDescEntry) Descriptor() ([]byte, []int) { + return file_ipc_desc_proto_rawDescGZIP(), []int{0} +} + +func (x *IpcDescEntry) GetKey() uint32 { + if x != nil && x.Key != nil { + return *x.Key + } + return 0 +} + +func (x *IpcDescEntry) GetUid() uint32 { + if x != nil && x.Uid != nil { + return *x.Uid + } + return 0 +} + +func (x *IpcDescEntry) GetGid() uint32 { + if x != nil && x.Gid != nil { + return *x.Gid + } + return 0 +} + +func (x *IpcDescEntry) GetCuid() uint32 { + if x != nil && x.Cuid != nil { + return *x.Cuid + } + return 0 +} + +func (x *IpcDescEntry) GetCgid() uint32 { + if x != nil && x.Cgid != nil { + return *x.Cgid + } + return 0 +} + +func (x *IpcDescEntry) GetMode() uint32 { + if x != nil && x.Mode != nil { + return *x.Mode + } + return 0 +} + +func (x *IpcDescEntry) GetId() uint32 { + if x != nil && x.Id != nil { + return *x.Id + } + return 0 +} + +var File_ipc_desc_proto protoreflect.FileDescriptor + +var file_ipc_desc_proto_rawDesc = []byte{ + 0x0a, 0x0e, 0x69, 0x70, 0x63, 0x2d, 0x64, 0x65, 0x73, 0x63, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x12, 0x04, 0x63, 0x72, 0x69, 0x75, 0x22, 0x92, 0x01, 0x0a, 0x0e, 0x69, 0x70, 0x63, 0x5f, 0x64, + 0x65, 0x73, 0x63, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, + 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x75, + 0x69, 0x64, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, 0x75, 0x69, 0x64, 0x12, 0x10, 0x0a, + 0x03, 0x67, 0x69, 0x64, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, 0x67, 0x69, 0x64, 0x12, + 0x12, 0x0a, 0x04, 0x63, 0x75, 0x69, 0x64, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x63, + 0x75, 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x63, 0x67, 0x69, 0x64, 0x18, 0x05, 0x20, 0x02, 0x28, + 0x0d, 0x52, 0x04, 0x63, 0x67, 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x18, + 0x06, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x0e, 0x0a, 0x02, 0x69, + 0x64, 0x18, 0x07, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, +} + +var ( + file_ipc_desc_proto_rawDescOnce sync.Once + file_ipc_desc_proto_rawDescData = file_ipc_desc_proto_rawDesc +) + +func file_ipc_desc_proto_rawDescGZIP() []byte { + file_ipc_desc_proto_rawDescOnce.Do(func() { + file_ipc_desc_proto_rawDescData = protoimpl.X.CompressGZIP(file_ipc_desc_proto_rawDescData) + }) + return file_ipc_desc_proto_rawDescData +} + +var file_ipc_desc_proto_msgTypes = make([]protoimpl.MessageInfo, 1) +var file_ipc_desc_proto_goTypes = []interface{}{ + (*IpcDescEntry)(nil), // 0: criu.ipc_desc_entry +} +var file_ipc_desc_proto_depIdxs = []int32{ + 0, // [0:0] is the sub-list for method output_type + 0, // [0:0] is the sub-list for method input_type + 0, // [0:0] is the sub-list for extension type_name + 0, // [0:0] is the sub-list for extension extendee + 0, // [0:0] is the sub-list for field type_name +} + +func init() { file_ipc_desc_proto_init() } +func file_ipc_desc_proto_init() { + if File_ipc_desc_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_ipc_desc_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*IpcDescEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_ipc_desc_proto_rawDesc, + NumEnums: 0, + NumMessages: 1, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_ipc_desc_proto_goTypes, + DependencyIndexes: file_ipc_desc_proto_depIdxs, + MessageInfos: file_ipc_desc_proto_msgTypes, + }.Build() + File_ipc_desc_proto = out.File + file_ipc_desc_proto_rawDesc = nil + file_ipc_desc_proto_goTypes = nil + file_ipc_desc_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-desc.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-desc.proto new file mode 100644 index 00000000000..109ebab496d --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-desc.proto @@ -0,0 +1,14 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +message ipc_desc_entry { + required uint32 key = 1; + required uint32 uid = 2; + required uint32 gid = 3; + required uint32 cuid = 4; + required uint32 cgid = 5; + required uint32 mode = 6; + required uint32 id = 7; +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-msg.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-msg.pb.go new file mode 100644 index 00000000000..a8ecbddf0ab --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-msg.pb.go @@ -0,0 +1,238 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: ipc-msg.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type IpcMsg struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Mtype *uint64 `protobuf:"varint,1,req,name=mtype" json:"mtype,omitempty"` + Msize *uint32 `protobuf:"varint,2,req,name=msize" json:"msize,omitempty"` +} + +func (x *IpcMsg) Reset() { + *x = IpcMsg{} + if protoimpl.UnsafeEnabled { + mi := &file_ipc_msg_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *IpcMsg) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*IpcMsg) ProtoMessage() {} + +func (x *IpcMsg) ProtoReflect() protoreflect.Message { + mi := &file_ipc_msg_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use IpcMsg.ProtoReflect.Descriptor instead. +func (*IpcMsg) Descriptor() ([]byte, []int) { + return file_ipc_msg_proto_rawDescGZIP(), []int{0} +} + +func (x *IpcMsg) GetMtype() uint64 { + if x != nil && x.Mtype != nil { + return *x.Mtype + } + return 0 +} + +func (x *IpcMsg) GetMsize() uint32 { + if x != nil && x.Msize != nil { + return *x.Msize + } + return 0 +} + +type IpcMsgEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Desc *IpcDescEntry `protobuf:"bytes,1,req,name=desc" json:"desc,omitempty"` + Qbytes *uint32 `protobuf:"varint,2,req,name=qbytes" json:"qbytes,omitempty"` + Qnum *uint32 `protobuf:"varint,3,req,name=qnum" json:"qnum,omitempty"` +} + +func (x *IpcMsgEntry) Reset() { + *x = IpcMsgEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_ipc_msg_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *IpcMsgEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*IpcMsgEntry) ProtoMessage() {} + +func (x *IpcMsgEntry) ProtoReflect() protoreflect.Message { + mi := &file_ipc_msg_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use IpcMsgEntry.ProtoReflect.Descriptor instead. +func (*IpcMsgEntry) Descriptor() ([]byte, []int) { + return file_ipc_msg_proto_rawDescGZIP(), []int{1} +} + +func (x *IpcMsgEntry) GetDesc() *IpcDescEntry { + if x != nil { + return x.Desc + } + return nil +} + +func (x *IpcMsgEntry) GetQbytes() uint32 { + if x != nil && x.Qbytes != nil { + return *x.Qbytes + } + return 0 +} + +func (x *IpcMsgEntry) GetQnum() uint32 { + if x != nil && x.Qnum != nil { + return *x.Qnum + } + return 0 +} + +var File_ipc_msg_proto protoreflect.FileDescriptor + +var file_ipc_msg_proto_rawDesc = []byte{ + 0x0a, 0x0d, 0x69, 0x70, 0x63, 0x2d, 0x6d, 0x73, 0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, + 0x04, 0x63, 0x72, 0x69, 0x75, 0x1a, 0x0e, 0x69, 0x70, 0x63, 0x2d, 0x64, 0x65, 0x73, 0x63, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x35, 0x0a, 0x07, 0x69, 0x70, 0x63, 0x5f, 0x6d, 0x73, 0x67, + 0x12, 0x14, 0x0a, 0x05, 0x6d, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x52, + 0x05, 0x6d, 0x74, 0x79, 0x70, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x6d, 0x73, 0x69, 0x7a, 0x65, 0x18, + 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x6d, 0x73, 0x69, 0x7a, 0x65, 0x22, 0x65, 0x0a, 0x0d, + 0x69, 0x70, 0x63, 0x5f, 0x6d, 0x73, 0x67, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x28, 0x0a, + 0x04, 0x64, 0x65, 0x73, 0x63, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x63, 0x72, + 0x69, 0x75, 0x2e, 0x69, 0x70, 0x63, 0x5f, 0x64, 0x65, 0x73, 0x63, 0x5f, 0x65, 0x6e, 0x74, 0x72, + 0x79, 0x52, 0x04, 0x64, 0x65, 0x73, 0x63, 0x12, 0x16, 0x0a, 0x06, 0x71, 0x62, 0x79, 0x74, 0x65, + 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x06, 0x71, 0x62, 0x79, 0x74, 0x65, 0x73, 0x12, + 0x12, 0x0a, 0x04, 0x71, 0x6e, 0x75, 0x6d, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x71, + 0x6e, 0x75, 0x6d, +} + +var ( + file_ipc_msg_proto_rawDescOnce sync.Once + file_ipc_msg_proto_rawDescData = file_ipc_msg_proto_rawDesc +) + +func file_ipc_msg_proto_rawDescGZIP() []byte { + file_ipc_msg_proto_rawDescOnce.Do(func() { + file_ipc_msg_proto_rawDescData = protoimpl.X.CompressGZIP(file_ipc_msg_proto_rawDescData) + }) + return file_ipc_msg_proto_rawDescData +} + +var file_ipc_msg_proto_msgTypes = make([]protoimpl.MessageInfo, 2) +var file_ipc_msg_proto_goTypes = []interface{}{ + (*IpcMsg)(nil), // 0: criu.ipc_msg + (*IpcMsgEntry)(nil), // 1: criu.ipc_msg_entry + (*IpcDescEntry)(nil), // 2: criu.ipc_desc_entry +} +var file_ipc_msg_proto_depIdxs = []int32{ + 2, // 0: criu.ipc_msg_entry.desc:type_name -> criu.ipc_desc_entry + 1, // [1:1] is the sub-list for method output_type + 1, // [1:1] is the sub-list for method input_type + 1, // [1:1] is the sub-list for extension type_name + 1, // [1:1] is the sub-list for extension extendee + 0, // [0:1] is the sub-list for field type_name +} + +func init() { file_ipc_msg_proto_init() } +func file_ipc_msg_proto_init() { + if File_ipc_msg_proto != nil { + return + } + file_ipc_desc_proto_init() + if !protoimpl.UnsafeEnabled { + file_ipc_msg_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*IpcMsg); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_ipc_msg_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*IpcMsgEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_ipc_msg_proto_rawDesc, + NumEnums: 0, + NumMessages: 2, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_ipc_msg_proto_goTypes, + DependencyIndexes: file_ipc_msg_proto_depIdxs, + MessageInfos: file_ipc_msg_proto_msgTypes, + }.Build() + File_ipc_msg_proto = out.File + file_ipc_msg_proto_rawDesc = nil + file_ipc_msg_proto_goTypes = nil + file_ipc_msg_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-msg.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-msg.proto new file mode 100644 index 00000000000..2ce977fce05 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-msg.proto @@ -0,0 +1,17 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +import "ipc-desc.proto"; + +message ipc_msg { + required uint64 mtype = 1; + required uint32 msize = 2; +} + +message ipc_msg_entry { + required ipc_desc_entry desc = 1; + required uint32 qbytes = 2; + required uint32 qnum = 3; +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-sem.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-sem.pb.go new file mode 100644 index 00000000000..56d30e07bf7 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-sem.pb.go @@ -0,0 +1,157 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: ipc-sem.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type IpcSemEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Desc *IpcDescEntry `protobuf:"bytes,1,req,name=desc" json:"desc,omitempty"` + Nsems *uint32 `protobuf:"varint,2,req,name=nsems" json:"nsems,omitempty"` +} + +func (x *IpcSemEntry) Reset() { + *x = IpcSemEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_ipc_sem_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *IpcSemEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*IpcSemEntry) ProtoMessage() {} + +func (x *IpcSemEntry) ProtoReflect() protoreflect.Message { + mi := &file_ipc_sem_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use IpcSemEntry.ProtoReflect.Descriptor instead. +func (*IpcSemEntry) Descriptor() ([]byte, []int) { + return file_ipc_sem_proto_rawDescGZIP(), []int{0} +} + +func (x *IpcSemEntry) GetDesc() *IpcDescEntry { + if x != nil { + return x.Desc + } + return nil +} + +func (x *IpcSemEntry) GetNsems() uint32 { + if x != nil && x.Nsems != nil { + return *x.Nsems + } + return 0 +} + +var File_ipc_sem_proto protoreflect.FileDescriptor + +var file_ipc_sem_proto_rawDesc = []byte{ + 0x0a, 0x0d, 0x69, 0x70, 0x63, 0x2d, 0x73, 0x65, 0x6d, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, + 0x04, 0x63, 0x72, 0x69, 0x75, 0x1a, 0x0e, 0x69, 0x70, 0x63, 0x2d, 0x64, 0x65, 0x73, 0x63, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x4f, 0x0a, 0x0d, 0x69, 0x70, 0x63, 0x5f, 0x73, 0x65, 0x6d, + 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x28, 0x0a, 0x04, 0x64, 0x65, 0x73, 0x63, 0x18, 0x01, + 0x20, 0x02, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x69, 0x70, 0x63, 0x5f, + 0x64, 0x65, 0x73, 0x63, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x64, 0x65, 0x73, 0x63, + 0x12, 0x14, 0x0a, 0x05, 0x6e, 0x73, 0x65, 0x6d, 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, + 0x05, 0x6e, 0x73, 0x65, 0x6d, 0x73, +} + +var ( + file_ipc_sem_proto_rawDescOnce sync.Once + file_ipc_sem_proto_rawDescData = file_ipc_sem_proto_rawDesc +) + +func file_ipc_sem_proto_rawDescGZIP() []byte { + file_ipc_sem_proto_rawDescOnce.Do(func() { + file_ipc_sem_proto_rawDescData = protoimpl.X.CompressGZIP(file_ipc_sem_proto_rawDescData) + }) + return file_ipc_sem_proto_rawDescData +} + +var file_ipc_sem_proto_msgTypes = make([]protoimpl.MessageInfo, 1) +var file_ipc_sem_proto_goTypes = []interface{}{ + (*IpcSemEntry)(nil), // 0: criu.ipc_sem_entry + (*IpcDescEntry)(nil), // 1: criu.ipc_desc_entry +} +var file_ipc_sem_proto_depIdxs = []int32{ + 1, // 0: criu.ipc_sem_entry.desc:type_name -> criu.ipc_desc_entry + 1, // [1:1] is the sub-list for method output_type + 1, // [1:1] is the sub-list for method input_type + 1, // [1:1] is the sub-list for extension type_name + 1, // [1:1] is the sub-list for extension extendee + 0, // [0:1] is the sub-list for field type_name +} + +func init() { file_ipc_sem_proto_init() } +func file_ipc_sem_proto_init() { + if File_ipc_sem_proto != nil { + return + } + file_ipc_desc_proto_init() + if !protoimpl.UnsafeEnabled { + file_ipc_sem_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*IpcSemEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_ipc_sem_proto_rawDesc, + NumEnums: 0, + NumMessages: 1, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_ipc_sem_proto_goTypes, + DependencyIndexes: file_ipc_sem_proto_depIdxs, + MessageInfos: file_ipc_sem_proto_msgTypes, + }.Build() + File_ipc_sem_proto = out.File + file_ipc_sem_proto_rawDesc = nil + file_ipc_sem_proto_goTypes = nil + file_ipc_sem_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-sem.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-sem.proto new file mode 100644 index 00000000000..b0b320ea113 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-sem.proto @@ -0,0 +1,11 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +import "ipc-desc.proto"; + +message ipc_sem_entry { + required ipc_desc_entry desc = 1; + required uint32 nsems = 2; +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-shm.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-shm.pb.go new file mode 100644 index 00000000000..b541cbf01fe --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-shm.pb.go @@ -0,0 +1,177 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: ipc-shm.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type IpcShmEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Desc *IpcDescEntry `protobuf:"bytes,1,req,name=desc" json:"desc,omitempty"` + Size *uint64 `protobuf:"varint,2,req,name=size" json:"size,omitempty"` + InPagemaps *bool `protobuf:"varint,3,opt,name=in_pagemaps,json=inPagemaps" json:"in_pagemaps,omitempty"` + HugetlbFlag *uint32 `protobuf:"varint,4,opt,name=hugetlb_flag,json=hugetlbFlag" json:"hugetlb_flag,omitempty"` +} + +func (x *IpcShmEntry) Reset() { + *x = IpcShmEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_ipc_shm_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *IpcShmEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*IpcShmEntry) ProtoMessage() {} + +func (x *IpcShmEntry) ProtoReflect() protoreflect.Message { + mi := &file_ipc_shm_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use IpcShmEntry.ProtoReflect.Descriptor instead. +func (*IpcShmEntry) Descriptor() ([]byte, []int) { + return file_ipc_shm_proto_rawDescGZIP(), []int{0} +} + +func (x *IpcShmEntry) GetDesc() *IpcDescEntry { + if x != nil { + return x.Desc + } + return nil +} + +func (x *IpcShmEntry) GetSize() uint64 { + if x != nil && x.Size != nil { + return *x.Size + } + return 0 +} + +func (x *IpcShmEntry) GetInPagemaps() bool { + if x != nil && x.InPagemaps != nil { + return *x.InPagemaps + } + return false +} + +func (x *IpcShmEntry) GetHugetlbFlag() uint32 { + if x != nil && x.HugetlbFlag != nil { + return *x.HugetlbFlag + } + return 0 +} + +var File_ipc_shm_proto protoreflect.FileDescriptor + +var file_ipc_shm_proto_rawDesc = []byte{ + 0x0a, 0x0d, 0x69, 0x70, 0x63, 0x2d, 0x73, 0x68, 0x6d, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, + 0x04, 0x63, 0x72, 0x69, 0x75, 0x1a, 0x0e, 0x69, 0x70, 0x63, 0x2d, 0x64, 0x65, 0x73, 0x63, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x91, 0x01, 0x0a, 0x0d, 0x69, 0x70, 0x63, 0x5f, 0x73, 0x68, + 0x6d, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x28, 0x0a, 0x04, 0x64, 0x65, 0x73, 0x63, 0x18, + 0x01, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x69, 0x70, 0x63, + 0x5f, 0x64, 0x65, 0x73, 0x63, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x64, 0x65, 0x73, + 0x63, 0x12, 0x12, 0x0a, 0x04, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x02, 0x20, 0x02, 0x28, 0x04, 0x52, + 0x04, 0x73, 0x69, 0x7a, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x69, 0x6e, 0x5f, 0x70, 0x61, 0x67, 0x65, + 0x6d, 0x61, 0x70, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x69, 0x6e, 0x50, 0x61, + 0x67, 0x65, 0x6d, 0x61, 0x70, 0x73, 0x12, 0x21, 0x0a, 0x0c, 0x68, 0x75, 0x67, 0x65, 0x74, 0x6c, + 0x62, 0x5f, 0x66, 0x6c, 0x61, 0x67, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0b, 0x68, 0x75, + 0x67, 0x65, 0x74, 0x6c, 0x62, 0x46, 0x6c, 0x61, 0x67, +} + +var ( + file_ipc_shm_proto_rawDescOnce sync.Once + file_ipc_shm_proto_rawDescData = file_ipc_shm_proto_rawDesc +) + +func file_ipc_shm_proto_rawDescGZIP() []byte { + file_ipc_shm_proto_rawDescOnce.Do(func() { + file_ipc_shm_proto_rawDescData = protoimpl.X.CompressGZIP(file_ipc_shm_proto_rawDescData) + }) + return file_ipc_shm_proto_rawDescData +} + +var file_ipc_shm_proto_msgTypes = make([]protoimpl.MessageInfo, 1) +var file_ipc_shm_proto_goTypes = []interface{}{ + (*IpcShmEntry)(nil), // 0: criu.ipc_shm_entry + (*IpcDescEntry)(nil), // 1: criu.ipc_desc_entry +} +var file_ipc_shm_proto_depIdxs = []int32{ + 1, // 0: criu.ipc_shm_entry.desc:type_name -> criu.ipc_desc_entry + 1, // [1:1] is the sub-list for method output_type + 1, // [1:1] is the sub-list for method input_type + 1, // [1:1] is the sub-list for extension type_name + 1, // [1:1] is the sub-list for extension extendee + 0, // [0:1] is the sub-list for field type_name +} + +func init() { file_ipc_shm_proto_init() } +func file_ipc_shm_proto_init() { + if File_ipc_shm_proto != nil { + return + } + file_ipc_desc_proto_init() + if !protoimpl.UnsafeEnabled { + file_ipc_shm_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*IpcShmEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_ipc_shm_proto_rawDesc, + NumEnums: 0, + NumMessages: 1, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_ipc_shm_proto_goTypes, + DependencyIndexes: file_ipc_shm_proto_depIdxs, + MessageInfos: file_ipc_shm_proto_msgTypes, + }.Build() + File_ipc_shm_proto = out.File + file_ipc_shm_proto_rawDesc = nil + file_ipc_shm_proto_goTypes = nil + file_ipc_shm_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-shm.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-shm.proto new file mode 100644 index 00000000000..09571462622 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-shm.proto @@ -0,0 +1,13 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +import "ipc-desc.proto"; + +message ipc_shm_entry { + required ipc_desc_entry desc = 1; + required uint64 size = 2; + optional bool in_pagemaps = 3; + optional uint32 hugetlb_flag = 4; +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-var.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-var.pb.go new file mode 100644 index 00000000000..e0aae908cbe --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-var.pb.go @@ -0,0 +1,305 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: ipc-var.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type IpcVarEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + SemCtls []uint32 `protobuf:"varint,1,rep,name=sem_ctls,json=semCtls" json:"sem_ctls,omitempty"` + MsgCtlmax *uint32 `protobuf:"varint,2,req,name=msg_ctlmax,json=msgCtlmax" json:"msg_ctlmax,omitempty"` + MsgCtlmnb *uint32 `protobuf:"varint,3,req,name=msg_ctlmnb,json=msgCtlmnb" json:"msg_ctlmnb,omitempty"` + MsgCtlmni *uint32 `protobuf:"varint,4,req,name=msg_ctlmni,json=msgCtlmni" json:"msg_ctlmni,omitempty"` + AutoMsgmni *uint32 `protobuf:"varint,5,req,name=auto_msgmni,json=autoMsgmni" json:"auto_msgmni,omitempty"` + ShmCtlmax *uint64 `protobuf:"varint,6,req,name=shm_ctlmax,json=shmCtlmax" json:"shm_ctlmax,omitempty"` + ShmCtlall *uint64 `protobuf:"varint,7,req,name=shm_ctlall,json=shmCtlall" json:"shm_ctlall,omitempty"` + ShmCtlmni *uint32 `protobuf:"varint,8,req,name=shm_ctlmni,json=shmCtlmni" json:"shm_ctlmni,omitempty"` + ShmRmidForced *uint32 `protobuf:"varint,9,req,name=shm_rmid_forced,json=shmRmidForced" json:"shm_rmid_forced,omitempty"` + MqQueuesMax *uint32 `protobuf:"varint,10,req,name=mq_queues_max,json=mqQueuesMax" json:"mq_queues_max,omitempty"` + MqMsgMax *uint32 `protobuf:"varint,11,req,name=mq_msg_max,json=mqMsgMax" json:"mq_msg_max,omitempty"` + MqMsgsizeMax *uint32 `protobuf:"varint,12,req,name=mq_msgsize_max,json=mqMsgsizeMax" json:"mq_msgsize_max,omitempty"` + MqMsgDefault *uint32 `protobuf:"varint,13,opt,name=mq_msg_default,json=mqMsgDefault" json:"mq_msg_default,omitempty"` + MqMsgsizeDefault *uint32 `protobuf:"varint,14,opt,name=mq_msgsize_default,json=mqMsgsizeDefault" json:"mq_msgsize_default,omitempty"` + MsgNextId *uint32 `protobuf:"varint,15,opt,name=msg_next_id,json=msgNextId" json:"msg_next_id,omitempty"` + SemNextId *uint32 `protobuf:"varint,16,opt,name=sem_next_id,json=semNextId" json:"sem_next_id,omitempty"` + ShmNextId *uint32 `protobuf:"varint,17,opt,name=shm_next_id,json=shmNextId" json:"shm_next_id,omitempty"` +} + +func (x *IpcVarEntry) Reset() { + *x = IpcVarEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_ipc_var_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *IpcVarEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*IpcVarEntry) ProtoMessage() {} + +func (x *IpcVarEntry) ProtoReflect() protoreflect.Message { + mi := &file_ipc_var_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use IpcVarEntry.ProtoReflect.Descriptor instead. +func (*IpcVarEntry) Descriptor() ([]byte, []int) { + return file_ipc_var_proto_rawDescGZIP(), []int{0} +} + +func (x *IpcVarEntry) GetSemCtls() []uint32 { + if x != nil { + return x.SemCtls + } + return nil +} + +func (x *IpcVarEntry) GetMsgCtlmax() uint32 { + if x != nil && x.MsgCtlmax != nil { + return *x.MsgCtlmax + } + return 0 +} + +func (x *IpcVarEntry) GetMsgCtlmnb() uint32 { + if x != nil && x.MsgCtlmnb != nil { + return *x.MsgCtlmnb + } + return 0 +} + +func (x *IpcVarEntry) GetMsgCtlmni() uint32 { + if x != nil && x.MsgCtlmni != nil { + return *x.MsgCtlmni + } + return 0 +} + +func (x *IpcVarEntry) GetAutoMsgmni() uint32 { + if x != nil && x.AutoMsgmni != nil { + return *x.AutoMsgmni + } + return 0 +} + +func (x *IpcVarEntry) GetShmCtlmax() uint64 { + if x != nil && x.ShmCtlmax != nil { + return *x.ShmCtlmax + } + return 0 +} + +func (x *IpcVarEntry) GetShmCtlall() uint64 { + if x != nil && x.ShmCtlall != nil { + return *x.ShmCtlall + } + return 0 +} + +func (x *IpcVarEntry) GetShmCtlmni() uint32 { + if x != nil && x.ShmCtlmni != nil { + return *x.ShmCtlmni + } + return 0 +} + +func (x *IpcVarEntry) GetShmRmidForced() uint32 { + if x != nil && x.ShmRmidForced != nil { + return *x.ShmRmidForced + } + return 0 +} + +func (x *IpcVarEntry) GetMqQueuesMax() uint32 { + if x != nil && x.MqQueuesMax != nil { + return *x.MqQueuesMax + } + return 0 +} + +func (x *IpcVarEntry) GetMqMsgMax() uint32 { + if x != nil && x.MqMsgMax != nil { + return *x.MqMsgMax + } + return 0 +} + +func (x *IpcVarEntry) GetMqMsgsizeMax() uint32 { + if x != nil && x.MqMsgsizeMax != nil { + return *x.MqMsgsizeMax + } + return 0 +} + +func (x *IpcVarEntry) GetMqMsgDefault() uint32 { + if x != nil && x.MqMsgDefault != nil { + return *x.MqMsgDefault + } + return 0 +} + +func (x *IpcVarEntry) GetMqMsgsizeDefault() uint32 { + if x != nil && x.MqMsgsizeDefault != nil { + return *x.MqMsgsizeDefault + } + return 0 +} + +func (x *IpcVarEntry) GetMsgNextId() uint32 { + if x != nil && x.MsgNextId != nil { + return *x.MsgNextId + } + return 0 +} + +func (x *IpcVarEntry) GetSemNextId() uint32 { + if x != nil && x.SemNextId != nil { + return *x.SemNextId + } + return 0 +} + +func (x *IpcVarEntry) GetShmNextId() uint32 { + if x != nil && x.ShmNextId != nil { + return *x.ShmNextId + } + return 0 +} + +var File_ipc_var_proto protoreflect.FileDescriptor + +var file_ipc_var_proto_rawDesc = []byte{ + 0x0a, 0x0d, 0x69, 0x70, 0x63, 0x2d, 0x76, 0x61, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, + 0x04, 0x63, 0x72, 0x69, 0x75, 0x22, 0xc9, 0x04, 0x0a, 0x0d, 0x69, 0x70, 0x63, 0x5f, 0x76, 0x61, + 0x72, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x19, 0x0a, 0x08, 0x73, 0x65, 0x6d, 0x5f, 0x63, + 0x74, 0x6c, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0d, 0x52, 0x07, 0x73, 0x65, 0x6d, 0x43, 0x74, + 0x6c, 0x73, 0x12, 0x1d, 0x0a, 0x0a, 0x6d, 0x73, 0x67, 0x5f, 0x63, 0x74, 0x6c, 0x6d, 0x61, 0x78, + 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x09, 0x6d, 0x73, 0x67, 0x43, 0x74, 0x6c, 0x6d, 0x61, + 0x78, 0x12, 0x1d, 0x0a, 0x0a, 0x6d, 0x73, 0x67, 0x5f, 0x63, 0x74, 0x6c, 0x6d, 0x6e, 0x62, 0x18, + 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x09, 0x6d, 0x73, 0x67, 0x43, 0x74, 0x6c, 0x6d, 0x6e, 0x62, + 0x12, 0x1d, 0x0a, 0x0a, 0x6d, 0x73, 0x67, 0x5f, 0x63, 0x74, 0x6c, 0x6d, 0x6e, 0x69, 0x18, 0x04, + 0x20, 0x02, 0x28, 0x0d, 0x52, 0x09, 0x6d, 0x73, 0x67, 0x43, 0x74, 0x6c, 0x6d, 0x6e, 0x69, 0x12, + 0x1f, 0x0a, 0x0b, 0x61, 0x75, 0x74, 0x6f, 0x5f, 0x6d, 0x73, 0x67, 0x6d, 0x6e, 0x69, 0x18, 0x05, + 0x20, 0x02, 0x28, 0x0d, 0x52, 0x0a, 0x61, 0x75, 0x74, 0x6f, 0x4d, 0x73, 0x67, 0x6d, 0x6e, 0x69, + 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x68, 0x6d, 0x5f, 0x63, 0x74, 0x6c, 0x6d, 0x61, 0x78, 0x18, 0x06, + 0x20, 0x02, 0x28, 0x04, 0x52, 0x09, 0x73, 0x68, 0x6d, 0x43, 0x74, 0x6c, 0x6d, 0x61, 0x78, 0x12, + 0x1d, 0x0a, 0x0a, 0x73, 0x68, 0x6d, 0x5f, 0x63, 0x74, 0x6c, 0x61, 0x6c, 0x6c, 0x18, 0x07, 0x20, + 0x02, 0x28, 0x04, 0x52, 0x09, 0x73, 0x68, 0x6d, 0x43, 0x74, 0x6c, 0x61, 0x6c, 0x6c, 0x12, 0x1d, + 0x0a, 0x0a, 0x73, 0x68, 0x6d, 0x5f, 0x63, 0x74, 0x6c, 0x6d, 0x6e, 0x69, 0x18, 0x08, 0x20, 0x02, + 0x28, 0x0d, 0x52, 0x09, 0x73, 0x68, 0x6d, 0x43, 0x74, 0x6c, 0x6d, 0x6e, 0x69, 0x12, 0x26, 0x0a, + 0x0f, 0x73, 0x68, 0x6d, 0x5f, 0x72, 0x6d, 0x69, 0x64, 0x5f, 0x66, 0x6f, 0x72, 0x63, 0x65, 0x64, + 0x18, 0x09, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x0d, 0x73, 0x68, 0x6d, 0x52, 0x6d, 0x69, 0x64, 0x46, + 0x6f, 0x72, 0x63, 0x65, 0x64, 0x12, 0x22, 0x0a, 0x0d, 0x6d, 0x71, 0x5f, 0x71, 0x75, 0x65, 0x75, + 0x65, 0x73, 0x5f, 0x6d, 0x61, 0x78, 0x18, 0x0a, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x0b, 0x6d, 0x71, + 0x51, 0x75, 0x65, 0x75, 0x65, 0x73, 0x4d, 0x61, 0x78, 0x12, 0x1c, 0x0a, 0x0a, 0x6d, 0x71, 0x5f, + 0x6d, 0x73, 0x67, 0x5f, 0x6d, 0x61, 0x78, 0x18, 0x0b, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x08, 0x6d, + 0x71, 0x4d, 0x73, 0x67, 0x4d, 0x61, 0x78, 0x12, 0x24, 0x0a, 0x0e, 0x6d, 0x71, 0x5f, 0x6d, 0x73, + 0x67, 0x73, 0x69, 0x7a, 0x65, 0x5f, 0x6d, 0x61, 0x78, 0x18, 0x0c, 0x20, 0x02, 0x28, 0x0d, 0x52, + 0x0c, 0x6d, 0x71, 0x4d, 0x73, 0x67, 0x73, 0x69, 0x7a, 0x65, 0x4d, 0x61, 0x78, 0x12, 0x24, 0x0a, + 0x0e, 0x6d, 0x71, 0x5f, 0x6d, 0x73, 0x67, 0x5f, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x18, + 0x0d, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0c, 0x6d, 0x71, 0x4d, 0x73, 0x67, 0x44, 0x65, 0x66, 0x61, + 0x75, 0x6c, 0x74, 0x12, 0x2c, 0x0a, 0x12, 0x6d, 0x71, 0x5f, 0x6d, 0x73, 0x67, 0x73, 0x69, 0x7a, + 0x65, 0x5f, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x0d, 0x52, + 0x10, 0x6d, 0x71, 0x4d, 0x73, 0x67, 0x73, 0x69, 0x7a, 0x65, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, + 0x74, 0x12, 0x1e, 0x0a, 0x0b, 0x6d, 0x73, 0x67, 0x5f, 0x6e, 0x65, 0x78, 0x74, 0x5f, 0x69, 0x64, + 0x18, 0x0f, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x09, 0x6d, 0x73, 0x67, 0x4e, 0x65, 0x78, 0x74, 0x49, + 0x64, 0x12, 0x1e, 0x0a, 0x0b, 0x73, 0x65, 0x6d, 0x5f, 0x6e, 0x65, 0x78, 0x74, 0x5f, 0x69, 0x64, + 0x18, 0x10, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x09, 0x73, 0x65, 0x6d, 0x4e, 0x65, 0x78, 0x74, 0x49, + 0x64, 0x12, 0x1e, 0x0a, 0x0b, 0x73, 0x68, 0x6d, 0x5f, 0x6e, 0x65, 0x78, 0x74, 0x5f, 0x69, 0x64, + 0x18, 0x11, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x09, 0x73, 0x68, 0x6d, 0x4e, 0x65, 0x78, 0x74, 0x49, + 0x64, +} + +var ( + file_ipc_var_proto_rawDescOnce sync.Once + file_ipc_var_proto_rawDescData = file_ipc_var_proto_rawDesc +) + +func file_ipc_var_proto_rawDescGZIP() []byte { + file_ipc_var_proto_rawDescOnce.Do(func() { + file_ipc_var_proto_rawDescData = protoimpl.X.CompressGZIP(file_ipc_var_proto_rawDescData) + }) + return file_ipc_var_proto_rawDescData +} + +var file_ipc_var_proto_msgTypes = make([]protoimpl.MessageInfo, 1) +var file_ipc_var_proto_goTypes = []interface{}{ + (*IpcVarEntry)(nil), // 0: criu.ipc_var_entry +} +var file_ipc_var_proto_depIdxs = []int32{ + 0, // [0:0] is the sub-list for method output_type + 0, // [0:0] is the sub-list for method input_type + 0, // [0:0] is the sub-list for extension type_name + 0, // [0:0] is the sub-list for extension extendee + 0, // [0:0] is the sub-list for field type_name +} + +func init() { file_ipc_var_proto_init() } +func file_ipc_var_proto_init() { + if File_ipc_var_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_ipc_var_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*IpcVarEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_ipc_var_proto_rawDesc, + NumEnums: 0, + NumMessages: 1, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_ipc_var_proto_goTypes, + DependencyIndexes: file_ipc_var_proto_depIdxs, + MessageInfos: file_ipc_var_proto_msgTypes, + }.Build() + File_ipc_var_proto = out.File + file_ipc_var_proto_rawDesc = nil + file_ipc_var_proto_goTypes = nil + file_ipc_var_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-var.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-var.proto new file mode 100644 index 00000000000..f4fd1915756 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-var.proto @@ -0,0 +1,24 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +message ipc_var_entry { + repeated uint32 sem_ctls = 1; + required uint32 msg_ctlmax = 2; + required uint32 msg_ctlmnb = 3; + required uint32 msg_ctlmni = 4; + required uint32 auto_msgmni = 5; + required uint64 shm_ctlmax = 6; + required uint64 shm_ctlall = 7; + required uint32 shm_ctlmni = 8; + required uint32 shm_rmid_forced = 9; + required uint32 mq_queues_max = 10; + required uint32 mq_msg_max = 11; + required uint32 mq_msgsize_max = 12; + optional uint32 mq_msg_default = 13; + optional uint32 mq_msgsize_default = 14; + optional uint32 msg_next_id = 15; + optional uint32 sem_next_id = 16; + optional uint32 shm_next_id = 17; +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/macvlan.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/macvlan.pb.go new file mode 100644 index 00000000000..917c1d96663 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/macvlan.pb.go @@ -0,0 +1,152 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: macvlan.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type MacvlanLinkEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Mode *uint32 `protobuf:"varint,1,req,name=mode" json:"mode,omitempty"` + Flags *uint32 `protobuf:"varint,2,opt,name=flags" json:"flags,omitempty"` +} + +func (x *MacvlanLinkEntry) Reset() { + *x = MacvlanLinkEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_macvlan_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *MacvlanLinkEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*MacvlanLinkEntry) ProtoMessage() {} + +func (x *MacvlanLinkEntry) ProtoReflect() protoreflect.Message { + mi := &file_macvlan_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use MacvlanLinkEntry.ProtoReflect.Descriptor instead. +func (*MacvlanLinkEntry) Descriptor() ([]byte, []int) { + return file_macvlan_proto_rawDescGZIP(), []int{0} +} + +func (x *MacvlanLinkEntry) GetMode() uint32 { + if x != nil && x.Mode != nil { + return *x.Mode + } + return 0 +} + +func (x *MacvlanLinkEntry) GetFlags() uint32 { + if x != nil && x.Flags != nil { + return *x.Flags + } + return 0 +} + +var File_macvlan_proto protoreflect.FileDescriptor + +var file_macvlan_proto_rawDesc = []byte{ + 0x0a, 0x0d, 0x6d, 0x61, 0x63, 0x76, 0x6c, 0x61, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, + 0x04, 0x63, 0x72, 0x69, 0x75, 0x22, 0x3e, 0x0a, 0x12, 0x6d, 0x61, 0x63, 0x76, 0x6c, 0x61, 0x6e, + 0x5f, 0x6c, 0x69, 0x6e, 0x6b, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x6d, + 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x12, + 0x14, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x05, + 0x66, 0x6c, 0x61, 0x67, 0x73, +} + +var ( + file_macvlan_proto_rawDescOnce sync.Once + file_macvlan_proto_rawDescData = file_macvlan_proto_rawDesc +) + +func file_macvlan_proto_rawDescGZIP() []byte { + file_macvlan_proto_rawDescOnce.Do(func() { + file_macvlan_proto_rawDescData = protoimpl.X.CompressGZIP(file_macvlan_proto_rawDescData) + }) + return file_macvlan_proto_rawDescData +} + +var file_macvlan_proto_msgTypes = make([]protoimpl.MessageInfo, 1) +var file_macvlan_proto_goTypes = []interface{}{ + (*MacvlanLinkEntry)(nil), // 0: criu.macvlan_link_entry +} +var file_macvlan_proto_depIdxs = []int32{ + 0, // [0:0] is the sub-list for method output_type + 0, // [0:0] is the sub-list for method input_type + 0, // [0:0] is the sub-list for extension type_name + 0, // [0:0] is the sub-list for extension extendee + 0, // [0:0] is the sub-list for field type_name +} + +func init() { file_macvlan_proto_init() } +func file_macvlan_proto_init() { + if File_macvlan_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_macvlan_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*MacvlanLinkEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_macvlan_proto_rawDesc, + NumEnums: 0, + NumMessages: 1, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_macvlan_proto_goTypes, + DependencyIndexes: file_macvlan_proto_depIdxs, + MessageInfos: file_macvlan_proto_msgTypes, + }.Build() + File_macvlan_proto = out.File + file_macvlan_proto_rawDesc = nil + file_macvlan_proto_goTypes = nil + file_macvlan_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/macvlan.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/macvlan.proto new file mode 100644 index 00000000000..4b03c4e8156 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/macvlan.proto @@ -0,0 +1,9 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +message macvlan_link_entry { + required uint32 mode = 1; + optional uint32 flags = 2; +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/memfd.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/memfd.pb.go new file mode 100644 index 00000000000..581fdb18726 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/memfd.pb.go @@ -0,0 +1,317 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: memfd.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type MemfdFileEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Id *uint32 `protobuf:"varint,1,req,name=id" json:"id,omitempty"` + Flags *uint32 `protobuf:"varint,2,req,name=flags" json:"flags,omitempty"` + Pos *uint64 `protobuf:"varint,3,req,name=pos" json:"pos,omitempty"` + Fown *FownEntry `protobuf:"bytes,4,req,name=fown" json:"fown,omitempty"` + InodeId *uint32 `protobuf:"varint,5,req,name=inode_id,json=inodeId" json:"inode_id,omitempty"` +} + +func (x *MemfdFileEntry) Reset() { + *x = MemfdFileEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_memfd_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *MemfdFileEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*MemfdFileEntry) ProtoMessage() {} + +func (x *MemfdFileEntry) ProtoReflect() protoreflect.Message { + mi := &file_memfd_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use MemfdFileEntry.ProtoReflect.Descriptor instead. +func (*MemfdFileEntry) Descriptor() ([]byte, []int) { + return file_memfd_proto_rawDescGZIP(), []int{0} +} + +func (x *MemfdFileEntry) GetId() uint32 { + if x != nil && x.Id != nil { + return *x.Id + } + return 0 +} + +func (x *MemfdFileEntry) GetFlags() uint32 { + if x != nil && x.Flags != nil { + return *x.Flags + } + return 0 +} + +func (x *MemfdFileEntry) GetPos() uint64 { + if x != nil && x.Pos != nil { + return *x.Pos + } + return 0 +} + +func (x *MemfdFileEntry) GetFown() *FownEntry { + if x != nil { + return x.Fown + } + return nil +} + +func (x *MemfdFileEntry) GetInodeId() uint32 { + if x != nil && x.InodeId != nil { + return *x.InodeId + } + return 0 +} + +type MemfdInodeEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Name *string `protobuf:"bytes,1,req,name=name" json:"name,omitempty"` + Uid *uint32 `protobuf:"varint,2,req,name=uid" json:"uid,omitempty"` + Gid *uint32 `protobuf:"varint,3,req,name=gid" json:"gid,omitempty"` + Size *uint64 `protobuf:"varint,4,req,name=size" json:"size,omitempty"` + Shmid *uint32 `protobuf:"varint,5,req,name=shmid" json:"shmid,omitempty"` + Seals *uint32 `protobuf:"varint,6,req,name=seals" json:"seals,omitempty"` + InodeId *uint64 `protobuf:"varint,7,req,name=inode_id,json=inodeId" json:"inode_id,omitempty"` + HugetlbFlag *uint32 `protobuf:"varint,8,opt,name=hugetlb_flag,json=hugetlbFlag" json:"hugetlb_flag,omitempty"` +} + +func (x *MemfdInodeEntry) Reset() { + *x = MemfdInodeEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_memfd_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *MemfdInodeEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*MemfdInodeEntry) ProtoMessage() {} + +func (x *MemfdInodeEntry) ProtoReflect() protoreflect.Message { + mi := &file_memfd_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use MemfdInodeEntry.ProtoReflect.Descriptor instead. +func (*MemfdInodeEntry) Descriptor() ([]byte, []int) { + return file_memfd_proto_rawDescGZIP(), []int{1} +} + +func (x *MemfdInodeEntry) GetName() string { + if x != nil && x.Name != nil { + return *x.Name + } + return "" +} + +func (x *MemfdInodeEntry) GetUid() uint32 { + if x != nil && x.Uid != nil { + return *x.Uid + } + return 0 +} + +func (x *MemfdInodeEntry) GetGid() uint32 { + if x != nil && x.Gid != nil { + return *x.Gid + } + return 0 +} + +func (x *MemfdInodeEntry) GetSize() uint64 { + if x != nil && x.Size != nil { + return *x.Size + } + return 0 +} + +func (x *MemfdInodeEntry) GetShmid() uint32 { + if x != nil && x.Shmid != nil { + return *x.Shmid + } + return 0 +} + +func (x *MemfdInodeEntry) GetSeals() uint32 { + if x != nil && x.Seals != nil { + return *x.Seals + } + return 0 +} + +func (x *MemfdInodeEntry) GetInodeId() uint64 { + if x != nil && x.InodeId != nil { + return *x.InodeId + } + return 0 +} + +func (x *MemfdInodeEntry) GetHugetlbFlag() uint32 { + if x != nil && x.HugetlbFlag != nil { + return *x.HugetlbFlag + } + return 0 +} + +var File_memfd_proto protoreflect.FileDescriptor + +var file_memfd_proto_rawDesc = []byte{ + 0x0a, 0x0b, 0x6d, 0x65, 0x6d, 0x66, 0x64, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x63, + 0x72, 0x69, 0x75, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, + 0x0a, 0x66, 0x6f, 0x77, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x9d, 0x01, 0x0a, 0x10, + 0x6d, 0x65, 0x6d, 0x66, 0x64, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, + 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, + 0x12, 0x26, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x42, + 0x10, 0xd2, 0x3f, 0x0d, 0x1a, 0x0b, 0x72, 0x66, 0x69, 0x6c, 0x65, 0x2e, 0x66, 0x6c, 0x61, 0x67, + 0x73, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x10, 0x0a, 0x03, 0x70, 0x6f, 0x73, 0x18, + 0x03, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x70, 0x6f, 0x73, 0x12, 0x24, 0x0a, 0x04, 0x66, 0x6f, + 0x77, 0x6e, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, + 0x66, 0x6f, 0x77, 0x6e, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x66, 0x6f, 0x77, 0x6e, + 0x12, 0x19, 0x0a, 0x08, 0x69, 0x6e, 0x6f, 0x64, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x05, 0x20, 0x02, + 0x28, 0x0d, 0x52, 0x07, 0x69, 0x6e, 0x6f, 0x64, 0x65, 0x49, 0x64, 0x22, 0xdb, 0x01, 0x0a, 0x11, + 0x6d, 0x65, 0x6d, 0x66, 0x64, 0x5f, 0x69, 0x6e, 0x6f, 0x64, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, + 0x79, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x09, 0x52, + 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x69, 0x64, 0x18, 0x02, 0x20, 0x02, + 0x28, 0x0d, 0x52, 0x03, 0x75, 0x69, 0x64, 0x12, 0x10, 0x0a, 0x03, 0x67, 0x69, 0x64, 0x18, 0x03, + 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, 0x67, 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x73, 0x69, 0x7a, + 0x65, 0x18, 0x04, 0x20, 0x02, 0x28, 0x04, 0x52, 0x04, 0x73, 0x69, 0x7a, 0x65, 0x12, 0x14, 0x0a, + 0x05, 0x73, 0x68, 0x6d, 0x69, 0x64, 0x18, 0x05, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x73, 0x68, + 0x6d, 0x69, 0x64, 0x12, 0x26, 0x0a, 0x05, 0x73, 0x65, 0x61, 0x6c, 0x73, 0x18, 0x06, 0x20, 0x02, + 0x28, 0x0d, 0x42, 0x10, 0xd2, 0x3f, 0x0d, 0x1a, 0x0b, 0x73, 0x65, 0x61, 0x6c, 0x73, 0x2e, 0x66, + 0x6c, 0x61, 0x67, 0x73, 0x52, 0x05, 0x73, 0x65, 0x61, 0x6c, 0x73, 0x12, 0x19, 0x0a, 0x08, 0x69, + 0x6e, 0x6f, 0x64, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x07, 0x20, 0x02, 0x28, 0x04, 0x52, 0x07, 0x69, + 0x6e, 0x6f, 0x64, 0x65, 0x49, 0x64, 0x12, 0x21, 0x0a, 0x0c, 0x68, 0x75, 0x67, 0x65, 0x74, 0x6c, + 0x62, 0x5f, 0x66, 0x6c, 0x61, 0x67, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0b, 0x68, 0x75, + 0x67, 0x65, 0x74, 0x6c, 0x62, 0x46, 0x6c, 0x61, 0x67, +} + +var ( + file_memfd_proto_rawDescOnce sync.Once + file_memfd_proto_rawDescData = file_memfd_proto_rawDesc +) + +func file_memfd_proto_rawDescGZIP() []byte { + file_memfd_proto_rawDescOnce.Do(func() { + file_memfd_proto_rawDescData = protoimpl.X.CompressGZIP(file_memfd_proto_rawDescData) + }) + return file_memfd_proto_rawDescData +} + +var file_memfd_proto_msgTypes = make([]protoimpl.MessageInfo, 2) +var file_memfd_proto_goTypes = []interface{}{ + (*MemfdFileEntry)(nil), // 0: criu.memfd_file_entry + (*MemfdInodeEntry)(nil), // 1: criu.memfd_inode_entry + (*FownEntry)(nil), // 2: criu.fown_entry +} +var file_memfd_proto_depIdxs = []int32{ + 2, // 0: criu.memfd_file_entry.fown:type_name -> criu.fown_entry + 1, // [1:1] is the sub-list for method output_type + 1, // [1:1] is the sub-list for method input_type + 1, // [1:1] is the sub-list for extension type_name + 1, // [1:1] is the sub-list for extension extendee + 0, // [0:1] is the sub-list for field type_name +} + +func init() { file_memfd_proto_init() } +func file_memfd_proto_init() { + if File_memfd_proto != nil { + return + } + file_opts_proto_init() + file_fown_proto_init() + if !protoimpl.UnsafeEnabled { + file_memfd_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*MemfdFileEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_memfd_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*MemfdInodeEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_memfd_proto_rawDesc, + NumEnums: 0, + NumMessages: 2, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_memfd_proto_goTypes, + DependencyIndexes: file_memfd_proto_depIdxs, + MessageInfos: file_memfd_proto_msgTypes, + }.Build() + File_memfd_proto = out.File + file_memfd_proto_rawDesc = nil + file_memfd_proto_goTypes = nil + file_memfd_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/memfd.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/memfd.proto new file mode 100644 index 00000000000..f73a2c0af65 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/memfd.proto @@ -0,0 +1,26 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +import "opts.proto"; +import "fown.proto"; + +message memfd_file_entry { + required uint32 id = 1; + required uint32 flags = 2 [(criu).flags = "rfile.flags"]; + required uint64 pos = 3; + required fown_entry fown = 4; + required uint32 inode_id = 5; +}; + +message memfd_inode_entry { + required string name = 1; + required uint32 uid = 2; + required uint32 gid = 3; + required uint64 size = 4; + required uint32 shmid = 5; + required uint32 seals = 6 [(criu).flags = "seals.flags"]; + required uint64 inode_id = 7; + optional uint32 hugetlb_flag = 8; +}; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/mm.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/mm.pb.go new file mode 100644 index 00000000000..6db5896a8f8 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/mm.pb.go @@ -0,0 +1,396 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: mm.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type AioRingEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Id *uint64 `protobuf:"varint,1,req,name=id" json:"id,omitempty"` + NrReq *uint32 `protobuf:"varint,2,req,name=nr_req,json=nrReq" json:"nr_req,omitempty"` + RingLen *uint32 `protobuf:"varint,3,req,name=ring_len,json=ringLen" json:"ring_len,omitempty"` +} + +func (x *AioRingEntry) Reset() { + *x = AioRingEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_mm_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *AioRingEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*AioRingEntry) ProtoMessage() {} + +func (x *AioRingEntry) ProtoReflect() protoreflect.Message { + mi := &file_mm_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use AioRingEntry.ProtoReflect.Descriptor instead. +func (*AioRingEntry) Descriptor() ([]byte, []int) { + return file_mm_proto_rawDescGZIP(), []int{0} +} + +func (x *AioRingEntry) GetId() uint64 { + if x != nil && x.Id != nil { + return *x.Id + } + return 0 +} + +func (x *AioRingEntry) GetNrReq() uint32 { + if x != nil && x.NrReq != nil { + return *x.NrReq + } + return 0 +} + +func (x *AioRingEntry) GetRingLen() uint32 { + if x != nil && x.RingLen != nil { + return *x.RingLen + } + return 0 +} + +type MmEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + MmStartCode *uint64 `protobuf:"varint,1,req,name=mm_start_code,json=mmStartCode" json:"mm_start_code,omitempty"` + MmEndCode *uint64 `protobuf:"varint,2,req,name=mm_end_code,json=mmEndCode" json:"mm_end_code,omitempty"` + MmStartData *uint64 `protobuf:"varint,3,req,name=mm_start_data,json=mmStartData" json:"mm_start_data,omitempty"` + MmEndData *uint64 `protobuf:"varint,4,req,name=mm_end_data,json=mmEndData" json:"mm_end_data,omitempty"` + MmStartStack *uint64 `protobuf:"varint,5,req,name=mm_start_stack,json=mmStartStack" json:"mm_start_stack,omitempty"` + MmStartBrk *uint64 `protobuf:"varint,6,req,name=mm_start_brk,json=mmStartBrk" json:"mm_start_brk,omitempty"` + MmBrk *uint64 `protobuf:"varint,7,req,name=mm_brk,json=mmBrk" json:"mm_brk,omitempty"` + MmArgStart *uint64 `protobuf:"varint,8,req,name=mm_arg_start,json=mmArgStart" json:"mm_arg_start,omitempty"` + MmArgEnd *uint64 `protobuf:"varint,9,req,name=mm_arg_end,json=mmArgEnd" json:"mm_arg_end,omitempty"` + MmEnvStart *uint64 `protobuf:"varint,10,req,name=mm_env_start,json=mmEnvStart" json:"mm_env_start,omitempty"` + MmEnvEnd *uint64 `protobuf:"varint,11,req,name=mm_env_end,json=mmEnvEnd" json:"mm_env_end,omitempty"` + ExeFileId *uint32 `protobuf:"varint,12,req,name=exe_file_id,json=exeFileId" json:"exe_file_id,omitempty"` + MmSavedAuxv []uint64 `protobuf:"varint,13,rep,name=mm_saved_auxv,json=mmSavedAuxv" json:"mm_saved_auxv,omitempty"` + Vmas []*VmaEntry `protobuf:"bytes,14,rep,name=vmas" json:"vmas,omitempty"` + Dumpable *int32 `protobuf:"varint,15,opt,name=dumpable" json:"dumpable,omitempty"` + Aios []*AioRingEntry `protobuf:"bytes,16,rep,name=aios" json:"aios,omitempty"` + ThpDisabled *bool `protobuf:"varint,17,opt,name=thp_disabled,json=thpDisabled" json:"thp_disabled,omitempty"` +} + +func (x *MmEntry) Reset() { + *x = MmEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_mm_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *MmEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*MmEntry) ProtoMessage() {} + +func (x *MmEntry) ProtoReflect() protoreflect.Message { + mi := &file_mm_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use MmEntry.ProtoReflect.Descriptor instead. +func (*MmEntry) Descriptor() ([]byte, []int) { + return file_mm_proto_rawDescGZIP(), []int{1} +} + +func (x *MmEntry) GetMmStartCode() uint64 { + if x != nil && x.MmStartCode != nil { + return *x.MmStartCode + } + return 0 +} + +func (x *MmEntry) GetMmEndCode() uint64 { + if x != nil && x.MmEndCode != nil { + return *x.MmEndCode + } + return 0 +} + +func (x *MmEntry) GetMmStartData() uint64 { + if x != nil && x.MmStartData != nil { + return *x.MmStartData + } + return 0 +} + +func (x *MmEntry) GetMmEndData() uint64 { + if x != nil && x.MmEndData != nil { + return *x.MmEndData + } + return 0 +} + +func (x *MmEntry) GetMmStartStack() uint64 { + if x != nil && x.MmStartStack != nil { + return *x.MmStartStack + } + return 0 +} + +func (x *MmEntry) GetMmStartBrk() uint64 { + if x != nil && x.MmStartBrk != nil { + return *x.MmStartBrk + } + return 0 +} + +func (x *MmEntry) GetMmBrk() uint64 { + if x != nil && x.MmBrk != nil { + return *x.MmBrk + } + return 0 +} + +func (x *MmEntry) GetMmArgStart() uint64 { + if x != nil && x.MmArgStart != nil { + return *x.MmArgStart + } + return 0 +} + +func (x *MmEntry) GetMmArgEnd() uint64 { + if x != nil && x.MmArgEnd != nil { + return *x.MmArgEnd + } + return 0 +} + +func (x *MmEntry) GetMmEnvStart() uint64 { + if x != nil && x.MmEnvStart != nil { + return *x.MmEnvStart + } + return 0 +} + +func (x *MmEntry) GetMmEnvEnd() uint64 { + if x != nil && x.MmEnvEnd != nil { + return *x.MmEnvEnd + } + return 0 +} + +func (x *MmEntry) GetExeFileId() uint32 { + if x != nil && x.ExeFileId != nil { + return *x.ExeFileId + } + return 0 +} + +func (x *MmEntry) GetMmSavedAuxv() []uint64 { + if x != nil { + return x.MmSavedAuxv + } + return nil +} + +func (x *MmEntry) GetVmas() []*VmaEntry { + if x != nil { + return x.Vmas + } + return nil +} + +func (x *MmEntry) GetDumpable() int32 { + if x != nil && x.Dumpable != nil { + return *x.Dumpable + } + return 0 +} + +func (x *MmEntry) GetAios() []*AioRingEntry { + if x != nil { + return x.Aios + } + return nil +} + +func (x *MmEntry) GetThpDisabled() bool { + if x != nil && x.ThpDisabled != nil { + return *x.ThpDisabled + } + return false +} + +var File_mm_proto protoreflect.FileDescriptor + +var file_mm_proto_rawDesc = []byte{ + 0x0a, 0x08, 0x6d, 0x6d, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x63, 0x72, 0x69, 0x75, + 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x09, 0x76, 0x6d, + 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x52, 0x0a, 0x0e, 0x61, 0x69, 0x6f, 0x5f, 0x72, + 0x69, 0x6e, 0x67, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, + 0x01, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x69, 0x64, 0x12, 0x15, 0x0a, 0x06, 0x6e, 0x72, 0x5f, + 0x72, 0x65, 0x71, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x6e, 0x72, 0x52, 0x65, 0x71, + 0x12, 0x19, 0x0a, 0x08, 0x72, 0x69, 0x6e, 0x67, 0x5f, 0x6c, 0x65, 0x6e, 0x18, 0x03, 0x20, 0x02, + 0x28, 0x0d, 0x52, 0x07, 0x72, 0x69, 0x6e, 0x67, 0x4c, 0x65, 0x6e, 0x22, 0x90, 0x05, 0x0a, 0x08, + 0x6d, 0x6d, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x29, 0x0a, 0x0d, 0x6d, 0x6d, 0x5f, 0x73, + 0x74, 0x61, 0x72, 0x74, 0x5f, 0x63, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x42, + 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x0b, 0x6d, 0x6d, 0x53, 0x74, 0x61, 0x72, 0x74, 0x43, + 0x6f, 0x64, 0x65, 0x12, 0x25, 0x0a, 0x0b, 0x6d, 0x6d, 0x5f, 0x65, 0x6e, 0x64, 0x5f, 0x63, 0x6f, + 0x64, 0x65, 0x18, 0x02, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, + 0x09, 0x6d, 0x6d, 0x45, 0x6e, 0x64, 0x43, 0x6f, 0x64, 0x65, 0x12, 0x29, 0x0a, 0x0d, 0x6d, 0x6d, + 0x5f, 0x73, 0x74, 0x61, 0x72, 0x74, 0x5f, 0x64, 0x61, 0x74, 0x61, 0x18, 0x03, 0x20, 0x02, 0x28, + 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x0b, 0x6d, 0x6d, 0x53, 0x74, 0x61, 0x72, + 0x74, 0x44, 0x61, 0x74, 0x61, 0x12, 0x25, 0x0a, 0x0b, 0x6d, 0x6d, 0x5f, 0x65, 0x6e, 0x64, 0x5f, + 0x64, 0x61, 0x74, 0x61, 0x18, 0x04, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, + 0x01, 0x52, 0x09, 0x6d, 0x6d, 0x45, 0x6e, 0x64, 0x44, 0x61, 0x74, 0x61, 0x12, 0x2b, 0x0a, 0x0e, + 0x6d, 0x6d, 0x5f, 0x73, 0x74, 0x61, 0x72, 0x74, 0x5f, 0x73, 0x74, 0x61, 0x63, 0x6b, 0x18, 0x05, + 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x0c, 0x6d, 0x6d, 0x53, + 0x74, 0x61, 0x72, 0x74, 0x53, 0x74, 0x61, 0x63, 0x6b, 0x12, 0x27, 0x0a, 0x0c, 0x6d, 0x6d, 0x5f, + 0x73, 0x74, 0x61, 0x72, 0x74, 0x5f, 0x62, 0x72, 0x6b, 0x18, 0x06, 0x20, 0x02, 0x28, 0x04, 0x42, + 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x0a, 0x6d, 0x6d, 0x53, 0x74, 0x61, 0x72, 0x74, 0x42, + 0x72, 0x6b, 0x12, 0x1c, 0x0a, 0x06, 0x6d, 0x6d, 0x5f, 0x62, 0x72, 0x6b, 0x18, 0x07, 0x20, 0x02, + 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x05, 0x6d, 0x6d, 0x42, 0x72, 0x6b, + 0x12, 0x27, 0x0a, 0x0c, 0x6d, 0x6d, 0x5f, 0x61, 0x72, 0x67, 0x5f, 0x73, 0x74, 0x61, 0x72, 0x74, + 0x18, 0x08, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x0a, 0x6d, + 0x6d, 0x41, 0x72, 0x67, 0x53, 0x74, 0x61, 0x72, 0x74, 0x12, 0x23, 0x0a, 0x0a, 0x6d, 0x6d, 0x5f, + 0x61, 0x72, 0x67, 0x5f, 0x65, 0x6e, 0x64, 0x18, 0x09, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, + 0x3f, 0x02, 0x08, 0x01, 0x52, 0x08, 0x6d, 0x6d, 0x41, 0x72, 0x67, 0x45, 0x6e, 0x64, 0x12, 0x27, + 0x0a, 0x0c, 0x6d, 0x6d, 0x5f, 0x65, 0x6e, 0x76, 0x5f, 0x73, 0x74, 0x61, 0x72, 0x74, 0x18, 0x0a, + 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x0a, 0x6d, 0x6d, 0x45, + 0x6e, 0x76, 0x53, 0x74, 0x61, 0x72, 0x74, 0x12, 0x23, 0x0a, 0x0a, 0x6d, 0x6d, 0x5f, 0x65, 0x6e, + 0x76, 0x5f, 0x65, 0x6e, 0x64, 0x18, 0x0b, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, + 0x08, 0x01, 0x52, 0x08, 0x6d, 0x6d, 0x45, 0x6e, 0x76, 0x45, 0x6e, 0x64, 0x12, 0x1e, 0x0a, 0x0b, + 0x65, 0x78, 0x65, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x0c, 0x20, 0x02, 0x28, + 0x0d, 0x52, 0x09, 0x65, 0x78, 0x65, 0x46, 0x69, 0x6c, 0x65, 0x49, 0x64, 0x12, 0x22, 0x0a, 0x0d, + 0x6d, 0x6d, 0x5f, 0x73, 0x61, 0x76, 0x65, 0x64, 0x5f, 0x61, 0x75, 0x78, 0x76, 0x18, 0x0d, 0x20, + 0x03, 0x28, 0x04, 0x52, 0x0b, 0x6d, 0x6d, 0x53, 0x61, 0x76, 0x65, 0x64, 0x41, 0x75, 0x78, 0x76, + 0x12, 0x23, 0x0a, 0x04, 0x76, 0x6d, 0x61, 0x73, 0x18, 0x0e, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0f, + 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x76, 0x6d, 0x61, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, + 0x04, 0x76, 0x6d, 0x61, 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x64, 0x75, 0x6d, 0x70, 0x61, 0x62, 0x6c, + 0x65, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x05, 0x52, 0x08, 0x64, 0x75, 0x6d, 0x70, 0x61, 0x62, 0x6c, + 0x65, 0x12, 0x28, 0x0a, 0x04, 0x61, 0x69, 0x6f, 0x73, 0x18, 0x10, 0x20, 0x03, 0x28, 0x0b, 0x32, + 0x14, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x61, 0x69, 0x6f, 0x5f, 0x72, 0x69, 0x6e, 0x67, 0x5f, + 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x61, 0x69, 0x6f, 0x73, 0x12, 0x21, 0x0a, 0x0c, 0x74, + 0x68, 0x70, 0x5f, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x11, 0x20, 0x01, 0x28, + 0x08, 0x52, 0x0b, 0x74, 0x68, 0x70, 0x44, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x64, +} + +var ( + file_mm_proto_rawDescOnce sync.Once + file_mm_proto_rawDescData = file_mm_proto_rawDesc +) + +func file_mm_proto_rawDescGZIP() []byte { + file_mm_proto_rawDescOnce.Do(func() { + file_mm_proto_rawDescData = protoimpl.X.CompressGZIP(file_mm_proto_rawDescData) + }) + return file_mm_proto_rawDescData +} + +var file_mm_proto_msgTypes = make([]protoimpl.MessageInfo, 2) +var file_mm_proto_goTypes = []interface{}{ + (*AioRingEntry)(nil), // 0: criu.aio_ring_entry + (*MmEntry)(nil), // 1: criu.mm_entry + (*VmaEntry)(nil), // 2: criu.vma_entry +} +var file_mm_proto_depIdxs = []int32{ + 2, // 0: criu.mm_entry.vmas:type_name -> criu.vma_entry + 0, // 1: criu.mm_entry.aios:type_name -> criu.aio_ring_entry + 2, // [2:2] is the sub-list for method output_type + 2, // [2:2] is the sub-list for method input_type + 2, // [2:2] is the sub-list for extension type_name + 2, // [2:2] is the sub-list for extension extendee + 0, // [0:2] is the sub-list for field type_name +} + +func init() { file_mm_proto_init() } +func file_mm_proto_init() { + if File_mm_proto != nil { + return + } + file_opts_proto_init() + file_vma_proto_init() + if !protoimpl.UnsafeEnabled { + file_mm_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*AioRingEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_mm_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*MmEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_mm_proto_rawDesc, + NumEnums: 0, + NumMessages: 2, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_mm_proto_goTypes, + DependencyIndexes: file_mm_proto_depIdxs, + MessageInfos: file_mm_proto_msgTypes, + }.Build() + File_mm_proto = out.File + file_mm_proto_rawDesc = nil + file_mm_proto_goTypes = nil + file_mm_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/mm.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/mm.proto new file mode 100644 index 00000000000..c592bb12e18 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/mm.proto @@ -0,0 +1,36 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +import "opts.proto"; +import "vma.proto"; + +message aio_ring_entry { + required uint64 id = 1; + required uint32 nr_req = 2; + required uint32 ring_len = 3; +} + +message mm_entry { + required uint64 mm_start_code = 1 [(criu).hex = true]; + required uint64 mm_end_code = 2 [(criu).hex = true]; + required uint64 mm_start_data = 3 [(criu).hex = true]; + required uint64 mm_end_data = 4 [(criu).hex = true]; + required uint64 mm_start_stack = 5 [(criu).hex = true]; + required uint64 mm_start_brk = 6 [(criu).hex = true]; + required uint64 mm_brk = 7 [(criu).hex = true]; + required uint64 mm_arg_start = 8 [(criu).hex = true]; + required uint64 mm_arg_end = 9 [(criu).hex = true]; + required uint64 mm_env_start = 10 [(criu).hex = true]; + required uint64 mm_env_end = 11 [(criu).hex = true]; + required uint32 exe_file_id = 12; + + repeated uint64 mm_saved_auxv = 13; + + repeated vma_entry vmas = 14; + + optional int32 dumpable = 15; + repeated aio_ring_entry aios = 16; + optional bool thp_disabled = 17; +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/mnt.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/mnt.pb.go new file mode 100644 index 00000000000..fa7fe8626ec --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/mnt.pb.go @@ -0,0 +1,445 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: mnt.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type Fstype int32 + +const ( + Fstype_UNSUPPORTED Fstype = 0 + Fstype_PROC Fstype = 1 + Fstype_SYSFS Fstype = 2 + Fstype_DEVTMPFS Fstype = 3 + Fstype_BINFMT_MISC Fstype = 4 + Fstype_TMPFS Fstype = 5 + Fstype_DEVPTS Fstype = 6 + Fstype_SIMFS Fstype = 7 + Fstype_PSTORE Fstype = 8 + Fstype_SECURITYFS Fstype = 9 + Fstype_FUSECTL Fstype = 10 + Fstype_DEBUGFS Fstype = 11 + Fstype_CGROUP Fstype = 12 + Fstype_AUFS Fstype = 13 + Fstype_MQUEUE Fstype = 14 + Fstype_FUSE Fstype = 15 + Fstype_AUTO Fstype = 16 + Fstype_OVERLAYFS Fstype = 17 + Fstype_AUTOFS Fstype = 18 + Fstype_TRACEFS Fstype = 19 + Fstype_CGROUP2 Fstype = 23 +) + +// Enum value maps for Fstype. +var ( + Fstype_name = map[int32]string{ + 0: "UNSUPPORTED", + 1: "PROC", + 2: "SYSFS", + 3: "DEVTMPFS", + 4: "BINFMT_MISC", + 5: "TMPFS", + 6: "DEVPTS", + 7: "SIMFS", + 8: "PSTORE", + 9: "SECURITYFS", + 10: "FUSECTL", + 11: "DEBUGFS", + 12: "CGROUP", + 13: "AUFS", + 14: "MQUEUE", + 15: "FUSE", + 16: "AUTO", + 17: "OVERLAYFS", + 18: "AUTOFS", + 19: "TRACEFS", + 23: "CGROUP2", + } + Fstype_value = map[string]int32{ + "UNSUPPORTED": 0, + "PROC": 1, + "SYSFS": 2, + "DEVTMPFS": 3, + "BINFMT_MISC": 4, + "TMPFS": 5, + "DEVPTS": 6, + "SIMFS": 7, + "PSTORE": 8, + "SECURITYFS": 9, + "FUSECTL": 10, + "DEBUGFS": 11, + "CGROUP": 12, + "AUFS": 13, + "MQUEUE": 14, + "FUSE": 15, + "AUTO": 16, + "OVERLAYFS": 17, + "AUTOFS": 18, + "TRACEFS": 19, + "CGROUP2": 23, + } +) + +func (x Fstype) Enum() *Fstype { + p := new(Fstype) + *p = x + return p +} + +func (x Fstype) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (Fstype) Descriptor() protoreflect.EnumDescriptor { + return file_mnt_proto_enumTypes[0].Descriptor() +} + +func (Fstype) Type() protoreflect.EnumType { + return &file_mnt_proto_enumTypes[0] +} + +func (x Fstype) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Do not use. +func (x *Fstype) UnmarshalJSON(b []byte) error { + num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b) + if err != nil { + return err + } + *x = Fstype(num) + return nil +} + +// Deprecated: Use Fstype.Descriptor instead. +func (Fstype) EnumDescriptor() ([]byte, []int) { + return file_mnt_proto_rawDescGZIP(), []int{0} +} + +type MntEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Fstype *uint32 `protobuf:"varint,1,req,name=fstype" json:"fstype,omitempty"` + MntId *uint32 `protobuf:"varint,2,req,name=mnt_id,json=mntId" json:"mnt_id,omitempty"` + RootDev *uint32 `protobuf:"varint,3,req,name=root_dev,json=rootDev" json:"root_dev,omitempty"` + ParentMntId *uint32 `protobuf:"varint,4,req,name=parent_mnt_id,json=parentMntId" json:"parent_mnt_id,omitempty"` + Flags *uint32 `protobuf:"varint,5,req,name=flags" json:"flags,omitempty"` + Root *string `protobuf:"bytes,6,req,name=root" json:"root,omitempty"` + Mountpoint *string `protobuf:"bytes,7,req,name=mountpoint" json:"mountpoint,omitempty"` + Source *string `protobuf:"bytes,8,req,name=source" json:"source,omitempty"` + Options *string `protobuf:"bytes,9,req,name=options" json:"options,omitempty"` + SharedId *uint32 `protobuf:"varint,10,opt,name=shared_id,json=sharedId" json:"shared_id,omitempty"` + MasterId *uint32 `protobuf:"varint,11,opt,name=master_id,json=masterId" json:"master_id,omitempty"` + WithPlugin *bool `protobuf:"varint,12,opt,name=with_plugin,json=withPlugin" json:"with_plugin,omitempty"` + ExtMount *bool `protobuf:"varint,13,opt,name=ext_mount,json=extMount" json:"ext_mount,omitempty"` + Fsname *string `protobuf:"bytes,14,opt,name=fsname" json:"fsname,omitempty"` + InternalSharing *bool `protobuf:"varint,15,opt,name=internal_sharing,json=internalSharing" json:"internal_sharing,omitempty"` + Deleted *bool `protobuf:"varint,16,opt,name=deleted" json:"deleted,omitempty"` + SbFlags *uint32 `protobuf:"varint,17,opt,name=sb_flags,json=sbFlags" json:"sb_flags,omitempty"` + // user defined mapping for external mount + ExtKey *string `protobuf:"bytes,18,opt,name=ext_key,json=extKey" json:"ext_key,omitempty"` +} + +func (x *MntEntry) Reset() { + *x = MntEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_mnt_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *MntEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*MntEntry) ProtoMessage() {} + +func (x *MntEntry) ProtoReflect() protoreflect.Message { + mi := &file_mnt_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use MntEntry.ProtoReflect.Descriptor instead. +func (*MntEntry) Descriptor() ([]byte, []int) { + return file_mnt_proto_rawDescGZIP(), []int{0} +} + +func (x *MntEntry) GetFstype() uint32 { + if x != nil && x.Fstype != nil { + return *x.Fstype + } + return 0 +} + +func (x *MntEntry) GetMntId() uint32 { + if x != nil && x.MntId != nil { + return *x.MntId + } + return 0 +} + +func (x *MntEntry) GetRootDev() uint32 { + if x != nil && x.RootDev != nil { + return *x.RootDev + } + return 0 +} + +func (x *MntEntry) GetParentMntId() uint32 { + if x != nil && x.ParentMntId != nil { + return *x.ParentMntId + } + return 0 +} + +func (x *MntEntry) GetFlags() uint32 { + if x != nil && x.Flags != nil { + return *x.Flags + } + return 0 +} + +func (x *MntEntry) GetRoot() string { + if x != nil && x.Root != nil { + return *x.Root + } + return "" +} + +func (x *MntEntry) GetMountpoint() string { + if x != nil && x.Mountpoint != nil { + return *x.Mountpoint + } + return "" +} + +func (x *MntEntry) GetSource() string { + if x != nil && x.Source != nil { + return *x.Source + } + return "" +} + +func (x *MntEntry) GetOptions() string { + if x != nil && x.Options != nil { + return *x.Options + } + return "" +} + +func (x *MntEntry) GetSharedId() uint32 { + if x != nil && x.SharedId != nil { + return *x.SharedId + } + return 0 +} + +func (x *MntEntry) GetMasterId() uint32 { + if x != nil && x.MasterId != nil { + return *x.MasterId + } + return 0 +} + +func (x *MntEntry) GetWithPlugin() bool { + if x != nil && x.WithPlugin != nil { + return *x.WithPlugin + } + return false +} + +func (x *MntEntry) GetExtMount() bool { + if x != nil && x.ExtMount != nil { + return *x.ExtMount + } + return false +} + +func (x *MntEntry) GetFsname() string { + if x != nil && x.Fsname != nil { + return *x.Fsname + } + return "" +} + +func (x *MntEntry) GetInternalSharing() bool { + if x != nil && x.InternalSharing != nil { + return *x.InternalSharing + } + return false +} + +func (x *MntEntry) GetDeleted() bool { + if x != nil && x.Deleted != nil { + return *x.Deleted + } + return false +} + +func (x *MntEntry) GetSbFlags() uint32 { + if x != nil && x.SbFlags != nil { + return *x.SbFlags + } + return 0 +} + +func (x *MntEntry) GetExtKey() string { + if x != nil && x.ExtKey != nil { + return *x.ExtKey + } + return "" +} + +var File_mnt_proto protoreflect.FileDescriptor + +var file_mnt_proto_rawDesc = []byte{ + 0x0a, 0x09, 0x6d, 0x6e, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x63, 0x72, 0x69, + 0x75, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x93, 0x04, + 0x0a, 0x09, 0x6d, 0x6e, 0x74, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x16, 0x0a, 0x06, 0x66, + 0x73, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x06, 0x66, 0x73, 0x74, + 0x79, 0x70, 0x65, 0x12, 0x15, 0x0a, 0x06, 0x6d, 0x6e, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, + 0x02, 0x28, 0x0d, 0x52, 0x05, 0x6d, 0x6e, 0x74, 0x49, 0x64, 0x12, 0x20, 0x0a, 0x08, 0x72, 0x6f, + 0x6f, 0x74, 0x5f, 0x64, 0x65, 0x76, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, + 0x02, 0x20, 0x01, 0x52, 0x07, 0x72, 0x6f, 0x6f, 0x74, 0x44, 0x65, 0x76, 0x12, 0x22, 0x0a, 0x0d, + 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x5f, 0x6d, 0x6e, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x04, 0x20, + 0x02, 0x28, 0x0d, 0x52, 0x0b, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x4d, 0x6e, 0x74, 0x49, 0x64, + 0x12, 0x1b, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x05, 0x20, 0x02, 0x28, 0x0d, 0x42, + 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x12, 0x0a, + 0x04, 0x72, 0x6f, 0x6f, 0x74, 0x18, 0x06, 0x20, 0x02, 0x28, 0x09, 0x52, 0x04, 0x72, 0x6f, 0x6f, + 0x74, 0x12, 0x1e, 0x0a, 0x0a, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x18, + 0x07, 0x20, 0x02, 0x28, 0x09, 0x52, 0x0a, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x70, 0x6f, 0x69, 0x6e, + 0x74, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, 0x08, 0x20, 0x02, 0x28, + 0x09, 0x52, 0x06, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x6f, 0x70, 0x74, + 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x09, 0x20, 0x02, 0x28, 0x09, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, + 0x6f, 0x6e, 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x73, 0x68, 0x61, 0x72, 0x65, 0x64, 0x5f, 0x69, 0x64, + 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x08, 0x73, 0x68, 0x61, 0x72, 0x65, 0x64, 0x49, 0x64, + 0x12, 0x1b, 0x0a, 0x09, 0x6d, 0x61, 0x73, 0x74, 0x65, 0x72, 0x5f, 0x69, 0x64, 0x18, 0x0b, 0x20, + 0x01, 0x28, 0x0d, 0x52, 0x08, 0x6d, 0x61, 0x73, 0x74, 0x65, 0x72, 0x49, 0x64, 0x12, 0x1f, 0x0a, + 0x0b, 0x77, 0x69, 0x74, 0x68, 0x5f, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x18, 0x0c, 0x20, 0x01, + 0x28, 0x08, 0x52, 0x0a, 0x77, 0x69, 0x74, 0x68, 0x50, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x12, 0x1b, + 0x0a, 0x09, 0x65, 0x78, 0x74, 0x5f, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x0d, 0x20, 0x01, 0x28, + 0x08, 0x52, 0x08, 0x65, 0x78, 0x74, 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x66, + 0x73, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x66, 0x73, 0x6e, + 0x61, 0x6d, 0x65, 0x12, 0x29, 0x0a, 0x10, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5f, + 0x73, 0x68, 0x61, 0x72, 0x69, 0x6e, 0x67, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0f, 0x69, + 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x53, 0x68, 0x61, 0x72, 0x69, 0x6e, 0x67, 0x12, 0x18, + 0x0a, 0x07, 0x64, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x64, 0x18, 0x10, 0x20, 0x01, 0x28, 0x08, 0x52, + 0x07, 0x64, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x64, 0x12, 0x20, 0x0a, 0x08, 0x73, 0x62, 0x5f, 0x66, + 0x6c, 0x61, 0x67, 0x73, 0x18, 0x11, 0x20, 0x01, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, + 0x01, 0x52, 0x07, 0x73, 0x62, 0x46, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x17, 0x0a, 0x07, 0x65, 0x78, + 0x74, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x12, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x65, 0x78, 0x74, + 0x4b, 0x65, 0x79, 0x2a, 0x90, 0x02, 0x0a, 0x06, 0x66, 0x73, 0x74, 0x79, 0x70, 0x65, 0x12, 0x0f, + 0x0a, 0x0b, 0x55, 0x4e, 0x53, 0x55, 0x50, 0x50, 0x4f, 0x52, 0x54, 0x45, 0x44, 0x10, 0x00, 0x12, + 0x08, 0x0a, 0x04, 0x50, 0x52, 0x4f, 0x43, 0x10, 0x01, 0x12, 0x09, 0x0a, 0x05, 0x53, 0x59, 0x53, + 0x46, 0x53, 0x10, 0x02, 0x12, 0x0c, 0x0a, 0x08, 0x44, 0x45, 0x56, 0x54, 0x4d, 0x50, 0x46, 0x53, + 0x10, 0x03, 0x12, 0x0f, 0x0a, 0x0b, 0x42, 0x49, 0x4e, 0x46, 0x4d, 0x54, 0x5f, 0x4d, 0x49, 0x53, + 0x43, 0x10, 0x04, 0x12, 0x09, 0x0a, 0x05, 0x54, 0x4d, 0x50, 0x46, 0x53, 0x10, 0x05, 0x12, 0x0a, + 0x0a, 0x06, 0x44, 0x45, 0x56, 0x50, 0x54, 0x53, 0x10, 0x06, 0x12, 0x09, 0x0a, 0x05, 0x53, 0x49, + 0x4d, 0x46, 0x53, 0x10, 0x07, 0x12, 0x0a, 0x0a, 0x06, 0x50, 0x53, 0x54, 0x4f, 0x52, 0x45, 0x10, + 0x08, 0x12, 0x0e, 0x0a, 0x0a, 0x53, 0x45, 0x43, 0x55, 0x52, 0x49, 0x54, 0x59, 0x46, 0x53, 0x10, + 0x09, 0x12, 0x0b, 0x0a, 0x07, 0x46, 0x55, 0x53, 0x45, 0x43, 0x54, 0x4c, 0x10, 0x0a, 0x12, 0x0b, + 0x0a, 0x07, 0x44, 0x45, 0x42, 0x55, 0x47, 0x46, 0x53, 0x10, 0x0b, 0x12, 0x0a, 0x0a, 0x06, 0x43, + 0x47, 0x52, 0x4f, 0x55, 0x50, 0x10, 0x0c, 0x12, 0x08, 0x0a, 0x04, 0x41, 0x55, 0x46, 0x53, 0x10, + 0x0d, 0x12, 0x0a, 0x0a, 0x06, 0x4d, 0x51, 0x55, 0x45, 0x55, 0x45, 0x10, 0x0e, 0x12, 0x08, 0x0a, + 0x04, 0x46, 0x55, 0x53, 0x45, 0x10, 0x0f, 0x12, 0x08, 0x0a, 0x04, 0x41, 0x55, 0x54, 0x4f, 0x10, + 0x10, 0x12, 0x0d, 0x0a, 0x09, 0x4f, 0x56, 0x45, 0x52, 0x4c, 0x41, 0x59, 0x46, 0x53, 0x10, 0x11, + 0x12, 0x0a, 0x0a, 0x06, 0x41, 0x55, 0x54, 0x4f, 0x46, 0x53, 0x10, 0x12, 0x12, 0x0b, 0x0a, 0x07, + 0x54, 0x52, 0x41, 0x43, 0x45, 0x46, 0x53, 0x10, 0x13, 0x12, 0x0b, 0x0a, 0x07, 0x43, 0x47, 0x52, + 0x4f, 0x55, 0x50, 0x32, 0x10, 0x17, +} + +var ( + file_mnt_proto_rawDescOnce sync.Once + file_mnt_proto_rawDescData = file_mnt_proto_rawDesc +) + +func file_mnt_proto_rawDescGZIP() []byte { + file_mnt_proto_rawDescOnce.Do(func() { + file_mnt_proto_rawDescData = protoimpl.X.CompressGZIP(file_mnt_proto_rawDescData) + }) + return file_mnt_proto_rawDescData +} + +var file_mnt_proto_enumTypes = make([]protoimpl.EnumInfo, 1) +var file_mnt_proto_msgTypes = make([]protoimpl.MessageInfo, 1) +var file_mnt_proto_goTypes = []interface{}{ + (Fstype)(0), // 0: criu.fstype + (*MntEntry)(nil), // 1: criu.mnt_entry +} +var file_mnt_proto_depIdxs = []int32{ + 0, // [0:0] is the sub-list for method output_type + 0, // [0:0] is the sub-list for method input_type + 0, // [0:0] is the sub-list for extension type_name + 0, // [0:0] is the sub-list for extension extendee + 0, // [0:0] is the sub-list for field type_name +} + +func init() { file_mnt_proto_init() } +func file_mnt_proto_init() { + if File_mnt_proto != nil { + return + } + file_opts_proto_init() + if !protoimpl.UnsafeEnabled { + file_mnt_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*MntEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_mnt_proto_rawDesc, + NumEnums: 1, + NumMessages: 1, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_mnt_proto_goTypes, + DependencyIndexes: file_mnt_proto_depIdxs, + EnumInfos: file_mnt_proto_enumTypes, + MessageInfos: file_mnt_proto_msgTypes, + }.Build() + File_mnt_proto = out.File + file_mnt_proto_rawDesc = nil + file_mnt_proto_goTypes = nil + file_mnt_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/mnt.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/mnt.proto new file mode 100644 index 00000000000..14901b7eaff --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/mnt.proto @@ -0,0 +1,63 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +import "opts.proto"; + +enum fstype { + UNSUPPORTED = 0; + PROC = 1; + SYSFS = 2; + DEVTMPFS = 3; + BINFMT_MISC = 4; + TMPFS = 5; + DEVPTS = 6; + SIMFS = 7; + PSTORE = 8; + SECURITYFS = 9; + FUSECTL = 10; + DEBUGFS = 11; + CGROUP = 12; + AUFS = 13; + MQUEUE = 14; + FUSE = 15; + AUTO = 16; + OVERLAYFS = 17; + AUTOFS = 18; + TRACEFS = 19; + + /* These three are reserved for NFS support */ + // RPC_PIPEFS = 20; + // NFS = 21; + // NFS4 = 22; + + CGROUP2 = 23; +}; + +message mnt_entry { + required uint32 fstype = 1; + required uint32 mnt_id = 2; + required uint32 root_dev = 3 [(criu).dev = true]; + required uint32 parent_mnt_id = 4; + required uint32 flags = 5 [(criu).hex = true]; + + required string root = 6; + required string mountpoint = 7; + required string source = 8; + required string options = 9; + + optional uint32 shared_id = 10; + optional uint32 master_id = 11; + + optional bool with_plugin = 12; + optional bool ext_mount = 13; + + optional string fsname = 14; + optional bool internal_sharing = 15; + + optional bool deleted = 16; + optional uint32 sb_flags = 17 [(criu).hex = true]; + /* user defined mapping for external mount */ + optional string ext_key = 18; +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/netdev.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/netdev.pb.go new file mode 100644 index 00000000000..e00eb87739f --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/netdev.pb.go @@ -0,0 +1,620 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: netdev.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type NdType int32 + +const ( + NdType_LOOPBACK NdType = 1 + NdType_VETH NdType = 2 + NdType_TUN NdType = 3 + // External link -- for those CRIU only dumps and restores + // link parameters such as flags, address, MTU, etc. The + // existence of the link on restore should be provided + // by the setup-namespaces script. + NdType_EXTLINK NdType = 4 + NdType_VENET NdType = 5 // OpenVZ device + NdType_BRIDGE NdType = 6 + NdType_MACVLAN NdType = 7 + NdType_SIT NdType = 8 +) + +// Enum value maps for NdType. +var ( + NdType_name = map[int32]string{ + 1: "LOOPBACK", + 2: "VETH", + 3: "TUN", + 4: "EXTLINK", + 5: "VENET", + 6: "BRIDGE", + 7: "MACVLAN", + 8: "SIT", + } + NdType_value = map[string]int32{ + "LOOPBACK": 1, + "VETH": 2, + "TUN": 3, + "EXTLINK": 4, + "VENET": 5, + "BRIDGE": 6, + "MACVLAN": 7, + "SIT": 8, + } +) + +func (x NdType) Enum() *NdType { + p := new(NdType) + *p = x + return p +} + +func (x NdType) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (NdType) Descriptor() protoreflect.EnumDescriptor { + return file_netdev_proto_enumTypes[0].Descriptor() +} + +func (NdType) Type() protoreflect.EnumType { + return &file_netdev_proto_enumTypes[0] +} + +func (x NdType) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Do not use. +func (x *NdType) UnmarshalJSON(b []byte) error { + num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b) + if err != nil { + return err + } + *x = NdType(num) + return nil +} + +// Deprecated: Use NdType.Descriptor instead. +func (NdType) EnumDescriptor() ([]byte, []int) { + return file_netdev_proto_rawDescGZIP(), []int{0} +} + +type NetDeviceEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Type *NdType `protobuf:"varint,1,req,name=type,enum=criu.NdType" json:"type,omitempty"` + Ifindex *uint32 `protobuf:"varint,2,req,name=ifindex" json:"ifindex,omitempty"` + Mtu *uint32 `protobuf:"varint,3,req,name=mtu" json:"mtu,omitempty"` + Flags *uint32 `protobuf:"varint,4,req,name=flags" json:"flags,omitempty"` + Name *string `protobuf:"bytes,5,req,name=name" json:"name,omitempty"` + Tun *TunLinkEntry `protobuf:"bytes,6,opt,name=tun" json:"tun,omitempty"` + Address []byte `protobuf:"bytes,7,opt,name=address" json:"address,omitempty"` + Conf []int32 `protobuf:"varint,8,rep,name=conf" json:"conf,omitempty"` + Conf4 []*SysctlEntry `protobuf:"bytes,9,rep,name=conf4" json:"conf4,omitempty"` + Conf6 []*SysctlEntry `protobuf:"bytes,10,rep,name=conf6" json:"conf6,omitempty"` + Macvlan *MacvlanLinkEntry `protobuf:"bytes,11,opt,name=macvlan" json:"macvlan,omitempty"` + PeerIfindex *uint32 `protobuf:"varint,12,opt,name=peer_ifindex,json=peerIfindex" json:"peer_ifindex,omitempty"` + PeerNsid *uint32 `protobuf:"varint,13,opt,name=peer_nsid,json=peerNsid" json:"peer_nsid,omitempty"` + Master *uint32 `protobuf:"varint,14,opt,name=master" json:"master,omitempty"` + Sit *SitEntry `protobuf:"bytes,15,opt,name=sit" json:"sit,omitempty"` +} + +func (x *NetDeviceEntry) Reset() { + *x = NetDeviceEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_netdev_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *NetDeviceEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*NetDeviceEntry) ProtoMessage() {} + +func (x *NetDeviceEntry) ProtoReflect() protoreflect.Message { + mi := &file_netdev_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use NetDeviceEntry.ProtoReflect.Descriptor instead. +func (*NetDeviceEntry) Descriptor() ([]byte, []int) { + return file_netdev_proto_rawDescGZIP(), []int{0} +} + +func (x *NetDeviceEntry) GetType() NdType { + if x != nil && x.Type != nil { + return *x.Type + } + return NdType_LOOPBACK +} + +func (x *NetDeviceEntry) GetIfindex() uint32 { + if x != nil && x.Ifindex != nil { + return *x.Ifindex + } + return 0 +} + +func (x *NetDeviceEntry) GetMtu() uint32 { + if x != nil && x.Mtu != nil { + return *x.Mtu + } + return 0 +} + +func (x *NetDeviceEntry) GetFlags() uint32 { + if x != nil && x.Flags != nil { + return *x.Flags + } + return 0 +} + +func (x *NetDeviceEntry) GetName() string { + if x != nil && x.Name != nil { + return *x.Name + } + return "" +} + +func (x *NetDeviceEntry) GetTun() *TunLinkEntry { + if x != nil { + return x.Tun + } + return nil +} + +func (x *NetDeviceEntry) GetAddress() []byte { + if x != nil { + return x.Address + } + return nil +} + +func (x *NetDeviceEntry) GetConf() []int32 { + if x != nil { + return x.Conf + } + return nil +} + +func (x *NetDeviceEntry) GetConf4() []*SysctlEntry { + if x != nil { + return x.Conf4 + } + return nil +} + +func (x *NetDeviceEntry) GetConf6() []*SysctlEntry { + if x != nil { + return x.Conf6 + } + return nil +} + +func (x *NetDeviceEntry) GetMacvlan() *MacvlanLinkEntry { + if x != nil { + return x.Macvlan + } + return nil +} + +func (x *NetDeviceEntry) GetPeerIfindex() uint32 { + if x != nil && x.PeerIfindex != nil { + return *x.PeerIfindex + } + return 0 +} + +func (x *NetDeviceEntry) GetPeerNsid() uint32 { + if x != nil && x.PeerNsid != nil { + return *x.PeerNsid + } + return 0 +} + +func (x *NetDeviceEntry) GetMaster() uint32 { + if x != nil && x.Master != nil { + return *x.Master + } + return 0 +} + +func (x *NetDeviceEntry) GetSit() *SitEntry { + if x != nil { + return x.Sit + } + return nil +} + +type NetnsId struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // This is CRIU's id which is allocated for each namespace + TargetNsId *uint32 `protobuf:"varint,1,req,name=target_ns_id,json=targetNsId" json:"target_ns_id,omitempty"` + // This is an id which can be used to address this namespace + // from another network namespace. Each network namespace has + // one set of id-s for other namespaces. + NetnsidValue *int32 `protobuf:"varint,2,req,name=netnsid_value,json=netnsidValue" json:"netnsid_value,omitempty"` +} + +func (x *NetnsId) Reset() { + *x = NetnsId{} + if protoimpl.UnsafeEnabled { + mi := &file_netdev_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *NetnsId) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*NetnsId) ProtoMessage() {} + +func (x *NetnsId) ProtoReflect() protoreflect.Message { + mi := &file_netdev_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use NetnsId.ProtoReflect.Descriptor instead. +func (*NetnsId) Descriptor() ([]byte, []int) { + return file_netdev_proto_rawDescGZIP(), []int{1} +} + +func (x *NetnsId) GetTargetNsId() uint32 { + if x != nil && x.TargetNsId != nil { + return *x.TargetNsId + } + return 0 +} + +func (x *NetnsId) GetNetnsidValue() int32 { + if x != nil && x.NetnsidValue != nil { + return *x.NetnsidValue + } + return 0 +} + +type NetnsEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + DefConf []int32 `protobuf:"varint,1,rep,name=def_conf,json=defConf" json:"def_conf,omitempty"` + AllConf []int32 `protobuf:"varint,2,rep,name=all_conf,json=allConf" json:"all_conf,omitempty"` + DefConf4 []*SysctlEntry `protobuf:"bytes,3,rep,name=def_conf4,json=defConf4" json:"def_conf4,omitempty"` + AllConf4 []*SysctlEntry `protobuf:"bytes,4,rep,name=all_conf4,json=allConf4" json:"all_conf4,omitempty"` + DefConf6 []*SysctlEntry `protobuf:"bytes,5,rep,name=def_conf6,json=defConf6" json:"def_conf6,omitempty"` + AllConf6 []*SysctlEntry `protobuf:"bytes,6,rep,name=all_conf6,json=allConf6" json:"all_conf6,omitempty"` + Nsids []*NetnsId `protobuf:"bytes,7,rep,name=nsids" json:"nsids,omitempty"` + ExtKey *string `protobuf:"bytes,8,opt,name=ext_key,json=extKey" json:"ext_key,omitempty"` + UnixConf []*SysctlEntry `protobuf:"bytes,9,rep,name=unix_conf,json=unixConf" json:"unix_conf,omitempty"` +} + +func (x *NetnsEntry) Reset() { + *x = NetnsEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_netdev_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *NetnsEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*NetnsEntry) ProtoMessage() {} + +func (x *NetnsEntry) ProtoReflect() protoreflect.Message { + mi := &file_netdev_proto_msgTypes[2] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use NetnsEntry.ProtoReflect.Descriptor instead. +func (*NetnsEntry) Descriptor() ([]byte, []int) { + return file_netdev_proto_rawDescGZIP(), []int{2} +} + +func (x *NetnsEntry) GetDefConf() []int32 { + if x != nil { + return x.DefConf + } + return nil +} + +func (x *NetnsEntry) GetAllConf() []int32 { + if x != nil { + return x.AllConf + } + return nil +} + +func (x *NetnsEntry) GetDefConf4() []*SysctlEntry { + if x != nil { + return x.DefConf4 + } + return nil +} + +func (x *NetnsEntry) GetAllConf4() []*SysctlEntry { + if x != nil { + return x.AllConf4 + } + return nil +} + +func (x *NetnsEntry) GetDefConf6() []*SysctlEntry { + if x != nil { + return x.DefConf6 + } + return nil +} + +func (x *NetnsEntry) GetAllConf6() []*SysctlEntry { + if x != nil { + return x.AllConf6 + } + return nil +} + +func (x *NetnsEntry) GetNsids() []*NetnsId { + if x != nil { + return x.Nsids + } + return nil +} + +func (x *NetnsEntry) GetExtKey() string { + if x != nil && x.ExtKey != nil { + return *x.ExtKey + } + return "" +} + +func (x *NetnsEntry) GetUnixConf() []*SysctlEntry { + if x != nil { + return x.UnixConf + } + return nil +} + +var File_netdev_proto protoreflect.FileDescriptor + +var file_netdev_proto_rawDesc = []byte{ + 0x0a, 0x0c, 0x6e, 0x65, 0x74, 0x64, 0x65, 0x76, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, + 0x63, 0x72, 0x69, 0x75, 0x1a, 0x0d, 0x6d, 0x61, 0x63, 0x76, 0x6c, 0x61, 0x6e, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, + 0x09, 0x74, 0x75, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0c, 0x73, 0x79, 0x73, 0x63, + 0x74, 0x6c, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x09, 0x73, 0x69, 0x74, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x22, 0xeb, 0x03, 0x0a, 0x10, 0x6e, 0x65, 0x74, 0x5f, 0x64, 0x65, 0x76, 0x69, + 0x63, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x21, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, + 0x18, 0x01, 0x20, 0x02, 0x28, 0x0e, 0x32, 0x0d, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x6e, 0x64, + 0x5f, 0x74, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x69, + 0x66, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x69, 0x66, + 0x69, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x10, 0x0a, 0x03, 0x6d, 0x74, 0x75, 0x18, 0x03, 0x20, 0x02, + 0x28, 0x0d, 0x52, 0x03, 0x6d, 0x74, 0x75, 0x12, 0x1b, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, + 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x05, 0x66, + 0x6c, 0x61, 0x67, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x05, 0x20, 0x02, + 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x26, 0x0a, 0x03, 0x74, 0x75, 0x6e, 0x18, + 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x74, 0x75, 0x6e, + 0x5f, 0x6c, 0x69, 0x6e, 0x6b, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x74, 0x75, 0x6e, + 0x12, 0x18, 0x0a, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, + 0x0c, 0x52, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x63, 0x6f, + 0x6e, 0x66, 0x18, 0x08, 0x20, 0x03, 0x28, 0x05, 0x52, 0x04, 0x63, 0x6f, 0x6e, 0x66, 0x12, 0x28, + 0x0a, 0x05, 0x63, 0x6f, 0x6e, 0x66, 0x34, 0x18, 0x09, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x12, 0x2e, + 0x63, 0x72, 0x69, 0x75, 0x2e, 0x73, 0x79, 0x73, 0x63, 0x74, 0x6c, 0x5f, 0x65, 0x6e, 0x74, 0x72, + 0x79, 0x52, 0x05, 0x63, 0x6f, 0x6e, 0x66, 0x34, 0x12, 0x28, 0x0a, 0x05, 0x63, 0x6f, 0x6e, 0x66, + 0x36, 0x18, 0x0a, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x73, + 0x79, 0x73, 0x63, 0x74, 0x6c, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x05, 0x63, 0x6f, 0x6e, + 0x66, 0x36, 0x12, 0x32, 0x0a, 0x07, 0x6d, 0x61, 0x63, 0x76, 0x6c, 0x61, 0x6e, 0x18, 0x0b, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x6d, 0x61, 0x63, 0x76, 0x6c, + 0x61, 0x6e, 0x5f, 0x6c, 0x69, 0x6e, 0x6b, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x6d, + 0x61, 0x63, 0x76, 0x6c, 0x61, 0x6e, 0x12, 0x21, 0x0a, 0x0c, 0x70, 0x65, 0x65, 0x72, 0x5f, 0x69, + 0x66, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0b, 0x70, 0x65, + 0x65, 0x72, 0x49, 0x66, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x1b, 0x0a, 0x09, 0x70, 0x65, 0x65, + 0x72, 0x5f, 0x6e, 0x73, 0x69, 0x64, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x08, 0x70, 0x65, + 0x65, 0x72, 0x4e, 0x73, 0x69, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x6d, 0x61, 0x73, 0x74, 0x65, 0x72, + 0x18, 0x0e, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x06, 0x6d, 0x61, 0x73, 0x74, 0x65, 0x72, 0x12, 0x21, + 0x0a, 0x03, 0x73, 0x69, 0x74, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x63, 0x72, + 0x69, 0x75, 0x2e, 0x73, 0x69, 0x74, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x73, 0x69, + 0x74, 0x22, 0x51, 0x0a, 0x08, 0x6e, 0x65, 0x74, 0x6e, 0x73, 0x5f, 0x69, 0x64, 0x12, 0x20, 0x0a, + 0x0c, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x5f, 0x6e, 0x73, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, + 0x02, 0x28, 0x0d, 0x52, 0x0a, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x4e, 0x73, 0x49, 0x64, 0x12, + 0x23, 0x0a, 0x0d, 0x6e, 0x65, 0x74, 0x6e, 0x73, 0x69, 0x64, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, + 0x18, 0x02, 0x20, 0x02, 0x28, 0x05, 0x52, 0x0c, 0x6e, 0x65, 0x74, 0x6e, 0x73, 0x69, 0x64, 0x56, + 0x61, 0x6c, 0x75, 0x65, 0x22, 0xf7, 0x02, 0x0a, 0x0b, 0x6e, 0x65, 0x74, 0x6e, 0x73, 0x5f, 0x65, + 0x6e, 0x74, 0x72, 0x79, 0x12, 0x19, 0x0a, 0x08, 0x64, 0x65, 0x66, 0x5f, 0x63, 0x6f, 0x6e, 0x66, + 0x18, 0x01, 0x20, 0x03, 0x28, 0x05, 0x52, 0x07, 0x64, 0x65, 0x66, 0x43, 0x6f, 0x6e, 0x66, 0x12, + 0x19, 0x0a, 0x08, 0x61, 0x6c, 0x6c, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x18, 0x02, 0x20, 0x03, 0x28, + 0x05, 0x52, 0x07, 0x61, 0x6c, 0x6c, 0x43, 0x6f, 0x6e, 0x66, 0x12, 0x2f, 0x0a, 0x09, 0x64, 0x65, + 0x66, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x34, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x12, 0x2e, + 0x63, 0x72, 0x69, 0x75, 0x2e, 0x73, 0x79, 0x73, 0x63, 0x74, 0x6c, 0x5f, 0x65, 0x6e, 0x74, 0x72, + 0x79, 0x52, 0x08, 0x64, 0x65, 0x66, 0x43, 0x6f, 0x6e, 0x66, 0x34, 0x12, 0x2f, 0x0a, 0x09, 0x61, + 0x6c, 0x6c, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x34, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x12, + 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x73, 0x79, 0x73, 0x63, 0x74, 0x6c, 0x5f, 0x65, 0x6e, 0x74, + 0x72, 0x79, 0x52, 0x08, 0x61, 0x6c, 0x6c, 0x43, 0x6f, 0x6e, 0x66, 0x34, 0x12, 0x2f, 0x0a, 0x09, + 0x64, 0x65, 0x66, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x36, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, + 0x12, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x73, 0x79, 0x73, 0x63, 0x74, 0x6c, 0x5f, 0x65, 0x6e, + 0x74, 0x72, 0x79, 0x52, 0x08, 0x64, 0x65, 0x66, 0x43, 0x6f, 0x6e, 0x66, 0x36, 0x12, 0x2f, 0x0a, + 0x09, 0x61, 0x6c, 0x6c, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x36, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, + 0x32, 0x12, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x73, 0x79, 0x73, 0x63, 0x74, 0x6c, 0x5f, 0x65, + 0x6e, 0x74, 0x72, 0x79, 0x52, 0x08, 0x61, 0x6c, 0x6c, 0x43, 0x6f, 0x6e, 0x66, 0x36, 0x12, 0x24, + 0x0a, 0x05, 0x6e, 0x73, 0x69, 0x64, 0x73, 0x18, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0e, 0x2e, + 0x63, 0x72, 0x69, 0x75, 0x2e, 0x6e, 0x65, 0x74, 0x6e, 0x73, 0x5f, 0x69, 0x64, 0x52, 0x05, 0x6e, + 0x73, 0x69, 0x64, 0x73, 0x12, 0x17, 0x0a, 0x07, 0x65, 0x78, 0x74, 0x5f, 0x6b, 0x65, 0x79, 0x18, + 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x65, 0x78, 0x74, 0x4b, 0x65, 0x79, 0x12, 0x2f, 0x0a, + 0x09, 0x75, 0x6e, 0x69, 0x78, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x18, 0x09, 0x20, 0x03, 0x28, 0x0b, + 0x32, 0x12, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x73, 0x79, 0x73, 0x63, 0x74, 0x6c, 0x5f, 0x65, + 0x6e, 0x74, 0x72, 0x79, 0x52, 0x08, 0x75, 0x6e, 0x69, 0x78, 0x43, 0x6f, 0x6e, 0x66, 0x2a, 0x64, + 0x0a, 0x07, 0x6e, 0x64, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x12, 0x0c, 0x0a, 0x08, 0x4c, 0x4f, 0x4f, + 0x50, 0x42, 0x41, 0x43, 0x4b, 0x10, 0x01, 0x12, 0x08, 0x0a, 0x04, 0x56, 0x45, 0x54, 0x48, 0x10, + 0x02, 0x12, 0x07, 0x0a, 0x03, 0x54, 0x55, 0x4e, 0x10, 0x03, 0x12, 0x0b, 0x0a, 0x07, 0x45, 0x58, + 0x54, 0x4c, 0x49, 0x4e, 0x4b, 0x10, 0x04, 0x12, 0x09, 0x0a, 0x05, 0x56, 0x45, 0x4e, 0x45, 0x54, + 0x10, 0x05, 0x12, 0x0a, 0x0a, 0x06, 0x42, 0x52, 0x49, 0x44, 0x47, 0x45, 0x10, 0x06, 0x12, 0x0b, + 0x0a, 0x07, 0x4d, 0x41, 0x43, 0x56, 0x4c, 0x41, 0x4e, 0x10, 0x07, 0x12, 0x07, 0x0a, 0x03, 0x53, + 0x49, 0x54, 0x10, 0x08, +} + +var ( + file_netdev_proto_rawDescOnce sync.Once + file_netdev_proto_rawDescData = file_netdev_proto_rawDesc +) + +func file_netdev_proto_rawDescGZIP() []byte { + file_netdev_proto_rawDescOnce.Do(func() { + file_netdev_proto_rawDescData = protoimpl.X.CompressGZIP(file_netdev_proto_rawDescData) + }) + return file_netdev_proto_rawDescData +} + +var file_netdev_proto_enumTypes = make([]protoimpl.EnumInfo, 1) +var file_netdev_proto_msgTypes = make([]protoimpl.MessageInfo, 3) +var file_netdev_proto_goTypes = []interface{}{ + (NdType)(0), // 0: criu.nd_type + (*NetDeviceEntry)(nil), // 1: criu.net_device_entry + (*NetnsId)(nil), // 2: criu.netns_id + (*NetnsEntry)(nil), // 3: criu.netns_entry + (*TunLinkEntry)(nil), // 4: criu.tun_link_entry + (*SysctlEntry)(nil), // 5: criu.sysctl_entry + (*MacvlanLinkEntry)(nil), // 6: criu.macvlan_link_entry + (*SitEntry)(nil), // 7: criu.sit_entry +} +var file_netdev_proto_depIdxs = []int32{ + 0, // 0: criu.net_device_entry.type:type_name -> criu.nd_type + 4, // 1: criu.net_device_entry.tun:type_name -> criu.tun_link_entry + 5, // 2: criu.net_device_entry.conf4:type_name -> criu.sysctl_entry + 5, // 3: criu.net_device_entry.conf6:type_name -> criu.sysctl_entry + 6, // 4: criu.net_device_entry.macvlan:type_name -> criu.macvlan_link_entry + 7, // 5: criu.net_device_entry.sit:type_name -> criu.sit_entry + 5, // 6: criu.netns_entry.def_conf4:type_name -> criu.sysctl_entry + 5, // 7: criu.netns_entry.all_conf4:type_name -> criu.sysctl_entry + 5, // 8: criu.netns_entry.def_conf6:type_name -> criu.sysctl_entry + 5, // 9: criu.netns_entry.all_conf6:type_name -> criu.sysctl_entry + 2, // 10: criu.netns_entry.nsids:type_name -> criu.netns_id + 5, // 11: criu.netns_entry.unix_conf:type_name -> criu.sysctl_entry + 12, // [12:12] is the sub-list for method output_type + 12, // [12:12] is the sub-list for method input_type + 12, // [12:12] is the sub-list for extension type_name + 12, // [12:12] is the sub-list for extension extendee + 0, // [0:12] is the sub-list for field type_name +} + +func init() { file_netdev_proto_init() } +func file_netdev_proto_init() { + if File_netdev_proto != nil { + return + } + file_macvlan_proto_init() + file_opts_proto_init() + file_tun_proto_init() + file_sysctl_proto_init() + file_sit_proto_init() + if !protoimpl.UnsafeEnabled { + file_netdev_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*NetDeviceEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_netdev_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*NetnsId); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_netdev_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*NetnsEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_netdev_proto_rawDesc, + NumEnums: 1, + NumMessages: 3, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_netdev_proto_goTypes, + DependencyIndexes: file_netdev_proto_depIdxs, + EnumInfos: file_netdev_proto_enumTypes, + MessageInfos: file_netdev_proto_msgTypes, + }.Build() + File_netdev_proto = out.File + file_netdev_proto_rawDesc = nil + file_netdev_proto_goTypes = nil + file_netdev_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/netdev.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/netdev.proto new file mode 100644 index 00000000000..198a937c2cb --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/netdev.proto @@ -0,0 +1,78 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +import "macvlan.proto"; +import "opts.proto"; +import "tun.proto"; +import "sysctl.proto"; +import "sit.proto"; + +enum nd_type { + LOOPBACK = 1; + VETH = 2; + TUN = 3; + /* + * External link -- for those CRIU only dumps and restores + * link parameters such as flags, address, MTU, etc. The + * existence of the link on restore should be provided + * by the setup-namespaces script. + */ + EXTLINK = 4; + VENET = 5; /* OpenVZ device */ + BRIDGE = 6; + MACVLAN = 7; + SIT = 8; +} + +message net_device_entry { + required nd_type type = 1; + required uint32 ifindex = 2; + required uint32 mtu = 3; + required uint32 flags = 4 [(criu).hex = true]; + required string name = 5; + + optional tun_link_entry tun = 6; + + optional bytes address = 7; + + repeated int32 conf = 8; + + repeated sysctl_entry conf4 = 9; + + repeated sysctl_entry conf6 = 10; + + optional macvlan_link_entry macvlan = 11; + + optional uint32 peer_ifindex = 12; + optional uint32 peer_nsid = 13; + optional uint32 master = 14; + optional sit_entry sit = 15; +} + +message netns_id { + /* This is CRIU's id which is allocated for each namespace */ + required uint32 target_ns_id = 1; + /* + * This is an id which can be used to address this namespace + * from another network namespace. Each network namespace has + * one set of id-s for other namespaces. + */ + required int32 netnsid_value = 2; +} + +message netns_entry { + repeated int32 def_conf = 1; + repeated int32 all_conf = 2; + + repeated sysctl_entry def_conf4 = 3; + repeated sysctl_entry all_conf4 = 4; + + repeated sysctl_entry def_conf6 = 5; + repeated sysctl_entry all_conf6 = 6; + + repeated netns_id nsids = 7; + optional string ext_key = 8; + repeated sysctl_entry unix_conf = 9; +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ns.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ns.pb.go new file mode 100644 index 00000000000..ede1d516f15 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ns.pb.go @@ -0,0 +1,170 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: ns.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type NsFileEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Id *uint32 `protobuf:"varint,1,req,name=id" json:"id,omitempty"` + NsId *uint32 `protobuf:"varint,2,req,name=ns_id,json=nsId" json:"ns_id,omitempty"` + NsCflag *uint32 `protobuf:"varint,3,req,name=ns_cflag,json=nsCflag" json:"ns_cflag,omitempty"` + Flags *uint32 `protobuf:"varint,4,req,name=flags" json:"flags,omitempty"` +} + +func (x *NsFileEntry) Reset() { + *x = NsFileEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_ns_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *NsFileEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*NsFileEntry) ProtoMessage() {} + +func (x *NsFileEntry) ProtoReflect() protoreflect.Message { + mi := &file_ns_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use NsFileEntry.ProtoReflect.Descriptor instead. +func (*NsFileEntry) Descriptor() ([]byte, []int) { + return file_ns_proto_rawDescGZIP(), []int{0} +} + +func (x *NsFileEntry) GetId() uint32 { + if x != nil && x.Id != nil { + return *x.Id + } + return 0 +} + +func (x *NsFileEntry) GetNsId() uint32 { + if x != nil && x.NsId != nil { + return *x.NsId + } + return 0 +} + +func (x *NsFileEntry) GetNsCflag() uint32 { + if x != nil && x.NsCflag != nil { + return *x.NsCflag + } + return 0 +} + +func (x *NsFileEntry) GetFlags() uint32 { + if x != nil && x.Flags != nil { + return *x.Flags + } + return 0 +} + +var File_ns_proto protoreflect.FileDescriptor + +var file_ns_proto_rawDesc = []byte{ + 0x0a, 0x08, 0x6e, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x63, 0x72, 0x69, 0x75, + 0x22, 0x65, 0x0a, 0x0d, 0x6e, 0x73, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, + 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, + 0x64, 0x12, 0x13, 0x0a, 0x05, 0x6e, 0x73, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, + 0x52, 0x04, 0x6e, 0x73, 0x49, 0x64, 0x12, 0x19, 0x0a, 0x08, 0x6e, 0x73, 0x5f, 0x63, 0x66, 0x6c, + 0x61, 0x67, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x6e, 0x73, 0x43, 0x66, 0x6c, 0x61, + 0x67, 0x12, 0x14, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, + 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, +} + +var ( + file_ns_proto_rawDescOnce sync.Once + file_ns_proto_rawDescData = file_ns_proto_rawDesc +) + +func file_ns_proto_rawDescGZIP() []byte { + file_ns_proto_rawDescOnce.Do(func() { + file_ns_proto_rawDescData = protoimpl.X.CompressGZIP(file_ns_proto_rawDescData) + }) + return file_ns_proto_rawDescData +} + +var file_ns_proto_msgTypes = make([]protoimpl.MessageInfo, 1) +var file_ns_proto_goTypes = []interface{}{ + (*NsFileEntry)(nil), // 0: criu.ns_file_entry +} +var file_ns_proto_depIdxs = []int32{ + 0, // [0:0] is the sub-list for method output_type + 0, // [0:0] is the sub-list for method input_type + 0, // [0:0] is the sub-list for extension type_name + 0, // [0:0] is the sub-list for extension extendee + 0, // [0:0] is the sub-list for field type_name +} + +func init() { file_ns_proto_init() } +func file_ns_proto_init() { + if File_ns_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_ns_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*NsFileEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_ns_proto_rawDesc, + NumEnums: 0, + NumMessages: 1, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_ns_proto_goTypes, + DependencyIndexes: file_ns_proto_depIdxs, + MessageInfos: file_ns_proto_msgTypes, + }.Build() + File_ns_proto = out.File + file_ns_proto_rawDesc = nil + file_ns_proto_goTypes = nil + file_ns_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ns.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ns.proto new file mode 100644 index 00000000000..49e2bf31214 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ns.proto @@ -0,0 +1,11 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +message ns_file_entry { + required uint32 id = 1; + required uint32 ns_id = 2; + required uint32 ns_cflag = 3; + required uint32 flags = 4; +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/opts.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/opts.pb.go new file mode 100644 index 00000000000..a025f2016b1 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/opts.pb.go @@ -0,0 +1,228 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: opts.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + descriptorpb "google.golang.org/protobuf/types/descriptorpb" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type CRIU_Opts struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Hex *bool `protobuf:"varint,1,opt,name=hex" json:"hex,omitempty"` // Indicate that CRIT should treat this field as hex. + Ipadd *bool `protobuf:"varint,2,opt,name=ipadd" json:"ipadd,omitempty"` // The field is IPv4/v6 address + Flags *string `protobuf:"bytes,3,opt,name=flags" json:"flags,omitempty"` + Dev *bool `protobuf:"varint,4,opt,name=dev" json:"dev,omitempty"` // Device major:minor packed + Odev *bool `protobuf:"varint,5,opt,name=odev" json:"odev,omitempty"` // ... in old format + Dict *string `protobuf:"bytes,6,opt,name=dict" json:"dict,omitempty"` + Conv *string `protobuf:"bytes,7,opt,name=conv" json:"conv,omitempty"` +} + +func (x *CRIU_Opts) Reset() { + *x = CRIU_Opts{} + if protoimpl.UnsafeEnabled { + mi := &file_opts_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *CRIU_Opts) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*CRIU_Opts) ProtoMessage() {} + +func (x *CRIU_Opts) ProtoReflect() protoreflect.Message { + mi := &file_opts_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use CRIU_Opts.ProtoReflect.Descriptor instead. +func (*CRIU_Opts) Descriptor() ([]byte, []int) { + return file_opts_proto_rawDescGZIP(), []int{0} +} + +func (x *CRIU_Opts) GetHex() bool { + if x != nil && x.Hex != nil { + return *x.Hex + } + return false +} + +func (x *CRIU_Opts) GetIpadd() bool { + if x != nil && x.Ipadd != nil { + return *x.Ipadd + } + return false +} + +func (x *CRIU_Opts) GetFlags() string { + if x != nil && x.Flags != nil { + return *x.Flags + } + return "" +} + +func (x *CRIU_Opts) GetDev() bool { + if x != nil && x.Dev != nil { + return *x.Dev + } + return false +} + +func (x *CRIU_Opts) GetOdev() bool { + if x != nil && x.Odev != nil { + return *x.Odev + } + return false +} + +func (x *CRIU_Opts) GetDict() string { + if x != nil && x.Dict != nil { + return *x.Dict + } + return "" +} + +func (x *CRIU_Opts) GetConv() string { + if x != nil && x.Conv != nil { + return *x.Conv + } + return "" +} + +var file_opts_proto_extTypes = []protoimpl.ExtensionInfo{ + { + ExtendedType: (*descriptorpb.FieldOptions)(nil), + ExtensionType: (*CRIU_Opts)(nil), + Field: 1018, + Name: "criu.criu", + Tag: "bytes,1018,opt,name=criu", + Filename: "opts.proto", + }, +} + +// Extension fields to descriptorpb.FieldOptions. +var ( + // Registered unique number to use for all kinds of custom options. + // + // optional criu.CRIU_Opts criu = 1018; + E_Criu = &file_opts_proto_extTypes[0] +) + +var File_opts_proto protoreflect.FileDescriptor + +var file_opts_proto_rawDesc = []byte{ + 0x0a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x63, 0x72, + 0x69, 0x75, 0x1a, 0x20, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x62, 0x75, 0x66, 0x2f, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x2e, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x97, 0x01, 0x0a, 0x09, 0x43, 0x52, 0x49, 0x55, 0x5f, 0x4f, 0x70, + 0x74, 0x73, 0x12, 0x10, 0x0a, 0x03, 0x68, 0x65, 0x78, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, + 0x03, 0x68, 0x65, 0x78, 0x12, 0x14, 0x0a, 0x05, 0x69, 0x70, 0x61, 0x64, 0x64, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x08, 0x52, 0x05, 0x69, 0x70, 0x61, 0x64, 0x64, 0x12, 0x14, 0x0a, 0x05, 0x66, 0x6c, + 0x61, 0x67, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, + 0x12, 0x10, 0x0a, 0x03, 0x64, 0x65, 0x76, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x03, 0x64, + 0x65, 0x76, 0x12, 0x12, 0x0a, 0x04, 0x6f, 0x64, 0x65, 0x76, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, + 0x52, 0x04, 0x6f, 0x64, 0x65, 0x76, 0x12, 0x12, 0x0a, 0x04, 0x64, 0x69, 0x63, 0x74, 0x18, 0x06, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x64, 0x69, 0x63, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x63, 0x6f, + 0x6e, 0x76, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x63, 0x6f, 0x6e, 0x76, 0x3a, 0x43, + 0x0a, 0x04, 0x63, 0x72, 0x69, 0x75, 0x12, 0x1d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4f, 0x70, + 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0xfa, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x63, + 0x72, 0x69, 0x75, 0x2e, 0x43, 0x52, 0x49, 0x55, 0x5f, 0x4f, 0x70, 0x74, 0x73, 0x52, 0x04, 0x63, + 0x72, 0x69, 0x75, +} + +var ( + file_opts_proto_rawDescOnce sync.Once + file_opts_proto_rawDescData = file_opts_proto_rawDesc +) + +func file_opts_proto_rawDescGZIP() []byte { + file_opts_proto_rawDescOnce.Do(func() { + file_opts_proto_rawDescData = protoimpl.X.CompressGZIP(file_opts_proto_rawDescData) + }) + return file_opts_proto_rawDescData +} + +var file_opts_proto_msgTypes = make([]protoimpl.MessageInfo, 1) +var file_opts_proto_goTypes = []interface{}{ + (*CRIU_Opts)(nil), // 0: criu.CRIU_Opts + (*descriptorpb.FieldOptions)(nil), // 1: google.protobuf.FieldOptions +} +var file_opts_proto_depIdxs = []int32{ + 1, // 0: criu.criu:extendee -> google.protobuf.FieldOptions + 0, // 1: criu.criu:type_name -> criu.CRIU_Opts + 2, // [2:2] is the sub-list for method output_type + 2, // [2:2] is the sub-list for method input_type + 1, // [1:2] is the sub-list for extension type_name + 0, // [0:1] is the sub-list for extension extendee + 0, // [0:0] is the sub-list for field type_name +} + +func init() { file_opts_proto_init() } +func file_opts_proto_init() { + if File_opts_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_opts_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*CRIU_Opts); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_opts_proto_rawDesc, + NumEnums: 0, + NumMessages: 1, + NumExtensions: 1, + NumServices: 0, + }, + GoTypes: file_opts_proto_goTypes, + DependencyIndexes: file_opts_proto_depIdxs, + MessageInfos: file_opts_proto_msgTypes, + ExtensionInfos: file_opts_proto_extTypes, + }.Build() + File_opts_proto = out.File + file_opts_proto_rawDesc = nil + file_opts_proto_goTypes = nil + file_opts_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/opts.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/opts.proto new file mode 100644 index 00000000000..16d9d6206a8 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/opts.proto @@ -0,0 +1,21 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +import "google/protobuf/descriptor.proto"; + +message CRIU_Opts { + optional bool hex = 1; // Indicate that CRIT should treat this field as hex. + optional bool ipadd = 2; // The field is IPv4/v6 address + optional string flags = 3; + optional bool dev = 4; // Device major:minor packed + optional bool odev = 5; // ... in old format + optional string dict = 6; + optional string conv = 7; +} + +extend google.protobuf.FieldOptions { + // Registered unique number to use for all kinds of custom options. + optional CRIU_Opts criu = 1018; +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/packet-sock.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/packet-sock.pb.go new file mode 100644 index 00000000000..7a7b93953e0 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/packet-sock.pb.go @@ -0,0 +1,552 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: packet-sock.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type PacketMclist struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Index *uint32 `protobuf:"varint,1,req,name=index" json:"index,omitempty"` + Type *uint32 `protobuf:"varint,2,req,name=type" json:"type,omitempty"` + Addr []byte `protobuf:"bytes,3,req,name=addr" json:"addr,omitempty"` +} + +func (x *PacketMclist) Reset() { + *x = PacketMclist{} + if protoimpl.UnsafeEnabled { + mi := &file_packet_sock_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *PacketMclist) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*PacketMclist) ProtoMessage() {} + +func (x *PacketMclist) ProtoReflect() protoreflect.Message { + mi := &file_packet_sock_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use PacketMclist.ProtoReflect.Descriptor instead. +func (*PacketMclist) Descriptor() ([]byte, []int) { + return file_packet_sock_proto_rawDescGZIP(), []int{0} +} + +func (x *PacketMclist) GetIndex() uint32 { + if x != nil && x.Index != nil { + return *x.Index + } + return 0 +} + +func (x *PacketMclist) GetType() uint32 { + if x != nil && x.Type != nil { + return *x.Type + } + return 0 +} + +func (x *PacketMclist) GetAddr() []byte { + if x != nil { + return x.Addr + } + return nil +} + +type PacketRing struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + BlockSize *uint32 `protobuf:"varint,1,req,name=block_size,json=blockSize" json:"block_size,omitempty"` + BlockNr *uint32 `protobuf:"varint,2,req,name=block_nr,json=blockNr" json:"block_nr,omitempty"` + FrameSize *uint32 `protobuf:"varint,3,req,name=frame_size,json=frameSize" json:"frame_size,omitempty"` + FrameNr *uint32 `protobuf:"varint,4,req,name=frame_nr,json=frameNr" json:"frame_nr,omitempty"` + RetireTmo *uint32 `protobuf:"varint,5,req,name=retire_tmo,json=retireTmo" json:"retire_tmo,omitempty"` + SizeofPriv *uint32 `protobuf:"varint,6,req,name=sizeof_priv,json=sizeofPriv" json:"sizeof_priv,omitempty"` + Features *uint32 `protobuf:"varint,7,req,name=features" json:"features,omitempty"` +} + +func (x *PacketRing) Reset() { + *x = PacketRing{} + if protoimpl.UnsafeEnabled { + mi := &file_packet_sock_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *PacketRing) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*PacketRing) ProtoMessage() {} + +func (x *PacketRing) ProtoReflect() protoreflect.Message { + mi := &file_packet_sock_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use PacketRing.ProtoReflect.Descriptor instead. +func (*PacketRing) Descriptor() ([]byte, []int) { + return file_packet_sock_proto_rawDescGZIP(), []int{1} +} + +func (x *PacketRing) GetBlockSize() uint32 { + if x != nil && x.BlockSize != nil { + return *x.BlockSize + } + return 0 +} + +func (x *PacketRing) GetBlockNr() uint32 { + if x != nil && x.BlockNr != nil { + return *x.BlockNr + } + return 0 +} + +func (x *PacketRing) GetFrameSize() uint32 { + if x != nil && x.FrameSize != nil { + return *x.FrameSize + } + return 0 +} + +func (x *PacketRing) GetFrameNr() uint32 { + if x != nil && x.FrameNr != nil { + return *x.FrameNr + } + return 0 +} + +func (x *PacketRing) GetRetireTmo() uint32 { + if x != nil && x.RetireTmo != nil { + return *x.RetireTmo + } + return 0 +} + +func (x *PacketRing) GetSizeofPriv() uint32 { + if x != nil && x.SizeofPriv != nil { + return *x.SizeofPriv + } + return 0 +} + +func (x *PacketRing) GetFeatures() uint32 { + if x != nil && x.Features != nil { + return *x.Features + } + return 0 +} + +type PacketSockEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Id *uint32 `protobuf:"varint,1,req,name=id" json:"id,omitempty"` + Type *uint32 `protobuf:"varint,2,req,name=type" json:"type,omitempty"` + Protocol *uint32 `protobuf:"varint,3,req,name=protocol" json:"protocol,omitempty"` + Flags *uint32 `protobuf:"varint,4,req,name=flags" json:"flags,omitempty"` + Ifindex *uint32 `protobuf:"varint,5,req,name=ifindex" json:"ifindex,omitempty"` + Fown *FownEntry `protobuf:"bytes,6,req,name=fown" json:"fown,omitempty"` + Opts *SkOptsEntry `protobuf:"bytes,7,req,name=opts" json:"opts,omitempty"` + Version *uint32 `protobuf:"varint,8,req,name=version" json:"version,omitempty"` + Reserve *uint32 `protobuf:"varint,9,req,name=reserve" json:"reserve,omitempty"` + AuxData *bool `protobuf:"varint,10,req,name=aux_data,json=auxData" json:"aux_data,omitempty"` + OrigDev *bool `protobuf:"varint,11,req,name=orig_dev,json=origDev" json:"orig_dev,omitempty"` + VnetHdr *bool `protobuf:"varint,12,req,name=vnet_hdr,json=vnetHdr" json:"vnet_hdr,omitempty"` + Loss *bool `protobuf:"varint,13,req,name=loss" json:"loss,omitempty"` + Timestamp *uint32 `protobuf:"varint,14,req,name=timestamp" json:"timestamp,omitempty"` + CopyThresh *uint32 `protobuf:"varint,15,req,name=copy_thresh,json=copyThresh" json:"copy_thresh,omitempty"` + Mclist []*PacketMclist `protobuf:"bytes,16,rep,name=mclist" json:"mclist,omitempty"` + Fanout *uint32 `protobuf:"varint,17,opt,name=fanout,def=4294967295" json:"fanout,omitempty"` + RxRing *PacketRing `protobuf:"bytes,18,opt,name=rx_ring,json=rxRing" json:"rx_ring,omitempty"` + TxRing *PacketRing `protobuf:"bytes,19,opt,name=tx_ring,json=txRing" json:"tx_ring,omitempty"` + NsId *uint32 `protobuf:"varint,20,opt,name=ns_id,json=nsId" json:"ns_id,omitempty"` +} + +// Default values for PacketSockEntry fields. +const ( + Default_PacketSockEntry_Fanout = uint32(4294967295) +) + +func (x *PacketSockEntry) Reset() { + *x = PacketSockEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_packet_sock_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *PacketSockEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*PacketSockEntry) ProtoMessage() {} + +func (x *PacketSockEntry) ProtoReflect() protoreflect.Message { + mi := &file_packet_sock_proto_msgTypes[2] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use PacketSockEntry.ProtoReflect.Descriptor instead. +func (*PacketSockEntry) Descriptor() ([]byte, []int) { + return file_packet_sock_proto_rawDescGZIP(), []int{2} +} + +func (x *PacketSockEntry) GetId() uint32 { + if x != nil && x.Id != nil { + return *x.Id + } + return 0 +} + +func (x *PacketSockEntry) GetType() uint32 { + if x != nil && x.Type != nil { + return *x.Type + } + return 0 +} + +func (x *PacketSockEntry) GetProtocol() uint32 { + if x != nil && x.Protocol != nil { + return *x.Protocol + } + return 0 +} + +func (x *PacketSockEntry) GetFlags() uint32 { + if x != nil && x.Flags != nil { + return *x.Flags + } + return 0 +} + +func (x *PacketSockEntry) GetIfindex() uint32 { + if x != nil && x.Ifindex != nil { + return *x.Ifindex + } + return 0 +} + +func (x *PacketSockEntry) GetFown() *FownEntry { + if x != nil { + return x.Fown + } + return nil +} + +func (x *PacketSockEntry) GetOpts() *SkOptsEntry { + if x != nil { + return x.Opts + } + return nil +} + +func (x *PacketSockEntry) GetVersion() uint32 { + if x != nil && x.Version != nil { + return *x.Version + } + return 0 +} + +func (x *PacketSockEntry) GetReserve() uint32 { + if x != nil && x.Reserve != nil { + return *x.Reserve + } + return 0 +} + +func (x *PacketSockEntry) GetAuxData() bool { + if x != nil && x.AuxData != nil { + return *x.AuxData + } + return false +} + +func (x *PacketSockEntry) GetOrigDev() bool { + if x != nil && x.OrigDev != nil { + return *x.OrigDev + } + return false +} + +func (x *PacketSockEntry) GetVnetHdr() bool { + if x != nil && x.VnetHdr != nil { + return *x.VnetHdr + } + return false +} + +func (x *PacketSockEntry) GetLoss() bool { + if x != nil && x.Loss != nil { + return *x.Loss + } + return false +} + +func (x *PacketSockEntry) GetTimestamp() uint32 { + if x != nil && x.Timestamp != nil { + return *x.Timestamp + } + return 0 +} + +func (x *PacketSockEntry) GetCopyThresh() uint32 { + if x != nil && x.CopyThresh != nil { + return *x.CopyThresh + } + return 0 +} + +func (x *PacketSockEntry) GetMclist() []*PacketMclist { + if x != nil { + return x.Mclist + } + return nil +} + +func (x *PacketSockEntry) GetFanout() uint32 { + if x != nil && x.Fanout != nil { + return *x.Fanout + } + return Default_PacketSockEntry_Fanout +} + +func (x *PacketSockEntry) GetRxRing() *PacketRing { + if x != nil { + return x.RxRing + } + return nil +} + +func (x *PacketSockEntry) GetTxRing() *PacketRing { + if x != nil { + return x.TxRing + } + return nil +} + +func (x *PacketSockEntry) GetNsId() uint32 { + if x != nil && x.NsId != nil { + return *x.NsId + } + return 0 +} + +var File_packet_sock_proto protoreflect.FileDescriptor + +var file_packet_sock_proto_rawDesc = []byte{ + 0x0a, 0x11, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x2d, 0x73, 0x6f, 0x63, 0x6b, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x63, 0x72, 0x69, 0x75, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x66, 0x6f, 0x77, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x1a, 0x0d, 0x73, 0x6b, 0x2d, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x22, 0x4d, 0x0a, 0x0d, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x5f, 0x6d, 0x63, 0x6c, 0x69, 0x73, + 0x74, 0x12, 0x14, 0x0a, 0x05, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, + 0x52, 0x05, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, + 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x61, + 0x64, 0x64, 0x72, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0c, 0x52, 0x04, 0x61, 0x64, 0x64, 0x72, 0x22, + 0xdd, 0x01, 0x0a, 0x0b, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x5f, 0x72, 0x69, 0x6e, 0x67, 0x12, + 0x1d, 0x0a, 0x0a, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x01, 0x20, + 0x02, 0x28, 0x0d, 0x52, 0x09, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x53, 0x69, 0x7a, 0x65, 0x12, 0x19, + 0x0a, 0x08, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x5f, 0x6e, 0x72, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, + 0x52, 0x07, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x4e, 0x72, 0x12, 0x1d, 0x0a, 0x0a, 0x66, 0x72, 0x61, + 0x6d, 0x65, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x09, 0x66, + 0x72, 0x61, 0x6d, 0x65, 0x53, 0x69, 0x7a, 0x65, 0x12, 0x19, 0x0a, 0x08, 0x66, 0x72, 0x61, 0x6d, + 0x65, 0x5f, 0x6e, 0x72, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x66, 0x72, 0x61, 0x6d, + 0x65, 0x4e, 0x72, 0x12, 0x1d, 0x0a, 0x0a, 0x72, 0x65, 0x74, 0x69, 0x72, 0x65, 0x5f, 0x74, 0x6d, + 0x6f, 0x18, 0x05, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x09, 0x72, 0x65, 0x74, 0x69, 0x72, 0x65, 0x54, + 0x6d, 0x6f, 0x12, 0x1f, 0x0a, 0x0b, 0x73, 0x69, 0x7a, 0x65, 0x6f, 0x66, 0x5f, 0x70, 0x72, 0x69, + 0x76, 0x18, 0x06, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x0a, 0x73, 0x69, 0x7a, 0x65, 0x6f, 0x66, 0x50, + 0x72, 0x69, 0x76, 0x12, 0x1a, 0x0a, 0x08, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x18, + 0x07, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x08, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x22, + 0xef, 0x04, 0x0a, 0x11, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x5f, 0x73, 0x6f, 0x63, 0x6b, 0x5f, + 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, + 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, + 0x02, 0x28, 0x0d, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x08, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x1b, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x04, + 0x20, 0x02, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x05, 0x66, 0x6c, 0x61, + 0x67, 0x73, 0x12, 0x18, 0x0a, 0x07, 0x69, 0x66, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x05, 0x20, + 0x02, 0x28, 0x0d, 0x52, 0x07, 0x69, 0x66, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x24, 0x0a, 0x04, + 0x66, 0x6f, 0x77, 0x6e, 0x18, 0x06, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x63, 0x72, 0x69, + 0x75, 0x2e, 0x66, 0x6f, 0x77, 0x6e, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x66, 0x6f, + 0x77, 0x6e, 0x12, 0x27, 0x0a, 0x04, 0x6f, 0x70, 0x74, 0x73, 0x18, 0x07, 0x20, 0x02, 0x28, 0x0b, + 0x32, 0x13, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x73, 0x6b, 0x5f, 0x6f, 0x70, 0x74, 0x73, 0x5f, + 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x6f, 0x70, 0x74, 0x73, 0x12, 0x18, 0x0a, 0x07, 0x76, + 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x08, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x76, 0x65, + 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x18, 0x0a, 0x07, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, + 0x18, 0x09, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x12, + 0x19, 0x0a, 0x08, 0x61, 0x75, 0x78, 0x5f, 0x64, 0x61, 0x74, 0x61, 0x18, 0x0a, 0x20, 0x02, 0x28, + 0x08, 0x52, 0x07, 0x61, 0x75, 0x78, 0x44, 0x61, 0x74, 0x61, 0x12, 0x19, 0x0a, 0x08, 0x6f, 0x72, + 0x69, 0x67, 0x5f, 0x64, 0x65, 0x76, 0x18, 0x0b, 0x20, 0x02, 0x28, 0x08, 0x52, 0x07, 0x6f, 0x72, + 0x69, 0x67, 0x44, 0x65, 0x76, 0x12, 0x19, 0x0a, 0x08, 0x76, 0x6e, 0x65, 0x74, 0x5f, 0x68, 0x64, + 0x72, 0x18, 0x0c, 0x20, 0x02, 0x28, 0x08, 0x52, 0x07, 0x76, 0x6e, 0x65, 0x74, 0x48, 0x64, 0x72, + 0x12, 0x12, 0x0a, 0x04, 0x6c, 0x6f, 0x73, 0x73, 0x18, 0x0d, 0x20, 0x02, 0x28, 0x08, 0x52, 0x04, + 0x6c, 0x6f, 0x73, 0x73, 0x12, 0x1c, 0x0a, 0x09, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, + 0x70, 0x18, 0x0e, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x09, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, + 0x6d, 0x70, 0x12, 0x1f, 0x0a, 0x0b, 0x63, 0x6f, 0x70, 0x79, 0x5f, 0x74, 0x68, 0x72, 0x65, 0x73, + 0x68, 0x18, 0x0f, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x0a, 0x63, 0x6f, 0x70, 0x79, 0x54, 0x68, 0x72, + 0x65, 0x73, 0x68, 0x12, 0x2b, 0x0a, 0x06, 0x6d, 0x63, 0x6c, 0x69, 0x73, 0x74, 0x18, 0x10, 0x20, + 0x03, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x70, 0x61, 0x63, 0x6b, 0x65, + 0x74, 0x5f, 0x6d, 0x63, 0x6c, 0x69, 0x73, 0x74, 0x52, 0x06, 0x6d, 0x63, 0x6c, 0x69, 0x73, 0x74, + 0x12, 0x22, 0x0a, 0x06, 0x66, 0x61, 0x6e, 0x6f, 0x75, 0x74, 0x18, 0x11, 0x20, 0x01, 0x28, 0x0d, + 0x3a, 0x0a, 0x34, 0x32, 0x39, 0x34, 0x39, 0x36, 0x37, 0x32, 0x39, 0x35, 0x52, 0x06, 0x66, 0x61, + 0x6e, 0x6f, 0x75, 0x74, 0x12, 0x2a, 0x0a, 0x07, 0x72, 0x78, 0x5f, 0x72, 0x69, 0x6e, 0x67, 0x18, + 0x12, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x70, 0x61, 0x63, + 0x6b, 0x65, 0x74, 0x5f, 0x72, 0x69, 0x6e, 0x67, 0x52, 0x06, 0x72, 0x78, 0x52, 0x69, 0x6e, 0x67, + 0x12, 0x2a, 0x0a, 0x07, 0x74, 0x78, 0x5f, 0x72, 0x69, 0x6e, 0x67, 0x18, 0x13, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x11, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x5f, + 0x72, 0x69, 0x6e, 0x67, 0x52, 0x06, 0x74, 0x78, 0x52, 0x69, 0x6e, 0x67, 0x12, 0x13, 0x0a, 0x05, + 0x6e, 0x73, 0x5f, 0x69, 0x64, 0x18, 0x14, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x04, 0x6e, 0x73, 0x49, + 0x64, +} + +var ( + file_packet_sock_proto_rawDescOnce sync.Once + file_packet_sock_proto_rawDescData = file_packet_sock_proto_rawDesc +) + +func file_packet_sock_proto_rawDescGZIP() []byte { + file_packet_sock_proto_rawDescOnce.Do(func() { + file_packet_sock_proto_rawDescData = protoimpl.X.CompressGZIP(file_packet_sock_proto_rawDescData) + }) + return file_packet_sock_proto_rawDescData +} + +var file_packet_sock_proto_msgTypes = make([]protoimpl.MessageInfo, 3) +var file_packet_sock_proto_goTypes = []interface{}{ + (*PacketMclist)(nil), // 0: criu.packet_mclist + (*PacketRing)(nil), // 1: criu.packet_ring + (*PacketSockEntry)(nil), // 2: criu.packet_sock_entry + (*FownEntry)(nil), // 3: criu.fown_entry + (*SkOptsEntry)(nil), // 4: criu.sk_opts_entry +} +var file_packet_sock_proto_depIdxs = []int32{ + 3, // 0: criu.packet_sock_entry.fown:type_name -> criu.fown_entry + 4, // 1: criu.packet_sock_entry.opts:type_name -> criu.sk_opts_entry + 0, // 2: criu.packet_sock_entry.mclist:type_name -> criu.packet_mclist + 1, // 3: criu.packet_sock_entry.rx_ring:type_name -> criu.packet_ring + 1, // 4: criu.packet_sock_entry.tx_ring:type_name -> criu.packet_ring + 5, // [5:5] is the sub-list for method output_type + 5, // [5:5] is the sub-list for method input_type + 5, // [5:5] is the sub-list for extension type_name + 5, // [5:5] is the sub-list for extension extendee + 0, // [0:5] is the sub-list for field type_name +} + +func init() { file_packet_sock_proto_init() } +func file_packet_sock_proto_init() { + if File_packet_sock_proto != nil { + return + } + file_opts_proto_init() + file_fown_proto_init() + file_sk_opts_proto_init() + if !protoimpl.UnsafeEnabled { + file_packet_sock_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*PacketMclist); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_packet_sock_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*PacketRing); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_packet_sock_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*PacketSockEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_packet_sock_proto_rawDesc, + NumEnums: 0, + NumMessages: 3, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_packet_sock_proto_goTypes, + DependencyIndexes: file_packet_sock_proto_depIdxs, + MessageInfos: file_packet_sock_proto_msgTypes, + }.Build() + File_packet_sock_proto = out.File + file_packet_sock_proto_rawDesc = nil + file_packet_sock_proto_goTypes = nil + file_packet_sock_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/packet-sock.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/packet-sock.proto new file mode 100644 index 00000000000..962447c0ffb --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/packet-sock.proto @@ -0,0 +1,50 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +import "opts.proto"; +import "fown.proto"; +import "sk-opts.proto"; + +message packet_mclist { + required uint32 index = 1; + required uint32 type = 2; + required bytes addr = 3; +} + +message packet_ring { + required uint32 block_size = 1; + required uint32 block_nr = 2; + required uint32 frame_size = 3; + required uint32 frame_nr = 4; + + required uint32 retire_tmo = 5; + required uint32 sizeof_priv = 6; + required uint32 features = 7; +} + +message packet_sock_entry { + required uint32 id = 1; + required uint32 type = 2; + required uint32 protocol = 3; + required uint32 flags = 4 [(criu).hex = true]; + required uint32 ifindex = 5; + + required fown_entry fown = 6; + required sk_opts_entry opts = 7; + + required uint32 version = 8; + required uint32 reserve = 9; + required bool aux_data = 10; + required bool orig_dev = 11; + required bool vnet_hdr = 12; + required bool loss = 13; + required uint32 timestamp = 14; + required uint32 copy_thresh = 15; + repeated packet_mclist mclist = 16; + optional uint32 fanout = 17 [ default = 0xffffffff ]; + optional packet_ring rx_ring = 18; + optional packet_ring tx_ring = 19; + optional uint32 ns_id = 20; +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pagemap.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pagemap.pb.go new file mode 100644 index 00000000000..2b1174d626c --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pagemap.pb.go @@ -0,0 +1,237 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: pagemap.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type PagemapHead struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + PagesId *uint32 `protobuf:"varint,1,req,name=pages_id,json=pagesId" json:"pages_id,omitempty"` +} + +func (x *PagemapHead) Reset() { + *x = PagemapHead{} + if protoimpl.UnsafeEnabled { + mi := &file_pagemap_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *PagemapHead) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*PagemapHead) ProtoMessage() {} + +func (x *PagemapHead) ProtoReflect() protoreflect.Message { + mi := &file_pagemap_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use PagemapHead.ProtoReflect.Descriptor instead. +func (*PagemapHead) Descriptor() ([]byte, []int) { + return file_pagemap_proto_rawDescGZIP(), []int{0} +} + +func (x *PagemapHead) GetPagesId() uint32 { + if x != nil && x.PagesId != nil { + return *x.PagesId + } + return 0 +} + +type PagemapEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Vaddr *uint64 `protobuf:"varint,1,req,name=vaddr" json:"vaddr,omitempty"` + NrPages *uint32 `protobuf:"varint,2,req,name=nr_pages,json=nrPages" json:"nr_pages,omitempty"` + InParent *bool `protobuf:"varint,3,opt,name=in_parent,json=inParent" json:"in_parent,omitempty"` + Flags *uint32 `protobuf:"varint,4,opt,name=flags" json:"flags,omitempty"` +} + +func (x *PagemapEntry) Reset() { + *x = PagemapEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_pagemap_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *PagemapEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*PagemapEntry) ProtoMessage() {} + +func (x *PagemapEntry) ProtoReflect() protoreflect.Message { + mi := &file_pagemap_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use PagemapEntry.ProtoReflect.Descriptor instead. +func (*PagemapEntry) Descriptor() ([]byte, []int) { + return file_pagemap_proto_rawDescGZIP(), []int{1} +} + +func (x *PagemapEntry) GetVaddr() uint64 { + if x != nil && x.Vaddr != nil { + return *x.Vaddr + } + return 0 +} + +func (x *PagemapEntry) GetNrPages() uint32 { + if x != nil && x.NrPages != nil { + return *x.NrPages + } + return 0 +} + +func (x *PagemapEntry) GetInParent() bool { + if x != nil && x.InParent != nil { + return *x.InParent + } + return false +} + +func (x *PagemapEntry) GetFlags() uint32 { + if x != nil && x.Flags != nil { + return *x.Flags + } + return 0 +} + +var File_pagemap_proto protoreflect.FileDescriptor + +var file_pagemap_proto_rawDesc = []byte{ + 0x0a, 0x0d, 0x70, 0x61, 0x67, 0x65, 0x6d, 0x61, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, + 0x04, 0x63, 0x72, 0x69, 0x75, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x22, 0x29, 0x0a, 0x0c, 0x70, 0x61, 0x67, 0x65, 0x6d, 0x61, 0x70, 0x5f, 0x68, 0x65, 0x61, + 0x64, 0x12, 0x19, 0x0a, 0x08, 0x70, 0x61, 0x67, 0x65, 0x73, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, + 0x02, 0x28, 0x0d, 0x52, 0x07, 0x70, 0x61, 0x67, 0x65, 0x73, 0x49, 0x64, 0x22, 0x8b, 0x01, 0x0a, + 0x0d, 0x70, 0x61, 0x67, 0x65, 0x6d, 0x61, 0x70, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x1b, + 0x0a, 0x05, 0x76, 0x61, 0x64, 0x64, 0x72, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, + 0x3f, 0x02, 0x08, 0x01, 0x52, 0x05, 0x76, 0x61, 0x64, 0x64, 0x72, 0x12, 0x19, 0x0a, 0x08, 0x6e, + 0x72, 0x5f, 0x70, 0x61, 0x67, 0x65, 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x6e, + 0x72, 0x50, 0x61, 0x67, 0x65, 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x69, 0x6e, 0x5f, 0x70, 0x61, 0x72, + 0x65, 0x6e, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x69, 0x6e, 0x50, 0x61, 0x72, + 0x65, 0x6e, 0x74, 0x12, 0x25, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x04, 0x20, 0x01, + 0x28, 0x0d, 0x42, 0x0f, 0xd2, 0x3f, 0x0c, 0x1a, 0x0a, 0x70, 0x6d, 0x61, 0x70, 0x2e, 0x66, 0x6c, + 0x61, 0x67, 0x73, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, +} + +var ( + file_pagemap_proto_rawDescOnce sync.Once + file_pagemap_proto_rawDescData = file_pagemap_proto_rawDesc +) + +func file_pagemap_proto_rawDescGZIP() []byte { + file_pagemap_proto_rawDescOnce.Do(func() { + file_pagemap_proto_rawDescData = protoimpl.X.CompressGZIP(file_pagemap_proto_rawDescData) + }) + return file_pagemap_proto_rawDescData +} + +var file_pagemap_proto_msgTypes = make([]protoimpl.MessageInfo, 2) +var file_pagemap_proto_goTypes = []interface{}{ + (*PagemapHead)(nil), // 0: criu.pagemap_head + (*PagemapEntry)(nil), // 1: criu.pagemap_entry +} +var file_pagemap_proto_depIdxs = []int32{ + 0, // [0:0] is the sub-list for method output_type + 0, // [0:0] is the sub-list for method input_type + 0, // [0:0] is the sub-list for extension type_name + 0, // [0:0] is the sub-list for extension extendee + 0, // [0:0] is the sub-list for field type_name +} + +func init() { file_pagemap_proto_init() } +func file_pagemap_proto_init() { + if File_pagemap_proto != nil { + return + } + file_opts_proto_init() + if !protoimpl.UnsafeEnabled { + file_pagemap_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*PagemapHead); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_pagemap_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*PagemapEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_pagemap_proto_rawDesc, + NumEnums: 0, + NumMessages: 2, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_pagemap_proto_goTypes, + DependencyIndexes: file_pagemap_proto_depIdxs, + MessageInfos: file_pagemap_proto_msgTypes, + }.Build() + File_pagemap_proto = out.File + file_pagemap_proto_rawDesc = nil + file_pagemap_proto_goTypes = nil + file_pagemap_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pagemap.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pagemap.proto new file mode 100644 index 00000000000..1243e8acbba --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pagemap.proto @@ -0,0 +1,17 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +import "opts.proto"; + +message pagemap_head { + required uint32 pages_id = 1; +} + +message pagemap_entry { + required uint64 vaddr = 1 [(criu).hex = true]; + required uint32 nr_pages = 2; + optional bool in_parent = 3; + optional uint32 flags = 4 [(criu).flags = "pmap.flags" ]; +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pidns.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pidns.pb.go new file mode 100644 index 00000000000..0b87ce0bef4 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pidns.pb.go @@ -0,0 +1,142 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: pidns.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type PidnsEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + ExtKey *string `protobuf:"bytes,1,opt,name=ext_key,json=extKey" json:"ext_key,omitempty"` +} + +func (x *PidnsEntry) Reset() { + *x = PidnsEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_pidns_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *PidnsEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*PidnsEntry) ProtoMessage() {} + +func (x *PidnsEntry) ProtoReflect() protoreflect.Message { + mi := &file_pidns_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use PidnsEntry.ProtoReflect.Descriptor instead. +func (*PidnsEntry) Descriptor() ([]byte, []int) { + return file_pidns_proto_rawDescGZIP(), []int{0} +} + +func (x *PidnsEntry) GetExtKey() string { + if x != nil && x.ExtKey != nil { + return *x.ExtKey + } + return "" +} + +var File_pidns_proto protoreflect.FileDescriptor + +var file_pidns_proto_rawDesc = []byte{ + 0x0a, 0x0b, 0x70, 0x69, 0x64, 0x6e, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x63, + 0x72, 0x69, 0x75, 0x22, 0x26, 0x0a, 0x0b, 0x70, 0x69, 0x64, 0x6e, 0x73, 0x5f, 0x65, 0x6e, 0x74, + 0x72, 0x79, 0x12, 0x17, 0x0a, 0x07, 0x65, 0x78, 0x74, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x06, 0x65, 0x78, 0x74, 0x4b, 0x65, 0x79, +} + +var ( + file_pidns_proto_rawDescOnce sync.Once + file_pidns_proto_rawDescData = file_pidns_proto_rawDesc +) + +func file_pidns_proto_rawDescGZIP() []byte { + file_pidns_proto_rawDescOnce.Do(func() { + file_pidns_proto_rawDescData = protoimpl.X.CompressGZIP(file_pidns_proto_rawDescData) + }) + return file_pidns_proto_rawDescData +} + +var file_pidns_proto_msgTypes = make([]protoimpl.MessageInfo, 1) +var file_pidns_proto_goTypes = []interface{}{ + (*PidnsEntry)(nil), // 0: criu.pidns_entry +} +var file_pidns_proto_depIdxs = []int32{ + 0, // [0:0] is the sub-list for method output_type + 0, // [0:0] is the sub-list for method input_type + 0, // [0:0] is the sub-list for extension type_name + 0, // [0:0] is the sub-list for extension extendee + 0, // [0:0] is the sub-list for field type_name +} + +func init() { file_pidns_proto_init() } +func file_pidns_proto_init() { + if File_pidns_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_pidns_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*PidnsEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_pidns_proto_rawDesc, + NumEnums: 0, + NumMessages: 1, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_pidns_proto_goTypes, + DependencyIndexes: file_pidns_proto_depIdxs, + MessageInfos: file_pidns_proto_msgTypes, + }.Build() + File_pidns_proto = out.File + file_pidns_proto_rawDesc = nil + file_pidns_proto_goTypes = nil + file_pidns_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pidns.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pidns.proto new file mode 100644 index 00000000000..337dba759f6 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pidns.proto @@ -0,0 +1,8 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +message pidns_entry { + optional string ext_key = 1; +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pipe-data.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pipe-data.pb.go new file mode 100644 index 00000000000..7adee56286c --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pipe-data.pb.go @@ -0,0 +1,161 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: pipe-data.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type PipeDataEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + PipeId *uint32 `protobuf:"varint,1,req,name=pipe_id,json=pipeId" json:"pipe_id,omitempty"` + Bytes *uint32 `protobuf:"varint,2,req,name=bytes" json:"bytes,omitempty"` + Size *uint32 `protobuf:"varint,3,opt,name=size" json:"size,omitempty"` +} + +func (x *PipeDataEntry) Reset() { + *x = PipeDataEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_pipe_data_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *PipeDataEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*PipeDataEntry) ProtoMessage() {} + +func (x *PipeDataEntry) ProtoReflect() protoreflect.Message { + mi := &file_pipe_data_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use PipeDataEntry.ProtoReflect.Descriptor instead. +func (*PipeDataEntry) Descriptor() ([]byte, []int) { + return file_pipe_data_proto_rawDescGZIP(), []int{0} +} + +func (x *PipeDataEntry) GetPipeId() uint32 { + if x != nil && x.PipeId != nil { + return *x.PipeId + } + return 0 +} + +func (x *PipeDataEntry) GetBytes() uint32 { + if x != nil && x.Bytes != nil { + return *x.Bytes + } + return 0 +} + +func (x *PipeDataEntry) GetSize() uint32 { + if x != nil && x.Size != nil { + return *x.Size + } + return 0 +} + +var File_pipe_data_proto protoreflect.FileDescriptor + +var file_pipe_data_proto_rawDesc = []byte{ + 0x0a, 0x0f, 0x70, 0x69, 0x70, 0x65, 0x2d, 0x64, 0x61, 0x74, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x12, 0x04, 0x63, 0x72, 0x69, 0x75, 0x22, 0x54, 0x0a, 0x0f, 0x70, 0x69, 0x70, 0x65, 0x5f, + 0x64, 0x61, 0x74, 0x61, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x17, 0x0a, 0x07, 0x70, 0x69, + 0x70, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x06, 0x70, 0x69, 0x70, + 0x65, 0x49, 0x64, 0x12, 0x14, 0x0a, 0x05, 0x62, 0x79, 0x74, 0x65, 0x73, 0x18, 0x02, 0x20, 0x02, + 0x28, 0x0d, 0x52, 0x05, 0x62, 0x79, 0x74, 0x65, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x73, 0x69, 0x7a, + 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x04, 0x73, 0x69, 0x7a, 0x65, +} + +var ( + file_pipe_data_proto_rawDescOnce sync.Once + file_pipe_data_proto_rawDescData = file_pipe_data_proto_rawDesc +) + +func file_pipe_data_proto_rawDescGZIP() []byte { + file_pipe_data_proto_rawDescOnce.Do(func() { + file_pipe_data_proto_rawDescData = protoimpl.X.CompressGZIP(file_pipe_data_proto_rawDescData) + }) + return file_pipe_data_proto_rawDescData +} + +var file_pipe_data_proto_msgTypes = make([]protoimpl.MessageInfo, 1) +var file_pipe_data_proto_goTypes = []interface{}{ + (*PipeDataEntry)(nil), // 0: criu.pipe_data_entry +} +var file_pipe_data_proto_depIdxs = []int32{ + 0, // [0:0] is the sub-list for method output_type + 0, // [0:0] is the sub-list for method input_type + 0, // [0:0] is the sub-list for extension type_name + 0, // [0:0] is the sub-list for extension extendee + 0, // [0:0] is the sub-list for field type_name +} + +func init() { file_pipe_data_proto_init() } +func file_pipe_data_proto_init() { + if File_pipe_data_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_pipe_data_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*PipeDataEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_pipe_data_proto_rawDesc, + NumEnums: 0, + NumMessages: 1, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_pipe_data_proto_goTypes, + DependencyIndexes: file_pipe_data_proto_depIdxs, + MessageInfos: file_pipe_data_proto_msgTypes, + }.Build() + File_pipe_data_proto = out.File + file_pipe_data_proto_rawDesc = nil + file_pipe_data_proto_goTypes = nil + file_pipe_data_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pipe-data.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pipe-data.proto new file mode 100644 index 00000000000..f82c02ea39d --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pipe-data.proto @@ -0,0 +1,10 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +message pipe_data_entry { + required uint32 pipe_id = 1; + required uint32 bytes = 2; + optional uint32 size = 3; +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pipe.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pipe.pb.go new file mode 100644 index 00000000000..6d060fa0dcb --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pipe.pb.go @@ -0,0 +1,177 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: pipe.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type PipeEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Id *uint32 `protobuf:"varint,1,req,name=id" json:"id,omitempty"` + PipeId *uint32 `protobuf:"varint,2,req,name=pipe_id,json=pipeId" json:"pipe_id,omitempty"` + Flags *uint32 `protobuf:"varint,3,req,name=flags" json:"flags,omitempty"` + Fown *FownEntry `protobuf:"bytes,4,req,name=fown" json:"fown,omitempty"` +} + +func (x *PipeEntry) Reset() { + *x = PipeEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_pipe_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *PipeEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*PipeEntry) ProtoMessage() {} + +func (x *PipeEntry) ProtoReflect() protoreflect.Message { + mi := &file_pipe_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use PipeEntry.ProtoReflect.Descriptor instead. +func (*PipeEntry) Descriptor() ([]byte, []int) { + return file_pipe_proto_rawDescGZIP(), []int{0} +} + +func (x *PipeEntry) GetId() uint32 { + if x != nil && x.Id != nil { + return *x.Id + } + return 0 +} + +func (x *PipeEntry) GetPipeId() uint32 { + if x != nil && x.PipeId != nil { + return *x.PipeId + } + return 0 +} + +func (x *PipeEntry) GetFlags() uint32 { + if x != nil && x.Flags != nil { + return *x.Flags + } + return 0 +} + +func (x *PipeEntry) GetFown() *FownEntry { + if x != nil { + return x.Fown + } + return nil +} + +var File_pipe_proto protoreflect.FileDescriptor + +var file_pipe_proto_rawDesc = []byte{ + 0x0a, 0x0a, 0x70, 0x69, 0x70, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x63, 0x72, + 0x69, 0x75, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, + 0x66, 0x6f, 0x77, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x78, 0x0a, 0x0a, 0x70, 0x69, + 0x70, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, + 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, 0x17, 0x0a, 0x07, 0x70, 0x69, 0x70, 0x65, + 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x06, 0x70, 0x69, 0x70, 0x65, 0x49, + 0x64, 0x12, 0x1b, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, + 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x24, + 0x0a, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x63, + 0x72, 0x69, 0x75, 0x2e, 0x66, 0x6f, 0x77, 0x6e, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, + 0x66, 0x6f, 0x77, 0x6e, +} + +var ( + file_pipe_proto_rawDescOnce sync.Once + file_pipe_proto_rawDescData = file_pipe_proto_rawDesc +) + +func file_pipe_proto_rawDescGZIP() []byte { + file_pipe_proto_rawDescOnce.Do(func() { + file_pipe_proto_rawDescData = protoimpl.X.CompressGZIP(file_pipe_proto_rawDescData) + }) + return file_pipe_proto_rawDescData +} + +var file_pipe_proto_msgTypes = make([]protoimpl.MessageInfo, 1) +var file_pipe_proto_goTypes = []interface{}{ + (*PipeEntry)(nil), // 0: criu.pipe_entry + (*FownEntry)(nil), // 1: criu.fown_entry +} +var file_pipe_proto_depIdxs = []int32{ + 1, // 0: criu.pipe_entry.fown:type_name -> criu.fown_entry + 1, // [1:1] is the sub-list for method output_type + 1, // [1:1] is the sub-list for method input_type + 1, // [1:1] is the sub-list for extension type_name + 1, // [1:1] is the sub-list for extension extendee + 0, // [0:1] is the sub-list for field type_name +} + +func init() { file_pipe_proto_init() } +func file_pipe_proto_init() { + if File_pipe_proto != nil { + return + } + file_opts_proto_init() + file_fown_proto_init() + if !protoimpl.UnsafeEnabled { + file_pipe_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*PipeEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_pipe_proto_rawDesc, + NumEnums: 0, + NumMessages: 1, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_pipe_proto_goTypes, + DependencyIndexes: file_pipe_proto_depIdxs, + MessageInfos: file_pipe_proto_msgTypes, + }.Build() + File_pipe_proto = out.File + file_pipe_proto_rawDesc = nil + file_pipe_proto_goTypes = nil + file_pipe_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pipe.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pipe.proto new file mode 100644 index 00000000000..1d5502f47b6 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pipe.proto @@ -0,0 +1,14 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +import "opts.proto"; +import "fown.proto"; + +message pipe_entry { + required uint32 id = 1; + required uint32 pipe_id = 2; + required uint32 flags = 3 [(criu).hex = true]; + required fown_entry fown = 4; +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pstree.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pstree.pb.go new file mode 100644 index 00000000000..2ae259a677b --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pstree.pb.go @@ -0,0 +1,179 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: pstree.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type PstreeEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Pid *uint32 `protobuf:"varint,1,req,name=pid" json:"pid,omitempty"` + Ppid *uint32 `protobuf:"varint,2,req,name=ppid" json:"ppid,omitempty"` + Pgid *uint32 `protobuf:"varint,3,req,name=pgid" json:"pgid,omitempty"` + Sid *uint32 `protobuf:"varint,4,req,name=sid" json:"sid,omitempty"` + Threads []uint32 `protobuf:"varint,5,rep,name=threads" json:"threads,omitempty"` +} + +func (x *PstreeEntry) Reset() { + *x = PstreeEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_pstree_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *PstreeEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*PstreeEntry) ProtoMessage() {} + +func (x *PstreeEntry) ProtoReflect() protoreflect.Message { + mi := &file_pstree_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use PstreeEntry.ProtoReflect.Descriptor instead. +func (*PstreeEntry) Descriptor() ([]byte, []int) { + return file_pstree_proto_rawDescGZIP(), []int{0} +} + +func (x *PstreeEntry) GetPid() uint32 { + if x != nil && x.Pid != nil { + return *x.Pid + } + return 0 +} + +func (x *PstreeEntry) GetPpid() uint32 { + if x != nil && x.Ppid != nil { + return *x.Ppid + } + return 0 +} + +func (x *PstreeEntry) GetPgid() uint32 { + if x != nil && x.Pgid != nil { + return *x.Pgid + } + return 0 +} + +func (x *PstreeEntry) GetSid() uint32 { + if x != nil && x.Sid != nil { + return *x.Sid + } + return 0 +} + +func (x *PstreeEntry) GetThreads() []uint32 { + if x != nil { + return x.Threads + } + return nil +} + +var File_pstree_proto protoreflect.FileDescriptor + +var file_pstree_proto_rawDesc = []byte{ + 0x0a, 0x0c, 0x70, 0x73, 0x74, 0x72, 0x65, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, + 0x63, 0x72, 0x69, 0x75, 0x22, 0x74, 0x0a, 0x0c, 0x70, 0x73, 0x74, 0x72, 0x65, 0x65, 0x5f, 0x65, + 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x70, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, + 0x0d, 0x52, 0x03, 0x70, 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x70, 0x69, 0x64, 0x18, 0x02, + 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x70, 0x70, 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x67, + 0x69, 0x64, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x70, 0x67, 0x69, 0x64, 0x12, 0x10, + 0x0a, 0x03, 0x73, 0x69, 0x64, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, 0x73, 0x69, 0x64, + 0x12, 0x18, 0x0a, 0x07, 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, + 0x0d, 0x52, 0x07, 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x73, +} + +var ( + file_pstree_proto_rawDescOnce sync.Once + file_pstree_proto_rawDescData = file_pstree_proto_rawDesc +) + +func file_pstree_proto_rawDescGZIP() []byte { + file_pstree_proto_rawDescOnce.Do(func() { + file_pstree_proto_rawDescData = protoimpl.X.CompressGZIP(file_pstree_proto_rawDescData) + }) + return file_pstree_proto_rawDescData +} + +var file_pstree_proto_msgTypes = make([]protoimpl.MessageInfo, 1) +var file_pstree_proto_goTypes = []interface{}{ + (*PstreeEntry)(nil), // 0: criu.pstree_entry +} +var file_pstree_proto_depIdxs = []int32{ + 0, // [0:0] is the sub-list for method output_type + 0, // [0:0] is the sub-list for method input_type + 0, // [0:0] is the sub-list for extension type_name + 0, // [0:0] is the sub-list for extension extendee + 0, // [0:0] is the sub-list for field type_name +} + +func init() { file_pstree_proto_init() } +func file_pstree_proto_init() { + if File_pstree_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_pstree_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*PstreeEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_pstree_proto_rawDesc, + NumEnums: 0, + NumMessages: 1, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_pstree_proto_goTypes, + DependencyIndexes: file_pstree_proto_depIdxs, + MessageInfos: file_pstree_proto_msgTypes, + }.Build() + File_pstree_proto = out.File + file_pstree_proto_rawDesc = nil + file_pstree_proto_goTypes = nil + file_pstree_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pstree.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pstree.proto new file mode 100644 index 00000000000..b3be84620d6 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pstree.proto @@ -0,0 +1,12 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +message pstree_entry { + required uint32 pid = 1; + required uint32 ppid = 2; + required uint32 pgid = 3; + required uint32 sid = 4; + repeated uint32 threads = 5; +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/regfile.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/regfile.pb.go new file mode 100644 index 00000000000..1126d0ff24e --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/regfile.pb.go @@ -0,0 +1,276 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: regfile.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type RegFileEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Id *uint32 `protobuf:"varint,1,req,name=id" json:"id,omitempty"` + Flags *uint32 `protobuf:"varint,2,req,name=flags" json:"flags,omitempty"` + Pos *uint64 `protobuf:"varint,3,req,name=pos" json:"pos,omitempty"` + Fown *FownEntry `protobuf:"bytes,5,req,name=fown" json:"fown,omitempty"` + Name *string `protobuf:"bytes,6,req,name=name" json:"name,omitempty"` + MntId *int32 `protobuf:"zigzag32,7,opt,name=mnt_id,json=mntId,def=-1" json:"mnt_id,omitempty"` + Size *uint64 `protobuf:"varint,8,opt,name=size" json:"size,omitempty"` + Ext *bool `protobuf:"varint,9,opt,name=ext" json:"ext,omitempty"` + Mode *uint32 `protobuf:"varint,10,opt,name=mode" json:"mode,omitempty"` + // This field stores the build-ID of the file if it could be obtained. + BuildId []uint32 `protobuf:"varint,11,rep,name=build_id,json=buildId" json:"build_id,omitempty"` + // This field stores the CRC32C checksum of the file if it could be obtained. + Checksum *uint32 `protobuf:"varint,12,opt,name=checksum" json:"checksum,omitempty"` + // This field stores the configuration of bytes which were used in the + // calculation of the checksum, if it could be obtained. + ChecksumConfig *uint32 `protobuf:"varint,13,opt,name=checksum_config,json=checksumConfig" json:"checksum_config,omitempty"` + // This field stores the checksum parameter if it was used in the calculation + // of the checksum, if it could be obtained. + ChecksumParameter *uint32 `protobuf:"varint,14,opt,name=checksum_parameter,json=checksumParameter" json:"checksum_parameter,omitempty"` +} + +// Default values for RegFileEntry fields. +const ( + Default_RegFileEntry_MntId = int32(-1) +) + +func (x *RegFileEntry) Reset() { + *x = RegFileEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_regfile_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *RegFileEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*RegFileEntry) ProtoMessage() {} + +func (x *RegFileEntry) ProtoReflect() protoreflect.Message { + mi := &file_regfile_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use RegFileEntry.ProtoReflect.Descriptor instead. +func (*RegFileEntry) Descriptor() ([]byte, []int) { + return file_regfile_proto_rawDescGZIP(), []int{0} +} + +func (x *RegFileEntry) GetId() uint32 { + if x != nil && x.Id != nil { + return *x.Id + } + return 0 +} + +func (x *RegFileEntry) GetFlags() uint32 { + if x != nil && x.Flags != nil { + return *x.Flags + } + return 0 +} + +func (x *RegFileEntry) GetPos() uint64 { + if x != nil && x.Pos != nil { + return *x.Pos + } + return 0 +} + +func (x *RegFileEntry) GetFown() *FownEntry { + if x != nil { + return x.Fown + } + return nil +} + +func (x *RegFileEntry) GetName() string { + if x != nil && x.Name != nil { + return *x.Name + } + return "" +} + +func (x *RegFileEntry) GetMntId() int32 { + if x != nil && x.MntId != nil { + return *x.MntId + } + return Default_RegFileEntry_MntId +} + +func (x *RegFileEntry) GetSize() uint64 { + if x != nil && x.Size != nil { + return *x.Size + } + return 0 +} + +func (x *RegFileEntry) GetExt() bool { + if x != nil && x.Ext != nil { + return *x.Ext + } + return false +} + +func (x *RegFileEntry) GetMode() uint32 { + if x != nil && x.Mode != nil { + return *x.Mode + } + return 0 +} + +func (x *RegFileEntry) GetBuildId() []uint32 { + if x != nil { + return x.BuildId + } + return nil +} + +func (x *RegFileEntry) GetChecksum() uint32 { + if x != nil && x.Checksum != nil { + return *x.Checksum + } + return 0 +} + +func (x *RegFileEntry) GetChecksumConfig() uint32 { + if x != nil && x.ChecksumConfig != nil { + return *x.ChecksumConfig + } + return 0 +} + +func (x *RegFileEntry) GetChecksumParameter() uint32 { + if x != nil && x.ChecksumParameter != nil { + return *x.ChecksumParameter + } + return 0 +} + +var File_regfile_proto protoreflect.FileDescriptor + +var file_regfile_proto_rawDesc = []byte{ + 0x0a, 0x0d, 0x72, 0x65, 0x67, 0x66, 0x69, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, + 0x04, 0x63, 0x72, 0x69, 0x75, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x1a, 0x0a, 0x66, 0x6f, 0x77, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xf8, 0x02, + 0x0a, 0x0e, 0x72, 0x65, 0x67, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, + 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, + 0x12, 0x26, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x42, + 0x10, 0xd2, 0x3f, 0x0d, 0x1a, 0x0b, 0x72, 0x66, 0x69, 0x6c, 0x65, 0x2e, 0x66, 0x6c, 0x61, 0x67, + 0x73, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x10, 0x0a, 0x03, 0x70, 0x6f, 0x73, 0x18, + 0x03, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x70, 0x6f, 0x73, 0x12, 0x24, 0x0a, 0x04, 0x66, 0x6f, + 0x77, 0x6e, 0x18, 0x05, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, + 0x66, 0x6f, 0x77, 0x6e, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x66, 0x6f, 0x77, 0x6e, + 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x06, 0x20, 0x02, 0x28, 0x09, 0x52, 0x04, + 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x19, 0x0a, 0x06, 0x6d, 0x6e, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x07, + 0x20, 0x01, 0x28, 0x11, 0x3a, 0x02, 0x2d, 0x31, 0x52, 0x05, 0x6d, 0x6e, 0x74, 0x49, 0x64, 0x12, + 0x12, 0x0a, 0x04, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x04, 0x52, 0x04, 0x73, + 0x69, 0x7a, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x65, 0x78, 0x74, 0x18, 0x09, 0x20, 0x01, 0x28, 0x08, + 0x52, 0x03, 0x65, 0x78, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x0a, 0x20, + 0x01, 0x28, 0x0d, 0x52, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x19, 0x0a, 0x08, 0x62, 0x75, 0x69, + 0x6c, 0x64, 0x5f, 0x69, 0x64, 0x18, 0x0b, 0x20, 0x03, 0x28, 0x0d, 0x52, 0x07, 0x62, 0x75, 0x69, + 0x6c, 0x64, 0x49, 0x64, 0x12, 0x1a, 0x0a, 0x08, 0x63, 0x68, 0x65, 0x63, 0x6b, 0x73, 0x75, 0x6d, + 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x08, 0x63, 0x68, 0x65, 0x63, 0x6b, 0x73, 0x75, 0x6d, + 0x12, 0x27, 0x0a, 0x0f, 0x63, 0x68, 0x65, 0x63, 0x6b, 0x73, 0x75, 0x6d, 0x5f, 0x63, 0x6f, 0x6e, + 0x66, 0x69, 0x67, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0e, 0x63, 0x68, 0x65, 0x63, 0x6b, + 0x73, 0x75, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x2d, 0x0a, 0x12, 0x63, 0x68, 0x65, + 0x63, 0x6b, 0x73, 0x75, 0x6d, 0x5f, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x18, + 0x0e, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x11, 0x63, 0x68, 0x65, 0x63, 0x6b, 0x73, 0x75, 0x6d, 0x50, + 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, +} + +var ( + file_regfile_proto_rawDescOnce sync.Once + file_regfile_proto_rawDescData = file_regfile_proto_rawDesc +) + +func file_regfile_proto_rawDescGZIP() []byte { + file_regfile_proto_rawDescOnce.Do(func() { + file_regfile_proto_rawDescData = protoimpl.X.CompressGZIP(file_regfile_proto_rawDescData) + }) + return file_regfile_proto_rawDescData +} + +var file_regfile_proto_msgTypes = make([]protoimpl.MessageInfo, 1) +var file_regfile_proto_goTypes = []interface{}{ + (*RegFileEntry)(nil), // 0: criu.reg_file_entry + (*FownEntry)(nil), // 1: criu.fown_entry +} +var file_regfile_proto_depIdxs = []int32{ + 1, // 0: criu.reg_file_entry.fown:type_name -> criu.fown_entry + 1, // [1:1] is the sub-list for method output_type + 1, // [1:1] is the sub-list for method input_type + 1, // [1:1] is the sub-list for extension type_name + 1, // [1:1] is the sub-list for extension extendee + 0, // [0:1] is the sub-list for field type_name +} + +func init() { file_regfile_proto_init() } +func file_regfile_proto_init() { + if File_regfile_proto != nil { + return + } + file_opts_proto_init() + file_fown_proto_init() + if !protoimpl.UnsafeEnabled { + file_regfile_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*RegFileEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_regfile_proto_rawDesc, + NumEnums: 0, + NumMessages: 1, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_regfile_proto_goTypes, + DependencyIndexes: file_regfile_proto_depIdxs, + MessageInfos: file_regfile_proto_msgTypes, + }.Build() + File_regfile_proto = out.File + file_regfile_proto_rawDesc = nil + file_regfile_proto_goTypes = nil + file_regfile_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/regfile.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/regfile.proto new file mode 100644 index 00000000000..0b2670c211e --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/regfile.proto @@ -0,0 +1,37 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +import "opts.proto"; +import "fown.proto"; + +message reg_file_entry { + required uint32 id = 1; + required uint32 flags = 2 [(criu).flags = "rfile.flags"]; + required uint64 pos = 3; + required fown_entry fown = 5; + required string name = 6; + optional sint32 mnt_id = 7 [default = -1]; + optional uint64 size = 8; + optional bool ext = 9; + optional uint32 mode = 10; + + /* This field stores the build-ID of the file if it could be obtained. */ + repeated uint32 build_id = 11; + + /* This field stores the CRC32C checksum of the file if it could be obtained. */ + optional uint32 checksum = 12; + + /* + * This field stores the configuration of bytes which were used in the + * calculation of the checksum, if it could be obtained. + */ + optional uint32 checksum_config = 13; + + /* + * This field stores the checksum parameter if it was used in the calculation + * of the checksum, if it could be obtained. + */ + optional uint32 checksum_parameter = 14; +} \ No newline at end of file diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/remap-file-path.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/remap-file-path.pb.go new file mode 100644 index 00000000000..d42ba0b0f58 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/remap-file-path.pb.go @@ -0,0 +1,230 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: remap-file-path.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type RemapType int32 + +const ( + RemapType_LINKED RemapType = 0 + RemapType_GHOST RemapType = 1 + RemapType_PROCFS RemapType = 2 +) + +// Enum value maps for RemapType. +var ( + RemapType_name = map[int32]string{ + 0: "LINKED", + 1: "GHOST", + 2: "PROCFS", + } + RemapType_value = map[string]int32{ + "LINKED": 0, + "GHOST": 1, + "PROCFS": 2, + } +) + +func (x RemapType) Enum() *RemapType { + p := new(RemapType) + *p = x + return p +} + +func (x RemapType) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (RemapType) Descriptor() protoreflect.EnumDescriptor { + return file_remap_file_path_proto_enumTypes[0].Descriptor() +} + +func (RemapType) Type() protoreflect.EnumType { + return &file_remap_file_path_proto_enumTypes[0] +} + +func (x RemapType) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Do not use. +func (x *RemapType) UnmarshalJSON(b []byte) error { + num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b) + if err != nil { + return err + } + *x = RemapType(num) + return nil +} + +// Deprecated: Use RemapType.Descriptor instead. +func (RemapType) EnumDescriptor() ([]byte, []int) { + return file_remap_file_path_proto_rawDescGZIP(), []int{0} +} + +type RemapFilePathEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + OrigId *uint32 `protobuf:"varint,1,req,name=orig_id,json=origId" json:"orig_id,omitempty"` + RemapId *uint32 `protobuf:"varint,2,req,name=remap_id,json=remapId" json:"remap_id,omitempty"` + RemapType *RemapType `protobuf:"varint,3,opt,name=remap_type,json=remapType,enum=criu.RemapType" json:"remap_type,omitempty"` +} + +func (x *RemapFilePathEntry) Reset() { + *x = RemapFilePathEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_remap_file_path_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *RemapFilePathEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*RemapFilePathEntry) ProtoMessage() {} + +func (x *RemapFilePathEntry) ProtoReflect() protoreflect.Message { + mi := &file_remap_file_path_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use RemapFilePathEntry.ProtoReflect.Descriptor instead. +func (*RemapFilePathEntry) Descriptor() ([]byte, []int) { + return file_remap_file_path_proto_rawDescGZIP(), []int{0} +} + +func (x *RemapFilePathEntry) GetOrigId() uint32 { + if x != nil && x.OrigId != nil { + return *x.OrigId + } + return 0 +} + +func (x *RemapFilePathEntry) GetRemapId() uint32 { + if x != nil && x.RemapId != nil { + return *x.RemapId + } + return 0 +} + +func (x *RemapFilePathEntry) GetRemapType() RemapType { + if x != nil && x.RemapType != nil { + return *x.RemapType + } + return RemapType_LINKED +} + +var File_remap_file_path_proto protoreflect.FileDescriptor + +var file_remap_file_path_proto_rawDesc = []byte{ + 0x0a, 0x15, 0x72, 0x65, 0x6d, 0x61, 0x70, 0x2d, 0x66, 0x69, 0x6c, 0x65, 0x2d, 0x70, 0x61, 0x74, + 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x63, 0x72, 0x69, 0x75, 0x22, 0x7c, 0x0a, + 0x15, 0x72, 0x65, 0x6d, 0x61, 0x70, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x70, 0x61, 0x74, 0x68, + 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x17, 0x0a, 0x07, 0x6f, 0x72, 0x69, 0x67, 0x5f, 0x69, + 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x06, 0x6f, 0x72, 0x69, 0x67, 0x49, 0x64, 0x12, + 0x19, 0x0a, 0x08, 0x72, 0x65, 0x6d, 0x61, 0x70, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x02, 0x28, + 0x0d, 0x52, 0x07, 0x72, 0x65, 0x6d, 0x61, 0x70, 0x49, 0x64, 0x12, 0x2f, 0x0a, 0x0a, 0x72, 0x65, + 0x6d, 0x61, 0x70, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x10, + 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x72, 0x65, 0x6d, 0x61, 0x70, 0x5f, 0x74, 0x79, 0x70, 0x65, + 0x52, 0x09, 0x72, 0x65, 0x6d, 0x61, 0x70, 0x54, 0x79, 0x70, 0x65, 0x2a, 0x2f, 0x0a, 0x0a, 0x72, + 0x65, 0x6d, 0x61, 0x70, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x12, 0x0a, 0x0a, 0x06, 0x4c, 0x49, 0x4e, + 0x4b, 0x45, 0x44, 0x10, 0x00, 0x12, 0x09, 0x0a, 0x05, 0x47, 0x48, 0x4f, 0x53, 0x54, 0x10, 0x01, + 0x12, 0x0a, 0x0a, 0x06, 0x50, 0x52, 0x4f, 0x43, 0x46, 0x53, 0x10, 0x02, +} + +var ( + file_remap_file_path_proto_rawDescOnce sync.Once + file_remap_file_path_proto_rawDescData = file_remap_file_path_proto_rawDesc +) + +func file_remap_file_path_proto_rawDescGZIP() []byte { + file_remap_file_path_proto_rawDescOnce.Do(func() { + file_remap_file_path_proto_rawDescData = protoimpl.X.CompressGZIP(file_remap_file_path_proto_rawDescData) + }) + return file_remap_file_path_proto_rawDescData +} + +var file_remap_file_path_proto_enumTypes = make([]protoimpl.EnumInfo, 1) +var file_remap_file_path_proto_msgTypes = make([]protoimpl.MessageInfo, 1) +var file_remap_file_path_proto_goTypes = []interface{}{ + (RemapType)(0), // 0: criu.remap_type + (*RemapFilePathEntry)(nil), // 1: criu.remap_file_path_entry +} +var file_remap_file_path_proto_depIdxs = []int32{ + 0, // 0: criu.remap_file_path_entry.remap_type:type_name -> criu.remap_type + 1, // [1:1] is the sub-list for method output_type + 1, // [1:1] is the sub-list for method input_type + 1, // [1:1] is the sub-list for extension type_name + 1, // [1:1] is the sub-list for extension extendee + 0, // [0:1] is the sub-list for field type_name +} + +func init() { file_remap_file_path_proto_init() } +func file_remap_file_path_proto_init() { + if File_remap_file_path_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_remap_file_path_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*RemapFilePathEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_remap_file_path_proto_rawDesc, + NumEnums: 1, + NumMessages: 1, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_remap_file_path_proto_goTypes, + DependencyIndexes: file_remap_file_path_proto_depIdxs, + EnumInfos: file_remap_file_path_proto_enumTypes, + MessageInfos: file_remap_file_path_proto_msgTypes, + }.Build() + File_remap_file_path_proto = out.File + file_remap_file_path_proto_rawDesc = nil + file_remap_file_path_proto_goTypes = nil + file_remap_file_path_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/remap-file-path.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/remap-file-path.proto new file mode 100644 index 00000000000..9ceee9b6a38 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/remap-file-path.proto @@ -0,0 +1,19 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +enum remap_type { + LINKED = 0; + GHOST = 1; + PROCFS = 2; + // Reserved for spfs manager + // SPFS = 3; + // SPFS_LINKED = 4; +}; + +message remap_file_path_entry { + required uint32 orig_id = 1; + required uint32 remap_id = 2; + optional remap_type remap_type = 3; +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/rlimit.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/rlimit.pb.go new file mode 100644 index 00000000000..efc350c9caa --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/rlimit.pb.go @@ -0,0 +1,151 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: rlimit.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type RlimitEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Cur *uint64 `protobuf:"varint,1,req,name=cur" json:"cur,omitempty"` + Max *uint64 `protobuf:"varint,2,req,name=max" json:"max,omitempty"` +} + +func (x *RlimitEntry) Reset() { + *x = RlimitEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_rlimit_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *RlimitEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*RlimitEntry) ProtoMessage() {} + +func (x *RlimitEntry) ProtoReflect() protoreflect.Message { + mi := &file_rlimit_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use RlimitEntry.ProtoReflect.Descriptor instead. +func (*RlimitEntry) Descriptor() ([]byte, []int) { + return file_rlimit_proto_rawDescGZIP(), []int{0} +} + +func (x *RlimitEntry) GetCur() uint64 { + if x != nil && x.Cur != nil { + return *x.Cur + } + return 0 +} + +func (x *RlimitEntry) GetMax() uint64 { + if x != nil && x.Max != nil { + return *x.Max + } + return 0 +} + +var File_rlimit_proto protoreflect.FileDescriptor + +var file_rlimit_proto_rawDesc = []byte{ + 0x0a, 0x0c, 0x72, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, + 0x63, 0x72, 0x69, 0x75, 0x22, 0x32, 0x0a, 0x0c, 0x72, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x5f, 0x65, + 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x63, 0x75, 0x72, 0x18, 0x01, 0x20, 0x02, 0x28, + 0x04, 0x52, 0x03, 0x63, 0x75, 0x72, 0x12, 0x10, 0x0a, 0x03, 0x6d, 0x61, 0x78, 0x18, 0x02, 0x20, + 0x02, 0x28, 0x04, 0x52, 0x03, 0x6d, 0x61, 0x78, +} + +var ( + file_rlimit_proto_rawDescOnce sync.Once + file_rlimit_proto_rawDescData = file_rlimit_proto_rawDesc +) + +func file_rlimit_proto_rawDescGZIP() []byte { + file_rlimit_proto_rawDescOnce.Do(func() { + file_rlimit_proto_rawDescData = protoimpl.X.CompressGZIP(file_rlimit_proto_rawDescData) + }) + return file_rlimit_proto_rawDescData +} + +var file_rlimit_proto_msgTypes = make([]protoimpl.MessageInfo, 1) +var file_rlimit_proto_goTypes = []interface{}{ + (*RlimitEntry)(nil), // 0: criu.rlimit_entry +} +var file_rlimit_proto_depIdxs = []int32{ + 0, // [0:0] is the sub-list for method output_type + 0, // [0:0] is the sub-list for method input_type + 0, // [0:0] is the sub-list for extension type_name + 0, // [0:0] is the sub-list for extension extendee + 0, // [0:0] is the sub-list for field type_name +} + +func init() { file_rlimit_proto_init() } +func file_rlimit_proto_init() { + if File_rlimit_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_rlimit_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*RlimitEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_rlimit_proto_rawDesc, + NumEnums: 0, + NumMessages: 1, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_rlimit_proto_goTypes, + DependencyIndexes: file_rlimit_proto_depIdxs, + MessageInfos: file_rlimit_proto_msgTypes, + }.Build() + File_rlimit_proto = out.File + file_rlimit_proto_rawDesc = nil + file_rlimit_proto_goTypes = nil + file_rlimit_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/rlimit.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/rlimit.proto new file mode 100644 index 00000000000..7c2ce18d1b2 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/rlimit.proto @@ -0,0 +1,9 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +message rlimit_entry { + required uint64 cur = 1; + required uint64 max = 2; +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/rpc.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/rpc.pb.go new file mode 100644 index 00000000000..0e8ba876441 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/rpc.pb.go @@ -0,0 +1,2330 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: rpc.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type CriuCgMode int32 + +const ( + CriuCgMode_IGNORE CriuCgMode = 0 + CriuCgMode_CG_NONE CriuCgMode = 1 + CriuCgMode_PROPS CriuCgMode = 2 + CriuCgMode_SOFT CriuCgMode = 3 + CriuCgMode_FULL CriuCgMode = 4 + CriuCgMode_STRICT CriuCgMode = 5 + CriuCgMode_DEFAULT CriuCgMode = 6 +) + +// Enum value maps for CriuCgMode. +var ( + CriuCgMode_name = map[int32]string{ + 0: "IGNORE", + 1: "CG_NONE", + 2: "PROPS", + 3: "SOFT", + 4: "FULL", + 5: "STRICT", + 6: "DEFAULT", + } + CriuCgMode_value = map[string]int32{ + "IGNORE": 0, + "CG_NONE": 1, + "PROPS": 2, + "SOFT": 3, + "FULL": 4, + "STRICT": 5, + "DEFAULT": 6, + } +) + +func (x CriuCgMode) Enum() *CriuCgMode { + p := new(CriuCgMode) + *p = x + return p +} + +func (x CriuCgMode) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (CriuCgMode) Descriptor() protoreflect.EnumDescriptor { + return file_rpc_proto_enumTypes[0].Descriptor() +} + +func (CriuCgMode) Type() protoreflect.EnumType { + return &file_rpc_proto_enumTypes[0] +} + +func (x CriuCgMode) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Do not use. +func (x *CriuCgMode) UnmarshalJSON(b []byte) error { + num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b) + if err != nil { + return err + } + *x = CriuCgMode(num) + return nil +} + +// Deprecated: Use CriuCgMode.Descriptor instead. +func (CriuCgMode) EnumDescriptor() ([]byte, []int) { + return file_rpc_proto_rawDescGZIP(), []int{0} +} + +type CriuNetworkLockMethod int32 + +const ( + CriuNetworkLockMethod_IPTABLES CriuNetworkLockMethod = 1 + CriuNetworkLockMethod_NFTABLES CriuNetworkLockMethod = 2 +) + +// Enum value maps for CriuNetworkLockMethod. +var ( + CriuNetworkLockMethod_name = map[int32]string{ + 1: "IPTABLES", + 2: "NFTABLES", + } + CriuNetworkLockMethod_value = map[string]int32{ + "IPTABLES": 1, + "NFTABLES": 2, + } +) + +func (x CriuNetworkLockMethod) Enum() *CriuNetworkLockMethod { + p := new(CriuNetworkLockMethod) + *p = x + return p +} + +func (x CriuNetworkLockMethod) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (CriuNetworkLockMethod) Descriptor() protoreflect.EnumDescriptor { + return file_rpc_proto_enumTypes[1].Descriptor() +} + +func (CriuNetworkLockMethod) Type() protoreflect.EnumType { + return &file_rpc_proto_enumTypes[1] +} + +func (x CriuNetworkLockMethod) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Do not use. +func (x *CriuNetworkLockMethod) UnmarshalJSON(b []byte) error { + num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b) + if err != nil { + return err + } + *x = CriuNetworkLockMethod(num) + return nil +} + +// Deprecated: Use CriuNetworkLockMethod.Descriptor instead. +func (CriuNetworkLockMethod) EnumDescriptor() ([]byte, []int) { + return file_rpc_proto_rawDescGZIP(), []int{1} +} + +type CriuPreDumpMode int32 + +const ( + CriuPreDumpMode_SPLICE CriuPreDumpMode = 1 + CriuPreDumpMode_VM_READ CriuPreDumpMode = 2 +) + +// Enum value maps for CriuPreDumpMode. +var ( + CriuPreDumpMode_name = map[int32]string{ + 1: "SPLICE", + 2: "VM_READ", + } + CriuPreDumpMode_value = map[string]int32{ + "SPLICE": 1, + "VM_READ": 2, + } +) + +func (x CriuPreDumpMode) Enum() *CriuPreDumpMode { + p := new(CriuPreDumpMode) + *p = x + return p +} + +func (x CriuPreDumpMode) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (CriuPreDumpMode) Descriptor() protoreflect.EnumDescriptor { + return file_rpc_proto_enumTypes[2].Descriptor() +} + +func (CriuPreDumpMode) Type() protoreflect.EnumType { + return &file_rpc_proto_enumTypes[2] +} + +func (x CriuPreDumpMode) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Do not use. +func (x *CriuPreDumpMode) UnmarshalJSON(b []byte) error { + num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b) + if err != nil { + return err + } + *x = CriuPreDumpMode(num) + return nil +} + +// Deprecated: Use CriuPreDumpMode.Descriptor instead. +func (CriuPreDumpMode) EnumDescriptor() ([]byte, []int) { + return file_rpc_proto_rawDescGZIP(), []int{2} +} + +type CriuReqType int32 + +const ( + CriuReqType_EMPTY CriuReqType = 0 + CriuReqType_DUMP CriuReqType = 1 + CriuReqType_RESTORE CriuReqType = 2 + CriuReqType_CHECK CriuReqType = 3 + CriuReqType_PRE_DUMP CriuReqType = 4 + CriuReqType_PAGE_SERVER CriuReqType = 5 + CriuReqType_NOTIFY CriuReqType = 6 + CriuReqType_CPUINFO_DUMP CriuReqType = 7 + CriuReqType_CPUINFO_CHECK CriuReqType = 8 + CriuReqType_FEATURE_CHECK CriuReqType = 9 + CriuReqType_VERSION CriuReqType = 10 + CriuReqType_WAIT_PID CriuReqType = 11 + CriuReqType_PAGE_SERVER_CHLD CriuReqType = 12 + CriuReqType_SINGLE_PRE_DUMP CriuReqType = 13 +) + +// Enum value maps for CriuReqType. +var ( + CriuReqType_name = map[int32]string{ + 0: "EMPTY", + 1: "DUMP", + 2: "RESTORE", + 3: "CHECK", + 4: "PRE_DUMP", + 5: "PAGE_SERVER", + 6: "NOTIFY", + 7: "CPUINFO_DUMP", + 8: "CPUINFO_CHECK", + 9: "FEATURE_CHECK", + 10: "VERSION", + 11: "WAIT_PID", + 12: "PAGE_SERVER_CHLD", + 13: "SINGLE_PRE_DUMP", + } + CriuReqType_value = map[string]int32{ + "EMPTY": 0, + "DUMP": 1, + "RESTORE": 2, + "CHECK": 3, + "PRE_DUMP": 4, + "PAGE_SERVER": 5, + "NOTIFY": 6, + "CPUINFO_DUMP": 7, + "CPUINFO_CHECK": 8, + "FEATURE_CHECK": 9, + "VERSION": 10, + "WAIT_PID": 11, + "PAGE_SERVER_CHLD": 12, + "SINGLE_PRE_DUMP": 13, + } +) + +func (x CriuReqType) Enum() *CriuReqType { + p := new(CriuReqType) + *p = x + return p +} + +func (x CriuReqType) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (CriuReqType) Descriptor() protoreflect.EnumDescriptor { + return file_rpc_proto_enumTypes[3].Descriptor() +} + +func (CriuReqType) Type() protoreflect.EnumType { + return &file_rpc_proto_enumTypes[3] +} + +func (x CriuReqType) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Do not use. +func (x *CriuReqType) UnmarshalJSON(b []byte) error { + num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b) + if err != nil { + return err + } + *x = CriuReqType(num) + return nil +} + +// Deprecated: Use CriuReqType.Descriptor instead. +func (CriuReqType) EnumDescriptor() ([]byte, []int) { + return file_rpc_proto_rawDescGZIP(), []int{3} +} + +type CriuPageServerInfo struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Address *string `protobuf:"bytes,1,opt,name=address" json:"address,omitempty"` + Port *int32 `protobuf:"varint,2,opt,name=port" json:"port,omitempty"` + Pid *int32 `protobuf:"varint,3,opt,name=pid" json:"pid,omitempty"` + Fd *int32 `protobuf:"varint,4,opt,name=fd" json:"fd,omitempty"` +} + +func (x *CriuPageServerInfo) Reset() { + *x = CriuPageServerInfo{} + if protoimpl.UnsafeEnabled { + mi := &file_rpc_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *CriuPageServerInfo) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*CriuPageServerInfo) ProtoMessage() {} + +func (x *CriuPageServerInfo) ProtoReflect() protoreflect.Message { + mi := &file_rpc_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use CriuPageServerInfo.ProtoReflect.Descriptor instead. +func (*CriuPageServerInfo) Descriptor() ([]byte, []int) { + return file_rpc_proto_rawDescGZIP(), []int{0} +} + +func (x *CriuPageServerInfo) GetAddress() string { + if x != nil && x.Address != nil { + return *x.Address + } + return "" +} + +func (x *CriuPageServerInfo) GetPort() int32 { + if x != nil && x.Port != nil { + return *x.Port + } + return 0 +} + +func (x *CriuPageServerInfo) GetPid() int32 { + if x != nil && x.Pid != nil { + return *x.Pid + } + return 0 +} + +func (x *CriuPageServerInfo) GetFd() int32 { + if x != nil && x.Fd != nil { + return *x.Fd + } + return 0 +} + +type CriuVethPair struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + IfIn *string `protobuf:"bytes,1,req,name=if_in,json=ifIn" json:"if_in,omitempty"` + IfOut *string `protobuf:"bytes,2,req,name=if_out,json=ifOut" json:"if_out,omitempty"` +} + +func (x *CriuVethPair) Reset() { + *x = CriuVethPair{} + if protoimpl.UnsafeEnabled { + mi := &file_rpc_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *CriuVethPair) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*CriuVethPair) ProtoMessage() {} + +func (x *CriuVethPair) ProtoReflect() protoreflect.Message { + mi := &file_rpc_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use CriuVethPair.ProtoReflect.Descriptor instead. +func (*CriuVethPair) Descriptor() ([]byte, []int) { + return file_rpc_proto_rawDescGZIP(), []int{1} +} + +func (x *CriuVethPair) GetIfIn() string { + if x != nil && x.IfIn != nil { + return *x.IfIn + } + return "" +} + +func (x *CriuVethPair) GetIfOut() string { + if x != nil && x.IfOut != nil { + return *x.IfOut + } + return "" +} + +type ExtMountMap struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Key *string `protobuf:"bytes,1,req,name=key" json:"key,omitempty"` + Val *string `protobuf:"bytes,2,req,name=val" json:"val,omitempty"` +} + +func (x *ExtMountMap) Reset() { + *x = ExtMountMap{} + if protoimpl.UnsafeEnabled { + mi := &file_rpc_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ExtMountMap) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ExtMountMap) ProtoMessage() {} + +func (x *ExtMountMap) ProtoReflect() protoreflect.Message { + mi := &file_rpc_proto_msgTypes[2] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ExtMountMap.ProtoReflect.Descriptor instead. +func (*ExtMountMap) Descriptor() ([]byte, []int) { + return file_rpc_proto_rawDescGZIP(), []int{2} +} + +func (x *ExtMountMap) GetKey() string { + if x != nil && x.Key != nil { + return *x.Key + } + return "" +} + +func (x *ExtMountMap) GetVal() string { + if x != nil && x.Val != nil { + return *x.Val + } + return "" +} + +type JoinNamespace struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Ns *string `protobuf:"bytes,1,req,name=ns" json:"ns,omitempty"` + NsFile *string `protobuf:"bytes,2,req,name=ns_file,json=nsFile" json:"ns_file,omitempty"` + ExtraOpt *string `protobuf:"bytes,3,opt,name=extra_opt,json=extraOpt" json:"extra_opt,omitempty"` +} + +func (x *JoinNamespace) Reset() { + *x = JoinNamespace{} + if protoimpl.UnsafeEnabled { + mi := &file_rpc_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *JoinNamespace) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*JoinNamespace) ProtoMessage() {} + +func (x *JoinNamespace) ProtoReflect() protoreflect.Message { + mi := &file_rpc_proto_msgTypes[3] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use JoinNamespace.ProtoReflect.Descriptor instead. +func (*JoinNamespace) Descriptor() ([]byte, []int) { + return file_rpc_proto_rawDescGZIP(), []int{3} +} + +func (x *JoinNamespace) GetNs() string { + if x != nil && x.Ns != nil { + return *x.Ns + } + return "" +} + +func (x *JoinNamespace) GetNsFile() string { + if x != nil && x.NsFile != nil { + return *x.NsFile + } + return "" +} + +func (x *JoinNamespace) GetExtraOpt() string { + if x != nil && x.ExtraOpt != nil { + return *x.ExtraOpt + } + return "" +} + +type InheritFd struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Key *string `protobuf:"bytes,1,req,name=key" json:"key,omitempty"` + Fd *int32 `protobuf:"varint,2,req,name=fd" json:"fd,omitempty"` +} + +func (x *InheritFd) Reset() { + *x = InheritFd{} + if protoimpl.UnsafeEnabled { + mi := &file_rpc_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *InheritFd) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*InheritFd) ProtoMessage() {} + +func (x *InheritFd) ProtoReflect() protoreflect.Message { + mi := &file_rpc_proto_msgTypes[4] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use InheritFd.ProtoReflect.Descriptor instead. +func (*InheritFd) Descriptor() ([]byte, []int) { + return file_rpc_proto_rawDescGZIP(), []int{4} +} + +func (x *InheritFd) GetKey() string { + if x != nil && x.Key != nil { + return *x.Key + } + return "" +} + +func (x *InheritFd) GetFd() int32 { + if x != nil && x.Fd != nil { + return *x.Fd + } + return 0 +} + +type CgroupRoot struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Ctrl *string `protobuf:"bytes,1,opt,name=ctrl" json:"ctrl,omitempty"` + Path *string `protobuf:"bytes,2,req,name=path" json:"path,omitempty"` +} + +func (x *CgroupRoot) Reset() { + *x = CgroupRoot{} + if protoimpl.UnsafeEnabled { + mi := &file_rpc_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *CgroupRoot) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*CgroupRoot) ProtoMessage() {} + +func (x *CgroupRoot) ProtoReflect() protoreflect.Message { + mi := &file_rpc_proto_msgTypes[5] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use CgroupRoot.ProtoReflect.Descriptor instead. +func (*CgroupRoot) Descriptor() ([]byte, []int) { + return file_rpc_proto_rawDescGZIP(), []int{5} +} + +func (x *CgroupRoot) GetCtrl() string { + if x != nil && x.Ctrl != nil { + return *x.Ctrl + } + return "" +} + +func (x *CgroupRoot) GetPath() string { + if x != nil && x.Path != nil { + return *x.Path + } + return "" +} + +type UnixSk struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Inode *uint32 `protobuf:"varint,1,req,name=inode" json:"inode,omitempty"` +} + +func (x *UnixSk) Reset() { + *x = UnixSk{} + if protoimpl.UnsafeEnabled { + mi := &file_rpc_proto_msgTypes[6] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *UnixSk) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*UnixSk) ProtoMessage() {} + +func (x *UnixSk) ProtoReflect() protoreflect.Message { + mi := &file_rpc_proto_msgTypes[6] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use UnixSk.ProtoReflect.Descriptor instead. +func (*UnixSk) Descriptor() ([]byte, []int) { + return file_rpc_proto_rawDescGZIP(), []int{6} +} + +func (x *UnixSk) GetInode() uint32 { + if x != nil && x.Inode != nil { + return *x.Inode + } + return 0 +} + +type CriuOpts struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + ImagesDirFd *int32 `protobuf:"varint,1,req,name=images_dir_fd,json=imagesDirFd" json:"images_dir_fd,omitempty"` + Pid *int32 `protobuf:"varint,2,opt,name=pid" json:"pid,omitempty"` // if not set on dump, will dump requesting process + LeaveRunning *bool `protobuf:"varint,3,opt,name=leave_running,json=leaveRunning" json:"leave_running,omitempty"` + ExtUnixSk *bool `protobuf:"varint,4,opt,name=ext_unix_sk,json=extUnixSk" json:"ext_unix_sk,omitempty"` + TcpEstablished *bool `protobuf:"varint,5,opt,name=tcp_established,json=tcpEstablished" json:"tcp_established,omitempty"` + EvasiveDevices *bool `protobuf:"varint,6,opt,name=evasive_devices,json=evasiveDevices" json:"evasive_devices,omitempty"` + ShellJob *bool `protobuf:"varint,7,opt,name=shell_job,json=shellJob" json:"shell_job,omitempty"` + FileLocks *bool `protobuf:"varint,8,opt,name=file_locks,json=fileLocks" json:"file_locks,omitempty"` + LogLevel *int32 `protobuf:"varint,9,opt,name=log_level,json=logLevel,def=2" json:"log_level,omitempty"` + LogFile *string `protobuf:"bytes,10,opt,name=log_file,json=logFile" json:"log_file,omitempty"` // No subdirs are allowed. Consider using work-dir + Ps *CriuPageServerInfo `protobuf:"bytes,11,opt,name=ps" json:"ps,omitempty"` + NotifyScripts *bool `protobuf:"varint,12,opt,name=notify_scripts,json=notifyScripts" json:"notify_scripts,omitempty"` + Root *string `protobuf:"bytes,13,opt,name=root" json:"root,omitempty"` + ParentImg *string `protobuf:"bytes,14,opt,name=parent_img,json=parentImg" json:"parent_img,omitempty"` + TrackMem *bool `protobuf:"varint,15,opt,name=track_mem,json=trackMem" json:"track_mem,omitempty"` + AutoDedup *bool `protobuf:"varint,16,opt,name=auto_dedup,json=autoDedup" json:"auto_dedup,omitempty"` + WorkDirFd *int32 `protobuf:"varint,17,opt,name=work_dir_fd,json=workDirFd" json:"work_dir_fd,omitempty"` + LinkRemap *bool `protobuf:"varint,18,opt,name=link_remap,json=linkRemap" json:"link_remap,omitempty"` + Veths []*CriuVethPair `protobuf:"bytes,19,rep,name=veths" json:"veths,omitempty"` // DEPRECATED, use external instead + CpuCap *uint32 `protobuf:"varint,20,opt,name=cpu_cap,json=cpuCap,def=4294967295" json:"cpu_cap,omitempty"` + ForceIrmap *bool `protobuf:"varint,21,opt,name=force_irmap,json=forceIrmap" json:"force_irmap,omitempty"` + ExecCmd []string `protobuf:"bytes,22,rep,name=exec_cmd,json=execCmd" json:"exec_cmd,omitempty"` + ExtMnt []*ExtMountMap `protobuf:"bytes,23,rep,name=ext_mnt,json=extMnt" json:"ext_mnt,omitempty"` // DEPRECATED, use external instead + ManageCgroups *bool `protobuf:"varint,24,opt,name=manage_cgroups,json=manageCgroups" json:"manage_cgroups,omitempty"` // backward compatibility + CgRoot []*CgroupRoot `protobuf:"bytes,25,rep,name=cg_root,json=cgRoot" json:"cg_root,omitempty"` + RstSibling *bool `protobuf:"varint,26,opt,name=rst_sibling,json=rstSibling" json:"rst_sibling,omitempty"` // swrk only + InheritFd []*InheritFd `protobuf:"bytes,27,rep,name=inherit_fd,json=inheritFd" json:"inherit_fd,omitempty"` // swrk only + AutoExtMnt *bool `protobuf:"varint,28,opt,name=auto_ext_mnt,json=autoExtMnt" json:"auto_ext_mnt,omitempty"` + ExtSharing *bool `protobuf:"varint,29,opt,name=ext_sharing,json=extSharing" json:"ext_sharing,omitempty"` + ExtMasters *bool `protobuf:"varint,30,opt,name=ext_masters,json=extMasters" json:"ext_masters,omitempty"` + SkipMnt []string `protobuf:"bytes,31,rep,name=skip_mnt,json=skipMnt" json:"skip_mnt,omitempty"` + EnableFs []string `protobuf:"bytes,32,rep,name=enable_fs,json=enableFs" json:"enable_fs,omitempty"` + UnixSkIno []*UnixSk `protobuf:"bytes,33,rep,name=unix_sk_ino,json=unixSkIno" json:"unix_sk_ino,omitempty"` // DEPRECATED, use external instead + ManageCgroupsMode *CriuCgMode `protobuf:"varint,34,opt,name=manage_cgroups_mode,json=manageCgroupsMode,enum=criu.CriuCgMode" json:"manage_cgroups_mode,omitempty"` + GhostLimit *uint32 `protobuf:"varint,35,opt,name=ghost_limit,json=ghostLimit,def=1048576" json:"ghost_limit,omitempty"` + IrmapScanPaths []string `protobuf:"bytes,36,rep,name=irmap_scan_paths,json=irmapScanPaths" json:"irmap_scan_paths,omitempty"` + External []string `protobuf:"bytes,37,rep,name=external" json:"external,omitempty"` + EmptyNs *uint32 `protobuf:"varint,38,opt,name=empty_ns,json=emptyNs" json:"empty_ns,omitempty"` + JoinNs []*JoinNamespace `protobuf:"bytes,39,rep,name=join_ns,json=joinNs" json:"join_ns,omitempty"` + CgroupProps *string `protobuf:"bytes,41,opt,name=cgroup_props,json=cgroupProps" json:"cgroup_props,omitempty"` + CgroupPropsFile *string `protobuf:"bytes,42,opt,name=cgroup_props_file,json=cgroupPropsFile" json:"cgroup_props_file,omitempty"` + CgroupDumpController []string `protobuf:"bytes,43,rep,name=cgroup_dump_controller,json=cgroupDumpController" json:"cgroup_dump_controller,omitempty"` + FreezeCgroup *string `protobuf:"bytes,44,opt,name=freeze_cgroup,json=freezeCgroup" json:"freeze_cgroup,omitempty"` + Timeout *uint32 `protobuf:"varint,45,opt,name=timeout" json:"timeout,omitempty"` + TcpSkipInFlight *bool `protobuf:"varint,46,opt,name=tcp_skip_in_flight,json=tcpSkipInFlight" json:"tcp_skip_in_flight,omitempty"` + WeakSysctls *bool `protobuf:"varint,47,opt,name=weak_sysctls,json=weakSysctls" json:"weak_sysctls,omitempty"` + LazyPages *bool `protobuf:"varint,48,opt,name=lazy_pages,json=lazyPages" json:"lazy_pages,omitempty"` + StatusFd *int32 `protobuf:"varint,49,opt,name=status_fd,json=statusFd" json:"status_fd,omitempty"` + OrphanPtsMaster *bool `protobuf:"varint,50,opt,name=orphan_pts_master,json=orphanPtsMaster" json:"orphan_pts_master,omitempty"` + ConfigFile *string `protobuf:"bytes,51,opt,name=config_file,json=configFile" json:"config_file,omitempty"` + TcpClose *bool `protobuf:"varint,52,opt,name=tcp_close,json=tcpClose" json:"tcp_close,omitempty"` + LsmProfile *string `protobuf:"bytes,53,opt,name=lsm_profile,json=lsmProfile" json:"lsm_profile,omitempty"` + TlsCacert *string `protobuf:"bytes,54,opt,name=tls_cacert,json=tlsCacert" json:"tls_cacert,omitempty"` + TlsCacrl *string `protobuf:"bytes,55,opt,name=tls_cacrl,json=tlsCacrl" json:"tls_cacrl,omitempty"` + TlsCert *string `protobuf:"bytes,56,opt,name=tls_cert,json=tlsCert" json:"tls_cert,omitempty"` + TlsKey *string `protobuf:"bytes,57,opt,name=tls_key,json=tlsKey" json:"tls_key,omitempty"` + Tls *bool `protobuf:"varint,58,opt,name=tls" json:"tls,omitempty"` + TlsNoCnVerify *bool `protobuf:"varint,59,opt,name=tls_no_cn_verify,json=tlsNoCnVerify" json:"tls_no_cn_verify,omitempty"` + CgroupYard *string `protobuf:"bytes,60,opt,name=cgroup_yard,json=cgroupYard" json:"cgroup_yard,omitempty"` + PreDumpMode *CriuPreDumpMode `protobuf:"varint,61,opt,name=pre_dump_mode,json=preDumpMode,enum=criu.CriuPreDumpMode,def=1" json:"pre_dump_mode,omitempty"` + PidfdStoreSk *int32 `protobuf:"varint,62,opt,name=pidfd_store_sk,json=pidfdStoreSk" json:"pidfd_store_sk,omitempty"` + LsmMountContext *string `protobuf:"bytes,63,opt,name=lsm_mount_context,json=lsmMountContext" json:"lsm_mount_context,omitempty"` + NetworkLock *CriuNetworkLockMethod `protobuf:"varint,64,opt,name=network_lock,json=networkLock,enum=criu.CriuNetworkLockMethod,def=1" json:"network_lock,omitempty"` + MntnsCompatMode *bool `protobuf:"varint,65,opt,name=mntns_compat_mode,json=mntnsCompatMode" json:"mntns_compat_mode,omitempty"` // optional bool check_mounts = 128; +} + +// Default values for CriuOpts fields. +const ( + Default_CriuOpts_LogLevel = int32(2) + Default_CriuOpts_CpuCap = uint32(4294967295) + Default_CriuOpts_GhostLimit = uint32(1048576) + Default_CriuOpts_PreDumpMode = CriuPreDumpMode_SPLICE + Default_CriuOpts_NetworkLock = CriuNetworkLockMethod_IPTABLES +) + +func (x *CriuOpts) Reset() { + *x = CriuOpts{} + if protoimpl.UnsafeEnabled { + mi := &file_rpc_proto_msgTypes[7] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *CriuOpts) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*CriuOpts) ProtoMessage() {} + +func (x *CriuOpts) ProtoReflect() protoreflect.Message { + mi := &file_rpc_proto_msgTypes[7] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use CriuOpts.ProtoReflect.Descriptor instead. +func (*CriuOpts) Descriptor() ([]byte, []int) { + return file_rpc_proto_rawDescGZIP(), []int{7} +} + +func (x *CriuOpts) GetImagesDirFd() int32 { + if x != nil && x.ImagesDirFd != nil { + return *x.ImagesDirFd + } + return 0 +} + +func (x *CriuOpts) GetPid() int32 { + if x != nil && x.Pid != nil { + return *x.Pid + } + return 0 +} + +func (x *CriuOpts) GetLeaveRunning() bool { + if x != nil && x.LeaveRunning != nil { + return *x.LeaveRunning + } + return false +} + +func (x *CriuOpts) GetExtUnixSk() bool { + if x != nil && x.ExtUnixSk != nil { + return *x.ExtUnixSk + } + return false +} + +func (x *CriuOpts) GetTcpEstablished() bool { + if x != nil && x.TcpEstablished != nil { + return *x.TcpEstablished + } + return false +} + +func (x *CriuOpts) GetEvasiveDevices() bool { + if x != nil && x.EvasiveDevices != nil { + return *x.EvasiveDevices + } + return false +} + +func (x *CriuOpts) GetShellJob() bool { + if x != nil && x.ShellJob != nil { + return *x.ShellJob + } + return false +} + +func (x *CriuOpts) GetFileLocks() bool { + if x != nil && x.FileLocks != nil { + return *x.FileLocks + } + return false +} + +func (x *CriuOpts) GetLogLevel() int32 { + if x != nil && x.LogLevel != nil { + return *x.LogLevel + } + return Default_CriuOpts_LogLevel +} + +func (x *CriuOpts) GetLogFile() string { + if x != nil && x.LogFile != nil { + return *x.LogFile + } + return "" +} + +func (x *CriuOpts) GetPs() *CriuPageServerInfo { + if x != nil { + return x.Ps + } + return nil +} + +func (x *CriuOpts) GetNotifyScripts() bool { + if x != nil && x.NotifyScripts != nil { + return *x.NotifyScripts + } + return false +} + +func (x *CriuOpts) GetRoot() string { + if x != nil && x.Root != nil { + return *x.Root + } + return "" +} + +func (x *CriuOpts) GetParentImg() string { + if x != nil && x.ParentImg != nil { + return *x.ParentImg + } + return "" +} + +func (x *CriuOpts) GetTrackMem() bool { + if x != nil && x.TrackMem != nil { + return *x.TrackMem + } + return false +} + +func (x *CriuOpts) GetAutoDedup() bool { + if x != nil && x.AutoDedup != nil { + return *x.AutoDedup + } + return false +} + +func (x *CriuOpts) GetWorkDirFd() int32 { + if x != nil && x.WorkDirFd != nil { + return *x.WorkDirFd + } + return 0 +} + +func (x *CriuOpts) GetLinkRemap() bool { + if x != nil && x.LinkRemap != nil { + return *x.LinkRemap + } + return false +} + +func (x *CriuOpts) GetVeths() []*CriuVethPair { + if x != nil { + return x.Veths + } + return nil +} + +func (x *CriuOpts) GetCpuCap() uint32 { + if x != nil && x.CpuCap != nil { + return *x.CpuCap + } + return Default_CriuOpts_CpuCap +} + +func (x *CriuOpts) GetForceIrmap() bool { + if x != nil && x.ForceIrmap != nil { + return *x.ForceIrmap + } + return false +} + +func (x *CriuOpts) GetExecCmd() []string { + if x != nil { + return x.ExecCmd + } + return nil +} + +func (x *CriuOpts) GetExtMnt() []*ExtMountMap { + if x != nil { + return x.ExtMnt + } + return nil +} + +func (x *CriuOpts) GetManageCgroups() bool { + if x != nil && x.ManageCgroups != nil { + return *x.ManageCgroups + } + return false +} + +func (x *CriuOpts) GetCgRoot() []*CgroupRoot { + if x != nil { + return x.CgRoot + } + return nil +} + +func (x *CriuOpts) GetRstSibling() bool { + if x != nil && x.RstSibling != nil { + return *x.RstSibling + } + return false +} + +func (x *CriuOpts) GetInheritFd() []*InheritFd { + if x != nil { + return x.InheritFd + } + return nil +} + +func (x *CriuOpts) GetAutoExtMnt() bool { + if x != nil && x.AutoExtMnt != nil { + return *x.AutoExtMnt + } + return false +} + +func (x *CriuOpts) GetExtSharing() bool { + if x != nil && x.ExtSharing != nil { + return *x.ExtSharing + } + return false +} + +func (x *CriuOpts) GetExtMasters() bool { + if x != nil && x.ExtMasters != nil { + return *x.ExtMasters + } + return false +} + +func (x *CriuOpts) GetSkipMnt() []string { + if x != nil { + return x.SkipMnt + } + return nil +} + +func (x *CriuOpts) GetEnableFs() []string { + if x != nil { + return x.EnableFs + } + return nil +} + +func (x *CriuOpts) GetUnixSkIno() []*UnixSk { + if x != nil { + return x.UnixSkIno + } + return nil +} + +func (x *CriuOpts) GetManageCgroupsMode() CriuCgMode { + if x != nil && x.ManageCgroupsMode != nil { + return *x.ManageCgroupsMode + } + return CriuCgMode_IGNORE +} + +func (x *CriuOpts) GetGhostLimit() uint32 { + if x != nil && x.GhostLimit != nil { + return *x.GhostLimit + } + return Default_CriuOpts_GhostLimit +} + +func (x *CriuOpts) GetIrmapScanPaths() []string { + if x != nil { + return x.IrmapScanPaths + } + return nil +} + +func (x *CriuOpts) GetExternal() []string { + if x != nil { + return x.External + } + return nil +} + +func (x *CriuOpts) GetEmptyNs() uint32 { + if x != nil && x.EmptyNs != nil { + return *x.EmptyNs + } + return 0 +} + +func (x *CriuOpts) GetJoinNs() []*JoinNamespace { + if x != nil { + return x.JoinNs + } + return nil +} + +func (x *CriuOpts) GetCgroupProps() string { + if x != nil && x.CgroupProps != nil { + return *x.CgroupProps + } + return "" +} + +func (x *CriuOpts) GetCgroupPropsFile() string { + if x != nil && x.CgroupPropsFile != nil { + return *x.CgroupPropsFile + } + return "" +} + +func (x *CriuOpts) GetCgroupDumpController() []string { + if x != nil { + return x.CgroupDumpController + } + return nil +} + +func (x *CriuOpts) GetFreezeCgroup() string { + if x != nil && x.FreezeCgroup != nil { + return *x.FreezeCgroup + } + return "" +} + +func (x *CriuOpts) GetTimeout() uint32 { + if x != nil && x.Timeout != nil { + return *x.Timeout + } + return 0 +} + +func (x *CriuOpts) GetTcpSkipInFlight() bool { + if x != nil && x.TcpSkipInFlight != nil { + return *x.TcpSkipInFlight + } + return false +} + +func (x *CriuOpts) GetWeakSysctls() bool { + if x != nil && x.WeakSysctls != nil { + return *x.WeakSysctls + } + return false +} + +func (x *CriuOpts) GetLazyPages() bool { + if x != nil && x.LazyPages != nil { + return *x.LazyPages + } + return false +} + +func (x *CriuOpts) GetStatusFd() int32 { + if x != nil && x.StatusFd != nil { + return *x.StatusFd + } + return 0 +} + +func (x *CriuOpts) GetOrphanPtsMaster() bool { + if x != nil && x.OrphanPtsMaster != nil { + return *x.OrphanPtsMaster + } + return false +} + +func (x *CriuOpts) GetConfigFile() string { + if x != nil && x.ConfigFile != nil { + return *x.ConfigFile + } + return "" +} + +func (x *CriuOpts) GetTcpClose() bool { + if x != nil && x.TcpClose != nil { + return *x.TcpClose + } + return false +} + +func (x *CriuOpts) GetLsmProfile() string { + if x != nil && x.LsmProfile != nil { + return *x.LsmProfile + } + return "" +} + +func (x *CriuOpts) GetTlsCacert() string { + if x != nil && x.TlsCacert != nil { + return *x.TlsCacert + } + return "" +} + +func (x *CriuOpts) GetTlsCacrl() string { + if x != nil && x.TlsCacrl != nil { + return *x.TlsCacrl + } + return "" +} + +func (x *CriuOpts) GetTlsCert() string { + if x != nil && x.TlsCert != nil { + return *x.TlsCert + } + return "" +} + +func (x *CriuOpts) GetTlsKey() string { + if x != nil && x.TlsKey != nil { + return *x.TlsKey + } + return "" +} + +func (x *CriuOpts) GetTls() bool { + if x != nil && x.Tls != nil { + return *x.Tls + } + return false +} + +func (x *CriuOpts) GetTlsNoCnVerify() bool { + if x != nil && x.TlsNoCnVerify != nil { + return *x.TlsNoCnVerify + } + return false +} + +func (x *CriuOpts) GetCgroupYard() string { + if x != nil && x.CgroupYard != nil { + return *x.CgroupYard + } + return "" +} + +func (x *CriuOpts) GetPreDumpMode() CriuPreDumpMode { + if x != nil && x.PreDumpMode != nil { + return *x.PreDumpMode + } + return Default_CriuOpts_PreDumpMode +} + +func (x *CriuOpts) GetPidfdStoreSk() int32 { + if x != nil && x.PidfdStoreSk != nil { + return *x.PidfdStoreSk + } + return 0 +} + +func (x *CriuOpts) GetLsmMountContext() string { + if x != nil && x.LsmMountContext != nil { + return *x.LsmMountContext + } + return "" +} + +func (x *CriuOpts) GetNetworkLock() CriuNetworkLockMethod { + if x != nil && x.NetworkLock != nil { + return *x.NetworkLock + } + return Default_CriuOpts_NetworkLock +} + +func (x *CriuOpts) GetMntnsCompatMode() bool { + if x != nil && x.MntnsCompatMode != nil { + return *x.MntnsCompatMode + } + return false +} + +type CriuDumpResp struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Restored *bool `protobuf:"varint,1,opt,name=restored" json:"restored,omitempty"` +} + +func (x *CriuDumpResp) Reset() { + *x = CriuDumpResp{} + if protoimpl.UnsafeEnabled { + mi := &file_rpc_proto_msgTypes[8] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *CriuDumpResp) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*CriuDumpResp) ProtoMessage() {} + +func (x *CriuDumpResp) ProtoReflect() protoreflect.Message { + mi := &file_rpc_proto_msgTypes[8] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use CriuDumpResp.ProtoReflect.Descriptor instead. +func (*CriuDumpResp) Descriptor() ([]byte, []int) { + return file_rpc_proto_rawDescGZIP(), []int{8} +} + +func (x *CriuDumpResp) GetRestored() bool { + if x != nil && x.Restored != nil { + return *x.Restored + } + return false +} + +type CriuRestoreResp struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Pid *int32 `protobuf:"varint,1,req,name=pid" json:"pid,omitempty"` +} + +func (x *CriuRestoreResp) Reset() { + *x = CriuRestoreResp{} + if protoimpl.UnsafeEnabled { + mi := &file_rpc_proto_msgTypes[9] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *CriuRestoreResp) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*CriuRestoreResp) ProtoMessage() {} + +func (x *CriuRestoreResp) ProtoReflect() protoreflect.Message { + mi := &file_rpc_proto_msgTypes[9] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use CriuRestoreResp.ProtoReflect.Descriptor instead. +func (*CriuRestoreResp) Descriptor() ([]byte, []int) { + return file_rpc_proto_rawDescGZIP(), []int{9} +} + +func (x *CriuRestoreResp) GetPid() int32 { + if x != nil && x.Pid != nil { + return *x.Pid + } + return 0 +} + +type CriuNotify struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Script *string `protobuf:"bytes,1,opt,name=script" json:"script,omitempty"` + Pid *int32 `protobuf:"varint,2,opt,name=pid" json:"pid,omitempty"` +} + +func (x *CriuNotify) Reset() { + *x = CriuNotify{} + if protoimpl.UnsafeEnabled { + mi := &file_rpc_proto_msgTypes[10] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *CriuNotify) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*CriuNotify) ProtoMessage() {} + +func (x *CriuNotify) ProtoReflect() protoreflect.Message { + mi := &file_rpc_proto_msgTypes[10] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use CriuNotify.ProtoReflect.Descriptor instead. +func (*CriuNotify) Descriptor() ([]byte, []int) { + return file_rpc_proto_rawDescGZIP(), []int{10} +} + +func (x *CriuNotify) GetScript() string { + if x != nil && x.Script != nil { + return *x.Script + } + return "" +} + +func (x *CriuNotify) GetPid() int32 { + if x != nil && x.Pid != nil { + return *x.Pid + } + return 0 +} + +// List of features which can queried via +// CRIU_REQ_TYPE__FEATURE_CHECK +type CriuFeatures struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + MemTrack *bool `protobuf:"varint,1,opt,name=mem_track,json=memTrack" json:"mem_track,omitempty"` + LazyPages *bool `protobuf:"varint,2,opt,name=lazy_pages,json=lazyPages" json:"lazy_pages,omitempty"` + PidfdStore *bool `protobuf:"varint,3,opt,name=pidfd_store,json=pidfdStore" json:"pidfd_store,omitempty"` +} + +func (x *CriuFeatures) Reset() { + *x = CriuFeatures{} + if protoimpl.UnsafeEnabled { + mi := &file_rpc_proto_msgTypes[11] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *CriuFeatures) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*CriuFeatures) ProtoMessage() {} + +func (x *CriuFeatures) ProtoReflect() protoreflect.Message { + mi := &file_rpc_proto_msgTypes[11] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use CriuFeatures.ProtoReflect.Descriptor instead. +func (*CriuFeatures) Descriptor() ([]byte, []int) { + return file_rpc_proto_rawDescGZIP(), []int{11} +} + +func (x *CriuFeatures) GetMemTrack() bool { + if x != nil && x.MemTrack != nil { + return *x.MemTrack + } + return false +} + +func (x *CriuFeatures) GetLazyPages() bool { + if x != nil && x.LazyPages != nil { + return *x.LazyPages + } + return false +} + +func (x *CriuFeatures) GetPidfdStore() bool { + if x != nil && x.PidfdStore != nil { + return *x.PidfdStore + } + return false +} + +type CriuReq struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Type *CriuReqType `protobuf:"varint,1,req,name=type,enum=criu.CriuReqType" json:"type,omitempty"` + Opts *CriuOpts `protobuf:"bytes,2,opt,name=opts" json:"opts,omitempty"` + NotifySuccess *bool `protobuf:"varint,3,opt,name=notify_success,json=notifySuccess" json:"notify_success,omitempty"` + // When set service won't close the connection but + // will wait for more req-s to appear. Works not + // for all request types. + KeepOpen *bool `protobuf:"varint,4,opt,name=keep_open,json=keepOpen" json:"keep_open,omitempty"` + // 'features' can be used to query which features + // are supported by the installed criu/kernel + // via RPC. + Features *CriuFeatures `protobuf:"bytes,5,opt,name=features" json:"features,omitempty"` + // 'pid' is used for WAIT_PID + Pid *uint32 `protobuf:"varint,6,opt,name=pid" json:"pid,omitempty"` +} + +func (x *CriuReq) Reset() { + *x = CriuReq{} + if protoimpl.UnsafeEnabled { + mi := &file_rpc_proto_msgTypes[12] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *CriuReq) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*CriuReq) ProtoMessage() {} + +func (x *CriuReq) ProtoReflect() protoreflect.Message { + mi := &file_rpc_proto_msgTypes[12] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use CriuReq.ProtoReflect.Descriptor instead. +func (*CriuReq) Descriptor() ([]byte, []int) { + return file_rpc_proto_rawDescGZIP(), []int{12} +} + +func (x *CriuReq) GetType() CriuReqType { + if x != nil && x.Type != nil { + return *x.Type + } + return CriuReqType_EMPTY +} + +func (x *CriuReq) GetOpts() *CriuOpts { + if x != nil { + return x.Opts + } + return nil +} + +func (x *CriuReq) GetNotifySuccess() bool { + if x != nil && x.NotifySuccess != nil { + return *x.NotifySuccess + } + return false +} + +func (x *CriuReq) GetKeepOpen() bool { + if x != nil && x.KeepOpen != nil { + return *x.KeepOpen + } + return false +} + +func (x *CriuReq) GetFeatures() *CriuFeatures { + if x != nil { + return x.Features + } + return nil +} + +func (x *CriuReq) GetPid() uint32 { + if x != nil && x.Pid != nil { + return *x.Pid + } + return 0 +} + +type CriuResp struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Type *CriuReqType `protobuf:"varint,1,req,name=type,enum=criu.CriuReqType" json:"type,omitempty"` + Success *bool `protobuf:"varint,2,req,name=success" json:"success,omitempty"` + Dump *CriuDumpResp `protobuf:"bytes,3,opt,name=dump" json:"dump,omitempty"` + Restore *CriuRestoreResp `protobuf:"bytes,4,opt,name=restore" json:"restore,omitempty"` + Notify *CriuNotify `protobuf:"bytes,5,opt,name=notify" json:"notify,omitempty"` + Ps *CriuPageServerInfo `protobuf:"bytes,6,opt,name=ps" json:"ps,omitempty"` + CrErrno *int32 `protobuf:"varint,7,opt,name=cr_errno,json=crErrno" json:"cr_errno,omitempty"` + Features *CriuFeatures `protobuf:"bytes,8,opt,name=features" json:"features,omitempty"` + CrErrmsg *string `protobuf:"bytes,9,opt,name=cr_errmsg,json=crErrmsg" json:"cr_errmsg,omitempty"` + Version *CriuVersion `protobuf:"bytes,10,opt,name=version" json:"version,omitempty"` + Status *int32 `protobuf:"varint,11,opt,name=status" json:"status,omitempty"` +} + +func (x *CriuResp) Reset() { + *x = CriuResp{} + if protoimpl.UnsafeEnabled { + mi := &file_rpc_proto_msgTypes[13] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *CriuResp) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*CriuResp) ProtoMessage() {} + +func (x *CriuResp) ProtoReflect() protoreflect.Message { + mi := &file_rpc_proto_msgTypes[13] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use CriuResp.ProtoReflect.Descriptor instead. +func (*CriuResp) Descriptor() ([]byte, []int) { + return file_rpc_proto_rawDescGZIP(), []int{13} +} + +func (x *CriuResp) GetType() CriuReqType { + if x != nil && x.Type != nil { + return *x.Type + } + return CriuReqType_EMPTY +} + +func (x *CriuResp) GetSuccess() bool { + if x != nil && x.Success != nil { + return *x.Success + } + return false +} + +func (x *CriuResp) GetDump() *CriuDumpResp { + if x != nil { + return x.Dump + } + return nil +} + +func (x *CriuResp) GetRestore() *CriuRestoreResp { + if x != nil { + return x.Restore + } + return nil +} + +func (x *CriuResp) GetNotify() *CriuNotify { + if x != nil { + return x.Notify + } + return nil +} + +func (x *CriuResp) GetPs() *CriuPageServerInfo { + if x != nil { + return x.Ps + } + return nil +} + +func (x *CriuResp) GetCrErrno() int32 { + if x != nil && x.CrErrno != nil { + return *x.CrErrno + } + return 0 +} + +func (x *CriuResp) GetFeatures() *CriuFeatures { + if x != nil { + return x.Features + } + return nil +} + +func (x *CriuResp) GetCrErrmsg() string { + if x != nil && x.CrErrmsg != nil { + return *x.CrErrmsg + } + return "" +} + +func (x *CriuResp) GetVersion() *CriuVersion { + if x != nil { + return x.Version + } + return nil +} + +func (x *CriuResp) GetStatus() int32 { + if x != nil && x.Status != nil { + return *x.Status + } + return 0 +} + +// Answer for criu_req_type.VERSION requests +type CriuVersion struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + MajorNumber *int32 `protobuf:"varint,1,req,name=major_number,json=majorNumber" json:"major_number,omitempty"` + MinorNumber *int32 `protobuf:"varint,2,req,name=minor_number,json=minorNumber" json:"minor_number,omitempty"` + Gitid *string `protobuf:"bytes,3,opt,name=gitid" json:"gitid,omitempty"` + Sublevel *int32 `protobuf:"varint,4,opt,name=sublevel" json:"sublevel,omitempty"` + Extra *int32 `protobuf:"varint,5,opt,name=extra" json:"extra,omitempty"` + Name *string `protobuf:"bytes,6,opt,name=name" json:"name,omitempty"` +} + +func (x *CriuVersion) Reset() { + *x = CriuVersion{} + if protoimpl.UnsafeEnabled { + mi := &file_rpc_proto_msgTypes[14] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *CriuVersion) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*CriuVersion) ProtoMessage() {} + +func (x *CriuVersion) ProtoReflect() protoreflect.Message { + mi := &file_rpc_proto_msgTypes[14] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use CriuVersion.ProtoReflect.Descriptor instead. +func (*CriuVersion) Descriptor() ([]byte, []int) { + return file_rpc_proto_rawDescGZIP(), []int{14} +} + +func (x *CriuVersion) GetMajorNumber() int32 { + if x != nil && x.MajorNumber != nil { + return *x.MajorNumber + } + return 0 +} + +func (x *CriuVersion) GetMinorNumber() int32 { + if x != nil && x.MinorNumber != nil { + return *x.MinorNumber + } + return 0 +} + +func (x *CriuVersion) GetGitid() string { + if x != nil && x.Gitid != nil { + return *x.Gitid + } + return "" +} + +func (x *CriuVersion) GetSublevel() int32 { + if x != nil && x.Sublevel != nil { + return *x.Sublevel + } + return 0 +} + +func (x *CriuVersion) GetExtra() int32 { + if x != nil && x.Extra != nil { + return *x.Extra + } + return 0 +} + +func (x *CriuVersion) GetName() string { + if x != nil && x.Name != nil { + return *x.Name + } + return "" +} + +var File_rpc_proto protoreflect.FileDescriptor + +var file_rpc_proto_rawDesc = []byte{ + 0x0a, 0x09, 0x72, 0x70, 0x63, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x63, 0x72, 0x69, + 0x75, 0x22, 0x67, 0x0a, 0x15, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x70, 0x61, 0x67, 0x65, 0x5f, 0x73, + 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x12, 0x18, 0x0a, 0x07, 0x61, 0x64, + 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x61, 0x64, 0x64, + 0x72, 0x65, 0x73, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x02, 0x20, 0x01, + 0x28, 0x05, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x70, 0x69, 0x64, 0x18, + 0x03, 0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x70, 0x69, 0x64, 0x12, 0x0e, 0x0a, 0x02, 0x66, 0x64, + 0x18, 0x04, 0x20, 0x01, 0x28, 0x05, 0x52, 0x02, 0x66, 0x64, 0x22, 0x3c, 0x0a, 0x0e, 0x63, 0x72, + 0x69, 0x75, 0x5f, 0x76, 0x65, 0x74, 0x68, 0x5f, 0x70, 0x61, 0x69, 0x72, 0x12, 0x13, 0x0a, 0x05, + 0x69, 0x66, 0x5f, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x02, 0x28, 0x09, 0x52, 0x04, 0x69, 0x66, 0x49, + 0x6e, 0x12, 0x15, 0x0a, 0x06, 0x69, 0x66, 0x5f, 0x6f, 0x75, 0x74, 0x18, 0x02, 0x20, 0x02, 0x28, + 0x09, 0x52, 0x05, 0x69, 0x66, 0x4f, 0x75, 0x74, 0x22, 0x33, 0x0a, 0x0d, 0x65, 0x78, 0x74, 0x5f, + 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x6d, 0x61, 0x70, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, + 0x18, 0x01, 0x20, 0x02, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x76, + 0x61, 0x6c, 0x18, 0x02, 0x20, 0x02, 0x28, 0x09, 0x52, 0x03, 0x76, 0x61, 0x6c, 0x22, 0x56, 0x0a, + 0x0e, 0x6a, 0x6f, 0x69, 0x6e, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, + 0x0e, 0x0a, 0x02, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x02, 0x28, 0x09, 0x52, 0x02, 0x6e, 0x73, 0x12, + 0x17, 0x0a, 0x07, 0x6e, 0x73, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x02, 0x28, 0x09, + 0x52, 0x06, 0x6e, 0x73, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x1b, 0x0a, 0x09, 0x65, 0x78, 0x74, 0x72, + 0x61, 0x5f, 0x6f, 0x70, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x65, 0x78, 0x74, + 0x72, 0x61, 0x4f, 0x70, 0x74, 0x22, 0x2e, 0x0a, 0x0a, 0x69, 0x6e, 0x68, 0x65, 0x72, 0x69, 0x74, + 0x5f, 0x66, 0x64, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x02, 0x28, 0x09, + 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x66, 0x64, 0x18, 0x02, 0x20, 0x02, 0x28, + 0x05, 0x52, 0x02, 0x66, 0x64, 0x22, 0x35, 0x0a, 0x0b, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, + 0x72, 0x6f, 0x6f, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x63, 0x74, 0x72, 0x6c, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x04, 0x63, 0x74, 0x72, 0x6c, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, + 0x18, 0x02, 0x20, 0x02, 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x22, 0x1f, 0x0a, 0x07, + 0x75, 0x6e, 0x69, 0x78, 0x5f, 0x73, 0x6b, 0x12, 0x14, 0x0a, 0x05, 0x69, 0x6e, 0x6f, 0x64, 0x65, + 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x69, 0x6e, 0x6f, 0x64, 0x65, 0x22, 0xb2, 0x12, + 0x0a, 0x09, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x6f, 0x70, 0x74, 0x73, 0x12, 0x22, 0x0a, 0x0d, 0x69, + 0x6d, 0x61, 0x67, 0x65, 0x73, 0x5f, 0x64, 0x69, 0x72, 0x5f, 0x66, 0x64, 0x18, 0x01, 0x20, 0x02, + 0x28, 0x05, 0x52, 0x0b, 0x69, 0x6d, 0x61, 0x67, 0x65, 0x73, 0x44, 0x69, 0x72, 0x46, 0x64, 0x12, + 0x10, 0x0a, 0x03, 0x70, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x70, 0x69, + 0x64, 0x12, 0x23, 0x0a, 0x0d, 0x6c, 0x65, 0x61, 0x76, 0x65, 0x5f, 0x72, 0x75, 0x6e, 0x6e, 0x69, + 0x6e, 0x67, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0c, 0x6c, 0x65, 0x61, 0x76, 0x65, 0x52, + 0x75, 0x6e, 0x6e, 0x69, 0x6e, 0x67, 0x12, 0x1e, 0x0a, 0x0b, 0x65, 0x78, 0x74, 0x5f, 0x75, 0x6e, + 0x69, 0x78, 0x5f, 0x73, 0x6b, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x65, 0x78, 0x74, + 0x55, 0x6e, 0x69, 0x78, 0x53, 0x6b, 0x12, 0x27, 0x0a, 0x0f, 0x74, 0x63, 0x70, 0x5f, 0x65, 0x73, + 0x74, 0x61, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x65, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, + 0x0e, 0x74, 0x63, 0x70, 0x45, 0x73, 0x74, 0x61, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x65, 0x64, 0x12, + 0x27, 0x0a, 0x0f, 0x65, 0x76, 0x61, 0x73, 0x69, 0x76, 0x65, 0x5f, 0x64, 0x65, 0x76, 0x69, 0x63, + 0x65, 0x73, 0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0e, 0x65, 0x76, 0x61, 0x73, 0x69, 0x76, + 0x65, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x73, 0x68, 0x65, 0x6c, + 0x6c, 0x5f, 0x6a, 0x6f, 0x62, 0x18, 0x07, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x73, 0x68, 0x65, + 0x6c, 0x6c, 0x4a, 0x6f, 0x62, 0x12, 0x1d, 0x0a, 0x0a, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x6c, 0x6f, + 0x63, 0x6b, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x66, 0x69, 0x6c, 0x65, 0x4c, + 0x6f, 0x63, 0x6b, 0x73, 0x12, 0x1e, 0x0a, 0x09, 0x6c, 0x6f, 0x67, 0x5f, 0x6c, 0x65, 0x76, 0x65, + 0x6c, 0x18, 0x09, 0x20, 0x01, 0x28, 0x05, 0x3a, 0x01, 0x32, 0x52, 0x08, 0x6c, 0x6f, 0x67, 0x4c, + 0x65, 0x76, 0x65, 0x6c, 0x12, 0x19, 0x0a, 0x08, 0x6c, 0x6f, 0x67, 0x5f, 0x66, 0x69, 0x6c, 0x65, + 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x6c, 0x6f, 0x67, 0x46, 0x69, 0x6c, 0x65, 0x12, + 0x2b, 0x0a, 0x02, 0x70, 0x73, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x63, 0x72, + 0x69, 0x75, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x70, 0x61, 0x67, 0x65, 0x5f, 0x73, 0x65, 0x72, + 0x76, 0x65, 0x72, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x52, 0x02, 0x70, 0x73, 0x12, 0x25, 0x0a, 0x0e, + 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x5f, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x73, 0x18, 0x0c, + 0x20, 0x01, 0x28, 0x08, 0x52, 0x0d, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x53, 0x63, 0x72, 0x69, + 0x70, 0x74, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x72, 0x6f, 0x6f, 0x74, 0x18, 0x0d, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x04, 0x72, 0x6f, 0x6f, 0x74, 0x12, 0x1d, 0x0a, 0x0a, 0x70, 0x61, 0x72, 0x65, 0x6e, + 0x74, 0x5f, 0x69, 0x6d, 0x67, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x70, 0x61, 0x72, + 0x65, 0x6e, 0x74, 0x49, 0x6d, 0x67, 0x12, 0x1b, 0x0a, 0x09, 0x74, 0x72, 0x61, 0x63, 0x6b, 0x5f, + 0x6d, 0x65, 0x6d, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x74, 0x72, 0x61, 0x63, 0x6b, + 0x4d, 0x65, 0x6d, 0x12, 0x1d, 0x0a, 0x0a, 0x61, 0x75, 0x74, 0x6f, 0x5f, 0x64, 0x65, 0x64, 0x75, + 0x70, 0x18, 0x10, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x61, 0x75, 0x74, 0x6f, 0x44, 0x65, 0x64, + 0x75, 0x70, 0x12, 0x1e, 0x0a, 0x0b, 0x77, 0x6f, 0x72, 0x6b, 0x5f, 0x64, 0x69, 0x72, 0x5f, 0x66, + 0x64, 0x18, 0x11, 0x20, 0x01, 0x28, 0x05, 0x52, 0x09, 0x77, 0x6f, 0x72, 0x6b, 0x44, 0x69, 0x72, + 0x46, 0x64, 0x12, 0x1d, 0x0a, 0x0a, 0x6c, 0x69, 0x6e, 0x6b, 0x5f, 0x72, 0x65, 0x6d, 0x61, 0x70, + 0x18, 0x12, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x6c, 0x69, 0x6e, 0x6b, 0x52, 0x65, 0x6d, 0x61, + 0x70, 0x12, 0x2a, 0x0a, 0x05, 0x76, 0x65, 0x74, 0x68, 0x73, 0x18, 0x13, 0x20, 0x03, 0x28, 0x0b, + 0x32, 0x14, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x76, 0x65, 0x74, + 0x68, 0x5f, 0x70, 0x61, 0x69, 0x72, 0x52, 0x05, 0x76, 0x65, 0x74, 0x68, 0x73, 0x12, 0x23, 0x0a, + 0x07, 0x63, 0x70, 0x75, 0x5f, 0x63, 0x61, 0x70, 0x18, 0x14, 0x20, 0x01, 0x28, 0x0d, 0x3a, 0x0a, + 0x34, 0x32, 0x39, 0x34, 0x39, 0x36, 0x37, 0x32, 0x39, 0x35, 0x52, 0x06, 0x63, 0x70, 0x75, 0x43, + 0x61, 0x70, 0x12, 0x1f, 0x0a, 0x0b, 0x66, 0x6f, 0x72, 0x63, 0x65, 0x5f, 0x69, 0x72, 0x6d, 0x61, + 0x70, 0x18, 0x15, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x66, 0x6f, 0x72, 0x63, 0x65, 0x49, 0x72, + 0x6d, 0x61, 0x70, 0x12, 0x19, 0x0a, 0x08, 0x65, 0x78, 0x65, 0x63, 0x5f, 0x63, 0x6d, 0x64, 0x18, + 0x16, 0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x65, 0x78, 0x65, 0x63, 0x43, 0x6d, 0x64, 0x12, 0x2c, + 0x0a, 0x07, 0x65, 0x78, 0x74, 0x5f, 0x6d, 0x6e, 0x74, 0x18, 0x17, 0x20, 0x03, 0x28, 0x0b, 0x32, + 0x13, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x65, 0x78, 0x74, 0x5f, 0x6d, 0x6f, 0x75, 0x6e, 0x74, + 0x5f, 0x6d, 0x61, 0x70, 0x52, 0x06, 0x65, 0x78, 0x74, 0x4d, 0x6e, 0x74, 0x12, 0x25, 0x0a, 0x0e, + 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x5f, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x18, 0x18, + 0x20, 0x01, 0x28, 0x08, 0x52, 0x0d, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x43, 0x67, 0x72, 0x6f, + 0x75, 0x70, 0x73, 0x12, 0x2a, 0x0a, 0x07, 0x63, 0x67, 0x5f, 0x72, 0x6f, 0x6f, 0x74, 0x18, 0x19, + 0x20, 0x03, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x63, 0x67, 0x72, 0x6f, + 0x75, 0x70, 0x5f, 0x72, 0x6f, 0x6f, 0x74, 0x52, 0x06, 0x63, 0x67, 0x52, 0x6f, 0x6f, 0x74, 0x12, + 0x1f, 0x0a, 0x0b, 0x72, 0x73, 0x74, 0x5f, 0x73, 0x69, 0x62, 0x6c, 0x69, 0x6e, 0x67, 0x18, 0x1a, + 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x72, 0x73, 0x74, 0x53, 0x69, 0x62, 0x6c, 0x69, 0x6e, 0x67, + 0x12, 0x2f, 0x0a, 0x0a, 0x69, 0x6e, 0x68, 0x65, 0x72, 0x69, 0x74, 0x5f, 0x66, 0x64, 0x18, 0x1b, + 0x20, 0x03, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x69, 0x6e, 0x68, 0x65, + 0x72, 0x69, 0x74, 0x5f, 0x66, 0x64, 0x52, 0x09, 0x69, 0x6e, 0x68, 0x65, 0x72, 0x69, 0x74, 0x46, + 0x64, 0x12, 0x20, 0x0a, 0x0c, 0x61, 0x75, 0x74, 0x6f, 0x5f, 0x65, 0x78, 0x74, 0x5f, 0x6d, 0x6e, + 0x74, 0x18, 0x1c, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x61, 0x75, 0x74, 0x6f, 0x45, 0x78, 0x74, + 0x4d, 0x6e, 0x74, 0x12, 0x1f, 0x0a, 0x0b, 0x65, 0x78, 0x74, 0x5f, 0x73, 0x68, 0x61, 0x72, 0x69, + 0x6e, 0x67, 0x18, 0x1d, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x65, 0x78, 0x74, 0x53, 0x68, 0x61, + 0x72, 0x69, 0x6e, 0x67, 0x12, 0x1f, 0x0a, 0x0b, 0x65, 0x78, 0x74, 0x5f, 0x6d, 0x61, 0x73, 0x74, + 0x65, 0x72, 0x73, 0x18, 0x1e, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x65, 0x78, 0x74, 0x4d, 0x61, + 0x73, 0x74, 0x65, 0x72, 0x73, 0x12, 0x19, 0x0a, 0x08, 0x73, 0x6b, 0x69, 0x70, 0x5f, 0x6d, 0x6e, + 0x74, 0x18, 0x1f, 0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x73, 0x6b, 0x69, 0x70, 0x4d, 0x6e, 0x74, + 0x12, 0x1b, 0x0a, 0x09, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x5f, 0x66, 0x73, 0x18, 0x20, 0x20, + 0x03, 0x28, 0x09, 0x52, 0x08, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x46, 0x73, 0x12, 0x2d, 0x0a, + 0x0b, 0x75, 0x6e, 0x69, 0x78, 0x5f, 0x73, 0x6b, 0x5f, 0x69, 0x6e, 0x6f, 0x18, 0x21, 0x20, 0x03, + 0x28, 0x0b, 0x32, 0x0d, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x75, 0x6e, 0x69, 0x78, 0x5f, 0x73, + 0x6b, 0x52, 0x09, 0x75, 0x6e, 0x69, 0x78, 0x53, 0x6b, 0x49, 0x6e, 0x6f, 0x12, 0x42, 0x0a, 0x13, + 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x5f, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x5f, 0x6d, + 0x6f, 0x64, 0x65, 0x18, 0x22, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x12, 0x2e, 0x63, 0x72, 0x69, 0x75, + 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x63, 0x67, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x52, 0x11, 0x6d, + 0x61, 0x6e, 0x61, 0x67, 0x65, 0x43, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x4d, 0x6f, 0x64, 0x65, + 0x12, 0x28, 0x0a, 0x0b, 0x67, 0x68, 0x6f, 0x73, 0x74, 0x5f, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x18, + 0x23, 0x20, 0x01, 0x28, 0x0d, 0x3a, 0x07, 0x31, 0x30, 0x34, 0x38, 0x35, 0x37, 0x36, 0x52, 0x0a, + 0x67, 0x68, 0x6f, 0x73, 0x74, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x12, 0x28, 0x0a, 0x10, 0x69, 0x72, + 0x6d, 0x61, 0x70, 0x5f, 0x73, 0x63, 0x61, 0x6e, 0x5f, 0x70, 0x61, 0x74, 0x68, 0x73, 0x18, 0x24, + 0x20, 0x03, 0x28, 0x09, 0x52, 0x0e, 0x69, 0x72, 0x6d, 0x61, 0x70, 0x53, 0x63, 0x61, 0x6e, 0x50, + 0x61, 0x74, 0x68, 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, + 0x18, 0x25, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, + 0x12, 0x19, 0x0a, 0x08, 0x65, 0x6d, 0x70, 0x74, 0x79, 0x5f, 0x6e, 0x73, 0x18, 0x26, 0x20, 0x01, + 0x28, 0x0d, 0x52, 0x07, 0x65, 0x6d, 0x70, 0x74, 0x79, 0x4e, 0x73, 0x12, 0x2d, 0x0a, 0x07, 0x6a, + 0x6f, 0x69, 0x6e, 0x5f, 0x6e, 0x73, 0x18, 0x27, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x63, + 0x72, 0x69, 0x75, 0x2e, 0x6a, 0x6f, 0x69, 0x6e, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, + 0x63, 0x65, 0x52, 0x06, 0x6a, 0x6f, 0x69, 0x6e, 0x4e, 0x73, 0x12, 0x21, 0x0a, 0x0c, 0x63, 0x67, + 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x70, 0x72, 0x6f, 0x70, 0x73, 0x18, 0x29, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x0b, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x50, 0x72, 0x6f, 0x70, 0x73, 0x12, 0x2a, 0x0a, + 0x11, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x70, 0x72, 0x6f, 0x70, 0x73, 0x5f, 0x66, 0x69, + 0x6c, 0x65, 0x18, 0x2a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, + 0x50, 0x72, 0x6f, 0x70, 0x73, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x34, 0x0a, 0x16, 0x63, 0x67, 0x72, + 0x6f, 0x75, 0x70, 0x5f, 0x64, 0x75, 0x6d, 0x70, 0x5f, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, + 0x6c, 0x65, 0x72, 0x18, 0x2b, 0x20, 0x03, 0x28, 0x09, 0x52, 0x14, 0x63, 0x67, 0x72, 0x6f, 0x75, + 0x70, 0x44, 0x75, 0x6d, 0x70, 0x43, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x12, + 0x23, 0x0a, 0x0d, 0x66, 0x72, 0x65, 0x65, 0x7a, 0x65, 0x5f, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, + 0x18, 0x2c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x66, 0x72, 0x65, 0x65, 0x7a, 0x65, 0x43, 0x67, + 0x72, 0x6f, 0x75, 0x70, 0x12, 0x18, 0x0a, 0x07, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, + 0x2d, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x07, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x2b, + 0x0a, 0x12, 0x74, 0x63, 0x70, 0x5f, 0x73, 0x6b, 0x69, 0x70, 0x5f, 0x69, 0x6e, 0x5f, 0x66, 0x6c, + 0x69, 0x67, 0x68, 0x74, 0x18, 0x2e, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0f, 0x74, 0x63, 0x70, 0x53, + 0x6b, 0x69, 0x70, 0x49, 0x6e, 0x46, 0x6c, 0x69, 0x67, 0x68, 0x74, 0x12, 0x21, 0x0a, 0x0c, 0x77, + 0x65, 0x61, 0x6b, 0x5f, 0x73, 0x79, 0x73, 0x63, 0x74, 0x6c, 0x73, 0x18, 0x2f, 0x20, 0x01, 0x28, + 0x08, 0x52, 0x0b, 0x77, 0x65, 0x61, 0x6b, 0x53, 0x79, 0x73, 0x63, 0x74, 0x6c, 0x73, 0x12, 0x1d, + 0x0a, 0x0a, 0x6c, 0x61, 0x7a, 0x79, 0x5f, 0x70, 0x61, 0x67, 0x65, 0x73, 0x18, 0x30, 0x20, 0x01, + 0x28, 0x08, 0x52, 0x09, 0x6c, 0x61, 0x7a, 0x79, 0x50, 0x61, 0x67, 0x65, 0x73, 0x12, 0x1b, 0x0a, + 0x09, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x5f, 0x66, 0x64, 0x18, 0x31, 0x20, 0x01, 0x28, 0x05, + 0x52, 0x08, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x46, 0x64, 0x12, 0x2a, 0x0a, 0x11, 0x6f, 0x72, + 0x70, 0x68, 0x61, 0x6e, 0x5f, 0x70, 0x74, 0x73, 0x5f, 0x6d, 0x61, 0x73, 0x74, 0x65, 0x72, 0x18, + 0x32, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0f, 0x6f, 0x72, 0x70, 0x68, 0x61, 0x6e, 0x50, 0x74, 0x73, + 0x4d, 0x61, 0x73, 0x74, 0x65, 0x72, 0x12, 0x1f, 0x0a, 0x0b, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, + 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x33, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x63, 0x6f, 0x6e, + 0x66, 0x69, 0x67, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x1b, 0x0a, 0x09, 0x74, 0x63, 0x70, 0x5f, 0x63, + 0x6c, 0x6f, 0x73, 0x65, 0x18, 0x34, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x74, 0x63, 0x70, 0x43, + 0x6c, 0x6f, 0x73, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x6c, 0x73, 0x6d, 0x5f, 0x70, 0x72, 0x6f, 0x66, + 0x69, 0x6c, 0x65, 0x18, 0x35, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x6c, 0x73, 0x6d, 0x50, 0x72, + 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x74, 0x6c, 0x73, 0x5f, 0x63, 0x61, 0x63, + 0x65, 0x72, 0x74, 0x18, 0x36, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x74, 0x6c, 0x73, 0x43, 0x61, + 0x63, 0x65, 0x72, 0x74, 0x12, 0x1b, 0x0a, 0x09, 0x74, 0x6c, 0x73, 0x5f, 0x63, 0x61, 0x63, 0x72, + 0x6c, 0x18, 0x37, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x74, 0x6c, 0x73, 0x43, 0x61, 0x63, 0x72, + 0x6c, 0x12, 0x19, 0x0a, 0x08, 0x74, 0x6c, 0x73, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x18, 0x38, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x07, 0x74, 0x6c, 0x73, 0x43, 0x65, 0x72, 0x74, 0x12, 0x17, 0x0a, 0x07, + 0x74, 0x6c, 0x73, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x39, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x74, + 0x6c, 0x73, 0x4b, 0x65, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x74, 0x6c, 0x73, 0x18, 0x3a, 0x20, 0x01, + 0x28, 0x08, 0x52, 0x03, 0x74, 0x6c, 0x73, 0x12, 0x27, 0x0a, 0x10, 0x74, 0x6c, 0x73, 0x5f, 0x6e, + 0x6f, 0x5f, 0x63, 0x6e, 0x5f, 0x76, 0x65, 0x72, 0x69, 0x66, 0x79, 0x18, 0x3b, 0x20, 0x01, 0x28, + 0x08, 0x52, 0x0d, 0x74, 0x6c, 0x73, 0x4e, 0x6f, 0x43, 0x6e, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, + 0x12, 0x1f, 0x0a, 0x0b, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x79, 0x61, 0x72, 0x64, 0x18, + 0x3c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x59, 0x61, 0x72, + 0x64, 0x12, 0x44, 0x0a, 0x0d, 0x70, 0x72, 0x65, 0x5f, 0x64, 0x75, 0x6d, 0x70, 0x5f, 0x6d, 0x6f, + 0x64, 0x65, 0x18, 0x3d, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x18, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, + 0x63, 0x72, 0x69, 0x75, 0x5f, 0x70, 0x72, 0x65, 0x5f, 0x64, 0x75, 0x6d, 0x70, 0x5f, 0x6d, 0x6f, + 0x64, 0x65, 0x3a, 0x06, 0x53, 0x50, 0x4c, 0x49, 0x43, 0x45, 0x52, 0x0b, 0x70, 0x72, 0x65, 0x44, + 0x75, 0x6d, 0x70, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x24, 0x0a, 0x0e, 0x70, 0x69, 0x64, 0x66, 0x64, + 0x5f, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x5f, 0x73, 0x6b, 0x18, 0x3e, 0x20, 0x01, 0x28, 0x05, 0x52, + 0x0c, 0x70, 0x69, 0x64, 0x66, 0x64, 0x53, 0x74, 0x6f, 0x72, 0x65, 0x53, 0x6b, 0x12, 0x2a, 0x0a, + 0x11, 0x6c, 0x73, 0x6d, 0x5f, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x63, 0x6f, 0x6e, 0x74, 0x65, + 0x78, 0x74, 0x18, 0x3f, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x6c, 0x73, 0x6d, 0x4d, 0x6f, 0x75, + 0x6e, 0x74, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x12, 0x4b, 0x0a, 0x0c, 0x6e, 0x65, 0x74, + 0x77, 0x6f, 0x72, 0x6b, 0x5f, 0x6c, 0x6f, 0x63, 0x6b, 0x18, 0x40, 0x20, 0x01, 0x28, 0x0e, 0x32, + 0x1e, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x6e, 0x65, 0x74, 0x77, + 0x6f, 0x72, 0x6b, 0x5f, 0x6c, 0x6f, 0x63, 0x6b, 0x5f, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x3a, + 0x08, 0x49, 0x50, 0x54, 0x41, 0x42, 0x4c, 0x45, 0x53, 0x52, 0x0b, 0x6e, 0x65, 0x74, 0x77, 0x6f, + 0x72, 0x6b, 0x4c, 0x6f, 0x63, 0x6b, 0x12, 0x2a, 0x0a, 0x11, 0x6d, 0x6e, 0x74, 0x6e, 0x73, 0x5f, + 0x63, 0x6f, 0x6d, 0x70, 0x61, 0x74, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x41, 0x20, 0x01, 0x28, + 0x08, 0x52, 0x0f, 0x6d, 0x6e, 0x74, 0x6e, 0x73, 0x43, 0x6f, 0x6d, 0x70, 0x61, 0x74, 0x4d, 0x6f, + 0x64, 0x65, 0x22, 0x2c, 0x0a, 0x0e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x64, 0x75, 0x6d, 0x70, 0x5f, + 0x72, 0x65, 0x73, 0x70, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x64, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x72, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x64, + 0x22, 0x25, 0x0a, 0x11, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x72, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, + 0x5f, 0x72, 0x65, 0x73, 0x70, 0x12, 0x10, 0x0a, 0x03, 0x70, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, + 0x28, 0x05, 0x52, 0x03, 0x70, 0x69, 0x64, 0x22, 0x37, 0x0a, 0x0b, 0x63, 0x72, 0x69, 0x75, 0x5f, + 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x12, 0x10, + 0x0a, 0x03, 0x70, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x70, 0x69, 0x64, + 0x22, 0x6c, 0x0a, 0x0d, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, + 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x6d, 0x65, 0x6d, 0x5f, 0x74, 0x72, 0x61, 0x63, 0x6b, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x6d, 0x65, 0x6d, 0x54, 0x72, 0x61, 0x63, 0x6b, 0x12, 0x1d, + 0x0a, 0x0a, 0x6c, 0x61, 0x7a, 0x79, 0x5f, 0x70, 0x61, 0x67, 0x65, 0x73, 0x18, 0x02, 0x20, 0x01, + 0x28, 0x08, 0x52, 0x09, 0x6c, 0x61, 0x7a, 0x79, 0x50, 0x61, 0x67, 0x65, 0x73, 0x12, 0x1f, 0x0a, + 0x0b, 0x70, 0x69, 0x64, 0x66, 0x64, 0x5f, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x18, 0x03, 0x20, 0x01, + 0x28, 0x08, 0x52, 0x0a, 0x70, 0x69, 0x64, 0x66, 0x64, 0x53, 0x74, 0x6f, 0x72, 0x65, 0x22, 0xdf, + 0x01, 0x0a, 0x08, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x72, 0x65, 0x71, 0x12, 0x27, 0x0a, 0x04, 0x74, + 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0e, 0x32, 0x13, 0x2e, 0x63, 0x72, 0x69, 0x75, + 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x72, 0x65, 0x71, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x52, 0x04, + 0x74, 0x79, 0x70, 0x65, 0x12, 0x23, 0x0a, 0x04, 0x6f, 0x70, 0x74, 0x73, 0x18, 0x02, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x6f, + 0x70, 0x74, 0x73, 0x52, 0x04, 0x6f, 0x70, 0x74, 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x6e, 0x6f, 0x74, + 0x69, 0x66, 0x79, 0x5f, 0x73, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, + 0x08, 0x52, 0x0d, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, + 0x12, 0x1b, 0x0a, 0x09, 0x6b, 0x65, 0x65, 0x70, 0x5f, 0x6f, 0x70, 0x65, 0x6e, 0x18, 0x04, 0x20, + 0x01, 0x28, 0x08, 0x52, 0x08, 0x6b, 0x65, 0x65, 0x70, 0x4f, 0x70, 0x65, 0x6e, 0x12, 0x2f, 0x0a, + 0x08, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x13, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x66, 0x65, 0x61, 0x74, + 0x75, 0x72, 0x65, 0x73, 0x52, 0x08, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x12, 0x10, + 0x0a, 0x03, 0x70, 0x69, 0x64, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x03, 0x70, 0x69, 0x64, + 0x22, 0xb2, 0x03, 0x0a, 0x09, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x12, 0x27, + 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0e, 0x32, 0x13, 0x2e, 0x63, + 0x72, 0x69, 0x75, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x72, 0x65, 0x71, 0x5f, 0x74, 0x79, 0x70, + 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x73, 0x75, 0x63, 0x63, 0x65, + 0x73, 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x08, 0x52, 0x07, 0x73, 0x75, 0x63, 0x63, 0x65, 0x73, + 0x73, 0x12, 0x28, 0x0a, 0x04, 0x64, 0x75, 0x6d, 0x70, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x14, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x64, 0x75, 0x6d, 0x70, + 0x5f, 0x72, 0x65, 0x73, 0x70, 0x52, 0x04, 0x64, 0x75, 0x6d, 0x70, 0x12, 0x31, 0x0a, 0x07, 0x72, + 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x63, + 0x72, 0x69, 0x75, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x72, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, + 0x5f, 0x72, 0x65, 0x73, 0x70, 0x52, 0x07, 0x72, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x12, 0x29, + 0x0a, 0x06, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x11, + 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x6e, 0x6f, 0x74, 0x69, 0x66, + 0x79, 0x52, 0x06, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x12, 0x2b, 0x0a, 0x02, 0x70, 0x73, 0x18, + 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x63, 0x72, 0x69, + 0x75, 0x5f, 0x70, 0x61, 0x67, 0x65, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x69, 0x6e, + 0x66, 0x6f, 0x52, 0x02, 0x70, 0x73, 0x12, 0x19, 0x0a, 0x08, 0x63, 0x72, 0x5f, 0x65, 0x72, 0x72, + 0x6e, 0x6f, 0x18, 0x07, 0x20, 0x01, 0x28, 0x05, 0x52, 0x07, 0x63, 0x72, 0x45, 0x72, 0x72, 0x6e, + 0x6f, 0x12, 0x2f, 0x0a, 0x08, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x18, 0x08, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, + 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x52, 0x08, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, + 0x65, 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x63, 0x72, 0x5f, 0x65, 0x72, 0x72, 0x6d, 0x73, 0x67, 0x18, + 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x63, 0x72, 0x45, 0x72, 0x72, 0x6d, 0x73, 0x67, 0x12, + 0x2c, 0x0a, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x12, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x76, 0x65, 0x72, + 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x16, 0x0a, + 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x05, 0x52, 0x06, 0x73, + 0x74, 0x61, 0x74, 0x75, 0x73, 0x22, 0xb0, 0x01, 0x0a, 0x0c, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x76, + 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x21, 0x0a, 0x0c, 0x6d, 0x61, 0x6a, 0x6f, 0x72, 0x5f, + 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x01, 0x20, 0x02, 0x28, 0x05, 0x52, 0x0b, 0x6d, 0x61, + 0x6a, 0x6f, 0x72, 0x4e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, 0x21, 0x0a, 0x0c, 0x6d, 0x69, 0x6e, + 0x6f, 0x72, 0x5f, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x02, 0x20, 0x02, 0x28, 0x05, 0x52, + 0x0b, 0x6d, 0x69, 0x6e, 0x6f, 0x72, 0x4e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, 0x14, 0x0a, 0x05, + 0x67, 0x69, 0x74, 0x69, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x67, 0x69, 0x74, + 0x69, 0x64, 0x12, 0x1a, 0x0a, 0x08, 0x73, 0x75, 0x62, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x18, 0x04, + 0x20, 0x01, 0x28, 0x05, 0x52, 0x08, 0x73, 0x75, 0x62, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x12, 0x14, + 0x0a, 0x05, 0x65, 0x78, 0x74, 0x72, 0x61, 0x18, 0x05, 0x20, 0x01, 0x28, 0x05, 0x52, 0x05, 0x65, + 0x78, 0x74, 0x72, 0x61, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x06, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x2a, 0x5f, 0x0a, 0x0c, 0x63, 0x72, 0x69, 0x75, + 0x5f, 0x63, 0x67, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x0a, 0x0a, 0x06, 0x49, 0x47, 0x4e, 0x4f, + 0x52, 0x45, 0x10, 0x00, 0x12, 0x0b, 0x0a, 0x07, 0x43, 0x47, 0x5f, 0x4e, 0x4f, 0x4e, 0x45, 0x10, + 0x01, 0x12, 0x09, 0x0a, 0x05, 0x50, 0x52, 0x4f, 0x50, 0x53, 0x10, 0x02, 0x12, 0x08, 0x0a, 0x04, + 0x53, 0x4f, 0x46, 0x54, 0x10, 0x03, 0x12, 0x08, 0x0a, 0x04, 0x46, 0x55, 0x4c, 0x4c, 0x10, 0x04, + 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x54, 0x52, 0x49, 0x43, 0x54, 0x10, 0x05, 0x12, 0x0b, 0x0a, 0x07, + 0x44, 0x45, 0x46, 0x41, 0x55, 0x4c, 0x54, 0x10, 0x06, 0x2a, 0x36, 0x0a, 0x18, 0x63, 0x72, 0x69, + 0x75, 0x5f, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x5f, 0x6c, 0x6f, 0x63, 0x6b, 0x5f, 0x6d, + 0x65, 0x74, 0x68, 0x6f, 0x64, 0x12, 0x0c, 0x0a, 0x08, 0x49, 0x50, 0x54, 0x41, 0x42, 0x4c, 0x45, + 0x53, 0x10, 0x01, 0x12, 0x0c, 0x0a, 0x08, 0x4e, 0x46, 0x54, 0x41, 0x42, 0x4c, 0x45, 0x53, 0x10, + 0x02, 0x2a, 0x2d, 0x0a, 0x12, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x70, 0x72, 0x65, 0x5f, 0x64, 0x75, + 0x6d, 0x70, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x50, 0x4c, 0x49, 0x43, + 0x45, 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x56, 0x4d, 0x5f, 0x52, 0x45, 0x41, 0x44, 0x10, 0x02, + 0x2a, 0xe5, 0x01, 0x0a, 0x0d, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x72, 0x65, 0x71, 0x5f, 0x74, 0x79, + 0x70, 0x65, 0x12, 0x09, 0x0a, 0x05, 0x45, 0x4d, 0x50, 0x54, 0x59, 0x10, 0x00, 0x12, 0x08, 0x0a, + 0x04, 0x44, 0x55, 0x4d, 0x50, 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x52, 0x45, 0x53, 0x54, 0x4f, + 0x52, 0x45, 0x10, 0x02, 0x12, 0x09, 0x0a, 0x05, 0x43, 0x48, 0x45, 0x43, 0x4b, 0x10, 0x03, 0x12, + 0x0c, 0x0a, 0x08, 0x50, 0x52, 0x45, 0x5f, 0x44, 0x55, 0x4d, 0x50, 0x10, 0x04, 0x12, 0x0f, 0x0a, + 0x0b, 0x50, 0x41, 0x47, 0x45, 0x5f, 0x53, 0x45, 0x52, 0x56, 0x45, 0x52, 0x10, 0x05, 0x12, 0x0a, + 0x0a, 0x06, 0x4e, 0x4f, 0x54, 0x49, 0x46, 0x59, 0x10, 0x06, 0x12, 0x10, 0x0a, 0x0c, 0x43, 0x50, + 0x55, 0x49, 0x4e, 0x46, 0x4f, 0x5f, 0x44, 0x55, 0x4d, 0x50, 0x10, 0x07, 0x12, 0x11, 0x0a, 0x0d, + 0x43, 0x50, 0x55, 0x49, 0x4e, 0x46, 0x4f, 0x5f, 0x43, 0x48, 0x45, 0x43, 0x4b, 0x10, 0x08, 0x12, + 0x11, 0x0a, 0x0d, 0x46, 0x45, 0x41, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x43, 0x48, 0x45, 0x43, 0x4b, + 0x10, 0x09, 0x12, 0x0b, 0x0a, 0x07, 0x56, 0x45, 0x52, 0x53, 0x49, 0x4f, 0x4e, 0x10, 0x0a, 0x12, + 0x0c, 0x0a, 0x08, 0x57, 0x41, 0x49, 0x54, 0x5f, 0x50, 0x49, 0x44, 0x10, 0x0b, 0x12, 0x14, 0x0a, + 0x10, 0x50, 0x41, 0x47, 0x45, 0x5f, 0x53, 0x45, 0x52, 0x56, 0x45, 0x52, 0x5f, 0x43, 0x48, 0x4c, + 0x44, 0x10, 0x0c, 0x12, 0x13, 0x0a, 0x0f, 0x53, 0x49, 0x4e, 0x47, 0x4c, 0x45, 0x5f, 0x50, 0x52, + 0x45, 0x5f, 0x44, 0x55, 0x4d, 0x50, 0x10, 0x0d, +} + +var ( + file_rpc_proto_rawDescOnce sync.Once + file_rpc_proto_rawDescData = file_rpc_proto_rawDesc +) + +func file_rpc_proto_rawDescGZIP() []byte { + file_rpc_proto_rawDescOnce.Do(func() { + file_rpc_proto_rawDescData = protoimpl.X.CompressGZIP(file_rpc_proto_rawDescData) + }) + return file_rpc_proto_rawDescData +} + +var file_rpc_proto_enumTypes = make([]protoimpl.EnumInfo, 4) +var file_rpc_proto_msgTypes = make([]protoimpl.MessageInfo, 15) +var file_rpc_proto_goTypes = []interface{}{ + (CriuCgMode)(0), // 0: criu.criu_cg_mode + (CriuNetworkLockMethod)(0), // 1: criu.criu_network_lock_method + (CriuPreDumpMode)(0), // 2: criu.criu_pre_dump_mode + (CriuReqType)(0), // 3: criu.criu_req_type + (*CriuPageServerInfo)(nil), // 4: criu.criu_page_server_info + (*CriuVethPair)(nil), // 5: criu.criu_veth_pair + (*ExtMountMap)(nil), // 6: criu.ext_mount_map + (*JoinNamespace)(nil), // 7: criu.join_namespace + (*InheritFd)(nil), // 8: criu.inherit_fd + (*CgroupRoot)(nil), // 9: criu.cgroup_root + (*UnixSk)(nil), // 10: criu.unix_sk + (*CriuOpts)(nil), // 11: criu.criu_opts + (*CriuDumpResp)(nil), // 12: criu.criu_dump_resp + (*CriuRestoreResp)(nil), // 13: criu.criu_restore_resp + (*CriuNotify)(nil), // 14: criu.criu_notify + (*CriuFeatures)(nil), // 15: criu.criu_features + (*CriuReq)(nil), // 16: criu.criu_req + (*CriuResp)(nil), // 17: criu.criu_resp + (*CriuVersion)(nil), // 18: criu.criu_version +} +var file_rpc_proto_depIdxs = []int32{ + 4, // 0: criu.criu_opts.ps:type_name -> criu.criu_page_server_info + 5, // 1: criu.criu_opts.veths:type_name -> criu.criu_veth_pair + 6, // 2: criu.criu_opts.ext_mnt:type_name -> criu.ext_mount_map + 9, // 3: criu.criu_opts.cg_root:type_name -> criu.cgroup_root + 8, // 4: criu.criu_opts.inherit_fd:type_name -> criu.inherit_fd + 10, // 5: criu.criu_opts.unix_sk_ino:type_name -> criu.unix_sk + 0, // 6: criu.criu_opts.manage_cgroups_mode:type_name -> criu.criu_cg_mode + 7, // 7: criu.criu_opts.join_ns:type_name -> criu.join_namespace + 2, // 8: criu.criu_opts.pre_dump_mode:type_name -> criu.criu_pre_dump_mode + 1, // 9: criu.criu_opts.network_lock:type_name -> criu.criu_network_lock_method + 3, // 10: criu.criu_req.type:type_name -> criu.criu_req_type + 11, // 11: criu.criu_req.opts:type_name -> criu.criu_opts + 15, // 12: criu.criu_req.features:type_name -> criu.criu_features + 3, // 13: criu.criu_resp.type:type_name -> criu.criu_req_type + 12, // 14: criu.criu_resp.dump:type_name -> criu.criu_dump_resp + 13, // 15: criu.criu_resp.restore:type_name -> criu.criu_restore_resp + 14, // 16: criu.criu_resp.notify:type_name -> criu.criu_notify + 4, // 17: criu.criu_resp.ps:type_name -> criu.criu_page_server_info + 15, // 18: criu.criu_resp.features:type_name -> criu.criu_features + 18, // 19: criu.criu_resp.version:type_name -> criu.criu_version + 20, // [20:20] is the sub-list for method output_type + 20, // [20:20] is the sub-list for method input_type + 20, // [20:20] is the sub-list for extension type_name + 20, // [20:20] is the sub-list for extension extendee + 0, // [0:20] is the sub-list for field type_name +} + +func init() { file_rpc_proto_init() } +func file_rpc_proto_init() { + if File_rpc_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_rpc_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*CriuPageServerInfo); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_rpc_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*CriuVethPair); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_rpc_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ExtMountMap); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_rpc_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*JoinNamespace); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_rpc_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*InheritFd); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_rpc_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*CgroupRoot); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_rpc_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*UnixSk); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_rpc_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*CriuOpts); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_rpc_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*CriuDumpResp); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_rpc_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*CriuRestoreResp); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_rpc_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*CriuNotify); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_rpc_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*CriuFeatures); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_rpc_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*CriuReq); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_rpc_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*CriuResp); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_rpc_proto_msgTypes[14].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*CriuVersion); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_rpc_proto_rawDesc, + NumEnums: 4, + NumMessages: 15, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_rpc_proto_goTypes, + DependencyIndexes: file_rpc_proto_depIdxs, + EnumInfos: file_rpc_proto_enumTypes, + MessageInfos: file_rpc_proto_msgTypes, + }.Build() + File_rpc_proto = out.File + file_rpc_proto_rawDesc = nil + file_rpc_proto_goTypes = nil + file_rpc_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v5/rpc/rpc.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/rpc.proto similarity index 96% rename from vendor/github.com/checkpoint-restore/go-criu/v5/rpc/rpc.proto rename to vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/rpc.proto index 61e1b24f4a4..a7f1d36558b 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v5/rpc/rpc.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/rpc.proto @@ -1,6 +1,7 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; +package criu; message criu_page_server_info { optional string address = 1; @@ -49,6 +50,11 @@ enum criu_cg_mode { DEFAULT = 6; }; +enum criu_network_lock_method { + IPTABLES = 1; + NFTABLES = 2; +}; + enum criu_pre_dump_mode { SPLICE = 1; VM_READ = 2; @@ -131,6 +137,8 @@ message criu_opts { optional criu_pre_dump_mode pre_dump_mode = 61 [default = SPLICE]; optional int32 pidfd_store_sk = 62; optional string lsm_mount_context = 63; + optional criu_network_lock_method network_lock = 64 [default = IPTABLES]; + optional bool mntns_compat_mode = 65; /* optional bool check_mounts = 128; */ } @@ -166,6 +174,8 @@ enum criu_req_type { WAIT_PID = 11; PAGE_SERVER_CHLD = 12; + + SINGLE_PRE_DUMP = 13; } /* diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/rseq.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/rseq.pb.go new file mode 100644 index 00000000000..b4c12560c4b --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/rseq.pb.go @@ -0,0 +1,174 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: rseq.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type RseqEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + RseqAbiPointer *uint64 `protobuf:"varint,1,req,name=rseq_abi_pointer,json=rseqAbiPointer" json:"rseq_abi_pointer,omitempty"` + RseqAbiSize *uint32 `protobuf:"varint,2,req,name=rseq_abi_size,json=rseqAbiSize" json:"rseq_abi_size,omitempty"` + Signature *uint32 `protobuf:"varint,3,req,name=signature" json:"signature,omitempty"` + RseqCsPointer *uint64 `protobuf:"varint,4,opt,name=rseq_cs_pointer,json=rseqCsPointer" json:"rseq_cs_pointer,omitempty"` +} + +func (x *RseqEntry) Reset() { + *x = RseqEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_rseq_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *RseqEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*RseqEntry) ProtoMessage() {} + +func (x *RseqEntry) ProtoReflect() protoreflect.Message { + mi := &file_rseq_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use RseqEntry.ProtoReflect.Descriptor instead. +func (*RseqEntry) Descriptor() ([]byte, []int) { + return file_rseq_proto_rawDescGZIP(), []int{0} +} + +func (x *RseqEntry) GetRseqAbiPointer() uint64 { + if x != nil && x.RseqAbiPointer != nil { + return *x.RseqAbiPointer + } + return 0 +} + +func (x *RseqEntry) GetRseqAbiSize() uint32 { + if x != nil && x.RseqAbiSize != nil { + return *x.RseqAbiSize + } + return 0 +} + +func (x *RseqEntry) GetSignature() uint32 { + if x != nil && x.Signature != nil { + return *x.Signature + } + return 0 +} + +func (x *RseqEntry) GetRseqCsPointer() uint64 { + if x != nil && x.RseqCsPointer != nil { + return *x.RseqCsPointer + } + return 0 +} + +var File_rseq_proto protoreflect.FileDescriptor + +var file_rseq_proto_rawDesc = []byte{ + 0x0a, 0x0a, 0x72, 0x73, 0x65, 0x71, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x63, 0x72, + 0x69, 0x75, 0x22, 0xa0, 0x01, 0x0a, 0x0a, 0x72, 0x73, 0x65, 0x71, 0x5f, 0x65, 0x6e, 0x74, 0x72, + 0x79, 0x12, 0x28, 0x0a, 0x10, 0x72, 0x73, 0x65, 0x71, 0x5f, 0x61, 0x62, 0x69, 0x5f, 0x70, 0x6f, + 0x69, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x52, 0x0e, 0x72, 0x73, 0x65, + 0x71, 0x41, 0x62, 0x69, 0x50, 0x6f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x12, 0x22, 0x0a, 0x0d, 0x72, + 0x73, 0x65, 0x71, 0x5f, 0x61, 0x62, 0x69, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x02, 0x20, 0x02, + 0x28, 0x0d, 0x52, 0x0b, 0x72, 0x73, 0x65, 0x71, 0x41, 0x62, 0x69, 0x53, 0x69, 0x7a, 0x65, 0x12, + 0x1c, 0x0a, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x18, 0x03, 0x20, 0x02, + 0x28, 0x0d, 0x52, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x12, 0x26, 0x0a, + 0x0f, 0x72, 0x73, 0x65, 0x71, 0x5f, 0x63, 0x73, 0x5f, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x65, 0x72, + 0x18, 0x04, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0d, 0x72, 0x73, 0x65, 0x71, 0x43, 0x73, 0x50, 0x6f, + 0x69, 0x6e, 0x74, 0x65, 0x72, +} + +var ( + file_rseq_proto_rawDescOnce sync.Once + file_rseq_proto_rawDescData = file_rseq_proto_rawDesc +) + +func file_rseq_proto_rawDescGZIP() []byte { + file_rseq_proto_rawDescOnce.Do(func() { + file_rseq_proto_rawDescData = protoimpl.X.CompressGZIP(file_rseq_proto_rawDescData) + }) + return file_rseq_proto_rawDescData +} + +var file_rseq_proto_msgTypes = make([]protoimpl.MessageInfo, 1) +var file_rseq_proto_goTypes = []interface{}{ + (*RseqEntry)(nil), // 0: criu.rseq_entry +} +var file_rseq_proto_depIdxs = []int32{ + 0, // [0:0] is the sub-list for method output_type + 0, // [0:0] is the sub-list for method input_type + 0, // [0:0] is the sub-list for extension type_name + 0, // [0:0] is the sub-list for extension extendee + 0, // [0:0] is the sub-list for field type_name +} + +func init() { file_rseq_proto_init() } +func file_rseq_proto_init() { + if File_rseq_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_rseq_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*RseqEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_rseq_proto_rawDesc, + NumEnums: 0, + NumMessages: 1, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_rseq_proto_goTypes, + DependencyIndexes: file_rseq_proto_depIdxs, + MessageInfos: file_rseq_proto_msgTypes, + }.Build() + File_rseq_proto = out.File + file_rseq_proto_rawDesc = nil + file_rseq_proto_goTypes = nil + file_rseq_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/rseq.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/rseq.proto new file mode 100644 index 00000000000..5f1ff5e0a88 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/rseq.proto @@ -0,0 +1,11 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +message rseq_entry { + required uint64 rseq_abi_pointer = 1; + required uint32 rseq_abi_size = 2; + required uint32 signature = 3; + optional uint64 rseq_cs_pointer = 4; +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sa.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sa.pb.go new file mode 100644 index 00000000000..19ab651e282 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sa.pb.go @@ -0,0 +1,195 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: sa.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type SaEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Sigaction *uint64 `protobuf:"varint,1,req,name=sigaction" json:"sigaction,omitempty"` + Flags *uint64 `protobuf:"varint,2,req,name=flags" json:"flags,omitempty"` + Restorer *uint64 `protobuf:"varint,3,req,name=restorer" json:"restorer,omitempty"` + Mask *uint64 `protobuf:"varint,4,req,name=mask" json:"mask,omitempty"` + CompatSigaction *bool `protobuf:"varint,5,opt,name=compat_sigaction,json=compatSigaction" json:"compat_sigaction,omitempty"` + MaskExtended *uint64 `protobuf:"varint,6,opt,name=mask_extended,json=maskExtended" json:"mask_extended,omitempty"` +} + +func (x *SaEntry) Reset() { + *x = SaEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_sa_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *SaEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*SaEntry) ProtoMessage() {} + +func (x *SaEntry) ProtoReflect() protoreflect.Message { + mi := &file_sa_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use SaEntry.ProtoReflect.Descriptor instead. +func (*SaEntry) Descriptor() ([]byte, []int) { + return file_sa_proto_rawDescGZIP(), []int{0} +} + +func (x *SaEntry) GetSigaction() uint64 { + if x != nil && x.Sigaction != nil { + return *x.Sigaction + } + return 0 +} + +func (x *SaEntry) GetFlags() uint64 { + if x != nil && x.Flags != nil { + return *x.Flags + } + return 0 +} + +func (x *SaEntry) GetRestorer() uint64 { + if x != nil && x.Restorer != nil { + return *x.Restorer + } + return 0 +} + +func (x *SaEntry) GetMask() uint64 { + if x != nil && x.Mask != nil { + return *x.Mask + } + return 0 +} + +func (x *SaEntry) GetCompatSigaction() bool { + if x != nil && x.CompatSigaction != nil { + return *x.CompatSigaction + } + return false +} + +func (x *SaEntry) GetMaskExtended() uint64 { + if x != nil && x.MaskExtended != nil { + return *x.MaskExtended + } + return 0 +} + +var File_sa_proto protoreflect.FileDescriptor + +var file_sa_proto_rawDesc = []byte{ + 0x0a, 0x08, 0x73, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x63, 0x72, 0x69, 0x75, + 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xe1, 0x01, 0x0a, + 0x08, 0x73, 0x61, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x23, 0x0a, 0x09, 0x73, 0x69, 0x67, + 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, + 0x02, 0x08, 0x01, 0x52, 0x09, 0x73, 0x69, 0x67, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1b, + 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, + 0x3f, 0x02, 0x08, 0x01, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x21, 0x0a, 0x08, 0x72, + 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x72, 0x18, 0x03, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, + 0x3f, 0x02, 0x08, 0x01, 0x52, 0x08, 0x72, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x72, 0x12, 0x19, + 0x0a, 0x04, 0x6d, 0x61, 0x73, 0x6b, 0x18, 0x04, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, + 0x02, 0x08, 0x01, 0x52, 0x04, 0x6d, 0x61, 0x73, 0x6b, 0x12, 0x29, 0x0a, 0x10, 0x63, 0x6f, 0x6d, + 0x70, 0x61, 0x74, 0x5f, 0x73, 0x69, 0x67, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x05, 0x20, + 0x01, 0x28, 0x08, 0x52, 0x0f, 0x63, 0x6f, 0x6d, 0x70, 0x61, 0x74, 0x53, 0x69, 0x67, 0x61, 0x63, + 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x2a, 0x0a, 0x0d, 0x6d, 0x61, 0x73, 0x6b, 0x5f, 0x65, 0x78, 0x74, + 0x65, 0x6e, 0x64, 0x65, 0x64, 0x18, 0x06, 0x20, 0x01, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, + 0x08, 0x01, 0x52, 0x0c, 0x6d, 0x61, 0x73, 0x6b, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x64, 0x65, 0x64, +} + +var ( + file_sa_proto_rawDescOnce sync.Once + file_sa_proto_rawDescData = file_sa_proto_rawDesc +) + +func file_sa_proto_rawDescGZIP() []byte { + file_sa_proto_rawDescOnce.Do(func() { + file_sa_proto_rawDescData = protoimpl.X.CompressGZIP(file_sa_proto_rawDescData) + }) + return file_sa_proto_rawDescData +} + +var file_sa_proto_msgTypes = make([]protoimpl.MessageInfo, 1) +var file_sa_proto_goTypes = []interface{}{ + (*SaEntry)(nil), // 0: criu.sa_entry +} +var file_sa_proto_depIdxs = []int32{ + 0, // [0:0] is the sub-list for method output_type + 0, // [0:0] is the sub-list for method input_type + 0, // [0:0] is the sub-list for extension type_name + 0, // [0:0] is the sub-list for extension extendee + 0, // [0:0] is the sub-list for field type_name +} + +func init() { file_sa_proto_init() } +func file_sa_proto_init() { + if File_sa_proto != nil { + return + } + file_opts_proto_init() + if !protoimpl.UnsafeEnabled { + file_sa_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*SaEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_sa_proto_rawDesc, + NumEnums: 0, + NumMessages: 1, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_sa_proto_goTypes, + DependencyIndexes: file_sa_proto_depIdxs, + MessageInfos: file_sa_proto_msgTypes, + }.Build() + File_sa_proto = out.File + file_sa_proto_rawDesc = nil + file_sa_proto_goTypes = nil + file_sa_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sa.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sa.proto new file mode 100644 index 00000000000..6849893a40e --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sa.proto @@ -0,0 +1,15 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +import "opts.proto"; + +message sa_entry { + required uint64 sigaction = 1 [(criu).hex = true]; + required uint64 flags = 2 [(criu).hex = true]; + required uint64 restorer = 3 [(criu).hex = true]; + required uint64 mask = 4 [(criu).hex = true]; + optional bool compat_sigaction = 5; + optional uint64 mask_extended = 6 [(criu).hex = true]; +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/seccomp.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/seccomp.pb.go new file mode 100644 index 00000000000..9a8b9f3a2da --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/seccomp.pb.go @@ -0,0 +1,227 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: seccomp.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type SeccompFilter struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Filter []byte `protobuf:"bytes,1,req,name=filter" json:"filter,omitempty"` + Prev *uint32 `protobuf:"varint,2,opt,name=prev" json:"prev,omitempty"` + Flags *uint32 `protobuf:"varint,3,opt,name=flags" json:"flags,omitempty"` +} + +func (x *SeccompFilter) Reset() { + *x = SeccompFilter{} + if protoimpl.UnsafeEnabled { + mi := &file_seccomp_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *SeccompFilter) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*SeccompFilter) ProtoMessage() {} + +func (x *SeccompFilter) ProtoReflect() protoreflect.Message { + mi := &file_seccomp_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use SeccompFilter.ProtoReflect.Descriptor instead. +func (*SeccompFilter) Descriptor() ([]byte, []int) { + return file_seccomp_proto_rawDescGZIP(), []int{0} +} + +func (x *SeccompFilter) GetFilter() []byte { + if x != nil { + return x.Filter + } + return nil +} + +func (x *SeccompFilter) GetPrev() uint32 { + if x != nil && x.Prev != nil { + return *x.Prev + } + return 0 +} + +func (x *SeccompFilter) GetFlags() uint32 { + if x != nil && x.Flags != nil { + return *x.Flags + } + return 0 +} + +type SeccompEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + SeccompFilters []*SeccompFilter `protobuf:"bytes,1,rep,name=seccomp_filters,json=seccompFilters" json:"seccomp_filters,omitempty"` +} + +func (x *SeccompEntry) Reset() { + *x = SeccompEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_seccomp_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *SeccompEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*SeccompEntry) ProtoMessage() {} + +func (x *SeccompEntry) ProtoReflect() protoreflect.Message { + mi := &file_seccomp_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use SeccompEntry.ProtoReflect.Descriptor instead. +func (*SeccompEntry) Descriptor() ([]byte, []int) { + return file_seccomp_proto_rawDescGZIP(), []int{1} +} + +func (x *SeccompEntry) GetSeccompFilters() []*SeccompFilter { + if x != nil { + return x.SeccompFilters + } + return nil +} + +var File_seccomp_proto protoreflect.FileDescriptor + +var file_seccomp_proto_rawDesc = []byte{ + 0x0a, 0x0d, 0x73, 0x65, 0x63, 0x63, 0x6f, 0x6d, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, + 0x04, 0x63, 0x72, 0x69, 0x75, 0x22, 0x52, 0x0a, 0x0e, 0x73, 0x65, 0x63, 0x63, 0x6f, 0x6d, 0x70, + 0x5f, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x12, 0x16, 0x0a, 0x06, 0x66, 0x69, 0x6c, 0x74, 0x65, + 0x72, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0c, 0x52, 0x06, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x12, + 0x12, 0x0a, 0x04, 0x70, 0x72, 0x65, 0x76, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x04, 0x70, + 0x72, 0x65, 0x76, 0x12, 0x14, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x03, 0x20, 0x01, + 0x28, 0x0d, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x22, 0x4e, 0x0a, 0x0d, 0x73, 0x65, 0x63, + 0x63, 0x6f, 0x6d, 0x70, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x3d, 0x0a, 0x0f, 0x73, 0x65, + 0x63, 0x63, 0x6f, 0x6d, 0x70, 0x5f, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x18, 0x01, 0x20, + 0x03, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x73, 0x65, 0x63, 0x63, 0x6f, + 0x6d, 0x70, 0x5f, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x52, 0x0e, 0x73, 0x65, 0x63, 0x63, 0x6f, + 0x6d, 0x70, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, +} + +var ( + file_seccomp_proto_rawDescOnce sync.Once + file_seccomp_proto_rawDescData = file_seccomp_proto_rawDesc +) + +func file_seccomp_proto_rawDescGZIP() []byte { + file_seccomp_proto_rawDescOnce.Do(func() { + file_seccomp_proto_rawDescData = protoimpl.X.CompressGZIP(file_seccomp_proto_rawDescData) + }) + return file_seccomp_proto_rawDescData +} + +var file_seccomp_proto_msgTypes = make([]protoimpl.MessageInfo, 2) +var file_seccomp_proto_goTypes = []interface{}{ + (*SeccompFilter)(nil), // 0: criu.seccomp_filter + (*SeccompEntry)(nil), // 1: criu.seccomp_entry +} +var file_seccomp_proto_depIdxs = []int32{ + 0, // 0: criu.seccomp_entry.seccomp_filters:type_name -> criu.seccomp_filter + 1, // [1:1] is the sub-list for method output_type + 1, // [1:1] is the sub-list for method input_type + 1, // [1:1] is the sub-list for extension type_name + 1, // [1:1] is the sub-list for extension extendee + 0, // [0:1] is the sub-list for field type_name +} + +func init() { file_seccomp_proto_init() } +func file_seccomp_proto_init() { + if File_seccomp_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_seccomp_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*SeccompFilter); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_seccomp_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*SeccompEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_seccomp_proto_rawDesc, + NumEnums: 0, + NumMessages: 2, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_seccomp_proto_goTypes, + DependencyIndexes: file_seccomp_proto_depIdxs, + MessageInfos: file_seccomp_proto_msgTypes, + }.Build() + File_seccomp_proto = out.File + file_seccomp_proto_rawDesc = nil + file_seccomp_proto_goTypes = nil + file_seccomp_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/seccomp.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/seccomp.proto new file mode 100644 index 00000000000..693a99f2a41 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/seccomp.proto @@ -0,0 +1,14 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +message seccomp_filter { + required bytes filter = 1; + optional uint32 prev = 2; + optional uint32 flags = 3; +} + +message seccomp_entry { + repeated seccomp_filter seccomp_filters = 1; +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/siginfo.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/siginfo.pb.go new file mode 100644 index 00000000000..87a3841c185 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/siginfo.pb.go @@ -0,0 +1,208 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: siginfo.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type SiginfoEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Siginfo []byte `protobuf:"bytes,1,req,name=siginfo" json:"siginfo,omitempty"` +} + +func (x *SiginfoEntry) Reset() { + *x = SiginfoEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_siginfo_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *SiginfoEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*SiginfoEntry) ProtoMessage() {} + +func (x *SiginfoEntry) ProtoReflect() protoreflect.Message { + mi := &file_siginfo_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use SiginfoEntry.ProtoReflect.Descriptor instead. +func (*SiginfoEntry) Descriptor() ([]byte, []int) { + return file_siginfo_proto_rawDescGZIP(), []int{0} +} + +func (x *SiginfoEntry) GetSiginfo() []byte { + if x != nil { + return x.Siginfo + } + return nil +} + +type SignalQueueEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Signals []*SiginfoEntry `protobuf:"bytes,1,rep,name=signals" json:"signals,omitempty"` +} + +func (x *SignalQueueEntry) Reset() { + *x = SignalQueueEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_siginfo_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *SignalQueueEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*SignalQueueEntry) ProtoMessage() {} + +func (x *SignalQueueEntry) ProtoReflect() protoreflect.Message { + mi := &file_siginfo_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use SignalQueueEntry.ProtoReflect.Descriptor instead. +func (*SignalQueueEntry) Descriptor() ([]byte, []int) { + return file_siginfo_proto_rawDescGZIP(), []int{1} +} + +func (x *SignalQueueEntry) GetSignals() []*SiginfoEntry { + if x != nil { + return x.Signals + } + return nil +} + +var File_siginfo_proto protoreflect.FileDescriptor + +var file_siginfo_proto_rawDesc = []byte{ + 0x0a, 0x0d, 0x73, 0x69, 0x67, 0x69, 0x6e, 0x66, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, + 0x04, 0x63, 0x72, 0x69, 0x75, 0x22, 0x29, 0x0a, 0x0d, 0x73, 0x69, 0x67, 0x69, 0x6e, 0x66, 0x6f, + 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x18, 0x0a, 0x07, 0x73, 0x69, 0x67, 0x69, 0x6e, 0x66, + 0x6f, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0c, 0x52, 0x07, 0x73, 0x69, 0x67, 0x69, 0x6e, 0x66, 0x6f, + 0x22, 0x43, 0x0a, 0x12, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x6c, 0x5f, 0x71, 0x75, 0x65, 0x75, 0x65, + 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x2d, 0x0a, 0x07, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x6c, + 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x73, + 0x69, 0x67, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x73, 0x69, + 0x67, 0x6e, 0x61, 0x6c, 0x73, +} + +var ( + file_siginfo_proto_rawDescOnce sync.Once + file_siginfo_proto_rawDescData = file_siginfo_proto_rawDesc +) + +func file_siginfo_proto_rawDescGZIP() []byte { + file_siginfo_proto_rawDescOnce.Do(func() { + file_siginfo_proto_rawDescData = protoimpl.X.CompressGZIP(file_siginfo_proto_rawDescData) + }) + return file_siginfo_proto_rawDescData +} + +var file_siginfo_proto_msgTypes = make([]protoimpl.MessageInfo, 2) +var file_siginfo_proto_goTypes = []interface{}{ + (*SiginfoEntry)(nil), // 0: criu.siginfo_entry + (*SignalQueueEntry)(nil), // 1: criu.signal_queue_entry +} +var file_siginfo_proto_depIdxs = []int32{ + 0, // 0: criu.signal_queue_entry.signals:type_name -> criu.siginfo_entry + 1, // [1:1] is the sub-list for method output_type + 1, // [1:1] is the sub-list for method input_type + 1, // [1:1] is the sub-list for extension type_name + 1, // [1:1] is the sub-list for extension extendee + 0, // [0:1] is the sub-list for field type_name +} + +func init() { file_siginfo_proto_init() } +func file_siginfo_proto_init() { + if File_siginfo_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_siginfo_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*SiginfoEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_siginfo_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*SignalQueueEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_siginfo_proto_rawDesc, + NumEnums: 0, + NumMessages: 2, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_siginfo_proto_goTypes, + DependencyIndexes: file_siginfo_proto_depIdxs, + MessageInfos: file_siginfo_proto_msgTypes, + }.Build() + File_siginfo_proto = out.File + file_siginfo_proto_rawDesc = nil + file_siginfo_proto_goTypes = nil + file_siginfo_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/siginfo.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/siginfo.proto new file mode 100644 index 00000000000..35b7ee4f3df --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/siginfo.proto @@ -0,0 +1,12 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +message siginfo_entry { + required bytes siginfo = 1; +} + +message signal_queue_entry { + repeated siginfo_entry signals = 1; +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/signalfd.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/signalfd.pb.go new file mode 100644 index 00000000000..657ccb5c772 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/signalfd.pb.go @@ -0,0 +1,178 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: signalfd.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type SignalfdEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Id *uint32 `protobuf:"varint,1,req,name=id" json:"id,omitempty"` + Flags *uint32 `protobuf:"varint,2,req,name=flags" json:"flags,omitempty"` + Fown *FownEntry `protobuf:"bytes,3,req,name=fown" json:"fown,omitempty"` + Sigmask *uint64 `protobuf:"varint,4,req,name=sigmask" json:"sigmask,omitempty"` +} + +func (x *SignalfdEntry) Reset() { + *x = SignalfdEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_signalfd_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *SignalfdEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*SignalfdEntry) ProtoMessage() {} + +func (x *SignalfdEntry) ProtoReflect() protoreflect.Message { + mi := &file_signalfd_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use SignalfdEntry.ProtoReflect.Descriptor instead. +func (*SignalfdEntry) Descriptor() ([]byte, []int) { + return file_signalfd_proto_rawDescGZIP(), []int{0} +} + +func (x *SignalfdEntry) GetId() uint32 { + if x != nil && x.Id != nil { + return *x.Id + } + return 0 +} + +func (x *SignalfdEntry) GetFlags() uint32 { + if x != nil && x.Flags != nil { + return *x.Flags + } + return 0 +} + +func (x *SignalfdEntry) GetFown() *FownEntry { + if x != nil { + return x.Fown + } + return nil +} + +func (x *SignalfdEntry) GetSigmask() uint64 { + if x != nil && x.Sigmask != nil { + return *x.Sigmask + } + return 0 +} + +var File_signalfd_proto protoreflect.FileDescriptor + +var file_signalfd_proto_rawDesc = []byte{ + 0x0a, 0x0e, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x6c, 0x66, 0x64, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x12, 0x04, 0x63, 0x72, 0x69, 0x75, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x1a, 0x0a, 0x66, 0x6f, 0x77, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x84, + 0x01, 0x0a, 0x0e, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x6c, 0x66, 0x64, 0x5f, 0x65, 0x6e, 0x74, 0x72, + 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, + 0x64, 0x12, 0x1b, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, + 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x24, + 0x0a, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x63, + 0x72, 0x69, 0x75, 0x2e, 0x66, 0x6f, 0x77, 0x6e, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, + 0x66, 0x6f, 0x77, 0x6e, 0x12, 0x1f, 0x0a, 0x07, 0x73, 0x69, 0x67, 0x6d, 0x61, 0x73, 0x6b, 0x18, + 0x04, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x07, 0x73, 0x69, + 0x67, 0x6d, 0x61, 0x73, 0x6b, +} + +var ( + file_signalfd_proto_rawDescOnce sync.Once + file_signalfd_proto_rawDescData = file_signalfd_proto_rawDesc +) + +func file_signalfd_proto_rawDescGZIP() []byte { + file_signalfd_proto_rawDescOnce.Do(func() { + file_signalfd_proto_rawDescData = protoimpl.X.CompressGZIP(file_signalfd_proto_rawDescData) + }) + return file_signalfd_proto_rawDescData +} + +var file_signalfd_proto_msgTypes = make([]protoimpl.MessageInfo, 1) +var file_signalfd_proto_goTypes = []interface{}{ + (*SignalfdEntry)(nil), // 0: criu.signalfd_entry + (*FownEntry)(nil), // 1: criu.fown_entry +} +var file_signalfd_proto_depIdxs = []int32{ + 1, // 0: criu.signalfd_entry.fown:type_name -> criu.fown_entry + 1, // [1:1] is the sub-list for method output_type + 1, // [1:1] is the sub-list for method input_type + 1, // [1:1] is the sub-list for extension type_name + 1, // [1:1] is the sub-list for extension extendee + 0, // [0:1] is the sub-list for field type_name +} + +func init() { file_signalfd_proto_init() } +func file_signalfd_proto_init() { + if File_signalfd_proto != nil { + return + } + file_opts_proto_init() + file_fown_proto_init() + if !protoimpl.UnsafeEnabled { + file_signalfd_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*SignalfdEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_signalfd_proto_rawDesc, + NumEnums: 0, + NumMessages: 1, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_signalfd_proto_goTypes, + DependencyIndexes: file_signalfd_proto_depIdxs, + MessageInfos: file_signalfd_proto_msgTypes, + }.Build() + File_signalfd_proto = out.File + file_signalfd_proto_rawDesc = nil + file_signalfd_proto_goTypes = nil + file_signalfd_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/signalfd.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/signalfd.proto new file mode 100644 index 00000000000..3524ae94049 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/signalfd.proto @@ -0,0 +1,14 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +import "opts.proto"; +import "fown.proto"; + +message signalfd_entry { + required uint32 id = 1; + required uint32 flags = 2 [(criu).hex = true]; + required fown_entry fown = 3; + required uint64 sigmask = 4 [(criu).hex = true]; +}; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sit.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sit.pb.go new file mode 100644 index 00000000000..5ab3ba26f16 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sit.pb.go @@ -0,0 +1,292 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: sit.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type SitEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Link *uint32 `protobuf:"varint,1,opt,name=link" json:"link,omitempty"` + Local []uint32 `protobuf:"varint,2,rep,name=local" json:"local,omitempty"` + Remote []uint32 `protobuf:"varint,3,rep,name=remote" json:"remote,omitempty"` + Ttl *uint32 `protobuf:"varint,4,opt,name=ttl" json:"ttl,omitempty"` + Tos *uint32 `protobuf:"varint,5,opt,name=tos" json:"tos,omitempty"` + Pmtudisc *bool `protobuf:"varint,6,opt,name=pmtudisc" json:"pmtudisc,omitempty"` + Proto *uint32 `protobuf:"varint,7,opt,name=proto" json:"proto,omitempty"` + Flags *uint32 `protobuf:"varint,8,opt,name=flags" json:"flags,omitempty"` + EncapType *uint32 `protobuf:"varint,9,opt,name=encap_type,json=encapType" json:"encap_type,omitempty"` + EncapFlags *uint32 `protobuf:"varint,10,opt,name=encap_flags,json=encapFlags" json:"encap_flags,omitempty"` + EncapSport *uint32 `protobuf:"varint,11,opt,name=encap_sport,json=encapSport" json:"encap_sport,omitempty"` + EncapDport *uint32 `protobuf:"varint,12,opt,name=encap_dport,json=encapDport" json:"encap_dport,omitempty"` + RdPrefixlen *uint32 `protobuf:"varint,13,opt,name=rd_prefixlen,json=rdPrefixlen" json:"rd_prefixlen,omitempty"` + RdPrefix []uint32 `protobuf:"varint,14,rep,name=rd_prefix,json=rdPrefix" json:"rd_prefix,omitempty"` + RelayPrefixlen *uint32 `protobuf:"varint,15,opt,name=relay_prefixlen,json=relayPrefixlen" json:"relay_prefixlen,omitempty"` + RelayPrefix []uint32 `protobuf:"varint,16,rep,name=relay_prefix,json=relayPrefix" json:"relay_prefix,omitempty"` +} + +func (x *SitEntry) Reset() { + *x = SitEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_sit_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *SitEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*SitEntry) ProtoMessage() {} + +func (x *SitEntry) ProtoReflect() protoreflect.Message { + mi := &file_sit_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use SitEntry.ProtoReflect.Descriptor instead. +func (*SitEntry) Descriptor() ([]byte, []int) { + return file_sit_proto_rawDescGZIP(), []int{0} +} + +func (x *SitEntry) GetLink() uint32 { + if x != nil && x.Link != nil { + return *x.Link + } + return 0 +} + +func (x *SitEntry) GetLocal() []uint32 { + if x != nil { + return x.Local + } + return nil +} + +func (x *SitEntry) GetRemote() []uint32 { + if x != nil { + return x.Remote + } + return nil +} + +func (x *SitEntry) GetTtl() uint32 { + if x != nil && x.Ttl != nil { + return *x.Ttl + } + return 0 +} + +func (x *SitEntry) GetTos() uint32 { + if x != nil && x.Tos != nil { + return *x.Tos + } + return 0 +} + +func (x *SitEntry) GetPmtudisc() bool { + if x != nil && x.Pmtudisc != nil { + return *x.Pmtudisc + } + return false +} + +func (x *SitEntry) GetProto() uint32 { + if x != nil && x.Proto != nil { + return *x.Proto + } + return 0 +} + +func (x *SitEntry) GetFlags() uint32 { + if x != nil && x.Flags != nil { + return *x.Flags + } + return 0 +} + +func (x *SitEntry) GetEncapType() uint32 { + if x != nil && x.EncapType != nil { + return *x.EncapType + } + return 0 +} + +func (x *SitEntry) GetEncapFlags() uint32 { + if x != nil && x.EncapFlags != nil { + return *x.EncapFlags + } + return 0 +} + +func (x *SitEntry) GetEncapSport() uint32 { + if x != nil && x.EncapSport != nil { + return *x.EncapSport + } + return 0 +} + +func (x *SitEntry) GetEncapDport() uint32 { + if x != nil && x.EncapDport != nil { + return *x.EncapDport + } + return 0 +} + +func (x *SitEntry) GetRdPrefixlen() uint32 { + if x != nil && x.RdPrefixlen != nil { + return *x.RdPrefixlen + } + return 0 +} + +func (x *SitEntry) GetRdPrefix() []uint32 { + if x != nil { + return x.RdPrefix + } + return nil +} + +func (x *SitEntry) GetRelayPrefixlen() uint32 { + if x != nil && x.RelayPrefixlen != nil { + return *x.RelayPrefixlen + } + return 0 +} + +func (x *SitEntry) GetRelayPrefix() []uint32 { + if x != nil { + return x.RelayPrefix + } + return nil +} + +var File_sit_proto protoreflect.FileDescriptor + +var file_sit_proto_rawDesc = []byte{ + 0x0a, 0x09, 0x73, 0x69, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x63, 0x72, 0x69, + 0x75, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xe3, 0x03, + 0x0a, 0x09, 0x73, 0x69, 0x74, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x6c, + 0x69, 0x6e, 0x6b, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x04, 0x6c, 0x69, 0x6e, 0x6b, 0x12, + 0x1b, 0x0a, 0x05, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0d, 0x42, 0x05, + 0xd2, 0x3f, 0x02, 0x10, 0x01, 0x52, 0x05, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x12, 0x1d, 0x0a, 0x06, + 0x72, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, + 0x02, 0x10, 0x01, 0x52, 0x06, 0x72, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x74, + 0x74, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x03, 0x74, 0x74, 0x6c, 0x12, 0x10, 0x0a, + 0x03, 0x74, 0x6f, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x03, 0x74, 0x6f, 0x73, 0x12, + 0x1a, 0x0a, 0x08, 0x70, 0x6d, 0x74, 0x75, 0x64, 0x69, 0x73, 0x63, 0x18, 0x06, 0x20, 0x01, 0x28, + 0x08, 0x52, 0x08, 0x70, 0x6d, 0x74, 0x75, 0x64, 0x69, 0x73, 0x63, 0x12, 0x14, 0x0a, 0x05, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x05, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x12, 0x14, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0d, + 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x1d, 0x0a, 0x0a, 0x65, 0x6e, 0x63, 0x61, 0x70, + 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x09, 0x65, 0x6e, 0x63, + 0x61, 0x70, 0x54, 0x79, 0x70, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x65, 0x6e, 0x63, 0x61, 0x70, 0x5f, + 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0a, 0x65, 0x6e, 0x63, + 0x61, 0x70, 0x46, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x1f, 0x0a, 0x0b, 0x65, 0x6e, 0x63, 0x61, 0x70, + 0x5f, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0a, 0x65, 0x6e, + 0x63, 0x61, 0x70, 0x53, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x1f, 0x0a, 0x0b, 0x65, 0x6e, 0x63, 0x61, + 0x70, 0x5f, 0x64, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0a, 0x65, + 0x6e, 0x63, 0x61, 0x70, 0x44, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x21, 0x0a, 0x0c, 0x72, 0x64, 0x5f, + 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x6c, 0x65, 0x6e, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x0d, 0x52, + 0x0b, 0x72, 0x64, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x6c, 0x65, 0x6e, 0x12, 0x22, 0x0a, 0x09, + 0x72, 0x64, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x0e, 0x20, 0x03, 0x28, 0x0d, 0x42, + 0x05, 0xd2, 0x3f, 0x02, 0x10, 0x01, 0x52, 0x08, 0x72, 0x64, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, + 0x12, 0x27, 0x0a, 0x0f, 0x72, 0x65, 0x6c, 0x61, 0x79, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, + 0x6c, 0x65, 0x6e, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0e, 0x72, 0x65, 0x6c, 0x61, 0x79, + 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x6c, 0x65, 0x6e, 0x12, 0x28, 0x0a, 0x0c, 0x72, 0x65, 0x6c, + 0x61, 0x79, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x10, 0x20, 0x03, 0x28, 0x0d, 0x42, + 0x05, 0xd2, 0x3f, 0x02, 0x10, 0x01, 0x52, 0x0b, 0x72, 0x65, 0x6c, 0x61, 0x79, 0x50, 0x72, 0x65, + 0x66, 0x69, 0x78, +} + +var ( + file_sit_proto_rawDescOnce sync.Once + file_sit_proto_rawDescData = file_sit_proto_rawDesc +) + +func file_sit_proto_rawDescGZIP() []byte { + file_sit_proto_rawDescOnce.Do(func() { + file_sit_proto_rawDescData = protoimpl.X.CompressGZIP(file_sit_proto_rawDescData) + }) + return file_sit_proto_rawDescData +} + +var file_sit_proto_msgTypes = make([]protoimpl.MessageInfo, 1) +var file_sit_proto_goTypes = []interface{}{ + (*SitEntry)(nil), // 0: criu.sit_entry +} +var file_sit_proto_depIdxs = []int32{ + 0, // [0:0] is the sub-list for method output_type + 0, // [0:0] is the sub-list for method input_type + 0, // [0:0] is the sub-list for extension type_name + 0, // [0:0] is the sub-list for extension extendee + 0, // [0:0] is the sub-list for field type_name +} + +func init() { file_sit_proto_init() } +func file_sit_proto_init() { + if File_sit_proto != nil { + return + } + file_opts_proto_init() + if !protoimpl.UnsafeEnabled { + file_sit_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*SitEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_sit_proto_rawDesc, + NumEnums: 0, + NumMessages: 1, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_sit_proto_goTypes, + DependencyIndexes: file_sit_proto_depIdxs, + MessageInfos: file_sit_proto_msgTypes, + }.Build() + File_sit_proto = out.File + file_sit_proto_rawDesc = nil + file_sit_proto_goTypes = nil + file_sit_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sit.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sit.proto new file mode 100644 index 00000000000..9d7ad7c5603 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sit.proto @@ -0,0 +1,25 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +import "opts.proto"; + +message sit_entry { + optional uint32 link = 1; + repeated uint32 local = 2 [(criu).ipadd = true]; + repeated uint32 remote = 3 [(criu).ipadd = true]; + optional uint32 ttl = 4; + optional uint32 tos = 5; + optional bool pmtudisc = 6; + optional uint32 proto = 7; + optional uint32 flags = 8; + optional uint32 encap_type = 9; + optional uint32 encap_flags = 10; + optional uint32 encap_sport = 11; + optional uint32 encap_dport = 12; + optional uint32 rd_prefixlen = 13; + repeated uint32 rd_prefix = 14 [(criu).ipadd = true]; + optional uint32 relay_prefixlen = 15; + repeated uint32 relay_prefix = 16 [(criu).ipadd = true]; +}; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-inet.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-inet.pb.go new file mode 100644 index 00000000000..edb29a96fd4 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-inet.pb.go @@ -0,0 +1,510 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: sk-inet.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type IpOptsRawEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Hdrincl *bool `protobuf:"varint,1,opt,name=hdrincl" json:"hdrincl,omitempty"` + Nodefrag *bool `protobuf:"varint,2,opt,name=nodefrag" json:"nodefrag,omitempty"` + Checksum *bool `protobuf:"varint,3,opt,name=checksum" json:"checksum,omitempty"` + IcmpvFilter []uint32 `protobuf:"varint,4,rep,name=icmpv_filter,json=icmpvFilter" json:"icmpv_filter,omitempty"` +} + +func (x *IpOptsRawEntry) Reset() { + *x = IpOptsRawEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_sk_inet_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *IpOptsRawEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*IpOptsRawEntry) ProtoMessage() {} + +func (x *IpOptsRawEntry) ProtoReflect() protoreflect.Message { + mi := &file_sk_inet_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use IpOptsRawEntry.ProtoReflect.Descriptor instead. +func (*IpOptsRawEntry) Descriptor() ([]byte, []int) { + return file_sk_inet_proto_rawDescGZIP(), []int{0} +} + +func (x *IpOptsRawEntry) GetHdrincl() bool { + if x != nil && x.Hdrincl != nil { + return *x.Hdrincl + } + return false +} + +func (x *IpOptsRawEntry) GetNodefrag() bool { + if x != nil && x.Nodefrag != nil { + return *x.Nodefrag + } + return false +} + +func (x *IpOptsRawEntry) GetChecksum() bool { + if x != nil && x.Checksum != nil { + return *x.Checksum + } + return false +} + +func (x *IpOptsRawEntry) GetIcmpvFilter() []uint32 { + if x != nil { + return x.IcmpvFilter + } + return nil +} + +type IpOptsEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Freebind *bool `protobuf:"varint,1,opt,name=freebind" json:"freebind,omitempty"` + // Fields 2 and 3 are reserved for vz7 use + Raw *IpOptsRawEntry `protobuf:"bytes,4,opt,name=raw" json:"raw,omitempty"` +} + +func (x *IpOptsEntry) Reset() { + *x = IpOptsEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_sk_inet_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *IpOptsEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*IpOptsEntry) ProtoMessage() {} + +func (x *IpOptsEntry) ProtoReflect() protoreflect.Message { + mi := &file_sk_inet_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use IpOptsEntry.ProtoReflect.Descriptor instead. +func (*IpOptsEntry) Descriptor() ([]byte, []int) { + return file_sk_inet_proto_rawDescGZIP(), []int{1} +} + +func (x *IpOptsEntry) GetFreebind() bool { + if x != nil && x.Freebind != nil { + return *x.Freebind + } + return false +} + +func (x *IpOptsEntry) GetRaw() *IpOptsRawEntry { + if x != nil { + return x.Raw + } + return nil +} + +type InetSkEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // We have two IDs here -- id and ino. The first one + // is used when restoring socket behind a file descriprot. + // The fdinfo image's id is it. The second one is used + // in sk-inet.c internally, in particular we identify + // a TCP stream to restore into this socket using the + // ino value. + Id *uint32 `protobuf:"varint,1,req,name=id" json:"id,omitempty"` + Ino *uint32 `protobuf:"varint,2,req,name=ino" json:"ino,omitempty"` + Family *uint32 `protobuf:"varint,3,req,name=family" json:"family,omitempty"` + Type *uint32 `protobuf:"varint,4,req,name=type" json:"type,omitempty"` + Proto *uint32 `protobuf:"varint,5,req,name=proto" json:"proto,omitempty"` + State *uint32 `protobuf:"varint,6,req,name=state" json:"state,omitempty"` + SrcPort *uint32 `protobuf:"varint,7,req,name=src_port,json=srcPort" json:"src_port,omitempty"` + DstPort *uint32 `protobuf:"varint,8,req,name=dst_port,json=dstPort" json:"dst_port,omitempty"` + Flags *uint32 `protobuf:"varint,9,req,name=flags" json:"flags,omitempty"` + Backlog *uint32 `protobuf:"varint,10,req,name=backlog" json:"backlog,omitempty"` + SrcAddr []uint32 `protobuf:"varint,11,rep,name=src_addr,json=srcAddr" json:"src_addr,omitempty"` + DstAddr []uint32 `protobuf:"varint,12,rep,name=dst_addr,json=dstAddr" json:"dst_addr,omitempty"` + Fown *FownEntry `protobuf:"bytes,13,req,name=fown" json:"fown,omitempty"` + Opts *SkOptsEntry `protobuf:"bytes,14,req,name=opts" json:"opts,omitempty"` + V6Only *bool `protobuf:"varint,15,opt,name=v6only" json:"v6only,omitempty"` + IpOpts *IpOptsEntry `protobuf:"bytes,16,opt,name=ip_opts,json=ipOpts" json:"ip_opts,omitempty"` + // for ipv6, we need to send the ifindex to bind(); we keep the ifname + // here and convert it on restore + Ifname *string `protobuf:"bytes,17,opt,name=ifname" json:"ifname,omitempty"` + NsId *uint32 `protobuf:"varint,18,opt,name=ns_id,json=nsId" json:"ns_id,omitempty"` + Shutdown *SkShutdown `protobuf:"varint,19,opt,name=shutdown,enum=criu.SkShutdown" json:"shutdown,omitempty"` +} + +func (x *InetSkEntry) Reset() { + *x = InetSkEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_sk_inet_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *InetSkEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*InetSkEntry) ProtoMessage() {} + +func (x *InetSkEntry) ProtoReflect() protoreflect.Message { + mi := &file_sk_inet_proto_msgTypes[2] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use InetSkEntry.ProtoReflect.Descriptor instead. +func (*InetSkEntry) Descriptor() ([]byte, []int) { + return file_sk_inet_proto_rawDescGZIP(), []int{2} +} + +func (x *InetSkEntry) GetId() uint32 { + if x != nil && x.Id != nil { + return *x.Id + } + return 0 +} + +func (x *InetSkEntry) GetIno() uint32 { + if x != nil && x.Ino != nil { + return *x.Ino + } + return 0 +} + +func (x *InetSkEntry) GetFamily() uint32 { + if x != nil && x.Family != nil { + return *x.Family + } + return 0 +} + +func (x *InetSkEntry) GetType() uint32 { + if x != nil && x.Type != nil { + return *x.Type + } + return 0 +} + +func (x *InetSkEntry) GetProto() uint32 { + if x != nil && x.Proto != nil { + return *x.Proto + } + return 0 +} + +func (x *InetSkEntry) GetState() uint32 { + if x != nil && x.State != nil { + return *x.State + } + return 0 +} + +func (x *InetSkEntry) GetSrcPort() uint32 { + if x != nil && x.SrcPort != nil { + return *x.SrcPort + } + return 0 +} + +func (x *InetSkEntry) GetDstPort() uint32 { + if x != nil && x.DstPort != nil { + return *x.DstPort + } + return 0 +} + +func (x *InetSkEntry) GetFlags() uint32 { + if x != nil && x.Flags != nil { + return *x.Flags + } + return 0 +} + +func (x *InetSkEntry) GetBacklog() uint32 { + if x != nil && x.Backlog != nil { + return *x.Backlog + } + return 0 +} + +func (x *InetSkEntry) GetSrcAddr() []uint32 { + if x != nil { + return x.SrcAddr + } + return nil +} + +func (x *InetSkEntry) GetDstAddr() []uint32 { + if x != nil { + return x.DstAddr + } + return nil +} + +func (x *InetSkEntry) GetFown() *FownEntry { + if x != nil { + return x.Fown + } + return nil +} + +func (x *InetSkEntry) GetOpts() *SkOptsEntry { + if x != nil { + return x.Opts + } + return nil +} + +func (x *InetSkEntry) GetV6Only() bool { + if x != nil && x.V6Only != nil { + return *x.V6Only + } + return false +} + +func (x *InetSkEntry) GetIpOpts() *IpOptsEntry { + if x != nil { + return x.IpOpts + } + return nil +} + +func (x *InetSkEntry) GetIfname() string { + if x != nil && x.Ifname != nil { + return *x.Ifname + } + return "" +} + +func (x *InetSkEntry) GetNsId() uint32 { + if x != nil && x.NsId != nil { + return *x.NsId + } + return 0 +} + +func (x *InetSkEntry) GetShutdown() SkShutdown { + if x != nil && x.Shutdown != nil { + return *x.Shutdown + } + return SkShutdown_NONE +} + +var File_sk_inet_proto protoreflect.FileDescriptor + +var file_sk_inet_proto_rawDesc = []byte{ + 0x0a, 0x0d, 0x73, 0x6b, 0x2d, 0x69, 0x6e, 0x65, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, + 0x04, 0x63, 0x72, 0x69, 0x75, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x1a, 0x0a, 0x66, 0x6f, 0x77, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0d, 0x73, + 0x6b, 0x2d, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x88, 0x01, 0x0a, + 0x11, 0x69, 0x70, 0x5f, 0x6f, 0x70, 0x74, 0x73, 0x5f, 0x72, 0x61, 0x77, 0x5f, 0x65, 0x6e, 0x74, + 0x72, 0x79, 0x12, 0x18, 0x0a, 0x07, 0x68, 0x64, 0x72, 0x69, 0x6e, 0x63, 0x6c, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x08, 0x52, 0x07, 0x68, 0x64, 0x72, 0x69, 0x6e, 0x63, 0x6c, 0x12, 0x1a, 0x0a, 0x08, + 0x6e, 0x6f, 0x64, 0x65, 0x66, 0x72, 0x61, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, + 0x6e, 0x6f, 0x64, 0x65, 0x66, 0x72, 0x61, 0x67, 0x12, 0x1a, 0x0a, 0x08, 0x63, 0x68, 0x65, 0x63, + 0x6b, 0x73, 0x75, 0x6d, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x63, 0x68, 0x65, 0x63, + 0x6b, 0x73, 0x75, 0x6d, 0x12, 0x21, 0x0a, 0x0c, 0x69, 0x63, 0x6d, 0x70, 0x76, 0x5f, 0x66, 0x69, + 0x6c, 0x74, 0x65, 0x72, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0d, 0x52, 0x0b, 0x69, 0x63, 0x6d, 0x70, + 0x76, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x22, 0x56, 0x0a, 0x0d, 0x69, 0x70, 0x5f, 0x6f, 0x70, + 0x74, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x1a, 0x0a, 0x08, 0x66, 0x72, 0x65, 0x65, + 0x62, 0x69, 0x6e, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x66, 0x72, 0x65, 0x65, + 0x62, 0x69, 0x6e, 0x64, 0x12, 0x29, 0x0a, 0x03, 0x72, 0x61, 0x77, 0x18, 0x04, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x17, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x69, 0x70, 0x5f, 0x6f, 0x70, 0x74, 0x73, + 0x5f, 0x72, 0x61, 0x77, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x72, 0x61, 0x77, 0x22, + 0xcf, 0x04, 0x0a, 0x0d, 0x69, 0x6e, 0x65, 0x74, 0x5f, 0x73, 0x6b, 0x5f, 0x65, 0x6e, 0x74, 0x72, + 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, + 0x64, 0x12, 0x10, 0x0a, 0x03, 0x69, 0x6e, 0x6f, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, + 0x69, 0x6e, 0x6f, 0x12, 0x1f, 0x0a, 0x06, 0x66, 0x61, 0x6d, 0x69, 0x6c, 0x79, 0x18, 0x03, 0x20, + 0x02, 0x28, 0x0d, 0x42, 0x07, 0xd2, 0x3f, 0x04, 0x32, 0x02, 0x73, 0x6b, 0x52, 0x06, 0x66, 0x61, + 0x6d, 0x69, 0x6c, 0x79, 0x12, 0x1b, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x04, 0x20, 0x02, + 0x28, 0x0d, 0x42, 0x07, 0xd2, 0x3f, 0x04, 0x32, 0x02, 0x73, 0x6b, 0x52, 0x04, 0x74, 0x79, 0x70, + 0x65, 0x12, 0x1d, 0x0a, 0x05, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x18, 0x05, 0x20, 0x02, 0x28, 0x0d, + 0x42, 0x07, 0xd2, 0x3f, 0x04, 0x32, 0x02, 0x73, 0x6b, 0x52, 0x05, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x12, 0x1d, 0x0a, 0x05, 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x06, 0x20, 0x02, 0x28, 0x0d, 0x42, + 0x07, 0xd2, 0x3f, 0x04, 0x32, 0x02, 0x73, 0x6b, 0x52, 0x05, 0x73, 0x74, 0x61, 0x74, 0x65, 0x12, + 0x19, 0x0a, 0x08, 0x73, 0x72, 0x63, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x07, 0x20, 0x02, 0x28, + 0x0d, 0x52, 0x07, 0x73, 0x72, 0x63, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x19, 0x0a, 0x08, 0x64, 0x73, + 0x74, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x08, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x64, 0x73, + 0x74, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x1b, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x09, + 0x20, 0x02, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x05, 0x66, 0x6c, 0x61, + 0x67, 0x73, 0x12, 0x18, 0x0a, 0x07, 0x62, 0x61, 0x63, 0x6b, 0x6c, 0x6f, 0x67, 0x18, 0x0a, 0x20, + 0x02, 0x28, 0x0d, 0x52, 0x07, 0x62, 0x61, 0x63, 0x6b, 0x6c, 0x6f, 0x67, 0x12, 0x20, 0x0a, 0x08, + 0x73, 0x72, 0x63, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x18, 0x0b, 0x20, 0x03, 0x28, 0x0d, 0x42, 0x05, + 0xd2, 0x3f, 0x02, 0x10, 0x01, 0x52, 0x07, 0x73, 0x72, 0x63, 0x41, 0x64, 0x64, 0x72, 0x12, 0x20, + 0x0a, 0x08, 0x64, 0x73, 0x74, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x18, 0x0c, 0x20, 0x03, 0x28, 0x0d, + 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x10, 0x01, 0x52, 0x07, 0x64, 0x73, 0x74, 0x41, 0x64, 0x64, 0x72, + 0x12, 0x24, 0x0a, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x18, 0x0d, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x10, + 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x66, 0x6f, 0x77, 0x6e, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, + 0x52, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x12, 0x27, 0x0a, 0x04, 0x6f, 0x70, 0x74, 0x73, 0x18, 0x0e, + 0x20, 0x02, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x73, 0x6b, 0x5f, 0x6f, + 0x70, 0x74, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x6f, 0x70, 0x74, 0x73, 0x12, + 0x16, 0x0a, 0x06, 0x76, 0x36, 0x6f, 0x6e, 0x6c, 0x79, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x08, 0x52, + 0x06, 0x76, 0x36, 0x6f, 0x6e, 0x6c, 0x79, 0x12, 0x2c, 0x0a, 0x07, 0x69, 0x70, 0x5f, 0x6f, 0x70, + 0x74, 0x73, 0x18, 0x10, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, + 0x69, 0x70, 0x5f, 0x6f, 0x70, 0x74, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x06, 0x69, + 0x70, 0x4f, 0x70, 0x74, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x69, 0x66, 0x6e, 0x61, 0x6d, 0x65, 0x18, + 0x11, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x69, 0x66, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x13, 0x0a, + 0x05, 0x6e, 0x73, 0x5f, 0x69, 0x64, 0x18, 0x12, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x04, 0x6e, 0x73, + 0x49, 0x64, 0x12, 0x2d, 0x0a, 0x08, 0x73, 0x68, 0x75, 0x74, 0x64, 0x6f, 0x77, 0x6e, 0x18, 0x13, + 0x20, 0x01, 0x28, 0x0e, 0x32, 0x11, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x73, 0x6b, 0x5f, 0x73, + 0x68, 0x75, 0x74, 0x64, 0x6f, 0x77, 0x6e, 0x52, 0x08, 0x73, 0x68, 0x75, 0x74, 0x64, 0x6f, 0x77, + 0x6e, +} + +var ( + file_sk_inet_proto_rawDescOnce sync.Once + file_sk_inet_proto_rawDescData = file_sk_inet_proto_rawDesc +) + +func file_sk_inet_proto_rawDescGZIP() []byte { + file_sk_inet_proto_rawDescOnce.Do(func() { + file_sk_inet_proto_rawDescData = protoimpl.X.CompressGZIP(file_sk_inet_proto_rawDescData) + }) + return file_sk_inet_proto_rawDescData +} + +var file_sk_inet_proto_msgTypes = make([]protoimpl.MessageInfo, 3) +var file_sk_inet_proto_goTypes = []interface{}{ + (*IpOptsRawEntry)(nil), // 0: criu.ip_opts_raw_entry + (*IpOptsEntry)(nil), // 1: criu.ip_opts_entry + (*InetSkEntry)(nil), // 2: criu.inet_sk_entry + (*FownEntry)(nil), // 3: criu.fown_entry + (*SkOptsEntry)(nil), // 4: criu.sk_opts_entry + (SkShutdown)(0), // 5: criu.sk_shutdown +} +var file_sk_inet_proto_depIdxs = []int32{ + 0, // 0: criu.ip_opts_entry.raw:type_name -> criu.ip_opts_raw_entry + 3, // 1: criu.inet_sk_entry.fown:type_name -> criu.fown_entry + 4, // 2: criu.inet_sk_entry.opts:type_name -> criu.sk_opts_entry + 1, // 3: criu.inet_sk_entry.ip_opts:type_name -> criu.ip_opts_entry + 5, // 4: criu.inet_sk_entry.shutdown:type_name -> criu.sk_shutdown + 5, // [5:5] is the sub-list for method output_type + 5, // [5:5] is the sub-list for method input_type + 5, // [5:5] is the sub-list for extension type_name + 5, // [5:5] is the sub-list for extension extendee + 0, // [0:5] is the sub-list for field type_name +} + +func init() { file_sk_inet_proto_init() } +func file_sk_inet_proto_init() { + if File_sk_inet_proto != nil { + return + } + file_opts_proto_init() + file_fown_proto_init() + file_sk_opts_proto_init() + if !protoimpl.UnsafeEnabled { + file_sk_inet_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*IpOptsRawEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_sk_inet_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*IpOptsEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_sk_inet_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*InetSkEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_sk_inet_proto_rawDesc, + NumEnums: 0, + NumMessages: 3, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_sk_inet_proto_goTypes, + DependencyIndexes: file_sk_inet_proto_depIdxs, + MessageInfos: file_sk_inet_proto_msgTypes, + }.Build() + File_sk_inet_proto = out.File + file_sk_inet_proto_rawDesc = nil + file_sk_inet_proto_goTypes = nil + file_sk_inet_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-inet.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-inet.proto new file mode 100644 index 00000000000..7a4ec478874 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-inet.proto @@ -0,0 +1,56 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +import "opts.proto"; +import "fown.proto"; +import "sk-opts.proto"; + +message ip_opts_raw_entry { + optional bool hdrincl = 1; + optional bool nodefrag = 2; + optional bool checksum = 3; + repeated uint32 icmpv_filter = 4; +} + +message ip_opts_entry { + optional bool freebind = 1; + // Fields 2 and 3 are reserved for vz7 use + optional ip_opts_raw_entry raw = 4; +} + +message inet_sk_entry { + /* + * We have two IDs here -- id and ino. The first one + * is used when restoring socket behind a file descriprot. + * The fdinfo image's id is it. The second one is used + * in sk-inet.c internally, in particular we identify + * a TCP stream to restore into this socket using the + * ino value. + */ + required uint32 id = 1; + required uint32 ino = 2; + required uint32 family = 3 [(criu).dict = "sk"]; + required uint32 type = 4 [(criu).dict = "sk"]; + required uint32 proto = 5 [(criu).dict = "sk"]; + required uint32 state = 6 [(criu).dict = "sk"]; + required uint32 src_port = 7; + required uint32 dst_port = 8; + required uint32 flags = 9 [(criu).hex = true]; + required uint32 backlog = 10; + + repeated uint32 src_addr = 11 [(criu).ipadd = true]; + repeated uint32 dst_addr = 12 [(criu).ipadd = true]; + + required fown_entry fown = 13; + required sk_opts_entry opts = 14; + optional bool v6only = 15; + optional ip_opts_entry ip_opts = 16; + + /* for ipv6, we need to send the ifindex to bind(); we keep the ifname + * here and convert it on restore */ + optional string ifname = 17; + optional uint32 ns_id = 18; + optional sk_shutdown shutdown = 19; +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-netlink.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-netlink.pb.go new file mode 100644 index 00000000000..087366fdb3b --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-netlink.pb.go @@ -0,0 +1,259 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: sk-netlink.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type NetlinkSkEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Id *uint32 `protobuf:"varint,1,req,name=id" json:"id,omitempty"` + Ino *uint32 `protobuf:"varint,2,req,name=ino" json:"ino,omitempty"` + Protocol *uint32 `protobuf:"varint,3,req,name=protocol" json:"protocol,omitempty"` + State *uint32 `protobuf:"varint,4,req,name=state" json:"state,omitempty"` + Flags *uint32 `protobuf:"varint,6,req,name=flags" json:"flags,omitempty"` + Portid *uint32 `protobuf:"varint,7,req,name=portid" json:"portid,omitempty"` + Groups []uint32 `protobuf:"varint,8,rep,name=groups" json:"groups,omitempty"` + DstPortid *uint32 `protobuf:"varint,9,req,name=dst_portid,json=dstPortid" json:"dst_portid,omitempty"` + DstGroup *uint32 `protobuf:"varint,10,req,name=dst_group,json=dstGroup" json:"dst_group,omitempty"` + Fown *FownEntry `protobuf:"bytes,11,req,name=fown" json:"fown,omitempty"` + Opts *SkOptsEntry `protobuf:"bytes,12,req,name=opts" json:"opts,omitempty"` + NsId *uint32 `protobuf:"varint,13,opt,name=ns_id,json=nsId" json:"ns_id,omitempty"` +} + +func (x *NetlinkSkEntry) Reset() { + *x = NetlinkSkEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_sk_netlink_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *NetlinkSkEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*NetlinkSkEntry) ProtoMessage() {} + +func (x *NetlinkSkEntry) ProtoReflect() protoreflect.Message { + mi := &file_sk_netlink_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use NetlinkSkEntry.ProtoReflect.Descriptor instead. +func (*NetlinkSkEntry) Descriptor() ([]byte, []int) { + return file_sk_netlink_proto_rawDescGZIP(), []int{0} +} + +func (x *NetlinkSkEntry) GetId() uint32 { + if x != nil && x.Id != nil { + return *x.Id + } + return 0 +} + +func (x *NetlinkSkEntry) GetIno() uint32 { + if x != nil && x.Ino != nil { + return *x.Ino + } + return 0 +} + +func (x *NetlinkSkEntry) GetProtocol() uint32 { + if x != nil && x.Protocol != nil { + return *x.Protocol + } + return 0 +} + +func (x *NetlinkSkEntry) GetState() uint32 { + if x != nil && x.State != nil { + return *x.State + } + return 0 +} + +func (x *NetlinkSkEntry) GetFlags() uint32 { + if x != nil && x.Flags != nil { + return *x.Flags + } + return 0 +} + +func (x *NetlinkSkEntry) GetPortid() uint32 { + if x != nil && x.Portid != nil { + return *x.Portid + } + return 0 +} + +func (x *NetlinkSkEntry) GetGroups() []uint32 { + if x != nil { + return x.Groups + } + return nil +} + +func (x *NetlinkSkEntry) GetDstPortid() uint32 { + if x != nil && x.DstPortid != nil { + return *x.DstPortid + } + return 0 +} + +func (x *NetlinkSkEntry) GetDstGroup() uint32 { + if x != nil && x.DstGroup != nil { + return *x.DstGroup + } + return 0 +} + +func (x *NetlinkSkEntry) GetFown() *FownEntry { + if x != nil { + return x.Fown + } + return nil +} + +func (x *NetlinkSkEntry) GetOpts() *SkOptsEntry { + if x != nil { + return x.Opts + } + return nil +} + +func (x *NetlinkSkEntry) GetNsId() uint32 { + if x != nil && x.NsId != nil { + return *x.NsId + } + return 0 +} + +var File_sk_netlink_proto protoreflect.FileDescriptor + +var file_sk_netlink_proto_rawDesc = []byte{ + 0x0a, 0x10, 0x73, 0x6b, 0x2d, 0x6e, 0x65, 0x74, 0x6c, 0x69, 0x6e, 0x6b, 0x2e, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x12, 0x04, 0x63, 0x72, 0x69, 0x75, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x66, 0x6f, 0x77, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x1a, 0x0d, 0x73, 0x6b, 0x2d, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, + 0xd3, 0x02, 0x0a, 0x10, 0x6e, 0x65, 0x74, 0x6c, 0x69, 0x6e, 0x6b, 0x5f, 0x73, 0x6b, 0x5f, 0x65, + 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, + 0x52, 0x02, 0x69, 0x64, 0x12, 0x10, 0x0a, 0x03, 0x69, 0x6e, 0x6f, 0x18, 0x02, 0x20, 0x02, 0x28, + 0x0d, 0x52, 0x03, 0x69, 0x6e, 0x6f, 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, + 0x6f, 0x6c, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, + 0x6f, 0x6c, 0x12, 0x14, 0x0a, 0x05, 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x04, 0x20, 0x02, 0x28, + 0x0d, 0x52, 0x05, 0x73, 0x74, 0x61, 0x74, 0x65, 0x12, 0x1b, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, + 0x73, 0x18, 0x06, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x05, + 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x70, 0x6f, 0x72, 0x74, 0x69, 0x64, 0x18, + 0x07, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x06, 0x70, 0x6f, 0x72, 0x74, 0x69, 0x64, 0x12, 0x16, 0x0a, + 0x06, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x18, 0x08, 0x20, 0x03, 0x28, 0x0d, 0x52, 0x06, 0x67, + 0x72, 0x6f, 0x75, 0x70, 0x73, 0x12, 0x1d, 0x0a, 0x0a, 0x64, 0x73, 0x74, 0x5f, 0x70, 0x6f, 0x72, + 0x74, 0x69, 0x64, 0x18, 0x09, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x09, 0x64, 0x73, 0x74, 0x50, 0x6f, + 0x72, 0x74, 0x69, 0x64, 0x12, 0x1b, 0x0a, 0x09, 0x64, 0x73, 0x74, 0x5f, 0x67, 0x72, 0x6f, 0x75, + 0x70, 0x18, 0x0a, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x08, 0x64, 0x73, 0x74, 0x47, 0x72, 0x6f, 0x75, + 0x70, 0x12, 0x24, 0x0a, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x18, 0x0b, 0x20, 0x02, 0x28, 0x0b, 0x32, + 0x10, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x66, 0x6f, 0x77, 0x6e, 0x5f, 0x65, 0x6e, 0x74, 0x72, + 0x79, 0x52, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x12, 0x27, 0x0a, 0x04, 0x6f, 0x70, 0x74, 0x73, 0x18, + 0x0c, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x73, 0x6b, 0x5f, + 0x6f, 0x70, 0x74, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x6f, 0x70, 0x74, 0x73, + 0x12, 0x13, 0x0a, 0x05, 0x6e, 0x73, 0x5f, 0x69, 0x64, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x0d, 0x52, + 0x04, 0x6e, 0x73, 0x49, 0x64, +} + +var ( + file_sk_netlink_proto_rawDescOnce sync.Once + file_sk_netlink_proto_rawDescData = file_sk_netlink_proto_rawDesc +) + +func file_sk_netlink_proto_rawDescGZIP() []byte { + file_sk_netlink_proto_rawDescOnce.Do(func() { + file_sk_netlink_proto_rawDescData = protoimpl.X.CompressGZIP(file_sk_netlink_proto_rawDescData) + }) + return file_sk_netlink_proto_rawDescData +} + +var file_sk_netlink_proto_msgTypes = make([]protoimpl.MessageInfo, 1) +var file_sk_netlink_proto_goTypes = []interface{}{ + (*NetlinkSkEntry)(nil), // 0: criu.netlink_sk_entry + (*FownEntry)(nil), // 1: criu.fown_entry + (*SkOptsEntry)(nil), // 2: criu.sk_opts_entry +} +var file_sk_netlink_proto_depIdxs = []int32{ + 1, // 0: criu.netlink_sk_entry.fown:type_name -> criu.fown_entry + 2, // 1: criu.netlink_sk_entry.opts:type_name -> criu.sk_opts_entry + 2, // [2:2] is the sub-list for method output_type + 2, // [2:2] is the sub-list for method input_type + 2, // [2:2] is the sub-list for extension type_name + 2, // [2:2] is the sub-list for extension extendee + 0, // [0:2] is the sub-list for field type_name +} + +func init() { file_sk_netlink_proto_init() } +func file_sk_netlink_proto_init() { + if File_sk_netlink_proto != nil { + return + } + file_opts_proto_init() + file_fown_proto_init() + file_sk_opts_proto_init() + if !protoimpl.UnsafeEnabled { + file_sk_netlink_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*NetlinkSkEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_sk_netlink_proto_rawDesc, + NumEnums: 0, + NumMessages: 1, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_sk_netlink_proto_goTypes, + DependencyIndexes: file_sk_netlink_proto_depIdxs, + MessageInfos: file_sk_netlink_proto_msgTypes, + }.Build() + File_sk_netlink_proto = out.File + file_sk_netlink_proto_rawDesc = nil + file_sk_netlink_proto_goTypes = nil + file_sk_netlink_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-netlink.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-netlink.proto new file mode 100644 index 00000000000..e6ffd624b9d --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-netlink.proto @@ -0,0 +1,25 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +import "opts.proto"; +import "fown.proto"; +import "sk-opts.proto"; + +message netlink_sk_entry { + required uint32 id = 1; + required uint32 ino = 2; + required uint32 protocol = 3; + required uint32 state = 4; + required uint32 flags = 6 [(criu).hex = true]; + required uint32 portid = 7; + repeated uint32 groups = 8; + required uint32 dst_portid = 9; + required uint32 dst_group = 10; + required fown_entry fown = 11; + required sk_opts_entry opts = 12; + optional uint32 ns_id = 13; + // For netlink queued messages + // optional nl_sk_opts_entry nl_opts = 14; +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-opts.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-opts.pb.go new file mode 100644 index 00000000000..7fa40d38a99 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-opts.pb.go @@ -0,0 +1,453 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: sk-opts.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type SkShutdown int32 + +const ( + SkShutdown_NONE SkShutdown = 0 + SkShutdown_READ SkShutdown = 1 + SkShutdown_WRITE SkShutdown = 2 + SkShutdown_BOTH SkShutdown = 3 +) + +// Enum value maps for SkShutdown. +var ( + SkShutdown_name = map[int32]string{ + 0: "NONE", + 1: "READ", + 2: "WRITE", + 3: "BOTH", + } + SkShutdown_value = map[string]int32{ + "NONE": 0, + "READ": 1, + "WRITE": 2, + "BOTH": 3, + } +) + +func (x SkShutdown) Enum() *SkShutdown { + p := new(SkShutdown) + *p = x + return p +} + +func (x SkShutdown) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (SkShutdown) Descriptor() protoreflect.EnumDescriptor { + return file_sk_opts_proto_enumTypes[0].Descriptor() +} + +func (SkShutdown) Type() protoreflect.EnumType { + return &file_sk_opts_proto_enumTypes[0] +} + +func (x SkShutdown) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Do not use. +func (x *SkShutdown) UnmarshalJSON(b []byte) error { + num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b) + if err != nil { + return err + } + *x = SkShutdown(num) + return nil +} + +// Deprecated: Use SkShutdown.Descriptor instead. +func (SkShutdown) EnumDescriptor() ([]byte, []int) { + return file_sk_opts_proto_rawDescGZIP(), []int{0} +} + +type SkOptsEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + SoSndbuf *uint32 `protobuf:"varint,1,req,name=so_sndbuf,json=soSndbuf" json:"so_sndbuf,omitempty"` + SoRcvbuf *uint32 `protobuf:"varint,2,req,name=so_rcvbuf,json=soRcvbuf" json:"so_rcvbuf,omitempty"` + SoSndTmoSec *uint64 `protobuf:"varint,3,req,name=so_snd_tmo_sec,json=soSndTmoSec" json:"so_snd_tmo_sec,omitempty"` + SoSndTmoUsec *uint64 `protobuf:"varint,4,req,name=so_snd_tmo_usec,json=soSndTmoUsec" json:"so_snd_tmo_usec,omitempty"` + SoRcvTmoSec *uint64 `protobuf:"varint,5,req,name=so_rcv_tmo_sec,json=soRcvTmoSec" json:"so_rcv_tmo_sec,omitempty"` + SoRcvTmoUsec *uint64 `protobuf:"varint,6,req,name=so_rcv_tmo_usec,json=soRcvTmoUsec" json:"so_rcv_tmo_usec,omitempty"` + Reuseaddr *bool `protobuf:"varint,7,opt,name=reuseaddr" json:"reuseaddr,omitempty"` + SoPriority *uint32 `protobuf:"varint,8,opt,name=so_priority,json=soPriority" json:"so_priority,omitempty"` + SoRcvlowat *uint32 `protobuf:"varint,9,opt,name=so_rcvlowat,json=soRcvlowat" json:"so_rcvlowat,omitempty"` + SoMark *uint32 `protobuf:"varint,10,opt,name=so_mark,json=soMark" json:"so_mark,omitempty"` + SoPasscred *bool `protobuf:"varint,11,opt,name=so_passcred,json=soPasscred" json:"so_passcred,omitempty"` + SoPasssec *bool `protobuf:"varint,12,opt,name=so_passsec,json=soPasssec" json:"so_passsec,omitempty"` + SoDontroute *bool `protobuf:"varint,13,opt,name=so_dontroute,json=soDontroute" json:"so_dontroute,omitempty"` + SoNoCheck *bool `protobuf:"varint,14,opt,name=so_no_check,json=soNoCheck" json:"so_no_check,omitempty"` + SoBoundDev *string `protobuf:"bytes,15,opt,name=so_bound_dev,json=soBoundDev" json:"so_bound_dev,omitempty"` + SoFilter []uint64 `protobuf:"fixed64,16,rep,name=so_filter,json=soFilter" json:"so_filter,omitempty"` + SoReuseport *bool `protobuf:"varint,17,opt,name=so_reuseport,json=soReuseport" json:"so_reuseport,omitempty"` + SoBroadcast *bool `protobuf:"varint,18,opt,name=so_broadcast,json=soBroadcast" json:"so_broadcast,omitempty"` + SoKeepalive *bool `protobuf:"varint,19,opt,name=so_keepalive,json=soKeepalive" json:"so_keepalive,omitempty"` + TcpKeepcnt *uint32 `protobuf:"varint,20,opt,name=tcp_keepcnt,json=tcpKeepcnt" json:"tcp_keepcnt,omitempty"` + TcpKeepidle *uint32 `protobuf:"varint,21,opt,name=tcp_keepidle,json=tcpKeepidle" json:"tcp_keepidle,omitempty"` + TcpKeepintvl *uint32 `protobuf:"varint,22,opt,name=tcp_keepintvl,json=tcpKeepintvl" json:"tcp_keepintvl,omitempty"` + SoOobinline *uint32 `protobuf:"varint,23,opt,name=so_oobinline,json=soOobinline" json:"so_oobinline,omitempty"` + SoLinger *uint32 `protobuf:"varint,24,opt,name=so_linger,json=soLinger" json:"so_linger,omitempty"` + SoBufLock *uint32 `protobuf:"varint,25,opt,name=so_buf_lock,json=soBufLock" json:"so_buf_lock,omitempty"` +} + +func (x *SkOptsEntry) Reset() { + *x = SkOptsEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_sk_opts_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *SkOptsEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*SkOptsEntry) ProtoMessage() {} + +func (x *SkOptsEntry) ProtoReflect() protoreflect.Message { + mi := &file_sk_opts_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use SkOptsEntry.ProtoReflect.Descriptor instead. +func (*SkOptsEntry) Descriptor() ([]byte, []int) { + return file_sk_opts_proto_rawDescGZIP(), []int{0} +} + +func (x *SkOptsEntry) GetSoSndbuf() uint32 { + if x != nil && x.SoSndbuf != nil { + return *x.SoSndbuf + } + return 0 +} + +func (x *SkOptsEntry) GetSoRcvbuf() uint32 { + if x != nil && x.SoRcvbuf != nil { + return *x.SoRcvbuf + } + return 0 +} + +func (x *SkOptsEntry) GetSoSndTmoSec() uint64 { + if x != nil && x.SoSndTmoSec != nil { + return *x.SoSndTmoSec + } + return 0 +} + +func (x *SkOptsEntry) GetSoSndTmoUsec() uint64 { + if x != nil && x.SoSndTmoUsec != nil { + return *x.SoSndTmoUsec + } + return 0 +} + +func (x *SkOptsEntry) GetSoRcvTmoSec() uint64 { + if x != nil && x.SoRcvTmoSec != nil { + return *x.SoRcvTmoSec + } + return 0 +} + +func (x *SkOptsEntry) GetSoRcvTmoUsec() uint64 { + if x != nil && x.SoRcvTmoUsec != nil { + return *x.SoRcvTmoUsec + } + return 0 +} + +func (x *SkOptsEntry) GetReuseaddr() bool { + if x != nil && x.Reuseaddr != nil { + return *x.Reuseaddr + } + return false +} + +func (x *SkOptsEntry) GetSoPriority() uint32 { + if x != nil && x.SoPriority != nil { + return *x.SoPriority + } + return 0 +} + +func (x *SkOptsEntry) GetSoRcvlowat() uint32 { + if x != nil && x.SoRcvlowat != nil { + return *x.SoRcvlowat + } + return 0 +} + +func (x *SkOptsEntry) GetSoMark() uint32 { + if x != nil && x.SoMark != nil { + return *x.SoMark + } + return 0 +} + +func (x *SkOptsEntry) GetSoPasscred() bool { + if x != nil && x.SoPasscred != nil { + return *x.SoPasscred + } + return false +} + +func (x *SkOptsEntry) GetSoPasssec() bool { + if x != nil && x.SoPasssec != nil { + return *x.SoPasssec + } + return false +} + +func (x *SkOptsEntry) GetSoDontroute() bool { + if x != nil && x.SoDontroute != nil { + return *x.SoDontroute + } + return false +} + +func (x *SkOptsEntry) GetSoNoCheck() bool { + if x != nil && x.SoNoCheck != nil { + return *x.SoNoCheck + } + return false +} + +func (x *SkOptsEntry) GetSoBoundDev() string { + if x != nil && x.SoBoundDev != nil { + return *x.SoBoundDev + } + return "" +} + +func (x *SkOptsEntry) GetSoFilter() []uint64 { + if x != nil { + return x.SoFilter + } + return nil +} + +func (x *SkOptsEntry) GetSoReuseport() bool { + if x != nil && x.SoReuseport != nil { + return *x.SoReuseport + } + return false +} + +func (x *SkOptsEntry) GetSoBroadcast() bool { + if x != nil && x.SoBroadcast != nil { + return *x.SoBroadcast + } + return false +} + +func (x *SkOptsEntry) GetSoKeepalive() bool { + if x != nil && x.SoKeepalive != nil { + return *x.SoKeepalive + } + return false +} + +func (x *SkOptsEntry) GetTcpKeepcnt() uint32 { + if x != nil && x.TcpKeepcnt != nil { + return *x.TcpKeepcnt + } + return 0 +} + +func (x *SkOptsEntry) GetTcpKeepidle() uint32 { + if x != nil && x.TcpKeepidle != nil { + return *x.TcpKeepidle + } + return 0 +} + +func (x *SkOptsEntry) GetTcpKeepintvl() uint32 { + if x != nil && x.TcpKeepintvl != nil { + return *x.TcpKeepintvl + } + return 0 +} + +func (x *SkOptsEntry) GetSoOobinline() uint32 { + if x != nil && x.SoOobinline != nil { + return *x.SoOobinline + } + return 0 +} + +func (x *SkOptsEntry) GetSoLinger() uint32 { + if x != nil && x.SoLinger != nil { + return *x.SoLinger + } + return 0 +} + +func (x *SkOptsEntry) GetSoBufLock() uint32 { + if x != nil && x.SoBufLock != nil { + return *x.SoBufLock + } + return 0 +} + +var File_sk_opts_proto protoreflect.FileDescriptor + +var file_sk_opts_proto_rawDesc = []byte{ + 0x0a, 0x0d, 0x73, 0x6b, 0x2d, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, + 0x04, 0x63, 0x72, 0x69, 0x75, 0x22, 0xce, 0x06, 0x0a, 0x0d, 0x73, 0x6b, 0x5f, 0x6f, 0x70, 0x74, + 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x1b, 0x0a, 0x09, 0x73, 0x6f, 0x5f, 0x73, 0x6e, + 0x64, 0x62, 0x75, 0x66, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x08, 0x73, 0x6f, 0x53, 0x6e, + 0x64, 0x62, 0x75, 0x66, 0x12, 0x1b, 0x0a, 0x09, 0x73, 0x6f, 0x5f, 0x72, 0x63, 0x76, 0x62, 0x75, + 0x66, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x08, 0x73, 0x6f, 0x52, 0x63, 0x76, 0x62, 0x75, + 0x66, 0x12, 0x23, 0x0a, 0x0e, 0x73, 0x6f, 0x5f, 0x73, 0x6e, 0x64, 0x5f, 0x74, 0x6d, 0x6f, 0x5f, + 0x73, 0x65, 0x63, 0x18, 0x03, 0x20, 0x02, 0x28, 0x04, 0x52, 0x0b, 0x73, 0x6f, 0x53, 0x6e, 0x64, + 0x54, 0x6d, 0x6f, 0x53, 0x65, 0x63, 0x12, 0x25, 0x0a, 0x0f, 0x73, 0x6f, 0x5f, 0x73, 0x6e, 0x64, + 0x5f, 0x74, 0x6d, 0x6f, 0x5f, 0x75, 0x73, 0x65, 0x63, 0x18, 0x04, 0x20, 0x02, 0x28, 0x04, 0x52, + 0x0c, 0x73, 0x6f, 0x53, 0x6e, 0x64, 0x54, 0x6d, 0x6f, 0x55, 0x73, 0x65, 0x63, 0x12, 0x23, 0x0a, + 0x0e, 0x73, 0x6f, 0x5f, 0x72, 0x63, 0x76, 0x5f, 0x74, 0x6d, 0x6f, 0x5f, 0x73, 0x65, 0x63, 0x18, + 0x05, 0x20, 0x02, 0x28, 0x04, 0x52, 0x0b, 0x73, 0x6f, 0x52, 0x63, 0x76, 0x54, 0x6d, 0x6f, 0x53, + 0x65, 0x63, 0x12, 0x25, 0x0a, 0x0f, 0x73, 0x6f, 0x5f, 0x72, 0x63, 0x76, 0x5f, 0x74, 0x6d, 0x6f, + 0x5f, 0x75, 0x73, 0x65, 0x63, 0x18, 0x06, 0x20, 0x02, 0x28, 0x04, 0x52, 0x0c, 0x73, 0x6f, 0x52, + 0x63, 0x76, 0x54, 0x6d, 0x6f, 0x55, 0x73, 0x65, 0x63, 0x12, 0x1c, 0x0a, 0x09, 0x72, 0x65, 0x75, + 0x73, 0x65, 0x61, 0x64, 0x64, 0x72, 0x18, 0x07, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x72, 0x65, + 0x75, 0x73, 0x65, 0x61, 0x64, 0x64, 0x72, 0x12, 0x1f, 0x0a, 0x0b, 0x73, 0x6f, 0x5f, 0x70, 0x72, + 0x69, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0a, 0x73, 0x6f, + 0x50, 0x72, 0x69, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x1f, 0x0a, 0x0b, 0x73, 0x6f, 0x5f, 0x72, + 0x63, 0x76, 0x6c, 0x6f, 0x77, 0x61, 0x74, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0a, 0x73, + 0x6f, 0x52, 0x63, 0x76, 0x6c, 0x6f, 0x77, 0x61, 0x74, 0x12, 0x17, 0x0a, 0x07, 0x73, 0x6f, 0x5f, + 0x6d, 0x61, 0x72, 0x6b, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x06, 0x73, 0x6f, 0x4d, 0x61, + 0x72, 0x6b, 0x12, 0x1f, 0x0a, 0x0b, 0x73, 0x6f, 0x5f, 0x70, 0x61, 0x73, 0x73, 0x63, 0x72, 0x65, + 0x64, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x73, 0x6f, 0x50, 0x61, 0x73, 0x73, 0x63, + 0x72, 0x65, 0x64, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x6f, 0x5f, 0x70, 0x61, 0x73, 0x73, 0x73, 0x65, + 0x63, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x73, 0x6f, 0x50, 0x61, 0x73, 0x73, 0x73, + 0x65, 0x63, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x6f, 0x5f, 0x64, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x75, + 0x74, 0x65, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0b, 0x73, 0x6f, 0x44, 0x6f, 0x6e, 0x74, + 0x72, 0x6f, 0x75, 0x74, 0x65, 0x12, 0x1e, 0x0a, 0x0b, 0x73, 0x6f, 0x5f, 0x6e, 0x6f, 0x5f, 0x63, + 0x68, 0x65, 0x63, 0x6b, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x73, 0x6f, 0x4e, 0x6f, + 0x43, 0x68, 0x65, 0x63, 0x6b, 0x12, 0x20, 0x0a, 0x0c, 0x73, 0x6f, 0x5f, 0x62, 0x6f, 0x75, 0x6e, + 0x64, 0x5f, 0x64, 0x65, 0x76, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x73, 0x6f, 0x42, + 0x6f, 0x75, 0x6e, 0x64, 0x44, 0x65, 0x76, 0x12, 0x1b, 0x0a, 0x09, 0x73, 0x6f, 0x5f, 0x66, 0x69, + 0x6c, 0x74, 0x65, 0x72, 0x18, 0x10, 0x20, 0x03, 0x28, 0x06, 0x52, 0x08, 0x73, 0x6f, 0x46, 0x69, + 0x6c, 0x74, 0x65, 0x72, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x6f, 0x5f, 0x72, 0x65, 0x75, 0x73, 0x65, + 0x70, 0x6f, 0x72, 0x74, 0x18, 0x11, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0b, 0x73, 0x6f, 0x52, 0x65, + 0x75, 0x73, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x6f, 0x5f, 0x62, 0x72, + 0x6f, 0x61, 0x64, 0x63, 0x61, 0x73, 0x74, 0x18, 0x12, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0b, 0x73, + 0x6f, 0x42, 0x72, 0x6f, 0x61, 0x64, 0x63, 0x61, 0x73, 0x74, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x6f, + 0x5f, 0x6b, 0x65, 0x65, 0x70, 0x61, 0x6c, 0x69, 0x76, 0x65, 0x18, 0x13, 0x20, 0x01, 0x28, 0x08, + 0x52, 0x0b, 0x73, 0x6f, 0x4b, 0x65, 0x65, 0x70, 0x61, 0x6c, 0x69, 0x76, 0x65, 0x12, 0x1f, 0x0a, + 0x0b, 0x74, 0x63, 0x70, 0x5f, 0x6b, 0x65, 0x65, 0x70, 0x63, 0x6e, 0x74, 0x18, 0x14, 0x20, 0x01, + 0x28, 0x0d, 0x52, 0x0a, 0x74, 0x63, 0x70, 0x4b, 0x65, 0x65, 0x70, 0x63, 0x6e, 0x74, 0x12, 0x21, + 0x0a, 0x0c, 0x74, 0x63, 0x70, 0x5f, 0x6b, 0x65, 0x65, 0x70, 0x69, 0x64, 0x6c, 0x65, 0x18, 0x15, + 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0b, 0x74, 0x63, 0x70, 0x4b, 0x65, 0x65, 0x70, 0x69, 0x64, 0x6c, + 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x74, 0x63, 0x70, 0x5f, 0x6b, 0x65, 0x65, 0x70, 0x69, 0x6e, 0x74, + 0x76, 0x6c, 0x18, 0x16, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0c, 0x74, 0x63, 0x70, 0x4b, 0x65, 0x65, + 0x70, 0x69, 0x6e, 0x74, 0x76, 0x6c, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x6f, 0x5f, 0x6f, 0x6f, 0x62, + 0x69, 0x6e, 0x6c, 0x69, 0x6e, 0x65, 0x18, 0x17, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0b, 0x73, 0x6f, + 0x4f, 0x6f, 0x62, 0x69, 0x6e, 0x6c, 0x69, 0x6e, 0x65, 0x12, 0x1b, 0x0a, 0x09, 0x73, 0x6f, 0x5f, + 0x6c, 0x69, 0x6e, 0x67, 0x65, 0x72, 0x18, 0x18, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x08, 0x73, 0x6f, + 0x4c, 0x69, 0x6e, 0x67, 0x65, 0x72, 0x12, 0x1e, 0x0a, 0x0b, 0x73, 0x6f, 0x5f, 0x62, 0x75, 0x66, + 0x5f, 0x6c, 0x6f, 0x63, 0x6b, 0x18, 0x19, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x09, 0x73, 0x6f, 0x42, + 0x75, 0x66, 0x4c, 0x6f, 0x63, 0x6b, 0x2a, 0x36, 0x0a, 0x0b, 0x73, 0x6b, 0x5f, 0x73, 0x68, 0x75, + 0x74, 0x64, 0x6f, 0x77, 0x6e, 0x12, 0x08, 0x0a, 0x04, 0x4e, 0x4f, 0x4e, 0x45, 0x10, 0x00, 0x12, + 0x08, 0x0a, 0x04, 0x52, 0x45, 0x41, 0x44, 0x10, 0x01, 0x12, 0x09, 0x0a, 0x05, 0x57, 0x52, 0x49, + 0x54, 0x45, 0x10, 0x02, 0x12, 0x08, 0x0a, 0x04, 0x42, 0x4f, 0x54, 0x48, 0x10, 0x03, +} + +var ( + file_sk_opts_proto_rawDescOnce sync.Once + file_sk_opts_proto_rawDescData = file_sk_opts_proto_rawDesc +) + +func file_sk_opts_proto_rawDescGZIP() []byte { + file_sk_opts_proto_rawDescOnce.Do(func() { + file_sk_opts_proto_rawDescData = protoimpl.X.CompressGZIP(file_sk_opts_proto_rawDescData) + }) + return file_sk_opts_proto_rawDescData +} + +var file_sk_opts_proto_enumTypes = make([]protoimpl.EnumInfo, 1) +var file_sk_opts_proto_msgTypes = make([]protoimpl.MessageInfo, 1) +var file_sk_opts_proto_goTypes = []interface{}{ + (SkShutdown)(0), // 0: criu.sk_shutdown + (*SkOptsEntry)(nil), // 1: criu.sk_opts_entry +} +var file_sk_opts_proto_depIdxs = []int32{ + 0, // [0:0] is the sub-list for method output_type + 0, // [0:0] is the sub-list for method input_type + 0, // [0:0] is the sub-list for extension type_name + 0, // [0:0] is the sub-list for extension extendee + 0, // [0:0] is the sub-list for field type_name +} + +func init() { file_sk_opts_proto_init() } +func file_sk_opts_proto_init() { + if File_sk_opts_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_sk_opts_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*SkOptsEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_sk_opts_proto_rawDesc, + NumEnums: 1, + NumMessages: 1, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_sk_opts_proto_goTypes, + DependencyIndexes: file_sk_opts_proto_depIdxs, + EnumInfos: file_sk_opts_proto_enumTypes, + MessageInfos: file_sk_opts_proto_msgTypes, + }.Build() + File_sk_opts_proto = out.File + file_sk_opts_proto_rawDesc = nil + file_sk_opts_proto_goTypes = nil + file_sk_opts_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-opts.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-opts.proto new file mode 100644 index 00000000000..97035744146 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-opts.proto @@ -0,0 +1,44 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +message sk_opts_entry { + required uint32 so_sndbuf = 1; + required uint32 so_rcvbuf = 2; + + required uint64 so_snd_tmo_sec = 3; + required uint64 so_snd_tmo_usec = 4; + required uint64 so_rcv_tmo_sec = 5; + required uint64 so_rcv_tmo_usec = 6; + optional bool reuseaddr = 7; + + optional uint32 so_priority = 8; + optional uint32 so_rcvlowat = 9; + optional uint32 so_mark = 10; + optional bool so_passcred = 11; + optional bool so_passsec = 12; + optional bool so_dontroute = 13; + optional bool so_no_check = 14; + + optional string so_bound_dev = 15; + + repeated fixed64 so_filter = 16; + optional bool so_reuseport = 17; + optional bool so_broadcast = 18; + optional bool so_keepalive = 19; + optional uint32 tcp_keepcnt = 20; + optional uint32 tcp_keepidle = 21; + optional uint32 tcp_keepintvl = 22; + optional uint32 so_oobinline = 23; + optional uint32 so_linger = 24; + + optional uint32 so_buf_lock = 25; +} + +enum sk_shutdown { + NONE = 0; + READ = 1; + WRITE = 2; + BOTH = 3; +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-packet.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-packet.pb.go new file mode 100644 index 00000000000..f38656a8b27 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-packet.pb.go @@ -0,0 +1,237 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: sk-packet.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type ScmEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Type *uint32 `protobuf:"varint,1,req,name=type" json:"type,omitempty"` + Rights []uint32 `protobuf:"varint,2,rep,name=rights" json:"rights,omitempty"` +} + +func (x *ScmEntry) Reset() { + *x = ScmEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_sk_packet_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ScmEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ScmEntry) ProtoMessage() {} + +func (x *ScmEntry) ProtoReflect() protoreflect.Message { + mi := &file_sk_packet_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ScmEntry.ProtoReflect.Descriptor instead. +func (*ScmEntry) Descriptor() ([]byte, []int) { + return file_sk_packet_proto_rawDescGZIP(), []int{0} +} + +func (x *ScmEntry) GetType() uint32 { + if x != nil && x.Type != nil { + return *x.Type + } + return 0 +} + +func (x *ScmEntry) GetRights() []uint32 { + if x != nil { + return x.Rights + } + return nil +} + +type SkPacketEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + IdFor *uint32 `protobuf:"varint,1,req,name=id_for,json=idFor" json:"id_for,omitempty"` + Length *uint32 `protobuf:"varint,2,req,name=length" json:"length,omitempty"` + // Reserved for message address + // optional bytes addr = 3; + Scm []*ScmEntry `protobuf:"bytes,4,rep,name=scm" json:"scm,omitempty"` +} + +func (x *SkPacketEntry) Reset() { + *x = SkPacketEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_sk_packet_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *SkPacketEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*SkPacketEntry) ProtoMessage() {} + +func (x *SkPacketEntry) ProtoReflect() protoreflect.Message { + mi := &file_sk_packet_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use SkPacketEntry.ProtoReflect.Descriptor instead. +func (*SkPacketEntry) Descriptor() ([]byte, []int) { + return file_sk_packet_proto_rawDescGZIP(), []int{1} +} + +func (x *SkPacketEntry) GetIdFor() uint32 { + if x != nil && x.IdFor != nil { + return *x.IdFor + } + return 0 +} + +func (x *SkPacketEntry) GetLength() uint32 { + if x != nil && x.Length != nil { + return *x.Length + } + return 0 +} + +func (x *SkPacketEntry) GetScm() []*ScmEntry { + if x != nil { + return x.Scm + } + return nil +} + +var File_sk_packet_proto protoreflect.FileDescriptor + +var file_sk_packet_proto_rawDesc = []byte{ + 0x0a, 0x0f, 0x73, 0x6b, 0x2d, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x12, 0x04, 0x63, 0x72, 0x69, 0x75, 0x22, 0x37, 0x0a, 0x09, 0x73, 0x63, 0x6d, 0x5f, 0x65, + 0x6e, 0x74, 0x72, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x02, + 0x28, 0x0d, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x72, 0x69, 0x67, 0x68, + 0x74, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0d, 0x52, 0x06, 0x72, 0x69, 0x67, 0x68, 0x74, 0x73, + 0x22, 0x63, 0x0a, 0x0f, 0x73, 0x6b, 0x5f, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x5f, 0x65, 0x6e, + 0x74, 0x72, 0x79, 0x12, 0x15, 0x0a, 0x06, 0x69, 0x64, 0x5f, 0x66, 0x6f, 0x72, 0x18, 0x01, 0x20, + 0x02, 0x28, 0x0d, 0x52, 0x05, 0x69, 0x64, 0x46, 0x6f, 0x72, 0x12, 0x16, 0x0a, 0x06, 0x6c, 0x65, + 0x6e, 0x67, 0x74, 0x68, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x06, 0x6c, 0x65, 0x6e, 0x67, + 0x74, 0x68, 0x12, 0x21, 0x0a, 0x03, 0x73, 0x63, 0x6d, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, + 0x0f, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x73, 0x63, 0x6d, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, + 0x52, 0x03, 0x73, 0x63, 0x6d, +} + +var ( + file_sk_packet_proto_rawDescOnce sync.Once + file_sk_packet_proto_rawDescData = file_sk_packet_proto_rawDesc +) + +func file_sk_packet_proto_rawDescGZIP() []byte { + file_sk_packet_proto_rawDescOnce.Do(func() { + file_sk_packet_proto_rawDescData = protoimpl.X.CompressGZIP(file_sk_packet_proto_rawDescData) + }) + return file_sk_packet_proto_rawDescData +} + +var file_sk_packet_proto_msgTypes = make([]protoimpl.MessageInfo, 2) +var file_sk_packet_proto_goTypes = []interface{}{ + (*ScmEntry)(nil), // 0: criu.scm_entry + (*SkPacketEntry)(nil), // 1: criu.sk_packet_entry +} +var file_sk_packet_proto_depIdxs = []int32{ + 0, // 0: criu.sk_packet_entry.scm:type_name -> criu.scm_entry + 1, // [1:1] is the sub-list for method output_type + 1, // [1:1] is the sub-list for method input_type + 1, // [1:1] is the sub-list for extension type_name + 1, // [1:1] is the sub-list for extension extendee + 0, // [0:1] is the sub-list for field type_name +} + +func init() { file_sk_packet_proto_init() } +func file_sk_packet_proto_init() { + if File_sk_packet_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_sk_packet_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ScmEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_sk_packet_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*SkPacketEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_sk_packet_proto_rawDesc, + NumEnums: 0, + NumMessages: 2, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_sk_packet_proto_goTypes, + DependencyIndexes: file_sk_packet_proto_depIdxs, + MessageInfos: file_sk_packet_proto_msgTypes, + }.Build() + File_sk_packet_proto = out.File + file_sk_packet_proto_rawDesc = nil + file_sk_packet_proto_goTypes = nil + file_sk_packet_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-packet.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-packet.proto new file mode 100644 index 00000000000..131f2dad13c --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-packet.proto @@ -0,0 +1,19 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +message scm_entry { + required uint32 type = 1; + repeated uint32 rights = 2; +} + +message sk_packet_entry { + required uint32 id_for = 1; + required uint32 length = 2; + // Reserved for message address + // optional bytes addr = 3; + repeated scm_entry scm = 4; + // Reserved for ucred restore + // optional sk_ucred_entry ucred = 128; +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-unix.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-unix.pb.go new file mode 100644 index 00000000000..b9436e9d33e --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-unix.pb.go @@ -0,0 +1,411 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: sk-unix.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type FilePermsEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Mode *uint32 `protobuf:"varint,1,req,name=mode" json:"mode,omitempty"` + Uid *uint32 `protobuf:"varint,2,req,name=uid" json:"uid,omitempty"` + Gid *uint32 `protobuf:"varint,3,req,name=gid" json:"gid,omitempty"` +} + +func (x *FilePermsEntry) Reset() { + *x = FilePermsEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_sk_unix_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *FilePermsEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*FilePermsEntry) ProtoMessage() {} + +func (x *FilePermsEntry) ProtoReflect() protoreflect.Message { + mi := &file_sk_unix_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use FilePermsEntry.ProtoReflect.Descriptor instead. +func (*FilePermsEntry) Descriptor() ([]byte, []int) { + return file_sk_unix_proto_rawDescGZIP(), []int{0} +} + +func (x *FilePermsEntry) GetMode() uint32 { + if x != nil && x.Mode != nil { + return *x.Mode + } + return 0 +} + +func (x *FilePermsEntry) GetUid() uint32 { + if x != nil && x.Uid != nil { + return *x.Uid + } + return 0 +} + +func (x *FilePermsEntry) GetGid() uint32 { + if x != nil && x.Gid != nil { + return *x.Gid + } + return 0 +} + +type UnixSkEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Few words about why we need both -- id and ino. + // + // The former one is used to link file descriptor from + // fdinfo image with the unix_sk_entry that should be + // opened under it. + // + // The latter one ties together unix peers -- the peer + // member on this structure is the ino one of its peer + // and simetimes vise-versa. + Id *uint32 `protobuf:"varint,1,req,name=id" json:"id,omitempty"` + Ino *uint32 `protobuf:"varint,2,req,name=ino" json:"ino,omitempty"` + Type *uint32 `protobuf:"varint,3,req,name=type" json:"type,omitempty"` + State *uint32 `protobuf:"varint,4,req,name=state" json:"state,omitempty"` + Flags *uint32 `protobuf:"varint,5,req,name=flags" json:"flags,omitempty"` + Uflags *uint32 `protobuf:"varint,6,req,name=uflags" json:"uflags,omitempty"` + Backlog *uint32 `protobuf:"varint,7,req,name=backlog" json:"backlog,omitempty"` + Peer *uint32 `protobuf:"varint,8,req,name=peer" json:"peer,omitempty"` + Fown *FownEntry `protobuf:"bytes,9,req,name=fown" json:"fown,omitempty"` + Opts *SkOptsEntry `protobuf:"bytes,10,req,name=opts" json:"opts,omitempty"` + // Abstract name may contain \0 at any point, + // so we need to carry it as byte sequence... + Name []byte `protobuf:"bytes,11,req,name=name" json:"name,omitempty"` + Shutdown *SkShutdown `protobuf:"varint,12,opt,name=shutdown,enum=criu.SkShutdown" json:"shutdown,omitempty"` + FilePerms *FilePermsEntry `protobuf:"bytes,13,opt,name=file_perms,json=filePerms" json:"file_perms,omitempty"` + // Relative socket name may have prefix. + NameDir *string `protobuf:"bytes,14,opt,name=name_dir,json=nameDir" json:"name_dir,omitempty"` + Deleted *bool `protobuf:"varint,15,opt,name=deleted" json:"deleted,omitempty"` + NsId *uint32 `protobuf:"varint,16,opt,name=ns_id,json=nsId" json:"ns_id,omitempty"` + MntId *int32 `protobuf:"zigzag32,17,opt,name=mnt_id,json=mntId,def=-1" json:"mnt_id,omitempty"` // Please, don't use field with number 18. +} + +// Default values for UnixSkEntry fields. +const ( + Default_UnixSkEntry_MntId = int32(-1) +) + +func (x *UnixSkEntry) Reset() { + *x = UnixSkEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_sk_unix_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *UnixSkEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*UnixSkEntry) ProtoMessage() {} + +func (x *UnixSkEntry) ProtoReflect() protoreflect.Message { + mi := &file_sk_unix_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use UnixSkEntry.ProtoReflect.Descriptor instead. +func (*UnixSkEntry) Descriptor() ([]byte, []int) { + return file_sk_unix_proto_rawDescGZIP(), []int{1} +} + +func (x *UnixSkEntry) GetId() uint32 { + if x != nil && x.Id != nil { + return *x.Id + } + return 0 +} + +func (x *UnixSkEntry) GetIno() uint32 { + if x != nil && x.Ino != nil { + return *x.Ino + } + return 0 +} + +func (x *UnixSkEntry) GetType() uint32 { + if x != nil && x.Type != nil { + return *x.Type + } + return 0 +} + +func (x *UnixSkEntry) GetState() uint32 { + if x != nil && x.State != nil { + return *x.State + } + return 0 +} + +func (x *UnixSkEntry) GetFlags() uint32 { + if x != nil && x.Flags != nil { + return *x.Flags + } + return 0 +} + +func (x *UnixSkEntry) GetUflags() uint32 { + if x != nil && x.Uflags != nil { + return *x.Uflags + } + return 0 +} + +func (x *UnixSkEntry) GetBacklog() uint32 { + if x != nil && x.Backlog != nil { + return *x.Backlog + } + return 0 +} + +func (x *UnixSkEntry) GetPeer() uint32 { + if x != nil && x.Peer != nil { + return *x.Peer + } + return 0 +} + +func (x *UnixSkEntry) GetFown() *FownEntry { + if x != nil { + return x.Fown + } + return nil +} + +func (x *UnixSkEntry) GetOpts() *SkOptsEntry { + if x != nil { + return x.Opts + } + return nil +} + +func (x *UnixSkEntry) GetName() []byte { + if x != nil { + return x.Name + } + return nil +} + +func (x *UnixSkEntry) GetShutdown() SkShutdown { + if x != nil && x.Shutdown != nil { + return *x.Shutdown + } + return SkShutdown_NONE +} + +func (x *UnixSkEntry) GetFilePerms() *FilePermsEntry { + if x != nil { + return x.FilePerms + } + return nil +} + +func (x *UnixSkEntry) GetNameDir() string { + if x != nil && x.NameDir != nil { + return *x.NameDir + } + return "" +} + +func (x *UnixSkEntry) GetDeleted() bool { + if x != nil && x.Deleted != nil { + return *x.Deleted + } + return false +} + +func (x *UnixSkEntry) GetNsId() uint32 { + if x != nil && x.NsId != nil { + return *x.NsId + } + return 0 +} + +func (x *UnixSkEntry) GetMntId() int32 { + if x != nil && x.MntId != nil { + return *x.MntId + } + return Default_UnixSkEntry_MntId +} + +var File_sk_unix_proto protoreflect.FileDescriptor + +var file_sk_unix_proto_rawDesc = []byte{ + 0x0a, 0x0d, 0x73, 0x6b, 0x2d, 0x75, 0x6e, 0x69, 0x78, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, + 0x04, 0x63, 0x72, 0x69, 0x75, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x1a, 0x0a, 0x66, 0x6f, 0x77, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0d, 0x73, + 0x6b, 0x2d, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x4a, 0x0a, 0x10, + 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x70, 0x65, 0x72, 0x6d, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, + 0x12, 0x12, 0x0a, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, + 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x69, 0x64, 0x18, 0x02, 0x20, 0x02, 0x28, + 0x0d, 0x52, 0x03, 0x75, 0x69, 0x64, 0x12, 0x10, 0x0a, 0x03, 0x67, 0x69, 0x64, 0x18, 0x03, 0x20, + 0x02, 0x28, 0x0d, 0x52, 0x03, 0x67, 0x69, 0x64, 0x22, 0x95, 0x04, 0x0a, 0x0d, 0x75, 0x6e, 0x69, + 0x78, 0x5f, 0x73, 0x6b, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, + 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, 0x10, 0x0a, 0x03, 0x69, 0x6e, + 0x6f, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, 0x69, 0x6e, 0x6f, 0x12, 0x1b, 0x0a, 0x04, + 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x07, 0xd2, 0x3f, 0x04, 0x32, + 0x02, 0x73, 0x6b, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x1d, 0x0a, 0x05, 0x73, 0x74, 0x61, + 0x74, 0x65, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x07, 0xd2, 0x3f, 0x04, 0x32, 0x02, 0x73, + 0x6b, 0x52, 0x05, 0x73, 0x74, 0x61, 0x74, 0x65, 0x12, 0x1b, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, + 0x73, 0x18, 0x05, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x05, + 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x1d, 0x0a, 0x06, 0x75, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, + 0x06, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x06, 0x75, 0x66, + 0x6c, 0x61, 0x67, 0x73, 0x12, 0x18, 0x0a, 0x07, 0x62, 0x61, 0x63, 0x6b, 0x6c, 0x6f, 0x67, 0x18, + 0x07, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x62, 0x61, 0x63, 0x6b, 0x6c, 0x6f, 0x67, 0x12, 0x12, + 0x0a, 0x04, 0x70, 0x65, 0x65, 0x72, 0x18, 0x08, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x70, 0x65, + 0x65, 0x72, 0x12, 0x24, 0x0a, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x18, 0x09, 0x20, 0x02, 0x28, 0x0b, + 0x32, 0x10, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x66, 0x6f, 0x77, 0x6e, 0x5f, 0x65, 0x6e, 0x74, + 0x72, 0x79, 0x52, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x12, 0x27, 0x0a, 0x04, 0x6f, 0x70, 0x74, 0x73, + 0x18, 0x0a, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x73, 0x6b, + 0x5f, 0x6f, 0x70, 0x74, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x6f, 0x70, 0x74, + 0x73, 0x12, 0x22, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x0b, 0x20, 0x02, 0x28, 0x0c, 0x42, + 0x0e, 0xd2, 0x3f, 0x0b, 0x3a, 0x09, 0x75, 0x6e, 0x69, 0x78, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x52, + 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x2d, 0x0a, 0x08, 0x73, 0x68, 0x75, 0x74, 0x64, 0x6f, 0x77, + 0x6e, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x11, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x73, + 0x6b, 0x5f, 0x73, 0x68, 0x75, 0x74, 0x64, 0x6f, 0x77, 0x6e, 0x52, 0x08, 0x73, 0x68, 0x75, 0x74, + 0x64, 0x6f, 0x77, 0x6e, 0x12, 0x35, 0x0a, 0x0a, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x70, 0x65, 0x72, + 0x6d, 0x73, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, + 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x70, 0x65, 0x72, 0x6d, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, + 0x52, 0x09, 0x66, 0x69, 0x6c, 0x65, 0x50, 0x65, 0x72, 0x6d, 0x73, 0x12, 0x19, 0x0a, 0x08, 0x6e, + 0x61, 0x6d, 0x65, 0x5f, 0x64, 0x69, 0x72, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x6e, + 0x61, 0x6d, 0x65, 0x44, 0x69, 0x72, 0x12, 0x18, 0x0a, 0x07, 0x64, 0x65, 0x6c, 0x65, 0x74, 0x65, + 0x64, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x64, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x64, + 0x12, 0x13, 0x0a, 0x05, 0x6e, 0x73, 0x5f, 0x69, 0x64, 0x18, 0x10, 0x20, 0x01, 0x28, 0x0d, 0x52, + 0x04, 0x6e, 0x73, 0x49, 0x64, 0x12, 0x19, 0x0a, 0x06, 0x6d, 0x6e, 0x74, 0x5f, 0x69, 0x64, 0x18, + 0x11, 0x20, 0x01, 0x28, 0x11, 0x3a, 0x02, 0x2d, 0x31, 0x52, 0x05, 0x6d, 0x6e, 0x74, 0x49, 0x64, +} + +var ( + file_sk_unix_proto_rawDescOnce sync.Once + file_sk_unix_proto_rawDescData = file_sk_unix_proto_rawDesc +) + +func file_sk_unix_proto_rawDescGZIP() []byte { + file_sk_unix_proto_rawDescOnce.Do(func() { + file_sk_unix_proto_rawDescData = protoimpl.X.CompressGZIP(file_sk_unix_proto_rawDescData) + }) + return file_sk_unix_proto_rawDescData +} + +var file_sk_unix_proto_msgTypes = make([]protoimpl.MessageInfo, 2) +var file_sk_unix_proto_goTypes = []interface{}{ + (*FilePermsEntry)(nil), // 0: criu.file_perms_entry + (*UnixSkEntry)(nil), // 1: criu.unix_sk_entry + (*FownEntry)(nil), // 2: criu.fown_entry + (*SkOptsEntry)(nil), // 3: criu.sk_opts_entry + (SkShutdown)(0), // 4: criu.sk_shutdown +} +var file_sk_unix_proto_depIdxs = []int32{ + 2, // 0: criu.unix_sk_entry.fown:type_name -> criu.fown_entry + 3, // 1: criu.unix_sk_entry.opts:type_name -> criu.sk_opts_entry + 4, // 2: criu.unix_sk_entry.shutdown:type_name -> criu.sk_shutdown + 0, // 3: criu.unix_sk_entry.file_perms:type_name -> criu.file_perms_entry + 4, // [4:4] is the sub-list for method output_type + 4, // [4:4] is the sub-list for method input_type + 4, // [4:4] is the sub-list for extension type_name + 4, // [4:4] is the sub-list for extension extendee + 0, // [0:4] is the sub-list for field type_name +} + +func init() { file_sk_unix_proto_init() } +func file_sk_unix_proto_init() { + if File_sk_unix_proto != nil { + return + } + file_opts_proto_init() + file_fown_proto_init() + file_sk_opts_proto_init() + if !protoimpl.UnsafeEnabled { + file_sk_unix_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*FilePermsEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_sk_unix_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*UnixSkEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_sk_unix_proto_rawDesc, + NumEnums: 0, + NumMessages: 2, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_sk_unix_proto_goTypes, + DependencyIndexes: file_sk_unix_proto_depIdxs, + MessageInfos: file_sk_unix_proto_msgTypes, + }.Build() + File_sk_unix_proto = out.File + file_sk_unix_proto_rawDesc = nil + file_sk_unix_proto_goTypes = nil + file_sk_unix_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-unix.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-unix.proto new file mode 100644 index 00000000000..f40875aeb95 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-unix.proto @@ -0,0 +1,58 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +import "opts.proto"; +import "fown.proto"; +import "sk-opts.proto"; + +message file_perms_entry { + required uint32 mode = 1; + required uint32 uid = 2; + required uint32 gid = 3; +} + +message unix_sk_entry { + /* + * Few words about why we need both -- id and ino. + * + * The former one is used to link file descriptor from + * fdinfo image with the unix_sk_entry that should be + * opened under it. + * + * The latter one ties together unix peers -- the peer + * member on this structure is the ino one of its peer + * and simetimes vise-versa. + */ + required uint32 id = 1; + required uint32 ino = 2; + required uint32 type = 3 [(criu).dict = "sk"]; + required uint32 state = 4 [(criu).dict = "sk"]; + required uint32 flags = 5 [(criu).hex = true]; + required uint32 uflags = 6 [(criu).hex = true]; + required uint32 backlog = 7; + required uint32 peer = 8; + required fown_entry fown = 9; + required sk_opts_entry opts = 10; + + /* + * Abstract name may contain \0 at any point, + * so we need to carry it as byte sequence... + */ + required bytes name = 11 [(criu).conv = "unix_name"]; + + optional sk_shutdown shutdown = 12; + + optional file_perms_entry file_perms = 13; + + /* + * Relative socket name may have prefix. + */ + optional string name_dir = 14; + optional bool deleted = 15; + + optional uint32 ns_id = 16; + optional sint32 mnt_id = 17 [default = -1]; + /* Please, don't use field with number 18. */ +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/stats.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/stats.pb.go new file mode 100644 index 00000000000..f7ae72fdaf1 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/stats.pb.go @@ -0,0 +1,462 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: stats.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// This one contains statistics about dump/restore process +type DumpStatsEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + FreezingTime *uint32 `protobuf:"varint,1,req,name=freezing_time,json=freezingTime" json:"freezing_time,omitempty"` + FrozenTime *uint32 `protobuf:"varint,2,req,name=frozen_time,json=frozenTime" json:"frozen_time,omitempty"` + MemdumpTime *uint32 `protobuf:"varint,3,req,name=memdump_time,json=memdumpTime" json:"memdump_time,omitempty"` + MemwriteTime *uint32 `protobuf:"varint,4,req,name=memwrite_time,json=memwriteTime" json:"memwrite_time,omitempty"` + PagesScanned *uint64 `protobuf:"varint,5,req,name=pages_scanned,json=pagesScanned" json:"pages_scanned,omitempty"` + PagesSkippedParent *uint64 `protobuf:"varint,6,req,name=pages_skipped_parent,json=pagesSkippedParent" json:"pages_skipped_parent,omitempty"` + PagesWritten *uint64 `protobuf:"varint,7,req,name=pages_written,json=pagesWritten" json:"pages_written,omitempty"` + IrmapResolve *uint32 `protobuf:"varint,8,opt,name=irmap_resolve,json=irmapResolve" json:"irmap_resolve,omitempty"` + PagesLazy *uint64 `protobuf:"varint,9,req,name=pages_lazy,json=pagesLazy" json:"pages_lazy,omitempty"` + PagePipes *uint64 `protobuf:"varint,10,opt,name=page_pipes,json=pagePipes" json:"page_pipes,omitempty"` + PagePipeBufs *uint64 `protobuf:"varint,11,opt,name=page_pipe_bufs,json=pagePipeBufs" json:"page_pipe_bufs,omitempty"` + ShpagesScanned *uint64 `protobuf:"varint,12,opt,name=shpages_scanned,json=shpagesScanned" json:"shpages_scanned,omitempty"` + ShpagesSkippedParent *uint64 `protobuf:"varint,13,opt,name=shpages_skipped_parent,json=shpagesSkippedParent" json:"shpages_skipped_parent,omitempty"` + ShpagesWritten *uint64 `protobuf:"varint,14,opt,name=shpages_written,json=shpagesWritten" json:"shpages_written,omitempty"` +} + +func (x *DumpStatsEntry) Reset() { + *x = DumpStatsEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_stats_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *DumpStatsEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*DumpStatsEntry) ProtoMessage() {} + +func (x *DumpStatsEntry) ProtoReflect() protoreflect.Message { + mi := &file_stats_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use DumpStatsEntry.ProtoReflect.Descriptor instead. +func (*DumpStatsEntry) Descriptor() ([]byte, []int) { + return file_stats_proto_rawDescGZIP(), []int{0} +} + +func (x *DumpStatsEntry) GetFreezingTime() uint32 { + if x != nil && x.FreezingTime != nil { + return *x.FreezingTime + } + return 0 +} + +func (x *DumpStatsEntry) GetFrozenTime() uint32 { + if x != nil && x.FrozenTime != nil { + return *x.FrozenTime + } + return 0 +} + +func (x *DumpStatsEntry) GetMemdumpTime() uint32 { + if x != nil && x.MemdumpTime != nil { + return *x.MemdumpTime + } + return 0 +} + +func (x *DumpStatsEntry) GetMemwriteTime() uint32 { + if x != nil && x.MemwriteTime != nil { + return *x.MemwriteTime + } + return 0 +} + +func (x *DumpStatsEntry) GetPagesScanned() uint64 { + if x != nil && x.PagesScanned != nil { + return *x.PagesScanned + } + return 0 +} + +func (x *DumpStatsEntry) GetPagesSkippedParent() uint64 { + if x != nil && x.PagesSkippedParent != nil { + return *x.PagesSkippedParent + } + return 0 +} + +func (x *DumpStatsEntry) GetPagesWritten() uint64 { + if x != nil && x.PagesWritten != nil { + return *x.PagesWritten + } + return 0 +} + +func (x *DumpStatsEntry) GetIrmapResolve() uint32 { + if x != nil && x.IrmapResolve != nil { + return *x.IrmapResolve + } + return 0 +} + +func (x *DumpStatsEntry) GetPagesLazy() uint64 { + if x != nil && x.PagesLazy != nil { + return *x.PagesLazy + } + return 0 +} + +func (x *DumpStatsEntry) GetPagePipes() uint64 { + if x != nil && x.PagePipes != nil { + return *x.PagePipes + } + return 0 +} + +func (x *DumpStatsEntry) GetPagePipeBufs() uint64 { + if x != nil && x.PagePipeBufs != nil { + return *x.PagePipeBufs + } + return 0 +} + +func (x *DumpStatsEntry) GetShpagesScanned() uint64 { + if x != nil && x.ShpagesScanned != nil { + return *x.ShpagesScanned + } + return 0 +} + +func (x *DumpStatsEntry) GetShpagesSkippedParent() uint64 { + if x != nil && x.ShpagesSkippedParent != nil { + return *x.ShpagesSkippedParent + } + return 0 +} + +func (x *DumpStatsEntry) GetShpagesWritten() uint64 { + if x != nil && x.ShpagesWritten != nil { + return *x.ShpagesWritten + } + return 0 +} + +type RestoreStatsEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + PagesCompared *uint64 `protobuf:"varint,1,req,name=pages_compared,json=pagesCompared" json:"pages_compared,omitempty"` + PagesSkippedCow *uint64 `protobuf:"varint,2,req,name=pages_skipped_cow,json=pagesSkippedCow" json:"pages_skipped_cow,omitempty"` + ForkingTime *uint32 `protobuf:"varint,3,req,name=forking_time,json=forkingTime" json:"forking_time,omitempty"` + RestoreTime *uint32 `protobuf:"varint,4,req,name=restore_time,json=restoreTime" json:"restore_time,omitempty"` + PagesRestored *uint64 `protobuf:"varint,5,opt,name=pages_restored,json=pagesRestored" json:"pages_restored,omitempty"` +} + +func (x *RestoreStatsEntry) Reset() { + *x = RestoreStatsEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_stats_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *RestoreStatsEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*RestoreStatsEntry) ProtoMessage() {} + +func (x *RestoreStatsEntry) ProtoReflect() protoreflect.Message { + mi := &file_stats_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use RestoreStatsEntry.ProtoReflect.Descriptor instead. +func (*RestoreStatsEntry) Descriptor() ([]byte, []int) { + return file_stats_proto_rawDescGZIP(), []int{1} +} + +func (x *RestoreStatsEntry) GetPagesCompared() uint64 { + if x != nil && x.PagesCompared != nil { + return *x.PagesCompared + } + return 0 +} + +func (x *RestoreStatsEntry) GetPagesSkippedCow() uint64 { + if x != nil && x.PagesSkippedCow != nil { + return *x.PagesSkippedCow + } + return 0 +} + +func (x *RestoreStatsEntry) GetForkingTime() uint32 { + if x != nil && x.ForkingTime != nil { + return *x.ForkingTime + } + return 0 +} + +func (x *RestoreStatsEntry) GetRestoreTime() uint32 { + if x != nil && x.RestoreTime != nil { + return *x.RestoreTime + } + return 0 +} + +func (x *RestoreStatsEntry) GetPagesRestored() uint64 { + if x != nil && x.PagesRestored != nil { + return *x.PagesRestored + } + return 0 +} + +type StatsEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Dump *DumpStatsEntry `protobuf:"bytes,1,opt,name=dump" json:"dump,omitempty"` + Restore *RestoreStatsEntry `protobuf:"bytes,2,opt,name=restore" json:"restore,omitempty"` +} + +func (x *StatsEntry) Reset() { + *x = StatsEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_stats_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *StatsEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*StatsEntry) ProtoMessage() {} + +func (x *StatsEntry) ProtoReflect() protoreflect.Message { + mi := &file_stats_proto_msgTypes[2] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use StatsEntry.ProtoReflect.Descriptor instead. +func (*StatsEntry) Descriptor() ([]byte, []int) { + return file_stats_proto_rawDescGZIP(), []int{2} +} + +func (x *StatsEntry) GetDump() *DumpStatsEntry { + if x != nil { + return x.Dump + } + return nil +} + +func (x *StatsEntry) GetRestore() *RestoreStatsEntry { + if x != nil { + return x.Restore + } + return nil +} + +var File_stats_proto protoreflect.FileDescriptor + +var file_stats_proto_rawDesc = []byte{ + 0x0a, 0x0b, 0x73, 0x74, 0x61, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x63, + 0x72, 0x69, 0x75, 0x22, 0xad, 0x04, 0x0a, 0x10, 0x64, 0x75, 0x6d, 0x70, 0x5f, 0x73, 0x74, 0x61, + 0x74, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x23, 0x0a, 0x0d, 0x66, 0x72, 0x65, 0x65, + 0x7a, 0x69, 0x6e, 0x67, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, + 0x0c, 0x66, 0x72, 0x65, 0x65, 0x7a, 0x69, 0x6e, 0x67, 0x54, 0x69, 0x6d, 0x65, 0x12, 0x1f, 0x0a, + 0x0b, 0x66, 0x72, 0x6f, 0x7a, 0x65, 0x6e, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x02, + 0x28, 0x0d, 0x52, 0x0a, 0x66, 0x72, 0x6f, 0x7a, 0x65, 0x6e, 0x54, 0x69, 0x6d, 0x65, 0x12, 0x21, + 0x0a, 0x0c, 0x6d, 0x65, 0x6d, 0x64, 0x75, 0x6d, 0x70, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x03, + 0x20, 0x02, 0x28, 0x0d, 0x52, 0x0b, 0x6d, 0x65, 0x6d, 0x64, 0x75, 0x6d, 0x70, 0x54, 0x69, 0x6d, + 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x6d, 0x65, 0x6d, 0x77, 0x72, 0x69, 0x74, 0x65, 0x5f, 0x74, 0x69, + 0x6d, 0x65, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x0c, 0x6d, 0x65, 0x6d, 0x77, 0x72, 0x69, + 0x74, 0x65, 0x54, 0x69, 0x6d, 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x70, 0x61, 0x67, 0x65, 0x73, 0x5f, + 0x73, 0x63, 0x61, 0x6e, 0x6e, 0x65, 0x64, 0x18, 0x05, 0x20, 0x02, 0x28, 0x04, 0x52, 0x0c, 0x70, + 0x61, 0x67, 0x65, 0x73, 0x53, 0x63, 0x61, 0x6e, 0x6e, 0x65, 0x64, 0x12, 0x30, 0x0a, 0x14, 0x70, + 0x61, 0x67, 0x65, 0x73, 0x5f, 0x73, 0x6b, 0x69, 0x70, 0x70, 0x65, 0x64, 0x5f, 0x70, 0x61, 0x72, + 0x65, 0x6e, 0x74, 0x18, 0x06, 0x20, 0x02, 0x28, 0x04, 0x52, 0x12, 0x70, 0x61, 0x67, 0x65, 0x73, + 0x53, 0x6b, 0x69, 0x70, 0x70, 0x65, 0x64, 0x50, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x12, 0x23, 0x0a, + 0x0d, 0x70, 0x61, 0x67, 0x65, 0x73, 0x5f, 0x77, 0x72, 0x69, 0x74, 0x74, 0x65, 0x6e, 0x18, 0x07, + 0x20, 0x02, 0x28, 0x04, 0x52, 0x0c, 0x70, 0x61, 0x67, 0x65, 0x73, 0x57, 0x72, 0x69, 0x74, 0x74, + 0x65, 0x6e, 0x12, 0x23, 0x0a, 0x0d, 0x69, 0x72, 0x6d, 0x61, 0x70, 0x5f, 0x72, 0x65, 0x73, 0x6f, + 0x6c, 0x76, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0c, 0x69, 0x72, 0x6d, 0x61, 0x70, + 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x70, 0x61, 0x67, 0x65, 0x73, + 0x5f, 0x6c, 0x61, 0x7a, 0x79, 0x18, 0x09, 0x20, 0x02, 0x28, 0x04, 0x52, 0x09, 0x70, 0x61, 0x67, + 0x65, 0x73, 0x4c, 0x61, 0x7a, 0x79, 0x12, 0x1d, 0x0a, 0x0a, 0x70, 0x61, 0x67, 0x65, 0x5f, 0x70, + 0x69, 0x70, 0x65, 0x73, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x04, 0x52, 0x09, 0x70, 0x61, 0x67, 0x65, + 0x50, 0x69, 0x70, 0x65, 0x73, 0x12, 0x24, 0x0a, 0x0e, 0x70, 0x61, 0x67, 0x65, 0x5f, 0x70, 0x69, + 0x70, 0x65, 0x5f, 0x62, 0x75, 0x66, 0x73, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0c, 0x70, + 0x61, 0x67, 0x65, 0x50, 0x69, 0x70, 0x65, 0x42, 0x75, 0x66, 0x73, 0x12, 0x27, 0x0a, 0x0f, 0x73, + 0x68, 0x70, 0x61, 0x67, 0x65, 0x73, 0x5f, 0x73, 0x63, 0x61, 0x6e, 0x6e, 0x65, 0x64, 0x18, 0x0c, + 0x20, 0x01, 0x28, 0x04, 0x52, 0x0e, 0x73, 0x68, 0x70, 0x61, 0x67, 0x65, 0x73, 0x53, 0x63, 0x61, + 0x6e, 0x6e, 0x65, 0x64, 0x12, 0x34, 0x0a, 0x16, 0x73, 0x68, 0x70, 0x61, 0x67, 0x65, 0x73, 0x5f, + 0x73, 0x6b, 0x69, 0x70, 0x70, 0x65, 0x64, 0x5f, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x18, 0x0d, + 0x20, 0x01, 0x28, 0x04, 0x52, 0x14, 0x73, 0x68, 0x70, 0x61, 0x67, 0x65, 0x73, 0x53, 0x6b, 0x69, + 0x70, 0x70, 0x65, 0x64, 0x50, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x12, 0x27, 0x0a, 0x0f, 0x73, 0x68, + 0x70, 0x61, 0x67, 0x65, 0x73, 0x5f, 0x77, 0x72, 0x69, 0x74, 0x74, 0x65, 0x6e, 0x18, 0x0e, 0x20, + 0x01, 0x28, 0x04, 0x52, 0x0e, 0x73, 0x68, 0x70, 0x61, 0x67, 0x65, 0x73, 0x57, 0x72, 0x69, 0x74, + 0x74, 0x65, 0x6e, 0x22, 0xd5, 0x01, 0x0a, 0x13, 0x72, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x5f, + 0x73, 0x74, 0x61, 0x74, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x25, 0x0a, 0x0e, 0x70, + 0x61, 0x67, 0x65, 0x73, 0x5f, 0x63, 0x6f, 0x6d, 0x70, 0x61, 0x72, 0x65, 0x64, 0x18, 0x01, 0x20, + 0x02, 0x28, 0x04, 0x52, 0x0d, 0x70, 0x61, 0x67, 0x65, 0x73, 0x43, 0x6f, 0x6d, 0x70, 0x61, 0x72, + 0x65, 0x64, 0x12, 0x2a, 0x0a, 0x11, 0x70, 0x61, 0x67, 0x65, 0x73, 0x5f, 0x73, 0x6b, 0x69, 0x70, + 0x70, 0x65, 0x64, 0x5f, 0x63, 0x6f, 0x77, 0x18, 0x02, 0x20, 0x02, 0x28, 0x04, 0x52, 0x0f, 0x70, + 0x61, 0x67, 0x65, 0x73, 0x53, 0x6b, 0x69, 0x70, 0x70, 0x65, 0x64, 0x43, 0x6f, 0x77, 0x12, 0x21, + 0x0a, 0x0c, 0x66, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x03, + 0x20, 0x02, 0x28, 0x0d, 0x52, 0x0b, 0x66, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x54, 0x69, 0x6d, + 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x72, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x5f, 0x74, 0x69, 0x6d, + 0x65, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x0b, 0x72, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, + 0x54, 0x69, 0x6d, 0x65, 0x12, 0x25, 0x0a, 0x0e, 0x70, 0x61, 0x67, 0x65, 0x73, 0x5f, 0x72, 0x65, + 0x73, 0x74, 0x6f, 0x72, 0x65, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0d, 0x70, 0x61, + 0x67, 0x65, 0x73, 0x52, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x64, 0x22, 0x6e, 0x0a, 0x0b, 0x73, + 0x74, 0x61, 0x74, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x2a, 0x0a, 0x04, 0x64, 0x75, + 0x6d, 0x70, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, + 0x64, 0x75, 0x6d, 0x70, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, + 0x52, 0x04, 0x64, 0x75, 0x6d, 0x70, 0x12, 0x33, 0x0a, 0x07, 0x72, 0x65, 0x73, 0x74, 0x6f, 0x72, + 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x72, + 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x73, 0x5f, 0x65, 0x6e, 0x74, + 0x72, 0x79, 0x52, 0x07, 0x72, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, +} + +var ( + file_stats_proto_rawDescOnce sync.Once + file_stats_proto_rawDescData = file_stats_proto_rawDesc +) + +func file_stats_proto_rawDescGZIP() []byte { + file_stats_proto_rawDescOnce.Do(func() { + file_stats_proto_rawDescData = protoimpl.X.CompressGZIP(file_stats_proto_rawDescData) + }) + return file_stats_proto_rawDescData +} + +var file_stats_proto_msgTypes = make([]protoimpl.MessageInfo, 3) +var file_stats_proto_goTypes = []interface{}{ + (*DumpStatsEntry)(nil), // 0: criu.dump_stats_entry + (*RestoreStatsEntry)(nil), // 1: criu.restore_stats_entry + (*StatsEntry)(nil), // 2: criu.stats_entry +} +var file_stats_proto_depIdxs = []int32{ + 0, // 0: criu.stats_entry.dump:type_name -> criu.dump_stats_entry + 1, // 1: criu.stats_entry.restore:type_name -> criu.restore_stats_entry + 2, // [2:2] is the sub-list for method output_type + 2, // [2:2] is the sub-list for method input_type + 2, // [2:2] is the sub-list for extension type_name + 2, // [2:2] is the sub-list for extension extendee + 0, // [0:2] is the sub-list for field type_name +} + +func init() { file_stats_proto_init() } +func file_stats_proto_init() { + if File_stats_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_stats_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*DumpStatsEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_stats_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*RestoreStatsEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_stats_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*StatsEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_stats_proto_rawDesc, + NumEnums: 0, + NumMessages: 3, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_stats_proto_goTypes, + DependencyIndexes: file_stats_proto_depIdxs, + MessageInfos: file_stats_proto_msgTypes, + }.Build() + File_stats_proto = out.File + file_stats_proto_rawDesc = nil + file_stats_proto_goTypes = nil + file_stats_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/stats.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/stats.proto new file mode 100644 index 00000000000..f71316c9fc4 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/stats.proto @@ -0,0 +1,41 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +// This one contains statistics about dump/restore process +message dump_stats_entry { + required uint32 freezing_time = 1; + required uint32 frozen_time = 2; + required uint32 memdump_time = 3; + required uint32 memwrite_time = 4; + + required uint64 pages_scanned = 5; + required uint64 pages_skipped_parent = 6; + required uint64 pages_written = 7; + + optional uint32 irmap_resolve = 8; + + required uint64 pages_lazy = 9; + optional uint64 page_pipes = 10; + optional uint64 page_pipe_bufs = 11; + + optional uint64 shpages_scanned = 12; + optional uint64 shpages_skipped_parent = 13; + optional uint64 shpages_written = 14; +} + +message restore_stats_entry { + required uint64 pages_compared = 1; + required uint64 pages_skipped_cow = 2; + + required uint32 forking_time = 3; + required uint32 restore_time = 4; + + optional uint64 pages_restored = 5; +} + +message stats_entry { + optional dump_stats_entry dump = 1; + optional restore_stats_entry restore = 2; +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sysctl.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sysctl.pb.go new file mode 100644 index 00000000000..a89b92a12f4 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sysctl.pb.go @@ -0,0 +1,224 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: sysctl.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type SysctlType int32 + +const ( + SysctlType_CTL_STR SysctlType = 5 + SysctlType_CTL_32 SysctlType = 6 +) + +// Enum value maps for SysctlType. +var ( + SysctlType_name = map[int32]string{ + 5: "CTL_STR", + 6: "CTL_32", + } + SysctlType_value = map[string]int32{ + "CTL_STR": 5, + "CTL_32": 6, + } +) + +func (x SysctlType) Enum() *SysctlType { + p := new(SysctlType) + *p = x + return p +} + +func (x SysctlType) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (SysctlType) Descriptor() protoreflect.EnumDescriptor { + return file_sysctl_proto_enumTypes[0].Descriptor() +} + +func (SysctlType) Type() protoreflect.EnumType { + return &file_sysctl_proto_enumTypes[0] +} + +func (x SysctlType) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Do not use. +func (x *SysctlType) UnmarshalJSON(b []byte) error { + num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b) + if err != nil { + return err + } + *x = SysctlType(num) + return nil +} + +// Deprecated: Use SysctlType.Descriptor instead. +func (SysctlType) EnumDescriptor() ([]byte, []int) { + return file_sysctl_proto_rawDescGZIP(), []int{0} +} + +type SysctlEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Type *SysctlType `protobuf:"varint,1,req,name=type,enum=criu.SysctlType" json:"type,omitempty"` + Iarg *int32 `protobuf:"varint,2,opt,name=iarg" json:"iarg,omitempty"` + Sarg *string `protobuf:"bytes,3,opt,name=sarg" json:"sarg,omitempty"` +} + +func (x *SysctlEntry) Reset() { + *x = SysctlEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_sysctl_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *SysctlEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*SysctlEntry) ProtoMessage() {} + +func (x *SysctlEntry) ProtoReflect() protoreflect.Message { + mi := &file_sysctl_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use SysctlEntry.ProtoReflect.Descriptor instead. +func (*SysctlEntry) Descriptor() ([]byte, []int) { + return file_sysctl_proto_rawDescGZIP(), []int{0} +} + +func (x *SysctlEntry) GetType() SysctlType { + if x != nil && x.Type != nil { + return *x.Type + } + return SysctlType_CTL_STR +} + +func (x *SysctlEntry) GetIarg() int32 { + if x != nil && x.Iarg != nil { + return *x.Iarg + } + return 0 +} + +func (x *SysctlEntry) GetSarg() string { + if x != nil && x.Sarg != nil { + return *x.Sarg + } + return "" +} + +var File_sysctl_proto protoreflect.FileDescriptor + +var file_sysctl_proto_rawDesc = []byte{ + 0x0a, 0x0c, 0x73, 0x79, 0x73, 0x63, 0x74, 0x6c, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, + 0x63, 0x72, 0x69, 0x75, 0x22, 0x5c, 0x0a, 0x0c, 0x73, 0x79, 0x73, 0x63, 0x74, 0x6c, 0x5f, 0x65, + 0x6e, 0x74, 0x72, 0x79, 0x12, 0x24, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x02, + 0x28, 0x0e, 0x32, 0x10, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x53, 0x79, 0x73, 0x63, 0x74, 0x6c, + 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x69, 0x61, + 0x72, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x04, 0x69, 0x61, 0x72, 0x67, 0x12, 0x12, + 0x0a, 0x04, 0x73, 0x61, 0x72, 0x67, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x73, 0x61, + 0x72, 0x67, 0x2a, 0x25, 0x0a, 0x0a, 0x53, 0x79, 0x73, 0x63, 0x74, 0x6c, 0x54, 0x79, 0x70, 0x65, + 0x12, 0x0b, 0x0a, 0x07, 0x43, 0x54, 0x4c, 0x5f, 0x53, 0x54, 0x52, 0x10, 0x05, 0x12, 0x0a, 0x0a, + 0x06, 0x43, 0x54, 0x4c, 0x5f, 0x33, 0x32, 0x10, 0x06, +} + +var ( + file_sysctl_proto_rawDescOnce sync.Once + file_sysctl_proto_rawDescData = file_sysctl_proto_rawDesc +) + +func file_sysctl_proto_rawDescGZIP() []byte { + file_sysctl_proto_rawDescOnce.Do(func() { + file_sysctl_proto_rawDescData = protoimpl.X.CompressGZIP(file_sysctl_proto_rawDescData) + }) + return file_sysctl_proto_rawDescData +} + +var file_sysctl_proto_enumTypes = make([]protoimpl.EnumInfo, 1) +var file_sysctl_proto_msgTypes = make([]protoimpl.MessageInfo, 1) +var file_sysctl_proto_goTypes = []interface{}{ + (SysctlType)(0), // 0: criu.SysctlType + (*SysctlEntry)(nil), // 1: criu.sysctl_entry +} +var file_sysctl_proto_depIdxs = []int32{ + 0, // 0: criu.sysctl_entry.type:type_name -> criu.SysctlType + 1, // [1:1] is the sub-list for method output_type + 1, // [1:1] is the sub-list for method input_type + 1, // [1:1] is the sub-list for extension type_name + 1, // [1:1] is the sub-list for extension extendee + 0, // [0:1] is the sub-list for field type_name +} + +func init() { file_sysctl_proto_init() } +func file_sysctl_proto_init() { + if File_sysctl_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_sysctl_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*SysctlEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_sysctl_proto_rawDesc, + NumEnums: 1, + NumMessages: 1, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_sysctl_proto_goTypes, + DependencyIndexes: file_sysctl_proto_depIdxs, + EnumInfos: file_sysctl_proto_enumTypes, + MessageInfos: file_sysctl_proto_msgTypes, + }.Build() + File_sysctl_proto = out.File + file_sysctl_proto_rawDesc = nil + file_sysctl_proto_goTypes = nil + file_sysctl_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sysctl.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sysctl.proto new file mode 100644 index 00000000000..ee4bb760866 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sysctl.proto @@ -0,0 +1,16 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +enum SysctlType { + CTL_STR = 5; + CTL_32 = 6; +} + +message sysctl_entry { + required SysctlType type = 1; + + optional int32 iarg = 2; + optional string sarg = 3; +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tcp-stream.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tcp-stream.pb.go new file mode 100644 index 00000000000..d69c1ea4c5b --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tcp-stream.pb.go @@ -0,0 +1,300 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: tcp-stream.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type TcpStreamEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + InqLen *uint32 `protobuf:"varint,1,req,name=inq_len,json=inqLen" json:"inq_len,omitempty"` + InqSeq *uint32 `protobuf:"varint,2,req,name=inq_seq,json=inqSeq" json:"inq_seq,omitempty"` + OutqLen *uint32 `protobuf:"varint,3,req,name=outq_len,json=outqLen" json:"outq_len,omitempty"` // unsent and sent data in the send queue + OutqSeq *uint32 `protobuf:"varint,4,req,name=outq_seq,json=outqSeq" json:"outq_seq,omitempty"` + OptMask *uint32 `protobuf:"varint,5,req,name=opt_mask,json=optMask" json:"opt_mask,omitempty"` // TCPI_OPT_ bits + SndWscale *uint32 `protobuf:"varint,6,req,name=snd_wscale,json=sndWscale" json:"snd_wscale,omitempty"` + MssClamp *uint32 `protobuf:"varint,7,req,name=mss_clamp,json=mssClamp" json:"mss_clamp,omitempty"` + RcvWscale *uint32 `protobuf:"varint,8,opt,name=rcv_wscale,json=rcvWscale" json:"rcv_wscale,omitempty"` + Timestamp *uint32 `protobuf:"varint,9,opt,name=timestamp" json:"timestamp,omitempty"` + Cork *bool `protobuf:"varint,10,opt,name=cork" json:"cork,omitempty"` + Nodelay *bool `protobuf:"varint,11,opt,name=nodelay" json:"nodelay,omitempty"` + UnsqLen *uint32 `protobuf:"varint,12,opt,name=unsq_len,json=unsqLen" json:"unsq_len,omitempty"` // unsent data in the send queue + SndWl1 *uint32 `protobuf:"varint,13,opt,name=snd_wl1,json=sndWl1" json:"snd_wl1,omitempty"` + SndWnd *uint32 `protobuf:"varint,14,opt,name=snd_wnd,json=sndWnd" json:"snd_wnd,omitempty"` + MaxWindow *uint32 `protobuf:"varint,15,opt,name=max_window,json=maxWindow" json:"max_window,omitempty"` + RcvWnd *uint32 `protobuf:"varint,16,opt,name=rcv_wnd,json=rcvWnd" json:"rcv_wnd,omitempty"` + RcvWup *uint32 `protobuf:"varint,17,opt,name=rcv_wup,json=rcvWup" json:"rcv_wup,omitempty"` +} + +func (x *TcpStreamEntry) Reset() { + *x = TcpStreamEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_tcp_stream_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *TcpStreamEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*TcpStreamEntry) ProtoMessage() {} + +func (x *TcpStreamEntry) ProtoReflect() protoreflect.Message { + mi := &file_tcp_stream_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use TcpStreamEntry.ProtoReflect.Descriptor instead. +func (*TcpStreamEntry) Descriptor() ([]byte, []int) { + return file_tcp_stream_proto_rawDescGZIP(), []int{0} +} + +func (x *TcpStreamEntry) GetInqLen() uint32 { + if x != nil && x.InqLen != nil { + return *x.InqLen + } + return 0 +} + +func (x *TcpStreamEntry) GetInqSeq() uint32 { + if x != nil && x.InqSeq != nil { + return *x.InqSeq + } + return 0 +} + +func (x *TcpStreamEntry) GetOutqLen() uint32 { + if x != nil && x.OutqLen != nil { + return *x.OutqLen + } + return 0 +} + +func (x *TcpStreamEntry) GetOutqSeq() uint32 { + if x != nil && x.OutqSeq != nil { + return *x.OutqSeq + } + return 0 +} + +func (x *TcpStreamEntry) GetOptMask() uint32 { + if x != nil && x.OptMask != nil { + return *x.OptMask + } + return 0 +} + +func (x *TcpStreamEntry) GetSndWscale() uint32 { + if x != nil && x.SndWscale != nil { + return *x.SndWscale + } + return 0 +} + +func (x *TcpStreamEntry) GetMssClamp() uint32 { + if x != nil && x.MssClamp != nil { + return *x.MssClamp + } + return 0 +} + +func (x *TcpStreamEntry) GetRcvWscale() uint32 { + if x != nil && x.RcvWscale != nil { + return *x.RcvWscale + } + return 0 +} + +func (x *TcpStreamEntry) GetTimestamp() uint32 { + if x != nil && x.Timestamp != nil { + return *x.Timestamp + } + return 0 +} + +func (x *TcpStreamEntry) GetCork() bool { + if x != nil && x.Cork != nil { + return *x.Cork + } + return false +} + +func (x *TcpStreamEntry) GetNodelay() bool { + if x != nil && x.Nodelay != nil { + return *x.Nodelay + } + return false +} + +func (x *TcpStreamEntry) GetUnsqLen() uint32 { + if x != nil && x.UnsqLen != nil { + return *x.UnsqLen + } + return 0 +} + +func (x *TcpStreamEntry) GetSndWl1() uint32 { + if x != nil && x.SndWl1 != nil { + return *x.SndWl1 + } + return 0 +} + +func (x *TcpStreamEntry) GetSndWnd() uint32 { + if x != nil && x.SndWnd != nil { + return *x.SndWnd + } + return 0 +} + +func (x *TcpStreamEntry) GetMaxWindow() uint32 { + if x != nil && x.MaxWindow != nil { + return *x.MaxWindow + } + return 0 +} + +func (x *TcpStreamEntry) GetRcvWnd() uint32 { + if x != nil && x.RcvWnd != nil { + return *x.RcvWnd + } + return 0 +} + +func (x *TcpStreamEntry) GetRcvWup() uint32 { + if x != nil && x.RcvWup != nil { + return *x.RcvWup + } + return 0 +} + +var File_tcp_stream_proto protoreflect.FileDescriptor + +var file_tcp_stream_proto_rawDesc = []byte{ + 0x0a, 0x10, 0x74, 0x63, 0x70, 0x2d, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x2e, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x12, 0x04, 0x63, 0x72, 0x69, 0x75, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xe1, 0x03, 0x0a, 0x10, 0x74, 0x63, 0x70, 0x5f, 0x73, 0x74, 0x72, + 0x65, 0x61, 0x6d, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x17, 0x0a, 0x07, 0x69, 0x6e, 0x71, + 0x5f, 0x6c, 0x65, 0x6e, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x06, 0x69, 0x6e, 0x71, 0x4c, + 0x65, 0x6e, 0x12, 0x17, 0x0a, 0x07, 0x69, 0x6e, 0x71, 0x5f, 0x73, 0x65, 0x71, 0x18, 0x02, 0x20, + 0x02, 0x28, 0x0d, 0x52, 0x06, 0x69, 0x6e, 0x71, 0x53, 0x65, 0x71, 0x12, 0x19, 0x0a, 0x08, 0x6f, + 0x75, 0x74, 0x71, 0x5f, 0x6c, 0x65, 0x6e, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x6f, + 0x75, 0x74, 0x71, 0x4c, 0x65, 0x6e, 0x12, 0x19, 0x0a, 0x08, 0x6f, 0x75, 0x74, 0x71, 0x5f, 0x73, + 0x65, 0x71, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x6f, 0x75, 0x74, 0x71, 0x53, 0x65, + 0x71, 0x12, 0x20, 0x0a, 0x08, 0x6f, 0x70, 0x74, 0x5f, 0x6d, 0x61, 0x73, 0x6b, 0x18, 0x05, 0x20, + 0x02, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x4d, + 0x61, 0x73, 0x6b, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x6e, 0x64, 0x5f, 0x77, 0x73, 0x63, 0x61, 0x6c, + 0x65, 0x18, 0x06, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x09, 0x73, 0x6e, 0x64, 0x57, 0x73, 0x63, 0x61, + 0x6c, 0x65, 0x12, 0x1b, 0x0a, 0x09, 0x6d, 0x73, 0x73, 0x5f, 0x63, 0x6c, 0x61, 0x6d, 0x70, 0x18, + 0x07, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x08, 0x6d, 0x73, 0x73, 0x43, 0x6c, 0x61, 0x6d, 0x70, 0x12, + 0x1d, 0x0a, 0x0a, 0x72, 0x63, 0x76, 0x5f, 0x77, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x18, 0x08, 0x20, + 0x01, 0x28, 0x0d, 0x52, 0x09, 0x72, 0x63, 0x76, 0x57, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x12, 0x1c, + 0x0a, 0x09, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x18, 0x09, 0x20, 0x01, 0x28, + 0x0d, 0x52, 0x09, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x12, 0x12, 0x0a, 0x04, + 0x63, 0x6f, 0x72, 0x6b, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x08, 0x52, 0x04, 0x63, 0x6f, 0x72, 0x6b, + 0x12, 0x18, 0x0a, 0x07, 0x6e, 0x6f, 0x64, 0x65, 0x6c, 0x61, 0x79, 0x18, 0x0b, 0x20, 0x01, 0x28, + 0x08, 0x52, 0x07, 0x6e, 0x6f, 0x64, 0x65, 0x6c, 0x61, 0x79, 0x12, 0x19, 0x0a, 0x08, 0x75, 0x6e, + 0x73, 0x71, 0x5f, 0x6c, 0x65, 0x6e, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x07, 0x75, 0x6e, + 0x73, 0x71, 0x4c, 0x65, 0x6e, 0x12, 0x17, 0x0a, 0x07, 0x73, 0x6e, 0x64, 0x5f, 0x77, 0x6c, 0x31, + 0x18, 0x0d, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x06, 0x73, 0x6e, 0x64, 0x57, 0x6c, 0x31, 0x12, 0x17, + 0x0a, 0x07, 0x73, 0x6e, 0x64, 0x5f, 0x77, 0x6e, 0x64, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x0d, 0x52, + 0x06, 0x73, 0x6e, 0x64, 0x57, 0x6e, 0x64, 0x12, 0x1d, 0x0a, 0x0a, 0x6d, 0x61, 0x78, 0x5f, 0x77, + 0x69, 0x6e, 0x64, 0x6f, 0x77, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x09, 0x6d, 0x61, 0x78, + 0x57, 0x69, 0x6e, 0x64, 0x6f, 0x77, 0x12, 0x17, 0x0a, 0x07, 0x72, 0x63, 0x76, 0x5f, 0x77, 0x6e, + 0x64, 0x18, 0x10, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x06, 0x72, 0x63, 0x76, 0x57, 0x6e, 0x64, 0x12, + 0x17, 0x0a, 0x07, 0x72, 0x63, 0x76, 0x5f, 0x77, 0x75, 0x70, 0x18, 0x11, 0x20, 0x01, 0x28, 0x0d, + 0x52, 0x06, 0x72, 0x63, 0x76, 0x57, 0x75, 0x70, +} + +var ( + file_tcp_stream_proto_rawDescOnce sync.Once + file_tcp_stream_proto_rawDescData = file_tcp_stream_proto_rawDesc +) + +func file_tcp_stream_proto_rawDescGZIP() []byte { + file_tcp_stream_proto_rawDescOnce.Do(func() { + file_tcp_stream_proto_rawDescData = protoimpl.X.CompressGZIP(file_tcp_stream_proto_rawDescData) + }) + return file_tcp_stream_proto_rawDescData +} + +var file_tcp_stream_proto_msgTypes = make([]protoimpl.MessageInfo, 1) +var file_tcp_stream_proto_goTypes = []interface{}{ + (*TcpStreamEntry)(nil), // 0: criu.tcp_stream_entry +} +var file_tcp_stream_proto_depIdxs = []int32{ + 0, // [0:0] is the sub-list for method output_type + 0, // [0:0] is the sub-list for method input_type + 0, // [0:0] is the sub-list for extension type_name + 0, // [0:0] is the sub-list for extension extendee + 0, // [0:0] is the sub-list for field type_name +} + +func init() { file_tcp_stream_proto_init() } +func file_tcp_stream_proto_init() { + if File_tcp_stream_proto != nil { + return + } + file_opts_proto_init() + if !protoimpl.UnsafeEnabled { + file_tcp_stream_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*TcpStreamEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_tcp_stream_proto_rawDesc, + NumEnums: 0, + NumMessages: 1, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_tcp_stream_proto_goTypes, + DependencyIndexes: file_tcp_stream_proto_depIdxs, + MessageInfos: file_tcp_stream_proto_msgTypes, + }.Build() + File_tcp_stream_proto = out.File + file_tcp_stream_proto_rawDesc = nil + file_tcp_stream_proto_goTypes = nil + file_tcp_stream_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tcp-stream.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tcp-stream.proto new file mode 100644 index 00000000000..d91970147db --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tcp-stream.proto @@ -0,0 +1,30 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +import "opts.proto"; + +message tcp_stream_entry { + required uint32 inq_len = 1; + required uint32 inq_seq = 2; + required uint32 outq_len = 3; /* unsent and sent data in the send queue*/ + required uint32 outq_seq = 4; + + required uint32 opt_mask = 5 [(criu).hex = true]; /* TCPI_OPT_ bits */ + required uint32 snd_wscale = 6; + required uint32 mss_clamp = 7; + optional uint32 rcv_wscale = 8; + optional uint32 timestamp = 9; + + optional bool cork = 10; + optional bool nodelay = 11; + + optional uint32 unsq_len = 12; /* unsent data in the send queue */ + + optional uint32 snd_wl1 = 13; + optional uint32 snd_wnd = 14; + optional uint32 max_window = 15; + optional uint32 rcv_wnd = 16; + optional uint32 rcv_wup = 17; +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/time.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/time.pb.go new file mode 100644 index 00000000000..24f6fee3821 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/time.pb.go @@ -0,0 +1,151 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: time.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type Timeval struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + TvSec *uint64 `protobuf:"varint,1,req,name=tv_sec,json=tvSec" json:"tv_sec,omitempty"` + TvUsec *uint64 `protobuf:"varint,2,req,name=tv_usec,json=tvUsec" json:"tv_usec,omitempty"` +} + +func (x *Timeval) Reset() { + *x = Timeval{} + if protoimpl.UnsafeEnabled { + mi := &file_time_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Timeval) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Timeval) ProtoMessage() {} + +func (x *Timeval) ProtoReflect() protoreflect.Message { + mi := &file_time_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Timeval.ProtoReflect.Descriptor instead. +func (*Timeval) Descriptor() ([]byte, []int) { + return file_time_proto_rawDescGZIP(), []int{0} +} + +func (x *Timeval) GetTvSec() uint64 { + if x != nil && x.TvSec != nil { + return *x.TvSec + } + return 0 +} + +func (x *Timeval) GetTvUsec() uint64 { + if x != nil && x.TvUsec != nil { + return *x.TvUsec + } + return 0 +} + +var File_time_proto protoreflect.FileDescriptor + +var file_time_proto_rawDesc = []byte{ + 0x0a, 0x0a, 0x74, 0x69, 0x6d, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x63, 0x72, + 0x69, 0x75, 0x22, 0x39, 0x0a, 0x07, 0x74, 0x69, 0x6d, 0x65, 0x76, 0x61, 0x6c, 0x12, 0x15, 0x0a, + 0x06, 0x74, 0x76, 0x5f, 0x73, 0x65, 0x63, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x52, 0x05, 0x74, + 0x76, 0x53, 0x65, 0x63, 0x12, 0x17, 0x0a, 0x07, 0x74, 0x76, 0x5f, 0x75, 0x73, 0x65, 0x63, 0x18, + 0x02, 0x20, 0x02, 0x28, 0x04, 0x52, 0x06, 0x74, 0x76, 0x55, 0x73, 0x65, 0x63, +} + +var ( + file_time_proto_rawDescOnce sync.Once + file_time_proto_rawDescData = file_time_proto_rawDesc +) + +func file_time_proto_rawDescGZIP() []byte { + file_time_proto_rawDescOnce.Do(func() { + file_time_proto_rawDescData = protoimpl.X.CompressGZIP(file_time_proto_rawDescData) + }) + return file_time_proto_rawDescData +} + +var file_time_proto_msgTypes = make([]protoimpl.MessageInfo, 1) +var file_time_proto_goTypes = []interface{}{ + (*Timeval)(nil), // 0: criu.timeval +} +var file_time_proto_depIdxs = []int32{ + 0, // [0:0] is the sub-list for method output_type + 0, // [0:0] is the sub-list for method input_type + 0, // [0:0] is the sub-list for extension type_name + 0, // [0:0] is the sub-list for extension extendee + 0, // [0:0] is the sub-list for field type_name +} + +func init() { file_time_proto_init() } +func file_time_proto_init() { + if File_time_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_time_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Timeval); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_time_proto_rawDesc, + NumEnums: 0, + NumMessages: 1, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_time_proto_goTypes, + DependencyIndexes: file_time_proto_depIdxs, + MessageInfos: file_time_proto_msgTypes, + }.Build() + File_time_proto = out.File + file_time_proto_rawDesc = nil + file_time_proto_goTypes = nil + file_time_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/time.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/time.proto new file mode 100644 index 00000000000..56ccdecb9c6 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/time.proto @@ -0,0 +1,9 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +message timeval { + required uint64 tv_sec = 1; + required uint64 tv_usec = 2; +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timens.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timens.pb.go new file mode 100644 index 00000000000..726d9c25f97 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timens.pb.go @@ -0,0 +1,228 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: timens.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type Timespec struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + TvSec *uint64 `protobuf:"varint,1,req,name=tv_sec,json=tvSec" json:"tv_sec,omitempty"` + TvNsec *uint64 `protobuf:"varint,2,req,name=tv_nsec,json=tvNsec" json:"tv_nsec,omitempty"` +} + +func (x *Timespec) Reset() { + *x = Timespec{} + if protoimpl.UnsafeEnabled { + mi := &file_timens_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Timespec) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Timespec) ProtoMessage() {} + +func (x *Timespec) ProtoReflect() protoreflect.Message { + mi := &file_timens_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Timespec.ProtoReflect.Descriptor instead. +func (*Timespec) Descriptor() ([]byte, []int) { + return file_timens_proto_rawDescGZIP(), []int{0} +} + +func (x *Timespec) GetTvSec() uint64 { + if x != nil && x.TvSec != nil { + return *x.TvSec + } + return 0 +} + +func (x *Timespec) GetTvNsec() uint64 { + if x != nil && x.TvNsec != nil { + return *x.TvNsec + } + return 0 +} + +type TimensEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Monotonic *Timespec `protobuf:"bytes,1,req,name=monotonic" json:"monotonic,omitempty"` + Boottime *Timespec `protobuf:"bytes,2,req,name=boottime" json:"boottime,omitempty"` +} + +func (x *TimensEntry) Reset() { + *x = TimensEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_timens_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *TimensEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*TimensEntry) ProtoMessage() {} + +func (x *TimensEntry) ProtoReflect() protoreflect.Message { + mi := &file_timens_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use TimensEntry.ProtoReflect.Descriptor instead. +func (*TimensEntry) Descriptor() ([]byte, []int) { + return file_timens_proto_rawDescGZIP(), []int{1} +} + +func (x *TimensEntry) GetMonotonic() *Timespec { + if x != nil { + return x.Monotonic + } + return nil +} + +func (x *TimensEntry) GetBoottime() *Timespec { + if x != nil { + return x.Boottime + } + return nil +} + +var File_timens_proto protoreflect.FileDescriptor + +var file_timens_proto_rawDesc = []byte{ + 0x0a, 0x0c, 0x74, 0x69, 0x6d, 0x65, 0x6e, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, + 0x63, 0x72, 0x69, 0x75, 0x22, 0x3a, 0x0a, 0x08, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x70, 0x65, 0x63, + 0x12, 0x15, 0x0a, 0x06, 0x74, 0x76, 0x5f, 0x73, 0x65, 0x63, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, + 0x52, 0x05, 0x74, 0x76, 0x53, 0x65, 0x63, 0x12, 0x17, 0x0a, 0x07, 0x74, 0x76, 0x5f, 0x6e, 0x73, + 0x65, 0x63, 0x18, 0x02, 0x20, 0x02, 0x28, 0x04, 0x52, 0x06, 0x74, 0x76, 0x4e, 0x73, 0x65, 0x63, + 0x22, 0x68, 0x0a, 0x0c, 0x74, 0x69, 0x6d, 0x65, 0x6e, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, + 0x12, 0x2c, 0x0a, 0x09, 0x6d, 0x6f, 0x6e, 0x6f, 0x74, 0x6f, 0x6e, 0x69, 0x63, 0x18, 0x01, 0x20, + 0x02, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x74, 0x69, 0x6d, 0x65, 0x73, + 0x70, 0x65, 0x63, 0x52, 0x09, 0x6d, 0x6f, 0x6e, 0x6f, 0x74, 0x6f, 0x6e, 0x69, 0x63, 0x12, 0x2a, + 0x0a, 0x08, 0x62, 0x6f, 0x6f, 0x74, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0b, + 0x32, 0x0e, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x70, 0x65, 0x63, + 0x52, 0x08, 0x62, 0x6f, 0x6f, 0x74, 0x74, 0x69, 0x6d, 0x65, +} + +var ( + file_timens_proto_rawDescOnce sync.Once + file_timens_proto_rawDescData = file_timens_proto_rawDesc +) + +func file_timens_proto_rawDescGZIP() []byte { + file_timens_proto_rawDescOnce.Do(func() { + file_timens_proto_rawDescData = protoimpl.X.CompressGZIP(file_timens_proto_rawDescData) + }) + return file_timens_proto_rawDescData +} + +var file_timens_proto_msgTypes = make([]protoimpl.MessageInfo, 2) +var file_timens_proto_goTypes = []interface{}{ + (*Timespec)(nil), // 0: criu.timespec + (*TimensEntry)(nil), // 1: criu.timens_entry +} +var file_timens_proto_depIdxs = []int32{ + 0, // 0: criu.timens_entry.monotonic:type_name -> criu.timespec + 0, // 1: criu.timens_entry.boottime:type_name -> criu.timespec + 2, // [2:2] is the sub-list for method output_type + 2, // [2:2] is the sub-list for method input_type + 2, // [2:2] is the sub-list for extension type_name + 2, // [2:2] is the sub-list for extension extendee + 0, // [0:2] is the sub-list for field type_name +} + +func init() { file_timens_proto_init() } +func file_timens_proto_init() { + if File_timens_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_timens_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Timespec); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_timens_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*TimensEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_timens_proto_rawDesc, + NumEnums: 0, + NumMessages: 2, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_timens_proto_goTypes, + DependencyIndexes: file_timens_proto_depIdxs, + MessageInfos: file_timens_proto_msgTypes, + }.Build() + File_timens_proto = out.File + file_timens_proto_rawDesc = nil + file_timens_proto_goTypes = nil + file_timens_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timens.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timens.proto new file mode 100644 index 00000000000..1b0b1af4ea6 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timens.proto @@ -0,0 +1,13 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +message timespec { + required uint64 tv_sec = 1; + required uint64 tv_nsec = 2; +} +message timens_entry { + required timespec monotonic = 1; + required timespec boottime = 2; +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timer.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timer.pb.go new file mode 100644 index 00000000000..179f8632126 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timer.pb.go @@ -0,0 +1,430 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: timer.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type ItimerEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Isec *uint64 `protobuf:"varint,1,req,name=isec" json:"isec,omitempty"` + Iusec *uint64 `protobuf:"varint,2,req,name=iusec" json:"iusec,omitempty"` + Vsec *uint64 `protobuf:"varint,3,req,name=vsec" json:"vsec,omitempty"` + Vusec *uint64 `protobuf:"varint,4,req,name=vusec" json:"vusec,omitempty"` +} + +func (x *ItimerEntry) Reset() { + *x = ItimerEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_timer_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ItimerEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ItimerEntry) ProtoMessage() {} + +func (x *ItimerEntry) ProtoReflect() protoreflect.Message { + mi := &file_timer_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ItimerEntry.ProtoReflect.Descriptor instead. +func (*ItimerEntry) Descriptor() ([]byte, []int) { + return file_timer_proto_rawDescGZIP(), []int{0} +} + +func (x *ItimerEntry) GetIsec() uint64 { + if x != nil && x.Isec != nil { + return *x.Isec + } + return 0 +} + +func (x *ItimerEntry) GetIusec() uint64 { + if x != nil && x.Iusec != nil { + return *x.Iusec + } + return 0 +} + +func (x *ItimerEntry) GetVsec() uint64 { + if x != nil && x.Vsec != nil { + return *x.Vsec + } + return 0 +} + +func (x *ItimerEntry) GetVusec() uint64 { + if x != nil && x.Vusec != nil { + return *x.Vusec + } + return 0 +} + +type PosixTimerEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + ItId *uint32 `protobuf:"varint,1,req,name=it_id,json=itId" json:"it_id,omitempty"` + ClockId *uint32 `protobuf:"varint,2,req,name=clock_id,json=clockId" json:"clock_id,omitempty"` + SiSigno *uint32 `protobuf:"varint,3,req,name=si_signo,json=siSigno" json:"si_signo,omitempty"` + ItSigevNotify *uint32 `protobuf:"varint,4,req,name=it_sigev_notify,json=itSigevNotify" json:"it_sigev_notify,omitempty"` + SivalPtr *uint64 `protobuf:"varint,5,req,name=sival_ptr,json=sivalPtr" json:"sival_ptr,omitempty"` + Overrun *uint32 `protobuf:"varint,6,req,name=overrun" json:"overrun,omitempty"` + Isec *uint64 `protobuf:"varint,7,req,name=isec" json:"isec,omitempty"` + Insec *uint64 `protobuf:"varint,8,req,name=insec" json:"insec,omitempty"` + Vsec *uint64 `protobuf:"varint,9,req,name=vsec" json:"vsec,omitempty"` + Vnsec *uint64 `protobuf:"varint,10,req,name=vnsec" json:"vnsec,omitempty"` + NotifyThreadId *int32 `protobuf:"varint,11,opt,name=notify_thread_id,json=notifyThreadId" json:"notify_thread_id,omitempty"` +} + +func (x *PosixTimerEntry) Reset() { + *x = PosixTimerEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_timer_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *PosixTimerEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*PosixTimerEntry) ProtoMessage() {} + +func (x *PosixTimerEntry) ProtoReflect() protoreflect.Message { + mi := &file_timer_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use PosixTimerEntry.ProtoReflect.Descriptor instead. +func (*PosixTimerEntry) Descriptor() ([]byte, []int) { + return file_timer_proto_rawDescGZIP(), []int{1} +} + +func (x *PosixTimerEntry) GetItId() uint32 { + if x != nil && x.ItId != nil { + return *x.ItId + } + return 0 +} + +func (x *PosixTimerEntry) GetClockId() uint32 { + if x != nil && x.ClockId != nil { + return *x.ClockId + } + return 0 +} + +func (x *PosixTimerEntry) GetSiSigno() uint32 { + if x != nil && x.SiSigno != nil { + return *x.SiSigno + } + return 0 +} + +func (x *PosixTimerEntry) GetItSigevNotify() uint32 { + if x != nil && x.ItSigevNotify != nil { + return *x.ItSigevNotify + } + return 0 +} + +func (x *PosixTimerEntry) GetSivalPtr() uint64 { + if x != nil && x.SivalPtr != nil { + return *x.SivalPtr + } + return 0 +} + +func (x *PosixTimerEntry) GetOverrun() uint32 { + if x != nil && x.Overrun != nil { + return *x.Overrun + } + return 0 +} + +func (x *PosixTimerEntry) GetIsec() uint64 { + if x != nil && x.Isec != nil { + return *x.Isec + } + return 0 +} + +func (x *PosixTimerEntry) GetInsec() uint64 { + if x != nil && x.Insec != nil { + return *x.Insec + } + return 0 +} + +func (x *PosixTimerEntry) GetVsec() uint64 { + if x != nil && x.Vsec != nil { + return *x.Vsec + } + return 0 +} + +func (x *PosixTimerEntry) GetVnsec() uint64 { + if x != nil && x.Vnsec != nil { + return *x.Vnsec + } + return 0 +} + +func (x *PosixTimerEntry) GetNotifyThreadId() int32 { + if x != nil && x.NotifyThreadId != nil { + return *x.NotifyThreadId + } + return 0 +} + +type TaskTimersEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Real *ItimerEntry `protobuf:"bytes,1,req,name=real" json:"real,omitempty"` + Virt *ItimerEntry `protobuf:"bytes,2,req,name=virt" json:"virt,omitempty"` + Prof *ItimerEntry `protobuf:"bytes,3,req,name=prof" json:"prof,omitempty"` + Posix []*PosixTimerEntry `protobuf:"bytes,4,rep,name=posix" json:"posix,omitempty"` +} + +func (x *TaskTimersEntry) Reset() { + *x = TaskTimersEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_timer_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *TaskTimersEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*TaskTimersEntry) ProtoMessage() {} + +func (x *TaskTimersEntry) ProtoReflect() protoreflect.Message { + mi := &file_timer_proto_msgTypes[2] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use TaskTimersEntry.ProtoReflect.Descriptor instead. +func (*TaskTimersEntry) Descriptor() ([]byte, []int) { + return file_timer_proto_rawDescGZIP(), []int{2} +} + +func (x *TaskTimersEntry) GetReal() *ItimerEntry { + if x != nil { + return x.Real + } + return nil +} + +func (x *TaskTimersEntry) GetVirt() *ItimerEntry { + if x != nil { + return x.Virt + } + return nil +} + +func (x *TaskTimersEntry) GetProf() *ItimerEntry { + if x != nil { + return x.Prof + } + return nil +} + +func (x *TaskTimersEntry) GetPosix() []*PosixTimerEntry { + if x != nil { + return x.Posix + } + return nil +} + +var File_timer_proto protoreflect.FileDescriptor + +var file_timer_proto_rawDesc = []byte{ + 0x0a, 0x0b, 0x74, 0x69, 0x6d, 0x65, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x63, + 0x72, 0x69, 0x75, 0x22, 0x62, 0x0a, 0x0c, 0x69, 0x74, 0x69, 0x6d, 0x65, 0x72, 0x5f, 0x65, 0x6e, + 0x74, 0x72, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x69, 0x73, 0x65, 0x63, 0x18, 0x01, 0x20, 0x02, 0x28, + 0x04, 0x52, 0x04, 0x69, 0x73, 0x65, 0x63, 0x12, 0x14, 0x0a, 0x05, 0x69, 0x75, 0x73, 0x65, 0x63, + 0x18, 0x02, 0x20, 0x02, 0x28, 0x04, 0x52, 0x05, 0x69, 0x75, 0x73, 0x65, 0x63, 0x12, 0x12, 0x0a, + 0x04, 0x76, 0x73, 0x65, 0x63, 0x18, 0x03, 0x20, 0x02, 0x28, 0x04, 0x52, 0x04, 0x76, 0x73, 0x65, + 0x63, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x75, 0x73, 0x65, 0x63, 0x18, 0x04, 0x20, 0x02, 0x28, 0x04, + 0x52, 0x05, 0x76, 0x75, 0x73, 0x65, 0x63, 0x22, 0xbb, 0x02, 0x0a, 0x11, 0x70, 0x6f, 0x73, 0x69, + 0x78, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x72, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x13, 0x0a, + 0x05, 0x69, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x69, 0x74, + 0x49, 0x64, 0x12, 0x19, 0x0a, 0x08, 0x63, 0x6c, 0x6f, 0x63, 0x6b, 0x5f, 0x69, 0x64, 0x18, 0x02, + 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x63, 0x6c, 0x6f, 0x63, 0x6b, 0x49, 0x64, 0x12, 0x19, 0x0a, + 0x08, 0x73, 0x69, 0x5f, 0x73, 0x69, 0x67, 0x6e, 0x6f, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, + 0x07, 0x73, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x6f, 0x12, 0x26, 0x0a, 0x0f, 0x69, 0x74, 0x5f, 0x73, + 0x69, 0x67, 0x65, 0x76, 0x5f, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x18, 0x04, 0x20, 0x02, 0x28, + 0x0d, 0x52, 0x0d, 0x69, 0x74, 0x53, 0x69, 0x67, 0x65, 0x76, 0x4e, 0x6f, 0x74, 0x69, 0x66, 0x79, + 0x12, 0x1b, 0x0a, 0x09, 0x73, 0x69, 0x76, 0x61, 0x6c, 0x5f, 0x70, 0x74, 0x72, 0x18, 0x05, 0x20, + 0x02, 0x28, 0x04, 0x52, 0x08, 0x73, 0x69, 0x76, 0x61, 0x6c, 0x50, 0x74, 0x72, 0x12, 0x18, 0x0a, + 0x07, 0x6f, 0x76, 0x65, 0x72, 0x72, 0x75, 0x6e, 0x18, 0x06, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, + 0x6f, 0x76, 0x65, 0x72, 0x72, 0x75, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x69, 0x73, 0x65, 0x63, 0x18, + 0x07, 0x20, 0x02, 0x28, 0x04, 0x52, 0x04, 0x69, 0x73, 0x65, 0x63, 0x12, 0x14, 0x0a, 0x05, 0x69, + 0x6e, 0x73, 0x65, 0x63, 0x18, 0x08, 0x20, 0x02, 0x28, 0x04, 0x52, 0x05, 0x69, 0x6e, 0x73, 0x65, + 0x63, 0x12, 0x12, 0x0a, 0x04, 0x76, 0x73, 0x65, 0x63, 0x18, 0x09, 0x20, 0x02, 0x28, 0x04, 0x52, + 0x04, 0x76, 0x73, 0x65, 0x63, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x6e, 0x73, 0x65, 0x63, 0x18, 0x0a, + 0x20, 0x02, 0x28, 0x04, 0x52, 0x05, 0x76, 0x6e, 0x73, 0x65, 0x63, 0x12, 0x28, 0x0a, 0x10, 0x6e, + 0x6f, 0x74, 0x69, 0x66, 0x79, 0x5f, 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x69, 0x64, 0x18, + 0x0b, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0e, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x54, 0x68, 0x72, + 0x65, 0x61, 0x64, 0x49, 0x64, 0x22, 0xba, 0x01, 0x0a, 0x11, 0x74, 0x61, 0x73, 0x6b, 0x5f, 0x74, + 0x69, 0x6d, 0x65, 0x72, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x26, 0x0a, 0x04, 0x72, + 0x65, 0x61, 0x6c, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x63, 0x72, 0x69, 0x75, + 0x2e, 0x69, 0x74, 0x69, 0x6d, 0x65, 0x72, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x72, + 0x65, 0x61, 0x6c, 0x12, 0x26, 0x0a, 0x04, 0x76, 0x69, 0x72, 0x74, 0x18, 0x02, 0x20, 0x02, 0x28, + 0x0b, 0x32, 0x12, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x69, 0x74, 0x69, 0x6d, 0x65, 0x72, 0x5f, + 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x76, 0x69, 0x72, 0x74, 0x12, 0x26, 0x0a, 0x04, 0x70, + 0x72, 0x6f, 0x66, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x63, 0x72, 0x69, 0x75, + 0x2e, 0x69, 0x74, 0x69, 0x6d, 0x65, 0x72, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x70, + 0x72, 0x6f, 0x66, 0x12, 0x2d, 0x0a, 0x05, 0x70, 0x6f, 0x73, 0x69, 0x78, 0x18, 0x04, 0x20, 0x03, + 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x70, 0x6f, 0x73, 0x69, 0x78, 0x5f, + 0x74, 0x69, 0x6d, 0x65, 0x72, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x05, 0x70, 0x6f, 0x73, + 0x69, 0x78, +} + +var ( + file_timer_proto_rawDescOnce sync.Once + file_timer_proto_rawDescData = file_timer_proto_rawDesc +) + +func file_timer_proto_rawDescGZIP() []byte { + file_timer_proto_rawDescOnce.Do(func() { + file_timer_proto_rawDescData = protoimpl.X.CompressGZIP(file_timer_proto_rawDescData) + }) + return file_timer_proto_rawDescData +} + +var file_timer_proto_msgTypes = make([]protoimpl.MessageInfo, 3) +var file_timer_proto_goTypes = []interface{}{ + (*ItimerEntry)(nil), // 0: criu.itimer_entry + (*PosixTimerEntry)(nil), // 1: criu.posix_timer_entry + (*TaskTimersEntry)(nil), // 2: criu.task_timers_entry +} +var file_timer_proto_depIdxs = []int32{ + 0, // 0: criu.task_timers_entry.real:type_name -> criu.itimer_entry + 0, // 1: criu.task_timers_entry.virt:type_name -> criu.itimer_entry + 0, // 2: criu.task_timers_entry.prof:type_name -> criu.itimer_entry + 1, // 3: criu.task_timers_entry.posix:type_name -> criu.posix_timer_entry + 4, // [4:4] is the sub-list for method output_type + 4, // [4:4] is the sub-list for method input_type + 4, // [4:4] is the sub-list for extension type_name + 4, // [4:4] is the sub-list for extension extendee + 0, // [0:4] is the sub-list for field type_name +} + +func init() { file_timer_proto_init() } +func file_timer_proto_init() { + if File_timer_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_timer_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ItimerEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_timer_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*PosixTimerEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_timer_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*TaskTimersEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_timer_proto_rawDesc, + NumEnums: 0, + NumMessages: 3, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_timer_proto_goTypes, + DependencyIndexes: file_timer_proto_depIdxs, + MessageInfos: file_timer_proto_msgTypes, + }.Build() + File_timer_proto = out.File + file_timer_proto_rawDesc = nil + file_timer_proto_goTypes = nil + file_timer_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timer.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timer.proto new file mode 100644 index 00000000000..9953e75ad57 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timer.proto @@ -0,0 +1,33 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +message itimer_entry { + required uint64 isec = 1; + required uint64 iusec = 2; + required uint64 vsec = 3; + required uint64 vusec = 4; +} + +message posix_timer_entry { + required uint32 it_id = 1; + required uint32 clock_id = 2; + required uint32 si_signo = 3; + required uint32 it_sigev_notify = 4; + required uint64 sival_ptr = 5; + required uint32 overrun = 6; + + required uint64 isec = 7; + required uint64 insec = 8; + required uint64 vsec = 9; + required uint64 vnsec = 10; + optional int32 notify_thread_id= 11; +} + +message task_timers_entry { + required itimer_entry real = 1; + required itimer_entry virt = 2; + required itimer_entry prof = 3; + repeated posix_timer_entry posix = 4; +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timerfd.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timerfd.pb.go new file mode 100644 index 00000000000..73ad35ed269 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timerfd.pb.go @@ -0,0 +1,235 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: timerfd.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type TimerfdEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Id *uint32 `protobuf:"varint,1,req,name=id" json:"id,omitempty"` + Flags *uint32 `protobuf:"varint,2,req,name=flags" json:"flags,omitempty"` + Fown *FownEntry `protobuf:"bytes,3,req,name=fown" json:"fown,omitempty"` + Clockid *uint32 `protobuf:"varint,4,req,name=clockid" json:"clockid,omitempty"` + Ticks *uint64 `protobuf:"varint,5,req,name=ticks" json:"ticks,omitempty"` + SettimeFlags *uint32 `protobuf:"varint,6,req,name=settime_flags,json=settimeFlags" json:"settime_flags,omitempty"` + Vsec *uint64 `protobuf:"varint,7,req,name=vsec" json:"vsec,omitempty"` + Vnsec *uint64 `protobuf:"varint,8,req,name=vnsec" json:"vnsec,omitempty"` + Isec *uint64 `protobuf:"varint,9,req,name=isec" json:"isec,omitempty"` + Insec *uint64 `protobuf:"varint,10,req,name=insec" json:"insec,omitempty"` +} + +func (x *TimerfdEntry) Reset() { + *x = TimerfdEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_timerfd_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *TimerfdEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*TimerfdEntry) ProtoMessage() {} + +func (x *TimerfdEntry) ProtoReflect() protoreflect.Message { + mi := &file_timerfd_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use TimerfdEntry.ProtoReflect.Descriptor instead. +func (*TimerfdEntry) Descriptor() ([]byte, []int) { + return file_timerfd_proto_rawDescGZIP(), []int{0} +} + +func (x *TimerfdEntry) GetId() uint32 { + if x != nil && x.Id != nil { + return *x.Id + } + return 0 +} + +func (x *TimerfdEntry) GetFlags() uint32 { + if x != nil && x.Flags != nil { + return *x.Flags + } + return 0 +} + +func (x *TimerfdEntry) GetFown() *FownEntry { + if x != nil { + return x.Fown + } + return nil +} + +func (x *TimerfdEntry) GetClockid() uint32 { + if x != nil && x.Clockid != nil { + return *x.Clockid + } + return 0 +} + +func (x *TimerfdEntry) GetTicks() uint64 { + if x != nil && x.Ticks != nil { + return *x.Ticks + } + return 0 +} + +func (x *TimerfdEntry) GetSettimeFlags() uint32 { + if x != nil && x.SettimeFlags != nil { + return *x.SettimeFlags + } + return 0 +} + +func (x *TimerfdEntry) GetVsec() uint64 { + if x != nil && x.Vsec != nil { + return *x.Vsec + } + return 0 +} + +func (x *TimerfdEntry) GetVnsec() uint64 { + if x != nil && x.Vnsec != nil { + return *x.Vnsec + } + return 0 +} + +func (x *TimerfdEntry) GetIsec() uint64 { + if x != nil && x.Isec != nil { + return *x.Isec + } + return 0 +} + +func (x *TimerfdEntry) GetInsec() uint64 { + if x != nil && x.Insec != nil { + return *x.Insec + } + return 0 +} + +var File_timerfd_proto protoreflect.FileDescriptor + +var file_timerfd_proto_rawDesc = []byte{ + 0x0a, 0x0d, 0x74, 0x69, 0x6d, 0x65, 0x72, 0x66, 0x64, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, + 0x04, 0x63, 0x72, 0x69, 0x75, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x1a, 0x0a, 0x66, 0x6f, 0x77, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x92, 0x02, + 0x0a, 0x0d, 0x74, 0x69, 0x6d, 0x65, 0x72, 0x66, 0x64, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, + 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, + 0x1b, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x05, + 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x24, 0x0a, 0x04, + 0x66, 0x6f, 0x77, 0x6e, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x63, 0x72, 0x69, + 0x75, 0x2e, 0x66, 0x6f, 0x77, 0x6e, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x66, 0x6f, + 0x77, 0x6e, 0x12, 0x18, 0x0a, 0x07, 0x63, 0x6c, 0x6f, 0x63, 0x6b, 0x69, 0x64, 0x18, 0x04, 0x20, + 0x02, 0x28, 0x0d, 0x52, 0x07, 0x63, 0x6c, 0x6f, 0x63, 0x6b, 0x69, 0x64, 0x12, 0x14, 0x0a, 0x05, + 0x74, 0x69, 0x63, 0x6b, 0x73, 0x18, 0x05, 0x20, 0x02, 0x28, 0x04, 0x52, 0x05, 0x74, 0x69, 0x63, + 0x6b, 0x73, 0x12, 0x2a, 0x0a, 0x0d, 0x73, 0x65, 0x74, 0x74, 0x69, 0x6d, 0x65, 0x5f, 0x66, 0x6c, + 0x61, 0x67, 0x73, 0x18, 0x06, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, + 0x52, 0x0c, 0x73, 0x65, 0x74, 0x74, 0x69, 0x6d, 0x65, 0x46, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x12, + 0x0a, 0x04, 0x76, 0x73, 0x65, 0x63, 0x18, 0x07, 0x20, 0x02, 0x28, 0x04, 0x52, 0x04, 0x76, 0x73, + 0x65, 0x63, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x6e, 0x73, 0x65, 0x63, 0x18, 0x08, 0x20, 0x02, 0x28, + 0x04, 0x52, 0x05, 0x76, 0x6e, 0x73, 0x65, 0x63, 0x12, 0x12, 0x0a, 0x04, 0x69, 0x73, 0x65, 0x63, + 0x18, 0x09, 0x20, 0x02, 0x28, 0x04, 0x52, 0x04, 0x69, 0x73, 0x65, 0x63, 0x12, 0x14, 0x0a, 0x05, + 0x69, 0x6e, 0x73, 0x65, 0x63, 0x18, 0x0a, 0x20, 0x02, 0x28, 0x04, 0x52, 0x05, 0x69, 0x6e, 0x73, + 0x65, 0x63, +} + +var ( + file_timerfd_proto_rawDescOnce sync.Once + file_timerfd_proto_rawDescData = file_timerfd_proto_rawDesc +) + +func file_timerfd_proto_rawDescGZIP() []byte { + file_timerfd_proto_rawDescOnce.Do(func() { + file_timerfd_proto_rawDescData = protoimpl.X.CompressGZIP(file_timerfd_proto_rawDescData) + }) + return file_timerfd_proto_rawDescData +} + +var file_timerfd_proto_msgTypes = make([]protoimpl.MessageInfo, 1) +var file_timerfd_proto_goTypes = []interface{}{ + (*TimerfdEntry)(nil), // 0: criu.timerfd_entry + (*FownEntry)(nil), // 1: criu.fown_entry +} +var file_timerfd_proto_depIdxs = []int32{ + 1, // 0: criu.timerfd_entry.fown:type_name -> criu.fown_entry + 1, // [1:1] is the sub-list for method output_type + 1, // [1:1] is the sub-list for method input_type + 1, // [1:1] is the sub-list for extension type_name + 1, // [1:1] is the sub-list for extension extendee + 0, // [0:1] is the sub-list for field type_name +} + +func init() { file_timerfd_proto_init() } +func file_timerfd_proto_init() { + if File_timerfd_proto != nil { + return + } + file_opts_proto_init() + file_fown_proto_init() + if !protoimpl.UnsafeEnabled { + file_timerfd_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*TimerfdEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_timerfd_proto_rawDesc, + NumEnums: 0, + NumMessages: 1, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_timerfd_proto_goTypes, + DependencyIndexes: file_timerfd_proto_depIdxs, + MessageInfos: file_timerfd_proto_msgTypes, + }.Build() + File_timerfd_proto = out.File + file_timerfd_proto_rawDesc = nil + file_timerfd_proto_goTypes = nil + file_timerfd_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timerfd.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timerfd.proto new file mode 100644 index 00000000000..bc9a617ef13 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timerfd.proto @@ -0,0 +1,22 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +import "opts.proto"; +import "fown.proto"; + +message timerfd_entry { + required uint32 id = 1; + required uint32 flags = 2 [(criu).hex = true]; + required fown_entry fown = 3; + + required uint32 clockid = 4; + required uint64 ticks = 5; + required uint32 settime_flags = 6 [(criu).hex = true]; + + required uint64 vsec = 7; + required uint64 vnsec = 8; + required uint64 isec = 9; + required uint64 insec = 10; +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tty.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tty.pb.go new file mode 100644 index 00000000000..5b63316898c --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tty.pb.go @@ -0,0 +1,834 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: tty.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type TtyType int32 + +const ( + TtyType_UNKNOWN TtyType = 0 + TtyType_PTY TtyType = 1 + TtyType_CONSOLE TtyType = 2 + TtyType_VT TtyType = 3 + TtyType_CTTY TtyType = 4 + TtyType_EXT_TTY TtyType = 5 + TtyType_SERIAL TtyType = 6 +) + +// Enum value maps for TtyType. +var ( + TtyType_name = map[int32]string{ + 0: "UNKNOWN", + 1: "PTY", + 2: "CONSOLE", + 3: "VT", + 4: "CTTY", + 5: "EXT_TTY", + 6: "SERIAL", + } + TtyType_value = map[string]int32{ + "UNKNOWN": 0, + "PTY": 1, + "CONSOLE": 2, + "VT": 3, + "CTTY": 4, + "EXT_TTY": 5, + "SERIAL": 6, + } +) + +func (x TtyType) Enum() *TtyType { + p := new(TtyType) + *p = x + return p +} + +func (x TtyType) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (TtyType) Descriptor() protoreflect.EnumDescriptor { + return file_tty_proto_enumTypes[0].Descriptor() +} + +func (TtyType) Type() protoreflect.EnumType { + return &file_tty_proto_enumTypes[0] +} + +func (x TtyType) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Do not use. +func (x *TtyType) UnmarshalJSON(b []byte) error { + num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b) + if err != nil { + return err + } + *x = TtyType(num) + return nil +} + +// Deprecated: Use TtyType.Descriptor instead. +func (TtyType) EnumDescriptor() ([]byte, []int) { + return file_tty_proto_rawDescGZIP(), []int{0} +} + +type WinsizeEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + WsRow *uint32 `protobuf:"varint,1,req,name=ws_row,json=wsRow" json:"ws_row,omitempty"` + WsCol *uint32 `protobuf:"varint,2,req,name=ws_col,json=wsCol" json:"ws_col,omitempty"` + WsXpixel *uint32 `protobuf:"varint,3,req,name=ws_xpixel,json=wsXpixel" json:"ws_xpixel,omitempty"` + WsYpixel *uint32 `protobuf:"varint,4,req,name=ws_ypixel,json=wsYpixel" json:"ws_ypixel,omitempty"` +} + +func (x *WinsizeEntry) Reset() { + *x = WinsizeEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_tty_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *WinsizeEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*WinsizeEntry) ProtoMessage() {} + +func (x *WinsizeEntry) ProtoReflect() protoreflect.Message { + mi := &file_tty_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use WinsizeEntry.ProtoReflect.Descriptor instead. +func (*WinsizeEntry) Descriptor() ([]byte, []int) { + return file_tty_proto_rawDescGZIP(), []int{0} +} + +func (x *WinsizeEntry) GetWsRow() uint32 { + if x != nil && x.WsRow != nil { + return *x.WsRow + } + return 0 +} + +func (x *WinsizeEntry) GetWsCol() uint32 { + if x != nil && x.WsCol != nil { + return *x.WsCol + } + return 0 +} + +func (x *WinsizeEntry) GetWsXpixel() uint32 { + if x != nil && x.WsXpixel != nil { + return *x.WsXpixel + } + return 0 +} + +func (x *WinsizeEntry) GetWsYpixel() uint32 { + if x != nil && x.WsYpixel != nil { + return *x.WsYpixel + } + return 0 +} + +type TermiosEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + CIflag *uint32 `protobuf:"varint,1,req,name=c_iflag,json=cIflag" json:"c_iflag,omitempty"` + COflag *uint32 `protobuf:"varint,2,req,name=c_oflag,json=cOflag" json:"c_oflag,omitempty"` + CCflag *uint32 `protobuf:"varint,3,req,name=c_cflag,json=cCflag" json:"c_cflag,omitempty"` + CLflag *uint32 `protobuf:"varint,4,req,name=c_lflag,json=cLflag" json:"c_lflag,omitempty"` + CLine *uint32 `protobuf:"varint,5,req,name=c_line,json=cLine" json:"c_line,omitempty"` + CIspeed *uint32 `protobuf:"varint,6,req,name=c_ispeed,json=cIspeed" json:"c_ispeed,omitempty"` + COspeed *uint32 `protobuf:"varint,7,req,name=c_ospeed,json=cOspeed" json:"c_ospeed,omitempty"` + CCc []uint32 `protobuf:"varint,8,rep,name=c_cc,json=cCc" json:"c_cc,omitempty"` +} + +func (x *TermiosEntry) Reset() { + *x = TermiosEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_tty_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *TermiosEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*TermiosEntry) ProtoMessage() {} + +func (x *TermiosEntry) ProtoReflect() protoreflect.Message { + mi := &file_tty_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use TermiosEntry.ProtoReflect.Descriptor instead. +func (*TermiosEntry) Descriptor() ([]byte, []int) { + return file_tty_proto_rawDescGZIP(), []int{1} +} + +func (x *TermiosEntry) GetCIflag() uint32 { + if x != nil && x.CIflag != nil { + return *x.CIflag + } + return 0 +} + +func (x *TermiosEntry) GetCOflag() uint32 { + if x != nil && x.COflag != nil { + return *x.COflag + } + return 0 +} + +func (x *TermiosEntry) GetCCflag() uint32 { + if x != nil && x.CCflag != nil { + return *x.CCflag + } + return 0 +} + +func (x *TermiosEntry) GetCLflag() uint32 { + if x != nil && x.CLflag != nil { + return *x.CLflag + } + return 0 +} + +func (x *TermiosEntry) GetCLine() uint32 { + if x != nil && x.CLine != nil { + return *x.CLine + } + return 0 +} + +func (x *TermiosEntry) GetCIspeed() uint32 { + if x != nil && x.CIspeed != nil { + return *x.CIspeed + } + return 0 +} + +func (x *TermiosEntry) GetCOspeed() uint32 { + if x != nil && x.COspeed != nil { + return *x.COspeed + } + return 0 +} + +func (x *TermiosEntry) GetCCc() []uint32 { + if x != nil { + return x.CCc + } + return nil +} + +type TtyPtyEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Index *uint32 `protobuf:"varint,1,req,name=index" json:"index,omitempty"` +} + +func (x *TtyPtyEntry) Reset() { + *x = TtyPtyEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_tty_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *TtyPtyEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*TtyPtyEntry) ProtoMessage() {} + +func (x *TtyPtyEntry) ProtoReflect() protoreflect.Message { + mi := &file_tty_proto_msgTypes[2] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use TtyPtyEntry.ProtoReflect.Descriptor instead. +func (*TtyPtyEntry) Descriptor() ([]byte, []int) { + return file_tty_proto_rawDescGZIP(), []int{2} +} + +func (x *TtyPtyEntry) GetIndex() uint32 { + if x != nil && x.Index != nil { + return *x.Index + } + return 0 +} + +type TtyDataEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + TtyId *uint32 `protobuf:"varint,1,req,name=tty_id,json=ttyId" json:"tty_id,omitempty"` + Data []byte `protobuf:"bytes,2,req,name=data" json:"data,omitempty"` +} + +func (x *TtyDataEntry) Reset() { + *x = TtyDataEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_tty_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *TtyDataEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*TtyDataEntry) ProtoMessage() {} + +func (x *TtyDataEntry) ProtoReflect() protoreflect.Message { + mi := &file_tty_proto_msgTypes[3] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use TtyDataEntry.ProtoReflect.Descriptor instead. +func (*TtyDataEntry) Descriptor() ([]byte, []int) { + return file_tty_proto_rawDescGZIP(), []int{3} +} + +func (x *TtyDataEntry) GetTtyId() uint32 { + if x != nil && x.TtyId != nil { + return *x.TtyId + } + return 0 +} + +func (x *TtyDataEntry) GetData() []byte { + if x != nil { + return x.Data + } + return nil +} + +type TtyInfoEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Id *uint32 `protobuf:"varint,1,req,name=id" json:"id,omitempty"` + Type *TtyType `protobuf:"varint,2,req,name=type,enum=criu.TtyType" json:"type,omitempty"` + Locked *bool `protobuf:"varint,3,req,name=locked" json:"locked,omitempty"` // Unix98 PTY only + Exclusive *bool `protobuf:"varint,4,req,name=exclusive" json:"exclusive,omitempty"` + PacketMode *bool `protobuf:"varint,5,req,name=packet_mode,json=packetMode" json:"packet_mode,omitempty"` // Unix98 PTY only + Sid *uint32 `protobuf:"varint,6,req,name=sid" json:"sid,omitempty"` + Pgrp *uint32 `protobuf:"varint,7,req,name=pgrp" json:"pgrp,omitempty"` + // Convenient for printing errors and such, with this + // device encoded we can figure out major and minor + // numbers. + Rdev *uint32 `protobuf:"varint,8,req,name=rdev" json:"rdev,omitempty"` + Termios *TermiosEntry `protobuf:"bytes,9,opt,name=termios" json:"termios,omitempty"` + TermiosLocked *TermiosEntry `protobuf:"bytes,10,opt,name=termios_locked,json=termiosLocked" json:"termios_locked,omitempty"` + Winsize *WinsizeEntry `protobuf:"bytes,11,opt,name=winsize" json:"winsize,omitempty"` + // These are optional fields which presence depends on + // TTY type. + Pty *TtyPtyEntry `protobuf:"bytes,12,opt,name=pty" json:"pty,omitempty"` + Dev *uint32 `protobuf:"varint,13,opt,name=dev" json:"dev,omitempty"` + Uid *uint32 `protobuf:"varint,14,opt,name=uid" json:"uid,omitempty"` + Gid *uint32 `protobuf:"varint,15,opt,name=gid" json:"gid,omitempty"` +} + +func (x *TtyInfoEntry) Reset() { + *x = TtyInfoEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_tty_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *TtyInfoEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*TtyInfoEntry) ProtoMessage() {} + +func (x *TtyInfoEntry) ProtoReflect() protoreflect.Message { + mi := &file_tty_proto_msgTypes[4] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use TtyInfoEntry.ProtoReflect.Descriptor instead. +func (*TtyInfoEntry) Descriptor() ([]byte, []int) { + return file_tty_proto_rawDescGZIP(), []int{4} +} + +func (x *TtyInfoEntry) GetId() uint32 { + if x != nil && x.Id != nil { + return *x.Id + } + return 0 +} + +func (x *TtyInfoEntry) GetType() TtyType { + if x != nil && x.Type != nil { + return *x.Type + } + return TtyType_UNKNOWN +} + +func (x *TtyInfoEntry) GetLocked() bool { + if x != nil && x.Locked != nil { + return *x.Locked + } + return false +} + +func (x *TtyInfoEntry) GetExclusive() bool { + if x != nil && x.Exclusive != nil { + return *x.Exclusive + } + return false +} + +func (x *TtyInfoEntry) GetPacketMode() bool { + if x != nil && x.PacketMode != nil { + return *x.PacketMode + } + return false +} + +func (x *TtyInfoEntry) GetSid() uint32 { + if x != nil && x.Sid != nil { + return *x.Sid + } + return 0 +} + +func (x *TtyInfoEntry) GetPgrp() uint32 { + if x != nil && x.Pgrp != nil { + return *x.Pgrp + } + return 0 +} + +func (x *TtyInfoEntry) GetRdev() uint32 { + if x != nil && x.Rdev != nil { + return *x.Rdev + } + return 0 +} + +func (x *TtyInfoEntry) GetTermios() *TermiosEntry { + if x != nil { + return x.Termios + } + return nil +} + +func (x *TtyInfoEntry) GetTermiosLocked() *TermiosEntry { + if x != nil { + return x.TermiosLocked + } + return nil +} + +func (x *TtyInfoEntry) GetWinsize() *WinsizeEntry { + if x != nil { + return x.Winsize + } + return nil +} + +func (x *TtyInfoEntry) GetPty() *TtyPtyEntry { + if x != nil { + return x.Pty + } + return nil +} + +func (x *TtyInfoEntry) GetDev() uint32 { + if x != nil && x.Dev != nil { + return *x.Dev + } + return 0 +} + +func (x *TtyInfoEntry) GetUid() uint32 { + if x != nil && x.Uid != nil { + return *x.Uid + } + return 0 +} + +func (x *TtyInfoEntry) GetGid() uint32 { + if x != nil && x.Gid != nil { + return *x.Gid + } + return 0 +} + +type TtyFileEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Id *uint32 `protobuf:"varint,1,req,name=id" json:"id,omitempty"` + TtyInfoId *uint32 `protobuf:"varint,2,req,name=tty_info_id,json=ttyInfoId" json:"tty_info_id,omitempty"` + Flags *uint32 `protobuf:"varint,3,req,name=flags" json:"flags,omitempty"` + Fown *FownEntry `protobuf:"bytes,4,req,name=fown" json:"fown,omitempty"` + // optional sint32 mnt_id = 5 [default = 0]; + RegfId *uint32 `protobuf:"varint,6,opt,name=regf_id,json=regfId" json:"regf_id,omitempty"` +} + +func (x *TtyFileEntry) Reset() { + *x = TtyFileEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_tty_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *TtyFileEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*TtyFileEntry) ProtoMessage() {} + +func (x *TtyFileEntry) ProtoReflect() protoreflect.Message { + mi := &file_tty_proto_msgTypes[5] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use TtyFileEntry.ProtoReflect.Descriptor instead. +func (*TtyFileEntry) Descriptor() ([]byte, []int) { + return file_tty_proto_rawDescGZIP(), []int{5} +} + +func (x *TtyFileEntry) GetId() uint32 { + if x != nil && x.Id != nil { + return *x.Id + } + return 0 +} + +func (x *TtyFileEntry) GetTtyInfoId() uint32 { + if x != nil && x.TtyInfoId != nil { + return *x.TtyInfoId + } + return 0 +} + +func (x *TtyFileEntry) GetFlags() uint32 { + if x != nil && x.Flags != nil { + return *x.Flags + } + return 0 +} + +func (x *TtyFileEntry) GetFown() *FownEntry { + if x != nil { + return x.Fown + } + return nil +} + +func (x *TtyFileEntry) GetRegfId() uint32 { + if x != nil && x.RegfId != nil { + return *x.RegfId + } + return 0 +} + +var File_tty_proto protoreflect.FileDescriptor + +var file_tty_proto_rawDesc = []byte{ + 0x0a, 0x09, 0x74, 0x74, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x63, 0x72, 0x69, + 0x75, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x66, + 0x6f, 0x77, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x77, 0x0a, 0x0d, 0x77, 0x69, 0x6e, + 0x73, 0x69, 0x7a, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x15, 0x0a, 0x06, 0x77, 0x73, + 0x5f, 0x72, 0x6f, 0x77, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x77, 0x73, 0x52, 0x6f, + 0x77, 0x12, 0x15, 0x0a, 0x06, 0x77, 0x73, 0x5f, 0x63, 0x6f, 0x6c, 0x18, 0x02, 0x20, 0x02, 0x28, + 0x0d, 0x52, 0x05, 0x77, 0x73, 0x43, 0x6f, 0x6c, 0x12, 0x1b, 0x0a, 0x09, 0x77, 0x73, 0x5f, 0x78, + 0x70, 0x69, 0x78, 0x65, 0x6c, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x08, 0x77, 0x73, 0x58, + 0x70, 0x69, 0x78, 0x65, 0x6c, 0x12, 0x1b, 0x0a, 0x09, 0x77, 0x73, 0x5f, 0x79, 0x70, 0x69, 0x78, + 0x65, 0x6c, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x08, 0x77, 0x73, 0x59, 0x70, 0x69, 0x78, + 0x65, 0x6c, 0x22, 0xd3, 0x01, 0x0a, 0x0d, 0x74, 0x65, 0x72, 0x6d, 0x69, 0x6f, 0x73, 0x5f, 0x65, + 0x6e, 0x74, 0x72, 0x79, 0x12, 0x17, 0x0a, 0x07, 0x63, 0x5f, 0x69, 0x66, 0x6c, 0x61, 0x67, 0x18, + 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x06, 0x63, 0x49, 0x66, 0x6c, 0x61, 0x67, 0x12, 0x17, 0x0a, + 0x07, 0x63, 0x5f, 0x6f, 0x66, 0x6c, 0x61, 0x67, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x06, + 0x63, 0x4f, 0x66, 0x6c, 0x61, 0x67, 0x12, 0x17, 0x0a, 0x07, 0x63, 0x5f, 0x63, 0x66, 0x6c, 0x61, + 0x67, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x06, 0x63, 0x43, 0x66, 0x6c, 0x61, 0x67, 0x12, + 0x17, 0x0a, 0x07, 0x63, 0x5f, 0x6c, 0x66, 0x6c, 0x61, 0x67, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, + 0x52, 0x06, 0x63, 0x4c, 0x66, 0x6c, 0x61, 0x67, 0x12, 0x15, 0x0a, 0x06, 0x63, 0x5f, 0x6c, 0x69, + 0x6e, 0x65, 0x18, 0x05, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x63, 0x4c, 0x69, 0x6e, 0x65, 0x12, + 0x19, 0x0a, 0x08, 0x63, 0x5f, 0x69, 0x73, 0x70, 0x65, 0x65, 0x64, 0x18, 0x06, 0x20, 0x02, 0x28, + 0x0d, 0x52, 0x07, 0x63, 0x49, 0x73, 0x70, 0x65, 0x65, 0x64, 0x12, 0x19, 0x0a, 0x08, 0x63, 0x5f, + 0x6f, 0x73, 0x70, 0x65, 0x65, 0x64, 0x18, 0x07, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x63, 0x4f, + 0x73, 0x70, 0x65, 0x65, 0x64, 0x12, 0x11, 0x0a, 0x04, 0x63, 0x5f, 0x63, 0x63, 0x18, 0x08, 0x20, + 0x03, 0x28, 0x0d, 0x52, 0x03, 0x63, 0x43, 0x63, 0x22, 0x25, 0x0a, 0x0d, 0x74, 0x74, 0x79, 0x5f, + 0x70, 0x74, 0x79, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x69, 0x6e, 0x64, + 0x65, 0x78, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x22, + 0x3b, 0x0a, 0x0e, 0x74, 0x74, 0x79, 0x5f, 0x64, 0x61, 0x74, 0x61, 0x5f, 0x65, 0x6e, 0x74, 0x72, + 0x79, 0x12, 0x15, 0x0a, 0x06, 0x74, 0x74, 0x79, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, + 0x0d, 0x52, 0x05, 0x74, 0x74, 0x79, 0x49, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x64, 0x61, 0x74, 0x61, + 0x18, 0x02, 0x20, 0x02, 0x28, 0x0c, 0x52, 0x04, 0x64, 0x61, 0x74, 0x61, 0x22, 0xcb, 0x03, 0x0a, + 0x0e, 0x74, 0x74, 0x79, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, + 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, + 0x21, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0e, 0x32, 0x0d, 0x2e, + 0x63, 0x72, 0x69, 0x75, 0x2e, 0x54, 0x74, 0x79, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, + 0x70, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x6c, 0x6f, 0x63, 0x6b, 0x65, 0x64, 0x18, 0x03, 0x20, 0x02, + 0x28, 0x08, 0x52, 0x06, 0x6c, 0x6f, 0x63, 0x6b, 0x65, 0x64, 0x12, 0x1c, 0x0a, 0x09, 0x65, 0x78, + 0x63, 0x6c, 0x75, 0x73, 0x69, 0x76, 0x65, 0x18, 0x04, 0x20, 0x02, 0x28, 0x08, 0x52, 0x09, 0x65, + 0x78, 0x63, 0x6c, 0x75, 0x73, 0x69, 0x76, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x70, 0x61, 0x63, 0x6b, + 0x65, 0x74, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x05, 0x20, 0x02, 0x28, 0x08, 0x52, 0x0a, 0x70, + 0x61, 0x63, 0x6b, 0x65, 0x74, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x73, 0x69, 0x64, + 0x18, 0x06, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, 0x73, 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x70, + 0x67, 0x72, 0x70, 0x18, 0x07, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x70, 0x67, 0x72, 0x70, 0x12, + 0x12, 0x0a, 0x04, 0x72, 0x64, 0x65, 0x76, 0x18, 0x08, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x72, + 0x64, 0x65, 0x76, 0x12, 0x2d, 0x0a, 0x07, 0x74, 0x65, 0x72, 0x6d, 0x69, 0x6f, 0x73, 0x18, 0x09, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x74, 0x65, 0x72, 0x6d, + 0x69, 0x6f, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x74, 0x65, 0x72, 0x6d, 0x69, + 0x6f, 0x73, 0x12, 0x3a, 0x0a, 0x0e, 0x74, 0x65, 0x72, 0x6d, 0x69, 0x6f, 0x73, 0x5f, 0x6c, 0x6f, + 0x63, 0x6b, 0x65, 0x64, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x63, 0x72, 0x69, + 0x75, 0x2e, 0x74, 0x65, 0x72, 0x6d, 0x69, 0x6f, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, + 0x0d, 0x74, 0x65, 0x72, 0x6d, 0x69, 0x6f, 0x73, 0x4c, 0x6f, 0x63, 0x6b, 0x65, 0x64, 0x12, 0x2d, + 0x0a, 0x07, 0x77, 0x69, 0x6e, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x13, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x77, 0x69, 0x6e, 0x73, 0x69, 0x7a, 0x65, 0x5f, 0x65, + 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x77, 0x69, 0x6e, 0x73, 0x69, 0x7a, 0x65, 0x12, 0x25, 0x0a, + 0x03, 0x70, 0x74, 0x79, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x63, 0x72, 0x69, + 0x75, 0x2e, 0x74, 0x74, 0x79, 0x5f, 0x70, 0x74, 0x79, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, + 0x03, 0x70, 0x74, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x64, 0x65, 0x76, 0x18, 0x0d, 0x20, 0x01, 0x28, + 0x0d, 0x52, 0x03, 0x64, 0x65, 0x76, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x69, 0x64, 0x18, 0x0e, 0x20, + 0x01, 0x28, 0x0d, 0x52, 0x03, 0x75, 0x69, 0x64, 0x12, 0x10, 0x0a, 0x03, 0x67, 0x69, 0x64, 0x18, + 0x0f, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x03, 0x67, 0x69, 0x64, 0x22, 0x9c, 0x01, 0x0a, 0x0e, 0x74, + 0x74, 0x79, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, + 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, 0x1e, 0x0a, + 0x0b, 0x74, 0x74, 0x79, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x02, + 0x28, 0x0d, 0x52, 0x09, 0x74, 0x74, 0x79, 0x49, 0x6e, 0x66, 0x6f, 0x49, 0x64, 0x12, 0x1b, 0x0a, + 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, + 0x02, 0x08, 0x01, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x24, 0x0a, 0x04, 0x66, 0x6f, + 0x77, 0x6e, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, + 0x66, 0x6f, 0x77, 0x6e, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x66, 0x6f, 0x77, 0x6e, + 0x12, 0x17, 0x0a, 0x07, 0x72, 0x65, 0x67, 0x66, 0x5f, 0x69, 0x64, 0x18, 0x06, 0x20, 0x01, 0x28, + 0x0d, 0x52, 0x06, 0x72, 0x65, 0x67, 0x66, 0x49, 0x64, 0x2a, 0x57, 0x0a, 0x07, 0x54, 0x74, 0x79, + 0x54, 0x79, 0x70, 0x65, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, + 0x00, 0x12, 0x07, 0x0a, 0x03, 0x50, 0x54, 0x59, 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x43, 0x4f, + 0x4e, 0x53, 0x4f, 0x4c, 0x45, 0x10, 0x02, 0x12, 0x06, 0x0a, 0x02, 0x56, 0x54, 0x10, 0x03, 0x12, + 0x08, 0x0a, 0x04, 0x43, 0x54, 0x54, 0x59, 0x10, 0x04, 0x12, 0x0b, 0x0a, 0x07, 0x45, 0x58, 0x54, + 0x5f, 0x54, 0x54, 0x59, 0x10, 0x05, 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x45, 0x52, 0x49, 0x41, 0x4c, + 0x10, 0x06, +} + +var ( + file_tty_proto_rawDescOnce sync.Once + file_tty_proto_rawDescData = file_tty_proto_rawDesc +) + +func file_tty_proto_rawDescGZIP() []byte { + file_tty_proto_rawDescOnce.Do(func() { + file_tty_proto_rawDescData = protoimpl.X.CompressGZIP(file_tty_proto_rawDescData) + }) + return file_tty_proto_rawDescData +} + +var file_tty_proto_enumTypes = make([]protoimpl.EnumInfo, 1) +var file_tty_proto_msgTypes = make([]protoimpl.MessageInfo, 6) +var file_tty_proto_goTypes = []interface{}{ + (TtyType)(0), // 0: criu.TtyType + (*WinsizeEntry)(nil), // 1: criu.winsize_entry + (*TermiosEntry)(nil), // 2: criu.termios_entry + (*TtyPtyEntry)(nil), // 3: criu.tty_pty_entry + (*TtyDataEntry)(nil), // 4: criu.tty_data_entry + (*TtyInfoEntry)(nil), // 5: criu.tty_info_entry + (*TtyFileEntry)(nil), // 6: criu.tty_file_entry + (*FownEntry)(nil), // 7: criu.fown_entry +} +var file_tty_proto_depIdxs = []int32{ + 0, // 0: criu.tty_info_entry.type:type_name -> criu.TtyType + 2, // 1: criu.tty_info_entry.termios:type_name -> criu.termios_entry + 2, // 2: criu.tty_info_entry.termios_locked:type_name -> criu.termios_entry + 1, // 3: criu.tty_info_entry.winsize:type_name -> criu.winsize_entry + 3, // 4: criu.tty_info_entry.pty:type_name -> criu.tty_pty_entry + 7, // 5: criu.tty_file_entry.fown:type_name -> criu.fown_entry + 6, // [6:6] is the sub-list for method output_type + 6, // [6:6] is the sub-list for method input_type + 6, // [6:6] is the sub-list for extension type_name + 6, // [6:6] is the sub-list for extension extendee + 0, // [0:6] is the sub-list for field type_name +} + +func init() { file_tty_proto_init() } +func file_tty_proto_init() { + if File_tty_proto != nil { + return + } + file_opts_proto_init() + file_fown_proto_init() + if !protoimpl.UnsafeEnabled { + file_tty_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*WinsizeEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_tty_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*TermiosEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_tty_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*TtyPtyEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_tty_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*TtyDataEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_tty_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*TtyInfoEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_tty_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*TtyFileEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_tty_proto_rawDesc, + NumEnums: 1, + NumMessages: 6, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_tty_proto_goTypes, + DependencyIndexes: file_tty_proto_depIdxs, + EnumInfos: file_tty_proto_enumTypes, + MessageInfos: file_tty_proto_msgTypes, + }.Build() + File_tty_proto = out.File + file_tty_proto_rawDesc = nil + file_tty_proto_goTypes = nil + file_tty_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tty.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tty.proto new file mode 100644 index 00000000000..4fe7c8792cf --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tty.proto @@ -0,0 +1,93 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +import "opts.proto"; +import "fown.proto"; + +message winsize_entry { + required uint32 ws_row = 1; + required uint32 ws_col = 2; + required uint32 ws_xpixel = 3; + required uint32 ws_ypixel = 4; +}; + +message termios_entry { + required uint32 c_iflag = 1; + required uint32 c_oflag = 2; + required uint32 c_cflag = 3; + required uint32 c_lflag = 4; + required uint32 c_line = 5; + required uint32 c_ispeed = 6; + required uint32 c_ospeed = 7; + + repeated uint32 c_cc = 8; +} + +message tty_pty_entry { + required uint32 index = 1; +} + +enum TtyType { + UNKNOWN = 0; + PTY = 1; + CONSOLE = 2; + VT = 3; + CTTY = 4; + EXT_TTY = 5; + SERIAL = 6; +} + +message tty_data_entry { + required uint32 tty_id = 1; + required bytes data = 2; + + // optional sint32 mnt_id = 3 [default = 0]; +} + +message tty_info_entry { + required uint32 id = 1; + + required TtyType type = 2; + + required bool locked = 3; /* Unix98 PTY only */ + required bool exclusive = 4; + required bool packet_mode = 5; /* Unix98 PTY only */ + + required uint32 sid = 6; + required uint32 pgrp = 7; + + /* + * Convenient for printing errors and such, with this + * device encoded we can figure out major and minor + * numbers. + */ + required uint32 rdev = 8; + + optional termios_entry termios = 9; + optional termios_entry termios_locked = 10; + optional winsize_entry winsize = 11; + + /* + * These are optional fields which presence depends on + * TTY type. + */ + optional tty_pty_entry pty = 12; + optional uint32 dev = 13; + + optional uint32 uid = 14; + optional uint32 gid = 15; + + // optional sint32 mnt_id = 16 [default = 0]; +}; + +message tty_file_entry { + required uint32 id = 1; + required uint32 tty_info_id = 2; + + required uint32 flags = 3 [(criu).hex = true]; + required fown_entry fown = 4; + // optional sint32 mnt_id = 5 [default = 0]; + optional uint32 regf_id = 6; +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tun.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tun.pb.go new file mode 100644 index 00000000000..b53235adef9 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tun.pb.go @@ -0,0 +1,273 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: tun.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type TunfileEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Id *uint32 `protobuf:"varint,1,req,name=id" json:"id,omitempty"` + Netdev *string `protobuf:"bytes,2,opt,name=netdev" json:"netdev,omitempty"` + Detached *bool `protobuf:"varint,3,opt,name=detached" json:"detached,omitempty"` + NsId *uint32 `protobuf:"varint,4,opt,name=ns_id,json=nsId" json:"ns_id,omitempty"` +} + +func (x *TunfileEntry) Reset() { + *x = TunfileEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_tun_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *TunfileEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*TunfileEntry) ProtoMessage() {} + +func (x *TunfileEntry) ProtoReflect() protoreflect.Message { + mi := &file_tun_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use TunfileEntry.ProtoReflect.Descriptor instead. +func (*TunfileEntry) Descriptor() ([]byte, []int) { + return file_tun_proto_rawDescGZIP(), []int{0} +} + +func (x *TunfileEntry) GetId() uint32 { + if x != nil && x.Id != nil { + return *x.Id + } + return 0 +} + +func (x *TunfileEntry) GetNetdev() string { + if x != nil && x.Netdev != nil { + return *x.Netdev + } + return "" +} + +func (x *TunfileEntry) GetDetached() bool { + if x != nil && x.Detached != nil { + return *x.Detached + } + return false +} + +func (x *TunfileEntry) GetNsId() uint32 { + if x != nil && x.NsId != nil { + return *x.NsId + } + return 0 +} + +type TunLinkEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Flags *uint32 `protobuf:"varint,1,req,name=flags" json:"flags,omitempty"` + Owner *int32 `protobuf:"varint,2,req,name=owner" json:"owner,omitempty"` + Group *int32 `protobuf:"varint,3,req,name=group" json:"group,omitempty"` + Vnethdr *uint32 `protobuf:"varint,4,req,name=vnethdr" json:"vnethdr,omitempty"` + Sndbuf *uint32 `protobuf:"varint,5,req,name=sndbuf" json:"sndbuf,omitempty"` +} + +func (x *TunLinkEntry) Reset() { + *x = TunLinkEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_tun_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *TunLinkEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*TunLinkEntry) ProtoMessage() {} + +func (x *TunLinkEntry) ProtoReflect() protoreflect.Message { + mi := &file_tun_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use TunLinkEntry.ProtoReflect.Descriptor instead. +func (*TunLinkEntry) Descriptor() ([]byte, []int) { + return file_tun_proto_rawDescGZIP(), []int{1} +} + +func (x *TunLinkEntry) GetFlags() uint32 { + if x != nil && x.Flags != nil { + return *x.Flags + } + return 0 +} + +func (x *TunLinkEntry) GetOwner() int32 { + if x != nil && x.Owner != nil { + return *x.Owner + } + return 0 +} + +func (x *TunLinkEntry) GetGroup() int32 { + if x != nil && x.Group != nil { + return *x.Group + } + return 0 +} + +func (x *TunLinkEntry) GetVnethdr() uint32 { + if x != nil && x.Vnethdr != nil { + return *x.Vnethdr + } + return 0 +} + +func (x *TunLinkEntry) GetSndbuf() uint32 { + if x != nil && x.Sndbuf != nil { + return *x.Sndbuf + } + return 0 +} + +var File_tun_proto protoreflect.FileDescriptor + +var file_tun_proto_rawDesc = []byte{ + 0x0a, 0x09, 0x74, 0x75, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x63, 0x72, 0x69, + 0x75, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x68, 0x0a, + 0x0d, 0x74, 0x75, 0x6e, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, + 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, 0x16, + 0x0a, 0x06, 0x6e, 0x65, 0x74, 0x64, 0x65, 0x76, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, + 0x6e, 0x65, 0x74, 0x64, 0x65, 0x76, 0x12, 0x1a, 0x0a, 0x08, 0x64, 0x65, 0x74, 0x61, 0x63, 0x68, + 0x65, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x64, 0x65, 0x74, 0x61, 0x63, 0x68, + 0x65, 0x64, 0x12, 0x13, 0x0a, 0x05, 0x6e, 0x73, 0x5f, 0x69, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, + 0x0d, 0x52, 0x04, 0x6e, 0x73, 0x49, 0x64, 0x22, 0x8b, 0x01, 0x0a, 0x0e, 0x74, 0x75, 0x6e, 0x5f, + 0x6c, 0x69, 0x6e, 0x6b, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x1b, 0x0a, 0x05, 0x66, 0x6c, + 0x61, 0x67, 0x73, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, + 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x14, 0x0a, 0x05, 0x6f, 0x77, 0x6e, 0x65, 0x72, + 0x18, 0x02, 0x20, 0x02, 0x28, 0x05, 0x52, 0x05, 0x6f, 0x77, 0x6e, 0x65, 0x72, 0x12, 0x14, 0x0a, + 0x05, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x18, 0x03, 0x20, 0x02, 0x28, 0x05, 0x52, 0x05, 0x67, 0x72, + 0x6f, 0x75, 0x70, 0x12, 0x18, 0x0a, 0x07, 0x76, 0x6e, 0x65, 0x74, 0x68, 0x64, 0x72, 0x18, 0x04, + 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x76, 0x6e, 0x65, 0x74, 0x68, 0x64, 0x72, 0x12, 0x16, 0x0a, + 0x06, 0x73, 0x6e, 0x64, 0x62, 0x75, 0x66, 0x18, 0x05, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x06, 0x73, + 0x6e, 0x64, 0x62, 0x75, 0x66, +} + +var ( + file_tun_proto_rawDescOnce sync.Once + file_tun_proto_rawDescData = file_tun_proto_rawDesc +) + +func file_tun_proto_rawDescGZIP() []byte { + file_tun_proto_rawDescOnce.Do(func() { + file_tun_proto_rawDescData = protoimpl.X.CompressGZIP(file_tun_proto_rawDescData) + }) + return file_tun_proto_rawDescData +} + +var file_tun_proto_msgTypes = make([]protoimpl.MessageInfo, 2) +var file_tun_proto_goTypes = []interface{}{ + (*TunfileEntry)(nil), // 0: criu.tunfile_entry + (*TunLinkEntry)(nil), // 1: criu.tun_link_entry +} +var file_tun_proto_depIdxs = []int32{ + 0, // [0:0] is the sub-list for method output_type + 0, // [0:0] is the sub-list for method input_type + 0, // [0:0] is the sub-list for extension type_name + 0, // [0:0] is the sub-list for extension extendee + 0, // [0:0] is the sub-list for field type_name +} + +func init() { file_tun_proto_init() } +func file_tun_proto_init() { + if File_tun_proto != nil { + return + } + file_opts_proto_init() + if !protoimpl.UnsafeEnabled { + file_tun_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*TunfileEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_tun_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*TunLinkEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_tun_proto_rawDesc, + NumEnums: 0, + NumMessages: 2, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_tun_proto_goTypes, + DependencyIndexes: file_tun_proto_depIdxs, + MessageInfos: file_tun_proto_msgTypes, + }.Build() + File_tun_proto = out.File + file_tun_proto_rawDesc = nil + file_tun_proto_goTypes = nil + file_tun_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tun.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tun.proto new file mode 100644 index 00000000000..b0689cbdf5e --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tun.proto @@ -0,0 +1,21 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +import "opts.proto"; + +message tunfile_entry { + required uint32 id = 1; + optional string netdev = 2; + optional bool detached = 3; + optional uint32 ns_id = 4; +}; + +message tun_link_entry { + required uint32 flags = 1 [(criu).hex = true]; + required int32 owner = 2; + required int32 group = 3; + required uint32 vnethdr = 4; + required uint32 sndbuf = 5; +}; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/userns.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/userns.pb.go new file mode 100644 index 00000000000..16288142ddd --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/userns.pb.go @@ -0,0 +1,239 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: userns.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type UidGidExtent struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + First *uint32 `protobuf:"varint,1,req,name=first" json:"first,omitempty"` + LowerFirst *uint32 `protobuf:"varint,2,req,name=lower_first,json=lowerFirst" json:"lower_first,omitempty"` + Count *uint32 `protobuf:"varint,3,req,name=count" json:"count,omitempty"` +} + +func (x *UidGidExtent) Reset() { + *x = UidGidExtent{} + if protoimpl.UnsafeEnabled { + mi := &file_userns_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *UidGidExtent) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*UidGidExtent) ProtoMessage() {} + +func (x *UidGidExtent) ProtoReflect() protoreflect.Message { + mi := &file_userns_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use UidGidExtent.ProtoReflect.Descriptor instead. +func (*UidGidExtent) Descriptor() ([]byte, []int) { + return file_userns_proto_rawDescGZIP(), []int{0} +} + +func (x *UidGidExtent) GetFirst() uint32 { + if x != nil && x.First != nil { + return *x.First + } + return 0 +} + +func (x *UidGidExtent) GetLowerFirst() uint32 { + if x != nil && x.LowerFirst != nil { + return *x.LowerFirst + } + return 0 +} + +func (x *UidGidExtent) GetCount() uint32 { + if x != nil && x.Count != nil { + return *x.Count + } + return 0 +} + +type UsernsEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + UidMap []*UidGidExtent `protobuf:"bytes,1,rep,name=uid_map,json=uidMap" json:"uid_map,omitempty"` + GidMap []*UidGidExtent `protobuf:"bytes,2,rep,name=gid_map,json=gidMap" json:"gid_map,omitempty"` +} + +func (x *UsernsEntry) Reset() { + *x = UsernsEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_userns_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *UsernsEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*UsernsEntry) ProtoMessage() {} + +func (x *UsernsEntry) ProtoReflect() protoreflect.Message { + mi := &file_userns_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use UsernsEntry.ProtoReflect.Descriptor instead. +func (*UsernsEntry) Descriptor() ([]byte, []int) { + return file_userns_proto_rawDescGZIP(), []int{1} +} + +func (x *UsernsEntry) GetUidMap() []*UidGidExtent { + if x != nil { + return x.UidMap + } + return nil +} + +func (x *UsernsEntry) GetGidMap() []*UidGidExtent { + if x != nil { + return x.GidMap + } + return nil +} + +var File_userns_proto protoreflect.FileDescriptor + +var file_userns_proto_rawDesc = []byte{ + 0x0a, 0x0c, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, + 0x63, 0x72, 0x69, 0x75, 0x22, 0x5d, 0x0a, 0x0e, 0x75, 0x69, 0x64, 0x5f, 0x67, 0x69, 0x64, 0x5f, + 0x65, 0x78, 0x74, 0x65, 0x6e, 0x74, 0x12, 0x14, 0x0a, 0x05, 0x66, 0x69, 0x72, 0x73, 0x74, 0x18, + 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x66, 0x69, 0x72, 0x73, 0x74, 0x12, 0x1f, 0x0a, 0x0b, + 0x6c, 0x6f, 0x77, 0x65, 0x72, 0x5f, 0x66, 0x69, 0x72, 0x73, 0x74, 0x18, 0x02, 0x20, 0x02, 0x28, + 0x0d, 0x52, 0x0a, 0x6c, 0x6f, 0x77, 0x65, 0x72, 0x46, 0x69, 0x72, 0x73, 0x74, 0x12, 0x14, 0x0a, + 0x05, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x63, 0x6f, + 0x75, 0x6e, 0x74, 0x22, 0x6c, 0x0a, 0x0c, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x73, 0x5f, 0x65, 0x6e, + 0x74, 0x72, 0x79, 0x12, 0x2d, 0x0a, 0x07, 0x75, 0x69, 0x64, 0x5f, 0x6d, 0x61, 0x70, 0x18, 0x01, + 0x20, 0x03, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x75, 0x69, 0x64, 0x5f, + 0x67, 0x69, 0x64, 0x5f, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x74, 0x52, 0x06, 0x75, 0x69, 0x64, 0x4d, + 0x61, 0x70, 0x12, 0x2d, 0x0a, 0x07, 0x67, 0x69, 0x64, 0x5f, 0x6d, 0x61, 0x70, 0x18, 0x02, 0x20, + 0x03, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x75, 0x69, 0x64, 0x5f, 0x67, + 0x69, 0x64, 0x5f, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x74, 0x52, 0x06, 0x67, 0x69, 0x64, 0x4d, 0x61, + 0x70, +} + +var ( + file_userns_proto_rawDescOnce sync.Once + file_userns_proto_rawDescData = file_userns_proto_rawDesc +) + +func file_userns_proto_rawDescGZIP() []byte { + file_userns_proto_rawDescOnce.Do(func() { + file_userns_proto_rawDescData = protoimpl.X.CompressGZIP(file_userns_proto_rawDescData) + }) + return file_userns_proto_rawDescData +} + +var file_userns_proto_msgTypes = make([]protoimpl.MessageInfo, 2) +var file_userns_proto_goTypes = []interface{}{ + (*UidGidExtent)(nil), // 0: criu.uid_gid_extent + (*UsernsEntry)(nil), // 1: criu.userns_entry +} +var file_userns_proto_depIdxs = []int32{ + 0, // 0: criu.userns_entry.uid_map:type_name -> criu.uid_gid_extent + 0, // 1: criu.userns_entry.gid_map:type_name -> criu.uid_gid_extent + 2, // [2:2] is the sub-list for method output_type + 2, // [2:2] is the sub-list for method input_type + 2, // [2:2] is the sub-list for extension type_name + 2, // [2:2] is the sub-list for extension extendee + 0, // [0:2] is the sub-list for field type_name +} + +func init() { file_userns_proto_init() } +func file_userns_proto_init() { + if File_userns_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_userns_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*UidGidExtent); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_userns_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*UsernsEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_userns_proto_rawDesc, + NumEnums: 0, + NumMessages: 2, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_userns_proto_goTypes, + DependencyIndexes: file_userns_proto_depIdxs, + MessageInfos: file_userns_proto_msgTypes, + }.Build() + File_userns_proto = out.File + file_userns_proto_rawDesc = nil + file_userns_proto_goTypes = nil + file_userns_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/userns.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/userns.proto new file mode 100644 index 00000000000..4c9f0598b09 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/userns.proto @@ -0,0 +1,15 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +message uid_gid_extent { + required uint32 first = 1; + required uint32 lower_first = 2; + required uint32 count = 3; +} + +message userns_entry { + repeated uid_gid_extent uid_map = 1; + repeated uid_gid_extent gid_map = 2; +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/utsns.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/utsns.pb.go new file mode 100644 index 00000000000..0ba81721b34 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/utsns.pb.go @@ -0,0 +1,152 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: utsns.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type UtsnsEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Nodename *string `protobuf:"bytes,1,req,name=nodename" json:"nodename,omitempty"` + Domainname *string `protobuf:"bytes,2,req,name=domainname" json:"domainname,omitempty"` +} + +func (x *UtsnsEntry) Reset() { + *x = UtsnsEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_utsns_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *UtsnsEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*UtsnsEntry) ProtoMessage() {} + +func (x *UtsnsEntry) ProtoReflect() protoreflect.Message { + mi := &file_utsns_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use UtsnsEntry.ProtoReflect.Descriptor instead. +func (*UtsnsEntry) Descriptor() ([]byte, []int) { + return file_utsns_proto_rawDescGZIP(), []int{0} +} + +func (x *UtsnsEntry) GetNodename() string { + if x != nil && x.Nodename != nil { + return *x.Nodename + } + return "" +} + +func (x *UtsnsEntry) GetDomainname() string { + if x != nil && x.Domainname != nil { + return *x.Domainname + } + return "" +} + +var File_utsns_proto protoreflect.FileDescriptor + +var file_utsns_proto_rawDesc = []byte{ + 0x0a, 0x0b, 0x75, 0x74, 0x73, 0x6e, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x63, + 0x72, 0x69, 0x75, 0x22, 0x49, 0x0a, 0x0b, 0x75, 0x74, 0x73, 0x6e, 0x73, 0x5f, 0x65, 0x6e, 0x74, + 0x72, 0x79, 0x12, 0x1a, 0x0a, 0x08, 0x6e, 0x6f, 0x64, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, + 0x20, 0x02, 0x28, 0x09, 0x52, 0x08, 0x6e, 0x6f, 0x64, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1e, + 0x0a, 0x0a, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x02, + 0x28, 0x09, 0x52, 0x0a, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x6e, 0x61, 0x6d, 0x65, +} + +var ( + file_utsns_proto_rawDescOnce sync.Once + file_utsns_proto_rawDescData = file_utsns_proto_rawDesc +) + +func file_utsns_proto_rawDescGZIP() []byte { + file_utsns_proto_rawDescOnce.Do(func() { + file_utsns_proto_rawDescData = protoimpl.X.CompressGZIP(file_utsns_proto_rawDescData) + }) + return file_utsns_proto_rawDescData +} + +var file_utsns_proto_msgTypes = make([]protoimpl.MessageInfo, 1) +var file_utsns_proto_goTypes = []interface{}{ + (*UtsnsEntry)(nil), // 0: criu.utsns_entry +} +var file_utsns_proto_depIdxs = []int32{ + 0, // [0:0] is the sub-list for method output_type + 0, // [0:0] is the sub-list for method input_type + 0, // [0:0] is the sub-list for extension type_name + 0, // [0:0] is the sub-list for extension extendee + 0, // [0:0] is the sub-list for field type_name +} + +func init() { file_utsns_proto_init() } +func file_utsns_proto_init() { + if File_utsns_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_utsns_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*UtsnsEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_utsns_proto_rawDesc, + NumEnums: 0, + NumMessages: 1, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_utsns_proto_goTypes, + DependencyIndexes: file_utsns_proto_depIdxs, + MessageInfos: file_utsns_proto_msgTypes, + }.Build() + File_utsns_proto = out.File + file_utsns_proto_rawDesc = nil + file_utsns_proto_goTypes = nil + file_utsns_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/utsns.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/utsns.proto new file mode 100644 index 00000000000..8d78a83984c --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/utsns.proto @@ -0,0 +1,9 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +message utsns_entry { + required string nodename = 1; + required string domainname = 2; +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/vma.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/vma.pb.go new file mode 100644 index 00000000000..3e260fc3e2c --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/vma.pb.go @@ -0,0 +1,237 @@ +// SPDX-License-Identifier: MIT + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.4 +// source: vma.proto + +package images + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type VmaEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Start *uint64 `protobuf:"varint,1,req,name=start" json:"start,omitempty"` + End *uint64 `protobuf:"varint,2,req,name=end" json:"end,omitempty"` + Pgoff *uint64 `protobuf:"varint,3,req,name=pgoff" json:"pgoff,omitempty"` + Shmid *uint64 `protobuf:"varint,4,req,name=shmid" json:"shmid,omitempty"` + Prot *uint32 `protobuf:"varint,5,req,name=prot" json:"prot,omitempty"` + Flags *uint32 `protobuf:"varint,6,req,name=flags" json:"flags,omitempty"` + Status *uint32 `protobuf:"varint,7,req,name=status" json:"status,omitempty"` + // This fd thing is unused in the image, it was lost + // while switching from execve restore model. It is + // -1 by default. + Fd *int64 `protobuf:"zigzag64,8,req,name=fd" json:"fd,omitempty"` + // madvise flags bitmap + Madv *uint64 `protobuf:"varint,9,opt,name=madv" json:"madv,omitempty"` + // file status flags + Fdflags *uint32 `protobuf:"varint,10,opt,name=fdflags" json:"fdflags,omitempty"` +} + +func (x *VmaEntry) Reset() { + *x = VmaEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_vma_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *VmaEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*VmaEntry) ProtoMessage() {} + +func (x *VmaEntry) ProtoReflect() protoreflect.Message { + mi := &file_vma_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use VmaEntry.ProtoReflect.Descriptor instead. +func (*VmaEntry) Descriptor() ([]byte, []int) { + return file_vma_proto_rawDescGZIP(), []int{0} +} + +func (x *VmaEntry) GetStart() uint64 { + if x != nil && x.Start != nil { + return *x.Start + } + return 0 +} + +func (x *VmaEntry) GetEnd() uint64 { + if x != nil && x.End != nil { + return *x.End + } + return 0 +} + +func (x *VmaEntry) GetPgoff() uint64 { + if x != nil && x.Pgoff != nil { + return *x.Pgoff + } + return 0 +} + +func (x *VmaEntry) GetShmid() uint64 { + if x != nil && x.Shmid != nil { + return *x.Shmid + } + return 0 +} + +func (x *VmaEntry) GetProt() uint32 { + if x != nil && x.Prot != nil { + return *x.Prot + } + return 0 +} + +func (x *VmaEntry) GetFlags() uint32 { + if x != nil && x.Flags != nil { + return *x.Flags + } + return 0 +} + +func (x *VmaEntry) GetStatus() uint32 { + if x != nil && x.Status != nil { + return *x.Status + } + return 0 +} + +func (x *VmaEntry) GetFd() int64 { + if x != nil && x.Fd != nil { + return *x.Fd + } + return 0 +} + +func (x *VmaEntry) GetMadv() uint64 { + if x != nil && x.Madv != nil { + return *x.Madv + } + return 0 +} + +func (x *VmaEntry) GetFdflags() uint32 { + if x != nil && x.Fdflags != nil { + return *x.Fdflags + } + return 0 +} + +var File_vma_proto protoreflect.FileDescriptor + +var file_vma_proto_rawDesc = []byte{ + 0x0a, 0x09, 0x76, 0x6d, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x63, 0x72, 0x69, + 0x75, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xae, 0x02, + 0x0a, 0x09, 0x76, 0x6d, 0x61, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x1b, 0x0a, 0x05, 0x73, + 0x74, 0x61, 0x72, 0x74, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, + 0x01, 0x52, 0x05, 0x73, 0x74, 0x61, 0x72, 0x74, 0x12, 0x17, 0x0a, 0x03, 0x65, 0x6e, 0x64, 0x18, + 0x02, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x03, 0x65, 0x6e, + 0x64, 0x12, 0x14, 0x0a, 0x05, 0x70, 0x67, 0x6f, 0x66, 0x66, 0x18, 0x03, 0x20, 0x02, 0x28, 0x04, + 0x52, 0x05, 0x70, 0x67, 0x6f, 0x66, 0x66, 0x12, 0x14, 0x0a, 0x05, 0x73, 0x68, 0x6d, 0x69, 0x64, + 0x18, 0x04, 0x20, 0x02, 0x28, 0x04, 0x52, 0x05, 0x73, 0x68, 0x6d, 0x69, 0x64, 0x12, 0x22, 0x0a, + 0x04, 0x70, 0x72, 0x6f, 0x74, 0x18, 0x05, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x0e, 0xd2, 0x3f, 0x0b, + 0x1a, 0x09, 0x6d, 0x6d, 0x61, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x52, 0x04, 0x70, 0x72, 0x6f, + 0x74, 0x12, 0x25, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x06, 0x20, 0x02, 0x28, 0x0d, + 0x42, 0x0f, 0xd2, 0x3f, 0x0c, 0x1a, 0x0a, 0x6d, 0x6d, 0x61, 0x70, 0x2e, 0x66, 0x6c, 0x61, 0x67, + 0x73, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x28, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, + 0x75, 0x73, 0x18, 0x07, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x10, 0xd2, 0x3f, 0x0d, 0x1a, 0x0b, 0x6d, + 0x6d, 0x61, 0x70, 0x2e, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, + 0x75, 0x73, 0x12, 0x0e, 0x0a, 0x02, 0x66, 0x64, 0x18, 0x08, 0x20, 0x02, 0x28, 0x12, 0x52, 0x02, + 0x66, 0x64, 0x12, 0x19, 0x0a, 0x04, 0x6d, 0x61, 0x64, 0x76, 0x18, 0x09, 0x20, 0x01, 0x28, 0x04, + 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x04, 0x6d, 0x61, 0x64, 0x76, 0x12, 0x1f, 0x0a, + 0x07, 0x66, 0x64, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0d, 0x42, 0x05, + 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x07, 0x66, 0x64, 0x66, 0x6c, 0x61, 0x67, 0x73, +} + +var ( + file_vma_proto_rawDescOnce sync.Once + file_vma_proto_rawDescData = file_vma_proto_rawDesc +) + +func file_vma_proto_rawDescGZIP() []byte { + file_vma_proto_rawDescOnce.Do(func() { + file_vma_proto_rawDescData = protoimpl.X.CompressGZIP(file_vma_proto_rawDescData) + }) + return file_vma_proto_rawDescData +} + +var file_vma_proto_msgTypes = make([]protoimpl.MessageInfo, 1) +var file_vma_proto_goTypes = []interface{}{ + (*VmaEntry)(nil), // 0: criu.vma_entry +} +var file_vma_proto_depIdxs = []int32{ + 0, // [0:0] is the sub-list for method output_type + 0, // [0:0] is the sub-list for method input_type + 0, // [0:0] is the sub-list for extension type_name + 0, // [0:0] is the sub-list for extension extendee + 0, // [0:0] is the sub-list for field type_name +} + +func init() { file_vma_proto_init() } +func file_vma_proto_init() { + if File_vma_proto != nil { + return + } + file_opts_proto_init() + if !protoimpl.UnsafeEnabled { + file_vma_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*VmaEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_vma_proto_rawDesc, + NumEnums: 0, + NumMessages: 1, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_vma_proto_goTypes, + DependencyIndexes: file_vma_proto_depIdxs, + MessageInfos: file_vma_proto_msgTypes, + }.Build() + File_vma_proto = out.File + file_vma_proto_rawDesc = nil + file_vma_proto_goTypes = nil + file_vma_proto_depIdxs = nil +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/vma.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/vma.proto new file mode 100644 index 00000000000..35ff2564b7a --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/vma.proto @@ -0,0 +1,28 @@ +// SPDX-License-Identifier: MIT + +syntax = "proto2"; +package criu; + +import "opts.proto"; + +message vma_entry { + required uint64 start = 1 [(criu).hex = true]; + required uint64 end = 2 [(criu).hex = true]; + required uint64 pgoff = 3; + required uint64 shmid = 4; + required uint32 prot = 5 [(criu).flags = "mmap.prot" ]; + required uint32 flags = 6 [(criu).flags = "mmap.flags" ]; + required uint32 status = 7 [(criu).flags = "mmap.status" ]; + /* + * This fd thing is unused in the image, it was lost + * while switching from execve restore model. It is + * -1 by default. + */ + required sint64 fd = 8; + + /* madvise flags bitmap */ + optional uint64 madv = 9 [(criu).hex = true]; + + /* file status flags */ + optional uint32 fdflags = 10 [(criu).hex = true]; +} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v5/features.go b/vendor/github.com/checkpoint-restore/go-criu/v6/features.go similarity index 82% rename from vendor/github.com/checkpoint-restore/go-criu/v5/features.go rename to vendor/github.com/checkpoint-restore/go-criu/v6/features.go index c7127f95157..ade2598aabf 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v5/features.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/features.go @@ -3,7 +3,7 @@ package criu import ( "fmt" - "github.com/checkpoint-restore/go-criu/v5/rpc" + "github.com/checkpoint-restore/go-criu/v6/crit/images" ) // Feature checking in go-criu is based on the libcriu feature checking function. @@ -26,9 +26,9 @@ import ( // Available features will be set to true when the function // returns successfully. Missing features will be set to false. -func (c *Criu) FeatureCheck(features *rpc.CriuFeatures) (*rpc.CriuFeatures, error) { +func (c *Criu) FeatureCheck(features *images.CriuFeatures) (*images.CriuFeatures, error) { resp, err := c.doSwrkWithResp( - rpc.CriuReqType_FEATURE_CHECK, + images.CriuReqType_FEATURE_CHECK, nil, nil, features, @@ -37,7 +37,7 @@ func (c *Criu) FeatureCheck(features *rpc.CriuFeatures) (*rpc.CriuFeatures, erro return nil, err } - if resp.GetType() != rpc.CriuReqType_FEATURE_CHECK { + if resp.GetType() != images.CriuReqType_FEATURE_CHECK { return nil, fmt.Errorf("Unexpected CRIU RPC response") } diff --git a/vendor/github.com/checkpoint-restore/go-criu/v5/main.go b/vendor/github.com/checkpoint-restore/go-criu/v6/main.go similarity index 78% rename from vendor/github.com/checkpoint-restore/go-criu/v5/main.go rename to vendor/github.com/checkpoint-restore/go-criu/v6/main.go index 88b1b24587a..f01b2819f80 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v5/main.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/main.go @@ -8,7 +8,7 @@ import ( "strconv" "syscall" - "github.com/checkpoint-restore/go-criu/v5/rpc" + "github.com/checkpoint-restore/go-criu/v6/crit/images" "google.golang.org/protobuf/proto" ) @@ -86,7 +86,7 @@ func (c *Criu) sendAndRecv(reqB []byte) ([]byte, int, error) { return respB, n, nil } -func (c *Criu) doSwrk(reqType rpc.CriuReqType, opts *rpc.CriuOpts, nfy Notify) error { +func (c *Criu) doSwrk(reqType images.CriuReqType, opts *images.CriuOpts, nfy Notify) error { resp, err := c.doSwrkWithResp(reqType, opts, nfy, nil) if err != nil { return err @@ -99,10 +99,10 @@ func (c *Criu) doSwrk(reqType rpc.CriuReqType, opts *rpc.CriuOpts, nfy Notify) e return nil } -func (c *Criu) doSwrkWithResp(reqType rpc.CriuReqType, opts *rpc.CriuOpts, nfy Notify, features *rpc.CriuFeatures) (*rpc.CriuResp, error) { - var resp *rpc.CriuResp +func (c *Criu) doSwrkWithResp(reqType images.CriuReqType, opts *images.CriuOpts, nfy Notify, features *images.CriuFeatures) (*images.CriuResp, error) { + var resp *images.CriuResp - req := rpc.CriuReq{ + req := images.CriuReq{ Type: &reqType, Opts: opts, } @@ -135,7 +135,7 @@ func (c *Criu) doSwrkWithResp(reqType rpc.CriuReqType, opts *rpc.CriuOpts, nfy N return nil, err } - resp = &rpc.CriuResp{} + resp = &images.CriuResp{} err = proto.Unmarshal(respB[:respS], resp) if err != nil { return nil, err @@ -147,7 +147,7 @@ func (c *Criu) doSwrkWithResp(reqType rpc.CriuReqType, opts *rpc.CriuOpts, nfy N } respType := resp.GetType() - if respType != rpc.CriuReqType_NOTIFY { + if respType != images.CriuReqType_NOTIFY { break } if nfy == nil { @@ -182,7 +182,7 @@ func (c *Criu) doSwrkWithResp(reqType rpc.CriuReqType, opts *rpc.CriuOpts, nfy N return resp, err } - req = rpc.CriuReq{ + req = images.CriuReq{ Type: &respType, NotifySuccess: proto.Bool(true), } @@ -192,28 +192,28 @@ func (c *Criu) doSwrkWithResp(reqType rpc.CriuReqType, opts *rpc.CriuOpts, nfy N } // Dump dumps a process -func (c *Criu) Dump(opts *rpc.CriuOpts, nfy Notify) error { - return c.doSwrk(rpc.CriuReqType_DUMP, opts, nfy) +func (c *Criu) Dump(opts *images.CriuOpts, nfy Notify) error { + return c.doSwrk(images.CriuReqType_DUMP, opts, nfy) } // Restore restores a process -func (c *Criu) Restore(opts *rpc.CriuOpts, nfy Notify) error { - return c.doSwrk(rpc.CriuReqType_RESTORE, opts, nfy) +func (c *Criu) Restore(opts *images.CriuOpts, nfy Notify) error { + return c.doSwrk(images.CriuReqType_RESTORE, opts, nfy) } // PreDump does a pre-dump -func (c *Criu) PreDump(opts *rpc.CriuOpts, nfy Notify) error { - return c.doSwrk(rpc.CriuReqType_PRE_DUMP, opts, nfy) +func (c *Criu) PreDump(opts *images.CriuOpts, nfy Notify) error { + return c.doSwrk(images.CriuReqType_PRE_DUMP, opts, nfy) } // StartPageServer starts the page server -func (c *Criu) StartPageServer(opts *rpc.CriuOpts) error { - return c.doSwrk(rpc.CriuReqType_PAGE_SERVER, opts, nil) +func (c *Criu) StartPageServer(opts *images.CriuOpts) error { + return c.doSwrk(images.CriuReqType_PAGE_SERVER, opts, nil) } // StartPageServerChld starts the page server and returns PID and port -func (c *Criu) StartPageServerChld(opts *rpc.CriuOpts) (int, int, error) { - resp, err := c.doSwrkWithResp(rpc.CriuReqType_PAGE_SERVER_CHLD, opts, nil, nil) +func (c *Criu) StartPageServerChld(opts *images.CriuOpts) (int, int, error) { + resp, err := c.doSwrkWithResp(images.CriuReqType_PAGE_SERVER_CHLD, opts, nil, nil) if err != nil { return 0, 0, err } @@ -224,12 +224,12 @@ func (c *Criu) StartPageServerChld(opts *rpc.CriuOpts) (int, int, error) { // GetCriuVersion executes the VERSION RPC call and returns the version // as an integer. Major * 10000 + Minor * 100 + SubLevel func (c *Criu) GetCriuVersion() (int, error) { - resp, err := c.doSwrkWithResp(rpc.CriuReqType_VERSION, nil, nil, nil) + resp, err := c.doSwrkWithResp(images.CriuReqType_VERSION, nil, nil, nil) if err != nil { return 0, err } - if resp.GetType() != rpc.CriuReqType_VERSION { + if resp.GetType() != images.CriuReqType_VERSION { return 0, fmt.Errorf("Unexpected CRIU RPC response") } diff --git a/vendor/github.com/checkpoint-restore/go-criu/v5/notify.go b/vendor/github.com/checkpoint-restore/go-criu/v6/notify.go similarity index 100% rename from vendor/github.com/checkpoint-restore/go-criu/v5/notify.go rename to vendor/github.com/checkpoint-restore/go-criu/v6/notify.go diff --git a/vendor/github.com/cpuguy83/go-md2man/v2/md2man/roff.go b/vendor/github.com/cpuguy83/go-md2man/v2/md2man/roff.go index 0668a66cf70..be2b3436062 100644 --- a/vendor/github.com/cpuguy83/go-md2man/v2/md2man/roff.go +++ b/vendor/github.com/cpuguy83/go-md2man/v2/md2man/roff.go @@ -15,7 +15,7 @@ type roffRenderer struct { extensions blackfriday.Extensions listCounters []int firstHeader bool - defineTerm bool + firstDD bool listDepth int } @@ -42,7 +42,8 @@ const ( quoteCloseTag = "\n.RE\n" listTag = "\n.RS\n" listCloseTag = "\n.RE\n" - arglistTag = "\n.TP\n" + dtTag = "\n.TP\n" + dd2Tag = "\n" tableStart = "\n.TS\nallbox;\n" tableEnd = ".TE\n" tableCellStart = "T{\n" @@ -90,7 +91,7 @@ func (r *roffRenderer) RenderNode(w io.Writer, node *blackfriday.Node, entering switch node.Type { case blackfriday.Text: - r.handleText(w, node, entering) + escapeSpecialChars(w, node.Literal) case blackfriday.Softbreak: out(w, crTag) case blackfriday.Hardbreak: @@ -150,40 +151,21 @@ func (r *roffRenderer) RenderNode(w io.Writer, node *blackfriday.Node, entering out(w, codeCloseTag) case blackfriday.Table: r.handleTable(w, node, entering) - case blackfriday.TableCell: - r.handleTableCell(w, node, entering) case blackfriday.TableHead: case blackfriday.TableBody: case blackfriday.TableRow: // no action as cell entries do all the nroff formatting return blackfriday.GoToNext + case blackfriday.TableCell: + r.handleTableCell(w, node, entering) + case blackfriday.HTMLSpan: + // ignore other HTML tags default: fmt.Fprintln(os.Stderr, "WARNING: go-md2man does not handle node type "+node.Type.String()) } return walkAction } -func (r *roffRenderer) handleText(w io.Writer, node *blackfriday.Node, entering bool) { - var ( - start, end string - ) - // handle special roff table cell text encapsulation - if node.Parent.Type == blackfriday.TableCell { - if len(node.Literal) > 30 { - start = tableCellStart - end = tableCellEnd - } else { - // end rows that aren't terminated by "tableCellEnd" with a cr if end of row - if node.Parent.Next == nil && !node.Parent.IsHeader { - end = crTag - } - } - } - out(w, start) - escapeSpecialChars(w, node.Literal) - out(w, end) -} - func (r *roffRenderer) handleHeading(w io.Writer, node *blackfriday.Node, entering bool) { if entering { switch node.Level { @@ -230,15 +212,20 @@ func (r *roffRenderer) handleItem(w io.Writer, node *blackfriday.Node, entering if node.ListFlags&blackfriday.ListTypeOrdered != 0 { out(w, fmt.Sprintf(".IP \"%3d.\" 5\n", r.listCounters[len(r.listCounters)-1])) r.listCounters[len(r.listCounters)-1]++ + } else if node.ListFlags&blackfriday.ListTypeTerm != 0 { + // DT (definition term): line just before DD (see below). + out(w, dtTag) + r.firstDD = true } else if node.ListFlags&blackfriday.ListTypeDefinition != 0 { - // state machine for handling terms and following definitions - // since blackfriday does not distinguish them properly, nor - // does it seperate them into separate lists as it should - if !r.defineTerm { - out(w, arglistTag) - r.defineTerm = true + // DD (definition description): line that starts with ": ". + // + // We have to distinguish between the first DD and the + // subsequent ones, as there should be no vertical + // whitespace between the DT and the first DD. + if r.firstDD { + r.firstDD = false } else { - r.defineTerm = false + out(w, dd2Tag) } } else { out(w, ".IP \\(bu 2\n") @@ -251,7 +238,7 @@ func (r *roffRenderer) handleItem(w io.Writer, node *blackfriday.Node, entering func (r *roffRenderer) handleTable(w io.Writer, node *blackfriday.Node, entering bool) { if entering { out(w, tableStart) - //call walker to count cells (and rows?) so format section can be produced + // call walker to count cells (and rows?) so format section can be produced columns := countColumns(node) out(w, strings.Repeat("l ", columns)+"\n") out(w, strings.Repeat("l ", columns)+".\n") @@ -261,28 +248,41 @@ func (r *roffRenderer) handleTable(w io.Writer, node *blackfriday.Node, entering } func (r *roffRenderer) handleTableCell(w io.Writer, node *blackfriday.Node, entering bool) { - var ( - start, end string - ) - if node.IsHeader { - start = codespanTag - end = codespanCloseTag - } if entering { + var start string if node.Prev != nil && node.Prev.Type == blackfriday.TableCell { - out(w, "\t"+start) - } else { - out(w, start) + start = "\t" + } + if node.IsHeader { + start += codespanTag + } else if nodeLiteralSize(node) > 30 { + start += tableCellStart } + out(w, start) } else { - // need to carriage return if we are at the end of the header row - if node.IsHeader && node.Next == nil { - end = end + crTag + var end string + if node.IsHeader { + end = codespanCloseTag + } else if nodeLiteralSize(node) > 30 { + end = tableCellEnd + } + if node.Next == nil && end != tableCellEnd { + // Last cell: need to carriage return if we are at the end of the + // header row and content isn't wrapped in a "tablecell" + end += crTag } out(w, end) } } +func nodeLiteralSize(node *blackfriday.Node) int { + total := 0 + for n := node.FirstChild; n != nil; n = n.FirstChild { + total += len(n.Literal) + } + return total +} + // because roff format requires knowing the column count before outputting any table // data we need to walk a table tree and count the columns func countColumns(node *blackfriday.Node) int { @@ -309,15 +309,6 @@ func out(w io.Writer, output string) { io.WriteString(w, output) // nolint: errcheck } -func needsBackslash(c byte) bool { - for _, r := range []byte("-_&\\~") { - if c == r { - return true - } - } - return false -} - func escapeSpecialChars(w io.Writer, text []byte) { for i := 0; i < len(text); i++ { // escape initial apostrophe or period @@ -328,7 +319,7 @@ func escapeSpecialChars(w io.Writer, text []byte) { // directly copy normal characters org := i - for i < len(text) && !needsBackslash(text[i]) { + for i < len(text) && text[i] != '\\' { i++ } if i > org { diff --git a/vendor/github.com/russross/blackfriday/v2/README.md b/vendor/github.com/russross/blackfriday/v2/README.md index d5a8649bd53..d9c08a22fc5 100644 --- a/vendor/github.com/russross/blackfriday/v2/README.md +++ b/vendor/github.com/russross/blackfriday/v2/README.md @@ -1,4 +1,6 @@ -Blackfriday [![Build Status](https://travis-ci.org/russross/blackfriday.svg?branch=master)](https://travis-ci.org/russross/blackfriday) +Blackfriday +[![Build Status][BuildV2SVG]][BuildV2URL] +[![PkgGoDev][PkgGoDevV2SVG]][PkgGoDevV2URL] =========== Blackfriday is a [Markdown][1] processor implemented in [Go][2]. It @@ -16,19 +18,21 @@ It started as a translation from C of [Sundown][3]. Installation ------------ -Blackfriday is compatible with any modern Go release. With Go 1.7 and git -installed: +Blackfriday is compatible with modern Go releases in module mode. +With Go installed: - go get gopkg.in/russross/blackfriday.v2 + go get github.com/russross/blackfriday/v2 -will download, compile, and install the package into your `$GOPATH` -directory hierarchy. Alternatively, you can achieve the same if you -import it into a project: +will resolve and add the package to the current development module, +then build and install it. Alternatively, you can achieve the same +if you import it in a package: - import "gopkg.in/russross/blackfriday.v2" + import "github.com/russross/blackfriday/v2" and `go get` without parameters. +Legacy GOPATH mode is unsupported. + Versions -------- @@ -36,13 +40,9 @@ Versions Currently maintained and recommended version of Blackfriday is `v2`. It's being developed on its own branch: https://github.com/russross/blackfriday/tree/v2 and the documentation is available at -https://godoc.org/gopkg.in/russross/blackfriday.v2. +https://pkg.go.dev/github.com/russross/blackfriday/v2. -It is `go get`-able via via [gopkg.in][6] at `gopkg.in/russross/blackfriday.v2`, -but we highly recommend using package management tool like [dep][7] or -[Glide][8] and make use of semantic versioning. With package management you -should import `github.com/russross/blackfriday` and specify that you're using -version 2.0.0. +It is `go get`-able in module mode at `github.com/russross/blackfriday/v2`. Version 2 offers a number of improvements over v1: @@ -62,6 +62,11 @@ Potential drawbacks: v2. See issue [#348](https://github.com/russross/blackfriday/issues/348) for tracking. +If you are still interested in the legacy `v1`, you can import it from +`github.com/russross/blackfriday`. Documentation for the legacy v1 can be found +here: https://pkg.go.dev/github.com/russross/blackfriday. + + Usage ----- @@ -91,7 +96,7 @@ Here's an example of simple usage of Blackfriday together with Bluemonday: ```go import ( "github.com/microcosm-cc/bluemonday" - "github.com/russross/blackfriday" + "github.com/russross/blackfriday/v2" ) // ... @@ -104,6 +109,8 @@ html := bluemonday.UGCPolicy().SanitizeBytes(unsafe) If you want to customize the set of options, use `blackfriday.WithExtensions`, `blackfriday.WithRenderer` and `blackfriday.WithRefOverride`. +### `blackfriday-tool` + You can also check out `blackfriday-tool` for a more complete example of how to use it. Download and install it using: @@ -114,7 +121,7 @@ markdown file using a standalone program. You can also browse the source directly on github if you are just looking for some example code: -* +* Note that if you have not already done so, installing `blackfriday-tool` will be sufficient to download and install @@ -123,6 +130,22 @@ installed in `$GOPATH/bin`. This is a statically-linked binary that can be copied to wherever you need it without worrying about dependencies and library versions. +### Sanitized anchor names + +Blackfriday includes an algorithm for creating sanitized anchor names +corresponding to a given input text. This algorithm is used to create +anchors for headings when `AutoHeadingIDs` extension is enabled. The +algorithm has a specification, so that other packages can create +compatible anchor names and links to those anchors. + +The specification is located at https://pkg.go.dev/github.com/russross/blackfriday/v2#hdr-Sanitized_Anchor_Names. + +[`SanitizedAnchorName`](https://pkg.go.dev/github.com/russross/blackfriday/v2#SanitizedAnchorName) exposes this functionality, and can be used to +create compatible links to the anchor names generated by blackfriday. +This algorithm is also implemented in a small standalone package at +[`github.com/shurcooL/sanitized_anchor_name`](https://pkg.go.dev/github.com/shurcooL/sanitized_anchor_name). It can be useful for clients +that want a small package and don't need full functionality of blackfriday. + Features -------- @@ -199,6 +222,15 @@ implements the following extensions: You can use 3 or more backticks to mark the beginning of the block, and the same number to mark the end of the block. + To preserve classes of fenced code blocks while using the bluemonday + HTML sanitizer, use the following policy: + + ```go + p := bluemonday.UGCPolicy() + p.AllowAttrs("class").Matching(regexp.MustCompile("^language-[a-zA-Z0-9]+$")).OnElements("code") + html := p.SanitizeBytes(unsafe) + ``` + * **Definition lists**. A simple definition list is made of a single-line term followed by a colon and the definition for that term. @@ -250,7 +282,7 @@ Other renderers Blackfriday is structured to allow alternative rendering engines. Here are a few of note: -* [github_flavored_markdown](https://godoc.org/github.com/shurcooL/github_flavored_markdown): +* [github_flavored_markdown](https://pkg.go.dev/github.com/shurcooL/github_flavored_markdown): provides a GitHub Flavored Markdown renderer with fenced code block highlighting, clickable heading anchor links. @@ -261,20 +293,28 @@ are a few of note: * [markdownfmt](https://github.com/shurcooL/markdownfmt): like gofmt, but for markdown. -* [LaTeX output](https://github.com/Ambrevar/Blackfriday-LaTeX): +* [LaTeX output](https://gitlab.com/ambrevar/blackfriday-latex): renders output as LaTeX. +* [bfchroma](https://github.com/Depado/bfchroma/): provides convenience + integration with the [Chroma](https://github.com/alecthomas/chroma) code + highlighting library. bfchroma is only compatible with v2 of Blackfriday and + provides a drop-in renderer ready to use with Blackfriday, as well as + options and means for further customization. + * [Blackfriday-Confluence](https://github.com/kentaro-m/blackfriday-confluence): provides a [Confluence Wiki Markup](https://confluence.atlassian.com/doc/confluence-wiki-markup-251003035.html) renderer. +* [Blackfriday-Slack](https://github.com/karriereat/blackfriday-slack): converts markdown to slack message style + -Todo +TODO ---- * More unit testing -* Improve unicode support. It does not understand all unicode +* Improve Unicode support. It does not understand all Unicode rules (about what constitutes a letter, a punctuation symbol, etc.), so it may fail to detect word boundaries correctly in - some instances. It is safe on all utf-8 input. + some instances. It is safe on all UTF-8 input. License @@ -286,6 +326,10 @@ License [1]: https://daringfireball.net/projects/markdown/ "Markdown" [2]: https://golang.org/ "Go Language" [3]: https://github.com/vmg/sundown "Sundown" - [4]: https://godoc.org/gopkg.in/russross/blackfriday.v2#Parse "Parse func" + [4]: https://pkg.go.dev/github.com/russross/blackfriday/v2#Parse "Parse func" [5]: https://github.com/microcosm-cc/bluemonday "Bluemonday" - [6]: https://labix.org/gopkg.in "gopkg.in" + + [BuildV2SVG]: https://travis-ci.org/russross/blackfriday.svg?branch=v2 + [BuildV2URL]: https://travis-ci.org/russross/blackfriday + [PkgGoDevV2SVG]: https://pkg.go.dev/badge/github.com/russross/blackfriday/v2 + [PkgGoDevV2URL]: https://pkg.go.dev/github.com/russross/blackfriday/v2 diff --git a/vendor/github.com/russross/blackfriday/v2/block.go b/vendor/github.com/russross/blackfriday/v2/block.go index b8607474e59..dcd61e6e35b 100644 --- a/vendor/github.com/russross/blackfriday/v2/block.go +++ b/vendor/github.com/russross/blackfriday/v2/block.go @@ -18,8 +18,7 @@ import ( "html" "regexp" "strings" - - "github.com/shurcooL/sanitized_anchor_name" + "unicode" ) const ( @@ -259,7 +258,7 @@ func (p *Markdown) prefixHeading(data []byte) int { } if end > i { if id == "" && p.extensions&AutoHeadingIDs != 0 { - id = sanitized_anchor_name.Create(string(data[i:end])) + id = SanitizedAnchorName(string(data[i:end])) } block := p.addBlock(Heading, data[i:end]) block.HeadingID = id @@ -673,6 +672,7 @@ func (p *Markdown) fencedCodeBlock(data []byte, doRender bool) int { if beg == 0 || beg >= len(data) { return 0 } + fenceLength := beg - 1 var work bytes.Buffer work.Write([]byte(info)) @@ -706,6 +706,7 @@ func (p *Markdown) fencedCodeBlock(data []byte, doRender bool) int { if doRender { block := p.addBlock(CodeBlock, work.Bytes()) // TODO: get rid of temp buffer block.IsFenced = true + block.FenceLength = fenceLength finalizeCodeBlock(block) } @@ -1503,7 +1504,7 @@ func (p *Markdown) paragraph(data []byte) int { id := "" if p.extensions&AutoHeadingIDs != 0 { - id = sanitized_anchor_name.Create(string(data[prev:eol])) + id = SanitizedAnchorName(string(data[prev:eol])) } block := p.addBlock(Heading, data[prev:eol]) @@ -1588,3 +1589,24 @@ func skipUntilChar(text []byte, start int, char byte) int { } return i } + +// SanitizedAnchorName returns a sanitized anchor name for the given text. +// +// It implements the algorithm specified in the package comment. +func SanitizedAnchorName(text string) string { + var anchorName []rune + futureDash := false + for _, r := range text { + switch { + case unicode.IsLetter(r) || unicode.IsNumber(r): + if futureDash && len(anchorName) > 0 { + anchorName = append(anchorName, '-') + } + futureDash = false + anchorName = append(anchorName, unicode.ToLower(r)) + default: + futureDash = true + } + } + return string(anchorName) +} diff --git a/vendor/github.com/russross/blackfriday/v2/doc.go b/vendor/github.com/russross/blackfriday/v2/doc.go index 5b3fa9876ac..57ff152a056 100644 --- a/vendor/github.com/russross/blackfriday/v2/doc.go +++ b/vendor/github.com/russross/blackfriday/v2/doc.go @@ -15,4 +15,32 @@ // // If you're interested in calling Blackfriday from command line, see // https://github.com/russross/blackfriday-tool. +// +// Sanitized Anchor Names +// +// Blackfriday includes an algorithm for creating sanitized anchor names +// corresponding to a given input text. This algorithm is used to create +// anchors for headings when AutoHeadingIDs extension is enabled. The +// algorithm is specified below, so that other packages can create +// compatible anchor names and links to those anchors. +// +// The algorithm iterates over the input text, interpreted as UTF-8, +// one Unicode code point (rune) at a time. All runes that are letters (category L) +// or numbers (category N) are considered valid characters. They are mapped to +// lower case, and included in the output. All other runes are considered +// invalid characters. Invalid characters that precede the first valid character, +// as well as invalid character that follow the last valid character +// are dropped completely. All other sequences of invalid characters +// between two valid characters are replaced with a single dash character '-'. +// +// SanitizedAnchorName exposes this functionality, and can be used to +// create compatible links to the anchor names generated by blackfriday. +// This algorithm is also implemented in a small standalone package at +// github.com/shurcooL/sanitized_anchor_name. It can be useful for clients +// that want a small package and don't need full functionality of blackfriday. package blackfriday + +// NOTE: Keep Sanitized Anchor Name algorithm in sync with package +// github.com/shurcooL/sanitized_anchor_name. +// Otherwise, users of sanitized_anchor_name will get anchor names +// that are incompatible with those generated by blackfriday. diff --git a/vendor/github.com/russross/blackfriday/v2/entities.go b/vendor/github.com/russross/blackfriday/v2/entities.go new file mode 100644 index 00000000000..a2c3edb691c --- /dev/null +++ b/vendor/github.com/russross/blackfriday/v2/entities.go @@ -0,0 +1,2236 @@ +package blackfriday + +// Extracted from https://html.spec.whatwg.org/multipage/entities.json +var entities = map[string]bool{ + "Æ": true, + "Æ": true, + "&": true, + "&": true, + "Á": true, + "Á": true, + "Ă": true, + "Â": true, + "Â": true, + "А": true, + "𝔄": true, + "À": true, + "À": true, + "Α": true, + "Ā": true, + "⩓": true, + "Ą": true, + "𝔸": true, + "⁡": true, + "Å": true, + "Å": true, + "𝒜": true, + "≔": true, + "Ã": true, + "Ã": true, + "Ä": true, + "Ä": true, + "∖": true, + "⫧": true, + "⌆": true, + "Б": true, + "∵": true, + "ℬ": true, + "Β": true, + "𝔅": true, + "𝔹": true, + "˘": true, + "ℬ": true, + "≎": true, + "Ч": true, + "©": true, + "©": true, + "Ć": true, + "⋒": true, + "ⅅ": true, + "ℭ": true, + "Č": true, + "Ç": true, + "Ç": true, + "Ĉ": true, + "∰": true, + "Ċ": true, + "¸": true, + "·": true, + "ℭ": true, + "Χ": true, + "⊙": true, + "⊖": true, + "⊕": true, + "⊗": true, + "∲": true, + "”": true, + "’": true, + "∷": true, + "⩴": true, + "≡": true, + "∯": true, + "∮": true, + "ℂ": true, + "∐": true, + "∳": true, + "⨯": true, + "𝒞": true, + "⋓": true, + "≍": true, + "ⅅ": true, + "⤑": true, + "Ђ": true, + "Ѕ": true, + "Џ": true, + "‡": true, + "↡": true, + "⫤": true, + "Ď": true, + "Д": true, + "∇": true, + "Δ": true, + "𝔇": true, + "´": true, + "˙": true, + "˝": true, + "`": true, + "˜": true, + "⋄": true, + "ⅆ": true, + "𝔻": true, + "¨": true, + "⃜": true, + "≐": true, + "∯": true, + "¨": true, + "⇓": true, + "⇐": true, + "⇔": true, + "⫤": true, + "⟸": true, + "⟺": true, + "⟹": true, + "⇒": true, + "⊨": true, + "⇑": true, + "⇕": true, + "∥": true, + "↓": true, + "⤓": true, + "⇵": true, + "̑": true, + "⥐": true, + "⥞": true, + "↽": true, + "⥖": true, + "⥟": true, + "⇁": true, + "⥗": true, + "⊤": true, + "↧": true, + "⇓": true, + "𝒟": true, + "Đ": true, + "Ŋ": true, + "Ð": true, + "Ð": true, + "É": true, + "É": true, + "Ě": true, + "Ê": true, + "Ê": true, + "Э": true, + "Ė": true, + "𝔈": true, + "È": true, + "È": true, + "∈": true, + "Ē": true, + "◻": true, + "▫": true, + "Ę": true, + "𝔼": true, + "Ε": true, + "⩵": true, + "≂": true, + "⇌": true, + "ℰ": true, + "⩳": true, + "Η": true, + "Ë": true, + "Ë": true, + "∃": true, + "ⅇ": true, + "Ф": true, + "𝔉": true, + "◼": true, + "▪": true, + "𝔽": true, + "∀": true, + "ℱ": true, + "ℱ": true, + "Ѓ": true, + ">": true, + ">": true, + "Γ": true, + "Ϝ": true, + "Ğ": true, + "Ģ": true, + "Ĝ": true, + "Г": true, + "Ġ": true, + "𝔊": true, + "⋙": true, + "𝔾": true, + "≥": true, + "⋛": true, + "≧": true, + "⪢": true, + "≷": true, + "⩾": true, + "≳": true, + "𝒢": true, + "≫": true, + "Ъ": true, + "ˇ": true, + "^": true, + "Ĥ": true, + "ℌ": true, + "ℋ": true, + "ℍ": true, + "─": true, + "ℋ": true, + "Ħ": true, + "≎": true, + "≏": true, + "Е": true, + "IJ": true, + "Ё": true, + "Í": true, + "Í": true, + "Î": true, + "Î": true, + "И": true, + "İ": true, + "ℑ": true, + "Ì": true, + "Ì": true, + "ℑ": true, + "Ī": true, + "ⅈ": true, + "⇒": true, + "∬": true, + "∫": true, + "⋂": true, + "⁣": true, + "⁢": true, + "Į": true, + "𝕀": true, + "Ι": true, + "ℐ": true, + "Ĩ": true, + "І": true, + "Ï": true, + "Ï": true, + "Ĵ": true, + "Й": true, + "𝔍": true, + "𝕁": true, + "𝒥": true, + "Ј": true, + "Є": true, + "Х": true, + "Ќ": true, + "Κ": true, + "Ķ": true, + "К": true, + "𝔎": true, + "𝕂": true, + "𝒦": true, + "Љ": true, + "<": true, + "<": true, + "Ĺ": true, + "Λ": true, + "⟪": true, + "ℒ": true, + "↞": true, + "Ľ": true, + "Ļ": true, + "Л": true, + "⟨": true, + "←": true, + "⇤": true, + "⇆": true, + "⌈": true, + "⟦": true, + "⥡": true, + "⇃": true, + "⥙": true, + "⌊": true, + "↔": true, + "⥎": true, + "⊣": true, + "↤": true, + "⥚": true, + "⊲": true, + "⧏": true, + "⊴": true, + "⥑": true, + "⥠": true, + "↿": true, + "⥘": true, + "↼": true, + "⥒": true, + "⇐": true, + "⇔": true, + "⋚": true, + "≦": true, + "≶": true, + "⪡": true, + "⩽": true, + "≲": true, + "𝔏": true, + "⋘": true, + "⇚": true, + "Ŀ": true, + "⟵": true, + "⟷": true, + "⟶": true, + "⟸": true, + "⟺": true, + "⟹": true, + "𝕃": true, + "↙": true, + "↘": true, + "ℒ": true, + "↰": true, + "Ł": true, + "≪": true, + "⤅": true, + "М": true, + " ": true, + "ℳ": true, + "𝔐": true, + "∓": true, + "𝕄": true, + "ℳ": true, + "Μ": true, + "Њ": true, + "Ń": true, + "Ň": true, + "Ņ": true, + "Н": true, + "​": true, + "​": true, + "​": true, + "​": true, + "≫": true, + "≪": true, + " ": true, + "𝔑": true, + "⁠": true, + " ": true, + "ℕ": true, + "⫬": true, + "≢": true, + "≭": true, + "∦": true, + "∉": true, + "≠": true, + "≂̸": true, + "∄": true, + "≯": true, + "≱": true, + "≧̸": true, + "≫̸": true, + "≹": true, + "⩾̸": true, + "≵": true, + "≎̸": true, + "≏̸": true, + "⋪": true, + "⧏̸": true, + "⋬": true, + "≮": true, + "≰": true, + "≸": true, + "≪̸": true, + "⩽̸": true, + "≴": true, + "⪢̸": true, + "⪡̸": true, + "⊀": true, + "⪯̸": true, + "⋠": true, + "∌": true, + "⋫": true, + "⧐̸": true, + "⋭": true, + "⊏̸": true, + "⋢": true, + "⊐̸": true, + "⋣": true, + "⊂⃒": true, + "⊈": true, + "⊁": true, + "⪰̸": true, + "⋡": true, + "≿̸": true, + "⊃⃒": true, + "⊉": true, + "≁": true, + "≄": true, + "≇": true, + "≉": true, + "∤": true, + "𝒩": true, + "Ñ": true, + "Ñ": true, + "Ν": true, + "Œ": true, + "Ó": true, + "Ó": true, + "Ô": true, + "Ô": true, + "О": true, + "Ő": true, + "𝔒": true, + "Ò": true, + "Ò": true, + "Ō": true, + "Ω": true, + "Ο": true, + "𝕆": true, + "“": true, + "‘": true, + "⩔": true, + "𝒪": true, + "Ø": true, + "Ø": true, + "Õ": true, + "Õ": true, + "⨷": true, + "Ö": true, + "Ö": true, + "‾": true, + "⏞": true, + "⎴": true, + "⏜": true, + "∂": true, + "П": true, + "𝔓": true, + "Φ": true, + "Π": true, + "±": true, + "ℌ": true, + "ℙ": true, + "⪻": true, + "≺": true, + "⪯": true, + "≼": true, + "≾": true, + "″": true, + "∏": true, + "∷": true, + "∝": true, + "𝒫": true, + "Ψ": true, + """: true, + """: true, + "𝔔": true, + "ℚ": true, + "𝒬": true, + "⤐": true, + "®": true, + "®": true, + "Ŕ": true, + "⟫": true, + "↠": true, + "⤖": true, + "Ř": true, + "Ŗ": true, + "Р": true, + "ℜ": true, + "∋": true, + "⇋": true, + "⥯": true, + "ℜ": true, + "Ρ": true, + "⟩": true, + "→": true, + "⇥": true, + "⇄": true, + "⌉": true, + "⟧": true, + "⥝": true, + "⇂": true, + "⥕": true, + "⌋": true, + "⊢": true, + "↦": true, + "⥛": true, + "⊳": true, + "⧐": true, + "⊵": true, + "⥏": true, + "⥜": true, + "↾": true, + "⥔": true, + "⇀": true, + "⥓": true, + "⇒": true, + "ℝ": true, + "⥰": true, + "⇛": true, + "ℛ": true, + "↱": true, + "⧴": true, + "Щ": true, + "Ш": true, + "Ь": true, + "Ś": true, + "⪼": true, + "Š": true, + "Ş": true, + "Ŝ": true, + "С": true, + "𝔖": true, + "↓": true, + "←": true, + "→": true, + "↑": true, + "Σ": true, + "∘": true, + "𝕊": true, + "√": true, + "□": true, + "⊓": true, + "⊏": true, + "⊑": true, + "⊐": true, + "⊒": true, + "⊔": true, + "𝒮": true, + "⋆": true, + "⋐": true, + "⋐": true, + "⊆": true, + "≻": true, + "⪰": true, + "≽": true, + "≿": true, + "∋": true, + "∑": true, + "⋑": true, + "⊃": true, + "⊇": true, + "⋑": true, + "Þ": true, + "Þ": true, + "™": true, + "Ћ": true, + "Ц": true, + " ": true, + "Τ": true, + "Ť": true, + "Ţ": true, + "Т": true, + "𝔗": true, + "∴": true, + "Θ": true, + "  ": true, + " ": true, + "∼": true, + "≃": true, + "≅": true, + "≈": true, + "𝕋": true, + "⃛": true, + "𝒯": true, + "Ŧ": true, + "Ú": true, + "Ú": true, + "↟": true, + "⥉": true, + "Ў": true, + "Ŭ": true, + "Û": true, + "Û": true, + "У": true, + "Ű": true, + "𝔘": true, + "Ù": true, + "Ù": true, + "Ū": true, + "_": true, + "⏟": true, + "⎵": true, + "⏝": true, + "⋃": true, + "⊎": true, + "Ų": true, + "𝕌": true, + "↑": true, + "⤒": true, + "⇅": true, + "↕": true, + "⥮": true, + "⊥": true, + "↥": true, + "⇑": true, + "⇕": true, + "↖": true, + "↗": true, + "ϒ": true, + "Υ": true, + "Ů": true, + "𝒰": true, + "Ũ": true, + "Ü": true, + "Ü": true, + "⊫": true, + "⫫": true, + "В": true, + "⊩": true, + "⫦": true, + "⋁": true, + "‖": true, + "‖": true, + "∣": true, + "|": true, + "❘": true, + "≀": true, + " ": true, + "𝔙": true, + "𝕍": true, + "𝒱": true, + "⊪": true, + "Ŵ": true, + "⋀": true, + "𝔚": true, + "𝕎": true, + "𝒲": true, + "𝔛": true, + "Ξ": true, + "𝕏": true, + "𝒳": true, + "Я": true, + "Ї": true, + "Ю": true, + "Ý": true, + "Ý": true, + "Ŷ": true, + "Ы": true, + "𝔜": true, + "𝕐": true, + "𝒴": true, + "Ÿ": true, + "Ж": true, + "Ź": true, + "Ž": true, + "З": true, + "Ż": true, + "​": true, + "Ζ": true, + "ℨ": true, + "ℤ": true, + "𝒵": true, + "á": true, + "á": true, + "ă": true, + "∾": true, + "∾̳": true, + "∿": true, + "â": true, + "â": true, + "´": true, + "´": true, + "а": true, + "æ": true, + "æ": true, + "⁡": true, + "𝔞": true, + "à": true, + "à": true, + "ℵ": true, + "ℵ": true, + "α": true, + "ā": true, + "⨿": true, + "&": true, + "&": true, + "∧": true, + "⩕": true, + "⩜": true, + "⩘": true, + "⩚": true, + "∠": true, + "⦤": true, + "∠": true, + "∡": true, + "⦨": true, + "⦩": true, + "⦪": true, + "⦫": true, + "⦬": true, + "⦭": true, + "⦮": true, + "⦯": true, + "∟": true, + "⊾": true, + "⦝": true, + "∢": true, + "Å": true, + "⍼": true, + "ą": true, + "𝕒": true, + "≈": true, + "⩰": true, + "⩯": true, + "≊": true, + "≋": true, + "'": true, + "≈": true, + "≊": true, + "å": true, + "å": true, + "𝒶": true, + "*": true, + "≈": true, + "≍": true, + "ã": true, + "ã": true, + "ä": true, + "ä": true, + "∳": true, + "⨑": true, + "⫭": true, + "≌": true, + "϶": true, + "‵": true, + "∽": true, + "⋍": true, + "⊽": true, + "⌅": true, + "⌅": true, + "⎵": true, + "⎶": true, + "≌": true, + "б": true, + "„": true, + "∵": true, + "∵": true, + "⦰": true, + "϶": true, + "ℬ": true, + "β": true, + "ℶ": true, + "≬": true, + "𝔟": true, + "⋂": true, + "◯": true, + "⋃": true, + "⨀": true, + "⨁": true, + "⨂": true, + "⨆": true, + "★": true, + "▽": true, + "△": true, + "⨄": true, + "⋁": true, + "⋀": true, + "⤍": true, + "⧫": true, + "▪": true, + "▴": true, + "▾": true, + "◂": true, + "▸": true, + "␣": true, + "▒": true, + "░": true, + "▓": true, + "█": true, + "=⃥": true, + "≡⃥": true, + "⌐": true, + "𝕓": true, + "⊥": true, + "⊥": true, + "⋈": true, + "╗": true, + "╔": true, + "╖": true, + "╓": true, + "═": true, + "╦": true, + "╩": true, + "╤": true, + "╧": true, + "╝": true, + "╚": true, + "╜": true, + "╙": true, + "║": true, + "╬": true, + "╣": true, + "╠": true, + "╫": true, + "╢": true, + "╟": true, + "⧉": true, + "╕": true, + "╒": true, + "┐": true, + "┌": true, + "─": true, + "╥": true, + "╨": true, + "┬": true, + "┴": true, + "⊟": true, + "⊞": true, + "⊠": true, + "╛": true, + "╘": true, + "┘": true, + "└": true, + "│": true, + "╪": true, + "╡": true, + "╞": true, + "┼": true, + "┤": true, + "├": true, + "‵": true, + "˘": true, + "¦": true, + "¦": true, + "𝒷": true, + "⁏": true, + "∽": true, + "⋍": true, + "\": true, + "⧅": true, + "⟈": true, + "•": true, + "•": true, + "≎": true, + "⪮": true, + "≏": true, + "≏": true, + "ć": true, + "∩": true, + "⩄": true, + "⩉": true, + "⩋": true, + "⩇": true, + "⩀": true, + "∩︀": true, + "⁁": true, + "ˇ": true, + "⩍": true, + "č": true, + "ç": true, + "ç": true, + "ĉ": true, + "⩌": true, + "⩐": true, + "ċ": true, + "¸": true, + "¸": true, + "⦲": true, + "¢": true, + "¢": true, + "·": true, + "𝔠": true, + "ч": true, + "✓": true, + "✓": true, + "χ": true, + "○": true, + "⧃": true, + "ˆ": true, + "≗": true, + "↺": true, + "↻": true, + "®": true, + "Ⓢ": true, + "⊛": true, + "⊚": true, + "⊝": true, + "≗": true, + "⨐": true, + "⫯": true, + "⧂": true, + "♣": true, + "♣": true, + ":": true, + "≔": true, + "≔": true, + ",": true, + "@": true, + "∁": true, + "∘": true, + "∁": true, + "ℂ": true, + "≅": true, + "⩭": true, + "∮": true, + "𝕔": true, + "∐": true, + "©": true, + "©": true, + "℗": true, + "↵": true, + "✗": true, + "𝒸": true, + "⫏": true, + "⫑": true, + "⫐": true, + "⫒": true, + "⋯": true, + "⤸": true, + "⤵": true, + "⋞": true, + "⋟": true, + "↶": true, + "⤽": true, + "∪": true, + "⩈": true, + "⩆": true, + "⩊": true, + "⊍": true, + "⩅": true, + "∪︀": true, + "↷": true, + "⤼": true, + "⋞": true, + "⋟": true, + "⋎": true, + "⋏": true, + "¤": true, + "¤": true, + "↶": true, + "↷": true, + "⋎": true, + "⋏": true, + "∲": true, + "∱": true, + "⌭": true, + "⇓": true, + "⥥": true, + "†": true, + "ℸ": true, + "↓": true, + "‐": true, + "⊣": true, + "⤏": true, + "˝": true, + "ď": true, + "д": true, + "ⅆ": true, + "‡": true, + "⇊": true, + "⩷": true, + "°": true, + "°": true, + "δ": true, + "⦱": true, + "⥿": true, + "𝔡": true, + "⇃": true, + "⇂": true, + "⋄": true, + "⋄": true, + "♦": true, + "♦": true, + "¨": true, + "ϝ": true, + "⋲": true, + "÷": true, + "÷": true, + "÷": true, + "⋇": true, + "⋇": true, + "ђ": true, + "⌞": true, + "⌍": true, + "$": true, + "𝕕": true, + "˙": true, + "≐": true, + "≑": true, + "∸": true, + "∔": true, + "⊡": true, + "⌆": true, + "↓": true, + "⇊": true, + "⇃": true, + "⇂": true, + "⤐": true, + "⌟": true, + "⌌": true, + "𝒹": true, + "ѕ": true, + "⧶": true, + "đ": true, + "⋱": true, + "▿": true, + "▾": true, + "⇵": true, + "⥯": true, + "⦦": true, + "џ": true, + "⟿": true, + "⩷": true, + "≑": true, + "é": true, + "é": true, + "⩮": true, + "ě": true, + "≖": true, + "ê": true, + "ê": true, + "≕": true, + "э": true, + "ė": true, + "ⅇ": true, + "≒": true, + "𝔢": true, + "⪚": true, + "è": true, + "è": true, + "⪖": true, + "⪘": true, + "⪙": true, + "⏧": true, + "ℓ": true, + "⪕": true, + "⪗": true, + "ē": true, + "∅": true, + "∅": true, + "∅": true, + " ": true, + " ": true, + " ": true, + "ŋ": true, + " ": true, + "ę": true, + "𝕖": true, + "⋕": true, + "⧣": true, + "⩱": true, + "ε": true, + "ε": true, + "ϵ": true, + "≖": true, + "≕": true, + "≂": true, + "⪖": true, + "⪕": true, + "=": true, + "≟": true, + "≡": true, + "⩸": true, + "⧥": true, + "≓": true, + "⥱": true, + "ℯ": true, + "≐": true, + "≂": true, + "η": true, + "ð": true, + "ð": true, + "ë": true, + "ë": true, + "€": true, + "!": true, + "∃": true, + "ℰ": true, + "ⅇ": true, + "≒": true, + "ф": true, + "♀": true, + "ffi": true, + "ff": true, + "ffl": true, + "𝔣": true, + "fi": true, + "fj": true, + "♭": true, + "fl": true, + "▱": true, + "ƒ": true, + "𝕗": true, + "∀": true, + "⋔": true, + "⫙": true, + "⨍": true, + "½": true, + "½": true, + "⅓": true, + "¼": true, + "¼": true, + "⅕": true, + "⅙": true, + "⅛": true, + "⅔": true, + "⅖": true, + "¾": true, + "¾": true, + "⅗": true, + "⅜": true, + "⅘": true, + "⅚": true, + "⅝": true, + "⅞": true, + "⁄": true, + "⌢": true, + "𝒻": true, + "≧": true, + "⪌": true, + "ǵ": true, + "γ": true, + "ϝ": true, + "⪆": true, + "ğ": true, + "ĝ": true, + "г": true, + "ġ": true, + "≥": true, + "⋛": true, + "≥": true, + "≧": true, + "⩾": true, + "⩾": true, + "⪩": true, + "⪀": true, + "⪂": true, + "⪄": true, + "⋛︀": true, + "⪔": true, + "𝔤": true, + "≫": true, + "⋙": true, + "ℷ": true, + "ѓ": true, + "≷": true, + "⪒": true, + "⪥": true, + "⪤": true, + "≩": true, + "⪊": true, + "⪊": true, + "⪈": true, + "⪈": true, + "≩": true, + "⋧": true, + "𝕘": true, + "`": true, + "ℊ": true, + "≳": true, + "⪎": true, + "⪐": true, + ">": true, + ">": true, + "⪧": true, + "⩺": true, + "⋗": true, + "⦕": true, + "⩼": true, + "⪆": true, + "⥸": true, + "⋗": true, + "⋛": true, + "⪌": true, + "≷": true, + "≳": true, + "≩︀": true, + "≩︀": true, + "⇔": true, + " ": true, + "½": true, + "ℋ": true, + "ъ": true, + "↔": true, + "⥈": true, + "↭": true, + "ℏ": true, + "ĥ": true, + "♥": true, + "♥": true, + "…": true, + "⊹": true, + "𝔥": true, + "⤥": true, + "⤦": true, + "⇿": true, + "∻": true, + "↩": true, + "↪": true, + "𝕙": true, + "―": true, + "𝒽": true, + "ℏ": true, + "ħ": true, + "⁃": true, + "‐": true, + "í": true, + "í": true, + "⁣": true, + "î": true, + "î": true, + "и": true, + "е": true, + "¡": true, + "¡": true, + "⇔": true, + "𝔦": true, + "ì": true, + "ì": true, + "ⅈ": true, + "⨌": true, + "∭": true, + "⧜": true, + "℩": true, + "ij": true, + "ī": true, + "ℑ": true, + "ℐ": true, + "ℑ": true, + "ı": true, + "⊷": true, + "Ƶ": true, + "∈": true, + "℅": true, + "∞": true, + "⧝": true, + "ı": true, + "∫": true, + "⊺": true, + "ℤ": true, + "⊺": true, + "⨗": true, + "⨼": true, + "ё": true, + "į": true, + "𝕚": true, + "ι": true, + "⨼": true, + "¿": true, + "¿": true, + "𝒾": true, + "∈": true, + "⋹": true, + "⋵": true, + "⋴": true, + "⋳": true, + "∈": true, + "⁢": true, + "ĩ": true, + "і": true, + "ï": true, + "ï": true, + "ĵ": true, + "й": true, + "𝔧": true, + "ȷ": true, + "𝕛": true, + "𝒿": true, + "ј": true, + "є": true, + "κ": true, + "ϰ": true, + "ķ": true, + "к": true, + "𝔨": true, + "ĸ": true, + "х": true, + "ќ": true, + "𝕜": true, + "𝓀": true, + "⇚": true, + "⇐": true, + "⤛": true, + "⤎": true, + "≦": true, + "⪋": true, + "⥢": true, + "ĺ": true, + "⦴": true, + "ℒ": true, + "λ": true, + "⟨": true, + "⦑": true, + "⟨": true, + "⪅": true, + "«": true, + "«": true, + "←": true, + "⇤": true, + "⤟": true, + "⤝": true, + "↩": true, + "↫": true, + "⤹": true, + "⥳": true, + "↢": true, + "⪫": true, + "⤙": true, + "⪭": true, + "⪭︀": true, + "⤌": true, + "❲": true, + "{": true, + "[": true, + "⦋": true, + "⦏": true, + "⦍": true, + "ľ": true, + "ļ": true, + "⌈": true, + "{": true, + "л": true, + "⤶": true, + "“": true, + "„": true, + "⥧": true, + "⥋": true, + "↲": true, + "≤": true, + "←": true, + "↢": true, + "↽": true, + "↼": true, + "⇇": true, + "↔": true, + "⇆": true, + "⇋": true, + "↭": true, + "⋋": true, + "⋚": true, + "≤": true, + "≦": true, + "⩽": true, + "⩽": true, + "⪨": true, + "⩿": true, + "⪁": true, + "⪃": true, + "⋚︀": true, + "⪓": true, + "⪅": true, + "⋖": true, + "⋚": true, + "⪋": true, + "≶": true, + "≲": true, + "⥼": true, + "⌊": true, + "𝔩": true, + "≶": true, + "⪑": true, + "↽": true, + "↼": true, + "⥪": true, + "▄": true, + "љ": true, + "≪": true, + "⇇": true, + "⌞": true, + "⥫": true, + "◺": true, + "ŀ": true, + "⎰": true, + "⎰": true, + "≨": true, + "⪉": true, + "⪉": true, + "⪇": true, + "⪇": true, + "≨": true, + "⋦": true, + "⟬": true, + "⇽": true, + "⟦": true, + "⟵": true, + "⟷": true, + "⟼": true, + "⟶": true, + "↫": true, + "↬": true, + "⦅": true, + "𝕝": true, + "⨭": true, + "⨴": true, + "∗": true, + "_": true, + "◊": true, + "◊": true, + "⧫": true, + "(": true, + "⦓": true, + "⇆": true, + "⌟": true, + "⇋": true, + "⥭": true, + "‎": true, + "⊿": true, + "‹": true, + "𝓁": true, + "↰": true, + "≲": true, + "⪍": true, + "⪏": true, + "[": true, + "‘": true, + "‚": true, + "ł": true, + "<": true, + "<": true, + "⪦": true, + "⩹": true, + "⋖": true, + "⋋": true, + "⋉": true, + "⥶": true, + "⩻": true, + "⦖": true, + "◃": true, + "⊴": true, + "◂": true, + "⥊": true, + "⥦": true, + "≨︀": true, + "≨︀": true, + "∺": true, + "¯": true, + "¯": true, + "♂": true, + "✠": true, + "✠": true, + "↦": true, + "↦": true, + "↧": true, + "↤": true, + "↥": true, + "▮": true, + "⨩": true, + "м": true, + "—": true, + "∡": true, + "𝔪": true, + "℧": true, + "µ": true, + "µ": true, + "∣": true, + "*": true, + "⫰": true, + "·": true, + "·": true, + "−": true, + "⊟": true, + "∸": true, + "⨪": true, + "⫛": true, + "…": true, + "∓": true, + "⊧": true, + "𝕞": true, + "∓": true, + "𝓂": true, + "∾": true, + "μ": true, + "⊸": true, + "⊸": true, + "⋙̸": true, + "≫⃒": true, + "≫̸": true, + "⇍": true, + "⇎": true, + "⋘̸": true, + "≪⃒": true, + "≪̸": true, + "⇏": true, + "⊯": true, + "⊮": true, + "∇": true, + "ń": true, + "∠⃒": true, + "≉": true, + "⩰̸": true, + "≋̸": true, + "ʼn": true, + "≉": true, + "♮": true, + "♮": true, + "ℕ": true, + " ": true, + " ": true, + "≎̸": true, + "≏̸": true, + "⩃": true, + "ň": true, + "ņ": true, + "≇": true, + "⩭̸": true, + "⩂": true, + "н": true, + "–": true, + "≠": true, + "⇗": true, + "⤤": true, + "↗": true, + "↗": true, + "≐̸": true, + "≢": true, + "⤨": true, + "≂̸": true, + "∄": true, + "∄": true, + "𝔫": true, + "≧̸": true, + "≱": true, + "≱": true, + "≧̸": true, + "⩾̸": true, + "⩾̸": true, + "≵": true, + "≯": true, + "≯": true, + "⇎": true, + "↮": true, + "⫲": true, + "∋": true, + "⋼": true, + "⋺": true, + "∋": true, + "њ": true, + "⇍": true, + "≦̸": true, + "↚": true, + "‥": true, + "≰": true, + "↚": true, + "↮": true, + "≰": true, + "≦̸": true, + "⩽̸": true, + "⩽̸": true, + "≮": true, + "≴": true, + "≮": true, + "⋪": true, + "⋬": true, + "∤": true, + "𝕟": true, + "¬": true, + "¬": true, + "∉": true, + "⋹̸": true, + "⋵̸": true, + "∉": true, + "⋷": true, + "⋶": true, + "∌": true, + "∌": true, + "⋾": true, + "⋽": true, + "∦": true, + "∦": true, + "⫽⃥": true, + "∂̸": true, + "⨔": true, + "⊀": true, + "⋠": true, + "⪯̸": true, + "⊀": true, + "⪯̸": true, + "⇏": true, + "↛": true, + "⤳̸": true, + "↝̸": true, + "↛": true, + "⋫": true, + "⋭": true, + "⊁": true, + "⋡": true, + "⪰̸": true, + "𝓃": true, + "∤": true, + "∦": true, + "≁": true, + "≄": true, + "≄": true, + "∤": true, + "∦": true, + "⋢": true, + "⋣": true, + "⊄": true, + "⫅̸": true, + "⊈": true, + "⊂⃒": true, + "⊈": true, + "⫅̸": true, + "⊁": true, + "⪰̸": true, + "⊅": true, + "⫆̸": true, + "⊉": true, + "⊃⃒": true, + "⊉": true, + "⫆̸": true, + "≹": true, + "ñ": true, + "ñ": true, + "≸": true, + "⋪": true, + "⋬": true, + "⋫": true, + "⋭": true, + "ν": true, + "#": true, + "№": true, + " ": true, + "⊭": true, + "⤄": true, + "≍⃒": true, + "⊬": true, + "≥⃒": true, + ">⃒": true, + "⧞": true, + "⤂": true, + "≤⃒": true, + "<⃒": true, + "⊴⃒": true, + "⤃": true, + "⊵⃒": true, + "∼⃒": true, + "⇖": true, + "⤣": true, + "↖": true, + "↖": true, + "⤧": true, + "Ⓢ": true, + "ó": true, + "ó": true, + "⊛": true, + "⊚": true, + "ô": true, + "ô": true, + "о": true, + "⊝": true, + "ő": true, + "⨸": true, + "⊙": true, + "⦼": true, + "œ": true, + "⦿": true, + "𝔬": true, + "˛": true, + "ò": true, + "ò": true, + "⧁": true, + "⦵": true, + "Ω": true, + "∮": true, + "↺": true, + "⦾": true, + "⦻": true, + "‾": true, + "⧀": true, + "ō": true, + "ω": true, + "ο": true, + "⦶": true, + "⊖": true, + "𝕠": true, + "⦷": true, + "⦹": true, + "⊕": true, + "∨": true, + "↻": true, + "⩝": true, + "ℴ": true, + "ℴ": true, + "ª": true, + "ª": true, + "º": true, + "º": true, + "⊶": true, + "⩖": true, + "⩗": true, + "⩛": true, + "ℴ": true, + "ø": true, + "ø": true, + "⊘": true, + "õ": true, + "õ": true, + "⊗": true, + "⨶": true, + "ö": true, + "ö": true, + "⌽": true, + "∥": true, + "¶": true, + "¶": true, + "∥": true, + "⫳": true, + "⫽": true, + "∂": true, + "п": true, + "%": true, + ".": true, + "‰": true, + "⊥": true, + "‱": true, + "𝔭": true, + "φ": true, + "ϕ": true, + "ℳ": true, + "☎": true, + "π": true, + "⋔": true, + "ϖ": true, + "ℏ": true, + "ℎ": true, + "ℏ": true, + "+": true, + "⨣": true, + "⊞": true, + "⨢": true, + "∔": true, + "⨥": true, + "⩲": true, + "±": true, + "±": true, + "⨦": true, + "⨧": true, + "±": true, + "⨕": true, + "𝕡": true, + "£": true, + "£": true, + "≺": true, + "⪳": true, + "⪷": true, + "≼": true, + "⪯": true, + "≺": true, + "⪷": true, + "≼": true, + "⪯": true, + "⪹": true, + "⪵": true, + "⋨": true, + "≾": true, + "′": true, + "ℙ": true, + "⪵": true, + "⪹": true, + "⋨": true, + "∏": true, + "⌮": true, + "⌒": true, + "⌓": true, + "∝": true, + "∝": true, + "≾": true, + "⊰": true, + "𝓅": true, + "ψ": true, + " ": true, + "𝔮": true, + "⨌": true, + "𝕢": true, + "⁗": true, + "𝓆": true, + "ℍ": true, + "⨖": true, + "?": true, + "≟": true, + """: true, + """: true, + "⇛": true, + "⇒": true, + "⤜": true, + "⤏": true, + "⥤": true, + "∽̱": true, + "ŕ": true, + "√": true, + "⦳": true, + "⟩": true, + "⦒": true, + "⦥": true, + "⟩": true, + "»": true, + "»": true, + "→": true, + "⥵": true, + "⇥": true, + "⤠": true, + "⤳": true, + "⤞": true, + "↪": true, + "↬": true, + "⥅": true, + "⥴": true, + "↣": true, + "↝": true, + "⤚": true, + "∶": true, + "ℚ": true, + "⤍": true, + "❳": true, + "}": true, + "]": true, + "⦌": true, + "⦎": true, + "⦐": true, + "ř": true, + "ŗ": true, + "⌉": true, + "}": true, + "р": true, + "⤷": true, + "⥩": true, + "”": true, + "”": true, + "↳": true, + "ℜ": true, + "ℛ": true, + "ℜ": true, + "ℝ": true, + "▭": true, + "®": true, + "®": true, + "⥽": true, + "⌋": true, + "𝔯": true, + "⇁": true, + "⇀": true, + "⥬": true, + "ρ": true, + "ϱ": true, + "→": true, + "↣": true, + "⇁": true, + "⇀": true, + "⇄": true, + "⇌": true, + "⇉": true, + "↝": true, + "⋌": true, + "˚": true, + "≓": true, + "⇄": true, + "⇌": true, + "‏": true, + "⎱": true, + "⎱": true, + "⫮": true, + "⟭": true, + "⇾": true, + "⟧": true, + "⦆": true, + "𝕣": true, + "⨮": true, + "⨵": true, + ")": true, + "⦔": true, + "⨒": true, + "⇉": true, + "›": true, + "𝓇": true, + "↱": true, + "]": true, + "’": true, + "’": true, + "⋌": true, + "⋊": true, + "▹": true, + "⊵": true, + "▸": true, + "⧎": true, + "⥨": true, + "℞": true, + "ś": true, + "‚": true, + "≻": true, + "⪴": true, + "⪸": true, + "š": true, + "≽": true, + "⪰": true, + "ş": true, + "ŝ": true, + "⪶": true, + "⪺": true, + "⋩": true, + "⨓": true, + "≿": true, + "с": true, + "⋅": true, + "⊡": true, + "⩦": true, + "⇘": true, + "⤥": true, + "↘": true, + "↘": true, + "§": true, + "§": true, + ";": true, + "⤩": true, + "∖": true, + "∖": true, + "✶": true, + "𝔰": true, + "⌢": true, + "♯": true, + "щ": true, + "ш": true, + "∣": true, + "∥": true, + "­": true, + "­": true, + "σ": true, + "ς": true, + "ς": true, + "∼": true, + "⩪": true, + "≃": true, + "≃": true, + "⪞": true, + "⪠": true, + "⪝": true, + "⪟": true, + "≆": true, + "⨤": true, + "⥲": true, + "←": true, + "∖": true, + "⨳": true, + "⧤": true, + "∣": true, + "⌣": true, + "⪪": true, + "⪬": true, + "⪬︀": true, + "ь": true, + "/": true, + "⧄": true, + "⌿": true, + "𝕤": true, + "♠": true, + "♠": true, + "∥": true, + "⊓": true, + "⊓︀": true, + "⊔": true, + "⊔︀": true, + "⊏": true, + "⊑": true, + "⊏": true, + "⊑": true, + "⊐": true, + "⊒": true, + "⊐": true, + "⊒": true, + "□": true, + "□": true, + "▪": true, + "▪": true, + "→": true, + "𝓈": true, + "∖": true, + "⌣": true, + "⋆": true, + "☆": true, + "★": true, + "ϵ": true, + "ϕ": true, + "¯": true, + "⊂": true, + "⫅": true, + "⪽": true, + "⊆": true, + "⫃": true, + "⫁": true, + "⫋": true, + "⊊": true, + "⪿": true, + "⥹": true, + "⊂": true, + "⊆": true, + "⫅": true, + "⊊": true, + "⫋": true, + "⫇": true, + "⫕": true, + "⫓": true, + "≻": true, + "⪸": true, + "≽": true, + "⪰": true, + "⪺": true, + "⪶": true, + "⋩": true, + "≿": true, + "∑": true, + "♪": true, + "¹": true, + "¹": true, + "²": true, + "²": true, + "³": true, + "³": true, + "⊃": true, + "⫆": true, + "⪾": true, + "⫘": true, + "⊇": true, + "⫄": true, + "⟉": true, + "⫗": true, + "⥻": true, + "⫂": true, + "⫌": true, + "⊋": true, + "⫀": true, + "⊃": true, + "⊇": true, + "⫆": true, + "⊋": true, + "⫌": true, + "⫈": true, + "⫔": true, + "⫖": true, + "⇙": true, + "⤦": true, + "↙": true, + "↙": true, + "⤪": true, + "ß": true, + "ß": true, + "⌖": true, + "τ": true, + "⎴": true, + "ť": true, + "ţ": true, + "т": true, + "⃛": true, + "⌕": true, + "𝔱": true, + "∴": true, + "∴": true, + "θ": true, + "ϑ": true, + "ϑ": true, + "≈": true, + "∼": true, + " ": true, + "≈": true, + "∼": true, + "þ": true, + "þ": true, + "˜": true, + "×": true, + "×": true, + "⊠": true, + "⨱": true, + "⨰": true, + "∭": true, + "⤨": true, + "⊤": true, + "⌶": true, + "⫱": true, + "𝕥": true, + "⫚": true, + "⤩": true, + "‴": true, + "™": true, + "▵": true, + "▿": true, + "◃": true, + "⊴": true, + "≜": true, + "▹": true, + "⊵": true, + "◬": true, + "≜": true, + "⨺": true, + "⨹": true, + "⧍": true, + "⨻": true, + "⏢": true, + "𝓉": true, + "ц": true, + "ћ": true, + "ŧ": true, + "≬": true, + "↞": true, + "↠": true, + "⇑": true, + "⥣": true, + "ú": true, + "ú": true, + "↑": true, + "ў": true, + "ŭ": true, + "û": true, + "û": true, + "у": true, + "⇅": true, + "ű": true, + "⥮": true, + "⥾": true, + "𝔲": true, + "ù": true, + "ù": true, + "↿": true, + "↾": true, + "▀": true, + "⌜": true, + "⌜": true, + "⌏": true, + "◸": true, + "ū": true, + "¨": true, + "¨": true, + "ų": true, + "𝕦": true, + "↑": true, + "↕": true, + "↿": true, + "↾": true, + "⊎": true, + "υ": true, + "ϒ": true, + "υ": true, + "⇈": true, + "⌝": true, + "⌝": true, + "⌎": true, + "ů": true, + "◹": true, + "𝓊": true, + "⋰": true, + "ũ": true, + "▵": true, + "▴": true, + "⇈": true, + "ü": true, + "ü": true, + "⦧": true, + "⇕": true, + "⫨": true, + "⫩": true, + "⊨": true, + "⦜": true, + "ϵ": true, + "ϰ": true, + "∅": true, + "ϕ": true, + "ϖ": true, + "∝": true, + "↕": true, + "ϱ": true, + "ς": true, + "⊊︀": true, + "⫋︀": true, + "⊋︀": true, + "⫌︀": true, + "ϑ": true, + "⊲": true, + "⊳": true, + "в": true, + "⊢": true, + "∨": true, + "⊻": true, + "≚": true, + "⋮": true, + "|": true, + "|": true, + "𝔳": true, + "⊲": true, + "⊂⃒": true, + "⊃⃒": true, + "𝕧": true, + "∝": true, + "⊳": true, + "𝓋": true, + "⫋︀": true, + "⊊︀": true, + "⫌︀": true, + "⊋︀": true, + "⦚": true, + "ŵ": true, + "⩟": true, + "∧": true, + "≙": true, + "℘": true, + "𝔴": true, + "𝕨": true, + "℘": true, + "≀": true, + "≀": true, + "𝓌": true, + "⋂": true, + "◯": true, + "⋃": true, + "▽": true, + "𝔵": true, + "⟺": true, + "⟷": true, + "ξ": true, + "⟸": true, + "⟵": true, + "⟼": true, + "⋻": true, + "⨀": true, + "𝕩": true, + "⨁": true, + "⨂": true, + "⟹": true, + "⟶": true, + "𝓍": true, + "⨆": true, + "⨄": true, + "△": true, + "⋁": true, + "⋀": true, + "ý": true, + "ý": true, + "я": true, + "ŷ": true, + "ы": true, + "¥": true, + "¥": true, + "𝔶": true, + "ї": true, + "𝕪": true, + "𝓎": true, + "ю": true, + "ÿ": true, + "ÿ": true, + "ź": true, + "ž": true, + "з": true, + "ż": true, + "ℨ": true, + "ζ": true, + "𝔷": true, + "ж": true, + "⇝": true, + "𝕫": true, + "𝓏": true, + "‍": true, + "‌": true, +} diff --git a/vendor/github.com/russross/blackfriday/v2/esc.go b/vendor/github.com/russross/blackfriday/v2/esc.go index 6385f27cb6a..6ab60102c9b 100644 --- a/vendor/github.com/russross/blackfriday/v2/esc.go +++ b/vendor/github.com/russross/blackfriday/v2/esc.go @@ -13,13 +13,27 @@ var htmlEscaper = [256][]byte{ } func escapeHTML(w io.Writer, s []byte) { + escapeEntities(w, s, false) +} + +func escapeAllHTML(w io.Writer, s []byte) { + escapeEntities(w, s, true) +} + +func escapeEntities(w io.Writer, s []byte, escapeValidEntities bool) { var start, end int for end < len(s) { escSeq := htmlEscaper[s[end]] if escSeq != nil { - w.Write(s[start:end]) - w.Write(escSeq) - start = end + 1 + isEntity, entityEnd := nodeIsEntity(s, end) + if isEntity && !escapeValidEntities { + w.Write(s[start : entityEnd+1]) + start = entityEnd + 1 + } else { + w.Write(s[start:end]) + w.Write(escSeq) + start = end + 1 + } } end++ } @@ -28,6 +42,28 @@ func escapeHTML(w io.Writer, s []byte) { } } +func nodeIsEntity(s []byte, end int) (isEntity bool, endEntityPos int) { + isEntity = false + endEntityPos = end + 1 + + if s[end] == '&' { + for endEntityPos < len(s) { + if s[endEntityPos] == ';' { + if entities[string(s[end:endEntityPos+1])] { + isEntity = true + break + } + } + if !isalnum(s[endEntityPos]) && s[endEntityPos] != '&' && s[endEntityPos] != '#' { + break + } + endEntityPos++ + } + } + + return isEntity, endEntityPos +} + func escLink(w io.Writer, text []byte) { unesc := html.UnescapeString(string(text)) escapeHTML(w, []byte(unesc)) diff --git a/vendor/github.com/russross/blackfriday/v2/html.go b/vendor/github.com/russross/blackfriday/v2/html.go index 284c87184f7..cb4f26e30fd 100644 --- a/vendor/github.com/russross/blackfriday/v2/html.go +++ b/vendor/github.com/russross/blackfriday/v2/html.go @@ -132,7 +132,10 @@ func NewHTMLRenderer(params HTMLRendererParameters) *HTMLRenderer { } if params.FootnoteReturnLinkContents == "" { - params.FootnoteReturnLinkContents = `[return]` + // U+FE0E is VARIATION SELECTOR-15. + // It suppresses automatic emoji presentation of the preceding + // U+21A9 LEFTWARDS ARROW WITH HOOK on iOS and iPadOS. + params.FootnoteReturnLinkContents = "↩\ufe0e" } return &HTMLRenderer{ @@ -616,7 +619,7 @@ func (r *HTMLRenderer) RenderNode(w io.Writer, node *Node, entering bool) WalkSt } case Code: r.out(w, codeTag) - escapeHTML(w, node.Literal) + escapeAllHTML(w, node.Literal) r.out(w, codeCloseTag) case Document: break @@ -762,7 +765,7 @@ func (r *HTMLRenderer) RenderNode(w io.Writer, node *Node, entering bool) WalkSt r.cr(w) r.out(w, preTag) r.tag(w, codeTag[:len(codeTag)-1], attrs) - escapeHTML(w, node.Literal) + escapeAllHTML(w, node.Literal) r.out(w, codeCloseTag) r.out(w, preCloseTag) if node.Parent.Type != Item { diff --git a/vendor/github.com/russross/blackfriday/v2/inline.go b/vendor/github.com/russross/blackfriday/v2/inline.go index 4ed2907921e..d45bd941726 100644 --- a/vendor/github.com/russross/blackfriday/v2/inline.go +++ b/vendor/github.com/russross/blackfriday/v2/inline.go @@ -278,7 +278,7 @@ func link(p *Markdown, data []byte, offset int) (int, *Node) { case data[i] == '\n': textHasNl = true - case data[i-1] == '\\': + case isBackslashEscaped(data, i): continue case data[i] == '[': diff --git a/vendor/github.com/russross/blackfriday/v2/node.go b/vendor/github.com/russross/blackfriday/v2/node.go index 51b9e8c1b53..04e6050ceea 100644 --- a/vendor/github.com/russross/blackfriday/v2/node.go +++ b/vendor/github.com/russross/blackfriday/v2/node.go @@ -199,7 +199,8 @@ func (n *Node) InsertBefore(sibling *Node) { } } -func (n *Node) isContainer() bool { +// IsContainer returns true if 'n' can contain children. +func (n *Node) IsContainer() bool { switch n.Type { case Document: fallthrough @@ -238,6 +239,11 @@ func (n *Node) isContainer() bool { } } +// IsLeaf returns true if 'n' is a leaf node. +func (n *Node) IsLeaf() bool { + return !n.IsContainer() +} + func (n *Node) canContain(t NodeType) bool { if n.Type == List { return t == Item @@ -309,11 +315,11 @@ func newNodeWalker(root *Node) *nodeWalker { } func (nw *nodeWalker) next() { - if (!nw.current.isContainer() || !nw.entering) && nw.current == nw.root { + if (!nw.current.IsContainer() || !nw.entering) && nw.current == nw.root { nw.current = nil return } - if nw.entering && nw.current.isContainer() { + if nw.entering && nw.current.IsContainer() { if nw.current.FirstChild != nil { nw.current = nw.current.FirstChild nw.entering = true diff --git a/vendor/github.com/shurcooL/sanitized_anchor_name/.travis.yml b/vendor/github.com/shurcooL/sanitized_anchor_name/.travis.yml deleted file mode 100644 index 93b1fcdb31a..00000000000 --- a/vendor/github.com/shurcooL/sanitized_anchor_name/.travis.yml +++ /dev/null @@ -1,16 +0,0 @@ -sudo: false -language: go -go: - - 1.x - - master -matrix: - allow_failures: - - go: master - fast_finish: true -install: - - # Do nothing. This is needed to prevent default install action "go get -t -v ./..." from happening here (we want it to happen inside script step). -script: - - go get -t -v ./... - - diff -u <(echo -n) <(gofmt -d -s .) - - go tool vet . - - go test -v -race ./... diff --git a/vendor/github.com/shurcooL/sanitized_anchor_name/LICENSE b/vendor/github.com/shurcooL/sanitized_anchor_name/LICENSE deleted file mode 100644 index c35c17af980..00000000000 --- a/vendor/github.com/shurcooL/sanitized_anchor_name/LICENSE +++ /dev/null @@ -1,21 +0,0 @@ -MIT License - -Copyright (c) 2015 Dmitri Shuralyov - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. diff --git a/vendor/github.com/shurcooL/sanitized_anchor_name/README.md b/vendor/github.com/shurcooL/sanitized_anchor_name/README.md deleted file mode 100644 index 670bf0fe6c7..00000000000 --- a/vendor/github.com/shurcooL/sanitized_anchor_name/README.md +++ /dev/null @@ -1,36 +0,0 @@ -sanitized_anchor_name -===================== - -[![Build Status](https://travis-ci.org/shurcooL/sanitized_anchor_name.svg?branch=master)](https://travis-ci.org/shurcooL/sanitized_anchor_name) [![GoDoc](https://godoc.org/github.com/shurcooL/sanitized_anchor_name?status.svg)](https://godoc.org/github.com/shurcooL/sanitized_anchor_name) - -Package sanitized_anchor_name provides a func to create sanitized anchor names. - -Its logic can be reused by multiple packages to create interoperable anchor names -and links to those anchors. - -At this time, it does not try to ensure that generated anchor names -are unique, that responsibility falls on the caller. - -Installation ------------- - -```bash -go get -u github.com/shurcooL/sanitized_anchor_name -``` - -Example -------- - -```Go -anchorName := sanitized_anchor_name.Create("This is a header") - -fmt.Println(anchorName) - -// Output: -// this-is-a-header -``` - -License -------- - -- [MIT License](LICENSE) diff --git a/vendor/github.com/shurcooL/sanitized_anchor_name/main.go b/vendor/github.com/shurcooL/sanitized_anchor_name/main.go deleted file mode 100644 index 6a77d124317..00000000000 --- a/vendor/github.com/shurcooL/sanitized_anchor_name/main.go +++ /dev/null @@ -1,29 +0,0 @@ -// Package sanitized_anchor_name provides a func to create sanitized anchor names. -// -// Its logic can be reused by multiple packages to create interoperable anchor names -// and links to those anchors. -// -// At this time, it does not try to ensure that generated anchor names -// are unique, that responsibility falls on the caller. -package sanitized_anchor_name // import "github.com/shurcooL/sanitized_anchor_name" - -import "unicode" - -// Create returns a sanitized anchor name for the given text. -func Create(text string) string { - var anchorName []rune - var futureDash = false - for _, r := range text { - switch { - case unicode.IsLetter(r) || unicode.IsNumber(r): - if futureDash && len(anchorName) > 0 { - anchorName = append(anchorName, '-') - } - futureDash = false - anchorName = append(anchorName, unicode.ToLower(r)) - default: - futureDash = true - } - } - return string(anchorName) -} diff --git a/vendor/google.golang.org/protobuf/types/descriptorpb/descriptor.pb.go b/vendor/google.golang.org/protobuf/types/descriptorpb/descriptor.pb.go new file mode 100644 index 00000000000..abe4ab5115b --- /dev/null +++ b/vendor/google.golang.org/protobuf/types/descriptorpb/descriptor.pb.go @@ -0,0 +1,3957 @@ +// Protocol Buffers - Google's data interchange format +// Copyright 2008 Google Inc. All rights reserved. +// https://developers.google.com/protocol-buffers/ +// +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions are +// met: +// +// * Redistributions of source code must retain the above copyright +// notice, this list of conditions and the following disclaimer. +// * Redistributions in binary form must reproduce the above +// copyright notice, this list of conditions and the following disclaimer +// in the documentation and/or other materials provided with the +// distribution. +// * Neither the name of Google Inc. nor the names of its +// contributors may be used to endorse or promote products derived from +// this software without specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +// Author: kenton@google.com (Kenton Varda) +// Based on original Protocol Buffers design by +// Sanjay Ghemawat, Jeff Dean, and others. +// +// The messages in this file describe the definitions found in .proto files. +// A valid .proto file can be translated directly to a FileDescriptorProto +// without any other information (e.g. without reading its imports). + +// Code generated by protoc-gen-go. DO NOT EDIT. +// source: google/protobuf/descriptor.proto + +package descriptorpb + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +type FieldDescriptorProto_Type int32 + +const ( + // 0 is reserved for errors. + // Order is weird for historical reasons. + FieldDescriptorProto_TYPE_DOUBLE FieldDescriptorProto_Type = 1 + FieldDescriptorProto_TYPE_FLOAT FieldDescriptorProto_Type = 2 + // Not ZigZag encoded. Negative numbers take 10 bytes. Use TYPE_SINT64 if + // negative values are likely. + FieldDescriptorProto_TYPE_INT64 FieldDescriptorProto_Type = 3 + FieldDescriptorProto_TYPE_UINT64 FieldDescriptorProto_Type = 4 + // Not ZigZag encoded. Negative numbers take 10 bytes. Use TYPE_SINT32 if + // negative values are likely. + FieldDescriptorProto_TYPE_INT32 FieldDescriptorProto_Type = 5 + FieldDescriptorProto_TYPE_FIXED64 FieldDescriptorProto_Type = 6 + FieldDescriptorProto_TYPE_FIXED32 FieldDescriptorProto_Type = 7 + FieldDescriptorProto_TYPE_BOOL FieldDescriptorProto_Type = 8 + FieldDescriptorProto_TYPE_STRING FieldDescriptorProto_Type = 9 + // Tag-delimited aggregate. + // Group type is deprecated and not supported in proto3. However, Proto3 + // implementations should still be able to parse the group wire format and + // treat group fields as unknown fields. + FieldDescriptorProto_TYPE_GROUP FieldDescriptorProto_Type = 10 + FieldDescriptorProto_TYPE_MESSAGE FieldDescriptorProto_Type = 11 // Length-delimited aggregate. + // New in version 2. + FieldDescriptorProto_TYPE_BYTES FieldDescriptorProto_Type = 12 + FieldDescriptorProto_TYPE_UINT32 FieldDescriptorProto_Type = 13 + FieldDescriptorProto_TYPE_ENUM FieldDescriptorProto_Type = 14 + FieldDescriptorProto_TYPE_SFIXED32 FieldDescriptorProto_Type = 15 + FieldDescriptorProto_TYPE_SFIXED64 FieldDescriptorProto_Type = 16 + FieldDescriptorProto_TYPE_SINT32 FieldDescriptorProto_Type = 17 // Uses ZigZag encoding. + FieldDescriptorProto_TYPE_SINT64 FieldDescriptorProto_Type = 18 // Uses ZigZag encoding. +) + +// Enum value maps for FieldDescriptorProto_Type. +var ( + FieldDescriptorProto_Type_name = map[int32]string{ + 1: "TYPE_DOUBLE", + 2: "TYPE_FLOAT", + 3: "TYPE_INT64", + 4: "TYPE_UINT64", + 5: "TYPE_INT32", + 6: "TYPE_FIXED64", + 7: "TYPE_FIXED32", + 8: "TYPE_BOOL", + 9: "TYPE_STRING", + 10: "TYPE_GROUP", + 11: "TYPE_MESSAGE", + 12: "TYPE_BYTES", + 13: "TYPE_UINT32", + 14: "TYPE_ENUM", + 15: "TYPE_SFIXED32", + 16: "TYPE_SFIXED64", + 17: "TYPE_SINT32", + 18: "TYPE_SINT64", + } + FieldDescriptorProto_Type_value = map[string]int32{ + "TYPE_DOUBLE": 1, + "TYPE_FLOAT": 2, + "TYPE_INT64": 3, + "TYPE_UINT64": 4, + "TYPE_INT32": 5, + "TYPE_FIXED64": 6, + "TYPE_FIXED32": 7, + "TYPE_BOOL": 8, + "TYPE_STRING": 9, + "TYPE_GROUP": 10, + "TYPE_MESSAGE": 11, + "TYPE_BYTES": 12, + "TYPE_UINT32": 13, + "TYPE_ENUM": 14, + "TYPE_SFIXED32": 15, + "TYPE_SFIXED64": 16, + "TYPE_SINT32": 17, + "TYPE_SINT64": 18, + } +) + +func (x FieldDescriptorProto_Type) Enum() *FieldDescriptorProto_Type { + p := new(FieldDescriptorProto_Type) + *p = x + return p +} + +func (x FieldDescriptorProto_Type) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (FieldDescriptorProto_Type) Descriptor() protoreflect.EnumDescriptor { + return file_google_protobuf_descriptor_proto_enumTypes[0].Descriptor() +} + +func (FieldDescriptorProto_Type) Type() protoreflect.EnumType { + return &file_google_protobuf_descriptor_proto_enumTypes[0] +} + +func (x FieldDescriptorProto_Type) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Do not use. +func (x *FieldDescriptorProto_Type) UnmarshalJSON(b []byte) error { + num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b) + if err != nil { + return err + } + *x = FieldDescriptorProto_Type(num) + return nil +} + +// Deprecated: Use FieldDescriptorProto_Type.Descriptor instead. +func (FieldDescriptorProto_Type) EnumDescriptor() ([]byte, []int) { + return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{4, 0} +} + +type FieldDescriptorProto_Label int32 + +const ( + // 0 is reserved for errors + FieldDescriptorProto_LABEL_OPTIONAL FieldDescriptorProto_Label = 1 + FieldDescriptorProto_LABEL_REQUIRED FieldDescriptorProto_Label = 2 + FieldDescriptorProto_LABEL_REPEATED FieldDescriptorProto_Label = 3 +) + +// Enum value maps for FieldDescriptorProto_Label. +var ( + FieldDescriptorProto_Label_name = map[int32]string{ + 1: "LABEL_OPTIONAL", + 2: "LABEL_REQUIRED", + 3: "LABEL_REPEATED", + } + FieldDescriptorProto_Label_value = map[string]int32{ + "LABEL_OPTIONAL": 1, + "LABEL_REQUIRED": 2, + "LABEL_REPEATED": 3, + } +) + +func (x FieldDescriptorProto_Label) Enum() *FieldDescriptorProto_Label { + p := new(FieldDescriptorProto_Label) + *p = x + return p +} + +func (x FieldDescriptorProto_Label) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (FieldDescriptorProto_Label) Descriptor() protoreflect.EnumDescriptor { + return file_google_protobuf_descriptor_proto_enumTypes[1].Descriptor() +} + +func (FieldDescriptorProto_Label) Type() protoreflect.EnumType { + return &file_google_protobuf_descriptor_proto_enumTypes[1] +} + +func (x FieldDescriptorProto_Label) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Do not use. +func (x *FieldDescriptorProto_Label) UnmarshalJSON(b []byte) error { + num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b) + if err != nil { + return err + } + *x = FieldDescriptorProto_Label(num) + return nil +} + +// Deprecated: Use FieldDescriptorProto_Label.Descriptor instead. +func (FieldDescriptorProto_Label) EnumDescriptor() ([]byte, []int) { + return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{4, 1} +} + +// Generated classes can be optimized for speed or code size. +type FileOptions_OptimizeMode int32 + +const ( + FileOptions_SPEED FileOptions_OptimizeMode = 1 // Generate complete code for parsing, serialization, + // etc. + FileOptions_CODE_SIZE FileOptions_OptimizeMode = 2 // Use ReflectionOps to implement these methods. + FileOptions_LITE_RUNTIME FileOptions_OptimizeMode = 3 // Generate code using MessageLite and the lite runtime. +) + +// Enum value maps for FileOptions_OptimizeMode. +var ( + FileOptions_OptimizeMode_name = map[int32]string{ + 1: "SPEED", + 2: "CODE_SIZE", + 3: "LITE_RUNTIME", + } + FileOptions_OptimizeMode_value = map[string]int32{ + "SPEED": 1, + "CODE_SIZE": 2, + "LITE_RUNTIME": 3, + } +) + +func (x FileOptions_OptimizeMode) Enum() *FileOptions_OptimizeMode { + p := new(FileOptions_OptimizeMode) + *p = x + return p +} + +func (x FileOptions_OptimizeMode) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (FileOptions_OptimizeMode) Descriptor() protoreflect.EnumDescriptor { + return file_google_protobuf_descriptor_proto_enumTypes[2].Descriptor() +} + +func (FileOptions_OptimizeMode) Type() protoreflect.EnumType { + return &file_google_protobuf_descriptor_proto_enumTypes[2] +} + +func (x FileOptions_OptimizeMode) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Do not use. +func (x *FileOptions_OptimizeMode) UnmarshalJSON(b []byte) error { + num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b) + if err != nil { + return err + } + *x = FileOptions_OptimizeMode(num) + return nil +} + +// Deprecated: Use FileOptions_OptimizeMode.Descriptor instead. +func (FileOptions_OptimizeMode) EnumDescriptor() ([]byte, []int) { + return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{10, 0} +} + +type FieldOptions_CType int32 + +const ( + // Default mode. + FieldOptions_STRING FieldOptions_CType = 0 + FieldOptions_CORD FieldOptions_CType = 1 + FieldOptions_STRING_PIECE FieldOptions_CType = 2 +) + +// Enum value maps for FieldOptions_CType. +var ( + FieldOptions_CType_name = map[int32]string{ + 0: "STRING", + 1: "CORD", + 2: "STRING_PIECE", + } + FieldOptions_CType_value = map[string]int32{ + "STRING": 0, + "CORD": 1, + "STRING_PIECE": 2, + } +) + +func (x FieldOptions_CType) Enum() *FieldOptions_CType { + p := new(FieldOptions_CType) + *p = x + return p +} + +func (x FieldOptions_CType) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (FieldOptions_CType) Descriptor() protoreflect.EnumDescriptor { + return file_google_protobuf_descriptor_proto_enumTypes[3].Descriptor() +} + +func (FieldOptions_CType) Type() protoreflect.EnumType { + return &file_google_protobuf_descriptor_proto_enumTypes[3] +} + +func (x FieldOptions_CType) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Do not use. +func (x *FieldOptions_CType) UnmarshalJSON(b []byte) error { + num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b) + if err != nil { + return err + } + *x = FieldOptions_CType(num) + return nil +} + +// Deprecated: Use FieldOptions_CType.Descriptor instead. +func (FieldOptions_CType) EnumDescriptor() ([]byte, []int) { + return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{12, 0} +} + +type FieldOptions_JSType int32 + +const ( + // Use the default type. + FieldOptions_JS_NORMAL FieldOptions_JSType = 0 + // Use JavaScript strings. + FieldOptions_JS_STRING FieldOptions_JSType = 1 + // Use JavaScript numbers. + FieldOptions_JS_NUMBER FieldOptions_JSType = 2 +) + +// Enum value maps for FieldOptions_JSType. +var ( + FieldOptions_JSType_name = map[int32]string{ + 0: "JS_NORMAL", + 1: "JS_STRING", + 2: "JS_NUMBER", + } + FieldOptions_JSType_value = map[string]int32{ + "JS_NORMAL": 0, + "JS_STRING": 1, + "JS_NUMBER": 2, + } +) + +func (x FieldOptions_JSType) Enum() *FieldOptions_JSType { + p := new(FieldOptions_JSType) + *p = x + return p +} + +func (x FieldOptions_JSType) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (FieldOptions_JSType) Descriptor() protoreflect.EnumDescriptor { + return file_google_protobuf_descriptor_proto_enumTypes[4].Descriptor() +} + +func (FieldOptions_JSType) Type() protoreflect.EnumType { + return &file_google_protobuf_descriptor_proto_enumTypes[4] +} + +func (x FieldOptions_JSType) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Do not use. +func (x *FieldOptions_JSType) UnmarshalJSON(b []byte) error { + num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b) + if err != nil { + return err + } + *x = FieldOptions_JSType(num) + return nil +} + +// Deprecated: Use FieldOptions_JSType.Descriptor instead. +func (FieldOptions_JSType) EnumDescriptor() ([]byte, []int) { + return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{12, 1} +} + +// Is this method side-effect-free (or safe in HTTP parlance), or idempotent, +// or neither? HTTP based RPC implementation may choose GET verb for safe +// methods, and PUT verb for idempotent methods instead of the default POST. +type MethodOptions_IdempotencyLevel int32 + +const ( + MethodOptions_IDEMPOTENCY_UNKNOWN MethodOptions_IdempotencyLevel = 0 + MethodOptions_NO_SIDE_EFFECTS MethodOptions_IdempotencyLevel = 1 // implies idempotent + MethodOptions_IDEMPOTENT MethodOptions_IdempotencyLevel = 2 // idempotent, but may have side effects +) + +// Enum value maps for MethodOptions_IdempotencyLevel. +var ( + MethodOptions_IdempotencyLevel_name = map[int32]string{ + 0: "IDEMPOTENCY_UNKNOWN", + 1: "NO_SIDE_EFFECTS", + 2: "IDEMPOTENT", + } + MethodOptions_IdempotencyLevel_value = map[string]int32{ + "IDEMPOTENCY_UNKNOWN": 0, + "NO_SIDE_EFFECTS": 1, + "IDEMPOTENT": 2, + } +) + +func (x MethodOptions_IdempotencyLevel) Enum() *MethodOptions_IdempotencyLevel { + p := new(MethodOptions_IdempotencyLevel) + *p = x + return p +} + +func (x MethodOptions_IdempotencyLevel) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (MethodOptions_IdempotencyLevel) Descriptor() protoreflect.EnumDescriptor { + return file_google_protobuf_descriptor_proto_enumTypes[5].Descriptor() +} + +func (MethodOptions_IdempotencyLevel) Type() protoreflect.EnumType { + return &file_google_protobuf_descriptor_proto_enumTypes[5] +} + +func (x MethodOptions_IdempotencyLevel) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Do not use. +func (x *MethodOptions_IdempotencyLevel) UnmarshalJSON(b []byte) error { + num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b) + if err != nil { + return err + } + *x = MethodOptions_IdempotencyLevel(num) + return nil +} + +// Deprecated: Use MethodOptions_IdempotencyLevel.Descriptor instead. +func (MethodOptions_IdempotencyLevel) EnumDescriptor() ([]byte, []int) { + return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{17, 0} +} + +// The protocol compiler can output a FileDescriptorSet containing the .proto +// files it parses. +type FileDescriptorSet struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + File []*FileDescriptorProto `protobuf:"bytes,1,rep,name=file" json:"file,omitempty"` +} + +func (x *FileDescriptorSet) Reset() { + *x = FileDescriptorSet{} + if protoimpl.UnsafeEnabled { + mi := &file_google_protobuf_descriptor_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *FileDescriptorSet) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*FileDescriptorSet) ProtoMessage() {} + +func (x *FileDescriptorSet) ProtoReflect() protoreflect.Message { + mi := &file_google_protobuf_descriptor_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use FileDescriptorSet.ProtoReflect.Descriptor instead. +func (*FileDescriptorSet) Descriptor() ([]byte, []int) { + return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{0} +} + +func (x *FileDescriptorSet) GetFile() []*FileDescriptorProto { + if x != nil { + return x.File + } + return nil +} + +// Describes a complete .proto file. +type FileDescriptorProto struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Name *string `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"` // file name, relative to root of source tree + Package *string `protobuf:"bytes,2,opt,name=package" json:"package,omitempty"` // e.g. "foo", "foo.bar", etc. + // Names of files imported by this file. + Dependency []string `protobuf:"bytes,3,rep,name=dependency" json:"dependency,omitempty"` + // Indexes of the public imported files in the dependency list above. + PublicDependency []int32 `protobuf:"varint,10,rep,name=public_dependency,json=publicDependency" json:"public_dependency,omitempty"` + // Indexes of the weak imported files in the dependency list. + // For Google-internal migration only. Do not use. + WeakDependency []int32 `protobuf:"varint,11,rep,name=weak_dependency,json=weakDependency" json:"weak_dependency,omitempty"` + // All top-level definitions in this file. + MessageType []*DescriptorProto `protobuf:"bytes,4,rep,name=message_type,json=messageType" json:"message_type,omitempty"` + EnumType []*EnumDescriptorProto `protobuf:"bytes,5,rep,name=enum_type,json=enumType" json:"enum_type,omitempty"` + Service []*ServiceDescriptorProto `protobuf:"bytes,6,rep,name=service" json:"service,omitempty"` + Extension []*FieldDescriptorProto `protobuf:"bytes,7,rep,name=extension" json:"extension,omitempty"` + Options *FileOptions `protobuf:"bytes,8,opt,name=options" json:"options,omitempty"` + // This field contains optional information about the original source code. + // You may safely remove this entire field without harming runtime + // functionality of the descriptors -- the information is needed only by + // development tools. + SourceCodeInfo *SourceCodeInfo `protobuf:"bytes,9,opt,name=source_code_info,json=sourceCodeInfo" json:"source_code_info,omitempty"` + // The syntax of the proto file. + // The supported values are "proto2" and "proto3". + Syntax *string `protobuf:"bytes,12,opt,name=syntax" json:"syntax,omitempty"` +} + +func (x *FileDescriptorProto) Reset() { + *x = FileDescriptorProto{} + if protoimpl.UnsafeEnabled { + mi := &file_google_protobuf_descriptor_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *FileDescriptorProto) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*FileDescriptorProto) ProtoMessage() {} + +func (x *FileDescriptorProto) ProtoReflect() protoreflect.Message { + mi := &file_google_protobuf_descriptor_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use FileDescriptorProto.ProtoReflect.Descriptor instead. +func (*FileDescriptorProto) Descriptor() ([]byte, []int) { + return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{1} +} + +func (x *FileDescriptorProto) GetName() string { + if x != nil && x.Name != nil { + return *x.Name + } + return "" +} + +func (x *FileDescriptorProto) GetPackage() string { + if x != nil && x.Package != nil { + return *x.Package + } + return "" +} + +func (x *FileDescriptorProto) GetDependency() []string { + if x != nil { + return x.Dependency + } + return nil +} + +func (x *FileDescriptorProto) GetPublicDependency() []int32 { + if x != nil { + return x.PublicDependency + } + return nil +} + +func (x *FileDescriptorProto) GetWeakDependency() []int32 { + if x != nil { + return x.WeakDependency + } + return nil +} + +func (x *FileDescriptorProto) GetMessageType() []*DescriptorProto { + if x != nil { + return x.MessageType + } + return nil +} + +func (x *FileDescriptorProto) GetEnumType() []*EnumDescriptorProto { + if x != nil { + return x.EnumType + } + return nil +} + +func (x *FileDescriptorProto) GetService() []*ServiceDescriptorProto { + if x != nil { + return x.Service + } + return nil +} + +func (x *FileDescriptorProto) GetExtension() []*FieldDescriptorProto { + if x != nil { + return x.Extension + } + return nil +} + +func (x *FileDescriptorProto) GetOptions() *FileOptions { + if x != nil { + return x.Options + } + return nil +} + +func (x *FileDescriptorProto) GetSourceCodeInfo() *SourceCodeInfo { + if x != nil { + return x.SourceCodeInfo + } + return nil +} + +func (x *FileDescriptorProto) GetSyntax() string { + if x != nil && x.Syntax != nil { + return *x.Syntax + } + return "" +} + +// Describes a message type. +type DescriptorProto struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Name *string `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"` + Field []*FieldDescriptorProto `protobuf:"bytes,2,rep,name=field" json:"field,omitempty"` + Extension []*FieldDescriptorProto `protobuf:"bytes,6,rep,name=extension" json:"extension,omitempty"` + NestedType []*DescriptorProto `protobuf:"bytes,3,rep,name=nested_type,json=nestedType" json:"nested_type,omitempty"` + EnumType []*EnumDescriptorProto `protobuf:"bytes,4,rep,name=enum_type,json=enumType" json:"enum_type,omitempty"` + ExtensionRange []*DescriptorProto_ExtensionRange `protobuf:"bytes,5,rep,name=extension_range,json=extensionRange" json:"extension_range,omitempty"` + OneofDecl []*OneofDescriptorProto `protobuf:"bytes,8,rep,name=oneof_decl,json=oneofDecl" json:"oneof_decl,omitempty"` + Options *MessageOptions `protobuf:"bytes,7,opt,name=options" json:"options,omitempty"` + ReservedRange []*DescriptorProto_ReservedRange `protobuf:"bytes,9,rep,name=reserved_range,json=reservedRange" json:"reserved_range,omitempty"` + // Reserved field names, which may not be used by fields in the same message. + // A given name may only be reserved once. + ReservedName []string `protobuf:"bytes,10,rep,name=reserved_name,json=reservedName" json:"reserved_name,omitempty"` +} + +func (x *DescriptorProto) Reset() { + *x = DescriptorProto{} + if protoimpl.UnsafeEnabled { + mi := &file_google_protobuf_descriptor_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *DescriptorProto) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*DescriptorProto) ProtoMessage() {} + +func (x *DescriptorProto) ProtoReflect() protoreflect.Message { + mi := &file_google_protobuf_descriptor_proto_msgTypes[2] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use DescriptorProto.ProtoReflect.Descriptor instead. +func (*DescriptorProto) Descriptor() ([]byte, []int) { + return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{2} +} + +func (x *DescriptorProto) GetName() string { + if x != nil && x.Name != nil { + return *x.Name + } + return "" +} + +func (x *DescriptorProto) GetField() []*FieldDescriptorProto { + if x != nil { + return x.Field + } + return nil +} + +func (x *DescriptorProto) GetExtension() []*FieldDescriptorProto { + if x != nil { + return x.Extension + } + return nil +} + +func (x *DescriptorProto) GetNestedType() []*DescriptorProto { + if x != nil { + return x.NestedType + } + return nil +} + +func (x *DescriptorProto) GetEnumType() []*EnumDescriptorProto { + if x != nil { + return x.EnumType + } + return nil +} + +func (x *DescriptorProto) GetExtensionRange() []*DescriptorProto_ExtensionRange { + if x != nil { + return x.ExtensionRange + } + return nil +} + +func (x *DescriptorProto) GetOneofDecl() []*OneofDescriptorProto { + if x != nil { + return x.OneofDecl + } + return nil +} + +func (x *DescriptorProto) GetOptions() *MessageOptions { + if x != nil { + return x.Options + } + return nil +} + +func (x *DescriptorProto) GetReservedRange() []*DescriptorProto_ReservedRange { + if x != nil { + return x.ReservedRange + } + return nil +} + +func (x *DescriptorProto) GetReservedName() []string { + if x != nil { + return x.ReservedName + } + return nil +} + +type ExtensionRangeOptions struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + extensionFields protoimpl.ExtensionFields + + // The parser stores options it doesn't recognize here. See above. + UninterpretedOption []*UninterpretedOption `protobuf:"bytes,999,rep,name=uninterpreted_option,json=uninterpretedOption" json:"uninterpreted_option,omitempty"` +} + +func (x *ExtensionRangeOptions) Reset() { + *x = ExtensionRangeOptions{} + if protoimpl.UnsafeEnabled { + mi := &file_google_protobuf_descriptor_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ExtensionRangeOptions) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ExtensionRangeOptions) ProtoMessage() {} + +func (x *ExtensionRangeOptions) ProtoReflect() protoreflect.Message { + mi := &file_google_protobuf_descriptor_proto_msgTypes[3] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ExtensionRangeOptions.ProtoReflect.Descriptor instead. +func (*ExtensionRangeOptions) Descriptor() ([]byte, []int) { + return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{3} +} + +func (x *ExtensionRangeOptions) GetUninterpretedOption() []*UninterpretedOption { + if x != nil { + return x.UninterpretedOption + } + return nil +} + +// Describes a field within a message. +type FieldDescriptorProto struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Name *string `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"` + Number *int32 `protobuf:"varint,3,opt,name=number" json:"number,omitempty"` + Label *FieldDescriptorProto_Label `protobuf:"varint,4,opt,name=label,enum=google.protobuf.FieldDescriptorProto_Label" json:"label,omitempty"` + // If type_name is set, this need not be set. If both this and type_name + // are set, this must be one of TYPE_ENUM, TYPE_MESSAGE or TYPE_GROUP. + Type *FieldDescriptorProto_Type `protobuf:"varint,5,opt,name=type,enum=google.protobuf.FieldDescriptorProto_Type" json:"type,omitempty"` + // For message and enum types, this is the name of the type. If the name + // starts with a '.', it is fully-qualified. Otherwise, C++-like scoping + // rules are used to find the type (i.e. first the nested types within this + // message are searched, then within the parent, on up to the root + // namespace). + TypeName *string `protobuf:"bytes,6,opt,name=type_name,json=typeName" json:"type_name,omitempty"` + // For extensions, this is the name of the type being extended. It is + // resolved in the same manner as type_name. + Extendee *string `protobuf:"bytes,2,opt,name=extendee" json:"extendee,omitempty"` + // For numeric types, contains the original text representation of the value. + // For booleans, "true" or "false". + // For strings, contains the default text contents (not escaped in any way). + // For bytes, contains the C escaped value. All bytes >= 128 are escaped. + // TODO(kenton): Base-64 encode? + DefaultValue *string `protobuf:"bytes,7,opt,name=default_value,json=defaultValue" json:"default_value,omitempty"` + // If set, gives the index of a oneof in the containing type's oneof_decl + // list. This field is a member of that oneof. + OneofIndex *int32 `protobuf:"varint,9,opt,name=oneof_index,json=oneofIndex" json:"oneof_index,omitempty"` + // JSON name of this field. The value is set by protocol compiler. If the + // user has set a "json_name" option on this field, that option's value + // will be used. Otherwise, it's deduced from the field's name by converting + // it to camelCase. + JsonName *string `protobuf:"bytes,10,opt,name=json_name,json=jsonName" json:"json_name,omitempty"` + Options *FieldOptions `protobuf:"bytes,8,opt,name=options" json:"options,omitempty"` + // If true, this is a proto3 "optional". When a proto3 field is optional, it + // tracks presence regardless of field type. + // + // When proto3_optional is true, this field must be belong to a oneof to + // signal to old proto3 clients that presence is tracked for this field. This + // oneof is known as a "synthetic" oneof, and this field must be its sole + // member (each proto3 optional field gets its own synthetic oneof). Synthetic + // oneofs exist in the descriptor only, and do not generate any API. Synthetic + // oneofs must be ordered after all "real" oneofs. + // + // For message fields, proto3_optional doesn't create any semantic change, + // since non-repeated message fields always track presence. However it still + // indicates the semantic detail of whether the user wrote "optional" or not. + // This can be useful for round-tripping the .proto file. For consistency we + // give message fields a synthetic oneof also, even though it is not required + // to track presence. This is especially important because the parser can't + // tell if a field is a message or an enum, so it must always create a + // synthetic oneof. + // + // Proto2 optional fields do not set this flag, because they already indicate + // optional with `LABEL_OPTIONAL`. + Proto3Optional *bool `protobuf:"varint,17,opt,name=proto3_optional,json=proto3Optional" json:"proto3_optional,omitempty"` +} + +func (x *FieldDescriptorProto) Reset() { + *x = FieldDescriptorProto{} + if protoimpl.UnsafeEnabled { + mi := &file_google_protobuf_descriptor_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *FieldDescriptorProto) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*FieldDescriptorProto) ProtoMessage() {} + +func (x *FieldDescriptorProto) ProtoReflect() protoreflect.Message { + mi := &file_google_protobuf_descriptor_proto_msgTypes[4] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use FieldDescriptorProto.ProtoReflect.Descriptor instead. +func (*FieldDescriptorProto) Descriptor() ([]byte, []int) { + return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{4} +} + +func (x *FieldDescriptorProto) GetName() string { + if x != nil && x.Name != nil { + return *x.Name + } + return "" +} + +func (x *FieldDescriptorProto) GetNumber() int32 { + if x != nil && x.Number != nil { + return *x.Number + } + return 0 +} + +func (x *FieldDescriptorProto) GetLabel() FieldDescriptorProto_Label { + if x != nil && x.Label != nil { + return *x.Label + } + return FieldDescriptorProto_LABEL_OPTIONAL +} + +func (x *FieldDescriptorProto) GetType() FieldDescriptorProto_Type { + if x != nil && x.Type != nil { + return *x.Type + } + return FieldDescriptorProto_TYPE_DOUBLE +} + +func (x *FieldDescriptorProto) GetTypeName() string { + if x != nil && x.TypeName != nil { + return *x.TypeName + } + return "" +} + +func (x *FieldDescriptorProto) GetExtendee() string { + if x != nil && x.Extendee != nil { + return *x.Extendee + } + return "" +} + +func (x *FieldDescriptorProto) GetDefaultValue() string { + if x != nil && x.DefaultValue != nil { + return *x.DefaultValue + } + return "" +} + +func (x *FieldDescriptorProto) GetOneofIndex() int32 { + if x != nil && x.OneofIndex != nil { + return *x.OneofIndex + } + return 0 +} + +func (x *FieldDescriptorProto) GetJsonName() string { + if x != nil && x.JsonName != nil { + return *x.JsonName + } + return "" +} + +func (x *FieldDescriptorProto) GetOptions() *FieldOptions { + if x != nil { + return x.Options + } + return nil +} + +func (x *FieldDescriptorProto) GetProto3Optional() bool { + if x != nil && x.Proto3Optional != nil { + return *x.Proto3Optional + } + return false +} + +// Describes a oneof. +type OneofDescriptorProto struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Name *string `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"` + Options *OneofOptions `protobuf:"bytes,2,opt,name=options" json:"options,omitempty"` +} + +func (x *OneofDescriptorProto) Reset() { + *x = OneofDescriptorProto{} + if protoimpl.UnsafeEnabled { + mi := &file_google_protobuf_descriptor_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *OneofDescriptorProto) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*OneofDescriptorProto) ProtoMessage() {} + +func (x *OneofDescriptorProto) ProtoReflect() protoreflect.Message { + mi := &file_google_protobuf_descriptor_proto_msgTypes[5] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use OneofDescriptorProto.ProtoReflect.Descriptor instead. +func (*OneofDescriptorProto) Descriptor() ([]byte, []int) { + return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{5} +} + +func (x *OneofDescriptorProto) GetName() string { + if x != nil && x.Name != nil { + return *x.Name + } + return "" +} + +func (x *OneofDescriptorProto) GetOptions() *OneofOptions { + if x != nil { + return x.Options + } + return nil +} + +// Describes an enum type. +type EnumDescriptorProto struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Name *string `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"` + Value []*EnumValueDescriptorProto `protobuf:"bytes,2,rep,name=value" json:"value,omitempty"` + Options *EnumOptions `protobuf:"bytes,3,opt,name=options" json:"options,omitempty"` + // Range of reserved numeric values. Reserved numeric values may not be used + // by enum values in the same enum declaration. Reserved ranges may not + // overlap. + ReservedRange []*EnumDescriptorProto_EnumReservedRange `protobuf:"bytes,4,rep,name=reserved_range,json=reservedRange" json:"reserved_range,omitempty"` + // Reserved enum value names, which may not be reused. A given name may only + // be reserved once. + ReservedName []string `protobuf:"bytes,5,rep,name=reserved_name,json=reservedName" json:"reserved_name,omitempty"` +} + +func (x *EnumDescriptorProto) Reset() { + *x = EnumDescriptorProto{} + if protoimpl.UnsafeEnabled { + mi := &file_google_protobuf_descriptor_proto_msgTypes[6] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *EnumDescriptorProto) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*EnumDescriptorProto) ProtoMessage() {} + +func (x *EnumDescriptorProto) ProtoReflect() protoreflect.Message { + mi := &file_google_protobuf_descriptor_proto_msgTypes[6] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use EnumDescriptorProto.ProtoReflect.Descriptor instead. +func (*EnumDescriptorProto) Descriptor() ([]byte, []int) { + return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{6} +} + +func (x *EnumDescriptorProto) GetName() string { + if x != nil && x.Name != nil { + return *x.Name + } + return "" +} + +func (x *EnumDescriptorProto) GetValue() []*EnumValueDescriptorProto { + if x != nil { + return x.Value + } + return nil +} + +func (x *EnumDescriptorProto) GetOptions() *EnumOptions { + if x != nil { + return x.Options + } + return nil +} + +func (x *EnumDescriptorProto) GetReservedRange() []*EnumDescriptorProto_EnumReservedRange { + if x != nil { + return x.ReservedRange + } + return nil +} + +func (x *EnumDescriptorProto) GetReservedName() []string { + if x != nil { + return x.ReservedName + } + return nil +} + +// Describes a value within an enum. +type EnumValueDescriptorProto struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Name *string `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"` + Number *int32 `protobuf:"varint,2,opt,name=number" json:"number,omitempty"` + Options *EnumValueOptions `protobuf:"bytes,3,opt,name=options" json:"options,omitempty"` +} + +func (x *EnumValueDescriptorProto) Reset() { + *x = EnumValueDescriptorProto{} + if protoimpl.UnsafeEnabled { + mi := &file_google_protobuf_descriptor_proto_msgTypes[7] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *EnumValueDescriptorProto) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*EnumValueDescriptorProto) ProtoMessage() {} + +func (x *EnumValueDescriptorProto) ProtoReflect() protoreflect.Message { + mi := &file_google_protobuf_descriptor_proto_msgTypes[7] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use EnumValueDescriptorProto.ProtoReflect.Descriptor instead. +func (*EnumValueDescriptorProto) Descriptor() ([]byte, []int) { + return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{7} +} + +func (x *EnumValueDescriptorProto) GetName() string { + if x != nil && x.Name != nil { + return *x.Name + } + return "" +} + +func (x *EnumValueDescriptorProto) GetNumber() int32 { + if x != nil && x.Number != nil { + return *x.Number + } + return 0 +} + +func (x *EnumValueDescriptorProto) GetOptions() *EnumValueOptions { + if x != nil { + return x.Options + } + return nil +} + +// Describes a service. +type ServiceDescriptorProto struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Name *string `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"` + Method []*MethodDescriptorProto `protobuf:"bytes,2,rep,name=method" json:"method,omitempty"` + Options *ServiceOptions `protobuf:"bytes,3,opt,name=options" json:"options,omitempty"` +} + +func (x *ServiceDescriptorProto) Reset() { + *x = ServiceDescriptorProto{} + if protoimpl.UnsafeEnabled { + mi := &file_google_protobuf_descriptor_proto_msgTypes[8] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ServiceDescriptorProto) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ServiceDescriptorProto) ProtoMessage() {} + +func (x *ServiceDescriptorProto) ProtoReflect() protoreflect.Message { + mi := &file_google_protobuf_descriptor_proto_msgTypes[8] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ServiceDescriptorProto.ProtoReflect.Descriptor instead. +func (*ServiceDescriptorProto) Descriptor() ([]byte, []int) { + return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{8} +} + +func (x *ServiceDescriptorProto) GetName() string { + if x != nil && x.Name != nil { + return *x.Name + } + return "" +} + +func (x *ServiceDescriptorProto) GetMethod() []*MethodDescriptorProto { + if x != nil { + return x.Method + } + return nil +} + +func (x *ServiceDescriptorProto) GetOptions() *ServiceOptions { + if x != nil { + return x.Options + } + return nil +} + +// Describes a method of a service. +type MethodDescriptorProto struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Name *string `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"` + // Input and output type names. These are resolved in the same way as + // FieldDescriptorProto.type_name, but must refer to a message type. + InputType *string `protobuf:"bytes,2,opt,name=input_type,json=inputType" json:"input_type,omitempty"` + OutputType *string `protobuf:"bytes,3,opt,name=output_type,json=outputType" json:"output_type,omitempty"` + Options *MethodOptions `protobuf:"bytes,4,opt,name=options" json:"options,omitempty"` + // Identifies if client streams multiple client messages + ClientStreaming *bool `protobuf:"varint,5,opt,name=client_streaming,json=clientStreaming,def=0" json:"client_streaming,omitempty"` + // Identifies if server streams multiple server messages + ServerStreaming *bool `protobuf:"varint,6,opt,name=server_streaming,json=serverStreaming,def=0" json:"server_streaming,omitempty"` +} + +// Default values for MethodDescriptorProto fields. +const ( + Default_MethodDescriptorProto_ClientStreaming = bool(false) + Default_MethodDescriptorProto_ServerStreaming = bool(false) +) + +func (x *MethodDescriptorProto) Reset() { + *x = MethodDescriptorProto{} + if protoimpl.UnsafeEnabled { + mi := &file_google_protobuf_descriptor_proto_msgTypes[9] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *MethodDescriptorProto) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*MethodDescriptorProto) ProtoMessage() {} + +func (x *MethodDescriptorProto) ProtoReflect() protoreflect.Message { + mi := &file_google_protobuf_descriptor_proto_msgTypes[9] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use MethodDescriptorProto.ProtoReflect.Descriptor instead. +func (*MethodDescriptorProto) Descriptor() ([]byte, []int) { + return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{9} +} + +func (x *MethodDescriptorProto) GetName() string { + if x != nil && x.Name != nil { + return *x.Name + } + return "" +} + +func (x *MethodDescriptorProto) GetInputType() string { + if x != nil && x.InputType != nil { + return *x.InputType + } + return "" +} + +func (x *MethodDescriptorProto) GetOutputType() string { + if x != nil && x.OutputType != nil { + return *x.OutputType + } + return "" +} + +func (x *MethodDescriptorProto) GetOptions() *MethodOptions { + if x != nil { + return x.Options + } + return nil +} + +func (x *MethodDescriptorProto) GetClientStreaming() bool { + if x != nil && x.ClientStreaming != nil { + return *x.ClientStreaming + } + return Default_MethodDescriptorProto_ClientStreaming +} + +func (x *MethodDescriptorProto) GetServerStreaming() bool { + if x != nil && x.ServerStreaming != nil { + return *x.ServerStreaming + } + return Default_MethodDescriptorProto_ServerStreaming +} + +type FileOptions struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + extensionFields protoimpl.ExtensionFields + + // Sets the Java package where classes generated from this .proto will be + // placed. By default, the proto package is used, but this is often + // inappropriate because proto packages do not normally start with backwards + // domain names. + JavaPackage *string `protobuf:"bytes,1,opt,name=java_package,json=javaPackage" json:"java_package,omitempty"` + // If set, all the classes from the .proto file are wrapped in a single + // outer class with the given name. This applies to both Proto1 + // (equivalent to the old "--one_java_file" option) and Proto2 (where + // a .proto always translates to a single class, but you may want to + // explicitly choose the class name). + JavaOuterClassname *string `protobuf:"bytes,8,opt,name=java_outer_classname,json=javaOuterClassname" json:"java_outer_classname,omitempty"` + // If set true, then the Java code generator will generate a separate .java + // file for each top-level message, enum, and service defined in the .proto + // file. Thus, these types will *not* be nested inside the outer class + // named by java_outer_classname. However, the outer class will still be + // generated to contain the file's getDescriptor() method as well as any + // top-level extensions defined in the file. + JavaMultipleFiles *bool `protobuf:"varint,10,opt,name=java_multiple_files,json=javaMultipleFiles,def=0" json:"java_multiple_files,omitempty"` + // This option does nothing. + // + // Deprecated: Do not use. + JavaGenerateEqualsAndHash *bool `protobuf:"varint,20,opt,name=java_generate_equals_and_hash,json=javaGenerateEqualsAndHash" json:"java_generate_equals_and_hash,omitempty"` + // If set true, then the Java2 code generator will generate code that + // throws an exception whenever an attempt is made to assign a non-UTF-8 + // byte sequence to a string field. + // Message reflection will do the same. + // However, an extension field still accepts non-UTF-8 byte sequences. + // This option has no effect on when used with the lite runtime. + JavaStringCheckUtf8 *bool `protobuf:"varint,27,opt,name=java_string_check_utf8,json=javaStringCheckUtf8,def=0" json:"java_string_check_utf8,omitempty"` + OptimizeFor *FileOptions_OptimizeMode `protobuf:"varint,9,opt,name=optimize_for,json=optimizeFor,enum=google.protobuf.FileOptions_OptimizeMode,def=1" json:"optimize_for,omitempty"` + // Sets the Go package where structs generated from this .proto will be + // placed. If omitted, the Go package will be derived from the following: + // - The basename of the package import path, if provided. + // - Otherwise, the package statement in the .proto file, if present. + // - Otherwise, the basename of the .proto file, without extension. + GoPackage *string `protobuf:"bytes,11,opt,name=go_package,json=goPackage" json:"go_package,omitempty"` + // Should generic services be generated in each language? "Generic" services + // are not specific to any particular RPC system. They are generated by the + // main code generators in each language (without additional plugins). + // Generic services were the only kind of service generation supported by + // early versions of google.protobuf. + // + // Generic services are now considered deprecated in favor of using plugins + // that generate code specific to your particular RPC system. Therefore, + // these default to false. Old code which depends on generic services should + // explicitly set them to true. + CcGenericServices *bool `protobuf:"varint,16,opt,name=cc_generic_services,json=ccGenericServices,def=0" json:"cc_generic_services,omitempty"` + JavaGenericServices *bool `protobuf:"varint,17,opt,name=java_generic_services,json=javaGenericServices,def=0" json:"java_generic_services,omitempty"` + PyGenericServices *bool `protobuf:"varint,18,opt,name=py_generic_services,json=pyGenericServices,def=0" json:"py_generic_services,omitempty"` + PhpGenericServices *bool `protobuf:"varint,42,opt,name=php_generic_services,json=phpGenericServices,def=0" json:"php_generic_services,omitempty"` + // Is this file deprecated? + // Depending on the target platform, this can emit Deprecated annotations + // for everything in the file, or it will be completely ignored; in the very + // least, this is a formalization for deprecating files. + Deprecated *bool `protobuf:"varint,23,opt,name=deprecated,def=0" json:"deprecated,omitempty"` + // Enables the use of arenas for the proto messages in this file. This applies + // only to generated classes for C++. + CcEnableArenas *bool `protobuf:"varint,31,opt,name=cc_enable_arenas,json=ccEnableArenas,def=1" json:"cc_enable_arenas,omitempty"` + // Sets the objective c class prefix which is prepended to all objective c + // generated classes from this .proto. There is no default. + ObjcClassPrefix *string `protobuf:"bytes,36,opt,name=objc_class_prefix,json=objcClassPrefix" json:"objc_class_prefix,omitempty"` + // Namespace for generated classes; defaults to the package. + CsharpNamespace *string `protobuf:"bytes,37,opt,name=csharp_namespace,json=csharpNamespace" json:"csharp_namespace,omitempty"` + // By default Swift generators will take the proto package and CamelCase it + // replacing '.' with underscore and use that to prefix the types/symbols + // defined. When this options is provided, they will use this value instead + // to prefix the types/symbols defined. + SwiftPrefix *string `protobuf:"bytes,39,opt,name=swift_prefix,json=swiftPrefix" json:"swift_prefix,omitempty"` + // Sets the php class prefix which is prepended to all php generated classes + // from this .proto. Default is empty. + PhpClassPrefix *string `protobuf:"bytes,40,opt,name=php_class_prefix,json=phpClassPrefix" json:"php_class_prefix,omitempty"` + // Use this option to change the namespace of php generated classes. Default + // is empty. When this option is empty, the package name will be used for + // determining the namespace. + PhpNamespace *string `protobuf:"bytes,41,opt,name=php_namespace,json=phpNamespace" json:"php_namespace,omitempty"` + // Use this option to change the namespace of php generated metadata classes. + // Default is empty. When this option is empty, the proto file name will be + // used for determining the namespace. + PhpMetadataNamespace *string `protobuf:"bytes,44,opt,name=php_metadata_namespace,json=phpMetadataNamespace" json:"php_metadata_namespace,omitempty"` + // Use this option to change the package of ruby generated classes. Default + // is empty. When this option is not set, the package name will be used for + // determining the ruby package. + RubyPackage *string `protobuf:"bytes,45,opt,name=ruby_package,json=rubyPackage" json:"ruby_package,omitempty"` + // The parser stores options it doesn't recognize here. + // See the documentation for the "Options" section above. + UninterpretedOption []*UninterpretedOption `protobuf:"bytes,999,rep,name=uninterpreted_option,json=uninterpretedOption" json:"uninterpreted_option,omitempty"` +} + +// Default values for FileOptions fields. +const ( + Default_FileOptions_JavaMultipleFiles = bool(false) + Default_FileOptions_JavaStringCheckUtf8 = bool(false) + Default_FileOptions_OptimizeFor = FileOptions_SPEED + Default_FileOptions_CcGenericServices = bool(false) + Default_FileOptions_JavaGenericServices = bool(false) + Default_FileOptions_PyGenericServices = bool(false) + Default_FileOptions_PhpGenericServices = bool(false) + Default_FileOptions_Deprecated = bool(false) + Default_FileOptions_CcEnableArenas = bool(true) +) + +func (x *FileOptions) Reset() { + *x = FileOptions{} + if protoimpl.UnsafeEnabled { + mi := &file_google_protobuf_descriptor_proto_msgTypes[10] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *FileOptions) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*FileOptions) ProtoMessage() {} + +func (x *FileOptions) ProtoReflect() protoreflect.Message { + mi := &file_google_protobuf_descriptor_proto_msgTypes[10] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use FileOptions.ProtoReflect.Descriptor instead. +func (*FileOptions) Descriptor() ([]byte, []int) { + return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{10} +} + +func (x *FileOptions) GetJavaPackage() string { + if x != nil && x.JavaPackage != nil { + return *x.JavaPackage + } + return "" +} + +func (x *FileOptions) GetJavaOuterClassname() string { + if x != nil && x.JavaOuterClassname != nil { + return *x.JavaOuterClassname + } + return "" +} + +func (x *FileOptions) GetJavaMultipleFiles() bool { + if x != nil && x.JavaMultipleFiles != nil { + return *x.JavaMultipleFiles + } + return Default_FileOptions_JavaMultipleFiles +} + +// Deprecated: Do not use. +func (x *FileOptions) GetJavaGenerateEqualsAndHash() bool { + if x != nil && x.JavaGenerateEqualsAndHash != nil { + return *x.JavaGenerateEqualsAndHash + } + return false +} + +func (x *FileOptions) GetJavaStringCheckUtf8() bool { + if x != nil && x.JavaStringCheckUtf8 != nil { + return *x.JavaStringCheckUtf8 + } + return Default_FileOptions_JavaStringCheckUtf8 +} + +func (x *FileOptions) GetOptimizeFor() FileOptions_OptimizeMode { + if x != nil && x.OptimizeFor != nil { + return *x.OptimizeFor + } + return Default_FileOptions_OptimizeFor +} + +func (x *FileOptions) GetGoPackage() string { + if x != nil && x.GoPackage != nil { + return *x.GoPackage + } + return "" +} + +func (x *FileOptions) GetCcGenericServices() bool { + if x != nil && x.CcGenericServices != nil { + return *x.CcGenericServices + } + return Default_FileOptions_CcGenericServices +} + +func (x *FileOptions) GetJavaGenericServices() bool { + if x != nil && x.JavaGenericServices != nil { + return *x.JavaGenericServices + } + return Default_FileOptions_JavaGenericServices +} + +func (x *FileOptions) GetPyGenericServices() bool { + if x != nil && x.PyGenericServices != nil { + return *x.PyGenericServices + } + return Default_FileOptions_PyGenericServices +} + +func (x *FileOptions) GetPhpGenericServices() bool { + if x != nil && x.PhpGenericServices != nil { + return *x.PhpGenericServices + } + return Default_FileOptions_PhpGenericServices +} + +func (x *FileOptions) GetDeprecated() bool { + if x != nil && x.Deprecated != nil { + return *x.Deprecated + } + return Default_FileOptions_Deprecated +} + +func (x *FileOptions) GetCcEnableArenas() bool { + if x != nil && x.CcEnableArenas != nil { + return *x.CcEnableArenas + } + return Default_FileOptions_CcEnableArenas +} + +func (x *FileOptions) GetObjcClassPrefix() string { + if x != nil && x.ObjcClassPrefix != nil { + return *x.ObjcClassPrefix + } + return "" +} + +func (x *FileOptions) GetCsharpNamespace() string { + if x != nil && x.CsharpNamespace != nil { + return *x.CsharpNamespace + } + return "" +} + +func (x *FileOptions) GetSwiftPrefix() string { + if x != nil && x.SwiftPrefix != nil { + return *x.SwiftPrefix + } + return "" +} + +func (x *FileOptions) GetPhpClassPrefix() string { + if x != nil && x.PhpClassPrefix != nil { + return *x.PhpClassPrefix + } + return "" +} + +func (x *FileOptions) GetPhpNamespace() string { + if x != nil && x.PhpNamespace != nil { + return *x.PhpNamespace + } + return "" +} + +func (x *FileOptions) GetPhpMetadataNamespace() string { + if x != nil && x.PhpMetadataNamespace != nil { + return *x.PhpMetadataNamespace + } + return "" +} + +func (x *FileOptions) GetRubyPackage() string { + if x != nil && x.RubyPackage != nil { + return *x.RubyPackage + } + return "" +} + +func (x *FileOptions) GetUninterpretedOption() []*UninterpretedOption { + if x != nil { + return x.UninterpretedOption + } + return nil +} + +type MessageOptions struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + extensionFields protoimpl.ExtensionFields + + // Set true to use the old proto1 MessageSet wire format for extensions. + // This is provided for backwards-compatibility with the MessageSet wire + // format. You should not use this for any other reason: It's less + // efficient, has fewer features, and is more complicated. + // + // The message must be defined exactly as follows: + // message Foo { + // option message_set_wire_format = true; + // extensions 4 to max; + // } + // Note that the message cannot have any defined fields; MessageSets only + // have extensions. + // + // All extensions of your type must be singular messages; e.g. they cannot + // be int32s, enums, or repeated messages. + // + // Because this is an option, the above two restrictions are not enforced by + // the protocol compiler. + MessageSetWireFormat *bool `protobuf:"varint,1,opt,name=message_set_wire_format,json=messageSetWireFormat,def=0" json:"message_set_wire_format,omitempty"` + // Disables the generation of the standard "descriptor()" accessor, which can + // conflict with a field of the same name. This is meant to make migration + // from proto1 easier; new code should avoid fields named "descriptor". + NoStandardDescriptorAccessor *bool `protobuf:"varint,2,opt,name=no_standard_descriptor_accessor,json=noStandardDescriptorAccessor,def=0" json:"no_standard_descriptor_accessor,omitempty"` + // Is this message deprecated? + // Depending on the target platform, this can emit Deprecated annotations + // for the message, or it will be completely ignored; in the very least, + // this is a formalization for deprecating messages. + Deprecated *bool `protobuf:"varint,3,opt,name=deprecated,def=0" json:"deprecated,omitempty"` + // Whether the message is an automatically generated map entry type for the + // maps field. + // + // For maps fields: + // map map_field = 1; + // The parsed descriptor looks like: + // message MapFieldEntry { + // option map_entry = true; + // optional KeyType key = 1; + // optional ValueType value = 2; + // } + // repeated MapFieldEntry map_field = 1; + // + // Implementations may choose not to generate the map_entry=true message, but + // use a native map in the target language to hold the keys and values. + // The reflection APIs in such implementations still need to work as + // if the field is a repeated message field. + // + // NOTE: Do not set the option in .proto files. Always use the maps syntax + // instead. The option should only be implicitly set by the proto compiler + // parser. + MapEntry *bool `protobuf:"varint,7,opt,name=map_entry,json=mapEntry" json:"map_entry,omitempty"` + // The parser stores options it doesn't recognize here. See above. + UninterpretedOption []*UninterpretedOption `protobuf:"bytes,999,rep,name=uninterpreted_option,json=uninterpretedOption" json:"uninterpreted_option,omitempty"` +} + +// Default values for MessageOptions fields. +const ( + Default_MessageOptions_MessageSetWireFormat = bool(false) + Default_MessageOptions_NoStandardDescriptorAccessor = bool(false) + Default_MessageOptions_Deprecated = bool(false) +) + +func (x *MessageOptions) Reset() { + *x = MessageOptions{} + if protoimpl.UnsafeEnabled { + mi := &file_google_protobuf_descriptor_proto_msgTypes[11] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *MessageOptions) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*MessageOptions) ProtoMessage() {} + +func (x *MessageOptions) ProtoReflect() protoreflect.Message { + mi := &file_google_protobuf_descriptor_proto_msgTypes[11] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use MessageOptions.ProtoReflect.Descriptor instead. +func (*MessageOptions) Descriptor() ([]byte, []int) { + return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{11} +} + +func (x *MessageOptions) GetMessageSetWireFormat() bool { + if x != nil && x.MessageSetWireFormat != nil { + return *x.MessageSetWireFormat + } + return Default_MessageOptions_MessageSetWireFormat +} + +func (x *MessageOptions) GetNoStandardDescriptorAccessor() bool { + if x != nil && x.NoStandardDescriptorAccessor != nil { + return *x.NoStandardDescriptorAccessor + } + return Default_MessageOptions_NoStandardDescriptorAccessor +} + +func (x *MessageOptions) GetDeprecated() bool { + if x != nil && x.Deprecated != nil { + return *x.Deprecated + } + return Default_MessageOptions_Deprecated +} + +func (x *MessageOptions) GetMapEntry() bool { + if x != nil && x.MapEntry != nil { + return *x.MapEntry + } + return false +} + +func (x *MessageOptions) GetUninterpretedOption() []*UninterpretedOption { + if x != nil { + return x.UninterpretedOption + } + return nil +} + +type FieldOptions struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + extensionFields protoimpl.ExtensionFields + + // The ctype option instructs the C++ code generator to use a different + // representation of the field than it normally would. See the specific + // options below. This option is not yet implemented in the open source + // release -- sorry, we'll try to include it in a future version! + Ctype *FieldOptions_CType `protobuf:"varint,1,opt,name=ctype,enum=google.protobuf.FieldOptions_CType,def=0" json:"ctype,omitempty"` + // The packed option can be enabled for repeated primitive fields to enable + // a more efficient representation on the wire. Rather than repeatedly + // writing the tag and type for each element, the entire array is encoded as + // a single length-delimited blob. In proto3, only explicit setting it to + // false will avoid using packed encoding. + Packed *bool `protobuf:"varint,2,opt,name=packed" json:"packed,omitempty"` + // The jstype option determines the JavaScript type used for values of the + // field. The option is permitted only for 64 bit integral and fixed types + // (int64, uint64, sint64, fixed64, sfixed64). A field with jstype JS_STRING + // is represented as JavaScript string, which avoids loss of precision that + // can happen when a large value is converted to a floating point JavaScript. + // Specifying JS_NUMBER for the jstype causes the generated JavaScript code to + // use the JavaScript "number" type. The behavior of the default option + // JS_NORMAL is implementation dependent. + // + // This option is an enum to permit additional types to be added, e.g. + // goog.math.Integer. + Jstype *FieldOptions_JSType `protobuf:"varint,6,opt,name=jstype,enum=google.protobuf.FieldOptions_JSType,def=0" json:"jstype,omitempty"` + // Should this field be parsed lazily? Lazy applies only to message-type + // fields. It means that when the outer message is initially parsed, the + // inner message's contents will not be parsed but instead stored in encoded + // form. The inner message will actually be parsed when it is first accessed. + // + // This is only a hint. Implementations are free to choose whether to use + // eager or lazy parsing regardless of the value of this option. However, + // setting this option true suggests that the protocol author believes that + // using lazy parsing on this field is worth the additional bookkeeping + // overhead typically needed to implement it. + // + // This option does not affect the public interface of any generated code; + // all method signatures remain the same. Furthermore, thread-safety of the + // interface is not affected by this option; const methods remain safe to + // call from multiple threads concurrently, while non-const methods continue + // to require exclusive access. + // + // + // Note that implementations may choose not to check required fields within + // a lazy sub-message. That is, calling IsInitialized() on the outer message + // may return true even if the inner message has missing required fields. + // This is necessary because otherwise the inner message would have to be + // parsed in order to perform the check, defeating the purpose of lazy + // parsing. An implementation which chooses not to check required fields + // must be consistent about it. That is, for any particular sub-message, the + // implementation must either *always* check its required fields, or *never* + // check its required fields, regardless of whether or not the message has + // been parsed. + Lazy *bool `protobuf:"varint,5,opt,name=lazy,def=0" json:"lazy,omitempty"` + // Is this field deprecated? + // Depending on the target platform, this can emit Deprecated annotations + // for accessors, or it will be completely ignored; in the very least, this + // is a formalization for deprecating fields. + Deprecated *bool `protobuf:"varint,3,opt,name=deprecated,def=0" json:"deprecated,omitempty"` + // For Google-internal migration only. Do not use. + Weak *bool `protobuf:"varint,10,opt,name=weak,def=0" json:"weak,omitempty"` + // The parser stores options it doesn't recognize here. See above. + UninterpretedOption []*UninterpretedOption `protobuf:"bytes,999,rep,name=uninterpreted_option,json=uninterpretedOption" json:"uninterpreted_option,omitempty"` +} + +// Default values for FieldOptions fields. +const ( + Default_FieldOptions_Ctype = FieldOptions_STRING + Default_FieldOptions_Jstype = FieldOptions_JS_NORMAL + Default_FieldOptions_Lazy = bool(false) + Default_FieldOptions_Deprecated = bool(false) + Default_FieldOptions_Weak = bool(false) +) + +func (x *FieldOptions) Reset() { + *x = FieldOptions{} + if protoimpl.UnsafeEnabled { + mi := &file_google_protobuf_descriptor_proto_msgTypes[12] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *FieldOptions) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*FieldOptions) ProtoMessage() {} + +func (x *FieldOptions) ProtoReflect() protoreflect.Message { + mi := &file_google_protobuf_descriptor_proto_msgTypes[12] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use FieldOptions.ProtoReflect.Descriptor instead. +func (*FieldOptions) Descriptor() ([]byte, []int) { + return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{12} +} + +func (x *FieldOptions) GetCtype() FieldOptions_CType { + if x != nil && x.Ctype != nil { + return *x.Ctype + } + return Default_FieldOptions_Ctype +} + +func (x *FieldOptions) GetPacked() bool { + if x != nil && x.Packed != nil { + return *x.Packed + } + return false +} + +func (x *FieldOptions) GetJstype() FieldOptions_JSType { + if x != nil && x.Jstype != nil { + return *x.Jstype + } + return Default_FieldOptions_Jstype +} + +func (x *FieldOptions) GetLazy() bool { + if x != nil && x.Lazy != nil { + return *x.Lazy + } + return Default_FieldOptions_Lazy +} + +func (x *FieldOptions) GetDeprecated() bool { + if x != nil && x.Deprecated != nil { + return *x.Deprecated + } + return Default_FieldOptions_Deprecated +} + +func (x *FieldOptions) GetWeak() bool { + if x != nil && x.Weak != nil { + return *x.Weak + } + return Default_FieldOptions_Weak +} + +func (x *FieldOptions) GetUninterpretedOption() []*UninterpretedOption { + if x != nil { + return x.UninterpretedOption + } + return nil +} + +type OneofOptions struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + extensionFields protoimpl.ExtensionFields + + // The parser stores options it doesn't recognize here. See above. + UninterpretedOption []*UninterpretedOption `protobuf:"bytes,999,rep,name=uninterpreted_option,json=uninterpretedOption" json:"uninterpreted_option,omitempty"` +} + +func (x *OneofOptions) Reset() { + *x = OneofOptions{} + if protoimpl.UnsafeEnabled { + mi := &file_google_protobuf_descriptor_proto_msgTypes[13] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *OneofOptions) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*OneofOptions) ProtoMessage() {} + +func (x *OneofOptions) ProtoReflect() protoreflect.Message { + mi := &file_google_protobuf_descriptor_proto_msgTypes[13] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use OneofOptions.ProtoReflect.Descriptor instead. +func (*OneofOptions) Descriptor() ([]byte, []int) { + return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{13} +} + +func (x *OneofOptions) GetUninterpretedOption() []*UninterpretedOption { + if x != nil { + return x.UninterpretedOption + } + return nil +} + +type EnumOptions struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + extensionFields protoimpl.ExtensionFields + + // Set this option to true to allow mapping different tag names to the same + // value. + AllowAlias *bool `protobuf:"varint,2,opt,name=allow_alias,json=allowAlias" json:"allow_alias,omitempty"` + // Is this enum deprecated? + // Depending on the target platform, this can emit Deprecated annotations + // for the enum, or it will be completely ignored; in the very least, this + // is a formalization for deprecating enums. + Deprecated *bool `protobuf:"varint,3,opt,name=deprecated,def=0" json:"deprecated,omitempty"` + // The parser stores options it doesn't recognize here. See above. + UninterpretedOption []*UninterpretedOption `protobuf:"bytes,999,rep,name=uninterpreted_option,json=uninterpretedOption" json:"uninterpreted_option,omitempty"` +} + +// Default values for EnumOptions fields. +const ( + Default_EnumOptions_Deprecated = bool(false) +) + +func (x *EnumOptions) Reset() { + *x = EnumOptions{} + if protoimpl.UnsafeEnabled { + mi := &file_google_protobuf_descriptor_proto_msgTypes[14] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *EnumOptions) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*EnumOptions) ProtoMessage() {} + +func (x *EnumOptions) ProtoReflect() protoreflect.Message { + mi := &file_google_protobuf_descriptor_proto_msgTypes[14] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use EnumOptions.ProtoReflect.Descriptor instead. +func (*EnumOptions) Descriptor() ([]byte, []int) { + return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{14} +} + +func (x *EnumOptions) GetAllowAlias() bool { + if x != nil && x.AllowAlias != nil { + return *x.AllowAlias + } + return false +} + +func (x *EnumOptions) GetDeprecated() bool { + if x != nil && x.Deprecated != nil { + return *x.Deprecated + } + return Default_EnumOptions_Deprecated +} + +func (x *EnumOptions) GetUninterpretedOption() []*UninterpretedOption { + if x != nil { + return x.UninterpretedOption + } + return nil +} + +type EnumValueOptions struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + extensionFields protoimpl.ExtensionFields + + // Is this enum value deprecated? + // Depending on the target platform, this can emit Deprecated annotations + // for the enum value, or it will be completely ignored; in the very least, + // this is a formalization for deprecating enum values. + Deprecated *bool `protobuf:"varint,1,opt,name=deprecated,def=0" json:"deprecated,omitempty"` + // The parser stores options it doesn't recognize here. See above. + UninterpretedOption []*UninterpretedOption `protobuf:"bytes,999,rep,name=uninterpreted_option,json=uninterpretedOption" json:"uninterpreted_option,omitempty"` +} + +// Default values for EnumValueOptions fields. +const ( + Default_EnumValueOptions_Deprecated = bool(false) +) + +func (x *EnumValueOptions) Reset() { + *x = EnumValueOptions{} + if protoimpl.UnsafeEnabled { + mi := &file_google_protobuf_descriptor_proto_msgTypes[15] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *EnumValueOptions) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*EnumValueOptions) ProtoMessage() {} + +func (x *EnumValueOptions) ProtoReflect() protoreflect.Message { + mi := &file_google_protobuf_descriptor_proto_msgTypes[15] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use EnumValueOptions.ProtoReflect.Descriptor instead. +func (*EnumValueOptions) Descriptor() ([]byte, []int) { + return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{15} +} + +func (x *EnumValueOptions) GetDeprecated() bool { + if x != nil && x.Deprecated != nil { + return *x.Deprecated + } + return Default_EnumValueOptions_Deprecated +} + +func (x *EnumValueOptions) GetUninterpretedOption() []*UninterpretedOption { + if x != nil { + return x.UninterpretedOption + } + return nil +} + +type ServiceOptions struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + extensionFields protoimpl.ExtensionFields + + // Is this service deprecated? + // Depending on the target platform, this can emit Deprecated annotations + // for the service, or it will be completely ignored; in the very least, + // this is a formalization for deprecating services. + Deprecated *bool `protobuf:"varint,33,opt,name=deprecated,def=0" json:"deprecated,omitempty"` + // The parser stores options it doesn't recognize here. See above. + UninterpretedOption []*UninterpretedOption `protobuf:"bytes,999,rep,name=uninterpreted_option,json=uninterpretedOption" json:"uninterpreted_option,omitempty"` +} + +// Default values for ServiceOptions fields. +const ( + Default_ServiceOptions_Deprecated = bool(false) +) + +func (x *ServiceOptions) Reset() { + *x = ServiceOptions{} + if protoimpl.UnsafeEnabled { + mi := &file_google_protobuf_descriptor_proto_msgTypes[16] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ServiceOptions) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ServiceOptions) ProtoMessage() {} + +func (x *ServiceOptions) ProtoReflect() protoreflect.Message { + mi := &file_google_protobuf_descriptor_proto_msgTypes[16] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ServiceOptions.ProtoReflect.Descriptor instead. +func (*ServiceOptions) Descriptor() ([]byte, []int) { + return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{16} +} + +func (x *ServiceOptions) GetDeprecated() bool { + if x != nil && x.Deprecated != nil { + return *x.Deprecated + } + return Default_ServiceOptions_Deprecated +} + +func (x *ServiceOptions) GetUninterpretedOption() []*UninterpretedOption { + if x != nil { + return x.UninterpretedOption + } + return nil +} + +type MethodOptions struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + extensionFields protoimpl.ExtensionFields + + // Is this method deprecated? + // Depending on the target platform, this can emit Deprecated annotations + // for the method, or it will be completely ignored; in the very least, + // this is a formalization for deprecating methods. + Deprecated *bool `protobuf:"varint,33,opt,name=deprecated,def=0" json:"deprecated,omitempty"` + IdempotencyLevel *MethodOptions_IdempotencyLevel `protobuf:"varint,34,opt,name=idempotency_level,json=idempotencyLevel,enum=google.protobuf.MethodOptions_IdempotencyLevel,def=0" json:"idempotency_level,omitempty"` + // The parser stores options it doesn't recognize here. See above. + UninterpretedOption []*UninterpretedOption `protobuf:"bytes,999,rep,name=uninterpreted_option,json=uninterpretedOption" json:"uninterpreted_option,omitempty"` +} + +// Default values for MethodOptions fields. +const ( + Default_MethodOptions_Deprecated = bool(false) + Default_MethodOptions_IdempotencyLevel = MethodOptions_IDEMPOTENCY_UNKNOWN +) + +func (x *MethodOptions) Reset() { + *x = MethodOptions{} + if protoimpl.UnsafeEnabled { + mi := &file_google_protobuf_descriptor_proto_msgTypes[17] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *MethodOptions) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*MethodOptions) ProtoMessage() {} + +func (x *MethodOptions) ProtoReflect() protoreflect.Message { + mi := &file_google_protobuf_descriptor_proto_msgTypes[17] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use MethodOptions.ProtoReflect.Descriptor instead. +func (*MethodOptions) Descriptor() ([]byte, []int) { + return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{17} +} + +func (x *MethodOptions) GetDeprecated() bool { + if x != nil && x.Deprecated != nil { + return *x.Deprecated + } + return Default_MethodOptions_Deprecated +} + +func (x *MethodOptions) GetIdempotencyLevel() MethodOptions_IdempotencyLevel { + if x != nil && x.IdempotencyLevel != nil { + return *x.IdempotencyLevel + } + return Default_MethodOptions_IdempotencyLevel +} + +func (x *MethodOptions) GetUninterpretedOption() []*UninterpretedOption { + if x != nil { + return x.UninterpretedOption + } + return nil +} + +// A message representing a option the parser does not recognize. This only +// appears in options protos created by the compiler::Parser class. +// DescriptorPool resolves these when building Descriptor objects. Therefore, +// options protos in descriptor objects (e.g. returned by Descriptor::options(), +// or produced by Descriptor::CopyTo()) will never have UninterpretedOptions +// in them. +type UninterpretedOption struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Name []*UninterpretedOption_NamePart `protobuf:"bytes,2,rep,name=name" json:"name,omitempty"` + // The value of the uninterpreted option, in whatever type the tokenizer + // identified it as during parsing. Exactly one of these should be set. + IdentifierValue *string `protobuf:"bytes,3,opt,name=identifier_value,json=identifierValue" json:"identifier_value,omitempty"` + PositiveIntValue *uint64 `protobuf:"varint,4,opt,name=positive_int_value,json=positiveIntValue" json:"positive_int_value,omitempty"` + NegativeIntValue *int64 `protobuf:"varint,5,opt,name=negative_int_value,json=negativeIntValue" json:"negative_int_value,omitempty"` + DoubleValue *float64 `protobuf:"fixed64,6,opt,name=double_value,json=doubleValue" json:"double_value,omitempty"` + StringValue []byte `protobuf:"bytes,7,opt,name=string_value,json=stringValue" json:"string_value,omitempty"` + AggregateValue *string `protobuf:"bytes,8,opt,name=aggregate_value,json=aggregateValue" json:"aggregate_value,omitempty"` +} + +func (x *UninterpretedOption) Reset() { + *x = UninterpretedOption{} + if protoimpl.UnsafeEnabled { + mi := &file_google_protobuf_descriptor_proto_msgTypes[18] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *UninterpretedOption) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*UninterpretedOption) ProtoMessage() {} + +func (x *UninterpretedOption) ProtoReflect() protoreflect.Message { + mi := &file_google_protobuf_descriptor_proto_msgTypes[18] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use UninterpretedOption.ProtoReflect.Descriptor instead. +func (*UninterpretedOption) Descriptor() ([]byte, []int) { + return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{18} +} + +func (x *UninterpretedOption) GetName() []*UninterpretedOption_NamePart { + if x != nil { + return x.Name + } + return nil +} + +func (x *UninterpretedOption) GetIdentifierValue() string { + if x != nil && x.IdentifierValue != nil { + return *x.IdentifierValue + } + return "" +} + +func (x *UninterpretedOption) GetPositiveIntValue() uint64 { + if x != nil && x.PositiveIntValue != nil { + return *x.PositiveIntValue + } + return 0 +} + +func (x *UninterpretedOption) GetNegativeIntValue() int64 { + if x != nil && x.NegativeIntValue != nil { + return *x.NegativeIntValue + } + return 0 +} + +func (x *UninterpretedOption) GetDoubleValue() float64 { + if x != nil && x.DoubleValue != nil { + return *x.DoubleValue + } + return 0 +} + +func (x *UninterpretedOption) GetStringValue() []byte { + if x != nil { + return x.StringValue + } + return nil +} + +func (x *UninterpretedOption) GetAggregateValue() string { + if x != nil && x.AggregateValue != nil { + return *x.AggregateValue + } + return "" +} + +// Encapsulates information about the original source file from which a +// FileDescriptorProto was generated. +type SourceCodeInfo struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // A Location identifies a piece of source code in a .proto file which + // corresponds to a particular definition. This information is intended + // to be useful to IDEs, code indexers, documentation generators, and similar + // tools. + // + // For example, say we have a file like: + // message Foo { + // optional string foo = 1; + // } + // Let's look at just the field definition: + // optional string foo = 1; + // ^ ^^ ^^ ^ ^^^ + // a bc de f ghi + // We have the following locations: + // span path represents + // [a,i) [ 4, 0, 2, 0 ] The whole field definition. + // [a,b) [ 4, 0, 2, 0, 4 ] The label (optional). + // [c,d) [ 4, 0, 2, 0, 5 ] The type (string). + // [e,f) [ 4, 0, 2, 0, 1 ] The name (foo). + // [g,h) [ 4, 0, 2, 0, 3 ] The number (1). + // + // Notes: + // - A location may refer to a repeated field itself (i.e. not to any + // particular index within it). This is used whenever a set of elements are + // logically enclosed in a single code segment. For example, an entire + // extend block (possibly containing multiple extension definitions) will + // have an outer location whose path refers to the "extensions" repeated + // field without an index. + // - Multiple locations may have the same path. This happens when a single + // logical declaration is spread out across multiple places. The most + // obvious example is the "extend" block again -- there may be multiple + // extend blocks in the same scope, each of which will have the same path. + // - A location's span is not always a subset of its parent's span. For + // example, the "extendee" of an extension declaration appears at the + // beginning of the "extend" block and is shared by all extensions within + // the block. + // - Just because a location's span is a subset of some other location's span + // does not mean that it is a descendant. For example, a "group" defines + // both a type and a field in a single declaration. Thus, the locations + // corresponding to the type and field and their components will overlap. + // - Code which tries to interpret locations should probably be designed to + // ignore those that it doesn't understand, as more types of locations could + // be recorded in the future. + Location []*SourceCodeInfo_Location `protobuf:"bytes,1,rep,name=location" json:"location,omitempty"` +} + +func (x *SourceCodeInfo) Reset() { + *x = SourceCodeInfo{} + if protoimpl.UnsafeEnabled { + mi := &file_google_protobuf_descriptor_proto_msgTypes[19] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *SourceCodeInfo) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*SourceCodeInfo) ProtoMessage() {} + +func (x *SourceCodeInfo) ProtoReflect() protoreflect.Message { + mi := &file_google_protobuf_descriptor_proto_msgTypes[19] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use SourceCodeInfo.ProtoReflect.Descriptor instead. +func (*SourceCodeInfo) Descriptor() ([]byte, []int) { + return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{19} +} + +func (x *SourceCodeInfo) GetLocation() []*SourceCodeInfo_Location { + if x != nil { + return x.Location + } + return nil +} + +// Describes the relationship between generated code and its original source +// file. A GeneratedCodeInfo message is associated with only one generated +// source file, but may contain references to different source .proto files. +type GeneratedCodeInfo struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // An Annotation connects some span of text in generated code to an element + // of its generating .proto file. + Annotation []*GeneratedCodeInfo_Annotation `protobuf:"bytes,1,rep,name=annotation" json:"annotation,omitempty"` +} + +func (x *GeneratedCodeInfo) Reset() { + *x = GeneratedCodeInfo{} + if protoimpl.UnsafeEnabled { + mi := &file_google_protobuf_descriptor_proto_msgTypes[20] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *GeneratedCodeInfo) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*GeneratedCodeInfo) ProtoMessage() {} + +func (x *GeneratedCodeInfo) ProtoReflect() protoreflect.Message { + mi := &file_google_protobuf_descriptor_proto_msgTypes[20] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use GeneratedCodeInfo.ProtoReflect.Descriptor instead. +func (*GeneratedCodeInfo) Descriptor() ([]byte, []int) { + return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{20} +} + +func (x *GeneratedCodeInfo) GetAnnotation() []*GeneratedCodeInfo_Annotation { + if x != nil { + return x.Annotation + } + return nil +} + +type DescriptorProto_ExtensionRange struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Start *int32 `protobuf:"varint,1,opt,name=start" json:"start,omitempty"` // Inclusive. + End *int32 `protobuf:"varint,2,opt,name=end" json:"end,omitempty"` // Exclusive. + Options *ExtensionRangeOptions `protobuf:"bytes,3,opt,name=options" json:"options,omitempty"` +} + +func (x *DescriptorProto_ExtensionRange) Reset() { + *x = DescriptorProto_ExtensionRange{} + if protoimpl.UnsafeEnabled { + mi := &file_google_protobuf_descriptor_proto_msgTypes[21] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *DescriptorProto_ExtensionRange) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*DescriptorProto_ExtensionRange) ProtoMessage() {} + +func (x *DescriptorProto_ExtensionRange) ProtoReflect() protoreflect.Message { + mi := &file_google_protobuf_descriptor_proto_msgTypes[21] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use DescriptorProto_ExtensionRange.ProtoReflect.Descriptor instead. +func (*DescriptorProto_ExtensionRange) Descriptor() ([]byte, []int) { + return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{2, 0} +} + +func (x *DescriptorProto_ExtensionRange) GetStart() int32 { + if x != nil && x.Start != nil { + return *x.Start + } + return 0 +} + +func (x *DescriptorProto_ExtensionRange) GetEnd() int32 { + if x != nil && x.End != nil { + return *x.End + } + return 0 +} + +func (x *DescriptorProto_ExtensionRange) GetOptions() *ExtensionRangeOptions { + if x != nil { + return x.Options + } + return nil +} + +// Range of reserved tag numbers. Reserved tag numbers may not be used by +// fields or extension ranges in the same message. Reserved ranges may +// not overlap. +type DescriptorProto_ReservedRange struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Start *int32 `protobuf:"varint,1,opt,name=start" json:"start,omitempty"` // Inclusive. + End *int32 `protobuf:"varint,2,opt,name=end" json:"end,omitempty"` // Exclusive. +} + +func (x *DescriptorProto_ReservedRange) Reset() { + *x = DescriptorProto_ReservedRange{} + if protoimpl.UnsafeEnabled { + mi := &file_google_protobuf_descriptor_proto_msgTypes[22] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *DescriptorProto_ReservedRange) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*DescriptorProto_ReservedRange) ProtoMessage() {} + +func (x *DescriptorProto_ReservedRange) ProtoReflect() protoreflect.Message { + mi := &file_google_protobuf_descriptor_proto_msgTypes[22] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use DescriptorProto_ReservedRange.ProtoReflect.Descriptor instead. +func (*DescriptorProto_ReservedRange) Descriptor() ([]byte, []int) { + return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{2, 1} +} + +func (x *DescriptorProto_ReservedRange) GetStart() int32 { + if x != nil && x.Start != nil { + return *x.Start + } + return 0 +} + +func (x *DescriptorProto_ReservedRange) GetEnd() int32 { + if x != nil && x.End != nil { + return *x.End + } + return 0 +} + +// Range of reserved numeric values. Reserved values may not be used by +// entries in the same enum. Reserved ranges may not overlap. +// +// Note that this is distinct from DescriptorProto.ReservedRange in that it +// is inclusive such that it can appropriately represent the entire int32 +// domain. +type EnumDescriptorProto_EnumReservedRange struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Start *int32 `protobuf:"varint,1,opt,name=start" json:"start,omitempty"` // Inclusive. + End *int32 `protobuf:"varint,2,opt,name=end" json:"end,omitempty"` // Inclusive. +} + +func (x *EnumDescriptorProto_EnumReservedRange) Reset() { + *x = EnumDescriptorProto_EnumReservedRange{} + if protoimpl.UnsafeEnabled { + mi := &file_google_protobuf_descriptor_proto_msgTypes[23] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *EnumDescriptorProto_EnumReservedRange) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*EnumDescriptorProto_EnumReservedRange) ProtoMessage() {} + +func (x *EnumDescriptorProto_EnumReservedRange) ProtoReflect() protoreflect.Message { + mi := &file_google_protobuf_descriptor_proto_msgTypes[23] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use EnumDescriptorProto_EnumReservedRange.ProtoReflect.Descriptor instead. +func (*EnumDescriptorProto_EnumReservedRange) Descriptor() ([]byte, []int) { + return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{6, 0} +} + +func (x *EnumDescriptorProto_EnumReservedRange) GetStart() int32 { + if x != nil && x.Start != nil { + return *x.Start + } + return 0 +} + +func (x *EnumDescriptorProto_EnumReservedRange) GetEnd() int32 { + if x != nil && x.End != nil { + return *x.End + } + return 0 +} + +// The name of the uninterpreted option. Each string represents a segment in +// a dot-separated name. is_extension is true iff a segment represents an +// extension (denoted with parentheses in options specs in .proto files). +// E.g.,{ ["foo", false], ["bar.baz", true], ["qux", false] } represents +// "foo.(bar.baz).qux". +type UninterpretedOption_NamePart struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + NamePart *string `protobuf:"bytes,1,req,name=name_part,json=namePart" json:"name_part,omitempty"` + IsExtension *bool `protobuf:"varint,2,req,name=is_extension,json=isExtension" json:"is_extension,omitempty"` +} + +func (x *UninterpretedOption_NamePart) Reset() { + *x = UninterpretedOption_NamePart{} + if protoimpl.UnsafeEnabled { + mi := &file_google_protobuf_descriptor_proto_msgTypes[24] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *UninterpretedOption_NamePart) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*UninterpretedOption_NamePart) ProtoMessage() {} + +func (x *UninterpretedOption_NamePart) ProtoReflect() protoreflect.Message { + mi := &file_google_protobuf_descriptor_proto_msgTypes[24] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use UninterpretedOption_NamePart.ProtoReflect.Descriptor instead. +func (*UninterpretedOption_NamePart) Descriptor() ([]byte, []int) { + return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{18, 0} +} + +func (x *UninterpretedOption_NamePart) GetNamePart() string { + if x != nil && x.NamePart != nil { + return *x.NamePart + } + return "" +} + +func (x *UninterpretedOption_NamePart) GetIsExtension() bool { + if x != nil && x.IsExtension != nil { + return *x.IsExtension + } + return false +} + +type SourceCodeInfo_Location struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Identifies which part of the FileDescriptorProto was defined at this + // location. + // + // Each element is a field number or an index. They form a path from + // the root FileDescriptorProto to the place where the definition. For + // example, this path: + // [ 4, 3, 2, 7, 1 ] + // refers to: + // file.message_type(3) // 4, 3 + // .field(7) // 2, 7 + // .name() // 1 + // This is because FileDescriptorProto.message_type has field number 4: + // repeated DescriptorProto message_type = 4; + // and DescriptorProto.field has field number 2: + // repeated FieldDescriptorProto field = 2; + // and FieldDescriptorProto.name has field number 1: + // optional string name = 1; + // + // Thus, the above path gives the location of a field name. If we removed + // the last element: + // [ 4, 3, 2, 7 ] + // this path refers to the whole field declaration (from the beginning + // of the label to the terminating semicolon). + Path []int32 `protobuf:"varint,1,rep,packed,name=path" json:"path,omitempty"` + // Always has exactly three or four elements: start line, start column, + // end line (optional, otherwise assumed same as start line), end column. + // These are packed into a single field for efficiency. Note that line + // and column numbers are zero-based -- typically you will want to add + // 1 to each before displaying to a user. + Span []int32 `protobuf:"varint,2,rep,packed,name=span" json:"span,omitempty"` + // If this SourceCodeInfo represents a complete declaration, these are any + // comments appearing before and after the declaration which appear to be + // attached to the declaration. + // + // A series of line comments appearing on consecutive lines, with no other + // tokens appearing on those lines, will be treated as a single comment. + // + // leading_detached_comments will keep paragraphs of comments that appear + // before (but not connected to) the current element. Each paragraph, + // separated by empty lines, will be one comment element in the repeated + // field. + // + // Only the comment content is provided; comment markers (e.g. //) are + // stripped out. For block comments, leading whitespace and an asterisk + // will be stripped from the beginning of each line other than the first. + // Newlines are included in the output. + // + // Examples: + // + // optional int32 foo = 1; // Comment attached to foo. + // // Comment attached to bar. + // optional int32 bar = 2; + // + // optional string baz = 3; + // // Comment attached to baz. + // // Another line attached to baz. + // + // // Comment attached to qux. + // // + // // Another line attached to qux. + // optional double qux = 4; + // + // // Detached comment for corge. This is not leading or trailing comments + // // to qux or corge because there are blank lines separating it from + // // both. + // + // // Detached comment for corge paragraph 2. + // + // optional string corge = 5; + // /* Block comment attached + // * to corge. Leading asterisks + // * will be removed. */ + // /* Block comment attached to + // * grault. */ + // optional int32 grault = 6; + // + // // ignored detached comments. + LeadingComments *string `protobuf:"bytes,3,opt,name=leading_comments,json=leadingComments" json:"leading_comments,omitempty"` + TrailingComments *string `protobuf:"bytes,4,opt,name=trailing_comments,json=trailingComments" json:"trailing_comments,omitempty"` + LeadingDetachedComments []string `protobuf:"bytes,6,rep,name=leading_detached_comments,json=leadingDetachedComments" json:"leading_detached_comments,omitempty"` +} + +func (x *SourceCodeInfo_Location) Reset() { + *x = SourceCodeInfo_Location{} + if protoimpl.UnsafeEnabled { + mi := &file_google_protobuf_descriptor_proto_msgTypes[25] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *SourceCodeInfo_Location) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*SourceCodeInfo_Location) ProtoMessage() {} + +func (x *SourceCodeInfo_Location) ProtoReflect() protoreflect.Message { + mi := &file_google_protobuf_descriptor_proto_msgTypes[25] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use SourceCodeInfo_Location.ProtoReflect.Descriptor instead. +func (*SourceCodeInfo_Location) Descriptor() ([]byte, []int) { + return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{19, 0} +} + +func (x *SourceCodeInfo_Location) GetPath() []int32 { + if x != nil { + return x.Path + } + return nil +} + +func (x *SourceCodeInfo_Location) GetSpan() []int32 { + if x != nil { + return x.Span + } + return nil +} + +func (x *SourceCodeInfo_Location) GetLeadingComments() string { + if x != nil && x.LeadingComments != nil { + return *x.LeadingComments + } + return "" +} + +func (x *SourceCodeInfo_Location) GetTrailingComments() string { + if x != nil && x.TrailingComments != nil { + return *x.TrailingComments + } + return "" +} + +func (x *SourceCodeInfo_Location) GetLeadingDetachedComments() []string { + if x != nil { + return x.LeadingDetachedComments + } + return nil +} + +type GeneratedCodeInfo_Annotation struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Identifies the element in the original source .proto file. This field + // is formatted the same as SourceCodeInfo.Location.path. + Path []int32 `protobuf:"varint,1,rep,packed,name=path" json:"path,omitempty"` + // Identifies the filesystem path to the original source .proto. + SourceFile *string `protobuf:"bytes,2,opt,name=source_file,json=sourceFile" json:"source_file,omitempty"` + // Identifies the starting offset in bytes in the generated code + // that relates to the identified object. + Begin *int32 `protobuf:"varint,3,opt,name=begin" json:"begin,omitempty"` + // Identifies the ending offset in bytes in the generated code that + // relates to the identified offset. The end offset should be one past + // the last relevant byte (so the length of the text = end - begin). + End *int32 `protobuf:"varint,4,opt,name=end" json:"end,omitempty"` +} + +func (x *GeneratedCodeInfo_Annotation) Reset() { + *x = GeneratedCodeInfo_Annotation{} + if protoimpl.UnsafeEnabled { + mi := &file_google_protobuf_descriptor_proto_msgTypes[26] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *GeneratedCodeInfo_Annotation) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*GeneratedCodeInfo_Annotation) ProtoMessage() {} + +func (x *GeneratedCodeInfo_Annotation) ProtoReflect() protoreflect.Message { + mi := &file_google_protobuf_descriptor_proto_msgTypes[26] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use GeneratedCodeInfo_Annotation.ProtoReflect.Descriptor instead. +func (*GeneratedCodeInfo_Annotation) Descriptor() ([]byte, []int) { + return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{20, 0} +} + +func (x *GeneratedCodeInfo_Annotation) GetPath() []int32 { + if x != nil { + return x.Path + } + return nil +} + +func (x *GeneratedCodeInfo_Annotation) GetSourceFile() string { + if x != nil && x.SourceFile != nil { + return *x.SourceFile + } + return "" +} + +func (x *GeneratedCodeInfo_Annotation) GetBegin() int32 { + if x != nil && x.Begin != nil { + return *x.Begin + } + return 0 +} + +func (x *GeneratedCodeInfo_Annotation) GetEnd() int32 { + if x != nil && x.End != nil { + return *x.End + } + return 0 +} + +var File_google_protobuf_descriptor_proto protoreflect.FileDescriptor + +var file_google_protobuf_descriptor_proto_rawDesc = []byte{ + 0x0a, 0x20, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, + 0x66, 0x2f, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x12, 0x0f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x62, 0x75, 0x66, 0x22, 0x4d, 0x0a, 0x11, 0x46, 0x69, 0x6c, 0x65, 0x44, 0x65, 0x73, 0x63, 0x72, + 0x69, 0x70, 0x74, 0x6f, 0x72, 0x53, 0x65, 0x74, 0x12, 0x38, 0x0a, 0x04, 0x66, 0x69, 0x6c, 0x65, + 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x6c, 0x65, 0x44, 0x65, 0x73, + 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x52, 0x04, 0x66, 0x69, + 0x6c, 0x65, 0x22, 0xe4, 0x04, 0x0a, 0x13, 0x46, 0x69, 0x6c, 0x65, 0x44, 0x65, 0x73, 0x63, 0x72, + 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, + 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x18, + 0x0a, 0x07, 0x70, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x07, 0x70, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x12, 0x1e, 0x0a, 0x0a, 0x64, 0x65, 0x70, 0x65, + 0x6e, 0x64, 0x65, 0x6e, 0x63, 0x79, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a, 0x64, 0x65, + 0x70, 0x65, 0x6e, 0x64, 0x65, 0x6e, 0x63, 0x79, 0x12, 0x2b, 0x0a, 0x11, 0x70, 0x75, 0x62, 0x6c, + 0x69, 0x63, 0x5f, 0x64, 0x65, 0x70, 0x65, 0x6e, 0x64, 0x65, 0x6e, 0x63, 0x79, 0x18, 0x0a, 0x20, + 0x03, 0x28, 0x05, 0x52, 0x10, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x44, 0x65, 0x70, 0x65, 0x6e, + 0x64, 0x65, 0x6e, 0x63, 0x79, 0x12, 0x27, 0x0a, 0x0f, 0x77, 0x65, 0x61, 0x6b, 0x5f, 0x64, 0x65, + 0x70, 0x65, 0x6e, 0x64, 0x65, 0x6e, 0x63, 0x79, 0x18, 0x0b, 0x20, 0x03, 0x28, 0x05, 0x52, 0x0e, + 0x77, 0x65, 0x61, 0x6b, 0x44, 0x65, 0x70, 0x65, 0x6e, 0x64, 0x65, 0x6e, 0x63, 0x79, 0x12, 0x43, + 0x0a, 0x0c, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x04, + 0x20, 0x03, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, + 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x52, 0x0b, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x54, + 0x79, 0x70, 0x65, 0x12, 0x41, 0x0a, 0x09, 0x65, 0x6e, 0x75, 0x6d, 0x5f, 0x74, 0x79, 0x70, 0x65, + 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6e, 0x75, 0x6d, 0x44, 0x65, 0x73, + 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x52, 0x08, 0x65, 0x6e, + 0x75, 0x6d, 0x54, 0x79, 0x70, 0x65, 0x12, 0x41, 0x0a, 0x07, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, + 0x65, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, + 0x65, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, + 0x52, 0x07, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x43, 0x0a, 0x09, 0x65, 0x78, 0x74, + 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x67, + 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, + 0x69, 0x65, 0x6c, 0x64, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, + 0x6f, 0x74, 0x6f, 0x52, 0x09, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x36, + 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, + 0x66, 0x2e, 0x46, 0x69, 0x6c, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, + 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x49, 0x0a, 0x10, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, + 0x5f, 0x63, 0x6f, 0x64, 0x65, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x1f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, + 0x75, 0x66, 0x2e, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x43, 0x6f, 0x64, 0x65, 0x49, 0x6e, 0x66, + 0x6f, 0x52, 0x0e, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x43, 0x6f, 0x64, 0x65, 0x49, 0x6e, 0x66, + 0x6f, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x79, 0x6e, 0x74, 0x61, 0x78, 0x18, 0x0c, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x06, 0x73, 0x79, 0x6e, 0x74, 0x61, 0x78, 0x22, 0xb9, 0x06, 0x0a, 0x0f, 0x44, 0x65, + 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a, + 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, + 0x65, 0x12, 0x3b, 0x0a, 0x05, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, + 0x32, 0x25, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, + 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, + 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x52, 0x05, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x12, 0x43, + 0x0a, 0x09, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x06, 0x20, 0x03, 0x28, + 0x0b, 0x32, 0x25, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, + 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x52, 0x09, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, + 0x69, 0x6f, 0x6e, 0x12, 0x41, 0x0a, 0x0b, 0x6e, 0x65, 0x73, 0x74, 0x65, 0x64, 0x5f, 0x74, 0x79, + 0x70, 0x65, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, + 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x65, 0x73, 0x63, 0x72, + 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x52, 0x0a, 0x6e, 0x65, 0x73, 0x74, + 0x65, 0x64, 0x54, 0x79, 0x70, 0x65, 0x12, 0x41, 0x0a, 0x09, 0x65, 0x6e, 0x75, 0x6d, 0x5f, 0x74, + 0x79, 0x70, 0x65, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, + 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6e, 0x75, 0x6d, + 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x52, + 0x08, 0x65, 0x6e, 0x75, 0x6d, 0x54, 0x79, 0x70, 0x65, 0x12, 0x58, 0x0a, 0x0f, 0x65, 0x78, 0x74, + 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x5f, 0x72, 0x61, 0x6e, 0x67, 0x65, 0x18, 0x05, 0x20, 0x03, + 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, + 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x61, + 0x6e, 0x67, 0x65, 0x52, 0x0e, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x61, + 0x6e, 0x67, 0x65, 0x12, 0x44, 0x0a, 0x0a, 0x6f, 0x6e, 0x65, 0x6f, 0x66, 0x5f, 0x64, 0x65, 0x63, + 0x6c, 0x18, 0x08, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x4f, 0x6e, 0x65, 0x6f, 0x66, 0x44, + 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x52, 0x09, + 0x6f, 0x6e, 0x65, 0x6f, 0x66, 0x44, 0x65, 0x63, 0x6c, 0x12, 0x39, 0x0a, 0x07, 0x6f, 0x70, 0x74, + 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x67, 0x6f, 0x6f, + 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x4d, 0x65, 0x73, + 0x73, 0x61, 0x67, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74, + 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x55, 0x0a, 0x0e, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, + 0x5f, 0x72, 0x61, 0x6e, 0x67, 0x65, 0x18, 0x09, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x67, + 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, + 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x52, + 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x52, 0x0d, 0x72, 0x65, + 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x72, + 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x0a, 0x20, 0x03, + 0x28, 0x09, 0x52, 0x0c, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x4e, 0x61, 0x6d, 0x65, + 0x1a, 0x7a, 0x0a, 0x0e, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x61, 0x6e, + 0x67, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x73, 0x74, 0x61, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x05, 0x52, 0x05, 0x73, 0x74, 0x61, 0x72, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x65, 0x6e, 0x64, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x65, 0x6e, 0x64, 0x12, 0x40, 0x0a, 0x07, 0x6f, 0x70, + 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x67, 0x6f, + 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x78, + 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x4f, 0x70, 0x74, 0x69, + 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x1a, 0x37, 0x0a, 0x0d, + 0x52, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x12, 0x14, 0x0a, + 0x05, 0x73, 0x74, 0x61, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x05, 0x73, 0x74, + 0x61, 0x72, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x65, 0x6e, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, + 0x52, 0x03, 0x65, 0x6e, 0x64, 0x22, 0x7c, 0x0a, 0x15, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, + 0x6f, 0x6e, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x58, + 0x0a, 0x14, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x5f, + 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0xe7, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, + 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, + 0x55, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, + 0x69, 0x6f, 0x6e, 0x52, 0x13, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, + 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x2a, 0x09, 0x08, 0xe8, 0x07, 0x10, 0x80, 0x80, + 0x80, 0x80, 0x02, 0x22, 0xc1, 0x06, 0x0a, 0x14, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x44, 0x65, 0x73, + 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a, 0x04, + 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, + 0x12, 0x16, 0x0a, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05, + 0x52, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, 0x41, 0x0a, 0x05, 0x6c, 0x61, 0x62, 0x65, + 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x44, + 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x4c, + 0x61, 0x62, 0x65, 0x6c, 0x52, 0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x12, 0x3e, 0x0a, 0x04, 0x74, + 0x79, 0x70, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, + 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, + 0x64, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, + 0x2e, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x1b, 0x0a, 0x09, 0x74, + 0x79, 0x70, 0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, + 0x74, 0x79, 0x70, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x65, 0x78, 0x74, 0x65, + 0x6e, 0x64, 0x65, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x65, 0x78, 0x74, 0x65, + 0x6e, 0x64, 0x65, 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x5f, + 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x64, 0x65, 0x66, + 0x61, 0x75, 0x6c, 0x74, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x6f, 0x6e, 0x65, + 0x6f, 0x66, 0x5f, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x09, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0a, + 0x6f, 0x6e, 0x65, 0x6f, 0x66, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x1b, 0x0a, 0x09, 0x6a, 0x73, + 0x6f, 0x6e, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x6a, + 0x73, 0x6f, 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x37, 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, + 0x6e, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, + 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, + 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, + 0x12, 0x27, 0x0a, 0x0f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, + 0x6e, 0x61, 0x6c, 0x18, 0x11, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0e, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x33, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x22, 0xb6, 0x02, 0x0a, 0x04, 0x54, 0x79, + 0x70, 0x65, 0x12, 0x0f, 0x0a, 0x0b, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x44, 0x4f, 0x55, 0x42, 0x4c, + 0x45, 0x10, 0x01, 0x12, 0x0e, 0x0a, 0x0a, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x46, 0x4c, 0x4f, 0x41, + 0x54, 0x10, 0x02, 0x12, 0x0e, 0x0a, 0x0a, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x49, 0x4e, 0x54, 0x36, + 0x34, 0x10, 0x03, 0x12, 0x0f, 0x0a, 0x0b, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x49, 0x4e, 0x54, + 0x36, 0x34, 0x10, 0x04, 0x12, 0x0e, 0x0a, 0x0a, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x49, 0x4e, 0x54, + 0x33, 0x32, 0x10, 0x05, 0x12, 0x10, 0x0a, 0x0c, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x46, 0x49, 0x58, + 0x45, 0x44, 0x36, 0x34, 0x10, 0x06, 0x12, 0x10, 0x0a, 0x0c, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x46, + 0x49, 0x58, 0x45, 0x44, 0x33, 0x32, 0x10, 0x07, 0x12, 0x0d, 0x0a, 0x09, 0x54, 0x59, 0x50, 0x45, + 0x5f, 0x42, 0x4f, 0x4f, 0x4c, 0x10, 0x08, 0x12, 0x0f, 0x0a, 0x0b, 0x54, 0x59, 0x50, 0x45, 0x5f, + 0x53, 0x54, 0x52, 0x49, 0x4e, 0x47, 0x10, 0x09, 0x12, 0x0e, 0x0a, 0x0a, 0x54, 0x59, 0x50, 0x45, + 0x5f, 0x47, 0x52, 0x4f, 0x55, 0x50, 0x10, 0x0a, 0x12, 0x10, 0x0a, 0x0c, 0x54, 0x59, 0x50, 0x45, + 0x5f, 0x4d, 0x45, 0x53, 0x53, 0x41, 0x47, 0x45, 0x10, 0x0b, 0x12, 0x0e, 0x0a, 0x0a, 0x54, 0x59, + 0x50, 0x45, 0x5f, 0x42, 0x59, 0x54, 0x45, 0x53, 0x10, 0x0c, 0x12, 0x0f, 0x0a, 0x0b, 0x54, 0x59, + 0x50, 0x45, 0x5f, 0x55, 0x49, 0x4e, 0x54, 0x33, 0x32, 0x10, 0x0d, 0x12, 0x0d, 0x0a, 0x09, 0x54, + 0x59, 0x50, 0x45, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x10, 0x0e, 0x12, 0x11, 0x0a, 0x0d, 0x54, 0x59, + 0x50, 0x45, 0x5f, 0x53, 0x46, 0x49, 0x58, 0x45, 0x44, 0x33, 0x32, 0x10, 0x0f, 0x12, 0x11, 0x0a, + 0x0d, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x46, 0x49, 0x58, 0x45, 0x44, 0x36, 0x34, 0x10, 0x10, + 0x12, 0x0f, 0x0a, 0x0b, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x49, 0x4e, 0x54, 0x33, 0x32, 0x10, + 0x11, 0x12, 0x0f, 0x0a, 0x0b, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x49, 0x4e, 0x54, 0x36, 0x34, + 0x10, 0x12, 0x22, 0x43, 0x0a, 0x05, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x12, 0x12, 0x0a, 0x0e, 0x4c, + 0x41, 0x42, 0x45, 0x4c, 0x5f, 0x4f, 0x50, 0x54, 0x49, 0x4f, 0x4e, 0x41, 0x4c, 0x10, 0x01, 0x12, + 0x12, 0x0a, 0x0e, 0x4c, 0x41, 0x42, 0x45, 0x4c, 0x5f, 0x52, 0x45, 0x51, 0x55, 0x49, 0x52, 0x45, + 0x44, 0x10, 0x02, 0x12, 0x12, 0x0a, 0x0e, 0x4c, 0x41, 0x42, 0x45, 0x4c, 0x5f, 0x52, 0x45, 0x50, + 0x45, 0x41, 0x54, 0x45, 0x44, 0x10, 0x03, 0x22, 0x63, 0x0a, 0x14, 0x4f, 0x6e, 0x65, 0x6f, 0x66, + 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12, + 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, + 0x61, 0x6d, 0x65, 0x12, 0x37, 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x4f, 0x6e, 0x65, 0x6f, 0x66, 0x4f, 0x70, 0x74, 0x69, + 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0xe3, 0x02, 0x0a, + 0x13, 0x45, 0x6e, 0x75, 0x6d, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, + 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x3f, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, + 0x65, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6e, 0x75, 0x6d, 0x56, 0x61, + 0x6c, 0x75, 0x65, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, + 0x74, 0x6f, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x36, 0x0a, 0x07, 0x6f, 0x70, 0x74, + 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, + 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6e, 0x75, + 0x6d, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, + 0x73, 0x12, 0x5d, 0x0a, 0x0e, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x5f, 0x72, 0x61, + 0x6e, 0x67, 0x65, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x67, 0x6f, 0x6f, 0x67, + 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6e, 0x75, 0x6d, + 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x2e, + 0x45, 0x6e, 0x75, 0x6d, 0x52, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x52, 0x61, 0x6e, 0x67, + 0x65, 0x52, 0x0d, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x52, 0x61, 0x6e, 0x67, 0x65, + 0x12, 0x23, 0x0a, 0x0d, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x5f, 0x6e, 0x61, 0x6d, + 0x65, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0c, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, + 0x64, 0x4e, 0x61, 0x6d, 0x65, 0x1a, 0x3b, 0x0a, 0x11, 0x45, 0x6e, 0x75, 0x6d, 0x52, 0x65, 0x73, + 0x65, 0x72, 0x76, 0x65, 0x64, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x73, 0x74, + 0x61, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x05, 0x73, 0x74, 0x61, 0x72, 0x74, + 0x12, 0x10, 0x0a, 0x03, 0x65, 0x6e, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x65, + 0x6e, 0x64, 0x22, 0x83, 0x01, 0x0a, 0x18, 0x45, 0x6e, 0x75, 0x6d, 0x56, 0x61, 0x6c, 0x75, 0x65, + 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12, + 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, + 0x61, 0x6d, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x05, 0x52, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, 0x3b, 0x0a, 0x07, 0x6f, + 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x67, + 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, + 0x6e, 0x75, 0x6d, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, + 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0xa7, 0x01, 0x0a, 0x16, 0x53, 0x65, 0x72, + 0x76, 0x69, 0x63, 0x65, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, + 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x3e, 0x0a, 0x06, 0x6d, 0x65, 0x74, 0x68, 0x6f, + 0x64, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, + 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x52, + 0x06, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x12, 0x39, 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, + 0x6e, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, + 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, + 0x63, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, + 0x6e, 0x73, 0x22, 0x89, 0x02, 0x0a, 0x15, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x44, 0x65, 0x73, + 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a, 0x04, + 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, + 0x12, 0x1d, 0x0a, 0x0a, 0x69, 0x6e, 0x70, 0x75, 0x74, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x69, 0x6e, 0x70, 0x75, 0x74, 0x54, 0x79, 0x70, 0x65, 0x12, + 0x1f, 0x0a, 0x0b, 0x6f, 0x75, 0x74, 0x70, 0x75, 0x74, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x6f, 0x75, 0x74, 0x70, 0x75, 0x74, 0x54, 0x79, 0x70, 0x65, + 0x12, 0x38, 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x1e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x62, 0x75, 0x66, 0x2e, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, + 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x30, 0x0a, 0x10, 0x63, 0x6c, + 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x69, 0x6e, 0x67, 0x18, 0x05, + 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0f, 0x63, 0x6c, 0x69, + 0x65, 0x6e, 0x74, 0x53, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x69, 0x6e, 0x67, 0x12, 0x30, 0x0a, 0x10, + 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x69, 0x6e, 0x67, + 0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0f, 0x73, + 0x65, 0x72, 0x76, 0x65, 0x72, 0x53, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x69, 0x6e, 0x67, 0x22, 0x91, + 0x09, 0x0a, 0x0b, 0x46, 0x69, 0x6c, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x21, + 0x0a, 0x0c, 0x6a, 0x61, 0x76, 0x61, 0x5f, 0x70, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x6a, 0x61, 0x76, 0x61, 0x50, 0x61, 0x63, 0x6b, 0x61, 0x67, + 0x65, 0x12, 0x30, 0x0a, 0x14, 0x6a, 0x61, 0x76, 0x61, 0x5f, 0x6f, 0x75, 0x74, 0x65, 0x72, 0x5f, + 0x63, 0x6c, 0x61, 0x73, 0x73, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x12, 0x6a, 0x61, 0x76, 0x61, 0x4f, 0x75, 0x74, 0x65, 0x72, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x6e, + 0x61, 0x6d, 0x65, 0x12, 0x35, 0x0a, 0x13, 0x6a, 0x61, 0x76, 0x61, 0x5f, 0x6d, 0x75, 0x6c, 0x74, + 0x69, 0x70, 0x6c, 0x65, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x73, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x08, + 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x11, 0x6a, 0x61, 0x76, 0x61, 0x4d, 0x75, 0x6c, + 0x74, 0x69, 0x70, 0x6c, 0x65, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x12, 0x44, 0x0a, 0x1d, 0x6a, 0x61, + 0x76, 0x61, 0x5f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x5f, 0x65, 0x71, 0x75, 0x61, + 0x6c, 0x73, 0x5f, 0x61, 0x6e, 0x64, 0x5f, 0x68, 0x61, 0x73, 0x68, 0x18, 0x14, 0x20, 0x01, 0x28, + 0x08, 0x42, 0x02, 0x18, 0x01, 0x52, 0x19, 0x6a, 0x61, 0x76, 0x61, 0x47, 0x65, 0x6e, 0x65, 0x72, + 0x61, 0x74, 0x65, 0x45, 0x71, 0x75, 0x61, 0x6c, 0x73, 0x41, 0x6e, 0x64, 0x48, 0x61, 0x73, 0x68, + 0x12, 0x3a, 0x0a, 0x16, 0x6a, 0x61, 0x76, 0x61, 0x5f, 0x73, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x5f, + 0x63, 0x68, 0x65, 0x63, 0x6b, 0x5f, 0x75, 0x74, 0x66, 0x38, 0x18, 0x1b, 0x20, 0x01, 0x28, 0x08, + 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x13, 0x6a, 0x61, 0x76, 0x61, 0x53, 0x74, 0x72, + 0x69, 0x6e, 0x67, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x55, 0x74, 0x66, 0x38, 0x12, 0x53, 0x0a, 0x0c, + 0x6f, 0x70, 0x74, 0x69, 0x6d, 0x69, 0x7a, 0x65, 0x5f, 0x66, 0x6f, 0x72, 0x18, 0x09, 0x20, 0x01, + 0x28, 0x0e, 0x32, 0x29, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x6c, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, + 0x2e, 0x4f, 0x70, 0x74, 0x69, 0x6d, 0x69, 0x7a, 0x65, 0x4d, 0x6f, 0x64, 0x65, 0x3a, 0x05, 0x53, + 0x50, 0x45, 0x45, 0x44, 0x52, 0x0b, 0x6f, 0x70, 0x74, 0x69, 0x6d, 0x69, 0x7a, 0x65, 0x46, 0x6f, + 0x72, 0x12, 0x1d, 0x0a, 0x0a, 0x67, 0x6f, 0x5f, 0x70, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x18, + 0x0b, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x67, 0x6f, 0x50, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, + 0x12, 0x35, 0x0a, 0x13, 0x63, 0x63, 0x5f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x5f, 0x73, + 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x18, 0x10, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, + 0x61, 0x6c, 0x73, 0x65, 0x52, 0x11, 0x63, 0x63, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x53, + 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x39, 0x0a, 0x15, 0x6a, 0x61, 0x76, 0x61, 0x5f, + 0x67, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, + 0x18, 0x11, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x13, 0x6a, + 0x61, 0x76, 0x61, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, + 0x65, 0x73, 0x12, 0x35, 0x0a, 0x13, 0x70, 0x79, 0x5f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, + 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x18, 0x12, 0x20, 0x01, 0x28, 0x08, 0x3a, + 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x11, 0x70, 0x79, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x69, + 0x63, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x37, 0x0a, 0x14, 0x70, 0x68, 0x70, + 0x5f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, + 0x73, 0x18, 0x2a, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x12, + 0x70, 0x68, 0x70, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, + 0x65, 0x73, 0x12, 0x25, 0x0a, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, + 0x18, 0x17, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0a, 0x64, + 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x12, 0x2e, 0x0a, 0x10, 0x63, 0x63, 0x5f, + 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x5f, 0x61, 0x72, 0x65, 0x6e, 0x61, 0x73, 0x18, 0x1f, 0x20, + 0x01, 0x28, 0x08, 0x3a, 0x04, 0x74, 0x72, 0x75, 0x65, 0x52, 0x0e, 0x63, 0x63, 0x45, 0x6e, 0x61, + 0x62, 0x6c, 0x65, 0x41, 0x72, 0x65, 0x6e, 0x61, 0x73, 0x12, 0x2a, 0x0a, 0x11, 0x6f, 0x62, 0x6a, + 0x63, 0x5f, 0x63, 0x6c, 0x61, 0x73, 0x73, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x24, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x6f, 0x62, 0x6a, 0x63, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x50, + 0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x29, 0x0a, 0x10, 0x63, 0x73, 0x68, 0x61, 0x72, 0x70, 0x5f, + 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x25, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x0f, 0x63, 0x73, 0x68, 0x61, 0x72, 0x70, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, + 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x77, 0x69, 0x66, 0x74, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, + 0x18, 0x27, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x73, 0x77, 0x69, 0x66, 0x74, 0x50, 0x72, 0x65, + 0x66, 0x69, 0x78, 0x12, 0x28, 0x0a, 0x10, 0x70, 0x68, 0x70, 0x5f, 0x63, 0x6c, 0x61, 0x73, 0x73, + 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x28, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x70, + 0x68, 0x70, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x23, 0x0a, + 0x0d, 0x70, 0x68, 0x70, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x29, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x70, 0x68, 0x70, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, + 0x63, 0x65, 0x12, 0x34, 0x0a, 0x16, 0x70, 0x68, 0x70, 0x5f, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, + 0x74, 0x61, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x2c, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x14, 0x70, 0x68, 0x70, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x4e, + 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x72, 0x75, 0x62, 0x79, + 0x5f, 0x70, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x18, 0x2d, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, + 0x72, 0x75, 0x62, 0x79, 0x50, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x12, 0x58, 0x0a, 0x14, 0x75, + 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x5f, 0x6f, 0x70, 0x74, + 0x69, 0x6f, 0x6e, 0x18, 0xe7, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, + 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x6e, 0x69, + 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, + 0x52, 0x13, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, + 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x3a, 0x0a, 0x0c, 0x4f, 0x70, 0x74, 0x69, 0x6d, 0x69, 0x7a, + 0x65, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x09, 0x0a, 0x05, 0x53, 0x50, 0x45, 0x45, 0x44, 0x10, 0x01, + 0x12, 0x0d, 0x0a, 0x09, 0x43, 0x4f, 0x44, 0x45, 0x5f, 0x53, 0x49, 0x5a, 0x45, 0x10, 0x02, 0x12, + 0x10, 0x0a, 0x0c, 0x4c, 0x49, 0x54, 0x45, 0x5f, 0x52, 0x55, 0x4e, 0x54, 0x49, 0x4d, 0x45, 0x10, + 0x03, 0x2a, 0x09, 0x08, 0xe8, 0x07, 0x10, 0x80, 0x80, 0x80, 0x80, 0x02, 0x4a, 0x04, 0x08, 0x26, + 0x10, 0x27, 0x22, 0xd1, 0x02, 0x0a, 0x0e, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x4f, 0x70, + 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x3c, 0x0a, 0x17, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, + 0x5f, 0x73, 0x65, 0x74, 0x5f, 0x77, 0x69, 0x72, 0x65, 0x5f, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x14, 0x6d, + 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x53, 0x65, 0x74, 0x57, 0x69, 0x72, 0x65, 0x46, 0x6f, 0x72, + 0x6d, 0x61, 0x74, 0x12, 0x4c, 0x0a, 0x1f, 0x6e, 0x6f, 0x5f, 0x73, 0x74, 0x61, 0x6e, 0x64, 0x61, + 0x72, 0x64, 0x5f, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x5f, 0x61, 0x63, + 0x63, 0x65, 0x73, 0x73, 0x6f, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, + 0x6c, 0x73, 0x65, 0x52, 0x1c, 0x6e, 0x6f, 0x53, 0x74, 0x61, 0x6e, 0x64, 0x61, 0x72, 0x64, 0x44, + 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6f, + 0x72, 0x12, 0x25, 0x0a, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x18, + 0x03, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0a, 0x64, 0x65, + 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x12, 0x1b, 0x0a, 0x09, 0x6d, 0x61, 0x70, 0x5f, + 0x65, 0x6e, 0x74, 0x72, 0x79, 0x18, 0x07, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x6d, 0x61, 0x70, + 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x58, 0x0a, 0x14, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, + 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0xe7, 0x07, + 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, + 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x13, 0x75, 0x6e, 0x69, 0x6e, + 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x2a, + 0x09, 0x08, 0xe8, 0x07, 0x10, 0x80, 0x80, 0x80, 0x80, 0x02, 0x4a, 0x04, 0x08, 0x08, 0x10, 0x09, + 0x4a, 0x04, 0x08, 0x09, 0x10, 0x0a, 0x22, 0xe2, 0x03, 0x0a, 0x0c, 0x46, 0x69, 0x65, 0x6c, 0x64, + 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x41, 0x0a, 0x05, 0x63, 0x74, 0x79, 0x70, 0x65, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x23, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4f, 0x70, + 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x43, 0x54, 0x79, 0x70, 0x65, 0x3a, 0x06, 0x53, 0x54, 0x52, + 0x49, 0x4e, 0x47, 0x52, 0x05, 0x63, 0x74, 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x70, 0x61, + 0x63, 0x6b, 0x65, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06, 0x70, 0x61, 0x63, 0x6b, + 0x65, 0x64, 0x12, 0x47, 0x0a, 0x06, 0x6a, 0x73, 0x74, 0x79, 0x70, 0x65, 0x18, 0x06, 0x20, 0x01, + 0x28, 0x0e, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, + 0x73, 0x2e, 0x4a, 0x53, 0x54, 0x79, 0x70, 0x65, 0x3a, 0x09, 0x4a, 0x53, 0x5f, 0x4e, 0x4f, 0x52, + 0x4d, 0x41, 0x4c, 0x52, 0x06, 0x6a, 0x73, 0x74, 0x79, 0x70, 0x65, 0x12, 0x19, 0x0a, 0x04, 0x6c, + 0x61, 0x7a, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, + 0x52, 0x04, 0x6c, 0x61, 0x7a, 0x79, 0x12, 0x25, 0x0a, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, + 0x61, 0x74, 0x65, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, + 0x65, 0x52, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x12, 0x19, 0x0a, + 0x04, 0x77, 0x65, 0x61, 0x6b, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, + 0x73, 0x65, 0x52, 0x04, 0x77, 0x65, 0x61, 0x6b, 0x12, 0x58, 0x0a, 0x14, 0x75, 0x6e, 0x69, 0x6e, + 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, + 0x18, 0xe7, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x6e, 0x69, 0x6e, 0x74, 0x65, + 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x13, 0x75, + 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, + 0x6f, 0x6e, 0x22, 0x2f, 0x0a, 0x05, 0x43, 0x54, 0x79, 0x70, 0x65, 0x12, 0x0a, 0x0a, 0x06, 0x53, + 0x54, 0x52, 0x49, 0x4e, 0x47, 0x10, 0x00, 0x12, 0x08, 0x0a, 0x04, 0x43, 0x4f, 0x52, 0x44, 0x10, + 0x01, 0x12, 0x10, 0x0a, 0x0c, 0x53, 0x54, 0x52, 0x49, 0x4e, 0x47, 0x5f, 0x50, 0x49, 0x45, 0x43, + 0x45, 0x10, 0x02, 0x22, 0x35, 0x0a, 0x06, 0x4a, 0x53, 0x54, 0x79, 0x70, 0x65, 0x12, 0x0d, 0x0a, + 0x09, 0x4a, 0x53, 0x5f, 0x4e, 0x4f, 0x52, 0x4d, 0x41, 0x4c, 0x10, 0x00, 0x12, 0x0d, 0x0a, 0x09, + 0x4a, 0x53, 0x5f, 0x53, 0x54, 0x52, 0x49, 0x4e, 0x47, 0x10, 0x01, 0x12, 0x0d, 0x0a, 0x09, 0x4a, + 0x53, 0x5f, 0x4e, 0x55, 0x4d, 0x42, 0x45, 0x52, 0x10, 0x02, 0x2a, 0x09, 0x08, 0xe8, 0x07, 0x10, + 0x80, 0x80, 0x80, 0x80, 0x02, 0x4a, 0x04, 0x08, 0x04, 0x10, 0x05, 0x22, 0x73, 0x0a, 0x0c, 0x4f, + 0x6e, 0x65, 0x6f, 0x66, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x58, 0x0a, 0x14, 0x75, + 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x5f, 0x6f, 0x70, 0x74, + 0x69, 0x6f, 0x6e, 0x18, 0xe7, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, + 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x6e, 0x69, + 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, + 0x52, 0x13, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, + 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x2a, 0x09, 0x08, 0xe8, 0x07, 0x10, 0x80, 0x80, 0x80, 0x80, 0x02, + 0x22, 0xc0, 0x01, 0x0a, 0x0b, 0x45, 0x6e, 0x75, 0x6d, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, + 0x12, 0x1f, 0x0a, 0x0b, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x5f, 0x61, 0x6c, 0x69, 0x61, 0x73, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x41, 0x6c, 0x69, 0x61, + 0x73, 0x12, 0x25, 0x0a, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x18, + 0x03, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0a, 0x64, 0x65, + 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x12, 0x58, 0x0a, 0x14, 0x75, 0x6e, 0x69, 0x6e, + 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, + 0x18, 0xe7, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x6e, 0x69, 0x6e, 0x74, 0x65, + 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x13, 0x75, + 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, + 0x6f, 0x6e, 0x2a, 0x09, 0x08, 0xe8, 0x07, 0x10, 0x80, 0x80, 0x80, 0x80, 0x02, 0x4a, 0x04, 0x08, + 0x05, 0x10, 0x06, 0x22, 0x9e, 0x01, 0x0a, 0x10, 0x45, 0x6e, 0x75, 0x6d, 0x56, 0x61, 0x6c, 0x75, + 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x25, 0x0a, 0x0a, 0x64, 0x65, 0x70, 0x72, + 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, + 0x6c, 0x73, 0x65, 0x52, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x12, + 0x58, 0x0a, 0x14, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, + 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0xe7, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, + 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, + 0x2e, 0x55, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, + 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x13, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, + 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x2a, 0x09, 0x08, 0xe8, 0x07, 0x10, 0x80, + 0x80, 0x80, 0x80, 0x02, 0x22, 0x9c, 0x01, 0x0a, 0x0e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, + 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x25, 0x0a, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, + 0x63, 0x61, 0x74, 0x65, 0x64, 0x18, 0x21, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, + 0x73, 0x65, 0x52, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x12, 0x58, + 0x0a, 0x14, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x5f, + 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0xe7, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, + 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, + 0x55, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, + 0x69, 0x6f, 0x6e, 0x52, 0x13, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, + 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x2a, 0x09, 0x08, 0xe8, 0x07, 0x10, 0x80, 0x80, + 0x80, 0x80, 0x02, 0x22, 0xe0, 0x02, 0x0a, 0x0d, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x4f, 0x70, + 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x25, 0x0a, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, + 0x74, 0x65, 0x64, 0x18, 0x21, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, + 0x52, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x12, 0x71, 0x0a, 0x11, + 0x69, 0x64, 0x65, 0x6d, 0x70, 0x6f, 0x74, 0x65, 0x6e, 0x63, 0x79, 0x5f, 0x6c, 0x65, 0x76, 0x65, + 0x6c, 0x18, 0x22, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, + 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x49, 0x64, 0x65, 0x6d, 0x70, 0x6f, 0x74, 0x65, + 0x6e, 0x63, 0x79, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x3a, 0x13, 0x49, 0x44, 0x45, 0x4d, 0x50, 0x4f, + 0x54, 0x45, 0x4e, 0x43, 0x59, 0x5f, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x52, 0x10, 0x69, + 0x64, 0x65, 0x6d, 0x70, 0x6f, 0x74, 0x65, 0x6e, 0x63, 0x79, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x12, + 0x58, 0x0a, 0x14, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, + 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0xe7, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, + 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, + 0x2e, 0x55, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, + 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x13, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, + 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x50, 0x0a, 0x10, 0x49, 0x64, 0x65, + 0x6d, 0x70, 0x6f, 0x74, 0x65, 0x6e, 0x63, 0x79, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x12, 0x17, 0x0a, + 0x13, 0x49, 0x44, 0x45, 0x4d, 0x50, 0x4f, 0x54, 0x45, 0x4e, 0x43, 0x59, 0x5f, 0x55, 0x4e, 0x4b, + 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x13, 0x0a, 0x0f, 0x4e, 0x4f, 0x5f, 0x53, 0x49, 0x44, + 0x45, 0x5f, 0x45, 0x46, 0x46, 0x45, 0x43, 0x54, 0x53, 0x10, 0x01, 0x12, 0x0e, 0x0a, 0x0a, 0x49, + 0x44, 0x45, 0x4d, 0x50, 0x4f, 0x54, 0x45, 0x4e, 0x54, 0x10, 0x02, 0x2a, 0x09, 0x08, 0xe8, 0x07, + 0x10, 0x80, 0x80, 0x80, 0x80, 0x02, 0x22, 0x9a, 0x03, 0x0a, 0x13, 0x55, 0x6e, 0x69, 0x6e, 0x74, + 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x41, + 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x67, + 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, + 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, + 0x6f, 0x6e, 0x2e, 0x4e, 0x61, 0x6d, 0x65, 0x50, 0x61, 0x72, 0x74, 0x52, 0x04, 0x6e, 0x61, 0x6d, + 0x65, 0x12, 0x29, 0x0a, 0x10, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x5f, + 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x69, 0x64, 0x65, + 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x2c, 0x0a, 0x12, + 0x70, 0x6f, 0x73, 0x69, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x69, 0x6e, 0x74, 0x5f, 0x76, 0x61, 0x6c, + 0x75, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x04, 0x52, 0x10, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x69, + 0x76, 0x65, 0x49, 0x6e, 0x74, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x2c, 0x0a, 0x12, 0x6e, 0x65, + 0x67, 0x61, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x69, 0x6e, 0x74, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, + 0x18, 0x05, 0x20, 0x01, 0x28, 0x03, 0x52, 0x10, 0x6e, 0x65, 0x67, 0x61, 0x74, 0x69, 0x76, 0x65, + 0x49, 0x6e, 0x74, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x64, 0x6f, 0x75, 0x62, + 0x6c, 0x65, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x01, 0x52, 0x0b, + 0x64, 0x6f, 0x75, 0x62, 0x6c, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x73, + 0x74, 0x72, 0x69, 0x6e, 0x67, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, + 0x0c, 0x52, 0x0b, 0x73, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x27, + 0x0a, 0x0f, 0x61, 0x67, 0x67, 0x72, 0x65, 0x67, 0x61, 0x74, 0x65, 0x5f, 0x76, 0x61, 0x6c, 0x75, + 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x61, 0x67, 0x67, 0x72, 0x65, 0x67, 0x61, + 0x74, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x1a, 0x4a, 0x0a, 0x08, 0x4e, 0x61, 0x6d, 0x65, 0x50, + 0x61, 0x72, 0x74, 0x12, 0x1b, 0x0a, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x5f, 0x70, 0x61, 0x72, 0x74, + 0x18, 0x01, 0x20, 0x02, 0x28, 0x09, 0x52, 0x08, 0x6e, 0x61, 0x6d, 0x65, 0x50, 0x61, 0x72, 0x74, + 0x12, 0x21, 0x0a, 0x0c, 0x69, 0x73, 0x5f, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, + 0x18, 0x02, 0x20, 0x02, 0x28, 0x08, 0x52, 0x0b, 0x69, 0x73, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, + 0x69, 0x6f, 0x6e, 0x22, 0xa7, 0x02, 0x0a, 0x0e, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x43, 0x6f, + 0x64, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x44, 0x0a, 0x08, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, + 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x6f, 0x75, 0x72, 0x63, + 0x65, 0x43, 0x6f, 0x64, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x2e, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x52, 0x08, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x1a, 0xce, 0x01, 0x0a, + 0x08, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x16, 0x0a, 0x04, 0x70, 0x61, 0x74, + 0x68, 0x18, 0x01, 0x20, 0x03, 0x28, 0x05, 0x42, 0x02, 0x10, 0x01, 0x52, 0x04, 0x70, 0x61, 0x74, + 0x68, 0x12, 0x16, 0x0a, 0x04, 0x73, 0x70, 0x61, 0x6e, 0x18, 0x02, 0x20, 0x03, 0x28, 0x05, 0x42, + 0x02, 0x10, 0x01, 0x52, 0x04, 0x73, 0x70, 0x61, 0x6e, 0x12, 0x29, 0x0a, 0x10, 0x6c, 0x65, 0x61, + 0x64, 0x69, 0x6e, 0x67, 0x5f, 0x63, 0x6f, 0x6d, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x03, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x0f, 0x6c, 0x65, 0x61, 0x64, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6d, 0x6d, + 0x65, 0x6e, 0x74, 0x73, 0x12, 0x2b, 0x0a, 0x11, 0x74, 0x72, 0x61, 0x69, 0x6c, 0x69, 0x6e, 0x67, + 0x5f, 0x63, 0x6f, 0x6d, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x10, 0x74, 0x72, 0x61, 0x69, 0x6c, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6d, 0x6d, 0x65, 0x6e, 0x74, + 0x73, 0x12, 0x3a, 0x0a, 0x19, 0x6c, 0x65, 0x61, 0x64, 0x69, 0x6e, 0x67, 0x5f, 0x64, 0x65, 0x74, + 0x61, 0x63, 0x68, 0x65, 0x64, 0x5f, 0x63, 0x6f, 0x6d, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x06, + 0x20, 0x03, 0x28, 0x09, 0x52, 0x17, 0x6c, 0x65, 0x61, 0x64, 0x69, 0x6e, 0x67, 0x44, 0x65, 0x74, + 0x61, 0x63, 0x68, 0x65, 0x64, 0x43, 0x6f, 0x6d, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x22, 0xd1, 0x01, + 0x0a, 0x11, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x64, 0x43, 0x6f, 0x64, 0x65, 0x49, + 0x6e, 0x66, 0x6f, 0x12, 0x4d, 0x0a, 0x0a, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, + 0x74, 0x65, 0x64, 0x43, 0x6f, 0x64, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x2e, 0x41, 0x6e, 0x6e, 0x6f, + 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0a, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x1a, 0x6d, 0x0a, 0x0a, 0x41, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x12, 0x16, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x01, 0x20, 0x03, 0x28, 0x05, 0x42, 0x02, + 0x10, 0x01, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x12, 0x1f, 0x0a, 0x0b, 0x73, 0x6f, 0x75, 0x72, + 0x63, 0x65, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x73, + 0x6f, 0x75, 0x72, 0x63, 0x65, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x62, 0x65, 0x67, + 0x69, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05, 0x52, 0x05, 0x62, 0x65, 0x67, 0x69, 0x6e, 0x12, + 0x10, 0x0a, 0x03, 0x65, 0x6e, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x65, 0x6e, + 0x64, 0x42, 0x7e, 0x0a, 0x13, 0x63, 0x6f, 0x6d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x42, 0x10, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, + 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x73, 0x48, 0x01, 0x5a, 0x2d, 0x67, 0x6f, + 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x67, 0x6f, 0x6c, 0x61, 0x6e, 0x67, 0x2e, 0x6f, 0x72, 0x67, 0x2f, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x74, 0x79, 0x70, 0x65, 0x73, 0x2f, 0x64, + 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x70, 0x62, 0xf8, 0x01, 0x01, 0xa2, 0x02, + 0x03, 0x47, 0x50, 0x42, 0xaa, 0x02, 0x1a, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x50, 0x72, + 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x52, 0x65, 0x66, 0x6c, 0x65, 0x63, 0x74, 0x69, 0x6f, + 0x6e, +} + +var ( + file_google_protobuf_descriptor_proto_rawDescOnce sync.Once + file_google_protobuf_descriptor_proto_rawDescData = file_google_protobuf_descriptor_proto_rawDesc +) + +func file_google_protobuf_descriptor_proto_rawDescGZIP() []byte { + file_google_protobuf_descriptor_proto_rawDescOnce.Do(func() { + file_google_protobuf_descriptor_proto_rawDescData = protoimpl.X.CompressGZIP(file_google_protobuf_descriptor_proto_rawDescData) + }) + return file_google_protobuf_descriptor_proto_rawDescData +} + +var file_google_protobuf_descriptor_proto_enumTypes = make([]protoimpl.EnumInfo, 6) +var file_google_protobuf_descriptor_proto_msgTypes = make([]protoimpl.MessageInfo, 27) +var file_google_protobuf_descriptor_proto_goTypes = []interface{}{ + (FieldDescriptorProto_Type)(0), // 0: google.protobuf.FieldDescriptorProto.Type + (FieldDescriptorProto_Label)(0), // 1: google.protobuf.FieldDescriptorProto.Label + (FileOptions_OptimizeMode)(0), // 2: google.protobuf.FileOptions.OptimizeMode + (FieldOptions_CType)(0), // 3: google.protobuf.FieldOptions.CType + (FieldOptions_JSType)(0), // 4: google.protobuf.FieldOptions.JSType + (MethodOptions_IdempotencyLevel)(0), // 5: google.protobuf.MethodOptions.IdempotencyLevel + (*FileDescriptorSet)(nil), // 6: google.protobuf.FileDescriptorSet + (*FileDescriptorProto)(nil), // 7: google.protobuf.FileDescriptorProto + (*DescriptorProto)(nil), // 8: google.protobuf.DescriptorProto + (*ExtensionRangeOptions)(nil), // 9: google.protobuf.ExtensionRangeOptions + (*FieldDescriptorProto)(nil), // 10: google.protobuf.FieldDescriptorProto + (*OneofDescriptorProto)(nil), // 11: google.protobuf.OneofDescriptorProto + (*EnumDescriptorProto)(nil), // 12: google.protobuf.EnumDescriptorProto + (*EnumValueDescriptorProto)(nil), // 13: google.protobuf.EnumValueDescriptorProto + (*ServiceDescriptorProto)(nil), // 14: google.protobuf.ServiceDescriptorProto + (*MethodDescriptorProto)(nil), // 15: google.protobuf.MethodDescriptorProto + (*FileOptions)(nil), // 16: google.protobuf.FileOptions + (*MessageOptions)(nil), // 17: google.protobuf.MessageOptions + (*FieldOptions)(nil), // 18: google.protobuf.FieldOptions + (*OneofOptions)(nil), // 19: google.protobuf.OneofOptions + (*EnumOptions)(nil), // 20: google.protobuf.EnumOptions + (*EnumValueOptions)(nil), // 21: google.protobuf.EnumValueOptions + (*ServiceOptions)(nil), // 22: google.protobuf.ServiceOptions + (*MethodOptions)(nil), // 23: google.protobuf.MethodOptions + (*UninterpretedOption)(nil), // 24: google.protobuf.UninterpretedOption + (*SourceCodeInfo)(nil), // 25: google.protobuf.SourceCodeInfo + (*GeneratedCodeInfo)(nil), // 26: google.protobuf.GeneratedCodeInfo + (*DescriptorProto_ExtensionRange)(nil), // 27: google.protobuf.DescriptorProto.ExtensionRange + (*DescriptorProto_ReservedRange)(nil), // 28: google.protobuf.DescriptorProto.ReservedRange + (*EnumDescriptorProto_EnumReservedRange)(nil), // 29: google.protobuf.EnumDescriptorProto.EnumReservedRange + (*UninterpretedOption_NamePart)(nil), // 30: google.protobuf.UninterpretedOption.NamePart + (*SourceCodeInfo_Location)(nil), // 31: google.protobuf.SourceCodeInfo.Location + (*GeneratedCodeInfo_Annotation)(nil), // 32: google.protobuf.GeneratedCodeInfo.Annotation +} +var file_google_protobuf_descriptor_proto_depIdxs = []int32{ + 7, // 0: google.protobuf.FileDescriptorSet.file:type_name -> google.protobuf.FileDescriptorProto + 8, // 1: google.protobuf.FileDescriptorProto.message_type:type_name -> google.protobuf.DescriptorProto + 12, // 2: google.protobuf.FileDescriptorProto.enum_type:type_name -> google.protobuf.EnumDescriptorProto + 14, // 3: google.protobuf.FileDescriptorProto.service:type_name -> google.protobuf.ServiceDescriptorProto + 10, // 4: google.protobuf.FileDescriptorProto.extension:type_name -> google.protobuf.FieldDescriptorProto + 16, // 5: google.protobuf.FileDescriptorProto.options:type_name -> google.protobuf.FileOptions + 25, // 6: google.protobuf.FileDescriptorProto.source_code_info:type_name -> google.protobuf.SourceCodeInfo + 10, // 7: google.protobuf.DescriptorProto.field:type_name -> google.protobuf.FieldDescriptorProto + 10, // 8: google.protobuf.DescriptorProto.extension:type_name -> google.protobuf.FieldDescriptorProto + 8, // 9: google.protobuf.DescriptorProto.nested_type:type_name -> google.protobuf.DescriptorProto + 12, // 10: google.protobuf.DescriptorProto.enum_type:type_name -> google.protobuf.EnumDescriptorProto + 27, // 11: google.protobuf.DescriptorProto.extension_range:type_name -> google.protobuf.DescriptorProto.ExtensionRange + 11, // 12: google.protobuf.DescriptorProto.oneof_decl:type_name -> google.protobuf.OneofDescriptorProto + 17, // 13: google.protobuf.DescriptorProto.options:type_name -> google.protobuf.MessageOptions + 28, // 14: google.protobuf.DescriptorProto.reserved_range:type_name -> google.protobuf.DescriptorProto.ReservedRange + 24, // 15: google.protobuf.ExtensionRangeOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption + 1, // 16: google.protobuf.FieldDescriptorProto.label:type_name -> google.protobuf.FieldDescriptorProto.Label + 0, // 17: google.protobuf.FieldDescriptorProto.type:type_name -> google.protobuf.FieldDescriptorProto.Type + 18, // 18: google.protobuf.FieldDescriptorProto.options:type_name -> google.protobuf.FieldOptions + 19, // 19: google.protobuf.OneofDescriptorProto.options:type_name -> google.protobuf.OneofOptions + 13, // 20: google.protobuf.EnumDescriptorProto.value:type_name -> google.protobuf.EnumValueDescriptorProto + 20, // 21: google.protobuf.EnumDescriptorProto.options:type_name -> google.protobuf.EnumOptions + 29, // 22: google.protobuf.EnumDescriptorProto.reserved_range:type_name -> google.protobuf.EnumDescriptorProto.EnumReservedRange + 21, // 23: google.protobuf.EnumValueDescriptorProto.options:type_name -> google.protobuf.EnumValueOptions + 15, // 24: google.protobuf.ServiceDescriptorProto.method:type_name -> google.protobuf.MethodDescriptorProto + 22, // 25: google.protobuf.ServiceDescriptorProto.options:type_name -> google.protobuf.ServiceOptions + 23, // 26: google.protobuf.MethodDescriptorProto.options:type_name -> google.protobuf.MethodOptions + 2, // 27: google.protobuf.FileOptions.optimize_for:type_name -> google.protobuf.FileOptions.OptimizeMode + 24, // 28: google.protobuf.FileOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption + 24, // 29: google.protobuf.MessageOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption + 3, // 30: google.protobuf.FieldOptions.ctype:type_name -> google.protobuf.FieldOptions.CType + 4, // 31: google.protobuf.FieldOptions.jstype:type_name -> google.protobuf.FieldOptions.JSType + 24, // 32: google.protobuf.FieldOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption + 24, // 33: google.protobuf.OneofOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption + 24, // 34: google.protobuf.EnumOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption + 24, // 35: google.protobuf.EnumValueOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption + 24, // 36: google.protobuf.ServiceOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption + 5, // 37: google.protobuf.MethodOptions.idempotency_level:type_name -> google.protobuf.MethodOptions.IdempotencyLevel + 24, // 38: google.protobuf.MethodOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption + 30, // 39: google.protobuf.UninterpretedOption.name:type_name -> google.protobuf.UninterpretedOption.NamePart + 31, // 40: google.protobuf.SourceCodeInfo.location:type_name -> google.protobuf.SourceCodeInfo.Location + 32, // 41: google.protobuf.GeneratedCodeInfo.annotation:type_name -> google.protobuf.GeneratedCodeInfo.Annotation + 9, // 42: google.protobuf.DescriptorProto.ExtensionRange.options:type_name -> google.protobuf.ExtensionRangeOptions + 43, // [43:43] is the sub-list for method output_type + 43, // [43:43] is the sub-list for method input_type + 43, // [43:43] is the sub-list for extension type_name + 43, // [43:43] is the sub-list for extension extendee + 0, // [0:43] is the sub-list for field type_name +} + +func init() { file_google_protobuf_descriptor_proto_init() } +func file_google_protobuf_descriptor_proto_init() { + if File_google_protobuf_descriptor_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_google_protobuf_descriptor_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*FileDescriptorSet); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_google_protobuf_descriptor_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*FileDescriptorProto); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_google_protobuf_descriptor_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*DescriptorProto); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_google_protobuf_descriptor_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ExtensionRangeOptions); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + case 3: + return &v.extensionFields + default: + return nil + } + } + file_google_protobuf_descriptor_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*FieldDescriptorProto); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_google_protobuf_descriptor_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*OneofDescriptorProto); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_google_protobuf_descriptor_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*EnumDescriptorProto); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_google_protobuf_descriptor_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*EnumValueDescriptorProto); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_google_protobuf_descriptor_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ServiceDescriptorProto); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_google_protobuf_descriptor_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*MethodDescriptorProto); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_google_protobuf_descriptor_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*FileOptions); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + case 3: + return &v.extensionFields + default: + return nil + } + } + file_google_protobuf_descriptor_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*MessageOptions); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + case 3: + return &v.extensionFields + default: + return nil + } + } + file_google_protobuf_descriptor_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*FieldOptions); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + case 3: + return &v.extensionFields + default: + return nil + } + } + file_google_protobuf_descriptor_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*OneofOptions); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + case 3: + return &v.extensionFields + default: + return nil + } + } + file_google_protobuf_descriptor_proto_msgTypes[14].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*EnumOptions); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + case 3: + return &v.extensionFields + default: + return nil + } + } + file_google_protobuf_descriptor_proto_msgTypes[15].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*EnumValueOptions); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + case 3: + return &v.extensionFields + default: + return nil + } + } + file_google_protobuf_descriptor_proto_msgTypes[16].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ServiceOptions); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + case 3: + return &v.extensionFields + default: + return nil + } + } + file_google_protobuf_descriptor_proto_msgTypes[17].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*MethodOptions); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + case 3: + return &v.extensionFields + default: + return nil + } + } + file_google_protobuf_descriptor_proto_msgTypes[18].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*UninterpretedOption); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_google_protobuf_descriptor_proto_msgTypes[19].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*SourceCodeInfo); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_google_protobuf_descriptor_proto_msgTypes[20].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*GeneratedCodeInfo); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_google_protobuf_descriptor_proto_msgTypes[21].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*DescriptorProto_ExtensionRange); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_google_protobuf_descriptor_proto_msgTypes[22].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*DescriptorProto_ReservedRange); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_google_protobuf_descriptor_proto_msgTypes[23].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*EnumDescriptorProto_EnumReservedRange); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_google_protobuf_descriptor_proto_msgTypes[24].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*UninterpretedOption_NamePart); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_google_protobuf_descriptor_proto_msgTypes[25].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*SourceCodeInfo_Location); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_google_protobuf_descriptor_proto_msgTypes[26].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*GeneratedCodeInfo_Annotation); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_google_protobuf_descriptor_proto_rawDesc, + NumEnums: 6, + NumMessages: 27, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_google_protobuf_descriptor_proto_goTypes, + DependencyIndexes: file_google_protobuf_descriptor_proto_depIdxs, + EnumInfos: file_google_protobuf_descriptor_proto_enumTypes, + MessageInfos: file_google_protobuf_descriptor_proto_msgTypes, + }.Build() + File_google_protobuf_descriptor_proto = out.File + file_google_protobuf_descriptor_proto_rawDesc = nil + file_google_protobuf_descriptor_proto_goTypes = nil + file_google_protobuf_descriptor_proto_depIdxs = nil +} diff --git a/vendor/modules.txt b/vendor/modules.txt index d8ed97abae5..989cbe8a964 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1,7 +1,7 @@ -# github.com/checkpoint-restore/go-criu/v5 v5.3.0 -## explicit; go 1.13 -github.com/checkpoint-restore/go-criu/v5 -github.com/checkpoint-restore/go-criu/v5/rpc +# github.com/checkpoint-restore/go-criu/v6 v6.1.0 +## explicit; go 1.16 +github.com/checkpoint-restore/go-criu/v6 +github.com/checkpoint-restore/go-criu/v6/crit/images # github.com/cilium/ebpf v0.9.1 ## explicit; go 1.17 github.com/cilium/ebpf @@ -18,8 +18,8 @@ github.com/containerd/console ## explicit; go 1.12 github.com/coreos/go-systemd/v22/activation github.com/coreos/go-systemd/v22/dbus -# github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d -## explicit; go 1.12 +# github.com/cpuguy83/go-md2man/v2 v2.0.2 +## explicit; go 1.11 github.com/cpuguy83/go-md2man/v2/md2man # github.com/cyphar/filepath-securejoin v0.2.3 ## explicit; go 1.13 @@ -45,15 +45,12 @@ github.com/opencontainers/selinux/go-selinux github.com/opencontainers/selinux/go-selinux/label github.com/opencontainers/selinux/pkg/pwalk github.com/opencontainers/selinux/pkg/pwalkdir -# github.com/russross/blackfriday/v2 v2.0.1 +# github.com/russross/blackfriday/v2 v2.1.0 ## explicit github.com/russross/blackfriday/v2 # github.com/seccomp/libseccomp-golang v0.10.0 ## explicit; go 1.14 github.com/seccomp/libseccomp-golang -# github.com/shurcooL/sanitized_anchor_name v1.0.0 -## explicit -github.com/shurcooL/sanitized_anchor_name # github.com/sirupsen/logrus v1.9.0 ## explicit; go 1.13 github.com/sirupsen/logrus @@ -107,3 +104,4 @@ google.golang.org/protobuf/reflect/protoreflect google.golang.org/protobuf/reflect/protoregistry google.golang.org/protobuf/runtime/protoiface google.golang.org/protobuf/runtime/protoimpl +google.golang.org/protobuf/types/descriptorpb From 29a28848de731a35f68e6780f973151f0843c61c Mon Sep 17 00:00:00 2001 From: dharmicksai Date: Thu, 8 Sep 2022 14:28:47 +0530 Subject: [PATCH 0091/1176] Add check for CONFIG_CGROUP_BPF in check-config.sh cgroup v2 requires CONFIG_CGROUP_BPF kernel option to be set else runc can not start containers. check-config.sh script checks if the CONFIG_CGROUP_BPF option is set. The script checks if version of kernel is atleast 4.15 and cgroup v2 is being used before checking if the CONFIG_CGROUP_BPF option is set. Closes #3547 Signed-off-by: dharmicksai --- script/check-config.sh | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/script/check-config.sh b/script/check-config.sh index ec8bc63a573..acc5547cfb2 100755 --- a/script/check-config.sh +++ b/script/check-config.sh @@ -178,14 +178,17 @@ echo echo 'Generally Necessary:' +cgroup="" echo -n '- ' if [ "$(stat -f -c %t /sys/fs/cgroup 2>/dev/null)" = "63677270" ]; then wrap_good 'cgroup hierarchy' 'cgroupv2' + cgroup="v2" else cgroupSubsystemDir="$(awk '/[, ](cpu|cpuacct|cpuset|devices|freezer|memory)[, ]/ && $3 == "cgroup" { print $2 }' /proc/mounts | head -n1)" cgroupDir="$(dirname "$cgroupSubsystemDir")" if [ -d "$cgroupDir/cpu" ] || [ -d "$cgroupDir/cpuacct" ] || [ -d "$cgroupDir/cpuset" ] || [ -d "$cgroupDir/devices" ] || [ -d "$cgroupDir/freezer" ] || [ -d "$cgroupDir/memory" ]; then wrap_good 'cgroup hierarchy' 'properly mounted' "[$cgroupDir]" + cgroup="v1" else if [ "$cgroupSubsystemDir" ]; then wrap_bad 'cgroup hierarchy' 'single mountpoint!' "[$cgroupSubsystemDir]" @@ -227,6 +230,12 @@ flags=( ) check_flags "${flags[@]}" +if ! kernel_lt 4 14; then + if [ $cgroup = "v2" ]; then + check_flags CGROUP_BPF + fi +fi + if kernel_lt 5 1; then check_flags NF_NAT_IPV4 fi From e965e10c32c0f26238d3eb9d4234047c51b64ab9 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 15 Sep 2022 11:48:55 -0700 Subject: [PATCH 0092/1176] tests/int: do not set inheritable capabilities Amends commit 98fe566c527479195ce3c ("runc: do not set inheritable capabilities"). Signed-off-by: Kir Kolyshkin --- tests/integration/dev.bats | 3 --- tests/integration/update.bats | 1 - 2 files changed, 4 deletions(-) diff --git a/tests/integration/dev.bats b/tests/integration/dev.bats index 6d972335095..9da472d1acc 100644 --- a/tests/integration/dev.bats +++ b/tests/integration/dev.bats @@ -40,7 +40,6 @@ function teardown() { | .linux.devices = [{"path": "/dev/kmsg", "type": "c", "major": 1, "minor": 11}] | .process.capabilities.bounding += ["CAP_SYSLOG"] | .process.capabilities.effective += ["CAP_SYSLOG"] - | .process.capabilities.inheritable += ["CAP_SYSLOG"] | .process.capabilities.permitted += ["CAP_SYSLOG"] | .process.args |= ["sh"]' @@ -78,7 +77,6 @@ function teardown() { | .process.args |= ["sh"] | .process.capabilities.bounding += ["CAP_SYSLOG"] | .process.capabilities.effective += ["CAP_SYSLOG"] - | .process.capabilities.inheritable += ["CAP_SYSLOG"] | .process.capabilities.permitted += ["CAP_SYSLOG"] | .hostname = "myhostname"' @@ -114,7 +112,6 @@ function teardown() { | .process.args |= ["sh"] | .process.capabilities.bounding += ["CAP_MKNOD"] | .process.capabilities.effective += ["CAP_MKNOD"] - | .process.capabilities.inheritable += ["CAP_MKNOD"] | .process.capabilities.permitted += ["CAP_MKNOD"]' runc run -d --console-socket "$CONSOLE_SOCKET" test_allow_block diff --git a/tests/integration/update.bats b/tests/integration/update.bats index b2810580975..1937006fd00 100644 --- a/tests/integration/update.bats +++ b/tests/integration/update.bats @@ -642,7 +642,6 @@ EOF | .linux.devices = [{"path": "/dev/kmsg", "type": "c", "major": 1, "minor": 11}] | .process.capabilities.bounding += ["CAP_SYSLOG"] | .process.capabilities.effective += ["CAP_SYSLOG"] - | .process.capabilities.inheritable += ["CAP_SYSLOG"] | .process.capabilities.permitted += ["CAP_SYSLOG"] | .process.args |= ["sh", "-c", "while true; do head -c 100 /dev/kmsg 2> /dev/null; done"]' From 6fce0a1c67fc7733dd37d49faaf1e6deeffbdb60 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 19 Sep 2022 04:24:11 +0000 Subject: [PATCH 0093/1176] build(deps): bump github.com/checkpoint-restore/go-criu/v6 Bumps [github.com/checkpoint-restore/go-criu/v6](https://github.com/checkpoint-restore/go-criu) from 6.1.0 to 6.2.0. - [Release notes](https://github.com/checkpoint-restore/go-criu/releases) - [Commits](https://github.com/checkpoint-restore/go-criu/compare/v6.1.0...v6.2.0) --- updated-dependencies: - dependency-name: github.com/checkpoint-restore/go-criu/v6 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 +- .../checkpoint-restore/go-criu/v6/README.md | 2 +- .../go-criu/v6/crit/images/apparmor.pb.go | 45 +- .../go-criu/v6/crit/images/apparmor.proto | 1 - .../go-criu/v6/crit/images/autofs.pb.go | 34 +- .../go-criu/v6/crit/images/autofs.proto | 1 - .../go-criu/v6/crit/images/binfmt-misc.pb.go | 33 +- .../go-criu/v6/crit/images/binfmt-misc.proto | 1 - .../go-criu/v6/crit/images/bpfmap-data.pb.go | 22 +- .../go-criu/v6/crit/images/bpfmap-data.proto | 1 - .../go-criu/v6/crit/images/bpfmap-file.pb.go | 71 +- .../go-criu/v6/crit/images/bpfmap-file.proto | 1 - .../go-criu/v6/crit/images/cgroup.pb.go | 125 ++-- .../go-criu/v6/crit/images/cgroup.proto | 1 - .../go-criu/v6/crit/images/core-aarch64.pb.go | 61 +- .../go-criu/v6/crit/images/core-aarch64.proto | 1 - .../go-criu/v6/crit/images/core-arm.pb.go | 95 ++- .../go-criu/v6/crit/images/core-arm.proto | 1 - .../go-criu/v6/crit/images/core-mips.pb.go | 211 +++--- .../go-criu/v6/crit/images/core-mips.proto | 1 - .../go-criu/v6/crit/images/core-ppc64.pb.go | 165 +++-- .../go-criu/v6/crit/images/core-ppc64.proto | 1 - .../go-criu/v6/crit/images/core-s390.pb.go | 144 ++--- .../go-criu/v6/crit/images/core-s390.proto | 1 - .../go-criu/v6/crit/images/core-x86.pb.go | 194 +++--- .../go-criu/v6/crit/images/core-x86.proto | 1 - .../go-criu/v6/crit/images/cpuinfo.pb.go | 114 ++-- .../go-criu/v6/crit/images/cpuinfo.proto | 1 - .../go-criu/v6/crit/images/creds.pb.go | 61 +- .../go-criu/v6/crit/images/creds.proto | 1 - .../images/{core.pb.go => criu-core.pb.go} | 522 ++++++++------- .../images/{core.proto => criu-core.proto} | 3 +- .../crit/images/{sa.pb.go => criu-sa.pb.go} | 90 +-- .../crit/images/{sa.proto => criu-sa.proto} | 1 - .../go-criu/v6/crit/images/eventfd.pb.go | 28 +- .../go-criu/v6/crit/images/eventfd.proto | 1 - .../go-criu/v6/crit/images/eventpoll.pb.go | 49 +- .../go-criu/v6/crit/images/eventpoll.proto | 1 - .../go-criu/v6/crit/images/ext-file.pb.go | 19 +- .../go-criu/v6/crit/images/ext-file.proto | 1 - .../go-criu/v6/crit/images/fdinfo.pb.go | 282 ++++---- .../go-criu/v6/crit/images/fdinfo.proto | 1 - .../go-criu/v6/crit/images/fh.pb.go | 43 +- .../go-criu/v6/crit/images/fh.proto | 1 - .../go-criu/v6/crit/images/fifo.pb.go | 17 +- .../go-criu/v6/crit/images/fifo.proto | 1 - .../go-criu/v6/crit/images/file-lock.pb.go | 22 +- .../go-criu/v6/crit/images/file-lock.proto | 1 - .../go-criu/v6/crit/images/fown.pb.go | 22 +- .../go-criu/v6/crit/images/fown.proto | 1 - .../go-criu/v6/crit/images/fs.pb.go | 17 +- .../go-criu/v6/crit/images/fs.proto | 1 - .../go-criu/v6/crit/images/fsnotify.pb.go | 172 +++-- .../go-criu/v6/crit/images/fsnotify.proto | 1 - .../go-criu/v6/crit/images/ghost-file.pb.go | 41 +- .../go-criu/v6/crit/images/ghost-file.proto | 1 - .../go-criu/v6/crit/images/img-streamer.pb.go | 22 +- .../go-criu/v6/crit/images/img-streamer.proto | 1 - .../go-criu/v6/crit/images/inventory.pb.go | 73 ++- .../go-criu/v6/crit/images/inventory.proto | 3 +- .../go-criu/v6/crit/images/ipc-desc.pb.go | 24 +- .../go-criu/v6/crit/images/ipc-desc.proto | 1 - .../go-criu/v6/crit/images/ipc-msg.pb.go | 35 +- .../go-criu/v6/crit/images/ipc-msg.proto | 1 - .../go-criu/v6/crit/images/ipc-sem.pb.go | 23 +- .../go-criu/v6/crit/images/ipc-sem.proto | 1 - .../go-criu/v6/crit/images/ipc-shm.pb.go | 31 +- .../go-criu/v6/crit/images/ipc-shm.proto | 1 - .../go-criu/v6/crit/images/ipc-var.pb.go | 81 ++- .../go-criu/v6/crit/images/ipc-var.proto | 1 - .../go-criu/v6/crit/images/macvlan.pb.go | 15 +- .../go-criu/v6/crit/images/macvlan.proto | 1 - .../go-criu/v6/crit/images/memfd.pb.go | 63 +- .../go-criu/v6/crit/images/memfd.proto | 1 - .../go-criu/v6/crit/images/mm.pb.go | 103 ++- .../go-criu/v6/crit/images/mm.proto | 1 - .../go-criu/v6/crit/images/mnt.pb.go | 111 ++-- .../go-criu/v6/crit/images/mnt.proto | 1 - .../go-criu/v6/crit/images/netdev.pb.go | 178 +++-- .../go-criu/v6/crit/images/netdev.proto | 1 - .../go-criu/v6/crit/images/ns.pb.go | 20 +- .../go-criu/v6/crit/images/ns.proto | 1 - .../go-criu/v6/crit/images/opts.pb.go | 47 +- .../go-criu/v6/crit/images/opts.proto | 1 - .../go-criu/v6/crit/images/packet-sock.pb.go | 116 ++-- .../go-criu/v6/crit/images/packet-sock.proto | 1 - .../go-criu/v6/crit/images/pagemap.pb.go | 34 +- .../go-criu/v6/crit/images/pagemap.proto | 1 - .../go-criu/v6/crit/images/pidns.pb.go | 12 +- .../go-criu/v6/crit/images/pidns.proto | 1 - .../go-criu/v6/crit/images/pipe-data.pb.go | 16 +- .../go-criu/v6/crit/images/pipe-data.proto | 1 - .../go-criu/v6/crit/images/pipe.pb.go | 29 +- .../go-criu/v6/crit/images/pipe.proto | 1 - .../go-criu/v6/crit/images/pstree.pb.go | 22 +- .../go-criu/v6/crit/images/pstree.proto | 1 - .../go-criu/v6/crit/images/regfile.pb.go | 61 +- .../go-criu/v6/crit/images/regfile.proto | 1 - .../v6/crit/images/remap-file-path.pb.go | 34 +- .../v6/crit/images/remap-file-path.proto | 1 - .../go-criu/v6/crit/images/rlimit.pb.go | 14 +- .../go-criu/v6/crit/images/rlimit.proto | 1 - .../go-criu/v6/crit/images/rpc.pb.go | 607 +++++++++--------- .../go-criu/v6/crit/images/rpc.proto | 1 - .../go-criu/v6/crit/images/rseq.pb.go | 27 +- .../go-criu/v6/crit/images/rseq.proto | 1 - .../go-criu/v6/crit/images/seccomp.pb.go | 31 +- .../go-criu/v6/crit/images/seccomp.proto | 1 - .../go-criu/v6/crit/images/siginfo.pb.go | 25 +- .../go-criu/v6/crit/images/siginfo.proto | 1 - .../go-criu/v6/crit/images/signalfd.pb.go | 29 +- .../go-criu/v6/crit/images/signalfd.proto | 1 - .../go-criu/v6/crit/images/sit.pb.go | 69 +- .../go-criu/v6/crit/images/sit.proto | 1 - .../go-criu/v6/crit/images/sk-inet.pb.go | 136 ++-- .../go-criu/v6/crit/images/sk-inet.proto | 1 - .../go-criu/v6/crit/images/sk-netlink.pb.go | 55 +- .../go-criu/v6/crit/images/sk-netlink.proto | 1 - .../go-criu/v6/crit/images/sk-opts.pb.go | 122 ++-- .../go-criu/v6/crit/images/sk-opts.proto | 1 - .../go-criu/v6/crit/images/sk-packet.pb.go | 29 +- .../go-criu/v6/crit/images/sk-packet.proto | 1 - .../go-criu/v6/crit/images/sk-unix.pb.go | 99 ++- .../go-criu/v6/crit/images/sk-unix.proto | 1 - .../go-criu/v6/crit/images/stats.pb.go | 121 ++-- .../go-criu/v6/crit/images/stats.proto | 1 - .../go-criu/v6/crit/images/sysctl.pb.go | 29 +- .../go-criu/v6/crit/images/sysctl.proto | 1 - .../go-criu/v6/crit/images/tcp-stream.pb.go | 68 +- .../go-criu/v6/crit/images/tcp-stream.proto | 1 - .../go-criu/v6/crit/images/time.pb.go | 14 +- .../go-criu/v6/crit/images/time.proto | 1 - .../go-criu/v6/crit/images/timens.pb.go | 31 +- .../go-criu/v6/crit/images/timens.proto | 1 - .../go-criu/v6/crit/images/timer.pb.go | 94 ++- .../go-criu/v6/crit/images/timer.proto | 1 - .../go-criu/v6/crit/images/timerfd.pb.go | 49 +- .../go-criu/v6/crit/images/timerfd.proto | 1 - .../go-criu/v6/crit/images/tty.pb.go | 177 +++-- .../go-criu/v6/crit/images/tty.proto | 1 - .../go-criu/v6/crit/images/tun.pb.go | 41 +- .../go-criu/v6/crit/images/tun.proto | 1 - .../go-criu/v6/crit/images/userns.pb.go | 35 +- .../go-criu/v6/crit/images/userns.proto | 1 - .../go-criu/v6/crit/images/utsns.pb.go | 16 +- .../go-criu/v6/crit/images/utsns.proto | 1 - .../go-criu/v6/crit/images/vma.pb.go | 46 +- .../go-criu/v6/crit/images/vma.proto | 1 - vendor/modules.txt | 2 +- 150 files changed, 2870 insertions(+), 3030 deletions(-) rename vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/{core.pb.go => criu-core.pb.go} (54%) rename vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/{core.proto => criu-core.proto} (98%) rename vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/{sa.pb.go => criu-sa.pb.go} (55%) rename vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/{sa.proto => criu-sa.proto} (96%) diff --git a/go.mod b/go.mod index 000dbb5644b..b10a591a8d5 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module github.com/opencontainers/runc go 1.18 require ( - github.com/checkpoint-restore/go-criu/v6 v6.1.0 + github.com/checkpoint-restore/go-criu/v6 v6.2.0 github.com/cilium/ebpf v0.9.1 github.com/containerd/console v1.0.3 github.com/coreos/go-systemd/v22 v22.3.2 diff --git a/go.sum b/go.sum index 578c5b555ff..9a6e7026119 100644 --- a/go.sum +++ b/go.sum @@ -1,6 +1,6 @@ github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/checkpoint-restore/go-criu/v6 v6.1.0 h1:unOFSW/95ND2WjV9QWzdpWRmRuK8DsggmPfeqbfrhUM= -github.com/checkpoint-restore/go-criu/v6 v6.1.0/go.mod h1:rrRTN/uSwY2X+BPRl/gkulo9gsKOSAeVp9/K2tv7xZI= +github.com/checkpoint-restore/go-criu/v6 v6.2.0 h1:3hXH7Vbq18m6oGeSj1PZkx9z0b1c2gD/jJxAGnNdLkI= +github.com/checkpoint-restore/go-criu/v6 v6.2.0/go.mod h1:rrRTN/uSwY2X+BPRl/gkulo9gsKOSAeVp9/K2tv7xZI= github.com/cilium/ebpf v0.9.1 h1:64sn2K3UKw8NbP/blsixRpF3nXuyhz/VjRlRzvlBRu4= github.com/cilium/ebpf v0.9.1/go.mod h1:+OhNOIXx/Fnu1IE8bJz2dzOA+VSfyTfdNUVdlQnxUFY= github.com/containerd/console v1.0.3 h1:lIr7SlA5PxZyMV30bDW0MGbiOPXwc63yRuCP0ARubLw= diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/README.md b/vendor/github.com/checkpoint-restore/go-criu/v6/README.md index 81b8ba03ed6..fc296c10ab4 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/README.md +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/README.md @@ -58,7 +58,7 @@ The following table shows the relation between go-criu and criu versions: | Major version | Latest release | CRIU version | | -------------- | -------------- | ------------ | -| v6             | 6.0.0         | 3.17         | +| v6             | 6.1.0         | 3.17         | | v5             | 5.3.0         | 3.16         | | v5             | 5.0.0         | 3.15         | | v4             | 4.1.0         | 3.14         | diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/apparmor.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/apparmor.pb.go index ebdbef658ca..67bef0aa144 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/apparmor.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/apparmor.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: apparmor.proto package images @@ -189,23 +189,22 @@ var File_apparmor_proto protoreflect.FileDescriptor var file_apparmor_proto_rawDesc = []byte{ 0x0a, 0x0e, 0x61, 0x70, 0x70, 0x61, 0x72, 0x6d, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x12, 0x04, 0x63, 0x72, 0x69, 0x75, 0x22, 0x33, 0x0a, 0x09, 0x61, 0x61, 0x5f, 0x70, 0x6f, 0x6c, - 0x69, 0x63, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, - 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x62, 0x6c, 0x6f, 0x62, 0x18, - 0x02, 0x20, 0x02, 0x28, 0x0c, 0x52, 0x04, 0x62, 0x6c, 0x6f, 0x62, 0x22, 0x83, 0x01, 0x0a, 0x0c, - 0x61, 0x61, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x12, 0x0a, 0x04, - 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, - 0x12, 0x2b, 0x0a, 0x08, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, - 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x61, 0x61, 0x5f, 0x70, 0x6f, 0x6c, - 0x69, 0x63, 0x79, 0x52, 0x08, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x12, 0x32, 0x0a, - 0x0a, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, - 0x0b, 0x32, 0x12, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x61, 0x61, 0x5f, 0x6e, 0x61, 0x6d, 0x65, + 0x22, 0x33, 0x0a, 0x09, 0x61, 0x61, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x12, 0x0a, + 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, + 0x65, 0x12, 0x12, 0x0a, 0x04, 0x62, 0x6c, 0x6f, 0x62, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0c, 0x52, + 0x04, 0x62, 0x6c, 0x6f, 0x62, 0x22, 0x79, 0x0a, 0x0c, 0x61, 0x61, 0x5f, 0x6e, 0x61, 0x6d, 0x65, + 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, + 0x02, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x26, 0x0a, 0x08, 0x70, 0x6f, 0x6c, + 0x69, 0x63, 0x69, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0a, 0x2e, 0x61, 0x61, + 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x08, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, + 0x73, 0x12, 0x2d, 0x0a, 0x0a, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x73, 0x18, + 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0d, 0x2e, 0x61, 0x61, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, + 0x70, 0x61, 0x63, 0x65, 0x52, 0x0a, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x73, + 0x22, 0x3f, 0x0a, 0x0e, 0x61, 0x70, 0x70, 0x61, 0x72, 0x6d, 0x6f, 0x72, 0x5f, 0x65, 0x6e, 0x74, + 0x72, 0x79, 0x12, 0x2d, 0x0a, 0x0a, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x73, + 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0d, 0x2e, 0x61, 0x61, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x52, 0x0a, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, - 0x73, 0x22, 0x44, 0x0a, 0x0e, 0x61, 0x70, 0x70, 0x61, 0x72, 0x6d, 0x6f, 0x72, 0x5f, 0x65, 0x6e, - 0x74, 0x72, 0x79, 0x12, 0x32, 0x0a, 0x0a, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, - 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x61, - 0x61, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x52, 0x0a, 0x6e, 0x61, 0x6d, - 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x73, + 0x73, } var ( @@ -222,14 +221,14 @@ func file_apparmor_proto_rawDescGZIP() []byte { var file_apparmor_proto_msgTypes = make([]protoimpl.MessageInfo, 3) var file_apparmor_proto_goTypes = []interface{}{ - (*AaPolicy)(nil), // 0: criu.aa_policy - (*AaNamespace)(nil), // 1: criu.aa_namespace - (*ApparmorEntry)(nil), // 2: criu.apparmor_entry + (*AaPolicy)(nil), // 0: aa_policy + (*AaNamespace)(nil), // 1: aa_namespace + (*ApparmorEntry)(nil), // 2: apparmor_entry } var file_apparmor_proto_depIdxs = []int32{ - 0, // 0: criu.aa_namespace.policies:type_name -> criu.aa_policy - 1, // 1: criu.aa_namespace.namespaces:type_name -> criu.aa_namespace - 1, // 2: criu.apparmor_entry.namespaces:type_name -> criu.aa_namespace + 0, // 0: aa_namespace.policies:type_name -> aa_policy + 1, // 1: aa_namespace.namespaces:type_name -> aa_namespace + 1, // 2: apparmor_entry.namespaces:type_name -> aa_namespace 3, // [3:3] is the sub-list for method output_type 3, // [3:3] is the sub-list for method input_type 3, // [3:3] is the sub-list for extension type_name diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/apparmor.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/apparmor.proto index 4a2c64c8a9b..0c84f80a6ea 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/apparmor.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/apparmor.proto @@ -1,5 +1,4 @@ syntax = "proto2"; -package criu; message aa_policy { required string name = 1; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/autofs.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/autofs.pb.go index b27696dbfe0..828bd7f8808 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/autofs.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/autofs.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: autofs.proto package images @@ -136,21 +136,21 @@ func (x *AutofsEntry) GetReadFd() int32 { var File_autofs_proto protoreflect.FileDescriptor var file_autofs_proto_rawDesc = []byte{ - 0x0a, 0x0c, 0x61, 0x75, 0x74, 0x6f, 0x66, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, - 0x63, 0x72, 0x69, 0x75, 0x22, 0xd5, 0x01, 0x0a, 0x0c, 0x61, 0x75, 0x74, 0x6f, 0x66, 0x73, 0x5f, - 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x66, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, - 0x05, 0x52, 0x02, 0x66, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x67, 0x72, 0x70, 0x18, 0x02, 0x20, - 0x02, 0x28, 0x05, 0x52, 0x04, 0x70, 0x67, 0x72, 0x70, 0x12, 0x18, 0x0a, 0x07, 0x74, 0x69, 0x6d, - 0x65, 0x6f, 0x75, 0x74, 0x18, 0x03, 0x20, 0x02, 0x28, 0x05, 0x52, 0x07, 0x74, 0x69, 0x6d, 0x65, - 0x6f, 0x75, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x6d, 0x69, 0x6e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x18, - 0x04, 0x20, 0x02, 0x28, 0x05, 0x52, 0x08, 0x6d, 0x69, 0x6e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, - 0x1a, 0x0a, 0x08, 0x6d, 0x61, 0x78, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x18, 0x05, 0x20, 0x02, 0x28, - 0x05, 0x52, 0x08, 0x6d, 0x61, 0x78, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x6d, - 0x6f, 0x64, 0x65, 0x18, 0x06, 0x20, 0x02, 0x28, 0x05, 0x52, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x12, - 0x10, 0x0a, 0x03, 0x75, 0x69, 0x64, 0x18, 0x07, 0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x75, 0x69, - 0x64, 0x12, 0x10, 0x0a, 0x03, 0x67, 0x69, 0x64, 0x18, 0x08, 0x20, 0x01, 0x28, 0x05, 0x52, 0x03, - 0x67, 0x69, 0x64, 0x12, 0x17, 0x0a, 0x07, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x66, 0x64, 0x18, 0x09, - 0x20, 0x01, 0x28, 0x05, 0x52, 0x06, 0x72, 0x65, 0x61, 0x64, 0x46, 0x64, + 0x0a, 0x0c, 0x61, 0x75, 0x74, 0x6f, 0x66, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xd5, + 0x01, 0x0a, 0x0c, 0x61, 0x75, 0x74, 0x6f, 0x66, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, + 0x0e, 0x0a, 0x02, 0x66, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x05, 0x52, 0x02, 0x66, 0x64, 0x12, + 0x12, 0x0a, 0x04, 0x70, 0x67, 0x72, 0x70, 0x18, 0x02, 0x20, 0x02, 0x28, 0x05, 0x52, 0x04, 0x70, + 0x67, 0x72, 0x70, 0x12, 0x18, 0x0a, 0x07, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x03, + 0x20, 0x02, 0x28, 0x05, 0x52, 0x07, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x1a, 0x0a, + 0x08, 0x6d, 0x69, 0x6e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x18, 0x04, 0x20, 0x02, 0x28, 0x05, 0x52, + 0x08, 0x6d, 0x69, 0x6e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x1a, 0x0a, 0x08, 0x6d, 0x61, 0x78, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x18, 0x05, 0x20, 0x02, 0x28, 0x05, 0x52, 0x08, 0x6d, 0x61, 0x78, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x06, 0x20, + 0x02, 0x28, 0x05, 0x52, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x69, 0x64, + 0x18, 0x07, 0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x75, 0x69, 0x64, 0x12, 0x10, 0x0a, 0x03, 0x67, + 0x69, 0x64, 0x18, 0x08, 0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x67, 0x69, 0x64, 0x12, 0x17, 0x0a, + 0x07, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x66, 0x64, 0x18, 0x09, 0x20, 0x01, 0x28, 0x05, 0x52, 0x06, + 0x72, 0x65, 0x61, 0x64, 0x46, 0x64, } var ( @@ -167,7 +167,7 @@ func file_autofs_proto_rawDescGZIP() []byte { var file_autofs_proto_msgTypes = make([]protoimpl.MessageInfo, 1) var file_autofs_proto_goTypes = []interface{}{ - (*AutofsEntry)(nil), // 0: criu.autofs_entry + (*AutofsEntry)(nil), // 0: autofs_entry } var file_autofs_proto_depIdxs = []int32{ 0, // [0:0] is the sub-list for method output_type diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/autofs.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/autofs.proto index 1b830c3720a..5c8c216c84c 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/autofs.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/autofs.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; message autofs_entry { required int32 fd = 1; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/binfmt-misc.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/binfmt-misc.pb.go index 04115c6b695..1f85eb42648 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/binfmt-misc.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/binfmt-misc.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: binfmt-misc.proto package images @@ -129,21 +129,20 @@ var File_binfmt_misc_proto protoreflect.FileDescriptor var file_binfmt_misc_proto_rawDesc = []byte{ 0x0a, 0x11, 0x62, 0x69, 0x6e, 0x66, 0x6d, 0x74, 0x2d, 0x6d, 0x69, 0x73, 0x63, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x63, 0x72, 0x69, 0x75, 0x22, 0xd9, 0x01, 0x0a, 0x11, 0x62, 0x69, - 0x6e, 0x66, 0x6d, 0x74, 0x5f, 0x6d, 0x69, 0x73, 0x63, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, - 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x09, 0x52, 0x04, 0x6e, - 0x61, 0x6d, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x02, - 0x20, 0x02, 0x28, 0x08, 0x52, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x12, 0x20, 0x0a, - 0x0b, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x72, 0x18, 0x03, 0x20, 0x02, - 0x28, 0x09, 0x52, 0x0b, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x72, 0x12, - 0x14, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, - 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x1c, 0x0a, 0x09, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, - 0x6f, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, - 0x69, 0x6f, 0x6e, 0x12, 0x14, 0x0a, 0x05, 0x6d, 0x61, 0x67, 0x69, 0x63, 0x18, 0x06, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x05, 0x6d, 0x61, 0x67, 0x69, 0x63, 0x12, 0x12, 0x0a, 0x04, 0x6d, 0x61, 0x73, - 0x6b, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6d, 0x61, 0x73, 0x6b, 0x12, 0x16, 0x0a, - 0x06, 0x6f, 0x66, 0x66, 0x73, 0x65, 0x74, 0x18, 0x08, 0x20, 0x01, 0x28, 0x05, 0x52, 0x06, 0x6f, - 0x66, 0x66, 0x73, 0x65, 0x74, + 0x6f, 0x74, 0x6f, 0x22, 0xd9, 0x01, 0x0a, 0x11, 0x62, 0x69, 0x6e, 0x66, 0x6d, 0x74, 0x5f, 0x6d, + 0x69, 0x73, 0x63, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, + 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x18, 0x0a, + 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x02, 0x20, 0x02, 0x28, 0x08, 0x52, 0x07, + 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x12, 0x20, 0x0a, 0x0b, 0x69, 0x6e, 0x74, 0x65, 0x72, + 0x70, 0x72, 0x65, 0x74, 0x65, 0x72, 0x18, 0x03, 0x20, 0x02, 0x28, 0x09, 0x52, 0x0b, 0x69, 0x6e, + 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x72, 0x12, 0x14, 0x0a, 0x05, 0x66, 0x6c, 0x61, + 0x67, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, + 0x1c, 0x0a, 0x09, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x05, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x09, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x14, 0x0a, + 0x05, 0x6d, 0x61, 0x67, 0x69, 0x63, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x6d, 0x61, + 0x67, 0x69, 0x63, 0x12, 0x12, 0x0a, 0x04, 0x6d, 0x61, 0x73, 0x6b, 0x18, 0x07, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x04, 0x6d, 0x61, 0x73, 0x6b, 0x12, 0x16, 0x0a, 0x06, 0x6f, 0x66, 0x66, 0x73, 0x65, + 0x74, 0x18, 0x08, 0x20, 0x01, 0x28, 0x05, 0x52, 0x06, 0x6f, 0x66, 0x66, 0x73, 0x65, 0x74, } var ( @@ -160,7 +159,7 @@ func file_binfmt_misc_proto_rawDescGZIP() []byte { var file_binfmt_misc_proto_msgTypes = make([]protoimpl.MessageInfo, 1) var file_binfmt_misc_proto_goTypes = []interface{}{ - (*BinfmtMiscEntry)(nil), // 0: criu.binfmt_misc_entry + (*BinfmtMiscEntry)(nil), // 0: binfmt_misc_entry } var file_binfmt_misc_proto_depIdxs = []int32{ 0, // [0:0] is the sub-list for method output_type diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/binfmt-misc.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/binfmt-misc.proto index ce6401e4a9c..a48d8724c55 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/binfmt-misc.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/binfmt-misc.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; message binfmt_misc_entry { required string name = 1; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/bpfmap-data.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/bpfmap-data.pb.go index 1e7002ef66d..df3343d1743 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/bpfmap-data.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/bpfmap-data.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: bpfmap-data.proto package images @@ -97,15 +97,15 @@ var File_bpfmap_data_proto protoreflect.FileDescriptor var file_bpfmap_data_proto_rawDesc = []byte{ 0x0a, 0x11, 0x62, 0x70, 0x66, 0x6d, 0x61, 0x70, 0x2d, 0x64, 0x61, 0x74, 0x61, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x63, 0x72, 0x69, 0x75, 0x22, 0x82, 0x01, 0x0a, 0x11, 0x62, 0x70, - 0x66, 0x6d, 0x61, 0x70, 0x5f, 0x64, 0x61, 0x74, 0x61, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, - 0x15, 0x0a, 0x06, 0x6d, 0x61, 0x70, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, - 0x05, 0x6d, 0x61, 0x70, 0x49, 0x64, 0x12, 0x1d, 0x0a, 0x0a, 0x6b, 0x65, 0x79, 0x73, 0x5f, 0x62, - 0x79, 0x74, 0x65, 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x09, 0x6b, 0x65, 0x79, 0x73, - 0x42, 0x79, 0x74, 0x65, 0x73, 0x12, 0x21, 0x0a, 0x0c, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x73, 0x5f, - 0x62, 0x79, 0x74, 0x65, 0x73, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x0b, 0x76, 0x61, 0x6c, - 0x75, 0x65, 0x73, 0x42, 0x79, 0x74, 0x65, 0x73, 0x12, 0x14, 0x0a, 0x05, 0x63, 0x6f, 0x75, 0x6e, - 0x74, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x63, 0x6f, 0x75, 0x6e, 0x74, + 0x6f, 0x74, 0x6f, 0x22, 0x82, 0x01, 0x0a, 0x11, 0x62, 0x70, 0x66, 0x6d, 0x61, 0x70, 0x5f, 0x64, + 0x61, 0x74, 0x61, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x15, 0x0a, 0x06, 0x6d, 0x61, 0x70, + 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x6d, 0x61, 0x70, 0x49, 0x64, + 0x12, 0x1d, 0x0a, 0x0a, 0x6b, 0x65, 0x79, 0x73, 0x5f, 0x62, 0x79, 0x74, 0x65, 0x73, 0x18, 0x02, + 0x20, 0x02, 0x28, 0x0d, 0x52, 0x09, 0x6b, 0x65, 0x79, 0x73, 0x42, 0x79, 0x74, 0x65, 0x73, 0x12, + 0x21, 0x0a, 0x0c, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x73, 0x5f, 0x62, 0x79, 0x74, 0x65, 0x73, 0x18, + 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x0b, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x73, 0x42, 0x79, 0x74, + 0x65, 0x73, 0x12, 0x14, 0x0a, 0x05, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x04, 0x20, 0x02, 0x28, + 0x0d, 0x52, 0x05, 0x63, 0x6f, 0x75, 0x6e, 0x74, } var ( @@ -122,7 +122,7 @@ func file_bpfmap_data_proto_rawDescGZIP() []byte { var file_bpfmap_data_proto_msgTypes = make([]protoimpl.MessageInfo, 1) var file_bpfmap_data_proto_goTypes = []interface{}{ - (*BpfmapDataEntry)(nil), // 0: criu.bpfmap_data_entry + (*BpfmapDataEntry)(nil), // 0: bpfmap_data_entry } var file_bpfmap_data_proto_depIdxs = []int32{ 0, // [0:0] is the sub-list for method output_type diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/bpfmap-data.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/bpfmap-data.proto index f8d0f355e54..b9502bb452c 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/bpfmap-data.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/bpfmap-data.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; message bpfmap_data_entry { required uint32 map_id = 1; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/bpfmap-file.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/bpfmap-file.pb.go index 644bd1d733c..f50a45974b6 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/bpfmap-file.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/bpfmap-file.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: bpfmap-file.proto package images @@ -200,38 +200,37 @@ var File_bpfmap_file_proto protoreflect.FileDescriptor var file_bpfmap_file_proto_rawDesc = []byte{ 0x0a, 0x11, 0x62, 0x70, 0x66, 0x6d, 0x61, 0x70, 0x2d, 0x66, 0x69, 0x6c, 0x65, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x63, 0x72, 0x69, 0x75, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x66, 0x6f, 0x77, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x22, 0xd6, 0x03, 0x0a, 0x11, 0x62, 0x70, 0x66, 0x6d, 0x61, 0x70, 0x5f, 0x66, 0x69, 0x6c, - 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, - 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, 0x26, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, - 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x10, 0xd2, 0x3f, 0x0d, 0x1a, 0x0b, 0x72, 0x66, 0x69, - 0x6c, 0x65, 0x2e, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, - 0x10, 0x0a, 0x03, 0x70, 0x6f, 0x73, 0x18, 0x03, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x70, 0x6f, - 0x73, 0x12, 0x24, 0x0a, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0b, 0x32, - 0x10, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x66, 0x6f, 0x77, 0x6e, 0x5f, 0x65, 0x6e, 0x74, 0x72, - 0x79, 0x52, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x12, 0x19, 0x0a, 0x08, 0x6d, 0x61, 0x70, 0x5f, 0x74, - 0x79, 0x70, 0x65, 0x18, 0x05, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x6d, 0x61, 0x70, 0x54, 0x79, - 0x70, 0x65, 0x12, 0x19, 0x0a, 0x08, 0x6b, 0x65, 0x79, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x06, - 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x6b, 0x65, 0x79, 0x53, 0x69, 0x7a, 0x65, 0x12, 0x1d, 0x0a, - 0x0a, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x07, 0x20, 0x02, 0x28, - 0x0d, 0x52, 0x09, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x53, 0x69, 0x7a, 0x65, 0x12, 0x15, 0x0a, 0x06, - 0x6d, 0x61, 0x70, 0x5f, 0x69, 0x64, 0x18, 0x08, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x6d, 0x61, - 0x70, 0x49, 0x64, 0x12, 0x1f, 0x0a, 0x0b, 0x6d, 0x61, 0x78, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x69, - 0x65, 0x73, 0x18, 0x09, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x0a, 0x6d, 0x61, 0x78, 0x45, 0x6e, 0x74, - 0x72, 0x69, 0x65, 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x6d, 0x61, 0x70, 0x5f, 0x66, 0x6c, 0x61, 0x67, - 0x73, 0x18, 0x0a, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x08, 0x6d, 0x61, 0x70, 0x46, 0x6c, 0x61, 0x67, - 0x73, 0x12, 0x18, 0x0a, 0x07, 0x6d, 0x65, 0x6d, 0x6c, 0x6f, 0x63, 0x6b, 0x18, 0x0b, 0x20, 0x02, - 0x28, 0x04, 0x52, 0x07, 0x6d, 0x65, 0x6d, 0x6c, 0x6f, 0x63, 0x6b, 0x12, 0x1d, 0x0a, 0x06, 0x66, - 0x72, 0x6f, 0x7a, 0x65, 0x6e, 0x18, 0x0c, 0x20, 0x02, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, - 0x73, 0x65, 0x52, 0x06, 0x66, 0x72, 0x6f, 0x7a, 0x65, 0x6e, 0x12, 0x19, 0x0a, 0x08, 0x6d, 0x61, - 0x70, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x0d, 0x20, 0x02, 0x28, 0x09, 0x52, 0x07, 0x6d, 0x61, - 0x70, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1b, 0x0a, 0x07, 0x69, 0x66, 0x69, 0x6e, 0x64, 0x65, 0x78, - 0x18, 0x0e, 0x20, 0x02, 0x28, 0x0d, 0x3a, 0x01, 0x30, 0x52, 0x07, 0x69, 0x66, 0x69, 0x6e, 0x64, - 0x65, 0x78, 0x12, 0x19, 0x0a, 0x06, 0x6d, 0x6e, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x0f, 0x20, 0x01, - 0x28, 0x11, 0x3a, 0x02, 0x2d, 0x31, 0x52, 0x05, 0x6d, 0x6e, 0x74, 0x49, 0x64, 0x12, 0x1b, 0x0a, - 0x09, 0x6d, 0x61, 0x70, 0x5f, 0x65, 0x78, 0x74, 0x72, 0x61, 0x18, 0x10, 0x20, 0x01, 0x28, 0x04, - 0x52, 0x08, 0x6d, 0x61, 0x70, 0x45, 0x78, 0x74, 0x72, 0x61, + 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, + 0x0a, 0x66, 0x6f, 0x77, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xd1, 0x03, 0x0a, 0x11, + 0x62, 0x70, 0x66, 0x6d, 0x61, 0x70, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, + 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, + 0x64, 0x12, 0x26, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, + 0x42, 0x10, 0xd2, 0x3f, 0x0d, 0x1a, 0x0b, 0x72, 0x66, 0x69, 0x6c, 0x65, 0x2e, 0x66, 0x6c, 0x61, + 0x67, 0x73, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x10, 0x0a, 0x03, 0x70, 0x6f, 0x73, + 0x18, 0x03, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x70, 0x6f, 0x73, 0x12, 0x1f, 0x0a, 0x04, 0x66, + 0x6f, 0x77, 0x6e, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x0b, 0x2e, 0x66, 0x6f, 0x77, 0x6e, + 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x12, 0x19, 0x0a, 0x08, + 0x6d, 0x61, 0x70, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x05, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, + 0x6d, 0x61, 0x70, 0x54, 0x79, 0x70, 0x65, 0x12, 0x19, 0x0a, 0x08, 0x6b, 0x65, 0x79, 0x5f, 0x73, + 0x69, 0x7a, 0x65, 0x18, 0x06, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x6b, 0x65, 0x79, 0x53, 0x69, + 0x7a, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x5f, 0x73, 0x69, 0x7a, 0x65, + 0x18, 0x07, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x09, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x53, 0x69, 0x7a, + 0x65, 0x12, 0x15, 0x0a, 0x06, 0x6d, 0x61, 0x70, 0x5f, 0x69, 0x64, 0x18, 0x08, 0x20, 0x02, 0x28, + 0x0d, 0x52, 0x05, 0x6d, 0x61, 0x70, 0x49, 0x64, 0x12, 0x1f, 0x0a, 0x0b, 0x6d, 0x61, 0x78, 0x5f, + 0x65, 0x6e, 0x74, 0x72, 0x69, 0x65, 0x73, 0x18, 0x09, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x0a, 0x6d, + 0x61, 0x78, 0x45, 0x6e, 0x74, 0x72, 0x69, 0x65, 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x6d, 0x61, 0x70, + 0x5f, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x0a, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x08, 0x6d, 0x61, + 0x70, 0x46, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x18, 0x0a, 0x07, 0x6d, 0x65, 0x6d, 0x6c, 0x6f, 0x63, + 0x6b, 0x18, 0x0b, 0x20, 0x02, 0x28, 0x04, 0x52, 0x07, 0x6d, 0x65, 0x6d, 0x6c, 0x6f, 0x63, 0x6b, + 0x12, 0x1d, 0x0a, 0x06, 0x66, 0x72, 0x6f, 0x7a, 0x65, 0x6e, 0x18, 0x0c, 0x20, 0x02, 0x28, 0x08, + 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x06, 0x66, 0x72, 0x6f, 0x7a, 0x65, 0x6e, 0x12, + 0x19, 0x0a, 0x08, 0x6d, 0x61, 0x70, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x0d, 0x20, 0x02, 0x28, + 0x09, 0x52, 0x07, 0x6d, 0x61, 0x70, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1b, 0x0a, 0x07, 0x69, 0x66, + 0x69, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x0e, 0x20, 0x02, 0x28, 0x0d, 0x3a, 0x01, 0x30, 0x52, 0x07, + 0x69, 0x66, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x19, 0x0a, 0x06, 0x6d, 0x6e, 0x74, 0x5f, 0x69, + 0x64, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x11, 0x3a, 0x02, 0x2d, 0x31, 0x52, 0x05, 0x6d, 0x6e, 0x74, + 0x49, 0x64, 0x12, 0x1b, 0x0a, 0x09, 0x6d, 0x61, 0x70, 0x5f, 0x65, 0x78, 0x74, 0x72, 0x61, 0x18, + 0x10, 0x20, 0x01, 0x28, 0x04, 0x52, 0x08, 0x6d, 0x61, 0x70, 0x45, 0x78, 0x74, 0x72, 0x61, } var ( @@ -248,11 +247,11 @@ func file_bpfmap_file_proto_rawDescGZIP() []byte { var file_bpfmap_file_proto_msgTypes = make([]protoimpl.MessageInfo, 1) var file_bpfmap_file_proto_goTypes = []interface{}{ - (*BpfmapFileEntry)(nil), // 0: criu.bpfmap_file_entry - (*FownEntry)(nil), // 1: criu.fown_entry + (*BpfmapFileEntry)(nil), // 0: bpfmap_file_entry + (*FownEntry)(nil), // 1: fown_entry } var file_bpfmap_file_proto_depIdxs = []int32{ - 1, // 0: criu.bpfmap_file_entry.fown:type_name -> criu.fown_entry + 1, // 0: bpfmap_file_entry.fown:type_name -> fown_entry 1, // [1:1] is the sub-list for method output_type 1, // [1:1] is the sub-list for method input_type 1, // [1:1] is the sub-list for extension type_name diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/bpfmap-file.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/bpfmap-file.proto index 3b3d59e0562..895321e13b0 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/bpfmap-file.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/bpfmap-file.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; import "opts.proto"; import "fown.proto"; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/cgroup.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/cgroup.pb.go index ec7a6e97d4d..db642346a3f 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/cgroup.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/cgroup.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: cgroup.proto package images @@ -450,55 +450,52 @@ func (x *CgroupEntry) GetControllers() []*CgControllerEntry { var File_cgroup_proto protoreflect.FileDescriptor var file_cgroup_proto_rawDesc = []byte{ - 0x0a, 0x0c, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, - 0x63, 0x72, 0x69, 0x75, 0x22, 0x46, 0x0a, 0x0c, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x70, - 0x65, 0x72, 0x6d, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x02, - 0x28, 0x0d, 0x52, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x69, 0x64, 0x18, - 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, 0x75, 0x69, 0x64, 0x12, 0x10, 0x0a, 0x03, 0x67, 0x69, - 0x64, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, 0x67, 0x69, 0x64, 0x22, 0x67, 0x0a, 0x11, - 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x70, 0x72, 0x6f, 0x70, 0x5f, 0x65, 0x6e, 0x74, 0x72, - 0x79, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x09, 0x52, - 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, - 0x20, 0x02, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x28, 0x0a, 0x05, 0x70, - 0x65, 0x72, 0x6d, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x63, 0x72, 0x69, - 0x75, 0x2e, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x70, 0x65, 0x72, 0x6d, 0x73, 0x52, 0x05, - 0x70, 0x65, 0x72, 0x6d, 0x73, 0x22, 0xcb, 0x01, 0x0a, 0x10, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, - 0x5f, 0x64, 0x69, 0x72, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x19, 0x0a, 0x08, 0x64, 0x69, - 0x72, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x09, 0x52, 0x07, 0x64, 0x69, - 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x32, 0x0a, 0x08, 0x63, 0x68, 0x69, 0x6c, 0x64, 0x72, 0x65, - 0x6e, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x63, + 0x0a, 0x0c, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x46, + 0x0a, 0x0c, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x70, 0x65, 0x72, 0x6d, 0x73, 0x12, 0x12, + 0x0a, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x6d, 0x6f, + 0x64, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x69, 0x64, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, + 0x03, 0x75, 0x69, 0x64, 0x12, 0x10, 0x0a, 0x03, 0x67, 0x69, 0x64, 0x18, 0x03, 0x20, 0x02, 0x28, + 0x0d, 0x52, 0x03, 0x67, 0x69, 0x64, 0x22, 0x62, 0x0a, 0x11, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, + 0x5f, 0x70, 0x72, 0x6f, 0x70, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x6e, + 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, + 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x02, 0x28, 0x09, 0x52, 0x05, + 0x76, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x23, 0x0a, 0x05, 0x70, 0x65, 0x72, 0x6d, 0x73, 0x18, 0x03, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0d, 0x2e, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x70, 0x65, + 0x72, 0x6d, 0x73, 0x52, 0x05, 0x70, 0x65, 0x72, 0x6d, 0x73, 0x22, 0xbc, 0x01, 0x0a, 0x10, 0x63, + 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x64, 0x69, 0x72, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, + 0x19, 0x0a, 0x08, 0x64, 0x69, 0x72, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, + 0x09, 0x52, 0x07, 0x64, 0x69, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x2d, 0x0a, 0x08, 0x63, 0x68, + 0x69, 0x6c, 0x64, 0x72, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x64, 0x69, 0x72, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, - 0x08, 0x63, 0x68, 0x69, 0x6c, 0x64, 0x72, 0x65, 0x6e, 0x12, 0x37, 0x0a, 0x0a, 0x70, 0x72, 0x6f, - 0x70, 0x65, 0x72, 0x74, 0x69, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x17, 0x2e, - 0x63, 0x72, 0x69, 0x75, 0x2e, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x70, 0x72, 0x6f, 0x70, - 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0a, 0x70, 0x72, 0x6f, 0x70, 0x65, 0x72, 0x74, 0x69, - 0x65, 0x73, 0x12, 0x2f, 0x0a, 0x09, 0x64, 0x69, 0x72, 0x5f, 0x70, 0x65, 0x72, 0x6d, 0x73, 0x18, - 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x63, 0x67, 0x72, - 0x6f, 0x75, 0x70, 0x5f, 0x70, 0x65, 0x72, 0x6d, 0x73, 0x52, 0x08, 0x64, 0x69, 0x72, 0x50, 0x65, - 0x72, 0x6d, 0x73, 0x22, 0x59, 0x0a, 0x13, 0x63, 0x67, 0x5f, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, - 0x6c, 0x6c, 0x65, 0x72, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x16, 0x0a, 0x06, 0x63, 0x6e, - 0x61, 0x6d, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x06, 0x63, 0x6e, 0x61, 0x6d, - 0x65, 0x73, 0x12, 0x2a, 0x0a, 0x04, 0x64, 0x69, 0x72, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, - 0x32, 0x16, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x64, - 0x69, 0x72, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x64, 0x69, 0x72, 0x73, 0x22, 0x5a, - 0x0a, 0x0f, 0x63, 0x67, 0x5f, 0x6d, 0x65, 0x6d, 0x62, 0x65, 0x72, 0x5f, 0x65, 0x6e, 0x74, 0x72, - 0x79, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x09, 0x52, - 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x02, 0x20, - 0x02, 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x12, 0x1f, 0x0a, 0x0b, 0x63, 0x67, 0x6e, - 0x73, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0a, - 0x63, 0x67, 0x6e, 0x73, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x22, 0x49, 0x0a, 0x0c, 0x63, 0x67, - 0x5f, 0x73, 0x65, 0x74, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, - 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, 0x29, 0x0a, 0x04, 0x63, 0x74, - 0x6c, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, - 0x63, 0x67, 0x5f, 0x6d, 0x65, 0x6d, 0x62, 0x65, 0x72, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, - 0x04, 0x63, 0x74, 0x6c, 0x73, 0x22, 0x73, 0x0a, 0x0c, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, - 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x26, 0x0a, 0x04, 0x73, 0x65, 0x74, 0x73, 0x18, 0x01, 0x20, - 0x03, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x63, 0x67, 0x5f, 0x73, 0x65, - 0x74, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x73, 0x65, 0x74, 0x73, 0x12, 0x3b, 0x0a, - 0x0b, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x73, 0x18, 0x02, 0x20, 0x03, - 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x63, 0x67, 0x5f, 0x63, 0x6f, 0x6e, - 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0b, 0x63, - 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x73, + 0x08, 0x63, 0x68, 0x69, 0x6c, 0x64, 0x72, 0x65, 0x6e, 0x12, 0x32, 0x0a, 0x0a, 0x70, 0x72, 0x6f, + 0x70, 0x65, 0x72, 0x74, 0x69, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x12, 0x2e, + 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x70, 0x72, 0x6f, 0x70, 0x5f, 0x65, 0x6e, 0x74, 0x72, + 0x79, 0x52, 0x0a, 0x70, 0x72, 0x6f, 0x70, 0x65, 0x72, 0x74, 0x69, 0x65, 0x73, 0x12, 0x2a, 0x0a, + 0x09, 0x64, 0x69, 0x72, 0x5f, 0x70, 0x65, 0x72, 0x6d, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x0d, 0x2e, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x70, 0x65, 0x72, 0x6d, 0x73, 0x52, + 0x08, 0x64, 0x69, 0x72, 0x50, 0x65, 0x72, 0x6d, 0x73, 0x22, 0x54, 0x0a, 0x13, 0x63, 0x67, 0x5f, + 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, + 0x12, 0x16, 0x0a, 0x06, 0x63, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, + 0x52, 0x06, 0x63, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x25, 0x0a, 0x04, 0x64, 0x69, 0x72, 0x73, + 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, + 0x64, 0x69, 0x72, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x64, 0x69, 0x72, 0x73, 0x22, + 0x5a, 0x0a, 0x0f, 0x63, 0x67, 0x5f, 0x6d, 0x65, 0x6d, 0x62, 0x65, 0x72, 0x5f, 0x65, 0x6e, 0x74, + 0x72, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x09, + 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x02, + 0x20, 0x02, 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x12, 0x1f, 0x0a, 0x0b, 0x63, 0x67, + 0x6e, 0x73, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0d, 0x52, + 0x0a, 0x63, 0x67, 0x6e, 0x73, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x22, 0x44, 0x0a, 0x0c, 0x63, + 0x67, 0x5f, 0x73, 0x65, 0x74, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, + 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, 0x24, 0x0a, 0x04, 0x63, + 0x74, 0x6c, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x63, 0x67, 0x5f, 0x6d, + 0x65, 0x6d, 0x62, 0x65, 0x72, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x63, 0x74, 0x6c, + 0x73, 0x22, 0x69, 0x0a, 0x0c, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x65, 0x6e, 0x74, 0x72, + 0x79, 0x12, 0x21, 0x0a, 0x04, 0x73, 0x65, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, + 0x0d, 0x2e, 0x63, 0x67, 0x5f, 0x73, 0x65, 0x74, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, + 0x73, 0x65, 0x74, 0x73, 0x12, 0x36, 0x0a, 0x0b, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, + 0x65, 0x72, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x63, 0x67, 0x5f, 0x63, + 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, + 0x0b, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x73, } var ( @@ -515,23 +512,23 @@ func file_cgroup_proto_rawDescGZIP() []byte { var file_cgroup_proto_msgTypes = make([]protoimpl.MessageInfo, 7) var file_cgroup_proto_goTypes = []interface{}{ - (*CgroupPerms)(nil), // 0: criu.cgroup_perms - (*CgroupPropEntry)(nil), // 1: criu.cgroup_prop_entry - (*CgroupDirEntry)(nil), // 2: criu.cgroup_dir_entry - (*CgControllerEntry)(nil), // 3: criu.cg_controller_entry - (*CgMemberEntry)(nil), // 4: criu.cg_member_entry - (*CgSetEntry)(nil), // 5: criu.cg_set_entry - (*CgroupEntry)(nil), // 6: criu.cgroup_entry + (*CgroupPerms)(nil), // 0: cgroup_perms + (*CgroupPropEntry)(nil), // 1: cgroup_prop_entry + (*CgroupDirEntry)(nil), // 2: cgroup_dir_entry + (*CgControllerEntry)(nil), // 3: cg_controller_entry + (*CgMemberEntry)(nil), // 4: cg_member_entry + (*CgSetEntry)(nil), // 5: cg_set_entry + (*CgroupEntry)(nil), // 6: cgroup_entry } var file_cgroup_proto_depIdxs = []int32{ - 0, // 0: criu.cgroup_prop_entry.perms:type_name -> criu.cgroup_perms - 2, // 1: criu.cgroup_dir_entry.children:type_name -> criu.cgroup_dir_entry - 1, // 2: criu.cgroup_dir_entry.properties:type_name -> criu.cgroup_prop_entry - 0, // 3: criu.cgroup_dir_entry.dir_perms:type_name -> criu.cgroup_perms - 2, // 4: criu.cg_controller_entry.dirs:type_name -> criu.cgroup_dir_entry - 4, // 5: criu.cg_set_entry.ctls:type_name -> criu.cg_member_entry - 5, // 6: criu.cgroup_entry.sets:type_name -> criu.cg_set_entry - 3, // 7: criu.cgroup_entry.controllers:type_name -> criu.cg_controller_entry + 0, // 0: cgroup_prop_entry.perms:type_name -> cgroup_perms + 2, // 1: cgroup_dir_entry.children:type_name -> cgroup_dir_entry + 1, // 2: cgroup_dir_entry.properties:type_name -> cgroup_prop_entry + 0, // 3: cgroup_dir_entry.dir_perms:type_name -> cgroup_perms + 2, // 4: cg_controller_entry.dirs:type_name -> cgroup_dir_entry + 4, // 5: cg_set_entry.ctls:type_name -> cg_member_entry + 5, // 6: cgroup_entry.sets:type_name -> cg_set_entry + 3, // 7: cgroup_entry.controllers:type_name -> cg_controller_entry 8, // [8:8] is the sub-list for method output_type 8, // [8:8] is the sub-list for method input_type 8, // [8:8] is the sub-list for extension type_name diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/cgroup.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/cgroup.proto index d89ebabdf93..ee035412408 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/cgroup.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/cgroup.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; message cgroup_perms { required uint32 mode = 1; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-aarch64.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-aarch64.pb.go index 23ea4b30240..3001acd9f02 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-aarch64.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-aarch64.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: core-aarch64.proto package images @@ -231,31 +231,30 @@ var File_core_aarch64_proto protoreflect.FileDescriptor var file_core_aarch64_proto_rawDesc = []byte{ 0x0a, 0x12, 0x63, 0x6f, 0x72, 0x65, 0x2d, 0x61, 0x61, 0x72, 0x63, 0x68, 0x36, 0x34, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x63, 0x72, 0x69, 0x75, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x65, 0x0a, 0x17, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x61, - 0x61, 0x72, 0x63, 0x68, 0x36, 0x34, 0x5f, 0x72, 0x65, 0x67, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, - 0x79, 0x12, 0x12, 0x0a, 0x04, 0x72, 0x65, 0x67, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x04, 0x52, - 0x04, 0x72, 0x65, 0x67, 0x73, 0x12, 0x0e, 0x0a, 0x02, 0x73, 0x70, 0x18, 0x02, 0x20, 0x02, 0x28, - 0x04, 0x52, 0x02, 0x73, 0x70, 0x12, 0x0e, 0x0a, 0x02, 0x70, 0x63, 0x18, 0x03, 0x20, 0x02, 0x28, - 0x04, 0x52, 0x02, 0x70, 0x63, 0x12, 0x16, 0x0a, 0x06, 0x70, 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, - 0x04, 0x20, 0x02, 0x28, 0x04, 0x52, 0x06, 0x70, 0x73, 0x74, 0x61, 0x74, 0x65, 0x22, 0x61, 0x0a, - 0x21, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x61, 0x61, 0x72, 0x63, 0x68, 0x36, 0x34, 0x5f, 0x66, 0x70, - 0x73, 0x69, 0x6d, 0x64, 0x5f, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x5f, 0x65, 0x6e, 0x74, - 0x72, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x72, 0x65, 0x67, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, - 0x04, 0x52, 0x05, 0x76, 0x72, 0x65, 0x67, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x66, 0x70, 0x73, 0x72, - 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x66, 0x70, 0x73, 0x72, 0x12, 0x12, 0x0a, 0x04, - 0x66, 0x70, 0x63, 0x72, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x66, 0x70, 0x63, 0x72, - 0x22, 0xd3, 0x01, 0x0a, 0x13, 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x69, 0x6e, 0x66, 0x6f, - 0x5f, 0x61, 0x61, 0x72, 0x63, 0x68, 0x36, 0x34, 0x12, 0x2b, 0x0a, 0x0e, 0x63, 0x6c, 0x65, 0x61, - 0x72, 0x5f, 0x74, 0x69, 0x64, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, - 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x0c, 0x63, 0x6c, 0x65, 0x61, 0x72, 0x54, 0x69, - 0x64, 0x41, 0x64, 0x64, 0x72, 0x12, 0x10, 0x0a, 0x03, 0x74, 0x6c, 0x73, 0x18, 0x02, 0x20, 0x02, - 0x28, 0x04, 0x52, 0x03, 0x74, 0x6c, 0x73, 0x12, 0x3c, 0x0a, 0x06, 0x67, 0x70, 0x72, 0x65, 0x67, - 0x73, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x75, - 0x73, 0x65, 0x72, 0x5f, 0x61, 0x61, 0x72, 0x63, 0x68, 0x36, 0x34, 0x5f, 0x72, 0x65, 0x67, 0x73, - 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x06, 0x67, - 0x70, 0x72, 0x65, 0x67, 0x73, 0x12, 0x3f, 0x0a, 0x06, 0x66, 0x70, 0x73, 0x69, 0x6d, 0x64, 0x18, - 0x04, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x75, 0x73, 0x65, + 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x22, 0x65, 0x0a, 0x17, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x61, 0x61, 0x72, 0x63, 0x68, 0x36, 0x34, + 0x5f, 0x72, 0x65, 0x67, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x72, + 0x65, 0x67, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x04, 0x52, 0x04, 0x72, 0x65, 0x67, 0x73, 0x12, + 0x0e, 0x0a, 0x02, 0x73, 0x70, 0x18, 0x02, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x73, 0x70, 0x12, + 0x0e, 0x0a, 0x02, 0x70, 0x63, 0x18, 0x03, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x70, 0x63, 0x12, + 0x16, 0x0a, 0x06, 0x70, 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x04, 0x20, 0x02, 0x28, 0x04, 0x52, + 0x06, 0x70, 0x73, 0x74, 0x61, 0x74, 0x65, 0x22, 0x61, 0x0a, 0x21, 0x75, 0x73, 0x65, 0x72, 0x5f, + 0x61, 0x61, 0x72, 0x63, 0x68, 0x36, 0x34, 0x5f, 0x66, 0x70, 0x73, 0x69, 0x6d, 0x64, 0x5f, 0x63, + 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x14, 0x0a, 0x05, + 0x76, 0x72, 0x65, 0x67, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x04, 0x52, 0x05, 0x76, 0x72, 0x65, + 0x67, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x66, 0x70, 0x73, 0x72, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, + 0x52, 0x04, 0x66, 0x70, 0x73, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x66, 0x70, 0x63, 0x72, 0x18, 0x03, + 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x66, 0x70, 0x63, 0x72, 0x22, 0xc9, 0x01, 0x0a, 0x13, 0x74, + 0x68, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x61, 0x61, 0x72, 0x63, 0x68, + 0x36, 0x34, 0x12, 0x2b, 0x0a, 0x0e, 0x63, 0x6c, 0x65, 0x61, 0x72, 0x5f, 0x74, 0x69, 0x64, 0x5f, + 0x61, 0x64, 0x64, 0x72, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, + 0x01, 0x52, 0x0c, 0x63, 0x6c, 0x65, 0x61, 0x72, 0x54, 0x69, 0x64, 0x41, 0x64, 0x64, 0x72, 0x12, + 0x10, 0x0a, 0x03, 0x74, 0x6c, 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x74, 0x6c, + 0x73, 0x12, 0x37, 0x0a, 0x06, 0x67, 0x70, 0x72, 0x65, 0x67, 0x73, 0x18, 0x03, 0x20, 0x02, 0x28, + 0x0b, 0x32, 0x18, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x61, 0x61, 0x72, 0x63, 0x68, 0x36, 0x34, + 0x5f, 0x72, 0x65, 0x67, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x42, 0x05, 0xd2, 0x3f, 0x02, + 0x08, 0x01, 0x52, 0x06, 0x67, 0x70, 0x72, 0x65, 0x67, 0x73, 0x12, 0x3a, 0x0a, 0x06, 0x66, 0x70, + 0x73, 0x69, 0x6d, 0x64, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x61, 0x61, 0x72, 0x63, 0x68, 0x36, 0x34, 0x5f, 0x66, 0x70, 0x73, 0x69, 0x6d, 0x64, 0x5f, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x06, 0x66, 0x70, 0x73, 0x69, 0x6d, 0x64, @@ -275,13 +274,13 @@ func file_core_aarch64_proto_rawDescGZIP() []byte { var file_core_aarch64_proto_msgTypes = make([]protoimpl.MessageInfo, 3) var file_core_aarch64_proto_goTypes = []interface{}{ - (*UserAarch64RegsEntry)(nil), // 0: criu.user_aarch64_regs_entry - (*UserAarch64FpsimdContextEntry)(nil), // 1: criu.user_aarch64_fpsimd_context_entry - (*ThreadInfoAarch64)(nil), // 2: criu.thread_info_aarch64 + (*UserAarch64RegsEntry)(nil), // 0: user_aarch64_regs_entry + (*UserAarch64FpsimdContextEntry)(nil), // 1: user_aarch64_fpsimd_context_entry + (*ThreadInfoAarch64)(nil), // 2: thread_info_aarch64 } var file_core_aarch64_proto_depIdxs = []int32{ - 0, // 0: criu.thread_info_aarch64.gpregs:type_name -> criu.user_aarch64_regs_entry - 1, // 1: criu.thread_info_aarch64.fpsimd:type_name -> criu.user_aarch64_fpsimd_context_entry + 0, // 0: thread_info_aarch64.gpregs:type_name -> user_aarch64_regs_entry + 1, // 1: thread_info_aarch64.fpsimd:type_name -> user_aarch64_fpsimd_context_entry 2, // [2:2] is the sub-list for method output_type 2, // [2:2] is the sub-list for method input_type 2, // [2:2] is the sub-list for extension type_name diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-aarch64.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-aarch64.proto index 45d6d99b7f7..3356e6b7572 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-aarch64.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-aarch64.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; import "opts.proto"; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-arm.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-arm.pb.go index 0414c0606cd..d59fd6b1024 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-arm.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-arm.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: core-arm.proto package images @@ -359,48 +359,47 @@ var File_core_arm_proto protoreflect.FileDescriptor var file_core_arm_proto_rawDesc = []byte{ 0x0a, 0x0e, 0x63, 0x6f, 0x72, 0x65, 0x2d, 0x61, 0x72, 0x6d, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x12, 0x04, 0x63, 0x72, 0x69, 0x75, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x22, 0xc4, 0x02, 0x0a, 0x13, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x61, 0x72, 0x6d, 0x5f, - 0x72, 0x65, 0x67, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x30, - 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x72, 0x30, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x31, - 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x72, 0x31, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x32, - 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x72, 0x32, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x33, - 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x72, 0x33, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x34, - 0x18, 0x05, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x72, 0x34, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x35, - 0x18, 0x06, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x72, 0x35, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x36, - 0x18, 0x07, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x72, 0x36, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x37, - 0x18, 0x08, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x72, 0x37, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x38, - 0x18, 0x09, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x72, 0x38, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x39, - 0x18, 0x0a, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x72, 0x39, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, - 0x30, 0x18, 0x0b, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, 0x72, 0x31, 0x30, 0x12, 0x0e, 0x0a, 0x02, - 0x66, 0x70, 0x18, 0x0c, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x66, 0x70, 0x12, 0x0e, 0x0a, 0x02, - 0x69, 0x70, 0x18, 0x0d, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x70, 0x12, 0x0e, 0x0a, 0x02, - 0x73, 0x70, 0x18, 0x0e, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x73, 0x70, 0x12, 0x0e, 0x0a, 0x02, - 0x6c, 0x72, 0x18, 0x0f, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x6c, 0x72, 0x12, 0x0e, 0x0a, 0x02, - 0x70, 0x63, 0x18, 0x10, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x70, 0x63, 0x12, 0x12, 0x0a, 0x04, - 0x63, 0x70, 0x73, 0x72, 0x18, 0x11, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x63, 0x70, 0x73, 0x72, - 0x12, 0x17, 0x0a, 0x07, 0x6f, 0x72, 0x69, 0x67, 0x5f, 0x72, 0x30, 0x18, 0x12, 0x20, 0x02, 0x28, - 0x0d, 0x52, 0x06, 0x6f, 0x72, 0x69, 0x67, 0x52, 0x30, 0x22, 0x92, 0x01, 0x0a, 0x17, 0x75, 0x73, - 0x65, 0x72, 0x5f, 0x61, 0x72, 0x6d, 0x5f, 0x76, 0x66, 0x70, 0x73, 0x74, 0x61, 0x74, 0x65, 0x5f, - 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x19, 0x0a, 0x08, 0x76, 0x66, 0x70, 0x5f, 0x72, 0x65, 0x67, - 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x04, 0x52, 0x07, 0x76, 0x66, 0x70, 0x52, 0x65, 0x67, 0x73, - 0x12, 0x14, 0x0a, 0x05, 0x66, 0x70, 0x73, 0x63, 0x72, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, - 0x05, 0x66, 0x70, 0x73, 0x63, 0x72, 0x12, 0x14, 0x0a, 0x05, 0x66, 0x70, 0x65, 0x78, 0x63, 0x18, - 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x66, 0x70, 0x65, 0x78, 0x63, 0x12, 0x16, 0x0a, 0x06, - 0x66, 0x70, 0x69, 0x6e, 0x73, 0x74, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x06, 0x66, 0x70, - 0x69, 0x6e, 0x73, 0x74, 0x12, 0x18, 0x0a, 0x07, 0x66, 0x70, 0x69, 0x6e, 0x73, 0x74, 0x32, 0x18, - 0x05, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x66, 0x70, 0x69, 0x6e, 0x73, 0x74, 0x32, 0x22, 0xc3, - 0x01, 0x0a, 0x0f, 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x61, - 0x72, 0x6d, 0x12, 0x2b, 0x0a, 0x0e, 0x63, 0x6c, 0x65, 0x61, 0x72, 0x5f, 0x74, 0x69, 0x64, 0x5f, - 0x61, 0x64, 0x64, 0x72, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, - 0x01, 0x52, 0x0c, 0x63, 0x6c, 0x65, 0x61, 0x72, 0x54, 0x69, 0x64, 0x41, 0x64, 0x64, 0x72, 0x12, - 0x10, 0x0a, 0x03, 0x74, 0x6c, 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, 0x74, 0x6c, - 0x73, 0x12, 0x38, 0x0a, 0x06, 0x67, 0x70, 0x72, 0x65, 0x67, 0x73, 0x18, 0x03, 0x20, 0x02, 0x28, - 0x0b, 0x32, 0x19, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x61, 0x72, - 0x6d, 0x5f, 0x72, 0x65, 0x67, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x42, 0x05, 0xd2, 0x3f, - 0x02, 0x08, 0x01, 0x52, 0x06, 0x67, 0x70, 0x72, 0x65, 0x67, 0x73, 0x12, 0x37, 0x0a, 0x07, 0x66, - 0x70, 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x63, - 0x72, 0x69, 0x75, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x61, 0x72, 0x6d, 0x5f, 0x76, 0x66, 0x70, + 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xc4, 0x02, 0x0a, + 0x13, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x61, 0x72, 0x6d, 0x5f, 0x72, 0x65, 0x67, 0x73, 0x5f, 0x65, + 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x30, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, + 0x52, 0x02, 0x72, 0x30, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x31, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, + 0x52, 0x02, 0x72, 0x31, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x32, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, + 0x52, 0x02, 0x72, 0x32, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x33, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, + 0x52, 0x02, 0x72, 0x33, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x34, 0x18, 0x05, 0x20, 0x02, 0x28, 0x0d, + 0x52, 0x02, 0x72, 0x34, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x35, 0x18, 0x06, 0x20, 0x02, 0x28, 0x0d, + 0x52, 0x02, 0x72, 0x35, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x36, 0x18, 0x07, 0x20, 0x02, 0x28, 0x0d, + 0x52, 0x02, 0x72, 0x36, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x37, 0x18, 0x08, 0x20, 0x02, 0x28, 0x0d, + 0x52, 0x02, 0x72, 0x37, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x38, 0x18, 0x09, 0x20, 0x02, 0x28, 0x0d, + 0x52, 0x02, 0x72, 0x38, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x39, 0x18, 0x0a, 0x20, 0x02, 0x28, 0x0d, + 0x52, 0x02, 0x72, 0x39, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, 0x30, 0x18, 0x0b, 0x20, 0x02, 0x28, + 0x0d, 0x52, 0x03, 0x72, 0x31, 0x30, 0x12, 0x0e, 0x0a, 0x02, 0x66, 0x70, 0x18, 0x0c, 0x20, 0x02, + 0x28, 0x0d, 0x52, 0x02, 0x66, 0x70, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x70, 0x18, 0x0d, 0x20, 0x02, + 0x28, 0x0d, 0x52, 0x02, 0x69, 0x70, 0x12, 0x0e, 0x0a, 0x02, 0x73, 0x70, 0x18, 0x0e, 0x20, 0x02, + 0x28, 0x0d, 0x52, 0x02, 0x73, 0x70, 0x12, 0x0e, 0x0a, 0x02, 0x6c, 0x72, 0x18, 0x0f, 0x20, 0x02, + 0x28, 0x0d, 0x52, 0x02, 0x6c, 0x72, 0x12, 0x0e, 0x0a, 0x02, 0x70, 0x63, 0x18, 0x10, 0x20, 0x02, + 0x28, 0x0d, 0x52, 0x02, 0x70, 0x63, 0x12, 0x12, 0x0a, 0x04, 0x63, 0x70, 0x73, 0x72, 0x18, 0x11, + 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x63, 0x70, 0x73, 0x72, 0x12, 0x17, 0x0a, 0x07, 0x6f, 0x72, + 0x69, 0x67, 0x5f, 0x72, 0x30, 0x18, 0x12, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x06, 0x6f, 0x72, 0x69, + 0x67, 0x52, 0x30, 0x22, 0x92, 0x01, 0x0a, 0x17, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x61, 0x72, 0x6d, + 0x5f, 0x76, 0x66, 0x70, 0x73, 0x74, 0x61, 0x74, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, + 0x19, 0x0a, 0x08, 0x76, 0x66, 0x70, 0x5f, 0x72, 0x65, 0x67, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, + 0x04, 0x52, 0x07, 0x76, 0x66, 0x70, 0x52, 0x65, 0x67, 0x73, 0x12, 0x14, 0x0a, 0x05, 0x66, 0x70, + 0x73, 0x63, 0x72, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x66, 0x70, 0x73, 0x63, 0x72, + 0x12, 0x14, 0x0a, 0x05, 0x66, 0x70, 0x65, 0x78, 0x63, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, + 0x05, 0x66, 0x70, 0x65, 0x78, 0x63, 0x12, 0x16, 0x0a, 0x06, 0x66, 0x70, 0x69, 0x6e, 0x73, 0x74, + 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x06, 0x66, 0x70, 0x69, 0x6e, 0x73, 0x74, 0x12, 0x18, + 0x0a, 0x07, 0x66, 0x70, 0x69, 0x6e, 0x73, 0x74, 0x32, 0x18, 0x05, 0x20, 0x02, 0x28, 0x0d, 0x52, + 0x07, 0x66, 0x70, 0x69, 0x6e, 0x73, 0x74, 0x32, 0x22, 0xb9, 0x01, 0x0a, 0x0f, 0x74, 0x68, 0x72, + 0x65, 0x61, 0x64, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x61, 0x72, 0x6d, 0x12, 0x2b, 0x0a, 0x0e, + 0x63, 0x6c, 0x65, 0x61, 0x72, 0x5f, 0x74, 0x69, 0x64, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x18, 0x01, + 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x0c, 0x63, 0x6c, 0x65, + 0x61, 0x72, 0x54, 0x69, 0x64, 0x41, 0x64, 0x64, 0x72, 0x12, 0x10, 0x0a, 0x03, 0x74, 0x6c, 0x73, + 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, 0x74, 0x6c, 0x73, 0x12, 0x33, 0x0a, 0x06, 0x67, + 0x70, 0x72, 0x65, 0x67, 0x73, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x75, 0x73, + 0x65, 0x72, 0x5f, 0x61, 0x72, 0x6d, 0x5f, 0x72, 0x65, 0x67, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, + 0x79, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x06, 0x67, 0x70, 0x72, 0x65, 0x67, 0x73, + 0x12, 0x32, 0x0a, 0x07, 0x66, 0x70, 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x04, 0x20, 0x02, 0x28, + 0x0b, 0x32, 0x18, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x61, 0x72, 0x6d, 0x5f, 0x76, 0x66, 0x70, 0x73, 0x74, 0x61, 0x74, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x66, 0x70, 0x73, 0x74, 0x61, 0x74, 0x65, } @@ -419,13 +418,13 @@ func file_core_arm_proto_rawDescGZIP() []byte { var file_core_arm_proto_msgTypes = make([]protoimpl.MessageInfo, 3) var file_core_arm_proto_goTypes = []interface{}{ - (*UserArmRegsEntry)(nil), // 0: criu.user_arm_regs_entry - (*UserArmVfpstateEntry)(nil), // 1: criu.user_arm_vfpstate_entry - (*ThreadInfoArm)(nil), // 2: criu.thread_info_arm + (*UserArmRegsEntry)(nil), // 0: user_arm_regs_entry + (*UserArmVfpstateEntry)(nil), // 1: user_arm_vfpstate_entry + (*ThreadInfoArm)(nil), // 2: thread_info_arm } var file_core_arm_proto_depIdxs = []int32{ - 0, // 0: criu.thread_info_arm.gpregs:type_name -> criu.user_arm_regs_entry - 1, // 1: criu.thread_info_arm.fpstate:type_name -> criu.user_arm_vfpstate_entry + 0, // 0: thread_info_arm.gpregs:type_name -> user_arm_regs_entry + 1, // 1: thread_info_arm.fpstate:type_name -> user_arm_vfpstate_entry 2, // [2:2] is the sub-list for method output_type 2, // [2:2] is the sub-list for method input_type 2, // [2:2] is the sub-list for extension type_name diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-arm.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-arm.proto index 3562c5a64e8..f9c9e80cb62 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-arm.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-arm.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; import "opts.proto"; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-mips.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-mips.pb.go index 963d7bb265b..9b9e7982b18 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-mips.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-mips.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: core-mips.proto package images @@ -767,106 +767,105 @@ var File_core_mips_proto protoreflect.FileDescriptor var file_core_mips_proto_rawDesc = []byte{ 0x0a, 0x0f, 0x63, 0x6f, 0x72, 0x65, 0x2d, 0x6d, 0x69, 0x70, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x12, 0x04, 0x63, 0x72, 0x69, 0x75, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x22, 0xda, 0x05, 0x0a, 0x14, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x6d, 0x69, 0x70, - 0x73, 0x5f, 0x72, 0x65, 0x67, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, - 0x72, 0x30, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x72, 0x30, 0x12, 0x0e, 0x0a, 0x02, - 0x72, 0x31, 0x18, 0x02, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x72, 0x31, 0x12, 0x0e, 0x0a, 0x02, - 0x72, 0x32, 0x18, 0x03, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x72, 0x32, 0x12, 0x0e, 0x0a, 0x02, - 0x72, 0x33, 0x18, 0x04, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x72, 0x33, 0x12, 0x0e, 0x0a, 0x02, - 0x72, 0x34, 0x18, 0x05, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x72, 0x34, 0x12, 0x0e, 0x0a, 0x02, - 0x72, 0x35, 0x18, 0x06, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x72, 0x35, 0x12, 0x0e, 0x0a, 0x02, - 0x72, 0x36, 0x18, 0x07, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x72, 0x36, 0x12, 0x0e, 0x0a, 0x02, - 0x72, 0x37, 0x18, 0x08, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x72, 0x37, 0x12, 0x0e, 0x0a, 0x02, - 0x72, 0x38, 0x18, 0x09, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x72, 0x38, 0x12, 0x0e, 0x0a, 0x02, - 0x72, 0x39, 0x18, 0x0a, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x72, 0x39, 0x12, 0x10, 0x0a, 0x03, - 0x72, 0x31, 0x30, 0x18, 0x0b, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x30, 0x12, 0x10, - 0x0a, 0x03, 0x72, 0x31, 0x31, 0x18, 0x0c, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x31, - 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, 0x32, 0x18, 0x0d, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, - 0x31, 0x32, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, 0x33, 0x18, 0x0e, 0x20, 0x02, 0x28, 0x04, 0x52, - 0x03, 0x72, 0x31, 0x33, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, 0x34, 0x18, 0x0f, 0x20, 0x02, 0x28, - 0x04, 0x52, 0x03, 0x72, 0x31, 0x34, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, 0x35, 0x18, 0x10, 0x20, - 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x35, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, 0x36, 0x18, - 0x11, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x36, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, - 0x37, 0x18, 0x12, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x37, 0x12, 0x10, 0x0a, 0x03, - 0x72, 0x31, 0x38, 0x18, 0x13, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x38, 0x12, 0x10, - 0x0a, 0x03, 0x72, 0x31, 0x39, 0x18, 0x14, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x39, - 0x12, 0x10, 0x0a, 0x03, 0x72, 0x32, 0x30, 0x18, 0x15, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, - 0x32, 0x30, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x32, 0x31, 0x18, 0x16, 0x20, 0x02, 0x28, 0x04, 0x52, - 0x03, 0x72, 0x32, 0x31, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x32, 0x32, 0x18, 0x17, 0x20, 0x02, 0x28, - 0x04, 0x52, 0x03, 0x72, 0x32, 0x32, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x32, 0x33, 0x18, 0x18, 0x20, - 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x32, 0x33, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x32, 0x34, 0x18, - 0x19, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x32, 0x34, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x32, - 0x35, 0x18, 0x1a, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x32, 0x35, 0x12, 0x10, 0x0a, 0x03, - 0x72, 0x32, 0x36, 0x18, 0x1b, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x32, 0x36, 0x12, 0x10, - 0x0a, 0x03, 0x72, 0x32, 0x37, 0x18, 0x1c, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x32, 0x37, - 0x12, 0x10, 0x0a, 0x03, 0x72, 0x32, 0x38, 0x18, 0x1d, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, - 0x32, 0x38, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x32, 0x39, 0x18, 0x1e, 0x20, 0x02, 0x28, 0x04, 0x52, - 0x03, 0x72, 0x32, 0x39, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x33, 0x30, 0x18, 0x1f, 0x20, 0x02, 0x28, - 0x04, 0x52, 0x03, 0x72, 0x33, 0x30, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x33, 0x31, 0x18, 0x20, 0x20, - 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x33, 0x31, 0x12, 0x0e, 0x0a, 0x02, 0x6c, 0x6f, 0x18, 0x21, - 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x6c, 0x6f, 0x12, 0x0e, 0x0a, 0x02, 0x68, 0x69, 0x18, 0x22, - 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x68, 0x69, 0x12, 0x17, 0x0a, 0x07, 0x63, 0x70, 0x30, 0x5f, - 0x65, 0x70, 0x63, 0x18, 0x23, 0x20, 0x02, 0x28, 0x04, 0x52, 0x06, 0x63, 0x70, 0x30, 0x45, 0x70, - 0x63, 0x12, 0x21, 0x0a, 0x0c, 0x63, 0x70, 0x30, 0x5f, 0x62, 0x61, 0x64, 0x76, 0x61, 0x64, 0x64, - 0x72, 0x18, 0x24, 0x20, 0x02, 0x28, 0x04, 0x52, 0x0b, 0x63, 0x70, 0x30, 0x42, 0x61, 0x64, 0x76, - 0x61, 0x64, 0x64, 0x72, 0x12, 0x1d, 0x0a, 0x0a, 0x63, 0x70, 0x30, 0x5f, 0x73, 0x74, 0x61, 0x74, - 0x75, 0x73, 0x18, 0x25, 0x20, 0x02, 0x28, 0x04, 0x52, 0x09, 0x63, 0x70, 0x30, 0x53, 0x74, 0x61, - 0x74, 0x75, 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x63, 0x70, 0x30, 0x5f, 0x63, 0x61, 0x75, 0x73, 0x65, - 0x18, 0x26, 0x20, 0x02, 0x28, 0x04, 0x52, 0x08, 0x63, 0x70, 0x30, 0x43, 0x61, 0x75, 0x73, 0x65, - 0x22, 0x98, 0x05, 0x0a, 0x16, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x6d, 0x69, 0x70, 0x73, 0x5f, 0x66, - 0x70, 0x72, 0x65, 0x67, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x72, - 0x30, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x72, 0x30, 0x12, 0x0e, 0x0a, 0x02, 0x72, - 0x31, 0x18, 0x02, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x72, 0x31, 0x12, 0x0e, 0x0a, 0x02, 0x72, - 0x32, 0x18, 0x03, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x72, 0x32, 0x12, 0x0e, 0x0a, 0x02, 0x72, - 0x33, 0x18, 0x04, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x72, 0x33, 0x12, 0x0e, 0x0a, 0x02, 0x72, - 0x34, 0x18, 0x05, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x72, 0x34, 0x12, 0x0e, 0x0a, 0x02, 0x72, - 0x35, 0x18, 0x06, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x72, 0x35, 0x12, 0x0e, 0x0a, 0x02, 0x72, - 0x36, 0x18, 0x07, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x72, 0x36, 0x12, 0x0e, 0x0a, 0x02, 0x72, - 0x37, 0x18, 0x08, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x72, 0x37, 0x12, 0x0e, 0x0a, 0x02, 0x72, - 0x38, 0x18, 0x09, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x72, 0x38, 0x12, 0x0e, 0x0a, 0x02, 0x72, - 0x39, 0x18, 0x0a, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x72, 0x39, 0x12, 0x10, 0x0a, 0x03, 0x72, - 0x31, 0x30, 0x18, 0x0b, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x30, 0x12, 0x10, 0x0a, - 0x03, 0x72, 0x31, 0x31, 0x18, 0x0c, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x31, 0x12, - 0x10, 0x0a, 0x03, 0x72, 0x31, 0x32, 0x18, 0x0d, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, - 0x32, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, 0x33, 0x18, 0x0e, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, - 0x72, 0x31, 0x33, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, 0x34, 0x18, 0x0f, 0x20, 0x02, 0x28, 0x04, - 0x52, 0x03, 0x72, 0x31, 0x34, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, 0x35, 0x18, 0x10, 0x20, 0x02, - 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x35, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, 0x36, 0x18, 0x11, - 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x36, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, 0x37, - 0x18, 0x12, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x37, 0x12, 0x10, 0x0a, 0x03, 0x72, - 0x31, 0x38, 0x18, 0x13, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x38, 0x12, 0x10, 0x0a, - 0x03, 0x72, 0x31, 0x39, 0x18, 0x14, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x39, 0x12, - 0x10, 0x0a, 0x03, 0x72, 0x32, 0x30, 0x18, 0x15, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x32, - 0x30, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x32, 0x31, 0x18, 0x16, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, - 0x72, 0x32, 0x31, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x32, 0x32, 0x18, 0x17, 0x20, 0x02, 0x28, 0x04, - 0x52, 0x03, 0x72, 0x32, 0x32, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x32, 0x33, 0x18, 0x18, 0x20, 0x02, - 0x28, 0x04, 0x52, 0x03, 0x72, 0x32, 0x33, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x32, 0x34, 0x18, 0x19, - 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x32, 0x34, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x32, 0x35, - 0x18, 0x1a, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x32, 0x35, 0x12, 0x10, 0x0a, 0x03, 0x72, - 0x32, 0x36, 0x18, 0x1b, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x32, 0x36, 0x12, 0x10, 0x0a, - 0x03, 0x72, 0x32, 0x37, 0x18, 0x1c, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x32, 0x37, 0x12, - 0x10, 0x0a, 0x03, 0x72, 0x32, 0x38, 0x18, 0x1d, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x32, - 0x38, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x32, 0x39, 0x18, 0x1e, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, - 0x72, 0x32, 0x39, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x33, 0x30, 0x18, 0x1f, 0x20, 0x02, 0x28, 0x04, - 0x52, 0x03, 0x72, 0x33, 0x30, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x33, 0x31, 0x18, 0x20, 0x20, 0x02, - 0x28, 0x04, 0x52, 0x03, 0x72, 0x33, 0x31, 0x12, 0x0e, 0x0a, 0x02, 0x6c, 0x6f, 0x18, 0x21, 0x20, - 0x02, 0x28, 0x04, 0x52, 0x02, 0x6c, 0x6f, 0x12, 0x0e, 0x0a, 0x02, 0x68, 0x69, 0x18, 0x22, 0x20, - 0x02, 0x28, 0x04, 0x52, 0x02, 0x68, 0x69, 0x12, 0x1b, 0x0a, 0x09, 0x66, 0x70, 0x75, 0x5f, 0x66, - 0x63, 0x72, 0x33, 0x31, 0x18, 0x23, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x08, 0x66, 0x70, 0x75, 0x46, - 0x63, 0x72, 0x33, 0x31, 0x12, 0x15, 0x0a, 0x06, 0x66, 0x70, 0x75, 0x5f, 0x69, 0x64, 0x18, 0x24, - 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x66, 0x70, 0x75, 0x49, 0x64, 0x22, 0xc9, 0x01, 0x0a, 0x10, - 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x6d, 0x69, 0x70, 0x73, - 0x12, 0x2b, 0x0a, 0x0e, 0x63, 0x6c, 0x65, 0x61, 0x72, 0x5f, 0x74, 0x69, 0x64, 0x5f, 0x61, 0x64, - 0x64, 0x72, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, - 0x0c, 0x63, 0x6c, 0x65, 0x61, 0x72, 0x54, 0x69, 0x64, 0x41, 0x64, 0x64, 0x72, 0x12, 0x10, 0x0a, - 0x03, 0x74, 0x6c, 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x74, 0x6c, 0x73, 0x12, - 0x39, 0x0a, 0x06, 0x67, 0x70, 0x72, 0x65, 0x67, 0x73, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0b, 0x32, - 0x1a, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x6d, 0x69, 0x70, 0x73, - 0x5f, 0x72, 0x65, 0x67, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x42, 0x05, 0xd2, 0x3f, 0x02, - 0x08, 0x01, 0x52, 0x06, 0x67, 0x70, 0x72, 0x65, 0x67, 0x73, 0x12, 0x3b, 0x0a, 0x06, 0x66, 0x70, - 0x72, 0x65, 0x67, 0x73, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x63, 0x72, 0x69, - 0x75, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x6d, 0x69, 0x70, 0x73, 0x5f, 0x66, 0x70, 0x72, 0x65, + 0x6f, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xda, 0x05, + 0x0a, 0x14, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x6d, 0x69, 0x70, 0x73, 0x5f, 0x72, 0x65, 0x67, 0x73, + 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x30, 0x18, 0x01, 0x20, 0x02, + 0x28, 0x04, 0x52, 0x02, 0x72, 0x30, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x31, 0x18, 0x02, 0x20, 0x02, + 0x28, 0x04, 0x52, 0x02, 0x72, 0x31, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x32, 0x18, 0x03, 0x20, 0x02, + 0x28, 0x04, 0x52, 0x02, 0x72, 0x32, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x33, 0x18, 0x04, 0x20, 0x02, + 0x28, 0x04, 0x52, 0x02, 0x72, 0x33, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x34, 0x18, 0x05, 0x20, 0x02, + 0x28, 0x04, 0x52, 0x02, 0x72, 0x34, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x35, 0x18, 0x06, 0x20, 0x02, + 0x28, 0x04, 0x52, 0x02, 0x72, 0x35, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x36, 0x18, 0x07, 0x20, 0x02, + 0x28, 0x04, 0x52, 0x02, 0x72, 0x36, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x37, 0x18, 0x08, 0x20, 0x02, + 0x28, 0x04, 0x52, 0x02, 0x72, 0x37, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x38, 0x18, 0x09, 0x20, 0x02, + 0x28, 0x04, 0x52, 0x02, 0x72, 0x38, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x39, 0x18, 0x0a, 0x20, 0x02, + 0x28, 0x04, 0x52, 0x02, 0x72, 0x39, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, 0x30, 0x18, 0x0b, 0x20, + 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x30, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, 0x31, 0x18, + 0x0c, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x31, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, + 0x32, 0x18, 0x0d, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x32, 0x12, 0x10, 0x0a, 0x03, + 0x72, 0x31, 0x33, 0x18, 0x0e, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x33, 0x12, 0x10, + 0x0a, 0x03, 0x72, 0x31, 0x34, 0x18, 0x0f, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x34, + 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, 0x35, 0x18, 0x10, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, + 0x31, 0x35, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, 0x36, 0x18, 0x11, 0x20, 0x02, 0x28, 0x04, 0x52, + 0x03, 0x72, 0x31, 0x36, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, 0x37, 0x18, 0x12, 0x20, 0x02, 0x28, + 0x04, 0x52, 0x03, 0x72, 0x31, 0x37, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, 0x38, 0x18, 0x13, 0x20, + 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x38, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, 0x39, 0x18, + 0x14, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x39, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x32, + 0x30, 0x18, 0x15, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x32, 0x30, 0x12, 0x10, 0x0a, 0x03, + 0x72, 0x32, 0x31, 0x18, 0x16, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x32, 0x31, 0x12, 0x10, + 0x0a, 0x03, 0x72, 0x32, 0x32, 0x18, 0x17, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x32, 0x32, + 0x12, 0x10, 0x0a, 0x03, 0x72, 0x32, 0x33, 0x18, 0x18, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, + 0x32, 0x33, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x32, 0x34, 0x18, 0x19, 0x20, 0x02, 0x28, 0x04, 0x52, + 0x03, 0x72, 0x32, 0x34, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x32, 0x35, 0x18, 0x1a, 0x20, 0x02, 0x28, + 0x04, 0x52, 0x03, 0x72, 0x32, 0x35, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x32, 0x36, 0x18, 0x1b, 0x20, + 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x32, 0x36, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x32, 0x37, 0x18, + 0x1c, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x32, 0x37, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x32, + 0x38, 0x18, 0x1d, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x32, 0x38, 0x12, 0x10, 0x0a, 0x03, + 0x72, 0x32, 0x39, 0x18, 0x1e, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x32, 0x39, 0x12, 0x10, + 0x0a, 0x03, 0x72, 0x33, 0x30, 0x18, 0x1f, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x33, 0x30, + 0x12, 0x10, 0x0a, 0x03, 0x72, 0x33, 0x31, 0x18, 0x20, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, + 0x33, 0x31, 0x12, 0x0e, 0x0a, 0x02, 0x6c, 0x6f, 0x18, 0x21, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, + 0x6c, 0x6f, 0x12, 0x0e, 0x0a, 0x02, 0x68, 0x69, 0x18, 0x22, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, + 0x68, 0x69, 0x12, 0x17, 0x0a, 0x07, 0x63, 0x70, 0x30, 0x5f, 0x65, 0x70, 0x63, 0x18, 0x23, 0x20, + 0x02, 0x28, 0x04, 0x52, 0x06, 0x63, 0x70, 0x30, 0x45, 0x70, 0x63, 0x12, 0x21, 0x0a, 0x0c, 0x63, + 0x70, 0x30, 0x5f, 0x62, 0x61, 0x64, 0x76, 0x61, 0x64, 0x64, 0x72, 0x18, 0x24, 0x20, 0x02, 0x28, + 0x04, 0x52, 0x0b, 0x63, 0x70, 0x30, 0x42, 0x61, 0x64, 0x76, 0x61, 0x64, 0x64, 0x72, 0x12, 0x1d, + 0x0a, 0x0a, 0x63, 0x70, 0x30, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x25, 0x20, 0x02, + 0x28, 0x04, 0x52, 0x09, 0x63, 0x70, 0x30, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x1b, 0x0a, + 0x09, 0x63, 0x70, 0x30, 0x5f, 0x63, 0x61, 0x75, 0x73, 0x65, 0x18, 0x26, 0x20, 0x02, 0x28, 0x04, + 0x52, 0x08, 0x63, 0x70, 0x30, 0x43, 0x61, 0x75, 0x73, 0x65, 0x22, 0x98, 0x05, 0x0a, 0x16, 0x75, + 0x73, 0x65, 0x72, 0x5f, 0x6d, 0x69, 0x70, 0x73, 0x5f, 0x66, 0x70, 0x72, 0x65, 0x67, 0x73, 0x5f, + 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x30, 0x18, 0x01, 0x20, 0x02, 0x28, + 0x04, 0x52, 0x02, 0x72, 0x30, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x31, 0x18, 0x02, 0x20, 0x02, 0x28, + 0x04, 0x52, 0x02, 0x72, 0x31, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x32, 0x18, 0x03, 0x20, 0x02, 0x28, + 0x04, 0x52, 0x02, 0x72, 0x32, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x33, 0x18, 0x04, 0x20, 0x02, 0x28, + 0x04, 0x52, 0x02, 0x72, 0x33, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x34, 0x18, 0x05, 0x20, 0x02, 0x28, + 0x04, 0x52, 0x02, 0x72, 0x34, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x35, 0x18, 0x06, 0x20, 0x02, 0x28, + 0x04, 0x52, 0x02, 0x72, 0x35, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x36, 0x18, 0x07, 0x20, 0x02, 0x28, + 0x04, 0x52, 0x02, 0x72, 0x36, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x37, 0x18, 0x08, 0x20, 0x02, 0x28, + 0x04, 0x52, 0x02, 0x72, 0x37, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x38, 0x18, 0x09, 0x20, 0x02, 0x28, + 0x04, 0x52, 0x02, 0x72, 0x38, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x39, 0x18, 0x0a, 0x20, 0x02, 0x28, + 0x04, 0x52, 0x02, 0x72, 0x39, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, 0x30, 0x18, 0x0b, 0x20, 0x02, + 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x30, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, 0x31, 0x18, 0x0c, + 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x31, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, 0x32, + 0x18, 0x0d, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x32, 0x12, 0x10, 0x0a, 0x03, 0x72, + 0x31, 0x33, 0x18, 0x0e, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x33, 0x12, 0x10, 0x0a, + 0x03, 0x72, 0x31, 0x34, 0x18, 0x0f, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x34, 0x12, + 0x10, 0x0a, 0x03, 0x72, 0x31, 0x35, 0x18, 0x10, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, + 0x35, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, 0x36, 0x18, 0x11, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, + 0x72, 0x31, 0x36, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, 0x37, 0x18, 0x12, 0x20, 0x02, 0x28, 0x04, + 0x52, 0x03, 0x72, 0x31, 0x37, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, 0x38, 0x18, 0x13, 0x20, 0x02, + 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x38, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, 0x39, 0x18, 0x14, + 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x39, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x32, 0x30, + 0x18, 0x15, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x32, 0x30, 0x12, 0x10, 0x0a, 0x03, 0x72, + 0x32, 0x31, 0x18, 0x16, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x32, 0x31, 0x12, 0x10, 0x0a, + 0x03, 0x72, 0x32, 0x32, 0x18, 0x17, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x32, 0x32, 0x12, + 0x10, 0x0a, 0x03, 0x72, 0x32, 0x33, 0x18, 0x18, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x32, + 0x33, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x32, 0x34, 0x18, 0x19, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, + 0x72, 0x32, 0x34, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x32, 0x35, 0x18, 0x1a, 0x20, 0x02, 0x28, 0x04, + 0x52, 0x03, 0x72, 0x32, 0x35, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x32, 0x36, 0x18, 0x1b, 0x20, 0x02, + 0x28, 0x04, 0x52, 0x03, 0x72, 0x32, 0x36, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x32, 0x37, 0x18, 0x1c, + 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x32, 0x37, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x32, 0x38, + 0x18, 0x1d, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x32, 0x38, 0x12, 0x10, 0x0a, 0x03, 0x72, + 0x32, 0x39, 0x18, 0x1e, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x32, 0x39, 0x12, 0x10, 0x0a, + 0x03, 0x72, 0x33, 0x30, 0x18, 0x1f, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x33, 0x30, 0x12, + 0x10, 0x0a, 0x03, 0x72, 0x33, 0x31, 0x18, 0x20, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x33, + 0x31, 0x12, 0x0e, 0x0a, 0x02, 0x6c, 0x6f, 0x18, 0x21, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x6c, + 0x6f, 0x12, 0x0e, 0x0a, 0x02, 0x68, 0x69, 0x18, 0x22, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x68, + 0x69, 0x12, 0x1b, 0x0a, 0x09, 0x66, 0x70, 0x75, 0x5f, 0x66, 0x63, 0x72, 0x33, 0x31, 0x18, 0x23, + 0x20, 0x02, 0x28, 0x0d, 0x52, 0x08, 0x66, 0x70, 0x75, 0x46, 0x63, 0x72, 0x33, 0x31, 0x12, 0x15, + 0x0a, 0x06, 0x66, 0x70, 0x75, 0x5f, 0x69, 0x64, 0x18, 0x24, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, + 0x66, 0x70, 0x75, 0x49, 0x64, 0x22, 0xbf, 0x01, 0x0a, 0x10, 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, + 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x6d, 0x69, 0x70, 0x73, 0x12, 0x2b, 0x0a, 0x0e, 0x63, 0x6c, + 0x65, 0x61, 0x72, 0x5f, 0x74, 0x69, 0x64, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x18, 0x01, 0x20, 0x02, + 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x0c, 0x63, 0x6c, 0x65, 0x61, 0x72, + 0x54, 0x69, 0x64, 0x41, 0x64, 0x64, 0x72, 0x12, 0x10, 0x0a, 0x03, 0x74, 0x6c, 0x73, 0x18, 0x02, + 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x74, 0x6c, 0x73, 0x12, 0x34, 0x0a, 0x06, 0x67, 0x70, 0x72, + 0x65, 0x67, 0x73, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x75, 0x73, 0x65, 0x72, + 0x5f, 0x6d, 0x69, 0x70, 0x73, 0x5f, 0x72, 0x65, 0x67, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, + 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x06, 0x67, 0x70, 0x72, 0x65, 0x67, 0x73, 0x12, + 0x36, 0x0a, 0x06, 0x66, 0x70, 0x72, 0x65, 0x67, 0x73, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0b, 0x32, + 0x17, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x6d, 0x69, 0x70, 0x73, 0x5f, 0x66, 0x70, 0x72, 0x65, 0x67, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x06, 0x66, 0x70, 0x72, 0x65, 0x67, 0x73, } @@ -885,13 +884,13 @@ func file_core_mips_proto_rawDescGZIP() []byte { var file_core_mips_proto_msgTypes = make([]protoimpl.MessageInfo, 3) var file_core_mips_proto_goTypes = []interface{}{ - (*UserMipsRegsEntry)(nil), // 0: criu.user_mips_regs_entry - (*UserMipsFpregsEntry)(nil), // 1: criu.user_mips_fpregs_entry - (*ThreadInfoMips)(nil), // 2: criu.thread_info_mips + (*UserMipsRegsEntry)(nil), // 0: user_mips_regs_entry + (*UserMipsFpregsEntry)(nil), // 1: user_mips_fpregs_entry + (*ThreadInfoMips)(nil), // 2: thread_info_mips } var file_core_mips_proto_depIdxs = []int32{ - 0, // 0: criu.thread_info_mips.gpregs:type_name -> criu.user_mips_regs_entry - 1, // 1: criu.thread_info_mips.fpregs:type_name -> criu.user_mips_fpregs_entry + 0, // 0: thread_info_mips.gpregs:type_name -> user_mips_regs_entry + 1, // 1: thread_info_mips.fpregs:type_name -> user_mips_fpregs_entry 2, // [2:2] is the sub-list for method output_type 2, // [2:2] is the sub-list for method input_type 2, // [2:2] is the sub-list for extension type_name diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-mips.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-mips.proto index 3cf950953bf..ec06d695110 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-mips.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-mips.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; import "opts.proto"; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-ppc64.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-ppc64.pb.go index 06aabe2c19e..b6eb9d5a56b 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-ppc64.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-ppc64.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: core-ppc64.proto package images @@ -488,75 +488,72 @@ var File_core_ppc64_proto protoreflect.FileDescriptor var file_core_ppc64_proto_rawDesc = []byte{ 0x0a, 0x10, 0x63, 0x6f, 0x72, 0x65, 0x2d, 0x70, 0x70, 0x63, 0x36, 0x34, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x12, 0x04, 0x63, 0x72, 0x69, 0x75, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x8c, 0x02, 0x0a, 0x15, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x70, 0x70, - 0x63, 0x36, 0x34, 0x5f, 0x72, 0x65, 0x67, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, - 0x0a, 0x03, 0x67, 0x70, 0x72, 0x18, 0x01, 0x20, 0x03, 0x28, 0x04, 0x52, 0x03, 0x67, 0x70, 0x72, - 0x12, 0x10, 0x0a, 0x03, 0x6e, 0x69, 0x70, 0x18, 0x02, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x6e, - 0x69, 0x70, 0x12, 0x10, 0x0a, 0x03, 0x6d, 0x73, 0x72, 0x18, 0x03, 0x20, 0x02, 0x28, 0x04, 0x52, - 0x03, 0x6d, 0x73, 0x72, 0x12, 0x1b, 0x0a, 0x09, 0x6f, 0x72, 0x69, 0x67, 0x5f, 0x67, 0x70, 0x72, - 0x33, 0x18, 0x04, 0x20, 0x02, 0x28, 0x04, 0x52, 0x08, 0x6f, 0x72, 0x69, 0x67, 0x47, 0x70, 0x72, - 0x33, 0x12, 0x10, 0x0a, 0x03, 0x63, 0x74, 0x72, 0x18, 0x05, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, - 0x63, 0x74, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x6c, 0x69, 0x6e, 0x6b, 0x18, 0x06, 0x20, 0x02, 0x28, - 0x04, 0x52, 0x04, 0x6c, 0x69, 0x6e, 0x6b, 0x12, 0x10, 0x0a, 0x03, 0x78, 0x65, 0x72, 0x18, 0x07, - 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x78, 0x65, 0x72, 0x12, 0x10, 0x0a, 0x03, 0x63, 0x63, 0x72, - 0x18, 0x08, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x63, 0x63, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x74, - 0x72, 0x61, 0x70, 0x18, 0x09, 0x20, 0x02, 0x28, 0x04, 0x52, 0x04, 0x74, 0x72, 0x61, 0x70, 0x12, - 0x16, 0x0a, 0x06, 0x74, 0x65, 0x78, 0x61, 0x73, 0x72, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x04, 0x52, - 0x06, 0x74, 0x65, 0x78, 0x61, 0x73, 0x72, 0x12, 0x14, 0x0a, 0x05, 0x74, 0x66, 0x68, 0x61, 0x72, - 0x18, 0x0b, 0x20, 0x01, 0x28, 0x04, 0x52, 0x05, 0x74, 0x66, 0x68, 0x61, 0x72, 0x12, 0x14, 0x0a, - 0x05, 0x74, 0x66, 0x69, 0x61, 0x72, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x04, 0x52, 0x05, 0x74, 0x66, - 0x69, 0x61, 0x72, 0x22, 0x32, 0x0a, 0x18, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x70, 0x70, 0x63, 0x36, - 0x34, 0x5f, 0x66, 0x70, 0x73, 0x74, 0x61, 0x74, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, - 0x16, 0x0a, 0x06, 0x66, 0x70, 0x72, 0x65, 0x67, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x04, 0x52, - 0x06, 0x66, 0x70, 0x72, 0x65, 0x67, 0x73, 0x22, 0x4a, 0x0a, 0x18, 0x75, 0x73, 0x65, 0x72, 0x5f, - 0x70, 0x70, 0x63, 0x36, 0x34, 0x5f, 0x76, 0x72, 0x73, 0x74, 0x61, 0x74, 0x65, 0x5f, 0x65, 0x6e, - 0x74, 0x72, 0x79, 0x12, 0x16, 0x0a, 0x06, 0x76, 0x72, 0x72, 0x65, 0x67, 0x73, 0x18, 0x01, 0x20, - 0x03, 0x28, 0x04, 0x52, 0x06, 0x76, 0x72, 0x72, 0x65, 0x67, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x76, - 0x72, 0x73, 0x61, 0x76, 0x65, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x06, 0x76, 0x72, 0x73, - 0x61, 0x76, 0x65, 0x22, 0x35, 0x0a, 0x19, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x70, 0x70, 0x63, 0x36, - 0x34, 0x5f, 0x76, 0x73, 0x78, 0x73, 0x74, 0x61, 0x74, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, - 0x12, 0x18, 0x0a, 0x07, 0x76, 0x73, 0x78, 0x72, 0x65, 0x67, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, - 0x04, 0x52, 0x07, 0x76, 0x73, 0x78, 0x72, 0x65, 0x67, 0x73, 0x22, 0x80, 0x02, 0x0a, 0x18, 0x75, - 0x73, 0x65, 0x72, 0x5f, 0x70, 0x70, 0x63, 0x36, 0x34, 0x5f, 0x74, 0x6d, 0x5f, 0x72, 0x65, 0x67, - 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x33, 0x0a, 0x06, 0x67, 0x70, 0x72, 0x65, 0x67, - 0x73, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x75, - 0x73, 0x65, 0x72, 0x5f, 0x70, 0x70, 0x63, 0x36, 0x34, 0x5f, 0x72, 0x65, 0x67, 0x73, 0x5f, 0x65, - 0x6e, 0x74, 0x72, 0x79, 0x52, 0x06, 0x67, 0x70, 0x72, 0x65, 0x67, 0x73, 0x12, 0x38, 0x0a, 0x07, - 0x66, 0x70, 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, - 0x63, 0x72, 0x69, 0x75, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x70, 0x70, 0x63, 0x36, 0x34, 0x5f, + 0x74, 0x6f, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x8c, + 0x02, 0x0a, 0x15, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x70, 0x70, 0x63, 0x36, 0x34, 0x5f, 0x72, 0x65, + 0x67, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x67, 0x70, 0x72, 0x18, + 0x01, 0x20, 0x03, 0x28, 0x04, 0x52, 0x03, 0x67, 0x70, 0x72, 0x12, 0x10, 0x0a, 0x03, 0x6e, 0x69, + 0x70, 0x18, 0x02, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x6e, 0x69, 0x70, 0x12, 0x10, 0x0a, 0x03, + 0x6d, 0x73, 0x72, 0x18, 0x03, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x6d, 0x73, 0x72, 0x12, 0x1b, + 0x0a, 0x09, 0x6f, 0x72, 0x69, 0x67, 0x5f, 0x67, 0x70, 0x72, 0x33, 0x18, 0x04, 0x20, 0x02, 0x28, + 0x04, 0x52, 0x08, 0x6f, 0x72, 0x69, 0x67, 0x47, 0x70, 0x72, 0x33, 0x12, 0x10, 0x0a, 0x03, 0x63, + 0x74, 0x72, 0x18, 0x05, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x63, 0x74, 0x72, 0x12, 0x12, 0x0a, + 0x04, 0x6c, 0x69, 0x6e, 0x6b, 0x18, 0x06, 0x20, 0x02, 0x28, 0x04, 0x52, 0x04, 0x6c, 0x69, 0x6e, + 0x6b, 0x12, 0x10, 0x0a, 0x03, 0x78, 0x65, 0x72, 0x18, 0x07, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, + 0x78, 0x65, 0x72, 0x12, 0x10, 0x0a, 0x03, 0x63, 0x63, 0x72, 0x18, 0x08, 0x20, 0x02, 0x28, 0x04, + 0x52, 0x03, 0x63, 0x63, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x72, 0x61, 0x70, 0x18, 0x09, 0x20, + 0x02, 0x28, 0x04, 0x52, 0x04, 0x74, 0x72, 0x61, 0x70, 0x12, 0x16, 0x0a, 0x06, 0x74, 0x65, 0x78, + 0x61, 0x73, 0x72, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x04, 0x52, 0x06, 0x74, 0x65, 0x78, 0x61, 0x73, + 0x72, 0x12, 0x14, 0x0a, 0x05, 0x74, 0x66, 0x68, 0x61, 0x72, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x04, + 0x52, 0x05, 0x74, 0x66, 0x68, 0x61, 0x72, 0x12, 0x14, 0x0a, 0x05, 0x74, 0x66, 0x69, 0x61, 0x72, + 0x18, 0x0c, 0x20, 0x01, 0x28, 0x04, 0x52, 0x05, 0x74, 0x66, 0x69, 0x61, 0x72, 0x22, 0x32, 0x0a, + 0x18, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x70, 0x70, 0x63, 0x36, 0x34, 0x5f, 0x66, 0x70, 0x73, 0x74, + 0x61, 0x74, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x16, 0x0a, 0x06, 0x66, 0x70, 0x72, + 0x65, 0x67, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x04, 0x52, 0x06, 0x66, 0x70, 0x72, 0x65, 0x67, + 0x73, 0x22, 0x4a, 0x0a, 0x18, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x70, 0x70, 0x63, 0x36, 0x34, 0x5f, + 0x76, 0x72, 0x73, 0x74, 0x61, 0x74, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x16, 0x0a, + 0x06, 0x76, 0x72, 0x72, 0x65, 0x67, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x04, 0x52, 0x06, 0x76, + 0x72, 0x72, 0x65, 0x67, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x76, 0x72, 0x73, 0x61, 0x76, 0x65, 0x18, + 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x06, 0x76, 0x72, 0x73, 0x61, 0x76, 0x65, 0x22, 0x35, 0x0a, + 0x19, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x70, 0x70, 0x63, 0x36, 0x34, 0x5f, 0x76, 0x73, 0x78, 0x73, + 0x74, 0x61, 0x74, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x18, 0x0a, 0x07, 0x76, 0x73, + 0x78, 0x72, 0x65, 0x67, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x04, 0x52, 0x07, 0x76, 0x73, 0x78, + 0x72, 0x65, 0x67, 0x73, 0x22, 0xec, 0x01, 0x0a, 0x18, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x70, 0x70, + 0x63, 0x36, 0x34, 0x5f, 0x74, 0x6d, 0x5f, 0x72, 0x65, 0x67, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, + 0x79, 0x12, 0x2e, 0x0a, 0x06, 0x67, 0x70, 0x72, 0x65, 0x67, 0x73, 0x18, 0x01, 0x20, 0x02, 0x28, + 0x0b, 0x32, 0x16, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x70, 0x70, 0x63, 0x36, 0x34, 0x5f, 0x72, + 0x65, 0x67, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x06, 0x67, 0x70, 0x72, 0x65, 0x67, + 0x73, 0x12, 0x33, 0x0a, 0x07, 0x66, 0x70, 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x02, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x70, 0x70, 0x63, 0x36, 0x34, 0x5f, 0x66, 0x70, 0x73, 0x74, 0x61, 0x74, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x66, - 0x70, 0x73, 0x74, 0x61, 0x74, 0x65, 0x12, 0x38, 0x0a, 0x07, 0x76, 0x72, 0x73, 0x74, 0x61, 0x74, - 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x75, - 0x73, 0x65, 0x72, 0x5f, 0x70, 0x70, 0x63, 0x36, 0x34, 0x5f, 0x76, 0x72, 0x73, 0x74, 0x61, 0x74, - 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x76, 0x72, 0x73, 0x74, 0x61, 0x74, 0x65, - 0x12, 0x3b, 0x0a, 0x08, 0x76, 0x73, 0x78, 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x04, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x70, - 0x70, 0x63, 0x36, 0x34, 0x5f, 0x76, 0x73, 0x78, 0x73, 0x74, 0x61, 0x74, 0x65, 0x5f, 0x65, 0x6e, - 0x74, 0x72, 0x79, 0x52, 0x08, 0x76, 0x73, 0x78, 0x73, 0x74, 0x61, 0x74, 0x65, 0x22, 0xe7, 0x02, - 0x0a, 0x11, 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x70, 0x70, - 0x63, 0x36, 0x34, 0x12, 0x2b, 0x0a, 0x0e, 0x63, 0x6c, 0x65, 0x61, 0x72, 0x5f, 0x74, 0x69, 0x64, - 0x5f, 0x61, 0x64, 0x64, 0x72, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, - 0x08, 0x01, 0x52, 0x0c, 0x63, 0x6c, 0x65, 0x61, 0x72, 0x54, 0x69, 0x64, 0x41, 0x64, 0x64, 0x72, - 0x12, 0x3a, 0x0a, 0x06, 0x67, 0x70, 0x72, 0x65, 0x67, 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0b, - 0x32, 0x1b, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x70, 0x70, 0x63, - 0x36, 0x34, 0x5f, 0x72, 0x65, 0x67, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x42, 0x05, 0xd2, - 0x3f, 0x02, 0x08, 0x01, 0x52, 0x06, 0x67, 0x70, 0x72, 0x65, 0x67, 0x73, 0x12, 0x38, 0x0a, 0x07, - 0x66, 0x70, 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, - 0x63, 0x72, 0x69, 0x75, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x70, 0x70, 0x63, 0x36, 0x34, 0x5f, - 0x66, 0x70, 0x73, 0x74, 0x61, 0x74, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x66, - 0x70, 0x73, 0x74, 0x61, 0x74, 0x65, 0x12, 0x38, 0x0a, 0x07, 0x76, 0x72, 0x73, 0x74, 0x61, 0x74, - 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x75, - 0x73, 0x65, 0x72, 0x5f, 0x70, 0x70, 0x63, 0x36, 0x34, 0x5f, 0x76, 0x72, 0x73, 0x74, 0x61, 0x74, - 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x76, 0x72, 0x73, 0x74, 0x61, 0x74, 0x65, - 0x12, 0x3b, 0x0a, 0x08, 0x76, 0x73, 0x78, 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x05, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x70, - 0x70, 0x63, 0x36, 0x34, 0x5f, 0x76, 0x73, 0x78, 0x73, 0x74, 0x61, 0x74, 0x65, 0x5f, 0x65, 0x6e, - 0x74, 0x72, 0x79, 0x52, 0x08, 0x76, 0x73, 0x78, 0x73, 0x74, 0x61, 0x74, 0x65, 0x12, 0x38, 0x0a, - 0x07, 0x74, 0x6d, 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, - 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x70, 0x70, 0x63, 0x36, 0x34, - 0x5f, 0x74, 0x6d, 0x5f, 0x72, 0x65, 0x67, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, - 0x74, 0x6d, 0x73, 0x74, 0x61, 0x74, 0x65, + 0x70, 0x73, 0x74, 0x61, 0x74, 0x65, 0x12, 0x33, 0x0a, 0x07, 0x76, 0x72, 0x73, 0x74, 0x61, 0x74, + 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x70, + 0x70, 0x63, 0x36, 0x34, 0x5f, 0x76, 0x72, 0x73, 0x74, 0x61, 0x74, 0x65, 0x5f, 0x65, 0x6e, 0x74, + 0x72, 0x79, 0x52, 0x07, 0x76, 0x72, 0x73, 0x74, 0x61, 0x74, 0x65, 0x12, 0x36, 0x0a, 0x08, 0x76, + 0x73, 0x78, 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, + 0x75, 0x73, 0x65, 0x72, 0x5f, 0x70, 0x70, 0x63, 0x36, 0x34, 0x5f, 0x76, 0x73, 0x78, 0x73, 0x74, + 0x61, 0x74, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x08, 0x76, 0x73, 0x78, 0x73, 0x74, + 0x61, 0x74, 0x65, 0x22, 0xce, 0x02, 0x0a, 0x11, 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x69, + 0x6e, 0x66, 0x6f, 0x5f, 0x70, 0x70, 0x63, 0x36, 0x34, 0x12, 0x2b, 0x0a, 0x0e, 0x63, 0x6c, 0x65, + 0x61, 0x72, 0x5f, 0x74, 0x69, 0x64, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x18, 0x01, 0x20, 0x02, 0x28, + 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x0c, 0x63, 0x6c, 0x65, 0x61, 0x72, 0x54, + 0x69, 0x64, 0x41, 0x64, 0x64, 0x72, 0x12, 0x35, 0x0a, 0x06, 0x67, 0x70, 0x72, 0x65, 0x67, 0x73, + 0x18, 0x02, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x70, 0x70, + 0x63, 0x36, 0x34, 0x5f, 0x72, 0x65, 0x67, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x42, 0x05, + 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x06, 0x67, 0x70, 0x72, 0x65, 0x67, 0x73, 0x12, 0x33, 0x0a, + 0x07, 0x66, 0x70, 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, + 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x70, 0x70, 0x63, 0x36, 0x34, 0x5f, 0x66, 0x70, 0x73, 0x74, + 0x61, 0x74, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x66, 0x70, 0x73, 0x74, 0x61, + 0x74, 0x65, 0x12, 0x33, 0x0a, 0x07, 0x76, 0x72, 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x04, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x70, 0x70, 0x63, 0x36, 0x34, + 0x5f, 0x76, 0x72, 0x73, 0x74, 0x61, 0x74, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, + 0x76, 0x72, 0x73, 0x74, 0x61, 0x74, 0x65, 0x12, 0x36, 0x0a, 0x08, 0x76, 0x73, 0x78, 0x73, 0x74, + 0x61, 0x74, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x75, 0x73, 0x65, 0x72, + 0x5f, 0x70, 0x70, 0x63, 0x36, 0x34, 0x5f, 0x76, 0x73, 0x78, 0x73, 0x74, 0x61, 0x74, 0x65, 0x5f, + 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x08, 0x76, 0x73, 0x78, 0x73, 0x74, 0x61, 0x74, 0x65, 0x12, + 0x33, 0x0a, 0x07, 0x74, 0x6d, 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x19, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x70, 0x70, 0x63, 0x36, 0x34, 0x5f, 0x74, 0x6d, + 0x5f, 0x72, 0x65, 0x67, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x74, 0x6d, 0x73, + 0x74, 0x61, 0x74, 0x65, } var ( @@ -573,23 +570,23 @@ func file_core_ppc64_proto_rawDescGZIP() []byte { var file_core_ppc64_proto_msgTypes = make([]protoimpl.MessageInfo, 6) var file_core_ppc64_proto_goTypes = []interface{}{ - (*UserPpc64RegsEntry)(nil), // 0: criu.user_ppc64_regs_entry - (*UserPpc64FpstateEntry)(nil), // 1: criu.user_ppc64_fpstate_entry - (*UserPpc64VrstateEntry)(nil), // 2: criu.user_ppc64_vrstate_entry - (*UserPpc64VsxstateEntry)(nil), // 3: criu.user_ppc64_vsxstate_entry - (*UserPpc64TmRegsEntry)(nil), // 4: criu.user_ppc64_tm_regs_entry - (*ThreadInfoPpc64)(nil), // 5: criu.thread_info_ppc64 + (*UserPpc64RegsEntry)(nil), // 0: user_ppc64_regs_entry + (*UserPpc64FpstateEntry)(nil), // 1: user_ppc64_fpstate_entry + (*UserPpc64VrstateEntry)(nil), // 2: user_ppc64_vrstate_entry + (*UserPpc64VsxstateEntry)(nil), // 3: user_ppc64_vsxstate_entry + (*UserPpc64TmRegsEntry)(nil), // 4: user_ppc64_tm_regs_entry + (*ThreadInfoPpc64)(nil), // 5: thread_info_ppc64 } var file_core_ppc64_proto_depIdxs = []int32{ - 0, // 0: criu.user_ppc64_tm_regs_entry.gpregs:type_name -> criu.user_ppc64_regs_entry - 1, // 1: criu.user_ppc64_tm_regs_entry.fpstate:type_name -> criu.user_ppc64_fpstate_entry - 2, // 2: criu.user_ppc64_tm_regs_entry.vrstate:type_name -> criu.user_ppc64_vrstate_entry - 3, // 3: criu.user_ppc64_tm_regs_entry.vsxstate:type_name -> criu.user_ppc64_vsxstate_entry - 0, // 4: criu.thread_info_ppc64.gpregs:type_name -> criu.user_ppc64_regs_entry - 1, // 5: criu.thread_info_ppc64.fpstate:type_name -> criu.user_ppc64_fpstate_entry - 2, // 6: criu.thread_info_ppc64.vrstate:type_name -> criu.user_ppc64_vrstate_entry - 3, // 7: criu.thread_info_ppc64.vsxstate:type_name -> criu.user_ppc64_vsxstate_entry - 4, // 8: criu.thread_info_ppc64.tmstate:type_name -> criu.user_ppc64_tm_regs_entry + 0, // 0: user_ppc64_tm_regs_entry.gpregs:type_name -> user_ppc64_regs_entry + 1, // 1: user_ppc64_tm_regs_entry.fpstate:type_name -> user_ppc64_fpstate_entry + 2, // 2: user_ppc64_tm_regs_entry.vrstate:type_name -> user_ppc64_vrstate_entry + 3, // 3: user_ppc64_tm_regs_entry.vsxstate:type_name -> user_ppc64_vsxstate_entry + 0, // 4: thread_info_ppc64.gpregs:type_name -> user_ppc64_regs_entry + 1, // 5: thread_info_ppc64.fpstate:type_name -> user_ppc64_fpstate_entry + 2, // 6: thread_info_ppc64.vrstate:type_name -> user_ppc64_vrstate_entry + 3, // 7: thread_info_ppc64.vsxstate:type_name -> user_ppc64_vsxstate_entry + 4, // 8: thread_info_ppc64.tmstate:type_name -> user_ppc64_tm_regs_entry 9, // [9:9] is the sub-list for method output_type 9, // [9:9] is the sub-list for method input_type 9, // [9:9] is the sub-list for extension type_name diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-ppc64.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-ppc64.proto index 26af11a313f..bb07e09e086 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-ppc64.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-ppc64.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; import "opts.proto"; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-s390.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-s390.pb.go index 36da252f2db..67b0eda0bf9 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-s390.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-s390.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: core-s390.proto package images @@ -471,66 +471,64 @@ var File_core_s390_proto protoreflect.FileDescriptor var file_core_s390_proto_rawDesc = []byte{ 0x0a, 0x0f, 0x63, 0x6f, 0x72, 0x65, 0x2d, 0x73, 0x33, 0x39, 0x30, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x12, 0x04, 0x63, 0x72, 0x69, 0x75, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x22, 0xb2, 0x01, 0x0a, 0x14, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x73, 0x33, 0x39, - 0x30, 0x5f, 0x72, 0x65, 0x67, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x19, 0x0a, 0x08, - 0x70, 0x73, 0x77, 0x5f, 0x6d, 0x61, 0x73, 0x6b, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x52, 0x07, - 0x70, 0x73, 0x77, 0x4d, 0x61, 0x73, 0x6b, 0x12, 0x19, 0x0a, 0x08, 0x70, 0x73, 0x77, 0x5f, 0x61, - 0x64, 0x64, 0x72, 0x18, 0x02, 0x20, 0x02, 0x28, 0x04, 0x52, 0x07, 0x70, 0x73, 0x77, 0x41, 0x64, - 0x64, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x67, 0x70, 0x72, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x04, - 0x52, 0x04, 0x67, 0x70, 0x72, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x61, 0x63, 0x72, 0x73, 0x18, 0x04, - 0x20, 0x03, 0x28, 0x0d, 0x52, 0x04, 0x61, 0x63, 0x72, 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x6f, 0x72, - 0x69, 0x67, 0x5f, 0x67, 0x70, 0x72, 0x32, 0x18, 0x05, 0x20, 0x02, 0x28, 0x04, 0x52, 0x08, 0x6f, - 0x72, 0x69, 0x67, 0x47, 0x70, 0x72, 0x32, 0x12, 0x1f, 0x0a, 0x0b, 0x73, 0x79, 0x73, 0x74, 0x65, - 0x6d, 0x5f, 0x63, 0x61, 0x6c, 0x6c, 0x18, 0x06, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x0a, 0x73, 0x79, - 0x73, 0x74, 0x65, 0x6d, 0x43, 0x61, 0x6c, 0x6c, 0x22, 0x2e, 0x0a, 0x18, 0x75, 0x73, 0x65, 0x72, - 0x5f, 0x73, 0x33, 0x39, 0x30, 0x5f, 0x76, 0x78, 0x72, 0x73, 0x5f, 0x6c, 0x6f, 0x77, 0x5f, 0x65, - 0x6e, 0x74, 0x72, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x72, 0x65, 0x67, 0x73, 0x18, 0x01, 0x20, 0x03, - 0x28, 0x04, 0x52, 0x04, 0x72, 0x65, 0x67, 0x73, 0x22, 0x2f, 0x0a, 0x19, 0x75, 0x73, 0x65, 0x72, - 0x5f, 0x73, 0x33, 0x39, 0x30, 0x5f, 0x76, 0x78, 0x72, 0x73, 0x5f, 0x68, 0x69, 0x67, 0x68, 0x5f, - 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x72, 0x65, 0x67, 0x73, 0x18, 0x01, 0x20, - 0x03, 0x28, 0x04, 0x52, 0x04, 0x72, 0x65, 0x67, 0x73, 0x22, 0x3e, 0x0a, 0x16, 0x75, 0x73, 0x65, - 0x72, 0x5f, 0x73, 0x33, 0x39, 0x30, 0x5f, 0x66, 0x70, 0x72, 0x65, 0x67, 0x73, 0x5f, 0x65, 0x6e, - 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x66, 0x70, 0x63, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, - 0x52, 0x03, 0x66, 0x70, 0x63, 0x12, 0x12, 0x0a, 0x04, 0x66, 0x70, 0x72, 0x73, 0x18, 0x02, 0x20, - 0x03, 0x28, 0x04, 0x52, 0x04, 0x66, 0x70, 0x72, 0x73, 0x22, 0x2b, 0x0a, 0x15, 0x75, 0x73, 0x65, - 0x72, 0x5f, 0x73, 0x33, 0x39, 0x30, 0x5f, 0x67, 0x73, 0x5f, 0x63, 0x62, 0x5f, 0x65, 0x6e, 0x74, - 0x72, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x72, 0x65, 0x67, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x04, - 0x52, 0x04, 0x72, 0x65, 0x67, 0x73, 0x22, 0x3d, 0x0a, 0x12, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x73, - 0x33, 0x39, 0x30, 0x5f, 0x72, 0x69, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x13, 0x0a, 0x05, - 0x72, 0x69, 0x5f, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x72, 0x69, 0x4f, - 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x72, 0x65, 0x67, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x04, 0x52, - 0x04, 0x72, 0x65, 0x67, 0x73, 0x22, 0xe6, 0x03, 0x0a, 0x10, 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, - 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x73, 0x33, 0x39, 0x30, 0x12, 0x2b, 0x0a, 0x0e, 0x63, 0x6c, - 0x65, 0x61, 0x72, 0x5f, 0x74, 0x69, 0x64, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x18, 0x01, 0x20, 0x02, - 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x0c, 0x63, 0x6c, 0x65, 0x61, 0x72, - 0x54, 0x69, 0x64, 0x41, 0x64, 0x64, 0x72, 0x12, 0x39, 0x0a, 0x06, 0x67, 0x70, 0x72, 0x65, 0x67, - 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x75, - 0x73, 0x65, 0x72, 0x5f, 0x73, 0x33, 0x39, 0x30, 0x5f, 0x72, 0x65, 0x67, 0x73, 0x5f, 0x65, 0x6e, - 0x74, 0x72, 0x79, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x06, 0x67, 0x70, 0x72, 0x65, - 0x67, 0x73, 0x12, 0x3b, 0x0a, 0x06, 0x66, 0x70, 0x72, 0x65, 0x67, 0x73, 0x18, 0x03, 0x20, 0x02, - 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x73, + 0x6f, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xb2, 0x01, + 0x0a, 0x14, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x73, 0x33, 0x39, 0x30, 0x5f, 0x72, 0x65, 0x67, 0x73, + 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x19, 0x0a, 0x08, 0x70, 0x73, 0x77, 0x5f, 0x6d, 0x61, + 0x73, 0x6b, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x52, 0x07, 0x70, 0x73, 0x77, 0x4d, 0x61, 0x73, + 0x6b, 0x12, 0x19, 0x0a, 0x08, 0x70, 0x73, 0x77, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x18, 0x02, 0x20, + 0x02, 0x28, 0x04, 0x52, 0x07, 0x70, 0x73, 0x77, 0x41, 0x64, 0x64, 0x72, 0x12, 0x12, 0x0a, 0x04, + 0x67, 0x70, 0x72, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x04, 0x52, 0x04, 0x67, 0x70, 0x72, 0x73, + 0x12, 0x12, 0x0a, 0x04, 0x61, 0x63, 0x72, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0d, 0x52, 0x04, + 0x61, 0x63, 0x72, 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x6f, 0x72, 0x69, 0x67, 0x5f, 0x67, 0x70, 0x72, + 0x32, 0x18, 0x05, 0x20, 0x02, 0x28, 0x04, 0x52, 0x08, 0x6f, 0x72, 0x69, 0x67, 0x47, 0x70, 0x72, + 0x32, 0x12, 0x1f, 0x0a, 0x0b, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x5f, 0x63, 0x61, 0x6c, 0x6c, + 0x18, 0x06, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x0a, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x43, 0x61, + 0x6c, 0x6c, 0x22, 0x2e, 0x0a, 0x18, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x73, 0x33, 0x39, 0x30, 0x5f, + 0x76, 0x78, 0x72, 0x73, 0x5f, 0x6c, 0x6f, 0x77, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x12, + 0x0a, 0x04, 0x72, 0x65, 0x67, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x04, 0x52, 0x04, 0x72, 0x65, + 0x67, 0x73, 0x22, 0x2f, 0x0a, 0x19, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x73, 0x33, 0x39, 0x30, 0x5f, + 0x76, 0x78, 0x72, 0x73, 0x5f, 0x68, 0x69, 0x67, 0x68, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, + 0x12, 0x0a, 0x04, 0x72, 0x65, 0x67, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x04, 0x52, 0x04, 0x72, + 0x65, 0x67, 0x73, 0x22, 0x3e, 0x0a, 0x16, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x73, 0x33, 0x39, 0x30, + 0x5f, 0x66, 0x70, 0x72, 0x65, 0x67, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, + 0x03, 0x66, 0x70, 0x63, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, 0x66, 0x70, 0x63, 0x12, + 0x12, 0x0a, 0x04, 0x66, 0x70, 0x72, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x04, 0x52, 0x04, 0x66, + 0x70, 0x72, 0x73, 0x22, 0x2b, 0x0a, 0x15, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x73, 0x33, 0x39, 0x30, + 0x5f, 0x67, 0x73, 0x5f, 0x63, 0x62, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x12, 0x0a, 0x04, + 0x72, 0x65, 0x67, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x04, 0x52, 0x04, 0x72, 0x65, 0x67, 0x73, + 0x22, 0x3d, 0x0a, 0x12, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x73, 0x33, 0x39, 0x30, 0x5f, 0x72, 0x69, + 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x13, 0x0a, 0x05, 0x72, 0x69, 0x5f, 0x6f, 0x6e, 0x18, + 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x72, 0x69, 0x4f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x72, + 0x65, 0x67, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x04, 0x52, 0x04, 0x72, 0x65, 0x67, 0x73, 0x22, + 0xc3, 0x03, 0x0a, 0x10, 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x5f, + 0x73, 0x33, 0x39, 0x30, 0x12, 0x2b, 0x0a, 0x0e, 0x63, 0x6c, 0x65, 0x61, 0x72, 0x5f, 0x74, 0x69, + 0x64, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, + 0x02, 0x08, 0x01, 0x52, 0x0c, 0x63, 0x6c, 0x65, 0x61, 0x72, 0x54, 0x69, 0x64, 0x41, 0x64, 0x64, + 0x72, 0x12, 0x34, 0x0a, 0x06, 0x67, 0x70, 0x72, 0x65, 0x67, 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, + 0x0b, 0x32, 0x15, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x73, 0x33, 0x39, 0x30, 0x5f, 0x72, 0x65, + 0x67, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, + 0x06, 0x67, 0x70, 0x72, 0x65, 0x67, 0x73, 0x12, 0x36, 0x0a, 0x06, 0x66, 0x70, 0x72, 0x65, 0x67, + 0x73, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x73, 0x33, 0x39, 0x30, 0x5f, 0x66, 0x70, 0x72, 0x65, 0x67, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x06, 0x66, 0x70, 0x72, 0x65, 0x67, 0x73, 0x12, - 0x40, 0x0a, 0x08, 0x76, 0x78, 0x72, 0x73, 0x5f, 0x6c, 0x6f, 0x77, 0x18, 0x04, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x1e, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x73, 0x33, - 0x39, 0x30, 0x5f, 0x76, 0x78, 0x72, 0x73, 0x5f, 0x6c, 0x6f, 0x77, 0x5f, 0x65, 0x6e, 0x74, 0x72, - 0x79, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x07, 0x76, 0x78, 0x72, 0x73, 0x4c, 0x6f, - 0x77, 0x12, 0x43, 0x0a, 0x09, 0x76, 0x78, 0x72, 0x73, 0x5f, 0x68, 0x69, 0x67, 0x68, 0x18, 0x05, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x75, 0x73, 0x65, 0x72, - 0x5f, 0x73, 0x33, 0x39, 0x30, 0x5f, 0x76, 0x78, 0x72, 0x73, 0x5f, 0x68, 0x69, 0x67, 0x68, 0x5f, - 0x65, 0x6e, 0x74, 0x72, 0x79, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x08, 0x76, 0x78, - 0x72, 0x73, 0x48, 0x69, 0x67, 0x68, 0x12, 0x37, 0x0a, 0x05, 0x67, 0x73, 0x5f, 0x63, 0x62, 0x18, - 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x75, 0x73, 0x65, - 0x72, 0x5f, 0x73, 0x33, 0x39, 0x30, 0x5f, 0x67, 0x73, 0x5f, 0x63, 0x62, 0x5f, 0x65, 0x6e, 0x74, - 0x72, 0x79, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x04, 0x67, 0x73, 0x43, 0x62, 0x12, - 0x37, 0x0a, 0x05, 0x67, 0x73, 0x5f, 0x62, 0x63, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, - 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x73, 0x33, 0x39, 0x30, 0x5f, - 0x67, 0x73, 0x5f, 0x63, 0x62, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x42, 0x05, 0xd2, 0x3f, 0x02, - 0x08, 0x01, 0x52, 0x04, 0x67, 0x73, 0x42, 0x63, 0x12, 0x34, 0x0a, 0x05, 0x72, 0x69, 0x5f, 0x63, - 0x62, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x75, - 0x73, 0x65, 0x72, 0x5f, 0x73, 0x33, 0x39, 0x30, 0x5f, 0x72, 0x69, 0x5f, 0x65, 0x6e, 0x74, 0x72, - 0x79, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x04, 0x72, 0x69, 0x43, 0x62, + 0x3b, 0x0a, 0x08, 0x76, 0x78, 0x72, 0x73, 0x5f, 0x6c, 0x6f, 0x77, 0x18, 0x04, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x19, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x73, 0x33, 0x39, 0x30, 0x5f, 0x76, 0x78, + 0x72, 0x73, 0x5f, 0x6c, 0x6f, 0x77, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x42, 0x05, 0xd2, 0x3f, + 0x02, 0x08, 0x01, 0x52, 0x07, 0x76, 0x78, 0x72, 0x73, 0x4c, 0x6f, 0x77, 0x12, 0x3e, 0x0a, 0x09, + 0x76, 0x78, 0x72, 0x73, 0x5f, 0x68, 0x69, 0x67, 0x68, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x1a, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x73, 0x33, 0x39, 0x30, 0x5f, 0x76, 0x78, 0x72, 0x73, + 0x5f, 0x68, 0x69, 0x67, 0x68, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x42, 0x05, 0xd2, 0x3f, 0x02, + 0x08, 0x01, 0x52, 0x08, 0x76, 0x78, 0x72, 0x73, 0x48, 0x69, 0x67, 0x68, 0x12, 0x32, 0x0a, 0x05, + 0x67, 0x73, 0x5f, 0x63, 0x62, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x75, 0x73, + 0x65, 0x72, 0x5f, 0x73, 0x33, 0x39, 0x30, 0x5f, 0x67, 0x73, 0x5f, 0x63, 0x62, 0x5f, 0x65, 0x6e, + 0x74, 0x72, 0x79, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x04, 0x67, 0x73, 0x43, 0x62, + 0x12, 0x32, 0x0a, 0x05, 0x67, 0x73, 0x5f, 0x62, 0x63, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x16, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x73, 0x33, 0x39, 0x30, 0x5f, 0x67, 0x73, 0x5f, 0x63, + 0x62, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x04, + 0x67, 0x73, 0x42, 0x63, 0x12, 0x2f, 0x0a, 0x05, 0x72, 0x69, 0x5f, 0x63, 0x62, 0x18, 0x08, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x73, 0x33, 0x39, 0x30, 0x5f, + 0x72, 0x69, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, + 0x04, 0x72, 0x69, 0x43, 0x62, } var ( @@ -547,22 +545,22 @@ func file_core_s390_proto_rawDescGZIP() []byte { var file_core_s390_proto_msgTypes = make([]protoimpl.MessageInfo, 7) var file_core_s390_proto_goTypes = []interface{}{ - (*UserS390RegsEntry)(nil), // 0: criu.user_s390_regs_entry - (*UserS390VxrsLowEntry)(nil), // 1: criu.user_s390_vxrs_low_entry - (*UserS390VxrsHighEntry)(nil), // 2: criu.user_s390_vxrs_high_entry - (*UserS390FpregsEntry)(nil), // 3: criu.user_s390_fpregs_entry - (*UserS390GsCbEntry)(nil), // 4: criu.user_s390_gs_cb_entry - (*UserS390RiEntry)(nil), // 5: criu.user_s390_ri_entry - (*ThreadInfoS390)(nil), // 6: criu.thread_info_s390 + (*UserS390RegsEntry)(nil), // 0: user_s390_regs_entry + (*UserS390VxrsLowEntry)(nil), // 1: user_s390_vxrs_low_entry + (*UserS390VxrsHighEntry)(nil), // 2: user_s390_vxrs_high_entry + (*UserS390FpregsEntry)(nil), // 3: user_s390_fpregs_entry + (*UserS390GsCbEntry)(nil), // 4: user_s390_gs_cb_entry + (*UserS390RiEntry)(nil), // 5: user_s390_ri_entry + (*ThreadInfoS390)(nil), // 6: thread_info_s390 } var file_core_s390_proto_depIdxs = []int32{ - 0, // 0: criu.thread_info_s390.gpregs:type_name -> criu.user_s390_regs_entry - 3, // 1: criu.thread_info_s390.fpregs:type_name -> criu.user_s390_fpregs_entry - 1, // 2: criu.thread_info_s390.vxrs_low:type_name -> criu.user_s390_vxrs_low_entry - 2, // 3: criu.thread_info_s390.vxrs_high:type_name -> criu.user_s390_vxrs_high_entry - 4, // 4: criu.thread_info_s390.gs_cb:type_name -> criu.user_s390_gs_cb_entry - 4, // 5: criu.thread_info_s390.gs_bc:type_name -> criu.user_s390_gs_cb_entry - 5, // 6: criu.thread_info_s390.ri_cb:type_name -> criu.user_s390_ri_entry + 0, // 0: thread_info_s390.gpregs:type_name -> user_s390_regs_entry + 3, // 1: thread_info_s390.fpregs:type_name -> user_s390_fpregs_entry + 1, // 2: thread_info_s390.vxrs_low:type_name -> user_s390_vxrs_low_entry + 2, // 3: thread_info_s390.vxrs_high:type_name -> user_s390_vxrs_high_entry + 4, // 4: thread_info_s390.gs_cb:type_name -> user_s390_gs_cb_entry + 4, // 5: thread_info_s390.gs_bc:type_name -> user_s390_gs_cb_entry + 5, // 6: thread_info_s390.ri_cb:type_name -> user_s390_ri_entry 7, // [7:7] is the sub-list for method output_type 7, // [7:7] is the sub-list for method input_type 7, // [7:7] is the sub-list for extension type_name diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-s390.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-s390.proto index 1884e2cb42e..44130f2060a 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-s390.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-s390.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; import "opts.proto"; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-x86.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-x86.pb.go index d109eaca0ee..be6be9e225c 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-x86.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-x86.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: core-x86.proto package images @@ -111,7 +111,7 @@ type UserX86RegsEntry struct { Es *uint64 `protobuf:"varint,25,req,name=es" json:"es,omitempty"` Fs *uint64 `protobuf:"varint,26,req,name=fs" json:"fs,omitempty"` Gs *uint64 `protobuf:"varint,27,req,name=gs" json:"gs,omitempty"` - Mode *UserX86RegsMode `protobuf:"varint,28,opt,name=mode,enum=criu.UserX86RegsMode,def=1" json:"mode,omitempty"` + Mode *UserX86RegsMode `protobuf:"varint,28,opt,name=mode,enum=UserX86RegsMode,def=1" json:"mode,omitempty"` } // Default values for UserX86RegsEntry fields. @@ -794,77 +794,76 @@ var File_core_x86_proto protoreflect.FileDescriptor var file_core_x86_proto_rawDesc = []byte{ 0x0a, 0x0e, 0x63, 0x6f, 0x72, 0x65, 0x2d, 0x78, 0x38, 0x36, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x12, 0x04, 0x63, 0x72, 0x69, 0x75, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x22, 0xa8, 0x04, 0x0a, 0x13, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x78, 0x38, 0x36, 0x5f, - 0x72, 0x65, 0x67, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, - 0x35, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x35, 0x12, 0x10, 0x0a, 0x03, - 0x72, 0x31, 0x34, 0x18, 0x02, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x34, 0x12, 0x10, - 0x0a, 0x03, 0x72, 0x31, 0x33, 0x18, 0x03, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x33, - 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, 0x32, 0x18, 0x04, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, - 0x31, 0x32, 0x12, 0x0e, 0x0a, 0x02, 0x62, 0x70, 0x18, 0x05, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, - 0x62, 0x70, 0x12, 0x0e, 0x0a, 0x02, 0x62, 0x78, 0x18, 0x06, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, - 0x62, 0x78, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, 0x31, 0x18, 0x07, 0x20, 0x02, 0x28, 0x04, 0x52, - 0x03, 0x72, 0x31, 0x31, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, 0x30, 0x18, 0x08, 0x20, 0x02, 0x28, - 0x04, 0x52, 0x03, 0x72, 0x31, 0x30, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x39, 0x18, 0x09, 0x20, 0x02, - 0x28, 0x04, 0x52, 0x02, 0x72, 0x39, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x38, 0x18, 0x0a, 0x20, 0x02, - 0x28, 0x04, 0x52, 0x02, 0x72, 0x38, 0x12, 0x0e, 0x0a, 0x02, 0x61, 0x78, 0x18, 0x0b, 0x20, 0x02, - 0x28, 0x04, 0x52, 0x02, 0x61, 0x78, 0x12, 0x0e, 0x0a, 0x02, 0x63, 0x78, 0x18, 0x0c, 0x20, 0x02, - 0x28, 0x04, 0x52, 0x02, 0x63, 0x78, 0x12, 0x0e, 0x0a, 0x02, 0x64, 0x78, 0x18, 0x0d, 0x20, 0x02, - 0x28, 0x04, 0x52, 0x02, 0x64, 0x78, 0x12, 0x0e, 0x0a, 0x02, 0x73, 0x69, 0x18, 0x0e, 0x20, 0x02, - 0x28, 0x04, 0x52, 0x02, 0x73, 0x69, 0x12, 0x0e, 0x0a, 0x02, 0x64, 0x69, 0x18, 0x0f, 0x20, 0x02, - 0x28, 0x04, 0x52, 0x02, 0x64, 0x69, 0x12, 0x17, 0x0a, 0x07, 0x6f, 0x72, 0x69, 0x67, 0x5f, 0x61, - 0x78, 0x18, 0x10, 0x20, 0x02, 0x28, 0x04, 0x52, 0x06, 0x6f, 0x72, 0x69, 0x67, 0x41, 0x78, 0x12, - 0x0e, 0x0a, 0x02, 0x69, 0x70, 0x18, 0x11, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x69, 0x70, 0x12, - 0x0e, 0x0a, 0x02, 0x63, 0x73, 0x18, 0x12, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x63, 0x73, 0x12, - 0x14, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x13, 0x20, 0x02, 0x28, 0x04, 0x52, 0x05, - 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x0e, 0x0a, 0x02, 0x73, 0x70, 0x18, 0x14, 0x20, 0x02, 0x28, - 0x04, 0x52, 0x02, 0x73, 0x70, 0x12, 0x0e, 0x0a, 0x02, 0x73, 0x73, 0x18, 0x15, 0x20, 0x02, 0x28, - 0x04, 0x52, 0x02, 0x73, 0x73, 0x12, 0x17, 0x0a, 0x07, 0x66, 0x73, 0x5f, 0x62, 0x61, 0x73, 0x65, - 0x18, 0x16, 0x20, 0x02, 0x28, 0x04, 0x52, 0x06, 0x66, 0x73, 0x42, 0x61, 0x73, 0x65, 0x12, 0x17, - 0x0a, 0x07, 0x67, 0x73, 0x5f, 0x62, 0x61, 0x73, 0x65, 0x18, 0x17, 0x20, 0x02, 0x28, 0x04, 0x52, - 0x06, 0x67, 0x73, 0x42, 0x61, 0x73, 0x65, 0x12, 0x0e, 0x0a, 0x02, 0x64, 0x73, 0x18, 0x18, 0x20, - 0x02, 0x28, 0x04, 0x52, 0x02, 0x64, 0x73, 0x12, 0x0e, 0x0a, 0x02, 0x65, 0x73, 0x18, 0x19, 0x20, - 0x02, 0x28, 0x04, 0x52, 0x02, 0x65, 0x73, 0x12, 0x0e, 0x0a, 0x02, 0x66, 0x73, 0x18, 0x1a, 0x20, - 0x02, 0x28, 0x04, 0x52, 0x02, 0x66, 0x73, 0x12, 0x0e, 0x0a, 0x02, 0x67, 0x73, 0x18, 0x1b, 0x20, - 0x02, 0x28, 0x04, 0x52, 0x02, 0x67, 0x73, 0x12, 0x34, 0x0a, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x18, - 0x1c, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x18, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x75, 0x73, 0x65, - 0x72, 0x5f, 0x78, 0x38, 0x36, 0x5f, 0x72, 0x65, 0x67, 0x73, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x3a, - 0x06, 0x4e, 0x41, 0x54, 0x49, 0x56, 0x45, 0x52, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x22, 0x83, 0x02, - 0x0a, 0x14, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x78, 0x38, 0x36, 0x5f, 0x78, 0x73, 0x61, 0x76, 0x65, - 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x1b, 0x0a, 0x09, 0x78, 0x73, 0x74, 0x61, 0x74, 0x65, - 0x5f, 0x62, 0x76, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x52, 0x08, 0x78, 0x73, 0x74, 0x61, 0x74, - 0x65, 0x42, 0x76, 0x12, 0x1d, 0x0a, 0x0a, 0x79, 0x6d, 0x6d, 0x68, 0x5f, 0x73, 0x70, 0x61, 0x63, - 0x65, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0d, 0x52, 0x09, 0x79, 0x6d, 0x6d, 0x68, 0x53, 0x70, 0x61, - 0x63, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x62, 0x6e, 0x64, 0x72, 0x65, 0x67, 0x5f, 0x73, 0x74, 0x61, - 0x74, 0x65, 0x18, 0x03, 0x20, 0x03, 0x28, 0x04, 0x52, 0x0b, 0x62, 0x6e, 0x64, 0x72, 0x65, 0x67, - 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x62, 0x6e, 0x64, 0x63, 0x73, 0x72, 0x5f, - 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x04, 0x20, 0x03, 0x28, 0x04, 0x52, 0x0b, 0x62, 0x6e, 0x64, - 0x63, 0x73, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x6f, 0x70, 0x6d, 0x61, - 0x73, 0x6b, 0x5f, 0x72, 0x65, 0x67, 0x18, 0x05, 0x20, 0x03, 0x28, 0x04, 0x52, 0x09, 0x6f, 0x70, - 0x6d, 0x61, 0x73, 0x6b, 0x52, 0x65, 0x67, 0x12, 0x1b, 0x0a, 0x09, 0x7a, 0x6d, 0x6d, 0x5f, 0x75, - 0x70, 0x70, 0x65, 0x72, 0x18, 0x06, 0x20, 0x03, 0x28, 0x04, 0x52, 0x08, 0x7a, 0x6d, 0x6d, 0x55, - 0x70, 0x70, 0x65, 0x72, 0x12, 0x19, 0x0a, 0x08, 0x68, 0x69, 0x31, 0x36, 0x5f, 0x7a, 0x6d, 0x6d, - 0x18, 0x07, 0x20, 0x03, 0x28, 0x04, 0x52, 0x07, 0x68, 0x69, 0x31, 0x36, 0x5a, 0x6d, 0x6d, 0x12, - 0x12, 0x0a, 0x04, 0x70, 0x6b, 0x72, 0x75, 0x18, 0x08, 0x20, 0x03, 0x28, 0x0d, 0x52, 0x04, 0x70, - 0x6b, 0x72, 0x75, 0x22, 0xbc, 0x02, 0x0a, 0x15, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x78, 0x38, 0x36, - 0x5f, 0x66, 0x70, 0x72, 0x65, 0x67, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, - 0x03, 0x63, 0x77, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, 0x63, 0x77, 0x64, 0x12, - 0x10, 0x0a, 0x03, 0x73, 0x77, 0x64, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, 0x73, 0x77, - 0x64, 0x12, 0x10, 0x0a, 0x03, 0x74, 0x77, 0x64, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, - 0x74, 0x77, 0x64, 0x12, 0x10, 0x0a, 0x03, 0x66, 0x6f, 0x70, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, - 0x52, 0x03, 0x66, 0x6f, 0x70, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x69, 0x70, 0x18, 0x05, 0x20, 0x02, - 0x28, 0x04, 0x52, 0x03, 0x72, 0x69, 0x70, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x64, 0x70, 0x18, 0x06, - 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x64, 0x70, 0x12, 0x14, 0x0a, 0x05, 0x6d, 0x78, 0x63, - 0x73, 0x72, 0x18, 0x07, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x6d, 0x78, 0x63, 0x73, 0x72, 0x12, - 0x1d, 0x0a, 0x0a, 0x6d, 0x78, 0x63, 0x73, 0x72, 0x5f, 0x6d, 0x61, 0x73, 0x6b, 0x18, 0x08, 0x20, - 0x02, 0x28, 0x0d, 0x52, 0x09, 0x6d, 0x78, 0x63, 0x73, 0x72, 0x4d, 0x61, 0x73, 0x6b, 0x12, 0x19, - 0x0a, 0x08, 0x73, 0x74, 0x5f, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x09, 0x20, 0x03, 0x28, 0x0d, - 0x52, 0x07, 0x73, 0x74, 0x53, 0x70, 0x61, 0x63, 0x65, 0x12, 0x1b, 0x0a, 0x09, 0x78, 0x6d, 0x6d, - 0x5f, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x0a, 0x20, 0x03, 0x28, 0x0d, 0x52, 0x08, 0x78, 0x6d, - 0x6d, 0x53, 0x70, 0x61, 0x63, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x70, 0x61, 0x64, 0x64, 0x69, 0x6e, - 0x67, 0x18, 0x0b, 0x20, 0x03, 0x28, 0x0d, 0x52, 0x07, 0x70, 0x61, 0x64, 0x64, 0x69, 0x6e, 0x67, - 0x12, 0x30, 0x0a, 0x05, 0x78, 0x73, 0x61, 0x76, 0x65, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x1a, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x78, 0x38, 0x36, 0x5f, + 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xa3, 0x04, 0x0a, + 0x13, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x78, 0x38, 0x36, 0x5f, 0x72, 0x65, 0x67, 0x73, 0x5f, 0x65, + 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, 0x35, 0x18, 0x01, 0x20, 0x02, 0x28, + 0x04, 0x52, 0x03, 0x72, 0x31, 0x35, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, 0x34, 0x18, 0x02, 0x20, + 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x34, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, 0x33, 0x18, + 0x03, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x33, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, + 0x32, 0x18, 0x04, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x32, 0x12, 0x0e, 0x0a, 0x02, + 0x62, 0x70, 0x18, 0x05, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x62, 0x70, 0x12, 0x0e, 0x0a, 0x02, + 0x62, 0x78, 0x18, 0x06, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x62, 0x78, 0x12, 0x10, 0x0a, 0x03, + 0x72, 0x31, 0x31, 0x18, 0x07, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x31, 0x12, 0x10, + 0x0a, 0x03, 0x72, 0x31, 0x30, 0x18, 0x08, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x30, + 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x39, 0x18, 0x09, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x72, 0x39, + 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x38, 0x18, 0x0a, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x72, 0x38, + 0x12, 0x0e, 0x0a, 0x02, 0x61, 0x78, 0x18, 0x0b, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x61, 0x78, + 0x12, 0x0e, 0x0a, 0x02, 0x63, 0x78, 0x18, 0x0c, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x63, 0x78, + 0x12, 0x0e, 0x0a, 0x02, 0x64, 0x78, 0x18, 0x0d, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x64, 0x78, + 0x12, 0x0e, 0x0a, 0x02, 0x73, 0x69, 0x18, 0x0e, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x73, 0x69, + 0x12, 0x0e, 0x0a, 0x02, 0x64, 0x69, 0x18, 0x0f, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x64, 0x69, + 0x12, 0x17, 0x0a, 0x07, 0x6f, 0x72, 0x69, 0x67, 0x5f, 0x61, 0x78, 0x18, 0x10, 0x20, 0x02, 0x28, + 0x04, 0x52, 0x06, 0x6f, 0x72, 0x69, 0x67, 0x41, 0x78, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x70, 0x18, + 0x11, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x69, 0x70, 0x12, 0x0e, 0x0a, 0x02, 0x63, 0x73, 0x18, + 0x12, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x63, 0x73, 0x12, 0x14, 0x0a, 0x05, 0x66, 0x6c, 0x61, + 0x67, 0x73, 0x18, 0x13, 0x20, 0x02, 0x28, 0x04, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, + 0x0e, 0x0a, 0x02, 0x73, 0x70, 0x18, 0x14, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x73, 0x70, 0x12, + 0x0e, 0x0a, 0x02, 0x73, 0x73, 0x18, 0x15, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x73, 0x73, 0x12, + 0x17, 0x0a, 0x07, 0x66, 0x73, 0x5f, 0x62, 0x61, 0x73, 0x65, 0x18, 0x16, 0x20, 0x02, 0x28, 0x04, + 0x52, 0x06, 0x66, 0x73, 0x42, 0x61, 0x73, 0x65, 0x12, 0x17, 0x0a, 0x07, 0x67, 0x73, 0x5f, 0x62, + 0x61, 0x73, 0x65, 0x18, 0x17, 0x20, 0x02, 0x28, 0x04, 0x52, 0x06, 0x67, 0x73, 0x42, 0x61, 0x73, + 0x65, 0x12, 0x0e, 0x0a, 0x02, 0x64, 0x73, 0x18, 0x18, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x64, + 0x73, 0x12, 0x0e, 0x0a, 0x02, 0x65, 0x73, 0x18, 0x19, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x65, + 0x73, 0x12, 0x0e, 0x0a, 0x02, 0x66, 0x73, 0x18, 0x1a, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x66, + 0x73, 0x12, 0x0e, 0x0a, 0x02, 0x67, 0x73, 0x18, 0x1b, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x67, + 0x73, 0x12, 0x2f, 0x0a, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x1c, 0x20, 0x01, 0x28, 0x0e, 0x32, + 0x13, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x78, 0x38, 0x36, 0x5f, 0x72, 0x65, 0x67, 0x73, 0x5f, + 0x6d, 0x6f, 0x64, 0x65, 0x3a, 0x06, 0x4e, 0x41, 0x54, 0x49, 0x56, 0x45, 0x52, 0x04, 0x6d, 0x6f, + 0x64, 0x65, 0x22, 0x83, 0x02, 0x0a, 0x14, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x78, 0x38, 0x36, 0x5f, + 0x78, 0x73, 0x61, 0x76, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x1b, 0x0a, 0x09, 0x78, + 0x73, 0x74, 0x61, 0x74, 0x65, 0x5f, 0x62, 0x76, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x52, 0x08, + 0x78, 0x73, 0x74, 0x61, 0x74, 0x65, 0x42, 0x76, 0x12, 0x1d, 0x0a, 0x0a, 0x79, 0x6d, 0x6d, 0x68, + 0x5f, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0d, 0x52, 0x09, 0x79, 0x6d, + 0x6d, 0x68, 0x53, 0x70, 0x61, 0x63, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x62, 0x6e, 0x64, 0x72, 0x65, + 0x67, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x03, 0x20, 0x03, 0x28, 0x04, 0x52, 0x0b, 0x62, + 0x6e, 0x64, 0x72, 0x65, 0x67, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x62, 0x6e, + 0x64, 0x63, 0x73, 0x72, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x04, 0x20, 0x03, 0x28, 0x04, + 0x52, 0x0b, 0x62, 0x6e, 0x64, 0x63, 0x73, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x1d, 0x0a, + 0x0a, 0x6f, 0x70, 0x6d, 0x61, 0x73, 0x6b, 0x5f, 0x72, 0x65, 0x67, 0x18, 0x05, 0x20, 0x03, 0x28, + 0x04, 0x52, 0x09, 0x6f, 0x70, 0x6d, 0x61, 0x73, 0x6b, 0x52, 0x65, 0x67, 0x12, 0x1b, 0x0a, 0x09, + 0x7a, 0x6d, 0x6d, 0x5f, 0x75, 0x70, 0x70, 0x65, 0x72, 0x18, 0x06, 0x20, 0x03, 0x28, 0x04, 0x52, + 0x08, 0x7a, 0x6d, 0x6d, 0x55, 0x70, 0x70, 0x65, 0x72, 0x12, 0x19, 0x0a, 0x08, 0x68, 0x69, 0x31, + 0x36, 0x5f, 0x7a, 0x6d, 0x6d, 0x18, 0x07, 0x20, 0x03, 0x28, 0x04, 0x52, 0x07, 0x68, 0x69, 0x31, + 0x36, 0x5a, 0x6d, 0x6d, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x6b, 0x72, 0x75, 0x18, 0x08, 0x20, 0x03, + 0x28, 0x0d, 0x52, 0x04, 0x70, 0x6b, 0x72, 0x75, 0x22, 0xb7, 0x02, 0x0a, 0x15, 0x75, 0x73, 0x65, + 0x72, 0x5f, 0x78, 0x38, 0x36, 0x5f, 0x66, 0x70, 0x72, 0x65, 0x67, 0x73, 0x5f, 0x65, 0x6e, 0x74, + 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x63, 0x77, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, + 0x03, 0x63, 0x77, 0x64, 0x12, 0x10, 0x0a, 0x03, 0x73, 0x77, 0x64, 0x18, 0x02, 0x20, 0x02, 0x28, + 0x0d, 0x52, 0x03, 0x73, 0x77, 0x64, 0x12, 0x10, 0x0a, 0x03, 0x74, 0x77, 0x64, 0x18, 0x03, 0x20, + 0x02, 0x28, 0x0d, 0x52, 0x03, 0x74, 0x77, 0x64, 0x12, 0x10, 0x0a, 0x03, 0x66, 0x6f, 0x70, 0x18, + 0x04, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, 0x66, 0x6f, 0x70, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x69, + 0x70, 0x18, 0x05, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x69, 0x70, 0x12, 0x10, 0x0a, 0x03, + 0x72, 0x64, 0x70, 0x18, 0x06, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x64, 0x70, 0x12, 0x14, + 0x0a, 0x05, 0x6d, 0x78, 0x63, 0x73, 0x72, 0x18, 0x07, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x6d, + 0x78, 0x63, 0x73, 0x72, 0x12, 0x1d, 0x0a, 0x0a, 0x6d, 0x78, 0x63, 0x73, 0x72, 0x5f, 0x6d, 0x61, + 0x73, 0x6b, 0x18, 0x08, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x09, 0x6d, 0x78, 0x63, 0x73, 0x72, 0x4d, + 0x61, 0x73, 0x6b, 0x12, 0x19, 0x0a, 0x08, 0x73, 0x74, 0x5f, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, + 0x09, 0x20, 0x03, 0x28, 0x0d, 0x52, 0x07, 0x73, 0x74, 0x53, 0x70, 0x61, 0x63, 0x65, 0x12, 0x1b, + 0x0a, 0x09, 0x78, 0x6d, 0x6d, 0x5f, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x0a, 0x20, 0x03, 0x28, + 0x0d, 0x52, 0x08, 0x78, 0x6d, 0x6d, 0x53, 0x70, 0x61, 0x63, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x70, + 0x61, 0x64, 0x64, 0x69, 0x6e, 0x67, 0x18, 0x0b, 0x20, 0x03, 0x28, 0x0d, 0x52, 0x07, 0x70, 0x61, + 0x64, 0x64, 0x69, 0x6e, 0x67, 0x12, 0x2b, 0x0a, 0x05, 0x78, 0x73, 0x61, 0x76, 0x65, 0x18, 0x0d, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x78, 0x38, 0x36, 0x5f, 0x78, 0x73, 0x61, 0x76, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x05, 0x78, 0x73, 0x61, 0x76, 0x65, 0x22, 0xd6, 0x02, 0x0a, 0x0b, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x64, 0x65, 0x73, 0x63, 0x5f, 0x74, 0x12, 0x21, 0x0a, 0x0c, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x5f, 0x6e, 0x75, 0x6d, 0x62, @@ -887,23 +886,22 @@ var file_core_x86_proto_rawDesc = []byte{ 0x5f, 0x70, 0x72, 0x65, 0x73, 0x65, 0x6e, 0x74, 0x18, 0x09, 0x20, 0x02, 0x28, 0x08, 0x3a, 0x04, 0x74, 0x72, 0x75, 0x65, 0x52, 0x0d, 0x73, 0x65, 0x67, 0x4e, 0x6f, 0x74, 0x50, 0x72, 0x65, 0x73, 0x65, 0x6e, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x75, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x18, 0x0a, 0x20, - 0x02, 0x28, 0x08, 0x52, 0x06, 0x75, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x22, 0xd2, 0x01, 0x0a, 0x0f, + 0x02, 0x28, 0x08, 0x52, 0x06, 0x75, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x22, 0xc3, 0x01, 0x0a, 0x0f, 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x78, 0x38, 0x36, 0x12, 0x2b, 0x0a, 0x0e, 0x63, 0x6c, 0x65, 0x61, 0x72, 0x5f, 0x74, 0x69, 0x64, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x0c, - 0x63, 0x6c, 0x65, 0x61, 0x72, 0x54, 0x69, 0x64, 0x41, 0x64, 0x64, 0x72, 0x12, 0x38, 0x0a, 0x06, - 0x67, 0x70, 0x72, 0x65, 0x67, 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x63, - 0x72, 0x69, 0x75, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x78, 0x38, 0x36, 0x5f, 0x72, 0x65, 0x67, - 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x06, - 0x67, 0x70, 0x72, 0x65, 0x67, 0x73, 0x12, 0x33, 0x0a, 0x06, 0x66, 0x70, 0x72, 0x65, 0x67, 0x73, - 0x18, 0x03, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x75, 0x73, - 0x65, 0x72, 0x5f, 0x78, 0x38, 0x36, 0x5f, 0x66, 0x70, 0x72, 0x65, 0x67, 0x73, 0x5f, 0x65, 0x6e, - 0x74, 0x72, 0x79, 0x52, 0x06, 0x66, 0x70, 0x72, 0x65, 0x67, 0x73, 0x12, 0x23, 0x0a, 0x03, 0x74, - 0x6c, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, - 0x75, 0x73, 0x65, 0x72, 0x5f, 0x64, 0x65, 0x73, 0x63, 0x5f, 0x74, 0x52, 0x03, 0x74, 0x6c, 0x73, - 0x2a, 0x2c, 0x0a, 0x12, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x78, 0x38, 0x36, 0x5f, 0x72, 0x65, 0x67, - 0x73, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x0a, 0x0a, 0x06, 0x4e, 0x41, 0x54, 0x49, 0x56, 0x45, - 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x43, 0x4f, 0x4d, 0x50, 0x41, 0x54, 0x10, 0x02, + 0x63, 0x6c, 0x65, 0x61, 0x72, 0x54, 0x69, 0x64, 0x41, 0x64, 0x64, 0x72, 0x12, 0x33, 0x0a, 0x06, + 0x67, 0x70, 0x72, 0x65, 0x67, 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x75, + 0x73, 0x65, 0x72, 0x5f, 0x78, 0x38, 0x36, 0x5f, 0x72, 0x65, 0x67, 0x73, 0x5f, 0x65, 0x6e, 0x74, + 0x72, 0x79, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x06, 0x67, 0x70, 0x72, 0x65, 0x67, + 0x73, 0x12, 0x2e, 0x0a, 0x06, 0x66, 0x70, 0x72, 0x65, 0x67, 0x73, 0x18, 0x03, 0x20, 0x02, 0x28, + 0x0b, 0x32, 0x16, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x78, 0x38, 0x36, 0x5f, 0x66, 0x70, 0x72, + 0x65, 0x67, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x06, 0x66, 0x70, 0x72, 0x65, 0x67, + 0x73, 0x12, 0x1e, 0x0a, 0x03, 0x74, 0x6c, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0c, + 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x64, 0x65, 0x73, 0x63, 0x5f, 0x74, 0x52, 0x03, 0x74, 0x6c, + 0x73, 0x2a, 0x2c, 0x0a, 0x12, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x78, 0x38, 0x36, 0x5f, 0x72, 0x65, + 0x67, 0x73, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x0a, 0x0a, 0x06, 0x4e, 0x41, 0x54, 0x49, 0x56, + 0x45, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x43, 0x4f, 0x4d, 0x50, 0x41, 0x54, 0x10, 0x02, } var ( @@ -921,19 +919,19 @@ func file_core_x86_proto_rawDescGZIP() []byte { var file_core_x86_proto_enumTypes = make([]protoimpl.EnumInfo, 1) var file_core_x86_proto_msgTypes = make([]protoimpl.MessageInfo, 5) var file_core_x86_proto_goTypes = []interface{}{ - (UserX86RegsMode)(0), // 0: criu.user_x86_regs_mode - (*UserX86RegsEntry)(nil), // 1: criu.user_x86_regs_entry - (*UserX86XsaveEntry)(nil), // 2: criu.user_x86_xsave_entry - (*UserX86FpregsEntry)(nil), // 3: criu.user_x86_fpregs_entry - (*UserDescT)(nil), // 4: criu.user_desc_t - (*ThreadInfoX86)(nil), // 5: criu.thread_info_x86 + (UserX86RegsMode)(0), // 0: user_x86_regs_mode + (*UserX86RegsEntry)(nil), // 1: user_x86_regs_entry + (*UserX86XsaveEntry)(nil), // 2: user_x86_xsave_entry + (*UserX86FpregsEntry)(nil), // 3: user_x86_fpregs_entry + (*UserDescT)(nil), // 4: user_desc_t + (*ThreadInfoX86)(nil), // 5: thread_info_x86 } var file_core_x86_proto_depIdxs = []int32{ - 0, // 0: criu.user_x86_regs_entry.mode:type_name -> criu.user_x86_regs_mode - 2, // 1: criu.user_x86_fpregs_entry.xsave:type_name -> criu.user_x86_xsave_entry - 1, // 2: criu.thread_info_x86.gpregs:type_name -> criu.user_x86_regs_entry - 3, // 3: criu.thread_info_x86.fpregs:type_name -> criu.user_x86_fpregs_entry - 4, // 4: criu.thread_info_x86.tls:type_name -> criu.user_desc_t + 0, // 0: user_x86_regs_entry.mode:type_name -> user_x86_regs_mode + 2, // 1: user_x86_fpregs_entry.xsave:type_name -> user_x86_xsave_entry + 1, // 2: thread_info_x86.gpregs:type_name -> user_x86_regs_entry + 3, // 3: thread_info_x86.fpregs:type_name -> user_x86_fpregs_entry + 4, // 4: thread_info_x86.tls:type_name -> user_desc_t 5, // [5:5] is the sub-list for method output_type 5, // [5:5] is the sub-list for method input_type 5, // [5:5] is the sub-list for extension type_name diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-x86.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-x86.proto index 8296ac42185..815cf21ff85 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-x86.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-x86.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; import "opts.proto"; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/cpuinfo.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/cpuinfo.pb.go index 298f9d1ef81..5cff4dc5525 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/cpuinfo.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/cpuinfo.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: cpuinfo.proto package images @@ -142,7 +142,7 @@ type CpuinfoX86Entry struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - VendorId *CpuinfoX86EntryVendor `protobuf:"varint,1,req,name=vendor_id,json=vendorId,enum=criu.CpuinfoX86EntryVendor" json:"vendor_id,omitempty"` + VendorId *CpuinfoX86EntryVendor `protobuf:"varint,1,req,name=vendor_id,json=vendorId,enum=CpuinfoX86EntryVendor" json:"vendor_id,omitempty"` CpuFamily *uint32 `protobuf:"varint,2,req,name=cpu_family,json=cpuFamily" json:"cpu_family,omitempty"` Model *uint32 `protobuf:"varint,3,req,name=model" json:"model,omitempty"` Stepping *uint32 `protobuf:"varint,4,req,name=stepping" json:"stepping,omitempty"` @@ -261,7 +261,7 @@ type CpuinfoPpc64Entry struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Endian *CpuinfoPpc64EntryEndianness `protobuf:"varint,1,req,name=endian,enum=criu.CpuinfoPpc64EntryEndianness" json:"endian,omitempty"` + Endian *CpuinfoPpc64EntryEndianness `protobuf:"varint,1,req,name=endian,enum=CpuinfoPpc64EntryEndianness" json:"endian,omitempty"` Hwcap []uint64 `protobuf:"varint,2,rep,name=hwcap" json:"hwcap,omitempty"` } @@ -427,37 +427,36 @@ func (x *CpuinfoEntry) GetS390Entry() []*CpuinfoS390Entry { var File_cpuinfo_proto protoreflect.FileDescriptor var file_cpuinfo_proto_rawDesc = []byte{ - 0x0a, 0x0d, 0x63, 0x70, 0x75, 0x69, 0x6e, 0x66, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, - 0x04, 0x63, 0x72, 0x69, 0x75, 0x22, 0x9a, 0x03, 0x0a, 0x11, 0x63, 0x70, 0x75, 0x69, 0x6e, 0x66, - 0x6f, 0x5f, 0x78, 0x38, 0x36, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x3b, 0x0a, 0x09, 0x76, - 0x65, 0x6e, 0x64, 0x6f, 0x72, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0e, 0x32, 0x1e, - 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x63, 0x70, 0x75, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x78, 0x38, - 0x36, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x76, 0x65, 0x6e, 0x64, 0x6f, 0x72, 0x52, 0x08, - 0x76, 0x65, 0x6e, 0x64, 0x6f, 0x72, 0x49, 0x64, 0x12, 0x1d, 0x0a, 0x0a, 0x63, 0x70, 0x75, 0x5f, - 0x66, 0x61, 0x6d, 0x69, 0x6c, 0x79, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x09, 0x63, 0x70, - 0x75, 0x46, 0x61, 0x6d, 0x69, 0x6c, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x6d, 0x6f, 0x64, 0x65, 0x6c, - 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x12, 0x1a, 0x0a, - 0x08, 0x73, 0x74, 0x65, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x52, - 0x08, 0x73, 0x74, 0x65, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x12, 0x25, 0x0a, 0x0e, 0x63, 0x61, 0x70, - 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x5f, 0x76, 0x65, 0x72, 0x18, 0x05, 0x20, 0x02, 0x28, - 0x0d, 0x52, 0x0d, 0x63, 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x56, 0x65, 0x72, - 0x12, 0x1e, 0x0a, 0x0a, 0x63, 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x18, 0x06, - 0x20, 0x03, 0x28, 0x0d, 0x52, 0x0a, 0x63, 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, - 0x12, 0x19, 0x0a, 0x08, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x5f, 0x69, 0x64, 0x18, 0x07, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x07, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x49, 0x64, 0x12, 0x25, 0x0a, 0x0e, 0x78, - 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x5f, 0x6d, 0x61, 0x73, 0x6b, 0x18, 0x08, 0x20, - 0x01, 0x28, 0x04, 0x52, 0x0d, 0x78, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x4d, 0x61, - 0x73, 0x6b, 0x12, 0x1d, 0x0a, 0x0a, 0x78, 0x73, 0x61, 0x76, 0x65, 0x5f, 0x73, 0x69, 0x7a, 0x65, - 0x18, 0x09, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x09, 0x78, 0x73, 0x61, 0x76, 0x65, 0x53, 0x69, 0x7a, - 0x65, 0x12, 0x24, 0x0a, 0x0e, 0x78, 0x73, 0x61, 0x76, 0x65, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x5f, - 0x6d, 0x61, 0x78, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0c, 0x78, 0x73, 0x61, 0x76, 0x65, - 0x53, 0x69, 0x7a, 0x65, 0x4d, 0x61, 0x78, 0x22, 0x29, 0x0a, 0x06, 0x76, 0x65, 0x6e, 0x64, 0x6f, - 0x72, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x09, - 0x0a, 0x05, 0x49, 0x4e, 0x54, 0x45, 0x4c, 0x10, 0x01, 0x12, 0x07, 0x0a, 0x03, 0x41, 0x4d, 0x44, - 0x10, 0x02, 0x22, 0x98, 0x01, 0x0a, 0x13, 0x63, 0x70, 0x75, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x70, - 0x70, 0x63, 0x36, 0x34, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x3c, 0x0a, 0x06, 0x65, 0x6e, - 0x64, 0x69, 0x61, 0x6e, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0e, 0x32, 0x24, 0x2e, 0x63, 0x72, 0x69, - 0x75, 0x2e, 0x63, 0x70, 0x75, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x70, 0x70, 0x63, 0x36, 0x34, 0x5f, + 0x0a, 0x0d, 0x63, 0x70, 0x75, 0x69, 0x6e, 0x66, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, + 0x95, 0x03, 0x0a, 0x11, 0x63, 0x70, 0x75, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x78, 0x38, 0x36, 0x5f, + 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x36, 0x0a, 0x09, 0x76, 0x65, 0x6e, 0x64, 0x6f, 0x72, 0x5f, + 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0e, 0x32, 0x19, 0x2e, 0x63, 0x70, 0x75, 0x69, 0x6e, + 0x66, 0x6f, 0x5f, 0x78, 0x38, 0x36, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x76, 0x65, 0x6e, + 0x64, 0x6f, 0x72, 0x52, 0x08, 0x76, 0x65, 0x6e, 0x64, 0x6f, 0x72, 0x49, 0x64, 0x12, 0x1d, 0x0a, + 0x0a, 0x63, 0x70, 0x75, 0x5f, 0x66, 0x61, 0x6d, 0x69, 0x6c, 0x79, 0x18, 0x02, 0x20, 0x02, 0x28, + 0x0d, 0x52, 0x09, 0x63, 0x70, 0x75, 0x46, 0x61, 0x6d, 0x69, 0x6c, 0x79, 0x12, 0x14, 0x0a, 0x05, + 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x6d, 0x6f, 0x64, + 0x65, 0x6c, 0x12, 0x1a, 0x0a, 0x08, 0x73, 0x74, 0x65, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x18, 0x04, + 0x20, 0x02, 0x28, 0x0d, 0x52, 0x08, 0x73, 0x74, 0x65, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x12, 0x25, + 0x0a, 0x0e, 0x63, 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x5f, 0x76, 0x65, 0x72, + 0x18, 0x05, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x0d, 0x63, 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, 0x69, + 0x74, 0x79, 0x56, 0x65, 0x72, 0x12, 0x1e, 0x0a, 0x0a, 0x63, 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, + 0x69, 0x74, 0x79, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0d, 0x52, 0x0a, 0x63, 0x61, 0x70, 0x61, 0x62, + 0x69, 0x6c, 0x69, 0x74, 0x79, 0x12, 0x19, 0x0a, 0x08, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x5f, 0x69, + 0x64, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x49, 0x64, + 0x12, 0x25, 0x0a, 0x0e, 0x78, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x5f, 0x6d, 0x61, + 0x73, 0x6b, 0x18, 0x08, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0d, 0x78, 0x66, 0x65, 0x61, 0x74, 0x75, + 0x72, 0x65, 0x73, 0x4d, 0x61, 0x73, 0x6b, 0x12, 0x1d, 0x0a, 0x0a, 0x78, 0x73, 0x61, 0x76, 0x65, + 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x09, 0x78, 0x73, 0x61, + 0x76, 0x65, 0x53, 0x69, 0x7a, 0x65, 0x12, 0x24, 0x0a, 0x0e, 0x78, 0x73, 0x61, 0x76, 0x65, 0x5f, + 0x73, 0x69, 0x7a, 0x65, 0x5f, 0x6d, 0x61, 0x78, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0c, + 0x78, 0x73, 0x61, 0x76, 0x65, 0x53, 0x69, 0x7a, 0x65, 0x4d, 0x61, 0x78, 0x22, 0x29, 0x0a, 0x06, + 0x76, 0x65, 0x6e, 0x64, 0x6f, 0x72, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, + 0x4e, 0x10, 0x00, 0x12, 0x09, 0x0a, 0x05, 0x49, 0x4e, 0x54, 0x45, 0x4c, 0x10, 0x01, 0x12, 0x07, + 0x0a, 0x03, 0x41, 0x4d, 0x44, 0x10, 0x02, 0x22, 0x93, 0x01, 0x0a, 0x13, 0x63, 0x70, 0x75, 0x69, + 0x6e, 0x66, 0x6f, 0x5f, 0x70, 0x70, 0x63, 0x36, 0x34, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, + 0x37, 0x0a, 0x06, 0x65, 0x6e, 0x64, 0x69, 0x61, 0x6e, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0e, 0x32, + 0x1f, 0x2e, 0x63, 0x70, 0x75, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x70, 0x70, 0x63, 0x36, 0x34, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x65, 0x6e, 0x64, 0x69, 0x61, 0x6e, 0x6e, 0x65, 0x73, 0x73, 0x52, 0x06, 0x65, 0x6e, 0x64, 0x69, 0x61, 0x6e, 0x12, 0x14, 0x0a, 0x05, 0x68, 0x77, 0x63, 0x61, 0x70, 0x18, 0x02, 0x20, 0x03, 0x28, 0x04, 0x52, 0x05, 0x68, 0x77, 0x63, 0x61, 0x70, 0x22, 0x2d, @@ -466,19 +465,18 @@ var file_cpuinfo_proto_rawDesc = []byte{ 0x49, 0x54, 0x54, 0x4c, 0x45, 0x45, 0x4e, 0x44, 0x49, 0x41, 0x4e, 0x10, 0x01, 0x22, 0x2a, 0x0a, 0x12, 0x63, 0x70, 0x75, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x73, 0x33, 0x39, 0x30, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x68, 0x77, 0x63, 0x61, 0x70, 0x18, 0x02, 0x20, 0x03, - 0x28, 0x04, 0x52, 0x05, 0x68, 0x77, 0x63, 0x61, 0x70, 0x22, 0xba, 0x01, 0x0a, 0x0d, 0x63, 0x70, - 0x75, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x34, 0x0a, 0x09, 0x78, - 0x38, 0x36, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x17, - 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x63, 0x70, 0x75, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x78, 0x38, - 0x36, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x08, 0x78, 0x38, 0x36, 0x45, 0x6e, 0x74, 0x72, - 0x79, 0x12, 0x3a, 0x0a, 0x0b, 0x70, 0x70, 0x63, 0x36, 0x34, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, - 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x63, 0x70, - 0x75, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x70, 0x70, 0x63, 0x36, 0x34, 0x5f, 0x65, 0x6e, 0x74, 0x72, - 0x79, 0x52, 0x0a, 0x70, 0x70, 0x63, 0x36, 0x34, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x37, 0x0a, - 0x0a, 0x73, 0x33, 0x39, 0x30, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x18, 0x03, 0x20, 0x03, 0x28, - 0x0b, 0x32, 0x18, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x63, 0x70, 0x75, 0x69, 0x6e, 0x66, 0x6f, - 0x5f, 0x73, 0x33, 0x39, 0x30, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x09, 0x73, 0x33, 0x39, - 0x30, 0x45, 0x6e, 0x74, 0x72, 0x79, + 0x28, 0x04, 0x52, 0x05, 0x68, 0x77, 0x63, 0x61, 0x70, 0x22, 0xab, 0x01, 0x0a, 0x0d, 0x63, 0x70, + 0x75, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x2f, 0x0a, 0x09, 0x78, + 0x38, 0x36, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x12, + 0x2e, 0x63, 0x70, 0x75, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x78, 0x38, 0x36, 0x5f, 0x65, 0x6e, 0x74, + 0x72, 0x79, 0x52, 0x08, 0x78, 0x38, 0x36, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x35, 0x0a, 0x0b, + 0x70, 0x70, 0x63, 0x36, 0x34, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x18, 0x02, 0x20, 0x03, 0x28, + 0x0b, 0x32, 0x14, 0x2e, 0x63, 0x70, 0x75, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x70, 0x70, 0x63, 0x36, + 0x34, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0a, 0x70, 0x70, 0x63, 0x36, 0x34, 0x45, 0x6e, + 0x74, 0x72, 0x79, 0x12, 0x32, 0x0a, 0x0a, 0x73, 0x33, 0x39, 0x30, 0x5f, 0x65, 0x6e, 0x74, 0x72, + 0x79, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x63, 0x70, 0x75, 0x69, 0x6e, 0x66, + 0x6f, 0x5f, 0x73, 0x33, 0x39, 0x30, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x09, 0x73, 0x33, + 0x39, 0x30, 0x45, 0x6e, 0x74, 0x72, 0x79, } var ( @@ -496,19 +494,19 @@ func file_cpuinfo_proto_rawDescGZIP() []byte { var file_cpuinfo_proto_enumTypes = make([]protoimpl.EnumInfo, 2) var file_cpuinfo_proto_msgTypes = make([]protoimpl.MessageInfo, 4) var file_cpuinfo_proto_goTypes = []interface{}{ - (CpuinfoX86EntryVendor)(0), // 0: criu.cpuinfo_x86_entry.vendor - (CpuinfoPpc64EntryEndianness)(0), // 1: criu.cpuinfo_ppc64_entry.endianness - (*CpuinfoX86Entry)(nil), // 2: criu.cpuinfo_x86_entry - (*CpuinfoPpc64Entry)(nil), // 3: criu.cpuinfo_ppc64_entry - (*CpuinfoS390Entry)(nil), // 4: criu.cpuinfo_s390_entry - (*CpuinfoEntry)(nil), // 5: criu.cpuinfo_entry + (CpuinfoX86EntryVendor)(0), // 0: cpuinfo_x86_entry.vendor + (CpuinfoPpc64EntryEndianness)(0), // 1: cpuinfo_ppc64_entry.endianness + (*CpuinfoX86Entry)(nil), // 2: cpuinfo_x86_entry + (*CpuinfoPpc64Entry)(nil), // 3: cpuinfo_ppc64_entry + (*CpuinfoS390Entry)(nil), // 4: cpuinfo_s390_entry + (*CpuinfoEntry)(nil), // 5: cpuinfo_entry } var file_cpuinfo_proto_depIdxs = []int32{ - 0, // 0: criu.cpuinfo_x86_entry.vendor_id:type_name -> criu.cpuinfo_x86_entry.vendor - 1, // 1: criu.cpuinfo_ppc64_entry.endian:type_name -> criu.cpuinfo_ppc64_entry.endianness - 2, // 2: criu.cpuinfo_entry.x86_entry:type_name -> criu.cpuinfo_x86_entry - 3, // 3: criu.cpuinfo_entry.ppc64_entry:type_name -> criu.cpuinfo_ppc64_entry - 4, // 4: criu.cpuinfo_entry.s390_entry:type_name -> criu.cpuinfo_s390_entry + 0, // 0: cpuinfo_x86_entry.vendor_id:type_name -> cpuinfo_x86_entry.vendor + 1, // 1: cpuinfo_ppc64_entry.endian:type_name -> cpuinfo_ppc64_entry.endianness + 2, // 2: cpuinfo_entry.x86_entry:type_name -> cpuinfo_x86_entry + 3, // 3: cpuinfo_entry.ppc64_entry:type_name -> cpuinfo_ppc64_entry + 4, // 4: cpuinfo_entry.s390_entry:type_name -> cpuinfo_s390_entry 5, // [5:5] is the sub-list for method output_type 5, // [5:5] is the sub-list for method input_type 5, // [5:5] is the sub-list for extension type_name diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/cpuinfo.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/cpuinfo.proto index 0ea16c440ef..15860a90c52 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/cpuinfo.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/cpuinfo.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; message cpuinfo_x86_entry { enum vendor { diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/creds.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/creds.pb.go index 1b0592b1810..87e504acbff 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/creds.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/creds.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: creds.proto package images @@ -200,35 +200,34 @@ func (x *CredsEntry) GetApparmorData() []byte { var File_creds_proto protoreflect.FileDescriptor var file_creds_proto_rawDesc = []byte{ - 0x0a, 0x0b, 0x63, 0x72, 0x65, 0x64, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x63, - 0x72, 0x69, 0x75, 0x22, 0xb0, 0x03, 0x0a, 0x0b, 0x63, 0x72, 0x65, 0x64, 0x73, 0x5f, 0x65, 0x6e, - 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, - 0x52, 0x03, 0x75, 0x69, 0x64, 0x12, 0x10, 0x0a, 0x03, 0x67, 0x69, 0x64, 0x18, 0x02, 0x20, 0x02, - 0x28, 0x0d, 0x52, 0x03, 0x67, 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x65, 0x75, 0x69, 0x64, 0x18, - 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x65, 0x75, 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x65, - 0x67, 0x69, 0x64, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x65, 0x67, 0x69, 0x64, 0x12, - 0x12, 0x0a, 0x04, 0x73, 0x75, 0x69, 0x64, 0x18, 0x05, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x73, - 0x75, 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x73, 0x67, 0x69, 0x64, 0x18, 0x06, 0x20, 0x02, 0x28, - 0x0d, 0x52, 0x04, 0x73, 0x67, 0x69, 0x64, 0x12, 0x14, 0x0a, 0x05, 0x66, 0x73, 0x75, 0x69, 0x64, - 0x18, 0x07, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x66, 0x73, 0x75, 0x69, 0x64, 0x12, 0x14, 0x0a, - 0x05, 0x66, 0x73, 0x67, 0x69, 0x64, 0x18, 0x08, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x66, 0x73, - 0x67, 0x69, 0x64, 0x12, 0x17, 0x0a, 0x07, 0x63, 0x61, 0x70, 0x5f, 0x69, 0x6e, 0x68, 0x18, 0x09, - 0x20, 0x03, 0x28, 0x0d, 0x52, 0x06, 0x63, 0x61, 0x70, 0x49, 0x6e, 0x68, 0x12, 0x17, 0x0a, 0x07, - 0x63, 0x61, 0x70, 0x5f, 0x70, 0x72, 0x6d, 0x18, 0x0a, 0x20, 0x03, 0x28, 0x0d, 0x52, 0x06, 0x63, - 0x61, 0x70, 0x50, 0x72, 0x6d, 0x12, 0x17, 0x0a, 0x07, 0x63, 0x61, 0x70, 0x5f, 0x65, 0x66, 0x66, - 0x18, 0x0b, 0x20, 0x03, 0x28, 0x0d, 0x52, 0x06, 0x63, 0x61, 0x70, 0x45, 0x66, 0x66, 0x12, 0x17, - 0x0a, 0x07, 0x63, 0x61, 0x70, 0x5f, 0x62, 0x6e, 0x64, 0x18, 0x0c, 0x20, 0x03, 0x28, 0x0d, 0x52, - 0x06, 0x63, 0x61, 0x70, 0x42, 0x6e, 0x64, 0x12, 0x18, 0x0a, 0x07, 0x73, 0x65, 0x63, 0x62, 0x69, - 0x74, 0x73, 0x18, 0x0d, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x73, 0x65, 0x63, 0x62, 0x69, 0x74, - 0x73, 0x12, 0x16, 0x0a, 0x06, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x18, 0x0e, 0x20, 0x03, 0x28, - 0x0d, 0x52, 0x06, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x12, 0x1f, 0x0a, 0x0b, 0x6c, 0x73, 0x6d, - 0x5f, 0x70, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, - 0x6c, 0x73, 0x6d, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x12, 0x25, 0x0a, 0x0e, 0x6c, 0x73, - 0x6d, 0x5f, 0x73, 0x6f, 0x63, 0x6b, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x18, 0x10, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x0d, 0x6c, 0x73, 0x6d, 0x53, 0x6f, 0x63, 0x6b, 0x63, 0x72, 0x65, 0x61, 0x74, - 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x61, 0x70, 0x70, 0x61, 0x72, 0x6d, 0x6f, 0x72, 0x5f, 0x64, 0x61, - 0x74, 0x61, 0x18, 0x11, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0c, 0x61, 0x70, 0x70, 0x61, 0x72, 0x6d, - 0x6f, 0x72, 0x44, 0x61, 0x74, 0x61, + 0x0a, 0x0b, 0x63, 0x72, 0x65, 0x64, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xb0, 0x03, + 0x0a, 0x0b, 0x63, 0x72, 0x65, 0x64, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, + 0x03, 0x75, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, 0x75, 0x69, 0x64, 0x12, + 0x10, 0x0a, 0x03, 0x67, 0x69, 0x64, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, 0x67, 0x69, + 0x64, 0x12, 0x12, 0x0a, 0x04, 0x65, 0x75, 0x69, 0x64, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, + 0x04, 0x65, 0x75, 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x65, 0x67, 0x69, 0x64, 0x18, 0x04, 0x20, + 0x02, 0x28, 0x0d, 0x52, 0x04, 0x65, 0x67, 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x73, 0x75, 0x69, + 0x64, 0x18, 0x05, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x73, 0x75, 0x69, 0x64, 0x12, 0x12, 0x0a, + 0x04, 0x73, 0x67, 0x69, 0x64, 0x18, 0x06, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x73, 0x67, 0x69, + 0x64, 0x12, 0x14, 0x0a, 0x05, 0x66, 0x73, 0x75, 0x69, 0x64, 0x18, 0x07, 0x20, 0x02, 0x28, 0x0d, + 0x52, 0x05, 0x66, 0x73, 0x75, 0x69, 0x64, 0x12, 0x14, 0x0a, 0x05, 0x66, 0x73, 0x67, 0x69, 0x64, + 0x18, 0x08, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x66, 0x73, 0x67, 0x69, 0x64, 0x12, 0x17, 0x0a, + 0x07, 0x63, 0x61, 0x70, 0x5f, 0x69, 0x6e, 0x68, 0x18, 0x09, 0x20, 0x03, 0x28, 0x0d, 0x52, 0x06, + 0x63, 0x61, 0x70, 0x49, 0x6e, 0x68, 0x12, 0x17, 0x0a, 0x07, 0x63, 0x61, 0x70, 0x5f, 0x70, 0x72, + 0x6d, 0x18, 0x0a, 0x20, 0x03, 0x28, 0x0d, 0x52, 0x06, 0x63, 0x61, 0x70, 0x50, 0x72, 0x6d, 0x12, + 0x17, 0x0a, 0x07, 0x63, 0x61, 0x70, 0x5f, 0x65, 0x66, 0x66, 0x18, 0x0b, 0x20, 0x03, 0x28, 0x0d, + 0x52, 0x06, 0x63, 0x61, 0x70, 0x45, 0x66, 0x66, 0x12, 0x17, 0x0a, 0x07, 0x63, 0x61, 0x70, 0x5f, + 0x62, 0x6e, 0x64, 0x18, 0x0c, 0x20, 0x03, 0x28, 0x0d, 0x52, 0x06, 0x63, 0x61, 0x70, 0x42, 0x6e, + 0x64, 0x12, 0x18, 0x0a, 0x07, 0x73, 0x65, 0x63, 0x62, 0x69, 0x74, 0x73, 0x18, 0x0d, 0x20, 0x02, + 0x28, 0x0d, 0x52, 0x07, 0x73, 0x65, 0x63, 0x62, 0x69, 0x74, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x67, + 0x72, 0x6f, 0x75, 0x70, 0x73, 0x18, 0x0e, 0x20, 0x03, 0x28, 0x0d, 0x52, 0x06, 0x67, 0x72, 0x6f, + 0x75, 0x70, 0x73, 0x12, 0x1f, 0x0a, 0x0b, 0x6c, 0x73, 0x6d, 0x5f, 0x70, 0x72, 0x6f, 0x66, 0x69, + 0x6c, 0x65, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x6c, 0x73, 0x6d, 0x50, 0x72, 0x6f, + 0x66, 0x69, 0x6c, 0x65, 0x12, 0x25, 0x0a, 0x0e, 0x6c, 0x73, 0x6d, 0x5f, 0x73, 0x6f, 0x63, 0x6b, + 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x18, 0x10, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x6c, 0x73, + 0x6d, 0x53, 0x6f, 0x63, 0x6b, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x61, + 0x70, 0x70, 0x61, 0x72, 0x6d, 0x6f, 0x72, 0x5f, 0x64, 0x61, 0x74, 0x61, 0x18, 0x11, 0x20, 0x01, + 0x28, 0x0c, 0x52, 0x0c, 0x61, 0x70, 0x70, 0x61, 0x72, 0x6d, 0x6f, 0x72, 0x44, 0x61, 0x74, 0x61, } var ( @@ -245,7 +244,7 @@ func file_creds_proto_rawDescGZIP() []byte { var file_creds_proto_msgTypes = make([]protoimpl.MessageInfo, 1) var file_creds_proto_goTypes = []interface{}{ - (*CredsEntry)(nil), // 0: criu.creds_entry + (*CredsEntry)(nil), // 0: creds_entry } var file_creds_proto_depIdxs = []int32{ 0, // [0:0] is the sub-list for method output_type diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/creds.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/creds.proto index eedcb4de8b3..6228f7fcbb7 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/creds.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/creds.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; message creds_entry { required uint32 uid = 1; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/criu-core.pb.go similarity index 54% rename from vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core.pb.go rename to vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/criu-core.pb.go index 43f9ab3c106..cb932042795 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/criu-core.pb.go @@ -3,8 +3,8 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 -// source: core.proto +// protoc v3.21.5 +// source: criu-core.proto package images @@ -56,11 +56,11 @@ func (x SeccompMode) String() string { } func (SeccompMode) Descriptor() protoreflect.EnumDescriptor { - return file_core_proto_enumTypes[0].Descriptor() + return file_criu_core_proto_enumTypes[0].Descriptor() } func (SeccompMode) Type() protoreflect.EnumType { - return &file_core_proto_enumTypes[0] + return &file_criu_core_proto_enumTypes[0] } func (x SeccompMode) Number() protoreflect.EnumNumber { @@ -79,7 +79,7 @@ func (x *SeccompMode) UnmarshalJSON(b []byte) error { // Deprecated: Use SeccompMode.Descriptor instead. func (SeccompMode) EnumDescriptor() ([]byte, []int) { - return file_core_proto_rawDescGZIP(), []int{0} + return file_criu_core_proto_rawDescGZIP(), []int{0} } type CoreEntryMarch int32 @@ -127,11 +127,11 @@ func (x CoreEntryMarch) String() string { } func (CoreEntryMarch) Descriptor() protoreflect.EnumDescriptor { - return file_core_proto_enumTypes[1].Descriptor() + return file_criu_core_proto_enumTypes[1].Descriptor() } func (CoreEntryMarch) Type() protoreflect.EnumType { - return &file_core_proto_enumTypes[1] + return &file_criu_core_proto_enumTypes[1] } func (x CoreEntryMarch) Number() protoreflect.EnumNumber { @@ -150,7 +150,7 @@ func (x *CoreEntryMarch) UnmarshalJSON(b []byte) error { // Deprecated: Use CoreEntryMarch.Descriptor instead. func (CoreEntryMarch) EnumDescriptor() ([]byte, []int) { - return file_core_proto_rawDescGZIP(), []int{5, 0} + return file_criu_core_proto_rawDescGZIP(), []int{5, 0} } type TaskCoreEntry struct { @@ -169,7 +169,7 @@ type TaskCoreEntry struct { CgSet *uint32 `protobuf:"varint,9,opt,name=cg_set,json=cgSet" json:"cg_set,omitempty"` SignalsS *SignalQueueEntry `protobuf:"bytes,10,opt,name=signals_s,json=signalsS" json:"signals_s,omitempty"` // These two are deprecated, should be per-thread - OldSeccompMode *SeccompMode `protobuf:"varint,11,opt,name=old_seccomp_mode,json=oldSeccompMode,enum=criu.SeccompMode" json:"old_seccomp_mode,omitempty"` + OldSeccompMode *SeccompMode `protobuf:"varint,11,opt,name=old_seccomp_mode,json=oldSeccompMode,enum=SeccompMode" json:"old_seccomp_mode,omitempty"` OldSeccompFilter *uint32 `protobuf:"varint,12,opt,name=old_seccomp_filter,json=oldSeccompFilter" json:"old_seccomp_filter,omitempty"` Loginuid *uint32 `protobuf:"varint,13,opt,name=loginuid" json:"loginuid,omitempty"` OomScoreAdj *int32 `protobuf:"varint,14,opt,name=oom_score_adj,json=oomScoreAdj" json:"oom_score_adj,omitempty"` @@ -183,7 +183,7 @@ type TaskCoreEntry struct { func (x *TaskCoreEntry) Reset() { *x = TaskCoreEntry{} if protoimpl.UnsafeEnabled { - mi := &file_core_proto_msgTypes[0] + mi := &file_criu_core_proto_msgTypes[0] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -196,7 +196,7 @@ func (x *TaskCoreEntry) String() string { func (*TaskCoreEntry) ProtoMessage() {} func (x *TaskCoreEntry) ProtoReflect() protoreflect.Message { - mi := &file_core_proto_msgTypes[0] + mi := &file_criu_core_proto_msgTypes[0] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -209,7 +209,7 @@ func (x *TaskCoreEntry) ProtoReflect() protoreflect.Message { // Deprecated: Use TaskCoreEntry.ProtoReflect.Descriptor instead. func (*TaskCoreEntry) Descriptor() ([]byte, []int) { - return file_core_proto_rawDescGZIP(), []int{0} + return file_criu_core_proto_rawDescGZIP(), []int{0} } func (x *TaskCoreEntry) GetTaskState() uint32 { @@ -353,7 +353,7 @@ type TaskKobjIdsEntry struct { func (x *TaskKobjIdsEntry) Reset() { *x = TaskKobjIdsEntry{} if protoimpl.UnsafeEnabled { - mi := &file_core_proto_msgTypes[1] + mi := &file_criu_core_proto_msgTypes[1] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -366,7 +366,7 @@ func (x *TaskKobjIdsEntry) String() string { func (*TaskKobjIdsEntry) ProtoMessage() {} func (x *TaskKobjIdsEntry) ProtoReflect() protoreflect.Message { - mi := &file_core_proto_msgTypes[1] + mi := &file_criu_core_proto_msgTypes[1] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -379,7 +379,7 @@ func (x *TaskKobjIdsEntry) ProtoReflect() protoreflect.Message { // Deprecated: Use TaskKobjIdsEntry.ProtoReflect.Descriptor instead. func (*TaskKobjIdsEntry) Descriptor() ([]byte, []int) { - return file_core_proto_rawDescGZIP(), []int{1} + return file_criu_core_proto_rawDescGZIP(), []int{1} } func (x *TaskKobjIdsEntry) GetVmId() uint32 { @@ -479,7 +479,7 @@ type ThreadSasEntry struct { func (x *ThreadSasEntry) Reset() { *x = ThreadSasEntry{} if protoimpl.UnsafeEnabled { - mi := &file_core_proto_msgTypes[2] + mi := &file_criu_core_proto_msgTypes[2] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -492,7 +492,7 @@ func (x *ThreadSasEntry) String() string { func (*ThreadSasEntry) ProtoMessage() {} func (x *ThreadSasEntry) ProtoReflect() protoreflect.Message { - mi := &file_core_proto_msgTypes[2] + mi := &file_criu_core_proto_msgTypes[2] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -505,7 +505,7 @@ func (x *ThreadSasEntry) ProtoReflect() protoreflect.Message { // Deprecated: Use ThreadSasEntry.ProtoReflect.Descriptor instead. func (*ThreadSasEntry) Descriptor() ([]byte, []int) { - return file_core_proto_rawDescGZIP(), []int{2} + return file_criu_core_proto_rawDescGZIP(), []int{2} } func (x *ThreadSasEntry) GetSsSp() uint64 { @@ -544,7 +544,7 @@ type ThreadCoreEntry struct { PdeathSig *uint32 `protobuf:"varint,8,opt,name=pdeath_sig,json=pdeathSig" json:"pdeath_sig,omitempty"` SignalsP *SignalQueueEntry `protobuf:"bytes,9,opt,name=signals_p,json=signalsP" json:"signals_p,omitempty"` Creds *CredsEntry `protobuf:"bytes,10,opt,name=creds" json:"creds,omitempty"` - SeccompMode *SeccompMode `protobuf:"varint,11,opt,name=seccomp_mode,json=seccompMode,enum=criu.SeccompMode" json:"seccomp_mode,omitempty"` + SeccompMode *SeccompMode `protobuf:"varint,11,opt,name=seccomp_mode,json=seccompMode,enum=SeccompMode" json:"seccomp_mode,omitempty"` SeccompFilter *uint32 `protobuf:"varint,12,opt,name=seccomp_filter,json=seccompFilter" json:"seccomp_filter,omitempty"` Comm *string `protobuf:"bytes,13,opt,name=comm" json:"comm,omitempty"` BlkSigsetExtended *uint64 `protobuf:"varint,14,opt,name=blk_sigset_extended,json=blkSigsetExtended" json:"blk_sigset_extended,omitempty"` @@ -554,7 +554,7 @@ type ThreadCoreEntry struct { func (x *ThreadCoreEntry) Reset() { *x = ThreadCoreEntry{} if protoimpl.UnsafeEnabled { - mi := &file_core_proto_msgTypes[3] + mi := &file_criu_core_proto_msgTypes[3] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -567,7 +567,7 @@ func (x *ThreadCoreEntry) String() string { func (*ThreadCoreEntry) ProtoMessage() {} func (x *ThreadCoreEntry) ProtoReflect() protoreflect.Message { - mi := &file_core_proto_msgTypes[3] + mi := &file_criu_core_proto_msgTypes[3] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -580,7 +580,7 @@ func (x *ThreadCoreEntry) ProtoReflect() protoreflect.Message { // Deprecated: Use ThreadCoreEntry.ProtoReflect.Descriptor instead. func (*ThreadCoreEntry) Descriptor() ([]byte, []int) { - return file_core_proto_rawDescGZIP(), []int{3} + return file_criu_core_proto_rawDescGZIP(), []int{3} } func (x *ThreadCoreEntry) GetFutexRla() uint64 { @@ -699,7 +699,7 @@ type TaskRlimitsEntry struct { func (x *TaskRlimitsEntry) Reset() { *x = TaskRlimitsEntry{} if protoimpl.UnsafeEnabled { - mi := &file_core_proto_msgTypes[4] + mi := &file_criu_core_proto_msgTypes[4] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -712,7 +712,7 @@ func (x *TaskRlimitsEntry) String() string { func (*TaskRlimitsEntry) ProtoMessage() {} func (x *TaskRlimitsEntry) ProtoReflect() protoreflect.Message { - mi := &file_core_proto_msgTypes[4] + mi := &file_criu_core_proto_msgTypes[4] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -725,7 +725,7 @@ func (x *TaskRlimitsEntry) ProtoReflect() protoreflect.Message { // Deprecated: Use TaskRlimitsEntry.ProtoReflect.Descriptor instead. func (*TaskRlimitsEntry) Descriptor() ([]byte, []int) { - return file_core_proto_rawDescGZIP(), []int{4} + return file_criu_core_proto_rawDescGZIP(), []int{4} } func (x *TaskRlimitsEntry) GetRlimits() []*RlimitEntry { @@ -740,7 +740,7 @@ type CoreEntry struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Mtype *CoreEntryMarch `protobuf:"varint,1,req,name=mtype,enum=criu.CoreEntryMarch" json:"mtype,omitempty"` + Mtype *CoreEntryMarch `protobuf:"varint,1,req,name=mtype,enum=CoreEntryMarch" json:"mtype,omitempty"` ThreadInfo *ThreadInfoX86 `protobuf:"bytes,2,opt,name=thread_info,json=threadInfo" json:"thread_info,omitempty"` TiArm *ThreadInfoArm `protobuf:"bytes,6,opt,name=ti_arm,json=tiArm" json:"ti_arm,omitempty"` TiAarch64 *ThreadInfoAarch64 `protobuf:"bytes,8,opt,name=ti_aarch64,json=tiAarch64" json:"ti_aarch64,omitempty"` @@ -755,7 +755,7 @@ type CoreEntry struct { func (x *CoreEntry) Reset() { *x = CoreEntry{} if protoimpl.UnsafeEnabled { - mi := &file_core_proto_msgTypes[5] + mi := &file_criu_core_proto_msgTypes[5] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -768,7 +768,7 @@ func (x *CoreEntry) String() string { func (*CoreEntry) ProtoMessage() {} func (x *CoreEntry) ProtoReflect() protoreflect.Message { - mi := &file_core_proto_msgTypes[5] + mi := &file_criu_core_proto_msgTypes[5] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -781,7 +781,7 @@ func (x *CoreEntry) ProtoReflect() protoreflect.Message { // Deprecated: Use CoreEntry.ProtoReflect.Descriptor instead. func (*CoreEntry) Descriptor() ([]byte, []int) { - return file_core_proto_rawDescGZIP(), []int{5} + return file_criu_core_proto_rawDescGZIP(), []int{5} } func (x *CoreEntry) GetMtype() CoreEntryMarch { @@ -854,49 +854,48 @@ func (x *CoreEntry) GetThreadCore() *ThreadCoreEntry { return nil } -var File_core_proto protoreflect.FileDescriptor - -var file_core_proto_rawDesc = []byte{ - 0x0a, 0x0a, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x63, 0x72, - 0x69, 0x75, 0x1a, 0x0e, 0x63, 0x6f, 0x72, 0x65, 0x2d, 0x78, 0x38, 0x36, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x1a, 0x0e, 0x63, 0x6f, 0x72, 0x65, 0x2d, 0x61, 0x72, 0x6d, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x1a, 0x12, 0x63, 0x6f, 0x72, 0x65, 0x2d, 0x61, 0x61, 0x72, 0x63, 0x68, 0x36, 0x34, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x10, 0x63, 0x6f, 0x72, 0x65, 0x2d, 0x70, 0x70, 0x63, - 0x36, 0x34, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0f, 0x63, 0x6f, 0x72, 0x65, 0x2d, 0x73, - 0x33, 0x39, 0x30, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0f, 0x63, 0x6f, 0x72, 0x65, 0x2d, - 0x6d, 0x69, 0x70, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0c, 0x72, 0x6c, 0x69, 0x6d, - 0x69, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0b, 0x74, 0x69, 0x6d, 0x65, 0x72, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0b, 0x63, 0x72, 0x65, 0x64, 0x73, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x1a, 0x08, 0x73, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0d, 0x73, 0x69, - 0x67, 0x69, 0x6e, 0x66, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x72, 0x73, 0x65, - 0x71, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x22, 0xb8, 0x05, 0x0a, 0x0f, 0x74, 0x61, 0x73, 0x6b, 0x5f, 0x63, 0x6f, 0x72, - 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x27, 0x0a, 0x0a, 0x74, 0x61, 0x73, 0x6b, 0x5f, - 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x08, 0xd2, 0x3f, 0x05, - 0x32, 0x03, 0x67, 0x65, 0x6e, 0x52, 0x09, 0x74, 0x61, 0x73, 0x6b, 0x53, 0x74, 0x61, 0x74, 0x65, - 0x12, 0x1b, 0x0a, 0x09, 0x65, 0x78, 0x69, 0x74, 0x5f, 0x63, 0x6f, 0x64, 0x65, 0x18, 0x02, 0x20, - 0x02, 0x28, 0x0d, 0x52, 0x08, 0x65, 0x78, 0x69, 0x74, 0x43, 0x6f, 0x64, 0x65, 0x12, 0x20, 0x0a, - 0x0b, 0x70, 0x65, 0x72, 0x73, 0x6f, 0x6e, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x18, 0x03, 0x20, 0x02, - 0x28, 0x0d, 0x52, 0x0b, 0x70, 0x65, 0x72, 0x73, 0x6f, 0x6e, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x12, - 0x14, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, - 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x24, 0x0a, 0x0a, 0x62, 0x6c, 0x6b, 0x5f, 0x73, 0x69, 0x67, - 0x73, 0x65, 0x74, 0x18, 0x05, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, - 0x52, 0x09, 0x62, 0x6c, 0x6b, 0x53, 0x69, 0x67, 0x73, 0x65, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x63, - 0x6f, 0x6d, 0x6d, 0x18, 0x06, 0x20, 0x02, 0x28, 0x09, 0x52, 0x04, 0x63, 0x6f, 0x6d, 0x6d, 0x12, - 0x2f, 0x0a, 0x06, 0x74, 0x69, 0x6d, 0x65, 0x72, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x17, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x74, 0x61, 0x73, 0x6b, 0x5f, 0x74, 0x69, 0x6d, 0x65, - 0x72, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x06, 0x74, 0x69, 0x6d, 0x65, 0x72, 0x73, - 0x12, 0x32, 0x0a, 0x07, 0x72, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x18, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x74, 0x61, 0x73, 0x6b, 0x5f, 0x72, 0x6c, - 0x69, 0x6d, 0x69, 0x74, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x72, 0x6c, 0x69, - 0x6d, 0x69, 0x74, 0x73, 0x12, 0x15, 0x0a, 0x06, 0x63, 0x67, 0x5f, 0x73, 0x65, 0x74, 0x18, 0x09, - 0x20, 0x01, 0x28, 0x0d, 0x52, 0x05, 0x63, 0x67, 0x53, 0x65, 0x74, 0x12, 0x35, 0x0a, 0x09, 0x73, - 0x69, 0x67, 0x6e, 0x61, 0x6c, 0x73, 0x5f, 0x73, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x18, - 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x6c, 0x5f, 0x71, 0x75, 0x65, - 0x75, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x08, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x6c, - 0x73, 0x53, 0x12, 0x3c, 0x0a, 0x10, 0x6f, 0x6c, 0x64, 0x5f, 0x73, 0x65, 0x63, 0x63, 0x6f, 0x6d, - 0x70, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x12, 0x2e, 0x63, - 0x72, 0x69, 0x75, 0x2e, 0x73, 0x65, 0x63, 0x63, 0x6f, 0x6d, 0x70, 0x5f, 0x6d, 0x6f, 0x64, 0x65, +var File_criu_core_proto protoreflect.FileDescriptor + +var file_criu_core_proto_rawDesc = []byte{ + 0x0a, 0x0f, 0x63, 0x72, 0x69, 0x75, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x1a, 0x0e, 0x63, 0x6f, 0x72, 0x65, 0x2d, 0x78, 0x38, 0x36, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x1a, 0x0e, 0x63, 0x6f, 0x72, 0x65, 0x2d, 0x61, 0x72, 0x6d, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x1a, 0x12, 0x63, 0x6f, 0x72, 0x65, 0x2d, 0x61, 0x61, 0x72, 0x63, 0x68, 0x36, 0x34, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x10, 0x63, 0x6f, 0x72, 0x65, 0x2d, 0x70, 0x70, 0x63, 0x36, + 0x34, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0f, 0x63, 0x6f, 0x72, 0x65, 0x2d, 0x73, 0x33, + 0x39, 0x30, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0f, 0x63, 0x6f, 0x72, 0x65, 0x2d, 0x6d, + 0x69, 0x70, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0c, 0x72, 0x6c, 0x69, 0x6d, 0x69, + 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0b, 0x74, 0x69, 0x6d, 0x65, 0x72, 0x2e, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0b, 0x63, 0x72, 0x65, 0x64, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x1a, 0x0d, 0x63, 0x72, 0x69, 0x75, 0x2d, 0x73, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x1a, 0x0d, 0x73, 0x69, 0x67, 0x69, 0x6e, 0x66, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, + 0x0a, 0x72, 0x73, 0x65, 0x71, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x6f, 0x70, 0x74, + 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x9f, 0x05, 0x0a, 0x0f, 0x74, 0x61, 0x73, 0x6b, + 0x5f, 0x63, 0x6f, 0x72, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x27, 0x0a, 0x0a, 0x74, + 0x61, 0x73, 0x6b, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x42, + 0x08, 0xd2, 0x3f, 0x05, 0x32, 0x03, 0x67, 0x65, 0x6e, 0x52, 0x09, 0x74, 0x61, 0x73, 0x6b, 0x53, + 0x74, 0x61, 0x74, 0x65, 0x12, 0x1b, 0x0a, 0x09, 0x65, 0x78, 0x69, 0x74, 0x5f, 0x63, 0x6f, 0x64, + 0x65, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x08, 0x65, 0x78, 0x69, 0x74, 0x43, 0x6f, 0x64, + 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x70, 0x65, 0x72, 0x73, 0x6f, 0x6e, 0x61, 0x6c, 0x69, 0x74, 0x79, + 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x0b, 0x70, 0x65, 0x72, 0x73, 0x6f, 0x6e, 0x61, 0x6c, + 0x69, 0x74, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x04, 0x20, 0x02, + 0x28, 0x0d, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x24, 0x0a, 0x0a, 0x62, 0x6c, 0x6b, + 0x5f, 0x73, 0x69, 0x67, 0x73, 0x65, 0x74, 0x18, 0x05, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, + 0x3f, 0x02, 0x08, 0x01, 0x52, 0x09, 0x62, 0x6c, 0x6b, 0x53, 0x69, 0x67, 0x73, 0x65, 0x74, 0x12, + 0x12, 0x0a, 0x04, 0x63, 0x6f, 0x6d, 0x6d, 0x18, 0x06, 0x20, 0x02, 0x28, 0x09, 0x52, 0x04, 0x63, + 0x6f, 0x6d, 0x6d, 0x12, 0x2a, 0x0a, 0x06, 0x74, 0x69, 0x6d, 0x65, 0x72, 0x73, 0x18, 0x07, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x74, 0x61, 0x73, 0x6b, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x72, + 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x06, 0x74, 0x69, 0x6d, 0x65, 0x72, 0x73, 0x12, + 0x2d, 0x0a, 0x07, 0x72, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x13, 0x2e, 0x74, 0x61, 0x73, 0x6b, 0x5f, 0x72, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x5f, + 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x72, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x12, 0x15, + 0x0a, 0x06, 0x63, 0x67, 0x5f, 0x73, 0x65, 0x74, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x05, + 0x63, 0x67, 0x53, 0x65, 0x74, 0x12, 0x30, 0x0a, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x6c, 0x73, + 0x5f, 0x73, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x73, 0x69, 0x67, 0x6e, 0x61, + 0x6c, 0x5f, 0x71, 0x75, 0x65, 0x75, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x08, 0x73, + 0x69, 0x67, 0x6e, 0x61, 0x6c, 0x73, 0x53, 0x12, 0x37, 0x0a, 0x10, 0x6f, 0x6c, 0x64, 0x5f, 0x73, + 0x65, 0x63, 0x63, 0x6f, 0x6d, 0x70, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x0b, 0x20, 0x01, 0x28, + 0x0e, 0x32, 0x0d, 0x2e, 0x73, 0x65, 0x63, 0x63, 0x6f, 0x6d, 0x70, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x52, 0x0e, 0x6f, 0x6c, 0x64, 0x53, 0x65, 0x63, 0x63, 0x6f, 0x6d, 0x70, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x2c, 0x0a, 0x12, 0x6f, 0x6c, 0x64, 0x5f, 0x73, 0x65, 0x63, 0x63, 0x6f, 0x6d, 0x70, 0x5f, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x10, 0x6f, 0x6c, @@ -904,187 +903,182 @@ var file_core_proto_rawDesc = []byte{ 0x0a, 0x08, 0x6c, 0x6f, 0x67, 0x69, 0x6e, 0x75, 0x69, 0x64, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x08, 0x6c, 0x6f, 0x67, 0x69, 0x6e, 0x75, 0x69, 0x64, 0x12, 0x22, 0x0a, 0x0d, 0x6f, 0x6f, 0x6d, 0x5f, 0x73, 0x63, 0x6f, 0x72, 0x65, 0x5f, 0x61, 0x64, 0x6a, 0x18, 0x0e, 0x20, 0x01, 0x28, - 0x05, 0x52, 0x0b, 0x6f, 0x6f, 0x6d, 0x53, 0x63, 0x6f, 0x72, 0x65, 0x41, 0x64, 0x6a, 0x12, 0x2e, + 0x05, 0x52, 0x0b, 0x6f, 0x6f, 0x6d, 0x53, 0x63, 0x6f, 0x72, 0x65, 0x41, 0x64, 0x6a, 0x12, 0x29, 0x0a, 0x0a, 0x73, 0x69, 0x67, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x0f, 0x20, 0x03, - 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x73, 0x61, 0x5f, 0x65, 0x6e, 0x74, - 0x72, 0x79, 0x52, 0x0a, 0x73, 0x69, 0x67, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x27, - 0x0a, 0x0f, 0x63, 0x68, 0x69, 0x6c, 0x64, 0x5f, 0x73, 0x75, 0x62, 0x72, 0x65, 0x61, 0x70, 0x65, - 0x72, 0x18, 0x12, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0e, 0x63, 0x68, 0x69, 0x6c, 0x64, 0x53, 0x75, - 0x62, 0x72, 0x65, 0x61, 0x70, 0x65, 0x72, 0x12, 0x35, 0x0a, 0x13, 0x62, 0x6c, 0x6b, 0x5f, 0x73, - 0x69, 0x67, 0x73, 0x65, 0x74, 0x5f, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x64, 0x65, 0x64, 0x18, 0x14, - 0x20, 0x01, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x11, 0x62, 0x6c, 0x6b, - 0x53, 0x69, 0x67, 0x73, 0x65, 0x74, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x64, 0x65, 0x64, 0x22, 0xe3, - 0x02, 0x0a, 0x13, 0x74, 0x61, 0x73, 0x6b, 0x5f, 0x6b, 0x6f, 0x62, 0x6a, 0x5f, 0x69, 0x64, 0x73, - 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x13, 0x0a, 0x05, 0x76, 0x6d, 0x5f, 0x69, 0x64, 0x18, - 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x76, 0x6d, 0x49, 0x64, 0x12, 0x19, 0x0a, 0x08, 0x66, - 0x69, 0x6c, 0x65, 0x73, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x66, - 0x69, 0x6c, 0x65, 0x73, 0x49, 0x64, 0x12, 0x13, 0x0a, 0x05, 0x66, 0x73, 0x5f, 0x69, 0x64, 0x18, - 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x66, 0x73, 0x49, 0x64, 0x12, 0x1d, 0x0a, 0x0a, 0x73, - 0x69, 0x67, 0x68, 0x61, 0x6e, 0x64, 0x5f, 0x69, 0x64, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x52, - 0x09, 0x73, 0x69, 0x67, 0x68, 0x61, 0x6e, 0x64, 0x49, 0x64, 0x12, 0x1a, 0x0a, 0x09, 0x70, 0x69, - 0x64, 0x5f, 0x6e, 0x73, 0x5f, 0x69, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x07, 0x70, - 0x69, 0x64, 0x4e, 0x73, 0x49, 0x64, 0x12, 0x1a, 0x0a, 0x09, 0x6e, 0x65, 0x74, 0x5f, 0x6e, 0x73, - 0x5f, 0x69, 0x64, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x07, 0x6e, 0x65, 0x74, 0x4e, 0x73, - 0x49, 0x64, 0x12, 0x1a, 0x0a, 0x09, 0x69, 0x70, 0x63, 0x5f, 0x6e, 0x73, 0x5f, 0x69, 0x64, 0x18, - 0x07, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x07, 0x69, 0x70, 0x63, 0x4e, 0x73, 0x49, 0x64, 0x12, 0x1a, - 0x0a, 0x09, 0x75, 0x74, 0x73, 0x5f, 0x6e, 0x73, 0x5f, 0x69, 0x64, 0x18, 0x08, 0x20, 0x01, 0x28, - 0x0d, 0x52, 0x07, 0x75, 0x74, 0x73, 0x4e, 0x73, 0x49, 0x64, 0x12, 0x1a, 0x0a, 0x09, 0x6d, 0x6e, - 0x74, 0x5f, 0x6e, 0x73, 0x5f, 0x69, 0x64, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x07, 0x6d, - 0x6e, 0x74, 0x4e, 0x73, 0x49, 0x64, 0x12, 0x1c, 0x0a, 0x0a, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x6e, - 0x73, 0x5f, 0x69, 0x64, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x08, 0x75, 0x73, 0x65, 0x72, - 0x4e, 0x73, 0x49, 0x64, 0x12, 0x20, 0x0a, 0x0c, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x6e, - 0x73, 0x5f, 0x69, 0x64, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0a, 0x63, 0x67, 0x72, 0x6f, - 0x75, 0x70, 0x4e, 0x73, 0x49, 0x64, 0x12, 0x1c, 0x0a, 0x0a, 0x74, 0x69, 0x6d, 0x65, 0x5f, 0x6e, - 0x73, 0x5f, 0x69, 0x64, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x08, 0x74, 0x69, 0x6d, 0x65, - 0x4e, 0x73, 0x49, 0x64, 0x22, 0x5b, 0x0a, 0x10, 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x73, - 0x61, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x13, 0x0a, 0x05, 0x73, 0x73, 0x5f, 0x73, - 0x70, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x52, 0x04, 0x73, 0x73, 0x53, 0x70, 0x12, 0x17, 0x0a, - 0x07, 0x73, 0x73, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x02, 0x20, 0x02, 0x28, 0x04, 0x52, 0x06, - 0x73, 0x73, 0x53, 0x69, 0x7a, 0x65, 0x12, 0x19, 0x0a, 0x08, 0x73, 0x73, 0x5f, 0x66, 0x6c, 0x61, - 0x67, 0x73, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x73, 0x73, 0x46, 0x6c, 0x61, 0x67, - 0x73, 0x22, 0xd0, 0x04, 0x0a, 0x11, 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x63, 0x6f, 0x72, - 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x1b, 0x0a, 0x09, 0x66, 0x75, 0x74, 0x65, 0x78, - 0x5f, 0x72, 0x6c, 0x61, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x52, 0x08, 0x66, 0x75, 0x74, 0x65, - 0x78, 0x52, 0x6c, 0x61, 0x12, 0x22, 0x0a, 0x0d, 0x66, 0x75, 0x74, 0x65, 0x78, 0x5f, 0x72, 0x6c, - 0x61, 0x5f, 0x6c, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x0b, 0x66, 0x75, 0x74, - 0x65, 0x78, 0x52, 0x6c, 0x61, 0x4c, 0x65, 0x6e, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x63, 0x68, 0x65, - 0x64, 0x5f, 0x6e, 0x69, 0x63, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x11, 0x52, 0x09, 0x73, 0x63, - 0x68, 0x65, 0x64, 0x4e, 0x69, 0x63, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x63, 0x68, 0x65, 0x64, - 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0b, 0x73, - 0x63, 0x68, 0x65, 0x64, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x63, - 0x68, 0x65, 0x64, 0x5f, 0x70, 0x72, 0x69, 0x6f, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x09, - 0x73, 0x63, 0x68, 0x65, 0x64, 0x50, 0x72, 0x69, 0x6f, 0x12, 0x1d, 0x0a, 0x0a, 0x62, 0x6c, 0x6b, - 0x5f, 0x73, 0x69, 0x67, 0x73, 0x65, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x04, 0x52, 0x09, 0x62, - 0x6c, 0x6b, 0x53, 0x69, 0x67, 0x73, 0x65, 0x74, 0x12, 0x28, 0x0a, 0x03, 0x73, 0x61, 0x73, 0x18, - 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x74, 0x68, 0x72, - 0x65, 0x61, 0x64, 0x5f, 0x73, 0x61, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x73, - 0x61, 0x73, 0x12, 0x1d, 0x0a, 0x0a, 0x70, 0x64, 0x65, 0x61, 0x74, 0x68, 0x5f, 0x73, 0x69, 0x67, - 0x18, 0x08, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x09, 0x70, 0x64, 0x65, 0x61, 0x74, 0x68, 0x53, 0x69, - 0x67, 0x12, 0x35, 0x0a, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x6c, 0x73, 0x5f, 0x70, 0x18, 0x09, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x73, 0x69, 0x67, 0x6e, - 0x61, 0x6c, 0x5f, 0x71, 0x75, 0x65, 0x75, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x08, - 0x73, 0x69, 0x67, 0x6e, 0x61, 0x6c, 0x73, 0x50, 0x12, 0x27, 0x0a, 0x05, 0x63, 0x72, 0x65, 0x64, - 0x73, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x63, - 0x72, 0x65, 0x64, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x05, 0x63, 0x72, 0x65, 0x64, - 0x73, 0x12, 0x35, 0x0a, 0x0c, 0x73, 0x65, 0x63, 0x63, 0x6f, 0x6d, 0x70, 0x5f, 0x6d, 0x6f, 0x64, - 0x65, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x12, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x73, - 0x65, 0x63, 0x63, 0x6f, 0x6d, 0x70, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x52, 0x0b, 0x73, 0x65, 0x63, - 0x63, 0x6f, 0x6d, 0x70, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x25, 0x0a, 0x0e, 0x73, 0x65, 0x63, 0x63, - 0x6f, 0x6d, 0x70, 0x5f, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0d, - 0x52, 0x0d, 0x73, 0x65, 0x63, 0x63, 0x6f, 0x6d, 0x70, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x12, - 0x12, 0x0a, 0x04, 0x63, 0x6f, 0x6d, 0x6d, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x63, - 0x6f, 0x6d, 0x6d, 0x12, 0x2e, 0x0a, 0x13, 0x62, 0x6c, 0x6b, 0x5f, 0x73, 0x69, 0x67, 0x73, 0x65, - 0x74, 0x5f, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x64, 0x65, 0x64, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x04, - 0x52, 0x11, 0x62, 0x6c, 0x6b, 0x53, 0x69, 0x67, 0x73, 0x65, 0x74, 0x45, 0x78, 0x74, 0x65, 0x6e, - 0x64, 0x65, 0x64, 0x12, 0x2f, 0x0a, 0x0a, 0x72, 0x73, 0x65, 0x71, 0x5f, 0x65, 0x6e, 0x74, 0x72, - 0x79, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x72, - 0x73, 0x65, 0x71, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x09, 0x72, 0x73, 0x65, 0x71, 0x45, - 0x6e, 0x74, 0x72, 0x79, 0x22, 0x42, 0x0a, 0x12, 0x74, 0x61, 0x73, 0x6b, 0x5f, 0x72, 0x6c, 0x69, - 0x6d, 0x69, 0x74, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x2c, 0x0a, 0x07, 0x72, 0x6c, - 0x69, 0x6d, 0x69, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x63, 0x72, - 0x69, 0x75, 0x2e, 0x72, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, - 0x07, 0x72, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x22, 0xd5, 0x04, 0x0a, 0x0a, 0x63, 0x6f, 0x72, - 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x2c, 0x0a, 0x05, 0x6d, 0x74, 0x79, 0x70, 0x65, - 0x18, 0x01, 0x20, 0x02, 0x28, 0x0e, 0x32, 0x16, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x63, 0x6f, - 0x72, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x6d, 0x61, 0x72, 0x63, 0x68, 0x52, 0x05, - 0x6d, 0x74, 0x79, 0x70, 0x65, 0x12, 0x36, 0x0a, 0x0b, 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x5f, - 0x69, 0x6e, 0x66, 0x6f, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x63, 0x72, 0x69, - 0x75, 0x2e, 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x78, 0x38, - 0x36, 0x52, 0x0a, 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x2c, 0x0a, - 0x06, 0x74, 0x69, 0x5f, 0x61, 0x72, 0x6d, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x15, 0x2e, - 0x63, 0x72, 0x69, 0x75, 0x2e, 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x69, 0x6e, 0x66, 0x6f, - 0x5f, 0x61, 0x72, 0x6d, 0x52, 0x05, 0x74, 0x69, 0x41, 0x72, 0x6d, 0x12, 0x38, 0x0a, 0x0a, 0x74, - 0x69, 0x5f, 0x61, 0x61, 0x72, 0x63, 0x68, 0x36, 0x34, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x19, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x69, 0x6e, - 0x66, 0x6f, 0x5f, 0x61, 0x61, 0x72, 0x63, 0x68, 0x36, 0x34, 0x52, 0x09, 0x74, 0x69, 0x41, 0x61, - 0x72, 0x63, 0x68, 0x36, 0x34, 0x12, 0x32, 0x0a, 0x08, 0x74, 0x69, 0x5f, 0x70, 0x70, 0x63, 0x36, - 0x34, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x74, - 0x68, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x70, 0x70, 0x63, 0x36, 0x34, - 0x52, 0x07, 0x74, 0x69, 0x50, 0x70, 0x63, 0x36, 0x34, 0x12, 0x2f, 0x0a, 0x07, 0x74, 0x69, 0x5f, - 0x73, 0x33, 0x39, 0x30, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x63, 0x72, 0x69, - 0x75, 0x2e, 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x73, 0x33, - 0x39, 0x30, 0x52, 0x06, 0x74, 0x69, 0x53, 0x33, 0x39, 0x30, 0x12, 0x2f, 0x0a, 0x07, 0x74, 0x69, - 0x5f, 0x6d, 0x69, 0x70, 0x73, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x63, 0x72, - 0x69, 0x75, 0x2e, 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x6d, - 0x69, 0x70, 0x73, 0x52, 0x06, 0x74, 0x69, 0x4d, 0x69, 0x70, 0x73, 0x12, 0x25, 0x0a, 0x02, 0x74, - 0x63, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x74, - 0x61, 0x73, 0x6b, 0x5f, 0x63, 0x6f, 0x72, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x02, - 0x74, 0x63, 0x12, 0x2b, 0x0a, 0x03, 0x69, 0x64, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x19, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x74, 0x61, 0x73, 0x6b, 0x5f, 0x6b, 0x6f, 0x62, 0x6a, + 0x28, 0x0b, 0x32, 0x09, 0x2e, 0x73, 0x61, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0a, 0x73, + 0x69, 0x67, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x27, 0x0a, 0x0f, 0x63, 0x68, 0x69, + 0x6c, 0x64, 0x5f, 0x73, 0x75, 0x62, 0x72, 0x65, 0x61, 0x70, 0x65, 0x72, 0x18, 0x12, 0x20, 0x01, + 0x28, 0x08, 0x52, 0x0e, 0x63, 0x68, 0x69, 0x6c, 0x64, 0x53, 0x75, 0x62, 0x72, 0x65, 0x61, 0x70, + 0x65, 0x72, 0x12, 0x35, 0x0a, 0x13, 0x62, 0x6c, 0x6b, 0x5f, 0x73, 0x69, 0x67, 0x73, 0x65, 0x74, + 0x5f, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x64, 0x65, 0x64, 0x18, 0x14, 0x20, 0x01, 0x28, 0x04, 0x42, + 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x11, 0x62, 0x6c, 0x6b, 0x53, 0x69, 0x67, 0x73, 0x65, + 0x74, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x64, 0x65, 0x64, 0x22, 0xe3, 0x02, 0x0a, 0x13, 0x74, 0x61, + 0x73, 0x6b, 0x5f, 0x6b, 0x6f, 0x62, 0x6a, 0x5f, 0x69, 0x64, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, + 0x79, 0x12, 0x13, 0x0a, 0x05, 0x76, 0x6d, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, + 0x52, 0x04, 0x76, 0x6d, 0x49, 0x64, 0x12, 0x19, 0x0a, 0x08, 0x66, 0x69, 0x6c, 0x65, 0x73, 0x5f, + 0x69, 0x64, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x66, 0x69, 0x6c, 0x65, 0x73, 0x49, + 0x64, 0x12, 0x13, 0x0a, 0x05, 0x66, 0x73, 0x5f, 0x69, 0x64, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, + 0x52, 0x04, 0x66, 0x73, 0x49, 0x64, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x69, 0x67, 0x68, 0x61, 0x6e, + 0x64, 0x5f, 0x69, 0x64, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x09, 0x73, 0x69, 0x67, 0x68, + 0x61, 0x6e, 0x64, 0x49, 0x64, 0x12, 0x1a, 0x0a, 0x09, 0x70, 0x69, 0x64, 0x5f, 0x6e, 0x73, 0x5f, + 0x69, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x07, 0x70, 0x69, 0x64, 0x4e, 0x73, 0x49, + 0x64, 0x12, 0x1a, 0x0a, 0x09, 0x6e, 0x65, 0x74, 0x5f, 0x6e, 0x73, 0x5f, 0x69, 0x64, 0x18, 0x06, + 0x20, 0x01, 0x28, 0x0d, 0x52, 0x07, 0x6e, 0x65, 0x74, 0x4e, 0x73, 0x49, 0x64, 0x12, 0x1a, 0x0a, + 0x09, 0x69, 0x70, 0x63, 0x5f, 0x6e, 0x73, 0x5f, 0x69, 0x64, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0d, + 0x52, 0x07, 0x69, 0x70, 0x63, 0x4e, 0x73, 0x49, 0x64, 0x12, 0x1a, 0x0a, 0x09, 0x75, 0x74, 0x73, + 0x5f, 0x6e, 0x73, 0x5f, 0x69, 0x64, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x07, 0x75, 0x74, + 0x73, 0x4e, 0x73, 0x49, 0x64, 0x12, 0x1a, 0x0a, 0x09, 0x6d, 0x6e, 0x74, 0x5f, 0x6e, 0x73, 0x5f, + 0x69, 0x64, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x07, 0x6d, 0x6e, 0x74, 0x4e, 0x73, 0x49, + 0x64, 0x12, 0x1c, 0x0a, 0x0a, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x6e, 0x73, 0x5f, 0x69, 0x64, 0x18, + 0x0a, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x08, 0x75, 0x73, 0x65, 0x72, 0x4e, 0x73, 0x49, 0x64, 0x12, + 0x20, 0x0a, 0x0c, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x6e, 0x73, 0x5f, 0x69, 0x64, 0x18, + 0x0b, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0a, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x4e, 0x73, 0x49, + 0x64, 0x12, 0x1c, 0x0a, 0x0a, 0x74, 0x69, 0x6d, 0x65, 0x5f, 0x6e, 0x73, 0x5f, 0x69, 0x64, 0x18, + 0x0c, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x08, 0x74, 0x69, 0x6d, 0x65, 0x4e, 0x73, 0x49, 0x64, 0x22, + 0x5b, 0x0a, 0x10, 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x73, 0x61, 0x73, 0x5f, 0x65, 0x6e, + 0x74, 0x72, 0x79, 0x12, 0x13, 0x0a, 0x05, 0x73, 0x73, 0x5f, 0x73, 0x70, 0x18, 0x01, 0x20, 0x02, + 0x28, 0x04, 0x52, 0x04, 0x73, 0x73, 0x53, 0x70, 0x12, 0x17, 0x0a, 0x07, 0x73, 0x73, 0x5f, 0x73, + 0x69, 0x7a, 0x65, 0x18, 0x02, 0x20, 0x02, 0x28, 0x04, 0x52, 0x06, 0x73, 0x73, 0x53, 0x69, 0x7a, + 0x65, 0x12, 0x19, 0x0a, 0x08, 0x73, 0x73, 0x5f, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x03, 0x20, + 0x02, 0x28, 0x0d, 0x52, 0x07, 0x73, 0x73, 0x46, 0x6c, 0x61, 0x67, 0x73, 0x22, 0xb7, 0x04, 0x0a, + 0x11, 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x63, 0x6f, 0x72, 0x65, 0x5f, 0x65, 0x6e, 0x74, + 0x72, 0x79, 0x12, 0x1b, 0x0a, 0x09, 0x66, 0x75, 0x74, 0x65, 0x78, 0x5f, 0x72, 0x6c, 0x61, 0x18, + 0x01, 0x20, 0x02, 0x28, 0x04, 0x52, 0x08, 0x66, 0x75, 0x74, 0x65, 0x78, 0x52, 0x6c, 0x61, 0x12, + 0x22, 0x0a, 0x0d, 0x66, 0x75, 0x74, 0x65, 0x78, 0x5f, 0x72, 0x6c, 0x61, 0x5f, 0x6c, 0x65, 0x6e, + 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x0b, 0x66, 0x75, 0x74, 0x65, 0x78, 0x52, 0x6c, 0x61, + 0x4c, 0x65, 0x6e, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x63, 0x68, 0x65, 0x64, 0x5f, 0x6e, 0x69, 0x63, + 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x11, 0x52, 0x09, 0x73, 0x63, 0x68, 0x65, 0x64, 0x4e, 0x69, + 0x63, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x63, 0x68, 0x65, 0x64, 0x5f, 0x70, 0x6f, 0x6c, 0x69, + 0x63, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0b, 0x73, 0x63, 0x68, 0x65, 0x64, 0x50, + 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x63, 0x68, 0x65, 0x64, 0x5f, 0x70, + 0x72, 0x69, 0x6f, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x09, 0x73, 0x63, 0x68, 0x65, 0x64, + 0x50, 0x72, 0x69, 0x6f, 0x12, 0x1d, 0x0a, 0x0a, 0x62, 0x6c, 0x6b, 0x5f, 0x73, 0x69, 0x67, 0x73, + 0x65, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x04, 0x52, 0x09, 0x62, 0x6c, 0x6b, 0x53, 0x69, 0x67, + 0x73, 0x65, 0x74, 0x12, 0x23, 0x0a, 0x03, 0x73, 0x61, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x11, 0x2e, 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x73, 0x61, 0x73, 0x5f, 0x65, 0x6e, + 0x74, 0x72, 0x79, 0x52, 0x03, 0x73, 0x61, 0x73, 0x12, 0x1d, 0x0a, 0x0a, 0x70, 0x64, 0x65, 0x61, + 0x74, 0x68, 0x5f, 0x73, 0x69, 0x67, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x09, 0x70, 0x64, + 0x65, 0x61, 0x74, 0x68, 0x53, 0x69, 0x67, 0x12, 0x30, 0x0a, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, + 0x6c, 0x73, 0x5f, 0x70, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x73, 0x69, 0x67, + 0x6e, 0x61, 0x6c, 0x5f, 0x71, 0x75, 0x65, 0x75, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, + 0x08, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x6c, 0x73, 0x50, 0x12, 0x22, 0x0a, 0x05, 0x63, 0x72, 0x65, + 0x64, 0x73, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0c, 0x2e, 0x63, 0x72, 0x65, 0x64, 0x73, + 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x05, 0x63, 0x72, 0x65, 0x64, 0x73, 0x12, 0x30, 0x0a, + 0x0c, 0x73, 0x65, 0x63, 0x63, 0x6f, 0x6d, 0x70, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x0b, 0x20, + 0x01, 0x28, 0x0e, 0x32, 0x0d, 0x2e, 0x73, 0x65, 0x63, 0x63, 0x6f, 0x6d, 0x70, 0x5f, 0x6d, 0x6f, + 0x64, 0x65, 0x52, 0x0b, 0x73, 0x65, 0x63, 0x63, 0x6f, 0x6d, 0x70, 0x4d, 0x6f, 0x64, 0x65, 0x12, + 0x25, 0x0a, 0x0e, 0x73, 0x65, 0x63, 0x63, 0x6f, 0x6d, 0x70, 0x5f, 0x66, 0x69, 0x6c, 0x74, 0x65, + 0x72, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0d, 0x73, 0x65, 0x63, 0x63, 0x6f, 0x6d, 0x70, + 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x63, 0x6f, 0x6d, 0x6d, 0x18, 0x0d, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x63, 0x6f, 0x6d, 0x6d, 0x12, 0x2e, 0x0a, 0x13, 0x62, 0x6c, + 0x6b, 0x5f, 0x73, 0x69, 0x67, 0x73, 0x65, 0x74, 0x5f, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x64, 0x65, + 0x64, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x04, 0x52, 0x11, 0x62, 0x6c, 0x6b, 0x53, 0x69, 0x67, 0x73, + 0x65, 0x74, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x64, 0x65, 0x64, 0x12, 0x2a, 0x0a, 0x0a, 0x72, 0x73, + 0x65, 0x71, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0b, + 0x2e, 0x72, 0x73, 0x65, 0x71, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x09, 0x72, 0x73, 0x65, + 0x71, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x22, 0x3d, 0x0a, 0x12, 0x74, 0x61, 0x73, 0x6b, 0x5f, 0x72, + 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x27, 0x0a, 0x07, + 0x72, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0d, 0x2e, + 0x72, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x72, 0x6c, + 0x69, 0x6d, 0x69, 0x74, 0x73, 0x22, 0xa3, 0x04, 0x0a, 0x0a, 0x63, 0x6f, 0x72, 0x65, 0x5f, 0x65, + 0x6e, 0x74, 0x72, 0x79, 0x12, 0x27, 0x0a, 0x05, 0x6d, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, + 0x02, 0x28, 0x0e, 0x32, 0x11, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, + 0x2e, 0x6d, 0x61, 0x72, 0x63, 0x68, 0x52, 0x05, 0x6d, 0x74, 0x79, 0x70, 0x65, 0x12, 0x31, 0x0a, + 0x0b, 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x18, 0x02, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x69, 0x6e, 0x66, 0x6f, + 0x5f, 0x78, 0x38, 0x36, 0x52, 0x0a, 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x49, 0x6e, 0x66, 0x6f, + 0x12, 0x27, 0x0a, 0x06, 0x74, 0x69, 0x5f, 0x61, 0x72, 0x6d, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x10, 0x2e, 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x61, + 0x72, 0x6d, 0x52, 0x05, 0x74, 0x69, 0x41, 0x72, 0x6d, 0x12, 0x33, 0x0a, 0x0a, 0x74, 0x69, 0x5f, + 0x61, 0x61, 0x72, 0x63, 0x68, 0x36, 0x34, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, + 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x61, 0x61, 0x72, 0x63, + 0x68, 0x36, 0x34, 0x52, 0x09, 0x74, 0x69, 0x41, 0x61, 0x72, 0x63, 0x68, 0x36, 0x34, 0x12, 0x2d, + 0x0a, 0x08, 0x74, 0x69, 0x5f, 0x70, 0x70, 0x63, 0x36, 0x34, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x12, 0x2e, 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x70, + 0x70, 0x63, 0x36, 0x34, 0x52, 0x07, 0x74, 0x69, 0x50, 0x70, 0x63, 0x36, 0x34, 0x12, 0x2a, 0x0a, + 0x07, 0x74, 0x69, 0x5f, 0x73, 0x33, 0x39, 0x30, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x11, + 0x2e, 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x73, 0x33, 0x39, + 0x30, 0x52, 0x06, 0x74, 0x69, 0x53, 0x33, 0x39, 0x30, 0x12, 0x2a, 0x0a, 0x07, 0x74, 0x69, 0x5f, + 0x6d, 0x69, 0x70, 0x73, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x74, 0x68, 0x72, + 0x65, 0x61, 0x64, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x6d, 0x69, 0x70, 0x73, 0x52, 0x06, 0x74, + 0x69, 0x4d, 0x69, 0x70, 0x73, 0x12, 0x20, 0x0a, 0x02, 0x74, 0x63, 0x18, 0x03, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x10, 0x2e, 0x74, 0x61, 0x73, 0x6b, 0x5f, 0x63, 0x6f, 0x72, 0x65, 0x5f, 0x65, 0x6e, + 0x74, 0x72, 0x79, 0x52, 0x02, 0x74, 0x63, 0x12, 0x26, 0x0a, 0x03, 0x69, 0x64, 0x73, 0x18, 0x04, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x74, 0x61, 0x73, 0x6b, 0x5f, 0x6b, 0x6f, 0x62, 0x6a, 0x5f, 0x69, 0x64, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x69, 0x64, 0x73, 0x12, - 0x38, 0x0a, 0x0b, 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x63, 0x6f, 0x72, 0x65, 0x18, 0x05, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x74, 0x68, 0x72, 0x65, - 0x61, 0x64, 0x5f, 0x63, 0x6f, 0x72, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0a, 0x74, - 0x68, 0x72, 0x65, 0x61, 0x64, 0x43, 0x6f, 0x72, 0x65, 0x22, 0x55, 0x0a, 0x05, 0x6d, 0x61, 0x72, - 0x63, 0x68, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, - 0x0a, 0x0a, 0x06, 0x58, 0x38, 0x36, 0x5f, 0x36, 0x34, 0x10, 0x01, 0x12, 0x07, 0x0a, 0x03, 0x41, - 0x52, 0x4d, 0x10, 0x02, 0x12, 0x0b, 0x0a, 0x07, 0x41, 0x41, 0x52, 0x43, 0x48, 0x36, 0x34, 0x10, - 0x03, 0x12, 0x09, 0x0a, 0x05, 0x50, 0x50, 0x43, 0x36, 0x34, 0x10, 0x04, 0x12, 0x08, 0x0a, 0x04, - 0x53, 0x33, 0x39, 0x30, 0x10, 0x05, 0x12, 0x08, 0x0a, 0x04, 0x4d, 0x49, 0x50, 0x53, 0x10, 0x06, - 0x2a, 0x34, 0x0a, 0x0c, 0x73, 0x65, 0x63, 0x63, 0x6f, 0x6d, 0x70, 0x5f, 0x6d, 0x6f, 0x64, 0x65, - 0x12, 0x0c, 0x0a, 0x08, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x10, 0x00, 0x12, 0x0a, - 0x0a, 0x06, 0x73, 0x74, 0x72, 0x69, 0x63, 0x74, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x66, 0x69, - 0x6c, 0x74, 0x65, 0x72, 0x10, 0x02, + 0x33, 0x0a, 0x0b, 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x63, 0x6f, 0x72, 0x65, 0x18, 0x05, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x63, 0x6f, + 0x72, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0a, 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, + 0x43, 0x6f, 0x72, 0x65, 0x22, 0x55, 0x0a, 0x05, 0x6d, 0x61, 0x72, 0x63, 0x68, 0x12, 0x0b, 0x0a, + 0x07, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x58, 0x38, + 0x36, 0x5f, 0x36, 0x34, 0x10, 0x01, 0x12, 0x07, 0x0a, 0x03, 0x41, 0x52, 0x4d, 0x10, 0x02, 0x12, + 0x0b, 0x0a, 0x07, 0x41, 0x41, 0x52, 0x43, 0x48, 0x36, 0x34, 0x10, 0x03, 0x12, 0x09, 0x0a, 0x05, + 0x50, 0x50, 0x43, 0x36, 0x34, 0x10, 0x04, 0x12, 0x08, 0x0a, 0x04, 0x53, 0x33, 0x39, 0x30, 0x10, + 0x05, 0x12, 0x08, 0x0a, 0x04, 0x4d, 0x49, 0x50, 0x53, 0x10, 0x06, 0x2a, 0x34, 0x0a, 0x0c, 0x73, + 0x65, 0x63, 0x63, 0x6f, 0x6d, 0x70, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x0c, 0x0a, 0x08, 0x64, + 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x73, 0x74, 0x72, + 0x69, 0x63, 0x74, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x10, + 0x02, } var ( - file_core_proto_rawDescOnce sync.Once - file_core_proto_rawDescData = file_core_proto_rawDesc + file_criu_core_proto_rawDescOnce sync.Once + file_criu_core_proto_rawDescData = file_criu_core_proto_rawDesc ) -func file_core_proto_rawDescGZIP() []byte { - file_core_proto_rawDescOnce.Do(func() { - file_core_proto_rawDescData = protoimpl.X.CompressGZIP(file_core_proto_rawDescData) +func file_criu_core_proto_rawDescGZIP() []byte { + file_criu_core_proto_rawDescOnce.Do(func() { + file_criu_core_proto_rawDescData = protoimpl.X.CompressGZIP(file_criu_core_proto_rawDescData) }) - return file_core_proto_rawDescData -} - -var file_core_proto_enumTypes = make([]protoimpl.EnumInfo, 2) -var file_core_proto_msgTypes = make([]protoimpl.MessageInfo, 6) -var file_core_proto_goTypes = []interface{}{ - (SeccompMode)(0), // 0: criu.seccomp_mode - (CoreEntryMarch)(0), // 1: criu.core_entry.march - (*TaskCoreEntry)(nil), // 2: criu.task_core_entry - (*TaskKobjIdsEntry)(nil), // 3: criu.task_kobj_ids_entry - (*ThreadSasEntry)(nil), // 4: criu.thread_sas_entry - (*ThreadCoreEntry)(nil), // 5: criu.thread_core_entry - (*TaskRlimitsEntry)(nil), // 6: criu.task_rlimits_entry - (*CoreEntry)(nil), // 7: criu.core_entry - (*TaskTimersEntry)(nil), // 8: criu.task_timers_entry - (*SignalQueueEntry)(nil), // 9: criu.signal_queue_entry - (*SaEntry)(nil), // 10: criu.sa_entry - (*CredsEntry)(nil), // 11: criu.creds_entry - (*RseqEntry)(nil), // 12: criu.rseq_entry - (*RlimitEntry)(nil), // 13: criu.rlimit_entry - (*ThreadInfoX86)(nil), // 14: criu.thread_info_x86 - (*ThreadInfoArm)(nil), // 15: criu.thread_info_arm - (*ThreadInfoAarch64)(nil), // 16: criu.thread_info_aarch64 - (*ThreadInfoPpc64)(nil), // 17: criu.thread_info_ppc64 - (*ThreadInfoS390)(nil), // 18: criu.thread_info_s390 - (*ThreadInfoMips)(nil), // 19: criu.thread_info_mips -} -var file_core_proto_depIdxs = []int32{ - 8, // 0: criu.task_core_entry.timers:type_name -> criu.task_timers_entry - 6, // 1: criu.task_core_entry.rlimits:type_name -> criu.task_rlimits_entry - 9, // 2: criu.task_core_entry.signals_s:type_name -> criu.signal_queue_entry - 0, // 3: criu.task_core_entry.old_seccomp_mode:type_name -> criu.seccomp_mode - 10, // 4: criu.task_core_entry.sigactions:type_name -> criu.sa_entry - 4, // 5: criu.thread_core_entry.sas:type_name -> criu.thread_sas_entry - 9, // 6: criu.thread_core_entry.signals_p:type_name -> criu.signal_queue_entry - 11, // 7: criu.thread_core_entry.creds:type_name -> criu.creds_entry - 0, // 8: criu.thread_core_entry.seccomp_mode:type_name -> criu.seccomp_mode - 12, // 9: criu.thread_core_entry.rseq_entry:type_name -> criu.rseq_entry - 13, // 10: criu.task_rlimits_entry.rlimits:type_name -> criu.rlimit_entry - 1, // 11: criu.core_entry.mtype:type_name -> criu.core_entry.march - 14, // 12: criu.core_entry.thread_info:type_name -> criu.thread_info_x86 - 15, // 13: criu.core_entry.ti_arm:type_name -> criu.thread_info_arm - 16, // 14: criu.core_entry.ti_aarch64:type_name -> criu.thread_info_aarch64 - 17, // 15: criu.core_entry.ti_ppc64:type_name -> criu.thread_info_ppc64 - 18, // 16: criu.core_entry.ti_s390:type_name -> criu.thread_info_s390 - 19, // 17: criu.core_entry.ti_mips:type_name -> criu.thread_info_mips - 2, // 18: criu.core_entry.tc:type_name -> criu.task_core_entry - 3, // 19: criu.core_entry.ids:type_name -> criu.task_kobj_ids_entry - 5, // 20: criu.core_entry.thread_core:type_name -> criu.thread_core_entry + return file_criu_core_proto_rawDescData +} + +var file_criu_core_proto_enumTypes = make([]protoimpl.EnumInfo, 2) +var file_criu_core_proto_msgTypes = make([]protoimpl.MessageInfo, 6) +var file_criu_core_proto_goTypes = []interface{}{ + (SeccompMode)(0), // 0: seccomp_mode + (CoreEntryMarch)(0), // 1: core_entry.march + (*TaskCoreEntry)(nil), // 2: task_core_entry + (*TaskKobjIdsEntry)(nil), // 3: task_kobj_ids_entry + (*ThreadSasEntry)(nil), // 4: thread_sas_entry + (*ThreadCoreEntry)(nil), // 5: thread_core_entry + (*TaskRlimitsEntry)(nil), // 6: task_rlimits_entry + (*CoreEntry)(nil), // 7: core_entry + (*TaskTimersEntry)(nil), // 8: task_timers_entry + (*SignalQueueEntry)(nil), // 9: signal_queue_entry + (*SaEntry)(nil), // 10: sa_entry + (*CredsEntry)(nil), // 11: creds_entry + (*RseqEntry)(nil), // 12: rseq_entry + (*RlimitEntry)(nil), // 13: rlimit_entry + (*ThreadInfoX86)(nil), // 14: thread_info_x86 + (*ThreadInfoArm)(nil), // 15: thread_info_arm + (*ThreadInfoAarch64)(nil), // 16: thread_info_aarch64 + (*ThreadInfoPpc64)(nil), // 17: thread_info_ppc64 + (*ThreadInfoS390)(nil), // 18: thread_info_s390 + (*ThreadInfoMips)(nil), // 19: thread_info_mips +} +var file_criu_core_proto_depIdxs = []int32{ + 8, // 0: task_core_entry.timers:type_name -> task_timers_entry + 6, // 1: task_core_entry.rlimits:type_name -> task_rlimits_entry + 9, // 2: task_core_entry.signals_s:type_name -> signal_queue_entry + 0, // 3: task_core_entry.old_seccomp_mode:type_name -> seccomp_mode + 10, // 4: task_core_entry.sigactions:type_name -> sa_entry + 4, // 5: thread_core_entry.sas:type_name -> thread_sas_entry + 9, // 6: thread_core_entry.signals_p:type_name -> signal_queue_entry + 11, // 7: thread_core_entry.creds:type_name -> creds_entry + 0, // 8: thread_core_entry.seccomp_mode:type_name -> seccomp_mode + 12, // 9: thread_core_entry.rseq_entry:type_name -> rseq_entry + 13, // 10: task_rlimits_entry.rlimits:type_name -> rlimit_entry + 1, // 11: core_entry.mtype:type_name -> core_entry.march + 14, // 12: core_entry.thread_info:type_name -> thread_info_x86 + 15, // 13: core_entry.ti_arm:type_name -> thread_info_arm + 16, // 14: core_entry.ti_aarch64:type_name -> thread_info_aarch64 + 17, // 15: core_entry.ti_ppc64:type_name -> thread_info_ppc64 + 18, // 16: core_entry.ti_s390:type_name -> thread_info_s390 + 19, // 17: core_entry.ti_mips:type_name -> thread_info_mips + 2, // 18: core_entry.tc:type_name -> task_core_entry + 3, // 19: core_entry.ids:type_name -> task_kobj_ids_entry + 5, // 20: core_entry.thread_core:type_name -> thread_core_entry 21, // [21:21] is the sub-list for method output_type 21, // [21:21] is the sub-list for method input_type 21, // [21:21] is the sub-list for extension type_name @@ -1092,9 +1086,9 @@ var file_core_proto_depIdxs = []int32{ 0, // [0:21] is the sub-list for field type_name } -func init() { file_core_proto_init() } -func file_core_proto_init() { - if File_core_proto != nil { +func init() { file_criu_core_proto_init() } +func file_criu_core_proto_init() { + if File_criu_core_proto != nil { return } file_core_x86_proto_init() @@ -1106,12 +1100,12 @@ func file_core_proto_init() { file_rlimit_proto_init() file_timer_proto_init() file_creds_proto_init() - file_sa_proto_init() + file_criu_sa_proto_init() file_siginfo_proto_init() file_rseq_proto_init() file_opts_proto_init() if !protoimpl.UnsafeEnabled { - file_core_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + file_criu_core_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*TaskCoreEntry); i { case 0: return &v.state @@ -1123,7 +1117,7 @@ func file_core_proto_init() { return nil } } - file_core_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + file_criu_core_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*TaskKobjIdsEntry); i { case 0: return &v.state @@ -1135,7 +1129,7 @@ func file_core_proto_init() { return nil } } - file_core_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + file_criu_core_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*ThreadSasEntry); i { case 0: return &v.state @@ -1147,7 +1141,7 @@ func file_core_proto_init() { return nil } } - file_core_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { + file_criu_core_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*ThreadCoreEntry); i { case 0: return &v.state @@ -1159,7 +1153,7 @@ func file_core_proto_init() { return nil } } - file_core_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { + file_criu_core_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*TaskRlimitsEntry); i { case 0: return &v.state @@ -1171,7 +1165,7 @@ func file_core_proto_init() { return nil } } - file_core_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { + file_criu_core_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*CoreEntry); i { case 0: return &v.state @@ -1188,19 +1182,19 @@ func file_core_proto_init() { out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_core_proto_rawDesc, + RawDescriptor: file_criu_core_proto_rawDesc, NumEnums: 2, NumMessages: 6, NumExtensions: 0, NumServices: 0, }, - GoTypes: file_core_proto_goTypes, - DependencyIndexes: file_core_proto_depIdxs, - EnumInfos: file_core_proto_enumTypes, - MessageInfos: file_core_proto_msgTypes, + GoTypes: file_criu_core_proto_goTypes, + DependencyIndexes: file_criu_core_proto_depIdxs, + EnumInfos: file_criu_core_proto_enumTypes, + MessageInfos: file_criu_core_proto_msgTypes, }.Build() - File_core_proto = out.File - file_core_proto_rawDesc = nil - file_core_proto_goTypes = nil - file_core_proto_depIdxs = nil + File_criu_core_proto = out.File + file_criu_core_proto_rawDesc = nil + file_criu_core_proto_goTypes = nil + file_criu_core_proto_depIdxs = nil } diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/criu-core.proto similarity index 98% rename from vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core.proto rename to vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/criu-core.proto index e57dd718964..8bf0d8aa238 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/criu-core.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; import "core-x86.proto"; import "core-arm.proto"; @@ -13,7 +12,7 @@ import "core-mips.proto"; import "rlimit.proto"; import "timer.proto"; import "creds.proto"; -import "sa.proto"; +import "criu-sa.proto"; import "siginfo.proto"; import "rseq.proto"; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sa.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/criu-sa.pb.go similarity index 55% rename from vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sa.pb.go rename to vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/criu-sa.pb.go index 19ab651e282..126ec674ac1 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sa.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/criu-sa.pb.go @@ -3,8 +3,8 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 -// source: sa.proto +// protoc v3.21.5 +// source: criu-sa.proto package images @@ -38,7 +38,7 @@ type SaEntry struct { func (x *SaEntry) Reset() { *x = SaEntry{} if protoimpl.UnsafeEnabled { - mi := &file_sa_proto_msgTypes[0] + mi := &file_criu_sa_proto_msgTypes[0] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -51,7 +51,7 @@ func (x *SaEntry) String() string { func (*SaEntry) ProtoMessage() {} func (x *SaEntry) ProtoReflect() protoreflect.Message { - mi := &file_sa_proto_msgTypes[0] + mi := &file_criu_sa_proto_msgTypes[0] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -64,7 +64,7 @@ func (x *SaEntry) ProtoReflect() protoreflect.Message { // Deprecated: Use SaEntry.ProtoReflect.Descriptor instead. func (*SaEntry) Descriptor() ([]byte, []int) { - return file_sa_proto_rawDescGZIP(), []int{0} + return file_criu_sa_proto_rawDescGZIP(), []int{0} } func (x *SaEntry) GetSigaction() uint64 { @@ -109,44 +109,44 @@ func (x *SaEntry) GetMaskExtended() uint64 { return 0 } -var File_sa_proto protoreflect.FileDescriptor +var File_criu_sa_proto protoreflect.FileDescriptor -var file_sa_proto_rawDesc = []byte{ - 0x0a, 0x08, 0x73, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x63, 0x72, 0x69, 0x75, - 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xe1, 0x01, 0x0a, - 0x08, 0x73, 0x61, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x23, 0x0a, 0x09, 0x73, 0x69, 0x67, - 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, - 0x02, 0x08, 0x01, 0x52, 0x09, 0x73, 0x69, 0x67, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1b, - 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, - 0x3f, 0x02, 0x08, 0x01, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x21, 0x0a, 0x08, 0x72, - 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x72, 0x18, 0x03, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, - 0x3f, 0x02, 0x08, 0x01, 0x52, 0x08, 0x72, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x72, 0x12, 0x19, - 0x0a, 0x04, 0x6d, 0x61, 0x73, 0x6b, 0x18, 0x04, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, - 0x02, 0x08, 0x01, 0x52, 0x04, 0x6d, 0x61, 0x73, 0x6b, 0x12, 0x29, 0x0a, 0x10, 0x63, 0x6f, 0x6d, - 0x70, 0x61, 0x74, 0x5f, 0x73, 0x69, 0x67, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x05, 0x20, - 0x01, 0x28, 0x08, 0x52, 0x0f, 0x63, 0x6f, 0x6d, 0x70, 0x61, 0x74, 0x53, 0x69, 0x67, 0x61, 0x63, - 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x2a, 0x0a, 0x0d, 0x6d, 0x61, 0x73, 0x6b, 0x5f, 0x65, 0x78, 0x74, - 0x65, 0x6e, 0x64, 0x65, 0x64, 0x18, 0x06, 0x20, 0x01, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, - 0x08, 0x01, 0x52, 0x0c, 0x6d, 0x61, 0x73, 0x6b, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x64, 0x65, 0x64, +var file_criu_sa_proto_rawDesc = []byte{ + 0x0a, 0x0d, 0x63, 0x72, 0x69, 0x75, 0x2d, 0x73, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, + 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xe1, 0x01, 0x0a, 0x08, + 0x73, 0x61, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x23, 0x0a, 0x09, 0x73, 0x69, 0x67, 0x61, + 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, + 0x08, 0x01, 0x52, 0x09, 0x73, 0x69, 0x67, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1b, 0x0a, + 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, + 0x02, 0x08, 0x01, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x21, 0x0a, 0x08, 0x72, 0x65, + 0x73, 0x74, 0x6f, 0x72, 0x65, 0x72, 0x18, 0x03, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, + 0x02, 0x08, 0x01, 0x52, 0x08, 0x72, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x72, 0x12, 0x19, 0x0a, + 0x04, 0x6d, 0x61, 0x73, 0x6b, 0x18, 0x04, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, + 0x08, 0x01, 0x52, 0x04, 0x6d, 0x61, 0x73, 0x6b, 0x12, 0x29, 0x0a, 0x10, 0x63, 0x6f, 0x6d, 0x70, + 0x61, 0x74, 0x5f, 0x73, 0x69, 0x67, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x05, 0x20, 0x01, + 0x28, 0x08, 0x52, 0x0f, 0x63, 0x6f, 0x6d, 0x70, 0x61, 0x74, 0x53, 0x69, 0x67, 0x61, 0x63, 0x74, + 0x69, 0x6f, 0x6e, 0x12, 0x2a, 0x0a, 0x0d, 0x6d, 0x61, 0x73, 0x6b, 0x5f, 0x65, 0x78, 0x74, 0x65, + 0x6e, 0x64, 0x65, 0x64, 0x18, 0x06, 0x20, 0x01, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, + 0x01, 0x52, 0x0c, 0x6d, 0x61, 0x73, 0x6b, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x64, 0x65, 0x64, } var ( - file_sa_proto_rawDescOnce sync.Once - file_sa_proto_rawDescData = file_sa_proto_rawDesc + file_criu_sa_proto_rawDescOnce sync.Once + file_criu_sa_proto_rawDescData = file_criu_sa_proto_rawDesc ) -func file_sa_proto_rawDescGZIP() []byte { - file_sa_proto_rawDescOnce.Do(func() { - file_sa_proto_rawDescData = protoimpl.X.CompressGZIP(file_sa_proto_rawDescData) +func file_criu_sa_proto_rawDescGZIP() []byte { + file_criu_sa_proto_rawDescOnce.Do(func() { + file_criu_sa_proto_rawDescData = protoimpl.X.CompressGZIP(file_criu_sa_proto_rawDescData) }) - return file_sa_proto_rawDescData + return file_criu_sa_proto_rawDescData } -var file_sa_proto_msgTypes = make([]protoimpl.MessageInfo, 1) -var file_sa_proto_goTypes = []interface{}{ - (*SaEntry)(nil), // 0: criu.sa_entry +var file_criu_sa_proto_msgTypes = make([]protoimpl.MessageInfo, 1) +var file_criu_sa_proto_goTypes = []interface{}{ + (*SaEntry)(nil), // 0: sa_entry } -var file_sa_proto_depIdxs = []int32{ +var file_criu_sa_proto_depIdxs = []int32{ 0, // [0:0] is the sub-list for method output_type 0, // [0:0] is the sub-list for method input_type 0, // [0:0] is the sub-list for extension type_name @@ -154,14 +154,14 @@ var file_sa_proto_depIdxs = []int32{ 0, // [0:0] is the sub-list for field type_name } -func init() { file_sa_proto_init() } -func file_sa_proto_init() { - if File_sa_proto != nil { +func init() { file_criu_sa_proto_init() } +func file_criu_sa_proto_init() { + if File_criu_sa_proto != nil { return } file_opts_proto_init() if !protoimpl.UnsafeEnabled { - file_sa_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + file_criu_sa_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*SaEntry); i { case 0: return &v.state @@ -178,18 +178,18 @@ func file_sa_proto_init() { out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_sa_proto_rawDesc, + RawDescriptor: file_criu_sa_proto_rawDesc, NumEnums: 0, NumMessages: 1, NumExtensions: 0, NumServices: 0, }, - GoTypes: file_sa_proto_goTypes, - DependencyIndexes: file_sa_proto_depIdxs, - MessageInfos: file_sa_proto_msgTypes, + GoTypes: file_criu_sa_proto_goTypes, + DependencyIndexes: file_criu_sa_proto_depIdxs, + MessageInfos: file_criu_sa_proto_msgTypes, }.Build() - File_sa_proto = out.File - file_sa_proto_rawDesc = nil - file_sa_proto_goTypes = nil - file_sa_proto_depIdxs = nil + File_criu_sa_proto = out.File + file_criu_sa_proto_rawDesc = nil + file_criu_sa_proto_goTypes = nil + file_criu_sa_proto_depIdxs = nil } diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sa.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/criu-sa.proto similarity index 96% rename from vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sa.proto rename to vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/criu-sa.proto index 6849893a40e..07f71c3a037 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sa.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/criu-sa.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; import "opts.proto"; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/eventfd.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/eventfd.pb.go index d5150b514b2..59b5caddf18 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/eventfd.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/eventfd.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: eventfd.proto package images @@ -96,16 +96,16 @@ func (x *EventfdFileEntry) GetCounter() uint64 { var File_eventfd_proto protoreflect.FileDescriptor var file_eventfd_proto_rawDesc = []byte{ - 0x0a, 0x0d, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x66, 0x64, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, - 0x04, 0x63, 0x72, 0x69, 0x75, 0x1a, 0x0a, 0x66, 0x6f, 0x77, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x22, 0x7a, 0x0a, 0x12, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x66, 0x64, 0x5f, 0x66, 0x69, 0x6c, - 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, - 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, 0x14, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, - 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x24, 0x0a, - 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x63, 0x72, - 0x69, 0x75, 0x2e, 0x66, 0x6f, 0x77, 0x6e, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x66, - 0x6f, 0x77, 0x6e, 0x12, 0x18, 0x0a, 0x07, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x04, - 0x20, 0x02, 0x28, 0x04, 0x52, 0x07, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x65, 0x72, + 0x0a, 0x0d, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x66, 0x64, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, + 0x0a, 0x66, 0x6f, 0x77, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x75, 0x0a, 0x12, 0x65, + 0x76, 0x65, 0x6e, 0x74, 0x66, 0x64, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, + 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, + 0x64, 0x12, 0x14, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, + 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x1f, 0x0a, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x18, + 0x03, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x0b, 0x2e, 0x66, 0x6f, 0x77, 0x6e, 0x5f, 0x65, 0x6e, 0x74, + 0x72, 0x79, 0x52, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x12, 0x18, 0x0a, 0x07, 0x63, 0x6f, 0x75, 0x6e, + 0x74, 0x65, 0x72, 0x18, 0x04, 0x20, 0x02, 0x28, 0x04, 0x52, 0x07, 0x63, 0x6f, 0x75, 0x6e, 0x74, + 0x65, 0x72, } var ( @@ -122,11 +122,11 @@ func file_eventfd_proto_rawDescGZIP() []byte { var file_eventfd_proto_msgTypes = make([]protoimpl.MessageInfo, 1) var file_eventfd_proto_goTypes = []interface{}{ - (*EventfdFileEntry)(nil), // 0: criu.eventfd_file_entry - (*FownEntry)(nil), // 1: criu.fown_entry + (*EventfdFileEntry)(nil), // 0: eventfd_file_entry + (*FownEntry)(nil), // 1: fown_entry } var file_eventfd_proto_depIdxs = []int32{ - 1, // 0: criu.eventfd_file_entry.fown:type_name -> criu.fown_entry + 1, // 0: eventfd_file_entry.fown:type_name -> fown_entry 1, // [1:1] is the sub-list for method output_type 1, // [1:1] is the sub-list for method input_type 1, // [1:1] is the sub-list for extension type_name diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/eventfd.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/eventfd.proto index 538341453f4..225462f763a 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/eventfd.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/eventfd.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; import "fown.proto"; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/eventpoll.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/eventpoll.pb.go index 7a593bdee07..01b9676acb9 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/eventpoll.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/eventpoll.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: eventpoll.proto package images @@ -193,25 +193,24 @@ var File_eventpoll_proto protoreflect.FileDescriptor var file_eventpoll_proto_rawDesc = []byte{ 0x0a, 0x0f, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x70, 0x6f, 0x6c, 0x6c, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x12, 0x04, 0x63, 0x72, 0x69, 0x75, 0x1a, 0x0a, 0x66, 0x6f, 0x77, 0x6e, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x22, 0x9d, 0x01, 0x0a, 0x13, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x70, 0x6f, 0x6c, - 0x6c, 0x5f, 0x74, 0x66, 0x64, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, - 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, 0x10, 0x0a, 0x03, 0x74, - 0x66, 0x64, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, 0x74, 0x66, 0x64, 0x12, 0x16, 0x0a, - 0x06, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x06, 0x65, - 0x76, 0x65, 0x6e, 0x74, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x64, 0x61, 0x74, 0x61, 0x18, 0x04, 0x20, - 0x02, 0x28, 0x04, 0x52, 0x04, 0x64, 0x61, 0x74, 0x61, 0x12, 0x10, 0x0a, 0x03, 0x64, 0x65, 0x76, - 0x18, 0x05, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x03, 0x64, 0x65, 0x76, 0x12, 0x14, 0x0a, 0x05, 0x69, - 0x6e, 0x6f, 0x64, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x04, 0x52, 0x05, 0x69, 0x6e, 0x6f, 0x64, - 0x65, 0x12, 0x10, 0x0a, 0x03, 0x70, 0x6f, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x04, 0x52, 0x03, - 0x70, 0x6f, 0x73, 0x22, 0x8f, 0x01, 0x0a, 0x14, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x70, 0x6f, 0x6c, - 0x6c, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, - 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, 0x14, 0x0a, 0x05, - 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x66, 0x6c, 0x61, - 0x67, 0x73, 0x12, 0x24, 0x0a, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0b, - 0x32, 0x10, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x66, 0x6f, 0x77, 0x6e, 0x5f, 0x65, 0x6e, 0x74, - 0x72, 0x79, 0x52, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x12, 0x2b, 0x0a, 0x03, 0x74, 0x66, 0x64, 0x18, - 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x65, 0x76, 0x65, + 0x6f, 0x1a, 0x0a, 0x66, 0x6f, 0x77, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x9d, 0x01, + 0x0a, 0x13, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x70, 0x6f, 0x6c, 0x6c, 0x5f, 0x74, 0x66, 0x64, 0x5f, + 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, + 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, 0x10, 0x0a, 0x03, 0x74, 0x66, 0x64, 0x18, 0x02, 0x20, 0x02, + 0x28, 0x0d, 0x52, 0x03, 0x74, 0x66, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x65, 0x76, 0x65, 0x6e, 0x74, + 0x73, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x06, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x12, + 0x12, 0x0a, 0x04, 0x64, 0x61, 0x74, 0x61, 0x18, 0x04, 0x20, 0x02, 0x28, 0x04, 0x52, 0x04, 0x64, + 0x61, 0x74, 0x61, 0x12, 0x10, 0x0a, 0x03, 0x64, 0x65, 0x76, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0d, + 0x52, 0x03, 0x64, 0x65, 0x76, 0x12, 0x14, 0x0a, 0x05, 0x69, 0x6e, 0x6f, 0x64, 0x65, 0x18, 0x06, + 0x20, 0x01, 0x28, 0x04, 0x52, 0x05, 0x69, 0x6e, 0x6f, 0x64, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x70, + 0x6f, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x04, 0x52, 0x03, 0x70, 0x6f, 0x73, 0x22, 0x85, 0x01, + 0x0a, 0x14, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x70, 0x6f, 0x6c, 0x6c, 0x5f, 0x66, 0x69, 0x6c, 0x65, + 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, + 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, 0x14, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, + 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x1f, 0x0a, 0x04, + 0x66, 0x6f, 0x77, 0x6e, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x0b, 0x2e, 0x66, 0x6f, 0x77, + 0x6e, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x12, 0x26, 0x0a, + 0x03, 0x74, 0x66, 0x64, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x70, 0x6f, 0x6c, 0x6c, 0x5f, 0x74, 0x66, 0x64, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x74, 0x66, 0x64, } @@ -230,13 +229,13 @@ func file_eventpoll_proto_rawDescGZIP() []byte { var file_eventpoll_proto_msgTypes = make([]protoimpl.MessageInfo, 2) var file_eventpoll_proto_goTypes = []interface{}{ - (*EventpollTfdEntry)(nil), // 0: criu.eventpoll_tfd_entry - (*EventpollFileEntry)(nil), // 1: criu.eventpoll_file_entry - (*FownEntry)(nil), // 2: criu.fown_entry + (*EventpollTfdEntry)(nil), // 0: eventpoll_tfd_entry + (*EventpollFileEntry)(nil), // 1: eventpoll_file_entry + (*FownEntry)(nil), // 2: fown_entry } var file_eventpoll_proto_depIdxs = []int32{ - 2, // 0: criu.eventpoll_file_entry.fown:type_name -> criu.fown_entry - 0, // 1: criu.eventpoll_file_entry.tfd:type_name -> criu.eventpoll_tfd_entry + 2, // 0: eventpoll_file_entry.fown:type_name -> fown_entry + 0, // 1: eventpoll_file_entry.tfd:type_name -> eventpoll_tfd_entry 2, // [2:2] is the sub-list for method output_type 2, // [2:2] is the sub-list for method input_type 2, // [2:2] is the sub-list for extension type_name diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/eventpoll.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/eventpoll.proto index 9d1290265a4..0f3e8a870b0 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/eventpoll.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/eventpoll.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; import "fown.proto"; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ext-file.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ext-file.pb.go index a518f95e89e..714a0ea211f 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ext-file.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ext-file.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: ext-file.proto package images @@ -81,12 +81,11 @@ var File_ext_file_proto protoreflect.FileDescriptor var file_ext_file_proto_rawDesc = []byte{ 0x0a, 0x0e, 0x65, 0x78, 0x74, 0x2d, 0x66, 0x69, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x12, 0x04, 0x63, 0x72, 0x69, 0x75, 0x1a, 0x0a, 0x66, 0x6f, 0x77, 0x6e, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x22, 0x46, 0x0a, 0x0e, 0x65, 0x78, 0x74, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, - 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, - 0x52, 0x02, 0x69, 0x64, 0x12, 0x24, 0x0a, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x18, 0x05, 0x20, 0x02, - 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x66, 0x6f, 0x77, 0x6e, 0x5f, 0x65, - 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x66, 0x6f, 0x77, 0x6e, + 0x1a, 0x0a, 0x66, 0x6f, 0x77, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x41, 0x0a, 0x0e, + 0x65, 0x78, 0x74, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, + 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, 0x1f, + 0x0a, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x18, 0x05, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x0b, 0x2e, 0x66, + 0x6f, 0x77, 0x6e, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x66, 0x6f, 0x77, 0x6e, } var ( @@ -103,11 +102,11 @@ func file_ext_file_proto_rawDescGZIP() []byte { var file_ext_file_proto_msgTypes = make([]protoimpl.MessageInfo, 1) var file_ext_file_proto_goTypes = []interface{}{ - (*ExtFileEntry)(nil), // 0: criu.ext_file_entry - (*FownEntry)(nil), // 1: criu.fown_entry + (*ExtFileEntry)(nil), // 0: ext_file_entry + (*FownEntry)(nil), // 1: fown_entry } var file_ext_file_proto_depIdxs = []int32{ - 1, // 0: criu.ext_file_entry.fown:type_name -> criu.fown_entry + 1, // 0: ext_file_entry.fown:type_name -> fown_entry 1, // [1:1] is the sub-list for method output_type 1, // [1:1] is the sub-list for method input_type 1, // [1:1] is the sub-list for extension type_name diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ext-file.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ext-file.proto index e1161a0a3f5..8b4f825681d 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ext-file.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ext-file.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; import "fown.proto"; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fdinfo.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fdinfo.pb.go index f7157cbef89..80abb2c1e15 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fdinfo.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fdinfo.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: fdinfo.proto package images @@ -146,7 +146,7 @@ type FdinfoEntry struct { Id *uint32 `protobuf:"varint,1,req,name=id" json:"id,omitempty"` Flags *uint32 `protobuf:"varint,2,req,name=flags" json:"flags,omitempty"` - Type *FdTypes `protobuf:"varint,3,req,name=type,enum=criu.FdTypes" json:"type,omitempty"` + Type *FdTypes `protobuf:"varint,3,req,name=type,enum=FdTypes" json:"type,omitempty"` Fd *uint32 `protobuf:"varint,4,req,name=fd" json:"fd,omitempty"` XattrSecuritySelinux *string `protobuf:"bytes,5,opt,name=xattr_security_selinux,json=xattrSecuritySelinux" json:"xattr_security_selinux,omitempty"` } @@ -223,7 +223,7 @@ type FileEntry struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Type *FdTypes `protobuf:"varint,1,req,name=type,enum=criu.FdTypes" json:"type,omitempty"` + Type *FdTypes `protobuf:"varint,1,req,name=type,enum=FdTypes" json:"type,omitempty"` Id *uint32 `protobuf:"varint,2,req,name=id" json:"id,omitempty"` Reg *RegFileEntry `protobuf:"bytes,3,opt,name=reg" json:"reg,omitempty"` Isk *InetSkEntry `protobuf:"bytes,4,opt,name=isk" json:"isk,omitempty"` @@ -428,105 +428,99 @@ func (x *FileEntry) GetBpf() *BpfmapFileEntry { var File_fdinfo_proto protoreflect.FileDescriptor var file_fdinfo_proto_rawDesc = []byte{ - 0x0a, 0x0c, 0x66, 0x64, 0x69, 0x6e, 0x66, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, - 0x63, 0x72, 0x69, 0x75, 0x1a, 0x0d, 0x72, 0x65, 0x67, 0x66, 0x69, 0x6c, 0x65, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x1a, 0x0d, 0x73, 0x6b, 0x2d, 0x69, 0x6e, 0x65, 0x74, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x1a, 0x08, 0x6e, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x11, 0x70, 0x61, - 0x63, 0x6b, 0x65, 0x74, 0x2d, 0x73, 0x6f, 0x63, 0x6b, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, - 0x10, 0x73, 0x6b, 0x2d, 0x6e, 0x65, 0x74, 0x6c, 0x69, 0x6e, 0x6b, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x1a, 0x0d, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x66, 0x64, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x1a, 0x0f, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x70, 0x6f, 0x6c, 0x6c, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x1a, 0x0e, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x6c, 0x66, 0x64, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x1a, 0x09, 0x74, 0x75, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0d, 0x74, 0x69, - 0x6d, 0x65, 0x72, 0x66, 0x64, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0e, 0x66, 0x73, 0x6e, - 0x6f, 0x74, 0x69, 0x66, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0e, 0x65, 0x78, 0x74, - 0x2d, 0x66, 0x69, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0d, 0x73, 0x6b, 0x2d, - 0x75, 0x6e, 0x69, 0x78, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x66, 0x69, 0x66, 0x6f, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x70, 0x69, 0x70, 0x65, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x1a, 0x09, 0x74, 0x74, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0b, 0x6d, - 0x65, 0x6d, 0x66, 0x64, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x11, 0x62, 0x70, 0x66, 0x6d, - 0x61, 0x70, 0x2d, 0x66, 0x69, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x9e, 0x01, - 0x0a, 0x0c, 0x66, 0x64, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, - 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, 0x14, - 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x66, - 0x6c, 0x61, 0x67, 0x73, 0x12, 0x22, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x02, - 0x28, 0x0e, 0x32, 0x0e, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x66, 0x64, 0x5f, 0x74, 0x79, 0x70, - 0x65, 0x73, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x0e, 0x0a, 0x02, 0x66, 0x64, 0x18, 0x04, - 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x66, 0x64, 0x12, 0x34, 0x0a, 0x16, 0x78, 0x61, 0x74, 0x74, - 0x72, 0x5f, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x5f, 0x73, 0x65, 0x6c, 0x69, 0x6e, - 0x75, 0x78, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x14, 0x78, 0x61, 0x74, 0x74, 0x72, 0x53, - 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x53, 0x65, 0x6c, 0x69, 0x6e, 0x75, 0x78, 0x22, 0xd8, - 0x06, 0x0a, 0x0a, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x22, 0x0a, - 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0e, 0x32, 0x0e, 0x2e, 0x63, 0x72, - 0x69, 0x75, 0x2e, 0x66, 0x64, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x73, 0x52, 0x04, 0x74, 0x79, 0x70, + 0x0a, 0x0c, 0x66, 0x64, 0x69, 0x6e, 0x66, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0d, + 0x72, 0x65, 0x67, 0x66, 0x69, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0d, 0x73, + 0x6b, 0x2d, 0x69, 0x6e, 0x65, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x08, 0x6e, 0x73, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x11, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x2d, 0x73, + 0x6f, 0x63, 0x6b, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x10, 0x73, 0x6b, 0x2d, 0x6e, 0x65, + 0x74, 0x6c, 0x69, 0x6e, 0x6b, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0d, 0x65, 0x76, 0x65, + 0x6e, 0x74, 0x66, 0x64, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0f, 0x65, 0x76, 0x65, 0x6e, + 0x74, 0x70, 0x6f, 0x6c, 0x6c, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0e, 0x73, 0x69, 0x67, + 0x6e, 0x61, 0x6c, 0x66, 0x64, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x09, 0x74, 0x75, 0x6e, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0d, 0x74, 0x69, 0x6d, 0x65, 0x72, 0x66, 0x64, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0e, 0x66, 0x73, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0e, 0x65, 0x78, 0x74, 0x2d, 0x66, 0x69, 0x6c, 0x65, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0d, 0x73, 0x6b, 0x2d, 0x75, 0x6e, 0x69, 0x78, 0x2e, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x66, 0x69, 0x66, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x1a, 0x0a, 0x70, 0x69, 0x70, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x09, 0x74, 0x74, + 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0b, 0x6d, 0x65, 0x6d, 0x66, 0x64, 0x2e, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x11, 0x62, 0x70, 0x66, 0x6d, 0x61, 0x70, 0x2d, 0x66, 0x69, 0x6c, + 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x99, 0x01, 0x0a, 0x0c, 0x66, 0x64, 0x69, 0x6e, + 0x66, 0x6f, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, + 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, 0x14, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, + 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x1d, + 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0e, 0x32, 0x09, 0x2e, 0x66, + 0x64, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x73, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x0e, 0x0a, + 0x02, 0x66, 0x64, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x66, 0x64, 0x12, 0x34, 0x0a, + 0x16, 0x78, 0x61, 0x74, 0x74, 0x72, 0x5f, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x5f, + 0x73, 0x65, 0x6c, 0x69, 0x6e, 0x75, 0x78, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x14, 0x78, + 0x61, 0x74, 0x74, 0x72, 0x53, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x53, 0x65, 0x6c, 0x69, + 0x6e, 0x75, 0x78, 0x22, 0xf4, 0x05, 0x0a, 0x0a, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, 0x6e, 0x74, + 0x72, 0x79, 0x12, 0x1d, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0e, + 0x32, 0x09, 0x2e, 0x66, 0x64, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x73, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, - 0x64, 0x12, 0x26, 0x0a, 0x03, 0x72, 0x65, 0x67, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, - 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x72, 0x65, 0x67, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, - 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x72, 0x65, 0x67, 0x12, 0x25, 0x0a, 0x03, 0x69, 0x73, 0x6b, - 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x69, 0x6e, - 0x65, 0x74, 0x5f, 0x73, 0x6b, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x69, 0x73, 0x6b, - 0x12, 0x25, 0x0a, 0x03, 0x6e, 0x73, 0x66, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, - 0x63, 0x72, 0x69, 0x75, 0x2e, 0x6e, 0x73, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, 0x6e, 0x74, - 0x72, 0x79, 0x52, 0x03, 0x6e, 0x73, 0x66, 0x12, 0x29, 0x0a, 0x03, 0x70, 0x73, 0x6b, 0x18, 0x06, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x70, 0x61, 0x63, 0x6b, - 0x65, 0x74, 0x5f, 0x73, 0x6f, 0x63, 0x6b, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x70, - 0x73, 0x6b, 0x12, 0x2a, 0x0a, 0x04, 0x6e, 0x6c, 0x73, 0x6b, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x16, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x6e, 0x65, 0x74, 0x6c, 0x69, 0x6e, 0x6b, 0x5f, - 0x73, 0x6b, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x6e, 0x6c, 0x73, 0x6b, 0x12, 0x2a, - 0x0a, 0x03, 0x65, 0x66, 0x64, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x63, 0x72, - 0x69, 0x75, 0x2e, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x66, 0x64, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, - 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x65, 0x66, 0x64, 0x12, 0x2e, 0x0a, 0x04, 0x65, 0x70, - 0x66, 0x64, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, - 0x65, 0x76, 0x65, 0x6e, 0x74, 0x70, 0x6f, 0x6c, 0x6c, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, - 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x65, 0x70, 0x66, 0x64, 0x12, 0x28, 0x0a, 0x04, 0x73, 0x67, - 0x66, 0x64, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, - 0x73, 0x69, 0x67, 0x6e, 0x61, 0x6c, 0x66, 0x64, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, - 0x73, 0x67, 0x66, 0x64, 0x12, 0x27, 0x0a, 0x04, 0x74, 0x75, 0x6e, 0x66, 0x18, 0x0b, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x74, 0x75, 0x6e, 0x66, 0x69, 0x6c, - 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x74, 0x75, 0x6e, 0x66, 0x12, 0x25, 0x0a, - 0x03, 0x74, 0x66, 0x64, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x63, 0x72, 0x69, - 0x75, 0x2e, 0x74, 0x69, 0x6d, 0x65, 0x72, 0x66, 0x64, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, - 0x03, 0x74, 0x66, 0x64, 0x12, 0x2a, 0x0a, 0x03, 0x69, 0x66, 0x79, 0x18, 0x0d, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x18, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x69, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, - 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x69, 0x66, 0x79, - 0x12, 0x2b, 0x0a, 0x03, 0x66, 0x66, 0x79, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, - 0x63, 0x72, 0x69, 0x75, 0x2e, 0x66, 0x61, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x5f, 0x66, 0x69, - 0x6c, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x66, 0x66, 0x79, 0x12, 0x26, 0x0a, - 0x03, 0x65, 0x78, 0x74, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x63, 0x72, 0x69, - 0x75, 0x2e, 0x65, 0x78, 0x74, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, - 0x52, 0x03, 0x65, 0x78, 0x74, 0x12, 0x25, 0x0a, 0x03, 0x75, 0x73, 0x6b, 0x18, 0x10, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x75, 0x6e, 0x69, 0x78, 0x5f, 0x73, - 0x6b, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x75, 0x73, 0x6b, 0x12, 0x24, 0x0a, 0x04, - 0x66, 0x69, 0x66, 0x6f, 0x18, 0x11, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x63, 0x72, 0x69, - 0x75, 0x2e, 0x66, 0x69, 0x66, 0x6f, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x66, 0x69, - 0x66, 0x6f, 0x12, 0x24, 0x0a, 0x04, 0x70, 0x69, 0x70, 0x65, 0x18, 0x12, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x10, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x70, 0x69, 0x70, 0x65, 0x5f, 0x65, 0x6e, 0x74, - 0x72, 0x79, 0x52, 0x04, 0x70, 0x69, 0x70, 0x65, 0x12, 0x26, 0x0a, 0x03, 0x74, 0x74, 0x79, 0x18, - 0x13, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x74, 0x74, 0x79, - 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x74, 0x74, 0x79, - 0x12, 0x2c, 0x0a, 0x05, 0x6d, 0x65, 0x6d, 0x66, 0x64, 0x18, 0x14, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x16, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x6d, 0x65, 0x6d, 0x66, 0x64, 0x5f, 0x66, 0x69, 0x6c, - 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x05, 0x6d, 0x65, 0x6d, 0x66, 0x64, 0x12, 0x29, - 0x0a, 0x03, 0x62, 0x70, 0x66, 0x18, 0x15, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x63, 0x72, - 0x69, 0x75, 0x2e, 0x62, 0x70, 0x66, 0x6d, 0x61, 0x70, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, - 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x62, 0x70, 0x66, 0x2a, 0x94, 0x02, 0x0a, 0x08, 0x66, 0x64, - 0x5f, 0x74, 0x79, 0x70, 0x65, 0x73, 0x12, 0x07, 0x0a, 0x03, 0x55, 0x4e, 0x44, 0x10, 0x00, 0x12, - 0x07, 0x0a, 0x03, 0x52, 0x45, 0x47, 0x10, 0x01, 0x12, 0x08, 0x0a, 0x04, 0x50, 0x49, 0x50, 0x45, - 0x10, 0x02, 0x12, 0x08, 0x0a, 0x04, 0x46, 0x49, 0x46, 0x4f, 0x10, 0x03, 0x12, 0x0a, 0x0a, 0x06, - 0x49, 0x4e, 0x45, 0x54, 0x53, 0x4b, 0x10, 0x04, 0x12, 0x0a, 0x0a, 0x06, 0x55, 0x4e, 0x49, 0x58, - 0x53, 0x4b, 0x10, 0x05, 0x12, 0x0b, 0x0a, 0x07, 0x45, 0x56, 0x45, 0x4e, 0x54, 0x46, 0x44, 0x10, - 0x06, 0x12, 0x0d, 0x0a, 0x09, 0x45, 0x56, 0x45, 0x4e, 0x54, 0x50, 0x4f, 0x4c, 0x4c, 0x10, 0x07, - 0x12, 0x0b, 0x0a, 0x07, 0x49, 0x4e, 0x4f, 0x54, 0x49, 0x46, 0x59, 0x10, 0x08, 0x12, 0x0c, 0x0a, - 0x08, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x4c, 0x46, 0x44, 0x10, 0x09, 0x12, 0x0c, 0x0a, 0x08, 0x50, - 0x41, 0x43, 0x4b, 0x45, 0x54, 0x53, 0x4b, 0x10, 0x0a, 0x12, 0x07, 0x0a, 0x03, 0x54, 0x54, 0x59, - 0x10, 0x0b, 0x12, 0x0c, 0x0a, 0x08, 0x46, 0x41, 0x4e, 0x4f, 0x54, 0x49, 0x46, 0x59, 0x10, 0x0c, - 0x12, 0x0d, 0x0a, 0x09, 0x4e, 0x45, 0x54, 0x4c, 0x49, 0x4e, 0x4b, 0x53, 0x4b, 0x10, 0x0d, 0x12, - 0x06, 0x0a, 0x02, 0x4e, 0x53, 0x10, 0x0e, 0x12, 0x08, 0x0a, 0x04, 0x54, 0x55, 0x4e, 0x46, 0x10, - 0x0f, 0x12, 0x07, 0x0a, 0x03, 0x45, 0x58, 0x54, 0x10, 0x10, 0x12, 0x0b, 0x0a, 0x07, 0x54, 0x49, - 0x4d, 0x45, 0x52, 0x46, 0x44, 0x10, 0x11, 0x12, 0x09, 0x0a, 0x05, 0x4d, 0x45, 0x4d, 0x46, 0x44, - 0x10, 0x12, 0x12, 0x0a, 0x0a, 0x06, 0x42, 0x50, 0x46, 0x4d, 0x41, 0x50, 0x10, 0x13, 0x12, 0x0d, - 0x0a, 0x07, 0x43, 0x54, 0x4c, 0x5f, 0x54, 0x54, 0x59, 0x10, 0xfe, 0xff, 0x03, 0x12, 0x11, 0x0a, - 0x0b, 0x41, 0x55, 0x54, 0x4f, 0x46, 0x53, 0x5f, 0x50, 0x49, 0x50, 0x45, 0x10, 0xff, 0xff, 0x03, + 0x64, 0x12, 0x21, 0x0a, 0x03, 0x72, 0x65, 0x67, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0f, + 0x2e, 0x72, 0x65, 0x67, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, + 0x03, 0x72, 0x65, 0x67, 0x12, 0x20, 0x0a, 0x03, 0x69, 0x73, 0x6b, 0x18, 0x04, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x0e, 0x2e, 0x69, 0x6e, 0x65, 0x74, 0x5f, 0x73, 0x6b, 0x5f, 0x65, 0x6e, 0x74, 0x72, + 0x79, 0x52, 0x03, 0x69, 0x73, 0x6b, 0x12, 0x20, 0x0a, 0x03, 0x6e, 0x73, 0x66, 0x18, 0x05, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x6e, 0x73, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, 0x6e, + 0x74, 0x72, 0x79, 0x52, 0x03, 0x6e, 0x73, 0x66, 0x12, 0x24, 0x0a, 0x03, 0x70, 0x73, 0x6b, 0x18, + 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x5f, 0x73, + 0x6f, 0x63, 0x6b, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x70, 0x73, 0x6b, 0x12, 0x25, + 0x0a, 0x04, 0x6e, 0x6c, 0x73, 0x6b, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x6e, + 0x65, 0x74, 0x6c, 0x69, 0x6e, 0x6b, 0x5f, 0x73, 0x6b, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, + 0x04, 0x6e, 0x6c, 0x73, 0x6b, 0x12, 0x25, 0x0a, 0x03, 0x65, 0x66, 0x64, 0x18, 0x08, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x66, 0x64, 0x5f, 0x66, 0x69, 0x6c, + 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x65, 0x66, 0x64, 0x12, 0x29, 0x0a, 0x04, + 0x65, 0x70, 0x66, 0x64, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x65, 0x76, 0x65, + 0x6e, 0x74, 0x70, 0x6f, 0x6c, 0x6c, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, + 0x79, 0x52, 0x04, 0x65, 0x70, 0x66, 0x64, 0x12, 0x23, 0x0a, 0x04, 0x73, 0x67, 0x66, 0x64, 0x18, + 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x6c, 0x66, 0x64, + 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x73, 0x67, 0x66, 0x64, 0x12, 0x22, 0x0a, 0x04, + 0x74, 0x75, 0x6e, 0x66, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x74, 0x75, 0x6e, + 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x74, 0x75, 0x6e, 0x66, + 0x12, 0x20, 0x0a, 0x03, 0x74, 0x66, 0x64, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0e, 0x2e, + 0x74, 0x69, 0x6d, 0x65, 0x72, 0x66, 0x64, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x74, + 0x66, 0x64, 0x12, 0x25, 0x0a, 0x03, 0x69, 0x66, 0x79, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x13, 0x2e, 0x69, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, + 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x69, 0x66, 0x79, 0x12, 0x26, 0x0a, 0x03, 0x66, 0x66, 0x79, + 0x18, 0x0e, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x66, 0x61, 0x6e, 0x6f, 0x74, 0x69, 0x66, + 0x79, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x66, 0x66, + 0x79, 0x12, 0x21, 0x0a, 0x03, 0x65, 0x78, 0x74, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0f, + 0x2e, 0x65, 0x78, 0x74, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, + 0x03, 0x65, 0x78, 0x74, 0x12, 0x20, 0x0a, 0x03, 0x75, 0x73, 0x6b, 0x18, 0x10, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x0e, 0x2e, 0x75, 0x6e, 0x69, 0x78, 0x5f, 0x73, 0x6b, 0x5f, 0x65, 0x6e, 0x74, 0x72, + 0x79, 0x52, 0x03, 0x75, 0x73, 0x6b, 0x12, 0x1f, 0x0a, 0x04, 0x66, 0x69, 0x66, 0x6f, 0x18, 0x11, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0b, 0x2e, 0x66, 0x69, 0x66, 0x6f, 0x5f, 0x65, 0x6e, 0x74, 0x72, + 0x79, 0x52, 0x04, 0x66, 0x69, 0x66, 0x6f, 0x12, 0x1f, 0x0a, 0x04, 0x70, 0x69, 0x70, 0x65, 0x18, + 0x12, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0b, 0x2e, 0x70, 0x69, 0x70, 0x65, 0x5f, 0x65, 0x6e, 0x74, + 0x72, 0x79, 0x52, 0x04, 0x70, 0x69, 0x70, 0x65, 0x12, 0x21, 0x0a, 0x03, 0x74, 0x74, 0x79, 0x18, + 0x13, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x74, 0x74, 0x79, 0x5f, 0x66, 0x69, 0x6c, 0x65, + 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x74, 0x74, 0x79, 0x12, 0x27, 0x0a, 0x05, 0x6d, + 0x65, 0x6d, 0x66, 0x64, 0x18, 0x14, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x6d, 0x65, 0x6d, + 0x66, 0x64, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x05, 0x6d, + 0x65, 0x6d, 0x66, 0x64, 0x12, 0x24, 0x0a, 0x03, 0x62, 0x70, 0x66, 0x18, 0x15, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x12, 0x2e, 0x62, 0x70, 0x66, 0x6d, 0x61, 0x70, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, + 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x62, 0x70, 0x66, 0x2a, 0x94, 0x02, 0x0a, 0x08, 0x66, + 0x64, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x73, 0x12, 0x07, 0x0a, 0x03, 0x55, 0x4e, 0x44, 0x10, 0x00, + 0x12, 0x07, 0x0a, 0x03, 0x52, 0x45, 0x47, 0x10, 0x01, 0x12, 0x08, 0x0a, 0x04, 0x50, 0x49, 0x50, + 0x45, 0x10, 0x02, 0x12, 0x08, 0x0a, 0x04, 0x46, 0x49, 0x46, 0x4f, 0x10, 0x03, 0x12, 0x0a, 0x0a, + 0x06, 0x49, 0x4e, 0x45, 0x54, 0x53, 0x4b, 0x10, 0x04, 0x12, 0x0a, 0x0a, 0x06, 0x55, 0x4e, 0x49, + 0x58, 0x53, 0x4b, 0x10, 0x05, 0x12, 0x0b, 0x0a, 0x07, 0x45, 0x56, 0x45, 0x4e, 0x54, 0x46, 0x44, + 0x10, 0x06, 0x12, 0x0d, 0x0a, 0x09, 0x45, 0x56, 0x45, 0x4e, 0x54, 0x50, 0x4f, 0x4c, 0x4c, 0x10, + 0x07, 0x12, 0x0b, 0x0a, 0x07, 0x49, 0x4e, 0x4f, 0x54, 0x49, 0x46, 0x59, 0x10, 0x08, 0x12, 0x0c, + 0x0a, 0x08, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x4c, 0x46, 0x44, 0x10, 0x09, 0x12, 0x0c, 0x0a, 0x08, + 0x50, 0x41, 0x43, 0x4b, 0x45, 0x54, 0x53, 0x4b, 0x10, 0x0a, 0x12, 0x07, 0x0a, 0x03, 0x54, 0x54, + 0x59, 0x10, 0x0b, 0x12, 0x0c, 0x0a, 0x08, 0x46, 0x41, 0x4e, 0x4f, 0x54, 0x49, 0x46, 0x59, 0x10, + 0x0c, 0x12, 0x0d, 0x0a, 0x09, 0x4e, 0x45, 0x54, 0x4c, 0x49, 0x4e, 0x4b, 0x53, 0x4b, 0x10, 0x0d, + 0x12, 0x06, 0x0a, 0x02, 0x4e, 0x53, 0x10, 0x0e, 0x12, 0x08, 0x0a, 0x04, 0x54, 0x55, 0x4e, 0x46, + 0x10, 0x0f, 0x12, 0x07, 0x0a, 0x03, 0x45, 0x58, 0x54, 0x10, 0x10, 0x12, 0x0b, 0x0a, 0x07, 0x54, + 0x49, 0x4d, 0x45, 0x52, 0x46, 0x44, 0x10, 0x11, 0x12, 0x09, 0x0a, 0x05, 0x4d, 0x45, 0x4d, 0x46, + 0x44, 0x10, 0x12, 0x12, 0x0a, 0x0a, 0x06, 0x42, 0x50, 0x46, 0x4d, 0x41, 0x50, 0x10, 0x13, 0x12, + 0x0d, 0x0a, 0x07, 0x43, 0x54, 0x4c, 0x5f, 0x54, 0x54, 0x59, 0x10, 0xfe, 0xff, 0x03, 0x12, 0x11, + 0x0a, 0x0b, 0x41, 0x55, 0x54, 0x4f, 0x46, 0x53, 0x5f, 0x50, 0x49, 0x50, 0x45, 0x10, 0xff, 0xff, + 0x03, } var ( @@ -544,51 +538,51 @@ func file_fdinfo_proto_rawDescGZIP() []byte { var file_fdinfo_proto_enumTypes = make([]protoimpl.EnumInfo, 1) var file_fdinfo_proto_msgTypes = make([]protoimpl.MessageInfo, 2) var file_fdinfo_proto_goTypes = []interface{}{ - (FdTypes)(0), // 0: criu.fd_types - (*FdinfoEntry)(nil), // 1: criu.fdinfo_entry - (*FileEntry)(nil), // 2: criu.file_entry - (*RegFileEntry)(nil), // 3: criu.reg_file_entry - (*InetSkEntry)(nil), // 4: criu.inet_sk_entry - (*NsFileEntry)(nil), // 5: criu.ns_file_entry - (*PacketSockEntry)(nil), // 6: criu.packet_sock_entry - (*NetlinkSkEntry)(nil), // 7: criu.netlink_sk_entry - (*EventfdFileEntry)(nil), // 8: criu.eventfd_file_entry - (*EventpollFileEntry)(nil), // 9: criu.eventpoll_file_entry - (*SignalfdEntry)(nil), // 10: criu.signalfd_entry - (*TunfileEntry)(nil), // 11: criu.tunfile_entry - (*TimerfdEntry)(nil), // 12: criu.timerfd_entry - (*InotifyFileEntry)(nil), // 13: criu.inotify_file_entry - (*FanotifyFileEntry)(nil), // 14: criu.fanotify_file_entry - (*ExtFileEntry)(nil), // 15: criu.ext_file_entry - (*UnixSkEntry)(nil), // 16: criu.unix_sk_entry - (*FifoEntry)(nil), // 17: criu.fifo_entry - (*PipeEntry)(nil), // 18: criu.pipe_entry - (*TtyFileEntry)(nil), // 19: criu.tty_file_entry - (*MemfdFileEntry)(nil), // 20: criu.memfd_file_entry - (*BpfmapFileEntry)(nil), // 21: criu.bpfmap_file_entry + (FdTypes)(0), // 0: fd_types + (*FdinfoEntry)(nil), // 1: fdinfo_entry + (*FileEntry)(nil), // 2: file_entry + (*RegFileEntry)(nil), // 3: reg_file_entry + (*InetSkEntry)(nil), // 4: inet_sk_entry + (*NsFileEntry)(nil), // 5: ns_file_entry + (*PacketSockEntry)(nil), // 6: packet_sock_entry + (*NetlinkSkEntry)(nil), // 7: netlink_sk_entry + (*EventfdFileEntry)(nil), // 8: eventfd_file_entry + (*EventpollFileEntry)(nil), // 9: eventpoll_file_entry + (*SignalfdEntry)(nil), // 10: signalfd_entry + (*TunfileEntry)(nil), // 11: tunfile_entry + (*TimerfdEntry)(nil), // 12: timerfd_entry + (*InotifyFileEntry)(nil), // 13: inotify_file_entry + (*FanotifyFileEntry)(nil), // 14: fanotify_file_entry + (*ExtFileEntry)(nil), // 15: ext_file_entry + (*UnixSkEntry)(nil), // 16: unix_sk_entry + (*FifoEntry)(nil), // 17: fifo_entry + (*PipeEntry)(nil), // 18: pipe_entry + (*TtyFileEntry)(nil), // 19: tty_file_entry + (*MemfdFileEntry)(nil), // 20: memfd_file_entry + (*BpfmapFileEntry)(nil), // 21: bpfmap_file_entry } var file_fdinfo_proto_depIdxs = []int32{ - 0, // 0: criu.fdinfo_entry.type:type_name -> criu.fd_types - 0, // 1: criu.file_entry.type:type_name -> criu.fd_types - 3, // 2: criu.file_entry.reg:type_name -> criu.reg_file_entry - 4, // 3: criu.file_entry.isk:type_name -> criu.inet_sk_entry - 5, // 4: criu.file_entry.nsf:type_name -> criu.ns_file_entry - 6, // 5: criu.file_entry.psk:type_name -> criu.packet_sock_entry - 7, // 6: criu.file_entry.nlsk:type_name -> criu.netlink_sk_entry - 8, // 7: criu.file_entry.efd:type_name -> criu.eventfd_file_entry - 9, // 8: criu.file_entry.epfd:type_name -> criu.eventpoll_file_entry - 10, // 9: criu.file_entry.sgfd:type_name -> criu.signalfd_entry - 11, // 10: criu.file_entry.tunf:type_name -> criu.tunfile_entry - 12, // 11: criu.file_entry.tfd:type_name -> criu.timerfd_entry - 13, // 12: criu.file_entry.ify:type_name -> criu.inotify_file_entry - 14, // 13: criu.file_entry.ffy:type_name -> criu.fanotify_file_entry - 15, // 14: criu.file_entry.ext:type_name -> criu.ext_file_entry - 16, // 15: criu.file_entry.usk:type_name -> criu.unix_sk_entry - 17, // 16: criu.file_entry.fifo:type_name -> criu.fifo_entry - 18, // 17: criu.file_entry.pipe:type_name -> criu.pipe_entry - 19, // 18: criu.file_entry.tty:type_name -> criu.tty_file_entry - 20, // 19: criu.file_entry.memfd:type_name -> criu.memfd_file_entry - 21, // 20: criu.file_entry.bpf:type_name -> criu.bpfmap_file_entry + 0, // 0: fdinfo_entry.type:type_name -> fd_types + 0, // 1: file_entry.type:type_name -> fd_types + 3, // 2: file_entry.reg:type_name -> reg_file_entry + 4, // 3: file_entry.isk:type_name -> inet_sk_entry + 5, // 4: file_entry.nsf:type_name -> ns_file_entry + 6, // 5: file_entry.psk:type_name -> packet_sock_entry + 7, // 6: file_entry.nlsk:type_name -> netlink_sk_entry + 8, // 7: file_entry.efd:type_name -> eventfd_file_entry + 9, // 8: file_entry.epfd:type_name -> eventpoll_file_entry + 10, // 9: file_entry.sgfd:type_name -> signalfd_entry + 11, // 10: file_entry.tunf:type_name -> tunfile_entry + 12, // 11: file_entry.tfd:type_name -> timerfd_entry + 13, // 12: file_entry.ify:type_name -> inotify_file_entry + 14, // 13: file_entry.ffy:type_name -> fanotify_file_entry + 15, // 14: file_entry.ext:type_name -> ext_file_entry + 16, // 15: file_entry.usk:type_name -> unix_sk_entry + 17, // 16: file_entry.fifo:type_name -> fifo_entry + 18, // 17: file_entry.pipe:type_name -> pipe_entry + 19, // 18: file_entry.tty:type_name -> tty_file_entry + 20, // 19: file_entry.memfd:type_name -> memfd_file_entry + 21, // 20: file_entry.bpf:type_name -> bpfmap_file_entry 21, // [21:21] is the sub-list for method output_type 21, // [21:21] is the sub-list for method input_type 21, // [21:21] is the sub-list for extension type_name diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fdinfo.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fdinfo.proto index cbb32f2cb2b..88f1c11860f 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fdinfo.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fdinfo.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; import "regfile.proto"; import "sk-inet.proto"; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fh.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fh.pb.go index 5cd18c3437b..c67a02ce36e 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fh.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fh.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: fh.proto package images @@ -221,24 +221,23 @@ func (x *IrmapCacheEntry) GetPath() string { var File_fh_proto protoreflect.FileDescriptor var file_fh_proto_rawDesc = []byte{ - 0x0a, 0x08, 0x66, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x63, 0x72, 0x69, 0x75, - 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x77, 0x0a, 0x08, - 0x66, 0x68, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x62, 0x79, 0x74, 0x65, - 0x73, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x62, 0x79, 0x74, 0x65, 0x73, 0x12, 0x12, - 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x74, 0x79, - 0x70, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x68, 0x61, 0x6e, 0x64, 0x6c, 0x65, 0x18, 0x03, 0x20, 0x03, - 0x28, 0x04, 0x52, 0x06, 0x68, 0x61, 0x6e, 0x64, 0x6c, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61, - 0x74, 0x68, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x12, 0x15, - 0x0a, 0x06, 0x6d, 0x6e, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x05, - 0x6d, 0x6e, 0x74, 0x49, 0x64, 0x22, 0x5b, 0x0a, 0x11, 0x69, 0x72, 0x6d, 0x61, 0x70, 0x5f, 0x63, - 0x61, 0x63, 0x68, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x1c, 0x0a, 0x03, 0x64, 0x65, - 0x76, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x0a, 0xd2, 0x3f, 0x02, 0x20, 0x01, 0xd2, 0x3f, - 0x02, 0x28, 0x01, 0x52, 0x03, 0x64, 0x65, 0x76, 0x12, 0x14, 0x0a, 0x05, 0x69, 0x6e, 0x6f, 0x64, - 0x65, 0x18, 0x02, 0x20, 0x02, 0x28, 0x04, 0x52, 0x05, 0x69, 0x6e, 0x6f, 0x64, 0x65, 0x12, 0x12, - 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x03, 0x20, 0x02, 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, - 0x74, 0x68, 0x2a, 0x21, 0x0a, 0x0e, 0x66, 0x68, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x5f, 0x73, - 0x69, 0x7a, 0x65, 0x73, 0x12, 0x0f, 0x0a, 0x0b, 0x6d, 0x69, 0x6e, 0x5f, 0x65, 0x6e, 0x74, 0x72, - 0x69, 0x65, 0x73, 0x10, 0x10, + 0x0a, 0x08, 0x66, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x77, 0x0a, 0x08, 0x66, 0x68, 0x5f, 0x65, 0x6e, 0x74, + 0x72, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x62, 0x79, 0x74, 0x65, 0x73, 0x18, 0x01, 0x20, 0x02, 0x28, + 0x0d, 0x52, 0x05, 0x62, 0x79, 0x74, 0x65, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, + 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a, 0x06, + 0x68, 0x61, 0x6e, 0x64, 0x6c, 0x65, 0x18, 0x03, 0x20, 0x03, 0x28, 0x04, 0x52, 0x06, 0x68, 0x61, + 0x6e, 0x64, 0x6c, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x04, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x12, 0x15, 0x0a, 0x06, 0x6d, 0x6e, 0x74, 0x5f, + 0x69, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x05, 0x6d, 0x6e, 0x74, 0x49, 0x64, 0x22, + 0x5b, 0x0a, 0x11, 0x69, 0x72, 0x6d, 0x61, 0x70, 0x5f, 0x63, 0x61, 0x63, 0x68, 0x65, 0x5f, 0x65, + 0x6e, 0x74, 0x72, 0x79, 0x12, 0x1c, 0x0a, 0x03, 0x64, 0x65, 0x76, 0x18, 0x01, 0x20, 0x02, 0x28, + 0x0d, 0x42, 0x0a, 0xd2, 0x3f, 0x02, 0x20, 0x01, 0xd2, 0x3f, 0x02, 0x28, 0x01, 0x52, 0x03, 0x64, + 0x65, 0x76, 0x12, 0x14, 0x0a, 0x05, 0x69, 0x6e, 0x6f, 0x64, 0x65, 0x18, 0x02, 0x20, 0x02, 0x28, + 0x04, 0x52, 0x05, 0x69, 0x6e, 0x6f, 0x64, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, + 0x18, 0x03, 0x20, 0x02, 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x2a, 0x21, 0x0a, 0x0e, + 0x66, 0x68, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x73, 0x12, 0x0f, + 0x0a, 0x0b, 0x6d, 0x69, 0x6e, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x69, 0x65, 0x73, 0x10, 0x10, } var ( @@ -256,9 +255,9 @@ func file_fh_proto_rawDescGZIP() []byte { var file_fh_proto_enumTypes = make([]protoimpl.EnumInfo, 1) var file_fh_proto_msgTypes = make([]protoimpl.MessageInfo, 2) var file_fh_proto_goTypes = []interface{}{ - (FhEntrySizes)(0), // 0: criu.fh_entry_sizes - (*FhEntry)(nil), // 1: criu.fh_entry - (*IrmapCacheEntry)(nil), // 2: criu.irmap_cache_entry + (FhEntrySizes)(0), // 0: fh_entry_sizes + (*FhEntry)(nil), // 1: fh_entry + (*IrmapCacheEntry)(nil), // 2: irmap_cache_entry } var file_fh_proto_depIdxs = []int32{ 0, // [0:0] is the sub-list for method output_type diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fh.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fh.proto index e579deb9f3a..7a2ce484bab 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fh.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fh.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; import "opts.proto"; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fifo.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fifo.pb.go index 10f1fb1d9ed..57dfd4faa10 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fifo.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fifo.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: fifo.proto package images @@ -88,13 +88,12 @@ func (x *FifoEntry) GetRegfId() uint32 { var File_fifo_proto protoreflect.FileDescriptor var file_fifo_proto_rawDesc = []byte{ - 0x0a, 0x0a, 0x66, 0x69, 0x66, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x63, 0x72, - 0x69, 0x75, 0x22, 0x4e, 0x0a, 0x0a, 0x66, 0x69, 0x66, 0x6f, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, - 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, - 0x12, 0x17, 0x0a, 0x07, 0x70, 0x69, 0x70, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x02, 0x28, - 0x0d, 0x52, 0x06, 0x70, 0x69, 0x70, 0x65, 0x49, 0x64, 0x12, 0x17, 0x0a, 0x07, 0x72, 0x65, 0x67, - 0x66, 0x5f, 0x69, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x06, 0x72, 0x65, 0x67, 0x66, - 0x49, 0x64, + 0x0a, 0x0a, 0x66, 0x69, 0x66, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x4e, 0x0a, 0x0a, + 0x66, 0x69, 0x66, 0x6f, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, + 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, 0x17, 0x0a, 0x07, 0x70, 0x69, + 0x70, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x06, 0x70, 0x69, 0x70, + 0x65, 0x49, 0x64, 0x12, 0x17, 0x0a, 0x07, 0x72, 0x65, 0x67, 0x66, 0x5f, 0x69, 0x64, 0x18, 0x03, + 0x20, 0x01, 0x28, 0x0d, 0x52, 0x06, 0x72, 0x65, 0x67, 0x66, 0x49, 0x64, } var ( @@ -111,7 +110,7 @@ func file_fifo_proto_rawDescGZIP() []byte { var file_fifo_proto_msgTypes = make([]protoimpl.MessageInfo, 1) var file_fifo_proto_goTypes = []interface{}{ - (*FifoEntry)(nil), // 0: criu.fifo_entry + (*FifoEntry)(nil), // 0: fifo_entry } var file_fifo_proto_depIdxs = []int32{ 0, // [0:0] is the sub-list for method output_type diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fifo.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fifo.proto index ef0411340b4..ae6f48162a7 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fifo.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fifo.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; message fifo_entry { required uint32 id = 1; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/file-lock.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/file-lock.pb.go index f2c08e174a5..29af237be8e 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/file-lock.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/file-lock.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: file-lock.proto package images @@ -113,15 +113,15 @@ var File_file_lock_proto protoreflect.FileDescriptor var file_file_lock_proto_rawDesc = []byte{ 0x0a, 0x0f, 0x66, 0x69, 0x6c, 0x65, 0x2d, 0x6c, 0x6f, 0x63, 0x6b, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x12, 0x04, 0x63, 0x72, 0x69, 0x75, 0x22, 0x83, 0x01, 0x0a, 0x0f, 0x66, 0x69, 0x6c, 0x65, - 0x5f, 0x6c, 0x6f, 0x63, 0x6b, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x66, - 0x6c, 0x61, 0x67, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x66, 0x6c, 0x61, 0x67, 0x12, - 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x74, - 0x79, 0x70, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x70, 0x69, 0x64, 0x18, 0x03, 0x20, 0x02, 0x28, 0x05, - 0x52, 0x03, 0x70, 0x69, 0x64, 0x12, 0x0e, 0x0a, 0x02, 0x66, 0x64, 0x18, 0x04, 0x20, 0x02, 0x28, - 0x05, 0x52, 0x02, 0x66, 0x64, 0x12, 0x14, 0x0a, 0x05, 0x73, 0x74, 0x61, 0x72, 0x74, 0x18, 0x05, - 0x20, 0x02, 0x28, 0x03, 0x52, 0x05, 0x73, 0x74, 0x61, 0x72, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x6c, - 0x65, 0x6e, 0x18, 0x06, 0x20, 0x02, 0x28, 0x03, 0x52, 0x03, 0x6c, 0x65, 0x6e, + 0x6f, 0x22, 0x83, 0x01, 0x0a, 0x0f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x6c, 0x6f, 0x63, 0x6b, 0x5f, + 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x66, 0x6c, 0x61, 0x67, 0x18, 0x01, 0x20, + 0x02, 0x28, 0x0d, 0x52, 0x04, 0x66, 0x6c, 0x61, 0x67, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, + 0x65, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x10, 0x0a, + 0x03, 0x70, 0x69, 0x64, 0x18, 0x03, 0x20, 0x02, 0x28, 0x05, 0x52, 0x03, 0x70, 0x69, 0x64, 0x12, + 0x0e, 0x0a, 0x02, 0x66, 0x64, 0x18, 0x04, 0x20, 0x02, 0x28, 0x05, 0x52, 0x02, 0x66, 0x64, 0x12, + 0x14, 0x0a, 0x05, 0x73, 0x74, 0x61, 0x72, 0x74, 0x18, 0x05, 0x20, 0x02, 0x28, 0x03, 0x52, 0x05, + 0x73, 0x74, 0x61, 0x72, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x6c, 0x65, 0x6e, 0x18, 0x06, 0x20, 0x02, + 0x28, 0x03, 0x52, 0x03, 0x6c, 0x65, 0x6e, } var ( @@ -138,7 +138,7 @@ func file_file_lock_proto_rawDescGZIP() []byte { var file_file_lock_proto_msgTypes = make([]protoimpl.MessageInfo, 1) var file_file_lock_proto_goTypes = []interface{}{ - (*FileLockEntry)(nil), // 0: criu.file_lock_entry + (*FileLockEntry)(nil), // 0: file_lock_entry } var file_file_lock_proto_depIdxs = []int32{ 0, // [0:0] is the sub-list for method output_type diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/file-lock.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/file-lock.proto index 559de28114a..dcf3d871ca7 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/file-lock.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/file-lock.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; message file_lock_entry { required uint32 flag = 1; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fown.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fown.pb.go index 07fe6cf3a45..94c4779c29b 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fown.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fown.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: fown.proto package images @@ -104,15 +104,15 @@ func (x *FownEntry) GetPid() uint32 { var File_fown_proto protoreflect.FileDescriptor var file_fown_proto_rawDesc = []byte{ - 0x0a, 0x0a, 0x66, 0x6f, 0x77, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x63, 0x72, - 0x69, 0x75, 0x22, 0x77, 0x0a, 0x0a, 0x66, 0x6f, 0x77, 0x6e, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, - 0x12, 0x10, 0x0a, 0x03, 0x75, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, 0x75, - 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x65, 0x75, 0x69, 0x64, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, - 0x52, 0x04, 0x65, 0x75, 0x69, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x69, 0x67, 0x6e, 0x75, 0x6d, - 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x06, 0x73, 0x69, 0x67, 0x6e, 0x75, 0x6d, 0x12, 0x19, - 0x0a, 0x08, 0x70, 0x69, 0x64, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, - 0x52, 0x07, 0x70, 0x69, 0x64, 0x54, 0x79, 0x70, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x70, 0x69, 0x64, - 0x18, 0x05, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, 0x70, 0x69, 0x64, + 0x0a, 0x0a, 0x66, 0x6f, 0x77, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x77, 0x0a, 0x0a, + 0x66, 0x6f, 0x77, 0x6e, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x69, + 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, 0x75, 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, + 0x65, 0x75, 0x69, 0x64, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x65, 0x75, 0x69, 0x64, + 0x12, 0x16, 0x0a, 0x06, 0x73, 0x69, 0x67, 0x6e, 0x75, 0x6d, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, + 0x52, 0x06, 0x73, 0x69, 0x67, 0x6e, 0x75, 0x6d, 0x12, 0x19, 0x0a, 0x08, 0x70, 0x69, 0x64, 0x5f, + 0x74, 0x79, 0x70, 0x65, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x70, 0x69, 0x64, 0x54, + 0x79, 0x70, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x70, 0x69, 0x64, 0x18, 0x05, 0x20, 0x02, 0x28, 0x0d, + 0x52, 0x03, 0x70, 0x69, 0x64, } var ( @@ -129,7 +129,7 @@ func file_fown_proto_rawDescGZIP() []byte { var file_fown_proto_msgTypes = make([]protoimpl.MessageInfo, 1) var file_fown_proto_goTypes = []interface{}{ - (*FownEntry)(nil), // 0: criu.fown_entry + (*FownEntry)(nil), // 0: fown_entry } var file_fown_proto_depIdxs = []int32{ 0, // [0:0] is the sub-list for method output_type diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fown.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fown.proto index d867f5f6a8c..b2e20b6572a 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fown.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fown.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; message fown_entry { required uint32 uid = 1; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fs.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fs.pb.go index 3abdcc65118..06e2f32e07c 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fs.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fs.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: fs.proto package images @@ -88,13 +88,12 @@ func (x *FsEntry) GetUmask() uint32 { var File_fs_proto protoreflect.FileDescriptor var file_fs_proto_rawDesc = []byte{ - 0x0a, 0x08, 0x66, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x63, 0x72, 0x69, 0x75, - 0x22, 0x50, 0x0a, 0x08, 0x66, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x15, 0x0a, 0x06, - 0x63, 0x77, 0x64, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x63, 0x77, - 0x64, 0x49, 0x64, 0x12, 0x17, 0x0a, 0x07, 0x72, 0x6f, 0x6f, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x02, - 0x20, 0x02, 0x28, 0x0d, 0x52, 0x06, 0x72, 0x6f, 0x6f, 0x74, 0x49, 0x64, 0x12, 0x14, 0x0a, 0x05, - 0x75, 0x6d, 0x61, 0x73, 0x6b, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x05, 0x75, 0x6d, 0x61, - 0x73, 0x6b, + 0x0a, 0x08, 0x66, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x50, 0x0a, 0x08, 0x66, 0x73, + 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x15, 0x0a, 0x06, 0x63, 0x77, 0x64, 0x5f, 0x69, 0x64, + 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x63, 0x77, 0x64, 0x49, 0x64, 0x12, 0x17, 0x0a, + 0x07, 0x72, 0x6f, 0x6f, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x06, + 0x72, 0x6f, 0x6f, 0x74, 0x49, 0x64, 0x12, 0x14, 0x0a, 0x05, 0x75, 0x6d, 0x61, 0x73, 0x6b, 0x18, + 0x03, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x05, 0x75, 0x6d, 0x61, 0x73, 0x6b, } var ( @@ -111,7 +110,7 @@ func file_fs_proto_rawDescGZIP() []byte { var file_fs_proto_msgTypes = make([]protoimpl.MessageInfo, 1) var file_fs_proto_goTypes = []interface{}{ - (*FsEntry)(nil), // 0: criu.fs_entry + (*FsEntry)(nil), // 0: fs_entry } var file_fs_proto_depIdxs = []int32{ 0, // [0:0] is the sub-list for method output_type diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fs.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fs.proto index e4c483feced..158501ac9d3 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fs.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fs.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; message fs_entry { required uint32 cwd_id = 1; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fsnotify.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fsnotify.pb.go index 5d96c65b8f4..8200687bbd3 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fsnotify.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fsnotify.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: fsnotify.proto package images @@ -360,7 +360,7 @@ type FanotifyMarkEntry struct { unknownFields protoimpl.UnknownFields Id *uint32 `protobuf:"varint,1,req,name=id" json:"id,omitempty"` - Type *MarkType `protobuf:"varint,2,req,name=type,enum=criu.MarkType" json:"type,omitempty"` + Type *MarkType `protobuf:"varint,2,req,name=type,enum=MarkType" json:"type,omitempty"` Mflags *uint32 `protobuf:"varint,3,req,name=mflags" json:"mflags,omitempty"` Mask *uint32 `protobuf:"varint,4,req,name=mask" json:"mask,omitempty"` IgnoredMask *uint32 `protobuf:"varint,5,req,name=ignored_mask,json=ignoredMask" json:"ignored_mask,omitempty"` @@ -548,77 +548,73 @@ var File_fsnotify_proto protoreflect.FileDescriptor var file_fsnotify_proto_rawDesc = []byte{ 0x0a, 0x0e, 0x66, 0x73, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x12, 0x04, 0x63, 0x72, 0x69, 0x75, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x1a, 0x08, 0x66, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x66, 0x6f, - 0x77, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xd3, 0x01, 0x0a, 0x10, 0x69, 0x6e, 0x6f, - 0x74, 0x69, 0x66, 0x79, 0x5f, 0x77, 0x64, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, - 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, 0x13, 0x0a, - 0x05, 0x69, 0x5f, 0x69, 0x6e, 0x6f, 0x18, 0x02, 0x20, 0x02, 0x28, 0x04, 0x52, 0x04, 0x69, 0x49, - 0x6e, 0x6f, 0x12, 0x19, 0x0a, 0x04, 0x6d, 0x61, 0x73, 0x6b, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, + 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x08, 0x66, 0x68, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x66, 0x6f, 0x77, 0x6e, 0x2e, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x22, 0xce, 0x01, 0x0a, 0x10, 0x69, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x5f, 0x77, + 0x64, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, + 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, 0x13, 0x0a, 0x05, 0x69, 0x5f, 0x69, 0x6e, 0x6f, + 0x18, 0x02, 0x20, 0x02, 0x28, 0x04, 0x52, 0x04, 0x69, 0x49, 0x6e, 0x6f, 0x12, 0x19, 0x0a, 0x04, + 0x6d, 0x61, 0x73, 0x6b, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, + 0x01, 0x52, 0x04, 0x6d, 0x61, 0x73, 0x6b, 0x12, 0x28, 0x0a, 0x0c, 0x69, 0x67, 0x6e, 0x6f, 0x72, + 0x65, 0x64, 0x5f, 0x6d, 0x61, 0x73, 0x6b, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x05, 0xd2, + 0x3f, 0x02, 0x08, 0x01, 0x52, 0x0b, 0x69, 0x67, 0x6e, 0x6f, 0x72, 0x65, 0x64, 0x4d, 0x61, 0x73, + 0x6b, 0x12, 0x1a, 0x0a, 0x05, 0x73, 0x5f, 0x64, 0x65, 0x76, 0x18, 0x05, 0x20, 0x02, 0x28, 0x0d, + 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x20, 0x01, 0x52, 0x04, 0x73, 0x44, 0x65, 0x76, 0x12, 0x0e, 0x0a, + 0x02, 0x77, 0x64, 0x18, 0x06, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x77, 0x64, 0x12, 0x24, 0x0a, + 0x08, 0x66, 0x5f, 0x68, 0x61, 0x6e, 0x64, 0x6c, 0x65, 0x18, 0x07, 0x20, 0x02, 0x28, 0x0b, 0x32, + 0x09, 0x2e, 0x66, 0x68, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x66, 0x48, 0x61, 0x6e, + 0x64, 0x6c, 0x65, 0x22, 0x85, 0x01, 0x0a, 0x12, 0x69, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x5f, + 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, + 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, 0x1b, 0x0a, 0x05, 0x66, 0x6c, + 0x61, 0x67, 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, + 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x1f, 0x0a, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x18, + 0x04, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x0b, 0x2e, 0x66, 0x6f, 0x77, 0x6e, 0x5f, 0x65, 0x6e, 0x74, + 0x72, 0x79, 0x52, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x12, 0x21, 0x0a, 0x02, 0x77, 0x64, 0x18, 0x05, + 0x20, 0x03, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x69, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x5f, 0x77, + 0x64, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x02, 0x77, 0x64, 0x22, 0x56, 0x0a, 0x19, 0x66, + 0x61, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x5f, 0x69, 0x6e, 0x6f, 0x64, 0x65, 0x5f, 0x6d, 0x61, + 0x72, 0x6b, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x13, 0x0a, 0x05, 0x69, 0x5f, 0x69, 0x6e, + 0x6f, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x52, 0x04, 0x69, 0x49, 0x6e, 0x6f, 0x12, 0x24, 0x0a, + 0x08, 0x66, 0x5f, 0x68, 0x61, 0x6e, 0x64, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0b, 0x32, + 0x09, 0x2e, 0x66, 0x68, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x66, 0x48, 0x61, 0x6e, + 0x64, 0x6c, 0x65, 0x22, 0x46, 0x0a, 0x19, 0x66, 0x61, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x5f, + 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x6d, 0x61, 0x72, 0x6b, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, + 0x12, 0x15, 0x0a, 0x06, 0x6d, 0x6e, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, + 0x52, 0x05, 0x6d, 0x6e, 0x74, 0x49, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x22, 0x9d, 0x02, 0x0a, 0x13, + 0x66, 0x61, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x5f, 0x6d, 0x61, 0x72, 0x6b, 0x5f, 0x65, 0x6e, + 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, + 0x02, 0x69, 0x64, 0x12, 0x1e, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x02, 0x28, + 0x0e, 0x32, 0x0a, 0x2e, 0x6d, 0x61, 0x72, 0x6b, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, + 0x79, 0x70, 0x65, 0x12, 0x1d, 0x0a, 0x06, 0x6d, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x03, 0x20, + 0x02, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x06, 0x6d, 0x66, 0x6c, 0x61, + 0x67, 0x73, 0x12, 0x19, 0x0a, 0x04, 0x6d, 0x61, 0x73, 0x6b, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x04, 0x6d, 0x61, 0x73, 0x6b, 0x12, 0x28, 0x0a, - 0x0c, 0x69, 0x67, 0x6e, 0x6f, 0x72, 0x65, 0x64, 0x5f, 0x6d, 0x61, 0x73, 0x6b, 0x18, 0x04, 0x20, + 0x0c, 0x69, 0x67, 0x6e, 0x6f, 0x72, 0x65, 0x64, 0x5f, 0x6d, 0x61, 0x73, 0x6b, 0x18, 0x05, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x0b, 0x69, 0x67, 0x6e, 0x6f, 0x72, 0x65, 0x64, 0x4d, 0x61, 0x73, 0x6b, 0x12, 0x1a, 0x0a, 0x05, 0x73, 0x5f, 0x64, 0x65, 0x76, - 0x18, 0x05, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x20, 0x01, 0x52, 0x04, 0x73, - 0x44, 0x65, 0x76, 0x12, 0x0e, 0x0a, 0x02, 0x77, 0x64, 0x18, 0x06, 0x20, 0x02, 0x28, 0x0d, 0x52, - 0x02, 0x77, 0x64, 0x12, 0x29, 0x0a, 0x08, 0x66, 0x5f, 0x68, 0x61, 0x6e, 0x64, 0x6c, 0x65, 0x18, - 0x07, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x66, 0x68, 0x5f, - 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x66, 0x48, 0x61, 0x6e, 0x64, 0x6c, 0x65, 0x22, 0x8f, - 0x01, 0x0a, 0x12, 0x69, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, - 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, - 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, 0x1b, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x02, - 0x20, 0x02, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x05, 0x66, 0x6c, 0x61, - 0x67, 0x73, 0x12, 0x24, 0x0a, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0b, - 0x32, 0x10, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x66, 0x6f, 0x77, 0x6e, 0x5f, 0x65, 0x6e, 0x74, - 0x72, 0x79, 0x52, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x12, 0x26, 0x0a, 0x02, 0x77, 0x64, 0x18, 0x05, - 0x20, 0x03, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x69, 0x6e, 0x6f, 0x74, - 0x69, 0x66, 0x79, 0x5f, 0x77, 0x64, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x02, 0x77, 0x64, - 0x22, 0x5b, 0x0a, 0x19, 0x66, 0x61, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x5f, 0x69, 0x6e, 0x6f, - 0x64, 0x65, 0x5f, 0x6d, 0x61, 0x72, 0x6b, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x13, 0x0a, - 0x05, 0x69, 0x5f, 0x69, 0x6e, 0x6f, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x52, 0x04, 0x69, 0x49, - 0x6e, 0x6f, 0x12, 0x29, 0x0a, 0x08, 0x66, 0x5f, 0x68, 0x61, 0x6e, 0x64, 0x6c, 0x65, 0x18, 0x02, - 0x20, 0x02, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x66, 0x68, 0x5f, 0x65, - 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x66, 0x48, 0x61, 0x6e, 0x64, 0x6c, 0x65, 0x22, 0x46, 0x0a, - 0x19, 0x66, 0x61, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x5f, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x5f, - 0x6d, 0x61, 0x72, 0x6b, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x15, 0x0a, 0x06, 0x6d, 0x6e, - 0x74, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x6d, 0x6e, 0x74, 0x49, - 0x64, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x04, 0x70, 0x61, 0x74, 0x68, 0x22, 0xac, 0x02, 0x0a, 0x13, 0x66, 0x61, 0x6e, 0x6f, 0x74, 0x69, - 0x66, 0x79, 0x5f, 0x6d, 0x61, 0x72, 0x6b, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, - 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, 0x23, 0x0a, - 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0e, 0x32, 0x0f, 0x2e, 0x63, 0x72, - 0x69, 0x75, 0x2e, 0x6d, 0x61, 0x72, 0x6b, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, - 0x70, 0x65, 0x12, 0x1d, 0x0a, 0x06, 0x6d, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x03, 0x20, 0x02, - 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x06, 0x6d, 0x66, 0x6c, 0x61, 0x67, - 0x73, 0x12, 0x19, 0x0a, 0x04, 0x6d, 0x61, 0x73, 0x6b, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x42, - 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x04, 0x6d, 0x61, 0x73, 0x6b, 0x12, 0x28, 0x0a, 0x0c, - 0x69, 0x67, 0x6e, 0x6f, 0x72, 0x65, 0x64, 0x5f, 0x6d, 0x61, 0x73, 0x6b, 0x18, 0x05, 0x20, 0x02, - 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x0b, 0x69, 0x67, 0x6e, 0x6f, 0x72, - 0x65, 0x64, 0x4d, 0x61, 0x73, 0x6b, 0x12, 0x1a, 0x0a, 0x05, 0x73, 0x5f, 0x64, 0x65, 0x76, 0x18, - 0x06, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x20, 0x01, 0x52, 0x04, 0x73, 0x44, - 0x65, 0x76, 0x12, 0x2f, 0x0a, 0x02, 0x69, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, - 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x66, 0x61, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x5f, 0x69, - 0x6e, 0x6f, 0x64, 0x65, 0x5f, 0x6d, 0x61, 0x72, 0x6b, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, - 0x02, 0x69, 0x65, 0x12, 0x2f, 0x0a, 0x02, 0x6d, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x1f, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x66, 0x61, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x5f, - 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x6d, 0x61, 0x72, 0x6b, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, - 0x52, 0x02, 0x6d, 0x65, 0x22, 0xd9, 0x01, 0x0a, 0x13, 0x66, 0x61, 0x6e, 0x6f, 0x74, 0x69, 0x66, - 0x79, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, - 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, 0x1b, 0x0a, 0x05, - 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, - 0x08, 0x01, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x24, 0x0a, 0x04, 0x66, 0x6f, 0x77, - 0x6e, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x66, - 0x6f, 0x77, 0x6e, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x12, - 0x1f, 0x0a, 0x07, 0x66, 0x61, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, - 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x07, 0x66, 0x61, 0x66, 0x6c, 0x61, 0x67, 0x73, - 0x12, 0x1f, 0x0a, 0x07, 0x65, 0x76, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x05, 0x20, 0x02, 0x28, - 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x07, 0x65, 0x76, 0x66, 0x6c, 0x61, 0x67, - 0x73, 0x12, 0x2d, 0x0a, 0x04, 0x6d, 0x61, 0x72, 0x6b, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, - 0x19, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x66, 0x61, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x5f, - 0x6d, 0x61, 0x72, 0x6b, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x6d, 0x61, 0x72, 0x6b, - 0x2a, 0x21, 0x0a, 0x09, 0x6d, 0x61, 0x72, 0x6b, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x12, 0x09, 0x0a, - 0x05, 0x49, 0x4e, 0x4f, 0x44, 0x45, 0x10, 0x01, 0x12, 0x09, 0x0a, 0x05, 0x4d, 0x4f, 0x55, 0x4e, - 0x54, 0x10, 0x02, + 0x18, 0x06, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x20, 0x01, 0x52, 0x04, 0x73, + 0x44, 0x65, 0x76, 0x12, 0x2a, 0x0a, 0x02, 0x69, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x1a, 0x2e, 0x66, 0x61, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x5f, 0x69, 0x6e, 0x6f, 0x64, 0x65, + 0x5f, 0x6d, 0x61, 0x72, 0x6b, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x02, 0x69, 0x65, 0x12, + 0x2a, 0x0a, 0x02, 0x6d, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x66, 0x61, + 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x5f, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x6d, 0x61, 0x72, + 0x6b, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x02, 0x6d, 0x65, 0x22, 0xcf, 0x01, 0x0a, 0x13, + 0x66, 0x61, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, 0x6e, + 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, + 0x02, 0x69, 0x64, 0x12, 0x1b, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x02, 0x20, 0x02, + 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, + 0x12, 0x1f, 0x0a, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x0b, + 0x2e, 0x66, 0x6f, 0x77, 0x6e, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x66, 0x6f, 0x77, + 0x6e, 0x12, 0x1f, 0x0a, 0x07, 0x66, 0x61, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x04, 0x20, 0x02, + 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x07, 0x66, 0x61, 0x66, 0x6c, 0x61, + 0x67, 0x73, 0x12, 0x1f, 0x0a, 0x07, 0x65, 0x76, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x05, 0x20, + 0x02, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x07, 0x65, 0x76, 0x66, 0x6c, + 0x61, 0x67, 0x73, 0x12, 0x28, 0x0a, 0x04, 0x6d, 0x61, 0x72, 0x6b, 0x18, 0x06, 0x20, 0x03, 0x28, + 0x0b, 0x32, 0x14, 0x2e, 0x66, 0x61, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x5f, 0x6d, 0x61, 0x72, + 0x6b, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x6d, 0x61, 0x72, 0x6b, 0x2a, 0x21, 0x0a, + 0x09, 0x6d, 0x61, 0x72, 0x6b, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x12, 0x09, 0x0a, 0x05, 0x49, 0x4e, + 0x4f, 0x44, 0x45, 0x10, 0x01, 0x12, 0x09, 0x0a, 0x05, 0x4d, 0x4f, 0x55, 0x4e, 0x54, 0x10, 0x02, } var ( @@ -636,26 +632,26 @@ func file_fsnotify_proto_rawDescGZIP() []byte { var file_fsnotify_proto_enumTypes = make([]protoimpl.EnumInfo, 1) var file_fsnotify_proto_msgTypes = make([]protoimpl.MessageInfo, 6) var file_fsnotify_proto_goTypes = []interface{}{ - (MarkType)(0), // 0: criu.mark_type - (*InotifyWdEntry)(nil), // 1: criu.inotify_wd_entry - (*InotifyFileEntry)(nil), // 2: criu.inotify_file_entry - (*FanotifyInodeMarkEntry)(nil), // 3: criu.fanotify_inode_mark_entry - (*FanotifyMountMarkEntry)(nil), // 4: criu.fanotify_mount_mark_entry - (*FanotifyMarkEntry)(nil), // 5: criu.fanotify_mark_entry - (*FanotifyFileEntry)(nil), // 6: criu.fanotify_file_entry - (*FhEntry)(nil), // 7: criu.fh_entry - (*FownEntry)(nil), // 8: criu.fown_entry + (MarkType)(0), // 0: mark_type + (*InotifyWdEntry)(nil), // 1: inotify_wd_entry + (*InotifyFileEntry)(nil), // 2: inotify_file_entry + (*FanotifyInodeMarkEntry)(nil), // 3: fanotify_inode_mark_entry + (*FanotifyMountMarkEntry)(nil), // 4: fanotify_mount_mark_entry + (*FanotifyMarkEntry)(nil), // 5: fanotify_mark_entry + (*FanotifyFileEntry)(nil), // 6: fanotify_file_entry + (*FhEntry)(nil), // 7: fh_entry + (*FownEntry)(nil), // 8: fown_entry } var file_fsnotify_proto_depIdxs = []int32{ - 7, // 0: criu.inotify_wd_entry.f_handle:type_name -> criu.fh_entry - 8, // 1: criu.inotify_file_entry.fown:type_name -> criu.fown_entry - 1, // 2: criu.inotify_file_entry.wd:type_name -> criu.inotify_wd_entry - 7, // 3: criu.fanotify_inode_mark_entry.f_handle:type_name -> criu.fh_entry - 0, // 4: criu.fanotify_mark_entry.type:type_name -> criu.mark_type - 3, // 5: criu.fanotify_mark_entry.ie:type_name -> criu.fanotify_inode_mark_entry - 4, // 6: criu.fanotify_mark_entry.me:type_name -> criu.fanotify_mount_mark_entry - 8, // 7: criu.fanotify_file_entry.fown:type_name -> criu.fown_entry - 5, // 8: criu.fanotify_file_entry.mark:type_name -> criu.fanotify_mark_entry + 7, // 0: inotify_wd_entry.f_handle:type_name -> fh_entry + 8, // 1: inotify_file_entry.fown:type_name -> fown_entry + 1, // 2: inotify_file_entry.wd:type_name -> inotify_wd_entry + 7, // 3: fanotify_inode_mark_entry.f_handle:type_name -> fh_entry + 0, // 4: fanotify_mark_entry.type:type_name -> mark_type + 3, // 5: fanotify_mark_entry.ie:type_name -> fanotify_inode_mark_entry + 4, // 6: fanotify_mark_entry.me:type_name -> fanotify_mount_mark_entry + 8, // 7: fanotify_file_entry.fown:type_name -> fown_entry + 5, // 8: fanotify_file_entry.mark:type_name -> fanotify_mark_entry 9, // [9:9] is the sub-list for method output_type 9, // [9:9] is the sub-list for method input_type 9, // [9:9] is the sub-list for extension type_name diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fsnotify.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fsnotify.proto index 412ee49b856..df6a667f86d 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fsnotify.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fsnotify.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; import "opts.proto"; import "fh.proto"; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ghost-file.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ghost-file.pb.go index b9f94290bfb..f4c198caa5d 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ghost-file.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ghost-file.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: ghost-file.proto package images @@ -209,21 +209,20 @@ var File_ghost_file_proto protoreflect.FileDescriptor var file_ghost_file_proto_rawDesc = []byte{ 0x0a, 0x10, 0x67, 0x68, 0x6f, 0x73, 0x74, 0x2d, 0x66, 0x69, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x12, 0x04, 0x63, 0x72, 0x69, 0x75, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x74, 0x69, 0x6d, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x22, 0xac, 0x02, 0x0a, 0x10, 0x67, 0x68, 0x6f, 0x73, 0x74, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, - 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, - 0x28, 0x0d, 0x52, 0x03, 0x75, 0x69, 0x64, 0x12, 0x10, 0x0a, 0x03, 0x67, 0x69, 0x64, 0x18, 0x02, - 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, 0x67, 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x6d, 0x6f, 0x64, - 0x65, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x17, 0x0a, - 0x03, 0x64, 0x65, 0x76, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x20, - 0x01, 0x52, 0x03, 0x64, 0x65, 0x76, 0x12, 0x10, 0x0a, 0x03, 0x69, 0x6e, 0x6f, 0x18, 0x05, 0x20, - 0x01, 0x28, 0x04, 0x52, 0x03, 0x69, 0x6e, 0x6f, 0x12, 0x1e, 0x0a, 0x04, 0x72, 0x64, 0x65, 0x76, - 0x18, 0x06, 0x20, 0x01, 0x28, 0x0d, 0x42, 0x0a, 0xd2, 0x3f, 0x02, 0x20, 0x01, 0xd2, 0x3f, 0x02, - 0x28, 0x01, 0x52, 0x04, 0x72, 0x64, 0x65, 0x76, 0x12, 0x21, 0x0a, 0x04, 0x61, 0x74, 0x69, 0x6d, - 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0d, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x74, 0x69, - 0x6d, 0x65, 0x76, 0x61, 0x6c, 0x52, 0x04, 0x61, 0x74, 0x69, 0x6d, 0x12, 0x21, 0x0a, 0x04, 0x6d, - 0x74, 0x69, 0x6d, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0d, 0x2e, 0x63, 0x72, 0x69, 0x75, + 0x74, 0x6f, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, + 0x74, 0x69, 0x6d, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xa2, 0x02, 0x0a, 0x10, 0x67, + 0x68, 0x6f, 0x73, 0x74, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, + 0x10, 0x0a, 0x03, 0x75, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, 0x75, 0x69, + 0x64, 0x12, 0x10, 0x0a, 0x03, 0x67, 0x69, 0x64, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, + 0x67, 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x03, 0x20, 0x02, 0x28, + 0x0d, 0x52, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x17, 0x0a, 0x03, 0x64, 0x65, 0x76, 0x18, 0x04, + 0x20, 0x01, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x20, 0x01, 0x52, 0x03, 0x64, 0x65, 0x76, + 0x12, 0x10, 0x0a, 0x03, 0x69, 0x6e, 0x6f, 0x18, 0x05, 0x20, 0x01, 0x28, 0x04, 0x52, 0x03, 0x69, + 0x6e, 0x6f, 0x12, 0x1e, 0x0a, 0x04, 0x72, 0x64, 0x65, 0x76, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0d, + 0x42, 0x0a, 0xd2, 0x3f, 0x02, 0x20, 0x01, 0xd2, 0x3f, 0x02, 0x28, 0x01, 0x52, 0x04, 0x72, 0x64, + 0x65, 0x76, 0x12, 0x1c, 0x0a, 0x04, 0x61, 0x74, 0x69, 0x6d, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x08, 0x2e, 0x74, 0x69, 0x6d, 0x65, 0x76, 0x61, 0x6c, 0x52, 0x04, 0x61, 0x74, 0x69, 0x6d, + 0x12, 0x1c, 0x0a, 0x04, 0x6d, 0x74, 0x69, 0x6d, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x08, 0x2e, 0x74, 0x69, 0x6d, 0x65, 0x76, 0x61, 0x6c, 0x52, 0x04, 0x6d, 0x74, 0x69, 0x6d, 0x12, 0x16, 0x0a, 0x06, 0x63, 0x68, 0x75, 0x6e, 0x6b, 0x73, 0x18, 0x09, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06, 0x63, 0x68, 0x75, 0x6e, 0x6b, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x0a, @@ -250,13 +249,13 @@ func file_ghost_file_proto_rawDescGZIP() []byte { var file_ghost_file_proto_msgTypes = make([]protoimpl.MessageInfo, 2) var file_ghost_file_proto_goTypes = []interface{}{ - (*GhostFileEntry)(nil), // 0: criu.ghost_file_entry - (*GhostChunkEntry)(nil), // 1: criu.ghost_chunk_entry - (*Timeval)(nil), // 2: criu.timeval + (*GhostFileEntry)(nil), // 0: ghost_file_entry + (*GhostChunkEntry)(nil), // 1: ghost_chunk_entry + (*Timeval)(nil), // 2: timeval } var file_ghost_file_proto_depIdxs = []int32{ - 2, // 0: criu.ghost_file_entry.atim:type_name -> criu.timeval - 2, // 1: criu.ghost_file_entry.mtim:type_name -> criu.timeval + 2, // 0: ghost_file_entry.atim:type_name -> timeval + 2, // 1: ghost_file_entry.mtim:type_name -> timeval 2, // [2:2] is the sub-list for method output_type 2, // [2:2] is the sub-list for method input_type 2, // [2:2] is the sub-list for extension type_name diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ghost-file.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ghost-file.proto index 495be12d380..9ecee41d244 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ghost-file.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ghost-file.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; import "opts.proto"; import "time.proto"; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/img-streamer.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/img-streamer.pb.go index 317e8caea42..8f94a1b5c53 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/img-streamer.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/img-streamer.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: img-streamer.proto package images @@ -127,14 +127,14 @@ var File_img_streamer_proto protoreflect.FileDescriptor var file_img_streamer_proto_rawDesc = []byte{ 0x0a, 0x12, 0x69, 0x6d, 0x67, 0x2d, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x65, 0x72, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x63, 0x72, 0x69, 0x75, 0x22, 0x38, 0x0a, 0x1a, 0x69, 0x6d, - 0x67, 0x5f, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x65, 0x72, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, - 0x73, 0x74, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x1a, 0x0a, 0x08, 0x66, 0x69, 0x6c, 0x65, - 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x09, 0x52, 0x08, 0x66, 0x69, 0x6c, 0x65, - 0x6e, 0x61, 0x6d, 0x65, 0x22, 0x32, 0x0a, 0x18, 0x69, 0x6d, 0x67, 0x5f, 0x73, 0x74, 0x72, 0x65, - 0x61, 0x6d, 0x65, 0x72, 0x5f, 0x72, 0x65, 0x70, 0x6c, 0x79, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, - 0x12, 0x16, 0x0a, 0x06, 0x65, 0x78, 0x69, 0x73, 0x74, 0x73, 0x18, 0x01, 0x20, 0x02, 0x28, 0x08, - 0x52, 0x06, 0x65, 0x78, 0x69, 0x73, 0x74, 0x73, + 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x38, 0x0a, 0x1a, 0x69, 0x6d, 0x67, 0x5f, 0x73, 0x74, 0x72, 0x65, + 0x61, 0x6d, 0x65, 0x72, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x5f, 0x65, 0x6e, 0x74, + 0x72, 0x79, 0x12, 0x1a, 0x0a, 0x08, 0x66, 0x69, 0x6c, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, + 0x20, 0x02, 0x28, 0x09, 0x52, 0x08, 0x66, 0x69, 0x6c, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x22, 0x32, + 0x0a, 0x18, 0x69, 0x6d, 0x67, 0x5f, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x65, 0x72, 0x5f, 0x72, + 0x65, 0x70, 0x6c, 0x79, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x16, 0x0a, 0x06, 0x65, 0x78, + 0x69, 0x73, 0x74, 0x73, 0x18, 0x01, 0x20, 0x02, 0x28, 0x08, 0x52, 0x06, 0x65, 0x78, 0x69, 0x73, + 0x74, 0x73, } var ( @@ -151,8 +151,8 @@ func file_img_streamer_proto_rawDescGZIP() []byte { var file_img_streamer_proto_msgTypes = make([]protoimpl.MessageInfo, 2) var file_img_streamer_proto_goTypes = []interface{}{ - (*ImgStreamerRequestEntry)(nil), // 0: criu.img_streamer_request_entry - (*ImgStreamerReplyEntry)(nil), // 1: criu.img_streamer_reply_entry + (*ImgStreamerRequestEntry)(nil), // 0: img_streamer_request_entry + (*ImgStreamerReplyEntry)(nil), // 1: img_streamer_reply_entry } var file_img_streamer_proto_depIdxs = []int32{ 0, // [0:0] is the sub-list for method output_type diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/img-streamer.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/img-streamer.proto index 0a1cfb1f190..48a3a93b0e2 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/img-streamer.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/img-streamer.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; // This message is sent from CRIU to the streamer. // * During dump, it communicates the name of the file that is about to be sent diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/inventory.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/inventory.pb.go index 931363d8bf0..872e6d3bfe8 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/inventory.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/inventory.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: inventory.proto package images @@ -91,7 +91,7 @@ type InventoryEntry struct { RootIds *TaskKobjIdsEntry `protobuf:"bytes,3,opt,name=root_ids,json=rootIds" json:"root_ids,omitempty"` NsPerId *bool `protobuf:"varint,4,opt,name=ns_per_id,json=nsPerId" json:"ns_per_id,omitempty"` RootCgSet *uint32 `protobuf:"varint,5,opt,name=root_cg_set,json=rootCgSet" json:"root_cg_set,omitempty"` - Lsmtype *Lsmtype `protobuf:"varint,6,opt,name=lsmtype,enum=criu.Lsmtype" json:"lsmtype,omitempty"` + Lsmtype *Lsmtype `protobuf:"varint,6,opt,name=lsmtype,enum=Lsmtype" json:"lsmtype,omitempty"` DumpUptime *uint64 `protobuf:"varint,8,opt,name=dump_uptime,json=dumpUptime" json:"dump_uptime,omitempty"` PreDumpMode *uint32 `protobuf:"varint,9,opt,name=pre_dump_mode,json=preDumpMode" json:"pre_dump_mode,omitempty"` TcpClose *bool `protobuf:"varint,10,opt,name=tcp_close,json=tcpClose" json:"tcp_close,omitempty"` @@ -204,35 +204,34 @@ var File_inventory_proto protoreflect.FileDescriptor var file_inventory_proto_rawDesc = []byte{ 0x0a, 0x0f, 0x69, 0x6e, 0x76, 0x65, 0x6e, 0x74, 0x6f, 0x72, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x12, 0x04, 0x63, 0x72, 0x69, 0x75, 0x1a, 0x0a, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x22, 0x83, 0x03, 0x0a, 0x0f, 0x69, 0x6e, 0x76, 0x65, 0x6e, 0x74, 0x6f, 0x72, - 0x79, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x1f, 0x0a, 0x0b, 0x69, 0x6d, 0x67, 0x5f, 0x76, - 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x0a, 0x69, 0x6d, - 0x67, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x22, 0x0a, 0x0d, 0x66, 0x64, 0x69, 0x6e, - 0x66, 0x6f, 0x5f, 0x70, 0x65, 0x72, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, - 0x0b, 0x66, 0x64, 0x69, 0x6e, 0x66, 0x6f, 0x50, 0x65, 0x72, 0x49, 0x64, 0x12, 0x34, 0x0a, 0x08, - 0x72, 0x6f, 0x6f, 0x74, 0x5f, 0x69, 0x64, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, - 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x74, 0x61, 0x73, 0x6b, 0x5f, 0x6b, 0x6f, 0x62, 0x6a, 0x5f, - 0x69, 0x64, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x72, 0x6f, 0x6f, 0x74, 0x49, - 0x64, 0x73, 0x12, 0x1a, 0x0a, 0x09, 0x6e, 0x73, 0x5f, 0x70, 0x65, 0x72, 0x5f, 0x69, 0x64, 0x18, - 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x6e, 0x73, 0x50, 0x65, 0x72, 0x49, 0x64, 0x12, 0x1e, - 0x0a, 0x0b, 0x72, 0x6f, 0x6f, 0x74, 0x5f, 0x63, 0x67, 0x5f, 0x73, 0x65, 0x74, 0x18, 0x05, 0x20, - 0x01, 0x28, 0x0d, 0x52, 0x09, 0x72, 0x6f, 0x6f, 0x74, 0x43, 0x67, 0x53, 0x65, 0x74, 0x12, 0x27, - 0x0a, 0x07, 0x6c, 0x73, 0x6d, 0x74, 0x79, 0x70, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0e, 0x32, - 0x0d, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x6c, 0x73, 0x6d, 0x74, 0x79, 0x70, 0x65, 0x52, 0x07, - 0x6c, 0x73, 0x6d, 0x74, 0x79, 0x70, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x64, 0x75, 0x6d, 0x70, 0x5f, - 0x75, 0x70, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0a, 0x64, 0x75, - 0x6d, 0x70, 0x55, 0x70, 0x74, 0x69, 0x6d, 0x65, 0x12, 0x22, 0x0a, 0x0d, 0x70, 0x72, 0x65, 0x5f, - 0x64, 0x75, 0x6d, 0x70, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0d, 0x52, - 0x0b, 0x70, 0x72, 0x65, 0x44, 0x75, 0x6d, 0x70, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x1b, 0x0a, 0x09, - 0x74, 0x63, 0x70, 0x5f, 0x63, 0x6c, 0x6f, 0x73, 0x65, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x08, 0x52, - 0x08, 0x74, 0x63, 0x70, 0x43, 0x6c, 0x6f, 0x73, 0x65, 0x12, 0x2e, 0x0a, 0x13, 0x6e, 0x65, 0x74, - 0x77, 0x6f, 0x72, 0x6b, 0x5f, 0x6c, 0x6f, 0x63, 0x6b, 0x5f, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, - 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x11, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x4c, - 0x6f, 0x63, 0x6b, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x2a, 0x30, 0x0a, 0x07, 0x6c, 0x73, 0x6d, - 0x74, 0x79, 0x70, 0x65, 0x12, 0x0a, 0x0a, 0x06, 0x4e, 0x4f, 0x5f, 0x4c, 0x53, 0x4d, 0x10, 0x00, - 0x12, 0x0b, 0x0a, 0x07, 0x53, 0x45, 0x4c, 0x49, 0x4e, 0x55, 0x58, 0x10, 0x01, 0x12, 0x0c, 0x0a, - 0x08, 0x41, 0x50, 0x50, 0x41, 0x52, 0x4d, 0x4f, 0x52, 0x10, 0x02, + 0x6f, 0x1a, 0x0f, 0x63, 0x72, 0x69, 0x75, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x22, 0xf9, 0x02, 0x0a, 0x0f, 0x69, 0x6e, 0x76, 0x65, 0x6e, 0x74, 0x6f, 0x72, 0x79, + 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x1f, 0x0a, 0x0b, 0x69, 0x6d, 0x67, 0x5f, 0x76, 0x65, + 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x0a, 0x69, 0x6d, 0x67, + 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x22, 0x0a, 0x0d, 0x66, 0x64, 0x69, 0x6e, 0x66, + 0x6f, 0x5f, 0x70, 0x65, 0x72, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0b, + 0x66, 0x64, 0x69, 0x6e, 0x66, 0x6f, 0x50, 0x65, 0x72, 0x49, 0x64, 0x12, 0x2f, 0x0a, 0x08, 0x72, + 0x6f, 0x6f, 0x74, 0x5f, 0x69, 0x64, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, + 0x74, 0x61, 0x73, 0x6b, 0x5f, 0x6b, 0x6f, 0x62, 0x6a, 0x5f, 0x69, 0x64, 0x73, 0x5f, 0x65, 0x6e, + 0x74, 0x72, 0x79, 0x52, 0x07, 0x72, 0x6f, 0x6f, 0x74, 0x49, 0x64, 0x73, 0x12, 0x1a, 0x0a, 0x09, + 0x6e, 0x73, 0x5f, 0x70, 0x65, 0x72, 0x5f, 0x69, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, + 0x07, 0x6e, 0x73, 0x50, 0x65, 0x72, 0x49, 0x64, 0x12, 0x1e, 0x0a, 0x0b, 0x72, 0x6f, 0x6f, 0x74, + 0x5f, 0x63, 0x67, 0x5f, 0x73, 0x65, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x09, 0x72, + 0x6f, 0x6f, 0x74, 0x43, 0x67, 0x53, 0x65, 0x74, 0x12, 0x22, 0x0a, 0x07, 0x6c, 0x73, 0x6d, 0x74, + 0x79, 0x70, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x08, 0x2e, 0x6c, 0x73, 0x6d, 0x74, + 0x79, 0x70, 0x65, 0x52, 0x07, 0x6c, 0x73, 0x6d, 0x74, 0x79, 0x70, 0x65, 0x12, 0x1f, 0x0a, 0x0b, + 0x64, 0x75, 0x6d, 0x70, 0x5f, 0x75, 0x70, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, + 0x04, 0x52, 0x0a, 0x64, 0x75, 0x6d, 0x70, 0x55, 0x70, 0x74, 0x69, 0x6d, 0x65, 0x12, 0x22, 0x0a, + 0x0d, 0x70, 0x72, 0x65, 0x5f, 0x64, 0x75, 0x6d, 0x70, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x09, + 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0b, 0x70, 0x72, 0x65, 0x44, 0x75, 0x6d, 0x70, 0x4d, 0x6f, 0x64, + 0x65, 0x12, 0x1b, 0x0a, 0x09, 0x74, 0x63, 0x70, 0x5f, 0x63, 0x6c, 0x6f, 0x73, 0x65, 0x18, 0x0a, + 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x74, 0x63, 0x70, 0x43, 0x6c, 0x6f, 0x73, 0x65, 0x12, 0x2e, + 0x0a, 0x13, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x5f, 0x6c, 0x6f, 0x63, 0x6b, 0x5f, 0x6d, + 0x65, 0x74, 0x68, 0x6f, 0x64, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x11, 0x6e, 0x65, 0x74, + 0x77, 0x6f, 0x72, 0x6b, 0x4c, 0x6f, 0x63, 0x6b, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x2a, 0x30, + 0x0a, 0x07, 0x6c, 0x73, 0x6d, 0x74, 0x79, 0x70, 0x65, 0x12, 0x0a, 0x0a, 0x06, 0x4e, 0x4f, 0x5f, + 0x4c, 0x53, 0x4d, 0x10, 0x00, 0x12, 0x0b, 0x0a, 0x07, 0x53, 0x45, 0x4c, 0x49, 0x4e, 0x55, 0x58, + 0x10, 0x01, 0x12, 0x0c, 0x0a, 0x08, 0x41, 0x50, 0x50, 0x41, 0x52, 0x4d, 0x4f, 0x52, 0x10, 0x02, } var ( @@ -250,13 +249,13 @@ func file_inventory_proto_rawDescGZIP() []byte { var file_inventory_proto_enumTypes = make([]protoimpl.EnumInfo, 1) var file_inventory_proto_msgTypes = make([]protoimpl.MessageInfo, 1) var file_inventory_proto_goTypes = []interface{}{ - (Lsmtype)(0), // 0: criu.lsmtype - (*InventoryEntry)(nil), // 1: criu.inventory_entry - (*TaskKobjIdsEntry)(nil), // 2: criu.task_kobj_ids_entry + (Lsmtype)(0), // 0: lsmtype + (*InventoryEntry)(nil), // 1: inventory_entry + (*TaskKobjIdsEntry)(nil), // 2: task_kobj_ids_entry } var file_inventory_proto_depIdxs = []int32{ - 2, // 0: criu.inventory_entry.root_ids:type_name -> criu.task_kobj_ids_entry - 0, // 1: criu.inventory_entry.lsmtype:type_name -> criu.lsmtype + 2, // 0: inventory_entry.root_ids:type_name -> task_kobj_ids_entry + 0, // 1: inventory_entry.lsmtype:type_name -> lsmtype 2, // [2:2] is the sub-list for method output_type 2, // [2:2] is the sub-list for method input_type 2, // [2:2] is the sub-list for extension type_name @@ -269,7 +268,7 @@ func file_inventory_proto_init() { if File_inventory_proto != nil { return } - file_core_proto_init() + file_criu_core_proto_init() if !protoimpl.UnsafeEnabled { file_inventory_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*InventoryEntry); i { diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/inventory.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/inventory.proto index 730877b1bae..7bc16159656 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/inventory.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/inventory.proto @@ -1,9 +1,8 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; -import "core.proto"; +import "criu-core.proto"; enum lsmtype { NO_LSM = 0; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-desc.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-desc.pb.go index 3e8e6c816a3..9a8a2733d2e 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-desc.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-desc.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: ipc-desc.proto package images @@ -121,16 +121,16 @@ var File_ipc_desc_proto protoreflect.FileDescriptor var file_ipc_desc_proto_rawDesc = []byte{ 0x0a, 0x0e, 0x69, 0x70, 0x63, 0x2d, 0x64, 0x65, 0x73, 0x63, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x12, 0x04, 0x63, 0x72, 0x69, 0x75, 0x22, 0x92, 0x01, 0x0a, 0x0e, 0x69, 0x70, 0x63, 0x5f, 0x64, - 0x65, 0x73, 0x63, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, - 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x75, - 0x69, 0x64, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, 0x75, 0x69, 0x64, 0x12, 0x10, 0x0a, - 0x03, 0x67, 0x69, 0x64, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, 0x67, 0x69, 0x64, 0x12, - 0x12, 0x0a, 0x04, 0x63, 0x75, 0x69, 0x64, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x63, - 0x75, 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x63, 0x67, 0x69, 0x64, 0x18, 0x05, 0x20, 0x02, 0x28, - 0x0d, 0x52, 0x04, 0x63, 0x67, 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x18, - 0x06, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x0e, 0x0a, 0x02, 0x69, - 0x64, 0x18, 0x07, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, + 0x22, 0x92, 0x01, 0x0a, 0x0e, 0x69, 0x70, 0x63, 0x5f, 0x64, 0x65, 0x73, 0x63, 0x5f, 0x65, 0x6e, + 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, + 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x69, 0x64, 0x18, 0x02, 0x20, 0x02, + 0x28, 0x0d, 0x52, 0x03, 0x75, 0x69, 0x64, 0x12, 0x10, 0x0a, 0x03, 0x67, 0x69, 0x64, 0x18, 0x03, + 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, 0x67, 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x63, 0x75, 0x69, + 0x64, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x63, 0x75, 0x69, 0x64, 0x12, 0x12, 0x0a, + 0x04, 0x63, 0x67, 0x69, 0x64, 0x18, 0x05, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x63, 0x67, 0x69, + 0x64, 0x12, 0x12, 0x0a, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x06, 0x20, 0x02, 0x28, 0x0d, 0x52, + 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x07, 0x20, 0x02, 0x28, + 0x0d, 0x52, 0x02, 0x69, 0x64, } var ( @@ -147,7 +147,7 @@ func file_ipc_desc_proto_rawDescGZIP() []byte { var file_ipc_desc_proto_msgTypes = make([]protoimpl.MessageInfo, 1) var file_ipc_desc_proto_goTypes = []interface{}{ - (*IpcDescEntry)(nil), // 0: criu.ipc_desc_entry + (*IpcDescEntry)(nil), // 0: ipc_desc_entry } var file_ipc_desc_proto_depIdxs = []int32{ 0, // [0:0] is the sub-list for method output_type diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-desc.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-desc.proto index 109ebab496d..8b4c7f5baa2 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-desc.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-desc.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; message ipc_desc_entry { required uint32 key = 1; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-msg.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-msg.pb.go index a8ecbddf0ab..d20331e5594 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-msg.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-msg.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: ipc-msg.proto package images @@ -143,19 +143,18 @@ func (x *IpcMsgEntry) GetQnum() uint32 { var File_ipc_msg_proto protoreflect.FileDescriptor var file_ipc_msg_proto_rawDesc = []byte{ - 0x0a, 0x0d, 0x69, 0x70, 0x63, 0x2d, 0x6d, 0x73, 0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, - 0x04, 0x63, 0x72, 0x69, 0x75, 0x1a, 0x0e, 0x69, 0x70, 0x63, 0x2d, 0x64, 0x65, 0x73, 0x63, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x35, 0x0a, 0x07, 0x69, 0x70, 0x63, 0x5f, 0x6d, 0x73, 0x67, - 0x12, 0x14, 0x0a, 0x05, 0x6d, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x52, - 0x05, 0x6d, 0x74, 0x79, 0x70, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x6d, 0x73, 0x69, 0x7a, 0x65, 0x18, - 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x6d, 0x73, 0x69, 0x7a, 0x65, 0x22, 0x65, 0x0a, 0x0d, - 0x69, 0x70, 0x63, 0x5f, 0x6d, 0x73, 0x67, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x28, 0x0a, - 0x04, 0x64, 0x65, 0x73, 0x63, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x63, 0x72, - 0x69, 0x75, 0x2e, 0x69, 0x70, 0x63, 0x5f, 0x64, 0x65, 0x73, 0x63, 0x5f, 0x65, 0x6e, 0x74, 0x72, - 0x79, 0x52, 0x04, 0x64, 0x65, 0x73, 0x63, 0x12, 0x16, 0x0a, 0x06, 0x71, 0x62, 0x79, 0x74, 0x65, - 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x06, 0x71, 0x62, 0x79, 0x74, 0x65, 0x73, 0x12, - 0x12, 0x0a, 0x04, 0x71, 0x6e, 0x75, 0x6d, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x71, - 0x6e, 0x75, 0x6d, + 0x0a, 0x0d, 0x69, 0x70, 0x63, 0x2d, 0x6d, 0x73, 0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, + 0x0e, 0x69, 0x70, 0x63, 0x2d, 0x64, 0x65, 0x73, 0x63, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, + 0x35, 0x0a, 0x07, 0x69, 0x70, 0x63, 0x5f, 0x6d, 0x73, 0x67, 0x12, 0x14, 0x0a, 0x05, 0x6d, 0x74, + 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x52, 0x05, 0x6d, 0x74, 0x79, 0x70, 0x65, + 0x12, 0x14, 0x0a, 0x05, 0x6d, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, + 0x05, 0x6d, 0x73, 0x69, 0x7a, 0x65, 0x22, 0x60, 0x0a, 0x0d, 0x69, 0x70, 0x63, 0x5f, 0x6d, 0x73, + 0x67, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x23, 0x0a, 0x04, 0x64, 0x65, 0x73, 0x63, 0x18, + 0x01, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x69, 0x70, 0x63, 0x5f, 0x64, 0x65, 0x73, 0x63, + 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x64, 0x65, 0x73, 0x63, 0x12, 0x16, 0x0a, 0x06, + 0x71, 0x62, 0x79, 0x74, 0x65, 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x06, 0x71, 0x62, + 0x79, 0x74, 0x65, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x71, 0x6e, 0x75, 0x6d, 0x18, 0x03, 0x20, 0x02, + 0x28, 0x0d, 0x52, 0x04, 0x71, 0x6e, 0x75, 0x6d, } var ( @@ -172,12 +171,12 @@ func file_ipc_msg_proto_rawDescGZIP() []byte { var file_ipc_msg_proto_msgTypes = make([]protoimpl.MessageInfo, 2) var file_ipc_msg_proto_goTypes = []interface{}{ - (*IpcMsg)(nil), // 0: criu.ipc_msg - (*IpcMsgEntry)(nil), // 1: criu.ipc_msg_entry - (*IpcDescEntry)(nil), // 2: criu.ipc_desc_entry + (*IpcMsg)(nil), // 0: ipc_msg + (*IpcMsgEntry)(nil), // 1: ipc_msg_entry + (*IpcDescEntry)(nil), // 2: ipc_desc_entry } var file_ipc_msg_proto_depIdxs = []int32{ - 2, // 0: criu.ipc_msg_entry.desc:type_name -> criu.ipc_desc_entry + 2, // 0: ipc_msg_entry.desc:type_name -> ipc_desc_entry 1, // [1:1] is the sub-list for method output_type 1, // [1:1] is the sub-list for method input_type 1, // [1:1] is the sub-list for extension type_name diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-msg.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-msg.proto index 2ce977fce05..5b3103182fa 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-msg.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-msg.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; import "ipc-desc.proto"; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-sem.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-sem.pb.go index 56d30e07bf7..a4b2be84cad 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-sem.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-sem.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: ipc-sem.proto package images @@ -80,14 +80,13 @@ func (x *IpcSemEntry) GetNsems() uint32 { var File_ipc_sem_proto protoreflect.FileDescriptor var file_ipc_sem_proto_rawDesc = []byte{ - 0x0a, 0x0d, 0x69, 0x70, 0x63, 0x2d, 0x73, 0x65, 0x6d, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, - 0x04, 0x63, 0x72, 0x69, 0x75, 0x1a, 0x0e, 0x69, 0x70, 0x63, 0x2d, 0x64, 0x65, 0x73, 0x63, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x4f, 0x0a, 0x0d, 0x69, 0x70, 0x63, 0x5f, 0x73, 0x65, 0x6d, - 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x28, 0x0a, 0x04, 0x64, 0x65, 0x73, 0x63, 0x18, 0x01, - 0x20, 0x02, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x69, 0x70, 0x63, 0x5f, - 0x64, 0x65, 0x73, 0x63, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x64, 0x65, 0x73, 0x63, - 0x12, 0x14, 0x0a, 0x05, 0x6e, 0x73, 0x65, 0x6d, 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, - 0x05, 0x6e, 0x73, 0x65, 0x6d, 0x73, + 0x0a, 0x0d, 0x69, 0x70, 0x63, 0x2d, 0x73, 0x65, 0x6d, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, + 0x0e, 0x69, 0x70, 0x63, 0x2d, 0x64, 0x65, 0x73, 0x63, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, + 0x4a, 0x0a, 0x0d, 0x69, 0x70, 0x63, 0x5f, 0x73, 0x65, 0x6d, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, + 0x12, 0x23, 0x0a, 0x04, 0x64, 0x65, 0x73, 0x63, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x0f, + 0x2e, 0x69, 0x70, 0x63, 0x5f, 0x64, 0x65, 0x73, 0x63, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, + 0x04, 0x64, 0x65, 0x73, 0x63, 0x12, 0x14, 0x0a, 0x05, 0x6e, 0x73, 0x65, 0x6d, 0x73, 0x18, 0x02, + 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x6e, 0x73, 0x65, 0x6d, 0x73, } var ( @@ -104,11 +103,11 @@ func file_ipc_sem_proto_rawDescGZIP() []byte { var file_ipc_sem_proto_msgTypes = make([]protoimpl.MessageInfo, 1) var file_ipc_sem_proto_goTypes = []interface{}{ - (*IpcSemEntry)(nil), // 0: criu.ipc_sem_entry - (*IpcDescEntry)(nil), // 1: criu.ipc_desc_entry + (*IpcSemEntry)(nil), // 0: ipc_sem_entry + (*IpcDescEntry)(nil), // 1: ipc_desc_entry } var file_ipc_sem_proto_depIdxs = []int32{ - 1, // 0: criu.ipc_sem_entry.desc:type_name -> criu.ipc_desc_entry + 1, // 0: ipc_sem_entry.desc:type_name -> ipc_desc_entry 1, // [1:1] is the sub-list for method output_type 1, // [1:1] is the sub-list for method input_type 1, // [1:1] is the sub-list for extension type_name diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-sem.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-sem.proto index b0b320ea113..71a2beb9480 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-sem.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-sem.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; import "ipc-desc.proto"; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-shm.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-shm.pb.go index b541cbf01fe..8dd089cfa9c 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-shm.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-shm.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: ipc-shm.proto package images @@ -96,18 +96,17 @@ func (x *IpcShmEntry) GetHugetlbFlag() uint32 { var File_ipc_shm_proto protoreflect.FileDescriptor var file_ipc_shm_proto_rawDesc = []byte{ - 0x0a, 0x0d, 0x69, 0x70, 0x63, 0x2d, 0x73, 0x68, 0x6d, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, - 0x04, 0x63, 0x72, 0x69, 0x75, 0x1a, 0x0e, 0x69, 0x70, 0x63, 0x2d, 0x64, 0x65, 0x73, 0x63, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x91, 0x01, 0x0a, 0x0d, 0x69, 0x70, 0x63, 0x5f, 0x73, 0x68, - 0x6d, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x28, 0x0a, 0x04, 0x64, 0x65, 0x73, 0x63, 0x18, - 0x01, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x69, 0x70, 0x63, - 0x5f, 0x64, 0x65, 0x73, 0x63, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x64, 0x65, 0x73, - 0x63, 0x12, 0x12, 0x0a, 0x04, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x02, 0x20, 0x02, 0x28, 0x04, 0x52, - 0x04, 0x73, 0x69, 0x7a, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x69, 0x6e, 0x5f, 0x70, 0x61, 0x67, 0x65, - 0x6d, 0x61, 0x70, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x69, 0x6e, 0x50, 0x61, - 0x67, 0x65, 0x6d, 0x61, 0x70, 0x73, 0x12, 0x21, 0x0a, 0x0c, 0x68, 0x75, 0x67, 0x65, 0x74, 0x6c, - 0x62, 0x5f, 0x66, 0x6c, 0x61, 0x67, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0b, 0x68, 0x75, - 0x67, 0x65, 0x74, 0x6c, 0x62, 0x46, 0x6c, 0x61, 0x67, + 0x0a, 0x0d, 0x69, 0x70, 0x63, 0x2d, 0x73, 0x68, 0x6d, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, + 0x0e, 0x69, 0x70, 0x63, 0x2d, 0x64, 0x65, 0x73, 0x63, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, + 0x8c, 0x01, 0x0a, 0x0d, 0x69, 0x70, 0x63, 0x5f, 0x73, 0x68, 0x6d, 0x5f, 0x65, 0x6e, 0x74, 0x72, + 0x79, 0x12, 0x23, 0x0a, 0x04, 0x64, 0x65, 0x73, 0x63, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0b, 0x32, + 0x0f, 0x2e, 0x69, 0x70, 0x63, 0x5f, 0x64, 0x65, 0x73, 0x63, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, + 0x52, 0x04, 0x64, 0x65, 0x73, 0x63, 0x12, 0x12, 0x0a, 0x04, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x02, + 0x20, 0x02, 0x28, 0x04, 0x52, 0x04, 0x73, 0x69, 0x7a, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x69, 0x6e, + 0x5f, 0x70, 0x61, 0x67, 0x65, 0x6d, 0x61, 0x70, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, + 0x0a, 0x69, 0x6e, 0x50, 0x61, 0x67, 0x65, 0x6d, 0x61, 0x70, 0x73, 0x12, 0x21, 0x0a, 0x0c, 0x68, + 0x75, 0x67, 0x65, 0x74, 0x6c, 0x62, 0x5f, 0x66, 0x6c, 0x61, 0x67, 0x18, 0x04, 0x20, 0x01, 0x28, + 0x0d, 0x52, 0x0b, 0x68, 0x75, 0x67, 0x65, 0x74, 0x6c, 0x62, 0x46, 0x6c, 0x61, 0x67, } var ( @@ -124,11 +123,11 @@ func file_ipc_shm_proto_rawDescGZIP() []byte { var file_ipc_shm_proto_msgTypes = make([]protoimpl.MessageInfo, 1) var file_ipc_shm_proto_goTypes = []interface{}{ - (*IpcShmEntry)(nil), // 0: criu.ipc_shm_entry - (*IpcDescEntry)(nil), // 1: criu.ipc_desc_entry + (*IpcShmEntry)(nil), // 0: ipc_shm_entry + (*IpcDescEntry)(nil), // 1: ipc_desc_entry } var file_ipc_shm_proto_depIdxs = []int32{ - 1, // 0: criu.ipc_shm_entry.desc:type_name -> criu.ipc_desc_entry + 1, // 0: ipc_shm_entry.desc:type_name -> ipc_desc_entry 1, // [1:1] is the sub-list for method output_type 1, // [1:1] is the sub-list for method input_type 1, // [1:1] is the sub-list for extension type_name diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-shm.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-shm.proto index 09571462622..c5feebac0c0 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-shm.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-shm.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; import "ipc-desc.proto"; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-var.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-var.pb.go index e0aae908cbe..cba7310c397 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-var.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-var.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: ipc-var.proto package images @@ -200,45 +200,44 @@ func (x *IpcVarEntry) GetShmNextId() uint32 { var File_ipc_var_proto protoreflect.FileDescriptor var file_ipc_var_proto_rawDesc = []byte{ - 0x0a, 0x0d, 0x69, 0x70, 0x63, 0x2d, 0x76, 0x61, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, - 0x04, 0x63, 0x72, 0x69, 0x75, 0x22, 0xc9, 0x04, 0x0a, 0x0d, 0x69, 0x70, 0x63, 0x5f, 0x76, 0x61, - 0x72, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x19, 0x0a, 0x08, 0x73, 0x65, 0x6d, 0x5f, 0x63, - 0x74, 0x6c, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0d, 0x52, 0x07, 0x73, 0x65, 0x6d, 0x43, 0x74, - 0x6c, 0x73, 0x12, 0x1d, 0x0a, 0x0a, 0x6d, 0x73, 0x67, 0x5f, 0x63, 0x74, 0x6c, 0x6d, 0x61, 0x78, - 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x09, 0x6d, 0x73, 0x67, 0x43, 0x74, 0x6c, 0x6d, 0x61, - 0x78, 0x12, 0x1d, 0x0a, 0x0a, 0x6d, 0x73, 0x67, 0x5f, 0x63, 0x74, 0x6c, 0x6d, 0x6e, 0x62, 0x18, - 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x09, 0x6d, 0x73, 0x67, 0x43, 0x74, 0x6c, 0x6d, 0x6e, 0x62, - 0x12, 0x1d, 0x0a, 0x0a, 0x6d, 0x73, 0x67, 0x5f, 0x63, 0x74, 0x6c, 0x6d, 0x6e, 0x69, 0x18, 0x04, - 0x20, 0x02, 0x28, 0x0d, 0x52, 0x09, 0x6d, 0x73, 0x67, 0x43, 0x74, 0x6c, 0x6d, 0x6e, 0x69, 0x12, - 0x1f, 0x0a, 0x0b, 0x61, 0x75, 0x74, 0x6f, 0x5f, 0x6d, 0x73, 0x67, 0x6d, 0x6e, 0x69, 0x18, 0x05, - 0x20, 0x02, 0x28, 0x0d, 0x52, 0x0a, 0x61, 0x75, 0x74, 0x6f, 0x4d, 0x73, 0x67, 0x6d, 0x6e, 0x69, - 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x68, 0x6d, 0x5f, 0x63, 0x74, 0x6c, 0x6d, 0x61, 0x78, 0x18, 0x06, - 0x20, 0x02, 0x28, 0x04, 0x52, 0x09, 0x73, 0x68, 0x6d, 0x43, 0x74, 0x6c, 0x6d, 0x61, 0x78, 0x12, - 0x1d, 0x0a, 0x0a, 0x73, 0x68, 0x6d, 0x5f, 0x63, 0x74, 0x6c, 0x61, 0x6c, 0x6c, 0x18, 0x07, 0x20, - 0x02, 0x28, 0x04, 0x52, 0x09, 0x73, 0x68, 0x6d, 0x43, 0x74, 0x6c, 0x61, 0x6c, 0x6c, 0x12, 0x1d, - 0x0a, 0x0a, 0x73, 0x68, 0x6d, 0x5f, 0x63, 0x74, 0x6c, 0x6d, 0x6e, 0x69, 0x18, 0x08, 0x20, 0x02, - 0x28, 0x0d, 0x52, 0x09, 0x73, 0x68, 0x6d, 0x43, 0x74, 0x6c, 0x6d, 0x6e, 0x69, 0x12, 0x26, 0x0a, - 0x0f, 0x73, 0x68, 0x6d, 0x5f, 0x72, 0x6d, 0x69, 0x64, 0x5f, 0x66, 0x6f, 0x72, 0x63, 0x65, 0x64, - 0x18, 0x09, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x0d, 0x73, 0x68, 0x6d, 0x52, 0x6d, 0x69, 0x64, 0x46, - 0x6f, 0x72, 0x63, 0x65, 0x64, 0x12, 0x22, 0x0a, 0x0d, 0x6d, 0x71, 0x5f, 0x71, 0x75, 0x65, 0x75, - 0x65, 0x73, 0x5f, 0x6d, 0x61, 0x78, 0x18, 0x0a, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x0b, 0x6d, 0x71, - 0x51, 0x75, 0x65, 0x75, 0x65, 0x73, 0x4d, 0x61, 0x78, 0x12, 0x1c, 0x0a, 0x0a, 0x6d, 0x71, 0x5f, - 0x6d, 0x73, 0x67, 0x5f, 0x6d, 0x61, 0x78, 0x18, 0x0b, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x08, 0x6d, - 0x71, 0x4d, 0x73, 0x67, 0x4d, 0x61, 0x78, 0x12, 0x24, 0x0a, 0x0e, 0x6d, 0x71, 0x5f, 0x6d, 0x73, - 0x67, 0x73, 0x69, 0x7a, 0x65, 0x5f, 0x6d, 0x61, 0x78, 0x18, 0x0c, 0x20, 0x02, 0x28, 0x0d, 0x52, - 0x0c, 0x6d, 0x71, 0x4d, 0x73, 0x67, 0x73, 0x69, 0x7a, 0x65, 0x4d, 0x61, 0x78, 0x12, 0x24, 0x0a, - 0x0e, 0x6d, 0x71, 0x5f, 0x6d, 0x73, 0x67, 0x5f, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x18, - 0x0d, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0c, 0x6d, 0x71, 0x4d, 0x73, 0x67, 0x44, 0x65, 0x66, 0x61, - 0x75, 0x6c, 0x74, 0x12, 0x2c, 0x0a, 0x12, 0x6d, 0x71, 0x5f, 0x6d, 0x73, 0x67, 0x73, 0x69, 0x7a, - 0x65, 0x5f, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x0d, 0x52, - 0x10, 0x6d, 0x71, 0x4d, 0x73, 0x67, 0x73, 0x69, 0x7a, 0x65, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, - 0x74, 0x12, 0x1e, 0x0a, 0x0b, 0x6d, 0x73, 0x67, 0x5f, 0x6e, 0x65, 0x78, 0x74, 0x5f, 0x69, 0x64, - 0x18, 0x0f, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x09, 0x6d, 0x73, 0x67, 0x4e, 0x65, 0x78, 0x74, 0x49, - 0x64, 0x12, 0x1e, 0x0a, 0x0b, 0x73, 0x65, 0x6d, 0x5f, 0x6e, 0x65, 0x78, 0x74, 0x5f, 0x69, 0x64, - 0x18, 0x10, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x09, 0x73, 0x65, 0x6d, 0x4e, 0x65, 0x78, 0x74, 0x49, - 0x64, 0x12, 0x1e, 0x0a, 0x0b, 0x73, 0x68, 0x6d, 0x5f, 0x6e, 0x65, 0x78, 0x74, 0x5f, 0x69, 0x64, - 0x18, 0x11, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x09, 0x73, 0x68, 0x6d, 0x4e, 0x65, 0x78, 0x74, 0x49, - 0x64, + 0x0a, 0x0d, 0x69, 0x70, 0x63, 0x2d, 0x76, 0x61, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, + 0xc9, 0x04, 0x0a, 0x0d, 0x69, 0x70, 0x63, 0x5f, 0x76, 0x61, 0x72, 0x5f, 0x65, 0x6e, 0x74, 0x72, + 0x79, 0x12, 0x19, 0x0a, 0x08, 0x73, 0x65, 0x6d, 0x5f, 0x63, 0x74, 0x6c, 0x73, 0x18, 0x01, 0x20, + 0x03, 0x28, 0x0d, 0x52, 0x07, 0x73, 0x65, 0x6d, 0x43, 0x74, 0x6c, 0x73, 0x12, 0x1d, 0x0a, 0x0a, + 0x6d, 0x73, 0x67, 0x5f, 0x63, 0x74, 0x6c, 0x6d, 0x61, 0x78, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, + 0x52, 0x09, 0x6d, 0x73, 0x67, 0x43, 0x74, 0x6c, 0x6d, 0x61, 0x78, 0x12, 0x1d, 0x0a, 0x0a, 0x6d, + 0x73, 0x67, 0x5f, 0x63, 0x74, 0x6c, 0x6d, 0x6e, 0x62, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, + 0x09, 0x6d, 0x73, 0x67, 0x43, 0x74, 0x6c, 0x6d, 0x6e, 0x62, 0x12, 0x1d, 0x0a, 0x0a, 0x6d, 0x73, + 0x67, 0x5f, 0x63, 0x74, 0x6c, 0x6d, 0x6e, 0x69, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x09, + 0x6d, 0x73, 0x67, 0x43, 0x74, 0x6c, 0x6d, 0x6e, 0x69, 0x12, 0x1f, 0x0a, 0x0b, 0x61, 0x75, 0x74, + 0x6f, 0x5f, 0x6d, 0x73, 0x67, 0x6d, 0x6e, 0x69, 0x18, 0x05, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x0a, + 0x61, 0x75, 0x74, 0x6f, 0x4d, 0x73, 0x67, 0x6d, 0x6e, 0x69, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x68, + 0x6d, 0x5f, 0x63, 0x74, 0x6c, 0x6d, 0x61, 0x78, 0x18, 0x06, 0x20, 0x02, 0x28, 0x04, 0x52, 0x09, + 0x73, 0x68, 0x6d, 0x43, 0x74, 0x6c, 0x6d, 0x61, 0x78, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x68, 0x6d, + 0x5f, 0x63, 0x74, 0x6c, 0x61, 0x6c, 0x6c, 0x18, 0x07, 0x20, 0x02, 0x28, 0x04, 0x52, 0x09, 0x73, + 0x68, 0x6d, 0x43, 0x74, 0x6c, 0x61, 0x6c, 0x6c, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x68, 0x6d, 0x5f, + 0x63, 0x74, 0x6c, 0x6d, 0x6e, 0x69, 0x18, 0x08, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x09, 0x73, 0x68, + 0x6d, 0x43, 0x74, 0x6c, 0x6d, 0x6e, 0x69, 0x12, 0x26, 0x0a, 0x0f, 0x73, 0x68, 0x6d, 0x5f, 0x72, + 0x6d, 0x69, 0x64, 0x5f, 0x66, 0x6f, 0x72, 0x63, 0x65, 0x64, 0x18, 0x09, 0x20, 0x02, 0x28, 0x0d, + 0x52, 0x0d, 0x73, 0x68, 0x6d, 0x52, 0x6d, 0x69, 0x64, 0x46, 0x6f, 0x72, 0x63, 0x65, 0x64, 0x12, + 0x22, 0x0a, 0x0d, 0x6d, 0x71, 0x5f, 0x71, 0x75, 0x65, 0x75, 0x65, 0x73, 0x5f, 0x6d, 0x61, 0x78, + 0x18, 0x0a, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x0b, 0x6d, 0x71, 0x51, 0x75, 0x65, 0x75, 0x65, 0x73, + 0x4d, 0x61, 0x78, 0x12, 0x1c, 0x0a, 0x0a, 0x6d, 0x71, 0x5f, 0x6d, 0x73, 0x67, 0x5f, 0x6d, 0x61, + 0x78, 0x18, 0x0b, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x08, 0x6d, 0x71, 0x4d, 0x73, 0x67, 0x4d, 0x61, + 0x78, 0x12, 0x24, 0x0a, 0x0e, 0x6d, 0x71, 0x5f, 0x6d, 0x73, 0x67, 0x73, 0x69, 0x7a, 0x65, 0x5f, + 0x6d, 0x61, 0x78, 0x18, 0x0c, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x0c, 0x6d, 0x71, 0x4d, 0x73, 0x67, + 0x73, 0x69, 0x7a, 0x65, 0x4d, 0x61, 0x78, 0x12, 0x24, 0x0a, 0x0e, 0x6d, 0x71, 0x5f, 0x6d, 0x73, + 0x67, 0x5f, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x0d, 0x52, + 0x0c, 0x6d, 0x71, 0x4d, 0x73, 0x67, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x12, 0x2c, 0x0a, + 0x12, 0x6d, 0x71, 0x5f, 0x6d, 0x73, 0x67, 0x73, 0x69, 0x7a, 0x65, 0x5f, 0x64, 0x65, 0x66, 0x61, + 0x75, 0x6c, 0x74, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x10, 0x6d, 0x71, 0x4d, 0x73, 0x67, + 0x73, 0x69, 0x7a, 0x65, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x12, 0x1e, 0x0a, 0x0b, 0x6d, + 0x73, 0x67, 0x5f, 0x6e, 0x65, 0x78, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x0d, + 0x52, 0x09, 0x6d, 0x73, 0x67, 0x4e, 0x65, 0x78, 0x74, 0x49, 0x64, 0x12, 0x1e, 0x0a, 0x0b, 0x73, + 0x65, 0x6d, 0x5f, 0x6e, 0x65, 0x78, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x10, 0x20, 0x01, 0x28, 0x0d, + 0x52, 0x09, 0x73, 0x65, 0x6d, 0x4e, 0x65, 0x78, 0x74, 0x49, 0x64, 0x12, 0x1e, 0x0a, 0x0b, 0x73, + 0x68, 0x6d, 0x5f, 0x6e, 0x65, 0x78, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x11, 0x20, 0x01, 0x28, 0x0d, + 0x52, 0x09, 0x73, 0x68, 0x6d, 0x4e, 0x65, 0x78, 0x74, 0x49, 0x64, } var ( @@ -255,7 +254,7 @@ func file_ipc_var_proto_rawDescGZIP() []byte { var file_ipc_var_proto_msgTypes = make([]protoimpl.MessageInfo, 1) var file_ipc_var_proto_goTypes = []interface{}{ - (*IpcVarEntry)(nil), // 0: criu.ipc_var_entry + (*IpcVarEntry)(nil), // 0: ipc_var_entry } var file_ipc_var_proto_depIdxs = []int32{ 0, // [0:0] is the sub-list for method output_type diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-var.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-var.proto index f4fd1915756..a5e2df9dec6 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-var.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-var.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; message ipc_var_entry { repeated uint32 sem_ctls = 1; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/macvlan.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/macvlan.pb.go index 917c1d96663..abab1c1816d 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/macvlan.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/macvlan.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: macvlan.proto package images @@ -80,12 +80,11 @@ func (x *MacvlanLinkEntry) GetFlags() uint32 { var File_macvlan_proto protoreflect.FileDescriptor var file_macvlan_proto_rawDesc = []byte{ - 0x0a, 0x0d, 0x6d, 0x61, 0x63, 0x76, 0x6c, 0x61, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, - 0x04, 0x63, 0x72, 0x69, 0x75, 0x22, 0x3e, 0x0a, 0x12, 0x6d, 0x61, 0x63, 0x76, 0x6c, 0x61, 0x6e, - 0x5f, 0x6c, 0x69, 0x6e, 0x6b, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x6d, - 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x12, - 0x14, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x05, - 0x66, 0x6c, 0x61, 0x67, 0x73, + 0x0a, 0x0d, 0x6d, 0x61, 0x63, 0x76, 0x6c, 0x61, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, + 0x3e, 0x0a, 0x12, 0x6d, 0x61, 0x63, 0x76, 0x6c, 0x61, 0x6e, 0x5f, 0x6c, 0x69, 0x6e, 0x6b, 0x5f, + 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, + 0x02, 0x28, 0x0d, 0x52, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x66, 0x6c, 0x61, + 0x67, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, } var ( @@ -102,7 +101,7 @@ func file_macvlan_proto_rawDescGZIP() []byte { var file_macvlan_proto_msgTypes = make([]protoimpl.MessageInfo, 1) var file_macvlan_proto_goTypes = []interface{}{ - (*MacvlanLinkEntry)(nil), // 0: criu.macvlan_link_entry + (*MacvlanLinkEntry)(nil), // 0: macvlan_link_entry } var file_macvlan_proto_depIdxs = []int32{ 0, // [0:0] is the sub-list for method output_type diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/macvlan.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/macvlan.proto index 4b03c4e8156..6f78076d8ee 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/macvlan.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/macvlan.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; message macvlan_link_entry { required uint32 mode = 1; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/memfd.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/memfd.pb.go index 581fdb18726..23005e95d6d 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/memfd.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/memfd.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: memfd.proto package images @@ -207,33 +207,32 @@ func (x *MemfdInodeEntry) GetHugetlbFlag() uint32 { var File_memfd_proto protoreflect.FileDescriptor var file_memfd_proto_rawDesc = []byte{ - 0x0a, 0x0b, 0x6d, 0x65, 0x6d, 0x66, 0x64, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x63, - 0x72, 0x69, 0x75, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, - 0x0a, 0x66, 0x6f, 0x77, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x9d, 0x01, 0x0a, 0x10, - 0x6d, 0x65, 0x6d, 0x66, 0x64, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, - 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, - 0x12, 0x26, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x42, - 0x10, 0xd2, 0x3f, 0x0d, 0x1a, 0x0b, 0x72, 0x66, 0x69, 0x6c, 0x65, 0x2e, 0x66, 0x6c, 0x61, 0x67, - 0x73, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x10, 0x0a, 0x03, 0x70, 0x6f, 0x73, 0x18, - 0x03, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x70, 0x6f, 0x73, 0x12, 0x24, 0x0a, 0x04, 0x66, 0x6f, - 0x77, 0x6e, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, - 0x66, 0x6f, 0x77, 0x6e, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x66, 0x6f, 0x77, 0x6e, - 0x12, 0x19, 0x0a, 0x08, 0x69, 0x6e, 0x6f, 0x64, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x05, 0x20, 0x02, - 0x28, 0x0d, 0x52, 0x07, 0x69, 0x6e, 0x6f, 0x64, 0x65, 0x49, 0x64, 0x22, 0xdb, 0x01, 0x0a, 0x11, - 0x6d, 0x65, 0x6d, 0x66, 0x64, 0x5f, 0x69, 0x6e, 0x6f, 0x64, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, - 0x79, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x09, 0x52, - 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x69, 0x64, 0x18, 0x02, 0x20, 0x02, - 0x28, 0x0d, 0x52, 0x03, 0x75, 0x69, 0x64, 0x12, 0x10, 0x0a, 0x03, 0x67, 0x69, 0x64, 0x18, 0x03, - 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, 0x67, 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x73, 0x69, 0x7a, - 0x65, 0x18, 0x04, 0x20, 0x02, 0x28, 0x04, 0x52, 0x04, 0x73, 0x69, 0x7a, 0x65, 0x12, 0x14, 0x0a, - 0x05, 0x73, 0x68, 0x6d, 0x69, 0x64, 0x18, 0x05, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x73, 0x68, - 0x6d, 0x69, 0x64, 0x12, 0x26, 0x0a, 0x05, 0x73, 0x65, 0x61, 0x6c, 0x73, 0x18, 0x06, 0x20, 0x02, - 0x28, 0x0d, 0x42, 0x10, 0xd2, 0x3f, 0x0d, 0x1a, 0x0b, 0x73, 0x65, 0x61, 0x6c, 0x73, 0x2e, 0x66, - 0x6c, 0x61, 0x67, 0x73, 0x52, 0x05, 0x73, 0x65, 0x61, 0x6c, 0x73, 0x12, 0x19, 0x0a, 0x08, 0x69, - 0x6e, 0x6f, 0x64, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x07, 0x20, 0x02, 0x28, 0x04, 0x52, 0x07, 0x69, - 0x6e, 0x6f, 0x64, 0x65, 0x49, 0x64, 0x12, 0x21, 0x0a, 0x0c, 0x68, 0x75, 0x67, 0x65, 0x74, 0x6c, - 0x62, 0x5f, 0x66, 0x6c, 0x61, 0x67, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0b, 0x68, 0x75, - 0x67, 0x65, 0x74, 0x6c, 0x62, 0x46, 0x6c, 0x61, 0x67, + 0x0a, 0x0b, 0x6d, 0x65, 0x6d, 0x66, 0x64, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x6f, + 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x66, 0x6f, 0x77, 0x6e, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x98, 0x01, 0x0a, 0x10, 0x6d, 0x65, 0x6d, 0x66, 0x64, 0x5f, + 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, + 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, 0x26, 0x0a, 0x05, 0x66, 0x6c, + 0x61, 0x67, 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x10, 0xd2, 0x3f, 0x0d, 0x1a, 0x0b, + 0x72, 0x66, 0x69, 0x6c, 0x65, 0x2e, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x52, 0x05, 0x66, 0x6c, 0x61, + 0x67, 0x73, 0x12, 0x10, 0x0a, 0x03, 0x70, 0x6f, 0x73, 0x18, 0x03, 0x20, 0x02, 0x28, 0x04, 0x52, + 0x03, 0x70, 0x6f, 0x73, 0x12, 0x1f, 0x0a, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x18, 0x04, 0x20, 0x02, + 0x28, 0x0b, 0x32, 0x0b, 0x2e, 0x66, 0x6f, 0x77, 0x6e, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, + 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x12, 0x19, 0x0a, 0x08, 0x69, 0x6e, 0x6f, 0x64, 0x65, 0x5f, 0x69, + 0x64, 0x18, 0x05, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x69, 0x6e, 0x6f, 0x64, 0x65, 0x49, 0x64, + 0x22, 0xdb, 0x01, 0x0a, 0x11, 0x6d, 0x65, 0x6d, 0x66, 0x64, 0x5f, 0x69, 0x6e, 0x6f, 0x64, 0x65, + 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, + 0x20, 0x02, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x69, + 0x64, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, 0x75, 0x69, 0x64, 0x12, 0x10, 0x0a, 0x03, + 0x67, 0x69, 0x64, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, 0x67, 0x69, 0x64, 0x12, 0x12, + 0x0a, 0x04, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x04, 0x20, 0x02, 0x28, 0x04, 0x52, 0x04, 0x73, 0x69, + 0x7a, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x73, 0x68, 0x6d, 0x69, 0x64, 0x18, 0x05, 0x20, 0x02, 0x28, + 0x0d, 0x52, 0x05, 0x73, 0x68, 0x6d, 0x69, 0x64, 0x12, 0x26, 0x0a, 0x05, 0x73, 0x65, 0x61, 0x6c, + 0x73, 0x18, 0x06, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x10, 0xd2, 0x3f, 0x0d, 0x1a, 0x0b, 0x73, 0x65, + 0x61, 0x6c, 0x73, 0x2e, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x52, 0x05, 0x73, 0x65, 0x61, 0x6c, 0x73, + 0x12, 0x19, 0x0a, 0x08, 0x69, 0x6e, 0x6f, 0x64, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x07, 0x20, 0x02, + 0x28, 0x04, 0x52, 0x07, 0x69, 0x6e, 0x6f, 0x64, 0x65, 0x49, 0x64, 0x12, 0x21, 0x0a, 0x0c, 0x68, + 0x75, 0x67, 0x65, 0x74, 0x6c, 0x62, 0x5f, 0x66, 0x6c, 0x61, 0x67, 0x18, 0x08, 0x20, 0x01, 0x28, + 0x0d, 0x52, 0x0b, 0x68, 0x75, 0x67, 0x65, 0x74, 0x6c, 0x62, 0x46, 0x6c, 0x61, 0x67, } var ( @@ -250,12 +249,12 @@ func file_memfd_proto_rawDescGZIP() []byte { var file_memfd_proto_msgTypes = make([]protoimpl.MessageInfo, 2) var file_memfd_proto_goTypes = []interface{}{ - (*MemfdFileEntry)(nil), // 0: criu.memfd_file_entry - (*MemfdInodeEntry)(nil), // 1: criu.memfd_inode_entry - (*FownEntry)(nil), // 2: criu.fown_entry + (*MemfdFileEntry)(nil), // 0: memfd_file_entry + (*MemfdInodeEntry)(nil), // 1: memfd_inode_entry + (*FownEntry)(nil), // 2: fown_entry } var file_memfd_proto_depIdxs = []int32{ - 2, // 0: criu.memfd_file_entry.fown:type_name -> criu.fown_entry + 2, // 0: memfd_file_entry.fown:type_name -> fown_entry 1, // [1:1] is the sub-list for method output_type 1, // [1:1] is the sub-list for method input_type 1, // [1:1] is the sub-list for extension type_name diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/memfd.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/memfd.proto index f73a2c0af65..0e625416a7d 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/memfd.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/memfd.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; import "opts.proto"; import "fown.proto"; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/mm.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/mm.pb.go index 6db5896a8f8..c76b33bf41b 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/mm.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/mm.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: mm.proto package images @@ -263,52 +263,51 @@ func (x *MmEntry) GetThpDisabled() bool { var File_mm_proto protoreflect.FileDescriptor var file_mm_proto_rawDesc = []byte{ - 0x0a, 0x08, 0x6d, 0x6d, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x63, 0x72, 0x69, 0x75, - 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x09, 0x76, 0x6d, - 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x52, 0x0a, 0x0e, 0x61, 0x69, 0x6f, 0x5f, 0x72, - 0x69, 0x6e, 0x67, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, - 0x01, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x69, 0x64, 0x12, 0x15, 0x0a, 0x06, 0x6e, 0x72, 0x5f, - 0x72, 0x65, 0x71, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x6e, 0x72, 0x52, 0x65, 0x71, - 0x12, 0x19, 0x0a, 0x08, 0x72, 0x69, 0x6e, 0x67, 0x5f, 0x6c, 0x65, 0x6e, 0x18, 0x03, 0x20, 0x02, - 0x28, 0x0d, 0x52, 0x07, 0x72, 0x69, 0x6e, 0x67, 0x4c, 0x65, 0x6e, 0x22, 0x90, 0x05, 0x0a, 0x08, - 0x6d, 0x6d, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x29, 0x0a, 0x0d, 0x6d, 0x6d, 0x5f, 0x73, - 0x74, 0x61, 0x72, 0x74, 0x5f, 0x63, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x42, - 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x0b, 0x6d, 0x6d, 0x53, 0x74, 0x61, 0x72, 0x74, 0x43, - 0x6f, 0x64, 0x65, 0x12, 0x25, 0x0a, 0x0b, 0x6d, 0x6d, 0x5f, 0x65, 0x6e, 0x64, 0x5f, 0x63, 0x6f, - 0x64, 0x65, 0x18, 0x02, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, - 0x09, 0x6d, 0x6d, 0x45, 0x6e, 0x64, 0x43, 0x6f, 0x64, 0x65, 0x12, 0x29, 0x0a, 0x0d, 0x6d, 0x6d, - 0x5f, 0x73, 0x74, 0x61, 0x72, 0x74, 0x5f, 0x64, 0x61, 0x74, 0x61, 0x18, 0x03, 0x20, 0x02, 0x28, - 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x0b, 0x6d, 0x6d, 0x53, 0x74, 0x61, 0x72, - 0x74, 0x44, 0x61, 0x74, 0x61, 0x12, 0x25, 0x0a, 0x0b, 0x6d, 0x6d, 0x5f, 0x65, 0x6e, 0x64, 0x5f, - 0x64, 0x61, 0x74, 0x61, 0x18, 0x04, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, - 0x01, 0x52, 0x09, 0x6d, 0x6d, 0x45, 0x6e, 0x64, 0x44, 0x61, 0x74, 0x61, 0x12, 0x2b, 0x0a, 0x0e, - 0x6d, 0x6d, 0x5f, 0x73, 0x74, 0x61, 0x72, 0x74, 0x5f, 0x73, 0x74, 0x61, 0x63, 0x6b, 0x18, 0x05, - 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x0c, 0x6d, 0x6d, 0x53, - 0x74, 0x61, 0x72, 0x74, 0x53, 0x74, 0x61, 0x63, 0x6b, 0x12, 0x27, 0x0a, 0x0c, 0x6d, 0x6d, 0x5f, - 0x73, 0x74, 0x61, 0x72, 0x74, 0x5f, 0x62, 0x72, 0x6b, 0x18, 0x06, 0x20, 0x02, 0x28, 0x04, 0x42, - 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x0a, 0x6d, 0x6d, 0x53, 0x74, 0x61, 0x72, 0x74, 0x42, - 0x72, 0x6b, 0x12, 0x1c, 0x0a, 0x06, 0x6d, 0x6d, 0x5f, 0x62, 0x72, 0x6b, 0x18, 0x07, 0x20, 0x02, - 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x05, 0x6d, 0x6d, 0x42, 0x72, 0x6b, - 0x12, 0x27, 0x0a, 0x0c, 0x6d, 0x6d, 0x5f, 0x61, 0x72, 0x67, 0x5f, 0x73, 0x74, 0x61, 0x72, 0x74, - 0x18, 0x08, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x0a, 0x6d, - 0x6d, 0x41, 0x72, 0x67, 0x53, 0x74, 0x61, 0x72, 0x74, 0x12, 0x23, 0x0a, 0x0a, 0x6d, 0x6d, 0x5f, - 0x61, 0x72, 0x67, 0x5f, 0x65, 0x6e, 0x64, 0x18, 0x09, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, - 0x3f, 0x02, 0x08, 0x01, 0x52, 0x08, 0x6d, 0x6d, 0x41, 0x72, 0x67, 0x45, 0x6e, 0x64, 0x12, 0x27, - 0x0a, 0x0c, 0x6d, 0x6d, 0x5f, 0x65, 0x6e, 0x76, 0x5f, 0x73, 0x74, 0x61, 0x72, 0x74, 0x18, 0x0a, - 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x0a, 0x6d, 0x6d, 0x45, - 0x6e, 0x76, 0x53, 0x74, 0x61, 0x72, 0x74, 0x12, 0x23, 0x0a, 0x0a, 0x6d, 0x6d, 0x5f, 0x65, 0x6e, - 0x76, 0x5f, 0x65, 0x6e, 0x64, 0x18, 0x0b, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, - 0x08, 0x01, 0x52, 0x08, 0x6d, 0x6d, 0x45, 0x6e, 0x76, 0x45, 0x6e, 0x64, 0x12, 0x1e, 0x0a, 0x0b, - 0x65, 0x78, 0x65, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x0c, 0x20, 0x02, 0x28, - 0x0d, 0x52, 0x09, 0x65, 0x78, 0x65, 0x46, 0x69, 0x6c, 0x65, 0x49, 0x64, 0x12, 0x22, 0x0a, 0x0d, - 0x6d, 0x6d, 0x5f, 0x73, 0x61, 0x76, 0x65, 0x64, 0x5f, 0x61, 0x75, 0x78, 0x76, 0x18, 0x0d, 0x20, - 0x03, 0x28, 0x04, 0x52, 0x0b, 0x6d, 0x6d, 0x53, 0x61, 0x76, 0x65, 0x64, 0x41, 0x75, 0x78, 0x76, - 0x12, 0x23, 0x0a, 0x04, 0x76, 0x6d, 0x61, 0x73, 0x18, 0x0e, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0f, - 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x76, 0x6d, 0x61, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, - 0x04, 0x76, 0x6d, 0x61, 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x64, 0x75, 0x6d, 0x70, 0x61, 0x62, 0x6c, - 0x65, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x05, 0x52, 0x08, 0x64, 0x75, 0x6d, 0x70, 0x61, 0x62, 0x6c, - 0x65, 0x12, 0x28, 0x0a, 0x04, 0x61, 0x69, 0x6f, 0x73, 0x18, 0x10, 0x20, 0x03, 0x28, 0x0b, 0x32, - 0x14, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x61, 0x69, 0x6f, 0x5f, 0x72, 0x69, 0x6e, 0x67, 0x5f, + 0x0a, 0x08, 0x6d, 0x6d, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x09, 0x76, 0x6d, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x22, 0x52, 0x0a, 0x0e, 0x61, 0x69, 0x6f, 0x5f, 0x72, 0x69, 0x6e, 0x67, 0x5f, 0x65, 0x6e, + 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x52, + 0x02, 0x69, 0x64, 0x12, 0x15, 0x0a, 0x06, 0x6e, 0x72, 0x5f, 0x72, 0x65, 0x71, 0x18, 0x02, 0x20, + 0x02, 0x28, 0x0d, 0x52, 0x05, 0x6e, 0x72, 0x52, 0x65, 0x71, 0x12, 0x19, 0x0a, 0x08, 0x72, 0x69, + 0x6e, 0x67, 0x5f, 0x6c, 0x65, 0x6e, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x72, 0x69, + 0x6e, 0x67, 0x4c, 0x65, 0x6e, 0x22, 0x86, 0x05, 0x0a, 0x08, 0x6d, 0x6d, 0x5f, 0x65, 0x6e, 0x74, + 0x72, 0x79, 0x12, 0x29, 0x0a, 0x0d, 0x6d, 0x6d, 0x5f, 0x73, 0x74, 0x61, 0x72, 0x74, 0x5f, 0x63, + 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, + 0x52, 0x0b, 0x6d, 0x6d, 0x53, 0x74, 0x61, 0x72, 0x74, 0x43, 0x6f, 0x64, 0x65, 0x12, 0x25, 0x0a, + 0x0b, 0x6d, 0x6d, 0x5f, 0x65, 0x6e, 0x64, 0x5f, 0x63, 0x6f, 0x64, 0x65, 0x18, 0x02, 0x20, 0x02, + 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x09, 0x6d, 0x6d, 0x45, 0x6e, 0x64, + 0x43, 0x6f, 0x64, 0x65, 0x12, 0x29, 0x0a, 0x0d, 0x6d, 0x6d, 0x5f, 0x73, 0x74, 0x61, 0x72, 0x74, + 0x5f, 0x64, 0x61, 0x74, 0x61, 0x18, 0x03, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, + 0x08, 0x01, 0x52, 0x0b, 0x6d, 0x6d, 0x53, 0x74, 0x61, 0x72, 0x74, 0x44, 0x61, 0x74, 0x61, 0x12, + 0x25, 0x0a, 0x0b, 0x6d, 0x6d, 0x5f, 0x65, 0x6e, 0x64, 0x5f, 0x64, 0x61, 0x74, 0x61, 0x18, 0x04, + 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x09, 0x6d, 0x6d, 0x45, + 0x6e, 0x64, 0x44, 0x61, 0x74, 0x61, 0x12, 0x2b, 0x0a, 0x0e, 0x6d, 0x6d, 0x5f, 0x73, 0x74, 0x61, + 0x72, 0x74, 0x5f, 0x73, 0x74, 0x61, 0x63, 0x6b, 0x18, 0x05, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, + 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x0c, 0x6d, 0x6d, 0x53, 0x74, 0x61, 0x72, 0x74, 0x53, 0x74, + 0x61, 0x63, 0x6b, 0x12, 0x27, 0x0a, 0x0c, 0x6d, 0x6d, 0x5f, 0x73, 0x74, 0x61, 0x72, 0x74, 0x5f, + 0x62, 0x72, 0x6b, 0x18, 0x06, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, + 0x52, 0x0a, 0x6d, 0x6d, 0x53, 0x74, 0x61, 0x72, 0x74, 0x42, 0x72, 0x6b, 0x12, 0x1c, 0x0a, 0x06, + 0x6d, 0x6d, 0x5f, 0x62, 0x72, 0x6b, 0x18, 0x07, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, + 0x02, 0x08, 0x01, 0x52, 0x05, 0x6d, 0x6d, 0x42, 0x72, 0x6b, 0x12, 0x27, 0x0a, 0x0c, 0x6d, 0x6d, + 0x5f, 0x61, 0x72, 0x67, 0x5f, 0x73, 0x74, 0x61, 0x72, 0x74, 0x18, 0x08, 0x20, 0x02, 0x28, 0x04, + 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x0a, 0x6d, 0x6d, 0x41, 0x72, 0x67, 0x53, 0x74, + 0x61, 0x72, 0x74, 0x12, 0x23, 0x0a, 0x0a, 0x6d, 0x6d, 0x5f, 0x61, 0x72, 0x67, 0x5f, 0x65, 0x6e, + 0x64, 0x18, 0x09, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x08, + 0x6d, 0x6d, 0x41, 0x72, 0x67, 0x45, 0x6e, 0x64, 0x12, 0x27, 0x0a, 0x0c, 0x6d, 0x6d, 0x5f, 0x65, + 0x6e, 0x76, 0x5f, 0x73, 0x74, 0x61, 0x72, 0x74, 0x18, 0x0a, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, + 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x0a, 0x6d, 0x6d, 0x45, 0x6e, 0x76, 0x53, 0x74, 0x61, 0x72, + 0x74, 0x12, 0x23, 0x0a, 0x0a, 0x6d, 0x6d, 0x5f, 0x65, 0x6e, 0x76, 0x5f, 0x65, 0x6e, 0x64, 0x18, + 0x0b, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x08, 0x6d, 0x6d, + 0x45, 0x6e, 0x76, 0x45, 0x6e, 0x64, 0x12, 0x1e, 0x0a, 0x0b, 0x65, 0x78, 0x65, 0x5f, 0x66, 0x69, + 0x6c, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x0c, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x09, 0x65, 0x78, 0x65, + 0x46, 0x69, 0x6c, 0x65, 0x49, 0x64, 0x12, 0x22, 0x0a, 0x0d, 0x6d, 0x6d, 0x5f, 0x73, 0x61, 0x76, + 0x65, 0x64, 0x5f, 0x61, 0x75, 0x78, 0x76, 0x18, 0x0d, 0x20, 0x03, 0x28, 0x04, 0x52, 0x0b, 0x6d, + 0x6d, 0x53, 0x61, 0x76, 0x65, 0x64, 0x41, 0x75, 0x78, 0x76, 0x12, 0x1e, 0x0a, 0x04, 0x76, 0x6d, + 0x61, 0x73, 0x18, 0x0e, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0a, 0x2e, 0x76, 0x6d, 0x61, 0x5f, 0x65, + 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x76, 0x6d, 0x61, 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x64, 0x75, + 0x6d, 0x70, 0x61, 0x62, 0x6c, 0x65, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x05, 0x52, 0x08, 0x64, 0x75, + 0x6d, 0x70, 0x61, 0x62, 0x6c, 0x65, 0x12, 0x23, 0x0a, 0x04, 0x61, 0x69, 0x6f, 0x73, 0x18, 0x10, + 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x61, 0x69, 0x6f, 0x5f, 0x72, 0x69, 0x6e, 0x67, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x61, 0x69, 0x6f, 0x73, 0x12, 0x21, 0x0a, 0x0c, 0x74, 0x68, 0x70, 0x5f, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x11, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0b, 0x74, 0x68, 0x70, 0x44, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x64, @@ -328,13 +327,13 @@ func file_mm_proto_rawDescGZIP() []byte { var file_mm_proto_msgTypes = make([]protoimpl.MessageInfo, 2) var file_mm_proto_goTypes = []interface{}{ - (*AioRingEntry)(nil), // 0: criu.aio_ring_entry - (*MmEntry)(nil), // 1: criu.mm_entry - (*VmaEntry)(nil), // 2: criu.vma_entry + (*AioRingEntry)(nil), // 0: aio_ring_entry + (*MmEntry)(nil), // 1: mm_entry + (*VmaEntry)(nil), // 2: vma_entry } var file_mm_proto_depIdxs = []int32{ - 2, // 0: criu.mm_entry.vmas:type_name -> criu.vma_entry - 0, // 1: criu.mm_entry.aios:type_name -> criu.aio_ring_entry + 2, // 0: mm_entry.vmas:type_name -> vma_entry + 0, // 1: mm_entry.aios:type_name -> aio_ring_entry 2, // [2:2] is the sub-list for method output_type 2, // [2:2] is the sub-list for method input_type 2, // [2:2] is the sub-list for extension type_name diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/mm.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/mm.proto index c592bb12e18..b37668c4b31 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/mm.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/mm.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; import "opts.proto"; import "vma.proto"; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/mnt.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/mnt.pb.go index fa7fe8626ec..3c0a385dbe5 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/mnt.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/mnt.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: mnt.proto package images @@ -322,59 +322,58 @@ func (x *MntEntry) GetExtKey() string { var File_mnt_proto protoreflect.FileDescriptor var file_mnt_proto_rawDesc = []byte{ - 0x0a, 0x09, 0x6d, 0x6e, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x63, 0x72, 0x69, - 0x75, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x93, 0x04, - 0x0a, 0x09, 0x6d, 0x6e, 0x74, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x16, 0x0a, 0x06, 0x66, - 0x73, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x06, 0x66, 0x73, 0x74, - 0x79, 0x70, 0x65, 0x12, 0x15, 0x0a, 0x06, 0x6d, 0x6e, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, - 0x02, 0x28, 0x0d, 0x52, 0x05, 0x6d, 0x6e, 0x74, 0x49, 0x64, 0x12, 0x20, 0x0a, 0x08, 0x72, 0x6f, - 0x6f, 0x74, 0x5f, 0x64, 0x65, 0x76, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, - 0x02, 0x20, 0x01, 0x52, 0x07, 0x72, 0x6f, 0x6f, 0x74, 0x44, 0x65, 0x76, 0x12, 0x22, 0x0a, 0x0d, - 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x5f, 0x6d, 0x6e, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x04, 0x20, - 0x02, 0x28, 0x0d, 0x52, 0x0b, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x4d, 0x6e, 0x74, 0x49, 0x64, - 0x12, 0x1b, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x05, 0x20, 0x02, 0x28, 0x0d, 0x42, - 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x12, 0x0a, - 0x04, 0x72, 0x6f, 0x6f, 0x74, 0x18, 0x06, 0x20, 0x02, 0x28, 0x09, 0x52, 0x04, 0x72, 0x6f, 0x6f, - 0x74, 0x12, 0x1e, 0x0a, 0x0a, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x18, - 0x07, 0x20, 0x02, 0x28, 0x09, 0x52, 0x0a, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x70, 0x6f, 0x69, 0x6e, - 0x74, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, 0x08, 0x20, 0x02, 0x28, - 0x09, 0x52, 0x06, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x6f, 0x70, 0x74, - 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x09, 0x20, 0x02, 0x28, 0x09, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, - 0x6f, 0x6e, 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x73, 0x68, 0x61, 0x72, 0x65, 0x64, 0x5f, 0x69, 0x64, - 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x08, 0x73, 0x68, 0x61, 0x72, 0x65, 0x64, 0x49, 0x64, - 0x12, 0x1b, 0x0a, 0x09, 0x6d, 0x61, 0x73, 0x74, 0x65, 0x72, 0x5f, 0x69, 0x64, 0x18, 0x0b, 0x20, - 0x01, 0x28, 0x0d, 0x52, 0x08, 0x6d, 0x61, 0x73, 0x74, 0x65, 0x72, 0x49, 0x64, 0x12, 0x1f, 0x0a, - 0x0b, 0x77, 0x69, 0x74, 0x68, 0x5f, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x18, 0x0c, 0x20, 0x01, - 0x28, 0x08, 0x52, 0x0a, 0x77, 0x69, 0x74, 0x68, 0x50, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x12, 0x1b, - 0x0a, 0x09, 0x65, 0x78, 0x74, 0x5f, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x0d, 0x20, 0x01, 0x28, - 0x08, 0x52, 0x08, 0x65, 0x78, 0x74, 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x66, - 0x73, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x66, 0x73, 0x6e, - 0x61, 0x6d, 0x65, 0x12, 0x29, 0x0a, 0x10, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5f, - 0x73, 0x68, 0x61, 0x72, 0x69, 0x6e, 0x67, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0f, 0x69, - 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x53, 0x68, 0x61, 0x72, 0x69, 0x6e, 0x67, 0x12, 0x18, - 0x0a, 0x07, 0x64, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x64, 0x18, 0x10, 0x20, 0x01, 0x28, 0x08, 0x52, - 0x07, 0x64, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x64, 0x12, 0x20, 0x0a, 0x08, 0x73, 0x62, 0x5f, 0x66, - 0x6c, 0x61, 0x67, 0x73, 0x18, 0x11, 0x20, 0x01, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, - 0x01, 0x52, 0x07, 0x73, 0x62, 0x46, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x17, 0x0a, 0x07, 0x65, 0x78, - 0x74, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x12, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x65, 0x78, 0x74, - 0x4b, 0x65, 0x79, 0x2a, 0x90, 0x02, 0x0a, 0x06, 0x66, 0x73, 0x74, 0x79, 0x70, 0x65, 0x12, 0x0f, - 0x0a, 0x0b, 0x55, 0x4e, 0x53, 0x55, 0x50, 0x50, 0x4f, 0x52, 0x54, 0x45, 0x44, 0x10, 0x00, 0x12, - 0x08, 0x0a, 0x04, 0x50, 0x52, 0x4f, 0x43, 0x10, 0x01, 0x12, 0x09, 0x0a, 0x05, 0x53, 0x59, 0x53, - 0x46, 0x53, 0x10, 0x02, 0x12, 0x0c, 0x0a, 0x08, 0x44, 0x45, 0x56, 0x54, 0x4d, 0x50, 0x46, 0x53, - 0x10, 0x03, 0x12, 0x0f, 0x0a, 0x0b, 0x42, 0x49, 0x4e, 0x46, 0x4d, 0x54, 0x5f, 0x4d, 0x49, 0x53, - 0x43, 0x10, 0x04, 0x12, 0x09, 0x0a, 0x05, 0x54, 0x4d, 0x50, 0x46, 0x53, 0x10, 0x05, 0x12, 0x0a, - 0x0a, 0x06, 0x44, 0x45, 0x56, 0x50, 0x54, 0x53, 0x10, 0x06, 0x12, 0x09, 0x0a, 0x05, 0x53, 0x49, - 0x4d, 0x46, 0x53, 0x10, 0x07, 0x12, 0x0a, 0x0a, 0x06, 0x50, 0x53, 0x54, 0x4f, 0x52, 0x45, 0x10, - 0x08, 0x12, 0x0e, 0x0a, 0x0a, 0x53, 0x45, 0x43, 0x55, 0x52, 0x49, 0x54, 0x59, 0x46, 0x53, 0x10, - 0x09, 0x12, 0x0b, 0x0a, 0x07, 0x46, 0x55, 0x53, 0x45, 0x43, 0x54, 0x4c, 0x10, 0x0a, 0x12, 0x0b, - 0x0a, 0x07, 0x44, 0x45, 0x42, 0x55, 0x47, 0x46, 0x53, 0x10, 0x0b, 0x12, 0x0a, 0x0a, 0x06, 0x43, - 0x47, 0x52, 0x4f, 0x55, 0x50, 0x10, 0x0c, 0x12, 0x08, 0x0a, 0x04, 0x41, 0x55, 0x46, 0x53, 0x10, - 0x0d, 0x12, 0x0a, 0x0a, 0x06, 0x4d, 0x51, 0x55, 0x45, 0x55, 0x45, 0x10, 0x0e, 0x12, 0x08, 0x0a, - 0x04, 0x46, 0x55, 0x53, 0x45, 0x10, 0x0f, 0x12, 0x08, 0x0a, 0x04, 0x41, 0x55, 0x54, 0x4f, 0x10, - 0x10, 0x12, 0x0d, 0x0a, 0x09, 0x4f, 0x56, 0x45, 0x52, 0x4c, 0x41, 0x59, 0x46, 0x53, 0x10, 0x11, - 0x12, 0x0a, 0x0a, 0x06, 0x41, 0x55, 0x54, 0x4f, 0x46, 0x53, 0x10, 0x12, 0x12, 0x0b, 0x0a, 0x07, - 0x54, 0x52, 0x41, 0x43, 0x45, 0x46, 0x53, 0x10, 0x13, 0x12, 0x0b, 0x0a, 0x07, 0x43, 0x47, 0x52, - 0x4f, 0x55, 0x50, 0x32, 0x10, 0x17, + 0x0a, 0x09, 0x6d, 0x6e, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x6f, 0x70, 0x74, + 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x93, 0x04, 0x0a, 0x09, 0x6d, 0x6e, 0x74, 0x5f, + 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x16, 0x0a, 0x06, 0x66, 0x73, 0x74, 0x79, 0x70, 0x65, 0x18, + 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x06, 0x66, 0x73, 0x74, 0x79, 0x70, 0x65, 0x12, 0x15, 0x0a, + 0x06, 0x6d, 0x6e, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x6d, + 0x6e, 0x74, 0x49, 0x64, 0x12, 0x20, 0x0a, 0x08, 0x72, 0x6f, 0x6f, 0x74, 0x5f, 0x64, 0x65, 0x76, + 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x20, 0x01, 0x52, 0x07, 0x72, + 0x6f, 0x6f, 0x74, 0x44, 0x65, 0x76, 0x12, 0x22, 0x0a, 0x0d, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, + 0x5f, 0x6d, 0x6e, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x0b, 0x70, + 0x61, 0x72, 0x65, 0x6e, 0x74, 0x4d, 0x6e, 0x74, 0x49, 0x64, 0x12, 0x1b, 0x0a, 0x05, 0x66, 0x6c, + 0x61, 0x67, 0x73, 0x18, 0x05, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, + 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x72, 0x6f, 0x6f, 0x74, 0x18, + 0x06, 0x20, 0x02, 0x28, 0x09, 0x52, 0x04, 0x72, 0x6f, 0x6f, 0x74, 0x12, 0x1e, 0x0a, 0x0a, 0x6d, + 0x6f, 0x75, 0x6e, 0x74, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x18, 0x07, 0x20, 0x02, 0x28, 0x09, 0x52, + 0x0a, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x73, + 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, 0x08, 0x20, 0x02, 0x28, 0x09, 0x52, 0x06, 0x73, 0x6f, 0x75, + 0x72, 0x63, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x09, + 0x20, 0x02, 0x28, 0x09, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x1b, 0x0a, + 0x09, 0x73, 0x68, 0x61, 0x72, 0x65, 0x64, 0x5f, 0x69, 0x64, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0d, + 0x52, 0x08, 0x73, 0x68, 0x61, 0x72, 0x65, 0x64, 0x49, 0x64, 0x12, 0x1b, 0x0a, 0x09, 0x6d, 0x61, + 0x73, 0x74, 0x65, 0x72, 0x5f, 0x69, 0x64, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x08, 0x6d, + 0x61, 0x73, 0x74, 0x65, 0x72, 0x49, 0x64, 0x12, 0x1f, 0x0a, 0x0b, 0x77, 0x69, 0x74, 0x68, 0x5f, + 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x77, 0x69, + 0x74, 0x68, 0x50, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x12, 0x1b, 0x0a, 0x09, 0x65, 0x78, 0x74, 0x5f, + 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x65, 0x78, 0x74, + 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x66, 0x73, 0x6e, 0x61, 0x6d, 0x65, 0x18, + 0x0e, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x66, 0x73, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x29, 0x0a, + 0x10, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5f, 0x73, 0x68, 0x61, 0x72, 0x69, 0x6e, + 0x67, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, + 0x6c, 0x53, 0x68, 0x61, 0x72, 0x69, 0x6e, 0x67, 0x12, 0x18, 0x0a, 0x07, 0x64, 0x65, 0x6c, 0x65, + 0x74, 0x65, 0x64, 0x18, 0x10, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x64, 0x65, 0x6c, 0x65, 0x74, + 0x65, 0x64, 0x12, 0x20, 0x0a, 0x08, 0x73, 0x62, 0x5f, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x11, + 0x20, 0x01, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x07, 0x73, 0x62, 0x46, + 0x6c, 0x61, 0x67, 0x73, 0x12, 0x17, 0x0a, 0x07, 0x65, 0x78, 0x74, 0x5f, 0x6b, 0x65, 0x79, 0x18, + 0x12, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x65, 0x78, 0x74, 0x4b, 0x65, 0x79, 0x2a, 0x90, 0x02, + 0x0a, 0x06, 0x66, 0x73, 0x74, 0x79, 0x70, 0x65, 0x12, 0x0f, 0x0a, 0x0b, 0x55, 0x4e, 0x53, 0x55, + 0x50, 0x50, 0x4f, 0x52, 0x54, 0x45, 0x44, 0x10, 0x00, 0x12, 0x08, 0x0a, 0x04, 0x50, 0x52, 0x4f, + 0x43, 0x10, 0x01, 0x12, 0x09, 0x0a, 0x05, 0x53, 0x59, 0x53, 0x46, 0x53, 0x10, 0x02, 0x12, 0x0c, + 0x0a, 0x08, 0x44, 0x45, 0x56, 0x54, 0x4d, 0x50, 0x46, 0x53, 0x10, 0x03, 0x12, 0x0f, 0x0a, 0x0b, + 0x42, 0x49, 0x4e, 0x46, 0x4d, 0x54, 0x5f, 0x4d, 0x49, 0x53, 0x43, 0x10, 0x04, 0x12, 0x09, 0x0a, + 0x05, 0x54, 0x4d, 0x50, 0x46, 0x53, 0x10, 0x05, 0x12, 0x0a, 0x0a, 0x06, 0x44, 0x45, 0x56, 0x50, + 0x54, 0x53, 0x10, 0x06, 0x12, 0x09, 0x0a, 0x05, 0x53, 0x49, 0x4d, 0x46, 0x53, 0x10, 0x07, 0x12, + 0x0a, 0x0a, 0x06, 0x50, 0x53, 0x54, 0x4f, 0x52, 0x45, 0x10, 0x08, 0x12, 0x0e, 0x0a, 0x0a, 0x53, + 0x45, 0x43, 0x55, 0x52, 0x49, 0x54, 0x59, 0x46, 0x53, 0x10, 0x09, 0x12, 0x0b, 0x0a, 0x07, 0x46, + 0x55, 0x53, 0x45, 0x43, 0x54, 0x4c, 0x10, 0x0a, 0x12, 0x0b, 0x0a, 0x07, 0x44, 0x45, 0x42, 0x55, + 0x47, 0x46, 0x53, 0x10, 0x0b, 0x12, 0x0a, 0x0a, 0x06, 0x43, 0x47, 0x52, 0x4f, 0x55, 0x50, 0x10, + 0x0c, 0x12, 0x08, 0x0a, 0x04, 0x41, 0x55, 0x46, 0x53, 0x10, 0x0d, 0x12, 0x0a, 0x0a, 0x06, 0x4d, + 0x51, 0x55, 0x45, 0x55, 0x45, 0x10, 0x0e, 0x12, 0x08, 0x0a, 0x04, 0x46, 0x55, 0x53, 0x45, 0x10, + 0x0f, 0x12, 0x08, 0x0a, 0x04, 0x41, 0x55, 0x54, 0x4f, 0x10, 0x10, 0x12, 0x0d, 0x0a, 0x09, 0x4f, + 0x56, 0x45, 0x52, 0x4c, 0x41, 0x59, 0x46, 0x53, 0x10, 0x11, 0x12, 0x0a, 0x0a, 0x06, 0x41, 0x55, + 0x54, 0x4f, 0x46, 0x53, 0x10, 0x12, 0x12, 0x0b, 0x0a, 0x07, 0x54, 0x52, 0x41, 0x43, 0x45, 0x46, + 0x53, 0x10, 0x13, 0x12, 0x0b, 0x0a, 0x07, 0x43, 0x47, 0x52, 0x4f, 0x55, 0x50, 0x32, 0x10, 0x17, } var ( @@ -392,8 +391,8 @@ func file_mnt_proto_rawDescGZIP() []byte { var file_mnt_proto_enumTypes = make([]protoimpl.EnumInfo, 1) var file_mnt_proto_msgTypes = make([]protoimpl.MessageInfo, 1) var file_mnt_proto_goTypes = []interface{}{ - (Fstype)(0), // 0: criu.fstype - (*MntEntry)(nil), // 1: criu.mnt_entry + (Fstype)(0), // 0: fstype + (*MntEntry)(nil), // 1: mnt_entry } var file_mnt_proto_depIdxs = []int32{ 0, // [0:0] is the sub-list for method output_type diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/mnt.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/mnt.proto index 14901b7eaff..4abb7d1a95d 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/mnt.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/mnt.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; import "opts.proto"; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/netdev.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/netdev.pb.go index e00eb87739f..bcceee8533c 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/netdev.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/netdev.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: netdev.proto package images @@ -105,7 +105,7 @@ type NetDeviceEntry struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Type *NdType `protobuf:"varint,1,req,name=type,enum=criu.NdType" json:"type,omitempty"` + Type *NdType `protobuf:"varint,1,req,name=type,enum=NdType" json:"type,omitempty"` Ifindex *uint32 `protobuf:"varint,2,req,name=ifindex" json:"ifindex,omitempty"` Mtu *uint32 `protobuf:"varint,3,req,name=mtu" json:"mtu,omitempty"` Flags *uint32 `protobuf:"varint,4,req,name=flags" json:"flags,omitempty"` @@ -432,78 +432,74 @@ func (x *NetnsEntry) GetUnixConf() []*SysctlEntry { var File_netdev_proto protoreflect.FileDescriptor var file_netdev_proto_rawDesc = []byte{ - 0x0a, 0x0c, 0x6e, 0x65, 0x74, 0x64, 0x65, 0x76, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, - 0x63, 0x72, 0x69, 0x75, 0x1a, 0x0d, 0x6d, 0x61, 0x63, 0x76, 0x6c, 0x61, 0x6e, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, - 0x09, 0x74, 0x75, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0c, 0x73, 0x79, 0x73, 0x63, - 0x74, 0x6c, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x09, 0x73, 0x69, 0x74, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x22, 0xeb, 0x03, 0x0a, 0x10, 0x6e, 0x65, 0x74, 0x5f, 0x64, 0x65, 0x76, 0x69, - 0x63, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x21, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, - 0x18, 0x01, 0x20, 0x02, 0x28, 0x0e, 0x32, 0x0d, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x6e, 0x64, - 0x5f, 0x74, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x69, - 0x66, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x69, 0x66, - 0x69, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x10, 0x0a, 0x03, 0x6d, 0x74, 0x75, 0x18, 0x03, 0x20, 0x02, - 0x28, 0x0d, 0x52, 0x03, 0x6d, 0x74, 0x75, 0x12, 0x1b, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, - 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x05, 0x66, - 0x6c, 0x61, 0x67, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x05, 0x20, 0x02, - 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x26, 0x0a, 0x03, 0x74, 0x75, 0x6e, 0x18, - 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x74, 0x75, 0x6e, + 0x0a, 0x0c, 0x6e, 0x65, 0x74, 0x64, 0x65, 0x76, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0d, + 0x6d, 0x61, 0x63, 0x76, 0x6c, 0x61, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x6f, + 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x09, 0x74, 0x75, 0x6e, 0x2e, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0c, 0x73, 0x79, 0x73, 0x63, 0x74, 0x6c, 0x2e, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x1a, 0x09, 0x73, 0x69, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xcd, 0x03, + 0x0a, 0x10, 0x6e, 0x65, 0x74, 0x5f, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x65, 0x6e, 0x74, + 0x72, 0x79, 0x12, 0x1c, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0e, + 0x32, 0x08, 0x2e, 0x6e, 0x64, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, + 0x12, 0x18, 0x0a, 0x07, 0x69, 0x66, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x02, 0x20, 0x02, 0x28, + 0x0d, 0x52, 0x07, 0x69, 0x66, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x10, 0x0a, 0x03, 0x6d, 0x74, + 0x75, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, 0x6d, 0x74, 0x75, 0x12, 0x1b, 0x0a, 0x05, + 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, + 0x08, 0x01, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, + 0x65, 0x18, 0x05, 0x20, 0x02, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x21, 0x0a, + 0x03, 0x74, 0x75, 0x6e, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x74, 0x75, 0x6e, 0x5f, 0x6c, 0x69, 0x6e, 0x6b, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x74, 0x75, 0x6e, 0x12, 0x18, 0x0a, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x63, 0x6f, - 0x6e, 0x66, 0x18, 0x08, 0x20, 0x03, 0x28, 0x05, 0x52, 0x04, 0x63, 0x6f, 0x6e, 0x66, 0x12, 0x28, - 0x0a, 0x05, 0x63, 0x6f, 0x6e, 0x66, 0x34, 0x18, 0x09, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x12, 0x2e, - 0x63, 0x72, 0x69, 0x75, 0x2e, 0x73, 0x79, 0x73, 0x63, 0x74, 0x6c, 0x5f, 0x65, 0x6e, 0x74, 0x72, - 0x79, 0x52, 0x05, 0x63, 0x6f, 0x6e, 0x66, 0x34, 0x12, 0x28, 0x0a, 0x05, 0x63, 0x6f, 0x6e, 0x66, - 0x36, 0x18, 0x0a, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x73, - 0x79, 0x73, 0x63, 0x74, 0x6c, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x05, 0x63, 0x6f, 0x6e, - 0x66, 0x36, 0x12, 0x32, 0x0a, 0x07, 0x6d, 0x61, 0x63, 0x76, 0x6c, 0x61, 0x6e, 0x18, 0x0b, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x6d, 0x61, 0x63, 0x76, 0x6c, - 0x61, 0x6e, 0x5f, 0x6c, 0x69, 0x6e, 0x6b, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x6d, - 0x61, 0x63, 0x76, 0x6c, 0x61, 0x6e, 0x12, 0x21, 0x0a, 0x0c, 0x70, 0x65, 0x65, 0x72, 0x5f, 0x69, - 0x66, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0b, 0x70, 0x65, - 0x65, 0x72, 0x49, 0x66, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x1b, 0x0a, 0x09, 0x70, 0x65, 0x65, - 0x72, 0x5f, 0x6e, 0x73, 0x69, 0x64, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x08, 0x70, 0x65, - 0x65, 0x72, 0x4e, 0x73, 0x69, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x6d, 0x61, 0x73, 0x74, 0x65, 0x72, - 0x18, 0x0e, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x06, 0x6d, 0x61, 0x73, 0x74, 0x65, 0x72, 0x12, 0x21, - 0x0a, 0x03, 0x73, 0x69, 0x74, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x63, 0x72, - 0x69, 0x75, 0x2e, 0x73, 0x69, 0x74, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x73, 0x69, - 0x74, 0x22, 0x51, 0x0a, 0x08, 0x6e, 0x65, 0x74, 0x6e, 0x73, 0x5f, 0x69, 0x64, 0x12, 0x20, 0x0a, - 0x0c, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x5f, 0x6e, 0x73, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, - 0x02, 0x28, 0x0d, 0x52, 0x0a, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x4e, 0x73, 0x49, 0x64, 0x12, - 0x23, 0x0a, 0x0d, 0x6e, 0x65, 0x74, 0x6e, 0x73, 0x69, 0x64, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, - 0x18, 0x02, 0x20, 0x02, 0x28, 0x05, 0x52, 0x0c, 0x6e, 0x65, 0x74, 0x6e, 0x73, 0x69, 0x64, 0x56, - 0x61, 0x6c, 0x75, 0x65, 0x22, 0xf7, 0x02, 0x0a, 0x0b, 0x6e, 0x65, 0x74, 0x6e, 0x73, 0x5f, 0x65, - 0x6e, 0x74, 0x72, 0x79, 0x12, 0x19, 0x0a, 0x08, 0x64, 0x65, 0x66, 0x5f, 0x63, 0x6f, 0x6e, 0x66, - 0x18, 0x01, 0x20, 0x03, 0x28, 0x05, 0x52, 0x07, 0x64, 0x65, 0x66, 0x43, 0x6f, 0x6e, 0x66, 0x12, - 0x19, 0x0a, 0x08, 0x61, 0x6c, 0x6c, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x18, 0x02, 0x20, 0x03, 0x28, - 0x05, 0x52, 0x07, 0x61, 0x6c, 0x6c, 0x43, 0x6f, 0x6e, 0x66, 0x12, 0x2f, 0x0a, 0x09, 0x64, 0x65, - 0x66, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x34, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x12, 0x2e, - 0x63, 0x72, 0x69, 0x75, 0x2e, 0x73, 0x79, 0x73, 0x63, 0x74, 0x6c, 0x5f, 0x65, 0x6e, 0x74, 0x72, - 0x79, 0x52, 0x08, 0x64, 0x65, 0x66, 0x43, 0x6f, 0x6e, 0x66, 0x34, 0x12, 0x2f, 0x0a, 0x09, 0x61, - 0x6c, 0x6c, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x34, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x12, - 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x73, 0x79, 0x73, 0x63, 0x74, 0x6c, 0x5f, 0x65, 0x6e, 0x74, - 0x72, 0x79, 0x52, 0x08, 0x61, 0x6c, 0x6c, 0x43, 0x6f, 0x6e, 0x66, 0x34, 0x12, 0x2f, 0x0a, 0x09, - 0x64, 0x65, 0x66, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x36, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, - 0x12, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x73, 0x79, 0x73, 0x63, 0x74, 0x6c, 0x5f, 0x65, 0x6e, - 0x74, 0x72, 0x79, 0x52, 0x08, 0x64, 0x65, 0x66, 0x43, 0x6f, 0x6e, 0x66, 0x36, 0x12, 0x2f, 0x0a, - 0x09, 0x61, 0x6c, 0x6c, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x36, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, - 0x32, 0x12, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x73, 0x79, 0x73, 0x63, 0x74, 0x6c, 0x5f, 0x65, - 0x6e, 0x74, 0x72, 0x79, 0x52, 0x08, 0x61, 0x6c, 0x6c, 0x43, 0x6f, 0x6e, 0x66, 0x36, 0x12, 0x24, - 0x0a, 0x05, 0x6e, 0x73, 0x69, 0x64, 0x73, 0x18, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0e, 0x2e, - 0x63, 0x72, 0x69, 0x75, 0x2e, 0x6e, 0x65, 0x74, 0x6e, 0x73, 0x5f, 0x69, 0x64, 0x52, 0x05, 0x6e, - 0x73, 0x69, 0x64, 0x73, 0x12, 0x17, 0x0a, 0x07, 0x65, 0x78, 0x74, 0x5f, 0x6b, 0x65, 0x79, 0x18, - 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x65, 0x78, 0x74, 0x4b, 0x65, 0x79, 0x12, 0x2f, 0x0a, - 0x09, 0x75, 0x6e, 0x69, 0x78, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x18, 0x09, 0x20, 0x03, 0x28, 0x0b, - 0x32, 0x12, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x73, 0x79, 0x73, 0x63, 0x74, 0x6c, 0x5f, 0x65, - 0x6e, 0x74, 0x72, 0x79, 0x52, 0x08, 0x75, 0x6e, 0x69, 0x78, 0x43, 0x6f, 0x6e, 0x66, 0x2a, 0x64, - 0x0a, 0x07, 0x6e, 0x64, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x12, 0x0c, 0x0a, 0x08, 0x4c, 0x4f, 0x4f, - 0x50, 0x42, 0x41, 0x43, 0x4b, 0x10, 0x01, 0x12, 0x08, 0x0a, 0x04, 0x56, 0x45, 0x54, 0x48, 0x10, - 0x02, 0x12, 0x07, 0x0a, 0x03, 0x54, 0x55, 0x4e, 0x10, 0x03, 0x12, 0x0b, 0x0a, 0x07, 0x45, 0x58, - 0x54, 0x4c, 0x49, 0x4e, 0x4b, 0x10, 0x04, 0x12, 0x09, 0x0a, 0x05, 0x56, 0x45, 0x4e, 0x45, 0x54, - 0x10, 0x05, 0x12, 0x0a, 0x0a, 0x06, 0x42, 0x52, 0x49, 0x44, 0x47, 0x45, 0x10, 0x06, 0x12, 0x0b, - 0x0a, 0x07, 0x4d, 0x41, 0x43, 0x56, 0x4c, 0x41, 0x4e, 0x10, 0x07, 0x12, 0x07, 0x0a, 0x03, 0x53, - 0x49, 0x54, 0x10, 0x08, + 0x6e, 0x66, 0x18, 0x08, 0x20, 0x03, 0x28, 0x05, 0x52, 0x04, 0x63, 0x6f, 0x6e, 0x66, 0x12, 0x23, + 0x0a, 0x05, 0x63, 0x6f, 0x6e, 0x66, 0x34, 0x18, 0x09, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0d, 0x2e, + 0x73, 0x79, 0x73, 0x63, 0x74, 0x6c, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x05, 0x63, 0x6f, + 0x6e, 0x66, 0x34, 0x12, 0x23, 0x0a, 0x05, 0x63, 0x6f, 0x6e, 0x66, 0x36, 0x18, 0x0a, 0x20, 0x03, + 0x28, 0x0b, 0x32, 0x0d, 0x2e, 0x73, 0x79, 0x73, 0x63, 0x74, 0x6c, 0x5f, 0x65, 0x6e, 0x74, 0x72, + 0x79, 0x52, 0x05, 0x63, 0x6f, 0x6e, 0x66, 0x36, 0x12, 0x2d, 0x0a, 0x07, 0x6d, 0x61, 0x63, 0x76, + 0x6c, 0x61, 0x6e, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x6d, 0x61, 0x63, 0x76, + 0x6c, 0x61, 0x6e, 0x5f, 0x6c, 0x69, 0x6e, 0x6b, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, + 0x6d, 0x61, 0x63, 0x76, 0x6c, 0x61, 0x6e, 0x12, 0x21, 0x0a, 0x0c, 0x70, 0x65, 0x65, 0x72, 0x5f, + 0x69, 0x66, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0b, 0x70, + 0x65, 0x65, 0x72, 0x49, 0x66, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x1b, 0x0a, 0x09, 0x70, 0x65, + 0x65, 0x72, 0x5f, 0x6e, 0x73, 0x69, 0x64, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x08, 0x70, + 0x65, 0x65, 0x72, 0x4e, 0x73, 0x69, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x6d, 0x61, 0x73, 0x74, 0x65, + 0x72, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x06, 0x6d, 0x61, 0x73, 0x74, 0x65, 0x72, 0x12, + 0x1c, 0x0a, 0x03, 0x73, 0x69, 0x74, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0a, 0x2e, 0x73, + 0x69, 0x74, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x73, 0x69, 0x74, 0x22, 0x51, 0x0a, + 0x08, 0x6e, 0x65, 0x74, 0x6e, 0x73, 0x5f, 0x69, 0x64, 0x12, 0x20, 0x0a, 0x0c, 0x74, 0x61, 0x72, + 0x67, 0x65, 0x74, 0x5f, 0x6e, 0x73, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, + 0x0a, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x4e, 0x73, 0x49, 0x64, 0x12, 0x23, 0x0a, 0x0d, 0x6e, + 0x65, 0x74, 0x6e, 0x73, 0x69, 0x64, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x02, + 0x28, 0x05, 0x52, 0x0c, 0x6e, 0x65, 0x74, 0x6e, 0x73, 0x69, 0x64, 0x56, 0x61, 0x6c, 0x75, 0x65, + 0x22, 0xd9, 0x02, 0x0a, 0x0b, 0x6e, 0x65, 0x74, 0x6e, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, + 0x12, 0x19, 0x0a, 0x08, 0x64, 0x65, 0x66, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x18, 0x01, 0x20, 0x03, + 0x28, 0x05, 0x52, 0x07, 0x64, 0x65, 0x66, 0x43, 0x6f, 0x6e, 0x66, 0x12, 0x19, 0x0a, 0x08, 0x61, + 0x6c, 0x6c, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x18, 0x02, 0x20, 0x03, 0x28, 0x05, 0x52, 0x07, 0x61, + 0x6c, 0x6c, 0x43, 0x6f, 0x6e, 0x66, 0x12, 0x2a, 0x0a, 0x09, 0x64, 0x65, 0x66, 0x5f, 0x63, 0x6f, + 0x6e, 0x66, 0x34, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0d, 0x2e, 0x73, 0x79, 0x73, 0x63, + 0x74, 0x6c, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x08, 0x64, 0x65, 0x66, 0x43, 0x6f, 0x6e, + 0x66, 0x34, 0x12, 0x2a, 0x0a, 0x09, 0x61, 0x6c, 0x6c, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x34, 0x18, + 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0d, 0x2e, 0x73, 0x79, 0x73, 0x63, 0x74, 0x6c, 0x5f, 0x65, + 0x6e, 0x74, 0x72, 0x79, 0x52, 0x08, 0x61, 0x6c, 0x6c, 0x43, 0x6f, 0x6e, 0x66, 0x34, 0x12, 0x2a, + 0x0a, 0x09, 0x64, 0x65, 0x66, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x36, 0x18, 0x05, 0x20, 0x03, 0x28, + 0x0b, 0x32, 0x0d, 0x2e, 0x73, 0x79, 0x73, 0x63, 0x74, 0x6c, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, + 0x52, 0x08, 0x64, 0x65, 0x66, 0x43, 0x6f, 0x6e, 0x66, 0x36, 0x12, 0x2a, 0x0a, 0x09, 0x61, 0x6c, + 0x6c, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x36, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0d, 0x2e, + 0x73, 0x79, 0x73, 0x63, 0x74, 0x6c, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x08, 0x61, 0x6c, + 0x6c, 0x43, 0x6f, 0x6e, 0x66, 0x36, 0x12, 0x1f, 0x0a, 0x05, 0x6e, 0x73, 0x69, 0x64, 0x73, 0x18, + 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x09, 0x2e, 0x6e, 0x65, 0x74, 0x6e, 0x73, 0x5f, 0x69, 0x64, + 0x52, 0x05, 0x6e, 0x73, 0x69, 0x64, 0x73, 0x12, 0x17, 0x0a, 0x07, 0x65, 0x78, 0x74, 0x5f, 0x6b, + 0x65, 0x79, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x65, 0x78, 0x74, 0x4b, 0x65, 0x79, + 0x12, 0x2a, 0x0a, 0x09, 0x75, 0x6e, 0x69, 0x78, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x18, 0x09, 0x20, + 0x03, 0x28, 0x0b, 0x32, 0x0d, 0x2e, 0x73, 0x79, 0x73, 0x63, 0x74, 0x6c, 0x5f, 0x65, 0x6e, 0x74, + 0x72, 0x79, 0x52, 0x08, 0x75, 0x6e, 0x69, 0x78, 0x43, 0x6f, 0x6e, 0x66, 0x2a, 0x64, 0x0a, 0x07, + 0x6e, 0x64, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x12, 0x0c, 0x0a, 0x08, 0x4c, 0x4f, 0x4f, 0x50, 0x42, + 0x41, 0x43, 0x4b, 0x10, 0x01, 0x12, 0x08, 0x0a, 0x04, 0x56, 0x45, 0x54, 0x48, 0x10, 0x02, 0x12, + 0x07, 0x0a, 0x03, 0x54, 0x55, 0x4e, 0x10, 0x03, 0x12, 0x0b, 0x0a, 0x07, 0x45, 0x58, 0x54, 0x4c, + 0x49, 0x4e, 0x4b, 0x10, 0x04, 0x12, 0x09, 0x0a, 0x05, 0x56, 0x45, 0x4e, 0x45, 0x54, 0x10, 0x05, + 0x12, 0x0a, 0x0a, 0x06, 0x42, 0x52, 0x49, 0x44, 0x47, 0x45, 0x10, 0x06, 0x12, 0x0b, 0x0a, 0x07, + 0x4d, 0x41, 0x43, 0x56, 0x4c, 0x41, 0x4e, 0x10, 0x07, 0x12, 0x07, 0x0a, 0x03, 0x53, 0x49, 0x54, + 0x10, 0x08, } var ( @@ -521,28 +517,28 @@ func file_netdev_proto_rawDescGZIP() []byte { var file_netdev_proto_enumTypes = make([]protoimpl.EnumInfo, 1) var file_netdev_proto_msgTypes = make([]protoimpl.MessageInfo, 3) var file_netdev_proto_goTypes = []interface{}{ - (NdType)(0), // 0: criu.nd_type - (*NetDeviceEntry)(nil), // 1: criu.net_device_entry - (*NetnsId)(nil), // 2: criu.netns_id - (*NetnsEntry)(nil), // 3: criu.netns_entry - (*TunLinkEntry)(nil), // 4: criu.tun_link_entry - (*SysctlEntry)(nil), // 5: criu.sysctl_entry - (*MacvlanLinkEntry)(nil), // 6: criu.macvlan_link_entry - (*SitEntry)(nil), // 7: criu.sit_entry + (NdType)(0), // 0: nd_type + (*NetDeviceEntry)(nil), // 1: net_device_entry + (*NetnsId)(nil), // 2: netns_id + (*NetnsEntry)(nil), // 3: netns_entry + (*TunLinkEntry)(nil), // 4: tun_link_entry + (*SysctlEntry)(nil), // 5: sysctl_entry + (*MacvlanLinkEntry)(nil), // 6: macvlan_link_entry + (*SitEntry)(nil), // 7: sit_entry } var file_netdev_proto_depIdxs = []int32{ - 0, // 0: criu.net_device_entry.type:type_name -> criu.nd_type - 4, // 1: criu.net_device_entry.tun:type_name -> criu.tun_link_entry - 5, // 2: criu.net_device_entry.conf4:type_name -> criu.sysctl_entry - 5, // 3: criu.net_device_entry.conf6:type_name -> criu.sysctl_entry - 6, // 4: criu.net_device_entry.macvlan:type_name -> criu.macvlan_link_entry - 7, // 5: criu.net_device_entry.sit:type_name -> criu.sit_entry - 5, // 6: criu.netns_entry.def_conf4:type_name -> criu.sysctl_entry - 5, // 7: criu.netns_entry.all_conf4:type_name -> criu.sysctl_entry - 5, // 8: criu.netns_entry.def_conf6:type_name -> criu.sysctl_entry - 5, // 9: criu.netns_entry.all_conf6:type_name -> criu.sysctl_entry - 2, // 10: criu.netns_entry.nsids:type_name -> criu.netns_id - 5, // 11: criu.netns_entry.unix_conf:type_name -> criu.sysctl_entry + 0, // 0: net_device_entry.type:type_name -> nd_type + 4, // 1: net_device_entry.tun:type_name -> tun_link_entry + 5, // 2: net_device_entry.conf4:type_name -> sysctl_entry + 5, // 3: net_device_entry.conf6:type_name -> sysctl_entry + 6, // 4: net_device_entry.macvlan:type_name -> macvlan_link_entry + 7, // 5: net_device_entry.sit:type_name -> sit_entry + 5, // 6: netns_entry.def_conf4:type_name -> sysctl_entry + 5, // 7: netns_entry.all_conf4:type_name -> sysctl_entry + 5, // 8: netns_entry.def_conf6:type_name -> sysctl_entry + 5, // 9: netns_entry.all_conf6:type_name -> sysctl_entry + 2, // 10: netns_entry.nsids:type_name -> netns_id + 5, // 11: netns_entry.unix_conf:type_name -> sysctl_entry 12, // [12:12] is the sub-list for method output_type 12, // [12:12] is the sub-list for method input_type 12, // [12:12] is the sub-list for extension type_name diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/netdev.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/netdev.proto index 198a937c2cb..748fd02004b 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/netdev.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/netdev.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; import "macvlan.proto"; import "opts.proto"; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ns.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ns.pb.go index ede1d516f15..361308164bb 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ns.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ns.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: ns.proto package images @@ -96,14 +96,14 @@ func (x *NsFileEntry) GetFlags() uint32 { var File_ns_proto protoreflect.FileDescriptor var file_ns_proto_rawDesc = []byte{ - 0x0a, 0x08, 0x6e, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x63, 0x72, 0x69, 0x75, - 0x22, 0x65, 0x0a, 0x0d, 0x6e, 0x73, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, - 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, - 0x64, 0x12, 0x13, 0x0a, 0x05, 0x6e, 0x73, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, - 0x52, 0x04, 0x6e, 0x73, 0x49, 0x64, 0x12, 0x19, 0x0a, 0x08, 0x6e, 0x73, 0x5f, 0x63, 0x66, 0x6c, - 0x61, 0x67, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x6e, 0x73, 0x43, 0x66, 0x6c, 0x61, - 0x67, 0x12, 0x14, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, - 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, + 0x0a, 0x08, 0x6e, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x65, 0x0a, 0x0d, 0x6e, 0x73, + 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, + 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, 0x13, 0x0a, 0x05, 0x6e, + 0x73, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x6e, 0x73, 0x49, 0x64, + 0x12, 0x19, 0x0a, 0x08, 0x6e, 0x73, 0x5f, 0x63, 0x66, 0x6c, 0x61, 0x67, 0x18, 0x03, 0x20, 0x02, + 0x28, 0x0d, 0x52, 0x07, 0x6e, 0x73, 0x43, 0x66, 0x6c, 0x61, 0x67, 0x12, 0x14, 0x0a, 0x05, 0x66, + 0x6c, 0x61, 0x67, 0x73, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, + 0x73, } var ( @@ -120,7 +120,7 @@ func file_ns_proto_rawDescGZIP() []byte { var file_ns_proto_msgTypes = make([]protoimpl.MessageInfo, 1) var file_ns_proto_goTypes = []interface{}{ - (*NsFileEntry)(nil), // 0: criu.ns_file_entry + (*NsFileEntry)(nil), // 0: ns_file_entry } var file_ns_proto_depIdxs = []int32{ 0, // [0:0] is the sub-list for method output_type diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ns.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ns.proto index 49e2bf31214..19ec641f623 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ns.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ns.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; message ns_file_entry { required uint32 id = 1; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/opts.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/opts.pb.go index a025f2016b1..6c4d4be8ae9 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/opts.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/opts.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: opts.proto package images @@ -123,7 +123,7 @@ var file_opts_proto_extTypes = []protoimpl.ExtensionInfo{ ExtendedType: (*descriptorpb.FieldOptions)(nil), ExtensionType: (*CRIU_Opts)(nil), Field: 1018, - Name: "criu.criu", + Name: "criu", Tag: "bytes,1018,opt,name=criu", Filename: "opts.proto", }, @@ -133,31 +133,30 @@ var file_opts_proto_extTypes = []protoimpl.ExtensionInfo{ var ( // Registered unique number to use for all kinds of custom options. // - // optional criu.CRIU_Opts criu = 1018; + // optional CRIU_Opts criu = 1018; E_Criu = &file_opts_proto_extTypes[0] ) var File_opts_proto protoreflect.FileDescriptor var file_opts_proto_rawDesc = []byte{ - 0x0a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x63, 0x72, - 0x69, 0x75, 0x1a, 0x20, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x62, 0x75, 0x66, 0x2f, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x97, 0x01, 0x0a, 0x09, 0x43, 0x52, 0x49, 0x55, 0x5f, 0x4f, 0x70, - 0x74, 0x73, 0x12, 0x10, 0x0a, 0x03, 0x68, 0x65, 0x78, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, - 0x03, 0x68, 0x65, 0x78, 0x12, 0x14, 0x0a, 0x05, 0x69, 0x70, 0x61, 0x64, 0x64, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x08, 0x52, 0x05, 0x69, 0x70, 0x61, 0x64, 0x64, 0x12, 0x14, 0x0a, 0x05, 0x66, 0x6c, - 0x61, 0x67, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, - 0x12, 0x10, 0x0a, 0x03, 0x64, 0x65, 0x76, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x03, 0x64, - 0x65, 0x76, 0x12, 0x12, 0x0a, 0x04, 0x6f, 0x64, 0x65, 0x76, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, - 0x52, 0x04, 0x6f, 0x64, 0x65, 0x76, 0x12, 0x12, 0x0a, 0x04, 0x64, 0x69, 0x63, 0x74, 0x18, 0x06, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x64, 0x69, 0x63, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x63, 0x6f, - 0x6e, 0x76, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x63, 0x6f, 0x6e, 0x76, 0x3a, 0x43, - 0x0a, 0x04, 0x63, 0x72, 0x69, 0x75, 0x12, 0x1d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4f, 0x70, - 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0xfa, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x63, - 0x72, 0x69, 0x75, 0x2e, 0x43, 0x52, 0x49, 0x55, 0x5f, 0x4f, 0x70, 0x74, 0x73, 0x52, 0x04, 0x63, - 0x72, 0x69, 0x75, + 0x0a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x20, 0x67, 0x6f, + 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, 0x65, + 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x97, + 0x01, 0x0a, 0x09, 0x43, 0x52, 0x49, 0x55, 0x5f, 0x4f, 0x70, 0x74, 0x73, 0x12, 0x10, 0x0a, 0x03, + 0x68, 0x65, 0x78, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x03, 0x68, 0x65, 0x78, 0x12, 0x14, + 0x0a, 0x05, 0x69, 0x70, 0x61, 0x64, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x05, 0x69, + 0x70, 0x61, 0x64, 0x64, 0x12, 0x14, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x03, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x10, 0x0a, 0x03, 0x64, 0x65, + 0x76, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x03, 0x64, 0x65, 0x76, 0x12, 0x12, 0x0a, 0x04, + 0x6f, 0x64, 0x65, 0x76, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x04, 0x6f, 0x64, 0x65, 0x76, + 0x12, 0x12, 0x0a, 0x04, 0x64, 0x69, 0x63, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, + 0x64, 0x69, 0x63, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x63, 0x6f, 0x6e, 0x76, 0x18, 0x07, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x04, 0x63, 0x6f, 0x6e, 0x76, 0x3a, 0x3e, 0x0a, 0x04, 0x63, 0x72, 0x69, 0x75, + 0x12, 0x1d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, + 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, + 0xfa, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0a, 0x2e, 0x43, 0x52, 0x49, 0x55, 0x5f, 0x4f, 0x70, + 0x74, 0x73, 0x52, 0x04, 0x63, 0x72, 0x69, 0x75, } var ( @@ -174,12 +173,12 @@ func file_opts_proto_rawDescGZIP() []byte { var file_opts_proto_msgTypes = make([]protoimpl.MessageInfo, 1) var file_opts_proto_goTypes = []interface{}{ - (*CRIU_Opts)(nil), // 0: criu.CRIU_Opts + (*CRIU_Opts)(nil), // 0: CRIU_Opts (*descriptorpb.FieldOptions)(nil), // 1: google.protobuf.FieldOptions } var file_opts_proto_depIdxs = []int32{ - 1, // 0: criu.criu:extendee -> google.protobuf.FieldOptions - 0, // 1: criu.criu:type_name -> criu.CRIU_Opts + 1, // 0: criu:extendee -> google.protobuf.FieldOptions + 0, // 1: criu:type_name -> CRIU_Opts 2, // [2:2] is the sub-list for method output_type 2, // [2:2] is the sub-list for method input_type 1, // [1:2] is the sub-list for extension type_name diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/opts.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/opts.proto index 16d9d6206a8..d730673a22a 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/opts.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/opts.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; import "google/protobuf/descriptor.proto"; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/packet-sock.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/packet-sock.pb.go index 7a7b93953e0..c4b9d747506 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/packet-sock.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/packet-sock.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: packet-sock.proto package images @@ -388,41 +388,40 @@ var File_packet_sock_proto protoreflect.FileDescriptor var file_packet_sock_proto_rawDesc = []byte{ 0x0a, 0x11, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x2d, 0x73, 0x6f, 0x63, 0x6b, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x63, 0x72, 0x69, 0x75, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x66, 0x6f, 0x77, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x1a, 0x0d, 0x73, 0x6b, 0x2d, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x22, 0x4d, 0x0a, 0x0d, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x5f, 0x6d, 0x63, 0x6c, 0x69, 0x73, - 0x74, 0x12, 0x14, 0x0a, 0x05, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, - 0x52, 0x05, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, - 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x61, - 0x64, 0x64, 0x72, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0c, 0x52, 0x04, 0x61, 0x64, 0x64, 0x72, 0x22, - 0xdd, 0x01, 0x0a, 0x0b, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x5f, 0x72, 0x69, 0x6e, 0x67, 0x12, - 0x1d, 0x0a, 0x0a, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x01, 0x20, - 0x02, 0x28, 0x0d, 0x52, 0x09, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x53, 0x69, 0x7a, 0x65, 0x12, 0x19, - 0x0a, 0x08, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x5f, 0x6e, 0x72, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, - 0x52, 0x07, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x4e, 0x72, 0x12, 0x1d, 0x0a, 0x0a, 0x66, 0x72, 0x61, - 0x6d, 0x65, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x09, 0x66, - 0x72, 0x61, 0x6d, 0x65, 0x53, 0x69, 0x7a, 0x65, 0x12, 0x19, 0x0a, 0x08, 0x66, 0x72, 0x61, 0x6d, - 0x65, 0x5f, 0x6e, 0x72, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x66, 0x72, 0x61, 0x6d, - 0x65, 0x4e, 0x72, 0x12, 0x1d, 0x0a, 0x0a, 0x72, 0x65, 0x74, 0x69, 0x72, 0x65, 0x5f, 0x74, 0x6d, - 0x6f, 0x18, 0x05, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x09, 0x72, 0x65, 0x74, 0x69, 0x72, 0x65, 0x54, - 0x6d, 0x6f, 0x12, 0x1f, 0x0a, 0x0b, 0x73, 0x69, 0x7a, 0x65, 0x6f, 0x66, 0x5f, 0x70, 0x72, 0x69, - 0x76, 0x18, 0x06, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x0a, 0x73, 0x69, 0x7a, 0x65, 0x6f, 0x66, 0x50, - 0x72, 0x69, 0x76, 0x12, 0x1a, 0x0a, 0x08, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x18, - 0x07, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x08, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x22, - 0xef, 0x04, 0x0a, 0x11, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x5f, 0x73, 0x6f, 0x63, 0x6b, 0x5f, - 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, - 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, - 0x02, 0x28, 0x0d, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x08, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x1b, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x04, - 0x20, 0x02, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x05, 0x66, 0x6c, 0x61, - 0x67, 0x73, 0x12, 0x18, 0x0a, 0x07, 0x69, 0x66, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x05, 0x20, - 0x02, 0x28, 0x0d, 0x52, 0x07, 0x69, 0x66, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x24, 0x0a, 0x04, - 0x66, 0x6f, 0x77, 0x6e, 0x18, 0x06, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x63, 0x72, 0x69, - 0x75, 0x2e, 0x66, 0x6f, 0x77, 0x6e, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x66, 0x6f, - 0x77, 0x6e, 0x12, 0x27, 0x0a, 0x04, 0x6f, 0x70, 0x74, 0x73, 0x18, 0x07, 0x20, 0x02, 0x28, 0x0b, - 0x32, 0x13, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x73, 0x6b, 0x5f, 0x6f, 0x70, 0x74, 0x73, 0x5f, + 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, + 0x0a, 0x66, 0x6f, 0x77, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0d, 0x73, 0x6b, 0x2d, + 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x4d, 0x0a, 0x0d, 0x70, 0x61, + 0x63, 0x6b, 0x65, 0x74, 0x5f, 0x6d, 0x63, 0x6c, 0x69, 0x73, 0x74, 0x12, 0x14, 0x0a, 0x05, 0x69, + 0x6e, 0x64, 0x65, 0x78, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x69, 0x6e, 0x64, 0x65, + 0x78, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, + 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x61, 0x64, 0x64, 0x72, 0x18, 0x03, 0x20, + 0x02, 0x28, 0x0c, 0x52, 0x04, 0x61, 0x64, 0x64, 0x72, 0x22, 0xdd, 0x01, 0x0a, 0x0b, 0x70, 0x61, + 0x63, 0x6b, 0x65, 0x74, 0x5f, 0x72, 0x69, 0x6e, 0x67, 0x12, 0x1d, 0x0a, 0x0a, 0x62, 0x6c, 0x6f, + 0x63, 0x6b, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x09, 0x62, + 0x6c, 0x6f, 0x63, 0x6b, 0x53, 0x69, 0x7a, 0x65, 0x12, 0x19, 0x0a, 0x08, 0x62, 0x6c, 0x6f, 0x63, + 0x6b, 0x5f, 0x6e, 0x72, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x62, 0x6c, 0x6f, 0x63, + 0x6b, 0x4e, 0x72, 0x12, 0x1d, 0x0a, 0x0a, 0x66, 0x72, 0x61, 0x6d, 0x65, 0x5f, 0x73, 0x69, 0x7a, + 0x65, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x09, 0x66, 0x72, 0x61, 0x6d, 0x65, 0x53, 0x69, + 0x7a, 0x65, 0x12, 0x19, 0x0a, 0x08, 0x66, 0x72, 0x61, 0x6d, 0x65, 0x5f, 0x6e, 0x72, 0x18, 0x04, + 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x66, 0x72, 0x61, 0x6d, 0x65, 0x4e, 0x72, 0x12, 0x1d, 0x0a, + 0x0a, 0x72, 0x65, 0x74, 0x69, 0x72, 0x65, 0x5f, 0x74, 0x6d, 0x6f, 0x18, 0x05, 0x20, 0x02, 0x28, + 0x0d, 0x52, 0x09, 0x72, 0x65, 0x74, 0x69, 0x72, 0x65, 0x54, 0x6d, 0x6f, 0x12, 0x1f, 0x0a, 0x0b, + 0x73, 0x69, 0x7a, 0x65, 0x6f, 0x66, 0x5f, 0x70, 0x72, 0x69, 0x76, 0x18, 0x06, 0x20, 0x02, 0x28, + 0x0d, 0x52, 0x0a, 0x73, 0x69, 0x7a, 0x65, 0x6f, 0x66, 0x50, 0x72, 0x69, 0x76, 0x12, 0x1a, 0x0a, + 0x08, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x18, 0x07, 0x20, 0x02, 0x28, 0x0d, 0x52, + 0x08, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x22, 0xd6, 0x04, 0x0a, 0x11, 0x70, 0x61, + 0x63, 0x6b, 0x65, 0x74, 0x5f, 0x73, 0x6f, 0x63, 0x6b, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, + 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, + 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x74, + 0x79, 0x70, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, + 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, + 0x1b, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x05, + 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x18, 0x0a, 0x07, + 0x69, 0x66, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x05, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x69, + 0x66, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x1f, 0x0a, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x18, 0x06, + 0x20, 0x02, 0x28, 0x0b, 0x32, 0x0b, 0x2e, 0x66, 0x6f, 0x77, 0x6e, 0x5f, 0x65, 0x6e, 0x74, 0x72, + 0x79, 0x52, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x12, 0x22, 0x0a, 0x04, 0x6f, 0x70, 0x74, 0x73, 0x18, + 0x07, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x73, 0x6b, 0x5f, 0x6f, 0x70, 0x74, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x6f, 0x70, 0x74, 0x73, 0x12, 0x18, 0x0a, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x08, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x18, 0x0a, 0x07, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, @@ -437,19 +436,18 @@ var file_packet_sock_proto_rawDesc = []byte{ 0x70, 0x18, 0x0e, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x09, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x12, 0x1f, 0x0a, 0x0b, 0x63, 0x6f, 0x70, 0x79, 0x5f, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x18, 0x0f, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x0a, 0x63, 0x6f, 0x70, 0x79, 0x54, 0x68, 0x72, - 0x65, 0x73, 0x68, 0x12, 0x2b, 0x0a, 0x06, 0x6d, 0x63, 0x6c, 0x69, 0x73, 0x74, 0x18, 0x10, 0x20, - 0x03, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x70, 0x61, 0x63, 0x6b, 0x65, - 0x74, 0x5f, 0x6d, 0x63, 0x6c, 0x69, 0x73, 0x74, 0x52, 0x06, 0x6d, 0x63, 0x6c, 0x69, 0x73, 0x74, - 0x12, 0x22, 0x0a, 0x06, 0x66, 0x61, 0x6e, 0x6f, 0x75, 0x74, 0x18, 0x11, 0x20, 0x01, 0x28, 0x0d, - 0x3a, 0x0a, 0x34, 0x32, 0x39, 0x34, 0x39, 0x36, 0x37, 0x32, 0x39, 0x35, 0x52, 0x06, 0x66, 0x61, - 0x6e, 0x6f, 0x75, 0x74, 0x12, 0x2a, 0x0a, 0x07, 0x72, 0x78, 0x5f, 0x72, 0x69, 0x6e, 0x67, 0x18, - 0x12, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x70, 0x61, 0x63, - 0x6b, 0x65, 0x74, 0x5f, 0x72, 0x69, 0x6e, 0x67, 0x52, 0x06, 0x72, 0x78, 0x52, 0x69, 0x6e, 0x67, - 0x12, 0x2a, 0x0a, 0x07, 0x74, 0x78, 0x5f, 0x72, 0x69, 0x6e, 0x67, 0x18, 0x13, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x11, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x5f, - 0x72, 0x69, 0x6e, 0x67, 0x52, 0x06, 0x74, 0x78, 0x52, 0x69, 0x6e, 0x67, 0x12, 0x13, 0x0a, 0x05, - 0x6e, 0x73, 0x5f, 0x69, 0x64, 0x18, 0x14, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x04, 0x6e, 0x73, 0x49, - 0x64, + 0x65, 0x73, 0x68, 0x12, 0x26, 0x0a, 0x06, 0x6d, 0x63, 0x6c, 0x69, 0x73, 0x74, 0x18, 0x10, 0x20, + 0x03, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x5f, 0x6d, 0x63, 0x6c, + 0x69, 0x73, 0x74, 0x52, 0x06, 0x6d, 0x63, 0x6c, 0x69, 0x73, 0x74, 0x12, 0x22, 0x0a, 0x06, 0x66, + 0x61, 0x6e, 0x6f, 0x75, 0x74, 0x18, 0x11, 0x20, 0x01, 0x28, 0x0d, 0x3a, 0x0a, 0x34, 0x32, 0x39, + 0x34, 0x39, 0x36, 0x37, 0x32, 0x39, 0x35, 0x52, 0x06, 0x66, 0x61, 0x6e, 0x6f, 0x75, 0x74, 0x12, + 0x25, 0x0a, 0x07, 0x72, 0x78, 0x5f, 0x72, 0x69, 0x6e, 0x67, 0x18, 0x12, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x0c, 0x2e, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x5f, 0x72, 0x69, 0x6e, 0x67, 0x52, 0x06, + 0x72, 0x78, 0x52, 0x69, 0x6e, 0x67, 0x12, 0x25, 0x0a, 0x07, 0x74, 0x78, 0x5f, 0x72, 0x69, 0x6e, + 0x67, 0x18, 0x13, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0c, 0x2e, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x74, + 0x5f, 0x72, 0x69, 0x6e, 0x67, 0x52, 0x06, 0x74, 0x78, 0x52, 0x69, 0x6e, 0x67, 0x12, 0x13, 0x0a, + 0x05, 0x6e, 0x73, 0x5f, 0x69, 0x64, 0x18, 0x14, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x04, 0x6e, 0x73, + 0x49, 0x64, } var ( @@ -466,18 +464,18 @@ func file_packet_sock_proto_rawDescGZIP() []byte { var file_packet_sock_proto_msgTypes = make([]protoimpl.MessageInfo, 3) var file_packet_sock_proto_goTypes = []interface{}{ - (*PacketMclist)(nil), // 0: criu.packet_mclist - (*PacketRing)(nil), // 1: criu.packet_ring - (*PacketSockEntry)(nil), // 2: criu.packet_sock_entry - (*FownEntry)(nil), // 3: criu.fown_entry - (*SkOptsEntry)(nil), // 4: criu.sk_opts_entry + (*PacketMclist)(nil), // 0: packet_mclist + (*PacketRing)(nil), // 1: packet_ring + (*PacketSockEntry)(nil), // 2: packet_sock_entry + (*FownEntry)(nil), // 3: fown_entry + (*SkOptsEntry)(nil), // 4: sk_opts_entry } var file_packet_sock_proto_depIdxs = []int32{ - 3, // 0: criu.packet_sock_entry.fown:type_name -> criu.fown_entry - 4, // 1: criu.packet_sock_entry.opts:type_name -> criu.sk_opts_entry - 0, // 2: criu.packet_sock_entry.mclist:type_name -> criu.packet_mclist - 1, // 3: criu.packet_sock_entry.rx_ring:type_name -> criu.packet_ring - 1, // 4: criu.packet_sock_entry.tx_ring:type_name -> criu.packet_ring + 3, // 0: packet_sock_entry.fown:type_name -> fown_entry + 4, // 1: packet_sock_entry.opts:type_name -> sk_opts_entry + 0, // 2: packet_sock_entry.mclist:type_name -> packet_mclist + 1, // 3: packet_sock_entry.rx_ring:type_name -> packet_ring + 1, // 4: packet_sock_entry.tx_ring:type_name -> packet_ring 5, // [5:5] is the sub-list for method output_type 5, // [5:5] is the sub-list for method input_type 5, // [5:5] is the sub-list for extension type_name diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/packet-sock.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/packet-sock.proto index 962447c0ffb..d4b38cf1547 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/packet-sock.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/packet-sock.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; import "opts.proto"; import "fown.proto"; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pagemap.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pagemap.pb.go index 2b1174d626c..72513553065 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pagemap.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pagemap.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: pagemap.proto package images @@ -143,20 +143,20 @@ func (x *PagemapEntry) GetFlags() uint32 { var File_pagemap_proto protoreflect.FileDescriptor var file_pagemap_proto_rawDesc = []byte{ - 0x0a, 0x0d, 0x70, 0x61, 0x67, 0x65, 0x6d, 0x61, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, - 0x04, 0x63, 0x72, 0x69, 0x75, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x22, 0x29, 0x0a, 0x0c, 0x70, 0x61, 0x67, 0x65, 0x6d, 0x61, 0x70, 0x5f, 0x68, 0x65, 0x61, - 0x64, 0x12, 0x19, 0x0a, 0x08, 0x70, 0x61, 0x67, 0x65, 0x73, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, - 0x02, 0x28, 0x0d, 0x52, 0x07, 0x70, 0x61, 0x67, 0x65, 0x73, 0x49, 0x64, 0x22, 0x8b, 0x01, 0x0a, - 0x0d, 0x70, 0x61, 0x67, 0x65, 0x6d, 0x61, 0x70, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x1b, - 0x0a, 0x05, 0x76, 0x61, 0x64, 0x64, 0x72, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, - 0x3f, 0x02, 0x08, 0x01, 0x52, 0x05, 0x76, 0x61, 0x64, 0x64, 0x72, 0x12, 0x19, 0x0a, 0x08, 0x6e, - 0x72, 0x5f, 0x70, 0x61, 0x67, 0x65, 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x6e, - 0x72, 0x50, 0x61, 0x67, 0x65, 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x69, 0x6e, 0x5f, 0x70, 0x61, 0x72, - 0x65, 0x6e, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x69, 0x6e, 0x50, 0x61, 0x72, - 0x65, 0x6e, 0x74, 0x12, 0x25, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x04, 0x20, 0x01, - 0x28, 0x0d, 0x42, 0x0f, 0xd2, 0x3f, 0x0c, 0x1a, 0x0a, 0x70, 0x6d, 0x61, 0x70, 0x2e, 0x66, 0x6c, - 0x61, 0x67, 0x73, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, + 0x0a, 0x0d, 0x70, 0x61, 0x67, 0x65, 0x6d, 0x61, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, + 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x29, 0x0a, 0x0c, 0x70, + 0x61, 0x67, 0x65, 0x6d, 0x61, 0x70, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x12, 0x19, 0x0a, 0x08, 0x70, + 0x61, 0x67, 0x65, 0x73, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x70, + 0x61, 0x67, 0x65, 0x73, 0x49, 0x64, 0x22, 0x8b, 0x01, 0x0a, 0x0d, 0x70, 0x61, 0x67, 0x65, 0x6d, + 0x61, 0x70, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x1b, 0x0a, 0x05, 0x76, 0x61, 0x64, 0x64, + 0x72, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x05, + 0x76, 0x61, 0x64, 0x64, 0x72, 0x12, 0x19, 0x0a, 0x08, 0x6e, 0x72, 0x5f, 0x70, 0x61, 0x67, 0x65, + 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x6e, 0x72, 0x50, 0x61, 0x67, 0x65, 0x73, + 0x12, 0x1b, 0x0a, 0x09, 0x69, 0x6e, 0x5f, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x18, 0x03, 0x20, + 0x01, 0x28, 0x08, 0x52, 0x08, 0x69, 0x6e, 0x50, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x12, 0x25, 0x0a, + 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0d, 0x42, 0x0f, 0xd2, 0x3f, + 0x0c, 0x1a, 0x0a, 0x70, 0x6d, 0x61, 0x70, 0x2e, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x52, 0x05, 0x66, + 0x6c, 0x61, 0x67, 0x73, } var ( @@ -173,8 +173,8 @@ func file_pagemap_proto_rawDescGZIP() []byte { var file_pagemap_proto_msgTypes = make([]protoimpl.MessageInfo, 2) var file_pagemap_proto_goTypes = []interface{}{ - (*PagemapHead)(nil), // 0: criu.pagemap_head - (*PagemapEntry)(nil), // 1: criu.pagemap_entry + (*PagemapHead)(nil), // 0: pagemap_head + (*PagemapEntry)(nil), // 1: pagemap_entry } var file_pagemap_proto_depIdxs = []int32{ 0, // [0:0] is the sub-list for method output_type diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pagemap.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pagemap.proto index 1243e8acbba..e6d341b0f66 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pagemap.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pagemap.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; import "opts.proto"; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pidns.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pidns.pb.go index 0b87ce0bef4..f6db5b14f43 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pidns.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pidns.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: pidns.proto package images @@ -72,10 +72,10 @@ func (x *PidnsEntry) GetExtKey() string { var File_pidns_proto protoreflect.FileDescriptor var file_pidns_proto_rawDesc = []byte{ - 0x0a, 0x0b, 0x70, 0x69, 0x64, 0x6e, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x63, - 0x72, 0x69, 0x75, 0x22, 0x26, 0x0a, 0x0b, 0x70, 0x69, 0x64, 0x6e, 0x73, 0x5f, 0x65, 0x6e, 0x74, - 0x72, 0x79, 0x12, 0x17, 0x0a, 0x07, 0x65, 0x78, 0x74, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x06, 0x65, 0x78, 0x74, 0x4b, 0x65, 0x79, + 0x0a, 0x0b, 0x70, 0x69, 0x64, 0x6e, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x26, 0x0a, + 0x0b, 0x70, 0x69, 0x64, 0x6e, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x17, 0x0a, 0x07, + 0x65, 0x78, 0x74, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x65, + 0x78, 0x74, 0x4b, 0x65, 0x79, } var ( @@ -92,7 +92,7 @@ func file_pidns_proto_rawDescGZIP() []byte { var file_pidns_proto_msgTypes = make([]protoimpl.MessageInfo, 1) var file_pidns_proto_goTypes = []interface{}{ - (*PidnsEntry)(nil), // 0: criu.pidns_entry + (*PidnsEntry)(nil), // 0: pidns_entry } var file_pidns_proto_depIdxs = []int32{ 0, // [0:0] is the sub-list for method output_type diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pidns.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pidns.proto index 337dba759f6..f7e92e3ecdc 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pidns.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pidns.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; message pidns_entry { optional string ext_key = 1; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pipe-data.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pipe-data.pb.go index 7adee56286c..a0eef6cbb8b 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pipe-data.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pipe-data.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: pipe-data.proto package images @@ -89,12 +89,12 @@ var File_pipe_data_proto protoreflect.FileDescriptor var file_pipe_data_proto_rawDesc = []byte{ 0x0a, 0x0f, 0x70, 0x69, 0x70, 0x65, 0x2d, 0x64, 0x61, 0x74, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x12, 0x04, 0x63, 0x72, 0x69, 0x75, 0x22, 0x54, 0x0a, 0x0f, 0x70, 0x69, 0x70, 0x65, 0x5f, - 0x64, 0x61, 0x74, 0x61, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x17, 0x0a, 0x07, 0x70, 0x69, - 0x70, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x06, 0x70, 0x69, 0x70, - 0x65, 0x49, 0x64, 0x12, 0x14, 0x0a, 0x05, 0x62, 0x79, 0x74, 0x65, 0x73, 0x18, 0x02, 0x20, 0x02, - 0x28, 0x0d, 0x52, 0x05, 0x62, 0x79, 0x74, 0x65, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x73, 0x69, 0x7a, - 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x04, 0x73, 0x69, 0x7a, 0x65, + 0x6f, 0x22, 0x54, 0x0a, 0x0f, 0x70, 0x69, 0x70, 0x65, 0x5f, 0x64, 0x61, 0x74, 0x61, 0x5f, 0x65, + 0x6e, 0x74, 0x72, 0x79, 0x12, 0x17, 0x0a, 0x07, 0x70, 0x69, 0x70, 0x65, 0x5f, 0x69, 0x64, 0x18, + 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x06, 0x70, 0x69, 0x70, 0x65, 0x49, 0x64, 0x12, 0x14, 0x0a, + 0x05, 0x62, 0x79, 0x74, 0x65, 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x62, 0x79, + 0x74, 0x65, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, + 0x0d, 0x52, 0x04, 0x73, 0x69, 0x7a, 0x65, } var ( @@ -111,7 +111,7 @@ func file_pipe_data_proto_rawDescGZIP() []byte { var file_pipe_data_proto_msgTypes = make([]protoimpl.MessageInfo, 1) var file_pipe_data_proto_goTypes = []interface{}{ - (*PipeDataEntry)(nil), // 0: criu.pipe_data_entry + (*PipeDataEntry)(nil), // 0: pipe_data_entry } var file_pipe_data_proto_depIdxs = []int32{ 0, // [0:0] is the sub-list for method output_type diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pipe-data.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pipe-data.proto index f82c02ea39d..040479e7cbb 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pipe-data.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pipe-data.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; message pipe_data_entry { required uint32 pipe_id = 1; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pipe.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pipe.pb.go index 6d060fa0dcb..d406ca58d59 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pipe.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pipe.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: pipe.proto package images @@ -96,17 +96,16 @@ func (x *PipeEntry) GetFown() *FownEntry { var File_pipe_proto protoreflect.FileDescriptor var file_pipe_proto_rawDesc = []byte{ - 0x0a, 0x0a, 0x70, 0x69, 0x70, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x63, 0x72, - 0x69, 0x75, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, - 0x66, 0x6f, 0x77, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x78, 0x0a, 0x0a, 0x70, 0x69, - 0x70, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, - 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, 0x17, 0x0a, 0x07, 0x70, 0x69, 0x70, 0x65, - 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x06, 0x70, 0x69, 0x70, 0x65, 0x49, - 0x64, 0x12, 0x1b, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, - 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x24, - 0x0a, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x63, - 0x72, 0x69, 0x75, 0x2e, 0x66, 0x6f, 0x77, 0x6e, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, - 0x66, 0x6f, 0x77, 0x6e, + 0x0a, 0x0a, 0x70, 0x69, 0x70, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x6f, 0x70, + 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x66, 0x6f, 0x77, 0x6e, 0x2e, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x73, 0x0a, 0x0a, 0x70, 0x69, 0x70, 0x65, 0x5f, 0x65, 0x6e, 0x74, + 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, + 0x69, 0x64, 0x12, 0x17, 0x0a, 0x07, 0x70, 0x69, 0x70, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, + 0x02, 0x28, 0x0d, 0x52, 0x06, 0x70, 0x69, 0x70, 0x65, 0x49, 0x64, 0x12, 0x1b, 0x0a, 0x05, 0x66, + 0x6c, 0x61, 0x67, 0x73, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, + 0x01, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x1f, 0x0a, 0x04, 0x66, 0x6f, 0x77, 0x6e, + 0x18, 0x04, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x0b, 0x2e, 0x66, 0x6f, 0x77, 0x6e, 0x5f, 0x65, 0x6e, + 0x74, 0x72, 0x79, 0x52, 0x04, 0x66, 0x6f, 0x77, 0x6e, } var ( @@ -123,11 +122,11 @@ func file_pipe_proto_rawDescGZIP() []byte { var file_pipe_proto_msgTypes = make([]protoimpl.MessageInfo, 1) var file_pipe_proto_goTypes = []interface{}{ - (*PipeEntry)(nil), // 0: criu.pipe_entry - (*FownEntry)(nil), // 1: criu.fown_entry + (*PipeEntry)(nil), // 0: pipe_entry + (*FownEntry)(nil), // 1: fown_entry } var file_pipe_proto_depIdxs = []int32{ - 1, // 0: criu.pipe_entry.fown:type_name -> criu.fown_entry + 1, // 0: pipe_entry.fown:type_name -> fown_entry 1, // [1:1] is the sub-list for method output_type 1, // [1:1] is the sub-list for method input_type 1, // [1:1] is the sub-list for extension type_name diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pipe.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pipe.proto index 1d5502f47b6..2c0360e8523 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pipe.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pipe.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; import "opts.proto"; import "fown.proto"; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pstree.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pstree.pb.go index 2ae259a677b..f8d1b012d55 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pstree.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pstree.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: pstree.proto package images @@ -104,15 +104,15 @@ func (x *PstreeEntry) GetThreads() []uint32 { var File_pstree_proto protoreflect.FileDescriptor var file_pstree_proto_rawDesc = []byte{ - 0x0a, 0x0c, 0x70, 0x73, 0x74, 0x72, 0x65, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, - 0x63, 0x72, 0x69, 0x75, 0x22, 0x74, 0x0a, 0x0c, 0x70, 0x73, 0x74, 0x72, 0x65, 0x65, 0x5f, 0x65, - 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x70, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, - 0x0d, 0x52, 0x03, 0x70, 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x70, 0x69, 0x64, 0x18, 0x02, - 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x70, 0x70, 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x67, - 0x69, 0x64, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x70, 0x67, 0x69, 0x64, 0x12, 0x10, - 0x0a, 0x03, 0x73, 0x69, 0x64, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, 0x73, 0x69, 0x64, - 0x12, 0x18, 0x0a, 0x07, 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, - 0x0d, 0x52, 0x07, 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x73, + 0x0a, 0x0c, 0x70, 0x73, 0x74, 0x72, 0x65, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x74, + 0x0a, 0x0c, 0x70, 0x73, 0x74, 0x72, 0x65, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, + 0x0a, 0x03, 0x70, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, 0x70, 0x69, 0x64, + 0x12, 0x12, 0x0a, 0x04, 0x70, 0x70, 0x69, 0x64, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, + 0x70, 0x70, 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x67, 0x69, 0x64, 0x18, 0x03, 0x20, 0x02, + 0x28, 0x0d, 0x52, 0x04, 0x70, 0x67, 0x69, 0x64, 0x12, 0x10, 0x0a, 0x03, 0x73, 0x69, 0x64, 0x18, + 0x04, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, 0x73, 0x69, 0x64, 0x12, 0x18, 0x0a, 0x07, 0x74, 0x68, + 0x72, 0x65, 0x61, 0x64, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0d, 0x52, 0x07, 0x74, 0x68, 0x72, + 0x65, 0x61, 0x64, 0x73, } var ( @@ -129,7 +129,7 @@ func file_pstree_proto_rawDescGZIP() []byte { var file_pstree_proto_msgTypes = make([]protoimpl.MessageInfo, 1) var file_pstree_proto_goTypes = []interface{}{ - (*PstreeEntry)(nil), // 0: criu.pstree_entry + (*PstreeEntry)(nil), // 0: pstree_entry } var file_pstree_proto_depIdxs = []int32{ 0, // [0:0] is the sub-list for method output_type diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pstree.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pstree.proto index b3be84620d6..fca284cb73a 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pstree.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pstree.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; message pstree_entry { required uint32 pid = 1; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/regfile.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/regfile.pb.go index 1126d0ff24e..7ce21584422 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/regfile.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/regfile.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: regfile.proto package images @@ -179,33 +179,32 @@ func (x *RegFileEntry) GetChecksumParameter() uint32 { var File_regfile_proto protoreflect.FileDescriptor var file_regfile_proto_rawDesc = []byte{ - 0x0a, 0x0d, 0x72, 0x65, 0x67, 0x66, 0x69, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, - 0x04, 0x63, 0x72, 0x69, 0x75, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x1a, 0x0a, 0x66, 0x6f, 0x77, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xf8, 0x02, - 0x0a, 0x0e, 0x72, 0x65, 0x67, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, - 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, - 0x12, 0x26, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x42, - 0x10, 0xd2, 0x3f, 0x0d, 0x1a, 0x0b, 0x72, 0x66, 0x69, 0x6c, 0x65, 0x2e, 0x66, 0x6c, 0x61, 0x67, - 0x73, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x10, 0x0a, 0x03, 0x70, 0x6f, 0x73, 0x18, - 0x03, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x70, 0x6f, 0x73, 0x12, 0x24, 0x0a, 0x04, 0x66, 0x6f, - 0x77, 0x6e, 0x18, 0x05, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, - 0x66, 0x6f, 0x77, 0x6e, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x66, 0x6f, 0x77, 0x6e, - 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x06, 0x20, 0x02, 0x28, 0x09, 0x52, 0x04, - 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x19, 0x0a, 0x06, 0x6d, 0x6e, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x07, - 0x20, 0x01, 0x28, 0x11, 0x3a, 0x02, 0x2d, 0x31, 0x52, 0x05, 0x6d, 0x6e, 0x74, 0x49, 0x64, 0x12, - 0x12, 0x0a, 0x04, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x04, 0x52, 0x04, 0x73, - 0x69, 0x7a, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x65, 0x78, 0x74, 0x18, 0x09, 0x20, 0x01, 0x28, 0x08, - 0x52, 0x03, 0x65, 0x78, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x0a, 0x20, - 0x01, 0x28, 0x0d, 0x52, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x19, 0x0a, 0x08, 0x62, 0x75, 0x69, - 0x6c, 0x64, 0x5f, 0x69, 0x64, 0x18, 0x0b, 0x20, 0x03, 0x28, 0x0d, 0x52, 0x07, 0x62, 0x75, 0x69, - 0x6c, 0x64, 0x49, 0x64, 0x12, 0x1a, 0x0a, 0x08, 0x63, 0x68, 0x65, 0x63, 0x6b, 0x73, 0x75, 0x6d, - 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x08, 0x63, 0x68, 0x65, 0x63, 0x6b, 0x73, 0x75, 0x6d, - 0x12, 0x27, 0x0a, 0x0f, 0x63, 0x68, 0x65, 0x63, 0x6b, 0x73, 0x75, 0x6d, 0x5f, 0x63, 0x6f, 0x6e, - 0x66, 0x69, 0x67, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0e, 0x63, 0x68, 0x65, 0x63, 0x6b, - 0x73, 0x75, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x2d, 0x0a, 0x12, 0x63, 0x68, 0x65, - 0x63, 0x6b, 0x73, 0x75, 0x6d, 0x5f, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x18, - 0x0e, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x11, 0x63, 0x68, 0x65, 0x63, 0x6b, 0x73, 0x75, 0x6d, 0x50, - 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, + 0x0a, 0x0d, 0x72, 0x65, 0x67, 0x66, 0x69, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, + 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x66, 0x6f, 0x77, + 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xf3, 0x02, 0x0a, 0x0e, 0x72, 0x65, 0x67, 0x5f, + 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, + 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, 0x26, 0x0a, 0x05, 0x66, 0x6c, + 0x61, 0x67, 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x10, 0xd2, 0x3f, 0x0d, 0x1a, 0x0b, + 0x72, 0x66, 0x69, 0x6c, 0x65, 0x2e, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x52, 0x05, 0x66, 0x6c, 0x61, + 0x67, 0x73, 0x12, 0x10, 0x0a, 0x03, 0x70, 0x6f, 0x73, 0x18, 0x03, 0x20, 0x02, 0x28, 0x04, 0x52, + 0x03, 0x70, 0x6f, 0x73, 0x12, 0x1f, 0x0a, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x18, 0x05, 0x20, 0x02, + 0x28, 0x0b, 0x32, 0x0b, 0x2e, 0x66, 0x6f, 0x77, 0x6e, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, + 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x06, 0x20, + 0x02, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x19, 0x0a, 0x06, 0x6d, 0x6e, 0x74, + 0x5f, 0x69, 0x64, 0x18, 0x07, 0x20, 0x01, 0x28, 0x11, 0x3a, 0x02, 0x2d, 0x31, 0x52, 0x05, 0x6d, + 0x6e, 0x74, 0x49, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x08, 0x20, 0x01, + 0x28, 0x04, 0x52, 0x04, 0x73, 0x69, 0x7a, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x65, 0x78, 0x74, 0x18, + 0x09, 0x20, 0x01, 0x28, 0x08, 0x52, 0x03, 0x65, 0x78, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x6d, 0x6f, + 0x64, 0x65, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x19, + 0x0a, 0x08, 0x62, 0x75, 0x69, 0x6c, 0x64, 0x5f, 0x69, 0x64, 0x18, 0x0b, 0x20, 0x03, 0x28, 0x0d, + 0x52, 0x07, 0x62, 0x75, 0x69, 0x6c, 0x64, 0x49, 0x64, 0x12, 0x1a, 0x0a, 0x08, 0x63, 0x68, 0x65, + 0x63, 0x6b, 0x73, 0x75, 0x6d, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x08, 0x63, 0x68, 0x65, + 0x63, 0x6b, 0x73, 0x75, 0x6d, 0x12, 0x27, 0x0a, 0x0f, 0x63, 0x68, 0x65, 0x63, 0x6b, 0x73, 0x75, + 0x6d, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0e, + 0x63, 0x68, 0x65, 0x63, 0x6b, 0x73, 0x75, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x2d, + 0x0a, 0x12, 0x63, 0x68, 0x65, 0x63, 0x6b, 0x73, 0x75, 0x6d, 0x5f, 0x70, 0x61, 0x72, 0x61, 0x6d, + 0x65, 0x74, 0x65, 0x72, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x11, 0x63, 0x68, 0x65, 0x63, + 0x6b, 0x73, 0x75, 0x6d, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, } var ( @@ -222,11 +221,11 @@ func file_regfile_proto_rawDescGZIP() []byte { var file_regfile_proto_msgTypes = make([]protoimpl.MessageInfo, 1) var file_regfile_proto_goTypes = []interface{}{ - (*RegFileEntry)(nil), // 0: criu.reg_file_entry - (*FownEntry)(nil), // 1: criu.fown_entry + (*RegFileEntry)(nil), // 0: reg_file_entry + (*FownEntry)(nil), // 1: fown_entry } var file_regfile_proto_depIdxs = []int32{ - 1, // 0: criu.reg_file_entry.fown:type_name -> criu.fown_entry + 1, // 0: reg_file_entry.fown:type_name -> fown_entry 1, // [1:1] is the sub-list for method output_type 1, // [1:1] is the sub-list for method input_type 1, // [1:1] is the sub-list for extension type_name diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/regfile.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/regfile.proto index 0b2670c211e..bf22d2026da 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/regfile.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/regfile.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; import "opts.proto"; import "fown.proto"; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/remap-file-path.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/remap-file-path.pb.go index d42ba0b0f58..07933216c93 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/remap-file-path.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/remap-file-path.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: remap-file-path.proto package images @@ -88,7 +88,7 @@ type RemapFilePathEntry struct { OrigId *uint32 `protobuf:"varint,1,req,name=orig_id,json=origId" json:"orig_id,omitempty"` RemapId *uint32 `protobuf:"varint,2,req,name=remap_id,json=remapId" json:"remap_id,omitempty"` - RemapType *RemapType `protobuf:"varint,3,opt,name=remap_type,json=remapType,enum=criu.RemapType" json:"remap_type,omitempty"` + RemapType *RemapType `protobuf:"varint,3,opt,name=remap_type,json=remapType,enum=RemapType" json:"remap_type,omitempty"` } func (x *RemapFilePathEntry) Reset() { @@ -148,18 +148,18 @@ var File_remap_file_path_proto protoreflect.FileDescriptor var file_remap_file_path_proto_rawDesc = []byte{ 0x0a, 0x15, 0x72, 0x65, 0x6d, 0x61, 0x70, 0x2d, 0x66, 0x69, 0x6c, 0x65, 0x2d, 0x70, 0x61, 0x74, - 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x63, 0x72, 0x69, 0x75, 0x22, 0x7c, 0x0a, - 0x15, 0x72, 0x65, 0x6d, 0x61, 0x70, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x70, 0x61, 0x74, 0x68, - 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x17, 0x0a, 0x07, 0x6f, 0x72, 0x69, 0x67, 0x5f, 0x69, - 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x06, 0x6f, 0x72, 0x69, 0x67, 0x49, 0x64, 0x12, - 0x19, 0x0a, 0x08, 0x72, 0x65, 0x6d, 0x61, 0x70, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x02, 0x28, - 0x0d, 0x52, 0x07, 0x72, 0x65, 0x6d, 0x61, 0x70, 0x49, 0x64, 0x12, 0x2f, 0x0a, 0x0a, 0x72, 0x65, - 0x6d, 0x61, 0x70, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x10, - 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x72, 0x65, 0x6d, 0x61, 0x70, 0x5f, 0x74, 0x79, 0x70, 0x65, - 0x52, 0x09, 0x72, 0x65, 0x6d, 0x61, 0x70, 0x54, 0x79, 0x70, 0x65, 0x2a, 0x2f, 0x0a, 0x0a, 0x72, - 0x65, 0x6d, 0x61, 0x70, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x12, 0x0a, 0x0a, 0x06, 0x4c, 0x49, 0x4e, - 0x4b, 0x45, 0x44, 0x10, 0x00, 0x12, 0x09, 0x0a, 0x05, 0x47, 0x48, 0x4f, 0x53, 0x54, 0x10, 0x01, - 0x12, 0x0a, 0x0a, 0x06, 0x50, 0x52, 0x4f, 0x43, 0x46, 0x53, 0x10, 0x02, + 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x77, 0x0a, 0x15, 0x72, 0x65, 0x6d, 0x61, 0x70, + 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x70, 0x61, 0x74, 0x68, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, + 0x12, 0x17, 0x0a, 0x07, 0x6f, 0x72, 0x69, 0x67, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, + 0x0d, 0x52, 0x06, 0x6f, 0x72, 0x69, 0x67, 0x49, 0x64, 0x12, 0x19, 0x0a, 0x08, 0x72, 0x65, 0x6d, + 0x61, 0x70, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x72, 0x65, 0x6d, + 0x61, 0x70, 0x49, 0x64, 0x12, 0x2a, 0x0a, 0x0a, 0x72, 0x65, 0x6d, 0x61, 0x70, 0x5f, 0x74, 0x79, + 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x0b, 0x2e, 0x72, 0x65, 0x6d, 0x61, 0x70, + 0x5f, 0x74, 0x79, 0x70, 0x65, 0x52, 0x09, 0x72, 0x65, 0x6d, 0x61, 0x70, 0x54, 0x79, 0x70, 0x65, + 0x2a, 0x2f, 0x0a, 0x0a, 0x72, 0x65, 0x6d, 0x61, 0x70, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x12, 0x0a, + 0x0a, 0x06, 0x4c, 0x49, 0x4e, 0x4b, 0x45, 0x44, 0x10, 0x00, 0x12, 0x09, 0x0a, 0x05, 0x47, 0x48, + 0x4f, 0x53, 0x54, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x50, 0x52, 0x4f, 0x43, 0x46, 0x53, 0x10, + 0x02, } var ( @@ -177,11 +177,11 @@ func file_remap_file_path_proto_rawDescGZIP() []byte { var file_remap_file_path_proto_enumTypes = make([]protoimpl.EnumInfo, 1) var file_remap_file_path_proto_msgTypes = make([]protoimpl.MessageInfo, 1) var file_remap_file_path_proto_goTypes = []interface{}{ - (RemapType)(0), // 0: criu.remap_type - (*RemapFilePathEntry)(nil), // 1: criu.remap_file_path_entry + (RemapType)(0), // 0: remap_type + (*RemapFilePathEntry)(nil), // 1: remap_file_path_entry } var file_remap_file_path_proto_depIdxs = []int32{ - 0, // 0: criu.remap_file_path_entry.remap_type:type_name -> criu.remap_type + 0, // 0: remap_file_path_entry.remap_type:type_name -> remap_type 1, // [1:1] is the sub-list for method output_type 1, // [1:1] is the sub-list for method input_type 1, // [1:1] is the sub-list for extension type_name diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/remap-file-path.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/remap-file-path.proto index 9ceee9b6a38..8635370c0c0 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/remap-file-path.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/remap-file-path.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; enum remap_type { LINKED = 0; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/rlimit.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/rlimit.pb.go index efc350c9caa..eb608f8e771 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/rlimit.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/rlimit.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: rlimit.proto package images @@ -80,11 +80,11 @@ func (x *RlimitEntry) GetMax() uint64 { var File_rlimit_proto protoreflect.FileDescriptor var file_rlimit_proto_rawDesc = []byte{ - 0x0a, 0x0c, 0x72, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, - 0x63, 0x72, 0x69, 0x75, 0x22, 0x32, 0x0a, 0x0c, 0x72, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x5f, 0x65, - 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x63, 0x75, 0x72, 0x18, 0x01, 0x20, 0x02, 0x28, - 0x04, 0x52, 0x03, 0x63, 0x75, 0x72, 0x12, 0x10, 0x0a, 0x03, 0x6d, 0x61, 0x78, 0x18, 0x02, 0x20, - 0x02, 0x28, 0x04, 0x52, 0x03, 0x6d, 0x61, 0x78, + 0x0a, 0x0c, 0x72, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x32, + 0x0a, 0x0c, 0x72, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, + 0x0a, 0x03, 0x63, 0x75, 0x72, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x63, 0x75, 0x72, + 0x12, 0x10, 0x0a, 0x03, 0x6d, 0x61, 0x78, 0x18, 0x02, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x6d, + 0x61, 0x78, } var ( @@ -101,7 +101,7 @@ func file_rlimit_proto_rawDescGZIP() []byte { var file_rlimit_proto_msgTypes = make([]protoimpl.MessageInfo, 1) var file_rlimit_proto_goTypes = []interface{}{ - (*RlimitEntry)(nil), // 0: criu.rlimit_entry + (*RlimitEntry)(nil), // 0: rlimit_entry } var file_rlimit_proto_depIdxs = []int32{ 0, // [0:0] is the sub-list for method output_type diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/rlimit.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/rlimit.proto index 7c2ce18d1b2..3a3aeda306d 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/rlimit.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/rlimit.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; message rlimit_entry { required uint64 cur = 1; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/rpc.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/rpc.pb.go index 0e8ba876441..bf1ad2b6a2f 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/rpc.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/rpc.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: rpc.proto package images @@ -736,7 +736,7 @@ type CriuOpts struct { SkipMnt []string `protobuf:"bytes,31,rep,name=skip_mnt,json=skipMnt" json:"skip_mnt,omitempty"` EnableFs []string `protobuf:"bytes,32,rep,name=enable_fs,json=enableFs" json:"enable_fs,omitempty"` UnixSkIno []*UnixSk `protobuf:"bytes,33,rep,name=unix_sk_ino,json=unixSkIno" json:"unix_sk_ino,omitempty"` // DEPRECATED, use external instead - ManageCgroupsMode *CriuCgMode `protobuf:"varint,34,opt,name=manage_cgroups_mode,json=manageCgroupsMode,enum=criu.CriuCgMode" json:"manage_cgroups_mode,omitempty"` + ManageCgroupsMode *CriuCgMode `protobuf:"varint,34,opt,name=manage_cgroups_mode,json=manageCgroupsMode,enum=CriuCgMode" json:"manage_cgroups_mode,omitempty"` GhostLimit *uint32 `protobuf:"varint,35,opt,name=ghost_limit,json=ghostLimit,def=1048576" json:"ghost_limit,omitempty"` IrmapScanPaths []string `protobuf:"bytes,36,rep,name=irmap_scan_paths,json=irmapScanPaths" json:"irmap_scan_paths,omitempty"` External []string `protobuf:"bytes,37,rep,name=external" json:"external,omitempty"` @@ -762,10 +762,10 @@ type CriuOpts struct { Tls *bool `protobuf:"varint,58,opt,name=tls" json:"tls,omitempty"` TlsNoCnVerify *bool `protobuf:"varint,59,opt,name=tls_no_cn_verify,json=tlsNoCnVerify" json:"tls_no_cn_verify,omitempty"` CgroupYard *string `protobuf:"bytes,60,opt,name=cgroup_yard,json=cgroupYard" json:"cgroup_yard,omitempty"` - PreDumpMode *CriuPreDumpMode `protobuf:"varint,61,opt,name=pre_dump_mode,json=preDumpMode,enum=criu.CriuPreDumpMode,def=1" json:"pre_dump_mode,omitempty"` + PreDumpMode *CriuPreDumpMode `protobuf:"varint,61,opt,name=pre_dump_mode,json=preDumpMode,enum=CriuPreDumpMode,def=1" json:"pre_dump_mode,omitempty"` PidfdStoreSk *int32 `protobuf:"varint,62,opt,name=pidfd_store_sk,json=pidfdStoreSk" json:"pidfd_store_sk,omitempty"` LsmMountContext *string `protobuf:"bytes,63,opt,name=lsm_mount_context,json=lsmMountContext" json:"lsm_mount_context,omitempty"` - NetworkLock *CriuNetworkLockMethod `protobuf:"varint,64,opt,name=network_lock,json=networkLock,enum=criu.CriuNetworkLockMethod,def=1" json:"network_lock,omitempty"` + NetworkLock *CriuNetworkLockMethod `protobuf:"varint,64,opt,name=network_lock,json=networkLock,enum=CriuNetworkLockMethod,def=1" json:"network_lock,omitempty"` MntnsCompatMode *bool `protobuf:"varint,65,opt,name=mntns_compat_mode,json=mntnsCompatMode" json:"mntns_compat_mode,omitempty"` // optional bool check_mounts = 128; } @@ -1477,7 +1477,7 @@ type CriuReq struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Type *CriuReqType `protobuf:"varint,1,req,name=type,enum=criu.CriuReqType" json:"type,omitempty"` + Type *CriuReqType `protobuf:"varint,1,req,name=type,enum=CriuReqType" json:"type,omitempty"` Opts *CriuOpts `protobuf:"bytes,2,opt,name=opts" json:"opts,omitempty"` NotifySuccess *bool `protobuf:"varint,3,opt,name=notify_success,json=notifySuccess" json:"notify_success,omitempty"` // When set service won't close the connection but @@ -1571,7 +1571,7 @@ type CriuResp struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Type *CriuReqType `protobuf:"varint,1,req,name=type,enum=criu.CriuReqType" json:"type,omitempty"` + Type *CriuReqType `protobuf:"varint,1,req,name=type,enum=CriuReqType" json:"type,omitempty"` Success *bool `protobuf:"varint,2,req,name=success" json:"success,omitempty"` Dump *CriuDumpResp `protobuf:"bytes,3,opt,name=dump" json:"dump,omitempty"` Restore *CriuRestoreResp `protobuf:"bytes,4,opt,name=restore" json:"restore,omitempty"` @@ -1784,278 +1784,271 @@ func (x *CriuVersion) GetName() string { var File_rpc_proto protoreflect.FileDescriptor var file_rpc_proto_rawDesc = []byte{ - 0x0a, 0x09, 0x72, 0x70, 0x63, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x63, 0x72, 0x69, - 0x75, 0x22, 0x67, 0x0a, 0x15, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x70, 0x61, 0x67, 0x65, 0x5f, 0x73, - 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x12, 0x18, 0x0a, 0x07, 0x61, 0x64, - 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x61, 0x64, 0x64, - 0x72, 0x65, 0x73, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x05, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x70, 0x69, 0x64, 0x18, - 0x03, 0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x70, 0x69, 0x64, 0x12, 0x0e, 0x0a, 0x02, 0x66, 0x64, - 0x18, 0x04, 0x20, 0x01, 0x28, 0x05, 0x52, 0x02, 0x66, 0x64, 0x22, 0x3c, 0x0a, 0x0e, 0x63, 0x72, - 0x69, 0x75, 0x5f, 0x76, 0x65, 0x74, 0x68, 0x5f, 0x70, 0x61, 0x69, 0x72, 0x12, 0x13, 0x0a, 0x05, - 0x69, 0x66, 0x5f, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x02, 0x28, 0x09, 0x52, 0x04, 0x69, 0x66, 0x49, - 0x6e, 0x12, 0x15, 0x0a, 0x06, 0x69, 0x66, 0x5f, 0x6f, 0x75, 0x74, 0x18, 0x02, 0x20, 0x02, 0x28, - 0x09, 0x52, 0x05, 0x69, 0x66, 0x4f, 0x75, 0x74, 0x22, 0x33, 0x0a, 0x0d, 0x65, 0x78, 0x74, 0x5f, - 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x6d, 0x61, 0x70, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, - 0x18, 0x01, 0x20, 0x02, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x76, - 0x61, 0x6c, 0x18, 0x02, 0x20, 0x02, 0x28, 0x09, 0x52, 0x03, 0x76, 0x61, 0x6c, 0x22, 0x56, 0x0a, - 0x0e, 0x6a, 0x6f, 0x69, 0x6e, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, - 0x0e, 0x0a, 0x02, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x02, 0x28, 0x09, 0x52, 0x02, 0x6e, 0x73, 0x12, - 0x17, 0x0a, 0x07, 0x6e, 0x73, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x02, 0x28, 0x09, - 0x52, 0x06, 0x6e, 0x73, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x1b, 0x0a, 0x09, 0x65, 0x78, 0x74, 0x72, - 0x61, 0x5f, 0x6f, 0x70, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x65, 0x78, 0x74, - 0x72, 0x61, 0x4f, 0x70, 0x74, 0x22, 0x2e, 0x0a, 0x0a, 0x69, 0x6e, 0x68, 0x65, 0x72, 0x69, 0x74, - 0x5f, 0x66, 0x64, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x02, 0x28, 0x09, - 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x66, 0x64, 0x18, 0x02, 0x20, 0x02, 0x28, - 0x05, 0x52, 0x02, 0x66, 0x64, 0x22, 0x35, 0x0a, 0x0b, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, - 0x72, 0x6f, 0x6f, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x63, 0x74, 0x72, 0x6c, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x04, 0x63, 0x74, 0x72, 0x6c, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, - 0x18, 0x02, 0x20, 0x02, 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x22, 0x1f, 0x0a, 0x07, - 0x75, 0x6e, 0x69, 0x78, 0x5f, 0x73, 0x6b, 0x12, 0x14, 0x0a, 0x05, 0x69, 0x6e, 0x6f, 0x64, 0x65, - 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x69, 0x6e, 0x6f, 0x64, 0x65, 0x22, 0xb2, 0x12, - 0x0a, 0x09, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x6f, 0x70, 0x74, 0x73, 0x12, 0x22, 0x0a, 0x0d, 0x69, - 0x6d, 0x61, 0x67, 0x65, 0x73, 0x5f, 0x64, 0x69, 0x72, 0x5f, 0x66, 0x64, 0x18, 0x01, 0x20, 0x02, - 0x28, 0x05, 0x52, 0x0b, 0x69, 0x6d, 0x61, 0x67, 0x65, 0x73, 0x44, 0x69, 0x72, 0x46, 0x64, 0x12, - 0x10, 0x0a, 0x03, 0x70, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x70, 0x69, - 0x64, 0x12, 0x23, 0x0a, 0x0d, 0x6c, 0x65, 0x61, 0x76, 0x65, 0x5f, 0x72, 0x75, 0x6e, 0x6e, 0x69, - 0x6e, 0x67, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0c, 0x6c, 0x65, 0x61, 0x76, 0x65, 0x52, - 0x75, 0x6e, 0x6e, 0x69, 0x6e, 0x67, 0x12, 0x1e, 0x0a, 0x0b, 0x65, 0x78, 0x74, 0x5f, 0x75, 0x6e, - 0x69, 0x78, 0x5f, 0x73, 0x6b, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x65, 0x78, 0x74, - 0x55, 0x6e, 0x69, 0x78, 0x53, 0x6b, 0x12, 0x27, 0x0a, 0x0f, 0x74, 0x63, 0x70, 0x5f, 0x65, 0x73, - 0x74, 0x61, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x65, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, - 0x0e, 0x74, 0x63, 0x70, 0x45, 0x73, 0x74, 0x61, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x65, 0x64, 0x12, - 0x27, 0x0a, 0x0f, 0x65, 0x76, 0x61, 0x73, 0x69, 0x76, 0x65, 0x5f, 0x64, 0x65, 0x76, 0x69, 0x63, - 0x65, 0x73, 0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0e, 0x65, 0x76, 0x61, 0x73, 0x69, 0x76, - 0x65, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x73, 0x68, 0x65, 0x6c, - 0x6c, 0x5f, 0x6a, 0x6f, 0x62, 0x18, 0x07, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x73, 0x68, 0x65, - 0x6c, 0x6c, 0x4a, 0x6f, 0x62, 0x12, 0x1d, 0x0a, 0x0a, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x6c, 0x6f, - 0x63, 0x6b, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x66, 0x69, 0x6c, 0x65, 0x4c, - 0x6f, 0x63, 0x6b, 0x73, 0x12, 0x1e, 0x0a, 0x09, 0x6c, 0x6f, 0x67, 0x5f, 0x6c, 0x65, 0x76, 0x65, - 0x6c, 0x18, 0x09, 0x20, 0x01, 0x28, 0x05, 0x3a, 0x01, 0x32, 0x52, 0x08, 0x6c, 0x6f, 0x67, 0x4c, - 0x65, 0x76, 0x65, 0x6c, 0x12, 0x19, 0x0a, 0x08, 0x6c, 0x6f, 0x67, 0x5f, 0x66, 0x69, 0x6c, 0x65, - 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x6c, 0x6f, 0x67, 0x46, 0x69, 0x6c, 0x65, 0x12, - 0x2b, 0x0a, 0x02, 0x70, 0x73, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x63, 0x72, - 0x69, 0x75, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x70, 0x61, 0x67, 0x65, 0x5f, 0x73, 0x65, 0x72, - 0x76, 0x65, 0x72, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x52, 0x02, 0x70, 0x73, 0x12, 0x25, 0x0a, 0x0e, - 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x5f, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x73, 0x18, 0x0c, - 0x20, 0x01, 0x28, 0x08, 0x52, 0x0d, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x53, 0x63, 0x72, 0x69, - 0x70, 0x74, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x72, 0x6f, 0x6f, 0x74, 0x18, 0x0d, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x04, 0x72, 0x6f, 0x6f, 0x74, 0x12, 0x1d, 0x0a, 0x0a, 0x70, 0x61, 0x72, 0x65, 0x6e, - 0x74, 0x5f, 0x69, 0x6d, 0x67, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x70, 0x61, 0x72, - 0x65, 0x6e, 0x74, 0x49, 0x6d, 0x67, 0x12, 0x1b, 0x0a, 0x09, 0x74, 0x72, 0x61, 0x63, 0x6b, 0x5f, - 0x6d, 0x65, 0x6d, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x74, 0x72, 0x61, 0x63, 0x6b, - 0x4d, 0x65, 0x6d, 0x12, 0x1d, 0x0a, 0x0a, 0x61, 0x75, 0x74, 0x6f, 0x5f, 0x64, 0x65, 0x64, 0x75, - 0x70, 0x18, 0x10, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x61, 0x75, 0x74, 0x6f, 0x44, 0x65, 0x64, - 0x75, 0x70, 0x12, 0x1e, 0x0a, 0x0b, 0x77, 0x6f, 0x72, 0x6b, 0x5f, 0x64, 0x69, 0x72, 0x5f, 0x66, - 0x64, 0x18, 0x11, 0x20, 0x01, 0x28, 0x05, 0x52, 0x09, 0x77, 0x6f, 0x72, 0x6b, 0x44, 0x69, 0x72, - 0x46, 0x64, 0x12, 0x1d, 0x0a, 0x0a, 0x6c, 0x69, 0x6e, 0x6b, 0x5f, 0x72, 0x65, 0x6d, 0x61, 0x70, - 0x18, 0x12, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x6c, 0x69, 0x6e, 0x6b, 0x52, 0x65, 0x6d, 0x61, - 0x70, 0x12, 0x2a, 0x0a, 0x05, 0x76, 0x65, 0x74, 0x68, 0x73, 0x18, 0x13, 0x20, 0x03, 0x28, 0x0b, - 0x32, 0x14, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x76, 0x65, 0x74, + 0x0a, 0x09, 0x72, 0x70, 0x63, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x67, 0x0a, 0x15, 0x63, + 0x72, 0x69, 0x75, 0x5f, 0x70, 0x61, 0x67, 0x65, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, + 0x69, 0x6e, 0x66, 0x6f, 0x12, 0x18, 0x0a, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x12, + 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x04, 0x70, 0x6f, + 0x72, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x70, 0x69, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05, 0x52, + 0x03, 0x70, 0x69, 0x64, 0x12, 0x0e, 0x0a, 0x02, 0x66, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x05, + 0x52, 0x02, 0x66, 0x64, 0x22, 0x3c, 0x0a, 0x0e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x76, 0x65, 0x74, + 0x68, 0x5f, 0x70, 0x61, 0x69, 0x72, 0x12, 0x13, 0x0a, 0x05, 0x69, 0x66, 0x5f, 0x69, 0x6e, 0x18, + 0x01, 0x20, 0x02, 0x28, 0x09, 0x52, 0x04, 0x69, 0x66, 0x49, 0x6e, 0x12, 0x15, 0x0a, 0x06, 0x69, + 0x66, 0x5f, 0x6f, 0x75, 0x74, 0x18, 0x02, 0x20, 0x02, 0x28, 0x09, 0x52, 0x05, 0x69, 0x66, 0x4f, + 0x75, 0x74, 0x22, 0x33, 0x0a, 0x0d, 0x65, 0x78, 0x74, 0x5f, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x5f, + 0x6d, 0x61, 0x70, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x02, 0x28, 0x09, + 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x76, 0x61, 0x6c, 0x18, 0x02, 0x20, 0x02, + 0x28, 0x09, 0x52, 0x03, 0x76, 0x61, 0x6c, 0x22, 0x56, 0x0a, 0x0e, 0x6a, 0x6f, 0x69, 0x6e, 0x5f, + 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x0e, 0x0a, 0x02, 0x6e, 0x73, 0x18, + 0x01, 0x20, 0x02, 0x28, 0x09, 0x52, 0x02, 0x6e, 0x73, 0x12, 0x17, 0x0a, 0x07, 0x6e, 0x73, 0x5f, + 0x66, 0x69, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x02, 0x28, 0x09, 0x52, 0x06, 0x6e, 0x73, 0x46, 0x69, + 0x6c, 0x65, 0x12, 0x1b, 0x0a, 0x09, 0x65, 0x78, 0x74, 0x72, 0x61, 0x5f, 0x6f, 0x70, 0x74, 0x18, + 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x65, 0x78, 0x74, 0x72, 0x61, 0x4f, 0x70, 0x74, 0x22, + 0x2e, 0x0a, 0x0a, 0x69, 0x6e, 0x68, 0x65, 0x72, 0x69, 0x74, 0x5f, 0x66, 0x64, 0x12, 0x10, 0x0a, + 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x02, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, + 0x0e, 0x0a, 0x02, 0x66, 0x64, 0x18, 0x02, 0x20, 0x02, 0x28, 0x05, 0x52, 0x02, 0x66, 0x64, 0x22, + 0x35, 0x0a, 0x0b, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x72, 0x6f, 0x6f, 0x74, 0x12, 0x12, + 0x0a, 0x04, 0x63, 0x74, 0x72, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x63, 0x74, + 0x72, 0x6c, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x02, 0x20, 0x02, 0x28, 0x09, + 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x22, 0x1f, 0x0a, 0x07, 0x75, 0x6e, 0x69, 0x78, 0x5f, 0x73, + 0x6b, 0x12, 0x14, 0x0a, 0x05, 0x69, 0x6e, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, + 0x52, 0x05, 0x69, 0x6e, 0x6f, 0x64, 0x65, 0x22, 0x80, 0x12, 0x0a, 0x09, 0x63, 0x72, 0x69, 0x75, + 0x5f, 0x6f, 0x70, 0x74, 0x73, 0x12, 0x22, 0x0a, 0x0d, 0x69, 0x6d, 0x61, 0x67, 0x65, 0x73, 0x5f, + 0x64, 0x69, 0x72, 0x5f, 0x66, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x05, 0x52, 0x0b, 0x69, 0x6d, + 0x61, 0x67, 0x65, 0x73, 0x44, 0x69, 0x72, 0x46, 0x64, 0x12, 0x10, 0x0a, 0x03, 0x70, 0x69, 0x64, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x70, 0x69, 0x64, 0x12, 0x23, 0x0a, 0x0d, 0x6c, + 0x65, 0x61, 0x76, 0x65, 0x5f, 0x72, 0x75, 0x6e, 0x6e, 0x69, 0x6e, 0x67, 0x18, 0x03, 0x20, 0x01, + 0x28, 0x08, 0x52, 0x0c, 0x6c, 0x65, 0x61, 0x76, 0x65, 0x52, 0x75, 0x6e, 0x6e, 0x69, 0x6e, 0x67, + 0x12, 0x1e, 0x0a, 0x0b, 0x65, 0x78, 0x74, 0x5f, 0x75, 0x6e, 0x69, 0x78, 0x5f, 0x73, 0x6b, 0x18, + 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x65, 0x78, 0x74, 0x55, 0x6e, 0x69, 0x78, 0x53, 0x6b, + 0x12, 0x27, 0x0a, 0x0f, 0x74, 0x63, 0x70, 0x5f, 0x65, 0x73, 0x74, 0x61, 0x62, 0x6c, 0x69, 0x73, + 0x68, 0x65, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0e, 0x74, 0x63, 0x70, 0x45, 0x73, + 0x74, 0x61, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x65, 0x64, 0x12, 0x27, 0x0a, 0x0f, 0x65, 0x76, 0x61, + 0x73, 0x69, 0x76, 0x65, 0x5f, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x73, 0x18, 0x06, 0x20, 0x01, + 0x28, 0x08, 0x52, 0x0e, 0x65, 0x76, 0x61, 0x73, 0x69, 0x76, 0x65, 0x44, 0x65, 0x76, 0x69, 0x63, + 0x65, 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x73, 0x68, 0x65, 0x6c, 0x6c, 0x5f, 0x6a, 0x6f, 0x62, 0x18, + 0x07, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x73, 0x68, 0x65, 0x6c, 0x6c, 0x4a, 0x6f, 0x62, 0x12, + 0x1d, 0x0a, 0x0a, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x6c, 0x6f, 0x63, 0x6b, 0x73, 0x18, 0x08, 0x20, + 0x01, 0x28, 0x08, 0x52, 0x09, 0x66, 0x69, 0x6c, 0x65, 0x4c, 0x6f, 0x63, 0x6b, 0x73, 0x12, 0x1e, + 0x0a, 0x09, 0x6c, 0x6f, 0x67, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x18, 0x09, 0x20, 0x01, 0x28, + 0x05, 0x3a, 0x01, 0x32, 0x52, 0x08, 0x6c, 0x6f, 0x67, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x12, 0x19, + 0x0a, 0x08, 0x6c, 0x6f, 0x67, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x07, 0x6c, 0x6f, 0x67, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x26, 0x0a, 0x02, 0x70, 0x73, 0x18, + 0x0b, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x70, 0x61, 0x67, + 0x65, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x52, 0x02, 0x70, + 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x5f, 0x73, 0x63, 0x72, 0x69, + 0x70, 0x74, 0x73, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0d, 0x6e, 0x6f, 0x74, 0x69, 0x66, + 0x79, 0x53, 0x63, 0x72, 0x69, 0x70, 0x74, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x72, 0x6f, 0x6f, 0x74, + 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x72, 0x6f, 0x6f, 0x74, 0x12, 0x1d, 0x0a, 0x0a, + 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x5f, 0x69, 0x6d, 0x67, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x09, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x49, 0x6d, 0x67, 0x12, 0x1b, 0x0a, 0x09, 0x74, + 0x72, 0x61, 0x63, 0x6b, 0x5f, 0x6d, 0x65, 0x6d, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, + 0x74, 0x72, 0x61, 0x63, 0x6b, 0x4d, 0x65, 0x6d, 0x12, 0x1d, 0x0a, 0x0a, 0x61, 0x75, 0x74, 0x6f, + 0x5f, 0x64, 0x65, 0x64, 0x75, 0x70, 0x18, 0x10, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x61, 0x75, + 0x74, 0x6f, 0x44, 0x65, 0x64, 0x75, 0x70, 0x12, 0x1e, 0x0a, 0x0b, 0x77, 0x6f, 0x72, 0x6b, 0x5f, + 0x64, 0x69, 0x72, 0x5f, 0x66, 0x64, 0x18, 0x11, 0x20, 0x01, 0x28, 0x05, 0x52, 0x09, 0x77, 0x6f, + 0x72, 0x6b, 0x44, 0x69, 0x72, 0x46, 0x64, 0x12, 0x1d, 0x0a, 0x0a, 0x6c, 0x69, 0x6e, 0x6b, 0x5f, + 0x72, 0x65, 0x6d, 0x61, 0x70, 0x18, 0x12, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x6c, 0x69, 0x6e, + 0x6b, 0x52, 0x65, 0x6d, 0x61, 0x70, 0x12, 0x25, 0x0a, 0x05, 0x76, 0x65, 0x74, 0x68, 0x73, 0x18, + 0x13, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x76, 0x65, 0x74, 0x68, 0x5f, 0x70, 0x61, 0x69, 0x72, 0x52, 0x05, 0x76, 0x65, 0x74, 0x68, 0x73, 0x12, 0x23, 0x0a, 0x07, 0x63, 0x70, 0x75, 0x5f, 0x63, 0x61, 0x70, 0x18, 0x14, 0x20, 0x01, 0x28, 0x0d, 0x3a, 0x0a, 0x34, 0x32, 0x39, 0x34, 0x39, 0x36, 0x37, 0x32, 0x39, 0x35, 0x52, 0x06, 0x63, 0x70, 0x75, 0x43, 0x61, 0x70, 0x12, 0x1f, 0x0a, 0x0b, 0x66, 0x6f, 0x72, 0x63, 0x65, 0x5f, 0x69, 0x72, 0x6d, 0x61, 0x70, 0x18, 0x15, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x66, 0x6f, 0x72, 0x63, 0x65, 0x49, 0x72, 0x6d, 0x61, 0x70, 0x12, 0x19, 0x0a, 0x08, 0x65, 0x78, 0x65, 0x63, 0x5f, 0x63, 0x6d, 0x64, 0x18, - 0x16, 0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x65, 0x78, 0x65, 0x63, 0x43, 0x6d, 0x64, 0x12, 0x2c, + 0x16, 0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x65, 0x78, 0x65, 0x63, 0x43, 0x6d, 0x64, 0x12, 0x27, 0x0a, 0x07, 0x65, 0x78, 0x74, 0x5f, 0x6d, 0x6e, 0x74, 0x18, 0x17, 0x20, 0x03, 0x28, 0x0b, 0x32, - 0x13, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x65, 0x78, 0x74, 0x5f, 0x6d, 0x6f, 0x75, 0x6e, 0x74, - 0x5f, 0x6d, 0x61, 0x70, 0x52, 0x06, 0x65, 0x78, 0x74, 0x4d, 0x6e, 0x74, 0x12, 0x25, 0x0a, 0x0e, - 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x5f, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x18, 0x18, - 0x20, 0x01, 0x28, 0x08, 0x52, 0x0d, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x43, 0x67, 0x72, 0x6f, - 0x75, 0x70, 0x73, 0x12, 0x2a, 0x0a, 0x07, 0x63, 0x67, 0x5f, 0x72, 0x6f, 0x6f, 0x74, 0x18, 0x19, - 0x20, 0x03, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x63, 0x67, 0x72, 0x6f, - 0x75, 0x70, 0x5f, 0x72, 0x6f, 0x6f, 0x74, 0x52, 0x06, 0x63, 0x67, 0x52, 0x6f, 0x6f, 0x74, 0x12, - 0x1f, 0x0a, 0x0b, 0x72, 0x73, 0x74, 0x5f, 0x73, 0x69, 0x62, 0x6c, 0x69, 0x6e, 0x67, 0x18, 0x1a, - 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x72, 0x73, 0x74, 0x53, 0x69, 0x62, 0x6c, 0x69, 0x6e, 0x67, - 0x12, 0x2f, 0x0a, 0x0a, 0x69, 0x6e, 0x68, 0x65, 0x72, 0x69, 0x74, 0x5f, 0x66, 0x64, 0x18, 0x1b, - 0x20, 0x03, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x69, 0x6e, 0x68, 0x65, - 0x72, 0x69, 0x74, 0x5f, 0x66, 0x64, 0x52, 0x09, 0x69, 0x6e, 0x68, 0x65, 0x72, 0x69, 0x74, 0x46, - 0x64, 0x12, 0x20, 0x0a, 0x0c, 0x61, 0x75, 0x74, 0x6f, 0x5f, 0x65, 0x78, 0x74, 0x5f, 0x6d, 0x6e, - 0x74, 0x18, 0x1c, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x61, 0x75, 0x74, 0x6f, 0x45, 0x78, 0x74, - 0x4d, 0x6e, 0x74, 0x12, 0x1f, 0x0a, 0x0b, 0x65, 0x78, 0x74, 0x5f, 0x73, 0x68, 0x61, 0x72, 0x69, - 0x6e, 0x67, 0x18, 0x1d, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x65, 0x78, 0x74, 0x53, 0x68, 0x61, - 0x72, 0x69, 0x6e, 0x67, 0x12, 0x1f, 0x0a, 0x0b, 0x65, 0x78, 0x74, 0x5f, 0x6d, 0x61, 0x73, 0x74, - 0x65, 0x72, 0x73, 0x18, 0x1e, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x65, 0x78, 0x74, 0x4d, 0x61, - 0x73, 0x74, 0x65, 0x72, 0x73, 0x12, 0x19, 0x0a, 0x08, 0x73, 0x6b, 0x69, 0x70, 0x5f, 0x6d, 0x6e, - 0x74, 0x18, 0x1f, 0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x73, 0x6b, 0x69, 0x70, 0x4d, 0x6e, 0x74, - 0x12, 0x1b, 0x0a, 0x09, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x5f, 0x66, 0x73, 0x18, 0x20, 0x20, - 0x03, 0x28, 0x09, 0x52, 0x08, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x46, 0x73, 0x12, 0x2d, 0x0a, - 0x0b, 0x75, 0x6e, 0x69, 0x78, 0x5f, 0x73, 0x6b, 0x5f, 0x69, 0x6e, 0x6f, 0x18, 0x21, 0x20, 0x03, - 0x28, 0x0b, 0x32, 0x0d, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x75, 0x6e, 0x69, 0x78, 0x5f, 0x73, - 0x6b, 0x52, 0x09, 0x75, 0x6e, 0x69, 0x78, 0x53, 0x6b, 0x49, 0x6e, 0x6f, 0x12, 0x42, 0x0a, 0x13, - 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x5f, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x5f, 0x6d, - 0x6f, 0x64, 0x65, 0x18, 0x22, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x12, 0x2e, 0x63, 0x72, 0x69, 0x75, - 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x63, 0x67, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x52, 0x11, 0x6d, - 0x61, 0x6e, 0x61, 0x67, 0x65, 0x43, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x4d, 0x6f, 0x64, 0x65, - 0x12, 0x28, 0x0a, 0x0b, 0x67, 0x68, 0x6f, 0x73, 0x74, 0x5f, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x18, - 0x23, 0x20, 0x01, 0x28, 0x0d, 0x3a, 0x07, 0x31, 0x30, 0x34, 0x38, 0x35, 0x37, 0x36, 0x52, 0x0a, - 0x67, 0x68, 0x6f, 0x73, 0x74, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x12, 0x28, 0x0a, 0x10, 0x69, 0x72, - 0x6d, 0x61, 0x70, 0x5f, 0x73, 0x63, 0x61, 0x6e, 0x5f, 0x70, 0x61, 0x74, 0x68, 0x73, 0x18, 0x24, - 0x20, 0x03, 0x28, 0x09, 0x52, 0x0e, 0x69, 0x72, 0x6d, 0x61, 0x70, 0x53, 0x63, 0x61, 0x6e, 0x50, - 0x61, 0x74, 0x68, 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, - 0x18, 0x25, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, - 0x12, 0x19, 0x0a, 0x08, 0x65, 0x6d, 0x70, 0x74, 0x79, 0x5f, 0x6e, 0x73, 0x18, 0x26, 0x20, 0x01, - 0x28, 0x0d, 0x52, 0x07, 0x65, 0x6d, 0x70, 0x74, 0x79, 0x4e, 0x73, 0x12, 0x2d, 0x0a, 0x07, 0x6a, - 0x6f, 0x69, 0x6e, 0x5f, 0x6e, 0x73, 0x18, 0x27, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x63, - 0x72, 0x69, 0x75, 0x2e, 0x6a, 0x6f, 0x69, 0x6e, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, - 0x63, 0x65, 0x52, 0x06, 0x6a, 0x6f, 0x69, 0x6e, 0x4e, 0x73, 0x12, 0x21, 0x0a, 0x0c, 0x63, 0x67, - 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x70, 0x72, 0x6f, 0x70, 0x73, 0x18, 0x29, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x0b, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x50, 0x72, 0x6f, 0x70, 0x73, 0x12, 0x2a, 0x0a, - 0x11, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x70, 0x72, 0x6f, 0x70, 0x73, 0x5f, 0x66, 0x69, - 0x6c, 0x65, 0x18, 0x2a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, - 0x50, 0x72, 0x6f, 0x70, 0x73, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x34, 0x0a, 0x16, 0x63, 0x67, 0x72, - 0x6f, 0x75, 0x70, 0x5f, 0x64, 0x75, 0x6d, 0x70, 0x5f, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, - 0x6c, 0x65, 0x72, 0x18, 0x2b, 0x20, 0x03, 0x28, 0x09, 0x52, 0x14, 0x63, 0x67, 0x72, 0x6f, 0x75, - 0x70, 0x44, 0x75, 0x6d, 0x70, 0x43, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x12, - 0x23, 0x0a, 0x0d, 0x66, 0x72, 0x65, 0x65, 0x7a, 0x65, 0x5f, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, - 0x18, 0x2c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x66, 0x72, 0x65, 0x65, 0x7a, 0x65, 0x43, 0x67, - 0x72, 0x6f, 0x75, 0x70, 0x12, 0x18, 0x0a, 0x07, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, - 0x2d, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x07, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x2b, - 0x0a, 0x12, 0x74, 0x63, 0x70, 0x5f, 0x73, 0x6b, 0x69, 0x70, 0x5f, 0x69, 0x6e, 0x5f, 0x66, 0x6c, - 0x69, 0x67, 0x68, 0x74, 0x18, 0x2e, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0f, 0x74, 0x63, 0x70, 0x53, - 0x6b, 0x69, 0x70, 0x49, 0x6e, 0x46, 0x6c, 0x69, 0x67, 0x68, 0x74, 0x12, 0x21, 0x0a, 0x0c, 0x77, - 0x65, 0x61, 0x6b, 0x5f, 0x73, 0x79, 0x73, 0x63, 0x74, 0x6c, 0x73, 0x18, 0x2f, 0x20, 0x01, 0x28, - 0x08, 0x52, 0x0b, 0x77, 0x65, 0x61, 0x6b, 0x53, 0x79, 0x73, 0x63, 0x74, 0x6c, 0x73, 0x12, 0x1d, - 0x0a, 0x0a, 0x6c, 0x61, 0x7a, 0x79, 0x5f, 0x70, 0x61, 0x67, 0x65, 0x73, 0x18, 0x30, 0x20, 0x01, - 0x28, 0x08, 0x52, 0x09, 0x6c, 0x61, 0x7a, 0x79, 0x50, 0x61, 0x67, 0x65, 0x73, 0x12, 0x1b, 0x0a, - 0x09, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x5f, 0x66, 0x64, 0x18, 0x31, 0x20, 0x01, 0x28, 0x05, - 0x52, 0x08, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x46, 0x64, 0x12, 0x2a, 0x0a, 0x11, 0x6f, 0x72, - 0x70, 0x68, 0x61, 0x6e, 0x5f, 0x70, 0x74, 0x73, 0x5f, 0x6d, 0x61, 0x73, 0x74, 0x65, 0x72, 0x18, - 0x32, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0f, 0x6f, 0x72, 0x70, 0x68, 0x61, 0x6e, 0x50, 0x74, 0x73, - 0x4d, 0x61, 0x73, 0x74, 0x65, 0x72, 0x12, 0x1f, 0x0a, 0x0b, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, - 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x33, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x63, 0x6f, 0x6e, - 0x66, 0x69, 0x67, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x1b, 0x0a, 0x09, 0x74, 0x63, 0x70, 0x5f, 0x63, - 0x6c, 0x6f, 0x73, 0x65, 0x18, 0x34, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x74, 0x63, 0x70, 0x43, - 0x6c, 0x6f, 0x73, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x6c, 0x73, 0x6d, 0x5f, 0x70, 0x72, 0x6f, 0x66, - 0x69, 0x6c, 0x65, 0x18, 0x35, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x6c, 0x73, 0x6d, 0x50, 0x72, - 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x74, 0x6c, 0x73, 0x5f, 0x63, 0x61, 0x63, - 0x65, 0x72, 0x74, 0x18, 0x36, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x74, 0x6c, 0x73, 0x43, 0x61, - 0x63, 0x65, 0x72, 0x74, 0x12, 0x1b, 0x0a, 0x09, 0x74, 0x6c, 0x73, 0x5f, 0x63, 0x61, 0x63, 0x72, - 0x6c, 0x18, 0x37, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x74, 0x6c, 0x73, 0x43, 0x61, 0x63, 0x72, - 0x6c, 0x12, 0x19, 0x0a, 0x08, 0x74, 0x6c, 0x73, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x18, 0x38, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x07, 0x74, 0x6c, 0x73, 0x43, 0x65, 0x72, 0x74, 0x12, 0x17, 0x0a, 0x07, - 0x74, 0x6c, 0x73, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x39, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x74, - 0x6c, 0x73, 0x4b, 0x65, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x74, 0x6c, 0x73, 0x18, 0x3a, 0x20, 0x01, - 0x28, 0x08, 0x52, 0x03, 0x74, 0x6c, 0x73, 0x12, 0x27, 0x0a, 0x10, 0x74, 0x6c, 0x73, 0x5f, 0x6e, - 0x6f, 0x5f, 0x63, 0x6e, 0x5f, 0x76, 0x65, 0x72, 0x69, 0x66, 0x79, 0x18, 0x3b, 0x20, 0x01, 0x28, - 0x08, 0x52, 0x0d, 0x74, 0x6c, 0x73, 0x4e, 0x6f, 0x43, 0x6e, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, - 0x12, 0x1f, 0x0a, 0x0b, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x79, 0x61, 0x72, 0x64, 0x18, - 0x3c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x59, 0x61, 0x72, - 0x64, 0x12, 0x44, 0x0a, 0x0d, 0x70, 0x72, 0x65, 0x5f, 0x64, 0x75, 0x6d, 0x70, 0x5f, 0x6d, 0x6f, - 0x64, 0x65, 0x18, 0x3d, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x18, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, - 0x63, 0x72, 0x69, 0x75, 0x5f, 0x70, 0x72, 0x65, 0x5f, 0x64, 0x75, 0x6d, 0x70, 0x5f, 0x6d, 0x6f, - 0x64, 0x65, 0x3a, 0x06, 0x53, 0x50, 0x4c, 0x49, 0x43, 0x45, 0x52, 0x0b, 0x70, 0x72, 0x65, 0x44, - 0x75, 0x6d, 0x70, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x24, 0x0a, 0x0e, 0x70, 0x69, 0x64, 0x66, 0x64, - 0x5f, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x5f, 0x73, 0x6b, 0x18, 0x3e, 0x20, 0x01, 0x28, 0x05, 0x52, - 0x0c, 0x70, 0x69, 0x64, 0x66, 0x64, 0x53, 0x74, 0x6f, 0x72, 0x65, 0x53, 0x6b, 0x12, 0x2a, 0x0a, - 0x11, 0x6c, 0x73, 0x6d, 0x5f, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x63, 0x6f, 0x6e, 0x74, 0x65, - 0x78, 0x74, 0x18, 0x3f, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x6c, 0x73, 0x6d, 0x4d, 0x6f, 0x75, - 0x6e, 0x74, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x12, 0x4b, 0x0a, 0x0c, 0x6e, 0x65, 0x74, - 0x77, 0x6f, 0x72, 0x6b, 0x5f, 0x6c, 0x6f, 0x63, 0x6b, 0x18, 0x40, 0x20, 0x01, 0x28, 0x0e, 0x32, - 0x1e, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x6e, 0x65, 0x74, 0x77, - 0x6f, 0x72, 0x6b, 0x5f, 0x6c, 0x6f, 0x63, 0x6b, 0x5f, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x3a, - 0x08, 0x49, 0x50, 0x54, 0x41, 0x42, 0x4c, 0x45, 0x53, 0x52, 0x0b, 0x6e, 0x65, 0x74, 0x77, 0x6f, - 0x72, 0x6b, 0x4c, 0x6f, 0x63, 0x6b, 0x12, 0x2a, 0x0a, 0x11, 0x6d, 0x6e, 0x74, 0x6e, 0x73, 0x5f, - 0x63, 0x6f, 0x6d, 0x70, 0x61, 0x74, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x41, 0x20, 0x01, 0x28, - 0x08, 0x52, 0x0f, 0x6d, 0x6e, 0x74, 0x6e, 0x73, 0x43, 0x6f, 0x6d, 0x70, 0x61, 0x74, 0x4d, 0x6f, - 0x64, 0x65, 0x22, 0x2c, 0x0a, 0x0e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x64, 0x75, 0x6d, 0x70, 0x5f, - 0x72, 0x65, 0x73, 0x70, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x64, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x72, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x64, - 0x22, 0x25, 0x0a, 0x11, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x72, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, - 0x5f, 0x72, 0x65, 0x73, 0x70, 0x12, 0x10, 0x0a, 0x03, 0x70, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, - 0x28, 0x05, 0x52, 0x03, 0x70, 0x69, 0x64, 0x22, 0x37, 0x0a, 0x0b, 0x63, 0x72, 0x69, 0x75, 0x5f, - 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x12, 0x10, - 0x0a, 0x03, 0x70, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x70, 0x69, 0x64, - 0x22, 0x6c, 0x0a, 0x0d, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, - 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x6d, 0x65, 0x6d, 0x5f, 0x74, 0x72, 0x61, 0x63, 0x6b, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x6d, 0x65, 0x6d, 0x54, 0x72, 0x61, 0x63, 0x6b, 0x12, 0x1d, - 0x0a, 0x0a, 0x6c, 0x61, 0x7a, 0x79, 0x5f, 0x70, 0x61, 0x67, 0x65, 0x73, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x08, 0x52, 0x09, 0x6c, 0x61, 0x7a, 0x79, 0x50, 0x61, 0x67, 0x65, 0x73, 0x12, 0x1f, 0x0a, - 0x0b, 0x70, 0x69, 0x64, 0x66, 0x64, 0x5f, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x18, 0x03, 0x20, 0x01, - 0x28, 0x08, 0x52, 0x0a, 0x70, 0x69, 0x64, 0x66, 0x64, 0x53, 0x74, 0x6f, 0x72, 0x65, 0x22, 0xdf, - 0x01, 0x0a, 0x08, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x72, 0x65, 0x71, 0x12, 0x27, 0x0a, 0x04, 0x74, - 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0e, 0x32, 0x13, 0x2e, 0x63, 0x72, 0x69, 0x75, - 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x72, 0x65, 0x71, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x52, 0x04, - 0x74, 0x79, 0x70, 0x65, 0x12, 0x23, 0x0a, 0x04, 0x6f, 0x70, 0x74, 0x73, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x6f, - 0x70, 0x74, 0x73, 0x52, 0x04, 0x6f, 0x70, 0x74, 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x6e, 0x6f, 0x74, - 0x69, 0x66, 0x79, 0x5f, 0x73, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, - 0x08, 0x52, 0x0d, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, - 0x12, 0x1b, 0x0a, 0x09, 0x6b, 0x65, 0x65, 0x70, 0x5f, 0x6f, 0x70, 0x65, 0x6e, 0x18, 0x04, 0x20, - 0x01, 0x28, 0x08, 0x52, 0x08, 0x6b, 0x65, 0x65, 0x70, 0x4f, 0x70, 0x65, 0x6e, 0x12, 0x2f, 0x0a, - 0x08, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x13, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x66, 0x65, 0x61, 0x74, - 0x75, 0x72, 0x65, 0x73, 0x52, 0x08, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x12, 0x10, - 0x0a, 0x03, 0x70, 0x69, 0x64, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x03, 0x70, 0x69, 0x64, - 0x22, 0xb2, 0x03, 0x0a, 0x09, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x12, 0x27, - 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0e, 0x32, 0x13, 0x2e, 0x63, - 0x72, 0x69, 0x75, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x72, 0x65, 0x71, 0x5f, 0x74, 0x79, 0x70, - 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x73, 0x75, 0x63, 0x63, 0x65, - 0x73, 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x08, 0x52, 0x07, 0x73, 0x75, 0x63, 0x63, 0x65, 0x73, - 0x73, 0x12, 0x28, 0x0a, 0x04, 0x64, 0x75, 0x6d, 0x70, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x14, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x64, 0x75, 0x6d, 0x70, - 0x5f, 0x72, 0x65, 0x73, 0x70, 0x52, 0x04, 0x64, 0x75, 0x6d, 0x70, 0x12, 0x31, 0x0a, 0x07, 0x72, - 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x63, - 0x72, 0x69, 0x75, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x72, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, - 0x5f, 0x72, 0x65, 0x73, 0x70, 0x52, 0x07, 0x72, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x12, 0x29, - 0x0a, 0x06, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x11, - 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x6e, 0x6f, 0x74, 0x69, 0x66, - 0x79, 0x52, 0x06, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x12, 0x2b, 0x0a, 0x02, 0x70, 0x73, 0x18, - 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x63, 0x72, 0x69, + 0x0e, 0x2e, 0x65, 0x78, 0x74, 0x5f, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x6d, 0x61, 0x70, 0x52, + 0x06, 0x65, 0x78, 0x74, 0x4d, 0x6e, 0x74, 0x12, 0x25, 0x0a, 0x0e, 0x6d, 0x61, 0x6e, 0x61, 0x67, + 0x65, 0x5f, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x18, 0x18, 0x20, 0x01, 0x28, 0x08, 0x52, + 0x0d, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x43, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x12, 0x25, + 0x0a, 0x07, 0x63, 0x67, 0x5f, 0x72, 0x6f, 0x6f, 0x74, 0x18, 0x19, 0x20, 0x03, 0x28, 0x0b, 0x32, + 0x0c, 0x2e, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x72, 0x6f, 0x6f, 0x74, 0x52, 0x06, 0x63, + 0x67, 0x52, 0x6f, 0x6f, 0x74, 0x12, 0x1f, 0x0a, 0x0b, 0x72, 0x73, 0x74, 0x5f, 0x73, 0x69, 0x62, + 0x6c, 0x69, 0x6e, 0x67, 0x18, 0x1a, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x72, 0x73, 0x74, 0x53, + 0x69, 0x62, 0x6c, 0x69, 0x6e, 0x67, 0x12, 0x2a, 0x0a, 0x0a, 0x69, 0x6e, 0x68, 0x65, 0x72, 0x69, + 0x74, 0x5f, 0x66, 0x64, 0x18, 0x1b, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0b, 0x2e, 0x69, 0x6e, 0x68, + 0x65, 0x72, 0x69, 0x74, 0x5f, 0x66, 0x64, 0x52, 0x09, 0x69, 0x6e, 0x68, 0x65, 0x72, 0x69, 0x74, + 0x46, 0x64, 0x12, 0x20, 0x0a, 0x0c, 0x61, 0x75, 0x74, 0x6f, 0x5f, 0x65, 0x78, 0x74, 0x5f, 0x6d, + 0x6e, 0x74, 0x18, 0x1c, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x61, 0x75, 0x74, 0x6f, 0x45, 0x78, + 0x74, 0x4d, 0x6e, 0x74, 0x12, 0x1f, 0x0a, 0x0b, 0x65, 0x78, 0x74, 0x5f, 0x73, 0x68, 0x61, 0x72, + 0x69, 0x6e, 0x67, 0x18, 0x1d, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x65, 0x78, 0x74, 0x53, 0x68, + 0x61, 0x72, 0x69, 0x6e, 0x67, 0x12, 0x1f, 0x0a, 0x0b, 0x65, 0x78, 0x74, 0x5f, 0x6d, 0x61, 0x73, + 0x74, 0x65, 0x72, 0x73, 0x18, 0x1e, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x65, 0x78, 0x74, 0x4d, + 0x61, 0x73, 0x74, 0x65, 0x72, 0x73, 0x12, 0x19, 0x0a, 0x08, 0x73, 0x6b, 0x69, 0x70, 0x5f, 0x6d, + 0x6e, 0x74, 0x18, 0x1f, 0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x73, 0x6b, 0x69, 0x70, 0x4d, 0x6e, + 0x74, 0x12, 0x1b, 0x0a, 0x09, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x5f, 0x66, 0x73, 0x18, 0x20, + 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x46, 0x73, 0x12, 0x28, + 0x0a, 0x0b, 0x75, 0x6e, 0x69, 0x78, 0x5f, 0x73, 0x6b, 0x5f, 0x69, 0x6e, 0x6f, 0x18, 0x21, 0x20, + 0x03, 0x28, 0x0b, 0x32, 0x08, 0x2e, 0x75, 0x6e, 0x69, 0x78, 0x5f, 0x73, 0x6b, 0x52, 0x09, 0x75, + 0x6e, 0x69, 0x78, 0x53, 0x6b, 0x49, 0x6e, 0x6f, 0x12, 0x3d, 0x0a, 0x13, 0x6d, 0x61, 0x6e, 0x61, + 0x67, 0x65, 0x5f, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x18, + 0x22, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x0d, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x63, 0x67, 0x5f, + 0x6d, 0x6f, 0x64, 0x65, 0x52, 0x11, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x43, 0x67, 0x72, 0x6f, + 0x75, 0x70, 0x73, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x28, 0x0a, 0x0b, 0x67, 0x68, 0x6f, 0x73, 0x74, + 0x5f, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x18, 0x23, 0x20, 0x01, 0x28, 0x0d, 0x3a, 0x07, 0x31, 0x30, + 0x34, 0x38, 0x35, 0x37, 0x36, 0x52, 0x0a, 0x67, 0x68, 0x6f, 0x73, 0x74, 0x4c, 0x69, 0x6d, 0x69, + 0x74, 0x12, 0x28, 0x0a, 0x10, 0x69, 0x72, 0x6d, 0x61, 0x70, 0x5f, 0x73, 0x63, 0x61, 0x6e, 0x5f, + 0x70, 0x61, 0x74, 0x68, 0x73, 0x18, 0x24, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0e, 0x69, 0x72, 0x6d, + 0x61, 0x70, 0x53, 0x63, 0x61, 0x6e, 0x50, 0x61, 0x74, 0x68, 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x65, + 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x18, 0x25, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x65, + 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x12, 0x19, 0x0a, 0x08, 0x65, 0x6d, 0x70, 0x74, 0x79, + 0x5f, 0x6e, 0x73, 0x18, 0x26, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x07, 0x65, 0x6d, 0x70, 0x74, 0x79, + 0x4e, 0x73, 0x12, 0x28, 0x0a, 0x07, 0x6a, 0x6f, 0x69, 0x6e, 0x5f, 0x6e, 0x73, 0x18, 0x27, 0x20, + 0x03, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x6a, 0x6f, 0x69, 0x6e, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, + 0x70, 0x61, 0x63, 0x65, 0x52, 0x06, 0x6a, 0x6f, 0x69, 0x6e, 0x4e, 0x73, 0x12, 0x21, 0x0a, 0x0c, + 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x70, 0x72, 0x6f, 0x70, 0x73, 0x18, 0x29, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x0b, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x50, 0x72, 0x6f, 0x70, 0x73, 0x12, + 0x2a, 0x0a, 0x11, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x70, 0x72, 0x6f, 0x70, 0x73, 0x5f, + 0x66, 0x69, 0x6c, 0x65, 0x18, 0x2a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x63, 0x67, 0x72, 0x6f, + 0x75, 0x70, 0x50, 0x72, 0x6f, 0x70, 0x73, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x34, 0x0a, 0x16, 0x63, + 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x64, 0x75, 0x6d, 0x70, 0x5f, 0x63, 0x6f, 0x6e, 0x74, 0x72, + 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x18, 0x2b, 0x20, 0x03, 0x28, 0x09, 0x52, 0x14, 0x63, 0x67, 0x72, + 0x6f, 0x75, 0x70, 0x44, 0x75, 0x6d, 0x70, 0x43, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, + 0x72, 0x12, 0x23, 0x0a, 0x0d, 0x66, 0x72, 0x65, 0x65, 0x7a, 0x65, 0x5f, 0x63, 0x67, 0x72, 0x6f, + 0x75, 0x70, 0x18, 0x2c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x66, 0x72, 0x65, 0x65, 0x7a, 0x65, + 0x43, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x18, 0x0a, 0x07, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, + 0x74, 0x18, 0x2d, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x07, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, + 0x12, 0x2b, 0x0a, 0x12, 0x74, 0x63, 0x70, 0x5f, 0x73, 0x6b, 0x69, 0x70, 0x5f, 0x69, 0x6e, 0x5f, + 0x66, 0x6c, 0x69, 0x67, 0x68, 0x74, 0x18, 0x2e, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0f, 0x74, 0x63, + 0x70, 0x53, 0x6b, 0x69, 0x70, 0x49, 0x6e, 0x46, 0x6c, 0x69, 0x67, 0x68, 0x74, 0x12, 0x21, 0x0a, + 0x0c, 0x77, 0x65, 0x61, 0x6b, 0x5f, 0x73, 0x79, 0x73, 0x63, 0x74, 0x6c, 0x73, 0x18, 0x2f, 0x20, + 0x01, 0x28, 0x08, 0x52, 0x0b, 0x77, 0x65, 0x61, 0x6b, 0x53, 0x79, 0x73, 0x63, 0x74, 0x6c, 0x73, + 0x12, 0x1d, 0x0a, 0x0a, 0x6c, 0x61, 0x7a, 0x79, 0x5f, 0x70, 0x61, 0x67, 0x65, 0x73, 0x18, 0x30, + 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x6c, 0x61, 0x7a, 0x79, 0x50, 0x61, 0x67, 0x65, 0x73, 0x12, + 0x1b, 0x0a, 0x09, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x5f, 0x66, 0x64, 0x18, 0x31, 0x20, 0x01, + 0x28, 0x05, 0x52, 0x08, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x46, 0x64, 0x12, 0x2a, 0x0a, 0x11, + 0x6f, 0x72, 0x70, 0x68, 0x61, 0x6e, 0x5f, 0x70, 0x74, 0x73, 0x5f, 0x6d, 0x61, 0x73, 0x74, 0x65, + 0x72, 0x18, 0x32, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0f, 0x6f, 0x72, 0x70, 0x68, 0x61, 0x6e, 0x50, + 0x74, 0x73, 0x4d, 0x61, 0x73, 0x74, 0x65, 0x72, 0x12, 0x1f, 0x0a, 0x0b, 0x63, 0x6f, 0x6e, 0x66, + 0x69, 0x67, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x33, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x63, + 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x1b, 0x0a, 0x09, 0x74, 0x63, 0x70, + 0x5f, 0x63, 0x6c, 0x6f, 0x73, 0x65, 0x18, 0x34, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x74, 0x63, + 0x70, 0x43, 0x6c, 0x6f, 0x73, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x6c, 0x73, 0x6d, 0x5f, 0x70, 0x72, + 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x35, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x6c, 0x73, 0x6d, + 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x74, 0x6c, 0x73, 0x5f, 0x63, + 0x61, 0x63, 0x65, 0x72, 0x74, 0x18, 0x36, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x74, 0x6c, 0x73, + 0x43, 0x61, 0x63, 0x65, 0x72, 0x74, 0x12, 0x1b, 0x0a, 0x09, 0x74, 0x6c, 0x73, 0x5f, 0x63, 0x61, + 0x63, 0x72, 0x6c, 0x18, 0x37, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x74, 0x6c, 0x73, 0x43, 0x61, + 0x63, 0x72, 0x6c, 0x12, 0x19, 0x0a, 0x08, 0x74, 0x6c, 0x73, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x18, + 0x38, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x74, 0x6c, 0x73, 0x43, 0x65, 0x72, 0x74, 0x12, 0x17, + 0x0a, 0x07, 0x74, 0x6c, 0x73, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x39, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x06, 0x74, 0x6c, 0x73, 0x4b, 0x65, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x74, 0x6c, 0x73, 0x18, 0x3a, + 0x20, 0x01, 0x28, 0x08, 0x52, 0x03, 0x74, 0x6c, 0x73, 0x12, 0x27, 0x0a, 0x10, 0x74, 0x6c, 0x73, + 0x5f, 0x6e, 0x6f, 0x5f, 0x63, 0x6e, 0x5f, 0x76, 0x65, 0x72, 0x69, 0x66, 0x79, 0x18, 0x3b, 0x20, + 0x01, 0x28, 0x08, 0x52, 0x0d, 0x74, 0x6c, 0x73, 0x4e, 0x6f, 0x43, 0x6e, 0x56, 0x65, 0x72, 0x69, + 0x66, 0x79, 0x12, 0x1f, 0x0a, 0x0b, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x79, 0x61, 0x72, + 0x64, 0x18, 0x3c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x59, + 0x61, 0x72, 0x64, 0x12, 0x3f, 0x0a, 0x0d, 0x70, 0x72, 0x65, 0x5f, 0x64, 0x75, 0x6d, 0x70, 0x5f, + 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x3d, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x13, 0x2e, 0x63, 0x72, 0x69, + 0x75, 0x5f, 0x70, 0x72, 0x65, 0x5f, 0x64, 0x75, 0x6d, 0x70, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x3a, + 0x06, 0x53, 0x50, 0x4c, 0x49, 0x43, 0x45, 0x52, 0x0b, 0x70, 0x72, 0x65, 0x44, 0x75, 0x6d, 0x70, + 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x24, 0x0a, 0x0e, 0x70, 0x69, 0x64, 0x66, 0x64, 0x5f, 0x73, 0x74, + 0x6f, 0x72, 0x65, 0x5f, 0x73, 0x6b, 0x18, 0x3e, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0c, 0x70, 0x69, + 0x64, 0x66, 0x64, 0x53, 0x74, 0x6f, 0x72, 0x65, 0x53, 0x6b, 0x12, 0x2a, 0x0a, 0x11, 0x6c, 0x73, + 0x6d, 0x5f, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x18, + 0x3f, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x6c, 0x73, 0x6d, 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x43, + 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x12, 0x46, 0x0a, 0x0c, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, + 0x6b, 0x5f, 0x6c, 0x6f, 0x63, 0x6b, 0x18, 0x40, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x19, 0x2e, 0x63, + 0x72, 0x69, 0x75, 0x5f, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x5f, 0x6c, 0x6f, 0x63, 0x6b, + 0x5f, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x3a, 0x08, 0x49, 0x50, 0x54, 0x41, 0x42, 0x4c, 0x45, + 0x53, 0x52, 0x0b, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x4c, 0x6f, 0x63, 0x6b, 0x12, 0x2a, + 0x0a, 0x11, 0x6d, 0x6e, 0x74, 0x6e, 0x73, 0x5f, 0x63, 0x6f, 0x6d, 0x70, 0x61, 0x74, 0x5f, 0x6d, + 0x6f, 0x64, 0x65, 0x18, 0x41, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0f, 0x6d, 0x6e, 0x74, 0x6e, 0x73, + 0x43, 0x6f, 0x6d, 0x70, 0x61, 0x74, 0x4d, 0x6f, 0x64, 0x65, 0x22, 0x2c, 0x0a, 0x0e, 0x63, 0x72, + 0x69, 0x75, 0x5f, 0x64, 0x75, 0x6d, 0x70, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x12, 0x1a, 0x0a, 0x08, + 0x72, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, + 0x72, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x64, 0x22, 0x25, 0x0a, 0x11, 0x63, 0x72, 0x69, 0x75, + 0x5f, 0x72, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x12, 0x10, 0x0a, + 0x03, 0x70, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x05, 0x52, 0x03, 0x70, 0x69, 0x64, 0x22, + 0x37, 0x0a, 0x0b, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x12, 0x16, + 0x0a, 0x06, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, + 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x70, 0x69, 0x64, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x05, 0x52, 0x03, 0x70, 0x69, 0x64, 0x22, 0x6c, 0x0a, 0x0d, 0x63, 0x72, 0x69, 0x75, + 0x5f, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x6d, 0x65, 0x6d, + 0x5f, 0x74, 0x72, 0x61, 0x63, 0x6b, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x6d, 0x65, + 0x6d, 0x54, 0x72, 0x61, 0x63, 0x6b, 0x12, 0x1d, 0x0a, 0x0a, 0x6c, 0x61, 0x7a, 0x79, 0x5f, 0x70, + 0x61, 0x67, 0x65, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x6c, 0x61, 0x7a, 0x79, + 0x50, 0x61, 0x67, 0x65, 0x73, 0x12, 0x1f, 0x0a, 0x0b, 0x70, 0x69, 0x64, 0x66, 0x64, 0x5f, 0x73, + 0x74, 0x6f, 0x72, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x70, 0x69, 0x64, 0x66, + 0x64, 0x53, 0x74, 0x6f, 0x72, 0x65, 0x22, 0xd0, 0x01, 0x0a, 0x08, 0x63, 0x72, 0x69, 0x75, 0x5f, + 0x72, 0x65, 0x71, 0x12, 0x22, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, + 0x0e, 0x32, 0x0e, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x72, 0x65, 0x71, 0x5f, 0x74, 0x79, 0x70, + 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x1e, 0x0a, 0x04, 0x6f, 0x70, 0x74, 0x73, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0a, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x6f, 0x70, 0x74, + 0x73, 0x52, 0x04, 0x6f, 0x70, 0x74, 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x6e, 0x6f, 0x74, 0x69, 0x66, + 0x79, 0x5f, 0x73, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, + 0x0d, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x1b, + 0x0a, 0x09, 0x6b, 0x65, 0x65, 0x70, 0x5f, 0x6f, 0x70, 0x65, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, + 0x08, 0x52, 0x08, 0x6b, 0x65, 0x65, 0x70, 0x4f, 0x70, 0x65, 0x6e, 0x12, 0x2a, 0x0a, 0x08, 0x66, + 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0e, 0x2e, + 0x63, 0x72, 0x69, 0x75, 0x5f, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x52, 0x08, 0x66, + 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x12, 0x10, 0x0a, 0x03, 0x70, 0x69, 0x64, 0x18, 0x06, + 0x20, 0x01, 0x28, 0x0d, 0x52, 0x03, 0x70, 0x69, 0x64, 0x22, 0x8f, 0x03, 0x0a, 0x09, 0x63, 0x72, + 0x69, 0x75, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x12, 0x22, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, + 0x01, 0x20, 0x02, 0x28, 0x0e, 0x32, 0x0e, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x72, 0x65, 0x71, + 0x5f, 0x74, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x73, + 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x08, 0x52, 0x07, 0x73, 0x75, + 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x23, 0x0a, 0x04, 0x64, 0x75, 0x6d, 0x70, 0x18, 0x03, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x64, 0x75, 0x6d, 0x70, 0x5f, + 0x72, 0x65, 0x73, 0x70, 0x52, 0x04, 0x64, 0x75, 0x6d, 0x70, 0x12, 0x2c, 0x0a, 0x07, 0x72, 0x65, + 0x73, 0x74, 0x6f, 0x72, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x63, 0x72, + 0x69, 0x75, 0x5f, 0x72, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x52, + 0x07, 0x72, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x12, 0x24, 0x0a, 0x06, 0x6e, 0x6f, 0x74, 0x69, + 0x66, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0c, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, + 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x52, 0x06, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x12, 0x26, + 0x0a, 0x02, 0x70, 0x73, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x70, 0x61, 0x67, 0x65, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x52, 0x02, 0x70, 0x73, 0x12, 0x19, 0x0a, 0x08, 0x63, 0x72, 0x5f, 0x65, 0x72, 0x72, 0x6e, 0x6f, 0x18, 0x07, 0x20, 0x01, 0x28, 0x05, 0x52, 0x07, 0x63, 0x72, 0x45, 0x72, 0x72, 0x6e, - 0x6f, 0x12, 0x2f, 0x0a, 0x08, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x18, 0x08, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, - 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x52, 0x08, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, - 0x65, 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x63, 0x72, 0x5f, 0x65, 0x72, 0x72, 0x6d, 0x73, 0x67, 0x18, - 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x63, 0x72, 0x45, 0x72, 0x72, 0x6d, 0x73, 0x67, 0x12, - 0x2c, 0x0a, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x12, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x76, 0x65, 0x72, - 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x16, 0x0a, - 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x05, 0x52, 0x06, 0x73, - 0x74, 0x61, 0x74, 0x75, 0x73, 0x22, 0xb0, 0x01, 0x0a, 0x0c, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x76, - 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x21, 0x0a, 0x0c, 0x6d, 0x61, 0x6a, 0x6f, 0x72, 0x5f, - 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x01, 0x20, 0x02, 0x28, 0x05, 0x52, 0x0b, 0x6d, 0x61, - 0x6a, 0x6f, 0x72, 0x4e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, 0x21, 0x0a, 0x0c, 0x6d, 0x69, 0x6e, - 0x6f, 0x72, 0x5f, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x02, 0x20, 0x02, 0x28, 0x05, 0x52, - 0x0b, 0x6d, 0x69, 0x6e, 0x6f, 0x72, 0x4e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, 0x14, 0x0a, 0x05, - 0x67, 0x69, 0x74, 0x69, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x67, 0x69, 0x74, - 0x69, 0x64, 0x12, 0x1a, 0x0a, 0x08, 0x73, 0x75, 0x62, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x18, 0x04, - 0x20, 0x01, 0x28, 0x05, 0x52, 0x08, 0x73, 0x75, 0x62, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x12, 0x14, - 0x0a, 0x05, 0x65, 0x78, 0x74, 0x72, 0x61, 0x18, 0x05, 0x20, 0x01, 0x28, 0x05, 0x52, 0x05, 0x65, - 0x78, 0x74, 0x72, 0x61, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x06, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x2a, 0x5f, 0x0a, 0x0c, 0x63, 0x72, 0x69, 0x75, - 0x5f, 0x63, 0x67, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x0a, 0x0a, 0x06, 0x49, 0x47, 0x4e, 0x4f, - 0x52, 0x45, 0x10, 0x00, 0x12, 0x0b, 0x0a, 0x07, 0x43, 0x47, 0x5f, 0x4e, 0x4f, 0x4e, 0x45, 0x10, - 0x01, 0x12, 0x09, 0x0a, 0x05, 0x50, 0x52, 0x4f, 0x50, 0x53, 0x10, 0x02, 0x12, 0x08, 0x0a, 0x04, - 0x53, 0x4f, 0x46, 0x54, 0x10, 0x03, 0x12, 0x08, 0x0a, 0x04, 0x46, 0x55, 0x4c, 0x4c, 0x10, 0x04, - 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x54, 0x52, 0x49, 0x43, 0x54, 0x10, 0x05, 0x12, 0x0b, 0x0a, 0x07, - 0x44, 0x45, 0x46, 0x41, 0x55, 0x4c, 0x54, 0x10, 0x06, 0x2a, 0x36, 0x0a, 0x18, 0x63, 0x72, 0x69, - 0x75, 0x5f, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x5f, 0x6c, 0x6f, 0x63, 0x6b, 0x5f, 0x6d, - 0x65, 0x74, 0x68, 0x6f, 0x64, 0x12, 0x0c, 0x0a, 0x08, 0x49, 0x50, 0x54, 0x41, 0x42, 0x4c, 0x45, - 0x53, 0x10, 0x01, 0x12, 0x0c, 0x0a, 0x08, 0x4e, 0x46, 0x54, 0x41, 0x42, 0x4c, 0x45, 0x53, 0x10, - 0x02, 0x2a, 0x2d, 0x0a, 0x12, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x70, 0x72, 0x65, 0x5f, 0x64, 0x75, - 0x6d, 0x70, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x50, 0x4c, 0x49, 0x43, - 0x45, 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x56, 0x4d, 0x5f, 0x52, 0x45, 0x41, 0x44, 0x10, 0x02, - 0x2a, 0xe5, 0x01, 0x0a, 0x0d, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x72, 0x65, 0x71, 0x5f, 0x74, 0x79, - 0x70, 0x65, 0x12, 0x09, 0x0a, 0x05, 0x45, 0x4d, 0x50, 0x54, 0x59, 0x10, 0x00, 0x12, 0x08, 0x0a, - 0x04, 0x44, 0x55, 0x4d, 0x50, 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x52, 0x45, 0x53, 0x54, 0x4f, - 0x52, 0x45, 0x10, 0x02, 0x12, 0x09, 0x0a, 0x05, 0x43, 0x48, 0x45, 0x43, 0x4b, 0x10, 0x03, 0x12, - 0x0c, 0x0a, 0x08, 0x50, 0x52, 0x45, 0x5f, 0x44, 0x55, 0x4d, 0x50, 0x10, 0x04, 0x12, 0x0f, 0x0a, - 0x0b, 0x50, 0x41, 0x47, 0x45, 0x5f, 0x53, 0x45, 0x52, 0x56, 0x45, 0x52, 0x10, 0x05, 0x12, 0x0a, - 0x0a, 0x06, 0x4e, 0x4f, 0x54, 0x49, 0x46, 0x59, 0x10, 0x06, 0x12, 0x10, 0x0a, 0x0c, 0x43, 0x50, - 0x55, 0x49, 0x4e, 0x46, 0x4f, 0x5f, 0x44, 0x55, 0x4d, 0x50, 0x10, 0x07, 0x12, 0x11, 0x0a, 0x0d, - 0x43, 0x50, 0x55, 0x49, 0x4e, 0x46, 0x4f, 0x5f, 0x43, 0x48, 0x45, 0x43, 0x4b, 0x10, 0x08, 0x12, - 0x11, 0x0a, 0x0d, 0x46, 0x45, 0x41, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x43, 0x48, 0x45, 0x43, 0x4b, - 0x10, 0x09, 0x12, 0x0b, 0x0a, 0x07, 0x56, 0x45, 0x52, 0x53, 0x49, 0x4f, 0x4e, 0x10, 0x0a, 0x12, - 0x0c, 0x0a, 0x08, 0x57, 0x41, 0x49, 0x54, 0x5f, 0x50, 0x49, 0x44, 0x10, 0x0b, 0x12, 0x14, 0x0a, - 0x10, 0x50, 0x41, 0x47, 0x45, 0x5f, 0x53, 0x45, 0x52, 0x56, 0x45, 0x52, 0x5f, 0x43, 0x48, 0x4c, - 0x44, 0x10, 0x0c, 0x12, 0x13, 0x0a, 0x0f, 0x53, 0x49, 0x4e, 0x47, 0x4c, 0x45, 0x5f, 0x50, 0x52, - 0x45, 0x5f, 0x44, 0x55, 0x4d, 0x50, 0x10, 0x0d, + 0x6f, 0x12, 0x2a, 0x0a, 0x08, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x18, 0x08, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x66, 0x65, 0x61, 0x74, 0x75, + 0x72, 0x65, 0x73, 0x52, 0x08, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x12, 0x1b, 0x0a, + 0x09, 0x63, 0x72, 0x5f, 0x65, 0x72, 0x72, 0x6d, 0x73, 0x67, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x08, 0x63, 0x72, 0x45, 0x72, 0x72, 0x6d, 0x73, 0x67, 0x12, 0x27, 0x0a, 0x07, 0x76, 0x65, + 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0d, 0x2e, 0x63, 0x72, + 0x69, 0x75, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x07, 0x76, 0x65, 0x72, 0x73, + 0x69, 0x6f, 0x6e, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x0b, 0x20, + 0x01, 0x28, 0x05, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x22, 0xb0, 0x01, 0x0a, 0x0c, + 0x63, 0x72, 0x69, 0x75, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x21, 0x0a, 0x0c, + 0x6d, 0x61, 0x6a, 0x6f, 0x72, 0x5f, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x01, 0x20, 0x02, + 0x28, 0x05, 0x52, 0x0b, 0x6d, 0x61, 0x6a, 0x6f, 0x72, 0x4e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, + 0x21, 0x0a, 0x0c, 0x6d, 0x69, 0x6e, 0x6f, 0x72, 0x5f, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, + 0x02, 0x20, 0x02, 0x28, 0x05, 0x52, 0x0b, 0x6d, 0x69, 0x6e, 0x6f, 0x72, 0x4e, 0x75, 0x6d, 0x62, + 0x65, 0x72, 0x12, 0x14, 0x0a, 0x05, 0x67, 0x69, 0x74, 0x69, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x05, 0x67, 0x69, 0x74, 0x69, 0x64, 0x12, 0x1a, 0x0a, 0x08, 0x73, 0x75, 0x62, 0x6c, + 0x65, 0x76, 0x65, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x05, 0x52, 0x08, 0x73, 0x75, 0x62, 0x6c, + 0x65, 0x76, 0x65, 0x6c, 0x12, 0x14, 0x0a, 0x05, 0x65, 0x78, 0x74, 0x72, 0x61, 0x18, 0x05, 0x20, + 0x01, 0x28, 0x05, 0x52, 0x05, 0x65, 0x78, 0x74, 0x72, 0x61, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, + 0x6d, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x2a, 0x5f, + 0x0a, 0x0c, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x63, 0x67, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x0a, + 0x0a, 0x06, 0x49, 0x47, 0x4e, 0x4f, 0x52, 0x45, 0x10, 0x00, 0x12, 0x0b, 0x0a, 0x07, 0x43, 0x47, + 0x5f, 0x4e, 0x4f, 0x4e, 0x45, 0x10, 0x01, 0x12, 0x09, 0x0a, 0x05, 0x50, 0x52, 0x4f, 0x50, 0x53, + 0x10, 0x02, 0x12, 0x08, 0x0a, 0x04, 0x53, 0x4f, 0x46, 0x54, 0x10, 0x03, 0x12, 0x08, 0x0a, 0x04, + 0x46, 0x55, 0x4c, 0x4c, 0x10, 0x04, 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x54, 0x52, 0x49, 0x43, 0x54, + 0x10, 0x05, 0x12, 0x0b, 0x0a, 0x07, 0x44, 0x45, 0x46, 0x41, 0x55, 0x4c, 0x54, 0x10, 0x06, 0x2a, + 0x36, 0x0a, 0x18, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x5f, + 0x6c, 0x6f, 0x63, 0x6b, 0x5f, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x12, 0x0c, 0x0a, 0x08, 0x49, + 0x50, 0x54, 0x41, 0x42, 0x4c, 0x45, 0x53, 0x10, 0x01, 0x12, 0x0c, 0x0a, 0x08, 0x4e, 0x46, 0x54, + 0x41, 0x42, 0x4c, 0x45, 0x53, 0x10, 0x02, 0x2a, 0x2d, 0x0a, 0x12, 0x63, 0x72, 0x69, 0x75, 0x5f, + 0x70, 0x72, 0x65, 0x5f, 0x64, 0x75, 0x6d, 0x70, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x0a, 0x0a, + 0x06, 0x53, 0x50, 0x4c, 0x49, 0x43, 0x45, 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x56, 0x4d, 0x5f, + 0x52, 0x45, 0x41, 0x44, 0x10, 0x02, 0x2a, 0xe5, 0x01, 0x0a, 0x0d, 0x63, 0x72, 0x69, 0x75, 0x5f, + 0x72, 0x65, 0x71, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x12, 0x09, 0x0a, 0x05, 0x45, 0x4d, 0x50, 0x54, + 0x59, 0x10, 0x00, 0x12, 0x08, 0x0a, 0x04, 0x44, 0x55, 0x4d, 0x50, 0x10, 0x01, 0x12, 0x0b, 0x0a, + 0x07, 0x52, 0x45, 0x53, 0x54, 0x4f, 0x52, 0x45, 0x10, 0x02, 0x12, 0x09, 0x0a, 0x05, 0x43, 0x48, + 0x45, 0x43, 0x4b, 0x10, 0x03, 0x12, 0x0c, 0x0a, 0x08, 0x50, 0x52, 0x45, 0x5f, 0x44, 0x55, 0x4d, + 0x50, 0x10, 0x04, 0x12, 0x0f, 0x0a, 0x0b, 0x50, 0x41, 0x47, 0x45, 0x5f, 0x53, 0x45, 0x52, 0x56, + 0x45, 0x52, 0x10, 0x05, 0x12, 0x0a, 0x0a, 0x06, 0x4e, 0x4f, 0x54, 0x49, 0x46, 0x59, 0x10, 0x06, + 0x12, 0x10, 0x0a, 0x0c, 0x43, 0x50, 0x55, 0x49, 0x4e, 0x46, 0x4f, 0x5f, 0x44, 0x55, 0x4d, 0x50, + 0x10, 0x07, 0x12, 0x11, 0x0a, 0x0d, 0x43, 0x50, 0x55, 0x49, 0x4e, 0x46, 0x4f, 0x5f, 0x43, 0x48, + 0x45, 0x43, 0x4b, 0x10, 0x08, 0x12, 0x11, 0x0a, 0x0d, 0x46, 0x45, 0x41, 0x54, 0x55, 0x52, 0x45, + 0x5f, 0x43, 0x48, 0x45, 0x43, 0x4b, 0x10, 0x09, 0x12, 0x0b, 0x0a, 0x07, 0x56, 0x45, 0x52, 0x53, + 0x49, 0x4f, 0x4e, 0x10, 0x0a, 0x12, 0x0c, 0x0a, 0x08, 0x57, 0x41, 0x49, 0x54, 0x5f, 0x50, 0x49, + 0x44, 0x10, 0x0b, 0x12, 0x14, 0x0a, 0x10, 0x50, 0x41, 0x47, 0x45, 0x5f, 0x53, 0x45, 0x52, 0x56, + 0x45, 0x52, 0x5f, 0x43, 0x48, 0x4c, 0x44, 0x10, 0x0c, 0x12, 0x13, 0x0a, 0x0f, 0x53, 0x49, 0x4e, + 0x47, 0x4c, 0x45, 0x5f, 0x50, 0x52, 0x45, 0x5f, 0x44, 0x55, 0x4d, 0x50, 0x10, 0x0d, } var ( @@ -2073,47 +2066,47 @@ func file_rpc_proto_rawDescGZIP() []byte { var file_rpc_proto_enumTypes = make([]protoimpl.EnumInfo, 4) var file_rpc_proto_msgTypes = make([]protoimpl.MessageInfo, 15) var file_rpc_proto_goTypes = []interface{}{ - (CriuCgMode)(0), // 0: criu.criu_cg_mode - (CriuNetworkLockMethod)(0), // 1: criu.criu_network_lock_method - (CriuPreDumpMode)(0), // 2: criu.criu_pre_dump_mode - (CriuReqType)(0), // 3: criu.criu_req_type - (*CriuPageServerInfo)(nil), // 4: criu.criu_page_server_info - (*CriuVethPair)(nil), // 5: criu.criu_veth_pair - (*ExtMountMap)(nil), // 6: criu.ext_mount_map - (*JoinNamespace)(nil), // 7: criu.join_namespace - (*InheritFd)(nil), // 8: criu.inherit_fd - (*CgroupRoot)(nil), // 9: criu.cgroup_root - (*UnixSk)(nil), // 10: criu.unix_sk - (*CriuOpts)(nil), // 11: criu.criu_opts - (*CriuDumpResp)(nil), // 12: criu.criu_dump_resp - (*CriuRestoreResp)(nil), // 13: criu.criu_restore_resp - (*CriuNotify)(nil), // 14: criu.criu_notify - (*CriuFeatures)(nil), // 15: criu.criu_features - (*CriuReq)(nil), // 16: criu.criu_req - (*CriuResp)(nil), // 17: criu.criu_resp - (*CriuVersion)(nil), // 18: criu.criu_version + (CriuCgMode)(0), // 0: criu_cg_mode + (CriuNetworkLockMethod)(0), // 1: criu_network_lock_method + (CriuPreDumpMode)(0), // 2: criu_pre_dump_mode + (CriuReqType)(0), // 3: criu_req_type + (*CriuPageServerInfo)(nil), // 4: criu_page_server_info + (*CriuVethPair)(nil), // 5: criu_veth_pair + (*ExtMountMap)(nil), // 6: ext_mount_map + (*JoinNamespace)(nil), // 7: join_namespace + (*InheritFd)(nil), // 8: inherit_fd + (*CgroupRoot)(nil), // 9: cgroup_root + (*UnixSk)(nil), // 10: unix_sk + (*CriuOpts)(nil), // 11: criu_opts + (*CriuDumpResp)(nil), // 12: criu_dump_resp + (*CriuRestoreResp)(nil), // 13: criu_restore_resp + (*CriuNotify)(nil), // 14: criu_notify + (*CriuFeatures)(nil), // 15: criu_features + (*CriuReq)(nil), // 16: criu_req + (*CriuResp)(nil), // 17: criu_resp + (*CriuVersion)(nil), // 18: criu_version } var file_rpc_proto_depIdxs = []int32{ - 4, // 0: criu.criu_opts.ps:type_name -> criu.criu_page_server_info - 5, // 1: criu.criu_opts.veths:type_name -> criu.criu_veth_pair - 6, // 2: criu.criu_opts.ext_mnt:type_name -> criu.ext_mount_map - 9, // 3: criu.criu_opts.cg_root:type_name -> criu.cgroup_root - 8, // 4: criu.criu_opts.inherit_fd:type_name -> criu.inherit_fd - 10, // 5: criu.criu_opts.unix_sk_ino:type_name -> criu.unix_sk - 0, // 6: criu.criu_opts.manage_cgroups_mode:type_name -> criu.criu_cg_mode - 7, // 7: criu.criu_opts.join_ns:type_name -> criu.join_namespace - 2, // 8: criu.criu_opts.pre_dump_mode:type_name -> criu.criu_pre_dump_mode - 1, // 9: criu.criu_opts.network_lock:type_name -> criu.criu_network_lock_method - 3, // 10: criu.criu_req.type:type_name -> criu.criu_req_type - 11, // 11: criu.criu_req.opts:type_name -> criu.criu_opts - 15, // 12: criu.criu_req.features:type_name -> criu.criu_features - 3, // 13: criu.criu_resp.type:type_name -> criu.criu_req_type - 12, // 14: criu.criu_resp.dump:type_name -> criu.criu_dump_resp - 13, // 15: criu.criu_resp.restore:type_name -> criu.criu_restore_resp - 14, // 16: criu.criu_resp.notify:type_name -> criu.criu_notify - 4, // 17: criu.criu_resp.ps:type_name -> criu.criu_page_server_info - 15, // 18: criu.criu_resp.features:type_name -> criu.criu_features - 18, // 19: criu.criu_resp.version:type_name -> criu.criu_version + 4, // 0: criu_opts.ps:type_name -> criu_page_server_info + 5, // 1: criu_opts.veths:type_name -> criu_veth_pair + 6, // 2: criu_opts.ext_mnt:type_name -> ext_mount_map + 9, // 3: criu_opts.cg_root:type_name -> cgroup_root + 8, // 4: criu_opts.inherit_fd:type_name -> inherit_fd + 10, // 5: criu_opts.unix_sk_ino:type_name -> unix_sk + 0, // 6: criu_opts.manage_cgroups_mode:type_name -> criu_cg_mode + 7, // 7: criu_opts.join_ns:type_name -> join_namespace + 2, // 8: criu_opts.pre_dump_mode:type_name -> criu_pre_dump_mode + 1, // 9: criu_opts.network_lock:type_name -> criu_network_lock_method + 3, // 10: criu_req.type:type_name -> criu_req_type + 11, // 11: criu_req.opts:type_name -> criu_opts + 15, // 12: criu_req.features:type_name -> criu_features + 3, // 13: criu_resp.type:type_name -> criu_req_type + 12, // 14: criu_resp.dump:type_name -> criu_dump_resp + 13, // 15: criu_resp.restore:type_name -> criu_restore_resp + 14, // 16: criu_resp.notify:type_name -> criu_notify + 4, // 17: criu_resp.ps:type_name -> criu_page_server_info + 15, // 18: criu_resp.features:type_name -> criu_features + 18, // 19: criu_resp.version:type_name -> criu_version 20, // [20:20] is the sub-list for method output_type 20, // [20:20] is the sub-list for method input_type 20, // [20:20] is the sub-list for extension type_name diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/rpc.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/rpc.proto index a7f1d36558b..a6cc5da4873 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/rpc.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/rpc.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; message criu_page_server_info { optional string address = 1; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/rseq.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/rseq.pb.go index b4c12560c4b..53d961e691d 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/rseq.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/rseq.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: rseq.proto package images @@ -96,18 +96,17 @@ func (x *RseqEntry) GetRseqCsPointer() uint64 { var File_rseq_proto protoreflect.FileDescriptor var file_rseq_proto_rawDesc = []byte{ - 0x0a, 0x0a, 0x72, 0x73, 0x65, 0x71, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x63, 0x72, - 0x69, 0x75, 0x22, 0xa0, 0x01, 0x0a, 0x0a, 0x72, 0x73, 0x65, 0x71, 0x5f, 0x65, 0x6e, 0x74, 0x72, - 0x79, 0x12, 0x28, 0x0a, 0x10, 0x72, 0x73, 0x65, 0x71, 0x5f, 0x61, 0x62, 0x69, 0x5f, 0x70, 0x6f, - 0x69, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x52, 0x0e, 0x72, 0x73, 0x65, - 0x71, 0x41, 0x62, 0x69, 0x50, 0x6f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x12, 0x22, 0x0a, 0x0d, 0x72, - 0x73, 0x65, 0x71, 0x5f, 0x61, 0x62, 0x69, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x02, 0x20, 0x02, - 0x28, 0x0d, 0x52, 0x0b, 0x72, 0x73, 0x65, 0x71, 0x41, 0x62, 0x69, 0x53, 0x69, 0x7a, 0x65, 0x12, - 0x1c, 0x0a, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x18, 0x03, 0x20, 0x02, - 0x28, 0x0d, 0x52, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x12, 0x26, 0x0a, - 0x0f, 0x72, 0x73, 0x65, 0x71, 0x5f, 0x63, 0x73, 0x5f, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x65, 0x72, - 0x18, 0x04, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0d, 0x72, 0x73, 0x65, 0x71, 0x43, 0x73, 0x50, 0x6f, - 0x69, 0x6e, 0x74, 0x65, 0x72, + 0x0a, 0x0a, 0x72, 0x73, 0x65, 0x71, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xa0, 0x01, 0x0a, + 0x0a, 0x72, 0x73, 0x65, 0x71, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x28, 0x0a, 0x10, 0x72, + 0x73, 0x65, 0x71, 0x5f, 0x61, 0x62, 0x69, 0x5f, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x18, + 0x01, 0x20, 0x02, 0x28, 0x04, 0x52, 0x0e, 0x72, 0x73, 0x65, 0x71, 0x41, 0x62, 0x69, 0x50, 0x6f, + 0x69, 0x6e, 0x74, 0x65, 0x72, 0x12, 0x22, 0x0a, 0x0d, 0x72, 0x73, 0x65, 0x71, 0x5f, 0x61, 0x62, + 0x69, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x0b, 0x72, 0x73, + 0x65, 0x71, 0x41, 0x62, 0x69, 0x53, 0x69, 0x7a, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x73, 0x69, 0x67, + 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x09, 0x73, 0x69, + 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x12, 0x26, 0x0a, 0x0f, 0x72, 0x73, 0x65, 0x71, 0x5f, + 0x63, 0x73, 0x5f, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, 0x04, + 0x52, 0x0d, 0x72, 0x73, 0x65, 0x71, 0x43, 0x73, 0x50, 0x6f, 0x69, 0x6e, 0x74, 0x65, 0x72, } var ( @@ -124,7 +123,7 @@ func file_rseq_proto_rawDescGZIP() []byte { var file_rseq_proto_msgTypes = make([]protoimpl.MessageInfo, 1) var file_rseq_proto_goTypes = []interface{}{ - (*RseqEntry)(nil), // 0: criu.rseq_entry + (*RseqEntry)(nil), // 0: rseq_entry } var file_rseq_proto_depIdxs = []int32{ 0, // [0:0] is the sub-list for method output_type diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/rseq.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/rseq.proto index 5f1ff5e0a88..45cb8476da2 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/rseq.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/rseq.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; message rseq_entry { required uint64 rseq_abi_pointer = 1; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/seccomp.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/seccomp.pb.go index 9a8b9f3a2da..124a6cc85a1 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/seccomp.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/seccomp.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: seccomp.proto package images @@ -135,18 +135,17 @@ func (x *SeccompEntry) GetSeccompFilters() []*SeccompFilter { var File_seccomp_proto protoreflect.FileDescriptor var file_seccomp_proto_rawDesc = []byte{ - 0x0a, 0x0d, 0x73, 0x65, 0x63, 0x63, 0x6f, 0x6d, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, - 0x04, 0x63, 0x72, 0x69, 0x75, 0x22, 0x52, 0x0a, 0x0e, 0x73, 0x65, 0x63, 0x63, 0x6f, 0x6d, 0x70, - 0x5f, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x12, 0x16, 0x0a, 0x06, 0x66, 0x69, 0x6c, 0x74, 0x65, - 0x72, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0c, 0x52, 0x06, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x12, - 0x12, 0x0a, 0x04, 0x70, 0x72, 0x65, 0x76, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x04, 0x70, - 0x72, 0x65, 0x76, 0x12, 0x14, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x03, 0x20, 0x01, - 0x28, 0x0d, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x22, 0x4e, 0x0a, 0x0d, 0x73, 0x65, 0x63, - 0x63, 0x6f, 0x6d, 0x70, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x3d, 0x0a, 0x0f, 0x73, 0x65, - 0x63, 0x63, 0x6f, 0x6d, 0x70, 0x5f, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x18, 0x01, 0x20, - 0x03, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x73, 0x65, 0x63, 0x63, 0x6f, - 0x6d, 0x70, 0x5f, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x52, 0x0e, 0x73, 0x65, 0x63, 0x63, 0x6f, - 0x6d, 0x70, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, + 0x0a, 0x0d, 0x73, 0x65, 0x63, 0x63, 0x6f, 0x6d, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, + 0x52, 0x0a, 0x0e, 0x73, 0x65, 0x63, 0x63, 0x6f, 0x6d, 0x70, 0x5f, 0x66, 0x69, 0x6c, 0x74, 0x65, + 0x72, 0x12, 0x16, 0x0a, 0x06, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x18, 0x01, 0x20, 0x02, 0x28, + 0x0c, 0x52, 0x06, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x72, 0x65, + 0x76, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x04, 0x70, 0x72, 0x65, 0x76, 0x12, 0x14, 0x0a, + 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x05, 0x66, 0x6c, + 0x61, 0x67, 0x73, 0x22, 0x49, 0x0a, 0x0d, 0x73, 0x65, 0x63, 0x63, 0x6f, 0x6d, 0x70, 0x5f, 0x65, + 0x6e, 0x74, 0x72, 0x79, 0x12, 0x38, 0x0a, 0x0f, 0x73, 0x65, 0x63, 0x63, 0x6f, 0x6d, 0x70, 0x5f, + 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0f, 0x2e, + 0x73, 0x65, 0x63, 0x63, 0x6f, 0x6d, 0x70, 0x5f, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x52, 0x0e, + 0x73, 0x65, 0x63, 0x63, 0x6f, 0x6d, 0x70, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, } var ( @@ -163,11 +162,11 @@ func file_seccomp_proto_rawDescGZIP() []byte { var file_seccomp_proto_msgTypes = make([]protoimpl.MessageInfo, 2) var file_seccomp_proto_goTypes = []interface{}{ - (*SeccompFilter)(nil), // 0: criu.seccomp_filter - (*SeccompEntry)(nil), // 1: criu.seccomp_entry + (*SeccompFilter)(nil), // 0: seccomp_filter + (*SeccompEntry)(nil), // 1: seccomp_entry } var file_seccomp_proto_depIdxs = []int32{ - 0, // 0: criu.seccomp_entry.seccomp_filters:type_name -> criu.seccomp_filter + 0, // 0: seccomp_entry.seccomp_filters:type_name -> seccomp_filter 1, // [1:1] is the sub-list for method output_type 1, // [1:1] is the sub-list for method input_type 1, // [1:1] is the sub-list for extension type_name diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/seccomp.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/seccomp.proto index 693a99f2a41..e56cea3a1da 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/seccomp.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/seccomp.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; message seccomp_filter { required bytes filter = 1; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/siginfo.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/siginfo.pb.go index 87a3841c185..97db33982c1 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/siginfo.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/siginfo.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: siginfo.proto package images @@ -119,15 +119,14 @@ func (x *SignalQueueEntry) GetSignals() []*SiginfoEntry { var File_siginfo_proto protoreflect.FileDescriptor var file_siginfo_proto_rawDesc = []byte{ - 0x0a, 0x0d, 0x73, 0x69, 0x67, 0x69, 0x6e, 0x66, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, - 0x04, 0x63, 0x72, 0x69, 0x75, 0x22, 0x29, 0x0a, 0x0d, 0x73, 0x69, 0x67, 0x69, 0x6e, 0x66, 0x6f, - 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x18, 0x0a, 0x07, 0x73, 0x69, 0x67, 0x69, 0x6e, 0x66, - 0x6f, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0c, 0x52, 0x07, 0x73, 0x69, 0x67, 0x69, 0x6e, 0x66, 0x6f, - 0x22, 0x43, 0x0a, 0x12, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x6c, 0x5f, 0x71, 0x75, 0x65, 0x75, 0x65, - 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x2d, 0x0a, 0x07, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x6c, - 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x73, - 0x69, 0x67, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x73, 0x69, - 0x67, 0x6e, 0x61, 0x6c, 0x73, + 0x0a, 0x0d, 0x73, 0x69, 0x67, 0x69, 0x6e, 0x66, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, + 0x29, 0x0a, 0x0d, 0x73, 0x69, 0x67, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, + 0x12, 0x18, 0x0a, 0x07, 0x73, 0x69, 0x67, 0x69, 0x6e, 0x66, 0x6f, 0x18, 0x01, 0x20, 0x02, 0x28, + 0x0c, 0x52, 0x07, 0x73, 0x69, 0x67, 0x69, 0x6e, 0x66, 0x6f, 0x22, 0x3e, 0x0a, 0x12, 0x73, 0x69, + 0x67, 0x6e, 0x61, 0x6c, 0x5f, 0x71, 0x75, 0x65, 0x75, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, + 0x12, 0x28, 0x0a, 0x07, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x6c, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, + 0x0b, 0x32, 0x0e, 0x2e, 0x73, 0x69, 0x67, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x65, 0x6e, 0x74, 0x72, + 0x79, 0x52, 0x07, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x6c, 0x73, } var ( @@ -144,11 +143,11 @@ func file_siginfo_proto_rawDescGZIP() []byte { var file_siginfo_proto_msgTypes = make([]protoimpl.MessageInfo, 2) var file_siginfo_proto_goTypes = []interface{}{ - (*SiginfoEntry)(nil), // 0: criu.siginfo_entry - (*SignalQueueEntry)(nil), // 1: criu.signal_queue_entry + (*SiginfoEntry)(nil), // 0: siginfo_entry + (*SignalQueueEntry)(nil), // 1: signal_queue_entry } var file_siginfo_proto_depIdxs = []int32{ - 0, // 0: criu.signal_queue_entry.signals:type_name -> criu.siginfo_entry + 0, // 0: signal_queue_entry.signals:type_name -> siginfo_entry 1, // [1:1] is the sub-list for method output_type 1, // [1:1] is the sub-list for method input_type 1, // [1:1] is the sub-list for extension type_name diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/siginfo.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/siginfo.proto index 35b7ee4f3df..6e696c7fd8b 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/siginfo.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/siginfo.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; message siginfo_entry { required bytes siginfo = 1; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/signalfd.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/signalfd.pb.go index 657ccb5c772..02a80b1431c 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/signalfd.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/signalfd.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: signalfd.proto package images @@ -97,17 +97,16 @@ var File_signalfd_proto protoreflect.FileDescriptor var file_signalfd_proto_rawDesc = []byte{ 0x0a, 0x0e, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x6c, 0x66, 0x64, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x12, 0x04, 0x63, 0x72, 0x69, 0x75, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x1a, 0x0a, 0x66, 0x6f, 0x77, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x84, - 0x01, 0x0a, 0x0e, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x6c, 0x66, 0x64, 0x5f, 0x65, 0x6e, 0x74, 0x72, - 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, - 0x64, 0x12, 0x1b, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, - 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x24, - 0x0a, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x63, - 0x72, 0x69, 0x75, 0x2e, 0x66, 0x6f, 0x77, 0x6e, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, - 0x66, 0x6f, 0x77, 0x6e, 0x12, 0x1f, 0x0a, 0x07, 0x73, 0x69, 0x67, 0x6d, 0x61, 0x73, 0x6b, 0x18, - 0x04, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x07, 0x73, 0x69, - 0x67, 0x6d, 0x61, 0x73, 0x6b, + 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x66, 0x6f, + 0x77, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x7f, 0x0a, 0x0e, 0x73, 0x69, 0x67, 0x6e, + 0x61, 0x6c, 0x66, 0x64, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, + 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, 0x1b, 0x0a, 0x05, 0x66, 0x6c, + 0x61, 0x67, 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, + 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x1f, 0x0a, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x18, + 0x03, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x0b, 0x2e, 0x66, 0x6f, 0x77, 0x6e, 0x5f, 0x65, 0x6e, 0x74, + 0x72, 0x79, 0x52, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x12, 0x1f, 0x0a, 0x07, 0x73, 0x69, 0x67, 0x6d, + 0x61, 0x73, 0x6b, 0x18, 0x04, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, + 0x52, 0x07, 0x73, 0x69, 0x67, 0x6d, 0x61, 0x73, 0x6b, } var ( @@ -124,11 +123,11 @@ func file_signalfd_proto_rawDescGZIP() []byte { var file_signalfd_proto_msgTypes = make([]protoimpl.MessageInfo, 1) var file_signalfd_proto_goTypes = []interface{}{ - (*SignalfdEntry)(nil), // 0: criu.signalfd_entry - (*FownEntry)(nil), // 1: criu.fown_entry + (*SignalfdEntry)(nil), // 0: signalfd_entry + (*FownEntry)(nil), // 1: fown_entry } var file_signalfd_proto_depIdxs = []int32{ - 1, // 0: criu.signalfd_entry.fown:type_name -> criu.fown_entry + 1, // 0: signalfd_entry.fown:type_name -> fown_entry 1, // [1:1] is the sub-list for method output_type 1, // [1:1] is the sub-list for method input_type 1, // [1:1] is the sub-list for extension type_name diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/signalfd.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/signalfd.proto index 3524ae94049..83546ae218d 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/signalfd.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/signalfd.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; import "opts.proto"; import "fown.proto"; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sit.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sit.pb.go index 5ab3ba26f16..3572130dec3 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sit.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sit.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: sit.proto package images @@ -192,39 +192,38 @@ func (x *SitEntry) GetRelayPrefix() []uint32 { var File_sit_proto protoreflect.FileDescriptor var file_sit_proto_rawDesc = []byte{ - 0x0a, 0x09, 0x73, 0x69, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x63, 0x72, 0x69, - 0x75, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xe3, 0x03, - 0x0a, 0x09, 0x73, 0x69, 0x74, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x6c, - 0x69, 0x6e, 0x6b, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x04, 0x6c, 0x69, 0x6e, 0x6b, 0x12, - 0x1b, 0x0a, 0x05, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0d, 0x42, 0x05, - 0xd2, 0x3f, 0x02, 0x10, 0x01, 0x52, 0x05, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x12, 0x1d, 0x0a, 0x06, - 0x72, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, - 0x02, 0x10, 0x01, 0x52, 0x06, 0x72, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x74, - 0x74, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x03, 0x74, 0x74, 0x6c, 0x12, 0x10, 0x0a, - 0x03, 0x74, 0x6f, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x03, 0x74, 0x6f, 0x73, 0x12, - 0x1a, 0x0a, 0x08, 0x70, 0x6d, 0x74, 0x75, 0x64, 0x69, 0x73, 0x63, 0x18, 0x06, 0x20, 0x01, 0x28, - 0x08, 0x52, 0x08, 0x70, 0x6d, 0x74, 0x75, 0x64, 0x69, 0x73, 0x63, 0x12, 0x14, 0x0a, 0x05, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x05, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x12, 0x14, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0d, - 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x1d, 0x0a, 0x0a, 0x65, 0x6e, 0x63, 0x61, 0x70, - 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x09, 0x65, 0x6e, 0x63, - 0x61, 0x70, 0x54, 0x79, 0x70, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x65, 0x6e, 0x63, 0x61, 0x70, 0x5f, - 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0a, 0x65, 0x6e, 0x63, - 0x61, 0x70, 0x46, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x1f, 0x0a, 0x0b, 0x65, 0x6e, 0x63, 0x61, 0x70, - 0x5f, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0a, 0x65, 0x6e, - 0x63, 0x61, 0x70, 0x53, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x1f, 0x0a, 0x0b, 0x65, 0x6e, 0x63, 0x61, - 0x70, 0x5f, 0x64, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0a, 0x65, - 0x6e, 0x63, 0x61, 0x70, 0x44, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x21, 0x0a, 0x0c, 0x72, 0x64, 0x5f, - 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x6c, 0x65, 0x6e, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x0d, 0x52, - 0x0b, 0x72, 0x64, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x6c, 0x65, 0x6e, 0x12, 0x22, 0x0a, 0x09, - 0x72, 0x64, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x0e, 0x20, 0x03, 0x28, 0x0d, 0x42, - 0x05, 0xd2, 0x3f, 0x02, 0x10, 0x01, 0x52, 0x08, 0x72, 0x64, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, - 0x12, 0x27, 0x0a, 0x0f, 0x72, 0x65, 0x6c, 0x61, 0x79, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, - 0x6c, 0x65, 0x6e, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0e, 0x72, 0x65, 0x6c, 0x61, 0x79, - 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x6c, 0x65, 0x6e, 0x12, 0x28, 0x0a, 0x0c, 0x72, 0x65, 0x6c, - 0x61, 0x79, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x10, 0x20, 0x03, 0x28, 0x0d, 0x42, - 0x05, 0xd2, 0x3f, 0x02, 0x10, 0x01, 0x52, 0x0b, 0x72, 0x65, 0x6c, 0x61, 0x79, 0x50, 0x72, 0x65, - 0x66, 0x69, 0x78, + 0x0a, 0x09, 0x73, 0x69, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x6f, 0x70, 0x74, + 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xe3, 0x03, 0x0a, 0x09, 0x73, 0x69, 0x74, 0x5f, + 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x6c, 0x69, 0x6e, 0x6b, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x0d, 0x52, 0x04, 0x6c, 0x69, 0x6e, 0x6b, 0x12, 0x1b, 0x0a, 0x05, 0x6c, 0x6f, 0x63, + 0x61, 0x6c, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x10, 0x01, 0x52, + 0x05, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x12, 0x1d, 0x0a, 0x06, 0x72, 0x65, 0x6d, 0x6f, 0x74, 0x65, + 0x18, 0x03, 0x20, 0x03, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x10, 0x01, 0x52, 0x06, 0x72, + 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x74, 0x74, 0x6c, 0x18, 0x04, 0x20, 0x01, + 0x28, 0x0d, 0x52, 0x03, 0x74, 0x74, 0x6c, 0x12, 0x10, 0x0a, 0x03, 0x74, 0x6f, 0x73, 0x18, 0x05, + 0x20, 0x01, 0x28, 0x0d, 0x52, 0x03, 0x74, 0x6f, 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x6d, 0x74, + 0x75, 0x64, 0x69, 0x73, 0x63, 0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x70, 0x6d, 0x74, + 0x75, 0x64, 0x69, 0x73, 0x63, 0x12, 0x14, 0x0a, 0x05, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x18, 0x07, + 0x20, 0x01, 0x28, 0x0d, 0x52, 0x05, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x14, 0x0a, 0x05, 0x66, + 0x6c, 0x61, 0x67, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, + 0x73, 0x12, 0x1d, 0x0a, 0x0a, 0x65, 0x6e, 0x63, 0x61, 0x70, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, + 0x09, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x09, 0x65, 0x6e, 0x63, 0x61, 0x70, 0x54, 0x79, 0x70, 0x65, + 0x12, 0x1f, 0x0a, 0x0b, 0x65, 0x6e, 0x63, 0x61, 0x70, 0x5f, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, + 0x0a, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0a, 0x65, 0x6e, 0x63, 0x61, 0x70, 0x46, 0x6c, 0x61, 0x67, + 0x73, 0x12, 0x1f, 0x0a, 0x0b, 0x65, 0x6e, 0x63, 0x61, 0x70, 0x5f, 0x73, 0x70, 0x6f, 0x72, 0x74, + 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0a, 0x65, 0x6e, 0x63, 0x61, 0x70, 0x53, 0x70, 0x6f, + 0x72, 0x74, 0x12, 0x1f, 0x0a, 0x0b, 0x65, 0x6e, 0x63, 0x61, 0x70, 0x5f, 0x64, 0x70, 0x6f, 0x72, + 0x74, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0a, 0x65, 0x6e, 0x63, 0x61, 0x70, 0x44, 0x70, + 0x6f, 0x72, 0x74, 0x12, 0x21, 0x0a, 0x0c, 0x72, 0x64, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, + 0x6c, 0x65, 0x6e, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0b, 0x72, 0x64, 0x50, 0x72, 0x65, + 0x66, 0x69, 0x78, 0x6c, 0x65, 0x6e, 0x12, 0x22, 0x0a, 0x09, 0x72, 0x64, 0x5f, 0x70, 0x72, 0x65, + 0x66, 0x69, 0x78, 0x18, 0x0e, 0x20, 0x03, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x10, 0x01, + 0x52, 0x08, 0x72, 0x64, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x27, 0x0a, 0x0f, 0x72, 0x65, + 0x6c, 0x61, 0x79, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x6c, 0x65, 0x6e, 0x18, 0x0f, 0x20, + 0x01, 0x28, 0x0d, 0x52, 0x0e, 0x72, 0x65, 0x6c, 0x61, 0x79, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, + 0x6c, 0x65, 0x6e, 0x12, 0x28, 0x0a, 0x0c, 0x72, 0x65, 0x6c, 0x61, 0x79, 0x5f, 0x70, 0x72, 0x65, + 0x66, 0x69, 0x78, 0x18, 0x10, 0x20, 0x03, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x10, 0x01, + 0x52, 0x0b, 0x72, 0x65, 0x6c, 0x61, 0x79, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, } var ( @@ -241,7 +240,7 @@ func file_sit_proto_rawDescGZIP() []byte { var file_sit_proto_msgTypes = make([]protoimpl.MessageInfo, 1) var file_sit_proto_goTypes = []interface{}{ - (*SitEntry)(nil), // 0: criu.sit_entry + (*SitEntry)(nil), // 0: sit_entry } var file_sit_proto_depIdxs = []int32{ 0, // [0:0] is the sub-list for method output_type diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sit.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sit.proto index 9d7ad7c5603..5396458581b 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sit.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sit.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; import "opts.proto"; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-inet.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-inet.pb.go index edb29a96fd4..03801fb0aa5 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-inet.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-inet.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: sk-inet.proto package images @@ -180,7 +180,7 @@ type InetSkEntry struct { // here and convert it on restore Ifname *string `protobuf:"bytes,17,opt,name=ifname" json:"ifname,omitempty"` NsId *uint32 `protobuf:"varint,18,opt,name=ns_id,json=nsId" json:"ns_id,omitempty"` - Shutdown *SkShutdown `protobuf:"varint,19,opt,name=shutdown,enum=criu.SkShutdown" json:"shutdown,omitempty"` + Shutdown *SkShutdown `protobuf:"varint,19,opt,name=shutdown,enum=SkShutdown" json:"shutdown,omitempty"` } func (x *InetSkEntry) Reset() { @@ -351,62 +351,60 @@ func (x *InetSkEntry) GetShutdown() SkShutdown { var File_sk_inet_proto protoreflect.FileDescriptor var file_sk_inet_proto_rawDesc = []byte{ - 0x0a, 0x0d, 0x73, 0x6b, 0x2d, 0x69, 0x6e, 0x65, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, - 0x04, 0x63, 0x72, 0x69, 0x75, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x1a, 0x0a, 0x66, 0x6f, 0x77, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0d, 0x73, - 0x6b, 0x2d, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x88, 0x01, 0x0a, - 0x11, 0x69, 0x70, 0x5f, 0x6f, 0x70, 0x74, 0x73, 0x5f, 0x72, 0x61, 0x77, 0x5f, 0x65, 0x6e, 0x74, - 0x72, 0x79, 0x12, 0x18, 0x0a, 0x07, 0x68, 0x64, 0x72, 0x69, 0x6e, 0x63, 0x6c, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x08, 0x52, 0x07, 0x68, 0x64, 0x72, 0x69, 0x6e, 0x63, 0x6c, 0x12, 0x1a, 0x0a, 0x08, - 0x6e, 0x6f, 0x64, 0x65, 0x66, 0x72, 0x61, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, - 0x6e, 0x6f, 0x64, 0x65, 0x66, 0x72, 0x61, 0x67, 0x12, 0x1a, 0x0a, 0x08, 0x63, 0x68, 0x65, 0x63, - 0x6b, 0x73, 0x75, 0x6d, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x63, 0x68, 0x65, 0x63, - 0x6b, 0x73, 0x75, 0x6d, 0x12, 0x21, 0x0a, 0x0c, 0x69, 0x63, 0x6d, 0x70, 0x76, 0x5f, 0x66, 0x69, - 0x6c, 0x74, 0x65, 0x72, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0d, 0x52, 0x0b, 0x69, 0x63, 0x6d, 0x70, - 0x76, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x22, 0x56, 0x0a, 0x0d, 0x69, 0x70, 0x5f, 0x6f, 0x70, - 0x74, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x1a, 0x0a, 0x08, 0x66, 0x72, 0x65, 0x65, - 0x62, 0x69, 0x6e, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x66, 0x72, 0x65, 0x65, - 0x62, 0x69, 0x6e, 0x64, 0x12, 0x29, 0x0a, 0x03, 0x72, 0x61, 0x77, 0x18, 0x04, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x17, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x69, 0x70, 0x5f, 0x6f, 0x70, 0x74, 0x73, - 0x5f, 0x72, 0x61, 0x77, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x72, 0x61, 0x77, 0x22, - 0xcf, 0x04, 0x0a, 0x0d, 0x69, 0x6e, 0x65, 0x74, 0x5f, 0x73, 0x6b, 0x5f, 0x65, 0x6e, 0x74, 0x72, - 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, - 0x64, 0x12, 0x10, 0x0a, 0x03, 0x69, 0x6e, 0x6f, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, - 0x69, 0x6e, 0x6f, 0x12, 0x1f, 0x0a, 0x06, 0x66, 0x61, 0x6d, 0x69, 0x6c, 0x79, 0x18, 0x03, 0x20, - 0x02, 0x28, 0x0d, 0x42, 0x07, 0xd2, 0x3f, 0x04, 0x32, 0x02, 0x73, 0x6b, 0x52, 0x06, 0x66, 0x61, - 0x6d, 0x69, 0x6c, 0x79, 0x12, 0x1b, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x04, 0x20, 0x02, - 0x28, 0x0d, 0x42, 0x07, 0xd2, 0x3f, 0x04, 0x32, 0x02, 0x73, 0x6b, 0x52, 0x04, 0x74, 0x79, 0x70, - 0x65, 0x12, 0x1d, 0x0a, 0x05, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x18, 0x05, 0x20, 0x02, 0x28, 0x0d, - 0x42, 0x07, 0xd2, 0x3f, 0x04, 0x32, 0x02, 0x73, 0x6b, 0x52, 0x05, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x12, 0x1d, 0x0a, 0x05, 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x06, 0x20, 0x02, 0x28, 0x0d, 0x42, - 0x07, 0xd2, 0x3f, 0x04, 0x32, 0x02, 0x73, 0x6b, 0x52, 0x05, 0x73, 0x74, 0x61, 0x74, 0x65, 0x12, - 0x19, 0x0a, 0x08, 0x73, 0x72, 0x63, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x07, 0x20, 0x02, 0x28, - 0x0d, 0x52, 0x07, 0x73, 0x72, 0x63, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x19, 0x0a, 0x08, 0x64, 0x73, - 0x74, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x08, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x64, 0x73, - 0x74, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x1b, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x09, - 0x20, 0x02, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x05, 0x66, 0x6c, 0x61, - 0x67, 0x73, 0x12, 0x18, 0x0a, 0x07, 0x62, 0x61, 0x63, 0x6b, 0x6c, 0x6f, 0x67, 0x18, 0x0a, 0x20, - 0x02, 0x28, 0x0d, 0x52, 0x07, 0x62, 0x61, 0x63, 0x6b, 0x6c, 0x6f, 0x67, 0x12, 0x20, 0x0a, 0x08, - 0x73, 0x72, 0x63, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x18, 0x0b, 0x20, 0x03, 0x28, 0x0d, 0x42, 0x05, - 0xd2, 0x3f, 0x02, 0x10, 0x01, 0x52, 0x07, 0x73, 0x72, 0x63, 0x41, 0x64, 0x64, 0x72, 0x12, 0x20, - 0x0a, 0x08, 0x64, 0x73, 0x74, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x18, 0x0c, 0x20, 0x03, 0x28, 0x0d, - 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x10, 0x01, 0x52, 0x07, 0x64, 0x73, 0x74, 0x41, 0x64, 0x64, 0x72, - 0x12, 0x24, 0x0a, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x18, 0x0d, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x10, - 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x66, 0x6f, 0x77, 0x6e, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, - 0x52, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x12, 0x27, 0x0a, 0x04, 0x6f, 0x70, 0x74, 0x73, 0x18, 0x0e, - 0x20, 0x02, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x73, 0x6b, 0x5f, 0x6f, - 0x70, 0x74, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x6f, 0x70, 0x74, 0x73, 0x12, - 0x16, 0x0a, 0x06, 0x76, 0x36, 0x6f, 0x6e, 0x6c, 0x79, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x08, 0x52, - 0x06, 0x76, 0x36, 0x6f, 0x6e, 0x6c, 0x79, 0x12, 0x2c, 0x0a, 0x07, 0x69, 0x70, 0x5f, 0x6f, 0x70, - 0x74, 0x73, 0x18, 0x10, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, - 0x69, 0x70, 0x5f, 0x6f, 0x70, 0x74, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x06, 0x69, - 0x70, 0x4f, 0x70, 0x74, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x69, 0x66, 0x6e, 0x61, 0x6d, 0x65, 0x18, - 0x11, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x69, 0x66, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x13, 0x0a, - 0x05, 0x6e, 0x73, 0x5f, 0x69, 0x64, 0x18, 0x12, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x04, 0x6e, 0x73, - 0x49, 0x64, 0x12, 0x2d, 0x0a, 0x08, 0x73, 0x68, 0x75, 0x74, 0x64, 0x6f, 0x77, 0x6e, 0x18, 0x13, - 0x20, 0x01, 0x28, 0x0e, 0x32, 0x11, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x73, 0x6b, 0x5f, 0x73, - 0x68, 0x75, 0x74, 0x64, 0x6f, 0x77, 0x6e, 0x52, 0x08, 0x73, 0x68, 0x75, 0x74, 0x64, 0x6f, 0x77, - 0x6e, + 0x0a, 0x0d, 0x73, 0x6b, 0x2d, 0x69, 0x6e, 0x65, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, + 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x66, 0x6f, 0x77, + 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0d, 0x73, 0x6b, 0x2d, 0x6f, 0x70, 0x74, 0x73, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x88, 0x01, 0x0a, 0x11, 0x69, 0x70, 0x5f, 0x6f, 0x70, + 0x74, 0x73, 0x5f, 0x72, 0x61, 0x77, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x18, 0x0a, 0x07, + 0x68, 0x64, 0x72, 0x69, 0x6e, 0x63, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x68, + 0x64, 0x72, 0x69, 0x6e, 0x63, 0x6c, 0x12, 0x1a, 0x0a, 0x08, 0x6e, 0x6f, 0x64, 0x65, 0x66, 0x72, + 0x61, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x6e, 0x6f, 0x64, 0x65, 0x66, 0x72, + 0x61, 0x67, 0x12, 0x1a, 0x0a, 0x08, 0x63, 0x68, 0x65, 0x63, 0x6b, 0x73, 0x75, 0x6d, 0x18, 0x03, + 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x63, 0x68, 0x65, 0x63, 0x6b, 0x73, 0x75, 0x6d, 0x12, 0x21, + 0x0a, 0x0c, 0x69, 0x63, 0x6d, 0x70, 0x76, 0x5f, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x18, 0x04, + 0x20, 0x03, 0x28, 0x0d, 0x52, 0x0b, 0x69, 0x63, 0x6d, 0x70, 0x76, 0x46, 0x69, 0x6c, 0x74, 0x65, + 0x72, 0x22, 0x51, 0x0a, 0x0d, 0x69, 0x70, 0x5f, 0x6f, 0x70, 0x74, 0x73, 0x5f, 0x65, 0x6e, 0x74, + 0x72, 0x79, 0x12, 0x1a, 0x0a, 0x08, 0x66, 0x72, 0x65, 0x65, 0x62, 0x69, 0x6e, 0x64, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x66, 0x72, 0x65, 0x65, 0x62, 0x69, 0x6e, 0x64, 0x12, 0x24, + 0x0a, 0x03, 0x72, 0x61, 0x77, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x69, 0x70, + 0x5f, 0x6f, 0x70, 0x74, 0x73, 0x5f, 0x72, 0x61, 0x77, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, + 0x03, 0x72, 0x61, 0x77, 0x22, 0xbb, 0x04, 0x0a, 0x0d, 0x69, 0x6e, 0x65, 0x74, 0x5f, 0x73, 0x6b, + 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, + 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, 0x10, 0x0a, 0x03, 0x69, 0x6e, 0x6f, 0x18, 0x02, 0x20, + 0x02, 0x28, 0x0d, 0x52, 0x03, 0x69, 0x6e, 0x6f, 0x12, 0x1f, 0x0a, 0x06, 0x66, 0x61, 0x6d, 0x69, + 0x6c, 0x79, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x07, 0xd2, 0x3f, 0x04, 0x32, 0x02, 0x73, + 0x6b, 0x52, 0x06, 0x66, 0x61, 0x6d, 0x69, 0x6c, 0x79, 0x12, 0x1b, 0x0a, 0x04, 0x74, 0x79, 0x70, + 0x65, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x07, 0xd2, 0x3f, 0x04, 0x32, 0x02, 0x73, 0x6b, + 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x1d, 0x0a, 0x05, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x18, + 0x05, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x07, 0xd2, 0x3f, 0x04, 0x32, 0x02, 0x73, 0x6b, 0x52, 0x05, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x1d, 0x0a, 0x05, 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x06, + 0x20, 0x02, 0x28, 0x0d, 0x42, 0x07, 0xd2, 0x3f, 0x04, 0x32, 0x02, 0x73, 0x6b, 0x52, 0x05, 0x73, + 0x74, 0x61, 0x74, 0x65, 0x12, 0x19, 0x0a, 0x08, 0x73, 0x72, 0x63, 0x5f, 0x70, 0x6f, 0x72, 0x74, + 0x18, 0x07, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x73, 0x72, 0x63, 0x50, 0x6f, 0x72, 0x74, 0x12, + 0x19, 0x0a, 0x08, 0x64, 0x73, 0x74, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x08, 0x20, 0x02, 0x28, + 0x0d, 0x52, 0x07, 0x64, 0x73, 0x74, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x1b, 0x0a, 0x05, 0x66, 0x6c, + 0x61, 0x67, 0x73, 0x18, 0x09, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, + 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x18, 0x0a, 0x07, 0x62, 0x61, 0x63, 0x6b, 0x6c, + 0x6f, 0x67, 0x18, 0x0a, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x62, 0x61, 0x63, 0x6b, 0x6c, 0x6f, + 0x67, 0x12, 0x20, 0x0a, 0x08, 0x73, 0x72, 0x63, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x18, 0x0b, 0x20, + 0x03, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x10, 0x01, 0x52, 0x07, 0x73, 0x72, 0x63, 0x41, + 0x64, 0x64, 0x72, 0x12, 0x20, 0x0a, 0x08, 0x64, 0x73, 0x74, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x18, + 0x0c, 0x20, 0x03, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x10, 0x01, 0x52, 0x07, 0x64, 0x73, + 0x74, 0x41, 0x64, 0x64, 0x72, 0x12, 0x1f, 0x0a, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x18, 0x0d, 0x20, + 0x02, 0x28, 0x0b, 0x32, 0x0b, 0x2e, 0x66, 0x6f, 0x77, 0x6e, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, + 0x52, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x12, 0x22, 0x0a, 0x04, 0x6f, 0x70, 0x74, 0x73, 0x18, 0x0e, + 0x20, 0x02, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x73, 0x6b, 0x5f, 0x6f, 0x70, 0x74, 0x73, 0x5f, 0x65, + 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x6f, 0x70, 0x74, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x76, 0x36, + 0x6f, 0x6e, 0x6c, 0x79, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06, 0x76, 0x36, 0x6f, 0x6e, + 0x6c, 0x79, 0x12, 0x27, 0x0a, 0x07, 0x69, 0x70, 0x5f, 0x6f, 0x70, 0x74, 0x73, 0x18, 0x10, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x69, 0x70, 0x5f, 0x6f, 0x70, 0x74, 0x73, 0x5f, 0x65, 0x6e, + 0x74, 0x72, 0x79, 0x52, 0x06, 0x69, 0x70, 0x4f, 0x70, 0x74, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x69, + 0x66, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x11, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x69, 0x66, 0x6e, + 0x61, 0x6d, 0x65, 0x12, 0x13, 0x0a, 0x05, 0x6e, 0x73, 0x5f, 0x69, 0x64, 0x18, 0x12, 0x20, 0x01, + 0x28, 0x0d, 0x52, 0x04, 0x6e, 0x73, 0x49, 0x64, 0x12, 0x28, 0x0a, 0x08, 0x73, 0x68, 0x75, 0x74, + 0x64, 0x6f, 0x77, 0x6e, 0x18, 0x13, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x0c, 0x2e, 0x73, 0x6b, 0x5f, + 0x73, 0x68, 0x75, 0x74, 0x64, 0x6f, 0x77, 0x6e, 0x52, 0x08, 0x73, 0x68, 0x75, 0x74, 0x64, 0x6f, + 0x77, 0x6e, } var ( @@ -423,19 +421,19 @@ func file_sk_inet_proto_rawDescGZIP() []byte { var file_sk_inet_proto_msgTypes = make([]protoimpl.MessageInfo, 3) var file_sk_inet_proto_goTypes = []interface{}{ - (*IpOptsRawEntry)(nil), // 0: criu.ip_opts_raw_entry - (*IpOptsEntry)(nil), // 1: criu.ip_opts_entry - (*InetSkEntry)(nil), // 2: criu.inet_sk_entry - (*FownEntry)(nil), // 3: criu.fown_entry - (*SkOptsEntry)(nil), // 4: criu.sk_opts_entry - (SkShutdown)(0), // 5: criu.sk_shutdown + (*IpOptsRawEntry)(nil), // 0: ip_opts_raw_entry + (*IpOptsEntry)(nil), // 1: ip_opts_entry + (*InetSkEntry)(nil), // 2: inet_sk_entry + (*FownEntry)(nil), // 3: fown_entry + (*SkOptsEntry)(nil), // 4: sk_opts_entry + (SkShutdown)(0), // 5: sk_shutdown } var file_sk_inet_proto_depIdxs = []int32{ - 0, // 0: criu.ip_opts_entry.raw:type_name -> criu.ip_opts_raw_entry - 3, // 1: criu.inet_sk_entry.fown:type_name -> criu.fown_entry - 4, // 2: criu.inet_sk_entry.opts:type_name -> criu.sk_opts_entry - 1, // 3: criu.inet_sk_entry.ip_opts:type_name -> criu.ip_opts_entry - 5, // 4: criu.inet_sk_entry.shutdown:type_name -> criu.sk_shutdown + 0, // 0: ip_opts_entry.raw:type_name -> ip_opts_raw_entry + 3, // 1: inet_sk_entry.fown:type_name -> fown_entry + 4, // 2: inet_sk_entry.opts:type_name -> sk_opts_entry + 1, // 3: inet_sk_entry.ip_opts:type_name -> ip_opts_entry + 5, // 4: inet_sk_entry.shutdown:type_name -> sk_shutdown 5, // [5:5] is the sub-list for method output_type 5, // [5:5] is the sub-list for method input_type 5, // [5:5] is the sub-list for extension type_name diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-inet.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-inet.proto index 7a4ec478874..594e29c6622 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-inet.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-inet.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; import "opts.proto"; import "fown.proto"; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-netlink.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-netlink.pb.go index 087366fdb3b..75bac2ed0c0 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-netlink.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-netlink.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: sk-netlink.proto package images @@ -161,28 +161,27 @@ var File_sk_netlink_proto protoreflect.FileDescriptor var file_sk_netlink_proto_rawDesc = []byte{ 0x0a, 0x10, 0x73, 0x6b, 0x2d, 0x6e, 0x65, 0x74, 0x6c, 0x69, 0x6e, 0x6b, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x12, 0x04, 0x63, 0x72, 0x69, 0x75, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x66, 0x6f, 0x77, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x1a, 0x0d, 0x73, 0x6b, 0x2d, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, - 0xd3, 0x02, 0x0a, 0x10, 0x6e, 0x65, 0x74, 0x6c, 0x69, 0x6e, 0x6b, 0x5f, 0x73, 0x6b, 0x5f, 0x65, - 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, - 0x52, 0x02, 0x69, 0x64, 0x12, 0x10, 0x0a, 0x03, 0x69, 0x6e, 0x6f, 0x18, 0x02, 0x20, 0x02, 0x28, - 0x0d, 0x52, 0x03, 0x69, 0x6e, 0x6f, 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, - 0x6f, 0x6c, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, - 0x6f, 0x6c, 0x12, 0x14, 0x0a, 0x05, 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x04, 0x20, 0x02, 0x28, - 0x0d, 0x52, 0x05, 0x73, 0x74, 0x61, 0x74, 0x65, 0x12, 0x1b, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, - 0x73, 0x18, 0x06, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x05, - 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x70, 0x6f, 0x72, 0x74, 0x69, 0x64, 0x18, - 0x07, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x06, 0x70, 0x6f, 0x72, 0x74, 0x69, 0x64, 0x12, 0x16, 0x0a, - 0x06, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x18, 0x08, 0x20, 0x03, 0x28, 0x0d, 0x52, 0x06, 0x67, - 0x72, 0x6f, 0x75, 0x70, 0x73, 0x12, 0x1d, 0x0a, 0x0a, 0x64, 0x73, 0x74, 0x5f, 0x70, 0x6f, 0x72, - 0x74, 0x69, 0x64, 0x18, 0x09, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x09, 0x64, 0x73, 0x74, 0x50, 0x6f, - 0x72, 0x74, 0x69, 0x64, 0x12, 0x1b, 0x0a, 0x09, 0x64, 0x73, 0x74, 0x5f, 0x67, 0x72, 0x6f, 0x75, - 0x70, 0x18, 0x0a, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x08, 0x64, 0x73, 0x74, 0x47, 0x72, 0x6f, 0x75, - 0x70, 0x12, 0x24, 0x0a, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x18, 0x0b, 0x20, 0x02, 0x28, 0x0b, 0x32, - 0x10, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x66, 0x6f, 0x77, 0x6e, 0x5f, 0x65, 0x6e, 0x74, 0x72, - 0x79, 0x52, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x12, 0x27, 0x0a, 0x04, 0x6f, 0x70, 0x74, 0x73, 0x18, - 0x0c, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x73, 0x6b, 0x5f, + 0x74, 0x6f, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, + 0x66, 0x6f, 0x77, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0d, 0x73, 0x6b, 0x2d, 0x6f, + 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xc9, 0x02, 0x0a, 0x10, 0x6e, 0x65, + 0x74, 0x6c, 0x69, 0x6e, 0x6b, 0x5f, 0x73, 0x6b, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, + 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, 0x10, + 0x0a, 0x03, 0x69, 0x6e, 0x6f, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, 0x69, 0x6e, 0x6f, + 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x03, 0x20, 0x02, + 0x28, 0x0d, 0x52, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x14, 0x0a, 0x05, + 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x73, 0x74, 0x61, + 0x74, 0x65, 0x12, 0x1b, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x06, 0x20, 0x02, 0x28, + 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, + 0x16, 0x0a, 0x06, 0x70, 0x6f, 0x72, 0x74, 0x69, 0x64, 0x18, 0x07, 0x20, 0x02, 0x28, 0x0d, 0x52, + 0x06, 0x70, 0x6f, 0x72, 0x74, 0x69, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x67, 0x72, 0x6f, 0x75, 0x70, + 0x73, 0x18, 0x08, 0x20, 0x03, 0x28, 0x0d, 0x52, 0x06, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x12, + 0x1d, 0x0a, 0x0a, 0x64, 0x73, 0x74, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x69, 0x64, 0x18, 0x09, 0x20, + 0x02, 0x28, 0x0d, 0x52, 0x09, 0x64, 0x73, 0x74, 0x50, 0x6f, 0x72, 0x74, 0x69, 0x64, 0x12, 0x1b, + 0x0a, 0x09, 0x64, 0x73, 0x74, 0x5f, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x18, 0x0a, 0x20, 0x02, 0x28, + 0x0d, 0x52, 0x08, 0x64, 0x73, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x1f, 0x0a, 0x04, 0x66, + 0x6f, 0x77, 0x6e, 0x18, 0x0b, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x0b, 0x2e, 0x66, 0x6f, 0x77, 0x6e, + 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x12, 0x22, 0x0a, 0x04, + 0x6f, 0x70, 0x74, 0x73, 0x18, 0x0c, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x73, 0x6b, 0x5f, 0x6f, 0x70, 0x74, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x6f, 0x70, 0x74, 0x73, 0x12, 0x13, 0x0a, 0x05, 0x6e, 0x73, 0x5f, 0x69, 0x64, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x04, 0x6e, 0x73, 0x49, 0x64, @@ -202,13 +201,13 @@ func file_sk_netlink_proto_rawDescGZIP() []byte { var file_sk_netlink_proto_msgTypes = make([]protoimpl.MessageInfo, 1) var file_sk_netlink_proto_goTypes = []interface{}{ - (*NetlinkSkEntry)(nil), // 0: criu.netlink_sk_entry - (*FownEntry)(nil), // 1: criu.fown_entry - (*SkOptsEntry)(nil), // 2: criu.sk_opts_entry + (*NetlinkSkEntry)(nil), // 0: netlink_sk_entry + (*FownEntry)(nil), // 1: fown_entry + (*SkOptsEntry)(nil), // 2: sk_opts_entry } var file_sk_netlink_proto_depIdxs = []int32{ - 1, // 0: criu.netlink_sk_entry.fown:type_name -> criu.fown_entry - 2, // 1: criu.netlink_sk_entry.opts:type_name -> criu.sk_opts_entry + 1, // 0: netlink_sk_entry.fown:type_name -> fown_entry + 2, // 1: netlink_sk_entry.opts:type_name -> sk_opts_entry 2, // [2:2] is the sub-list for method output_type 2, // [2:2] is the sub-list for method input_type 2, // [2:2] is the sub-list for extension type_name diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-netlink.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-netlink.proto index e6ffd624b9d..cfcc88daad4 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-netlink.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-netlink.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; import "opts.proto"; import "fown.proto"; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-opts.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-opts.pb.go index 7fa40d38a99..137603412af 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-opts.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-opts.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: sk-opts.proto package images @@ -326,64 +326,64 @@ func (x *SkOptsEntry) GetSoBufLock() uint32 { var File_sk_opts_proto protoreflect.FileDescriptor var file_sk_opts_proto_rawDesc = []byte{ - 0x0a, 0x0d, 0x73, 0x6b, 0x2d, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, - 0x04, 0x63, 0x72, 0x69, 0x75, 0x22, 0xce, 0x06, 0x0a, 0x0d, 0x73, 0x6b, 0x5f, 0x6f, 0x70, 0x74, - 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x1b, 0x0a, 0x09, 0x73, 0x6f, 0x5f, 0x73, 0x6e, - 0x64, 0x62, 0x75, 0x66, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x08, 0x73, 0x6f, 0x53, 0x6e, - 0x64, 0x62, 0x75, 0x66, 0x12, 0x1b, 0x0a, 0x09, 0x73, 0x6f, 0x5f, 0x72, 0x63, 0x76, 0x62, 0x75, - 0x66, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x08, 0x73, 0x6f, 0x52, 0x63, 0x76, 0x62, 0x75, - 0x66, 0x12, 0x23, 0x0a, 0x0e, 0x73, 0x6f, 0x5f, 0x73, 0x6e, 0x64, 0x5f, 0x74, 0x6d, 0x6f, 0x5f, - 0x73, 0x65, 0x63, 0x18, 0x03, 0x20, 0x02, 0x28, 0x04, 0x52, 0x0b, 0x73, 0x6f, 0x53, 0x6e, 0x64, - 0x54, 0x6d, 0x6f, 0x53, 0x65, 0x63, 0x12, 0x25, 0x0a, 0x0f, 0x73, 0x6f, 0x5f, 0x73, 0x6e, 0x64, - 0x5f, 0x74, 0x6d, 0x6f, 0x5f, 0x75, 0x73, 0x65, 0x63, 0x18, 0x04, 0x20, 0x02, 0x28, 0x04, 0x52, - 0x0c, 0x73, 0x6f, 0x53, 0x6e, 0x64, 0x54, 0x6d, 0x6f, 0x55, 0x73, 0x65, 0x63, 0x12, 0x23, 0x0a, - 0x0e, 0x73, 0x6f, 0x5f, 0x72, 0x63, 0x76, 0x5f, 0x74, 0x6d, 0x6f, 0x5f, 0x73, 0x65, 0x63, 0x18, - 0x05, 0x20, 0x02, 0x28, 0x04, 0x52, 0x0b, 0x73, 0x6f, 0x52, 0x63, 0x76, 0x54, 0x6d, 0x6f, 0x53, - 0x65, 0x63, 0x12, 0x25, 0x0a, 0x0f, 0x73, 0x6f, 0x5f, 0x72, 0x63, 0x76, 0x5f, 0x74, 0x6d, 0x6f, - 0x5f, 0x75, 0x73, 0x65, 0x63, 0x18, 0x06, 0x20, 0x02, 0x28, 0x04, 0x52, 0x0c, 0x73, 0x6f, 0x52, - 0x63, 0x76, 0x54, 0x6d, 0x6f, 0x55, 0x73, 0x65, 0x63, 0x12, 0x1c, 0x0a, 0x09, 0x72, 0x65, 0x75, - 0x73, 0x65, 0x61, 0x64, 0x64, 0x72, 0x18, 0x07, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x72, 0x65, - 0x75, 0x73, 0x65, 0x61, 0x64, 0x64, 0x72, 0x12, 0x1f, 0x0a, 0x0b, 0x73, 0x6f, 0x5f, 0x70, 0x72, - 0x69, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0a, 0x73, 0x6f, - 0x50, 0x72, 0x69, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x1f, 0x0a, 0x0b, 0x73, 0x6f, 0x5f, 0x72, - 0x63, 0x76, 0x6c, 0x6f, 0x77, 0x61, 0x74, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0a, 0x73, - 0x6f, 0x52, 0x63, 0x76, 0x6c, 0x6f, 0x77, 0x61, 0x74, 0x12, 0x17, 0x0a, 0x07, 0x73, 0x6f, 0x5f, - 0x6d, 0x61, 0x72, 0x6b, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x06, 0x73, 0x6f, 0x4d, 0x61, - 0x72, 0x6b, 0x12, 0x1f, 0x0a, 0x0b, 0x73, 0x6f, 0x5f, 0x70, 0x61, 0x73, 0x73, 0x63, 0x72, 0x65, - 0x64, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x73, 0x6f, 0x50, 0x61, 0x73, 0x73, 0x63, - 0x72, 0x65, 0x64, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x6f, 0x5f, 0x70, 0x61, 0x73, 0x73, 0x73, 0x65, - 0x63, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x73, 0x6f, 0x50, 0x61, 0x73, 0x73, 0x73, - 0x65, 0x63, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x6f, 0x5f, 0x64, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x75, - 0x74, 0x65, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0b, 0x73, 0x6f, 0x44, 0x6f, 0x6e, 0x74, - 0x72, 0x6f, 0x75, 0x74, 0x65, 0x12, 0x1e, 0x0a, 0x0b, 0x73, 0x6f, 0x5f, 0x6e, 0x6f, 0x5f, 0x63, - 0x68, 0x65, 0x63, 0x6b, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x73, 0x6f, 0x4e, 0x6f, - 0x43, 0x68, 0x65, 0x63, 0x6b, 0x12, 0x20, 0x0a, 0x0c, 0x73, 0x6f, 0x5f, 0x62, 0x6f, 0x75, 0x6e, - 0x64, 0x5f, 0x64, 0x65, 0x76, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x73, 0x6f, 0x42, - 0x6f, 0x75, 0x6e, 0x64, 0x44, 0x65, 0x76, 0x12, 0x1b, 0x0a, 0x09, 0x73, 0x6f, 0x5f, 0x66, 0x69, - 0x6c, 0x74, 0x65, 0x72, 0x18, 0x10, 0x20, 0x03, 0x28, 0x06, 0x52, 0x08, 0x73, 0x6f, 0x46, 0x69, - 0x6c, 0x74, 0x65, 0x72, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x6f, 0x5f, 0x72, 0x65, 0x75, 0x73, 0x65, - 0x70, 0x6f, 0x72, 0x74, 0x18, 0x11, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0b, 0x73, 0x6f, 0x52, 0x65, - 0x75, 0x73, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x6f, 0x5f, 0x62, 0x72, - 0x6f, 0x61, 0x64, 0x63, 0x61, 0x73, 0x74, 0x18, 0x12, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0b, 0x73, - 0x6f, 0x42, 0x72, 0x6f, 0x61, 0x64, 0x63, 0x61, 0x73, 0x74, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x6f, - 0x5f, 0x6b, 0x65, 0x65, 0x70, 0x61, 0x6c, 0x69, 0x76, 0x65, 0x18, 0x13, 0x20, 0x01, 0x28, 0x08, - 0x52, 0x0b, 0x73, 0x6f, 0x4b, 0x65, 0x65, 0x70, 0x61, 0x6c, 0x69, 0x76, 0x65, 0x12, 0x1f, 0x0a, - 0x0b, 0x74, 0x63, 0x70, 0x5f, 0x6b, 0x65, 0x65, 0x70, 0x63, 0x6e, 0x74, 0x18, 0x14, 0x20, 0x01, - 0x28, 0x0d, 0x52, 0x0a, 0x74, 0x63, 0x70, 0x4b, 0x65, 0x65, 0x70, 0x63, 0x6e, 0x74, 0x12, 0x21, - 0x0a, 0x0c, 0x74, 0x63, 0x70, 0x5f, 0x6b, 0x65, 0x65, 0x70, 0x69, 0x64, 0x6c, 0x65, 0x18, 0x15, - 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0b, 0x74, 0x63, 0x70, 0x4b, 0x65, 0x65, 0x70, 0x69, 0x64, 0x6c, - 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x74, 0x63, 0x70, 0x5f, 0x6b, 0x65, 0x65, 0x70, 0x69, 0x6e, 0x74, - 0x76, 0x6c, 0x18, 0x16, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0c, 0x74, 0x63, 0x70, 0x4b, 0x65, 0x65, - 0x70, 0x69, 0x6e, 0x74, 0x76, 0x6c, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x6f, 0x5f, 0x6f, 0x6f, 0x62, - 0x69, 0x6e, 0x6c, 0x69, 0x6e, 0x65, 0x18, 0x17, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0b, 0x73, 0x6f, - 0x4f, 0x6f, 0x62, 0x69, 0x6e, 0x6c, 0x69, 0x6e, 0x65, 0x12, 0x1b, 0x0a, 0x09, 0x73, 0x6f, 0x5f, - 0x6c, 0x69, 0x6e, 0x67, 0x65, 0x72, 0x18, 0x18, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x08, 0x73, 0x6f, - 0x4c, 0x69, 0x6e, 0x67, 0x65, 0x72, 0x12, 0x1e, 0x0a, 0x0b, 0x73, 0x6f, 0x5f, 0x62, 0x75, 0x66, - 0x5f, 0x6c, 0x6f, 0x63, 0x6b, 0x18, 0x19, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x09, 0x73, 0x6f, 0x42, - 0x75, 0x66, 0x4c, 0x6f, 0x63, 0x6b, 0x2a, 0x36, 0x0a, 0x0b, 0x73, 0x6b, 0x5f, 0x73, 0x68, 0x75, - 0x74, 0x64, 0x6f, 0x77, 0x6e, 0x12, 0x08, 0x0a, 0x04, 0x4e, 0x4f, 0x4e, 0x45, 0x10, 0x00, 0x12, - 0x08, 0x0a, 0x04, 0x52, 0x45, 0x41, 0x44, 0x10, 0x01, 0x12, 0x09, 0x0a, 0x05, 0x57, 0x52, 0x49, - 0x54, 0x45, 0x10, 0x02, 0x12, 0x08, 0x0a, 0x04, 0x42, 0x4f, 0x54, 0x48, 0x10, 0x03, + 0x0a, 0x0d, 0x73, 0x6b, 0x2d, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, + 0xce, 0x06, 0x0a, 0x0d, 0x73, 0x6b, 0x5f, 0x6f, 0x70, 0x74, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, + 0x79, 0x12, 0x1b, 0x0a, 0x09, 0x73, 0x6f, 0x5f, 0x73, 0x6e, 0x64, 0x62, 0x75, 0x66, 0x18, 0x01, + 0x20, 0x02, 0x28, 0x0d, 0x52, 0x08, 0x73, 0x6f, 0x53, 0x6e, 0x64, 0x62, 0x75, 0x66, 0x12, 0x1b, + 0x0a, 0x09, 0x73, 0x6f, 0x5f, 0x72, 0x63, 0x76, 0x62, 0x75, 0x66, 0x18, 0x02, 0x20, 0x02, 0x28, + 0x0d, 0x52, 0x08, 0x73, 0x6f, 0x52, 0x63, 0x76, 0x62, 0x75, 0x66, 0x12, 0x23, 0x0a, 0x0e, 0x73, + 0x6f, 0x5f, 0x73, 0x6e, 0x64, 0x5f, 0x74, 0x6d, 0x6f, 0x5f, 0x73, 0x65, 0x63, 0x18, 0x03, 0x20, + 0x02, 0x28, 0x04, 0x52, 0x0b, 0x73, 0x6f, 0x53, 0x6e, 0x64, 0x54, 0x6d, 0x6f, 0x53, 0x65, 0x63, + 0x12, 0x25, 0x0a, 0x0f, 0x73, 0x6f, 0x5f, 0x73, 0x6e, 0x64, 0x5f, 0x74, 0x6d, 0x6f, 0x5f, 0x75, + 0x73, 0x65, 0x63, 0x18, 0x04, 0x20, 0x02, 0x28, 0x04, 0x52, 0x0c, 0x73, 0x6f, 0x53, 0x6e, 0x64, + 0x54, 0x6d, 0x6f, 0x55, 0x73, 0x65, 0x63, 0x12, 0x23, 0x0a, 0x0e, 0x73, 0x6f, 0x5f, 0x72, 0x63, + 0x76, 0x5f, 0x74, 0x6d, 0x6f, 0x5f, 0x73, 0x65, 0x63, 0x18, 0x05, 0x20, 0x02, 0x28, 0x04, 0x52, + 0x0b, 0x73, 0x6f, 0x52, 0x63, 0x76, 0x54, 0x6d, 0x6f, 0x53, 0x65, 0x63, 0x12, 0x25, 0x0a, 0x0f, + 0x73, 0x6f, 0x5f, 0x72, 0x63, 0x76, 0x5f, 0x74, 0x6d, 0x6f, 0x5f, 0x75, 0x73, 0x65, 0x63, 0x18, + 0x06, 0x20, 0x02, 0x28, 0x04, 0x52, 0x0c, 0x73, 0x6f, 0x52, 0x63, 0x76, 0x54, 0x6d, 0x6f, 0x55, + 0x73, 0x65, 0x63, 0x12, 0x1c, 0x0a, 0x09, 0x72, 0x65, 0x75, 0x73, 0x65, 0x61, 0x64, 0x64, 0x72, + 0x18, 0x07, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x72, 0x65, 0x75, 0x73, 0x65, 0x61, 0x64, 0x64, + 0x72, 0x12, 0x1f, 0x0a, 0x0b, 0x73, 0x6f, 0x5f, 0x70, 0x72, 0x69, 0x6f, 0x72, 0x69, 0x74, 0x79, + 0x18, 0x08, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0a, 0x73, 0x6f, 0x50, 0x72, 0x69, 0x6f, 0x72, 0x69, + 0x74, 0x79, 0x12, 0x1f, 0x0a, 0x0b, 0x73, 0x6f, 0x5f, 0x72, 0x63, 0x76, 0x6c, 0x6f, 0x77, 0x61, + 0x74, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0a, 0x73, 0x6f, 0x52, 0x63, 0x76, 0x6c, 0x6f, + 0x77, 0x61, 0x74, 0x12, 0x17, 0x0a, 0x07, 0x73, 0x6f, 0x5f, 0x6d, 0x61, 0x72, 0x6b, 0x18, 0x0a, + 0x20, 0x01, 0x28, 0x0d, 0x52, 0x06, 0x73, 0x6f, 0x4d, 0x61, 0x72, 0x6b, 0x12, 0x1f, 0x0a, 0x0b, + 0x73, 0x6f, 0x5f, 0x70, 0x61, 0x73, 0x73, 0x63, 0x72, 0x65, 0x64, 0x18, 0x0b, 0x20, 0x01, 0x28, + 0x08, 0x52, 0x0a, 0x73, 0x6f, 0x50, 0x61, 0x73, 0x73, 0x63, 0x72, 0x65, 0x64, 0x12, 0x1d, 0x0a, + 0x0a, 0x73, 0x6f, 0x5f, 0x70, 0x61, 0x73, 0x73, 0x73, 0x65, 0x63, 0x18, 0x0c, 0x20, 0x01, 0x28, + 0x08, 0x52, 0x09, 0x73, 0x6f, 0x50, 0x61, 0x73, 0x73, 0x73, 0x65, 0x63, 0x12, 0x21, 0x0a, 0x0c, + 0x73, 0x6f, 0x5f, 0x64, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x18, 0x0d, 0x20, 0x01, + 0x28, 0x08, 0x52, 0x0b, 0x73, 0x6f, 0x44, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x12, + 0x1e, 0x0a, 0x0b, 0x73, 0x6f, 0x5f, 0x6e, 0x6f, 0x5f, 0x63, 0x68, 0x65, 0x63, 0x6b, 0x18, 0x0e, + 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x73, 0x6f, 0x4e, 0x6f, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x12, + 0x20, 0x0a, 0x0c, 0x73, 0x6f, 0x5f, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x64, 0x65, 0x76, 0x18, + 0x0f, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x73, 0x6f, 0x42, 0x6f, 0x75, 0x6e, 0x64, 0x44, 0x65, + 0x76, 0x12, 0x1b, 0x0a, 0x09, 0x73, 0x6f, 0x5f, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x18, 0x10, + 0x20, 0x03, 0x28, 0x06, 0x52, 0x08, 0x73, 0x6f, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x12, 0x21, + 0x0a, 0x0c, 0x73, 0x6f, 0x5f, 0x72, 0x65, 0x75, 0x73, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x11, + 0x20, 0x01, 0x28, 0x08, 0x52, 0x0b, 0x73, 0x6f, 0x52, 0x65, 0x75, 0x73, 0x65, 0x70, 0x6f, 0x72, + 0x74, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x6f, 0x5f, 0x62, 0x72, 0x6f, 0x61, 0x64, 0x63, 0x61, 0x73, + 0x74, 0x18, 0x12, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0b, 0x73, 0x6f, 0x42, 0x72, 0x6f, 0x61, 0x64, + 0x63, 0x61, 0x73, 0x74, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x6f, 0x5f, 0x6b, 0x65, 0x65, 0x70, 0x61, + 0x6c, 0x69, 0x76, 0x65, 0x18, 0x13, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0b, 0x73, 0x6f, 0x4b, 0x65, + 0x65, 0x70, 0x61, 0x6c, 0x69, 0x76, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x74, 0x63, 0x70, 0x5f, 0x6b, + 0x65, 0x65, 0x70, 0x63, 0x6e, 0x74, 0x18, 0x14, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0a, 0x74, 0x63, + 0x70, 0x4b, 0x65, 0x65, 0x70, 0x63, 0x6e, 0x74, 0x12, 0x21, 0x0a, 0x0c, 0x74, 0x63, 0x70, 0x5f, + 0x6b, 0x65, 0x65, 0x70, 0x69, 0x64, 0x6c, 0x65, 0x18, 0x15, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0b, + 0x74, 0x63, 0x70, 0x4b, 0x65, 0x65, 0x70, 0x69, 0x64, 0x6c, 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x74, + 0x63, 0x70, 0x5f, 0x6b, 0x65, 0x65, 0x70, 0x69, 0x6e, 0x74, 0x76, 0x6c, 0x18, 0x16, 0x20, 0x01, + 0x28, 0x0d, 0x52, 0x0c, 0x74, 0x63, 0x70, 0x4b, 0x65, 0x65, 0x70, 0x69, 0x6e, 0x74, 0x76, 0x6c, + 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x6f, 0x5f, 0x6f, 0x6f, 0x62, 0x69, 0x6e, 0x6c, 0x69, 0x6e, 0x65, + 0x18, 0x17, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0b, 0x73, 0x6f, 0x4f, 0x6f, 0x62, 0x69, 0x6e, 0x6c, + 0x69, 0x6e, 0x65, 0x12, 0x1b, 0x0a, 0x09, 0x73, 0x6f, 0x5f, 0x6c, 0x69, 0x6e, 0x67, 0x65, 0x72, + 0x18, 0x18, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x08, 0x73, 0x6f, 0x4c, 0x69, 0x6e, 0x67, 0x65, 0x72, + 0x12, 0x1e, 0x0a, 0x0b, 0x73, 0x6f, 0x5f, 0x62, 0x75, 0x66, 0x5f, 0x6c, 0x6f, 0x63, 0x6b, 0x18, + 0x19, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x09, 0x73, 0x6f, 0x42, 0x75, 0x66, 0x4c, 0x6f, 0x63, 0x6b, + 0x2a, 0x36, 0x0a, 0x0b, 0x73, 0x6b, 0x5f, 0x73, 0x68, 0x75, 0x74, 0x64, 0x6f, 0x77, 0x6e, 0x12, + 0x08, 0x0a, 0x04, 0x4e, 0x4f, 0x4e, 0x45, 0x10, 0x00, 0x12, 0x08, 0x0a, 0x04, 0x52, 0x45, 0x41, + 0x44, 0x10, 0x01, 0x12, 0x09, 0x0a, 0x05, 0x57, 0x52, 0x49, 0x54, 0x45, 0x10, 0x02, 0x12, 0x08, + 0x0a, 0x04, 0x42, 0x4f, 0x54, 0x48, 0x10, 0x03, } var ( @@ -401,8 +401,8 @@ func file_sk_opts_proto_rawDescGZIP() []byte { var file_sk_opts_proto_enumTypes = make([]protoimpl.EnumInfo, 1) var file_sk_opts_proto_msgTypes = make([]protoimpl.MessageInfo, 1) var file_sk_opts_proto_goTypes = []interface{}{ - (SkShutdown)(0), // 0: criu.sk_shutdown - (*SkOptsEntry)(nil), // 1: criu.sk_opts_entry + (SkShutdown)(0), // 0: sk_shutdown + (*SkOptsEntry)(nil), // 1: sk_opts_entry } var file_sk_opts_proto_depIdxs = []int32{ 0, // [0:0] is the sub-list for method output_type diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-opts.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-opts.proto index 97035744146..1d24d47cc7c 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-opts.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-opts.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; message sk_opts_entry { required uint32 so_sndbuf = 1; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-packet.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-packet.pb.go index f38656a8b27..9dd7176dedd 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-packet.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-packet.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: sk-packet.proto package images @@ -146,17 +146,16 @@ var File_sk_packet_proto protoreflect.FileDescriptor var file_sk_packet_proto_rawDesc = []byte{ 0x0a, 0x0f, 0x73, 0x6b, 0x2d, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x12, 0x04, 0x63, 0x72, 0x69, 0x75, 0x22, 0x37, 0x0a, 0x09, 0x73, 0x63, 0x6d, 0x5f, 0x65, - 0x6e, 0x74, 0x72, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x02, - 0x28, 0x0d, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x72, 0x69, 0x67, 0x68, - 0x74, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0d, 0x52, 0x06, 0x72, 0x69, 0x67, 0x68, 0x74, 0x73, - 0x22, 0x63, 0x0a, 0x0f, 0x73, 0x6b, 0x5f, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x5f, 0x65, 0x6e, - 0x74, 0x72, 0x79, 0x12, 0x15, 0x0a, 0x06, 0x69, 0x64, 0x5f, 0x66, 0x6f, 0x72, 0x18, 0x01, 0x20, - 0x02, 0x28, 0x0d, 0x52, 0x05, 0x69, 0x64, 0x46, 0x6f, 0x72, 0x12, 0x16, 0x0a, 0x06, 0x6c, 0x65, - 0x6e, 0x67, 0x74, 0x68, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x06, 0x6c, 0x65, 0x6e, 0x67, - 0x74, 0x68, 0x12, 0x21, 0x0a, 0x03, 0x73, 0x63, 0x6d, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, - 0x0f, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x73, 0x63, 0x6d, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, - 0x52, 0x03, 0x73, 0x63, 0x6d, + 0x6f, 0x22, 0x37, 0x0a, 0x09, 0x73, 0x63, 0x6d, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x12, + 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x74, 0x79, + 0x70, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x72, 0x69, 0x67, 0x68, 0x74, 0x73, 0x18, 0x02, 0x20, 0x03, + 0x28, 0x0d, 0x52, 0x06, 0x72, 0x69, 0x67, 0x68, 0x74, 0x73, 0x22, 0x5e, 0x0a, 0x0f, 0x73, 0x6b, + 0x5f, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x15, 0x0a, + 0x06, 0x69, 0x64, 0x5f, 0x66, 0x6f, 0x72, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x69, + 0x64, 0x46, 0x6f, 0x72, 0x12, 0x16, 0x0a, 0x06, 0x6c, 0x65, 0x6e, 0x67, 0x74, 0x68, 0x18, 0x02, + 0x20, 0x02, 0x28, 0x0d, 0x52, 0x06, 0x6c, 0x65, 0x6e, 0x67, 0x74, 0x68, 0x12, 0x1c, 0x0a, 0x03, + 0x73, 0x63, 0x6d, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0a, 0x2e, 0x73, 0x63, 0x6d, 0x5f, + 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x73, 0x63, 0x6d, } var ( @@ -173,11 +172,11 @@ func file_sk_packet_proto_rawDescGZIP() []byte { var file_sk_packet_proto_msgTypes = make([]protoimpl.MessageInfo, 2) var file_sk_packet_proto_goTypes = []interface{}{ - (*ScmEntry)(nil), // 0: criu.scm_entry - (*SkPacketEntry)(nil), // 1: criu.sk_packet_entry + (*ScmEntry)(nil), // 0: scm_entry + (*SkPacketEntry)(nil), // 1: sk_packet_entry } var file_sk_packet_proto_depIdxs = []int32{ - 0, // 0: criu.sk_packet_entry.scm:type_name -> criu.scm_entry + 0, // 0: sk_packet_entry.scm:type_name -> scm_entry 1, // [1:1] is the sub-list for method output_type 1, // [1:1] is the sub-list for method input_type 1, // [1:1] is the sub-list for extension type_name diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-packet.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-packet.proto index 131f2dad13c..b60a8870a7e 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-packet.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-packet.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; message scm_entry { required uint32 type = 1; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-unix.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-unix.pb.go index b9436e9d33e..068b7648f5d 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-unix.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-unix.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: sk-unix.proto package images @@ -112,7 +112,7 @@ type UnixSkEntry struct { // Abstract name may contain \0 at any point, // so we need to carry it as byte sequence... Name []byte `protobuf:"bytes,11,req,name=name" json:"name,omitempty"` - Shutdown *SkShutdown `protobuf:"varint,12,opt,name=shutdown,enum=criu.SkShutdown" json:"shutdown,omitempty"` + Shutdown *SkShutdown `protobuf:"varint,12,opt,name=shutdown,enum=SkShutdown" json:"shutdown,omitempty"` FilePerms *FilePermsEntry `protobuf:"bytes,13,opt,name=file_perms,json=filePerms" json:"file_perms,omitempty"` // Relative socket name may have prefix. NameDir *string `protobuf:"bytes,14,opt,name=name_dir,json=nameDir" json:"name_dir,omitempty"` @@ -280,48 +280,47 @@ func (x *UnixSkEntry) GetMntId() int32 { var File_sk_unix_proto protoreflect.FileDescriptor var file_sk_unix_proto_rawDesc = []byte{ - 0x0a, 0x0d, 0x73, 0x6b, 0x2d, 0x75, 0x6e, 0x69, 0x78, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, - 0x04, 0x63, 0x72, 0x69, 0x75, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x1a, 0x0a, 0x66, 0x6f, 0x77, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0d, 0x73, - 0x6b, 0x2d, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x4a, 0x0a, 0x10, - 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x70, 0x65, 0x72, 0x6d, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, - 0x12, 0x12, 0x0a, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, - 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x69, 0x64, 0x18, 0x02, 0x20, 0x02, 0x28, - 0x0d, 0x52, 0x03, 0x75, 0x69, 0x64, 0x12, 0x10, 0x0a, 0x03, 0x67, 0x69, 0x64, 0x18, 0x03, 0x20, - 0x02, 0x28, 0x0d, 0x52, 0x03, 0x67, 0x69, 0x64, 0x22, 0x95, 0x04, 0x0a, 0x0d, 0x75, 0x6e, 0x69, - 0x78, 0x5f, 0x73, 0x6b, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, - 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, 0x10, 0x0a, 0x03, 0x69, 0x6e, - 0x6f, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, 0x69, 0x6e, 0x6f, 0x12, 0x1b, 0x0a, 0x04, - 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x07, 0xd2, 0x3f, 0x04, 0x32, - 0x02, 0x73, 0x6b, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x1d, 0x0a, 0x05, 0x73, 0x74, 0x61, - 0x74, 0x65, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x07, 0xd2, 0x3f, 0x04, 0x32, 0x02, 0x73, - 0x6b, 0x52, 0x05, 0x73, 0x74, 0x61, 0x74, 0x65, 0x12, 0x1b, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, - 0x73, 0x18, 0x05, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x05, - 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x1d, 0x0a, 0x06, 0x75, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, - 0x06, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x06, 0x75, 0x66, - 0x6c, 0x61, 0x67, 0x73, 0x12, 0x18, 0x0a, 0x07, 0x62, 0x61, 0x63, 0x6b, 0x6c, 0x6f, 0x67, 0x18, - 0x07, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x62, 0x61, 0x63, 0x6b, 0x6c, 0x6f, 0x67, 0x12, 0x12, - 0x0a, 0x04, 0x70, 0x65, 0x65, 0x72, 0x18, 0x08, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x70, 0x65, - 0x65, 0x72, 0x12, 0x24, 0x0a, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x18, 0x09, 0x20, 0x02, 0x28, 0x0b, - 0x32, 0x10, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x66, 0x6f, 0x77, 0x6e, 0x5f, 0x65, 0x6e, 0x74, - 0x72, 0x79, 0x52, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x12, 0x27, 0x0a, 0x04, 0x6f, 0x70, 0x74, 0x73, - 0x18, 0x0a, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x73, 0x6b, + 0x0a, 0x0d, 0x73, 0x6b, 0x2d, 0x75, 0x6e, 0x69, 0x78, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, + 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x66, 0x6f, 0x77, + 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0d, 0x73, 0x6b, 0x2d, 0x6f, 0x70, 0x74, 0x73, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x4a, 0x0a, 0x10, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x70, + 0x65, 0x72, 0x6d, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x6d, 0x6f, + 0x64, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x10, + 0x0a, 0x03, 0x75, 0x69, 0x64, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, 0x75, 0x69, 0x64, + 0x12, 0x10, 0x0a, 0x03, 0x67, 0x69, 0x64, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, 0x67, + 0x69, 0x64, 0x22, 0x81, 0x04, 0x0a, 0x0d, 0x75, 0x6e, 0x69, 0x78, 0x5f, 0x73, 0x6b, 0x5f, 0x65, + 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, + 0x52, 0x02, 0x69, 0x64, 0x12, 0x10, 0x0a, 0x03, 0x69, 0x6e, 0x6f, 0x18, 0x02, 0x20, 0x02, 0x28, + 0x0d, 0x52, 0x03, 0x69, 0x6e, 0x6f, 0x12, 0x1b, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, + 0x20, 0x02, 0x28, 0x0d, 0x42, 0x07, 0xd2, 0x3f, 0x04, 0x32, 0x02, 0x73, 0x6b, 0x52, 0x04, 0x74, + 0x79, 0x70, 0x65, 0x12, 0x1d, 0x0a, 0x05, 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x04, 0x20, 0x02, + 0x28, 0x0d, 0x42, 0x07, 0xd2, 0x3f, 0x04, 0x32, 0x02, 0x73, 0x6b, 0x52, 0x05, 0x73, 0x74, 0x61, + 0x74, 0x65, 0x12, 0x1b, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x05, 0x20, 0x02, 0x28, + 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, + 0x1d, 0x0a, 0x06, 0x75, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x06, 0x20, 0x02, 0x28, 0x0d, 0x42, + 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x06, 0x75, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x18, + 0x0a, 0x07, 0x62, 0x61, 0x63, 0x6b, 0x6c, 0x6f, 0x67, 0x18, 0x07, 0x20, 0x02, 0x28, 0x0d, 0x52, + 0x07, 0x62, 0x61, 0x63, 0x6b, 0x6c, 0x6f, 0x67, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x65, 0x65, 0x72, + 0x18, 0x08, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x70, 0x65, 0x65, 0x72, 0x12, 0x1f, 0x0a, 0x04, + 0x66, 0x6f, 0x77, 0x6e, 0x18, 0x09, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x0b, 0x2e, 0x66, 0x6f, 0x77, + 0x6e, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x12, 0x22, 0x0a, + 0x04, 0x6f, 0x70, 0x74, 0x73, 0x18, 0x0a, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x73, 0x6b, 0x5f, 0x6f, 0x70, 0x74, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x6f, 0x70, 0x74, 0x73, 0x12, 0x22, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x0b, 0x20, 0x02, 0x28, 0x0c, 0x42, 0x0e, 0xd2, 0x3f, 0x0b, 0x3a, 0x09, 0x75, 0x6e, 0x69, 0x78, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x52, - 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x2d, 0x0a, 0x08, 0x73, 0x68, 0x75, 0x74, 0x64, 0x6f, 0x77, - 0x6e, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x11, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x73, - 0x6b, 0x5f, 0x73, 0x68, 0x75, 0x74, 0x64, 0x6f, 0x77, 0x6e, 0x52, 0x08, 0x73, 0x68, 0x75, 0x74, - 0x64, 0x6f, 0x77, 0x6e, 0x12, 0x35, 0x0a, 0x0a, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x70, 0x65, 0x72, - 0x6d, 0x73, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, - 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x70, 0x65, 0x72, 0x6d, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, - 0x52, 0x09, 0x66, 0x69, 0x6c, 0x65, 0x50, 0x65, 0x72, 0x6d, 0x73, 0x12, 0x19, 0x0a, 0x08, 0x6e, - 0x61, 0x6d, 0x65, 0x5f, 0x64, 0x69, 0x72, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x6e, - 0x61, 0x6d, 0x65, 0x44, 0x69, 0x72, 0x12, 0x18, 0x0a, 0x07, 0x64, 0x65, 0x6c, 0x65, 0x74, 0x65, - 0x64, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x64, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x64, - 0x12, 0x13, 0x0a, 0x05, 0x6e, 0x73, 0x5f, 0x69, 0x64, 0x18, 0x10, 0x20, 0x01, 0x28, 0x0d, 0x52, - 0x04, 0x6e, 0x73, 0x49, 0x64, 0x12, 0x19, 0x0a, 0x06, 0x6d, 0x6e, 0x74, 0x5f, 0x69, 0x64, 0x18, - 0x11, 0x20, 0x01, 0x28, 0x11, 0x3a, 0x02, 0x2d, 0x31, 0x52, 0x05, 0x6d, 0x6e, 0x74, 0x49, 0x64, + 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x28, 0x0a, 0x08, 0x73, 0x68, 0x75, 0x74, 0x64, 0x6f, 0x77, + 0x6e, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x0c, 0x2e, 0x73, 0x6b, 0x5f, 0x73, 0x68, 0x75, + 0x74, 0x64, 0x6f, 0x77, 0x6e, 0x52, 0x08, 0x73, 0x68, 0x75, 0x74, 0x64, 0x6f, 0x77, 0x6e, 0x12, + 0x30, 0x0a, 0x0a, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x70, 0x65, 0x72, 0x6d, 0x73, 0x18, 0x0d, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x70, 0x65, 0x72, 0x6d, 0x73, + 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x09, 0x66, 0x69, 0x6c, 0x65, 0x50, 0x65, 0x72, 0x6d, + 0x73, 0x12, 0x19, 0x0a, 0x08, 0x6e, 0x61, 0x6d, 0x65, 0x5f, 0x64, 0x69, 0x72, 0x18, 0x0e, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x07, 0x6e, 0x61, 0x6d, 0x65, 0x44, 0x69, 0x72, 0x12, 0x18, 0x0a, 0x07, + 0x64, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x64, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x64, + 0x65, 0x6c, 0x65, 0x74, 0x65, 0x64, 0x12, 0x13, 0x0a, 0x05, 0x6e, 0x73, 0x5f, 0x69, 0x64, 0x18, + 0x10, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x04, 0x6e, 0x73, 0x49, 0x64, 0x12, 0x19, 0x0a, 0x06, 0x6d, + 0x6e, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x11, 0x20, 0x01, 0x28, 0x11, 0x3a, 0x02, 0x2d, 0x31, 0x52, + 0x05, 0x6d, 0x6e, 0x74, 0x49, 0x64, } var ( @@ -338,17 +337,17 @@ func file_sk_unix_proto_rawDescGZIP() []byte { var file_sk_unix_proto_msgTypes = make([]protoimpl.MessageInfo, 2) var file_sk_unix_proto_goTypes = []interface{}{ - (*FilePermsEntry)(nil), // 0: criu.file_perms_entry - (*UnixSkEntry)(nil), // 1: criu.unix_sk_entry - (*FownEntry)(nil), // 2: criu.fown_entry - (*SkOptsEntry)(nil), // 3: criu.sk_opts_entry - (SkShutdown)(0), // 4: criu.sk_shutdown + (*FilePermsEntry)(nil), // 0: file_perms_entry + (*UnixSkEntry)(nil), // 1: unix_sk_entry + (*FownEntry)(nil), // 2: fown_entry + (*SkOptsEntry)(nil), // 3: sk_opts_entry + (SkShutdown)(0), // 4: sk_shutdown } var file_sk_unix_proto_depIdxs = []int32{ - 2, // 0: criu.unix_sk_entry.fown:type_name -> criu.fown_entry - 3, // 1: criu.unix_sk_entry.opts:type_name -> criu.sk_opts_entry - 4, // 2: criu.unix_sk_entry.shutdown:type_name -> criu.sk_shutdown - 0, // 3: criu.unix_sk_entry.file_perms:type_name -> criu.file_perms_entry + 2, // 0: unix_sk_entry.fown:type_name -> fown_entry + 3, // 1: unix_sk_entry.opts:type_name -> sk_opts_entry + 4, // 2: unix_sk_entry.shutdown:type_name -> sk_shutdown + 0, // 3: unix_sk_entry.file_perms:type_name -> file_perms_entry 4, // [4:4] is the sub-list for method output_type 4, // [4:4] is the sub-list for method input_type 4, // [4:4] is the sub-list for extension type_name diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-unix.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-unix.proto index f40875aeb95..8ddbccde00e 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-unix.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-unix.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; import "opts.proto"; import "fown.proto"; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/stats.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/stats.pb.go index f7ae72fdaf1..c5a9c9d5abc 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/stats.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/stats.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: stats.proto package images @@ -311,61 +311,60 @@ func (x *StatsEntry) GetRestore() *RestoreStatsEntry { var File_stats_proto protoreflect.FileDescriptor var file_stats_proto_rawDesc = []byte{ - 0x0a, 0x0b, 0x73, 0x74, 0x61, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x63, - 0x72, 0x69, 0x75, 0x22, 0xad, 0x04, 0x0a, 0x10, 0x64, 0x75, 0x6d, 0x70, 0x5f, 0x73, 0x74, 0x61, - 0x74, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x23, 0x0a, 0x0d, 0x66, 0x72, 0x65, 0x65, - 0x7a, 0x69, 0x6e, 0x67, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, - 0x0c, 0x66, 0x72, 0x65, 0x65, 0x7a, 0x69, 0x6e, 0x67, 0x54, 0x69, 0x6d, 0x65, 0x12, 0x1f, 0x0a, - 0x0b, 0x66, 0x72, 0x6f, 0x7a, 0x65, 0x6e, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x02, - 0x28, 0x0d, 0x52, 0x0a, 0x66, 0x72, 0x6f, 0x7a, 0x65, 0x6e, 0x54, 0x69, 0x6d, 0x65, 0x12, 0x21, - 0x0a, 0x0c, 0x6d, 0x65, 0x6d, 0x64, 0x75, 0x6d, 0x70, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x03, - 0x20, 0x02, 0x28, 0x0d, 0x52, 0x0b, 0x6d, 0x65, 0x6d, 0x64, 0x75, 0x6d, 0x70, 0x54, 0x69, 0x6d, - 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x6d, 0x65, 0x6d, 0x77, 0x72, 0x69, 0x74, 0x65, 0x5f, 0x74, 0x69, - 0x6d, 0x65, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x0c, 0x6d, 0x65, 0x6d, 0x77, 0x72, 0x69, - 0x74, 0x65, 0x54, 0x69, 0x6d, 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x70, 0x61, 0x67, 0x65, 0x73, 0x5f, - 0x73, 0x63, 0x61, 0x6e, 0x6e, 0x65, 0x64, 0x18, 0x05, 0x20, 0x02, 0x28, 0x04, 0x52, 0x0c, 0x70, - 0x61, 0x67, 0x65, 0x73, 0x53, 0x63, 0x61, 0x6e, 0x6e, 0x65, 0x64, 0x12, 0x30, 0x0a, 0x14, 0x70, - 0x61, 0x67, 0x65, 0x73, 0x5f, 0x73, 0x6b, 0x69, 0x70, 0x70, 0x65, 0x64, 0x5f, 0x70, 0x61, 0x72, - 0x65, 0x6e, 0x74, 0x18, 0x06, 0x20, 0x02, 0x28, 0x04, 0x52, 0x12, 0x70, 0x61, 0x67, 0x65, 0x73, - 0x53, 0x6b, 0x69, 0x70, 0x70, 0x65, 0x64, 0x50, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x12, 0x23, 0x0a, - 0x0d, 0x70, 0x61, 0x67, 0x65, 0x73, 0x5f, 0x77, 0x72, 0x69, 0x74, 0x74, 0x65, 0x6e, 0x18, 0x07, - 0x20, 0x02, 0x28, 0x04, 0x52, 0x0c, 0x70, 0x61, 0x67, 0x65, 0x73, 0x57, 0x72, 0x69, 0x74, 0x74, - 0x65, 0x6e, 0x12, 0x23, 0x0a, 0x0d, 0x69, 0x72, 0x6d, 0x61, 0x70, 0x5f, 0x72, 0x65, 0x73, 0x6f, - 0x6c, 0x76, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0c, 0x69, 0x72, 0x6d, 0x61, 0x70, - 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x70, 0x61, 0x67, 0x65, 0x73, - 0x5f, 0x6c, 0x61, 0x7a, 0x79, 0x18, 0x09, 0x20, 0x02, 0x28, 0x04, 0x52, 0x09, 0x70, 0x61, 0x67, - 0x65, 0x73, 0x4c, 0x61, 0x7a, 0x79, 0x12, 0x1d, 0x0a, 0x0a, 0x70, 0x61, 0x67, 0x65, 0x5f, 0x70, - 0x69, 0x70, 0x65, 0x73, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x04, 0x52, 0x09, 0x70, 0x61, 0x67, 0x65, - 0x50, 0x69, 0x70, 0x65, 0x73, 0x12, 0x24, 0x0a, 0x0e, 0x70, 0x61, 0x67, 0x65, 0x5f, 0x70, 0x69, - 0x70, 0x65, 0x5f, 0x62, 0x75, 0x66, 0x73, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0c, 0x70, - 0x61, 0x67, 0x65, 0x50, 0x69, 0x70, 0x65, 0x42, 0x75, 0x66, 0x73, 0x12, 0x27, 0x0a, 0x0f, 0x73, - 0x68, 0x70, 0x61, 0x67, 0x65, 0x73, 0x5f, 0x73, 0x63, 0x61, 0x6e, 0x6e, 0x65, 0x64, 0x18, 0x0c, - 0x20, 0x01, 0x28, 0x04, 0x52, 0x0e, 0x73, 0x68, 0x70, 0x61, 0x67, 0x65, 0x73, 0x53, 0x63, 0x61, - 0x6e, 0x6e, 0x65, 0x64, 0x12, 0x34, 0x0a, 0x16, 0x73, 0x68, 0x70, 0x61, 0x67, 0x65, 0x73, 0x5f, - 0x73, 0x6b, 0x69, 0x70, 0x70, 0x65, 0x64, 0x5f, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x18, 0x0d, - 0x20, 0x01, 0x28, 0x04, 0x52, 0x14, 0x73, 0x68, 0x70, 0x61, 0x67, 0x65, 0x73, 0x53, 0x6b, 0x69, - 0x70, 0x70, 0x65, 0x64, 0x50, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x12, 0x27, 0x0a, 0x0f, 0x73, 0x68, - 0x70, 0x61, 0x67, 0x65, 0x73, 0x5f, 0x77, 0x72, 0x69, 0x74, 0x74, 0x65, 0x6e, 0x18, 0x0e, 0x20, - 0x01, 0x28, 0x04, 0x52, 0x0e, 0x73, 0x68, 0x70, 0x61, 0x67, 0x65, 0x73, 0x57, 0x72, 0x69, 0x74, - 0x74, 0x65, 0x6e, 0x22, 0xd5, 0x01, 0x0a, 0x13, 0x72, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x5f, - 0x73, 0x74, 0x61, 0x74, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x25, 0x0a, 0x0e, 0x70, - 0x61, 0x67, 0x65, 0x73, 0x5f, 0x63, 0x6f, 0x6d, 0x70, 0x61, 0x72, 0x65, 0x64, 0x18, 0x01, 0x20, - 0x02, 0x28, 0x04, 0x52, 0x0d, 0x70, 0x61, 0x67, 0x65, 0x73, 0x43, 0x6f, 0x6d, 0x70, 0x61, 0x72, - 0x65, 0x64, 0x12, 0x2a, 0x0a, 0x11, 0x70, 0x61, 0x67, 0x65, 0x73, 0x5f, 0x73, 0x6b, 0x69, 0x70, - 0x70, 0x65, 0x64, 0x5f, 0x63, 0x6f, 0x77, 0x18, 0x02, 0x20, 0x02, 0x28, 0x04, 0x52, 0x0f, 0x70, - 0x61, 0x67, 0x65, 0x73, 0x53, 0x6b, 0x69, 0x70, 0x70, 0x65, 0x64, 0x43, 0x6f, 0x77, 0x12, 0x21, - 0x0a, 0x0c, 0x66, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x03, - 0x20, 0x02, 0x28, 0x0d, 0x52, 0x0b, 0x66, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x54, 0x69, 0x6d, - 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x72, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x5f, 0x74, 0x69, 0x6d, - 0x65, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x0b, 0x72, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, - 0x54, 0x69, 0x6d, 0x65, 0x12, 0x25, 0x0a, 0x0e, 0x70, 0x61, 0x67, 0x65, 0x73, 0x5f, 0x72, 0x65, - 0x73, 0x74, 0x6f, 0x72, 0x65, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0d, 0x70, 0x61, - 0x67, 0x65, 0x73, 0x52, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x64, 0x22, 0x6e, 0x0a, 0x0b, 0x73, - 0x74, 0x61, 0x74, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x2a, 0x0a, 0x04, 0x64, 0x75, - 0x6d, 0x70, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, - 0x64, 0x75, 0x6d, 0x70, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, - 0x52, 0x04, 0x64, 0x75, 0x6d, 0x70, 0x12, 0x33, 0x0a, 0x07, 0x72, 0x65, 0x73, 0x74, 0x6f, 0x72, - 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x72, + 0x0a, 0x0b, 0x73, 0x74, 0x61, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xad, 0x04, + 0x0a, 0x10, 0x64, 0x75, 0x6d, 0x70, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x73, 0x5f, 0x65, 0x6e, 0x74, + 0x72, 0x79, 0x12, 0x23, 0x0a, 0x0d, 0x66, 0x72, 0x65, 0x65, 0x7a, 0x69, 0x6e, 0x67, 0x5f, 0x74, + 0x69, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x0c, 0x66, 0x72, 0x65, 0x65, 0x7a, + 0x69, 0x6e, 0x67, 0x54, 0x69, 0x6d, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x66, 0x72, 0x6f, 0x7a, 0x65, + 0x6e, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x0a, 0x66, 0x72, + 0x6f, 0x7a, 0x65, 0x6e, 0x54, 0x69, 0x6d, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x6d, 0x65, 0x6d, 0x64, + 0x75, 0x6d, 0x70, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x0b, + 0x6d, 0x65, 0x6d, 0x64, 0x75, 0x6d, 0x70, 0x54, 0x69, 0x6d, 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x6d, + 0x65, 0x6d, 0x77, 0x72, 0x69, 0x74, 0x65, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x04, 0x20, 0x02, + 0x28, 0x0d, 0x52, 0x0c, 0x6d, 0x65, 0x6d, 0x77, 0x72, 0x69, 0x74, 0x65, 0x54, 0x69, 0x6d, 0x65, + 0x12, 0x23, 0x0a, 0x0d, 0x70, 0x61, 0x67, 0x65, 0x73, 0x5f, 0x73, 0x63, 0x61, 0x6e, 0x6e, 0x65, + 0x64, 0x18, 0x05, 0x20, 0x02, 0x28, 0x04, 0x52, 0x0c, 0x70, 0x61, 0x67, 0x65, 0x73, 0x53, 0x63, + 0x61, 0x6e, 0x6e, 0x65, 0x64, 0x12, 0x30, 0x0a, 0x14, 0x70, 0x61, 0x67, 0x65, 0x73, 0x5f, 0x73, + 0x6b, 0x69, 0x70, 0x70, 0x65, 0x64, 0x5f, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x18, 0x06, 0x20, + 0x02, 0x28, 0x04, 0x52, 0x12, 0x70, 0x61, 0x67, 0x65, 0x73, 0x53, 0x6b, 0x69, 0x70, 0x70, 0x65, + 0x64, 0x50, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x12, 0x23, 0x0a, 0x0d, 0x70, 0x61, 0x67, 0x65, 0x73, + 0x5f, 0x77, 0x72, 0x69, 0x74, 0x74, 0x65, 0x6e, 0x18, 0x07, 0x20, 0x02, 0x28, 0x04, 0x52, 0x0c, + 0x70, 0x61, 0x67, 0x65, 0x73, 0x57, 0x72, 0x69, 0x74, 0x74, 0x65, 0x6e, 0x12, 0x23, 0x0a, 0x0d, + 0x69, 0x72, 0x6d, 0x61, 0x70, 0x5f, 0x72, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x18, 0x08, 0x20, + 0x01, 0x28, 0x0d, 0x52, 0x0c, 0x69, 0x72, 0x6d, 0x61, 0x70, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, + 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x70, 0x61, 0x67, 0x65, 0x73, 0x5f, 0x6c, 0x61, 0x7a, 0x79, 0x18, + 0x09, 0x20, 0x02, 0x28, 0x04, 0x52, 0x09, 0x70, 0x61, 0x67, 0x65, 0x73, 0x4c, 0x61, 0x7a, 0x79, + 0x12, 0x1d, 0x0a, 0x0a, 0x70, 0x61, 0x67, 0x65, 0x5f, 0x70, 0x69, 0x70, 0x65, 0x73, 0x18, 0x0a, + 0x20, 0x01, 0x28, 0x04, 0x52, 0x09, 0x70, 0x61, 0x67, 0x65, 0x50, 0x69, 0x70, 0x65, 0x73, 0x12, + 0x24, 0x0a, 0x0e, 0x70, 0x61, 0x67, 0x65, 0x5f, 0x70, 0x69, 0x70, 0x65, 0x5f, 0x62, 0x75, 0x66, + 0x73, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0c, 0x70, 0x61, 0x67, 0x65, 0x50, 0x69, 0x70, + 0x65, 0x42, 0x75, 0x66, 0x73, 0x12, 0x27, 0x0a, 0x0f, 0x73, 0x68, 0x70, 0x61, 0x67, 0x65, 0x73, + 0x5f, 0x73, 0x63, 0x61, 0x6e, 0x6e, 0x65, 0x64, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0e, + 0x73, 0x68, 0x70, 0x61, 0x67, 0x65, 0x73, 0x53, 0x63, 0x61, 0x6e, 0x6e, 0x65, 0x64, 0x12, 0x34, + 0x0a, 0x16, 0x73, 0x68, 0x70, 0x61, 0x67, 0x65, 0x73, 0x5f, 0x73, 0x6b, 0x69, 0x70, 0x70, 0x65, + 0x64, 0x5f, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x04, 0x52, 0x14, + 0x73, 0x68, 0x70, 0x61, 0x67, 0x65, 0x73, 0x53, 0x6b, 0x69, 0x70, 0x70, 0x65, 0x64, 0x50, 0x61, + 0x72, 0x65, 0x6e, 0x74, 0x12, 0x27, 0x0a, 0x0f, 0x73, 0x68, 0x70, 0x61, 0x67, 0x65, 0x73, 0x5f, + 0x77, 0x72, 0x69, 0x74, 0x74, 0x65, 0x6e, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0e, 0x73, + 0x68, 0x70, 0x61, 0x67, 0x65, 0x73, 0x57, 0x72, 0x69, 0x74, 0x74, 0x65, 0x6e, 0x22, 0xd5, 0x01, + 0x0a, 0x13, 0x72, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x73, 0x5f, + 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x25, 0x0a, 0x0e, 0x70, 0x61, 0x67, 0x65, 0x73, 0x5f, 0x63, + 0x6f, 0x6d, 0x70, 0x61, 0x72, 0x65, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x52, 0x0d, 0x70, + 0x61, 0x67, 0x65, 0x73, 0x43, 0x6f, 0x6d, 0x70, 0x61, 0x72, 0x65, 0x64, 0x12, 0x2a, 0x0a, 0x11, + 0x70, 0x61, 0x67, 0x65, 0x73, 0x5f, 0x73, 0x6b, 0x69, 0x70, 0x70, 0x65, 0x64, 0x5f, 0x63, 0x6f, + 0x77, 0x18, 0x02, 0x20, 0x02, 0x28, 0x04, 0x52, 0x0f, 0x70, 0x61, 0x67, 0x65, 0x73, 0x53, 0x6b, + 0x69, 0x70, 0x70, 0x65, 0x64, 0x43, 0x6f, 0x77, 0x12, 0x21, 0x0a, 0x0c, 0x66, 0x6f, 0x72, 0x6b, + 0x69, 0x6e, 0x67, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x0b, + 0x66, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x54, 0x69, 0x6d, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x72, + 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x04, 0x20, 0x02, 0x28, + 0x0d, 0x52, 0x0b, 0x72, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x54, 0x69, 0x6d, 0x65, 0x12, 0x25, + 0x0a, 0x0e, 0x70, 0x61, 0x67, 0x65, 0x73, 0x5f, 0x72, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x64, + 0x18, 0x05, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0d, 0x70, 0x61, 0x67, 0x65, 0x73, 0x52, 0x65, 0x73, + 0x74, 0x6f, 0x72, 0x65, 0x64, 0x22, 0x64, 0x0a, 0x0b, 0x73, 0x74, 0x61, 0x74, 0x73, 0x5f, 0x65, + 0x6e, 0x74, 0x72, 0x79, 0x12, 0x25, 0x0a, 0x04, 0x64, 0x75, 0x6d, 0x70, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x64, 0x75, 0x6d, 0x70, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x73, 0x5f, + 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x64, 0x75, 0x6d, 0x70, 0x12, 0x2e, 0x0a, 0x07, 0x72, + 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x72, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x72, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, } @@ -384,13 +383,13 @@ func file_stats_proto_rawDescGZIP() []byte { var file_stats_proto_msgTypes = make([]protoimpl.MessageInfo, 3) var file_stats_proto_goTypes = []interface{}{ - (*DumpStatsEntry)(nil), // 0: criu.dump_stats_entry - (*RestoreStatsEntry)(nil), // 1: criu.restore_stats_entry - (*StatsEntry)(nil), // 2: criu.stats_entry + (*DumpStatsEntry)(nil), // 0: dump_stats_entry + (*RestoreStatsEntry)(nil), // 1: restore_stats_entry + (*StatsEntry)(nil), // 2: stats_entry } var file_stats_proto_depIdxs = []int32{ - 0, // 0: criu.stats_entry.dump:type_name -> criu.dump_stats_entry - 1, // 1: criu.stats_entry.restore:type_name -> criu.restore_stats_entry + 0, // 0: stats_entry.dump:type_name -> dump_stats_entry + 1, // 1: stats_entry.restore:type_name -> restore_stats_entry 2, // [2:2] is the sub-list for method output_type 2, // [2:2] is the sub-list for method input_type 2, // [2:2] is the sub-list for extension type_name diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/stats.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/stats.proto index f71316c9fc4..64e46181dad 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/stats.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/stats.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; // This one contains statistics about dump/restore process message dump_stats_entry { diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sysctl.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sysctl.pb.go index a89b92a12f4..ec4819c4f6c 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sysctl.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sysctl.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: sysctl.proto package images @@ -83,7 +83,7 @@ type SysctlEntry struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Type *SysctlType `protobuf:"varint,1,req,name=type,enum=criu.SysctlType" json:"type,omitempty"` + Type *SysctlType `protobuf:"varint,1,req,name=type,enum=SysctlType" json:"type,omitempty"` Iarg *int32 `protobuf:"varint,2,opt,name=iarg" json:"iarg,omitempty"` Sarg *string `protobuf:"bytes,3,opt,name=sarg" json:"sarg,omitempty"` } @@ -144,16 +144,15 @@ func (x *SysctlEntry) GetSarg() string { var File_sysctl_proto protoreflect.FileDescriptor var file_sysctl_proto_rawDesc = []byte{ - 0x0a, 0x0c, 0x73, 0x79, 0x73, 0x63, 0x74, 0x6c, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, - 0x63, 0x72, 0x69, 0x75, 0x22, 0x5c, 0x0a, 0x0c, 0x73, 0x79, 0x73, 0x63, 0x74, 0x6c, 0x5f, 0x65, - 0x6e, 0x74, 0x72, 0x79, 0x12, 0x24, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x02, - 0x28, 0x0e, 0x32, 0x10, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x53, 0x79, 0x73, 0x63, 0x74, 0x6c, - 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x69, 0x61, - 0x72, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x04, 0x69, 0x61, 0x72, 0x67, 0x12, 0x12, - 0x0a, 0x04, 0x73, 0x61, 0x72, 0x67, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x73, 0x61, - 0x72, 0x67, 0x2a, 0x25, 0x0a, 0x0a, 0x53, 0x79, 0x73, 0x63, 0x74, 0x6c, 0x54, 0x79, 0x70, 0x65, - 0x12, 0x0b, 0x0a, 0x07, 0x43, 0x54, 0x4c, 0x5f, 0x53, 0x54, 0x52, 0x10, 0x05, 0x12, 0x0a, 0x0a, - 0x06, 0x43, 0x54, 0x4c, 0x5f, 0x33, 0x32, 0x10, 0x06, + 0x0a, 0x0c, 0x73, 0x79, 0x73, 0x63, 0x74, 0x6c, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x57, + 0x0a, 0x0c, 0x73, 0x79, 0x73, 0x63, 0x74, 0x6c, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x1f, + 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0e, 0x32, 0x0b, 0x2e, 0x53, + 0x79, 0x73, 0x63, 0x74, 0x6c, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, + 0x12, 0x0a, 0x04, 0x69, 0x61, 0x72, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x04, 0x69, + 0x61, 0x72, 0x67, 0x12, 0x12, 0x0a, 0x04, 0x73, 0x61, 0x72, 0x67, 0x18, 0x03, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x04, 0x73, 0x61, 0x72, 0x67, 0x2a, 0x25, 0x0a, 0x0a, 0x53, 0x79, 0x73, 0x63, 0x74, + 0x6c, 0x54, 0x79, 0x70, 0x65, 0x12, 0x0b, 0x0a, 0x07, 0x43, 0x54, 0x4c, 0x5f, 0x53, 0x54, 0x52, + 0x10, 0x05, 0x12, 0x0a, 0x0a, 0x06, 0x43, 0x54, 0x4c, 0x5f, 0x33, 0x32, 0x10, 0x06, } var ( @@ -171,11 +170,11 @@ func file_sysctl_proto_rawDescGZIP() []byte { var file_sysctl_proto_enumTypes = make([]protoimpl.EnumInfo, 1) var file_sysctl_proto_msgTypes = make([]protoimpl.MessageInfo, 1) var file_sysctl_proto_goTypes = []interface{}{ - (SysctlType)(0), // 0: criu.SysctlType - (*SysctlEntry)(nil), // 1: criu.sysctl_entry + (SysctlType)(0), // 0: SysctlType + (*SysctlEntry)(nil), // 1: sysctl_entry } var file_sysctl_proto_depIdxs = []int32{ - 0, // 0: criu.sysctl_entry.type:type_name -> criu.SysctlType + 0, // 0: sysctl_entry.type:type_name -> SysctlType 1, // [1:1] is the sub-list for method output_type 1, // [1:1] is the sub-list for method input_type 1, // [1:1] is the sub-list for extension type_name diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sysctl.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sysctl.proto index ee4bb760866..0922b87ab00 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sysctl.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sysctl.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; enum SysctlType { CTL_STR = 5; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tcp-stream.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tcp-stream.pb.go index d69c1ea4c5b..3e173d1c4be 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tcp-stream.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tcp-stream.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: tcp-stream.proto package images @@ -201,38 +201,38 @@ var File_tcp_stream_proto protoreflect.FileDescriptor var file_tcp_stream_proto_rawDesc = []byte{ 0x0a, 0x10, 0x74, 0x63, 0x70, 0x2d, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x12, 0x04, 0x63, 0x72, 0x69, 0x75, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xe1, 0x03, 0x0a, 0x10, 0x74, 0x63, 0x70, 0x5f, 0x73, 0x74, 0x72, - 0x65, 0x61, 0x6d, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x17, 0x0a, 0x07, 0x69, 0x6e, 0x71, - 0x5f, 0x6c, 0x65, 0x6e, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x06, 0x69, 0x6e, 0x71, 0x4c, - 0x65, 0x6e, 0x12, 0x17, 0x0a, 0x07, 0x69, 0x6e, 0x71, 0x5f, 0x73, 0x65, 0x71, 0x18, 0x02, 0x20, - 0x02, 0x28, 0x0d, 0x52, 0x06, 0x69, 0x6e, 0x71, 0x53, 0x65, 0x71, 0x12, 0x19, 0x0a, 0x08, 0x6f, - 0x75, 0x74, 0x71, 0x5f, 0x6c, 0x65, 0x6e, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x6f, - 0x75, 0x74, 0x71, 0x4c, 0x65, 0x6e, 0x12, 0x19, 0x0a, 0x08, 0x6f, 0x75, 0x74, 0x71, 0x5f, 0x73, - 0x65, 0x71, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x6f, 0x75, 0x74, 0x71, 0x53, 0x65, - 0x71, 0x12, 0x20, 0x0a, 0x08, 0x6f, 0x70, 0x74, 0x5f, 0x6d, 0x61, 0x73, 0x6b, 0x18, 0x05, 0x20, - 0x02, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x4d, - 0x61, 0x73, 0x6b, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x6e, 0x64, 0x5f, 0x77, 0x73, 0x63, 0x61, 0x6c, - 0x65, 0x18, 0x06, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x09, 0x73, 0x6e, 0x64, 0x57, 0x73, 0x63, 0x61, - 0x6c, 0x65, 0x12, 0x1b, 0x0a, 0x09, 0x6d, 0x73, 0x73, 0x5f, 0x63, 0x6c, 0x61, 0x6d, 0x70, 0x18, - 0x07, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x08, 0x6d, 0x73, 0x73, 0x43, 0x6c, 0x61, 0x6d, 0x70, 0x12, - 0x1d, 0x0a, 0x0a, 0x72, 0x63, 0x76, 0x5f, 0x77, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x18, 0x08, 0x20, - 0x01, 0x28, 0x0d, 0x52, 0x09, 0x72, 0x63, 0x76, 0x57, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x12, 0x1c, - 0x0a, 0x09, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x18, 0x09, 0x20, 0x01, 0x28, - 0x0d, 0x52, 0x09, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x12, 0x12, 0x0a, 0x04, - 0x63, 0x6f, 0x72, 0x6b, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x08, 0x52, 0x04, 0x63, 0x6f, 0x72, 0x6b, - 0x12, 0x18, 0x0a, 0x07, 0x6e, 0x6f, 0x64, 0x65, 0x6c, 0x61, 0x79, 0x18, 0x0b, 0x20, 0x01, 0x28, - 0x08, 0x52, 0x07, 0x6e, 0x6f, 0x64, 0x65, 0x6c, 0x61, 0x79, 0x12, 0x19, 0x0a, 0x08, 0x75, 0x6e, - 0x73, 0x71, 0x5f, 0x6c, 0x65, 0x6e, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x07, 0x75, 0x6e, - 0x73, 0x71, 0x4c, 0x65, 0x6e, 0x12, 0x17, 0x0a, 0x07, 0x73, 0x6e, 0x64, 0x5f, 0x77, 0x6c, 0x31, - 0x18, 0x0d, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x06, 0x73, 0x6e, 0x64, 0x57, 0x6c, 0x31, 0x12, 0x17, - 0x0a, 0x07, 0x73, 0x6e, 0x64, 0x5f, 0x77, 0x6e, 0x64, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x0d, 0x52, - 0x06, 0x73, 0x6e, 0x64, 0x57, 0x6e, 0x64, 0x12, 0x1d, 0x0a, 0x0a, 0x6d, 0x61, 0x78, 0x5f, 0x77, - 0x69, 0x6e, 0x64, 0x6f, 0x77, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x09, 0x6d, 0x61, 0x78, - 0x57, 0x69, 0x6e, 0x64, 0x6f, 0x77, 0x12, 0x17, 0x0a, 0x07, 0x72, 0x63, 0x76, 0x5f, 0x77, 0x6e, - 0x64, 0x18, 0x10, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x06, 0x72, 0x63, 0x76, 0x57, 0x6e, 0x64, 0x12, - 0x17, 0x0a, 0x07, 0x72, 0x63, 0x76, 0x5f, 0x77, 0x75, 0x70, 0x18, 0x11, 0x20, 0x01, 0x28, 0x0d, - 0x52, 0x06, 0x72, 0x63, 0x76, 0x57, 0x75, 0x70, + 0x74, 0x6f, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xe1, + 0x03, 0x0a, 0x10, 0x74, 0x63, 0x70, 0x5f, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x5f, 0x65, 0x6e, + 0x74, 0x72, 0x79, 0x12, 0x17, 0x0a, 0x07, 0x69, 0x6e, 0x71, 0x5f, 0x6c, 0x65, 0x6e, 0x18, 0x01, + 0x20, 0x02, 0x28, 0x0d, 0x52, 0x06, 0x69, 0x6e, 0x71, 0x4c, 0x65, 0x6e, 0x12, 0x17, 0x0a, 0x07, + 0x69, 0x6e, 0x71, 0x5f, 0x73, 0x65, 0x71, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x06, 0x69, + 0x6e, 0x71, 0x53, 0x65, 0x71, 0x12, 0x19, 0x0a, 0x08, 0x6f, 0x75, 0x74, 0x71, 0x5f, 0x6c, 0x65, + 0x6e, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x6f, 0x75, 0x74, 0x71, 0x4c, 0x65, 0x6e, + 0x12, 0x19, 0x0a, 0x08, 0x6f, 0x75, 0x74, 0x71, 0x5f, 0x73, 0x65, 0x71, 0x18, 0x04, 0x20, 0x02, + 0x28, 0x0d, 0x52, 0x07, 0x6f, 0x75, 0x74, 0x71, 0x53, 0x65, 0x71, 0x12, 0x20, 0x0a, 0x08, 0x6f, + 0x70, 0x74, 0x5f, 0x6d, 0x61, 0x73, 0x6b, 0x18, 0x05, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x05, 0xd2, + 0x3f, 0x02, 0x08, 0x01, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x4d, 0x61, 0x73, 0x6b, 0x12, 0x1d, 0x0a, + 0x0a, 0x73, 0x6e, 0x64, 0x5f, 0x77, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x18, 0x06, 0x20, 0x02, 0x28, + 0x0d, 0x52, 0x09, 0x73, 0x6e, 0x64, 0x57, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x12, 0x1b, 0x0a, 0x09, + 0x6d, 0x73, 0x73, 0x5f, 0x63, 0x6c, 0x61, 0x6d, 0x70, 0x18, 0x07, 0x20, 0x02, 0x28, 0x0d, 0x52, + 0x08, 0x6d, 0x73, 0x73, 0x43, 0x6c, 0x61, 0x6d, 0x70, 0x12, 0x1d, 0x0a, 0x0a, 0x72, 0x63, 0x76, + 0x5f, 0x77, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x09, 0x72, + 0x63, 0x76, 0x57, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x74, 0x69, 0x6d, 0x65, + 0x73, 0x74, 0x61, 0x6d, 0x70, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x09, 0x74, 0x69, 0x6d, + 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x12, 0x12, 0x0a, 0x04, 0x63, 0x6f, 0x72, 0x6b, 0x18, 0x0a, + 0x20, 0x01, 0x28, 0x08, 0x52, 0x04, 0x63, 0x6f, 0x72, 0x6b, 0x12, 0x18, 0x0a, 0x07, 0x6e, 0x6f, + 0x64, 0x65, 0x6c, 0x61, 0x79, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x6e, 0x6f, 0x64, + 0x65, 0x6c, 0x61, 0x79, 0x12, 0x19, 0x0a, 0x08, 0x75, 0x6e, 0x73, 0x71, 0x5f, 0x6c, 0x65, 0x6e, + 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x07, 0x75, 0x6e, 0x73, 0x71, 0x4c, 0x65, 0x6e, 0x12, + 0x17, 0x0a, 0x07, 0x73, 0x6e, 0x64, 0x5f, 0x77, 0x6c, 0x31, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x0d, + 0x52, 0x06, 0x73, 0x6e, 0x64, 0x57, 0x6c, 0x31, 0x12, 0x17, 0x0a, 0x07, 0x73, 0x6e, 0x64, 0x5f, + 0x77, 0x6e, 0x64, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x06, 0x73, 0x6e, 0x64, 0x57, 0x6e, + 0x64, 0x12, 0x1d, 0x0a, 0x0a, 0x6d, 0x61, 0x78, 0x5f, 0x77, 0x69, 0x6e, 0x64, 0x6f, 0x77, 0x18, + 0x0f, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x09, 0x6d, 0x61, 0x78, 0x57, 0x69, 0x6e, 0x64, 0x6f, 0x77, + 0x12, 0x17, 0x0a, 0x07, 0x72, 0x63, 0x76, 0x5f, 0x77, 0x6e, 0x64, 0x18, 0x10, 0x20, 0x01, 0x28, + 0x0d, 0x52, 0x06, 0x72, 0x63, 0x76, 0x57, 0x6e, 0x64, 0x12, 0x17, 0x0a, 0x07, 0x72, 0x63, 0x76, + 0x5f, 0x77, 0x75, 0x70, 0x18, 0x11, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x06, 0x72, 0x63, 0x76, 0x57, + 0x75, 0x70, } var ( @@ -249,7 +249,7 @@ func file_tcp_stream_proto_rawDescGZIP() []byte { var file_tcp_stream_proto_msgTypes = make([]protoimpl.MessageInfo, 1) var file_tcp_stream_proto_goTypes = []interface{}{ - (*TcpStreamEntry)(nil), // 0: criu.tcp_stream_entry + (*TcpStreamEntry)(nil), // 0: tcp_stream_entry } var file_tcp_stream_proto_depIdxs = []int32{ 0, // [0:0] is the sub-list for method output_type diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tcp-stream.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tcp-stream.proto index d91970147db..c2244ba3bfa 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tcp-stream.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tcp-stream.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; import "opts.proto"; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/time.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/time.pb.go index 24f6fee3821..a3bdfc0c27d 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/time.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/time.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: time.proto package images @@ -80,11 +80,11 @@ func (x *Timeval) GetTvUsec() uint64 { var File_time_proto protoreflect.FileDescriptor var file_time_proto_rawDesc = []byte{ - 0x0a, 0x0a, 0x74, 0x69, 0x6d, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x63, 0x72, - 0x69, 0x75, 0x22, 0x39, 0x0a, 0x07, 0x74, 0x69, 0x6d, 0x65, 0x76, 0x61, 0x6c, 0x12, 0x15, 0x0a, - 0x06, 0x74, 0x76, 0x5f, 0x73, 0x65, 0x63, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x52, 0x05, 0x74, - 0x76, 0x53, 0x65, 0x63, 0x12, 0x17, 0x0a, 0x07, 0x74, 0x76, 0x5f, 0x75, 0x73, 0x65, 0x63, 0x18, - 0x02, 0x20, 0x02, 0x28, 0x04, 0x52, 0x06, 0x74, 0x76, 0x55, 0x73, 0x65, 0x63, + 0x0a, 0x0a, 0x74, 0x69, 0x6d, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x39, 0x0a, 0x07, + 0x74, 0x69, 0x6d, 0x65, 0x76, 0x61, 0x6c, 0x12, 0x15, 0x0a, 0x06, 0x74, 0x76, 0x5f, 0x73, 0x65, + 0x63, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x52, 0x05, 0x74, 0x76, 0x53, 0x65, 0x63, 0x12, 0x17, + 0x0a, 0x07, 0x74, 0x76, 0x5f, 0x75, 0x73, 0x65, 0x63, 0x18, 0x02, 0x20, 0x02, 0x28, 0x04, 0x52, + 0x06, 0x74, 0x76, 0x55, 0x73, 0x65, 0x63, } var ( @@ -101,7 +101,7 @@ func file_time_proto_rawDescGZIP() []byte { var file_time_proto_msgTypes = make([]protoimpl.MessageInfo, 1) var file_time_proto_goTypes = []interface{}{ - (*Timeval)(nil), // 0: criu.timeval + (*Timeval)(nil), // 0: timeval } var file_time_proto_depIdxs = []int32{ 0, // [0:0] is the sub-list for method output_type diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/time.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/time.proto index 56ccdecb9c6..5e5e7eee47c 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/time.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/time.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; message timeval { required uint64 tv_sec = 1; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timens.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timens.pb.go index 726d9c25f97..f8b629c1d86 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timens.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timens.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: timens.proto package images @@ -135,17 +135,16 @@ func (x *TimensEntry) GetBoottime() *Timespec { var File_timens_proto protoreflect.FileDescriptor var file_timens_proto_rawDesc = []byte{ - 0x0a, 0x0c, 0x74, 0x69, 0x6d, 0x65, 0x6e, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, - 0x63, 0x72, 0x69, 0x75, 0x22, 0x3a, 0x0a, 0x08, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x70, 0x65, 0x63, - 0x12, 0x15, 0x0a, 0x06, 0x74, 0x76, 0x5f, 0x73, 0x65, 0x63, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, - 0x52, 0x05, 0x74, 0x76, 0x53, 0x65, 0x63, 0x12, 0x17, 0x0a, 0x07, 0x74, 0x76, 0x5f, 0x6e, 0x73, - 0x65, 0x63, 0x18, 0x02, 0x20, 0x02, 0x28, 0x04, 0x52, 0x06, 0x74, 0x76, 0x4e, 0x73, 0x65, 0x63, - 0x22, 0x68, 0x0a, 0x0c, 0x74, 0x69, 0x6d, 0x65, 0x6e, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, - 0x12, 0x2c, 0x0a, 0x09, 0x6d, 0x6f, 0x6e, 0x6f, 0x74, 0x6f, 0x6e, 0x69, 0x63, 0x18, 0x01, 0x20, - 0x02, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x74, 0x69, 0x6d, 0x65, 0x73, - 0x70, 0x65, 0x63, 0x52, 0x09, 0x6d, 0x6f, 0x6e, 0x6f, 0x74, 0x6f, 0x6e, 0x69, 0x63, 0x12, 0x2a, - 0x0a, 0x08, 0x62, 0x6f, 0x6f, 0x74, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0b, - 0x32, 0x0e, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x70, 0x65, 0x63, + 0x0a, 0x0c, 0x74, 0x69, 0x6d, 0x65, 0x6e, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x3a, + 0x0a, 0x08, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x70, 0x65, 0x63, 0x12, 0x15, 0x0a, 0x06, 0x74, 0x76, + 0x5f, 0x73, 0x65, 0x63, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x52, 0x05, 0x74, 0x76, 0x53, 0x65, + 0x63, 0x12, 0x17, 0x0a, 0x07, 0x74, 0x76, 0x5f, 0x6e, 0x73, 0x65, 0x63, 0x18, 0x02, 0x20, 0x02, + 0x28, 0x04, 0x52, 0x06, 0x74, 0x76, 0x4e, 0x73, 0x65, 0x63, 0x22, 0x5e, 0x0a, 0x0c, 0x74, 0x69, + 0x6d, 0x65, 0x6e, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x27, 0x0a, 0x09, 0x6d, 0x6f, + 0x6e, 0x6f, 0x74, 0x6f, 0x6e, 0x69, 0x63, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x09, 0x2e, + 0x74, 0x69, 0x6d, 0x65, 0x73, 0x70, 0x65, 0x63, 0x52, 0x09, 0x6d, 0x6f, 0x6e, 0x6f, 0x74, 0x6f, + 0x6e, 0x69, 0x63, 0x12, 0x25, 0x0a, 0x08, 0x62, 0x6f, 0x6f, 0x74, 0x74, 0x69, 0x6d, 0x65, 0x18, + 0x02, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x09, 0x2e, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x70, 0x65, 0x63, 0x52, 0x08, 0x62, 0x6f, 0x6f, 0x74, 0x74, 0x69, 0x6d, 0x65, } @@ -163,12 +162,12 @@ func file_timens_proto_rawDescGZIP() []byte { var file_timens_proto_msgTypes = make([]protoimpl.MessageInfo, 2) var file_timens_proto_goTypes = []interface{}{ - (*Timespec)(nil), // 0: criu.timespec - (*TimensEntry)(nil), // 1: criu.timens_entry + (*Timespec)(nil), // 0: timespec + (*TimensEntry)(nil), // 1: timens_entry } var file_timens_proto_depIdxs = []int32{ - 0, // 0: criu.timens_entry.monotonic:type_name -> criu.timespec - 0, // 1: criu.timens_entry.boottime:type_name -> criu.timespec + 0, // 0: timens_entry.monotonic:type_name -> timespec + 0, // 1: timens_entry.boottime:type_name -> timespec 2, // [2:2] is the sub-list for method output_type 2, // [2:2] is the sub-list for method input_type 2, // [2:2] is the sub-list for extension type_name diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timens.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timens.proto index 1b0b1af4ea6..79097a18d42 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timens.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timens.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; message timespec { required uint64 tv_sec = 1; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timer.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timer.pb.go index 179f8632126..88df9f88ca6 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timer.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timer.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: timer.proto package images @@ -294,46 +294,44 @@ func (x *TaskTimersEntry) GetPosix() []*PosixTimerEntry { var File_timer_proto protoreflect.FileDescriptor var file_timer_proto_rawDesc = []byte{ - 0x0a, 0x0b, 0x74, 0x69, 0x6d, 0x65, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x63, - 0x72, 0x69, 0x75, 0x22, 0x62, 0x0a, 0x0c, 0x69, 0x74, 0x69, 0x6d, 0x65, 0x72, 0x5f, 0x65, 0x6e, - 0x74, 0x72, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x69, 0x73, 0x65, 0x63, 0x18, 0x01, 0x20, 0x02, 0x28, - 0x04, 0x52, 0x04, 0x69, 0x73, 0x65, 0x63, 0x12, 0x14, 0x0a, 0x05, 0x69, 0x75, 0x73, 0x65, 0x63, - 0x18, 0x02, 0x20, 0x02, 0x28, 0x04, 0x52, 0x05, 0x69, 0x75, 0x73, 0x65, 0x63, 0x12, 0x12, 0x0a, - 0x04, 0x76, 0x73, 0x65, 0x63, 0x18, 0x03, 0x20, 0x02, 0x28, 0x04, 0x52, 0x04, 0x76, 0x73, 0x65, - 0x63, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x75, 0x73, 0x65, 0x63, 0x18, 0x04, 0x20, 0x02, 0x28, 0x04, - 0x52, 0x05, 0x76, 0x75, 0x73, 0x65, 0x63, 0x22, 0xbb, 0x02, 0x0a, 0x11, 0x70, 0x6f, 0x73, 0x69, - 0x78, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x72, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x13, 0x0a, - 0x05, 0x69, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x69, 0x74, - 0x49, 0x64, 0x12, 0x19, 0x0a, 0x08, 0x63, 0x6c, 0x6f, 0x63, 0x6b, 0x5f, 0x69, 0x64, 0x18, 0x02, - 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x63, 0x6c, 0x6f, 0x63, 0x6b, 0x49, 0x64, 0x12, 0x19, 0x0a, - 0x08, 0x73, 0x69, 0x5f, 0x73, 0x69, 0x67, 0x6e, 0x6f, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, - 0x07, 0x73, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x6f, 0x12, 0x26, 0x0a, 0x0f, 0x69, 0x74, 0x5f, 0x73, - 0x69, 0x67, 0x65, 0x76, 0x5f, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x18, 0x04, 0x20, 0x02, 0x28, - 0x0d, 0x52, 0x0d, 0x69, 0x74, 0x53, 0x69, 0x67, 0x65, 0x76, 0x4e, 0x6f, 0x74, 0x69, 0x66, 0x79, - 0x12, 0x1b, 0x0a, 0x09, 0x73, 0x69, 0x76, 0x61, 0x6c, 0x5f, 0x70, 0x74, 0x72, 0x18, 0x05, 0x20, - 0x02, 0x28, 0x04, 0x52, 0x08, 0x73, 0x69, 0x76, 0x61, 0x6c, 0x50, 0x74, 0x72, 0x12, 0x18, 0x0a, - 0x07, 0x6f, 0x76, 0x65, 0x72, 0x72, 0x75, 0x6e, 0x18, 0x06, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, - 0x6f, 0x76, 0x65, 0x72, 0x72, 0x75, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x69, 0x73, 0x65, 0x63, 0x18, - 0x07, 0x20, 0x02, 0x28, 0x04, 0x52, 0x04, 0x69, 0x73, 0x65, 0x63, 0x12, 0x14, 0x0a, 0x05, 0x69, - 0x6e, 0x73, 0x65, 0x63, 0x18, 0x08, 0x20, 0x02, 0x28, 0x04, 0x52, 0x05, 0x69, 0x6e, 0x73, 0x65, - 0x63, 0x12, 0x12, 0x0a, 0x04, 0x76, 0x73, 0x65, 0x63, 0x18, 0x09, 0x20, 0x02, 0x28, 0x04, 0x52, - 0x04, 0x76, 0x73, 0x65, 0x63, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x6e, 0x73, 0x65, 0x63, 0x18, 0x0a, - 0x20, 0x02, 0x28, 0x04, 0x52, 0x05, 0x76, 0x6e, 0x73, 0x65, 0x63, 0x12, 0x28, 0x0a, 0x10, 0x6e, - 0x6f, 0x74, 0x69, 0x66, 0x79, 0x5f, 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x69, 0x64, 0x18, - 0x0b, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0e, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x54, 0x68, 0x72, - 0x65, 0x61, 0x64, 0x49, 0x64, 0x22, 0xba, 0x01, 0x0a, 0x11, 0x74, 0x61, 0x73, 0x6b, 0x5f, 0x74, - 0x69, 0x6d, 0x65, 0x72, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x26, 0x0a, 0x04, 0x72, - 0x65, 0x61, 0x6c, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x63, 0x72, 0x69, 0x75, - 0x2e, 0x69, 0x74, 0x69, 0x6d, 0x65, 0x72, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x72, - 0x65, 0x61, 0x6c, 0x12, 0x26, 0x0a, 0x04, 0x76, 0x69, 0x72, 0x74, 0x18, 0x02, 0x20, 0x02, 0x28, - 0x0b, 0x32, 0x12, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x69, 0x74, 0x69, 0x6d, 0x65, 0x72, 0x5f, - 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x76, 0x69, 0x72, 0x74, 0x12, 0x26, 0x0a, 0x04, 0x70, - 0x72, 0x6f, 0x66, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x63, 0x72, 0x69, 0x75, - 0x2e, 0x69, 0x74, 0x69, 0x6d, 0x65, 0x72, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x70, - 0x72, 0x6f, 0x66, 0x12, 0x2d, 0x0a, 0x05, 0x70, 0x6f, 0x73, 0x69, 0x78, 0x18, 0x04, 0x20, 0x03, - 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x70, 0x6f, 0x73, 0x69, 0x78, 0x5f, - 0x74, 0x69, 0x6d, 0x65, 0x72, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x05, 0x70, 0x6f, 0x73, - 0x69, 0x78, + 0x0a, 0x0b, 0x74, 0x69, 0x6d, 0x65, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x62, 0x0a, + 0x0c, 0x69, 0x74, 0x69, 0x6d, 0x65, 0x72, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x12, 0x0a, + 0x04, 0x69, 0x73, 0x65, 0x63, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x52, 0x04, 0x69, 0x73, 0x65, + 0x63, 0x12, 0x14, 0x0a, 0x05, 0x69, 0x75, 0x73, 0x65, 0x63, 0x18, 0x02, 0x20, 0x02, 0x28, 0x04, + 0x52, 0x05, 0x69, 0x75, 0x73, 0x65, 0x63, 0x12, 0x12, 0x0a, 0x04, 0x76, 0x73, 0x65, 0x63, 0x18, + 0x03, 0x20, 0x02, 0x28, 0x04, 0x52, 0x04, 0x76, 0x73, 0x65, 0x63, 0x12, 0x14, 0x0a, 0x05, 0x76, + 0x75, 0x73, 0x65, 0x63, 0x18, 0x04, 0x20, 0x02, 0x28, 0x04, 0x52, 0x05, 0x76, 0x75, 0x73, 0x65, + 0x63, 0x22, 0xbb, 0x02, 0x0a, 0x11, 0x70, 0x6f, 0x73, 0x69, 0x78, 0x5f, 0x74, 0x69, 0x6d, 0x65, + 0x72, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x13, 0x0a, 0x05, 0x69, 0x74, 0x5f, 0x69, 0x64, + 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x69, 0x74, 0x49, 0x64, 0x12, 0x19, 0x0a, 0x08, + 0x63, 0x6c, 0x6f, 0x63, 0x6b, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, + 0x63, 0x6c, 0x6f, 0x63, 0x6b, 0x49, 0x64, 0x12, 0x19, 0x0a, 0x08, 0x73, 0x69, 0x5f, 0x73, 0x69, + 0x67, 0x6e, 0x6f, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x73, 0x69, 0x53, 0x69, 0x67, + 0x6e, 0x6f, 0x12, 0x26, 0x0a, 0x0f, 0x69, 0x74, 0x5f, 0x73, 0x69, 0x67, 0x65, 0x76, 0x5f, 0x6e, + 0x6f, 0x74, 0x69, 0x66, 0x79, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x0d, 0x69, 0x74, 0x53, + 0x69, 0x67, 0x65, 0x76, 0x4e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x12, 0x1b, 0x0a, 0x09, 0x73, 0x69, + 0x76, 0x61, 0x6c, 0x5f, 0x70, 0x74, 0x72, 0x18, 0x05, 0x20, 0x02, 0x28, 0x04, 0x52, 0x08, 0x73, + 0x69, 0x76, 0x61, 0x6c, 0x50, 0x74, 0x72, 0x12, 0x18, 0x0a, 0x07, 0x6f, 0x76, 0x65, 0x72, 0x72, + 0x75, 0x6e, 0x18, 0x06, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x6f, 0x76, 0x65, 0x72, 0x72, 0x75, + 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x69, 0x73, 0x65, 0x63, 0x18, 0x07, 0x20, 0x02, 0x28, 0x04, 0x52, + 0x04, 0x69, 0x73, 0x65, 0x63, 0x12, 0x14, 0x0a, 0x05, 0x69, 0x6e, 0x73, 0x65, 0x63, 0x18, 0x08, + 0x20, 0x02, 0x28, 0x04, 0x52, 0x05, 0x69, 0x6e, 0x73, 0x65, 0x63, 0x12, 0x12, 0x0a, 0x04, 0x76, + 0x73, 0x65, 0x63, 0x18, 0x09, 0x20, 0x02, 0x28, 0x04, 0x52, 0x04, 0x76, 0x73, 0x65, 0x63, 0x12, + 0x14, 0x0a, 0x05, 0x76, 0x6e, 0x73, 0x65, 0x63, 0x18, 0x0a, 0x20, 0x02, 0x28, 0x04, 0x52, 0x05, + 0x76, 0x6e, 0x73, 0x65, 0x63, 0x12, 0x28, 0x0a, 0x10, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x5f, + 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x69, 0x64, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x05, 0x52, + 0x0e, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x54, 0x68, 0x72, 0x65, 0x61, 0x64, 0x49, 0x64, 0x22, + 0xa6, 0x01, 0x0a, 0x11, 0x74, 0x61, 0x73, 0x6b, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x72, 0x73, 0x5f, + 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x21, 0x0a, 0x04, 0x72, 0x65, 0x61, 0x6c, 0x18, 0x01, 0x20, + 0x02, 0x28, 0x0b, 0x32, 0x0d, 0x2e, 0x69, 0x74, 0x69, 0x6d, 0x65, 0x72, 0x5f, 0x65, 0x6e, 0x74, + 0x72, 0x79, 0x52, 0x04, 0x72, 0x65, 0x61, 0x6c, 0x12, 0x21, 0x0a, 0x04, 0x76, 0x69, 0x72, 0x74, + 0x18, 0x02, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x0d, 0x2e, 0x69, 0x74, 0x69, 0x6d, 0x65, 0x72, 0x5f, + 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x76, 0x69, 0x72, 0x74, 0x12, 0x21, 0x0a, 0x04, 0x70, + 0x72, 0x6f, 0x66, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x0d, 0x2e, 0x69, 0x74, 0x69, 0x6d, + 0x65, 0x72, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x70, 0x72, 0x6f, 0x66, 0x12, 0x28, + 0x0a, 0x05, 0x70, 0x6f, 0x73, 0x69, 0x78, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x12, 0x2e, + 0x70, 0x6f, 0x73, 0x69, 0x78, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x72, 0x5f, 0x65, 0x6e, 0x74, 0x72, + 0x79, 0x52, 0x05, 0x70, 0x6f, 0x73, 0x69, 0x78, } var ( @@ -350,15 +348,15 @@ func file_timer_proto_rawDescGZIP() []byte { var file_timer_proto_msgTypes = make([]protoimpl.MessageInfo, 3) var file_timer_proto_goTypes = []interface{}{ - (*ItimerEntry)(nil), // 0: criu.itimer_entry - (*PosixTimerEntry)(nil), // 1: criu.posix_timer_entry - (*TaskTimersEntry)(nil), // 2: criu.task_timers_entry + (*ItimerEntry)(nil), // 0: itimer_entry + (*PosixTimerEntry)(nil), // 1: posix_timer_entry + (*TaskTimersEntry)(nil), // 2: task_timers_entry } var file_timer_proto_depIdxs = []int32{ - 0, // 0: criu.task_timers_entry.real:type_name -> criu.itimer_entry - 0, // 1: criu.task_timers_entry.virt:type_name -> criu.itimer_entry - 0, // 2: criu.task_timers_entry.prof:type_name -> criu.itimer_entry - 1, // 3: criu.task_timers_entry.posix:type_name -> criu.posix_timer_entry + 0, // 0: task_timers_entry.real:type_name -> itimer_entry + 0, // 1: task_timers_entry.virt:type_name -> itimer_entry + 0, // 2: task_timers_entry.prof:type_name -> itimer_entry + 1, // 3: task_timers_entry.posix:type_name -> posix_timer_entry 4, // [4:4] is the sub-list for method output_type 4, // [4:4] is the sub-list for method input_type 4, // [4:4] is the sub-list for extension type_name diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timer.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timer.proto index 9953e75ad57..3b95562abdd 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timer.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timer.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; message itimer_entry { required uint64 isec = 1; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timerfd.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timerfd.pb.go index 73ad35ed269..17cd382aef9 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timerfd.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timerfd.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: timerfd.proto package images @@ -144,27 +144,26 @@ func (x *TimerfdEntry) GetInsec() uint64 { var File_timerfd_proto protoreflect.FileDescriptor var file_timerfd_proto_rawDesc = []byte{ - 0x0a, 0x0d, 0x74, 0x69, 0x6d, 0x65, 0x72, 0x66, 0x64, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, - 0x04, 0x63, 0x72, 0x69, 0x75, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x1a, 0x0a, 0x66, 0x6f, 0x77, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x92, 0x02, - 0x0a, 0x0d, 0x74, 0x69, 0x6d, 0x65, 0x72, 0x66, 0x64, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, - 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, - 0x1b, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x05, - 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x24, 0x0a, 0x04, - 0x66, 0x6f, 0x77, 0x6e, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x63, 0x72, 0x69, - 0x75, 0x2e, 0x66, 0x6f, 0x77, 0x6e, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x66, 0x6f, - 0x77, 0x6e, 0x12, 0x18, 0x0a, 0x07, 0x63, 0x6c, 0x6f, 0x63, 0x6b, 0x69, 0x64, 0x18, 0x04, 0x20, - 0x02, 0x28, 0x0d, 0x52, 0x07, 0x63, 0x6c, 0x6f, 0x63, 0x6b, 0x69, 0x64, 0x12, 0x14, 0x0a, 0x05, - 0x74, 0x69, 0x63, 0x6b, 0x73, 0x18, 0x05, 0x20, 0x02, 0x28, 0x04, 0x52, 0x05, 0x74, 0x69, 0x63, - 0x6b, 0x73, 0x12, 0x2a, 0x0a, 0x0d, 0x73, 0x65, 0x74, 0x74, 0x69, 0x6d, 0x65, 0x5f, 0x66, 0x6c, - 0x61, 0x67, 0x73, 0x18, 0x06, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, - 0x52, 0x0c, 0x73, 0x65, 0x74, 0x74, 0x69, 0x6d, 0x65, 0x46, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x12, - 0x0a, 0x04, 0x76, 0x73, 0x65, 0x63, 0x18, 0x07, 0x20, 0x02, 0x28, 0x04, 0x52, 0x04, 0x76, 0x73, - 0x65, 0x63, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x6e, 0x73, 0x65, 0x63, 0x18, 0x08, 0x20, 0x02, 0x28, - 0x04, 0x52, 0x05, 0x76, 0x6e, 0x73, 0x65, 0x63, 0x12, 0x12, 0x0a, 0x04, 0x69, 0x73, 0x65, 0x63, - 0x18, 0x09, 0x20, 0x02, 0x28, 0x04, 0x52, 0x04, 0x69, 0x73, 0x65, 0x63, 0x12, 0x14, 0x0a, 0x05, - 0x69, 0x6e, 0x73, 0x65, 0x63, 0x18, 0x0a, 0x20, 0x02, 0x28, 0x04, 0x52, 0x05, 0x69, 0x6e, 0x73, - 0x65, 0x63, + 0x0a, 0x0d, 0x74, 0x69, 0x6d, 0x65, 0x72, 0x66, 0x64, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, + 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x66, 0x6f, 0x77, + 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x8d, 0x02, 0x0a, 0x0d, 0x74, 0x69, 0x6d, 0x65, + 0x72, 0x66, 0x64, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, + 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, 0x1b, 0x0a, 0x05, 0x66, 0x6c, 0x61, + 0x67, 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, + 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x1f, 0x0a, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x18, 0x03, + 0x20, 0x02, 0x28, 0x0b, 0x32, 0x0b, 0x2e, 0x66, 0x6f, 0x77, 0x6e, 0x5f, 0x65, 0x6e, 0x74, 0x72, + 0x79, 0x52, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x12, 0x18, 0x0a, 0x07, 0x63, 0x6c, 0x6f, 0x63, 0x6b, + 0x69, 0x64, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x63, 0x6c, 0x6f, 0x63, 0x6b, 0x69, + 0x64, 0x12, 0x14, 0x0a, 0x05, 0x74, 0x69, 0x63, 0x6b, 0x73, 0x18, 0x05, 0x20, 0x02, 0x28, 0x04, + 0x52, 0x05, 0x74, 0x69, 0x63, 0x6b, 0x73, 0x12, 0x2a, 0x0a, 0x0d, 0x73, 0x65, 0x74, 0x74, 0x69, + 0x6d, 0x65, 0x5f, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x06, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x05, + 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x0c, 0x73, 0x65, 0x74, 0x74, 0x69, 0x6d, 0x65, 0x46, 0x6c, + 0x61, 0x67, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x76, 0x73, 0x65, 0x63, 0x18, 0x07, 0x20, 0x02, 0x28, + 0x04, 0x52, 0x04, 0x76, 0x73, 0x65, 0x63, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x6e, 0x73, 0x65, 0x63, + 0x18, 0x08, 0x20, 0x02, 0x28, 0x04, 0x52, 0x05, 0x76, 0x6e, 0x73, 0x65, 0x63, 0x12, 0x12, 0x0a, + 0x04, 0x69, 0x73, 0x65, 0x63, 0x18, 0x09, 0x20, 0x02, 0x28, 0x04, 0x52, 0x04, 0x69, 0x73, 0x65, + 0x63, 0x12, 0x14, 0x0a, 0x05, 0x69, 0x6e, 0x73, 0x65, 0x63, 0x18, 0x0a, 0x20, 0x02, 0x28, 0x04, + 0x52, 0x05, 0x69, 0x6e, 0x73, 0x65, 0x63, } var ( @@ -181,11 +180,11 @@ func file_timerfd_proto_rawDescGZIP() []byte { var file_timerfd_proto_msgTypes = make([]protoimpl.MessageInfo, 1) var file_timerfd_proto_goTypes = []interface{}{ - (*TimerfdEntry)(nil), // 0: criu.timerfd_entry - (*FownEntry)(nil), // 1: criu.fown_entry + (*TimerfdEntry)(nil), // 0: timerfd_entry + (*FownEntry)(nil), // 1: fown_entry } var file_timerfd_proto_depIdxs = []int32{ - 1, // 0: criu.timerfd_entry.fown:type_name -> criu.fown_entry + 1, // 0: timerfd_entry.fown:type_name -> fown_entry 1, // [1:1] is the sub-list for method output_type 1, // [1:1] is the sub-list for method input_type 1, // [1:1] is the sub-list for extension type_name diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timerfd.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timerfd.proto index bc9a617ef13..0bdf1253884 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timerfd.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timerfd.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; import "opts.proto"; import "fown.proto"; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tty.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tty.pb.go index 5b63316898c..ae849ba616e 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tty.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tty.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: tty.proto package images @@ -375,7 +375,7 @@ type TtyInfoEntry struct { unknownFields protoimpl.UnknownFields Id *uint32 `protobuf:"varint,1,req,name=id" json:"id,omitempty"` - Type *TtyType `protobuf:"varint,2,req,name=type,enum=criu.TtyType" json:"type,omitempty"` + Type *TtyType `protobuf:"varint,2,req,name=type,enum=TtyType" json:"type,omitempty"` Locked *bool `protobuf:"varint,3,req,name=locked" json:"locked,omitempty"` // Unix98 PTY only Exclusive *bool `protobuf:"varint,4,req,name=exclusive" json:"exclusive,omitempty"` PacketMode *bool `protobuf:"varint,5,req,name=packet_mode,json=packetMode" json:"packet_mode,omitempty"` // Unix98 PTY only @@ -616,81 +616,78 @@ func (x *TtyFileEntry) GetRegfId() uint32 { var File_tty_proto protoreflect.FileDescriptor var file_tty_proto_rawDesc = []byte{ - 0x0a, 0x09, 0x74, 0x74, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x63, 0x72, 0x69, - 0x75, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x66, - 0x6f, 0x77, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x77, 0x0a, 0x0d, 0x77, 0x69, 0x6e, - 0x73, 0x69, 0x7a, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x15, 0x0a, 0x06, 0x77, 0x73, - 0x5f, 0x72, 0x6f, 0x77, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x77, 0x73, 0x52, 0x6f, - 0x77, 0x12, 0x15, 0x0a, 0x06, 0x77, 0x73, 0x5f, 0x63, 0x6f, 0x6c, 0x18, 0x02, 0x20, 0x02, 0x28, - 0x0d, 0x52, 0x05, 0x77, 0x73, 0x43, 0x6f, 0x6c, 0x12, 0x1b, 0x0a, 0x09, 0x77, 0x73, 0x5f, 0x78, - 0x70, 0x69, 0x78, 0x65, 0x6c, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x08, 0x77, 0x73, 0x58, - 0x70, 0x69, 0x78, 0x65, 0x6c, 0x12, 0x1b, 0x0a, 0x09, 0x77, 0x73, 0x5f, 0x79, 0x70, 0x69, 0x78, - 0x65, 0x6c, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x08, 0x77, 0x73, 0x59, 0x70, 0x69, 0x78, - 0x65, 0x6c, 0x22, 0xd3, 0x01, 0x0a, 0x0d, 0x74, 0x65, 0x72, 0x6d, 0x69, 0x6f, 0x73, 0x5f, 0x65, - 0x6e, 0x74, 0x72, 0x79, 0x12, 0x17, 0x0a, 0x07, 0x63, 0x5f, 0x69, 0x66, 0x6c, 0x61, 0x67, 0x18, - 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x06, 0x63, 0x49, 0x66, 0x6c, 0x61, 0x67, 0x12, 0x17, 0x0a, - 0x07, 0x63, 0x5f, 0x6f, 0x66, 0x6c, 0x61, 0x67, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x06, - 0x63, 0x4f, 0x66, 0x6c, 0x61, 0x67, 0x12, 0x17, 0x0a, 0x07, 0x63, 0x5f, 0x63, 0x66, 0x6c, 0x61, - 0x67, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x06, 0x63, 0x43, 0x66, 0x6c, 0x61, 0x67, 0x12, - 0x17, 0x0a, 0x07, 0x63, 0x5f, 0x6c, 0x66, 0x6c, 0x61, 0x67, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, - 0x52, 0x06, 0x63, 0x4c, 0x66, 0x6c, 0x61, 0x67, 0x12, 0x15, 0x0a, 0x06, 0x63, 0x5f, 0x6c, 0x69, - 0x6e, 0x65, 0x18, 0x05, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x63, 0x4c, 0x69, 0x6e, 0x65, 0x12, - 0x19, 0x0a, 0x08, 0x63, 0x5f, 0x69, 0x73, 0x70, 0x65, 0x65, 0x64, 0x18, 0x06, 0x20, 0x02, 0x28, - 0x0d, 0x52, 0x07, 0x63, 0x49, 0x73, 0x70, 0x65, 0x65, 0x64, 0x12, 0x19, 0x0a, 0x08, 0x63, 0x5f, - 0x6f, 0x73, 0x70, 0x65, 0x65, 0x64, 0x18, 0x07, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x63, 0x4f, - 0x73, 0x70, 0x65, 0x65, 0x64, 0x12, 0x11, 0x0a, 0x04, 0x63, 0x5f, 0x63, 0x63, 0x18, 0x08, 0x20, - 0x03, 0x28, 0x0d, 0x52, 0x03, 0x63, 0x43, 0x63, 0x22, 0x25, 0x0a, 0x0d, 0x74, 0x74, 0x79, 0x5f, - 0x70, 0x74, 0x79, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x69, 0x6e, 0x64, - 0x65, 0x78, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x22, - 0x3b, 0x0a, 0x0e, 0x74, 0x74, 0x79, 0x5f, 0x64, 0x61, 0x74, 0x61, 0x5f, 0x65, 0x6e, 0x74, 0x72, - 0x79, 0x12, 0x15, 0x0a, 0x06, 0x74, 0x74, 0x79, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, - 0x0d, 0x52, 0x05, 0x74, 0x74, 0x79, 0x49, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x64, 0x61, 0x74, 0x61, - 0x18, 0x02, 0x20, 0x02, 0x28, 0x0c, 0x52, 0x04, 0x64, 0x61, 0x74, 0x61, 0x22, 0xcb, 0x03, 0x0a, - 0x0e, 0x74, 0x74, 0x79, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, - 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, - 0x21, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0e, 0x32, 0x0d, 0x2e, - 0x63, 0x72, 0x69, 0x75, 0x2e, 0x54, 0x74, 0x79, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, - 0x70, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x6c, 0x6f, 0x63, 0x6b, 0x65, 0x64, 0x18, 0x03, 0x20, 0x02, - 0x28, 0x08, 0x52, 0x06, 0x6c, 0x6f, 0x63, 0x6b, 0x65, 0x64, 0x12, 0x1c, 0x0a, 0x09, 0x65, 0x78, - 0x63, 0x6c, 0x75, 0x73, 0x69, 0x76, 0x65, 0x18, 0x04, 0x20, 0x02, 0x28, 0x08, 0x52, 0x09, 0x65, - 0x78, 0x63, 0x6c, 0x75, 0x73, 0x69, 0x76, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x70, 0x61, 0x63, 0x6b, - 0x65, 0x74, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x05, 0x20, 0x02, 0x28, 0x08, 0x52, 0x0a, 0x70, - 0x61, 0x63, 0x6b, 0x65, 0x74, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x73, 0x69, 0x64, - 0x18, 0x06, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, 0x73, 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x70, - 0x67, 0x72, 0x70, 0x18, 0x07, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x70, 0x67, 0x72, 0x70, 0x12, - 0x12, 0x0a, 0x04, 0x72, 0x64, 0x65, 0x76, 0x18, 0x08, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x72, - 0x64, 0x65, 0x76, 0x12, 0x2d, 0x0a, 0x07, 0x74, 0x65, 0x72, 0x6d, 0x69, 0x6f, 0x73, 0x18, 0x09, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x74, 0x65, 0x72, 0x6d, + 0x0a, 0x09, 0x74, 0x74, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x6f, 0x70, 0x74, + 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x66, 0x6f, 0x77, 0x6e, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x22, 0x77, 0x0a, 0x0d, 0x77, 0x69, 0x6e, 0x73, 0x69, 0x7a, 0x65, 0x5f, 0x65, + 0x6e, 0x74, 0x72, 0x79, 0x12, 0x15, 0x0a, 0x06, 0x77, 0x73, 0x5f, 0x72, 0x6f, 0x77, 0x18, 0x01, + 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x77, 0x73, 0x52, 0x6f, 0x77, 0x12, 0x15, 0x0a, 0x06, 0x77, + 0x73, 0x5f, 0x63, 0x6f, 0x6c, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x77, 0x73, 0x43, + 0x6f, 0x6c, 0x12, 0x1b, 0x0a, 0x09, 0x77, 0x73, 0x5f, 0x78, 0x70, 0x69, 0x78, 0x65, 0x6c, 0x18, + 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x08, 0x77, 0x73, 0x58, 0x70, 0x69, 0x78, 0x65, 0x6c, 0x12, + 0x1b, 0x0a, 0x09, 0x77, 0x73, 0x5f, 0x79, 0x70, 0x69, 0x78, 0x65, 0x6c, 0x18, 0x04, 0x20, 0x02, + 0x28, 0x0d, 0x52, 0x08, 0x77, 0x73, 0x59, 0x70, 0x69, 0x78, 0x65, 0x6c, 0x22, 0xd3, 0x01, 0x0a, + 0x0d, 0x74, 0x65, 0x72, 0x6d, 0x69, 0x6f, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x17, + 0x0a, 0x07, 0x63, 0x5f, 0x69, 0x66, 0x6c, 0x61, 0x67, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, + 0x06, 0x63, 0x49, 0x66, 0x6c, 0x61, 0x67, 0x12, 0x17, 0x0a, 0x07, 0x63, 0x5f, 0x6f, 0x66, 0x6c, + 0x61, 0x67, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x06, 0x63, 0x4f, 0x66, 0x6c, 0x61, 0x67, + 0x12, 0x17, 0x0a, 0x07, 0x63, 0x5f, 0x63, 0x66, 0x6c, 0x61, 0x67, 0x18, 0x03, 0x20, 0x02, 0x28, + 0x0d, 0x52, 0x06, 0x63, 0x43, 0x66, 0x6c, 0x61, 0x67, 0x12, 0x17, 0x0a, 0x07, 0x63, 0x5f, 0x6c, + 0x66, 0x6c, 0x61, 0x67, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x06, 0x63, 0x4c, 0x66, 0x6c, + 0x61, 0x67, 0x12, 0x15, 0x0a, 0x06, 0x63, 0x5f, 0x6c, 0x69, 0x6e, 0x65, 0x18, 0x05, 0x20, 0x02, + 0x28, 0x0d, 0x52, 0x05, 0x63, 0x4c, 0x69, 0x6e, 0x65, 0x12, 0x19, 0x0a, 0x08, 0x63, 0x5f, 0x69, + 0x73, 0x70, 0x65, 0x65, 0x64, 0x18, 0x06, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x63, 0x49, 0x73, + 0x70, 0x65, 0x65, 0x64, 0x12, 0x19, 0x0a, 0x08, 0x63, 0x5f, 0x6f, 0x73, 0x70, 0x65, 0x65, 0x64, + 0x18, 0x07, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x63, 0x4f, 0x73, 0x70, 0x65, 0x65, 0x64, 0x12, + 0x11, 0x0a, 0x04, 0x63, 0x5f, 0x63, 0x63, 0x18, 0x08, 0x20, 0x03, 0x28, 0x0d, 0x52, 0x03, 0x63, + 0x43, 0x63, 0x22, 0x25, 0x0a, 0x0d, 0x74, 0x74, 0x79, 0x5f, 0x70, 0x74, 0x79, 0x5f, 0x65, 0x6e, + 0x74, 0x72, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x01, 0x20, 0x02, + 0x28, 0x0d, 0x52, 0x05, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x22, 0x3b, 0x0a, 0x0e, 0x74, 0x74, 0x79, + 0x5f, 0x64, 0x61, 0x74, 0x61, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x15, 0x0a, 0x06, 0x74, + 0x74, 0x79, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x74, 0x74, 0x79, + 0x49, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x64, 0x61, 0x74, 0x61, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0c, + 0x52, 0x04, 0x64, 0x61, 0x74, 0x61, 0x22, 0xb2, 0x03, 0x0a, 0x0e, 0x74, 0x74, 0x79, 0x5f, 0x69, + 0x6e, 0x66, 0x6f, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, + 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, 0x1c, 0x0a, 0x04, 0x74, 0x79, 0x70, + 0x65, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0e, 0x32, 0x08, 0x2e, 0x54, 0x74, 0x79, 0x54, 0x79, 0x70, + 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x6c, 0x6f, 0x63, 0x6b, 0x65, + 0x64, 0x18, 0x03, 0x20, 0x02, 0x28, 0x08, 0x52, 0x06, 0x6c, 0x6f, 0x63, 0x6b, 0x65, 0x64, 0x12, + 0x1c, 0x0a, 0x09, 0x65, 0x78, 0x63, 0x6c, 0x75, 0x73, 0x69, 0x76, 0x65, 0x18, 0x04, 0x20, 0x02, + 0x28, 0x08, 0x52, 0x09, 0x65, 0x78, 0x63, 0x6c, 0x75, 0x73, 0x69, 0x76, 0x65, 0x12, 0x1f, 0x0a, + 0x0b, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x05, 0x20, 0x02, + 0x28, 0x08, 0x52, 0x0a, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x10, + 0x0a, 0x03, 0x73, 0x69, 0x64, 0x18, 0x06, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, 0x73, 0x69, 0x64, + 0x12, 0x12, 0x0a, 0x04, 0x70, 0x67, 0x72, 0x70, 0x18, 0x07, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, + 0x70, 0x67, 0x72, 0x70, 0x12, 0x12, 0x0a, 0x04, 0x72, 0x64, 0x65, 0x76, 0x18, 0x08, 0x20, 0x02, + 0x28, 0x0d, 0x52, 0x04, 0x72, 0x64, 0x65, 0x76, 0x12, 0x28, 0x0a, 0x07, 0x74, 0x65, 0x72, 0x6d, + 0x69, 0x6f, 0x73, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x74, 0x65, 0x72, 0x6d, 0x69, 0x6f, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x74, 0x65, 0x72, 0x6d, 0x69, - 0x6f, 0x73, 0x12, 0x3a, 0x0a, 0x0e, 0x74, 0x65, 0x72, 0x6d, 0x69, 0x6f, 0x73, 0x5f, 0x6c, 0x6f, - 0x63, 0x6b, 0x65, 0x64, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x63, 0x72, 0x69, - 0x75, 0x2e, 0x74, 0x65, 0x72, 0x6d, 0x69, 0x6f, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, - 0x0d, 0x74, 0x65, 0x72, 0x6d, 0x69, 0x6f, 0x73, 0x4c, 0x6f, 0x63, 0x6b, 0x65, 0x64, 0x12, 0x2d, - 0x0a, 0x07, 0x77, 0x69, 0x6e, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x13, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x77, 0x69, 0x6e, 0x73, 0x69, 0x7a, 0x65, 0x5f, 0x65, - 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x77, 0x69, 0x6e, 0x73, 0x69, 0x7a, 0x65, 0x12, 0x25, 0x0a, - 0x03, 0x70, 0x74, 0x79, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x63, 0x72, 0x69, - 0x75, 0x2e, 0x74, 0x74, 0x79, 0x5f, 0x70, 0x74, 0x79, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, - 0x03, 0x70, 0x74, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x64, 0x65, 0x76, 0x18, 0x0d, 0x20, 0x01, 0x28, - 0x0d, 0x52, 0x03, 0x64, 0x65, 0x76, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x69, 0x64, 0x18, 0x0e, 0x20, - 0x01, 0x28, 0x0d, 0x52, 0x03, 0x75, 0x69, 0x64, 0x12, 0x10, 0x0a, 0x03, 0x67, 0x69, 0x64, 0x18, - 0x0f, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x03, 0x67, 0x69, 0x64, 0x22, 0x9c, 0x01, 0x0a, 0x0e, 0x74, - 0x74, 0x79, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, - 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, 0x1e, 0x0a, - 0x0b, 0x74, 0x74, 0x79, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x02, - 0x28, 0x0d, 0x52, 0x09, 0x74, 0x74, 0x79, 0x49, 0x6e, 0x66, 0x6f, 0x49, 0x64, 0x12, 0x1b, 0x0a, - 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, - 0x02, 0x08, 0x01, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x24, 0x0a, 0x04, 0x66, 0x6f, - 0x77, 0x6e, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, - 0x66, 0x6f, 0x77, 0x6e, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x66, 0x6f, 0x77, 0x6e, - 0x12, 0x17, 0x0a, 0x07, 0x72, 0x65, 0x67, 0x66, 0x5f, 0x69, 0x64, 0x18, 0x06, 0x20, 0x01, 0x28, - 0x0d, 0x52, 0x06, 0x72, 0x65, 0x67, 0x66, 0x49, 0x64, 0x2a, 0x57, 0x0a, 0x07, 0x54, 0x74, 0x79, - 0x54, 0x79, 0x70, 0x65, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, - 0x00, 0x12, 0x07, 0x0a, 0x03, 0x50, 0x54, 0x59, 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x43, 0x4f, - 0x4e, 0x53, 0x4f, 0x4c, 0x45, 0x10, 0x02, 0x12, 0x06, 0x0a, 0x02, 0x56, 0x54, 0x10, 0x03, 0x12, - 0x08, 0x0a, 0x04, 0x43, 0x54, 0x54, 0x59, 0x10, 0x04, 0x12, 0x0b, 0x0a, 0x07, 0x45, 0x58, 0x54, - 0x5f, 0x54, 0x54, 0x59, 0x10, 0x05, 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x45, 0x52, 0x49, 0x41, 0x4c, - 0x10, 0x06, + 0x6f, 0x73, 0x12, 0x35, 0x0a, 0x0e, 0x74, 0x65, 0x72, 0x6d, 0x69, 0x6f, 0x73, 0x5f, 0x6c, 0x6f, + 0x63, 0x6b, 0x65, 0x64, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x74, 0x65, 0x72, + 0x6d, 0x69, 0x6f, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0d, 0x74, 0x65, 0x72, 0x6d, + 0x69, 0x6f, 0x73, 0x4c, 0x6f, 0x63, 0x6b, 0x65, 0x64, 0x12, 0x28, 0x0a, 0x07, 0x77, 0x69, 0x6e, + 0x73, 0x69, 0x7a, 0x65, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x77, 0x69, 0x6e, + 0x73, 0x69, 0x7a, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x77, 0x69, 0x6e, 0x73, + 0x69, 0x7a, 0x65, 0x12, 0x20, 0x0a, 0x03, 0x70, 0x74, 0x79, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x0e, 0x2e, 0x74, 0x74, 0x79, 0x5f, 0x70, 0x74, 0x79, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, + 0x52, 0x03, 0x70, 0x74, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x64, 0x65, 0x76, 0x18, 0x0d, 0x20, 0x01, + 0x28, 0x0d, 0x52, 0x03, 0x64, 0x65, 0x76, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x69, 0x64, 0x18, 0x0e, + 0x20, 0x01, 0x28, 0x0d, 0x52, 0x03, 0x75, 0x69, 0x64, 0x12, 0x10, 0x0a, 0x03, 0x67, 0x69, 0x64, + 0x18, 0x0f, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x03, 0x67, 0x69, 0x64, 0x22, 0x97, 0x01, 0x0a, 0x0e, + 0x74, 0x74, 0x79, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, + 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, 0x1e, + 0x0a, 0x0b, 0x74, 0x74, 0x79, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, + 0x02, 0x28, 0x0d, 0x52, 0x09, 0x74, 0x74, 0x79, 0x49, 0x6e, 0x66, 0x6f, 0x49, 0x64, 0x12, 0x1b, + 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x05, 0xd2, + 0x3f, 0x02, 0x08, 0x01, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x1f, 0x0a, 0x04, 0x66, + 0x6f, 0x77, 0x6e, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x0b, 0x2e, 0x66, 0x6f, 0x77, 0x6e, + 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x12, 0x17, 0x0a, 0x07, + 0x72, 0x65, 0x67, 0x66, 0x5f, 0x69, 0x64, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x06, 0x72, + 0x65, 0x67, 0x66, 0x49, 0x64, 0x2a, 0x57, 0x0a, 0x07, 0x54, 0x74, 0x79, 0x54, 0x79, 0x70, 0x65, + 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x07, 0x0a, + 0x03, 0x50, 0x54, 0x59, 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x43, 0x4f, 0x4e, 0x53, 0x4f, 0x4c, + 0x45, 0x10, 0x02, 0x12, 0x06, 0x0a, 0x02, 0x56, 0x54, 0x10, 0x03, 0x12, 0x08, 0x0a, 0x04, 0x43, + 0x54, 0x54, 0x59, 0x10, 0x04, 0x12, 0x0b, 0x0a, 0x07, 0x45, 0x58, 0x54, 0x5f, 0x54, 0x54, 0x59, + 0x10, 0x05, 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x45, 0x52, 0x49, 0x41, 0x4c, 0x10, 0x06, } var ( @@ -708,22 +705,22 @@ func file_tty_proto_rawDescGZIP() []byte { var file_tty_proto_enumTypes = make([]protoimpl.EnumInfo, 1) var file_tty_proto_msgTypes = make([]protoimpl.MessageInfo, 6) var file_tty_proto_goTypes = []interface{}{ - (TtyType)(0), // 0: criu.TtyType - (*WinsizeEntry)(nil), // 1: criu.winsize_entry - (*TermiosEntry)(nil), // 2: criu.termios_entry - (*TtyPtyEntry)(nil), // 3: criu.tty_pty_entry - (*TtyDataEntry)(nil), // 4: criu.tty_data_entry - (*TtyInfoEntry)(nil), // 5: criu.tty_info_entry - (*TtyFileEntry)(nil), // 6: criu.tty_file_entry - (*FownEntry)(nil), // 7: criu.fown_entry + (TtyType)(0), // 0: TtyType + (*WinsizeEntry)(nil), // 1: winsize_entry + (*TermiosEntry)(nil), // 2: termios_entry + (*TtyPtyEntry)(nil), // 3: tty_pty_entry + (*TtyDataEntry)(nil), // 4: tty_data_entry + (*TtyInfoEntry)(nil), // 5: tty_info_entry + (*TtyFileEntry)(nil), // 6: tty_file_entry + (*FownEntry)(nil), // 7: fown_entry } var file_tty_proto_depIdxs = []int32{ - 0, // 0: criu.tty_info_entry.type:type_name -> criu.TtyType - 2, // 1: criu.tty_info_entry.termios:type_name -> criu.termios_entry - 2, // 2: criu.tty_info_entry.termios_locked:type_name -> criu.termios_entry - 1, // 3: criu.tty_info_entry.winsize:type_name -> criu.winsize_entry - 3, // 4: criu.tty_info_entry.pty:type_name -> criu.tty_pty_entry - 7, // 5: criu.tty_file_entry.fown:type_name -> criu.fown_entry + 0, // 0: tty_info_entry.type:type_name -> TtyType + 2, // 1: tty_info_entry.termios:type_name -> termios_entry + 2, // 2: tty_info_entry.termios_locked:type_name -> termios_entry + 1, // 3: tty_info_entry.winsize:type_name -> winsize_entry + 3, // 4: tty_info_entry.pty:type_name -> tty_pty_entry + 7, // 5: tty_file_entry.fown:type_name -> fown_entry 6, // [6:6] is the sub-list for method output_type 6, // [6:6] is the sub-list for method input_type 6, // [6:6] is the sub-list for extension type_name diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tty.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tty.proto index 4fe7c8792cf..14bc543ece3 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tty.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tty.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; import "opts.proto"; import "fown.proto"; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tun.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tun.pb.go index b53235adef9..7d33bdf6cfd 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tun.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tun.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: tun.proto package images @@ -175,24 +175,23 @@ func (x *TunLinkEntry) GetSndbuf() uint32 { var File_tun_proto protoreflect.FileDescriptor var file_tun_proto_rawDesc = []byte{ - 0x0a, 0x09, 0x74, 0x75, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x63, 0x72, 0x69, - 0x75, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x68, 0x0a, - 0x0d, 0x74, 0x75, 0x6e, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, - 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, 0x16, - 0x0a, 0x06, 0x6e, 0x65, 0x74, 0x64, 0x65, 0x76, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, - 0x6e, 0x65, 0x74, 0x64, 0x65, 0x76, 0x12, 0x1a, 0x0a, 0x08, 0x64, 0x65, 0x74, 0x61, 0x63, 0x68, - 0x65, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x64, 0x65, 0x74, 0x61, 0x63, 0x68, - 0x65, 0x64, 0x12, 0x13, 0x0a, 0x05, 0x6e, 0x73, 0x5f, 0x69, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, - 0x0d, 0x52, 0x04, 0x6e, 0x73, 0x49, 0x64, 0x22, 0x8b, 0x01, 0x0a, 0x0e, 0x74, 0x75, 0x6e, 0x5f, - 0x6c, 0x69, 0x6e, 0x6b, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x1b, 0x0a, 0x05, 0x66, 0x6c, - 0x61, 0x67, 0x73, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, - 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x14, 0x0a, 0x05, 0x6f, 0x77, 0x6e, 0x65, 0x72, - 0x18, 0x02, 0x20, 0x02, 0x28, 0x05, 0x52, 0x05, 0x6f, 0x77, 0x6e, 0x65, 0x72, 0x12, 0x14, 0x0a, - 0x05, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x18, 0x03, 0x20, 0x02, 0x28, 0x05, 0x52, 0x05, 0x67, 0x72, - 0x6f, 0x75, 0x70, 0x12, 0x18, 0x0a, 0x07, 0x76, 0x6e, 0x65, 0x74, 0x68, 0x64, 0x72, 0x18, 0x04, - 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x76, 0x6e, 0x65, 0x74, 0x68, 0x64, 0x72, 0x12, 0x16, 0x0a, - 0x06, 0x73, 0x6e, 0x64, 0x62, 0x75, 0x66, 0x18, 0x05, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x06, 0x73, - 0x6e, 0x64, 0x62, 0x75, 0x66, + 0x0a, 0x09, 0x74, 0x75, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x6f, 0x70, 0x74, + 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x68, 0x0a, 0x0d, 0x74, 0x75, 0x6e, 0x66, 0x69, + 0x6c, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, + 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x6e, 0x65, 0x74, 0x64, + 0x65, 0x76, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x6e, 0x65, 0x74, 0x64, 0x65, 0x76, + 0x12, 0x1a, 0x0a, 0x08, 0x64, 0x65, 0x74, 0x61, 0x63, 0x68, 0x65, 0x64, 0x18, 0x03, 0x20, 0x01, + 0x28, 0x08, 0x52, 0x08, 0x64, 0x65, 0x74, 0x61, 0x63, 0x68, 0x65, 0x64, 0x12, 0x13, 0x0a, 0x05, + 0x6e, 0x73, 0x5f, 0x69, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x04, 0x6e, 0x73, 0x49, + 0x64, 0x22, 0x8b, 0x01, 0x0a, 0x0e, 0x74, 0x75, 0x6e, 0x5f, 0x6c, 0x69, 0x6e, 0x6b, 0x5f, 0x65, + 0x6e, 0x74, 0x72, 0x79, 0x12, 0x1b, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x01, 0x20, + 0x02, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, + 0x73, 0x12, 0x14, 0x0a, 0x05, 0x6f, 0x77, 0x6e, 0x65, 0x72, 0x18, 0x02, 0x20, 0x02, 0x28, 0x05, + 0x52, 0x05, 0x6f, 0x77, 0x6e, 0x65, 0x72, 0x12, 0x14, 0x0a, 0x05, 0x67, 0x72, 0x6f, 0x75, 0x70, + 0x18, 0x03, 0x20, 0x02, 0x28, 0x05, 0x52, 0x05, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x18, 0x0a, + 0x07, 0x76, 0x6e, 0x65, 0x74, 0x68, 0x64, 0x72, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, + 0x76, 0x6e, 0x65, 0x74, 0x68, 0x64, 0x72, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x6e, 0x64, 0x62, 0x75, + 0x66, 0x18, 0x05, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x06, 0x73, 0x6e, 0x64, 0x62, 0x75, 0x66, } var ( @@ -209,8 +208,8 @@ func file_tun_proto_rawDescGZIP() []byte { var file_tun_proto_msgTypes = make([]protoimpl.MessageInfo, 2) var file_tun_proto_goTypes = []interface{}{ - (*TunfileEntry)(nil), // 0: criu.tunfile_entry - (*TunLinkEntry)(nil), // 1: criu.tun_link_entry + (*TunfileEntry)(nil), // 0: tunfile_entry + (*TunLinkEntry)(nil), // 1: tun_link_entry } var file_tun_proto_depIdxs = []int32{ 0, // [0:0] is the sub-list for method output_type diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tun.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tun.proto index b0689cbdf5e..ad61037db16 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tun.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tun.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; import "opts.proto"; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/userns.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/userns.pb.go index 16288142ddd..57b30d473f6 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/userns.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/userns.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: userns.proto package images @@ -143,19 +143,18 @@ func (x *UsernsEntry) GetGidMap() []*UidGidExtent { var File_userns_proto protoreflect.FileDescriptor var file_userns_proto_rawDesc = []byte{ - 0x0a, 0x0c, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, - 0x63, 0x72, 0x69, 0x75, 0x22, 0x5d, 0x0a, 0x0e, 0x75, 0x69, 0x64, 0x5f, 0x67, 0x69, 0x64, 0x5f, - 0x65, 0x78, 0x74, 0x65, 0x6e, 0x74, 0x12, 0x14, 0x0a, 0x05, 0x66, 0x69, 0x72, 0x73, 0x74, 0x18, - 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x66, 0x69, 0x72, 0x73, 0x74, 0x12, 0x1f, 0x0a, 0x0b, - 0x6c, 0x6f, 0x77, 0x65, 0x72, 0x5f, 0x66, 0x69, 0x72, 0x73, 0x74, 0x18, 0x02, 0x20, 0x02, 0x28, - 0x0d, 0x52, 0x0a, 0x6c, 0x6f, 0x77, 0x65, 0x72, 0x46, 0x69, 0x72, 0x73, 0x74, 0x12, 0x14, 0x0a, - 0x05, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x63, 0x6f, - 0x75, 0x6e, 0x74, 0x22, 0x6c, 0x0a, 0x0c, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x73, 0x5f, 0x65, 0x6e, - 0x74, 0x72, 0x79, 0x12, 0x2d, 0x0a, 0x07, 0x75, 0x69, 0x64, 0x5f, 0x6d, 0x61, 0x70, 0x18, 0x01, - 0x20, 0x03, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x75, 0x69, 0x64, 0x5f, - 0x67, 0x69, 0x64, 0x5f, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x74, 0x52, 0x06, 0x75, 0x69, 0x64, 0x4d, - 0x61, 0x70, 0x12, 0x2d, 0x0a, 0x07, 0x67, 0x69, 0x64, 0x5f, 0x6d, 0x61, 0x70, 0x18, 0x02, 0x20, - 0x03, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x2e, 0x75, 0x69, 0x64, 0x5f, 0x67, + 0x0a, 0x0c, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x5d, + 0x0a, 0x0e, 0x75, 0x69, 0x64, 0x5f, 0x67, 0x69, 0x64, 0x5f, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x74, + 0x12, 0x14, 0x0a, 0x05, 0x66, 0x69, 0x72, 0x73, 0x74, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, + 0x05, 0x66, 0x69, 0x72, 0x73, 0x74, 0x12, 0x1f, 0x0a, 0x0b, 0x6c, 0x6f, 0x77, 0x65, 0x72, 0x5f, + 0x66, 0x69, 0x72, 0x73, 0x74, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x0a, 0x6c, 0x6f, 0x77, + 0x65, 0x72, 0x46, 0x69, 0x72, 0x73, 0x74, 0x12, 0x14, 0x0a, 0x05, 0x63, 0x6f, 0x75, 0x6e, 0x74, + 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x22, 0x62, 0x0a, + 0x0c, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x28, 0x0a, + 0x07, 0x75, 0x69, 0x64, 0x5f, 0x6d, 0x61, 0x70, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0f, + 0x2e, 0x75, 0x69, 0x64, 0x5f, 0x67, 0x69, 0x64, 0x5f, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x74, 0x52, + 0x06, 0x75, 0x69, 0x64, 0x4d, 0x61, 0x70, 0x12, 0x28, 0x0a, 0x07, 0x67, 0x69, 0x64, 0x5f, 0x6d, + 0x61, 0x70, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x75, 0x69, 0x64, 0x5f, 0x67, 0x69, 0x64, 0x5f, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x74, 0x52, 0x06, 0x67, 0x69, 0x64, 0x4d, 0x61, 0x70, } @@ -174,12 +173,12 @@ func file_userns_proto_rawDescGZIP() []byte { var file_userns_proto_msgTypes = make([]protoimpl.MessageInfo, 2) var file_userns_proto_goTypes = []interface{}{ - (*UidGidExtent)(nil), // 0: criu.uid_gid_extent - (*UsernsEntry)(nil), // 1: criu.userns_entry + (*UidGidExtent)(nil), // 0: uid_gid_extent + (*UsernsEntry)(nil), // 1: userns_entry } var file_userns_proto_depIdxs = []int32{ - 0, // 0: criu.userns_entry.uid_map:type_name -> criu.uid_gid_extent - 0, // 1: criu.userns_entry.gid_map:type_name -> criu.uid_gid_extent + 0, // 0: userns_entry.uid_map:type_name -> uid_gid_extent + 0, // 1: userns_entry.gid_map:type_name -> uid_gid_extent 2, // [2:2] is the sub-list for method output_type 2, // [2:2] is the sub-list for method input_type 2, // [2:2] is the sub-list for extension type_name diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/userns.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/userns.proto index 4c9f0598b09..3a23cbbf876 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/userns.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/userns.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; message uid_gid_extent { required uint32 first = 1; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/utsns.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/utsns.pb.go index 0ba81721b34..64d7139b0ba 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/utsns.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/utsns.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: utsns.proto package images @@ -80,12 +80,12 @@ func (x *UtsnsEntry) GetDomainname() string { var File_utsns_proto protoreflect.FileDescriptor var file_utsns_proto_rawDesc = []byte{ - 0x0a, 0x0b, 0x75, 0x74, 0x73, 0x6e, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x63, - 0x72, 0x69, 0x75, 0x22, 0x49, 0x0a, 0x0b, 0x75, 0x74, 0x73, 0x6e, 0x73, 0x5f, 0x65, 0x6e, 0x74, - 0x72, 0x79, 0x12, 0x1a, 0x0a, 0x08, 0x6e, 0x6f, 0x64, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, - 0x20, 0x02, 0x28, 0x09, 0x52, 0x08, 0x6e, 0x6f, 0x64, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1e, - 0x0a, 0x0a, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x02, - 0x28, 0x09, 0x52, 0x0a, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x6e, 0x61, 0x6d, 0x65, + 0x0a, 0x0b, 0x75, 0x74, 0x73, 0x6e, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x49, 0x0a, + 0x0b, 0x75, 0x74, 0x73, 0x6e, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x1a, 0x0a, 0x08, + 0x6e, 0x6f, 0x64, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x09, 0x52, 0x08, + 0x6e, 0x6f, 0x64, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1e, 0x0a, 0x0a, 0x64, 0x6f, 0x6d, 0x61, + 0x69, 0x6e, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x02, 0x28, 0x09, 0x52, 0x0a, 0x64, 0x6f, + 0x6d, 0x61, 0x69, 0x6e, 0x6e, 0x61, 0x6d, 0x65, } var ( @@ -102,7 +102,7 @@ func file_utsns_proto_rawDescGZIP() []byte { var file_utsns_proto_msgTypes = make([]protoimpl.MessageInfo, 1) var file_utsns_proto_goTypes = []interface{}{ - (*UtsnsEntry)(nil), // 0: criu.utsns_entry + (*UtsnsEntry)(nil), // 0: utsns_entry } var file_utsns_proto_depIdxs = []int32{ 0, // [0:0] is the sub-list for method output_type diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/utsns.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/utsns.proto index 8d78a83984c..efc689fa55b 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/utsns.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/utsns.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; message utsns_entry { required string nodename = 1; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/vma.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/vma.pb.go index 3e260fc3e2c..03435002805 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/vma.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/vma.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.4 +// protoc v3.21.5 // source: vma.proto package images @@ -149,27 +149,27 @@ func (x *VmaEntry) GetFdflags() uint32 { var File_vma_proto protoreflect.FileDescriptor var file_vma_proto_rawDesc = []byte{ - 0x0a, 0x09, 0x76, 0x6d, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x63, 0x72, 0x69, - 0x75, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xae, 0x02, - 0x0a, 0x09, 0x76, 0x6d, 0x61, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x1b, 0x0a, 0x05, 0x73, - 0x74, 0x61, 0x72, 0x74, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, - 0x01, 0x52, 0x05, 0x73, 0x74, 0x61, 0x72, 0x74, 0x12, 0x17, 0x0a, 0x03, 0x65, 0x6e, 0x64, 0x18, - 0x02, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x03, 0x65, 0x6e, - 0x64, 0x12, 0x14, 0x0a, 0x05, 0x70, 0x67, 0x6f, 0x66, 0x66, 0x18, 0x03, 0x20, 0x02, 0x28, 0x04, - 0x52, 0x05, 0x70, 0x67, 0x6f, 0x66, 0x66, 0x12, 0x14, 0x0a, 0x05, 0x73, 0x68, 0x6d, 0x69, 0x64, - 0x18, 0x04, 0x20, 0x02, 0x28, 0x04, 0x52, 0x05, 0x73, 0x68, 0x6d, 0x69, 0x64, 0x12, 0x22, 0x0a, - 0x04, 0x70, 0x72, 0x6f, 0x74, 0x18, 0x05, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x0e, 0xd2, 0x3f, 0x0b, - 0x1a, 0x09, 0x6d, 0x6d, 0x61, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x52, 0x04, 0x70, 0x72, 0x6f, - 0x74, 0x12, 0x25, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x06, 0x20, 0x02, 0x28, 0x0d, - 0x42, 0x0f, 0xd2, 0x3f, 0x0c, 0x1a, 0x0a, 0x6d, 0x6d, 0x61, 0x70, 0x2e, 0x66, 0x6c, 0x61, 0x67, - 0x73, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x28, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, - 0x75, 0x73, 0x18, 0x07, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x10, 0xd2, 0x3f, 0x0d, 0x1a, 0x0b, 0x6d, - 0x6d, 0x61, 0x70, 0x2e, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, - 0x75, 0x73, 0x12, 0x0e, 0x0a, 0x02, 0x66, 0x64, 0x18, 0x08, 0x20, 0x02, 0x28, 0x12, 0x52, 0x02, - 0x66, 0x64, 0x12, 0x19, 0x0a, 0x04, 0x6d, 0x61, 0x64, 0x76, 0x18, 0x09, 0x20, 0x01, 0x28, 0x04, - 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x04, 0x6d, 0x61, 0x64, 0x76, 0x12, 0x1f, 0x0a, - 0x07, 0x66, 0x64, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0d, 0x42, 0x05, - 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x07, 0x66, 0x64, 0x66, 0x6c, 0x61, 0x67, 0x73, + 0x0a, 0x09, 0x76, 0x6d, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x6f, 0x70, 0x74, + 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xae, 0x02, 0x0a, 0x09, 0x76, 0x6d, 0x61, 0x5f, + 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x1b, 0x0a, 0x05, 0x73, 0x74, 0x61, 0x72, 0x74, 0x18, 0x01, + 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x05, 0x73, 0x74, 0x61, + 0x72, 0x74, 0x12, 0x17, 0x0a, 0x03, 0x65, 0x6e, 0x64, 0x18, 0x02, 0x20, 0x02, 0x28, 0x04, 0x42, + 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x03, 0x65, 0x6e, 0x64, 0x12, 0x14, 0x0a, 0x05, 0x70, + 0x67, 0x6f, 0x66, 0x66, 0x18, 0x03, 0x20, 0x02, 0x28, 0x04, 0x52, 0x05, 0x70, 0x67, 0x6f, 0x66, + 0x66, 0x12, 0x14, 0x0a, 0x05, 0x73, 0x68, 0x6d, 0x69, 0x64, 0x18, 0x04, 0x20, 0x02, 0x28, 0x04, + 0x52, 0x05, 0x73, 0x68, 0x6d, 0x69, 0x64, 0x12, 0x22, 0x0a, 0x04, 0x70, 0x72, 0x6f, 0x74, 0x18, + 0x05, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x0e, 0xd2, 0x3f, 0x0b, 0x1a, 0x09, 0x6d, 0x6d, 0x61, 0x70, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x52, 0x04, 0x70, 0x72, 0x6f, 0x74, 0x12, 0x25, 0x0a, 0x05, 0x66, + 0x6c, 0x61, 0x67, 0x73, 0x18, 0x06, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x0f, 0xd2, 0x3f, 0x0c, 0x1a, + 0x0a, 0x6d, 0x6d, 0x61, 0x70, 0x2e, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x52, 0x05, 0x66, 0x6c, 0x61, + 0x67, 0x73, 0x12, 0x28, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x07, 0x20, 0x02, + 0x28, 0x0d, 0x42, 0x10, 0xd2, 0x3f, 0x0d, 0x1a, 0x0b, 0x6d, 0x6d, 0x61, 0x70, 0x2e, 0x73, 0x74, + 0x61, 0x74, 0x75, 0x73, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x0e, 0x0a, 0x02, + 0x66, 0x64, 0x18, 0x08, 0x20, 0x02, 0x28, 0x12, 0x52, 0x02, 0x66, 0x64, 0x12, 0x19, 0x0a, 0x04, + 0x6d, 0x61, 0x64, 0x76, 0x18, 0x09, 0x20, 0x01, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, + 0x01, 0x52, 0x04, 0x6d, 0x61, 0x64, 0x76, 0x12, 0x1f, 0x0a, 0x07, 0x66, 0x64, 0x66, 0x6c, 0x61, + 0x67, 0x73, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, + 0x07, 0x66, 0x64, 0x66, 0x6c, 0x61, 0x67, 0x73, } var ( @@ -186,7 +186,7 @@ func file_vma_proto_rawDescGZIP() []byte { var file_vma_proto_msgTypes = make([]protoimpl.MessageInfo, 1) var file_vma_proto_goTypes = []interface{}{ - (*VmaEntry)(nil), // 0: criu.vma_entry + (*VmaEntry)(nil), // 0: vma_entry } var file_vma_proto_depIdxs = []int32{ 0, // [0:0] is the sub-list for method output_type diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/vma.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/vma.proto index 35ff2564b7a..0c07d51c6b2 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/vma.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/vma.proto @@ -1,7 +1,6 @@ // SPDX-License-Identifier: MIT syntax = "proto2"; -package criu; import "opts.proto"; diff --git a/vendor/modules.txt b/vendor/modules.txt index 989cbe8a964..3663f35bc0f 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1,4 +1,4 @@ -# github.com/checkpoint-restore/go-criu/v6 v6.1.0 +# github.com/checkpoint-restore/go-criu/v6 v6.2.0 ## explicit; go 1.16 github.com/checkpoint-restore/go-criu/v6 github.com/checkpoint-restore/go-criu/v6/crit/images From 0ffb49dba041087931427f4b6eddbfded2aa7d7d Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 22 Sep 2022 17:37:50 -0700 Subject: [PATCH 0094/1176] tests/int: suppress bogus error The situation when /sys/fs/cgroup/unified is not present normal and should not result in anything on stderr. Suppress it. Fixes: cc15b887a00069b Signed-off-by: Kir Kolyshkin --- tests/integration/helpers.bash | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/integration/helpers.bash b/tests/integration/helpers.bash index e61096c2499..70a4f93cad7 100644 --- a/tests/integration/helpers.bash +++ b/tests/integration/helpers.bash @@ -126,7 +126,7 @@ function init_cgroup_paths() { CGROUP_SUBSYSTEMS+=" freezer" fi else - if stat -f -c %t /sys/fs/cgroup/unified | grep -qFw 63677270; then + if stat -f -c %t /sys/fs/cgroup/unified 2>/dev/null | grep -qFw 63677270; then CGROUP_HYBRID=yes fi CGROUP_V1=yes From 4e65118d02b19963d49a6e0b12326123dd21c956 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 22 Sep 2022 18:36:15 -0700 Subject: [PATCH 0095/1176] tests/int/helpers: gawk -> awk We use awk in other 9 or so places, and here it's gawk. Since this is on Linux, most probably awk is gawk. So s/gawk/awk/. Signed-off-by: Kir Kolyshkin --- tests/integration/helpers.bash | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/integration/helpers.bash b/tests/integration/helpers.bash index 70a4f93cad7..ee93c42b479 100644 --- a/tests/integration/helpers.bash +++ b/tests/integration/helpers.bash @@ -133,7 +133,7 @@ function init_cgroup_paths() { CGROUP_SUBSYSTEMS=$(awk '!/^#/ {print $1}' /proc/cgroups) local g base_path for g in ${CGROUP_SUBSYSTEMS}; do - base_path=$(gawk '$(NF-2) == "cgroup" && $NF ~ /\<'"${g}"'\>/ { print $5; exit }' /proc/self/mountinfo) + base_path=$(awk '$(NF-2) == "cgroup" && $NF ~ /\<'"${g}"'\>/ { print $5; exit }' /proc/self/mountinfo) test -z "$base_path" && continue eval CGROUP_"${g^^}"_BASE_PATH="${base_path}" done From 491713e841bac493bb9e83627e1e6433ff59e2f8 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 27 Sep 2022 20:43:32 -0700 Subject: [PATCH 0096/1176] cirrus-ci: enable EPEL for CentOS 7 It used to be enabled by default, but not as of last few weeks. While at it, add rpm -q command to make sure all required RPMS were in fact installed (at least CentOS 7 yum exits with 0 when some packages requested are not available). Signed-off-by: Kir Kolyshkin --- .cirrus.yml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/.cirrus.yml b/.cirrus.yml index e2e7a3dc43f..34baf5f1192 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -72,6 +72,7 @@ task: CIRRUS_WORKING_DIR: /home/runc GO_VERSION: "1.18" BATS_VERSION: "v1.3.0" + RPMS: gcc git iptables jq glibc-static libseccomp-devel make criu fuse-sshfs # yamllint disable rule:key-duplicates matrix: DISTRO: centos-7 @@ -91,6 +92,8 @@ task: case $DISTRO in centos-7) (cd /etc/yum.repos.d && curl -O https://copr.fedorainfracloud.org/coprs/adrian/criu-el7/repo/epel-7/adrian-criu-el7-epel-7.repo) + # EPEL is needed for jq and fuse-sshfs. + rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm # sysctl echo "user.max_user_namespaces=15076" > /etc/sysctl.d/userns.conf sysctl --system @@ -106,9 +109,14 @@ task: # Work around dnf mirror failures by retrying a few times. for i in $(seq 0 2); do sleep $i - yum install -y -q gcc git iptables jq glibc-static libseccomp-devel make criu fuse-sshfs && break + yum install -y $RPMS && break done [ $? -eq 0 ] # fail if yum failed + + # Double check that all rpms were installed (yum from CentOS 7 + # does not exit with an error if some packages were not found). + # Use --whatprovides since some packages are renamed. + rpm -q --whatprovides $RPMS # install Go curl -fsSL "https://dl.google.com/go/go${GO_VERSION}.linux-amd64.tar.gz" | tar Cxz /usr/local # install bats From 7189ba8dfe1dadaf3e8eb9e85bdbc9c39edbaa95 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 28 Sep 2022 21:26:56 +0000 Subject: [PATCH 0097/1176] build(deps): bump github.com/coreos/go-systemd/v22 from 22.3.2 to 22.4.0 Bumps [github.com/coreos/go-systemd/v22](https://github.com/coreos/go-systemd) from 22.3.2 to 22.4.0. - [Release notes](https://github.com/coreos/go-systemd/releases) - [Commits](https://github.com/coreos/go-systemd/compare/v22.3.2...v22.4.0) --- updated-dependencies: - dependency-name: github.com/coreos/go-systemd/v22 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 +-- .../go-systemd/v22/activation/files_unix.go | 1 + .../coreos/go-systemd/v22/dbus/dbus.go | 5 +++ .../coreos/go-systemd/v22/dbus/methods.go | 34 +++++++++++++++++++ vendor/modules.txt | 2 +- 6 files changed, 44 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index b10a591a8d5..e4b9cda6c5a 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( github.com/checkpoint-restore/go-criu/v6 v6.2.0 github.com/cilium/ebpf v0.9.1 github.com/containerd/console v1.0.3 - github.com/coreos/go-systemd/v22 v22.3.2 + github.com/coreos/go-systemd/v22 v22.4.0 github.com/cyphar/filepath-securejoin v0.2.3 github.com/docker/go-units v0.5.0 github.com/godbus/dbus/v5 v5.1.0 diff --git a/go.sum b/go.sum index 9a6e7026119..7ef23a6f29a 100644 --- a/go.sum +++ b/go.sum @@ -5,8 +5,8 @@ github.com/cilium/ebpf v0.9.1 h1:64sn2K3UKw8NbP/blsixRpF3nXuyhz/VjRlRzvlBRu4= github.com/cilium/ebpf v0.9.1/go.mod h1:+OhNOIXx/Fnu1IE8bJz2dzOA+VSfyTfdNUVdlQnxUFY= github.com/containerd/console v1.0.3 h1:lIr7SlA5PxZyMV30bDW0MGbiOPXwc63yRuCP0ARubLw= github.com/containerd/console v1.0.3/go.mod h1:7LqA/THxQ86k76b8c/EMSiaJ3h1eZkMkXar0TQ1gf3U= -github.com/coreos/go-systemd/v22 v22.3.2 h1:D9/bQk5vlXQFZ6Kwuu6zaiXJ9oTPe68++AzAJc1DzSI= -github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= +github.com/coreos/go-systemd/v22 v22.4.0 h1:y9YHcjnjynCd/DVbg5j9L/33jQM3MxJlbj/zWskzfGU= +github.com/coreos/go-systemd/v22 v22.4.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w= github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= diff --git a/vendor/github.com/coreos/go-systemd/v22/activation/files_unix.go b/vendor/github.com/coreos/go-systemd/v22/activation/files_unix.go index fc7db98fb41..bf7671dd2b2 100644 --- a/vendor/github.com/coreos/go-systemd/v22/activation/files_unix.go +++ b/vendor/github.com/coreos/go-systemd/v22/activation/files_unix.go @@ -12,6 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. +//go:build !windows // +build !windows // Package activation implements primitives for systemd socket activation. diff --git a/vendor/github.com/coreos/go-systemd/v22/dbus/dbus.go b/vendor/github.com/coreos/go-systemd/v22/dbus/dbus.go index cff5af1a64c..147f756fe24 100644 --- a/vendor/github.com/coreos/go-systemd/v22/dbus/dbus.go +++ b/vendor/github.com/coreos/go-systemd/v22/dbus/dbus.go @@ -176,6 +176,11 @@ func (c *Conn) Close() { c.sigconn.Close() } +// Connected returns whether conn is connected +func (c *Conn) Connected() bool { + return c.sysconn.Connected() && c.sigconn.Connected() +} + // NewConnection establishes a connection to a bus using a caller-supplied function. // This allows connecting to remote buses through a user-supplied mechanism. // The supplied function may be called multiple times, and should return independent connections. diff --git a/vendor/github.com/coreos/go-systemd/v22/dbus/methods.go b/vendor/github.com/coreos/go-systemd/v22/dbus/methods.go index fa04afc708e..074148cb4d6 100644 --- a/vendor/github.com/coreos/go-systemd/v22/dbus/methods.go +++ b/vendor/github.com/coreos/go-systemd/v22/dbus/methods.go @@ -417,6 +417,29 @@ func (c *Conn) listUnitsInternal(f storeFunc) ([]UnitStatus, error) { return status, nil } +// GetUnitByPID returns the unit object path of the unit a process ID +// belongs to. It takes a UNIX PID and returns the object path. The PID must +// refer to an existing system process +func (c *Conn) GetUnitByPID(ctx context.Context, pid uint32) (dbus.ObjectPath, error) { + var result dbus.ObjectPath + + err := c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.GetUnitByPID", 0, pid).Store(&result) + + return result, err +} + +// GetUnitNameByPID returns the name of the unit a process ID belongs to. It +// takes a UNIX PID and returns the object path. The PID must refer to an +// existing system process +func (c *Conn) GetUnitNameByPID(ctx context.Context, pid uint32) (string, error) { + path, err := c.GetUnitByPID(ctx, pid) + if err != nil { + return "", err + } + + return unitName(path), nil +} + // Deprecated: use ListUnitsContext instead. func (c *Conn) ListUnits() ([]UnitStatus, error) { return c.ListUnitsContext(context.Background()) @@ -828,3 +851,14 @@ func (c *Conn) listJobsInternal(ctx context.Context) ([]JobStatus, error) { return status, nil } + +// Freeze the cgroup associated with the unit. +// Note that FreezeUnit and ThawUnit are only supported on systems running with cgroup v2. +func (c *Conn) FreezeUnit(ctx context.Context, unit string) error { + return c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.FreezeUnit", 0, unit).Store() +} + +// Unfreeze the cgroup associated with the unit. +func (c *Conn) ThawUnit(ctx context.Context, unit string) error { + return c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.ThawUnit", 0, unit).Store() +} diff --git a/vendor/modules.txt b/vendor/modules.txt index 3663f35bc0f..60a6dd54385 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -14,7 +14,7 @@ github.com/cilium/ebpf/link # github.com/containerd/console v1.0.3 ## explicit; go 1.13 github.com/containerd/console -# github.com/coreos/go-systemd/v22 v22.3.2 +# github.com/coreos/go-systemd/v22 v22.4.0 ## explicit; go 1.12 github.com/coreos/go-systemd/v22/activation github.com/coreos/go-systemd/v22/dbus From da9126f7888288c9925ef51d3cc0c30b8a00edfc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 29 Sep 2022 04:09:47 +0000 Subject: [PATCH 0098/1176] build(deps): bump github.com/opencontainers/selinux Bumps [github.com/opencontainers/selinux](https://github.com/opencontainers/selinux) from 1.10.1 to 1.10.2. - [Release notes](https://github.com/opencontainers/selinux/releases) - [Commits](https://github.com/opencontainers/selinux/compare/v1.10.1...v1.10.2) --- updated-dependencies: - dependency-name: github.com/opencontainers/selinux dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 5 +- .../opencontainers/selinux/go-selinux/doc.go | 1 - .../selinux/go-selinux/label/label_linux.go | 46 ----------- .../selinux/go-selinux/label/label_stub.go | 1 + .../selinux/go-selinux/rchcon.go | 12 +++ .../selinux/go-selinux/rchcon_go115.go | 1 + .../selinux/go-selinux/selinux_linux.go | 80 ++++++++++++++----- .../selinux/go-selinux/selinux_stub.go | 1 + vendor/modules.txt | 2 +- 10 files changed, 81 insertions(+), 70 deletions(-) diff --git a/go.mod b/go.mod index e4b9cda6c5a..ed4ac10e788 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/moby/sys/mountinfo v0.6.2 github.com/mrunalp/fileutils v0.5.0 github.com/opencontainers/runtime-spec v1.0.3-0.20220718201635-a8106e99982b - github.com/opencontainers/selinux v1.10.1 + github.com/opencontainers/selinux v1.10.2 github.com/seccomp/libseccomp-golang v0.10.0 github.com/sirupsen/logrus v1.9.0 github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 diff --git a/go.sum b/go.sum index 7ef23a6f29a..5d5b4437949 100644 --- a/go.sum +++ b/go.sum @@ -33,8 +33,8 @@ github.com/mrunalp/fileutils v0.5.0 h1:NKzVxiH7eSk+OQ4M+ZYW1K6h27RUV3MI6NUTsHhU6 github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ= github.com/opencontainers/runtime-spec v1.0.3-0.20220718201635-a8106e99982b h1:udwtfS44rxYE/ViMLchHQBjfE60GZSB1arY7BFbyxLs= github.com/opencontainers/runtime-spec v1.0.3-0.20220718201635-a8106e99982b/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= -github.com/opencontainers/selinux v1.10.1 h1:09LIPVRP3uuZGQvgR+SgMSNBd1Eb3vlRbGqQpoHsF8w= -github.com/opencontainers/selinux v1.10.1/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI= +github.com/opencontainers/selinux v1.10.2 h1:NFy2xCsjn7+WspbfZkUd5zyVeisV7VFbPSP96+8/ha4= +github.com/opencontainers/selinux v1.10.2/go.mod h1:cARutUbaUrlRClyvxOICCgKixCs6L05aUsohzA3EkHQ= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/rogpeppe/go-internal v1.6.1 h1:/FiVV8dS/e+YqF2JvO3yXRFbBLTIuSDkuC7aBOAvL+k= @@ -62,7 +62,6 @@ github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17 golang.org/x/net v0.0.0-20201224014010-6772e930b67b h1:iFwSg7t5GZmB/Q5TjiEAsdoLDrdJRC1RiF2WhuV29Qw= golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191115151921-52ab43148777/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/doc.go b/vendor/github.com/opencontainers/selinux/go-selinux/doc.go index 0ac7d819e6d..57a15c9a11e 100644 --- a/vendor/github.com/opencontainers/selinux/go-selinux/doc.go +++ b/vendor/github.com/opencontainers/selinux/go-selinux/doc.go @@ -9,6 +9,5 @@ Usage: if selinux.EnforceMode() != selinux.Enforcing { selinux.SetEnforceMode(selinux.Enforcing) } - */ package selinux diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/label/label_linux.go b/vendor/github.com/opencontainers/selinux/go-selinux/label/label_linux.go index 12de0ae5d65..f61a560158b 100644 --- a/vendor/github.com/opencontainers/selinux/go-selinux/label/label_linux.go +++ b/vendor/github.com/opencontainers/selinux/go-selinux/label/label_linux.go @@ -3,8 +3,6 @@ package label import ( "errors" "fmt" - "os" - "os/user" "strings" "github.com/opencontainers/selinux/go-selinux" @@ -113,50 +111,6 @@ func Relabel(path string, fileLabel string, shared bool) error { return nil } - exclude_paths := map[string]bool{ - "/": true, - "/bin": true, - "/boot": true, - "/dev": true, - "/etc": true, - "/etc/passwd": true, - "/etc/pki": true, - "/etc/shadow": true, - "/home": true, - "/lib": true, - "/lib64": true, - "/media": true, - "/opt": true, - "/proc": true, - "/root": true, - "/run": true, - "/sbin": true, - "/srv": true, - "/sys": true, - "/tmp": true, - "/usr": true, - "/var": true, - "/var/lib": true, - "/var/log": true, - } - - if home := os.Getenv("HOME"); home != "" { - exclude_paths[home] = true - } - - if sudoUser := os.Getenv("SUDO_USER"); sudoUser != "" { - if usr, err := user.Lookup(sudoUser); err == nil { - exclude_paths[usr.HomeDir] = true - } - } - - if path != "/" { - path = strings.TrimSuffix(path, "/") - } - if exclude_paths[path] { - return fmt.Errorf("SELinux relabeling of %s is not allowed", path) - } - if shared { c, err := selinux.NewContext(fileLabel) if err != nil { diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/label/label_stub.go b/vendor/github.com/opencontainers/selinux/go-selinux/label/label_stub.go index 02d206239c7..f21c80c5ab0 100644 --- a/vendor/github.com/opencontainers/selinux/go-selinux/label/label_stub.go +++ b/vendor/github.com/opencontainers/selinux/go-selinux/label/label_stub.go @@ -1,3 +1,4 @@ +//go:build !linux // +build !linux package label diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/rchcon.go b/vendor/github.com/opencontainers/selinux/go-selinux/rchcon.go index feb739d3261..8bff2935579 100644 --- a/vendor/github.com/opencontainers/selinux/go-selinux/rchcon.go +++ b/vendor/github.com/opencontainers/selinux/go-selinux/rchcon.go @@ -1,3 +1,4 @@ +//go:build linux && go1.16 // +build linux,go1.16 package selinux @@ -11,7 +12,18 @@ import ( ) func rchcon(fpath, label string) error { + fastMode := false + // If the current label matches the new label, assume + // other labels are correct. + if cLabel, err := lFileLabel(fpath); err == nil && cLabel == label { + fastMode = true + } return pwalkdir.Walk(fpath, func(p string, _ fs.DirEntry, _ error) error { + if fastMode { + if cLabel, err := lFileLabel(fpath); err == nil && cLabel == label { + return nil + } + } e := lSetFileLabel(p, label) // Walk a file tree can race with removal, so ignore ENOENT. if errors.Is(e, os.ErrNotExist) { diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/rchcon_go115.go b/vendor/github.com/opencontainers/selinux/go-selinux/rchcon_go115.go index ecc7abfac5e..303cb1890ad 100644 --- a/vendor/github.com/opencontainers/selinux/go-selinux/rchcon_go115.go +++ b/vendor/github.com/opencontainers/selinux/go-selinux/rchcon_go115.go @@ -1,3 +1,4 @@ +//go:build linux && !go1.16 // +build linux,!go1.16 package selinux diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go index ee602ab96dd..4582cc9e0a2 100644 --- a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go +++ b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go @@ -11,6 +11,7 @@ import ( "io/ioutil" "math/big" "os" + "os/user" "path" "path/filepath" "strconv" @@ -1072,21 +1073,6 @@ func copyLevel(src, dest string) (string, error) { return tcon.Get(), nil } -// Prevent users from relabeling system files -func badPrefix(fpath string) error { - if fpath == "" { - return ErrEmptyPath - } - - badPrefixes := []string{"/usr"} - for _, prefix := range badPrefixes { - if strings.HasPrefix(fpath, prefix) { - return fmt.Errorf("relabeling content in %s is not allowed", prefix) - } - } - return nil -} - // chcon changes the fpath file object to the SELinux label label. // If fpath is a directory and recurse is true, then chcon walks the // directory tree setting the label. @@ -1097,12 +1083,70 @@ func chcon(fpath string, label string, recurse bool) error { if label == "" { return nil } - if err := badPrefix(fpath); err != nil { - return err + + exclude_paths := map[string]bool{ + "/": true, + "/bin": true, + "/boot": true, + "/dev": true, + "/etc": true, + "/etc/passwd": true, + "/etc/pki": true, + "/etc/shadow": true, + "/home": true, + "/lib": true, + "/lib64": true, + "/media": true, + "/opt": true, + "/proc": true, + "/root": true, + "/run": true, + "/sbin": true, + "/srv": true, + "/sys": true, + "/tmp": true, + "/usr": true, + "/var": true, + "/var/lib": true, + "/var/log": true, + } + + if home := os.Getenv("HOME"); home != "" { + exclude_paths[home] = true + } + + if sudoUser := os.Getenv("SUDO_USER"); sudoUser != "" { + if usr, err := user.Lookup(sudoUser); err == nil { + exclude_paths[usr.HomeDir] = true + } + } + + if fpath != "/" { + fpath = strings.TrimSuffix(fpath, "/") + } + if exclude_paths[fpath] { + return fmt.Errorf("SELinux relabeling of %s is not allowed", fpath) } if !recurse { - return setFileLabel(fpath, label) + err := lSetFileLabel(fpath, label) + if err != nil { + // Check if file doesn't exist, must have been removed + if errors.Is(err, os.ErrNotExist) { + return nil + } + // Check if current label is correct on disk + flabel, nerr := lFileLabel(fpath) + if nerr == nil && flabel == label { + return nil + } + // Check if file doesn't exist, must have been removed + if errors.Is(nerr, os.ErrNotExist) { + return nil + } + return err + } + return nil } return rchcon(fpath, label) diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go index 78743b020c9..20d88803121 100644 --- a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go +++ b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go @@ -1,3 +1,4 @@ +//go:build !linux // +build !linux package selinux diff --git a/vendor/modules.txt b/vendor/modules.txt index 60a6dd54385..bbadae23eda 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -39,7 +39,7 @@ github.com/mrunalp/fileutils # github.com/opencontainers/runtime-spec v1.0.3-0.20220718201635-a8106e99982b ## explicit github.com/opencontainers/runtime-spec/specs-go -# github.com/opencontainers/selinux v1.10.1 +# github.com/opencontainers/selinux v1.10.2 ## explicit; go 1.13 github.com/opencontainers/selinux/go-selinux github.com/opencontainers/selinux/go-selinux/label From 79a5c1109b9dbac160051fff72807e97033a291d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 3 Oct 2022 04:15:17 +0000 Subject: [PATCH 0099/1176] build(deps): bump actions/cache from 3.0.8 to 3.0.9 Bumps [actions/cache](https://github.com/actions/cache) from 3.0.8 to 3.0.9. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/v3.0.8...v3.0.9) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/validate.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 6154088030f..a692b78a137 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -72,7 +72,7 @@ jobs: echo "VERSION=3.3.1" >> $GITHUB_ENV echo "$(go env GOPATH)/bin" >> $GITHUB_PATH - name: cache go mod and $GOCACHE - uses: actions/cache@v3.0.8 + uses: actions/cache@v3.0.9 with: path: | ~/go/pkg/mod @@ -119,7 +119,7 @@ jobs: with: go-version: "${{ env.GO_VERSION }}" - name: cache go mod and $GOCACHE - uses: actions/cache@v3.0.8 + uses: actions/cache@v3.0.9 with: path: | ~/go/pkg/mod From 1be5d45df96e8965bc2f96230282bdbcc9dc38f7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 3 Oct 2022 04:15:32 +0000 Subject: [PATCH 0100/1176] build(deps): bump github.com/cilium/ebpf from 0.9.1 to 0.9.3 Bumps [github.com/cilium/ebpf](https://github.com/cilium/ebpf) from 0.9.1 to 0.9.3. - [Release notes](https://github.com/cilium/ebpf/releases) - [Commits](https://github.com/cilium/ebpf/compare/v0.9.1...v0.9.3) --- updated-dependencies: - dependency-name: github.com/cilium/ebpf dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 4 +- go.sum | 7 +- vendor/github.com/cilium/ebpf/Makefile | 2 +- vendor/github.com/cilium/ebpf/README.md | 24 +- vendor/github.com/cilium/ebpf/asm/alu.go | 16 +- vendor/github.com/cilium/ebpf/asm/func.go | 18 +- vendor/github.com/cilium/ebpf/asm/jump.go | 8 +- .../github.com/cilium/ebpf/asm/load_store.go | 16 +- vendor/github.com/cilium/ebpf/asm/opcode.go | 16 +- .../cilium/ebpf/attachtype_string.go | 5 +- vendor/github.com/cilium/ebpf/btf/btf.go | 41 +- .../github.com/cilium/ebpf/btf/btf_types.go | 99 +-- .../cilium/ebpf/btf/btf_types_string.go | 37 +- vendor/github.com/cilium/ebpf/btf/core.go | 65 +- vendor/github.com/cilium/ebpf/btf/ext_info.go | 4 + vendor/github.com/cilium/ebpf/btf/format.go | 121 +-- vendor/github.com/cilium/ebpf/btf/handle.go | 74 +- vendor/github.com/cilium/ebpf/btf/strings.go | 4 + .../github.com/cilium/ebpf/btf/traversal.go | 56 ++ vendor/github.com/cilium/ebpf/btf/types.go | 280 +++--- vendor/github.com/cilium/ebpf/collection.go | 24 +- vendor/github.com/cilium/ebpf/elf_reader.go | 47 +- vendor/github.com/cilium/ebpf/info.go | 2 +- .../github.com/cilium/ebpf/internal/deque.go | 89 ++ .../github.com/cilium/ebpf/internal/errors.go | 25 +- .../cilium/ebpf/internal/feature.go | 6 +- .../github.com/cilium/ebpf/internal/prog.go | 11 + .../cilium/ebpf/internal/sys/ptr.go | 14 + .../cilium/ebpf/internal/sys/signals.go | 82 ++ .../cilium/ebpf/internal/sys/syscall.go | 39 +- .../cilium/ebpf/internal/sys/types.go | 54 +- .../cilium/ebpf/internal/unix/doc.go | 11 + .../cilium/ebpf/internal/unix/types_linux.go | 145 ++-- .../cilium/ebpf/internal/unix/types_other.go | 167 ++-- vendor/github.com/cilium/ebpf/link/cgroup.go | 2 +- vendor/github.com/cilium/ebpf/link/kprobe.go | 110 +-- .../cilium/ebpf/link/kprobe_multi.go | 176 ++++ vendor/github.com/cilium/ebpf/link/link.go | 15 +- .../github.com/cilium/ebpf/link/perf_event.go | 94 ++- .../github.com/cilium/ebpf/link/syscalls.go | 1 + vendor/github.com/cilium/ebpf/link/tracing.go | 11 +- vendor/github.com/cilium/ebpf/link/uprobe.go | 28 +- vendor/github.com/cilium/ebpf/linker.go | 10 +- vendor/github.com/cilium/ebpf/map.go | 2 +- vendor/github.com/cilium/ebpf/prog.go | 211 +++-- vendor/github.com/cilium/ebpf/run-tests.sh | 2 +- vendor/github.com/cilium/ebpf/syscalls.go | 4 +- vendor/github.com/cilium/ebpf/types.go | 19 + vendor/golang.org/x/sys/AUTHORS | 3 - vendor/golang.org/x/sys/CONTRIBUTORS | 3 - vendor/golang.org/x/sys/unix/ioctl_linux.go | 20 +- vendor/golang.org/x/sys/unix/mkall.sh | 27 +- vendor/golang.org/x/sys/unix/mkerrors.sh | 4 + vendor/golang.org/x/sys/unix/str.go | 27 - vendor/golang.org/x/sys/unix/syscall.go | 10 +- vendor/golang.org/x/sys/unix/syscall_aix.go | 57 +- vendor/golang.org/x/sys/unix/syscall_bsd.go | 2 +- .../x/sys/unix/syscall_darwin.1_12.go | 32 - .../x/sys/unix/syscall_darwin.1_13.go | 108 --- .../golang.org/x/sys/unix/syscall_darwin.go | 90 ++ .../x/sys/unix/syscall_freebsd_386.go | 2 +- .../x/sys/unix/syscall_freebsd_amd64.go | 2 +- .../x/sys/unix/syscall_freebsd_arm.go | 2 +- .../x/sys/unix/syscall_freebsd_arm64.go | 2 +- .../x/sys/unix/syscall_freebsd_riscv64.go | 2 +- vendor/golang.org/x/sys/unix/syscall_linux.go | 45 +- .../x/sys/unix/syscall_linux_386.go | 4 - .../x/sys/unix/syscall_linux_amd64.go | 4 - .../x/sys/unix/syscall_linux_arm.go | 4 - .../x/sys/unix/syscall_linux_arm64.go | 4 - .../x/sys/unix/syscall_linux_loong64.go | 4 - .../x/sys/unix/syscall_linux_mips64x.go | 4 - .../x/sys/unix/syscall_linux_mipsx.go | 4 - .../x/sys/unix/syscall_linux_ppc.go | 4 - .../x/sys/unix/syscall_linux_ppc64x.go | 4 - .../x/sys/unix/syscall_linux_riscv64.go | 4 - .../x/sys/unix/syscall_linux_s390x.go | 4 - .../x/sys/unix/syscall_linux_sparc64.go | 4 - .../x/sys/unix/syscall_openbsd_libc.go | 27 + .../golang.org/x/sys/unix/syscall_solaris.go | 113 ++- vendor/golang.org/x/sys/unix/syscall_unix.go | 20 +- vendor/golang.org/x/sys/unix/sysvshm_unix.go | 13 +- vendor/golang.org/x/sys/unix/xattr_bsd.go | 95 ++- vendor/golang.org/x/sys/unix/zerrors_linux.go | 1 + .../x/sys/unix/zerrors_linux_386.go | 4 +- .../x/sys/unix/zerrors_linux_amd64.go | 4 +- .../x/sys/unix/zerrors_linux_arm.go | 4 +- .../x/sys/unix/zerrors_linux_arm64.go | 4 +- .../x/sys/unix/zerrors_linux_loong64.go | 4 +- .../x/sys/unix/zerrors_linux_mips.go | 4 +- .../x/sys/unix/zerrors_linux_mips64.go | 4 +- .../x/sys/unix/zerrors_linux_mips64le.go | 4 +- .../x/sys/unix/zerrors_linux_mipsle.go | 4 +- .../x/sys/unix/zerrors_linux_ppc.go | 4 +- .../x/sys/unix/zerrors_linux_ppc64.go | 4 +- .../x/sys/unix/zerrors_linux_ppc64le.go | 4 +- .../x/sys/unix/zerrors_linux_riscv64.go | 4 +- .../x/sys/unix/zerrors_linux_s390x.go | 4 +- .../x/sys/unix/zerrors_linux_sparc64.go | 4 +- .../x/sys/unix/zsyscall_darwin_amd64.1_13.go | 40 - .../x/sys/unix/zsyscall_darwin_amd64.1_13.s | 25 - .../x/sys/unix/zsyscall_darwin_amd64.go | 32 +- .../x/sys/unix/zsyscall_darwin_amd64.s | 23 +- .../x/sys/unix/zsyscall_darwin_arm64.1_13.go | 40 - .../x/sys/unix/zsyscall_darwin_arm64.1_13.s | 25 - .../x/sys/unix/zsyscall_darwin_arm64.go | 32 +- .../x/sys/unix/zsyscall_darwin_arm64.s | 23 +- .../golang.org/x/sys/unix/zsyscall_linux.go | 10 + .../x/sys/unix/zsyscall_linux_386.go | 40 - .../x/sys/unix/zsyscall_linux_amd64.go | 40 - .../x/sys/unix/zsyscall_linux_arm.go | 40 - .../x/sys/unix/zsyscall_linux_arm64.go | 40 - .../x/sys/unix/zsyscall_linux_loong64.go | 40 - .../x/sys/unix/zsyscall_linux_mips.go | 40 - .../x/sys/unix/zsyscall_linux_mips64.go | 40 - .../x/sys/unix/zsyscall_linux_mips64le.go | 40 - .../x/sys/unix/zsyscall_linux_mipsle.go | 40 - .../x/sys/unix/zsyscall_linux_ppc.go | 40 - .../x/sys/unix/zsyscall_linux_ppc64.go | 40 - .../x/sys/unix/zsyscall_linux_ppc64le.go | 40 - .../x/sys/unix/zsyscall_linux_riscv64.go | 40 - .../x/sys/unix/zsyscall_linux_s390x.go | 40 - .../x/sys/unix/zsyscall_linux_sparc64.go | 40 - .../x/sys/unix/zsyscall_openbsd_386.go | 798 +++++++++++++++--- .../x/sys/unix/zsyscall_openbsd_386.s | 796 +++++++++++++++++ .../x/sys/unix/zsyscall_openbsd_amd64.go | 798 +++++++++++++++--- .../x/sys/unix/zsyscall_openbsd_amd64.s | 796 +++++++++++++++++ .../x/sys/unix/zsyscall_openbsd_arm.go | 798 +++++++++++++++--- .../x/sys/unix/zsyscall_openbsd_arm.s | 796 +++++++++++++++++ .../x/sys/unix/zsyscall_openbsd_arm64.go | 798 +++++++++++++++--- .../x/sys/unix/zsyscall_openbsd_arm64.s | 796 +++++++++++++++++ .../x/sys/unix/zsysnum_linux_386.go | 2 +- .../x/sys/unix/zsysnum_linux_amd64.go | 2 +- .../x/sys/unix/zsysnum_linux_arm.go | 2 +- .../x/sys/unix/zsysnum_linux_arm64.go | 2 +- .../x/sys/unix/zsysnum_linux_loong64.go | 2 +- .../x/sys/unix/zsysnum_linux_mips.go | 2 +- .../x/sys/unix/zsysnum_linux_mips64.go | 2 +- .../x/sys/unix/zsysnum_linux_mips64le.go | 2 +- .../x/sys/unix/zsysnum_linux_mipsle.go | 2 +- .../x/sys/unix/zsysnum_linux_ppc.go | 2 +- .../x/sys/unix/zsysnum_linux_ppc64.go | 2 +- .../x/sys/unix/zsysnum_linux_ppc64le.go | 2 +- .../x/sys/unix/zsysnum_linux_riscv64.go | 2 +- .../x/sys/unix/zsysnum_linux_s390x.go | 2 +- .../x/sys/unix/zsysnum_linux_sparc64.go | 2 +- .../x/sys/unix/zsysnum_openbsd_386.go | 1 + .../x/sys/unix/zsysnum_openbsd_amd64.go | 1 + .../x/sys/unix/zsysnum_openbsd_arm.go | 1 + .../x/sys/unix/zsysnum_openbsd_arm64.go | 1 + .../x/sys/unix/ztypes_freebsd_386.go | 17 +- .../x/sys/unix/ztypes_freebsd_amd64.go | 18 +- .../x/sys/unix/ztypes_freebsd_arm.go | 18 +- .../x/sys/unix/ztypes_freebsd_arm64.go | 18 +- .../x/sys/unix/ztypes_freebsd_riscv64.go | 18 +- vendor/golang.org/x/sys/unix/ztypes_linux.go | 8 + .../golang.org/x/sys/unix/ztypes_linux_386.go | 8 +- .../x/sys/unix/ztypes_linux_amd64.go | 8 +- .../golang.org/x/sys/unix/ztypes_linux_arm.go | 8 +- .../x/sys/unix/ztypes_linux_arm64.go | 8 +- .../x/sys/unix/ztypes_linux_loong64.go | 8 +- .../x/sys/unix/ztypes_linux_mips.go | 8 +- .../x/sys/unix/ztypes_linux_mips64.go | 8 +- .../x/sys/unix/ztypes_linux_mips64le.go | 8 +- .../x/sys/unix/ztypes_linux_mipsle.go | 8 +- .../golang.org/x/sys/unix/ztypes_linux_ppc.go | 8 +- .../x/sys/unix/ztypes_linux_ppc64.go | 8 +- .../x/sys/unix/ztypes_linux_ppc64le.go | 8 +- .../x/sys/unix/ztypes_linux_riscv64.go | 8 +- .../x/sys/unix/ztypes_linux_s390x.go | 8 +- .../x/sys/unix/ztypes_linux_sparc64.go | 8 +- .../x/sys/windows/setupapi_windows.go | 2 +- vendor/golang.org/x/sys/windows/syscall.go | 10 +- .../x/sys/windows/syscall_windows.go | 126 ++- .../golang.org/x/sys/windows/types_windows.go | 45 + .../x/sys/windows/zsyscall_windows.go | 97 +++ vendor/modules.txt | 6 +- 177 files changed, 8294 insertions(+), 2582 deletions(-) create mode 100644 vendor/github.com/cilium/ebpf/btf/traversal.go create mode 100644 vendor/github.com/cilium/ebpf/internal/deque.go create mode 100644 vendor/github.com/cilium/ebpf/internal/prog.go create mode 100644 vendor/github.com/cilium/ebpf/internal/sys/signals.go create mode 100644 vendor/github.com/cilium/ebpf/internal/unix/doc.go create mode 100644 vendor/github.com/cilium/ebpf/link/kprobe_multi.go delete mode 100644 vendor/golang.org/x/sys/AUTHORS delete mode 100644 vendor/golang.org/x/sys/CONTRIBUTORS delete mode 100644 vendor/golang.org/x/sys/unix/str.go delete mode 100644 vendor/golang.org/x/sys/unix/syscall_darwin.1_12.go delete mode 100644 vendor/golang.org/x/sys/unix/syscall_darwin.1_13.go create mode 100644 vendor/golang.org/x/sys/unix/syscall_openbsd_libc.go delete mode 100644 vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.1_13.go delete mode 100644 vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.1_13.s delete mode 100644 vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.1_13.go delete mode 100644 vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.1_13.s create mode 100644 vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s create mode 100644 vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s create mode 100644 vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s create mode 100644 vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s diff --git a/go.mod b/go.mod index e4b9cda6c5a..0e971efd68f 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.18 require ( github.com/checkpoint-restore/go-criu/v6 v6.2.0 - github.com/cilium/ebpf v0.9.1 + github.com/cilium/ebpf v0.9.3 github.com/containerd/console v1.0.3 github.com/coreos/go-systemd/v22 v22.4.0 github.com/cyphar/filepath-securejoin v0.2.3 @@ -20,7 +20,7 @@ require ( github.com/urfave/cli v1.22.9 github.com/vishvananda/netlink v1.1.0 golang.org/x/net v0.0.0-20201224014010-6772e930b67b - golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8 + golang.org/x/sys v0.0.0-20220928140112-f11e5e49a4ec google.golang.org/protobuf v1.28.1 ) diff --git a/go.sum b/go.sum index 7ef23a6f29a..7ff11fa34d1 100644 --- a/go.sum +++ b/go.sum @@ -1,8 +1,8 @@ github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/checkpoint-restore/go-criu/v6 v6.2.0 h1:3hXH7Vbq18m6oGeSj1PZkx9z0b1c2gD/jJxAGnNdLkI= github.com/checkpoint-restore/go-criu/v6 v6.2.0/go.mod h1:rrRTN/uSwY2X+BPRl/gkulo9gsKOSAeVp9/K2tv7xZI= -github.com/cilium/ebpf v0.9.1 h1:64sn2K3UKw8NbP/blsixRpF3nXuyhz/VjRlRzvlBRu4= -github.com/cilium/ebpf v0.9.1/go.mod h1:+OhNOIXx/Fnu1IE8bJz2dzOA+VSfyTfdNUVdlQnxUFY= +github.com/cilium/ebpf v0.9.3 h1:5KtxXZU+scyERvkJMEm16TbScVvuuMrlhPly78ZMbSc= +github.com/cilium/ebpf v0.9.3/go.mod h1:w27N4UjpaQ9X/DGrSugxUG+H+NhgntDuPb5lCzxCn8A= github.com/containerd/console v1.0.3 h1:lIr7SlA5PxZyMV30bDW0MGbiOPXwc63yRuCP0ARubLw= github.com/containerd/console v1.0.3/go.mod h1:7LqA/THxQ86k76b8c/EMSiaJ3h1eZkMkXar0TQ1gf3U= github.com/coreos/go-systemd/v22 v22.4.0 h1:y9YHcjnjynCd/DVbg5j9L/33jQM3MxJlbj/zWskzfGU= @@ -66,8 +66,9 @@ golang.org/x/sys v0.0.0-20191115151921-52ab43148777/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8 h1:0A+M6Uqn+Eje4kHMK80dtF3JCXC4ykBgQG4Fe06QRhQ= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220928140112-f11e5e49a4ec h1:BkDtF2Ih9xZ7le9ndzTA7KJow28VbQW3odyk/8drmuI= +golang.org/x/sys v0.0.0-20220928140112-f11e5e49a4ec/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= diff --git a/vendor/github.com/cilium/ebpf/Makefile b/vendor/github.com/cilium/ebpf/Makefile index 2d5f04c370e..581be3e1be3 100644 --- a/vendor/github.com/cilium/ebpf/Makefile +++ b/vendor/github.com/cilium/ebpf/Makefile @@ -79,7 +79,7 @@ generate: export BPF_CFLAGS := $(CFLAGS) generate: go generate ./cmd/bpf2go/test go generate ./internal/sys - cd examples/ && go generate ./... + go generate ./examples/... testdata/loader-%-el.elf: testdata/loader.c $* $(CFLAGS) -target bpfel -c $< -o $@ diff --git a/vendor/github.com/cilium/ebpf/README.md b/vendor/github.com/cilium/ebpf/README.md index 3e490de7110..d9cc1053675 100644 --- a/vendor/github.com/cilium/ebpf/README.md +++ b/vendor/github.com/cilium/ebpf/README.md @@ -4,14 +4,12 @@ ![HoneyGopher](.github/images/cilium-ebpf.png) -eBPF is a pure Go library that provides utilities for loading, compiling, and +ebpf-go is a pure Go library that provides utilities for loading, compiling, and debugging eBPF programs. It has minimal external dependencies and is intended to be used in long running processes. -The library is maintained by [Cloudflare](https://www.cloudflare.com) and -[Cilium](https://www.cilium.io). - -See [ebpf.io](https://ebpf.io) for other projects from the eBPF ecosystem. +See [ebpf.io](https://ebpf.io) for complementary projects from the wider eBPF +ecosystem. ## Getting Started @@ -23,14 +21,20 @@ eBPF and the library, and help shape the future of the project. ## Getting Help -Please -[join](https://ebpf.io/slack) the +The community actively monitors our [GitHub Discussions](discussions/) page. +Please search for existing threads before starting a new one. Refrain from +opening issues on the bug tracker if you're just starting out or if you're not +sure if something is a bug in the library code. + +Alternatively, [join](https://ebpf.io/slack) the [#ebpf-go](https://cilium.slack.com/messages/ebpf-go) channel on Slack if you -have questions regarding the library. +have other questions regarding the project. Note that this channel is ephemeral +and has its history erased past a certain point, which is less helpful for +others running into the same problem later. ## Packages -This library includes the following packages: +This library includes the following packages: * [asm](https://pkg.go.dev/github.com/cilium/ebpf/asm) contains a basic assembler, allowing you to write eBPF assembly instructions directly @@ -38,7 +42,7 @@ This library includes the following packages: * [cmd/bpf2go](https://pkg.go.dev/github.com/cilium/ebpf/cmd/bpf2go) allows compiling and embedding eBPF programs written in C within Go code. As well as compiling the C code, it auto-generates Go code for loading and manipulating - the eBPF program and map objects. + the eBPF program and map objects. * [link](https://pkg.go.dev/github.com/cilium/ebpf/link) allows attaching eBPF to various hooks * [perf](https://pkg.go.dev/github.com/cilium/ebpf/perf) allows reading from a diff --git a/vendor/github.com/cilium/ebpf/asm/alu.go b/vendor/github.com/cilium/ebpf/asm/alu.go index 70ccc4d1518..3f60245f2b6 100644 --- a/vendor/github.com/cilium/ebpf/asm/alu.go +++ b/vendor/github.com/cilium/ebpf/asm/alu.go @@ -4,10 +4,10 @@ package asm // Source of ALU / ALU64 / Branch operations // -// msb lsb -// +----+-+---+ -// |op |S|cls| -// +----+-+---+ +// msb lsb +// +----+-+---+ +// |op |S|cls| +// +----+-+---+ type Source uint8 const sourceMask OpCode = 0x08 @@ -39,10 +39,10 @@ const ( // ALUOp are ALU / ALU64 operations // -// msb lsb -// +----+-+---+ -// |OP |s|cls| -// +----+-+---+ +// msb lsb +// +----+-+---+ +// |OP |s|cls| +// +----+-+---+ type ALUOp uint8 const aluMask OpCode = 0xf0 diff --git a/vendor/github.com/cilium/ebpf/asm/func.go b/vendor/github.com/cilium/ebpf/asm/func.go index a14e9e2c3ce..4c0ac9a205a 100644 --- a/vendor/github.com/cilium/ebpf/asm/func.go +++ b/vendor/github.com/cilium/ebpf/asm/func.go @@ -13,15 +13,15 @@ func (_ BuiltinFunc) Max() BuiltinFunc { // // You can regenerate this list using the following gawk script: // -// /FN\(.+\),/ { -// match($1, /\((.+)\)/, r) -// split(r[1], p, "_") -// printf "Fn" -// for (i in p) { -// printf "%s%s", toupper(substr(p[i], 1, 1)), substr(p[i], 2) -// } -// print "" -// } +// /FN\(.+\),/ { +// match($1, /\((.+)\)/, r) +// split(r[1], p, "_") +// printf "Fn" +// for (i in p) { +// printf "%s%s", toupper(substr(p[i], 1, 1)), substr(p[i], 2) +// } +// print "" +// } // // The script expects include/uapi/linux/bpf.h as it's input. const ( diff --git a/vendor/github.com/cilium/ebpf/asm/jump.go b/vendor/github.com/cilium/ebpf/asm/jump.go index e31e42cac52..2c8a3dbb7a3 100644 --- a/vendor/github.com/cilium/ebpf/asm/jump.go +++ b/vendor/github.com/cilium/ebpf/asm/jump.go @@ -4,10 +4,10 @@ package asm // JumpOp affect control flow. // -// msb lsb -// +----+-+---+ -// |OP |s|cls| -// +----+-+---+ +// msb lsb +// +----+-+---+ +// |OP |s|cls| +// +----+-+---+ type JumpOp uint8 const jumpMask OpCode = aluMask diff --git a/vendor/github.com/cilium/ebpf/asm/load_store.go b/vendor/github.com/cilium/ebpf/asm/load_store.go index 85ed286b02b..f109497aebc 100644 --- a/vendor/github.com/cilium/ebpf/asm/load_store.go +++ b/vendor/github.com/cilium/ebpf/asm/load_store.go @@ -4,10 +4,10 @@ package asm // Mode for load and store operations // -// msb lsb -// +---+--+---+ -// |MDE|sz|cls| -// +---+--+---+ +// msb lsb +// +---+--+---+ +// |MDE|sz|cls| +// +---+--+---+ type Mode uint8 const modeMask OpCode = 0xe0 @@ -30,10 +30,10 @@ const ( // Size of load and store operations // -// msb lsb -// +---+--+---+ -// |mde|SZ|cls| -// +---+--+---+ +// msb lsb +// +---+--+---+ +// |mde|SZ|cls| +// +---+--+---+ type Size uint8 const sizeMask OpCode = 0x18 diff --git a/vendor/github.com/cilium/ebpf/asm/opcode.go b/vendor/github.com/cilium/ebpf/asm/opcode.go index b11917e18bb..9e3c30b0b3a 100644 --- a/vendor/github.com/cilium/ebpf/asm/opcode.go +++ b/vendor/github.com/cilium/ebpf/asm/opcode.go @@ -9,10 +9,10 @@ import ( // Class of operations // -// msb lsb -// +---+--+---+ -// | ?? |CLS| -// +---+--+---+ +// msb lsb +// +---+--+---+ +// | ?? |CLS| +// +---+--+---+ type Class uint8 const classMask OpCode = 0x07 @@ -70,10 +70,10 @@ func (cls Class) isJumpOrALU() bool { // // Its encoding is defined by a Class value: // -// msb lsb -// +----+-+---+ -// | ???? |CLS| -// +----+-+---+ +// msb lsb +// +----+-+---+ +// | ???? |CLS| +// +----+-+---+ type OpCode uint8 // InvalidOpCode is returned by setters on OpCode diff --git a/vendor/github.com/cilium/ebpf/attachtype_string.go b/vendor/github.com/cilium/ebpf/attachtype_string.go index de355ed9092..add2a3b5cc9 100644 --- a/vendor/github.com/cilium/ebpf/attachtype_string.go +++ b/vendor/github.com/cilium/ebpf/attachtype_string.go @@ -51,11 +51,12 @@ func _() { _ = x[AttachSkReuseportSelect-39] _ = x[AttachSkReuseportSelectOrMigrate-40] _ = x[AttachPerfEvent-41] + _ = x[AttachTraceKprobeMulti-42] } -const _AttachType_name = "NoneCGroupInetEgressCGroupInetSockCreateCGroupSockOpsSkSKBStreamParserSkSKBStreamVerdictCGroupDeviceSkMsgVerdictCGroupInet4BindCGroupInet6BindCGroupInet4ConnectCGroupInet6ConnectCGroupInet4PostBindCGroupInet6PostBindCGroupUDP4SendmsgCGroupUDP6SendmsgLircMode2FlowDissectorCGroupSysctlCGroupUDP4RecvmsgCGroupUDP6RecvmsgCGroupGetsockoptCGroupSetsockoptTraceRawTpTraceFEntryTraceFExitModifyReturnLSMMacTraceIterCgroupInet4GetPeernameCgroupInet6GetPeernameCgroupInet4GetSocknameCgroupInet6GetSocknameXDPDevMapCgroupInetSockReleaseXDPCPUMapSkLookupXDPSkSKBVerdictSkReuseportSelectSkReuseportSelectOrMigratePerfEvent" +const _AttachType_name = "NoneCGroupInetEgressCGroupInetSockCreateCGroupSockOpsSkSKBStreamParserSkSKBStreamVerdictCGroupDeviceSkMsgVerdictCGroupInet4BindCGroupInet6BindCGroupInet4ConnectCGroupInet6ConnectCGroupInet4PostBindCGroupInet6PostBindCGroupUDP4SendmsgCGroupUDP6SendmsgLircMode2FlowDissectorCGroupSysctlCGroupUDP4RecvmsgCGroupUDP6RecvmsgCGroupGetsockoptCGroupSetsockoptTraceRawTpTraceFEntryTraceFExitModifyReturnLSMMacTraceIterCgroupInet4GetPeernameCgroupInet6GetPeernameCgroupInet4GetSocknameCgroupInet6GetSocknameXDPDevMapCgroupInetSockReleaseXDPCPUMapSkLookupXDPSkSKBVerdictSkReuseportSelectSkReuseportSelectOrMigratePerfEventTraceKprobeMulti" -var _AttachType_index = [...]uint16{0, 4, 20, 40, 53, 70, 88, 100, 112, 127, 142, 160, 178, 197, 216, 233, 250, 259, 272, 284, 301, 318, 334, 350, 360, 371, 381, 393, 399, 408, 430, 452, 474, 496, 505, 526, 535, 543, 546, 558, 575, 601, 610} +var _AttachType_index = [...]uint16{0, 4, 20, 40, 53, 70, 88, 100, 112, 127, 142, 160, 178, 197, 216, 233, 250, 259, 272, 284, 301, 318, 334, 350, 360, 371, 381, 393, 399, 408, 430, 452, 474, 496, 505, 526, 535, 543, 546, 558, 575, 601, 610, 626} func (i AttachType) String() string { if i >= AttachType(len(_AttachType_index)-1) { diff --git a/vendor/github.com/cilium/ebpf/btf/btf.go b/vendor/github.com/cilium/ebpf/btf/btf.go index a5969332aaa..02575de3018 100644 --- a/vendor/github.com/cilium/ebpf/btf/btf.go +++ b/vendor/github.com/cilium/ebpf/btf/btf.go @@ -471,9 +471,10 @@ type marshalOpts struct { func (s *Spec) marshal(opts marshalOpts) ([]byte, error) { var ( - buf bytes.Buffer - header = new(btfHeader) - headerLen = binary.Size(header) + buf bytes.Buffer + header = new(btfHeader) + headerLen = binary.Size(header) + stringsLen int ) // Reserve space for the header. We have to write it last since @@ -495,10 +496,12 @@ func (s *Spec) marshal(opts marshalOpts) ([]byte, error) { typeLen := uint32(buf.Len() - headerLen) // Write string section after type section. - stringsLen := s.strings.Length() - buf.Grow(stringsLen) - if err := s.strings.Marshal(&buf); err != nil { - return nil, err + if s.strings != nil { + stringsLen = s.strings.Length() + buf.Grow(stringsLen) + if err := s.strings.Marshal(&buf); err != nil { + return nil, err + } } // Fill out the header, and write it out. @@ -609,6 +612,9 @@ func (s *Spec) AnyTypeByName(name string) (Type, error) { // Type exists in the Spec. If multiple candidates are found, // an error is returned. func (s *Spec) TypeByName(name string, typ interface{}) error { + typeInterface := reflect.TypeOf((*Type)(nil)).Elem() + + // typ may be **T or *Type typValue := reflect.ValueOf(typ) if typValue.Kind() != reflect.Ptr { return fmt.Errorf("%T is not a pointer", typ) @@ -620,7 +626,12 @@ func (s *Spec) TypeByName(name string, typ interface{}) error { } wanted := typPtr.Type() - if !wanted.AssignableTo(reflect.TypeOf((*Type)(nil)).Elem()) { + if wanted == typeInterface { + // This is *Type. Unwrap the value's type. + wanted = typPtr.Elem().Type() + } + + if !wanted.AssignableTo(typeInterface) { return fmt.Errorf("%T does not satisfy Type interface", typ) } @@ -643,7 +654,7 @@ func (s *Spec) TypeByName(name string, typ interface{}) error { } if candidate == nil { - return fmt.Errorf("type %s: %w", name, ErrNotFound) + return fmt.Errorf("%s %s: %w", wanted, name, ErrNotFound) } typPtr.Set(reflect.ValueOf(candidate)) @@ -699,7 +710,7 @@ func NewHandle(spec *Spec) (*Handle, error) { return nil, err } - if spec.byteOrder != internal.NativeEndian { + if spec.byteOrder != nil && spec.byteOrder != internal.NativeEndian { return nil, fmt.Errorf("can't load %s BTF on %s", spec.byteOrder, internal.NativeEndian) } @@ -726,9 +737,13 @@ func NewHandle(spec *Spec) (*Handle, error) { attr.BtfLogBuf = sys.NewSlicePointer(logBuf) attr.BtfLogSize = uint32(len(logBuf)) attr.BtfLogLevel = 1 - // NB: The syscall will never return ENOSPC as of 5.18-rc4. - _, _ = sys.BtfLoad(attr) - return nil, internal.ErrorWithLog(err, logBuf) + + // Up until at least kernel 6.0, the BTF verifier does not return ENOSPC + // if there are other verification errors. ENOSPC is only returned when + // the BTF blob is correct, a log was requested, and the provided buffer + // is too small. + _, ve := sys.BtfLoad(attr) + return nil, internal.ErrorWithLog(err, logBuf, errors.Is(ve, unix.ENOSPC)) } return &Handle{fd, attr.BtfSize}, nil diff --git a/vendor/github.com/cilium/ebpf/btf/btf_types.go b/vendor/github.com/cilium/ebpf/btf/btf_types.go index 4810180494e..d64916d76bb 100644 --- a/vendor/github.com/cilium/ebpf/btf/btf_types.go +++ b/vendor/github.com/cilium/ebpf/btf/btf_types.go @@ -6,33 +6,36 @@ import ( "io" ) -//go:generate stringer -linecomment -output=btf_types_string.go -type=FuncLinkage,VarLinkage +//go:generate stringer -linecomment -output=btf_types_string.go -type=FuncLinkage,VarLinkage,btfKind // btfKind describes a Type. type btfKind uint8 // Equivalents of the BTF_KIND_* constants. const ( - kindUnknown btfKind = iota - kindInt - kindPointer - kindArray - kindStruct - kindUnion - kindEnum - kindForward - kindTypedef - kindVolatile - kindConst - kindRestrict + kindUnknown btfKind = iota // Unknown + kindInt // Int + kindPointer // Pointer + kindArray // Array + kindStruct // Struct + kindUnion // Union + kindEnum // Enum + kindForward // Forward + kindTypedef // Typedef + kindVolatile // Volatile + kindConst // Const + kindRestrict // Restrict // Added ~4.20 - kindFunc - kindFuncProto + kindFunc // Func + kindFuncProto // FuncProto // Added ~5.1 - kindVar - kindDatasec + kindVar // Var + kindDatasec // Datasec // Added ~5.13 - kindFloat + kindFloat // Float + // Added 5.16 + kindDeclTag // DeclTag + kindTypeTag // TypeTag ) // FuncLinkage describes BTF function linkage metadata. @@ -85,47 +88,6 @@ type btfType struct { SizeType uint32 } -func (k btfKind) String() string { - switch k { - case kindUnknown: - return "Unknown" - case kindInt: - return "Integer" - case kindPointer: - return "Pointer" - case kindArray: - return "Array" - case kindStruct: - return "Struct" - case kindUnion: - return "Union" - case kindEnum: - return "Enumeration" - case kindForward: - return "Forward" - case kindTypedef: - return "Typedef" - case kindVolatile: - return "Volatile" - case kindConst: - return "Const" - case kindRestrict: - return "Restrict" - case kindFunc: - return "Function" - case kindFuncProto: - return "Function Proto" - case kindVar: - return "Variable" - case kindDatasec: - return "Section" - case kindFloat: - return "Float" - default: - return fmt.Sprintf("Unknown (%d)", k) - } -} - func mask(len uint32) uint32 { return (1 << len) - 1 } @@ -209,11 +171,11 @@ func (rt *rawType) Marshal(w io.Writer, bo binary.ByteOrder) error { // btfInt encodes additional data for integers. // -// ? ? ? ? e e e e o o o o o o o o ? ? ? ? ? ? ? ? b b b b b b b b -// ? = undefined -// e = encoding -// o = offset (bitfields?) -// b = bits (bitfields) +// ? ? ? ? e e e e o o o o o o o o ? ? ? ? ? ? ? ? b b b b b b b b +// ? = undefined +// e = encoding +// o = offset (bitfields?) +// b = bits (bitfields) type btfInt struct { Raw uint32 } @@ -275,7 +237,7 @@ type btfVariable struct { type btfEnum struct { NameOff uint32 - Val int32 + Val uint32 } type btfParam struct { @@ -283,6 +245,10 @@ type btfParam struct { Type TypeID } +type btfDeclTag struct { + ComponentIdx uint32 +} + func readTypes(r io.Reader, bo binary.ByteOrder, typeLen uint32) ([]rawType, error) { var header btfType // because of the interleaving between types and struct members it is difficult to @@ -325,6 +291,9 @@ func readTypes(r io.Reader, bo binary.ByteOrder, typeLen uint32) ([]rawType, err case kindDatasec: data = make([]btfVarSecinfo, header.Vlen()) case kindFloat: + case kindDeclTag: + data = new(btfDeclTag) + case kindTypeTag: default: return nil, fmt.Errorf("type id %v: unknown kind: %v", id, header.Kind()) } diff --git a/vendor/github.com/cilium/ebpf/btf/btf_types_string.go b/vendor/github.com/cilium/ebpf/btf/btf_types_string.go index 0e0c17d68ba..fdb2662b0f1 100644 --- a/vendor/github.com/cilium/ebpf/btf/btf_types_string.go +++ b/vendor/github.com/cilium/ebpf/btf/btf_types_string.go @@ -1,4 +1,4 @@ -// Code generated by "stringer -linecomment -output=btf_types_string.go -type=FuncLinkage,VarLinkage"; DO NOT EDIT. +// Code generated by "stringer -linecomment -output=btf_types_string.go -type=FuncLinkage,VarLinkage,btfKind"; DO NOT EDIT. package btf @@ -42,3 +42,38 @@ func (i VarLinkage) String() string { } return _VarLinkage_name[_VarLinkage_index[i]:_VarLinkage_index[i+1]] } +func _() { + // An "invalid array index" compiler error signifies that the constant values have changed. + // Re-run the stringer command to generate them again. + var x [1]struct{} + _ = x[kindUnknown-0] + _ = x[kindInt-1] + _ = x[kindPointer-2] + _ = x[kindArray-3] + _ = x[kindStruct-4] + _ = x[kindUnion-5] + _ = x[kindEnum-6] + _ = x[kindForward-7] + _ = x[kindTypedef-8] + _ = x[kindVolatile-9] + _ = x[kindConst-10] + _ = x[kindRestrict-11] + _ = x[kindFunc-12] + _ = x[kindFuncProto-13] + _ = x[kindVar-14] + _ = x[kindDatasec-15] + _ = x[kindFloat-16] + _ = x[kindDeclTag-17] + _ = x[kindTypeTag-18] +} + +const _btfKind_name = "UnknownIntPointerArrayStructUnionEnumForwardTypedefVolatileConstRestrictFuncFuncProtoVarDatasecFloatDeclTagTypeTag" + +var _btfKind_index = [...]uint8{0, 7, 10, 17, 22, 28, 33, 37, 44, 51, 59, 64, 72, 76, 85, 88, 95, 100, 107, 114} + +func (i btfKind) String() string { + if i >= btfKind(len(_btfKind_index)-1) { + return "btfKind(" + strconv.FormatInt(int64(i), 10) + ")" + } + return _btfKind_name[_btfKind_index[i]:_btfKind_index[i+1]] +} diff --git a/vendor/github.com/cilium/ebpf/btf/core.go b/vendor/github.com/cilium/ebpf/btf/core.go index c4875480935..f952b654eca 100644 --- a/vendor/github.com/cilium/ebpf/btf/core.go +++ b/vendor/github.com/cilium/ebpf/btf/core.go @@ -156,16 +156,17 @@ func (k coreKind) String() string { } } -// CORERelocate calculates the difference in types between local and target. +// CORERelocate calculates changes needed to adjust eBPF instructions for differences +// in types. // // Returns a list of fixups which can be applied to instructions to make them // match the target type(s). // // Fixups are returned in the order of relos, e.g. fixup[i] is the solution // for relos[i]. -func CORERelocate(local, target *Spec, relos []*CORERelocation) ([]COREFixup, error) { - if local.byteOrder != target.byteOrder { - return nil, fmt.Errorf("can't relocate %s against %s", local.byteOrder, target.byteOrder) +func CORERelocate(relos []*CORERelocation, target *Spec, bo binary.ByteOrder) ([]COREFixup, error) { + if bo != target.byteOrder { + return nil, fmt.Errorf("can't relocate %s against %s", bo, target.byteOrder) } type reloGroup struct { @@ -185,15 +186,14 @@ func CORERelocate(local, target *Spec, relos []*CORERelocation) ([]COREFixup, er return nil, fmt.Errorf("%s: unexpected accessor %v", relo.kind, relo.accessor) } - id, err := local.TypeID(relo.typ) - if err != nil { - return nil, fmt.Errorf("%s: %w", relo.kind, err) - } - result[i] = COREFixup{ - kind: relo.kind, - local: uint32(id), - target: uint32(id), + kind: relo.kind, + local: uint32(relo.id), + // NB: Using relo.id as the target here is incorrect, since + // it doesn't match the BTF we generate on the fly. This isn't + // too bad for now since there are no uses of the local type ID + // in the kernel, yet. + target: uint32(relo.id), } continue } @@ -214,7 +214,7 @@ func CORERelocate(local, target *Spec, relos []*CORERelocation) ([]COREFixup, er } targets := target.namedTypes[newEssentialName(localTypeName)] - fixups, err := coreCalculateFixups(local, target, localType, targets, group.relos) + fixups, err := coreCalculateFixups(group.relos, target, targets, bo) if err != nil { return nil, fmt.Errorf("relocate %s: %w", localType, err) } @@ -230,18 +230,13 @@ func CORERelocate(local, target *Spec, relos []*CORERelocation) ([]COREFixup, er var errAmbiguousRelocation = errors.New("ambiguous relocation") var errImpossibleRelocation = errors.New("impossible relocation") -// coreCalculateFixups calculates the fixups for the given relocations using -// the "best" target. +// coreCalculateFixups finds the target type that best matches all relocations. +// +// All relos must target the same type. // // The best target is determined by scoring: the less poisoning we have to do // the better the target is. -func coreCalculateFixups(localSpec, targetSpec *Spec, local Type, targets []Type, relos []*CORERelocation) ([]COREFixup, error) { - localID, err := localSpec.TypeID(local) - if err != nil { - return nil, fmt.Errorf("local type ID: %w", err) - } - local = Copy(local, UnderlyingType) - +func coreCalculateFixups(relos []*CORERelocation, targetSpec *Spec, targets []Type, bo binary.ByteOrder) ([]COREFixup, error) { bestScore := len(relos) var bestFixups []COREFixup for i := range targets { @@ -254,7 +249,7 @@ func coreCalculateFixups(localSpec, targetSpec *Spec, local Type, targets []Type score := 0 // lower is better fixups := make([]COREFixup, 0, len(relos)) for _, relo := range relos { - fixup, err := coreCalculateFixup(localSpec.byteOrder, local, localID, target, targetID, relo) + fixup, err := coreCalculateFixup(relo, target, targetID, bo) if err != nil { return nil, fmt.Errorf("target %s: %w", target, err) } @@ -305,7 +300,7 @@ func coreCalculateFixups(localSpec, targetSpec *Spec, local Type, targets []Type // coreCalculateFixup calculates the fixup for a single local type, target type // and relocation. -func coreCalculateFixup(byteOrder binary.ByteOrder, local Type, localID TypeID, target Type, targetID TypeID, relo *CORERelocation) (COREFixup, error) { +func coreCalculateFixup(relo *CORERelocation, target Type, targetID TypeID, bo binary.ByteOrder) (COREFixup, error) { fixup := func(local, target uint32) (COREFixup, error) { return COREFixup{kind: relo.kind, local: local, target: target}, nil } @@ -320,6 +315,8 @@ func coreCalculateFixup(byteOrder binary.ByteOrder, local Type, localID TypeID, } zero := COREFixup{} + local := Copy(relo.typ, UnderlyingType) + switch relo.kind { case reloTypeIDTarget, reloTypeSize, reloTypeExists: if len(relo.accessor) > 1 || relo.accessor[0] != 0 { @@ -339,7 +336,7 @@ func coreCalculateFixup(byteOrder binary.ByteOrder, local Type, localID TypeID, return fixup(1, 1) case reloTypeIDTarget: - return fixup(uint32(localID), uint32(targetID)) + return fixup(uint32(relo.id), uint32(targetID)) case reloTypeSize: localSize, err := Sizeof(local) @@ -427,7 +424,7 @@ func coreCalculateFixup(byteOrder binary.ByteOrder, local Type, localID TypeID, case reloFieldLShiftU64: var target uint32 - if byteOrder == binary.LittleEndian { + if bo == binary.LittleEndian { targetSize, err := targetField.sizeBits() if err != nil { return zero, err @@ -536,9 +533,9 @@ func (ca coreAccessor) enumValue(t Type) (*EnumValue, error) { // coreField represents the position of a "child" of a composite type from the // start of that type. // -// /- start of composite -// | offset * 8 | bitfieldOffset | bitfieldSize | ... | -// \- start of field end of field -/ +// /- start of composite +// | offset * 8 | bitfieldOffset | bitfieldSize | ... | +// \- start of field end of field -/ type coreField struct { Type Type @@ -858,7 +855,7 @@ func coreAreTypesCompatible(localType Type, targetType Type) error { depth = 0 ) - for ; l != nil && t != nil; l, t = localTs.shift(), targetTs.shift() { + for ; l != nil && t != nil; l, t = localTs.Shift(), targetTs.Shift() { if depth >= maxTypeDepth { return errors.New("types are nested too deep") } @@ -876,8 +873,8 @@ func coreAreTypesCompatible(localType Type, targetType Type) error { case *Pointer, *Array: depth++ - localType.walk(&localTs) - targetType.walk(&targetTs) + walkType(localType, localTs.Push) + walkType(targetType, targetTs.Push) case *FuncProto: tv := targetType.(*FuncProto) @@ -886,8 +883,8 @@ func coreAreTypesCompatible(localType Type, targetType Type) error { } depth++ - localType.walk(&localTs) - targetType.walk(&targetTs) + walkType(localType, localTs.Push) + walkType(targetType, targetTs.Push) default: return fmt.Errorf("unsupported type %T", localType) diff --git a/vendor/github.com/cilium/ebpf/btf/ext_info.go b/vendor/github.com/cilium/ebpf/btf/ext_info.go index 2c0e1afe299..36e38abaeb9 100644 --- a/vendor/github.com/cilium/ebpf/btf/ext_info.go +++ b/vendor/github.com/cilium/ebpf/btf/ext_info.go @@ -605,9 +605,12 @@ type bpfCORERelo struct { } type CORERelocation struct { + // The local type of the relocation, stripped of typedefs and qualifiers. typ Type accessor coreAccessor kind coreKind + // The ID of the local type in the source BTF. + id TypeID } func CORERelocationMetadata(ins *asm.Instruction) *CORERelocation { @@ -641,6 +644,7 @@ func newRelocationInfo(relo bpfCORERelo, ts types, strings *stringTable) (*coreR typ, accessor, relo.Kind, + relo.TypeID, }, asm.RawInstructionOffset(relo.InsnOff), }, nil diff --git a/vendor/github.com/cilium/ebpf/btf/format.go b/vendor/github.com/cilium/ebpf/btf/format.go index e7688a2a6e8..4376ecc83ac 100644 --- a/vendor/github.com/cilium/ebpf/btf/format.go +++ b/vendor/github.com/cilium/ebpf/btf/format.go @@ -56,54 +56,40 @@ func (gf *GoFormatter) enumIdentifier(name, element string) string { // // It encodes https://golang.org/ref/spec#Type_declarations: // -// type foo struct { bar uint32; } -// type bar int32 +// type foo struct { bar uint32; } +// type bar int32 func (gf *GoFormatter) writeTypeDecl(name string, typ Type) error { if name == "" { return fmt.Errorf("need a name for type %s", typ) } - switch v := skipQualifiers(typ).(type) { - case *Enum: - fmt.Fprintf(&gf.w, "type %s ", name) - switch v.Size { - case 1: - gf.w.WriteString("int8") - case 2: - gf.w.WriteString("int16") - case 4: - gf.w.WriteString("int32") - case 8: - gf.w.WriteString("int64") - default: - return fmt.Errorf("%s: invalid enum size %d", typ, v.Size) - } - - if len(v.Values) == 0 { - return nil - } - - gf.w.WriteString("; const ( ") - for _, ev := range v.Values { - id := gf.enumIdentifier(name, ev.Name) - fmt.Fprintf(&gf.w, "%s %s = %d; ", id, name, ev.Value) - } - gf.w.WriteString(")") + typ = skipQualifiers(typ) + fmt.Fprintf(&gf.w, "type %s ", name) + if err := gf.writeTypeLit(typ, 0); err != nil { + return err + } + e, ok := typ.(*Enum) + if !ok || len(e.Values) == 0 { return nil + } - default: - fmt.Fprintf(&gf.w, "type %s ", name) - return gf.writeTypeLit(v, 0) + gf.w.WriteString("; const ( ") + for _, ev := range e.Values { + id := gf.enumIdentifier(name, ev.Name) + fmt.Fprintf(&gf.w, "%s %s = %d; ", id, name, ev.Value) } + gf.w.WriteString(")") + + return nil } // writeType outputs the name of a named type or a literal describing the type. // // It encodes https://golang.org/ref/spec#Types. // -// foo (if foo is a named type) -// uint32 +// foo (if foo is a named type) +// uint32 func (gf *GoFormatter) writeType(typ Type, depth int) error { typ = skipQualifiers(typ) @@ -122,8 +108,8 @@ func (gf *GoFormatter) writeType(typ Type, depth int) error { // // It encodes https://golang.org/ref/spec#TypeLit. // -// struct { bar uint32; } -// uint32 +// struct { bar uint32; } +// uint32 func (gf *GoFormatter) writeTypeLit(typ Type, depth int) error { depth++ if depth > maxTypeDepth { @@ -133,10 +119,24 @@ func (gf *GoFormatter) writeTypeLit(typ Type, depth int) error { var err error switch v := skipQualifiers(typ).(type) { case *Int: - gf.writeIntLit(v) + err = gf.writeIntLit(v) case *Enum: - gf.w.WriteString("int32") + if !v.Signed { + gf.w.WriteRune('u') + } + switch v.Size { + case 1: + gf.w.WriteString("int8") + case 2: + gf.w.WriteString("int16") + case 4: + gf.w.WriteString("int32") + case 8: + gf.w.WriteString("int64") + default: + err = fmt.Errorf("invalid enum size %d", v.Size) + } case *Typedef: err = gf.writeType(v.Type, depth) @@ -166,19 +166,36 @@ func (gf *GoFormatter) writeTypeLit(typ Type, depth int) error { return nil } -func (gf *GoFormatter) writeIntLit(i *Int) { - // NB: Encoding.IsChar is ignored. - if i.Encoding.IsBool() && i.Size == 1 { - gf.w.WriteString("bool") - return - } - +func (gf *GoFormatter) writeIntLit(i *Int) error { bits := i.Size * 8 - if i.Encoding.IsSigned() { - fmt.Fprintf(&gf.w, "int%d", bits) - } else { - fmt.Fprintf(&gf.w, "uint%d", bits) + switch i.Encoding { + case Bool: + if i.Size != 1 { + return fmt.Errorf("bool with size %d", i.Size) + } + gf.w.WriteString("bool") + case Char: + if i.Size != 1 { + return fmt.Errorf("char with size %d", i.Size) + } + // BTF doesn't have a way to specify the signedness of a char. Assume + // we are dealing with unsigned, since this works nicely with []byte + // in Go code. + fallthrough + case Unsigned, Signed: + stem := "uint" + if i.Encoding == Signed { + stem = "int" + } + if i.Size > 8 { + fmt.Fprintf(&gf.w, "[%d]byte /* %s%d */", i.Size, stem, i.Size*8) + } else { + fmt.Fprintf(&gf.w, "%s%d", stem, bits) + } + default: + return fmt.Errorf("can't encode %s", i.Encoding) } + return nil } func (gf *GoFormatter) writeStructLit(size uint32, members []Member, depth int) error { @@ -199,11 +216,15 @@ func (gf *GoFormatter) writeStructLit(size uint32, members []Member, depth int) gf.writePadding(n) } - size, err := Sizeof(m.Type) + fieldSize, err := Sizeof(m.Type) if err != nil { return fmt.Errorf("field %d: %w", i, err) } - prevOffset = offset + uint32(size) + + prevOffset = offset + uint32(fieldSize) + if prevOffset > size { + return fmt.Errorf("field %d of size %d exceeds type size %d", i, fieldSize, size) + } if err := gf.writeStructField(m, depth); err != nil { return fmt.Errorf("field %d: %w", i, err) diff --git a/vendor/github.com/cilium/ebpf/btf/handle.go b/vendor/github.com/cilium/ebpf/btf/handle.go index 128e9b35cf3..3d540e49c46 100644 --- a/vendor/github.com/cilium/ebpf/btf/handle.go +++ b/vendor/github.com/cilium/ebpf/btf/handle.go @@ -71,51 +71,89 @@ func (i *HandleInfo) IsModule() bool { // HandleIterator allows enumerating BTF blobs loaded into the kernel. type HandleIterator struct { - // The ID of the last retrieved handle. Only valid after a call to Next. - ID ID - err error + // The ID of the current handle. Only valid after a call to Next. + ID ID + // The current Handle. Only valid until a call to Next. + // See Take if you want to retain the handle. + Handle *Handle + err error } -// Next retrieves a handle for the next BTF blob. -// -// [Handle.Close] is called if *handle is non-nil to avoid leaking fds. +// Next retrieves a handle for the next BTF object. // -// Returns true if another BTF blob was found. Call [HandleIterator.Err] after +// Returns true if another BTF object was found. Call [HandleIterator.Err] after // the function returns false. -func (it *HandleIterator) Next(handle **Handle) bool { - if *handle != nil { - (*handle).Close() - *handle = nil - } - +func (it *HandleIterator) Next() bool { id := it.ID for { attr := &sys.BtfGetNextIdAttr{Id: id} err := sys.BtfGetNextId(attr) if errors.Is(err, os.ErrNotExist) { // There are no more BTF objects. - return false + break } else if err != nil { it.err = fmt.Errorf("get next BTF ID: %w", err) - return false + break } id = attr.NextId - *handle, err = NewHandleFromID(id) + handle, err := NewHandleFromID(id) if errors.Is(err, os.ErrNotExist) { // Try again with the next ID. continue } else if err != nil { it.err = fmt.Errorf("retrieve handle for ID %d: %w", id, err) - return false + break } - it.ID = id + it.Handle.Close() + it.ID, it.Handle = id, handle return true } + + // No more handles or we encountered an error. + it.Handle.Close() + it.Handle = nil + return false +} + +// Take the ownership of the current handle. +// +// It's the callers responsibility to close the handle. +func (it *HandleIterator) Take() *Handle { + handle := it.Handle + it.Handle = nil + return handle } // Err returns an error if iteration failed for some reason. func (it *HandleIterator) Err() error { return it.err } + +// FindHandle returns the first handle for which predicate returns true. +// +// Requires CAP_SYS_ADMIN. +// +// Returns an error wrapping ErrNotFound if predicate never returns true or if +// there is no BTF loaded into the kernel. +func FindHandle(predicate func(info *HandleInfo) bool) (*Handle, error) { + it := new(HandleIterator) + defer it.Handle.Close() + + for it.Next() { + info, err := it.Handle.Info() + if err != nil { + return nil, fmt.Errorf("info for ID %d: %w", it.ID, err) + } + + if predicate(info) { + return it.Take(), nil + } + } + if err := it.Err(); err != nil { + return nil, fmt.Errorf("iterate handles: %w", err) + } + + return nil, fmt.Errorf("find handle: %w", ErrNotFound) +} diff --git a/vendor/github.com/cilium/ebpf/btf/strings.go b/vendor/github.com/cilium/ebpf/btf/strings.go index 67626e0dd17..9e1b3bb2c58 100644 --- a/vendor/github.com/cilium/ebpf/btf/strings.go +++ b/vendor/github.com/cilium/ebpf/btf/strings.go @@ -89,6 +89,10 @@ func (st *stringTable) lookup(offset uint32) (string, error) { } func (st *stringTable) Length() int { + if len(st.offsets) == 0 || len(st.strings) == 0 { + return 0 + } + last := len(st.offsets) - 1 return int(st.offsets[last]) + len(st.strings[last]) + 1 } diff --git a/vendor/github.com/cilium/ebpf/btf/traversal.go b/vendor/github.com/cilium/ebpf/btf/traversal.go new file mode 100644 index 00000000000..a9ff1f70396 --- /dev/null +++ b/vendor/github.com/cilium/ebpf/btf/traversal.go @@ -0,0 +1,56 @@ +package btf + +import "fmt" + +// walkType calls fn on each child of typ. +func walkType(typ Type, fn func(*Type)) { + // Explicitly type switch on the most common types to allow the inliner to + // do its work. This avoids allocating intermediate slices from walk() on + // the heap. + switch v := typ.(type) { + case *Void, *Int, *Enum, *Fwd, *Float: + // No children to traverse. + case *Pointer: + fn(&v.Target) + case *Array: + fn(&v.Index) + fn(&v.Type) + case *Struct: + for i := range v.Members { + fn(&v.Members[i].Type) + } + case *Union: + for i := range v.Members { + fn(&v.Members[i].Type) + } + case *Typedef: + fn(&v.Type) + case *Volatile: + fn(&v.Type) + case *Const: + fn(&v.Type) + case *Restrict: + fn(&v.Type) + case *Func: + fn(&v.Type) + case *FuncProto: + fn(&v.Return) + for i := range v.Params { + fn(&v.Params[i].Type) + } + case *Var: + fn(&v.Type) + case *Datasec: + for i := range v.Vars { + fn(&v.Vars[i].Type) + } + case *declTag: + fn(&v.Type) + case *typeTag: + fn(&v.Type) + case *cycle: + // cycle has children, but we ignore them deliberately. + default: + panic(fmt.Sprintf("don't know how to walk Type %T", v)) + } +} diff --git a/vendor/github.com/cilium/ebpf/btf/types.go b/vendor/github.com/cilium/ebpf/btf/types.go index 402a363c28a..3e98585cf58 100644 --- a/vendor/github.com/cilium/ebpf/btf/types.go +++ b/vendor/github.com/cilium/ebpf/btf/types.go @@ -8,6 +8,7 @@ import ( "strings" "github.com/cilium/ebpf/asm" + "github.com/cilium/ebpf/internal" ) const maxTypeDepth = 32 @@ -35,9 +36,7 @@ type Type interface { // Make a copy of the type, without copying Type members. copy() Type - // Enumerate all nested Types. Repeated calls must visit nested - // types in the same order. - walk(*typeDeque) + // New implementations must update walkType. } var ( @@ -51,6 +50,9 @@ var ( _ Type = (*Var)(nil) _ Type = (*Datasec)(nil) _ Type = (*Float)(nil) + _ Type = (*declTag)(nil) + _ Type = (*typeTag)(nil) + _ Type = (*cycle)(nil) ) // types is a list of Type. @@ -72,40 +74,32 @@ func (v *Void) Format(fs fmt.State, verb rune) { formatType(fs, verb, v) } func (v *Void) TypeName() string { return "" } func (v *Void) size() uint32 { return 0 } func (v *Void) copy() Type { return (*Void)(nil) } -func (v *Void) walk(*typeDeque) {} type IntEncoding byte +// Valid IntEncodings. +// +// These may look like they are flags, but they aren't. const ( - Signed IntEncoding = 1 << iota - Char - Bool + Unsigned IntEncoding = 0 + Signed IntEncoding = 1 + Char IntEncoding = 2 + Bool IntEncoding = 4 ) -func (ie IntEncoding) IsSigned() bool { - return ie&Signed != 0 -} - -func (ie IntEncoding) IsChar() bool { - return ie&Char != 0 -} - -func (ie IntEncoding) IsBool() bool { - return ie&Bool != 0 -} - func (ie IntEncoding) String() string { - switch { - case ie.IsChar() && ie.IsSigned(): + switch ie { + case Char: + // NB: There is no way to determine signedness for char. return "char" - case ie.IsChar() && !ie.IsSigned(): - return "uchar" - case ie.IsBool(): + case Bool: return "bool" - case ie.IsSigned(): + case Signed: return "signed" - default: + case Unsigned: return "unsigned" + default: + return fmt.Sprintf("IntEncoding(%d)", byte(ie)) } } @@ -126,7 +120,6 @@ func (i *Int) Format(fs fmt.State, verb rune) { func (i *Int) TypeName() string { return i.Name } func (i *Int) size() uint32 { return i.Size } -func (i *Int) walk(*typeDeque) {} func (i *Int) copy() Type { cpy := *i return &cpy @@ -141,9 +134,8 @@ func (p *Pointer) Format(fs fmt.State, verb rune) { formatType(fs, verb, p, "target=", p.Target) } -func (p *Pointer) TypeName() string { return "" } -func (p *Pointer) size() uint32 { return 8 } -func (p *Pointer) walk(tdq *typeDeque) { tdq.push(&p.Target) } +func (p *Pointer) TypeName() string { return "" } +func (p *Pointer) size() uint32 { return 8 } func (p *Pointer) copy() Type { cpy := *p return &cpy @@ -162,11 +154,6 @@ func (arr *Array) Format(fs fmt.State, verb rune) { func (arr *Array) TypeName() string { return "" } -func (arr *Array) walk(tdq *typeDeque) { - tdq.push(&arr.Index) - tdq.push(&arr.Type) -} - func (arr *Array) copy() Type { cpy := *arr return &cpy @@ -188,12 +175,6 @@ func (s *Struct) TypeName() string { return s.Name } func (s *Struct) size() uint32 { return s.Size } -func (s *Struct) walk(tdq *typeDeque) { - for i := range s.Members { - tdq.push(&s.Members[i].Type) - } -} - func (s *Struct) copy() Type { cpy := *s cpy.Members = copyMembers(s.Members) @@ -220,12 +201,6 @@ func (u *Union) TypeName() string { return u.Name } func (u *Union) size() uint32 { return u.Size } -func (u *Union) walk(tdq *typeDeque) { - for i := range u.Members { - tdq.push(&u.Members[i].Type) - } -} - func (u *Union) copy() Type { cpy := *u cpy.Members = copyMembers(u.Members) @@ -273,7 +248,9 @@ type Member struct { type Enum struct { Name string // Size of the enum value in bytes. - Size uint32 + Size uint32 + // True if the values should be interpreted as signed integers. + Signed bool Values []EnumValue } @@ -288,11 +265,10 @@ func (e *Enum) TypeName() string { return e.Name } // Is is not a valid Type type EnumValue struct { Name string - Value int32 + Value uint64 } -func (e *Enum) size() uint32 { return e.Size } -func (e *Enum) walk(*typeDeque) {} +func (e *Enum) size() uint32 { return e.Size } func (e *Enum) copy() Type { cpy := *e cpy.Values = make([]EnumValue, len(e.Values)) @@ -332,7 +308,6 @@ func (f *Fwd) Format(fs fmt.State, verb rune) { func (f *Fwd) TypeName() string { return f.Name } -func (f *Fwd) walk(*typeDeque) {} func (f *Fwd) copy() Type { cpy := *f return &cpy @@ -350,7 +325,6 @@ func (td *Typedef) Format(fs fmt.State, verb rune) { func (td *Typedef) TypeName() string { return td.Name } -func (td *Typedef) walk(tdq *typeDeque) { tdq.push(&td.Type) } func (td *Typedef) copy() Type { cpy := *td return &cpy @@ -367,8 +341,7 @@ func (v *Volatile) Format(fs fmt.State, verb rune) { func (v *Volatile) TypeName() string { return "" } -func (v *Volatile) qualify() Type { return v.Type } -func (v *Volatile) walk(tdq *typeDeque) { tdq.push(&v.Type) } +func (v *Volatile) qualify() Type { return v.Type } func (v *Volatile) copy() Type { cpy := *v return &cpy @@ -385,8 +358,7 @@ func (c *Const) Format(fs fmt.State, verb rune) { func (c *Const) TypeName() string { return "" } -func (c *Const) qualify() Type { return c.Type } -func (c *Const) walk(tdq *typeDeque) { tdq.push(&c.Type) } +func (c *Const) qualify() Type { return c.Type } func (c *Const) copy() Type { cpy := *c return &cpy @@ -403,8 +375,7 @@ func (r *Restrict) Format(fs fmt.State, verb rune) { func (r *Restrict) TypeName() string { return "" } -func (r *Restrict) qualify() Type { return r.Type } -func (r *Restrict) walk(tdq *typeDeque) { tdq.push(&r.Type) } +func (r *Restrict) qualify() Type { return r.Type } func (r *Restrict) copy() Type { cpy := *r return &cpy @@ -428,7 +399,6 @@ func (f *Func) Format(fs fmt.State, verb rune) { func (f *Func) TypeName() string { return f.Name } -func (f *Func) walk(tdq *typeDeque) { tdq.push(&f.Type) } func (f *Func) copy() Type { cpy := *f return &cpy @@ -446,13 +416,6 @@ func (fp *FuncProto) Format(fs fmt.State, verb rune) { func (fp *FuncProto) TypeName() string { return "" } -func (fp *FuncProto) walk(tdq *typeDeque) { - tdq.push(&fp.Return) - for i := range fp.Params { - tdq.push(&fp.Params[i].Type) - } -} - func (fp *FuncProto) copy() Type { cpy := *fp cpy.Params = make([]FuncParam, len(fp.Params)) @@ -478,7 +441,6 @@ func (v *Var) Format(fs fmt.State, verb rune) { func (v *Var) TypeName() string { return v.Name } -func (v *Var) walk(tdq *typeDeque) { tdq.push(&v.Type) } func (v *Var) copy() Type { cpy := *v return &cpy @@ -499,12 +461,6 @@ func (ds *Datasec) TypeName() string { return ds.Name } func (ds *Datasec) size() uint32 { return ds.Size } -func (ds *Datasec) walk(tdq *typeDeque) { - for i := range ds.Vars { - tdq.push(&ds.Vars[i].Type) - } -} - func (ds *Datasec) copy() Type { cpy := *ds cpy.Vars = make([]VarSecinfo, len(ds.Vars)) @@ -535,12 +491,48 @@ func (f *Float) Format(fs fmt.State, verb rune) { func (f *Float) TypeName() string { return f.Name } func (f *Float) size() uint32 { return f.Size } -func (f *Float) walk(*typeDeque) {} func (f *Float) copy() Type { cpy := *f return &cpy } +// declTag associates metadata with a declaration. +type declTag struct { + Type Type + Value string + // The index this tag refers to in the target type. For composite types, + // a value of -1 indicates that the tag refers to the whole type. Otherwise + // it indicates which member or argument the tag applies to. + Index int +} + +func (dt *declTag) Format(fs fmt.State, verb rune) { + formatType(fs, verb, dt, "type=", dt.Type, "value=", dt.Value, "index=", dt.Index) +} + +func (dt *declTag) TypeName() string { return "" } +func (dt *declTag) copy() Type { + cpy := *dt + return &cpy +} + +// typeTag associates metadata with a type. +type typeTag struct { + Type Type + Value string +} + +func (tt *typeTag) Format(fs fmt.State, verb rune) { + formatType(fs, verb, tt, "type=", tt.Type, "value=", tt.Value) +} + +func (tt *typeTag) TypeName() string { return "" } +func (tt *typeTag) qualify() Type { return tt.Type } +func (tt *typeTag) copy() Type { + cpy := *tt + return &cpy +} + // cycle is a type which had to be elided since it exceeded maxTypeDepth. type cycle struct { root Type @@ -549,7 +541,6 @@ type cycle struct { func (c *cycle) ID() TypeID { return math.MaxUint32 } func (c *cycle) Format(fs fmt.State, verb rune) { formatType(fs, verb, c, "root=", c.root) } func (c *cycle) TypeName() string { return "" } -func (c *cycle) walk(*typeDeque) {} func (c *cycle) copy() Type { cpy := *c return &cpy @@ -576,6 +567,7 @@ var ( _ qualifier = (*Const)(nil) _ qualifier = (*Restrict)(nil) _ qualifier = (*Volatile)(nil) + _ qualifier = (*typeTag)(nil) ) // Sizeof returns the size of a type in bytes. @@ -679,7 +671,7 @@ type copier map[Type]Type func (c copier) copy(typ *Type, transform Transformer) { var work typeDeque - for t := typ; t != nil; t = work.pop() { + for t := typ; t != nil; t = work.Pop() { // *t is the identity of the type. if cpy := c[*t]; cpy != nil { *t = cpy @@ -697,83 +689,11 @@ func (c copier) copy(typ *Type, transform Transformer) { *t = cpy // Mark any nested types for copying. - cpy.walk(&work) + walkType(cpy, work.Push) } } -// typeDeque keeps track of pointers to types which still -// need to be visited. -type typeDeque struct { - types []*Type - read, write uint64 - mask uint64 -} - -func (dq *typeDeque) empty() bool { - return dq.read == dq.write -} - -// push adds a type to the stack. -func (dq *typeDeque) push(t *Type) { - if dq.write-dq.read < uint64(len(dq.types)) { - dq.types[dq.write&dq.mask] = t - dq.write++ - return - } - - new := len(dq.types) * 2 - if new == 0 { - new = 8 - } - - types := make([]*Type, new) - pivot := dq.read & dq.mask - n := copy(types, dq.types[pivot:]) - n += copy(types[n:], dq.types[:pivot]) - types[n] = t - - dq.types = types - dq.mask = uint64(new) - 1 - dq.read, dq.write = 0, uint64(n+1) -} - -// shift returns the first element or null. -func (dq *typeDeque) shift() *Type { - if dq.empty() { - return nil - } - - index := dq.read & dq.mask - t := dq.types[index] - dq.types[index] = nil - dq.read++ - return t -} - -// pop returns the last element or null. -func (dq *typeDeque) pop() *Type { - if dq.empty() { - return nil - } - - dq.write-- - index := dq.write & dq.mask - t := dq.types[index] - dq.types[index] = nil - return t -} - -// all returns all elements. -// -// The deque is empty after calling this method. -func (dq *typeDeque) all() []*Type { - length := dq.write - dq.read - types := make([]*Type, 0, length) - for t := dq.shift(); t != nil; t = dq.shift() { - types = append(types, t) - } - return types -} +type typeDeque = internal.Deque[*Type] // inflateRawTypes takes a list of raw btf types linked via type IDs, and turns // it into a graph of Types connected via pointers. @@ -903,6 +823,7 @@ func inflateRawTypes(rawTypes []rawType, baseTypes types, rawStrings *stringTabl return members, nil } + var declTags []*declTag for i, raw := range rawTypes { var ( id = typeIDOffset + TypeID(i) @@ -952,17 +873,20 @@ func inflateRawTypes(rawTypes []rawType, baseTypes types, rawStrings *stringTabl case kindEnum: rawvals := raw.data.([]btfEnum) vals := make([]EnumValue, 0, len(rawvals)) + signed := raw.KindFlag() for i, btfVal := range rawvals { name, err := rawStrings.Lookup(btfVal.NameOff) if err != nil { return nil, fmt.Errorf("get name for enum value %d: %s", i, err) } - vals = append(vals, EnumValue{ - Name: name, - Value: btfVal.Val, - }) + value := uint64(btfVal.Val) + if signed { + // Sign extend values to 64 bit. + value = uint64(int32(btfVal.Val)) + } + vals = append(vals, EnumValue{name, value}) } - typ = &Enum{name, raw.Size(), vals} + typ = &Enum{name, raw.Size(), signed, vals} case kindForward: if raw.KindFlag() { @@ -1045,6 +969,28 @@ func inflateRawTypes(rawTypes []rawType, baseTypes types, rawStrings *stringTabl case kindFloat: typ = &Float{name, raw.Size()} + case kindDeclTag: + btfIndex := raw.data.(*btfDeclTag).ComponentIdx + if uint64(btfIndex) > math.MaxInt { + return nil, fmt.Errorf("type id %d: index exceeds int", id) + } + + index := int(btfIndex) + if btfIndex == math.MaxUint32 { + index = -1 + } + + dt := &declTag{nil, name, index} + fixup(raw.Type(), &dt.Type) + typ = dt + + declTags = append(declTags, dt) + + case kindTypeTag: + tt := &typeTag{nil, name} + fixup(raw.Type(), &tt.Type) + typ = tt + default: return nil, fmt.Errorf("type id %d: unknown kind: %v", id, raw.Kind()) } @@ -1083,6 +1029,28 @@ func inflateRawTypes(rawTypes []rawType, baseTypes types, rawStrings *stringTabl } } + for _, dt := range declTags { + switch t := dt.Type.(type) { + case *Var, *Typedef: + if dt.Index != -1 { + return nil, fmt.Errorf("type %s: index %d is not -1", dt, dt.Index) + } + + case composite: + if dt.Index >= len(t.members()) { + return nil, fmt.Errorf("type %s: index %d exceeds members of %s", dt, dt.Index, t) + } + + case *Func: + if dt.Index >= len(t.Type.(*FuncProto).Params) { + return nil, fmt.Errorf("type %s: index %d exceeds params of %s", dt, dt.Index, t) + } + + default: + return nil, fmt.Errorf("type %s: decl tag for type %s is not supported", dt, t) + } + } + return types, nil } diff --git a/vendor/github.com/cilium/ebpf/collection.go b/vendor/github.com/cilium/ebpf/collection.go index 8c2ddc38021..215869d9f9e 100644 --- a/vendor/github.com/cilium/ebpf/collection.go +++ b/vendor/github.com/cilium/ebpf/collection.go @@ -111,8 +111,8 @@ func (cs *CollectionSpec) RewriteMaps(maps map[string]*Map) error { // // The constant must be defined like so in the C program: // -// volatile const type foobar; -// volatile const type foobar = default; +// volatile const type foobar; +// volatile const type foobar = default; // // Replacement values must be of the same length as the C sizeof(type). // If necessary, they are marshalled according to the same rules as @@ -198,11 +198,11 @@ func (cs *CollectionSpec) RewriteConstants(consts map[string]interface{}) error // The tag's value specifies the name of the program or map as // found in the CollectionSpec. // -// struct { -// Foo *ebpf.ProgramSpec `ebpf:"xdp_foo"` -// Bar *ebpf.MapSpec `ebpf:"bar_map"` -// Ignored int -// } +// struct { +// Foo *ebpf.ProgramSpec `ebpf:"xdp_foo"` +// Bar *ebpf.MapSpec `ebpf:"bar_map"` +// Ignored int +// } // // Returns an error if any of the eBPF objects can't be found, or // if the same MapSpec or ProgramSpec is assigned multiple times. @@ -249,11 +249,11 @@ func (cs *CollectionSpec) Assign(to interface{}) error { // dependent resources are loaded into the kernel and populated with values if // specified. // -// struct { -// Foo *ebpf.Program `ebpf:"xdp_foo"` -// Bar *ebpf.Map `ebpf:"bar_map"` -// Ignored int -// } +// struct { +// Foo *ebpf.Program `ebpf:"xdp_foo"` +// Bar *ebpf.Map `ebpf:"bar_map"` +// Ignored int +// } // // opts may be nil. // diff --git a/vendor/github.com/cilium/ebpf/elf_reader.go b/vendor/github.com/cilium/ebpf/elf_reader.go index df278895c63..a5b63538f71 100644 --- a/vendor/github.com/cilium/ebpf/elf_reader.go +++ b/vendor/github.com/cilium/ebpf/elf_reader.go @@ -261,10 +261,6 @@ func (ec *elfCode) loadRelocations(relSections map[elf.SectionIndex]*elf.Section return fmt.Errorf("section %q: reference to %q in section %s: %w", section.Name, rel.Name, rel.Section, ErrNotSupported) } - if target.Flags&elf.SHF_STRINGS > 0 { - return fmt.Errorf("section %q: string is not stack allocated: %w", section.Name, ErrNotSupported) - } - target.references++ } @@ -1027,22 +1023,33 @@ func (ec *elfCode) loadDataSections(maps map[string]*MapSpec) error { continue } - data, err := sec.Data() - if err != nil { - return fmt.Errorf("data section %s: can't get contents: %w", sec.Name, err) - } - - if uint64(len(data)) > math.MaxUint32 { - return fmt.Errorf("data section %s: contents exceed maximum size", sec.Name) - } - mapSpec := &MapSpec{ Name: SanitizeName(sec.Name, -1), Type: Array, KeySize: 4, - ValueSize: uint32(len(data)), + ValueSize: uint32(sec.Size), MaxEntries: 1, - Contents: []MapKV{{uint32(0), data}}, + } + + switch sec.Type { + // Only open the section if we know there's actual data to be read. + case elf.SHT_PROGBITS: + data, err := sec.Data() + if err != nil { + return fmt.Errorf("data section %s: can't get contents: %w", sec.Name, err) + } + + if uint64(len(data)) > math.MaxUint32 { + return fmt.Errorf("data section %s: contents exceed maximum size", sec.Name) + } + mapSpec.Contents = []MapKV{{uint32(0), data}} + + case elf.SHT_NOBITS: + // NOBITS sections like .bss contain only zeroes, and since data sections + // are Arrays, the kernel already preallocates them. Skip reading zeroes + // from the ELF. + default: + return fmt.Errorf("data section %s: unknown section type %s", sec.Name, sec.Type) } // It is possible for a data section to exist without a corresponding BTF Datasec @@ -1057,13 +1064,9 @@ func (ec *elfCode) loadDataSections(maps map[string]*MapSpec) error { } } - switch n := sec.Name; { - case strings.HasPrefix(n, ".rodata"): + if strings.HasPrefix(sec.Name, ".rodata") { mapSpec.Flags = unix.BPF_F_RDONLY_PROG mapSpec.Freeze = true - case n == ".bss": - // The kernel already zero-initializes the map - mapSpec.Contents = nil } maps[sec.Name] = mapSpec @@ -1107,6 +1110,7 @@ func getProgType(sectionName string) (ProgramType, AttachType, uint32, string) { {"lsm/", LSM, AttachLSMMac, 0}, {"lsm.s/", LSM, AttachLSMMac, unix.BPF_F_SLEEPABLE}, {"iter/", Tracing, AttachTraceIter, 0}, + {"iter.s/", Tracing, AttachTraceIter, unix.BPF_F_SLEEPABLE}, {"syscall", Syscall, AttachNone, 0}, {"xdp_devmap/", XDP, AttachXDPDevMap, 0}, {"xdp_cpumap/", XDP, AttachXDPCPUMap, 0}, @@ -1149,8 +1153,9 @@ func getProgType(sectionName string) (ProgramType, AttachType, uint32, string) { {"cgroup/setsockopt", CGroupSockopt, AttachCGroupSetsockopt, 0}, {"struct_ops+", StructOps, AttachNone, 0}, {"sk_lookup/", SkLookup, AttachSkLookup, 0}, - {"seccomp", SocketFilter, AttachNone, 0}, + {"kprobe.multi", Kprobe, AttachTraceKprobeMulti, 0}, + {"kretprobe.multi", Kprobe, AttachTraceKprobeMulti, 0}, } for _, t := range types { diff --git a/vendor/github.com/cilium/ebpf/info.go b/vendor/github.com/cilium/ebpf/info.go index ae77bc6197f..8f42173a3e7 100644 --- a/vendor/github.com/cilium/ebpf/info.go +++ b/vendor/github.com/cilium/ebpf/info.go @@ -48,7 +48,7 @@ func newMapInfoFromFd(fd *sys.FD) (*MapInfo, error) { info.KeySize, info.ValueSize, info.MaxEntries, - info.MapFlags, + uint32(info.MapFlags), unix.ByteSliceToString(info.Name[:]), }, nil } diff --git a/vendor/github.com/cilium/ebpf/internal/deque.go b/vendor/github.com/cilium/ebpf/internal/deque.go new file mode 100644 index 00000000000..1abc9a9bac9 --- /dev/null +++ b/vendor/github.com/cilium/ebpf/internal/deque.go @@ -0,0 +1,89 @@ +package internal + +import "math/bits" + +// Deque implements a double ended queue. +type Deque[T any] struct { + elems []T + read, write uint64 + mask uint64 +} + +func (dq *Deque[T]) Empty() bool { + return dq.read == dq.write +} + +func (dq *Deque[T]) remainingCap() int { + return len(dq.elems) - int(dq.write-dq.read) +} + +// Push adds an element to the end. +func (dq *Deque[T]) Push(e T) { + if dq.remainingCap() >= 1 { + dq.elems[dq.write&dq.mask] = e + dq.write++ + return + } + + elems := dq.linearise(1) + elems = append(elems, e) + + dq.elems = elems[:cap(elems)] + dq.mask = uint64(cap(elems)) - 1 + dq.read, dq.write = 0, uint64(len(elems)) +} + +// Shift returns the first element or the zero value. +func (dq *Deque[T]) Shift() T { + var zero T + + if dq.Empty() { + return zero + } + + index := dq.read & dq.mask + t := dq.elems[index] + dq.elems[index] = zero + dq.read++ + return t +} + +// Pop returns the last element or the zero value. +func (dq *Deque[T]) Pop() T { + var zero T + + if dq.Empty() { + return zero + } + + dq.write-- + index := dq.write & dq.mask + t := dq.elems[index] + dq.elems[index] = zero + return t +} + +// linearise the contents of the deque. +// +// The returned slice has space for at least n more elements and has power +// of two capacity. +func (dq *Deque[T]) linearise(n int) []T { + length := dq.write - dq.read + need := length + uint64(n) + if need < length { + panic("overflow") + } + + // Round up to the new power of two which is at least 8. + // See https://jameshfisher.com/2018/03/30/round-up-power-2/ + capacity := 1 << (64 - bits.LeadingZeros64(need-1)) + if capacity < 8 { + capacity = 8 + } + + types := make([]T, length, capacity) + pivot := dq.read & dq.mask + copied := copy(types, dq.elems[pivot:]) + copy(types[copied:], dq.elems[:pivot]) + return types +} diff --git a/vendor/github.com/cilium/ebpf/internal/errors.go b/vendor/github.com/cilium/ebpf/internal/errors.go index b5ccdd7d053..29bd6551e5e 100644 --- a/vendor/github.com/cilium/ebpf/internal/errors.go +++ b/vendor/github.com/cilium/ebpf/internal/errors.go @@ -7,32 +7,25 @@ import ( "strings" ) -// ErrorWithLog returns an error which includes logs from the kernel verifier. +// ErrorWithLog wraps err in a VerifierError that includes the parsed verifier +// log buffer. // // The default error output is a summary of the full log. The latter can be // accessed via VerifierError.Log or by formatting the error, see Format. -// -// A set of heuristics is used to determine whether the log has been truncated. -func ErrorWithLog(err error, log []byte) *VerifierError { +func ErrorWithLog(err error, log []byte, truncated bool) *VerifierError { const whitespace = "\t\r\v\n " // Convert verifier log C string by truncating it on the first 0 byte // and trimming trailing whitespace before interpreting as a Go string. - truncated := false if i := bytes.IndexByte(log, 0); i != -1 { - if i == len(log)-1 && !bytes.HasSuffix(log[:i], []byte{'\n'}) { - // The null byte is at the end of the buffer and it's not preceded - // by a newline character. Most likely the buffer was too short. - truncated = true - } - log = log[:i] - } else if len(log) > 0 { - // No null byte? Dodgy! - truncated = true } log = bytes.Trim(log, whitespace) + if len(log) == 0 { + return &VerifierError{err, nil, truncated} + } + logLines := bytes.Split(log, []byte{'\n'}) lines := make([]string, 0, len(logLines)) for _, line := range logLines { @@ -143,8 +136,8 @@ func includePreviousLine(line string) bool { // Understood verbs are %s and %v, which are equivalent to calling Error(). %v // allows outputting additional information using the following flags: // -// + Output the first lines, or all lines if no width is given. -// - Output the last lines, or all lines if no width is given. +// %+v: Output the first lines, or all lines if no width is given. +// %-v: Output the last lines, or all lines if no width is given. // // Use width to specify how many lines to output. Use the '-' flag to output // lines from the end of the log instead of the beginning. diff --git a/vendor/github.com/cilium/ebpf/internal/feature.go b/vendor/github.com/cilium/ebpf/internal/feature.go index 0a6c2d1d528..bf25d781ce1 100644 --- a/vendor/github.com/cilium/ebpf/internal/feature.go +++ b/vendor/github.com/cilium/ebpf/internal/feature.go @@ -42,9 +42,9 @@ type featureTest struct { // // The return values have the following semantics: // -// err == ErrNotSupported: the feature is not available -// err == nil: the feature is available -// err != nil: the test couldn't be executed +// err == ErrNotSupported: the feature is not available +// err == nil: the feature is available +// err != nil: the test couldn't be executed type FeatureTestFn func() error // FeatureTest wraps a function so that it is run at most once. diff --git a/vendor/github.com/cilium/ebpf/internal/prog.go b/vendor/github.com/cilium/ebpf/internal/prog.go new file mode 100644 index 00000000000..d629145b629 --- /dev/null +++ b/vendor/github.com/cilium/ebpf/internal/prog.go @@ -0,0 +1,11 @@ +package internal + +// EmptyBPFContext is the smallest-possible BPF input context to be used for +// invoking `Program.{Run,Benchmark,Test}`. +// +// Programs require a context input buffer of at least 15 bytes. Looking in +// net/bpf/test_run.c, bpf_test_init() requires that the input is at least +// ETH_HLEN (14) bytes. As of Linux commit fd18942 ("bpf: Don't redirect packets +// with invalid pkt_len"), it also requires the skb to be non-empty after +// removing the Layer 2 header. +var EmptyBPFContext = make([]byte, 15) diff --git a/vendor/github.com/cilium/ebpf/internal/sys/ptr.go b/vendor/github.com/cilium/ebpf/internal/sys/ptr.go index a221006888d..bc7ebb44432 100644 --- a/vendor/github.com/cilium/ebpf/internal/sys/ptr.go +++ b/vendor/github.com/cilium/ebpf/internal/sys/ptr.go @@ -36,3 +36,17 @@ func NewStringPointer(str string) Pointer { return Pointer{ptr: unsafe.Pointer(p)} } + +// NewStringSlicePointer allocates an array of Pointers to each string in the +// given slice of strings and returns a 64-bit pointer to the start of the +// resulting array. +// +// Use this function to pass arrays of strings as syscall arguments. +func NewStringSlicePointer(strings []string) Pointer { + sp := make([]Pointer, 0, len(strings)) + for _, s := range strings { + sp = append(sp, NewStringPointer(s)) + } + + return Pointer{ptr: unsafe.Pointer(&sp[0])} +} diff --git a/vendor/github.com/cilium/ebpf/internal/sys/signals.go b/vendor/github.com/cilium/ebpf/internal/sys/signals.go new file mode 100644 index 00000000000..84d63313d55 --- /dev/null +++ b/vendor/github.com/cilium/ebpf/internal/sys/signals.go @@ -0,0 +1,82 @@ +package sys + +import ( + "fmt" + "runtime" + "unsafe" + + "github.com/cilium/ebpf/internal/unix" +) + +var profSet unix.Sigset_t + +func init() { + if err := sigsetAdd(&profSet, unix.SIGPROF); err != nil { + panic(fmt.Errorf("creating signal set: %w", err)) + } +} + +// maskProfilerSignal locks the calling goroutine to its underlying OS thread +// and adds SIGPROF to the thread's signal mask. This prevents pprof from +// interrupting expensive syscalls like e.g. BPF_PROG_LOAD. +// +// The caller must defer sys.UnmaskProfilerSignal() to reverse the operation. +func maskProfilerSignal() { + runtime.LockOSThread() + + if err := unix.PthreadSigmask(unix.SIG_BLOCK, &profSet, nil); err != nil { + runtime.UnlockOSThread() + panic(fmt.Errorf("masking profiler signal: %w", err)) + } +} + +// unmaskProfilerSignal removes SIGPROF from the underlying thread's signal +// mask, allowing it to be interrupted for profiling once again. +// +// It also unlocks the current goroutine from its underlying OS thread. +func unmaskProfilerSignal() { + defer runtime.UnlockOSThread() + + if err := unix.PthreadSigmask(unix.SIG_UNBLOCK, &profSet, nil); err != nil { + panic(fmt.Errorf("unmasking profiler signal: %w", err)) + } +} + +const ( + wordBytes = int(unsafe.Sizeof(unix.Sigset_t{}.Val[0])) + wordBits = wordBytes * 8 + + setBytes = int(unsafe.Sizeof(unix.Sigset_t{})) + setBits = setBytes * 8 +) + +// sigsetAdd adds signal to set. +// +// Note: Sigset_t.Val's value type is uint32 or uint64 depending on the arch. +// This function must be able to deal with both and so must avoid any direct +// references to u32 or u64 types. +func sigsetAdd(set *unix.Sigset_t, signal unix.Signal) error { + if signal < 1 { + return fmt.Errorf("signal %d must be larger than 0", signal) + } + if int(signal) > setBits { + return fmt.Errorf("signal %d does not fit within unix.Sigset_t", signal) + } + + // For amd64, runtime.sigaddset() performs the following operation: + // set[(signal-1)/32] |= 1 << ((uint32(signal) - 1) & 31) + // + // This trick depends on sigset being two u32's, causing a signal in the the + // bottom 31 bits to be written to the low word if bit 32 is low, or the high + // word if bit 32 is high. + + // Signal is the nth bit in the bitfield. + bit := int(signal - 1) + // Word within the sigset the bit needs to be written to. + word := bit / wordBits + + // Write the signal bit into its corresponding word at the corrected offset. + set.Val[word] |= 1 << (bit % wordBits) + + return nil +} diff --git a/vendor/github.com/cilium/ebpf/internal/sys/syscall.go b/vendor/github.com/cilium/ebpf/internal/sys/syscall.go index 2a5935dc912..3205ede80b8 100644 --- a/vendor/github.com/cilium/ebpf/internal/sys/syscall.go +++ b/vendor/github.com/cilium/ebpf/internal/sys/syscall.go @@ -8,10 +8,22 @@ import ( "github.com/cilium/ebpf/internal/unix" ) +// ENOTSUPP is a Linux internal error code that has leaked into UAPI. +// +// It is not the same as ENOTSUP or EOPNOTSUPP. +var ENOTSUPP = syscall.Errno(524) + // BPF wraps SYS_BPF. // // Any pointers contained in attr must use the Pointer type from this package. func BPF(cmd Cmd, attr unsafe.Pointer, size uintptr) (uintptr, error) { + // Prevent the Go profiler from repeatedly interrupting the verifier, + // which could otherwise lead to a livelock due to receiving EAGAIN. + if cmd == BPF_PROG_LOAD { + maskProfilerSignal() + defer unmaskProfilerSignal() + } + for { r1, _, errNo := unix.Syscall(unix.SYS_BPF, uintptr(cmd), uintptr(attr), size) runtime.KeepAlive(attr) @@ -33,10 +45,10 @@ func BPF(cmd Cmd, attr unsafe.Pointer, size uintptr) (uintptr, error) { // Info is implemented by all structs that can be passed to the ObjInfo syscall. // -// MapInfo -// ProgInfo -// LinkInfo -// BtfInfo +// MapInfo +// ProgInfo +// LinkInfo +// BtfInfo type Info interface { info() (unsafe.Pointer, uint32) } @@ -90,12 +102,24 @@ func NewObjName(name string) ObjName { return result } +// LogLevel controls the verbosity of the kernel's eBPF program verifier. +type LogLevel uint32 + +const ( + BPF_LOG_LEVEL1 LogLevel = 1 << iota + BPF_LOG_LEVEL2 + BPF_LOG_STATS +) + // LinkID uniquely identifies a bpf_link. type LinkID uint32 // BTFID uniquely identifies a BTF blob loaded into the kernel. type BTFID uint32 +// MapFlags control map behaviour. +type MapFlags uint32 + // wrappedErrno wraps syscall.Errno to prevent direct comparisons with // syscall.E* or unix.E* constants. // @@ -108,6 +132,13 @@ func (we wrappedErrno) Unwrap() error { return we.Errno } +func (we wrappedErrno) Error() string { + if we.Errno == ENOTSUPP { + return "operation not supported" + } + return we.Errno.Error() +} + type syscallError struct { error errno syscall.Errno diff --git a/vendor/github.com/cilium/ebpf/internal/sys/types.go b/vendor/github.com/cilium/ebpf/internal/sys/types.go index 291e3a6196c..c82324834e3 100644 --- a/vendor/github.com/cilium/ebpf/internal/sys/types.go +++ b/vendor/github.com/cilium/ebpf/internal/sys/types.go @@ -6,14 +6,14 @@ import ( "unsafe" ) -type AdjRoomMode int32 +type AdjRoomMode uint32 const ( BPF_ADJ_ROOM_NET AdjRoomMode = 0 BPF_ADJ_ROOM_MAC AdjRoomMode = 1 ) -type AttachType int32 +type AttachType uint32 const ( BPF_CGROUP_INET_INGRESS AttachType = 0 @@ -62,7 +62,7 @@ const ( __MAX_BPF_ATTACH_TYPE AttachType = 43 ) -type Cmd int32 +type Cmd uint32 const ( BPF_MAP_CREATE Cmd = 0 @@ -104,7 +104,7 @@ const ( BPF_PROG_BIND_MAP Cmd = 35 ) -type FunctionId int32 +type FunctionId uint32 const ( BPF_FUNC_unspec FunctionId = 0 @@ -304,14 +304,14 @@ const ( __BPF_FUNC_MAX_ID FunctionId = 194 ) -type HdrStartOff int32 +type HdrStartOff uint32 const ( BPF_HDR_START_MAC HdrStartOff = 0 BPF_HDR_START_NET HdrStartOff = 1 ) -type LinkType int32 +type LinkType uint32 const ( BPF_LINK_TYPE_UNSPEC LinkType = 0 @@ -326,7 +326,7 @@ const ( MAX_BPF_LINK_TYPE LinkType = 9 ) -type MapType int32 +type MapType uint32 const ( BPF_MAP_TYPE_UNSPEC MapType = 0 @@ -362,7 +362,7 @@ const ( BPF_MAP_TYPE_BLOOM_FILTER MapType = 30 ) -type ProgType int32 +type ProgType uint32 const ( BPF_PROG_TYPE_UNSPEC ProgType = 0 @@ -399,7 +399,7 @@ const ( BPF_PROG_TYPE_SYSCALL ProgType = 31 ) -type RetCode int32 +type RetCode uint32 const ( BPF_OK RetCode = 0 @@ -408,14 +408,14 @@ const ( BPF_LWT_REROUTE RetCode = 128 ) -type SkAction int32 +type SkAction uint32 const ( SK_DROP SkAction = 0 SK_PASS SkAction = 1 ) -type StackBuildIdStatus int32 +type StackBuildIdStatus uint32 const ( BPF_STACK_BUILD_ID_EMPTY StackBuildIdStatus = 0 @@ -423,13 +423,13 @@ const ( BPF_STACK_BUILD_ID_IP StackBuildIdStatus = 2 ) -type StatsType int32 +type StatsType uint32 const ( BPF_STATS_RUN_TIME StatsType = 0 ) -type XdpAction int32 +type XdpAction uint32 const ( XDP_ABORTED XdpAction = 0 @@ -474,7 +474,7 @@ type MapInfo struct { KeySize uint32 ValueSize uint32 MaxEntries uint32 - MapFlags uint32 + MapFlags MapFlags Name ObjName Ifindex uint32 BtfVmlinuxValueTypeId uint32 @@ -646,6 +646,26 @@ func LinkCreateIter(attr *LinkCreateIterAttr) (*FD, error) { return NewFD(int(fd)) } +type LinkCreateKprobeMultiAttr struct { + ProgFd uint32 + TargetFd uint32 + AttachType AttachType + Flags uint32 + KprobeMultiFlags uint32 + Count uint32 + Syms Pointer + Addrs Pointer + Cookies Pointer +} + +func LinkCreateKprobeMulti(attr *LinkCreateKprobeMultiAttr) (*FD, error) { + fd, err := BPF(BPF_LINK_CREATE, unsafe.Pointer(attr), unsafe.Sizeof(*attr)) + if err != nil { + return nil, err + } + return NewFD(int(fd)) +} + type LinkCreatePerfEventAttr struct { ProgFd uint32 TargetFd uint32 @@ -680,7 +700,7 @@ type MapCreateAttr struct { KeySize uint32 ValueSize uint32 MaxEntries uint32 - MapFlags uint32 + MapFlags MapFlags InnerMapFd uint32 NumaNode uint32 MapName ObjName @@ -951,7 +971,7 @@ type ProgLoadAttr struct { InsnCnt uint32 Insns Pointer License Pointer - LogLevel uint32 + LogLevel LogLevel LogSize uint32 LogBuf Pointer KernVersion uint32 @@ -967,7 +987,7 @@ type ProgLoadAttr struct { LineInfo Pointer LineInfoCnt uint32 AttachBtfId uint32 - AttachProgFd uint32 + AttachBtfObjFd uint32 CoreReloCnt uint32 FdArray Pointer CoreRelos Pointer diff --git a/vendor/github.com/cilium/ebpf/internal/unix/doc.go b/vendor/github.com/cilium/ebpf/internal/unix/doc.go new file mode 100644 index 00000000000..d168d36f180 --- /dev/null +++ b/vendor/github.com/cilium/ebpf/internal/unix/doc.go @@ -0,0 +1,11 @@ +// Package unix re-exports Linux specific parts of golang.org/x/sys/unix. +// +// It avoids breaking compilation on other OS by providing stubs as follows: +// - Invoking a function always returns an error. +// - Errnos have distinct, non-zero values. +// - Constants have distinct but meaningless values. +// - Types use the same names for members, but may or may not follow the +// Linux layout. +package unix + +// Note: please don't add any custom API to this package. Use internal/sys instead. diff --git a/vendor/github.com/cilium/ebpf/internal/unix/types_linux.go b/vendor/github.com/cilium/ebpf/internal/unix/types_linux.go index db4a1f5bf9e..9b67b6116d9 100644 --- a/vendor/github.com/cilium/ebpf/internal/unix/types_linux.go +++ b/vendor/github.com/cilium/ebpf/internal/unix/types_linux.go @@ -1,5 +1,4 @@ //go:build linux -// +build linux package unix @@ -24,175 +23,153 @@ const ( E2BIG = linux.E2BIG EFAULT = linux.EFAULT EACCES = linux.EACCES - // ENOTSUPP is not the same as ENOTSUP or EOPNOTSUP - ENOTSUPP = syscall.Errno(0x20c) - - BPF_F_NO_PREALLOC = linux.BPF_F_NO_PREALLOC - BPF_F_NUMA_NODE = linux.BPF_F_NUMA_NODE - BPF_F_RDONLY = linux.BPF_F_RDONLY - BPF_F_WRONLY = linux.BPF_F_WRONLY - BPF_F_RDONLY_PROG = linux.BPF_F_RDONLY_PROG - BPF_F_WRONLY_PROG = linux.BPF_F_WRONLY_PROG - BPF_F_SLEEPABLE = linux.BPF_F_SLEEPABLE - BPF_F_MMAPABLE = linux.BPF_F_MMAPABLE - BPF_F_INNER_MAP = linux.BPF_F_INNER_MAP - BPF_OBJ_NAME_LEN = linux.BPF_OBJ_NAME_LEN - BPF_TAG_SIZE = linux.BPF_TAG_SIZE - BPF_RINGBUF_BUSY_BIT = linux.BPF_RINGBUF_BUSY_BIT - BPF_RINGBUF_DISCARD_BIT = linux.BPF_RINGBUF_DISCARD_BIT - BPF_RINGBUF_HDR_SZ = linux.BPF_RINGBUF_HDR_SZ - SYS_BPF = linux.SYS_BPF - F_DUPFD_CLOEXEC = linux.F_DUPFD_CLOEXEC - EPOLL_CTL_ADD = linux.EPOLL_CTL_ADD - EPOLL_CLOEXEC = linux.EPOLL_CLOEXEC - O_CLOEXEC = linux.O_CLOEXEC - O_NONBLOCK = linux.O_NONBLOCK - PROT_READ = linux.PROT_READ - PROT_WRITE = linux.PROT_WRITE - MAP_SHARED = linux.MAP_SHARED - PERF_ATTR_SIZE_VER1 = linux.PERF_ATTR_SIZE_VER1 - PERF_TYPE_SOFTWARE = linux.PERF_TYPE_SOFTWARE - PERF_TYPE_TRACEPOINT = linux.PERF_TYPE_TRACEPOINT - PERF_COUNT_SW_BPF_OUTPUT = linux.PERF_COUNT_SW_BPF_OUTPUT - PERF_EVENT_IOC_DISABLE = linux.PERF_EVENT_IOC_DISABLE - PERF_EVENT_IOC_ENABLE = linux.PERF_EVENT_IOC_ENABLE - PERF_EVENT_IOC_SET_BPF = linux.PERF_EVENT_IOC_SET_BPF - PerfBitWatermark = linux.PerfBitWatermark - PERF_SAMPLE_RAW = linux.PERF_SAMPLE_RAW - PERF_FLAG_FD_CLOEXEC = linux.PERF_FLAG_FD_CLOEXEC - RLIM_INFINITY = linux.RLIM_INFINITY - RLIMIT_MEMLOCK = linux.RLIMIT_MEMLOCK - BPF_STATS_RUN_TIME = linux.BPF_STATS_RUN_TIME - PERF_RECORD_LOST = linux.PERF_RECORD_LOST - PERF_RECORD_SAMPLE = linux.PERF_RECORD_SAMPLE - AT_FDCWD = linux.AT_FDCWD - RENAME_NOREPLACE = linux.RENAME_NOREPLACE - SO_ATTACH_BPF = linux.SO_ATTACH_BPF - SO_DETACH_BPF = linux.SO_DETACH_BPF - SOL_SOCKET = linux.SOL_SOCKET + EILSEQ = linux.EILSEQ ) -// Statfs_t is a wrapper -type Statfs_t = linux.Statfs_t +const ( + BPF_F_NO_PREALLOC = linux.BPF_F_NO_PREALLOC + BPF_F_NUMA_NODE = linux.BPF_F_NUMA_NODE + BPF_F_RDONLY = linux.BPF_F_RDONLY + BPF_F_WRONLY = linux.BPF_F_WRONLY + BPF_F_RDONLY_PROG = linux.BPF_F_RDONLY_PROG + BPF_F_WRONLY_PROG = linux.BPF_F_WRONLY_PROG + BPF_F_SLEEPABLE = linux.BPF_F_SLEEPABLE + BPF_F_MMAPABLE = linux.BPF_F_MMAPABLE + BPF_F_INNER_MAP = linux.BPF_F_INNER_MAP + BPF_F_KPROBE_MULTI_RETURN = linux.BPF_F_KPROBE_MULTI_RETURN + BPF_OBJ_NAME_LEN = linux.BPF_OBJ_NAME_LEN + BPF_TAG_SIZE = linux.BPF_TAG_SIZE + BPF_RINGBUF_BUSY_BIT = linux.BPF_RINGBUF_BUSY_BIT + BPF_RINGBUF_DISCARD_BIT = linux.BPF_RINGBUF_DISCARD_BIT + BPF_RINGBUF_HDR_SZ = linux.BPF_RINGBUF_HDR_SZ + SYS_BPF = linux.SYS_BPF + F_DUPFD_CLOEXEC = linux.F_DUPFD_CLOEXEC + EPOLL_CTL_ADD = linux.EPOLL_CTL_ADD + EPOLL_CLOEXEC = linux.EPOLL_CLOEXEC + O_CLOEXEC = linux.O_CLOEXEC + O_NONBLOCK = linux.O_NONBLOCK + PROT_READ = linux.PROT_READ + PROT_WRITE = linux.PROT_WRITE + MAP_SHARED = linux.MAP_SHARED + PERF_ATTR_SIZE_VER1 = linux.PERF_ATTR_SIZE_VER1 + PERF_TYPE_SOFTWARE = linux.PERF_TYPE_SOFTWARE + PERF_TYPE_TRACEPOINT = linux.PERF_TYPE_TRACEPOINT + PERF_COUNT_SW_BPF_OUTPUT = linux.PERF_COUNT_SW_BPF_OUTPUT + PERF_EVENT_IOC_DISABLE = linux.PERF_EVENT_IOC_DISABLE + PERF_EVENT_IOC_ENABLE = linux.PERF_EVENT_IOC_ENABLE + PERF_EVENT_IOC_SET_BPF = linux.PERF_EVENT_IOC_SET_BPF + PerfBitWatermark = linux.PerfBitWatermark + PERF_SAMPLE_RAW = linux.PERF_SAMPLE_RAW + PERF_FLAG_FD_CLOEXEC = linux.PERF_FLAG_FD_CLOEXEC + RLIM_INFINITY = linux.RLIM_INFINITY + RLIMIT_MEMLOCK = linux.RLIMIT_MEMLOCK + BPF_STATS_RUN_TIME = linux.BPF_STATS_RUN_TIME + PERF_RECORD_LOST = linux.PERF_RECORD_LOST + PERF_RECORD_SAMPLE = linux.PERF_RECORD_SAMPLE + AT_FDCWD = linux.AT_FDCWD + RENAME_NOREPLACE = linux.RENAME_NOREPLACE + SO_ATTACH_BPF = linux.SO_ATTACH_BPF + SO_DETACH_BPF = linux.SO_DETACH_BPF + SOL_SOCKET = linux.SOL_SOCKET + SIGPROF = linux.SIGPROF + SIG_BLOCK = linux.SIG_BLOCK + SIG_UNBLOCK = linux.SIG_UNBLOCK +) +type Statfs_t = linux.Statfs_t type Stat_t = linux.Stat_t - -// Rlimit is a wrapper type Rlimit = linux.Rlimit +type Signal = linux.Signal +type Sigset_t = linux.Sigset_t +type PerfEventMmapPage = linux.PerfEventMmapPage +type EpollEvent = linux.EpollEvent +type PerfEventAttr = linux.PerfEventAttr +type Utsname = linux.Utsname -// Syscall is a wrapper func Syscall(trap, a1, a2, a3 uintptr) (r1, r2 uintptr, err syscall.Errno) { return linux.Syscall(trap, a1, a2, a3) } -// FcntlInt is a wrapper +func PthreadSigmask(how int, set, oldset *Sigset_t) error { + return linux.PthreadSigmask(how, set, oldset) +} + func FcntlInt(fd uintptr, cmd, arg int) (int, error) { return linux.FcntlInt(fd, cmd, arg) } -// IoctlSetInt is a wrapper func IoctlSetInt(fd int, req uint, value int) error { return linux.IoctlSetInt(fd, req, value) } -// Statfs is a wrapper func Statfs(path string, buf *Statfs_t) (err error) { return linux.Statfs(path, buf) } -// Close is a wrapper func Close(fd int) (err error) { return linux.Close(fd) } -// EpollEvent is a wrapper -type EpollEvent = linux.EpollEvent - -// EpollWait is a wrapper func EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error) { return linux.EpollWait(epfd, events, msec) } -// EpollCtl is a wrapper func EpollCtl(epfd int, op int, fd int, event *EpollEvent) (err error) { return linux.EpollCtl(epfd, op, fd, event) } -// Eventfd is a wrapper func Eventfd(initval uint, flags int) (fd int, err error) { return linux.Eventfd(initval, flags) } -// Write is a wrapper func Write(fd int, p []byte) (n int, err error) { return linux.Write(fd, p) } -// EpollCreate1 is a wrapper func EpollCreate1(flag int) (fd int, err error) { return linux.EpollCreate1(flag) } -// PerfEventMmapPage is a wrapper -type PerfEventMmapPage linux.PerfEventMmapPage - -// SetNonblock is a wrapper func SetNonblock(fd int, nonblocking bool) (err error) { return linux.SetNonblock(fd, nonblocking) } -// Mmap is a wrapper func Mmap(fd int, offset int64, length int, prot int, flags int) (data []byte, err error) { return linux.Mmap(fd, offset, length, prot, flags) } -// Munmap is a wrapper func Munmap(b []byte) (err error) { return linux.Munmap(b) } -// PerfEventAttr is a wrapper -type PerfEventAttr = linux.PerfEventAttr - -// PerfEventOpen is a wrapper func PerfEventOpen(attr *PerfEventAttr, pid int, cpu int, groupFd int, flags int) (fd int, err error) { return linux.PerfEventOpen(attr, pid, cpu, groupFd, flags) } -// Utsname is a wrapper -type Utsname = linux.Utsname - -// Uname is a wrapper func Uname(buf *Utsname) (err error) { return linux.Uname(buf) } -// Getpid is a wrapper func Getpid() int { return linux.Getpid() } -// Gettid is a wrapper func Gettid() int { return linux.Gettid() } -// Tgkill is a wrapper func Tgkill(tgid int, tid int, sig syscall.Signal) (err error) { return linux.Tgkill(tgid, tid, sig) } -// BytePtrFromString is a wrapper func BytePtrFromString(s string) (*byte, error) { return linux.BytePtrFromString(s) } -// ByteSliceToString is a wrapper func ByteSliceToString(s []byte) string { return linux.ByteSliceToString(s) } -// Renameat2 is a wrapper func Renameat2(olddirfd int, oldpath string, newdirfd int, newpath string, flags uint) error { return linux.Renameat2(olddirfd, oldpath, newdirfd, newpath, flags) } diff --git a/vendor/github.com/cilium/ebpf/internal/unix/types_other.go b/vendor/github.com/cilium/ebpf/internal/unix/types_other.go index 133c267dbc3..eb84b255d27 100644 --- a/vendor/github.com/cilium/ebpf/internal/unix/types_other.go +++ b/vendor/github.com/cilium/ebpf/internal/unix/types_other.go @@ -1,5 +1,4 @@ //go:build !linux -// +build !linux package unix @@ -11,70 +10,76 @@ import ( var errNonLinux = fmt.Errorf("unsupported platform %s/%s", runtime.GOOS, runtime.GOARCH) +// Errnos are distinct and non-zero. const ( - ENOENT = syscall.ENOENT - EEXIST = syscall.EEXIST - EAGAIN = syscall.EAGAIN - ENOSPC = syscall.ENOSPC - EINVAL = syscall.EINVAL - EINTR = syscall.EINTR - EPERM = syscall.EPERM - ESRCH = syscall.ESRCH - ENODEV = syscall.ENODEV - EBADF = syscall.Errno(0) - E2BIG = syscall.Errno(0) - EFAULT = syscall.EFAULT - EACCES = syscall.Errno(0) - // ENOTSUPP is not the same as ENOTSUP or EOPNOTSUP - ENOTSUPP = syscall.Errno(0x20c) - - BPF_F_NO_PREALLOC = 0 - BPF_F_NUMA_NODE = 0 - BPF_F_RDONLY = 0 - BPF_F_WRONLY = 0 - BPF_F_RDONLY_PROG = 0 - BPF_F_WRONLY_PROG = 0 - BPF_F_SLEEPABLE = 0 - BPF_F_MMAPABLE = 0 - BPF_F_INNER_MAP = 0 - BPF_OBJ_NAME_LEN = 0x10 - BPF_TAG_SIZE = 0x8 - BPF_RINGBUF_BUSY_BIT = 0 - BPF_RINGBUF_DISCARD_BIT = 0 - BPF_RINGBUF_HDR_SZ = 0 - SYS_BPF = 321 - F_DUPFD_CLOEXEC = 0x406 - EPOLLIN = 0x1 - EPOLL_CTL_ADD = 0x1 - EPOLL_CLOEXEC = 0x80000 - O_CLOEXEC = 0x80000 - O_NONBLOCK = 0x800 - PROT_READ = 0x1 - PROT_WRITE = 0x2 - MAP_SHARED = 0x1 - PERF_ATTR_SIZE_VER1 = 0 - PERF_TYPE_SOFTWARE = 0x1 - PERF_TYPE_TRACEPOINT = 0 - PERF_COUNT_SW_BPF_OUTPUT = 0xa - PERF_EVENT_IOC_DISABLE = 0 - PERF_EVENT_IOC_ENABLE = 0 - PERF_EVENT_IOC_SET_BPF = 0 - PerfBitWatermark = 0x4000 - PERF_SAMPLE_RAW = 0x400 - PERF_FLAG_FD_CLOEXEC = 0x8 - RLIM_INFINITY = 0x7fffffffffffffff - RLIMIT_MEMLOCK = 8 - BPF_STATS_RUN_TIME = 0 - PERF_RECORD_LOST = 2 - PERF_RECORD_SAMPLE = 9 - AT_FDCWD = -0x2 - RENAME_NOREPLACE = 0x1 - SO_ATTACH_BPF = 0x32 - SO_DETACH_BPF = 0x1b - SOL_SOCKET = 0x1 + ENOENT syscall.Errno = iota + 1 + EEXIST + EAGAIN + ENOSPC + EINVAL + EINTR + EPERM + ESRCH + ENODEV + EBADF + E2BIG + EFAULT + EACCES + EILSEQ +) + +// Constants are distinct to avoid breaking switch statements. +const ( + BPF_F_NO_PREALLOC = iota + BPF_F_NUMA_NODE + BPF_F_RDONLY + BPF_F_WRONLY + BPF_F_RDONLY_PROG + BPF_F_WRONLY_PROG + BPF_F_SLEEPABLE + BPF_F_MMAPABLE + BPF_F_INNER_MAP + BPF_F_KPROBE_MULTI_RETURN + BPF_OBJ_NAME_LEN + BPF_TAG_SIZE + BPF_RINGBUF_BUSY_BIT + BPF_RINGBUF_DISCARD_BIT + BPF_RINGBUF_HDR_SZ + SYS_BPF + F_DUPFD_CLOEXEC + EPOLLIN + EPOLL_CTL_ADD + EPOLL_CLOEXEC + O_CLOEXEC + O_NONBLOCK + PROT_READ + PROT_WRITE + MAP_SHARED + PERF_ATTR_SIZE_VER1 + PERF_TYPE_SOFTWARE + PERF_TYPE_TRACEPOINT + PERF_COUNT_SW_BPF_OUTPUT + PERF_EVENT_IOC_DISABLE + PERF_EVENT_IOC_ENABLE + PERF_EVENT_IOC_SET_BPF + PerfBitWatermark + PERF_SAMPLE_RAW + PERF_FLAG_FD_CLOEXEC + RLIM_INFINITY + RLIMIT_MEMLOCK + BPF_STATS_RUN_TIME + PERF_RECORD_LOST + PERF_RECORD_SAMPLE + AT_FDCWD + RENAME_NOREPLACE + SO_ATTACH_BPF + SO_DETACH_BPF + SOL_SOCKET + SIGPROF + SIG_BLOCK + SIG_UNBLOCK ) -// Statfs_t is a wrapper type Statfs_t struct { Type int64 Bsize int64 @@ -92,70 +97,67 @@ type Statfs_t struct { type Stat_t struct{} -// Rlimit is a wrapper type Rlimit struct { Cur uint64 Max uint64 } -// Syscall is a wrapper +type Signal int + +type Sigset_t struct { + Val [4]uint64 +} + func Syscall(trap, a1, a2, a3 uintptr) (r1, r2 uintptr, err syscall.Errno) { - return 0, 0, syscall.Errno(1) + return 0, 0, syscall.ENOTSUP +} + +func PthreadSigmask(how int, set, oldset *Sigset_t) error { + return errNonLinux } -// FcntlInt is a wrapper func FcntlInt(fd uintptr, cmd, arg int) (int, error) { return -1, errNonLinux } -// IoctlSetInt is a wrapper func IoctlSetInt(fd int, req uint, value int) error { return errNonLinux } -// Statfs is a wrapper func Statfs(path string, buf *Statfs_t) error { return errNonLinux } -// Close is a wrapper func Close(fd int) (err error) { return errNonLinux } -// EpollEvent is a wrapper type EpollEvent struct { Events uint32 Fd int32 Pad int32 } -// EpollWait is a wrapper func EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error) { return 0, errNonLinux } -// EpollCtl is a wrapper func EpollCtl(epfd int, op int, fd int, event *EpollEvent) (err error) { return errNonLinux } -// Eventfd is a wrapper func Eventfd(initval uint, flags int) (fd int, err error) { return 0, errNonLinux } -// Write is a wrapper func Write(fd int, p []byte) (n int, err error) { return 0, errNonLinux } -// EpollCreate1 is a wrapper func EpollCreate1(flag int) (fd int, err error) { return 0, errNonLinux } -// PerfEventMmapPage is a wrapper type PerfEventMmapPage struct { Version uint32 Compat_version uint32 @@ -182,22 +184,18 @@ type PerfEventMmapPage struct { Aux_size uint64 } -// SetNonblock is a wrapper func SetNonblock(fd int, nonblocking bool) (err error) { return errNonLinux } -// Mmap is a wrapper func Mmap(fd int, offset int64, length int, prot int, flags int) (data []byte, err error) { return []byte{}, errNonLinux } -// Munmap is a wrapper func Munmap(b []byte) (err error) { return errNonLinux } -// PerfEventAttr is a wrapper type PerfEventAttr struct { Type uint32 Size uint32 @@ -219,48 +217,39 @@ type PerfEventAttr struct { Sample_max_stack uint16 } -// PerfEventOpen is a wrapper func PerfEventOpen(attr *PerfEventAttr, pid int, cpu int, groupFd int, flags int) (fd int, err error) { return 0, errNonLinux } -// Utsname is a wrapper type Utsname struct { Release [65]byte Version [65]byte } -// Uname is a wrapper func Uname(buf *Utsname) (err error) { return errNonLinux } -// Getpid is a wrapper func Getpid() int { return -1 } -// Gettid is a wrapper func Gettid() int { return -1 } -// Tgkill is a wrapper func Tgkill(tgid int, tid int, sig syscall.Signal) (err error) { return errNonLinux } -// BytePtrFromString is a wrapper func BytePtrFromString(s string) (*byte, error) { return nil, errNonLinux } -// ByteSliceToString is a wrapper func ByteSliceToString(s []byte) string { return "" } -// Renameat2 is a wrapper func Renameat2(olddirfd int, oldpath string, newdirfd int, newpath string, flags uint) error { return errNonLinux } diff --git a/vendor/github.com/cilium/ebpf/link/cgroup.go b/vendor/github.com/cilium/ebpf/link/cgroup.go index 003b0638e89..bfad1ccedfb 100644 --- a/vendor/github.com/cilium/ebpf/link/cgroup.go +++ b/vendor/github.com/cilium/ebpf/link/cgroup.go @@ -138,7 +138,7 @@ func (cg *progAttachCgroup) Pin(string) error { } func (cg *progAttachCgroup) Unpin() error { - return fmt.Errorf("can't pin cgroup: %w", ErrNotSupported) + return fmt.Errorf("can't unpin cgroup: %w", ErrNotSupported) } func (cg *progAttachCgroup) Info() (*Info, error) { diff --git a/vendor/github.com/cilium/ebpf/link/kprobe.go b/vendor/github.com/cilium/ebpf/link/kprobe.go index fdf622a0c07..99715f6930f 100644 --- a/vendor/github.com/cilium/ebpf/link/kprobe.go +++ b/vendor/github.com/cilium/ebpf/link/kprobe.go @@ -1,7 +1,6 @@ package link import ( - "bytes" "crypto/rand" "errors" "fmt" @@ -9,7 +8,6 @@ import ( "path/filepath" "runtime" "strings" - "sync" "syscall" "unsafe" @@ -20,12 +18,6 @@ import ( var ( kprobeEventsPath = filepath.Join(tracefsPath, "kprobe_events") - - kprobeRetprobeBit = struct { - once sync.Once - value uint64 - err error - }{} ) type probeType uint8 @@ -83,13 +75,6 @@ func (pt probeType) PerfEventType(ret bool) perfEventType { return uprobeEvent } -func (pt probeType) RetprobeBit() (uint64, error) { - if pt == kprobeType { - return kretprobeBit() - } - return uretprobeBit() -} - // Kprobe attaches the given eBPF program to a perf event that fires when the // given kernel symbol starts executing. See /proc/kallsyms for available // symbols. For example, printk(): @@ -123,6 +108,9 @@ func Kprobe(symbol string, prog *ebpf.Program, opts *KprobeOptions) (Link, error // Losing the reference to the resulting Link (kp) will close the Kretprobe // and prevent further execution of prog. The Link must be Closed during // program shutdown to avoid leaking system resources. +// +// On kernels 5.10 and earlier, setting a kretprobe on a nonexistent symbol +// incorrectly returns unix.EINVAL instead of os.ErrNotExist. func Kretprobe(symbol string, prog *ebpf.Program, opts *KprobeOptions) (Link, error) { k, err := kprobe(symbol, prog, opts, true) if err != nil { @@ -194,7 +182,7 @@ func kprobe(symbol string, prog *ebpf.Program, opts *KprobeOptions, ret bool) (* // Use kprobe PMU if the kernel has it available. tp, err := pmuKprobe(args) - if errors.Is(err, os.ErrNotExist) { + if errors.Is(err, os.ErrNotExist) || errors.Is(err, unix.EINVAL) { args.symbol = platformPrefix(symbol) tp, err = pmuKprobe(args) } @@ -208,7 +196,7 @@ func kprobe(symbol string, prog *ebpf.Program, opts *KprobeOptions, ret bool) (* // Use tracefs if kprobe PMU is missing. args.symbol = symbol tp, err = tracefsKprobe(args) - if errors.Is(err, os.ErrNotExist) { + if errors.Is(err, os.ErrNotExist) || errors.Is(err, unix.EINVAL) { args.symbol = platformPrefix(symbol) tp, err = tracefsKprobe(args) } @@ -235,14 +223,17 @@ func pmuKprobe(args probeArgs) (*perfEvent, error) { func pmuProbe(typ probeType, args probeArgs) (*perfEvent, error) { // Getting the PMU type will fail if the kernel doesn't support // the perf_[k,u]probe PMU. - et, err := getPMUEventType(typ) + et, err := readUint64FromFileOnce("%d\n", "/sys/bus/event_source/devices", typ.String(), "type") + if errors.Is(err, os.ErrNotExist) { + return nil, fmt.Errorf("%s: %w", typ, ErrNotSupported) + } if err != nil { return nil, err } var config uint64 if args.ret { - bit, err := typ.RetprobeBit() + bit, err := readUint64FromFileOnce("config:%d\n", "/sys/bus/event_source/devices", typ.String(), "/format/retprobe") if err != nil { return nil, err } @@ -250,8 +241,9 @@ func pmuProbe(typ probeType, args probeArgs) (*perfEvent, error) { } var ( - attr unix.PerfEventAttr - sp unsafe.Pointer + attr unix.PerfEventAttr + sp unsafe.Pointer + token string ) switch typ { case kprobeType: @@ -261,6 +253,8 @@ func pmuProbe(typ probeType, args probeArgs) (*perfEvent, error) { return nil, err } + token = kprobeToken(args) + attr = unix.PerfEventAttr{ // The minimum size required for PMU kprobes is PERF_ATTR_SIZE_VER1, // since it added the config2 (Ext2) field. Use Ext2 as probe_offset. @@ -280,6 +274,8 @@ func pmuProbe(typ probeType, args probeArgs) (*perfEvent, error) { config |= args.refCtrOffset << uprobeRefCtrOffsetShift } + token = uprobeToken(args) + attr = unix.PerfEventAttr{ // The minimum size required for PMU uprobes is PERF_ATTR_SIZE_VER1, // since it added the config2 (Ext2) field. The Size field controls the @@ -299,26 +295,27 @@ func pmuProbe(typ probeType, args probeArgs) (*perfEvent, error) { // return -EINVAL. Return ErrNotSupported to allow falling back to tracefs. // https://github.com/torvalds/linux/blob/94710cac0ef4/kernel/trace/trace_kprobe.c#L340-L343 if errors.Is(err, unix.EINVAL) && strings.Contains(args.symbol, ".") { - return nil, fmt.Errorf("symbol '%s+%#x': older kernels don't accept dots: %w", args.symbol, args.offset, ErrNotSupported) + return nil, fmt.Errorf("token %s: older kernels don't accept dots: %w", token, ErrNotSupported) } // Since commit 97c753e62e6c, ENOENT is correctly returned instead of EINVAL - // when trying to create a kretprobe for a missing symbol. Make sure ENOENT - // is returned to the caller. - if errors.Is(err, os.ErrNotExist) || errors.Is(err, unix.EINVAL) { - return nil, fmt.Errorf("symbol '%s+%#x' not found: %w", args.symbol, args.offset, os.ErrNotExist) + // when trying to create a retprobe for a missing symbol. + if errors.Is(err, os.ErrNotExist) { + return nil, fmt.Errorf("token %s: not found: %w", token, err) } - // Since commit ab105a4fb894, -EILSEQ is returned when a kprobe sym+offset is resolved - // to an invalid insn boundary. - if errors.Is(err, syscall.EILSEQ) { - return nil, fmt.Errorf("symbol '%s+%#x' not found (bad insn boundary): %w", args.symbol, args.offset, os.ErrNotExist) + // Since commit ab105a4fb894, EILSEQ is returned when a kprobe sym+offset is resolved + // to an invalid insn boundary. The exact conditions that trigger this error are + // arch specific however. + if errors.Is(err, unix.EILSEQ) { + return nil, fmt.Errorf("token %s: bad insn boundary: %w", token, os.ErrNotExist) } // Since at least commit cb9a19fe4aa51, ENOTSUPP is returned // when attempting to set a uprobe on a trap instruction. - if errors.Is(err, unix.ENOTSUPP) { - return nil, fmt.Errorf("failed setting uprobe on offset %#x (possible trap insn): %w", args.offset, err) + if errors.Is(err, sys.ENOTSUPP) { + return nil, fmt.Errorf("token %s: failed setting uprobe on offset %#x (possible trap insn): %w", token, args.offset, err) } + if err != nil { - return nil, fmt.Errorf("opening perf event: %w", err) + return nil, fmt.Errorf("token %s: opening perf event: %w", token, err) } // Ensure the string pointer is not collected before PerfEventOpen returns. @@ -454,16 +451,15 @@ func createTraceFSProbeEvent(typ probeType, args probeArgs) error { pe = fmt.Sprintf("%s:%s/%s %s", probePrefix(args.ret), args.group, args.symbol, token) } _, err = f.WriteString(pe) + // Since commit 97c753e62e6c, ENOENT is correctly returned instead of EINVAL - // when trying to create a kretprobe for a missing symbol. Make sure ENOENT - // is returned to the caller. - // EINVAL is also returned on pre-5.2 kernels when the `SYM[+offs]` token - // is resolved to an invalid insn boundary. - if errors.Is(err, os.ErrNotExist) || errors.Is(err, unix.EINVAL) { - return fmt.Errorf("token %s: %w", token, os.ErrNotExist) + // when trying to create a retprobe for a missing symbol. + if errors.Is(err, os.ErrNotExist) { + return fmt.Errorf("token %s: not found: %w", token, err) } - // Since commit ab105a4fb894, -EILSEQ is returned when a kprobe sym+offset is resolved - // to an invalid insn boundary. + // Since commit ab105a4fb894, EILSEQ is returned when a kprobe sym+offset is resolved + // to an invalid insn boundary. The exact conditions that trigger this error are + // arch specific however. if errors.Is(err, syscall.EILSEQ) { return fmt.Errorf("token %s: bad insn boundary: %w", token, os.ErrNotExist) } @@ -472,8 +468,9 @@ func createTraceFSProbeEvent(typ probeType, args probeArgs) error { if errors.Is(err, syscall.ERANGE) { return fmt.Errorf("token %s: offset too big: %w", token, os.ErrNotExist) } + if err != nil { - return fmt.Errorf("writing '%s' to '%s': %w", pe, typ.EventsPath(), err) + return fmt.Errorf("token %s: writing '%s': %w", token, pe, err) } return nil @@ -527,35 +524,6 @@ func probePrefix(ret bool) string { return "p" } -// determineRetprobeBit reads a Performance Monitoring Unit's retprobe bit -// from /sys/bus/event_source/devices//format/retprobe. -func determineRetprobeBit(typ probeType) (uint64, error) { - p := filepath.Join("/sys/bus/event_source/devices/", typ.String(), "/format/retprobe") - - data, err := os.ReadFile(p) - if err != nil { - return 0, err - } - - var rp uint64 - n, err := fmt.Sscanf(string(bytes.TrimSpace(data)), "config:%d", &rp) - if err != nil { - return 0, fmt.Errorf("parse retprobe bit: %w", err) - } - if n != 1 { - return 0, fmt.Errorf("parse retprobe bit: expected 1 item, got %d", n) - } - - return rp, nil -} - -func kretprobeBit() (uint64, error) { - kprobeRetprobeBit.once.Do(func() { - kprobeRetprobeBit.value, kprobeRetprobeBit.err = determineRetprobeBit(kprobeType) - }) - return kprobeRetprobeBit.value, kprobeRetprobeBit.err -} - // kprobeToken creates the SYM[+offs] token for the tracefs api. func kprobeToken(args probeArgs) string { po := args.symbol diff --git a/vendor/github.com/cilium/ebpf/link/kprobe_multi.go b/vendor/github.com/cilium/ebpf/link/kprobe_multi.go new file mode 100644 index 00000000000..06db5185c1c --- /dev/null +++ b/vendor/github.com/cilium/ebpf/link/kprobe_multi.go @@ -0,0 +1,176 @@ +package link + +import ( + "errors" + "fmt" + "os" + "unsafe" + + "github.com/cilium/ebpf" + "github.com/cilium/ebpf/asm" + "github.com/cilium/ebpf/internal" + "github.com/cilium/ebpf/internal/sys" + "github.com/cilium/ebpf/internal/unix" +) + +// KprobeMultiOptions defines additional parameters that will be used +// when opening a KprobeMulti Link. +type KprobeMultiOptions struct { + // Symbols takes a list of kernel symbol names to attach an ebpf program to. + // + // Mutually exclusive with Addresses. + Symbols []string + + // Addresses takes a list of kernel symbol addresses in case they can not + // be referred to by name. + // + // Note that only start addresses can be specified, since the fprobe API + // limits the attach point to the function entry or return. + // + // Mutually exclusive with Symbols. + Addresses []uint64 + + // Cookies specifies arbitrary values that can be fetched from an eBPF + // program via `bpf_get_attach_cookie()`. + // + // If set, its length should be equal to the length of Symbols or Addresses. + // Each Cookie is assigned to the Symbol or Address specified at the + // corresponding slice index. + Cookies []uint64 +} + +// KprobeMulti attaches the given eBPF program to the entry point of a given set +// of kernel symbols. +// +// The difference with Kprobe() is that multi-kprobe accomplishes this in a +// single system call, making it significantly faster than attaching many +// probes one at a time. +// +// Requires at least Linux 5.18. +func KprobeMulti(prog *ebpf.Program, opts KprobeMultiOptions) (Link, error) { + return kprobeMulti(prog, opts, 0) +} + +// KretprobeMulti attaches the given eBPF program to the return point of a given +// set of kernel symbols. +// +// The difference with Kretprobe() is that multi-kprobe accomplishes this in a +// single system call, making it significantly faster than attaching many +// probes one at a time. +// +// Requires at least Linux 5.18. +func KretprobeMulti(prog *ebpf.Program, opts KprobeMultiOptions) (Link, error) { + return kprobeMulti(prog, opts, unix.BPF_F_KPROBE_MULTI_RETURN) +} + +func kprobeMulti(prog *ebpf.Program, opts KprobeMultiOptions, flags uint32) (Link, error) { + if prog == nil { + return nil, errors.New("cannot attach a nil program") + } + + syms := uint32(len(opts.Symbols)) + addrs := uint32(len(opts.Addresses)) + cookies := uint32(len(opts.Cookies)) + + if syms == 0 && addrs == 0 { + return nil, fmt.Errorf("one of Symbols or Addresses is required: %w", errInvalidInput) + } + if syms != 0 && addrs != 0 { + return nil, fmt.Errorf("Symbols and Addresses are mutually exclusive: %w", errInvalidInput) + } + if cookies > 0 && cookies != syms && cookies != addrs { + return nil, fmt.Errorf("Cookies must be exactly Symbols or Addresses in length: %w", errInvalidInput) + } + + if err := haveBPFLinkKprobeMulti(); err != nil { + return nil, err + } + + attr := &sys.LinkCreateKprobeMultiAttr{ + ProgFd: uint32(prog.FD()), + AttachType: sys.BPF_TRACE_KPROBE_MULTI, + KprobeMultiFlags: flags, + } + + switch { + case syms != 0: + attr.Count = syms + attr.Syms = sys.NewStringSlicePointer(opts.Symbols) + + case addrs != 0: + attr.Count = addrs + attr.Addrs = sys.NewPointer(unsafe.Pointer(&opts.Addresses[0])) + } + + if cookies != 0 { + attr.Cookies = sys.NewPointer(unsafe.Pointer(&opts.Cookies[0])) + } + + fd, err := sys.LinkCreateKprobeMulti(attr) + if errors.Is(err, unix.ESRCH) { + return nil, fmt.Errorf("couldn't find one or more symbols: %w", os.ErrNotExist) + } + if errors.Is(err, unix.EINVAL) { + return nil, fmt.Errorf("%w (missing kernel symbol or prog's AttachType not AttachTraceKprobeMulti?)", err) + } + if err != nil { + return nil, err + } + + return &kprobeMultiLink{RawLink{fd, ""}}, nil +} + +type kprobeMultiLink struct { + RawLink +} + +var _ Link = (*kprobeMultiLink)(nil) + +func (kml *kprobeMultiLink) Update(prog *ebpf.Program) error { + return fmt.Errorf("update kprobe_multi: %w", ErrNotSupported) +} + +func (kml *kprobeMultiLink) Pin(string) error { + return fmt.Errorf("pin kprobe_multi: %w", ErrNotSupported) +} + +func (kml *kprobeMultiLink) Unpin() error { + return fmt.Errorf("unpin kprobe_multi: %w", ErrNotSupported) +} + +var haveBPFLinkKprobeMulti = internal.FeatureTest("bpf_link_kprobe_multi", "5.18", func() error { + prog, err := ebpf.NewProgram(&ebpf.ProgramSpec{ + Name: "probe_kpm_link", + Type: ebpf.Kprobe, + Instructions: asm.Instructions{ + asm.Mov.Imm(asm.R0, 0), + asm.Return(), + }, + AttachType: ebpf.AttachTraceKprobeMulti, + License: "MIT", + }) + if errors.Is(err, unix.E2BIG) { + // Kernel doesn't support AttachType field. + return internal.ErrNotSupported + } + if err != nil { + return err + } + defer prog.Close() + + fd, err := sys.LinkCreateKprobeMulti(&sys.LinkCreateKprobeMultiAttr{ + ProgFd: uint32(prog.FD()), + AttachType: sys.BPF_TRACE_KPROBE_MULTI, + Count: 1, + Syms: sys.NewStringSlicePointer([]string{"vprintk"}), + }) + if errors.Is(err, unix.EINVAL) { + return internal.ErrNotSupported + } + if err != nil { + return err + } + fd.Close() + + return nil +}) diff --git a/vendor/github.com/cilium/ebpf/link/link.go b/vendor/github.com/cilium/ebpf/link/link.go index 067d0101aa9..112785004a3 100644 --- a/vendor/github.com/cilium/ebpf/link/link.go +++ b/vendor/github.com/cilium/ebpf/link/link.go @@ -177,7 +177,7 @@ func AttachRawLink(opts RawLinkOptions) (*RawLink, error) { } fd, err := sys.LinkCreate(&attr) if err != nil { - return nil, fmt.Errorf("can't create link: %s", err) + return nil, fmt.Errorf("create link: %w", err) } return &RawLink{fd, ""}, nil @@ -280,27 +280,24 @@ func (l *RawLink) Info() (*Info, error) { switch info.Type { case CgroupType: extra = &CgroupInfo{} - case IterType: - // not supported case NetNsType: extra = &NetNsInfo{} - case RawTracepointType: - // not supported case TracingType: extra = &TracingInfo{} case XDPType: extra = &XDPInfo{} - case PerfEventType: - // no extra + case RawTracepointType, IterType, + PerfEventType, KprobeMultiType: + // Extra metadata not supported. default: return nil, fmt.Errorf("unknown link info type: %d", info.Type) } - if info.Type != RawTracepointType && info.Type != IterType && info.Type != PerfEventType { + if extra != nil { buf := bytes.NewReader(info.Extra[:]) err := binary.Read(buf, internal.NativeEndian, extra) if err != nil { - return nil, fmt.Errorf("can not read extra link info: %w", err) + return nil, fmt.Errorf("cannot read extra link info: %w", err) } } diff --git a/vendor/github.com/cilium/ebpf/link/perf_event.go b/vendor/github.com/cilium/ebpf/link/perf_event.go index 0e5bd47911b..602f45b4b8e 100644 --- a/vendor/github.com/cilium/ebpf/link/perf_event.go +++ b/vendor/github.com/cilium/ebpf/link/perf_event.go @@ -7,8 +7,8 @@ import ( "os" "path/filepath" "runtime" - "strconv" "strings" + "sync" "unsafe" "github.com/cilium/ebpf" @@ -270,7 +270,11 @@ func unsafeStringPtr(str string) (unsafe.Pointer, error) { // can pass a raw symbol name, e.g. a kernel symbol containing dots. func getTraceEventID(group, name string) (uint64, error) { name = sanitizeSymbol(name) - tid, err := uint64FromFile(tracefsPath, "events", group, name, "id") + path, err := sanitizePath(tracefsPath, "events", group, name, "id") + if err != nil { + return 0, err + } + tid, err := readUint64FromFile("%d\n", path) if errors.Is(err, os.ErrNotExist) { return 0, fmt.Errorf("trace event %s/%s: %w", group, name, os.ErrNotExist) } @@ -281,22 +285,6 @@ func getTraceEventID(group, name string) (uint64, error) { return tid, nil } -// getPMUEventType reads a Performance Monitoring Unit's type (numeric identifier) -// from /sys/bus/event_source/devices//type. -// -// Returns ErrNotSupported if the pmu type is not supported. -func getPMUEventType(typ probeType) (uint64, error) { - et, err := uint64FromFile("/sys/bus/event_source/devices", typ.String(), "type") - if errors.Is(err, os.ErrNotExist) { - return 0, fmt.Errorf("pmu type %s: %w", typ, ErrNotSupported) - } - if err != nil { - return 0, fmt.Errorf("reading pmu type %s: %w", typ, err) - } - - return et, nil -} - // openTracepointPerfEvent opens a tracepoint-type perf event. System-wide // [k,u]probes created by writing to /[k,u]probe_events are tracepoints // behind the scenes, and can be attached to using these perf events. @@ -317,23 +305,75 @@ func openTracepointPerfEvent(tid uint64, pid int) (*sys.FD, error) { return sys.NewFD(fd) } -// uint64FromFile reads a uint64 from a file. All elements of path are sanitized -// and joined onto base. Returns error if base no longer prefixes the path after -// joining all components. -func uint64FromFile(base string, path ...string) (uint64, error) { +func sanitizePath(base string, path ...string) (string, error) { l := filepath.Join(path...) p := filepath.Join(base, l) if !strings.HasPrefix(p, base) { - return 0, fmt.Errorf("path '%s' attempts to escape base path '%s': %w", l, base, errInvalidInput) + return "", fmt.Errorf("path '%s' attempts to escape base path '%s': %w", l, base, errInvalidInput) + } + return p, nil +} + +// readUint64FromFile reads a uint64 from a file. +// +// format specifies the contents of the file in fmt.Scanf syntax. +func readUint64FromFile(format string, path ...string) (uint64, error) { + filename := filepath.Join(path...) + data, err := os.ReadFile(filename) + if err != nil { + return 0, fmt.Errorf("reading file %q: %w", filename, err) } - data, err := os.ReadFile(p) + var value uint64 + n, err := fmt.Fscanf(bytes.NewReader(data), format, &value) if err != nil { - return 0, fmt.Errorf("reading file %s: %w", p, err) + return 0, fmt.Errorf("parsing file %q: %w", filename, err) + } + if n != 1 { + return 0, fmt.Errorf("parsing file %q: expected 1 item, got %d", filename, n) + } + + return value, nil +} + +type uint64FromFileKey struct { + format, path string +} + +var uint64FromFileCache = struct { + sync.RWMutex + values map[uint64FromFileKey]uint64 +}{ + values: map[uint64FromFileKey]uint64{}, +} + +// readUint64FromFileOnce is like readUint64FromFile but memoizes the result. +func readUint64FromFileOnce(format string, path ...string) (uint64, error) { + filename := filepath.Join(path...) + key := uint64FromFileKey{format, filename} + + uint64FromFileCache.RLock() + if value, ok := uint64FromFileCache.values[key]; ok { + uint64FromFileCache.RUnlock() + return value, nil + } + uint64FromFileCache.RUnlock() + + value, err := readUint64FromFile(format, filename) + if err != nil { + return 0, err + } + + uint64FromFileCache.Lock() + defer uint64FromFileCache.Unlock() + + if value, ok := uint64FromFileCache.values[key]; ok { + // Someone else got here before us, use what is cached. + return value, nil } - et := bytes.TrimSpace(data) - return strconv.ParseUint(string(et), 10, 64) + uint64FromFileCache.values[key] = value + return value, nil } // Probe BPF perf link. diff --git a/vendor/github.com/cilium/ebpf/link/syscalls.go b/vendor/github.com/cilium/ebpf/link/syscalls.go index a661395b360..035d8759fb9 100644 --- a/vendor/github.com/cilium/ebpf/link/syscalls.go +++ b/vendor/github.com/cilium/ebpf/link/syscalls.go @@ -23,6 +23,7 @@ const ( NetNsType = sys.BPF_LINK_TYPE_NETNS XDPType = sys.BPF_LINK_TYPE_XDP PerfEventType = sys.BPF_LINK_TYPE_PERF_EVENT + KprobeMultiType = sys.BPF_LINK_TYPE_KPROBE_MULTI ) var haveProgAttach = internal.FeatureTest("BPF_PROG_ATTACH", "4.10", func() error { diff --git a/vendor/github.com/cilium/ebpf/link/tracing.go b/vendor/github.com/cilium/ebpf/link/tracing.go index e47e61a3b84..5c07b775943 100644 --- a/vendor/github.com/cilium/ebpf/link/tracing.go +++ b/vendor/github.com/cilium/ebpf/link/tracing.go @@ -1,6 +1,7 @@ package link import ( + "errors" "fmt" "github.com/cilium/ebpf" @@ -70,6 +71,10 @@ func AttachFreplace(targetProg *ebpf.Program, name string, prog *ebpf.Program) ( Attach: ebpf.AttachNone, BTF: typeID, }) + if errors.Is(err, sys.ENOTSUPP) { + // This may be returned by bpf_tracing_prog_attach via bpf_arch_text_poke. + return nil, fmt.Errorf("create raw tracepoint: %w", ErrNotSupported) + } if err != nil { return nil, err } @@ -99,8 +104,12 @@ func attachBTFID(program *ebpf.Program) (Link, error) { fd, err := sys.RawTracepointOpen(&sys.RawTracepointOpenAttr{ ProgFd: uint32(program.FD()), }) + if errors.Is(err, sys.ENOTSUPP) { + // This may be returned by bpf_tracing_prog_attach via bpf_arch_text_poke. + return nil, fmt.Errorf("create raw tracepoint: %w", ErrNotSupported) + } if err != nil { - return nil, err + return nil, fmt.Errorf("create raw tracepoint: %w", err) } raw := RawLink{fd: fd} diff --git a/vendor/github.com/cilium/ebpf/link/uprobe.go b/vendor/github.com/cilium/ebpf/link/uprobe.go index edf925b5702..b4ce55fcc60 100644 --- a/vendor/github.com/cilium/ebpf/link/uprobe.go +++ b/vendor/github.com/cilium/ebpf/link/uprobe.go @@ -7,7 +7,6 @@ import ( "os" "path/filepath" "strings" - "sync" "github.com/cilium/ebpf" "github.com/cilium/ebpf/internal" @@ -16,12 +15,6 @@ import ( var ( uprobeEventsPath = filepath.Join(tracefsPath, "uprobe_events") - uprobeRetprobeBit = struct { - once sync.Once - value uint64 - err error - }{} - uprobeRefCtrOffsetPMUPath = "/sys/bus/event_source/devices/uprobe/format/ref_ctr_offset" // elixir.bootlin.com/linux/v5.15-rc7/source/kernel/events/core.c#L9799 uprobeRefCtrOffsetShift = 32 @@ -81,7 +74,7 @@ type UprobeOptions struct { // To open a new Executable, use: // -// OpenExecutable("/bin/bash") +// OpenExecutable("/bin/bash") // // The returned value can then be used to open Uprobe(s). func OpenExecutable(path string) (*Executable, error) { @@ -194,13 +187,13 @@ func (ex *Executable) address(symbol string, opts *UprobeOptions) (uint64, error // given symbol starts executing in the given Executable. // For example, /bin/bash::main(): // -// ex, _ = OpenExecutable("/bin/bash") -// ex.Uprobe("main", prog, nil) +// ex, _ = OpenExecutable("/bin/bash") +// ex.Uprobe("main", prog, nil) // // When using symbols which belongs to shared libraries, // an offset must be provided via options: // -// up, err := ex.Uprobe("main", prog, &UprobeOptions{Offset: 0x123}) +// up, err := ex.Uprobe("main", prog, &UprobeOptions{Offset: 0x123}) // // Note: Setting the Offset field in the options supersedes the symbol's offset. // @@ -228,13 +221,13 @@ func (ex *Executable) Uprobe(symbol string, prog *ebpf.Program, opts *UprobeOpti // Uretprobe attaches the given eBPF program to a perf event that fires right // before the given symbol exits. For example, /bin/bash::main(): // -// ex, _ = OpenExecutable("/bin/bash") -// ex.Uretprobe("main", prog, nil) +// ex, _ = OpenExecutable("/bin/bash") +// ex.Uretprobe("main", prog, nil) // // When using symbols which belongs to shared libraries, // an offset must be provided via options: // -// up, err := ex.Uretprobe("main", prog, &UprobeOptions{Offset: 0x123}) +// up, err := ex.Uretprobe("main", prog, &UprobeOptions{Offset: 0x123}) // // Note: Setting the Offset field in the options supersedes the symbol's offset. // @@ -364,10 +357,3 @@ func uprobeToken(args probeArgs) string { return po } - -func uretprobeBit() (uint64, error) { - uprobeRetprobeBit.once.Do(func() { - uprobeRetprobeBit.value, uprobeRetprobeBit.err = determineRetprobeBit(uprobeType) - }) - return uprobeRetprobeBit.value, uprobeRetprobeBit.err -} diff --git a/vendor/github.com/cilium/ebpf/linker.go b/vendor/github.com/cilium/ebpf/linker.go index e6276b1829b..2a2c1b63910 100644 --- a/vendor/github.com/cilium/ebpf/linker.go +++ b/vendor/github.com/cilium/ebpf/linker.go @@ -1,12 +1,14 @@ package ebpf import ( + "encoding/binary" "errors" "fmt" "sync" "github.com/cilium/ebpf/asm" "github.com/cilium/ebpf/btf" + "github.com/cilium/ebpf/internal" ) // splitSymbols splits insns into subsections delimited by Symbol Instructions. @@ -67,7 +69,7 @@ func hasFunctionReferences(insns asm.Instructions) bool { // // Passing a nil target will relocate against the running kernel. insns are // modified in place. -func applyRelocations(insns asm.Instructions, local, target *btf.Spec) error { +func applyRelocations(insns asm.Instructions, target *btf.Spec, bo binary.ByteOrder) error { var relos []*btf.CORERelocation var reloInsns []*asm.Instruction iter := insns.Iterate() @@ -82,12 +84,16 @@ func applyRelocations(insns asm.Instructions, local, target *btf.Spec) error { return nil } + if bo == nil { + bo = internal.NativeEndian + } + target, err := maybeLoadKernelBTF(target) if err != nil { return err } - fixups, err := btf.CORERelocate(local, target, relos) + fixups, err := btf.CORERelocate(relos, target, bo) if err != nil { return err } diff --git a/vendor/github.com/cilium/ebpf/map.go b/vendor/github.com/cilium/ebpf/map.go index e4a6c87e924..6a134ae70cb 100644 --- a/vendor/github.com/cilium/ebpf/map.go +++ b/vendor/github.com/cilium/ebpf/map.go @@ -413,7 +413,7 @@ func (spec *MapSpec) createMap(inner *sys.FD, opts MapOptions, handles *handleCa KeySize: spec.KeySize, ValueSize: spec.ValueSize, MaxEntries: spec.MaxEntries, - MapFlags: spec.Flags, + MapFlags: sys.MapFlags(spec.Flags), NumaNode: spec.NumaNode, } diff --git a/vendor/github.com/cilium/ebpf/prog.go b/vendor/github.com/cilium/ebpf/prog.go index 675edc711d7..dc58dbe989e 100644 --- a/vendor/github.com/cilium/ebpf/prog.go +++ b/vendor/github.com/cilium/ebpf/prog.go @@ -35,16 +35,44 @@ const ( // verifier log. const DefaultVerifierLogSize = 64 * 1024 +// maxVerifierLogSize is the maximum size of verifier log buffer the kernel +// will accept before returning EINVAL. +const maxVerifierLogSize = math.MaxUint32 >> 2 + // ProgramOptions control loading a program into the kernel. type ProgramOptions struct { - // Controls the detail emitted by the kernel verifier. Set to non-zero - // to enable logging. - LogLevel uint32 - // Controls the output buffer size for the verifier. Defaults to - // DefaultVerifierLogSize. + // Bitmap controlling the detail emitted by the kernel's eBPF verifier log. + // LogLevel-type values can be ORed together to request specific kinds of + // verifier output. See the documentation on [ebpf.LogLevel] for details. + // + // opts.LogLevel = (ebpf.LogLevelBranch | ebpf.LogLevelStats) + // + // If left to its default value, the program will first be loaded without + // verifier output enabled. Upon error, the program load will be repeated + // with LogLevelBranch and the given (or default) LogSize value. + // + // Setting this to a non-zero value will unconditionally enable the verifier + // log, populating the [ebpf.Program.VerifierLog] field on successful loads + // and including detailed verifier errors if the program is rejected. This + // will always allocate an output buffer, but will result in only a single + // attempt at loading the program. + LogLevel LogLevel + + // Controls the output buffer size for the verifier log, in bytes. See the + // documentation on ProgramOptions.LogLevel for details about how this value + // is used. + // + // If this value is set too low to fit the verifier log, the resulting + // [ebpf.VerifierError]'s Truncated flag will be true, and the error string + // will also contain a hint to that effect. + // + // Defaults to DefaultVerifierLogSize. LogSize int - // Type information used for CO-RE relocations and when attaching to - // kernel functions. + + // Disables the verifier log completely, regardless of other options. + LogDisabled bool + + // Type information used for CO-RE relocations. // // This is useful in environments where the kernel BTF is not available // (containers) or where it is in a non-standard location. Defaults to @@ -74,7 +102,7 @@ type ProgramSpec struct { // The program to attach to. Must be provided manually. AttachTarget *Program - // The name of the ELF section this program orininated from. + // The name of the ELF section this program originated from. SectionName string Instructions asm.Instructions @@ -181,6 +209,10 @@ func newProgramWithOptions(spec *ProgramSpec, opts ProgramOptions, handles *hand return nil, fmt.Errorf("can't load %s program on %s", spec.ByteOrder, internal.NativeEndian) } + if opts.LogSize < 0 { + return nil, errors.New("ProgramOptions.LogSize must be a positive value; disable verifier logs using ProgramOptions.LogDisabled") + } + // Kernels before 5.0 (6c4fc209fcf9 "bpf: remove useless version check for prog load") // require the version field to be set to the value of the KERNEL_VERSION // macro for kprobe-type programs. @@ -206,17 +238,11 @@ func newProgramWithOptions(spec *ProgramSpec, opts ProgramOptions, handles *hand attr.ProgName = sys.NewObjName(spec.Name) } - kernelTypes := opts.KernelTypes - insns := make(asm.Instructions, len(spec.Instructions)) copy(insns, spec.Instructions) var btfDisabled bool if spec.BTF != nil { - if err := applyRelocations(insns, spec.BTF, kernelTypes); err != nil { - return nil, fmt.Errorf("apply CO-RE relocations: %w", err) - } - handle, err := handles.btfHandle(spec.BTF) btfDisabled = errors.Is(err, btf.ErrNotSupported) if err != nil && !btfDisabled { @@ -241,6 +267,10 @@ func newProgramWithOptions(spec *ProgramSpec, opts ProgramOptions, handles *hand } } + if err := applyRelocations(insns, opts.KernelTypes, spec.ByteOrder); err != nil { + return nil, fmt.Errorf("apply CO-RE relocations: %w", err) + } + if err := fixupAndValidate(insns); err != nil { return nil, err } @@ -262,10 +292,10 @@ func newProgramWithOptions(spec *ProgramSpec, opts ProgramOptions, handles *hand } attr.AttachBtfId = uint32(targetID) - attr.AttachProgFd = uint32(spec.AttachTarget.FD()) + attr.AttachBtfObjFd = uint32(spec.AttachTarget.FD()) defer runtime.KeepAlive(spec.AttachTarget) } else if spec.AttachTo != "" { - targetID, err := findTargetInKernel(kernelTypes, spec.AttachTo, spec.Type, spec.AttachType) + module, targetID, err := findTargetInKernel(spec.AttachTo, spec.Type, spec.AttachType) if err != nil && !errors.Is(err, errUnrecognizedAttachType) { // We ignore errUnrecognizedAttachType since AttachTo may be non-empty // for programs that don't attach anywhere. @@ -273,16 +303,22 @@ func newProgramWithOptions(spec *ProgramSpec, opts ProgramOptions, handles *hand } attr.AttachBtfId = uint32(targetID) + if module != nil { + attr.AttachBtfObjFd = uint32(module.FD()) + defer module.Close() + } } - logSize := DefaultVerifierLogSize - if opts.LogSize > 0 { - logSize = opts.LogSize + if opts.LogSize == 0 { + opts.LogSize = DefaultVerifierLogSize } + // The caller provided a specific verifier log level. Immediately load + // the program with the given log level and buffer size, and skip retrying + // with a different level / size later. var logBuf []byte - if opts.LogLevel > 0 { - logBuf = make([]byte, logSize) + if !opts.LogDisabled && opts.LogLevel != 0 { + logBuf = make([]byte, opts.LogSize) attr.LogLevel = opts.LogLevel attr.LogSize = uint32(len(logBuf)) attr.LogBuf = sys.NewSlicePointer(logBuf) @@ -293,13 +329,17 @@ func newProgramWithOptions(spec *ProgramSpec, opts ProgramOptions, handles *hand return &Program{unix.ByteSliceToString(logBuf), fd, spec.Name, "", spec.Type}, nil } - if opts.LogLevel == 0 && opts.LogSize >= 0 { - // Re-run with the verifier enabled to get better error messages. - logBuf = make([]byte, logSize) - attr.LogLevel = 1 + // A verifier error occurred, but the caller did not specify a log level. + // Re-run with branch-level verifier logs enabled to obtain more info. + var truncated bool + if !opts.LogDisabled && opts.LogLevel == 0 { + logBuf = make([]byte, opts.LogSize) + attr.LogLevel = LogLevelBranch attr.LogSize = uint32(len(logBuf)) attr.LogBuf = sys.NewSlicePointer(logBuf) - _, _ = sys.ProgLoad(attr) + + _, ve := sys.ProgLoad(attr) + truncated = errors.Is(ve, unix.ENOSPC) } switch { @@ -318,11 +358,15 @@ func newProgramWithOptions(spec *ProgramSpec, opts ProgramOptions, handles *hand return nil, fmt.Errorf("load program: %w", err) } } + + if opts.LogSize > maxVerifierLogSize { + return nil, fmt.Errorf("load program: %w (ProgramOptions.LogSize exceeds maximum value of %d)", err, maxVerifierLogSize) + } } - err = internal.ErrorWithLog(err, logBuf) + err = internal.ErrorWithLog(err, logBuf, truncated) if btfDisabled { - return nil, fmt.Errorf("load program: %w (BTF disabled)", err) + return nil, fmt.Errorf("load program: %w (kernel without BTF support)", err) } return nil, fmt.Errorf("load program: %w", err) } @@ -542,7 +586,7 @@ func (p *Program) Run(opts *RunOptions) (uint32, error) { // run or an error. reset is called whenever the benchmark syscall is // interrupted, and should be set to testing.B.ResetTimer or similar. // -// Note: profiling a call to this function will skew it's results, see +// Note: profiling a call to this function will skew its results, see // https://github.com/cilium/ebpf/issues/24 // // This function requires at least Linux 4.12. @@ -580,8 +624,7 @@ var haveProgTestRun = internal.FeatureTest("BPF_PROG_TEST_RUN", "4.12", func() e } defer prog.Close() - // Programs require at least 14 bytes input - in := make([]byte, 14) + in := internal.EmptyBPFContext attr := sys.ProgRunAttr{ ProgFd: uint32(prog.FD()), DataSizeIn: uint32(len(in)), @@ -599,7 +642,7 @@ var haveProgTestRun = internal.FeatureTest("BPF_PROG_TEST_RUN", "4.12", func() e // We know that PROG_TEST_RUN is supported if we get EINTR. return nil - case errors.Is(err, unix.ENOTSUPP): + case errors.Is(err, sys.ENOTSUPP): // The first PROG_TEST_RUN patches shipped in 4.12 didn't include // a test runner for SocketFilter. ENOTSUPP means PROG_TEST_RUN is // supported, but not for the program type used in the probe. @@ -660,7 +703,7 @@ func (p *Program) testRun(opts *RunOptions) (uint32, time.Duration, error) { continue } - if errors.Is(err, unix.ENOTSUPP) { + if errors.Is(err, sys.ENOTSUPP) { return 0, 0, fmt.Errorf("kernel doesn't support testing program type %s: %w", p.Type(), ErrNotSupported) } @@ -770,11 +813,15 @@ var errUnrecognizedAttachType = errors.New("unrecognized attach type") // find an attach target type in the kernel. // -// spec may be nil and defaults to the canonical kernel BTF. name together with -// progType and attachType determine which type we need to attach to. +// name, progType and attachType determine which type we need to attach to. // -// Returns errUnrecognizedAttachType. -func findTargetInKernel(spec *btf.Spec, name string, progType ProgramType, attachType AttachType) (btf.TypeID, error) { +// The attach target may be in a loaded kernel module. +// In that case the returned handle will be non-nil. +// The caller is responsible for closing the handle. +// +// Returns errUnrecognizedAttachType if the combination of progType and attachType +// is not recognised. +func findTargetInKernel(name string, progType ProgramType, attachType AttachType) (*btf.Handle, btf.TypeID, error) { type match struct { p ProgramType a AttachType @@ -782,59 +829,109 @@ func findTargetInKernel(spec *btf.Spec, name string, progType ProgramType, attac var ( typeName, featureName string - isBTFTypeFunc = true + target btf.Type ) switch (match{progType, attachType}) { case match{LSM, AttachLSMMac}: typeName = "bpf_lsm_" + name featureName = name + " LSM hook" + target = (*btf.Func)(nil) case match{Tracing, AttachTraceIter}: typeName = "bpf_iter_" + name featureName = name + " iterator" + target = (*btf.Func)(nil) case match{Tracing, AttachTraceFEntry}: typeName = name featureName = fmt.Sprintf("fentry %s", name) + target = (*btf.Func)(nil) case match{Tracing, AttachTraceFExit}: typeName = name featureName = fmt.Sprintf("fexit %s", name) + target = (*btf.Func)(nil) case match{Tracing, AttachModifyReturn}: typeName = name featureName = fmt.Sprintf("fmod_ret %s", name) + target = (*btf.Func)(nil) case match{Tracing, AttachTraceRawTp}: typeName = fmt.Sprintf("btf_trace_%s", name) featureName = fmt.Sprintf("raw_tp %s", name) - isBTFTypeFunc = false + target = (*btf.Typedef)(nil) default: - return 0, errUnrecognizedAttachType + return nil, 0, errUnrecognizedAttachType } - spec, err := maybeLoadKernelBTF(spec) + // maybeLoadKernelBTF may return external BTF if /sys/... is not available. + // Ideally we shouldn't use external BTF here, since we might try to use + // it for parsing kmod split BTF later on. That seems unlikely to work. + spec, err := maybeLoadKernelBTF(nil) if err != nil { - return 0, fmt.Errorf("load kernel spec: %w", err) + return nil, 0, fmt.Errorf("load kernel spec: %w", err) } - var target btf.Type - if isBTFTypeFunc { - var targetFunc *btf.Func - err = spec.TypeByName(typeName, &targetFunc) - target = targetFunc - } else { - var targetTypedef *btf.Typedef - err = spec.TypeByName(typeName, &targetTypedef) - target = targetTypedef + err = spec.TypeByName(typeName, &target) + if errors.Is(err, btf.ErrNotFound) { + module, id, err := findTargetInModule(spec, typeName, target) + if errors.Is(err, btf.ErrNotFound) { + return nil, 0, &internal.UnsupportedFeatureError{Name: featureName} + } + if err != nil { + return nil, 0, fmt.Errorf("find target for %s in modules: %w", featureName, err) + } + return module, id, nil } - if err != nil { + return nil, 0, fmt.Errorf("find target for %s in vmlinux: %w", featureName, err) + } + + id, err := spec.TypeID(target) + return nil, id, err +} + +// find an attach target type in a kernel module. +// +// vmlinux must contain the kernel's types and is used to parse kmod BTF. +// +// Returns btf.ErrNotFound if the target can't be found in any module. +func findTargetInModule(vmlinux *btf.Spec, typeName string, target btf.Type) (*btf.Handle, btf.TypeID, error) { + it := new(btf.HandleIterator) + defer it.Handle.Close() + + for it.Next() { + info, err := it.Handle.Info() + if err != nil { + return nil, 0, fmt.Errorf("get info for BTF ID %d: %w", it.ID, err) + } + + if !info.IsModule() { + continue + } + + spec, err := it.Handle.Spec(vmlinux) + if err != nil { + return nil, 0, fmt.Errorf("parse types for module %s: %w", info.Name, err) + } + + err = spec.TypeByName(typeName, &target) if errors.Is(err, btf.ErrNotFound) { - return 0, &internal.UnsupportedFeatureError{ - Name: featureName, - } + continue } - return 0, fmt.Errorf("find target for %s: %w", featureName, err) + if err != nil { + return nil, 0, fmt.Errorf("lookup type in module %s: %w", info.Name, err) + } + + id, err := spec.TypeID(target) + if err != nil { + return nil, 0, fmt.Errorf("lookup type id in module %s: %w", info.Name, err) + } + + return it.Take(), id, nil + } + if err := it.Err(); err != nil { + return nil, 0, fmt.Errorf("iterate modules: %w", err) } - return spec.TypeID(target) + return nil, 0, btf.ErrNotFound } // find an attach target type in a program. diff --git a/vendor/github.com/cilium/ebpf/run-tests.sh b/vendor/github.com/cilium/ebpf/run-tests.sh index c21cca9e5e7..3507ece39b4 100644 --- a/vendor/github.com/cilium/ebpf/run-tests.sh +++ b/vendor/github.com/cilium/ebpf/run-tests.sh @@ -111,7 +111,7 @@ readonly branch="${BRANCH:-master}" fetch() { echo Fetching "${1}" pushd "${tmp_dir}" > /dev/null - curl -s -L -O --fail --etag-compare "${1}.etag" --etag-save "${1}.etag" "https://github.com/cilium/ci-kernels/raw/${branch}/${1}" + curl --no-progress-meter -L -O --fail --etag-compare "${1}.etag" --etag-save "${1}.etag" "https://github.com/cilium/ci-kernels/raw/${branch}/${1}" local ret=$? popd > /dev/null return $ret diff --git a/vendor/github.com/cilium/ebpf/syscalls.go b/vendor/github.com/cilium/ebpf/syscalls.go index e5c270a5585..c10014297b5 100644 --- a/vendor/github.com/cilium/ebpf/syscalls.go +++ b/vendor/github.com/cilium/ebpf/syscalls.go @@ -143,8 +143,8 @@ func wrapMapError(err error) error { return sys.Error(ErrKeyExist, unix.EEXIST) } - if errors.Is(err, unix.ENOTSUPP) { - return sys.Error(ErrNotSupported, unix.ENOTSUPP) + if errors.Is(err, sys.ENOTSUPP) { + return sys.Error(ErrNotSupported, sys.ENOTSUPP) } if errors.Is(err, unix.E2BIG) { diff --git a/vendor/github.com/cilium/ebpf/types.go b/vendor/github.com/cilium/ebpf/types.go index a27b4424745..03b7f11f3ac 100644 --- a/vendor/github.com/cilium/ebpf/types.go +++ b/vendor/github.com/cilium/ebpf/types.go @@ -1,6 +1,7 @@ package ebpf import ( + "github.com/cilium/ebpf/internal/sys" "github.com/cilium/ebpf/internal/unix" ) @@ -229,6 +230,7 @@ const ( AttachSkReuseportSelect AttachSkReuseportSelectOrMigrate AttachPerfEvent + AttachTraceKprobeMulti ) // AttachFlags of the eBPF program used in BPF_PROG_ATTACH command @@ -282,3 +284,20 @@ type BatchOptions struct { ElemFlags uint64 Flags uint64 } + +// LogLevel controls the verbosity of the kernel's eBPF program verifier. +// These constants can be used for the ProgramOptions.LogLevel field. +type LogLevel = sys.LogLevel + +const ( + // Print verifier state at branch points. + LogLevelBranch = sys.BPF_LOG_LEVEL1 + + // Print verifier state for every instruction. + // Available since Linux v5.2. + LogLevelInstruction = sys.BPF_LOG_LEVEL2 + + // Print verifier errors and stats at the end of the verification process. + // Available since Linux v5.2. + LogLevelStats = sys.BPF_LOG_STATS +) diff --git a/vendor/golang.org/x/sys/AUTHORS b/vendor/golang.org/x/sys/AUTHORS deleted file mode 100644 index 15167cd746c..00000000000 --- a/vendor/golang.org/x/sys/AUTHORS +++ /dev/null @@ -1,3 +0,0 @@ -# This source code refers to The Go Authors for copyright purposes. -# The master list of authors is in the main Go distribution, -# visible at http://tip.golang.org/AUTHORS. diff --git a/vendor/golang.org/x/sys/CONTRIBUTORS b/vendor/golang.org/x/sys/CONTRIBUTORS deleted file mode 100644 index 1c4577e9680..00000000000 --- a/vendor/golang.org/x/sys/CONTRIBUTORS +++ /dev/null @@ -1,3 +0,0 @@ -# This source code was written by the Go contributors. -# The master list of contributors is in the main Go distribution, -# visible at http://tip.golang.org/CONTRIBUTORS. diff --git a/vendor/golang.org/x/sys/unix/ioctl_linux.go b/vendor/golang.org/x/sys/unix/ioctl_linux.go index 884430b810c..0d12c0851ad 100644 --- a/vendor/golang.org/x/sys/unix/ioctl_linux.go +++ b/vendor/golang.org/x/sys/unix/ioctl_linux.go @@ -4,9 +4,7 @@ package unix -import ( - "unsafe" -) +import "unsafe" // IoctlRetInt performs an ioctl operation specified by req on a device // associated with opened file descriptor fd, and returns a non-negative @@ -217,3 +215,19 @@ func IoctlKCMAttach(fd int, info KCMAttach) error { func IoctlKCMUnattach(fd int, info KCMUnattach) error { return ioctlPtr(fd, SIOCKCMUNATTACH, unsafe.Pointer(&info)) } + +// IoctlLoopGetStatus64 gets the status of the loop device associated with the +// file descriptor fd using the LOOP_GET_STATUS64 operation. +func IoctlLoopGetStatus64(fd int) (*LoopInfo64, error) { + var value LoopInfo64 + if err := ioctlPtr(fd, LOOP_GET_STATUS64, unsafe.Pointer(&value)); err != nil { + return nil, err + } + return &value, nil +} + +// IoctlLoopSetStatus64 sets the status of the loop device associated with the +// file descriptor fd using the LOOP_SET_STATUS64 operation. +func IoctlLoopSetStatus64(fd int, value *LoopInfo64) error { + return ioctlPtr(fd, LOOP_SET_STATUS64, unsafe.Pointer(value)) +} diff --git a/vendor/golang.org/x/sys/unix/mkall.sh b/vendor/golang.org/x/sys/unix/mkall.sh index dcef4de6f18..1b2b424a726 100644 --- a/vendor/golang.org/x/sys/unix/mkall.sh +++ b/vendor/golang.org/x/sys/unix/mkall.sh @@ -73,12 +73,12 @@ aix_ppc64) darwin_amd64) mkerrors="$mkerrors -m64" mktypes="GOARCH=$GOARCH go tool cgo -godefs" - mkasm="go run mkasm_darwin.go" + mkasm="go run mkasm.go" ;; darwin_arm64) mkerrors="$mkerrors -m64" mktypes="GOARCH=$GOARCH go tool cgo -godefs" - mkasm="go run mkasm_darwin.go" + mkasm="go run mkasm.go" ;; dragonfly_amd64) mkerrors="$mkerrors -m64" @@ -142,33 +142,33 @@ netbsd_arm64) mktypes="GOARCH=$GOARCH go tool cgo -godefs" ;; openbsd_386) + mkasm="go run mkasm.go" mkerrors="$mkerrors -m32" - mksyscall="go run mksyscall.go -l32 -openbsd" + mksyscall="go run mksyscall.go -l32 -openbsd -libc" mksysctl="go run mksysctl_openbsd.go" - mksysnum="go run mksysnum.go 'https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/sys/kern/syscalls.master'" mktypes="GOARCH=$GOARCH go tool cgo -godefs" ;; openbsd_amd64) + mkasm="go run mkasm.go" mkerrors="$mkerrors -m64" - mksyscall="go run mksyscall.go -openbsd" + mksyscall="go run mksyscall.go -openbsd -libc" mksysctl="go run mksysctl_openbsd.go" - mksysnum="go run mksysnum.go 'https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/sys/kern/syscalls.master'" mktypes="GOARCH=$GOARCH go tool cgo -godefs" ;; openbsd_arm) + mkasm="go run mkasm.go" mkerrors="$mkerrors" - mksyscall="go run mksyscall.go -l32 -openbsd -arm" + mksyscall="go run mksyscall.go -l32 -openbsd -arm -libc" mksysctl="go run mksysctl_openbsd.go" - mksysnum="go run mksysnum.go 'https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/sys/kern/syscalls.master'" # Let the type of C char be signed for making the bare syscall # API consistent across platforms. mktypes="GOARCH=$GOARCH go tool cgo -godefs -- -fsigned-char" ;; openbsd_arm64) + mkasm="go run mkasm.go" mkerrors="$mkerrors -m64" - mksyscall="go run mksyscall.go -openbsd" + mksyscall="go run mksyscall.go -openbsd -libc" mksysctl="go run mksysctl_openbsd.go" - mksysnum="go run mksysnum.go 'https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/sys/kern/syscalls.master'" # Let the type of C char be signed for making the bare syscall # API consistent across platforms. mktypes="GOARCH=$GOARCH go tool cgo -godefs -- -fsigned-char" @@ -214,11 +214,6 @@ esac if [ "$GOOSARCH" == "aix_ppc64" ]; then # aix/ppc64 script generates files instead of writing to stdin. echo "$mksyscall -tags $GOOS,$GOARCH $syscall_goos $GOOSARCH_in && gofmt -w zsyscall_$GOOSARCH.go && gofmt -w zsyscall_"$GOOSARCH"_gccgo.go && gofmt -w zsyscall_"$GOOSARCH"_gc.go " ; - elif [ "$GOOS" == "darwin" ]; then - # 1.12 and later, syscalls via libSystem - echo "$mksyscall -tags $GOOS,$GOARCH,go1.12 $syscall_goos $GOOSARCH_in |gofmt >zsyscall_$GOOSARCH.go"; - # 1.13 and later, syscalls via libSystem (including syscallPtr) - echo "$mksyscall -tags $GOOS,$GOARCH,go1.13 syscall_darwin.1_13.go |gofmt >zsyscall_$GOOSARCH.1_13.go"; elif [ "$GOOS" == "illumos" ]; then # illumos code generation requires a --illumos switch echo "$mksyscall -illumos -tags illumos,$GOARCH syscall_illumos.go |gofmt > zsyscall_illumos_$GOARCH.go"; @@ -232,5 +227,5 @@ esac if [ -n "$mksysctl" ]; then echo "$mksysctl |gofmt >$zsysctl"; fi if [ -n "$mksysnum" ]; then echo "$mksysnum |gofmt >zsysnum_$GOOSARCH.go"; fi if [ -n "$mktypes" ]; then echo "$mktypes types_$GOOS.go | go run mkpost.go > ztypes_$GOOSARCH.go"; fi - if [ -n "$mkasm" ]; then echo "$mkasm $GOARCH"; fi + if [ -n "$mkasm" ]; then echo "$mkasm $GOOS $GOARCH"; fi ) | $run diff --git a/vendor/golang.org/x/sys/unix/mkerrors.sh b/vendor/golang.org/x/sys/unix/mkerrors.sh index ca50e4e14dd..2ab44aa6591 100644 --- a/vendor/golang.org/x/sys/unix/mkerrors.sh +++ b/vendor/golang.org/x/sys/unix/mkerrors.sh @@ -297,6 +297,10 @@ struct ltchars { #define SOL_NETLINK 270 #endif +#ifndef SOL_SMC +#define SOL_SMC 286 +#endif + #ifdef SOL_BLUETOOTH // SPARC includes this in /usr/include/sparc64-linux-gnu/bits/socket.h // but it is already in bluetooth_linux.go diff --git a/vendor/golang.org/x/sys/unix/str.go b/vendor/golang.org/x/sys/unix/str.go deleted file mode 100644 index 8ba89ed8694..00000000000 --- a/vendor/golang.org/x/sys/unix/str.go +++ /dev/null @@ -1,27 +0,0 @@ -// Copyright 2009 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris -// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris - -package unix - -func itoa(val int) string { // do it here rather than with fmt to avoid dependency - if val < 0 { - return "-" + uitoa(uint(-val)) - } - return uitoa(uint(val)) -} - -func uitoa(val uint) string { - var buf [32]byte // big enough for int64 - i := len(buf) - 1 - for val >= 10 { - buf[i] = byte(val%10 + '0') - i-- - val /= 10 - } - buf[i] = byte(val + '0') - return string(buf[i:]) -} diff --git a/vendor/golang.org/x/sys/unix/syscall.go b/vendor/golang.org/x/sys/unix/syscall.go index 649fa87405d..63e8c838317 100644 --- a/vendor/golang.org/x/sys/unix/syscall.go +++ b/vendor/golang.org/x/sys/unix/syscall.go @@ -29,8 +29,6 @@ import ( "bytes" "strings" "unsafe" - - "golang.org/x/sys/internal/unsafeheader" ) // ByteSliceFromString returns a NUL-terminated slice of bytes @@ -82,13 +80,7 @@ func BytePtrToString(p *byte) string { ptr = unsafe.Pointer(uintptr(ptr) + 1) } - var s []byte - h := (*unsafeheader.Slice)(unsafe.Pointer(&s)) - h.Data = unsafe.Pointer(p) - h.Len = n - h.Cap = n - - return string(s) + return string(unsafe.Slice(p, n)) } // Single-word zero for use when we need a valid pointer to 0 bytes. diff --git a/vendor/golang.org/x/sys/unix/syscall_aix.go b/vendor/golang.org/x/sys/unix/syscall_aix.go index ac579c60feb..2db1b51e99f 100644 --- a/vendor/golang.org/x/sys/unix/syscall_aix.go +++ b/vendor/golang.org/x/sys/unix/syscall_aix.go @@ -218,13 +218,62 @@ func Accept(fd int) (nfd int, sa Sockaddr, err error) { } func recvmsgRaw(fd int, iov []Iovec, oob []byte, flags int, rsa *RawSockaddrAny) (n, oobn int, recvflags int, err error) { - // Recvmsg not implemented on AIX - return -1, -1, -1, ENOSYS + var msg Msghdr + msg.Name = (*byte)(unsafe.Pointer(rsa)) + msg.Namelen = uint32(SizeofSockaddrAny) + var dummy byte + if len(oob) > 0 { + // receive at least one normal byte + if emptyIovecs(iov) { + var iova [1]Iovec + iova[0].Base = &dummy + iova[0].SetLen(1) + iov = iova[:] + } + msg.Control = (*byte)(unsafe.Pointer(&oob[0])) + msg.SetControllen(len(oob)) + } + if len(iov) > 0 { + msg.Iov = &iov[0] + msg.SetIovlen(len(iov)) + } + if n, err = recvmsg(fd, &msg, flags); n == -1 { + return + } + oobn = int(msg.Controllen) + recvflags = int(msg.Flags) + return } func sendmsgN(fd int, iov []Iovec, oob []byte, ptr unsafe.Pointer, salen _Socklen, flags int) (n int, err error) { - // SendmsgN not implemented on AIX - return -1, ENOSYS + var msg Msghdr + msg.Name = (*byte)(unsafe.Pointer(ptr)) + msg.Namelen = uint32(salen) + var dummy byte + var empty bool + if len(oob) > 0 { + // send at least one normal byte + empty = emptyIovecs(iov) + if empty { + var iova [1]Iovec + iova[0].Base = &dummy + iova[0].SetLen(1) + iov = iova[:] + } + msg.Control = (*byte)(unsafe.Pointer(&oob[0])) + msg.SetControllen(len(oob)) + } + if len(iov) > 0 { + msg.Iov = &iov[0] + msg.SetIovlen(len(iov)) + } + if n, err = sendmsg(fd, &msg, flags); err != nil { + return 0, err + } + if len(oob) > 0 && empty { + n = 0 + } + return n, nil } func anyToSockaddr(fd int, rsa *RawSockaddrAny) (Sockaddr, error) { diff --git a/vendor/golang.org/x/sys/unix/syscall_bsd.go b/vendor/golang.org/x/sys/unix/syscall_bsd.go index c437fc5d7bb..eda42671f19 100644 --- a/vendor/golang.org/x/sys/unix/syscall_bsd.go +++ b/vendor/golang.org/x/sys/unix/syscall_bsd.go @@ -363,7 +363,7 @@ func sendmsgN(fd int, iov []Iovec, oob []byte, ptr unsafe.Pointer, salen _Sockle var empty bool if len(oob) > 0 { // send at least one normal byte - empty := emptyIovecs(iov) + empty = emptyIovecs(iov) if empty { var iova [1]Iovec iova[0].Base = &dummy diff --git a/vendor/golang.org/x/sys/unix/syscall_darwin.1_12.go b/vendor/golang.org/x/sys/unix/syscall_darwin.1_12.go deleted file mode 100644 index b0098607c70..00000000000 --- a/vendor/golang.org/x/sys/unix/syscall_darwin.1_12.go +++ /dev/null @@ -1,32 +0,0 @@ -// Copyright 2019 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -//go:build darwin && go1.12 && !go1.13 -// +build darwin,go1.12,!go1.13 - -package unix - -import ( - "unsafe" -) - -const _SYS_GETDIRENTRIES64 = 344 - -func Getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) { - // To implement this using libSystem we'd need syscall_syscallPtr for - // fdopendir. However, syscallPtr was only added in Go 1.13, so we fall - // back to raw syscalls for this func on Go 1.12. - var p unsafe.Pointer - if len(buf) > 0 { - p = unsafe.Pointer(&buf[0]) - } else { - p = unsafe.Pointer(&_zero) - } - r0, _, e1 := Syscall6(_SYS_GETDIRENTRIES64, uintptr(fd), uintptr(p), uintptr(len(buf)), uintptr(unsafe.Pointer(basep)), 0, 0) - n = int(r0) - if e1 != 0 { - return n, errnoErr(e1) - } - return n, nil -} diff --git a/vendor/golang.org/x/sys/unix/syscall_darwin.1_13.go b/vendor/golang.org/x/sys/unix/syscall_darwin.1_13.go deleted file mode 100644 index 1596426b1e2..00000000000 --- a/vendor/golang.org/x/sys/unix/syscall_darwin.1_13.go +++ /dev/null @@ -1,108 +0,0 @@ -// Copyright 2019 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -//go:build darwin && go1.13 -// +build darwin,go1.13 - -package unix - -import ( - "unsafe" - - "golang.org/x/sys/internal/unsafeheader" -) - -//sys closedir(dir uintptr) (err error) -//sys readdir_r(dir uintptr, entry *Dirent, result **Dirent) (res Errno) - -func fdopendir(fd int) (dir uintptr, err error) { - r0, _, e1 := syscall_syscallPtr(libc_fdopendir_trampoline_addr, uintptr(fd), 0, 0) - dir = uintptr(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -var libc_fdopendir_trampoline_addr uintptr - -//go:cgo_import_dynamic libc_fdopendir fdopendir "/usr/lib/libSystem.B.dylib" - -func Getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) { - // Simulate Getdirentries using fdopendir/readdir_r/closedir. - // We store the number of entries to skip in the seek - // offset of fd. See issue #31368. - // It's not the full required semantics, but should handle the case - // of calling Getdirentries or ReadDirent repeatedly. - // It won't handle assigning the results of lseek to *basep, or handle - // the directory being edited underfoot. - skip, err := Seek(fd, 0, 1 /* SEEK_CUR */) - if err != nil { - return 0, err - } - - // We need to duplicate the incoming file descriptor - // because the caller expects to retain control of it, but - // fdopendir expects to take control of its argument. - // Just Dup'ing the file descriptor is not enough, as the - // result shares underlying state. Use Openat to make a really - // new file descriptor referring to the same directory. - fd2, err := Openat(fd, ".", O_RDONLY, 0) - if err != nil { - return 0, err - } - d, err := fdopendir(fd2) - if err != nil { - Close(fd2) - return 0, err - } - defer closedir(d) - - var cnt int64 - for { - var entry Dirent - var entryp *Dirent - e := readdir_r(d, &entry, &entryp) - if e != 0 { - return n, errnoErr(e) - } - if entryp == nil { - break - } - if skip > 0 { - skip-- - cnt++ - continue - } - - reclen := int(entry.Reclen) - if reclen > len(buf) { - // Not enough room. Return for now. - // The counter will let us know where we should start up again. - // Note: this strategy for suspending in the middle and - // restarting is O(n^2) in the length of the directory. Oh well. - break - } - - // Copy entry into return buffer. - var s []byte - hdr := (*unsafeheader.Slice)(unsafe.Pointer(&s)) - hdr.Data = unsafe.Pointer(&entry) - hdr.Cap = reclen - hdr.Len = reclen - copy(buf, s) - - buf = buf[reclen:] - n += reclen - cnt++ - } - // Set the seek offset of the input fd to record - // how many files we've already returned. - _, err = Seek(fd, cnt, 0 /* SEEK_SET */) - if err != nil { - return n, err - } - - return n, nil -} diff --git a/vendor/golang.org/x/sys/unix/syscall_darwin.go b/vendor/golang.org/x/sys/unix/syscall_darwin.go index 4f87f16ea7c..1f63382182f 100644 --- a/vendor/golang.org/x/sys/unix/syscall_darwin.go +++ b/vendor/golang.org/x/sys/unix/syscall_darwin.go @@ -19,6 +19,96 @@ import ( "unsafe" ) +//sys closedir(dir uintptr) (err error) +//sys readdir_r(dir uintptr, entry *Dirent, result **Dirent) (res Errno) + +func fdopendir(fd int) (dir uintptr, err error) { + r0, _, e1 := syscall_syscallPtr(libc_fdopendir_trampoline_addr, uintptr(fd), 0, 0) + dir = uintptr(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_fdopendir_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fdopendir fdopendir "/usr/lib/libSystem.B.dylib" + +func Getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) { + // Simulate Getdirentries using fdopendir/readdir_r/closedir. + // We store the number of entries to skip in the seek + // offset of fd. See issue #31368. + // It's not the full required semantics, but should handle the case + // of calling Getdirentries or ReadDirent repeatedly. + // It won't handle assigning the results of lseek to *basep, or handle + // the directory being edited underfoot. + skip, err := Seek(fd, 0, 1 /* SEEK_CUR */) + if err != nil { + return 0, err + } + + // We need to duplicate the incoming file descriptor + // because the caller expects to retain control of it, but + // fdopendir expects to take control of its argument. + // Just Dup'ing the file descriptor is not enough, as the + // result shares underlying state. Use Openat to make a really + // new file descriptor referring to the same directory. + fd2, err := Openat(fd, ".", O_RDONLY, 0) + if err != nil { + return 0, err + } + d, err := fdopendir(fd2) + if err != nil { + Close(fd2) + return 0, err + } + defer closedir(d) + + var cnt int64 + for { + var entry Dirent + var entryp *Dirent + e := readdir_r(d, &entry, &entryp) + if e != 0 { + return n, errnoErr(e) + } + if entryp == nil { + break + } + if skip > 0 { + skip-- + cnt++ + continue + } + + reclen := int(entry.Reclen) + if reclen > len(buf) { + // Not enough room. Return for now. + // The counter will let us know where we should start up again. + // Note: this strategy for suspending in the middle and + // restarting is O(n^2) in the length of the directory. Oh well. + break + } + + // Copy entry into return buffer. + s := unsafe.Slice((*byte)(unsafe.Pointer(&entry)), reclen) + copy(buf, s) + + buf = buf[reclen:] + n += reclen + cnt++ + } + // Set the seek offset of the input fd to record + // how many files we've already returned. + _, err = Seek(fd, cnt, 0 /* SEEK_SET */) + if err != nil { + return n, err + } + + return n, nil +} + // SockaddrDatalink implements the Sockaddr interface for AF_LINK type sockets. type SockaddrDatalink struct { Len uint8 diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go index c3c4c698e07..b11ede89a96 100644 --- a/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go +++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go @@ -61,7 +61,7 @@ func PtraceGetFsBase(pid int, fsbase *int64) (err error) { } func PtraceIO(req int, pid int, addr uintptr, out []byte, countin int) (count int, err error) { - ioDesc := PtraceIoDesc{Op: int32(req), Offs: (*byte)(unsafe.Pointer(addr)), Addr: (*byte)(unsafe.Pointer(&out[0])), Len: uint32(countin)} + ioDesc := PtraceIoDesc{Op: int32(req), Offs: uintptr(unsafe.Pointer(addr)), Addr: uintptr(unsafe.Pointer(&out[0])), Len: uint32(countin)} err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0) return int(ioDesc.Len), err } diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go index 82be61a2f98..9ed8eec6c28 100644 --- a/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go +++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go @@ -61,7 +61,7 @@ func PtraceGetFsBase(pid int, fsbase *int64) (err error) { } func PtraceIO(req int, pid int, addr uintptr, out []byte, countin int) (count int, err error) { - ioDesc := PtraceIoDesc{Op: int32(req), Offs: (*byte)(unsafe.Pointer(addr)), Addr: (*byte)(unsafe.Pointer(&out[0])), Len: uint64(countin)} + ioDesc := PtraceIoDesc{Op: int32(req), Offs: uintptr(unsafe.Pointer(addr)), Addr: uintptr(unsafe.Pointer(&out[0])), Len: uint64(countin)} err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0) return int(ioDesc.Len), err } diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go index cd58f1026c0..f8ac9824790 100644 --- a/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go +++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go @@ -57,7 +57,7 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno) func PtraceIO(req int, pid int, addr uintptr, out []byte, countin int) (count int, err error) { - ioDesc := PtraceIoDesc{Op: int32(req), Offs: (*byte)(unsafe.Pointer(addr)), Addr: (*byte)(unsafe.Pointer(&out[0])), Len: uint32(countin)} + ioDesc := PtraceIoDesc{Op: int32(req), Offs: uintptr(unsafe.Pointer(addr)), Addr: uintptr(unsafe.Pointer(&out[0])), Len: uint32(countin)} err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0) return int(ioDesc.Len), err } diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go index d6f538f9e00..8e932036ec3 100644 --- a/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go +++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go @@ -57,7 +57,7 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno) func PtraceIO(req int, pid int, addr uintptr, out []byte, countin int) (count int, err error) { - ioDesc := PtraceIoDesc{Op: int32(req), Offs: (*byte)(unsafe.Pointer(addr)), Addr: (*byte)(unsafe.Pointer(&out[0])), Len: uint64(countin)} + ioDesc := PtraceIoDesc{Op: int32(req), Offs: uintptr(unsafe.Pointer(addr)), Addr: uintptr(unsafe.Pointer(&out[0])), Len: uint64(countin)} err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0) return int(ioDesc.Len), err } diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go index 8ea6e96100a..cbe12227896 100644 --- a/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go +++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go @@ -57,7 +57,7 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno) func PtraceIO(req int, pid int, addr uintptr, out []byte, countin int) (count int, err error) { - ioDesc := PtraceIoDesc{Op: int32(req), Offs: (*byte)(unsafe.Pointer(addr)), Addr: (*byte)(unsafe.Pointer(&out[0])), Len: uint64(countin)} + ioDesc := PtraceIoDesc{Op: int32(req), Offs: uintptr(unsafe.Pointer(addr)), Addr: uintptr(unsafe.Pointer(&out[0])), Len: uint64(countin)} err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0) return int(ioDesc.Len), err } diff --git a/vendor/golang.org/x/sys/unix/syscall_linux.go b/vendor/golang.org/x/sys/unix/syscall_linux.go index 5e4a94f7311..e044d5b546b 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux.go @@ -13,6 +13,7 @@ package unix import ( "encoding/binary" + "strconv" "syscall" "time" "unsafe" @@ -233,7 +234,7 @@ func Futimesat(dirfd int, path string, tv []Timeval) error { func Futimes(fd int, tv []Timeval) (err error) { // Believe it or not, this is the best we can do on Linux // (and is what glibc does). - return Utimes("/proc/self/fd/"+itoa(fd), tv) + return Utimes("/proc/self/fd/"+strconv.Itoa(fd), tv) } const ImplementsGetwd = true @@ -1541,7 +1542,7 @@ func sendmsgN(fd int, iov []Iovec, oob []byte, ptr unsafe.Pointer, salen _Sockle var dummy byte var empty bool if len(oob) > 0 { - empty := emptyIovecs(iov) + empty = emptyIovecs(iov) if empty { var sockType int sockType, err = GetsockoptInt(fd, SOL_SOCKET, SO_TYPE) @@ -1891,17 +1892,28 @@ func PrctlRetInt(option int, arg2 uintptr, arg3 uintptr, arg4 uintptr, arg5 uint return int(ret), nil } -// issue 1435. -// On linux Setuid and Setgid only affects the current thread, not the process. -// This does not match what most callers expect so we must return an error -// here rather than letting the caller think that the call succeeded. - func Setuid(uid int) (err error) { - return EOPNOTSUPP + return syscall.Setuid(uid) +} + +func Setgid(gid int) (err error) { + return syscall.Setgid(gid) +} + +func Setreuid(ruid, euid int) (err error) { + return syscall.Setreuid(ruid, euid) +} + +func Setregid(rgid, egid int) (err error) { + return syscall.Setregid(rgid, egid) } -func Setgid(uid int) (err error) { - return EOPNOTSUPP +func Setresuid(ruid, euid, suid int) (err error) { + return syscall.Setresuid(ruid, euid, suid) +} + +func Setresgid(rgid, egid, sgid int) (err error) { + return syscall.Setresgid(rgid, egid, sgid) } // SetfsgidRetGid sets fsgid for current thread and returns previous fsgid set. @@ -2240,7 +2252,7 @@ func (fh *FileHandle) Bytes() []byte { if n == 0 { return nil } - return (*[1 << 30]byte)(unsafe.Pointer(uintptr(unsafe.Pointer(&fh.fileHandle.Type)) + 4))[:n:n] + return unsafe.Slice((*byte)(unsafe.Pointer(uintptr(unsafe.Pointer(&fh.fileHandle.Type))+4)), n) } // NameToHandleAt wraps the name_to_handle_at system call; it obtains @@ -2356,6 +2368,16 @@ func Setitimer(which ItimerWhich, it Itimerval) (Itimerval, error) { return prev, nil } +//sysnb rtSigprocmask(how int, set *Sigset_t, oldset *Sigset_t, sigsetsize uintptr) (err error) = SYS_RT_SIGPROCMASK + +func PthreadSigmask(how int, set, oldset *Sigset_t) error { + if oldset != nil { + // Explicitly clear in case Sigset_t is larger than _C__NSIG. + *oldset = Sigset_t{} + } + return rtSigprocmask(how, set, oldset, _C__NSIG/8) +} + /* * Unimplemented */ @@ -2414,7 +2436,6 @@ func Setitimer(which ItimerWhich, it Itimerval) (Itimerval, error) { // RestartSyscall // RtSigaction // RtSigpending -// RtSigprocmask // RtSigqueueinfo // RtSigreturn // RtSigsuspend diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_386.go b/vendor/golang.org/x/sys/unix/syscall_linux_386.go index 518e476e6dd..ff5b5899d6d 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_386.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_386.go @@ -41,10 +41,6 @@ func setTimeval(sec, usec int64) Timeval { //sys sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) = SYS_SENDFILE64 //sys setfsgid(gid int) (prev int, err error) = SYS_SETFSGID32 //sys setfsuid(uid int) (prev int, err error) = SYS_SETFSUID32 -//sysnb Setregid(rgid int, egid int) (err error) = SYS_SETREGID32 -//sysnb Setresgid(rgid int, egid int, sgid int) (err error) = SYS_SETRESGID32 -//sysnb Setresuid(ruid int, euid int, suid int) (err error) = SYS_SETRESUID32 -//sysnb Setreuid(ruid int, euid int) (err error) = SYS_SETREUID32 //sys Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int, err error) //sys Stat(path string, stat *Stat_t) (err error) = SYS_STAT64 //sys SyncFileRange(fd int, off int64, n int64, flags int) (err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go b/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go index f5e9d6bef10..9b270353298 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go @@ -46,11 +46,7 @@ func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err //sys sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) //sys setfsgid(gid int) (prev int, err error) //sys setfsuid(uid int) (prev int, err error) -//sysnb Setregid(rgid int, egid int) (err error) -//sysnb Setresgid(rgid int, egid int, sgid int) (err error) -//sysnb Setresuid(ruid int, euid int, suid int) (err error) //sysnb Setrlimit(resource int, rlim *Rlimit) (err error) -//sysnb Setreuid(ruid int, euid int) (err error) //sys Shutdown(fd int, how int) (err error) //sys Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_arm.go b/vendor/golang.org/x/sys/unix/syscall_linux_arm.go index c1a7778f105..856ad1d635c 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_arm.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_arm.go @@ -62,10 +62,6 @@ func Seek(fd int, offset int64, whence int) (newoffset int64, err error) { //sys Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) = SYS__NEWSELECT //sys setfsgid(gid int) (prev int, err error) = SYS_SETFSGID32 //sys setfsuid(uid int) (prev int, err error) = SYS_SETFSUID32 -//sysnb Setregid(rgid int, egid int) (err error) = SYS_SETREGID32 -//sysnb Setresgid(rgid int, egid int, sgid int) (err error) = SYS_SETRESGID32 -//sysnb Setresuid(ruid int, euid int, suid int) (err error) = SYS_SETRESUID32 -//sysnb Setreuid(ruid int, euid int) (err error) = SYS_SETREUID32 //sys Shutdown(fd int, how int) (err error) //sys Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int, err error) //sys Stat(path string, stat *Stat_t) (err error) = SYS_STAT64 diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go b/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go index d83e2c65716..6422704bc52 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go @@ -39,11 +39,7 @@ func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err //sys sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) //sys setfsgid(gid int) (prev int, err error) //sys setfsuid(uid int) (prev int, err error) -//sysnb Setregid(rgid int, egid int) (err error) -//sysnb Setresgid(rgid int, egid int, sgid int) (err error) -//sysnb Setresuid(ruid int, euid int, suid int) (err error) //sysnb setrlimit(resource int, rlim *Rlimit) (err error) -//sysnb Setreuid(ruid int, euid int) (err error) //sys Shutdown(fd int, how int) (err error) //sys Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go b/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go index 0b69c3eff96..59dab510e97 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go @@ -34,10 +34,6 @@ func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err //sys sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) //sys setfsgid(gid int) (prev int, err error) //sys setfsuid(uid int) (prev int, err error) -//sysnb Setregid(rgid int, egid int) (err error) -//sysnb Setresgid(rgid int, egid int, sgid int) (err error) -//sysnb Setresuid(ruid int, euid int, suid int) (err error) -//sysnb Setreuid(ruid int, euid int) (err error) //sys Shutdown(fd int, how int) (err error) //sys Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go b/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go index 98a2660b91f..bfef09a39eb 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go @@ -37,11 +37,7 @@ func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err //sys sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) //sys setfsgid(gid int) (prev int, err error) //sys setfsuid(uid int) (prev int, err error) -//sysnb Setregid(rgid int, egid int) (err error) -//sysnb Setresgid(rgid int, egid int, sgid int) (err error) -//sysnb Setresuid(ruid int, euid int, suid int) (err error) //sysnb Setrlimit(resource int, rlim *Rlimit) (err error) -//sysnb Setreuid(ruid int, euid int) (err error) //sys Shutdown(fd int, how int) (err error) //sys Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error) //sys Statfs(path string, buf *Statfs_t) (err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go b/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go index b8a18c0ad22..ab302509663 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go @@ -32,10 +32,6 @@ func Syscall9(trap, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, //sys sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) = SYS_SENDFILE64 //sys setfsgid(gid int) (prev int, err error) //sys setfsuid(uid int) (prev int, err error) -//sysnb Setregid(rgid int, egid int) (err error) -//sysnb Setresgid(rgid int, egid int, sgid int) (err error) -//sysnb Setresuid(ruid int, euid int, suid int) (err error) -//sysnb Setreuid(ruid int, euid int) (err error) //sys Shutdown(fd int, how int) (err error) //sys Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int, err error) //sys SyncFileRange(fd int, off int64, n int64, flags int) (err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go b/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go index 4ed9e67c6df..eac1cf1acc8 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go @@ -34,10 +34,6 @@ import ( //sys sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) = SYS_SENDFILE64 //sys setfsgid(gid int) (prev int, err error) //sys setfsuid(uid int) (prev int, err error) -//sysnb Setregid(rgid int, egid int) (err error) -//sysnb Setresgid(rgid int, egid int, sgid int) (err error) -//sysnb Setresuid(ruid int, euid int, suid int) (err error) -//sysnb Setreuid(ruid int, euid int) (err error) //sys Shutdown(fd int, how int) (err error) //sys Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int, err error) //sys Stat(path string, stat *Stat_t) (err error) = SYS_STAT64 diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go b/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go index db63d384c5b..4df56616b8f 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go @@ -34,11 +34,7 @@ package unix //sys sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) //sys setfsgid(gid int) (prev int, err error) //sys setfsuid(uid int) (prev int, err error) -//sysnb Setregid(rgid int, egid int) (err error) -//sysnb Setresgid(rgid int, egid int, sgid int) (err error) -//sysnb Setresuid(ruid int, euid int, suid int) (err error) //sysnb Setrlimit(resource int, rlim *Rlimit) (err error) -//sysnb Setreuid(ruid int, euid int) (err error) //sys Shutdown(fd int, how int) (err error) //sys Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error) //sys Stat(path string, stat *Stat_t) (err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go b/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go index 925a748a39b..5f4243dea2c 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go @@ -38,11 +38,7 @@ func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err //sys sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) //sys setfsgid(gid int) (prev int, err error) //sys setfsuid(uid int) (prev int, err error) -//sysnb Setregid(rgid int, egid int) (err error) -//sysnb Setresgid(rgid int, egid int, sgid int) (err error) -//sysnb Setresuid(ruid int, euid int, suid int) (err error) //sysnb Setrlimit(resource int, rlim *Rlimit) (err error) -//sysnb Setreuid(ruid int, euid int) (err error) //sys Shutdown(fd int, how int) (err error) //sys Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go b/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go index 6fcf277b0d7..d0a7d406685 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go @@ -34,11 +34,7 @@ import ( //sys sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) //sys setfsgid(gid int) (prev int, err error) //sys setfsuid(uid int) (prev int, err error) -//sysnb Setregid(rgid int, egid int) (err error) -//sysnb Setresgid(rgid int, egid int, sgid int) (err error) -//sysnb Setresuid(ruid int, euid int, suid int) (err error) //sysnb Setrlimit(resource int, rlim *Rlimit) (err error) -//sysnb Setreuid(ruid int, euid int) (err error) //sys Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error) //sys Stat(path string, stat *Stat_t) (err error) //sys Statfs(path string, buf *Statfs_t) (err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go b/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go index 02a45d9cc06..f5c793be26d 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go @@ -31,11 +31,7 @@ package unix //sys sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) //sys setfsgid(gid int) (prev int, err error) //sys setfsuid(uid int) (prev int, err error) -//sysnb Setregid(rgid int, egid int) (err error) -//sysnb Setresgid(rgid int, egid int, sgid int) (err error) -//sysnb Setresuid(ruid int, euid int, suid int) (err error) //sysnb Setrlimit(resource int, rlim *Rlimit) (err error) -//sysnb Setreuid(ruid int, euid int) (err error) //sys Shutdown(fd int, how int) (err error) //sys Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error) //sys Stat(path string, stat *Stat_t) (err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_openbsd_libc.go b/vendor/golang.org/x/sys/unix/syscall_openbsd_libc.go new file mode 100644 index 00000000000..5930a8972b1 --- /dev/null +++ b/vendor/golang.org/x/sys/unix/syscall_openbsd_libc.go @@ -0,0 +1,27 @@ +// Copyright 2022 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build (openbsd && 386) || (openbsd && amd64) || (openbsd && arm) || (openbsd && arm64) +// +build openbsd,386 openbsd,amd64 openbsd,arm openbsd,arm64 + +package unix + +import _ "unsafe" + +// Implemented in the runtime package (runtime/sys_openbsd3.go) +func syscall_syscall(fn, a1, a2, a3 uintptr) (r1, r2 uintptr, err Errno) +func syscall_syscall6(fn, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2 uintptr, err Errno) +func syscall_syscall10(fn, a1, a2, a3, a4, a5, a6, a7, a8, a9, a10 uintptr) (r1, r2 uintptr, err Errno) +func syscall_rawSyscall(fn, a1, a2, a3 uintptr) (r1, r2 uintptr, err Errno) +func syscall_rawSyscall6(fn, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2 uintptr, err Errno) + +//go:linkname syscall_syscall syscall.syscall +//go:linkname syscall_syscall6 syscall.syscall6 +//go:linkname syscall_syscall10 syscall.syscall10 +//go:linkname syscall_rawSyscall syscall.rawSyscall +//go:linkname syscall_rawSyscall6 syscall.rawSyscall6 + +func syscall_syscall9(fn, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err Errno) { + return syscall_syscall10(fn, a1, a2, a3, a4, a5, a6, a7, a8, a9, 0) +} diff --git a/vendor/golang.org/x/sys/unix/syscall_solaris.go b/vendor/golang.org/x/sys/unix/syscall_solaris.go index b5ec457cdcc..8c6f4092abe 100644 --- a/vendor/golang.org/x/sys/unix/syscall_solaris.go +++ b/vendor/golang.org/x/sys/unix/syscall_solaris.go @@ -750,8 +750,8 @@ type EventPort struct { // we should handle things gracefully. To do so, we need to keep an extra // reference to the cookie around until the event is processed // thus the otherwise seemingly extraneous "cookies" map - // The key of this map is a pointer to the corresponding &fCookie.cookie - cookies map[*interface{}]*fileObjCookie + // The key of this map is a pointer to the corresponding fCookie + cookies map[*fileObjCookie]struct{} } // PortEvent is an abstraction of the port_event C struct. @@ -778,7 +778,7 @@ func NewEventPort() (*EventPort, error) { port: port, fds: make(map[uintptr]*fileObjCookie), paths: make(map[string]*fileObjCookie), - cookies: make(map[*interface{}]*fileObjCookie), + cookies: make(map[*fileObjCookie]struct{}), } return e, nil } @@ -799,6 +799,7 @@ func (e *EventPort) Close() error { } e.fds = nil e.paths = nil + e.cookies = nil return nil } @@ -826,17 +827,16 @@ func (e *EventPort) AssociatePath(path string, stat os.FileInfo, events int, coo if _, found := e.paths[path]; found { return fmt.Errorf("%v is already associated with this Event Port", path) } - fobj, err := createFileObj(path, stat) + fCookie, err := createFileObjCookie(path, stat, cookie) if err != nil { return err } - fCookie := &fileObjCookie{fobj, cookie} - _, err = port_associate(e.port, PORT_SOURCE_FILE, uintptr(unsafe.Pointer(fobj)), events, (*byte)(unsafe.Pointer(&fCookie.cookie))) + _, err = port_associate(e.port, PORT_SOURCE_FILE, uintptr(unsafe.Pointer(fCookie.fobj)), events, (*byte)(unsafe.Pointer(fCookie))) if err != nil { return err } e.paths[path] = fCookie - e.cookies[&fCookie.cookie] = fCookie + e.cookies[fCookie] = struct{}{} return nil } @@ -858,7 +858,7 @@ func (e *EventPort) DissociatePath(path string) error { if err == nil { // dissociate was successful, safe to delete the cookie fCookie := e.paths[path] - delete(e.cookies, &fCookie.cookie) + delete(e.cookies, fCookie) } delete(e.paths, path) return err @@ -871,13 +871,16 @@ func (e *EventPort) AssociateFd(fd uintptr, events int, cookie interface{}) erro if _, found := e.fds[fd]; found { return fmt.Errorf("%v is already associated with this Event Port", fd) } - fCookie := &fileObjCookie{nil, cookie} - _, err := port_associate(e.port, PORT_SOURCE_FD, fd, events, (*byte)(unsafe.Pointer(&fCookie.cookie))) + fCookie, err := createFileObjCookie("", nil, cookie) + if err != nil { + return err + } + _, err = port_associate(e.port, PORT_SOURCE_FD, fd, events, (*byte)(unsafe.Pointer(fCookie))) if err != nil { return err } e.fds[fd] = fCookie - e.cookies[&fCookie.cookie] = fCookie + e.cookies[fCookie] = struct{}{} return nil } @@ -896,27 +899,31 @@ func (e *EventPort) DissociateFd(fd uintptr) error { if err == nil { // dissociate was successful, safe to delete the cookie fCookie := e.fds[fd] - delete(e.cookies, &fCookie.cookie) + delete(e.cookies, fCookie) } delete(e.fds, fd) return err } -func createFileObj(name string, stat os.FileInfo) (*fileObj, error) { - fobj := new(fileObj) - bs, err := ByteSliceFromString(name) - if err != nil { - return nil, err - } - fobj.Name = (*int8)(unsafe.Pointer(&bs[0])) - s := stat.Sys().(*syscall.Stat_t) - fobj.Atim.Sec = s.Atim.Sec - fobj.Atim.Nsec = s.Atim.Nsec - fobj.Mtim.Sec = s.Mtim.Sec - fobj.Mtim.Nsec = s.Mtim.Nsec - fobj.Ctim.Sec = s.Ctim.Sec - fobj.Ctim.Nsec = s.Ctim.Nsec - return fobj, nil +func createFileObjCookie(name string, stat os.FileInfo, cookie interface{}) (*fileObjCookie, error) { + fCookie := new(fileObjCookie) + fCookie.cookie = cookie + if name != "" && stat != nil { + fCookie.fobj = new(fileObj) + bs, err := ByteSliceFromString(name) + if err != nil { + return nil, err + } + fCookie.fobj.Name = (*int8)(unsafe.Pointer(&bs[0])) + s := stat.Sys().(*syscall.Stat_t) + fCookie.fobj.Atim.Sec = s.Atim.Sec + fCookie.fobj.Atim.Nsec = s.Atim.Nsec + fCookie.fobj.Mtim.Sec = s.Mtim.Sec + fCookie.fobj.Mtim.Nsec = s.Mtim.Nsec + fCookie.fobj.Ctim.Sec = s.Ctim.Sec + fCookie.fobj.Ctim.Nsec = s.Ctim.Nsec + } + return fCookie, nil } // GetOne wraps port_get(3c) and returns a single PortEvent. @@ -929,44 +936,50 @@ func (e *EventPort) GetOne(t *Timespec) (*PortEvent, error) { p := new(PortEvent) e.mu.Lock() defer e.mu.Unlock() - e.peIntToExt(pe, p) + err = e.peIntToExt(pe, p) + if err != nil { + return nil, err + } return p, nil } // peIntToExt converts a cgo portEvent struct into the friendlier PortEvent // NOTE: Always call this function while holding the e.mu mutex -func (e *EventPort) peIntToExt(peInt *portEvent, peExt *PortEvent) { +func (e *EventPort) peIntToExt(peInt *portEvent, peExt *PortEvent) error { + if e.cookies == nil { + return fmt.Errorf("this EventPort is already closed") + } peExt.Events = peInt.Events peExt.Source = peInt.Source - cookie := (*interface{})(unsafe.Pointer(peInt.User)) - peExt.Cookie = *cookie + fCookie := (*fileObjCookie)(unsafe.Pointer(peInt.User)) + _, found := e.cookies[fCookie] + + if !found { + panic("unexpected event port address; may be due to kernel bug; see https://go.dev/issue/54254") + } + peExt.Cookie = fCookie.cookie + delete(e.cookies, fCookie) + switch peInt.Source { case PORT_SOURCE_FD: - delete(e.cookies, cookie) peExt.Fd = uintptr(peInt.Object) // Only remove the fds entry if it exists and this cookie matches if fobj, ok := e.fds[peExt.Fd]; ok { - if &fobj.cookie == cookie { + if fobj == fCookie { delete(e.fds, peExt.Fd) } } case PORT_SOURCE_FILE: - if fCookie, ok := e.cookies[cookie]; ok && uintptr(unsafe.Pointer(fCookie.fobj)) == uintptr(peInt.Object) { - // Use our stashed reference rather than using unsafe on what we got back - // the unsafe version would be (*fileObj)(unsafe.Pointer(uintptr(peInt.Object))) - peExt.fobj = fCookie.fobj - } else { - panic("mismanaged memory") - } - delete(e.cookies, cookie) + peExt.fobj = fCookie.fobj peExt.Path = BytePtrToString((*byte)(unsafe.Pointer(peExt.fobj.Name))) // Only remove the paths entry if it exists and this cookie matches if fobj, ok := e.paths[peExt.Path]; ok { - if &fobj.cookie == cookie { + if fobj == fCookie { delete(e.paths, peExt.Path) } } } + return nil } // Pending wraps port_getn(3c) and returns how many events are pending. @@ -990,7 +1003,7 @@ func (e *EventPort) Get(s []PortEvent, min int, timeout *Timespec) (int, error) got := uint32(min) max := uint32(len(s)) var err error - ps := make([]portEvent, max, max) + ps := make([]portEvent, max) _, err = port_getn(e.port, &ps[0], max, &got, timeout) // got will be trustworthy with ETIME, but not any other error. if err != nil && err != ETIME { @@ -998,8 +1011,18 @@ func (e *EventPort) Get(s []PortEvent, min int, timeout *Timespec) (int, error) } e.mu.Lock() defer e.mu.Unlock() + valid := 0 for i := 0; i < int(got); i++ { - e.peIntToExt(&ps[i], &s[i]) + err2 := e.peIntToExt(&ps[i], &s[i]) + if err2 != nil { + if valid == 0 && err == nil { + // If err2 is the only error and there are no valid events + // to return, return it to the caller. + err = err2 + } + break + } + valid = i + 1 } - return int(got), err + return valid, err } diff --git a/vendor/golang.org/x/sys/unix/syscall_unix.go b/vendor/golang.org/x/sys/unix/syscall_unix.go index 1ff5060b512..00bafda8654 100644 --- a/vendor/golang.org/x/sys/unix/syscall_unix.go +++ b/vendor/golang.org/x/sys/unix/syscall_unix.go @@ -13,8 +13,6 @@ import ( "sync" "syscall" "unsafe" - - "golang.org/x/sys/internal/unsafeheader" ) var ( @@ -117,11 +115,7 @@ func (m *mmapper) Mmap(fd int, offset int64, length int, prot int, flags int) (d } // Use unsafe to convert addr into a []byte. - var b []byte - hdr := (*unsafeheader.Slice)(unsafe.Pointer(&b)) - hdr.Data = unsafe.Pointer(addr) - hdr.Cap = length - hdr.Len = length + b := unsafe.Slice((*byte)(unsafe.Pointer(addr)), length) // Register mapping in m and return it. p := &b[cap(b)-1] @@ -429,11 +423,15 @@ func Send(s int, buf []byte, flags int) (err error) { } func Sendto(fd int, p []byte, flags int, to Sockaddr) (err error) { - ptr, n, err := to.sockaddr() - if err != nil { - return err + var ptr unsafe.Pointer + var salen _Socklen + if to != nil { + ptr, salen, err = to.sockaddr() + if err != nil { + return err + } } - return sendto(fd, p, flags, ptr, n) + return sendto(fd, p, flags, ptr, salen) } func SetsockoptByte(fd, level, opt int, value byte) (err error) { diff --git a/vendor/golang.org/x/sys/unix/sysvshm_unix.go b/vendor/golang.org/x/sys/unix/sysvshm_unix.go index 0bb4c8de557..5bb41d17bc4 100644 --- a/vendor/golang.org/x/sys/unix/sysvshm_unix.go +++ b/vendor/golang.org/x/sys/unix/sysvshm_unix.go @@ -7,11 +7,7 @@ package unix -import ( - "unsafe" - - "golang.org/x/sys/internal/unsafeheader" -) +import "unsafe" // SysvShmAttach attaches the Sysv shared memory segment associated with the // shared memory identifier id. @@ -34,12 +30,7 @@ func SysvShmAttach(id int, addr uintptr, flag int) ([]byte, error) { } // Use unsafe to convert addr into a []byte. - // TODO: convert to unsafe.Slice once we can assume Go 1.17 - var b []byte - hdr := (*unsafeheader.Slice)(unsafe.Pointer(&b)) - hdr.Data = unsafe.Pointer(addr) - hdr.Cap = int(info.Segsz) - hdr.Len = int(info.Segsz) + b := unsafe.Slice((*byte)(unsafe.Pointer(addr)), int(info.Segsz)) return b, nil } diff --git a/vendor/golang.org/x/sys/unix/xattr_bsd.go b/vendor/golang.org/x/sys/unix/xattr_bsd.go index 25df1e37801..663b3779de2 100644 --- a/vendor/golang.org/x/sys/unix/xattr_bsd.go +++ b/vendor/golang.org/x/sys/unix/xattr_bsd.go @@ -160,13 +160,12 @@ func Lremovexattr(link string, attr string) (err error) { } func Listxattr(file string, dest []byte) (sz int, err error) { - d := initxattrdest(dest, 0) destsiz := len(dest) // FreeBSD won't allow you to list xattrs from multiple namespaces - s := 0 + s, pos := 0, 0 for _, nsid := range [...]int{EXTATTR_NAMESPACE_USER, EXTATTR_NAMESPACE_SYSTEM} { - stmp, e := ExtattrListFile(file, nsid, uintptr(d), destsiz) + stmp, e := ListxattrNS(file, nsid, dest[pos:]) /* Errors accessing system attrs are ignored so that * we can implement the Linux-like behavior of omitting errors that @@ -175,66 +174,102 @@ func Listxattr(file string, dest []byte) (sz int, err error) { * Linux will still error if we ask for user attributes on a file that * we don't have read permissions on, so don't ignore those errors */ - if e != nil && e == EPERM && nsid != EXTATTR_NAMESPACE_USER { - continue - } else if e != nil { + if e != nil { + if e == EPERM && nsid != EXTATTR_NAMESPACE_USER { + continue + } return s, e } s += stmp - destsiz -= s - if destsiz < 0 { - destsiz = 0 + pos = s + if pos > destsiz { + pos = destsiz } - d = initxattrdest(dest, s) } return s, nil } -func Flistxattr(fd int, dest []byte) (sz int, err error) { +func ListxattrNS(file string, nsid int, dest []byte) (sz int, err error) { d := initxattrdest(dest, 0) destsiz := len(dest) - s := 0 + s, e := ExtattrListFile(file, nsid, uintptr(d), destsiz) + if e != nil { + return 0, err + } + + return s, nil +} + +func Flistxattr(fd int, dest []byte) (sz int, err error) { + destsiz := len(dest) + + s, pos := 0, 0 for _, nsid := range [...]int{EXTATTR_NAMESPACE_USER, EXTATTR_NAMESPACE_SYSTEM} { - stmp, e := ExtattrListFd(fd, nsid, uintptr(d), destsiz) - if e != nil && e == EPERM && nsid != EXTATTR_NAMESPACE_USER { - continue - } else if e != nil { + stmp, e := FlistxattrNS(fd, nsid, dest[pos:]) + + if e != nil { + if e == EPERM && nsid != EXTATTR_NAMESPACE_USER { + continue + } return s, e } s += stmp - destsiz -= s - if destsiz < 0 { - destsiz = 0 + pos = s + if pos > destsiz { + pos = destsiz } - d = initxattrdest(dest, s) } return s, nil } -func Llistxattr(link string, dest []byte) (sz int, err error) { +func FlistxattrNS(fd int, nsid int, dest []byte) (sz int, err error) { d := initxattrdest(dest, 0) destsiz := len(dest) - s := 0 + s, e := ExtattrListFd(fd, nsid, uintptr(d), destsiz) + if e != nil { + return 0, err + } + + return s, nil +} + +func Llistxattr(link string, dest []byte) (sz int, err error) { + destsiz := len(dest) + + s, pos := 0, 0 for _, nsid := range [...]int{EXTATTR_NAMESPACE_USER, EXTATTR_NAMESPACE_SYSTEM} { - stmp, e := ExtattrListLink(link, nsid, uintptr(d), destsiz) - if e != nil && e == EPERM && nsid != EXTATTR_NAMESPACE_USER { - continue - } else if e != nil { + stmp, e := LlistxattrNS(link, nsid, dest[pos:]) + + if e != nil { + if e == EPERM && nsid != EXTATTR_NAMESPACE_USER { + continue + } return s, e } s += stmp - destsiz -= s - if destsiz < 0 { - destsiz = 0 + pos = s + if pos > destsiz { + pos = destsiz } - d = initxattrdest(dest, s) + } + + return s, nil +} + +func LlistxattrNS(link string, nsid int, dest []byte) (sz int, err error) { + d := initxattrdest(dest, 0) + destsiz := len(dest) + + s, e := ExtattrListLink(link, nsid, uintptr(d), destsiz) + if e != nil { + return 0, err } return s, nil diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux.go b/vendor/golang.org/x/sys/unix/zerrors_linux.go index b0d6c27386c..785d693eb32 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux.go @@ -2940,6 +2940,7 @@ const ( SOL_RAW = 0xff SOL_RDS = 0x114 SOL_RXRPC = 0x110 + SOL_SMC = 0x11e SOL_TCP = 0x6 SOL_TIPC = 0x10f SOL_TLS = 0x11a diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go index 274e2dabdfe..36c0dfc7c4c 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go @@ -1,11 +1,11 @@ -// mkerrors.sh -Wall -Werror -static -I/tmp/include -m32 +// mkerrors.sh -Wall -Werror -static -I/tmp/386/include -m32 // Code generated by the command above; see README.md. DO NOT EDIT. //go:build 386 && linux // +build 386,linux // Code generated by cmd/cgo -godefs; DO NOT EDIT. -// cgo -godefs -- -Wall -Werror -static -I/tmp/include -m32 _const.go +// cgo -godefs -- -Wall -Werror -static -I/tmp/386/include -m32 _const.go package unix diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go index 95b6eeedfec..4ff942703b7 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go @@ -1,11 +1,11 @@ -// mkerrors.sh -Wall -Werror -static -I/tmp/include -m64 +// mkerrors.sh -Wall -Werror -static -I/tmp/amd64/include -m64 // Code generated by the command above; see README.md. DO NOT EDIT. //go:build amd64 && linux // +build amd64,linux // Code generated by cmd/cgo -godefs; DO NOT EDIT. -// cgo -godefs -- -Wall -Werror -static -I/tmp/include -m64 _const.go +// cgo -godefs -- -Wall -Werror -static -I/tmp/amd64/include -m64 _const.go package unix diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go index 918cd130ec8..3eaa0fb78e3 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go @@ -1,11 +1,11 @@ -// mkerrors.sh -Wall -Werror -static -I/tmp/include +// mkerrors.sh -Wall -Werror -static -I/tmp/arm/include // Code generated by the command above; see README.md. DO NOT EDIT. //go:build arm && linux // +build arm,linux // Code generated by cmd/cgo -godefs; DO NOT EDIT. -// cgo -godefs -- -Wall -Werror -static -I/tmp/include _const.go +// cgo -godefs -- -Wall -Werror -static -I/tmp/arm/include _const.go package unix diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go index 3907dc5a90e..d7995bdc3a2 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go @@ -1,11 +1,11 @@ -// mkerrors.sh -Wall -Werror -static -I/tmp/include -fsigned-char +// mkerrors.sh -Wall -Werror -static -I/tmp/arm64/include -fsigned-char // Code generated by the command above; see README.md. DO NOT EDIT. //go:build arm64 && linux // +build arm64,linux // Code generated by cmd/cgo -godefs; DO NOT EDIT. -// cgo -godefs -- -Wall -Werror -static -I/tmp/include -fsigned-char _const.go +// cgo -godefs -- -Wall -Werror -static -I/tmp/arm64/include -fsigned-char _const.go package unix diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go index 03d5c105a38..928e24c2053 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go @@ -1,11 +1,11 @@ -// mkerrors.sh -Wall -Werror -static -I/tmp/include +// mkerrors.sh -Wall -Werror -static -I/tmp/loong64/include // Code generated by the command above; see README.md. DO NOT EDIT. //go:build loong64 && linux // +build loong64,linux // Code generated by cmd/cgo -godefs; DO NOT EDIT. -// cgo -godefs -- -Wall -Werror -static -I/tmp/include _const.go +// cgo -godefs -- -Wall -Werror -static -I/tmp/loong64/include _const.go package unix diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go index bd794e0108e..179bffb474b 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go @@ -1,11 +1,11 @@ -// mkerrors.sh -Wall -Werror -static -I/tmp/include +// mkerrors.sh -Wall -Werror -static -I/tmp/mips/include // Code generated by the command above; see README.md. DO NOT EDIT. //go:build mips && linux // +build mips,linux // Code generated by cmd/cgo -godefs; DO NOT EDIT. -// cgo -godefs -- -Wall -Werror -static -I/tmp/include _const.go +// cgo -godefs -- -Wall -Werror -static -I/tmp/mips/include _const.go package unix diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go index 6c741b05476..1fba17bd75c 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go @@ -1,11 +1,11 @@ -// mkerrors.sh -Wall -Werror -static -I/tmp/include +// mkerrors.sh -Wall -Werror -static -I/tmp/mips64/include // Code generated by the command above; see README.md. DO NOT EDIT. //go:build mips64 && linux // +build mips64,linux // Code generated by cmd/cgo -godefs; DO NOT EDIT. -// cgo -godefs -- -Wall -Werror -static -I/tmp/include _const.go +// cgo -godefs -- -Wall -Werror -static -I/tmp/mips64/include _const.go package unix diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go index 807b8cd2a8d..b77dde31537 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go @@ -1,11 +1,11 @@ -// mkerrors.sh -Wall -Werror -static -I/tmp/include +// mkerrors.sh -Wall -Werror -static -I/tmp/mips64le/include // Code generated by the command above; see README.md. DO NOT EDIT. //go:build mips64le && linux // +build mips64le,linux // Code generated by cmd/cgo -godefs; DO NOT EDIT. -// cgo -godefs -- -Wall -Werror -static -I/tmp/include _const.go +// cgo -godefs -- -Wall -Werror -static -I/tmp/mips64le/include _const.go package unix diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go index a39e4f5c206..78c6c751bfa 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go @@ -1,11 +1,11 @@ -// mkerrors.sh -Wall -Werror -static -I/tmp/include +// mkerrors.sh -Wall -Werror -static -I/tmp/mipsle/include // Code generated by the command above; see README.md. DO NOT EDIT. //go:build mipsle && linux // +build mipsle,linux // Code generated by cmd/cgo -godefs; DO NOT EDIT. -// cgo -godefs -- -Wall -Werror -static -I/tmp/include _const.go +// cgo -godefs -- -Wall -Werror -static -I/tmp/mipsle/include _const.go package unix diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go index c0fcda86b4c..1c0d31f0b4c 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go @@ -1,11 +1,11 @@ -// mkerrors.sh -Wall -Werror -static -I/tmp/include +// mkerrors.sh -Wall -Werror -static -I/tmp/ppc/include // Code generated by the command above; see README.md. DO NOT EDIT. //go:build ppc && linux // +build ppc,linux // Code generated by cmd/cgo -godefs; DO NOT EDIT. -// cgo -godefs -- -Wall -Werror -static -I/tmp/include _const.go +// cgo -godefs -- -Wall -Werror -static -I/tmp/ppc/include _const.go package unix diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go index f3b72407aa6..959dd9bb8fc 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go @@ -1,11 +1,11 @@ -// mkerrors.sh -Wall -Werror -static -I/tmp/include +// mkerrors.sh -Wall -Werror -static -I/tmp/ppc64/include // Code generated by the command above; see README.md. DO NOT EDIT. //go:build ppc64 && linux // +build ppc64,linux // Code generated by cmd/cgo -godefs; DO NOT EDIT. -// cgo -godefs -- -Wall -Werror -static -I/tmp/include _const.go +// cgo -godefs -- -Wall -Werror -static -I/tmp/ppc64/include _const.go package unix diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go index 72f2a45d503..5a873cdbc9d 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go @@ -1,11 +1,11 @@ -// mkerrors.sh -Wall -Werror -static -I/tmp/include +// mkerrors.sh -Wall -Werror -static -I/tmp/ppc64le/include // Code generated by the command above; see README.md. DO NOT EDIT. //go:build ppc64le && linux // +build ppc64le,linux // Code generated by cmd/cgo -godefs; DO NOT EDIT. -// cgo -godefs -- -Wall -Werror -static -I/tmp/include _const.go +// cgo -godefs -- -Wall -Werror -static -I/tmp/ppc64le/include _const.go package unix diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go index 45b214b4d3a..e336d141e1f 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go @@ -1,11 +1,11 @@ -// mkerrors.sh -Wall -Werror -static -I/tmp/include +// mkerrors.sh -Wall -Werror -static -I/tmp/riscv64/include // Code generated by the command above; see README.md. DO NOT EDIT. //go:build riscv64 && linux // +build riscv64,linux // Code generated by cmd/cgo -godefs; DO NOT EDIT. -// cgo -godefs -- -Wall -Werror -static -I/tmp/include _const.go +// cgo -godefs -- -Wall -Werror -static -I/tmp/riscv64/include _const.go package unix diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go index 1897f207bb3..390c01d92a5 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go @@ -1,11 +1,11 @@ -// mkerrors.sh -Wall -Werror -static -I/tmp/include -fsigned-char +// mkerrors.sh -Wall -Werror -static -I/tmp/s390x/include -fsigned-char // Code generated by the command above; see README.md. DO NOT EDIT. //go:build s390x && linux // +build s390x,linux // Code generated by cmd/cgo -godefs; DO NOT EDIT. -// cgo -godefs -- -Wall -Werror -static -I/tmp/include -fsigned-char _const.go +// cgo -godefs -- -Wall -Werror -static -I/tmp/s390x/include -fsigned-char _const.go package unix diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go index 1fb7a3953a9..98a6e5f11f5 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go @@ -1,11 +1,11 @@ -// mkerrors.sh -Wall -Werror -static -I/tmp/include +// mkerrors.sh -Wall -Werror -static -I/tmp/sparc64/include // Code generated by the command above; see README.md. DO NOT EDIT. //go:build sparc64 && linux // +build sparc64,linux // Code generated by cmd/cgo -godefs; DO NOT EDIT. -// cgo -godefs -- -Wall -Werror -static -I/tmp/include _const.go +// cgo -godefs -- -Wall -Werror -static -I/tmp/sparc64/include _const.go package unix diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.1_13.go b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.1_13.go deleted file mode 100644 index a06eb093242..00000000000 --- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.1_13.go +++ /dev/null @@ -1,40 +0,0 @@ -// go run mksyscall.go -tags darwin,amd64,go1.13 syscall_darwin.1_13.go -// Code generated by the command above; see README.md. DO NOT EDIT. - -//go:build darwin && amd64 && go1.13 -// +build darwin,amd64,go1.13 - -package unix - -import ( - "syscall" - "unsafe" -) - -var _ syscall.Errno - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func closedir(dir uintptr) (err error) { - _, _, e1 := syscall_syscall(libc_closedir_trampoline_addr, uintptr(dir), 0, 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -var libc_closedir_trampoline_addr uintptr - -//go:cgo_import_dynamic libc_closedir closedir "/usr/lib/libSystem.B.dylib" - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func readdir_r(dir uintptr, entry *Dirent, result **Dirent) (res Errno) { - r0, _, _ := syscall_syscall(libc_readdir_r_trampoline_addr, uintptr(dir), uintptr(unsafe.Pointer(entry)), uintptr(unsafe.Pointer(result))) - res = Errno(r0) - return -} - -var libc_readdir_r_trampoline_addr uintptr - -//go:cgo_import_dynamic libc_readdir_r readdir_r "/usr/lib/libSystem.B.dylib" diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.1_13.s b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.1_13.s deleted file mode 100644 index d6c3e25c018..00000000000 --- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.1_13.s +++ /dev/null @@ -1,25 +0,0 @@ -// go run mkasm_darwin.go amd64 -// Code generated by the command above; DO NOT EDIT. - -//go:build go1.13 -// +build go1.13 - -#include "textflag.h" - -TEXT libc_fdopendir_trampoline<>(SB),NOSPLIT,$0-0 - JMP libc_fdopendir(SB) - -GLOBL ·libc_fdopendir_trampoline_addr(SB), RODATA, $8 -DATA ·libc_fdopendir_trampoline_addr(SB)/8, $libc_fdopendir_trampoline<>(SB) - -TEXT libc_closedir_trampoline<>(SB),NOSPLIT,$0-0 - JMP libc_closedir(SB) - -GLOBL ·libc_closedir_trampoline_addr(SB), RODATA, $8 -DATA ·libc_closedir_trampoline_addr(SB)/8, $libc_closedir_trampoline<>(SB) - -TEXT libc_readdir_r_trampoline<>(SB),NOSPLIT,$0-0 - JMP libc_readdir_r(SB) - -GLOBL ·libc_readdir_r_trampoline_addr(SB), RODATA, $8 -DATA ·libc_readdir_r_trampoline_addr(SB)/8, $libc_readdir_r_trampoline<>(SB) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go index 467deed7633..c2461c49679 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go @@ -1,8 +1,8 @@ -// go run mksyscall.go -tags darwin,amd64,go1.12 syscall_bsd.go syscall_darwin.go syscall_darwin_amd64.go +// go run mksyscall.go -tags darwin,amd64 syscall_bsd.go syscall_darwin.go syscall_darwin_amd64.go // Code generated by the command above; see README.md. DO NOT EDIT. -//go:build darwin && amd64 && go1.12 -// +build darwin,amd64,go1.12 +//go:build darwin && amd64 +// +build darwin,amd64 package unix @@ -463,6 +463,32 @@ var libc_munlockall_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func closedir(dir uintptr) (err error) { + _, _, e1 := syscall_syscall(libc_closedir_trampoline_addr, uintptr(dir), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_closedir_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_closedir closedir "/usr/lib/libSystem.B.dylib" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func readdir_r(dir uintptr, entry *Dirent, result **Dirent) (res Errno) { + r0, _, _ := syscall_syscall(libc_readdir_r_trampoline_addr, uintptr(dir), uintptr(unsafe.Pointer(entry)), uintptr(unsafe.Pointer(result))) + res = Errno(r0) + return +} + +var libc_readdir_r_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_readdir_r readdir_r "/usr/lib/libSystem.B.dylib" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func pipe(p *[2]int32) (err error) { _, _, e1 := syscall_rawSyscall(libc_pipe_trampoline_addr, uintptr(unsafe.Pointer(p)), 0, 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s index 7e308a476d9..95fe4c0eb96 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s +++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s @@ -1,11 +1,14 @@ -// go run mkasm_darwin.go amd64 +// go run mkasm.go darwin amd64 // Code generated by the command above; DO NOT EDIT. -//go:build go1.12 -// +build go1.12 - #include "textflag.h" +TEXT libc_fdopendir_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fdopendir(SB) + +GLOBL ·libc_fdopendir_trampoline_addr(SB), RODATA, $8 +DATA ·libc_fdopendir_trampoline_addr(SB)/8, $libc_fdopendir_trampoline<>(SB) + TEXT libc_getgroups_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getgroups(SB) @@ -174,6 +177,18 @@ TEXT libc_munlockall_trampoline<>(SB),NOSPLIT,$0-0 GLOBL ·libc_munlockall_trampoline_addr(SB), RODATA, $8 DATA ·libc_munlockall_trampoline_addr(SB)/8, $libc_munlockall_trampoline<>(SB) +TEXT libc_closedir_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_closedir(SB) + +GLOBL ·libc_closedir_trampoline_addr(SB), RODATA, $8 +DATA ·libc_closedir_trampoline_addr(SB)/8, $libc_closedir_trampoline<>(SB) + +TEXT libc_readdir_r_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_readdir_r(SB) + +GLOBL ·libc_readdir_r_trampoline_addr(SB), RODATA, $8 +DATA ·libc_readdir_r_trampoline_addr(SB)/8, $libc_readdir_r_trampoline<>(SB) + TEXT libc_pipe_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_pipe(SB) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.1_13.go b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.1_13.go deleted file mode 100644 index cec595d553a..00000000000 --- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.1_13.go +++ /dev/null @@ -1,40 +0,0 @@ -// go run mksyscall.go -tags darwin,arm64,go1.13 syscall_darwin.1_13.go -// Code generated by the command above; see README.md. DO NOT EDIT. - -//go:build darwin && arm64 && go1.13 -// +build darwin,arm64,go1.13 - -package unix - -import ( - "syscall" - "unsafe" -) - -var _ syscall.Errno - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func closedir(dir uintptr) (err error) { - _, _, e1 := syscall_syscall(libc_closedir_trampoline_addr, uintptr(dir), 0, 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -var libc_closedir_trampoline_addr uintptr - -//go:cgo_import_dynamic libc_closedir closedir "/usr/lib/libSystem.B.dylib" - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func readdir_r(dir uintptr, entry *Dirent, result **Dirent) (res Errno) { - r0, _, _ := syscall_syscall(libc_readdir_r_trampoline_addr, uintptr(dir), uintptr(unsafe.Pointer(entry)), uintptr(unsafe.Pointer(result))) - res = Errno(r0) - return -} - -var libc_readdir_r_trampoline_addr uintptr - -//go:cgo_import_dynamic libc_readdir_r readdir_r "/usr/lib/libSystem.B.dylib" diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.1_13.s b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.1_13.s deleted file mode 100644 index 357989722cf..00000000000 --- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.1_13.s +++ /dev/null @@ -1,25 +0,0 @@ -// go run mkasm_darwin.go arm64 -// Code generated by the command above; DO NOT EDIT. - -//go:build go1.13 -// +build go1.13 - -#include "textflag.h" - -TEXT libc_fdopendir_trampoline<>(SB),NOSPLIT,$0-0 - JMP libc_fdopendir(SB) - -GLOBL ·libc_fdopendir_trampoline_addr(SB), RODATA, $8 -DATA ·libc_fdopendir_trampoline_addr(SB)/8, $libc_fdopendir_trampoline<>(SB) - -TEXT libc_closedir_trampoline<>(SB),NOSPLIT,$0-0 - JMP libc_closedir(SB) - -GLOBL ·libc_closedir_trampoline_addr(SB), RODATA, $8 -DATA ·libc_closedir_trampoline_addr(SB)/8, $libc_closedir_trampoline<>(SB) - -TEXT libc_readdir_r_trampoline<>(SB),NOSPLIT,$0-0 - JMP libc_readdir_r(SB) - -GLOBL ·libc_readdir_r_trampoline_addr(SB), RODATA, $8 -DATA ·libc_readdir_r_trampoline_addr(SB)/8, $libc_readdir_r_trampoline<>(SB) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go index 35938d34ff8..26a0fdc505b 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go @@ -1,8 +1,8 @@ -// go run mksyscall.go -tags darwin,arm64,go1.12 syscall_bsd.go syscall_darwin.go syscall_darwin_arm64.go +// go run mksyscall.go -tags darwin,arm64 syscall_bsd.go syscall_darwin.go syscall_darwin_arm64.go // Code generated by the command above; see README.md. DO NOT EDIT. -//go:build darwin && arm64 && go1.12 -// +build darwin,arm64,go1.12 +//go:build darwin && arm64 +// +build darwin,arm64 package unix @@ -463,6 +463,32 @@ var libc_munlockall_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func closedir(dir uintptr) (err error) { + _, _, e1 := syscall_syscall(libc_closedir_trampoline_addr, uintptr(dir), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_closedir_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_closedir closedir "/usr/lib/libSystem.B.dylib" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func readdir_r(dir uintptr, entry *Dirent, result **Dirent) (res Errno) { + r0, _, _ := syscall_syscall(libc_readdir_r_trampoline_addr, uintptr(dir), uintptr(unsafe.Pointer(entry)), uintptr(unsafe.Pointer(result))) + res = Errno(r0) + return +} + +var libc_readdir_r_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_readdir_r readdir_r "/usr/lib/libSystem.B.dylib" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func pipe(p *[2]int32) (err error) { _, _, e1 := syscall_rawSyscall(libc_pipe_trampoline_addr, uintptr(unsafe.Pointer(p)), 0, 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s index b09e5bb0e20..efa5b4c987c 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s +++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s @@ -1,11 +1,14 @@ -// go run mkasm_darwin.go arm64 +// go run mkasm.go darwin arm64 // Code generated by the command above; DO NOT EDIT. -//go:build go1.12 -// +build go1.12 - #include "textflag.h" +TEXT libc_fdopendir_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fdopendir(SB) + +GLOBL ·libc_fdopendir_trampoline_addr(SB), RODATA, $8 +DATA ·libc_fdopendir_trampoline_addr(SB)/8, $libc_fdopendir_trampoline<>(SB) + TEXT libc_getgroups_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getgroups(SB) @@ -174,6 +177,18 @@ TEXT libc_munlockall_trampoline<>(SB),NOSPLIT,$0-0 GLOBL ·libc_munlockall_trampoline_addr(SB), RODATA, $8 DATA ·libc_munlockall_trampoline_addr(SB)/8, $libc_munlockall_trampoline<>(SB) +TEXT libc_closedir_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_closedir(SB) + +GLOBL ·libc_closedir_trampoline_addr(SB), RODATA, $8 +DATA ·libc_closedir_trampoline_addr(SB)/8, $libc_closedir_trampoline<>(SB) + +TEXT libc_readdir_r_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_readdir_r(SB) + +GLOBL ·libc_readdir_r_trampoline_addr(SB), RODATA, $8 +DATA ·libc_readdir_r_trampoline_addr(SB)/8, $libc_readdir_r_trampoline<>(SB) + TEXT libc_pipe_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_pipe(SB) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux.go b/vendor/golang.org/x/sys/unix/zsyscall_linux.go index bc4a2753114..293cf36804e 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux.go @@ -2151,3 +2151,13 @@ func setitimer(which int, newValue *Itimerval, oldValue *Itimerval) (err error) } return } + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func rtSigprocmask(how int, set *Sigset_t, oldset *Sigset_t, sigsetsize uintptr) (err error) { + _, _, e1 := RawSyscall6(SYS_RT_SIGPROCMASK, uintptr(how), uintptr(unsafe.Pointer(set)), uintptr(unsafe.Pointer(oldset)), uintptr(sigsetsize), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go index 88af526b7e2..c81b0ad4777 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go @@ -287,46 +287,6 @@ func setfsuid(uid int) (prev int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setregid(rgid int, egid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETREGID32, uintptr(rgid), uintptr(egid), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func Setresgid(rgid int, egid int, sgid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETRESGID32, uintptr(rgid), uintptr(egid), uintptr(sgid)) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func Setresuid(ruid int, euid int, suid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETRESUID32, uintptr(ruid), uintptr(euid), uintptr(suid)) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func Setreuid(ruid int, euid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETREUID32, uintptr(ruid), uintptr(euid), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int, err error) { r0, _, e1 := Syscall6(SYS_SPLICE, uintptr(rfd), uintptr(unsafe.Pointer(roff)), uintptr(wfd), uintptr(unsafe.Pointer(woff)), uintptr(len), uintptr(flags)) n = int(r0) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go index 2a0c4aa6a63..2206bce7f4d 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go @@ -334,36 +334,6 @@ func setfsuid(uid int) (prev int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setregid(rgid int, egid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func Setresgid(rgid int, egid int, sgid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETRESGID, uintptr(rgid), uintptr(egid), uintptr(sgid)) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func Setresuid(ruid int, euid int, suid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETRESUID, uintptr(ruid), uintptr(euid), uintptr(suid)) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Setrlimit(resource int, rlim *Rlimit) (err error) { _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0) if e1 != 0 { @@ -374,16 +344,6 @@ func Setrlimit(resource int, rlim *Rlimit) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setreuid(ruid int, euid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Shutdown(fd int, how int) (err error) { _, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go index 4882bde3af0..edf6b39f161 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go @@ -412,46 +412,6 @@ func setfsuid(uid int) (prev int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setregid(rgid int, egid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETREGID32, uintptr(rgid), uintptr(egid), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func Setresgid(rgid int, egid int, sgid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETRESGID32, uintptr(rgid), uintptr(egid), uintptr(sgid)) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func Setresuid(ruid int, euid int, suid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETRESUID32, uintptr(ruid), uintptr(euid), uintptr(suid)) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func Setreuid(ruid int, euid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETREUID32, uintptr(ruid), uintptr(euid), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Shutdown(fd int, how int) (err error) { _, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go index 9f8c24e4343..190609f2140 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go @@ -289,36 +289,6 @@ func setfsuid(uid int) (prev int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setregid(rgid int, egid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func Setresgid(rgid int, egid int, sgid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETRESGID, uintptr(rgid), uintptr(egid), uintptr(sgid)) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func Setresuid(ruid int, euid int, suid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETRESUID, uintptr(ruid), uintptr(euid), uintptr(suid)) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func setrlimit(resource int, rlim *Rlimit) (err error) { _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0) if e1 != 0 { @@ -329,16 +299,6 @@ func setrlimit(resource int, rlim *Rlimit) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setreuid(ruid int, euid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Shutdown(fd int, how int) (err error) { _, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_loong64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_loong64.go index 523f2ba03e4..806ffd1e125 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_loong64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_loong64.go @@ -223,46 +223,6 @@ func setfsuid(uid int) (prev int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setregid(rgid int, egid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func Setresgid(rgid int, egid int, sgid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETRESGID, uintptr(rgid), uintptr(egid), uintptr(sgid)) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func Setresuid(ruid int, euid int, suid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETRESUID, uintptr(ruid), uintptr(euid), uintptr(suid)) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func Setreuid(ruid int, euid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Shutdown(fd int, how int) (err error) { _, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go index d7d6f42441b..5f984cbb1ca 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go @@ -248,46 +248,6 @@ func setfsuid(uid int) (prev int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setregid(rgid int, egid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func Setresgid(rgid int, egid int, sgid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETRESGID, uintptr(rgid), uintptr(egid), uintptr(sgid)) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func Setresuid(ruid int, euid int, suid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETRESUID, uintptr(ruid), uintptr(euid), uintptr(suid)) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func Setreuid(ruid int, euid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Shutdown(fd int, how int) (err error) { _, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go index 7f1f8e65339..46fc380a40e 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go @@ -278,36 +278,6 @@ func setfsuid(uid int) (prev int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setregid(rgid int, egid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func Setresgid(rgid int, egid int, sgid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETRESGID, uintptr(rgid), uintptr(egid), uintptr(sgid)) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func Setresuid(ruid int, euid int, suid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETRESUID, uintptr(ruid), uintptr(euid), uintptr(suid)) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Setrlimit(resource int, rlim *Rlimit) (err error) { _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0) if e1 != 0 { @@ -318,16 +288,6 @@ func Setrlimit(resource int, rlim *Rlimit) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setreuid(ruid int, euid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Shutdown(fd int, how int) (err error) { _, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go index f933d0f51a1..cbd0d4dadba 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go @@ -278,36 +278,6 @@ func setfsuid(uid int) (prev int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setregid(rgid int, egid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func Setresgid(rgid int, egid int, sgid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETRESGID, uintptr(rgid), uintptr(egid), uintptr(sgid)) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func Setresuid(ruid int, euid int, suid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETRESUID, uintptr(ruid), uintptr(euid), uintptr(suid)) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Setrlimit(resource int, rlim *Rlimit) (err error) { _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0) if e1 != 0 { @@ -318,16 +288,6 @@ func Setrlimit(resource int, rlim *Rlimit) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setreuid(ruid int, euid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Shutdown(fd int, how int) (err error) { _, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go index 297d0a99822..0c13d15f07c 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go @@ -248,46 +248,6 @@ func setfsuid(uid int) (prev int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setregid(rgid int, egid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func Setresgid(rgid int, egid int, sgid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETRESGID, uintptr(rgid), uintptr(egid), uintptr(sgid)) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func Setresuid(ruid int, euid int, suid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETRESUID, uintptr(ruid), uintptr(euid), uintptr(suid)) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func Setreuid(ruid int, euid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Shutdown(fd int, how int) (err error) { _, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go index 2e32e7a449f..e01432aed51 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go @@ -308,46 +308,6 @@ func setfsuid(uid int) (prev int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setregid(rgid int, egid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func Setresgid(rgid int, egid int, sgid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETRESGID, uintptr(rgid), uintptr(egid), uintptr(sgid)) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func Setresuid(ruid int, euid int, suid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETRESUID, uintptr(ruid), uintptr(euid), uintptr(suid)) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func Setreuid(ruid int, euid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Shutdown(fd int, how int) (err error) { _, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go index 3c531704647..13c7ee7baff 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go @@ -349,36 +349,6 @@ func setfsuid(uid int) (prev int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setregid(rgid int, egid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func Setresgid(rgid int, egid int, sgid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETRESGID, uintptr(rgid), uintptr(egid), uintptr(sgid)) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func Setresuid(ruid int, euid int, suid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETRESUID, uintptr(ruid), uintptr(euid), uintptr(suid)) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Setrlimit(resource int, rlim *Rlimit) (err error) { _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0) if e1 != 0 { @@ -389,16 +359,6 @@ func Setrlimit(resource int, rlim *Rlimit) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setreuid(ruid int, euid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Shutdown(fd int, how int) (err error) { _, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go index a00c6744ecb..02d0c0fd61e 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go @@ -349,36 +349,6 @@ func setfsuid(uid int) (prev int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setregid(rgid int, egid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func Setresgid(rgid int, egid int, sgid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETRESGID, uintptr(rgid), uintptr(egid), uintptr(sgid)) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func Setresuid(ruid int, euid int, suid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETRESUID, uintptr(ruid), uintptr(euid), uintptr(suid)) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Setrlimit(resource int, rlim *Rlimit) (err error) { _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0) if e1 != 0 { @@ -389,16 +359,6 @@ func Setrlimit(resource int, rlim *Rlimit) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setreuid(ruid int, euid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Shutdown(fd int, how int) (err error) { _, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go index 1239cc2de9c..9fee3b1d239 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go @@ -269,36 +269,6 @@ func setfsuid(uid int) (prev int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setregid(rgid int, egid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func Setresgid(rgid int, egid int, sgid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETRESGID, uintptr(rgid), uintptr(egid), uintptr(sgid)) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func Setresuid(ruid int, euid int, suid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETRESUID, uintptr(ruid), uintptr(euid), uintptr(suid)) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Setrlimit(resource int, rlim *Rlimit) (err error) { _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0) if e1 != 0 { @@ -309,16 +279,6 @@ func Setrlimit(resource int, rlim *Rlimit) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setreuid(ruid int, euid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Shutdown(fd int, how int) (err error) { _, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go index e0dabc60278..647bbfecd6a 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go @@ -319,36 +319,6 @@ func setfsuid(uid int) (prev int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setregid(rgid int, egid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func Setresgid(rgid int, egid int, sgid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETRESGID, uintptr(rgid), uintptr(egid), uintptr(sgid)) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func Setresuid(ruid int, euid int, suid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETRESUID, uintptr(ruid), uintptr(euid), uintptr(suid)) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Setrlimit(resource int, rlim *Rlimit) (err error) { _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0) if e1 != 0 { @@ -359,16 +329,6 @@ func Setrlimit(resource int, rlim *Rlimit) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setreuid(ruid int, euid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error) { r0, _, e1 := Syscall6(SYS_SPLICE, uintptr(rfd), uintptr(unsafe.Pointer(roff)), uintptr(wfd), uintptr(unsafe.Pointer(woff)), uintptr(len), uintptr(flags)) n = int64(r0) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go index 368623c0f2e..ada057f8914 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go @@ -329,36 +329,6 @@ func setfsuid(uid int) (prev int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setregid(rgid int, egid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func Setresgid(rgid int, egid int, sgid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETRESGID, uintptr(rgid), uintptr(egid), uintptr(sgid)) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func Setresuid(ruid int, euid int, suid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETRESUID, uintptr(ruid), uintptr(euid), uintptr(suid)) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Setrlimit(resource int, rlim *Rlimit) (err error) { _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0) if e1 != 0 { @@ -369,16 +339,6 @@ func Setrlimit(resource int, rlim *Rlimit) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setreuid(ruid int, euid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Shutdown(fd int, how int) (err error) { _, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go index a057fc5d351..2925fe0a7b7 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go @@ -1,4 +1,4 @@ -// go run mksyscall.go -l32 -openbsd -tags openbsd,386 syscall_bsd.go syscall_openbsd.go syscall_openbsd_386.go +// go run mksyscall.go -l32 -openbsd -libc -tags openbsd,386 syscall_bsd.go syscall_openbsd.go syscall_openbsd_386.go // Code generated by the command above; see README.md. DO NOT EDIT. //go:build openbsd && 386 @@ -16,7 +16,7 @@ var _ syscall.Errno // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func getgroups(ngid int, gid *_Gid_t) (n int, err error) { - r0, _, e1 := RawSyscall(SYS_GETGROUPS, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0) + r0, _, e1 := syscall_rawSyscall(libc_getgroups_trampoline_addr, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -24,20 +24,28 @@ func getgroups(ngid int, gid *_Gid_t) (n int, err error) { return } +var libc_getgroups_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getgroups getgroups "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func setgroups(ngid int, gid *_Gid_t) (err error) { - _, _, e1 := RawSyscall(SYS_SETGROUPS, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0) + _, _, e1 := syscall_rawSyscall(libc_setgroups_trampoline_addr, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setgroups_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setgroups setgroups "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err error) { - r0, _, e1 := Syscall6(SYS_WAIT4, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0, 0) + r0, _, e1 := syscall_syscall6(libc_wait4_trampoline_addr, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0, 0) wpid = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -45,10 +53,14 @@ func wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err return } +var libc_wait4_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_wait4 wait4 "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) { - r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) + r0, _, e1 := syscall_syscall(libc_accept_trampoline_addr, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) fd = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -56,30 +68,42 @@ func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) { return } +var libc_accept_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_accept accept "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) { - _, _, e1 := Syscall(SYS_BIND, uintptr(s), uintptr(addr), uintptr(addrlen)) + _, _, e1 := syscall_syscall(libc_bind_trampoline_addr, uintptr(s), uintptr(addr), uintptr(addrlen)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_bind_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_bind bind "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) { - _, _, e1 := Syscall(SYS_CONNECT, uintptr(s), uintptr(addr), uintptr(addrlen)) + _, _, e1 := syscall_syscall(libc_connect_trampoline_addr, uintptr(s), uintptr(addr), uintptr(addrlen)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_connect_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_connect connect "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func socket(domain int, typ int, proto int) (fd int, err error) { - r0, _, e1 := RawSyscall(SYS_SOCKET, uintptr(domain), uintptr(typ), uintptr(proto)) + r0, _, e1 := syscall_rawSyscall(libc_socket_trampoline_addr, uintptr(domain), uintptr(typ), uintptr(proto)) fd = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -87,66 +111,94 @@ func socket(domain int, typ int, proto int) (fd int, err error) { return } +var libc_socket_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_socket socket "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) { - _, _, e1 := Syscall6(SYS_GETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0) + _, _, e1 := syscall_syscall6(libc_getsockopt_trampoline_addr, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_getsockopt_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getsockopt getsockopt "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) { - _, _, e1 := Syscall6(SYS_SETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0) + _, _, e1 := syscall_syscall6(libc_setsockopt_trampoline_addr, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setsockopt_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setsockopt setsockopt "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) { - _, _, e1 := RawSyscall(SYS_GETPEERNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) + _, _, e1 := syscall_rawSyscall(libc_getpeername_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) if e1 != 0 { err = errnoErr(e1) } return } +var libc_getpeername_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getpeername getpeername "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) { - _, _, e1 := RawSyscall(SYS_GETSOCKNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) + _, _, e1 := syscall_rawSyscall(libc_getsockname_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) if e1 != 0 { err = errnoErr(e1) } return } +var libc_getsockname_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getsockname getsockname "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Shutdown(s int, how int) (err error) { - _, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(s), uintptr(how), 0) + _, _, e1 := syscall_syscall(libc_shutdown_trampoline_addr, uintptr(s), uintptr(how), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_shutdown_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_shutdown shutdown "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) { - _, _, e1 := RawSyscall6(SYS_SOCKETPAIR, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0) + _, _, e1 := syscall_rawSyscall6(libc_socketpair_trampoline_addr, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_socketpair_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_socketpair socketpair "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) { @@ -156,7 +208,7 @@ func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Sockl } else { _p0 = unsafe.Pointer(&_zero) } - r0, _, e1 := Syscall6(SYS_RECVFROM, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen))) + r0, _, e1 := syscall_syscall6(libc_recvfrom_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen))) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -164,6 +216,10 @@ func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Sockl return } +var libc_recvfrom_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_recvfrom recvfrom "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) { @@ -173,17 +229,21 @@ func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) ( } else { _p0 = unsafe.Pointer(&_zero) } - _, _, e1 := Syscall6(SYS_SENDTO, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen)) + _, _, e1 := syscall_syscall6(libc_sendto_trampoline_addr, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_sendto_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_sendto sendto "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) { - r0, _, e1 := Syscall(SYS_RECVMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags)) + r0, _, e1 := syscall_syscall(libc_recvmsg_trampoline_addr, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags)) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -191,10 +251,14 @@ func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) { return } +var libc_recvmsg_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_recvmsg recvmsg "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) { - r0, _, e1 := Syscall(SYS_SENDMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags)) + r0, _, e1 := syscall_syscall(libc_sendmsg_trampoline_addr, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags)) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -202,10 +266,14 @@ func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) { return } +var libc_sendmsg_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_sendmsg sendmsg "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func kevent(kq int, change unsafe.Pointer, nchange int, event unsafe.Pointer, nevent int, timeout *Timespec) (n int, err error) { - r0, _, e1 := Syscall6(SYS_KEVENT, uintptr(kq), uintptr(change), uintptr(nchange), uintptr(event), uintptr(nevent), uintptr(unsafe.Pointer(timeout))) + r0, _, e1 := syscall_syscall6(libc_kevent_trampoline_addr, uintptr(kq), uintptr(change), uintptr(nchange), uintptr(event), uintptr(nevent), uintptr(unsafe.Pointer(timeout))) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -213,6 +281,10 @@ func kevent(kq int, change unsafe.Pointer, nchange int, event unsafe.Pointer, ne return } +var libc_kevent_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_kevent kevent "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func utimes(path string, timeval *[2]Timeval) (err error) { @@ -221,27 +293,35 @@ func utimes(path string, timeval *[2]Timeval) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_UTIMES, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(timeval)), 0) + _, _, e1 := syscall_syscall(libc_utimes_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(timeval)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_utimes_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_utimes utimes "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func futimes(fd int, timeval *[2]Timeval) (err error) { - _, _, e1 := Syscall(SYS_FUTIMES, uintptr(fd), uintptr(unsafe.Pointer(timeval)), 0) + _, _, e1 := syscall_syscall(libc_futimes_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(timeval)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_futimes_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_futimes futimes "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func poll(fds *PollFd, nfds int, timeout int) (n int, err error) { - r0, _, e1 := Syscall(SYS_POLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout)) + r0, _, e1 := syscall_syscall(libc_poll_trampoline_addr, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout)) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -249,6 +329,10 @@ func poll(fds *PollFd, nfds int, timeout int) (n int, err error) { return } +var libc_poll_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_poll poll "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Madvise(b []byte, behav int) (err error) { @@ -258,13 +342,17 @@ func Madvise(b []byte, behav int) (err error) { } else { _p0 = unsafe.Pointer(&_zero) } - _, _, e1 := Syscall(SYS_MADVISE, uintptr(_p0), uintptr(len(b)), uintptr(behav)) + _, _, e1 := syscall_syscall(libc_madvise_trampoline_addr, uintptr(_p0), uintptr(len(b)), uintptr(behav)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_madvise_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_madvise madvise "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Mlock(b []byte) (err error) { @@ -274,23 +362,31 @@ func Mlock(b []byte) (err error) { } else { _p0 = unsafe.Pointer(&_zero) } - _, _, e1 := Syscall(SYS_MLOCK, uintptr(_p0), uintptr(len(b)), 0) + _, _, e1 := syscall_syscall(libc_mlock_trampoline_addr, uintptr(_p0), uintptr(len(b)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_mlock_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mlock mlock "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Mlockall(flags int) (err error) { - _, _, e1 := Syscall(SYS_MLOCKALL, uintptr(flags), 0, 0) + _, _, e1 := syscall_syscall(libc_mlockall_trampoline_addr, uintptr(flags), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_mlockall_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mlockall mlockall "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Mprotect(b []byte, prot int) (err error) { @@ -300,13 +396,17 @@ func Mprotect(b []byte, prot int) (err error) { } else { _p0 = unsafe.Pointer(&_zero) } - _, _, e1 := Syscall(SYS_MPROTECT, uintptr(_p0), uintptr(len(b)), uintptr(prot)) + _, _, e1 := syscall_syscall(libc_mprotect_trampoline_addr, uintptr(_p0), uintptr(len(b)), uintptr(prot)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_mprotect_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mprotect mprotect "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Msync(b []byte, flags int) (err error) { @@ -316,13 +416,17 @@ func Msync(b []byte, flags int) (err error) { } else { _p0 = unsafe.Pointer(&_zero) } - _, _, e1 := Syscall(SYS_MSYNC, uintptr(_p0), uintptr(len(b)), uintptr(flags)) + _, _, e1 := syscall_syscall(libc_msync_trampoline_addr, uintptr(_p0), uintptr(len(b)), uintptr(flags)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_msync_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_msync msync "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Munlock(b []byte) (err error) { @@ -332,33 +436,45 @@ func Munlock(b []byte) (err error) { } else { _p0 = unsafe.Pointer(&_zero) } - _, _, e1 := Syscall(SYS_MUNLOCK, uintptr(_p0), uintptr(len(b)), 0) + _, _, e1 := syscall_syscall(libc_munlock_trampoline_addr, uintptr(_p0), uintptr(len(b)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_munlock_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_munlock munlock "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Munlockall() (err error) { - _, _, e1 := Syscall(SYS_MUNLOCKALL, 0, 0, 0) + _, _, e1 := syscall_syscall(libc_munlockall_trampoline_addr, 0, 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_munlockall_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_munlockall munlockall "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func pipe2(p *[2]_C_int, flags int) (err error) { - _, _, e1 := RawSyscall(SYS_PIPE2, uintptr(unsafe.Pointer(p)), uintptr(flags), 0) + _, _, e1 := syscall_rawSyscall(libc_pipe2_trampoline_addr, uintptr(unsafe.Pointer(p)), uintptr(flags), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_pipe2_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_pipe2 pipe2 "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getdents(fd int, buf []byte) (n int, err error) { @@ -368,7 +484,7 @@ func Getdents(fd int, buf []byte) (n int, err error) { } else { _p0 = unsafe.Pointer(&_zero) } - r0, _, e1 := Syscall(SYS_GETDENTS, uintptr(fd), uintptr(_p0), uintptr(len(buf))) + r0, _, e1 := syscall_syscall(libc_getdents_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(buf))) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -376,6 +492,10 @@ func Getdents(fd int, buf []byte) (n int, err error) { return } +var libc_getdents_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getdents getdents "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getcwd(buf []byte) (n int, err error) { @@ -385,7 +505,7 @@ func Getcwd(buf []byte) (n int, err error) { } else { _p0 = unsafe.Pointer(&_zero) } - r0, _, e1 := Syscall(SYS___GETCWD, uintptr(_p0), uintptr(len(buf)), 0) + r0, _, e1 := syscall_syscall(libc_getcwd_trampoline_addr, uintptr(_p0), uintptr(len(buf)), 0) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -393,16 +513,24 @@ func Getcwd(buf []byte) (n int, err error) { return } +var libc_getcwd_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getcwd getcwd "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func ioctl(fd int, req uint, arg uintptr) (err error) { - _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) + _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_ioctl_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_ioctl ioctl "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { @@ -412,17 +540,21 @@ func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) } else { _p0 = unsafe.Pointer(&_zero) } - _, _, e1 := Syscall6(SYS___SYSCTL, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen)) + _, _, e1 := syscall_syscall6(libc_sysctl_trampoline_addr, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_sysctl_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_sysctl sysctl "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) { - r0, _, e1 := Syscall6(SYS_PPOLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0) + r0, _, e1 := syscall_syscall6(libc_ppoll_trampoline_addr, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -430,6 +562,10 @@ func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, return } +var libc_ppoll_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_ppoll ppoll "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Access(path string, mode uint32) (err error) { @@ -438,23 +574,31 @@ func Access(path string, mode uint32) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_ACCESS, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0) + _, _, e1 := syscall_syscall(libc_access_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_access_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_access access "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Adjtime(delta *Timeval, olddelta *Timeval) (err error) { - _, _, e1 := Syscall(SYS_ADJTIME, uintptr(unsafe.Pointer(delta)), uintptr(unsafe.Pointer(olddelta)), 0) + _, _, e1 := syscall_syscall(libc_adjtime_trampoline_addr, uintptr(unsafe.Pointer(delta)), uintptr(unsafe.Pointer(olddelta)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_adjtime_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_adjtime adjtime "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Chdir(path string) (err error) { @@ -463,13 +607,17 @@ func Chdir(path string) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_CHDIR, uintptr(unsafe.Pointer(_p0)), 0, 0) + _, _, e1 := syscall_syscall(libc_chdir_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_chdir_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_chdir chdir "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Chflags(path string, flags int) (err error) { @@ -478,13 +626,17 @@ func Chflags(path string, flags int) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_CHFLAGS, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0) + _, _, e1 := syscall_syscall(libc_chflags_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_chflags_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_chflags chflags "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Chmod(path string, mode uint32) (err error) { @@ -493,13 +645,17 @@ func Chmod(path string, mode uint32) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_CHMOD, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0) + _, _, e1 := syscall_syscall(libc_chmod_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_chmod_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_chmod chmod "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Chown(path string, uid int, gid int) (err error) { @@ -508,13 +664,17 @@ func Chown(path string, uid int, gid int) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_CHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid)) + _, _, e1 := syscall_syscall(libc_chown_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_chown_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_chown chown "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Chroot(path string) (err error) { @@ -523,27 +683,35 @@ func Chroot(path string) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_CHROOT, uintptr(unsafe.Pointer(_p0)), 0, 0) + _, _, e1 := syscall_syscall(libc_chroot_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_chroot_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_chroot chroot "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Close(fd int) (err error) { - _, _, e1 := Syscall(SYS_CLOSE, uintptr(fd), 0, 0) + _, _, e1 := syscall_syscall(libc_close_trampoline_addr, uintptr(fd), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_close_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_close close "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Dup(fd int) (nfd int, err error) { - r0, _, e1 := Syscall(SYS_DUP, uintptr(fd), 0, 0) + r0, _, e1 := syscall_syscall(libc_dup_trampoline_addr, uintptr(fd), 0, 0) nfd = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -551,33 +719,49 @@ func Dup(fd int) (nfd int, err error) { return } +var libc_dup_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_dup dup "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Dup2(from int, to int) (err error) { - _, _, e1 := Syscall(SYS_DUP2, uintptr(from), uintptr(to), 0) + _, _, e1 := syscall_syscall(libc_dup2_trampoline_addr, uintptr(from), uintptr(to), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_dup2_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_dup2 dup2 "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Dup3(from int, to int, flags int) (err error) { - _, _, e1 := Syscall(SYS_DUP3, uintptr(from), uintptr(to), uintptr(flags)) + _, _, e1 := syscall_syscall(libc_dup3_trampoline_addr, uintptr(from), uintptr(to), uintptr(flags)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_dup3_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_dup3 dup3 "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Exit(code int) { - Syscall(SYS_EXIT, uintptr(code), 0, 0) + syscall_syscall(libc_exit_trampoline_addr, uintptr(code), 0, 0) return } +var libc_exit_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_exit exit "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) { @@ -586,43 +770,59 @@ func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) { if err != nil { return } - _, _, e1 := Syscall6(SYS_FACCESSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0) + _, _, e1 := syscall_syscall6(libc_faccessat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_faccessat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_faccessat faccessat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Fchdir(fd int) (err error) { - _, _, e1 := Syscall(SYS_FCHDIR, uintptr(fd), 0, 0) + _, _, e1 := syscall_syscall(libc_fchdir_trampoline_addr, uintptr(fd), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_fchdir_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fchdir fchdir "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Fchflags(fd int, flags int) (err error) { - _, _, e1 := Syscall(SYS_FCHFLAGS, uintptr(fd), uintptr(flags), 0) + _, _, e1 := syscall_syscall(libc_fchflags_trampoline_addr, uintptr(fd), uintptr(flags), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_fchflags_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fchflags fchflags "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Fchmod(fd int, mode uint32) (err error) { - _, _, e1 := Syscall(SYS_FCHMOD, uintptr(fd), uintptr(mode), 0) + _, _, e1 := syscall_syscall(libc_fchmod_trampoline_addr, uintptr(fd), uintptr(mode), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_fchmod_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fchmod fchmod "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) { @@ -631,23 +831,31 @@ func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) { if err != nil { return } - _, _, e1 := Syscall6(SYS_FCHMODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0) + _, _, e1 := syscall_syscall6(libc_fchmodat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_fchmodat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fchmodat fchmodat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Fchown(fd int, uid int, gid int) (err error) { - _, _, e1 := Syscall(SYS_FCHOWN, uintptr(fd), uintptr(uid), uintptr(gid)) + _, _, e1 := syscall_syscall(libc_fchown_trampoline_addr, uintptr(fd), uintptr(uid), uintptr(gid)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_fchown_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fchown fchown "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) { @@ -656,27 +864,35 @@ func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) { if err != nil { return } - _, _, e1 := Syscall6(SYS_FCHOWNAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0) + _, _, e1 := syscall_syscall6(libc_fchownat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_fchownat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fchownat fchownat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Flock(fd int, how int) (err error) { - _, _, e1 := Syscall(SYS_FLOCK, uintptr(fd), uintptr(how), 0) + _, _, e1 := syscall_syscall(libc_flock_trampoline_addr, uintptr(fd), uintptr(how), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_flock_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_flock flock "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Fpathconf(fd int, name int) (val int, err error) { - r0, _, e1 := Syscall(SYS_FPATHCONF, uintptr(fd), uintptr(name), 0) + r0, _, e1 := syscall_syscall(libc_fpathconf_trampoline_addr, uintptr(fd), uintptr(name), 0) val = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -684,16 +900,24 @@ func Fpathconf(fd int, name int) (val int, err error) { return } +var libc_fpathconf_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fpathconf fpathconf "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Fstat(fd int, stat *Stat_t) (err error) { - _, _, e1 := Syscall(SYS_FSTAT, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0) + _, _, e1 := syscall_syscall(libc_fstat_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_fstat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fstat fstat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) { @@ -702,71 +926,99 @@ func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) { if err != nil { return } - _, _, e1 := Syscall6(SYS_FSTATAT, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0) + _, _, e1 := syscall_syscall6(libc_fstatat_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_fstatat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fstatat fstatat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Fstatfs(fd int, stat *Statfs_t) (err error) { - _, _, e1 := Syscall(SYS_FSTATFS, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0) + _, _, e1 := syscall_syscall(libc_fstatfs_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_fstatfs_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fstatfs fstatfs "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Fsync(fd int) (err error) { - _, _, e1 := Syscall(SYS_FSYNC, uintptr(fd), 0, 0) + _, _, e1 := syscall_syscall(libc_fsync_trampoline_addr, uintptr(fd), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_fsync_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fsync fsync "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Ftruncate(fd int, length int64) (err error) { - _, _, e1 := Syscall6(SYS_FTRUNCATE, uintptr(fd), 0, uintptr(length), uintptr(length>>32), 0, 0) + _, _, e1 := syscall_syscall(libc_ftruncate_trampoline_addr, uintptr(fd), uintptr(length), uintptr(length>>32)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_ftruncate_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_ftruncate ftruncate "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getegid() (egid int) { - r0, _, _ := RawSyscall(SYS_GETEGID, 0, 0, 0) + r0, _, _ := syscall_rawSyscall(libc_getegid_trampoline_addr, 0, 0, 0) egid = int(r0) return } +var libc_getegid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getegid getegid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Geteuid() (uid int) { - r0, _, _ := RawSyscall(SYS_GETEUID, 0, 0, 0) + r0, _, _ := syscall_rawSyscall(libc_geteuid_trampoline_addr, 0, 0, 0) uid = int(r0) return } +var libc_geteuid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_geteuid geteuid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getgid() (gid int) { - r0, _, _ := RawSyscall(SYS_GETGID, 0, 0, 0) + r0, _, _ := syscall_rawSyscall(libc_getgid_trampoline_addr, 0, 0, 0) gid = int(r0) return } +var libc_getgid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getgid getgid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getpgid(pid int) (pgid int, err error) { - r0, _, e1 := RawSyscall(SYS_GETPGID, uintptr(pid), 0, 0) + r0, _, e1 := syscall_rawSyscall(libc_getpgid_trampoline_addr, uintptr(pid), 0, 0) pgid = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -774,34 +1026,50 @@ func Getpgid(pid int) (pgid int, err error) { return } +var libc_getpgid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getpgid getpgid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getpgrp() (pgrp int) { - r0, _, _ := RawSyscall(SYS_GETPGRP, 0, 0, 0) + r0, _, _ := syscall_rawSyscall(libc_getpgrp_trampoline_addr, 0, 0, 0) pgrp = int(r0) return } +var libc_getpgrp_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getpgrp getpgrp "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getpid() (pid int) { - r0, _, _ := RawSyscall(SYS_GETPID, 0, 0, 0) + r0, _, _ := syscall_rawSyscall(libc_getpid_trampoline_addr, 0, 0, 0) pid = int(r0) return } +var libc_getpid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getpid getpid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getppid() (ppid int) { - r0, _, _ := RawSyscall(SYS_GETPPID, 0, 0, 0) + r0, _, _ := syscall_rawSyscall(libc_getppid_trampoline_addr, 0, 0, 0) ppid = int(r0) return } +var libc_getppid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getppid getppid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getpriority(which int, who int) (prio int, err error) { - r0, _, e1 := Syscall(SYS_GETPRIORITY, uintptr(which), uintptr(who), 0) + r0, _, e1 := syscall_syscall(libc_getpriority_trampoline_addr, uintptr(which), uintptr(who), 0) prio = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -809,20 +1077,28 @@ func Getpriority(which int, who int) (prio int, err error) { return } +var libc_getpriority_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getpriority getpriority "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getrlimit(which int, lim *Rlimit) (err error) { - _, _, e1 := RawSyscall(SYS_GETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0) + _, _, e1 := syscall_rawSyscall(libc_getrlimit_trampoline_addr, uintptr(which), uintptr(unsafe.Pointer(lim)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_getrlimit_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getrlimit getrlimit "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getrtable() (rtable int, err error) { - r0, _, e1 := RawSyscall(SYS_GETRTABLE, 0, 0, 0) + r0, _, e1 := syscall_rawSyscall(libc_getrtable_trampoline_addr, 0, 0, 0) rtable = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -830,20 +1106,28 @@ func Getrtable() (rtable int, err error) { return } +var libc_getrtable_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getrtable getrtable "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getrusage(who int, rusage *Rusage) (err error) { - _, _, e1 := RawSyscall(SYS_GETRUSAGE, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0) + _, _, e1 := syscall_rawSyscall(libc_getrusage_trampoline_addr, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_getrusage_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getrusage getrusage "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getsid(pid int) (sid int, err error) { - r0, _, e1 := RawSyscall(SYS_GETSID, uintptr(pid), 0, 0) + r0, _, e1 := syscall_rawSyscall(libc_getsid_trampoline_addr, uintptr(pid), 0, 0) sid = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -851,46 +1135,66 @@ func Getsid(pid int) (sid int, err error) { return } +var libc_getsid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getsid getsid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Gettimeofday(tv *Timeval) (err error) { - _, _, e1 := RawSyscall(SYS_GETTIMEOFDAY, uintptr(unsafe.Pointer(tv)), 0, 0) + _, _, e1 := syscall_rawSyscall(libc_gettimeofday_trampoline_addr, uintptr(unsafe.Pointer(tv)), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_gettimeofday_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_gettimeofday gettimeofday "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getuid() (uid int) { - r0, _, _ := RawSyscall(SYS_GETUID, 0, 0, 0) + r0, _, _ := syscall_rawSyscall(libc_getuid_trampoline_addr, 0, 0, 0) uid = int(r0) return } +var libc_getuid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getuid getuid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Issetugid() (tainted bool) { - r0, _, _ := Syscall(SYS_ISSETUGID, 0, 0, 0) + r0, _, _ := syscall_syscall(libc_issetugid_trampoline_addr, 0, 0, 0) tainted = bool(r0 != 0) return } +var libc_issetugid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_issetugid issetugid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Kill(pid int, signum syscall.Signal) (err error) { - _, _, e1 := Syscall(SYS_KILL, uintptr(pid), uintptr(signum), 0) + _, _, e1 := syscall_syscall(libc_kill_trampoline_addr, uintptr(pid), uintptr(signum), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_kill_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_kill kill "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Kqueue() (fd int, err error) { - r0, _, e1 := Syscall(SYS_KQUEUE, 0, 0, 0) + r0, _, e1 := syscall_syscall(libc_kqueue_trampoline_addr, 0, 0, 0) fd = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -898,6 +1202,10 @@ func Kqueue() (fd int, err error) { return } +var libc_kqueue_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_kqueue kqueue "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Lchown(path string, uid int, gid int) (err error) { @@ -906,13 +1214,17 @@ func Lchown(path string, uid int, gid int) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_LCHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid)) + _, _, e1 := syscall_syscall(libc_lchown_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_lchown_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_lchown lchown "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Link(path string, link string) (err error) { @@ -926,13 +1238,17 @@ func Link(path string, link string) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0) + _, _, e1 := syscall_syscall(libc_link_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_link_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_link link "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Linkat(pathfd int, path string, linkfd int, link string, flags int) (err error) { @@ -946,23 +1262,31 @@ func Linkat(pathfd int, path string, linkfd int, link string, flags int) (err er if err != nil { return } - _, _, e1 := Syscall6(SYS_LINKAT, uintptr(pathfd), uintptr(unsafe.Pointer(_p0)), uintptr(linkfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0) + _, _, e1 := syscall_syscall6(libc_linkat_trampoline_addr, uintptr(pathfd), uintptr(unsafe.Pointer(_p0)), uintptr(linkfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_linkat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_linkat linkat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Listen(s int, backlog int) (err error) { - _, _, e1 := Syscall(SYS_LISTEN, uintptr(s), uintptr(backlog), 0) + _, _, e1 := syscall_syscall(libc_listen_trampoline_addr, uintptr(s), uintptr(backlog), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_listen_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_listen listen "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Lstat(path string, stat *Stat_t) (err error) { @@ -971,13 +1295,17 @@ func Lstat(path string, stat *Stat_t) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_LSTAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0) + _, _, e1 := syscall_syscall(libc_lstat_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_lstat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_lstat lstat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Mkdir(path string, mode uint32) (err error) { @@ -986,13 +1314,17 @@ func Mkdir(path string, mode uint32) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_MKDIR, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0) + _, _, e1 := syscall_syscall(libc_mkdir_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_mkdir_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mkdir mkdir "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Mkdirat(dirfd int, path string, mode uint32) (err error) { @@ -1001,13 +1333,17 @@ func Mkdirat(dirfd int, path string, mode uint32) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_MKDIRAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode)) + _, _, e1 := syscall_syscall(libc_mkdirat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_mkdirat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mkdirat mkdirat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Mkfifo(path string, mode uint32) (err error) { @@ -1016,13 +1352,17 @@ func Mkfifo(path string, mode uint32) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_MKFIFO, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0) + _, _, e1 := syscall_syscall(libc_mkfifo_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_mkfifo_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mkfifo mkfifo "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Mkfifoat(dirfd int, path string, mode uint32) (err error) { @@ -1031,13 +1371,17 @@ func Mkfifoat(dirfd int, path string, mode uint32) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_MKFIFOAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode)) + _, _, e1 := syscall_syscall(libc_mkfifoat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_mkfifoat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mkfifoat mkfifoat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Mknod(path string, mode uint32, dev int) (err error) { @@ -1046,13 +1390,17 @@ func Mknod(path string, mode uint32, dev int) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_MKNOD, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev)) + _, _, e1 := syscall_syscall(libc_mknod_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_mknod_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mknod mknod "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Mknodat(dirfd int, path string, mode uint32, dev int) (err error) { @@ -1061,23 +1409,31 @@ func Mknodat(dirfd int, path string, mode uint32, dev int) (err error) { if err != nil { return } - _, _, e1 := Syscall6(SYS_MKNODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0) + _, _, e1 := syscall_syscall6(libc_mknodat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_mknodat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mknodat mknodat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Nanosleep(time *Timespec, leftover *Timespec) (err error) { - _, _, e1 := Syscall(SYS_NANOSLEEP, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0) + _, _, e1 := syscall_syscall(libc_nanosleep_trampoline_addr, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_nanosleep_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_nanosleep nanosleep "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Open(path string, mode int, perm uint32) (fd int, err error) { @@ -1086,7 +1442,7 @@ func Open(path string, mode int, perm uint32) (fd int, err error) { if err != nil { return } - r0, _, e1 := Syscall(SYS_OPEN, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm)) + r0, _, e1 := syscall_syscall(libc_open_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm)) fd = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -1094,6 +1450,10 @@ func Open(path string, mode int, perm uint32) (fd int, err error) { return } +var libc_open_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_open open "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error) { @@ -1102,7 +1462,7 @@ func Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error) { if err != nil { return } - r0, _, e1 := Syscall6(SYS_OPENAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm), 0, 0) + r0, _, e1 := syscall_syscall6(libc_openat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm), 0, 0) fd = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -1110,6 +1470,10 @@ func Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error) { return } +var libc_openat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_openat openat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Pathconf(path string, name int) (val int, err error) { @@ -1118,7 +1482,7 @@ func Pathconf(path string, name int) (val int, err error) { if err != nil { return } - r0, _, e1 := Syscall(SYS_PATHCONF, uintptr(unsafe.Pointer(_p0)), uintptr(name), 0) + r0, _, e1 := syscall_syscall(libc_pathconf_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(name), 0) val = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -1126,6 +1490,10 @@ func Pathconf(path string, name int) (val int, err error) { return } +var libc_pathconf_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_pathconf pathconf "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func pread(fd int, p []byte, offset int64) (n int, err error) { @@ -1135,7 +1503,7 @@ func pread(fd int, p []byte, offset int64) (n int, err error) { } else { _p0 = unsafe.Pointer(&_zero) } - r0, _, e1 := Syscall6(SYS_PREAD, uintptr(fd), uintptr(_p0), uintptr(len(p)), 0, uintptr(offset), uintptr(offset>>32)) + r0, _, e1 := syscall_syscall6(libc_pread_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), uintptr(offset>>32), 0) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -1143,6 +1511,10 @@ func pread(fd int, p []byte, offset int64) (n int, err error) { return } +var libc_pread_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_pread pread "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func pwrite(fd int, p []byte, offset int64) (n int, err error) { @@ -1152,7 +1524,7 @@ func pwrite(fd int, p []byte, offset int64) (n int, err error) { } else { _p0 = unsafe.Pointer(&_zero) } - r0, _, e1 := Syscall6(SYS_PWRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)), 0, uintptr(offset), uintptr(offset>>32)) + r0, _, e1 := syscall_syscall6(libc_pwrite_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), uintptr(offset>>32), 0) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -1160,6 +1532,10 @@ func pwrite(fd int, p []byte, offset int64) (n int, err error) { return } +var libc_pwrite_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_pwrite pwrite "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func read(fd int, p []byte) (n int, err error) { @@ -1169,7 +1545,7 @@ func read(fd int, p []byte) (n int, err error) { } else { _p0 = unsafe.Pointer(&_zero) } - r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(_p0), uintptr(len(p))) + r0, _, e1 := syscall_syscall(libc_read_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(p))) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -1177,6 +1553,10 @@ func read(fd int, p []byte) (n int, err error) { return } +var libc_read_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_read read "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Readlink(path string, buf []byte) (n int, err error) { @@ -1191,7 +1571,7 @@ func Readlink(path string, buf []byte) (n int, err error) { } else { _p1 = unsafe.Pointer(&_zero) } - r0, _, e1 := Syscall(SYS_READLINK, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf))) + r0, _, e1 := syscall_syscall(libc_readlink_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf))) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -1199,6 +1579,10 @@ func Readlink(path string, buf []byte) (n int, err error) { return } +var libc_readlink_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_readlink readlink "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) { @@ -1213,7 +1597,7 @@ func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) { } else { _p1 = unsafe.Pointer(&_zero) } - r0, _, e1 := Syscall6(SYS_READLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0) + r0, _, e1 := syscall_syscall6(libc_readlinkat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -1221,6 +1605,10 @@ func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) { return } +var libc_readlinkat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_readlinkat readlinkat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Rename(from string, to string) (err error) { @@ -1234,13 +1622,17 @@ func Rename(from string, to string) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_RENAME, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0) + _, _, e1 := syscall_syscall(libc_rename_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_rename_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_rename rename "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Renameat(fromfd int, from string, tofd int, to string) (err error) { @@ -1254,13 +1646,17 @@ func Renameat(fromfd int, from string, tofd int, to string) (err error) { if err != nil { return } - _, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(fromfd), uintptr(unsafe.Pointer(_p0)), uintptr(tofd), uintptr(unsafe.Pointer(_p1)), 0, 0) + _, _, e1 := syscall_syscall6(libc_renameat_trampoline_addr, uintptr(fromfd), uintptr(unsafe.Pointer(_p0)), uintptr(tofd), uintptr(unsafe.Pointer(_p1)), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_renameat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_renameat renameat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Revoke(path string) (err error) { @@ -1269,13 +1665,17 @@ func Revoke(path string) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_REVOKE, uintptr(unsafe.Pointer(_p0)), 0, 0) + _, _, e1 := syscall_syscall(libc_revoke_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_revoke_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_revoke revoke "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Rmdir(path string) (err error) { @@ -1284,17 +1684,21 @@ func Rmdir(path string) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_RMDIR, uintptr(unsafe.Pointer(_p0)), 0, 0) + _, _, e1 := syscall_syscall(libc_rmdir_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_rmdir_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_rmdir rmdir "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Seek(fd int, offset int64, whence int) (newoffset int64, err error) { - r0, r1, e1 := Syscall6(SYS_LSEEK, uintptr(fd), 0, uintptr(offset), uintptr(offset>>32), uintptr(whence), 0) + r0, r1, e1 := syscall_syscall6(libc_lseek_trampoline_addr, uintptr(fd), uintptr(offset), uintptr(offset>>32), uintptr(whence), 0, 0) newoffset = int64(int64(r1)<<32 | int64(r0)) if e1 != 0 { err = errnoErr(e1) @@ -1302,10 +1706,14 @@ func Seek(fd int, offset int64, whence int) (newoffset int64, err error) { return } +var libc_lseek_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_lseek lseek "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) { - r0, _, e1 := Syscall6(SYS_SELECT, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0) + r0, _, e1 := syscall_syscall6(libc_select_trampoline_addr, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -1313,36 +1721,52 @@ func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err return } +var libc_select_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_select select "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setegid(egid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETEGID, uintptr(egid), 0, 0) + _, _, e1 := syscall_rawSyscall(libc_setegid_trampoline_addr, uintptr(egid), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setegid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setegid setegid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Seteuid(euid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETEUID, uintptr(euid), 0, 0) + _, _, e1 := syscall_rawSyscall(libc_seteuid_trampoline_addr, uintptr(euid), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_seteuid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_seteuid seteuid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setgid(gid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETGID, uintptr(gid), 0, 0) + _, _, e1 := syscall_rawSyscall(libc_setgid_trampoline_addr, uintptr(gid), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setgid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setgid setgid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setlogin(name string) (err error) { @@ -1351,97 +1775,133 @@ func Setlogin(name string) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_SETLOGIN, uintptr(unsafe.Pointer(_p0)), 0, 0) + _, _, e1 := syscall_syscall(libc_setlogin_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setlogin_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setlogin setlogin "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setpgid(pid int, pgid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETPGID, uintptr(pid), uintptr(pgid), 0) + _, _, e1 := syscall_rawSyscall(libc_setpgid_trampoline_addr, uintptr(pid), uintptr(pgid), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setpgid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setpgid setpgid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setpriority(which int, who int, prio int) (err error) { - _, _, e1 := Syscall(SYS_SETPRIORITY, uintptr(which), uintptr(who), uintptr(prio)) + _, _, e1 := syscall_syscall(libc_setpriority_trampoline_addr, uintptr(which), uintptr(who), uintptr(prio)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setpriority_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setpriority setpriority "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setregid(rgid int, egid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0) + _, _, e1 := syscall_rawSyscall(libc_setregid_trampoline_addr, uintptr(rgid), uintptr(egid), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setregid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setregid setregid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setreuid(ruid int, euid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0) + _, _, e1 := syscall_rawSyscall(libc_setreuid_trampoline_addr, uintptr(ruid), uintptr(euid), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setreuid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setreuid setreuid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setresgid(rgid int, egid int, sgid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETRESGID, uintptr(rgid), uintptr(egid), uintptr(sgid)) + _, _, e1 := syscall_rawSyscall(libc_setresgid_trampoline_addr, uintptr(rgid), uintptr(egid), uintptr(sgid)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setresgid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setresgid setresgid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setresuid(ruid int, euid int, suid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETRESUID, uintptr(ruid), uintptr(euid), uintptr(suid)) + _, _, e1 := syscall_rawSyscall(libc_setresuid_trampoline_addr, uintptr(ruid), uintptr(euid), uintptr(suid)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setresuid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setresuid setresuid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setrlimit(which int, lim *Rlimit) (err error) { - _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0) + _, _, e1 := syscall_rawSyscall(libc_setrlimit_trampoline_addr, uintptr(which), uintptr(unsafe.Pointer(lim)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setrlimit_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setrlimit setrlimit "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setrtable(rtable int) (err error) { - _, _, e1 := RawSyscall(SYS_SETRTABLE, uintptr(rtable), 0, 0) + _, _, e1 := syscall_rawSyscall(libc_setrtable_trampoline_addr, uintptr(rtable), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setrtable_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setrtable setrtable "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setsid() (pid int, err error) { - r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0) + r0, _, e1 := syscall_rawSyscall(libc_setsid_trampoline_addr, 0, 0, 0) pid = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -1449,26 +1909,38 @@ func Setsid() (pid int, err error) { return } +var libc_setsid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setsid setsid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Settimeofday(tp *Timeval) (err error) { - _, _, e1 := RawSyscall(SYS_SETTIMEOFDAY, uintptr(unsafe.Pointer(tp)), 0, 0) + _, _, e1 := syscall_rawSyscall(libc_settimeofday_trampoline_addr, uintptr(unsafe.Pointer(tp)), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_settimeofday_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_settimeofday settimeofday "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setuid(uid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETUID, uintptr(uid), 0, 0) + _, _, e1 := syscall_rawSyscall(libc_setuid_trampoline_addr, uintptr(uid), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setuid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setuid setuid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Stat(path string, stat *Stat_t) (err error) { @@ -1477,13 +1949,17 @@ func Stat(path string, stat *Stat_t) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_STAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0) + _, _, e1 := syscall_syscall(libc_stat_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_stat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_stat stat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Statfs(path string, stat *Statfs_t) (err error) { @@ -1492,13 +1968,17 @@ func Statfs(path string, stat *Statfs_t) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_STATFS, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0) + _, _, e1 := syscall_syscall(libc_statfs_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_statfs_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_statfs statfs "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Symlink(path string, link string) (err error) { @@ -1512,13 +1992,17 @@ func Symlink(path string, link string) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_SYMLINK, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0) + _, _, e1 := syscall_syscall(libc_symlink_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_symlink_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_symlink symlink "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) { @@ -1532,23 +2016,31 @@ func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_SYMLINKAT, uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1))) + _, _, e1 := syscall_syscall(libc_symlinkat_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1))) if e1 != 0 { err = errnoErr(e1) } return } +var libc_symlinkat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_symlinkat symlinkat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Sync() (err error) { - _, _, e1 := Syscall(SYS_SYNC, 0, 0, 0) + _, _, e1 := syscall_syscall(libc_sync_trampoline_addr, 0, 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_sync_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_sync sync "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Truncate(path string, length int64) (err error) { @@ -1557,21 +2049,29 @@ func Truncate(path string, length int64) (err error) { if err != nil { return } - _, _, e1 := Syscall6(SYS_TRUNCATE, uintptr(unsafe.Pointer(_p0)), 0, uintptr(length), uintptr(length>>32), 0, 0) + _, _, e1 := syscall_syscall(libc_truncate_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(length), uintptr(length>>32)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_truncate_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_truncate truncate "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Umask(newmask int) (oldmask int) { - r0, _, _ := Syscall(SYS_UMASK, uintptr(newmask), 0, 0) + r0, _, _ := syscall_syscall(libc_umask_trampoline_addr, uintptr(newmask), 0, 0) oldmask = int(r0) return } +var libc_umask_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_umask umask "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Unlink(path string) (err error) { @@ -1580,13 +2080,17 @@ func Unlink(path string) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_UNLINK, uintptr(unsafe.Pointer(_p0)), 0, 0) + _, _, e1 := syscall_syscall(libc_unlink_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_unlink_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_unlink unlink "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Unlinkat(dirfd int, path string, flags int) (err error) { @@ -1595,13 +2099,17 @@ func Unlinkat(dirfd int, path string, flags int) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_UNLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags)) + _, _, e1 := syscall_syscall(libc_unlinkat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_unlinkat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_unlinkat unlinkat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Unmount(path string, flags int) (err error) { @@ -1610,13 +2118,17 @@ func Unmount(path string, flags int) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_UNMOUNT, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0) + _, _, e1 := syscall_syscall(libc_unmount_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_unmount_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_unmount unmount "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func write(fd int, p []byte) (n int, err error) { @@ -1626,7 +2138,7 @@ func write(fd int, p []byte) (n int, err error) { } else { _p0 = unsafe.Pointer(&_zero) } - r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(_p0), uintptr(len(p))) + r0, _, e1 := syscall_syscall(libc_write_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(p))) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -1634,10 +2146,14 @@ func write(fd int, p []byte) (n int, err error) { return } +var libc_write_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_write write "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error) { - r0, _, e1 := Syscall9(SYS_MMAP, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flag), uintptr(fd), 0, uintptr(pos), uintptr(pos>>32), 0) + r0, _, e1 := syscall_syscall9(libc_mmap_trampoline_addr, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flag), uintptr(fd), uintptr(pos), uintptr(pos>>32), 0, 0) ret = uintptr(r0) if e1 != 0 { err = errnoErr(e1) @@ -1645,20 +2161,28 @@ func mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) ( return } +var libc_mmap_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mmap mmap "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func munmap(addr uintptr, length uintptr) (err error) { - _, _, e1 := Syscall(SYS_MUNMAP, uintptr(addr), uintptr(length), 0) + _, _, e1 := syscall_syscall(libc_munmap_trampoline_addr, uintptr(addr), uintptr(length), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_munmap_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_munmap munmap "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func readlen(fd int, buf *byte, nbuf int) (n int, err error) { - r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf)) + r0, _, e1 := syscall_syscall(libc_read_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf)) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -1669,7 +2193,7 @@ func readlen(fd int, buf *byte, nbuf int) (n int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func writelen(fd int, buf *byte, nbuf int) (n int, err error) { - r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf)) + r0, _, e1 := syscall_syscall(libc_write_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf)) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -1685,9 +2209,13 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error if err != nil { return } - _, _, e1 := Syscall6(SYS_UTIMENSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), uintptr(flags), 0, 0) + _, _, e1 := syscall_syscall6(libc_utimensat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), uintptr(flags), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } + +var libc_utimensat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_utimensat utimensat "libc.so" diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s new file mode 100644 index 00000000000..75eb2f5f3f7 --- /dev/null +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s @@ -0,0 +1,796 @@ +// go run mkasm.go openbsd 386 +// Code generated by the command above; DO NOT EDIT. + +#include "textflag.h" + +TEXT libc_getgroups_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getgroups(SB) + +GLOBL ·libc_getgroups_trampoline_addr(SB), RODATA, $4 +DATA ·libc_getgroups_trampoline_addr(SB)/4, $libc_getgroups_trampoline<>(SB) + +TEXT libc_setgroups_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setgroups(SB) + +GLOBL ·libc_setgroups_trampoline_addr(SB), RODATA, $4 +DATA ·libc_setgroups_trampoline_addr(SB)/4, $libc_setgroups_trampoline<>(SB) + +TEXT libc_wait4_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_wait4(SB) + +GLOBL ·libc_wait4_trampoline_addr(SB), RODATA, $4 +DATA ·libc_wait4_trampoline_addr(SB)/4, $libc_wait4_trampoline<>(SB) + +TEXT libc_accept_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_accept(SB) + +GLOBL ·libc_accept_trampoline_addr(SB), RODATA, $4 +DATA ·libc_accept_trampoline_addr(SB)/4, $libc_accept_trampoline<>(SB) + +TEXT libc_bind_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_bind(SB) + +GLOBL ·libc_bind_trampoline_addr(SB), RODATA, $4 +DATA ·libc_bind_trampoline_addr(SB)/4, $libc_bind_trampoline<>(SB) + +TEXT libc_connect_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_connect(SB) + +GLOBL ·libc_connect_trampoline_addr(SB), RODATA, $4 +DATA ·libc_connect_trampoline_addr(SB)/4, $libc_connect_trampoline<>(SB) + +TEXT libc_socket_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_socket(SB) + +GLOBL ·libc_socket_trampoline_addr(SB), RODATA, $4 +DATA ·libc_socket_trampoline_addr(SB)/4, $libc_socket_trampoline<>(SB) + +TEXT libc_getsockopt_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getsockopt(SB) + +GLOBL ·libc_getsockopt_trampoline_addr(SB), RODATA, $4 +DATA ·libc_getsockopt_trampoline_addr(SB)/4, $libc_getsockopt_trampoline<>(SB) + +TEXT libc_setsockopt_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setsockopt(SB) + +GLOBL ·libc_setsockopt_trampoline_addr(SB), RODATA, $4 +DATA ·libc_setsockopt_trampoline_addr(SB)/4, $libc_setsockopt_trampoline<>(SB) + +TEXT libc_getpeername_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getpeername(SB) + +GLOBL ·libc_getpeername_trampoline_addr(SB), RODATA, $4 +DATA ·libc_getpeername_trampoline_addr(SB)/4, $libc_getpeername_trampoline<>(SB) + +TEXT libc_getsockname_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getsockname(SB) + +GLOBL ·libc_getsockname_trampoline_addr(SB), RODATA, $4 +DATA ·libc_getsockname_trampoline_addr(SB)/4, $libc_getsockname_trampoline<>(SB) + +TEXT libc_shutdown_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_shutdown(SB) + +GLOBL ·libc_shutdown_trampoline_addr(SB), RODATA, $4 +DATA ·libc_shutdown_trampoline_addr(SB)/4, $libc_shutdown_trampoline<>(SB) + +TEXT libc_socketpair_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_socketpair(SB) + +GLOBL ·libc_socketpair_trampoline_addr(SB), RODATA, $4 +DATA ·libc_socketpair_trampoline_addr(SB)/4, $libc_socketpair_trampoline<>(SB) + +TEXT libc_recvfrom_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_recvfrom(SB) + +GLOBL ·libc_recvfrom_trampoline_addr(SB), RODATA, $4 +DATA ·libc_recvfrom_trampoline_addr(SB)/4, $libc_recvfrom_trampoline<>(SB) + +TEXT libc_sendto_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_sendto(SB) + +GLOBL ·libc_sendto_trampoline_addr(SB), RODATA, $4 +DATA ·libc_sendto_trampoline_addr(SB)/4, $libc_sendto_trampoline<>(SB) + +TEXT libc_recvmsg_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_recvmsg(SB) + +GLOBL ·libc_recvmsg_trampoline_addr(SB), RODATA, $4 +DATA ·libc_recvmsg_trampoline_addr(SB)/4, $libc_recvmsg_trampoline<>(SB) + +TEXT libc_sendmsg_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_sendmsg(SB) + +GLOBL ·libc_sendmsg_trampoline_addr(SB), RODATA, $4 +DATA ·libc_sendmsg_trampoline_addr(SB)/4, $libc_sendmsg_trampoline<>(SB) + +TEXT libc_kevent_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_kevent(SB) + +GLOBL ·libc_kevent_trampoline_addr(SB), RODATA, $4 +DATA ·libc_kevent_trampoline_addr(SB)/4, $libc_kevent_trampoline<>(SB) + +TEXT libc_utimes_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_utimes(SB) + +GLOBL ·libc_utimes_trampoline_addr(SB), RODATA, $4 +DATA ·libc_utimes_trampoline_addr(SB)/4, $libc_utimes_trampoline<>(SB) + +TEXT libc_futimes_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_futimes(SB) + +GLOBL ·libc_futimes_trampoline_addr(SB), RODATA, $4 +DATA ·libc_futimes_trampoline_addr(SB)/4, $libc_futimes_trampoline<>(SB) + +TEXT libc_poll_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_poll(SB) + +GLOBL ·libc_poll_trampoline_addr(SB), RODATA, $4 +DATA ·libc_poll_trampoline_addr(SB)/4, $libc_poll_trampoline<>(SB) + +TEXT libc_madvise_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_madvise(SB) + +GLOBL ·libc_madvise_trampoline_addr(SB), RODATA, $4 +DATA ·libc_madvise_trampoline_addr(SB)/4, $libc_madvise_trampoline<>(SB) + +TEXT libc_mlock_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_mlock(SB) + +GLOBL ·libc_mlock_trampoline_addr(SB), RODATA, $4 +DATA ·libc_mlock_trampoline_addr(SB)/4, $libc_mlock_trampoline<>(SB) + +TEXT libc_mlockall_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_mlockall(SB) + +GLOBL ·libc_mlockall_trampoline_addr(SB), RODATA, $4 +DATA ·libc_mlockall_trampoline_addr(SB)/4, $libc_mlockall_trampoline<>(SB) + +TEXT libc_mprotect_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_mprotect(SB) + +GLOBL ·libc_mprotect_trampoline_addr(SB), RODATA, $4 +DATA ·libc_mprotect_trampoline_addr(SB)/4, $libc_mprotect_trampoline<>(SB) + +TEXT libc_msync_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_msync(SB) + +GLOBL ·libc_msync_trampoline_addr(SB), RODATA, $4 +DATA ·libc_msync_trampoline_addr(SB)/4, $libc_msync_trampoline<>(SB) + +TEXT libc_munlock_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_munlock(SB) + +GLOBL ·libc_munlock_trampoline_addr(SB), RODATA, $4 +DATA ·libc_munlock_trampoline_addr(SB)/4, $libc_munlock_trampoline<>(SB) + +TEXT libc_munlockall_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_munlockall(SB) + +GLOBL ·libc_munlockall_trampoline_addr(SB), RODATA, $4 +DATA ·libc_munlockall_trampoline_addr(SB)/4, $libc_munlockall_trampoline<>(SB) + +TEXT libc_pipe2_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_pipe2(SB) + +GLOBL ·libc_pipe2_trampoline_addr(SB), RODATA, $4 +DATA ·libc_pipe2_trampoline_addr(SB)/4, $libc_pipe2_trampoline<>(SB) + +TEXT libc_getdents_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getdents(SB) + +GLOBL ·libc_getdents_trampoline_addr(SB), RODATA, $4 +DATA ·libc_getdents_trampoline_addr(SB)/4, $libc_getdents_trampoline<>(SB) + +TEXT libc_getcwd_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getcwd(SB) + +GLOBL ·libc_getcwd_trampoline_addr(SB), RODATA, $4 +DATA ·libc_getcwd_trampoline_addr(SB)/4, $libc_getcwd_trampoline<>(SB) + +TEXT libc_ioctl_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_ioctl(SB) + +GLOBL ·libc_ioctl_trampoline_addr(SB), RODATA, $4 +DATA ·libc_ioctl_trampoline_addr(SB)/4, $libc_ioctl_trampoline<>(SB) + +TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_sysctl(SB) + +GLOBL ·libc_sysctl_trampoline_addr(SB), RODATA, $4 +DATA ·libc_sysctl_trampoline_addr(SB)/4, $libc_sysctl_trampoline<>(SB) + +TEXT libc_ppoll_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_ppoll(SB) + +GLOBL ·libc_ppoll_trampoline_addr(SB), RODATA, $4 +DATA ·libc_ppoll_trampoline_addr(SB)/4, $libc_ppoll_trampoline<>(SB) + +TEXT libc_access_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_access(SB) + +GLOBL ·libc_access_trampoline_addr(SB), RODATA, $4 +DATA ·libc_access_trampoline_addr(SB)/4, $libc_access_trampoline<>(SB) + +TEXT libc_adjtime_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_adjtime(SB) + +GLOBL ·libc_adjtime_trampoline_addr(SB), RODATA, $4 +DATA ·libc_adjtime_trampoline_addr(SB)/4, $libc_adjtime_trampoline<>(SB) + +TEXT libc_chdir_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_chdir(SB) + +GLOBL ·libc_chdir_trampoline_addr(SB), RODATA, $4 +DATA ·libc_chdir_trampoline_addr(SB)/4, $libc_chdir_trampoline<>(SB) + +TEXT libc_chflags_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_chflags(SB) + +GLOBL ·libc_chflags_trampoline_addr(SB), RODATA, $4 +DATA ·libc_chflags_trampoline_addr(SB)/4, $libc_chflags_trampoline<>(SB) + +TEXT libc_chmod_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_chmod(SB) + +GLOBL ·libc_chmod_trampoline_addr(SB), RODATA, $4 +DATA ·libc_chmod_trampoline_addr(SB)/4, $libc_chmod_trampoline<>(SB) + +TEXT libc_chown_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_chown(SB) + +GLOBL ·libc_chown_trampoline_addr(SB), RODATA, $4 +DATA ·libc_chown_trampoline_addr(SB)/4, $libc_chown_trampoline<>(SB) + +TEXT libc_chroot_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_chroot(SB) + +GLOBL ·libc_chroot_trampoline_addr(SB), RODATA, $4 +DATA ·libc_chroot_trampoline_addr(SB)/4, $libc_chroot_trampoline<>(SB) + +TEXT libc_close_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_close(SB) + +GLOBL ·libc_close_trampoline_addr(SB), RODATA, $4 +DATA ·libc_close_trampoline_addr(SB)/4, $libc_close_trampoline<>(SB) + +TEXT libc_dup_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_dup(SB) + +GLOBL ·libc_dup_trampoline_addr(SB), RODATA, $4 +DATA ·libc_dup_trampoline_addr(SB)/4, $libc_dup_trampoline<>(SB) + +TEXT libc_dup2_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_dup2(SB) + +GLOBL ·libc_dup2_trampoline_addr(SB), RODATA, $4 +DATA ·libc_dup2_trampoline_addr(SB)/4, $libc_dup2_trampoline<>(SB) + +TEXT libc_dup3_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_dup3(SB) + +GLOBL ·libc_dup3_trampoline_addr(SB), RODATA, $4 +DATA ·libc_dup3_trampoline_addr(SB)/4, $libc_dup3_trampoline<>(SB) + +TEXT libc_exit_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_exit(SB) + +GLOBL ·libc_exit_trampoline_addr(SB), RODATA, $4 +DATA ·libc_exit_trampoline_addr(SB)/4, $libc_exit_trampoline<>(SB) + +TEXT libc_faccessat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_faccessat(SB) + +GLOBL ·libc_faccessat_trampoline_addr(SB), RODATA, $4 +DATA ·libc_faccessat_trampoline_addr(SB)/4, $libc_faccessat_trampoline<>(SB) + +TEXT libc_fchdir_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fchdir(SB) + +GLOBL ·libc_fchdir_trampoline_addr(SB), RODATA, $4 +DATA ·libc_fchdir_trampoline_addr(SB)/4, $libc_fchdir_trampoline<>(SB) + +TEXT libc_fchflags_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fchflags(SB) + +GLOBL ·libc_fchflags_trampoline_addr(SB), RODATA, $4 +DATA ·libc_fchflags_trampoline_addr(SB)/4, $libc_fchflags_trampoline<>(SB) + +TEXT libc_fchmod_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fchmod(SB) + +GLOBL ·libc_fchmod_trampoline_addr(SB), RODATA, $4 +DATA ·libc_fchmod_trampoline_addr(SB)/4, $libc_fchmod_trampoline<>(SB) + +TEXT libc_fchmodat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fchmodat(SB) + +GLOBL ·libc_fchmodat_trampoline_addr(SB), RODATA, $4 +DATA ·libc_fchmodat_trampoline_addr(SB)/4, $libc_fchmodat_trampoline<>(SB) + +TEXT libc_fchown_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fchown(SB) + +GLOBL ·libc_fchown_trampoline_addr(SB), RODATA, $4 +DATA ·libc_fchown_trampoline_addr(SB)/4, $libc_fchown_trampoline<>(SB) + +TEXT libc_fchownat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fchownat(SB) + +GLOBL ·libc_fchownat_trampoline_addr(SB), RODATA, $4 +DATA ·libc_fchownat_trampoline_addr(SB)/4, $libc_fchownat_trampoline<>(SB) + +TEXT libc_flock_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_flock(SB) + +GLOBL ·libc_flock_trampoline_addr(SB), RODATA, $4 +DATA ·libc_flock_trampoline_addr(SB)/4, $libc_flock_trampoline<>(SB) + +TEXT libc_fpathconf_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fpathconf(SB) + +GLOBL ·libc_fpathconf_trampoline_addr(SB), RODATA, $4 +DATA ·libc_fpathconf_trampoline_addr(SB)/4, $libc_fpathconf_trampoline<>(SB) + +TEXT libc_fstat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fstat(SB) + +GLOBL ·libc_fstat_trampoline_addr(SB), RODATA, $4 +DATA ·libc_fstat_trampoline_addr(SB)/4, $libc_fstat_trampoline<>(SB) + +TEXT libc_fstatat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fstatat(SB) + +GLOBL ·libc_fstatat_trampoline_addr(SB), RODATA, $4 +DATA ·libc_fstatat_trampoline_addr(SB)/4, $libc_fstatat_trampoline<>(SB) + +TEXT libc_fstatfs_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fstatfs(SB) + +GLOBL ·libc_fstatfs_trampoline_addr(SB), RODATA, $4 +DATA ·libc_fstatfs_trampoline_addr(SB)/4, $libc_fstatfs_trampoline<>(SB) + +TEXT libc_fsync_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fsync(SB) + +GLOBL ·libc_fsync_trampoline_addr(SB), RODATA, $4 +DATA ·libc_fsync_trampoline_addr(SB)/4, $libc_fsync_trampoline<>(SB) + +TEXT libc_ftruncate_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_ftruncate(SB) + +GLOBL ·libc_ftruncate_trampoline_addr(SB), RODATA, $4 +DATA ·libc_ftruncate_trampoline_addr(SB)/4, $libc_ftruncate_trampoline<>(SB) + +TEXT libc_getegid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getegid(SB) + +GLOBL ·libc_getegid_trampoline_addr(SB), RODATA, $4 +DATA ·libc_getegid_trampoline_addr(SB)/4, $libc_getegid_trampoline<>(SB) + +TEXT libc_geteuid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_geteuid(SB) + +GLOBL ·libc_geteuid_trampoline_addr(SB), RODATA, $4 +DATA ·libc_geteuid_trampoline_addr(SB)/4, $libc_geteuid_trampoline<>(SB) + +TEXT libc_getgid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getgid(SB) + +GLOBL ·libc_getgid_trampoline_addr(SB), RODATA, $4 +DATA ·libc_getgid_trampoline_addr(SB)/4, $libc_getgid_trampoline<>(SB) + +TEXT libc_getpgid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getpgid(SB) + +GLOBL ·libc_getpgid_trampoline_addr(SB), RODATA, $4 +DATA ·libc_getpgid_trampoline_addr(SB)/4, $libc_getpgid_trampoline<>(SB) + +TEXT libc_getpgrp_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getpgrp(SB) + +GLOBL ·libc_getpgrp_trampoline_addr(SB), RODATA, $4 +DATA ·libc_getpgrp_trampoline_addr(SB)/4, $libc_getpgrp_trampoline<>(SB) + +TEXT libc_getpid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getpid(SB) + +GLOBL ·libc_getpid_trampoline_addr(SB), RODATA, $4 +DATA ·libc_getpid_trampoline_addr(SB)/4, $libc_getpid_trampoline<>(SB) + +TEXT libc_getppid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getppid(SB) + +GLOBL ·libc_getppid_trampoline_addr(SB), RODATA, $4 +DATA ·libc_getppid_trampoline_addr(SB)/4, $libc_getppid_trampoline<>(SB) + +TEXT libc_getpriority_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getpriority(SB) + +GLOBL ·libc_getpriority_trampoline_addr(SB), RODATA, $4 +DATA ·libc_getpriority_trampoline_addr(SB)/4, $libc_getpriority_trampoline<>(SB) + +TEXT libc_getrlimit_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getrlimit(SB) + +GLOBL ·libc_getrlimit_trampoline_addr(SB), RODATA, $4 +DATA ·libc_getrlimit_trampoline_addr(SB)/4, $libc_getrlimit_trampoline<>(SB) + +TEXT libc_getrtable_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getrtable(SB) + +GLOBL ·libc_getrtable_trampoline_addr(SB), RODATA, $4 +DATA ·libc_getrtable_trampoline_addr(SB)/4, $libc_getrtable_trampoline<>(SB) + +TEXT libc_getrusage_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getrusage(SB) + +GLOBL ·libc_getrusage_trampoline_addr(SB), RODATA, $4 +DATA ·libc_getrusage_trampoline_addr(SB)/4, $libc_getrusage_trampoline<>(SB) + +TEXT libc_getsid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getsid(SB) + +GLOBL ·libc_getsid_trampoline_addr(SB), RODATA, $4 +DATA ·libc_getsid_trampoline_addr(SB)/4, $libc_getsid_trampoline<>(SB) + +TEXT libc_gettimeofday_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_gettimeofday(SB) + +GLOBL ·libc_gettimeofday_trampoline_addr(SB), RODATA, $4 +DATA ·libc_gettimeofday_trampoline_addr(SB)/4, $libc_gettimeofday_trampoline<>(SB) + +TEXT libc_getuid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getuid(SB) + +GLOBL ·libc_getuid_trampoline_addr(SB), RODATA, $4 +DATA ·libc_getuid_trampoline_addr(SB)/4, $libc_getuid_trampoline<>(SB) + +TEXT libc_issetugid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_issetugid(SB) + +GLOBL ·libc_issetugid_trampoline_addr(SB), RODATA, $4 +DATA ·libc_issetugid_trampoline_addr(SB)/4, $libc_issetugid_trampoline<>(SB) + +TEXT libc_kill_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_kill(SB) + +GLOBL ·libc_kill_trampoline_addr(SB), RODATA, $4 +DATA ·libc_kill_trampoline_addr(SB)/4, $libc_kill_trampoline<>(SB) + +TEXT libc_kqueue_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_kqueue(SB) + +GLOBL ·libc_kqueue_trampoline_addr(SB), RODATA, $4 +DATA ·libc_kqueue_trampoline_addr(SB)/4, $libc_kqueue_trampoline<>(SB) + +TEXT libc_lchown_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_lchown(SB) + +GLOBL ·libc_lchown_trampoline_addr(SB), RODATA, $4 +DATA ·libc_lchown_trampoline_addr(SB)/4, $libc_lchown_trampoline<>(SB) + +TEXT libc_link_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_link(SB) + +GLOBL ·libc_link_trampoline_addr(SB), RODATA, $4 +DATA ·libc_link_trampoline_addr(SB)/4, $libc_link_trampoline<>(SB) + +TEXT libc_linkat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_linkat(SB) + +GLOBL ·libc_linkat_trampoline_addr(SB), RODATA, $4 +DATA ·libc_linkat_trampoline_addr(SB)/4, $libc_linkat_trampoline<>(SB) + +TEXT libc_listen_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_listen(SB) + +GLOBL ·libc_listen_trampoline_addr(SB), RODATA, $4 +DATA ·libc_listen_trampoline_addr(SB)/4, $libc_listen_trampoline<>(SB) + +TEXT libc_lstat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_lstat(SB) + +GLOBL ·libc_lstat_trampoline_addr(SB), RODATA, $4 +DATA ·libc_lstat_trampoline_addr(SB)/4, $libc_lstat_trampoline<>(SB) + +TEXT libc_mkdir_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_mkdir(SB) + +GLOBL ·libc_mkdir_trampoline_addr(SB), RODATA, $4 +DATA ·libc_mkdir_trampoline_addr(SB)/4, $libc_mkdir_trampoline<>(SB) + +TEXT libc_mkdirat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_mkdirat(SB) + +GLOBL ·libc_mkdirat_trampoline_addr(SB), RODATA, $4 +DATA ·libc_mkdirat_trampoline_addr(SB)/4, $libc_mkdirat_trampoline<>(SB) + +TEXT libc_mkfifo_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_mkfifo(SB) + +GLOBL ·libc_mkfifo_trampoline_addr(SB), RODATA, $4 +DATA ·libc_mkfifo_trampoline_addr(SB)/4, $libc_mkfifo_trampoline<>(SB) + +TEXT libc_mkfifoat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_mkfifoat(SB) + +GLOBL ·libc_mkfifoat_trampoline_addr(SB), RODATA, $4 +DATA ·libc_mkfifoat_trampoline_addr(SB)/4, $libc_mkfifoat_trampoline<>(SB) + +TEXT libc_mknod_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_mknod(SB) + +GLOBL ·libc_mknod_trampoline_addr(SB), RODATA, $4 +DATA ·libc_mknod_trampoline_addr(SB)/4, $libc_mknod_trampoline<>(SB) + +TEXT libc_mknodat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_mknodat(SB) + +GLOBL ·libc_mknodat_trampoline_addr(SB), RODATA, $4 +DATA ·libc_mknodat_trampoline_addr(SB)/4, $libc_mknodat_trampoline<>(SB) + +TEXT libc_nanosleep_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_nanosleep(SB) + +GLOBL ·libc_nanosleep_trampoline_addr(SB), RODATA, $4 +DATA ·libc_nanosleep_trampoline_addr(SB)/4, $libc_nanosleep_trampoline<>(SB) + +TEXT libc_open_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_open(SB) + +GLOBL ·libc_open_trampoline_addr(SB), RODATA, $4 +DATA ·libc_open_trampoline_addr(SB)/4, $libc_open_trampoline<>(SB) + +TEXT libc_openat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_openat(SB) + +GLOBL ·libc_openat_trampoline_addr(SB), RODATA, $4 +DATA ·libc_openat_trampoline_addr(SB)/4, $libc_openat_trampoline<>(SB) + +TEXT libc_pathconf_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_pathconf(SB) + +GLOBL ·libc_pathconf_trampoline_addr(SB), RODATA, $4 +DATA ·libc_pathconf_trampoline_addr(SB)/4, $libc_pathconf_trampoline<>(SB) + +TEXT libc_pread_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_pread(SB) + +GLOBL ·libc_pread_trampoline_addr(SB), RODATA, $4 +DATA ·libc_pread_trampoline_addr(SB)/4, $libc_pread_trampoline<>(SB) + +TEXT libc_pwrite_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_pwrite(SB) + +GLOBL ·libc_pwrite_trampoline_addr(SB), RODATA, $4 +DATA ·libc_pwrite_trampoline_addr(SB)/4, $libc_pwrite_trampoline<>(SB) + +TEXT libc_read_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_read(SB) + +GLOBL ·libc_read_trampoline_addr(SB), RODATA, $4 +DATA ·libc_read_trampoline_addr(SB)/4, $libc_read_trampoline<>(SB) + +TEXT libc_readlink_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_readlink(SB) + +GLOBL ·libc_readlink_trampoline_addr(SB), RODATA, $4 +DATA ·libc_readlink_trampoline_addr(SB)/4, $libc_readlink_trampoline<>(SB) + +TEXT libc_readlinkat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_readlinkat(SB) + +GLOBL ·libc_readlinkat_trampoline_addr(SB), RODATA, $4 +DATA ·libc_readlinkat_trampoline_addr(SB)/4, $libc_readlinkat_trampoline<>(SB) + +TEXT libc_rename_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_rename(SB) + +GLOBL ·libc_rename_trampoline_addr(SB), RODATA, $4 +DATA ·libc_rename_trampoline_addr(SB)/4, $libc_rename_trampoline<>(SB) + +TEXT libc_renameat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_renameat(SB) + +GLOBL ·libc_renameat_trampoline_addr(SB), RODATA, $4 +DATA ·libc_renameat_trampoline_addr(SB)/4, $libc_renameat_trampoline<>(SB) + +TEXT libc_revoke_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_revoke(SB) + +GLOBL ·libc_revoke_trampoline_addr(SB), RODATA, $4 +DATA ·libc_revoke_trampoline_addr(SB)/4, $libc_revoke_trampoline<>(SB) + +TEXT libc_rmdir_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_rmdir(SB) + +GLOBL ·libc_rmdir_trampoline_addr(SB), RODATA, $4 +DATA ·libc_rmdir_trampoline_addr(SB)/4, $libc_rmdir_trampoline<>(SB) + +TEXT libc_lseek_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_lseek(SB) + +GLOBL ·libc_lseek_trampoline_addr(SB), RODATA, $4 +DATA ·libc_lseek_trampoline_addr(SB)/4, $libc_lseek_trampoline<>(SB) + +TEXT libc_select_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_select(SB) + +GLOBL ·libc_select_trampoline_addr(SB), RODATA, $4 +DATA ·libc_select_trampoline_addr(SB)/4, $libc_select_trampoline<>(SB) + +TEXT libc_setegid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setegid(SB) + +GLOBL ·libc_setegid_trampoline_addr(SB), RODATA, $4 +DATA ·libc_setegid_trampoline_addr(SB)/4, $libc_setegid_trampoline<>(SB) + +TEXT libc_seteuid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_seteuid(SB) + +GLOBL ·libc_seteuid_trampoline_addr(SB), RODATA, $4 +DATA ·libc_seteuid_trampoline_addr(SB)/4, $libc_seteuid_trampoline<>(SB) + +TEXT libc_setgid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setgid(SB) + +GLOBL ·libc_setgid_trampoline_addr(SB), RODATA, $4 +DATA ·libc_setgid_trampoline_addr(SB)/4, $libc_setgid_trampoline<>(SB) + +TEXT libc_setlogin_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setlogin(SB) + +GLOBL ·libc_setlogin_trampoline_addr(SB), RODATA, $4 +DATA ·libc_setlogin_trampoline_addr(SB)/4, $libc_setlogin_trampoline<>(SB) + +TEXT libc_setpgid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setpgid(SB) + +GLOBL ·libc_setpgid_trampoline_addr(SB), RODATA, $4 +DATA ·libc_setpgid_trampoline_addr(SB)/4, $libc_setpgid_trampoline<>(SB) + +TEXT libc_setpriority_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setpriority(SB) + +GLOBL ·libc_setpriority_trampoline_addr(SB), RODATA, $4 +DATA ·libc_setpriority_trampoline_addr(SB)/4, $libc_setpriority_trampoline<>(SB) + +TEXT libc_setregid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setregid(SB) + +GLOBL ·libc_setregid_trampoline_addr(SB), RODATA, $4 +DATA ·libc_setregid_trampoline_addr(SB)/4, $libc_setregid_trampoline<>(SB) + +TEXT libc_setreuid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setreuid(SB) + +GLOBL ·libc_setreuid_trampoline_addr(SB), RODATA, $4 +DATA ·libc_setreuid_trampoline_addr(SB)/4, $libc_setreuid_trampoline<>(SB) + +TEXT libc_setresgid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setresgid(SB) + +GLOBL ·libc_setresgid_trampoline_addr(SB), RODATA, $4 +DATA ·libc_setresgid_trampoline_addr(SB)/4, $libc_setresgid_trampoline<>(SB) + +TEXT libc_setresuid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setresuid(SB) + +GLOBL ·libc_setresuid_trampoline_addr(SB), RODATA, $4 +DATA ·libc_setresuid_trampoline_addr(SB)/4, $libc_setresuid_trampoline<>(SB) + +TEXT libc_setrlimit_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setrlimit(SB) + +GLOBL ·libc_setrlimit_trampoline_addr(SB), RODATA, $4 +DATA ·libc_setrlimit_trampoline_addr(SB)/4, $libc_setrlimit_trampoline<>(SB) + +TEXT libc_setrtable_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setrtable(SB) + +GLOBL ·libc_setrtable_trampoline_addr(SB), RODATA, $4 +DATA ·libc_setrtable_trampoline_addr(SB)/4, $libc_setrtable_trampoline<>(SB) + +TEXT libc_setsid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setsid(SB) + +GLOBL ·libc_setsid_trampoline_addr(SB), RODATA, $4 +DATA ·libc_setsid_trampoline_addr(SB)/4, $libc_setsid_trampoline<>(SB) + +TEXT libc_settimeofday_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_settimeofday(SB) + +GLOBL ·libc_settimeofday_trampoline_addr(SB), RODATA, $4 +DATA ·libc_settimeofday_trampoline_addr(SB)/4, $libc_settimeofday_trampoline<>(SB) + +TEXT libc_setuid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setuid(SB) + +GLOBL ·libc_setuid_trampoline_addr(SB), RODATA, $4 +DATA ·libc_setuid_trampoline_addr(SB)/4, $libc_setuid_trampoline<>(SB) + +TEXT libc_stat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_stat(SB) + +GLOBL ·libc_stat_trampoline_addr(SB), RODATA, $4 +DATA ·libc_stat_trampoline_addr(SB)/4, $libc_stat_trampoline<>(SB) + +TEXT libc_statfs_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_statfs(SB) + +GLOBL ·libc_statfs_trampoline_addr(SB), RODATA, $4 +DATA ·libc_statfs_trampoline_addr(SB)/4, $libc_statfs_trampoline<>(SB) + +TEXT libc_symlink_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_symlink(SB) + +GLOBL ·libc_symlink_trampoline_addr(SB), RODATA, $4 +DATA ·libc_symlink_trampoline_addr(SB)/4, $libc_symlink_trampoline<>(SB) + +TEXT libc_symlinkat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_symlinkat(SB) + +GLOBL ·libc_symlinkat_trampoline_addr(SB), RODATA, $4 +DATA ·libc_symlinkat_trampoline_addr(SB)/4, $libc_symlinkat_trampoline<>(SB) + +TEXT libc_sync_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_sync(SB) + +GLOBL ·libc_sync_trampoline_addr(SB), RODATA, $4 +DATA ·libc_sync_trampoline_addr(SB)/4, $libc_sync_trampoline<>(SB) + +TEXT libc_truncate_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_truncate(SB) + +GLOBL ·libc_truncate_trampoline_addr(SB), RODATA, $4 +DATA ·libc_truncate_trampoline_addr(SB)/4, $libc_truncate_trampoline<>(SB) + +TEXT libc_umask_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_umask(SB) + +GLOBL ·libc_umask_trampoline_addr(SB), RODATA, $4 +DATA ·libc_umask_trampoline_addr(SB)/4, $libc_umask_trampoline<>(SB) + +TEXT libc_unlink_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_unlink(SB) + +GLOBL ·libc_unlink_trampoline_addr(SB), RODATA, $4 +DATA ·libc_unlink_trampoline_addr(SB)/4, $libc_unlink_trampoline<>(SB) + +TEXT libc_unlinkat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_unlinkat(SB) + +GLOBL ·libc_unlinkat_trampoline_addr(SB), RODATA, $4 +DATA ·libc_unlinkat_trampoline_addr(SB)/4, $libc_unlinkat_trampoline<>(SB) + +TEXT libc_unmount_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_unmount(SB) + +GLOBL ·libc_unmount_trampoline_addr(SB), RODATA, $4 +DATA ·libc_unmount_trampoline_addr(SB)/4, $libc_unmount_trampoline<>(SB) + +TEXT libc_write_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_write(SB) + +GLOBL ·libc_write_trampoline_addr(SB), RODATA, $4 +DATA ·libc_write_trampoline_addr(SB)/4, $libc_write_trampoline<>(SB) + +TEXT libc_mmap_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_mmap(SB) + +GLOBL ·libc_mmap_trampoline_addr(SB), RODATA, $4 +DATA ·libc_mmap_trampoline_addr(SB)/4, $libc_mmap_trampoline<>(SB) + +TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_munmap(SB) + +GLOBL ·libc_munmap_trampoline_addr(SB), RODATA, $4 +DATA ·libc_munmap_trampoline_addr(SB)/4, $libc_munmap_trampoline<>(SB) + +TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_utimensat(SB) + +GLOBL ·libc_utimensat_trampoline_addr(SB), RODATA, $4 +DATA ·libc_utimensat_trampoline_addr(SB)/4, $libc_utimensat_trampoline<>(SB) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go index 04db8fa2fea..98446d2b954 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go @@ -1,4 +1,4 @@ -// go run mksyscall.go -openbsd -tags openbsd,amd64 syscall_bsd.go syscall_openbsd.go syscall_openbsd_amd64.go +// go run mksyscall.go -openbsd -libc -tags openbsd,amd64 syscall_bsd.go syscall_openbsd.go syscall_openbsd_amd64.go // Code generated by the command above; see README.md. DO NOT EDIT. //go:build openbsd && amd64 @@ -16,7 +16,7 @@ var _ syscall.Errno // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func getgroups(ngid int, gid *_Gid_t) (n int, err error) { - r0, _, e1 := RawSyscall(SYS_GETGROUPS, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0) + r0, _, e1 := syscall_rawSyscall(libc_getgroups_trampoline_addr, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -24,20 +24,28 @@ func getgroups(ngid int, gid *_Gid_t) (n int, err error) { return } +var libc_getgroups_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getgroups getgroups "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func setgroups(ngid int, gid *_Gid_t) (err error) { - _, _, e1 := RawSyscall(SYS_SETGROUPS, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0) + _, _, e1 := syscall_rawSyscall(libc_setgroups_trampoline_addr, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setgroups_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setgroups setgroups "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err error) { - r0, _, e1 := Syscall6(SYS_WAIT4, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0, 0) + r0, _, e1 := syscall_syscall6(libc_wait4_trampoline_addr, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0, 0) wpid = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -45,10 +53,14 @@ func wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err return } +var libc_wait4_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_wait4 wait4 "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) { - r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) + r0, _, e1 := syscall_syscall(libc_accept_trampoline_addr, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) fd = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -56,30 +68,42 @@ func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) { return } +var libc_accept_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_accept accept "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) { - _, _, e1 := Syscall(SYS_BIND, uintptr(s), uintptr(addr), uintptr(addrlen)) + _, _, e1 := syscall_syscall(libc_bind_trampoline_addr, uintptr(s), uintptr(addr), uintptr(addrlen)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_bind_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_bind bind "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) { - _, _, e1 := Syscall(SYS_CONNECT, uintptr(s), uintptr(addr), uintptr(addrlen)) + _, _, e1 := syscall_syscall(libc_connect_trampoline_addr, uintptr(s), uintptr(addr), uintptr(addrlen)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_connect_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_connect connect "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func socket(domain int, typ int, proto int) (fd int, err error) { - r0, _, e1 := RawSyscall(SYS_SOCKET, uintptr(domain), uintptr(typ), uintptr(proto)) + r0, _, e1 := syscall_rawSyscall(libc_socket_trampoline_addr, uintptr(domain), uintptr(typ), uintptr(proto)) fd = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -87,66 +111,94 @@ func socket(domain int, typ int, proto int) (fd int, err error) { return } +var libc_socket_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_socket socket "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) { - _, _, e1 := Syscall6(SYS_GETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0) + _, _, e1 := syscall_syscall6(libc_getsockopt_trampoline_addr, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_getsockopt_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getsockopt getsockopt "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) { - _, _, e1 := Syscall6(SYS_SETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0) + _, _, e1 := syscall_syscall6(libc_setsockopt_trampoline_addr, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setsockopt_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setsockopt setsockopt "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) { - _, _, e1 := RawSyscall(SYS_GETPEERNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) + _, _, e1 := syscall_rawSyscall(libc_getpeername_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) if e1 != 0 { err = errnoErr(e1) } return } +var libc_getpeername_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getpeername getpeername "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) { - _, _, e1 := RawSyscall(SYS_GETSOCKNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) + _, _, e1 := syscall_rawSyscall(libc_getsockname_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) if e1 != 0 { err = errnoErr(e1) } return } +var libc_getsockname_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getsockname getsockname "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Shutdown(s int, how int) (err error) { - _, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(s), uintptr(how), 0) + _, _, e1 := syscall_syscall(libc_shutdown_trampoline_addr, uintptr(s), uintptr(how), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_shutdown_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_shutdown shutdown "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) { - _, _, e1 := RawSyscall6(SYS_SOCKETPAIR, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0) + _, _, e1 := syscall_rawSyscall6(libc_socketpair_trampoline_addr, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_socketpair_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_socketpair socketpair "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) { @@ -156,7 +208,7 @@ func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Sockl } else { _p0 = unsafe.Pointer(&_zero) } - r0, _, e1 := Syscall6(SYS_RECVFROM, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen))) + r0, _, e1 := syscall_syscall6(libc_recvfrom_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen))) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -164,6 +216,10 @@ func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Sockl return } +var libc_recvfrom_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_recvfrom recvfrom "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) { @@ -173,17 +229,21 @@ func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) ( } else { _p0 = unsafe.Pointer(&_zero) } - _, _, e1 := Syscall6(SYS_SENDTO, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen)) + _, _, e1 := syscall_syscall6(libc_sendto_trampoline_addr, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_sendto_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_sendto sendto "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) { - r0, _, e1 := Syscall(SYS_RECVMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags)) + r0, _, e1 := syscall_syscall(libc_recvmsg_trampoline_addr, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags)) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -191,10 +251,14 @@ func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) { return } +var libc_recvmsg_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_recvmsg recvmsg "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) { - r0, _, e1 := Syscall(SYS_SENDMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags)) + r0, _, e1 := syscall_syscall(libc_sendmsg_trampoline_addr, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags)) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -202,10 +266,14 @@ func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) { return } +var libc_sendmsg_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_sendmsg sendmsg "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func kevent(kq int, change unsafe.Pointer, nchange int, event unsafe.Pointer, nevent int, timeout *Timespec) (n int, err error) { - r0, _, e1 := Syscall6(SYS_KEVENT, uintptr(kq), uintptr(change), uintptr(nchange), uintptr(event), uintptr(nevent), uintptr(unsafe.Pointer(timeout))) + r0, _, e1 := syscall_syscall6(libc_kevent_trampoline_addr, uintptr(kq), uintptr(change), uintptr(nchange), uintptr(event), uintptr(nevent), uintptr(unsafe.Pointer(timeout))) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -213,6 +281,10 @@ func kevent(kq int, change unsafe.Pointer, nchange int, event unsafe.Pointer, ne return } +var libc_kevent_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_kevent kevent "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func utimes(path string, timeval *[2]Timeval) (err error) { @@ -221,27 +293,35 @@ func utimes(path string, timeval *[2]Timeval) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_UTIMES, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(timeval)), 0) + _, _, e1 := syscall_syscall(libc_utimes_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(timeval)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_utimes_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_utimes utimes "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func futimes(fd int, timeval *[2]Timeval) (err error) { - _, _, e1 := Syscall(SYS_FUTIMES, uintptr(fd), uintptr(unsafe.Pointer(timeval)), 0) + _, _, e1 := syscall_syscall(libc_futimes_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(timeval)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_futimes_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_futimes futimes "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func poll(fds *PollFd, nfds int, timeout int) (n int, err error) { - r0, _, e1 := Syscall(SYS_POLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout)) + r0, _, e1 := syscall_syscall(libc_poll_trampoline_addr, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout)) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -249,6 +329,10 @@ func poll(fds *PollFd, nfds int, timeout int) (n int, err error) { return } +var libc_poll_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_poll poll "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Madvise(b []byte, behav int) (err error) { @@ -258,13 +342,17 @@ func Madvise(b []byte, behav int) (err error) { } else { _p0 = unsafe.Pointer(&_zero) } - _, _, e1 := Syscall(SYS_MADVISE, uintptr(_p0), uintptr(len(b)), uintptr(behav)) + _, _, e1 := syscall_syscall(libc_madvise_trampoline_addr, uintptr(_p0), uintptr(len(b)), uintptr(behav)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_madvise_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_madvise madvise "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Mlock(b []byte) (err error) { @@ -274,23 +362,31 @@ func Mlock(b []byte) (err error) { } else { _p0 = unsafe.Pointer(&_zero) } - _, _, e1 := Syscall(SYS_MLOCK, uintptr(_p0), uintptr(len(b)), 0) + _, _, e1 := syscall_syscall(libc_mlock_trampoline_addr, uintptr(_p0), uintptr(len(b)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_mlock_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mlock mlock "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Mlockall(flags int) (err error) { - _, _, e1 := Syscall(SYS_MLOCKALL, uintptr(flags), 0, 0) + _, _, e1 := syscall_syscall(libc_mlockall_trampoline_addr, uintptr(flags), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_mlockall_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mlockall mlockall "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Mprotect(b []byte, prot int) (err error) { @@ -300,13 +396,17 @@ func Mprotect(b []byte, prot int) (err error) { } else { _p0 = unsafe.Pointer(&_zero) } - _, _, e1 := Syscall(SYS_MPROTECT, uintptr(_p0), uintptr(len(b)), uintptr(prot)) + _, _, e1 := syscall_syscall(libc_mprotect_trampoline_addr, uintptr(_p0), uintptr(len(b)), uintptr(prot)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_mprotect_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mprotect mprotect "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Msync(b []byte, flags int) (err error) { @@ -316,13 +416,17 @@ func Msync(b []byte, flags int) (err error) { } else { _p0 = unsafe.Pointer(&_zero) } - _, _, e1 := Syscall(SYS_MSYNC, uintptr(_p0), uintptr(len(b)), uintptr(flags)) + _, _, e1 := syscall_syscall(libc_msync_trampoline_addr, uintptr(_p0), uintptr(len(b)), uintptr(flags)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_msync_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_msync msync "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Munlock(b []byte) (err error) { @@ -332,33 +436,45 @@ func Munlock(b []byte) (err error) { } else { _p0 = unsafe.Pointer(&_zero) } - _, _, e1 := Syscall(SYS_MUNLOCK, uintptr(_p0), uintptr(len(b)), 0) + _, _, e1 := syscall_syscall(libc_munlock_trampoline_addr, uintptr(_p0), uintptr(len(b)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_munlock_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_munlock munlock "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Munlockall() (err error) { - _, _, e1 := Syscall(SYS_MUNLOCKALL, 0, 0, 0) + _, _, e1 := syscall_syscall(libc_munlockall_trampoline_addr, 0, 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_munlockall_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_munlockall munlockall "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func pipe2(p *[2]_C_int, flags int) (err error) { - _, _, e1 := RawSyscall(SYS_PIPE2, uintptr(unsafe.Pointer(p)), uintptr(flags), 0) + _, _, e1 := syscall_rawSyscall(libc_pipe2_trampoline_addr, uintptr(unsafe.Pointer(p)), uintptr(flags), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_pipe2_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_pipe2 pipe2 "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getdents(fd int, buf []byte) (n int, err error) { @@ -368,7 +484,7 @@ func Getdents(fd int, buf []byte) (n int, err error) { } else { _p0 = unsafe.Pointer(&_zero) } - r0, _, e1 := Syscall(SYS_GETDENTS, uintptr(fd), uintptr(_p0), uintptr(len(buf))) + r0, _, e1 := syscall_syscall(libc_getdents_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(buf))) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -376,6 +492,10 @@ func Getdents(fd int, buf []byte) (n int, err error) { return } +var libc_getdents_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getdents getdents "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getcwd(buf []byte) (n int, err error) { @@ -385,7 +505,7 @@ func Getcwd(buf []byte) (n int, err error) { } else { _p0 = unsafe.Pointer(&_zero) } - r0, _, e1 := Syscall(SYS___GETCWD, uintptr(_p0), uintptr(len(buf)), 0) + r0, _, e1 := syscall_syscall(libc_getcwd_trampoline_addr, uintptr(_p0), uintptr(len(buf)), 0) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -393,16 +513,24 @@ func Getcwd(buf []byte) (n int, err error) { return } +var libc_getcwd_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getcwd getcwd "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func ioctl(fd int, req uint, arg uintptr) (err error) { - _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) + _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_ioctl_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_ioctl ioctl "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { @@ -412,17 +540,21 @@ func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) } else { _p0 = unsafe.Pointer(&_zero) } - _, _, e1 := Syscall6(SYS___SYSCTL, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen)) + _, _, e1 := syscall_syscall6(libc_sysctl_trampoline_addr, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_sysctl_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_sysctl sysctl "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) { - r0, _, e1 := Syscall6(SYS_PPOLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0) + r0, _, e1 := syscall_syscall6(libc_ppoll_trampoline_addr, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -430,6 +562,10 @@ func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, return } +var libc_ppoll_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_ppoll ppoll "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Access(path string, mode uint32) (err error) { @@ -438,23 +574,31 @@ func Access(path string, mode uint32) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_ACCESS, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0) + _, _, e1 := syscall_syscall(libc_access_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_access_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_access access "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Adjtime(delta *Timeval, olddelta *Timeval) (err error) { - _, _, e1 := Syscall(SYS_ADJTIME, uintptr(unsafe.Pointer(delta)), uintptr(unsafe.Pointer(olddelta)), 0) + _, _, e1 := syscall_syscall(libc_adjtime_trampoline_addr, uintptr(unsafe.Pointer(delta)), uintptr(unsafe.Pointer(olddelta)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_adjtime_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_adjtime adjtime "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Chdir(path string) (err error) { @@ -463,13 +607,17 @@ func Chdir(path string) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_CHDIR, uintptr(unsafe.Pointer(_p0)), 0, 0) + _, _, e1 := syscall_syscall(libc_chdir_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_chdir_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_chdir chdir "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Chflags(path string, flags int) (err error) { @@ -478,13 +626,17 @@ func Chflags(path string, flags int) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_CHFLAGS, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0) + _, _, e1 := syscall_syscall(libc_chflags_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_chflags_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_chflags chflags "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Chmod(path string, mode uint32) (err error) { @@ -493,13 +645,17 @@ func Chmod(path string, mode uint32) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_CHMOD, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0) + _, _, e1 := syscall_syscall(libc_chmod_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_chmod_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_chmod chmod "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Chown(path string, uid int, gid int) (err error) { @@ -508,13 +664,17 @@ func Chown(path string, uid int, gid int) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_CHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid)) + _, _, e1 := syscall_syscall(libc_chown_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_chown_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_chown chown "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Chroot(path string) (err error) { @@ -523,27 +683,35 @@ func Chroot(path string) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_CHROOT, uintptr(unsafe.Pointer(_p0)), 0, 0) + _, _, e1 := syscall_syscall(libc_chroot_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_chroot_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_chroot chroot "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Close(fd int) (err error) { - _, _, e1 := Syscall(SYS_CLOSE, uintptr(fd), 0, 0) + _, _, e1 := syscall_syscall(libc_close_trampoline_addr, uintptr(fd), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_close_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_close close "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Dup(fd int) (nfd int, err error) { - r0, _, e1 := Syscall(SYS_DUP, uintptr(fd), 0, 0) + r0, _, e1 := syscall_syscall(libc_dup_trampoline_addr, uintptr(fd), 0, 0) nfd = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -551,33 +719,49 @@ func Dup(fd int) (nfd int, err error) { return } +var libc_dup_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_dup dup "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Dup2(from int, to int) (err error) { - _, _, e1 := Syscall(SYS_DUP2, uintptr(from), uintptr(to), 0) + _, _, e1 := syscall_syscall(libc_dup2_trampoline_addr, uintptr(from), uintptr(to), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_dup2_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_dup2 dup2 "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Dup3(from int, to int, flags int) (err error) { - _, _, e1 := Syscall(SYS_DUP3, uintptr(from), uintptr(to), uintptr(flags)) + _, _, e1 := syscall_syscall(libc_dup3_trampoline_addr, uintptr(from), uintptr(to), uintptr(flags)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_dup3_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_dup3 dup3 "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Exit(code int) { - Syscall(SYS_EXIT, uintptr(code), 0, 0) + syscall_syscall(libc_exit_trampoline_addr, uintptr(code), 0, 0) return } +var libc_exit_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_exit exit "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) { @@ -586,43 +770,59 @@ func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) { if err != nil { return } - _, _, e1 := Syscall6(SYS_FACCESSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0) + _, _, e1 := syscall_syscall6(libc_faccessat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_faccessat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_faccessat faccessat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Fchdir(fd int) (err error) { - _, _, e1 := Syscall(SYS_FCHDIR, uintptr(fd), 0, 0) + _, _, e1 := syscall_syscall(libc_fchdir_trampoline_addr, uintptr(fd), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_fchdir_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fchdir fchdir "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Fchflags(fd int, flags int) (err error) { - _, _, e1 := Syscall(SYS_FCHFLAGS, uintptr(fd), uintptr(flags), 0) + _, _, e1 := syscall_syscall(libc_fchflags_trampoline_addr, uintptr(fd), uintptr(flags), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_fchflags_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fchflags fchflags "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Fchmod(fd int, mode uint32) (err error) { - _, _, e1 := Syscall(SYS_FCHMOD, uintptr(fd), uintptr(mode), 0) + _, _, e1 := syscall_syscall(libc_fchmod_trampoline_addr, uintptr(fd), uintptr(mode), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_fchmod_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fchmod fchmod "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) { @@ -631,23 +831,31 @@ func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) { if err != nil { return } - _, _, e1 := Syscall6(SYS_FCHMODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0) + _, _, e1 := syscall_syscall6(libc_fchmodat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_fchmodat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fchmodat fchmodat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Fchown(fd int, uid int, gid int) (err error) { - _, _, e1 := Syscall(SYS_FCHOWN, uintptr(fd), uintptr(uid), uintptr(gid)) + _, _, e1 := syscall_syscall(libc_fchown_trampoline_addr, uintptr(fd), uintptr(uid), uintptr(gid)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_fchown_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fchown fchown "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) { @@ -656,27 +864,35 @@ func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) { if err != nil { return } - _, _, e1 := Syscall6(SYS_FCHOWNAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0) + _, _, e1 := syscall_syscall6(libc_fchownat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_fchownat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fchownat fchownat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Flock(fd int, how int) (err error) { - _, _, e1 := Syscall(SYS_FLOCK, uintptr(fd), uintptr(how), 0) + _, _, e1 := syscall_syscall(libc_flock_trampoline_addr, uintptr(fd), uintptr(how), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_flock_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_flock flock "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Fpathconf(fd int, name int) (val int, err error) { - r0, _, e1 := Syscall(SYS_FPATHCONF, uintptr(fd), uintptr(name), 0) + r0, _, e1 := syscall_syscall(libc_fpathconf_trampoline_addr, uintptr(fd), uintptr(name), 0) val = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -684,16 +900,24 @@ func Fpathconf(fd int, name int) (val int, err error) { return } +var libc_fpathconf_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fpathconf fpathconf "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Fstat(fd int, stat *Stat_t) (err error) { - _, _, e1 := Syscall(SYS_FSTAT, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0) + _, _, e1 := syscall_syscall(libc_fstat_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_fstat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fstat fstat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) { @@ -702,71 +926,99 @@ func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) { if err != nil { return } - _, _, e1 := Syscall6(SYS_FSTATAT, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0) + _, _, e1 := syscall_syscall6(libc_fstatat_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_fstatat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fstatat fstatat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Fstatfs(fd int, stat *Statfs_t) (err error) { - _, _, e1 := Syscall(SYS_FSTATFS, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0) + _, _, e1 := syscall_syscall(libc_fstatfs_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_fstatfs_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fstatfs fstatfs "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Fsync(fd int) (err error) { - _, _, e1 := Syscall(SYS_FSYNC, uintptr(fd), 0, 0) + _, _, e1 := syscall_syscall(libc_fsync_trampoline_addr, uintptr(fd), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_fsync_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fsync fsync "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Ftruncate(fd int, length int64) (err error) { - _, _, e1 := Syscall(SYS_FTRUNCATE, uintptr(fd), 0, uintptr(length)) + _, _, e1 := syscall_syscall(libc_ftruncate_trampoline_addr, uintptr(fd), uintptr(length), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_ftruncate_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_ftruncate ftruncate "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getegid() (egid int) { - r0, _, _ := RawSyscall(SYS_GETEGID, 0, 0, 0) + r0, _, _ := syscall_rawSyscall(libc_getegid_trampoline_addr, 0, 0, 0) egid = int(r0) return } +var libc_getegid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getegid getegid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Geteuid() (uid int) { - r0, _, _ := RawSyscall(SYS_GETEUID, 0, 0, 0) + r0, _, _ := syscall_rawSyscall(libc_geteuid_trampoline_addr, 0, 0, 0) uid = int(r0) return } +var libc_geteuid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_geteuid geteuid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getgid() (gid int) { - r0, _, _ := RawSyscall(SYS_GETGID, 0, 0, 0) + r0, _, _ := syscall_rawSyscall(libc_getgid_trampoline_addr, 0, 0, 0) gid = int(r0) return } +var libc_getgid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getgid getgid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getpgid(pid int) (pgid int, err error) { - r0, _, e1 := RawSyscall(SYS_GETPGID, uintptr(pid), 0, 0) + r0, _, e1 := syscall_rawSyscall(libc_getpgid_trampoline_addr, uintptr(pid), 0, 0) pgid = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -774,34 +1026,50 @@ func Getpgid(pid int) (pgid int, err error) { return } +var libc_getpgid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getpgid getpgid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getpgrp() (pgrp int) { - r0, _, _ := RawSyscall(SYS_GETPGRP, 0, 0, 0) + r0, _, _ := syscall_rawSyscall(libc_getpgrp_trampoline_addr, 0, 0, 0) pgrp = int(r0) return } +var libc_getpgrp_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getpgrp getpgrp "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getpid() (pid int) { - r0, _, _ := RawSyscall(SYS_GETPID, 0, 0, 0) + r0, _, _ := syscall_rawSyscall(libc_getpid_trampoline_addr, 0, 0, 0) pid = int(r0) return } +var libc_getpid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getpid getpid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getppid() (ppid int) { - r0, _, _ := RawSyscall(SYS_GETPPID, 0, 0, 0) + r0, _, _ := syscall_rawSyscall(libc_getppid_trampoline_addr, 0, 0, 0) ppid = int(r0) return } +var libc_getppid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getppid getppid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getpriority(which int, who int) (prio int, err error) { - r0, _, e1 := Syscall(SYS_GETPRIORITY, uintptr(which), uintptr(who), 0) + r0, _, e1 := syscall_syscall(libc_getpriority_trampoline_addr, uintptr(which), uintptr(who), 0) prio = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -809,20 +1077,28 @@ func Getpriority(which int, who int) (prio int, err error) { return } +var libc_getpriority_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getpriority getpriority "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getrlimit(which int, lim *Rlimit) (err error) { - _, _, e1 := RawSyscall(SYS_GETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0) + _, _, e1 := syscall_rawSyscall(libc_getrlimit_trampoline_addr, uintptr(which), uintptr(unsafe.Pointer(lim)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_getrlimit_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getrlimit getrlimit "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getrtable() (rtable int, err error) { - r0, _, e1 := RawSyscall(SYS_GETRTABLE, 0, 0, 0) + r0, _, e1 := syscall_rawSyscall(libc_getrtable_trampoline_addr, 0, 0, 0) rtable = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -830,20 +1106,28 @@ func Getrtable() (rtable int, err error) { return } +var libc_getrtable_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getrtable getrtable "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getrusage(who int, rusage *Rusage) (err error) { - _, _, e1 := RawSyscall(SYS_GETRUSAGE, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0) + _, _, e1 := syscall_rawSyscall(libc_getrusage_trampoline_addr, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_getrusage_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getrusage getrusage "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getsid(pid int) (sid int, err error) { - r0, _, e1 := RawSyscall(SYS_GETSID, uintptr(pid), 0, 0) + r0, _, e1 := syscall_rawSyscall(libc_getsid_trampoline_addr, uintptr(pid), 0, 0) sid = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -851,46 +1135,66 @@ func Getsid(pid int) (sid int, err error) { return } +var libc_getsid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getsid getsid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Gettimeofday(tv *Timeval) (err error) { - _, _, e1 := RawSyscall(SYS_GETTIMEOFDAY, uintptr(unsafe.Pointer(tv)), 0, 0) + _, _, e1 := syscall_rawSyscall(libc_gettimeofday_trampoline_addr, uintptr(unsafe.Pointer(tv)), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_gettimeofday_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_gettimeofday gettimeofday "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getuid() (uid int) { - r0, _, _ := RawSyscall(SYS_GETUID, 0, 0, 0) + r0, _, _ := syscall_rawSyscall(libc_getuid_trampoline_addr, 0, 0, 0) uid = int(r0) return } +var libc_getuid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getuid getuid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Issetugid() (tainted bool) { - r0, _, _ := Syscall(SYS_ISSETUGID, 0, 0, 0) + r0, _, _ := syscall_syscall(libc_issetugid_trampoline_addr, 0, 0, 0) tainted = bool(r0 != 0) return } +var libc_issetugid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_issetugid issetugid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Kill(pid int, signum syscall.Signal) (err error) { - _, _, e1 := Syscall(SYS_KILL, uintptr(pid), uintptr(signum), 0) + _, _, e1 := syscall_syscall(libc_kill_trampoline_addr, uintptr(pid), uintptr(signum), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_kill_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_kill kill "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Kqueue() (fd int, err error) { - r0, _, e1 := Syscall(SYS_KQUEUE, 0, 0, 0) + r0, _, e1 := syscall_syscall(libc_kqueue_trampoline_addr, 0, 0, 0) fd = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -898,6 +1202,10 @@ func Kqueue() (fd int, err error) { return } +var libc_kqueue_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_kqueue kqueue "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Lchown(path string, uid int, gid int) (err error) { @@ -906,13 +1214,17 @@ func Lchown(path string, uid int, gid int) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_LCHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid)) + _, _, e1 := syscall_syscall(libc_lchown_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_lchown_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_lchown lchown "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Link(path string, link string) (err error) { @@ -926,13 +1238,17 @@ func Link(path string, link string) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0) + _, _, e1 := syscall_syscall(libc_link_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_link_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_link link "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Linkat(pathfd int, path string, linkfd int, link string, flags int) (err error) { @@ -946,23 +1262,31 @@ func Linkat(pathfd int, path string, linkfd int, link string, flags int) (err er if err != nil { return } - _, _, e1 := Syscall6(SYS_LINKAT, uintptr(pathfd), uintptr(unsafe.Pointer(_p0)), uintptr(linkfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0) + _, _, e1 := syscall_syscall6(libc_linkat_trampoline_addr, uintptr(pathfd), uintptr(unsafe.Pointer(_p0)), uintptr(linkfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_linkat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_linkat linkat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Listen(s int, backlog int) (err error) { - _, _, e1 := Syscall(SYS_LISTEN, uintptr(s), uintptr(backlog), 0) + _, _, e1 := syscall_syscall(libc_listen_trampoline_addr, uintptr(s), uintptr(backlog), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_listen_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_listen listen "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Lstat(path string, stat *Stat_t) (err error) { @@ -971,13 +1295,17 @@ func Lstat(path string, stat *Stat_t) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_LSTAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0) + _, _, e1 := syscall_syscall(libc_lstat_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_lstat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_lstat lstat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Mkdir(path string, mode uint32) (err error) { @@ -986,13 +1314,17 @@ func Mkdir(path string, mode uint32) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_MKDIR, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0) + _, _, e1 := syscall_syscall(libc_mkdir_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_mkdir_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mkdir mkdir "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Mkdirat(dirfd int, path string, mode uint32) (err error) { @@ -1001,13 +1333,17 @@ func Mkdirat(dirfd int, path string, mode uint32) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_MKDIRAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode)) + _, _, e1 := syscall_syscall(libc_mkdirat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_mkdirat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mkdirat mkdirat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Mkfifo(path string, mode uint32) (err error) { @@ -1016,13 +1352,17 @@ func Mkfifo(path string, mode uint32) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_MKFIFO, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0) + _, _, e1 := syscall_syscall(libc_mkfifo_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_mkfifo_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mkfifo mkfifo "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Mkfifoat(dirfd int, path string, mode uint32) (err error) { @@ -1031,13 +1371,17 @@ func Mkfifoat(dirfd int, path string, mode uint32) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_MKFIFOAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode)) + _, _, e1 := syscall_syscall(libc_mkfifoat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_mkfifoat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mkfifoat mkfifoat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Mknod(path string, mode uint32, dev int) (err error) { @@ -1046,13 +1390,17 @@ func Mknod(path string, mode uint32, dev int) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_MKNOD, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev)) + _, _, e1 := syscall_syscall(libc_mknod_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_mknod_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mknod mknod "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Mknodat(dirfd int, path string, mode uint32, dev int) (err error) { @@ -1061,23 +1409,31 @@ func Mknodat(dirfd int, path string, mode uint32, dev int) (err error) { if err != nil { return } - _, _, e1 := Syscall6(SYS_MKNODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0) + _, _, e1 := syscall_syscall6(libc_mknodat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_mknodat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mknodat mknodat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Nanosleep(time *Timespec, leftover *Timespec) (err error) { - _, _, e1 := Syscall(SYS_NANOSLEEP, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0) + _, _, e1 := syscall_syscall(libc_nanosleep_trampoline_addr, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_nanosleep_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_nanosleep nanosleep "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Open(path string, mode int, perm uint32) (fd int, err error) { @@ -1086,7 +1442,7 @@ func Open(path string, mode int, perm uint32) (fd int, err error) { if err != nil { return } - r0, _, e1 := Syscall(SYS_OPEN, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm)) + r0, _, e1 := syscall_syscall(libc_open_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm)) fd = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -1094,6 +1450,10 @@ func Open(path string, mode int, perm uint32) (fd int, err error) { return } +var libc_open_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_open open "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error) { @@ -1102,7 +1462,7 @@ func Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error) { if err != nil { return } - r0, _, e1 := Syscall6(SYS_OPENAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm), 0, 0) + r0, _, e1 := syscall_syscall6(libc_openat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm), 0, 0) fd = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -1110,6 +1470,10 @@ func Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error) { return } +var libc_openat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_openat openat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Pathconf(path string, name int) (val int, err error) { @@ -1118,7 +1482,7 @@ func Pathconf(path string, name int) (val int, err error) { if err != nil { return } - r0, _, e1 := Syscall(SYS_PATHCONF, uintptr(unsafe.Pointer(_p0)), uintptr(name), 0) + r0, _, e1 := syscall_syscall(libc_pathconf_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(name), 0) val = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -1126,6 +1490,10 @@ func Pathconf(path string, name int) (val int, err error) { return } +var libc_pathconf_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_pathconf pathconf "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func pread(fd int, p []byte, offset int64) (n int, err error) { @@ -1135,7 +1503,7 @@ func pread(fd int, p []byte, offset int64) (n int, err error) { } else { _p0 = unsafe.Pointer(&_zero) } - r0, _, e1 := Syscall6(SYS_PREAD, uintptr(fd), uintptr(_p0), uintptr(len(p)), 0, uintptr(offset), 0) + r0, _, e1 := syscall_syscall6(libc_pread_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -1143,6 +1511,10 @@ func pread(fd int, p []byte, offset int64) (n int, err error) { return } +var libc_pread_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_pread pread "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func pwrite(fd int, p []byte, offset int64) (n int, err error) { @@ -1152,7 +1524,7 @@ func pwrite(fd int, p []byte, offset int64) (n int, err error) { } else { _p0 = unsafe.Pointer(&_zero) } - r0, _, e1 := Syscall6(SYS_PWRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)), 0, uintptr(offset), 0) + r0, _, e1 := syscall_syscall6(libc_pwrite_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -1160,6 +1532,10 @@ func pwrite(fd int, p []byte, offset int64) (n int, err error) { return } +var libc_pwrite_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_pwrite pwrite "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func read(fd int, p []byte) (n int, err error) { @@ -1169,7 +1545,7 @@ func read(fd int, p []byte) (n int, err error) { } else { _p0 = unsafe.Pointer(&_zero) } - r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(_p0), uintptr(len(p))) + r0, _, e1 := syscall_syscall(libc_read_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(p))) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -1177,6 +1553,10 @@ func read(fd int, p []byte) (n int, err error) { return } +var libc_read_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_read read "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Readlink(path string, buf []byte) (n int, err error) { @@ -1191,7 +1571,7 @@ func Readlink(path string, buf []byte) (n int, err error) { } else { _p1 = unsafe.Pointer(&_zero) } - r0, _, e1 := Syscall(SYS_READLINK, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf))) + r0, _, e1 := syscall_syscall(libc_readlink_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf))) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -1199,6 +1579,10 @@ func Readlink(path string, buf []byte) (n int, err error) { return } +var libc_readlink_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_readlink readlink "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) { @@ -1213,7 +1597,7 @@ func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) { } else { _p1 = unsafe.Pointer(&_zero) } - r0, _, e1 := Syscall6(SYS_READLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0) + r0, _, e1 := syscall_syscall6(libc_readlinkat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -1221,6 +1605,10 @@ func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) { return } +var libc_readlinkat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_readlinkat readlinkat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Rename(from string, to string) (err error) { @@ -1234,13 +1622,17 @@ func Rename(from string, to string) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_RENAME, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0) + _, _, e1 := syscall_syscall(libc_rename_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_rename_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_rename rename "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Renameat(fromfd int, from string, tofd int, to string) (err error) { @@ -1254,13 +1646,17 @@ func Renameat(fromfd int, from string, tofd int, to string) (err error) { if err != nil { return } - _, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(fromfd), uintptr(unsafe.Pointer(_p0)), uintptr(tofd), uintptr(unsafe.Pointer(_p1)), 0, 0) + _, _, e1 := syscall_syscall6(libc_renameat_trampoline_addr, uintptr(fromfd), uintptr(unsafe.Pointer(_p0)), uintptr(tofd), uintptr(unsafe.Pointer(_p1)), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_renameat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_renameat renameat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Revoke(path string) (err error) { @@ -1269,13 +1665,17 @@ func Revoke(path string) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_REVOKE, uintptr(unsafe.Pointer(_p0)), 0, 0) + _, _, e1 := syscall_syscall(libc_revoke_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_revoke_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_revoke revoke "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Rmdir(path string) (err error) { @@ -1284,17 +1684,21 @@ func Rmdir(path string) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_RMDIR, uintptr(unsafe.Pointer(_p0)), 0, 0) + _, _, e1 := syscall_syscall(libc_rmdir_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_rmdir_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_rmdir rmdir "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Seek(fd int, offset int64, whence int) (newoffset int64, err error) { - r0, _, e1 := Syscall6(SYS_LSEEK, uintptr(fd), 0, uintptr(offset), uintptr(whence), 0, 0) + r0, _, e1 := syscall_syscall(libc_lseek_trampoline_addr, uintptr(fd), uintptr(offset), uintptr(whence)) newoffset = int64(r0) if e1 != 0 { err = errnoErr(e1) @@ -1302,10 +1706,14 @@ func Seek(fd int, offset int64, whence int) (newoffset int64, err error) { return } +var libc_lseek_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_lseek lseek "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) { - r0, _, e1 := Syscall6(SYS_SELECT, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0) + r0, _, e1 := syscall_syscall6(libc_select_trampoline_addr, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -1313,36 +1721,52 @@ func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err return } +var libc_select_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_select select "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setegid(egid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETEGID, uintptr(egid), 0, 0) + _, _, e1 := syscall_rawSyscall(libc_setegid_trampoline_addr, uintptr(egid), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setegid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setegid setegid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Seteuid(euid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETEUID, uintptr(euid), 0, 0) + _, _, e1 := syscall_rawSyscall(libc_seteuid_trampoline_addr, uintptr(euid), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_seteuid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_seteuid seteuid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setgid(gid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETGID, uintptr(gid), 0, 0) + _, _, e1 := syscall_rawSyscall(libc_setgid_trampoline_addr, uintptr(gid), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setgid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setgid setgid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setlogin(name string) (err error) { @@ -1351,97 +1775,133 @@ func Setlogin(name string) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_SETLOGIN, uintptr(unsafe.Pointer(_p0)), 0, 0) + _, _, e1 := syscall_syscall(libc_setlogin_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setlogin_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setlogin setlogin "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setpgid(pid int, pgid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETPGID, uintptr(pid), uintptr(pgid), 0) + _, _, e1 := syscall_rawSyscall(libc_setpgid_trampoline_addr, uintptr(pid), uintptr(pgid), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setpgid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setpgid setpgid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setpriority(which int, who int, prio int) (err error) { - _, _, e1 := Syscall(SYS_SETPRIORITY, uintptr(which), uintptr(who), uintptr(prio)) + _, _, e1 := syscall_syscall(libc_setpriority_trampoline_addr, uintptr(which), uintptr(who), uintptr(prio)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setpriority_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setpriority setpriority "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setregid(rgid int, egid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0) + _, _, e1 := syscall_rawSyscall(libc_setregid_trampoline_addr, uintptr(rgid), uintptr(egid), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setregid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setregid setregid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setreuid(ruid int, euid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0) + _, _, e1 := syscall_rawSyscall(libc_setreuid_trampoline_addr, uintptr(ruid), uintptr(euid), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setreuid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setreuid setreuid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setresgid(rgid int, egid int, sgid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETRESGID, uintptr(rgid), uintptr(egid), uintptr(sgid)) + _, _, e1 := syscall_rawSyscall(libc_setresgid_trampoline_addr, uintptr(rgid), uintptr(egid), uintptr(sgid)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setresgid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setresgid setresgid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setresuid(ruid int, euid int, suid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETRESUID, uintptr(ruid), uintptr(euid), uintptr(suid)) + _, _, e1 := syscall_rawSyscall(libc_setresuid_trampoline_addr, uintptr(ruid), uintptr(euid), uintptr(suid)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setresuid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setresuid setresuid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setrlimit(which int, lim *Rlimit) (err error) { - _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0) + _, _, e1 := syscall_rawSyscall(libc_setrlimit_trampoline_addr, uintptr(which), uintptr(unsafe.Pointer(lim)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setrlimit_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setrlimit setrlimit "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setrtable(rtable int) (err error) { - _, _, e1 := RawSyscall(SYS_SETRTABLE, uintptr(rtable), 0, 0) + _, _, e1 := syscall_rawSyscall(libc_setrtable_trampoline_addr, uintptr(rtable), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setrtable_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setrtable setrtable "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setsid() (pid int, err error) { - r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0) + r0, _, e1 := syscall_rawSyscall(libc_setsid_trampoline_addr, 0, 0, 0) pid = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -1449,26 +1909,38 @@ func Setsid() (pid int, err error) { return } +var libc_setsid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setsid setsid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Settimeofday(tp *Timeval) (err error) { - _, _, e1 := RawSyscall(SYS_SETTIMEOFDAY, uintptr(unsafe.Pointer(tp)), 0, 0) + _, _, e1 := syscall_rawSyscall(libc_settimeofday_trampoline_addr, uintptr(unsafe.Pointer(tp)), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_settimeofday_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_settimeofday settimeofday "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setuid(uid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETUID, uintptr(uid), 0, 0) + _, _, e1 := syscall_rawSyscall(libc_setuid_trampoline_addr, uintptr(uid), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setuid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setuid setuid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Stat(path string, stat *Stat_t) (err error) { @@ -1477,13 +1949,17 @@ func Stat(path string, stat *Stat_t) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_STAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0) + _, _, e1 := syscall_syscall(libc_stat_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_stat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_stat stat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Statfs(path string, stat *Statfs_t) (err error) { @@ -1492,13 +1968,17 @@ func Statfs(path string, stat *Statfs_t) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_STATFS, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0) + _, _, e1 := syscall_syscall(libc_statfs_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_statfs_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_statfs statfs "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Symlink(path string, link string) (err error) { @@ -1512,13 +1992,17 @@ func Symlink(path string, link string) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_SYMLINK, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0) + _, _, e1 := syscall_syscall(libc_symlink_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_symlink_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_symlink symlink "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) { @@ -1532,23 +2016,31 @@ func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_SYMLINKAT, uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1))) + _, _, e1 := syscall_syscall(libc_symlinkat_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1))) if e1 != 0 { err = errnoErr(e1) } return } +var libc_symlinkat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_symlinkat symlinkat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Sync() (err error) { - _, _, e1 := Syscall(SYS_SYNC, 0, 0, 0) + _, _, e1 := syscall_syscall(libc_sync_trampoline_addr, 0, 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_sync_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_sync sync "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Truncate(path string, length int64) (err error) { @@ -1557,21 +2049,29 @@ func Truncate(path string, length int64) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_TRUNCATE, uintptr(unsafe.Pointer(_p0)), 0, uintptr(length)) + _, _, e1 := syscall_syscall(libc_truncate_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(length), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_truncate_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_truncate truncate "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Umask(newmask int) (oldmask int) { - r0, _, _ := Syscall(SYS_UMASK, uintptr(newmask), 0, 0) + r0, _, _ := syscall_syscall(libc_umask_trampoline_addr, uintptr(newmask), 0, 0) oldmask = int(r0) return } +var libc_umask_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_umask umask "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Unlink(path string) (err error) { @@ -1580,13 +2080,17 @@ func Unlink(path string) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_UNLINK, uintptr(unsafe.Pointer(_p0)), 0, 0) + _, _, e1 := syscall_syscall(libc_unlink_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_unlink_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_unlink unlink "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Unlinkat(dirfd int, path string, flags int) (err error) { @@ -1595,13 +2099,17 @@ func Unlinkat(dirfd int, path string, flags int) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_UNLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags)) + _, _, e1 := syscall_syscall(libc_unlinkat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_unlinkat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_unlinkat unlinkat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Unmount(path string, flags int) (err error) { @@ -1610,13 +2118,17 @@ func Unmount(path string, flags int) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_UNMOUNT, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0) + _, _, e1 := syscall_syscall(libc_unmount_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_unmount_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_unmount unmount "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func write(fd int, p []byte) (n int, err error) { @@ -1626,7 +2138,7 @@ func write(fd int, p []byte) (n int, err error) { } else { _p0 = unsafe.Pointer(&_zero) } - r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(_p0), uintptr(len(p))) + r0, _, e1 := syscall_syscall(libc_write_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(p))) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -1634,10 +2146,14 @@ func write(fd int, p []byte) (n int, err error) { return } +var libc_write_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_write write "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error) { - r0, _, e1 := Syscall9(SYS_MMAP, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flag), uintptr(fd), 0, uintptr(pos), 0, 0) + r0, _, e1 := syscall_syscall6(libc_mmap_trampoline_addr, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flag), uintptr(fd), uintptr(pos)) ret = uintptr(r0) if e1 != 0 { err = errnoErr(e1) @@ -1645,20 +2161,28 @@ func mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) ( return } +var libc_mmap_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mmap mmap "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func munmap(addr uintptr, length uintptr) (err error) { - _, _, e1 := Syscall(SYS_MUNMAP, uintptr(addr), uintptr(length), 0) + _, _, e1 := syscall_syscall(libc_munmap_trampoline_addr, uintptr(addr), uintptr(length), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_munmap_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_munmap munmap "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func readlen(fd int, buf *byte, nbuf int) (n int, err error) { - r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf)) + r0, _, e1 := syscall_syscall(libc_read_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf)) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -1669,7 +2193,7 @@ func readlen(fd int, buf *byte, nbuf int) (n int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func writelen(fd int, buf *byte, nbuf int) (n int, err error) { - r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf)) + r0, _, e1 := syscall_syscall(libc_write_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf)) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -1685,9 +2209,13 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error if err != nil { return } - _, _, e1 := Syscall6(SYS_UTIMENSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), uintptr(flags), 0, 0) + _, _, e1 := syscall_syscall6(libc_utimensat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), uintptr(flags), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } + +var libc_utimensat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_utimensat utimensat "libc.so" diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s new file mode 100644 index 00000000000..243a6663ce6 --- /dev/null +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s @@ -0,0 +1,796 @@ +// go run mkasm.go openbsd amd64 +// Code generated by the command above; DO NOT EDIT. + +#include "textflag.h" + +TEXT libc_getgroups_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getgroups(SB) + +GLOBL ·libc_getgroups_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getgroups_trampoline_addr(SB)/8, $libc_getgroups_trampoline<>(SB) + +TEXT libc_setgroups_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setgroups(SB) + +GLOBL ·libc_setgroups_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setgroups_trampoline_addr(SB)/8, $libc_setgroups_trampoline<>(SB) + +TEXT libc_wait4_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_wait4(SB) + +GLOBL ·libc_wait4_trampoline_addr(SB), RODATA, $8 +DATA ·libc_wait4_trampoline_addr(SB)/8, $libc_wait4_trampoline<>(SB) + +TEXT libc_accept_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_accept(SB) + +GLOBL ·libc_accept_trampoline_addr(SB), RODATA, $8 +DATA ·libc_accept_trampoline_addr(SB)/8, $libc_accept_trampoline<>(SB) + +TEXT libc_bind_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_bind(SB) + +GLOBL ·libc_bind_trampoline_addr(SB), RODATA, $8 +DATA ·libc_bind_trampoline_addr(SB)/8, $libc_bind_trampoline<>(SB) + +TEXT libc_connect_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_connect(SB) + +GLOBL ·libc_connect_trampoline_addr(SB), RODATA, $8 +DATA ·libc_connect_trampoline_addr(SB)/8, $libc_connect_trampoline<>(SB) + +TEXT libc_socket_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_socket(SB) + +GLOBL ·libc_socket_trampoline_addr(SB), RODATA, $8 +DATA ·libc_socket_trampoline_addr(SB)/8, $libc_socket_trampoline<>(SB) + +TEXT libc_getsockopt_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getsockopt(SB) + +GLOBL ·libc_getsockopt_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getsockopt_trampoline_addr(SB)/8, $libc_getsockopt_trampoline<>(SB) + +TEXT libc_setsockopt_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setsockopt(SB) + +GLOBL ·libc_setsockopt_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setsockopt_trampoline_addr(SB)/8, $libc_setsockopt_trampoline<>(SB) + +TEXT libc_getpeername_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getpeername(SB) + +GLOBL ·libc_getpeername_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getpeername_trampoline_addr(SB)/8, $libc_getpeername_trampoline<>(SB) + +TEXT libc_getsockname_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getsockname(SB) + +GLOBL ·libc_getsockname_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getsockname_trampoline_addr(SB)/8, $libc_getsockname_trampoline<>(SB) + +TEXT libc_shutdown_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_shutdown(SB) + +GLOBL ·libc_shutdown_trampoline_addr(SB), RODATA, $8 +DATA ·libc_shutdown_trampoline_addr(SB)/8, $libc_shutdown_trampoline<>(SB) + +TEXT libc_socketpair_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_socketpair(SB) + +GLOBL ·libc_socketpair_trampoline_addr(SB), RODATA, $8 +DATA ·libc_socketpair_trampoline_addr(SB)/8, $libc_socketpair_trampoline<>(SB) + +TEXT libc_recvfrom_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_recvfrom(SB) + +GLOBL ·libc_recvfrom_trampoline_addr(SB), RODATA, $8 +DATA ·libc_recvfrom_trampoline_addr(SB)/8, $libc_recvfrom_trampoline<>(SB) + +TEXT libc_sendto_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_sendto(SB) + +GLOBL ·libc_sendto_trampoline_addr(SB), RODATA, $8 +DATA ·libc_sendto_trampoline_addr(SB)/8, $libc_sendto_trampoline<>(SB) + +TEXT libc_recvmsg_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_recvmsg(SB) + +GLOBL ·libc_recvmsg_trampoline_addr(SB), RODATA, $8 +DATA ·libc_recvmsg_trampoline_addr(SB)/8, $libc_recvmsg_trampoline<>(SB) + +TEXT libc_sendmsg_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_sendmsg(SB) + +GLOBL ·libc_sendmsg_trampoline_addr(SB), RODATA, $8 +DATA ·libc_sendmsg_trampoline_addr(SB)/8, $libc_sendmsg_trampoline<>(SB) + +TEXT libc_kevent_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_kevent(SB) + +GLOBL ·libc_kevent_trampoline_addr(SB), RODATA, $8 +DATA ·libc_kevent_trampoline_addr(SB)/8, $libc_kevent_trampoline<>(SB) + +TEXT libc_utimes_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_utimes(SB) + +GLOBL ·libc_utimes_trampoline_addr(SB), RODATA, $8 +DATA ·libc_utimes_trampoline_addr(SB)/8, $libc_utimes_trampoline<>(SB) + +TEXT libc_futimes_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_futimes(SB) + +GLOBL ·libc_futimes_trampoline_addr(SB), RODATA, $8 +DATA ·libc_futimes_trampoline_addr(SB)/8, $libc_futimes_trampoline<>(SB) + +TEXT libc_poll_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_poll(SB) + +GLOBL ·libc_poll_trampoline_addr(SB), RODATA, $8 +DATA ·libc_poll_trampoline_addr(SB)/8, $libc_poll_trampoline<>(SB) + +TEXT libc_madvise_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_madvise(SB) + +GLOBL ·libc_madvise_trampoline_addr(SB), RODATA, $8 +DATA ·libc_madvise_trampoline_addr(SB)/8, $libc_madvise_trampoline<>(SB) + +TEXT libc_mlock_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_mlock(SB) + +GLOBL ·libc_mlock_trampoline_addr(SB), RODATA, $8 +DATA ·libc_mlock_trampoline_addr(SB)/8, $libc_mlock_trampoline<>(SB) + +TEXT libc_mlockall_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_mlockall(SB) + +GLOBL ·libc_mlockall_trampoline_addr(SB), RODATA, $8 +DATA ·libc_mlockall_trampoline_addr(SB)/8, $libc_mlockall_trampoline<>(SB) + +TEXT libc_mprotect_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_mprotect(SB) + +GLOBL ·libc_mprotect_trampoline_addr(SB), RODATA, $8 +DATA ·libc_mprotect_trampoline_addr(SB)/8, $libc_mprotect_trampoline<>(SB) + +TEXT libc_msync_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_msync(SB) + +GLOBL ·libc_msync_trampoline_addr(SB), RODATA, $8 +DATA ·libc_msync_trampoline_addr(SB)/8, $libc_msync_trampoline<>(SB) + +TEXT libc_munlock_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_munlock(SB) + +GLOBL ·libc_munlock_trampoline_addr(SB), RODATA, $8 +DATA ·libc_munlock_trampoline_addr(SB)/8, $libc_munlock_trampoline<>(SB) + +TEXT libc_munlockall_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_munlockall(SB) + +GLOBL ·libc_munlockall_trampoline_addr(SB), RODATA, $8 +DATA ·libc_munlockall_trampoline_addr(SB)/8, $libc_munlockall_trampoline<>(SB) + +TEXT libc_pipe2_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_pipe2(SB) + +GLOBL ·libc_pipe2_trampoline_addr(SB), RODATA, $8 +DATA ·libc_pipe2_trampoline_addr(SB)/8, $libc_pipe2_trampoline<>(SB) + +TEXT libc_getdents_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getdents(SB) + +GLOBL ·libc_getdents_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getdents_trampoline_addr(SB)/8, $libc_getdents_trampoline<>(SB) + +TEXT libc_getcwd_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getcwd(SB) + +GLOBL ·libc_getcwd_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getcwd_trampoline_addr(SB)/8, $libc_getcwd_trampoline<>(SB) + +TEXT libc_ioctl_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_ioctl(SB) + +GLOBL ·libc_ioctl_trampoline_addr(SB), RODATA, $8 +DATA ·libc_ioctl_trampoline_addr(SB)/8, $libc_ioctl_trampoline<>(SB) + +TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_sysctl(SB) + +GLOBL ·libc_sysctl_trampoline_addr(SB), RODATA, $8 +DATA ·libc_sysctl_trampoline_addr(SB)/8, $libc_sysctl_trampoline<>(SB) + +TEXT libc_ppoll_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_ppoll(SB) + +GLOBL ·libc_ppoll_trampoline_addr(SB), RODATA, $8 +DATA ·libc_ppoll_trampoline_addr(SB)/8, $libc_ppoll_trampoline<>(SB) + +TEXT libc_access_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_access(SB) + +GLOBL ·libc_access_trampoline_addr(SB), RODATA, $8 +DATA ·libc_access_trampoline_addr(SB)/8, $libc_access_trampoline<>(SB) + +TEXT libc_adjtime_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_adjtime(SB) + +GLOBL ·libc_adjtime_trampoline_addr(SB), RODATA, $8 +DATA ·libc_adjtime_trampoline_addr(SB)/8, $libc_adjtime_trampoline<>(SB) + +TEXT libc_chdir_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_chdir(SB) + +GLOBL ·libc_chdir_trampoline_addr(SB), RODATA, $8 +DATA ·libc_chdir_trampoline_addr(SB)/8, $libc_chdir_trampoline<>(SB) + +TEXT libc_chflags_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_chflags(SB) + +GLOBL ·libc_chflags_trampoline_addr(SB), RODATA, $8 +DATA ·libc_chflags_trampoline_addr(SB)/8, $libc_chflags_trampoline<>(SB) + +TEXT libc_chmod_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_chmod(SB) + +GLOBL ·libc_chmod_trampoline_addr(SB), RODATA, $8 +DATA ·libc_chmod_trampoline_addr(SB)/8, $libc_chmod_trampoline<>(SB) + +TEXT libc_chown_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_chown(SB) + +GLOBL ·libc_chown_trampoline_addr(SB), RODATA, $8 +DATA ·libc_chown_trampoline_addr(SB)/8, $libc_chown_trampoline<>(SB) + +TEXT libc_chroot_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_chroot(SB) + +GLOBL ·libc_chroot_trampoline_addr(SB), RODATA, $8 +DATA ·libc_chroot_trampoline_addr(SB)/8, $libc_chroot_trampoline<>(SB) + +TEXT libc_close_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_close(SB) + +GLOBL ·libc_close_trampoline_addr(SB), RODATA, $8 +DATA ·libc_close_trampoline_addr(SB)/8, $libc_close_trampoline<>(SB) + +TEXT libc_dup_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_dup(SB) + +GLOBL ·libc_dup_trampoline_addr(SB), RODATA, $8 +DATA ·libc_dup_trampoline_addr(SB)/8, $libc_dup_trampoline<>(SB) + +TEXT libc_dup2_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_dup2(SB) + +GLOBL ·libc_dup2_trampoline_addr(SB), RODATA, $8 +DATA ·libc_dup2_trampoline_addr(SB)/8, $libc_dup2_trampoline<>(SB) + +TEXT libc_dup3_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_dup3(SB) + +GLOBL ·libc_dup3_trampoline_addr(SB), RODATA, $8 +DATA ·libc_dup3_trampoline_addr(SB)/8, $libc_dup3_trampoline<>(SB) + +TEXT libc_exit_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_exit(SB) + +GLOBL ·libc_exit_trampoline_addr(SB), RODATA, $8 +DATA ·libc_exit_trampoline_addr(SB)/8, $libc_exit_trampoline<>(SB) + +TEXT libc_faccessat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_faccessat(SB) + +GLOBL ·libc_faccessat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_faccessat_trampoline_addr(SB)/8, $libc_faccessat_trampoline<>(SB) + +TEXT libc_fchdir_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fchdir(SB) + +GLOBL ·libc_fchdir_trampoline_addr(SB), RODATA, $8 +DATA ·libc_fchdir_trampoline_addr(SB)/8, $libc_fchdir_trampoline<>(SB) + +TEXT libc_fchflags_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fchflags(SB) + +GLOBL ·libc_fchflags_trampoline_addr(SB), RODATA, $8 +DATA ·libc_fchflags_trampoline_addr(SB)/8, $libc_fchflags_trampoline<>(SB) + +TEXT libc_fchmod_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fchmod(SB) + +GLOBL ·libc_fchmod_trampoline_addr(SB), RODATA, $8 +DATA ·libc_fchmod_trampoline_addr(SB)/8, $libc_fchmod_trampoline<>(SB) + +TEXT libc_fchmodat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fchmodat(SB) + +GLOBL ·libc_fchmodat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_fchmodat_trampoline_addr(SB)/8, $libc_fchmodat_trampoline<>(SB) + +TEXT libc_fchown_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fchown(SB) + +GLOBL ·libc_fchown_trampoline_addr(SB), RODATA, $8 +DATA ·libc_fchown_trampoline_addr(SB)/8, $libc_fchown_trampoline<>(SB) + +TEXT libc_fchownat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fchownat(SB) + +GLOBL ·libc_fchownat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_fchownat_trampoline_addr(SB)/8, $libc_fchownat_trampoline<>(SB) + +TEXT libc_flock_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_flock(SB) + +GLOBL ·libc_flock_trampoline_addr(SB), RODATA, $8 +DATA ·libc_flock_trampoline_addr(SB)/8, $libc_flock_trampoline<>(SB) + +TEXT libc_fpathconf_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fpathconf(SB) + +GLOBL ·libc_fpathconf_trampoline_addr(SB), RODATA, $8 +DATA ·libc_fpathconf_trampoline_addr(SB)/8, $libc_fpathconf_trampoline<>(SB) + +TEXT libc_fstat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fstat(SB) + +GLOBL ·libc_fstat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_fstat_trampoline_addr(SB)/8, $libc_fstat_trampoline<>(SB) + +TEXT libc_fstatat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fstatat(SB) + +GLOBL ·libc_fstatat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_fstatat_trampoline_addr(SB)/8, $libc_fstatat_trampoline<>(SB) + +TEXT libc_fstatfs_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fstatfs(SB) + +GLOBL ·libc_fstatfs_trampoline_addr(SB), RODATA, $8 +DATA ·libc_fstatfs_trampoline_addr(SB)/8, $libc_fstatfs_trampoline<>(SB) + +TEXT libc_fsync_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fsync(SB) + +GLOBL ·libc_fsync_trampoline_addr(SB), RODATA, $8 +DATA ·libc_fsync_trampoline_addr(SB)/8, $libc_fsync_trampoline<>(SB) + +TEXT libc_ftruncate_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_ftruncate(SB) + +GLOBL ·libc_ftruncate_trampoline_addr(SB), RODATA, $8 +DATA ·libc_ftruncate_trampoline_addr(SB)/8, $libc_ftruncate_trampoline<>(SB) + +TEXT libc_getegid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getegid(SB) + +GLOBL ·libc_getegid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getegid_trampoline_addr(SB)/8, $libc_getegid_trampoline<>(SB) + +TEXT libc_geteuid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_geteuid(SB) + +GLOBL ·libc_geteuid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_geteuid_trampoline_addr(SB)/8, $libc_geteuid_trampoline<>(SB) + +TEXT libc_getgid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getgid(SB) + +GLOBL ·libc_getgid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getgid_trampoline_addr(SB)/8, $libc_getgid_trampoline<>(SB) + +TEXT libc_getpgid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getpgid(SB) + +GLOBL ·libc_getpgid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getpgid_trampoline_addr(SB)/8, $libc_getpgid_trampoline<>(SB) + +TEXT libc_getpgrp_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getpgrp(SB) + +GLOBL ·libc_getpgrp_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getpgrp_trampoline_addr(SB)/8, $libc_getpgrp_trampoline<>(SB) + +TEXT libc_getpid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getpid(SB) + +GLOBL ·libc_getpid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getpid_trampoline_addr(SB)/8, $libc_getpid_trampoline<>(SB) + +TEXT libc_getppid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getppid(SB) + +GLOBL ·libc_getppid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getppid_trampoline_addr(SB)/8, $libc_getppid_trampoline<>(SB) + +TEXT libc_getpriority_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getpriority(SB) + +GLOBL ·libc_getpriority_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getpriority_trampoline_addr(SB)/8, $libc_getpriority_trampoline<>(SB) + +TEXT libc_getrlimit_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getrlimit(SB) + +GLOBL ·libc_getrlimit_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getrlimit_trampoline_addr(SB)/8, $libc_getrlimit_trampoline<>(SB) + +TEXT libc_getrtable_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getrtable(SB) + +GLOBL ·libc_getrtable_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getrtable_trampoline_addr(SB)/8, $libc_getrtable_trampoline<>(SB) + +TEXT libc_getrusage_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getrusage(SB) + +GLOBL ·libc_getrusage_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getrusage_trampoline_addr(SB)/8, $libc_getrusage_trampoline<>(SB) + +TEXT libc_getsid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getsid(SB) + +GLOBL ·libc_getsid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getsid_trampoline_addr(SB)/8, $libc_getsid_trampoline<>(SB) + +TEXT libc_gettimeofday_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_gettimeofday(SB) + +GLOBL ·libc_gettimeofday_trampoline_addr(SB), RODATA, $8 +DATA ·libc_gettimeofday_trampoline_addr(SB)/8, $libc_gettimeofday_trampoline<>(SB) + +TEXT libc_getuid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getuid(SB) + +GLOBL ·libc_getuid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getuid_trampoline_addr(SB)/8, $libc_getuid_trampoline<>(SB) + +TEXT libc_issetugid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_issetugid(SB) + +GLOBL ·libc_issetugid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_issetugid_trampoline_addr(SB)/8, $libc_issetugid_trampoline<>(SB) + +TEXT libc_kill_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_kill(SB) + +GLOBL ·libc_kill_trampoline_addr(SB), RODATA, $8 +DATA ·libc_kill_trampoline_addr(SB)/8, $libc_kill_trampoline<>(SB) + +TEXT libc_kqueue_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_kqueue(SB) + +GLOBL ·libc_kqueue_trampoline_addr(SB), RODATA, $8 +DATA ·libc_kqueue_trampoline_addr(SB)/8, $libc_kqueue_trampoline<>(SB) + +TEXT libc_lchown_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_lchown(SB) + +GLOBL ·libc_lchown_trampoline_addr(SB), RODATA, $8 +DATA ·libc_lchown_trampoline_addr(SB)/8, $libc_lchown_trampoline<>(SB) + +TEXT libc_link_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_link(SB) + +GLOBL ·libc_link_trampoline_addr(SB), RODATA, $8 +DATA ·libc_link_trampoline_addr(SB)/8, $libc_link_trampoline<>(SB) + +TEXT libc_linkat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_linkat(SB) + +GLOBL ·libc_linkat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_linkat_trampoline_addr(SB)/8, $libc_linkat_trampoline<>(SB) + +TEXT libc_listen_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_listen(SB) + +GLOBL ·libc_listen_trampoline_addr(SB), RODATA, $8 +DATA ·libc_listen_trampoline_addr(SB)/8, $libc_listen_trampoline<>(SB) + +TEXT libc_lstat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_lstat(SB) + +GLOBL ·libc_lstat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_lstat_trampoline_addr(SB)/8, $libc_lstat_trampoline<>(SB) + +TEXT libc_mkdir_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_mkdir(SB) + +GLOBL ·libc_mkdir_trampoline_addr(SB), RODATA, $8 +DATA ·libc_mkdir_trampoline_addr(SB)/8, $libc_mkdir_trampoline<>(SB) + +TEXT libc_mkdirat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_mkdirat(SB) + +GLOBL ·libc_mkdirat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_mkdirat_trampoline_addr(SB)/8, $libc_mkdirat_trampoline<>(SB) + +TEXT libc_mkfifo_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_mkfifo(SB) + +GLOBL ·libc_mkfifo_trampoline_addr(SB), RODATA, $8 +DATA ·libc_mkfifo_trampoline_addr(SB)/8, $libc_mkfifo_trampoline<>(SB) + +TEXT libc_mkfifoat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_mkfifoat(SB) + +GLOBL ·libc_mkfifoat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_mkfifoat_trampoline_addr(SB)/8, $libc_mkfifoat_trampoline<>(SB) + +TEXT libc_mknod_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_mknod(SB) + +GLOBL ·libc_mknod_trampoline_addr(SB), RODATA, $8 +DATA ·libc_mknod_trampoline_addr(SB)/8, $libc_mknod_trampoline<>(SB) + +TEXT libc_mknodat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_mknodat(SB) + +GLOBL ·libc_mknodat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_mknodat_trampoline_addr(SB)/8, $libc_mknodat_trampoline<>(SB) + +TEXT libc_nanosleep_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_nanosleep(SB) + +GLOBL ·libc_nanosleep_trampoline_addr(SB), RODATA, $8 +DATA ·libc_nanosleep_trampoline_addr(SB)/8, $libc_nanosleep_trampoline<>(SB) + +TEXT libc_open_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_open(SB) + +GLOBL ·libc_open_trampoline_addr(SB), RODATA, $8 +DATA ·libc_open_trampoline_addr(SB)/8, $libc_open_trampoline<>(SB) + +TEXT libc_openat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_openat(SB) + +GLOBL ·libc_openat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_openat_trampoline_addr(SB)/8, $libc_openat_trampoline<>(SB) + +TEXT libc_pathconf_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_pathconf(SB) + +GLOBL ·libc_pathconf_trampoline_addr(SB), RODATA, $8 +DATA ·libc_pathconf_trampoline_addr(SB)/8, $libc_pathconf_trampoline<>(SB) + +TEXT libc_pread_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_pread(SB) + +GLOBL ·libc_pread_trampoline_addr(SB), RODATA, $8 +DATA ·libc_pread_trampoline_addr(SB)/8, $libc_pread_trampoline<>(SB) + +TEXT libc_pwrite_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_pwrite(SB) + +GLOBL ·libc_pwrite_trampoline_addr(SB), RODATA, $8 +DATA ·libc_pwrite_trampoline_addr(SB)/8, $libc_pwrite_trampoline<>(SB) + +TEXT libc_read_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_read(SB) + +GLOBL ·libc_read_trampoline_addr(SB), RODATA, $8 +DATA ·libc_read_trampoline_addr(SB)/8, $libc_read_trampoline<>(SB) + +TEXT libc_readlink_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_readlink(SB) + +GLOBL ·libc_readlink_trampoline_addr(SB), RODATA, $8 +DATA ·libc_readlink_trampoline_addr(SB)/8, $libc_readlink_trampoline<>(SB) + +TEXT libc_readlinkat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_readlinkat(SB) + +GLOBL ·libc_readlinkat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_readlinkat_trampoline_addr(SB)/8, $libc_readlinkat_trampoline<>(SB) + +TEXT libc_rename_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_rename(SB) + +GLOBL ·libc_rename_trampoline_addr(SB), RODATA, $8 +DATA ·libc_rename_trampoline_addr(SB)/8, $libc_rename_trampoline<>(SB) + +TEXT libc_renameat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_renameat(SB) + +GLOBL ·libc_renameat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_renameat_trampoline_addr(SB)/8, $libc_renameat_trampoline<>(SB) + +TEXT libc_revoke_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_revoke(SB) + +GLOBL ·libc_revoke_trampoline_addr(SB), RODATA, $8 +DATA ·libc_revoke_trampoline_addr(SB)/8, $libc_revoke_trampoline<>(SB) + +TEXT libc_rmdir_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_rmdir(SB) + +GLOBL ·libc_rmdir_trampoline_addr(SB), RODATA, $8 +DATA ·libc_rmdir_trampoline_addr(SB)/8, $libc_rmdir_trampoline<>(SB) + +TEXT libc_lseek_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_lseek(SB) + +GLOBL ·libc_lseek_trampoline_addr(SB), RODATA, $8 +DATA ·libc_lseek_trampoline_addr(SB)/8, $libc_lseek_trampoline<>(SB) + +TEXT libc_select_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_select(SB) + +GLOBL ·libc_select_trampoline_addr(SB), RODATA, $8 +DATA ·libc_select_trampoline_addr(SB)/8, $libc_select_trampoline<>(SB) + +TEXT libc_setegid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setegid(SB) + +GLOBL ·libc_setegid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setegid_trampoline_addr(SB)/8, $libc_setegid_trampoline<>(SB) + +TEXT libc_seteuid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_seteuid(SB) + +GLOBL ·libc_seteuid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_seteuid_trampoline_addr(SB)/8, $libc_seteuid_trampoline<>(SB) + +TEXT libc_setgid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setgid(SB) + +GLOBL ·libc_setgid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setgid_trampoline_addr(SB)/8, $libc_setgid_trampoline<>(SB) + +TEXT libc_setlogin_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setlogin(SB) + +GLOBL ·libc_setlogin_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setlogin_trampoline_addr(SB)/8, $libc_setlogin_trampoline<>(SB) + +TEXT libc_setpgid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setpgid(SB) + +GLOBL ·libc_setpgid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setpgid_trampoline_addr(SB)/8, $libc_setpgid_trampoline<>(SB) + +TEXT libc_setpriority_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setpriority(SB) + +GLOBL ·libc_setpriority_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setpriority_trampoline_addr(SB)/8, $libc_setpriority_trampoline<>(SB) + +TEXT libc_setregid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setregid(SB) + +GLOBL ·libc_setregid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setregid_trampoline_addr(SB)/8, $libc_setregid_trampoline<>(SB) + +TEXT libc_setreuid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setreuid(SB) + +GLOBL ·libc_setreuid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setreuid_trampoline_addr(SB)/8, $libc_setreuid_trampoline<>(SB) + +TEXT libc_setresgid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setresgid(SB) + +GLOBL ·libc_setresgid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setresgid_trampoline_addr(SB)/8, $libc_setresgid_trampoline<>(SB) + +TEXT libc_setresuid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setresuid(SB) + +GLOBL ·libc_setresuid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setresuid_trampoline_addr(SB)/8, $libc_setresuid_trampoline<>(SB) + +TEXT libc_setrlimit_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setrlimit(SB) + +GLOBL ·libc_setrlimit_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setrlimit_trampoline_addr(SB)/8, $libc_setrlimit_trampoline<>(SB) + +TEXT libc_setrtable_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setrtable(SB) + +GLOBL ·libc_setrtable_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setrtable_trampoline_addr(SB)/8, $libc_setrtable_trampoline<>(SB) + +TEXT libc_setsid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setsid(SB) + +GLOBL ·libc_setsid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setsid_trampoline_addr(SB)/8, $libc_setsid_trampoline<>(SB) + +TEXT libc_settimeofday_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_settimeofday(SB) + +GLOBL ·libc_settimeofday_trampoline_addr(SB), RODATA, $8 +DATA ·libc_settimeofday_trampoline_addr(SB)/8, $libc_settimeofday_trampoline<>(SB) + +TEXT libc_setuid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setuid(SB) + +GLOBL ·libc_setuid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setuid_trampoline_addr(SB)/8, $libc_setuid_trampoline<>(SB) + +TEXT libc_stat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_stat(SB) + +GLOBL ·libc_stat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_stat_trampoline_addr(SB)/8, $libc_stat_trampoline<>(SB) + +TEXT libc_statfs_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_statfs(SB) + +GLOBL ·libc_statfs_trampoline_addr(SB), RODATA, $8 +DATA ·libc_statfs_trampoline_addr(SB)/8, $libc_statfs_trampoline<>(SB) + +TEXT libc_symlink_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_symlink(SB) + +GLOBL ·libc_symlink_trampoline_addr(SB), RODATA, $8 +DATA ·libc_symlink_trampoline_addr(SB)/8, $libc_symlink_trampoline<>(SB) + +TEXT libc_symlinkat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_symlinkat(SB) + +GLOBL ·libc_symlinkat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_symlinkat_trampoline_addr(SB)/8, $libc_symlinkat_trampoline<>(SB) + +TEXT libc_sync_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_sync(SB) + +GLOBL ·libc_sync_trampoline_addr(SB), RODATA, $8 +DATA ·libc_sync_trampoline_addr(SB)/8, $libc_sync_trampoline<>(SB) + +TEXT libc_truncate_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_truncate(SB) + +GLOBL ·libc_truncate_trampoline_addr(SB), RODATA, $8 +DATA ·libc_truncate_trampoline_addr(SB)/8, $libc_truncate_trampoline<>(SB) + +TEXT libc_umask_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_umask(SB) + +GLOBL ·libc_umask_trampoline_addr(SB), RODATA, $8 +DATA ·libc_umask_trampoline_addr(SB)/8, $libc_umask_trampoline<>(SB) + +TEXT libc_unlink_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_unlink(SB) + +GLOBL ·libc_unlink_trampoline_addr(SB), RODATA, $8 +DATA ·libc_unlink_trampoline_addr(SB)/8, $libc_unlink_trampoline<>(SB) + +TEXT libc_unlinkat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_unlinkat(SB) + +GLOBL ·libc_unlinkat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_unlinkat_trampoline_addr(SB)/8, $libc_unlinkat_trampoline<>(SB) + +TEXT libc_unmount_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_unmount(SB) + +GLOBL ·libc_unmount_trampoline_addr(SB), RODATA, $8 +DATA ·libc_unmount_trampoline_addr(SB)/8, $libc_unmount_trampoline<>(SB) + +TEXT libc_write_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_write(SB) + +GLOBL ·libc_write_trampoline_addr(SB), RODATA, $8 +DATA ·libc_write_trampoline_addr(SB)/8, $libc_write_trampoline<>(SB) + +TEXT libc_mmap_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_mmap(SB) + +GLOBL ·libc_mmap_trampoline_addr(SB), RODATA, $8 +DATA ·libc_mmap_trampoline_addr(SB)/8, $libc_mmap_trampoline<>(SB) + +TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_munmap(SB) + +GLOBL ·libc_munmap_trampoline_addr(SB), RODATA, $8 +DATA ·libc_munmap_trampoline_addr(SB)/8, $libc_munmap_trampoline<>(SB) + +TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_utimensat(SB) + +GLOBL ·libc_utimensat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_utimensat_trampoline_addr(SB)/8, $libc_utimensat_trampoline<>(SB) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go index 69f80300674..8da6791d1e3 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go @@ -1,4 +1,4 @@ -// go run mksyscall.go -l32 -openbsd -arm -tags openbsd,arm syscall_bsd.go syscall_openbsd.go syscall_openbsd_arm.go +// go run mksyscall.go -l32 -openbsd -arm -libc -tags openbsd,arm syscall_bsd.go syscall_openbsd.go syscall_openbsd_arm.go // Code generated by the command above; see README.md. DO NOT EDIT. //go:build openbsd && arm @@ -16,7 +16,7 @@ var _ syscall.Errno // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func getgroups(ngid int, gid *_Gid_t) (n int, err error) { - r0, _, e1 := RawSyscall(SYS_GETGROUPS, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0) + r0, _, e1 := syscall_rawSyscall(libc_getgroups_trampoline_addr, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -24,20 +24,28 @@ func getgroups(ngid int, gid *_Gid_t) (n int, err error) { return } +var libc_getgroups_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getgroups getgroups "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func setgroups(ngid int, gid *_Gid_t) (err error) { - _, _, e1 := RawSyscall(SYS_SETGROUPS, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0) + _, _, e1 := syscall_rawSyscall(libc_setgroups_trampoline_addr, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setgroups_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setgroups setgroups "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err error) { - r0, _, e1 := Syscall6(SYS_WAIT4, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0, 0) + r0, _, e1 := syscall_syscall6(libc_wait4_trampoline_addr, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0, 0) wpid = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -45,10 +53,14 @@ func wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err return } +var libc_wait4_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_wait4 wait4 "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) { - r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) + r0, _, e1 := syscall_syscall(libc_accept_trampoline_addr, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) fd = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -56,30 +68,42 @@ func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) { return } +var libc_accept_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_accept accept "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) { - _, _, e1 := Syscall(SYS_BIND, uintptr(s), uintptr(addr), uintptr(addrlen)) + _, _, e1 := syscall_syscall(libc_bind_trampoline_addr, uintptr(s), uintptr(addr), uintptr(addrlen)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_bind_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_bind bind "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) { - _, _, e1 := Syscall(SYS_CONNECT, uintptr(s), uintptr(addr), uintptr(addrlen)) + _, _, e1 := syscall_syscall(libc_connect_trampoline_addr, uintptr(s), uintptr(addr), uintptr(addrlen)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_connect_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_connect connect "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func socket(domain int, typ int, proto int) (fd int, err error) { - r0, _, e1 := RawSyscall(SYS_SOCKET, uintptr(domain), uintptr(typ), uintptr(proto)) + r0, _, e1 := syscall_rawSyscall(libc_socket_trampoline_addr, uintptr(domain), uintptr(typ), uintptr(proto)) fd = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -87,66 +111,94 @@ func socket(domain int, typ int, proto int) (fd int, err error) { return } +var libc_socket_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_socket socket "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) { - _, _, e1 := Syscall6(SYS_GETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0) + _, _, e1 := syscall_syscall6(libc_getsockopt_trampoline_addr, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_getsockopt_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getsockopt getsockopt "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) { - _, _, e1 := Syscall6(SYS_SETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0) + _, _, e1 := syscall_syscall6(libc_setsockopt_trampoline_addr, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setsockopt_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setsockopt setsockopt "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) { - _, _, e1 := RawSyscall(SYS_GETPEERNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) + _, _, e1 := syscall_rawSyscall(libc_getpeername_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) if e1 != 0 { err = errnoErr(e1) } return } +var libc_getpeername_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getpeername getpeername "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) { - _, _, e1 := RawSyscall(SYS_GETSOCKNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) + _, _, e1 := syscall_rawSyscall(libc_getsockname_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) if e1 != 0 { err = errnoErr(e1) } return } +var libc_getsockname_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getsockname getsockname "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Shutdown(s int, how int) (err error) { - _, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(s), uintptr(how), 0) + _, _, e1 := syscall_syscall(libc_shutdown_trampoline_addr, uintptr(s), uintptr(how), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_shutdown_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_shutdown shutdown "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) { - _, _, e1 := RawSyscall6(SYS_SOCKETPAIR, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0) + _, _, e1 := syscall_rawSyscall6(libc_socketpair_trampoline_addr, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_socketpair_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_socketpair socketpair "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) { @@ -156,7 +208,7 @@ func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Sockl } else { _p0 = unsafe.Pointer(&_zero) } - r0, _, e1 := Syscall6(SYS_RECVFROM, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen))) + r0, _, e1 := syscall_syscall6(libc_recvfrom_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen))) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -164,6 +216,10 @@ func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Sockl return } +var libc_recvfrom_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_recvfrom recvfrom "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) { @@ -173,17 +229,21 @@ func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) ( } else { _p0 = unsafe.Pointer(&_zero) } - _, _, e1 := Syscall6(SYS_SENDTO, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen)) + _, _, e1 := syscall_syscall6(libc_sendto_trampoline_addr, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_sendto_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_sendto sendto "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) { - r0, _, e1 := Syscall(SYS_RECVMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags)) + r0, _, e1 := syscall_syscall(libc_recvmsg_trampoline_addr, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags)) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -191,10 +251,14 @@ func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) { return } +var libc_recvmsg_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_recvmsg recvmsg "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) { - r0, _, e1 := Syscall(SYS_SENDMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags)) + r0, _, e1 := syscall_syscall(libc_sendmsg_trampoline_addr, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags)) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -202,10 +266,14 @@ func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) { return } +var libc_sendmsg_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_sendmsg sendmsg "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func kevent(kq int, change unsafe.Pointer, nchange int, event unsafe.Pointer, nevent int, timeout *Timespec) (n int, err error) { - r0, _, e1 := Syscall6(SYS_KEVENT, uintptr(kq), uintptr(change), uintptr(nchange), uintptr(event), uintptr(nevent), uintptr(unsafe.Pointer(timeout))) + r0, _, e1 := syscall_syscall6(libc_kevent_trampoline_addr, uintptr(kq), uintptr(change), uintptr(nchange), uintptr(event), uintptr(nevent), uintptr(unsafe.Pointer(timeout))) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -213,6 +281,10 @@ func kevent(kq int, change unsafe.Pointer, nchange int, event unsafe.Pointer, ne return } +var libc_kevent_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_kevent kevent "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func utimes(path string, timeval *[2]Timeval) (err error) { @@ -221,27 +293,35 @@ func utimes(path string, timeval *[2]Timeval) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_UTIMES, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(timeval)), 0) + _, _, e1 := syscall_syscall(libc_utimes_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(timeval)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_utimes_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_utimes utimes "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func futimes(fd int, timeval *[2]Timeval) (err error) { - _, _, e1 := Syscall(SYS_FUTIMES, uintptr(fd), uintptr(unsafe.Pointer(timeval)), 0) + _, _, e1 := syscall_syscall(libc_futimes_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(timeval)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_futimes_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_futimes futimes "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func poll(fds *PollFd, nfds int, timeout int) (n int, err error) { - r0, _, e1 := Syscall(SYS_POLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout)) + r0, _, e1 := syscall_syscall(libc_poll_trampoline_addr, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout)) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -249,6 +329,10 @@ func poll(fds *PollFd, nfds int, timeout int) (n int, err error) { return } +var libc_poll_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_poll poll "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Madvise(b []byte, behav int) (err error) { @@ -258,13 +342,17 @@ func Madvise(b []byte, behav int) (err error) { } else { _p0 = unsafe.Pointer(&_zero) } - _, _, e1 := Syscall(SYS_MADVISE, uintptr(_p0), uintptr(len(b)), uintptr(behav)) + _, _, e1 := syscall_syscall(libc_madvise_trampoline_addr, uintptr(_p0), uintptr(len(b)), uintptr(behav)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_madvise_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_madvise madvise "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Mlock(b []byte) (err error) { @@ -274,23 +362,31 @@ func Mlock(b []byte) (err error) { } else { _p0 = unsafe.Pointer(&_zero) } - _, _, e1 := Syscall(SYS_MLOCK, uintptr(_p0), uintptr(len(b)), 0) + _, _, e1 := syscall_syscall(libc_mlock_trampoline_addr, uintptr(_p0), uintptr(len(b)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_mlock_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mlock mlock "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Mlockall(flags int) (err error) { - _, _, e1 := Syscall(SYS_MLOCKALL, uintptr(flags), 0, 0) + _, _, e1 := syscall_syscall(libc_mlockall_trampoline_addr, uintptr(flags), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_mlockall_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mlockall mlockall "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Mprotect(b []byte, prot int) (err error) { @@ -300,13 +396,17 @@ func Mprotect(b []byte, prot int) (err error) { } else { _p0 = unsafe.Pointer(&_zero) } - _, _, e1 := Syscall(SYS_MPROTECT, uintptr(_p0), uintptr(len(b)), uintptr(prot)) + _, _, e1 := syscall_syscall(libc_mprotect_trampoline_addr, uintptr(_p0), uintptr(len(b)), uintptr(prot)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_mprotect_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mprotect mprotect "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Msync(b []byte, flags int) (err error) { @@ -316,13 +416,17 @@ func Msync(b []byte, flags int) (err error) { } else { _p0 = unsafe.Pointer(&_zero) } - _, _, e1 := Syscall(SYS_MSYNC, uintptr(_p0), uintptr(len(b)), uintptr(flags)) + _, _, e1 := syscall_syscall(libc_msync_trampoline_addr, uintptr(_p0), uintptr(len(b)), uintptr(flags)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_msync_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_msync msync "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Munlock(b []byte) (err error) { @@ -332,33 +436,45 @@ func Munlock(b []byte) (err error) { } else { _p0 = unsafe.Pointer(&_zero) } - _, _, e1 := Syscall(SYS_MUNLOCK, uintptr(_p0), uintptr(len(b)), 0) + _, _, e1 := syscall_syscall(libc_munlock_trampoline_addr, uintptr(_p0), uintptr(len(b)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_munlock_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_munlock munlock "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Munlockall() (err error) { - _, _, e1 := Syscall(SYS_MUNLOCKALL, 0, 0, 0) + _, _, e1 := syscall_syscall(libc_munlockall_trampoline_addr, 0, 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_munlockall_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_munlockall munlockall "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func pipe2(p *[2]_C_int, flags int) (err error) { - _, _, e1 := RawSyscall(SYS_PIPE2, uintptr(unsafe.Pointer(p)), uintptr(flags), 0) + _, _, e1 := syscall_rawSyscall(libc_pipe2_trampoline_addr, uintptr(unsafe.Pointer(p)), uintptr(flags), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_pipe2_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_pipe2 pipe2 "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getdents(fd int, buf []byte) (n int, err error) { @@ -368,7 +484,7 @@ func Getdents(fd int, buf []byte) (n int, err error) { } else { _p0 = unsafe.Pointer(&_zero) } - r0, _, e1 := Syscall(SYS_GETDENTS, uintptr(fd), uintptr(_p0), uintptr(len(buf))) + r0, _, e1 := syscall_syscall(libc_getdents_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(buf))) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -376,6 +492,10 @@ func Getdents(fd int, buf []byte) (n int, err error) { return } +var libc_getdents_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getdents getdents "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getcwd(buf []byte) (n int, err error) { @@ -385,7 +505,7 @@ func Getcwd(buf []byte) (n int, err error) { } else { _p0 = unsafe.Pointer(&_zero) } - r0, _, e1 := Syscall(SYS___GETCWD, uintptr(_p0), uintptr(len(buf)), 0) + r0, _, e1 := syscall_syscall(libc_getcwd_trampoline_addr, uintptr(_p0), uintptr(len(buf)), 0) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -393,16 +513,24 @@ func Getcwd(buf []byte) (n int, err error) { return } +var libc_getcwd_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getcwd getcwd "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func ioctl(fd int, req uint, arg uintptr) (err error) { - _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) + _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_ioctl_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_ioctl ioctl "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { @@ -412,17 +540,21 @@ func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) } else { _p0 = unsafe.Pointer(&_zero) } - _, _, e1 := Syscall6(SYS___SYSCTL, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen)) + _, _, e1 := syscall_syscall6(libc_sysctl_trampoline_addr, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_sysctl_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_sysctl sysctl "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) { - r0, _, e1 := Syscall6(SYS_PPOLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0) + r0, _, e1 := syscall_syscall6(libc_ppoll_trampoline_addr, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -430,6 +562,10 @@ func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, return } +var libc_ppoll_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_ppoll ppoll "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Access(path string, mode uint32) (err error) { @@ -438,23 +574,31 @@ func Access(path string, mode uint32) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_ACCESS, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0) + _, _, e1 := syscall_syscall(libc_access_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_access_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_access access "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Adjtime(delta *Timeval, olddelta *Timeval) (err error) { - _, _, e1 := Syscall(SYS_ADJTIME, uintptr(unsafe.Pointer(delta)), uintptr(unsafe.Pointer(olddelta)), 0) + _, _, e1 := syscall_syscall(libc_adjtime_trampoline_addr, uintptr(unsafe.Pointer(delta)), uintptr(unsafe.Pointer(olddelta)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_adjtime_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_adjtime adjtime "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Chdir(path string) (err error) { @@ -463,13 +607,17 @@ func Chdir(path string) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_CHDIR, uintptr(unsafe.Pointer(_p0)), 0, 0) + _, _, e1 := syscall_syscall(libc_chdir_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_chdir_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_chdir chdir "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Chflags(path string, flags int) (err error) { @@ -478,13 +626,17 @@ func Chflags(path string, flags int) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_CHFLAGS, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0) + _, _, e1 := syscall_syscall(libc_chflags_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_chflags_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_chflags chflags "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Chmod(path string, mode uint32) (err error) { @@ -493,13 +645,17 @@ func Chmod(path string, mode uint32) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_CHMOD, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0) + _, _, e1 := syscall_syscall(libc_chmod_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_chmod_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_chmod chmod "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Chown(path string, uid int, gid int) (err error) { @@ -508,13 +664,17 @@ func Chown(path string, uid int, gid int) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_CHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid)) + _, _, e1 := syscall_syscall(libc_chown_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_chown_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_chown chown "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Chroot(path string) (err error) { @@ -523,27 +683,35 @@ func Chroot(path string) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_CHROOT, uintptr(unsafe.Pointer(_p0)), 0, 0) + _, _, e1 := syscall_syscall(libc_chroot_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_chroot_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_chroot chroot "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Close(fd int) (err error) { - _, _, e1 := Syscall(SYS_CLOSE, uintptr(fd), 0, 0) + _, _, e1 := syscall_syscall(libc_close_trampoline_addr, uintptr(fd), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_close_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_close close "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Dup(fd int) (nfd int, err error) { - r0, _, e1 := Syscall(SYS_DUP, uintptr(fd), 0, 0) + r0, _, e1 := syscall_syscall(libc_dup_trampoline_addr, uintptr(fd), 0, 0) nfd = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -551,33 +719,49 @@ func Dup(fd int) (nfd int, err error) { return } +var libc_dup_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_dup dup "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Dup2(from int, to int) (err error) { - _, _, e1 := Syscall(SYS_DUP2, uintptr(from), uintptr(to), 0) + _, _, e1 := syscall_syscall(libc_dup2_trampoline_addr, uintptr(from), uintptr(to), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_dup2_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_dup2 dup2 "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Dup3(from int, to int, flags int) (err error) { - _, _, e1 := Syscall(SYS_DUP3, uintptr(from), uintptr(to), uintptr(flags)) + _, _, e1 := syscall_syscall(libc_dup3_trampoline_addr, uintptr(from), uintptr(to), uintptr(flags)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_dup3_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_dup3 dup3 "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Exit(code int) { - Syscall(SYS_EXIT, uintptr(code), 0, 0) + syscall_syscall(libc_exit_trampoline_addr, uintptr(code), 0, 0) return } +var libc_exit_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_exit exit "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) { @@ -586,43 +770,59 @@ func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) { if err != nil { return } - _, _, e1 := Syscall6(SYS_FACCESSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0) + _, _, e1 := syscall_syscall6(libc_faccessat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_faccessat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_faccessat faccessat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Fchdir(fd int) (err error) { - _, _, e1 := Syscall(SYS_FCHDIR, uintptr(fd), 0, 0) + _, _, e1 := syscall_syscall(libc_fchdir_trampoline_addr, uintptr(fd), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_fchdir_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fchdir fchdir "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Fchflags(fd int, flags int) (err error) { - _, _, e1 := Syscall(SYS_FCHFLAGS, uintptr(fd), uintptr(flags), 0) + _, _, e1 := syscall_syscall(libc_fchflags_trampoline_addr, uintptr(fd), uintptr(flags), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_fchflags_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fchflags fchflags "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Fchmod(fd int, mode uint32) (err error) { - _, _, e1 := Syscall(SYS_FCHMOD, uintptr(fd), uintptr(mode), 0) + _, _, e1 := syscall_syscall(libc_fchmod_trampoline_addr, uintptr(fd), uintptr(mode), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_fchmod_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fchmod fchmod "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) { @@ -631,23 +831,31 @@ func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) { if err != nil { return } - _, _, e1 := Syscall6(SYS_FCHMODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0) + _, _, e1 := syscall_syscall6(libc_fchmodat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_fchmodat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fchmodat fchmodat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Fchown(fd int, uid int, gid int) (err error) { - _, _, e1 := Syscall(SYS_FCHOWN, uintptr(fd), uintptr(uid), uintptr(gid)) + _, _, e1 := syscall_syscall(libc_fchown_trampoline_addr, uintptr(fd), uintptr(uid), uintptr(gid)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_fchown_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fchown fchown "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) { @@ -656,27 +864,35 @@ func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) { if err != nil { return } - _, _, e1 := Syscall6(SYS_FCHOWNAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0) + _, _, e1 := syscall_syscall6(libc_fchownat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_fchownat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fchownat fchownat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Flock(fd int, how int) (err error) { - _, _, e1 := Syscall(SYS_FLOCK, uintptr(fd), uintptr(how), 0) + _, _, e1 := syscall_syscall(libc_flock_trampoline_addr, uintptr(fd), uintptr(how), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_flock_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_flock flock "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Fpathconf(fd int, name int) (val int, err error) { - r0, _, e1 := Syscall(SYS_FPATHCONF, uintptr(fd), uintptr(name), 0) + r0, _, e1 := syscall_syscall(libc_fpathconf_trampoline_addr, uintptr(fd), uintptr(name), 0) val = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -684,16 +900,24 @@ func Fpathconf(fd int, name int) (val int, err error) { return } +var libc_fpathconf_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fpathconf fpathconf "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Fstat(fd int, stat *Stat_t) (err error) { - _, _, e1 := Syscall(SYS_FSTAT, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0) + _, _, e1 := syscall_syscall(libc_fstat_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_fstat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fstat fstat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) { @@ -702,71 +926,99 @@ func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) { if err != nil { return } - _, _, e1 := Syscall6(SYS_FSTATAT, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0) + _, _, e1 := syscall_syscall6(libc_fstatat_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_fstatat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fstatat fstatat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Fstatfs(fd int, stat *Statfs_t) (err error) { - _, _, e1 := Syscall(SYS_FSTATFS, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0) + _, _, e1 := syscall_syscall(libc_fstatfs_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_fstatfs_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fstatfs fstatfs "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Fsync(fd int) (err error) { - _, _, e1 := Syscall(SYS_FSYNC, uintptr(fd), 0, 0) + _, _, e1 := syscall_syscall(libc_fsync_trampoline_addr, uintptr(fd), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_fsync_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fsync fsync "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Ftruncate(fd int, length int64) (err error) { - _, _, e1 := Syscall6(SYS_FTRUNCATE, uintptr(fd), 0, uintptr(length), uintptr(length>>32), 0, 0) + _, _, e1 := syscall_syscall6(libc_ftruncate_trampoline_addr, uintptr(fd), 0, uintptr(length), uintptr(length>>32), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_ftruncate_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_ftruncate ftruncate "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getegid() (egid int) { - r0, _, _ := RawSyscall(SYS_GETEGID, 0, 0, 0) + r0, _, _ := syscall_rawSyscall(libc_getegid_trampoline_addr, 0, 0, 0) egid = int(r0) return } +var libc_getegid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getegid getegid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Geteuid() (uid int) { - r0, _, _ := RawSyscall(SYS_GETEUID, 0, 0, 0) + r0, _, _ := syscall_rawSyscall(libc_geteuid_trampoline_addr, 0, 0, 0) uid = int(r0) return } +var libc_geteuid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_geteuid geteuid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getgid() (gid int) { - r0, _, _ := RawSyscall(SYS_GETGID, 0, 0, 0) + r0, _, _ := syscall_rawSyscall(libc_getgid_trampoline_addr, 0, 0, 0) gid = int(r0) return } +var libc_getgid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getgid getgid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getpgid(pid int) (pgid int, err error) { - r0, _, e1 := RawSyscall(SYS_GETPGID, uintptr(pid), 0, 0) + r0, _, e1 := syscall_rawSyscall(libc_getpgid_trampoline_addr, uintptr(pid), 0, 0) pgid = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -774,34 +1026,50 @@ func Getpgid(pid int) (pgid int, err error) { return } +var libc_getpgid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getpgid getpgid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getpgrp() (pgrp int) { - r0, _, _ := RawSyscall(SYS_GETPGRP, 0, 0, 0) + r0, _, _ := syscall_rawSyscall(libc_getpgrp_trampoline_addr, 0, 0, 0) pgrp = int(r0) return } +var libc_getpgrp_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getpgrp getpgrp "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getpid() (pid int) { - r0, _, _ := RawSyscall(SYS_GETPID, 0, 0, 0) + r0, _, _ := syscall_rawSyscall(libc_getpid_trampoline_addr, 0, 0, 0) pid = int(r0) return } +var libc_getpid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getpid getpid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getppid() (ppid int) { - r0, _, _ := RawSyscall(SYS_GETPPID, 0, 0, 0) + r0, _, _ := syscall_rawSyscall(libc_getppid_trampoline_addr, 0, 0, 0) ppid = int(r0) return } +var libc_getppid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getppid getppid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getpriority(which int, who int) (prio int, err error) { - r0, _, e1 := Syscall(SYS_GETPRIORITY, uintptr(which), uintptr(who), 0) + r0, _, e1 := syscall_syscall(libc_getpriority_trampoline_addr, uintptr(which), uintptr(who), 0) prio = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -809,20 +1077,28 @@ func Getpriority(which int, who int) (prio int, err error) { return } +var libc_getpriority_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getpriority getpriority "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getrlimit(which int, lim *Rlimit) (err error) { - _, _, e1 := RawSyscall(SYS_GETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0) + _, _, e1 := syscall_rawSyscall(libc_getrlimit_trampoline_addr, uintptr(which), uintptr(unsafe.Pointer(lim)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_getrlimit_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getrlimit getrlimit "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getrtable() (rtable int, err error) { - r0, _, e1 := RawSyscall(SYS_GETRTABLE, 0, 0, 0) + r0, _, e1 := syscall_rawSyscall(libc_getrtable_trampoline_addr, 0, 0, 0) rtable = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -830,20 +1106,28 @@ func Getrtable() (rtable int, err error) { return } +var libc_getrtable_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getrtable getrtable "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getrusage(who int, rusage *Rusage) (err error) { - _, _, e1 := RawSyscall(SYS_GETRUSAGE, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0) + _, _, e1 := syscall_rawSyscall(libc_getrusage_trampoline_addr, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_getrusage_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getrusage getrusage "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getsid(pid int) (sid int, err error) { - r0, _, e1 := RawSyscall(SYS_GETSID, uintptr(pid), 0, 0) + r0, _, e1 := syscall_rawSyscall(libc_getsid_trampoline_addr, uintptr(pid), 0, 0) sid = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -851,46 +1135,66 @@ func Getsid(pid int) (sid int, err error) { return } +var libc_getsid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getsid getsid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Gettimeofday(tv *Timeval) (err error) { - _, _, e1 := RawSyscall(SYS_GETTIMEOFDAY, uintptr(unsafe.Pointer(tv)), 0, 0) + _, _, e1 := syscall_rawSyscall(libc_gettimeofday_trampoline_addr, uintptr(unsafe.Pointer(tv)), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_gettimeofday_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_gettimeofday gettimeofday "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getuid() (uid int) { - r0, _, _ := RawSyscall(SYS_GETUID, 0, 0, 0) + r0, _, _ := syscall_rawSyscall(libc_getuid_trampoline_addr, 0, 0, 0) uid = int(r0) return } +var libc_getuid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getuid getuid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Issetugid() (tainted bool) { - r0, _, _ := Syscall(SYS_ISSETUGID, 0, 0, 0) + r0, _, _ := syscall_syscall(libc_issetugid_trampoline_addr, 0, 0, 0) tainted = bool(r0 != 0) return } +var libc_issetugid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_issetugid issetugid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Kill(pid int, signum syscall.Signal) (err error) { - _, _, e1 := Syscall(SYS_KILL, uintptr(pid), uintptr(signum), 0) + _, _, e1 := syscall_syscall(libc_kill_trampoline_addr, uintptr(pid), uintptr(signum), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_kill_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_kill kill "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Kqueue() (fd int, err error) { - r0, _, e1 := Syscall(SYS_KQUEUE, 0, 0, 0) + r0, _, e1 := syscall_syscall(libc_kqueue_trampoline_addr, 0, 0, 0) fd = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -898,6 +1202,10 @@ func Kqueue() (fd int, err error) { return } +var libc_kqueue_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_kqueue kqueue "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Lchown(path string, uid int, gid int) (err error) { @@ -906,13 +1214,17 @@ func Lchown(path string, uid int, gid int) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_LCHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid)) + _, _, e1 := syscall_syscall(libc_lchown_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_lchown_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_lchown lchown "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Link(path string, link string) (err error) { @@ -926,13 +1238,17 @@ func Link(path string, link string) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0) + _, _, e1 := syscall_syscall(libc_link_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_link_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_link link "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Linkat(pathfd int, path string, linkfd int, link string, flags int) (err error) { @@ -946,23 +1262,31 @@ func Linkat(pathfd int, path string, linkfd int, link string, flags int) (err er if err != nil { return } - _, _, e1 := Syscall6(SYS_LINKAT, uintptr(pathfd), uintptr(unsafe.Pointer(_p0)), uintptr(linkfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0) + _, _, e1 := syscall_syscall6(libc_linkat_trampoline_addr, uintptr(pathfd), uintptr(unsafe.Pointer(_p0)), uintptr(linkfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_linkat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_linkat linkat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Listen(s int, backlog int) (err error) { - _, _, e1 := Syscall(SYS_LISTEN, uintptr(s), uintptr(backlog), 0) + _, _, e1 := syscall_syscall(libc_listen_trampoline_addr, uintptr(s), uintptr(backlog), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_listen_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_listen listen "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Lstat(path string, stat *Stat_t) (err error) { @@ -971,13 +1295,17 @@ func Lstat(path string, stat *Stat_t) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_LSTAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0) + _, _, e1 := syscall_syscall(libc_lstat_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_lstat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_lstat lstat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Mkdir(path string, mode uint32) (err error) { @@ -986,13 +1314,17 @@ func Mkdir(path string, mode uint32) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_MKDIR, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0) + _, _, e1 := syscall_syscall(libc_mkdir_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_mkdir_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mkdir mkdir "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Mkdirat(dirfd int, path string, mode uint32) (err error) { @@ -1001,13 +1333,17 @@ func Mkdirat(dirfd int, path string, mode uint32) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_MKDIRAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode)) + _, _, e1 := syscall_syscall(libc_mkdirat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_mkdirat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mkdirat mkdirat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Mkfifo(path string, mode uint32) (err error) { @@ -1016,13 +1352,17 @@ func Mkfifo(path string, mode uint32) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_MKFIFO, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0) + _, _, e1 := syscall_syscall(libc_mkfifo_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_mkfifo_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mkfifo mkfifo "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Mkfifoat(dirfd int, path string, mode uint32) (err error) { @@ -1031,13 +1371,17 @@ func Mkfifoat(dirfd int, path string, mode uint32) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_MKFIFOAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode)) + _, _, e1 := syscall_syscall(libc_mkfifoat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_mkfifoat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mkfifoat mkfifoat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Mknod(path string, mode uint32, dev int) (err error) { @@ -1046,13 +1390,17 @@ func Mknod(path string, mode uint32, dev int) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_MKNOD, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev)) + _, _, e1 := syscall_syscall(libc_mknod_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_mknod_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mknod mknod "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Mknodat(dirfd int, path string, mode uint32, dev int) (err error) { @@ -1061,23 +1409,31 @@ func Mknodat(dirfd int, path string, mode uint32, dev int) (err error) { if err != nil { return } - _, _, e1 := Syscall6(SYS_MKNODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0) + _, _, e1 := syscall_syscall6(libc_mknodat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_mknodat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mknodat mknodat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Nanosleep(time *Timespec, leftover *Timespec) (err error) { - _, _, e1 := Syscall(SYS_NANOSLEEP, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0) + _, _, e1 := syscall_syscall(libc_nanosleep_trampoline_addr, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_nanosleep_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_nanosleep nanosleep "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Open(path string, mode int, perm uint32) (fd int, err error) { @@ -1086,7 +1442,7 @@ func Open(path string, mode int, perm uint32) (fd int, err error) { if err != nil { return } - r0, _, e1 := Syscall(SYS_OPEN, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm)) + r0, _, e1 := syscall_syscall(libc_open_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm)) fd = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -1094,6 +1450,10 @@ func Open(path string, mode int, perm uint32) (fd int, err error) { return } +var libc_open_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_open open "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error) { @@ -1102,7 +1462,7 @@ func Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error) { if err != nil { return } - r0, _, e1 := Syscall6(SYS_OPENAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm), 0, 0) + r0, _, e1 := syscall_syscall6(libc_openat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm), 0, 0) fd = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -1110,6 +1470,10 @@ func Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error) { return } +var libc_openat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_openat openat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Pathconf(path string, name int) (val int, err error) { @@ -1118,7 +1482,7 @@ func Pathconf(path string, name int) (val int, err error) { if err != nil { return } - r0, _, e1 := Syscall(SYS_PATHCONF, uintptr(unsafe.Pointer(_p0)), uintptr(name), 0) + r0, _, e1 := syscall_syscall(libc_pathconf_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(name), 0) val = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -1126,6 +1490,10 @@ func Pathconf(path string, name int) (val int, err error) { return } +var libc_pathconf_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_pathconf pathconf "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func pread(fd int, p []byte, offset int64) (n int, err error) { @@ -1135,7 +1503,7 @@ func pread(fd int, p []byte, offset int64) (n int, err error) { } else { _p0 = unsafe.Pointer(&_zero) } - r0, _, e1 := Syscall6(SYS_PREAD, uintptr(fd), uintptr(_p0), uintptr(len(p)), 0, uintptr(offset), uintptr(offset>>32)) + r0, _, e1 := syscall_syscall6(libc_pread_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(p)), 0, uintptr(offset), uintptr(offset>>32)) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -1143,6 +1511,10 @@ func pread(fd int, p []byte, offset int64) (n int, err error) { return } +var libc_pread_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_pread pread "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func pwrite(fd int, p []byte, offset int64) (n int, err error) { @@ -1152,7 +1524,7 @@ func pwrite(fd int, p []byte, offset int64) (n int, err error) { } else { _p0 = unsafe.Pointer(&_zero) } - r0, _, e1 := Syscall6(SYS_PWRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)), 0, uintptr(offset), uintptr(offset>>32)) + r0, _, e1 := syscall_syscall6(libc_pwrite_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(p)), 0, uintptr(offset), uintptr(offset>>32)) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -1160,6 +1532,10 @@ func pwrite(fd int, p []byte, offset int64) (n int, err error) { return } +var libc_pwrite_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_pwrite pwrite "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func read(fd int, p []byte) (n int, err error) { @@ -1169,7 +1545,7 @@ func read(fd int, p []byte) (n int, err error) { } else { _p0 = unsafe.Pointer(&_zero) } - r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(_p0), uintptr(len(p))) + r0, _, e1 := syscall_syscall(libc_read_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(p))) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -1177,6 +1553,10 @@ func read(fd int, p []byte) (n int, err error) { return } +var libc_read_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_read read "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Readlink(path string, buf []byte) (n int, err error) { @@ -1191,7 +1571,7 @@ func Readlink(path string, buf []byte) (n int, err error) { } else { _p1 = unsafe.Pointer(&_zero) } - r0, _, e1 := Syscall(SYS_READLINK, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf))) + r0, _, e1 := syscall_syscall(libc_readlink_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf))) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -1199,6 +1579,10 @@ func Readlink(path string, buf []byte) (n int, err error) { return } +var libc_readlink_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_readlink readlink "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) { @@ -1213,7 +1597,7 @@ func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) { } else { _p1 = unsafe.Pointer(&_zero) } - r0, _, e1 := Syscall6(SYS_READLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0) + r0, _, e1 := syscall_syscall6(libc_readlinkat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -1221,6 +1605,10 @@ func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) { return } +var libc_readlinkat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_readlinkat readlinkat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Rename(from string, to string) (err error) { @@ -1234,13 +1622,17 @@ func Rename(from string, to string) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_RENAME, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0) + _, _, e1 := syscall_syscall(libc_rename_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_rename_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_rename rename "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Renameat(fromfd int, from string, tofd int, to string) (err error) { @@ -1254,13 +1646,17 @@ func Renameat(fromfd int, from string, tofd int, to string) (err error) { if err != nil { return } - _, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(fromfd), uintptr(unsafe.Pointer(_p0)), uintptr(tofd), uintptr(unsafe.Pointer(_p1)), 0, 0) + _, _, e1 := syscall_syscall6(libc_renameat_trampoline_addr, uintptr(fromfd), uintptr(unsafe.Pointer(_p0)), uintptr(tofd), uintptr(unsafe.Pointer(_p1)), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_renameat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_renameat renameat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Revoke(path string) (err error) { @@ -1269,13 +1665,17 @@ func Revoke(path string) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_REVOKE, uintptr(unsafe.Pointer(_p0)), 0, 0) + _, _, e1 := syscall_syscall(libc_revoke_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_revoke_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_revoke revoke "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Rmdir(path string) (err error) { @@ -1284,17 +1684,21 @@ func Rmdir(path string) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_RMDIR, uintptr(unsafe.Pointer(_p0)), 0, 0) + _, _, e1 := syscall_syscall(libc_rmdir_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_rmdir_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_rmdir rmdir "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Seek(fd int, offset int64, whence int) (newoffset int64, err error) { - r0, r1, e1 := Syscall6(SYS_LSEEK, uintptr(fd), 0, uintptr(offset), uintptr(offset>>32), uintptr(whence), 0) + r0, r1, e1 := syscall_syscall6(libc_lseek_trampoline_addr, uintptr(fd), 0, uintptr(offset), uintptr(offset>>32), uintptr(whence), 0) newoffset = int64(int64(r1)<<32 | int64(r0)) if e1 != 0 { err = errnoErr(e1) @@ -1302,10 +1706,14 @@ func Seek(fd int, offset int64, whence int) (newoffset int64, err error) { return } +var libc_lseek_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_lseek lseek "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) { - r0, _, e1 := Syscall6(SYS_SELECT, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0) + r0, _, e1 := syscall_syscall6(libc_select_trampoline_addr, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -1313,36 +1721,52 @@ func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err return } +var libc_select_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_select select "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setegid(egid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETEGID, uintptr(egid), 0, 0) + _, _, e1 := syscall_rawSyscall(libc_setegid_trampoline_addr, uintptr(egid), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setegid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setegid setegid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Seteuid(euid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETEUID, uintptr(euid), 0, 0) + _, _, e1 := syscall_rawSyscall(libc_seteuid_trampoline_addr, uintptr(euid), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_seteuid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_seteuid seteuid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setgid(gid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETGID, uintptr(gid), 0, 0) + _, _, e1 := syscall_rawSyscall(libc_setgid_trampoline_addr, uintptr(gid), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setgid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setgid setgid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setlogin(name string) (err error) { @@ -1351,97 +1775,133 @@ func Setlogin(name string) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_SETLOGIN, uintptr(unsafe.Pointer(_p0)), 0, 0) + _, _, e1 := syscall_syscall(libc_setlogin_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setlogin_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setlogin setlogin "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setpgid(pid int, pgid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETPGID, uintptr(pid), uintptr(pgid), 0) + _, _, e1 := syscall_rawSyscall(libc_setpgid_trampoline_addr, uintptr(pid), uintptr(pgid), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setpgid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setpgid setpgid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setpriority(which int, who int, prio int) (err error) { - _, _, e1 := Syscall(SYS_SETPRIORITY, uintptr(which), uintptr(who), uintptr(prio)) + _, _, e1 := syscall_syscall(libc_setpriority_trampoline_addr, uintptr(which), uintptr(who), uintptr(prio)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setpriority_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setpriority setpriority "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setregid(rgid int, egid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0) + _, _, e1 := syscall_rawSyscall(libc_setregid_trampoline_addr, uintptr(rgid), uintptr(egid), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setregid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setregid setregid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setreuid(ruid int, euid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0) + _, _, e1 := syscall_rawSyscall(libc_setreuid_trampoline_addr, uintptr(ruid), uintptr(euid), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setreuid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setreuid setreuid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setresgid(rgid int, egid int, sgid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETRESGID, uintptr(rgid), uintptr(egid), uintptr(sgid)) + _, _, e1 := syscall_rawSyscall(libc_setresgid_trampoline_addr, uintptr(rgid), uintptr(egid), uintptr(sgid)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setresgid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setresgid setresgid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setresuid(ruid int, euid int, suid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETRESUID, uintptr(ruid), uintptr(euid), uintptr(suid)) + _, _, e1 := syscall_rawSyscall(libc_setresuid_trampoline_addr, uintptr(ruid), uintptr(euid), uintptr(suid)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setresuid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setresuid setresuid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setrlimit(which int, lim *Rlimit) (err error) { - _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0) + _, _, e1 := syscall_rawSyscall(libc_setrlimit_trampoline_addr, uintptr(which), uintptr(unsafe.Pointer(lim)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setrlimit_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setrlimit setrlimit "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setrtable(rtable int) (err error) { - _, _, e1 := RawSyscall(SYS_SETRTABLE, uintptr(rtable), 0, 0) + _, _, e1 := syscall_rawSyscall(libc_setrtable_trampoline_addr, uintptr(rtable), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setrtable_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setrtable setrtable "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setsid() (pid int, err error) { - r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0) + r0, _, e1 := syscall_rawSyscall(libc_setsid_trampoline_addr, 0, 0, 0) pid = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -1449,26 +1909,38 @@ func Setsid() (pid int, err error) { return } +var libc_setsid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setsid setsid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Settimeofday(tp *Timeval) (err error) { - _, _, e1 := RawSyscall(SYS_SETTIMEOFDAY, uintptr(unsafe.Pointer(tp)), 0, 0) + _, _, e1 := syscall_rawSyscall(libc_settimeofday_trampoline_addr, uintptr(unsafe.Pointer(tp)), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_settimeofday_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_settimeofday settimeofday "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setuid(uid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETUID, uintptr(uid), 0, 0) + _, _, e1 := syscall_rawSyscall(libc_setuid_trampoline_addr, uintptr(uid), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setuid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setuid setuid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Stat(path string, stat *Stat_t) (err error) { @@ -1477,13 +1949,17 @@ func Stat(path string, stat *Stat_t) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_STAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0) + _, _, e1 := syscall_syscall(libc_stat_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_stat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_stat stat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Statfs(path string, stat *Statfs_t) (err error) { @@ -1492,13 +1968,17 @@ func Statfs(path string, stat *Statfs_t) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_STATFS, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0) + _, _, e1 := syscall_syscall(libc_statfs_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_statfs_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_statfs statfs "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Symlink(path string, link string) (err error) { @@ -1512,13 +1992,17 @@ func Symlink(path string, link string) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_SYMLINK, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0) + _, _, e1 := syscall_syscall(libc_symlink_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_symlink_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_symlink symlink "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) { @@ -1532,23 +2016,31 @@ func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_SYMLINKAT, uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1))) + _, _, e1 := syscall_syscall(libc_symlinkat_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1))) if e1 != 0 { err = errnoErr(e1) } return } +var libc_symlinkat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_symlinkat symlinkat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Sync() (err error) { - _, _, e1 := Syscall(SYS_SYNC, 0, 0, 0) + _, _, e1 := syscall_syscall(libc_sync_trampoline_addr, 0, 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_sync_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_sync sync "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Truncate(path string, length int64) (err error) { @@ -1557,21 +2049,29 @@ func Truncate(path string, length int64) (err error) { if err != nil { return } - _, _, e1 := Syscall6(SYS_TRUNCATE, uintptr(unsafe.Pointer(_p0)), 0, uintptr(length), uintptr(length>>32), 0, 0) + _, _, e1 := syscall_syscall6(libc_truncate_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, uintptr(length), uintptr(length>>32), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_truncate_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_truncate truncate "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Umask(newmask int) (oldmask int) { - r0, _, _ := Syscall(SYS_UMASK, uintptr(newmask), 0, 0) + r0, _, _ := syscall_syscall(libc_umask_trampoline_addr, uintptr(newmask), 0, 0) oldmask = int(r0) return } +var libc_umask_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_umask umask "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Unlink(path string) (err error) { @@ -1580,13 +2080,17 @@ func Unlink(path string) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_UNLINK, uintptr(unsafe.Pointer(_p0)), 0, 0) + _, _, e1 := syscall_syscall(libc_unlink_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_unlink_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_unlink unlink "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Unlinkat(dirfd int, path string, flags int) (err error) { @@ -1595,13 +2099,17 @@ func Unlinkat(dirfd int, path string, flags int) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_UNLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags)) + _, _, e1 := syscall_syscall(libc_unlinkat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_unlinkat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_unlinkat unlinkat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Unmount(path string, flags int) (err error) { @@ -1610,13 +2118,17 @@ func Unmount(path string, flags int) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_UNMOUNT, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0) + _, _, e1 := syscall_syscall(libc_unmount_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_unmount_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_unmount unmount "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func write(fd int, p []byte) (n int, err error) { @@ -1626,7 +2138,7 @@ func write(fd int, p []byte) (n int, err error) { } else { _p0 = unsafe.Pointer(&_zero) } - r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(_p0), uintptr(len(p))) + r0, _, e1 := syscall_syscall(libc_write_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(p))) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -1634,10 +2146,14 @@ func write(fd int, p []byte) (n int, err error) { return } +var libc_write_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_write write "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error) { - r0, _, e1 := Syscall9(SYS_MMAP, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flag), uintptr(fd), 0, uintptr(pos), uintptr(pos>>32), 0) + r0, _, e1 := syscall_syscall9(libc_mmap_trampoline_addr, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flag), uintptr(fd), 0, uintptr(pos), uintptr(pos>>32), 0) ret = uintptr(r0) if e1 != 0 { err = errnoErr(e1) @@ -1645,20 +2161,28 @@ func mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) ( return } +var libc_mmap_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mmap mmap "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func munmap(addr uintptr, length uintptr) (err error) { - _, _, e1 := Syscall(SYS_MUNMAP, uintptr(addr), uintptr(length), 0) + _, _, e1 := syscall_syscall(libc_munmap_trampoline_addr, uintptr(addr), uintptr(length), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_munmap_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_munmap munmap "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func readlen(fd int, buf *byte, nbuf int) (n int, err error) { - r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf)) + r0, _, e1 := syscall_syscall(libc_read_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf)) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -1669,7 +2193,7 @@ func readlen(fd int, buf *byte, nbuf int) (n int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func writelen(fd int, buf *byte, nbuf int) (n int, err error) { - r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf)) + r0, _, e1 := syscall_syscall(libc_write_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf)) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -1685,9 +2209,13 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error if err != nil { return } - _, _, e1 := Syscall6(SYS_UTIMENSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), uintptr(flags), 0, 0) + _, _, e1 := syscall_syscall6(libc_utimensat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), uintptr(flags), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } + +var libc_utimensat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_utimensat utimensat "libc.so" diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s new file mode 100644 index 00000000000..9ad116d9fbd --- /dev/null +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s @@ -0,0 +1,796 @@ +// go run mkasm.go openbsd arm +// Code generated by the command above; DO NOT EDIT. + +#include "textflag.h" + +TEXT libc_getgroups_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getgroups(SB) + +GLOBL ·libc_getgroups_trampoline_addr(SB), RODATA, $4 +DATA ·libc_getgroups_trampoline_addr(SB)/4, $libc_getgroups_trampoline<>(SB) + +TEXT libc_setgroups_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setgroups(SB) + +GLOBL ·libc_setgroups_trampoline_addr(SB), RODATA, $4 +DATA ·libc_setgroups_trampoline_addr(SB)/4, $libc_setgroups_trampoline<>(SB) + +TEXT libc_wait4_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_wait4(SB) + +GLOBL ·libc_wait4_trampoline_addr(SB), RODATA, $4 +DATA ·libc_wait4_trampoline_addr(SB)/4, $libc_wait4_trampoline<>(SB) + +TEXT libc_accept_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_accept(SB) + +GLOBL ·libc_accept_trampoline_addr(SB), RODATA, $4 +DATA ·libc_accept_trampoline_addr(SB)/4, $libc_accept_trampoline<>(SB) + +TEXT libc_bind_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_bind(SB) + +GLOBL ·libc_bind_trampoline_addr(SB), RODATA, $4 +DATA ·libc_bind_trampoline_addr(SB)/4, $libc_bind_trampoline<>(SB) + +TEXT libc_connect_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_connect(SB) + +GLOBL ·libc_connect_trampoline_addr(SB), RODATA, $4 +DATA ·libc_connect_trampoline_addr(SB)/4, $libc_connect_trampoline<>(SB) + +TEXT libc_socket_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_socket(SB) + +GLOBL ·libc_socket_trampoline_addr(SB), RODATA, $4 +DATA ·libc_socket_trampoline_addr(SB)/4, $libc_socket_trampoline<>(SB) + +TEXT libc_getsockopt_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getsockopt(SB) + +GLOBL ·libc_getsockopt_trampoline_addr(SB), RODATA, $4 +DATA ·libc_getsockopt_trampoline_addr(SB)/4, $libc_getsockopt_trampoline<>(SB) + +TEXT libc_setsockopt_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setsockopt(SB) + +GLOBL ·libc_setsockopt_trampoline_addr(SB), RODATA, $4 +DATA ·libc_setsockopt_trampoline_addr(SB)/4, $libc_setsockopt_trampoline<>(SB) + +TEXT libc_getpeername_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getpeername(SB) + +GLOBL ·libc_getpeername_trampoline_addr(SB), RODATA, $4 +DATA ·libc_getpeername_trampoline_addr(SB)/4, $libc_getpeername_trampoline<>(SB) + +TEXT libc_getsockname_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getsockname(SB) + +GLOBL ·libc_getsockname_trampoline_addr(SB), RODATA, $4 +DATA ·libc_getsockname_trampoline_addr(SB)/4, $libc_getsockname_trampoline<>(SB) + +TEXT libc_shutdown_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_shutdown(SB) + +GLOBL ·libc_shutdown_trampoline_addr(SB), RODATA, $4 +DATA ·libc_shutdown_trampoline_addr(SB)/4, $libc_shutdown_trampoline<>(SB) + +TEXT libc_socketpair_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_socketpair(SB) + +GLOBL ·libc_socketpair_trampoline_addr(SB), RODATA, $4 +DATA ·libc_socketpair_trampoline_addr(SB)/4, $libc_socketpair_trampoline<>(SB) + +TEXT libc_recvfrom_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_recvfrom(SB) + +GLOBL ·libc_recvfrom_trampoline_addr(SB), RODATA, $4 +DATA ·libc_recvfrom_trampoline_addr(SB)/4, $libc_recvfrom_trampoline<>(SB) + +TEXT libc_sendto_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_sendto(SB) + +GLOBL ·libc_sendto_trampoline_addr(SB), RODATA, $4 +DATA ·libc_sendto_trampoline_addr(SB)/4, $libc_sendto_trampoline<>(SB) + +TEXT libc_recvmsg_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_recvmsg(SB) + +GLOBL ·libc_recvmsg_trampoline_addr(SB), RODATA, $4 +DATA ·libc_recvmsg_trampoline_addr(SB)/4, $libc_recvmsg_trampoline<>(SB) + +TEXT libc_sendmsg_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_sendmsg(SB) + +GLOBL ·libc_sendmsg_trampoline_addr(SB), RODATA, $4 +DATA ·libc_sendmsg_trampoline_addr(SB)/4, $libc_sendmsg_trampoline<>(SB) + +TEXT libc_kevent_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_kevent(SB) + +GLOBL ·libc_kevent_trampoline_addr(SB), RODATA, $4 +DATA ·libc_kevent_trampoline_addr(SB)/4, $libc_kevent_trampoline<>(SB) + +TEXT libc_utimes_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_utimes(SB) + +GLOBL ·libc_utimes_trampoline_addr(SB), RODATA, $4 +DATA ·libc_utimes_trampoline_addr(SB)/4, $libc_utimes_trampoline<>(SB) + +TEXT libc_futimes_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_futimes(SB) + +GLOBL ·libc_futimes_trampoline_addr(SB), RODATA, $4 +DATA ·libc_futimes_trampoline_addr(SB)/4, $libc_futimes_trampoline<>(SB) + +TEXT libc_poll_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_poll(SB) + +GLOBL ·libc_poll_trampoline_addr(SB), RODATA, $4 +DATA ·libc_poll_trampoline_addr(SB)/4, $libc_poll_trampoline<>(SB) + +TEXT libc_madvise_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_madvise(SB) + +GLOBL ·libc_madvise_trampoline_addr(SB), RODATA, $4 +DATA ·libc_madvise_trampoline_addr(SB)/4, $libc_madvise_trampoline<>(SB) + +TEXT libc_mlock_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_mlock(SB) + +GLOBL ·libc_mlock_trampoline_addr(SB), RODATA, $4 +DATA ·libc_mlock_trampoline_addr(SB)/4, $libc_mlock_trampoline<>(SB) + +TEXT libc_mlockall_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_mlockall(SB) + +GLOBL ·libc_mlockall_trampoline_addr(SB), RODATA, $4 +DATA ·libc_mlockall_trampoline_addr(SB)/4, $libc_mlockall_trampoline<>(SB) + +TEXT libc_mprotect_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_mprotect(SB) + +GLOBL ·libc_mprotect_trampoline_addr(SB), RODATA, $4 +DATA ·libc_mprotect_trampoline_addr(SB)/4, $libc_mprotect_trampoline<>(SB) + +TEXT libc_msync_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_msync(SB) + +GLOBL ·libc_msync_trampoline_addr(SB), RODATA, $4 +DATA ·libc_msync_trampoline_addr(SB)/4, $libc_msync_trampoline<>(SB) + +TEXT libc_munlock_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_munlock(SB) + +GLOBL ·libc_munlock_trampoline_addr(SB), RODATA, $4 +DATA ·libc_munlock_trampoline_addr(SB)/4, $libc_munlock_trampoline<>(SB) + +TEXT libc_munlockall_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_munlockall(SB) + +GLOBL ·libc_munlockall_trampoline_addr(SB), RODATA, $4 +DATA ·libc_munlockall_trampoline_addr(SB)/4, $libc_munlockall_trampoline<>(SB) + +TEXT libc_pipe2_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_pipe2(SB) + +GLOBL ·libc_pipe2_trampoline_addr(SB), RODATA, $4 +DATA ·libc_pipe2_trampoline_addr(SB)/4, $libc_pipe2_trampoline<>(SB) + +TEXT libc_getdents_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getdents(SB) + +GLOBL ·libc_getdents_trampoline_addr(SB), RODATA, $4 +DATA ·libc_getdents_trampoline_addr(SB)/4, $libc_getdents_trampoline<>(SB) + +TEXT libc_getcwd_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getcwd(SB) + +GLOBL ·libc_getcwd_trampoline_addr(SB), RODATA, $4 +DATA ·libc_getcwd_trampoline_addr(SB)/4, $libc_getcwd_trampoline<>(SB) + +TEXT libc_ioctl_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_ioctl(SB) + +GLOBL ·libc_ioctl_trampoline_addr(SB), RODATA, $4 +DATA ·libc_ioctl_trampoline_addr(SB)/4, $libc_ioctl_trampoline<>(SB) + +TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_sysctl(SB) + +GLOBL ·libc_sysctl_trampoline_addr(SB), RODATA, $4 +DATA ·libc_sysctl_trampoline_addr(SB)/4, $libc_sysctl_trampoline<>(SB) + +TEXT libc_ppoll_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_ppoll(SB) + +GLOBL ·libc_ppoll_trampoline_addr(SB), RODATA, $4 +DATA ·libc_ppoll_trampoline_addr(SB)/4, $libc_ppoll_trampoline<>(SB) + +TEXT libc_access_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_access(SB) + +GLOBL ·libc_access_trampoline_addr(SB), RODATA, $4 +DATA ·libc_access_trampoline_addr(SB)/4, $libc_access_trampoline<>(SB) + +TEXT libc_adjtime_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_adjtime(SB) + +GLOBL ·libc_adjtime_trampoline_addr(SB), RODATA, $4 +DATA ·libc_adjtime_trampoline_addr(SB)/4, $libc_adjtime_trampoline<>(SB) + +TEXT libc_chdir_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_chdir(SB) + +GLOBL ·libc_chdir_trampoline_addr(SB), RODATA, $4 +DATA ·libc_chdir_trampoline_addr(SB)/4, $libc_chdir_trampoline<>(SB) + +TEXT libc_chflags_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_chflags(SB) + +GLOBL ·libc_chflags_trampoline_addr(SB), RODATA, $4 +DATA ·libc_chflags_trampoline_addr(SB)/4, $libc_chflags_trampoline<>(SB) + +TEXT libc_chmod_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_chmod(SB) + +GLOBL ·libc_chmod_trampoline_addr(SB), RODATA, $4 +DATA ·libc_chmod_trampoline_addr(SB)/4, $libc_chmod_trampoline<>(SB) + +TEXT libc_chown_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_chown(SB) + +GLOBL ·libc_chown_trampoline_addr(SB), RODATA, $4 +DATA ·libc_chown_trampoline_addr(SB)/4, $libc_chown_trampoline<>(SB) + +TEXT libc_chroot_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_chroot(SB) + +GLOBL ·libc_chroot_trampoline_addr(SB), RODATA, $4 +DATA ·libc_chroot_trampoline_addr(SB)/4, $libc_chroot_trampoline<>(SB) + +TEXT libc_close_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_close(SB) + +GLOBL ·libc_close_trampoline_addr(SB), RODATA, $4 +DATA ·libc_close_trampoline_addr(SB)/4, $libc_close_trampoline<>(SB) + +TEXT libc_dup_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_dup(SB) + +GLOBL ·libc_dup_trampoline_addr(SB), RODATA, $4 +DATA ·libc_dup_trampoline_addr(SB)/4, $libc_dup_trampoline<>(SB) + +TEXT libc_dup2_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_dup2(SB) + +GLOBL ·libc_dup2_trampoline_addr(SB), RODATA, $4 +DATA ·libc_dup2_trampoline_addr(SB)/4, $libc_dup2_trampoline<>(SB) + +TEXT libc_dup3_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_dup3(SB) + +GLOBL ·libc_dup3_trampoline_addr(SB), RODATA, $4 +DATA ·libc_dup3_trampoline_addr(SB)/4, $libc_dup3_trampoline<>(SB) + +TEXT libc_exit_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_exit(SB) + +GLOBL ·libc_exit_trampoline_addr(SB), RODATA, $4 +DATA ·libc_exit_trampoline_addr(SB)/4, $libc_exit_trampoline<>(SB) + +TEXT libc_faccessat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_faccessat(SB) + +GLOBL ·libc_faccessat_trampoline_addr(SB), RODATA, $4 +DATA ·libc_faccessat_trampoline_addr(SB)/4, $libc_faccessat_trampoline<>(SB) + +TEXT libc_fchdir_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fchdir(SB) + +GLOBL ·libc_fchdir_trampoline_addr(SB), RODATA, $4 +DATA ·libc_fchdir_trampoline_addr(SB)/4, $libc_fchdir_trampoline<>(SB) + +TEXT libc_fchflags_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fchflags(SB) + +GLOBL ·libc_fchflags_trampoline_addr(SB), RODATA, $4 +DATA ·libc_fchflags_trampoline_addr(SB)/4, $libc_fchflags_trampoline<>(SB) + +TEXT libc_fchmod_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fchmod(SB) + +GLOBL ·libc_fchmod_trampoline_addr(SB), RODATA, $4 +DATA ·libc_fchmod_trampoline_addr(SB)/4, $libc_fchmod_trampoline<>(SB) + +TEXT libc_fchmodat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fchmodat(SB) + +GLOBL ·libc_fchmodat_trampoline_addr(SB), RODATA, $4 +DATA ·libc_fchmodat_trampoline_addr(SB)/4, $libc_fchmodat_trampoline<>(SB) + +TEXT libc_fchown_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fchown(SB) + +GLOBL ·libc_fchown_trampoline_addr(SB), RODATA, $4 +DATA ·libc_fchown_trampoline_addr(SB)/4, $libc_fchown_trampoline<>(SB) + +TEXT libc_fchownat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fchownat(SB) + +GLOBL ·libc_fchownat_trampoline_addr(SB), RODATA, $4 +DATA ·libc_fchownat_trampoline_addr(SB)/4, $libc_fchownat_trampoline<>(SB) + +TEXT libc_flock_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_flock(SB) + +GLOBL ·libc_flock_trampoline_addr(SB), RODATA, $4 +DATA ·libc_flock_trampoline_addr(SB)/4, $libc_flock_trampoline<>(SB) + +TEXT libc_fpathconf_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fpathconf(SB) + +GLOBL ·libc_fpathconf_trampoline_addr(SB), RODATA, $4 +DATA ·libc_fpathconf_trampoline_addr(SB)/4, $libc_fpathconf_trampoline<>(SB) + +TEXT libc_fstat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fstat(SB) + +GLOBL ·libc_fstat_trampoline_addr(SB), RODATA, $4 +DATA ·libc_fstat_trampoline_addr(SB)/4, $libc_fstat_trampoline<>(SB) + +TEXT libc_fstatat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fstatat(SB) + +GLOBL ·libc_fstatat_trampoline_addr(SB), RODATA, $4 +DATA ·libc_fstatat_trampoline_addr(SB)/4, $libc_fstatat_trampoline<>(SB) + +TEXT libc_fstatfs_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fstatfs(SB) + +GLOBL ·libc_fstatfs_trampoline_addr(SB), RODATA, $4 +DATA ·libc_fstatfs_trampoline_addr(SB)/4, $libc_fstatfs_trampoline<>(SB) + +TEXT libc_fsync_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fsync(SB) + +GLOBL ·libc_fsync_trampoline_addr(SB), RODATA, $4 +DATA ·libc_fsync_trampoline_addr(SB)/4, $libc_fsync_trampoline<>(SB) + +TEXT libc_ftruncate_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_ftruncate(SB) + +GLOBL ·libc_ftruncate_trampoline_addr(SB), RODATA, $4 +DATA ·libc_ftruncate_trampoline_addr(SB)/4, $libc_ftruncate_trampoline<>(SB) + +TEXT libc_getegid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getegid(SB) + +GLOBL ·libc_getegid_trampoline_addr(SB), RODATA, $4 +DATA ·libc_getegid_trampoline_addr(SB)/4, $libc_getegid_trampoline<>(SB) + +TEXT libc_geteuid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_geteuid(SB) + +GLOBL ·libc_geteuid_trampoline_addr(SB), RODATA, $4 +DATA ·libc_geteuid_trampoline_addr(SB)/4, $libc_geteuid_trampoline<>(SB) + +TEXT libc_getgid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getgid(SB) + +GLOBL ·libc_getgid_trampoline_addr(SB), RODATA, $4 +DATA ·libc_getgid_trampoline_addr(SB)/4, $libc_getgid_trampoline<>(SB) + +TEXT libc_getpgid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getpgid(SB) + +GLOBL ·libc_getpgid_trampoline_addr(SB), RODATA, $4 +DATA ·libc_getpgid_trampoline_addr(SB)/4, $libc_getpgid_trampoline<>(SB) + +TEXT libc_getpgrp_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getpgrp(SB) + +GLOBL ·libc_getpgrp_trampoline_addr(SB), RODATA, $4 +DATA ·libc_getpgrp_trampoline_addr(SB)/4, $libc_getpgrp_trampoline<>(SB) + +TEXT libc_getpid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getpid(SB) + +GLOBL ·libc_getpid_trampoline_addr(SB), RODATA, $4 +DATA ·libc_getpid_trampoline_addr(SB)/4, $libc_getpid_trampoline<>(SB) + +TEXT libc_getppid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getppid(SB) + +GLOBL ·libc_getppid_trampoline_addr(SB), RODATA, $4 +DATA ·libc_getppid_trampoline_addr(SB)/4, $libc_getppid_trampoline<>(SB) + +TEXT libc_getpriority_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getpriority(SB) + +GLOBL ·libc_getpriority_trampoline_addr(SB), RODATA, $4 +DATA ·libc_getpriority_trampoline_addr(SB)/4, $libc_getpriority_trampoline<>(SB) + +TEXT libc_getrlimit_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getrlimit(SB) + +GLOBL ·libc_getrlimit_trampoline_addr(SB), RODATA, $4 +DATA ·libc_getrlimit_trampoline_addr(SB)/4, $libc_getrlimit_trampoline<>(SB) + +TEXT libc_getrtable_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getrtable(SB) + +GLOBL ·libc_getrtable_trampoline_addr(SB), RODATA, $4 +DATA ·libc_getrtable_trampoline_addr(SB)/4, $libc_getrtable_trampoline<>(SB) + +TEXT libc_getrusage_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getrusage(SB) + +GLOBL ·libc_getrusage_trampoline_addr(SB), RODATA, $4 +DATA ·libc_getrusage_trampoline_addr(SB)/4, $libc_getrusage_trampoline<>(SB) + +TEXT libc_getsid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getsid(SB) + +GLOBL ·libc_getsid_trampoline_addr(SB), RODATA, $4 +DATA ·libc_getsid_trampoline_addr(SB)/4, $libc_getsid_trampoline<>(SB) + +TEXT libc_gettimeofday_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_gettimeofday(SB) + +GLOBL ·libc_gettimeofday_trampoline_addr(SB), RODATA, $4 +DATA ·libc_gettimeofday_trampoline_addr(SB)/4, $libc_gettimeofday_trampoline<>(SB) + +TEXT libc_getuid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getuid(SB) + +GLOBL ·libc_getuid_trampoline_addr(SB), RODATA, $4 +DATA ·libc_getuid_trampoline_addr(SB)/4, $libc_getuid_trampoline<>(SB) + +TEXT libc_issetugid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_issetugid(SB) + +GLOBL ·libc_issetugid_trampoline_addr(SB), RODATA, $4 +DATA ·libc_issetugid_trampoline_addr(SB)/4, $libc_issetugid_trampoline<>(SB) + +TEXT libc_kill_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_kill(SB) + +GLOBL ·libc_kill_trampoline_addr(SB), RODATA, $4 +DATA ·libc_kill_trampoline_addr(SB)/4, $libc_kill_trampoline<>(SB) + +TEXT libc_kqueue_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_kqueue(SB) + +GLOBL ·libc_kqueue_trampoline_addr(SB), RODATA, $4 +DATA ·libc_kqueue_trampoline_addr(SB)/4, $libc_kqueue_trampoline<>(SB) + +TEXT libc_lchown_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_lchown(SB) + +GLOBL ·libc_lchown_trampoline_addr(SB), RODATA, $4 +DATA ·libc_lchown_trampoline_addr(SB)/4, $libc_lchown_trampoline<>(SB) + +TEXT libc_link_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_link(SB) + +GLOBL ·libc_link_trampoline_addr(SB), RODATA, $4 +DATA ·libc_link_trampoline_addr(SB)/4, $libc_link_trampoline<>(SB) + +TEXT libc_linkat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_linkat(SB) + +GLOBL ·libc_linkat_trampoline_addr(SB), RODATA, $4 +DATA ·libc_linkat_trampoline_addr(SB)/4, $libc_linkat_trampoline<>(SB) + +TEXT libc_listen_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_listen(SB) + +GLOBL ·libc_listen_trampoline_addr(SB), RODATA, $4 +DATA ·libc_listen_trampoline_addr(SB)/4, $libc_listen_trampoline<>(SB) + +TEXT libc_lstat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_lstat(SB) + +GLOBL ·libc_lstat_trampoline_addr(SB), RODATA, $4 +DATA ·libc_lstat_trampoline_addr(SB)/4, $libc_lstat_trampoline<>(SB) + +TEXT libc_mkdir_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_mkdir(SB) + +GLOBL ·libc_mkdir_trampoline_addr(SB), RODATA, $4 +DATA ·libc_mkdir_trampoline_addr(SB)/4, $libc_mkdir_trampoline<>(SB) + +TEXT libc_mkdirat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_mkdirat(SB) + +GLOBL ·libc_mkdirat_trampoline_addr(SB), RODATA, $4 +DATA ·libc_mkdirat_trampoline_addr(SB)/4, $libc_mkdirat_trampoline<>(SB) + +TEXT libc_mkfifo_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_mkfifo(SB) + +GLOBL ·libc_mkfifo_trampoline_addr(SB), RODATA, $4 +DATA ·libc_mkfifo_trampoline_addr(SB)/4, $libc_mkfifo_trampoline<>(SB) + +TEXT libc_mkfifoat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_mkfifoat(SB) + +GLOBL ·libc_mkfifoat_trampoline_addr(SB), RODATA, $4 +DATA ·libc_mkfifoat_trampoline_addr(SB)/4, $libc_mkfifoat_trampoline<>(SB) + +TEXT libc_mknod_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_mknod(SB) + +GLOBL ·libc_mknod_trampoline_addr(SB), RODATA, $4 +DATA ·libc_mknod_trampoline_addr(SB)/4, $libc_mknod_trampoline<>(SB) + +TEXT libc_mknodat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_mknodat(SB) + +GLOBL ·libc_mknodat_trampoline_addr(SB), RODATA, $4 +DATA ·libc_mknodat_trampoline_addr(SB)/4, $libc_mknodat_trampoline<>(SB) + +TEXT libc_nanosleep_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_nanosleep(SB) + +GLOBL ·libc_nanosleep_trampoline_addr(SB), RODATA, $4 +DATA ·libc_nanosleep_trampoline_addr(SB)/4, $libc_nanosleep_trampoline<>(SB) + +TEXT libc_open_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_open(SB) + +GLOBL ·libc_open_trampoline_addr(SB), RODATA, $4 +DATA ·libc_open_trampoline_addr(SB)/4, $libc_open_trampoline<>(SB) + +TEXT libc_openat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_openat(SB) + +GLOBL ·libc_openat_trampoline_addr(SB), RODATA, $4 +DATA ·libc_openat_trampoline_addr(SB)/4, $libc_openat_trampoline<>(SB) + +TEXT libc_pathconf_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_pathconf(SB) + +GLOBL ·libc_pathconf_trampoline_addr(SB), RODATA, $4 +DATA ·libc_pathconf_trampoline_addr(SB)/4, $libc_pathconf_trampoline<>(SB) + +TEXT libc_pread_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_pread(SB) + +GLOBL ·libc_pread_trampoline_addr(SB), RODATA, $4 +DATA ·libc_pread_trampoline_addr(SB)/4, $libc_pread_trampoline<>(SB) + +TEXT libc_pwrite_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_pwrite(SB) + +GLOBL ·libc_pwrite_trampoline_addr(SB), RODATA, $4 +DATA ·libc_pwrite_trampoline_addr(SB)/4, $libc_pwrite_trampoline<>(SB) + +TEXT libc_read_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_read(SB) + +GLOBL ·libc_read_trampoline_addr(SB), RODATA, $4 +DATA ·libc_read_trampoline_addr(SB)/4, $libc_read_trampoline<>(SB) + +TEXT libc_readlink_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_readlink(SB) + +GLOBL ·libc_readlink_trampoline_addr(SB), RODATA, $4 +DATA ·libc_readlink_trampoline_addr(SB)/4, $libc_readlink_trampoline<>(SB) + +TEXT libc_readlinkat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_readlinkat(SB) + +GLOBL ·libc_readlinkat_trampoline_addr(SB), RODATA, $4 +DATA ·libc_readlinkat_trampoline_addr(SB)/4, $libc_readlinkat_trampoline<>(SB) + +TEXT libc_rename_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_rename(SB) + +GLOBL ·libc_rename_trampoline_addr(SB), RODATA, $4 +DATA ·libc_rename_trampoline_addr(SB)/4, $libc_rename_trampoline<>(SB) + +TEXT libc_renameat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_renameat(SB) + +GLOBL ·libc_renameat_trampoline_addr(SB), RODATA, $4 +DATA ·libc_renameat_trampoline_addr(SB)/4, $libc_renameat_trampoline<>(SB) + +TEXT libc_revoke_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_revoke(SB) + +GLOBL ·libc_revoke_trampoline_addr(SB), RODATA, $4 +DATA ·libc_revoke_trampoline_addr(SB)/4, $libc_revoke_trampoline<>(SB) + +TEXT libc_rmdir_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_rmdir(SB) + +GLOBL ·libc_rmdir_trampoline_addr(SB), RODATA, $4 +DATA ·libc_rmdir_trampoline_addr(SB)/4, $libc_rmdir_trampoline<>(SB) + +TEXT libc_lseek_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_lseek(SB) + +GLOBL ·libc_lseek_trampoline_addr(SB), RODATA, $4 +DATA ·libc_lseek_trampoline_addr(SB)/4, $libc_lseek_trampoline<>(SB) + +TEXT libc_select_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_select(SB) + +GLOBL ·libc_select_trampoline_addr(SB), RODATA, $4 +DATA ·libc_select_trampoline_addr(SB)/4, $libc_select_trampoline<>(SB) + +TEXT libc_setegid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setegid(SB) + +GLOBL ·libc_setegid_trampoline_addr(SB), RODATA, $4 +DATA ·libc_setegid_trampoline_addr(SB)/4, $libc_setegid_trampoline<>(SB) + +TEXT libc_seteuid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_seteuid(SB) + +GLOBL ·libc_seteuid_trampoline_addr(SB), RODATA, $4 +DATA ·libc_seteuid_trampoline_addr(SB)/4, $libc_seteuid_trampoline<>(SB) + +TEXT libc_setgid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setgid(SB) + +GLOBL ·libc_setgid_trampoline_addr(SB), RODATA, $4 +DATA ·libc_setgid_trampoline_addr(SB)/4, $libc_setgid_trampoline<>(SB) + +TEXT libc_setlogin_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setlogin(SB) + +GLOBL ·libc_setlogin_trampoline_addr(SB), RODATA, $4 +DATA ·libc_setlogin_trampoline_addr(SB)/4, $libc_setlogin_trampoline<>(SB) + +TEXT libc_setpgid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setpgid(SB) + +GLOBL ·libc_setpgid_trampoline_addr(SB), RODATA, $4 +DATA ·libc_setpgid_trampoline_addr(SB)/4, $libc_setpgid_trampoline<>(SB) + +TEXT libc_setpriority_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setpriority(SB) + +GLOBL ·libc_setpriority_trampoline_addr(SB), RODATA, $4 +DATA ·libc_setpriority_trampoline_addr(SB)/4, $libc_setpriority_trampoline<>(SB) + +TEXT libc_setregid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setregid(SB) + +GLOBL ·libc_setregid_trampoline_addr(SB), RODATA, $4 +DATA ·libc_setregid_trampoline_addr(SB)/4, $libc_setregid_trampoline<>(SB) + +TEXT libc_setreuid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setreuid(SB) + +GLOBL ·libc_setreuid_trampoline_addr(SB), RODATA, $4 +DATA ·libc_setreuid_trampoline_addr(SB)/4, $libc_setreuid_trampoline<>(SB) + +TEXT libc_setresgid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setresgid(SB) + +GLOBL ·libc_setresgid_trampoline_addr(SB), RODATA, $4 +DATA ·libc_setresgid_trampoline_addr(SB)/4, $libc_setresgid_trampoline<>(SB) + +TEXT libc_setresuid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setresuid(SB) + +GLOBL ·libc_setresuid_trampoline_addr(SB), RODATA, $4 +DATA ·libc_setresuid_trampoline_addr(SB)/4, $libc_setresuid_trampoline<>(SB) + +TEXT libc_setrlimit_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setrlimit(SB) + +GLOBL ·libc_setrlimit_trampoline_addr(SB), RODATA, $4 +DATA ·libc_setrlimit_trampoline_addr(SB)/4, $libc_setrlimit_trampoline<>(SB) + +TEXT libc_setrtable_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setrtable(SB) + +GLOBL ·libc_setrtable_trampoline_addr(SB), RODATA, $4 +DATA ·libc_setrtable_trampoline_addr(SB)/4, $libc_setrtable_trampoline<>(SB) + +TEXT libc_setsid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setsid(SB) + +GLOBL ·libc_setsid_trampoline_addr(SB), RODATA, $4 +DATA ·libc_setsid_trampoline_addr(SB)/4, $libc_setsid_trampoline<>(SB) + +TEXT libc_settimeofday_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_settimeofday(SB) + +GLOBL ·libc_settimeofday_trampoline_addr(SB), RODATA, $4 +DATA ·libc_settimeofday_trampoline_addr(SB)/4, $libc_settimeofday_trampoline<>(SB) + +TEXT libc_setuid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setuid(SB) + +GLOBL ·libc_setuid_trampoline_addr(SB), RODATA, $4 +DATA ·libc_setuid_trampoline_addr(SB)/4, $libc_setuid_trampoline<>(SB) + +TEXT libc_stat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_stat(SB) + +GLOBL ·libc_stat_trampoline_addr(SB), RODATA, $4 +DATA ·libc_stat_trampoline_addr(SB)/4, $libc_stat_trampoline<>(SB) + +TEXT libc_statfs_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_statfs(SB) + +GLOBL ·libc_statfs_trampoline_addr(SB), RODATA, $4 +DATA ·libc_statfs_trampoline_addr(SB)/4, $libc_statfs_trampoline<>(SB) + +TEXT libc_symlink_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_symlink(SB) + +GLOBL ·libc_symlink_trampoline_addr(SB), RODATA, $4 +DATA ·libc_symlink_trampoline_addr(SB)/4, $libc_symlink_trampoline<>(SB) + +TEXT libc_symlinkat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_symlinkat(SB) + +GLOBL ·libc_symlinkat_trampoline_addr(SB), RODATA, $4 +DATA ·libc_symlinkat_trampoline_addr(SB)/4, $libc_symlinkat_trampoline<>(SB) + +TEXT libc_sync_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_sync(SB) + +GLOBL ·libc_sync_trampoline_addr(SB), RODATA, $4 +DATA ·libc_sync_trampoline_addr(SB)/4, $libc_sync_trampoline<>(SB) + +TEXT libc_truncate_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_truncate(SB) + +GLOBL ·libc_truncate_trampoline_addr(SB), RODATA, $4 +DATA ·libc_truncate_trampoline_addr(SB)/4, $libc_truncate_trampoline<>(SB) + +TEXT libc_umask_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_umask(SB) + +GLOBL ·libc_umask_trampoline_addr(SB), RODATA, $4 +DATA ·libc_umask_trampoline_addr(SB)/4, $libc_umask_trampoline<>(SB) + +TEXT libc_unlink_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_unlink(SB) + +GLOBL ·libc_unlink_trampoline_addr(SB), RODATA, $4 +DATA ·libc_unlink_trampoline_addr(SB)/4, $libc_unlink_trampoline<>(SB) + +TEXT libc_unlinkat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_unlinkat(SB) + +GLOBL ·libc_unlinkat_trampoline_addr(SB), RODATA, $4 +DATA ·libc_unlinkat_trampoline_addr(SB)/4, $libc_unlinkat_trampoline<>(SB) + +TEXT libc_unmount_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_unmount(SB) + +GLOBL ·libc_unmount_trampoline_addr(SB), RODATA, $4 +DATA ·libc_unmount_trampoline_addr(SB)/4, $libc_unmount_trampoline<>(SB) + +TEXT libc_write_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_write(SB) + +GLOBL ·libc_write_trampoline_addr(SB), RODATA, $4 +DATA ·libc_write_trampoline_addr(SB)/4, $libc_write_trampoline<>(SB) + +TEXT libc_mmap_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_mmap(SB) + +GLOBL ·libc_mmap_trampoline_addr(SB), RODATA, $4 +DATA ·libc_mmap_trampoline_addr(SB)/4, $libc_mmap_trampoline<>(SB) + +TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_munmap(SB) + +GLOBL ·libc_munmap_trampoline_addr(SB), RODATA, $4 +DATA ·libc_munmap_trampoline_addr(SB)/4, $libc_munmap_trampoline<>(SB) + +TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_utimensat(SB) + +GLOBL ·libc_utimensat_trampoline_addr(SB), RODATA, $4 +DATA ·libc_utimensat_trampoline_addr(SB)/4, $libc_utimensat_trampoline<>(SB) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go index c96a505178f..800aab6e3e7 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go @@ -1,4 +1,4 @@ -// go run mksyscall.go -openbsd -tags openbsd,arm64 syscall_bsd.go syscall_openbsd.go syscall_openbsd_arm64.go +// go run mksyscall.go -openbsd -libc -tags openbsd,arm64 syscall_bsd.go syscall_openbsd.go syscall_openbsd_arm64.go // Code generated by the command above; see README.md. DO NOT EDIT. //go:build openbsd && arm64 @@ -16,7 +16,7 @@ var _ syscall.Errno // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func getgroups(ngid int, gid *_Gid_t) (n int, err error) { - r0, _, e1 := RawSyscall(SYS_GETGROUPS, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0) + r0, _, e1 := syscall_rawSyscall(libc_getgroups_trampoline_addr, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -24,20 +24,28 @@ func getgroups(ngid int, gid *_Gid_t) (n int, err error) { return } +var libc_getgroups_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getgroups getgroups "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func setgroups(ngid int, gid *_Gid_t) (err error) { - _, _, e1 := RawSyscall(SYS_SETGROUPS, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0) + _, _, e1 := syscall_rawSyscall(libc_setgroups_trampoline_addr, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setgroups_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setgroups setgroups "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err error) { - r0, _, e1 := Syscall6(SYS_WAIT4, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0, 0) + r0, _, e1 := syscall_syscall6(libc_wait4_trampoline_addr, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0, 0) wpid = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -45,10 +53,14 @@ func wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err return } +var libc_wait4_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_wait4 wait4 "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) { - r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) + r0, _, e1 := syscall_syscall(libc_accept_trampoline_addr, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) fd = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -56,30 +68,42 @@ func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) { return } +var libc_accept_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_accept accept "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) { - _, _, e1 := Syscall(SYS_BIND, uintptr(s), uintptr(addr), uintptr(addrlen)) + _, _, e1 := syscall_syscall(libc_bind_trampoline_addr, uintptr(s), uintptr(addr), uintptr(addrlen)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_bind_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_bind bind "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) { - _, _, e1 := Syscall(SYS_CONNECT, uintptr(s), uintptr(addr), uintptr(addrlen)) + _, _, e1 := syscall_syscall(libc_connect_trampoline_addr, uintptr(s), uintptr(addr), uintptr(addrlen)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_connect_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_connect connect "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func socket(domain int, typ int, proto int) (fd int, err error) { - r0, _, e1 := RawSyscall(SYS_SOCKET, uintptr(domain), uintptr(typ), uintptr(proto)) + r0, _, e1 := syscall_rawSyscall(libc_socket_trampoline_addr, uintptr(domain), uintptr(typ), uintptr(proto)) fd = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -87,66 +111,94 @@ func socket(domain int, typ int, proto int) (fd int, err error) { return } +var libc_socket_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_socket socket "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) { - _, _, e1 := Syscall6(SYS_GETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0) + _, _, e1 := syscall_syscall6(libc_getsockopt_trampoline_addr, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_getsockopt_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getsockopt getsockopt "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) { - _, _, e1 := Syscall6(SYS_SETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0) + _, _, e1 := syscall_syscall6(libc_setsockopt_trampoline_addr, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setsockopt_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setsockopt setsockopt "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) { - _, _, e1 := RawSyscall(SYS_GETPEERNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) + _, _, e1 := syscall_rawSyscall(libc_getpeername_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) if e1 != 0 { err = errnoErr(e1) } return } +var libc_getpeername_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getpeername getpeername "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) { - _, _, e1 := RawSyscall(SYS_GETSOCKNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) + _, _, e1 := syscall_rawSyscall(libc_getsockname_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) if e1 != 0 { err = errnoErr(e1) } return } +var libc_getsockname_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getsockname getsockname "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Shutdown(s int, how int) (err error) { - _, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(s), uintptr(how), 0) + _, _, e1 := syscall_syscall(libc_shutdown_trampoline_addr, uintptr(s), uintptr(how), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_shutdown_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_shutdown shutdown "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) { - _, _, e1 := RawSyscall6(SYS_SOCKETPAIR, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0) + _, _, e1 := syscall_rawSyscall6(libc_socketpair_trampoline_addr, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_socketpair_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_socketpair socketpair "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) { @@ -156,7 +208,7 @@ func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Sockl } else { _p0 = unsafe.Pointer(&_zero) } - r0, _, e1 := Syscall6(SYS_RECVFROM, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen))) + r0, _, e1 := syscall_syscall6(libc_recvfrom_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen))) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -164,6 +216,10 @@ func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Sockl return } +var libc_recvfrom_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_recvfrom recvfrom "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) { @@ -173,17 +229,21 @@ func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) ( } else { _p0 = unsafe.Pointer(&_zero) } - _, _, e1 := Syscall6(SYS_SENDTO, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen)) + _, _, e1 := syscall_syscall6(libc_sendto_trampoline_addr, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_sendto_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_sendto sendto "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) { - r0, _, e1 := Syscall(SYS_RECVMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags)) + r0, _, e1 := syscall_syscall(libc_recvmsg_trampoline_addr, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags)) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -191,10 +251,14 @@ func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) { return } +var libc_recvmsg_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_recvmsg recvmsg "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) { - r0, _, e1 := Syscall(SYS_SENDMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags)) + r0, _, e1 := syscall_syscall(libc_sendmsg_trampoline_addr, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags)) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -202,10 +266,14 @@ func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) { return } +var libc_sendmsg_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_sendmsg sendmsg "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func kevent(kq int, change unsafe.Pointer, nchange int, event unsafe.Pointer, nevent int, timeout *Timespec) (n int, err error) { - r0, _, e1 := Syscall6(SYS_KEVENT, uintptr(kq), uintptr(change), uintptr(nchange), uintptr(event), uintptr(nevent), uintptr(unsafe.Pointer(timeout))) + r0, _, e1 := syscall_syscall6(libc_kevent_trampoline_addr, uintptr(kq), uintptr(change), uintptr(nchange), uintptr(event), uintptr(nevent), uintptr(unsafe.Pointer(timeout))) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -213,6 +281,10 @@ func kevent(kq int, change unsafe.Pointer, nchange int, event unsafe.Pointer, ne return } +var libc_kevent_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_kevent kevent "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func utimes(path string, timeval *[2]Timeval) (err error) { @@ -221,27 +293,35 @@ func utimes(path string, timeval *[2]Timeval) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_UTIMES, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(timeval)), 0) + _, _, e1 := syscall_syscall(libc_utimes_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(timeval)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_utimes_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_utimes utimes "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func futimes(fd int, timeval *[2]Timeval) (err error) { - _, _, e1 := Syscall(SYS_FUTIMES, uintptr(fd), uintptr(unsafe.Pointer(timeval)), 0) + _, _, e1 := syscall_syscall(libc_futimes_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(timeval)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_futimes_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_futimes futimes "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func poll(fds *PollFd, nfds int, timeout int) (n int, err error) { - r0, _, e1 := Syscall(SYS_POLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout)) + r0, _, e1 := syscall_syscall(libc_poll_trampoline_addr, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout)) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -249,6 +329,10 @@ func poll(fds *PollFd, nfds int, timeout int) (n int, err error) { return } +var libc_poll_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_poll poll "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Madvise(b []byte, behav int) (err error) { @@ -258,13 +342,17 @@ func Madvise(b []byte, behav int) (err error) { } else { _p0 = unsafe.Pointer(&_zero) } - _, _, e1 := Syscall(SYS_MADVISE, uintptr(_p0), uintptr(len(b)), uintptr(behav)) + _, _, e1 := syscall_syscall(libc_madvise_trampoline_addr, uintptr(_p0), uintptr(len(b)), uintptr(behav)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_madvise_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_madvise madvise "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Mlock(b []byte) (err error) { @@ -274,23 +362,31 @@ func Mlock(b []byte) (err error) { } else { _p0 = unsafe.Pointer(&_zero) } - _, _, e1 := Syscall(SYS_MLOCK, uintptr(_p0), uintptr(len(b)), 0) + _, _, e1 := syscall_syscall(libc_mlock_trampoline_addr, uintptr(_p0), uintptr(len(b)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_mlock_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mlock mlock "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Mlockall(flags int) (err error) { - _, _, e1 := Syscall(SYS_MLOCKALL, uintptr(flags), 0, 0) + _, _, e1 := syscall_syscall(libc_mlockall_trampoline_addr, uintptr(flags), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_mlockall_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mlockall mlockall "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Mprotect(b []byte, prot int) (err error) { @@ -300,13 +396,17 @@ func Mprotect(b []byte, prot int) (err error) { } else { _p0 = unsafe.Pointer(&_zero) } - _, _, e1 := Syscall(SYS_MPROTECT, uintptr(_p0), uintptr(len(b)), uintptr(prot)) + _, _, e1 := syscall_syscall(libc_mprotect_trampoline_addr, uintptr(_p0), uintptr(len(b)), uintptr(prot)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_mprotect_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mprotect mprotect "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Msync(b []byte, flags int) (err error) { @@ -316,13 +416,17 @@ func Msync(b []byte, flags int) (err error) { } else { _p0 = unsafe.Pointer(&_zero) } - _, _, e1 := Syscall(SYS_MSYNC, uintptr(_p0), uintptr(len(b)), uintptr(flags)) + _, _, e1 := syscall_syscall(libc_msync_trampoline_addr, uintptr(_p0), uintptr(len(b)), uintptr(flags)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_msync_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_msync msync "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Munlock(b []byte) (err error) { @@ -332,33 +436,45 @@ func Munlock(b []byte) (err error) { } else { _p0 = unsafe.Pointer(&_zero) } - _, _, e1 := Syscall(SYS_MUNLOCK, uintptr(_p0), uintptr(len(b)), 0) + _, _, e1 := syscall_syscall(libc_munlock_trampoline_addr, uintptr(_p0), uintptr(len(b)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_munlock_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_munlock munlock "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Munlockall() (err error) { - _, _, e1 := Syscall(SYS_MUNLOCKALL, 0, 0, 0) + _, _, e1 := syscall_syscall(libc_munlockall_trampoline_addr, 0, 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_munlockall_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_munlockall munlockall "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func pipe2(p *[2]_C_int, flags int) (err error) { - _, _, e1 := RawSyscall(SYS_PIPE2, uintptr(unsafe.Pointer(p)), uintptr(flags), 0) + _, _, e1 := syscall_rawSyscall(libc_pipe2_trampoline_addr, uintptr(unsafe.Pointer(p)), uintptr(flags), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_pipe2_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_pipe2 pipe2 "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getdents(fd int, buf []byte) (n int, err error) { @@ -368,7 +484,7 @@ func Getdents(fd int, buf []byte) (n int, err error) { } else { _p0 = unsafe.Pointer(&_zero) } - r0, _, e1 := Syscall(SYS_GETDENTS, uintptr(fd), uintptr(_p0), uintptr(len(buf))) + r0, _, e1 := syscall_syscall(libc_getdents_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(buf))) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -376,6 +492,10 @@ func Getdents(fd int, buf []byte) (n int, err error) { return } +var libc_getdents_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getdents getdents "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getcwd(buf []byte) (n int, err error) { @@ -385,7 +505,7 @@ func Getcwd(buf []byte) (n int, err error) { } else { _p0 = unsafe.Pointer(&_zero) } - r0, _, e1 := Syscall(SYS___GETCWD, uintptr(_p0), uintptr(len(buf)), 0) + r0, _, e1 := syscall_syscall(libc_getcwd_trampoline_addr, uintptr(_p0), uintptr(len(buf)), 0) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -393,16 +513,24 @@ func Getcwd(buf []byte) (n int, err error) { return } +var libc_getcwd_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getcwd getcwd "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func ioctl(fd int, req uint, arg uintptr) (err error) { - _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) + _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_ioctl_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_ioctl ioctl "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { @@ -412,17 +540,21 @@ func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) } else { _p0 = unsafe.Pointer(&_zero) } - _, _, e1 := Syscall6(SYS___SYSCTL, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen)) + _, _, e1 := syscall_syscall6(libc_sysctl_trampoline_addr, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_sysctl_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_sysctl sysctl "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) { - r0, _, e1 := Syscall6(SYS_PPOLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0) + r0, _, e1 := syscall_syscall6(libc_ppoll_trampoline_addr, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -430,6 +562,10 @@ func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, return } +var libc_ppoll_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_ppoll ppoll "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Access(path string, mode uint32) (err error) { @@ -438,23 +574,31 @@ func Access(path string, mode uint32) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_ACCESS, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0) + _, _, e1 := syscall_syscall(libc_access_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_access_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_access access "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Adjtime(delta *Timeval, olddelta *Timeval) (err error) { - _, _, e1 := Syscall(SYS_ADJTIME, uintptr(unsafe.Pointer(delta)), uintptr(unsafe.Pointer(olddelta)), 0) + _, _, e1 := syscall_syscall(libc_adjtime_trampoline_addr, uintptr(unsafe.Pointer(delta)), uintptr(unsafe.Pointer(olddelta)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_adjtime_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_adjtime adjtime "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Chdir(path string) (err error) { @@ -463,13 +607,17 @@ func Chdir(path string) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_CHDIR, uintptr(unsafe.Pointer(_p0)), 0, 0) + _, _, e1 := syscall_syscall(libc_chdir_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_chdir_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_chdir chdir "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Chflags(path string, flags int) (err error) { @@ -478,13 +626,17 @@ func Chflags(path string, flags int) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_CHFLAGS, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0) + _, _, e1 := syscall_syscall(libc_chflags_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_chflags_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_chflags chflags "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Chmod(path string, mode uint32) (err error) { @@ -493,13 +645,17 @@ func Chmod(path string, mode uint32) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_CHMOD, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0) + _, _, e1 := syscall_syscall(libc_chmod_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_chmod_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_chmod chmod "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Chown(path string, uid int, gid int) (err error) { @@ -508,13 +664,17 @@ func Chown(path string, uid int, gid int) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_CHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid)) + _, _, e1 := syscall_syscall(libc_chown_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_chown_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_chown chown "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Chroot(path string) (err error) { @@ -523,27 +683,35 @@ func Chroot(path string) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_CHROOT, uintptr(unsafe.Pointer(_p0)), 0, 0) + _, _, e1 := syscall_syscall(libc_chroot_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_chroot_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_chroot chroot "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Close(fd int) (err error) { - _, _, e1 := Syscall(SYS_CLOSE, uintptr(fd), 0, 0) + _, _, e1 := syscall_syscall(libc_close_trampoline_addr, uintptr(fd), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_close_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_close close "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Dup(fd int) (nfd int, err error) { - r0, _, e1 := Syscall(SYS_DUP, uintptr(fd), 0, 0) + r0, _, e1 := syscall_syscall(libc_dup_trampoline_addr, uintptr(fd), 0, 0) nfd = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -551,33 +719,49 @@ func Dup(fd int) (nfd int, err error) { return } +var libc_dup_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_dup dup "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Dup2(from int, to int) (err error) { - _, _, e1 := Syscall(SYS_DUP2, uintptr(from), uintptr(to), 0) + _, _, e1 := syscall_syscall(libc_dup2_trampoline_addr, uintptr(from), uintptr(to), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_dup2_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_dup2 dup2 "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Dup3(from int, to int, flags int) (err error) { - _, _, e1 := Syscall(SYS_DUP3, uintptr(from), uintptr(to), uintptr(flags)) + _, _, e1 := syscall_syscall(libc_dup3_trampoline_addr, uintptr(from), uintptr(to), uintptr(flags)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_dup3_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_dup3 dup3 "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Exit(code int) { - Syscall(SYS_EXIT, uintptr(code), 0, 0) + syscall_syscall(libc_exit_trampoline_addr, uintptr(code), 0, 0) return } +var libc_exit_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_exit exit "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) { @@ -586,43 +770,59 @@ func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) { if err != nil { return } - _, _, e1 := Syscall6(SYS_FACCESSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0) + _, _, e1 := syscall_syscall6(libc_faccessat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_faccessat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_faccessat faccessat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Fchdir(fd int) (err error) { - _, _, e1 := Syscall(SYS_FCHDIR, uintptr(fd), 0, 0) + _, _, e1 := syscall_syscall(libc_fchdir_trampoline_addr, uintptr(fd), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_fchdir_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fchdir fchdir "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Fchflags(fd int, flags int) (err error) { - _, _, e1 := Syscall(SYS_FCHFLAGS, uintptr(fd), uintptr(flags), 0) + _, _, e1 := syscall_syscall(libc_fchflags_trampoline_addr, uintptr(fd), uintptr(flags), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_fchflags_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fchflags fchflags "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Fchmod(fd int, mode uint32) (err error) { - _, _, e1 := Syscall(SYS_FCHMOD, uintptr(fd), uintptr(mode), 0) + _, _, e1 := syscall_syscall(libc_fchmod_trampoline_addr, uintptr(fd), uintptr(mode), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_fchmod_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fchmod fchmod "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) { @@ -631,23 +831,31 @@ func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) { if err != nil { return } - _, _, e1 := Syscall6(SYS_FCHMODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0) + _, _, e1 := syscall_syscall6(libc_fchmodat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_fchmodat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fchmodat fchmodat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Fchown(fd int, uid int, gid int) (err error) { - _, _, e1 := Syscall(SYS_FCHOWN, uintptr(fd), uintptr(uid), uintptr(gid)) + _, _, e1 := syscall_syscall(libc_fchown_trampoline_addr, uintptr(fd), uintptr(uid), uintptr(gid)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_fchown_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fchown fchown "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) { @@ -656,27 +864,35 @@ func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) { if err != nil { return } - _, _, e1 := Syscall6(SYS_FCHOWNAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0) + _, _, e1 := syscall_syscall6(libc_fchownat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_fchownat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fchownat fchownat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Flock(fd int, how int) (err error) { - _, _, e1 := Syscall(SYS_FLOCK, uintptr(fd), uintptr(how), 0) + _, _, e1 := syscall_syscall(libc_flock_trampoline_addr, uintptr(fd), uintptr(how), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_flock_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_flock flock "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Fpathconf(fd int, name int) (val int, err error) { - r0, _, e1 := Syscall(SYS_FPATHCONF, uintptr(fd), uintptr(name), 0) + r0, _, e1 := syscall_syscall(libc_fpathconf_trampoline_addr, uintptr(fd), uintptr(name), 0) val = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -684,16 +900,24 @@ func Fpathconf(fd int, name int) (val int, err error) { return } +var libc_fpathconf_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fpathconf fpathconf "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Fstat(fd int, stat *Stat_t) (err error) { - _, _, e1 := Syscall(SYS_FSTAT, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0) + _, _, e1 := syscall_syscall(libc_fstat_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_fstat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fstat fstat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) { @@ -702,71 +926,99 @@ func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) { if err != nil { return } - _, _, e1 := Syscall6(SYS_FSTATAT, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0) + _, _, e1 := syscall_syscall6(libc_fstatat_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_fstatat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fstatat fstatat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Fstatfs(fd int, stat *Statfs_t) (err error) { - _, _, e1 := Syscall(SYS_FSTATFS, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0) + _, _, e1 := syscall_syscall(libc_fstatfs_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_fstatfs_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fstatfs fstatfs "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Fsync(fd int) (err error) { - _, _, e1 := Syscall(SYS_FSYNC, uintptr(fd), 0, 0) + _, _, e1 := syscall_syscall(libc_fsync_trampoline_addr, uintptr(fd), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_fsync_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fsync fsync "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Ftruncate(fd int, length int64) (err error) { - _, _, e1 := Syscall(SYS_FTRUNCATE, uintptr(fd), 0, uintptr(length)) + _, _, e1 := syscall_syscall(libc_ftruncate_trampoline_addr, uintptr(fd), uintptr(length), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_ftruncate_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_ftruncate ftruncate "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getegid() (egid int) { - r0, _, _ := RawSyscall(SYS_GETEGID, 0, 0, 0) + r0, _, _ := syscall_rawSyscall(libc_getegid_trampoline_addr, 0, 0, 0) egid = int(r0) return } +var libc_getegid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getegid getegid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Geteuid() (uid int) { - r0, _, _ := RawSyscall(SYS_GETEUID, 0, 0, 0) + r0, _, _ := syscall_rawSyscall(libc_geteuid_trampoline_addr, 0, 0, 0) uid = int(r0) return } +var libc_geteuid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_geteuid geteuid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getgid() (gid int) { - r0, _, _ := RawSyscall(SYS_GETGID, 0, 0, 0) + r0, _, _ := syscall_rawSyscall(libc_getgid_trampoline_addr, 0, 0, 0) gid = int(r0) return } +var libc_getgid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getgid getgid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getpgid(pid int) (pgid int, err error) { - r0, _, e1 := RawSyscall(SYS_GETPGID, uintptr(pid), 0, 0) + r0, _, e1 := syscall_rawSyscall(libc_getpgid_trampoline_addr, uintptr(pid), 0, 0) pgid = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -774,34 +1026,50 @@ func Getpgid(pid int) (pgid int, err error) { return } +var libc_getpgid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getpgid getpgid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getpgrp() (pgrp int) { - r0, _, _ := RawSyscall(SYS_GETPGRP, 0, 0, 0) + r0, _, _ := syscall_rawSyscall(libc_getpgrp_trampoline_addr, 0, 0, 0) pgrp = int(r0) return } +var libc_getpgrp_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getpgrp getpgrp "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getpid() (pid int) { - r0, _, _ := RawSyscall(SYS_GETPID, 0, 0, 0) + r0, _, _ := syscall_rawSyscall(libc_getpid_trampoline_addr, 0, 0, 0) pid = int(r0) return } +var libc_getpid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getpid getpid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getppid() (ppid int) { - r0, _, _ := RawSyscall(SYS_GETPPID, 0, 0, 0) + r0, _, _ := syscall_rawSyscall(libc_getppid_trampoline_addr, 0, 0, 0) ppid = int(r0) return } +var libc_getppid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getppid getppid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getpriority(which int, who int) (prio int, err error) { - r0, _, e1 := Syscall(SYS_GETPRIORITY, uintptr(which), uintptr(who), 0) + r0, _, e1 := syscall_syscall(libc_getpriority_trampoline_addr, uintptr(which), uintptr(who), 0) prio = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -809,20 +1077,28 @@ func Getpriority(which int, who int) (prio int, err error) { return } +var libc_getpriority_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getpriority getpriority "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getrlimit(which int, lim *Rlimit) (err error) { - _, _, e1 := RawSyscall(SYS_GETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0) + _, _, e1 := syscall_rawSyscall(libc_getrlimit_trampoline_addr, uintptr(which), uintptr(unsafe.Pointer(lim)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_getrlimit_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getrlimit getrlimit "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getrtable() (rtable int, err error) { - r0, _, e1 := RawSyscall(SYS_GETRTABLE, 0, 0, 0) + r0, _, e1 := syscall_rawSyscall(libc_getrtable_trampoline_addr, 0, 0, 0) rtable = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -830,20 +1106,28 @@ func Getrtable() (rtable int, err error) { return } +var libc_getrtable_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getrtable getrtable "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getrusage(who int, rusage *Rusage) (err error) { - _, _, e1 := RawSyscall(SYS_GETRUSAGE, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0) + _, _, e1 := syscall_rawSyscall(libc_getrusage_trampoline_addr, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_getrusage_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getrusage getrusage "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getsid(pid int) (sid int, err error) { - r0, _, e1 := RawSyscall(SYS_GETSID, uintptr(pid), 0, 0) + r0, _, e1 := syscall_rawSyscall(libc_getsid_trampoline_addr, uintptr(pid), 0, 0) sid = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -851,46 +1135,66 @@ func Getsid(pid int) (sid int, err error) { return } +var libc_getsid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getsid getsid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Gettimeofday(tv *Timeval) (err error) { - _, _, e1 := RawSyscall(SYS_GETTIMEOFDAY, uintptr(unsafe.Pointer(tv)), 0, 0) + _, _, e1 := syscall_rawSyscall(libc_gettimeofday_trampoline_addr, uintptr(unsafe.Pointer(tv)), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_gettimeofday_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_gettimeofday gettimeofday "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getuid() (uid int) { - r0, _, _ := RawSyscall(SYS_GETUID, 0, 0, 0) + r0, _, _ := syscall_rawSyscall(libc_getuid_trampoline_addr, 0, 0, 0) uid = int(r0) return } +var libc_getuid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getuid getuid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Issetugid() (tainted bool) { - r0, _, _ := Syscall(SYS_ISSETUGID, 0, 0, 0) + r0, _, _ := syscall_syscall(libc_issetugid_trampoline_addr, 0, 0, 0) tainted = bool(r0 != 0) return } +var libc_issetugid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_issetugid issetugid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Kill(pid int, signum syscall.Signal) (err error) { - _, _, e1 := Syscall(SYS_KILL, uintptr(pid), uintptr(signum), 0) + _, _, e1 := syscall_syscall(libc_kill_trampoline_addr, uintptr(pid), uintptr(signum), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_kill_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_kill kill "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Kqueue() (fd int, err error) { - r0, _, e1 := Syscall(SYS_KQUEUE, 0, 0, 0) + r0, _, e1 := syscall_syscall(libc_kqueue_trampoline_addr, 0, 0, 0) fd = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -898,6 +1202,10 @@ func Kqueue() (fd int, err error) { return } +var libc_kqueue_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_kqueue kqueue "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Lchown(path string, uid int, gid int) (err error) { @@ -906,13 +1214,17 @@ func Lchown(path string, uid int, gid int) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_LCHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid)) + _, _, e1 := syscall_syscall(libc_lchown_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_lchown_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_lchown lchown "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Link(path string, link string) (err error) { @@ -926,13 +1238,17 @@ func Link(path string, link string) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0) + _, _, e1 := syscall_syscall(libc_link_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_link_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_link link "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Linkat(pathfd int, path string, linkfd int, link string, flags int) (err error) { @@ -946,23 +1262,31 @@ func Linkat(pathfd int, path string, linkfd int, link string, flags int) (err er if err != nil { return } - _, _, e1 := Syscall6(SYS_LINKAT, uintptr(pathfd), uintptr(unsafe.Pointer(_p0)), uintptr(linkfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0) + _, _, e1 := syscall_syscall6(libc_linkat_trampoline_addr, uintptr(pathfd), uintptr(unsafe.Pointer(_p0)), uintptr(linkfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_linkat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_linkat linkat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Listen(s int, backlog int) (err error) { - _, _, e1 := Syscall(SYS_LISTEN, uintptr(s), uintptr(backlog), 0) + _, _, e1 := syscall_syscall(libc_listen_trampoline_addr, uintptr(s), uintptr(backlog), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_listen_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_listen listen "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Lstat(path string, stat *Stat_t) (err error) { @@ -971,13 +1295,17 @@ func Lstat(path string, stat *Stat_t) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_LSTAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0) + _, _, e1 := syscall_syscall(libc_lstat_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_lstat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_lstat lstat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Mkdir(path string, mode uint32) (err error) { @@ -986,13 +1314,17 @@ func Mkdir(path string, mode uint32) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_MKDIR, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0) + _, _, e1 := syscall_syscall(libc_mkdir_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_mkdir_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mkdir mkdir "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Mkdirat(dirfd int, path string, mode uint32) (err error) { @@ -1001,13 +1333,17 @@ func Mkdirat(dirfd int, path string, mode uint32) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_MKDIRAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode)) + _, _, e1 := syscall_syscall(libc_mkdirat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_mkdirat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mkdirat mkdirat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Mkfifo(path string, mode uint32) (err error) { @@ -1016,13 +1352,17 @@ func Mkfifo(path string, mode uint32) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_MKFIFO, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0) + _, _, e1 := syscall_syscall(libc_mkfifo_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_mkfifo_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mkfifo mkfifo "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Mkfifoat(dirfd int, path string, mode uint32) (err error) { @@ -1031,13 +1371,17 @@ func Mkfifoat(dirfd int, path string, mode uint32) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_MKFIFOAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode)) + _, _, e1 := syscall_syscall(libc_mkfifoat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_mkfifoat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mkfifoat mkfifoat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Mknod(path string, mode uint32, dev int) (err error) { @@ -1046,13 +1390,17 @@ func Mknod(path string, mode uint32, dev int) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_MKNOD, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev)) + _, _, e1 := syscall_syscall(libc_mknod_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_mknod_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mknod mknod "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Mknodat(dirfd int, path string, mode uint32, dev int) (err error) { @@ -1061,23 +1409,31 @@ func Mknodat(dirfd int, path string, mode uint32, dev int) (err error) { if err != nil { return } - _, _, e1 := Syscall6(SYS_MKNODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0) + _, _, e1 := syscall_syscall6(libc_mknodat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_mknodat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mknodat mknodat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Nanosleep(time *Timespec, leftover *Timespec) (err error) { - _, _, e1 := Syscall(SYS_NANOSLEEP, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0) + _, _, e1 := syscall_syscall(libc_nanosleep_trampoline_addr, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_nanosleep_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_nanosleep nanosleep "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Open(path string, mode int, perm uint32) (fd int, err error) { @@ -1086,7 +1442,7 @@ func Open(path string, mode int, perm uint32) (fd int, err error) { if err != nil { return } - r0, _, e1 := Syscall(SYS_OPEN, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm)) + r0, _, e1 := syscall_syscall(libc_open_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm)) fd = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -1094,6 +1450,10 @@ func Open(path string, mode int, perm uint32) (fd int, err error) { return } +var libc_open_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_open open "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error) { @@ -1102,7 +1462,7 @@ func Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error) { if err != nil { return } - r0, _, e1 := Syscall6(SYS_OPENAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm), 0, 0) + r0, _, e1 := syscall_syscall6(libc_openat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm), 0, 0) fd = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -1110,6 +1470,10 @@ func Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error) { return } +var libc_openat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_openat openat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Pathconf(path string, name int) (val int, err error) { @@ -1118,7 +1482,7 @@ func Pathconf(path string, name int) (val int, err error) { if err != nil { return } - r0, _, e1 := Syscall(SYS_PATHCONF, uintptr(unsafe.Pointer(_p0)), uintptr(name), 0) + r0, _, e1 := syscall_syscall(libc_pathconf_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(name), 0) val = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -1126,6 +1490,10 @@ func Pathconf(path string, name int) (val int, err error) { return } +var libc_pathconf_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_pathconf pathconf "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func pread(fd int, p []byte, offset int64) (n int, err error) { @@ -1135,7 +1503,7 @@ func pread(fd int, p []byte, offset int64) (n int, err error) { } else { _p0 = unsafe.Pointer(&_zero) } - r0, _, e1 := Syscall6(SYS_PREAD, uintptr(fd), uintptr(_p0), uintptr(len(p)), 0, uintptr(offset), 0) + r0, _, e1 := syscall_syscall6(libc_pread_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -1143,6 +1511,10 @@ func pread(fd int, p []byte, offset int64) (n int, err error) { return } +var libc_pread_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_pread pread "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func pwrite(fd int, p []byte, offset int64) (n int, err error) { @@ -1152,7 +1524,7 @@ func pwrite(fd int, p []byte, offset int64) (n int, err error) { } else { _p0 = unsafe.Pointer(&_zero) } - r0, _, e1 := Syscall6(SYS_PWRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)), 0, uintptr(offset), 0) + r0, _, e1 := syscall_syscall6(libc_pwrite_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -1160,6 +1532,10 @@ func pwrite(fd int, p []byte, offset int64) (n int, err error) { return } +var libc_pwrite_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_pwrite pwrite "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func read(fd int, p []byte) (n int, err error) { @@ -1169,7 +1545,7 @@ func read(fd int, p []byte) (n int, err error) { } else { _p0 = unsafe.Pointer(&_zero) } - r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(_p0), uintptr(len(p))) + r0, _, e1 := syscall_syscall(libc_read_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(p))) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -1177,6 +1553,10 @@ func read(fd int, p []byte) (n int, err error) { return } +var libc_read_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_read read "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Readlink(path string, buf []byte) (n int, err error) { @@ -1191,7 +1571,7 @@ func Readlink(path string, buf []byte) (n int, err error) { } else { _p1 = unsafe.Pointer(&_zero) } - r0, _, e1 := Syscall(SYS_READLINK, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf))) + r0, _, e1 := syscall_syscall(libc_readlink_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf))) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -1199,6 +1579,10 @@ func Readlink(path string, buf []byte) (n int, err error) { return } +var libc_readlink_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_readlink readlink "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) { @@ -1213,7 +1597,7 @@ func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) { } else { _p1 = unsafe.Pointer(&_zero) } - r0, _, e1 := Syscall6(SYS_READLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0) + r0, _, e1 := syscall_syscall6(libc_readlinkat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -1221,6 +1605,10 @@ func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) { return } +var libc_readlinkat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_readlinkat readlinkat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Rename(from string, to string) (err error) { @@ -1234,13 +1622,17 @@ func Rename(from string, to string) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_RENAME, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0) + _, _, e1 := syscall_syscall(libc_rename_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_rename_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_rename rename "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Renameat(fromfd int, from string, tofd int, to string) (err error) { @@ -1254,13 +1646,17 @@ func Renameat(fromfd int, from string, tofd int, to string) (err error) { if err != nil { return } - _, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(fromfd), uintptr(unsafe.Pointer(_p0)), uintptr(tofd), uintptr(unsafe.Pointer(_p1)), 0, 0) + _, _, e1 := syscall_syscall6(libc_renameat_trampoline_addr, uintptr(fromfd), uintptr(unsafe.Pointer(_p0)), uintptr(tofd), uintptr(unsafe.Pointer(_p1)), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_renameat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_renameat renameat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Revoke(path string) (err error) { @@ -1269,13 +1665,17 @@ func Revoke(path string) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_REVOKE, uintptr(unsafe.Pointer(_p0)), 0, 0) + _, _, e1 := syscall_syscall(libc_revoke_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_revoke_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_revoke revoke "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Rmdir(path string) (err error) { @@ -1284,17 +1684,21 @@ func Rmdir(path string) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_RMDIR, uintptr(unsafe.Pointer(_p0)), 0, 0) + _, _, e1 := syscall_syscall(libc_rmdir_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_rmdir_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_rmdir rmdir "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Seek(fd int, offset int64, whence int) (newoffset int64, err error) { - r0, _, e1 := Syscall6(SYS_LSEEK, uintptr(fd), 0, uintptr(offset), uintptr(whence), 0, 0) + r0, _, e1 := syscall_syscall(libc_lseek_trampoline_addr, uintptr(fd), uintptr(offset), uintptr(whence)) newoffset = int64(r0) if e1 != 0 { err = errnoErr(e1) @@ -1302,10 +1706,14 @@ func Seek(fd int, offset int64, whence int) (newoffset int64, err error) { return } +var libc_lseek_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_lseek lseek "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) { - r0, _, e1 := Syscall6(SYS_SELECT, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0) + r0, _, e1 := syscall_syscall6(libc_select_trampoline_addr, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -1313,36 +1721,52 @@ func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err return } +var libc_select_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_select select "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setegid(egid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETEGID, uintptr(egid), 0, 0) + _, _, e1 := syscall_rawSyscall(libc_setegid_trampoline_addr, uintptr(egid), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setegid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setegid setegid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Seteuid(euid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETEUID, uintptr(euid), 0, 0) + _, _, e1 := syscall_rawSyscall(libc_seteuid_trampoline_addr, uintptr(euid), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_seteuid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_seteuid seteuid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setgid(gid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETGID, uintptr(gid), 0, 0) + _, _, e1 := syscall_rawSyscall(libc_setgid_trampoline_addr, uintptr(gid), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setgid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setgid setgid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setlogin(name string) (err error) { @@ -1351,97 +1775,133 @@ func Setlogin(name string) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_SETLOGIN, uintptr(unsafe.Pointer(_p0)), 0, 0) + _, _, e1 := syscall_syscall(libc_setlogin_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setlogin_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setlogin setlogin "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setpgid(pid int, pgid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETPGID, uintptr(pid), uintptr(pgid), 0) + _, _, e1 := syscall_rawSyscall(libc_setpgid_trampoline_addr, uintptr(pid), uintptr(pgid), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setpgid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setpgid setpgid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setpriority(which int, who int, prio int) (err error) { - _, _, e1 := Syscall(SYS_SETPRIORITY, uintptr(which), uintptr(who), uintptr(prio)) + _, _, e1 := syscall_syscall(libc_setpriority_trampoline_addr, uintptr(which), uintptr(who), uintptr(prio)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setpriority_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setpriority setpriority "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setregid(rgid int, egid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0) + _, _, e1 := syscall_rawSyscall(libc_setregid_trampoline_addr, uintptr(rgid), uintptr(egid), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setregid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setregid setregid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setreuid(ruid int, euid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0) + _, _, e1 := syscall_rawSyscall(libc_setreuid_trampoline_addr, uintptr(ruid), uintptr(euid), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setreuid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setreuid setreuid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setresgid(rgid int, egid int, sgid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETRESGID, uintptr(rgid), uintptr(egid), uintptr(sgid)) + _, _, e1 := syscall_rawSyscall(libc_setresgid_trampoline_addr, uintptr(rgid), uintptr(egid), uintptr(sgid)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setresgid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setresgid setresgid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setresuid(ruid int, euid int, suid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETRESUID, uintptr(ruid), uintptr(euid), uintptr(suid)) + _, _, e1 := syscall_rawSyscall(libc_setresuid_trampoline_addr, uintptr(ruid), uintptr(euid), uintptr(suid)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setresuid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setresuid setresuid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setrlimit(which int, lim *Rlimit) (err error) { - _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0) + _, _, e1 := syscall_rawSyscall(libc_setrlimit_trampoline_addr, uintptr(which), uintptr(unsafe.Pointer(lim)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setrlimit_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setrlimit setrlimit "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setrtable(rtable int) (err error) { - _, _, e1 := RawSyscall(SYS_SETRTABLE, uintptr(rtable), 0, 0) + _, _, e1 := syscall_rawSyscall(libc_setrtable_trampoline_addr, uintptr(rtable), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setrtable_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setrtable setrtable "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setsid() (pid int, err error) { - r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0) + r0, _, e1 := syscall_rawSyscall(libc_setsid_trampoline_addr, 0, 0, 0) pid = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -1449,26 +1909,38 @@ func Setsid() (pid int, err error) { return } +var libc_setsid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setsid setsid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Settimeofday(tp *Timeval) (err error) { - _, _, e1 := RawSyscall(SYS_SETTIMEOFDAY, uintptr(unsafe.Pointer(tp)), 0, 0) + _, _, e1 := syscall_rawSyscall(libc_settimeofday_trampoline_addr, uintptr(unsafe.Pointer(tp)), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_settimeofday_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_settimeofday settimeofday "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setuid(uid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETUID, uintptr(uid), 0, 0) + _, _, e1 := syscall_rawSyscall(libc_setuid_trampoline_addr, uintptr(uid), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setuid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setuid setuid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Stat(path string, stat *Stat_t) (err error) { @@ -1477,13 +1949,17 @@ func Stat(path string, stat *Stat_t) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_STAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0) + _, _, e1 := syscall_syscall(libc_stat_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_stat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_stat stat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Statfs(path string, stat *Statfs_t) (err error) { @@ -1492,13 +1968,17 @@ func Statfs(path string, stat *Statfs_t) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_STATFS, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0) + _, _, e1 := syscall_syscall(libc_statfs_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_statfs_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_statfs statfs "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Symlink(path string, link string) (err error) { @@ -1512,13 +1992,17 @@ func Symlink(path string, link string) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_SYMLINK, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0) + _, _, e1 := syscall_syscall(libc_symlink_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_symlink_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_symlink symlink "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) { @@ -1532,23 +2016,31 @@ func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_SYMLINKAT, uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1))) + _, _, e1 := syscall_syscall(libc_symlinkat_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1))) if e1 != 0 { err = errnoErr(e1) } return } +var libc_symlinkat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_symlinkat symlinkat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Sync() (err error) { - _, _, e1 := Syscall(SYS_SYNC, 0, 0, 0) + _, _, e1 := syscall_syscall(libc_sync_trampoline_addr, 0, 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_sync_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_sync sync "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Truncate(path string, length int64) (err error) { @@ -1557,21 +2049,29 @@ func Truncate(path string, length int64) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_TRUNCATE, uintptr(unsafe.Pointer(_p0)), 0, uintptr(length)) + _, _, e1 := syscall_syscall(libc_truncate_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(length), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_truncate_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_truncate truncate "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Umask(newmask int) (oldmask int) { - r0, _, _ := Syscall(SYS_UMASK, uintptr(newmask), 0, 0) + r0, _, _ := syscall_syscall(libc_umask_trampoline_addr, uintptr(newmask), 0, 0) oldmask = int(r0) return } +var libc_umask_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_umask umask "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Unlink(path string) (err error) { @@ -1580,13 +2080,17 @@ func Unlink(path string) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_UNLINK, uintptr(unsafe.Pointer(_p0)), 0, 0) + _, _, e1 := syscall_syscall(libc_unlink_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_unlink_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_unlink unlink "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Unlinkat(dirfd int, path string, flags int) (err error) { @@ -1595,13 +2099,17 @@ func Unlinkat(dirfd int, path string, flags int) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_UNLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags)) + _, _, e1 := syscall_syscall(libc_unlinkat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_unlinkat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_unlinkat unlinkat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Unmount(path string, flags int) (err error) { @@ -1610,13 +2118,17 @@ func Unmount(path string, flags int) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_UNMOUNT, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0) + _, _, e1 := syscall_syscall(libc_unmount_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_unmount_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_unmount unmount "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func write(fd int, p []byte) (n int, err error) { @@ -1626,7 +2138,7 @@ func write(fd int, p []byte) (n int, err error) { } else { _p0 = unsafe.Pointer(&_zero) } - r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(_p0), uintptr(len(p))) + r0, _, e1 := syscall_syscall(libc_write_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(p))) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -1634,10 +2146,14 @@ func write(fd int, p []byte) (n int, err error) { return } +var libc_write_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_write write "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error) { - r0, _, e1 := Syscall9(SYS_MMAP, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flag), uintptr(fd), 0, uintptr(pos), 0, 0) + r0, _, e1 := syscall_syscall6(libc_mmap_trampoline_addr, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flag), uintptr(fd), uintptr(pos)) ret = uintptr(r0) if e1 != 0 { err = errnoErr(e1) @@ -1645,20 +2161,28 @@ func mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) ( return } +var libc_mmap_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mmap mmap "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func munmap(addr uintptr, length uintptr) (err error) { - _, _, e1 := Syscall(SYS_MUNMAP, uintptr(addr), uintptr(length), 0) + _, _, e1 := syscall_syscall(libc_munmap_trampoline_addr, uintptr(addr), uintptr(length), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_munmap_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_munmap munmap "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func readlen(fd int, buf *byte, nbuf int) (n int, err error) { - r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf)) + r0, _, e1 := syscall_syscall(libc_read_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf)) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -1669,7 +2193,7 @@ func readlen(fd int, buf *byte, nbuf int) (n int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func writelen(fd int, buf *byte, nbuf int) (n int, err error) { - r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf)) + r0, _, e1 := syscall_syscall(libc_write_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf)) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -1685,9 +2209,13 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error if err != nil { return } - _, _, e1 := Syscall6(SYS_UTIMENSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), uintptr(flags), 0, 0) + _, _, e1 := syscall_syscall6(libc_utimensat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), uintptr(flags), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } + +var libc_utimensat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_utimensat utimensat "libc.so" diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s new file mode 100644 index 00000000000..4efeff9abbf --- /dev/null +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s @@ -0,0 +1,796 @@ +// go run mkasm.go openbsd arm64 +// Code generated by the command above; DO NOT EDIT. + +#include "textflag.h" + +TEXT libc_getgroups_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getgroups(SB) + +GLOBL ·libc_getgroups_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getgroups_trampoline_addr(SB)/8, $libc_getgroups_trampoline<>(SB) + +TEXT libc_setgroups_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setgroups(SB) + +GLOBL ·libc_setgroups_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setgroups_trampoline_addr(SB)/8, $libc_setgroups_trampoline<>(SB) + +TEXT libc_wait4_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_wait4(SB) + +GLOBL ·libc_wait4_trampoline_addr(SB), RODATA, $8 +DATA ·libc_wait4_trampoline_addr(SB)/8, $libc_wait4_trampoline<>(SB) + +TEXT libc_accept_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_accept(SB) + +GLOBL ·libc_accept_trampoline_addr(SB), RODATA, $8 +DATA ·libc_accept_trampoline_addr(SB)/8, $libc_accept_trampoline<>(SB) + +TEXT libc_bind_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_bind(SB) + +GLOBL ·libc_bind_trampoline_addr(SB), RODATA, $8 +DATA ·libc_bind_trampoline_addr(SB)/8, $libc_bind_trampoline<>(SB) + +TEXT libc_connect_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_connect(SB) + +GLOBL ·libc_connect_trampoline_addr(SB), RODATA, $8 +DATA ·libc_connect_trampoline_addr(SB)/8, $libc_connect_trampoline<>(SB) + +TEXT libc_socket_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_socket(SB) + +GLOBL ·libc_socket_trampoline_addr(SB), RODATA, $8 +DATA ·libc_socket_trampoline_addr(SB)/8, $libc_socket_trampoline<>(SB) + +TEXT libc_getsockopt_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getsockopt(SB) + +GLOBL ·libc_getsockopt_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getsockopt_trampoline_addr(SB)/8, $libc_getsockopt_trampoline<>(SB) + +TEXT libc_setsockopt_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setsockopt(SB) + +GLOBL ·libc_setsockopt_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setsockopt_trampoline_addr(SB)/8, $libc_setsockopt_trampoline<>(SB) + +TEXT libc_getpeername_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getpeername(SB) + +GLOBL ·libc_getpeername_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getpeername_trampoline_addr(SB)/8, $libc_getpeername_trampoline<>(SB) + +TEXT libc_getsockname_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getsockname(SB) + +GLOBL ·libc_getsockname_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getsockname_trampoline_addr(SB)/8, $libc_getsockname_trampoline<>(SB) + +TEXT libc_shutdown_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_shutdown(SB) + +GLOBL ·libc_shutdown_trampoline_addr(SB), RODATA, $8 +DATA ·libc_shutdown_trampoline_addr(SB)/8, $libc_shutdown_trampoline<>(SB) + +TEXT libc_socketpair_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_socketpair(SB) + +GLOBL ·libc_socketpair_trampoline_addr(SB), RODATA, $8 +DATA ·libc_socketpair_trampoline_addr(SB)/8, $libc_socketpair_trampoline<>(SB) + +TEXT libc_recvfrom_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_recvfrom(SB) + +GLOBL ·libc_recvfrom_trampoline_addr(SB), RODATA, $8 +DATA ·libc_recvfrom_trampoline_addr(SB)/8, $libc_recvfrom_trampoline<>(SB) + +TEXT libc_sendto_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_sendto(SB) + +GLOBL ·libc_sendto_trampoline_addr(SB), RODATA, $8 +DATA ·libc_sendto_trampoline_addr(SB)/8, $libc_sendto_trampoline<>(SB) + +TEXT libc_recvmsg_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_recvmsg(SB) + +GLOBL ·libc_recvmsg_trampoline_addr(SB), RODATA, $8 +DATA ·libc_recvmsg_trampoline_addr(SB)/8, $libc_recvmsg_trampoline<>(SB) + +TEXT libc_sendmsg_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_sendmsg(SB) + +GLOBL ·libc_sendmsg_trampoline_addr(SB), RODATA, $8 +DATA ·libc_sendmsg_trampoline_addr(SB)/8, $libc_sendmsg_trampoline<>(SB) + +TEXT libc_kevent_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_kevent(SB) + +GLOBL ·libc_kevent_trampoline_addr(SB), RODATA, $8 +DATA ·libc_kevent_trampoline_addr(SB)/8, $libc_kevent_trampoline<>(SB) + +TEXT libc_utimes_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_utimes(SB) + +GLOBL ·libc_utimes_trampoline_addr(SB), RODATA, $8 +DATA ·libc_utimes_trampoline_addr(SB)/8, $libc_utimes_trampoline<>(SB) + +TEXT libc_futimes_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_futimes(SB) + +GLOBL ·libc_futimes_trampoline_addr(SB), RODATA, $8 +DATA ·libc_futimes_trampoline_addr(SB)/8, $libc_futimes_trampoline<>(SB) + +TEXT libc_poll_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_poll(SB) + +GLOBL ·libc_poll_trampoline_addr(SB), RODATA, $8 +DATA ·libc_poll_trampoline_addr(SB)/8, $libc_poll_trampoline<>(SB) + +TEXT libc_madvise_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_madvise(SB) + +GLOBL ·libc_madvise_trampoline_addr(SB), RODATA, $8 +DATA ·libc_madvise_trampoline_addr(SB)/8, $libc_madvise_trampoline<>(SB) + +TEXT libc_mlock_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_mlock(SB) + +GLOBL ·libc_mlock_trampoline_addr(SB), RODATA, $8 +DATA ·libc_mlock_trampoline_addr(SB)/8, $libc_mlock_trampoline<>(SB) + +TEXT libc_mlockall_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_mlockall(SB) + +GLOBL ·libc_mlockall_trampoline_addr(SB), RODATA, $8 +DATA ·libc_mlockall_trampoline_addr(SB)/8, $libc_mlockall_trampoline<>(SB) + +TEXT libc_mprotect_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_mprotect(SB) + +GLOBL ·libc_mprotect_trampoline_addr(SB), RODATA, $8 +DATA ·libc_mprotect_trampoline_addr(SB)/8, $libc_mprotect_trampoline<>(SB) + +TEXT libc_msync_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_msync(SB) + +GLOBL ·libc_msync_trampoline_addr(SB), RODATA, $8 +DATA ·libc_msync_trampoline_addr(SB)/8, $libc_msync_trampoline<>(SB) + +TEXT libc_munlock_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_munlock(SB) + +GLOBL ·libc_munlock_trampoline_addr(SB), RODATA, $8 +DATA ·libc_munlock_trampoline_addr(SB)/8, $libc_munlock_trampoline<>(SB) + +TEXT libc_munlockall_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_munlockall(SB) + +GLOBL ·libc_munlockall_trampoline_addr(SB), RODATA, $8 +DATA ·libc_munlockall_trampoline_addr(SB)/8, $libc_munlockall_trampoline<>(SB) + +TEXT libc_pipe2_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_pipe2(SB) + +GLOBL ·libc_pipe2_trampoline_addr(SB), RODATA, $8 +DATA ·libc_pipe2_trampoline_addr(SB)/8, $libc_pipe2_trampoline<>(SB) + +TEXT libc_getdents_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getdents(SB) + +GLOBL ·libc_getdents_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getdents_trampoline_addr(SB)/8, $libc_getdents_trampoline<>(SB) + +TEXT libc_getcwd_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getcwd(SB) + +GLOBL ·libc_getcwd_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getcwd_trampoline_addr(SB)/8, $libc_getcwd_trampoline<>(SB) + +TEXT libc_ioctl_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_ioctl(SB) + +GLOBL ·libc_ioctl_trampoline_addr(SB), RODATA, $8 +DATA ·libc_ioctl_trampoline_addr(SB)/8, $libc_ioctl_trampoline<>(SB) + +TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_sysctl(SB) + +GLOBL ·libc_sysctl_trampoline_addr(SB), RODATA, $8 +DATA ·libc_sysctl_trampoline_addr(SB)/8, $libc_sysctl_trampoline<>(SB) + +TEXT libc_ppoll_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_ppoll(SB) + +GLOBL ·libc_ppoll_trampoline_addr(SB), RODATA, $8 +DATA ·libc_ppoll_trampoline_addr(SB)/8, $libc_ppoll_trampoline<>(SB) + +TEXT libc_access_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_access(SB) + +GLOBL ·libc_access_trampoline_addr(SB), RODATA, $8 +DATA ·libc_access_trampoline_addr(SB)/8, $libc_access_trampoline<>(SB) + +TEXT libc_adjtime_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_adjtime(SB) + +GLOBL ·libc_adjtime_trampoline_addr(SB), RODATA, $8 +DATA ·libc_adjtime_trampoline_addr(SB)/8, $libc_adjtime_trampoline<>(SB) + +TEXT libc_chdir_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_chdir(SB) + +GLOBL ·libc_chdir_trampoline_addr(SB), RODATA, $8 +DATA ·libc_chdir_trampoline_addr(SB)/8, $libc_chdir_trampoline<>(SB) + +TEXT libc_chflags_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_chflags(SB) + +GLOBL ·libc_chflags_trampoline_addr(SB), RODATA, $8 +DATA ·libc_chflags_trampoline_addr(SB)/8, $libc_chflags_trampoline<>(SB) + +TEXT libc_chmod_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_chmod(SB) + +GLOBL ·libc_chmod_trampoline_addr(SB), RODATA, $8 +DATA ·libc_chmod_trampoline_addr(SB)/8, $libc_chmod_trampoline<>(SB) + +TEXT libc_chown_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_chown(SB) + +GLOBL ·libc_chown_trampoline_addr(SB), RODATA, $8 +DATA ·libc_chown_trampoline_addr(SB)/8, $libc_chown_trampoline<>(SB) + +TEXT libc_chroot_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_chroot(SB) + +GLOBL ·libc_chroot_trampoline_addr(SB), RODATA, $8 +DATA ·libc_chroot_trampoline_addr(SB)/8, $libc_chroot_trampoline<>(SB) + +TEXT libc_close_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_close(SB) + +GLOBL ·libc_close_trampoline_addr(SB), RODATA, $8 +DATA ·libc_close_trampoline_addr(SB)/8, $libc_close_trampoline<>(SB) + +TEXT libc_dup_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_dup(SB) + +GLOBL ·libc_dup_trampoline_addr(SB), RODATA, $8 +DATA ·libc_dup_trampoline_addr(SB)/8, $libc_dup_trampoline<>(SB) + +TEXT libc_dup2_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_dup2(SB) + +GLOBL ·libc_dup2_trampoline_addr(SB), RODATA, $8 +DATA ·libc_dup2_trampoline_addr(SB)/8, $libc_dup2_trampoline<>(SB) + +TEXT libc_dup3_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_dup3(SB) + +GLOBL ·libc_dup3_trampoline_addr(SB), RODATA, $8 +DATA ·libc_dup3_trampoline_addr(SB)/8, $libc_dup3_trampoline<>(SB) + +TEXT libc_exit_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_exit(SB) + +GLOBL ·libc_exit_trampoline_addr(SB), RODATA, $8 +DATA ·libc_exit_trampoline_addr(SB)/8, $libc_exit_trampoline<>(SB) + +TEXT libc_faccessat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_faccessat(SB) + +GLOBL ·libc_faccessat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_faccessat_trampoline_addr(SB)/8, $libc_faccessat_trampoline<>(SB) + +TEXT libc_fchdir_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fchdir(SB) + +GLOBL ·libc_fchdir_trampoline_addr(SB), RODATA, $8 +DATA ·libc_fchdir_trampoline_addr(SB)/8, $libc_fchdir_trampoline<>(SB) + +TEXT libc_fchflags_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fchflags(SB) + +GLOBL ·libc_fchflags_trampoline_addr(SB), RODATA, $8 +DATA ·libc_fchflags_trampoline_addr(SB)/8, $libc_fchflags_trampoline<>(SB) + +TEXT libc_fchmod_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fchmod(SB) + +GLOBL ·libc_fchmod_trampoline_addr(SB), RODATA, $8 +DATA ·libc_fchmod_trampoline_addr(SB)/8, $libc_fchmod_trampoline<>(SB) + +TEXT libc_fchmodat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fchmodat(SB) + +GLOBL ·libc_fchmodat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_fchmodat_trampoline_addr(SB)/8, $libc_fchmodat_trampoline<>(SB) + +TEXT libc_fchown_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fchown(SB) + +GLOBL ·libc_fchown_trampoline_addr(SB), RODATA, $8 +DATA ·libc_fchown_trampoline_addr(SB)/8, $libc_fchown_trampoline<>(SB) + +TEXT libc_fchownat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fchownat(SB) + +GLOBL ·libc_fchownat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_fchownat_trampoline_addr(SB)/8, $libc_fchownat_trampoline<>(SB) + +TEXT libc_flock_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_flock(SB) + +GLOBL ·libc_flock_trampoline_addr(SB), RODATA, $8 +DATA ·libc_flock_trampoline_addr(SB)/8, $libc_flock_trampoline<>(SB) + +TEXT libc_fpathconf_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fpathconf(SB) + +GLOBL ·libc_fpathconf_trampoline_addr(SB), RODATA, $8 +DATA ·libc_fpathconf_trampoline_addr(SB)/8, $libc_fpathconf_trampoline<>(SB) + +TEXT libc_fstat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fstat(SB) + +GLOBL ·libc_fstat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_fstat_trampoline_addr(SB)/8, $libc_fstat_trampoline<>(SB) + +TEXT libc_fstatat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fstatat(SB) + +GLOBL ·libc_fstatat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_fstatat_trampoline_addr(SB)/8, $libc_fstatat_trampoline<>(SB) + +TEXT libc_fstatfs_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fstatfs(SB) + +GLOBL ·libc_fstatfs_trampoline_addr(SB), RODATA, $8 +DATA ·libc_fstatfs_trampoline_addr(SB)/8, $libc_fstatfs_trampoline<>(SB) + +TEXT libc_fsync_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fsync(SB) + +GLOBL ·libc_fsync_trampoline_addr(SB), RODATA, $8 +DATA ·libc_fsync_trampoline_addr(SB)/8, $libc_fsync_trampoline<>(SB) + +TEXT libc_ftruncate_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_ftruncate(SB) + +GLOBL ·libc_ftruncate_trampoline_addr(SB), RODATA, $8 +DATA ·libc_ftruncate_trampoline_addr(SB)/8, $libc_ftruncate_trampoline<>(SB) + +TEXT libc_getegid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getegid(SB) + +GLOBL ·libc_getegid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getegid_trampoline_addr(SB)/8, $libc_getegid_trampoline<>(SB) + +TEXT libc_geteuid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_geteuid(SB) + +GLOBL ·libc_geteuid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_geteuid_trampoline_addr(SB)/8, $libc_geteuid_trampoline<>(SB) + +TEXT libc_getgid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getgid(SB) + +GLOBL ·libc_getgid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getgid_trampoline_addr(SB)/8, $libc_getgid_trampoline<>(SB) + +TEXT libc_getpgid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getpgid(SB) + +GLOBL ·libc_getpgid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getpgid_trampoline_addr(SB)/8, $libc_getpgid_trampoline<>(SB) + +TEXT libc_getpgrp_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getpgrp(SB) + +GLOBL ·libc_getpgrp_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getpgrp_trampoline_addr(SB)/8, $libc_getpgrp_trampoline<>(SB) + +TEXT libc_getpid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getpid(SB) + +GLOBL ·libc_getpid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getpid_trampoline_addr(SB)/8, $libc_getpid_trampoline<>(SB) + +TEXT libc_getppid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getppid(SB) + +GLOBL ·libc_getppid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getppid_trampoline_addr(SB)/8, $libc_getppid_trampoline<>(SB) + +TEXT libc_getpriority_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getpriority(SB) + +GLOBL ·libc_getpriority_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getpriority_trampoline_addr(SB)/8, $libc_getpriority_trampoline<>(SB) + +TEXT libc_getrlimit_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getrlimit(SB) + +GLOBL ·libc_getrlimit_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getrlimit_trampoline_addr(SB)/8, $libc_getrlimit_trampoline<>(SB) + +TEXT libc_getrtable_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getrtable(SB) + +GLOBL ·libc_getrtable_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getrtable_trampoline_addr(SB)/8, $libc_getrtable_trampoline<>(SB) + +TEXT libc_getrusage_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getrusage(SB) + +GLOBL ·libc_getrusage_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getrusage_trampoline_addr(SB)/8, $libc_getrusage_trampoline<>(SB) + +TEXT libc_getsid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getsid(SB) + +GLOBL ·libc_getsid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getsid_trampoline_addr(SB)/8, $libc_getsid_trampoline<>(SB) + +TEXT libc_gettimeofday_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_gettimeofday(SB) + +GLOBL ·libc_gettimeofday_trampoline_addr(SB), RODATA, $8 +DATA ·libc_gettimeofday_trampoline_addr(SB)/8, $libc_gettimeofday_trampoline<>(SB) + +TEXT libc_getuid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getuid(SB) + +GLOBL ·libc_getuid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getuid_trampoline_addr(SB)/8, $libc_getuid_trampoline<>(SB) + +TEXT libc_issetugid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_issetugid(SB) + +GLOBL ·libc_issetugid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_issetugid_trampoline_addr(SB)/8, $libc_issetugid_trampoline<>(SB) + +TEXT libc_kill_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_kill(SB) + +GLOBL ·libc_kill_trampoline_addr(SB), RODATA, $8 +DATA ·libc_kill_trampoline_addr(SB)/8, $libc_kill_trampoline<>(SB) + +TEXT libc_kqueue_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_kqueue(SB) + +GLOBL ·libc_kqueue_trampoline_addr(SB), RODATA, $8 +DATA ·libc_kqueue_trampoline_addr(SB)/8, $libc_kqueue_trampoline<>(SB) + +TEXT libc_lchown_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_lchown(SB) + +GLOBL ·libc_lchown_trampoline_addr(SB), RODATA, $8 +DATA ·libc_lchown_trampoline_addr(SB)/8, $libc_lchown_trampoline<>(SB) + +TEXT libc_link_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_link(SB) + +GLOBL ·libc_link_trampoline_addr(SB), RODATA, $8 +DATA ·libc_link_trampoline_addr(SB)/8, $libc_link_trampoline<>(SB) + +TEXT libc_linkat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_linkat(SB) + +GLOBL ·libc_linkat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_linkat_trampoline_addr(SB)/8, $libc_linkat_trampoline<>(SB) + +TEXT libc_listen_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_listen(SB) + +GLOBL ·libc_listen_trampoline_addr(SB), RODATA, $8 +DATA ·libc_listen_trampoline_addr(SB)/8, $libc_listen_trampoline<>(SB) + +TEXT libc_lstat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_lstat(SB) + +GLOBL ·libc_lstat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_lstat_trampoline_addr(SB)/8, $libc_lstat_trampoline<>(SB) + +TEXT libc_mkdir_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_mkdir(SB) + +GLOBL ·libc_mkdir_trampoline_addr(SB), RODATA, $8 +DATA ·libc_mkdir_trampoline_addr(SB)/8, $libc_mkdir_trampoline<>(SB) + +TEXT libc_mkdirat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_mkdirat(SB) + +GLOBL ·libc_mkdirat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_mkdirat_trampoline_addr(SB)/8, $libc_mkdirat_trampoline<>(SB) + +TEXT libc_mkfifo_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_mkfifo(SB) + +GLOBL ·libc_mkfifo_trampoline_addr(SB), RODATA, $8 +DATA ·libc_mkfifo_trampoline_addr(SB)/8, $libc_mkfifo_trampoline<>(SB) + +TEXT libc_mkfifoat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_mkfifoat(SB) + +GLOBL ·libc_mkfifoat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_mkfifoat_trampoline_addr(SB)/8, $libc_mkfifoat_trampoline<>(SB) + +TEXT libc_mknod_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_mknod(SB) + +GLOBL ·libc_mknod_trampoline_addr(SB), RODATA, $8 +DATA ·libc_mknod_trampoline_addr(SB)/8, $libc_mknod_trampoline<>(SB) + +TEXT libc_mknodat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_mknodat(SB) + +GLOBL ·libc_mknodat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_mknodat_trampoline_addr(SB)/8, $libc_mknodat_trampoline<>(SB) + +TEXT libc_nanosleep_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_nanosleep(SB) + +GLOBL ·libc_nanosleep_trampoline_addr(SB), RODATA, $8 +DATA ·libc_nanosleep_trampoline_addr(SB)/8, $libc_nanosleep_trampoline<>(SB) + +TEXT libc_open_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_open(SB) + +GLOBL ·libc_open_trampoline_addr(SB), RODATA, $8 +DATA ·libc_open_trampoline_addr(SB)/8, $libc_open_trampoline<>(SB) + +TEXT libc_openat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_openat(SB) + +GLOBL ·libc_openat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_openat_trampoline_addr(SB)/8, $libc_openat_trampoline<>(SB) + +TEXT libc_pathconf_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_pathconf(SB) + +GLOBL ·libc_pathconf_trampoline_addr(SB), RODATA, $8 +DATA ·libc_pathconf_trampoline_addr(SB)/8, $libc_pathconf_trampoline<>(SB) + +TEXT libc_pread_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_pread(SB) + +GLOBL ·libc_pread_trampoline_addr(SB), RODATA, $8 +DATA ·libc_pread_trampoline_addr(SB)/8, $libc_pread_trampoline<>(SB) + +TEXT libc_pwrite_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_pwrite(SB) + +GLOBL ·libc_pwrite_trampoline_addr(SB), RODATA, $8 +DATA ·libc_pwrite_trampoline_addr(SB)/8, $libc_pwrite_trampoline<>(SB) + +TEXT libc_read_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_read(SB) + +GLOBL ·libc_read_trampoline_addr(SB), RODATA, $8 +DATA ·libc_read_trampoline_addr(SB)/8, $libc_read_trampoline<>(SB) + +TEXT libc_readlink_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_readlink(SB) + +GLOBL ·libc_readlink_trampoline_addr(SB), RODATA, $8 +DATA ·libc_readlink_trampoline_addr(SB)/8, $libc_readlink_trampoline<>(SB) + +TEXT libc_readlinkat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_readlinkat(SB) + +GLOBL ·libc_readlinkat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_readlinkat_trampoline_addr(SB)/8, $libc_readlinkat_trampoline<>(SB) + +TEXT libc_rename_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_rename(SB) + +GLOBL ·libc_rename_trampoline_addr(SB), RODATA, $8 +DATA ·libc_rename_trampoline_addr(SB)/8, $libc_rename_trampoline<>(SB) + +TEXT libc_renameat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_renameat(SB) + +GLOBL ·libc_renameat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_renameat_trampoline_addr(SB)/8, $libc_renameat_trampoline<>(SB) + +TEXT libc_revoke_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_revoke(SB) + +GLOBL ·libc_revoke_trampoline_addr(SB), RODATA, $8 +DATA ·libc_revoke_trampoline_addr(SB)/8, $libc_revoke_trampoline<>(SB) + +TEXT libc_rmdir_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_rmdir(SB) + +GLOBL ·libc_rmdir_trampoline_addr(SB), RODATA, $8 +DATA ·libc_rmdir_trampoline_addr(SB)/8, $libc_rmdir_trampoline<>(SB) + +TEXT libc_lseek_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_lseek(SB) + +GLOBL ·libc_lseek_trampoline_addr(SB), RODATA, $8 +DATA ·libc_lseek_trampoline_addr(SB)/8, $libc_lseek_trampoline<>(SB) + +TEXT libc_select_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_select(SB) + +GLOBL ·libc_select_trampoline_addr(SB), RODATA, $8 +DATA ·libc_select_trampoline_addr(SB)/8, $libc_select_trampoline<>(SB) + +TEXT libc_setegid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setegid(SB) + +GLOBL ·libc_setegid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setegid_trampoline_addr(SB)/8, $libc_setegid_trampoline<>(SB) + +TEXT libc_seteuid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_seteuid(SB) + +GLOBL ·libc_seteuid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_seteuid_trampoline_addr(SB)/8, $libc_seteuid_trampoline<>(SB) + +TEXT libc_setgid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setgid(SB) + +GLOBL ·libc_setgid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setgid_trampoline_addr(SB)/8, $libc_setgid_trampoline<>(SB) + +TEXT libc_setlogin_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setlogin(SB) + +GLOBL ·libc_setlogin_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setlogin_trampoline_addr(SB)/8, $libc_setlogin_trampoline<>(SB) + +TEXT libc_setpgid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setpgid(SB) + +GLOBL ·libc_setpgid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setpgid_trampoline_addr(SB)/8, $libc_setpgid_trampoline<>(SB) + +TEXT libc_setpriority_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setpriority(SB) + +GLOBL ·libc_setpriority_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setpriority_trampoline_addr(SB)/8, $libc_setpriority_trampoline<>(SB) + +TEXT libc_setregid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setregid(SB) + +GLOBL ·libc_setregid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setregid_trampoline_addr(SB)/8, $libc_setregid_trampoline<>(SB) + +TEXT libc_setreuid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setreuid(SB) + +GLOBL ·libc_setreuid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setreuid_trampoline_addr(SB)/8, $libc_setreuid_trampoline<>(SB) + +TEXT libc_setresgid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setresgid(SB) + +GLOBL ·libc_setresgid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setresgid_trampoline_addr(SB)/8, $libc_setresgid_trampoline<>(SB) + +TEXT libc_setresuid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setresuid(SB) + +GLOBL ·libc_setresuid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setresuid_trampoline_addr(SB)/8, $libc_setresuid_trampoline<>(SB) + +TEXT libc_setrlimit_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setrlimit(SB) + +GLOBL ·libc_setrlimit_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setrlimit_trampoline_addr(SB)/8, $libc_setrlimit_trampoline<>(SB) + +TEXT libc_setrtable_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setrtable(SB) + +GLOBL ·libc_setrtable_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setrtable_trampoline_addr(SB)/8, $libc_setrtable_trampoline<>(SB) + +TEXT libc_setsid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setsid(SB) + +GLOBL ·libc_setsid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setsid_trampoline_addr(SB)/8, $libc_setsid_trampoline<>(SB) + +TEXT libc_settimeofday_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_settimeofday(SB) + +GLOBL ·libc_settimeofday_trampoline_addr(SB), RODATA, $8 +DATA ·libc_settimeofday_trampoline_addr(SB)/8, $libc_settimeofday_trampoline<>(SB) + +TEXT libc_setuid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setuid(SB) + +GLOBL ·libc_setuid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setuid_trampoline_addr(SB)/8, $libc_setuid_trampoline<>(SB) + +TEXT libc_stat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_stat(SB) + +GLOBL ·libc_stat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_stat_trampoline_addr(SB)/8, $libc_stat_trampoline<>(SB) + +TEXT libc_statfs_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_statfs(SB) + +GLOBL ·libc_statfs_trampoline_addr(SB), RODATA, $8 +DATA ·libc_statfs_trampoline_addr(SB)/8, $libc_statfs_trampoline<>(SB) + +TEXT libc_symlink_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_symlink(SB) + +GLOBL ·libc_symlink_trampoline_addr(SB), RODATA, $8 +DATA ·libc_symlink_trampoline_addr(SB)/8, $libc_symlink_trampoline<>(SB) + +TEXT libc_symlinkat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_symlinkat(SB) + +GLOBL ·libc_symlinkat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_symlinkat_trampoline_addr(SB)/8, $libc_symlinkat_trampoline<>(SB) + +TEXT libc_sync_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_sync(SB) + +GLOBL ·libc_sync_trampoline_addr(SB), RODATA, $8 +DATA ·libc_sync_trampoline_addr(SB)/8, $libc_sync_trampoline<>(SB) + +TEXT libc_truncate_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_truncate(SB) + +GLOBL ·libc_truncate_trampoline_addr(SB), RODATA, $8 +DATA ·libc_truncate_trampoline_addr(SB)/8, $libc_truncate_trampoline<>(SB) + +TEXT libc_umask_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_umask(SB) + +GLOBL ·libc_umask_trampoline_addr(SB), RODATA, $8 +DATA ·libc_umask_trampoline_addr(SB)/8, $libc_umask_trampoline<>(SB) + +TEXT libc_unlink_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_unlink(SB) + +GLOBL ·libc_unlink_trampoline_addr(SB), RODATA, $8 +DATA ·libc_unlink_trampoline_addr(SB)/8, $libc_unlink_trampoline<>(SB) + +TEXT libc_unlinkat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_unlinkat(SB) + +GLOBL ·libc_unlinkat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_unlinkat_trampoline_addr(SB)/8, $libc_unlinkat_trampoline<>(SB) + +TEXT libc_unmount_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_unmount(SB) + +GLOBL ·libc_unmount_trampoline_addr(SB), RODATA, $8 +DATA ·libc_unmount_trampoline_addr(SB)/8, $libc_unmount_trampoline<>(SB) + +TEXT libc_write_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_write(SB) + +GLOBL ·libc_write_trampoline_addr(SB), RODATA, $8 +DATA ·libc_write_trampoline_addr(SB)/8, $libc_write_trampoline<>(SB) + +TEXT libc_mmap_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_mmap(SB) + +GLOBL ·libc_mmap_trampoline_addr(SB), RODATA, $8 +DATA ·libc_mmap_trampoline_addr(SB)/8, $libc_mmap_trampoline<>(SB) + +TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_munmap(SB) + +GLOBL ·libc_munmap_trampoline_addr(SB), RODATA, $8 +DATA ·libc_munmap_trampoline_addr(SB)/8, $libc_munmap_trampoline<>(SB) + +TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_utimensat(SB) + +GLOBL ·libc_utimensat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_utimensat_trampoline_addr(SB)/8, $libc_utimensat_trampoline<>(SB) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go index 62192e1de2a..c9c4ad0314f 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go @@ -1,4 +1,4 @@ -// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/include -m32 /tmp/include/asm/unistd.h +// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/386/include -m32 /tmp/386/include/asm/unistd.h // Code generated by the command above; see README.md. DO NOT EDIT. //go:build 386 && linux diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go index 490aab5d215..12ff3417c5f 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go @@ -1,4 +1,4 @@ -// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/include -m64 /tmp/include/asm/unistd.h +// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/amd64/include -m64 /tmp/amd64/include/asm/unistd.h // Code generated by the command above; see README.md. DO NOT EDIT. //go:build amd64 && linux diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go index aca17b6fad4..c3fb5e77ab4 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go @@ -1,4 +1,4 @@ -// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/include /tmp/include/asm/unistd.h +// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/arm/include /tmp/arm/include/asm/unistd.h // Code generated by the command above; see README.md. DO NOT EDIT. //go:build arm && linux diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go index 54b4dfa547f..358c847a40c 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go @@ -1,4 +1,4 @@ -// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/include -fsigned-char /tmp/include/asm/unistd.h +// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/arm64/include -fsigned-char /tmp/arm64/include/asm/unistd.h // Code generated by the command above; see README.md. DO NOT EDIT. //go:build arm64 && linux diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go index 44a764c9917..81c4849b161 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go @@ -1,4 +1,4 @@ -// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/include /tmp/include/asm/unistd.h +// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/loong64/include /tmp/loong64/include/asm/unistd.h // Code generated by the command above; see README.md. DO NOT EDIT. //go:build loong64 && linux diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go index 65a99efc236..202a57e9008 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go @@ -1,4 +1,4 @@ -// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/include /tmp/include/asm/unistd.h +// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/mips/include /tmp/mips/include/asm/unistd.h // Code generated by the command above; see README.md. DO NOT EDIT. //go:build mips && linux diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go index 841c8a66820..1fbceb52d7c 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go @@ -1,4 +1,4 @@ -// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/include /tmp/include/asm/unistd.h +// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/mips64/include /tmp/mips64/include/asm/unistd.h // Code generated by the command above; see README.md. DO NOT EDIT. //go:build mips64 && linux diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go index e26a7c7658e..b4ffb7a207d 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go @@ -1,4 +1,4 @@ -// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/include /tmp/include/asm/unistd.h +// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/mips64le/include /tmp/mips64le/include/asm/unistd.h // Code generated by the command above; see README.md. DO NOT EDIT. //go:build mips64le && linux diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go index 26447260a9e..867985f9b44 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go @@ -1,4 +1,4 @@ -// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/include /tmp/include/asm/unistd.h +// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/mipsle/include /tmp/mipsle/include/asm/unistd.h // Code generated by the command above; see README.md. DO NOT EDIT. //go:build mipsle && linux diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go index 26aefc1869a..a8cce69ede2 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go @@ -1,4 +1,4 @@ -// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/include /tmp/include/asm/unistd.h +// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/ppc/include /tmp/ppc/include/asm/unistd.h // Code generated by the command above; see README.md. DO NOT EDIT. //go:build ppc && linux diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go index 8d4cd9d99d4..d44c5b39d79 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go @@ -1,4 +1,4 @@ -// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/include /tmp/include/asm/unistd.h +// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/ppc64/include /tmp/ppc64/include/asm/unistd.h // Code generated by the command above; see README.md. DO NOT EDIT. //go:build ppc64 && linux diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go index 3b405d1f82a..4214dd9c03a 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go @@ -1,4 +1,4 @@ -// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/include /tmp/include/asm/unistd.h +// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/ppc64le/include /tmp/ppc64le/include/asm/unistd.h // Code generated by the command above; see README.md. DO NOT EDIT. //go:build ppc64le && linux diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go index 3a9c96b2882..3e594a8c091 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go @@ -1,4 +1,4 @@ -// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/include /tmp/include/asm/unistd.h +// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/riscv64/include /tmp/riscv64/include/asm/unistd.h // Code generated by the command above; see README.md. DO NOT EDIT. //go:build riscv64 && linux diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go index 8ffa66469ef..7ea465204b7 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go @@ -1,4 +1,4 @@ -// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/include -fsigned-char /tmp/include/asm/unistd.h +// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/s390x/include -fsigned-char /tmp/s390x/include/asm/unistd.h // Code generated by the command above; see README.md. DO NOT EDIT. //go:build s390x && linux diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go index 6a39640e76d..92f628ef4f2 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go @@ -1,4 +1,4 @@ -// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/include /tmp/include/asm/unistd.h +// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/sparc64/include /tmp/sparc64/include/asm/unistd.h // Code generated by the command above; see README.md. DO NOT EDIT. //go:build sparc64 && linux diff --git a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_386.go b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_386.go index 817edbf95c0..597733813e3 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_386.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_386.go @@ -6,6 +6,7 @@ package unix +// Deprecated: Use libc wrappers instead of direct syscalls. const ( SYS_EXIT = 1 // { void sys_exit(int rval); } SYS_FORK = 2 // { int sys_fork(void); } diff --git a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_amd64.go b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_amd64.go index ea453614e69..16af2918994 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_amd64.go @@ -6,6 +6,7 @@ package unix +// Deprecated: Use libc wrappers instead of direct syscalls. const ( SYS_EXIT = 1 // { void sys_exit(int rval); } SYS_FORK = 2 // { int sys_fork(void); } diff --git a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm.go b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm.go index 467971eed66..f59b18a9779 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm.go @@ -6,6 +6,7 @@ package unix +// Deprecated: Use libc wrappers instead of direct syscalls. const ( SYS_EXIT = 1 // { void sys_exit(int rval); } SYS_FORK = 2 // { int sys_fork(void); } diff --git a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm64.go b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm64.go index 32eec5ed56f..721ef591032 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm64.go @@ -6,6 +6,7 @@ package unix +// Deprecated: Use libc wrappers instead of direct syscalls. const ( SYS_EXIT = 1 // { void sys_exit(int rval); } SYS_FORK = 2 // { int sys_fork(void); } diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go index dea0c9a607d..d9c78cdcbc4 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go +++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go @@ -294,7 +294,7 @@ type PtraceLwpInfoStruct struct { Flags int32 Sigmask Sigset_t Siglist Sigset_t - Siginfo __Siginfo + Siginfo __PtraceSiginfo Tdname [20]int8 Child_pid int32 Syscall_code uint32 @@ -312,6 +312,17 @@ type __Siginfo struct { Value [4]byte _ [32]byte } +type __PtraceSiginfo struct { + Signo int32 + Errno int32 + Code int32 + Pid int32 + Uid uint32 + Status int32 + Addr uintptr + Value [4]byte + _ [32]byte +} type Sigset_t struct { Val [4]uint32 @@ -350,8 +361,8 @@ type FpExtendedPrecision struct{} type PtraceIoDesc struct { Op int32 - Offs *byte - Addr *byte + Offs uintptr + Addr uintptr Len uint32 } diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go index da0ea0d608a..26991b16559 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go @@ -291,7 +291,7 @@ type PtraceLwpInfoStruct struct { Flags int32 Sigmask Sigset_t Siglist Sigset_t - Siginfo __Siginfo + Siginfo __PtraceSiginfo Tdname [20]int8 Child_pid int32 Syscall_code uint32 @@ -310,6 +310,18 @@ type __Siginfo struct { _ [40]byte } +type __PtraceSiginfo struct { + Signo int32 + Errno int32 + Code int32 + Pid int32 + Uid uint32 + Status int32 + Addr uintptr + Value [8]byte + _ [40]byte +} + type Sigset_t struct { Val [4]uint32 } @@ -354,8 +366,8 @@ type FpExtendedPrecision struct{} type PtraceIoDesc struct { Op int32 - Offs *byte - Addr *byte + Offs uintptr + Addr uintptr Len uint64 } diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go index da8f7404509..f8324e7e7f4 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go +++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go @@ -293,7 +293,7 @@ type PtraceLwpInfoStruct struct { Flags int32 Sigmask Sigset_t Siglist Sigset_t - Siginfo __Siginfo + Siginfo __PtraceSiginfo Tdname [20]int8 Child_pid int32 Syscall_code uint32 @@ -312,6 +312,18 @@ type __Siginfo struct { _ [32]byte } +type __PtraceSiginfo struct { + Signo int32 + Errno int32 + Code int32 + Pid int32 + Uid uint32 + Status int32 + Addr uintptr + Value [4]byte + _ [32]byte +} + type Sigset_t struct { Val [4]uint32 } @@ -337,8 +349,8 @@ type FpExtendedPrecision struct { type PtraceIoDesc struct { Op int32 - Offs *byte - Addr *byte + Offs uintptr + Addr uintptr Len uint32 } diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go index d69988e5e58..4220411f341 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go @@ -291,7 +291,7 @@ type PtraceLwpInfoStruct struct { Flags int32 Sigmask Sigset_t Siglist Sigset_t - Siginfo __Siginfo + Siginfo __PtraceSiginfo Tdname [20]int8 Child_pid int32 Syscall_code uint32 @@ -310,6 +310,18 @@ type __Siginfo struct { _ [40]byte } +type __PtraceSiginfo struct { + Signo int32 + Errno int32 + Code int32 + Pid int32 + Uid uint32 + Status int32 + Addr uintptr + Value [8]byte + _ [40]byte +} + type Sigset_t struct { Val [4]uint32 } @@ -334,8 +346,8 @@ type FpExtendedPrecision struct{} type PtraceIoDesc struct { Op int32 - Offs *byte - Addr *byte + Offs uintptr + Addr uintptr Len uint64 } diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go index d6fd9e88382..0660fd45c7c 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go @@ -291,7 +291,7 @@ type PtraceLwpInfoStruct struct { Flags int32 Sigmask Sigset_t Siglist Sigset_t - Siginfo __Siginfo + Siginfo __PtraceSiginfo Tdname [20]int8 Child_pid int32 Syscall_code uint32 @@ -310,6 +310,18 @@ type __Siginfo struct { _ [40]byte } +type __PtraceSiginfo struct { + Signo int32 + Errno int32 + Code int32 + Pid int32 + Uid uint32 + Status int32 + Addr uintptr + Value [8]byte + _ [40]byte +} + type Sigset_t struct { Val [4]uint32 } @@ -335,8 +347,8 @@ type FpExtendedPrecision struct{} type PtraceIoDesc struct { Op int32 - Offs *byte - Addr *byte + Offs uintptr + Addr uintptr Len uint64 } diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux.go b/vendor/golang.org/x/sys/unix/ztypes_linux.go index 86984798754..ff6881167d9 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux.go @@ -945,6 +945,9 @@ type PerfEventAttr struct { Aux_watermark uint32 Sample_max_stack uint16 _ uint16 + Aux_sample_size uint32 + _ uint32 + Sig_data uint64 } type PerfEventMmapPage struct { @@ -1463,6 +1466,11 @@ const ( IFLA_ALT_IFNAME = 0x35 IFLA_PERM_ADDRESS = 0x36 IFLA_PROTO_DOWN_REASON = 0x37 + IFLA_PARENT_DEV_NAME = 0x38 + IFLA_PARENT_DEV_BUS_NAME = 0x39 + IFLA_GRO_MAX_SIZE = 0x3a + IFLA_TSO_MAX_SIZE = 0x3b + IFLA_TSO_MAX_SEGS = 0x3c IFLA_PROTO_DOWN_REASON_UNSPEC = 0x0 IFLA_PROTO_DOWN_REASON_MASK = 0x1 IFLA_PROTO_DOWN_REASON_VALUE = 0x2 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_386.go b/vendor/golang.org/x/sys/unix/ztypes_linux_386.go index 7551af48318..89c516a29ac 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_386.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_386.go @@ -1,4 +1,4 @@ -// cgo -godefs -- -Wall -Werror -static -I/tmp/include -m32 linux/types.go | go run mkpost.go +// cgo -godefs -objdir=/tmp/386/cgo -- -Wall -Werror -static -I/tmp/386/include -m32 linux/types.go | go run mkpost.go // Code generated by the command above; see README.md. DO NOT EDIT. //go:build 386 && linux @@ -254,6 +254,12 @@ type Sigset_t struct { const _C__NSIG = 0x41 +const ( + SIG_BLOCK = 0x0 + SIG_UNBLOCK = 0x1 + SIG_SETMASK = 0x2 +) + type Siginfo struct { Signo int32 Errno int32 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go index 3e738ac0bbf..62b4fb26996 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go @@ -1,4 +1,4 @@ -// cgo -godefs -- -Wall -Werror -static -I/tmp/include -m64 linux/types.go | go run mkpost.go +// cgo -godefs -objdir=/tmp/amd64/cgo -- -Wall -Werror -static -I/tmp/amd64/include -m64 linux/types.go | go run mkpost.go // Code generated by the command above; see README.md. DO NOT EDIT. //go:build amd64 && linux @@ -269,6 +269,12 @@ type Sigset_t struct { const _C__NSIG = 0x41 +const ( + SIG_BLOCK = 0x0 + SIG_UNBLOCK = 0x1 + SIG_SETMASK = 0x2 +) + type Siginfo struct { Signo int32 Errno int32 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go b/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go index 6183eef4a40..e86b35893ec 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go @@ -1,4 +1,4 @@ -// cgo -godefs -- -Wall -Werror -static -I/tmp/include linux/types.go | go run mkpost.go +// cgo -godefs -objdir=/tmp/arm/cgo -- -Wall -Werror -static -I/tmp/arm/include linux/types.go | go run mkpost.go // Code generated by the command above; see README.md. DO NOT EDIT. //go:build arm && linux @@ -245,6 +245,12 @@ type Sigset_t struct { const _C__NSIG = 0x41 +const ( + SIG_BLOCK = 0x0 + SIG_UNBLOCK = 0x1 + SIG_SETMASK = 0x2 +) + type Siginfo struct { Signo int32 Errno int32 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go index 968cecb17e8..6c6be4c911d 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go @@ -1,4 +1,4 @@ -// cgo -godefs -- -Wall -Werror -static -I/tmp/include -fsigned-char linux/types.go | go run mkpost.go +// cgo -godefs -objdir=/tmp/arm64/cgo -- -Wall -Werror -static -I/tmp/arm64/include -fsigned-char linux/types.go | go run mkpost.go // Code generated by the command above; see README.md. DO NOT EDIT. //go:build arm64 && linux @@ -248,6 +248,12 @@ type Sigset_t struct { const _C__NSIG = 0x41 +const ( + SIG_BLOCK = 0x0 + SIG_UNBLOCK = 0x1 + SIG_SETMASK = 0x2 +) + type Siginfo struct { Signo int32 Errno int32 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go index 8fe4c522a9c..4982ea355a2 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go @@ -1,4 +1,4 @@ -// cgo -godefs -- -Wall -Werror -static -I/tmp/include linux/types.go | go run mkpost.go +// cgo -godefs -objdir=/tmp/loong64/cgo -- -Wall -Werror -static -I/tmp/loong64/include linux/types.go | go run mkpost.go // Code generated by the command above; see README.md. DO NOT EDIT. //go:build loong64 && linux @@ -249,6 +249,12 @@ type Sigset_t struct { const _C__NSIG = 0x41 +const ( + SIG_BLOCK = 0x0 + SIG_UNBLOCK = 0x1 + SIG_SETMASK = 0x2 +) + type Siginfo struct { Signo int32 Errno int32 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go index 11426a3010b..173141a6703 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go @@ -1,4 +1,4 @@ -// cgo -godefs -- -Wall -Werror -static -I/tmp/include linux/types.go | go run mkpost.go +// cgo -godefs -objdir=/tmp/mips/cgo -- -Wall -Werror -static -I/tmp/mips/include linux/types.go | go run mkpost.go // Code generated by the command above; see README.md. DO NOT EDIT. //go:build mips && linux @@ -250,6 +250,12 @@ type Sigset_t struct { const _C__NSIG = 0x80 +const ( + SIG_BLOCK = 0x1 + SIG_UNBLOCK = 0x2 + SIG_SETMASK = 0x3 +) + type Siginfo struct { Signo int32 Code int32 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go index ad1c3b3de59..93ae4c51673 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go @@ -1,4 +1,4 @@ -// cgo -godefs -- -Wall -Werror -static -I/tmp/include linux/types.go | go run mkpost.go +// cgo -godefs -objdir=/tmp/mips64/cgo -- -Wall -Werror -static -I/tmp/mips64/include linux/types.go | go run mkpost.go // Code generated by the command above; see README.md. DO NOT EDIT. //go:build mips64 && linux @@ -251,6 +251,12 @@ type Sigset_t struct { const _C__NSIG = 0x80 +const ( + SIG_BLOCK = 0x1 + SIG_UNBLOCK = 0x2 + SIG_SETMASK = 0x3 +) + type Siginfo struct { Signo int32 Code int32 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go index 15fd84e4dd0..4e4e510ca51 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go @@ -1,4 +1,4 @@ -// cgo -godefs -- -Wall -Werror -static -I/tmp/include linux/types.go | go run mkpost.go +// cgo -godefs -objdir=/tmp/mips64le/cgo -- -Wall -Werror -static -I/tmp/mips64le/include linux/types.go | go run mkpost.go // Code generated by the command above; see README.md. DO NOT EDIT. //go:build mips64le && linux @@ -251,6 +251,12 @@ type Sigset_t struct { const _C__NSIG = 0x80 +const ( + SIG_BLOCK = 0x1 + SIG_UNBLOCK = 0x2 + SIG_SETMASK = 0x3 +) + type Siginfo struct { Signo int32 Code int32 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go index 49c49825ab3..3f5ba013d99 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go @@ -1,4 +1,4 @@ -// cgo -godefs -- -Wall -Werror -static -I/tmp/include linux/types.go | go run mkpost.go +// cgo -godefs -objdir=/tmp/mipsle/cgo -- -Wall -Werror -static -I/tmp/mipsle/include linux/types.go | go run mkpost.go // Code generated by the command above; see README.md. DO NOT EDIT. //go:build mipsle && linux @@ -250,6 +250,12 @@ type Sigset_t struct { const _C__NSIG = 0x80 +const ( + SIG_BLOCK = 0x1 + SIG_UNBLOCK = 0x2 + SIG_SETMASK = 0x3 +) + type Siginfo struct { Signo int32 Code int32 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go index cd36d0da26a..71dfe7cdb47 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go @@ -1,4 +1,4 @@ -// cgo -godefs -- -Wall -Werror -static -I/tmp/include linux/types.go | go run mkpost.go +// cgo -godefs -objdir=/tmp/ppc/cgo -- -Wall -Werror -static -I/tmp/ppc/include linux/types.go | go run mkpost.go // Code generated by the command above; see README.md. DO NOT EDIT. //go:build ppc && linux @@ -257,6 +257,12 @@ type Sigset_t struct { const _C__NSIG = 0x41 +const ( + SIG_BLOCK = 0x0 + SIG_UNBLOCK = 0x1 + SIG_SETMASK = 0x2 +) + type Siginfo struct { Signo int32 Errno int32 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go index 8c6fce03950..3a2b7f0a666 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go @@ -1,4 +1,4 @@ -// cgo -godefs -- -Wall -Werror -static -I/tmp/include linux/types.go | go run mkpost.go +// cgo -godefs -objdir=/tmp/ppc64/cgo -- -Wall -Werror -static -I/tmp/ppc64/include linux/types.go | go run mkpost.go // Code generated by the command above; see README.md. DO NOT EDIT. //go:build ppc64 && linux @@ -258,6 +258,12 @@ type Sigset_t struct { const _C__NSIG = 0x41 +const ( + SIG_BLOCK = 0x0 + SIG_UNBLOCK = 0x1 + SIG_SETMASK = 0x2 +) + type Siginfo struct { Signo int32 Errno int32 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go index 20910f2ad78..a52d6275632 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go @@ -1,4 +1,4 @@ -// cgo -godefs -- -Wall -Werror -static -I/tmp/include linux/types.go | go run mkpost.go +// cgo -godefs -objdir=/tmp/ppc64le/cgo -- -Wall -Werror -static -I/tmp/ppc64le/include linux/types.go | go run mkpost.go // Code generated by the command above; see README.md. DO NOT EDIT. //go:build ppc64le && linux @@ -258,6 +258,12 @@ type Sigset_t struct { const _C__NSIG = 0x41 +const ( + SIG_BLOCK = 0x0 + SIG_UNBLOCK = 0x1 + SIG_SETMASK = 0x2 +) + type Siginfo struct { Signo int32 Errno int32 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go index 71b7b3331db..dfc007d8a69 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go @@ -1,4 +1,4 @@ -// cgo -godefs -- -Wall -Werror -static -I/tmp/include linux/types.go | go run mkpost.go +// cgo -godefs -objdir=/tmp/riscv64/cgo -- -Wall -Werror -static -I/tmp/riscv64/include linux/types.go | go run mkpost.go // Code generated by the command above; see README.md. DO NOT EDIT. //go:build riscv64 && linux @@ -276,6 +276,12 @@ type Sigset_t struct { const _C__NSIG = 0x41 +const ( + SIG_BLOCK = 0x0 + SIG_UNBLOCK = 0x1 + SIG_SETMASK = 0x2 +) + type Siginfo struct { Signo int32 Errno int32 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go b/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go index 71184cc2cda..b53cb9103d3 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go @@ -1,4 +1,4 @@ -// cgo -godefs -- -Wall -Werror -static -I/tmp/include -fsigned-char linux/types.go | go run mkpost.go +// cgo -godefs -objdir=/tmp/s390x/cgo -- -Wall -Werror -static -I/tmp/s390x/include -fsigned-char linux/types.go | go run mkpost.go // Code generated by the command above; see README.md. DO NOT EDIT. //go:build s390x && linux @@ -271,6 +271,12 @@ type Sigset_t struct { const _C__NSIG = 0x41 +const ( + SIG_BLOCK = 0x0 + SIG_UNBLOCK = 0x1 + SIG_SETMASK = 0x2 +) + type Siginfo struct { Signo int32 Errno int32 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go index 06156285d9e..fe0aa354728 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go @@ -1,4 +1,4 @@ -// cgo -godefs -- -Wall -Werror -static -I/tmp/include linux/types.go | go run mkpost.go +// cgo -godefs -objdir=/tmp/sparc64/cgo -- -Wall -Werror -static -I/tmp/sparc64/include linux/types.go | go run mkpost.go // Code generated by the command above; see README.md. DO NOT EDIT. //go:build sparc64 && linux @@ -253,6 +253,12 @@ type Sigset_t struct { const _C__NSIG = 0x41 +const ( + SIG_BLOCK = 0x1 + SIG_UNBLOCK = 0x2 + SIG_SETMASK = 0x4 +) + type Siginfo struct { Signo int32 Errno int32 diff --git a/vendor/golang.org/x/sys/windows/setupapi_windows.go b/vendor/golang.org/x/sys/windows/setupapi_windows.go index 14027da3f3f..f8126482fa5 100644 --- a/vendor/golang.org/x/sys/windows/setupapi_windows.go +++ b/vendor/golang.org/x/sys/windows/setupapi_windows.go @@ -296,7 +296,7 @@ const ( // Flag to indicate that the sorting from the INF file should be used. DI_INF_IS_SORTED DI_FLAGS = 0x00008000 - // Flag to indicate that only the the INF specified by SP_DEVINSTALL_PARAMS.DriverPath should be searched. + // Flag to indicate that only the INF specified by SP_DEVINSTALL_PARAMS.DriverPath should be searched. DI_ENUMSINGLEINF DI_FLAGS = 0x00010000 // Flag that prevents ConfigMgr from removing/re-enumerating devices during device diff --git a/vendor/golang.org/x/sys/windows/syscall.go b/vendor/golang.org/x/sys/windows/syscall.go index 72074d582f1..8732cdb957f 100644 --- a/vendor/golang.org/x/sys/windows/syscall.go +++ b/vendor/golang.org/x/sys/windows/syscall.go @@ -30,8 +30,6 @@ import ( "strings" "syscall" "unsafe" - - "golang.org/x/sys/internal/unsafeheader" ) // ByteSliceFromString returns a NUL-terminated slice of bytes @@ -83,13 +81,7 @@ func BytePtrToString(p *byte) string { ptr = unsafe.Pointer(uintptr(ptr) + 1) } - var s []byte - h := (*unsafeheader.Slice)(unsafe.Pointer(&s)) - h.Data = unsafe.Pointer(p) - h.Len = n - h.Cap = n - - return string(s) + return string(unsafe.Slice(p, n)) } // Single-word zero for use when we need a valid pointer to 0 bytes. diff --git a/vendor/golang.org/x/sys/windows/syscall_windows.go b/vendor/golang.org/x/sys/windows/syscall_windows.go index be3ec2bd467..5f4f0430e99 100644 --- a/vendor/golang.org/x/sys/windows/syscall_windows.go +++ b/vendor/golang.org/x/sys/windows/syscall_windows.go @@ -138,13 +138,7 @@ func UTF16PtrToString(p *uint16) string { ptr = unsafe.Pointer(uintptr(ptr) + unsafe.Sizeof(*p)) } - var s []uint16 - h := (*unsafeheader.Slice)(unsafe.Pointer(&s)) - h.Data = unsafe.Pointer(p) - h.Len = n - h.Cap = n - - return string(utf16.Decode(s)) + return string(utf16.Decode(unsafe.Slice(p, n))) } func Getpagesize() int { return 4096 } @@ -364,6 +358,15 @@ func NewCallbackCDecl(fn interface{}) uintptr { //sys SetCommTimeouts(handle Handle, timeouts *CommTimeouts) (err error) //sys GetActiveProcessorCount(groupNumber uint16) (ret uint32) //sys GetMaximumProcessorCount(groupNumber uint16) (ret uint32) +//sys EnumWindows(enumFunc uintptr, param unsafe.Pointer) (err error) = user32.EnumWindows +//sys EnumChildWindows(hwnd HWND, enumFunc uintptr, param unsafe.Pointer) = user32.EnumChildWindows +//sys GetClassName(hwnd HWND, className *uint16, maxCount int32) (copied int32, err error) = user32.GetClassNameW +//sys GetDesktopWindow() (hwnd HWND) = user32.GetDesktopWindow +//sys GetForegroundWindow() (hwnd HWND) = user32.GetForegroundWindow +//sys IsWindow(hwnd HWND) (isWindow bool) = user32.IsWindow +//sys IsWindowUnicode(hwnd HWND) (isUnicode bool) = user32.IsWindowUnicode +//sys IsWindowVisible(hwnd HWND) (isVisible bool) = user32.IsWindowVisible +//sys GetGUIThreadInfo(thread uint32, info *GUIThreadInfo) (err error) = user32.GetGUIThreadInfo // Volume Management Functions //sys DefineDosDevice(flags uint32, deviceName *uint16, targetPath *uint16) (err error) = DefineDosDeviceW @@ -417,6 +420,7 @@ func NewCallbackCDecl(fn interface{}) uintptr { //sys GetModuleInformation(process Handle, module Handle, modinfo *ModuleInfo, cb uint32) (err error) = psapi.GetModuleInformation //sys GetModuleFileNameEx(process Handle, module Handle, filename *uint16, size uint32) (err error) = psapi.GetModuleFileNameExW //sys GetModuleBaseName(process Handle, module Handle, baseName *uint16, size uint32) (err error) = psapi.GetModuleBaseNameW +//sys QueryWorkingSetEx(process Handle, pv uintptr, cb uint32) (err error) = psapi.QueryWorkingSetEx // NT Native APIs //sys rtlNtStatusToDosErrorNoTeb(ntstatus NTStatus) (ret syscall.Errno) = ntdll.RtlNtStatusToDosErrorNoTeb @@ -438,6 +442,10 @@ func NewCallbackCDecl(fn interface{}) uintptr { //sys RtlAddFunctionTable(functionTable *RUNTIME_FUNCTION, entryCount uint32, baseAddress uintptr) (ret bool) = ntdll.RtlAddFunctionTable //sys RtlDeleteFunctionTable(functionTable *RUNTIME_FUNCTION) (ret bool) = ntdll.RtlDeleteFunctionTable +// Desktop Window Manager API (Dwmapi) +//sys DwmGetWindowAttribute(hwnd HWND, attribute uint32, value unsafe.Pointer, size uint32) (ret error) = dwmapi.DwmGetWindowAttribute +//sys DwmSetWindowAttribute(hwnd HWND, attribute uint32, value unsafe.Pointer, size uint32) (ret error) = dwmapi.DwmSetWindowAttribute + // syscall interface implementation for other packages // GetCurrentProcess returns the handle for the current process. @@ -971,6 +979,32 @@ func (sa *SockaddrUnix) sockaddr() (unsafe.Pointer, int32, error) { return unsafe.Pointer(&sa.raw), sl, nil } +type RawSockaddrBth struct { + AddressFamily [2]byte + BtAddr [8]byte + ServiceClassId [16]byte + Port [4]byte +} + +type SockaddrBth struct { + BtAddr uint64 + ServiceClassId GUID + Port uint32 + + raw RawSockaddrBth +} + +func (sa *SockaddrBth) sockaddr() (unsafe.Pointer, int32, error) { + family := AF_BTH + sa.raw = RawSockaddrBth{ + AddressFamily: *(*[2]byte)(unsafe.Pointer(&family)), + BtAddr: *(*[8]byte)(unsafe.Pointer(&sa.BtAddr)), + Port: *(*[4]byte)(unsafe.Pointer(&sa.Port)), + ServiceClassId: *(*[16]byte)(unsafe.Pointer(&sa.ServiceClassId)), + } + return unsafe.Pointer(&sa.raw), int32(unsafe.Sizeof(sa.raw)), nil +} + func (rsa *RawSockaddrAny) Sockaddr() (Sockaddr, error) { switch rsa.Addr.Family { case AF_UNIX: @@ -1081,9 +1115,13 @@ func Shutdown(fd Handle, how int) (err error) { } func WSASendto(s Handle, bufs *WSABuf, bufcnt uint32, sent *uint32, flags uint32, to Sockaddr, overlapped *Overlapped, croutine *byte) (err error) { - rsa, l, err := to.sockaddr() - if err != nil { - return err + var rsa unsafe.Pointer + var l int32 + if to != nil { + rsa, l, err = to.sockaddr() + if err != nil { + return err + } } return WSASendTo(s, bufs, bufcnt, sent, flags, (*RawSockaddrAny)(unsafe.Pointer(rsa)), l, overlapped, croutine) } @@ -1707,3 +1745,71 @@ func LoadResourceData(module, resInfo Handle) (data []byte, err error) { h.Cap = int(size) return } + +// PSAPI_WORKING_SET_EX_BLOCK contains extended working set information for a page. +type PSAPI_WORKING_SET_EX_BLOCK uint64 + +// Valid returns the validity of this page. +// If this bit is 1, the subsequent members are valid; otherwise they should be ignored. +func (b PSAPI_WORKING_SET_EX_BLOCK) Valid() bool { + return (b & 1) == 1 +} + +// ShareCount is the number of processes that share this page. The maximum value of this member is 7. +func (b PSAPI_WORKING_SET_EX_BLOCK) ShareCount() uint64 { + return b.intField(1, 3) +} + +// Win32Protection is the memory protection attributes of the page. For a list of values, see +// https://docs.microsoft.com/en-us/windows/win32/memory/memory-protection-constants +func (b PSAPI_WORKING_SET_EX_BLOCK) Win32Protection() uint64 { + return b.intField(4, 11) +} + +// Shared returns the shared status of this page. +// If this bit is 1, the page can be shared. +func (b PSAPI_WORKING_SET_EX_BLOCK) Shared() bool { + return (b & (1 << 15)) == 1 +} + +// Node is the NUMA node. The maximum value of this member is 63. +func (b PSAPI_WORKING_SET_EX_BLOCK) Node() uint64 { + return b.intField(16, 6) +} + +// Locked returns the locked status of this page. +// If this bit is 1, the virtual page is locked in physical memory. +func (b PSAPI_WORKING_SET_EX_BLOCK) Locked() bool { + return (b & (1 << 22)) == 1 +} + +// LargePage returns the large page status of this page. +// If this bit is 1, the page is a large page. +func (b PSAPI_WORKING_SET_EX_BLOCK) LargePage() bool { + return (b & (1 << 23)) == 1 +} + +// Bad returns the bad status of this page. +// If this bit is 1, the page is has been reported as bad. +func (b PSAPI_WORKING_SET_EX_BLOCK) Bad() bool { + return (b & (1 << 31)) == 1 +} + +// intField extracts an integer field in the PSAPI_WORKING_SET_EX_BLOCK union. +func (b PSAPI_WORKING_SET_EX_BLOCK) intField(start, length int) uint64 { + var mask PSAPI_WORKING_SET_EX_BLOCK + for pos := start; pos < start+length; pos++ { + mask |= (1 << pos) + } + + masked := b & mask + return uint64(masked >> start) +} + +// PSAPI_WORKING_SET_EX_INFORMATION contains extended working set information for a process. +type PSAPI_WORKING_SET_EX_INFORMATION struct { + // The virtual address. + VirtualAddress Pointer + // A PSAPI_WORKING_SET_EX_BLOCK union that indicates the attributes of the page at VirtualAddress. + VirtualAttributes PSAPI_WORKING_SET_EX_BLOCK +} diff --git a/vendor/golang.org/x/sys/windows/types_windows.go b/vendor/golang.org/x/sys/windows/types_windows.go index f9eaca528ed..0c4add97410 100644 --- a/vendor/golang.org/x/sys/windows/types_windows.go +++ b/vendor/golang.org/x/sys/windows/types_windows.go @@ -3213,3 +3213,48 @@ type ModuleInfo struct { } const ALL_PROCESSOR_GROUPS = 0xFFFF + +type Rect struct { + Left int32 + Top int32 + Right int32 + Bottom int32 +} + +type GUIThreadInfo struct { + Size uint32 + Flags uint32 + Active HWND + Focus HWND + Capture HWND + MenuOwner HWND + MoveSize HWND + CaretHandle HWND + CaretRect Rect +} + +const ( + DWMWA_NCRENDERING_ENABLED = 1 + DWMWA_NCRENDERING_POLICY = 2 + DWMWA_TRANSITIONS_FORCEDISABLED = 3 + DWMWA_ALLOW_NCPAINT = 4 + DWMWA_CAPTION_BUTTON_BOUNDS = 5 + DWMWA_NONCLIENT_RTL_LAYOUT = 6 + DWMWA_FORCE_ICONIC_REPRESENTATION = 7 + DWMWA_FLIP3D_POLICY = 8 + DWMWA_EXTENDED_FRAME_BOUNDS = 9 + DWMWA_HAS_ICONIC_BITMAP = 10 + DWMWA_DISALLOW_PEEK = 11 + DWMWA_EXCLUDED_FROM_PEEK = 12 + DWMWA_CLOAK = 13 + DWMWA_CLOAKED = 14 + DWMWA_FREEZE_REPRESENTATION = 15 + DWMWA_PASSIVE_UPDATE_MODE = 16 + DWMWA_USE_HOSTBACKDROPBRUSH = 17 + DWMWA_USE_IMMERSIVE_DARK_MODE = 20 + DWMWA_WINDOW_CORNER_PREFERENCE = 33 + DWMWA_BORDER_COLOR = 34 + DWMWA_CAPTION_COLOR = 35 + DWMWA_TEXT_COLOR = 36 + DWMWA_VISIBLE_FRAME_BORDER_THICKNESS = 37 +) diff --git a/vendor/golang.org/x/sys/windows/zsyscall_windows.go b/vendor/golang.org/x/sys/windows/zsyscall_windows.go index 678262cda17..96ba8559c37 100644 --- a/vendor/golang.org/x/sys/windows/zsyscall_windows.go +++ b/vendor/golang.org/x/sys/windows/zsyscall_windows.go @@ -40,6 +40,7 @@ var ( modadvapi32 = NewLazySystemDLL("advapi32.dll") modcrypt32 = NewLazySystemDLL("crypt32.dll") moddnsapi = NewLazySystemDLL("dnsapi.dll") + moddwmapi = NewLazySystemDLL("dwmapi.dll") modiphlpapi = NewLazySystemDLL("iphlpapi.dll") modkernel32 = NewLazySystemDLL("kernel32.dll") modmswsock = NewLazySystemDLL("mswsock.dll") @@ -175,6 +176,8 @@ var ( procDnsNameCompare_W = moddnsapi.NewProc("DnsNameCompare_W") procDnsQuery_W = moddnsapi.NewProc("DnsQuery_W") procDnsRecordListFree = moddnsapi.NewProc("DnsRecordListFree") + procDwmGetWindowAttribute = moddwmapi.NewProc("DwmGetWindowAttribute") + procDwmSetWindowAttribute = moddwmapi.NewProc("DwmSetWindowAttribute") procGetAdaptersAddresses = modiphlpapi.NewProc("GetAdaptersAddresses") procGetAdaptersInfo = modiphlpapi.NewProc("GetAdaptersInfo") procGetBestInterfaceEx = modiphlpapi.NewProc("GetBestInterfaceEx") @@ -408,6 +411,7 @@ var ( procGetModuleBaseNameW = modpsapi.NewProc("GetModuleBaseNameW") procGetModuleFileNameExW = modpsapi.NewProc("GetModuleFileNameExW") procGetModuleInformation = modpsapi.NewProc("GetModuleInformation") + procQueryWorkingSetEx = modpsapi.NewProc("QueryWorkingSetEx") procSubscribeServiceChangeNotifications = modsechost.NewProc("SubscribeServiceChangeNotifications") procUnsubscribeServiceChangeNotifications = modsechost.NewProc("UnsubscribeServiceChangeNotifications") procGetUserNameExW = modsecur32.NewProc("GetUserNameExW") @@ -443,9 +447,18 @@ var ( procCommandLineToArgvW = modshell32.NewProc("CommandLineToArgvW") procSHGetKnownFolderPath = modshell32.NewProc("SHGetKnownFolderPath") procShellExecuteW = modshell32.NewProc("ShellExecuteW") + procEnumChildWindows = moduser32.NewProc("EnumChildWindows") + procEnumWindows = moduser32.NewProc("EnumWindows") procExitWindowsEx = moduser32.NewProc("ExitWindowsEx") + procGetClassNameW = moduser32.NewProc("GetClassNameW") + procGetDesktopWindow = moduser32.NewProc("GetDesktopWindow") + procGetForegroundWindow = moduser32.NewProc("GetForegroundWindow") + procGetGUIThreadInfo = moduser32.NewProc("GetGUIThreadInfo") procGetShellWindow = moduser32.NewProc("GetShellWindow") procGetWindowThreadProcessId = moduser32.NewProc("GetWindowThreadProcessId") + procIsWindow = moduser32.NewProc("IsWindow") + procIsWindowUnicode = moduser32.NewProc("IsWindowUnicode") + procIsWindowVisible = moduser32.NewProc("IsWindowVisible") procMessageBoxW = moduser32.NewProc("MessageBoxW") procCreateEnvironmentBlock = moduserenv.NewProc("CreateEnvironmentBlock") procDestroyEnvironmentBlock = moduserenv.NewProc("DestroyEnvironmentBlock") @@ -1524,6 +1537,22 @@ func DnsRecordListFree(rl *DNSRecord, freetype uint32) { return } +func DwmGetWindowAttribute(hwnd HWND, attribute uint32, value unsafe.Pointer, size uint32) (ret error) { + r0, _, _ := syscall.Syscall6(procDwmGetWindowAttribute.Addr(), 4, uintptr(hwnd), uintptr(attribute), uintptr(value), uintptr(size), 0, 0) + if r0 != 0 { + ret = syscall.Errno(r0) + } + return +} + +func DwmSetWindowAttribute(hwnd HWND, attribute uint32, value unsafe.Pointer, size uint32) (ret error) { + r0, _, _ := syscall.Syscall6(procDwmSetWindowAttribute.Addr(), 4, uintptr(hwnd), uintptr(attribute), uintptr(value), uintptr(size), 0, 0) + if r0 != 0 { + ret = syscall.Errno(r0) + } + return +} + func GetAdaptersAddresses(family uint32, flags uint32, reserved uintptr, adapterAddresses *IpAdapterAddresses, sizePointer *uint32) (errcode error) { r0, _, _ := syscall.Syscall6(procGetAdaptersAddresses.Addr(), 5, uintptr(family), uintptr(flags), uintptr(reserved), uintptr(unsafe.Pointer(adapterAddresses)), uintptr(unsafe.Pointer(sizePointer)), 0) if r0 != 0 { @@ -3504,6 +3533,14 @@ func GetModuleInformation(process Handle, module Handle, modinfo *ModuleInfo, cb return } +func QueryWorkingSetEx(process Handle, pv uintptr, cb uint32) (err error) { + r1, _, e1 := syscall.Syscall(procQueryWorkingSetEx.Addr(), 3, uintptr(process), uintptr(pv), uintptr(cb)) + if r1 == 0 { + err = errnoErr(e1) + } + return +} + func SubscribeServiceChangeNotifications(service Handle, eventType uint32, callback uintptr, callbackCtx uintptr, subscription *uintptr) (ret error) { ret = procSubscribeServiceChangeNotifications.Find() if ret != nil { @@ -3793,6 +3830,19 @@ func ShellExecute(hwnd Handle, verb *uint16, file *uint16, args *uint16, cwd *ui return } +func EnumChildWindows(hwnd HWND, enumFunc uintptr, param unsafe.Pointer) { + syscall.Syscall(procEnumChildWindows.Addr(), 3, uintptr(hwnd), uintptr(enumFunc), uintptr(param)) + return +} + +func EnumWindows(enumFunc uintptr, param unsafe.Pointer) (err error) { + r1, _, e1 := syscall.Syscall(procEnumWindows.Addr(), 2, uintptr(enumFunc), uintptr(param), 0) + if r1 == 0 { + err = errnoErr(e1) + } + return +} + func ExitWindowsEx(flags uint32, reason uint32) (err error) { r1, _, e1 := syscall.Syscall(procExitWindowsEx.Addr(), 2, uintptr(flags), uintptr(reason), 0) if r1 == 0 { @@ -3801,6 +3851,35 @@ func ExitWindowsEx(flags uint32, reason uint32) (err error) { return } +func GetClassName(hwnd HWND, className *uint16, maxCount int32) (copied int32, err error) { + r0, _, e1 := syscall.Syscall(procGetClassNameW.Addr(), 3, uintptr(hwnd), uintptr(unsafe.Pointer(className)), uintptr(maxCount)) + copied = int32(r0) + if copied == 0 { + err = errnoErr(e1) + } + return +} + +func GetDesktopWindow() (hwnd HWND) { + r0, _, _ := syscall.Syscall(procGetDesktopWindow.Addr(), 0, 0, 0, 0) + hwnd = HWND(r0) + return +} + +func GetForegroundWindow() (hwnd HWND) { + r0, _, _ := syscall.Syscall(procGetForegroundWindow.Addr(), 0, 0, 0, 0) + hwnd = HWND(r0) + return +} + +func GetGUIThreadInfo(thread uint32, info *GUIThreadInfo) (err error) { + r1, _, e1 := syscall.Syscall(procGetGUIThreadInfo.Addr(), 2, uintptr(thread), uintptr(unsafe.Pointer(info)), 0) + if r1 == 0 { + err = errnoErr(e1) + } + return +} + func GetShellWindow() (shellWindow HWND) { r0, _, _ := syscall.Syscall(procGetShellWindow.Addr(), 0, 0, 0, 0) shellWindow = HWND(r0) @@ -3816,6 +3895,24 @@ func GetWindowThreadProcessId(hwnd HWND, pid *uint32) (tid uint32, err error) { return } +func IsWindow(hwnd HWND) (isWindow bool) { + r0, _, _ := syscall.Syscall(procIsWindow.Addr(), 1, uintptr(hwnd), 0, 0) + isWindow = r0 != 0 + return +} + +func IsWindowUnicode(hwnd HWND) (isUnicode bool) { + r0, _, _ := syscall.Syscall(procIsWindowUnicode.Addr(), 1, uintptr(hwnd), 0, 0) + isUnicode = r0 != 0 + return +} + +func IsWindowVisible(hwnd HWND) (isVisible bool) { + r0, _, _ := syscall.Syscall(procIsWindowVisible.Addr(), 1, uintptr(hwnd), 0, 0) + isVisible = r0 != 0 + return +} + func MessageBox(hwnd HWND, text *uint16, caption *uint16, boxtype uint32) (ret int32, err error) { r0, _, e1 := syscall.Syscall6(procMessageBoxW.Addr(), 4, uintptr(hwnd), uintptr(unsafe.Pointer(text)), uintptr(unsafe.Pointer(caption)), uintptr(boxtype), 0, 0) ret = int32(r0) diff --git a/vendor/modules.txt b/vendor/modules.txt index 60a6dd54385..fa87b4acc53 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -2,8 +2,8 @@ ## explicit; go 1.16 github.com/checkpoint-restore/go-criu/v6 github.com/checkpoint-restore/go-criu/v6/crit/images -# github.com/cilium/ebpf v0.9.1 -## explicit; go 1.17 +# github.com/cilium/ebpf v0.9.3 +## explicit; go 1.18 github.com/cilium/ebpf github.com/cilium/ebpf/asm github.com/cilium/ebpf/btf @@ -71,7 +71,7 @@ github.com/vishvananda/netns # golang.org/x/net v0.0.0-20201224014010-6772e930b67b ## explicit; go 1.11 golang.org/x/net/bpf -# golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8 +# golang.org/x/sys v0.0.0-20220928140112-f11e5e49a4ec ## explicit; go 1.17 golang.org/x/sys/execabs golang.org/x/sys/internal/unsafeheader From 8584900e50f1397e038e0f108e0a65ac1c7af95c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 4 Oct 2022 04:12:20 +0000 Subject: [PATCH 0101/1176] build(deps): bump actions/cache from 3.0.9 to 3.0.10 Bumps [actions/cache](https://github.com/actions/cache) from 3.0.9 to 3.0.10. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/v3.0.9...v3.0.10) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/validate.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index a692b78a137..566e4a35b67 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -72,7 +72,7 @@ jobs: echo "VERSION=3.3.1" >> $GITHUB_ENV echo "$(go env GOPATH)/bin" >> $GITHUB_PATH - name: cache go mod and $GOCACHE - uses: actions/cache@v3.0.9 + uses: actions/cache@v3.0.10 with: path: | ~/go/pkg/mod @@ -119,7 +119,7 @@ jobs: with: go-version: "${{ env.GO_VERSION }}" - name: cache go mod and $GOCACHE - uses: actions/cache@v3.0.9 + uses: actions/cache@v3.0.10 with: path: | ~/go/pkg/mod From ae53cde3ffc3bc62e70f7652e9ade232c439ae48 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 6 Oct 2022 12:10:26 -0700 Subject: [PATCH 0102/1176] cirrus-ci: install EPEL on CentOS 7 conditionally Signed-off-by: Kir Kolyshkin --- .cirrus.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.cirrus.yml b/.cirrus.yml index 34baf5f1192..aad6ff143c4 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -93,7 +93,7 @@ task: centos-7) (cd /etc/yum.repos.d && curl -O https://copr.fedorainfracloud.org/coprs/adrian/criu-el7/repo/epel-7/adrian-criu-el7-epel-7.repo) # EPEL is needed for jq and fuse-sshfs. - rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm + rpm -q epel-release || rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm # sysctl echo "user.max_user_namespaces=15076" > /etc/sysctl.d/userns.conf sysctl --system From 04389ae99b8cd8c94133030a5c540e26e2ca9149 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Thu, 6 Oct 2022 14:22:57 +0200 Subject: [PATCH 0103/1176] libcontainer/cgroups: return concrete types It's more idiomatic Go to define interfaces on the receiver, and constructors to return concrete types. This patch changes various constructors to return a concrete type, with the exceptions of NewWithPaths, which needs the abstraction as it switches between implementations. Signed-off-by: Sebastiaan van Stijn --- libcontainer/cgroups/fs/fs.go | 32 ++++++++--------- libcontainer/cgroups/fs2/fs2.go | 36 +++++++++---------- libcontainer/cgroups/systemd/devices.go | 2 +- libcontainer/cgroups/systemd/freeze_test.go | 5 ++- libcontainer/cgroups/systemd/v1.go | 38 ++++++++++----------- libcontainer/cgroups/systemd/v2.go | 36 +++++++++---------- 6 files changed, 74 insertions(+), 75 deletions(-) diff --git a/libcontainer/cgroups/fs/fs.go b/libcontainer/cgroups/fs/fs.go index be4dcc341bb..43c547838d5 100644 --- a/libcontainer/cgroups/fs/fs.go +++ b/libcontainer/cgroups/fs/fs.go @@ -53,13 +53,13 @@ type subsystem interface { Set(path string, r *configs.Resources) error } -type manager struct { +type Manager struct { mu sync.Mutex cgroups *configs.Cgroup paths map[string]string } -func NewManager(cg *configs.Cgroup, paths map[string]string) (cgroups.Manager, error) { +func NewManager(cg *configs.Cgroup, paths map[string]string) (*Manager, error) { // Some v1 controllers (cpu, cpuset, and devices) expect // cgroups.Resources to not be nil in Apply. if cg.Resources == nil { @@ -77,7 +77,7 @@ func NewManager(cg *configs.Cgroup, paths map[string]string) (cgroups.Manager, e } } - return &manager{ + return &Manager{ cgroups: cg, paths: paths, }, nil @@ -104,7 +104,7 @@ func isIgnorableError(rootless bool, err error) bool { return false } -func (m *manager) Apply(pid int) (err error) { +func (m *Manager) Apply(pid int) (err error) { m.mu.Lock() defer m.mu.Unlock() @@ -138,19 +138,19 @@ func (m *manager) Apply(pid int) (err error) { return nil } -func (m *manager) Destroy() error { +func (m *Manager) Destroy() error { m.mu.Lock() defer m.mu.Unlock() return cgroups.RemovePaths(m.paths) } -func (m *manager) Path(subsys string) string { +func (m *Manager) Path(subsys string) string { m.mu.Lock() defer m.mu.Unlock() return m.paths[subsys] } -func (m *manager) GetStats() (*cgroups.Stats, error) { +func (m *Manager) GetStats() (*cgroups.Stats, error) { m.mu.Lock() defer m.mu.Unlock() stats := cgroups.NewStats() @@ -166,7 +166,7 @@ func (m *manager) GetStats() (*cgroups.Stats, error) { return stats, nil } -func (m *manager) Set(r *configs.Resources) error { +func (m *Manager) Set(r *configs.Resources) error { if r == nil { return nil } @@ -201,7 +201,7 @@ func (m *manager) Set(r *configs.Resources) error { // Freeze toggles the container's freezer cgroup depending on the state // provided -func (m *manager) Freeze(state configs.FreezerState) error { +func (m *Manager) Freeze(state configs.FreezerState) error { path := m.Path("freezer") if path == "" { return errors.New("cannot toggle freezer: cgroups not configured for container") @@ -217,25 +217,25 @@ func (m *manager) Freeze(state configs.FreezerState) error { return nil } -func (m *manager) GetPids() ([]int, error) { +func (m *Manager) GetPids() ([]int, error) { return cgroups.GetPids(m.Path("devices")) } -func (m *manager) GetAllPids() ([]int, error) { +func (m *Manager) GetAllPids() ([]int, error) { return cgroups.GetAllPids(m.Path("devices")) } -func (m *manager) GetPaths() map[string]string { +func (m *Manager) GetPaths() map[string]string { m.mu.Lock() defer m.mu.Unlock() return m.paths } -func (m *manager) GetCgroups() (*configs.Cgroup, error) { +func (m *Manager) GetCgroups() (*configs.Cgroup, error) { return m.cgroups, nil } -func (m *manager) GetFreezerState() (configs.FreezerState, error) { +func (m *Manager) GetFreezerState() (configs.FreezerState, error) { dir := m.Path("freezer") // If the container doesn't have the freezer cgroup, say it's undefined. if dir == "" { @@ -245,7 +245,7 @@ func (m *manager) GetFreezerState() (configs.FreezerState, error) { return freezer.GetState(dir) } -func (m *manager) Exists() bool { +func (m *Manager) Exists() bool { return cgroups.PathExists(m.Path("devices")) } @@ -253,7 +253,7 @@ func OOMKillCount(path string) (uint64, error) { return fscommon.GetValueByKey(path, "memory.oom_control", "oom_kill") } -func (m *manager) OOMKillCount() (uint64, error) { +func (m *Manager) OOMKillCount() (uint64, error) { c, err := OOMKillCount(m.Path("memory")) // Ignore ENOENT when rootless as it couldn't create cgroup. if err != nil && m.cgroups.Rootless && os.IsNotExist(err) { diff --git a/libcontainer/cgroups/fs2/fs2.go b/libcontainer/cgroups/fs2/fs2.go index d5208d7782f..7d366d0f3b9 100644 --- a/libcontainer/cgroups/fs2/fs2.go +++ b/libcontainer/cgroups/fs2/fs2.go @@ -13,7 +13,7 @@ import ( type parseError = fscommon.ParseError -type manager struct { +type Manager struct { config *configs.Cgroup // dirPath is like "/sys/fs/cgroup/user.slice/user-1001.slice/session-1.scope" dirPath string @@ -25,7 +25,7 @@ type manager struct { // NewManager creates a manager for cgroup v2 unified hierarchy. // dirPath is like "/sys/fs/cgroup/user.slice/user-1001.slice/session-1.scope". // If dirPath is empty, it is automatically set using config. -func NewManager(config *configs.Cgroup, dirPath string) (cgroups.Manager, error) { +func NewManager(config *configs.Cgroup, dirPath string) (*Manager, error) { if dirPath == "" { var err error dirPath, err = defaultDirPath(config) @@ -34,14 +34,14 @@ func NewManager(config *configs.Cgroup, dirPath string) (cgroups.Manager, error) } } - m := &manager{ + m := &Manager{ config: config, dirPath: dirPath, } return m, nil } -func (m *manager) getControllers() error { +func (m *Manager) getControllers() error { if m.controllers != nil { return nil } @@ -62,7 +62,7 @@ func (m *manager) getControllers() error { return nil } -func (m *manager) Apply(pid int) error { +func (m *Manager) Apply(pid int) error { if err := CreateCgroupPath(m.dirPath, m.config); err != nil { // Related tests: // - "runc create (no limits + no cgrouppath + no permission) succeeds" @@ -84,15 +84,15 @@ func (m *manager) Apply(pid int) error { return nil } -func (m *manager) GetPids() ([]int, error) { +func (m *Manager) GetPids() ([]int, error) { return cgroups.GetPids(m.dirPath) } -func (m *manager) GetAllPids() ([]int, error) { +func (m *Manager) GetAllPids() ([]int, error) { return cgroups.GetAllPids(m.dirPath) } -func (m *manager) GetStats() (*cgroups.Stats, error) { +func (m *Manager) GetStats() (*cgroups.Stats, error) { var errs []error st := cgroups.NewStats() @@ -128,7 +128,7 @@ func (m *manager) GetStats() (*cgroups.Stats, error) { return st, nil } -func (m *manager) Freeze(state configs.FreezerState) error { +func (m *Manager) Freeze(state configs.FreezerState) error { if m.config.Resources == nil { return errors.New("cannot toggle freezer: cgroups not configured for container") } @@ -139,15 +139,15 @@ func (m *manager) Freeze(state configs.FreezerState) error { return nil } -func (m *manager) Destroy() error { +func (m *Manager) Destroy() error { return cgroups.RemovePath(m.dirPath) } -func (m *manager) Path(_ string) string { +func (m *Manager) Path(_ string) string { return m.dirPath } -func (m *manager) Set(r *configs.Resources) error { +func (m *Manager) Set(r *configs.Resources) error { if r == nil { return nil } @@ -213,7 +213,7 @@ func setDevices(dirPath string, r *configs.Resources) error { return cgroups.DevicesSetV2(dirPath, r) } -func (m *manager) setUnified(res map[string]string) error { +func (m *Manager) setUnified(res map[string]string) error { for k, v := range res { if strings.Contains(k, "/") { return fmt.Errorf("unified resource %q must be a file name (no slashes)", k) @@ -239,21 +239,21 @@ func (m *manager) setUnified(res map[string]string) error { return nil } -func (m *manager) GetPaths() map[string]string { +func (m *Manager) GetPaths() map[string]string { paths := make(map[string]string, 1) paths[""] = m.dirPath return paths } -func (m *manager) GetCgroups() (*configs.Cgroup, error) { +func (m *Manager) GetCgroups() (*configs.Cgroup, error) { return m.config, nil } -func (m *manager) GetFreezerState() (configs.FreezerState, error) { +func (m *Manager) GetFreezerState() (configs.FreezerState, error) { return getFreezer(m.dirPath) } -func (m *manager) Exists() bool { +func (m *Manager) Exists() bool { return cgroups.PathExists(m.dirPath) } @@ -261,7 +261,7 @@ func OOMKillCount(path string) (uint64, error) { return fscommon.GetValueByKey(path, "memory.events", "oom_kill") } -func (m *manager) OOMKillCount() (uint64, error) { +func (m *Manager) OOMKillCount() (uint64, error) { c, err := OOMKillCount(m.dirPath) if err != nil && m.config.Rootless && os.IsNotExist(err) { err = nil diff --git a/libcontainer/cgroups/systemd/devices.go b/libcontainer/cgroups/systemd/devices.go index edd1f158568..d8c572b4dd3 100644 --- a/libcontainer/cgroups/systemd/devices.go +++ b/libcontainer/cgroups/systemd/devices.go @@ -17,7 +17,7 @@ import ( // (unlike our fs driver, they will happily write deny-all rules to running // containers). So we have to freeze the container to avoid the container get // an occasional "permission denied" error. -func (m *legacyManager) freezeBeforeSet(unitName string, r *configs.Resources) (needsFreeze, needsThaw bool, err error) { +func (m *LegacyManager) freezeBeforeSet(unitName string, r *configs.Resources) (needsFreeze, needsThaw bool, err error) { // Special case for SkipDevices, as used by Kubernetes to create pod // cgroups with allow-all device policy). if r.SkipDevices { diff --git a/libcontainer/cgroups/systemd/freeze_test.go b/libcontainer/cgroups/systemd/freeze_test.go index 76057865433..ed71603ca70 100644 --- a/libcontainer/cgroups/systemd/freeze_test.go +++ b/libcontainer/cgroups/systemd/freeze_test.go @@ -139,10 +139,9 @@ func TestFreezeBeforeSet(t *testing.T) { t.Fatal(err) } defer m.Destroy() //nolint:errcheck - lm := m.(*legacyManager) // Checks for a non-existent unit. - freeze, thaw, err := lm.freezeBeforeSet(getUnitName(tc.cg), tc.cg.Resources) + freeze, thaw, err := m.freezeBeforeSet(getUnitName(tc.cg), tc.cg.Resources) if err != nil { t.Fatal(err) } @@ -176,7 +175,7 @@ func TestFreezeBeforeSet(t *testing.T) { return // no more checks } } - freeze, thaw, err = lm.freezeBeforeSet(getUnitName(tc.cg), tc.cg.Resources) + freeze, thaw, err = m.freezeBeforeSet(getUnitName(tc.cg), tc.cg.Resources) if err != nil { t.Error(err) return // no more checks diff --git a/libcontainer/cgroups/systemd/v1.go b/libcontainer/cgroups/systemd/v1.go index 1e4c582127d..ab9333cb2c8 100644 --- a/libcontainer/cgroups/systemd/v1.go +++ b/libcontainer/cgroups/systemd/v1.go @@ -15,14 +15,14 @@ import ( "github.com/opencontainers/runc/libcontainer/configs" ) -type legacyManager struct { +type LegacyManager struct { mu sync.Mutex cgroups *configs.Cgroup paths map[string]string dbus *dbusConnManager } -func NewLegacyManager(cg *configs.Cgroup, paths map[string]string) (cgroups.Manager, error) { +func NewLegacyManager(cg *configs.Cgroup, paths map[string]string) (*LegacyManager, error) { if cg.Rootless { return nil, errors.New("cannot use rootless systemd cgroups manager on cgroup v1") } @@ -36,7 +36,7 @@ func NewLegacyManager(cg *configs.Cgroup, paths map[string]string) (cgroups.Mana return nil, err } } - return &legacyManager{ + return &LegacyManager{ cgroups: cg, paths: paths, dbus: newDbusConnManager(false), @@ -46,7 +46,7 @@ func NewLegacyManager(cg *configs.Cgroup, paths map[string]string) (cgroups.Mana type subsystem interface { // Name returns the name of the subsystem. Name() string - // Returns the stats, as 'stats', corresponding to the cgroup under 'path'. + // GetStats returns the stats, as 'stats', corresponding to the cgroup under 'path'. GetStats(path string, stats *cgroups.Stats) error // Set sets cgroup resource limits. Set(path string, r *configs.Resources) error @@ -157,7 +157,7 @@ func initPaths(c *configs.Cgroup) (map[string]string, error) { return paths, nil } -func (m *legacyManager) Apply(pid int) error { +func (m *LegacyManager) Apply(pid int) error { var ( c = m.cgroups unitName = getUnitName(c) @@ -215,7 +215,7 @@ func (m *legacyManager) Apply(pid int) error { return nil } -func (m *legacyManager) Destroy() error { +func (m *LegacyManager) Destroy() error { m.mu.Lock() defer m.mu.Unlock() @@ -231,13 +231,13 @@ func (m *legacyManager) Destroy() error { return stopErr } -func (m *legacyManager) Path(subsys string) string { +func (m *LegacyManager) Path(subsys string) string { m.mu.Lock() defer m.mu.Unlock() return m.paths[subsys] } -func (m *legacyManager) joinCgroups(pid int) error { +func (m *LegacyManager) joinCgroups(pid int) error { for _, sys := range legacySubsystems { name := sys.Name() switch name { @@ -281,7 +281,7 @@ func getSubsystemPath(slice, unit, subsystem string) (string, error) { return filepath.Join(mountpoint, initPath, slice, unit), nil } -func (m *legacyManager) Freeze(state configs.FreezerState) error { +func (m *LegacyManager) Freeze(state configs.FreezerState) error { err := m.doFreeze(state) if err == nil { m.cgroups.Resources.Freezer = state @@ -291,7 +291,7 @@ func (m *legacyManager) Freeze(state configs.FreezerState) error { // doFreeze is the same as Freeze but without // changing the m.cgroups.Resources.Frozen field. -func (m *legacyManager) doFreeze(state configs.FreezerState) error { +func (m *LegacyManager) doFreeze(state configs.FreezerState) error { path, ok := m.paths["freezer"] if !ok { return errSubsystemDoesNotExist @@ -301,7 +301,7 @@ func (m *legacyManager) doFreeze(state configs.FreezerState) error { return freezer.Set(path, resources) } -func (m *legacyManager) GetPids() ([]int, error) { +func (m *LegacyManager) GetPids() ([]int, error) { path, ok := m.paths["devices"] if !ok { return nil, errSubsystemDoesNotExist @@ -309,7 +309,7 @@ func (m *legacyManager) GetPids() ([]int, error) { return cgroups.GetPids(path) } -func (m *legacyManager) GetAllPids() ([]int, error) { +func (m *LegacyManager) GetAllPids() ([]int, error) { path, ok := m.paths["devices"] if !ok { return nil, errSubsystemDoesNotExist @@ -317,7 +317,7 @@ func (m *legacyManager) GetAllPids() ([]int, error) { return cgroups.GetAllPids(path) } -func (m *legacyManager) GetStats() (*cgroups.Stats, error) { +func (m *LegacyManager) GetStats() (*cgroups.Stats, error) { m.mu.Lock() defer m.mu.Unlock() stats := cgroups.NewStats() @@ -334,7 +334,7 @@ func (m *legacyManager) GetStats() (*cgroups.Stats, error) { return stats, nil } -func (m *legacyManager) Set(r *configs.Resources) error { +func (m *LegacyManager) Set(r *configs.Resources) error { if r == nil { return nil } @@ -382,17 +382,17 @@ func (m *legacyManager) Set(r *configs.Resources) error { return nil } -func (m *legacyManager) GetPaths() map[string]string { +func (m *LegacyManager) GetPaths() map[string]string { m.mu.Lock() defer m.mu.Unlock() return m.paths } -func (m *legacyManager) GetCgroups() (*configs.Cgroup, error) { +func (m *LegacyManager) GetCgroups() (*configs.Cgroup, error) { return m.cgroups, nil } -func (m *legacyManager) GetFreezerState() (configs.FreezerState, error) { +func (m *LegacyManager) GetFreezerState() (configs.FreezerState, error) { path, ok := m.paths["freezer"] if !ok { return configs.Undefined, nil @@ -401,10 +401,10 @@ func (m *legacyManager) GetFreezerState() (configs.FreezerState, error) { return freezer.GetState(path) } -func (m *legacyManager) Exists() bool { +func (m *LegacyManager) Exists() bool { return cgroups.PathExists(m.Path("devices")) } -func (m *legacyManager) OOMKillCount() (uint64, error) { +func (m *LegacyManager) OOMKillCount() (uint64, error) { return fs.OOMKillCount(m.Path("memory")) } diff --git a/libcontainer/cgroups/systemd/v2.go b/libcontainer/cgroups/systemd/v2.go index de0cb974d46..48e9750cb87 100644 --- a/libcontainer/cgroups/systemd/v2.go +++ b/libcontainer/cgroups/systemd/v2.go @@ -20,7 +20,7 @@ import ( "github.com/opencontainers/runc/libcontainer/configs" ) -type unifiedManager struct { +type UnifiedManager struct { mu sync.Mutex cgroups *configs.Cgroup // path is like "/sys/fs/cgroup/user.slice/user-1001.slice/session-1.scope" @@ -29,8 +29,8 @@ type unifiedManager struct { fsMgr cgroups.Manager } -func NewUnifiedManager(config *configs.Cgroup, path string) (cgroups.Manager, error) { - m := &unifiedManager{ +func NewUnifiedManager(config *configs.Cgroup, path string) (*UnifiedManager, error) { + m := &UnifiedManager{ cgroups: config, path: path, dbus: newDbusConnManager(config.Rootless), @@ -237,7 +237,7 @@ func genV2ResourcesProperties(r *configs.Resources, cm *dbusConnManager) ([]syst return properties, nil } -func (m *unifiedManager) Apply(pid int) error { +func (m *UnifiedManager) Apply(pid int) error { var ( c = m.cgroups unitName = getUnitName(c) @@ -340,7 +340,7 @@ func cgroupFilesToChown() ([]string, error) { return filesToChown, nil } -func (m *unifiedManager) Destroy() error { +func (m *UnifiedManager) Destroy() error { m.mu.Lock() defer m.mu.Unlock() @@ -359,13 +359,13 @@ func (m *unifiedManager) Destroy() error { return nil } -func (m *unifiedManager) Path(_ string) string { +func (m *UnifiedManager) Path(_ string) string { return m.path } // getSliceFull value is used in initPath. // The value is incompatible with systemdDbus.PropSlice. -func (m *unifiedManager) getSliceFull() (string, error) { +func (m *UnifiedManager) getSliceFull() (string, error) { c := m.cgroups slice := "system.slice" if c.Rootless { @@ -393,7 +393,7 @@ func (m *unifiedManager) getSliceFull() (string, error) { return slice, nil } -func (m *unifiedManager) initPath() error { +func (m *UnifiedManager) initPath() error { if m.path != "" { return nil } @@ -417,23 +417,23 @@ func (m *unifiedManager) initPath() error { return nil } -func (m *unifiedManager) Freeze(state configs.FreezerState) error { +func (m *UnifiedManager) Freeze(state configs.FreezerState) error { return m.fsMgr.Freeze(state) } -func (m *unifiedManager) GetPids() ([]int, error) { +func (m *UnifiedManager) GetPids() ([]int, error) { return cgroups.GetPids(m.path) } -func (m *unifiedManager) GetAllPids() ([]int, error) { +func (m *UnifiedManager) GetAllPids() ([]int, error) { return cgroups.GetAllPids(m.path) } -func (m *unifiedManager) GetStats() (*cgroups.Stats, error) { +func (m *UnifiedManager) GetStats() (*cgroups.Stats, error) { return m.fsMgr.GetStats() } -func (m *unifiedManager) Set(r *configs.Resources) error { +func (m *UnifiedManager) Set(r *configs.Resources) error { if r == nil { return nil } @@ -449,24 +449,24 @@ func (m *unifiedManager) Set(r *configs.Resources) error { return m.fsMgr.Set(r) } -func (m *unifiedManager) GetPaths() map[string]string { +func (m *UnifiedManager) GetPaths() map[string]string { paths := make(map[string]string, 1) paths[""] = m.path return paths } -func (m *unifiedManager) GetCgroups() (*configs.Cgroup, error) { +func (m *UnifiedManager) GetCgroups() (*configs.Cgroup, error) { return m.cgroups, nil } -func (m *unifiedManager) GetFreezerState() (configs.FreezerState, error) { +func (m *UnifiedManager) GetFreezerState() (configs.FreezerState, error) { return m.fsMgr.GetFreezerState() } -func (m *unifiedManager) Exists() bool { +func (m *UnifiedManager) Exists() bool { return cgroups.PathExists(m.path) } -func (m *unifiedManager) OOMKillCount() (uint64, error) { +func (m *UnifiedManager) OOMKillCount() (uint64, error) { return m.fsMgr.OOMKillCount() } From 462e719cae227a990ed793241062a8d2d6145332 Mon Sep 17 00:00:00 2001 From: Evan Phoenix Date: Mon, 3 Oct 2022 11:16:53 -0700 Subject: [PATCH 0104/1176] Fixes inability to use /dev/null when inside a container This is a forward port of https://github.com/opencontainers/runc/pull/3620 The original code depended on the origin filesystem to have /dev/{block,char} populated. This is done by udev normally and while is very common non-containerized systemd installs, it's very easy to start systemd in a container created by runc itself and not have /dev/{block,char} populated. When this occurs, the following error output is observed: $ docker run hello-world docker: Error response from daemon: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error reopening /dev/null inside container: open /dev/null: operation not permitted: unknown. /dev/null can't be opened because it was not added to the deviceAllowList, as there was no /dev/char directory. The change here utilizes the fact that when sysfs in in use, there is a /sys/dev/{block,char} that is kernel maintained that we can check. Signed-off-by: Evan Phoenix --- libcontainer/cgroups/devices/systemd.go | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/libcontainer/cgroups/devices/systemd.go b/libcontainer/cgroups/devices/systemd.go index 6594d9c05a9..eb5ecb064d1 100644 --- a/libcontainer/cgroups/devices/systemd.go +++ b/libcontainer/cgroups/devices/systemd.go @@ -133,8 +133,18 @@ func systemdProperties(r *configs.Resources) ([]systemdDbus.Property, error) { // rules separately to systemd) we can safely skip entries that don't // have a corresponding path. if _, err := os.Stat(entry.Path); err != nil { - logrus.Debugf("skipping device %s for systemd: %s", entry.Path, err) - continue + // Also check /sys/dev so that we don't depend on /dev/{block,char} + // being populated. (/dev/{block,char} is populated by udev, which + // isn't strictly required for systemd). Ironically, this happens most + // easily when starting containerd within a runc created container + // itself. + + // We don't bother with securejoin here because we create entry.Path + // right above here, so we know it's safe. + if _, err := os.Stat("/sys" + entry.Path); err != nil { + logrus.Warnf("skipping device %s for systemd: %s", entry.Path, err) + continue + } } } deviceAllowList = append(deviceAllowList, entry) From 77cae9addc0c7c9ef52513b4e46b2e6485e4e469 Mon Sep 17 00:00:00 2001 From: "Chengen, Du" Date: Mon, 26 Sep 2022 14:28:18 +0800 Subject: [PATCH 0105/1176] cgroups: cpuset: fix byte order while parsing cpuset range to bits Runc parses cpuset range to bits in the case of cgroup v2 + systemd as cgroup driver. The byte order representation differs from systemd expectation, which will set different cpuset range in systemd transient unit if the length of parsed byte array exceeds one. # cat config.json ... "resources": { ... "cpu": { "cpus": "10-23" } }, ... # runc --systemd-cgroup run test # cat /run/systemd/transient/runc-test.scope.d/50-AllowedCPUs.conf # This is a drop-in unit file extension, created via "systemctl set-property" # or an equivalent operation. Do not edit. [Scope] AllowedCPUs=0-7 10-15 The cpuset.cpus in cgroup will also be set to wrong value after reloading systemd manager configuration. # systemctl daemon-reload # cat /sys/fs/cgroup/system.slice/runc-test.scope/cpuset.cpus 0-7,10-15 Signed-off-by: seyeongkim Signed-off-by: Chengen, Du --- libcontainer/cgroups/systemd/cpuset.go | 5 +++++ libcontainer/cgroups/systemd/cpuset_test.go | 6 +++--- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/libcontainer/cgroups/systemd/cpuset.go b/libcontainer/cgroups/systemd/cpuset.go index 83d10dd705f..dd474cf1b16 100644 --- a/libcontainer/cgroups/systemd/cpuset.go +++ b/libcontainer/cgroups/systemd/cpuset.go @@ -51,5 +51,10 @@ func RangeToBits(str string) ([]byte, error) { // do not allow empty values return nil, errors.New("empty value") } + + // fit cpuset parsing order in systemd + for l, r := 0, len(ret)-1; l < r; l, r = l+1, r-1 { + ret[l], ret[r] = ret[r], ret[l] + } return ret, nil } diff --git a/libcontainer/cgroups/systemd/cpuset_test.go b/libcontainer/cgroups/systemd/cpuset_test.go index 3030cba9eb8..bda31a5beca 100644 --- a/libcontainer/cgroups/systemd/cpuset_test.go +++ b/libcontainer/cgroups/systemd/cpuset_test.go @@ -22,13 +22,13 @@ func TestRangeToBits(t *testing.T) { {in: "4-7", out: []byte{0xf0}}, {in: "0-7", out: []byte{0xff}}, {in: "0-15", out: []byte{0xff, 0xff}}, - {in: "16", out: []byte{1, 0, 0}}, - {in: "0-3,32-33", out: []byte{3, 0, 0, 0, 0x0f}}, + {in: "16", out: []byte{0, 0, 1}}, + {in: "0-3,32-33", out: []byte{0x0f, 0, 0, 0, 3}}, // extra spaces and tabs are ok {in: "1, 2, 1-2", out: []byte{6}}, {in: " , 1 , 3 , 5-7, ", out: []byte{0xea}}, // somewhat large values - {in: "128-130,1", out: []byte{7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2}}, + {in: "128-130,1", out: []byte{2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 7}}, {in: "-", isErr: true}, {in: "1-", isErr: true}, From 4a8750d93aabe2b0e76f2336c256c8aa2b47943e Mon Sep 17 00:00:00 2001 From: "Chengen, Du" Date: Mon, 3 Oct 2022 10:07:08 +0800 Subject: [PATCH 0106/1176] tests/int: add a "update cpuset cpus range via v2 unified map" test Add a test case for an issue fixed by the previous commit. The env should has more than 8 core CPU to meet the test requirement. Signed-off-by: Chengen, Du --- tests/integration/helpers.bash | 7 +++++++ tests/integration/update.bats | 27 +++++++++++++++++++++++++++ 2 files changed, 34 insertions(+) diff --git a/tests/integration/helpers.bash b/tests/integration/helpers.bash index ee93c42b479..a9b70ffd887 100644 --- a/tests/integration/helpers.bash +++ b/tests/integration/helpers.bash @@ -457,6 +457,13 @@ function requires() { skip_me=1 fi ;; + more_than_8_core) + local cpus + cpus=$(grep -c '^processor' /proc/cpuinfo) + if [ "$cpus" -le 8 ]; then + skip_me=1 + fi + ;; *) fail "BUG: Invalid requires $var." ;; diff --git a/tests/integration/update.bats b/tests/integration/update.bats index 1937006fd00..d2489009304 100644 --- a/tests/integration/update.bats +++ b/tests/integration/update.bats @@ -557,6 +557,33 @@ EOF check_systemd_value "AllowedMemoryNodes" 1 } +@test "update cpuset cpus range via v2 unified map" { + # This test assumes systemd >= v244 + [ $EUID -ne 0 ] && requires rootless_cgroup + requires systemd cgroups_v2 more_than_8_core cgroups_cpuset + + update_config ' .linux.resources.unified |= { + "cpuset.cpus": "0-5", + }' + runc run -d --console-socket "$CONSOLE_SOCKET" test_update + [ "$status" -eq 0 ] + + # check that the initial value was properly set + check_systemd_value "AllowedCPUs" "0-5" + + runc update -r - test_update < Date: Fri, 14 Oct 2022 04:11:15 +0000 Subject: [PATCH 0107/1176] build(deps): bump actions/cache from 3.0.10 to 3.0.11 Bumps [actions/cache](https://github.com/actions/cache) from 3.0.10 to 3.0.11. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/v3.0.10...v3.0.11) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/validate.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 566e4a35b67..2a2b2dc3a68 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -72,7 +72,7 @@ jobs: echo "VERSION=3.3.1" >> $GITHUB_ENV echo "$(go env GOPATH)/bin" >> $GITHUB_PATH - name: cache go mod and $GOCACHE - uses: actions/cache@v3.0.10 + uses: actions/cache@v3.0.11 with: path: | ~/go/pkg/mod @@ -119,7 +119,7 @@ jobs: with: go-version: "${{ env.GO_VERSION }}" - name: cache go mod and $GOCACHE - uses: actions/cache@v3.0.10 + uses: actions/cache@v3.0.11 with: path: | ~/go/pkg/mod From 6bf2c3b67e125a242c09ccb160adb07781fd041a Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 17 Oct 2022 10:05:17 -0700 Subject: [PATCH 0108/1176] ci/gha: use v3 tag for actions/cache This tag points to the latest v3 version (currently v3.0.11). Mainly done to avoid cluttering git history with multiple minor v3 upgrades. Signed-off-by: Kir Kolyshkin --- .github/workflows/validate.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 2a2b2dc3a68..17bf79cb230 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -72,7 +72,7 @@ jobs: echo "VERSION=3.3.1" >> $GITHUB_ENV echo "$(go env GOPATH)/bin" >> $GITHUB_PATH - name: cache go mod and $GOCACHE - uses: actions/cache@v3.0.11 + uses: actions/cache@v3 with: path: | ~/go/pkg/mod @@ -119,7 +119,7 @@ jobs: with: go-version: "${{ env.GO_VERSION }}" - name: cache go mod and $GOCACHE - uses: actions/cache@v3.0.11 + uses: actions/cache@v3 with: path: | ~/go/pkg/mod From 65840f64efdb8390d11ee56fa39f72eb4656c84a Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 26 Oct 2022 11:02:53 -0700 Subject: [PATCH 0109/1176] tests/int/seccomp: fix flags test on ARM On ARM, mkdirat(2) is used instead of mkdir(2), thus the seccomp rules needs to be amended accordingly. This is a change similar to one in commit e119db7a23c773ca9, but but it evaded the test case added in commit 58ea21dae as it took a long time to merge, and we don't have ARM CI. Fixes: 58ea21dae ("seccomp: add support for flags") Reported-by: Ryan Phillips Signed-off-by: Kir Kolyshkin --- tests/integration/seccomp.bats | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/integration/seccomp.bats b/tests/integration/seccomp.bats index f3e12bbce93..2babf69047d 100644 --- a/tests/integration/seccomp.bats +++ b/tests/integration/seccomp.bats @@ -76,7 +76,7 @@ function teardown() { | .linux.seccomp = { "defaultAction":"SCMP_ACT_ALLOW", "architectures":["SCMP_ARCH_X86","SCMP_ARCH_X32","SCMP_ARCH_X86_64","SCMP_ARCH_AARCH64","SCMP_ARCH_ARM"], - "syscalls":[{"names":["mkdir"], "action":"SCMP_ACT_ERRNO"}] + "syscalls":[{"names":["mkdir", "mkdirat"], "action":"SCMP_ACT_ERRNO"}] }' declare -A FLAGS=( From b265d1288faf33aad791f6241b569ad284ad909f Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 7 Mar 2022 19:24:08 -0800 Subject: [PATCH 0110/1176] libct/seccomp: enable binary tree optimization This makes libseccomp produce a BPF which uses a binary tree for syscalls (instead of linear set of if statements). It does not make sense to enable binary tree for small set of rules, so don't do that if we have less than 8 syscalls (the number is chosen arbitrarily). Signed-off-by: Kir Kolyshkin --- libcontainer/seccomp/seccomp_linux.go | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/libcontainer/seccomp/seccomp_linux.go b/libcontainer/seccomp/seccomp_linux.go index 59549f5b489..0cdb2f561fe 100644 --- a/libcontainer/seccomp/seccomp_linux.go +++ b/libcontainer/seccomp/seccomp_linux.go @@ -111,6 +111,20 @@ func InitSeccomp(config *configs.Seccomp) (int, error) { } } + // Enable libseccomp binary tree optimization for longer rulesets. + // + // The number below chosen semi-arbitrarily, considering the following: + // 1. libseccomp <= 2.5.4 misbehaves when binary tree optimization + // is enabled and there are 0 rules. + // 2. All known libseccomp versions (2.5.0 to 2.5.4) generate a binary + // tree with 4 syscalls per node. + if len(config.Syscalls) > 32 { + if err := filter.SetOptimize(2); err != nil { + // The error is not fatal and is probably means we have older libseccomp. + logrus.Debugf("seccomp binary tree optimization not available: %v", err) + } + } + // Unset no new privs bit if err := filter.SetNoNewPrivsBit(false); err != nil { return -1, fmt.Errorf("error setting no new privileges: %w", err) From fbce47a6b67bad0da33ea9c17a4ade0ccd89d6cd Mon Sep 17 00:00:00 2001 From: Radostin Stoyanov Date: Tue, 1 Nov 2022 09:54:06 +0000 Subject: [PATCH 0111/1176] deps: bump github.com/checkpoint-restore/go-criu to 6.3.0 Signed-off-by: Radostin Stoyanov --- checkpoint.go | 2 +- go.mod | 2 +- go.sum | 4 +- libcontainer/container_linux.go | 2 +- libcontainer/criu_opts_linux.go | 2 +- .../checkpoint-restore/go-criu/v6/Makefile | 14 +- .../checkpoint-restore/go-criu/v6/README.md | 2 +- .../go-criu/v6/crit/images/apparmor.pb.go | 300 -- .../go-criu/v6/crit/images/apparmor.proto | 16 - .../go-criu/v6/crit/images/autofs.pb.go | 217 - .../go-criu/v6/crit/images/autofs.proto | 17 - .../go-criu/v6/crit/images/binfmt-misc.pb.go | 209 - .../go-criu/v6/crit/images/binfmt-misc.proto | 14 - .../go-criu/v6/crit/images/bpfmap-data.pb.go | 172 - .../go-criu/v6/crit/images/bpfmap-data.proto | 10 - .../go-criu/v6/crit/images/bpfmap-file.pb.go | 301 -- .../go-criu/v6/crit/images/bpfmap-file.proto | 25 - .../go-criu/v6/crit/images/cgroup.pb.go | 648 --- .../go-criu/v6/crit/images/cgroup.proto | 43 - .../go-criu/v6/crit/images/core-aarch64.pb.go | 353 -- .../go-criu/v6/crit/images/core-aarch64.proto | 25 - .../go-criu/v6/crit/images/core-arm.pb.go | 497 --- .../go-criu/v6/crit/images/core-arm.proto | 41 - .../go-criu/v6/crit/images/core-mips.pb.go | 963 ---- .../go-criu/v6/crit/images/core-mips.proto | 92 - .../go-criu/v6/crit/images/core-ppc64.pb.go | 695 --- .../go-criu/v6/crit/images/core-ppc64.proto | 73 - .../go-criu/v6/crit/images/core-s390.pb.go | 681 --- .../go-criu/v6/crit/images/core-s390.proto | 53 - .../go-criu/v6/crit/images/core-x86.pb.go | 1029 ----- .../go-criu/v6/crit/images/core-x86.proto | 110 - .../go-criu/v6/crit/images/cpuinfo.pb.go | 591 --- .../go-criu/v6/crit/images/cpuinfo.proto | 49 - .../go-criu/v6/crit/images/creds.pb.go | 294 -- .../go-criu/v6/crit/images/creds.proto | 27 - .../go-criu/v6/crit/images/criu-core.pb.go | 1200 ----- .../go-criu/v6/crit/images/criu-core.proto | 134 - .../go-criu/v6/crit/images/criu-sa.pb.go | 195 - .../go-criu/v6/crit/images/criu-sa.proto | 14 - .../go-criu/v6/crit/images/eventfd.pb.go | 175 - .../go-criu/v6/crit/images/eventfd.proto | 12 - .../go-criu/v6/crit/images/eventpoll.pb.go | 296 -- .../go-criu/v6/crit/images/eventpoll.proto | 24 - .../go-criu/v6/crit/images/ext-file.pb.go | 155 - .../go-criu/v6/crit/images/ext-file.proto | 10 - .../go-criu/v6/crit/images/fdinfo.pb.go | 661 --- .../go-criu/v6/crit/images/fdinfo.proto | 81 - .../go-criu/v6/crit/images/fh.pb.go | 321 -- .../go-criu/v6/crit/images/fh.proto | 25 - .../go-criu/v6/crit/images/fifo.pb.go | 160 - .../go-criu/v6/crit/images/fifo.proto | 9 - .../go-criu/v6/crit/images/file-lock.pb.go | 188 - .../go-criu/v6/crit/images/file-lock.proto | 12 - .../go-criu/v6/crit/images/fown.pb.go | 179 - .../go-criu/v6/crit/images/fown.proto | 11 - .../go-criu/v6/crit/images/fs.pb.go | 160 - .../go-criu/v6/crit/images/fs.proto | 9 - .../go-criu/v6/crit/images/fsnotify.pb.go | 763 ---- .../go-criu/v6/crit/images/fsnotify.proto | 62 - .../go-criu/v6/crit/images/ghost-file.pb.go | 317 -- .../go-criu/v6/crit/images/ghost-file.proto | 27 - .../go-criu/v6/crit/images/handler.go | 142 - .../go-criu/v6/crit/images/img-streamer.pb.go | 214 - .../go-criu/v6/crit/images/img-streamer.proto | 18 - .../go-criu/v6/crit/images/inventory.pb.go | 305 -- .../go-criu/v6/crit/images/inventory.proto | 24 - .../go-criu/v6/crit/images/ipc-desc.pb.go | 197 - .../go-criu/v6/crit/images/ipc-desc.proto | 13 - .../go-criu/v6/crit/images/ipc-msg.pb.go | 237 - .../go-criu/v6/crit/images/ipc-msg.proto | 16 - .../go-criu/v6/crit/images/ipc-sem.pb.go | 156 - .../go-criu/v6/crit/images/ipc-sem.proto | 10 - .../go-criu/v6/crit/images/ipc-shm.pb.go | 176 - .../go-criu/v6/crit/images/ipc-shm.proto | 12 - .../go-criu/v6/crit/images/ipc-var.pb.go | 304 -- .../go-criu/v6/crit/images/ipc-var.proto | 23 - .../go-criu/v6/crit/images/macvlan.pb.go | 151 - .../go-criu/v6/crit/images/macvlan.proto | 8 - .../go-criu/v6/crit/images/memfd.pb.go | 316 -- .../go-criu/v6/crit/images/memfd.proto | 25 - .../go-criu/v6/crit/images/mm.pb.go | 395 -- .../go-criu/v6/crit/images/mm.proto | 35 - .../go-criu/v6/crit/images/mnt.pb.go | 444 -- .../go-criu/v6/crit/images/mnt.proto | 62 - .../go-criu/v6/crit/images/netdev.pb.go | 616 --- .../go-criu/v6/crit/images/netdev.proto | 77 - .../go-criu/v6/crit/images/ns.pb.go | 170 - .../go-criu/v6/crit/images/ns.proto | 10 - .../go-criu/v6/crit/images/opts.pb.go | 227 - .../go-criu/v6/crit/images/opts.proto | 20 - .../go-criu/v6/crit/images/packet-sock.pb.go | 550 --- .../go-criu/v6/crit/images/packet-sock.proto | 49 - .../go-criu/v6/crit/images/pagemap.pb.go | 237 - .../go-criu/v6/crit/images/pagemap.proto | 16 - .../go-criu/v6/crit/images/pidns.pb.go | 142 - .../go-criu/v6/crit/images/pidns.proto | 7 - .../go-criu/v6/crit/images/pipe-data.pb.go | 161 - .../go-criu/v6/crit/images/pipe-data.proto | 9 - .../go-criu/v6/crit/images/pipe.pb.go | 176 - .../go-criu/v6/crit/images/pipe.proto | 13 - .../go-criu/v6/crit/images/pstree.pb.go | 179 - .../go-criu/v6/crit/images/pstree.proto | 11 - .../go-criu/v6/crit/images/regfile.pb.go | 275 -- .../go-criu/v6/crit/images/regfile.proto | 36 - .../v6/crit/images/remap-file-path.pb.go | 230 - .../v6/crit/images/remap-file-path.proto | 18 - .../go-criu/v6/crit/images/rlimit.pb.go | 151 - .../go-criu/v6/crit/images/rlimit.proto | 8 - .../go-criu/v6/crit/images/rseq.pb.go | 173 - .../go-criu/v6/crit/images/rseq.proto | 10 - .../go-criu/v6/crit/images/seccomp.pb.go | 226 - .../go-criu/v6/crit/images/seccomp.proto | 13 - .../go-criu/v6/crit/images/siginfo.pb.go | 207 - .../go-criu/v6/crit/images/siginfo.proto | 11 - .../go-criu/v6/crit/images/signalfd.pb.go | 177 - .../go-criu/v6/crit/images/signalfd.proto | 13 - .../go-criu/v6/crit/images/sit.pb.go | 291 -- .../go-criu/v6/crit/images/sit.proto | 24 - .../go-criu/v6/crit/images/sk-inet.pb.go | 508 --- .../go-criu/v6/crit/images/sk-inet.proto | 55 - .../go-criu/v6/crit/images/sk-netlink.pb.go | 258 -- .../go-criu/v6/crit/images/sk-netlink.proto | 24 - .../go-criu/v6/crit/images/sk-opts.pb.go | 453 -- .../go-criu/v6/crit/images/sk-opts.proto | 43 - .../go-criu/v6/crit/images/sk-packet.pb.go | 236 - .../go-criu/v6/crit/images/sk-packet.proto | 18 - .../go-criu/v6/crit/images/sk-unix.pb.go | 410 -- .../go-criu/v6/crit/images/sk-unix.proto | 57 - .../go-criu/v6/crit/images/stats.pb.go | 461 -- .../go-criu/v6/crit/images/stats.proto | 40 - .../go-criu/v6/crit/images/sysctl.pb.go | 223 - .../go-criu/v6/crit/images/sysctl.proto | 15 - .../go-criu/v6/crit/images/tcp-stream.pb.go | 300 -- .../go-criu/v6/crit/images/tcp-stream.proto | 29 - .../go-criu/v6/crit/images/time.pb.go | 151 - .../go-criu/v6/crit/images/time.proto | 8 - .../go-criu/v6/crit/images/timens.pb.go | 227 - .../go-criu/v6/crit/images/timens.proto | 12 - .../go-criu/v6/crit/images/timer.pb.go | 428 -- .../go-criu/v6/crit/images/timer.proto | 32 - .../go-criu/v6/crit/images/timerfd.pb.go | 234 - .../go-criu/v6/crit/images/timerfd.proto | 21 - .../go-criu/v6/crit/images/tty.pb.go | 831 ---- .../go-criu/v6/crit/images/tty.proto | 92 - .../go-criu/v6/crit/images/tun.pb.go | 272 -- .../go-criu/v6/crit/images/tun.proto | 20 - .../go-criu/v6/crit/images/userns.pb.go | 238 - .../go-criu/v6/crit/images/userns.proto | 14 - .../go-criu/v6/crit/images/utsns.pb.go | 152 - .../go-criu/v6/crit/images/utsns.proto | 8 - .../go-criu/v6/crit/images/vma.pb.go | 237 - .../go-criu/v6/crit/images/vma.proto | 27 - .../checkpoint-restore/go-criu/v6/features.go | 8 +- .../checkpoint-restore/go-criu/v6/main.go | 40 +- .../go-criu/v6/{crit/images => rpc}/rpc.pb.go | 732 +-- .../go-criu/v6/{crit/images => rpc}/rpc.proto | 0 .../types/descriptorpb/descriptor.pb.go | 3957 ----------------- vendor/modules.txt | 5 +- 158 files changed, 414 insertions(+), 31051 deletions(-) delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/apparmor.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/apparmor.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/autofs.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/autofs.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/binfmt-misc.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/binfmt-misc.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/bpfmap-data.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/bpfmap-data.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/bpfmap-file.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/bpfmap-file.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/cgroup.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/cgroup.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-aarch64.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-aarch64.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-arm.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-arm.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-mips.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-mips.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-ppc64.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-ppc64.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-s390.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-s390.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-x86.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-x86.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/cpuinfo.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/cpuinfo.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/creds.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/creds.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/criu-core.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/criu-core.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/criu-sa.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/criu-sa.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/eventfd.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/eventfd.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/eventpoll.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/eventpoll.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ext-file.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ext-file.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fdinfo.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fdinfo.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fh.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fh.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fifo.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fifo.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/file-lock.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/file-lock.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fown.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fown.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fs.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fs.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fsnotify.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fsnotify.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ghost-file.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ghost-file.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/handler.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/img-streamer.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/img-streamer.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/inventory.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/inventory.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-desc.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-desc.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-msg.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-msg.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-sem.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-sem.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-shm.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-shm.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-var.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-var.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/macvlan.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/macvlan.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/memfd.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/memfd.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/mm.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/mm.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/mnt.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/mnt.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/netdev.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/netdev.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ns.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ns.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/opts.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/opts.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/packet-sock.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/packet-sock.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pagemap.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pagemap.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pidns.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pidns.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pipe-data.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pipe-data.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pipe.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pipe.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pstree.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pstree.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/regfile.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/regfile.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/remap-file-path.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/remap-file-path.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/rlimit.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/rlimit.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/rseq.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/rseq.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/seccomp.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/seccomp.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/siginfo.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/siginfo.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/signalfd.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/signalfd.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sit.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sit.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-inet.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-inet.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-netlink.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-netlink.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-opts.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-opts.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-packet.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-packet.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-unix.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-unix.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/stats.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/stats.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sysctl.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sysctl.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tcp-stream.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tcp-stream.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/time.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/time.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timens.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timens.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timer.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timer.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timerfd.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timerfd.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tty.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tty.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tun.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tun.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/userns.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/userns.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/utsns.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/utsns.proto delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/vma.pb.go delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/vma.proto rename vendor/github.com/checkpoint-restore/go-criu/v6/{crit/images => rpc}/rpc.pb.go (62%) rename vendor/github.com/checkpoint-restore/go-criu/v6/{crit/images => rpc}/rpc.proto (100%) delete mode 100644 vendor/google.golang.org/protobuf/types/descriptorpb/descriptor.pb.go diff --git a/checkpoint.go b/checkpoint.go index 95e666918b6..e52165462a5 100644 --- a/checkpoint.go +++ b/checkpoint.go @@ -8,7 +8,7 @@ import ( "path/filepath" "strconv" - criu "github.com/checkpoint-restore/go-criu/v6/crit/images" + criu "github.com/checkpoint-restore/go-criu/v6/rpc" "github.com/opencontainers/runc/libcontainer" "github.com/opencontainers/runc/libcontainer/userns" "github.com/opencontainers/runtime-spec/specs-go" diff --git a/go.mod b/go.mod index 828627d8feb..08c1dda6bf9 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module github.com/opencontainers/runc go 1.18 require ( - github.com/checkpoint-restore/go-criu/v6 v6.2.0 + github.com/checkpoint-restore/go-criu/v6 v6.3.0 github.com/cilium/ebpf v0.9.3 github.com/containerd/console v1.0.3 github.com/coreos/go-systemd/v22 v22.4.0 diff --git a/go.sum b/go.sum index ab4d6bcbbb8..ca21b0937f0 100644 --- a/go.sum +++ b/go.sum @@ -1,6 +1,6 @@ github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/checkpoint-restore/go-criu/v6 v6.2.0 h1:3hXH7Vbq18m6oGeSj1PZkx9z0b1c2gD/jJxAGnNdLkI= -github.com/checkpoint-restore/go-criu/v6 v6.2.0/go.mod h1:rrRTN/uSwY2X+BPRl/gkulo9gsKOSAeVp9/K2tv7xZI= +github.com/checkpoint-restore/go-criu/v6 v6.3.0 h1:mIdrSO2cPNWQY1truPg6uHLXyKHk3Z5Odx4wjKOASzA= +github.com/checkpoint-restore/go-criu/v6 v6.3.0/go.mod h1:rrRTN/uSwY2X+BPRl/gkulo9gsKOSAeVp9/K2tv7xZI= github.com/cilium/ebpf v0.9.3 h1:5KtxXZU+scyERvkJMEm16TbScVvuuMrlhPly78ZMbSc= github.com/cilium/ebpf v0.9.3/go.mod h1:w27N4UjpaQ9X/DGrSugxUG+H+NhgntDuPb5lCzxCn8A= github.com/containerd/console v1.0.3 h1:lIr7SlA5PxZyMV30bDW0MGbiOPXwc63yRuCP0ARubLw= diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index 34f38f34e0c..c099e458aed 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -18,7 +18,7 @@ import ( "time" "github.com/checkpoint-restore/go-criu/v6" - criurpc "github.com/checkpoint-restore/go-criu/v6/crit/images" + criurpc "github.com/checkpoint-restore/go-criu/v6/rpc" securejoin "github.com/cyphar/filepath-securejoin" "github.com/opencontainers/runtime-spec/specs-go" "github.com/sirupsen/logrus" diff --git a/libcontainer/criu_opts_linux.go b/libcontainer/criu_opts_linux.go index 2f700eaa6ef..6b0cfb82b12 100644 --- a/libcontainer/criu_opts_linux.go +++ b/libcontainer/criu_opts_linux.go @@ -1,6 +1,6 @@ package libcontainer -import criu "github.com/checkpoint-restore/go-criu/v6/crit/images" +import criu "github.com/checkpoint-restore/go-criu/v6/rpc" type CriuPageServerInfo struct { Address string // IP address of CRIU page server diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/Makefile b/vendor/github.com/checkpoint-restore/go-criu/v6/Makefile index ae3560aae6c..0c2916001eb 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/Makefile +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/Makefile @@ -7,7 +7,7 @@ all: build lint: golangci-lint run ./... -build: +build: rpc/rpc.pb.go stats/stats.pb.go $(GO) build -v ./... # Build crit binary $(MAKE) -C crit bin/crit @@ -21,6 +21,18 @@ coverage: codecov: $(MAKE) -C test codecov +rpc/rpc.proto: + curl -sSL https://raw.githubusercontent.com/checkpoint-restore/criu/master/images/rpc.proto -o $@ + +rpc/rpc.pb.go: rpc/rpc.proto + protoc --go_out=. --go_opt=M$^=rpc/ $^ + +stats/stats.proto: + curl -sSL https://raw.githubusercontent.com/checkpoint-restore/criu/master/images/stats.proto -o $@ + +stats/stats.pb.go: stats/stats.proto + protoc --go_out=. --go_opt=M$^=stats/ $^ + vendor: GO111MODULE=on $(GO) mod tidy GO111MODULE=on $(GO) mod vendor diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/README.md b/vendor/github.com/checkpoint-restore/go-criu/v6/README.md index fc296c10ab4..d186cb8960c 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/README.md +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/README.md @@ -58,7 +58,7 @@ The following table shows the relation between go-criu and criu versions: | Major version | Latest release | CRIU version | | -------------- | -------------- | ------------ | -| v6             | 6.1.0         | 3.17         | +| v6             | 6.2.0         | 3.17         | | v5             | 5.3.0         | 3.16         | | v5             | 5.0.0         | 3.15         | | v4             | 4.1.0         | 3.14         | diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/apparmor.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/apparmor.pb.go deleted file mode 100644 index 67bef0aa144..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/apparmor.pb.go +++ /dev/null @@ -1,300 +0,0 @@ -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: apparmor.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type AaPolicy struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Name *string `protobuf:"bytes,1,req,name=name" json:"name,omitempty"` - Blob []byte `protobuf:"bytes,2,req,name=blob" json:"blob,omitempty"` -} - -func (x *AaPolicy) Reset() { - *x = AaPolicy{} - if protoimpl.UnsafeEnabled { - mi := &file_apparmor_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *AaPolicy) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*AaPolicy) ProtoMessage() {} - -func (x *AaPolicy) ProtoReflect() protoreflect.Message { - mi := &file_apparmor_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use AaPolicy.ProtoReflect.Descriptor instead. -func (*AaPolicy) Descriptor() ([]byte, []int) { - return file_apparmor_proto_rawDescGZIP(), []int{0} -} - -func (x *AaPolicy) GetName() string { - if x != nil && x.Name != nil { - return *x.Name - } - return "" -} - -func (x *AaPolicy) GetBlob() []byte { - if x != nil { - return x.Blob - } - return nil -} - -type AaNamespace struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Name *string `protobuf:"bytes,1,req,name=name" json:"name,omitempty"` - Policies []*AaPolicy `protobuf:"bytes,2,rep,name=policies" json:"policies,omitempty"` - Namespaces []*AaNamespace `protobuf:"bytes,3,rep,name=namespaces" json:"namespaces,omitempty"` -} - -func (x *AaNamespace) Reset() { - *x = AaNamespace{} - if protoimpl.UnsafeEnabled { - mi := &file_apparmor_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *AaNamespace) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*AaNamespace) ProtoMessage() {} - -func (x *AaNamespace) ProtoReflect() protoreflect.Message { - mi := &file_apparmor_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use AaNamespace.ProtoReflect.Descriptor instead. -func (*AaNamespace) Descriptor() ([]byte, []int) { - return file_apparmor_proto_rawDescGZIP(), []int{1} -} - -func (x *AaNamespace) GetName() string { - if x != nil && x.Name != nil { - return *x.Name - } - return "" -} - -func (x *AaNamespace) GetPolicies() []*AaPolicy { - if x != nil { - return x.Policies - } - return nil -} - -func (x *AaNamespace) GetNamespaces() []*AaNamespace { - if x != nil { - return x.Namespaces - } - return nil -} - -type ApparmorEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Namespaces []*AaNamespace `protobuf:"bytes,1,rep,name=namespaces" json:"namespaces,omitempty"` -} - -func (x *ApparmorEntry) Reset() { - *x = ApparmorEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_apparmor_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ApparmorEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ApparmorEntry) ProtoMessage() {} - -func (x *ApparmorEntry) ProtoReflect() protoreflect.Message { - mi := &file_apparmor_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ApparmorEntry.ProtoReflect.Descriptor instead. -func (*ApparmorEntry) Descriptor() ([]byte, []int) { - return file_apparmor_proto_rawDescGZIP(), []int{2} -} - -func (x *ApparmorEntry) GetNamespaces() []*AaNamespace { - if x != nil { - return x.Namespaces - } - return nil -} - -var File_apparmor_proto protoreflect.FileDescriptor - -var file_apparmor_proto_rawDesc = []byte{ - 0x0a, 0x0e, 0x61, 0x70, 0x70, 0x61, 0x72, 0x6d, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x22, 0x33, 0x0a, 0x09, 0x61, 0x61, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x12, 0x0a, - 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, - 0x65, 0x12, 0x12, 0x0a, 0x04, 0x62, 0x6c, 0x6f, 0x62, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0c, 0x52, - 0x04, 0x62, 0x6c, 0x6f, 0x62, 0x22, 0x79, 0x0a, 0x0c, 0x61, 0x61, 0x5f, 0x6e, 0x61, 0x6d, 0x65, - 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, - 0x02, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x26, 0x0a, 0x08, 0x70, 0x6f, 0x6c, - 0x69, 0x63, 0x69, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0a, 0x2e, 0x61, 0x61, - 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x08, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, - 0x73, 0x12, 0x2d, 0x0a, 0x0a, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x73, 0x18, - 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0d, 0x2e, 0x61, 0x61, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, - 0x70, 0x61, 0x63, 0x65, 0x52, 0x0a, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x73, - 0x22, 0x3f, 0x0a, 0x0e, 0x61, 0x70, 0x70, 0x61, 0x72, 0x6d, 0x6f, 0x72, 0x5f, 0x65, 0x6e, 0x74, - 0x72, 0x79, 0x12, 0x2d, 0x0a, 0x0a, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x73, - 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0d, 0x2e, 0x61, 0x61, 0x5f, 0x6e, 0x61, 0x6d, 0x65, - 0x73, 0x70, 0x61, 0x63, 0x65, 0x52, 0x0a, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, - 0x73, -} - -var ( - file_apparmor_proto_rawDescOnce sync.Once - file_apparmor_proto_rawDescData = file_apparmor_proto_rawDesc -) - -func file_apparmor_proto_rawDescGZIP() []byte { - file_apparmor_proto_rawDescOnce.Do(func() { - file_apparmor_proto_rawDescData = protoimpl.X.CompressGZIP(file_apparmor_proto_rawDescData) - }) - return file_apparmor_proto_rawDescData -} - -var file_apparmor_proto_msgTypes = make([]protoimpl.MessageInfo, 3) -var file_apparmor_proto_goTypes = []interface{}{ - (*AaPolicy)(nil), // 0: aa_policy - (*AaNamespace)(nil), // 1: aa_namespace - (*ApparmorEntry)(nil), // 2: apparmor_entry -} -var file_apparmor_proto_depIdxs = []int32{ - 0, // 0: aa_namespace.policies:type_name -> aa_policy - 1, // 1: aa_namespace.namespaces:type_name -> aa_namespace - 1, // 2: apparmor_entry.namespaces:type_name -> aa_namespace - 3, // [3:3] is the sub-list for method output_type - 3, // [3:3] is the sub-list for method input_type - 3, // [3:3] is the sub-list for extension type_name - 3, // [3:3] is the sub-list for extension extendee - 0, // [0:3] is the sub-list for field type_name -} - -func init() { file_apparmor_proto_init() } -func file_apparmor_proto_init() { - if File_apparmor_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_apparmor_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*AaPolicy); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_apparmor_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*AaNamespace); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_apparmor_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ApparmorEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_apparmor_proto_rawDesc, - NumEnums: 0, - NumMessages: 3, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_apparmor_proto_goTypes, - DependencyIndexes: file_apparmor_proto_depIdxs, - MessageInfos: file_apparmor_proto_msgTypes, - }.Build() - File_apparmor_proto = out.File - file_apparmor_proto_rawDesc = nil - file_apparmor_proto_goTypes = nil - file_apparmor_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/apparmor.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/apparmor.proto deleted file mode 100644 index 0c84f80a6ea..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/apparmor.proto +++ /dev/null @@ -1,16 +0,0 @@ -syntax = "proto2"; - -message aa_policy { - required string name = 1; - required bytes blob = 2; -} - -message aa_namespace { - required string name = 1; - repeated aa_policy policies = 2; - repeated aa_namespace namespaces = 3; -} - -message apparmor_entry { - repeated aa_namespace namespaces = 1; -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/autofs.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/autofs.pb.go deleted file mode 100644 index 828bd7f8808..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/autofs.pb.go +++ /dev/null @@ -1,217 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: autofs.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type AutofsEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Fd *int32 `protobuf:"varint,1,req,name=fd" json:"fd,omitempty"` - Pgrp *int32 `protobuf:"varint,2,req,name=pgrp" json:"pgrp,omitempty"` - Timeout *int32 `protobuf:"varint,3,req,name=timeout" json:"timeout,omitempty"` - Minproto *int32 `protobuf:"varint,4,req,name=minproto" json:"minproto,omitempty"` - Maxproto *int32 `protobuf:"varint,5,req,name=maxproto" json:"maxproto,omitempty"` - Mode *int32 `protobuf:"varint,6,req,name=mode" json:"mode,omitempty"` - Uid *int32 `protobuf:"varint,7,opt,name=uid" json:"uid,omitempty"` - Gid *int32 `protobuf:"varint,8,opt,name=gid" json:"gid,omitempty"` - ReadFd *int32 `protobuf:"varint,9,opt,name=read_fd,json=readFd" json:"read_fd,omitempty"` -} - -func (x *AutofsEntry) Reset() { - *x = AutofsEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_autofs_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *AutofsEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*AutofsEntry) ProtoMessage() {} - -func (x *AutofsEntry) ProtoReflect() protoreflect.Message { - mi := &file_autofs_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use AutofsEntry.ProtoReflect.Descriptor instead. -func (*AutofsEntry) Descriptor() ([]byte, []int) { - return file_autofs_proto_rawDescGZIP(), []int{0} -} - -func (x *AutofsEntry) GetFd() int32 { - if x != nil && x.Fd != nil { - return *x.Fd - } - return 0 -} - -func (x *AutofsEntry) GetPgrp() int32 { - if x != nil && x.Pgrp != nil { - return *x.Pgrp - } - return 0 -} - -func (x *AutofsEntry) GetTimeout() int32 { - if x != nil && x.Timeout != nil { - return *x.Timeout - } - return 0 -} - -func (x *AutofsEntry) GetMinproto() int32 { - if x != nil && x.Minproto != nil { - return *x.Minproto - } - return 0 -} - -func (x *AutofsEntry) GetMaxproto() int32 { - if x != nil && x.Maxproto != nil { - return *x.Maxproto - } - return 0 -} - -func (x *AutofsEntry) GetMode() int32 { - if x != nil && x.Mode != nil { - return *x.Mode - } - return 0 -} - -func (x *AutofsEntry) GetUid() int32 { - if x != nil && x.Uid != nil { - return *x.Uid - } - return 0 -} - -func (x *AutofsEntry) GetGid() int32 { - if x != nil && x.Gid != nil { - return *x.Gid - } - return 0 -} - -func (x *AutofsEntry) GetReadFd() int32 { - if x != nil && x.ReadFd != nil { - return *x.ReadFd - } - return 0 -} - -var File_autofs_proto protoreflect.FileDescriptor - -var file_autofs_proto_rawDesc = []byte{ - 0x0a, 0x0c, 0x61, 0x75, 0x74, 0x6f, 0x66, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xd5, - 0x01, 0x0a, 0x0c, 0x61, 0x75, 0x74, 0x6f, 0x66, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, - 0x0e, 0x0a, 0x02, 0x66, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x05, 0x52, 0x02, 0x66, 0x64, 0x12, - 0x12, 0x0a, 0x04, 0x70, 0x67, 0x72, 0x70, 0x18, 0x02, 0x20, 0x02, 0x28, 0x05, 0x52, 0x04, 0x70, - 0x67, 0x72, 0x70, 0x12, 0x18, 0x0a, 0x07, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x03, - 0x20, 0x02, 0x28, 0x05, 0x52, 0x07, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x1a, 0x0a, - 0x08, 0x6d, 0x69, 0x6e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x18, 0x04, 0x20, 0x02, 0x28, 0x05, 0x52, - 0x08, 0x6d, 0x69, 0x6e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x1a, 0x0a, 0x08, 0x6d, 0x61, 0x78, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x18, 0x05, 0x20, 0x02, 0x28, 0x05, 0x52, 0x08, 0x6d, 0x61, 0x78, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x06, 0x20, - 0x02, 0x28, 0x05, 0x52, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x69, 0x64, - 0x18, 0x07, 0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x75, 0x69, 0x64, 0x12, 0x10, 0x0a, 0x03, 0x67, - 0x69, 0x64, 0x18, 0x08, 0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x67, 0x69, 0x64, 0x12, 0x17, 0x0a, - 0x07, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x66, 0x64, 0x18, 0x09, 0x20, 0x01, 0x28, 0x05, 0x52, 0x06, - 0x72, 0x65, 0x61, 0x64, 0x46, 0x64, -} - -var ( - file_autofs_proto_rawDescOnce sync.Once - file_autofs_proto_rawDescData = file_autofs_proto_rawDesc -) - -func file_autofs_proto_rawDescGZIP() []byte { - file_autofs_proto_rawDescOnce.Do(func() { - file_autofs_proto_rawDescData = protoimpl.X.CompressGZIP(file_autofs_proto_rawDescData) - }) - return file_autofs_proto_rawDescData -} - -var file_autofs_proto_msgTypes = make([]protoimpl.MessageInfo, 1) -var file_autofs_proto_goTypes = []interface{}{ - (*AutofsEntry)(nil), // 0: autofs_entry -} -var file_autofs_proto_depIdxs = []int32{ - 0, // [0:0] is the sub-list for method output_type - 0, // [0:0] is the sub-list for method input_type - 0, // [0:0] is the sub-list for extension type_name - 0, // [0:0] is the sub-list for extension extendee - 0, // [0:0] is the sub-list for field type_name -} - -func init() { file_autofs_proto_init() } -func file_autofs_proto_init() { - if File_autofs_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_autofs_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*AutofsEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_autofs_proto_rawDesc, - NumEnums: 0, - NumMessages: 1, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_autofs_proto_goTypes, - DependencyIndexes: file_autofs_proto_depIdxs, - MessageInfos: file_autofs_proto_msgTypes, - }.Build() - File_autofs_proto = out.File - file_autofs_proto_rawDesc = nil - file_autofs_proto_goTypes = nil - file_autofs_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/autofs.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/autofs.proto deleted file mode 100644 index 5c8c216c84c..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/autofs.proto +++ /dev/null @@ -1,17 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -message autofs_entry { - required int32 fd = 1; - required int32 pgrp = 2; - required int32 timeout = 3; - required int32 minproto = 4; - required int32 maxproto = 5; - required int32 mode = 6; - - optional int32 uid = 7; - optional int32 gid = 8; - - optional int32 read_fd = 9; -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/binfmt-misc.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/binfmt-misc.pb.go deleted file mode 100644 index 1f85eb42648..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/binfmt-misc.pb.go +++ /dev/null @@ -1,209 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: binfmt-misc.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type BinfmtMiscEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Name *string `protobuf:"bytes,1,req,name=name" json:"name,omitempty"` - Enabled *bool `protobuf:"varint,2,req,name=enabled" json:"enabled,omitempty"` - Interpreter *string `protobuf:"bytes,3,req,name=interpreter" json:"interpreter,omitempty"` - Flags *string `protobuf:"bytes,4,opt,name=flags" json:"flags,omitempty"` - Extension *string `protobuf:"bytes,5,opt,name=extension" json:"extension,omitempty"` - Magic *string `protobuf:"bytes,6,opt,name=magic" json:"magic,omitempty"` - Mask *string `protobuf:"bytes,7,opt,name=mask" json:"mask,omitempty"` - Offset *int32 `protobuf:"varint,8,opt,name=offset" json:"offset,omitempty"` -} - -func (x *BinfmtMiscEntry) Reset() { - *x = BinfmtMiscEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_binfmt_misc_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *BinfmtMiscEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*BinfmtMiscEntry) ProtoMessage() {} - -func (x *BinfmtMiscEntry) ProtoReflect() protoreflect.Message { - mi := &file_binfmt_misc_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use BinfmtMiscEntry.ProtoReflect.Descriptor instead. -func (*BinfmtMiscEntry) Descriptor() ([]byte, []int) { - return file_binfmt_misc_proto_rawDescGZIP(), []int{0} -} - -func (x *BinfmtMiscEntry) GetName() string { - if x != nil && x.Name != nil { - return *x.Name - } - return "" -} - -func (x *BinfmtMiscEntry) GetEnabled() bool { - if x != nil && x.Enabled != nil { - return *x.Enabled - } - return false -} - -func (x *BinfmtMiscEntry) GetInterpreter() string { - if x != nil && x.Interpreter != nil { - return *x.Interpreter - } - return "" -} - -func (x *BinfmtMiscEntry) GetFlags() string { - if x != nil && x.Flags != nil { - return *x.Flags - } - return "" -} - -func (x *BinfmtMiscEntry) GetExtension() string { - if x != nil && x.Extension != nil { - return *x.Extension - } - return "" -} - -func (x *BinfmtMiscEntry) GetMagic() string { - if x != nil && x.Magic != nil { - return *x.Magic - } - return "" -} - -func (x *BinfmtMiscEntry) GetMask() string { - if x != nil && x.Mask != nil { - return *x.Mask - } - return "" -} - -func (x *BinfmtMiscEntry) GetOffset() int32 { - if x != nil && x.Offset != nil { - return *x.Offset - } - return 0 -} - -var File_binfmt_misc_proto protoreflect.FileDescriptor - -var file_binfmt_misc_proto_rawDesc = []byte{ - 0x0a, 0x11, 0x62, 0x69, 0x6e, 0x66, 0x6d, 0x74, 0x2d, 0x6d, 0x69, 0x73, 0x63, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x22, 0xd9, 0x01, 0x0a, 0x11, 0x62, 0x69, 0x6e, 0x66, 0x6d, 0x74, 0x5f, 0x6d, - 0x69, 0x73, 0x63, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, - 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x18, 0x0a, - 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x02, 0x20, 0x02, 0x28, 0x08, 0x52, 0x07, - 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x12, 0x20, 0x0a, 0x0b, 0x69, 0x6e, 0x74, 0x65, 0x72, - 0x70, 0x72, 0x65, 0x74, 0x65, 0x72, 0x18, 0x03, 0x20, 0x02, 0x28, 0x09, 0x52, 0x0b, 0x69, 0x6e, - 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x72, 0x12, 0x14, 0x0a, 0x05, 0x66, 0x6c, 0x61, - 0x67, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, - 0x1c, 0x0a, 0x09, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x05, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x09, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x14, 0x0a, - 0x05, 0x6d, 0x61, 0x67, 0x69, 0x63, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x6d, 0x61, - 0x67, 0x69, 0x63, 0x12, 0x12, 0x0a, 0x04, 0x6d, 0x61, 0x73, 0x6b, 0x18, 0x07, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x04, 0x6d, 0x61, 0x73, 0x6b, 0x12, 0x16, 0x0a, 0x06, 0x6f, 0x66, 0x66, 0x73, 0x65, - 0x74, 0x18, 0x08, 0x20, 0x01, 0x28, 0x05, 0x52, 0x06, 0x6f, 0x66, 0x66, 0x73, 0x65, 0x74, -} - -var ( - file_binfmt_misc_proto_rawDescOnce sync.Once - file_binfmt_misc_proto_rawDescData = file_binfmt_misc_proto_rawDesc -) - -func file_binfmt_misc_proto_rawDescGZIP() []byte { - file_binfmt_misc_proto_rawDescOnce.Do(func() { - file_binfmt_misc_proto_rawDescData = protoimpl.X.CompressGZIP(file_binfmt_misc_proto_rawDescData) - }) - return file_binfmt_misc_proto_rawDescData -} - -var file_binfmt_misc_proto_msgTypes = make([]protoimpl.MessageInfo, 1) -var file_binfmt_misc_proto_goTypes = []interface{}{ - (*BinfmtMiscEntry)(nil), // 0: binfmt_misc_entry -} -var file_binfmt_misc_proto_depIdxs = []int32{ - 0, // [0:0] is the sub-list for method output_type - 0, // [0:0] is the sub-list for method input_type - 0, // [0:0] is the sub-list for extension type_name - 0, // [0:0] is the sub-list for extension extendee - 0, // [0:0] is the sub-list for field type_name -} - -func init() { file_binfmt_misc_proto_init() } -func file_binfmt_misc_proto_init() { - if File_binfmt_misc_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_binfmt_misc_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*BinfmtMiscEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_binfmt_misc_proto_rawDesc, - NumEnums: 0, - NumMessages: 1, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_binfmt_misc_proto_goTypes, - DependencyIndexes: file_binfmt_misc_proto_depIdxs, - MessageInfos: file_binfmt_misc_proto_msgTypes, - }.Build() - File_binfmt_misc_proto = out.File - file_binfmt_misc_proto_rawDesc = nil - file_binfmt_misc_proto_goTypes = nil - file_binfmt_misc_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/binfmt-misc.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/binfmt-misc.proto deleted file mode 100644 index a48d8724c55..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/binfmt-misc.proto +++ /dev/null @@ -1,14 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -message binfmt_misc_entry { - required string name = 1; - required bool enabled = 2; - required string interpreter = 3; - optional string flags = 4; - optional string extension = 5; - optional string magic = 6; - optional string mask = 7; - optional int32 offset = 8; -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/bpfmap-data.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/bpfmap-data.pb.go deleted file mode 100644 index df3343d1743..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/bpfmap-data.pb.go +++ /dev/null @@ -1,172 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: bpfmap-data.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type BpfmapDataEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - MapId *uint32 `protobuf:"varint,1,req,name=map_id,json=mapId" json:"map_id,omitempty"` - KeysBytes *uint32 `protobuf:"varint,2,req,name=keys_bytes,json=keysBytes" json:"keys_bytes,omitempty"` // Bytes required to store keys - ValuesBytes *uint32 `protobuf:"varint,3,req,name=values_bytes,json=valuesBytes" json:"values_bytes,omitempty"` // Bytes required to store values - Count *uint32 `protobuf:"varint,4,req,name=count" json:"count,omitempty"` // Number of key-value pairs stored -} - -func (x *BpfmapDataEntry) Reset() { - *x = BpfmapDataEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_bpfmap_data_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *BpfmapDataEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*BpfmapDataEntry) ProtoMessage() {} - -func (x *BpfmapDataEntry) ProtoReflect() protoreflect.Message { - mi := &file_bpfmap_data_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use BpfmapDataEntry.ProtoReflect.Descriptor instead. -func (*BpfmapDataEntry) Descriptor() ([]byte, []int) { - return file_bpfmap_data_proto_rawDescGZIP(), []int{0} -} - -func (x *BpfmapDataEntry) GetMapId() uint32 { - if x != nil && x.MapId != nil { - return *x.MapId - } - return 0 -} - -func (x *BpfmapDataEntry) GetKeysBytes() uint32 { - if x != nil && x.KeysBytes != nil { - return *x.KeysBytes - } - return 0 -} - -func (x *BpfmapDataEntry) GetValuesBytes() uint32 { - if x != nil && x.ValuesBytes != nil { - return *x.ValuesBytes - } - return 0 -} - -func (x *BpfmapDataEntry) GetCount() uint32 { - if x != nil && x.Count != nil { - return *x.Count - } - return 0 -} - -var File_bpfmap_data_proto protoreflect.FileDescriptor - -var file_bpfmap_data_proto_rawDesc = []byte{ - 0x0a, 0x11, 0x62, 0x70, 0x66, 0x6d, 0x61, 0x70, 0x2d, 0x64, 0x61, 0x74, 0x61, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x22, 0x82, 0x01, 0x0a, 0x11, 0x62, 0x70, 0x66, 0x6d, 0x61, 0x70, 0x5f, 0x64, - 0x61, 0x74, 0x61, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x15, 0x0a, 0x06, 0x6d, 0x61, 0x70, - 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x6d, 0x61, 0x70, 0x49, 0x64, - 0x12, 0x1d, 0x0a, 0x0a, 0x6b, 0x65, 0x79, 0x73, 0x5f, 0x62, 0x79, 0x74, 0x65, 0x73, 0x18, 0x02, - 0x20, 0x02, 0x28, 0x0d, 0x52, 0x09, 0x6b, 0x65, 0x79, 0x73, 0x42, 0x79, 0x74, 0x65, 0x73, 0x12, - 0x21, 0x0a, 0x0c, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x73, 0x5f, 0x62, 0x79, 0x74, 0x65, 0x73, 0x18, - 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x0b, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x73, 0x42, 0x79, 0x74, - 0x65, 0x73, 0x12, 0x14, 0x0a, 0x05, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x04, 0x20, 0x02, 0x28, - 0x0d, 0x52, 0x05, 0x63, 0x6f, 0x75, 0x6e, 0x74, -} - -var ( - file_bpfmap_data_proto_rawDescOnce sync.Once - file_bpfmap_data_proto_rawDescData = file_bpfmap_data_proto_rawDesc -) - -func file_bpfmap_data_proto_rawDescGZIP() []byte { - file_bpfmap_data_proto_rawDescOnce.Do(func() { - file_bpfmap_data_proto_rawDescData = protoimpl.X.CompressGZIP(file_bpfmap_data_proto_rawDescData) - }) - return file_bpfmap_data_proto_rawDescData -} - -var file_bpfmap_data_proto_msgTypes = make([]protoimpl.MessageInfo, 1) -var file_bpfmap_data_proto_goTypes = []interface{}{ - (*BpfmapDataEntry)(nil), // 0: bpfmap_data_entry -} -var file_bpfmap_data_proto_depIdxs = []int32{ - 0, // [0:0] is the sub-list for method output_type - 0, // [0:0] is the sub-list for method input_type - 0, // [0:0] is the sub-list for extension type_name - 0, // [0:0] is the sub-list for extension extendee - 0, // [0:0] is the sub-list for field type_name -} - -func init() { file_bpfmap_data_proto_init() } -func file_bpfmap_data_proto_init() { - if File_bpfmap_data_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_bpfmap_data_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*BpfmapDataEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_bpfmap_data_proto_rawDesc, - NumEnums: 0, - NumMessages: 1, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_bpfmap_data_proto_goTypes, - DependencyIndexes: file_bpfmap_data_proto_depIdxs, - MessageInfos: file_bpfmap_data_proto_msgTypes, - }.Build() - File_bpfmap_data_proto = out.File - file_bpfmap_data_proto_rawDesc = nil - file_bpfmap_data_proto_goTypes = nil - file_bpfmap_data_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/bpfmap-data.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/bpfmap-data.proto deleted file mode 100644 index b9502bb452c..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/bpfmap-data.proto +++ /dev/null @@ -1,10 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -message bpfmap_data_entry { - required uint32 map_id = 1; - required uint32 keys_bytes = 2; /* Bytes required to store keys */ - required uint32 values_bytes = 3; /* Bytes required to store values */ - required uint32 count = 4; /* Number of key-value pairs stored */ -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/bpfmap-file.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/bpfmap-file.pb.go deleted file mode 100644 index f50a45974b6..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/bpfmap-file.pb.go +++ /dev/null @@ -1,301 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: bpfmap-file.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type BpfmapFileEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Id *uint32 `protobuf:"varint,1,req,name=id" json:"id,omitempty"` - Flags *uint32 `protobuf:"varint,2,req,name=flags" json:"flags,omitempty"` - Pos *uint64 `protobuf:"varint,3,req,name=pos" json:"pos,omitempty"` - Fown *FownEntry `protobuf:"bytes,4,req,name=fown" json:"fown,omitempty"` - MapType *uint32 `protobuf:"varint,5,req,name=map_type,json=mapType" json:"map_type,omitempty"` - KeySize *uint32 `protobuf:"varint,6,req,name=key_size,json=keySize" json:"key_size,omitempty"` - ValueSize *uint32 `protobuf:"varint,7,req,name=value_size,json=valueSize" json:"value_size,omitempty"` - MapId *uint32 `protobuf:"varint,8,req,name=map_id,json=mapId" json:"map_id,omitempty"` - MaxEntries *uint32 `protobuf:"varint,9,req,name=max_entries,json=maxEntries" json:"max_entries,omitempty"` - MapFlags *uint32 `protobuf:"varint,10,req,name=map_flags,json=mapFlags" json:"map_flags,omitempty"` - Memlock *uint64 `protobuf:"varint,11,req,name=memlock" json:"memlock,omitempty"` - Frozen *bool `protobuf:"varint,12,req,name=frozen,def=0" json:"frozen,omitempty"` - MapName *string `protobuf:"bytes,13,req,name=map_name,json=mapName" json:"map_name,omitempty"` - Ifindex *uint32 `protobuf:"varint,14,req,name=ifindex,def=0" json:"ifindex,omitempty"` - MntId *int32 `protobuf:"zigzag32,15,opt,name=mnt_id,json=mntId,def=-1" json:"mnt_id,omitempty"` - MapExtra *uint64 `protobuf:"varint,16,opt,name=map_extra,json=mapExtra" json:"map_extra,omitempty"` -} - -// Default values for BpfmapFileEntry fields. -const ( - Default_BpfmapFileEntry_Frozen = bool(false) - Default_BpfmapFileEntry_Ifindex = uint32(0) - Default_BpfmapFileEntry_MntId = int32(-1) -) - -func (x *BpfmapFileEntry) Reset() { - *x = BpfmapFileEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_bpfmap_file_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *BpfmapFileEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*BpfmapFileEntry) ProtoMessage() {} - -func (x *BpfmapFileEntry) ProtoReflect() protoreflect.Message { - mi := &file_bpfmap_file_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use BpfmapFileEntry.ProtoReflect.Descriptor instead. -func (*BpfmapFileEntry) Descriptor() ([]byte, []int) { - return file_bpfmap_file_proto_rawDescGZIP(), []int{0} -} - -func (x *BpfmapFileEntry) GetId() uint32 { - if x != nil && x.Id != nil { - return *x.Id - } - return 0 -} - -func (x *BpfmapFileEntry) GetFlags() uint32 { - if x != nil && x.Flags != nil { - return *x.Flags - } - return 0 -} - -func (x *BpfmapFileEntry) GetPos() uint64 { - if x != nil && x.Pos != nil { - return *x.Pos - } - return 0 -} - -func (x *BpfmapFileEntry) GetFown() *FownEntry { - if x != nil { - return x.Fown - } - return nil -} - -func (x *BpfmapFileEntry) GetMapType() uint32 { - if x != nil && x.MapType != nil { - return *x.MapType - } - return 0 -} - -func (x *BpfmapFileEntry) GetKeySize() uint32 { - if x != nil && x.KeySize != nil { - return *x.KeySize - } - return 0 -} - -func (x *BpfmapFileEntry) GetValueSize() uint32 { - if x != nil && x.ValueSize != nil { - return *x.ValueSize - } - return 0 -} - -func (x *BpfmapFileEntry) GetMapId() uint32 { - if x != nil && x.MapId != nil { - return *x.MapId - } - return 0 -} - -func (x *BpfmapFileEntry) GetMaxEntries() uint32 { - if x != nil && x.MaxEntries != nil { - return *x.MaxEntries - } - return 0 -} - -func (x *BpfmapFileEntry) GetMapFlags() uint32 { - if x != nil && x.MapFlags != nil { - return *x.MapFlags - } - return 0 -} - -func (x *BpfmapFileEntry) GetMemlock() uint64 { - if x != nil && x.Memlock != nil { - return *x.Memlock - } - return 0 -} - -func (x *BpfmapFileEntry) GetFrozen() bool { - if x != nil && x.Frozen != nil { - return *x.Frozen - } - return Default_BpfmapFileEntry_Frozen -} - -func (x *BpfmapFileEntry) GetMapName() string { - if x != nil && x.MapName != nil { - return *x.MapName - } - return "" -} - -func (x *BpfmapFileEntry) GetIfindex() uint32 { - if x != nil && x.Ifindex != nil { - return *x.Ifindex - } - return Default_BpfmapFileEntry_Ifindex -} - -func (x *BpfmapFileEntry) GetMntId() int32 { - if x != nil && x.MntId != nil { - return *x.MntId - } - return Default_BpfmapFileEntry_MntId -} - -func (x *BpfmapFileEntry) GetMapExtra() uint64 { - if x != nil && x.MapExtra != nil { - return *x.MapExtra - } - return 0 -} - -var File_bpfmap_file_proto protoreflect.FileDescriptor - -var file_bpfmap_file_proto_rawDesc = []byte{ - 0x0a, 0x11, 0x62, 0x70, 0x66, 0x6d, 0x61, 0x70, 0x2d, 0x66, 0x69, 0x6c, 0x65, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, - 0x0a, 0x66, 0x6f, 0x77, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xd1, 0x03, 0x0a, 0x11, - 0x62, 0x70, 0x66, 0x6d, 0x61, 0x70, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, - 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, - 0x64, 0x12, 0x26, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, - 0x42, 0x10, 0xd2, 0x3f, 0x0d, 0x1a, 0x0b, 0x72, 0x66, 0x69, 0x6c, 0x65, 0x2e, 0x66, 0x6c, 0x61, - 0x67, 0x73, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x10, 0x0a, 0x03, 0x70, 0x6f, 0x73, - 0x18, 0x03, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x70, 0x6f, 0x73, 0x12, 0x1f, 0x0a, 0x04, 0x66, - 0x6f, 0x77, 0x6e, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x0b, 0x2e, 0x66, 0x6f, 0x77, 0x6e, - 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x12, 0x19, 0x0a, 0x08, - 0x6d, 0x61, 0x70, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x05, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, - 0x6d, 0x61, 0x70, 0x54, 0x79, 0x70, 0x65, 0x12, 0x19, 0x0a, 0x08, 0x6b, 0x65, 0x79, 0x5f, 0x73, - 0x69, 0x7a, 0x65, 0x18, 0x06, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x6b, 0x65, 0x79, 0x53, 0x69, - 0x7a, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x5f, 0x73, 0x69, 0x7a, 0x65, - 0x18, 0x07, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x09, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x53, 0x69, 0x7a, - 0x65, 0x12, 0x15, 0x0a, 0x06, 0x6d, 0x61, 0x70, 0x5f, 0x69, 0x64, 0x18, 0x08, 0x20, 0x02, 0x28, - 0x0d, 0x52, 0x05, 0x6d, 0x61, 0x70, 0x49, 0x64, 0x12, 0x1f, 0x0a, 0x0b, 0x6d, 0x61, 0x78, 0x5f, - 0x65, 0x6e, 0x74, 0x72, 0x69, 0x65, 0x73, 0x18, 0x09, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x0a, 0x6d, - 0x61, 0x78, 0x45, 0x6e, 0x74, 0x72, 0x69, 0x65, 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x6d, 0x61, 0x70, - 0x5f, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x0a, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x08, 0x6d, 0x61, - 0x70, 0x46, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x18, 0x0a, 0x07, 0x6d, 0x65, 0x6d, 0x6c, 0x6f, 0x63, - 0x6b, 0x18, 0x0b, 0x20, 0x02, 0x28, 0x04, 0x52, 0x07, 0x6d, 0x65, 0x6d, 0x6c, 0x6f, 0x63, 0x6b, - 0x12, 0x1d, 0x0a, 0x06, 0x66, 0x72, 0x6f, 0x7a, 0x65, 0x6e, 0x18, 0x0c, 0x20, 0x02, 0x28, 0x08, - 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x06, 0x66, 0x72, 0x6f, 0x7a, 0x65, 0x6e, 0x12, - 0x19, 0x0a, 0x08, 0x6d, 0x61, 0x70, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x0d, 0x20, 0x02, 0x28, - 0x09, 0x52, 0x07, 0x6d, 0x61, 0x70, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1b, 0x0a, 0x07, 0x69, 0x66, - 0x69, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x0e, 0x20, 0x02, 0x28, 0x0d, 0x3a, 0x01, 0x30, 0x52, 0x07, - 0x69, 0x66, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x19, 0x0a, 0x06, 0x6d, 0x6e, 0x74, 0x5f, 0x69, - 0x64, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x11, 0x3a, 0x02, 0x2d, 0x31, 0x52, 0x05, 0x6d, 0x6e, 0x74, - 0x49, 0x64, 0x12, 0x1b, 0x0a, 0x09, 0x6d, 0x61, 0x70, 0x5f, 0x65, 0x78, 0x74, 0x72, 0x61, 0x18, - 0x10, 0x20, 0x01, 0x28, 0x04, 0x52, 0x08, 0x6d, 0x61, 0x70, 0x45, 0x78, 0x74, 0x72, 0x61, -} - -var ( - file_bpfmap_file_proto_rawDescOnce sync.Once - file_bpfmap_file_proto_rawDescData = file_bpfmap_file_proto_rawDesc -) - -func file_bpfmap_file_proto_rawDescGZIP() []byte { - file_bpfmap_file_proto_rawDescOnce.Do(func() { - file_bpfmap_file_proto_rawDescData = protoimpl.X.CompressGZIP(file_bpfmap_file_proto_rawDescData) - }) - return file_bpfmap_file_proto_rawDescData -} - -var file_bpfmap_file_proto_msgTypes = make([]protoimpl.MessageInfo, 1) -var file_bpfmap_file_proto_goTypes = []interface{}{ - (*BpfmapFileEntry)(nil), // 0: bpfmap_file_entry - (*FownEntry)(nil), // 1: fown_entry -} -var file_bpfmap_file_proto_depIdxs = []int32{ - 1, // 0: bpfmap_file_entry.fown:type_name -> fown_entry - 1, // [1:1] is the sub-list for method output_type - 1, // [1:1] is the sub-list for method input_type - 1, // [1:1] is the sub-list for extension type_name - 1, // [1:1] is the sub-list for extension extendee - 0, // [0:1] is the sub-list for field type_name -} - -func init() { file_bpfmap_file_proto_init() } -func file_bpfmap_file_proto_init() { - if File_bpfmap_file_proto != nil { - return - } - file_opts_proto_init() - file_fown_proto_init() - if !protoimpl.UnsafeEnabled { - file_bpfmap_file_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*BpfmapFileEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_bpfmap_file_proto_rawDesc, - NumEnums: 0, - NumMessages: 1, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_bpfmap_file_proto_goTypes, - DependencyIndexes: file_bpfmap_file_proto_depIdxs, - MessageInfos: file_bpfmap_file_proto_msgTypes, - }.Build() - File_bpfmap_file_proto = out.File - file_bpfmap_file_proto_rawDesc = nil - file_bpfmap_file_proto_goTypes = nil - file_bpfmap_file_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/bpfmap-file.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/bpfmap-file.proto deleted file mode 100644 index 895321e13b0..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/bpfmap-file.proto +++ /dev/null @@ -1,25 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -import "opts.proto"; -import "fown.proto"; - -message bpfmap_file_entry { - required uint32 id = 1; - required uint32 flags = 2 [(criu).flags = "rfile.flags"]; - required uint64 pos = 3; - required fown_entry fown = 4; - required uint32 map_type = 5; - required uint32 key_size = 6; - required uint32 value_size = 7; - required uint32 map_id = 8; - required uint32 max_entries = 9; - required uint32 map_flags = 10; - required uint64 memlock = 11; - required bool frozen = 12 [default = false]; - required string map_name = 13; - required uint32 ifindex = 14 [default = 0]; - optional sint32 mnt_id = 15 [default = -1]; - optional uint64 map_extra = 16; -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/cgroup.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/cgroup.pb.go deleted file mode 100644 index db642346a3f..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/cgroup.pb.go +++ /dev/null @@ -1,648 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: cgroup.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type CgroupPerms struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Mode *uint32 `protobuf:"varint,1,req,name=mode" json:"mode,omitempty"` - Uid *uint32 `protobuf:"varint,2,req,name=uid" json:"uid,omitempty"` - Gid *uint32 `protobuf:"varint,3,req,name=gid" json:"gid,omitempty"` -} - -func (x *CgroupPerms) Reset() { - *x = CgroupPerms{} - if protoimpl.UnsafeEnabled { - mi := &file_cgroup_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *CgroupPerms) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*CgroupPerms) ProtoMessage() {} - -func (x *CgroupPerms) ProtoReflect() protoreflect.Message { - mi := &file_cgroup_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use CgroupPerms.ProtoReflect.Descriptor instead. -func (*CgroupPerms) Descriptor() ([]byte, []int) { - return file_cgroup_proto_rawDescGZIP(), []int{0} -} - -func (x *CgroupPerms) GetMode() uint32 { - if x != nil && x.Mode != nil { - return *x.Mode - } - return 0 -} - -func (x *CgroupPerms) GetUid() uint32 { - if x != nil && x.Uid != nil { - return *x.Uid - } - return 0 -} - -func (x *CgroupPerms) GetGid() uint32 { - if x != nil && x.Gid != nil { - return *x.Gid - } - return 0 -} - -type CgroupPropEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Name *string `protobuf:"bytes,1,req,name=name" json:"name,omitempty"` - Value *string `protobuf:"bytes,2,req,name=value" json:"value,omitempty"` - Perms *CgroupPerms `protobuf:"bytes,3,opt,name=perms" json:"perms,omitempty"` -} - -func (x *CgroupPropEntry) Reset() { - *x = CgroupPropEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_cgroup_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *CgroupPropEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*CgroupPropEntry) ProtoMessage() {} - -func (x *CgroupPropEntry) ProtoReflect() protoreflect.Message { - mi := &file_cgroup_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use CgroupPropEntry.ProtoReflect.Descriptor instead. -func (*CgroupPropEntry) Descriptor() ([]byte, []int) { - return file_cgroup_proto_rawDescGZIP(), []int{1} -} - -func (x *CgroupPropEntry) GetName() string { - if x != nil && x.Name != nil { - return *x.Name - } - return "" -} - -func (x *CgroupPropEntry) GetValue() string { - if x != nil && x.Value != nil { - return *x.Value - } - return "" -} - -func (x *CgroupPropEntry) GetPerms() *CgroupPerms { - if x != nil { - return x.Perms - } - return nil -} - -type CgroupDirEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - DirName *string `protobuf:"bytes,1,req,name=dir_name,json=dirName" json:"dir_name,omitempty"` - Children []*CgroupDirEntry `protobuf:"bytes,2,rep,name=children" json:"children,omitempty"` - Properties []*CgroupPropEntry `protobuf:"bytes,3,rep,name=properties" json:"properties,omitempty"` - DirPerms *CgroupPerms `protobuf:"bytes,4,opt,name=dir_perms,json=dirPerms" json:"dir_perms,omitempty"` -} - -func (x *CgroupDirEntry) Reset() { - *x = CgroupDirEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_cgroup_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *CgroupDirEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*CgroupDirEntry) ProtoMessage() {} - -func (x *CgroupDirEntry) ProtoReflect() protoreflect.Message { - mi := &file_cgroup_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use CgroupDirEntry.ProtoReflect.Descriptor instead. -func (*CgroupDirEntry) Descriptor() ([]byte, []int) { - return file_cgroup_proto_rawDescGZIP(), []int{2} -} - -func (x *CgroupDirEntry) GetDirName() string { - if x != nil && x.DirName != nil { - return *x.DirName - } - return "" -} - -func (x *CgroupDirEntry) GetChildren() []*CgroupDirEntry { - if x != nil { - return x.Children - } - return nil -} - -func (x *CgroupDirEntry) GetProperties() []*CgroupPropEntry { - if x != nil { - return x.Properties - } - return nil -} - -func (x *CgroupDirEntry) GetDirPerms() *CgroupPerms { - if x != nil { - return x.DirPerms - } - return nil -} - -type CgControllerEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Cnames []string `protobuf:"bytes,1,rep,name=cnames" json:"cnames,omitempty"` - Dirs []*CgroupDirEntry `protobuf:"bytes,2,rep,name=dirs" json:"dirs,omitempty"` -} - -func (x *CgControllerEntry) Reset() { - *x = CgControllerEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_cgroup_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *CgControllerEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*CgControllerEntry) ProtoMessage() {} - -func (x *CgControllerEntry) ProtoReflect() protoreflect.Message { - mi := &file_cgroup_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use CgControllerEntry.ProtoReflect.Descriptor instead. -func (*CgControllerEntry) Descriptor() ([]byte, []int) { - return file_cgroup_proto_rawDescGZIP(), []int{3} -} - -func (x *CgControllerEntry) GetCnames() []string { - if x != nil { - return x.Cnames - } - return nil -} - -func (x *CgControllerEntry) GetDirs() []*CgroupDirEntry { - if x != nil { - return x.Dirs - } - return nil -} - -type CgMemberEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Name *string `protobuf:"bytes,1,req,name=name" json:"name,omitempty"` - Path *string `protobuf:"bytes,2,req,name=path" json:"path,omitempty"` - CgnsPrefix *uint32 `protobuf:"varint,3,opt,name=cgns_prefix,json=cgnsPrefix" json:"cgns_prefix,omitempty"` -} - -func (x *CgMemberEntry) Reset() { - *x = CgMemberEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_cgroup_proto_msgTypes[4] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *CgMemberEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*CgMemberEntry) ProtoMessage() {} - -func (x *CgMemberEntry) ProtoReflect() protoreflect.Message { - mi := &file_cgroup_proto_msgTypes[4] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use CgMemberEntry.ProtoReflect.Descriptor instead. -func (*CgMemberEntry) Descriptor() ([]byte, []int) { - return file_cgroup_proto_rawDescGZIP(), []int{4} -} - -func (x *CgMemberEntry) GetName() string { - if x != nil && x.Name != nil { - return *x.Name - } - return "" -} - -func (x *CgMemberEntry) GetPath() string { - if x != nil && x.Path != nil { - return *x.Path - } - return "" -} - -func (x *CgMemberEntry) GetCgnsPrefix() uint32 { - if x != nil && x.CgnsPrefix != nil { - return *x.CgnsPrefix - } - return 0 -} - -type CgSetEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Id *uint32 `protobuf:"varint,1,req,name=id" json:"id,omitempty"` - Ctls []*CgMemberEntry `protobuf:"bytes,2,rep,name=ctls" json:"ctls,omitempty"` -} - -func (x *CgSetEntry) Reset() { - *x = CgSetEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_cgroup_proto_msgTypes[5] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *CgSetEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*CgSetEntry) ProtoMessage() {} - -func (x *CgSetEntry) ProtoReflect() protoreflect.Message { - mi := &file_cgroup_proto_msgTypes[5] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use CgSetEntry.ProtoReflect.Descriptor instead. -func (*CgSetEntry) Descriptor() ([]byte, []int) { - return file_cgroup_proto_rawDescGZIP(), []int{5} -} - -func (x *CgSetEntry) GetId() uint32 { - if x != nil && x.Id != nil { - return *x.Id - } - return 0 -} - -func (x *CgSetEntry) GetCtls() []*CgMemberEntry { - if x != nil { - return x.Ctls - } - return nil -} - -type CgroupEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Sets []*CgSetEntry `protobuf:"bytes,1,rep,name=sets" json:"sets,omitempty"` - Controllers []*CgControllerEntry `protobuf:"bytes,2,rep,name=controllers" json:"controllers,omitempty"` -} - -func (x *CgroupEntry) Reset() { - *x = CgroupEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_cgroup_proto_msgTypes[6] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *CgroupEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*CgroupEntry) ProtoMessage() {} - -func (x *CgroupEntry) ProtoReflect() protoreflect.Message { - mi := &file_cgroup_proto_msgTypes[6] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use CgroupEntry.ProtoReflect.Descriptor instead. -func (*CgroupEntry) Descriptor() ([]byte, []int) { - return file_cgroup_proto_rawDescGZIP(), []int{6} -} - -func (x *CgroupEntry) GetSets() []*CgSetEntry { - if x != nil { - return x.Sets - } - return nil -} - -func (x *CgroupEntry) GetControllers() []*CgControllerEntry { - if x != nil { - return x.Controllers - } - return nil -} - -var File_cgroup_proto protoreflect.FileDescriptor - -var file_cgroup_proto_rawDesc = []byte{ - 0x0a, 0x0c, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x46, - 0x0a, 0x0c, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x70, 0x65, 0x72, 0x6d, 0x73, 0x12, 0x12, - 0x0a, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x6d, 0x6f, - 0x64, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x69, 0x64, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, - 0x03, 0x75, 0x69, 0x64, 0x12, 0x10, 0x0a, 0x03, 0x67, 0x69, 0x64, 0x18, 0x03, 0x20, 0x02, 0x28, - 0x0d, 0x52, 0x03, 0x67, 0x69, 0x64, 0x22, 0x62, 0x0a, 0x11, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, - 0x5f, 0x70, 0x72, 0x6f, 0x70, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x6e, - 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, - 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x02, 0x28, 0x09, 0x52, 0x05, - 0x76, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x23, 0x0a, 0x05, 0x70, 0x65, 0x72, 0x6d, 0x73, 0x18, 0x03, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0d, 0x2e, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x70, 0x65, - 0x72, 0x6d, 0x73, 0x52, 0x05, 0x70, 0x65, 0x72, 0x6d, 0x73, 0x22, 0xbc, 0x01, 0x0a, 0x10, 0x63, - 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x64, 0x69, 0x72, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, - 0x19, 0x0a, 0x08, 0x64, 0x69, 0x72, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, - 0x09, 0x52, 0x07, 0x64, 0x69, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x2d, 0x0a, 0x08, 0x63, 0x68, - 0x69, 0x6c, 0x64, 0x72, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x63, - 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x64, 0x69, 0x72, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, - 0x08, 0x63, 0x68, 0x69, 0x6c, 0x64, 0x72, 0x65, 0x6e, 0x12, 0x32, 0x0a, 0x0a, 0x70, 0x72, 0x6f, - 0x70, 0x65, 0x72, 0x74, 0x69, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x12, 0x2e, - 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x70, 0x72, 0x6f, 0x70, 0x5f, 0x65, 0x6e, 0x74, 0x72, - 0x79, 0x52, 0x0a, 0x70, 0x72, 0x6f, 0x70, 0x65, 0x72, 0x74, 0x69, 0x65, 0x73, 0x12, 0x2a, 0x0a, - 0x09, 0x64, 0x69, 0x72, 0x5f, 0x70, 0x65, 0x72, 0x6d, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x0d, 0x2e, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x70, 0x65, 0x72, 0x6d, 0x73, 0x52, - 0x08, 0x64, 0x69, 0x72, 0x50, 0x65, 0x72, 0x6d, 0x73, 0x22, 0x54, 0x0a, 0x13, 0x63, 0x67, 0x5f, - 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, - 0x12, 0x16, 0x0a, 0x06, 0x63, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, - 0x52, 0x06, 0x63, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x25, 0x0a, 0x04, 0x64, 0x69, 0x72, 0x73, - 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, - 0x64, 0x69, 0x72, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x64, 0x69, 0x72, 0x73, 0x22, - 0x5a, 0x0a, 0x0f, 0x63, 0x67, 0x5f, 0x6d, 0x65, 0x6d, 0x62, 0x65, 0x72, 0x5f, 0x65, 0x6e, 0x74, - 0x72, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x09, - 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x02, - 0x20, 0x02, 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x12, 0x1f, 0x0a, 0x0b, 0x63, 0x67, - 0x6e, 0x73, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0d, 0x52, - 0x0a, 0x63, 0x67, 0x6e, 0x73, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x22, 0x44, 0x0a, 0x0c, 0x63, - 0x67, 0x5f, 0x73, 0x65, 0x74, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, - 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, 0x24, 0x0a, 0x04, 0x63, - 0x74, 0x6c, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x63, 0x67, 0x5f, 0x6d, - 0x65, 0x6d, 0x62, 0x65, 0x72, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x63, 0x74, 0x6c, - 0x73, 0x22, 0x69, 0x0a, 0x0c, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x65, 0x6e, 0x74, 0x72, - 0x79, 0x12, 0x21, 0x0a, 0x04, 0x73, 0x65, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, - 0x0d, 0x2e, 0x63, 0x67, 0x5f, 0x73, 0x65, 0x74, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, - 0x73, 0x65, 0x74, 0x73, 0x12, 0x36, 0x0a, 0x0b, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, - 0x65, 0x72, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x63, 0x67, 0x5f, 0x63, - 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, - 0x0b, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x73, -} - -var ( - file_cgroup_proto_rawDescOnce sync.Once - file_cgroup_proto_rawDescData = file_cgroup_proto_rawDesc -) - -func file_cgroup_proto_rawDescGZIP() []byte { - file_cgroup_proto_rawDescOnce.Do(func() { - file_cgroup_proto_rawDescData = protoimpl.X.CompressGZIP(file_cgroup_proto_rawDescData) - }) - return file_cgroup_proto_rawDescData -} - -var file_cgroup_proto_msgTypes = make([]protoimpl.MessageInfo, 7) -var file_cgroup_proto_goTypes = []interface{}{ - (*CgroupPerms)(nil), // 0: cgroup_perms - (*CgroupPropEntry)(nil), // 1: cgroup_prop_entry - (*CgroupDirEntry)(nil), // 2: cgroup_dir_entry - (*CgControllerEntry)(nil), // 3: cg_controller_entry - (*CgMemberEntry)(nil), // 4: cg_member_entry - (*CgSetEntry)(nil), // 5: cg_set_entry - (*CgroupEntry)(nil), // 6: cgroup_entry -} -var file_cgroup_proto_depIdxs = []int32{ - 0, // 0: cgroup_prop_entry.perms:type_name -> cgroup_perms - 2, // 1: cgroup_dir_entry.children:type_name -> cgroup_dir_entry - 1, // 2: cgroup_dir_entry.properties:type_name -> cgroup_prop_entry - 0, // 3: cgroup_dir_entry.dir_perms:type_name -> cgroup_perms - 2, // 4: cg_controller_entry.dirs:type_name -> cgroup_dir_entry - 4, // 5: cg_set_entry.ctls:type_name -> cg_member_entry - 5, // 6: cgroup_entry.sets:type_name -> cg_set_entry - 3, // 7: cgroup_entry.controllers:type_name -> cg_controller_entry - 8, // [8:8] is the sub-list for method output_type - 8, // [8:8] is the sub-list for method input_type - 8, // [8:8] is the sub-list for extension type_name - 8, // [8:8] is the sub-list for extension extendee - 0, // [0:8] is the sub-list for field type_name -} - -func init() { file_cgroup_proto_init() } -func file_cgroup_proto_init() { - if File_cgroup_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_cgroup_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*CgroupPerms); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_cgroup_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*CgroupPropEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_cgroup_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*CgroupDirEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_cgroup_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*CgControllerEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_cgroup_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*CgMemberEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_cgroup_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*CgSetEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_cgroup_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*CgroupEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_cgroup_proto_rawDesc, - NumEnums: 0, - NumMessages: 7, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_cgroup_proto_goTypes, - DependencyIndexes: file_cgroup_proto_depIdxs, - MessageInfos: file_cgroup_proto_msgTypes, - }.Build() - File_cgroup_proto = out.File - file_cgroup_proto_rawDesc = nil - file_cgroup_proto_goTypes = nil - file_cgroup_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/cgroup.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/cgroup.proto deleted file mode 100644 index ee035412408..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/cgroup.proto +++ /dev/null @@ -1,43 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -message cgroup_perms { - required uint32 mode = 1; - required uint32 uid = 2; - required uint32 gid = 3; -} - -message cgroup_prop_entry { - required string name = 1; - required string value = 2; - optional cgroup_perms perms = 3; -} - -message cgroup_dir_entry { - required string dir_name = 1; - repeated cgroup_dir_entry children = 2; - repeated cgroup_prop_entry properties = 3; - optional cgroup_perms dir_perms = 4; -} - -message cg_controller_entry { - repeated string cnames = 1; - repeated cgroup_dir_entry dirs = 2; -} - -message cg_member_entry { - required string name = 1; - required string path = 2; - optional uint32 cgns_prefix = 3; -} - -message cg_set_entry { - required uint32 id = 1; - repeated cg_member_entry ctls = 2; -} - -message cgroup_entry { - repeated cg_set_entry sets = 1; - repeated cg_controller_entry controllers = 2; -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-aarch64.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-aarch64.pb.go deleted file mode 100644 index 3001acd9f02..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-aarch64.pb.go +++ /dev/null @@ -1,353 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: core-aarch64.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type UserAarch64RegsEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Regs []uint64 `protobuf:"varint,1,rep,name=regs" json:"regs,omitempty"` - Sp *uint64 `protobuf:"varint,2,req,name=sp" json:"sp,omitempty"` - Pc *uint64 `protobuf:"varint,3,req,name=pc" json:"pc,omitempty"` - Pstate *uint64 `protobuf:"varint,4,req,name=pstate" json:"pstate,omitempty"` -} - -func (x *UserAarch64RegsEntry) Reset() { - *x = UserAarch64RegsEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_core_aarch64_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *UserAarch64RegsEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*UserAarch64RegsEntry) ProtoMessage() {} - -func (x *UserAarch64RegsEntry) ProtoReflect() protoreflect.Message { - mi := &file_core_aarch64_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use UserAarch64RegsEntry.ProtoReflect.Descriptor instead. -func (*UserAarch64RegsEntry) Descriptor() ([]byte, []int) { - return file_core_aarch64_proto_rawDescGZIP(), []int{0} -} - -func (x *UserAarch64RegsEntry) GetRegs() []uint64 { - if x != nil { - return x.Regs - } - return nil -} - -func (x *UserAarch64RegsEntry) GetSp() uint64 { - if x != nil && x.Sp != nil { - return *x.Sp - } - return 0 -} - -func (x *UserAarch64RegsEntry) GetPc() uint64 { - if x != nil && x.Pc != nil { - return *x.Pc - } - return 0 -} - -func (x *UserAarch64RegsEntry) GetPstate() uint64 { - if x != nil && x.Pstate != nil { - return *x.Pstate - } - return 0 -} - -type UserAarch64FpsimdContextEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Vregs []uint64 `protobuf:"varint,1,rep,name=vregs" json:"vregs,omitempty"` - Fpsr *uint32 `protobuf:"varint,2,req,name=fpsr" json:"fpsr,omitempty"` - Fpcr *uint32 `protobuf:"varint,3,req,name=fpcr" json:"fpcr,omitempty"` -} - -func (x *UserAarch64FpsimdContextEntry) Reset() { - *x = UserAarch64FpsimdContextEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_core_aarch64_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *UserAarch64FpsimdContextEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*UserAarch64FpsimdContextEntry) ProtoMessage() {} - -func (x *UserAarch64FpsimdContextEntry) ProtoReflect() protoreflect.Message { - mi := &file_core_aarch64_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use UserAarch64FpsimdContextEntry.ProtoReflect.Descriptor instead. -func (*UserAarch64FpsimdContextEntry) Descriptor() ([]byte, []int) { - return file_core_aarch64_proto_rawDescGZIP(), []int{1} -} - -func (x *UserAarch64FpsimdContextEntry) GetVregs() []uint64 { - if x != nil { - return x.Vregs - } - return nil -} - -func (x *UserAarch64FpsimdContextEntry) GetFpsr() uint32 { - if x != nil && x.Fpsr != nil { - return *x.Fpsr - } - return 0 -} - -func (x *UserAarch64FpsimdContextEntry) GetFpcr() uint32 { - if x != nil && x.Fpcr != nil { - return *x.Fpcr - } - return 0 -} - -type ThreadInfoAarch64 struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - ClearTidAddr *uint64 `protobuf:"varint,1,req,name=clear_tid_addr,json=clearTidAddr" json:"clear_tid_addr,omitempty"` - Tls *uint64 `protobuf:"varint,2,req,name=tls" json:"tls,omitempty"` - Gpregs *UserAarch64RegsEntry `protobuf:"bytes,3,req,name=gpregs" json:"gpregs,omitempty"` - Fpsimd *UserAarch64FpsimdContextEntry `protobuf:"bytes,4,req,name=fpsimd" json:"fpsimd,omitempty"` -} - -func (x *ThreadInfoAarch64) Reset() { - *x = ThreadInfoAarch64{} - if protoimpl.UnsafeEnabled { - mi := &file_core_aarch64_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ThreadInfoAarch64) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ThreadInfoAarch64) ProtoMessage() {} - -func (x *ThreadInfoAarch64) ProtoReflect() protoreflect.Message { - mi := &file_core_aarch64_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ThreadInfoAarch64.ProtoReflect.Descriptor instead. -func (*ThreadInfoAarch64) Descriptor() ([]byte, []int) { - return file_core_aarch64_proto_rawDescGZIP(), []int{2} -} - -func (x *ThreadInfoAarch64) GetClearTidAddr() uint64 { - if x != nil && x.ClearTidAddr != nil { - return *x.ClearTidAddr - } - return 0 -} - -func (x *ThreadInfoAarch64) GetTls() uint64 { - if x != nil && x.Tls != nil { - return *x.Tls - } - return 0 -} - -func (x *ThreadInfoAarch64) GetGpregs() *UserAarch64RegsEntry { - if x != nil { - return x.Gpregs - } - return nil -} - -func (x *ThreadInfoAarch64) GetFpsimd() *UserAarch64FpsimdContextEntry { - if x != nil { - return x.Fpsimd - } - return nil -} - -var File_core_aarch64_proto protoreflect.FileDescriptor - -var file_core_aarch64_proto_rawDesc = []byte{ - 0x0a, 0x12, 0x63, 0x6f, 0x72, 0x65, 0x2d, 0x61, 0x61, 0x72, 0x63, 0x68, 0x36, 0x34, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x22, 0x65, 0x0a, 0x17, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x61, 0x61, 0x72, 0x63, 0x68, 0x36, 0x34, - 0x5f, 0x72, 0x65, 0x67, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x72, - 0x65, 0x67, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x04, 0x52, 0x04, 0x72, 0x65, 0x67, 0x73, 0x12, - 0x0e, 0x0a, 0x02, 0x73, 0x70, 0x18, 0x02, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x73, 0x70, 0x12, - 0x0e, 0x0a, 0x02, 0x70, 0x63, 0x18, 0x03, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x70, 0x63, 0x12, - 0x16, 0x0a, 0x06, 0x70, 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x04, 0x20, 0x02, 0x28, 0x04, 0x52, - 0x06, 0x70, 0x73, 0x74, 0x61, 0x74, 0x65, 0x22, 0x61, 0x0a, 0x21, 0x75, 0x73, 0x65, 0x72, 0x5f, - 0x61, 0x61, 0x72, 0x63, 0x68, 0x36, 0x34, 0x5f, 0x66, 0x70, 0x73, 0x69, 0x6d, 0x64, 0x5f, 0x63, - 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x14, 0x0a, 0x05, - 0x76, 0x72, 0x65, 0x67, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x04, 0x52, 0x05, 0x76, 0x72, 0x65, - 0x67, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x66, 0x70, 0x73, 0x72, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, - 0x52, 0x04, 0x66, 0x70, 0x73, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x66, 0x70, 0x63, 0x72, 0x18, 0x03, - 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x66, 0x70, 0x63, 0x72, 0x22, 0xc9, 0x01, 0x0a, 0x13, 0x74, - 0x68, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x61, 0x61, 0x72, 0x63, 0x68, - 0x36, 0x34, 0x12, 0x2b, 0x0a, 0x0e, 0x63, 0x6c, 0x65, 0x61, 0x72, 0x5f, 0x74, 0x69, 0x64, 0x5f, - 0x61, 0x64, 0x64, 0x72, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, - 0x01, 0x52, 0x0c, 0x63, 0x6c, 0x65, 0x61, 0x72, 0x54, 0x69, 0x64, 0x41, 0x64, 0x64, 0x72, 0x12, - 0x10, 0x0a, 0x03, 0x74, 0x6c, 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x74, 0x6c, - 0x73, 0x12, 0x37, 0x0a, 0x06, 0x67, 0x70, 0x72, 0x65, 0x67, 0x73, 0x18, 0x03, 0x20, 0x02, 0x28, - 0x0b, 0x32, 0x18, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x61, 0x61, 0x72, 0x63, 0x68, 0x36, 0x34, - 0x5f, 0x72, 0x65, 0x67, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x42, 0x05, 0xd2, 0x3f, 0x02, - 0x08, 0x01, 0x52, 0x06, 0x67, 0x70, 0x72, 0x65, 0x67, 0x73, 0x12, 0x3a, 0x0a, 0x06, 0x66, 0x70, - 0x73, 0x69, 0x6d, 0x64, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x75, 0x73, 0x65, - 0x72, 0x5f, 0x61, 0x61, 0x72, 0x63, 0x68, 0x36, 0x34, 0x5f, 0x66, 0x70, 0x73, 0x69, 0x6d, 0x64, - 0x5f, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x06, - 0x66, 0x70, 0x73, 0x69, 0x6d, 0x64, -} - -var ( - file_core_aarch64_proto_rawDescOnce sync.Once - file_core_aarch64_proto_rawDescData = file_core_aarch64_proto_rawDesc -) - -func file_core_aarch64_proto_rawDescGZIP() []byte { - file_core_aarch64_proto_rawDescOnce.Do(func() { - file_core_aarch64_proto_rawDescData = protoimpl.X.CompressGZIP(file_core_aarch64_proto_rawDescData) - }) - return file_core_aarch64_proto_rawDescData -} - -var file_core_aarch64_proto_msgTypes = make([]protoimpl.MessageInfo, 3) -var file_core_aarch64_proto_goTypes = []interface{}{ - (*UserAarch64RegsEntry)(nil), // 0: user_aarch64_regs_entry - (*UserAarch64FpsimdContextEntry)(nil), // 1: user_aarch64_fpsimd_context_entry - (*ThreadInfoAarch64)(nil), // 2: thread_info_aarch64 -} -var file_core_aarch64_proto_depIdxs = []int32{ - 0, // 0: thread_info_aarch64.gpregs:type_name -> user_aarch64_regs_entry - 1, // 1: thread_info_aarch64.fpsimd:type_name -> user_aarch64_fpsimd_context_entry - 2, // [2:2] is the sub-list for method output_type - 2, // [2:2] is the sub-list for method input_type - 2, // [2:2] is the sub-list for extension type_name - 2, // [2:2] is the sub-list for extension extendee - 0, // [0:2] is the sub-list for field type_name -} - -func init() { file_core_aarch64_proto_init() } -func file_core_aarch64_proto_init() { - if File_core_aarch64_proto != nil { - return - } - file_opts_proto_init() - if !protoimpl.UnsafeEnabled { - file_core_aarch64_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*UserAarch64RegsEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_core_aarch64_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*UserAarch64FpsimdContextEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_core_aarch64_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ThreadInfoAarch64); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_core_aarch64_proto_rawDesc, - NumEnums: 0, - NumMessages: 3, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_core_aarch64_proto_goTypes, - DependencyIndexes: file_core_aarch64_proto_depIdxs, - MessageInfos: file_core_aarch64_proto_msgTypes, - }.Build() - File_core_aarch64_proto = out.File - file_core_aarch64_proto_rawDesc = nil - file_core_aarch64_proto_goTypes = nil - file_core_aarch64_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-aarch64.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-aarch64.proto deleted file mode 100644 index 3356e6b7572..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-aarch64.proto +++ /dev/null @@ -1,25 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -import "opts.proto"; - -message user_aarch64_regs_entry { - repeated uint64 regs = 1; - required uint64 sp = 2; - required uint64 pc = 3; - required uint64 pstate = 4; -} - -message user_aarch64_fpsimd_context_entry { - repeated uint64 vregs = 1; - required uint32 fpsr = 2; - required uint32 fpcr = 3; -} - -message thread_info_aarch64 { - required uint64 clear_tid_addr = 1[(criu).hex = true]; - required uint64 tls = 2; - required user_aarch64_regs_entry gpregs = 3[(criu).hex = true]; - required user_aarch64_fpsimd_context_entry fpsimd = 4; -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-arm.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-arm.pb.go deleted file mode 100644 index d59fd6b1024..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-arm.pb.go +++ /dev/null @@ -1,497 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: core-arm.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type UserArmRegsEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - R0 *uint32 `protobuf:"varint,1,req,name=r0" json:"r0,omitempty"` - R1 *uint32 `protobuf:"varint,2,req,name=r1" json:"r1,omitempty"` - R2 *uint32 `protobuf:"varint,3,req,name=r2" json:"r2,omitempty"` - R3 *uint32 `protobuf:"varint,4,req,name=r3" json:"r3,omitempty"` - R4 *uint32 `protobuf:"varint,5,req,name=r4" json:"r4,omitempty"` - R5 *uint32 `protobuf:"varint,6,req,name=r5" json:"r5,omitempty"` - R6 *uint32 `protobuf:"varint,7,req,name=r6" json:"r6,omitempty"` - R7 *uint32 `protobuf:"varint,8,req,name=r7" json:"r7,omitempty"` - R8 *uint32 `protobuf:"varint,9,req,name=r8" json:"r8,omitempty"` - R9 *uint32 `protobuf:"varint,10,req,name=r9" json:"r9,omitempty"` - R10 *uint32 `protobuf:"varint,11,req,name=r10" json:"r10,omitempty"` - Fp *uint32 `protobuf:"varint,12,req,name=fp" json:"fp,omitempty"` - Ip *uint32 `protobuf:"varint,13,req,name=ip" json:"ip,omitempty"` - Sp *uint32 `protobuf:"varint,14,req,name=sp" json:"sp,omitempty"` - Lr *uint32 `protobuf:"varint,15,req,name=lr" json:"lr,omitempty"` - Pc *uint32 `protobuf:"varint,16,req,name=pc" json:"pc,omitempty"` - Cpsr *uint32 `protobuf:"varint,17,req,name=cpsr" json:"cpsr,omitempty"` - OrigR0 *uint32 `protobuf:"varint,18,req,name=orig_r0,json=origR0" json:"orig_r0,omitempty"` -} - -func (x *UserArmRegsEntry) Reset() { - *x = UserArmRegsEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_core_arm_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *UserArmRegsEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*UserArmRegsEntry) ProtoMessage() {} - -func (x *UserArmRegsEntry) ProtoReflect() protoreflect.Message { - mi := &file_core_arm_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use UserArmRegsEntry.ProtoReflect.Descriptor instead. -func (*UserArmRegsEntry) Descriptor() ([]byte, []int) { - return file_core_arm_proto_rawDescGZIP(), []int{0} -} - -func (x *UserArmRegsEntry) GetR0() uint32 { - if x != nil && x.R0 != nil { - return *x.R0 - } - return 0 -} - -func (x *UserArmRegsEntry) GetR1() uint32 { - if x != nil && x.R1 != nil { - return *x.R1 - } - return 0 -} - -func (x *UserArmRegsEntry) GetR2() uint32 { - if x != nil && x.R2 != nil { - return *x.R2 - } - return 0 -} - -func (x *UserArmRegsEntry) GetR3() uint32 { - if x != nil && x.R3 != nil { - return *x.R3 - } - return 0 -} - -func (x *UserArmRegsEntry) GetR4() uint32 { - if x != nil && x.R4 != nil { - return *x.R4 - } - return 0 -} - -func (x *UserArmRegsEntry) GetR5() uint32 { - if x != nil && x.R5 != nil { - return *x.R5 - } - return 0 -} - -func (x *UserArmRegsEntry) GetR6() uint32 { - if x != nil && x.R6 != nil { - return *x.R6 - } - return 0 -} - -func (x *UserArmRegsEntry) GetR7() uint32 { - if x != nil && x.R7 != nil { - return *x.R7 - } - return 0 -} - -func (x *UserArmRegsEntry) GetR8() uint32 { - if x != nil && x.R8 != nil { - return *x.R8 - } - return 0 -} - -func (x *UserArmRegsEntry) GetR9() uint32 { - if x != nil && x.R9 != nil { - return *x.R9 - } - return 0 -} - -func (x *UserArmRegsEntry) GetR10() uint32 { - if x != nil && x.R10 != nil { - return *x.R10 - } - return 0 -} - -func (x *UserArmRegsEntry) GetFp() uint32 { - if x != nil && x.Fp != nil { - return *x.Fp - } - return 0 -} - -func (x *UserArmRegsEntry) GetIp() uint32 { - if x != nil && x.Ip != nil { - return *x.Ip - } - return 0 -} - -func (x *UserArmRegsEntry) GetSp() uint32 { - if x != nil && x.Sp != nil { - return *x.Sp - } - return 0 -} - -func (x *UserArmRegsEntry) GetLr() uint32 { - if x != nil && x.Lr != nil { - return *x.Lr - } - return 0 -} - -func (x *UserArmRegsEntry) GetPc() uint32 { - if x != nil && x.Pc != nil { - return *x.Pc - } - return 0 -} - -func (x *UserArmRegsEntry) GetCpsr() uint32 { - if x != nil && x.Cpsr != nil { - return *x.Cpsr - } - return 0 -} - -func (x *UserArmRegsEntry) GetOrigR0() uint32 { - if x != nil && x.OrigR0 != nil { - return *x.OrigR0 - } - return 0 -} - -type UserArmVfpstateEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - VfpRegs []uint64 `protobuf:"varint,1,rep,name=vfp_regs,json=vfpRegs" json:"vfp_regs,omitempty"` - Fpscr *uint32 `protobuf:"varint,2,req,name=fpscr" json:"fpscr,omitempty"` - Fpexc *uint32 `protobuf:"varint,3,req,name=fpexc" json:"fpexc,omitempty"` - Fpinst *uint32 `protobuf:"varint,4,req,name=fpinst" json:"fpinst,omitempty"` - Fpinst2 *uint32 `protobuf:"varint,5,req,name=fpinst2" json:"fpinst2,omitempty"` -} - -func (x *UserArmVfpstateEntry) Reset() { - *x = UserArmVfpstateEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_core_arm_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *UserArmVfpstateEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*UserArmVfpstateEntry) ProtoMessage() {} - -func (x *UserArmVfpstateEntry) ProtoReflect() protoreflect.Message { - mi := &file_core_arm_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use UserArmVfpstateEntry.ProtoReflect.Descriptor instead. -func (*UserArmVfpstateEntry) Descriptor() ([]byte, []int) { - return file_core_arm_proto_rawDescGZIP(), []int{1} -} - -func (x *UserArmVfpstateEntry) GetVfpRegs() []uint64 { - if x != nil { - return x.VfpRegs - } - return nil -} - -func (x *UserArmVfpstateEntry) GetFpscr() uint32 { - if x != nil && x.Fpscr != nil { - return *x.Fpscr - } - return 0 -} - -func (x *UserArmVfpstateEntry) GetFpexc() uint32 { - if x != nil && x.Fpexc != nil { - return *x.Fpexc - } - return 0 -} - -func (x *UserArmVfpstateEntry) GetFpinst() uint32 { - if x != nil && x.Fpinst != nil { - return *x.Fpinst - } - return 0 -} - -func (x *UserArmVfpstateEntry) GetFpinst2() uint32 { - if x != nil && x.Fpinst2 != nil { - return *x.Fpinst2 - } - return 0 -} - -type ThreadInfoArm struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - ClearTidAddr *uint64 `protobuf:"varint,1,req,name=clear_tid_addr,json=clearTidAddr" json:"clear_tid_addr,omitempty"` - Tls *uint32 `protobuf:"varint,2,req,name=tls" json:"tls,omitempty"` - Gpregs *UserArmRegsEntry `protobuf:"bytes,3,req,name=gpregs" json:"gpregs,omitempty"` - Fpstate *UserArmVfpstateEntry `protobuf:"bytes,4,req,name=fpstate" json:"fpstate,omitempty"` -} - -func (x *ThreadInfoArm) Reset() { - *x = ThreadInfoArm{} - if protoimpl.UnsafeEnabled { - mi := &file_core_arm_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ThreadInfoArm) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ThreadInfoArm) ProtoMessage() {} - -func (x *ThreadInfoArm) ProtoReflect() protoreflect.Message { - mi := &file_core_arm_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ThreadInfoArm.ProtoReflect.Descriptor instead. -func (*ThreadInfoArm) Descriptor() ([]byte, []int) { - return file_core_arm_proto_rawDescGZIP(), []int{2} -} - -func (x *ThreadInfoArm) GetClearTidAddr() uint64 { - if x != nil && x.ClearTidAddr != nil { - return *x.ClearTidAddr - } - return 0 -} - -func (x *ThreadInfoArm) GetTls() uint32 { - if x != nil && x.Tls != nil { - return *x.Tls - } - return 0 -} - -func (x *ThreadInfoArm) GetGpregs() *UserArmRegsEntry { - if x != nil { - return x.Gpregs - } - return nil -} - -func (x *ThreadInfoArm) GetFpstate() *UserArmVfpstateEntry { - if x != nil { - return x.Fpstate - } - return nil -} - -var File_core_arm_proto protoreflect.FileDescriptor - -var file_core_arm_proto_rawDesc = []byte{ - 0x0a, 0x0e, 0x63, 0x6f, 0x72, 0x65, 0x2d, 0x61, 0x72, 0x6d, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xc4, 0x02, 0x0a, - 0x13, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x61, 0x72, 0x6d, 0x5f, 0x72, 0x65, 0x67, 0x73, 0x5f, 0x65, - 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x30, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, - 0x52, 0x02, 0x72, 0x30, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x31, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, - 0x52, 0x02, 0x72, 0x31, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x32, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, - 0x52, 0x02, 0x72, 0x32, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x33, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, - 0x52, 0x02, 0x72, 0x33, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x34, 0x18, 0x05, 0x20, 0x02, 0x28, 0x0d, - 0x52, 0x02, 0x72, 0x34, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x35, 0x18, 0x06, 0x20, 0x02, 0x28, 0x0d, - 0x52, 0x02, 0x72, 0x35, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x36, 0x18, 0x07, 0x20, 0x02, 0x28, 0x0d, - 0x52, 0x02, 0x72, 0x36, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x37, 0x18, 0x08, 0x20, 0x02, 0x28, 0x0d, - 0x52, 0x02, 0x72, 0x37, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x38, 0x18, 0x09, 0x20, 0x02, 0x28, 0x0d, - 0x52, 0x02, 0x72, 0x38, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x39, 0x18, 0x0a, 0x20, 0x02, 0x28, 0x0d, - 0x52, 0x02, 0x72, 0x39, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, 0x30, 0x18, 0x0b, 0x20, 0x02, 0x28, - 0x0d, 0x52, 0x03, 0x72, 0x31, 0x30, 0x12, 0x0e, 0x0a, 0x02, 0x66, 0x70, 0x18, 0x0c, 0x20, 0x02, - 0x28, 0x0d, 0x52, 0x02, 0x66, 0x70, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x70, 0x18, 0x0d, 0x20, 0x02, - 0x28, 0x0d, 0x52, 0x02, 0x69, 0x70, 0x12, 0x0e, 0x0a, 0x02, 0x73, 0x70, 0x18, 0x0e, 0x20, 0x02, - 0x28, 0x0d, 0x52, 0x02, 0x73, 0x70, 0x12, 0x0e, 0x0a, 0x02, 0x6c, 0x72, 0x18, 0x0f, 0x20, 0x02, - 0x28, 0x0d, 0x52, 0x02, 0x6c, 0x72, 0x12, 0x0e, 0x0a, 0x02, 0x70, 0x63, 0x18, 0x10, 0x20, 0x02, - 0x28, 0x0d, 0x52, 0x02, 0x70, 0x63, 0x12, 0x12, 0x0a, 0x04, 0x63, 0x70, 0x73, 0x72, 0x18, 0x11, - 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x63, 0x70, 0x73, 0x72, 0x12, 0x17, 0x0a, 0x07, 0x6f, 0x72, - 0x69, 0x67, 0x5f, 0x72, 0x30, 0x18, 0x12, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x06, 0x6f, 0x72, 0x69, - 0x67, 0x52, 0x30, 0x22, 0x92, 0x01, 0x0a, 0x17, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x61, 0x72, 0x6d, - 0x5f, 0x76, 0x66, 0x70, 0x73, 0x74, 0x61, 0x74, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, - 0x19, 0x0a, 0x08, 0x76, 0x66, 0x70, 0x5f, 0x72, 0x65, 0x67, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, - 0x04, 0x52, 0x07, 0x76, 0x66, 0x70, 0x52, 0x65, 0x67, 0x73, 0x12, 0x14, 0x0a, 0x05, 0x66, 0x70, - 0x73, 0x63, 0x72, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x66, 0x70, 0x73, 0x63, 0x72, - 0x12, 0x14, 0x0a, 0x05, 0x66, 0x70, 0x65, 0x78, 0x63, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, - 0x05, 0x66, 0x70, 0x65, 0x78, 0x63, 0x12, 0x16, 0x0a, 0x06, 0x66, 0x70, 0x69, 0x6e, 0x73, 0x74, - 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x06, 0x66, 0x70, 0x69, 0x6e, 0x73, 0x74, 0x12, 0x18, - 0x0a, 0x07, 0x66, 0x70, 0x69, 0x6e, 0x73, 0x74, 0x32, 0x18, 0x05, 0x20, 0x02, 0x28, 0x0d, 0x52, - 0x07, 0x66, 0x70, 0x69, 0x6e, 0x73, 0x74, 0x32, 0x22, 0xb9, 0x01, 0x0a, 0x0f, 0x74, 0x68, 0x72, - 0x65, 0x61, 0x64, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x61, 0x72, 0x6d, 0x12, 0x2b, 0x0a, 0x0e, - 0x63, 0x6c, 0x65, 0x61, 0x72, 0x5f, 0x74, 0x69, 0x64, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x18, 0x01, - 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x0c, 0x63, 0x6c, 0x65, - 0x61, 0x72, 0x54, 0x69, 0x64, 0x41, 0x64, 0x64, 0x72, 0x12, 0x10, 0x0a, 0x03, 0x74, 0x6c, 0x73, - 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, 0x74, 0x6c, 0x73, 0x12, 0x33, 0x0a, 0x06, 0x67, - 0x70, 0x72, 0x65, 0x67, 0x73, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x75, 0x73, - 0x65, 0x72, 0x5f, 0x61, 0x72, 0x6d, 0x5f, 0x72, 0x65, 0x67, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, - 0x79, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x06, 0x67, 0x70, 0x72, 0x65, 0x67, 0x73, - 0x12, 0x32, 0x0a, 0x07, 0x66, 0x70, 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x04, 0x20, 0x02, 0x28, - 0x0b, 0x32, 0x18, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x61, 0x72, 0x6d, 0x5f, 0x76, 0x66, 0x70, - 0x73, 0x74, 0x61, 0x74, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x66, 0x70, 0x73, - 0x74, 0x61, 0x74, 0x65, -} - -var ( - file_core_arm_proto_rawDescOnce sync.Once - file_core_arm_proto_rawDescData = file_core_arm_proto_rawDesc -) - -func file_core_arm_proto_rawDescGZIP() []byte { - file_core_arm_proto_rawDescOnce.Do(func() { - file_core_arm_proto_rawDescData = protoimpl.X.CompressGZIP(file_core_arm_proto_rawDescData) - }) - return file_core_arm_proto_rawDescData -} - -var file_core_arm_proto_msgTypes = make([]protoimpl.MessageInfo, 3) -var file_core_arm_proto_goTypes = []interface{}{ - (*UserArmRegsEntry)(nil), // 0: user_arm_regs_entry - (*UserArmVfpstateEntry)(nil), // 1: user_arm_vfpstate_entry - (*ThreadInfoArm)(nil), // 2: thread_info_arm -} -var file_core_arm_proto_depIdxs = []int32{ - 0, // 0: thread_info_arm.gpregs:type_name -> user_arm_regs_entry - 1, // 1: thread_info_arm.fpstate:type_name -> user_arm_vfpstate_entry - 2, // [2:2] is the sub-list for method output_type - 2, // [2:2] is the sub-list for method input_type - 2, // [2:2] is the sub-list for extension type_name - 2, // [2:2] is the sub-list for extension extendee - 0, // [0:2] is the sub-list for field type_name -} - -func init() { file_core_arm_proto_init() } -func file_core_arm_proto_init() { - if File_core_arm_proto != nil { - return - } - file_opts_proto_init() - if !protoimpl.UnsafeEnabled { - file_core_arm_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*UserArmRegsEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_core_arm_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*UserArmVfpstateEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_core_arm_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ThreadInfoArm); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_core_arm_proto_rawDesc, - NumEnums: 0, - NumMessages: 3, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_core_arm_proto_goTypes, - DependencyIndexes: file_core_arm_proto_depIdxs, - MessageInfos: file_core_arm_proto_msgTypes, - }.Build() - File_core_arm_proto = out.File - file_core_arm_proto_rawDesc = nil - file_core_arm_proto_goTypes = nil - file_core_arm_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-arm.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-arm.proto deleted file mode 100644 index f9c9e80cb62..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-arm.proto +++ /dev/null @@ -1,41 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -import "opts.proto"; - -message user_arm_regs_entry { - required uint32 r0 = 1; - required uint32 r1 = 2; - required uint32 r2 = 3; - required uint32 r3 = 4; - required uint32 r4 = 5; - required uint32 r5 = 6; - required uint32 r6 = 7; - required uint32 r7 = 8; - required uint32 r8 = 9; - required uint32 r9 = 10; - required uint32 r10 = 11; - required uint32 fp = 12; - required uint32 ip = 13; - required uint32 sp = 14; - required uint32 lr = 15; - required uint32 pc = 16; - required uint32 cpsr = 17; - required uint32 orig_r0 = 18; -} - -message user_arm_vfpstate_entry { - repeated uint64 vfp_regs = 1; - required uint32 fpscr = 2; - required uint32 fpexc = 3; - required uint32 fpinst = 4; - required uint32 fpinst2 = 5; -} - -message thread_info_arm { - required uint64 clear_tid_addr = 1[(criu).hex = true]; - required uint32 tls = 2; - required user_arm_regs_entry gpregs = 3[(criu).hex = true]; - required user_arm_vfpstate_entry fpstate = 4; -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-mips.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-mips.pb.go deleted file mode 100644 index 9b9e7982b18..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-mips.pb.go +++ /dev/null @@ -1,963 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: core-mips.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type UserMipsRegsEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - R0 *uint64 `protobuf:"varint,1,req,name=r0" json:"r0,omitempty"` - R1 *uint64 `protobuf:"varint,2,req,name=r1" json:"r1,omitempty"` - R2 *uint64 `protobuf:"varint,3,req,name=r2" json:"r2,omitempty"` - R3 *uint64 `protobuf:"varint,4,req,name=r3" json:"r3,omitempty"` - R4 *uint64 `protobuf:"varint,5,req,name=r4" json:"r4,omitempty"` - R5 *uint64 `protobuf:"varint,6,req,name=r5" json:"r5,omitempty"` - R6 *uint64 `protobuf:"varint,7,req,name=r6" json:"r6,omitempty"` - R7 *uint64 `protobuf:"varint,8,req,name=r7" json:"r7,omitempty"` - R8 *uint64 `protobuf:"varint,9,req,name=r8" json:"r8,omitempty"` - R9 *uint64 `protobuf:"varint,10,req,name=r9" json:"r9,omitempty"` - R10 *uint64 `protobuf:"varint,11,req,name=r10" json:"r10,omitempty"` - R11 *uint64 `protobuf:"varint,12,req,name=r11" json:"r11,omitempty"` - R12 *uint64 `protobuf:"varint,13,req,name=r12" json:"r12,omitempty"` - R13 *uint64 `protobuf:"varint,14,req,name=r13" json:"r13,omitempty"` - R14 *uint64 `protobuf:"varint,15,req,name=r14" json:"r14,omitempty"` - R15 *uint64 `protobuf:"varint,16,req,name=r15" json:"r15,omitempty"` - R16 *uint64 `protobuf:"varint,17,req,name=r16" json:"r16,omitempty"` - R17 *uint64 `protobuf:"varint,18,req,name=r17" json:"r17,omitempty"` - R18 *uint64 `protobuf:"varint,19,req,name=r18" json:"r18,omitempty"` - R19 *uint64 `protobuf:"varint,20,req,name=r19" json:"r19,omitempty"` - R20 *uint64 `protobuf:"varint,21,req,name=r20" json:"r20,omitempty"` - R21 *uint64 `protobuf:"varint,22,req,name=r21" json:"r21,omitempty"` - R22 *uint64 `protobuf:"varint,23,req,name=r22" json:"r22,omitempty"` - R23 *uint64 `protobuf:"varint,24,req,name=r23" json:"r23,omitempty"` - R24 *uint64 `protobuf:"varint,25,req,name=r24" json:"r24,omitempty"` - R25 *uint64 `protobuf:"varint,26,req,name=r25" json:"r25,omitempty"` - R26 *uint64 `protobuf:"varint,27,req,name=r26" json:"r26,omitempty"` - R27 *uint64 `protobuf:"varint,28,req,name=r27" json:"r27,omitempty"` - R28 *uint64 `protobuf:"varint,29,req,name=r28" json:"r28,omitempty"` - R29 *uint64 `protobuf:"varint,30,req,name=r29" json:"r29,omitempty"` - R30 *uint64 `protobuf:"varint,31,req,name=r30" json:"r30,omitempty"` - R31 *uint64 `protobuf:"varint,32,req,name=r31" json:"r31,omitempty"` - Lo *uint64 `protobuf:"varint,33,req,name=lo" json:"lo,omitempty"` - Hi *uint64 `protobuf:"varint,34,req,name=hi" json:"hi,omitempty"` - Cp0Epc *uint64 `protobuf:"varint,35,req,name=cp0_epc,json=cp0Epc" json:"cp0_epc,omitempty"` - Cp0Badvaddr *uint64 `protobuf:"varint,36,req,name=cp0_badvaddr,json=cp0Badvaddr" json:"cp0_badvaddr,omitempty"` - Cp0Status *uint64 `protobuf:"varint,37,req,name=cp0_status,json=cp0Status" json:"cp0_status,omitempty"` - Cp0Cause *uint64 `protobuf:"varint,38,req,name=cp0_cause,json=cp0Cause" json:"cp0_cause,omitempty"` -} - -func (x *UserMipsRegsEntry) Reset() { - *x = UserMipsRegsEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_core_mips_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *UserMipsRegsEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*UserMipsRegsEntry) ProtoMessage() {} - -func (x *UserMipsRegsEntry) ProtoReflect() protoreflect.Message { - mi := &file_core_mips_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use UserMipsRegsEntry.ProtoReflect.Descriptor instead. -func (*UserMipsRegsEntry) Descriptor() ([]byte, []int) { - return file_core_mips_proto_rawDescGZIP(), []int{0} -} - -func (x *UserMipsRegsEntry) GetR0() uint64 { - if x != nil && x.R0 != nil { - return *x.R0 - } - return 0 -} - -func (x *UserMipsRegsEntry) GetR1() uint64 { - if x != nil && x.R1 != nil { - return *x.R1 - } - return 0 -} - -func (x *UserMipsRegsEntry) GetR2() uint64 { - if x != nil && x.R2 != nil { - return *x.R2 - } - return 0 -} - -func (x *UserMipsRegsEntry) GetR3() uint64 { - if x != nil && x.R3 != nil { - return *x.R3 - } - return 0 -} - -func (x *UserMipsRegsEntry) GetR4() uint64 { - if x != nil && x.R4 != nil { - return *x.R4 - } - return 0 -} - -func (x *UserMipsRegsEntry) GetR5() uint64 { - if x != nil && x.R5 != nil { - return *x.R5 - } - return 0 -} - -func (x *UserMipsRegsEntry) GetR6() uint64 { - if x != nil && x.R6 != nil { - return *x.R6 - } - return 0 -} - -func (x *UserMipsRegsEntry) GetR7() uint64 { - if x != nil && x.R7 != nil { - return *x.R7 - } - return 0 -} - -func (x *UserMipsRegsEntry) GetR8() uint64 { - if x != nil && x.R8 != nil { - return *x.R8 - } - return 0 -} - -func (x *UserMipsRegsEntry) GetR9() uint64 { - if x != nil && x.R9 != nil { - return *x.R9 - } - return 0 -} - -func (x *UserMipsRegsEntry) GetR10() uint64 { - if x != nil && x.R10 != nil { - return *x.R10 - } - return 0 -} - -func (x *UserMipsRegsEntry) GetR11() uint64 { - if x != nil && x.R11 != nil { - return *x.R11 - } - return 0 -} - -func (x *UserMipsRegsEntry) GetR12() uint64 { - if x != nil && x.R12 != nil { - return *x.R12 - } - return 0 -} - -func (x *UserMipsRegsEntry) GetR13() uint64 { - if x != nil && x.R13 != nil { - return *x.R13 - } - return 0 -} - -func (x *UserMipsRegsEntry) GetR14() uint64 { - if x != nil && x.R14 != nil { - return *x.R14 - } - return 0 -} - -func (x *UserMipsRegsEntry) GetR15() uint64 { - if x != nil && x.R15 != nil { - return *x.R15 - } - return 0 -} - -func (x *UserMipsRegsEntry) GetR16() uint64 { - if x != nil && x.R16 != nil { - return *x.R16 - } - return 0 -} - -func (x *UserMipsRegsEntry) GetR17() uint64 { - if x != nil && x.R17 != nil { - return *x.R17 - } - return 0 -} - -func (x *UserMipsRegsEntry) GetR18() uint64 { - if x != nil && x.R18 != nil { - return *x.R18 - } - return 0 -} - -func (x *UserMipsRegsEntry) GetR19() uint64 { - if x != nil && x.R19 != nil { - return *x.R19 - } - return 0 -} - -func (x *UserMipsRegsEntry) GetR20() uint64 { - if x != nil && x.R20 != nil { - return *x.R20 - } - return 0 -} - -func (x *UserMipsRegsEntry) GetR21() uint64 { - if x != nil && x.R21 != nil { - return *x.R21 - } - return 0 -} - -func (x *UserMipsRegsEntry) GetR22() uint64 { - if x != nil && x.R22 != nil { - return *x.R22 - } - return 0 -} - -func (x *UserMipsRegsEntry) GetR23() uint64 { - if x != nil && x.R23 != nil { - return *x.R23 - } - return 0 -} - -func (x *UserMipsRegsEntry) GetR24() uint64 { - if x != nil && x.R24 != nil { - return *x.R24 - } - return 0 -} - -func (x *UserMipsRegsEntry) GetR25() uint64 { - if x != nil && x.R25 != nil { - return *x.R25 - } - return 0 -} - -func (x *UserMipsRegsEntry) GetR26() uint64 { - if x != nil && x.R26 != nil { - return *x.R26 - } - return 0 -} - -func (x *UserMipsRegsEntry) GetR27() uint64 { - if x != nil && x.R27 != nil { - return *x.R27 - } - return 0 -} - -func (x *UserMipsRegsEntry) GetR28() uint64 { - if x != nil && x.R28 != nil { - return *x.R28 - } - return 0 -} - -func (x *UserMipsRegsEntry) GetR29() uint64 { - if x != nil && x.R29 != nil { - return *x.R29 - } - return 0 -} - -func (x *UserMipsRegsEntry) GetR30() uint64 { - if x != nil && x.R30 != nil { - return *x.R30 - } - return 0 -} - -func (x *UserMipsRegsEntry) GetR31() uint64 { - if x != nil && x.R31 != nil { - return *x.R31 - } - return 0 -} - -func (x *UserMipsRegsEntry) GetLo() uint64 { - if x != nil && x.Lo != nil { - return *x.Lo - } - return 0 -} - -func (x *UserMipsRegsEntry) GetHi() uint64 { - if x != nil && x.Hi != nil { - return *x.Hi - } - return 0 -} - -func (x *UserMipsRegsEntry) GetCp0Epc() uint64 { - if x != nil && x.Cp0Epc != nil { - return *x.Cp0Epc - } - return 0 -} - -func (x *UserMipsRegsEntry) GetCp0Badvaddr() uint64 { - if x != nil && x.Cp0Badvaddr != nil { - return *x.Cp0Badvaddr - } - return 0 -} - -func (x *UserMipsRegsEntry) GetCp0Status() uint64 { - if x != nil && x.Cp0Status != nil { - return *x.Cp0Status - } - return 0 -} - -func (x *UserMipsRegsEntry) GetCp0Cause() uint64 { - if x != nil && x.Cp0Cause != nil { - return *x.Cp0Cause - } - return 0 -} - -type UserMipsFpregsEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - R0 *uint64 `protobuf:"varint,1,req,name=r0" json:"r0,omitempty"` - R1 *uint64 `protobuf:"varint,2,req,name=r1" json:"r1,omitempty"` - R2 *uint64 `protobuf:"varint,3,req,name=r2" json:"r2,omitempty"` - R3 *uint64 `protobuf:"varint,4,req,name=r3" json:"r3,omitempty"` - R4 *uint64 `protobuf:"varint,5,req,name=r4" json:"r4,omitempty"` - R5 *uint64 `protobuf:"varint,6,req,name=r5" json:"r5,omitempty"` - R6 *uint64 `protobuf:"varint,7,req,name=r6" json:"r6,omitempty"` - R7 *uint64 `protobuf:"varint,8,req,name=r7" json:"r7,omitempty"` - R8 *uint64 `protobuf:"varint,9,req,name=r8" json:"r8,omitempty"` - R9 *uint64 `protobuf:"varint,10,req,name=r9" json:"r9,omitempty"` - R10 *uint64 `protobuf:"varint,11,req,name=r10" json:"r10,omitempty"` - R11 *uint64 `protobuf:"varint,12,req,name=r11" json:"r11,omitempty"` - R12 *uint64 `protobuf:"varint,13,req,name=r12" json:"r12,omitempty"` - R13 *uint64 `protobuf:"varint,14,req,name=r13" json:"r13,omitempty"` - R14 *uint64 `protobuf:"varint,15,req,name=r14" json:"r14,omitempty"` - R15 *uint64 `protobuf:"varint,16,req,name=r15" json:"r15,omitempty"` - R16 *uint64 `protobuf:"varint,17,req,name=r16" json:"r16,omitempty"` - R17 *uint64 `protobuf:"varint,18,req,name=r17" json:"r17,omitempty"` - R18 *uint64 `protobuf:"varint,19,req,name=r18" json:"r18,omitempty"` - R19 *uint64 `protobuf:"varint,20,req,name=r19" json:"r19,omitempty"` - R20 *uint64 `protobuf:"varint,21,req,name=r20" json:"r20,omitempty"` - R21 *uint64 `protobuf:"varint,22,req,name=r21" json:"r21,omitempty"` - R22 *uint64 `protobuf:"varint,23,req,name=r22" json:"r22,omitempty"` - R23 *uint64 `protobuf:"varint,24,req,name=r23" json:"r23,omitempty"` - R24 *uint64 `protobuf:"varint,25,req,name=r24" json:"r24,omitempty"` - R25 *uint64 `protobuf:"varint,26,req,name=r25" json:"r25,omitempty"` - R26 *uint64 `protobuf:"varint,27,req,name=r26" json:"r26,omitempty"` - R27 *uint64 `protobuf:"varint,28,req,name=r27" json:"r27,omitempty"` - R28 *uint64 `protobuf:"varint,29,req,name=r28" json:"r28,omitempty"` - R29 *uint64 `protobuf:"varint,30,req,name=r29" json:"r29,omitempty"` - R30 *uint64 `protobuf:"varint,31,req,name=r30" json:"r30,omitempty"` - R31 *uint64 `protobuf:"varint,32,req,name=r31" json:"r31,omitempty"` - Lo *uint64 `protobuf:"varint,33,req,name=lo" json:"lo,omitempty"` - Hi *uint64 `protobuf:"varint,34,req,name=hi" json:"hi,omitempty"` - FpuFcr31 *uint32 `protobuf:"varint,35,req,name=fpu_fcr31,json=fpuFcr31" json:"fpu_fcr31,omitempty"` - FpuId *uint32 `protobuf:"varint,36,req,name=fpu_id,json=fpuId" json:"fpu_id,omitempty"` -} - -func (x *UserMipsFpregsEntry) Reset() { - *x = UserMipsFpregsEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_core_mips_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *UserMipsFpregsEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*UserMipsFpregsEntry) ProtoMessage() {} - -func (x *UserMipsFpregsEntry) ProtoReflect() protoreflect.Message { - mi := &file_core_mips_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use UserMipsFpregsEntry.ProtoReflect.Descriptor instead. -func (*UserMipsFpregsEntry) Descriptor() ([]byte, []int) { - return file_core_mips_proto_rawDescGZIP(), []int{1} -} - -func (x *UserMipsFpregsEntry) GetR0() uint64 { - if x != nil && x.R0 != nil { - return *x.R0 - } - return 0 -} - -func (x *UserMipsFpregsEntry) GetR1() uint64 { - if x != nil && x.R1 != nil { - return *x.R1 - } - return 0 -} - -func (x *UserMipsFpregsEntry) GetR2() uint64 { - if x != nil && x.R2 != nil { - return *x.R2 - } - return 0 -} - -func (x *UserMipsFpregsEntry) GetR3() uint64 { - if x != nil && x.R3 != nil { - return *x.R3 - } - return 0 -} - -func (x *UserMipsFpregsEntry) GetR4() uint64 { - if x != nil && x.R4 != nil { - return *x.R4 - } - return 0 -} - -func (x *UserMipsFpregsEntry) GetR5() uint64 { - if x != nil && x.R5 != nil { - return *x.R5 - } - return 0 -} - -func (x *UserMipsFpregsEntry) GetR6() uint64 { - if x != nil && x.R6 != nil { - return *x.R6 - } - return 0 -} - -func (x *UserMipsFpregsEntry) GetR7() uint64 { - if x != nil && x.R7 != nil { - return *x.R7 - } - return 0 -} - -func (x *UserMipsFpregsEntry) GetR8() uint64 { - if x != nil && x.R8 != nil { - return *x.R8 - } - return 0 -} - -func (x *UserMipsFpregsEntry) GetR9() uint64 { - if x != nil && x.R9 != nil { - return *x.R9 - } - return 0 -} - -func (x *UserMipsFpregsEntry) GetR10() uint64 { - if x != nil && x.R10 != nil { - return *x.R10 - } - return 0 -} - -func (x *UserMipsFpregsEntry) GetR11() uint64 { - if x != nil && x.R11 != nil { - return *x.R11 - } - return 0 -} - -func (x *UserMipsFpregsEntry) GetR12() uint64 { - if x != nil && x.R12 != nil { - return *x.R12 - } - return 0 -} - -func (x *UserMipsFpregsEntry) GetR13() uint64 { - if x != nil && x.R13 != nil { - return *x.R13 - } - return 0 -} - -func (x *UserMipsFpregsEntry) GetR14() uint64 { - if x != nil && x.R14 != nil { - return *x.R14 - } - return 0 -} - -func (x *UserMipsFpregsEntry) GetR15() uint64 { - if x != nil && x.R15 != nil { - return *x.R15 - } - return 0 -} - -func (x *UserMipsFpregsEntry) GetR16() uint64 { - if x != nil && x.R16 != nil { - return *x.R16 - } - return 0 -} - -func (x *UserMipsFpregsEntry) GetR17() uint64 { - if x != nil && x.R17 != nil { - return *x.R17 - } - return 0 -} - -func (x *UserMipsFpregsEntry) GetR18() uint64 { - if x != nil && x.R18 != nil { - return *x.R18 - } - return 0 -} - -func (x *UserMipsFpregsEntry) GetR19() uint64 { - if x != nil && x.R19 != nil { - return *x.R19 - } - return 0 -} - -func (x *UserMipsFpregsEntry) GetR20() uint64 { - if x != nil && x.R20 != nil { - return *x.R20 - } - return 0 -} - -func (x *UserMipsFpregsEntry) GetR21() uint64 { - if x != nil && x.R21 != nil { - return *x.R21 - } - return 0 -} - -func (x *UserMipsFpregsEntry) GetR22() uint64 { - if x != nil && x.R22 != nil { - return *x.R22 - } - return 0 -} - -func (x *UserMipsFpregsEntry) GetR23() uint64 { - if x != nil && x.R23 != nil { - return *x.R23 - } - return 0 -} - -func (x *UserMipsFpregsEntry) GetR24() uint64 { - if x != nil && x.R24 != nil { - return *x.R24 - } - return 0 -} - -func (x *UserMipsFpregsEntry) GetR25() uint64 { - if x != nil && x.R25 != nil { - return *x.R25 - } - return 0 -} - -func (x *UserMipsFpregsEntry) GetR26() uint64 { - if x != nil && x.R26 != nil { - return *x.R26 - } - return 0 -} - -func (x *UserMipsFpregsEntry) GetR27() uint64 { - if x != nil && x.R27 != nil { - return *x.R27 - } - return 0 -} - -func (x *UserMipsFpregsEntry) GetR28() uint64 { - if x != nil && x.R28 != nil { - return *x.R28 - } - return 0 -} - -func (x *UserMipsFpregsEntry) GetR29() uint64 { - if x != nil && x.R29 != nil { - return *x.R29 - } - return 0 -} - -func (x *UserMipsFpregsEntry) GetR30() uint64 { - if x != nil && x.R30 != nil { - return *x.R30 - } - return 0 -} - -func (x *UserMipsFpregsEntry) GetR31() uint64 { - if x != nil && x.R31 != nil { - return *x.R31 - } - return 0 -} - -func (x *UserMipsFpregsEntry) GetLo() uint64 { - if x != nil && x.Lo != nil { - return *x.Lo - } - return 0 -} - -func (x *UserMipsFpregsEntry) GetHi() uint64 { - if x != nil && x.Hi != nil { - return *x.Hi - } - return 0 -} - -func (x *UserMipsFpregsEntry) GetFpuFcr31() uint32 { - if x != nil && x.FpuFcr31 != nil { - return *x.FpuFcr31 - } - return 0 -} - -func (x *UserMipsFpregsEntry) GetFpuId() uint32 { - if x != nil && x.FpuId != nil { - return *x.FpuId - } - return 0 -} - -type ThreadInfoMips struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - ClearTidAddr *uint64 `protobuf:"varint,1,req,name=clear_tid_addr,json=clearTidAddr" json:"clear_tid_addr,omitempty"` - Tls *uint64 `protobuf:"varint,2,req,name=tls" json:"tls,omitempty"` - Gpregs *UserMipsRegsEntry `protobuf:"bytes,3,req,name=gpregs" json:"gpregs,omitempty"` - Fpregs *UserMipsFpregsEntry `protobuf:"bytes,4,req,name=fpregs" json:"fpregs,omitempty"` -} - -func (x *ThreadInfoMips) Reset() { - *x = ThreadInfoMips{} - if protoimpl.UnsafeEnabled { - mi := &file_core_mips_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ThreadInfoMips) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ThreadInfoMips) ProtoMessage() {} - -func (x *ThreadInfoMips) ProtoReflect() protoreflect.Message { - mi := &file_core_mips_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ThreadInfoMips.ProtoReflect.Descriptor instead. -func (*ThreadInfoMips) Descriptor() ([]byte, []int) { - return file_core_mips_proto_rawDescGZIP(), []int{2} -} - -func (x *ThreadInfoMips) GetClearTidAddr() uint64 { - if x != nil && x.ClearTidAddr != nil { - return *x.ClearTidAddr - } - return 0 -} - -func (x *ThreadInfoMips) GetTls() uint64 { - if x != nil && x.Tls != nil { - return *x.Tls - } - return 0 -} - -func (x *ThreadInfoMips) GetGpregs() *UserMipsRegsEntry { - if x != nil { - return x.Gpregs - } - return nil -} - -func (x *ThreadInfoMips) GetFpregs() *UserMipsFpregsEntry { - if x != nil { - return x.Fpregs - } - return nil -} - -var File_core_mips_proto protoreflect.FileDescriptor - -var file_core_mips_proto_rawDesc = []byte{ - 0x0a, 0x0f, 0x63, 0x6f, 0x72, 0x65, 0x2d, 0x6d, 0x69, 0x70, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xda, 0x05, - 0x0a, 0x14, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x6d, 0x69, 0x70, 0x73, 0x5f, 0x72, 0x65, 0x67, 0x73, - 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x30, 0x18, 0x01, 0x20, 0x02, - 0x28, 0x04, 0x52, 0x02, 0x72, 0x30, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x31, 0x18, 0x02, 0x20, 0x02, - 0x28, 0x04, 0x52, 0x02, 0x72, 0x31, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x32, 0x18, 0x03, 0x20, 0x02, - 0x28, 0x04, 0x52, 0x02, 0x72, 0x32, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x33, 0x18, 0x04, 0x20, 0x02, - 0x28, 0x04, 0x52, 0x02, 0x72, 0x33, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x34, 0x18, 0x05, 0x20, 0x02, - 0x28, 0x04, 0x52, 0x02, 0x72, 0x34, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x35, 0x18, 0x06, 0x20, 0x02, - 0x28, 0x04, 0x52, 0x02, 0x72, 0x35, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x36, 0x18, 0x07, 0x20, 0x02, - 0x28, 0x04, 0x52, 0x02, 0x72, 0x36, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x37, 0x18, 0x08, 0x20, 0x02, - 0x28, 0x04, 0x52, 0x02, 0x72, 0x37, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x38, 0x18, 0x09, 0x20, 0x02, - 0x28, 0x04, 0x52, 0x02, 0x72, 0x38, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x39, 0x18, 0x0a, 0x20, 0x02, - 0x28, 0x04, 0x52, 0x02, 0x72, 0x39, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, 0x30, 0x18, 0x0b, 0x20, - 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x30, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, 0x31, 0x18, - 0x0c, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x31, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, - 0x32, 0x18, 0x0d, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x32, 0x12, 0x10, 0x0a, 0x03, - 0x72, 0x31, 0x33, 0x18, 0x0e, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x33, 0x12, 0x10, - 0x0a, 0x03, 0x72, 0x31, 0x34, 0x18, 0x0f, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x34, - 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, 0x35, 0x18, 0x10, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, - 0x31, 0x35, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, 0x36, 0x18, 0x11, 0x20, 0x02, 0x28, 0x04, 0x52, - 0x03, 0x72, 0x31, 0x36, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, 0x37, 0x18, 0x12, 0x20, 0x02, 0x28, - 0x04, 0x52, 0x03, 0x72, 0x31, 0x37, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, 0x38, 0x18, 0x13, 0x20, - 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x38, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, 0x39, 0x18, - 0x14, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x39, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x32, - 0x30, 0x18, 0x15, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x32, 0x30, 0x12, 0x10, 0x0a, 0x03, - 0x72, 0x32, 0x31, 0x18, 0x16, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x32, 0x31, 0x12, 0x10, - 0x0a, 0x03, 0x72, 0x32, 0x32, 0x18, 0x17, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x32, 0x32, - 0x12, 0x10, 0x0a, 0x03, 0x72, 0x32, 0x33, 0x18, 0x18, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, - 0x32, 0x33, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x32, 0x34, 0x18, 0x19, 0x20, 0x02, 0x28, 0x04, 0x52, - 0x03, 0x72, 0x32, 0x34, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x32, 0x35, 0x18, 0x1a, 0x20, 0x02, 0x28, - 0x04, 0x52, 0x03, 0x72, 0x32, 0x35, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x32, 0x36, 0x18, 0x1b, 0x20, - 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x32, 0x36, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x32, 0x37, 0x18, - 0x1c, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x32, 0x37, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x32, - 0x38, 0x18, 0x1d, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x32, 0x38, 0x12, 0x10, 0x0a, 0x03, - 0x72, 0x32, 0x39, 0x18, 0x1e, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x32, 0x39, 0x12, 0x10, - 0x0a, 0x03, 0x72, 0x33, 0x30, 0x18, 0x1f, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x33, 0x30, - 0x12, 0x10, 0x0a, 0x03, 0x72, 0x33, 0x31, 0x18, 0x20, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, - 0x33, 0x31, 0x12, 0x0e, 0x0a, 0x02, 0x6c, 0x6f, 0x18, 0x21, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, - 0x6c, 0x6f, 0x12, 0x0e, 0x0a, 0x02, 0x68, 0x69, 0x18, 0x22, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, - 0x68, 0x69, 0x12, 0x17, 0x0a, 0x07, 0x63, 0x70, 0x30, 0x5f, 0x65, 0x70, 0x63, 0x18, 0x23, 0x20, - 0x02, 0x28, 0x04, 0x52, 0x06, 0x63, 0x70, 0x30, 0x45, 0x70, 0x63, 0x12, 0x21, 0x0a, 0x0c, 0x63, - 0x70, 0x30, 0x5f, 0x62, 0x61, 0x64, 0x76, 0x61, 0x64, 0x64, 0x72, 0x18, 0x24, 0x20, 0x02, 0x28, - 0x04, 0x52, 0x0b, 0x63, 0x70, 0x30, 0x42, 0x61, 0x64, 0x76, 0x61, 0x64, 0x64, 0x72, 0x12, 0x1d, - 0x0a, 0x0a, 0x63, 0x70, 0x30, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x25, 0x20, 0x02, - 0x28, 0x04, 0x52, 0x09, 0x63, 0x70, 0x30, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x1b, 0x0a, - 0x09, 0x63, 0x70, 0x30, 0x5f, 0x63, 0x61, 0x75, 0x73, 0x65, 0x18, 0x26, 0x20, 0x02, 0x28, 0x04, - 0x52, 0x08, 0x63, 0x70, 0x30, 0x43, 0x61, 0x75, 0x73, 0x65, 0x22, 0x98, 0x05, 0x0a, 0x16, 0x75, - 0x73, 0x65, 0x72, 0x5f, 0x6d, 0x69, 0x70, 0x73, 0x5f, 0x66, 0x70, 0x72, 0x65, 0x67, 0x73, 0x5f, - 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x30, 0x18, 0x01, 0x20, 0x02, 0x28, - 0x04, 0x52, 0x02, 0x72, 0x30, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x31, 0x18, 0x02, 0x20, 0x02, 0x28, - 0x04, 0x52, 0x02, 0x72, 0x31, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x32, 0x18, 0x03, 0x20, 0x02, 0x28, - 0x04, 0x52, 0x02, 0x72, 0x32, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x33, 0x18, 0x04, 0x20, 0x02, 0x28, - 0x04, 0x52, 0x02, 0x72, 0x33, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x34, 0x18, 0x05, 0x20, 0x02, 0x28, - 0x04, 0x52, 0x02, 0x72, 0x34, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x35, 0x18, 0x06, 0x20, 0x02, 0x28, - 0x04, 0x52, 0x02, 0x72, 0x35, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x36, 0x18, 0x07, 0x20, 0x02, 0x28, - 0x04, 0x52, 0x02, 0x72, 0x36, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x37, 0x18, 0x08, 0x20, 0x02, 0x28, - 0x04, 0x52, 0x02, 0x72, 0x37, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x38, 0x18, 0x09, 0x20, 0x02, 0x28, - 0x04, 0x52, 0x02, 0x72, 0x38, 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x39, 0x18, 0x0a, 0x20, 0x02, 0x28, - 0x04, 0x52, 0x02, 0x72, 0x39, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, 0x30, 0x18, 0x0b, 0x20, 0x02, - 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x30, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, 0x31, 0x18, 0x0c, - 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x31, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, 0x32, - 0x18, 0x0d, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x32, 0x12, 0x10, 0x0a, 0x03, 0x72, - 0x31, 0x33, 0x18, 0x0e, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x33, 0x12, 0x10, 0x0a, - 0x03, 0x72, 0x31, 0x34, 0x18, 0x0f, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x34, 0x12, - 0x10, 0x0a, 0x03, 0x72, 0x31, 0x35, 0x18, 0x10, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, - 0x35, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, 0x36, 0x18, 0x11, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, - 0x72, 0x31, 0x36, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, 0x37, 0x18, 0x12, 0x20, 0x02, 0x28, 0x04, - 0x52, 0x03, 0x72, 0x31, 0x37, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, 0x38, 0x18, 0x13, 0x20, 0x02, - 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x38, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, 0x39, 0x18, 0x14, - 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x39, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x32, 0x30, - 0x18, 0x15, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x32, 0x30, 0x12, 0x10, 0x0a, 0x03, 0x72, - 0x32, 0x31, 0x18, 0x16, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x32, 0x31, 0x12, 0x10, 0x0a, - 0x03, 0x72, 0x32, 0x32, 0x18, 0x17, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x32, 0x32, 0x12, - 0x10, 0x0a, 0x03, 0x72, 0x32, 0x33, 0x18, 0x18, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x32, - 0x33, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x32, 0x34, 0x18, 0x19, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, - 0x72, 0x32, 0x34, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x32, 0x35, 0x18, 0x1a, 0x20, 0x02, 0x28, 0x04, - 0x52, 0x03, 0x72, 0x32, 0x35, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x32, 0x36, 0x18, 0x1b, 0x20, 0x02, - 0x28, 0x04, 0x52, 0x03, 0x72, 0x32, 0x36, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x32, 0x37, 0x18, 0x1c, - 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x32, 0x37, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x32, 0x38, - 0x18, 0x1d, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x32, 0x38, 0x12, 0x10, 0x0a, 0x03, 0x72, - 0x32, 0x39, 0x18, 0x1e, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x32, 0x39, 0x12, 0x10, 0x0a, - 0x03, 0x72, 0x33, 0x30, 0x18, 0x1f, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x33, 0x30, 0x12, - 0x10, 0x0a, 0x03, 0x72, 0x33, 0x31, 0x18, 0x20, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x33, - 0x31, 0x12, 0x0e, 0x0a, 0x02, 0x6c, 0x6f, 0x18, 0x21, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x6c, - 0x6f, 0x12, 0x0e, 0x0a, 0x02, 0x68, 0x69, 0x18, 0x22, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x68, - 0x69, 0x12, 0x1b, 0x0a, 0x09, 0x66, 0x70, 0x75, 0x5f, 0x66, 0x63, 0x72, 0x33, 0x31, 0x18, 0x23, - 0x20, 0x02, 0x28, 0x0d, 0x52, 0x08, 0x66, 0x70, 0x75, 0x46, 0x63, 0x72, 0x33, 0x31, 0x12, 0x15, - 0x0a, 0x06, 0x66, 0x70, 0x75, 0x5f, 0x69, 0x64, 0x18, 0x24, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, - 0x66, 0x70, 0x75, 0x49, 0x64, 0x22, 0xbf, 0x01, 0x0a, 0x10, 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, - 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x6d, 0x69, 0x70, 0x73, 0x12, 0x2b, 0x0a, 0x0e, 0x63, 0x6c, - 0x65, 0x61, 0x72, 0x5f, 0x74, 0x69, 0x64, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x18, 0x01, 0x20, 0x02, - 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x0c, 0x63, 0x6c, 0x65, 0x61, 0x72, - 0x54, 0x69, 0x64, 0x41, 0x64, 0x64, 0x72, 0x12, 0x10, 0x0a, 0x03, 0x74, 0x6c, 0x73, 0x18, 0x02, - 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x74, 0x6c, 0x73, 0x12, 0x34, 0x0a, 0x06, 0x67, 0x70, 0x72, - 0x65, 0x67, 0x73, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x75, 0x73, 0x65, 0x72, - 0x5f, 0x6d, 0x69, 0x70, 0x73, 0x5f, 0x72, 0x65, 0x67, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, - 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x06, 0x67, 0x70, 0x72, 0x65, 0x67, 0x73, 0x12, - 0x36, 0x0a, 0x06, 0x66, 0x70, 0x72, 0x65, 0x67, 0x73, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0b, 0x32, - 0x17, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x6d, 0x69, 0x70, 0x73, 0x5f, 0x66, 0x70, 0x72, 0x65, - 0x67, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, - 0x06, 0x66, 0x70, 0x72, 0x65, 0x67, 0x73, -} - -var ( - file_core_mips_proto_rawDescOnce sync.Once - file_core_mips_proto_rawDescData = file_core_mips_proto_rawDesc -) - -func file_core_mips_proto_rawDescGZIP() []byte { - file_core_mips_proto_rawDescOnce.Do(func() { - file_core_mips_proto_rawDescData = protoimpl.X.CompressGZIP(file_core_mips_proto_rawDescData) - }) - return file_core_mips_proto_rawDescData -} - -var file_core_mips_proto_msgTypes = make([]protoimpl.MessageInfo, 3) -var file_core_mips_proto_goTypes = []interface{}{ - (*UserMipsRegsEntry)(nil), // 0: user_mips_regs_entry - (*UserMipsFpregsEntry)(nil), // 1: user_mips_fpregs_entry - (*ThreadInfoMips)(nil), // 2: thread_info_mips -} -var file_core_mips_proto_depIdxs = []int32{ - 0, // 0: thread_info_mips.gpregs:type_name -> user_mips_regs_entry - 1, // 1: thread_info_mips.fpregs:type_name -> user_mips_fpregs_entry - 2, // [2:2] is the sub-list for method output_type - 2, // [2:2] is the sub-list for method input_type - 2, // [2:2] is the sub-list for extension type_name - 2, // [2:2] is the sub-list for extension extendee - 0, // [0:2] is the sub-list for field type_name -} - -func init() { file_core_mips_proto_init() } -func file_core_mips_proto_init() { - if File_core_mips_proto != nil { - return - } - file_opts_proto_init() - if !protoimpl.UnsafeEnabled { - file_core_mips_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*UserMipsRegsEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_core_mips_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*UserMipsFpregsEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_core_mips_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ThreadInfoMips); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_core_mips_proto_rawDesc, - NumEnums: 0, - NumMessages: 3, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_core_mips_proto_goTypes, - DependencyIndexes: file_core_mips_proto_depIdxs, - MessageInfos: file_core_mips_proto_msgTypes, - }.Build() - File_core_mips_proto = out.File - file_core_mips_proto_rawDesc = nil - file_core_mips_proto_goTypes = nil - file_core_mips_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-mips.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-mips.proto deleted file mode 100644 index ec06d695110..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-mips.proto +++ /dev/null @@ -1,92 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -import "opts.proto"; - -message user_mips_regs_entry { - required uint64 r0 = 1; - required uint64 r1 = 2; - required uint64 r2 = 3; - required uint64 r3 = 4; - required uint64 r4 = 5; - required uint64 r5 = 6; - required uint64 r6 = 7; - required uint64 r7 = 8; - required uint64 r8 = 9; - required uint64 r9 = 10; - required uint64 r10 = 11; - required uint64 r11 = 12; - required uint64 r12 = 13; - required uint64 r13 = 14; - required uint64 r14 = 15; - required uint64 r15 = 16; - required uint64 r16 = 17; - required uint64 r17 = 18; - required uint64 r18 = 19; - required uint64 r19 = 20; - required uint64 r20 = 21; - required uint64 r21 = 22; - required uint64 r22 = 23; - required uint64 r23 = 24; - required uint64 r24 = 25; - required uint64 r25 = 26; - required uint64 r26 = 27; - required uint64 r27 = 28; - required uint64 r28 = 29; - required uint64 r29 = 30; - required uint64 r30 = 31; - required uint64 r31 = 32; - required uint64 lo = 33; - required uint64 hi = 34; - required uint64 cp0_epc = 35; - required uint64 cp0_badvaddr = 36; - required uint64 cp0_status = 37; - required uint64 cp0_cause = 38; -} - -message user_mips_fpregs_entry { - required uint64 r0 = 1; - required uint64 r1 = 2; - required uint64 r2 = 3; - required uint64 r3 = 4; - required uint64 r4 = 5; - required uint64 r5 = 6; - required uint64 r6 = 7; - required uint64 r7 = 8; - required uint64 r8 = 9; - required uint64 r9 = 10; - required uint64 r10 = 11; - required uint64 r11 = 12; - required uint64 r12 = 13; - required uint64 r13 = 14; - required uint64 r14 = 15; - required uint64 r15 = 16; - required uint64 r16 = 17; - required uint64 r17 = 18; - required uint64 r18 = 19; - required uint64 r19 = 20; - required uint64 r20 = 21; - required uint64 r21 = 22; - required uint64 r22 = 23; - required uint64 r23 = 24; - required uint64 r24 = 25; - required uint64 r25 = 26; - required uint64 r26 = 27; - required uint64 r27 = 28; - required uint64 r28 = 29; - required uint64 r29 = 30; - required uint64 r30 = 31; - required uint64 r31 = 32; - required uint64 lo = 33; - required uint64 hi = 34; - required uint32 fpu_fcr31 = 35; - required uint32 fpu_id = 36; -} - -message thread_info_mips { - required uint64 clear_tid_addr = 1[(criu).hex = true]; - required uint64 tls = 2; - required user_mips_regs_entry gpregs = 3[(criu).hex = true]; - required user_mips_fpregs_entry fpregs = 4[(criu).hex = true]; -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-ppc64.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-ppc64.pb.go deleted file mode 100644 index b6eb9d5a56b..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-ppc64.pb.go +++ /dev/null @@ -1,695 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: core-ppc64.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type UserPpc64RegsEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Following is the list of registers starting at r0. - Gpr []uint64 `protobuf:"varint,1,rep,name=gpr" json:"gpr,omitempty"` - Nip *uint64 `protobuf:"varint,2,req,name=nip" json:"nip,omitempty"` - Msr *uint64 `protobuf:"varint,3,req,name=msr" json:"msr,omitempty"` - OrigGpr3 *uint64 `protobuf:"varint,4,req,name=orig_gpr3,json=origGpr3" json:"orig_gpr3,omitempty"` - Ctr *uint64 `protobuf:"varint,5,req,name=ctr" json:"ctr,omitempty"` - Link *uint64 `protobuf:"varint,6,req,name=link" json:"link,omitempty"` - Xer *uint64 `protobuf:"varint,7,req,name=xer" json:"xer,omitempty"` - Ccr *uint64 `protobuf:"varint,8,req,name=ccr" json:"ccr,omitempty"` - Trap *uint64 `protobuf:"varint,9,req,name=trap" json:"trap,omitempty"` - // For Transactional memory support since P8 - Texasr *uint64 `protobuf:"varint,10,opt,name=texasr" json:"texasr,omitempty"` - Tfhar *uint64 `protobuf:"varint,11,opt,name=tfhar" json:"tfhar,omitempty"` - Tfiar *uint64 `protobuf:"varint,12,opt,name=tfiar" json:"tfiar,omitempty"` -} - -func (x *UserPpc64RegsEntry) Reset() { - *x = UserPpc64RegsEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_core_ppc64_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *UserPpc64RegsEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*UserPpc64RegsEntry) ProtoMessage() {} - -func (x *UserPpc64RegsEntry) ProtoReflect() protoreflect.Message { - mi := &file_core_ppc64_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use UserPpc64RegsEntry.ProtoReflect.Descriptor instead. -func (*UserPpc64RegsEntry) Descriptor() ([]byte, []int) { - return file_core_ppc64_proto_rawDescGZIP(), []int{0} -} - -func (x *UserPpc64RegsEntry) GetGpr() []uint64 { - if x != nil { - return x.Gpr - } - return nil -} - -func (x *UserPpc64RegsEntry) GetNip() uint64 { - if x != nil && x.Nip != nil { - return *x.Nip - } - return 0 -} - -func (x *UserPpc64RegsEntry) GetMsr() uint64 { - if x != nil && x.Msr != nil { - return *x.Msr - } - return 0 -} - -func (x *UserPpc64RegsEntry) GetOrigGpr3() uint64 { - if x != nil && x.OrigGpr3 != nil { - return *x.OrigGpr3 - } - return 0 -} - -func (x *UserPpc64RegsEntry) GetCtr() uint64 { - if x != nil && x.Ctr != nil { - return *x.Ctr - } - return 0 -} - -func (x *UserPpc64RegsEntry) GetLink() uint64 { - if x != nil && x.Link != nil { - return *x.Link - } - return 0 -} - -func (x *UserPpc64RegsEntry) GetXer() uint64 { - if x != nil && x.Xer != nil { - return *x.Xer - } - return 0 -} - -func (x *UserPpc64RegsEntry) GetCcr() uint64 { - if x != nil && x.Ccr != nil { - return *x.Ccr - } - return 0 -} - -func (x *UserPpc64RegsEntry) GetTrap() uint64 { - if x != nil && x.Trap != nil { - return *x.Trap - } - return 0 -} - -func (x *UserPpc64RegsEntry) GetTexasr() uint64 { - if x != nil && x.Texasr != nil { - return *x.Texasr - } - return 0 -} - -func (x *UserPpc64RegsEntry) GetTfhar() uint64 { - if x != nil && x.Tfhar != nil { - return *x.Tfhar - } - return 0 -} - -func (x *UserPpc64RegsEntry) GetTfiar() uint64 { - if x != nil && x.Tfiar != nil { - return *x.Tfiar - } - return 0 -} - -type UserPpc64FpstateEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Following is the list of registers starting at fpr0 - Fpregs []uint64 `protobuf:"varint,1,rep,name=fpregs" json:"fpregs,omitempty"` -} - -func (x *UserPpc64FpstateEntry) Reset() { - *x = UserPpc64FpstateEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_core_ppc64_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *UserPpc64FpstateEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*UserPpc64FpstateEntry) ProtoMessage() {} - -func (x *UserPpc64FpstateEntry) ProtoReflect() protoreflect.Message { - mi := &file_core_ppc64_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use UserPpc64FpstateEntry.ProtoReflect.Descriptor instead. -func (*UserPpc64FpstateEntry) Descriptor() ([]byte, []int) { - return file_core_ppc64_proto_rawDescGZIP(), []int{1} -} - -func (x *UserPpc64FpstateEntry) GetFpregs() []uint64 { - if x != nil { - return x.Fpregs - } - return nil -} - -type UserPpc64VrstateEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Altivec registers - // The vector registers are 128bit registers (VSR[32..63]). - // The following vregs entry will store first the high part then the - // low one: - // - // VR0 = vrregs[0] << 64 | vrregs[1]; - // VR1 = vrregs[2] << 64 | vrregs[3]; - // .. - // - // The last entry stores in a 128bit field the VSCR which is a 32bit - // value returned by the kernel in a 128 field. - Vrregs []uint64 `protobuf:"varint,1,rep,name=vrregs" json:"vrregs,omitempty"` - Vrsave *uint32 `protobuf:"varint,2,req,name=vrsave" json:"vrsave,omitempty"` -} - -func (x *UserPpc64VrstateEntry) Reset() { - *x = UserPpc64VrstateEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_core_ppc64_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *UserPpc64VrstateEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*UserPpc64VrstateEntry) ProtoMessage() {} - -func (x *UserPpc64VrstateEntry) ProtoReflect() protoreflect.Message { - mi := &file_core_ppc64_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use UserPpc64VrstateEntry.ProtoReflect.Descriptor instead. -func (*UserPpc64VrstateEntry) Descriptor() ([]byte, []int) { - return file_core_ppc64_proto_rawDescGZIP(), []int{2} -} - -func (x *UserPpc64VrstateEntry) GetVrregs() []uint64 { - if x != nil { - return x.Vrregs - } - return nil -} - -func (x *UserPpc64VrstateEntry) GetVrsave() uint32 { - if x != nil && x.Vrsave != nil { - return *x.Vrsave - } - return 0 -} - -type UserPpc64VsxstateEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // VSX registers - // The vector-scale registers are 128bit registers (VSR[0..64]). - // Since there is an overlapping over the VSX registers by the FPR and - // the Altivec registers, only the lower part of the first 32 VSX - // registers have to be saved. - Vsxregs []uint64 `protobuf:"varint,1,rep,name=vsxregs" json:"vsxregs,omitempty"` -} - -func (x *UserPpc64VsxstateEntry) Reset() { - *x = UserPpc64VsxstateEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_core_ppc64_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *UserPpc64VsxstateEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*UserPpc64VsxstateEntry) ProtoMessage() {} - -func (x *UserPpc64VsxstateEntry) ProtoReflect() protoreflect.Message { - mi := &file_core_ppc64_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use UserPpc64VsxstateEntry.ProtoReflect.Descriptor instead. -func (*UserPpc64VsxstateEntry) Descriptor() ([]byte, []int) { - return file_core_ppc64_proto_rawDescGZIP(), []int{3} -} - -func (x *UserPpc64VsxstateEntry) GetVsxregs() []uint64 { - if x != nil { - return x.Vsxregs - } - return nil -} - -// Transactional memory operation's state -type UserPpc64TmRegsEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Gpregs *UserPpc64RegsEntry `protobuf:"bytes,1,req,name=gpregs" json:"gpregs,omitempty"` - Fpstate *UserPpc64FpstateEntry `protobuf:"bytes,2,opt,name=fpstate" json:"fpstate,omitempty"` - Vrstate *UserPpc64VrstateEntry `protobuf:"bytes,3,opt,name=vrstate" json:"vrstate,omitempty"` - Vsxstate *UserPpc64VsxstateEntry `protobuf:"bytes,4,opt,name=vsxstate" json:"vsxstate,omitempty"` -} - -func (x *UserPpc64TmRegsEntry) Reset() { - *x = UserPpc64TmRegsEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_core_ppc64_proto_msgTypes[4] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *UserPpc64TmRegsEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*UserPpc64TmRegsEntry) ProtoMessage() {} - -func (x *UserPpc64TmRegsEntry) ProtoReflect() protoreflect.Message { - mi := &file_core_ppc64_proto_msgTypes[4] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use UserPpc64TmRegsEntry.ProtoReflect.Descriptor instead. -func (*UserPpc64TmRegsEntry) Descriptor() ([]byte, []int) { - return file_core_ppc64_proto_rawDescGZIP(), []int{4} -} - -func (x *UserPpc64TmRegsEntry) GetGpregs() *UserPpc64RegsEntry { - if x != nil { - return x.Gpregs - } - return nil -} - -func (x *UserPpc64TmRegsEntry) GetFpstate() *UserPpc64FpstateEntry { - if x != nil { - return x.Fpstate - } - return nil -} - -func (x *UserPpc64TmRegsEntry) GetVrstate() *UserPpc64VrstateEntry { - if x != nil { - return x.Vrstate - } - return nil -} - -func (x *UserPpc64TmRegsEntry) GetVsxstate() *UserPpc64VsxstateEntry { - if x != nil { - return x.Vsxstate - } - return nil -} - -type ThreadInfoPpc64 struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - ClearTidAddr *uint64 `protobuf:"varint,1,req,name=clear_tid_addr,json=clearTidAddr" json:"clear_tid_addr,omitempty"` - Gpregs *UserPpc64RegsEntry `protobuf:"bytes,2,req,name=gpregs" json:"gpregs,omitempty"` - Fpstate *UserPpc64FpstateEntry `protobuf:"bytes,3,opt,name=fpstate" json:"fpstate,omitempty"` - Vrstate *UserPpc64VrstateEntry `protobuf:"bytes,4,opt,name=vrstate" json:"vrstate,omitempty"` - Vsxstate *UserPpc64VsxstateEntry `protobuf:"bytes,5,opt,name=vsxstate" json:"vsxstate,omitempty"` - Tmstate *UserPpc64TmRegsEntry `protobuf:"bytes,6,opt,name=tmstate" json:"tmstate,omitempty"` -} - -func (x *ThreadInfoPpc64) Reset() { - *x = ThreadInfoPpc64{} - if protoimpl.UnsafeEnabled { - mi := &file_core_ppc64_proto_msgTypes[5] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ThreadInfoPpc64) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ThreadInfoPpc64) ProtoMessage() {} - -func (x *ThreadInfoPpc64) ProtoReflect() protoreflect.Message { - mi := &file_core_ppc64_proto_msgTypes[5] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ThreadInfoPpc64.ProtoReflect.Descriptor instead. -func (*ThreadInfoPpc64) Descriptor() ([]byte, []int) { - return file_core_ppc64_proto_rawDescGZIP(), []int{5} -} - -func (x *ThreadInfoPpc64) GetClearTidAddr() uint64 { - if x != nil && x.ClearTidAddr != nil { - return *x.ClearTidAddr - } - return 0 -} - -func (x *ThreadInfoPpc64) GetGpregs() *UserPpc64RegsEntry { - if x != nil { - return x.Gpregs - } - return nil -} - -func (x *ThreadInfoPpc64) GetFpstate() *UserPpc64FpstateEntry { - if x != nil { - return x.Fpstate - } - return nil -} - -func (x *ThreadInfoPpc64) GetVrstate() *UserPpc64VrstateEntry { - if x != nil { - return x.Vrstate - } - return nil -} - -func (x *ThreadInfoPpc64) GetVsxstate() *UserPpc64VsxstateEntry { - if x != nil { - return x.Vsxstate - } - return nil -} - -func (x *ThreadInfoPpc64) GetTmstate() *UserPpc64TmRegsEntry { - if x != nil { - return x.Tmstate - } - return nil -} - -var File_core_ppc64_proto protoreflect.FileDescriptor - -var file_core_ppc64_proto_rawDesc = []byte{ - 0x0a, 0x10, 0x63, 0x6f, 0x72, 0x65, 0x2d, 0x70, 0x70, 0x63, 0x36, 0x34, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x8c, - 0x02, 0x0a, 0x15, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x70, 0x70, 0x63, 0x36, 0x34, 0x5f, 0x72, 0x65, - 0x67, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x67, 0x70, 0x72, 0x18, - 0x01, 0x20, 0x03, 0x28, 0x04, 0x52, 0x03, 0x67, 0x70, 0x72, 0x12, 0x10, 0x0a, 0x03, 0x6e, 0x69, - 0x70, 0x18, 0x02, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x6e, 0x69, 0x70, 0x12, 0x10, 0x0a, 0x03, - 0x6d, 0x73, 0x72, 0x18, 0x03, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x6d, 0x73, 0x72, 0x12, 0x1b, - 0x0a, 0x09, 0x6f, 0x72, 0x69, 0x67, 0x5f, 0x67, 0x70, 0x72, 0x33, 0x18, 0x04, 0x20, 0x02, 0x28, - 0x04, 0x52, 0x08, 0x6f, 0x72, 0x69, 0x67, 0x47, 0x70, 0x72, 0x33, 0x12, 0x10, 0x0a, 0x03, 0x63, - 0x74, 0x72, 0x18, 0x05, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x63, 0x74, 0x72, 0x12, 0x12, 0x0a, - 0x04, 0x6c, 0x69, 0x6e, 0x6b, 0x18, 0x06, 0x20, 0x02, 0x28, 0x04, 0x52, 0x04, 0x6c, 0x69, 0x6e, - 0x6b, 0x12, 0x10, 0x0a, 0x03, 0x78, 0x65, 0x72, 0x18, 0x07, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, - 0x78, 0x65, 0x72, 0x12, 0x10, 0x0a, 0x03, 0x63, 0x63, 0x72, 0x18, 0x08, 0x20, 0x02, 0x28, 0x04, - 0x52, 0x03, 0x63, 0x63, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x72, 0x61, 0x70, 0x18, 0x09, 0x20, - 0x02, 0x28, 0x04, 0x52, 0x04, 0x74, 0x72, 0x61, 0x70, 0x12, 0x16, 0x0a, 0x06, 0x74, 0x65, 0x78, - 0x61, 0x73, 0x72, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x04, 0x52, 0x06, 0x74, 0x65, 0x78, 0x61, 0x73, - 0x72, 0x12, 0x14, 0x0a, 0x05, 0x74, 0x66, 0x68, 0x61, 0x72, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x04, - 0x52, 0x05, 0x74, 0x66, 0x68, 0x61, 0x72, 0x12, 0x14, 0x0a, 0x05, 0x74, 0x66, 0x69, 0x61, 0x72, - 0x18, 0x0c, 0x20, 0x01, 0x28, 0x04, 0x52, 0x05, 0x74, 0x66, 0x69, 0x61, 0x72, 0x22, 0x32, 0x0a, - 0x18, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x70, 0x70, 0x63, 0x36, 0x34, 0x5f, 0x66, 0x70, 0x73, 0x74, - 0x61, 0x74, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x16, 0x0a, 0x06, 0x66, 0x70, 0x72, - 0x65, 0x67, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x04, 0x52, 0x06, 0x66, 0x70, 0x72, 0x65, 0x67, - 0x73, 0x22, 0x4a, 0x0a, 0x18, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x70, 0x70, 0x63, 0x36, 0x34, 0x5f, - 0x76, 0x72, 0x73, 0x74, 0x61, 0x74, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x16, 0x0a, - 0x06, 0x76, 0x72, 0x72, 0x65, 0x67, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x04, 0x52, 0x06, 0x76, - 0x72, 0x72, 0x65, 0x67, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x76, 0x72, 0x73, 0x61, 0x76, 0x65, 0x18, - 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x06, 0x76, 0x72, 0x73, 0x61, 0x76, 0x65, 0x22, 0x35, 0x0a, - 0x19, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x70, 0x70, 0x63, 0x36, 0x34, 0x5f, 0x76, 0x73, 0x78, 0x73, - 0x74, 0x61, 0x74, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x18, 0x0a, 0x07, 0x76, 0x73, - 0x78, 0x72, 0x65, 0x67, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x04, 0x52, 0x07, 0x76, 0x73, 0x78, - 0x72, 0x65, 0x67, 0x73, 0x22, 0xec, 0x01, 0x0a, 0x18, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x70, 0x70, - 0x63, 0x36, 0x34, 0x5f, 0x74, 0x6d, 0x5f, 0x72, 0x65, 0x67, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, - 0x79, 0x12, 0x2e, 0x0a, 0x06, 0x67, 0x70, 0x72, 0x65, 0x67, 0x73, 0x18, 0x01, 0x20, 0x02, 0x28, - 0x0b, 0x32, 0x16, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x70, 0x70, 0x63, 0x36, 0x34, 0x5f, 0x72, - 0x65, 0x67, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x06, 0x67, 0x70, 0x72, 0x65, 0x67, - 0x73, 0x12, 0x33, 0x0a, 0x07, 0x66, 0x70, 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x70, 0x70, 0x63, 0x36, 0x34, 0x5f, - 0x66, 0x70, 0x73, 0x74, 0x61, 0x74, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x66, - 0x70, 0x73, 0x74, 0x61, 0x74, 0x65, 0x12, 0x33, 0x0a, 0x07, 0x76, 0x72, 0x73, 0x74, 0x61, 0x74, - 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x70, - 0x70, 0x63, 0x36, 0x34, 0x5f, 0x76, 0x72, 0x73, 0x74, 0x61, 0x74, 0x65, 0x5f, 0x65, 0x6e, 0x74, - 0x72, 0x79, 0x52, 0x07, 0x76, 0x72, 0x73, 0x74, 0x61, 0x74, 0x65, 0x12, 0x36, 0x0a, 0x08, 0x76, - 0x73, 0x78, 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, - 0x75, 0x73, 0x65, 0x72, 0x5f, 0x70, 0x70, 0x63, 0x36, 0x34, 0x5f, 0x76, 0x73, 0x78, 0x73, 0x74, - 0x61, 0x74, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x08, 0x76, 0x73, 0x78, 0x73, 0x74, - 0x61, 0x74, 0x65, 0x22, 0xce, 0x02, 0x0a, 0x11, 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x69, - 0x6e, 0x66, 0x6f, 0x5f, 0x70, 0x70, 0x63, 0x36, 0x34, 0x12, 0x2b, 0x0a, 0x0e, 0x63, 0x6c, 0x65, - 0x61, 0x72, 0x5f, 0x74, 0x69, 0x64, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x18, 0x01, 0x20, 0x02, 0x28, - 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x0c, 0x63, 0x6c, 0x65, 0x61, 0x72, 0x54, - 0x69, 0x64, 0x41, 0x64, 0x64, 0x72, 0x12, 0x35, 0x0a, 0x06, 0x67, 0x70, 0x72, 0x65, 0x67, 0x73, - 0x18, 0x02, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x70, 0x70, - 0x63, 0x36, 0x34, 0x5f, 0x72, 0x65, 0x67, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x42, 0x05, - 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x06, 0x67, 0x70, 0x72, 0x65, 0x67, 0x73, 0x12, 0x33, 0x0a, - 0x07, 0x66, 0x70, 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, - 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x70, 0x70, 0x63, 0x36, 0x34, 0x5f, 0x66, 0x70, 0x73, 0x74, - 0x61, 0x74, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x66, 0x70, 0x73, 0x74, 0x61, - 0x74, 0x65, 0x12, 0x33, 0x0a, 0x07, 0x76, 0x72, 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x04, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x70, 0x70, 0x63, 0x36, 0x34, - 0x5f, 0x76, 0x72, 0x73, 0x74, 0x61, 0x74, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, - 0x76, 0x72, 0x73, 0x74, 0x61, 0x74, 0x65, 0x12, 0x36, 0x0a, 0x08, 0x76, 0x73, 0x78, 0x73, 0x74, - 0x61, 0x74, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x75, 0x73, 0x65, 0x72, - 0x5f, 0x70, 0x70, 0x63, 0x36, 0x34, 0x5f, 0x76, 0x73, 0x78, 0x73, 0x74, 0x61, 0x74, 0x65, 0x5f, - 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x08, 0x76, 0x73, 0x78, 0x73, 0x74, 0x61, 0x74, 0x65, 0x12, - 0x33, 0x0a, 0x07, 0x74, 0x6d, 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x19, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x70, 0x70, 0x63, 0x36, 0x34, 0x5f, 0x74, 0x6d, - 0x5f, 0x72, 0x65, 0x67, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x74, 0x6d, 0x73, - 0x74, 0x61, 0x74, 0x65, -} - -var ( - file_core_ppc64_proto_rawDescOnce sync.Once - file_core_ppc64_proto_rawDescData = file_core_ppc64_proto_rawDesc -) - -func file_core_ppc64_proto_rawDescGZIP() []byte { - file_core_ppc64_proto_rawDescOnce.Do(func() { - file_core_ppc64_proto_rawDescData = protoimpl.X.CompressGZIP(file_core_ppc64_proto_rawDescData) - }) - return file_core_ppc64_proto_rawDescData -} - -var file_core_ppc64_proto_msgTypes = make([]protoimpl.MessageInfo, 6) -var file_core_ppc64_proto_goTypes = []interface{}{ - (*UserPpc64RegsEntry)(nil), // 0: user_ppc64_regs_entry - (*UserPpc64FpstateEntry)(nil), // 1: user_ppc64_fpstate_entry - (*UserPpc64VrstateEntry)(nil), // 2: user_ppc64_vrstate_entry - (*UserPpc64VsxstateEntry)(nil), // 3: user_ppc64_vsxstate_entry - (*UserPpc64TmRegsEntry)(nil), // 4: user_ppc64_tm_regs_entry - (*ThreadInfoPpc64)(nil), // 5: thread_info_ppc64 -} -var file_core_ppc64_proto_depIdxs = []int32{ - 0, // 0: user_ppc64_tm_regs_entry.gpregs:type_name -> user_ppc64_regs_entry - 1, // 1: user_ppc64_tm_regs_entry.fpstate:type_name -> user_ppc64_fpstate_entry - 2, // 2: user_ppc64_tm_regs_entry.vrstate:type_name -> user_ppc64_vrstate_entry - 3, // 3: user_ppc64_tm_regs_entry.vsxstate:type_name -> user_ppc64_vsxstate_entry - 0, // 4: thread_info_ppc64.gpregs:type_name -> user_ppc64_regs_entry - 1, // 5: thread_info_ppc64.fpstate:type_name -> user_ppc64_fpstate_entry - 2, // 6: thread_info_ppc64.vrstate:type_name -> user_ppc64_vrstate_entry - 3, // 7: thread_info_ppc64.vsxstate:type_name -> user_ppc64_vsxstate_entry - 4, // 8: thread_info_ppc64.tmstate:type_name -> user_ppc64_tm_regs_entry - 9, // [9:9] is the sub-list for method output_type - 9, // [9:9] is the sub-list for method input_type - 9, // [9:9] is the sub-list for extension type_name - 9, // [9:9] is the sub-list for extension extendee - 0, // [0:9] is the sub-list for field type_name -} - -func init() { file_core_ppc64_proto_init() } -func file_core_ppc64_proto_init() { - if File_core_ppc64_proto != nil { - return - } - file_opts_proto_init() - if !protoimpl.UnsafeEnabled { - file_core_ppc64_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*UserPpc64RegsEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_core_ppc64_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*UserPpc64FpstateEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_core_ppc64_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*UserPpc64VrstateEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_core_ppc64_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*UserPpc64VsxstateEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_core_ppc64_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*UserPpc64TmRegsEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_core_ppc64_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ThreadInfoPpc64); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_core_ppc64_proto_rawDesc, - NumEnums: 0, - NumMessages: 6, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_core_ppc64_proto_goTypes, - DependencyIndexes: file_core_ppc64_proto_depIdxs, - MessageInfos: file_core_ppc64_proto_msgTypes, - }.Build() - File_core_ppc64_proto = out.File - file_core_ppc64_proto_rawDesc = nil - file_core_ppc64_proto_goTypes = nil - file_core_ppc64_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-ppc64.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-ppc64.proto deleted file mode 100644 index bb07e09e086..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-ppc64.proto +++ /dev/null @@ -1,73 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -import "opts.proto"; - -message user_ppc64_regs_entry { - /* Following is the list of registers starting at r0. */ - repeated uint64 gpr = 1; - required uint64 nip = 2; - required uint64 msr = 3; - required uint64 orig_gpr3 = 4; - required uint64 ctr = 5; - required uint64 link = 6; - required uint64 xer = 7; - required uint64 ccr = 8; - required uint64 trap = 9; - /* For Transactional memory support since P8 */ - optional uint64 texasr = 10; - optional uint64 tfhar = 11; - optional uint64 tfiar = 12; -} - -message user_ppc64_fpstate_entry { - /* Following is the list of registers starting at fpr0 */ - repeated uint64 fpregs = 1; -} - -message user_ppc64_vrstate_entry { - /* - * Altivec registers - * The vector registers are 128bit registers (VSR[32..63]). - * The following vregs entry will store first the high part then the - * low one: - * VR0 = vrregs[0] << 64 | vrregs[1]; - * VR1 = vrregs[2] << 64 | vrregs[3]; - * .. - * The last entry stores in a 128bit field the VSCR which is a 32bit - * value returned by the kernel in a 128 field. - */ - repeated uint64 vrregs = 1; - required uint32 vrsave = 2; -} - -message user_ppc64_vsxstate_entry { - /* - * VSX registers - * The vector-scale registers are 128bit registers (VSR[0..64]). - * Since there is an overlapping over the VSX registers by the FPR and - * the Altivec registers, only the lower part of the first 32 VSX - * registers have to be saved. - */ - repeated uint64 vsxregs = 1; -} - -/* - * Transactional memory operation's state - */ -message user_ppc64_tm_regs_entry { - required user_ppc64_regs_entry gpregs = 1; - optional user_ppc64_fpstate_entry fpstate = 2; - optional user_ppc64_vrstate_entry vrstate = 3; - optional user_ppc64_vsxstate_entry vsxstate = 4; -} - -message thread_info_ppc64 { - required uint64 clear_tid_addr = 1[(criu).hex = true]; - required user_ppc64_regs_entry gpregs = 2[(criu).hex = true]; - optional user_ppc64_fpstate_entry fpstate = 3; - optional user_ppc64_vrstate_entry vrstate = 4; - optional user_ppc64_vsxstate_entry vsxstate = 5; - optional user_ppc64_tm_regs_entry tmstate = 6; -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-s390.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-s390.pb.go deleted file mode 100644 index 67b0eda0bf9..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-s390.pb.go +++ /dev/null @@ -1,681 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: core-s390.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type UserS390RegsEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - PswMask *uint64 `protobuf:"varint,1,req,name=psw_mask,json=pswMask" json:"psw_mask,omitempty"` - PswAddr *uint64 `protobuf:"varint,2,req,name=psw_addr,json=pswAddr" json:"psw_addr,omitempty"` - Gprs []uint64 `protobuf:"varint,3,rep,name=gprs" json:"gprs,omitempty"` - Acrs []uint32 `protobuf:"varint,4,rep,name=acrs" json:"acrs,omitempty"` - OrigGpr2 *uint64 `protobuf:"varint,5,req,name=orig_gpr2,json=origGpr2" json:"orig_gpr2,omitempty"` - SystemCall *uint32 `protobuf:"varint,6,req,name=system_call,json=systemCall" json:"system_call,omitempty"` -} - -func (x *UserS390RegsEntry) Reset() { - *x = UserS390RegsEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_core_s390_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *UserS390RegsEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*UserS390RegsEntry) ProtoMessage() {} - -func (x *UserS390RegsEntry) ProtoReflect() protoreflect.Message { - mi := &file_core_s390_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use UserS390RegsEntry.ProtoReflect.Descriptor instead. -func (*UserS390RegsEntry) Descriptor() ([]byte, []int) { - return file_core_s390_proto_rawDescGZIP(), []int{0} -} - -func (x *UserS390RegsEntry) GetPswMask() uint64 { - if x != nil && x.PswMask != nil { - return *x.PswMask - } - return 0 -} - -func (x *UserS390RegsEntry) GetPswAddr() uint64 { - if x != nil && x.PswAddr != nil { - return *x.PswAddr - } - return 0 -} - -func (x *UserS390RegsEntry) GetGprs() []uint64 { - if x != nil { - return x.Gprs - } - return nil -} - -func (x *UserS390RegsEntry) GetAcrs() []uint32 { - if x != nil { - return x.Acrs - } - return nil -} - -func (x *UserS390RegsEntry) GetOrigGpr2() uint64 { - if x != nil && x.OrigGpr2 != nil { - return *x.OrigGpr2 - } - return 0 -} - -func (x *UserS390RegsEntry) GetSystemCall() uint32 { - if x != nil && x.SystemCall != nil { - return *x.SystemCall - } - return 0 -} - -type UserS390VxrsLowEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Regs []uint64 `protobuf:"varint,1,rep,name=regs" json:"regs,omitempty"` -} - -func (x *UserS390VxrsLowEntry) Reset() { - *x = UserS390VxrsLowEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_core_s390_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *UserS390VxrsLowEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*UserS390VxrsLowEntry) ProtoMessage() {} - -func (x *UserS390VxrsLowEntry) ProtoReflect() protoreflect.Message { - mi := &file_core_s390_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use UserS390VxrsLowEntry.ProtoReflect.Descriptor instead. -func (*UserS390VxrsLowEntry) Descriptor() ([]byte, []int) { - return file_core_s390_proto_rawDescGZIP(), []int{1} -} - -func (x *UserS390VxrsLowEntry) GetRegs() []uint64 { - if x != nil { - return x.Regs - } - return nil -} - -// The vxrs_high registers have 128 bit: -// -// vxrs_high_0 = regs[0] << 64 | regs[1]; -// vxrs_high_1 = regs[2] << 64 | regs[3]; -type UserS390VxrsHighEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Regs []uint64 `protobuf:"varint,1,rep,name=regs" json:"regs,omitempty"` -} - -func (x *UserS390VxrsHighEntry) Reset() { - *x = UserS390VxrsHighEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_core_s390_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *UserS390VxrsHighEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*UserS390VxrsHighEntry) ProtoMessage() {} - -func (x *UserS390VxrsHighEntry) ProtoReflect() protoreflect.Message { - mi := &file_core_s390_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use UserS390VxrsHighEntry.ProtoReflect.Descriptor instead. -func (*UserS390VxrsHighEntry) Descriptor() ([]byte, []int) { - return file_core_s390_proto_rawDescGZIP(), []int{2} -} - -func (x *UserS390VxrsHighEntry) GetRegs() []uint64 { - if x != nil { - return x.Regs - } - return nil -} - -type UserS390FpregsEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Fpc *uint32 `protobuf:"varint,1,req,name=fpc" json:"fpc,omitempty"` - Fprs []uint64 `protobuf:"varint,2,rep,name=fprs" json:"fprs,omitempty"` -} - -func (x *UserS390FpregsEntry) Reset() { - *x = UserS390FpregsEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_core_s390_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *UserS390FpregsEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*UserS390FpregsEntry) ProtoMessage() {} - -func (x *UserS390FpregsEntry) ProtoReflect() protoreflect.Message { - mi := &file_core_s390_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use UserS390FpregsEntry.ProtoReflect.Descriptor instead. -func (*UserS390FpregsEntry) Descriptor() ([]byte, []int) { - return file_core_s390_proto_rawDescGZIP(), []int{3} -} - -func (x *UserS390FpregsEntry) GetFpc() uint32 { - if x != nil && x.Fpc != nil { - return *x.Fpc - } - return 0 -} - -func (x *UserS390FpregsEntry) GetFprs() []uint64 { - if x != nil { - return x.Fprs - } - return nil -} - -type UserS390GsCbEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Regs []uint64 `protobuf:"varint,1,rep,name=regs" json:"regs,omitempty"` -} - -func (x *UserS390GsCbEntry) Reset() { - *x = UserS390GsCbEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_core_s390_proto_msgTypes[4] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *UserS390GsCbEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*UserS390GsCbEntry) ProtoMessage() {} - -func (x *UserS390GsCbEntry) ProtoReflect() protoreflect.Message { - mi := &file_core_s390_proto_msgTypes[4] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use UserS390GsCbEntry.ProtoReflect.Descriptor instead. -func (*UserS390GsCbEntry) Descriptor() ([]byte, []int) { - return file_core_s390_proto_rawDescGZIP(), []int{4} -} - -func (x *UserS390GsCbEntry) GetRegs() []uint64 { - if x != nil { - return x.Regs - } - return nil -} - -type UserS390RiEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - RiOn *uint32 `protobuf:"varint,1,req,name=ri_on,json=riOn" json:"ri_on,omitempty"` - Regs []uint64 `protobuf:"varint,2,rep,name=regs" json:"regs,omitempty"` -} - -func (x *UserS390RiEntry) Reset() { - *x = UserS390RiEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_core_s390_proto_msgTypes[5] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *UserS390RiEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*UserS390RiEntry) ProtoMessage() {} - -func (x *UserS390RiEntry) ProtoReflect() protoreflect.Message { - mi := &file_core_s390_proto_msgTypes[5] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use UserS390RiEntry.ProtoReflect.Descriptor instead. -func (*UserS390RiEntry) Descriptor() ([]byte, []int) { - return file_core_s390_proto_rawDescGZIP(), []int{5} -} - -func (x *UserS390RiEntry) GetRiOn() uint32 { - if x != nil && x.RiOn != nil { - return *x.RiOn - } - return 0 -} - -func (x *UserS390RiEntry) GetRegs() []uint64 { - if x != nil { - return x.Regs - } - return nil -} - -type ThreadInfoS390 struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - ClearTidAddr *uint64 `protobuf:"varint,1,req,name=clear_tid_addr,json=clearTidAddr" json:"clear_tid_addr,omitempty"` - Gpregs *UserS390RegsEntry `protobuf:"bytes,2,req,name=gpregs" json:"gpregs,omitempty"` - Fpregs *UserS390FpregsEntry `protobuf:"bytes,3,req,name=fpregs" json:"fpregs,omitempty"` - VxrsLow *UserS390VxrsLowEntry `protobuf:"bytes,4,opt,name=vxrs_low,json=vxrsLow" json:"vxrs_low,omitempty"` - VxrsHigh *UserS390VxrsHighEntry `protobuf:"bytes,5,opt,name=vxrs_high,json=vxrsHigh" json:"vxrs_high,omitempty"` - GsCb *UserS390GsCbEntry `protobuf:"bytes,6,opt,name=gs_cb,json=gsCb" json:"gs_cb,omitempty"` - GsBc *UserS390GsCbEntry `protobuf:"bytes,7,opt,name=gs_bc,json=gsBc" json:"gs_bc,omitempty"` - RiCb *UserS390RiEntry `protobuf:"bytes,8,opt,name=ri_cb,json=riCb" json:"ri_cb,omitempty"` -} - -func (x *ThreadInfoS390) Reset() { - *x = ThreadInfoS390{} - if protoimpl.UnsafeEnabled { - mi := &file_core_s390_proto_msgTypes[6] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ThreadInfoS390) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ThreadInfoS390) ProtoMessage() {} - -func (x *ThreadInfoS390) ProtoReflect() protoreflect.Message { - mi := &file_core_s390_proto_msgTypes[6] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ThreadInfoS390.ProtoReflect.Descriptor instead. -func (*ThreadInfoS390) Descriptor() ([]byte, []int) { - return file_core_s390_proto_rawDescGZIP(), []int{6} -} - -func (x *ThreadInfoS390) GetClearTidAddr() uint64 { - if x != nil && x.ClearTidAddr != nil { - return *x.ClearTidAddr - } - return 0 -} - -func (x *ThreadInfoS390) GetGpregs() *UserS390RegsEntry { - if x != nil { - return x.Gpregs - } - return nil -} - -func (x *ThreadInfoS390) GetFpregs() *UserS390FpregsEntry { - if x != nil { - return x.Fpregs - } - return nil -} - -func (x *ThreadInfoS390) GetVxrsLow() *UserS390VxrsLowEntry { - if x != nil { - return x.VxrsLow - } - return nil -} - -func (x *ThreadInfoS390) GetVxrsHigh() *UserS390VxrsHighEntry { - if x != nil { - return x.VxrsHigh - } - return nil -} - -func (x *ThreadInfoS390) GetGsCb() *UserS390GsCbEntry { - if x != nil { - return x.GsCb - } - return nil -} - -func (x *ThreadInfoS390) GetGsBc() *UserS390GsCbEntry { - if x != nil { - return x.GsBc - } - return nil -} - -func (x *ThreadInfoS390) GetRiCb() *UserS390RiEntry { - if x != nil { - return x.RiCb - } - return nil -} - -var File_core_s390_proto protoreflect.FileDescriptor - -var file_core_s390_proto_rawDesc = []byte{ - 0x0a, 0x0f, 0x63, 0x6f, 0x72, 0x65, 0x2d, 0x73, 0x33, 0x39, 0x30, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xb2, 0x01, - 0x0a, 0x14, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x73, 0x33, 0x39, 0x30, 0x5f, 0x72, 0x65, 0x67, 0x73, - 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x19, 0x0a, 0x08, 0x70, 0x73, 0x77, 0x5f, 0x6d, 0x61, - 0x73, 0x6b, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x52, 0x07, 0x70, 0x73, 0x77, 0x4d, 0x61, 0x73, - 0x6b, 0x12, 0x19, 0x0a, 0x08, 0x70, 0x73, 0x77, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x18, 0x02, 0x20, - 0x02, 0x28, 0x04, 0x52, 0x07, 0x70, 0x73, 0x77, 0x41, 0x64, 0x64, 0x72, 0x12, 0x12, 0x0a, 0x04, - 0x67, 0x70, 0x72, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x04, 0x52, 0x04, 0x67, 0x70, 0x72, 0x73, - 0x12, 0x12, 0x0a, 0x04, 0x61, 0x63, 0x72, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0d, 0x52, 0x04, - 0x61, 0x63, 0x72, 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x6f, 0x72, 0x69, 0x67, 0x5f, 0x67, 0x70, 0x72, - 0x32, 0x18, 0x05, 0x20, 0x02, 0x28, 0x04, 0x52, 0x08, 0x6f, 0x72, 0x69, 0x67, 0x47, 0x70, 0x72, - 0x32, 0x12, 0x1f, 0x0a, 0x0b, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x5f, 0x63, 0x61, 0x6c, 0x6c, - 0x18, 0x06, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x0a, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x43, 0x61, - 0x6c, 0x6c, 0x22, 0x2e, 0x0a, 0x18, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x73, 0x33, 0x39, 0x30, 0x5f, - 0x76, 0x78, 0x72, 0x73, 0x5f, 0x6c, 0x6f, 0x77, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x12, - 0x0a, 0x04, 0x72, 0x65, 0x67, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x04, 0x52, 0x04, 0x72, 0x65, - 0x67, 0x73, 0x22, 0x2f, 0x0a, 0x19, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x73, 0x33, 0x39, 0x30, 0x5f, - 0x76, 0x78, 0x72, 0x73, 0x5f, 0x68, 0x69, 0x67, 0x68, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, - 0x12, 0x0a, 0x04, 0x72, 0x65, 0x67, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x04, 0x52, 0x04, 0x72, - 0x65, 0x67, 0x73, 0x22, 0x3e, 0x0a, 0x16, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x73, 0x33, 0x39, 0x30, - 0x5f, 0x66, 0x70, 0x72, 0x65, 0x67, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, - 0x03, 0x66, 0x70, 0x63, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, 0x66, 0x70, 0x63, 0x12, - 0x12, 0x0a, 0x04, 0x66, 0x70, 0x72, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x04, 0x52, 0x04, 0x66, - 0x70, 0x72, 0x73, 0x22, 0x2b, 0x0a, 0x15, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x73, 0x33, 0x39, 0x30, - 0x5f, 0x67, 0x73, 0x5f, 0x63, 0x62, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x12, 0x0a, 0x04, - 0x72, 0x65, 0x67, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x04, 0x52, 0x04, 0x72, 0x65, 0x67, 0x73, - 0x22, 0x3d, 0x0a, 0x12, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x73, 0x33, 0x39, 0x30, 0x5f, 0x72, 0x69, - 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x13, 0x0a, 0x05, 0x72, 0x69, 0x5f, 0x6f, 0x6e, 0x18, - 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x72, 0x69, 0x4f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x72, - 0x65, 0x67, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x04, 0x52, 0x04, 0x72, 0x65, 0x67, 0x73, 0x22, - 0xc3, 0x03, 0x0a, 0x10, 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x5f, - 0x73, 0x33, 0x39, 0x30, 0x12, 0x2b, 0x0a, 0x0e, 0x63, 0x6c, 0x65, 0x61, 0x72, 0x5f, 0x74, 0x69, - 0x64, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, - 0x02, 0x08, 0x01, 0x52, 0x0c, 0x63, 0x6c, 0x65, 0x61, 0x72, 0x54, 0x69, 0x64, 0x41, 0x64, 0x64, - 0x72, 0x12, 0x34, 0x0a, 0x06, 0x67, 0x70, 0x72, 0x65, 0x67, 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, - 0x0b, 0x32, 0x15, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x73, 0x33, 0x39, 0x30, 0x5f, 0x72, 0x65, - 0x67, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, - 0x06, 0x67, 0x70, 0x72, 0x65, 0x67, 0x73, 0x12, 0x36, 0x0a, 0x06, 0x66, 0x70, 0x72, 0x65, 0x67, - 0x73, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x73, - 0x33, 0x39, 0x30, 0x5f, 0x66, 0x70, 0x72, 0x65, 0x67, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, - 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x06, 0x66, 0x70, 0x72, 0x65, 0x67, 0x73, 0x12, - 0x3b, 0x0a, 0x08, 0x76, 0x78, 0x72, 0x73, 0x5f, 0x6c, 0x6f, 0x77, 0x18, 0x04, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x19, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x73, 0x33, 0x39, 0x30, 0x5f, 0x76, 0x78, - 0x72, 0x73, 0x5f, 0x6c, 0x6f, 0x77, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x42, 0x05, 0xd2, 0x3f, - 0x02, 0x08, 0x01, 0x52, 0x07, 0x76, 0x78, 0x72, 0x73, 0x4c, 0x6f, 0x77, 0x12, 0x3e, 0x0a, 0x09, - 0x76, 0x78, 0x72, 0x73, 0x5f, 0x68, 0x69, 0x67, 0x68, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x1a, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x73, 0x33, 0x39, 0x30, 0x5f, 0x76, 0x78, 0x72, 0x73, - 0x5f, 0x68, 0x69, 0x67, 0x68, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x42, 0x05, 0xd2, 0x3f, 0x02, - 0x08, 0x01, 0x52, 0x08, 0x76, 0x78, 0x72, 0x73, 0x48, 0x69, 0x67, 0x68, 0x12, 0x32, 0x0a, 0x05, - 0x67, 0x73, 0x5f, 0x63, 0x62, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x75, 0x73, - 0x65, 0x72, 0x5f, 0x73, 0x33, 0x39, 0x30, 0x5f, 0x67, 0x73, 0x5f, 0x63, 0x62, 0x5f, 0x65, 0x6e, - 0x74, 0x72, 0x79, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x04, 0x67, 0x73, 0x43, 0x62, - 0x12, 0x32, 0x0a, 0x05, 0x67, 0x73, 0x5f, 0x62, 0x63, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x16, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x73, 0x33, 0x39, 0x30, 0x5f, 0x67, 0x73, 0x5f, 0x63, - 0x62, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x04, - 0x67, 0x73, 0x42, 0x63, 0x12, 0x2f, 0x0a, 0x05, 0x72, 0x69, 0x5f, 0x63, 0x62, 0x18, 0x08, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x73, 0x33, 0x39, 0x30, 0x5f, - 0x72, 0x69, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, - 0x04, 0x72, 0x69, 0x43, 0x62, -} - -var ( - file_core_s390_proto_rawDescOnce sync.Once - file_core_s390_proto_rawDescData = file_core_s390_proto_rawDesc -) - -func file_core_s390_proto_rawDescGZIP() []byte { - file_core_s390_proto_rawDescOnce.Do(func() { - file_core_s390_proto_rawDescData = protoimpl.X.CompressGZIP(file_core_s390_proto_rawDescData) - }) - return file_core_s390_proto_rawDescData -} - -var file_core_s390_proto_msgTypes = make([]protoimpl.MessageInfo, 7) -var file_core_s390_proto_goTypes = []interface{}{ - (*UserS390RegsEntry)(nil), // 0: user_s390_regs_entry - (*UserS390VxrsLowEntry)(nil), // 1: user_s390_vxrs_low_entry - (*UserS390VxrsHighEntry)(nil), // 2: user_s390_vxrs_high_entry - (*UserS390FpregsEntry)(nil), // 3: user_s390_fpregs_entry - (*UserS390GsCbEntry)(nil), // 4: user_s390_gs_cb_entry - (*UserS390RiEntry)(nil), // 5: user_s390_ri_entry - (*ThreadInfoS390)(nil), // 6: thread_info_s390 -} -var file_core_s390_proto_depIdxs = []int32{ - 0, // 0: thread_info_s390.gpregs:type_name -> user_s390_regs_entry - 3, // 1: thread_info_s390.fpregs:type_name -> user_s390_fpregs_entry - 1, // 2: thread_info_s390.vxrs_low:type_name -> user_s390_vxrs_low_entry - 2, // 3: thread_info_s390.vxrs_high:type_name -> user_s390_vxrs_high_entry - 4, // 4: thread_info_s390.gs_cb:type_name -> user_s390_gs_cb_entry - 4, // 5: thread_info_s390.gs_bc:type_name -> user_s390_gs_cb_entry - 5, // 6: thread_info_s390.ri_cb:type_name -> user_s390_ri_entry - 7, // [7:7] is the sub-list for method output_type - 7, // [7:7] is the sub-list for method input_type - 7, // [7:7] is the sub-list for extension type_name - 7, // [7:7] is the sub-list for extension extendee - 0, // [0:7] is the sub-list for field type_name -} - -func init() { file_core_s390_proto_init() } -func file_core_s390_proto_init() { - if File_core_s390_proto != nil { - return - } - file_opts_proto_init() - if !protoimpl.UnsafeEnabled { - file_core_s390_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*UserS390RegsEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_core_s390_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*UserS390VxrsLowEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_core_s390_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*UserS390VxrsHighEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_core_s390_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*UserS390FpregsEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_core_s390_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*UserS390GsCbEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_core_s390_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*UserS390RiEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_core_s390_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ThreadInfoS390); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_core_s390_proto_rawDesc, - NumEnums: 0, - NumMessages: 7, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_core_s390_proto_goTypes, - DependencyIndexes: file_core_s390_proto_depIdxs, - MessageInfos: file_core_s390_proto_msgTypes, - }.Build() - File_core_s390_proto = out.File - file_core_s390_proto_rawDesc = nil - file_core_s390_proto_goTypes = nil - file_core_s390_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-s390.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-s390.proto deleted file mode 100644 index 44130f2060a..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-s390.proto +++ /dev/null @@ -1,53 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -import "opts.proto"; - -message user_s390_regs_entry { - required uint64 psw_mask = 1; - required uint64 psw_addr = 2; - repeated uint64 gprs = 3; - repeated uint32 acrs = 4; - required uint64 orig_gpr2 = 5; - required uint32 system_call = 6; -} - -message user_s390_vxrs_low_entry { - repeated uint64 regs = 1; -} - -/* - * The vxrs_high registers have 128 bit: - * - * vxrs_high_0 = regs[0] << 64 | regs[1]; - * vxrs_high_1 = regs[2] << 64 | regs[3]; - */ -message user_s390_vxrs_high_entry { - repeated uint64 regs = 1; -} - -message user_s390_fpregs_entry { - required uint32 fpc = 1; - repeated uint64 fprs = 2; -} - -message user_s390_gs_cb_entry { - repeated uint64 regs = 1; -} - -message user_s390_ri_entry { - required uint32 ri_on = 1; - repeated uint64 regs = 2; -} - -message thread_info_s390 { - required uint64 clear_tid_addr = 1[(criu).hex = true]; - required user_s390_regs_entry gpregs = 2[(criu).hex = true]; - required user_s390_fpregs_entry fpregs = 3[(criu).hex = true]; - optional user_s390_vxrs_low_entry vxrs_low = 4[(criu).hex = true]; - optional user_s390_vxrs_high_entry vxrs_high = 5[(criu).hex = true]; - optional user_s390_gs_cb_entry gs_cb = 6[(criu).hex = true]; - optional user_s390_gs_cb_entry gs_bc = 7[(criu).hex = true]; - optional user_s390_ri_entry ri_cb = 8[(criu).hex = true]; -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-x86.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-x86.pb.go deleted file mode 100644 index be6be9e225c..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-x86.pb.go +++ /dev/null @@ -1,1029 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: core-x86.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type UserX86RegsMode int32 - -const ( - UserX86RegsMode_NATIVE UserX86RegsMode = 1 - UserX86RegsMode_COMPAT UserX86RegsMode = 2 -) - -// Enum value maps for UserX86RegsMode. -var ( - UserX86RegsMode_name = map[int32]string{ - 1: "NATIVE", - 2: "COMPAT", - } - UserX86RegsMode_value = map[string]int32{ - "NATIVE": 1, - "COMPAT": 2, - } -) - -func (x UserX86RegsMode) Enum() *UserX86RegsMode { - p := new(UserX86RegsMode) - *p = x - return p -} - -func (x UserX86RegsMode) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (UserX86RegsMode) Descriptor() protoreflect.EnumDescriptor { - return file_core_x86_proto_enumTypes[0].Descriptor() -} - -func (UserX86RegsMode) Type() protoreflect.EnumType { - return &file_core_x86_proto_enumTypes[0] -} - -func (x UserX86RegsMode) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Do not use. -func (x *UserX86RegsMode) UnmarshalJSON(b []byte) error { - num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b) - if err != nil { - return err - } - *x = UserX86RegsMode(num) - return nil -} - -// Deprecated: Use UserX86RegsMode.Descriptor instead. -func (UserX86RegsMode) EnumDescriptor() ([]byte, []int) { - return file_core_x86_proto_rawDescGZIP(), []int{0} -} - -// Reusing entry for both 64 and 32 bits register sets -type UserX86RegsEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - R15 *uint64 `protobuf:"varint,1,req,name=r15" json:"r15,omitempty"` - R14 *uint64 `protobuf:"varint,2,req,name=r14" json:"r14,omitempty"` - R13 *uint64 `protobuf:"varint,3,req,name=r13" json:"r13,omitempty"` - R12 *uint64 `protobuf:"varint,4,req,name=r12" json:"r12,omitempty"` - Bp *uint64 `protobuf:"varint,5,req,name=bp" json:"bp,omitempty"` - Bx *uint64 `protobuf:"varint,6,req,name=bx" json:"bx,omitempty"` - R11 *uint64 `protobuf:"varint,7,req,name=r11" json:"r11,omitempty"` - R10 *uint64 `protobuf:"varint,8,req,name=r10" json:"r10,omitempty"` - R9 *uint64 `protobuf:"varint,9,req,name=r9" json:"r9,omitempty"` - R8 *uint64 `protobuf:"varint,10,req,name=r8" json:"r8,omitempty"` - Ax *uint64 `protobuf:"varint,11,req,name=ax" json:"ax,omitempty"` - Cx *uint64 `protobuf:"varint,12,req,name=cx" json:"cx,omitempty"` - Dx *uint64 `protobuf:"varint,13,req,name=dx" json:"dx,omitempty"` - Si *uint64 `protobuf:"varint,14,req,name=si" json:"si,omitempty"` - Di *uint64 `protobuf:"varint,15,req,name=di" json:"di,omitempty"` - OrigAx *uint64 `protobuf:"varint,16,req,name=orig_ax,json=origAx" json:"orig_ax,omitempty"` - Ip *uint64 `protobuf:"varint,17,req,name=ip" json:"ip,omitempty"` - Cs *uint64 `protobuf:"varint,18,req,name=cs" json:"cs,omitempty"` - Flags *uint64 `protobuf:"varint,19,req,name=flags" json:"flags,omitempty"` - Sp *uint64 `protobuf:"varint,20,req,name=sp" json:"sp,omitempty"` - Ss *uint64 `protobuf:"varint,21,req,name=ss" json:"ss,omitempty"` - FsBase *uint64 `protobuf:"varint,22,req,name=fs_base,json=fsBase" json:"fs_base,omitempty"` - GsBase *uint64 `protobuf:"varint,23,req,name=gs_base,json=gsBase" json:"gs_base,omitempty"` - Ds *uint64 `protobuf:"varint,24,req,name=ds" json:"ds,omitempty"` - Es *uint64 `protobuf:"varint,25,req,name=es" json:"es,omitempty"` - Fs *uint64 `protobuf:"varint,26,req,name=fs" json:"fs,omitempty"` - Gs *uint64 `protobuf:"varint,27,req,name=gs" json:"gs,omitempty"` - Mode *UserX86RegsMode `protobuf:"varint,28,opt,name=mode,enum=UserX86RegsMode,def=1" json:"mode,omitempty"` -} - -// Default values for UserX86RegsEntry fields. -const ( - Default_UserX86RegsEntry_Mode = UserX86RegsMode_NATIVE -) - -func (x *UserX86RegsEntry) Reset() { - *x = UserX86RegsEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_core_x86_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *UserX86RegsEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*UserX86RegsEntry) ProtoMessage() {} - -func (x *UserX86RegsEntry) ProtoReflect() protoreflect.Message { - mi := &file_core_x86_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use UserX86RegsEntry.ProtoReflect.Descriptor instead. -func (*UserX86RegsEntry) Descriptor() ([]byte, []int) { - return file_core_x86_proto_rawDescGZIP(), []int{0} -} - -func (x *UserX86RegsEntry) GetR15() uint64 { - if x != nil && x.R15 != nil { - return *x.R15 - } - return 0 -} - -func (x *UserX86RegsEntry) GetR14() uint64 { - if x != nil && x.R14 != nil { - return *x.R14 - } - return 0 -} - -func (x *UserX86RegsEntry) GetR13() uint64 { - if x != nil && x.R13 != nil { - return *x.R13 - } - return 0 -} - -func (x *UserX86RegsEntry) GetR12() uint64 { - if x != nil && x.R12 != nil { - return *x.R12 - } - return 0 -} - -func (x *UserX86RegsEntry) GetBp() uint64 { - if x != nil && x.Bp != nil { - return *x.Bp - } - return 0 -} - -func (x *UserX86RegsEntry) GetBx() uint64 { - if x != nil && x.Bx != nil { - return *x.Bx - } - return 0 -} - -func (x *UserX86RegsEntry) GetR11() uint64 { - if x != nil && x.R11 != nil { - return *x.R11 - } - return 0 -} - -func (x *UserX86RegsEntry) GetR10() uint64 { - if x != nil && x.R10 != nil { - return *x.R10 - } - return 0 -} - -func (x *UserX86RegsEntry) GetR9() uint64 { - if x != nil && x.R9 != nil { - return *x.R9 - } - return 0 -} - -func (x *UserX86RegsEntry) GetR8() uint64 { - if x != nil && x.R8 != nil { - return *x.R8 - } - return 0 -} - -func (x *UserX86RegsEntry) GetAx() uint64 { - if x != nil && x.Ax != nil { - return *x.Ax - } - return 0 -} - -func (x *UserX86RegsEntry) GetCx() uint64 { - if x != nil && x.Cx != nil { - return *x.Cx - } - return 0 -} - -func (x *UserX86RegsEntry) GetDx() uint64 { - if x != nil && x.Dx != nil { - return *x.Dx - } - return 0 -} - -func (x *UserX86RegsEntry) GetSi() uint64 { - if x != nil && x.Si != nil { - return *x.Si - } - return 0 -} - -func (x *UserX86RegsEntry) GetDi() uint64 { - if x != nil && x.Di != nil { - return *x.Di - } - return 0 -} - -func (x *UserX86RegsEntry) GetOrigAx() uint64 { - if x != nil && x.OrigAx != nil { - return *x.OrigAx - } - return 0 -} - -func (x *UserX86RegsEntry) GetIp() uint64 { - if x != nil && x.Ip != nil { - return *x.Ip - } - return 0 -} - -func (x *UserX86RegsEntry) GetCs() uint64 { - if x != nil && x.Cs != nil { - return *x.Cs - } - return 0 -} - -func (x *UserX86RegsEntry) GetFlags() uint64 { - if x != nil && x.Flags != nil { - return *x.Flags - } - return 0 -} - -func (x *UserX86RegsEntry) GetSp() uint64 { - if x != nil && x.Sp != nil { - return *x.Sp - } - return 0 -} - -func (x *UserX86RegsEntry) GetSs() uint64 { - if x != nil && x.Ss != nil { - return *x.Ss - } - return 0 -} - -func (x *UserX86RegsEntry) GetFsBase() uint64 { - if x != nil && x.FsBase != nil { - return *x.FsBase - } - return 0 -} - -func (x *UserX86RegsEntry) GetGsBase() uint64 { - if x != nil && x.GsBase != nil { - return *x.GsBase - } - return 0 -} - -func (x *UserX86RegsEntry) GetDs() uint64 { - if x != nil && x.Ds != nil { - return *x.Ds - } - return 0 -} - -func (x *UserX86RegsEntry) GetEs() uint64 { - if x != nil && x.Es != nil { - return *x.Es - } - return 0 -} - -func (x *UserX86RegsEntry) GetFs() uint64 { - if x != nil && x.Fs != nil { - return *x.Fs - } - return 0 -} - -func (x *UserX86RegsEntry) GetGs() uint64 { - if x != nil && x.Gs != nil { - return *x.Gs - } - return 0 -} - -func (x *UserX86RegsEntry) GetMode() UserX86RegsMode { - if x != nil && x.Mode != nil { - return *x.Mode - } - return Default_UserX86RegsEntry_Mode -} - -type UserX86XsaveEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // standard xsave features - XstateBv *uint64 `protobuf:"varint,1,req,name=xstate_bv,json=xstateBv" json:"xstate_bv,omitempty"` - // AVX components: 16x 256-bit ymm registers, hi 128 bits - YmmhSpace []uint32 `protobuf:"varint,2,rep,name=ymmh_space,json=ymmhSpace" json:"ymmh_space,omitempty"` - // MPX components - BndregState []uint64 `protobuf:"varint,3,rep,name=bndreg_state,json=bndregState" json:"bndreg_state,omitempty"` - BndcsrState []uint64 `protobuf:"varint,4,rep,name=bndcsr_state,json=bndcsrState" json:"bndcsr_state,omitempty"` - // AVX512 components: k0-k7, ZMM_Hi256, Hi16_ZMM - OpmaskReg []uint64 `protobuf:"varint,5,rep,name=opmask_reg,json=opmaskReg" json:"opmask_reg,omitempty"` - ZmmUpper []uint64 `protobuf:"varint,6,rep,name=zmm_upper,json=zmmUpper" json:"zmm_upper,omitempty"` - Hi16Zmm []uint64 `protobuf:"varint,7,rep,name=hi16_zmm,json=hi16Zmm" json:"hi16_zmm,omitempty"` - // Protected keys - Pkru []uint32 `protobuf:"varint,8,rep,name=pkru" json:"pkru,omitempty"` -} - -func (x *UserX86XsaveEntry) Reset() { - *x = UserX86XsaveEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_core_x86_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *UserX86XsaveEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*UserX86XsaveEntry) ProtoMessage() {} - -func (x *UserX86XsaveEntry) ProtoReflect() protoreflect.Message { - mi := &file_core_x86_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use UserX86XsaveEntry.ProtoReflect.Descriptor instead. -func (*UserX86XsaveEntry) Descriptor() ([]byte, []int) { - return file_core_x86_proto_rawDescGZIP(), []int{1} -} - -func (x *UserX86XsaveEntry) GetXstateBv() uint64 { - if x != nil && x.XstateBv != nil { - return *x.XstateBv - } - return 0 -} - -func (x *UserX86XsaveEntry) GetYmmhSpace() []uint32 { - if x != nil { - return x.YmmhSpace - } - return nil -} - -func (x *UserX86XsaveEntry) GetBndregState() []uint64 { - if x != nil { - return x.BndregState - } - return nil -} - -func (x *UserX86XsaveEntry) GetBndcsrState() []uint64 { - if x != nil { - return x.BndcsrState - } - return nil -} - -func (x *UserX86XsaveEntry) GetOpmaskReg() []uint64 { - if x != nil { - return x.OpmaskReg - } - return nil -} - -func (x *UserX86XsaveEntry) GetZmmUpper() []uint64 { - if x != nil { - return x.ZmmUpper - } - return nil -} - -func (x *UserX86XsaveEntry) GetHi16Zmm() []uint64 { - if x != nil { - return x.Hi16Zmm - } - return nil -} - -func (x *UserX86XsaveEntry) GetPkru() []uint32 { - if x != nil { - return x.Pkru - } - return nil -} - -type UserX86FpregsEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // fxsave data - Cwd *uint32 `protobuf:"varint,1,req,name=cwd" json:"cwd,omitempty"` - Swd *uint32 `protobuf:"varint,2,req,name=swd" json:"swd,omitempty"` - Twd *uint32 `protobuf:"varint,3,req,name=twd" json:"twd,omitempty"` - Fop *uint32 `protobuf:"varint,4,req,name=fop" json:"fop,omitempty"` - Rip *uint64 `protobuf:"varint,5,req,name=rip" json:"rip,omitempty"` - Rdp *uint64 `protobuf:"varint,6,req,name=rdp" json:"rdp,omitempty"` - Mxcsr *uint32 `protobuf:"varint,7,req,name=mxcsr" json:"mxcsr,omitempty"` - MxcsrMask *uint32 `protobuf:"varint,8,req,name=mxcsr_mask,json=mxcsrMask" json:"mxcsr_mask,omitempty"` - StSpace []uint32 `protobuf:"varint,9,rep,name=st_space,json=stSpace" json:"st_space,omitempty"` - XmmSpace []uint32 `protobuf:"varint,10,rep,name=xmm_space,json=xmmSpace" json:"xmm_space,omitempty"` - // Unused, but present for backward compatibility - Padding []uint32 `protobuf:"varint,11,rep,name=padding" json:"padding,omitempty"` - // xsave extension - Xsave *UserX86XsaveEntry `protobuf:"bytes,13,opt,name=xsave" json:"xsave,omitempty"` -} - -func (x *UserX86FpregsEntry) Reset() { - *x = UserX86FpregsEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_core_x86_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *UserX86FpregsEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*UserX86FpregsEntry) ProtoMessage() {} - -func (x *UserX86FpregsEntry) ProtoReflect() protoreflect.Message { - mi := &file_core_x86_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use UserX86FpregsEntry.ProtoReflect.Descriptor instead. -func (*UserX86FpregsEntry) Descriptor() ([]byte, []int) { - return file_core_x86_proto_rawDescGZIP(), []int{2} -} - -func (x *UserX86FpregsEntry) GetCwd() uint32 { - if x != nil && x.Cwd != nil { - return *x.Cwd - } - return 0 -} - -func (x *UserX86FpregsEntry) GetSwd() uint32 { - if x != nil && x.Swd != nil { - return *x.Swd - } - return 0 -} - -func (x *UserX86FpregsEntry) GetTwd() uint32 { - if x != nil && x.Twd != nil { - return *x.Twd - } - return 0 -} - -func (x *UserX86FpregsEntry) GetFop() uint32 { - if x != nil && x.Fop != nil { - return *x.Fop - } - return 0 -} - -func (x *UserX86FpregsEntry) GetRip() uint64 { - if x != nil && x.Rip != nil { - return *x.Rip - } - return 0 -} - -func (x *UserX86FpregsEntry) GetRdp() uint64 { - if x != nil && x.Rdp != nil { - return *x.Rdp - } - return 0 -} - -func (x *UserX86FpregsEntry) GetMxcsr() uint32 { - if x != nil && x.Mxcsr != nil { - return *x.Mxcsr - } - return 0 -} - -func (x *UserX86FpregsEntry) GetMxcsrMask() uint32 { - if x != nil && x.MxcsrMask != nil { - return *x.MxcsrMask - } - return 0 -} - -func (x *UserX86FpregsEntry) GetStSpace() []uint32 { - if x != nil { - return x.StSpace - } - return nil -} - -func (x *UserX86FpregsEntry) GetXmmSpace() []uint32 { - if x != nil { - return x.XmmSpace - } - return nil -} - -func (x *UserX86FpregsEntry) GetPadding() []uint32 { - if x != nil { - return x.Padding - } - return nil -} - -func (x *UserX86FpregsEntry) GetXsave() *UserX86XsaveEntry { - if x != nil { - return x.Xsave - } - return nil -} - -type UserDescT struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - EntryNumber *uint32 `protobuf:"varint,1,req,name=entry_number,json=entryNumber" json:"entry_number,omitempty"` - // this is for GDT, not for MSRs - 32-bit base - BaseAddr *uint32 `protobuf:"varint,2,req,name=base_addr,json=baseAddr" json:"base_addr,omitempty"` - Limit *uint32 `protobuf:"varint,3,req,name=limit" json:"limit,omitempty"` - Seg_32Bit *bool `protobuf:"varint,4,req,name=seg_32bit,json=seg32bit" json:"seg_32bit,omitempty"` - ContentsH *bool `protobuf:"varint,5,req,name=contents_h,json=contentsH" json:"contents_h,omitempty"` - ContentsL *bool `protobuf:"varint,6,req,name=contents_l,json=contentsL" json:"contents_l,omitempty"` - ReadExecOnly *bool `protobuf:"varint,7,req,name=read_exec_only,json=readExecOnly,def=1" json:"read_exec_only,omitempty"` - LimitInPages *bool `protobuf:"varint,8,req,name=limit_in_pages,json=limitInPages" json:"limit_in_pages,omitempty"` - SegNotPresent *bool `protobuf:"varint,9,req,name=seg_not_present,json=segNotPresent,def=1" json:"seg_not_present,omitempty"` - Usable *bool `protobuf:"varint,10,req,name=usable" json:"usable,omitempty"` -} - -// Default values for UserDescT fields. -const ( - Default_UserDescT_ReadExecOnly = bool(true) - Default_UserDescT_SegNotPresent = bool(true) -) - -func (x *UserDescT) Reset() { - *x = UserDescT{} - if protoimpl.UnsafeEnabled { - mi := &file_core_x86_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *UserDescT) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*UserDescT) ProtoMessage() {} - -func (x *UserDescT) ProtoReflect() protoreflect.Message { - mi := &file_core_x86_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use UserDescT.ProtoReflect.Descriptor instead. -func (*UserDescT) Descriptor() ([]byte, []int) { - return file_core_x86_proto_rawDescGZIP(), []int{3} -} - -func (x *UserDescT) GetEntryNumber() uint32 { - if x != nil && x.EntryNumber != nil { - return *x.EntryNumber - } - return 0 -} - -func (x *UserDescT) GetBaseAddr() uint32 { - if x != nil && x.BaseAddr != nil { - return *x.BaseAddr - } - return 0 -} - -func (x *UserDescT) GetLimit() uint32 { - if x != nil && x.Limit != nil { - return *x.Limit - } - return 0 -} - -func (x *UserDescT) GetSeg_32Bit() bool { - if x != nil && x.Seg_32Bit != nil { - return *x.Seg_32Bit - } - return false -} - -func (x *UserDescT) GetContentsH() bool { - if x != nil && x.ContentsH != nil { - return *x.ContentsH - } - return false -} - -func (x *UserDescT) GetContentsL() bool { - if x != nil && x.ContentsL != nil { - return *x.ContentsL - } - return false -} - -func (x *UserDescT) GetReadExecOnly() bool { - if x != nil && x.ReadExecOnly != nil { - return *x.ReadExecOnly - } - return Default_UserDescT_ReadExecOnly -} - -func (x *UserDescT) GetLimitInPages() bool { - if x != nil && x.LimitInPages != nil { - return *x.LimitInPages - } - return false -} - -func (x *UserDescT) GetSegNotPresent() bool { - if x != nil && x.SegNotPresent != nil { - return *x.SegNotPresent - } - return Default_UserDescT_SegNotPresent -} - -func (x *UserDescT) GetUsable() bool { - if x != nil && x.Usable != nil { - return *x.Usable - } - return false -} - -type ThreadInfoX86 struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - ClearTidAddr *uint64 `protobuf:"varint,1,req,name=clear_tid_addr,json=clearTidAddr" json:"clear_tid_addr,omitempty"` - Gpregs *UserX86RegsEntry `protobuf:"bytes,2,req,name=gpregs" json:"gpregs,omitempty"` - Fpregs *UserX86FpregsEntry `protobuf:"bytes,3,req,name=fpregs" json:"fpregs,omitempty"` - Tls []*UserDescT `protobuf:"bytes,4,rep,name=tls" json:"tls,omitempty"` -} - -func (x *ThreadInfoX86) Reset() { - *x = ThreadInfoX86{} - if protoimpl.UnsafeEnabled { - mi := &file_core_x86_proto_msgTypes[4] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ThreadInfoX86) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ThreadInfoX86) ProtoMessage() {} - -func (x *ThreadInfoX86) ProtoReflect() protoreflect.Message { - mi := &file_core_x86_proto_msgTypes[4] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ThreadInfoX86.ProtoReflect.Descriptor instead. -func (*ThreadInfoX86) Descriptor() ([]byte, []int) { - return file_core_x86_proto_rawDescGZIP(), []int{4} -} - -func (x *ThreadInfoX86) GetClearTidAddr() uint64 { - if x != nil && x.ClearTidAddr != nil { - return *x.ClearTidAddr - } - return 0 -} - -func (x *ThreadInfoX86) GetGpregs() *UserX86RegsEntry { - if x != nil { - return x.Gpregs - } - return nil -} - -func (x *ThreadInfoX86) GetFpregs() *UserX86FpregsEntry { - if x != nil { - return x.Fpregs - } - return nil -} - -func (x *ThreadInfoX86) GetTls() []*UserDescT { - if x != nil { - return x.Tls - } - return nil -} - -var File_core_x86_proto protoreflect.FileDescriptor - -var file_core_x86_proto_rawDesc = []byte{ - 0x0a, 0x0e, 0x63, 0x6f, 0x72, 0x65, 0x2d, 0x78, 0x38, 0x36, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xa3, 0x04, 0x0a, - 0x13, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x78, 0x38, 0x36, 0x5f, 0x72, 0x65, 0x67, 0x73, 0x5f, 0x65, - 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, 0x35, 0x18, 0x01, 0x20, 0x02, 0x28, - 0x04, 0x52, 0x03, 0x72, 0x31, 0x35, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, 0x34, 0x18, 0x02, 0x20, - 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x34, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, 0x33, 0x18, - 0x03, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x33, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x31, - 0x32, 0x18, 0x04, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x32, 0x12, 0x0e, 0x0a, 0x02, - 0x62, 0x70, 0x18, 0x05, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x62, 0x70, 0x12, 0x0e, 0x0a, 0x02, - 0x62, 0x78, 0x18, 0x06, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x62, 0x78, 0x12, 0x10, 0x0a, 0x03, - 0x72, 0x31, 0x31, 0x18, 0x07, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x31, 0x12, 0x10, - 0x0a, 0x03, 0x72, 0x31, 0x30, 0x18, 0x08, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x31, 0x30, - 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x39, 0x18, 0x09, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x72, 0x39, - 0x12, 0x0e, 0x0a, 0x02, 0x72, 0x38, 0x18, 0x0a, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x72, 0x38, - 0x12, 0x0e, 0x0a, 0x02, 0x61, 0x78, 0x18, 0x0b, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x61, 0x78, - 0x12, 0x0e, 0x0a, 0x02, 0x63, 0x78, 0x18, 0x0c, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x63, 0x78, - 0x12, 0x0e, 0x0a, 0x02, 0x64, 0x78, 0x18, 0x0d, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x64, 0x78, - 0x12, 0x0e, 0x0a, 0x02, 0x73, 0x69, 0x18, 0x0e, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x73, 0x69, - 0x12, 0x0e, 0x0a, 0x02, 0x64, 0x69, 0x18, 0x0f, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x64, 0x69, - 0x12, 0x17, 0x0a, 0x07, 0x6f, 0x72, 0x69, 0x67, 0x5f, 0x61, 0x78, 0x18, 0x10, 0x20, 0x02, 0x28, - 0x04, 0x52, 0x06, 0x6f, 0x72, 0x69, 0x67, 0x41, 0x78, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x70, 0x18, - 0x11, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x69, 0x70, 0x12, 0x0e, 0x0a, 0x02, 0x63, 0x73, 0x18, - 0x12, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x63, 0x73, 0x12, 0x14, 0x0a, 0x05, 0x66, 0x6c, 0x61, - 0x67, 0x73, 0x18, 0x13, 0x20, 0x02, 0x28, 0x04, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, - 0x0e, 0x0a, 0x02, 0x73, 0x70, 0x18, 0x14, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x73, 0x70, 0x12, - 0x0e, 0x0a, 0x02, 0x73, 0x73, 0x18, 0x15, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x73, 0x73, 0x12, - 0x17, 0x0a, 0x07, 0x66, 0x73, 0x5f, 0x62, 0x61, 0x73, 0x65, 0x18, 0x16, 0x20, 0x02, 0x28, 0x04, - 0x52, 0x06, 0x66, 0x73, 0x42, 0x61, 0x73, 0x65, 0x12, 0x17, 0x0a, 0x07, 0x67, 0x73, 0x5f, 0x62, - 0x61, 0x73, 0x65, 0x18, 0x17, 0x20, 0x02, 0x28, 0x04, 0x52, 0x06, 0x67, 0x73, 0x42, 0x61, 0x73, - 0x65, 0x12, 0x0e, 0x0a, 0x02, 0x64, 0x73, 0x18, 0x18, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x64, - 0x73, 0x12, 0x0e, 0x0a, 0x02, 0x65, 0x73, 0x18, 0x19, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x65, - 0x73, 0x12, 0x0e, 0x0a, 0x02, 0x66, 0x73, 0x18, 0x1a, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x66, - 0x73, 0x12, 0x0e, 0x0a, 0x02, 0x67, 0x73, 0x18, 0x1b, 0x20, 0x02, 0x28, 0x04, 0x52, 0x02, 0x67, - 0x73, 0x12, 0x2f, 0x0a, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x1c, 0x20, 0x01, 0x28, 0x0e, 0x32, - 0x13, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x78, 0x38, 0x36, 0x5f, 0x72, 0x65, 0x67, 0x73, 0x5f, - 0x6d, 0x6f, 0x64, 0x65, 0x3a, 0x06, 0x4e, 0x41, 0x54, 0x49, 0x56, 0x45, 0x52, 0x04, 0x6d, 0x6f, - 0x64, 0x65, 0x22, 0x83, 0x02, 0x0a, 0x14, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x78, 0x38, 0x36, 0x5f, - 0x78, 0x73, 0x61, 0x76, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x1b, 0x0a, 0x09, 0x78, - 0x73, 0x74, 0x61, 0x74, 0x65, 0x5f, 0x62, 0x76, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x52, 0x08, - 0x78, 0x73, 0x74, 0x61, 0x74, 0x65, 0x42, 0x76, 0x12, 0x1d, 0x0a, 0x0a, 0x79, 0x6d, 0x6d, 0x68, - 0x5f, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0d, 0x52, 0x09, 0x79, 0x6d, - 0x6d, 0x68, 0x53, 0x70, 0x61, 0x63, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x62, 0x6e, 0x64, 0x72, 0x65, - 0x67, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x03, 0x20, 0x03, 0x28, 0x04, 0x52, 0x0b, 0x62, - 0x6e, 0x64, 0x72, 0x65, 0x67, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x62, 0x6e, - 0x64, 0x63, 0x73, 0x72, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x04, 0x20, 0x03, 0x28, 0x04, - 0x52, 0x0b, 0x62, 0x6e, 0x64, 0x63, 0x73, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x1d, 0x0a, - 0x0a, 0x6f, 0x70, 0x6d, 0x61, 0x73, 0x6b, 0x5f, 0x72, 0x65, 0x67, 0x18, 0x05, 0x20, 0x03, 0x28, - 0x04, 0x52, 0x09, 0x6f, 0x70, 0x6d, 0x61, 0x73, 0x6b, 0x52, 0x65, 0x67, 0x12, 0x1b, 0x0a, 0x09, - 0x7a, 0x6d, 0x6d, 0x5f, 0x75, 0x70, 0x70, 0x65, 0x72, 0x18, 0x06, 0x20, 0x03, 0x28, 0x04, 0x52, - 0x08, 0x7a, 0x6d, 0x6d, 0x55, 0x70, 0x70, 0x65, 0x72, 0x12, 0x19, 0x0a, 0x08, 0x68, 0x69, 0x31, - 0x36, 0x5f, 0x7a, 0x6d, 0x6d, 0x18, 0x07, 0x20, 0x03, 0x28, 0x04, 0x52, 0x07, 0x68, 0x69, 0x31, - 0x36, 0x5a, 0x6d, 0x6d, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x6b, 0x72, 0x75, 0x18, 0x08, 0x20, 0x03, - 0x28, 0x0d, 0x52, 0x04, 0x70, 0x6b, 0x72, 0x75, 0x22, 0xb7, 0x02, 0x0a, 0x15, 0x75, 0x73, 0x65, - 0x72, 0x5f, 0x78, 0x38, 0x36, 0x5f, 0x66, 0x70, 0x72, 0x65, 0x67, 0x73, 0x5f, 0x65, 0x6e, 0x74, - 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x63, 0x77, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, - 0x03, 0x63, 0x77, 0x64, 0x12, 0x10, 0x0a, 0x03, 0x73, 0x77, 0x64, 0x18, 0x02, 0x20, 0x02, 0x28, - 0x0d, 0x52, 0x03, 0x73, 0x77, 0x64, 0x12, 0x10, 0x0a, 0x03, 0x74, 0x77, 0x64, 0x18, 0x03, 0x20, - 0x02, 0x28, 0x0d, 0x52, 0x03, 0x74, 0x77, 0x64, 0x12, 0x10, 0x0a, 0x03, 0x66, 0x6f, 0x70, 0x18, - 0x04, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, 0x66, 0x6f, 0x70, 0x12, 0x10, 0x0a, 0x03, 0x72, 0x69, - 0x70, 0x18, 0x05, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x69, 0x70, 0x12, 0x10, 0x0a, 0x03, - 0x72, 0x64, 0x70, 0x18, 0x06, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x72, 0x64, 0x70, 0x12, 0x14, - 0x0a, 0x05, 0x6d, 0x78, 0x63, 0x73, 0x72, 0x18, 0x07, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x6d, - 0x78, 0x63, 0x73, 0x72, 0x12, 0x1d, 0x0a, 0x0a, 0x6d, 0x78, 0x63, 0x73, 0x72, 0x5f, 0x6d, 0x61, - 0x73, 0x6b, 0x18, 0x08, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x09, 0x6d, 0x78, 0x63, 0x73, 0x72, 0x4d, - 0x61, 0x73, 0x6b, 0x12, 0x19, 0x0a, 0x08, 0x73, 0x74, 0x5f, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, - 0x09, 0x20, 0x03, 0x28, 0x0d, 0x52, 0x07, 0x73, 0x74, 0x53, 0x70, 0x61, 0x63, 0x65, 0x12, 0x1b, - 0x0a, 0x09, 0x78, 0x6d, 0x6d, 0x5f, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x0a, 0x20, 0x03, 0x28, - 0x0d, 0x52, 0x08, 0x78, 0x6d, 0x6d, 0x53, 0x70, 0x61, 0x63, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x70, - 0x61, 0x64, 0x64, 0x69, 0x6e, 0x67, 0x18, 0x0b, 0x20, 0x03, 0x28, 0x0d, 0x52, 0x07, 0x70, 0x61, - 0x64, 0x64, 0x69, 0x6e, 0x67, 0x12, 0x2b, 0x0a, 0x05, 0x78, 0x73, 0x61, 0x76, 0x65, 0x18, 0x0d, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x78, 0x38, 0x36, 0x5f, - 0x78, 0x73, 0x61, 0x76, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x05, 0x78, 0x73, 0x61, - 0x76, 0x65, 0x22, 0xd6, 0x02, 0x0a, 0x0b, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x64, 0x65, 0x73, 0x63, - 0x5f, 0x74, 0x12, 0x21, 0x0a, 0x0c, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x5f, 0x6e, 0x75, 0x6d, 0x62, - 0x65, 0x72, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x0b, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x4e, - 0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, 0x1b, 0x0a, 0x09, 0x62, 0x61, 0x73, 0x65, 0x5f, 0x61, 0x64, - 0x64, 0x72, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x08, 0x62, 0x61, 0x73, 0x65, 0x41, 0x64, - 0x64, 0x72, 0x12, 0x14, 0x0a, 0x05, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x18, 0x03, 0x20, 0x02, 0x28, - 0x0d, 0x52, 0x05, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x12, 0x1b, 0x0a, 0x09, 0x73, 0x65, 0x67, 0x5f, - 0x33, 0x32, 0x62, 0x69, 0x74, 0x18, 0x04, 0x20, 0x02, 0x28, 0x08, 0x52, 0x08, 0x73, 0x65, 0x67, - 0x33, 0x32, 0x62, 0x69, 0x74, 0x12, 0x1d, 0x0a, 0x0a, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, - 0x73, 0x5f, 0x68, 0x18, 0x05, 0x20, 0x02, 0x28, 0x08, 0x52, 0x09, 0x63, 0x6f, 0x6e, 0x74, 0x65, - 0x6e, 0x74, 0x73, 0x48, 0x12, 0x1d, 0x0a, 0x0a, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x73, - 0x5f, 0x6c, 0x18, 0x06, 0x20, 0x02, 0x28, 0x08, 0x52, 0x09, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, - 0x74, 0x73, 0x4c, 0x12, 0x2a, 0x0a, 0x0e, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x65, 0x78, 0x65, 0x63, - 0x5f, 0x6f, 0x6e, 0x6c, 0x79, 0x18, 0x07, 0x20, 0x02, 0x28, 0x08, 0x3a, 0x04, 0x74, 0x72, 0x75, - 0x65, 0x52, 0x0c, 0x72, 0x65, 0x61, 0x64, 0x45, 0x78, 0x65, 0x63, 0x4f, 0x6e, 0x6c, 0x79, 0x12, - 0x24, 0x0a, 0x0e, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x5f, 0x69, 0x6e, 0x5f, 0x70, 0x61, 0x67, 0x65, - 0x73, 0x18, 0x08, 0x20, 0x02, 0x28, 0x08, 0x52, 0x0c, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x49, 0x6e, - 0x50, 0x61, 0x67, 0x65, 0x73, 0x12, 0x2c, 0x0a, 0x0f, 0x73, 0x65, 0x67, 0x5f, 0x6e, 0x6f, 0x74, - 0x5f, 0x70, 0x72, 0x65, 0x73, 0x65, 0x6e, 0x74, 0x18, 0x09, 0x20, 0x02, 0x28, 0x08, 0x3a, 0x04, - 0x74, 0x72, 0x75, 0x65, 0x52, 0x0d, 0x73, 0x65, 0x67, 0x4e, 0x6f, 0x74, 0x50, 0x72, 0x65, 0x73, - 0x65, 0x6e, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x75, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x18, 0x0a, 0x20, - 0x02, 0x28, 0x08, 0x52, 0x06, 0x75, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x22, 0xc3, 0x01, 0x0a, 0x0f, - 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x78, 0x38, 0x36, 0x12, - 0x2b, 0x0a, 0x0e, 0x63, 0x6c, 0x65, 0x61, 0x72, 0x5f, 0x74, 0x69, 0x64, 0x5f, 0x61, 0x64, 0x64, - 0x72, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x0c, - 0x63, 0x6c, 0x65, 0x61, 0x72, 0x54, 0x69, 0x64, 0x41, 0x64, 0x64, 0x72, 0x12, 0x33, 0x0a, 0x06, - 0x67, 0x70, 0x72, 0x65, 0x67, 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x75, - 0x73, 0x65, 0x72, 0x5f, 0x78, 0x38, 0x36, 0x5f, 0x72, 0x65, 0x67, 0x73, 0x5f, 0x65, 0x6e, 0x74, - 0x72, 0x79, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x06, 0x67, 0x70, 0x72, 0x65, 0x67, - 0x73, 0x12, 0x2e, 0x0a, 0x06, 0x66, 0x70, 0x72, 0x65, 0x67, 0x73, 0x18, 0x03, 0x20, 0x02, 0x28, - 0x0b, 0x32, 0x16, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x78, 0x38, 0x36, 0x5f, 0x66, 0x70, 0x72, - 0x65, 0x67, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x06, 0x66, 0x70, 0x72, 0x65, 0x67, - 0x73, 0x12, 0x1e, 0x0a, 0x03, 0x74, 0x6c, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0c, - 0x2e, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x64, 0x65, 0x73, 0x63, 0x5f, 0x74, 0x52, 0x03, 0x74, 0x6c, - 0x73, 0x2a, 0x2c, 0x0a, 0x12, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x78, 0x38, 0x36, 0x5f, 0x72, 0x65, - 0x67, 0x73, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x0a, 0x0a, 0x06, 0x4e, 0x41, 0x54, 0x49, 0x56, - 0x45, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x43, 0x4f, 0x4d, 0x50, 0x41, 0x54, 0x10, 0x02, -} - -var ( - file_core_x86_proto_rawDescOnce sync.Once - file_core_x86_proto_rawDescData = file_core_x86_proto_rawDesc -) - -func file_core_x86_proto_rawDescGZIP() []byte { - file_core_x86_proto_rawDescOnce.Do(func() { - file_core_x86_proto_rawDescData = protoimpl.X.CompressGZIP(file_core_x86_proto_rawDescData) - }) - return file_core_x86_proto_rawDescData -} - -var file_core_x86_proto_enumTypes = make([]protoimpl.EnumInfo, 1) -var file_core_x86_proto_msgTypes = make([]protoimpl.MessageInfo, 5) -var file_core_x86_proto_goTypes = []interface{}{ - (UserX86RegsMode)(0), // 0: user_x86_regs_mode - (*UserX86RegsEntry)(nil), // 1: user_x86_regs_entry - (*UserX86XsaveEntry)(nil), // 2: user_x86_xsave_entry - (*UserX86FpregsEntry)(nil), // 3: user_x86_fpregs_entry - (*UserDescT)(nil), // 4: user_desc_t - (*ThreadInfoX86)(nil), // 5: thread_info_x86 -} -var file_core_x86_proto_depIdxs = []int32{ - 0, // 0: user_x86_regs_entry.mode:type_name -> user_x86_regs_mode - 2, // 1: user_x86_fpregs_entry.xsave:type_name -> user_x86_xsave_entry - 1, // 2: thread_info_x86.gpregs:type_name -> user_x86_regs_entry - 3, // 3: thread_info_x86.fpregs:type_name -> user_x86_fpregs_entry - 4, // 4: thread_info_x86.tls:type_name -> user_desc_t - 5, // [5:5] is the sub-list for method output_type - 5, // [5:5] is the sub-list for method input_type - 5, // [5:5] is the sub-list for extension type_name - 5, // [5:5] is the sub-list for extension extendee - 0, // [0:5] is the sub-list for field type_name -} - -func init() { file_core_x86_proto_init() } -func file_core_x86_proto_init() { - if File_core_x86_proto != nil { - return - } - file_opts_proto_init() - if !protoimpl.UnsafeEnabled { - file_core_x86_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*UserX86RegsEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_core_x86_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*UserX86XsaveEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_core_x86_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*UserX86FpregsEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_core_x86_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*UserDescT); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_core_x86_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ThreadInfoX86); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_core_x86_proto_rawDesc, - NumEnums: 1, - NumMessages: 5, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_core_x86_proto_goTypes, - DependencyIndexes: file_core_x86_proto_depIdxs, - EnumInfos: file_core_x86_proto_enumTypes, - MessageInfos: file_core_x86_proto_msgTypes, - }.Build() - File_core_x86_proto = out.File - file_core_x86_proto_rawDesc = nil - file_core_x86_proto_goTypes = nil - file_core_x86_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-x86.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-x86.proto deleted file mode 100644 index 815cf21ff85..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/core-x86.proto +++ /dev/null @@ -1,110 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -import "opts.proto"; - -enum user_x86_regs_mode { - NATIVE = 1; - COMPAT = 2; -} - -/* Reusing entry for both 64 and 32 bits register sets */ -message user_x86_regs_entry { - required uint64 r15 = 1; - required uint64 r14 = 2; - required uint64 r13 = 3; - required uint64 r12 = 4; - required uint64 bp = 5; - required uint64 bx = 6; - required uint64 r11 = 7; - required uint64 r10 = 8; - required uint64 r9 = 9; - required uint64 r8 = 10; - required uint64 ax = 11; - required uint64 cx = 12; - required uint64 dx = 13; - required uint64 si = 14; - required uint64 di = 15; - required uint64 orig_ax = 16; - required uint64 ip = 17; - required uint64 cs = 18; - required uint64 flags = 19; - required uint64 sp = 20; - required uint64 ss = 21; - required uint64 fs_base = 22; - required uint64 gs_base = 23; - required uint64 ds = 24; - required uint64 es = 25; - required uint64 fs = 26; - required uint64 gs = 27; - optional user_x86_regs_mode mode = 28 [default = NATIVE]; -} - -message user_x86_xsave_entry { - /* standard xsave features */ - required uint64 xstate_bv = 1; - - /* AVX components: 16x 256-bit ymm registers, hi 128 bits */ - repeated uint32 ymmh_space = 2; - - /* MPX components */ - repeated uint64 bndreg_state = 3; - repeated uint64 bndcsr_state = 4; - - /* AVX512 components: k0-k7, ZMM_Hi256, Hi16_ZMM */ - repeated uint64 opmask_reg = 5; - repeated uint64 zmm_upper = 6; - repeated uint64 hi16_zmm = 7; - - /* Protected keys */ - repeated uint32 pkru = 8; - - /* - * Processor trace (PT) and hardware duty cycling (HDC) - * are supervisor state components and only managed by - * xsaves/xrstors on cpl=0, so ignore them. - */ -} - -message user_x86_fpregs_entry { - - /* fxsave data */ - required uint32 cwd = 1; - required uint32 swd = 2; - required uint32 twd = 3; - required uint32 fop = 4; - required uint64 rip = 5; - required uint64 rdp = 6; - required uint32 mxcsr = 7; - required uint32 mxcsr_mask = 8; - repeated uint32 st_space = 9; - repeated uint32 xmm_space = 10; - - /* Unused, but present for backward compatibility */ - repeated uint32 padding = 11; - - /* xsave extension */ - optional user_x86_xsave_entry xsave = 13; -} - -message user_desc_t { - required uint32 entry_number = 1; - /* this is for GDT, not for MSRs - 32-bit base */ - required uint32 base_addr = 2; - required uint32 limit = 3; - required bool seg_32bit = 4; - required bool contents_h = 5; - required bool contents_l = 6; - required bool read_exec_only = 7 [default = true]; - required bool limit_in_pages = 8; - required bool seg_not_present = 9 [default = true]; - required bool usable = 10; -} - -message thread_info_x86 { - required uint64 clear_tid_addr = 1[(criu).hex = true]; - required user_x86_regs_entry gpregs = 2[(criu).hex = true]; - required user_x86_fpregs_entry fpregs = 3; - repeated user_desc_t tls = 4; -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/cpuinfo.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/cpuinfo.pb.go deleted file mode 100644 index 5cff4dc5525..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/cpuinfo.pb.go +++ /dev/null @@ -1,591 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: cpuinfo.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type CpuinfoX86EntryVendor int32 - -const ( - CpuinfoX86Entry_UNKNOWN CpuinfoX86EntryVendor = 0 - CpuinfoX86Entry_INTEL CpuinfoX86EntryVendor = 1 - CpuinfoX86Entry_AMD CpuinfoX86EntryVendor = 2 -) - -// Enum value maps for CpuinfoX86EntryVendor. -var ( - CpuinfoX86EntryVendor_name = map[int32]string{ - 0: "UNKNOWN", - 1: "INTEL", - 2: "AMD", - } - CpuinfoX86EntryVendor_value = map[string]int32{ - "UNKNOWN": 0, - "INTEL": 1, - "AMD": 2, - } -) - -func (x CpuinfoX86EntryVendor) Enum() *CpuinfoX86EntryVendor { - p := new(CpuinfoX86EntryVendor) - *p = x - return p -} - -func (x CpuinfoX86EntryVendor) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (CpuinfoX86EntryVendor) Descriptor() protoreflect.EnumDescriptor { - return file_cpuinfo_proto_enumTypes[0].Descriptor() -} - -func (CpuinfoX86EntryVendor) Type() protoreflect.EnumType { - return &file_cpuinfo_proto_enumTypes[0] -} - -func (x CpuinfoX86EntryVendor) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Do not use. -func (x *CpuinfoX86EntryVendor) UnmarshalJSON(b []byte) error { - num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b) - if err != nil { - return err - } - *x = CpuinfoX86EntryVendor(num) - return nil -} - -// Deprecated: Use CpuinfoX86EntryVendor.Descriptor instead. -func (CpuinfoX86EntryVendor) EnumDescriptor() ([]byte, []int) { - return file_cpuinfo_proto_rawDescGZIP(), []int{0, 0} -} - -type CpuinfoPpc64EntryEndianness int32 - -const ( - CpuinfoPpc64Entry_BIGENDIAN CpuinfoPpc64EntryEndianness = 0 - CpuinfoPpc64Entry_LITTLEENDIAN CpuinfoPpc64EntryEndianness = 1 -) - -// Enum value maps for CpuinfoPpc64EntryEndianness. -var ( - CpuinfoPpc64EntryEndianness_name = map[int32]string{ - 0: "BIGENDIAN", - 1: "LITTLEENDIAN", - } - CpuinfoPpc64EntryEndianness_value = map[string]int32{ - "BIGENDIAN": 0, - "LITTLEENDIAN": 1, - } -) - -func (x CpuinfoPpc64EntryEndianness) Enum() *CpuinfoPpc64EntryEndianness { - p := new(CpuinfoPpc64EntryEndianness) - *p = x - return p -} - -func (x CpuinfoPpc64EntryEndianness) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (CpuinfoPpc64EntryEndianness) Descriptor() protoreflect.EnumDescriptor { - return file_cpuinfo_proto_enumTypes[1].Descriptor() -} - -func (CpuinfoPpc64EntryEndianness) Type() protoreflect.EnumType { - return &file_cpuinfo_proto_enumTypes[1] -} - -func (x CpuinfoPpc64EntryEndianness) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Do not use. -func (x *CpuinfoPpc64EntryEndianness) UnmarshalJSON(b []byte) error { - num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b) - if err != nil { - return err - } - *x = CpuinfoPpc64EntryEndianness(num) - return nil -} - -// Deprecated: Use CpuinfoPpc64EntryEndianness.Descriptor instead. -func (CpuinfoPpc64EntryEndianness) EnumDescriptor() ([]byte, []int) { - return file_cpuinfo_proto_rawDescGZIP(), []int{1, 0} -} - -type CpuinfoX86Entry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - VendorId *CpuinfoX86EntryVendor `protobuf:"varint,1,req,name=vendor_id,json=vendorId,enum=CpuinfoX86EntryVendor" json:"vendor_id,omitempty"` - CpuFamily *uint32 `protobuf:"varint,2,req,name=cpu_family,json=cpuFamily" json:"cpu_family,omitempty"` - Model *uint32 `protobuf:"varint,3,req,name=model" json:"model,omitempty"` - Stepping *uint32 `protobuf:"varint,4,req,name=stepping" json:"stepping,omitempty"` - CapabilityVer *uint32 `protobuf:"varint,5,req,name=capability_ver,json=capabilityVer" json:"capability_ver,omitempty"` - Capability []uint32 `protobuf:"varint,6,rep,name=capability" json:"capability,omitempty"` - ModelId *string `protobuf:"bytes,7,opt,name=model_id,json=modelId" json:"model_id,omitempty"` - XfeaturesMask *uint64 `protobuf:"varint,8,opt,name=xfeatures_mask,json=xfeaturesMask" json:"xfeatures_mask,omitempty"` - XsaveSize *uint32 `protobuf:"varint,9,opt,name=xsave_size,json=xsaveSize" json:"xsave_size,omitempty"` - XsaveSizeMax *uint32 `protobuf:"varint,10,opt,name=xsave_size_max,json=xsaveSizeMax" json:"xsave_size_max,omitempty"` -} - -func (x *CpuinfoX86Entry) Reset() { - *x = CpuinfoX86Entry{} - if protoimpl.UnsafeEnabled { - mi := &file_cpuinfo_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *CpuinfoX86Entry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*CpuinfoX86Entry) ProtoMessage() {} - -func (x *CpuinfoX86Entry) ProtoReflect() protoreflect.Message { - mi := &file_cpuinfo_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use CpuinfoX86Entry.ProtoReflect.Descriptor instead. -func (*CpuinfoX86Entry) Descriptor() ([]byte, []int) { - return file_cpuinfo_proto_rawDescGZIP(), []int{0} -} - -func (x *CpuinfoX86Entry) GetVendorId() CpuinfoX86EntryVendor { - if x != nil && x.VendorId != nil { - return *x.VendorId - } - return CpuinfoX86Entry_UNKNOWN -} - -func (x *CpuinfoX86Entry) GetCpuFamily() uint32 { - if x != nil && x.CpuFamily != nil { - return *x.CpuFamily - } - return 0 -} - -func (x *CpuinfoX86Entry) GetModel() uint32 { - if x != nil && x.Model != nil { - return *x.Model - } - return 0 -} - -func (x *CpuinfoX86Entry) GetStepping() uint32 { - if x != nil && x.Stepping != nil { - return *x.Stepping - } - return 0 -} - -func (x *CpuinfoX86Entry) GetCapabilityVer() uint32 { - if x != nil && x.CapabilityVer != nil { - return *x.CapabilityVer - } - return 0 -} - -func (x *CpuinfoX86Entry) GetCapability() []uint32 { - if x != nil { - return x.Capability - } - return nil -} - -func (x *CpuinfoX86Entry) GetModelId() string { - if x != nil && x.ModelId != nil { - return *x.ModelId - } - return "" -} - -func (x *CpuinfoX86Entry) GetXfeaturesMask() uint64 { - if x != nil && x.XfeaturesMask != nil { - return *x.XfeaturesMask - } - return 0 -} - -func (x *CpuinfoX86Entry) GetXsaveSize() uint32 { - if x != nil && x.XsaveSize != nil { - return *x.XsaveSize - } - return 0 -} - -func (x *CpuinfoX86Entry) GetXsaveSizeMax() uint32 { - if x != nil && x.XsaveSizeMax != nil { - return *x.XsaveSizeMax - } - return 0 -} - -type CpuinfoPpc64Entry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Endian *CpuinfoPpc64EntryEndianness `protobuf:"varint,1,req,name=endian,enum=CpuinfoPpc64EntryEndianness" json:"endian,omitempty"` - Hwcap []uint64 `protobuf:"varint,2,rep,name=hwcap" json:"hwcap,omitempty"` -} - -func (x *CpuinfoPpc64Entry) Reset() { - *x = CpuinfoPpc64Entry{} - if protoimpl.UnsafeEnabled { - mi := &file_cpuinfo_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *CpuinfoPpc64Entry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*CpuinfoPpc64Entry) ProtoMessage() {} - -func (x *CpuinfoPpc64Entry) ProtoReflect() protoreflect.Message { - mi := &file_cpuinfo_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use CpuinfoPpc64Entry.ProtoReflect.Descriptor instead. -func (*CpuinfoPpc64Entry) Descriptor() ([]byte, []int) { - return file_cpuinfo_proto_rawDescGZIP(), []int{1} -} - -func (x *CpuinfoPpc64Entry) GetEndian() CpuinfoPpc64EntryEndianness { - if x != nil && x.Endian != nil { - return *x.Endian - } - return CpuinfoPpc64Entry_BIGENDIAN -} - -func (x *CpuinfoPpc64Entry) GetHwcap() []uint64 { - if x != nil { - return x.Hwcap - } - return nil -} - -type CpuinfoS390Entry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Hwcap []uint64 `protobuf:"varint,2,rep,name=hwcap" json:"hwcap,omitempty"` -} - -func (x *CpuinfoS390Entry) Reset() { - *x = CpuinfoS390Entry{} - if protoimpl.UnsafeEnabled { - mi := &file_cpuinfo_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *CpuinfoS390Entry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*CpuinfoS390Entry) ProtoMessage() {} - -func (x *CpuinfoS390Entry) ProtoReflect() protoreflect.Message { - mi := &file_cpuinfo_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use CpuinfoS390Entry.ProtoReflect.Descriptor instead. -func (*CpuinfoS390Entry) Descriptor() ([]byte, []int) { - return file_cpuinfo_proto_rawDescGZIP(), []int{2} -} - -func (x *CpuinfoS390Entry) GetHwcap() []uint64 { - if x != nil { - return x.Hwcap - } - return nil -} - -type CpuinfoEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Usually on SMP system there should be same CPUs - // installed, but it might happen that system carries - // various CPUs so @repeated used. - X86Entry []*CpuinfoX86Entry `protobuf:"bytes,1,rep,name=x86_entry,json=x86Entry" json:"x86_entry,omitempty"` - Ppc64Entry []*CpuinfoPpc64Entry `protobuf:"bytes,2,rep,name=ppc64_entry,json=ppc64Entry" json:"ppc64_entry,omitempty"` - S390Entry []*CpuinfoS390Entry `protobuf:"bytes,3,rep,name=s390_entry,json=s390Entry" json:"s390_entry,omitempty"` -} - -func (x *CpuinfoEntry) Reset() { - *x = CpuinfoEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_cpuinfo_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *CpuinfoEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*CpuinfoEntry) ProtoMessage() {} - -func (x *CpuinfoEntry) ProtoReflect() protoreflect.Message { - mi := &file_cpuinfo_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use CpuinfoEntry.ProtoReflect.Descriptor instead. -func (*CpuinfoEntry) Descriptor() ([]byte, []int) { - return file_cpuinfo_proto_rawDescGZIP(), []int{3} -} - -func (x *CpuinfoEntry) GetX86Entry() []*CpuinfoX86Entry { - if x != nil { - return x.X86Entry - } - return nil -} - -func (x *CpuinfoEntry) GetPpc64Entry() []*CpuinfoPpc64Entry { - if x != nil { - return x.Ppc64Entry - } - return nil -} - -func (x *CpuinfoEntry) GetS390Entry() []*CpuinfoS390Entry { - if x != nil { - return x.S390Entry - } - return nil -} - -var File_cpuinfo_proto protoreflect.FileDescriptor - -var file_cpuinfo_proto_rawDesc = []byte{ - 0x0a, 0x0d, 0x63, 0x70, 0x75, 0x69, 0x6e, 0x66, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, - 0x95, 0x03, 0x0a, 0x11, 0x63, 0x70, 0x75, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x78, 0x38, 0x36, 0x5f, - 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x36, 0x0a, 0x09, 0x76, 0x65, 0x6e, 0x64, 0x6f, 0x72, 0x5f, - 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0e, 0x32, 0x19, 0x2e, 0x63, 0x70, 0x75, 0x69, 0x6e, - 0x66, 0x6f, 0x5f, 0x78, 0x38, 0x36, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x76, 0x65, 0x6e, - 0x64, 0x6f, 0x72, 0x52, 0x08, 0x76, 0x65, 0x6e, 0x64, 0x6f, 0x72, 0x49, 0x64, 0x12, 0x1d, 0x0a, - 0x0a, 0x63, 0x70, 0x75, 0x5f, 0x66, 0x61, 0x6d, 0x69, 0x6c, 0x79, 0x18, 0x02, 0x20, 0x02, 0x28, - 0x0d, 0x52, 0x09, 0x63, 0x70, 0x75, 0x46, 0x61, 0x6d, 0x69, 0x6c, 0x79, 0x12, 0x14, 0x0a, 0x05, - 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x6d, 0x6f, 0x64, - 0x65, 0x6c, 0x12, 0x1a, 0x0a, 0x08, 0x73, 0x74, 0x65, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x18, 0x04, - 0x20, 0x02, 0x28, 0x0d, 0x52, 0x08, 0x73, 0x74, 0x65, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x12, 0x25, - 0x0a, 0x0e, 0x63, 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x5f, 0x76, 0x65, 0x72, - 0x18, 0x05, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x0d, 0x63, 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, 0x69, - 0x74, 0x79, 0x56, 0x65, 0x72, 0x12, 0x1e, 0x0a, 0x0a, 0x63, 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, - 0x69, 0x74, 0x79, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0d, 0x52, 0x0a, 0x63, 0x61, 0x70, 0x61, 0x62, - 0x69, 0x6c, 0x69, 0x74, 0x79, 0x12, 0x19, 0x0a, 0x08, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x5f, 0x69, - 0x64, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x49, 0x64, - 0x12, 0x25, 0x0a, 0x0e, 0x78, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x5f, 0x6d, 0x61, - 0x73, 0x6b, 0x18, 0x08, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0d, 0x78, 0x66, 0x65, 0x61, 0x74, 0x75, - 0x72, 0x65, 0x73, 0x4d, 0x61, 0x73, 0x6b, 0x12, 0x1d, 0x0a, 0x0a, 0x78, 0x73, 0x61, 0x76, 0x65, - 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x09, 0x78, 0x73, 0x61, - 0x76, 0x65, 0x53, 0x69, 0x7a, 0x65, 0x12, 0x24, 0x0a, 0x0e, 0x78, 0x73, 0x61, 0x76, 0x65, 0x5f, - 0x73, 0x69, 0x7a, 0x65, 0x5f, 0x6d, 0x61, 0x78, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0c, - 0x78, 0x73, 0x61, 0x76, 0x65, 0x53, 0x69, 0x7a, 0x65, 0x4d, 0x61, 0x78, 0x22, 0x29, 0x0a, 0x06, - 0x76, 0x65, 0x6e, 0x64, 0x6f, 0x72, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, - 0x4e, 0x10, 0x00, 0x12, 0x09, 0x0a, 0x05, 0x49, 0x4e, 0x54, 0x45, 0x4c, 0x10, 0x01, 0x12, 0x07, - 0x0a, 0x03, 0x41, 0x4d, 0x44, 0x10, 0x02, 0x22, 0x93, 0x01, 0x0a, 0x13, 0x63, 0x70, 0x75, 0x69, - 0x6e, 0x66, 0x6f, 0x5f, 0x70, 0x70, 0x63, 0x36, 0x34, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, - 0x37, 0x0a, 0x06, 0x65, 0x6e, 0x64, 0x69, 0x61, 0x6e, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0e, 0x32, - 0x1f, 0x2e, 0x63, 0x70, 0x75, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x70, 0x70, 0x63, 0x36, 0x34, 0x5f, - 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x65, 0x6e, 0x64, 0x69, 0x61, 0x6e, 0x6e, 0x65, 0x73, 0x73, - 0x52, 0x06, 0x65, 0x6e, 0x64, 0x69, 0x61, 0x6e, 0x12, 0x14, 0x0a, 0x05, 0x68, 0x77, 0x63, 0x61, - 0x70, 0x18, 0x02, 0x20, 0x03, 0x28, 0x04, 0x52, 0x05, 0x68, 0x77, 0x63, 0x61, 0x70, 0x22, 0x2d, - 0x0a, 0x0a, 0x65, 0x6e, 0x64, 0x69, 0x61, 0x6e, 0x6e, 0x65, 0x73, 0x73, 0x12, 0x0d, 0x0a, 0x09, - 0x42, 0x49, 0x47, 0x45, 0x4e, 0x44, 0x49, 0x41, 0x4e, 0x10, 0x00, 0x12, 0x10, 0x0a, 0x0c, 0x4c, - 0x49, 0x54, 0x54, 0x4c, 0x45, 0x45, 0x4e, 0x44, 0x49, 0x41, 0x4e, 0x10, 0x01, 0x22, 0x2a, 0x0a, - 0x12, 0x63, 0x70, 0x75, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x73, 0x33, 0x39, 0x30, 0x5f, 0x65, 0x6e, - 0x74, 0x72, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x68, 0x77, 0x63, 0x61, 0x70, 0x18, 0x02, 0x20, 0x03, - 0x28, 0x04, 0x52, 0x05, 0x68, 0x77, 0x63, 0x61, 0x70, 0x22, 0xab, 0x01, 0x0a, 0x0d, 0x63, 0x70, - 0x75, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x2f, 0x0a, 0x09, 0x78, - 0x38, 0x36, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x12, - 0x2e, 0x63, 0x70, 0x75, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x78, 0x38, 0x36, 0x5f, 0x65, 0x6e, 0x74, - 0x72, 0x79, 0x52, 0x08, 0x78, 0x38, 0x36, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x35, 0x0a, 0x0b, - 0x70, 0x70, 0x63, 0x36, 0x34, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x18, 0x02, 0x20, 0x03, 0x28, - 0x0b, 0x32, 0x14, 0x2e, 0x63, 0x70, 0x75, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x70, 0x70, 0x63, 0x36, - 0x34, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0a, 0x70, 0x70, 0x63, 0x36, 0x34, 0x45, 0x6e, - 0x74, 0x72, 0x79, 0x12, 0x32, 0x0a, 0x0a, 0x73, 0x33, 0x39, 0x30, 0x5f, 0x65, 0x6e, 0x74, 0x72, - 0x79, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x63, 0x70, 0x75, 0x69, 0x6e, 0x66, - 0x6f, 0x5f, 0x73, 0x33, 0x39, 0x30, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x09, 0x73, 0x33, - 0x39, 0x30, 0x45, 0x6e, 0x74, 0x72, 0x79, -} - -var ( - file_cpuinfo_proto_rawDescOnce sync.Once - file_cpuinfo_proto_rawDescData = file_cpuinfo_proto_rawDesc -) - -func file_cpuinfo_proto_rawDescGZIP() []byte { - file_cpuinfo_proto_rawDescOnce.Do(func() { - file_cpuinfo_proto_rawDescData = protoimpl.X.CompressGZIP(file_cpuinfo_proto_rawDescData) - }) - return file_cpuinfo_proto_rawDescData -} - -var file_cpuinfo_proto_enumTypes = make([]protoimpl.EnumInfo, 2) -var file_cpuinfo_proto_msgTypes = make([]protoimpl.MessageInfo, 4) -var file_cpuinfo_proto_goTypes = []interface{}{ - (CpuinfoX86EntryVendor)(0), // 0: cpuinfo_x86_entry.vendor - (CpuinfoPpc64EntryEndianness)(0), // 1: cpuinfo_ppc64_entry.endianness - (*CpuinfoX86Entry)(nil), // 2: cpuinfo_x86_entry - (*CpuinfoPpc64Entry)(nil), // 3: cpuinfo_ppc64_entry - (*CpuinfoS390Entry)(nil), // 4: cpuinfo_s390_entry - (*CpuinfoEntry)(nil), // 5: cpuinfo_entry -} -var file_cpuinfo_proto_depIdxs = []int32{ - 0, // 0: cpuinfo_x86_entry.vendor_id:type_name -> cpuinfo_x86_entry.vendor - 1, // 1: cpuinfo_ppc64_entry.endian:type_name -> cpuinfo_ppc64_entry.endianness - 2, // 2: cpuinfo_entry.x86_entry:type_name -> cpuinfo_x86_entry - 3, // 3: cpuinfo_entry.ppc64_entry:type_name -> cpuinfo_ppc64_entry - 4, // 4: cpuinfo_entry.s390_entry:type_name -> cpuinfo_s390_entry - 5, // [5:5] is the sub-list for method output_type - 5, // [5:5] is the sub-list for method input_type - 5, // [5:5] is the sub-list for extension type_name - 5, // [5:5] is the sub-list for extension extendee - 0, // [0:5] is the sub-list for field type_name -} - -func init() { file_cpuinfo_proto_init() } -func file_cpuinfo_proto_init() { - if File_cpuinfo_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_cpuinfo_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*CpuinfoX86Entry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_cpuinfo_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*CpuinfoPpc64Entry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_cpuinfo_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*CpuinfoS390Entry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_cpuinfo_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*CpuinfoEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_cpuinfo_proto_rawDesc, - NumEnums: 2, - NumMessages: 4, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_cpuinfo_proto_goTypes, - DependencyIndexes: file_cpuinfo_proto_depIdxs, - EnumInfos: file_cpuinfo_proto_enumTypes, - MessageInfos: file_cpuinfo_proto_msgTypes, - }.Build() - File_cpuinfo_proto = out.File - file_cpuinfo_proto_rawDesc = nil - file_cpuinfo_proto_goTypes = nil - file_cpuinfo_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/cpuinfo.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/cpuinfo.proto deleted file mode 100644 index 15860a90c52..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/cpuinfo.proto +++ /dev/null @@ -1,49 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -message cpuinfo_x86_entry { - enum vendor { - UNKNOWN = 0; - INTEL = 1; - AMD = 2; - } - - required vendor vendor_id = 1; - required uint32 cpu_family = 2; - required uint32 model = 3; - required uint32 stepping = 4; - required uint32 capability_ver = 5; - repeated uint32 capability = 6; - - optional string model_id = 7; - - optional uint64 xfeatures_mask = 8; - optional uint32 xsave_size = 9; - optional uint32 xsave_size_max = 10; -} - -message cpuinfo_ppc64_entry { - enum endianness { - BIGENDIAN = 0; - LITTLEENDIAN = 1; - } - - required endianness endian = 1; - repeated uint64 hwcap = 2; -} - -message cpuinfo_s390_entry { - repeated uint64 hwcap = 2; -} - -message cpuinfo_entry { - /* - * Usually on SMP system there should be same CPUs - * installed, but it might happen that system carries - * various CPUs so @repeated used. - */ - repeated cpuinfo_x86_entry x86_entry = 1; - repeated cpuinfo_ppc64_entry ppc64_entry = 2; - repeated cpuinfo_s390_entry s390_entry = 3; -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/creds.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/creds.pb.go deleted file mode 100644 index 87e504acbff..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/creds.pb.go +++ /dev/null @@ -1,294 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: creds.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type CredsEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Uid *uint32 `protobuf:"varint,1,req,name=uid" json:"uid,omitempty"` - Gid *uint32 `protobuf:"varint,2,req,name=gid" json:"gid,omitempty"` - Euid *uint32 `protobuf:"varint,3,req,name=euid" json:"euid,omitempty"` - Egid *uint32 `protobuf:"varint,4,req,name=egid" json:"egid,omitempty"` - Suid *uint32 `protobuf:"varint,5,req,name=suid" json:"suid,omitempty"` - Sgid *uint32 `protobuf:"varint,6,req,name=sgid" json:"sgid,omitempty"` - Fsuid *uint32 `protobuf:"varint,7,req,name=fsuid" json:"fsuid,omitempty"` - Fsgid *uint32 `protobuf:"varint,8,req,name=fsgid" json:"fsgid,omitempty"` - CapInh []uint32 `protobuf:"varint,9,rep,name=cap_inh,json=capInh" json:"cap_inh,omitempty"` - CapPrm []uint32 `protobuf:"varint,10,rep,name=cap_prm,json=capPrm" json:"cap_prm,omitempty"` - CapEff []uint32 `protobuf:"varint,11,rep,name=cap_eff,json=capEff" json:"cap_eff,omitempty"` - CapBnd []uint32 `protobuf:"varint,12,rep,name=cap_bnd,json=capBnd" json:"cap_bnd,omitempty"` - Secbits *uint32 `protobuf:"varint,13,req,name=secbits" json:"secbits,omitempty"` - Groups []uint32 `protobuf:"varint,14,rep,name=groups" json:"groups,omitempty"` - LsmProfile *string `protobuf:"bytes,15,opt,name=lsm_profile,json=lsmProfile" json:"lsm_profile,omitempty"` - LsmSockcreate *string `protobuf:"bytes,16,opt,name=lsm_sockcreate,json=lsmSockcreate" json:"lsm_sockcreate,omitempty"` - ApparmorData []byte `protobuf:"bytes,17,opt,name=apparmor_data,json=apparmorData" json:"apparmor_data,omitempty"` -} - -func (x *CredsEntry) Reset() { - *x = CredsEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_creds_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *CredsEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*CredsEntry) ProtoMessage() {} - -func (x *CredsEntry) ProtoReflect() protoreflect.Message { - mi := &file_creds_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use CredsEntry.ProtoReflect.Descriptor instead. -func (*CredsEntry) Descriptor() ([]byte, []int) { - return file_creds_proto_rawDescGZIP(), []int{0} -} - -func (x *CredsEntry) GetUid() uint32 { - if x != nil && x.Uid != nil { - return *x.Uid - } - return 0 -} - -func (x *CredsEntry) GetGid() uint32 { - if x != nil && x.Gid != nil { - return *x.Gid - } - return 0 -} - -func (x *CredsEntry) GetEuid() uint32 { - if x != nil && x.Euid != nil { - return *x.Euid - } - return 0 -} - -func (x *CredsEntry) GetEgid() uint32 { - if x != nil && x.Egid != nil { - return *x.Egid - } - return 0 -} - -func (x *CredsEntry) GetSuid() uint32 { - if x != nil && x.Suid != nil { - return *x.Suid - } - return 0 -} - -func (x *CredsEntry) GetSgid() uint32 { - if x != nil && x.Sgid != nil { - return *x.Sgid - } - return 0 -} - -func (x *CredsEntry) GetFsuid() uint32 { - if x != nil && x.Fsuid != nil { - return *x.Fsuid - } - return 0 -} - -func (x *CredsEntry) GetFsgid() uint32 { - if x != nil && x.Fsgid != nil { - return *x.Fsgid - } - return 0 -} - -func (x *CredsEntry) GetCapInh() []uint32 { - if x != nil { - return x.CapInh - } - return nil -} - -func (x *CredsEntry) GetCapPrm() []uint32 { - if x != nil { - return x.CapPrm - } - return nil -} - -func (x *CredsEntry) GetCapEff() []uint32 { - if x != nil { - return x.CapEff - } - return nil -} - -func (x *CredsEntry) GetCapBnd() []uint32 { - if x != nil { - return x.CapBnd - } - return nil -} - -func (x *CredsEntry) GetSecbits() uint32 { - if x != nil && x.Secbits != nil { - return *x.Secbits - } - return 0 -} - -func (x *CredsEntry) GetGroups() []uint32 { - if x != nil { - return x.Groups - } - return nil -} - -func (x *CredsEntry) GetLsmProfile() string { - if x != nil && x.LsmProfile != nil { - return *x.LsmProfile - } - return "" -} - -func (x *CredsEntry) GetLsmSockcreate() string { - if x != nil && x.LsmSockcreate != nil { - return *x.LsmSockcreate - } - return "" -} - -func (x *CredsEntry) GetApparmorData() []byte { - if x != nil { - return x.ApparmorData - } - return nil -} - -var File_creds_proto protoreflect.FileDescriptor - -var file_creds_proto_rawDesc = []byte{ - 0x0a, 0x0b, 0x63, 0x72, 0x65, 0x64, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xb0, 0x03, - 0x0a, 0x0b, 0x63, 0x72, 0x65, 0x64, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, - 0x03, 0x75, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, 0x75, 0x69, 0x64, 0x12, - 0x10, 0x0a, 0x03, 0x67, 0x69, 0x64, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, 0x67, 0x69, - 0x64, 0x12, 0x12, 0x0a, 0x04, 0x65, 0x75, 0x69, 0x64, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, - 0x04, 0x65, 0x75, 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x65, 0x67, 0x69, 0x64, 0x18, 0x04, 0x20, - 0x02, 0x28, 0x0d, 0x52, 0x04, 0x65, 0x67, 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x73, 0x75, 0x69, - 0x64, 0x18, 0x05, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x73, 0x75, 0x69, 0x64, 0x12, 0x12, 0x0a, - 0x04, 0x73, 0x67, 0x69, 0x64, 0x18, 0x06, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x73, 0x67, 0x69, - 0x64, 0x12, 0x14, 0x0a, 0x05, 0x66, 0x73, 0x75, 0x69, 0x64, 0x18, 0x07, 0x20, 0x02, 0x28, 0x0d, - 0x52, 0x05, 0x66, 0x73, 0x75, 0x69, 0x64, 0x12, 0x14, 0x0a, 0x05, 0x66, 0x73, 0x67, 0x69, 0x64, - 0x18, 0x08, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x66, 0x73, 0x67, 0x69, 0x64, 0x12, 0x17, 0x0a, - 0x07, 0x63, 0x61, 0x70, 0x5f, 0x69, 0x6e, 0x68, 0x18, 0x09, 0x20, 0x03, 0x28, 0x0d, 0x52, 0x06, - 0x63, 0x61, 0x70, 0x49, 0x6e, 0x68, 0x12, 0x17, 0x0a, 0x07, 0x63, 0x61, 0x70, 0x5f, 0x70, 0x72, - 0x6d, 0x18, 0x0a, 0x20, 0x03, 0x28, 0x0d, 0x52, 0x06, 0x63, 0x61, 0x70, 0x50, 0x72, 0x6d, 0x12, - 0x17, 0x0a, 0x07, 0x63, 0x61, 0x70, 0x5f, 0x65, 0x66, 0x66, 0x18, 0x0b, 0x20, 0x03, 0x28, 0x0d, - 0x52, 0x06, 0x63, 0x61, 0x70, 0x45, 0x66, 0x66, 0x12, 0x17, 0x0a, 0x07, 0x63, 0x61, 0x70, 0x5f, - 0x62, 0x6e, 0x64, 0x18, 0x0c, 0x20, 0x03, 0x28, 0x0d, 0x52, 0x06, 0x63, 0x61, 0x70, 0x42, 0x6e, - 0x64, 0x12, 0x18, 0x0a, 0x07, 0x73, 0x65, 0x63, 0x62, 0x69, 0x74, 0x73, 0x18, 0x0d, 0x20, 0x02, - 0x28, 0x0d, 0x52, 0x07, 0x73, 0x65, 0x63, 0x62, 0x69, 0x74, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x67, - 0x72, 0x6f, 0x75, 0x70, 0x73, 0x18, 0x0e, 0x20, 0x03, 0x28, 0x0d, 0x52, 0x06, 0x67, 0x72, 0x6f, - 0x75, 0x70, 0x73, 0x12, 0x1f, 0x0a, 0x0b, 0x6c, 0x73, 0x6d, 0x5f, 0x70, 0x72, 0x6f, 0x66, 0x69, - 0x6c, 0x65, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x6c, 0x73, 0x6d, 0x50, 0x72, 0x6f, - 0x66, 0x69, 0x6c, 0x65, 0x12, 0x25, 0x0a, 0x0e, 0x6c, 0x73, 0x6d, 0x5f, 0x73, 0x6f, 0x63, 0x6b, - 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x18, 0x10, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x6c, 0x73, - 0x6d, 0x53, 0x6f, 0x63, 0x6b, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x61, - 0x70, 0x70, 0x61, 0x72, 0x6d, 0x6f, 0x72, 0x5f, 0x64, 0x61, 0x74, 0x61, 0x18, 0x11, 0x20, 0x01, - 0x28, 0x0c, 0x52, 0x0c, 0x61, 0x70, 0x70, 0x61, 0x72, 0x6d, 0x6f, 0x72, 0x44, 0x61, 0x74, 0x61, -} - -var ( - file_creds_proto_rawDescOnce sync.Once - file_creds_proto_rawDescData = file_creds_proto_rawDesc -) - -func file_creds_proto_rawDescGZIP() []byte { - file_creds_proto_rawDescOnce.Do(func() { - file_creds_proto_rawDescData = protoimpl.X.CompressGZIP(file_creds_proto_rawDescData) - }) - return file_creds_proto_rawDescData -} - -var file_creds_proto_msgTypes = make([]protoimpl.MessageInfo, 1) -var file_creds_proto_goTypes = []interface{}{ - (*CredsEntry)(nil), // 0: creds_entry -} -var file_creds_proto_depIdxs = []int32{ - 0, // [0:0] is the sub-list for method output_type - 0, // [0:0] is the sub-list for method input_type - 0, // [0:0] is the sub-list for extension type_name - 0, // [0:0] is the sub-list for extension extendee - 0, // [0:0] is the sub-list for field type_name -} - -func init() { file_creds_proto_init() } -func file_creds_proto_init() { - if File_creds_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_creds_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*CredsEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_creds_proto_rawDesc, - NumEnums: 0, - NumMessages: 1, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_creds_proto_goTypes, - DependencyIndexes: file_creds_proto_depIdxs, - MessageInfos: file_creds_proto_msgTypes, - }.Build() - File_creds_proto = out.File - file_creds_proto_rawDesc = nil - file_creds_proto_goTypes = nil - file_creds_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/creds.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/creds.proto deleted file mode 100644 index 6228f7fcbb7..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/creds.proto +++ /dev/null @@ -1,27 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -message creds_entry { - required uint32 uid = 1; - required uint32 gid = 2; - required uint32 euid = 3; - required uint32 egid = 4; - required uint32 suid = 5; - required uint32 sgid = 6; - required uint32 fsuid = 7; - required uint32 fsgid = 8; - - repeated uint32 cap_inh = 9; - repeated uint32 cap_prm = 10; - repeated uint32 cap_eff = 11; - repeated uint32 cap_bnd = 12; - - required uint32 secbits = 13; - - repeated uint32 groups = 14; - - optional string lsm_profile = 15; - optional string lsm_sockcreate = 16; - optional bytes apparmor_data = 17; -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/criu-core.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/criu-core.pb.go deleted file mode 100644 index cb932042795..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/criu-core.pb.go +++ /dev/null @@ -1,1200 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: criu-core.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -// These match the SECCOMP_MODE_* flags from . -type SeccompMode int32 - -const ( - SeccompMode_disabled SeccompMode = 0 - SeccompMode_strict SeccompMode = 1 - SeccompMode_filter SeccompMode = 2 -) - -// Enum value maps for SeccompMode. -var ( - SeccompMode_name = map[int32]string{ - 0: "disabled", - 1: "strict", - 2: "filter", - } - SeccompMode_value = map[string]int32{ - "disabled": 0, - "strict": 1, - "filter": 2, - } -) - -func (x SeccompMode) Enum() *SeccompMode { - p := new(SeccompMode) - *p = x - return p -} - -func (x SeccompMode) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (SeccompMode) Descriptor() protoreflect.EnumDescriptor { - return file_criu_core_proto_enumTypes[0].Descriptor() -} - -func (SeccompMode) Type() protoreflect.EnumType { - return &file_criu_core_proto_enumTypes[0] -} - -func (x SeccompMode) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Do not use. -func (x *SeccompMode) UnmarshalJSON(b []byte) error { - num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b) - if err != nil { - return err - } - *x = SeccompMode(num) - return nil -} - -// Deprecated: Use SeccompMode.Descriptor instead. -func (SeccompMode) EnumDescriptor() ([]byte, []int) { - return file_criu_core_proto_rawDescGZIP(), []int{0} -} - -type CoreEntryMarch int32 - -const ( - CoreEntry_UNKNOWN CoreEntryMarch = 0 - CoreEntry_X86_64 CoreEntryMarch = 1 - CoreEntry_ARM CoreEntryMarch = 2 - CoreEntry_AARCH64 CoreEntryMarch = 3 - CoreEntry_PPC64 CoreEntryMarch = 4 - CoreEntry_S390 CoreEntryMarch = 5 - CoreEntry_MIPS CoreEntryMarch = 6 -) - -// Enum value maps for CoreEntryMarch. -var ( - CoreEntryMarch_name = map[int32]string{ - 0: "UNKNOWN", - 1: "X86_64", - 2: "ARM", - 3: "AARCH64", - 4: "PPC64", - 5: "S390", - 6: "MIPS", - } - CoreEntryMarch_value = map[string]int32{ - "UNKNOWN": 0, - "X86_64": 1, - "ARM": 2, - "AARCH64": 3, - "PPC64": 4, - "S390": 5, - "MIPS": 6, - } -) - -func (x CoreEntryMarch) Enum() *CoreEntryMarch { - p := new(CoreEntryMarch) - *p = x - return p -} - -func (x CoreEntryMarch) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (CoreEntryMarch) Descriptor() protoreflect.EnumDescriptor { - return file_criu_core_proto_enumTypes[1].Descriptor() -} - -func (CoreEntryMarch) Type() protoreflect.EnumType { - return &file_criu_core_proto_enumTypes[1] -} - -func (x CoreEntryMarch) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Do not use. -func (x *CoreEntryMarch) UnmarshalJSON(b []byte) error { - num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b) - if err != nil { - return err - } - *x = CoreEntryMarch(num) - return nil -} - -// Deprecated: Use CoreEntryMarch.Descriptor instead. -func (CoreEntryMarch) EnumDescriptor() ([]byte, []int) { - return file_criu_core_proto_rawDescGZIP(), []int{5, 0} -} - -type TaskCoreEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - TaskState *uint32 `protobuf:"varint,1,req,name=task_state,json=taskState" json:"task_state,omitempty"` - ExitCode *uint32 `protobuf:"varint,2,req,name=exit_code,json=exitCode" json:"exit_code,omitempty"` - Personality *uint32 `protobuf:"varint,3,req,name=personality" json:"personality,omitempty"` - Flags *uint32 `protobuf:"varint,4,req,name=flags" json:"flags,omitempty"` - BlkSigset *uint64 `protobuf:"varint,5,req,name=blk_sigset,json=blkSigset" json:"blk_sigset,omitempty"` - Comm *string `protobuf:"bytes,6,req,name=comm" json:"comm,omitempty"` - Timers *TaskTimersEntry `protobuf:"bytes,7,opt,name=timers" json:"timers,omitempty"` - Rlimits *TaskRlimitsEntry `protobuf:"bytes,8,opt,name=rlimits" json:"rlimits,omitempty"` - CgSet *uint32 `protobuf:"varint,9,opt,name=cg_set,json=cgSet" json:"cg_set,omitempty"` - SignalsS *SignalQueueEntry `protobuf:"bytes,10,opt,name=signals_s,json=signalsS" json:"signals_s,omitempty"` - // These two are deprecated, should be per-thread - OldSeccompMode *SeccompMode `protobuf:"varint,11,opt,name=old_seccomp_mode,json=oldSeccompMode,enum=SeccompMode" json:"old_seccomp_mode,omitempty"` - OldSeccompFilter *uint32 `protobuf:"varint,12,opt,name=old_seccomp_filter,json=oldSeccompFilter" json:"old_seccomp_filter,omitempty"` - Loginuid *uint32 `protobuf:"varint,13,opt,name=loginuid" json:"loginuid,omitempty"` - OomScoreAdj *int32 `protobuf:"varint,14,opt,name=oom_score_adj,json=oomScoreAdj" json:"oom_score_adj,omitempty"` - Sigactions []*SaEntry `protobuf:"bytes,15,rep,name=sigactions" json:"sigactions,omitempty"` - ChildSubreaper *bool `protobuf:"varint,18,opt,name=child_subreaper,json=childSubreaper" json:"child_subreaper,omitempty"` - // Reserved for container relative start time - // optional uint64 start_time = 19; - BlkSigsetExtended *uint64 `protobuf:"varint,20,opt,name=blk_sigset_extended,json=blkSigsetExtended" json:"blk_sigset_extended,omitempty"` -} - -func (x *TaskCoreEntry) Reset() { - *x = TaskCoreEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_criu_core_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *TaskCoreEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*TaskCoreEntry) ProtoMessage() {} - -func (x *TaskCoreEntry) ProtoReflect() protoreflect.Message { - mi := &file_criu_core_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use TaskCoreEntry.ProtoReflect.Descriptor instead. -func (*TaskCoreEntry) Descriptor() ([]byte, []int) { - return file_criu_core_proto_rawDescGZIP(), []int{0} -} - -func (x *TaskCoreEntry) GetTaskState() uint32 { - if x != nil && x.TaskState != nil { - return *x.TaskState - } - return 0 -} - -func (x *TaskCoreEntry) GetExitCode() uint32 { - if x != nil && x.ExitCode != nil { - return *x.ExitCode - } - return 0 -} - -func (x *TaskCoreEntry) GetPersonality() uint32 { - if x != nil && x.Personality != nil { - return *x.Personality - } - return 0 -} - -func (x *TaskCoreEntry) GetFlags() uint32 { - if x != nil && x.Flags != nil { - return *x.Flags - } - return 0 -} - -func (x *TaskCoreEntry) GetBlkSigset() uint64 { - if x != nil && x.BlkSigset != nil { - return *x.BlkSigset - } - return 0 -} - -func (x *TaskCoreEntry) GetComm() string { - if x != nil && x.Comm != nil { - return *x.Comm - } - return "" -} - -func (x *TaskCoreEntry) GetTimers() *TaskTimersEntry { - if x != nil { - return x.Timers - } - return nil -} - -func (x *TaskCoreEntry) GetRlimits() *TaskRlimitsEntry { - if x != nil { - return x.Rlimits - } - return nil -} - -func (x *TaskCoreEntry) GetCgSet() uint32 { - if x != nil && x.CgSet != nil { - return *x.CgSet - } - return 0 -} - -func (x *TaskCoreEntry) GetSignalsS() *SignalQueueEntry { - if x != nil { - return x.SignalsS - } - return nil -} - -func (x *TaskCoreEntry) GetOldSeccompMode() SeccompMode { - if x != nil && x.OldSeccompMode != nil { - return *x.OldSeccompMode - } - return SeccompMode_disabled -} - -func (x *TaskCoreEntry) GetOldSeccompFilter() uint32 { - if x != nil && x.OldSeccompFilter != nil { - return *x.OldSeccompFilter - } - return 0 -} - -func (x *TaskCoreEntry) GetLoginuid() uint32 { - if x != nil && x.Loginuid != nil { - return *x.Loginuid - } - return 0 -} - -func (x *TaskCoreEntry) GetOomScoreAdj() int32 { - if x != nil && x.OomScoreAdj != nil { - return *x.OomScoreAdj - } - return 0 -} - -func (x *TaskCoreEntry) GetSigactions() []*SaEntry { - if x != nil { - return x.Sigactions - } - return nil -} - -func (x *TaskCoreEntry) GetChildSubreaper() bool { - if x != nil && x.ChildSubreaper != nil { - return *x.ChildSubreaper - } - return false -} - -func (x *TaskCoreEntry) GetBlkSigsetExtended() uint64 { - if x != nil && x.BlkSigsetExtended != nil { - return *x.BlkSigsetExtended - } - return 0 -} - -type TaskKobjIdsEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - VmId *uint32 `protobuf:"varint,1,req,name=vm_id,json=vmId" json:"vm_id,omitempty"` - FilesId *uint32 `protobuf:"varint,2,req,name=files_id,json=filesId" json:"files_id,omitempty"` - FsId *uint32 `protobuf:"varint,3,req,name=fs_id,json=fsId" json:"fs_id,omitempty"` - SighandId *uint32 `protobuf:"varint,4,req,name=sighand_id,json=sighandId" json:"sighand_id,omitempty"` - PidNsId *uint32 `protobuf:"varint,5,opt,name=pid_ns_id,json=pidNsId" json:"pid_ns_id,omitempty"` - NetNsId *uint32 `protobuf:"varint,6,opt,name=net_ns_id,json=netNsId" json:"net_ns_id,omitempty"` - IpcNsId *uint32 `protobuf:"varint,7,opt,name=ipc_ns_id,json=ipcNsId" json:"ipc_ns_id,omitempty"` - UtsNsId *uint32 `protobuf:"varint,8,opt,name=uts_ns_id,json=utsNsId" json:"uts_ns_id,omitempty"` - MntNsId *uint32 `protobuf:"varint,9,opt,name=mnt_ns_id,json=mntNsId" json:"mnt_ns_id,omitempty"` - UserNsId *uint32 `protobuf:"varint,10,opt,name=user_ns_id,json=userNsId" json:"user_ns_id,omitempty"` - CgroupNsId *uint32 `protobuf:"varint,11,opt,name=cgroup_ns_id,json=cgroupNsId" json:"cgroup_ns_id,omitempty"` - TimeNsId *uint32 `protobuf:"varint,12,opt,name=time_ns_id,json=timeNsId" json:"time_ns_id,omitempty"` -} - -func (x *TaskKobjIdsEntry) Reset() { - *x = TaskKobjIdsEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_criu_core_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *TaskKobjIdsEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*TaskKobjIdsEntry) ProtoMessage() {} - -func (x *TaskKobjIdsEntry) ProtoReflect() protoreflect.Message { - mi := &file_criu_core_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use TaskKobjIdsEntry.ProtoReflect.Descriptor instead. -func (*TaskKobjIdsEntry) Descriptor() ([]byte, []int) { - return file_criu_core_proto_rawDescGZIP(), []int{1} -} - -func (x *TaskKobjIdsEntry) GetVmId() uint32 { - if x != nil && x.VmId != nil { - return *x.VmId - } - return 0 -} - -func (x *TaskKobjIdsEntry) GetFilesId() uint32 { - if x != nil && x.FilesId != nil { - return *x.FilesId - } - return 0 -} - -func (x *TaskKobjIdsEntry) GetFsId() uint32 { - if x != nil && x.FsId != nil { - return *x.FsId - } - return 0 -} - -func (x *TaskKobjIdsEntry) GetSighandId() uint32 { - if x != nil && x.SighandId != nil { - return *x.SighandId - } - return 0 -} - -func (x *TaskKobjIdsEntry) GetPidNsId() uint32 { - if x != nil && x.PidNsId != nil { - return *x.PidNsId - } - return 0 -} - -func (x *TaskKobjIdsEntry) GetNetNsId() uint32 { - if x != nil && x.NetNsId != nil { - return *x.NetNsId - } - return 0 -} - -func (x *TaskKobjIdsEntry) GetIpcNsId() uint32 { - if x != nil && x.IpcNsId != nil { - return *x.IpcNsId - } - return 0 -} - -func (x *TaskKobjIdsEntry) GetUtsNsId() uint32 { - if x != nil && x.UtsNsId != nil { - return *x.UtsNsId - } - return 0 -} - -func (x *TaskKobjIdsEntry) GetMntNsId() uint32 { - if x != nil && x.MntNsId != nil { - return *x.MntNsId - } - return 0 -} - -func (x *TaskKobjIdsEntry) GetUserNsId() uint32 { - if x != nil && x.UserNsId != nil { - return *x.UserNsId - } - return 0 -} - -func (x *TaskKobjIdsEntry) GetCgroupNsId() uint32 { - if x != nil && x.CgroupNsId != nil { - return *x.CgroupNsId - } - return 0 -} - -func (x *TaskKobjIdsEntry) GetTimeNsId() uint32 { - if x != nil && x.TimeNsId != nil { - return *x.TimeNsId - } - return 0 -} - -type ThreadSasEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - SsSp *uint64 `protobuf:"varint,1,req,name=ss_sp,json=ssSp" json:"ss_sp,omitempty"` - SsSize *uint64 `protobuf:"varint,2,req,name=ss_size,json=ssSize" json:"ss_size,omitempty"` - SsFlags *uint32 `protobuf:"varint,3,req,name=ss_flags,json=ssFlags" json:"ss_flags,omitempty"` -} - -func (x *ThreadSasEntry) Reset() { - *x = ThreadSasEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_criu_core_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ThreadSasEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ThreadSasEntry) ProtoMessage() {} - -func (x *ThreadSasEntry) ProtoReflect() protoreflect.Message { - mi := &file_criu_core_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ThreadSasEntry.ProtoReflect.Descriptor instead. -func (*ThreadSasEntry) Descriptor() ([]byte, []int) { - return file_criu_core_proto_rawDescGZIP(), []int{2} -} - -func (x *ThreadSasEntry) GetSsSp() uint64 { - if x != nil && x.SsSp != nil { - return *x.SsSp - } - return 0 -} - -func (x *ThreadSasEntry) GetSsSize() uint64 { - if x != nil && x.SsSize != nil { - return *x.SsSize - } - return 0 -} - -func (x *ThreadSasEntry) GetSsFlags() uint32 { - if x != nil && x.SsFlags != nil { - return *x.SsFlags - } - return 0 -} - -type ThreadCoreEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - FutexRla *uint64 `protobuf:"varint,1,req,name=futex_rla,json=futexRla" json:"futex_rla,omitempty"` - FutexRlaLen *uint32 `protobuf:"varint,2,req,name=futex_rla_len,json=futexRlaLen" json:"futex_rla_len,omitempty"` - SchedNice *int32 `protobuf:"zigzag32,3,opt,name=sched_nice,json=schedNice" json:"sched_nice,omitempty"` - SchedPolicy *uint32 `protobuf:"varint,4,opt,name=sched_policy,json=schedPolicy" json:"sched_policy,omitempty"` - SchedPrio *uint32 `protobuf:"varint,5,opt,name=sched_prio,json=schedPrio" json:"sched_prio,omitempty"` - BlkSigset *uint64 `protobuf:"varint,6,opt,name=blk_sigset,json=blkSigset" json:"blk_sigset,omitempty"` - Sas *ThreadSasEntry `protobuf:"bytes,7,opt,name=sas" json:"sas,omitempty"` - PdeathSig *uint32 `protobuf:"varint,8,opt,name=pdeath_sig,json=pdeathSig" json:"pdeath_sig,omitempty"` - SignalsP *SignalQueueEntry `protobuf:"bytes,9,opt,name=signals_p,json=signalsP" json:"signals_p,omitempty"` - Creds *CredsEntry `protobuf:"bytes,10,opt,name=creds" json:"creds,omitempty"` - SeccompMode *SeccompMode `protobuf:"varint,11,opt,name=seccomp_mode,json=seccompMode,enum=SeccompMode" json:"seccomp_mode,omitempty"` - SeccompFilter *uint32 `protobuf:"varint,12,opt,name=seccomp_filter,json=seccompFilter" json:"seccomp_filter,omitempty"` - Comm *string `protobuf:"bytes,13,opt,name=comm" json:"comm,omitempty"` - BlkSigsetExtended *uint64 `protobuf:"varint,14,opt,name=blk_sigset_extended,json=blkSigsetExtended" json:"blk_sigset_extended,omitempty"` - RseqEntry *RseqEntry `protobuf:"bytes,15,opt,name=rseq_entry,json=rseqEntry" json:"rseq_entry,omitempty"` -} - -func (x *ThreadCoreEntry) Reset() { - *x = ThreadCoreEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_criu_core_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ThreadCoreEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ThreadCoreEntry) ProtoMessage() {} - -func (x *ThreadCoreEntry) ProtoReflect() protoreflect.Message { - mi := &file_criu_core_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ThreadCoreEntry.ProtoReflect.Descriptor instead. -func (*ThreadCoreEntry) Descriptor() ([]byte, []int) { - return file_criu_core_proto_rawDescGZIP(), []int{3} -} - -func (x *ThreadCoreEntry) GetFutexRla() uint64 { - if x != nil && x.FutexRla != nil { - return *x.FutexRla - } - return 0 -} - -func (x *ThreadCoreEntry) GetFutexRlaLen() uint32 { - if x != nil && x.FutexRlaLen != nil { - return *x.FutexRlaLen - } - return 0 -} - -func (x *ThreadCoreEntry) GetSchedNice() int32 { - if x != nil && x.SchedNice != nil { - return *x.SchedNice - } - return 0 -} - -func (x *ThreadCoreEntry) GetSchedPolicy() uint32 { - if x != nil && x.SchedPolicy != nil { - return *x.SchedPolicy - } - return 0 -} - -func (x *ThreadCoreEntry) GetSchedPrio() uint32 { - if x != nil && x.SchedPrio != nil { - return *x.SchedPrio - } - return 0 -} - -func (x *ThreadCoreEntry) GetBlkSigset() uint64 { - if x != nil && x.BlkSigset != nil { - return *x.BlkSigset - } - return 0 -} - -func (x *ThreadCoreEntry) GetSas() *ThreadSasEntry { - if x != nil { - return x.Sas - } - return nil -} - -func (x *ThreadCoreEntry) GetPdeathSig() uint32 { - if x != nil && x.PdeathSig != nil { - return *x.PdeathSig - } - return 0 -} - -func (x *ThreadCoreEntry) GetSignalsP() *SignalQueueEntry { - if x != nil { - return x.SignalsP - } - return nil -} - -func (x *ThreadCoreEntry) GetCreds() *CredsEntry { - if x != nil { - return x.Creds - } - return nil -} - -func (x *ThreadCoreEntry) GetSeccompMode() SeccompMode { - if x != nil && x.SeccompMode != nil { - return *x.SeccompMode - } - return SeccompMode_disabled -} - -func (x *ThreadCoreEntry) GetSeccompFilter() uint32 { - if x != nil && x.SeccompFilter != nil { - return *x.SeccompFilter - } - return 0 -} - -func (x *ThreadCoreEntry) GetComm() string { - if x != nil && x.Comm != nil { - return *x.Comm - } - return "" -} - -func (x *ThreadCoreEntry) GetBlkSigsetExtended() uint64 { - if x != nil && x.BlkSigsetExtended != nil { - return *x.BlkSigsetExtended - } - return 0 -} - -func (x *ThreadCoreEntry) GetRseqEntry() *RseqEntry { - if x != nil { - return x.RseqEntry - } - return nil -} - -type TaskRlimitsEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Rlimits []*RlimitEntry `protobuf:"bytes,1,rep,name=rlimits" json:"rlimits,omitempty"` -} - -func (x *TaskRlimitsEntry) Reset() { - *x = TaskRlimitsEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_criu_core_proto_msgTypes[4] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *TaskRlimitsEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*TaskRlimitsEntry) ProtoMessage() {} - -func (x *TaskRlimitsEntry) ProtoReflect() protoreflect.Message { - mi := &file_criu_core_proto_msgTypes[4] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use TaskRlimitsEntry.ProtoReflect.Descriptor instead. -func (*TaskRlimitsEntry) Descriptor() ([]byte, []int) { - return file_criu_core_proto_rawDescGZIP(), []int{4} -} - -func (x *TaskRlimitsEntry) GetRlimits() []*RlimitEntry { - if x != nil { - return x.Rlimits - } - return nil -} - -type CoreEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Mtype *CoreEntryMarch `protobuf:"varint,1,req,name=mtype,enum=CoreEntryMarch" json:"mtype,omitempty"` - ThreadInfo *ThreadInfoX86 `protobuf:"bytes,2,opt,name=thread_info,json=threadInfo" json:"thread_info,omitempty"` - TiArm *ThreadInfoArm `protobuf:"bytes,6,opt,name=ti_arm,json=tiArm" json:"ti_arm,omitempty"` - TiAarch64 *ThreadInfoAarch64 `protobuf:"bytes,8,opt,name=ti_aarch64,json=tiAarch64" json:"ti_aarch64,omitempty"` - TiPpc64 *ThreadInfoPpc64 `protobuf:"bytes,9,opt,name=ti_ppc64,json=tiPpc64" json:"ti_ppc64,omitempty"` - TiS390 *ThreadInfoS390 `protobuf:"bytes,10,opt,name=ti_s390,json=tiS390" json:"ti_s390,omitempty"` - TiMips *ThreadInfoMips `protobuf:"bytes,11,opt,name=ti_mips,json=tiMips" json:"ti_mips,omitempty"` - Tc *TaskCoreEntry `protobuf:"bytes,3,opt,name=tc" json:"tc,omitempty"` - Ids *TaskKobjIdsEntry `protobuf:"bytes,4,opt,name=ids" json:"ids,omitempty"` - ThreadCore *ThreadCoreEntry `protobuf:"bytes,5,opt,name=thread_core,json=threadCore" json:"thread_core,omitempty"` -} - -func (x *CoreEntry) Reset() { - *x = CoreEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_criu_core_proto_msgTypes[5] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *CoreEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*CoreEntry) ProtoMessage() {} - -func (x *CoreEntry) ProtoReflect() protoreflect.Message { - mi := &file_criu_core_proto_msgTypes[5] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use CoreEntry.ProtoReflect.Descriptor instead. -func (*CoreEntry) Descriptor() ([]byte, []int) { - return file_criu_core_proto_rawDescGZIP(), []int{5} -} - -func (x *CoreEntry) GetMtype() CoreEntryMarch { - if x != nil && x.Mtype != nil { - return *x.Mtype - } - return CoreEntry_UNKNOWN -} - -func (x *CoreEntry) GetThreadInfo() *ThreadInfoX86 { - if x != nil { - return x.ThreadInfo - } - return nil -} - -func (x *CoreEntry) GetTiArm() *ThreadInfoArm { - if x != nil { - return x.TiArm - } - return nil -} - -func (x *CoreEntry) GetTiAarch64() *ThreadInfoAarch64 { - if x != nil { - return x.TiAarch64 - } - return nil -} - -func (x *CoreEntry) GetTiPpc64() *ThreadInfoPpc64 { - if x != nil { - return x.TiPpc64 - } - return nil -} - -func (x *CoreEntry) GetTiS390() *ThreadInfoS390 { - if x != nil { - return x.TiS390 - } - return nil -} - -func (x *CoreEntry) GetTiMips() *ThreadInfoMips { - if x != nil { - return x.TiMips - } - return nil -} - -func (x *CoreEntry) GetTc() *TaskCoreEntry { - if x != nil { - return x.Tc - } - return nil -} - -func (x *CoreEntry) GetIds() *TaskKobjIdsEntry { - if x != nil { - return x.Ids - } - return nil -} - -func (x *CoreEntry) GetThreadCore() *ThreadCoreEntry { - if x != nil { - return x.ThreadCore - } - return nil -} - -var File_criu_core_proto protoreflect.FileDescriptor - -var file_criu_core_proto_rawDesc = []byte{ - 0x0a, 0x0f, 0x63, 0x72, 0x69, 0x75, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x1a, 0x0e, 0x63, 0x6f, 0x72, 0x65, 0x2d, 0x78, 0x38, 0x36, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x1a, 0x0e, 0x63, 0x6f, 0x72, 0x65, 0x2d, 0x61, 0x72, 0x6d, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x1a, 0x12, 0x63, 0x6f, 0x72, 0x65, 0x2d, 0x61, 0x61, 0x72, 0x63, 0x68, 0x36, 0x34, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x10, 0x63, 0x6f, 0x72, 0x65, 0x2d, 0x70, 0x70, 0x63, 0x36, - 0x34, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0f, 0x63, 0x6f, 0x72, 0x65, 0x2d, 0x73, 0x33, - 0x39, 0x30, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0f, 0x63, 0x6f, 0x72, 0x65, 0x2d, 0x6d, - 0x69, 0x70, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0c, 0x72, 0x6c, 0x69, 0x6d, 0x69, - 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0b, 0x74, 0x69, 0x6d, 0x65, 0x72, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0b, 0x63, 0x72, 0x65, 0x64, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x1a, 0x0d, 0x63, 0x72, 0x69, 0x75, 0x2d, 0x73, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x1a, 0x0d, 0x73, 0x69, 0x67, 0x69, 0x6e, 0x66, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, - 0x0a, 0x72, 0x73, 0x65, 0x71, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x6f, 0x70, 0x74, - 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x9f, 0x05, 0x0a, 0x0f, 0x74, 0x61, 0x73, 0x6b, - 0x5f, 0x63, 0x6f, 0x72, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x27, 0x0a, 0x0a, 0x74, - 0x61, 0x73, 0x6b, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x42, - 0x08, 0xd2, 0x3f, 0x05, 0x32, 0x03, 0x67, 0x65, 0x6e, 0x52, 0x09, 0x74, 0x61, 0x73, 0x6b, 0x53, - 0x74, 0x61, 0x74, 0x65, 0x12, 0x1b, 0x0a, 0x09, 0x65, 0x78, 0x69, 0x74, 0x5f, 0x63, 0x6f, 0x64, - 0x65, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x08, 0x65, 0x78, 0x69, 0x74, 0x43, 0x6f, 0x64, - 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x70, 0x65, 0x72, 0x73, 0x6f, 0x6e, 0x61, 0x6c, 0x69, 0x74, 0x79, - 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x0b, 0x70, 0x65, 0x72, 0x73, 0x6f, 0x6e, 0x61, 0x6c, - 0x69, 0x74, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x04, 0x20, 0x02, - 0x28, 0x0d, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x24, 0x0a, 0x0a, 0x62, 0x6c, 0x6b, - 0x5f, 0x73, 0x69, 0x67, 0x73, 0x65, 0x74, 0x18, 0x05, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, - 0x3f, 0x02, 0x08, 0x01, 0x52, 0x09, 0x62, 0x6c, 0x6b, 0x53, 0x69, 0x67, 0x73, 0x65, 0x74, 0x12, - 0x12, 0x0a, 0x04, 0x63, 0x6f, 0x6d, 0x6d, 0x18, 0x06, 0x20, 0x02, 0x28, 0x09, 0x52, 0x04, 0x63, - 0x6f, 0x6d, 0x6d, 0x12, 0x2a, 0x0a, 0x06, 0x74, 0x69, 0x6d, 0x65, 0x72, 0x73, 0x18, 0x07, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x74, 0x61, 0x73, 0x6b, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x72, - 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x06, 0x74, 0x69, 0x6d, 0x65, 0x72, 0x73, 0x12, - 0x2d, 0x0a, 0x07, 0x72, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x13, 0x2e, 0x74, 0x61, 0x73, 0x6b, 0x5f, 0x72, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x5f, - 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x72, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x12, 0x15, - 0x0a, 0x06, 0x63, 0x67, 0x5f, 0x73, 0x65, 0x74, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x05, - 0x63, 0x67, 0x53, 0x65, 0x74, 0x12, 0x30, 0x0a, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x6c, 0x73, - 0x5f, 0x73, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x73, 0x69, 0x67, 0x6e, 0x61, - 0x6c, 0x5f, 0x71, 0x75, 0x65, 0x75, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x08, 0x73, - 0x69, 0x67, 0x6e, 0x61, 0x6c, 0x73, 0x53, 0x12, 0x37, 0x0a, 0x10, 0x6f, 0x6c, 0x64, 0x5f, 0x73, - 0x65, 0x63, 0x63, 0x6f, 0x6d, 0x70, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x0b, 0x20, 0x01, 0x28, - 0x0e, 0x32, 0x0d, 0x2e, 0x73, 0x65, 0x63, 0x63, 0x6f, 0x6d, 0x70, 0x5f, 0x6d, 0x6f, 0x64, 0x65, - 0x52, 0x0e, 0x6f, 0x6c, 0x64, 0x53, 0x65, 0x63, 0x63, 0x6f, 0x6d, 0x70, 0x4d, 0x6f, 0x64, 0x65, - 0x12, 0x2c, 0x0a, 0x12, 0x6f, 0x6c, 0x64, 0x5f, 0x73, 0x65, 0x63, 0x63, 0x6f, 0x6d, 0x70, 0x5f, - 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x10, 0x6f, 0x6c, - 0x64, 0x53, 0x65, 0x63, 0x63, 0x6f, 0x6d, 0x70, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x12, 0x1a, - 0x0a, 0x08, 0x6c, 0x6f, 0x67, 0x69, 0x6e, 0x75, 0x69, 0x64, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x0d, - 0x52, 0x08, 0x6c, 0x6f, 0x67, 0x69, 0x6e, 0x75, 0x69, 0x64, 0x12, 0x22, 0x0a, 0x0d, 0x6f, 0x6f, - 0x6d, 0x5f, 0x73, 0x63, 0x6f, 0x72, 0x65, 0x5f, 0x61, 0x64, 0x6a, 0x18, 0x0e, 0x20, 0x01, 0x28, - 0x05, 0x52, 0x0b, 0x6f, 0x6f, 0x6d, 0x53, 0x63, 0x6f, 0x72, 0x65, 0x41, 0x64, 0x6a, 0x12, 0x29, - 0x0a, 0x0a, 0x73, 0x69, 0x67, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x0f, 0x20, 0x03, - 0x28, 0x0b, 0x32, 0x09, 0x2e, 0x73, 0x61, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0a, 0x73, - 0x69, 0x67, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x27, 0x0a, 0x0f, 0x63, 0x68, 0x69, - 0x6c, 0x64, 0x5f, 0x73, 0x75, 0x62, 0x72, 0x65, 0x61, 0x70, 0x65, 0x72, 0x18, 0x12, 0x20, 0x01, - 0x28, 0x08, 0x52, 0x0e, 0x63, 0x68, 0x69, 0x6c, 0x64, 0x53, 0x75, 0x62, 0x72, 0x65, 0x61, 0x70, - 0x65, 0x72, 0x12, 0x35, 0x0a, 0x13, 0x62, 0x6c, 0x6b, 0x5f, 0x73, 0x69, 0x67, 0x73, 0x65, 0x74, - 0x5f, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x64, 0x65, 0x64, 0x18, 0x14, 0x20, 0x01, 0x28, 0x04, 0x42, - 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x11, 0x62, 0x6c, 0x6b, 0x53, 0x69, 0x67, 0x73, 0x65, - 0x74, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x64, 0x65, 0x64, 0x22, 0xe3, 0x02, 0x0a, 0x13, 0x74, 0x61, - 0x73, 0x6b, 0x5f, 0x6b, 0x6f, 0x62, 0x6a, 0x5f, 0x69, 0x64, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, - 0x79, 0x12, 0x13, 0x0a, 0x05, 0x76, 0x6d, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, - 0x52, 0x04, 0x76, 0x6d, 0x49, 0x64, 0x12, 0x19, 0x0a, 0x08, 0x66, 0x69, 0x6c, 0x65, 0x73, 0x5f, - 0x69, 0x64, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x66, 0x69, 0x6c, 0x65, 0x73, 0x49, - 0x64, 0x12, 0x13, 0x0a, 0x05, 0x66, 0x73, 0x5f, 0x69, 0x64, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, - 0x52, 0x04, 0x66, 0x73, 0x49, 0x64, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x69, 0x67, 0x68, 0x61, 0x6e, - 0x64, 0x5f, 0x69, 0x64, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x09, 0x73, 0x69, 0x67, 0x68, - 0x61, 0x6e, 0x64, 0x49, 0x64, 0x12, 0x1a, 0x0a, 0x09, 0x70, 0x69, 0x64, 0x5f, 0x6e, 0x73, 0x5f, - 0x69, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x07, 0x70, 0x69, 0x64, 0x4e, 0x73, 0x49, - 0x64, 0x12, 0x1a, 0x0a, 0x09, 0x6e, 0x65, 0x74, 0x5f, 0x6e, 0x73, 0x5f, 0x69, 0x64, 0x18, 0x06, - 0x20, 0x01, 0x28, 0x0d, 0x52, 0x07, 0x6e, 0x65, 0x74, 0x4e, 0x73, 0x49, 0x64, 0x12, 0x1a, 0x0a, - 0x09, 0x69, 0x70, 0x63, 0x5f, 0x6e, 0x73, 0x5f, 0x69, 0x64, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0d, - 0x52, 0x07, 0x69, 0x70, 0x63, 0x4e, 0x73, 0x49, 0x64, 0x12, 0x1a, 0x0a, 0x09, 0x75, 0x74, 0x73, - 0x5f, 0x6e, 0x73, 0x5f, 0x69, 0x64, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x07, 0x75, 0x74, - 0x73, 0x4e, 0x73, 0x49, 0x64, 0x12, 0x1a, 0x0a, 0x09, 0x6d, 0x6e, 0x74, 0x5f, 0x6e, 0x73, 0x5f, - 0x69, 0x64, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x07, 0x6d, 0x6e, 0x74, 0x4e, 0x73, 0x49, - 0x64, 0x12, 0x1c, 0x0a, 0x0a, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x6e, 0x73, 0x5f, 0x69, 0x64, 0x18, - 0x0a, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x08, 0x75, 0x73, 0x65, 0x72, 0x4e, 0x73, 0x49, 0x64, 0x12, - 0x20, 0x0a, 0x0c, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x6e, 0x73, 0x5f, 0x69, 0x64, 0x18, - 0x0b, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0a, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x4e, 0x73, 0x49, - 0x64, 0x12, 0x1c, 0x0a, 0x0a, 0x74, 0x69, 0x6d, 0x65, 0x5f, 0x6e, 0x73, 0x5f, 0x69, 0x64, 0x18, - 0x0c, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x08, 0x74, 0x69, 0x6d, 0x65, 0x4e, 0x73, 0x49, 0x64, 0x22, - 0x5b, 0x0a, 0x10, 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x73, 0x61, 0x73, 0x5f, 0x65, 0x6e, - 0x74, 0x72, 0x79, 0x12, 0x13, 0x0a, 0x05, 0x73, 0x73, 0x5f, 0x73, 0x70, 0x18, 0x01, 0x20, 0x02, - 0x28, 0x04, 0x52, 0x04, 0x73, 0x73, 0x53, 0x70, 0x12, 0x17, 0x0a, 0x07, 0x73, 0x73, 0x5f, 0x73, - 0x69, 0x7a, 0x65, 0x18, 0x02, 0x20, 0x02, 0x28, 0x04, 0x52, 0x06, 0x73, 0x73, 0x53, 0x69, 0x7a, - 0x65, 0x12, 0x19, 0x0a, 0x08, 0x73, 0x73, 0x5f, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x03, 0x20, - 0x02, 0x28, 0x0d, 0x52, 0x07, 0x73, 0x73, 0x46, 0x6c, 0x61, 0x67, 0x73, 0x22, 0xb7, 0x04, 0x0a, - 0x11, 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x63, 0x6f, 0x72, 0x65, 0x5f, 0x65, 0x6e, 0x74, - 0x72, 0x79, 0x12, 0x1b, 0x0a, 0x09, 0x66, 0x75, 0x74, 0x65, 0x78, 0x5f, 0x72, 0x6c, 0x61, 0x18, - 0x01, 0x20, 0x02, 0x28, 0x04, 0x52, 0x08, 0x66, 0x75, 0x74, 0x65, 0x78, 0x52, 0x6c, 0x61, 0x12, - 0x22, 0x0a, 0x0d, 0x66, 0x75, 0x74, 0x65, 0x78, 0x5f, 0x72, 0x6c, 0x61, 0x5f, 0x6c, 0x65, 0x6e, - 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x0b, 0x66, 0x75, 0x74, 0x65, 0x78, 0x52, 0x6c, 0x61, - 0x4c, 0x65, 0x6e, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x63, 0x68, 0x65, 0x64, 0x5f, 0x6e, 0x69, 0x63, - 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x11, 0x52, 0x09, 0x73, 0x63, 0x68, 0x65, 0x64, 0x4e, 0x69, - 0x63, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x63, 0x68, 0x65, 0x64, 0x5f, 0x70, 0x6f, 0x6c, 0x69, - 0x63, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0b, 0x73, 0x63, 0x68, 0x65, 0x64, 0x50, - 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x63, 0x68, 0x65, 0x64, 0x5f, 0x70, - 0x72, 0x69, 0x6f, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x09, 0x73, 0x63, 0x68, 0x65, 0x64, - 0x50, 0x72, 0x69, 0x6f, 0x12, 0x1d, 0x0a, 0x0a, 0x62, 0x6c, 0x6b, 0x5f, 0x73, 0x69, 0x67, 0x73, - 0x65, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x04, 0x52, 0x09, 0x62, 0x6c, 0x6b, 0x53, 0x69, 0x67, - 0x73, 0x65, 0x74, 0x12, 0x23, 0x0a, 0x03, 0x73, 0x61, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x11, 0x2e, 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x73, 0x61, 0x73, 0x5f, 0x65, 0x6e, - 0x74, 0x72, 0x79, 0x52, 0x03, 0x73, 0x61, 0x73, 0x12, 0x1d, 0x0a, 0x0a, 0x70, 0x64, 0x65, 0x61, - 0x74, 0x68, 0x5f, 0x73, 0x69, 0x67, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x09, 0x70, 0x64, - 0x65, 0x61, 0x74, 0x68, 0x53, 0x69, 0x67, 0x12, 0x30, 0x0a, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, - 0x6c, 0x73, 0x5f, 0x70, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x73, 0x69, 0x67, - 0x6e, 0x61, 0x6c, 0x5f, 0x71, 0x75, 0x65, 0x75, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, - 0x08, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x6c, 0x73, 0x50, 0x12, 0x22, 0x0a, 0x05, 0x63, 0x72, 0x65, - 0x64, 0x73, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0c, 0x2e, 0x63, 0x72, 0x65, 0x64, 0x73, - 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x05, 0x63, 0x72, 0x65, 0x64, 0x73, 0x12, 0x30, 0x0a, - 0x0c, 0x73, 0x65, 0x63, 0x63, 0x6f, 0x6d, 0x70, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x0b, 0x20, - 0x01, 0x28, 0x0e, 0x32, 0x0d, 0x2e, 0x73, 0x65, 0x63, 0x63, 0x6f, 0x6d, 0x70, 0x5f, 0x6d, 0x6f, - 0x64, 0x65, 0x52, 0x0b, 0x73, 0x65, 0x63, 0x63, 0x6f, 0x6d, 0x70, 0x4d, 0x6f, 0x64, 0x65, 0x12, - 0x25, 0x0a, 0x0e, 0x73, 0x65, 0x63, 0x63, 0x6f, 0x6d, 0x70, 0x5f, 0x66, 0x69, 0x6c, 0x74, 0x65, - 0x72, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0d, 0x73, 0x65, 0x63, 0x63, 0x6f, 0x6d, 0x70, - 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x63, 0x6f, 0x6d, 0x6d, 0x18, 0x0d, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x63, 0x6f, 0x6d, 0x6d, 0x12, 0x2e, 0x0a, 0x13, 0x62, 0x6c, - 0x6b, 0x5f, 0x73, 0x69, 0x67, 0x73, 0x65, 0x74, 0x5f, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x64, 0x65, - 0x64, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x04, 0x52, 0x11, 0x62, 0x6c, 0x6b, 0x53, 0x69, 0x67, 0x73, - 0x65, 0x74, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x64, 0x65, 0x64, 0x12, 0x2a, 0x0a, 0x0a, 0x72, 0x73, - 0x65, 0x71, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0b, - 0x2e, 0x72, 0x73, 0x65, 0x71, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x09, 0x72, 0x73, 0x65, - 0x71, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x22, 0x3d, 0x0a, 0x12, 0x74, 0x61, 0x73, 0x6b, 0x5f, 0x72, - 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x27, 0x0a, 0x07, - 0x72, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0d, 0x2e, - 0x72, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x72, 0x6c, - 0x69, 0x6d, 0x69, 0x74, 0x73, 0x22, 0xa3, 0x04, 0x0a, 0x0a, 0x63, 0x6f, 0x72, 0x65, 0x5f, 0x65, - 0x6e, 0x74, 0x72, 0x79, 0x12, 0x27, 0x0a, 0x05, 0x6d, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, - 0x02, 0x28, 0x0e, 0x32, 0x11, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, - 0x2e, 0x6d, 0x61, 0x72, 0x63, 0x68, 0x52, 0x05, 0x6d, 0x74, 0x79, 0x70, 0x65, 0x12, 0x31, 0x0a, - 0x0b, 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x69, 0x6e, 0x66, 0x6f, - 0x5f, 0x78, 0x38, 0x36, 0x52, 0x0a, 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x49, 0x6e, 0x66, 0x6f, - 0x12, 0x27, 0x0a, 0x06, 0x74, 0x69, 0x5f, 0x61, 0x72, 0x6d, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x10, 0x2e, 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x61, - 0x72, 0x6d, 0x52, 0x05, 0x74, 0x69, 0x41, 0x72, 0x6d, 0x12, 0x33, 0x0a, 0x0a, 0x74, 0x69, 0x5f, - 0x61, 0x61, 0x72, 0x63, 0x68, 0x36, 0x34, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, - 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x61, 0x61, 0x72, 0x63, - 0x68, 0x36, 0x34, 0x52, 0x09, 0x74, 0x69, 0x41, 0x61, 0x72, 0x63, 0x68, 0x36, 0x34, 0x12, 0x2d, - 0x0a, 0x08, 0x74, 0x69, 0x5f, 0x70, 0x70, 0x63, 0x36, 0x34, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x12, 0x2e, 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x70, - 0x70, 0x63, 0x36, 0x34, 0x52, 0x07, 0x74, 0x69, 0x50, 0x70, 0x63, 0x36, 0x34, 0x12, 0x2a, 0x0a, - 0x07, 0x74, 0x69, 0x5f, 0x73, 0x33, 0x39, 0x30, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x11, - 0x2e, 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x73, 0x33, 0x39, - 0x30, 0x52, 0x06, 0x74, 0x69, 0x53, 0x33, 0x39, 0x30, 0x12, 0x2a, 0x0a, 0x07, 0x74, 0x69, 0x5f, - 0x6d, 0x69, 0x70, 0x73, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x74, 0x68, 0x72, - 0x65, 0x61, 0x64, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x6d, 0x69, 0x70, 0x73, 0x52, 0x06, 0x74, - 0x69, 0x4d, 0x69, 0x70, 0x73, 0x12, 0x20, 0x0a, 0x02, 0x74, 0x63, 0x18, 0x03, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x10, 0x2e, 0x74, 0x61, 0x73, 0x6b, 0x5f, 0x63, 0x6f, 0x72, 0x65, 0x5f, 0x65, 0x6e, - 0x74, 0x72, 0x79, 0x52, 0x02, 0x74, 0x63, 0x12, 0x26, 0x0a, 0x03, 0x69, 0x64, 0x73, 0x18, 0x04, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x74, 0x61, 0x73, 0x6b, 0x5f, 0x6b, 0x6f, 0x62, 0x6a, - 0x5f, 0x69, 0x64, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x69, 0x64, 0x73, 0x12, - 0x33, 0x0a, 0x0b, 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x63, 0x6f, 0x72, 0x65, 0x18, 0x05, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x63, 0x6f, - 0x72, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0a, 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, - 0x43, 0x6f, 0x72, 0x65, 0x22, 0x55, 0x0a, 0x05, 0x6d, 0x61, 0x72, 0x63, 0x68, 0x12, 0x0b, 0x0a, - 0x07, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x58, 0x38, - 0x36, 0x5f, 0x36, 0x34, 0x10, 0x01, 0x12, 0x07, 0x0a, 0x03, 0x41, 0x52, 0x4d, 0x10, 0x02, 0x12, - 0x0b, 0x0a, 0x07, 0x41, 0x41, 0x52, 0x43, 0x48, 0x36, 0x34, 0x10, 0x03, 0x12, 0x09, 0x0a, 0x05, - 0x50, 0x50, 0x43, 0x36, 0x34, 0x10, 0x04, 0x12, 0x08, 0x0a, 0x04, 0x53, 0x33, 0x39, 0x30, 0x10, - 0x05, 0x12, 0x08, 0x0a, 0x04, 0x4d, 0x49, 0x50, 0x53, 0x10, 0x06, 0x2a, 0x34, 0x0a, 0x0c, 0x73, - 0x65, 0x63, 0x63, 0x6f, 0x6d, 0x70, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x0c, 0x0a, 0x08, 0x64, - 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x73, 0x74, 0x72, - 0x69, 0x63, 0x74, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x10, - 0x02, -} - -var ( - file_criu_core_proto_rawDescOnce sync.Once - file_criu_core_proto_rawDescData = file_criu_core_proto_rawDesc -) - -func file_criu_core_proto_rawDescGZIP() []byte { - file_criu_core_proto_rawDescOnce.Do(func() { - file_criu_core_proto_rawDescData = protoimpl.X.CompressGZIP(file_criu_core_proto_rawDescData) - }) - return file_criu_core_proto_rawDescData -} - -var file_criu_core_proto_enumTypes = make([]protoimpl.EnumInfo, 2) -var file_criu_core_proto_msgTypes = make([]protoimpl.MessageInfo, 6) -var file_criu_core_proto_goTypes = []interface{}{ - (SeccompMode)(0), // 0: seccomp_mode - (CoreEntryMarch)(0), // 1: core_entry.march - (*TaskCoreEntry)(nil), // 2: task_core_entry - (*TaskKobjIdsEntry)(nil), // 3: task_kobj_ids_entry - (*ThreadSasEntry)(nil), // 4: thread_sas_entry - (*ThreadCoreEntry)(nil), // 5: thread_core_entry - (*TaskRlimitsEntry)(nil), // 6: task_rlimits_entry - (*CoreEntry)(nil), // 7: core_entry - (*TaskTimersEntry)(nil), // 8: task_timers_entry - (*SignalQueueEntry)(nil), // 9: signal_queue_entry - (*SaEntry)(nil), // 10: sa_entry - (*CredsEntry)(nil), // 11: creds_entry - (*RseqEntry)(nil), // 12: rseq_entry - (*RlimitEntry)(nil), // 13: rlimit_entry - (*ThreadInfoX86)(nil), // 14: thread_info_x86 - (*ThreadInfoArm)(nil), // 15: thread_info_arm - (*ThreadInfoAarch64)(nil), // 16: thread_info_aarch64 - (*ThreadInfoPpc64)(nil), // 17: thread_info_ppc64 - (*ThreadInfoS390)(nil), // 18: thread_info_s390 - (*ThreadInfoMips)(nil), // 19: thread_info_mips -} -var file_criu_core_proto_depIdxs = []int32{ - 8, // 0: task_core_entry.timers:type_name -> task_timers_entry - 6, // 1: task_core_entry.rlimits:type_name -> task_rlimits_entry - 9, // 2: task_core_entry.signals_s:type_name -> signal_queue_entry - 0, // 3: task_core_entry.old_seccomp_mode:type_name -> seccomp_mode - 10, // 4: task_core_entry.sigactions:type_name -> sa_entry - 4, // 5: thread_core_entry.sas:type_name -> thread_sas_entry - 9, // 6: thread_core_entry.signals_p:type_name -> signal_queue_entry - 11, // 7: thread_core_entry.creds:type_name -> creds_entry - 0, // 8: thread_core_entry.seccomp_mode:type_name -> seccomp_mode - 12, // 9: thread_core_entry.rseq_entry:type_name -> rseq_entry - 13, // 10: task_rlimits_entry.rlimits:type_name -> rlimit_entry - 1, // 11: core_entry.mtype:type_name -> core_entry.march - 14, // 12: core_entry.thread_info:type_name -> thread_info_x86 - 15, // 13: core_entry.ti_arm:type_name -> thread_info_arm - 16, // 14: core_entry.ti_aarch64:type_name -> thread_info_aarch64 - 17, // 15: core_entry.ti_ppc64:type_name -> thread_info_ppc64 - 18, // 16: core_entry.ti_s390:type_name -> thread_info_s390 - 19, // 17: core_entry.ti_mips:type_name -> thread_info_mips - 2, // 18: core_entry.tc:type_name -> task_core_entry - 3, // 19: core_entry.ids:type_name -> task_kobj_ids_entry - 5, // 20: core_entry.thread_core:type_name -> thread_core_entry - 21, // [21:21] is the sub-list for method output_type - 21, // [21:21] is the sub-list for method input_type - 21, // [21:21] is the sub-list for extension type_name - 21, // [21:21] is the sub-list for extension extendee - 0, // [0:21] is the sub-list for field type_name -} - -func init() { file_criu_core_proto_init() } -func file_criu_core_proto_init() { - if File_criu_core_proto != nil { - return - } - file_core_x86_proto_init() - file_core_arm_proto_init() - file_core_aarch64_proto_init() - file_core_ppc64_proto_init() - file_core_s390_proto_init() - file_core_mips_proto_init() - file_rlimit_proto_init() - file_timer_proto_init() - file_creds_proto_init() - file_criu_sa_proto_init() - file_siginfo_proto_init() - file_rseq_proto_init() - file_opts_proto_init() - if !protoimpl.UnsafeEnabled { - file_criu_core_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*TaskCoreEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_criu_core_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*TaskKobjIdsEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_criu_core_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ThreadSasEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_criu_core_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ThreadCoreEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_criu_core_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*TaskRlimitsEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_criu_core_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*CoreEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_criu_core_proto_rawDesc, - NumEnums: 2, - NumMessages: 6, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_criu_core_proto_goTypes, - DependencyIndexes: file_criu_core_proto_depIdxs, - EnumInfos: file_criu_core_proto_enumTypes, - MessageInfos: file_criu_core_proto_msgTypes, - }.Build() - File_criu_core_proto = out.File - file_criu_core_proto_rawDesc = nil - file_criu_core_proto_goTypes = nil - file_criu_core_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/criu-core.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/criu-core.proto deleted file mode 100644 index 8bf0d8aa238..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/criu-core.proto +++ /dev/null @@ -1,134 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -import "core-x86.proto"; -import "core-arm.proto"; -import "core-aarch64.proto"; -import "core-ppc64.proto"; -import "core-s390.proto"; -import "core-mips.proto"; - -import "rlimit.proto"; -import "timer.proto"; -import "creds.proto"; -import "criu-sa.proto"; -import "siginfo.proto"; -import "rseq.proto"; - -import "opts.proto"; - -/* - * These match the SECCOMP_MODE_* flags from . - */ -enum seccomp_mode { - disabled = 0; - strict = 1; - filter = 2; -}; - -message task_core_entry { - required uint32 task_state = 1 [(criu).dict = "gen"]; - required uint32 exit_code = 2; - - required uint32 personality = 3; - required uint32 flags = 4; - required uint64 blk_sigset = 5[(criu).hex = true]; - - required string comm = 6; - - optional task_timers_entry timers = 7; - optional task_rlimits_entry rlimits = 8; - - optional uint32 cg_set = 9; - - optional signal_queue_entry signals_s = 10; - - /* These two are deprecated, should be per-thread */ - optional seccomp_mode old_seccomp_mode = 11; - optional uint32 old_seccomp_filter = 12; - - optional uint32 loginuid = 13; - - optional int32 oom_score_adj = 14; - repeated sa_entry sigactions = 15; - // Reserved for tty inheritance - //optional int32 tty_nr = 16; - //optional int32 tty_pgrp = 17; - - optional bool child_subreaper = 18; - // Reserved for container relative start time - //optional uint64 start_time = 19; - optional uint64 blk_sigset_extended = 20[(criu).hex = true]; -} - -message task_kobj_ids_entry { - required uint32 vm_id = 1; - required uint32 files_id = 2; - required uint32 fs_id = 3; - required uint32 sighand_id = 4; - - optional uint32 pid_ns_id = 5; - optional uint32 net_ns_id = 6; - optional uint32 ipc_ns_id = 7; - optional uint32 uts_ns_id = 8; - optional uint32 mnt_ns_id = 9; - optional uint32 user_ns_id = 10; - optional uint32 cgroup_ns_id = 11; - optional uint32 time_ns_id = 12; -} - -message thread_sas_entry { - required uint64 ss_sp = 1; - required uint64 ss_size = 2; - required uint32 ss_flags = 3; -} - -message thread_core_entry { - required uint64 futex_rla = 1; - required uint32 futex_rla_len = 2; - optional sint32 sched_nice = 3; - optional uint32 sched_policy = 4; - optional uint32 sched_prio = 5; - optional uint64 blk_sigset = 6; - optional thread_sas_entry sas = 7; - optional uint32 pdeath_sig = 8; - - optional signal_queue_entry signals_p = 9; - optional creds_entry creds = 10; - - optional seccomp_mode seccomp_mode = 11; - optional uint32 seccomp_filter = 12; - - optional string comm = 13; - optional uint64 blk_sigset_extended = 14; - optional rseq_entry rseq_entry = 15; -} - -message task_rlimits_entry { - repeated rlimit_entry rlimits = 1; -}; - -message core_entry { - enum march { - UNKNOWN = 0; - X86_64 = 1; - ARM = 2; - AARCH64 = 3; - PPC64 = 4; - S390 = 5; - MIPS = 6; - } - - required march mtype = 1; - optional thread_info_x86 thread_info = 2; - optional thread_info_arm ti_arm = 6; - optional thread_info_aarch64 ti_aarch64 = 8; - optional thread_info_ppc64 ti_ppc64 = 9; - optional thread_info_s390 ti_s390 = 10; - optional thread_info_mips ti_mips = 11; - - optional task_core_entry tc = 3; - optional task_kobj_ids_entry ids = 4; - optional thread_core_entry thread_core = 5; -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/criu-sa.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/criu-sa.pb.go deleted file mode 100644 index 126ec674ac1..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/criu-sa.pb.go +++ /dev/null @@ -1,195 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: criu-sa.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type SaEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Sigaction *uint64 `protobuf:"varint,1,req,name=sigaction" json:"sigaction,omitempty"` - Flags *uint64 `protobuf:"varint,2,req,name=flags" json:"flags,omitempty"` - Restorer *uint64 `protobuf:"varint,3,req,name=restorer" json:"restorer,omitempty"` - Mask *uint64 `protobuf:"varint,4,req,name=mask" json:"mask,omitempty"` - CompatSigaction *bool `protobuf:"varint,5,opt,name=compat_sigaction,json=compatSigaction" json:"compat_sigaction,omitempty"` - MaskExtended *uint64 `protobuf:"varint,6,opt,name=mask_extended,json=maskExtended" json:"mask_extended,omitempty"` -} - -func (x *SaEntry) Reset() { - *x = SaEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_criu_sa_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *SaEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*SaEntry) ProtoMessage() {} - -func (x *SaEntry) ProtoReflect() protoreflect.Message { - mi := &file_criu_sa_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use SaEntry.ProtoReflect.Descriptor instead. -func (*SaEntry) Descriptor() ([]byte, []int) { - return file_criu_sa_proto_rawDescGZIP(), []int{0} -} - -func (x *SaEntry) GetSigaction() uint64 { - if x != nil && x.Sigaction != nil { - return *x.Sigaction - } - return 0 -} - -func (x *SaEntry) GetFlags() uint64 { - if x != nil && x.Flags != nil { - return *x.Flags - } - return 0 -} - -func (x *SaEntry) GetRestorer() uint64 { - if x != nil && x.Restorer != nil { - return *x.Restorer - } - return 0 -} - -func (x *SaEntry) GetMask() uint64 { - if x != nil && x.Mask != nil { - return *x.Mask - } - return 0 -} - -func (x *SaEntry) GetCompatSigaction() bool { - if x != nil && x.CompatSigaction != nil { - return *x.CompatSigaction - } - return false -} - -func (x *SaEntry) GetMaskExtended() uint64 { - if x != nil && x.MaskExtended != nil { - return *x.MaskExtended - } - return 0 -} - -var File_criu_sa_proto protoreflect.FileDescriptor - -var file_criu_sa_proto_rawDesc = []byte{ - 0x0a, 0x0d, 0x63, 0x72, 0x69, 0x75, 0x2d, 0x73, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, - 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xe1, 0x01, 0x0a, 0x08, - 0x73, 0x61, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x23, 0x0a, 0x09, 0x73, 0x69, 0x67, 0x61, - 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, - 0x08, 0x01, 0x52, 0x09, 0x73, 0x69, 0x67, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1b, 0x0a, - 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, - 0x02, 0x08, 0x01, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x21, 0x0a, 0x08, 0x72, 0x65, - 0x73, 0x74, 0x6f, 0x72, 0x65, 0x72, 0x18, 0x03, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, - 0x02, 0x08, 0x01, 0x52, 0x08, 0x72, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x72, 0x12, 0x19, 0x0a, - 0x04, 0x6d, 0x61, 0x73, 0x6b, 0x18, 0x04, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, - 0x08, 0x01, 0x52, 0x04, 0x6d, 0x61, 0x73, 0x6b, 0x12, 0x29, 0x0a, 0x10, 0x63, 0x6f, 0x6d, 0x70, - 0x61, 0x74, 0x5f, 0x73, 0x69, 0x67, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x05, 0x20, 0x01, - 0x28, 0x08, 0x52, 0x0f, 0x63, 0x6f, 0x6d, 0x70, 0x61, 0x74, 0x53, 0x69, 0x67, 0x61, 0x63, 0x74, - 0x69, 0x6f, 0x6e, 0x12, 0x2a, 0x0a, 0x0d, 0x6d, 0x61, 0x73, 0x6b, 0x5f, 0x65, 0x78, 0x74, 0x65, - 0x6e, 0x64, 0x65, 0x64, 0x18, 0x06, 0x20, 0x01, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, - 0x01, 0x52, 0x0c, 0x6d, 0x61, 0x73, 0x6b, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x64, 0x65, 0x64, -} - -var ( - file_criu_sa_proto_rawDescOnce sync.Once - file_criu_sa_proto_rawDescData = file_criu_sa_proto_rawDesc -) - -func file_criu_sa_proto_rawDescGZIP() []byte { - file_criu_sa_proto_rawDescOnce.Do(func() { - file_criu_sa_proto_rawDescData = protoimpl.X.CompressGZIP(file_criu_sa_proto_rawDescData) - }) - return file_criu_sa_proto_rawDescData -} - -var file_criu_sa_proto_msgTypes = make([]protoimpl.MessageInfo, 1) -var file_criu_sa_proto_goTypes = []interface{}{ - (*SaEntry)(nil), // 0: sa_entry -} -var file_criu_sa_proto_depIdxs = []int32{ - 0, // [0:0] is the sub-list for method output_type - 0, // [0:0] is the sub-list for method input_type - 0, // [0:0] is the sub-list for extension type_name - 0, // [0:0] is the sub-list for extension extendee - 0, // [0:0] is the sub-list for field type_name -} - -func init() { file_criu_sa_proto_init() } -func file_criu_sa_proto_init() { - if File_criu_sa_proto != nil { - return - } - file_opts_proto_init() - if !protoimpl.UnsafeEnabled { - file_criu_sa_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*SaEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_criu_sa_proto_rawDesc, - NumEnums: 0, - NumMessages: 1, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_criu_sa_proto_goTypes, - DependencyIndexes: file_criu_sa_proto_depIdxs, - MessageInfos: file_criu_sa_proto_msgTypes, - }.Build() - File_criu_sa_proto = out.File - file_criu_sa_proto_rawDesc = nil - file_criu_sa_proto_goTypes = nil - file_criu_sa_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/criu-sa.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/criu-sa.proto deleted file mode 100644 index 07f71c3a037..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/criu-sa.proto +++ /dev/null @@ -1,14 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -import "opts.proto"; - -message sa_entry { - required uint64 sigaction = 1 [(criu).hex = true]; - required uint64 flags = 2 [(criu).hex = true]; - required uint64 restorer = 3 [(criu).hex = true]; - required uint64 mask = 4 [(criu).hex = true]; - optional bool compat_sigaction = 5; - optional uint64 mask_extended = 6 [(criu).hex = true]; -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/eventfd.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/eventfd.pb.go deleted file mode 100644 index 59b5caddf18..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/eventfd.pb.go +++ /dev/null @@ -1,175 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: eventfd.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type EventfdFileEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Id *uint32 `protobuf:"varint,1,req,name=id" json:"id,omitempty"` - Flags *uint32 `protobuf:"varint,2,req,name=flags" json:"flags,omitempty"` - Fown *FownEntry `protobuf:"bytes,3,req,name=fown" json:"fown,omitempty"` - Counter *uint64 `protobuf:"varint,4,req,name=counter" json:"counter,omitempty"` -} - -func (x *EventfdFileEntry) Reset() { - *x = EventfdFileEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_eventfd_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *EventfdFileEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*EventfdFileEntry) ProtoMessage() {} - -func (x *EventfdFileEntry) ProtoReflect() protoreflect.Message { - mi := &file_eventfd_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use EventfdFileEntry.ProtoReflect.Descriptor instead. -func (*EventfdFileEntry) Descriptor() ([]byte, []int) { - return file_eventfd_proto_rawDescGZIP(), []int{0} -} - -func (x *EventfdFileEntry) GetId() uint32 { - if x != nil && x.Id != nil { - return *x.Id - } - return 0 -} - -func (x *EventfdFileEntry) GetFlags() uint32 { - if x != nil && x.Flags != nil { - return *x.Flags - } - return 0 -} - -func (x *EventfdFileEntry) GetFown() *FownEntry { - if x != nil { - return x.Fown - } - return nil -} - -func (x *EventfdFileEntry) GetCounter() uint64 { - if x != nil && x.Counter != nil { - return *x.Counter - } - return 0 -} - -var File_eventfd_proto protoreflect.FileDescriptor - -var file_eventfd_proto_rawDesc = []byte{ - 0x0a, 0x0d, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x66, 0x64, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, - 0x0a, 0x66, 0x6f, 0x77, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x75, 0x0a, 0x12, 0x65, - 0x76, 0x65, 0x6e, 0x74, 0x66, 0x64, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, - 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, - 0x64, 0x12, 0x14, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, - 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x1f, 0x0a, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x18, - 0x03, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x0b, 0x2e, 0x66, 0x6f, 0x77, 0x6e, 0x5f, 0x65, 0x6e, 0x74, - 0x72, 0x79, 0x52, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x12, 0x18, 0x0a, 0x07, 0x63, 0x6f, 0x75, 0x6e, - 0x74, 0x65, 0x72, 0x18, 0x04, 0x20, 0x02, 0x28, 0x04, 0x52, 0x07, 0x63, 0x6f, 0x75, 0x6e, 0x74, - 0x65, 0x72, -} - -var ( - file_eventfd_proto_rawDescOnce sync.Once - file_eventfd_proto_rawDescData = file_eventfd_proto_rawDesc -) - -func file_eventfd_proto_rawDescGZIP() []byte { - file_eventfd_proto_rawDescOnce.Do(func() { - file_eventfd_proto_rawDescData = protoimpl.X.CompressGZIP(file_eventfd_proto_rawDescData) - }) - return file_eventfd_proto_rawDescData -} - -var file_eventfd_proto_msgTypes = make([]protoimpl.MessageInfo, 1) -var file_eventfd_proto_goTypes = []interface{}{ - (*EventfdFileEntry)(nil), // 0: eventfd_file_entry - (*FownEntry)(nil), // 1: fown_entry -} -var file_eventfd_proto_depIdxs = []int32{ - 1, // 0: eventfd_file_entry.fown:type_name -> fown_entry - 1, // [1:1] is the sub-list for method output_type - 1, // [1:1] is the sub-list for method input_type - 1, // [1:1] is the sub-list for extension type_name - 1, // [1:1] is the sub-list for extension extendee - 0, // [0:1] is the sub-list for field type_name -} - -func init() { file_eventfd_proto_init() } -func file_eventfd_proto_init() { - if File_eventfd_proto != nil { - return - } - file_fown_proto_init() - if !protoimpl.UnsafeEnabled { - file_eventfd_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*EventfdFileEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_eventfd_proto_rawDesc, - NumEnums: 0, - NumMessages: 1, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_eventfd_proto_goTypes, - DependencyIndexes: file_eventfd_proto_depIdxs, - MessageInfos: file_eventfd_proto_msgTypes, - }.Build() - File_eventfd_proto = out.File - file_eventfd_proto_rawDesc = nil - file_eventfd_proto_goTypes = nil - file_eventfd_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/eventfd.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/eventfd.proto deleted file mode 100644 index 225462f763a..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/eventfd.proto +++ /dev/null @@ -1,12 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -import "fown.proto"; - -message eventfd_file_entry { - required uint32 id = 1; - required uint32 flags = 2; - required fown_entry fown = 3; - required uint64 counter = 4; -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/eventpoll.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/eventpoll.pb.go deleted file mode 100644 index 01b9676acb9..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/eventpoll.pb.go +++ /dev/null @@ -1,296 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: eventpoll.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type EventpollTfdEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Id *uint32 `protobuf:"varint,1,req,name=id" json:"id,omitempty"` - Tfd *uint32 `protobuf:"varint,2,req,name=tfd" json:"tfd,omitempty"` - Events *uint32 `protobuf:"varint,3,req,name=events" json:"events,omitempty"` - Data *uint64 `protobuf:"varint,4,req,name=data" json:"data,omitempty"` - // to find dup'ed target files - Dev *uint32 `protobuf:"varint,5,opt,name=dev" json:"dev,omitempty"` - Inode *uint64 `protobuf:"varint,6,opt,name=inode" json:"inode,omitempty"` - Pos *uint64 `protobuf:"varint,7,opt,name=pos" json:"pos,omitempty"` -} - -func (x *EventpollTfdEntry) Reset() { - *x = EventpollTfdEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_eventpoll_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *EventpollTfdEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*EventpollTfdEntry) ProtoMessage() {} - -func (x *EventpollTfdEntry) ProtoReflect() protoreflect.Message { - mi := &file_eventpoll_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use EventpollTfdEntry.ProtoReflect.Descriptor instead. -func (*EventpollTfdEntry) Descriptor() ([]byte, []int) { - return file_eventpoll_proto_rawDescGZIP(), []int{0} -} - -func (x *EventpollTfdEntry) GetId() uint32 { - if x != nil && x.Id != nil { - return *x.Id - } - return 0 -} - -func (x *EventpollTfdEntry) GetTfd() uint32 { - if x != nil && x.Tfd != nil { - return *x.Tfd - } - return 0 -} - -func (x *EventpollTfdEntry) GetEvents() uint32 { - if x != nil && x.Events != nil { - return *x.Events - } - return 0 -} - -func (x *EventpollTfdEntry) GetData() uint64 { - if x != nil && x.Data != nil { - return *x.Data - } - return 0 -} - -func (x *EventpollTfdEntry) GetDev() uint32 { - if x != nil && x.Dev != nil { - return *x.Dev - } - return 0 -} - -func (x *EventpollTfdEntry) GetInode() uint64 { - if x != nil && x.Inode != nil { - return *x.Inode - } - return 0 -} - -func (x *EventpollTfdEntry) GetPos() uint64 { - if x != nil && x.Pos != nil { - return *x.Pos - } - return 0 -} - -type EventpollFileEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Id *uint32 `protobuf:"varint,1,req,name=id" json:"id,omitempty"` - Flags *uint32 `protobuf:"varint,2,req,name=flags" json:"flags,omitempty"` - Fown *FownEntry `protobuf:"bytes,3,req,name=fown" json:"fown,omitempty"` - Tfd []*EventpollTfdEntry `protobuf:"bytes,4,rep,name=tfd" json:"tfd,omitempty"` -} - -func (x *EventpollFileEntry) Reset() { - *x = EventpollFileEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_eventpoll_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *EventpollFileEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*EventpollFileEntry) ProtoMessage() {} - -func (x *EventpollFileEntry) ProtoReflect() protoreflect.Message { - mi := &file_eventpoll_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use EventpollFileEntry.ProtoReflect.Descriptor instead. -func (*EventpollFileEntry) Descriptor() ([]byte, []int) { - return file_eventpoll_proto_rawDescGZIP(), []int{1} -} - -func (x *EventpollFileEntry) GetId() uint32 { - if x != nil && x.Id != nil { - return *x.Id - } - return 0 -} - -func (x *EventpollFileEntry) GetFlags() uint32 { - if x != nil && x.Flags != nil { - return *x.Flags - } - return 0 -} - -func (x *EventpollFileEntry) GetFown() *FownEntry { - if x != nil { - return x.Fown - } - return nil -} - -func (x *EventpollFileEntry) GetTfd() []*EventpollTfdEntry { - if x != nil { - return x.Tfd - } - return nil -} - -var File_eventpoll_proto protoreflect.FileDescriptor - -var file_eventpoll_proto_rawDesc = []byte{ - 0x0a, 0x0f, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x70, 0x6f, 0x6c, 0x6c, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x1a, 0x0a, 0x66, 0x6f, 0x77, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x9d, 0x01, - 0x0a, 0x13, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x70, 0x6f, 0x6c, 0x6c, 0x5f, 0x74, 0x66, 0x64, 0x5f, - 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, - 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, 0x10, 0x0a, 0x03, 0x74, 0x66, 0x64, 0x18, 0x02, 0x20, 0x02, - 0x28, 0x0d, 0x52, 0x03, 0x74, 0x66, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x65, 0x76, 0x65, 0x6e, 0x74, - 0x73, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x06, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x12, - 0x12, 0x0a, 0x04, 0x64, 0x61, 0x74, 0x61, 0x18, 0x04, 0x20, 0x02, 0x28, 0x04, 0x52, 0x04, 0x64, - 0x61, 0x74, 0x61, 0x12, 0x10, 0x0a, 0x03, 0x64, 0x65, 0x76, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0d, - 0x52, 0x03, 0x64, 0x65, 0x76, 0x12, 0x14, 0x0a, 0x05, 0x69, 0x6e, 0x6f, 0x64, 0x65, 0x18, 0x06, - 0x20, 0x01, 0x28, 0x04, 0x52, 0x05, 0x69, 0x6e, 0x6f, 0x64, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x70, - 0x6f, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x04, 0x52, 0x03, 0x70, 0x6f, 0x73, 0x22, 0x85, 0x01, - 0x0a, 0x14, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x70, 0x6f, 0x6c, 0x6c, 0x5f, 0x66, 0x69, 0x6c, 0x65, - 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, - 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, 0x14, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, - 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x1f, 0x0a, 0x04, - 0x66, 0x6f, 0x77, 0x6e, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x0b, 0x2e, 0x66, 0x6f, 0x77, - 0x6e, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x12, 0x26, 0x0a, - 0x03, 0x74, 0x66, 0x64, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x65, 0x76, 0x65, - 0x6e, 0x74, 0x70, 0x6f, 0x6c, 0x6c, 0x5f, 0x74, 0x66, 0x64, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, - 0x52, 0x03, 0x74, 0x66, 0x64, -} - -var ( - file_eventpoll_proto_rawDescOnce sync.Once - file_eventpoll_proto_rawDescData = file_eventpoll_proto_rawDesc -) - -func file_eventpoll_proto_rawDescGZIP() []byte { - file_eventpoll_proto_rawDescOnce.Do(func() { - file_eventpoll_proto_rawDescData = protoimpl.X.CompressGZIP(file_eventpoll_proto_rawDescData) - }) - return file_eventpoll_proto_rawDescData -} - -var file_eventpoll_proto_msgTypes = make([]protoimpl.MessageInfo, 2) -var file_eventpoll_proto_goTypes = []interface{}{ - (*EventpollTfdEntry)(nil), // 0: eventpoll_tfd_entry - (*EventpollFileEntry)(nil), // 1: eventpoll_file_entry - (*FownEntry)(nil), // 2: fown_entry -} -var file_eventpoll_proto_depIdxs = []int32{ - 2, // 0: eventpoll_file_entry.fown:type_name -> fown_entry - 0, // 1: eventpoll_file_entry.tfd:type_name -> eventpoll_tfd_entry - 2, // [2:2] is the sub-list for method output_type - 2, // [2:2] is the sub-list for method input_type - 2, // [2:2] is the sub-list for extension type_name - 2, // [2:2] is the sub-list for extension extendee - 0, // [0:2] is the sub-list for field type_name -} - -func init() { file_eventpoll_proto_init() } -func file_eventpoll_proto_init() { - if File_eventpoll_proto != nil { - return - } - file_fown_proto_init() - if !protoimpl.UnsafeEnabled { - file_eventpoll_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*EventpollTfdEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_eventpoll_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*EventpollFileEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_eventpoll_proto_rawDesc, - NumEnums: 0, - NumMessages: 2, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_eventpoll_proto_goTypes, - DependencyIndexes: file_eventpoll_proto_depIdxs, - MessageInfos: file_eventpoll_proto_msgTypes, - }.Build() - File_eventpoll_proto = out.File - file_eventpoll_proto_rawDesc = nil - file_eventpoll_proto_goTypes = nil - file_eventpoll_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/eventpoll.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/eventpoll.proto deleted file mode 100644 index 0f3e8a870b0..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/eventpoll.proto +++ /dev/null @@ -1,24 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -import "fown.proto"; - -message eventpoll_tfd_entry { - required uint32 id = 1; - required uint32 tfd = 2; - required uint32 events = 3; - required uint64 data = 4; - - /* to find dup'ed target files */ - optional uint32 dev = 5; - optional uint64 inode = 6; - optional uint64 pos = 7; -} - -message eventpoll_file_entry { - required uint32 id = 1; - required uint32 flags = 2; - required fown_entry fown = 3; - repeated eventpoll_tfd_entry tfd = 4; -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ext-file.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ext-file.pb.go deleted file mode 100644 index 714a0ea211f..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ext-file.pb.go +++ /dev/null @@ -1,155 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: ext-file.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type ExtFileEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Id *uint32 `protobuf:"varint,1,req,name=id" json:"id,omitempty"` - Fown *FownEntry `protobuf:"bytes,5,req,name=fown" json:"fown,omitempty"` -} - -func (x *ExtFileEntry) Reset() { - *x = ExtFileEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_ext_file_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ExtFileEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ExtFileEntry) ProtoMessage() {} - -func (x *ExtFileEntry) ProtoReflect() protoreflect.Message { - mi := &file_ext_file_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ExtFileEntry.ProtoReflect.Descriptor instead. -func (*ExtFileEntry) Descriptor() ([]byte, []int) { - return file_ext_file_proto_rawDescGZIP(), []int{0} -} - -func (x *ExtFileEntry) GetId() uint32 { - if x != nil && x.Id != nil { - return *x.Id - } - return 0 -} - -func (x *ExtFileEntry) GetFown() *FownEntry { - if x != nil { - return x.Fown - } - return nil -} - -var File_ext_file_proto protoreflect.FileDescriptor - -var file_ext_file_proto_rawDesc = []byte{ - 0x0a, 0x0e, 0x65, 0x78, 0x74, 0x2d, 0x66, 0x69, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x1a, 0x0a, 0x66, 0x6f, 0x77, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x41, 0x0a, 0x0e, - 0x65, 0x78, 0x74, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, - 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, 0x1f, - 0x0a, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x18, 0x05, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x0b, 0x2e, 0x66, - 0x6f, 0x77, 0x6e, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x66, 0x6f, 0x77, 0x6e, -} - -var ( - file_ext_file_proto_rawDescOnce sync.Once - file_ext_file_proto_rawDescData = file_ext_file_proto_rawDesc -) - -func file_ext_file_proto_rawDescGZIP() []byte { - file_ext_file_proto_rawDescOnce.Do(func() { - file_ext_file_proto_rawDescData = protoimpl.X.CompressGZIP(file_ext_file_proto_rawDescData) - }) - return file_ext_file_proto_rawDescData -} - -var file_ext_file_proto_msgTypes = make([]protoimpl.MessageInfo, 1) -var file_ext_file_proto_goTypes = []interface{}{ - (*ExtFileEntry)(nil), // 0: ext_file_entry - (*FownEntry)(nil), // 1: fown_entry -} -var file_ext_file_proto_depIdxs = []int32{ - 1, // 0: ext_file_entry.fown:type_name -> fown_entry - 1, // [1:1] is the sub-list for method output_type - 1, // [1:1] is the sub-list for method input_type - 1, // [1:1] is the sub-list for extension type_name - 1, // [1:1] is the sub-list for extension extendee - 0, // [0:1] is the sub-list for field type_name -} - -func init() { file_ext_file_proto_init() } -func file_ext_file_proto_init() { - if File_ext_file_proto != nil { - return - } - file_fown_proto_init() - if !protoimpl.UnsafeEnabled { - file_ext_file_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ExtFileEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_ext_file_proto_rawDesc, - NumEnums: 0, - NumMessages: 1, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_ext_file_proto_goTypes, - DependencyIndexes: file_ext_file_proto_depIdxs, - MessageInfos: file_ext_file_proto_msgTypes, - }.Build() - File_ext_file_proto = out.File - file_ext_file_proto_rawDesc = nil - file_ext_file_proto_goTypes = nil - file_ext_file_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ext-file.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ext-file.proto deleted file mode 100644 index 8b4f825681d..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ext-file.proto +++ /dev/null @@ -1,10 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -import "fown.proto"; - -message ext_file_entry { - required uint32 id = 1; - required fown_entry fown = 5; -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fdinfo.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fdinfo.pb.go deleted file mode 100644 index 80abb2c1e15..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fdinfo.pb.go +++ /dev/null @@ -1,661 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: fdinfo.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type FdTypes int32 - -const ( - FdTypes_UND FdTypes = 0 - FdTypes_REG FdTypes = 1 - FdTypes_PIPE FdTypes = 2 - FdTypes_FIFO FdTypes = 3 - FdTypes_INETSK FdTypes = 4 - FdTypes_UNIXSK FdTypes = 5 - FdTypes_EVENTFD FdTypes = 6 - FdTypes_EVENTPOLL FdTypes = 7 - FdTypes_INOTIFY FdTypes = 8 - FdTypes_SIGNALFD FdTypes = 9 - FdTypes_PACKETSK FdTypes = 10 - FdTypes_TTY FdTypes = 11 - FdTypes_FANOTIFY FdTypes = 12 - FdTypes_NETLINKSK FdTypes = 13 - FdTypes_NS FdTypes = 14 - FdTypes_TUNF FdTypes = 15 - FdTypes_EXT FdTypes = 16 - FdTypes_TIMERFD FdTypes = 17 - FdTypes_MEMFD FdTypes = 18 - FdTypes_BPFMAP FdTypes = 19 - // Any number above the real used. Not stored to image - FdTypes_CTL_TTY FdTypes = 65534 - FdTypes_AUTOFS_PIPE FdTypes = 65535 -) - -// Enum value maps for FdTypes. -var ( - FdTypes_name = map[int32]string{ - 0: "UND", - 1: "REG", - 2: "PIPE", - 3: "FIFO", - 4: "INETSK", - 5: "UNIXSK", - 6: "EVENTFD", - 7: "EVENTPOLL", - 8: "INOTIFY", - 9: "SIGNALFD", - 10: "PACKETSK", - 11: "TTY", - 12: "FANOTIFY", - 13: "NETLINKSK", - 14: "NS", - 15: "TUNF", - 16: "EXT", - 17: "TIMERFD", - 18: "MEMFD", - 19: "BPFMAP", - 65534: "CTL_TTY", - 65535: "AUTOFS_PIPE", - } - FdTypes_value = map[string]int32{ - "UND": 0, - "REG": 1, - "PIPE": 2, - "FIFO": 3, - "INETSK": 4, - "UNIXSK": 5, - "EVENTFD": 6, - "EVENTPOLL": 7, - "INOTIFY": 8, - "SIGNALFD": 9, - "PACKETSK": 10, - "TTY": 11, - "FANOTIFY": 12, - "NETLINKSK": 13, - "NS": 14, - "TUNF": 15, - "EXT": 16, - "TIMERFD": 17, - "MEMFD": 18, - "BPFMAP": 19, - "CTL_TTY": 65534, - "AUTOFS_PIPE": 65535, - } -) - -func (x FdTypes) Enum() *FdTypes { - p := new(FdTypes) - *p = x - return p -} - -func (x FdTypes) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (FdTypes) Descriptor() protoreflect.EnumDescriptor { - return file_fdinfo_proto_enumTypes[0].Descriptor() -} - -func (FdTypes) Type() protoreflect.EnumType { - return &file_fdinfo_proto_enumTypes[0] -} - -func (x FdTypes) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Do not use. -func (x *FdTypes) UnmarshalJSON(b []byte) error { - num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b) - if err != nil { - return err - } - *x = FdTypes(num) - return nil -} - -// Deprecated: Use FdTypes.Descriptor instead. -func (FdTypes) EnumDescriptor() ([]byte, []int) { - return file_fdinfo_proto_rawDescGZIP(), []int{0} -} - -type FdinfoEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Id *uint32 `protobuf:"varint,1,req,name=id" json:"id,omitempty"` - Flags *uint32 `protobuf:"varint,2,req,name=flags" json:"flags,omitempty"` - Type *FdTypes `protobuf:"varint,3,req,name=type,enum=FdTypes" json:"type,omitempty"` - Fd *uint32 `protobuf:"varint,4,req,name=fd" json:"fd,omitempty"` - XattrSecuritySelinux *string `protobuf:"bytes,5,opt,name=xattr_security_selinux,json=xattrSecuritySelinux" json:"xattr_security_selinux,omitempty"` -} - -func (x *FdinfoEntry) Reset() { - *x = FdinfoEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_fdinfo_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *FdinfoEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*FdinfoEntry) ProtoMessage() {} - -func (x *FdinfoEntry) ProtoReflect() protoreflect.Message { - mi := &file_fdinfo_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use FdinfoEntry.ProtoReflect.Descriptor instead. -func (*FdinfoEntry) Descriptor() ([]byte, []int) { - return file_fdinfo_proto_rawDescGZIP(), []int{0} -} - -func (x *FdinfoEntry) GetId() uint32 { - if x != nil && x.Id != nil { - return *x.Id - } - return 0 -} - -func (x *FdinfoEntry) GetFlags() uint32 { - if x != nil && x.Flags != nil { - return *x.Flags - } - return 0 -} - -func (x *FdinfoEntry) GetType() FdTypes { - if x != nil && x.Type != nil { - return *x.Type - } - return FdTypes_UND -} - -func (x *FdinfoEntry) GetFd() uint32 { - if x != nil && x.Fd != nil { - return *x.Fd - } - return 0 -} - -func (x *FdinfoEntry) GetXattrSecuritySelinux() string { - if x != nil && x.XattrSecuritySelinux != nil { - return *x.XattrSecuritySelinux - } - return "" -} - -type FileEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Type *FdTypes `protobuf:"varint,1,req,name=type,enum=FdTypes" json:"type,omitempty"` - Id *uint32 `protobuf:"varint,2,req,name=id" json:"id,omitempty"` - Reg *RegFileEntry `protobuf:"bytes,3,opt,name=reg" json:"reg,omitempty"` - Isk *InetSkEntry `protobuf:"bytes,4,opt,name=isk" json:"isk,omitempty"` - Nsf *NsFileEntry `protobuf:"bytes,5,opt,name=nsf" json:"nsf,omitempty"` - Psk *PacketSockEntry `protobuf:"bytes,6,opt,name=psk" json:"psk,omitempty"` - Nlsk *NetlinkSkEntry `protobuf:"bytes,7,opt,name=nlsk" json:"nlsk,omitempty"` - Efd *EventfdFileEntry `protobuf:"bytes,8,opt,name=efd" json:"efd,omitempty"` - Epfd *EventpollFileEntry `protobuf:"bytes,9,opt,name=epfd" json:"epfd,omitempty"` - Sgfd *SignalfdEntry `protobuf:"bytes,10,opt,name=sgfd" json:"sgfd,omitempty"` - Tunf *TunfileEntry `protobuf:"bytes,11,opt,name=tunf" json:"tunf,omitempty"` - Tfd *TimerfdEntry `protobuf:"bytes,12,opt,name=tfd" json:"tfd,omitempty"` - Ify *InotifyFileEntry `protobuf:"bytes,13,opt,name=ify" json:"ify,omitempty"` - Ffy *FanotifyFileEntry `protobuf:"bytes,14,opt,name=ffy" json:"ffy,omitempty"` - Ext *ExtFileEntry `protobuf:"bytes,15,opt,name=ext" json:"ext,omitempty"` - Usk *UnixSkEntry `protobuf:"bytes,16,opt,name=usk" json:"usk,omitempty"` - Fifo *FifoEntry `protobuf:"bytes,17,opt,name=fifo" json:"fifo,omitempty"` - Pipe *PipeEntry `protobuf:"bytes,18,opt,name=pipe" json:"pipe,omitempty"` - Tty *TtyFileEntry `protobuf:"bytes,19,opt,name=tty" json:"tty,omitempty"` - Memfd *MemfdFileEntry `protobuf:"bytes,20,opt,name=memfd" json:"memfd,omitempty"` - Bpf *BpfmapFileEntry `protobuf:"bytes,21,opt,name=bpf" json:"bpf,omitempty"` -} - -func (x *FileEntry) Reset() { - *x = FileEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_fdinfo_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *FileEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*FileEntry) ProtoMessage() {} - -func (x *FileEntry) ProtoReflect() protoreflect.Message { - mi := &file_fdinfo_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use FileEntry.ProtoReflect.Descriptor instead. -func (*FileEntry) Descriptor() ([]byte, []int) { - return file_fdinfo_proto_rawDescGZIP(), []int{1} -} - -func (x *FileEntry) GetType() FdTypes { - if x != nil && x.Type != nil { - return *x.Type - } - return FdTypes_UND -} - -func (x *FileEntry) GetId() uint32 { - if x != nil && x.Id != nil { - return *x.Id - } - return 0 -} - -func (x *FileEntry) GetReg() *RegFileEntry { - if x != nil { - return x.Reg - } - return nil -} - -func (x *FileEntry) GetIsk() *InetSkEntry { - if x != nil { - return x.Isk - } - return nil -} - -func (x *FileEntry) GetNsf() *NsFileEntry { - if x != nil { - return x.Nsf - } - return nil -} - -func (x *FileEntry) GetPsk() *PacketSockEntry { - if x != nil { - return x.Psk - } - return nil -} - -func (x *FileEntry) GetNlsk() *NetlinkSkEntry { - if x != nil { - return x.Nlsk - } - return nil -} - -func (x *FileEntry) GetEfd() *EventfdFileEntry { - if x != nil { - return x.Efd - } - return nil -} - -func (x *FileEntry) GetEpfd() *EventpollFileEntry { - if x != nil { - return x.Epfd - } - return nil -} - -func (x *FileEntry) GetSgfd() *SignalfdEntry { - if x != nil { - return x.Sgfd - } - return nil -} - -func (x *FileEntry) GetTunf() *TunfileEntry { - if x != nil { - return x.Tunf - } - return nil -} - -func (x *FileEntry) GetTfd() *TimerfdEntry { - if x != nil { - return x.Tfd - } - return nil -} - -func (x *FileEntry) GetIfy() *InotifyFileEntry { - if x != nil { - return x.Ify - } - return nil -} - -func (x *FileEntry) GetFfy() *FanotifyFileEntry { - if x != nil { - return x.Ffy - } - return nil -} - -func (x *FileEntry) GetExt() *ExtFileEntry { - if x != nil { - return x.Ext - } - return nil -} - -func (x *FileEntry) GetUsk() *UnixSkEntry { - if x != nil { - return x.Usk - } - return nil -} - -func (x *FileEntry) GetFifo() *FifoEntry { - if x != nil { - return x.Fifo - } - return nil -} - -func (x *FileEntry) GetPipe() *PipeEntry { - if x != nil { - return x.Pipe - } - return nil -} - -func (x *FileEntry) GetTty() *TtyFileEntry { - if x != nil { - return x.Tty - } - return nil -} - -func (x *FileEntry) GetMemfd() *MemfdFileEntry { - if x != nil { - return x.Memfd - } - return nil -} - -func (x *FileEntry) GetBpf() *BpfmapFileEntry { - if x != nil { - return x.Bpf - } - return nil -} - -var File_fdinfo_proto protoreflect.FileDescriptor - -var file_fdinfo_proto_rawDesc = []byte{ - 0x0a, 0x0c, 0x66, 0x64, 0x69, 0x6e, 0x66, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0d, - 0x72, 0x65, 0x67, 0x66, 0x69, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0d, 0x73, - 0x6b, 0x2d, 0x69, 0x6e, 0x65, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x08, 0x6e, 0x73, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x11, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x2d, 0x73, - 0x6f, 0x63, 0x6b, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x10, 0x73, 0x6b, 0x2d, 0x6e, 0x65, - 0x74, 0x6c, 0x69, 0x6e, 0x6b, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0d, 0x65, 0x76, 0x65, - 0x6e, 0x74, 0x66, 0x64, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0f, 0x65, 0x76, 0x65, 0x6e, - 0x74, 0x70, 0x6f, 0x6c, 0x6c, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0e, 0x73, 0x69, 0x67, - 0x6e, 0x61, 0x6c, 0x66, 0x64, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x09, 0x74, 0x75, 0x6e, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0d, 0x74, 0x69, 0x6d, 0x65, 0x72, 0x66, 0x64, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0e, 0x66, 0x73, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0e, 0x65, 0x78, 0x74, 0x2d, 0x66, 0x69, 0x6c, 0x65, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0d, 0x73, 0x6b, 0x2d, 0x75, 0x6e, 0x69, 0x78, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x66, 0x69, 0x66, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x1a, 0x0a, 0x70, 0x69, 0x70, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x09, 0x74, 0x74, - 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0b, 0x6d, 0x65, 0x6d, 0x66, 0x64, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x11, 0x62, 0x70, 0x66, 0x6d, 0x61, 0x70, 0x2d, 0x66, 0x69, 0x6c, - 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x99, 0x01, 0x0a, 0x0c, 0x66, 0x64, 0x69, 0x6e, - 0x66, 0x6f, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, - 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, 0x14, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, - 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x1d, - 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0e, 0x32, 0x09, 0x2e, 0x66, - 0x64, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x73, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x0e, 0x0a, - 0x02, 0x66, 0x64, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x66, 0x64, 0x12, 0x34, 0x0a, - 0x16, 0x78, 0x61, 0x74, 0x74, 0x72, 0x5f, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x5f, - 0x73, 0x65, 0x6c, 0x69, 0x6e, 0x75, 0x78, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x14, 0x78, - 0x61, 0x74, 0x74, 0x72, 0x53, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x53, 0x65, 0x6c, 0x69, - 0x6e, 0x75, 0x78, 0x22, 0xf4, 0x05, 0x0a, 0x0a, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, 0x6e, 0x74, - 0x72, 0x79, 0x12, 0x1d, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0e, - 0x32, 0x09, 0x2e, 0x66, 0x64, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x73, 0x52, 0x04, 0x74, 0x79, 0x70, - 0x65, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, - 0x64, 0x12, 0x21, 0x0a, 0x03, 0x72, 0x65, 0x67, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0f, - 0x2e, 0x72, 0x65, 0x67, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, - 0x03, 0x72, 0x65, 0x67, 0x12, 0x20, 0x0a, 0x03, 0x69, 0x73, 0x6b, 0x18, 0x04, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x0e, 0x2e, 0x69, 0x6e, 0x65, 0x74, 0x5f, 0x73, 0x6b, 0x5f, 0x65, 0x6e, 0x74, 0x72, - 0x79, 0x52, 0x03, 0x69, 0x73, 0x6b, 0x12, 0x20, 0x0a, 0x03, 0x6e, 0x73, 0x66, 0x18, 0x05, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x6e, 0x73, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, 0x6e, - 0x74, 0x72, 0x79, 0x52, 0x03, 0x6e, 0x73, 0x66, 0x12, 0x24, 0x0a, 0x03, 0x70, 0x73, 0x6b, 0x18, - 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x5f, 0x73, - 0x6f, 0x63, 0x6b, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x70, 0x73, 0x6b, 0x12, 0x25, - 0x0a, 0x04, 0x6e, 0x6c, 0x73, 0x6b, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x6e, - 0x65, 0x74, 0x6c, 0x69, 0x6e, 0x6b, 0x5f, 0x73, 0x6b, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, - 0x04, 0x6e, 0x6c, 0x73, 0x6b, 0x12, 0x25, 0x0a, 0x03, 0x65, 0x66, 0x64, 0x18, 0x08, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x66, 0x64, 0x5f, 0x66, 0x69, 0x6c, - 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x65, 0x66, 0x64, 0x12, 0x29, 0x0a, 0x04, - 0x65, 0x70, 0x66, 0x64, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x65, 0x76, 0x65, - 0x6e, 0x74, 0x70, 0x6f, 0x6c, 0x6c, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, - 0x79, 0x52, 0x04, 0x65, 0x70, 0x66, 0x64, 0x12, 0x23, 0x0a, 0x04, 0x73, 0x67, 0x66, 0x64, 0x18, - 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x6c, 0x66, 0x64, - 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x73, 0x67, 0x66, 0x64, 0x12, 0x22, 0x0a, 0x04, - 0x74, 0x75, 0x6e, 0x66, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x74, 0x75, 0x6e, - 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x74, 0x75, 0x6e, 0x66, - 0x12, 0x20, 0x0a, 0x03, 0x74, 0x66, 0x64, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0e, 0x2e, - 0x74, 0x69, 0x6d, 0x65, 0x72, 0x66, 0x64, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x74, - 0x66, 0x64, 0x12, 0x25, 0x0a, 0x03, 0x69, 0x66, 0x79, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x13, 0x2e, 0x69, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, - 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x69, 0x66, 0x79, 0x12, 0x26, 0x0a, 0x03, 0x66, 0x66, 0x79, - 0x18, 0x0e, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x66, 0x61, 0x6e, 0x6f, 0x74, 0x69, 0x66, - 0x79, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x66, 0x66, - 0x79, 0x12, 0x21, 0x0a, 0x03, 0x65, 0x78, 0x74, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0f, - 0x2e, 0x65, 0x78, 0x74, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, - 0x03, 0x65, 0x78, 0x74, 0x12, 0x20, 0x0a, 0x03, 0x75, 0x73, 0x6b, 0x18, 0x10, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x0e, 0x2e, 0x75, 0x6e, 0x69, 0x78, 0x5f, 0x73, 0x6b, 0x5f, 0x65, 0x6e, 0x74, 0x72, - 0x79, 0x52, 0x03, 0x75, 0x73, 0x6b, 0x12, 0x1f, 0x0a, 0x04, 0x66, 0x69, 0x66, 0x6f, 0x18, 0x11, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0b, 0x2e, 0x66, 0x69, 0x66, 0x6f, 0x5f, 0x65, 0x6e, 0x74, 0x72, - 0x79, 0x52, 0x04, 0x66, 0x69, 0x66, 0x6f, 0x12, 0x1f, 0x0a, 0x04, 0x70, 0x69, 0x70, 0x65, 0x18, - 0x12, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0b, 0x2e, 0x70, 0x69, 0x70, 0x65, 0x5f, 0x65, 0x6e, 0x74, - 0x72, 0x79, 0x52, 0x04, 0x70, 0x69, 0x70, 0x65, 0x12, 0x21, 0x0a, 0x03, 0x74, 0x74, 0x79, 0x18, - 0x13, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x74, 0x74, 0x79, 0x5f, 0x66, 0x69, 0x6c, 0x65, - 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x74, 0x74, 0x79, 0x12, 0x27, 0x0a, 0x05, 0x6d, - 0x65, 0x6d, 0x66, 0x64, 0x18, 0x14, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x6d, 0x65, 0x6d, - 0x66, 0x64, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x05, 0x6d, - 0x65, 0x6d, 0x66, 0x64, 0x12, 0x24, 0x0a, 0x03, 0x62, 0x70, 0x66, 0x18, 0x15, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x12, 0x2e, 0x62, 0x70, 0x66, 0x6d, 0x61, 0x70, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, - 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x62, 0x70, 0x66, 0x2a, 0x94, 0x02, 0x0a, 0x08, 0x66, - 0x64, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x73, 0x12, 0x07, 0x0a, 0x03, 0x55, 0x4e, 0x44, 0x10, 0x00, - 0x12, 0x07, 0x0a, 0x03, 0x52, 0x45, 0x47, 0x10, 0x01, 0x12, 0x08, 0x0a, 0x04, 0x50, 0x49, 0x50, - 0x45, 0x10, 0x02, 0x12, 0x08, 0x0a, 0x04, 0x46, 0x49, 0x46, 0x4f, 0x10, 0x03, 0x12, 0x0a, 0x0a, - 0x06, 0x49, 0x4e, 0x45, 0x54, 0x53, 0x4b, 0x10, 0x04, 0x12, 0x0a, 0x0a, 0x06, 0x55, 0x4e, 0x49, - 0x58, 0x53, 0x4b, 0x10, 0x05, 0x12, 0x0b, 0x0a, 0x07, 0x45, 0x56, 0x45, 0x4e, 0x54, 0x46, 0x44, - 0x10, 0x06, 0x12, 0x0d, 0x0a, 0x09, 0x45, 0x56, 0x45, 0x4e, 0x54, 0x50, 0x4f, 0x4c, 0x4c, 0x10, - 0x07, 0x12, 0x0b, 0x0a, 0x07, 0x49, 0x4e, 0x4f, 0x54, 0x49, 0x46, 0x59, 0x10, 0x08, 0x12, 0x0c, - 0x0a, 0x08, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x4c, 0x46, 0x44, 0x10, 0x09, 0x12, 0x0c, 0x0a, 0x08, - 0x50, 0x41, 0x43, 0x4b, 0x45, 0x54, 0x53, 0x4b, 0x10, 0x0a, 0x12, 0x07, 0x0a, 0x03, 0x54, 0x54, - 0x59, 0x10, 0x0b, 0x12, 0x0c, 0x0a, 0x08, 0x46, 0x41, 0x4e, 0x4f, 0x54, 0x49, 0x46, 0x59, 0x10, - 0x0c, 0x12, 0x0d, 0x0a, 0x09, 0x4e, 0x45, 0x54, 0x4c, 0x49, 0x4e, 0x4b, 0x53, 0x4b, 0x10, 0x0d, - 0x12, 0x06, 0x0a, 0x02, 0x4e, 0x53, 0x10, 0x0e, 0x12, 0x08, 0x0a, 0x04, 0x54, 0x55, 0x4e, 0x46, - 0x10, 0x0f, 0x12, 0x07, 0x0a, 0x03, 0x45, 0x58, 0x54, 0x10, 0x10, 0x12, 0x0b, 0x0a, 0x07, 0x54, - 0x49, 0x4d, 0x45, 0x52, 0x46, 0x44, 0x10, 0x11, 0x12, 0x09, 0x0a, 0x05, 0x4d, 0x45, 0x4d, 0x46, - 0x44, 0x10, 0x12, 0x12, 0x0a, 0x0a, 0x06, 0x42, 0x50, 0x46, 0x4d, 0x41, 0x50, 0x10, 0x13, 0x12, - 0x0d, 0x0a, 0x07, 0x43, 0x54, 0x4c, 0x5f, 0x54, 0x54, 0x59, 0x10, 0xfe, 0xff, 0x03, 0x12, 0x11, - 0x0a, 0x0b, 0x41, 0x55, 0x54, 0x4f, 0x46, 0x53, 0x5f, 0x50, 0x49, 0x50, 0x45, 0x10, 0xff, 0xff, - 0x03, -} - -var ( - file_fdinfo_proto_rawDescOnce sync.Once - file_fdinfo_proto_rawDescData = file_fdinfo_proto_rawDesc -) - -func file_fdinfo_proto_rawDescGZIP() []byte { - file_fdinfo_proto_rawDescOnce.Do(func() { - file_fdinfo_proto_rawDescData = protoimpl.X.CompressGZIP(file_fdinfo_proto_rawDescData) - }) - return file_fdinfo_proto_rawDescData -} - -var file_fdinfo_proto_enumTypes = make([]protoimpl.EnumInfo, 1) -var file_fdinfo_proto_msgTypes = make([]protoimpl.MessageInfo, 2) -var file_fdinfo_proto_goTypes = []interface{}{ - (FdTypes)(0), // 0: fd_types - (*FdinfoEntry)(nil), // 1: fdinfo_entry - (*FileEntry)(nil), // 2: file_entry - (*RegFileEntry)(nil), // 3: reg_file_entry - (*InetSkEntry)(nil), // 4: inet_sk_entry - (*NsFileEntry)(nil), // 5: ns_file_entry - (*PacketSockEntry)(nil), // 6: packet_sock_entry - (*NetlinkSkEntry)(nil), // 7: netlink_sk_entry - (*EventfdFileEntry)(nil), // 8: eventfd_file_entry - (*EventpollFileEntry)(nil), // 9: eventpoll_file_entry - (*SignalfdEntry)(nil), // 10: signalfd_entry - (*TunfileEntry)(nil), // 11: tunfile_entry - (*TimerfdEntry)(nil), // 12: timerfd_entry - (*InotifyFileEntry)(nil), // 13: inotify_file_entry - (*FanotifyFileEntry)(nil), // 14: fanotify_file_entry - (*ExtFileEntry)(nil), // 15: ext_file_entry - (*UnixSkEntry)(nil), // 16: unix_sk_entry - (*FifoEntry)(nil), // 17: fifo_entry - (*PipeEntry)(nil), // 18: pipe_entry - (*TtyFileEntry)(nil), // 19: tty_file_entry - (*MemfdFileEntry)(nil), // 20: memfd_file_entry - (*BpfmapFileEntry)(nil), // 21: bpfmap_file_entry -} -var file_fdinfo_proto_depIdxs = []int32{ - 0, // 0: fdinfo_entry.type:type_name -> fd_types - 0, // 1: file_entry.type:type_name -> fd_types - 3, // 2: file_entry.reg:type_name -> reg_file_entry - 4, // 3: file_entry.isk:type_name -> inet_sk_entry - 5, // 4: file_entry.nsf:type_name -> ns_file_entry - 6, // 5: file_entry.psk:type_name -> packet_sock_entry - 7, // 6: file_entry.nlsk:type_name -> netlink_sk_entry - 8, // 7: file_entry.efd:type_name -> eventfd_file_entry - 9, // 8: file_entry.epfd:type_name -> eventpoll_file_entry - 10, // 9: file_entry.sgfd:type_name -> signalfd_entry - 11, // 10: file_entry.tunf:type_name -> tunfile_entry - 12, // 11: file_entry.tfd:type_name -> timerfd_entry - 13, // 12: file_entry.ify:type_name -> inotify_file_entry - 14, // 13: file_entry.ffy:type_name -> fanotify_file_entry - 15, // 14: file_entry.ext:type_name -> ext_file_entry - 16, // 15: file_entry.usk:type_name -> unix_sk_entry - 17, // 16: file_entry.fifo:type_name -> fifo_entry - 18, // 17: file_entry.pipe:type_name -> pipe_entry - 19, // 18: file_entry.tty:type_name -> tty_file_entry - 20, // 19: file_entry.memfd:type_name -> memfd_file_entry - 21, // 20: file_entry.bpf:type_name -> bpfmap_file_entry - 21, // [21:21] is the sub-list for method output_type - 21, // [21:21] is the sub-list for method input_type - 21, // [21:21] is the sub-list for extension type_name - 21, // [21:21] is the sub-list for extension extendee - 0, // [0:21] is the sub-list for field type_name -} - -func init() { file_fdinfo_proto_init() } -func file_fdinfo_proto_init() { - if File_fdinfo_proto != nil { - return - } - file_regfile_proto_init() - file_sk_inet_proto_init() - file_ns_proto_init() - file_packet_sock_proto_init() - file_sk_netlink_proto_init() - file_eventfd_proto_init() - file_eventpoll_proto_init() - file_signalfd_proto_init() - file_tun_proto_init() - file_timerfd_proto_init() - file_fsnotify_proto_init() - file_ext_file_proto_init() - file_sk_unix_proto_init() - file_fifo_proto_init() - file_pipe_proto_init() - file_tty_proto_init() - file_memfd_proto_init() - file_bpfmap_file_proto_init() - if !protoimpl.UnsafeEnabled { - file_fdinfo_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*FdinfoEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_fdinfo_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*FileEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_fdinfo_proto_rawDesc, - NumEnums: 1, - NumMessages: 2, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_fdinfo_proto_goTypes, - DependencyIndexes: file_fdinfo_proto_depIdxs, - EnumInfos: file_fdinfo_proto_enumTypes, - MessageInfos: file_fdinfo_proto_msgTypes, - }.Build() - File_fdinfo_proto = out.File - file_fdinfo_proto_rawDesc = nil - file_fdinfo_proto_goTypes = nil - file_fdinfo_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fdinfo.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fdinfo.proto deleted file mode 100644 index 88f1c11860f..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fdinfo.proto +++ /dev/null @@ -1,81 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -import "regfile.proto"; -import "sk-inet.proto"; -import "ns.proto"; -import "packet-sock.proto"; -import "sk-netlink.proto"; -import "eventfd.proto"; -import "eventpoll.proto"; -import "signalfd.proto"; -import "tun.proto"; -import "timerfd.proto"; -import "fsnotify.proto"; -import "ext-file.proto"; -import "sk-unix.proto"; -import "fifo.proto"; -import "pipe.proto"; -import "tty.proto"; -import "memfd.proto"; -import "bpfmap-file.proto"; - -enum fd_types { - UND = 0; - REG = 1; - PIPE = 2; - FIFO = 3; - INETSK = 4; - UNIXSK = 5; - EVENTFD = 6; - EVENTPOLL = 7; - INOTIFY = 8; - SIGNALFD = 9; - PACKETSK = 10; - TTY = 11; - FANOTIFY = 12; - NETLINKSK = 13; - NS = 14; - TUNF = 15; - EXT = 16; - TIMERFD = 17; - MEMFD = 18; - BPFMAP = 19; - - /* Any number above the real used. Not stored to image */ - CTL_TTY = 65534; - AUTOFS_PIPE = 65535; -} - -message fdinfo_entry { - required uint32 id = 1; - required uint32 flags = 2; - required fd_types type = 3; - required uint32 fd = 4; - optional string xattr_security_selinux = 5; -} - -message file_entry { - required fd_types type = 1; - required uint32 id = 2; - optional reg_file_entry reg = 3; - optional inet_sk_entry isk = 4; - optional ns_file_entry nsf = 5; - optional packet_sock_entry psk = 6; - optional netlink_sk_entry nlsk = 7; - optional eventfd_file_entry efd = 8; - optional eventpoll_file_entry epfd = 9; - optional signalfd_entry sgfd = 10; - optional tunfile_entry tunf = 11; - optional timerfd_entry tfd = 12; - optional inotify_file_entry ify = 13; - optional fanotify_file_entry ffy = 14; - optional ext_file_entry ext = 15; - optional unix_sk_entry usk = 16; - optional fifo_entry fifo = 17; - optional pipe_entry pipe = 18; - optional tty_file_entry tty = 19; - optional memfd_file_entry memfd = 20; - optional bpfmap_file_entry bpf = 21; -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fh.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fh.pb.go deleted file mode 100644 index c67a02ce36e..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fh.pb.go +++ /dev/null @@ -1,321 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: fh.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type FhEntrySizes int32 - -const ( - FhEntrySizes_min_entries FhEntrySizes = 16 -) - -// Enum value maps for FhEntrySizes. -var ( - FhEntrySizes_name = map[int32]string{ - 16: "min_entries", - } - FhEntrySizes_value = map[string]int32{ - "min_entries": 16, - } -) - -func (x FhEntrySizes) Enum() *FhEntrySizes { - p := new(FhEntrySizes) - *p = x - return p -} - -func (x FhEntrySizes) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (FhEntrySizes) Descriptor() protoreflect.EnumDescriptor { - return file_fh_proto_enumTypes[0].Descriptor() -} - -func (FhEntrySizes) Type() protoreflect.EnumType { - return &file_fh_proto_enumTypes[0] -} - -func (x FhEntrySizes) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Do not use. -func (x *FhEntrySizes) UnmarshalJSON(b []byte) error { - num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b) - if err != nil { - return err - } - *x = FhEntrySizes(num) - return nil -} - -// Deprecated: Use FhEntrySizes.Descriptor instead. -func (FhEntrySizes) EnumDescriptor() ([]byte, []int) { - return file_fh_proto_rawDescGZIP(), []int{0} -} - -type FhEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Bytes *uint32 `protobuf:"varint,1,req,name=bytes" json:"bytes,omitempty"` - Type *uint32 `protobuf:"varint,2,req,name=type" json:"type,omitempty"` - // The minimum is fh_n_handle repetitions - Handle []uint64 `protobuf:"varint,3,rep,name=handle" json:"handle,omitempty"` - Path *string `protobuf:"bytes,4,opt,name=path" json:"path,omitempty"` - MntId *uint32 `protobuf:"varint,5,opt,name=mnt_id,json=mntId" json:"mnt_id,omitempty"` -} - -func (x *FhEntry) Reset() { - *x = FhEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_fh_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *FhEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*FhEntry) ProtoMessage() {} - -func (x *FhEntry) ProtoReflect() protoreflect.Message { - mi := &file_fh_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use FhEntry.ProtoReflect.Descriptor instead. -func (*FhEntry) Descriptor() ([]byte, []int) { - return file_fh_proto_rawDescGZIP(), []int{0} -} - -func (x *FhEntry) GetBytes() uint32 { - if x != nil && x.Bytes != nil { - return *x.Bytes - } - return 0 -} - -func (x *FhEntry) GetType() uint32 { - if x != nil && x.Type != nil { - return *x.Type - } - return 0 -} - -func (x *FhEntry) GetHandle() []uint64 { - if x != nil { - return x.Handle - } - return nil -} - -func (x *FhEntry) GetPath() string { - if x != nil && x.Path != nil { - return *x.Path - } - return "" -} - -func (x *FhEntry) GetMntId() uint32 { - if x != nil && x.MntId != nil { - return *x.MntId - } - return 0 -} - -type IrmapCacheEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Dev *uint32 `protobuf:"varint,1,req,name=dev" json:"dev,omitempty"` - Inode *uint64 `protobuf:"varint,2,req,name=inode" json:"inode,omitempty"` - Path *string `protobuf:"bytes,3,req,name=path" json:"path,omitempty"` -} - -func (x *IrmapCacheEntry) Reset() { - *x = IrmapCacheEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_fh_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *IrmapCacheEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*IrmapCacheEntry) ProtoMessage() {} - -func (x *IrmapCacheEntry) ProtoReflect() protoreflect.Message { - mi := &file_fh_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use IrmapCacheEntry.ProtoReflect.Descriptor instead. -func (*IrmapCacheEntry) Descriptor() ([]byte, []int) { - return file_fh_proto_rawDescGZIP(), []int{1} -} - -func (x *IrmapCacheEntry) GetDev() uint32 { - if x != nil && x.Dev != nil { - return *x.Dev - } - return 0 -} - -func (x *IrmapCacheEntry) GetInode() uint64 { - if x != nil && x.Inode != nil { - return *x.Inode - } - return 0 -} - -func (x *IrmapCacheEntry) GetPath() string { - if x != nil && x.Path != nil { - return *x.Path - } - return "" -} - -var File_fh_proto protoreflect.FileDescriptor - -var file_fh_proto_rawDesc = []byte{ - 0x0a, 0x08, 0x66, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x77, 0x0a, 0x08, 0x66, 0x68, 0x5f, 0x65, 0x6e, 0x74, - 0x72, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x62, 0x79, 0x74, 0x65, 0x73, 0x18, 0x01, 0x20, 0x02, 0x28, - 0x0d, 0x52, 0x05, 0x62, 0x79, 0x74, 0x65, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, - 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a, 0x06, - 0x68, 0x61, 0x6e, 0x64, 0x6c, 0x65, 0x18, 0x03, 0x20, 0x03, 0x28, 0x04, 0x52, 0x06, 0x68, 0x61, - 0x6e, 0x64, 0x6c, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x04, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x12, 0x15, 0x0a, 0x06, 0x6d, 0x6e, 0x74, 0x5f, - 0x69, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x05, 0x6d, 0x6e, 0x74, 0x49, 0x64, 0x22, - 0x5b, 0x0a, 0x11, 0x69, 0x72, 0x6d, 0x61, 0x70, 0x5f, 0x63, 0x61, 0x63, 0x68, 0x65, 0x5f, 0x65, - 0x6e, 0x74, 0x72, 0x79, 0x12, 0x1c, 0x0a, 0x03, 0x64, 0x65, 0x76, 0x18, 0x01, 0x20, 0x02, 0x28, - 0x0d, 0x42, 0x0a, 0xd2, 0x3f, 0x02, 0x20, 0x01, 0xd2, 0x3f, 0x02, 0x28, 0x01, 0x52, 0x03, 0x64, - 0x65, 0x76, 0x12, 0x14, 0x0a, 0x05, 0x69, 0x6e, 0x6f, 0x64, 0x65, 0x18, 0x02, 0x20, 0x02, 0x28, - 0x04, 0x52, 0x05, 0x69, 0x6e, 0x6f, 0x64, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, - 0x18, 0x03, 0x20, 0x02, 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x2a, 0x21, 0x0a, 0x0e, - 0x66, 0x68, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x73, 0x12, 0x0f, - 0x0a, 0x0b, 0x6d, 0x69, 0x6e, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x69, 0x65, 0x73, 0x10, 0x10, -} - -var ( - file_fh_proto_rawDescOnce sync.Once - file_fh_proto_rawDescData = file_fh_proto_rawDesc -) - -func file_fh_proto_rawDescGZIP() []byte { - file_fh_proto_rawDescOnce.Do(func() { - file_fh_proto_rawDescData = protoimpl.X.CompressGZIP(file_fh_proto_rawDescData) - }) - return file_fh_proto_rawDescData -} - -var file_fh_proto_enumTypes = make([]protoimpl.EnumInfo, 1) -var file_fh_proto_msgTypes = make([]protoimpl.MessageInfo, 2) -var file_fh_proto_goTypes = []interface{}{ - (FhEntrySizes)(0), // 0: fh_entry_sizes - (*FhEntry)(nil), // 1: fh_entry - (*IrmapCacheEntry)(nil), // 2: irmap_cache_entry -} -var file_fh_proto_depIdxs = []int32{ - 0, // [0:0] is the sub-list for method output_type - 0, // [0:0] is the sub-list for method input_type - 0, // [0:0] is the sub-list for extension type_name - 0, // [0:0] is the sub-list for extension extendee - 0, // [0:0] is the sub-list for field type_name -} - -func init() { file_fh_proto_init() } -func file_fh_proto_init() { - if File_fh_proto != nil { - return - } - file_opts_proto_init() - if !protoimpl.UnsafeEnabled { - file_fh_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*FhEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_fh_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*IrmapCacheEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_fh_proto_rawDesc, - NumEnums: 1, - NumMessages: 2, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_fh_proto_goTypes, - DependencyIndexes: file_fh_proto_depIdxs, - EnumInfos: file_fh_proto_enumTypes, - MessageInfos: file_fh_proto_msgTypes, - }.Build() - File_fh_proto = out.File - file_fh_proto_rawDesc = nil - file_fh_proto_goTypes = nil - file_fh_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fh.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fh.proto deleted file mode 100644 index 7a2ce484bab..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fh.proto +++ /dev/null @@ -1,25 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -import "opts.proto"; - -enum fh_entry_sizes { - min_entries = 16; -} - -message fh_entry { - required uint32 bytes = 1; - required uint32 type = 2; - - /* The minimum is fh_n_handle repetitions */ - repeated uint64 handle = 3; - optional string path = 4; - optional uint32 mnt_id = 5; -} - -message irmap_cache_entry { - required uint32 dev = 1 [(criu).dev = true, (criu).odev = true]; - required uint64 inode = 2; - required string path = 3; -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fifo.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fifo.pb.go deleted file mode 100644 index 57dfd4faa10..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fifo.pb.go +++ /dev/null @@ -1,160 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: fifo.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type FifoEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Id *uint32 `protobuf:"varint,1,req,name=id" json:"id,omitempty"` - PipeId *uint32 `protobuf:"varint,2,req,name=pipe_id,json=pipeId" json:"pipe_id,omitempty"` - RegfId *uint32 `protobuf:"varint,3,opt,name=regf_id,json=regfId" json:"regf_id,omitempty"` -} - -func (x *FifoEntry) Reset() { - *x = FifoEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_fifo_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *FifoEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*FifoEntry) ProtoMessage() {} - -func (x *FifoEntry) ProtoReflect() protoreflect.Message { - mi := &file_fifo_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use FifoEntry.ProtoReflect.Descriptor instead. -func (*FifoEntry) Descriptor() ([]byte, []int) { - return file_fifo_proto_rawDescGZIP(), []int{0} -} - -func (x *FifoEntry) GetId() uint32 { - if x != nil && x.Id != nil { - return *x.Id - } - return 0 -} - -func (x *FifoEntry) GetPipeId() uint32 { - if x != nil && x.PipeId != nil { - return *x.PipeId - } - return 0 -} - -func (x *FifoEntry) GetRegfId() uint32 { - if x != nil && x.RegfId != nil { - return *x.RegfId - } - return 0 -} - -var File_fifo_proto protoreflect.FileDescriptor - -var file_fifo_proto_rawDesc = []byte{ - 0x0a, 0x0a, 0x66, 0x69, 0x66, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x4e, 0x0a, 0x0a, - 0x66, 0x69, 0x66, 0x6f, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, - 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, 0x17, 0x0a, 0x07, 0x70, 0x69, - 0x70, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x06, 0x70, 0x69, 0x70, - 0x65, 0x49, 0x64, 0x12, 0x17, 0x0a, 0x07, 0x72, 0x65, 0x67, 0x66, 0x5f, 0x69, 0x64, 0x18, 0x03, - 0x20, 0x01, 0x28, 0x0d, 0x52, 0x06, 0x72, 0x65, 0x67, 0x66, 0x49, 0x64, -} - -var ( - file_fifo_proto_rawDescOnce sync.Once - file_fifo_proto_rawDescData = file_fifo_proto_rawDesc -) - -func file_fifo_proto_rawDescGZIP() []byte { - file_fifo_proto_rawDescOnce.Do(func() { - file_fifo_proto_rawDescData = protoimpl.X.CompressGZIP(file_fifo_proto_rawDescData) - }) - return file_fifo_proto_rawDescData -} - -var file_fifo_proto_msgTypes = make([]protoimpl.MessageInfo, 1) -var file_fifo_proto_goTypes = []interface{}{ - (*FifoEntry)(nil), // 0: fifo_entry -} -var file_fifo_proto_depIdxs = []int32{ - 0, // [0:0] is the sub-list for method output_type - 0, // [0:0] is the sub-list for method input_type - 0, // [0:0] is the sub-list for extension type_name - 0, // [0:0] is the sub-list for extension extendee - 0, // [0:0] is the sub-list for field type_name -} - -func init() { file_fifo_proto_init() } -func file_fifo_proto_init() { - if File_fifo_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_fifo_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*FifoEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_fifo_proto_rawDesc, - NumEnums: 0, - NumMessages: 1, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_fifo_proto_goTypes, - DependencyIndexes: file_fifo_proto_depIdxs, - MessageInfos: file_fifo_proto_msgTypes, - }.Build() - File_fifo_proto = out.File - file_fifo_proto_rawDesc = nil - file_fifo_proto_goTypes = nil - file_fifo_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fifo.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fifo.proto deleted file mode 100644 index ae6f48162a7..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fifo.proto +++ /dev/null @@ -1,9 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -message fifo_entry { - required uint32 id = 1; - required uint32 pipe_id = 2; - optional uint32 regf_id = 3; -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/file-lock.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/file-lock.pb.go deleted file mode 100644 index 29af237be8e..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/file-lock.pb.go +++ /dev/null @@ -1,188 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: file-lock.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type FileLockEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Flag *uint32 `protobuf:"varint,1,req,name=flag" json:"flag,omitempty"` - Type *uint32 `protobuf:"varint,2,req,name=type" json:"type,omitempty"` - Pid *int32 `protobuf:"varint,3,req,name=pid" json:"pid,omitempty"` - Fd *int32 `protobuf:"varint,4,req,name=fd" json:"fd,omitempty"` - Start *int64 `protobuf:"varint,5,req,name=start" json:"start,omitempty"` - Len *int64 `protobuf:"varint,6,req,name=len" json:"len,omitempty"` -} - -func (x *FileLockEntry) Reset() { - *x = FileLockEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_file_lock_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *FileLockEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*FileLockEntry) ProtoMessage() {} - -func (x *FileLockEntry) ProtoReflect() protoreflect.Message { - mi := &file_file_lock_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use FileLockEntry.ProtoReflect.Descriptor instead. -func (*FileLockEntry) Descriptor() ([]byte, []int) { - return file_file_lock_proto_rawDescGZIP(), []int{0} -} - -func (x *FileLockEntry) GetFlag() uint32 { - if x != nil && x.Flag != nil { - return *x.Flag - } - return 0 -} - -func (x *FileLockEntry) GetType() uint32 { - if x != nil && x.Type != nil { - return *x.Type - } - return 0 -} - -func (x *FileLockEntry) GetPid() int32 { - if x != nil && x.Pid != nil { - return *x.Pid - } - return 0 -} - -func (x *FileLockEntry) GetFd() int32 { - if x != nil && x.Fd != nil { - return *x.Fd - } - return 0 -} - -func (x *FileLockEntry) GetStart() int64 { - if x != nil && x.Start != nil { - return *x.Start - } - return 0 -} - -func (x *FileLockEntry) GetLen() int64 { - if x != nil && x.Len != nil { - return *x.Len - } - return 0 -} - -var File_file_lock_proto protoreflect.FileDescriptor - -var file_file_lock_proto_rawDesc = []byte{ - 0x0a, 0x0f, 0x66, 0x69, 0x6c, 0x65, 0x2d, 0x6c, 0x6f, 0x63, 0x6b, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x22, 0x83, 0x01, 0x0a, 0x0f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x6c, 0x6f, 0x63, 0x6b, 0x5f, - 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x66, 0x6c, 0x61, 0x67, 0x18, 0x01, 0x20, - 0x02, 0x28, 0x0d, 0x52, 0x04, 0x66, 0x6c, 0x61, 0x67, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, - 0x65, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x10, 0x0a, - 0x03, 0x70, 0x69, 0x64, 0x18, 0x03, 0x20, 0x02, 0x28, 0x05, 0x52, 0x03, 0x70, 0x69, 0x64, 0x12, - 0x0e, 0x0a, 0x02, 0x66, 0x64, 0x18, 0x04, 0x20, 0x02, 0x28, 0x05, 0x52, 0x02, 0x66, 0x64, 0x12, - 0x14, 0x0a, 0x05, 0x73, 0x74, 0x61, 0x72, 0x74, 0x18, 0x05, 0x20, 0x02, 0x28, 0x03, 0x52, 0x05, - 0x73, 0x74, 0x61, 0x72, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x6c, 0x65, 0x6e, 0x18, 0x06, 0x20, 0x02, - 0x28, 0x03, 0x52, 0x03, 0x6c, 0x65, 0x6e, -} - -var ( - file_file_lock_proto_rawDescOnce sync.Once - file_file_lock_proto_rawDescData = file_file_lock_proto_rawDesc -) - -func file_file_lock_proto_rawDescGZIP() []byte { - file_file_lock_proto_rawDescOnce.Do(func() { - file_file_lock_proto_rawDescData = protoimpl.X.CompressGZIP(file_file_lock_proto_rawDescData) - }) - return file_file_lock_proto_rawDescData -} - -var file_file_lock_proto_msgTypes = make([]protoimpl.MessageInfo, 1) -var file_file_lock_proto_goTypes = []interface{}{ - (*FileLockEntry)(nil), // 0: file_lock_entry -} -var file_file_lock_proto_depIdxs = []int32{ - 0, // [0:0] is the sub-list for method output_type - 0, // [0:0] is the sub-list for method input_type - 0, // [0:0] is the sub-list for extension type_name - 0, // [0:0] is the sub-list for extension extendee - 0, // [0:0] is the sub-list for field type_name -} - -func init() { file_file_lock_proto_init() } -func file_file_lock_proto_init() { - if File_file_lock_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_file_lock_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*FileLockEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_file_lock_proto_rawDesc, - NumEnums: 0, - NumMessages: 1, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_file_lock_proto_goTypes, - DependencyIndexes: file_file_lock_proto_depIdxs, - MessageInfos: file_file_lock_proto_msgTypes, - }.Build() - File_file_lock_proto = out.File - file_file_lock_proto_rawDesc = nil - file_file_lock_proto_goTypes = nil - file_file_lock_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/file-lock.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/file-lock.proto deleted file mode 100644 index dcf3d871ca7..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/file-lock.proto +++ /dev/null @@ -1,12 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -message file_lock_entry { - required uint32 flag = 1; - required uint32 type = 2; - required int32 pid = 3; - required int32 fd = 4; - required int64 start = 5; - required int64 len = 6; -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fown.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fown.pb.go deleted file mode 100644 index 94c4779c29b..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fown.pb.go +++ /dev/null @@ -1,179 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: fown.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type FownEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Uid *uint32 `protobuf:"varint,1,req,name=uid" json:"uid,omitempty"` - Euid *uint32 `protobuf:"varint,2,req,name=euid" json:"euid,omitempty"` - Signum *uint32 `protobuf:"varint,3,req,name=signum" json:"signum,omitempty"` - PidType *uint32 `protobuf:"varint,4,req,name=pid_type,json=pidType" json:"pid_type,omitempty"` - Pid *uint32 `protobuf:"varint,5,req,name=pid" json:"pid,omitempty"` -} - -func (x *FownEntry) Reset() { - *x = FownEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_fown_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *FownEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*FownEntry) ProtoMessage() {} - -func (x *FownEntry) ProtoReflect() protoreflect.Message { - mi := &file_fown_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use FownEntry.ProtoReflect.Descriptor instead. -func (*FownEntry) Descriptor() ([]byte, []int) { - return file_fown_proto_rawDescGZIP(), []int{0} -} - -func (x *FownEntry) GetUid() uint32 { - if x != nil && x.Uid != nil { - return *x.Uid - } - return 0 -} - -func (x *FownEntry) GetEuid() uint32 { - if x != nil && x.Euid != nil { - return *x.Euid - } - return 0 -} - -func (x *FownEntry) GetSignum() uint32 { - if x != nil && x.Signum != nil { - return *x.Signum - } - return 0 -} - -func (x *FownEntry) GetPidType() uint32 { - if x != nil && x.PidType != nil { - return *x.PidType - } - return 0 -} - -func (x *FownEntry) GetPid() uint32 { - if x != nil && x.Pid != nil { - return *x.Pid - } - return 0 -} - -var File_fown_proto protoreflect.FileDescriptor - -var file_fown_proto_rawDesc = []byte{ - 0x0a, 0x0a, 0x66, 0x6f, 0x77, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x77, 0x0a, 0x0a, - 0x66, 0x6f, 0x77, 0x6e, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x69, - 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, 0x75, 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, - 0x65, 0x75, 0x69, 0x64, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x65, 0x75, 0x69, 0x64, - 0x12, 0x16, 0x0a, 0x06, 0x73, 0x69, 0x67, 0x6e, 0x75, 0x6d, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, - 0x52, 0x06, 0x73, 0x69, 0x67, 0x6e, 0x75, 0x6d, 0x12, 0x19, 0x0a, 0x08, 0x70, 0x69, 0x64, 0x5f, - 0x74, 0x79, 0x70, 0x65, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x70, 0x69, 0x64, 0x54, - 0x79, 0x70, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x70, 0x69, 0x64, 0x18, 0x05, 0x20, 0x02, 0x28, 0x0d, - 0x52, 0x03, 0x70, 0x69, 0x64, -} - -var ( - file_fown_proto_rawDescOnce sync.Once - file_fown_proto_rawDescData = file_fown_proto_rawDesc -) - -func file_fown_proto_rawDescGZIP() []byte { - file_fown_proto_rawDescOnce.Do(func() { - file_fown_proto_rawDescData = protoimpl.X.CompressGZIP(file_fown_proto_rawDescData) - }) - return file_fown_proto_rawDescData -} - -var file_fown_proto_msgTypes = make([]protoimpl.MessageInfo, 1) -var file_fown_proto_goTypes = []interface{}{ - (*FownEntry)(nil), // 0: fown_entry -} -var file_fown_proto_depIdxs = []int32{ - 0, // [0:0] is the sub-list for method output_type - 0, // [0:0] is the sub-list for method input_type - 0, // [0:0] is the sub-list for extension type_name - 0, // [0:0] is the sub-list for extension extendee - 0, // [0:0] is the sub-list for field type_name -} - -func init() { file_fown_proto_init() } -func file_fown_proto_init() { - if File_fown_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_fown_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*FownEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_fown_proto_rawDesc, - NumEnums: 0, - NumMessages: 1, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_fown_proto_goTypes, - DependencyIndexes: file_fown_proto_depIdxs, - MessageInfos: file_fown_proto_msgTypes, - }.Build() - File_fown_proto = out.File - file_fown_proto_rawDesc = nil - file_fown_proto_goTypes = nil - file_fown_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fown.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fown.proto deleted file mode 100644 index b2e20b6572a..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fown.proto +++ /dev/null @@ -1,11 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -message fown_entry { - required uint32 uid = 1; - required uint32 euid = 2; - required uint32 signum = 3; - required uint32 pid_type = 4; - required uint32 pid = 5; -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fs.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fs.pb.go deleted file mode 100644 index 06e2f32e07c..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fs.pb.go +++ /dev/null @@ -1,160 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: fs.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type FsEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - CwdId *uint32 `protobuf:"varint,1,req,name=cwd_id,json=cwdId" json:"cwd_id,omitempty"` - RootId *uint32 `protobuf:"varint,2,req,name=root_id,json=rootId" json:"root_id,omitempty"` - Umask *uint32 `protobuf:"varint,3,opt,name=umask" json:"umask,omitempty"` -} - -func (x *FsEntry) Reset() { - *x = FsEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_fs_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *FsEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*FsEntry) ProtoMessage() {} - -func (x *FsEntry) ProtoReflect() protoreflect.Message { - mi := &file_fs_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use FsEntry.ProtoReflect.Descriptor instead. -func (*FsEntry) Descriptor() ([]byte, []int) { - return file_fs_proto_rawDescGZIP(), []int{0} -} - -func (x *FsEntry) GetCwdId() uint32 { - if x != nil && x.CwdId != nil { - return *x.CwdId - } - return 0 -} - -func (x *FsEntry) GetRootId() uint32 { - if x != nil && x.RootId != nil { - return *x.RootId - } - return 0 -} - -func (x *FsEntry) GetUmask() uint32 { - if x != nil && x.Umask != nil { - return *x.Umask - } - return 0 -} - -var File_fs_proto protoreflect.FileDescriptor - -var file_fs_proto_rawDesc = []byte{ - 0x0a, 0x08, 0x66, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x50, 0x0a, 0x08, 0x66, 0x73, - 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x15, 0x0a, 0x06, 0x63, 0x77, 0x64, 0x5f, 0x69, 0x64, - 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x63, 0x77, 0x64, 0x49, 0x64, 0x12, 0x17, 0x0a, - 0x07, 0x72, 0x6f, 0x6f, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x06, - 0x72, 0x6f, 0x6f, 0x74, 0x49, 0x64, 0x12, 0x14, 0x0a, 0x05, 0x75, 0x6d, 0x61, 0x73, 0x6b, 0x18, - 0x03, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x05, 0x75, 0x6d, 0x61, 0x73, 0x6b, -} - -var ( - file_fs_proto_rawDescOnce sync.Once - file_fs_proto_rawDescData = file_fs_proto_rawDesc -) - -func file_fs_proto_rawDescGZIP() []byte { - file_fs_proto_rawDescOnce.Do(func() { - file_fs_proto_rawDescData = protoimpl.X.CompressGZIP(file_fs_proto_rawDescData) - }) - return file_fs_proto_rawDescData -} - -var file_fs_proto_msgTypes = make([]protoimpl.MessageInfo, 1) -var file_fs_proto_goTypes = []interface{}{ - (*FsEntry)(nil), // 0: fs_entry -} -var file_fs_proto_depIdxs = []int32{ - 0, // [0:0] is the sub-list for method output_type - 0, // [0:0] is the sub-list for method input_type - 0, // [0:0] is the sub-list for extension type_name - 0, // [0:0] is the sub-list for extension extendee - 0, // [0:0] is the sub-list for field type_name -} - -func init() { file_fs_proto_init() } -func file_fs_proto_init() { - if File_fs_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_fs_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*FsEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_fs_proto_rawDesc, - NumEnums: 0, - NumMessages: 1, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_fs_proto_goTypes, - DependencyIndexes: file_fs_proto_depIdxs, - MessageInfos: file_fs_proto_msgTypes, - }.Build() - File_fs_proto = out.File - file_fs_proto_rawDesc = nil - file_fs_proto_goTypes = nil - file_fs_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fs.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fs.proto deleted file mode 100644 index 158501ac9d3..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fs.proto +++ /dev/null @@ -1,9 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -message fs_entry { - required uint32 cwd_id = 1; - required uint32 root_id = 2; - optional uint32 umask = 3; -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fsnotify.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fsnotify.pb.go deleted file mode 100644 index 8200687bbd3..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fsnotify.pb.go +++ /dev/null @@ -1,763 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: fsnotify.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type MarkType int32 - -const ( - MarkType_INODE MarkType = 1 - MarkType_MOUNT MarkType = 2 -) - -// Enum value maps for MarkType. -var ( - MarkType_name = map[int32]string{ - 1: "INODE", - 2: "MOUNT", - } - MarkType_value = map[string]int32{ - "INODE": 1, - "MOUNT": 2, - } -) - -func (x MarkType) Enum() *MarkType { - p := new(MarkType) - *p = x - return p -} - -func (x MarkType) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (MarkType) Descriptor() protoreflect.EnumDescriptor { - return file_fsnotify_proto_enumTypes[0].Descriptor() -} - -func (MarkType) Type() protoreflect.EnumType { - return &file_fsnotify_proto_enumTypes[0] -} - -func (x MarkType) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Do not use. -func (x *MarkType) UnmarshalJSON(b []byte) error { - num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b) - if err != nil { - return err - } - *x = MarkType(num) - return nil -} - -// Deprecated: Use MarkType.Descriptor instead. -func (MarkType) EnumDescriptor() ([]byte, []int) { - return file_fsnotify_proto_rawDescGZIP(), []int{0} -} - -type InotifyWdEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Id *uint32 `protobuf:"varint,1,req,name=id" json:"id,omitempty"` - IIno *uint64 `protobuf:"varint,2,req,name=i_ino,json=iIno" json:"i_ino,omitempty"` - Mask *uint32 `protobuf:"varint,3,req,name=mask" json:"mask,omitempty"` - IgnoredMask *uint32 `protobuf:"varint,4,req,name=ignored_mask,json=ignoredMask" json:"ignored_mask,omitempty"` - SDev *uint32 `protobuf:"varint,5,req,name=s_dev,json=sDev" json:"s_dev,omitempty"` - Wd *uint32 `protobuf:"varint,6,req,name=wd" json:"wd,omitempty"` - FHandle *FhEntry `protobuf:"bytes,7,req,name=f_handle,json=fHandle" json:"f_handle,omitempty"` -} - -func (x *InotifyWdEntry) Reset() { - *x = InotifyWdEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_fsnotify_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *InotifyWdEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*InotifyWdEntry) ProtoMessage() {} - -func (x *InotifyWdEntry) ProtoReflect() protoreflect.Message { - mi := &file_fsnotify_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use InotifyWdEntry.ProtoReflect.Descriptor instead. -func (*InotifyWdEntry) Descriptor() ([]byte, []int) { - return file_fsnotify_proto_rawDescGZIP(), []int{0} -} - -func (x *InotifyWdEntry) GetId() uint32 { - if x != nil && x.Id != nil { - return *x.Id - } - return 0 -} - -func (x *InotifyWdEntry) GetIIno() uint64 { - if x != nil && x.IIno != nil { - return *x.IIno - } - return 0 -} - -func (x *InotifyWdEntry) GetMask() uint32 { - if x != nil && x.Mask != nil { - return *x.Mask - } - return 0 -} - -func (x *InotifyWdEntry) GetIgnoredMask() uint32 { - if x != nil && x.IgnoredMask != nil { - return *x.IgnoredMask - } - return 0 -} - -func (x *InotifyWdEntry) GetSDev() uint32 { - if x != nil && x.SDev != nil { - return *x.SDev - } - return 0 -} - -func (x *InotifyWdEntry) GetWd() uint32 { - if x != nil && x.Wd != nil { - return *x.Wd - } - return 0 -} - -func (x *InotifyWdEntry) GetFHandle() *FhEntry { - if x != nil { - return x.FHandle - } - return nil -} - -type InotifyFileEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Id *uint32 `protobuf:"varint,1,req,name=id" json:"id,omitempty"` - Flags *uint32 `protobuf:"varint,2,req,name=flags" json:"flags,omitempty"` - Fown *FownEntry `protobuf:"bytes,4,req,name=fown" json:"fown,omitempty"` - Wd []*InotifyWdEntry `protobuf:"bytes,5,rep,name=wd" json:"wd,omitempty"` -} - -func (x *InotifyFileEntry) Reset() { - *x = InotifyFileEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_fsnotify_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *InotifyFileEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*InotifyFileEntry) ProtoMessage() {} - -func (x *InotifyFileEntry) ProtoReflect() protoreflect.Message { - mi := &file_fsnotify_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use InotifyFileEntry.ProtoReflect.Descriptor instead. -func (*InotifyFileEntry) Descriptor() ([]byte, []int) { - return file_fsnotify_proto_rawDescGZIP(), []int{1} -} - -func (x *InotifyFileEntry) GetId() uint32 { - if x != nil && x.Id != nil { - return *x.Id - } - return 0 -} - -func (x *InotifyFileEntry) GetFlags() uint32 { - if x != nil && x.Flags != nil { - return *x.Flags - } - return 0 -} - -func (x *InotifyFileEntry) GetFown() *FownEntry { - if x != nil { - return x.Fown - } - return nil -} - -func (x *InotifyFileEntry) GetWd() []*InotifyWdEntry { - if x != nil { - return x.Wd - } - return nil -} - -type FanotifyInodeMarkEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - IIno *uint64 `protobuf:"varint,1,req,name=i_ino,json=iIno" json:"i_ino,omitempty"` - FHandle *FhEntry `protobuf:"bytes,2,req,name=f_handle,json=fHandle" json:"f_handle,omitempty"` -} - -func (x *FanotifyInodeMarkEntry) Reset() { - *x = FanotifyInodeMarkEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_fsnotify_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *FanotifyInodeMarkEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*FanotifyInodeMarkEntry) ProtoMessage() {} - -func (x *FanotifyInodeMarkEntry) ProtoReflect() protoreflect.Message { - mi := &file_fsnotify_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use FanotifyInodeMarkEntry.ProtoReflect.Descriptor instead. -func (*FanotifyInodeMarkEntry) Descriptor() ([]byte, []int) { - return file_fsnotify_proto_rawDescGZIP(), []int{2} -} - -func (x *FanotifyInodeMarkEntry) GetIIno() uint64 { - if x != nil && x.IIno != nil { - return *x.IIno - } - return 0 -} - -func (x *FanotifyInodeMarkEntry) GetFHandle() *FhEntry { - if x != nil { - return x.FHandle - } - return nil -} - -type FanotifyMountMarkEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - MntId *uint32 `protobuf:"varint,1,req,name=mnt_id,json=mntId" json:"mnt_id,omitempty"` - Path *string `protobuf:"bytes,2,opt,name=path" json:"path,omitempty"` -} - -func (x *FanotifyMountMarkEntry) Reset() { - *x = FanotifyMountMarkEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_fsnotify_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *FanotifyMountMarkEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*FanotifyMountMarkEntry) ProtoMessage() {} - -func (x *FanotifyMountMarkEntry) ProtoReflect() protoreflect.Message { - mi := &file_fsnotify_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use FanotifyMountMarkEntry.ProtoReflect.Descriptor instead. -func (*FanotifyMountMarkEntry) Descriptor() ([]byte, []int) { - return file_fsnotify_proto_rawDescGZIP(), []int{3} -} - -func (x *FanotifyMountMarkEntry) GetMntId() uint32 { - if x != nil && x.MntId != nil { - return *x.MntId - } - return 0 -} - -func (x *FanotifyMountMarkEntry) GetPath() string { - if x != nil && x.Path != nil { - return *x.Path - } - return "" -} - -type FanotifyMarkEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Id *uint32 `protobuf:"varint,1,req,name=id" json:"id,omitempty"` - Type *MarkType `protobuf:"varint,2,req,name=type,enum=MarkType" json:"type,omitempty"` - Mflags *uint32 `protobuf:"varint,3,req,name=mflags" json:"mflags,omitempty"` - Mask *uint32 `protobuf:"varint,4,req,name=mask" json:"mask,omitempty"` - IgnoredMask *uint32 `protobuf:"varint,5,req,name=ignored_mask,json=ignoredMask" json:"ignored_mask,omitempty"` - SDev *uint32 `protobuf:"varint,6,req,name=s_dev,json=sDev" json:"s_dev,omitempty"` - Ie *FanotifyInodeMarkEntry `protobuf:"bytes,7,opt,name=ie" json:"ie,omitempty"` - Me *FanotifyMountMarkEntry `protobuf:"bytes,8,opt,name=me" json:"me,omitempty"` -} - -func (x *FanotifyMarkEntry) Reset() { - *x = FanotifyMarkEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_fsnotify_proto_msgTypes[4] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *FanotifyMarkEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*FanotifyMarkEntry) ProtoMessage() {} - -func (x *FanotifyMarkEntry) ProtoReflect() protoreflect.Message { - mi := &file_fsnotify_proto_msgTypes[4] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use FanotifyMarkEntry.ProtoReflect.Descriptor instead. -func (*FanotifyMarkEntry) Descriptor() ([]byte, []int) { - return file_fsnotify_proto_rawDescGZIP(), []int{4} -} - -func (x *FanotifyMarkEntry) GetId() uint32 { - if x != nil && x.Id != nil { - return *x.Id - } - return 0 -} - -func (x *FanotifyMarkEntry) GetType() MarkType { - if x != nil && x.Type != nil { - return *x.Type - } - return MarkType_INODE -} - -func (x *FanotifyMarkEntry) GetMflags() uint32 { - if x != nil && x.Mflags != nil { - return *x.Mflags - } - return 0 -} - -func (x *FanotifyMarkEntry) GetMask() uint32 { - if x != nil && x.Mask != nil { - return *x.Mask - } - return 0 -} - -func (x *FanotifyMarkEntry) GetIgnoredMask() uint32 { - if x != nil && x.IgnoredMask != nil { - return *x.IgnoredMask - } - return 0 -} - -func (x *FanotifyMarkEntry) GetSDev() uint32 { - if x != nil && x.SDev != nil { - return *x.SDev - } - return 0 -} - -func (x *FanotifyMarkEntry) GetIe() *FanotifyInodeMarkEntry { - if x != nil { - return x.Ie - } - return nil -} - -func (x *FanotifyMarkEntry) GetMe() *FanotifyMountMarkEntry { - if x != nil { - return x.Me - } - return nil -} - -type FanotifyFileEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Id *uint32 `protobuf:"varint,1,req,name=id" json:"id,omitempty"` - Flags *uint32 `protobuf:"varint,2,req,name=flags" json:"flags,omitempty"` - Fown *FownEntry `protobuf:"bytes,3,req,name=fown" json:"fown,omitempty"` - Faflags *uint32 `protobuf:"varint,4,req,name=faflags" json:"faflags,omitempty"` - Evflags *uint32 `protobuf:"varint,5,req,name=evflags" json:"evflags,omitempty"` - Mark []*FanotifyMarkEntry `protobuf:"bytes,6,rep,name=mark" json:"mark,omitempty"` -} - -func (x *FanotifyFileEntry) Reset() { - *x = FanotifyFileEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_fsnotify_proto_msgTypes[5] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *FanotifyFileEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*FanotifyFileEntry) ProtoMessage() {} - -func (x *FanotifyFileEntry) ProtoReflect() protoreflect.Message { - mi := &file_fsnotify_proto_msgTypes[5] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use FanotifyFileEntry.ProtoReflect.Descriptor instead. -func (*FanotifyFileEntry) Descriptor() ([]byte, []int) { - return file_fsnotify_proto_rawDescGZIP(), []int{5} -} - -func (x *FanotifyFileEntry) GetId() uint32 { - if x != nil && x.Id != nil { - return *x.Id - } - return 0 -} - -func (x *FanotifyFileEntry) GetFlags() uint32 { - if x != nil && x.Flags != nil { - return *x.Flags - } - return 0 -} - -func (x *FanotifyFileEntry) GetFown() *FownEntry { - if x != nil { - return x.Fown - } - return nil -} - -func (x *FanotifyFileEntry) GetFaflags() uint32 { - if x != nil && x.Faflags != nil { - return *x.Faflags - } - return 0 -} - -func (x *FanotifyFileEntry) GetEvflags() uint32 { - if x != nil && x.Evflags != nil { - return *x.Evflags - } - return 0 -} - -func (x *FanotifyFileEntry) GetMark() []*FanotifyMarkEntry { - if x != nil { - return x.Mark - } - return nil -} - -var File_fsnotify_proto protoreflect.FileDescriptor - -var file_fsnotify_proto_rawDesc = []byte{ - 0x0a, 0x0e, 0x66, 0x73, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x08, 0x66, 0x68, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x66, 0x6f, 0x77, 0x6e, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x22, 0xce, 0x01, 0x0a, 0x10, 0x69, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x5f, 0x77, - 0x64, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, - 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, 0x13, 0x0a, 0x05, 0x69, 0x5f, 0x69, 0x6e, 0x6f, - 0x18, 0x02, 0x20, 0x02, 0x28, 0x04, 0x52, 0x04, 0x69, 0x49, 0x6e, 0x6f, 0x12, 0x19, 0x0a, 0x04, - 0x6d, 0x61, 0x73, 0x6b, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, - 0x01, 0x52, 0x04, 0x6d, 0x61, 0x73, 0x6b, 0x12, 0x28, 0x0a, 0x0c, 0x69, 0x67, 0x6e, 0x6f, 0x72, - 0x65, 0x64, 0x5f, 0x6d, 0x61, 0x73, 0x6b, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x05, 0xd2, - 0x3f, 0x02, 0x08, 0x01, 0x52, 0x0b, 0x69, 0x67, 0x6e, 0x6f, 0x72, 0x65, 0x64, 0x4d, 0x61, 0x73, - 0x6b, 0x12, 0x1a, 0x0a, 0x05, 0x73, 0x5f, 0x64, 0x65, 0x76, 0x18, 0x05, 0x20, 0x02, 0x28, 0x0d, - 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x20, 0x01, 0x52, 0x04, 0x73, 0x44, 0x65, 0x76, 0x12, 0x0e, 0x0a, - 0x02, 0x77, 0x64, 0x18, 0x06, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x77, 0x64, 0x12, 0x24, 0x0a, - 0x08, 0x66, 0x5f, 0x68, 0x61, 0x6e, 0x64, 0x6c, 0x65, 0x18, 0x07, 0x20, 0x02, 0x28, 0x0b, 0x32, - 0x09, 0x2e, 0x66, 0x68, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x66, 0x48, 0x61, 0x6e, - 0x64, 0x6c, 0x65, 0x22, 0x85, 0x01, 0x0a, 0x12, 0x69, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x5f, - 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, - 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, 0x1b, 0x0a, 0x05, 0x66, 0x6c, - 0x61, 0x67, 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, - 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x1f, 0x0a, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x18, - 0x04, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x0b, 0x2e, 0x66, 0x6f, 0x77, 0x6e, 0x5f, 0x65, 0x6e, 0x74, - 0x72, 0x79, 0x52, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x12, 0x21, 0x0a, 0x02, 0x77, 0x64, 0x18, 0x05, - 0x20, 0x03, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x69, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x5f, 0x77, - 0x64, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x02, 0x77, 0x64, 0x22, 0x56, 0x0a, 0x19, 0x66, - 0x61, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x5f, 0x69, 0x6e, 0x6f, 0x64, 0x65, 0x5f, 0x6d, 0x61, - 0x72, 0x6b, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x13, 0x0a, 0x05, 0x69, 0x5f, 0x69, 0x6e, - 0x6f, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x52, 0x04, 0x69, 0x49, 0x6e, 0x6f, 0x12, 0x24, 0x0a, - 0x08, 0x66, 0x5f, 0x68, 0x61, 0x6e, 0x64, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0b, 0x32, - 0x09, 0x2e, 0x66, 0x68, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x66, 0x48, 0x61, 0x6e, - 0x64, 0x6c, 0x65, 0x22, 0x46, 0x0a, 0x19, 0x66, 0x61, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x5f, - 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x6d, 0x61, 0x72, 0x6b, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, - 0x12, 0x15, 0x0a, 0x06, 0x6d, 0x6e, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, - 0x52, 0x05, 0x6d, 0x6e, 0x74, 0x49, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x22, 0x9d, 0x02, 0x0a, 0x13, - 0x66, 0x61, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x5f, 0x6d, 0x61, 0x72, 0x6b, 0x5f, 0x65, 0x6e, - 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, - 0x02, 0x69, 0x64, 0x12, 0x1e, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x02, 0x28, - 0x0e, 0x32, 0x0a, 0x2e, 0x6d, 0x61, 0x72, 0x6b, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, - 0x79, 0x70, 0x65, 0x12, 0x1d, 0x0a, 0x06, 0x6d, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x03, 0x20, - 0x02, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x06, 0x6d, 0x66, 0x6c, 0x61, - 0x67, 0x73, 0x12, 0x19, 0x0a, 0x04, 0x6d, 0x61, 0x73, 0x6b, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, - 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x04, 0x6d, 0x61, 0x73, 0x6b, 0x12, 0x28, 0x0a, - 0x0c, 0x69, 0x67, 0x6e, 0x6f, 0x72, 0x65, 0x64, 0x5f, 0x6d, 0x61, 0x73, 0x6b, 0x18, 0x05, 0x20, - 0x02, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x0b, 0x69, 0x67, 0x6e, 0x6f, - 0x72, 0x65, 0x64, 0x4d, 0x61, 0x73, 0x6b, 0x12, 0x1a, 0x0a, 0x05, 0x73, 0x5f, 0x64, 0x65, 0x76, - 0x18, 0x06, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x20, 0x01, 0x52, 0x04, 0x73, - 0x44, 0x65, 0x76, 0x12, 0x2a, 0x0a, 0x02, 0x69, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x1a, 0x2e, 0x66, 0x61, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x5f, 0x69, 0x6e, 0x6f, 0x64, 0x65, - 0x5f, 0x6d, 0x61, 0x72, 0x6b, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x02, 0x69, 0x65, 0x12, - 0x2a, 0x0a, 0x02, 0x6d, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x66, 0x61, - 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x5f, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x6d, 0x61, 0x72, - 0x6b, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x02, 0x6d, 0x65, 0x22, 0xcf, 0x01, 0x0a, 0x13, - 0x66, 0x61, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, 0x6e, - 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, - 0x02, 0x69, 0x64, 0x12, 0x1b, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x02, 0x20, 0x02, - 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, - 0x12, 0x1f, 0x0a, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x0b, - 0x2e, 0x66, 0x6f, 0x77, 0x6e, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x66, 0x6f, 0x77, - 0x6e, 0x12, 0x1f, 0x0a, 0x07, 0x66, 0x61, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x04, 0x20, 0x02, - 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x07, 0x66, 0x61, 0x66, 0x6c, 0x61, - 0x67, 0x73, 0x12, 0x1f, 0x0a, 0x07, 0x65, 0x76, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x05, 0x20, - 0x02, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x07, 0x65, 0x76, 0x66, 0x6c, - 0x61, 0x67, 0x73, 0x12, 0x28, 0x0a, 0x04, 0x6d, 0x61, 0x72, 0x6b, 0x18, 0x06, 0x20, 0x03, 0x28, - 0x0b, 0x32, 0x14, 0x2e, 0x66, 0x61, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x5f, 0x6d, 0x61, 0x72, - 0x6b, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x6d, 0x61, 0x72, 0x6b, 0x2a, 0x21, 0x0a, - 0x09, 0x6d, 0x61, 0x72, 0x6b, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x12, 0x09, 0x0a, 0x05, 0x49, 0x4e, - 0x4f, 0x44, 0x45, 0x10, 0x01, 0x12, 0x09, 0x0a, 0x05, 0x4d, 0x4f, 0x55, 0x4e, 0x54, 0x10, 0x02, -} - -var ( - file_fsnotify_proto_rawDescOnce sync.Once - file_fsnotify_proto_rawDescData = file_fsnotify_proto_rawDesc -) - -func file_fsnotify_proto_rawDescGZIP() []byte { - file_fsnotify_proto_rawDescOnce.Do(func() { - file_fsnotify_proto_rawDescData = protoimpl.X.CompressGZIP(file_fsnotify_proto_rawDescData) - }) - return file_fsnotify_proto_rawDescData -} - -var file_fsnotify_proto_enumTypes = make([]protoimpl.EnumInfo, 1) -var file_fsnotify_proto_msgTypes = make([]protoimpl.MessageInfo, 6) -var file_fsnotify_proto_goTypes = []interface{}{ - (MarkType)(0), // 0: mark_type - (*InotifyWdEntry)(nil), // 1: inotify_wd_entry - (*InotifyFileEntry)(nil), // 2: inotify_file_entry - (*FanotifyInodeMarkEntry)(nil), // 3: fanotify_inode_mark_entry - (*FanotifyMountMarkEntry)(nil), // 4: fanotify_mount_mark_entry - (*FanotifyMarkEntry)(nil), // 5: fanotify_mark_entry - (*FanotifyFileEntry)(nil), // 6: fanotify_file_entry - (*FhEntry)(nil), // 7: fh_entry - (*FownEntry)(nil), // 8: fown_entry -} -var file_fsnotify_proto_depIdxs = []int32{ - 7, // 0: inotify_wd_entry.f_handle:type_name -> fh_entry - 8, // 1: inotify_file_entry.fown:type_name -> fown_entry - 1, // 2: inotify_file_entry.wd:type_name -> inotify_wd_entry - 7, // 3: fanotify_inode_mark_entry.f_handle:type_name -> fh_entry - 0, // 4: fanotify_mark_entry.type:type_name -> mark_type - 3, // 5: fanotify_mark_entry.ie:type_name -> fanotify_inode_mark_entry - 4, // 6: fanotify_mark_entry.me:type_name -> fanotify_mount_mark_entry - 8, // 7: fanotify_file_entry.fown:type_name -> fown_entry - 5, // 8: fanotify_file_entry.mark:type_name -> fanotify_mark_entry - 9, // [9:9] is the sub-list for method output_type - 9, // [9:9] is the sub-list for method input_type - 9, // [9:9] is the sub-list for extension type_name - 9, // [9:9] is the sub-list for extension extendee - 0, // [0:9] is the sub-list for field type_name -} - -func init() { file_fsnotify_proto_init() } -func file_fsnotify_proto_init() { - if File_fsnotify_proto != nil { - return - } - file_opts_proto_init() - file_fh_proto_init() - file_fown_proto_init() - if !protoimpl.UnsafeEnabled { - file_fsnotify_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*InotifyWdEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_fsnotify_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*InotifyFileEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_fsnotify_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*FanotifyInodeMarkEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_fsnotify_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*FanotifyMountMarkEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_fsnotify_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*FanotifyMarkEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_fsnotify_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*FanotifyFileEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_fsnotify_proto_rawDesc, - NumEnums: 1, - NumMessages: 6, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_fsnotify_proto_goTypes, - DependencyIndexes: file_fsnotify_proto_depIdxs, - EnumInfos: file_fsnotify_proto_enumTypes, - MessageInfos: file_fsnotify_proto_msgTypes, - }.Build() - File_fsnotify_proto = out.File - file_fsnotify_proto_rawDesc = nil - file_fsnotify_proto_goTypes = nil - file_fsnotify_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fsnotify.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fsnotify.proto deleted file mode 100644 index df6a667f86d..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/fsnotify.proto +++ /dev/null @@ -1,62 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -import "opts.proto"; -import "fh.proto"; -import "fown.proto"; - -message inotify_wd_entry { - required uint32 id = 1; - required uint64 i_ino = 2; - required uint32 mask = 3 [(criu).hex = true]; - required uint32 ignored_mask = 4 [(criu).hex = true]; - required uint32 s_dev = 5 [(criu).dev = true]; - required uint32 wd = 6; - required fh_entry f_handle = 7; -} - -message inotify_file_entry { - required uint32 id = 1; - required uint32 flags = 2 [(criu).hex = true]; - required fown_entry fown = 4; - repeated inotify_wd_entry wd = 5; -} - -enum mark_type { - INODE = 1; - MOUNT = 2; -} - -message fanotify_inode_mark_entry { - required uint64 i_ino = 1; - required fh_entry f_handle = 2; -} - -message fanotify_mount_mark_entry { - required uint32 mnt_id = 1; - optional string path = 2; -} - -message fanotify_mark_entry { - required uint32 id = 1; - required mark_type type = 2; - - required uint32 mflags = 3 [(criu).hex = true]; - required uint32 mask = 4 [(criu).hex = true]; - required uint32 ignored_mask = 5 [(criu).hex = true]; - required uint32 s_dev = 6 [(criu).dev = true]; - - optional fanotify_inode_mark_entry ie = 7; - optional fanotify_mount_mark_entry me = 8; -} - -message fanotify_file_entry { - required uint32 id = 1; - required uint32 flags = 2 [(criu).hex = true]; - required fown_entry fown = 3; - - required uint32 faflags = 4 [(criu).hex = true]; - required uint32 evflags = 5 [(criu).hex = true]; - repeated fanotify_mark_entry mark = 6; -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ghost-file.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ghost-file.pb.go deleted file mode 100644 index f4c198caa5d..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ghost-file.pb.go +++ /dev/null @@ -1,317 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: ghost-file.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type GhostFileEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Uid *uint32 `protobuf:"varint,1,req,name=uid" json:"uid,omitempty"` - Gid *uint32 `protobuf:"varint,2,req,name=gid" json:"gid,omitempty"` - Mode *uint32 `protobuf:"varint,3,req,name=mode" json:"mode,omitempty"` - Dev *uint32 `protobuf:"varint,4,opt,name=dev" json:"dev,omitempty"` - Ino *uint64 `protobuf:"varint,5,opt,name=ino" json:"ino,omitempty"` - Rdev *uint32 `protobuf:"varint,6,opt,name=rdev" json:"rdev,omitempty"` - Atim *Timeval `protobuf:"bytes,7,opt,name=atim" json:"atim,omitempty"` - Mtim *Timeval `protobuf:"bytes,8,opt,name=mtim" json:"mtim,omitempty"` - Chunks *bool `protobuf:"varint,9,opt,name=chunks" json:"chunks,omitempty"` - Size *uint64 `protobuf:"varint,10,opt,name=size" json:"size,omitempty"` - // this field makes sense only when S_ISLNK(mode) - SymlnkTarget *string `protobuf:"bytes,11,opt,name=symlnk_target,json=symlnkTarget" json:"symlnk_target,omitempty"` -} - -func (x *GhostFileEntry) Reset() { - *x = GhostFileEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_ghost_file_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *GhostFileEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*GhostFileEntry) ProtoMessage() {} - -func (x *GhostFileEntry) ProtoReflect() protoreflect.Message { - mi := &file_ghost_file_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use GhostFileEntry.ProtoReflect.Descriptor instead. -func (*GhostFileEntry) Descriptor() ([]byte, []int) { - return file_ghost_file_proto_rawDescGZIP(), []int{0} -} - -func (x *GhostFileEntry) GetUid() uint32 { - if x != nil && x.Uid != nil { - return *x.Uid - } - return 0 -} - -func (x *GhostFileEntry) GetGid() uint32 { - if x != nil && x.Gid != nil { - return *x.Gid - } - return 0 -} - -func (x *GhostFileEntry) GetMode() uint32 { - if x != nil && x.Mode != nil { - return *x.Mode - } - return 0 -} - -func (x *GhostFileEntry) GetDev() uint32 { - if x != nil && x.Dev != nil { - return *x.Dev - } - return 0 -} - -func (x *GhostFileEntry) GetIno() uint64 { - if x != nil && x.Ino != nil { - return *x.Ino - } - return 0 -} - -func (x *GhostFileEntry) GetRdev() uint32 { - if x != nil && x.Rdev != nil { - return *x.Rdev - } - return 0 -} - -func (x *GhostFileEntry) GetAtim() *Timeval { - if x != nil { - return x.Atim - } - return nil -} - -func (x *GhostFileEntry) GetMtim() *Timeval { - if x != nil { - return x.Mtim - } - return nil -} - -func (x *GhostFileEntry) GetChunks() bool { - if x != nil && x.Chunks != nil { - return *x.Chunks - } - return false -} - -func (x *GhostFileEntry) GetSize() uint64 { - if x != nil && x.Size != nil { - return *x.Size - } - return 0 -} - -func (x *GhostFileEntry) GetSymlnkTarget() string { - if x != nil && x.SymlnkTarget != nil { - return *x.SymlnkTarget - } - return "" -} - -type GhostChunkEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Len *uint64 `protobuf:"varint,1,req,name=len" json:"len,omitempty"` - Off *uint64 `protobuf:"varint,2,req,name=off" json:"off,omitempty"` -} - -func (x *GhostChunkEntry) Reset() { - *x = GhostChunkEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_ghost_file_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *GhostChunkEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*GhostChunkEntry) ProtoMessage() {} - -func (x *GhostChunkEntry) ProtoReflect() protoreflect.Message { - mi := &file_ghost_file_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use GhostChunkEntry.ProtoReflect.Descriptor instead. -func (*GhostChunkEntry) Descriptor() ([]byte, []int) { - return file_ghost_file_proto_rawDescGZIP(), []int{1} -} - -func (x *GhostChunkEntry) GetLen() uint64 { - if x != nil && x.Len != nil { - return *x.Len - } - return 0 -} - -func (x *GhostChunkEntry) GetOff() uint64 { - if x != nil && x.Off != nil { - return *x.Off - } - return 0 -} - -var File_ghost_file_proto protoreflect.FileDescriptor - -var file_ghost_file_proto_rawDesc = []byte{ - 0x0a, 0x10, 0x67, 0x68, 0x6f, 0x73, 0x74, 0x2d, 0x66, 0x69, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, - 0x74, 0x69, 0x6d, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xa2, 0x02, 0x0a, 0x10, 0x67, - 0x68, 0x6f, 0x73, 0x74, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, - 0x10, 0x0a, 0x03, 0x75, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, 0x75, 0x69, - 0x64, 0x12, 0x10, 0x0a, 0x03, 0x67, 0x69, 0x64, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, - 0x67, 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x03, 0x20, 0x02, 0x28, - 0x0d, 0x52, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x17, 0x0a, 0x03, 0x64, 0x65, 0x76, 0x18, 0x04, - 0x20, 0x01, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x20, 0x01, 0x52, 0x03, 0x64, 0x65, 0x76, - 0x12, 0x10, 0x0a, 0x03, 0x69, 0x6e, 0x6f, 0x18, 0x05, 0x20, 0x01, 0x28, 0x04, 0x52, 0x03, 0x69, - 0x6e, 0x6f, 0x12, 0x1e, 0x0a, 0x04, 0x72, 0x64, 0x65, 0x76, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0d, - 0x42, 0x0a, 0xd2, 0x3f, 0x02, 0x20, 0x01, 0xd2, 0x3f, 0x02, 0x28, 0x01, 0x52, 0x04, 0x72, 0x64, - 0x65, 0x76, 0x12, 0x1c, 0x0a, 0x04, 0x61, 0x74, 0x69, 0x6d, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x08, 0x2e, 0x74, 0x69, 0x6d, 0x65, 0x76, 0x61, 0x6c, 0x52, 0x04, 0x61, 0x74, 0x69, 0x6d, - 0x12, 0x1c, 0x0a, 0x04, 0x6d, 0x74, 0x69, 0x6d, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x08, - 0x2e, 0x74, 0x69, 0x6d, 0x65, 0x76, 0x61, 0x6c, 0x52, 0x04, 0x6d, 0x74, 0x69, 0x6d, 0x12, 0x16, - 0x0a, 0x06, 0x63, 0x68, 0x75, 0x6e, 0x6b, 0x73, 0x18, 0x09, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06, - 0x63, 0x68, 0x75, 0x6e, 0x6b, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x0a, - 0x20, 0x01, 0x28, 0x04, 0x52, 0x04, 0x73, 0x69, 0x7a, 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x73, 0x79, - 0x6d, 0x6c, 0x6e, 0x6b, 0x5f, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x18, 0x0b, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x0c, 0x73, 0x79, 0x6d, 0x6c, 0x6e, 0x6b, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x22, - 0x37, 0x0a, 0x11, 0x67, 0x68, 0x6f, 0x73, 0x74, 0x5f, 0x63, 0x68, 0x75, 0x6e, 0x6b, 0x5f, 0x65, - 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6c, 0x65, 0x6e, 0x18, 0x01, 0x20, 0x02, 0x28, - 0x04, 0x52, 0x03, 0x6c, 0x65, 0x6e, 0x12, 0x10, 0x0a, 0x03, 0x6f, 0x66, 0x66, 0x18, 0x02, 0x20, - 0x02, 0x28, 0x04, 0x52, 0x03, 0x6f, 0x66, 0x66, -} - -var ( - file_ghost_file_proto_rawDescOnce sync.Once - file_ghost_file_proto_rawDescData = file_ghost_file_proto_rawDesc -) - -func file_ghost_file_proto_rawDescGZIP() []byte { - file_ghost_file_proto_rawDescOnce.Do(func() { - file_ghost_file_proto_rawDescData = protoimpl.X.CompressGZIP(file_ghost_file_proto_rawDescData) - }) - return file_ghost_file_proto_rawDescData -} - -var file_ghost_file_proto_msgTypes = make([]protoimpl.MessageInfo, 2) -var file_ghost_file_proto_goTypes = []interface{}{ - (*GhostFileEntry)(nil), // 0: ghost_file_entry - (*GhostChunkEntry)(nil), // 1: ghost_chunk_entry - (*Timeval)(nil), // 2: timeval -} -var file_ghost_file_proto_depIdxs = []int32{ - 2, // 0: ghost_file_entry.atim:type_name -> timeval - 2, // 1: ghost_file_entry.mtim:type_name -> timeval - 2, // [2:2] is the sub-list for method output_type - 2, // [2:2] is the sub-list for method input_type - 2, // [2:2] is the sub-list for extension type_name - 2, // [2:2] is the sub-list for extension extendee - 0, // [0:2] is the sub-list for field type_name -} - -func init() { file_ghost_file_proto_init() } -func file_ghost_file_proto_init() { - if File_ghost_file_proto != nil { - return - } - file_opts_proto_init() - file_time_proto_init() - if !protoimpl.UnsafeEnabled { - file_ghost_file_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*GhostFileEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_ghost_file_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*GhostChunkEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_ghost_file_proto_rawDesc, - NumEnums: 0, - NumMessages: 2, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_ghost_file_proto_goTypes, - DependencyIndexes: file_ghost_file_proto_depIdxs, - MessageInfos: file_ghost_file_proto_msgTypes, - }.Build() - File_ghost_file_proto = out.File - file_ghost_file_proto_rawDesc = nil - file_ghost_file_proto_goTypes = nil - file_ghost_file_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ghost-file.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ghost-file.proto deleted file mode 100644 index 9ecee41d244..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ghost-file.proto +++ /dev/null @@ -1,27 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -import "opts.proto"; -import "time.proto"; - -message ghost_file_entry { - required uint32 uid = 1; - required uint32 gid = 2; - required uint32 mode = 3; - - optional uint32 dev = 4 [(criu).dev = true]; - optional uint64 ino = 5; - optional uint32 rdev = 6 [(criu).dev = true, (criu).odev = true]; - optional timeval atim = 7; - optional timeval mtim = 8; - optional bool chunks = 9; - optional uint64 size = 10; - /* this field makes sense only when S_ISLNK(mode) */ - optional string symlnk_target = 11; -} - -message ghost_chunk_entry { - required uint64 len = 1; - required uint64 off = 2; -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/handler.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/handler.go deleted file mode 100644 index f622946c5cf..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/handler.go +++ /dev/null @@ -1,142 +0,0 @@ -package images - -import ( - "errors" - "fmt" - - "google.golang.org/protobuf/proto" -) - -func ProtoHandler(magic string) (proto.Message, error) { - switch magic { - case "APPARMOR": - return &ApparmorEntry{}, nil - case "AUTOFS": - return &AutofsEntry{}, nil - case "BINFMT_MISC": - return &BinfmtMiscEntry{}, nil - case "BPFMAP_DATA": - return &BpfmapDataEntry{}, nil - case "BPFMAP_FILE": - return &BpfmapFileEntry{}, nil - case "CGROUP": - return &CgroupEntry{}, nil - case "CORE": - return &CoreEntry{}, nil - case "CPUINFO": - return &CpuinfoEntry{}, nil - case "CREDS": - return &CredsEntry{}, nil - case "EVENTFD_FILE": - return &EventfdFileEntry{}, nil - case "EVENTPOLL_FILE": - return &EventpollFileEntry{}, nil - case "EVENTPOLL_TFD": - return &EventpollTfdEntry{}, nil - case "EXT_FILES": - return &ExtFileEntry{}, nil - case "FANOTIFY_FILE": - return &FanotifyFileEntry{}, nil - case "FANOTIFY_MARK": - return &FanotifyMarkEntry{}, nil - case "FDINFO": - return &FdinfoEntry{}, nil - case "FIFO": - return &FifoEntry{}, nil - case "FIFO_DATA": - return &PipeDataEntry{}, nil - case "FILES": - return &FileEntry{}, nil - case "FILE_LOCKS": - return &FileLockEntry{}, nil - case "FS": - return &FsEntry{}, nil - case "IDS": - return &TaskKobjIdsEntry{}, nil - case "INETSK": - return &InetSkEntry{}, nil - case "INOTIFY_FILE": - return &InotifyFileEntry{}, nil - case "INOTIFY_WD": - return &InotifyWdEntry{}, nil - case "INVENTORY": - return &InventoryEntry{}, nil - case "IPCNS_MSG": - return &IpcMsgEntry{}, nil - case "IPCNS_SEM": - return &IpcSemEntry{}, nil - case "IPCNS_SHM": - return &IpcShmEntry{}, nil - case "IPC_VAR": - return &IpcVarEntry{}, nil - case "IRMAP_CACHE": - return &IrmapCacheEntry{}, nil - case "ITIMERS": - return &ItimerEntry{}, nil - case "MEMFD_INODE": - return &MemfdInodeEntry{}, nil - case "MM": - return &MmEntry{}, nil - case "MNTS": - return &MntEntry{}, nil - case "NETDEV": - return &NetDeviceEntry{}, nil - case "NETLINK_SK": - return &NetlinkSkEntry{}, nil - case "NETNS": - return &NetnsEntry{}, nil - case "NS_FILES": - return &NsFileEntry{}, nil - case "PACKETSK": - return &PacketSockEntry{}, nil - case "PIDNS": - return &PidnsEntry{}, nil - case "PIPES": - return &PipeEntry{}, nil - case "PIPES_DATA": - return &PipeDataEntry{}, nil - case "POSIX_TIMERS": - return &PosixTimerEntry{}, nil - case "PSTREE": - return &PstreeEntry{}, nil - case "REG_FILES": - return &RegFileEntry{}, nil - case "REMAP_FPATH": - return &RemapFilePathEntry{}, nil - case "RLIMIT": - return &RlimitEntry{}, nil - case "SECCOMP": - return &SeccompEntry{}, nil - case "SIGACT": - return &SaEntry{}, nil - case "SIGNALFD": - return &SignalfdEntry{}, nil - case "SK_QUEUES": - return &SkPacketEntry{}, nil - case "STATS": - return &StatsEntry{}, nil - case "TCP_STREAM": - return &TcpStreamEntry{}, nil - case "TIMENS": - return &TimensEntry{}, nil - case "TIMERFD": - return &TimerfdEntry{}, nil - case "TTY_DATA": - return &TtyDataEntry{}, nil - case "TTY_FILES": - return &TtyFileEntry{}, nil - case "TTY_INFO": - return &TtyInfoEntry{}, nil - case "TUNFILE": - return &TunfileEntry{}, nil - case "UNIXSK": - return &UnixSkEntry{}, nil - case "USERNS": - return &UsernsEntry{}, nil - case "UTSNS": - return &UtsnsEntry{}, nil - case "VMAS": - return &VmaEntry{}, nil - } - return nil, errors.New(fmt.Sprintf("No handler found for magic 0x%x", magic)) -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/img-streamer.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/img-streamer.pb.go deleted file mode 100644 index 8f94a1b5c53..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/img-streamer.pb.go +++ /dev/null @@ -1,214 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: img-streamer.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -// This message is sent from CRIU to the streamer. -// - During dump, it communicates the name of the file that is about to be sent -// to the streamer. -// - During restore, CRIU requests image files from the streamer. The message is -// used to communicate the name of the desired file. -type ImgStreamerRequestEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Filename *string `protobuf:"bytes,1,req,name=filename" json:"filename,omitempty"` -} - -func (x *ImgStreamerRequestEntry) Reset() { - *x = ImgStreamerRequestEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_img_streamer_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ImgStreamerRequestEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ImgStreamerRequestEntry) ProtoMessage() {} - -func (x *ImgStreamerRequestEntry) ProtoReflect() protoreflect.Message { - mi := &file_img_streamer_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ImgStreamerRequestEntry.ProtoReflect.Descriptor instead. -func (*ImgStreamerRequestEntry) Descriptor() ([]byte, []int) { - return file_img_streamer_proto_rawDescGZIP(), []int{0} -} - -func (x *ImgStreamerRequestEntry) GetFilename() string { - if x != nil && x.Filename != nil { - return *x.Filename - } - return "" -} - -// This message is sent from the streamer to CRIU. It is only used during -// restore to report whether the requested file exists. -type ImgStreamerReplyEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Exists *bool `protobuf:"varint,1,req,name=exists" json:"exists,omitempty"` -} - -func (x *ImgStreamerReplyEntry) Reset() { - *x = ImgStreamerReplyEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_img_streamer_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ImgStreamerReplyEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ImgStreamerReplyEntry) ProtoMessage() {} - -func (x *ImgStreamerReplyEntry) ProtoReflect() protoreflect.Message { - mi := &file_img_streamer_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ImgStreamerReplyEntry.ProtoReflect.Descriptor instead. -func (*ImgStreamerReplyEntry) Descriptor() ([]byte, []int) { - return file_img_streamer_proto_rawDescGZIP(), []int{1} -} - -func (x *ImgStreamerReplyEntry) GetExists() bool { - if x != nil && x.Exists != nil { - return *x.Exists - } - return false -} - -var File_img_streamer_proto protoreflect.FileDescriptor - -var file_img_streamer_proto_rawDesc = []byte{ - 0x0a, 0x12, 0x69, 0x6d, 0x67, 0x2d, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x65, 0x72, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x38, 0x0a, 0x1a, 0x69, 0x6d, 0x67, 0x5f, 0x73, 0x74, 0x72, 0x65, - 0x61, 0x6d, 0x65, 0x72, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x5f, 0x65, 0x6e, 0x74, - 0x72, 0x79, 0x12, 0x1a, 0x0a, 0x08, 0x66, 0x69, 0x6c, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, - 0x20, 0x02, 0x28, 0x09, 0x52, 0x08, 0x66, 0x69, 0x6c, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x22, 0x32, - 0x0a, 0x18, 0x69, 0x6d, 0x67, 0x5f, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x65, 0x72, 0x5f, 0x72, - 0x65, 0x70, 0x6c, 0x79, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x16, 0x0a, 0x06, 0x65, 0x78, - 0x69, 0x73, 0x74, 0x73, 0x18, 0x01, 0x20, 0x02, 0x28, 0x08, 0x52, 0x06, 0x65, 0x78, 0x69, 0x73, - 0x74, 0x73, -} - -var ( - file_img_streamer_proto_rawDescOnce sync.Once - file_img_streamer_proto_rawDescData = file_img_streamer_proto_rawDesc -) - -func file_img_streamer_proto_rawDescGZIP() []byte { - file_img_streamer_proto_rawDescOnce.Do(func() { - file_img_streamer_proto_rawDescData = protoimpl.X.CompressGZIP(file_img_streamer_proto_rawDescData) - }) - return file_img_streamer_proto_rawDescData -} - -var file_img_streamer_proto_msgTypes = make([]protoimpl.MessageInfo, 2) -var file_img_streamer_proto_goTypes = []interface{}{ - (*ImgStreamerRequestEntry)(nil), // 0: img_streamer_request_entry - (*ImgStreamerReplyEntry)(nil), // 1: img_streamer_reply_entry -} -var file_img_streamer_proto_depIdxs = []int32{ - 0, // [0:0] is the sub-list for method output_type - 0, // [0:0] is the sub-list for method input_type - 0, // [0:0] is the sub-list for extension type_name - 0, // [0:0] is the sub-list for extension extendee - 0, // [0:0] is the sub-list for field type_name -} - -func init() { file_img_streamer_proto_init() } -func file_img_streamer_proto_init() { - if File_img_streamer_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_img_streamer_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ImgStreamerRequestEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_img_streamer_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ImgStreamerReplyEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_img_streamer_proto_rawDesc, - NumEnums: 0, - NumMessages: 2, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_img_streamer_proto_goTypes, - DependencyIndexes: file_img_streamer_proto_depIdxs, - MessageInfos: file_img_streamer_proto_msgTypes, - }.Build() - File_img_streamer_proto = out.File - file_img_streamer_proto_rawDesc = nil - file_img_streamer_proto_goTypes = nil - file_img_streamer_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/img-streamer.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/img-streamer.proto deleted file mode 100644 index 48a3a93b0e2..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/img-streamer.proto +++ /dev/null @@ -1,18 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -// This message is sent from CRIU to the streamer. -// * During dump, it communicates the name of the file that is about to be sent -// to the streamer. -// * During restore, CRIU requests image files from the streamer. The message is -// used to communicate the name of the desired file. -message img_streamer_request_entry { - required string filename = 1; -} - -// This message is sent from the streamer to CRIU. It is only used during -// restore to report whether the requested file exists. -message img_streamer_reply_entry { - required bool exists = 1; -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/inventory.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/inventory.pb.go deleted file mode 100644 index 872e6d3bfe8..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/inventory.pb.go +++ /dev/null @@ -1,305 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: inventory.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type Lsmtype int32 - -const ( - Lsmtype_NO_LSM Lsmtype = 0 - Lsmtype_SELINUX Lsmtype = 1 - Lsmtype_APPARMOR Lsmtype = 2 -) - -// Enum value maps for Lsmtype. -var ( - Lsmtype_name = map[int32]string{ - 0: "NO_LSM", - 1: "SELINUX", - 2: "APPARMOR", - } - Lsmtype_value = map[string]int32{ - "NO_LSM": 0, - "SELINUX": 1, - "APPARMOR": 2, - } -) - -func (x Lsmtype) Enum() *Lsmtype { - p := new(Lsmtype) - *p = x - return p -} - -func (x Lsmtype) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (Lsmtype) Descriptor() protoreflect.EnumDescriptor { - return file_inventory_proto_enumTypes[0].Descriptor() -} - -func (Lsmtype) Type() protoreflect.EnumType { - return &file_inventory_proto_enumTypes[0] -} - -func (x Lsmtype) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Do not use. -func (x *Lsmtype) UnmarshalJSON(b []byte) error { - num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b) - if err != nil { - return err - } - *x = Lsmtype(num) - return nil -} - -// Deprecated: Use Lsmtype.Descriptor instead. -func (Lsmtype) EnumDescriptor() ([]byte, []int) { - return file_inventory_proto_rawDescGZIP(), []int{0} -} - -type InventoryEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - ImgVersion *uint32 `protobuf:"varint,1,req,name=img_version,json=imgVersion" json:"img_version,omitempty"` - FdinfoPerId *bool `protobuf:"varint,2,opt,name=fdinfo_per_id,json=fdinfoPerId" json:"fdinfo_per_id,omitempty"` - RootIds *TaskKobjIdsEntry `protobuf:"bytes,3,opt,name=root_ids,json=rootIds" json:"root_ids,omitempty"` - NsPerId *bool `protobuf:"varint,4,opt,name=ns_per_id,json=nsPerId" json:"ns_per_id,omitempty"` - RootCgSet *uint32 `protobuf:"varint,5,opt,name=root_cg_set,json=rootCgSet" json:"root_cg_set,omitempty"` - Lsmtype *Lsmtype `protobuf:"varint,6,opt,name=lsmtype,enum=Lsmtype" json:"lsmtype,omitempty"` - DumpUptime *uint64 `protobuf:"varint,8,opt,name=dump_uptime,json=dumpUptime" json:"dump_uptime,omitempty"` - PreDumpMode *uint32 `protobuf:"varint,9,opt,name=pre_dump_mode,json=preDumpMode" json:"pre_dump_mode,omitempty"` - TcpClose *bool `protobuf:"varint,10,opt,name=tcp_close,json=tcpClose" json:"tcp_close,omitempty"` - NetworkLockMethod *uint32 `protobuf:"varint,11,opt,name=network_lock_method,json=networkLockMethod" json:"network_lock_method,omitempty"` -} - -func (x *InventoryEntry) Reset() { - *x = InventoryEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_inventory_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *InventoryEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*InventoryEntry) ProtoMessage() {} - -func (x *InventoryEntry) ProtoReflect() protoreflect.Message { - mi := &file_inventory_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use InventoryEntry.ProtoReflect.Descriptor instead. -func (*InventoryEntry) Descriptor() ([]byte, []int) { - return file_inventory_proto_rawDescGZIP(), []int{0} -} - -func (x *InventoryEntry) GetImgVersion() uint32 { - if x != nil && x.ImgVersion != nil { - return *x.ImgVersion - } - return 0 -} - -func (x *InventoryEntry) GetFdinfoPerId() bool { - if x != nil && x.FdinfoPerId != nil { - return *x.FdinfoPerId - } - return false -} - -func (x *InventoryEntry) GetRootIds() *TaskKobjIdsEntry { - if x != nil { - return x.RootIds - } - return nil -} - -func (x *InventoryEntry) GetNsPerId() bool { - if x != nil && x.NsPerId != nil { - return *x.NsPerId - } - return false -} - -func (x *InventoryEntry) GetRootCgSet() uint32 { - if x != nil && x.RootCgSet != nil { - return *x.RootCgSet - } - return 0 -} - -func (x *InventoryEntry) GetLsmtype() Lsmtype { - if x != nil && x.Lsmtype != nil { - return *x.Lsmtype - } - return Lsmtype_NO_LSM -} - -func (x *InventoryEntry) GetDumpUptime() uint64 { - if x != nil && x.DumpUptime != nil { - return *x.DumpUptime - } - return 0 -} - -func (x *InventoryEntry) GetPreDumpMode() uint32 { - if x != nil && x.PreDumpMode != nil { - return *x.PreDumpMode - } - return 0 -} - -func (x *InventoryEntry) GetTcpClose() bool { - if x != nil && x.TcpClose != nil { - return *x.TcpClose - } - return false -} - -func (x *InventoryEntry) GetNetworkLockMethod() uint32 { - if x != nil && x.NetworkLockMethod != nil { - return *x.NetworkLockMethod - } - return 0 -} - -var File_inventory_proto protoreflect.FileDescriptor - -var file_inventory_proto_rawDesc = []byte{ - 0x0a, 0x0f, 0x69, 0x6e, 0x76, 0x65, 0x6e, 0x74, 0x6f, 0x72, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x1a, 0x0f, 0x63, 0x72, 0x69, 0x75, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x22, 0xf9, 0x02, 0x0a, 0x0f, 0x69, 0x6e, 0x76, 0x65, 0x6e, 0x74, 0x6f, 0x72, 0x79, - 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x1f, 0x0a, 0x0b, 0x69, 0x6d, 0x67, 0x5f, 0x76, 0x65, - 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x0a, 0x69, 0x6d, 0x67, - 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x22, 0x0a, 0x0d, 0x66, 0x64, 0x69, 0x6e, 0x66, - 0x6f, 0x5f, 0x70, 0x65, 0x72, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0b, - 0x66, 0x64, 0x69, 0x6e, 0x66, 0x6f, 0x50, 0x65, 0x72, 0x49, 0x64, 0x12, 0x2f, 0x0a, 0x08, 0x72, - 0x6f, 0x6f, 0x74, 0x5f, 0x69, 0x64, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, - 0x74, 0x61, 0x73, 0x6b, 0x5f, 0x6b, 0x6f, 0x62, 0x6a, 0x5f, 0x69, 0x64, 0x73, 0x5f, 0x65, 0x6e, - 0x74, 0x72, 0x79, 0x52, 0x07, 0x72, 0x6f, 0x6f, 0x74, 0x49, 0x64, 0x73, 0x12, 0x1a, 0x0a, 0x09, - 0x6e, 0x73, 0x5f, 0x70, 0x65, 0x72, 0x5f, 0x69, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, - 0x07, 0x6e, 0x73, 0x50, 0x65, 0x72, 0x49, 0x64, 0x12, 0x1e, 0x0a, 0x0b, 0x72, 0x6f, 0x6f, 0x74, - 0x5f, 0x63, 0x67, 0x5f, 0x73, 0x65, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x09, 0x72, - 0x6f, 0x6f, 0x74, 0x43, 0x67, 0x53, 0x65, 0x74, 0x12, 0x22, 0x0a, 0x07, 0x6c, 0x73, 0x6d, 0x74, - 0x79, 0x70, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x08, 0x2e, 0x6c, 0x73, 0x6d, 0x74, - 0x79, 0x70, 0x65, 0x52, 0x07, 0x6c, 0x73, 0x6d, 0x74, 0x79, 0x70, 0x65, 0x12, 0x1f, 0x0a, 0x0b, - 0x64, 0x75, 0x6d, 0x70, 0x5f, 0x75, 0x70, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, - 0x04, 0x52, 0x0a, 0x64, 0x75, 0x6d, 0x70, 0x55, 0x70, 0x74, 0x69, 0x6d, 0x65, 0x12, 0x22, 0x0a, - 0x0d, 0x70, 0x72, 0x65, 0x5f, 0x64, 0x75, 0x6d, 0x70, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x09, - 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0b, 0x70, 0x72, 0x65, 0x44, 0x75, 0x6d, 0x70, 0x4d, 0x6f, 0x64, - 0x65, 0x12, 0x1b, 0x0a, 0x09, 0x74, 0x63, 0x70, 0x5f, 0x63, 0x6c, 0x6f, 0x73, 0x65, 0x18, 0x0a, - 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x74, 0x63, 0x70, 0x43, 0x6c, 0x6f, 0x73, 0x65, 0x12, 0x2e, - 0x0a, 0x13, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x5f, 0x6c, 0x6f, 0x63, 0x6b, 0x5f, 0x6d, - 0x65, 0x74, 0x68, 0x6f, 0x64, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x11, 0x6e, 0x65, 0x74, - 0x77, 0x6f, 0x72, 0x6b, 0x4c, 0x6f, 0x63, 0x6b, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x2a, 0x30, - 0x0a, 0x07, 0x6c, 0x73, 0x6d, 0x74, 0x79, 0x70, 0x65, 0x12, 0x0a, 0x0a, 0x06, 0x4e, 0x4f, 0x5f, - 0x4c, 0x53, 0x4d, 0x10, 0x00, 0x12, 0x0b, 0x0a, 0x07, 0x53, 0x45, 0x4c, 0x49, 0x4e, 0x55, 0x58, - 0x10, 0x01, 0x12, 0x0c, 0x0a, 0x08, 0x41, 0x50, 0x50, 0x41, 0x52, 0x4d, 0x4f, 0x52, 0x10, 0x02, -} - -var ( - file_inventory_proto_rawDescOnce sync.Once - file_inventory_proto_rawDescData = file_inventory_proto_rawDesc -) - -func file_inventory_proto_rawDescGZIP() []byte { - file_inventory_proto_rawDescOnce.Do(func() { - file_inventory_proto_rawDescData = protoimpl.X.CompressGZIP(file_inventory_proto_rawDescData) - }) - return file_inventory_proto_rawDescData -} - -var file_inventory_proto_enumTypes = make([]protoimpl.EnumInfo, 1) -var file_inventory_proto_msgTypes = make([]protoimpl.MessageInfo, 1) -var file_inventory_proto_goTypes = []interface{}{ - (Lsmtype)(0), // 0: lsmtype - (*InventoryEntry)(nil), // 1: inventory_entry - (*TaskKobjIdsEntry)(nil), // 2: task_kobj_ids_entry -} -var file_inventory_proto_depIdxs = []int32{ - 2, // 0: inventory_entry.root_ids:type_name -> task_kobj_ids_entry - 0, // 1: inventory_entry.lsmtype:type_name -> lsmtype - 2, // [2:2] is the sub-list for method output_type - 2, // [2:2] is the sub-list for method input_type - 2, // [2:2] is the sub-list for extension type_name - 2, // [2:2] is the sub-list for extension extendee - 0, // [0:2] is the sub-list for field type_name -} - -func init() { file_inventory_proto_init() } -func file_inventory_proto_init() { - if File_inventory_proto != nil { - return - } - file_criu_core_proto_init() - if !protoimpl.UnsafeEnabled { - file_inventory_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*InventoryEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_inventory_proto_rawDesc, - NumEnums: 1, - NumMessages: 1, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_inventory_proto_goTypes, - DependencyIndexes: file_inventory_proto_depIdxs, - EnumInfos: file_inventory_proto_enumTypes, - MessageInfos: file_inventory_proto_msgTypes, - }.Build() - File_inventory_proto = out.File - file_inventory_proto_rawDesc = nil - file_inventory_proto_goTypes = nil - file_inventory_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/inventory.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/inventory.proto deleted file mode 100644 index 7bc16159656..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/inventory.proto +++ /dev/null @@ -1,24 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -import "criu-core.proto"; - -enum lsmtype { - NO_LSM = 0; - SELINUX = 1; - APPARMOR = 2; -} - -message inventory_entry { - required uint32 img_version = 1; - optional bool fdinfo_per_id = 2; - optional task_kobj_ids_entry root_ids = 3; - optional bool ns_per_id = 4; - optional uint32 root_cg_set = 5; - optional lsmtype lsmtype = 6; - optional uint64 dump_uptime = 8; - optional uint32 pre_dump_mode = 9; - optional bool tcp_close = 10; - optional uint32 network_lock_method = 11; -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-desc.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-desc.pb.go deleted file mode 100644 index 9a8a2733d2e..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-desc.pb.go +++ /dev/null @@ -1,197 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: ipc-desc.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type IpcDescEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Key *uint32 `protobuf:"varint,1,req,name=key" json:"key,omitempty"` - Uid *uint32 `protobuf:"varint,2,req,name=uid" json:"uid,omitempty"` - Gid *uint32 `protobuf:"varint,3,req,name=gid" json:"gid,omitempty"` - Cuid *uint32 `protobuf:"varint,4,req,name=cuid" json:"cuid,omitempty"` - Cgid *uint32 `protobuf:"varint,5,req,name=cgid" json:"cgid,omitempty"` - Mode *uint32 `protobuf:"varint,6,req,name=mode" json:"mode,omitempty"` - Id *uint32 `protobuf:"varint,7,req,name=id" json:"id,omitempty"` -} - -func (x *IpcDescEntry) Reset() { - *x = IpcDescEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_ipc_desc_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *IpcDescEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*IpcDescEntry) ProtoMessage() {} - -func (x *IpcDescEntry) ProtoReflect() protoreflect.Message { - mi := &file_ipc_desc_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use IpcDescEntry.ProtoReflect.Descriptor instead. -func (*IpcDescEntry) Descriptor() ([]byte, []int) { - return file_ipc_desc_proto_rawDescGZIP(), []int{0} -} - -func (x *IpcDescEntry) GetKey() uint32 { - if x != nil && x.Key != nil { - return *x.Key - } - return 0 -} - -func (x *IpcDescEntry) GetUid() uint32 { - if x != nil && x.Uid != nil { - return *x.Uid - } - return 0 -} - -func (x *IpcDescEntry) GetGid() uint32 { - if x != nil && x.Gid != nil { - return *x.Gid - } - return 0 -} - -func (x *IpcDescEntry) GetCuid() uint32 { - if x != nil && x.Cuid != nil { - return *x.Cuid - } - return 0 -} - -func (x *IpcDescEntry) GetCgid() uint32 { - if x != nil && x.Cgid != nil { - return *x.Cgid - } - return 0 -} - -func (x *IpcDescEntry) GetMode() uint32 { - if x != nil && x.Mode != nil { - return *x.Mode - } - return 0 -} - -func (x *IpcDescEntry) GetId() uint32 { - if x != nil && x.Id != nil { - return *x.Id - } - return 0 -} - -var File_ipc_desc_proto protoreflect.FileDescriptor - -var file_ipc_desc_proto_rawDesc = []byte{ - 0x0a, 0x0e, 0x69, 0x70, 0x63, 0x2d, 0x64, 0x65, 0x73, 0x63, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x22, 0x92, 0x01, 0x0a, 0x0e, 0x69, 0x70, 0x63, 0x5f, 0x64, 0x65, 0x73, 0x63, 0x5f, 0x65, 0x6e, - 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, - 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x69, 0x64, 0x18, 0x02, 0x20, 0x02, - 0x28, 0x0d, 0x52, 0x03, 0x75, 0x69, 0x64, 0x12, 0x10, 0x0a, 0x03, 0x67, 0x69, 0x64, 0x18, 0x03, - 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, 0x67, 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x63, 0x75, 0x69, - 0x64, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x63, 0x75, 0x69, 0x64, 0x12, 0x12, 0x0a, - 0x04, 0x63, 0x67, 0x69, 0x64, 0x18, 0x05, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x63, 0x67, 0x69, - 0x64, 0x12, 0x12, 0x0a, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x06, 0x20, 0x02, 0x28, 0x0d, 0x52, - 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x07, 0x20, 0x02, 0x28, - 0x0d, 0x52, 0x02, 0x69, 0x64, -} - -var ( - file_ipc_desc_proto_rawDescOnce sync.Once - file_ipc_desc_proto_rawDescData = file_ipc_desc_proto_rawDesc -) - -func file_ipc_desc_proto_rawDescGZIP() []byte { - file_ipc_desc_proto_rawDescOnce.Do(func() { - file_ipc_desc_proto_rawDescData = protoimpl.X.CompressGZIP(file_ipc_desc_proto_rawDescData) - }) - return file_ipc_desc_proto_rawDescData -} - -var file_ipc_desc_proto_msgTypes = make([]protoimpl.MessageInfo, 1) -var file_ipc_desc_proto_goTypes = []interface{}{ - (*IpcDescEntry)(nil), // 0: ipc_desc_entry -} -var file_ipc_desc_proto_depIdxs = []int32{ - 0, // [0:0] is the sub-list for method output_type - 0, // [0:0] is the sub-list for method input_type - 0, // [0:0] is the sub-list for extension type_name - 0, // [0:0] is the sub-list for extension extendee - 0, // [0:0] is the sub-list for field type_name -} - -func init() { file_ipc_desc_proto_init() } -func file_ipc_desc_proto_init() { - if File_ipc_desc_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_ipc_desc_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*IpcDescEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_ipc_desc_proto_rawDesc, - NumEnums: 0, - NumMessages: 1, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_ipc_desc_proto_goTypes, - DependencyIndexes: file_ipc_desc_proto_depIdxs, - MessageInfos: file_ipc_desc_proto_msgTypes, - }.Build() - File_ipc_desc_proto = out.File - file_ipc_desc_proto_rawDesc = nil - file_ipc_desc_proto_goTypes = nil - file_ipc_desc_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-desc.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-desc.proto deleted file mode 100644 index 8b4c7f5baa2..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-desc.proto +++ /dev/null @@ -1,13 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -message ipc_desc_entry { - required uint32 key = 1; - required uint32 uid = 2; - required uint32 gid = 3; - required uint32 cuid = 4; - required uint32 cgid = 5; - required uint32 mode = 6; - required uint32 id = 7; -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-msg.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-msg.pb.go deleted file mode 100644 index d20331e5594..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-msg.pb.go +++ /dev/null @@ -1,237 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: ipc-msg.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type IpcMsg struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Mtype *uint64 `protobuf:"varint,1,req,name=mtype" json:"mtype,omitempty"` - Msize *uint32 `protobuf:"varint,2,req,name=msize" json:"msize,omitempty"` -} - -func (x *IpcMsg) Reset() { - *x = IpcMsg{} - if protoimpl.UnsafeEnabled { - mi := &file_ipc_msg_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *IpcMsg) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*IpcMsg) ProtoMessage() {} - -func (x *IpcMsg) ProtoReflect() protoreflect.Message { - mi := &file_ipc_msg_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use IpcMsg.ProtoReflect.Descriptor instead. -func (*IpcMsg) Descriptor() ([]byte, []int) { - return file_ipc_msg_proto_rawDescGZIP(), []int{0} -} - -func (x *IpcMsg) GetMtype() uint64 { - if x != nil && x.Mtype != nil { - return *x.Mtype - } - return 0 -} - -func (x *IpcMsg) GetMsize() uint32 { - if x != nil && x.Msize != nil { - return *x.Msize - } - return 0 -} - -type IpcMsgEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Desc *IpcDescEntry `protobuf:"bytes,1,req,name=desc" json:"desc,omitempty"` - Qbytes *uint32 `protobuf:"varint,2,req,name=qbytes" json:"qbytes,omitempty"` - Qnum *uint32 `protobuf:"varint,3,req,name=qnum" json:"qnum,omitempty"` -} - -func (x *IpcMsgEntry) Reset() { - *x = IpcMsgEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_ipc_msg_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *IpcMsgEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*IpcMsgEntry) ProtoMessage() {} - -func (x *IpcMsgEntry) ProtoReflect() protoreflect.Message { - mi := &file_ipc_msg_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use IpcMsgEntry.ProtoReflect.Descriptor instead. -func (*IpcMsgEntry) Descriptor() ([]byte, []int) { - return file_ipc_msg_proto_rawDescGZIP(), []int{1} -} - -func (x *IpcMsgEntry) GetDesc() *IpcDescEntry { - if x != nil { - return x.Desc - } - return nil -} - -func (x *IpcMsgEntry) GetQbytes() uint32 { - if x != nil && x.Qbytes != nil { - return *x.Qbytes - } - return 0 -} - -func (x *IpcMsgEntry) GetQnum() uint32 { - if x != nil && x.Qnum != nil { - return *x.Qnum - } - return 0 -} - -var File_ipc_msg_proto protoreflect.FileDescriptor - -var file_ipc_msg_proto_rawDesc = []byte{ - 0x0a, 0x0d, 0x69, 0x70, 0x63, 0x2d, 0x6d, 0x73, 0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, - 0x0e, 0x69, 0x70, 0x63, 0x2d, 0x64, 0x65, 0x73, 0x63, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, - 0x35, 0x0a, 0x07, 0x69, 0x70, 0x63, 0x5f, 0x6d, 0x73, 0x67, 0x12, 0x14, 0x0a, 0x05, 0x6d, 0x74, - 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x52, 0x05, 0x6d, 0x74, 0x79, 0x70, 0x65, - 0x12, 0x14, 0x0a, 0x05, 0x6d, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, - 0x05, 0x6d, 0x73, 0x69, 0x7a, 0x65, 0x22, 0x60, 0x0a, 0x0d, 0x69, 0x70, 0x63, 0x5f, 0x6d, 0x73, - 0x67, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x23, 0x0a, 0x04, 0x64, 0x65, 0x73, 0x63, 0x18, - 0x01, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x69, 0x70, 0x63, 0x5f, 0x64, 0x65, 0x73, 0x63, - 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x64, 0x65, 0x73, 0x63, 0x12, 0x16, 0x0a, 0x06, - 0x71, 0x62, 0x79, 0x74, 0x65, 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x06, 0x71, 0x62, - 0x79, 0x74, 0x65, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x71, 0x6e, 0x75, 0x6d, 0x18, 0x03, 0x20, 0x02, - 0x28, 0x0d, 0x52, 0x04, 0x71, 0x6e, 0x75, 0x6d, -} - -var ( - file_ipc_msg_proto_rawDescOnce sync.Once - file_ipc_msg_proto_rawDescData = file_ipc_msg_proto_rawDesc -) - -func file_ipc_msg_proto_rawDescGZIP() []byte { - file_ipc_msg_proto_rawDescOnce.Do(func() { - file_ipc_msg_proto_rawDescData = protoimpl.X.CompressGZIP(file_ipc_msg_proto_rawDescData) - }) - return file_ipc_msg_proto_rawDescData -} - -var file_ipc_msg_proto_msgTypes = make([]protoimpl.MessageInfo, 2) -var file_ipc_msg_proto_goTypes = []interface{}{ - (*IpcMsg)(nil), // 0: ipc_msg - (*IpcMsgEntry)(nil), // 1: ipc_msg_entry - (*IpcDescEntry)(nil), // 2: ipc_desc_entry -} -var file_ipc_msg_proto_depIdxs = []int32{ - 2, // 0: ipc_msg_entry.desc:type_name -> ipc_desc_entry - 1, // [1:1] is the sub-list for method output_type - 1, // [1:1] is the sub-list for method input_type - 1, // [1:1] is the sub-list for extension type_name - 1, // [1:1] is the sub-list for extension extendee - 0, // [0:1] is the sub-list for field type_name -} - -func init() { file_ipc_msg_proto_init() } -func file_ipc_msg_proto_init() { - if File_ipc_msg_proto != nil { - return - } - file_ipc_desc_proto_init() - if !protoimpl.UnsafeEnabled { - file_ipc_msg_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*IpcMsg); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_ipc_msg_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*IpcMsgEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_ipc_msg_proto_rawDesc, - NumEnums: 0, - NumMessages: 2, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_ipc_msg_proto_goTypes, - DependencyIndexes: file_ipc_msg_proto_depIdxs, - MessageInfos: file_ipc_msg_proto_msgTypes, - }.Build() - File_ipc_msg_proto = out.File - file_ipc_msg_proto_rawDesc = nil - file_ipc_msg_proto_goTypes = nil - file_ipc_msg_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-msg.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-msg.proto deleted file mode 100644 index 5b3103182fa..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-msg.proto +++ /dev/null @@ -1,16 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -import "ipc-desc.proto"; - -message ipc_msg { - required uint64 mtype = 1; - required uint32 msize = 2; -} - -message ipc_msg_entry { - required ipc_desc_entry desc = 1; - required uint32 qbytes = 2; - required uint32 qnum = 3; -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-sem.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-sem.pb.go deleted file mode 100644 index a4b2be84cad..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-sem.pb.go +++ /dev/null @@ -1,156 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: ipc-sem.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type IpcSemEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Desc *IpcDescEntry `protobuf:"bytes,1,req,name=desc" json:"desc,omitempty"` - Nsems *uint32 `protobuf:"varint,2,req,name=nsems" json:"nsems,omitempty"` -} - -func (x *IpcSemEntry) Reset() { - *x = IpcSemEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_ipc_sem_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *IpcSemEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*IpcSemEntry) ProtoMessage() {} - -func (x *IpcSemEntry) ProtoReflect() protoreflect.Message { - mi := &file_ipc_sem_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use IpcSemEntry.ProtoReflect.Descriptor instead. -func (*IpcSemEntry) Descriptor() ([]byte, []int) { - return file_ipc_sem_proto_rawDescGZIP(), []int{0} -} - -func (x *IpcSemEntry) GetDesc() *IpcDescEntry { - if x != nil { - return x.Desc - } - return nil -} - -func (x *IpcSemEntry) GetNsems() uint32 { - if x != nil && x.Nsems != nil { - return *x.Nsems - } - return 0 -} - -var File_ipc_sem_proto protoreflect.FileDescriptor - -var file_ipc_sem_proto_rawDesc = []byte{ - 0x0a, 0x0d, 0x69, 0x70, 0x63, 0x2d, 0x73, 0x65, 0x6d, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, - 0x0e, 0x69, 0x70, 0x63, 0x2d, 0x64, 0x65, 0x73, 0x63, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, - 0x4a, 0x0a, 0x0d, 0x69, 0x70, 0x63, 0x5f, 0x73, 0x65, 0x6d, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, - 0x12, 0x23, 0x0a, 0x04, 0x64, 0x65, 0x73, 0x63, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x0f, - 0x2e, 0x69, 0x70, 0x63, 0x5f, 0x64, 0x65, 0x73, 0x63, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, - 0x04, 0x64, 0x65, 0x73, 0x63, 0x12, 0x14, 0x0a, 0x05, 0x6e, 0x73, 0x65, 0x6d, 0x73, 0x18, 0x02, - 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x6e, 0x73, 0x65, 0x6d, 0x73, -} - -var ( - file_ipc_sem_proto_rawDescOnce sync.Once - file_ipc_sem_proto_rawDescData = file_ipc_sem_proto_rawDesc -) - -func file_ipc_sem_proto_rawDescGZIP() []byte { - file_ipc_sem_proto_rawDescOnce.Do(func() { - file_ipc_sem_proto_rawDescData = protoimpl.X.CompressGZIP(file_ipc_sem_proto_rawDescData) - }) - return file_ipc_sem_proto_rawDescData -} - -var file_ipc_sem_proto_msgTypes = make([]protoimpl.MessageInfo, 1) -var file_ipc_sem_proto_goTypes = []interface{}{ - (*IpcSemEntry)(nil), // 0: ipc_sem_entry - (*IpcDescEntry)(nil), // 1: ipc_desc_entry -} -var file_ipc_sem_proto_depIdxs = []int32{ - 1, // 0: ipc_sem_entry.desc:type_name -> ipc_desc_entry - 1, // [1:1] is the sub-list for method output_type - 1, // [1:1] is the sub-list for method input_type - 1, // [1:1] is the sub-list for extension type_name - 1, // [1:1] is the sub-list for extension extendee - 0, // [0:1] is the sub-list for field type_name -} - -func init() { file_ipc_sem_proto_init() } -func file_ipc_sem_proto_init() { - if File_ipc_sem_proto != nil { - return - } - file_ipc_desc_proto_init() - if !protoimpl.UnsafeEnabled { - file_ipc_sem_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*IpcSemEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_ipc_sem_proto_rawDesc, - NumEnums: 0, - NumMessages: 1, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_ipc_sem_proto_goTypes, - DependencyIndexes: file_ipc_sem_proto_depIdxs, - MessageInfos: file_ipc_sem_proto_msgTypes, - }.Build() - File_ipc_sem_proto = out.File - file_ipc_sem_proto_rawDesc = nil - file_ipc_sem_proto_goTypes = nil - file_ipc_sem_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-sem.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-sem.proto deleted file mode 100644 index 71a2beb9480..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-sem.proto +++ /dev/null @@ -1,10 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -import "ipc-desc.proto"; - -message ipc_sem_entry { - required ipc_desc_entry desc = 1; - required uint32 nsems = 2; -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-shm.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-shm.pb.go deleted file mode 100644 index 8dd089cfa9c..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-shm.pb.go +++ /dev/null @@ -1,176 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: ipc-shm.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type IpcShmEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Desc *IpcDescEntry `protobuf:"bytes,1,req,name=desc" json:"desc,omitempty"` - Size *uint64 `protobuf:"varint,2,req,name=size" json:"size,omitempty"` - InPagemaps *bool `protobuf:"varint,3,opt,name=in_pagemaps,json=inPagemaps" json:"in_pagemaps,omitempty"` - HugetlbFlag *uint32 `protobuf:"varint,4,opt,name=hugetlb_flag,json=hugetlbFlag" json:"hugetlb_flag,omitempty"` -} - -func (x *IpcShmEntry) Reset() { - *x = IpcShmEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_ipc_shm_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *IpcShmEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*IpcShmEntry) ProtoMessage() {} - -func (x *IpcShmEntry) ProtoReflect() protoreflect.Message { - mi := &file_ipc_shm_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use IpcShmEntry.ProtoReflect.Descriptor instead. -func (*IpcShmEntry) Descriptor() ([]byte, []int) { - return file_ipc_shm_proto_rawDescGZIP(), []int{0} -} - -func (x *IpcShmEntry) GetDesc() *IpcDescEntry { - if x != nil { - return x.Desc - } - return nil -} - -func (x *IpcShmEntry) GetSize() uint64 { - if x != nil && x.Size != nil { - return *x.Size - } - return 0 -} - -func (x *IpcShmEntry) GetInPagemaps() bool { - if x != nil && x.InPagemaps != nil { - return *x.InPagemaps - } - return false -} - -func (x *IpcShmEntry) GetHugetlbFlag() uint32 { - if x != nil && x.HugetlbFlag != nil { - return *x.HugetlbFlag - } - return 0 -} - -var File_ipc_shm_proto protoreflect.FileDescriptor - -var file_ipc_shm_proto_rawDesc = []byte{ - 0x0a, 0x0d, 0x69, 0x70, 0x63, 0x2d, 0x73, 0x68, 0x6d, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, - 0x0e, 0x69, 0x70, 0x63, 0x2d, 0x64, 0x65, 0x73, 0x63, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, - 0x8c, 0x01, 0x0a, 0x0d, 0x69, 0x70, 0x63, 0x5f, 0x73, 0x68, 0x6d, 0x5f, 0x65, 0x6e, 0x74, 0x72, - 0x79, 0x12, 0x23, 0x0a, 0x04, 0x64, 0x65, 0x73, 0x63, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0b, 0x32, - 0x0f, 0x2e, 0x69, 0x70, 0x63, 0x5f, 0x64, 0x65, 0x73, 0x63, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, - 0x52, 0x04, 0x64, 0x65, 0x73, 0x63, 0x12, 0x12, 0x0a, 0x04, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x02, - 0x20, 0x02, 0x28, 0x04, 0x52, 0x04, 0x73, 0x69, 0x7a, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x69, 0x6e, - 0x5f, 0x70, 0x61, 0x67, 0x65, 0x6d, 0x61, 0x70, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, - 0x0a, 0x69, 0x6e, 0x50, 0x61, 0x67, 0x65, 0x6d, 0x61, 0x70, 0x73, 0x12, 0x21, 0x0a, 0x0c, 0x68, - 0x75, 0x67, 0x65, 0x74, 0x6c, 0x62, 0x5f, 0x66, 0x6c, 0x61, 0x67, 0x18, 0x04, 0x20, 0x01, 0x28, - 0x0d, 0x52, 0x0b, 0x68, 0x75, 0x67, 0x65, 0x74, 0x6c, 0x62, 0x46, 0x6c, 0x61, 0x67, -} - -var ( - file_ipc_shm_proto_rawDescOnce sync.Once - file_ipc_shm_proto_rawDescData = file_ipc_shm_proto_rawDesc -) - -func file_ipc_shm_proto_rawDescGZIP() []byte { - file_ipc_shm_proto_rawDescOnce.Do(func() { - file_ipc_shm_proto_rawDescData = protoimpl.X.CompressGZIP(file_ipc_shm_proto_rawDescData) - }) - return file_ipc_shm_proto_rawDescData -} - -var file_ipc_shm_proto_msgTypes = make([]protoimpl.MessageInfo, 1) -var file_ipc_shm_proto_goTypes = []interface{}{ - (*IpcShmEntry)(nil), // 0: ipc_shm_entry - (*IpcDescEntry)(nil), // 1: ipc_desc_entry -} -var file_ipc_shm_proto_depIdxs = []int32{ - 1, // 0: ipc_shm_entry.desc:type_name -> ipc_desc_entry - 1, // [1:1] is the sub-list for method output_type - 1, // [1:1] is the sub-list for method input_type - 1, // [1:1] is the sub-list for extension type_name - 1, // [1:1] is the sub-list for extension extendee - 0, // [0:1] is the sub-list for field type_name -} - -func init() { file_ipc_shm_proto_init() } -func file_ipc_shm_proto_init() { - if File_ipc_shm_proto != nil { - return - } - file_ipc_desc_proto_init() - if !protoimpl.UnsafeEnabled { - file_ipc_shm_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*IpcShmEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_ipc_shm_proto_rawDesc, - NumEnums: 0, - NumMessages: 1, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_ipc_shm_proto_goTypes, - DependencyIndexes: file_ipc_shm_proto_depIdxs, - MessageInfos: file_ipc_shm_proto_msgTypes, - }.Build() - File_ipc_shm_proto = out.File - file_ipc_shm_proto_rawDesc = nil - file_ipc_shm_proto_goTypes = nil - file_ipc_shm_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-shm.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-shm.proto deleted file mode 100644 index c5feebac0c0..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-shm.proto +++ /dev/null @@ -1,12 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -import "ipc-desc.proto"; - -message ipc_shm_entry { - required ipc_desc_entry desc = 1; - required uint64 size = 2; - optional bool in_pagemaps = 3; - optional uint32 hugetlb_flag = 4; -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-var.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-var.pb.go deleted file mode 100644 index cba7310c397..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-var.pb.go +++ /dev/null @@ -1,304 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: ipc-var.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type IpcVarEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - SemCtls []uint32 `protobuf:"varint,1,rep,name=sem_ctls,json=semCtls" json:"sem_ctls,omitempty"` - MsgCtlmax *uint32 `protobuf:"varint,2,req,name=msg_ctlmax,json=msgCtlmax" json:"msg_ctlmax,omitempty"` - MsgCtlmnb *uint32 `protobuf:"varint,3,req,name=msg_ctlmnb,json=msgCtlmnb" json:"msg_ctlmnb,omitempty"` - MsgCtlmni *uint32 `protobuf:"varint,4,req,name=msg_ctlmni,json=msgCtlmni" json:"msg_ctlmni,omitempty"` - AutoMsgmni *uint32 `protobuf:"varint,5,req,name=auto_msgmni,json=autoMsgmni" json:"auto_msgmni,omitempty"` - ShmCtlmax *uint64 `protobuf:"varint,6,req,name=shm_ctlmax,json=shmCtlmax" json:"shm_ctlmax,omitempty"` - ShmCtlall *uint64 `protobuf:"varint,7,req,name=shm_ctlall,json=shmCtlall" json:"shm_ctlall,omitempty"` - ShmCtlmni *uint32 `protobuf:"varint,8,req,name=shm_ctlmni,json=shmCtlmni" json:"shm_ctlmni,omitempty"` - ShmRmidForced *uint32 `protobuf:"varint,9,req,name=shm_rmid_forced,json=shmRmidForced" json:"shm_rmid_forced,omitempty"` - MqQueuesMax *uint32 `protobuf:"varint,10,req,name=mq_queues_max,json=mqQueuesMax" json:"mq_queues_max,omitempty"` - MqMsgMax *uint32 `protobuf:"varint,11,req,name=mq_msg_max,json=mqMsgMax" json:"mq_msg_max,omitempty"` - MqMsgsizeMax *uint32 `protobuf:"varint,12,req,name=mq_msgsize_max,json=mqMsgsizeMax" json:"mq_msgsize_max,omitempty"` - MqMsgDefault *uint32 `protobuf:"varint,13,opt,name=mq_msg_default,json=mqMsgDefault" json:"mq_msg_default,omitempty"` - MqMsgsizeDefault *uint32 `protobuf:"varint,14,opt,name=mq_msgsize_default,json=mqMsgsizeDefault" json:"mq_msgsize_default,omitempty"` - MsgNextId *uint32 `protobuf:"varint,15,opt,name=msg_next_id,json=msgNextId" json:"msg_next_id,omitempty"` - SemNextId *uint32 `protobuf:"varint,16,opt,name=sem_next_id,json=semNextId" json:"sem_next_id,omitempty"` - ShmNextId *uint32 `protobuf:"varint,17,opt,name=shm_next_id,json=shmNextId" json:"shm_next_id,omitempty"` -} - -func (x *IpcVarEntry) Reset() { - *x = IpcVarEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_ipc_var_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *IpcVarEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*IpcVarEntry) ProtoMessage() {} - -func (x *IpcVarEntry) ProtoReflect() protoreflect.Message { - mi := &file_ipc_var_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use IpcVarEntry.ProtoReflect.Descriptor instead. -func (*IpcVarEntry) Descriptor() ([]byte, []int) { - return file_ipc_var_proto_rawDescGZIP(), []int{0} -} - -func (x *IpcVarEntry) GetSemCtls() []uint32 { - if x != nil { - return x.SemCtls - } - return nil -} - -func (x *IpcVarEntry) GetMsgCtlmax() uint32 { - if x != nil && x.MsgCtlmax != nil { - return *x.MsgCtlmax - } - return 0 -} - -func (x *IpcVarEntry) GetMsgCtlmnb() uint32 { - if x != nil && x.MsgCtlmnb != nil { - return *x.MsgCtlmnb - } - return 0 -} - -func (x *IpcVarEntry) GetMsgCtlmni() uint32 { - if x != nil && x.MsgCtlmni != nil { - return *x.MsgCtlmni - } - return 0 -} - -func (x *IpcVarEntry) GetAutoMsgmni() uint32 { - if x != nil && x.AutoMsgmni != nil { - return *x.AutoMsgmni - } - return 0 -} - -func (x *IpcVarEntry) GetShmCtlmax() uint64 { - if x != nil && x.ShmCtlmax != nil { - return *x.ShmCtlmax - } - return 0 -} - -func (x *IpcVarEntry) GetShmCtlall() uint64 { - if x != nil && x.ShmCtlall != nil { - return *x.ShmCtlall - } - return 0 -} - -func (x *IpcVarEntry) GetShmCtlmni() uint32 { - if x != nil && x.ShmCtlmni != nil { - return *x.ShmCtlmni - } - return 0 -} - -func (x *IpcVarEntry) GetShmRmidForced() uint32 { - if x != nil && x.ShmRmidForced != nil { - return *x.ShmRmidForced - } - return 0 -} - -func (x *IpcVarEntry) GetMqQueuesMax() uint32 { - if x != nil && x.MqQueuesMax != nil { - return *x.MqQueuesMax - } - return 0 -} - -func (x *IpcVarEntry) GetMqMsgMax() uint32 { - if x != nil && x.MqMsgMax != nil { - return *x.MqMsgMax - } - return 0 -} - -func (x *IpcVarEntry) GetMqMsgsizeMax() uint32 { - if x != nil && x.MqMsgsizeMax != nil { - return *x.MqMsgsizeMax - } - return 0 -} - -func (x *IpcVarEntry) GetMqMsgDefault() uint32 { - if x != nil && x.MqMsgDefault != nil { - return *x.MqMsgDefault - } - return 0 -} - -func (x *IpcVarEntry) GetMqMsgsizeDefault() uint32 { - if x != nil && x.MqMsgsizeDefault != nil { - return *x.MqMsgsizeDefault - } - return 0 -} - -func (x *IpcVarEntry) GetMsgNextId() uint32 { - if x != nil && x.MsgNextId != nil { - return *x.MsgNextId - } - return 0 -} - -func (x *IpcVarEntry) GetSemNextId() uint32 { - if x != nil && x.SemNextId != nil { - return *x.SemNextId - } - return 0 -} - -func (x *IpcVarEntry) GetShmNextId() uint32 { - if x != nil && x.ShmNextId != nil { - return *x.ShmNextId - } - return 0 -} - -var File_ipc_var_proto protoreflect.FileDescriptor - -var file_ipc_var_proto_rawDesc = []byte{ - 0x0a, 0x0d, 0x69, 0x70, 0x63, 0x2d, 0x76, 0x61, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, - 0xc9, 0x04, 0x0a, 0x0d, 0x69, 0x70, 0x63, 0x5f, 0x76, 0x61, 0x72, 0x5f, 0x65, 0x6e, 0x74, 0x72, - 0x79, 0x12, 0x19, 0x0a, 0x08, 0x73, 0x65, 0x6d, 0x5f, 0x63, 0x74, 0x6c, 0x73, 0x18, 0x01, 0x20, - 0x03, 0x28, 0x0d, 0x52, 0x07, 0x73, 0x65, 0x6d, 0x43, 0x74, 0x6c, 0x73, 0x12, 0x1d, 0x0a, 0x0a, - 0x6d, 0x73, 0x67, 0x5f, 0x63, 0x74, 0x6c, 0x6d, 0x61, 0x78, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, - 0x52, 0x09, 0x6d, 0x73, 0x67, 0x43, 0x74, 0x6c, 0x6d, 0x61, 0x78, 0x12, 0x1d, 0x0a, 0x0a, 0x6d, - 0x73, 0x67, 0x5f, 0x63, 0x74, 0x6c, 0x6d, 0x6e, 0x62, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, - 0x09, 0x6d, 0x73, 0x67, 0x43, 0x74, 0x6c, 0x6d, 0x6e, 0x62, 0x12, 0x1d, 0x0a, 0x0a, 0x6d, 0x73, - 0x67, 0x5f, 0x63, 0x74, 0x6c, 0x6d, 0x6e, 0x69, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x09, - 0x6d, 0x73, 0x67, 0x43, 0x74, 0x6c, 0x6d, 0x6e, 0x69, 0x12, 0x1f, 0x0a, 0x0b, 0x61, 0x75, 0x74, - 0x6f, 0x5f, 0x6d, 0x73, 0x67, 0x6d, 0x6e, 0x69, 0x18, 0x05, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x0a, - 0x61, 0x75, 0x74, 0x6f, 0x4d, 0x73, 0x67, 0x6d, 0x6e, 0x69, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x68, - 0x6d, 0x5f, 0x63, 0x74, 0x6c, 0x6d, 0x61, 0x78, 0x18, 0x06, 0x20, 0x02, 0x28, 0x04, 0x52, 0x09, - 0x73, 0x68, 0x6d, 0x43, 0x74, 0x6c, 0x6d, 0x61, 0x78, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x68, 0x6d, - 0x5f, 0x63, 0x74, 0x6c, 0x61, 0x6c, 0x6c, 0x18, 0x07, 0x20, 0x02, 0x28, 0x04, 0x52, 0x09, 0x73, - 0x68, 0x6d, 0x43, 0x74, 0x6c, 0x61, 0x6c, 0x6c, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x68, 0x6d, 0x5f, - 0x63, 0x74, 0x6c, 0x6d, 0x6e, 0x69, 0x18, 0x08, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x09, 0x73, 0x68, - 0x6d, 0x43, 0x74, 0x6c, 0x6d, 0x6e, 0x69, 0x12, 0x26, 0x0a, 0x0f, 0x73, 0x68, 0x6d, 0x5f, 0x72, - 0x6d, 0x69, 0x64, 0x5f, 0x66, 0x6f, 0x72, 0x63, 0x65, 0x64, 0x18, 0x09, 0x20, 0x02, 0x28, 0x0d, - 0x52, 0x0d, 0x73, 0x68, 0x6d, 0x52, 0x6d, 0x69, 0x64, 0x46, 0x6f, 0x72, 0x63, 0x65, 0x64, 0x12, - 0x22, 0x0a, 0x0d, 0x6d, 0x71, 0x5f, 0x71, 0x75, 0x65, 0x75, 0x65, 0x73, 0x5f, 0x6d, 0x61, 0x78, - 0x18, 0x0a, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x0b, 0x6d, 0x71, 0x51, 0x75, 0x65, 0x75, 0x65, 0x73, - 0x4d, 0x61, 0x78, 0x12, 0x1c, 0x0a, 0x0a, 0x6d, 0x71, 0x5f, 0x6d, 0x73, 0x67, 0x5f, 0x6d, 0x61, - 0x78, 0x18, 0x0b, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x08, 0x6d, 0x71, 0x4d, 0x73, 0x67, 0x4d, 0x61, - 0x78, 0x12, 0x24, 0x0a, 0x0e, 0x6d, 0x71, 0x5f, 0x6d, 0x73, 0x67, 0x73, 0x69, 0x7a, 0x65, 0x5f, - 0x6d, 0x61, 0x78, 0x18, 0x0c, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x0c, 0x6d, 0x71, 0x4d, 0x73, 0x67, - 0x73, 0x69, 0x7a, 0x65, 0x4d, 0x61, 0x78, 0x12, 0x24, 0x0a, 0x0e, 0x6d, 0x71, 0x5f, 0x6d, 0x73, - 0x67, 0x5f, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x0d, 0x52, - 0x0c, 0x6d, 0x71, 0x4d, 0x73, 0x67, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x12, 0x2c, 0x0a, - 0x12, 0x6d, 0x71, 0x5f, 0x6d, 0x73, 0x67, 0x73, 0x69, 0x7a, 0x65, 0x5f, 0x64, 0x65, 0x66, 0x61, - 0x75, 0x6c, 0x74, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x10, 0x6d, 0x71, 0x4d, 0x73, 0x67, - 0x73, 0x69, 0x7a, 0x65, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x12, 0x1e, 0x0a, 0x0b, 0x6d, - 0x73, 0x67, 0x5f, 0x6e, 0x65, 0x78, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x0d, - 0x52, 0x09, 0x6d, 0x73, 0x67, 0x4e, 0x65, 0x78, 0x74, 0x49, 0x64, 0x12, 0x1e, 0x0a, 0x0b, 0x73, - 0x65, 0x6d, 0x5f, 0x6e, 0x65, 0x78, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x10, 0x20, 0x01, 0x28, 0x0d, - 0x52, 0x09, 0x73, 0x65, 0x6d, 0x4e, 0x65, 0x78, 0x74, 0x49, 0x64, 0x12, 0x1e, 0x0a, 0x0b, 0x73, - 0x68, 0x6d, 0x5f, 0x6e, 0x65, 0x78, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x11, 0x20, 0x01, 0x28, 0x0d, - 0x52, 0x09, 0x73, 0x68, 0x6d, 0x4e, 0x65, 0x78, 0x74, 0x49, 0x64, -} - -var ( - file_ipc_var_proto_rawDescOnce sync.Once - file_ipc_var_proto_rawDescData = file_ipc_var_proto_rawDesc -) - -func file_ipc_var_proto_rawDescGZIP() []byte { - file_ipc_var_proto_rawDescOnce.Do(func() { - file_ipc_var_proto_rawDescData = protoimpl.X.CompressGZIP(file_ipc_var_proto_rawDescData) - }) - return file_ipc_var_proto_rawDescData -} - -var file_ipc_var_proto_msgTypes = make([]protoimpl.MessageInfo, 1) -var file_ipc_var_proto_goTypes = []interface{}{ - (*IpcVarEntry)(nil), // 0: ipc_var_entry -} -var file_ipc_var_proto_depIdxs = []int32{ - 0, // [0:0] is the sub-list for method output_type - 0, // [0:0] is the sub-list for method input_type - 0, // [0:0] is the sub-list for extension type_name - 0, // [0:0] is the sub-list for extension extendee - 0, // [0:0] is the sub-list for field type_name -} - -func init() { file_ipc_var_proto_init() } -func file_ipc_var_proto_init() { - if File_ipc_var_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_ipc_var_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*IpcVarEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_ipc_var_proto_rawDesc, - NumEnums: 0, - NumMessages: 1, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_ipc_var_proto_goTypes, - DependencyIndexes: file_ipc_var_proto_depIdxs, - MessageInfos: file_ipc_var_proto_msgTypes, - }.Build() - File_ipc_var_proto = out.File - file_ipc_var_proto_rawDesc = nil - file_ipc_var_proto_goTypes = nil - file_ipc_var_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-var.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-var.proto deleted file mode 100644 index a5e2df9dec6..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ipc-var.proto +++ /dev/null @@ -1,23 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -message ipc_var_entry { - repeated uint32 sem_ctls = 1; - required uint32 msg_ctlmax = 2; - required uint32 msg_ctlmnb = 3; - required uint32 msg_ctlmni = 4; - required uint32 auto_msgmni = 5; - required uint64 shm_ctlmax = 6; - required uint64 shm_ctlall = 7; - required uint32 shm_ctlmni = 8; - required uint32 shm_rmid_forced = 9; - required uint32 mq_queues_max = 10; - required uint32 mq_msg_max = 11; - required uint32 mq_msgsize_max = 12; - optional uint32 mq_msg_default = 13; - optional uint32 mq_msgsize_default = 14; - optional uint32 msg_next_id = 15; - optional uint32 sem_next_id = 16; - optional uint32 shm_next_id = 17; -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/macvlan.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/macvlan.pb.go deleted file mode 100644 index abab1c1816d..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/macvlan.pb.go +++ /dev/null @@ -1,151 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: macvlan.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type MacvlanLinkEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Mode *uint32 `protobuf:"varint,1,req,name=mode" json:"mode,omitempty"` - Flags *uint32 `protobuf:"varint,2,opt,name=flags" json:"flags,omitempty"` -} - -func (x *MacvlanLinkEntry) Reset() { - *x = MacvlanLinkEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_macvlan_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *MacvlanLinkEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*MacvlanLinkEntry) ProtoMessage() {} - -func (x *MacvlanLinkEntry) ProtoReflect() protoreflect.Message { - mi := &file_macvlan_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use MacvlanLinkEntry.ProtoReflect.Descriptor instead. -func (*MacvlanLinkEntry) Descriptor() ([]byte, []int) { - return file_macvlan_proto_rawDescGZIP(), []int{0} -} - -func (x *MacvlanLinkEntry) GetMode() uint32 { - if x != nil && x.Mode != nil { - return *x.Mode - } - return 0 -} - -func (x *MacvlanLinkEntry) GetFlags() uint32 { - if x != nil && x.Flags != nil { - return *x.Flags - } - return 0 -} - -var File_macvlan_proto protoreflect.FileDescriptor - -var file_macvlan_proto_rawDesc = []byte{ - 0x0a, 0x0d, 0x6d, 0x61, 0x63, 0x76, 0x6c, 0x61, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, - 0x3e, 0x0a, 0x12, 0x6d, 0x61, 0x63, 0x76, 0x6c, 0x61, 0x6e, 0x5f, 0x6c, 0x69, 0x6e, 0x6b, 0x5f, - 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, - 0x02, 0x28, 0x0d, 0x52, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x66, 0x6c, 0x61, - 0x67, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, -} - -var ( - file_macvlan_proto_rawDescOnce sync.Once - file_macvlan_proto_rawDescData = file_macvlan_proto_rawDesc -) - -func file_macvlan_proto_rawDescGZIP() []byte { - file_macvlan_proto_rawDescOnce.Do(func() { - file_macvlan_proto_rawDescData = protoimpl.X.CompressGZIP(file_macvlan_proto_rawDescData) - }) - return file_macvlan_proto_rawDescData -} - -var file_macvlan_proto_msgTypes = make([]protoimpl.MessageInfo, 1) -var file_macvlan_proto_goTypes = []interface{}{ - (*MacvlanLinkEntry)(nil), // 0: macvlan_link_entry -} -var file_macvlan_proto_depIdxs = []int32{ - 0, // [0:0] is the sub-list for method output_type - 0, // [0:0] is the sub-list for method input_type - 0, // [0:0] is the sub-list for extension type_name - 0, // [0:0] is the sub-list for extension extendee - 0, // [0:0] is the sub-list for field type_name -} - -func init() { file_macvlan_proto_init() } -func file_macvlan_proto_init() { - if File_macvlan_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_macvlan_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*MacvlanLinkEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_macvlan_proto_rawDesc, - NumEnums: 0, - NumMessages: 1, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_macvlan_proto_goTypes, - DependencyIndexes: file_macvlan_proto_depIdxs, - MessageInfos: file_macvlan_proto_msgTypes, - }.Build() - File_macvlan_proto = out.File - file_macvlan_proto_rawDesc = nil - file_macvlan_proto_goTypes = nil - file_macvlan_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/macvlan.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/macvlan.proto deleted file mode 100644 index 6f78076d8ee..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/macvlan.proto +++ /dev/null @@ -1,8 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -message macvlan_link_entry { - required uint32 mode = 1; - optional uint32 flags = 2; -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/memfd.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/memfd.pb.go deleted file mode 100644 index 23005e95d6d..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/memfd.pb.go +++ /dev/null @@ -1,316 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: memfd.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type MemfdFileEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Id *uint32 `protobuf:"varint,1,req,name=id" json:"id,omitempty"` - Flags *uint32 `protobuf:"varint,2,req,name=flags" json:"flags,omitempty"` - Pos *uint64 `protobuf:"varint,3,req,name=pos" json:"pos,omitempty"` - Fown *FownEntry `protobuf:"bytes,4,req,name=fown" json:"fown,omitempty"` - InodeId *uint32 `protobuf:"varint,5,req,name=inode_id,json=inodeId" json:"inode_id,omitempty"` -} - -func (x *MemfdFileEntry) Reset() { - *x = MemfdFileEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_memfd_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *MemfdFileEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*MemfdFileEntry) ProtoMessage() {} - -func (x *MemfdFileEntry) ProtoReflect() protoreflect.Message { - mi := &file_memfd_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use MemfdFileEntry.ProtoReflect.Descriptor instead. -func (*MemfdFileEntry) Descriptor() ([]byte, []int) { - return file_memfd_proto_rawDescGZIP(), []int{0} -} - -func (x *MemfdFileEntry) GetId() uint32 { - if x != nil && x.Id != nil { - return *x.Id - } - return 0 -} - -func (x *MemfdFileEntry) GetFlags() uint32 { - if x != nil && x.Flags != nil { - return *x.Flags - } - return 0 -} - -func (x *MemfdFileEntry) GetPos() uint64 { - if x != nil && x.Pos != nil { - return *x.Pos - } - return 0 -} - -func (x *MemfdFileEntry) GetFown() *FownEntry { - if x != nil { - return x.Fown - } - return nil -} - -func (x *MemfdFileEntry) GetInodeId() uint32 { - if x != nil && x.InodeId != nil { - return *x.InodeId - } - return 0 -} - -type MemfdInodeEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Name *string `protobuf:"bytes,1,req,name=name" json:"name,omitempty"` - Uid *uint32 `protobuf:"varint,2,req,name=uid" json:"uid,omitempty"` - Gid *uint32 `protobuf:"varint,3,req,name=gid" json:"gid,omitempty"` - Size *uint64 `protobuf:"varint,4,req,name=size" json:"size,omitempty"` - Shmid *uint32 `protobuf:"varint,5,req,name=shmid" json:"shmid,omitempty"` - Seals *uint32 `protobuf:"varint,6,req,name=seals" json:"seals,omitempty"` - InodeId *uint64 `protobuf:"varint,7,req,name=inode_id,json=inodeId" json:"inode_id,omitempty"` - HugetlbFlag *uint32 `protobuf:"varint,8,opt,name=hugetlb_flag,json=hugetlbFlag" json:"hugetlb_flag,omitempty"` -} - -func (x *MemfdInodeEntry) Reset() { - *x = MemfdInodeEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_memfd_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *MemfdInodeEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*MemfdInodeEntry) ProtoMessage() {} - -func (x *MemfdInodeEntry) ProtoReflect() protoreflect.Message { - mi := &file_memfd_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use MemfdInodeEntry.ProtoReflect.Descriptor instead. -func (*MemfdInodeEntry) Descriptor() ([]byte, []int) { - return file_memfd_proto_rawDescGZIP(), []int{1} -} - -func (x *MemfdInodeEntry) GetName() string { - if x != nil && x.Name != nil { - return *x.Name - } - return "" -} - -func (x *MemfdInodeEntry) GetUid() uint32 { - if x != nil && x.Uid != nil { - return *x.Uid - } - return 0 -} - -func (x *MemfdInodeEntry) GetGid() uint32 { - if x != nil && x.Gid != nil { - return *x.Gid - } - return 0 -} - -func (x *MemfdInodeEntry) GetSize() uint64 { - if x != nil && x.Size != nil { - return *x.Size - } - return 0 -} - -func (x *MemfdInodeEntry) GetShmid() uint32 { - if x != nil && x.Shmid != nil { - return *x.Shmid - } - return 0 -} - -func (x *MemfdInodeEntry) GetSeals() uint32 { - if x != nil && x.Seals != nil { - return *x.Seals - } - return 0 -} - -func (x *MemfdInodeEntry) GetInodeId() uint64 { - if x != nil && x.InodeId != nil { - return *x.InodeId - } - return 0 -} - -func (x *MemfdInodeEntry) GetHugetlbFlag() uint32 { - if x != nil && x.HugetlbFlag != nil { - return *x.HugetlbFlag - } - return 0 -} - -var File_memfd_proto protoreflect.FileDescriptor - -var file_memfd_proto_rawDesc = []byte{ - 0x0a, 0x0b, 0x6d, 0x65, 0x6d, 0x66, 0x64, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x6f, - 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x66, 0x6f, 0x77, 0x6e, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x98, 0x01, 0x0a, 0x10, 0x6d, 0x65, 0x6d, 0x66, 0x64, 0x5f, - 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, - 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, 0x26, 0x0a, 0x05, 0x66, 0x6c, - 0x61, 0x67, 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x10, 0xd2, 0x3f, 0x0d, 0x1a, 0x0b, - 0x72, 0x66, 0x69, 0x6c, 0x65, 0x2e, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x52, 0x05, 0x66, 0x6c, 0x61, - 0x67, 0x73, 0x12, 0x10, 0x0a, 0x03, 0x70, 0x6f, 0x73, 0x18, 0x03, 0x20, 0x02, 0x28, 0x04, 0x52, - 0x03, 0x70, 0x6f, 0x73, 0x12, 0x1f, 0x0a, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x18, 0x04, 0x20, 0x02, - 0x28, 0x0b, 0x32, 0x0b, 0x2e, 0x66, 0x6f, 0x77, 0x6e, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, - 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x12, 0x19, 0x0a, 0x08, 0x69, 0x6e, 0x6f, 0x64, 0x65, 0x5f, 0x69, - 0x64, 0x18, 0x05, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x69, 0x6e, 0x6f, 0x64, 0x65, 0x49, 0x64, - 0x22, 0xdb, 0x01, 0x0a, 0x11, 0x6d, 0x65, 0x6d, 0x66, 0x64, 0x5f, 0x69, 0x6e, 0x6f, 0x64, 0x65, - 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, - 0x20, 0x02, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x69, - 0x64, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, 0x75, 0x69, 0x64, 0x12, 0x10, 0x0a, 0x03, - 0x67, 0x69, 0x64, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, 0x67, 0x69, 0x64, 0x12, 0x12, - 0x0a, 0x04, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x04, 0x20, 0x02, 0x28, 0x04, 0x52, 0x04, 0x73, 0x69, - 0x7a, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x73, 0x68, 0x6d, 0x69, 0x64, 0x18, 0x05, 0x20, 0x02, 0x28, - 0x0d, 0x52, 0x05, 0x73, 0x68, 0x6d, 0x69, 0x64, 0x12, 0x26, 0x0a, 0x05, 0x73, 0x65, 0x61, 0x6c, - 0x73, 0x18, 0x06, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x10, 0xd2, 0x3f, 0x0d, 0x1a, 0x0b, 0x73, 0x65, - 0x61, 0x6c, 0x73, 0x2e, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x52, 0x05, 0x73, 0x65, 0x61, 0x6c, 0x73, - 0x12, 0x19, 0x0a, 0x08, 0x69, 0x6e, 0x6f, 0x64, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x07, 0x20, 0x02, - 0x28, 0x04, 0x52, 0x07, 0x69, 0x6e, 0x6f, 0x64, 0x65, 0x49, 0x64, 0x12, 0x21, 0x0a, 0x0c, 0x68, - 0x75, 0x67, 0x65, 0x74, 0x6c, 0x62, 0x5f, 0x66, 0x6c, 0x61, 0x67, 0x18, 0x08, 0x20, 0x01, 0x28, - 0x0d, 0x52, 0x0b, 0x68, 0x75, 0x67, 0x65, 0x74, 0x6c, 0x62, 0x46, 0x6c, 0x61, 0x67, -} - -var ( - file_memfd_proto_rawDescOnce sync.Once - file_memfd_proto_rawDescData = file_memfd_proto_rawDesc -) - -func file_memfd_proto_rawDescGZIP() []byte { - file_memfd_proto_rawDescOnce.Do(func() { - file_memfd_proto_rawDescData = protoimpl.X.CompressGZIP(file_memfd_proto_rawDescData) - }) - return file_memfd_proto_rawDescData -} - -var file_memfd_proto_msgTypes = make([]protoimpl.MessageInfo, 2) -var file_memfd_proto_goTypes = []interface{}{ - (*MemfdFileEntry)(nil), // 0: memfd_file_entry - (*MemfdInodeEntry)(nil), // 1: memfd_inode_entry - (*FownEntry)(nil), // 2: fown_entry -} -var file_memfd_proto_depIdxs = []int32{ - 2, // 0: memfd_file_entry.fown:type_name -> fown_entry - 1, // [1:1] is the sub-list for method output_type - 1, // [1:1] is the sub-list for method input_type - 1, // [1:1] is the sub-list for extension type_name - 1, // [1:1] is the sub-list for extension extendee - 0, // [0:1] is the sub-list for field type_name -} - -func init() { file_memfd_proto_init() } -func file_memfd_proto_init() { - if File_memfd_proto != nil { - return - } - file_opts_proto_init() - file_fown_proto_init() - if !protoimpl.UnsafeEnabled { - file_memfd_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*MemfdFileEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_memfd_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*MemfdInodeEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_memfd_proto_rawDesc, - NumEnums: 0, - NumMessages: 2, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_memfd_proto_goTypes, - DependencyIndexes: file_memfd_proto_depIdxs, - MessageInfos: file_memfd_proto_msgTypes, - }.Build() - File_memfd_proto = out.File - file_memfd_proto_rawDesc = nil - file_memfd_proto_goTypes = nil - file_memfd_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/memfd.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/memfd.proto deleted file mode 100644 index 0e625416a7d..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/memfd.proto +++ /dev/null @@ -1,25 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -import "opts.proto"; -import "fown.proto"; - -message memfd_file_entry { - required uint32 id = 1; - required uint32 flags = 2 [(criu).flags = "rfile.flags"]; - required uint64 pos = 3; - required fown_entry fown = 4; - required uint32 inode_id = 5; -}; - -message memfd_inode_entry { - required string name = 1; - required uint32 uid = 2; - required uint32 gid = 3; - required uint64 size = 4; - required uint32 shmid = 5; - required uint32 seals = 6 [(criu).flags = "seals.flags"]; - required uint64 inode_id = 7; - optional uint32 hugetlb_flag = 8; -}; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/mm.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/mm.pb.go deleted file mode 100644 index c76b33bf41b..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/mm.pb.go +++ /dev/null @@ -1,395 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: mm.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type AioRingEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Id *uint64 `protobuf:"varint,1,req,name=id" json:"id,omitempty"` - NrReq *uint32 `protobuf:"varint,2,req,name=nr_req,json=nrReq" json:"nr_req,omitempty"` - RingLen *uint32 `protobuf:"varint,3,req,name=ring_len,json=ringLen" json:"ring_len,omitempty"` -} - -func (x *AioRingEntry) Reset() { - *x = AioRingEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_mm_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *AioRingEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*AioRingEntry) ProtoMessage() {} - -func (x *AioRingEntry) ProtoReflect() protoreflect.Message { - mi := &file_mm_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use AioRingEntry.ProtoReflect.Descriptor instead. -func (*AioRingEntry) Descriptor() ([]byte, []int) { - return file_mm_proto_rawDescGZIP(), []int{0} -} - -func (x *AioRingEntry) GetId() uint64 { - if x != nil && x.Id != nil { - return *x.Id - } - return 0 -} - -func (x *AioRingEntry) GetNrReq() uint32 { - if x != nil && x.NrReq != nil { - return *x.NrReq - } - return 0 -} - -func (x *AioRingEntry) GetRingLen() uint32 { - if x != nil && x.RingLen != nil { - return *x.RingLen - } - return 0 -} - -type MmEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - MmStartCode *uint64 `protobuf:"varint,1,req,name=mm_start_code,json=mmStartCode" json:"mm_start_code,omitempty"` - MmEndCode *uint64 `protobuf:"varint,2,req,name=mm_end_code,json=mmEndCode" json:"mm_end_code,omitempty"` - MmStartData *uint64 `protobuf:"varint,3,req,name=mm_start_data,json=mmStartData" json:"mm_start_data,omitempty"` - MmEndData *uint64 `protobuf:"varint,4,req,name=mm_end_data,json=mmEndData" json:"mm_end_data,omitempty"` - MmStartStack *uint64 `protobuf:"varint,5,req,name=mm_start_stack,json=mmStartStack" json:"mm_start_stack,omitempty"` - MmStartBrk *uint64 `protobuf:"varint,6,req,name=mm_start_brk,json=mmStartBrk" json:"mm_start_brk,omitempty"` - MmBrk *uint64 `protobuf:"varint,7,req,name=mm_brk,json=mmBrk" json:"mm_brk,omitempty"` - MmArgStart *uint64 `protobuf:"varint,8,req,name=mm_arg_start,json=mmArgStart" json:"mm_arg_start,omitempty"` - MmArgEnd *uint64 `protobuf:"varint,9,req,name=mm_arg_end,json=mmArgEnd" json:"mm_arg_end,omitempty"` - MmEnvStart *uint64 `protobuf:"varint,10,req,name=mm_env_start,json=mmEnvStart" json:"mm_env_start,omitempty"` - MmEnvEnd *uint64 `protobuf:"varint,11,req,name=mm_env_end,json=mmEnvEnd" json:"mm_env_end,omitempty"` - ExeFileId *uint32 `protobuf:"varint,12,req,name=exe_file_id,json=exeFileId" json:"exe_file_id,omitempty"` - MmSavedAuxv []uint64 `protobuf:"varint,13,rep,name=mm_saved_auxv,json=mmSavedAuxv" json:"mm_saved_auxv,omitempty"` - Vmas []*VmaEntry `protobuf:"bytes,14,rep,name=vmas" json:"vmas,omitempty"` - Dumpable *int32 `protobuf:"varint,15,opt,name=dumpable" json:"dumpable,omitempty"` - Aios []*AioRingEntry `protobuf:"bytes,16,rep,name=aios" json:"aios,omitempty"` - ThpDisabled *bool `protobuf:"varint,17,opt,name=thp_disabled,json=thpDisabled" json:"thp_disabled,omitempty"` -} - -func (x *MmEntry) Reset() { - *x = MmEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_mm_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *MmEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*MmEntry) ProtoMessage() {} - -func (x *MmEntry) ProtoReflect() protoreflect.Message { - mi := &file_mm_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use MmEntry.ProtoReflect.Descriptor instead. -func (*MmEntry) Descriptor() ([]byte, []int) { - return file_mm_proto_rawDescGZIP(), []int{1} -} - -func (x *MmEntry) GetMmStartCode() uint64 { - if x != nil && x.MmStartCode != nil { - return *x.MmStartCode - } - return 0 -} - -func (x *MmEntry) GetMmEndCode() uint64 { - if x != nil && x.MmEndCode != nil { - return *x.MmEndCode - } - return 0 -} - -func (x *MmEntry) GetMmStartData() uint64 { - if x != nil && x.MmStartData != nil { - return *x.MmStartData - } - return 0 -} - -func (x *MmEntry) GetMmEndData() uint64 { - if x != nil && x.MmEndData != nil { - return *x.MmEndData - } - return 0 -} - -func (x *MmEntry) GetMmStartStack() uint64 { - if x != nil && x.MmStartStack != nil { - return *x.MmStartStack - } - return 0 -} - -func (x *MmEntry) GetMmStartBrk() uint64 { - if x != nil && x.MmStartBrk != nil { - return *x.MmStartBrk - } - return 0 -} - -func (x *MmEntry) GetMmBrk() uint64 { - if x != nil && x.MmBrk != nil { - return *x.MmBrk - } - return 0 -} - -func (x *MmEntry) GetMmArgStart() uint64 { - if x != nil && x.MmArgStart != nil { - return *x.MmArgStart - } - return 0 -} - -func (x *MmEntry) GetMmArgEnd() uint64 { - if x != nil && x.MmArgEnd != nil { - return *x.MmArgEnd - } - return 0 -} - -func (x *MmEntry) GetMmEnvStart() uint64 { - if x != nil && x.MmEnvStart != nil { - return *x.MmEnvStart - } - return 0 -} - -func (x *MmEntry) GetMmEnvEnd() uint64 { - if x != nil && x.MmEnvEnd != nil { - return *x.MmEnvEnd - } - return 0 -} - -func (x *MmEntry) GetExeFileId() uint32 { - if x != nil && x.ExeFileId != nil { - return *x.ExeFileId - } - return 0 -} - -func (x *MmEntry) GetMmSavedAuxv() []uint64 { - if x != nil { - return x.MmSavedAuxv - } - return nil -} - -func (x *MmEntry) GetVmas() []*VmaEntry { - if x != nil { - return x.Vmas - } - return nil -} - -func (x *MmEntry) GetDumpable() int32 { - if x != nil && x.Dumpable != nil { - return *x.Dumpable - } - return 0 -} - -func (x *MmEntry) GetAios() []*AioRingEntry { - if x != nil { - return x.Aios - } - return nil -} - -func (x *MmEntry) GetThpDisabled() bool { - if x != nil && x.ThpDisabled != nil { - return *x.ThpDisabled - } - return false -} - -var File_mm_proto protoreflect.FileDescriptor - -var file_mm_proto_rawDesc = []byte{ - 0x0a, 0x08, 0x6d, 0x6d, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x09, 0x76, 0x6d, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x22, 0x52, 0x0a, 0x0e, 0x61, 0x69, 0x6f, 0x5f, 0x72, 0x69, 0x6e, 0x67, 0x5f, 0x65, 0x6e, - 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x52, - 0x02, 0x69, 0x64, 0x12, 0x15, 0x0a, 0x06, 0x6e, 0x72, 0x5f, 0x72, 0x65, 0x71, 0x18, 0x02, 0x20, - 0x02, 0x28, 0x0d, 0x52, 0x05, 0x6e, 0x72, 0x52, 0x65, 0x71, 0x12, 0x19, 0x0a, 0x08, 0x72, 0x69, - 0x6e, 0x67, 0x5f, 0x6c, 0x65, 0x6e, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x72, 0x69, - 0x6e, 0x67, 0x4c, 0x65, 0x6e, 0x22, 0x86, 0x05, 0x0a, 0x08, 0x6d, 0x6d, 0x5f, 0x65, 0x6e, 0x74, - 0x72, 0x79, 0x12, 0x29, 0x0a, 0x0d, 0x6d, 0x6d, 0x5f, 0x73, 0x74, 0x61, 0x72, 0x74, 0x5f, 0x63, - 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, - 0x52, 0x0b, 0x6d, 0x6d, 0x53, 0x74, 0x61, 0x72, 0x74, 0x43, 0x6f, 0x64, 0x65, 0x12, 0x25, 0x0a, - 0x0b, 0x6d, 0x6d, 0x5f, 0x65, 0x6e, 0x64, 0x5f, 0x63, 0x6f, 0x64, 0x65, 0x18, 0x02, 0x20, 0x02, - 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x09, 0x6d, 0x6d, 0x45, 0x6e, 0x64, - 0x43, 0x6f, 0x64, 0x65, 0x12, 0x29, 0x0a, 0x0d, 0x6d, 0x6d, 0x5f, 0x73, 0x74, 0x61, 0x72, 0x74, - 0x5f, 0x64, 0x61, 0x74, 0x61, 0x18, 0x03, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, - 0x08, 0x01, 0x52, 0x0b, 0x6d, 0x6d, 0x53, 0x74, 0x61, 0x72, 0x74, 0x44, 0x61, 0x74, 0x61, 0x12, - 0x25, 0x0a, 0x0b, 0x6d, 0x6d, 0x5f, 0x65, 0x6e, 0x64, 0x5f, 0x64, 0x61, 0x74, 0x61, 0x18, 0x04, - 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x09, 0x6d, 0x6d, 0x45, - 0x6e, 0x64, 0x44, 0x61, 0x74, 0x61, 0x12, 0x2b, 0x0a, 0x0e, 0x6d, 0x6d, 0x5f, 0x73, 0x74, 0x61, - 0x72, 0x74, 0x5f, 0x73, 0x74, 0x61, 0x63, 0x6b, 0x18, 0x05, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, - 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x0c, 0x6d, 0x6d, 0x53, 0x74, 0x61, 0x72, 0x74, 0x53, 0x74, - 0x61, 0x63, 0x6b, 0x12, 0x27, 0x0a, 0x0c, 0x6d, 0x6d, 0x5f, 0x73, 0x74, 0x61, 0x72, 0x74, 0x5f, - 0x62, 0x72, 0x6b, 0x18, 0x06, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, - 0x52, 0x0a, 0x6d, 0x6d, 0x53, 0x74, 0x61, 0x72, 0x74, 0x42, 0x72, 0x6b, 0x12, 0x1c, 0x0a, 0x06, - 0x6d, 0x6d, 0x5f, 0x62, 0x72, 0x6b, 0x18, 0x07, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, - 0x02, 0x08, 0x01, 0x52, 0x05, 0x6d, 0x6d, 0x42, 0x72, 0x6b, 0x12, 0x27, 0x0a, 0x0c, 0x6d, 0x6d, - 0x5f, 0x61, 0x72, 0x67, 0x5f, 0x73, 0x74, 0x61, 0x72, 0x74, 0x18, 0x08, 0x20, 0x02, 0x28, 0x04, - 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x0a, 0x6d, 0x6d, 0x41, 0x72, 0x67, 0x53, 0x74, - 0x61, 0x72, 0x74, 0x12, 0x23, 0x0a, 0x0a, 0x6d, 0x6d, 0x5f, 0x61, 0x72, 0x67, 0x5f, 0x65, 0x6e, - 0x64, 0x18, 0x09, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x08, - 0x6d, 0x6d, 0x41, 0x72, 0x67, 0x45, 0x6e, 0x64, 0x12, 0x27, 0x0a, 0x0c, 0x6d, 0x6d, 0x5f, 0x65, - 0x6e, 0x76, 0x5f, 0x73, 0x74, 0x61, 0x72, 0x74, 0x18, 0x0a, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, - 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x0a, 0x6d, 0x6d, 0x45, 0x6e, 0x76, 0x53, 0x74, 0x61, 0x72, - 0x74, 0x12, 0x23, 0x0a, 0x0a, 0x6d, 0x6d, 0x5f, 0x65, 0x6e, 0x76, 0x5f, 0x65, 0x6e, 0x64, 0x18, - 0x0b, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x08, 0x6d, 0x6d, - 0x45, 0x6e, 0x76, 0x45, 0x6e, 0x64, 0x12, 0x1e, 0x0a, 0x0b, 0x65, 0x78, 0x65, 0x5f, 0x66, 0x69, - 0x6c, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x0c, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x09, 0x65, 0x78, 0x65, - 0x46, 0x69, 0x6c, 0x65, 0x49, 0x64, 0x12, 0x22, 0x0a, 0x0d, 0x6d, 0x6d, 0x5f, 0x73, 0x61, 0x76, - 0x65, 0x64, 0x5f, 0x61, 0x75, 0x78, 0x76, 0x18, 0x0d, 0x20, 0x03, 0x28, 0x04, 0x52, 0x0b, 0x6d, - 0x6d, 0x53, 0x61, 0x76, 0x65, 0x64, 0x41, 0x75, 0x78, 0x76, 0x12, 0x1e, 0x0a, 0x04, 0x76, 0x6d, - 0x61, 0x73, 0x18, 0x0e, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0a, 0x2e, 0x76, 0x6d, 0x61, 0x5f, 0x65, - 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x76, 0x6d, 0x61, 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x64, 0x75, - 0x6d, 0x70, 0x61, 0x62, 0x6c, 0x65, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x05, 0x52, 0x08, 0x64, 0x75, - 0x6d, 0x70, 0x61, 0x62, 0x6c, 0x65, 0x12, 0x23, 0x0a, 0x04, 0x61, 0x69, 0x6f, 0x73, 0x18, 0x10, - 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x61, 0x69, 0x6f, 0x5f, 0x72, 0x69, 0x6e, 0x67, 0x5f, - 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x61, 0x69, 0x6f, 0x73, 0x12, 0x21, 0x0a, 0x0c, 0x74, - 0x68, 0x70, 0x5f, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x11, 0x20, 0x01, 0x28, - 0x08, 0x52, 0x0b, 0x74, 0x68, 0x70, 0x44, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x64, -} - -var ( - file_mm_proto_rawDescOnce sync.Once - file_mm_proto_rawDescData = file_mm_proto_rawDesc -) - -func file_mm_proto_rawDescGZIP() []byte { - file_mm_proto_rawDescOnce.Do(func() { - file_mm_proto_rawDescData = protoimpl.X.CompressGZIP(file_mm_proto_rawDescData) - }) - return file_mm_proto_rawDescData -} - -var file_mm_proto_msgTypes = make([]protoimpl.MessageInfo, 2) -var file_mm_proto_goTypes = []interface{}{ - (*AioRingEntry)(nil), // 0: aio_ring_entry - (*MmEntry)(nil), // 1: mm_entry - (*VmaEntry)(nil), // 2: vma_entry -} -var file_mm_proto_depIdxs = []int32{ - 2, // 0: mm_entry.vmas:type_name -> vma_entry - 0, // 1: mm_entry.aios:type_name -> aio_ring_entry - 2, // [2:2] is the sub-list for method output_type - 2, // [2:2] is the sub-list for method input_type - 2, // [2:2] is the sub-list for extension type_name - 2, // [2:2] is the sub-list for extension extendee - 0, // [0:2] is the sub-list for field type_name -} - -func init() { file_mm_proto_init() } -func file_mm_proto_init() { - if File_mm_proto != nil { - return - } - file_opts_proto_init() - file_vma_proto_init() - if !protoimpl.UnsafeEnabled { - file_mm_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*AioRingEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_mm_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*MmEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_mm_proto_rawDesc, - NumEnums: 0, - NumMessages: 2, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_mm_proto_goTypes, - DependencyIndexes: file_mm_proto_depIdxs, - MessageInfos: file_mm_proto_msgTypes, - }.Build() - File_mm_proto = out.File - file_mm_proto_rawDesc = nil - file_mm_proto_goTypes = nil - file_mm_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/mm.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/mm.proto deleted file mode 100644 index b37668c4b31..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/mm.proto +++ /dev/null @@ -1,35 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -import "opts.proto"; -import "vma.proto"; - -message aio_ring_entry { - required uint64 id = 1; - required uint32 nr_req = 2; - required uint32 ring_len = 3; -} - -message mm_entry { - required uint64 mm_start_code = 1 [(criu).hex = true]; - required uint64 mm_end_code = 2 [(criu).hex = true]; - required uint64 mm_start_data = 3 [(criu).hex = true]; - required uint64 mm_end_data = 4 [(criu).hex = true]; - required uint64 mm_start_stack = 5 [(criu).hex = true]; - required uint64 mm_start_brk = 6 [(criu).hex = true]; - required uint64 mm_brk = 7 [(criu).hex = true]; - required uint64 mm_arg_start = 8 [(criu).hex = true]; - required uint64 mm_arg_end = 9 [(criu).hex = true]; - required uint64 mm_env_start = 10 [(criu).hex = true]; - required uint64 mm_env_end = 11 [(criu).hex = true]; - required uint32 exe_file_id = 12; - - repeated uint64 mm_saved_auxv = 13; - - repeated vma_entry vmas = 14; - - optional int32 dumpable = 15; - repeated aio_ring_entry aios = 16; - optional bool thp_disabled = 17; -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/mnt.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/mnt.pb.go deleted file mode 100644 index 3c0a385dbe5..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/mnt.pb.go +++ /dev/null @@ -1,444 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: mnt.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type Fstype int32 - -const ( - Fstype_UNSUPPORTED Fstype = 0 - Fstype_PROC Fstype = 1 - Fstype_SYSFS Fstype = 2 - Fstype_DEVTMPFS Fstype = 3 - Fstype_BINFMT_MISC Fstype = 4 - Fstype_TMPFS Fstype = 5 - Fstype_DEVPTS Fstype = 6 - Fstype_SIMFS Fstype = 7 - Fstype_PSTORE Fstype = 8 - Fstype_SECURITYFS Fstype = 9 - Fstype_FUSECTL Fstype = 10 - Fstype_DEBUGFS Fstype = 11 - Fstype_CGROUP Fstype = 12 - Fstype_AUFS Fstype = 13 - Fstype_MQUEUE Fstype = 14 - Fstype_FUSE Fstype = 15 - Fstype_AUTO Fstype = 16 - Fstype_OVERLAYFS Fstype = 17 - Fstype_AUTOFS Fstype = 18 - Fstype_TRACEFS Fstype = 19 - Fstype_CGROUP2 Fstype = 23 -) - -// Enum value maps for Fstype. -var ( - Fstype_name = map[int32]string{ - 0: "UNSUPPORTED", - 1: "PROC", - 2: "SYSFS", - 3: "DEVTMPFS", - 4: "BINFMT_MISC", - 5: "TMPFS", - 6: "DEVPTS", - 7: "SIMFS", - 8: "PSTORE", - 9: "SECURITYFS", - 10: "FUSECTL", - 11: "DEBUGFS", - 12: "CGROUP", - 13: "AUFS", - 14: "MQUEUE", - 15: "FUSE", - 16: "AUTO", - 17: "OVERLAYFS", - 18: "AUTOFS", - 19: "TRACEFS", - 23: "CGROUP2", - } - Fstype_value = map[string]int32{ - "UNSUPPORTED": 0, - "PROC": 1, - "SYSFS": 2, - "DEVTMPFS": 3, - "BINFMT_MISC": 4, - "TMPFS": 5, - "DEVPTS": 6, - "SIMFS": 7, - "PSTORE": 8, - "SECURITYFS": 9, - "FUSECTL": 10, - "DEBUGFS": 11, - "CGROUP": 12, - "AUFS": 13, - "MQUEUE": 14, - "FUSE": 15, - "AUTO": 16, - "OVERLAYFS": 17, - "AUTOFS": 18, - "TRACEFS": 19, - "CGROUP2": 23, - } -) - -func (x Fstype) Enum() *Fstype { - p := new(Fstype) - *p = x - return p -} - -func (x Fstype) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (Fstype) Descriptor() protoreflect.EnumDescriptor { - return file_mnt_proto_enumTypes[0].Descriptor() -} - -func (Fstype) Type() protoreflect.EnumType { - return &file_mnt_proto_enumTypes[0] -} - -func (x Fstype) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Do not use. -func (x *Fstype) UnmarshalJSON(b []byte) error { - num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b) - if err != nil { - return err - } - *x = Fstype(num) - return nil -} - -// Deprecated: Use Fstype.Descriptor instead. -func (Fstype) EnumDescriptor() ([]byte, []int) { - return file_mnt_proto_rawDescGZIP(), []int{0} -} - -type MntEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Fstype *uint32 `protobuf:"varint,1,req,name=fstype" json:"fstype,omitempty"` - MntId *uint32 `protobuf:"varint,2,req,name=mnt_id,json=mntId" json:"mnt_id,omitempty"` - RootDev *uint32 `protobuf:"varint,3,req,name=root_dev,json=rootDev" json:"root_dev,omitempty"` - ParentMntId *uint32 `protobuf:"varint,4,req,name=parent_mnt_id,json=parentMntId" json:"parent_mnt_id,omitempty"` - Flags *uint32 `protobuf:"varint,5,req,name=flags" json:"flags,omitempty"` - Root *string `protobuf:"bytes,6,req,name=root" json:"root,omitempty"` - Mountpoint *string `protobuf:"bytes,7,req,name=mountpoint" json:"mountpoint,omitempty"` - Source *string `protobuf:"bytes,8,req,name=source" json:"source,omitempty"` - Options *string `protobuf:"bytes,9,req,name=options" json:"options,omitempty"` - SharedId *uint32 `protobuf:"varint,10,opt,name=shared_id,json=sharedId" json:"shared_id,omitempty"` - MasterId *uint32 `protobuf:"varint,11,opt,name=master_id,json=masterId" json:"master_id,omitempty"` - WithPlugin *bool `protobuf:"varint,12,opt,name=with_plugin,json=withPlugin" json:"with_plugin,omitempty"` - ExtMount *bool `protobuf:"varint,13,opt,name=ext_mount,json=extMount" json:"ext_mount,omitempty"` - Fsname *string `protobuf:"bytes,14,opt,name=fsname" json:"fsname,omitempty"` - InternalSharing *bool `protobuf:"varint,15,opt,name=internal_sharing,json=internalSharing" json:"internal_sharing,omitempty"` - Deleted *bool `protobuf:"varint,16,opt,name=deleted" json:"deleted,omitempty"` - SbFlags *uint32 `protobuf:"varint,17,opt,name=sb_flags,json=sbFlags" json:"sb_flags,omitempty"` - // user defined mapping for external mount - ExtKey *string `protobuf:"bytes,18,opt,name=ext_key,json=extKey" json:"ext_key,omitempty"` -} - -func (x *MntEntry) Reset() { - *x = MntEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_mnt_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *MntEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*MntEntry) ProtoMessage() {} - -func (x *MntEntry) ProtoReflect() protoreflect.Message { - mi := &file_mnt_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use MntEntry.ProtoReflect.Descriptor instead. -func (*MntEntry) Descriptor() ([]byte, []int) { - return file_mnt_proto_rawDescGZIP(), []int{0} -} - -func (x *MntEntry) GetFstype() uint32 { - if x != nil && x.Fstype != nil { - return *x.Fstype - } - return 0 -} - -func (x *MntEntry) GetMntId() uint32 { - if x != nil && x.MntId != nil { - return *x.MntId - } - return 0 -} - -func (x *MntEntry) GetRootDev() uint32 { - if x != nil && x.RootDev != nil { - return *x.RootDev - } - return 0 -} - -func (x *MntEntry) GetParentMntId() uint32 { - if x != nil && x.ParentMntId != nil { - return *x.ParentMntId - } - return 0 -} - -func (x *MntEntry) GetFlags() uint32 { - if x != nil && x.Flags != nil { - return *x.Flags - } - return 0 -} - -func (x *MntEntry) GetRoot() string { - if x != nil && x.Root != nil { - return *x.Root - } - return "" -} - -func (x *MntEntry) GetMountpoint() string { - if x != nil && x.Mountpoint != nil { - return *x.Mountpoint - } - return "" -} - -func (x *MntEntry) GetSource() string { - if x != nil && x.Source != nil { - return *x.Source - } - return "" -} - -func (x *MntEntry) GetOptions() string { - if x != nil && x.Options != nil { - return *x.Options - } - return "" -} - -func (x *MntEntry) GetSharedId() uint32 { - if x != nil && x.SharedId != nil { - return *x.SharedId - } - return 0 -} - -func (x *MntEntry) GetMasterId() uint32 { - if x != nil && x.MasterId != nil { - return *x.MasterId - } - return 0 -} - -func (x *MntEntry) GetWithPlugin() bool { - if x != nil && x.WithPlugin != nil { - return *x.WithPlugin - } - return false -} - -func (x *MntEntry) GetExtMount() bool { - if x != nil && x.ExtMount != nil { - return *x.ExtMount - } - return false -} - -func (x *MntEntry) GetFsname() string { - if x != nil && x.Fsname != nil { - return *x.Fsname - } - return "" -} - -func (x *MntEntry) GetInternalSharing() bool { - if x != nil && x.InternalSharing != nil { - return *x.InternalSharing - } - return false -} - -func (x *MntEntry) GetDeleted() bool { - if x != nil && x.Deleted != nil { - return *x.Deleted - } - return false -} - -func (x *MntEntry) GetSbFlags() uint32 { - if x != nil && x.SbFlags != nil { - return *x.SbFlags - } - return 0 -} - -func (x *MntEntry) GetExtKey() string { - if x != nil && x.ExtKey != nil { - return *x.ExtKey - } - return "" -} - -var File_mnt_proto protoreflect.FileDescriptor - -var file_mnt_proto_rawDesc = []byte{ - 0x0a, 0x09, 0x6d, 0x6e, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x6f, 0x70, 0x74, - 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x93, 0x04, 0x0a, 0x09, 0x6d, 0x6e, 0x74, 0x5f, - 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x16, 0x0a, 0x06, 0x66, 0x73, 0x74, 0x79, 0x70, 0x65, 0x18, - 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x06, 0x66, 0x73, 0x74, 0x79, 0x70, 0x65, 0x12, 0x15, 0x0a, - 0x06, 0x6d, 0x6e, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x6d, - 0x6e, 0x74, 0x49, 0x64, 0x12, 0x20, 0x0a, 0x08, 0x72, 0x6f, 0x6f, 0x74, 0x5f, 0x64, 0x65, 0x76, - 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x20, 0x01, 0x52, 0x07, 0x72, - 0x6f, 0x6f, 0x74, 0x44, 0x65, 0x76, 0x12, 0x22, 0x0a, 0x0d, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, - 0x5f, 0x6d, 0x6e, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x0b, 0x70, - 0x61, 0x72, 0x65, 0x6e, 0x74, 0x4d, 0x6e, 0x74, 0x49, 0x64, 0x12, 0x1b, 0x0a, 0x05, 0x66, 0x6c, - 0x61, 0x67, 0x73, 0x18, 0x05, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, - 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x72, 0x6f, 0x6f, 0x74, 0x18, - 0x06, 0x20, 0x02, 0x28, 0x09, 0x52, 0x04, 0x72, 0x6f, 0x6f, 0x74, 0x12, 0x1e, 0x0a, 0x0a, 0x6d, - 0x6f, 0x75, 0x6e, 0x74, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x18, 0x07, 0x20, 0x02, 0x28, 0x09, 0x52, - 0x0a, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x73, - 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, 0x08, 0x20, 0x02, 0x28, 0x09, 0x52, 0x06, 0x73, 0x6f, 0x75, - 0x72, 0x63, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x09, - 0x20, 0x02, 0x28, 0x09, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x1b, 0x0a, - 0x09, 0x73, 0x68, 0x61, 0x72, 0x65, 0x64, 0x5f, 0x69, 0x64, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0d, - 0x52, 0x08, 0x73, 0x68, 0x61, 0x72, 0x65, 0x64, 0x49, 0x64, 0x12, 0x1b, 0x0a, 0x09, 0x6d, 0x61, - 0x73, 0x74, 0x65, 0x72, 0x5f, 0x69, 0x64, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x08, 0x6d, - 0x61, 0x73, 0x74, 0x65, 0x72, 0x49, 0x64, 0x12, 0x1f, 0x0a, 0x0b, 0x77, 0x69, 0x74, 0x68, 0x5f, - 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x77, 0x69, - 0x74, 0x68, 0x50, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x12, 0x1b, 0x0a, 0x09, 0x65, 0x78, 0x74, 0x5f, - 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x65, 0x78, 0x74, - 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x66, 0x73, 0x6e, 0x61, 0x6d, 0x65, 0x18, - 0x0e, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x66, 0x73, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x29, 0x0a, - 0x10, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5f, 0x73, 0x68, 0x61, 0x72, 0x69, 0x6e, - 0x67, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, - 0x6c, 0x53, 0x68, 0x61, 0x72, 0x69, 0x6e, 0x67, 0x12, 0x18, 0x0a, 0x07, 0x64, 0x65, 0x6c, 0x65, - 0x74, 0x65, 0x64, 0x18, 0x10, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x64, 0x65, 0x6c, 0x65, 0x74, - 0x65, 0x64, 0x12, 0x20, 0x0a, 0x08, 0x73, 0x62, 0x5f, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x11, - 0x20, 0x01, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x07, 0x73, 0x62, 0x46, - 0x6c, 0x61, 0x67, 0x73, 0x12, 0x17, 0x0a, 0x07, 0x65, 0x78, 0x74, 0x5f, 0x6b, 0x65, 0x79, 0x18, - 0x12, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x65, 0x78, 0x74, 0x4b, 0x65, 0x79, 0x2a, 0x90, 0x02, - 0x0a, 0x06, 0x66, 0x73, 0x74, 0x79, 0x70, 0x65, 0x12, 0x0f, 0x0a, 0x0b, 0x55, 0x4e, 0x53, 0x55, - 0x50, 0x50, 0x4f, 0x52, 0x54, 0x45, 0x44, 0x10, 0x00, 0x12, 0x08, 0x0a, 0x04, 0x50, 0x52, 0x4f, - 0x43, 0x10, 0x01, 0x12, 0x09, 0x0a, 0x05, 0x53, 0x59, 0x53, 0x46, 0x53, 0x10, 0x02, 0x12, 0x0c, - 0x0a, 0x08, 0x44, 0x45, 0x56, 0x54, 0x4d, 0x50, 0x46, 0x53, 0x10, 0x03, 0x12, 0x0f, 0x0a, 0x0b, - 0x42, 0x49, 0x4e, 0x46, 0x4d, 0x54, 0x5f, 0x4d, 0x49, 0x53, 0x43, 0x10, 0x04, 0x12, 0x09, 0x0a, - 0x05, 0x54, 0x4d, 0x50, 0x46, 0x53, 0x10, 0x05, 0x12, 0x0a, 0x0a, 0x06, 0x44, 0x45, 0x56, 0x50, - 0x54, 0x53, 0x10, 0x06, 0x12, 0x09, 0x0a, 0x05, 0x53, 0x49, 0x4d, 0x46, 0x53, 0x10, 0x07, 0x12, - 0x0a, 0x0a, 0x06, 0x50, 0x53, 0x54, 0x4f, 0x52, 0x45, 0x10, 0x08, 0x12, 0x0e, 0x0a, 0x0a, 0x53, - 0x45, 0x43, 0x55, 0x52, 0x49, 0x54, 0x59, 0x46, 0x53, 0x10, 0x09, 0x12, 0x0b, 0x0a, 0x07, 0x46, - 0x55, 0x53, 0x45, 0x43, 0x54, 0x4c, 0x10, 0x0a, 0x12, 0x0b, 0x0a, 0x07, 0x44, 0x45, 0x42, 0x55, - 0x47, 0x46, 0x53, 0x10, 0x0b, 0x12, 0x0a, 0x0a, 0x06, 0x43, 0x47, 0x52, 0x4f, 0x55, 0x50, 0x10, - 0x0c, 0x12, 0x08, 0x0a, 0x04, 0x41, 0x55, 0x46, 0x53, 0x10, 0x0d, 0x12, 0x0a, 0x0a, 0x06, 0x4d, - 0x51, 0x55, 0x45, 0x55, 0x45, 0x10, 0x0e, 0x12, 0x08, 0x0a, 0x04, 0x46, 0x55, 0x53, 0x45, 0x10, - 0x0f, 0x12, 0x08, 0x0a, 0x04, 0x41, 0x55, 0x54, 0x4f, 0x10, 0x10, 0x12, 0x0d, 0x0a, 0x09, 0x4f, - 0x56, 0x45, 0x52, 0x4c, 0x41, 0x59, 0x46, 0x53, 0x10, 0x11, 0x12, 0x0a, 0x0a, 0x06, 0x41, 0x55, - 0x54, 0x4f, 0x46, 0x53, 0x10, 0x12, 0x12, 0x0b, 0x0a, 0x07, 0x54, 0x52, 0x41, 0x43, 0x45, 0x46, - 0x53, 0x10, 0x13, 0x12, 0x0b, 0x0a, 0x07, 0x43, 0x47, 0x52, 0x4f, 0x55, 0x50, 0x32, 0x10, 0x17, -} - -var ( - file_mnt_proto_rawDescOnce sync.Once - file_mnt_proto_rawDescData = file_mnt_proto_rawDesc -) - -func file_mnt_proto_rawDescGZIP() []byte { - file_mnt_proto_rawDescOnce.Do(func() { - file_mnt_proto_rawDescData = protoimpl.X.CompressGZIP(file_mnt_proto_rawDescData) - }) - return file_mnt_proto_rawDescData -} - -var file_mnt_proto_enumTypes = make([]protoimpl.EnumInfo, 1) -var file_mnt_proto_msgTypes = make([]protoimpl.MessageInfo, 1) -var file_mnt_proto_goTypes = []interface{}{ - (Fstype)(0), // 0: fstype - (*MntEntry)(nil), // 1: mnt_entry -} -var file_mnt_proto_depIdxs = []int32{ - 0, // [0:0] is the sub-list for method output_type - 0, // [0:0] is the sub-list for method input_type - 0, // [0:0] is the sub-list for extension type_name - 0, // [0:0] is the sub-list for extension extendee - 0, // [0:0] is the sub-list for field type_name -} - -func init() { file_mnt_proto_init() } -func file_mnt_proto_init() { - if File_mnt_proto != nil { - return - } - file_opts_proto_init() - if !protoimpl.UnsafeEnabled { - file_mnt_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*MntEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_mnt_proto_rawDesc, - NumEnums: 1, - NumMessages: 1, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_mnt_proto_goTypes, - DependencyIndexes: file_mnt_proto_depIdxs, - EnumInfos: file_mnt_proto_enumTypes, - MessageInfos: file_mnt_proto_msgTypes, - }.Build() - File_mnt_proto = out.File - file_mnt_proto_rawDesc = nil - file_mnt_proto_goTypes = nil - file_mnt_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/mnt.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/mnt.proto deleted file mode 100644 index 4abb7d1a95d..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/mnt.proto +++ /dev/null @@ -1,62 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -import "opts.proto"; - -enum fstype { - UNSUPPORTED = 0; - PROC = 1; - SYSFS = 2; - DEVTMPFS = 3; - BINFMT_MISC = 4; - TMPFS = 5; - DEVPTS = 6; - SIMFS = 7; - PSTORE = 8; - SECURITYFS = 9; - FUSECTL = 10; - DEBUGFS = 11; - CGROUP = 12; - AUFS = 13; - MQUEUE = 14; - FUSE = 15; - AUTO = 16; - OVERLAYFS = 17; - AUTOFS = 18; - TRACEFS = 19; - - /* These three are reserved for NFS support */ - // RPC_PIPEFS = 20; - // NFS = 21; - // NFS4 = 22; - - CGROUP2 = 23; -}; - -message mnt_entry { - required uint32 fstype = 1; - required uint32 mnt_id = 2; - required uint32 root_dev = 3 [(criu).dev = true]; - required uint32 parent_mnt_id = 4; - required uint32 flags = 5 [(criu).hex = true]; - - required string root = 6; - required string mountpoint = 7; - required string source = 8; - required string options = 9; - - optional uint32 shared_id = 10; - optional uint32 master_id = 11; - - optional bool with_plugin = 12; - optional bool ext_mount = 13; - - optional string fsname = 14; - optional bool internal_sharing = 15; - - optional bool deleted = 16; - optional uint32 sb_flags = 17 [(criu).hex = true]; - /* user defined mapping for external mount */ - optional string ext_key = 18; -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/netdev.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/netdev.pb.go deleted file mode 100644 index bcceee8533c..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/netdev.pb.go +++ /dev/null @@ -1,616 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: netdev.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type NdType int32 - -const ( - NdType_LOOPBACK NdType = 1 - NdType_VETH NdType = 2 - NdType_TUN NdType = 3 - // External link -- for those CRIU only dumps and restores - // link parameters such as flags, address, MTU, etc. The - // existence of the link on restore should be provided - // by the setup-namespaces script. - NdType_EXTLINK NdType = 4 - NdType_VENET NdType = 5 // OpenVZ device - NdType_BRIDGE NdType = 6 - NdType_MACVLAN NdType = 7 - NdType_SIT NdType = 8 -) - -// Enum value maps for NdType. -var ( - NdType_name = map[int32]string{ - 1: "LOOPBACK", - 2: "VETH", - 3: "TUN", - 4: "EXTLINK", - 5: "VENET", - 6: "BRIDGE", - 7: "MACVLAN", - 8: "SIT", - } - NdType_value = map[string]int32{ - "LOOPBACK": 1, - "VETH": 2, - "TUN": 3, - "EXTLINK": 4, - "VENET": 5, - "BRIDGE": 6, - "MACVLAN": 7, - "SIT": 8, - } -) - -func (x NdType) Enum() *NdType { - p := new(NdType) - *p = x - return p -} - -func (x NdType) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (NdType) Descriptor() protoreflect.EnumDescriptor { - return file_netdev_proto_enumTypes[0].Descriptor() -} - -func (NdType) Type() protoreflect.EnumType { - return &file_netdev_proto_enumTypes[0] -} - -func (x NdType) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Do not use. -func (x *NdType) UnmarshalJSON(b []byte) error { - num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b) - if err != nil { - return err - } - *x = NdType(num) - return nil -} - -// Deprecated: Use NdType.Descriptor instead. -func (NdType) EnumDescriptor() ([]byte, []int) { - return file_netdev_proto_rawDescGZIP(), []int{0} -} - -type NetDeviceEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Type *NdType `protobuf:"varint,1,req,name=type,enum=NdType" json:"type,omitempty"` - Ifindex *uint32 `protobuf:"varint,2,req,name=ifindex" json:"ifindex,omitempty"` - Mtu *uint32 `protobuf:"varint,3,req,name=mtu" json:"mtu,omitempty"` - Flags *uint32 `protobuf:"varint,4,req,name=flags" json:"flags,omitempty"` - Name *string `protobuf:"bytes,5,req,name=name" json:"name,omitempty"` - Tun *TunLinkEntry `protobuf:"bytes,6,opt,name=tun" json:"tun,omitempty"` - Address []byte `protobuf:"bytes,7,opt,name=address" json:"address,omitempty"` - Conf []int32 `protobuf:"varint,8,rep,name=conf" json:"conf,omitempty"` - Conf4 []*SysctlEntry `protobuf:"bytes,9,rep,name=conf4" json:"conf4,omitempty"` - Conf6 []*SysctlEntry `protobuf:"bytes,10,rep,name=conf6" json:"conf6,omitempty"` - Macvlan *MacvlanLinkEntry `protobuf:"bytes,11,opt,name=macvlan" json:"macvlan,omitempty"` - PeerIfindex *uint32 `protobuf:"varint,12,opt,name=peer_ifindex,json=peerIfindex" json:"peer_ifindex,omitempty"` - PeerNsid *uint32 `protobuf:"varint,13,opt,name=peer_nsid,json=peerNsid" json:"peer_nsid,omitempty"` - Master *uint32 `protobuf:"varint,14,opt,name=master" json:"master,omitempty"` - Sit *SitEntry `protobuf:"bytes,15,opt,name=sit" json:"sit,omitempty"` -} - -func (x *NetDeviceEntry) Reset() { - *x = NetDeviceEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_netdev_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *NetDeviceEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*NetDeviceEntry) ProtoMessage() {} - -func (x *NetDeviceEntry) ProtoReflect() protoreflect.Message { - mi := &file_netdev_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use NetDeviceEntry.ProtoReflect.Descriptor instead. -func (*NetDeviceEntry) Descriptor() ([]byte, []int) { - return file_netdev_proto_rawDescGZIP(), []int{0} -} - -func (x *NetDeviceEntry) GetType() NdType { - if x != nil && x.Type != nil { - return *x.Type - } - return NdType_LOOPBACK -} - -func (x *NetDeviceEntry) GetIfindex() uint32 { - if x != nil && x.Ifindex != nil { - return *x.Ifindex - } - return 0 -} - -func (x *NetDeviceEntry) GetMtu() uint32 { - if x != nil && x.Mtu != nil { - return *x.Mtu - } - return 0 -} - -func (x *NetDeviceEntry) GetFlags() uint32 { - if x != nil && x.Flags != nil { - return *x.Flags - } - return 0 -} - -func (x *NetDeviceEntry) GetName() string { - if x != nil && x.Name != nil { - return *x.Name - } - return "" -} - -func (x *NetDeviceEntry) GetTun() *TunLinkEntry { - if x != nil { - return x.Tun - } - return nil -} - -func (x *NetDeviceEntry) GetAddress() []byte { - if x != nil { - return x.Address - } - return nil -} - -func (x *NetDeviceEntry) GetConf() []int32 { - if x != nil { - return x.Conf - } - return nil -} - -func (x *NetDeviceEntry) GetConf4() []*SysctlEntry { - if x != nil { - return x.Conf4 - } - return nil -} - -func (x *NetDeviceEntry) GetConf6() []*SysctlEntry { - if x != nil { - return x.Conf6 - } - return nil -} - -func (x *NetDeviceEntry) GetMacvlan() *MacvlanLinkEntry { - if x != nil { - return x.Macvlan - } - return nil -} - -func (x *NetDeviceEntry) GetPeerIfindex() uint32 { - if x != nil && x.PeerIfindex != nil { - return *x.PeerIfindex - } - return 0 -} - -func (x *NetDeviceEntry) GetPeerNsid() uint32 { - if x != nil && x.PeerNsid != nil { - return *x.PeerNsid - } - return 0 -} - -func (x *NetDeviceEntry) GetMaster() uint32 { - if x != nil && x.Master != nil { - return *x.Master - } - return 0 -} - -func (x *NetDeviceEntry) GetSit() *SitEntry { - if x != nil { - return x.Sit - } - return nil -} - -type NetnsId struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // This is CRIU's id which is allocated for each namespace - TargetNsId *uint32 `protobuf:"varint,1,req,name=target_ns_id,json=targetNsId" json:"target_ns_id,omitempty"` - // This is an id which can be used to address this namespace - // from another network namespace. Each network namespace has - // one set of id-s for other namespaces. - NetnsidValue *int32 `protobuf:"varint,2,req,name=netnsid_value,json=netnsidValue" json:"netnsid_value,omitempty"` -} - -func (x *NetnsId) Reset() { - *x = NetnsId{} - if protoimpl.UnsafeEnabled { - mi := &file_netdev_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *NetnsId) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*NetnsId) ProtoMessage() {} - -func (x *NetnsId) ProtoReflect() protoreflect.Message { - mi := &file_netdev_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use NetnsId.ProtoReflect.Descriptor instead. -func (*NetnsId) Descriptor() ([]byte, []int) { - return file_netdev_proto_rawDescGZIP(), []int{1} -} - -func (x *NetnsId) GetTargetNsId() uint32 { - if x != nil && x.TargetNsId != nil { - return *x.TargetNsId - } - return 0 -} - -func (x *NetnsId) GetNetnsidValue() int32 { - if x != nil && x.NetnsidValue != nil { - return *x.NetnsidValue - } - return 0 -} - -type NetnsEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - DefConf []int32 `protobuf:"varint,1,rep,name=def_conf,json=defConf" json:"def_conf,omitempty"` - AllConf []int32 `protobuf:"varint,2,rep,name=all_conf,json=allConf" json:"all_conf,omitempty"` - DefConf4 []*SysctlEntry `protobuf:"bytes,3,rep,name=def_conf4,json=defConf4" json:"def_conf4,omitempty"` - AllConf4 []*SysctlEntry `protobuf:"bytes,4,rep,name=all_conf4,json=allConf4" json:"all_conf4,omitempty"` - DefConf6 []*SysctlEntry `protobuf:"bytes,5,rep,name=def_conf6,json=defConf6" json:"def_conf6,omitempty"` - AllConf6 []*SysctlEntry `protobuf:"bytes,6,rep,name=all_conf6,json=allConf6" json:"all_conf6,omitempty"` - Nsids []*NetnsId `protobuf:"bytes,7,rep,name=nsids" json:"nsids,omitempty"` - ExtKey *string `protobuf:"bytes,8,opt,name=ext_key,json=extKey" json:"ext_key,omitempty"` - UnixConf []*SysctlEntry `protobuf:"bytes,9,rep,name=unix_conf,json=unixConf" json:"unix_conf,omitempty"` -} - -func (x *NetnsEntry) Reset() { - *x = NetnsEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_netdev_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *NetnsEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*NetnsEntry) ProtoMessage() {} - -func (x *NetnsEntry) ProtoReflect() protoreflect.Message { - mi := &file_netdev_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use NetnsEntry.ProtoReflect.Descriptor instead. -func (*NetnsEntry) Descriptor() ([]byte, []int) { - return file_netdev_proto_rawDescGZIP(), []int{2} -} - -func (x *NetnsEntry) GetDefConf() []int32 { - if x != nil { - return x.DefConf - } - return nil -} - -func (x *NetnsEntry) GetAllConf() []int32 { - if x != nil { - return x.AllConf - } - return nil -} - -func (x *NetnsEntry) GetDefConf4() []*SysctlEntry { - if x != nil { - return x.DefConf4 - } - return nil -} - -func (x *NetnsEntry) GetAllConf4() []*SysctlEntry { - if x != nil { - return x.AllConf4 - } - return nil -} - -func (x *NetnsEntry) GetDefConf6() []*SysctlEntry { - if x != nil { - return x.DefConf6 - } - return nil -} - -func (x *NetnsEntry) GetAllConf6() []*SysctlEntry { - if x != nil { - return x.AllConf6 - } - return nil -} - -func (x *NetnsEntry) GetNsids() []*NetnsId { - if x != nil { - return x.Nsids - } - return nil -} - -func (x *NetnsEntry) GetExtKey() string { - if x != nil && x.ExtKey != nil { - return *x.ExtKey - } - return "" -} - -func (x *NetnsEntry) GetUnixConf() []*SysctlEntry { - if x != nil { - return x.UnixConf - } - return nil -} - -var File_netdev_proto protoreflect.FileDescriptor - -var file_netdev_proto_rawDesc = []byte{ - 0x0a, 0x0c, 0x6e, 0x65, 0x74, 0x64, 0x65, 0x76, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0d, - 0x6d, 0x61, 0x63, 0x76, 0x6c, 0x61, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x6f, - 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x09, 0x74, 0x75, 0x6e, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0c, 0x73, 0x79, 0x73, 0x63, 0x74, 0x6c, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x1a, 0x09, 0x73, 0x69, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xcd, 0x03, - 0x0a, 0x10, 0x6e, 0x65, 0x74, 0x5f, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x65, 0x6e, 0x74, - 0x72, 0x79, 0x12, 0x1c, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0e, - 0x32, 0x08, 0x2e, 0x6e, 0x64, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, - 0x12, 0x18, 0x0a, 0x07, 0x69, 0x66, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x02, 0x20, 0x02, 0x28, - 0x0d, 0x52, 0x07, 0x69, 0x66, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x10, 0x0a, 0x03, 0x6d, 0x74, - 0x75, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, 0x6d, 0x74, 0x75, 0x12, 0x1b, 0x0a, 0x05, - 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, - 0x08, 0x01, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, - 0x65, 0x18, 0x05, 0x20, 0x02, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x21, 0x0a, - 0x03, 0x74, 0x75, 0x6e, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x74, 0x75, 0x6e, - 0x5f, 0x6c, 0x69, 0x6e, 0x6b, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x74, 0x75, 0x6e, - 0x12, 0x18, 0x0a, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, - 0x0c, 0x52, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x63, 0x6f, - 0x6e, 0x66, 0x18, 0x08, 0x20, 0x03, 0x28, 0x05, 0x52, 0x04, 0x63, 0x6f, 0x6e, 0x66, 0x12, 0x23, - 0x0a, 0x05, 0x63, 0x6f, 0x6e, 0x66, 0x34, 0x18, 0x09, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0d, 0x2e, - 0x73, 0x79, 0x73, 0x63, 0x74, 0x6c, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x05, 0x63, 0x6f, - 0x6e, 0x66, 0x34, 0x12, 0x23, 0x0a, 0x05, 0x63, 0x6f, 0x6e, 0x66, 0x36, 0x18, 0x0a, 0x20, 0x03, - 0x28, 0x0b, 0x32, 0x0d, 0x2e, 0x73, 0x79, 0x73, 0x63, 0x74, 0x6c, 0x5f, 0x65, 0x6e, 0x74, 0x72, - 0x79, 0x52, 0x05, 0x63, 0x6f, 0x6e, 0x66, 0x36, 0x12, 0x2d, 0x0a, 0x07, 0x6d, 0x61, 0x63, 0x76, - 0x6c, 0x61, 0x6e, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x6d, 0x61, 0x63, 0x76, - 0x6c, 0x61, 0x6e, 0x5f, 0x6c, 0x69, 0x6e, 0x6b, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, - 0x6d, 0x61, 0x63, 0x76, 0x6c, 0x61, 0x6e, 0x12, 0x21, 0x0a, 0x0c, 0x70, 0x65, 0x65, 0x72, 0x5f, - 0x69, 0x66, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0b, 0x70, - 0x65, 0x65, 0x72, 0x49, 0x66, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x1b, 0x0a, 0x09, 0x70, 0x65, - 0x65, 0x72, 0x5f, 0x6e, 0x73, 0x69, 0x64, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x08, 0x70, - 0x65, 0x65, 0x72, 0x4e, 0x73, 0x69, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x6d, 0x61, 0x73, 0x74, 0x65, - 0x72, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x06, 0x6d, 0x61, 0x73, 0x74, 0x65, 0x72, 0x12, - 0x1c, 0x0a, 0x03, 0x73, 0x69, 0x74, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0a, 0x2e, 0x73, - 0x69, 0x74, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x73, 0x69, 0x74, 0x22, 0x51, 0x0a, - 0x08, 0x6e, 0x65, 0x74, 0x6e, 0x73, 0x5f, 0x69, 0x64, 0x12, 0x20, 0x0a, 0x0c, 0x74, 0x61, 0x72, - 0x67, 0x65, 0x74, 0x5f, 0x6e, 0x73, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, - 0x0a, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x4e, 0x73, 0x49, 0x64, 0x12, 0x23, 0x0a, 0x0d, 0x6e, - 0x65, 0x74, 0x6e, 0x73, 0x69, 0x64, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x02, - 0x28, 0x05, 0x52, 0x0c, 0x6e, 0x65, 0x74, 0x6e, 0x73, 0x69, 0x64, 0x56, 0x61, 0x6c, 0x75, 0x65, - 0x22, 0xd9, 0x02, 0x0a, 0x0b, 0x6e, 0x65, 0x74, 0x6e, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, - 0x12, 0x19, 0x0a, 0x08, 0x64, 0x65, 0x66, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x18, 0x01, 0x20, 0x03, - 0x28, 0x05, 0x52, 0x07, 0x64, 0x65, 0x66, 0x43, 0x6f, 0x6e, 0x66, 0x12, 0x19, 0x0a, 0x08, 0x61, - 0x6c, 0x6c, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x18, 0x02, 0x20, 0x03, 0x28, 0x05, 0x52, 0x07, 0x61, - 0x6c, 0x6c, 0x43, 0x6f, 0x6e, 0x66, 0x12, 0x2a, 0x0a, 0x09, 0x64, 0x65, 0x66, 0x5f, 0x63, 0x6f, - 0x6e, 0x66, 0x34, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0d, 0x2e, 0x73, 0x79, 0x73, 0x63, - 0x74, 0x6c, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x08, 0x64, 0x65, 0x66, 0x43, 0x6f, 0x6e, - 0x66, 0x34, 0x12, 0x2a, 0x0a, 0x09, 0x61, 0x6c, 0x6c, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x34, 0x18, - 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0d, 0x2e, 0x73, 0x79, 0x73, 0x63, 0x74, 0x6c, 0x5f, 0x65, - 0x6e, 0x74, 0x72, 0x79, 0x52, 0x08, 0x61, 0x6c, 0x6c, 0x43, 0x6f, 0x6e, 0x66, 0x34, 0x12, 0x2a, - 0x0a, 0x09, 0x64, 0x65, 0x66, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x36, 0x18, 0x05, 0x20, 0x03, 0x28, - 0x0b, 0x32, 0x0d, 0x2e, 0x73, 0x79, 0x73, 0x63, 0x74, 0x6c, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, - 0x52, 0x08, 0x64, 0x65, 0x66, 0x43, 0x6f, 0x6e, 0x66, 0x36, 0x12, 0x2a, 0x0a, 0x09, 0x61, 0x6c, - 0x6c, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x36, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0d, 0x2e, - 0x73, 0x79, 0x73, 0x63, 0x74, 0x6c, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x08, 0x61, 0x6c, - 0x6c, 0x43, 0x6f, 0x6e, 0x66, 0x36, 0x12, 0x1f, 0x0a, 0x05, 0x6e, 0x73, 0x69, 0x64, 0x73, 0x18, - 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x09, 0x2e, 0x6e, 0x65, 0x74, 0x6e, 0x73, 0x5f, 0x69, 0x64, - 0x52, 0x05, 0x6e, 0x73, 0x69, 0x64, 0x73, 0x12, 0x17, 0x0a, 0x07, 0x65, 0x78, 0x74, 0x5f, 0x6b, - 0x65, 0x79, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x65, 0x78, 0x74, 0x4b, 0x65, 0x79, - 0x12, 0x2a, 0x0a, 0x09, 0x75, 0x6e, 0x69, 0x78, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x18, 0x09, 0x20, - 0x03, 0x28, 0x0b, 0x32, 0x0d, 0x2e, 0x73, 0x79, 0x73, 0x63, 0x74, 0x6c, 0x5f, 0x65, 0x6e, 0x74, - 0x72, 0x79, 0x52, 0x08, 0x75, 0x6e, 0x69, 0x78, 0x43, 0x6f, 0x6e, 0x66, 0x2a, 0x64, 0x0a, 0x07, - 0x6e, 0x64, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x12, 0x0c, 0x0a, 0x08, 0x4c, 0x4f, 0x4f, 0x50, 0x42, - 0x41, 0x43, 0x4b, 0x10, 0x01, 0x12, 0x08, 0x0a, 0x04, 0x56, 0x45, 0x54, 0x48, 0x10, 0x02, 0x12, - 0x07, 0x0a, 0x03, 0x54, 0x55, 0x4e, 0x10, 0x03, 0x12, 0x0b, 0x0a, 0x07, 0x45, 0x58, 0x54, 0x4c, - 0x49, 0x4e, 0x4b, 0x10, 0x04, 0x12, 0x09, 0x0a, 0x05, 0x56, 0x45, 0x4e, 0x45, 0x54, 0x10, 0x05, - 0x12, 0x0a, 0x0a, 0x06, 0x42, 0x52, 0x49, 0x44, 0x47, 0x45, 0x10, 0x06, 0x12, 0x0b, 0x0a, 0x07, - 0x4d, 0x41, 0x43, 0x56, 0x4c, 0x41, 0x4e, 0x10, 0x07, 0x12, 0x07, 0x0a, 0x03, 0x53, 0x49, 0x54, - 0x10, 0x08, -} - -var ( - file_netdev_proto_rawDescOnce sync.Once - file_netdev_proto_rawDescData = file_netdev_proto_rawDesc -) - -func file_netdev_proto_rawDescGZIP() []byte { - file_netdev_proto_rawDescOnce.Do(func() { - file_netdev_proto_rawDescData = protoimpl.X.CompressGZIP(file_netdev_proto_rawDescData) - }) - return file_netdev_proto_rawDescData -} - -var file_netdev_proto_enumTypes = make([]protoimpl.EnumInfo, 1) -var file_netdev_proto_msgTypes = make([]protoimpl.MessageInfo, 3) -var file_netdev_proto_goTypes = []interface{}{ - (NdType)(0), // 0: nd_type - (*NetDeviceEntry)(nil), // 1: net_device_entry - (*NetnsId)(nil), // 2: netns_id - (*NetnsEntry)(nil), // 3: netns_entry - (*TunLinkEntry)(nil), // 4: tun_link_entry - (*SysctlEntry)(nil), // 5: sysctl_entry - (*MacvlanLinkEntry)(nil), // 6: macvlan_link_entry - (*SitEntry)(nil), // 7: sit_entry -} -var file_netdev_proto_depIdxs = []int32{ - 0, // 0: net_device_entry.type:type_name -> nd_type - 4, // 1: net_device_entry.tun:type_name -> tun_link_entry - 5, // 2: net_device_entry.conf4:type_name -> sysctl_entry - 5, // 3: net_device_entry.conf6:type_name -> sysctl_entry - 6, // 4: net_device_entry.macvlan:type_name -> macvlan_link_entry - 7, // 5: net_device_entry.sit:type_name -> sit_entry - 5, // 6: netns_entry.def_conf4:type_name -> sysctl_entry - 5, // 7: netns_entry.all_conf4:type_name -> sysctl_entry - 5, // 8: netns_entry.def_conf6:type_name -> sysctl_entry - 5, // 9: netns_entry.all_conf6:type_name -> sysctl_entry - 2, // 10: netns_entry.nsids:type_name -> netns_id - 5, // 11: netns_entry.unix_conf:type_name -> sysctl_entry - 12, // [12:12] is the sub-list for method output_type - 12, // [12:12] is the sub-list for method input_type - 12, // [12:12] is the sub-list for extension type_name - 12, // [12:12] is the sub-list for extension extendee - 0, // [0:12] is the sub-list for field type_name -} - -func init() { file_netdev_proto_init() } -func file_netdev_proto_init() { - if File_netdev_proto != nil { - return - } - file_macvlan_proto_init() - file_opts_proto_init() - file_tun_proto_init() - file_sysctl_proto_init() - file_sit_proto_init() - if !protoimpl.UnsafeEnabled { - file_netdev_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*NetDeviceEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_netdev_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*NetnsId); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_netdev_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*NetnsEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_netdev_proto_rawDesc, - NumEnums: 1, - NumMessages: 3, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_netdev_proto_goTypes, - DependencyIndexes: file_netdev_proto_depIdxs, - EnumInfos: file_netdev_proto_enumTypes, - MessageInfos: file_netdev_proto_msgTypes, - }.Build() - File_netdev_proto = out.File - file_netdev_proto_rawDesc = nil - file_netdev_proto_goTypes = nil - file_netdev_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/netdev.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/netdev.proto deleted file mode 100644 index 748fd02004b..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/netdev.proto +++ /dev/null @@ -1,77 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -import "macvlan.proto"; -import "opts.proto"; -import "tun.proto"; -import "sysctl.proto"; -import "sit.proto"; - -enum nd_type { - LOOPBACK = 1; - VETH = 2; - TUN = 3; - /* - * External link -- for those CRIU only dumps and restores - * link parameters such as flags, address, MTU, etc. The - * existence of the link on restore should be provided - * by the setup-namespaces script. - */ - EXTLINK = 4; - VENET = 5; /* OpenVZ device */ - BRIDGE = 6; - MACVLAN = 7; - SIT = 8; -} - -message net_device_entry { - required nd_type type = 1; - required uint32 ifindex = 2; - required uint32 mtu = 3; - required uint32 flags = 4 [(criu).hex = true]; - required string name = 5; - - optional tun_link_entry tun = 6; - - optional bytes address = 7; - - repeated int32 conf = 8; - - repeated sysctl_entry conf4 = 9; - - repeated sysctl_entry conf6 = 10; - - optional macvlan_link_entry macvlan = 11; - - optional uint32 peer_ifindex = 12; - optional uint32 peer_nsid = 13; - optional uint32 master = 14; - optional sit_entry sit = 15; -} - -message netns_id { - /* This is CRIU's id which is allocated for each namespace */ - required uint32 target_ns_id = 1; - /* - * This is an id which can be used to address this namespace - * from another network namespace. Each network namespace has - * one set of id-s for other namespaces. - */ - required int32 netnsid_value = 2; -} - -message netns_entry { - repeated int32 def_conf = 1; - repeated int32 all_conf = 2; - - repeated sysctl_entry def_conf4 = 3; - repeated sysctl_entry all_conf4 = 4; - - repeated sysctl_entry def_conf6 = 5; - repeated sysctl_entry all_conf6 = 6; - - repeated netns_id nsids = 7; - optional string ext_key = 8; - repeated sysctl_entry unix_conf = 9; -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ns.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ns.pb.go deleted file mode 100644 index 361308164bb..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ns.pb.go +++ /dev/null @@ -1,170 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: ns.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type NsFileEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Id *uint32 `protobuf:"varint,1,req,name=id" json:"id,omitempty"` - NsId *uint32 `protobuf:"varint,2,req,name=ns_id,json=nsId" json:"ns_id,omitempty"` - NsCflag *uint32 `protobuf:"varint,3,req,name=ns_cflag,json=nsCflag" json:"ns_cflag,omitempty"` - Flags *uint32 `protobuf:"varint,4,req,name=flags" json:"flags,omitempty"` -} - -func (x *NsFileEntry) Reset() { - *x = NsFileEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_ns_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *NsFileEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*NsFileEntry) ProtoMessage() {} - -func (x *NsFileEntry) ProtoReflect() protoreflect.Message { - mi := &file_ns_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use NsFileEntry.ProtoReflect.Descriptor instead. -func (*NsFileEntry) Descriptor() ([]byte, []int) { - return file_ns_proto_rawDescGZIP(), []int{0} -} - -func (x *NsFileEntry) GetId() uint32 { - if x != nil && x.Id != nil { - return *x.Id - } - return 0 -} - -func (x *NsFileEntry) GetNsId() uint32 { - if x != nil && x.NsId != nil { - return *x.NsId - } - return 0 -} - -func (x *NsFileEntry) GetNsCflag() uint32 { - if x != nil && x.NsCflag != nil { - return *x.NsCflag - } - return 0 -} - -func (x *NsFileEntry) GetFlags() uint32 { - if x != nil && x.Flags != nil { - return *x.Flags - } - return 0 -} - -var File_ns_proto protoreflect.FileDescriptor - -var file_ns_proto_rawDesc = []byte{ - 0x0a, 0x08, 0x6e, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x65, 0x0a, 0x0d, 0x6e, 0x73, - 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, - 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, 0x13, 0x0a, 0x05, 0x6e, - 0x73, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x6e, 0x73, 0x49, 0x64, - 0x12, 0x19, 0x0a, 0x08, 0x6e, 0x73, 0x5f, 0x63, 0x66, 0x6c, 0x61, 0x67, 0x18, 0x03, 0x20, 0x02, - 0x28, 0x0d, 0x52, 0x07, 0x6e, 0x73, 0x43, 0x66, 0x6c, 0x61, 0x67, 0x12, 0x14, 0x0a, 0x05, 0x66, - 0x6c, 0x61, 0x67, 0x73, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, - 0x73, -} - -var ( - file_ns_proto_rawDescOnce sync.Once - file_ns_proto_rawDescData = file_ns_proto_rawDesc -) - -func file_ns_proto_rawDescGZIP() []byte { - file_ns_proto_rawDescOnce.Do(func() { - file_ns_proto_rawDescData = protoimpl.X.CompressGZIP(file_ns_proto_rawDescData) - }) - return file_ns_proto_rawDescData -} - -var file_ns_proto_msgTypes = make([]protoimpl.MessageInfo, 1) -var file_ns_proto_goTypes = []interface{}{ - (*NsFileEntry)(nil), // 0: ns_file_entry -} -var file_ns_proto_depIdxs = []int32{ - 0, // [0:0] is the sub-list for method output_type - 0, // [0:0] is the sub-list for method input_type - 0, // [0:0] is the sub-list for extension type_name - 0, // [0:0] is the sub-list for extension extendee - 0, // [0:0] is the sub-list for field type_name -} - -func init() { file_ns_proto_init() } -func file_ns_proto_init() { - if File_ns_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_ns_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*NsFileEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_ns_proto_rawDesc, - NumEnums: 0, - NumMessages: 1, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_ns_proto_goTypes, - DependencyIndexes: file_ns_proto_depIdxs, - MessageInfos: file_ns_proto_msgTypes, - }.Build() - File_ns_proto = out.File - file_ns_proto_rawDesc = nil - file_ns_proto_goTypes = nil - file_ns_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ns.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ns.proto deleted file mode 100644 index 19ec641f623..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/ns.proto +++ /dev/null @@ -1,10 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -message ns_file_entry { - required uint32 id = 1; - required uint32 ns_id = 2; - required uint32 ns_cflag = 3; - required uint32 flags = 4; -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/opts.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/opts.pb.go deleted file mode 100644 index 6c4d4be8ae9..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/opts.pb.go +++ /dev/null @@ -1,227 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: opts.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - descriptorpb "google.golang.org/protobuf/types/descriptorpb" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type CRIU_Opts struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Hex *bool `protobuf:"varint,1,opt,name=hex" json:"hex,omitempty"` // Indicate that CRIT should treat this field as hex. - Ipadd *bool `protobuf:"varint,2,opt,name=ipadd" json:"ipadd,omitempty"` // The field is IPv4/v6 address - Flags *string `protobuf:"bytes,3,opt,name=flags" json:"flags,omitempty"` - Dev *bool `protobuf:"varint,4,opt,name=dev" json:"dev,omitempty"` // Device major:minor packed - Odev *bool `protobuf:"varint,5,opt,name=odev" json:"odev,omitempty"` // ... in old format - Dict *string `protobuf:"bytes,6,opt,name=dict" json:"dict,omitempty"` - Conv *string `protobuf:"bytes,7,opt,name=conv" json:"conv,omitempty"` -} - -func (x *CRIU_Opts) Reset() { - *x = CRIU_Opts{} - if protoimpl.UnsafeEnabled { - mi := &file_opts_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *CRIU_Opts) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*CRIU_Opts) ProtoMessage() {} - -func (x *CRIU_Opts) ProtoReflect() protoreflect.Message { - mi := &file_opts_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use CRIU_Opts.ProtoReflect.Descriptor instead. -func (*CRIU_Opts) Descriptor() ([]byte, []int) { - return file_opts_proto_rawDescGZIP(), []int{0} -} - -func (x *CRIU_Opts) GetHex() bool { - if x != nil && x.Hex != nil { - return *x.Hex - } - return false -} - -func (x *CRIU_Opts) GetIpadd() bool { - if x != nil && x.Ipadd != nil { - return *x.Ipadd - } - return false -} - -func (x *CRIU_Opts) GetFlags() string { - if x != nil && x.Flags != nil { - return *x.Flags - } - return "" -} - -func (x *CRIU_Opts) GetDev() bool { - if x != nil && x.Dev != nil { - return *x.Dev - } - return false -} - -func (x *CRIU_Opts) GetOdev() bool { - if x != nil && x.Odev != nil { - return *x.Odev - } - return false -} - -func (x *CRIU_Opts) GetDict() string { - if x != nil && x.Dict != nil { - return *x.Dict - } - return "" -} - -func (x *CRIU_Opts) GetConv() string { - if x != nil && x.Conv != nil { - return *x.Conv - } - return "" -} - -var file_opts_proto_extTypes = []protoimpl.ExtensionInfo{ - { - ExtendedType: (*descriptorpb.FieldOptions)(nil), - ExtensionType: (*CRIU_Opts)(nil), - Field: 1018, - Name: "criu", - Tag: "bytes,1018,opt,name=criu", - Filename: "opts.proto", - }, -} - -// Extension fields to descriptorpb.FieldOptions. -var ( - // Registered unique number to use for all kinds of custom options. - // - // optional CRIU_Opts criu = 1018; - E_Criu = &file_opts_proto_extTypes[0] -) - -var File_opts_proto protoreflect.FileDescriptor - -var file_opts_proto_rawDesc = []byte{ - 0x0a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x20, 0x67, 0x6f, - 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, 0x65, - 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x97, - 0x01, 0x0a, 0x09, 0x43, 0x52, 0x49, 0x55, 0x5f, 0x4f, 0x70, 0x74, 0x73, 0x12, 0x10, 0x0a, 0x03, - 0x68, 0x65, 0x78, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x03, 0x68, 0x65, 0x78, 0x12, 0x14, - 0x0a, 0x05, 0x69, 0x70, 0x61, 0x64, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x05, 0x69, - 0x70, 0x61, 0x64, 0x64, 0x12, 0x14, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x03, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x10, 0x0a, 0x03, 0x64, 0x65, - 0x76, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x03, 0x64, 0x65, 0x76, 0x12, 0x12, 0x0a, 0x04, - 0x6f, 0x64, 0x65, 0x76, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x04, 0x6f, 0x64, 0x65, 0x76, - 0x12, 0x12, 0x0a, 0x04, 0x64, 0x69, 0x63, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, - 0x64, 0x69, 0x63, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x63, 0x6f, 0x6e, 0x76, 0x18, 0x07, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x04, 0x63, 0x6f, 0x6e, 0x76, 0x3a, 0x3e, 0x0a, 0x04, 0x63, 0x72, 0x69, 0x75, - 0x12, 0x1d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, - 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, - 0xfa, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0a, 0x2e, 0x43, 0x52, 0x49, 0x55, 0x5f, 0x4f, 0x70, - 0x74, 0x73, 0x52, 0x04, 0x63, 0x72, 0x69, 0x75, -} - -var ( - file_opts_proto_rawDescOnce sync.Once - file_opts_proto_rawDescData = file_opts_proto_rawDesc -) - -func file_opts_proto_rawDescGZIP() []byte { - file_opts_proto_rawDescOnce.Do(func() { - file_opts_proto_rawDescData = protoimpl.X.CompressGZIP(file_opts_proto_rawDescData) - }) - return file_opts_proto_rawDescData -} - -var file_opts_proto_msgTypes = make([]protoimpl.MessageInfo, 1) -var file_opts_proto_goTypes = []interface{}{ - (*CRIU_Opts)(nil), // 0: CRIU_Opts - (*descriptorpb.FieldOptions)(nil), // 1: google.protobuf.FieldOptions -} -var file_opts_proto_depIdxs = []int32{ - 1, // 0: criu:extendee -> google.protobuf.FieldOptions - 0, // 1: criu:type_name -> CRIU_Opts - 2, // [2:2] is the sub-list for method output_type - 2, // [2:2] is the sub-list for method input_type - 1, // [1:2] is the sub-list for extension type_name - 0, // [0:1] is the sub-list for extension extendee - 0, // [0:0] is the sub-list for field type_name -} - -func init() { file_opts_proto_init() } -func file_opts_proto_init() { - if File_opts_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_opts_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*CRIU_Opts); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_opts_proto_rawDesc, - NumEnums: 0, - NumMessages: 1, - NumExtensions: 1, - NumServices: 0, - }, - GoTypes: file_opts_proto_goTypes, - DependencyIndexes: file_opts_proto_depIdxs, - MessageInfos: file_opts_proto_msgTypes, - ExtensionInfos: file_opts_proto_extTypes, - }.Build() - File_opts_proto = out.File - file_opts_proto_rawDesc = nil - file_opts_proto_goTypes = nil - file_opts_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/opts.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/opts.proto deleted file mode 100644 index d730673a22a..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/opts.proto +++ /dev/null @@ -1,20 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -import "google/protobuf/descriptor.proto"; - -message CRIU_Opts { - optional bool hex = 1; // Indicate that CRIT should treat this field as hex. - optional bool ipadd = 2; // The field is IPv4/v6 address - optional string flags = 3; - optional bool dev = 4; // Device major:minor packed - optional bool odev = 5; // ... in old format - optional string dict = 6; - optional string conv = 7; -} - -extend google.protobuf.FieldOptions { - // Registered unique number to use for all kinds of custom options. - optional CRIU_Opts criu = 1018; -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/packet-sock.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/packet-sock.pb.go deleted file mode 100644 index c4b9d747506..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/packet-sock.pb.go +++ /dev/null @@ -1,550 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: packet-sock.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type PacketMclist struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Index *uint32 `protobuf:"varint,1,req,name=index" json:"index,omitempty"` - Type *uint32 `protobuf:"varint,2,req,name=type" json:"type,omitempty"` - Addr []byte `protobuf:"bytes,3,req,name=addr" json:"addr,omitempty"` -} - -func (x *PacketMclist) Reset() { - *x = PacketMclist{} - if protoimpl.UnsafeEnabled { - mi := &file_packet_sock_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *PacketMclist) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*PacketMclist) ProtoMessage() {} - -func (x *PacketMclist) ProtoReflect() protoreflect.Message { - mi := &file_packet_sock_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use PacketMclist.ProtoReflect.Descriptor instead. -func (*PacketMclist) Descriptor() ([]byte, []int) { - return file_packet_sock_proto_rawDescGZIP(), []int{0} -} - -func (x *PacketMclist) GetIndex() uint32 { - if x != nil && x.Index != nil { - return *x.Index - } - return 0 -} - -func (x *PacketMclist) GetType() uint32 { - if x != nil && x.Type != nil { - return *x.Type - } - return 0 -} - -func (x *PacketMclist) GetAddr() []byte { - if x != nil { - return x.Addr - } - return nil -} - -type PacketRing struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - BlockSize *uint32 `protobuf:"varint,1,req,name=block_size,json=blockSize" json:"block_size,omitempty"` - BlockNr *uint32 `protobuf:"varint,2,req,name=block_nr,json=blockNr" json:"block_nr,omitempty"` - FrameSize *uint32 `protobuf:"varint,3,req,name=frame_size,json=frameSize" json:"frame_size,omitempty"` - FrameNr *uint32 `protobuf:"varint,4,req,name=frame_nr,json=frameNr" json:"frame_nr,omitempty"` - RetireTmo *uint32 `protobuf:"varint,5,req,name=retire_tmo,json=retireTmo" json:"retire_tmo,omitempty"` - SizeofPriv *uint32 `protobuf:"varint,6,req,name=sizeof_priv,json=sizeofPriv" json:"sizeof_priv,omitempty"` - Features *uint32 `protobuf:"varint,7,req,name=features" json:"features,omitempty"` -} - -func (x *PacketRing) Reset() { - *x = PacketRing{} - if protoimpl.UnsafeEnabled { - mi := &file_packet_sock_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *PacketRing) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*PacketRing) ProtoMessage() {} - -func (x *PacketRing) ProtoReflect() protoreflect.Message { - mi := &file_packet_sock_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use PacketRing.ProtoReflect.Descriptor instead. -func (*PacketRing) Descriptor() ([]byte, []int) { - return file_packet_sock_proto_rawDescGZIP(), []int{1} -} - -func (x *PacketRing) GetBlockSize() uint32 { - if x != nil && x.BlockSize != nil { - return *x.BlockSize - } - return 0 -} - -func (x *PacketRing) GetBlockNr() uint32 { - if x != nil && x.BlockNr != nil { - return *x.BlockNr - } - return 0 -} - -func (x *PacketRing) GetFrameSize() uint32 { - if x != nil && x.FrameSize != nil { - return *x.FrameSize - } - return 0 -} - -func (x *PacketRing) GetFrameNr() uint32 { - if x != nil && x.FrameNr != nil { - return *x.FrameNr - } - return 0 -} - -func (x *PacketRing) GetRetireTmo() uint32 { - if x != nil && x.RetireTmo != nil { - return *x.RetireTmo - } - return 0 -} - -func (x *PacketRing) GetSizeofPriv() uint32 { - if x != nil && x.SizeofPriv != nil { - return *x.SizeofPriv - } - return 0 -} - -func (x *PacketRing) GetFeatures() uint32 { - if x != nil && x.Features != nil { - return *x.Features - } - return 0 -} - -type PacketSockEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Id *uint32 `protobuf:"varint,1,req,name=id" json:"id,omitempty"` - Type *uint32 `protobuf:"varint,2,req,name=type" json:"type,omitempty"` - Protocol *uint32 `protobuf:"varint,3,req,name=protocol" json:"protocol,omitempty"` - Flags *uint32 `protobuf:"varint,4,req,name=flags" json:"flags,omitempty"` - Ifindex *uint32 `protobuf:"varint,5,req,name=ifindex" json:"ifindex,omitempty"` - Fown *FownEntry `protobuf:"bytes,6,req,name=fown" json:"fown,omitempty"` - Opts *SkOptsEntry `protobuf:"bytes,7,req,name=opts" json:"opts,omitempty"` - Version *uint32 `protobuf:"varint,8,req,name=version" json:"version,omitempty"` - Reserve *uint32 `protobuf:"varint,9,req,name=reserve" json:"reserve,omitempty"` - AuxData *bool `protobuf:"varint,10,req,name=aux_data,json=auxData" json:"aux_data,omitempty"` - OrigDev *bool `protobuf:"varint,11,req,name=orig_dev,json=origDev" json:"orig_dev,omitempty"` - VnetHdr *bool `protobuf:"varint,12,req,name=vnet_hdr,json=vnetHdr" json:"vnet_hdr,omitempty"` - Loss *bool `protobuf:"varint,13,req,name=loss" json:"loss,omitempty"` - Timestamp *uint32 `protobuf:"varint,14,req,name=timestamp" json:"timestamp,omitempty"` - CopyThresh *uint32 `protobuf:"varint,15,req,name=copy_thresh,json=copyThresh" json:"copy_thresh,omitempty"` - Mclist []*PacketMclist `protobuf:"bytes,16,rep,name=mclist" json:"mclist,omitempty"` - Fanout *uint32 `protobuf:"varint,17,opt,name=fanout,def=4294967295" json:"fanout,omitempty"` - RxRing *PacketRing `protobuf:"bytes,18,opt,name=rx_ring,json=rxRing" json:"rx_ring,omitempty"` - TxRing *PacketRing `protobuf:"bytes,19,opt,name=tx_ring,json=txRing" json:"tx_ring,omitempty"` - NsId *uint32 `protobuf:"varint,20,opt,name=ns_id,json=nsId" json:"ns_id,omitempty"` -} - -// Default values for PacketSockEntry fields. -const ( - Default_PacketSockEntry_Fanout = uint32(4294967295) -) - -func (x *PacketSockEntry) Reset() { - *x = PacketSockEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_packet_sock_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *PacketSockEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*PacketSockEntry) ProtoMessage() {} - -func (x *PacketSockEntry) ProtoReflect() protoreflect.Message { - mi := &file_packet_sock_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use PacketSockEntry.ProtoReflect.Descriptor instead. -func (*PacketSockEntry) Descriptor() ([]byte, []int) { - return file_packet_sock_proto_rawDescGZIP(), []int{2} -} - -func (x *PacketSockEntry) GetId() uint32 { - if x != nil && x.Id != nil { - return *x.Id - } - return 0 -} - -func (x *PacketSockEntry) GetType() uint32 { - if x != nil && x.Type != nil { - return *x.Type - } - return 0 -} - -func (x *PacketSockEntry) GetProtocol() uint32 { - if x != nil && x.Protocol != nil { - return *x.Protocol - } - return 0 -} - -func (x *PacketSockEntry) GetFlags() uint32 { - if x != nil && x.Flags != nil { - return *x.Flags - } - return 0 -} - -func (x *PacketSockEntry) GetIfindex() uint32 { - if x != nil && x.Ifindex != nil { - return *x.Ifindex - } - return 0 -} - -func (x *PacketSockEntry) GetFown() *FownEntry { - if x != nil { - return x.Fown - } - return nil -} - -func (x *PacketSockEntry) GetOpts() *SkOptsEntry { - if x != nil { - return x.Opts - } - return nil -} - -func (x *PacketSockEntry) GetVersion() uint32 { - if x != nil && x.Version != nil { - return *x.Version - } - return 0 -} - -func (x *PacketSockEntry) GetReserve() uint32 { - if x != nil && x.Reserve != nil { - return *x.Reserve - } - return 0 -} - -func (x *PacketSockEntry) GetAuxData() bool { - if x != nil && x.AuxData != nil { - return *x.AuxData - } - return false -} - -func (x *PacketSockEntry) GetOrigDev() bool { - if x != nil && x.OrigDev != nil { - return *x.OrigDev - } - return false -} - -func (x *PacketSockEntry) GetVnetHdr() bool { - if x != nil && x.VnetHdr != nil { - return *x.VnetHdr - } - return false -} - -func (x *PacketSockEntry) GetLoss() bool { - if x != nil && x.Loss != nil { - return *x.Loss - } - return false -} - -func (x *PacketSockEntry) GetTimestamp() uint32 { - if x != nil && x.Timestamp != nil { - return *x.Timestamp - } - return 0 -} - -func (x *PacketSockEntry) GetCopyThresh() uint32 { - if x != nil && x.CopyThresh != nil { - return *x.CopyThresh - } - return 0 -} - -func (x *PacketSockEntry) GetMclist() []*PacketMclist { - if x != nil { - return x.Mclist - } - return nil -} - -func (x *PacketSockEntry) GetFanout() uint32 { - if x != nil && x.Fanout != nil { - return *x.Fanout - } - return Default_PacketSockEntry_Fanout -} - -func (x *PacketSockEntry) GetRxRing() *PacketRing { - if x != nil { - return x.RxRing - } - return nil -} - -func (x *PacketSockEntry) GetTxRing() *PacketRing { - if x != nil { - return x.TxRing - } - return nil -} - -func (x *PacketSockEntry) GetNsId() uint32 { - if x != nil && x.NsId != nil { - return *x.NsId - } - return 0 -} - -var File_packet_sock_proto protoreflect.FileDescriptor - -var file_packet_sock_proto_rawDesc = []byte{ - 0x0a, 0x11, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x2d, 0x73, 0x6f, 0x63, 0x6b, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, - 0x0a, 0x66, 0x6f, 0x77, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0d, 0x73, 0x6b, 0x2d, - 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x4d, 0x0a, 0x0d, 0x70, 0x61, - 0x63, 0x6b, 0x65, 0x74, 0x5f, 0x6d, 0x63, 0x6c, 0x69, 0x73, 0x74, 0x12, 0x14, 0x0a, 0x05, 0x69, - 0x6e, 0x64, 0x65, 0x78, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x69, 0x6e, 0x64, 0x65, - 0x78, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, - 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x61, 0x64, 0x64, 0x72, 0x18, 0x03, 0x20, - 0x02, 0x28, 0x0c, 0x52, 0x04, 0x61, 0x64, 0x64, 0x72, 0x22, 0xdd, 0x01, 0x0a, 0x0b, 0x70, 0x61, - 0x63, 0x6b, 0x65, 0x74, 0x5f, 0x72, 0x69, 0x6e, 0x67, 0x12, 0x1d, 0x0a, 0x0a, 0x62, 0x6c, 0x6f, - 0x63, 0x6b, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x09, 0x62, - 0x6c, 0x6f, 0x63, 0x6b, 0x53, 0x69, 0x7a, 0x65, 0x12, 0x19, 0x0a, 0x08, 0x62, 0x6c, 0x6f, 0x63, - 0x6b, 0x5f, 0x6e, 0x72, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x62, 0x6c, 0x6f, 0x63, - 0x6b, 0x4e, 0x72, 0x12, 0x1d, 0x0a, 0x0a, 0x66, 0x72, 0x61, 0x6d, 0x65, 0x5f, 0x73, 0x69, 0x7a, - 0x65, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x09, 0x66, 0x72, 0x61, 0x6d, 0x65, 0x53, 0x69, - 0x7a, 0x65, 0x12, 0x19, 0x0a, 0x08, 0x66, 0x72, 0x61, 0x6d, 0x65, 0x5f, 0x6e, 0x72, 0x18, 0x04, - 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x66, 0x72, 0x61, 0x6d, 0x65, 0x4e, 0x72, 0x12, 0x1d, 0x0a, - 0x0a, 0x72, 0x65, 0x74, 0x69, 0x72, 0x65, 0x5f, 0x74, 0x6d, 0x6f, 0x18, 0x05, 0x20, 0x02, 0x28, - 0x0d, 0x52, 0x09, 0x72, 0x65, 0x74, 0x69, 0x72, 0x65, 0x54, 0x6d, 0x6f, 0x12, 0x1f, 0x0a, 0x0b, - 0x73, 0x69, 0x7a, 0x65, 0x6f, 0x66, 0x5f, 0x70, 0x72, 0x69, 0x76, 0x18, 0x06, 0x20, 0x02, 0x28, - 0x0d, 0x52, 0x0a, 0x73, 0x69, 0x7a, 0x65, 0x6f, 0x66, 0x50, 0x72, 0x69, 0x76, 0x12, 0x1a, 0x0a, - 0x08, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x18, 0x07, 0x20, 0x02, 0x28, 0x0d, 0x52, - 0x08, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x22, 0xd6, 0x04, 0x0a, 0x11, 0x70, 0x61, - 0x63, 0x6b, 0x65, 0x74, 0x5f, 0x73, 0x6f, 0x63, 0x6b, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, - 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, - 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x74, - 0x79, 0x70, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, - 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, - 0x1b, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x05, - 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x18, 0x0a, 0x07, - 0x69, 0x66, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x05, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x69, - 0x66, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x1f, 0x0a, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x18, 0x06, - 0x20, 0x02, 0x28, 0x0b, 0x32, 0x0b, 0x2e, 0x66, 0x6f, 0x77, 0x6e, 0x5f, 0x65, 0x6e, 0x74, 0x72, - 0x79, 0x52, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x12, 0x22, 0x0a, 0x04, 0x6f, 0x70, 0x74, 0x73, 0x18, - 0x07, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x73, 0x6b, 0x5f, 0x6f, 0x70, 0x74, 0x73, 0x5f, - 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x6f, 0x70, 0x74, 0x73, 0x12, 0x18, 0x0a, 0x07, 0x76, - 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x08, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x76, 0x65, - 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x18, 0x0a, 0x07, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, - 0x18, 0x09, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x12, - 0x19, 0x0a, 0x08, 0x61, 0x75, 0x78, 0x5f, 0x64, 0x61, 0x74, 0x61, 0x18, 0x0a, 0x20, 0x02, 0x28, - 0x08, 0x52, 0x07, 0x61, 0x75, 0x78, 0x44, 0x61, 0x74, 0x61, 0x12, 0x19, 0x0a, 0x08, 0x6f, 0x72, - 0x69, 0x67, 0x5f, 0x64, 0x65, 0x76, 0x18, 0x0b, 0x20, 0x02, 0x28, 0x08, 0x52, 0x07, 0x6f, 0x72, - 0x69, 0x67, 0x44, 0x65, 0x76, 0x12, 0x19, 0x0a, 0x08, 0x76, 0x6e, 0x65, 0x74, 0x5f, 0x68, 0x64, - 0x72, 0x18, 0x0c, 0x20, 0x02, 0x28, 0x08, 0x52, 0x07, 0x76, 0x6e, 0x65, 0x74, 0x48, 0x64, 0x72, - 0x12, 0x12, 0x0a, 0x04, 0x6c, 0x6f, 0x73, 0x73, 0x18, 0x0d, 0x20, 0x02, 0x28, 0x08, 0x52, 0x04, - 0x6c, 0x6f, 0x73, 0x73, 0x12, 0x1c, 0x0a, 0x09, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, - 0x70, 0x18, 0x0e, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x09, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, - 0x6d, 0x70, 0x12, 0x1f, 0x0a, 0x0b, 0x63, 0x6f, 0x70, 0x79, 0x5f, 0x74, 0x68, 0x72, 0x65, 0x73, - 0x68, 0x18, 0x0f, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x0a, 0x63, 0x6f, 0x70, 0x79, 0x54, 0x68, 0x72, - 0x65, 0x73, 0x68, 0x12, 0x26, 0x0a, 0x06, 0x6d, 0x63, 0x6c, 0x69, 0x73, 0x74, 0x18, 0x10, 0x20, - 0x03, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x5f, 0x6d, 0x63, 0x6c, - 0x69, 0x73, 0x74, 0x52, 0x06, 0x6d, 0x63, 0x6c, 0x69, 0x73, 0x74, 0x12, 0x22, 0x0a, 0x06, 0x66, - 0x61, 0x6e, 0x6f, 0x75, 0x74, 0x18, 0x11, 0x20, 0x01, 0x28, 0x0d, 0x3a, 0x0a, 0x34, 0x32, 0x39, - 0x34, 0x39, 0x36, 0x37, 0x32, 0x39, 0x35, 0x52, 0x06, 0x66, 0x61, 0x6e, 0x6f, 0x75, 0x74, 0x12, - 0x25, 0x0a, 0x07, 0x72, 0x78, 0x5f, 0x72, 0x69, 0x6e, 0x67, 0x18, 0x12, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x0c, 0x2e, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x5f, 0x72, 0x69, 0x6e, 0x67, 0x52, 0x06, - 0x72, 0x78, 0x52, 0x69, 0x6e, 0x67, 0x12, 0x25, 0x0a, 0x07, 0x74, 0x78, 0x5f, 0x72, 0x69, 0x6e, - 0x67, 0x18, 0x13, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0c, 0x2e, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x74, - 0x5f, 0x72, 0x69, 0x6e, 0x67, 0x52, 0x06, 0x74, 0x78, 0x52, 0x69, 0x6e, 0x67, 0x12, 0x13, 0x0a, - 0x05, 0x6e, 0x73, 0x5f, 0x69, 0x64, 0x18, 0x14, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x04, 0x6e, 0x73, - 0x49, 0x64, -} - -var ( - file_packet_sock_proto_rawDescOnce sync.Once - file_packet_sock_proto_rawDescData = file_packet_sock_proto_rawDesc -) - -func file_packet_sock_proto_rawDescGZIP() []byte { - file_packet_sock_proto_rawDescOnce.Do(func() { - file_packet_sock_proto_rawDescData = protoimpl.X.CompressGZIP(file_packet_sock_proto_rawDescData) - }) - return file_packet_sock_proto_rawDescData -} - -var file_packet_sock_proto_msgTypes = make([]protoimpl.MessageInfo, 3) -var file_packet_sock_proto_goTypes = []interface{}{ - (*PacketMclist)(nil), // 0: packet_mclist - (*PacketRing)(nil), // 1: packet_ring - (*PacketSockEntry)(nil), // 2: packet_sock_entry - (*FownEntry)(nil), // 3: fown_entry - (*SkOptsEntry)(nil), // 4: sk_opts_entry -} -var file_packet_sock_proto_depIdxs = []int32{ - 3, // 0: packet_sock_entry.fown:type_name -> fown_entry - 4, // 1: packet_sock_entry.opts:type_name -> sk_opts_entry - 0, // 2: packet_sock_entry.mclist:type_name -> packet_mclist - 1, // 3: packet_sock_entry.rx_ring:type_name -> packet_ring - 1, // 4: packet_sock_entry.tx_ring:type_name -> packet_ring - 5, // [5:5] is the sub-list for method output_type - 5, // [5:5] is the sub-list for method input_type - 5, // [5:5] is the sub-list for extension type_name - 5, // [5:5] is the sub-list for extension extendee - 0, // [0:5] is the sub-list for field type_name -} - -func init() { file_packet_sock_proto_init() } -func file_packet_sock_proto_init() { - if File_packet_sock_proto != nil { - return - } - file_opts_proto_init() - file_fown_proto_init() - file_sk_opts_proto_init() - if !protoimpl.UnsafeEnabled { - file_packet_sock_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*PacketMclist); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_packet_sock_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*PacketRing); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_packet_sock_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*PacketSockEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_packet_sock_proto_rawDesc, - NumEnums: 0, - NumMessages: 3, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_packet_sock_proto_goTypes, - DependencyIndexes: file_packet_sock_proto_depIdxs, - MessageInfos: file_packet_sock_proto_msgTypes, - }.Build() - File_packet_sock_proto = out.File - file_packet_sock_proto_rawDesc = nil - file_packet_sock_proto_goTypes = nil - file_packet_sock_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/packet-sock.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/packet-sock.proto deleted file mode 100644 index d4b38cf1547..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/packet-sock.proto +++ /dev/null @@ -1,49 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -import "opts.proto"; -import "fown.proto"; -import "sk-opts.proto"; - -message packet_mclist { - required uint32 index = 1; - required uint32 type = 2; - required bytes addr = 3; -} - -message packet_ring { - required uint32 block_size = 1; - required uint32 block_nr = 2; - required uint32 frame_size = 3; - required uint32 frame_nr = 4; - - required uint32 retire_tmo = 5; - required uint32 sizeof_priv = 6; - required uint32 features = 7; -} - -message packet_sock_entry { - required uint32 id = 1; - required uint32 type = 2; - required uint32 protocol = 3; - required uint32 flags = 4 [(criu).hex = true]; - required uint32 ifindex = 5; - - required fown_entry fown = 6; - required sk_opts_entry opts = 7; - - required uint32 version = 8; - required uint32 reserve = 9; - required bool aux_data = 10; - required bool orig_dev = 11; - required bool vnet_hdr = 12; - required bool loss = 13; - required uint32 timestamp = 14; - required uint32 copy_thresh = 15; - repeated packet_mclist mclist = 16; - optional uint32 fanout = 17 [ default = 0xffffffff ]; - optional packet_ring rx_ring = 18; - optional packet_ring tx_ring = 19; - optional uint32 ns_id = 20; -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pagemap.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pagemap.pb.go deleted file mode 100644 index 72513553065..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pagemap.pb.go +++ /dev/null @@ -1,237 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: pagemap.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type PagemapHead struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - PagesId *uint32 `protobuf:"varint,1,req,name=pages_id,json=pagesId" json:"pages_id,omitempty"` -} - -func (x *PagemapHead) Reset() { - *x = PagemapHead{} - if protoimpl.UnsafeEnabled { - mi := &file_pagemap_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *PagemapHead) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*PagemapHead) ProtoMessage() {} - -func (x *PagemapHead) ProtoReflect() protoreflect.Message { - mi := &file_pagemap_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use PagemapHead.ProtoReflect.Descriptor instead. -func (*PagemapHead) Descriptor() ([]byte, []int) { - return file_pagemap_proto_rawDescGZIP(), []int{0} -} - -func (x *PagemapHead) GetPagesId() uint32 { - if x != nil && x.PagesId != nil { - return *x.PagesId - } - return 0 -} - -type PagemapEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Vaddr *uint64 `protobuf:"varint,1,req,name=vaddr" json:"vaddr,omitempty"` - NrPages *uint32 `protobuf:"varint,2,req,name=nr_pages,json=nrPages" json:"nr_pages,omitempty"` - InParent *bool `protobuf:"varint,3,opt,name=in_parent,json=inParent" json:"in_parent,omitempty"` - Flags *uint32 `protobuf:"varint,4,opt,name=flags" json:"flags,omitempty"` -} - -func (x *PagemapEntry) Reset() { - *x = PagemapEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_pagemap_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *PagemapEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*PagemapEntry) ProtoMessage() {} - -func (x *PagemapEntry) ProtoReflect() protoreflect.Message { - mi := &file_pagemap_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use PagemapEntry.ProtoReflect.Descriptor instead. -func (*PagemapEntry) Descriptor() ([]byte, []int) { - return file_pagemap_proto_rawDescGZIP(), []int{1} -} - -func (x *PagemapEntry) GetVaddr() uint64 { - if x != nil && x.Vaddr != nil { - return *x.Vaddr - } - return 0 -} - -func (x *PagemapEntry) GetNrPages() uint32 { - if x != nil && x.NrPages != nil { - return *x.NrPages - } - return 0 -} - -func (x *PagemapEntry) GetInParent() bool { - if x != nil && x.InParent != nil { - return *x.InParent - } - return false -} - -func (x *PagemapEntry) GetFlags() uint32 { - if x != nil && x.Flags != nil { - return *x.Flags - } - return 0 -} - -var File_pagemap_proto protoreflect.FileDescriptor - -var file_pagemap_proto_rawDesc = []byte{ - 0x0a, 0x0d, 0x70, 0x61, 0x67, 0x65, 0x6d, 0x61, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, - 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x29, 0x0a, 0x0c, 0x70, - 0x61, 0x67, 0x65, 0x6d, 0x61, 0x70, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x12, 0x19, 0x0a, 0x08, 0x70, - 0x61, 0x67, 0x65, 0x73, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x70, - 0x61, 0x67, 0x65, 0x73, 0x49, 0x64, 0x22, 0x8b, 0x01, 0x0a, 0x0d, 0x70, 0x61, 0x67, 0x65, 0x6d, - 0x61, 0x70, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x1b, 0x0a, 0x05, 0x76, 0x61, 0x64, 0x64, - 0x72, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x05, - 0x76, 0x61, 0x64, 0x64, 0x72, 0x12, 0x19, 0x0a, 0x08, 0x6e, 0x72, 0x5f, 0x70, 0x61, 0x67, 0x65, - 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x6e, 0x72, 0x50, 0x61, 0x67, 0x65, 0x73, - 0x12, 0x1b, 0x0a, 0x09, 0x69, 0x6e, 0x5f, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x18, 0x03, 0x20, - 0x01, 0x28, 0x08, 0x52, 0x08, 0x69, 0x6e, 0x50, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x12, 0x25, 0x0a, - 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0d, 0x42, 0x0f, 0xd2, 0x3f, - 0x0c, 0x1a, 0x0a, 0x70, 0x6d, 0x61, 0x70, 0x2e, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x52, 0x05, 0x66, - 0x6c, 0x61, 0x67, 0x73, -} - -var ( - file_pagemap_proto_rawDescOnce sync.Once - file_pagemap_proto_rawDescData = file_pagemap_proto_rawDesc -) - -func file_pagemap_proto_rawDescGZIP() []byte { - file_pagemap_proto_rawDescOnce.Do(func() { - file_pagemap_proto_rawDescData = protoimpl.X.CompressGZIP(file_pagemap_proto_rawDescData) - }) - return file_pagemap_proto_rawDescData -} - -var file_pagemap_proto_msgTypes = make([]protoimpl.MessageInfo, 2) -var file_pagemap_proto_goTypes = []interface{}{ - (*PagemapHead)(nil), // 0: pagemap_head - (*PagemapEntry)(nil), // 1: pagemap_entry -} -var file_pagemap_proto_depIdxs = []int32{ - 0, // [0:0] is the sub-list for method output_type - 0, // [0:0] is the sub-list for method input_type - 0, // [0:0] is the sub-list for extension type_name - 0, // [0:0] is the sub-list for extension extendee - 0, // [0:0] is the sub-list for field type_name -} - -func init() { file_pagemap_proto_init() } -func file_pagemap_proto_init() { - if File_pagemap_proto != nil { - return - } - file_opts_proto_init() - if !protoimpl.UnsafeEnabled { - file_pagemap_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*PagemapHead); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_pagemap_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*PagemapEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_pagemap_proto_rawDesc, - NumEnums: 0, - NumMessages: 2, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_pagemap_proto_goTypes, - DependencyIndexes: file_pagemap_proto_depIdxs, - MessageInfos: file_pagemap_proto_msgTypes, - }.Build() - File_pagemap_proto = out.File - file_pagemap_proto_rawDesc = nil - file_pagemap_proto_goTypes = nil - file_pagemap_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pagemap.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pagemap.proto deleted file mode 100644 index e6d341b0f66..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pagemap.proto +++ /dev/null @@ -1,16 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -import "opts.proto"; - -message pagemap_head { - required uint32 pages_id = 1; -} - -message pagemap_entry { - required uint64 vaddr = 1 [(criu).hex = true]; - required uint32 nr_pages = 2; - optional bool in_parent = 3; - optional uint32 flags = 4 [(criu).flags = "pmap.flags" ]; -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pidns.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pidns.pb.go deleted file mode 100644 index f6db5b14f43..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pidns.pb.go +++ /dev/null @@ -1,142 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: pidns.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type PidnsEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - ExtKey *string `protobuf:"bytes,1,opt,name=ext_key,json=extKey" json:"ext_key,omitempty"` -} - -func (x *PidnsEntry) Reset() { - *x = PidnsEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_pidns_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *PidnsEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*PidnsEntry) ProtoMessage() {} - -func (x *PidnsEntry) ProtoReflect() protoreflect.Message { - mi := &file_pidns_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use PidnsEntry.ProtoReflect.Descriptor instead. -func (*PidnsEntry) Descriptor() ([]byte, []int) { - return file_pidns_proto_rawDescGZIP(), []int{0} -} - -func (x *PidnsEntry) GetExtKey() string { - if x != nil && x.ExtKey != nil { - return *x.ExtKey - } - return "" -} - -var File_pidns_proto protoreflect.FileDescriptor - -var file_pidns_proto_rawDesc = []byte{ - 0x0a, 0x0b, 0x70, 0x69, 0x64, 0x6e, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x26, 0x0a, - 0x0b, 0x70, 0x69, 0x64, 0x6e, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x17, 0x0a, 0x07, - 0x65, 0x78, 0x74, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x65, - 0x78, 0x74, 0x4b, 0x65, 0x79, -} - -var ( - file_pidns_proto_rawDescOnce sync.Once - file_pidns_proto_rawDescData = file_pidns_proto_rawDesc -) - -func file_pidns_proto_rawDescGZIP() []byte { - file_pidns_proto_rawDescOnce.Do(func() { - file_pidns_proto_rawDescData = protoimpl.X.CompressGZIP(file_pidns_proto_rawDescData) - }) - return file_pidns_proto_rawDescData -} - -var file_pidns_proto_msgTypes = make([]protoimpl.MessageInfo, 1) -var file_pidns_proto_goTypes = []interface{}{ - (*PidnsEntry)(nil), // 0: pidns_entry -} -var file_pidns_proto_depIdxs = []int32{ - 0, // [0:0] is the sub-list for method output_type - 0, // [0:0] is the sub-list for method input_type - 0, // [0:0] is the sub-list for extension type_name - 0, // [0:0] is the sub-list for extension extendee - 0, // [0:0] is the sub-list for field type_name -} - -func init() { file_pidns_proto_init() } -func file_pidns_proto_init() { - if File_pidns_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_pidns_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*PidnsEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_pidns_proto_rawDesc, - NumEnums: 0, - NumMessages: 1, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_pidns_proto_goTypes, - DependencyIndexes: file_pidns_proto_depIdxs, - MessageInfos: file_pidns_proto_msgTypes, - }.Build() - File_pidns_proto = out.File - file_pidns_proto_rawDesc = nil - file_pidns_proto_goTypes = nil - file_pidns_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pidns.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pidns.proto deleted file mode 100644 index f7e92e3ecdc..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pidns.proto +++ /dev/null @@ -1,7 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -message pidns_entry { - optional string ext_key = 1; -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pipe-data.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pipe-data.pb.go deleted file mode 100644 index a0eef6cbb8b..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pipe-data.pb.go +++ /dev/null @@ -1,161 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: pipe-data.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type PipeDataEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - PipeId *uint32 `protobuf:"varint,1,req,name=pipe_id,json=pipeId" json:"pipe_id,omitempty"` - Bytes *uint32 `protobuf:"varint,2,req,name=bytes" json:"bytes,omitempty"` - Size *uint32 `protobuf:"varint,3,opt,name=size" json:"size,omitempty"` -} - -func (x *PipeDataEntry) Reset() { - *x = PipeDataEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_pipe_data_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *PipeDataEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*PipeDataEntry) ProtoMessage() {} - -func (x *PipeDataEntry) ProtoReflect() protoreflect.Message { - mi := &file_pipe_data_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use PipeDataEntry.ProtoReflect.Descriptor instead. -func (*PipeDataEntry) Descriptor() ([]byte, []int) { - return file_pipe_data_proto_rawDescGZIP(), []int{0} -} - -func (x *PipeDataEntry) GetPipeId() uint32 { - if x != nil && x.PipeId != nil { - return *x.PipeId - } - return 0 -} - -func (x *PipeDataEntry) GetBytes() uint32 { - if x != nil && x.Bytes != nil { - return *x.Bytes - } - return 0 -} - -func (x *PipeDataEntry) GetSize() uint32 { - if x != nil && x.Size != nil { - return *x.Size - } - return 0 -} - -var File_pipe_data_proto protoreflect.FileDescriptor - -var file_pipe_data_proto_rawDesc = []byte{ - 0x0a, 0x0f, 0x70, 0x69, 0x70, 0x65, 0x2d, 0x64, 0x61, 0x74, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x22, 0x54, 0x0a, 0x0f, 0x70, 0x69, 0x70, 0x65, 0x5f, 0x64, 0x61, 0x74, 0x61, 0x5f, 0x65, - 0x6e, 0x74, 0x72, 0x79, 0x12, 0x17, 0x0a, 0x07, 0x70, 0x69, 0x70, 0x65, 0x5f, 0x69, 0x64, 0x18, - 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x06, 0x70, 0x69, 0x70, 0x65, 0x49, 0x64, 0x12, 0x14, 0x0a, - 0x05, 0x62, 0x79, 0x74, 0x65, 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x62, 0x79, - 0x74, 0x65, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, - 0x0d, 0x52, 0x04, 0x73, 0x69, 0x7a, 0x65, -} - -var ( - file_pipe_data_proto_rawDescOnce sync.Once - file_pipe_data_proto_rawDescData = file_pipe_data_proto_rawDesc -) - -func file_pipe_data_proto_rawDescGZIP() []byte { - file_pipe_data_proto_rawDescOnce.Do(func() { - file_pipe_data_proto_rawDescData = protoimpl.X.CompressGZIP(file_pipe_data_proto_rawDescData) - }) - return file_pipe_data_proto_rawDescData -} - -var file_pipe_data_proto_msgTypes = make([]protoimpl.MessageInfo, 1) -var file_pipe_data_proto_goTypes = []interface{}{ - (*PipeDataEntry)(nil), // 0: pipe_data_entry -} -var file_pipe_data_proto_depIdxs = []int32{ - 0, // [0:0] is the sub-list for method output_type - 0, // [0:0] is the sub-list for method input_type - 0, // [0:0] is the sub-list for extension type_name - 0, // [0:0] is the sub-list for extension extendee - 0, // [0:0] is the sub-list for field type_name -} - -func init() { file_pipe_data_proto_init() } -func file_pipe_data_proto_init() { - if File_pipe_data_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_pipe_data_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*PipeDataEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_pipe_data_proto_rawDesc, - NumEnums: 0, - NumMessages: 1, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_pipe_data_proto_goTypes, - DependencyIndexes: file_pipe_data_proto_depIdxs, - MessageInfos: file_pipe_data_proto_msgTypes, - }.Build() - File_pipe_data_proto = out.File - file_pipe_data_proto_rawDesc = nil - file_pipe_data_proto_goTypes = nil - file_pipe_data_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pipe-data.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pipe-data.proto deleted file mode 100644 index 040479e7cbb..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pipe-data.proto +++ /dev/null @@ -1,9 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -message pipe_data_entry { - required uint32 pipe_id = 1; - required uint32 bytes = 2; - optional uint32 size = 3; -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pipe.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pipe.pb.go deleted file mode 100644 index d406ca58d59..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pipe.pb.go +++ /dev/null @@ -1,176 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: pipe.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type PipeEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Id *uint32 `protobuf:"varint,1,req,name=id" json:"id,omitempty"` - PipeId *uint32 `protobuf:"varint,2,req,name=pipe_id,json=pipeId" json:"pipe_id,omitempty"` - Flags *uint32 `protobuf:"varint,3,req,name=flags" json:"flags,omitempty"` - Fown *FownEntry `protobuf:"bytes,4,req,name=fown" json:"fown,omitempty"` -} - -func (x *PipeEntry) Reset() { - *x = PipeEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_pipe_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *PipeEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*PipeEntry) ProtoMessage() {} - -func (x *PipeEntry) ProtoReflect() protoreflect.Message { - mi := &file_pipe_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use PipeEntry.ProtoReflect.Descriptor instead. -func (*PipeEntry) Descriptor() ([]byte, []int) { - return file_pipe_proto_rawDescGZIP(), []int{0} -} - -func (x *PipeEntry) GetId() uint32 { - if x != nil && x.Id != nil { - return *x.Id - } - return 0 -} - -func (x *PipeEntry) GetPipeId() uint32 { - if x != nil && x.PipeId != nil { - return *x.PipeId - } - return 0 -} - -func (x *PipeEntry) GetFlags() uint32 { - if x != nil && x.Flags != nil { - return *x.Flags - } - return 0 -} - -func (x *PipeEntry) GetFown() *FownEntry { - if x != nil { - return x.Fown - } - return nil -} - -var File_pipe_proto protoreflect.FileDescriptor - -var file_pipe_proto_rawDesc = []byte{ - 0x0a, 0x0a, 0x70, 0x69, 0x70, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x6f, 0x70, - 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x66, 0x6f, 0x77, 0x6e, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x73, 0x0a, 0x0a, 0x70, 0x69, 0x70, 0x65, 0x5f, 0x65, 0x6e, 0x74, - 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, - 0x69, 0x64, 0x12, 0x17, 0x0a, 0x07, 0x70, 0x69, 0x70, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, - 0x02, 0x28, 0x0d, 0x52, 0x06, 0x70, 0x69, 0x70, 0x65, 0x49, 0x64, 0x12, 0x1b, 0x0a, 0x05, 0x66, - 0x6c, 0x61, 0x67, 0x73, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, - 0x01, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x1f, 0x0a, 0x04, 0x66, 0x6f, 0x77, 0x6e, - 0x18, 0x04, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x0b, 0x2e, 0x66, 0x6f, 0x77, 0x6e, 0x5f, 0x65, 0x6e, - 0x74, 0x72, 0x79, 0x52, 0x04, 0x66, 0x6f, 0x77, 0x6e, -} - -var ( - file_pipe_proto_rawDescOnce sync.Once - file_pipe_proto_rawDescData = file_pipe_proto_rawDesc -) - -func file_pipe_proto_rawDescGZIP() []byte { - file_pipe_proto_rawDescOnce.Do(func() { - file_pipe_proto_rawDescData = protoimpl.X.CompressGZIP(file_pipe_proto_rawDescData) - }) - return file_pipe_proto_rawDescData -} - -var file_pipe_proto_msgTypes = make([]protoimpl.MessageInfo, 1) -var file_pipe_proto_goTypes = []interface{}{ - (*PipeEntry)(nil), // 0: pipe_entry - (*FownEntry)(nil), // 1: fown_entry -} -var file_pipe_proto_depIdxs = []int32{ - 1, // 0: pipe_entry.fown:type_name -> fown_entry - 1, // [1:1] is the sub-list for method output_type - 1, // [1:1] is the sub-list for method input_type - 1, // [1:1] is the sub-list for extension type_name - 1, // [1:1] is the sub-list for extension extendee - 0, // [0:1] is the sub-list for field type_name -} - -func init() { file_pipe_proto_init() } -func file_pipe_proto_init() { - if File_pipe_proto != nil { - return - } - file_opts_proto_init() - file_fown_proto_init() - if !protoimpl.UnsafeEnabled { - file_pipe_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*PipeEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_pipe_proto_rawDesc, - NumEnums: 0, - NumMessages: 1, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_pipe_proto_goTypes, - DependencyIndexes: file_pipe_proto_depIdxs, - MessageInfos: file_pipe_proto_msgTypes, - }.Build() - File_pipe_proto = out.File - file_pipe_proto_rawDesc = nil - file_pipe_proto_goTypes = nil - file_pipe_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pipe.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pipe.proto deleted file mode 100644 index 2c0360e8523..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pipe.proto +++ /dev/null @@ -1,13 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -import "opts.proto"; -import "fown.proto"; - -message pipe_entry { - required uint32 id = 1; - required uint32 pipe_id = 2; - required uint32 flags = 3 [(criu).hex = true]; - required fown_entry fown = 4; -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pstree.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pstree.pb.go deleted file mode 100644 index f8d1b012d55..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pstree.pb.go +++ /dev/null @@ -1,179 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: pstree.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type PstreeEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Pid *uint32 `protobuf:"varint,1,req,name=pid" json:"pid,omitempty"` - Ppid *uint32 `protobuf:"varint,2,req,name=ppid" json:"ppid,omitempty"` - Pgid *uint32 `protobuf:"varint,3,req,name=pgid" json:"pgid,omitempty"` - Sid *uint32 `protobuf:"varint,4,req,name=sid" json:"sid,omitempty"` - Threads []uint32 `protobuf:"varint,5,rep,name=threads" json:"threads,omitempty"` -} - -func (x *PstreeEntry) Reset() { - *x = PstreeEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_pstree_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *PstreeEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*PstreeEntry) ProtoMessage() {} - -func (x *PstreeEntry) ProtoReflect() protoreflect.Message { - mi := &file_pstree_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use PstreeEntry.ProtoReflect.Descriptor instead. -func (*PstreeEntry) Descriptor() ([]byte, []int) { - return file_pstree_proto_rawDescGZIP(), []int{0} -} - -func (x *PstreeEntry) GetPid() uint32 { - if x != nil && x.Pid != nil { - return *x.Pid - } - return 0 -} - -func (x *PstreeEntry) GetPpid() uint32 { - if x != nil && x.Ppid != nil { - return *x.Ppid - } - return 0 -} - -func (x *PstreeEntry) GetPgid() uint32 { - if x != nil && x.Pgid != nil { - return *x.Pgid - } - return 0 -} - -func (x *PstreeEntry) GetSid() uint32 { - if x != nil && x.Sid != nil { - return *x.Sid - } - return 0 -} - -func (x *PstreeEntry) GetThreads() []uint32 { - if x != nil { - return x.Threads - } - return nil -} - -var File_pstree_proto protoreflect.FileDescriptor - -var file_pstree_proto_rawDesc = []byte{ - 0x0a, 0x0c, 0x70, 0x73, 0x74, 0x72, 0x65, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x74, - 0x0a, 0x0c, 0x70, 0x73, 0x74, 0x72, 0x65, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, - 0x0a, 0x03, 0x70, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, 0x70, 0x69, 0x64, - 0x12, 0x12, 0x0a, 0x04, 0x70, 0x70, 0x69, 0x64, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, - 0x70, 0x70, 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x67, 0x69, 0x64, 0x18, 0x03, 0x20, 0x02, - 0x28, 0x0d, 0x52, 0x04, 0x70, 0x67, 0x69, 0x64, 0x12, 0x10, 0x0a, 0x03, 0x73, 0x69, 0x64, 0x18, - 0x04, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, 0x73, 0x69, 0x64, 0x12, 0x18, 0x0a, 0x07, 0x74, 0x68, - 0x72, 0x65, 0x61, 0x64, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0d, 0x52, 0x07, 0x74, 0x68, 0x72, - 0x65, 0x61, 0x64, 0x73, -} - -var ( - file_pstree_proto_rawDescOnce sync.Once - file_pstree_proto_rawDescData = file_pstree_proto_rawDesc -) - -func file_pstree_proto_rawDescGZIP() []byte { - file_pstree_proto_rawDescOnce.Do(func() { - file_pstree_proto_rawDescData = protoimpl.X.CompressGZIP(file_pstree_proto_rawDescData) - }) - return file_pstree_proto_rawDescData -} - -var file_pstree_proto_msgTypes = make([]protoimpl.MessageInfo, 1) -var file_pstree_proto_goTypes = []interface{}{ - (*PstreeEntry)(nil), // 0: pstree_entry -} -var file_pstree_proto_depIdxs = []int32{ - 0, // [0:0] is the sub-list for method output_type - 0, // [0:0] is the sub-list for method input_type - 0, // [0:0] is the sub-list for extension type_name - 0, // [0:0] is the sub-list for extension extendee - 0, // [0:0] is the sub-list for field type_name -} - -func init() { file_pstree_proto_init() } -func file_pstree_proto_init() { - if File_pstree_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_pstree_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*PstreeEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_pstree_proto_rawDesc, - NumEnums: 0, - NumMessages: 1, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_pstree_proto_goTypes, - DependencyIndexes: file_pstree_proto_depIdxs, - MessageInfos: file_pstree_proto_msgTypes, - }.Build() - File_pstree_proto = out.File - file_pstree_proto_rawDesc = nil - file_pstree_proto_goTypes = nil - file_pstree_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pstree.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pstree.proto deleted file mode 100644 index fca284cb73a..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/pstree.proto +++ /dev/null @@ -1,11 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -message pstree_entry { - required uint32 pid = 1; - required uint32 ppid = 2; - required uint32 pgid = 3; - required uint32 sid = 4; - repeated uint32 threads = 5; -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/regfile.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/regfile.pb.go deleted file mode 100644 index 7ce21584422..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/regfile.pb.go +++ /dev/null @@ -1,275 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: regfile.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type RegFileEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Id *uint32 `protobuf:"varint,1,req,name=id" json:"id,omitempty"` - Flags *uint32 `protobuf:"varint,2,req,name=flags" json:"flags,omitempty"` - Pos *uint64 `protobuf:"varint,3,req,name=pos" json:"pos,omitempty"` - Fown *FownEntry `protobuf:"bytes,5,req,name=fown" json:"fown,omitempty"` - Name *string `protobuf:"bytes,6,req,name=name" json:"name,omitempty"` - MntId *int32 `protobuf:"zigzag32,7,opt,name=mnt_id,json=mntId,def=-1" json:"mnt_id,omitempty"` - Size *uint64 `protobuf:"varint,8,opt,name=size" json:"size,omitempty"` - Ext *bool `protobuf:"varint,9,opt,name=ext" json:"ext,omitempty"` - Mode *uint32 `protobuf:"varint,10,opt,name=mode" json:"mode,omitempty"` - // This field stores the build-ID of the file if it could be obtained. - BuildId []uint32 `protobuf:"varint,11,rep,name=build_id,json=buildId" json:"build_id,omitempty"` - // This field stores the CRC32C checksum of the file if it could be obtained. - Checksum *uint32 `protobuf:"varint,12,opt,name=checksum" json:"checksum,omitempty"` - // This field stores the configuration of bytes which were used in the - // calculation of the checksum, if it could be obtained. - ChecksumConfig *uint32 `protobuf:"varint,13,opt,name=checksum_config,json=checksumConfig" json:"checksum_config,omitempty"` - // This field stores the checksum parameter if it was used in the calculation - // of the checksum, if it could be obtained. - ChecksumParameter *uint32 `protobuf:"varint,14,opt,name=checksum_parameter,json=checksumParameter" json:"checksum_parameter,omitempty"` -} - -// Default values for RegFileEntry fields. -const ( - Default_RegFileEntry_MntId = int32(-1) -) - -func (x *RegFileEntry) Reset() { - *x = RegFileEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_regfile_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *RegFileEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*RegFileEntry) ProtoMessage() {} - -func (x *RegFileEntry) ProtoReflect() protoreflect.Message { - mi := &file_regfile_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use RegFileEntry.ProtoReflect.Descriptor instead. -func (*RegFileEntry) Descriptor() ([]byte, []int) { - return file_regfile_proto_rawDescGZIP(), []int{0} -} - -func (x *RegFileEntry) GetId() uint32 { - if x != nil && x.Id != nil { - return *x.Id - } - return 0 -} - -func (x *RegFileEntry) GetFlags() uint32 { - if x != nil && x.Flags != nil { - return *x.Flags - } - return 0 -} - -func (x *RegFileEntry) GetPos() uint64 { - if x != nil && x.Pos != nil { - return *x.Pos - } - return 0 -} - -func (x *RegFileEntry) GetFown() *FownEntry { - if x != nil { - return x.Fown - } - return nil -} - -func (x *RegFileEntry) GetName() string { - if x != nil && x.Name != nil { - return *x.Name - } - return "" -} - -func (x *RegFileEntry) GetMntId() int32 { - if x != nil && x.MntId != nil { - return *x.MntId - } - return Default_RegFileEntry_MntId -} - -func (x *RegFileEntry) GetSize() uint64 { - if x != nil && x.Size != nil { - return *x.Size - } - return 0 -} - -func (x *RegFileEntry) GetExt() bool { - if x != nil && x.Ext != nil { - return *x.Ext - } - return false -} - -func (x *RegFileEntry) GetMode() uint32 { - if x != nil && x.Mode != nil { - return *x.Mode - } - return 0 -} - -func (x *RegFileEntry) GetBuildId() []uint32 { - if x != nil { - return x.BuildId - } - return nil -} - -func (x *RegFileEntry) GetChecksum() uint32 { - if x != nil && x.Checksum != nil { - return *x.Checksum - } - return 0 -} - -func (x *RegFileEntry) GetChecksumConfig() uint32 { - if x != nil && x.ChecksumConfig != nil { - return *x.ChecksumConfig - } - return 0 -} - -func (x *RegFileEntry) GetChecksumParameter() uint32 { - if x != nil && x.ChecksumParameter != nil { - return *x.ChecksumParameter - } - return 0 -} - -var File_regfile_proto protoreflect.FileDescriptor - -var file_regfile_proto_rawDesc = []byte{ - 0x0a, 0x0d, 0x72, 0x65, 0x67, 0x66, 0x69, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, - 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x66, 0x6f, 0x77, - 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xf3, 0x02, 0x0a, 0x0e, 0x72, 0x65, 0x67, 0x5f, - 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, - 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, 0x26, 0x0a, 0x05, 0x66, 0x6c, - 0x61, 0x67, 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x10, 0xd2, 0x3f, 0x0d, 0x1a, 0x0b, - 0x72, 0x66, 0x69, 0x6c, 0x65, 0x2e, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x52, 0x05, 0x66, 0x6c, 0x61, - 0x67, 0x73, 0x12, 0x10, 0x0a, 0x03, 0x70, 0x6f, 0x73, 0x18, 0x03, 0x20, 0x02, 0x28, 0x04, 0x52, - 0x03, 0x70, 0x6f, 0x73, 0x12, 0x1f, 0x0a, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x18, 0x05, 0x20, 0x02, - 0x28, 0x0b, 0x32, 0x0b, 0x2e, 0x66, 0x6f, 0x77, 0x6e, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, - 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x06, 0x20, - 0x02, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x19, 0x0a, 0x06, 0x6d, 0x6e, 0x74, - 0x5f, 0x69, 0x64, 0x18, 0x07, 0x20, 0x01, 0x28, 0x11, 0x3a, 0x02, 0x2d, 0x31, 0x52, 0x05, 0x6d, - 0x6e, 0x74, 0x49, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x08, 0x20, 0x01, - 0x28, 0x04, 0x52, 0x04, 0x73, 0x69, 0x7a, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x65, 0x78, 0x74, 0x18, - 0x09, 0x20, 0x01, 0x28, 0x08, 0x52, 0x03, 0x65, 0x78, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x6d, 0x6f, - 0x64, 0x65, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x19, - 0x0a, 0x08, 0x62, 0x75, 0x69, 0x6c, 0x64, 0x5f, 0x69, 0x64, 0x18, 0x0b, 0x20, 0x03, 0x28, 0x0d, - 0x52, 0x07, 0x62, 0x75, 0x69, 0x6c, 0x64, 0x49, 0x64, 0x12, 0x1a, 0x0a, 0x08, 0x63, 0x68, 0x65, - 0x63, 0x6b, 0x73, 0x75, 0x6d, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x08, 0x63, 0x68, 0x65, - 0x63, 0x6b, 0x73, 0x75, 0x6d, 0x12, 0x27, 0x0a, 0x0f, 0x63, 0x68, 0x65, 0x63, 0x6b, 0x73, 0x75, - 0x6d, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0e, - 0x63, 0x68, 0x65, 0x63, 0x6b, 0x73, 0x75, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x2d, - 0x0a, 0x12, 0x63, 0x68, 0x65, 0x63, 0x6b, 0x73, 0x75, 0x6d, 0x5f, 0x70, 0x61, 0x72, 0x61, 0x6d, - 0x65, 0x74, 0x65, 0x72, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x11, 0x63, 0x68, 0x65, 0x63, - 0x6b, 0x73, 0x75, 0x6d, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, -} - -var ( - file_regfile_proto_rawDescOnce sync.Once - file_regfile_proto_rawDescData = file_regfile_proto_rawDesc -) - -func file_regfile_proto_rawDescGZIP() []byte { - file_regfile_proto_rawDescOnce.Do(func() { - file_regfile_proto_rawDescData = protoimpl.X.CompressGZIP(file_regfile_proto_rawDescData) - }) - return file_regfile_proto_rawDescData -} - -var file_regfile_proto_msgTypes = make([]protoimpl.MessageInfo, 1) -var file_regfile_proto_goTypes = []interface{}{ - (*RegFileEntry)(nil), // 0: reg_file_entry - (*FownEntry)(nil), // 1: fown_entry -} -var file_regfile_proto_depIdxs = []int32{ - 1, // 0: reg_file_entry.fown:type_name -> fown_entry - 1, // [1:1] is the sub-list for method output_type - 1, // [1:1] is the sub-list for method input_type - 1, // [1:1] is the sub-list for extension type_name - 1, // [1:1] is the sub-list for extension extendee - 0, // [0:1] is the sub-list for field type_name -} - -func init() { file_regfile_proto_init() } -func file_regfile_proto_init() { - if File_regfile_proto != nil { - return - } - file_opts_proto_init() - file_fown_proto_init() - if !protoimpl.UnsafeEnabled { - file_regfile_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*RegFileEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_regfile_proto_rawDesc, - NumEnums: 0, - NumMessages: 1, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_regfile_proto_goTypes, - DependencyIndexes: file_regfile_proto_depIdxs, - MessageInfos: file_regfile_proto_msgTypes, - }.Build() - File_regfile_proto = out.File - file_regfile_proto_rawDesc = nil - file_regfile_proto_goTypes = nil - file_regfile_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/regfile.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/regfile.proto deleted file mode 100644 index bf22d2026da..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/regfile.proto +++ /dev/null @@ -1,36 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -import "opts.proto"; -import "fown.proto"; - -message reg_file_entry { - required uint32 id = 1; - required uint32 flags = 2 [(criu).flags = "rfile.flags"]; - required uint64 pos = 3; - required fown_entry fown = 5; - required string name = 6; - optional sint32 mnt_id = 7 [default = -1]; - optional uint64 size = 8; - optional bool ext = 9; - optional uint32 mode = 10; - - /* This field stores the build-ID of the file if it could be obtained. */ - repeated uint32 build_id = 11; - - /* This field stores the CRC32C checksum of the file if it could be obtained. */ - optional uint32 checksum = 12; - - /* - * This field stores the configuration of bytes which were used in the - * calculation of the checksum, if it could be obtained. - */ - optional uint32 checksum_config = 13; - - /* - * This field stores the checksum parameter if it was used in the calculation - * of the checksum, if it could be obtained. - */ - optional uint32 checksum_parameter = 14; -} \ No newline at end of file diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/remap-file-path.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/remap-file-path.pb.go deleted file mode 100644 index 07933216c93..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/remap-file-path.pb.go +++ /dev/null @@ -1,230 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: remap-file-path.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type RemapType int32 - -const ( - RemapType_LINKED RemapType = 0 - RemapType_GHOST RemapType = 1 - RemapType_PROCFS RemapType = 2 -) - -// Enum value maps for RemapType. -var ( - RemapType_name = map[int32]string{ - 0: "LINKED", - 1: "GHOST", - 2: "PROCFS", - } - RemapType_value = map[string]int32{ - "LINKED": 0, - "GHOST": 1, - "PROCFS": 2, - } -) - -func (x RemapType) Enum() *RemapType { - p := new(RemapType) - *p = x - return p -} - -func (x RemapType) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (RemapType) Descriptor() protoreflect.EnumDescriptor { - return file_remap_file_path_proto_enumTypes[0].Descriptor() -} - -func (RemapType) Type() protoreflect.EnumType { - return &file_remap_file_path_proto_enumTypes[0] -} - -func (x RemapType) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Do not use. -func (x *RemapType) UnmarshalJSON(b []byte) error { - num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b) - if err != nil { - return err - } - *x = RemapType(num) - return nil -} - -// Deprecated: Use RemapType.Descriptor instead. -func (RemapType) EnumDescriptor() ([]byte, []int) { - return file_remap_file_path_proto_rawDescGZIP(), []int{0} -} - -type RemapFilePathEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - OrigId *uint32 `protobuf:"varint,1,req,name=orig_id,json=origId" json:"orig_id,omitempty"` - RemapId *uint32 `protobuf:"varint,2,req,name=remap_id,json=remapId" json:"remap_id,omitempty"` - RemapType *RemapType `protobuf:"varint,3,opt,name=remap_type,json=remapType,enum=RemapType" json:"remap_type,omitempty"` -} - -func (x *RemapFilePathEntry) Reset() { - *x = RemapFilePathEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_remap_file_path_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *RemapFilePathEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*RemapFilePathEntry) ProtoMessage() {} - -func (x *RemapFilePathEntry) ProtoReflect() protoreflect.Message { - mi := &file_remap_file_path_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use RemapFilePathEntry.ProtoReflect.Descriptor instead. -func (*RemapFilePathEntry) Descriptor() ([]byte, []int) { - return file_remap_file_path_proto_rawDescGZIP(), []int{0} -} - -func (x *RemapFilePathEntry) GetOrigId() uint32 { - if x != nil && x.OrigId != nil { - return *x.OrigId - } - return 0 -} - -func (x *RemapFilePathEntry) GetRemapId() uint32 { - if x != nil && x.RemapId != nil { - return *x.RemapId - } - return 0 -} - -func (x *RemapFilePathEntry) GetRemapType() RemapType { - if x != nil && x.RemapType != nil { - return *x.RemapType - } - return RemapType_LINKED -} - -var File_remap_file_path_proto protoreflect.FileDescriptor - -var file_remap_file_path_proto_rawDesc = []byte{ - 0x0a, 0x15, 0x72, 0x65, 0x6d, 0x61, 0x70, 0x2d, 0x66, 0x69, 0x6c, 0x65, 0x2d, 0x70, 0x61, 0x74, - 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x77, 0x0a, 0x15, 0x72, 0x65, 0x6d, 0x61, 0x70, - 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x70, 0x61, 0x74, 0x68, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, - 0x12, 0x17, 0x0a, 0x07, 0x6f, 0x72, 0x69, 0x67, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, - 0x0d, 0x52, 0x06, 0x6f, 0x72, 0x69, 0x67, 0x49, 0x64, 0x12, 0x19, 0x0a, 0x08, 0x72, 0x65, 0x6d, - 0x61, 0x70, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x72, 0x65, 0x6d, - 0x61, 0x70, 0x49, 0x64, 0x12, 0x2a, 0x0a, 0x0a, 0x72, 0x65, 0x6d, 0x61, 0x70, 0x5f, 0x74, 0x79, - 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x0b, 0x2e, 0x72, 0x65, 0x6d, 0x61, 0x70, - 0x5f, 0x74, 0x79, 0x70, 0x65, 0x52, 0x09, 0x72, 0x65, 0x6d, 0x61, 0x70, 0x54, 0x79, 0x70, 0x65, - 0x2a, 0x2f, 0x0a, 0x0a, 0x72, 0x65, 0x6d, 0x61, 0x70, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x12, 0x0a, - 0x0a, 0x06, 0x4c, 0x49, 0x4e, 0x4b, 0x45, 0x44, 0x10, 0x00, 0x12, 0x09, 0x0a, 0x05, 0x47, 0x48, - 0x4f, 0x53, 0x54, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x50, 0x52, 0x4f, 0x43, 0x46, 0x53, 0x10, - 0x02, -} - -var ( - file_remap_file_path_proto_rawDescOnce sync.Once - file_remap_file_path_proto_rawDescData = file_remap_file_path_proto_rawDesc -) - -func file_remap_file_path_proto_rawDescGZIP() []byte { - file_remap_file_path_proto_rawDescOnce.Do(func() { - file_remap_file_path_proto_rawDescData = protoimpl.X.CompressGZIP(file_remap_file_path_proto_rawDescData) - }) - return file_remap_file_path_proto_rawDescData -} - -var file_remap_file_path_proto_enumTypes = make([]protoimpl.EnumInfo, 1) -var file_remap_file_path_proto_msgTypes = make([]protoimpl.MessageInfo, 1) -var file_remap_file_path_proto_goTypes = []interface{}{ - (RemapType)(0), // 0: remap_type - (*RemapFilePathEntry)(nil), // 1: remap_file_path_entry -} -var file_remap_file_path_proto_depIdxs = []int32{ - 0, // 0: remap_file_path_entry.remap_type:type_name -> remap_type - 1, // [1:1] is the sub-list for method output_type - 1, // [1:1] is the sub-list for method input_type - 1, // [1:1] is the sub-list for extension type_name - 1, // [1:1] is the sub-list for extension extendee - 0, // [0:1] is the sub-list for field type_name -} - -func init() { file_remap_file_path_proto_init() } -func file_remap_file_path_proto_init() { - if File_remap_file_path_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_remap_file_path_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*RemapFilePathEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_remap_file_path_proto_rawDesc, - NumEnums: 1, - NumMessages: 1, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_remap_file_path_proto_goTypes, - DependencyIndexes: file_remap_file_path_proto_depIdxs, - EnumInfos: file_remap_file_path_proto_enumTypes, - MessageInfos: file_remap_file_path_proto_msgTypes, - }.Build() - File_remap_file_path_proto = out.File - file_remap_file_path_proto_rawDesc = nil - file_remap_file_path_proto_goTypes = nil - file_remap_file_path_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/remap-file-path.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/remap-file-path.proto deleted file mode 100644 index 8635370c0c0..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/remap-file-path.proto +++ /dev/null @@ -1,18 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -enum remap_type { - LINKED = 0; - GHOST = 1; - PROCFS = 2; - // Reserved for spfs manager - // SPFS = 3; - // SPFS_LINKED = 4; -}; - -message remap_file_path_entry { - required uint32 orig_id = 1; - required uint32 remap_id = 2; - optional remap_type remap_type = 3; -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/rlimit.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/rlimit.pb.go deleted file mode 100644 index eb608f8e771..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/rlimit.pb.go +++ /dev/null @@ -1,151 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: rlimit.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type RlimitEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Cur *uint64 `protobuf:"varint,1,req,name=cur" json:"cur,omitempty"` - Max *uint64 `protobuf:"varint,2,req,name=max" json:"max,omitempty"` -} - -func (x *RlimitEntry) Reset() { - *x = RlimitEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_rlimit_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *RlimitEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*RlimitEntry) ProtoMessage() {} - -func (x *RlimitEntry) ProtoReflect() protoreflect.Message { - mi := &file_rlimit_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use RlimitEntry.ProtoReflect.Descriptor instead. -func (*RlimitEntry) Descriptor() ([]byte, []int) { - return file_rlimit_proto_rawDescGZIP(), []int{0} -} - -func (x *RlimitEntry) GetCur() uint64 { - if x != nil && x.Cur != nil { - return *x.Cur - } - return 0 -} - -func (x *RlimitEntry) GetMax() uint64 { - if x != nil && x.Max != nil { - return *x.Max - } - return 0 -} - -var File_rlimit_proto protoreflect.FileDescriptor - -var file_rlimit_proto_rawDesc = []byte{ - 0x0a, 0x0c, 0x72, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x32, - 0x0a, 0x0c, 0x72, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, - 0x0a, 0x03, 0x63, 0x75, 0x72, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x63, 0x75, 0x72, - 0x12, 0x10, 0x0a, 0x03, 0x6d, 0x61, 0x78, 0x18, 0x02, 0x20, 0x02, 0x28, 0x04, 0x52, 0x03, 0x6d, - 0x61, 0x78, -} - -var ( - file_rlimit_proto_rawDescOnce sync.Once - file_rlimit_proto_rawDescData = file_rlimit_proto_rawDesc -) - -func file_rlimit_proto_rawDescGZIP() []byte { - file_rlimit_proto_rawDescOnce.Do(func() { - file_rlimit_proto_rawDescData = protoimpl.X.CompressGZIP(file_rlimit_proto_rawDescData) - }) - return file_rlimit_proto_rawDescData -} - -var file_rlimit_proto_msgTypes = make([]protoimpl.MessageInfo, 1) -var file_rlimit_proto_goTypes = []interface{}{ - (*RlimitEntry)(nil), // 0: rlimit_entry -} -var file_rlimit_proto_depIdxs = []int32{ - 0, // [0:0] is the sub-list for method output_type - 0, // [0:0] is the sub-list for method input_type - 0, // [0:0] is the sub-list for extension type_name - 0, // [0:0] is the sub-list for extension extendee - 0, // [0:0] is the sub-list for field type_name -} - -func init() { file_rlimit_proto_init() } -func file_rlimit_proto_init() { - if File_rlimit_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_rlimit_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*RlimitEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_rlimit_proto_rawDesc, - NumEnums: 0, - NumMessages: 1, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_rlimit_proto_goTypes, - DependencyIndexes: file_rlimit_proto_depIdxs, - MessageInfos: file_rlimit_proto_msgTypes, - }.Build() - File_rlimit_proto = out.File - file_rlimit_proto_rawDesc = nil - file_rlimit_proto_goTypes = nil - file_rlimit_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/rlimit.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/rlimit.proto deleted file mode 100644 index 3a3aeda306d..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/rlimit.proto +++ /dev/null @@ -1,8 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -message rlimit_entry { - required uint64 cur = 1; - required uint64 max = 2; -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/rseq.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/rseq.pb.go deleted file mode 100644 index 53d961e691d..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/rseq.pb.go +++ /dev/null @@ -1,173 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: rseq.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type RseqEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - RseqAbiPointer *uint64 `protobuf:"varint,1,req,name=rseq_abi_pointer,json=rseqAbiPointer" json:"rseq_abi_pointer,omitempty"` - RseqAbiSize *uint32 `protobuf:"varint,2,req,name=rseq_abi_size,json=rseqAbiSize" json:"rseq_abi_size,omitempty"` - Signature *uint32 `protobuf:"varint,3,req,name=signature" json:"signature,omitempty"` - RseqCsPointer *uint64 `protobuf:"varint,4,opt,name=rseq_cs_pointer,json=rseqCsPointer" json:"rseq_cs_pointer,omitempty"` -} - -func (x *RseqEntry) Reset() { - *x = RseqEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_rseq_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *RseqEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*RseqEntry) ProtoMessage() {} - -func (x *RseqEntry) ProtoReflect() protoreflect.Message { - mi := &file_rseq_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use RseqEntry.ProtoReflect.Descriptor instead. -func (*RseqEntry) Descriptor() ([]byte, []int) { - return file_rseq_proto_rawDescGZIP(), []int{0} -} - -func (x *RseqEntry) GetRseqAbiPointer() uint64 { - if x != nil && x.RseqAbiPointer != nil { - return *x.RseqAbiPointer - } - return 0 -} - -func (x *RseqEntry) GetRseqAbiSize() uint32 { - if x != nil && x.RseqAbiSize != nil { - return *x.RseqAbiSize - } - return 0 -} - -func (x *RseqEntry) GetSignature() uint32 { - if x != nil && x.Signature != nil { - return *x.Signature - } - return 0 -} - -func (x *RseqEntry) GetRseqCsPointer() uint64 { - if x != nil && x.RseqCsPointer != nil { - return *x.RseqCsPointer - } - return 0 -} - -var File_rseq_proto protoreflect.FileDescriptor - -var file_rseq_proto_rawDesc = []byte{ - 0x0a, 0x0a, 0x72, 0x73, 0x65, 0x71, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xa0, 0x01, 0x0a, - 0x0a, 0x72, 0x73, 0x65, 0x71, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x28, 0x0a, 0x10, 0x72, - 0x73, 0x65, 0x71, 0x5f, 0x61, 0x62, 0x69, 0x5f, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x18, - 0x01, 0x20, 0x02, 0x28, 0x04, 0x52, 0x0e, 0x72, 0x73, 0x65, 0x71, 0x41, 0x62, 0x69, 0x50, 0x6f, - 0x69, 0x6e, 0x74, 0x65, 0x72, 0x12, 0x22, 0x0a, 0x0d, 0x72, 0x73, 0x65, 0x71, 0x5f, 0x61, 0x62, - 0x69, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x0b, 0x72, 0x73, - 0x65, 0x71, 0x41, 0x62, 0x69, 0x53, 0x69, 0x7a, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x73, 0x69, 0x67, - 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x09, 0x73, 0x69, - 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x12, 0x26, 0x0a, 0x0f, 0x72, 0x73, 0x65, 0x71, 0x5f, - 0x63, 0x73, 0x5f, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, 0x04, - 0x52, 0x0d, 0x72, 0x73, 0x65, 0x71, 0x43, 0x73, 0x50, 0x6f, 0x69, 0x6e, 0x74, 0x65, 0x72, -} - -var ( - file_rseq_proto_rawDescOnce sync.Once - file_rseq_proto_rawDescData = file_rseq_proto_rawDesc -) - -func file_rseq_proto_rawDescGZIP() []byte { - file_rseq_proto_rawDescOnce.Do(func() { - file_rseq_proto_rawDescData = protoimpl.X.CompressGZIP(file_rseq_proto_rawDescData) - }) - return file_rseq_proto_rawDescData -} - -var file_rseq_proto_msgTypes = make([]protoimpl.MessageInfo, 1) -var file_rseq_proto_goTypes = []interface{}{ - (*RseqEntry)(nil), // 0: rseq_entry -} -var file_rseq_proto_depIdxs = []int32{ - 0, // [0:0] is the sub-list for method output_type - 0, // [0:0] is the sub-list for method input_type - 0, // [0:0] is the sub-list for extension type_name - 0, // [0:0] is the sub-list for extension extendee - 0, // [0:0] is the sub-list for field type_name -} - -func init() { file_rseq_proto_init() } -func file_rseq_proto_init() { - if File_rseq_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_rseq_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*RseqEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_rseq_proto_rawDesc, - NumEnums: 0, - NumMessages: 1, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_rseq_proto_goTypes, - DependencyIndexes: file_rseq_proto_depIdxs, - MessageInfos: file_rseq_proto_msgTypes, - }.Build() - File_rseq_proto = out.File - file_rseq_proto_rawDesc = nil - file_rseq_proto_goTypes = nil - file_rseq_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/rseq.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/rseq.proto deleted file mode 100644 index 45cb8476da2..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/rseq.proto +++ /dev/null @@ -1,10 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -message rseq_entry { - required uint64 rseq_abi_pointer = 1; - required uint32 rseq_abi_size = 2; - required uint32 signature = 3; - optional uint64 rseq_cs_pointer = 4; -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/seccomp.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/seccomp.pb.go deleted file mode 100644 index 124a6cc85a1..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/seccomp.pb.go +++ /dev/null @@ -1,226 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: seccomp.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type SeccompFilter struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Filter []byte `protobuf:"bytes,1,req,name=filter" json:"filter,omitempty"` - Prev *uint32 `protobuf:"varint,2,opt,name=prev" json:"prev,omitempty"` - Flags *uint32 `protobuf:"varint,3,opt,name=flags" json:"flags,omitempty"` -} - -func (x *SeccompFilter) Reset() { - *x = SeccompFilter{} - if protoimpl.UnsafeEnabled { - mi := &file_seccomp_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *SeccompFilter) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*SeccompFilter) ProtoMessage() {} - -func (x *SeccompFilter) ProtoReflect() protoreflect.Message { - mi := &file_seccomp_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use SeccompFilter.ProtoReflect.Descriptor instead. -func (*SeccompFilter) Descriptor() ([]byte, []int) { - return file_seccomp_proto_rawDescGZIP(), []int{0} -} - -func (x *SeccompFilter) GetFilter() []byte { - if x != nil { - return x.Filter - } - return nil -} - -func (x *SeccompFilter) GetPrev() uint32 { - if x != nil && x.Prev != nil { - return *x.Prev - } - return 0 -} - -func (x *SeccompFilter) GetFlags() uint32 { - if x != nil && x.Flags != nil { - return *x.Flags - } - return 0 -} - -type SeccompEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - SeccompFilters []*SeccompFilter `protobuf:"bytes,1,rep,name=seccomp_filters,json=seccompFilters" json:"seccomp_filters,omitempty"` -} - -func (x *SeccompEntry) Reset() { - *x = SeccompEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_seccomp_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *SeccompEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*SeccompEntry) ProtoMessage() {} - -func (x *SeccompEntry) ProtoReflect() protoreflect.Message { - mi := &file_seccomp_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use SeccompEntry.ProtoReflect.Descriptor instead. -func (*SeccompEntry) Descriptor() ([]byte, []int) { - return file_seccomp_proto_rawDescGZIP(), []int{1} -} - -func (x *SeccompEntry) GetSeccompFilters() []*SeccompFilter { - if x != nil { - return x.SeccompFilters - } - return nil -} - -var File_seccomp_proto protoreflect.FileDescriptor - -var file_seccomp_proto_rawDesc = []byte{ - 0x0a, 0x0d, 0x73, 0x65, 0x63, 0x63, 0x6f, 0x6d, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, - 0x52, 0x0a, 0x0e, 0x73, 0x65, 0x63, 0x63, 0x6f, 0x6d, 0x70, 0x5f, 0x66, 0x69, 0x6c, 0x74, 0x65, - 0x72, 0x12, 0x16, 0x0a, 0x06, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x18, 0x01, 0x20, 0x02, 0x28, - 0x0c, 0x52, 0x06, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x72, 0x65, - 0x76, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x04, 0x70, 0x72, 0x65, 0x76, 0x12, 0x14, 0x0a, - 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x05, 0x66, 0x6c, - 0x61, 0x67, 0x73, 0x22, 0x49, 0x0a, 0x0d, 0x73, 0x65, 0x63, 0x63, 0x6f, 0x6d, 0x70, 0x5f, 0x65, - 0x6e, 0x74, 0x72, 0x79, 0x12, 0x38, 0x0a, 0x0f, 0x73, 0x65, 0x63, 0x63, 0x6f, 0x6d, 0x70, 0x5f, - 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0f, 0x2e, - 0x73, 0x65, 0x63, 0x63, 0x6f, 0x6d, 0x70, 0x5f, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x52, 0x0e, - 0x73, 0x65, 0x63, 0x63, 0x6f, 0x6d, 0x70, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, -} - -var ( - file_seccomp_proto_rawDescOnce sync.Once - file_seccomp_proto_rawDescData = file_seccomp_proto_rawDesc -) - -func file_seccomp_proto_rawDescGZIP() []byte { - file_seccomp_proto_rawDescOnce.Do(func() { - file_seccomp_proto_rawDescData = protoimpl.X.CompressGZIP(file_seccomp_proto_rawDescData) - }) - return file_seccomp_proto_rawDescData -} - -var file_seccomp_proto_msgTypes = make([]protoimpl.MessageInfo, 2) -var file_seccomp_proto_goTypes = []interface{}{ - (*SeccompFilter)(nil), // 0: seccomp_filter - (*SeccompEntry)(nil), // 1: seccomp_entry -} -var file_seccomp_proto_depIdxs = []int32{ - 0, // 0: seccomp_entry.seccomp_filters:type_name -> seccomp_filter - 1, // [1:1] is the sub-list for method output_type - 1, // [1:1] is the sub-list for method input_type - 1, // [1:1] is the sub-list for extension type_name - 1, // [1:1] is the sub-list for extension extendee - 0, // [0:1] is the sub-list for field type_name -} - -func init() { file_seccomp_proto_init() } -func file_seccomp_proto_init() { - if File_seccomp_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_seccomp_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*SeccompFilter); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_seccomp_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*SeccompEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_seccomp_proto_rawDesc, - NumEnums: 0, - NumMessages: 2, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_seccomp_proto_goTypes, - DependencyIndexes: file_seccomp_proto_depIdxs, - MessageInfos: file_seccomp_proto_msgTypes, - }.Build() - File_seccomp_proto = out.File - file_seccomp_proto_rawDesc = nil - file_seccomp_proto_goTypes = nil - file_seccomp_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/seccomp.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/seccomp.proto deleted file mode 100644 index e56cea3a1da..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/seccomp.proto +++ /dev/null @@ -1,13 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -message seccomp_filter { - required bytes filter = 1; - optional uint32 prev = 2; - optional uint32 flags = 3; -} - -message seccomp_entry { - repeated seccomp_filter seccomp_filters = 1; -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/siginfo.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/siginfo.pb.go deleted file mode 100644 index 97db33982c1..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/siginfo.pb.go +++ /dev/null @@ -1,207 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: siginfo.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type SiginfoEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Siginfo []byte `protobuf:"bytes,1,req,name=siginfo" json:"siginfo,omitempty"` -} - -func (x *SiginfoEntry) Reset() { - *x = SiginfoEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_siginfo_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *SiginfoEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*SiginfoEntry) ProtoMessage() {} - -func (x *SiginfoEntry) ProtoReflect() protoreflect.Message { - mi := &file_siginfo_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use SiginfoEntry.ProtoReflect.Descriptor instead. -func (*SiginfoEntry) Descriptor() ([]byte, []int) { - return file_siginfo_proto_rawDescGZIP(), []int{0} -} - -func (x *SiginfoEntry) GetSiginfo() []byte { - if x != nil { - return x.Siginfo - } - return nil -} - -type SignalQueueEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Signals []*SiginfoEntry `protobuf:"bytes,1,rep,name=signals" json:"signals,omitempty"` -} - -func (x *SignalQueueEntry) Reset() { - *x = SignalQueueEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_siginfo_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *SignalQueueEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*SignalQueueEntry) ProtoMessage() {} - -func (x *SignalQueueEntry) ProtoReflect() protoreflect.Message { - mi := &file_siginfo_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use SignalQueueEntry.ProtoReflect.Descriptor instead. -func (*SignalQueueEntry) Descriptor() ([]byte, []int) { - return file_siginfo_proto_rawDescGZIP(), []int{1} -} - -func (x *SignalQueueEntry) GetSignals() []*SiginfoEntry { - if x != nil { - return x.Signals - } - return nil -} - -var File_siginfo_proto protoreflect.FileDescriptor - -var file_siginfo_proto_rawDesc = []byte{ - 0x0a, 0x0d, 0x73, 0x69, 0x67, 0x69, 0x6e, 0x66, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, - 0x29, 0x0a, 0x0d, 0x73, 0x69, 0x67, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, - 0x12, 0x18, 0x0a, 0x07, 0x73, 0x69, 0x67, 0x69, 0x6e, 0x66, 0x6f, 0x18, 0x01, 0x20, 0x02, 0x28, - 0x0c, 0x52, 0x07, 0x73, 0x69, 0x67, 0x69, 0x6e, 0x66, 0x6f, 0x22, 0x3e, 0x0a, 0x12, 0x73, 0x69, - 0x67, 0x6e, 0x61, 0x6c, 0x5f, 0x71, 0x75, 0x65, 0x75, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, - 0x12, 0x28, 0x0a, 0x07, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x6c, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, - 0x0b, 0x32, 0x0e, 0x2e, 0x73, 0x69, 0x67, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x65, 0x6e, 0x74, 0x72, - 0x79, 0x52, 0x07, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x6c, 0x73, -} - -var ( - file_siginfo_proto_rawDescOnce sync.Once - file_siginfo_proto_rawDescData = file_siginfo_proto_rawDesc -) - -func file_siginfo_proto_rawDescGZIP() []byte { - file_siginfo_proto_rawDescOnce.Do(func() { - file_siginfo_proto_rawDescData = protoimpl.X.CompressGZIP(file_siginfo_proto_rawDescData) - }) - return file_siginfo_proto_rawDescData -} - -var file_siginfo_proto_msgTypes = make([]protoimpl.MessageInfo, 2) -var file_siginfo_proto_goTypes = []interface{}{ - (*SiginfoEntry)(nil), // 0: siginfo_entry - (*SignalQueueEntry)(nil), // 1: signal_queue_entry -} -var file_siginfo_proto_depIdxs = []int32{ - 0, // 0: signal_queue_entry.signals:type_name -> siginfo_entry - 1, // [1:1] is the sub-list for method output_type - 1, // [1:1] is the sub-list for method input_type - 1, // [1:1] is the sub-list for extension type_name - 1, // [1:1] is the sub-list for extension extendee - 0, // [0:1] is the sub-list for field type_name -} - -func init() { file_siginfo_proto_init() } -func file_siginfo_proto_init() { - if File_siginfo_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_siginfo_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*SiginfoEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_siginfo_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*SignalQueueEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_siginfo_proto_rawDesc, - NumEnums: 0, - NumMessages: 2, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_siginfo_proto_goTypes, - DependencyIndexes: file_siginfo_proto_depIdxs, - MessageInfos: file_siginfo_proto_msgTypes, - }.Build() - File_siginfo_proto = out.File - file_siginfo_proto_rawDesc = nil - file_siginfo_proto_goTypes = nil - file_siginfo_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/siginfo.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/siginfo.proto deleted file mode 100644 index 6e696c7fd8b..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/siginfo.proto +++ /dev/null @@ -1,11 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -message siginfo_entry { - required bytes siginfo = 1; -} - -message signal_queue_entry { - repeated siginfo_entry signals = 1; -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/signalfd.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/signalfd.pb.go deleted file mode 100644 index 02a80b1431c..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/signalfd.pb.go +++ /dev/null @@ -1,177 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: signalfd.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type SignalfdEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Id *uint32 `protobuf:"varint,1,req,name=id" json:"id,omitempty"` - Flags *uint32 `protobuf:"varint,2,req,name=flags" json:"flags,omitempty"` - Fown *FownEntry `protobuf:"bytes,3,req,name=fown" json:"fown,omitempty"` - Sigmask *uint64 `protobuf:"varint,4,req,name=sigmask" json:"sigmask,omitempty"` -} - -func (x *SignalfdEntry) Reset() { - *x = SignalfdEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_signalfd_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *SignalfdEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*SignalfdEntry) ProtoMessage() {} - -func (x *SignalfdEntry) ProtoReflect() protoreflect.Message { - mi := &file_signalfd_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use SignalfdEntry.ProtoReflect.Descriptor instead. -func (*SignalfdEntry) Descriptor() ([]byte, []int) { - return file_signalfd_proto_rawDescGZIP(), []int{0} -} - -func (x *SignalfdEntry) GetId() uint32 { - if x != nil && x.Id != nil { - return *x.Id - } - return 0 -} - -func (x *SignalfdEntry) GetFlags() uint32 { - if x != nil && x.Flags != nil { - return *x.Flags - } - return 0 -} - -func (x *SignalfdEntry) GetFown() *FownEntry { - if x != nil { - return x.Fown - } - return nil -} - -func (x *SignalfdEntry) GetSigmask() uint64 { - if x != nil && x.Sigmask != nil { - return *x.Sigmask - } - return 0 -} - -var File_signalfd_proto protoreflect.FileDescriptor - -var file_signalfd_proto_rawDesc = []byte{ - 0x0a, 0x0e, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x6c, 0x66, 0x64, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x66, 0x6f, - 0x77, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x7f, 0x0a, 0x0e, 0x73, 0x69, 0x67, 0x6e, - 0x61, 0x6c, 0x66, 0x64, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, - 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, 0x1b, 0x0a, 0x05, 0x66, 0x6c, - 0x61, 0x67, 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, - 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x1f, 0x0a, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x18, - 0x03, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x0b, 0x2e, 0x66, 0x6f, 0x77, 0x6e, 0x5f, 0x65, 0x6e, 0x74, - 0x72, 0x79, 0x52, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x12, 0x1f, 0x0a, 0x07, 0x73, 0x69, 0x67, 0x6d, - 0x61, 0x73, 0x6b, 0x18, 0x04, 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, - 0x52, 0x07, 0x73, 0x69, 0x67, 0x6d, 0x61, 0x73, 0x6b, -} - -var ( - file_signalfd_proto_rawDescOnce sync.Once - file_signalfd_proto_rawDescData = file_signalfd_proto_rawDesc -) - -func file_signalfd_proto_rawDescGZIP() []byte { - file_signalfd_proto_rawDescOnce.Do(func() { - file_signalfd_proto_rawDescData = protoimpl.X.CompressGZIP(file_signalfd_proto_rawDescData) - }) - return file_signalfd_proto_rawDescData -} - -var file_signalfd_proto_msgTypes = make([]protoimpl.MessageInfo, 1) -var file_signalfd_proto_goTypes = []interface{}{ - (*SignalfdEntry)(nil), // 0: signalfd_entry - (*FownEntry)(nil), // 1: fown_entry -} -var file_signalfd_proto_depIdxs = []int32{ - 1, // 0: signalfd_entry.fown:type_name -> fown_entry - 1, // [1:1] is the sub-list for method output_type - 1, // [1:1] is the sub-list for method input_type - 1, // [1:1] is the sub-list for extension type_name - 1, // [1:1] is the sub-list for extension extendee - 0, // [0:1] is the sub-list for field type_name -} - -func init() { file_signalfd_proto_init() } -func file_signalfd_proto_init() { - if File_signalfd_proto != nil { - return - } - file_opts_proto_init() - file_fown_proto_init() - if !protoimpl.UnsafeEnabled { - file_signalfd_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*SignalfdEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_signalfd_proto_rawDesc, - NumEnums: 0, - NumMessages: 1, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_signalfd_proto_goTypes, - DependencyIndexes: file_signalfd_proto_depIdxs, - MessageInfos: file_signalfd_proto_msgTypes, - }.Build() - File_signalfd_proto = out.File - file_signalfd_proto_rawDesc = nil - file_signalfd_proto_goTypes = nil - file_signalfd_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/signalfd.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/signalfd.proto deleted file mode 100644 index 83546ae218d..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/signalfd.proto +++ /dev/null @@ -1,13 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -import "opts.proto"; -import "fown.proto"; - -message signalfd_entry { - required uint32 id = 1; - required uint32 flags = 2 [(criu).hex = true]; - required fown_entry fown = 3; - required uint64 sigmask = 4 [(criu).hex = true]; -}; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sit.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sit.pb.go deleted file mode 100644 index 3572130dec3..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sit.pb.go +++ /dev/null @@ -1,291 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: sit.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type SitEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Link *uint32 `protobuf:"varint,1,opt,name=link" json:"link,omitempty"` - Local []uint32 `protobuf:"varint,2,rep,name=local" json:"local,omitempty"` - Remote []uint32 `protobuf:"varint,3,rep,name=remote" json:"remote,omitempty"` - Ttl *uint32 `protobuf:"varint,4,opt,name=ttl" json:"ttl,omitempty"` - Tos *uint32 `protobuf:"varint,5,opt,name=tos" json:"tos,omitempty"` - Pmtudisc *bool `protobuf:"varint,6,opt,name=pmtudisc" json:"pmtudisc,omitempty"` - Proto *uint32 `protobuf:"varint,7,opt,name=proto" json:"proto,omitempty"` - Flags *uint32 `protobuf:"varint,8,opt,name=flags" json:"flags,omitempty"` - EncapType *uint32 `protobuf:"varint,9,opt,name=encap_type,json=encapType" json:"encap_type,omitempty"` - EncapFlags *uint32 `protobuf:"varint,10,opt,name=encap_flags,json=encapFlags" json:"encap_flags,omitempty"` - EncapSport *uint32 `protobuf:"varint,11,opt,name=encap_sport,json=encapSport" json:"encap_sport,omitempty"` - EncapDport *uint32 `protobuf:"varint,12,opt,name=encap_dport,json=encapDport" json:"encap_dport,omitempty"` - RdPrefixlen *uint32 `protobuf:"varint,13,opt,name=rd_prefixlen,json=rdPrefixlen" json:"rd_prefixlen,omitempty"` - RdPrefix []uint32 `protobuf:"varint,14,rep,name=rd_prefix,json=rdPrefix" json:"rd_prefix,omitempty"` - RelayPrefixlen *uint32 `protobuf:"varint,15,opt,name=relay_prefixlen,json=relayPrefixlen" json:"relay_prefixlen,omitempty"` - RelayPrefix []uint32 `protobuf:"varint,16,rep,name=relay_prefix,json=relayPrefix" json:"relay_prefix,omitempty"` -} - -func (x *SitEntry) Reset() { - *x = SitEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_sit_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *SitEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*SitEntry) ProtoMessage() {} - -func (x *SitEntry) ProtoReflect() protoreflect.Message { - mi := &file_sit_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use SitEntry.ProtoReflect.Descriptor instead. -func (*SitEntry) Descriptor() ([]byte, []int) { - return file_sit_proto_rawDescGZIP(), []int{0} -} - -func (x *SitEntry) GetLink() uint32 { - if x != nil && x.Link != nil { - return *x.Link - } - return 0 -} - -func (x *SitEntry) GetLocal() []uint32 { - if x != nil { - return x.Local - } - return nil -} - -func (x *SitEntry) GetRemote() []uint32 { - if x != nil { - return x.Remote - } - return nil -} - -func (x *SitEntry) GetTtl() uint32 { - if x != nil && x.Ttl != nil { - return *x.Ttl - } - return 0 -} - -func (x *SitEntry) GetTos() uint32 { - if x != nil && x.Tos != nil { - return *x.Tos - } - return 0 -} - -func (x *SitEntry) GetPmtudisc() bool { - if x != nil && x.Pmtudisc != nil { - return *x.Pmtudisc - } - return false -} - -func (x *SitEntry) GetProto() uint32 { - if x != nil && x.Proto != nil { - return *x.Proto - } - return 0 -} - -func (x *SitEntry) GetFlags() uint32 { - if x != nil && x.Flags != nil { - return *x.Flags - } - return 0 -} - -func (x *SitEntry) GetEncapType() uint32 { - if x != nil && x.EncapType != nil { - return *x.EncapType - } - return 0 -} - -func (x *SitEntry) GetEncapFlags() uint32 { - if x != nil && x.EncapFlags != nil { - return *x.EncapFlags - } - return 0 -} - -func (x *SitEntry) GetEncapSport() uint32 { - if x != nil && x.EncapSport != nil { - return *x.EncapSport - } - return 0 -} - -func (x *SitEntry) GetEncapDport() uint32 { - if x != nil && x.EncapDport != nil { - return *x.EncapDport - } - return 0 -} - -func (x *SitEntry) GetRdPrefixlen() uint32 { - if x != nil && x.RdPrefixlen != nil { - return *x.RdPrefixlen - } - return 0 -} - -func (x *SitEntry) GetRdPrefix() []uint32 { - if x != nil { - return x.RdPrefix - } - return nil -} - -func (x *SitEntry) GetRelayPrefixlen() uint32 { - if x != nil && x.RelayPrefixlen != nil { - return *x.RelayPrefixlen - } - return 0 -} - -func (x *SitEntry) GetRelayPrefix() []uint32 { - if x != nil { - return x.RelayPrefix - } - return nil -} - -var File_sit_proto protoreflect.FileDescriptor - -var file_sit_proto_rawDesc = []byte{ - 0x0a, 0x09, 0x73, 0x69, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x6f, 0x70, 0x74, - 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xe3, 0x03, 0x0a, 0x09, 0x73, 0x69, 0x74, 0x5f, - 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x6c, 0x69, 0x6e, 0x6b, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x0d, 0x52, 0x04, 0x6c, 0x69, 0x6e, 0x6b, 0x12, 0x1b, 0x0a, 0x05, 0x6c, 0x6f, 0x63, - 0x61, 0x6c, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x10, 0x01, 0x52, - 0x05, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x12, 0x1d, 0x0a, 0x06, 0x72, 0x65, 0x6d, 0x6f, 0x74, 0x65, - 0x18, 0x03, 0x20, 0x03, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x10, 0x01, 0x52, 0x06, 0x72, - 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x74, 0x74, 0x6c, 0x18, 0x04, 0x20, 0x01, - 0x28, 0x0d, 0x52, 0x03, 0x74, 0x74, 0x6c, 0x12, 0x10, 0x0a, 0x03, 0x74, 0x6f, 0x73, 0x18, 0x05, - 0x20, 0x01, 0x28, 0x0d, 0x52, 0x03, 0x74, 0x6f, 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x6d, 0x74, - 0x75, 0x64, 0x69, 0x73, 0x63, 0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x70, 0x6d, 0x74, - 0x75, 0x64, 0x69, 0x73, 0x63, 0x12, 0x14, 0x0a, 0x05, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x18, 0x07, - 0x20, 0x01, 0x28, 0x0d, 0x52, 0x05, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x14, 0x0a, 0x05, 0x66, - 0x6c, 0x61, 0x67, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, - 0x73, 0x12, 0x1d, 0x0a, 0x0a, 0x65, 0x6e, 0x63, 0x61, 0x70, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, - 0x09, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x09, 0x65, 0x6e, 0x63, 0x61, 0x70, 0x54, 0x79, 0x70, 0x65, - 0x12, 0x1f, 0x0a, 0x0b, 0x65, 0x6e, 0x63, 0x61, 0x70, 0x5f, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, - 0x0a, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0a, 0x65, 0x6e, 0x63, 0x61, 0x70, 0x46, 0x6c, 0x61, 0x67, - 0x73, 0x12, 0x1f, 0x0a, 0x0b, 0x65, 0x6e, 0x63, 0x61, 0x70, 0x5f, 0x73, 0x70, 0x6f, 0x72, 0x74, - 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0a, 0x65, 0x6e, 0x63, 0x61, 0x70, 0x53, 0x70, 0x6f, - 0x72, 0x74, 0x12, 0x1f, 0x0a, 0x0b, 0x65, 0x6e, 0x63, 0x61, 0x70, 0x5f, 0x64, 0x70, 0x6f, 0x72, - 0x74, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0a, 0x65, 0x6e, 0x63, 0x61, 0x70, 0x44, 0x70, - 0x6f, 0x72, 0x74, 0x12, 0x21, 0x0a, 0x0c, 0x72, 0x64, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, - 0x6c, 0x65, 0x6e, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0b, 0x72, 0x64, 0x50, 0x72, 0x65, - 0x66, 0x69, 0x78, 0x6c, 0x65, 0x6e, 0x12, 0x22, 0x0a, 0x09, 0x72, 0x64, 0x5f, 0x70, 0x72, 0x65, - 0x66, 0x69, 0x78, 0x18, 0x0e, 0x20, 0x03, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x10, 0x01, - 0x52, 0x08, 0x72, 0x64, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x27, 0x0a, 0x0f, 0x72, 0x65, - 0x6c, 0x61, 0x79, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x6c, 0x65, 0x6e, 0x18, 0x0f, 0x20, - 0x01, 0x28, 0x0d, 0x52, 0x0e, 0x72, 0x65, 0x6c, 0x61, 0x79, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, - 0x6c, 0x65, 0x6e, 0x12, 0x28, 0x0a, 0x0c, 0x72, 0x65, 0x6c, 0x61, 0x79, 0x5f, 0x70, 0x72, 0x65, - 0x66, 0x69, 0x78, 0x18, 0x10, 0x20, 0x03, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x10, 0x01, - 0x52, 0x0b, 0x72, 0x65, 0x6c, 0x61, 0x79, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, -} - -var ( - file_sit_proto_rawDescOnce sync.Once - file_sit_proto_rawDescData = file_sit_proto_rawDesc -) - -func file_sit_proto_rawDescGZIP() []byte { - file_sit_proto_rawDescOnce.Do(func() { - file_sit_proto_rawDescData = protoimpl.X.CompressGZIP(file_sit_proto_rawDescData) - }) - return file_sit_proto_rawDescData -} - -var file_sit_proto_msgTypes = make([]protoimpl.MessageInfo, 1) -var file_sit_proto_goTypes = []interface{}{ - (*SitEntry)(nil), // 0: sit_entry -} -var file_sit_proto_depIdxs = []int32{ - 0, // [0:0] is the sub-list for method output_type - 0, // [0:0] is the sub-list for method input_type - 0, // [0:0] is the sub-list for extension type_name - 0, // [0:0] is the sub-list for extension extendee - 0, // [0:0] is the sub-list for field type_name -} - -func init() { file_sit_proto_init() } -func file_sit_proto_init() { - if File_sit_proto != nil { - return - } - file_opts_proto_init() - if !protoimpl.UnsafeEnabled { - file_sit_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*SitEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_sit_proto_rawDesc, - NumEnums: 0, - NumMessages: 1, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_sit_proto_goTypes, - DependencyIndexes: file_sit_proto_depIdxs, - MessageInfos: file_sit_proto_msgTypes, - }.Build() - File_sit_proto = out.File - file_sit_proto_rawDesc = nil - file_sit_proto_goTypes = nil - file_sit_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sit.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sit.proto deleted file mode 100644 index 5396458581b..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sit.proto +++ /dev/null @@ -1,24 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -import "opts.proto"; - -message sit_entry { - optional uint32 link = 1; - repeated uint32 local = 2 [(criu).ipadd = true]; - repeated uint32 remote = 3 [(criu).ipadd = true]; - optional uint32 ttl = 4; - optional uint32 tos = 5; - optional bool pmtudisc = 6; - optional uint32 proto = 7; - optional uint32 flags = 8; - optional uint32 encap_type = 9; - optional uint32 encap_flags = 10; - optional uint32 encap_sport = 11; - optional uint32 encap_dport = 12; - optional uint32 rd_prefixlen = 13; - repeated uint32 rd_prefix = 14 [(criu).ipadd = true]; - optional uint32 relay_prefixlen = 15; - repeated uint32 relay_prefix = 16 [(criu).ipadd = true]; -}; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-inet.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-inet.pb.go deleted file mode 100644 index 03801fb0aa5..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-inet.pb.go +++ /dev/null @@ -1,508 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: sk-inet.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type IpOptsRawEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Hdrincl *bool `protobuf:"varint,1,opt,name=hdrincl" json:"hdrincl,omitempty"` - Nodefrag *bool `protobuf:"varint,2,opt,name=nodefrag" json:"nodefrag,omitempty"` - Checksum *bool `protobuf:"varint,3,opt,name=checksum" json:"checksum,omitempty"` - IcmpvFilter []uint32 `protobuf:"varint,4,rep,name=icmpv_filter,json=icmpvFilter" json:"icmpv_filter,omitempty"` -} - -func (x *IpOptsRawEntry) Reset() { - *x = IpOptsRawEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_sk_inet_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *IpOptsRawEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*IpOptsRawEntry) ProtoMessage() {} - -func (x *IpOptsRawEntry) ProtoReflect() protoreflect.Message { - mi := &file_sk_inet_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use IpOptsRawEntry.ProtoReflect.Descriptor instead. -func (*IpOptsRawEntry) Descriptor() ([]byte, []int) { - return file_sk_inet_proto_rawDescGZIP(), []int{0} -} - -func (x *IpOptsRawEntry) GetHdrincl() bool { - if x != nil && x.Hdrincl != nil { - return *x.Hdrincl - } - return false -} - -func (x *IpOptsRawEntry) GetNodefrag() bool { - if x != nil && x.Nodefrag != nil { - return *x.Nodefrag - } - return false -} - -func (x *IpOptsRawEntry) GetChecksum() bool { - if x != nil && x.Checksum != nil { - return *x.Checksum - } - return false -} - -func (x *IpOptsRawEntry) GetIcmpvFilter() []uint32 { - if x != nil { - return x.IcmpvFilter - } - return nil -} - -type IpOptsEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Freebind *bool `protobuf:"varint,1,opt,name=freebind" json:"freebind,omitempty"` - // Fields 2 and 3 are reserved for vz7 use - Raw *IpOptsRawEntry `protobuf:"bytes,4,opt,name=raw" json:"raw,omitempty"` -} - -func (x *IpOptsEntry) Reset() { - *x = IpOptsEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_sk_inet_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *IpOptsEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*IpOptsEntry) ProtoMessage() {} - -func (x *IpOptsEntry) ProtoReflect() protoreflect.Message { - mi := &file_sk_inet_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use IpOptsEntry.ProtoReflect.Descriptor instead. -func (*IpOptsEntry) Descriptor() ([]byte, []int) { - return file_sk_inet_proto_rawDescGZIP(), []int{1} -} - -func (x *IpOptsEntry) GetFreebind() bool { - if x != nil && x.Freebind != nil { - return *x.Freebind - } - return false -} - -func (x *IpOptsEntry) GetRaw() *IpOptsRawEntry { - if x != nil { - return x.Raw - } - return nil -} - -type InetSkEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // We have two IDs here -- id and ino. The first one - // is used when restoring socket behind a file descriprot. - // The fdinfo image's id is it. The second one is used - // in sk-inet.c internally, in particular we identify - // a TCP stream to restore into this socket using the - // ino value. - Id *uint32 `protobuf:"varint,1,req,name=id" json:"id,omitempty"` - Ino *uint32 `protobuf:"varint,2,req,name=ino" json:"ino,omitempty"` - Family *uint32 `protobuf:"varint,3,req,name=family" json:"family,omitempty"` - Type *uint32 `protobuf:"varint,4,req,name=type" json:"type,omitempty"` - Proto *uint32 `protobuf:"varint,5,req,name=proto" json:"proto,omitempty"` - State *uint32 `protobuf:"varint,6,req,name=state" json:"state,omitempty"` - SrcPort *uint32 `protobuf:"varint,7,req,name=src_port,json=srcPort" json:"src_port,omitempty"` - DstPort *uint32 `protobuf:"varint,8,req,name=dst_port,json=dstPort" json:"dst_port,omitempty"` - Flags *uint32 `protobuf:"varint,9,req,name=flags" json:"flags,omitempty"` - Backlog *uint32 `protobuf:"varint,10,req,name=backlog" json:"backlog,omitempty"` - SrcAddr []uint32 `protobuf:"varint,11,rep,name=src_addr,json=srcAddr" json:"src_addr,omitempty"` - DstAddr []uint32 `protobuf:"varint,12,rep,name=dst_addr,json=dstAddr" json:"dst_addr,omitempty"` - Fown *FownEntry `protobuf:"bytes,13,req,name=fown" json:"fown,omitempty"` - Opts *SkOptsEntry `protobuf:"bytes,14,req,name=opts" json:"opts,omitempty"` - V6Only *bool `protobuf:"varint,15,opt,name=v6only" json:"v6only,omitempty"` - IpOpts *IpOptsEntry `protobuf:"bytes,16,opt,name=ip_opts,json=ipOpts" json:"ip_opts,omitempty"` - // for ipv6, we need to send the ifindex to bind(); we keep the ifname - // here and convert it on restore - Ifname *string `protobuf:"bytes,17,opt,name=ifname" json:"ifname,omitempty"` - NsId *uint32 `protobuf:"varint,18,opt,name=ns_id,json=nsId" json:"ns_id,omitempty"` - Shutdown *SkShutdown `protobuf:"varint,19,opt,name=shutdown,enum=SkShutdown" json:"shutdown,omitempty"` -} - -func (x *InetSkEntry) Reset() { - *x = InetSkEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_sk_inet_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *InetSkEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*InetSkEntry) ProtoMessage() {} - -func (x *InetSkEntry) ProtoReflect() protoreflect.Message { - mi := &file_sk_inet_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use InetSkEntry.ProtoReflect.Descriptor instead. -func (*InetSkEntry) Descriptor() ([]byte, []int) { - return file_sk_inet_proto_rawDescGZIP(), []int{2} -} - -func (x *InetSkEntry) GetId() uint32 { - if x != nil && x.Id != nil { - return *x.Id - } - return 0 -} - -func (x *InetSkEntry) GetIno() uint32 { - if x != nil && x.Ino != nil { - return *x.Ino - } - return 0 -} - -func (x *InetSkEntry) GetFamily() uint32 { - if x != nil && x.Family != nil { - return *x.Family - } - return 0 -} - -func (x *InetSkEntry) GetType() uint32 { - if x != nil && x.Type != nil { - return *x.Type - } - return 0 -} - -func (x *InetSkEntry) GetProto() uint32 { - if x != nil && x.Proto != nil { - return *x.Proto - } - return 0 -} - -func (x *InetSkEntry) GetState() uint32 { - if x != nil && x.State != nil { - return *x.State - } - return 0 -} - -func (x *InetSkEntry) GetSrcPort() uint32 { - if x != nil && x.SrcPort != nil { - return *x.SrcPort - } - return 0 -} - -func (x *InetSkEntry) GetDstPort() uint32 { - if x != nil && x.DstPort != nil { - return *x.DstPort - } - return 0 -} - -func (x *InetSkEntry) GetFlags() uint32 { - if x != nil && x.Flags != nil { - return *x.Flags - } - return 0 -} - -func (x *InetSkEntry) GetBacklog() uint32 { - if x != nil && x.Backlog != nil { - return *x.Backlog - } - return 0 -} - -func (x *InetSkEntry) GetSrcAddr() []uint32 { - if x != nil { - return x.SrcAddr - } - return nil -} - -func (x *InetSkEntry) GetDstAddr() []uint32 { - if x != nil { - return x.DstAddr - } - return nil -} - -func (x *InetSkEntry) GetFown() *FownEntry { - if x != nil { - return x.Fown - } - return nil -} - -func (x *InetSkEntry) GetOpts() *SkOptsEntry { - if x != nil { - return x.Opts - } - return nil -} - -func (x *InetSkEntry) GetV6Only() bool { - if x != nil && x.V6Only != nil { - return *x.V6Only - } - return false -} - -func (x *InetSkEntry) GetIpOpts() *IpOptsEntry { - if x != nil { - return x.IpOpts - } - return nil -} - -func (x *InetSkEntry) GetIfname() string { - if x != nil && x.Ifname != nil { - return *x.Ifname - } - return "" -} - -func (x *InetSkEntry) GetNsId() uint32 { - if x != nil && x.NsId != nil { - return *x.NsId - } - return 0 -} - -func (x *InetSkEntry) GetShutdown() SkShutdown { - if x != nil && x.Shutdown != nil { - return *x.Shutdown - } - return SkShutdown_NONE -} - -var File_sk_inet_proto protoreflect.FileDescriptor - -var file_sk_inet_proto_rawDesc = []byte{ - 0x0a, 0x0d, 0x73, 0x6b, 0x2d, 0x69, 0x6e, 0x65, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, - 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x66, 0x6f, 0x77, - 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0d, 0x73, 0x6b, 0x2d, 0x6f, 0x70, 0x74, 0x73, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x88, 0x01, 0x0a, 0x11, 0x69, 0x70, 0x5f, 0x6f, 0x70, - 0x74, 0x73, 0x5f, 0x72, 0x61, 0x77, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x18, 0x0a, 0x07, - 0x68, 0x64, 0x72, 0x69, 0x6e, 0x63, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x68, - 0x64, 0x72, 0x69, 0x6e, 0x63, 0x6c, 0x12, 0x1a, 0x0a, 0x08, 0x6e, 0x6f, 0x64, 0x65, 0x66, 0x72, - 0x61, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x6e, 0x6f, 0x64, 0x65, 0x66, 0x72, - 0x61, 0x67, 0x12, 0x1a, 0x0a, 0x08, 0x63, 0x68, 0x65, 0x63, 0x6b, 0x73, 0x75, 0x6d, 0x18, 0x03, - 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x63, 0x68, 0x65, 0x63, 0x6b, 0x73, 0x75, 0x6d, 0x12, 0x21, - 0x0a, 0x0c, 0x69, 0x63, 0x6d, 0x70, 0x76, 0x5f, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x18, 0x04, - 0x20, 0x03, 0x28, 0x0d, 0x52, 0x0b, 0x69, 0x63, 0x6d, 0x70, 0x76, 0x46, 0x69, 0x6c, 0x74, 0x65, - 0x72, 0x22, 0x51, 0x0a, 0x0d, 0x69, 0x70, 0x5f, 0x6f, 0x70, 0x74, 0x73, 0x5f, 0x65, 0x6e, 0x74, - 0x72, 0x79, 0x12, 0x1a, 0x0a, 0x08, 0x66, 0x72, 0x65, 0x65, 0x62, 0x69, 0x6e, 0x64, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x66, 0x72, 0x65, 0x65, 0x62, 0x69, 0x6e, 0x64, 0x12, 0x24, - 0x0a, 0x03, 0x72, 0x61, 0x77, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x69, 0x70, - 0x5f, 0x6f, 0x70, 0x74, 0x73, 0x5f, 0x72, 0x61, 0x77, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, - 0x03, 0x72, 0x61, 0x77, 0x22, 0xbb, 0x04, 0x0a, 0x0d, 0x69, 0x6e, 0x65, 0x74, 0x5f, 0x73, 0x6b, - 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, - 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, 0x10, 0x0a, 0x03, 0x69, 0x6e, 0x6f, 0x18, 0x02, 0x20, - 0x02, 0x28, 0x0d, 0x52, 0x03, 0x69, 0x6e, 0x6f, 0x12, 0x1f, 0x0a, 0x06, 0x66, 0x61, 0x6d, 0x69, - 0x6c, 0x79, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x07, 0xd2, 0x3f, 0x04, 0x32, 0x02, 0x73, - 0x6b, 0x52, 0x06, 0x66, 0x61, 0x6d, 0x69, 0x6c, 0x79, 0x12, 0x1b, 0x0a, 0x04, 0x74, 0x79, 0x70, - 0x65, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x07, 0xd2, 0x3f, 0x04, 0x32, 0x02, 0x73, 0x6b, - 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x1d, 0x0a, 0x05, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x18, - 0x05, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x07, 0xd2, 0x3f, 0x04, 0x32, 0x02, 0x73, 0x6b, 0x52, 0x05, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x1d, 0x0a, 0x05, 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x06, - 0x20, 0x02, 0x28, 0x0d, 0x42, 0x07, 0xd2, 0x3f, 0x04, 0x32, 0x02, 0x73, 0x6b, 0x52, 0x05, 0x73, - 0x74, 0x61, 0x74, 0x65, 0x12, 0x19, 0x0a, 0x08, 0x73, 0x72, 0x63, 0x5f, 0x70, 0x6f, 0x72, 0x74, - 0x18, 0x07, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x73, 0x72, 0x63, 0x50, 0x6f, 0x72, 0x74, 0x12, - 0x19, 0x0a, 0x08, 0x64, 0x73, 0x74, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x08, 0x20, 0x02, 0x28, - 0x0d, 0x52, 0x07, 0x64, 0x73, 0x74, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x1b, 0x0a, 0x05, 0x66, 0x6c, - 0x61, 0x67, 0x73, 0x18, 0x09, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, - 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x18, 0x0a, 0x07, 0x62, 0x61, 0x63, 0x6b, 0x6c, - 0x6f, 0x67, 0x18, 0x0a, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x62, 0x61, 0x63, 0x6b, 0x6c, 0x6f, - 0x67, 0x12, 0x20, 0x0a, 0x08, 0x73, 0x72, 0x63, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x18, 0x0b, 0x20, - 0x03, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x10, 0x01, 0x52, 0x07, 0x73, 0x72, 0x63, 0x41, - 0x64, 0x64, 0x72, 0x12, 0x20, 0x0a, 0x08, 0x64, 0x73, 0x74, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x18, - 0x0c, 0x20, 0x03, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x10, 0x01, 0x52, 0x07, 0x64, 0x73, - 0x74, 0x41, 0x64, 0x64, 0x72, 0x12, 0x1f, 0x0a, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x18, 0x0d, 0x20, - 0x02, 0x28, 0x0b, 0x32, 0x0b, 0x2e, 0x66, 0x6f, 0x77, 0x6e, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, - 0x52, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x12, 0x22, 0x0a, 0x04, 0x6f, 0x70, 0x74, 0x73, 0x18, 0x0e, - 0x20, 0x02, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x73, 0x6b, 0x5f, 0x6f, 0x70, 0x74, 0x73, 0x5f, 0x65, - 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x6f, 0x70, 0x74, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x76, 0x36, - 0x6f, 0x6e, 0x6c, 0x79, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06, 0x76, 0x36, 0x6f, 0x6e, - 0x6c, 0x79, 0x12, 0x27, 0x0a, 0x07, 0x69, 0x70, 0x5f, 0x6f, 0x70, 0x74, 0x73, 0x18, 0x10, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x69, 0x70, 0x5f, 0x6f, 0x70, 0x74, 0x73, 0x5f, 0x65, 0x6e, - 0x74, 0x72, 0x79, 0x52, 0x06, 0x69, 0x70, 0x4f, 0x70, 0x74, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x69, - 0x66, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x11, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x69, 0x66, 0x6e, - 0x61, 0x6d, 0x65, 0x12, 0x13, 0x0a, 0x05, 0x6e, 0x73, 0x5f, 0x69, 0x64, 0x18, 0x12, 0x20, 0x01, - 0x28, 0x0d, 0x52, 0x04, 0x6e, 0x73, 0x49, 0x64, 0x12, 0x28, 0x0a, 0x08, 0x73, 0x68, 0x75, 0x74, - 0x64, 0x6f, 0x77, 0x6e, 0x18, 0x13, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x0c, 0x2e, 0x73, 0x6b, 0x5f, - 0x73, 0x68, 0x75, 0x74, 0x64, 0x6f, 0x77, 0x6e, 0x52, 0x08, 0x73, 0x68, 0x75, 0x74, 0x64, 0x6f, - 0x77, 0x6e, -} - -var ( - file_sk_inet_proto_rawDescOnce sync.Once - file_sk_inet_proto_rawDescData = file_sk_inet_proto_rawDesc -) - -func file_sk_inet_proto_rawDescGZIP() []byte { - file_sk_inet_proto_rawDescOnce.Do(func() { - file_sk_inet_proto_rawDescData = protoimpl.X.CompressGZIP(file_sk_inet_proto_rawDescData) - }) - return file_sk_inet_proto_rawDescData -} - -var file_sk_inet_proto_msgTypes = make([]protoimpl.MessageInfo, 3) -var file_sk_inet_proto_goTypes = []interface{}{ - (*IpOptsRawEntry)(nil), // 0: ip_opts_raw_entry - (*IpOptsEntry)(nil), // 1: ip_opts_entry - (*InetSkEntry)(nil), // 2: inet_sk_entry - (*FownEntry)(nil), // 3: fown_entry - (*SkOptsEntry)(nil), // 4: sk_opts_entry - (SkShutdown)(0), // 5: sk_shutdown -} -var file_sk_inet_proto_depIdxs = []int32{ - 0, // 0: ip_opts_entry.raw:type_name -> ip_opts_raw_entry - 3, // 1: inet_sk_entry.fown:type_name -> fown_entry - 4, // 2: inet_sk_entry.opts:type_name -> sk_opts_entry - 1, // 3: inet_sk_entry.ip_opts:type_name -> ip_opts_entry - 5, // 4: inet_sk_entry.shutdown:type_name -> sk_shutdown - 5, // [5:5] is the sub-list for method output_type - 5, // [5:5] is the sub-list for method input_type - 5, // [5:5] is the sub-list for extension type_name - 5, // [5:5] is the sub-list for extension extendee - 0, // [0:5] is the sub-list for field type_name -} - -func init() { file_sk_inet_proto_init() } -func file_sk_inet_proto_init() { - if File_sk_inet_proto != nil { - return - } - file_opts_proto_init() - file_fown_proto_init() - file_sk_opts_proto_init() - if !protoimpl.UnsafeEnabled { - file_sk_inet_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*IpOptsRawEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_sk_inet_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*IpOptsEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_sk_inet_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*InetSkEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_sk_inet_proto_rawDesc, - NumEnums: 0, - NumMessages: 3, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_sk_inet_proto_goTypes, - DependencyIndexes: file_sk_inet_proto_depIdxs, - MessageInfos: file_sk_inet_proto_msgTypes, - }.Build() - File_sk_inet_proto = out.File - file_sk_inet_proto_rawDesc = nil - file_sk_inet_proto_goTypes = nil - file_sk_inet_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-inet.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-inet.proto deleted file mode 100644 index 594e29c6622..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-inet.proto +++ /dev/null @@ -1,55 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -import "opts.proto"; -import "fown.proto"; -import "sk-opts.proto"; - -message ip_opts_raw_entry { - optional bool hdrincl = 1; - optional bool nodefrag = 2; - optional bool checksum = 3; - repeated uint32 icmpv_filter = 4; -} - -message ip_opts_entry { - optional bool freebind = 1; - // Fields 2 and 3 are reserved for vz7 use - optional ip_opts_raw_entry raw = 4; -} - -message inet_sk_entry { - /* - * We have two IDs here -- id and ino. The first one - * is used when restoring socket behind a file descriprot. - * The fdinfo image's id is it. The second one is used - * in sk-inet.c internally, in particular we identify - * a TCP stream to restore into this socket using the - * ino value. - */ - required uint32 id = 1; - required uint32 ino = 2; - required uint32 family = 3 [(criu).dict = "sk"]; - required uint32 type = 4 [(criu).dict = "sk"]; - required uint32 proto = 5 [(criu).dict = "sk"]; - required uint32 state = 6 [(criu).dict = "sk"]; - required uint32 src_port = 7; - required uint32 dst_port = 8; - required uint32 flags = 9 [(criu).hex = true]; - required uint32 backlog = 10; - - repeated uint32 src_addr = 11 [(criu).ipadd = true]; - repeated uint32 dst_addr = 12 [(criu).ipadd = true]; - - required fown_entry fown = 13; - required sk_opts_entry opts = 14; - optional bool v6only = 15; - optional ip_opts_entry ip_opts = 16; - - /* for ipv6, we need to send the ifindex to bind(); we keep the ifname - * here and convert it on restore */ - optional string ifname = 17; - optional uint32 ns_id = 18; - optional sk_shutdown shutdown = 19; -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-netlink.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-netlink.pb.go deleted file mode 100644 index 75bac2ed0c0..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-netlink.pb.go +++ /dev/null @@ -1,258 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: sk-netlink.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type NetlinkSkEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Id *uint32 `protobuf:"varint,1,req,name=id" json:"id,omitempty"` - Ino *uint32 `protobuf:"varint,2,req,name=ino" json:"ino,omitempty"` - Protocol *uint32 `protobuf:"varint,3,req,name=protocol" json:"protocol,omitempty"` - State *uint32 `protobuf:"varint,4,req,name=state" json:"state,omitempty"` - Flags *uint32 `protobuf:"varint,6,req,name=flags" json:"flags,omitempty"` - Portid *uint32 `protobuf:"varint,7,req,name=portid" json:"portid,omitempty"` - Groups []uint32 `protobuf:"varint,8,rep,name=groups" json:"groups,omitempty"` - DstPortid *uint32 `protobuf:"varint,9,req,name=dst_portid,json=dstPortid" json:"dst_portid,omitempty"` - DstGroup *uint32 `protobuf:"varint,10,req,name=dst_group,json=dstGroup" json:"dst_group,omitempty"` - Fown *FownEntry `protobuf:"bytes,11,req,name=fown" json:"fown,omitempty"` - Opts *SkOptsEntry `protobuf:"bytes,12,req,name=opts" json:"opts,omitempty"` - NsId *uint32 `protobuf:"varint,13,opt,name=ns_id,json=nsId" json:"ns_id,omitempty"` -} - -func (x *NetlinkSkEntry) Reset() { - *x = NetlinkSkEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_sk_netlink_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *NetlinkSkEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*NetlinkSkEntry) ProtoMessage() {} - -func (x *NetlinkSkEntry) ProtoReflect() protoreflect.Message { - mi := &file_sk_netlink_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use NetlinkSkEntry.ProtoReflect.Descriptor instead. -func (*NetlinkSkEntry) Descriptor() ([]byte, []int) { - return file_sk_netlink_proto_rawDescGZIP(), []int{0} -} - -func (x *NetlinkSkEntry) GetId() uint32 { - if x != nil && x.Id != nil { - return *x.Id - } - return 0 -} - -func (x *NetlinkSkEntry) GetIno() uint32 { - if x != nil && x.Ino != nil { - return *x.Ino - } - return 0 -} - -func (x *NetlinkSkEntry) GetProtocol() uint32 { - if x != nil && x.Protocol != nil { - return *x.Protocol - } - return 0 -} - -func (x *NetlinkSkEntry) GetState() uint32 { - if x != nil && x.State != nil { - return *x.State - } - return 0 -} - -func (x *NetlinkSkEntry) GetFlags() uint32 { - if x != nil && x.Flags != nil { - return *x.Flags - } - return 0 -} - -func (x *NetlinkSkEntry) GetPortid() uint32 { - if x != nil && x.Portid != nil { - return *x.Portid - } - return 0 -} - -func (x *NetlinkSkEntry) GetGroups() []uint32 { - if x != nil { - return x.Groups - } - return nil -} - -func (x *NetlinkSkEntry) GetDstPortid() uint32 { - if x != nil && x.DstPortid != nil { - return *x.DstPortid - } - return 0 -} - -func (x *NetlinkSkEntry) GetDstGroup() uint32 { - if x != nil && x.DstGroup != nil { - return *x.DstGroup - } - return 0 -} - -func (x *NetlinkSkEntry) GetFown() *FownEntry { - if x != nil { - return x.Fown - } - return nil -} - -func (x *NetlinkSkEntry) GetOpts() *SkOptsEntry { - if x != nil { - return x.Opts - } - return nil -} - -func (x *NetlinkSkEntry) GetNsId() uint32 { - if x != nil && x.NsId != nil { - return *x.NsId - } - return 0 -} - -var File_sk_netlink_proto protoreflect.FileDescriptor - -var file_sk_netlink_proto_rawDesc = []byte{ - 0x0a, 0x10, 0x73, 0x6b, 0x2d, 0x6e, 0x65, 0x74, 0x6c, 0x69, 0x6e, 0x6b, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, - 0x66, 0x6f, 0x77, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0d, 0x73, 0x6b, 0x2d, 0x6f, - 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xc9, 0x02, 0x0a, 0x10, 0x6e, 0x65, - 0x74, 0x6c, 0x69, 0x6e, 0x6b, 0x5f, 0x73, 0x6b, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, - 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, 0x10, - 0x0a, 0x03, 0x69, 0x6e, 0x6f, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, 0x69, 0x6e, 0x6f, - 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x03, 0x20, 0x02, - 0x28, 0x0d, 0x52, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x14, 0x0a, 0x05, - 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x73, 0x74, 0x61, - 0x74, 0x65, 0x12, 0x1b, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x06, 0x20, 0x02, 0x28, - 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, - 0x16, 0x0a, 0x06, 0x70, 0x6f, 0x72, 0x74, 0x69, 0x64, 0x18, 0x07, 0x20, 0x02, 0x28, 0x0d, 0x52, - 0x06, 0x70, 0x6f, 0x72, 0x74, 0x69, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x67, 0x72, 0x6f, 0x75, 0x70, - 0x73, 0x18, 0x08, 0x20, 0x03, 0x28, 0x0d, 0x52, 0x06, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x12, - 0x1d, 0x0a, 0x0a, 0x64, 0x73, 0x74, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x69, 0x64, 0x18, 0x09, 0x20, - 0x02, 0x28, 0x0d, 0x52, 0x09, 0x64, 0x73, 0x74, 0x50, 0x6f, 0x72, 0x74, 0x69, 0x64, 0x12, 0x1b, - 0x0a, 0x09, 0x64, 0x73, 0x74, 0x5f, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x18, 0x0a, 0x20, 0x02, 0x28, - 0x0d, 0x52, 0x08, 0x64, 0x73, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x1f, 0x0a, 0x04, 0x66, - 0x6f, 0x77, 0x6e, 0x18, 0x0b, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x0b, 0x2e, 0x66, 0x6f, 0x77, 0x6e, - 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x12, 0x22, 0x0a, 0x04, - 0x6f, 0x70, 0x74, 0x73, 0x18, 0x0c, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x73, 0x6b, 0x5f, - 0x6f, 0x70, 0x74, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x6f, 0x70, 0x74, 0x73, - 0x12, 0x13, 0x0a, 0x05, 0x6e, 0x73, 0x5f, 0x69, 0x64, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x0d, 0x52, - 0x04, 0x6e, 0x73, 0x49, 0x64, -} - -var ( - file_sk_netlink_proto_rawDescOnce sync.Once - file_sk_netlink_proto_rawDescData = file_sk_netlink_proto_rawDesc -) - -func file_sk_netlink_proto_rawDescGZIP() []byte { - file_sk_netlink_proto_rawDescOnce.Do(func() { - file_sk_netlink_proto_rawDescData = protoimpl.X.CompressGZIP(file_sk_netlink_proto_rawDescData) - }) - return file_sk_netlink_proto_rawDescData -} - -var file_sk_netlink_proto_msgTypes = make([]protoimpl.MessageInfo, 1) -var file_sk_netlink_proto_goTypes = []interface{}{ - (*NetlinkSkEntry)(nil), // 0: netlink_sk_entry - (*FownEntry)(nil), // 1: fown_entry - (*SkOptsEntry)(nil), // 2: sk_opts_entry -} -var file_sk_netlink_proto_depIdxs = []int32{ - 1, // 0: netlink_sk_entry.fown:type_name -> fown_entry - 2, // 1: netlink_sk_entry.opts:type_name -> sk_opts_entry - 2, // [2:2] is the sub-list for method output_type - 2, // [2:2] is the sub-list for method input_type - 2, // [2:2] is the sub-list for extension type_name - 2, // [2:2] is the sub-list for extension extendee - 0, // [0:2] is the sub-list for field type_name -} - -func init() { file_sk_netlink_proto_init() } -func file_sk_netlink_proto_init() { - if File_sk_netlink_proto != nil { - return - } - file_opts_proto_init() - file_fown_proto_init() - file_sk_opts_proto_init() - if !protoimpl.UnsafeEnabled { - file_sk_netlink_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*NetlinkSkEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_sk_netlink_proto_rawDesc, - NumEnums: 0, - NumMessages: 1, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_sk_netlink_proto_goTypes, - DependencyIndexes: file_sk_netlink_proto_depIdxs, - MessageInfos: file_sk_netlink_proto_msgTypes, - }.Build() - File_sk_netlink_proto = out.File - file_sk_netlink_proto_rawDesc = nil - file_sk_netlink_proto_goTypes = nil - file_sk_netlink_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-netlink.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-netlink.proto deleted file mode 100644 index cfcc88daad4..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-netlink.proto +++ /dev/null @@ -1,24 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -import "opts.proto"; -import "fown.proto"; -import "sk-opts.proto"; - -message netlink_sk_entry { - required uint32 id = 1; - required uint32 ino = 2; - required uint32 protocol = 3; - required uint32 state = 4; - required uint32 flags = 6 [(criu).hex = true]; - required uint32 portid = 7; - repeated uint32 groups = 8; - required uint32 dst_portid = 9; - required uint32 dst_group = 10; - required fown_entry fown = 11; - required sk_opts_entry opts = 12; - optional uint32 ns_id = 13; - // For netlink queued messages - // optional nl_sk_opts_entry nl_opts = 14; -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-opts.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-opts.pb.go deleted file mode 100644 index 137603412af..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-opts.pb.go +++ /dev/null @@ -1,453 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: sk-opts.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type SkShutdown int32 - -const ( - SkShutdown_NONE SkShutdown = 0 - SkShutdown_READ SkShutdown = 1 - SkShutdown_WRITE SkShutdown = 2 - SkShutdown_BOTH SkShutdown = 3 -) - -// Enum value maps for SkShutdown. -var ( - SkShutdown_name = map[int32]string{ - 0: "NONE", - 1: "READ", - 2: "WRITE", - 3: "BOTH", - } - SkShutdown_value = map[string]int32{ - "NONE": 0, - "READ": 1, - "WRITE": 2, - "BOTH": 3, - } -) - -func (x SkShutdown) Enum() *SkShutdown { - p := new(SkShutdown) - *p = x - return p -} - -func (x SkShutdown) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (SkShutdown) Descriptor() protoreflect.EnumDescriptor { - return file_sk_opts_proto_enumTypes[0].Descriptor() -} - -func (SkShutdown) Type() protoreflect.EnumType { - return &file_sk_opts_proto_enumTypes[0] -} - -func (x SkShutdown) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Do not use. -func (x *SkShutdown) UnmarshalJSON(b []byte) error { - num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b) - if err != nil { - return err - } - *x = SkShutdown(num) - return nil -} - -// Deprecated: Use SkShutdown.Descriptor instead. -func (SkShutdown) EnumDescriptor() ([]byte, []int) { - return file_sk_opts_proto_rawDescGZIP(), []int{0} -} - -type SkOptsEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - SoSndbuf *uint32 `protobuf:"varint,1,req,name=so_sndbuf,json=soSndbuf" json:"so_sndbuf,omitempty"` - SoRcvbuf *uint32 `protobuf:"varint,2,req,name=so_rcvbuf,json=soRcvbuf" json:"so_rcvbuf,omitempty"` - SoSndTmoSec *uint64 `protobuf:"varint,3,req,name=so_snd_tmo_sec,json=soSndTmoSec" json:"so_snd_tmo_sec,omitempty"` - SoSndTmoUsec *uint64 `protobuf:"varint,4,req,name=so_snd_tmo_usec,json=soSndTmoUsec" json:"so_snd_tmo_usec,omitempty"` - SoRcvTmoSec *uint64 `protobuf:"varint,5,req,name=so_rcv_tmo_sec,json=soRcvTmoSec" json:"so_rcv_tmo_sec,omitempty"` - SoRcvTmoUsec *uint64 `protobuf:"varint,6,req,name=so_rcv_tmo_usec,json=soRcvTmoUsec" json:"so_rcv_tmo_usec,omitempty"` - Reuseaddr *bool `protobuf:"varint,7,opt,name=reuseaddr" json:"reuseaddr,omitempty"` - SoPriority *uint32 `protobuf:"varint,8,opt,name=so_priority,json=soPriority" json:"so_priority,omitempty"` - SoRcvlowat *uint32 `protobuf:"varint,9,opt,name=so_rcvlowat,json=soRcvlowat" json:"so_rcvlowat,omitempty"` - SoMark *uint32 `protobuf:"varint,10,opt,name=so_mark,json=soMark" json:"so_mark,omitempty"` - SoPasscred *bool `protobuf:"varint,11,opt,name=so_passcred,json=soPasscred" json:"so_passcred,omitempty"` - SoPasssec *bool `protobuf:"varint,12,opt,name=so_passsec,json=soPasssec" json:"so_passsec,omitempty"` - SoDontroute *bool `protobuf:"varint,13,opt,name=so_dontroute,json=soDontroute" json:"so_dontroute,omitempty"` - SoNoCheck *bool `protobuf:"varint,14,opt,name=so_no_check,json=soNoCheck" json:"so_no_check,omitempty"` - SoBoundDev *string `protobuf:"bytes,15,opt,name=so_bound_dev,json=soBoundDev" json:"so_bound_dev,omitempty"` - SoFilter []uint64 `protobuf:"fixed64,16,rep,name=so_filter,json=soFilter" json:"so_filter,omitempty"` - SoReuseport *bool `protobuf:"varint,17,opt,name=so_reuseport,json=soReuseport" json:"so_reuseport,omitempty"` - SoBroadcast *bool `protobuf:"varint,18,opt,name=so_broadcast,json=soBroadcast" json:"so_broadcast,omitempty"` - SoKeepalive *bool `protobuf:"varint,19,opt,name=so_keepalive,json=soKeepalive" json:"so_keepalive,omitempty"` - TcpKeepcnt *uint32 `protobuf:"varint,20,opt,name=tcp_keepcnt,json=tcpKeepcnt" json:"tcp_keepcnt,omitempty"` - TcpKeepidle *uint32 `protobuf:"varint,21,opt,name=tcp_keepidle,json=tcpKeepidle" json:"tcp_keepidle,omitempty"` - TcpKeepintvl *uint32 `protobuf:"varint,22,opt,name=tcp_keepintvl,json=tcpKeepintvl" json:"tcp_keepintvl,omitempty"` - SoOobinline *uint32 `protobuf:"varint,23,opt,name=so_oobinline,json=soOobinline" json:"so_oobinline,omitempty"` - SoLinger *uint32 `protobuf:"varint,24,opt,name=so_linger,json=soLinger" json:"so_linger,omitempty"` - SoBufLock *uint32 `protobuf:"varint,25,opt,name=so_buf_lock,json=soBufLock" json:"so_buf_lock,omitempty"` -} - -func (x *SkOptsEntry) Reset() { - *x = SkOptsEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_sk_opts_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *SkOptsEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*SkOptsEntry) ProtoMessage() {} - -func (x *SkOptsEntry) ProtoReflect() protoreflect.Message { - mi := &file_sk_opts_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use SkOptsEntry.ProtoReflect.Descriptor instead. -func (*SkOptsEntry) Descriptor() ([]byte, []int) { - return file_sk_opts_proto_rawDescGZIP(), []int{0} -} - -func (x *SkOptsEntry) GetSoSndbuf() uint32 { - if x != nil && x.SoSndbuf != nil { - return *x.SoSndbuf - } - return 0 -} - -func (x *SkOptsEntry) GetSoRcvbuf() uint32 { - if x != nil && x.SoRcvbuf != nil { - return *x.SoRcvbuf - } - return 0 -} - -func (x *SkOptsEntry) GetSoSndTmoSec() uint64 { - if x != nil && x.SoSndTmoSec != nil { - return *x.SoSndTmoSec - } - return 0 -} - -func (x *SkOptsEntry) GetSoSndTmoUsec() uint64 { - if x != nil && x.SoSndTmoUsec != nil { - return *x.SoSndTmoUsec - } - return 0 -} - -func (x *SkOptsEntry) GetSoRcvTmoSec() uint64 { - if x != nil && x.SoRcvTmoSec != nil { - return *x.SoRcvTmoSec - } - return 0 -} - -func (x *SkOptsEntry) GetSoRcvTmoUsec() uint64 { - if x != nil && x.SoRcvTmoUsec != nil { - return *x.SoRcvTmoUsec - } - return 0 -} - -func (x *SkOptsEntry) GetReuseaddr() bool { - if x != nil && x.Reuseaddr != nil { - return *x.Reuseaddr - } - return false -} - -func (x *SkOptsEntry) GetSoPriority() uint32 { - if x != nil && x.SoPriority != nil { - return *x.SoPriority - } - return 0 -} - -func (x *SkOptsEntry) GetSoRcvlowat() uint32 { - if x != nil && x.SoRcvlowat != nil { - return *x.SoRcvlowat - } - return 0 -} - -func (x *SkOptsEntry) GetSoMark() uint32 { - if x != nil && x.SoMark != nil { - return *x.SoMark - } - return 0 -} - -func (x *SkOptsEntry) GetSoPasscred() bool { - if x != nil && x.SoPasscred != nil { - return *x.SoPasscred - } - return false -} - -func (x *SkOptsEntry) GetSoPasssec() bool { - if x != nil && x.SoPasssec != nil { - return *x.SoPasssec - } - return false -} - -func (x *SkOptsEntry) GetSoDontroute() bool { - if x != nil && x.SoDontroute != nil { - return *x.SoDontroute - } - return false -} - -func (x *SkOptsEntry) GetSoNoCheck() bool { - if x != nil && x.SoNoCheck != nil { - return *x.SoNoCheck - } - return false -} - -func (x *SkOptsEntry) GetSoBoundDev() string { - if x != nil && x.SoBoundDev != nil { - return *x.SoBoundDev - } - return "" -} - -func (x *SkOptsEntry) GetSoFilter() []uint64 { - if x != nil { - return x.SoFilter - } - return nil -} - -func (x *SkOptsEntry) GetSoReuseport() bool { - if x != nil && x.SoReuseport != nil { - return *x.SoReuseport - } - return false -} - -func (x *SkOptsEntry) GetSoBroadcast() bool { - if x != nil && x.SoBroadcast != nil { - return *x.SoBroadcast - } - return false -} - -func (x *SkOptsEntry) GetSoKeepalive() bool { - if x != nil && x.SoKeepalive != nil { - return *x.SoKeepalive - } - return false -} - -func (x *SkOptsEntry) GetTcpKeepcnt() uint32 { - if x != nil && x.TcpKeepcnt != nil { - return *x.TcpKeepcnt - } - return 0 -} - -func (x *SkOptsEntry) GetTcpKeepidle() uint32 { - if x != nil && x.TcpKeepidle != nil { - return *x.TcpKeepidle - } - return 0 -} - -func (x *SkOptsEntry) GetTcpKeepintvl() uint32 { - if x != nil && x.TcpKeepintvl != nil { - return *x.TcpKeepintvl - } - return 0 -} - -func (x *SkOptsEntry) GetSoOobinline() uint32 { - if x != nil && x.SoOobinline != nil { - return *x.SoOobinline - } - return 0 -} - -func (x *SkOptsEntry) GetSoLinger() uint32 { - if x != nil && x.SoLinger != nil { - return *x.SoLinger - } - return 0 -} - -func (x *SkOptsEntry) GetSoBufLock() uint32 { - if x != nil && x.SoBufLock != nil { - return *x.SoBufLock - } - return 0 -} - -var File_sk_opts_proto protoreflect.FileDescriptor - -var file_sk_opts_proto_rawDesc = []byte{ - 0x0a, 0x0d, 0x73, 0x6b, 0x2d, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, - 0xce, 0x06, 0x0a, 0x0d, 0x73, 0x6b, 0x5f, 0x6f, 0x70, 0x74, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, - 0x79, 0x12, 0x1b, 0x0a, 0x09, 0x73, 0x6f, 0x5f, 0x73, 0x6e, 0x64, 0x62, 0x75, 0x66, 0x18, 0x01, - 0x20, 0x02, 0x28, 0x0d, 0x52, 0x08, 0x73, 0x6f, 0x53, 0x6e, 0x64, 0x62, 0x75, 0x66, 0x12, 0x1b, - 0x0a, 0x09, 0x73, 0x6f, 0x5f, 0x72, 0x63, 0x76, 0x62, 0x75, 0x66, 0x18, 0x02, 0x20, 0x02, 0x28, - 0x0d, 0x52, 0x08, 0x73, 0x6f, 0x52, 0x63, 0x76, 0x62, 0x75, 0x66, 0x12, 0x23, 0x0a, 0x0e, 0x73, - 0x6f, 0x5f, 0x73, 0x6e, 0x64, 0x5f, 0x74, 0x6d, 0x6f, 0x5f, 0x73, 0x65, 0x63, 0x18, 0x03, 0x20, - 0x02, 0x28, 0x04, 0x52, 0x0b, 0x73, 0x6f, 0x53, 0x6e, 0x64, 0x54, 0x6d, 0x6f, 0x53, 0x65, 0x63, - 0x12, 0x25, 0x0a, 0x0f, 0x73, 0x6f, 0x5f, 0x73, 0x6e, 0x64, 0x5f, 0x74, 0x6d, 0x6f, 0x5f, 0x75, - 0x73, 0x65, 0x63, 0x18, 0x04, 0x20, 0x02, 0x28, 0x04, 0x52, 0x0c, 0x73, 0x6f, 0x53, 0x6e, 0x64, - 0x54, 0x6d, 0x6f, 0x55, 0x73, 0x65, 0x63, 0x12, 0x23, 0x0a, 0x0e, 0x73, 0x6f, 0x5f, 0x72, 0x63, - 0x76, 0x5f, 0x74, 0x6d, 0x6f, 0x5f, 0x73, 0x65, 0x63, 0x18, 0x05, 0x20, 0x02, 0x28, 0x04, 0x52, - 0x0b, 0x73, 0x6f, 0x52, 0x63, 0x76, 0x54, 0x6d, 0x6f, 0x53, 0x65, 0x63, 0x12, 0x25, 0x0a, 0x0f, - 0x73, 0x6f, 0x5f, 0x72, 0x63, 0x76, 0x5f, 0x74, 0x6d, 0x6f, 0x5f, 0x75, 0x73, 0x65, 0x63, 0x18, - 0x06, 0x20, 0x02, 0x28, 0x04, 0x52, 0x0c, 0x73, 0x6f, 0x52, 0x63, 0x76, 0x54, 0x6d, 0x6f, 0x55, - 0x73, 0x65, 0x63, 0x12, 0x1c, 0x0a, 0x09, 0x72, 0x65, 0x75, 0x73, 0x65, 0x61, 0x64, 0x64, 0x72, - 0x18, 0x07, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x72, 0x65, 0x75, 0x73, 0x65, 0x61, 0x64, 0x64, - 0x72, 0x12, 0x1f, 0x0a, 0x0b, 0x73, 0x6f, 0x5f, 0x70, 0x72, 0x69, 0x6f, 0x72, 0x69, 0x74, 0x79, - 0x18, 0x08, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0a, 0x73, 0x6f, 0x50, 0x72, 0x69, 0x6f, 0x72, 0x69, - 0x74, 0x79, 0x12, 0x1f, 0x0a, 0x0b, 0x73, 0x6f, 0x5f, 0x72, 0x63, 0x76, 0x6c, 0x6f, 0x77, 0x61, - 0x74, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0a, 0x73, 0x6f, 0x52, 0x63, 0x76, 0x6c, 0x6f, - 0x77, 0x61, 0x74, 0x12, 0x17, 0x0a, 0x07, 0x73, 0x6f, 0x5f, 0x6d, 0x61, 0x72, 0x6b, 0x18, 0x0a, - 0x20, 0x01, 0x28, 0x0d, 0x52, 0x06, 0x73, 0x6f, 0x4d, 0x61, 0x72, 0x6b, 0x12, 0x1f, 0x0a, 0x0b, - 0x73, 0x6f, 0x5f, 0x70, 0x61, 0x73, 0x73, 0x63, 0x72, 0x65, 0x64, 0x18, 0x0b, 0x20, 0x01, 0x28, - 0x08, 0x52, 0x0a, 0x73, 0x6f, 0x50, 0x61, 0x73, 0x73, 0x63, 0x72, 0x65, 0x64, 0x12, 0x1d, 0x0a, - 0x0a, 0x73, 0x6f, 0x5f, 0x70, 0x61, 0x73, 0x73, 0x73, 0x65, 0x63, 0x18, 0x0c, 0x20, 0x01, 0x28, - 0x08, 0x52, 0x09, 0x73, 0x6f, 0x50, 0x61, 0x73, 0x73, 0x73, 0x65, 0x63, 0x12, 0x21, 0x0a, 0x0c, - 0x73, 0x6f, 0x5f, 0x64, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x18, 0x0d, 0x20, 0x01, - 0x28, 0x08, 0x52, 0x0b, 0x73, 0x6f, 0x44, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x12, - 0x1e, 0x0a, 0x0b, 0x73, 0x6f, 0x5f, 0x6e, 0x6f, 0x5f, 0x63, 0x68, 0x65, 0x63, 0x6b, 0x18, 0x0e, - 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x73, 0x6f, 0x4e, 0x6f, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x12, - 0x20, 0x0a, 0x0c, 0x73, 0x6f, 0x5f, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x64, 0x65, 0x76, 0x18, - 0x0f, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x73, 0x6f, 0x42, 0x6f, 0x75, 0x6e, 0x64, 0x44, 0x65, - 0x76, 0x12, 0x1b, 0x0a, 0x09, 0x73, 0x6f, 0x5f, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x18, 0x10, - 0x20, 0x03, 0x28, 0x06, 0x52, 0x08, 0x73, 0x6f, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x12, 0x21, - 0x0a, 0x0c, 0x73, 0x6f, 0x5f, 0x72, 0x65, 0x75, 0x73, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x11, - 0x20, 0x01, 0x28, 0x08, 0x52, 0x0b, 0x73, 0x6f, 0x52, 0x65, 0x75, 0x73, 0x65, 0x70, 0x6f, 0x72, - 0x74, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x6f, 0x5f, 0x62, 0x72, 0x6f, 0x61, 0x64, 0x63, 0x61, 0x73, - 0x74, 0x18, 0x12, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0b, 0x73, 0x6f, 0x42, 0x72, 0x6f, 0x61, 0x64, - 0x63, 0x61, 0x73, 0x74, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x6f, 0x5f, 0x6b, 0x65, 0x65, 0x70, 0x61, - 0x6c, 0x69, 0x76, 0x65, 0x18, 0x13, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0b, 0x73, 0x6f, 0x4b, 0x65, - 0x65, 0x70, 0x61, 0x6c, 0x69, 0x76, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x74, 0x63, 0x70, 0x5f, 0x6b, - 0x65, 0x65, 0x70, 0x63, 0x6e, 0x74, 0x18, 0x14, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0a, 0x74, 0x63, - 0x70, 0x4b, 0x65, 0x65, 0x70, 0x63, 0x6e, 0x74, 0x12, 0x21, 0x0a, 0x0c, 0x74, 0x63, 0x70, 0x5f, - 0x6b, 0x65, 0x65, 0x70, 0x69, 0x64, 0x6c, 0x65, 0x18, 0x15, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0b, - 0x74, 0x63, 0x70, 0x4b, 0x65, 0x65, 0x70, 0x69, 0x64, 0x6c, 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x74, - 0x63, 0x70, 0x5f, 0x6b, 0x65, 0x65, 0x70, 0x69, 0x6e, 0x74, 0x76, 0x6c, 0x18, 0x16, 0x20, 0x01, - 0x28, 0x0d, 0x52, 0x0c, 0x74, 0x63, 0x70, 0x4b, 0x65, 0x65, 0x70, 0x69, 0x6e, 0x74, 0x76, 0x6c, - 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x6f, 0x5f, 0x6f, 0x6f, 0x62, 0x69, 0x6e, 0x6c, 0x69, 0x6e, 0x65, - 0x18, 0x17, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0b, 0x73, 0x6f, 0x4f, 0x6f, 0x62, 0x69, 0x6e, 0x6c, - 0x69, 0x6e, 0x65, 0x12, 0x1b, 0x0a, 0x09, 0x73, 0x6f, 0x5f, 0x6c, 0x69, 0x6e, 0x67, 0x65, 0x72, - 0x18, 0x18, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x08, 0x73, 0x6f, 0x4c, 0x69, 0x6e, 0x67, 0x65, 0x72, - 0x12, 0x1e, 0x0a, 0x0b, 0x73, 0x6f, 0x5f, 0x62, 0x75, 0x66, 0x5f, 0x6c, 0x6f, 0x63, 0x6b, 0x18, - 0x19, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x09, 0x73, 0x6f, 0x42, 0x75, 0x66, 0x4c, 0x6f, 0x63, 0x6b, - 0x2a, 0x36, 0x0a, 0x0b, 0x73, 0x6b, 0x5f, 0x73, 0x68, 0x75, 0x74, 0x64, 0x6f, 0x77, 0x6e, 0x12, - 0x08, 0x0a, 0x04, 0x4e, 0x4f, 0x4e, 0x45, 0x10, 0x00, 0x12, 0x08, 0x0a, 0x04, 0x52, 0x45, 0x41, - 0x44, 0x10, 0x01, 0x12, 0x09, 0x0a, 0x05, 0x57, 0x52, 0x49, 0x54, 0x45, 0x10, 0x02, 0x12, 0x08, - 0x0a, 0x04, 0x42, 0x4f, 0x54, 0x48, 0x10, 0x03, -} - -var ( - file_sk_opts_proto_rawDescOnce sync.Once - file_sk_opts_proto_rawDescData = file_sk_opts_proto_rawDesc -) - -func file_sk_opts_proto_rawDescGZIP() []byte { - file_sk_opts_proto_rawDescOnce.Do(func() { - file_sk_opts_proto_rawDescData = protoimpl.X.CompressGZIP(file_sk_opts_proto_rawDescData) - }) - return file_sk_opts_proto_rawDescData -} - -var file_sk_opts_proto_enumTypes = make([]protoimpl.EnumInfo, 1) -var file_sk_opts_proto_msgTypes = make([]protoimpl.MessageInfo, 1) -var file_sk_opts_proto_goTypes = []interface{}{ - (SkShutdown)(0), // 0: sk_shutdown - (*SkOptsEntry)(nil), // 1: sk_opts_entry -} -var file_sk_opts_proto_depIdxs = []int32{ - 0, // [0:0] is the sub-list for method output_type - 0, // [0:0] is the sub-list for method input_type - 0, // [0:0] is the sub-list for extension type_name - 0, // [0:0] is the sub-list for extension extendee - 0, // [0:0] is the sub-list for field type_name -} - -func init() { file_sk_opts_proto_init() } -func file_sk_opts_proto_init() { - if File_sk_opts_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_sk_opts_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*SkOptsEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_sk_opts_proto_rawDesc, - NumEnums: 1, - NumMessages: 1, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_sk_opts_proto_goTypes, - DependencyIndexes: file_sk_opts_proto_depIdxs, - EnumInfos: file_sk_opts_proto_enumTypes, - MessageInfos: file_sk_opts_proto_msgTypes, - }.Build() - File_sk_opts_proto = out.File - file_sk_opts_proto_rawDesc = nil - file_sk_opts_proto_goTypes = nil - file_sk_opts_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-opts.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-opts.proto deleted file mode 100644 index 1d24d47cc7c..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-opts.proto +++ /dev/null @@ -1,43 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -message sk_opts_entry { - required uint32 so_sndbuf = 1; - required uint32 so_rcvbuf = 2; - - required uint64 so_snd_tmo_sec = 3; - required uint64 so_snd_tmo_usec = 4; - required uint64 so_rcv_tmo_sec = 5; - required uint64 so_rcv_tmo_usec = 6; - optional bool reuseaddr = 7; - - optional uint32 so_priority = 8; - optional uint32 so_rcvlowat = 9; - optional uint32 so_mark = 10; - optional bool so_passcred = 11; - optional bool so_passsec = 12; - optional bool so_dontroute = 13; - optional bool so_no_check = 14; - - optional string so_bound_dev = 15; - - repeated fixed64 so_filter = 16; - optional bool so_reuseport = 17; - optional bool so_broadcast = 18; - optional bool so_keepalive = 19; - optional uint32 tcp_keepcnt = 20; - optional uint32 tcp_keepidle = 21; - optional uint32 tcp_keepintvl = 22; - optional uint32 so_oobinline = 23; - optional uint32 so_linger = 24; - - optional uint32 so_buf_lock = 25; -} - -enum sk_shutdown { - NONE = 0; - READ = 1; - WRITE = 2; - BOTH = 3; -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-packet.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-packet.pb.go deleted file mode 100644 index 9dd7176dedd..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-packet.pb.go +++ /dev/null @@ -1,236 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: sk-packet.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type ScmEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Type *uint32 `protobuf:"varint,1,req,name=type" json:"type,omitempty"` - Rights []uint32 `protobuf:"varint,2,rep,name=rights" json:"rights,omitempty"` -} - -func (x *ScmEntry) Reset() { - *x = ScmEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_sk_packet_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ScmEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ScmEntry) ProtoMessage() {} - -func (x *ScmEntry) ProtoReflect() protoreflect.Message { - mi := &file_sk_packet_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ScmEntry.ProtoReflect.Descriptor instead. -func (*ScmEntry) Descriptor() ([]byte, []int) { - return file_sk_packet_proto_rawDescGZIP(), []int{0} -} - -func (x *ScmEntry) GetType() uint32 { - if x != nil && x.Type != nil { - return *x.Type - } - return 0 -} - -func (x *ScmEntry) GetRights() []uint32 { - if x != nil { - return x.Rights - } - return nil -} - -type SkPacketEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - IdFor *uint32 `protobuf:"varint,1,req,name=id_for,json=idFor" json:"id_for,omitempty"` - Length *uint32 `protobuf:"varint,2,req,name=length" json:"length,omitempty"` - // Reserved for message address - // optional bytes addr = 3; - Scm []*ScmEntry `protobuf:"bytes,4,rep,name=scm" json:"scm,omitempty"` -} - -func (x *SkPacketEntry) Reset() { - *x = SkPacketEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_sk_packet_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *SkPacketEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*SkPacketEntry) ProtoMessage() {} - -func (x *SkPacketEntry) ProtoReflect() protoreflect.Message { - mi := &file_sk_packet_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use SkPacketEntry.ProtoReflect.Descriptor instead. -func (*SkPacketEntry) Descriptor() ([]byte, []int) { - return file_sk_packet_proto_rawDescGZIP(), []int{1} -} - -func (x *SkPacketEntry) GetIdFor() uint32 { - if x != nil && x.IdFor != nil { - return *x.IdFor - } - return 0 -} - -func (x *SkPacketEntry) GetLength() uint32 { - if x != nil && x.Length != nil { - return *x.Length - } - return 0 -} - -func (x *SkPacketEntry) GetScm() []*ScmEntry { - if x != nil { - return x.Scm - } - return nil -} - -var File_sk_packet_proto protoreflect.FileDescriptor - -var file_sk_packet_proto_rawDesc = []byte{ - 0x0a, 0x0f, 0x73, 0x6b, 0x2d, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x22, 0x37, 0x0a, 0x09, 0x73, 0x63, 0x6d, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x12, - 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x74, 0x79, - 0x70, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x72, 0x69, 0x67, 0x68, 0x74, 0x73, 0x18, 0x02, 0x20, 0x03, - 0x28, 0x0d, 0x52, 0x06, 0x72, 0x69, 0x67, 0x68, 0x74, 0x73, 0x22, 0x5e, 0x0a, 0x0f, 0x73, 0x6b, - 0x5f, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x15, 0x0a, - 0x06, 0x69, 0x64, 0x5f, 0x66, 0x6f, 0x72, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x69, - 0x64, 0x46, 0x6f, 0x72, 0x12, 0x16, 0x0a, 0x06, 0x6c, 0x65, 0x6e, 0x67, 0x74, 0x68, 0x18, 0x02, - 0x20, 0x02, 0x28, 0x0d, 0x52, 0x06, 0x6c, 0x65, 0x6e, 0x67, 0x74, 0x68, 0x12, 0x1c, 0x0a, 0x03, - 0x73, 0x63, 0x6d, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0a, 0x2e, 0x73, 0x63, 0x6d, 0x5f, - 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x73, 0x63, 0x6d, -} - -var ( - file_sk_packet_proto_rawDescOnce sync.Once - file_sk_packet_proto_rawDescData = file_sk_packet_proto_rawDesc -) - -func file_sk_packet_proto_rawDescGZIP() []byte { - file_sk_packet_proto_rawDescOnce.Do(func() { - file_sk_packet_proto_rawDescData = protoimpl.X.CompressGZIP(file_sk_packet_proto_rawDescData) - }) - return file_sk_packet_proto_rawDescData -} - -var file_sk_packet_proto_msgTypes = make([]protoimpl.MessageInfo, 2) -var file_sk_packet_proto_goTypes = []interface{}{ - (*ScmEntry)(nil), // 0: scm_entry - (*SkPacketEntry)(nil), // 1: sk_packet_entry -} -var file_sk_packet_proto_depIdxs = []int32{ - 0, // 0: sk_packet_entry.scm:type_name -> scm_entry - 1, // [1:1] is the sub-list for method output_type - 1, // [1:1] is the sub-list for method input_type - 1, // [1:1] is the sub-list for extension type_name - 1, // [1:1] is the sub-list for extension extendee - 0, // [0:1] is the sub-list for field type_name -} - -func init() { file_sk_packet_proto_init() } -func file_sk_packet_proto_init() { - if File_sk_packet_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_sk_packet_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ScmEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_sk_packet_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*SkPacketEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_sk_packet_proto_rawDesc, - NumEnums: 0, - NumMessages: 2, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_sk_packet_proto_goTypes, - DependencyIndexes: file_sk_packet_proto_depIdxs, - MessageInfos: file_sk_packet_proto_msgTypes, - }.Build() - File_sk_packet_proto = out.File - file_sk_packet_proto_rawDesc = nil - file_sk_packet_proto_goTypes = nil - file_sk_packet_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-packet.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-packet.proto deleted file mode 100644 index b60a8870a7e..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-packet.proto +++ /dev/null @@ -1,18 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -message scm_entry { - required uint32 type = 1; - repeated uint32 rights = 2; -} - -message sk_packet_entry { - required uint32 id_for = 1; - required uint32 length = 2; - // Reserved for message address - // optional bytes addr = 3; - repeated scm_entry scm = 4; - // Reserved for ucred restore - // optional sk_ucred_entry ucred = 128; -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-unix.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-unix.pb.go deleted file mode 100644 index 068b7648f5d..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-unix.pb.go +++ /dev/null @@ -1,410 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: sk-unix.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type FilePermsEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Mode *uint32 `protobuf:"varint,1,req,name=mode" json:"mode,omitempty"` - Uid *uint32 `protobuf:"varint,2,req,name=uid" json:"uid,omitempty"` - Gid *uint32 `protobuf:"varint,3,req,name=gid" json:"gid,omitempty"` -} - -func (x *FilePermsEntry) Reset() { - *x = FilePermsEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_sk_unix_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *FilePermsEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*FilePermsEntry) ProtoMessage() {} - -func (x *FilePermsEntry) ProtoReflect() protoreflect.Message { - mi := &file_sk_unix_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use FilePermsEntry.ProtoReflect.Descriptor instead. -func (*FilePermsEntry) Descriptor() ([]byte, []int) { - return file_sk_unix_proto_rawDescGZIP(), []int{0} -} - -func (x *FilePermsEntry) GetMode() uint32 { - if x != nil && x.Mode != nil { - return *x.Mode - } - return 0 -} - -func (x *FilePermsEntry) GetUid() uint32 { - if x != nil && x.Uid != nil { - return *x.Uid - } - return 0 -} - -func (x *FilePermsEntry) GetGid() uint32 { - if x != nil && x.Gid != nil { - return *x.Gid - } - return 0 -} - -type UnixSkEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Few words about why we need both -- id and ino. - // - // The former one is used to link file descriptor from - // fdinfo image with the unix_sk_entry that should be - // opened under it. - // - // The latter one ties together unix peers -- the peer - // member on this structure is the ino one of its peer - // and simetimes vise-versa. - Id *uint32 `protobuf:"varint,1,req,name=id" json:"id,omitempty"` - Ino *uint32 `protobuf:"varint,2,req,name=ino" json:"ino,omitempty"` - Type *uint32 `protobuf:"varint,3,req,name=type" json:"type,omitempty"` - State *uint32 `protobuf:"varint,4,req,name=state" json:"state,omitempty"` - Flags *uint32 `protobuf:"varint,5,req,name=flags" json:"flags,omitempty"` - Uflags *uint32 `protobuf:"varint,6,req,name=uflags" json:"uflags,omitempty"` - Backlog *uint32 `protobuf:"varint,7,req,name=backlog" json:"backlog,omitempty"` - Peer *uint32 `protobuf:"varint,8,req,name=peer" json:"peer,omitempty"` - Fown *FownEntry `protobuf:"bytes,9,req,name=fown" json:"fown,omitempty"` - Opts *SkOptsEntry `protobuf:"bytes,10,req,name=opts" json:"opts,omitempty"` - // Abstract name may contain \0 at any point, - // so we need to carry it as byte sequence... - Name []byte `protobuf:"bytes,11,req,name=name" json:"name,omitempty"` - Shutdown *SkShutdown `protobuf:"varint,12,opt,name=shutdown,enum=SkShutdown" json:"shutdown,omitempty"` - FilePerms *FilePermsEntry `protobuf:"bytes,13,opt,name=file_perms,json=filePerms" json:"file_perms,omitempty"` - // Relative socket name may have prefix. - NameDir *string `protobuf:"bytes,14,opt,name=name_dir,json=nameDir" json:"name_dir,omitempty"` - Deleted *bool `protobuf:"varint,15,opt,name=deleted" json:"deleted,omitempty"` - NsId *uint32 `protobuf:"varint,16,opt,name=ns_id,json=nsId" json:"ns_id,omitempty"` - MntId *int32 `protobuf:"zigzag32,17,opt,name=mnt_id,json=mntId,def=-1" json:"mnt_id,omitempty"` // Please, don't use field with number 18. -} - -// Default values for UnixSkEntry fields. -const ( - Default_UnixSkEntry_MntId = int32(-1) -) - -func (x *UnixSkEntry) Reset() { - *x = UnixSkEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_sk_unix_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *UnixSkEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*UnixSkEntry) ProtoMessage() {} - -func (x *UnixSkEntry) ProtoReflect() protoreflect.Message { - mi := &file_sk_unix_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use UnixSkEntry.ProtoReflect.Descriptor instead. -func (*UnixSkEntry) Descriptor() ([]byte, []int) { - return file_sk_unix_proto_rawDescGZIP(), []int{1} -} - -func (x *UnixSkEntry) GetId() uint32 { - if x != nil && x.Id != nil { - return *x.Id - } - return 0 -} - -func (x *UnixSkEntry) GetIno() uint32 { - if x != nil && x.Ino != nil { - return *x.Ino - } - return 0 -} - -func (x *UnixSkEntry) GetType() uint32 { - if x != nil && x.Type != nil { - return *x.Type - } - return 0 -} - -func (x *UnixSkEntry) GetState() uint32 { - if x != nil && x.State != nil { - return *x.State - } - return 0 -} - -func (x *UnixSkEntry) GetFlags() uint32 { - if x != nil && x.Flags != nil { - return *x.Flags - } - return 0 -} - -func (x *UnixSkEntry) GetUflags() uint32 { - if x != nil && x.Uflags != nil { - return *x.Uflags - } - return 0 -} - -func (x *UnixSkEntry) GetBacklog() uint32 { - if x != nil && x.Backlog != nil { - return *x.Backlog - } - return 0 -} - -func (x *UnixSkEntry) GetPeer() uint32 { - if x != nil && x.Peer != nil { - return *x.Peer - } - return 0 -} - -func (x *UnixSkEntry) GetFown() *FownEntry { - if x != nil { - return x.Fown - } - return nil -} - -func (x *UnixSkEntry) GetOpts() *SkOptsEntry { - if x != nil { - return x.Opts - } - return nil -} - -func (x *UnixSkEntry) GetName() []byte { - if x != nil { - return x.Name - } - return nil -} - -func (x *UnixSkEntry) GetShutdown() SkShutdown { - if x != nil && x.Shutdown != nil { - return *x.Shutdown - } - return SkShutdown_NONE -} - -func (x *UnixSkEntry) GetFilePerms() *FilePermsEntry { - if x != nil { - return x.FilePerms - } - return nil -} - -func (x *UnixSkEntry) GetNameDir() string { - if x != nil && x.NameDir != nil { - return *x.NameDir - } - return "" -} - -func (x *UnixSkEntry) GetDeleted() bool { - if x != nil && x.Deleted != nil { - return *x.Deleted - } - return false -} - -func (x *UnixSkEntry) GetNsId() uint32 { - if x != nil && x.NsId != nil { - return *x.NsId - } - return 0 -} - -func (x *UnixSkEntry) GetMntId() int32 { - if x != nil && x.MntId != nil { - return *x.MntId - } - return Default_UnixSkEntry_MntId -} - -var File_sk_unix_proto protoreflect.FileDescriptor - -var file_sk_unix_proto_rawDesc = []byte{ - 0x0a, 0x0d, 0x73, 0x6b, 0x2d, 0x75, 0x6e, 0x69, 0x78, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, - 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x66, 0x6f, 0x77, - 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0d, 0x73, 0x6b, 0x2d, 0x6f, 0x70, 0x74, 0x73, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x4a, 0x0a, 0x10, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x70, - 0x65, 0x72, 0x6d, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x6d, 0x6f, - 0x64, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x10, - 0x0a, 0x03, 0x75, 0x69, 0x64, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, 0x75, 0x69, 0x64, - 0x12, 0x10, 0x0a, 0x03, 0x67, 0x69, 0x64, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, 0x67, - 0x69, 0x64, 0x22, 0x81, 0x04, 0x0a, 0x0d, 0x75, 0x6e, 0x69, 0x78, 0x5f, 0x73, 0x6b, 0x5f, 0x65, - 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, - 0x52, 0x02, 0x69, 0x64, 0x12, 0x10, 0x0a, 0x03, 0x69, 0x6e, 0x6f, 0x18, 0x02, 0x20, 0x02, 0x28, - 0x0d, 0x52, 0x03, 0x69, 0x6e, 0x6f, 0x12, 0x1b, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, - 0x20, 0x02, 0x28, 0x0d, 0x42, 0x07, 0xd2, 0x3f, 0x04, 0x32, 0x02, 0x73, 0x6b, 0x52, 0x04, 0x74, - 0x79, 0x70, 0x65, 0x12, 0x1d, 0x0a, 0x05, 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x04, 0x20, 0x02, - 0x28, 0x0d, 0x42, 0x07, 0xd2, 0x3f, 0x04, 0x32, 0x02, 0x73, 0x6b, 0x52, 0x05, 0x73, 0x74, 0x61, - 0x74, 0x65, 0x12, 0x1b, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x05, 0x20, 0x02, 0x28, - 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, - 0x1d, 0x0a, 0x06, 0x75, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x06, 0x20, 0x02, 0x28, 0x0d, 0x42, - 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x06, 0x75, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x18, - 0x0a, 0x07, 0x62, 0x61, 0x63, 0x6b, 0x6c, 0x6f, 0x67, 0x18, 0x07, 0x20, 0x02, 0x28, 0x0d, 0x52, - 0x07, 0x62, 0x61, 0x63, 0x6b, 0x6c, 0x6f, 0x67, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x65, 0x65, 0x72, - 0x18, 0x08, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x70, 0x65, 0x65, 0x72, 0x12, 0x1f, 0x0a, 0x04, - 0x66, 0x6f, 0x77, 0x6e, 0x18, 0x09, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x0b, 0x2e, 0x66, 0x6f, 0x77, - 0x6e, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x12, 0x22, 0x0a, - 0x04, 0x6f, 0x70, 0x74, 0x73, 0x18, 0x0a, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x73, 0x6b, - 0x5f, 0x6f, 0x70, 0x74, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x6f, 0x70, 0x74, - 0x73, 0x12, 0x22, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x0b, 0x20, 0x02, 0x28, 0x0c, 0x42, - 0x0e, 0xd2, 0x3f, 0x0b, 0x3a, 0x09, 0x75, 0x6e, 0x69, 0x78, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x52, - 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x28, 0x0a, 0x08, 0x73, 0x68, 0x75, 0x74, 0x64, 0x6f, 0x77, - 0x6e, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x0c, 0x2e, 0x73, 0x6b, 0x5f, 0x73, 0x68, 0x75, - 0x74, 0x64, 0x6f, 0x77, 0x6e, 0x52, 0x08, 0x73, 0x68, 0x75, 0x74, 0x64, 0x6f, 0x77, 0x6e, 0x12, - 0x30, 0x0a, 0x0a, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x70, 0x65, 0x72, 0x6d, 0x73, 0x18, 0x0d, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x70, 0x65, 0x72, 0x6d, 0x73, - 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x09, 0x66, 0x69, 0x6c, 0x65, 0x50, 0x65, 0x72, 0x6d, - 0x73, 0x12, 0x19, 0x0a, 0x08, 0x6e, 0x61, 0x6d, 0x65, 0x5f, 0x64, 0x69, 0x72, 0x18, 0x0e, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x07, 0x6e, 0x61, 0x6d, 0x65, 0x44, 0x69, 0x72, 0x12, 0x18, 0x0a, 0x07, - 0x64, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x64, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x64, - 0x65, 0x6c, 0x65, 0x74, 0x65, 0x64, 0x12, 0x13, 0x0a, 0x05, 0x6e, 0x73, 0x5f, 0x69, 0x64, 0x18, - 0x10, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x04, 0x6e, 0x73, 0x49, 0x64, 0x12, 0x19, 0x0a, 0x06, 0x6d, - 0x6e, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x11, 0x20, 0x01, 0x28, 0x11, 0x3a, 0x02, 0x2d, 0x31, 0x52, - 0x05, 0x6d, 0x6e, 0x74, 0x49, 0x64, -} - -var ( - file_sk_unix_proto_rawDescOnce sync.Once - file_sk_unix_proto_rawDescData = file_sk_unix_proto_rawDesc -) - -func file_sk_unix_proto_rawDescGZIP() []byte { - file_sk_unix_proto_rawDescOnce.Do(func() { - file_sk_unix_proto_rawDescData = protoimpl.X.CompressGZIP(file_sk_unix_proto_rawDescData) - }) - return file_sk_unix_proto_rawDescData -} - -var file_sk_unix_proto_msgTypes = make([]protoimpl.MessageInfo, 2) -var file_sk_unix_proto_goTypes = []interface{}{ - (*FilePermsEntry)(nil), // 0: file_perms_entry - (*UnixSkEntry)(nil), // 1: unix_sk_entry - (*FownEntry)(nil), // 2: fown_entry - (*SkOptsEntry)(nil), // 3: sk_opts_entry - (SkShutdown)(0), // 4: sk_shutdown -} -var file_sk_unix_proto_depIdxs = []int32{ - 2, // 0: unix_sk_entry.fown:type_name -> fown_entry - 3, // 1: unix_sk_entry.opts:type_name -> sk_opts_entry - 4, // 2: unix_sk_entry.shutdown:type_name -> sk_shutdown - 0, // 3: unix_sk_entry.file_perms:type_name -> file_perms_entry - 4, // [4:4] is the sub-list for method output_type - 4, // [4:4] is the sub-list for method input_type - 4, // [4:4] is the sub-list for extension type_name - 4, // [4:4] is the sub-list for extension extendee - 0, // [0:4] is the sub-list for field type_name -} - -func init() { file_sk_unix_proto_init() } -func file_sk_unix_proto_init() { - if File_sk_unix_proto != nil { - return - } - file_opts_proto_init() - file_fown_proto_init() - file_sk_opts_proto_init() - if !protoimpl.UnsafeEnabled { - file_sk_unix_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*FilePermsEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_sk_unix_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*UnixSkEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_sk_unix_proto_rawDesc, - NumEnums: 0, - NumMessages: 2, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_sk_unix_proto_goTypes, - DependencyIndexes: file_sk_unix_proto_depIdxs, - MessageInfos: file_sk_unix_proto_msgTypes, - }.Build() - File_sk_unix_proto = out.File - file_sk_unix_proto_rawDesc = nil - file_sk_unix_proto_goTypes = nil - file_sk_unix_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-unix.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-unix.proto deleted file mode 100644 index 8ddbccde00e..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sk-unix.proto +++ /dev/null @@ -1,57 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -import "opts.proto"; -import "fown.proto"; -import "sk-opts.proto"; - -message file_perms_entry { - required uint32 mode = 1; - required uint32 uid = 2; - required uint32 gid = 3; -} - -message unix_sk_entry { - /* - * Few words about why we need both -- id and ino. - * - * The former one is used to link file descriptor from - * fdinfo image with the unix_sk_entry that should be - * opened under it. - * - * The latter one ties together unix peers -- the peer - * member on this structure is the ino one of its peer - * and simetimes vise-versa. - */ - required uint32 id = 1; - required uint32 ino = 2; - required uint32 type = 3 [(criu).dict = "sk"]; - required uint32 state = 4 [(criu).dict = "sk"]; - required uint32 flags = 5 [(criu).hex = true]; - required uint32 uflags = 6 [(criu).hex = true]; - required uint32 backlog = 7; - required uint32 peer = 8; - required fown_entry fown = 9; - required sk_opts_entry opts = 10; - - /* - * Abstract name may contain \0 at any point, - * so we need to carry it as byte sequence... - */ - required bytes name = 11 [(criu).conv = "unix_name"]; - - optional sk_shutdown shutdown = 12; - - optional file_perms_entry file_perms = 13; - - /* - * Relative socket name may have prefix. - */ - optional string name_dir = 14; - optional bool deleted = 15; - - optional uint32 ns_id = 16; - optional sint32 mnt_id = 17 [default = -1]; - /* Please, don't use field with number 18. */ -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/stats.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/stats.pb.go deleted file mode 100644 index c5a9c9d5abc..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/stats.pb.go +++ /dev/null @@ -1,461 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: stats.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -// This one contains statistics about dump/restore process -type DumpStatsEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - FreezingTime *uint32 `protobuf:"varint,1,req,name=freezing_time,json=freezingTime" json:"freezing_time,omitempty"` - FrozenTime *uint32 `protobuf:"varint,2,req,name=frozen_time,json=frozenTime" json:"frozen_time,omitempty"` - MemdumpTime *uint32 `protobuf:"varint,3,req,name=memdump_time,json=memdumpTime" json:"memdump_time,omitempty"` - MemwriteTime *uint32 `protobuf:"varint,4,req,name=memwrite_time,json=memwriteTime" json:"memwrite_time,omitempty"` - PagesScanned *uint64 `protobuf:"varint,5,req,name=pages_scanned,json=pagesScanned" json:"pages_scanned,omitempty"` - PagesSkippedParent *uint64 `protobuf:"varint,6,req,name=pages_skipped_parent,json=pagesSkippedParent" json:"pages_skipped_parent,omitempty"` - PagesWritten *uint64 `protobuf:"varint,7,req,name=pages_written,json=pagesWritten" json:"pages_written,omitempty"` - IrmapResolve *uint32 `protobuf:"varint,8,opt,name=irmap_resolve,json=irmapResolve" json:"irmap_resolve,omitempty"` - PagesLazy *uint64 `protobuf:"varint,9,req,name=pages_lazy,json=pagesLazy" json:"pages_lazy,omitempty"` - PagePipes *uint64 `protobuf:"varint,10,opt,name=page_pipes,json=pagePipes" json:"page_pipes,omitempty"` - PagePipeBufs *uint64 `protobuf:"varint,11,opt,name=page_pipe_bufs,json=pagePipeBufs" json:"page_pipe_bufs,omitempty"` - ShpagesScanned *uint64 `protobuf:"varint,12,opt,name=shpages_scanned,json=shpagesScanned" json:"shpages_scanned,omitempty"` - ShpagesSkippedParent *uint64 `protobuf:"varint,13,opt,name=shpages_skipped_parent,json=shpagesSkippedParent" json:"shpages_skipped_parent,omitempty"` - ShpagesWritten *uint64 `protobuf:"varint,14,opt,name=shpages_written,json=shpagesWritten" json:"shpages_written,omitempty"` -} - -func (x *DumpStatsEntry) Reset() { - *x = DumpStatsEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_stats_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *DumpStatsEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*DumpStatsEntry) ProtoMessage() {} - -func (x *DumpStatsEntry) ProtoReflect() protoreflect.Message { - mi := &file_stats_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use DumpStatsEntry.ProtoReflect.Descriptor instead. -func (*DumpStatsEntry) Descriptor() ([]byte, []int) { - return file_stats_proto_rawDescGZIP(), []int{0} -} - -func (x *DumpStatsEntry) GetFreezingTime() uint32 { - if x != nil && x.FreezingTime != nil { - return *x.FreezingTime - } - return 0 -} - -func (x *DumpStatsEntry) GetFrozenTime() uint32 { - if x != nil && x.FrozenTime != nil { - return *x.FrozenTime - } - return 0 -} - -func (x *DumpStatsEntry) GetMemdumpTime() uint32 { - if x != nil && x.MemdumpTime != nil { - return *x.MemdumpTime - } - return 0 -} - -func (x *DumpStatsEntry) GetMemwriteTime() uint32 { - if x != nil && x.MemwriteTime != nil { - return *x.MemwriteTime - } - return 0 -} - -func (x *DumpStatsEntry) GetPagesScanned() uint64 { - if x != nil && x.PagesScanned != nil { - return *x.PagesScanned - } - return 0 -} - -func (x *DumpStatsEntry) GetPagesSkippedParent() uint64 { - if x != nil && x.PagesSkippedParent != nil { - return *x.PagesSkippedParent - } - return 0 -} - -func (x *DumpStatsEntry) GetPagesWritten() uint64 { - if x != nil && x.PagesWritten != nil { - return *x.PagesWritten - } - return 0 -} - -func (x *DumpStatsEntry) GetIrmapResolve() uint32 { - if x != nil && x.IrmapResolve != nil { - return *x.IrmapResolve - } - return 0 -} - -func (x *DumpStatsEntry) GetPagesLazy() uint64 { - if x != nil && x.PagesLazy != nil { - return *x.PagesLazy - } - return 0 -} - -func (x *DumpStatsEntry) GetPagePipes() uint64 { - if x != nil && x.PagePipes != nil { - return *x.PagePipes - } - return 0 -} - -func (x *DumpStatsEntry) GetPagePipeBufs() uint64 { - if x != nil && x.PagePipeBufs != nil { - return *x.PagePipeBufs - } - return 0 -} - -func (x *DumpStatsEntry) GetShpagesScanned() uint64 { - if x != nil && x.ShpagesScanned != nil { - return *x.ShpagesScanned - } - return 0 -} - -func (x *DumpStatsEntry) GetShpagesSkippedParent() uint64 { - if x != nil && x.ShpagesSkippedParent != nil { - return *x.ShpagesSkippedParent - } - return 0 -} - -func (x *DumpStatsEntry) GetShpagesWritten() uint64 { - if x != nil && x.ShpagesWritten != nil { - return *x.ShpagesWritten - } - return 0 -} - -type RestoreStatsEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - PagesCompared *uint64 `protobuf:"varint,1,req,name=pages_compared,json=pagesCompared" json:"pages_compared,omitempty"` - PagesSkippedCow *uint64 `protobuf:"varint,2,req,name=pages_skipped_cow,json=pagesSkippedCow" json:"pages_skipped_cow,omitempty"` - ForkingTime *uint32 `protobuf:"varint,3,req,name=forking_time,json=forkingTime" json:"forking_time,omitempty"` - RestoreTime *uint32 `protobuf:"varint,4,req,name=restore_time,json=restoreTime" json:"restore_time,omitempty"` - PagesRestored *uint64 `protobuf:"varint,5,opt,name=pages_restored,json=pagesRestored" json:"pages_restored,omitempty"` -} - -func (x *RestoreStatsEntry) Reset() { - *x = RestoreStatsEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_stats_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *RestoreStatsEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*RestoreStatsEntry) ProtoMessage() {} - -func (x *RestoreStatsEntry) ProtoReflect() protoreflect.Message { - mi := &file_stats_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use RestoreStatsEntry.ProtoReflect.Descriptor instead. -func (*RestoreStatsEntry) Descriptor() ([]byte, []int) { - return file_stats_proto_rawDescGZIP(), []int{1} -} - -func (x *RestoreStatsEntry) GetPagesCompared() uint64 { - if x != nil && x.PagesCompared != nil { - return *x.PagesCompared - } - return 0 -} - -func (x *RestoreStatsEntry) GetPagesSkippedCow() uint64 { - if x != nil && x.PagesSkippedCow != nil { - return *x.PagesSkippedCow - } - return 0 -} - -func (x *RestoreStatsEntry) GetForkingTime() uint32 { - if x != nil && x.ForkingTime != nil { - return *x.ForkingTime - } - return 0 -} - -func (x *RestoreStatsEntry) GetRestoreTime() uint32 { - if x != nil && x.RestoreTime != nil { - return *x.RestoreTime - } - return 0 -} - -func (x *RestoreStatsEntry) GetPagesRestored() uint64 { - if x != nil && x.PagesRestored != nil { - return *x.PagesRestored - } - return 0 -} - -type StatsEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Dump *DumpStatsEntry `protobuf:"bytes,1,opt,name=dump" json:"dump,omitempty"` - Restore *RestoreStatsEntry `protobuf:"bytes,2,opt,name=restore" json:"restore,omitempty"` -} - -func (x *StatsEntry) Reset() { - *x = StatsEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_stats_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *StatsEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*StatsEntry) ProtoMessage() {} - -func (x *StatsEntry) ProtoReflect() protoreflect.Message { - mi := &file_stats_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use StatsEntry.ProtoReflect.Descriptor instead. -func (*StatsEntry) Descriptor() ([]byte, []int) { - return file_stats_proto_rawDescGZIP(), []int{2} -} - -func (x *StatsEntry) GetDump() *DumpStatsEntry { - if x != nil { - return x.Dump - } - return nil -} - -func (x *StatsEntry) GetRestore() *RestoreStatsEntry { - if x != nil { - return x.Restore - } - return nil -} - -var File_stats_proto protoreflect.FileDescriptor - -var file_stats_proto_rawDesc = []byte{ - 0x0a, 0x0b, 0x73, 0x74, 0x61, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xad, 0x04, - 0x0a, 0x10, 0x64, 0x75, 0x6d, 0x70, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x73, 0x5f, 0x65, 0x6e, 0x74, - 0x72, 0x79, 0x12, 0x23, 0x0a, 0x0d, 0x66, 0x72, 0x65, 0x65, 0x7a, 0x69, 0x6e, 0x67, 0x5f, 0x74, - 0x69, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x0c, 0x66, 0x72, 0x65, 0x65, 0x7a, - 0x69, 0x6e, 0x67, 0x54, 0x69, 0x6d, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x66, 0x72, 0x6f, 0x7a, 0x65, - 0x6e, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x0a, 0x66, 0x72, - 0x6f, 0x7a, 0x65, 0x6e, 0x54, 0x69, 0x6d, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x6d, 0x65, 0x6d, 0x64, - 0x75, 0x6d, 0x70, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x0b, - 0x6d, 0x65, 0x6d, 0x64, 0x75, 0x6d, 0x70, 0x54, 0x69, 0x6d, 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x6d, - 0x65, 0x6d, 0x77, 0x72, 0x69, 0x74, 0x65, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x04, 0x20, 0x02, - 0x28, 0x0d, 0x52, 0x0c, 0x6d, 0x65, 0x6d, 0x77, 0x72, 0x69, 0x74, 0x65, 0x54, 0x69, 0x6d, 0x65, - 0x12, 0x23, 0x0a, 0x0d, 0x70, 0x61, 0x67, 0x65, 0x73, 0x5f, 0x73, 0x63, 0x61, 0x6e, 0x6e, 0x65, - 0x64, 0x18, 0x05, 0x20, 0x02, 0x28, 0x04, 0x52, 0x0c, 0x70, 0x61, 0x67, 0x65, 0x73, 0x53, 0x63, - 0x61, 0x6e, 0x6e, 0x65, 0x64, 0x12, 0x30, 0x0a, 0x14, 0x70, 0x61, 0x67, 0x65, 0x73, 0x5f, 0x73, - 0x6b, 0x69, 0x70, 0x70, 0x65, 0x64, 0x5f, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x18, 0x06, 0x20, - 0x02, 0x28, 0x04, 0x52, 0x12, 0x70, 0x61, 0x67, 0x65, 0x73, 0x53, 0x6b, 0x69, 0x70, 0x70, 0x65, - 0x64, 0x50, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x12, 0x23, 0x0a, 0x0d, 0x70, 0x61, 0x67, 0x65, 0x73, - 0x5f, 0x77, 0x72, 0x69, 0x74, 0x74, 0x65, 0x6e, 0x18, 0x07, 0x20, 0x02, 0x28, 0x04, 0x52, 0x0c, - 0x70, 0x61, 0x67, 0x65, 0x73, 0x57, 0x72, 0x69, 0x74, 0x74, 0x65, 0x6e, 0x12, 0x23, 0x0a, 0x0d, - 0x69, 0x72, 0x6d, 0x61, 0x70, 0x5f, 0x72, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x18, 0x08, 0x20, - 0x01, 0x28, 0x0d, 0x52, 0x0c, 0x69, 0x72, 0x6d, 0x61, 0x70, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, - 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x70, 0x61, 0x67, 0x65, 0x73, 0x5f, 0x6c, 0x61, 0x7a, 0x79, 0x18, - 0x09, 0x20, 0x02, 0x28, 0x04, 0x52, 0x09, 0x70, 0x61, 0x67, 0x65, 0x73, 0x4c, 0x61, 0x7a, 0x79, - 0x12, 0x1d, 0x0a, 0x0a, 0x70, 0x61, 0x67, 0x65, 0x5f, 0x70, 0x69, 0x70, 0x65, 0x73, 0x18, 0x0a, - 0x20, 0x01, 0x28, 0x04, 0x52, 0x09, 0x70, 0x61, 0x67, 0x65, 0x50, 0x69, 0x70, 0x65, 0x73, 0x12, - 0x24, 0x0a, 0x0e, 0x70, 0x61, 0x67, 0x65, 0x5f, 0x70, 0x69, 0x70, 0x65, 0x5f, 0x62, 0x75, 0x66, - 0x73, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0c, 0x70, 0x61, 0x67, 0x65, 0x50, 0x69, 0x70, - 0x65, 0x42, 0x75, 0x66, 0x73, 0x12, 0x27, 0x0a, 0x0f, 0x73, 0x68, 0x70, 0x61, 0x67, 0x65, 0x73, - 0x5f, 0x73, 0x63, 0x61, 0x6e, 0x6e, 0x65, 0x64, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0e, - 0x73, 0x68, 0x70, 0x61, 0x67, 0x65, 0x73, 0x53, 0x63, 0x61, 0x6e, 0x6e, 0x65, 0x64, 0x12, 0x34, - 0x0a, 0x16, 0x73, 0x68, 0x70, 0x61, 0x67, 0x65, 0x73, 0x5f, 0x73, 0x6b, 0x69, 0x70, 0x70, 0x65, - 0x64, 0x5f, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x04, 0x52, 0x14, - 0x73, 0x68, 0x70, 0x61, 0x67, 0x65, 0x73, 0x53, 0x6b, 0x69, 0x70, 0x70, 0x65, 0x64, 0x50, 0x61, - 0x72, 0x65, 0x6e, 0x74, 0x12, 0x27, 0x0a, 0x0f, 0x73, 0x68, 0x70, 0x61, 0x67, 0x65, 0x73, 0x5f, - 0x77, 0x72, 0x69, 0x74, 0x74, 0x65, 0x6e, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0e, 0x73, - 0x68, 0x70, 0x61, 0x67, 0x65, 0x73, 0x57, 0x72, 0x69, 0x74, 0x74, 0x65, 0x6e, 0x22, 0xd5, 0x01, - 0x0a, 0x13, 0x72, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x73, 0x5f, - 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x25, 0x0a, 0x0e, 0x70, 0x61, 0x67, 0x65, 0x73, 0x5f, 0x63, - 0x6f, 0x6d, 0x70, 0x61, 0x72, 0x65, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x52, 0x0d, 0x70, - 0x61, 0x67, 0x65, 0x73, 0x43, 0x6f, 0x6d, 0x70, 0x61, 0x72, 0x65, 0x64, 0x12, 0x2a, 0x0a, 0x11, - 0x70, 0x61, 0x67, 0x65, 0x73, 0x5f, 0x73, 0x6b, 0x69, 0x70, 0x70, 0x65, 0x64, 0x5f, 0x63, 0x6f, - 0x77, 0x18, 0x02, 0x20, 0x02, 0x28, 0x04, 0x52, 0x0f, 0x70, 0x61, 0x67, 0x65, 0x73, 0x53, 0x6b, - 0x69, 0x70, 0x70, 0x65, 0x64, 0x43, 0x6f, 0x77, 0x12, 0x21, 0x0a, 0x0c, 0x66, 0x6f, 0x72, 0x6b, - 0x69, 0x6e, 0x67, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x0b, - 0x66, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x54, 0x69, 0x6d, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x72, - 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x04, 0x20, 0x02, 0x28, - 0x0d, 0x52, 0x0b, 0x72, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x54, 0x69, 0x6d, 0x65, 0x12, 0x25, - 0x0a, 0x0e, 0x70, 0x61, 0x67, 0x65, 0x73, 0x5f, 0x72, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x64, - 0x18, 0x05, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0d, 0x70, 0x61, 0x67, 0x65, 0x73, 0x52, 0x65, 0x73, - 0x74, 0x6f, 0x72, 0x65, 0x64, 0x22, 0x64, 0x0a, 0x0b, 0x73, 0x74, 0x61, 0x74, 0x73, 0x5f, 0x65, - 0x6e, 0x74, 0x72, 0x79, 0x12, 0x25, 0x0a, 0x04, 0x64, 0x75, 0x6d, 0x70, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x64, 0x75, 0x6d, 0x70, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x73, 0x5f, - 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x64, 0x75, 0x6d, 0x70, 0x12, 0x2e, 0x0a, 0x07, 0x72, - 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x72, - 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x73, 0x5f, 0x65, 0x6e, 0x74, - 0x72, 0x79, 0x52, 0x07, 0x72, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, -} - -var ( - file_stats_proto_rawDescOnce sync.Once - file_stats_proto_rawDescData = file_stats_proto_rawDesc -) - -func file_stats_proto_rawDescGZIP() []byte { - file_stats_proto_rawDescOnce.Do(func() { - file_stats_proto_rawDescData = protoimpl.X.CompressGZIP(file_stats_proto_rawDescData) - }) - return file_stats_proto_rawDescData -} - -var file_stats_proto_msgTypes = make([]protoimpl.MessageInfo, 3) -var file_stats_proto_goTypes = []interface{}{ - (*DumpStatsEntry)(nil), // 0: dump_stats_entry - (*RestoreStatsEntry)(nil), // 1: restore_stats_entry - (*StatsEntry)(nil), // 2: stats_entry -} -var file_stats_proto_depIdxs = []int32{ - 0, // 0: stats_entry.dump:type_name -> dump_stats_entry - 1, // 1: stats_entry.restore:type_name -> restore_stats_entry - 2, // [2:2] is the sub-list for method output_type - 2, // [2:2] is the sub-list for method input_type - 2, // [2:2] is the sub-list for extension type_name - 2, // [2:2] is the sub-list for extension extendee - 0, // [0:2] is the sub-list for field type_name -} - -func init() { file_stats_proto_init() } -func file_stats_proto_init() { - if File_stats_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_stats_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*DumpStatsEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_stats_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*RestoreStatsEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_stats_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*StatsEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_stats_proto_rawDesc, - NumEnums: 0, - NumMessages: 3, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_stats_proto_goTypes, - DependencyIndexes: file_stats_proto_depIdxs, - MessageInfos: file_stats_proto_msgTypes, - }.Build() - File_stats_proto = out.File - file_stats_proto_rawDesc = nil - file_stats_proto_goTypes = nil - file_stats_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/stats.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/stats.proto deleted file mode 100644 index 64e46181dad..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/stats.proto +++ /dev/null @@ -1,40 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -// This one contains statistics about dump/restore process -message dump_stats_entry { - required uint32 freezing_time = 1; - required uint32 frozen_time = 2; - required uint32 memdump_time = 3; - required uint32 memwrite_time = 4; - - required uint64 pages_scanned = 5; - required uint64 pages_skipped_parent = 6; - required uint64 pages_written = 7; - - optional uint32 irmap_resolve = 8; - - required uint64 pages_lazy = 9; - optional uint64 page_pipes = 10; - optional uint64 page_pipe_bufs = 11; - - optional uint64 shpages_scanned = 12; - optional uint64 shpages_skipped_parent = 13; - optional uint64 shpages_written = 14; -} - -message restore_stats_entry { - required uint64 pages_compared = 1; - required uint64 pages_skipped_cow = 2; - - required uint32 forking_time = 3; - required uint32 restore_time = 4; - - optional uint64 pages_restored = 5; -} - -message stats_entry { - optional dump_stats_entry dump = 1; - optional restore_stats_entry restore = 2; -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sysctl.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sysctl.pb.go deleted file mode 100644 index ec4819c4f6c..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sysctl.pb.go +++ /dev/null @@ -1,223 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: sysctl.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type SysctlType int32 - -const ( - SysctlType_CTL_STR SysctlType = 5 - SysctlType_CTL_32 SysctlType = 6 -) - -// Enum value maps for SysctlType. -var ( - SysctlType_name = map[int32]string{ - 5: "CTL_STR", - 6: "CTL_32", - } - SysctlType_value = map[string]int32{ - "CTL_STR": 5, - "CTL_32": 6, - } -) - -func (x SysctlType) Enum() *SysctlType { - p := new(SysctlType) - *p = x - return p -} - -func (x SysctlType) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (SysctlType) Descriptor() protoreflect.EnumDescriptor { - return file_sysctl_proto_enumTypes[0].Descriptor() -} - -func (SysctlType) Type() protoreflect.EnumType { - return &file_sysctl_proto_enumTypes[0] -} - -func (x SysctlType) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Do not use. -func (x *SysctlType) UnmarshalJSON(b []byte) error { - num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b) - if err != nil { - return err - } - *x = SysctlType(num) - return nil -} - -// Deprecated: Use SysctlType.Descriptor instead. -func (SysctlType) EnumDescriptor() ([]byte, []int) { - return file_sysctl_proto_rawDescGZIP(), []int{0} -} - -type SysctlEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Type *SysctlType `protobuf:"varint,1,req,name=type,enum=SysctlType" json:"type,omitempty"` - Iarg *int32 `protobuf:"varint,2,opt,name=iarg" json:"iarg,omitempty"` - Sarg *string `protobuf:"bytes,3,opt,name=sarg" json:"sarg,omitempty"` -} - -func (x *SysctlEntry) Reset() { - *x = SysctlEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_sysctl_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *SysctlEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*SysctlEntry) ProtoMessage() {} - -func (x *SysctlEntry) ProtoReflect() protoreflect.Message { - mi := &file_sysctl_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use SysctlEntry.ProtoReflect.Descriptor instead. -func (*SysctlEntry) Descriptor() ([]byte, []int) { - return file_sysctl_proto_rawDescGZIP(), []int{0} -} - -func (x *SysctlEntry) GetType() SysctlType { - if x != nil && x.Type != nil { - return *x.Type - } - return SysctlType_CTL_STR -} - -func (x *SysctlEntry) GetIarg() int32 { - if x != nil && x.Iarg != nil { - return *x.Iarg - } - return 0 -} - -func (x *SysctlEntry) GetSarg() string { - if x != nil && x.Sarg != nil { - return *x.Sarg - } - return "" -} - -var File_sysctl_proto protoreflect.FileDescriptor - -var file_sysctl_proto_rawDesc = []byte{ - 0x0a, 0x0c, 0x73, 0x79, 0x73, 0x63, 0x74, 0x6c, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x57, - 0x0a, 0x0c, 0x73, 0x79, 0x73, 0x63, 0x74, 0x6c, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x1f, - 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0e, 0x32, 0x0b, 0x2e, 0x53, - 0x79, 0x73, 0x63, 0x74, 0x6c, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, - 0x12, 0x0a, 0x04, 0x69, 0x61, 0x72, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x04, 0x69, - 0x61, 0x72, 0x67, 0x12, 0x12, 0x0a, 0x04, 0x73, 0x61, 0x72, 0x67, 0x18, 0x03, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x04, 0x73, 0x61, 0x72, 0x67, 0x2a, 0x25, 0x0a, 0x0a, 0x53, 0x79, 0x73, 0x63, 0x74, - 0x6c, 0x54, 0x79, 0x70, 0x65, 0x12, 0x0b, 0x0a, 0x07, 0x43, 0x54, 0x4c, 0x5f, 0x53, 0x54, 0x52, - 0x10, 0x05, 0x12, 0x0a, 0x0a, 0x06, 0x43, 0x54, 0x4c, 0x5f, 0x33, 0x32, 0x10, 0x06, -} - -var ( - file_sysctl_proto_rawDescOnce sync.Once - file_sysctl_proto_rawDescData = file_sysctl_proto_rawDesc -) - -func file_sysctl_proto_rawDescGZIP() []byte { - file_sysctl_proto_rawDescOnce.Do(func() { - file_sysctl_proto_rawDescData = protoimpl.X.CompressGZIP(file_sysctl_proto_rawDescData) - }) - return file_sysctl_proto_rawDescData -} - -var file_sysctl_proto_enumTypes = make([]protoimpl.EnumInfo, 1) -var file_sysctl_proto_msgTypes = make([]protoimpl.MessageInfo, 1) -var file_sysctl_proto_goTypes = []interface{}{ - (SysctlType)(0), // 0: SysctlType - (*SysctlEntry)(nil), // 1: sysctl_entry -} -var file_sysctl_proto_depIdxs = []int32{ - 0, // 0: sysctl_entry.type:type_name -> SysctlType - 1, // [1:1] is the sub-list for method output_type - 1, // [1:1] is the sub-list for method input_type - 1, // [1:1] is the sub-list for extension type_name - 1, // [1:1] is the sub-list for extension extendee - 0, // [0:1] is the sub-list for field type_name -} - -func init() { file_sysctl_proto_init() } -func file_sysctl_proto_init() { - if File_sysctl_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_sysctl_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*SysctlEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_sysctl_proto_rawDesc, - NumEnums: 1, - NumMessages: 1, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_sysctl_proto_goTypes, - DependencyIndexes: file_sysctl_proto_depIdxs, - EnumInfos: file_sysctl_proto_enumTypes, - MessageInfos: file_sysctl_proto_msgTypes, - }.Build() - File_sysctl_proto = out.File - file_sysctl_proto_rawDesc = nil - file_sysctl_proto_goTypes = nil - file_sysctl_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sysctl.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sysctl.proto deleted file mode 100644 index 0922b87ab00..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/sysctl.proto +++ /dev/null @@ -1,15 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -enum SysctlType { - CTL_STR = 5; - CTL_32 = 6; -} - -message sysctl_entry { - required SysctlType type = 1; - - optional int32 iarg = 2; - optional string sarg = 3; -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tcp-stream.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tcp-stream.pb.go deleted file mode 100644 index 3e173d1c4be..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tcp-stream.pb.go +++ /dev/null @@ -1,300 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: tcp-stream.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type TcpStreamEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - InqLen *uint32 `protobuf:"varint,1,req,name=inq_len,json=inqLen" json:"inq_len,omitempty"` - InqSeq *uint32 `protobuf:"varint,2,req,name=inq_seq,json=inqSeq" json:"inq_seq,omitempty"` - OutqLen *uint32 `protobuf:"varint,3,req,name=outq_len,json=outqLen" json:"outq_len,omitempty"` // unsent and sent data in the send queue - OutqSeq *uint32 `protobuf:"varint,4,req,name=outq_seq,json=outqSeq" json:"outq_seq,omitempty"` - OptMask *uint32 `protobuf:"varint,5,req,name=opt_mask,json=optMask" json:"opt_mask,omitempty"` // TCPI_OPT_ bits - SndWscale *uint32 `protobuf:"varint,6,req,name=snd_wscale,json=sndWscale" json:"snd_wscale,omitempty"` - MssClamp *uint32 `protobuf:"varint,7,req,name=mss_clamp,json=mssClamp" json:"mss_clamp,omitempty"` - RcvWscale *uint32 `protobuf:"varint,8,opt,name=rcv_wscale,json=rcvWscale" json:"rcv_wscale,omitempty"` - Timestamp *uint32 `protobuf:"varint,9,opt,name=timestamp" json:"timestamp,omitempty"` - Cork *bool `protobuf:"varint,10,opt,name=cork" json:"cork,omitempty"` - Nodelay *bool `protobuf:"varint,11,opt,name=nodelay" json:"nodelay,omitempty"` - UnsqLen *uint32 `protobuf:"varint,12,opt,name=unsq_len,json=unsqLen" json:"unsq_len,omitempty"` // unsent data in the send queue - SndWl1 *uint32 `protobuf:"varint,13,opt,name=snd_wl1,json=sndWl1" json:"snd_wl1,omitempty"` - SndWnd *uint32 `protobuf:"varint,14,opt,name=snd_wnd,json=sndWnd" json:"snd_wnd,omitempty"` - MaxWindow *uint32 `protobuf:"varint,15,opt,name=max_window,json=maxWindow" json:"max_window,omitempty"` - RcvWnd *uint32 `protobuf:"varint,16,opt,name=rcv_wnd,json=rcvWnd" json:"rcv_wnd,omitempty"` - RcvWup *uint32 `protobuf:"varint,17,opt,name=rcv_wup,json=rcvWup" json:"rcv_wup,omitempty"` -} - -func (x *TcpStreamEntry) Reset() { - *x = TcpStreamEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_tcp_stream_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *TcpStreamEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*TcpStreamEntry) ProtoMessage() {} - -func (x *TcpStreamEntry) ProtoReflect() protoreflect.Message { - mi := &file_tcp_stream_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use TcpStreamEntry.ProtoReflect.Descriptor instead. -func (*TcpStreamEntry) Descriptor() ([]byte, []int) { - return file_tcp_stream_proto_rawDescGZIP(), []int{0} -} - -func (x *TcpStreamEntry) GetInqLen() uint32 { - if x != nil && x.InqLen != nil { - return *x.InqLen - } - return 0 -} - -func (x *TcpStreamEntry) GetInqSeq() uint32 { - if x != nil && x.InqSeq != nil { - return *x.InqSeq - } - return 0 -} - -func (x *TcpStreamEntry) GetOutqLen() uint32 { - if x != nil && x.OutqLen != nil { - return *x.OutqLen - } - return 0 -} - -func (x *TcpStreamEntry) GetOutqSeq() uint32 { - if x != nil && x.OutqSeq != nil { - return *x.OutqSeq - } - return 0 -} - -func (x *TcpStreamEntry) GetOptMask() uint32 { - if x != nil && x.OptMask != nil { - return *x.OptMask - } - return 0 -} - -func (x *TcpStreamEntry) GetSndWscale() uint32 { - if x != nil && x.SndWscale != nil { - return *x.SndWscale - } - return 0 -} - -func (x *TcpStreamEntry) GetMssClamp() uint32 { - if x != nil && x.MssClamp != nil { - return *x.MssClamp - } - return 0 -} - -func (x *TcpStreamEntry) GetRcvWscale() uint32 { - if x != nil && x.RcvWscale != nil { - return *x.RcvWscale - } - return 0 -} - -func (x *TcpStreamEntry) GetTimestamp() uint32 { - if x != nil && x.Timestamp != nil { - return *x.Timestamp - } - return 0 -} - -func (x *TcpStreamEntry) GetCork() bool { - if x != nil && x.Cork != nil { - return *x.Cork - } - return false -} - -func (x *TcpStreamEntry) GetNodelay() bool { - if x != nil && x.Nodelay != nil { - return *x.Nodelay - } - return false -} - -func (x *TcpStreamEntry) GetUnsqLen() uint32 { - if x != nil && x.UnsqLen != nil { - return *x.UnsqLen - } - return 0 -} - -func (x *TcpStreamEntry) GetSndWl1() uint32 { - if x != nil && x.SndWl1 != nil { - return *x.SndWl1 - } - return 0 -} - -func (x *TcpStreamEntry) GetSndWnd() uint32 { - if x != nil && x.SndWnd != nil { - return *x.SndWnd - } - return 0 -} - -func (x *TcpStreamEntry) GetMaxWindow() uint32 { - if x != nil && x.MaxWindow != nil { - return *x.MaxWindow - } - return 0 -} - -func (x *TcpStreamEntry) GetRcvWnd() uint32 { - if x != nil && x.RcvWnd != nil { - return *x.RcvWnd - } - return 0 -} - -func (x *TcpStreamEntry) GetRcvWup() uint32 { - if x != nil && x.RcvWup != nil { - return *x.RcvWup - } - return 0 -} - -var File_tcp_stream_proto protoreflect.FileDescriptor - -var file_tcp_stream_proto_rawDesc = []byte{ - 0x0a, 0x10, 0x74, 0x63, 0x70, 0x2d, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x1a, 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xe1, - 0x03, 0x0a, 0x10, 0x74, 0x63, 0x70, 0x5f, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x5f, 0x65, 0x6e, - 0x74, 0x72, 0x79, 0x12, 0x17, 0x0a, 0x07, 0x69, 0x6e, 0x71, 0x5f, 0x6c, 0x65, 0x6e, 0x18, 0x01, - 0x20, 0x02, 0x28, 0x0d, 0x52, 0x06, 0x69, 0x6e, 0x71, 0x4c, 0x65, 0x6e, 0x12, 0x17, 0x0a, 0x07, - 0x69, 0x6e, 0x71, 0x5f, 0x73, 0x65, 0x71, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x06, 0x69, - 0x6e, 0x71, 0x53, 0x65, 0x71, 0x12, 0x19, 0x0a, 0x08, 0x6f, 0x75, 0x74, 0x71, 0x5f, 0x6c, 0x65, - 0x6e, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x6f, 0x75, 0x74, 0x71, 0x4c, 0x65, 0x6e, - 0x12, 0x19, 0x0a, 0x08, 0x6f, 0x75, 0x74, 0x71, 0x5f, 0x73, 0x65, 0x71, 0x18, 0x04, 0x20, 0x02, - 0x28, 0x0d, 0x52, 0x07, 0x6f, 0x75, 0x74, 0x71, 0x53, 0x65, 0x71, 0x12, 0x20, 0x0a, 0x08, 0x6f, - 0x70, 0x74, 0x5f, 0x6d, 0x61, 0x73, 0x6b, 0x18, 0x05, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x05, 0xd2, - 0x3f, 0x02, 0x08, 0x01, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x4d, 0x61, 0x73, 0x6b, 0x12, 0x1d, 0x0a, - 0x0a, 0x73, 0x6e, 0x64, 0x5f, 0x77, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x18, 0x06, 0x20, 0x02, 0x28, - 0x0d, 0x52, 0x09, 0x73, 0x6e, 0x64, 0x57, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x12, 0x1b, 0x0a, 0x09, - 0x6d, 0x73, 0x73, 0x5f, 0x63, 0x6c, 0x61, 0x6d, 0x70, 0x18, 0x07, 0x20, 0x02, 0x28, 0x0d, 0x52, - 0x08, 0x6d, 0x73, 0x73, 0x43, 0x6c, 0x61, 0x6d, 0x70, 0x12, 0x1d, 0x0a, 0x0a, 0x72, 0x63, 0x76, - 0x5f, 0x77, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x09, 0x72, - 0x63, 0x76, 0x57, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x74, 0x69, 0x6d, 0x65, - 0x73, 0x74, 0x61, 0x6d, 0x70, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x09, 0x74, 0x69, 0x6d, - 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x12, 0x12, 0x0a, 0x04, 0x63, 0x6f, 0x72, 0x6b, 0x18, 0x0a, - 0x20, 0x01, 0x28, 0x08, 0x52, 0x04, 0x63, 0x6f, 0x72, 0x6b, 0x12, 0x18, 0x0a, 0x07, 0x6e, 0x6f, - 0x64, 0x65, 0x6c, 0x61, 0x79, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x6e, 0x6f, 0x64, - 0x65, 0x6c, 0x61, 0x79, 0x12, 0x19, 0x0a, 0x08, 0x75, 0x6e, 0x73, 0x71, 0x5f, 0x6c, 0x65, 0x6e, - 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x07, 0x75, 0x6e, 0x73, 0x71, 0x4c, 0x65, 0x6e, 0x12, - 0x17, 0x0a, 0x07, 0x73, 0x6e, 0x64, 0x5f, 0x77, 0x6c, 0x31, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x0d, - 0x52, 0x06, 0x73, 0x6e, 0x64, 0x57, 0x6c, 0x31, 0x12, 0x17, 0x0a, 0x07, 0x73, 0x6e, 0x64, 0x5f, - 0x77, 0x6e, 0x64, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x06, 0x73, 0x6e, 0x64, 0x57, 0x6e, - 0x64, 0x12, 0x1d, 0x0a, 0x0a, 0x6d, 0x61, 0x78, 0x5f, 0x77, 0x69, 0x6e, 0x64, 0x6f, 0x77, 0x18, - 0x0f, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x09, 0x6d, 0x61, 0x78, 0x57, 0x69, 0x6e, 0x64, 0x6f, 0x77, - 0x12, 0x17, 0x0a, 0x07, 0x72, 0x63, 0x76, 0x5f, 0x77, 0x6e, 0x64, 0x18, 0x10, 0x20, 0x01, 0x28, - 0x0d, 0x52, 0x06, 0x72, 0x63, 0x76, 0x57, 0x6e, 0x64, 0x12, 0x17, 0x0a, 0x07, 0x72, 0x63, 0x76, - 0x5f, 0x77, 0x75, 0x70, 0x18, 0x11, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x06, 0x72, 0x63, 0x76, 0x57, - 0x75, 0x70, -} - -var ( - file_tcp_stream_proto_rawDescOnce sync.Once - file_tcp_stream_proto_rawDescData = file_tcp_stream_proto_rawDesc -) - -func file_tcp_stream_proto_rawDescGZIP() []byte { - file_tcp_stream_proto_rawDescOnce.Do(func() { - file_tcp_stream_proto_rawDescData = protoimpl.X.CompressGZIP(file_tcp_stream_proto_rawDescData) - }) - return file_tcp_stream_proto_rawDescData -} - -var file_tcp_stream_proto_msgTypes = make([]protoimpl.MessageInfo, 1) -var file_tcp_stream_proto_goTypes = []interface{}{ - (*TcpStreamEntry)(nil), // 0: tcp_stream_entry -} -var file_tcp_stream_proto_depIdxs = []int32{ - 0, // [0:0] is the sub-list for method output_type - 0, // [0:0] is the sub-list for method input_type - 0, // [0:0] is the sub-list for extension type_name - 0, // [0:0] is the sub-list for extension extendee - 0, // [0:0] is the sub-list for field type_name -} - -func init() { file_tcp_stream_proto_init() } -func file_tcp_stream_proto_init() { - if File_tcp_stream_proto != nil { - return - } - file_opts_proto_init() - if !protoimpl.UnsafeEnabled { - file_tcp_stream_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*TcpStreamEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_tcp_stream_proto_rawDesc, - NumEnums: 0, - NumMessages: 1, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_tcp_stream_proto_goTypes, - DependencyIndexes: file_tcp_stream_proto_depIdxs, - MessageInfos: file_tcp_stream_proto_msgTypes, - }.Build() - File_tcp_stream_proto = out.File - file_tcp_stream_proto_rawDesc = nil - file_tcp_stream_proto_goTypes = nil - file_tcp_stream_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tcp-stream.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tcp-stream.proto deleted file mode 100644 index c2244ba3bfa..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tcp-stream.proto +++ /dev/null @@ -1,29 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -import "opts.proto"; - -message tcp_stream_entry { - required uint32 inq_len = 1; - required uint32 inq_seq = 2; - required uint32 outq_len = 3; /* unsent and sent data in the send queue*/ - required uint32 outq_seq = 4; - - required uint32 opt_mask = 5 [(criu).hex = true]; /* TCPI_OPT_ bits */ - required uint32 snd_wscale = 6; - required uint32 mss_clamp = 7; - optional uint32 rcv_wscale = 8; - optional uint32 timestamp = 9; - - optional bool cork = 10; - optional bool nodelay = 11; - - optional uint32 unsq_len = 12; /* unsent data in the send queue */ - - optional uint32 snd_wl1 = 13; - optional uint32 snd_wnd = 14; - optional uint32 max_window = 15; - optional uint32 rcv_wnd = 16; - optional uint32 rcv_wup = 17; -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/time.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/time.pb.go deleted file mode 100644 index a3bdfc0c27d..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/time.pb.go +++ /dev/null @@ -1,151 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: time.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type Timeval struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - TvSec *uint64 `protobuf:"varint,1,req,name=tv_sec,json=tvSec" json:"tv_sec,omitempty"` - TvUsec *uint64 `protobuf:"varint,2,req,name=tv_usec,json=tvUsec" json:"tv_usec,omitempty"` -} - -func (x *Timeval) Reset() { - *x = Timeval{} - if protoimpl.UnsafeEnabled { - mi := &file_time_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Timeval) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Timeval) ProtoMessage() {} - -func (x *Timeval) ProtoReflect() protoreflect.Message { - mi := &file_time_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Timeval.ProtoReflect.Descriptor instead. -func (*Timeval) Descriptor() ([]byte, []int) { - return file_time_proto_rawDescGZIP(), []int{0} -} - -func (x *Timeval) GetTvSec() uint64 { - if x != nil && x.TvSec != nil { - return *x.TvSec - } - return 0 -} - -func (x *Timeval) GetTvUsec() uint64 { - if x != nil && x.TvUsec != nil { - return *x.TvUsec - } - return 0 -} - -var File_time_proto protoreflect.FileDescriptor - -var file_time_proto_rawDesc = []byte{ - 0x0a, 0x0a, 0x74, 0x69, 0x6d, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x39, 0x0a, 0x07, - 0x74, 0x69, 0x6d, 0x65, 0x76, 0x61, 0x6c, 0x12, 0x15, 0x0a, 0x06, 0x74, 0x76, 0x5f, 0x73, 0x65, - 0x63, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x52, 0x05, 0x74, 0x76, 0x53, 0x65, 0x63, 0x12, 0x17, - 0x0a, 0x07, 0x74, 0x76, 0x5f, 0x75, 0x73, 0x65, 0x63, 0x18, 0x02, 0x20, 0x02, 0x28, 0x04, 0x52, - 0x06, 0x74, 0x76, 0x55, 0x73, 0x65, 0x63, -} - -var ( - file_time_proto_rawDescOnce sync.Once - file_time_proto_rawDescData = file_time_proto_rawDesc -) - -func file_time_proto_rawDescGZIP() []byte { - file_time_proto_rawDescOnce.Do(func() { - file_time_proto_rawDescData = protoimpl.X.CompressGZIP(file_time_proto_rawDescData) - }) - return file_time_proto_rawDescData -} - -var file_time_proto_msgTypes = make([]protoimpl.MessageInfo, 1) -var file_time_proto_goTypes = []interface{}{ - (*Timeval)(nil), // 0: timeval -} -var file_time_proto_depIdxs = []int32{ - 0, // [0:0] is the sub-list for method output_type - 0, // [0:0] is the sub-list for method input_type - 0, // [0:0] is the sub-list for extension type_name - 0, // [0:0] is the sub-list for extension extendee - 0, // [0:0] is the sub-list for field type_name -} - -func init() { file_time_proto_init() } -func file_time_proto_init() { - if File_time_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_time_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Timeval); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_time_proto_rawDesc, - NumEnums: 0, - NumMessages: 1, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_time_proto_goTypes, - DependencyIndexes: file_time_proto_depIdxs, - MessageInfos: file_time_proto_msgTypes, - }.Build() - File_time_proto = out.File - file_time_proto_rawDesc = nil - file_time_proto_goTypes = nil - file_time_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/time.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/time.proto deleted file mode 100644 index 5e5e7eee47c..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/time.proto +++ /dev/null @@ -1,8 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -message timeval { - required uint64 tv_sec = 1; - required uint64 tv_usec = 2; -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timens.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timens.pb.go deleted file mode 100644 index f8b629c1d86..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timens.pb.go +++ /dev/null @@ -1,227 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: timens.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type Timespec struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - TvSec *uint64 `protobuf:"varint,1,req,name=tv_sec,json=tvSec" json:"tv_sec,omitempty"` - TvNsec *uint64 `protobuf:"varint,2,req,name=tv_nsec,json=tvNsec" json:"tv_nsec,omitempty"` -} - -func (x *Timespec) Reset() { - *x = Timespec{} - if protoimpl.UnsafeEnabled { - mi := &file_timens_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Timespec) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Timespec) ProtoMessage() {} - -func (x *Timespec) ProtoReflect() protoreflect.Message { - mi := &file_timens_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Timespec.ProtoReflect.Descriptor instead. -func (*Timespec) Descriptor() ([]byte, []int) { - return file_timens_proto_rawDescGZIP(), []int{0} -} - -func (x *Timespec) GetTvSec() uint64 { - if x != nil && x.TvSec != nil { - return *x.TvSec - } - return 0 -} - -func (x *Timespec) GetTvNsec() uint64 { - if x != nil && x.TvNsec != nil { - return *x.TvNsec - } - return 0 -} - -type TimensEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Monotonic *Timespec `protobuf:"bytes,1,req,name=monotonic" json:"monotonic,omitempty"` - Boottime *Timespec `protobuf:"bytes,2,req,name=boottime" json:"boottime,omitempty"` -} - -func (x *TimensEntry) Reset() { - *x = TimensEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_timens_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *TimensEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*TimensEntry) ProtoMessage() {} - -func (x *TimensEntry) ProtoReflect() protoreflect.Message { - mi := &file_timens_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use TimensEntry.ProtoReflect.Descriptor instead. -func (*TimensEntry) Descriptor() ([]byte, []int) { - return file_timens_proto_rawDescGZIP(), []int{1} -} - -func (x *TimensEntry) GetMonotonic() *Timespec { - if x != nil { - return x.Monotonic - } - return nil -} - -func (x *TimensEntry) GetBoottime() *Timespec { - if x != nil { - return x.Boottime - } - return nil -} - -var File_timens_proto protoreflect.FileDescriptor - -var file_timens_proto_rawDesc = []byte{ - 0x0a, 0x0c, 0x74, 0x69, 0x6d, 0x65, 0x6e, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x3a, - 0x0a, 0x08, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x70, 0x65, 0x63, 0x12, 0x15, 0x0a, 0x06, 0x74, 0x76, - 0x5f, 0x73, 0x65, 0x63, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x52, 0x05, 0x74, 0x76, 0x53, 0x65, - 0x63, 0x12, 0x17, 0x0a, 0x07, 0x74, 0x76, 0x5f, 0x6e, 0x73, 0x65, 0x63, 0x18, 0x02, 0x20, 0x02, - 0x28, 0x04, 0x52, 0x06, 0x74, 0x76, 0x4e, 0x73, 0x65, 0x63, 0x22, 0x5e, 0x0a, 0x0c, 0x74, 0x69, - 0x6d, 0x65, 0x6e, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x27, 0x0a, 0x09, 0x6d, 0x6f, - 0x6e, 0x6f, 0x74, 0x6f, 0x6e, 0x69, 0x63, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x09, 0x2e, - 0x74, 0x69, 0x6d, 0x65, 0x73, 0x70, 0x65, 0x63, 0x52, 0x09, 0x6d, 0x6f, 0x6e, 0x6f, 0x74, 0x6f, - 0x6e, 0x69, 0x63, 0x12, 0x25, 0x0a, 0x08, 0x62, 0x6f, 0x6f, 0x74, 0x74, 0x69, 0x6d, 0x65, 0x18, - 0x02, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x09, 0x2e, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x70, 0x65, 0x63, - 0x52, 0x08, 0x62, 0x6f, 0x6f, 0x74, 0x74, 0x69, 0x6d, 0x65, -} - -var ( - file_timens_proto_rawDescOnce sync.Once - file_timens_proto_rawDescData = file_timens_proto_rawDesc -) - -func file_timens_proto_rawDescGZIP() []byte { - file_timens_proto_rawDescOnce.Do(func() { - file_timens_proto_rawDescData = protoimpl.X.CompressGZIP(file_timens_proto_rawDescData) - }) - return file_timens_proto_rawDescData -} - -var file_timens_proto_msgTypes = make([]protoimpl.MessageInfo, 2) -var file_timens_proto_goTypes = []interface{}{ - (*Timespec)(nil), // 0: timespec - (*TimensEntry)(nil), // 1: timens_entry -} -var file_timens_proto_depIdxs = []int32{ - 0, // 0: timens_entry.monotonic:type_name -> timespec - 0, // 1: timens_entry.boottime:type_name -> timespec - 2, // [2:2] is the sub-list for method output_type - 2, // [2:2] is the sub-list for method input_type - 2, // [2:2] is the sub-list for extension type_name - 2, // [2:2] is the sub-list for extension extendee - 0, // [0:2] is the sub-list for field type_name -} - -func init() { file_timens_proto_init() } -func file_timens_proto_init() { - if File_timens_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_timens_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Timespec); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_timens_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*TimensEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_timens_proto_rawDesc, - NumEnums: 0, - NumMessages: 2, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_timens_proto_goTypes, - DependencyIndexes: file_timens_proto_depIdxs, - MessageInfos: file_timens_proto_msgTypes, - }.Build() - File_timens_proto = out.File - file_timens_proto_rawDesc = nil - file_timens_proto_goTypes = nil - file_timens_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timens.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timens.proto deleted file mode 100644 index 79097a18d42..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timens.proto +++ /dev/null @@ -1,12 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -message timespec { - required uint64 tv_sec = 1; - required uint64 tv_nsec = 2; -} -message timens_entry { - required timespec monotonic = 1; - required timespec boottime = 2; -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timer.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timer.pb.go deleted file mode 100644 index 88df9f88ca6..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timer.pb.go +++ /dev/null @@ -1,428 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: timer.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type ItimerEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Isec *uint64 `protobuf:"varint,1,req,name=isec" json:"isec,omitempty"` - Iusec *uint64 `protobuf:"varint,2,req,name=iusec" json:"iusec,omitempty"` - Vsec *uint64 `protobuf:"varint,3,req,name=vsec" json:"vsec,omitempty"` - Vusec *uint64 `protobuf:"varint,4,req,name=vusec" json:"vusec,omitempty"` -} - -func (x *ItimerEntry) Reset() { - *x = ItimerEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_timer_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ItimerEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ItimerEntry) ProtoMessage() {} - -func (x *ItimerEntry) ProtoReflect() protoreflect.Message { - mi := &file_timer_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ItimerEntry.ProtoReflect.Descriptor instead. -func (*ItimerEntry) Descriptor() ([]byte, []int) { - return file_timer_proto_rawDescGZIP(), []int{0} -} - -func (x *ItimerEntry) GetIsec() uint64 { - if x != nil && x.Isec != nil { - return *x.Isec - } - return 0 -} - -func (x *ItimerEntry) GetIusec() uint64 { - if x != nil && x.Iusec != nil { - return *x.Iusec - } - return 0 -} - -func (x *ItimerEntry) GetVsec() uint64 { - if x != nil && x.Vsec != nil { - return *x.Vsec - } - return 0 -} - -func (x *ItimerEntry) GetVusec() uint64 { - if x != nil && x.Vusec != nil { - return *x.Vusec - } - return 0 -} - -type PosixTimerEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - ItId *uint32 `protobuf:"varint,1,req,name=it_id,json=itId" json:"it_id,omitempty"` - ClockId *uint32 `protobuf:"varint,2,req,name=clock_id,json=clockId" json:"clock_id,omitempty"` - SiSigno *uint32 `protobuf:"varint,3,req,name=si_signo,json=siSigno" json:"si_signo,omitempty"` - ItSigevNotify *uint32 `protobuf:"varint,4,req,name=it_sigev_notify,json=itSigevNotify" json:"it_sigev_notify,omitempty"` - SivalPtr *uint64 `protobuf:"varint,5,req,name=sival_ptr,json=sivalPtr" json:"sival_ptr,omitempty"` - Overrun *uint32 `protobuf:"varint,6,req,name=overrun" json:"overrun,omitempty"` - Isec *uint64 `protobuf:"varint,7,req,name=isec" json:"isec,omitempty"` - Insec *uint64 `protobuf:"varint,8,req,name=insec" json:"insec,omitempty"` - Vsec *uint64 `protobuf:"varint,9,req,name=vsec" json:"vsec,omitempty"` - Vnsec *uint64 `protobuf:"varint,10,req,name=vnsec" json:"vnsec,omitempty"` - NotifyThreadId *int32 `protobuf:"varint,11,opt,name=notify_thread_id,json=notifyThreadId" json:"notify_thread_id,omitempty"` -} - -func (x *PosixTimerEntry) Reset() { - *x = PosixTimerEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_timer_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *PosixTimerEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*PosixTimerEntry) ProtoMessage() {} - -func (x *PosixTimerEntry) ProtoReflect() protoreflect.Message { - mi := &file_timer_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use PosixTimerEntry.ProtoReflect.Descriptor instead. -func (*PosixTimerEntry) Descriptor() ([]byte, []int) { - return file_timer_proto_rawDescGZIP(), []int{1} -} - -func (x *PosixTimerEntry) GetItId() uint32 { - if x != nil && x.ItId != nil { - return *x.ItId - } - return 0 -} - -func (x *PosixTimerEntry) GetClockId() uint32 { - if x != nil && x.ClockId != nil { - return *x.ClockId - } - return 0 -} - -func (x *PosixTimerEntry) GetSiSigno() uint32 { - if x != nil && x.SiSigno != nil { - return *x.SiSigno - } - return 0 -} - -func (x *PosixTimerEntry) GetItSigevNotify() uint32 { - if x != nil && x.ItSigevNotify != nil { - return *x.ItSigevNotify - } - return 0 -} - -func (x *PosixTimerEntry) GetSivalPtr() uint64 { - if x != nil && x.SivalPtr != nil { - return *x.SivalPtr - } - return 0 -} - -func (x *PosixTimerEntry) GetOverrun() uint32 { - if x != nil && x.Overrun != nil { - return *x.Overrun - } - return 0 -} - -func (x *PosixTimerEntry) GetIsec() uint64 { - if x != nil && x.Isec != nil { - return *x.Isec - } - return 0 -} - -func (x *PosixTimerEntry) GetInsec() uint64 { - if x != nil && x.Insec != nil { - return *x.Insec - } - return 0 -} - -func (x *PosixTimerEntry) GetVsec() uint64 { - if x != nil && x.Vsec != nil { - return *x.Vsec - } - return 0 -} - -func (x *PosixTimerEntry) GetVnsec() uint64 { - if x != nil && x.Vnsec != nil { - return *x.Vnsec - } - return 0 -} - -func (x *PosixTimerEntry) GetNotifyThreadId() int32 { - if x != nil && x.NotifyThreadId != nil { - return *x.NotifyThreadId - } - return 0 -} - -type TaskTimersEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Real *ItimerEntry `protobuf:"bytes,1,req,name=real" json:"real,omitempty"` - Virt *ItimerEntry `protobuf:"bytes,2,req,name=virt" json:"virt,omitempty"` - Prof *ItimerEntry `protobuf:"bytes,3,req,name=prof" json:"prof,omitempty"` - Posix []*PosixTimerEntry `protobuf:"bytes,4,rep,name=posix" json:"posix,omitempty"` -} - -func (x *TaskTimersEntry) Reset() { - *x = TaskTimersEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_timer_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *TaskTimersEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*TaskTimersEntry) ProtoMessage() {} - -func (x *TaskTimersEntry) ProtoReflect() protoreflect.Message { - mi := &file_timer_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use TaskTimersEntry.ProtoReflect.Descriptor instead. -func (*TaskTimersEntry) Descriptor() ([]byte, []int) { - return file_timer_proto_rawDescGZIP(), []int{2} -} - -func (x *TaskTimersEntry) GetReal() *ItimerEntry { - if x != nil { - return x.Real - } - return nil -} - -func (x *TaskTimersEntry) GetVirt() *ItimerEntry { - if x != nil { - return x.Virt - } - return nil -} - -func (x *TaskTimersEntry) GetProf() *ItimerEntry { - if x != nil { - return x.Prof - } - return nil -} - -func (x *TaskTimersEntry) GetPosix() []*PosixTimerEntry { - if x != nil { - return x.Posix - } - return nil -} - -var File_timer_proto protoreflect.FileDescriptor - -var file_timer_proto_rawDesc = []byte{ - 0x0a, 0x0b, 0x74, 0x69, 0x6d, 0x65, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x62, 0x0a, - 0x0c, 0x69, 0x74, 0x69, 0x6d, 0x65, 0x72, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x12, 0x0a, - 0x04, 0x69, 0x73, 0x65, 0x63, 0x18, 0x01, 0x20, 0x02, 0x28, 0x04, 0x52, 0x04, 0x69, 0x73, 0x65, - 0x63, 0x12, 0x14, 0x0a, 0x05, 0x69, 0x75, 0x73, 0x65, 0x63, 0x18, 0x02, 0x20, 0x02, 0x28, 0x04, - 0x52, 0x05, 0x69, 0x75, 0x73, 0x65, 0x63, 0x12, 0x12, 0x0a, 0x04, 0x76, 0x73, 0x65, 0x63, 0x18, - 0x03, 0x20, 0x02, 0x28, 0x04, 0x52, 0x04, 0x76, 0x73, 0x65, 0x63, 0x12, 0x14, 0x0a, 0x05, 0x76, - 0x75, 0x73, 0x65, 0x63, 0x18, 0x04, 0x20, 0x02, 0x28, 0x04, 0x52, 0x05, 0x76, 0x75, 0x73, 0x65, - 0x63, 0x22, 0xbb, 0x02, 0x0a, 0x11, 0x70, 0x6f, 0x73, 0x69, 0x78, 0x5f, 0x74, 0x69, 0x6d, 0x65, - 0x72, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x13, 0x0a, 0x05, 0x69, 0x74, 0x5f, 0x69, 0x64, - 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, 0x69, 0x74, 0x49, 0x64, 0x12, 0x19, 0x0a, 0x08, - 0x63, 0x6c, 0x6f, 0x63, 0x6b, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, - 0x63, 0x6c, 0x6f, 0x63, 0x6b, 0x49, 0x64, 0x12, 0x19, 0x0a, 0x08, 0x73, 0x69, 0x5f, 0x73, 0x69, - 0x67, 0x6e, 0x6f, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x73, 0x69, 0x53, 0x69, 0x67, - 0x6e, 0x6f, 0x12, 0x26, 0x0a, 0x0f, 0x69, 0x74, 0x5f, 0x73, 0x69, 0x67, 0x65, 0x76, 0x5f, 0x6e, - 0x6f, 0x74, 0x69, 0x66, 0x79, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x0d, 0x69, 0x74, 0x53, - 0x69, 0x67, 0x65, 0x76, 0x4e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x12, 0x1b, 0x0a, 0x09, 0x73, 0x69, - 0x76, 0x61, 0x6c, 0x5f, 0x70, 0x74, 0x72, 0x18, 0x05, 0x20, 0x02, 0x28, 0x04, 0x52, 0x08, 0x73, - 0x69, 0x76, 0x61, 0x6c, 0x50, 0x74, 0x72, 0x12, 0x18, 0x0a, 0x07, 0x6f, 0x76, 0x65, 0x72, 0x72, - 0x75, 0x6e, 0x18, 0x06, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x6f, 0x76, 0x65, 0x72, 0x72, 0x75, - 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x69, 0x73, 0x65, 0x63, 0x18, 0x07, 0x20, 0x02, 0x28, 0x04, 0x52, - 0x04, 0x69, 0x73, 0x65, 0x63, 0x12, 0x14, 0x0a, 0x05, 0x69, 0x6e, 0x73, 0x65, 0x63, 0x18, 0x08, - 0x20, 0x02, 0x28, 0x04, 0x52, 0x05, 0x69, 0x6e, 0x73, 0x65, 0x63, 0x12, 0x12, 0x0a, 0x04, 0x76, - 0x73, 0x65, 0x63, 0x18, 0x09, 0x20, 0x02, 0x28, 0x04, 0x52, 0x04, 0x76, 0x73, 0x65, 0x63, 0x12, - 0x14, 0x0a, 0x05, 0x76, 0x6e, 0x73, 0x65, 0x63, 0x18, 0x0a, 0x20, 0x02, 0x28, 0x04, 0x52, 0x05, - 0x76, 0x6e, 0x73, 0x65, 0x63, 0x12, 0x28, 0x0a, 0x10, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x5f, - 0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x69, 0x64, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x05, 0x52, - 0x0e, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x54, 0x68, 0x72, 0x65, 0x61, 0x64, 0x49, 0x64, 0x22, - 0xa6, 0x01, 0x0a, 0x11, 0x74, 0x61, 0x73, 0x6b, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x72, 0x73, 0x5f, - 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x21, 0x0a, 0x04, 0x72, 0x65, 0x61, 0x6c, 0x18, 0x01, 0x20, - 0x02, 0x28, 0x0b, 0x32, 0x0d, 0x2e, 0x69, 0x74, 0x69, 0x6d, 0x65, 0x72, 0x5f, 0x65, 0x6e, 0x74, - 0x72, 0x79, 0x52, 0x04, 0x72, 0x65, 0x61, 0x6c, 0x12, 0x21, 0x0a, 0x04, 0x76, 0x69, 0x72, 0x74, - 0x18, 0x02, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x0d, 0x2e, 0x69, 0x74, 0x69, 0x6d, 0x65, 0x72, 0x5f, - 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x76, 0x69, 0x72, 0x74, 0x12, 0x21, 0x0a, 0x04, 0x70, - 0x72, 0x6f, 0x66, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x0d, 0x2e, 0x69, 0x74, 0x69, 0x6d, - 0x65, 0x72, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x70, 0x72, 0x6f, 0x66, 0x12, 0x28, - 0x0a, 0x05, 0x70, 0x6f, 0x73, 0x69, 0x78, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x12, 0x2e, - 0x70, 0x6f, 0x73, 0x69, 0x78, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x72, 0x5f, 0x65, 0x6e, 0x74, 0x72, - 0x79, 0x52, 0x05, 0x70, 0x6f, 0x73, 0x69, 0x78, -} - -var ( - file_timer_proto_rawDescOnce sync.Once - file_timer_proto_rawDescData = file_timer_proto_rawDesc -) - -func file_timer_proto_rawDescGZIP() []byte { - file_timer_proto_rawDescOnce.Do(func() { - file_timer_proto_rawDescData = protoimpl.X.CompressGZIP(file_timer_proto_rawDescData) - }) - return file_timer_proto_rawDescData -} - -var file_timer_proto_msgTypes = make([]protoimpl.MessageInfo, 3) -var file_timer_proto_goTypes = []interface{}{ - (*ItimerEntry)(nil), // 0: itimer_entry - (*PosixTimerEntry)(nil), // 1: posix_timer_entry - (*TaskTimersEntry)(nil), // 2: task_timers_entry -} -var file_timer_proto_depIdxs = []int32{ - 0, // 0: task_timers_entry.real:type_name -> itimer_entry - 0, // 1: task_timers_entry.virt:type_name -> itimer_entry - 0, // 2: task_timers_entry.prof:type_name -> itimer_entry - 1, // 3: task_timers_entry.posix:type_name -> posix_timer_entry - 4, // [4:4] is the sub-list for method output_type - 4, // [4:4] is the sub-list for method input_type - 4, // [4:4] is the sub-list for extension type_name - 4, // [4:4] is the sub-list for extension extendee - 0, // [0:4] is the sub-list for field type_name -} - -func init() { file_timer_proto_init() } -func file_timer_proto_init() { - if File_timer_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_timer_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ItimerEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_timer_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*PosixTimerEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_timer_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*TaskTimersEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_timer_proto_rawDesc, - NumEnums: 0, - NumMessages: 3, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_timer_proto_goTypes, - DependencyIndexes: file_timer_proto_depIdxs, - MessageInfos: file_timer_proto_msgTypes, - }.Build() - File_timer_proto = out.File - file_timer_proto_rawDesc = nil - file_timer_proto_goTypes = nil - file_timer_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timer.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timer.proto deleted file mode 100644 index 3b95562abdd..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timer.proto +++ /dev/null @@ -1,32 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -message itimer_entry { - required uint64 isec = 1; - required uint64 iusec = 2; - required uint64 vsec = 3; - required uint64 vusec = 4; -} - -message posix_timer_entry { - required uint32 it_id = 1; - required uint32 clock_id = 2; - required uint32 si_signo = 3; - required uint32 it_sigev_notify = 4; - required uint64 sival_ptr = 5; - required uint32 overrun = 6; - - required uint64 isec = 7; - required uint64 insec = 8; - required uint64 vsec = 9; - required uint64 vnsec = 10; - optional int32 notify_thread_id= 11; -} - -message task_timers_entry { - required itimer_entry real = 1; - required itimer_entry virt = 2; - required itimer_entry prof = 3; - repeated posix_timer_entry posix = 4; -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timerfd.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timerfd.pb.go deleted file mode 100644 index 17cd382aef9..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timerfd.pb.go +++ /dev/null @@ -1,234 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: timerfd.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type TimerfdEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Id *uint32 `protobuf:"varint,1,req,name=id" json:"id,omitempty"` - Flags *uint32 `protobuf:"varint,2,req,name=flags" json:"flags,omitempty"` - Fown *FownEntry `protobuf:"bytes,3,req,name=fown" json:"fown,omitempty"` - Clockid *uint32 `protobuf:"varint,4,req,name=clockid" json:"clockid,omitempty"` - Ticks *uint64 `protobuf:"varint,5,req,name=ticks" json:"ticks,omitempty"` - SettimeFlags *uint32 `protobuf:"varint,6,req,name=settime_flags,json=settimeFlags" json:"settime_flags,omitempty"` - Vsec *uint64 `protobuf:"varint,7,req,name=vsec" json:"vsec,omitempty"` - Vnsec *uint64 `protobuf:"varint,8,req,name=vnsec" json:"vnsec,omitempty"` - Isec *uint64 `protobuf:"varint,9,req,name=isec" json:"isec,omitempty"` - Insec *uint64 `protobuf:"varint,10,req,name=insec" json:"insec,omitempty"` -} - -func (x *TimerfdEntry) Reset() { - *x = TimerfdEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_timerfd_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *TimerfdEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*TimerfdEntry) ProtoMessage() {} - -func (x *TimerfdEntry) ProtoReflect() protoreflect.Message { - mi := &file_timerfd_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use TimerfdEntry.ProtoReflect.Descriptor instead. -func (*TimerfdEntry) Descriptor() ([]byte, []int) { - return file_timerfd_proto_rawDescGZIP(), []int{0} -} - -func (x *TimerfdEntry) GetId() uint32 { - if x != nil && x.Id != nil { - return *x.Id - } - return 0 -} - -func (x *TimerfdEntry) GetFlags() uint32 { - if x != nil && x.Flags != nil { - return *x.Flags - } - return 0 -} - -func (x *TimerfdEntry) GetFown() *FownEntry { - if x != nil { - return x.Fown - } - return nil -} - -func (x *TimerfdEntry) GetClockid() uint32 { - if x != nil && x.Clockid != nil { - return *x.Clockid - } - return 0 -} - -func (x *TimerfdEntry) GetTicks() uint64 { - if x != nil && x.Ticks != nil { - return *x.Ticks - } - return 0 -} - -func (x *TimerfdEntry) GetSettimeFlags() uint32 { - if x != nil && x.SettimeFlags != nil { - return *x.SettimeFlags - } - return 0 -} - -func (x *TimerfdEntry) GetVsec() uint64 { - if x != nil && x.Vsec != nil { - return *x.Vsec - } - return 0 -} - -func (x *TimerfdEntry) GetVnsec() uint64 { - if x != nil && x.Vnsec != nil { - return *x.Vnsec - } - return 0 -} - -func (x *TimerfdEntry) GetIsec() uint64 { - if x != nil && x.Isec != nil { - return *x.Isec - } - return 0 -} - -func (x *TimerfdEntry) GetInsec() uint64 { - if x != nil && x.Insec != nil { - return *x.Insec - } - return 0 -} - -var File_timerfd_proto protoreflect.FileDescriptor - -var file_timerfd_proto_rawDesc = []byte{ - 0x0a, 0x0d, 0x74, 0x69, 0x6d, 0x65, 0x72, 0x66, 0x64, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, - 0x0a, 0x6f, 0x70, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x66, 0x6f, 0x77, - 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x8d, 0x02, 0x0a, 0x0d, 0x74, 0x69, 0x6d, 0x65, - 0x72, 0x66, 0x64, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, - 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, 0x1b, 0x0a, 0x05, 0x66, 0x6c, 0x61, - 0x67, 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, - 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x1f, 0x0a, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x18, 0x03, - 0x20, 0x02, 0x28, 0x0b, 0x32, 0x0b, 0x2e, 0x66, 0x6f, 0x77, 0x6e, 0x5f, 0x65, 0x6e, 0x74, 0x72, - 0x79, 0x52, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x12, 0x18, 0x0a, 0x07, 0x63, 0x6c, 0x6f, 0x63, 0x6b, - 0x69, 0x64, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x63, 0x6c, 0x6f, 0x63, 0x6b, 0x69, - 0x64, 0x12, 0x14, 0x0a, 0x05, 0x74, 0x69, 0x63, 0x6b, 0x73, 0x18, 0x05, 0x20, 0x02, 0x28, 0x04, - 0x52, 0x05, 0x74, 0x69, 0x63, 0x6b, 0x73, 0x12, 0x2a, 0x0a, 0x0d, 0x73, 0x65, 0x74, 0x74, 0x69, - 0x6d, 0x65, 0x5f, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x06, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x05, - 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x0c, 0x73, 0x65, 0x74, 0x74, 0x69, 0x6d, 0x65, 0x46, 0x6c, - 0x61, 0x67, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x76, 0x73, 0x65, 0x63, 0x18, 0x07, 0x20, 0x02, 0x28, - 0x04, 0x52, 0x04, 0x76, 0x73, 0x65, 0x63, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x6e, 0x73, 0x65, 0x63, - 0x18, 0x08, 0x20, 0x02, 0x28, 0x04, 0x52, 0x05, 0x76, 0x6e, 0x73, 0x65, 0x63, 0x12, 0x12, 0x0a, - 0x04, 0x69, 0x73, 0x65, 0x63, 0x18, 0x09, 0x20, 0x02, 0x28, 0x04, 0x52, 0x04, 0x69, 0x73, 0x65, - 0x63, 0x12, 0x14, 0x0a, 0x05, 0x69, 0x6e, 0x73, 0x65, 0x63, 0x18, 0x0a, 0x20, 0x02, 0x28, 0x04, - 0x52, 0x05, 0x69, 0x6e, 0x73, 0x65, 0x63, -} - -var ( - file_timerfd_proto_rawDescOnce sync.Once - file_timerfd_proto_rawDescData = file_timerfd_proto_rawDesc -) - -func file_timerfd_proto_rawDescGZIP() []byte { - file_timerfd_proto_rawDescOnce.Do(func() { - file_timerfd_proto_rawDescData = protoimpl.X.CompressGZIP(file_timerfd_proto_rawDescData) - }) - return file_timerfd_proto_rawDescData -} - -var file_timerfd_proto_msgTypes = make([]protoimpl.MessageInfo, 1) -var file_timerfd_proto_goTypes = []interface{}{ - (*TimerfdEntry)(nil), // 0: timerfd_entry - (*FownEntry)(nil), // 1: fown_entry -} -var file_timerfd_proto_depIdxs = []int32{ - 1, // 0: timerfd_entry.fown:type_name -> fown_entry - 1, // [1:1] is the sub-list for method output_type - 1, // [1:1] is the sub-list for method input_type - 1, // [1:1] is the sub-list for extension type_name - 1, // [1:1] is the sub-list for extension extendee - 0, // [0:1] is the sub-list for field type_name -} - -func init() { file_timerfd_proto_init() } -func file_timerfd_proto_init() { - if File_timerfd_proto != nil { - return - } - file_opts_proto_init() - file_fown_proto_init() - if !protoimpl.UnsafeEnabled { - file_timerfd_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*TimerfdEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_timerfd_proto_rawDesc, - NumEnums: 0, - NumMessages: 1, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_timerfd_proto_goTypes, - DependencyIndexes: file_timerfd_proto_depIdxs, - MessageInfos: file_timerfd_proto_msgTypes, - }.Build() - File_timerfd_proto = out.File - file_timerfd_proto_rawDesc = nil - file_timerfd_proto_goTypes = nil - file_timerfd_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timerfd.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timerfd.proto deleted file mode 100644 index 0bdf1253884..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/timerfd.proto +++ /dev/null @@ -1,21 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -import "opts.proto"; -import "fown.proto"; - -message timerfd_entry { - required uint32 id = 1; - required uint32 flags = 2 [(criu).hex = true]; - required fown_entry fown = 3; - - required uint32 clockid = 4; - required uint64 ticks = 5; - required uint32 settime_flags = 6 [(criu).hex = true]; - - required uint64 vsec = 7; - required uint64 vnsec = 8; - required uint64 isec = 9; - required uint64 insec = 10; -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tty.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tty.pb.go deleted file mode 100644 index ae849ba616e..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tty.pb.go +++ /dev/null @@ -1,831 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: tty.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type TtyType int32 - -const ( - TtyType_UNKNOWN TtyType = 0 - TtyType_PTY TtyType = 1 - TtyType_CONSOLE TtyType = 2 - TtyType_VT TtyType = 3 - TtyType_CTTY TtyType = 4 - TtyType_EXT_TTY TtyType = 5 - TtyType_SERIAL TtyType = 6 -) - -// Enum value maps for TtyType. -var ( - TtyType_name = map[int32]string{ - 0: "UNKNOWN", - 1: "PTY", - 2: "CONSOLE", - 3: "VT", - 4: "CTTY", - 5: "EXT_TTY", - 6: "SERIAL", - } - TtyType_value = map[string]int32{ - "UNKNOWN": 0, - "PTY": 1, - "CONSOLE": 2, - "VT": 3, - "CTTY": 4, - "EXT_TTY": 5, - "SERIAL": 6, - } -) - -func (x TtyType) Enum() *TtyType { - p := new(TtyType) - *p = x - return p -} - -func (x TtyType) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (TtyType) Descriptor() protoreflect.EnumDescriptor { - return file_tty_proto_enumTypes[0].Descriptor() -} - -func (TtyType) Type() protoreflect.EnumType { - return &file_tty_proto_enumTypes[0] -} - -func (x TtyType) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Do not use. -func (x *TtyType) UnmarshalJSON(b []byte) error { - num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b) - if err != nil { - return err - } - *x = TtyType(num) - return nil -} - -// Deprecated: Use TtyType.Descriptor instead. -func (TtyType) EnumDescriptor() ([]byte, []int) { - return file_tty_proto_rawDescGZIP(), []int{0} -} - -type WinsizeEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - WsRow *uint32 `protobuf:"varint,1,req,name=ws_row,json=wsRow" json:"ws_row,omitempty"` - WsCol *uint32 `protobuf:"varint,2,req,name=ws_col,json=wsCol" json:"ws_col,omitempty"` - WsXpixel *uint32 `protobuf:"varint,3,req,name=ws_xpixel,json=wsXpixel" json:"ws_xpixel,omitempty"` - WsYpixel *uint32 `protobuf:"varint,4,req,name=ws_ypixel,json=wsYpixel" json:"ws_ypixel,omitempty"` -} - -func (x *WinsizeEntry) Reset() { - *x = WinsizeEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_tty_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *WinsizeEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*WinsizeEntry) ProtoMessage() {} - -func (x *WinsizeEntry) ProtoReflect() protoreflect.Message { - mi := &file_tty_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use WinsizeEntry.ProtoReflect.Descriptor instead. -func (*WinsizeEntry) Descriptor() ([]byte, []int) { - return file_tty_proto_rawDescGZIP(), []int{0} -} - -func (x *WinsizeEntry) GetWsRow() uint32 { - if x != nil && x.WsRow != nil { - return *x.WsRow - } - return 0 -} - -func (x *WinsizeEntry) GetWsCol() uint32 { - if x != nil && x.WsCol != nil { - return *x.WsCol - } - return 0 -} - -func (x *WinsizeEntry) GetWsXpixel() uint32 { - if x != nil && x.WsXpixel != nil { - return *x.WsXpixel - } - return 0 -} - -func (x *WinsizeEntry) GetWsYpixel() uint32 { - if x != nil && x.WsYpixel != nil { - return *x.WsYpixel - } - return 0 -} - -type TermiosEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - CIflag *uint32 `protobuf:"varint,1,req,name=c_iflag,json=cIflag" json:"c_iflag,omitempty"` - COflag *uint32 `protobuf:"varint,2,req,name=c_oflag,json=cOflag" json:"c_oflag,omitempty"` - CCflag *uint32 `protobuf:"varint,3,req,name=c_cflag,json=cCflag" json:"c_cflag,omitempty"` - CLflag *uint32 `protobuf:"varint,4,req,name=c_lflag,json=cLflag" json:"c_lflag,omitempty"` - CLine *uint32 `protobuf:"varint,5,req,name=c_line,json=cLine" json:"c_line,omitempty"` - CIspeed *uint32 `protobuf:"varint,6,req,name=c_ispeed,json=cIspeed" json:"c_ispeed,omitempty"` - COspeed *uint32 `protobuf:"varint,7,req,name=c_ospeed,json=cOspeed" json:"c_ospeed,omitempty"` - CCc []uint32 `protobuf:"varint,8,rep,name=c_cc,json=cCc" json:"c_cc,omitempty"` -} - -func (x *TermiosEntry) Reset() { - *x = TermiosEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_tty_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *TermiosEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*TermiosEntry) ProtoMessage() {} - -func (x *TermiosEntry) ProtoReflect() protoreflect.Message { - mi := &file_tty_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use TermiosEntry.ProtoReflect.Descriptor instead. -func (*TermiosEntry) Descriptor() ([]byte, []int) { - return file_tty_proto_rawDescGZIP(), []int{1} -} - -func (x *TermiosEntry) GetCIflag() uint32 { - if x != nil && x.CIflag != nil { - return *x.CIflag - } - return 0 -} - -func (x *TermiosEntry) GetCOflag() uint32 { - if x != nil && x.COflag != nil { - return *x.COflag - } - return 0 -} - -func (x *TermiosEntry) GetCCflag() uint32 { - if x != nil && x.CCflag != nil { - return *x.CCflag - } - return 0 -} - -func (x *TermiosEntry) GetCLflag() uint32 { - if x != nil && x.CLflag != nil { - return *x.CLflag - } - return 0 -} - -func (x *TermiosEntry) GetCLine() uint32 { - if x != nil && x.CLine != nil { - return *x.CLine - } - return 0 -} - -func (x *TermiosEntry) GetCIspeed() uint32 { - if x != nil && x.CIspeed != nil { - return *x.CIspeed - } - return 0 -} - -func (x *TermiosEntry) GetCOspeed() uint32 { - if x != nil && x.COspeed != nil { - return *x.COspeed - } - return 0 -} - -func (x *TermiosEntry) GetCCc() []uint32 { - if x != nil { - return x.CCc - } - return nil -} - -type TtyPtyEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Index *uint32 `protobuf:"varint,1,req,name=index" json:"index,omitempty"` -} - -func (x *TtyPtyEntry) Reset() { - *x = TtyPtyEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_tty_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *TtyPtyEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*TtyPtyEntry) ProtoMessage() {} - -func (x *TtyPtyEntry) ProtoReflect() protoreflect.Message { - mi := &file_tty_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use TtyPtyEntry.ProtoReflect.Descriptor instead. -func (*TtyPtyEntry) Descriptor() ([]byte, []int) { - return file_tty_proto_rawDescGZIP(), []int{2} -} - -func (x *TtyPtyEntry) GetIndex() uint32 { - if x != nil && x.Index != nil { - return *x.Index - } - return 0 -} - -type TtyDataEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - TtyId *uint32 `protobuf:"varint,1,req,name=tty_id,json=ttyId" json:"tty_id,omitempty"` - Data []byte `protobuf:"bytes,2,req,name=data" json:"data,omitempty"` -} - -func (x *TtyDataEntry) Reset() { - *x = TtyDataEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_tty_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *TtyDataEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*TtyDataEntry) ProtoMessage() {} - -func (x *TtyDataEntry) ProtoReflect() protoreflect.Message { - mi := &file_tty_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use TtyDataEntry.ProtoReflect.Descriptor instead. -func (*TtyDataEntry) Descriptor() ([]byte, []int) { - return file_tty_proto_rawDescGZIP(), []int{3} -} - -func (x *TtyDataEntry) GetTtyId() uint32 { - if x != nil && x.TtyId != nil { - return *x.TtyId - } - return 0 -} - -func (x *TtyDataEntry) GetData() []byte { - if x != nil { - return x.Data - } - return nil -} - -type TtyInfoEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Id *uint32 `protobuf:"varint,1,req,name=id" json:"id,omitempty"` - Type *TtyType `protobuf:"varint,2,req,name=type,enum=TtyType" json:"type,omitempty"` - Locked *bool `protobuf:"varint,3,req,name=locked" json:"locked,omitempty"` // Unix98 PTY only - Exclusive *bool `protobuf:"varint,4,req,name=exclusive" json:"exclusive,omitempty"` - PacketMode *bool `protobuf:"varint,5,req,name=packet_mode,json=packetMode" json:"packet_mode,omitempty"` // Unix98 PTY only - Sid *uint32 `protobuf:"varint,6,req,name=sid" json:"sid,omitempty"` - Pgrp *uint32 `protobuf:"varint,7,req,name=pgrp" json:"pgrp,omitempty"` - // Convenient for printing errors and such, with this - // device encoded we can figure out major and minor - // numbers. - Rdev *uint32 `protobuf:"varint,8,req,name=rdev" json:"rdev,omitempty"` - Termios *TermiosEntry `protobuf:"bytes,9,opt,name=termios" json:"termios,omitempty"` - TermiosLocked *TermiosEntry `protobuf:"bytes,10,opt,name=termios_locked,json=termiosLocked" json:"termios_locked,omitempty"` - Winsize *WinsizeEntry `protobuf:"bytes,11,opt,name=winsize" json:"winsize,omitempty"` - // These are optional fields which presence depends on - // TTY type. - Pty *TtyPtyEntry `protobuf:"bytes,12,opt,name=pty" json:"pty,omitempty"` - Dev *uint32 `protobuf:"varint,13,opt,name=dev" json:"dev,omitempty"` - Uid *uint32 `protobuf:"varint,14,opt,name=uid" json:"uid,omitempty"` - Gid *uint32 `protobuf:"varint,15,opt,name=gid" json:"gid,omitempty"` -} - -func (x *TtyInfoEntry) Reset() { - *x = TtyInfoEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_tty_proto_msgTypes[4] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *TtyInfoEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*TtyInfoEntry) ProtoMessage() {} - -func (x *TtyInfoEntry) ProtoReflect() protoreflect.Message { - mi := &file_tty_proto_msgTypes[4] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use TtyInfoEntry.ProtoReflect.Descriptor instead. -func (*TtyInfoEntry) Descriptor() ([]byte, []int) { - return file_tty_proto_rawDescGZIP(), []int{4} -} - -func (x *TtyInfoEntry) GetId() uint32 { - if x != nil && x.Id != nil { - return *x.Id - } - return 0 -} - -func (x *TtyInfoEntry) GetType() TtyType { - if x != nil && x.Type != nil { - return *x.Type - } - return TtyType_UNKNOWN -} - -func (x *TtyInfoEntry) GetLocked() bool { - if x != nil && x.Locked != nil { - return *x.Locked - } - return false -} - -func (x *TtyInfoEntry) GetExclusive() bool { - if x != nil && x.Exclusive != nil { - return *x.Exclusive - } - return false -} - -func (x *TtyInfoEntry) GetPacketMode() bool { - if x != nil && x.PacketMode != nil { - return *x.PacketMode - } - return false -} - -func (x *TtyInfoEntry) GetSid() uint32 { - if x != nil && x.Sid != nil { - return *x.Sid - } - return 0 -} - -func (x *TtyInfoEntry) GetPgrp() uint32 { - if x != nil && x.Pgrp != nil { - return *x.Pgrp - } - return 0 -} - -func (x *TtyInfoEntry) GetRdev() uint32 { - if x != nil && x.Rdev != nil { - return *x.Rdev - } - return 0 -} - -func (x *TtyInfoEntry) GetTermios() *TermiosEntry { - if x != nil { - return x.Termios - } - return nil -} - -func (x *TtyInfoEntry) GetTermiosLocked() *TermiosEntry { - if x != nil { - return x.TermiosLocked - } - return nil -} - -func (x *TtyInfoEntry) GetWinsize() *WinsizeEntry { - if x != nil { - return x.Winsize - } - return nil -} - -func (x *TtyInfoEntry) GetPty() *TtyPtyEntry { - if x != nil { - return x.Pty - } - return nil -} - -func (x *TtyInfoEntry) GetDev() uint32 { - if x != nil && x.Dev != nil { - return *x.Dev - } - return 0 -} - -func (x *TtyInfoEntry) GetUid() uint32 { - if x != nil && x.Uid != nil { - return *x.Uid - } - return 0 -} - -func (x *TtyInfoEntry) GetGid() uint32 { - if x != nil && x.Gid != nil { - return *x.Gid - } - return 0 -} - -type TtyFileEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Id *uint32 `protobuf:"varint,1,req,name=id" json:"id,omitempty"` - TtyInfoId *uint32 `protobuf:"varint,2,req,name=tty_info_id,json=ttyInfoId" json:"tty_info_id,omitempty"` - Flags *uint32 `protobuf:"varint,3,req,name=flags" json:"flags,omitempty"` - Fown *FownEntry `protobuf:"bytes,4,req,name=fown" json:"fown,omitempty"` - // optional sint32 mnt_id = 5 [default = 0]; - RegfId *uint32 `protobuf:"varint,6,opt,name=regf_id,json=regfId" json:"regf_id,omitempty"` -} - -func (x *TtyFileEntry) Reset() { - *x = TtyFileEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_tty_proto_msgTypes[5] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *TtyFileEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*TtyFileEntry) ProtoMessage() {} - -func (x *TtyFileEntry) ProtoReflect() protoreflect.Message { - mi := &file_tty_proto_msgTypes[5] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use TtyFileEntry.ProtoReflect.Descriptor instead. -func (*TtyFileEntry) Descriptor() ([]byte, []int) { - return file_tty_proto_rawDescGZIP(), []int{5} -} - -func (x *TtyFileEntry) GetId() uint32 { - if x != nil && x.Id != nil { - return *x.Id - } - return 0 -} - -func (x *TtyFileEntry) GetTtyInfoId() uint32 { - if x != nil && x.TtyInfoId != nil { - return *x.TtyInfoId - } - return 0 -} - -func (x *TtyFileEntry) GetFlags() uint32 { - if x != nil && x.Flags != nil { - return *x.Flags - } - return 0 -} - -func (x *TtyFileEntry) GetFown() *FownEntry { - if x != nil { - return x.Fown - } - return nil -} - -func (x *TtyFileEntry) GetRegfId() uint32 { - if x != nil && x.RegfId != nil { - return *x.RegfId - } - return 0 -} - -var File_tty_proto protoreflect.FileDescriptor - -var file_tty_proto_rawDesc = []byte{ - 0x0a, 0x09, 0x74, 0x74, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x6f, 0x70, 0x74, - 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x66, 0x6f, 0x77, 0x6e, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x22, 0x77, 0x0a, 0x0d, 0x77, 0x69, 0x6e, 0x73, 0x69, 0x7a, 0x65, 0x5f, 0x65, - 0x6e, 0x74, 0x72, 0x79, 0x12, 0x15, 0x0a, 0x06, 0x77, 0x73, 0x5f, 0x72, 0x6f, 0x77, 0x18, 0x01, - 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x77, 0x73, 0x52, 0x6f, 0x77, 0x12, 0x15, 0x0a, 0x06, 0x77, - 0x73, 0x5f, 0x63, 0x6f, 0x6c, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x77, 0x73, 0x43, - 0x6f, 0x6c, 0x12, 0x1b, 0x0a, 0x09, 0x77, 0x73, 0x5f, 0x78, 0x70, 0x69, 0x78, 0x65, 0x6c, 0x18, - 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x08, 0x77, 0x73, 0x58, 0x70, 0x69, 0x78, 0x65, 0x6c, 0x12, - 0x1b, 0x0a, 0x09, 0x77, 0x73, 0x5f, 0x79, 0x70, 0x69, 0x78, 0x65, 0x6c, 0x18, 0x04, 0x20, 0x02, - 0x28, 0x0d, 0x52, 0x08, 0x77, 0x73, 0x59, 0x70, 0x69, 0x78, 0x65, 0x6c, 0x22, 0xd3, 0x01, 0x0a, - 0x0d, 0x74, 0x65, 0x72, 0x6d, 0x69, 0x6f, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x17, - 0x0a, 0x07, 0x63, 0x5f, 0x69, 0x66, 0x6c, 0x61, 0x67, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, - 0x06, 0x63, 0x49, 0x66, 0x6c, 0x61, 0x67, 0x12, 0x17, 0x0a, 0x07, 0x63, 0x5f, 0x6f, 0x66, 0x6c, - 0x61, 0x67, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x06, 0x63, 0x4f, 0x66, 0x6c, 0x61, 0x67, - 0x12, 0x17, 0x0a, 0x07, 0x63, 0x5f, 0x63, 0x66, 0x6c, 0x61, 0x67, 0x18, 0x03, 0x20, 0x02, 0x28, - 0x0d, 0x52, 0x06, 0x63, 0x43, 0x66, 0x6c, 0x61, 0x67, 0x12, 0x17, 0x0a, 0x07, 0x63, 0x5f, 0x6c, - 0x66, 0x6c, 0x61, 0x67, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x06, 0x63, 0x4c, 0x66, 0x6c, - 0x61, 0x67, 0x12, 0x15, 0x0a, 0x06, 0x63, 0x5f, 0x6c, 0x69, 0x6e, 0x65, 0x18, 0x05, 0x20, 0x02, - 0x28, 0x0d, 0x52, 0x05, 0x63, 0x4c, 0x69, 0x6e, 0x65, 0x12, 0x19, 0x0a, 0x08, 0x63, 0x5f, 0x69, - 0x73, 0x70, 0x65, 0x65, 0x64, 0x18, 0x06, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x63, 0x49, 0x73, - 0x70, 0x65, 0x65, 0x64, 0x12, 0x19, 0x0a, 0x08, 0x63, 0x5f, 0x6f, 0x73, 0x70, 0x65, 0x65, 0x64, - 0x18, 0x07, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, 0x63, 0x4f, 0x73, 0x70, 0x65, 0x65, 0x64, 0x12, - 0x11, 0x0a, 0x04, 0x63, 0x5f, 0x63, 0x63, 0x18, 0x08, 0x20, 0x03, 0x28, 0x0d, 0x52, 0x03, 0x63, - 0x43, 0x63, 0x22, 0x25, 0x0a, 0x0d, 0x74, 0x74, 0x79, 0x5f, 0x70, 0x74, 0x79, 0x5f, 0x65, 0x6e, - 0x74, 0x72, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x01, 0x20, 0x02, - 0x28, 0x0d, 0x52, 0x05, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x22, 0x3b, 0x0a, 0x0e, 0x74, 0x74, 0x79, - 0x5f, 0x64, 0x61, 0x74, 0x61, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x15, 0x0a, 0x06, 0x74, - 0x74, 0x79, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x74, 0x74, 0x79, - 0x49, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x64, 0x61, 0x74, 0x61, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0c, - 0x52, 0x04, 0x64, 0x61, 0x74, 0x61, 0x22, 0xb2, 0x03, 0x0a, 0x0e, 0x74, 0x74, 0x79, 0x5f, 0x69, - 0x6e, 0x66, 0x6f, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, - 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, 0x1c, 0x0a, 0x04, 0x74, 0x79, 0x70, - 0x65, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0e, 0x32, 0x08, 0x2e, 0x54, 0x74, 0x79, 0x54, 0x79, 0x70, - 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x6c, 0x6f, 0x63, 0x6b, 0x65, - 0x64, 0x18, 0x03, 0x20, 0x02, 0x28, 0x08, 0x52, 0x06, 0x6c, 0x6f, 0x63, 0x6b, 0x65, 0x64, 0x12, - 0x1c, 0x0a, 0x09, 0x65, 0x78, 0x63, 0x6c, 0x75, 0x73, 0x69, 0x76, 0x65, 0x18, 0x04, 0x20, 0x02, - 0x28, 0x08, 0x52, 0x09, 0x65, 0x78, 0x63, 0x6c, 0x75, 0x73, 0x69, 0x76, 0x65, 0x12, 0x1f, 0x0a, - 0x0b, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x05, 0x20, 0x02, - 0x28, 0x08, 0x52, 0x0a, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x10, - 0x0a, 0x03, 0x73, 0x69, 0x64, 0x18, 0x06, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x03, 0x73, 0x69, 0x64, - 0x12, 0x12, 0x0a, 0x04, 0x70, 0x67, 0x72, 0x70, 0x18, 0x07, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x04, - 0x70, 0x67, 0x72, 0x70, 0x12, 0x12, 0x0a, 0x04, 0x72, 0x64, 0x65, 0x76, 0x18, 0x08, 0x20, 0x02, - 0x28, 0x0d, 0x52, 0x04, 0x72, 0x64, 0x65, 0x76, 0x12, 0x28, 0x0a, 0x07, 0x74, 0x65, 0x72, 0x6d, - 0x69, 0x6f, 0x73, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x74, 0x65, 0x72, 0x6d, - 0x69, 0x6f, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x74, 0x65, 0x72, 0x6d, 0x69, - 0x6f, 0x73, 0x12, 0x35, 0x0a, 0x0e, 0x74, 0x65, 0x72, 0x6d, 0x69, 0x6f, 0x73, 0x5f, 0x6c, 0x6f, - 0x63, 0x6b, 0x65, 0x64, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x74, 0x65, 0x72, - 0x6d, 0x69, 0x6f, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0d, 0x74, 0x65, 0x72, 0x6d, - 0x69, 0x6f, 0x73, 0x4c, 0x6f, 0x63, 0x6b, 0x65, 0x64, 0x12, 0x28, 0x0a, 0x07, 0x77, 0x69, 0x6e, - 0x73, 0x69, 0x7a, 0x65, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x77, 0x69, 0x6e, - 0x73, 0x69, 0x7a, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x77, 0x69, 0x6e, 0x73, - 0x69, 0x7a, 0x65, 0x12, 0x20, 0x0a, 0x03, 0x70, 0x74, 0x79, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x0e, 0x2e, 0x74, 0x74, 0x79, 0x5f, 0x70, 0x74, 0x79, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, - 0x52, 0x03, 0x70, 0x74, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x64, 0x65, 0x76, 0x18, 0x0d, 0x20, 0x01, - 0x28, 0x0d, 0x52, 0x03, 0x64, 0x65, 0x76, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x69, 0x64, 0x18, 0x0e, - 0x20, 0x01, 0x28, 0x0d, 0x52, 0x03, 0x75, 0x69, 0x64, 0x12, 0x10, 0x0a, 0x03, 0x67, 0x69, 0x64, - 0x18, 0x0f, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x03, 0x67, 0x69, 0x64, 0x22, 0x97, 0x01, 0x0a, 0x0e, - 0x74, 0x74, 0x79, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, - 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, 0x1e, - 0x0a, 0x0b, 0x74, 0x74, 0x79, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, - 0x02, 0x28, 0x0d, 0x52, 0x09, 0x74, 0x74, 0x79, 0x49, 0x6e, 0x66, 0x6f, 0x49, 0x64, 0x12, 0x1b, - 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x05, 0xd2, - 0x3f, 0x02, 0x08, 0x01, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x1f, 0x0a, 0x04, 0x66, - 0x6f, 0x77, 0x6e, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0b, 0x32, 0x0b, 0x2e, 0x66, 0x6f, 0x77, 0x6e, - 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x66, 0x6f, 0x77, 0x6e, 0x12, 0x17, 0x0a, 0x07, - 0x72, 0x65, 0x67, 0x66, 0x5f, 0x69, 0x64, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x06, 0x72, - 0x65, 0x67, 0x66, 0x49, 0x64, 0x2a, 0x57, 0x0a, 0x07, 0x54, 0x74, 0x79, 0x54, 0x79, 0x70, 0x65, - 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x07, 0x0a, - 0x03, 0x50, 0x54, 0x59, 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x43, 0x4f, 0x4e, 0x53, 0x4f, 0x4c, - 0x45, 0x10, 0x02, 0x12, 0x06, 0x0a, 0x02, 0x56, 0x54, 0x10, 0x03, 0x12, 0x08, 0x0a, 0x04, 0x43, - 0x54, 0x54, 0x59, 0x10, 0x04, 0x12, 0x0b, 0x0a, 0x07, 0x45, 0x58, 0x54, 0x5f, 0x54, 0x54, 0x59, - 0x10, 0x05, 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x45, 0x52, 0x49, 0x41, 0x4c, 0x10, 0x06, -} - -var ( - file_tty_proto_rawDescOnce sync.Once - file_tty_proto_rawDescData = file_tty_proto_rawDesc -) - -func file_tty_proto_rawDescGZIP() []byte { - file_tty_proto_rawDescOnce.Do(func() { - file_tty_proto_rawDescData = protoimpl.X.CompressGZIP(file_tty_proto_rawDescData) - }) - return file_tty_proto_rawDescData -} - -var file_tty_proto_enumTypes = make([]protoimpl.EnumInfo, 1) -var file_tty_proto_msgTypes = make([]protoimpl.MessageInfo, 6) -var file_tty_proto_goTypes = []interface{}{ - (TtyType)(0), // 0: TtyType - (*WinsizeEntry)(nil), // 1: winsize_entry - (*TermiosEntry)(nil), // 2: termios_entry - (*TtyPtyEntry)(nil), // 3: tty_pty_entry - (*TtyDataEntry)(nil), // 4: tty_data_entry - (*TtyInfoEntry)(nil), // 5: tty_info_entry - (*TtyFileEntry)(nil), // 6: tty_file_entry - (*FownEntry)(nil), // 7: fown_entry -} -var file_tty_proto_depIdxs = []int32{ - 0, // 0: tty_info_entry.type:type_name -> TtyType - 2, // 1: tty_info_entry.termios:type_name -> termios_entry - 2, // 2: tty_info_entry.termios_locked:type_name -> termios_entry - 1, // 3: tty_info_entry.winsize:type_name -> winsize_entry - 3, // 4: tty_info_entry.pty:type_name -> tty_pty_entry - 7, // 5: tty_file_entry.fown:type_name -> fown_entry - 6, // [6:6] is the sub-list for method output_type - 6, // [6:6] is the sub-list for method input_type - 6, // [6:6] is the sub-list for extension type_name - 6, // [6:6] is the sub-list for extension extendee - 0, // [0:6] is the sub-list for field type_name -} - -func init() { file_tty_proto_init() } -func file_tty_proto_init() { - if File_tty_proto != nil { - return - } - file_opts_proto_init() - file_fown_proto_init() - if !protoimpl.UnsafeEnabled { - file_tty_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*WinsizeEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_tty_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*TermiosEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_tty_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*TtyPtyEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_tty_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*TtyDataEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_tty_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*TtyInfoEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_tty_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*TtyFileEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_tty_proto_rawDesc, - NumEnums: 1, - NumMessages: 6, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_tty_proto_goTypes, - DependencyIndexes: file_tty_proto_depIdxs, - EnumInfos: file_tty_proto_enumTypes, - MessageInfos: file_tty_proto_msgTypes, - }.Build() - File_tty_proto = out.File - file_tty_proto_rawDesc = nil - file_tty_proto_goTypes = nil - file_tty_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tty.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tty.proto deleted file mode 100644 index 14bc543ece3..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tty.proto +++ /dev/null @@ -1,92 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -import "opts.proto"; -import "fown.proto"; - -message winsize_entry { - required uint32 ws_row = 1; - required uint32 ws_col = 2; - required uint32 ws_xpixel = 3; - required uint32 ws_ypixel = 4; -}; - -message termios_entry { - required uint32 c_iflag = 1; - required uint32 c_oflag = 2; - required uint32 c_cflag = 3; - required uint32 c_lflag = 4; - required uint32 c_line = 5; - required uint32 c_ispeed = 6; - required uint32 c_ospeed = 7; - - repeated uint32 c_cc = 8; -} - -message tty_pty_entry { - required uint32 index = 1; -} - -enum TtyType { - UNKNOWN = 0; - PTY = 1; - CONSOLE = 2; - VT = 3; - CTTY = 4; - EXT_TTY = 5; - SERIAL = 6; -} - -message tty_data_entry { - required uint32 tty_id = 1; - required bytes data = 2; - - // optional sint32 mnt_id = 3 [default = 0]; -} - -message tty_info_entry { - required uint32 id = 1; - - required TtyType type = 2; - - required bool locked = 3; /* Unix98 PTY only */ - required bool exclusive = 4; - required bool packet_mode = 5; /* Unix98 PTY only */ - - required uint32 sid = 6; - required uint32 pgrp = 7; - - /* - * Convenient for printing errors and such, with this - * device encoded we can figure out major and minor - * numbers. - */ - required uint32 rdev = 8; - - optional termios_entry termios = 9; - optional termios_entry termios_locked = 10; - optional winsize_entry winsize = 11; - - /* - * These are optional fields which presence depends on - * TTY type. - */ - optional tty_pty_entry pty = 12; - optional uint32 dev = 13; - - optional uint32 uid = 14; - optional uint32 gid = 15; - - // optional sint32 mnt_id = 16 [default = 0]; -}; - -message tty_file_entry { - required uint32 id = 1; - required uint32 tty_info_id = 2; - - required uint32 flags = 3 [(criu).hex = true]; - required fown_entry fown = 4; - // optional sint32 mnt_id = 5 [default = 0]; - optional uint32 regf_id = 6; -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tun.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tun.pb.go deleted file mode 100644 index 7d33bdf6cfd..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tun.pb.go +++ /dev/null @@ -1,272 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: tun.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type TunfileEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Id *uint32 `protobuf:"varint,1,req,name=id" json:"id,omitempty"` - Netdev *string `protobuf:"bytes,2,opt,name=netdev" json:"netdev,omitempty"` - Detached *bool `protobuf:"varint,3,opt,name=detached" json:"detached,omitempty"` - NsId *uint32 `protobuf:"varint,4,opt,name=ns_id,json=nsId" json:"ns_id,omitempty"` -} - -func (x *TunfileEntry) Reset() { - *x = TunfileEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_tun_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *TunfileEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*TunfileEntry) ProtoMessage() {} - -func (x *TunfileEntry) ProtoReflect() protoreflect.Message { - mi := &file_tun_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use TunfileEntry.ProtoReflect.Descriptor instead. -func (*TunfileEntry) Descriptor() ([]byte, []int) { - return file_tun_proto_rawDescGZIP(), []int{0} -} - -func (x *TunfileEntry) GetId() uint32 { - if x != nil && x.Id != nil { - return *x.Id - } - return 0 -} - -func (x *TunfileEntry) GetNetdev() string { - if x != nil && x.Netdev != nil { - return *x.Netdev - } - return "" -} - -func (x *TunfileEntry) GetDetached() bool { - if x != nil && x.Detached != nil { - return *x.Detached - } - return false -} - -func (x *TunfileEntry) GetNsId() uint32 { - if x != nil && x.NsId != nil { - return *x.NsId - } - return 0 -} - -type TunLinkEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Flags *uint32 `protobuf:"varint,1,req,name=flags" json:"flags,omitempty"` - Owner *int32 `protobuf:"varint,2,req,name=owner" json:"owner,omitempty"` - Group *int32 `protobuf:"varint,3,req,name=group" json:"group,omitempty"` - Vnethdr *uint32 `protobuf:"varint,4,req,name=vnethdr" json:"vnethdr,omitempty"` - Sndbuf *uint32 `protobuf:"varint,5,req,name=sndbuf" json:"sndbuf,omitempty"` -} - -func (x *TunLinkEntry) Reset() { - *x = TunLinkEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_tun_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *TunLinkEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*TunLinkEntry) ProtoMessage() {} - -func (x *TunLinkEntry) ProtoReflect() protoreflect.Message { - mi := &file_tun_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use TunLinkEntry.ProtoReflect.Descriptor instead. -func (*TunLinkEntry) Descriptor() ([]byte, []int) { - return file_tun_proto_rawDescGZIP(), []int{1} -} - -func (x *TunLinkEntry) GetFlags() uint32 { - if x != nil && x.Flags != nil { - return *x.Flags - } - return 0 -} - -func (x *TunLinkEntry) GetOwner() int32 { - if x != nil && x.Owner != nil { - return *x.Owner - } - return 0 -} - -func (x *TunLinkEntry) GetGroup() int32 { - if x != nil && x.Group != nil { - return *x.Group - } - return 0 -} - -func (x *TunLinkEntry) GetVnethdr() uint32 { - if x != nil && x.Vnethdr != nil { - return *x.Vnethdr - } - return 0 -} - -func (x *TunLinkEntry) GetSndbuf() uint32 { - if x != nil && x.Sndbuf != nil { - return *x.Sndbuf - } - return 0 -} - -var File_tun_proto protoreflect.FileDescriptor - -var file_tun_proto_rawDesc = []byte{ - 0x0a, 0x09, 0x74, 0x75, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x6f, 0x70, 0x74, - 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x68, 0x0a, 0x0d, 0x74, 0x75, 0x6e, 0x66, 0x69, - 0x6c, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, - 0x20, 0x02, 0x28, 0x0d, 0x52, 0x02, 0x69, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x6e, 0x65, 0x74, 0x64, - 0x65, 0x76, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x6e, 0x65, 0x74, 0x64, 0x65, 0x76, - 0x12, 0x1a, 0x0a, 0x08, 0x64, 0x65, 0x74, 0x61, 0x63, 0x68, 0x65, 0x64, 0x18, 0x03, 0x20, 0x01, - 0x28, 0x08, 0x52, 0x08, 0x64, 0x65, 0x74, 0x61, 0x63, 0x68, 0x65, 0x64, 0x12, 0x13, 0x0a, 0x05, - 0x6e, 0x73, 0x5f, 0x69, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x04, 0x6e, 0x73, 0x49, - 0x64, 0x22, 0x8b, 0x01, 0x0a, 0x0e, 0x74, 0x75, 0x6e, 0x5f, 0x6c, 0x69, 0x6e, 0x6b, 0x5f, 0x65, - 0x6e, 0x74, 0x72, 0x79, 0x12, 0x1b, 0x0a, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x18, 0x01, 0x20, - 0x02, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, - 0x73, 0x12, 0x14, 0x0a, 0x05, 0x6f, 0x77, 0x6e, 0x65, 0x72, 0x18, 0x02, 0x20, 0x02, 0x28, 0x05, - 0x52, 0x05, 0x6f, 0x77, 0x6e, 0x65, 0x72, 0x12, 0x14, 0x0a, 0x05, 0x67, 0x72, 0x6f, 0x75, 0x70, - 0x18, 0x03, 0x20, 0x02, 0x28, 0x05, 0x52, 0x05, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x18, 0x0a, - 0x07, 0x76, 0x6e, 0x65, 0x74, 0x68, 0x64, 0x72, 0x18, 0x04, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x07, - 0x76, 0x6e, 0x65, 0x74, 0x68, 0x64, 0x72, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x6e, 0x64, 0x62, 0x75, - 0x66, 0x18, 0x05, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x06, 0x73, 0x6e, 0x64, 0x62, 0x75, 0x66, -} - -var ( - file_tun_proto_rawDescOnce sync.Once - file_tun_proto_rawDescData = file_tun_proto_rawDesc -) - -func file_tun_proto_rawDescGZIP() []byte { - file_tun_proto_rawDescOnce.Do(func() { - file_tun_proto_rawDescData = protoimpl.X.CompressGZIP(file_tun_proto_rawDescData) - }) - return file_tun_proto_rawDescData -} - -var file_tun_proto_msgTypes = make([]protoimpl.MessageInfo, 2) -var file_tun_proto_goTypes = []interface{}{ - (*TunfileEntry)(nil), // 0: tunfile_entry - (*TunLinkEntry)(nil), // 1: tun_link_entry -} -var file_tun_proto_depIdxs = []int32{ - 0, // [0:0] is the sub-list for method output_type - 0, // [0:0] is the sub-list for method input_type - 0, // [0:0] is the sub-list for extension type_name - 0, // [0:0] is the sub-list for extension extendee - 0, // [0:0] is the sub-list for field type_name -} - -func init() { file_tun_proto_init() } -func file_tun_proto_init() { - if File_tun_proto != nil { - return - } - file_opts_proto_init() - if !protoimpl.UnsafeEnabled { - file_tun_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*TunfileEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_tun_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*TunLinkEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_tun_proto_rawDesc, - NumEnums: 0, - NumMessages: 2, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_tun_proto_goTypes, - DependencyIndexes: file_tun_proto_depIdxs, - MessageInfos: file_tun_proto_msgTypes, - }.Build() - File_tun_proto = out.File - file_tun_proto_rawDesc = nil - file_tun_proto_goTypes = nil - file_tun_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tun.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tun.proto deleted file mode 100644 index ad61037db16..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/tun.proto +++ /dev/null @@ -1,20 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -import "opts.proto"; - -message tunfile_entry { - required uint32 id = 1; - optional string netdev = 2; - optional bool detached = 3; - optional uint32 ns_id = 4; -}; - -message tun_link_entry { - required uint32 flags = 1 [(criu).hex = true]; - required int32 owner = 2; - required int32 group = 3; - required uint32 vnethdr = 4; - required uint32 sndbuf = 5; -}; diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/userns.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/userns.pb.go deleted file mode 100644 index 57b30d473f6..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/userns.pb.go +++ /dev/null @@ -1,238 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: userns.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type UidGidExtent struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - First *uint32 `protobuf:"varint,1,req,name=first" json:"first,omitempty"` - LowerFirst *uint32 `protobuf:"varint,2,req,name=lower_first,json=lowerFirst" json:"lower_first,omitempty"` - Count *uint32 `protobuf:"varint,3,req,name=count" json:"count,omitempty"` -} - -func (x *UidGidExtent) Reset() { - *x = UidGidExtent{} - if protoimpl.UnsafeEnabled { - mi := &file_userns_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *UidGidExtent) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*UidGidExtent) ProtoMessage() {} - -func (x *UidGidExtent) ProtoReflect() protoreflect.Message { - mi := &file_userns_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use UidGidExtent.ProtoReflect.Descriptor instead. -func (*UidGidExtent) Descriptor() ([]byte, []int) { - return file_userns_proto_rawDescGZIP(), []int{0} -} - -func (x *UidGidExtent) GetFirst() uint32 { - if x != nil && x.First != nil { - return *x.First - } - return 0 -} - -func (x *UidGidExtent) GetLowerFirst() uint32 { - if x != nil && x.LowerFirst != nil { - return *x.LowerFirst - } - return 0 -} - -func (x *UidGidExtent) GetCount() uint32 { - if x != nil && x.Count != nil { - return *x.Count - } - return 0 -} - -type UsernsEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - UidMap []*UidGidExtent `protobuf:"bytes,1,rep,name=uid_map,json=uidMap" json:"uid_map,omitempty"` - GidMap []*UidGidExtent `protobuf:"bytes,2,rep,name=gid_map,json=gidMap" json:"gid_map,omitempty"` -} - -func (x *UsernsEntry) Reset() { - *x = UsernsEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_userns_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *UsernsEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*UsernsEntry) ProtoMessage() {} - -func (x *UsernsEntry) ProtoReflect() protoreflect.Message { - mi := &file_userns_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use UsernsEntry.ProtoReflect.Descriptor instead. -func (*UsernsEntry) Descriptor() ([]byte, []int) { - return file_userns_proto_rawDescGZIP(), []int{1} -} - -func (x *UsernsEntry) GetUidMap() []*UidGidExtent { - if x != nil { - return x.UidMap - } - return nil -} - -func (x *UsernsEntry) GetGidMap() []*UidGidExtent { - if x != nil { - return x.GidMap - } - return nil -} - -var File_userns_proto protoreflect.FileDescriptor - -var file_userns_proto_rawDesc = []byte{ - 0x0a, 0x0c, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x5d, - 0x0a, 0x0e, 0x75, 0x69, 0x64, 0x5f, 0x67, 0x69, 0x64, 0x5f, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x74, - 0x12, 0x14, 0x0a, 0x05, 0x66, 0x69, 0x72, 0x73, 0x74, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, 0x52, - 0x05, 0x66, 0x69, 0x72, 0x73, 0x74, 0x12, 0x1f, 0x0a, 0x0b, 0x6c, 0x6f, 0x77, 0x65, 0x72, 0x5f, - 0x66, 0x69, 0x72, 0x73, 0x74, 0x18, 0x02, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x0a, 0x6c, 0x6f, 0x77, - 0x65, 0x72, 0x46, 0x69, 0x72, 0x73, 0x74, 0x12, 0x14, 0x0a, 0x05, 0x63, 0x6f, 0x75, 0x6e, 0x74, - 0x18, 0x03, 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x22, 0x62, 0x0a, - 0x0c, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x28, 0x0a, - 0x07, 0x75, 0x69, 0x64, 0x5f, 0x6d, 0x61, 0x70, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0f, - 0x2e, 0x75, 0x69, 0x64, 0x5f, 0x67, 0x69, 0x64, 0x5f, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x74, 0x52, - 0x06, 0x75, 0x69, 0x64, 0x4d, 0x61, 0x70, 0x12, 0x28, 0x0a, 0x07, 0x67, 0x69, 0x64, 0x5f, 0x6d, - 0x61, 0x70, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x75, 0x69, 0x64, 0x5f, 0x67, - 0x69, 0x64, 0x5f, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x74, 0x52, 0x06, 0x67, 0x69, 0x64, 0x4d, 0x61, - 0x70, -} - -var ( - file_userns_proto_rawDescOnce sync.Once - file_userns_proto_rawDescData = file_userns_proto_rawDesc -) - -func file_userns_proto_rawDescGZIP() []byte { - file_userns_proto_rawDescOnce.Do(func() { - file_userns_proto_rawDescData = protoimpl.X.CompressGZIP(file_userns_proto_rawDescData) - }) - return file_userns_proto_rawDescData -} - -var file_userns_proto_msgTypes = make([]protoimpl.MessageInfo, 2) -var file_userns_proto_goTypes = []interface{}{ - (*UidGidExtent)(nil), // 0: uid_gid_extent - (*UsernsEntry)(nil), // 1: userns_entry -} -var file_userns_proto_depIdxs = []int32{ - 0, // 0: userns_entry.uid_map:type_name -> uid_gid_extent - 0, // 1: userns_entry.gid_map:type_name -> uid_gid_extent - 2, // [2:2] is the sub-list for method output_type - 2, // [2:2] is the sub-list for method input_type - 2, // [2:2] is the sub-list for extension type_name - 2, // [2:2] is the sub-list for extension extendee - 0, // [0:2] is the sub-list for field type_name -} - -func init() { file_userns_proto_init() } -func file_userns_proto_init() { - if File_userns_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_userns_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*UidGidExtent); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_userns_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*UsernsEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_userns_proto_rawDesc, - NumEnums: 0, - NumMessages: 2, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_userns_proto_goTypes, - DependencyIndexes: file_userns_proto_depIdxs, - MessageInfos: file_userns_proto_msgTypes, - }.Build() - File_userns_proto = out.File - file_userns_proto_rawDesc = nil - file_userns_proto_goTypes = nil - file_userns_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/userns.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/userns.proto deleted file mode 100644 index 3a23cbbf876..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/userns.proto +++ /dev/null @@ -1,14 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -message uid_gid_extent { - required uint32 first = 1; - required uint32 lower_first = 2; - required uint32 count = 3; -} - -message userns_entry { - repeated uid_gid_extent uid_map = 1; - repeated uid_gid_extent gid_map = 2; -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/utsns.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/utsns.pb.go deleted file mode 100644 index 64d7139b0ba..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/utsns.pb.go +++ /dev/null @@ -1,152 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: utsns.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type UtsnsEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Nodename *string `protobuf:"bytes,1,req,name=nodename" json:"nodename,omitempty"` - Domainname *string `protobuf:"bytes,2,req,name=domainname" json:"domainname,omitempty"` -} - -func (x *UtsnsEntry) Reset() { - *x = UtsnsEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_utsns_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *UtsnsEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*UtsnsEntry) ProtoMessage() {} - -func (x *UtsnsEntry) ProtoReflect() protoreflect.Message { - mi := &file_utsns_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use UtsnsEntry.ProtoReflect.Descriptor instead. -func (*UtsnsEntry) Descriptor() ([]byte, []int) { - return file_utsns_proto_rawDescGZIP(), []int{0} -} - -func (x *UtsnsEntry) GetNodename() string { - if x != nil && x.Nodename != nil { - return *x.Nodename - } - return "" -} - -func (x *UtsnsEntry) GetDomainname() string { - if x != nil && x.Domainname != nil { - return *x.Domainname - } - return "" -} - -var File_utsns_proto protoreflect.FileDescriptor - -var file_utsns_proto_rawDesc = []byte{ - 0x0a, 0x0b, 0x75, 0x74, 0x73, 0x6e, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x49, 0x0a, - 0x0b, 0x75, 0x74, 0x73, 0x6e, 0x73, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x1a, 0x0a, 0x08, - 0x6e, 0x6f, 0x64, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x09, 0x52, 0x08, - 0x6e, 0x6f, 0x64, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1e, 0x0a, 0x0a, 0x64, 0x6f, 0x6d, 0x61, - 0x69, 0x6e, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x02, 0x28, 0x09, 0x52, 0x0a, 0x64, 0x6f, - 0x6d, 0x61, 0x69, 0x6e, 0x6e, 0x61, 0x6d, 0x65, -} - -var ( - file_utsns_proto_rawDescOnce sync.Once - file_utsns_proto_rawDescData = file_utsns_proto_rawDesc -) - -func file_utsns_proto_rawDescGZIP() []byte { - file_utsns_proto_rawDescOnce.Do(func() { - file_utsns_proto_rawDescData = protoimpl.X.CompressGZIP(file_utsns_proto_rawDescData) - }) - return file_utsns_proto_rawDescData -} - -var file_utsns_proto_msgTypes = make([]protoimpl.MessageInfo, 1) -var file_utsns_proto_goTypes = []interface{}{ - (*UtsnsEntry)(nil), // 0: utsns_entry -} -var file_utsns_proto_depIdxs = []int32{ - 0, // [0:0] is the sub-list for method output_type - 0, // [0:0] is the sub-list for method input_type - 0, // [0:0] is the sub-list for extension type_name - 0, // [0:0] is the sub-list for extension extendee - 0, // [0:0] is the sub-list for field type_name -} - -func init() { file_utsns_proto_init() } -func file_utsns_proto_init() { - if File_utsns_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_utsns_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*UtsnsEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_utsns_proto_rawDesc, - NumEnums: 0, - NumMessages: 1, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_utsns_proto_goTypes, - DependencyIndexes: file_utsns_proto_depIdxs, - MessageInfos: file_utsns_proto_msgTypes, - }.Build() - File_utsns_proto = out.File - file_utsns_proto_rawDesc = nil - file_utsns_proto_goTypes = nil - file_utsns_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/utsns.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/utsns.proto deleted file mode 100644 index efc689fa55b..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/utsns.proto +++ /dev/null @@ -1,8 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -message utsns_entry { - required string nodename = 1; - required string domainname = 2; -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/vma.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/vma.pb.go deleted file mode 100644 index 03435002805..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/vma.pb.go +++ /dev/null @@ -1,237 +0,0 @@ -// SPDX-License-Identifier: MIT - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: vma.proto - -package images - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type VmaEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Start *uint64 `protobuf:"varint,1,req,name=start" json:"start,omitempty"` - End *uint64 `protobuf:"varint,2,req,name=end" json:"end,omitempty"` - Pgoff *uint64 `protobuf:"varint,3,req,name=pgoff" json:"pgoff,omitempty"` - Shmid *uint64 `protobuf:"varint,4,req,name=shmid" json:"shmid,omitempty"` - Prot *uint32 `protobuf:"varint,5,req,name=prot" json:"prot,omitempty"` - Flags *uint32 `protobuf:"varint,6,req,name=flags" json:"flags,omitempty"` - Status *uint32 `protobuf:"varint,7,req,name=status" json:"status,omitempty"` - // This fd thing is unused in the image, it was lost - // while switching from execve restore model. It is - // -1 by default. - Fd *int64 `protobuf:"zigzag64,8,req,name=fd" json:"fd,omitempty"` - // madvise flags bitmap - Madv *uint64 `protobuf:"varint,9,opt,name=madv" json:"madv,omitempty"` - // file status flags - Fdflags *uint32 `protobuf:"varint,10,opt,name=fdflags" json:"fdflags,omitempty"` -} - -func (x *VmaEntry) Reset() { - *x = VmaEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_vma_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *VmaEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*VmaEntry) ProtoMessage() {} - -func (x *VmaEntry) ProtoReflect() protoreflect.Message { - mi := &file_vma_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use VmaEntry.ProtoReflect.Descriptor instead. -func (*VmaEntry) Descriptor() ([]byte, []int) { - return file_vma_proto_rawDescGZIP(), []int{0} -} - -func (x *VmaEntry) GetStart() uint64 { - if x != nil && x.Start != nil { - return *x.Start - } - return 0 -} - -func (x *VmaEntry) GetEnd() uint64 { - if x != nil && x.End != nil { - return *x.End - } - return 0 -} - -func (x *VmaEntry) GetPgoff() uint64 { - if x != nil && x.Pgoff != nil { - return *x.Pgoff - } - return 0 -} - -func (x *VmaEntry) GetShmid() uint64 { - if x != nil && x.Shmid != nil { - return *x.Shmid - } - return 0 -} - -func (x *VmaEntry) GetProt() uint32 { - if x != nil && x.Prot != nil { - return *x.Prot - } - return 0 -} - -func (x *VmaEntry) GetFlags() uint32 { - if x != nil && x.Flags != nil { - return *x.Flags - } - return 0 -} - -func (x *VmaEntry) GetStatus() uint32 { - if x != nil && x.Status != nil { - return *x.Status - } - return 0 -} - -func (x *VmaEntry) GetFd() int64 { - if x != nil && x.Fd != nil { - return *x.Fd - } - return 0 -} - -func (x *VmaEntry) GetMadv() uint64 { - if x != nil && x.Madv != nil { - return *x.Madv - } - return 0 -} - -func (x *VmaEntry) GetFdflags() uint32 { - if x != nil && x.Fdflags != nil { - return *x.Fdflags - } - return 0 -} - -var File_vma_proto protoreflect.FileDescriptor - -var file_vma_proto_rawDesc = []byte{ - 0x0a, 0x09, 0x76, 0x6d, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0a, 0x6f, 0x70, 0x74, - 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xae, 0x02, 0x0a, 0x09, 0x76, 0x6d, 0x61, 0x5f, - 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x1b, 0x0a, 0x05, 0x73, 0x74, 0x61, 0x72, 0x74, 0x18, 0x01, - 0x20, 0x02, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x05, 0x73, 0x74, 0x61, - 0x72, 0x74, 0x12, 0x17, 0x0a, 0x03, 0x65, 0x6e, 0x64, 0x18, 0x02, 0x20, 0x02, 0x28, 0x04, 0x42, - 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, 0x03, 0x65, 0x6e, 0x64, 0x12, 0x14, 0x0a, 0x05, 0x70, - 0x67, 0x6f, 0x66, 0x66, 0x18, 0x03, 0x20, 0x02, 0x28, 0x04, 0x52, 0x05, 0x70, 0x67, 0x6f, 0x66, - 0x66, 0x12, 0x14, 0x0a, 0x05, 0x73, 0x68, 0x6d, 0x69, 0x64, 0x18, 0x04, 0x20, 0x02, 0x28, 0x04, - 0x52, 0x05, 0x73, 0x68, 0x6d, 0x69, 0x64, 0x12, 0x22, 0x0a, 0x04, 0x70, 0x72, 0x6f, 0x74, 0x18, - 0x05, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x0e, 0xd2, 0x3f, 0x0b, 0x1a, 0x09, 0x6d, 0x6d, 0x61, 0x70, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x52, 0x04, 0x70, 0x72, 0x6f, 0x74, 0x12, 0x25, 0x0a, 0x05, 0x66, - 0x6c, 0x61, 0x67, 0x73, 0x18, 0x06, 0x20, 0x02, 0x28, 0x0d, 0x42, 0x0f, 0xd2, 0x3f, 0x0c, 0x1a, - 0x0a, 0x6d, 0x6d, 0x61, 0x70, 0x2e, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x52, 0x05, 0x66, 0x6c, 0x61, - 0x67, 0x73, 0x12, 0x28, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x07, 0x20, 0x02, - 0x28, 0x0d, 0x42, 0x10, 0xd2, 0x3f, 0x0d, 0x1a, 0x0b, 0x6d, 0x6d, 0x61, 0x70, 0x2e, 0x73, 0x74, - 0x61, 0x74, 0x75, 0x73, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x0e, 0x0a, 0x02, - 0x66, 0x64, 0x18, 0x08, 0x20, 0x02, 0x28, 0x12, 0x52, 0x02, 0x66, 0x64, 0x12, 0x19, 0x0a, 0x04, - 0x6d, 0x61, 0x64, 0x76, 0x18, 0x09, 0x20, 0x01, 0x28, 0x04, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, - 0x01, 0x52, 0x04, 0x6d, 0x61, 0x64, 0x76, 0x12, 0x1f, 0x0a, 0x07, 0x66, 0x64, 0x66, 0x6c, 0x61, - 0x67, 0x73, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0d, 0x42, 0x05, 0xd2, 0x3f, 0x02, 0x08, 0x01, 0x52, - 0x07, 0x66, 0x64, 0x66, 0x6c, 0x61, 0x67, 0x73, -} - -var ( - file_vma_proto_rawDescOnce sync.Once - file_vma_proto_rawDescData = file_vma_proto_rawDesc -) - -func file_vma_proto_rawDescGZIP() []byte { - file_vma_proto_rawDescOnce.Do(func() { - file_vma_proto_rawDescData = protoimpl.X.CompressGZIP(file_vma_proto_rawDescData) - }) - return file_vma_proto_rawDescData -} - -var file_vma_proto_msgTypes = make([]protoimpl.MessageInfo, 1) -var file_vma_proto_goTypes = []interface{}{ - (*VmaEntry)(nil), // 0: vma_entry -} -var file_vma_proto_depIdxs = []int32{ - 0, // [0:0] is the sub-list for method output_type - 0, // [0:0] is the sub-list for method input_type - 0, // [0:0] is the sub-list for extension type_name - 0, // [0:0] is the sub-list for extension extendee - 0, // [0:0] is the sub-list for field type_name -} - -func init() { file_vma_proto_init() } -func file_vma_proto_init() { - if File_vma_proto != nil { - return - } - file_opts_proto_init() - if !protoimpl.UnsafeEnabled { - file_vma_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*VmaEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_vma_proto_rawDesc, - NumEnums: 0, - NumMessages: 1, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_vma_proto_goTypes, - DependencyIndexes: file_vma_proto_depIdxs, - MessageInfos: file_vma_proto_msgTypes, - }.Build() - File_vma_proto = out.File - file_vma_proto_rawDesc = nil - file_vma_proto_goTypes = nil - file_vma_proto_depIdxs = nil -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/vma.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/vma.proto deleted file mode 100644 index 0c07d51c6b2..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/vma.proto +++ /dev/null @@ -1,27 +0,0 @@ -// SPDX-License-Identifier: MIT - -syntax = "proto2"; - -import "opts.proto"; - -message vma_entry { - required uint64 start = 1 [(criu).hex = true]; - required uint64 end = 2 [(criu).hex = true]; - required uint64 pgoff = 3; - required uint64 shmid = 4; - required uint32 prot = 5 [(criu).flags = "mmap.prot" ]; - required uint32 flags = 6 [(criu).flags = "mmap.flags" ]; - required uint32 status = 7 [(criu).flags = "mmap.status" ]; - /* - * This fd thing is unused in the image, it was lost - * while switching from execve restore model. It is - * -1 by default. - */ - required sint64 fd = 8; - - /* madvise flags bitmap */ - optional uint64 madv = 9 [(criu).hex = true]; - - /* file status flags */ - optional uint32 fdflags = 10 [(criu).hex = true]; -} diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/features.go b/vendor/github.com/checkpoint-restore/go-criu/v6/features.go index ade2598aabf..4e779d95bc9 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/features.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/features.go @@ -3,7 +3,7 @@ package criu import ( "fmt" - "github.com/checkpoint-restore/go-criu/v6/crit/images" + "github.com/checkpoint-restore/go-criu/v6/rpc" ) // Feature checking in go-criu is based on the libcriu feature checking function. @@ -26,9 +26,9 @@ import ( // Available features will be set to true when the function // returns successfully. Missing features will be set to false. -func (c *Criu) FeatureCheck(features *images.CriuFeatures) (*images.CriuFeatures, error) { +func (c *Criu) FeatureCheck(features *rpc.CriuFeatures) (*rpc.CriuFeatures, error) { resp, err := c.doSwrkWithResp( - images.CriuReqType_FEATURE_CHECK, + rpc.CriuReqType_FEATURE_CHECK, nil, nil, features, @@ -37,7 +37,7 @@ func (c *Criu) FeatureCheck(features *images.CriuFeatures) (*images.CriuFeatures return nil, err } - if resp.GetType() != images.CriuReqType_FEATURE_CHECK { + if resp.GetType() != rpc.CriuReqType_FEATURE_CHECK { return nil, fmt.Errorf("Unexpected CRIU RPC response") } diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/main.go b/vendor/github.com/checkpoint-restore/go-criu/v6/main.go index f01b2819f80..2e099c859cd 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/main.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/main.go @@ -8,7 +8,7 @@ import ( "strconv" "syscall" - "github.com/checkpoint-restore/go-criu/v6/crit/images" + "github.com/checkpoint-restore/go-criu/v6/rpc" "google.golang.org/protobuf/proto" ) @@ -86,7 +86,7 @@ func (c *Criu) sendAndRecv(reqB []byte) ([]byte, int, error) { return respB, n, nil } -func (c *Criu) doSwrk(reqType images.CriuReqType, opts *images.CriuOpts, nfy Notify) error { +func (c *Criu) doSwrk(reqType rpc.CriuReqType, opts *rpc.CriuOpts, nfy Notify) error { resp, err := c.doSwrkWithResp(reqType, opts, nfy, nil) if err != nil { return err @@ -99,10 +99,10 @@ func (c *Criu) doSwrk(reqType images.CriuReqType, opts *images.CriuOpts, nfy Not return nil } -func (c *Criu) doSwrkWithResp(reqType images.CriuReqType, opts *images.CriuOpts, nfy Notify, features *images.CriuFeatures) (*images.CriuResp, error) { - var resp *images.CriuResp +func (c *Criu) doSwrkWithResp(reqType rpc.CriuReqType, opts *rpc.CriuOpts, nfy Notify, features *rpc.CriuFeatures) (*rpc.CriuResp, error) { + var resp *rpc.CriuResp - req := images.CriuReq{ + req := rpc.CriuReq{ Type: &reqType, Opts: opts, } @@ -135,7 +135,7 @@ func (c *Criu) doSwrkWithResp(reqType images.CriuReqType, opts *images.CriuOpts, return nil, err } - resp = &images.CriuResp{} + resp = &rpc.CriuResp{} err = proto.Unmarshal(respB[:respS], resp) if err != nil { return nil, err @@ -147,7 +147,7 @@ func (c *Criu) doSwrkWithResp(reqType images.CriuReqType, opts *images.CriuOpts, } respType := resp.GetType() - if respType != images.CriuReqType_NOTIFY { + if respType != rpc.CriuReqType_NOTIFY { break } if nfy == nil { @@ -182,7 +182,7 @@ func (c *Criu) doSwrkWithResp(reqType images.CriuReqType, opts *images.CriuOpts, return resp, err } - req = images.CriuReq{ + req = rpc.CriuReq{ Type: &respType, NotifySuccess: proto.Bool(true), } @@ -192,28 +192,28 @@ func (c *Criu) doSwrkWithResp(reqType images.CriuReqType, opts *images.CriuOpts, } // Dump dumps a process -func (c *Criu) Dump(opts *images.CriuOpts, nfy Notify) error { - return c.doSwrk(images.CriuReqType_DUMP, opts, nfy) +func (c *Criu) Dump(opts *rpc.CriuOpts, nfy Notify) error { + return c.doSwrk(rpc.CriuReqType_DUMP, opts, nfy) } // Restore restores a process -func (c *Criu) Restore(opts *images.CriuOpts, nfy Notify) error { - return c.doSwrk(images.CriuReqType_RESTORE, opts, nfy) +func (c *Criu) Restore(opts *rpc.CriuOpts, nfy Notify) error { + return c.doSwrk(rpc.CriuReqType_RESTORE, opts, nfy) } // PreDump does a pre-dump -func (c *Criu) PreDump(opts *images.CriuOpts, nfy Notify) error { - return c.doSwrk(images.CriuReqType_PRE_DUMP, opts, nfy) +func (c *Criu) PreDump(opts *rpc.CriuOpts, nfy Notify) error { + return c.doSwrk(rpc.CriuReqType_PRE_DUMP, opts, nfy) } // StartPageServer starts the page server -func (c *Criu) StartPageServer(opts *images.CriuOpts) error { - return c.doSwrk(images.CriuReqType_PAGE_SERVER, opts, nil) +func (c *Criu) StartPageServer(opts *rpc.CriuOpts) error { + return c.doSwrk(rpc.CriuReqType_PAGE_SERVER, opts, nil) } // StartPageServerChld starts the page server and returns PID and port -func (c *Criu) StartPageServerChld(opts *images.CriuOpts) (int, int, error) { - resp, err := c.doSwrkWithResp(images.CriuReqType_PAGE_SERVER_CHLD, opts, nil, nil) +func (c *Criu) StartPageServerChld(opts *rpc.CriuOpts) (int, int, error) { + resp, err := c.doSwrkWithResp(rpc.CriuReqType_PAGE_SERVER_CHLD, opts, nil, nil) if err != nil { return 0, 0, err } @@ -224,12 +224,12 @@ func (c *Criu) StartPageServerChld(opts *images.CriuOpts) (int, int, error) { // GetCriuVersion executes the VERSION RPC call and returns the version // as an integer. Major * 10000 + Minor * 100 + SubLevel func (c *Criu) GetCriuVersion() (int, error) { - resp, err := c.doSwrkWithResp(images.CriuReqType_VERSION, nil, nil, nil) + resp, err := c.doSwrkWithResp(rpc.CriuReqType_VERSION, nil, nil, nil) if err != nil { return 0, err } - if resp.GetType() != images.CriuReqType_VERSION { + if resp.GetType() != rpc.CriuReqType_VERSION { return 0, fmt.Errorf("Unexpected CRIU RPC response") } diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/rpc.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v6/rpc/rpc.pb.go similarity index 62% rename from vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/rpc.pb.go rename to vendor/github.com/checkpoint-restore/go-criu/v6/rpc/rpc.pb.go index bf1ad2b6a2f..67bd8593e85 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/rpc.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v6/rpc/rpc.pb.go @@ -3,10 +3,10 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.5 -// source: rpc.proto +// protoc v3.19.4 +// source: rpc/rpc.proto -package images +package rpc import ( protoreflect "google.golang.org/protobuf/reflect/protoreflect" @@ -67,11 +67,11 @@ func (x CriuCgMode) String() string { } func (CriuCgMode) Descriptor() protoreflect.EnumDescriptor { - return file_rpc_proto_enumTypes[0].Descriptor() + return file_rpc_rpc_proto_enumTypes[0].Descriptor() } func (CriuCgMode) Type() protoreflect.EnumType { - return &file_rpc_proto_enumTypes[0] + return &file_rpc_rpc_proto_enumTypes[0] } func (x CriuCgMode) Number() protoreflect.EnumNumber { @@ -90,7 +90,7 @@ func (x *CriuCgMode) UnmarshalJSON(b []byte) error { // Deprecated: Use CriuCgMode.Descriptor instead. func (CriuCgMode) EnumDescriptor() ([]byte, []int) { - return file_rpc_proto_rawDescGZIP(), []int{0} + return file_rpc_rpc_proto_rawDescGZIP(), []int{0} } type CriuNetworkLockMethod int32 @@ -123,11 +123,11 @@ func (x CriuNetworkLockMethod) String() string { } func (CriuNetworkLockMethod) Descriptor() protoreflect.EnumDescriptor { - return file_rpc_proto_enumTypes[1].Descriptor() + return file_rpc_rpc_proto_enumTypes[1].Descriptor() } func (CriuNetworkLockMethod) Type() protoreflect.EnumType { - return &file_rpc_proto_enumTypes[1] + return &file_rpc_rpc_proto_enumTypes[1] } func (x CriuNetworkLockMethod) Number() protoreflect.EnumNumber { @@ -146,7 +146,7 @@ func (x *CriuNetworkLockMethod) UnmarshalJSON(b []byte) error { // Deprecated: Use CriuNetworkLockMethod.Descriptor instead. func (CriuNetworkLockMethod) EnumDescriptor() ([]byte, []int) { - return file_rpc_proto_rawDescGZIP(), []int{1} + return file_rpc_rpc_proto_rawDescGZIP(), []int{1} } type CriuPreDumpMode int32 @@ -179,11 +179,11 @@ func (x CriuPreDumpMode) String() string { } func (CriuPreDumpMode) Descriptor() protoreflect.EnumDescriptor { - return file_rpc_proto_enumTypes[2].Descriptor() + return file_rpc_rpc_proto_enumTypes[2].Descriptor() } func (CriuPreDumpMode) Type() protoreflect.EnumType { - return &file_rpc_proto_enumTypes[2] + return &file_rpc_rpc_proto_enumTypes[2] } func (x CriuPreDumpMode) Number() protoreflect.EnumNumber { @@ -202,7 +202,7 @@ func (x *CriuPreDumpMode) UnmarshalJSON(b []byte) error { // Deprecated: Use CriuPreDumpMode.Descriptor instead. func (CriuPreDumpMode) EnumDescriptor() ([]byte, []int) { - return file_rpc_proto_rawDescGZIP(), []int{2} + return file_rpc_rpc_proto_rawDescGZIP(), []int{2} } type CriuReqType int32 @@ -271,11 +271,11 @@ func (x CriuReqType) String() string { } func (CriuReqType) Descriptor() protoreflect.EnumDescriptor { - return file_rpc_proto_enumTypes[3].Descriptor() + return file_rpc_rpc_proto_enumTypes[3].Descriptor() } func (CriuReqType) Type() protoreflect.EnumType { - return &file_rpc_proto_enumTypes[3] + return &file_rpc_rpc_proto_enumTypes[3] } func (x CriuReqType) Number() protoreflect.EnumNumber { @@ -294,7 +294,7 @@ func (x *CriuReqType) UnmarshalJSON(b []byte) error { // Deprecated: Use CriuReqType.Descriptor instead. func (CriuReqType) EnumDescriptor() ([]byte, []int) { - return file_rpc_proto_rawDescGZIP(), []int{3} + return file_rpc_rpc_proto_rawDescGZIP(), []int{3} } type CriuPageServerInfo struct { @@ -311,7 +311,7 @@ type CriuPageServerInfo struct { func (x *CriuPageServerInfo) Reset() { *x = CriuPageServerInfo{} if protoimpl.UnsafeEnabled { - mi := &file_rpc_proto_msgTypes[0] + mi := &file_rpc_rpc_proto_msgTypes[0] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -324,7 +324,7 @@ func (x *CriuPageServerInfo) String() string { func (*CriuPageServerInfo) ProtoMessage() {} func (x *CriuPageServerInfo) ProtoReflect() protoreflect.Message { - mi := &file_rpc_proto_msgTypes[0] + mi := &file_rpc_rpc_proto_msgTypes[0] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -337,7 +337,7 @@ func (x *CriuPageServerInfo) ProtoReflect() protoreflect.Message { // Deprecated: Use CriuPageServerInfo.ProtoReflect.Descriptor instead. func (*CriuPageServerInfo) Descriptor() ([]byte, []int) { - return file_rpc_proto_rawDescGZIP(), []int{0} + return file_rpc_rpc_proto_rawDescGZIP(), []int{0} } func (x *CriuPageServerInfo) GetAddress() string { @@ -380,7 +380,7 @@ type CriuVethPair struct { func (x *CriuVethPair) Reset() { *x = CriuVethPair{} if protoimpl.UnsafeEnabled { - mi := &file_rpc_proto_msgTypes[1] + mi := &file_rpc_rpc_proto_msgTypes[1] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -393,7 +393,7 @@ func (x *CriuVethPair) String() string { func (*CriuVethPair) ProtoMessage() {} func (x *CriuVethPair) ProtoReflect() protoreflect.Message { - mi := &file_rpc_proto_msgTypes[1] + mi := &file_rpc_rpc_proto_msgTypes[1] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -406,7 +406,7 @@ func (x *CriuVethPair) ProtoReflect() protoreflect.Message { // Deprecated: Use CriuVethPair.ProtoReflect.Descriptor instead. func (*CriuVethPair) Descriptor() ([]byte, []int) { - return file_rpc_proto_rawDescGZIP(), []int{1} + return file_rpc_rpc_proto_rawDescGZIP(), []int{1} } func (x *CriuVethPair) GetIfIn() string { @@ -435,7 +435,7 @@ type ExtMountMap struct { func (x *ExtMountMap) Reset() { *x = ExtMountMap{} if protoimpl.UnsafeEnabled { - mi := &file_rpc_proto_msgTypes[2] + mi := &file_rpc_rpc_proto_msgTypes[2] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -448,7 +448,7 @@ func (x *ExtMountMap) String() string { func (*ExtMountMap) ProtoMessage() {} func (x *ExtMountMap) ProtoReflect() protoreflect.Message { - mi := &file_rpc_proto_msgTypes[2] + mi := &file_rpc_rpc_proto_msgTypes[2] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -461,7 +461,7 @@ func (x *ExtMountMap) ProtoReflect() protoreflect.Message { // Deprecated: Use ExtMountMap.ProtoReflect.Descriptor instead. func (*ExtMountMap) Descriptor() ([]byte, []int) { - return file_rpc_proto_rawDescGZIP(), []int{2} + return file_rpc_rpc_proto_rawDescGZIP(), []int{2} } func (x *ExtMountMap) GetKey() string { @@ -491,7 +491,7 @@ type JoinNamespace struct { func (x *JoinNamespace) Reset() { *x = JoinNamespace{} if protoimpl.UnsafeEnabled { - mi := &file_rpc_proto_msgTypes[3] + mi := &file_rpc_rpc_proto_msgTypes[3] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -504,7 +504,7 @@ func (x *JoinNamespace) String() string { func (*JoinNamespace) ProtoMessage() {} func (x *JoinNamespace) ProtoReflect() protoreflect.Message { - mi := &file_rpc_proto_msgTypes[3] + mi := &file_rpc_rpc_proto_msgTypes[3] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -517,7 +517,7 @@ func (x *JoinNamespace) ProtoReflect() protoreflect.Message { // Deprecated: Use JoinNamespace.ProtoReflect.Descriptor instead. func (*JoinNamespace) Descriptor() ([]byte, []int) { - return file_rpc_proto_rawDescGZIP(), []int{3} + return file_rpc_rpc_proto_rawDescGZIP(), []int{3} } func (x *JoinNamespace) GetNs() string { @@ -553,7 +553,7 @@ type InheritFd struct { func (x *InheritFd) Reset() { *x = InheritFd{} if protoimpl.UnsafeEnabled { - mi := &file_rpc_proto_msgTypes[4] + mi := &file_rpc_rpc_proto_msgTypes[4] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -566,7 +566,7 @@ func (x *InheritFd) String() string { func (*InheritFd) ProtoMessage() {} func (x *InheritFd) ProtoReflect() protoreflect.Message { - mi := &file_rpc_proto_msgTypes[4] + mi := &file_rpc_rpc_proto_msgTypes[4] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -579,7 +579,7 @@ func (x *InheritFd) ProtoReflect() protoreflect.Message { // Deprecated: Use InheritFd.ProtoReflect.Descriptor instead. func (*InheritFd) Descriptor() ([]byte, []int) { - return file_rpc_proto_rawDescGZIP(), []int{4} + return file_rpc_rpc_proto_rawDescGZIP(), []int{4} } func (x *InheritFd) GetKey() string { @@ -608,7 +608,7 @@ type CgroupRoot struct { func (x *CgroupRoot) Reset() { *x = CgroupRoot{} if protoimpl.UnsafeEnabled { - mi := &file_rpc_proto_msgTypes[5] + mi := &file_rpc_rpc_proto_msgTypes[5] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -621,7 +621,7 @@ func (x *CgroupRoot) String() string { func (*CgroupRoot) ProtoMessage() {} func (x *CgroupRoot) ProtoReflect() protoreflect.Message { - mi := &file_rpc_proto_msgTypes[5] + mi := &file_rpc_rpc_proto_msgTypes[5] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -634,7 +634,7 @@ func (x *CgroupRoot) ProtoReflect() protoreflect.Message { // Deprecated: Use CgroupRoot.ProtoReflect.Descriptor instead. func (*CgroupRoot) Descriptor() ([]byte, []int) { - return file_rpc_proto_rawDescGZIP(), []int{5} + return file_rpc_rpc_proto_rawDescGZIP(), []int{5} } func (x *CgroupRoot) GetCtrl() string { @@ -662,7 +662,7 @@ type UnixSk struct { func (x *UnixSk) Reset() { *x = UnixSk{} if protoimpl.UnsafeEnabled { - mi := &file_rpc_proto_msgTypes[6] + mi := &file_rpc_rpc_proto_msgTypes[6] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -675,7 +675,7 @@ func (x *UnixSk) String() string { func (*UnixSk) ProtoMessage() {} func (x *UnixSk) ProtoReflect() protoreflect.Message { - mi := &file_rpc_proto_msgTypes[6] + mi := &file_rpc_rpc_proto_msgTypes[6] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -688,7 +688,7 @@ func (x *UnixSk) ProtoReflect() protoreflect.Message { // Deprecated: Use UnixSk.ProtoReflect.Descriptor instead. func (*UnixSk) Descriptor() ([]byte, []int) { - return file_rpc_proto_rawDescGZIP(), []int{6} + return file_rpc_rpc_proto_rawDescGZIP(), []int{6} } func (x *UnixSk) GetInode() uint32 { @@ -781,7 +781,7 @@ const ( func (x *CriuOpts) Reset() { *x = CriuOpts{} if protoimpl.UnsafeEnabled { - mi := &file_rpc_proto_msgTypes[7] + mi := &file_rpc_rpc_proto_msgTypes[7] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -794,7 +794,7 @@ func (x *CriuOpts) String() string { func (*CriuOpts) ProtoMessage() {} func (x *CriuOpts) ProtoReflect() protoreflect.Message { - mi := &file_rpc_proto_msgTypes[7] + mi := &file_rpc_rpc_proto_msgTypes[7] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -807,7 +807,7 @@ func (x *CriuOpts) ProtoReflect() protoreflect.Message { // Deprecated: Use CriuOpts.ProtoReflect.Descriptor instead. func (*CriuOpts) Descriptor() ([]byte, []int) { - return file_rpc_proto_rawDescGZIP(), []int{7} + return file_rpc_rpc_proto_rawDescGZIP(), []int{7} } func (x *CriuOpts) GetImagesDirFd() int32 { @@ -1269,7 +1269,7 @@ type CriuDumpResp struct { func (x *CriuDumpResp) Reset() { *x = CriuDumpResp{} if protoimpl.UnsafeEnabled { - mi := &file_rpc_proto_msgTypes[8] + mi := &file_rpc_rpc_proto_msgTypes[8] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1282,7 +1282,7 @@ func (x *CriuDumpResp) String() string { func (*CriuDumpResp) ProtoMessage() {} func (x *CriuDumpResp) ProtoReflect() protoreflect.Message { - mi := &file_rpc_proto_msgTypes[8] + mi := &file_rpc_rpc_proto_msgTypes[8] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1295,7 +1295,7 @@ func (x *CriuDumpResp) ProtoReflect() protoreflect.Message { // Deprecated: Use CriuDumpResp.ProtoReflect.Descriptor instead. func (*CriuDumpResp) Descriptor() ([]byte, []int) { - return file_rpc_proto_rawDescGZIP(), []int{8} + return file_rpc_rpc_proto_rawDescGZIP(), []int{8} } func (x *CriuDumpResp) GetRestored() bool { @@ -1316,7 +1316,7 @@ type CriuRestoreResp struct { func (x *CriuRestoreResp) Reset() { *x = CriuRestoreResp{} if protoimpl.UnsafeEnabled { - mi := &file_rpc_proto_msgTypes[9] + mi := &file_rpc_rpc_proto_msgTypes[9] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1329,7 +1329,7 @@ func (x *CriuRestoreResp) String() string { func (*CriuRestoreResp) ProtoMessage() {} func (x *CriuRestoreResp) ProtoReflect() protoreflect.Message { - mi := &file_rpc_proto_msgTypes[9] + mi := &file_rpc_rpc_proto_msgTypes[9] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1342,7 +1342,7 @@ func (x *CriuRestoreResp) ProtoReflect() protoreflect.Message { // Deprecated: Use CriuRestoreResp.ProtoReflect.Descriptor instead. func (*CriuRestoreResp) Descriptor() ([]byte, []int) { - return file_rpc_proto_rawDescGZIP(), []int{9} + return file_rpc_rpc_proto_rawDescGZIP(), []int{9} } func (x *CriuRestoreResp) GetPid() int32 { @@ -1364,7 +1364,7 @@ type CriuNotify struct { func (x *CriuNotify) Reset() { *x = CriuNotify{} if protoimpl.UnsafeEnabled { - mi := &file_rpc_proto_msgTypes[10] + mi := &file_rpc_rpc_proto_msgTypes[10] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1377,7 +1377,7 @@ func (x *CriuNotify) String() string { func (*CriuNotify) ProtoMessage() {} func (x *CriuNotify) ProtoReflect() protoreflect.Message { - mi := &file_rpc_proto_msgTypes[10] + mi := &file_rpc_rpc_proto_msgTypes[10] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1390,7 +1390,7 @@ func (x *CriuNotify) ProtoReflect() protoreflect.Message { // Deprecated: Use CriuNotify.ProtoReflect.Descriptor instead. func (*CriuNotify) Descriptor() ([]byte, []int) { - return file_rpc_proto_rawDescGZIP(), []int{10} + return file_rpc_rpc_proto_rawDescGZIP(), []int{10} } func (x *CriuNotify) GetScript() string { @@ -1407,6 +1407,7 @@ func (x *CriuNotify) GetPid() int32 { return 0 } +// // List of features which can queried via // CRIU_REQ_TYPE__FEATURE_CHECK type CriuFeatures struct { @@ -1422,7 +1423,7 @@ type CriuFeatures struct { func (x *CriuFeatures) Reset() { *x = CriuFeatures{} if protoimpl.UnsafeEnabled { - mi := &file_rpc_proto_msgTypes[11] + mi := &file_rpc_rpc_proto_msgTypes[11] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1435,7 +1436,7 @@ func (x *CriuFeatures) String() string { func (*CriuFeatures) ProtoMessage() {} func (x *CriuFeatures) ProtoReflect() protoreflect.Message { - mi := &file_rpc_proto_msgTypes[11] + mi := &file_rpc_rpc_proto_msgTypes[11] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1448,7 +1449,7 @@ func (x *CriuFeatures) ProtoReflect() protoreflect.Message { // Deprecated: Use CriuFeatures.ProtoReflect.Descriptor instead. func (*CriuFeatures) Descriptor() ([]byte, []int) { - return file_rpc_proto_rawDescGZIP(), []int{11} + return file_rpc_rpc_proto_rawDescGZIP(), []int{11} } func (x *CriuFeatures) GetMemTrack() bool { @@ -1480,10 +1481,12 @@ type CriuReq struct { Type *CriuReqType `protobuf:"varint,1,req,name=type,enum=CriuReqType" json:"type,omitempty"` Opts *CriuOpts `protobuf:"bytes,2,opt,name=opts" json:"opts,omitempty"` NotifySuccess *bool `protobuf:"varint,3,opt,name=notify_success,json=notifySuccess" json:"notify_success,omitempty"` + // // When set service won't close the connection but // will wait for more req-s to appear. Works not // for all request types. KeepOpen *bool `protobuf:"varint,4,opt,name=keep_open,json=keepOpen" json:"keep_open,omitempty"` + // // 'features' can be used to query which features // are supported by the installed criu/kernel // via RPC. @@ -1495,7 +1498,7 @@ type CriuReq struct { func (x *CriuReq) Reset() { *x = CriuReq{} if protoimpl.UnsafeEnabled { - mi := &file_rpc_proto_msgTypes[12] + mi := &file_rpc_rpc_proto_msgTypes[12] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1508,7 +1511,7 @@ func (x *CriuReq) String() string { func (*CriuReq) ProtoMessage() {} func (x *CriuReq) ProtoReflect() protoreflect.Message { - mi := &file_rpc_proto_msgTypes[12] + mi := &file_rpc_rpc_proto_msgTypes[12] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1521,7 +1524,7 @@ func (x *CriuReq) ProtoReflect() protoreflect.Message { // Deprecated: Use CriuReq.ProtoReflect.Descriptor instead. func (*CriuReq) Descriptor() ([]byte, []int) { - return file_rpc_proto_rawDescGZIP(), []int{12} + return file_rpc_rpc_proto_rawDescGZIP(), []int{12} } func (x *CriuReq) GetType() CriuReqType { @@ -1587,7 +1590,7 @@ type CriuResp struct { func (x *CriuResp) Reset() { *x = CriuResp{} if protoimpl.UnsafeEnabled { - mi := &file_rpc_proto_msgTypes[13] + mi := &file_rpc_rpc_proto_msgTypes[13] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1600,7 +1603,7 @@ func (x *CriuResp) String() string { func (*CriuResp) ProtoMessage() {} func (x *CriuResp) ProtoReflect() protoreflect.Message { - mi := &file_rpc_proto_msgTypes[13] + mi := &file_rpc_rpc_proto_msgTypes[13] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1613,7 +1616,7 @@ func (x *CriuResp) ProtoReflect() protoreflect.Message { // Deprecated: Use CriuResp.ProtoReflect.Descriptor instead. func (*CriuResp) Descriptor() ([]byte, []int) { - return file_rpc_proto_rawDescGZIP(), []int{13} + return file_rpc_rpc_proto_rawDescGZIP(), []int{13} } func (x *CriuResp) GetType() CriuReqType { @@ -1710,7 +1713,7 @@ type CriuVersion struct { func (x *CriuVersion) Reset() { *x = CriuVersion{} if protoimpl.UnsafeEnabled { - mi := &file_rpc_proto_msgTypes[14] + mi := &file_rpc_rpc_proto_msgTypes[14] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1723,7 +1726,7 @@ func (x *CriuVersion) String() string { func (*CriuVersion) ProtoMessage() {} func (x *CriuVersion) ProtoReflect() protoreflect.Message { - mi := &file_rpc_proto_msgTypes[14] + mi := &file_rpc_rpc_proto_msgTypes[14] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1736,7 +1739,7 @@ func (x *CriuVersion) ProtoReflect() protoreflect.Message { // Deprecated: Use CriuVersion.ProtoReflect.Descriptor instead. func (*CriuVersion) Descriptor() ([]byte, []int) { - return file_rpc_proto_rawDescGZIP(), []int{14} + return file_rpc_rpc_proto_rawDescGZIP(), []int{14} } func (x *CriuVersion) GetMajorNumber() int32 { @@ -1781,291 +1784,292 @@ func (x *CriuVersion) GetName() string { return "" } -var File_rpc_proto protoreflect.FileDescriptor - -var file_rpc_proto_rawDesc = []byte{ - 0x0a, 0x09, 0x72, 0x70, 0x63, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x67, 0x0a, 0x15, 0x63, - 0x72, 0x69, 0x75, 0x5f, 0x70, 0x61, 0x67, 0x65, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, - 0x69, 0x6e, 0x66, 0x6f, 0x12, 0x18, 0x0a, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x12, - 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x04, 0x70, 0x6f, - 0x72, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x70, 0x69, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05, 0x52, - 0x03, 0x70, 0x69, 0x64, 0x12, 0x0e, 0x0a, 0x02, 0x66, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x05, - 0x52, 0x02, 0x66, 0x64, 0x22, 0x3c, 0x0a, 0x0e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x76, 0x65, 0x74, - 0x68, 0x5f, 0x70, 0x61, 0x69, 0x72, 0x12, 0x13, 0x0a, 0x05, 0x69, 0x66, 0x5f, 0x69, 0x6e, 0x18, - 0x01, 0x20, 0x02, 0x28, 0x09, 0x52, 0x04, 0x69, 0x66, 0x49, 0x6e, 0x12, 0x15, 0x0a, 0x06, 0x69, - 0x66, 0x5f, 0x6f, 0x75, 0x74, 0x18, 0x02, 0x20, 0x02, 0x28, 0x09, 0x52, 0x05, 0x69, 0x66, 0x4f, - 0x75, 0x74, 0x22, 0x33, 0x0a, 0x0d, 0x65, 0x78, 0x74, 0x5f, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x5f, - 0x6d, 0x61, 0x70, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x02, 0x28, 0x09, - 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x76, 0x61, 0x6c, 0x18, 0x02, 0x20, 0x02, - 0x28, 0x09, 0x52, 0x03, 0x76, 0x61, 0x6c, 0x22, 0x56, 0x0a, 0x0e, 0x6a, 0x6f, 0x69, 0x6e, 0x5f, - 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x0e, 0x0a, 0x02, 0x6e, 0x73, 0x18, - 0x01, 0x20, 0x02, 0x28, 0x09, 0x52, 0x02, 0x6e, 0x73, 0x12, 0x17, 0x0a, 0x07, 0x6e, 0x73, 0x5f, - 0x66, 0x69, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x02, 0x28, 0x09, 0x52, 0x06, 0x6e, 0x73, 0x46, 0x69, - 0x6c, 0x65, 0x12, 0x1b, 0x0a, 0x09, 0x65, 0x78, 0x74, 0x72, 0x61, 0x5f, 0x6f, 0x70, 0x74, 0x18, - 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x65, 0x78, 0x74, 0x72, 0x61, 0x4f, 0x70, 0x74, 0x22, - 0x2e, 0x0a, 0x0a, 0x69, 0x6e, 0x68, 0x65, 0x72, 0x69, 0x74, 0x5f, 0x66, 0x64, 0x12, 0x10, 0x0a, - 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x02, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, - 0x0e, 0x0a, 0x02, 0x66, 0x64, 0x18, 0x02, 0x20, 0x02, 0x28, 0x05, 0x52, 0x02, 0x66, 0x64, 0x22, - 0x35, 0x0a, 0x0b, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x72, 0x6f, 0x6f, 0x74, 0x12, 0x12, - 0x0a, 0x04, 0x63, 0x74, 0x72, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x63, 0x74, - 0x72, 0x6c, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x02, 0x20, 0x02, 0x28, 0x09, - 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x22, 0x1f, 0x0a, 0x07, 0x75, 0x6e, 0x69, 0x78, 0x5f, 0x73, - 0x6b, 0x12, 0x14, 0x0a, 0x05, 0x69, 0x6e, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0d, - 0x52, 0x05, 0x69, 0x6e, 0x6f, 0x64, 0x65, 0x22, 0x80, 0x12, 0x0a, 0x09, 0x63, 0x72, 0x69, 0x75, - 0x5f, 0x6f, 0x70, 0x74, 0x73, 0x12, 0x22, 0x0a, 0x0d, 0x69, 0x6d, 0x61, 0x67, 0x65, 0x73, 0x5f, - 0x64, 0x69, 0x72, 0x5f, 0x66, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x05, 0x52, 0x0b, 0x69, 0x6d, - 0x61, 0x67, 0x65, 0x73, 0x44, 0x69, 0x72, 0x46, 0x64, 0x12, 0x10, 0x0a, 0x03, 0x70, 0x69, 0x64, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x70, 0x69, 0x64, 0x12, 0x23, 0x0a, 0x0d, 0x6c, - 0x65, 0x61, 0x76, 0x65, 0x5f, 0x72, 0x75, 0x6e, 0x6e, 0x69, 0x6e, 0x67, 0x18, 0x03, 0x20, 0x01, - 0x28, 0x08, 0x52, 0x0c, 0x6c, 0x65, 0x61, 0x76, 0x65, 0x52, 0x75, 0x6e, 0x6e, 0x69, 0x6e, 0x67, - 0x12, 0x1e, 0x0a, 0x0b, 0x65, 0x78, 0x74, 0x5f, 0x75, 0x6e, 0x69, 0x78, 0x5f, 0x73, 0x6b, 0x18, - 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x65, 0x78, 0x74, 0x55, 0x6e, 0x69, 0x78, 0x53, 0x6b, - 0x12, 0x27, 0x0a, 0x0f, 0x74, 0x63, 0x70, 0x5f, 0x65, 0x73, 0x74, 0x61, 0x62, 0x6c, 0x69, 0x73, - 0x68, 0x65, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0e, 0x74, 0x63, 0x70, 0x45, 0x73, - 0x74, 0x61, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x65, 0x64, 0x12, 0x27, 0x0a, 0x0f, 0x65, 0x76, 0x61, - 0x73, 0x69, 0x76, 0x65, 0x5f, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x73, 0x18, 0x06, 0x20, 0x01, - 0x28, 0x08, 0x52, 0x0e, 0x65, 0x76, 0x61, 0x73, 0x69, 0x76, 0x65, 0x44, 0x65, 0x76, 0x69, 0x63, - 0x65, 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x73, 0x68, 0x65, 0x6c, 0x6c, 0x5f, 0x6a, 0x6f, 0x62, 0x18, - 0x07, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x73, 0x68, 0x65, 0x6c, 0x6c, 0x4a, 0x6f, 0x62, 0x12, - 0x1d, 0x0a, 0x0a, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x6c, 0x6f, 0x63, 0x6b, 0x73, 0x18, 0x08, 0x20, - 0x01, 0x28, 0x08, 0x52, 0x09, 0x66, 0x69, 0x6c, 0x65, 0x4c, 0x6f, 0x63, 0x6b, 0x73, 0x12, 0x1e, - 0x0a, 0x09, 0x6c, 0x6f, 0x67, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x18, 0x09, 0x20, 0x01, 0x28, - 0x05, 0x3a, 0x01, 0x32, 0x52, 0x08, 0x6c, 0x6f, 0x67, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x12, 0x19, - 0x0a, 0x08, 0x6c, 0x6f, 0x67, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x07, 0x6c, 0x6f, 0x67, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x26, 0x0a, 0x02, 0x70, 0x73, 0x18, - 0x0b, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x70, 0x61, 0x67, - 0x65, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x52, 0x02, 0x70, - 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x5f, 0x73, 0x63, 0x72, 0x69, - 0x70, 0x74, 0x73, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0d, 0x6e, 0x6f, 0x74, 0x69, 0x66, - 0x79, 0x53, 0x63, 0x72, 0x69, 0x70, 0x74, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x72, 0x6f, 0x6f, 0x74, - 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x72, 0x6f, 0x6f, 0x74, 0x12, 0x1d, 0x0a, 0x0a, - 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x5f, 0x69, 0x6d, 0x67, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x09, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x49, 0x6d, 0x67, 0x12, 0x1b, 0x0a, 0x09, 0x74, - 0x72, 0x61, 0x63, 0x6b, 0x5f, 0x6d, 0x65, 0x6d, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, - 0x74, 0x72, 0x61, 0x63, 0x6b, 0x4d, 0x65, 0x6d, 0x12, 0x1d, 0x0a, 0x0a, 0x61, 0x75, 0x74, 0x6f, - 0x5f, 0x64, 0x65, 0x64, 0x75, 0x70, 0x18, 0x10, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x61, 0x75, - 0x74, 0x6f, 0x44, 0x65, 0x64, 0x75, 0x70, 0x12, 0x1e, 0x0a, 0x0b, 0x77, 0x6f, 0x72, 0x6b, 0x5f, - 0x64, 0x69, 0x72, 0x5f, 0x66, 0x64, 0x18, 0x11, 0x20, 0x01, 0x28, 0x05, 0x52, 0x09, 0x77, 0x6f, - 0x72, 0x6b, 0x44, 0x69, 0x72, 0x46, 0x64, 0x12, 0x1d, 0x0a, 0x0a, 0x6c, 0x69, 0x6e, 0x6b, 0x5f, - 0x72, 0x65, 0x6d, 0x61, 0x70, 0x18, 0x12, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x6c, 0x69, 0x6e, - 0x6b, 0x52, 0x65, 0x6d, 0x61, 0x70, 0x12, 0x25, 0x0a, 0x05, 0x76, 0x65, 0x74, 0x68, 0x73, 0x18, - 0x13, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x76, 0x65, 0x74, - 0x68, 0x5f, 0x70, 0x61, 0x69, 0x72, 0x52, 0x05, 0x76, 0x65, 0x74, 0x68, 0x73, 0x12, 0x23, 0x0a, - 0x07, 0x63, 0x70, 0x75, 0x5f, 0x63, 0x61, 0x70, 0x18, 0x14, 0x20, 0x01, 0x28, 0x0d, 0x3a, 0x0a, - 0x34, 0x32, 0x39, 0x34, 0x39, 0x36, 0x37, 0x32, 0x39, 0x35, 0x52, 0x06, 0x63, 0x70, 0x75, 0x43, - 0x61, 0x70, 0x12, 0x1f, 0x0a, 0x0b, 0x66, 0x6f, 0x72, 0x63, 0x65, 0x5f, 0x69, 0x72, 0x6d, 0x61, - 0x70, 0x18, 0x15, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x66, 0x6f, 0x72, 0x63, 0x65, 0x49, 0x72, - 0x6d, 0x61, 0x70, 0x12, 0x19, 0x0a, 0x08, 0x65, 0x78, 0x65, 0x63, 0x5f, 0x63, 0x6d, 0x64, 0x18, - 0x16, 0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x65, 0x78, 0x65, 0x63, 0x43, 0x6d, 0x64, 0x12, 0x27, - 0x0a, 0x07, 0x65, 0x78, 0x74, 0x5f, 0x6d, 0x6e, 0x74, 0x18, 0x17, 0x20, 0x03, 0x28, 0x0b, 0x32, - 0x0e, 0x2e, 0x65, 0x78, 0x74, 0x5f, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x6d, 0x61, 0x70, 0x52, - 0x06, 0x65, 0x78, 0x74, 0x4d, 0x6e, 0x74, 0x12, 0x25, 0x0a, 0x0e, 0x6d, 0x61, 0x6e, 0x61, 0x67, - 0x65, 0x5f, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x18, 0x18, 0x20, 0x01, 0x28, 0x08, 0x52, - 0x0d, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x43, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x12, 0x25, - 0x0a, 0x07, 0x63, 0x67, 0x5f, 0x72, 0x6f, 0x6f, 0x74, 0x18, 0x19, 0x20, 0x03, 0x28, 0x0b, 0x32, - 0x0c, 0x2e, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x72, 0x6f, 0x6f, 0x74, 0x52, 0x06, 0x63, - 0x67, 0x52, 0x6f, 0x6f, 0x74, 0x12, 0x1f, 0x0a, 0x0b, 0x72, 0x73, 0x74, 0x5f, 0x73, 0x69, 0x62, - 0x6c, 0x69, 0x6e, 0x67, 0x18, 0x1a, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x72, 0x73, 0x74, 0x53, - 0x69, 0x62, 0x6c, 0x69, 0x6e, 0x67, 0x12, 0x2a, 0x0a, 0x0a, 0x69, 0x6e, 0x68, 0x65, 0x72, 0x69, - 0x74, 0x5f, 0x66, 0x64, 0x18, 0x1b, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0b, 0x2e, 0x69, 0x6e, 0x68, - 0x65, 0x72, 0x69, 0x74, 0x5f, 0x66, 0x64, 0x52, 0x09, 0x69, 0x6e, 0x68, 0x65, 0x72, 0x69, 0x74, - 0x46, 0x64, 0x12, 0x20, 0x0a, 0x0c, 0x61, 0x75, 0x74, 0x6f, 0x5f, 0x65, 0x78, 0x74, 0x5f, 0x6d, - 0x6e, 0x74, 0x18, 0x1c, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x61, 0x75, 0x74, 0x6f, 0x45, 0x78, - 0x74, 0x4d, 0x6e, 0x74, 0x12, 0x1f, 0x0a, 0x0b, 0x65, 0x78, 0x74, 0x5f, 0x73, 0x68, 0x61, 0x72, - 0x69, 0x6e, 0x67, 0x18, 0x1d, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x65, 0x78, 0x74, 0x53, 0x68, - 0x61, 0x72, 0x69, 0x6e, 0x67, 0x12, 0x1f, 0x0a, 0x0b, 0x65, 0x78, 0x74, 0x5f, 0x6d, 0x61, 0x73, - 0x74, 0x65, 0x72, 0x73, 0x18, 0x1e, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x65, 0x78, 0x74, 0x4d, - 0x61, 0x73, 0x74, 0x65, 0x72, 0x73, 0x12, 0x19, 0x0a, 0x08, 0x73, 0x6b, 0x69, 0x70, 0x5f, 0x6d, - 0x6e, 0x74, 0x18, 0x1f, 0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x73, 0x6b, 0x69, 0x70, 0x4d, 0x6e, - 0x74, 0x12, 0x1b, 0x0a, 0x09, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x5f, 0x66, 0x73, 0x18, 0x20, - 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x46, 0x73, 0x12, 0x28, - 0x0a, 0x0b, 0x75, 0x6e, 0x69, 0x78, 0x5f, 0x73, 0x6b, 0x5f, 0x69, 0x6e, 0x6f, 0x18, 0x21, 0x20, - 0x03, 0x28, 0x0b, 0x32, 0x08, 0x2e, 0x75, 0x6e, 0x69, 0x78, 0x5f, 0x73, 0x6b, 0x52, 0x09, 0x75, - 0x6e, 0x69, 0x78, 0x53, 0x6b, 0x49, 0x6e, 0x6f, 0x12, 0x3d, 0x0a, 0x13, 0x6d, 0x61, 0x6e, 0x61, - 0x67, 0x65, 0x5f, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x18, - 0x22, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x0d, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x63, 0x67, 0x5f, - 0x6d, 0x6f, 0x64, 0x65, 0x52, 0x11, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x43, 0x67, 0x72, 0x6f, - 0x75, 0x70, 0x73, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x28, 0x0a, 0x0b, 0x67, 0x68, 0x6f, 0x73, 0x74, - 0x5f, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x18, 0x23, 0x20, 0x01, 0x28, 0x0d, 0x3a, 0x07, 0x31, 0x30, - 0x34, 0x38, 0x35, 0x37, 0x36, 0x52, 0x0a, 0x67, 0x68, 0x6f, 0x73, 0x74, 0x4c, 0x69, 0x6d, 0x69, - 0x74, 0x12, 0x28, 0x0a, 0x10, 0x69, 0x72, 0x6d, 0x61, 0x70, 0x5f, 0x73, 0x63, 0x61, 0x6e, 0x5f, - 0x70, 0x61, 0x74, 0x68, 0x73, 0x18, 0x24, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0e, 0x69, 0x72, 0x6d, - 0x61, 0x70, 0x53, 0x63, 0x61, 0x6e, 0x50, 0x61, 0x74, 0x68, 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x65, - 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x18, 0x25, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x65, - 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x12, 0x19, 0x0a, 0x08, 0x65, 0x6d, 0x70, 0x74, 0x79, - 0x5f, 0x6e, 0x73, 0x18, 0x26, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x07, 0x65, 0x6d, 0x70, 0x74, 0x79, - 0x4e, 0x73, 0x12, 0x28, 0x0a, 0x07, 0x6a, 0x6f, 0x69, 0x6e, 0x5f, 0x6e, 0x73, 0x18, 0x27, 0x20, - 0x03, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x6a, 0x6f, 0x69, 0x6e, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, - 0x70, 0x61, 0x63, 0x65, 0x52, 0x06, 0x6a, 0x6f, 0x69, 0x6e, 0x4e, 0x73, 0x12, 0x21, 0x0a, 0x0c, - 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x70, 0x72, 0x6f, 0x70, 0x73, 0x18, 0x29, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x0b, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x50, 0x72, 0x6f, 0x70, 0x73, 0x12, - 0x2a, 0x0a, 0x11, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x70, 0x72, 0x6f, 0x70, 0x73, 0x5f, - 0x66, 0x69, 0x6c, 0x65, 0x18, 0x2a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x63, 0x67, 0x72, 0x6f, - 0x75, 0x70, 0x50, 0x72, 0x6f, 0x70, 0x73, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x34, 0x0a, 0x16, 0x63, - 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x64, 0x75, 0x6d, 0x70, 0x5f, 0x63, 0x6f, 0x6e, 0x74, 0x72, - 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x18, 0x2b, 0x20, 0x03, 0x28, 0x09, 0x52, 0x14, 0x63, 0x67, 0x72, - 0x6f, 0x75, 0x70, 0x44, 0x75, 0x6d, 0x70, 0x43, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, - 0x72, 0x12, 0x23, 0x0a, 0x0d, 0x66, 0x72, 0x65, 0x65, 0x7a, 0x65, 0x5f, 0x63, 0x67, 0x72, 0x6f, - 0x75, 0x70, 0x18, 0x2c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x66, 0x72, 0x65, 0x65, 0x7a, 0x65, - 0x43, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x18, 0x0a, 0x07, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, - 0x74, 0x18, 0x2d, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x07, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, - 0x12, 0x2b, 0x0a, 0x12, 0x74, 0x63, 0x70, 0x5f, 0x73, 0x6b, 0x69, 0x70, 0x5f, 0x69, 0x6e, 0x5f, - 0x66, 0x6c, 0x69, 0x67, 0x68, 0x74, 0x18, 0x2e, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0f, 0x74, 0x63, - 0x70, 0x53, 0x6b, 0x69, 0x70, 0x49, 0x6e, 0x46, 0x6c, 0x69, 0x67, 0x68, 0x74, 0x12, 0x21, 0x0a, - 0x0c, 0x77, 0x65, 0x61, 0x6b, 0x5f, 0x73, 0x79, 0x73, 0x63, 0x74, 0x6c, 0x73, 0x18, 0x2f, 0x20, - 0x01, 0x28, 0x08, 0x52, 0x0b, 0x77, 0x65, 0x61, 0x6b, 0x53, 0x79, 0x73, 0x63, 0x74, 0x6c, 0x73, - 0x12, 0x1d, 0x0a, 0x0a, 0x6c, 0x61, 0x7a, 0x79, 0x5f, 0x70, 0x61, 0x67, 0x65, 0x73, 0x18, 0x30, - 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x6c, 0x61, 0x7a, 0x79, 0x50, 0x61, 0x67, 0x65, 0x73, 0x12, - 0x1b, 0x0a, 0x09, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x5f, 0x66, 0x64, 0x18, 0x31, 0x20, 0x01, - 0x28, 0x05, 0x52, 0x08, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x46, 0x64, 0x12, 0x2a, 0x0a, 0x11, - 0x6f, 0x72, 0x70, 0x68, 0x61, 0x6e, 0x5f, 0x70, 0x74, 0x73, 0x5f, 0x6d, 0x61, 0x73, 0x74, 0x65, - 0x72, 0x18, 0x32, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0f, 0x6f, 0x72, 0x70, 0x68, 0x61, 0x6e, 0x50, - 0x74, 0x73, 0x4d, 0x61, 0x73, 0x74, 0x65, 0x72, 0x12, 0x1f, 0x0a, 0x0b, 0x63, 0x6f, 0x6e, 0x66, - 0x69, 0x67, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x33, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x63, - 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x1b, 0x0a, 0x09, 0x74, 0x63, 0x70, - 0x5f, 0x63, 0x6c, 0x6f, 0x73, 0x65, 0x18, 0x34, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x74, 0x63, - 0x70, 0x43, 0x6c, 0x6f, 0x73, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x6c, 0x73, 0x6d, 0x5f, 0x70, 0x72, - 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x35, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x6c, 0x73, 0x6d, - 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x74, 0x6c, 0x73, 0x5f, 0x63, - 0x61, 0x63, 0x65, 0x72, 0x74, 0x18, 0x36, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x74, 0x6c, 0x73, - 0x43, 0x61, 0x63, 0x65, 0x72, 0x74, 0x12, 0x1b, 0x0a, 0x09, 0x74, 0x6c, 0x73, 0x5f, 0x63, 0x61, - 0x63, 0x72, 0x6c, 0x18, 0x37, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x74, 0x6c, 0x73, 0x43, 0x61, - 0x63, 0x72, 0x6c, 0x12, 0x19, 0x0a, 0x08, 0x74, 0x6c, 0x73, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x18, - 0x38, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x74, 0x6c, 0x73, 0x43, 0x65, 0x72, 0x74, 0x12, 0x17, - 0x0a, 0x07, 0x74, 0x6c, 0x73, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x39, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x06, 0x74, 0x6c, 0x73, 0x4b, 0x65, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x74, 0x6c, 0x73, 0x18, 0x3a, - 0x20, 0x01, 0x28, 0x08, 0x52, 0x03, 0x74, 0x6c, 0x73, 0x12, 0x27, 0x0a, 0x10, 0x74, 0x6c, 0x73, - 0x5f, 0x6e, 0x6f, 0x5f, 0x63, 0x6e, 0x5f, 0x76, 0x65, 0x72, 0x69, 0x66, 0x79, 0x18, 0x3b, 0x20, - 0x01, 0x28, 0x08, 0x52, 0x0d, 0x74, 0x6c, 0x73, 0x4e, 0x6f, 0x43, 0x6e, 0x56, 0x65, 0x72, 0x69, - 0x66, 0x79, 0x12, 0x1f, 0x0a, 0x0b, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x79, 0x61, 0x72, - 0x64, 0x18, 0x3c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x59, - 0x61, 0x72, 0x64, 0x12, 0x3f, 0x0a, 0x0d, 0x70, 0x72, 0x65, 0x5f, 0x64, 0x75, 0x6d, 0x70, 0x5f, - 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x3d, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x13, 0x2e, 0x63, 0x72, 0x69, - 0x75, 0x5f, 0x70, 0x72, 0x65, 0x5f, 0x64, 0x75, 0x6d, 0x70, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x3a, - 0x06, 0x53, 0x50, 0x4c, 0x49, 0x43, 0x45, 0x52, 0x0b, 0x70, 0x72, 0x65, 0x44, 0x75, 0x6d, 0x70, - 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x24, 0x0a, 0x0e, 0x70, 0x69, 0x64, 0x66, 0x64, 0x5f, 0x73, 0x74, - 0x6f, 0x72, 0x65, 0x5f, 0x73, 0x6b, 0x18, 0x3e, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0c, 0x70, 0x69, - 0x64, 0x66, 0x64, 0x53, 0x74, 0x6f, 0x72, 0x65, 0x53, 0x6b, 0x12, 0x2a, 0x0a, 0x11, 0x6c, 0x73, - 0x6d, 0x5f, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x18, - 0x3f, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x6c, 0x73, 0x6d, 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x43, - 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x12, 0x46, 0x0a, 0x0c, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, - 0x6b, 0x5f, 0x6c, 0x6f, 0x63, 0x6b, 0x18, 0x40, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x19, 0x2e, 0x63, - 0x72, 0x69, 0x75, 0x5f, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x5f, 0x6c, 0x6f, 0x63, 0x6b, - 0x5f, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x3a, 0x08, 0x49, 0x50, 0x54, 0x41, 0x42, 0x4c, 0x45, - 0x53, 0x52, 0x0b, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x4c, 0x6f, 0x63, 0x6b, 0x12, 0x2a, - 0x0a, 0x11, 0x6d, 0x6e, 0x74, 0x6e, 0x73, 0x5f, 0x63, 0x6f, 0x6d, 0x70, 0x61, 0x74, 0x5f, 0x6d, - 0x6f, 0x64, 0x65, 0x18, 0x41, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0f, 0x6d, 0x6e, 0x74, 0x6e, 0x73, - 0x43, 0x6f, 0x6d, 0x70, 0x61, 0x74, 0x4d, 0x6f, 0x64, 0x65, 0x22, 0x2c, 0x0a, 0x0e, 0x63, 0x72, - 0x69, 0x75, 0x5f, 0x64, 0x75, 0x6d, 0x70, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x12, 0x1a, 0x0a, 0x08, - 0x72, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, - 0x72, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x64, 0x22, 0x25, 0x0a, 0x11, 0x63, 0x72, 0x69, 0x75, - 0x5f, 0x72, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x12, 0x10, 0x0a, - 0x03, 0x70, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x05, 0x52, 0x03, 0x70, 0x69, 0x64, 0x22, - 0x37, 0x0a, 0x0b, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x12, 0x16, - 0x0a, 0x06, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, - 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x70, 0x69, 0x64, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x05, 0x52, 0x03, 0x70, 0x69, 0x64, 0x22, 0x6c, 0x0a, 0x0d, 0x63, 0x72, 0x69, 0x75, - 0x5f, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x6d, 0x65, 0x6d, - 0x5f, 0x74, 0x72, 0x61, 0x63, 0x6b, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x6d, 0x65, - 0x6d, 0x54, 0x72, 0x61, 0x63, 0x6b, 0x12, 0x1d, 0x0a, 0x0a, 0x6c, 0x61, 0x7a, 0x79, 0x5f, 0x70, - 0x61, 0x67, 0x65, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x6c, 0x61, 0x7a, 0x79, - 0x50, 0x61, 0x67, 0x65, 0x73, 0x12, 0x1f, 0x0a, 0x0b, 0x70, 0x69, 0x64, 0x66, 0x64, 0x5f, 0x73, - 0x74, 0x6f, 0x72, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x70, 0x69, 0x64, 0x66, - 0x64, 0x53, 0x74, 0x6f, 0x72, 0x65, 0x22, 0xd0, 0x01, 0x0a, 0x08, 0x63, 0x72, 0x69, 0x75, 0x5f, - 0x72, 0x65, 0x71, 0x12, 0x22, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, - 0x0e, 0x32, 0x0e, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x72, 0x65, 0x71, 0x5f, 0x74, 0x79, 0x70, - 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x1e, 0x0a, 0x04, 0x6f, 0x70, 0x74, 0x73, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0a, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x6f, 0x70, 0x74, - 0x73, 0x52, 0x04, 0x6f, 0x70, 0x74, 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x6e, 0x6f, 0x74, 0x69, 0x66, - 0x79, 0x5f, 0x73, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, - 0x0d, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x1b, - 0x0a, 0x09, 0x6b, 0x65, 0x65, 0x70, 0x5f, 0x6f, 0x70, 0x65, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, - 0x08, 0x52, 0x08, 0x6b, 0x65, 0x65, 0x70, 0x4f, 0x70, 0x65, 0x6e, 0x12, 0x2a, 0x0a, 0x08, 0x66, - 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0e, 0x2e, - 0x63, 0x72, 0x69, 0x75, 0x5f, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x52, 0x08, 0x66, - 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x12, 0x10, 0x0a, 0x03, 0x70, 0x69, 0x64, 0x18, 0x06, - 0x20, 0x01, 0x28, 0x0d, 0x52, 0x03, 0x70, 0x69, 0x64, 0x22, 0x8f, 0x03, 0x0a, 0x09, 0x63, 0x72, - 0x69, 0x75, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x12, 0x22, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, +var File_rpc_rpc_proto protoreflect.FileDescriptor + +var file_rpc_rpc_proto_rawDesc = []byte{ + 0x0a, 0x0d, 0x72, 0x70, 0x63, 0x2f, 0x72, 0x70, 0x63, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, + 0x67, 0x0a, 0x15, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x70, 0x61, 0x67, 0x65, 0x5f, 0x73, 0x65, 0x72, + 0x76, 0x65, 0x72, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x12, 0x18, 0x0a, 0x07, 0x61, 0x64, 0x64, 0x72, + 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, + 0x73, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, + 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x70, 0x69, 0x64, 0x18, 0x03, 0x20, + 0x01, 0x28, 0x05, 0x52, 0x03, 0x70, 0x69, 0x64, 0x12, 0x0e, 0x0a, 0x02, 0x66, 0x64, 0x18, 0x04, + 0x20, 0x01, 0x28, 0x05, 0x52, 0x02, 0x66, 0x64, 0x22, 0x3c, 0x0a, 0x0e, 0x63, 0x72, 0x69, 0x75, + 0x5f, 0x76, 0x65, 0x74, 0x68, 0x5f, 0x70, 0x61, 0x69, 0x72, 0x12, 0x13, 0x0a, 0x05, 0x69, 0x66, + 0x5f, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x02, 0x28, 0x09, 0x52, 0x04, 0x69, 0x66, 0x49, 0x6e, 0x12, + 0x15, 0x0a, 0x06, 0x69, 0x66, 0x5f, 0x6f, 0x75, 0x74, 0x18, 0x02, 0x20, 0x02, 0x28, 0x09, 0x52, + 0x05, 0x69, 0x66, 0x4f, 0x75, 0x74, 0x22, 0x33, 0x0a, 0x0d, 0x65, 0x78, 0x74, 0x5f, 0x6d, 0x6f, + 0x75, 0x6e, 0x74, 0x5f, 0x6d, 0x61, 0x70, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, + 0x20, 0x02, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x76, 0x61, 0x6c, + 0x18, 0x02, 0x20, 0x02, 0x28, 0x09, 0x52, 0x03, 0x76, 0x61, 0x6c, 0x22, 0x56, 0x0a, 0x0e, 0x6a, + 0x6f, 0x69, 0x6e, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x0e, 0x0a, + 0x02, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x02, 0x28, 0x09, 0x52, 0x02, 0x6e, 0x73, 0x12, 0x17, 0x0a, + 0x07, 0x6e, 0x73, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x02, 0x28, 0x09, 0x52, 0x06, + 0x6e, 0x73, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x1b, 0x0a, 0x09, 0x65, 0x78, 0x74, 0x72, 0x61, 0x5f, + 0x6f, 0x70, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x65, 0x78, 0x74, 0x72, 0x61, + 0x4f, 0x70, 0x74, 0x22, 0x2e, 0x0a, 0x0a, 0x69, 0x6e, 0x68, 0x65, 0x72, 0x69, 0x74, 0x5f, 0x66, + 0x64, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x02, 0x28, 0x09, 0x52, 0x03, + 0x6b, 0x65, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x66, 0x64, 0x18, 0x02, 0x20, 0x02, 0x28, 0x05, 0x52, + 0x02, 0x66, 0x64, 0x22, 0x35, 0x0a, 0x0b, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x72, 0x6f, + 0x6f, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x63, 0x74, 0x72, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x04, 0x63, 0x74, 0x72, 0x6c, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x02, + 0x20, 0x02, 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x22, 0x1f, 0x0a, 0x07, 0x75, 0x6e, + 0x69, 0x78, 0x5f, 0x73, 0x6b, 0x12, 0x14, 0x0a, 0x05, 0x69, 0x6e, 0x6f, 0x64, 0x65, 0x18, 0x01, + 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x69, 0x6e, 0x6f, 0x64, 0x65, 0x22, 0x80, 0x12, 0x0a, 0x09, + 0x63, 0x72, 0x69, 0x75, 0x5f, 0x6f, 0x70, 0x74, 0x73, 0x12, 0x22, 0x0a, 0x0d, 0x69, 0x6d, 0x61, + 0x67, 0x65, 0x73, 0x5f, 0x64, 0x69, 0x72, 0x5f, 0x66, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x05, + 0x52, 0x0b, 0x69, 0x6d, 0x61, 0x67, 0x65, 0x73, 0x44, 0x69, 0x72, 0x46, 0x64, 0x12, 0x10, 0x0a, + 0x03, 0x70, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x70, 0x69, 0x64, 0x12, + 0x23, 0x0a, 0x0d, 0x6c, 0x65, 0x61, 0x76, 0x65, 0x5f, 0x72, 0x75, 0x6e, 0x6e, 0x69, 0x6e, 0x67, + 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0c, 0x6c, 0x65, 0x61, 0x76, 0x65, 0x52, 0x75, 0x6e, + 0x6e, 0x69, 0x6e, 0x67, 0x12, 0x1e, 0x0a, 0x0b, 0x65, 0x78, 0x74, 0x5f, 0x75, 0x6e, 0x69, 0x78, + 0x5f, 0x73, 0x6b, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x65, 0x78, 0x74, 0x55, 0x6e, + 0x69, 0x78, 0x53, 0x6b, 0x12, 0x27, 0x0a, 0x0f, 0x74, 0x63, 0x70, 0x5f, 0x65, 0x73, 0x74, 0x61, + 0x62, 0x6c, 0x69, 0x73, 0x68, 0x65, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0e, 0x74, + 0x63, 0x70, 0x45, 0x73, 0x74, 0x61, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x65, 0x64, 0x12, 0x27, 0x0a, + 0x0f, 0x65, 0x76, 0x61, 0x73, 0x69, 0x76, 0x65, 0x5f, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x73, + 0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0e, 0x65, 0x76, 0x61, 0x73, 0x69, 0x76, 0x65, 0x44, + 0x65, 0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x73, 0x68, 0x65, 0x6c, 0x6c, 0x5f, + 0x6a, 0x6f, 0x62, 0x18, 0x07, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x73, 0x68, 0x65, 0x6c, 0x6c, + 0x4a, 0x6f, 0x62, 0x12, 0x1d, 0x0a, 0x0a, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x6c, 0x6f, 0x63, 0x6b, + 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x66, 0x69, 0x6c, 0x65, 0x4c, 0x6f, 0x63, + 0x6b, 0x73, 0x12, 0x1e, 0x0a, 0x09, 0x6c, 0x6f, 0x67, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x18, + 0x09, 0x20, 0x01, 0x28, 0x05, 0x3a, 0x01, 0x32, 0x52, 0x08, 0x6c, 0x6f, 0x67, 0x4c, 0x65, 0x76, + 0x65, 0x6c, 0x12, 0x19, 0x0a, 0x08, 0x6c, 0x6f, 0x67, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x0a, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x6c, 0x6f, 0x67, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x26, 0x0a, + 0x02, 0x70, 0x73, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x63, 0x72, 0x69, 0x75, + 0x5f, 0x70, 0x61, 0x67, 0x65, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x69, 0x6e, 0x66, + 0x6f, 0x52, 0x02, 0x70, 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x5f, + 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x73, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0d, 0x6e, + 0x6f, 0x74, 0x69, 0x66, 0x79, 0x53, 0x63, 0x72, 0x69, 0x70, 0x74, 0x73, 0x12, 0x12, 0x0a, 0x04, + 0x72, 0x6f, 0x6f, 0x74, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x72, 0x6f, 0x6f, 0x74, + 0x12, 0x1d, 0x0a, 0x0a, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x5f, 0x69, 0x6d, 0x67, 0x18, 0x0e, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x49, 0x6d, 0x67, 0x12, + 0x1b, 0x0a, 0x09, 0x74, 0x72, 0x61, 0x63, 0x6b, 0x5f, 0x6d, 0x65, 0x6d, 0x18, 0x0f, 0x20, 0x01, + 0x28, 0x08, 0x52, 0x08, 0x74, 0x72, 0x61, 0x63, 0x6b, 0x4d, 0x65, 0x6d, 0x12, 0x1d, 0x0a, 0x0a, + 0x61, 0x75, 0x74, 0x6f, 0x5f, 0x64, 0x65, 0x64, 0x75, 0x70, 0x18, 0x10, 0x20, 0x01, 0x28, 0x08, + 0x52, 0x09, 0x61, 0x75, 0x74, 0x6f, 0x44, 0x65, 0x64, 0x75, 0x70, 0x12, 0x1e, 0x0a, 0x0b, 0x77, + 0x6f, 0x72, 0x6b, 0x5f, 0x64, 0x69, 0x72, 0x5f, 0x66, 0x64, 0x18, 0x11, 0x20, 0x01, 0x28, 0x05, + 0x52, 0x09, 0x77, 0x6f, 0x72, 0x6b, 0x44, 0x69, 0x72, 0x46, 0x64, 0x12, 0x1d, 0x0a, 0x0a, 0x6c, + 0x69, 0x6e, 0x6b, 0x5f, 0x72, 0x65, 0x6d, 0x61, 0x70, 0x18, 0x12, 0x20, 0x01, 0x28, 0x08, 0x52, + 0x09, 0x6c, 0x69, 0x6e, 0x6b, 0x52, 0x65, 0x6d, 0x61, 0x70, 0x12, 0x25, 0x0a, 0x05, 0x76, 0x65, + 0x74, 0x68, 0x73, 0x18, 0x13, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x63, 0x72, 0x69, 0x75, + 0x5f, 0x76, 0x65, 0x74, 0x68, 0x5f, 0x70, 0x61, 0x69, 0x72, 0x52, 0x05, 0x76, 0x65, 0x74, 0x68, + 0x73, 0x12, 0x23, 0x0a, 0x07, 0x63, 0x70, 0x75, 0x5f, 0x63, 0x61, 0x70, 0x18, 0x14, 0x20, 0x01, + 0x28, 0x0d, 0x3a, 0x0a, 0x34, 0x32, 0x39, 0x34, 0x39, 0x36, 0x37, 0x32, 0x39, 0x35, 0x52, 0x06, + 0x63, 0x70, 0x75, 0x43, 0x61, 0x70, 0x12, 0x1f, 0x0a, 0x0b, 0x66, 0x6f, 0x72, 0x63, 0x65, 0x5f, + 0x69, 0x72, 0x6d, 0x61, 0x70, 0x18, 0x15, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x66, 0x6f, 0x72, + 0x63, 0x65, 0x49, 0x72, 0x6d, 0x61, 0x70, 0x12, 0x19, 0x0a, 0x08, 0x65, 0x78, 0x65, 0x63, 0x5f, + 0x63, 0x6d, 0x64, 0x18, 0x16, 0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x65, 0x78, 0x65, 0x63, 0x43, + 0x6d, 0x64, 0x12, 0x27, 0x0a, 0x07, 0x65, 0x78, 0x74, 0x5f, 0x6d, 0x6e, 0x74, 0x18, 0x17, 0x20, + 0x03, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x65, 0x78, 0x74, 0x5f, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x5f, + 0x6d, 0x61, 0x70, 0x52, 0x06, 0x65, 0x78, 0x74, 0x4d, 0x6e, 0x74, 0x12, 0x25, 0x0a, 0x0e, 0x6d, + 0x61, 0x6e, 0x61, 0x67, 0x65, 0x5f, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x18, 0x18, 0x20, + 0x01, 0x28, 0x08, 0x52, 0x0d, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x43, 0x67, 0x72, 0x6f, 0x75, + 0x70, 0x73, 0x12, 0x25, 0x0a, 0x07, 0x63, 0x67, 0x5f, 0x72, 0x6f, 0x6f, 0x74, 0x18, 0x19, 0x20, + 0x03, 0x28, 0x0b, 0x32, 0x0c, 0x2e, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x72, 0x6f, 0x6f, + 0x74, 0x52, 0x06, 0x63, 0x67, 0x52, 0x6f, 0x6f, 0x74, 0x12, 0x1f, 0x0a, 0x0b, 0x72, 0x73, 0x74, + 0x5f, 0x73, 0x69, 0x62, 0x6c, 0x69, 0x6e, 0x67, 0x18, 0x1a, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, + 0x72, 0x73, 0x74, 0x53, 0x69, 0x62, 0x6c, 0x69, 0x6e, 0x67, 0x12, 0x2a, 0x0a, 0x0a, 0x69, 0x6e, + 0x68, 0x65, 0x72, 0x69, 0x74, 0x5f, 0x66, 0x64, 0x18, 0x1b, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0b, + 0x2e, 0x69, 0x6e, 0x68, 0x65, 0x72, 0x69, 0x74, 0x5f, 0x66, 0x64, 0x52, 0x09, 0x69, 0x6e, 0x68, + 0x65, 0x72, 0x69, 0x74, 0x46, 0x64, 0x12, 0x20, 0x0a, 0x0c, 0x61, 0x75, 0x74, 0x6f, 0x5f, 0x65, + 0x78, 0x74, 0x5f, 0x6d, 0x6e, 0x74, 0x18, 0x1c, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x61, 0x75, + 0x74, 0x6f, 0x45, 0x78, 0x74, 0x4d, 0x6e, 0x74, 0x12, 0x1f, 0x0a, 0x0b, 0x65, 0x78, 0x74, 0x5f, + 0x73, 0x68, 0x61, 0x72, 0x69, 0x6e, 0x67, 0x18, 0x1d, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x65, + 0x78, 0x74, 0x53, 0x68, 0x61, 0x72, 0x69, 0x6e, 0x67, 0x12, 0x1f, 0x0a, 0x0b, 0x65, 0x78, 0x74, + 0x5f, 0x6d, 0x61, 0x73, 0x74, 0x65, 0x72, 0x73, 0x18, 0x1e, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, + 0x65, 0x78, 0x74, 0x4d, 0x61, 0x73, 0x74, 0x65, 0x72, 0x73, 0x12, 0x19, 0x0a, 0x08, 0x73, 0x6b, + 0x69, 0x70, 0x5f, 0x6d, 0x6e, 0x74, 0x18, 0x1f, 0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x73, 0x6b, + 0x69, 0x70, 0x4d, 0x6e, 0x74, 0x12, 0x1b, 0x0a, 0x09, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x5f, + 0x66, 0x73, 0x18, 0x20, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, + 0x46, 0x73, 0x12, 0x28, 0x0a, 0x0b, 0x75, 0x6e, 0x69, 0x78, 0x5f, 0x73, 0x6b, 0x5f, 0x69, 0x6e, + 0x6f, 0x18, 0x21, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x08, 0x2e, 0x75, 0x6e, 0x69, 0x78, 0x5f, 0x73, + 0x6b, 0x52, 0x09, 0x75, 0x6e, 0x69, 0x78, 0x53, 0x6b, 0x49, 0x6e, 0x6f, 0x12, 0x3d, 0x0a, 0x13, + 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x5f, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x5f, 0x6d, + 0x6f, 0x64, 0x65, 0x18, 0x22, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x0d, 0x2e, 0x63, 0x72, 0x69, 0x75, + 0x5f, 0x63, 0x67, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x52, 0x11, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, + 0x43, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x28, 0x0a, 0x0b, 0x67, + 0x68, 0x6f, 0x73, 0x74, 0x5f, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x18, 0x23, 0x20, 0x01, 0x28, 0x0d, + 0x3a, 0x07, 0x31, 0x30, 0x34, 0x38, 0x35, 0x37, 0x36, 0x52, 0x0a, 0x67, 0x68, 0x6f, 0x73, 0x74, + 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x12, 0x28, 0x0a, 0x10, 0x69, 0x72, 0x6d, 0x61, 0x70, 0x5f, 0x73, + 0x63, 0x61, 0x6e, 0x5f, 0x70, 0x61, 0x74, 0x68, 0x73, 0x18, 0x24, 0x20, 0x03, 0x28, 0x09, 0x52, + 0x0e, 0x69, 0x72, 0x6d, 0x61, 0x70, 0x53, 0x63, 0x61, 0x6e, 0x50, 0x61, 0x74, 0x68, 0x73, 0x12, + 0x1a, 0x0a, 0x08, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x18, 0x25, 0x20, 0x03, 0x28, + 0x09, 0x52, 0x08, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x12, 0x19, 0x0a, 0x08, 0x65, + 0x6d, 0x70, 0x74, 0x79, 0x5f, 0x6e, 0x73, 0x18, 0x26, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x07, 0x65, + 0x6d, 0x70, 0x74, 0x79, 0x4e, 0x73, 0x12, 0x28, 0x0a, 0x07, 0x6a, 0x6f, 0x69, 0x6e, 0x5f, 0x6e, + 0x73, 0x18, 0x27, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x6a, 0x6f, 0x69, 0x6e, 0x5f, 0x6e, + 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x52, 0x06, 0x6a, 0x6f, 0x69, 0x6e, 0x4e, 0x73, + 0x12, 0x21, 0x0a, 0x0c, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x70, 0x72, 0x6f, 0x70, 0x73, + 0x18, 0x29, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x50, 0x72, + 0x6f, 0x70, 0x73, 0x12, 0x2a, 0x0a, 0x11, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x70, 0x72, + 0x6f, 0x70, 0x73, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x2a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, + 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x50, 0x72, 0x6f, 0x70, 0x73, 0x46, 0x69, 0x6c, 0x65, 0x12, + 0x34, 0x0a, 0x16, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x64, 0x75, 0x6d, 0x70, 0x5f, 0x63, + 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x18, 0x2b, 0x20, 0x03, 0x28, 0x09, 0x52, + 0x14, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x44, 0x75, 0x6d, 0x70, 0x43, 0x6f, 0x6e, 0x74, 0x72, + 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x12, 0x23, 0x0a, 0x0d, 0x66, 0x72, 0x65, 0x65, 0x7a, 0x65, 0x5f, + 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x18, 0x2c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x66, 0x72, + 0x65, 0x65, 0x7a, 0x65, 0x43, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x18, 0x0a, 0x07, 0x74, 0x69, + 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x2d, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x07, 0x74, 0x69, 0x6d, + 0x65, 0x6f, 0x75, 0x74, 0x12, 0x2b, 0x0a, 0x12, 0x74, 0x63, 0x70, 0x5f, 0x73, 0x6b, 0x69, 0x70, + 0x5f, 0x69, 0x6e, 0x5f, 0x66, 0x6c, 0x69, 0x67, 0x68, 0x74, 0x18, 0x2e, 0x20, 0x01, 0x28, 0x08, + 0x52, 0x0f, 0x74, 0x63, 0x70, 0x53, 0x6b, 0x69, 0x70, 0x49, 0x6e, 0x46, 0x6c, 0x69, 0x67, 0x68, + 0x74, 0x12, 0x21, 0x0a, 0x0c, 0x77, 0x65, 0x61, 0x6b, 0x5f, 0x73, 0x79, 0x73, 0x63, 0x74, 0x6c, + 0x73, 0x18, 0x2f, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0b, 0x77, 0x65, 0x61, 0x6b, 0x53, 0x79, 0x73, + 0x63, 0x74, 0x6c, 0x73, 0x12, 0x1d, 0x0a, 0x0a, 0x6c, 0x61, 0x7a, 0x79, 0x5f, 0x70, 0x61, 0x67, + 0x65, 0x73, 0x18, 0x30, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x6c, 0x61, 0x7a, 0x79, 0x50, 0x61, + 0x67, 0x65, 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x5f, 0x66, 0x64, + 0x18, 0x31, 0x20, 0x01, 0x28, 0x05, 0x52, 0x08, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x46, 0x64, + 0x12, 0x2a, 0x0a, 0x11, 0x6f, 0x72, 0x70, 0x68, 0x61, 0x6e, 0x5f, 0x70, 0x74, 0x73, 0x5f, 0x6d, + 0x61, 0x73, 0x74, 0x65, 0x72, 0x18, 0x32, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0f, 0x6f, 0x72, 0x70, + 0x68, 0x61, 0x6e, 0x50, 0x74, 0x73, 0x4d, 0x61, 0x73, 0x74, 0x65, 0x72, 0x12, 0x1f, 0x0a, 0x0b, + 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x33, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x0a, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x1b, 0x0a, + 0x09, 0x74, 0x63, 0x70, 0x5f, 0x63, 0x6c, 0x6f, 0x73, 0x65, 0x18, 0x34, 0x20, 0x01, 0x28, 0x08, + 0x52, 0x08, 0x74, 0x63, 0x70, 0x43, 0x6c, 0x6f, 0x73, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x6c, 0x73, + 0x6d, 0x5f, 0x70, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x35, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x0a, 0x6c, 0x73, 0x6d, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x74, + 0x6c, 0x73, 0x5f, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x18, 0x36, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x09, 0x74, 0x6c, 0x73, 0x43, 0x61, 0x63, 0x65, 0x72, 0x74, 0x12, 0x1b, 0x0a, 0x09, 0x74, 0x6c, + 0x73, 0x5f, 0x63, 0x61, 0x63, 0x72, 0x6c, 0x18, 0x37, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x74, + 0x6c, 0x73, 0x43, 0x61, 0x63, 0x72, 0x6c, 0x12, 0x19, 0x0a, 0x08, 0x74, 0x6c, 0x73, 0x5f, 0x63, + 0x65, 0x72, 0x74, 0x18, 0x38, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x74, 0x6c, 0x73, 0x43, 0x65, + 0x72, 0x74, 0x12, 0x17, 0x0a, 0x07, 0x74, 0x6c, 0x73, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x39, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x06, 0x74, 0x6c, 0x73, 0x4b, 0x65, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x74, + 0x6c, 0x73, 0x18, 0x3a, 0x20, 0x01, 0x28, 0x08, 0x52, 0x03, 0x74, 0x6c, 0x73, 0x12, 0x27, 0x0a, + 0x10, 0x74, 0x6c, 0x73, 0x5f, 0x6e, 0x6f, 0x5f, 0x63, 0x6e, 0x5f, 0x76, 0x65, 0x72, 0x69, 0x66, + 0x79, 0x18, 0x3b, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0d, 0x74, 0x6c, 0x73, 0x4e, 0x6f, 0x43, 0x6e, + 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x12, 0x1f, 0x0a, 0x0b, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, + 0x5f, 0x79, 0x61, 0x72, 0x64, 0x18, 0x3c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x63, 0x67, 0x72, + 0x6f, 0x75, 0x70, 0x59, 0x61, 0x72, 0x64, 0x12, 0x3f, 0x0a, 0x0d, 0x70, 0x72, 0x65, 0x5f, 0x64, + 0x75, 0x6d, 0x70, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x3d, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x13, + 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x70, 0x72, 0x65, 0x5f, 0x64, 0x75, 0x6d, 0x70, 0x5f, 0x6d, + 0x6f, 0x64, 0x65, 0x3a, 0x06, 0x53, 0x50, 0x4c, 0x49, 0x43, 0x45, 0x52, 0x0b, 0x70, 0x72, 0x65, + 0x44, 0x75, 0x6d, 0x70, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x24, 0x0a, 0x0e, 0x70, 0x69, 0x64, 0x66, + 0x64, 0x5f, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x5f, 0x73, 0x6b, 0x18, 0x3e, 0x20, 0x01, 0x28, 0x05, + 0x52, 0x0c, 0x70, 0x69, 0x64, 0x66, 0x64, 0x53, 0x74, 0x6f, 0x72, 0x65, 0x53, 0x6b, 0x12, 0x2a, + 0x0a, 0x11, 0x6c, 0x73, 0x6d, 0x5f, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x63, 0x6f, 0x6e, 0x74, + 0x65, 0x78, 0x74, 0x18, 0x3f, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x6c, 0x73, 0x6d, 0x4d, 0x6f, + 0x75, 0x6e, 0x74, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x12, 0x46, 0x0a, 0x0c, 0x6e, 0x65, + 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x5f, 0x6c, 0x6f, 0x63, 0x6b, 0x18, 0x40, 0x20, 0x01, 0x28, 0x0e, + 0x32, 0x19, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x5f, + 0x6c, 0x6f, 0x63, 0x6b, 0x5f, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x3a, 0x08, 0x49, 0x50, 0x54, + 0x41, 0x42, 0x4c, 0x45, 0x53, 0x52, 0x0b, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x4c, 0x6f, + 0x63, 0x6b, 0x12, 0x2a, 0x0a, 0x11, 0x6d, 0x6e, 0x74, 0x6e, 0x73, 0x5f, 0x63, 0x6f, 0x6d, 0x70, + 0x61, 0x74, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x41, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0f, 0x6d, + 0x6e, 0x74, 0x6e, 0x73, 0x43, 0x6f, 0x6d, 0x70, 0x61, 0x74, 0x4d, 0x6f, 0x64, 0x65, 0x22, 0x2c, + 0x0a, 0x0e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x64, 0x75, 0x6d, 0x70, 0x5f, 0x72, 0x65, 0x73, 0x70, + 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x08, 0x52, 0x08, 0x72, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x64, 0x22, 0x25, 0x0a, 0x11, + 0x63, 0x72, 0x69, 0x75, 0x5f, 0x72, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x5f, 0x72, 0x65, 0x73, + 0x70, 0x12, 0x10, 0x0a, 0x03, 0x70, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x05, 0x52, 0x03, + 0x70, 0x69, 0x64, 0x22, 0x37, 0x0a, 0x0b, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x6e, 0x6f, 0x74, 0x69, + 0x66, 0x79, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x06, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x70, 0x69, + 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x70, 0x69, 0x64, 0x22, 0x6c, 0x0a, 0x0d, + 0x63, 0x72, 0x69, 0x75, 0x5f, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x12, 0x1b, 0x0a, + 0x09, 0x6d, 0x65, 0x6d, 0x5f, 0x74, 0x72, 0x61, 0x63, 0x6b, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, + 0x52, 0x08, 0x6d, 0x65, 0x6d, 0x54, 0x72, 0x61, 0x63, 0x6b, 0x12, 0x1d, 0x0a, 0x0a, 0x6c, 0x61, + 0x7a, 0x79, 0x5f, 0x70, 0x61, 0x67, 0x65, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, + 0x6c, 0x61, 0x7a, 0x79, 0x50, 0x61, 0x67, 0x65, 0x73, 0x12, 0x1f, 0x0a, 0x0b, 0x70, 0x69, 0x64, + 0x66, 0x64, 0x5f, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, + 0x70, 0x69, 0x64, 0x66, 0x64, 0x53, 0x74, 0x6f, 0x72, 0x65, 0x22, 0xd0, 0x01, 0x0a, 0x08, 0x63, + 0x72, 0x69, 0x75, 0x5f, 0x72, 0x65, 0x71, 0x12, 0x22, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0e, 0x32, 0x0e, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x72, 0x65, 0x71, - 0x5f, 0x74, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x73, - 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x08, 0x52, 0x07, 0x73, 0x75, - 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x23, 0x0a, 0x04, 0x64, 0x75, 0x6d, 0x70, 0x18, 0x03, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x64, 0x75, 0x6d, 0x70, 0x5f, - 0x72, 0x65, 0x73, 0x70, 0x52, 0x04, 0x64, 0x75, 0x6d, 0x70, 0x12, 0x2c, 0x0a, 0x07, 0x72, 0x65, - 0x73, 0x74, 0x6f, 0x72, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x63, 0x72, - 0x69, 0x75, 0x5f, 0x72, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x52, - 0x07, 0x72, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x12, 0x24, 0x0a, 0x06, 0x6e, 0x6f, 0x74, 0x69, - 0x66, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0c, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, - 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x52, 0x06, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x12, 0x26, - 0x0a, 0x02, 0x70, 0x73, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x63, 0x72, 0x69, - 0x75, 0x5f, 0x70, 0x61, 0x67, 0x65, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x69, 0x6e, - 0x66, 0x6f, 0x52, 0x02, 0x70, 0x73, 0x12, 0x19, 0x0a, 0x08, 0x63, 0x72, 0x5f, 0x65, 0x72, 0x72, - 0x6e, 0x6f, 0x18, 0x07, 0x20, 0x01, 0x28, 0x05, 0x52, 0x07, 0x63, 0x72, 0x45, 0x72, 0x72, 0x6e, - 0x6f, 0x12, 0x2a, 0x0a, 0x08, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x18, 0x08, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x66, 0x65, 0x61, 0x74, 0x75, - 0x72, 0x65, 0x73, 0x52, 0x08, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x12, 0x1b, 0x0a, - 0x09, 0x63, 0x72, 0x5f, 0x65, 0x72, 0x72, 0x6d, 0x73, 0x67, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x08, 0x63, 0x72, 0x45, 0x72, 0x72, 0x6d, 0x73, 0x67, 0x12, 0x27, 0x0a, 0x07, 0x76, 0x65, - 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0d, 0x2e, 0x63, 0x72, - 0x69, 0x75, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x07, 0x76, 0x65, 0x72, 0x73, - 0x69, 0x6f, 0x6e, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x0b, 0x20, - 0x01, 0x28, 0x05, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x22, 0xb0, 0x01, 0x0a, 0x0c, - 0x63, 0x72, 0x69, 0x75, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x21, 0x0a, 0x0c, - 0x6d, 0x61, 0x6a, 0x6f, 0x72, 0x5f, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x01, 0x20, 0x02, - 0x28, 0x05, 0x52, 0x0b, 0x6d, 0x61, 0x6a, 0x6f, 0x72, 0x4e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, - 0x21, 0x0a, 0x0c, 0x6d, 0x69, 0x6e, 0x6f, 0x72, 0x5f, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, - 0x02, 0x20, 0x02, 0x28, 0x05, 0x52, 0x0b, 0x6d, 0x69, 0x6e, 0x6f, 0x72, 0x4e, 0x75, 0x6d, 0x62, - 0x65, 0x72, 0x12, 0x14, 0x0a, 0x05, 0x67, 0x69, 0x74, 0x69, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x05, 0x67, 0x69, 0x74, 0x69, 0x64, 0x12, 0x1a, 0x0a, 0x08, 0x73, 0x75, 0x62, 0x6c, - 0x65, 0x76, 0x65, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x05, 0x52, 0x08, 0x73, 0x75, 0x62, 0x6c, - 0x65, 0x76, 0x65, 0x6c, 0x12, 0x14, 0x0a, 0x05, 0x65, 0x78, 0x74, 0x72, 0x61, 0x18, 0x05, 0x20, - 0x01, 0x28, 0x05, 0x52, 0x05, 0x65, 0x78, 0x74, 0x72, 0x61, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, - 0x6d, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x2a, 0x5f, - 0x0a, 0x0c, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x63, 0x67, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x0a, - 0x0a, 0x06, 0x49, 0x47, 0x4e, 0x4f, 0x52, 0x45, 0x10, 0x00, 0x12, 0x0b, 0x0a, 0x07, 0x43, 0x47, - 0x5f, 0x4e, 0x4f, 0x4e, 0x45, 0x10, 0x01, 0x12, 0x09, 0x0a, 0x05, 0x50, 0x52, 0x4f, 0x50, 0x53, - 0x10, 0x02, 0x12, 0x08, 0x0a, 0x04, 0x53, 0x4f, 0x46, 0x54, 0x10, 0x03, 0x12, 0x08, 0x0a, 0x04, - 0x46, 0x55, 0x4c, 0x4c, 0x10, 0x04, 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x54, 0x52, 0x49, 0x43, 0x54, - 0x10, 0x05, 0x12, 0x0b, 0x0a, 0x07, 0x44, 0x45, 0x46, 0x41, 0x55, 0x4c, 0x54, 0x10, 0x06, 0x2a, - 0x36, 0x0a, 0x18, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x5f, - 0x6c, 0x6f, 0x63, 0x6b, 0x5f, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x12, 0x0c, 0x0a, 0x08, 0x49, - 0x50, 0x54, 0x41, 0x42, 0x4c, 0x45, 0x53, 0x10, 0x01, 0x12, 0x0c, 0x0a, 0x08, 0x4e, 0x46, 0x54, - 0x41, 0x42, 0x4c, 0x45, 0x53, 0x10, 0x02, 0x2a, 0x2d, 0x0a, 0x12, 0x63, 0x72, 0x69, 0x75, 0x5f, - 0x70, 0x72, 0x65, 0x5f, 0x64, 0x75, 0x6d, 0x70, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x0a, 0x0a, - 0x06, 0x53, 0x50, 0x4c, 0x49, 0x43, 0x45, 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x56, 0x4d, 0x5f, - 0x52, 0x45, 0x41, 0x44, 0x10, 0x02, 0x2a, 0xe5, 0x01, 0x0a, 0x0d, 0x63, 0x72, 0x69, 0x75, 0x5f, - 0x72, 0x65, 0x71, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x12, 0x09, 0x0a, 0x05, 0x45, 0x4d, 0x50, 0x54, - 0x59, 0x10, 0x00, 0x12, 0x08, 0x0a, 0x04, 0x44, 0x55, 0x4d, 0x50, 0x10, 0x01, 0x12, 0x0b, 0x0a, - 0x07, 0x52, 0x45, 0x53, 0x54, 0x4f, 0x52, 0x45, 0x10, 0x02, 0x12, 0x09, 0x0a, 0x05, 0x43, 0x48, - 0x45, 0x43, 0x4b, 0x10, 0x03, 0x12, 0x0c, 0x0a, 0x08, 0x50, 0x52, 0x45, 0x5f, 0x44, 0x55, 0x4d, - 0x50, 0x10, 0x04, 0x12, 0x0f, 0x0a, 0x0b, 0x50, 0x41, 0x47, 0x45, 0x5f, 0x53, 0x45, 0x52, 0x56, - 0x45, 0x52, 0x10, 0x05, 0x12, 0x0a, 0x0a, 0x06, 0x4e, 0x4f, 0x54, 0x49, 0x46, 0x59, 0x10, 0x06, - 0x12, 0x10, 0x0a, 0x0c, 0x43, 0x50, 0x55, 0x49, 0x4e, 0x46, 0x4f, 0x5f, 0x44, 0x55, 0x4d, 0x50, - 0x10, 0x07, 0x12, 0x11, 0x0a, 0x0d, 0x43, 0x50, 0x55, 0x49, 0x4e, 0x46, 0x4f, 0x5f, 0x43, 0x48, - 0x45, 0x43, 0x4b, 0x10, 0x08, 0x12, 0x11, 0x0a, 0x0d, 0x46, 0x45, 0x41, 0x54, 0x55, 0x52, 0x45, - 0x5f, 0x43, 0x48, 0x45, 0x43, 0x4b, 0x10, 0x09, 0x12, 0x0b, 0x0a, 0x07, 0x56, 0x45, 0x52, 0x53, - 0x49, 0x4f, 0x4e, 0x10, 0x0a, 0x12, 0x0c, 0x0a, 0x08, 0x57, 0x41, 0x49, 0x54, 0x5f, 0x50, 0x49, - 0x44, 0x10, 0x0b, 0x12, 0x14, 0x0a, 0x10, 0x50, 0x41, 0x47, 0x45, 0x5f, 0x53, 0x45, 0x52, 0x56, - 0x45, 0x52, 0x5f, 0x43, 0x48, 0x4c, 0x44, 0x10, 0x0c, 0x12, 0x13, 0x0a, 0x0f, 0x53, 0x49, 0x4e, - 0x47, 0x4c, 0x45, 0x5f, 0x50, 0x52, 0x45, 0x5f, 0x44, 0x55, 0x4d, 0x50, 0x10, 0x0d, + 0x5f, 0x74, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x1e, 0x0a, 0x04, 0x6f, + 0x70, 0x74, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0a, 0x2e, 0x63, 0x72, 0x69, 0x75, + 0x5f, 0x6f, 0x70, 0x74, 0x73, 0x52, 0x04, 0x6f, 0x70, 0x74, 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x6e, + 0x6f, 0x74, 0x69, 0x66, 0x79, 0x5f, 0x73, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x18, 0x03, 0x20, + 0x01, 0x28, 0x08, 0x52, 0x0d, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x53, 0x75, 0x63, 0x63, 0x65, + 0x73, 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x6b, 0x65, 0x65, 0x70, 0x5f, 0x6f, 0x70, 0x65, 0x6e, 0x18, + 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x6b, 0x65, 0x65, 0x70, 0x4f, 0x70, 0x65, 0x6e, 0x12, + 0x2a, 0x0a, 0x08, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x0e, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, + 0x73, 0x52, 0x08, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x12, 0x10, 0x0a, 0x03, 0x70, + 0x69, 0x64, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x03, 0x70, 0x69, 0x64, 0x22, 0x8f, 0x03, + 0x0a, 0x09, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x12, 0x22, 0x0a, 0x04, 0x74, + 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0e, 0x32, 0x0e, 0x2e, 0x63, 0x72, 0x69, 0x75, + 0x5f, 0x72, 0x65, 0x71, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, + 0x18, 0x0a, 0x07, 0x73, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x08, + 0x52, 0x07, 0x73, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x23, 0x0a, 0x04, 0x64, 0x75, 0x6d, + 0x70, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x64, + 0x75, 0x6d, 0x70, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x52, 0x04, 0x64, 0x75, 0x6d, 0x70, 0x12, 0x2c, + 0x0a, 0x07, 0x72, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x12, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x72, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x5f, 0x72, + 0x65, 0x73, 0x70, 0x52, 0x07, 0x72, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x12, 0x24, 0x0a, 0x06, + 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0c, 0x2e, 0x63, + 0x72, 0x69, 0x75, 0x5f, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x52, 0x06, 0x6e, 0x6f, 0x74, 0x69, + 0x66, 0x79, 0x12, 0x26, 0x0a, 0x02, 0x70, 0x73, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, + 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x70, 0x61, 0x67, 0x65, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x65, + 0x72, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x52, 0x02, 0x70, 0x73, 0x12, 0x19, 0x0a, 0x08, 0x63, 0x72, + 0x5f, 0x65, 0x72, 0x72, 0x6e, 0x6f, 0x18, 0x07, 0x20, 0x01, 0x28, 0x05, 0x52, 0x07, 0x63, 0x72, + 0x45, 0x72, 0x72, 0x6e, 0x6f, 0x12, 0x2a, 0x0a, 0x08, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, + 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x66, + 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x52, 0x08, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, + 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x63, 0x72, 0x5f, 0x65, 0x72, 0x72, 0x6d, 0x73, 0x67, 0x18, 0x09, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x63, 0x72, 0x45, 0x72, 0x72, 0x6d, 0x73, 0x67, 0x12, 0x27, + 0x0a, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x0d, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x07, + 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, + 0x73, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x05, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x22, + 0xb0, 0x01, 0x0a, 0x0c, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, + 0x12, 0x21, 0x0a, 0x0c, 0x6d, 0x61, 0x6a, 0x6f, 0x72, 0x5f, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, + 0x18, 0x01, 0x20, 0x02, 0x28, 0x05, 0x52, 0x0b, 0x6d, 0x61, 0x6a, 0x6f, 0x72, 0x4e, 0x75, 0x6d, + 0x62, 0x65, 0x72, 0x12, 0x21, 0x0a, 0x0c, 0x6d, 0x69, 0x6e, 0x6f, 0x72, 0x5f, 0x6e, 0x75, 0x6d, + 0x62, 0x65, 0x72, 0x18, 0x02, 0x20, 0x02, 0x28, 0x05, 0x52, 0x0b, 0x6d, 0x69, 0x6e, 0x6f, 0x72, + 0x4e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, 0x14, 0x0a, 0x05, 0x67, 0x69, 0x74, 0x69, 0x64, 0x18, + 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x67, 0x69, 0x74, 0x69, 0x64, 0x12, 0x1a, 0x0a, 0x08, + 0x73, 0x75, 0x62, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x05, 0x52, 0x08, + 0x73, 0x75, 0x62, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x12, 0x14, 0x0a, 0x05, 0x65, 0x78, 0x74, 0x72, + 0x61, 0x18, 0x05, 0x20, 0x01, 0x28, 0x05, 0x52, 0x05, 0x65, 0x78, 0x74, 0x72, 0x61, 0x12, 0x12, + 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, + 0x6d, 0x65, 0x2a, 0x5f, 0x0a, 0x0c, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x63, 0x67, 0x5f, 0x6d, 0x6f, + 0x64, 0x65, 0x12, 0x0a, 0x0a, 0x06, 0x49, 0x47, 0x4e, 0x4f, 0x52, 0x45, 0x10, 0x00, 0x12, 0x0b, + 0x0a, 0x07, 0x43, 0x47, 0x5f, 0x4e, 0x4f, 0x4e, 0x45, 0x10, 0x01, 0x12, 0x09, 0x0a, 0x05, 0x50, + 0x52, 0x4f, 0x50, 0x53, 0x10, 0x02, 0x12, 0x08, 0x0a, 0x04, 0x53, 0x4f, 0x46, 0x54, 0x10, 0x03, + 0x12, 0x08, 0x0a, 0x04, 0x46, 0x55, 0x4c, 0x4c, 0x10, 0x04, 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x54, + 0x52, 0x49, 0x43, 0x54, 0x10, 0x05, 0x12, 0x0b, 0x0a, 0x07, 0x44, 0x45, 0x46, 0x41, 0x55, 0x4c, + 0x54, 0x10, 0x06, 0x2a, 0x36, 0x0a, 0x18, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x6e, 0x65, 0x74, 0x77, + 0x6f, 0x72, 0x6b, 0x5f, 0x6c, 0x6f, 0x63, 0x6b, 0x5f, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x12, + 0x0c, 0x0a, 0x08, 0x49, 0x50, 0x54, 0x41, 0x42, 0x4c, 0x45, 0x53, 0x10, 0x01, 0x12, 0x0c, 0x0a, + 0x08, 0x4e, 0x46, 0x54, 0x41, 0x42, 0x4c, 0x45, 0x53, 0x10, 0x02, 0x2a, 0x2d, 0x0a, 0x12, 0x63, + 0x72, 0x69, 0x75, 0x5f, 0x70, 0x72, 0x65, 0x5f, 0x64, 0x75, 0x6d, 0x70, 0x5f, 0x6d, 0x6f, 0x64, + 0x65, 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x50, 0x4c, 0x49, 0x43, 0x45, 0x10, 0x01, 0x12, 0x0b, 0x0a, + 0x07, 0x56, 0x4d, 0x5f, 0x52, 0x45, 0x41, 0x44, 0x10, 0x02, 0x2a, 0xe5, 0x01, 0x0a, 0x0d, 0x63, + 0x72, 0x69, 0x75, 0x5f, 0x72, 0x65, 0x71, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x12, 0x09, 0x0a, 0x05, + 0x45, 0x4d, 0x50, 0x54, 0x59, 0x10, 0x00, 0x12, 0x08, 0x0a, 0x04, 0x44, 0x55, 0x4d, 0x50, 0x10, + 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x52, 0x45, 0x53, 0x54, 0x4f, 0x52, 0x45, 0x10, 0x02, 0x12, 0x09, + 0x0a, 0x05, 0x43, 0x48, 0x45, 0x43, 0x4b, 0x10, 0x03, 0x12, 0x0c, 0x0a, 0x08, 0x50, 0x52, 0x45, + 0x5f, 0x44, 0x55, 0x4d, 0x50, 0x10, 0x04, 0x12, 0x0f, 0x0a, 0x0b, 0x50, 0x41, 0x47, 0x45, 0x5f, + 0x53, 0x45, 0x52, 0x56, 0x45, 0x52, 0x10, 0x05, 0x12, 0x0a, 0x0a, 0x06, 0x4e, 0x4f, 0x54, 0x49, + 0x46, 0x59, 0x10, 0x06, 0x12, 0x10, 0x0a, 0x0c, 0x43, 0x50, 0x55, 0x49, 0x4e, 0x46, 0x4f, 0x5f, + 0x44, 0x55, 0x4d, 0x50, 0x10, 0x07, 0x12, 0x11, 0x0a, 0x0d, 0x43, 0x50, 0x55, 0x49, 0x4e, 0x46, + 0x4f, 0x5f, 0x43, 0x48, 0x45, 0x43, 0x4b, 0x10, 0x08, 0x12, 0x11, 0x0a, 0x0d, 0x46, 0x45, 0x41, + 0x54, 0x55, 0x52, 0x45, 0x5f, 0x43, 0x48, 0x45, 0x43, 0x4b, 0x10, 0x09, 0x12, 0x0b, 0x0a, 0x07, + 0x56, 0x45, 0x52, 0x53, 0x49, 0x4f, 0x4e, 0x10, 0x0a, 0x12, 0x0c, 0x0a, 0x08, 0x57, 0x41, 0x49, + 0x54, 0x5f, 0x50, 0x49, 0x44, 0x10, 0x0b, 0x12, 0x14, 0x0a, 0x10, 0x50, 0x41, 0x47, 0x45, 0x5f, + 0x53, 0x45, 0x52, 0x56, 0x45, 0x52, 0x5f, 0x43, 0x48, 0x4c, 0x44, 0x10, 0x0c, 0x12, 0x13, 0x0a, + 0x0f, 0x53, 0x49, 0x4e, 0x47, 0x4c, 0x45, 0x5f, 0x50, 0x52, 0x45, 0x5f, 0x44, 0x55, 0x4d, 0x50, + 0x10, 0x0d, } var ( - file_rpc_proto_rawDescOnce sync.Once - file_rpc_proto_rawDescData = file_rpc_proto_rawDesc + file_rpc_rpc_proto_rawDescOnce sync.Once + file_rpc_rpc_proto_rawDescData = file_rpc_rpc_proto_rawDesc ) -func file_rpc_proto_rawDescGZIP() []byte { - file_rpc_proto_rawDescOnce.Do(func() { - file_rpc_proto_rawDescData = protoimpl.X.CompressGZIP(file_rpc_proto_rawDescData) +func file_rpc_rpc_proto_rawDescGZIP() []byte { + file_rpc_rpc_proto_rawDescOnce.Do(func() { + file_rpc_rpc_proto_rawDescData = protoimpl.X.CompressGZIP(file_rpc_rpc_proto_rawDescData) }) - return file_rpc_proto_rawDescData + return file_rpc_rpc_proto_rawDescData } -var file_rpc_proto_enumTypes = make([]protoimpl.EnumInfo, 4) -var file_rpc_proto_msgTypes = make([]protoimpl.MessageInfo, 15) -var file_rpc_proto_goTypes = []interface{}{ +var file_rpc_rpc_proto_enumTypes = make([]protoimpl.EnumInfo, 4) +var file_rpc_rpc_proto_msgTypes = make([]protoimpl.MessageInfo, 15) +var file_rpc_rpc_proto_goTypes = []interface{}{ (CriuCgMode)(0), // 0: criu_cg_mode (CriuNetworkLockMethod)(0), // 1: criu_network_lock_method (CriuPreDumpMode)(0), // 2: criu_pre_dump_mode @@ -2086,7 +2090,7 @@ var file_rpc_proto_goTypes = []interface{}{ (*CriuResp)(nil), // 17: criu_resp (*CriuVersion)(nil), // 18: criu_version } -var file_rpc_proto_depIdxs = []int32{ +var file_rpc_rpc_proto_depIdxs = []int32{ 4, // 0: criu_opts.ps:type_name -> criu_page_server_info 5, // 1: criu_opts.veths:type_name -> criu_veth_pair 6, // 2: criu_opts.ext_mnt:type_name -> ext_mount_map @@ -2114,13 +2118,13 @@ var file_rpc_proto_depIdxs = []int32{ 0, // [0:20] is the sub-list for field type_name } -func init() { file_rpc_proto_init() } -func file_rpc_proto_init() { - if File_rpc_proto != nil { +func init() { file_rpc_rpc_proto_init() } +func file_rpc_rpc_proto_init() { + if File_rpc_rpc_proto != nil { return } if !protoimpl.UnsafeEnabled { - file_rpc_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + file_rpc_rpc_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*CriuPageServerInfo); i { case 0: return &v.state @@ -2132,7 +2136,7 @@ func file_rpc_proto_init() { return nil } } - file_rpc_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + file_rpc_rpc_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*CriuVethPair); i { case 0: return &v.state @@ -2144,7 +2148,7 @@ func file_rpc_proto_init() { return nil } } - file_rpc_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + file_rpc_rpc_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*ExtMountMap); i { case 0: return &v.state @@ -2156,7 +2160,7 @@ func file_rpc_proto_init() { return nil } } - file_rpc_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { + file_rpc_rpc_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*JoinNamespace); i { case 0: return &v.state @@ -2168,7 +2172,7 @@ func file_rpc_proto_init() { return nil } } - file_rpc_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { + file_rpc_rpc_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*InheritFd); i { case 0: return &v.state @@ -2180,7 +2184,7 @@ func file_rpc_proto_init() { return nil } } - file_rpc_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { + file_rpc_rpc_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*CgroupRoot); i { case 0: return &v.state @@ -2192,7 +2196,7 @@ func file_rpc_proto_init() { return nil } } - file_rpc_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { + file_rpc_rpc_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*UnixSk); i { case 0: return &v.state @@ -2204,7 +2208,7 @@ func file_rpc_proto_init() { return nil } } - file_rpc_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { + file_rpc_rpc_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*CriuOpts); i { case 0: return &v.state @@ -2216,7 +2220,7 @@ func file_rpc_proto_init() { return nil } } - file_rpc_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { + file_rpc_rpc_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*CriuDumpResp); i { case 0: return &v.state @@ -2228,7 +2232,7 @@ func file_rpc_proto_init() { return nil } } - file_rpc_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { + file_rpc_rpc_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*CriuRestoreResp); i { case 0: return &v.state @@ -2240,7 +2244,7 @@ func file_rpc_proto_init() { return nil } } - file_rpc_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} { + file_rpc_rpc_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*CriuNotify); i { case 0: return &v.state @@ -2252,7 +2256,7 @@ func file_rpc_proto_init() { return nil } } - file_rpc_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} { + file_rpc_rpc_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*CriuFeatures); i { case 0: return &v.state @@ -2264,7 +2268,7 @@ func file_rpc_proto_init() { return nil } } - file_rpc_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} { + file_rpc_rpc_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*CriuReq); i { case 0: return &v.state @@ -2276,7 +2280,7 @@ func file_rpc_proto_init() { return nil } } - file_rpc_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} { + file_rpc_rpc_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*CriuResp); i { case 0: return &v.state @@ -2288,7 +2292,7 @@ func file_rpc_proto_init() { return nil } } - file_rpc_proto_msgTypes[14].Exporter = func(v interface{}, i int) interface{} { + file_rpc_rpc_proto_msgTypes[14].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*CriuVersion); i { case 0: return &v.state @@ -2305,19 +2309,19 @@ func file_rpc_proto_init() { out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_rpc_proto_rawDesc, + RawDescriptor: file_rpc_rpc_proto_rawDesc, NumEnums: 4, NumMessages: 15, NumExtensions: 0, NumServices: 0, }, - GoTypes: file_rpc_proto_goTypes, - DependencyIndexes: file_rpc_proto_depIdxs, - EnumInfos: file_rpc_proto_enumTypes, - MessageInfos: file_rpc_proto_msgTypes, + GoTypes: file_rpc_rpc_proto_goTypes, + DependencyIndexes: file_rpc_rpc_proto_depIdxs, + EnumInfos: file_rpc_rpc_proto_enumTypes, + MessageInfos: file_rpc_rpc_proto_msgTypes, }.Build() - File_rpc_proto = out.File - file_rpc_proto_rawDesc = nil - file_rpc_proto_goTypes = nil - file_rpc_proto_depIdxs = nil + File_rpc_rpc_proto = out.File + file_rpc_rpc_proto_rawDesc = nil + file_rpc_rpc_proto_goTypes = nil + file_rpc_rpc_proto_depIdxs = nil } diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/rpc.proto b/vendor/github.com/checkpoint-restore/go-criu/v6/rpc/rpc.proto similarity index 100% rename from vendor/github.com/checkpoint-restore/go-criu/v6/crit/images/rpc.proto rename to vendor/github.com/checkpoint-restore/go-criu/v6/rpc/rpc.proto diff --git a/vendor/google.golang.org/protobuf/types/descriptorpb/descriptor.pb.go b/vendor/google.golang.org/protobuf/types/descriptorpb/descriptor.pb.go deleted file mode 100644 index abe4ab5115b..00000000000 --- a/vendor/google.golang.org/protobuf/types/descriptorpb/descriptor.pb.go +++ /dev/null @@ -1,3957 +0,0 @@ -// Protocol Buffers - Google's data interchange format -// Copyright 2008 Google Inc. All rights reserved. -// https://developers.google.com/protocol-buffers/ -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions are -// met: -// -// * Redistributions of source code must retain the above copyright -// notice, this list of conditions and the following disclaimer. -// * Redistributions in binary form must reproduce the above -// copyright notice, this list of conditions and the following disclaimer -// in the documentation and/or other materials provided with the -// distribution. -// * Neither the name of Google Inc. nor the names of its -// contributors may be used to endorse or promote products derived from -// this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -// Author: kenton@google.com (Kenton Varda) -// Based on original Protocol Buffers design by -// Sanjay Ghemawat, Jeff Dean, and others. -// -// The messages in this file describe the definitions found in .proto files. -// A valid .proto file can be translated directly to a FileDescriptorProto -// without any other information (e.g. without reading its imports). - -// Code generated by protoc-gen-go. DO NOT EDIT. -// source: google/protobuf/descriptor.proto - -package descriptorpb - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -type FieldDescriptorProto_Type int32 - -const ( - // 0 is reserved for errors. - // Order is weird for historical reasons. - FieldDescriptorProto_TYPE_DOUBLE FieldDescriptorProto_Type = 1 - FieldDescriptorProto_TYPE_FLOAT FieldDescriptorProto_Type = 2 - // Not ZigZag encoded. Negative numbers take 10 bytes. Use TYPE_SINT64 if - // negative values are likely. - FieldDescriptorProto_TYPE_INT64 FieldDescriptorProto_Type = 3 - FieldDescriptorProto_TYPE_UINT64 FieldDescriptorProto_Type = 4 - // Not ZigZag encoded. Negative numbers take 10 bytes. Use TYPE_SINT32 if - // negative values are likely. - FieldDescriptorProto_TYPE_INT32 FieldDescriptorProto_Type = 5 - FieldDescriptorProto_TYPE_FIXED64 FieldDescriptorProto_Type = 6 - FieldDescriptorProto_TYPE_FIXED32 FieldDescriptorProto_Type = 7 - FieldDescriptorProto_TYPE_BOOL FieldDescriptorProto_Type = 8 - FieldDescriptorProto_TYPE_STRING FieldDescriptorProto_Type = 9 - // Tag-delimited aggregate. - // Group type is deprecated and not supported in proto3. However, Proto3 - // implementations should still be able to parse the group wire format and - // treat group fields as unknown fields. - FieldDescriptorProto_TYPE_GROUP FieldDescriptorProto_Type = 10 - FieldDescriptorProto_TYPE_MESSAGE FieldDescriptorProto_Type = 11 // Length-delimited aggregate. - // New in version 2. - FieldDescriptorProto_TYPE_BYTES FieldDescriptorProto_Type = 12 - FieldDescriptorProto_TYPE_UINT32 FieldDescriptorProto_Type = 13 - FieldDescriptorProto_TYPE_ENUM FieldDescriptorProto_Type = 14 - FieldDescriptorProto_TYPE_SFIXED32 FieldDescriptorProto_Type = 15 - FieldDescriptorProto_TYPE_SFIXED64 FieldDescriptorProto_Type = 16 - FieldDescriptorProto_TYPE_SINT32 FieldDescriptorProto_Type = 17 // Uses ZigZag encoding. - FieldDescriptorProto_TYPE_SINT64 FieldDescriptorProto_Type = 18 // Uses ZigZag encoding. -) - -// Enum value maps for FieldDescriptorProto_Type. -var ( - FieldDescriptorProto_Type_name = map[int32]string{ - 1: "TYPE_DOUBLE", - 2: "TYPE_FLOAT", - 3: "TYPE_INT64", - 4: "TYPE_UINT64", - 5: "TYPE_INT32", - 6: "TYPE_FIXED64", - 7: "TYPE_FIXED32", - 8: "TYPE_BOOL", - 9: "TYPE_STRING", - 10: "TYPE_GROUP", - 11: "TYPE_MESSAGE", - 12: "TYPE_BYTES", - 13: "TYPE_UINT32", - 14: "TYPE_ENUM", - 15: "TYPE_SFIXED32", - 16: "TYPE_SFIXED64", - 17: "TYPE_SINT32", - 18: "TYPE_SINT64", - } - FieldDescriptorProto_Type_value = map[string]int32{ - "TYPE_DOUBLE": 1, - "TYPE_FLOAT": 2, - "TYPE_INT64": 3, - "TYPE_UINT64": 4, - "TYPE_INT32": 5, - "TYPE_FIXED64": 6, - "TYPE_FIXED32": 7, - "TYPE_BOOL": 8, - "TYPE_STRING": 9, - "TYPE_GROUP": 10, - "TYPE_MESSAGE": 11, - "TYPE_BYTES": 12, - "TYPE_UINT32": 13, - "TYPE_ENUM": 14, - "TYPE_SFIXED32": 15, - "TYPE_SFIXED64": 16, - "TYPE_SINT32": 17, - "TYPE_SINT64": 18, - } -) - -func (x FieldDescriptorProto_Type) Enum() *FieldDescriptorProto_Type { - p := new(FieldDescriptorProto_Type) - *p = x - return p -} - -func (x FieldDescriptorProto_Type) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (FieldDescriptorProto_Type) Descriptor() protoreflect.EnumDescriptor { - return file_google_protobuf_descriptor_proto_enumTypes[0].Descriptor() -} - -func (FieldDescriptorProto_Type) Type() protoreflect.EnumType { - return &file_google_protobuf_descriptor_proto_enumTypes[0] -} - -func (x FieldDescriptorProto_Type) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Do not use. -func (x *FieldDescriptorProto_Type) UnmarshalJSON(b []byte) error { - num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b) - if err != nil { - return err - } - *x = FieldDescriptorProto_Type(num) - return nil -} - -// Deprecated: Use FieldDescriptorProto_Type.Descriptor instead. -func (FieldDescriptorProto_Type) EnumDescriptor() ([]byte, []int) { - return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{4, 0} -} - -type FieldDescriptorProto_Label int32 - -const ( - // 0 is reserved for errors - FieldDescriptorProto_LABEL_OPTIONAL FieldDescriptorProto_Label = 1 - FieldDescriptorProto_LABEL_REQUIRED FieldDescriptorProto_Label = 2 - FieldDescriptorProto_LABEL_REPEATED FieldDescriptorProto_Label = 3 -) - -// Enum value maps for FieldDescriptorProto_Label. -var ( - FieldDescriptorProto_Label_name = map[int32]string{ - 1: "LABEL_OPTIONAL", - 2: "LABEL_REQUIRED", - 3: "LABEL_REPEATED", - } - FieldDescriptorProto_Label_value = map[string]int32{ - "LABEL_OPTIONAL": 1, - "LABEL_REQUIRED": 2, - "LABEL_REPEATED": 3, - } -) - -func (x FieldDescriptorProto_Label) Enum() *FieldDescriptorProto_Label { - p := new(FieldDescriptorProto_Label) - *p = x - return p -} - -func (x FieldDescriptorProto_Label) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (FieldDescriptorProto_Label) Descriptor() protoreflect.EnumDescriptor { - return file_google_protobuf_descriptor_proto_enumTypes[1].Descriptor() -} - -func (FieldDescriptorProto_Label) Type() protoreflect.EnumType { - return &file_google_protobuf_descriptor_proto_enumTypes[1] -} - -func (x FieldDescriptorProto_Label) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Do not use. -func (x *FieldDescriptorProto_Label) UnmarshalJSON(b []byte) error { - num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b) - if err != nil { - return err - } - *x = FieldDescriptorProto_Label(num) - return nil -} - -// Deprecated: Use FieldDescriptorProto_Label.Descriptor instead. -func (FieldDescriptorProto_Label) EnumDescriptor() ([]byte, []int) { - return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{4, 1} -} - -// Generated classes can be optimized for speed or code size. -type FileOptions_OptimizeMode int32 - -const ( - FileOptions_SPEED FileOptions_OptimizeMode = 1 // Generate complete code for parsing, serialization, - // etc. - FileOptions_CODE_SIZE FileOptions_OptimizeMode = 2 // Use ReflectionOps to implement these methods. - FileOptions_LITE_RUNTIME FileOptions_OptimizeMode = 3 // Generate code using MessageLite and the lite runtime. -) - -// Enum value maps for FileOptions_OptimizeMode. -var ( - FileOptions_OptimizeMode_name = map[int32]string{ - 1: "SPEED", - 2: "CODE_SIZE", - 3: "LITE_RUNTIME", - } - FileOptions_OptimizeMode_value = map[string]int32{ - "SPEED": 1, - "CODE_SIZE": 2, - "LITE_RUNTIME": 3, - } -) - -func (x FileOptions_OptimizeMode) Enum() *FileOptions_OptimizeMode { - p := new(FileOptions_OptimizeMode) - *p = x - return p -} - -func (x FileOptions_OptimizeMode) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (FileOptions_OptimizeMode) Descriptor() protoreflect.EnumDescriptor { - return file_google_protobuf_descriptor_proto_enumTypes[2].Descriptor() -} - -func (FileOptions_OptimizeMode) Type() protoreflect.EnumType { - return &file_google_protobuf_descriptor_proto_enumTypes[2] -} - -func (x FileOptions_OptimizeMode) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Do not use. -func (x *FileOptions_OptimizeMode) UnmarshalJSON(b []byte) error { - num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b) - if err != nil { - return err - } - *x = FileOptions_OptimizeMode(num) - return nil -} - -// Deprecated: Use FileOptions_OptimizeMode.Descriptor instead. -func (FileOptions_OptimizeMode) EnumDescriptor() ([]byte, []int) { - return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{10, 0} -} - -type FieldOptions_CType int32 - -const ( - // Default mode. - FieldOptions_STRING FieldOptions_CType = 0 - FieldOptions_CORD FieldOptions_CType = 1 - FieldOptions_STRING_PIECE FieldOptions_CType = 2 -) - -// Enum value maps for FieldOptions_CType. -var ( - FieldOptions_CType_name = map[int32]string{ - 0: "STRING", - 1: "CORD", - 2: "STRING_PIECE", - } - FieldOptions_CType_value = map[string]int32{ - "STRING": 0, - "CORD": 1, - "STRING_PIECE": 2, - } -) - -func (x FieldOptions_CType) Enum() *FieldOptions_CType { - p := new(FieldOptions_CType) - *p = x - return p -} - -func (x FieldOptions_CType) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (FieldOptions_CType) Descriptor() protoreflect.EnumDescriptor { - return file_google_protobuf_descriptor_proto_enumTypes[3].Descriptor() -} - -func (FieldOptions_CType) Type() protoreflect.EnumType { - return &file_google_protobuf_descriptor_proto_enumTypes[3] -} - -func (x FieldOptions_CType) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Do not use. -func (x *FieldOptions_CType) UnmarshalJSON(b []byte) error { - num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b) - if err != nil { - return err - } - *x = FieldOptions_CType(num) - return nil -} - -// Deprecated: Use FieldOptions_CType.Descriptor instead. -func (FieldOptions_CType) EnumDescriptor() ([]byte, []int) { - return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{12, 0} -} - -type FieldOptions_JSType int32 - -const ( - // Use the default type. - FieldOptions_JS_NORMAL FieldOptions_JSType = 0 - // Use JavaScript strings. - FieldOptions_JS_STRING FieldOptions_JSType = 1 - // Use JavaScript numbers. - FieldOptions_JS_NUMBER FieldOptions_JSType = 2 -) - -// Enum value maps for FieldOptions_JSType. -var ( - FieldOptions_JSType_name = map[int32]string{ - 0: "JS_NORMAL", - 1: "JS_STRING", - 2: "JS_NUMBER", - } - FieldOptions_JSType_value = map[string]int32{ - "JS_NORMAL": 0, - "JS_STRING": 1, - "JS_NUMBER": 2, - } -) - -func (x FieldOptions_JSType) Enum() *FieldOptions_JSType { - p := new(FieldOptions_JSType) - *p = x - return p -} - -func (x FieldOptions_JSType) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (FieldOptions_JSType) Descriptor() protoreflect.EnumDescriptor { - return file_google_protobuf_descriptor_proto_enumTypes[4].Descriptor() -} - -func (FieldOptions_JSType) Type() protoreflect.EnumType { - return &file_google_protobuf_descriptor_proto_enumTypes[4] -} - -func (x FieldOptions_JSType) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Do not use. -func (x *FieldOptions_JSType) UnmarshalJSON(b []byte) error { - num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b) - if err != nil { - return err - } - *x = FieldOptions_JSType(num) - return nil -} - -// Deprecated: Use FieldOptions_JSType.Descriptor instead. -func (FieldOptions_JSType) EnumDescriptor() ([]byte, []int) { - return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{12, 1} -} - -// Is this method side-effect-free (or safe in HTTP parlance), or idempotent, -// or neither? HTTP based RPC implementation may choose GET verb for safe -// methods, and PUT verb for idempotent methods instead of the default POST. -type MethodOptions_IdempotencyLevel int32 - -const ( - MethodOptions_IDEMPOTENCY_UNKNOWN MethodOptions_IdempotencyLevel = 0 - MethodOptions_NO_SIDE_EFFECTS MethodOptions_IdempotencyLevel = 1 // implies idempotent - MethodOptions_IDEMPOTENT MethodOptions_IdempotencyLevel = 2 // idempotent, but may have side effects -) - -// Enum value maps for MethodOptions_IdempotencyLevel. -var ( - MethodOptions_IdempotencyLevel_name = map[int32]string{ - 0: "IDEMPOTENCY_UNKNOWN", - 1: "NO_SIDE_EFFECTS", - 2: "IDEMPOTENT", - } - MethodOptions_IdempotencyLevel_value = map[string]int32{ - "IDEMPOTENCY_UNKNOWN": 0, - "NO_SIDE_EFFECTS": 1, - "IDEMPOTENT": 2, - } -) - -func (x MethodOptions_IdempotencyLevel) Enum() *MethodOptions_IdempotencyLevel { - p := new(MethodOptions_IdempotencyLevel) - *p = x - return p -} - -func (x MethodOptions_IdempotencyLevel) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (MethodOptions_IdempotencyLevel) Descriptor() protoreflect.EnumDescriptor { - return file_google_protobuf_descriptor_proto_enumTypes[5].Descriptor() -} - -func (MethodOptions_IdempotencyLevel) Type() protoreflect.EnumType { - return &file_google_protobuf_descriptor_proto_enumTypes[5] -} - -func (x MethodOptions_IdempotencyLevel) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Do not use. -func (x *MethodOptions_IdempotencyLevel) UnmarshalJSON(b []byte) error { - num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b) - if err != nil { - return err - } - *x = MethodOptions_IdempotencyLevel(num) - return nil -} - -// Deprecated: Use MethodOptions_IdempotencyLevel.Descriptor instead. -func (MethodOptions_IdempotencyLevel) EnumDescriptor() ([]byte, []int) { - return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{17, 0} -} - -// The protocol compiler can output a FileDescriptorSet containing the .proto -// files it parses. -type FileDescriptorSet struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - File []*FileDescriptorProto `protobuf:"bytes,1,rep,name=file" json:"file,omitempty"` -} - -func (x *FileDescriptorSet) Reset() { - *x = FileDescriptorSet{} - if protoimpl.UnsafeEnabled { - mi := &file_google_protobuf_descriptor_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *FileDescriptorSet) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*FileDescriptorSet) ProtoMessage() {} - -func (x *FileDescriptorSet) ProtoReflect() protoreflect.Message { - mi := &file_google_protobuf_descriptor_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use FileDescriptorSet.ProtoReflect.Descriptor instead. -func (*FileDescriptorSet) Descriptor() ([]byte, []int) { - return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{0} -} - -func (x *FileDescriptorSet) GetFile() []*FileDescriptorProto { - if x != nil { - return x.File - } - return nil -} - -// Describes a complete .proto file. -type FileDescriptorProto struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Name *string `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"` // file name, relative to root of source tree - Package *string `protobuf:"bytes,2,opt,name=package" json:"package,omitempty"` // e.g. "foo", "foo.bar", etc. - // Names of files imported by this file. - Dependency []string `protobuf:"bytes,3,rep,name=dependency" json:"dependency,omitempty"` - // Indexes of the public imported files in the dependency list above. - PublicDependency []int32 `protobuf:"varint,10,rep,name=public_dependency,json=publicDependency" json:"public_dependency,omitempty"` - // Indexes of the weak imported files in the dependency list. - // For Google-internal migration only. Do not use. - WeakDependency []int32 `protobuf:"varint,11,rep,name=weak_dependency,json=weakDependency" json:"weak_dependency,omitempty"` - // All top-level definitions in this file. - MessageType []*DescriptorProto `protobuf:"bytes,4,rep,name=message_type,json=messageType" json:"message_type,omitempty"` - EnumType []*EnumDescriptorProto `protobuf:"bytes,5,rep,name=enum_type,json=enumType" json:"enum_type,omitempty"` - Service []*ServiceDescriptorProto `protobuf:"bytes,6,rep,name=service" json:"service,omitempty"` - Extension []*FieldDescriptorProto `protobuf:"bytes,7,rep,name=extension" json:"extension,omitempty"` - Options *FileOptions `protobuf:"bytes,8,opt,name=options" json:"options,omitempty"` - // This field contains optional information about the original source code. - // You may safely remove this entire field without harming runtime - // functionality of the descriptors -- the information is needed only by - // development tools. - SourceCodeInfo *SourceCodeInfo `protobuf:"bytes,9,opt,name=source_code_info,json=sourceCodeInfo" json:"source_code_info,omitempty"` - // The syntax of the proto file. - // The supported values are "proto2" and "proto3". - Syntax *string `protobuf:"bytes,12,opt,name=syntax" json:"syntax,omitempty"` -} - -func (x *FileDescriptorProto) Reset() { - *x = FileDescriptorProto{} - if protoimpl.UnsafeEnabled { - mi := &file_google_protobuf_descriptor_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *FileDescriptorProto) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*FileDescriptorProto) ProtoMessage() {} - -func (x *FileDescriptorProto) ProtoReflect() protoreflect.Message { - mi := &file_google_protobuf_descriptor_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use FileDescriptorProto.ProtoReflect.Descriptor instead. -func (*FileDescriptorProto) Descriptor() ([]byte, []int) { - return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{1} -} - -func (x *FileDescriptorProto) GetName() string { - if x != nil && x.Name != nil { - return *x.Name - } - return "" -} - -func (x *FileDescriptorProto) GetPackage() string { - if x != nil && x.Package != nil { - return *x.Package - } - return "" -} - -func (x *FileDescriptorProto) GetDependency() []string { - if x != nil { - return x.Dependency - } - return nil -} - -func (x *FileDescriptorProto) GetPublicDependency() []int32 { - if x != nil { - return x.PublicDependency - } - return nil -} - -func (x *FileDescriptorProto) GetWeakDependency() []int32 { - if x != nil { - return x.WeakDependency - } - return nil -} - -func (x *FileDescriptorProto) GetMessageType() []*DescriptorProto { - if x != nil { - return x.MessageType - } - return nil -} - -func (x *FileDescriptorProto) GetEnumType() []*EnumDescriptorProto { - if x != nil { - return x.EnumType - } - return nil -} - -func (x *FileDescriptorProto) GetService() []*ServiceDescriptorProto { - if x != nil { - return x.Service - } - return nil -} - -func (x *FileDescriptorProto) GetExtension() []*FieldDescriptorProto { - if x != nil { - return x.Extension - } - return nil -} - -func (x *FileDescriptorProto) GetOptions() *FileOptions { - if x != nil { - return x.Options - } - return nil -} - -func (x *FileDescriptorProto) GetSourceCodeInfo() *SourceCodeInfo { - if x != nil { - return x.SourceCodeInfo - } - return nil -} - -func (x *FileDescriptorProto) GetSyntax() string { - if x != nil && x.Syntax != nil { - return *x.Syntax - } - return "" -} - -// Describes a message type. -type DescriptorProto struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Name *string `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"` - Field []*FieldDescriptorProto `protobuf:"bytes,2,rep,name=field" json:"field,omitempty"` - Extension []*FieldDescriptorProto `protobuf:"bytes,6,rep,name=extension" json:"extension,omitempty"` - NestedType []*DescriptorProto `protobuf:"bytes,3,rep,name=nested_type,json=nestedType" json:"nested_type,omitempty"` - EnumType []*EnumDescriptorProto `protobuf:"bytes,4,rep,name=enum_type,json=enumType" json:"enum_type,omitempty"` - ExtensionRange []*DescriptorProto_ExtensionRange `protobuf:"bytes,5,rep,name=extension_range,json=extensionRange" json:"extension_range,omitempty"` - OneofDecl []*OneofDescriptorProto `protobuf:"bytes,8,rep,name=oneof_decl,json=oneofDecl" json:"oneof_decl,omitempty"` - Options *MessageOptions `protobuf:"bytes,7,opt,name=options" json:"options,omitempty"` - ReservedRange []*DescriptorProto_ReservedRange `protobuf:"bytes,9,rep,name=reserved_range,json=reservedRange" json:"reserved_range,omitempty"` - // Reserved field names, which may not be used by fields in the same message. - // A given name may only be reserved once. - ReservedName []string `protobuf:"bytes,10,rep,name=reserved_name,json=reservedName" json:"reserved_name,omitempty"` -} - -func (x *DescriptorProto) Reset() { - *x = DescriptorProto{} - if protoimpl.UnsafeEnabled { - mi := &file_google_protobuf_descriptor_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *DescriptorProto) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*DescriptorProto) ProtoMessage() {} - -func (x *DescriptorProto) ProtoReflect() protoreflect.Message { - mi := &file_google_protobuf_descriptor_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use DescriptorProto.ProtoReflect.Descriptor instead. -func (*DescriptorProto) Descriptor() ([]byte, []int) { - return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{2} -} - -func (x *DescriptorProto) GetName() string { - if x != nil && x.Name != nil { - return *x.Name - } - return "" -} - -func (x *DescriptorProto) GetField() []*FieldDescriptorProto { - if x != nil { - return x.Field - } - return nil -} - -func (x *DescriptorProto) GetExtension() []*FieldDescriptorProto { - if x != nil { - return x.Extension - } - return nil -} - -func (x *DescriptorProto) GetNestedType() []*DescriptorProto { - if x != nil { - return x.NestedType - } - return nil -} - -func (x *DescriptorProto) GetEnumType() []*EnumDescriptorProto { - if x != nil { - return x.EnumType - } - return nil -} - -func (x *DescriptorProto) GetExtensionRange() []*DescriptorProto_ExtensionRange { - if x != nil { - return x.ExtensionRange - } - return nil -} - -func (x *DescriptorProto) GetOneofDecl() []*OneofDescriptorProto { - if x != nil { - return x.OneofDecl - } - return nil -} - -func (x *DescriptorProto) GetOptions() *MessageOptions { - if x != nil { - return x.Options - } - return nil -} - -func (x *DescriptorProto) GetReservedRange() []*DescriptorProto_ReservedRange { - if x != nil { - return x.ReservedRange - } - return nil -} - -func (x *DescriptorProto) GetReservedName() []string { - if x != nil { - return x.ReservedName - } - return nil -} - -type ExtensionRangeOptions struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - extensionFields protoimpl.ExtensionFields - - // The parser stores options it doesn't recognize here. See above. - UninterpretedOption []*UninterpretedOption `protobuf:"bytes,999,rep,name=uninterpreted_option,json=uninterpretedOption" json:"uninterpreted_option,omitempty"` -} - -func (x *ExtensionRangeOptions) Reset() { - *x = ExtensionRangeOptions{} - if protoimpl.UnsafeEnabled { - mi := &file_google_protobuf_descriptor_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ExtensionRangeOptions) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ExtensionRangeOptions) ProtoMessage() {} - -func (x *ExtensionRangeOptions) ProtoReflect() protoreflect.Message { - mi := &file_google_protobuf_descriptor_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ExtensionRangeOptions.ProtoReflect.Descriptor instead. -func (*ExtensionRangeOptions) Descriptor() ([]byte, []int) { - return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{3} -} - -func (x *ExtensionRangeOptions) GetUninterpretedOption() []*UninterpretedOption { - if x != nil { - return x.UninterpretedOption - } - return nil -} - -// Describes a field within a message. -type FieldDescriptorProto struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Name *string `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"` - Number *int32 `protobuf:"varint,3,opt,name=number" json:"number,omitempty"` - Label *FieldDescriptorProto_Label `protobuf:"varint,4,opt,name=label,enum=google.protobuf.FieldDescriptorProto_Label" json:"label,omitempty"` - // If type_name is set, this need not be set. If both this and type_name - // are set, this must be one of TYPE_ENUM, TYPE_MESSAGE or TYPE_GROUP. - Type *FieldDescriptorProto_Type `protobuf:"varint,5,opt,name=type,enum=google.protobuf.FieldDescriptorProto_Type" json:"type,omitempty"` - // For message and enum types, this is the name of the type. If the name - // starts with a '.', it is fully-qualified. Otherwise, C++-like scoping - // rules are used to find the type (i.e. first the nested types within this - // message are searched, then within the parent, on up to the root - // namespace). - TypeName *string `protobuf:"bytes,6,opt,name=type_name,json=typeName" json:"type_name,omitempty"` - // For extensions, this is the name of the type being extended. It is - // resolved in the same manner as type_name. - Extendee *string `protobuf:"bytes,2,opt,name=extendee" json:"extendee,omitempty"` - // For numeric types, contains the original text representation of the value. - // For booleans, "true" or "false". - // For strings, contains the default text contents (not escaped in any way). - // For bytes, contains the C escaped value. All bytes >= 128 are escaped. - // TODO(kenton): Base-64 encode? - DefaultValue *string `protobuf:"bytes,7,opt,name=default_value,json=defaultValue" json:"default_value,omitempty"` - // If set, gives the index of a oneof in the containing type's oneof_decl - // list. This field is a member of that oneof. - OneofIndex *int32 `protobuf:"varint,9,opt,name=oneof_index,json=oneofIndex" json:"oneof_index,omitempty"` - // JSON name of this field. The value is set by protocol compiler. If the - // user has set a "json_name" option on this field, that option's value - // will be used. Otherwise, it's deduced from the field's name by converting - // it to camelCase. - JsonName *string `protobuf:"bytes,10,opt,name=json_name,json=jsonName" json:"json_name,omitempty"` - Options *FieldOptions `protobuf:"bytes,8,opt,name=options" json:"options,omitempty"` - // If true, this is a proto3 "optional". When a proto3 field is optional, it - // tracks presence regardless of field type. - // - // When proto3_optional is true, this field must be belong to a oneof to - // signal to old proto3 clients that presence is tracked for this field. This - // oneof is known as a "synthetic" oneof, and this field must be its sole - // member (each proto3 optional field gets its own synthetic oneof). Synthetic - // oneofs exist in the descriptor only, and do not generate any API. Synthetic - // oneofs must be ordered after all "real" oneofs. - // - // For message fields, proto3_optional doesn't create any semantic change, - // since non-repeated message fields always track presence. However it still - // indicates the semantic detail of whether the user wrote "optional" or not. - // This can be useful for round-tripping the .proto file. For consistency we - // give message fields a synthetic oneof also, even though it is not required - // to track presence. This is especially important because the parser can't - // tell if a field is a message or an enum, so it must always create a - // synthetic oneof. - // - // Proto2 optional fields do not set this flag, because they already indicate - // optional with `LABEL_OPTIONAL`. - Proto3Optional *bool `protobuf:"varint,17,opt,name=proto3_optional,json=proto3Optional" json:"proto3_optional,omitempty"` -} - -func (x *FieldDescriptorProto) Reset() { - *x = FieldDescriptorProto{} - if protoimpl.UnsafeEnabled { - mi := &file_google_protobuf_descriptor_proto_msgTypes[4] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *FieldDescriptorProto) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*FieldDescriptorProto) ProtoMessage() {} - -func (x *FieldDescriptorProto) ProtoReflect() protoreflect.Message { - mi := &file_google_protobuf_descriptor_proto_msgTypes[4] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use FieldDescriptorProto.ProtoReflect.Descriptor instead. -func (*FieldDescriptorProto) Descriptor() ([]byte, []int) { - return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{4} -} - -func (x *FieldDescriptorProto) GetName() string { - if x != nil && x.Name != nil { - return *x.Name - } - return "" -} - -func (x *FieldDescriptorProto) GetNumber() int32 { - if x != nil && x.Number != nil { - return *x.Number - } - return 0 -} - -func (x *FieldDescriptorProto) GetLabel() FieldDescriptorProto_Label { - if x != nil && x.Label != nil { - return *x.Label - } - return FieldDescriptorProto_LABEL_OPTIONAL -} - -func (x *FieldDescriptorProto) GetType() FieldDescriptorProto_Type { - if x != nil && x.Type != nil { - return *x.Type - } - return FieldDescriptorProto_TYPE_DOUBLE -} - -func (x *FieldDescriptorProto) GetTypeName() string { - if x != nil && x.TypeName != nil { - return *x.TypeName - } - return "" -} - -func (x *FieldDescriptorProto) GetExtendee() string { - if x != nil && x.Extendee != nil { - return *x.Extendee - } - return "" -} - -func (x *FieldDescriptorProto) GetDefaultValue() string { - if x != nil && x.DefaultValue != nil { - return *x.DefaultValue - } - return "" -} - -func (x *FieldDescriptorProto) GetOneofIndex() int32 { - if x != nil && x.OneofIndex != nil { - return *x.OneofIndex - } - return 0 -} - -func (x *FieldDescriptorProto) GetJsonName() string { - if x != nil && x.JsonName != nil { - return *x.JsonName - } - return "" -} - -func (x *FieldDescriptorProto) GetOptions() *FieldOptions { - if x != nil { - return x.Options - } - return nil -} - -func (x *FieldDescriptorProto) GetProto3Optional() bool { - if x != nil && x.Proto3Optional != nil { - return *x.Proto3Optional - } - return false -} - -// Describes a oneof. -type OneofDescriptorProto struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Name *string `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"` - Options *OneofOptions `protobuf:"bytes,2,opt,name=options" json:"options,omitempty"` -} - -func (x *OneofDescriptorProto) Reset() { - *x = OneofDescriptorProto{} - if protoimpl.UnsafeEnabled { - mi := &file_google_protobuf_descriptor_proto_msgTypes[5] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *OneofDescriptorProto) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*OneofDescriptorProto) ProtoMessage() {} - -func (x *OneofDescriptorProto) ProtoReflect() protoreflect.Message { - mi := &file_google_protobuf_descriptor_proto_msgTypes[5] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use OneofDescriptorProto.ProtoReflect.Descriptor instead. -func (*OneofDescriptorProto) Descriptor() ([]byte, []int) { - return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{5} -} - -func (x *OneofDescriptorProto) GetName() string { - if x != nil && x.Name != nil { - return *x.Name - } - return "" -} - -func (x *OneofDescriptorProto) GetOptions() *OneofOptions { - if x != nil { - return x.Options - } - return nil -} - -// Describes an enum type. -type EnumDescriptorProto struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Name *string `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"` - Value []*EnumValueDescriptorProto `protobuf:"bytes,2,rep,name=value" json:"value,omitempty"` - Options *EnumOptions `protobuf:"bytes,3,opt,name=options" json:"options,omitempty"` - // Range of reserved numeric values. Reserved numeric values may not be used - // by enum values in the same enum declaration. Reserved ranges may not - // overlap. - ReservedRange []*EnumDescriptorProto_EnumReservedRange `protobuf:"bytes,4,rep,name=reserved_range,json=reservedRange" json:"reserved_range,omitempty"` - // Reserved enum value names, which may not be reused. A given name may only - // be reserved once. - ReservedName []string `protobuf:"bytes,5,rep,name=reserved_name,json=reservedName" json:"reserved_name,omitempty"` -} - -func (x *EnumDescriptorProto) Reset() { - *x = EnumDescriptorProto{} - if protoimpl.UnsafeEnabled { - mi := &file_google_protobuf_descriptor_proto_msgTypes[6] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *EnumDescriptorProto) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*EnumDescriptorProto) ProtoMessage() {} - -func (x *EnumDescriptorProto) ProtoReflect() protoreflect.Message { - mi := &file_google_protobuf_descriptor_proto_msgTypes[6] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use EnumDescriptorProto.ProtoReflect.Descriptor instead. -func (*EnumDescriptorProto) Descriptor() ([]byte, []int) { - return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{6} -} - -func (x *EnumDescriptorProto) GetName() string { - if x != nil && x.Name != nil { - return *x.Name - } - return "" -} - -func (x *EnumDescriptorProto) GetValue() []*EnumValueDescriptorProto { - if x != nil { - return x.Value - } - return nil -} - -func (x *EnumDescriptorProto) GetOptions() *EnumOptions { - if x != nil { - return x.Options - } - return nil -} - -func (x *EnumDescriptorProto) GetReservedRange() []*EnumDescriptorProto_EnumReservedRange { - if x != nil { - return x.ReservedRange - } - return nil -} - -func (x *EnumDescriptorProto) GetReservedName() []string { - if x != nil { - return x.ReservedName - } - return nil -} - -// Describes a value within an enum. -type EnumValueDescriptorProto struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Name *string `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"` - Number *int32 `protobuf:"varint,2,opt,name=number" json:"number,omitempty"` - Options *EnumValueOptions `protobuf:"bytes,3,opt,name=options" json:"options,omitempty"` -} - -func (x *EnumValueDescriptorProto) Reset() { - *x = EnumValueDescriptorProto{} - if protoimpl.UnsafeEnabled { - mi := &file_google_protobuf_descriptor_proto_msgTypes[7] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *EnumValueDescriptorProto) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*EnumValueDescriptorProto) ProtoMessage() {} - -func (x *EnumValueDescriptorProto) ProtoReflect() protoreflect.Message { - mi := &file_google_protobuf_descriptor_proto_msgTypes[7] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use EnumValueDescriptorProto.ProtoReflect.Descriptor instead. -func (*EnumValueDescriptorProto) Descriptor() ([]byte, []int) { - return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{7} -} - -func (x *EnumValueDescriptorProto) GetName() string { - if x != nil && x.Name != nil { - return *x.Name - } - return "" -} - -func (x *EnumValueDescriptorProto) GetNumber() int32 { - if x != nil && x.Number != nil { - return *x.Number - } - return 0 -} - -func (x *EnumValueDescriptorProto) GetOptions() *EnumValueOptions { - if x != nil { - return x.Options - } - return nil -} - -// Describes a service. -type ServiceDescriptorProto struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Name *string `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"` - Method []*MethodDescriptorProto `protobuf:"bytes,2,rep,name=method" json:"method,omitempty"` - Options *ServiceOptions `protobuf:"bytes,3,opt,name=options" json:"options,omitempty"` -} - -func (x *ServiceDescriptorProto) Reset() { - *x = ServiceDescriptorProto{} - if protoimpl.UnsafeEnabled { - mi := &file_google_protobuf_descriptor_proto_msgTypes[8] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ServiceDescriptorProto) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ServiceDescriptorProto) ProtoMessage() {} - -func (x *ServiceDescriptorProto) ProtoReflect() protoreflect.Message { - mi := &file_google_protobuf_descriptor_proto_msgTypes[8] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ServiceDescriptorProto.ProtoReflect.Descriptor instead. -func (*ServiceDescriptorProto) Descriptor() ([]byte, []int) { - return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{8} -} - -func (x *ServiceDescriptorProto) GetName() string { - if x != nil && x.Name != nil { - return *x.Name - } - return "" -} - -func (x *ServiceDescriptorProto) GetMethod() []*MethodDescriptorProto { - if x != nil { - return x.Method - } - return nil -} - -func (x *ServiceDescriptorProto) GetOptions() *ServiceOptions { - if x != nil { - return x.Options - } - return nil -} - -// Describes a method of a service. -type MethodDescriptorProto struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Name *string `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"` - // Input and output type names. These are resolved in the same way as - // FieldDescriptorProto.type_name, but must refer to a message type. - InputType *string `protobuf:"bytes,2,opt,name=input_type,json=inputType" json:"input_type,omitempty"` - OutputType *string `protobuf:"bytes,3,opt,name=output_type,json=outputType" json:"output_type,omitempty"` - Options *MethodOptions `protobuf:"bytes,4,opt,name=options" json:"options,omitempty"` - // Identifies if client streams multiple client messages - ClientStreaming *bool `protobuf:"varint,5,opt,name=client_streaming,json=clientStreaming,def=0" json:"client_streaming,omitempty"` - // Identifies if server streams multiple server messages - ServerStreaming *bool `protobuf:"varint,6,opt,name=server_streaming,json=serverStreaming,def=0" json:"server_streaming,omitempty"` -} - -// Default values for MethodDescriptorProto fields. -const ( - Default_MethodDescriptorProto_ClientStreaming = bool(false) - Default_MethodDescriptorProto_ServerStreaming = bool(false) -) - -func (x *MethodDescriptorProto) Reset() { - *x = MethodDescriptorProto{} - if protoimpl.UnsafeEnabled { - mi := &file_google_protobuf_descriptor_proto_msgTypes[9] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *MethodDescriptorProto) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*MethodDescriptorProto) ProtoMessage() {} - -func (x *MethodDescriptorProto) ProtoReflect() protoreflect.Message { - mi := &file_google_protobuf_descriptor_proto_msgTypes[9] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use MethodDescriptorProto.ProtoReflect.Descriptor instead. -func (*MethodDescriptorProto) Descriptor() ([]byte, []int) { - return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{9} -} - -func (x *MethodDescriptorProto) GetName() string { - if x != nil && x.Name != nil { - return *x.Name - } - return "" -} - -func (x *MethodDescriptorProto) GetInputType() string { - if x != nil && x.InputType != nil { - return *x.InputType - } - return "" -} - -func (x *MethodDescriptorProto) GetOutputType() string { - if x != nil && x.OutputType != nil { - return *x.OutputType - } - return "" -} - -func (x *MethodDescriptorProto) GetOptions() *MethodOptions { - if x != nil { - return x.Options - } - return nil -} - -func (x *MethodDescriptorProto) GetClientStreaming() bool { - if x != nil && x.ClientStreaming != nil { - return *x.ClientStreaming - } - return Default_MethodDescriptorProto_ClientStreaming -} - -func (x *MethodDescriptorProto) GetServerStreaming() bool { - if x != nil && x.ServerStreaming != nil { - return *x.ServerStreaming - } - return Default_MethodDescriptorProto_ServerStreaming -} - -type FileOptions struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - extensionFields protoimpl.ExtensionFields - - // Sets the Java package where classes generated from this .proto will be - // placed. By default, the proto package is used, but this is often - // inappropriate because proto packages do not normally start with backwards - // domain names. - JavaPackage *string `protobuf:"bytes,1,opt,name=java_package,json=javaPackage" json:"java_package,omitempty"` - // If set, all the classes from the .proto file are wrapped in a single - // outer class with the given name. This applies to both Proto1 - // (equivalent to the old "--one_java_file" option) and Proto2 (where - // a .proto always translates to a single class, but you may want to - // explicitly choose the class name). - JavaOuterClassname *string `protobuf:"bytes,8,opt,name=java_outer_classname,json=javaOuterClassname" json:"java_outer_classname,omitempty"` - // If set true, then the Java code generator will generate a separate .java - // file for each top-level message, enum, and service defined in the .proto - // file. Thus, these types will *not* be nested inside the outer class - // named by java_outer_classname. However, the outer class will still be - // generated to contain the file's getDescriptor() method as well as any - // top-level extensions defined in the file. - JavaMultipleFiles *bool `protobuf:"varint,10,opt,name=java_multiple_files,json=javaMultipleFiles,def=0" json:"java_multiple_files,omitempty"` - // This option does nothing. - // - // Deprecated: Do not use. - JavaGenerateEqualsAndHash *bool `protobuf:"varint,20,opt,name=java_generate_equals_and_hash,json=javaGenerateEqualsAndHash" json:"java_generate_equals_and_hash,omitempty"` - // If set true, then the Java2 code generator will generate code that - // throws an exception whenever an attempt is made to assign a non-UTF-8 - // byte sequence to a string field. - // Message reflection will do the same. - // However, an extension field still accepts non-UTF-8 byte sequences. - // This option has no effect on when used with the lite runtime. - JavaStringCheckUtf8 *bool `protobuf:"varint,27,opt,name=java_string_check_utf8,json=javaStringCheckUtf8,def=0" json:"java_string_check_utf8,omitempty"` - OptimizeFor *FileOptions_OptimizeMode `protobuf:"varint,9,opt,name=optimize_for,json=optimizeFor,enum=google.protobuf.FileOptions_OptimizeMode,def=1" json:"optimize_for,omitempty"` - // Sets the Go package where structs generated from this .proto will be - // placed. If omitted, the Go package will be derived from the following: - // - The basename of the package import path, if provided. - // - Otherwise, the package statement in the .proto file, if present. - // - Otherwise, the basename of the .proto file, without extension. - GoPackage *string `protobuf:"bytes,11,opt,name=go_package,json=goPackage" json:"go_package,omitempty"` - // Should generic services be generated in each language? "Generic" services - // are not specific to any particular RPC system. They are generated by the - // main code generators in each language (without additional plugins). - // Generic services were the only kind of service generation supported by - // early versions of google.protobuf. - // - // Generic services are now considered deprecated in favor of using plugins - // that generate code specific to your particular RPC system. Therefore, - // these default to false. Old code which depends on generic services should - // explicitly set them to true. - CcGenericServices *bool `protobuf:"varint,16,opt,name=cc_generic_services,json=ccGenericServices,def=0" json:"cc_generic_services,omitempty"` - JavaGenericServices *bool `protobuf:"varint,17,opt,name=java_generic_services,json=javaGenericServices,def=0" json:"java_generic_services,omitempty"` - PyGenericServices *bool `protobuf:"varint,18,opt,name=py_generic_services,json=pyGenericServices,def=0" json:"py_generic_services,omitempty"` - PhpGenericServices *bool `protobuf:"varint,42,opt,name=php_generic_services,json=phpGenericServices,def=0" json:"php_generic_services,omitempty"` - // Is this file deprecated? - // Depending on the target platform, this can emit Deprecated annotations - // for everything in the file, or it will be completely ignored; in the very - // least, this is a formalization for deprecating files. - Deprecated *bool `protobuf:"varint,23,opt,name=deprecated,def=0" json:"deprecated,omitempty"` - // Enables the use of arenas for the proto messages in this file. This applies - // only to generated classes for C++. - CcEnableArenas *bool `protobuf:"varint,31,opt,name=cc_enable_arenas,json=ccEnableArenas,def=1" json:"cc_enable_arenas,omitempty"` - // Sets the objective c class prefix which is prepended to all objective c - // generated classes from this .proto. There is no default. - ObjcClassPrefix *string `protobuf:"bytes,36,opt,name=objc_class_prefix,json=objcClassPrefix" json:"objc_class_prefix,omitempty"` - // Namespace for generated classes; defaults to the package. - CsharpNamespace *string `protobuf:"bytes,37,opt,name=csharp_namespace,json=csharpNamespace" json:"csharp_namespace,omitempty"` - // By default Swift generators will take the proto package and CamelCase it - // replacing '.' with underscore and use that to prefix the types/symbols - // defined. When this options is provided, they will use this value instead - // to prefix the types/symbols defined. - SwiftPrefix *string `protobuf:"bytes,39,opt,name=swift_prefix,json=swiftPrefix" json:"swift_prefix,omitempty"` - // Sets the php class prefix which is prepended to all php generated classes - // from this .proto. Default is empty. - PhpClassPrefix *string `protobuf:"bytes,40,opt,name=php_class_prefix,json=phpClassPrefix" json:"php_class_prefix,omitempty"` - // Use this option to change the namespace of php generated classes. Default - // is empty. When this option is empty, the package name will be used for - // determining the namespace. - PhpNamespace *string `protobuf:"bytes,41,opt,name=php_namespace,json=phpNamespace" json:"php_namespace,omitempty"` - // Use this option to change the namespace of php generated metadata classes. - // Default is empty. When this option is empty, the proto file name will be - // used for determining the namespace. - PhpMetadataNamespace *string `protobuf:"bytes,44,opt,name=php_metadata_namespace,json=phpMetadataNamespace" json:"php_metadata_namespace,omitempty"` - // Use this option to change the package of ruby generated classes. Default - // is empty. When this option is not set, the package name will be used for - // determining the ruby package. - RubyPackage *string `protobuf:"bytes,45,opt,name=ruby_package,json=rubyPackage" json:"ruby_package,omitempty"` - // The parser stores options it doesn't recognize here. - // See the documentation for the "Options" section above. - UninterpretedOption []*UninterpretedOption `protobuf:"bytes,999,rep,name=uninterpreted_option,json=uninterpretedOption" json:"uninterpreted_option,omitempty"` -} - -// Default values for FileOptions fields. -const ( - Default_FileOptions_JavaMultipleFiles = bool(false) - Default_FileOptions_JavaStringCheckUtf8 = bool(false) - Default_FileOptions_OptimizeFor = FileOptions_SPEED - Default_FileOptions_CcGenericServices = bool(false) - Default_FileOptions_JavaGenericServices = bool(false) - Default_FileOptions_PyGenericServices = bool(false) - Default_FileOptions_PhpGenericServices = bool(false) - Default_FileOptions_Deprecated = bool(false) - Default_FileOptions_CcEnableArenas = bool(true) -) - -func (x *FileOptions) Reset() { - *x = FileOptions{} - if protoimpl.UnsafeEnabled { - mi := &file_google_protobuf_descriptor_proto_msgTypes[10] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *FileOptions) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*FileOptions) ProtoMessage() {} - -func (x *FileOptions) ProtoReflect() protoreflect.Message { - mi := &file_google_protobuf_descriptor_proto_msgTypes[10] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use FileOptions.ProtoReflect.Descriptor instead. -func (*FileOptions) Descriptor() ([]byte, []int) { - return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{10} -} - -func (x *FileOptions) GetJavaPackage() string { - if x != nil && x.JavaPackage != nil { - return *x.JavaPackage - } - return "" -} - -func (x *FileOptions) GetJavaOuterClassname() string { - if x != nil && x.JavaOuterClassname != nil { - return *x.JavaOuterClassname - } - return "" -} - -func (x *FileOptions) GetJavaMultipleFiles() bool { - if x != nil && x.JavaMultipleFiles != nil { - return *x.JavaMultipleFiles - } - return Default_FileOptions_JavaMultipleFiles -} - -// Deprecated: Do not use. -func (x *FileOptions) GetJavaGenerateEqualsAndHash() bool { - if x != nil && x.JavaGenerateEqualsAndHash != nil { - return *x.JavaGenerateEqualsAndHash - } - return false -} - -func (x *FileOptions) GetJavaStringCheckUtf8() bool { - if x != nil && x.JavaStringCheckUtf8 != nil { - return *x.JavaStringCheckUtf8 - } - return Default_FileOptions_JavaStringCheckUtf8 -} - -func (x *FileOptions) GetOptimizeFor() FileOptions_OptimizeMode { - if x != nil && x.OptimizeFor != nil { - return *x.OptimizeFor - } - return Default_FileOptions_OptimizeFor -} - -func (x *FileOptions) GetGoPackage() string { - if x != nil && x.GoPackage != nil { - return *x.GoPackage - } - return "" -} - -func (x *FileOptions) GetCcGenericServices() bool { - if x != nil && x.CcGenericServices != nil { - return *x.CcGenericServices - } - return Default_FileOptions_CcGenericServices -} - -func (x *FileOptions) GetJavaGenericServices() bool { - if x != nil && x.JavaGenericServices != nil { - return *x.JavaGenericServices - } - return Default_FileOptions_JavaGenericServices -} - -func (x *FileOptions) GetPyGenericServices() bool { - if x != nil && x.PyGenericServices != nil { - return *x.PyGenericServices - } - return Default_FileOptions_PyGenericServices -} - -func (x *FileOptions) GetPhpGenericServices() bool { - if x != nil && x.PhpGenericServices != nil { - return *x.PhpGenericServices - } - return Default_FileOptions_PhpGenericServices -} - -func (x *FileOptions) GetDeprecated() bool { - if x != nil && x.Deprecated != nil { - return *x.Deprecated - } - return Default_FileOptions_Deprecated -} - -func (x *FileOptions) GetCcEnableArenas() bool { - if x != nil && x.CcEnableArenas != nil { - return *x.CcEnableArenas - } - return Default_FileOptions_CcEnableArenas -} - -func (x *FileOptions) GetObjcClassPrefix() string { - if x != nil && x.ObjcClassPrefix != nil { - return *x.ObjcClassPrefix - } - return "" -} - -func (x *FileOptions) GetCsharpNamespace() string { - if x != nil && x.CsharpNamespace != nil { - return *x.CsharpNamespace - } - return "" -} - -func (x *FileOptions) GetSwiftPrefix() string { - if x != nil && x.SwiftPrefix != nil { - return *x.SwiftPrefix - } - return "" -} - -func (x *FileOptions) GetPhpClassPrefix() string { - if x != nil && x.PhpClassPrefix != nil { - return *x.PhpClassPrefix - } - return "" -} - -func (x *FileOptions) GetPhpNamespace() string { - if x != nil && x.PhpNamespace != nil { - return *x.PhpNamespace - } - return "" -} - -func (x *FileOptions) GetPhpMetadataNamespace() string { - if x != nil && x.PhpMetadataNamespace != nil { - return *x.PhpMetadataNamespace - } - return "" -} - -func (x *FileOptions) GetRubyPackage() string { - if x != nil && x.RubyPackage != nil { - return *x.RubyPackage - } - return "" -} - -func (x *FileOptions) GetUninterpretedOption() []*UninterpretedOption { - if x != nil { - return x.UninterpretedOption - } - return nil -} - -type MessageOptions struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - extensionFields protoimpl.ExtensionFields - - // Set true to use the old proto1 MessageSet wire format for extensions. - // This is provided for backwards-compatibility with the MessageSet wire - // format. You should not use this for any other reason: It's less - // efficient, has fewer features, and is more complicated. - // - // The message must be defined exactly as follows: - // message Foo { - // option message_set_wire_format = true; - // extensions 4 to max; - // } - // Note that the message cannot have any defined fields; MessageSets only - // have extensions. - // - // All extensions of your type must be singular messages; e.g. they cannot - // be int32s, enums, or repeated messages. - // - // Because this is an option, the above two restrictions are not enforced by - // the protocol compiler. - MessageSetWireFormat *bool `protobuf:"varint,1,opt,name=message_set_wire_format,json=messageSetWireFormat,def=0" json:"message_set_wire_format,omitempty"` - // Disables the generation of the standard "descriptor()" accessor, which can - // conflict with a field of the same name. This is meant to make migration - // from proto1 easier; new code should avoid fields named "descriptor". - NoStandardDescriptorAccessor *bool `protobuf:"varint,2,opt,name=no_standard_descriptor_accessor,json=noStandardDescriptorAccessor,def=0" json:"no_standard_descriptor_accessor,omitempty"` - // Is this message deprecated? - // Depending on the target platform, this can emit Deprecated annotations - // for the message, or it will be completely ignored; in the very least, - // this is a formalization for deprecating messages. - Deprecated *bool `protobuf:"varint,3,opt,name=deprecated,def=0" json:"deprecated,omitempty"` - // Whether the message is an automatically generated map entry type for the - // maps field. - // - // For maps fields: - // map map_field = 1; - // The parsed descriptor looks like: - // message MapFieldEntry { - // option map_entry = true; - // optional KeyType key = 1; - // optional ValueType value = 2; - // } - // repeated MapFieldEntry map_field = 1; - // - // Implementations may choose not to generate the map_entry=true message, but - // use a native map in the target language to hold the keys and values. - // The reflection APIs in such implementations still need to work as - // if the field is a repeated message field. - // - // NOTE: Do not set the option in .proto files. Always use the maps syntax - // instead. The option should only be implicitly set by the proto compiler - // parser. - MapEntry *bool `protobuf:"varint,7,opt,name=map_entry,json=mapEntry" json:"map_entry,omitempty"` - // The parser stores options it doesn't recognize here. See above. - UninterpretedOption []*UninterpretedOption `protobuf:"bytes,999,rep,name=uninterpreted_option,json=uninterpretedOption" json:"uninterpreted_option,omitempty"` -} - -// Default values for MessageOptions fields. -const ( - Default_MessageOptions_MessageSetWireFormat = bool(false) - Default_MessageOptions_NoStandardDescriptorAccessor = bool(false) - Default_MessageOptions_Deprecated = bool(false) -) - -func (x *MessageOptions) Reset() { - *x = MessageOptions{} - if protoimpl.UnsafeEnabled { - mi := &file_google_protobuf_descriptor_proto_msgTypes[11] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *MessageOptions) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*MessageOptions) ProtoMessage() {} - -func (x *MessageOptions) ProtoReflect() protoreflect.Message { - mi := &file_google_protobuf_descriptor_proto_msgTypes[11] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use MessageOptions.ProtoReflect.Descriptor instead. -func (*MessageOptions) Descriptor() ([]byte, []int) { - return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{11} -} - -func (x *MessageOptions) GetMessageSetWireFormat() bool { - if x != nil && x.MessageSetWireFormat != nil { - return *x.MessageSetWireFormat - } - return Default_MessageOptions_MessageSetWireFormat -} - -func (x *MessageOptions) GetNoStandardDescriptorAccessor() bool { - if x != nil && x.NoStandardDescriptorAccessor != nil { - return *x.NoStandardDescriptorAccessor - } - return Default_MessageOptions_NoStandardDescriptorAccessor -} - -func (x *MessageOptions) GetDeprecated() bool { - if x != nil && x.Deprecated != nil { - return *x.Deprecated - } - return Default_MessageOptions_Deprecated -} - -func (x *MessageOptions) GetMapEntry() bool { - if x != nil && x.MapEntry != nil { - return *x.MapEntry - } - return false -} - -func (x *MessageOptions) GetUninterpretedOption() []*UninterpretedOption { - if x != nil { - return x.UninterpretedOption - } - return nil -} - -type FieldOptions struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - extensionFields protoimpl.ExtensionFields - - // The ctype option instructs the C++ code generator to use a different - // representation of the field than it normally would. See the specific - // options below. This option is not yet implemented in the open source - // release -- sorry, we'll try to include it in a future version! - Ctype *FieldOptions_CType `protobuf:"varint,1,opt,name=ctype,enum=google.protobuf.FieldOptions_CType,def=0" json:"ctype,omitempty"` - // The packed option can be enabled for repeated primitive fields to enable - // a more efficient representation on the wire. Rather than repeatedly - // writing the tag and type for each element, the entire array is encoded as - // a single length-delimited blob. In proto3, only explicit setting it to - // false will avoid using packed encoding. - Packed *bool `protobuf:"varint,2,opt,name=packed" json:"packed,omitempty"` - // The jstype option determines the JavaScript type used for values of the - // field. The option is permitted only for 64 bit integral and fixed types - // (int64, uint64, sint64, fixed64, sfixed64). A field with jstype JS_STRING - // is represented as JavaScript string, which avoids loss of precision that - // can happen when a large value is converted to a floating point JavaScript. - // Specifying JS_NUMBER for the jstype causes the generated JavaScript code to - // use the JavaScript "number" type. The behavior of the default option - // JS_NORMAL is implementation dependent. - // - // This option is an enum to permit additional types to be added, e.g. - // goog.math.Integer. - Jstype *FieldOptions_JSType `protobuf:"varint,6,opt,name=jstype,enum=google.protobuf.FieldOptions_JSType,def=0" json:"jstype,omitempty"` - // Should this field be parsed lazily? Lazy applies only to message-type - // fields. It means that when the outer message is initially parsed, the - // inner message's contents will not be parsed but instead stored in encoded - // form. The inner message will actually be parsed when it is first accessed. - // - // This is only a hint. Implementations are free to choose whether to use - // eager or lazy parsing regardless of the value of this option. However, - // setting this option true suggests that the protocol author believes that - // using lazy parsing on this field is worth the additional bookkeeping - // overhead typically needed to implement it. - // - // This option does not affect the public interface of any generated code; - // all method signatures remain the same. Furthermore, thread-safety of the - // interface is not affected by this option; const methods remain safe to - // call from multiple threads concurrently, while non-const methods continue - // to require exclusive access. - // - // - // Note that implementations may choose not to check required fields within - // a lazy sub-message. That is, calling IsInitialized() on the outer message - // may return true even if the inner message has missing required fields. - // This is necessary because otherwise the inner message would have to be - // parsed in order to perform the check, defeating the purpose of lazy - // parsing. An implementation which chooses not to check required fields - // must be consistent about it. That is, for any particular sub-message, the - // implementation must either *always* check its required fields, or *never* - // check its required fields, regardless of whether or not the message has - // been parsed. - Lazy *bool `protobuf:"varint,5,opt,name=lazy,def=0" json:"lazy,omitempty"` - // Is this field deprecated? - // Depending on the target platform, this can emit Deprecated annotations - // for accessors, or it will be completely ignored; in the very least, this - // is a formalization for deprecating fields. - Deprecated *bool `protobuf:"varint,3,opt,name=deprecated,def=0" json:"deprecated,omitempty"` - // For Google-internal migration only. Do not use. - Weak *bool `protobuf:"varint,10,opt,name=weak,def=0" json:"weak,omitempty"` - // The parser stores options it doesn't recognize here. See above. - UninterpretedOption []*UninterpretedOption `protobuf:"bytes,999,rep,name=uninterpreted_option,json=uninterpretedOption" json:"uninterpreted_option,omitempty"` -} - -// Default values for FieldOptions fields. -const ( - Default_FieldOptions_Ctype = FieldOptions_STRING - Default_FieldOptions_Jstype = FieldOptions_JS_NORMAL - Default_FieldOptions_Lazy = bool(false) - Default_FieldOptions_Deprecated = bool(false) - Default_FieldOptions_Weak = bool(false) -) - -func (x *FieldOptions) Reset() { - *x = FieldOptions{} - if protoimpl.UnsafeEnabled { - mi := &file_google_protobuf_descriptor_proto_msgTypes[12] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *FieldOptions) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*FieldOptions) ProtoMessage() {} - -func (x *FieldOptions) ProtoReflect() protoreflect.Message { - mi := &file_google_protobuf_descriptor_proto_msgTypes[12] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use FieldOptions.ProtoReflect.Descriptor instead. -func (*FieldOptions) Descriptor() ([]byte, []int) { - return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{12} -} - -func (x *FieldOptions) GetCtype() FieldOptions_CType { - if x != nil && x.Ctype != nil { - return *x.Ctype - } - return Default_FieldOptions_Ctype -} - -func (x *FieldOptions) GetPacked() bool { - if x != nil && x.Packed != nil { - return *x.Packed - } - return false -} - -func (x *FieldOptions) GetJstype() FieldOptions_JSType { - if x != nil && x.Jstype != nil { - return *x.Jstype - } - return Default_FieldOptions_Jstype -} - -func (x *FieldOptions) GetLazy() bool { - if x != nil && x.Lazy != nil { - return *x.Lazy - } - return Default_FieldOptions_Lazy -} - -func (x *FieldOptions) GetDeprecated() bool { - if x != nil && x.Deprecated != nil { - return *x.Deprecated - } - return Default_FieldOptions_Deprecated -} - -func (x *FieldOptions) GetWeak() bool { - if x != nil && x.Weak != nil { - return *x.Weak - } - return Default_FieldOptions_Weak -} - -func (x *FieldOptions) GetUninterpretedOption() []*UninterpretedOption { - if x != nil { - return x.UninterpretedOption - } - return nil -} - -type OneofOptions struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - extensionFields protoimpl.ExtensionFields - - // The parser stores options it doesn't recognize here. See above. - UninterpretedOption []*UninterpretedOption `protobuf:"bytes,999,rep,name=uninterpreted_option,json=uninterpretedOption" json:"uninterpreted_option,omitempty"` -} - -func (x *OneofOptions) Reset() { - *x = OneofOptions{} - if protoimpl.UnsafeEnabled { - mi := &file_google_protobuf_descriptor_proto_msgTypes[13] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *OneofOptions) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*OneofOptions) ProtoMessage() {} - -func (x *OneofOptions) ProtoReflect() protoreflect.Message { - mi := &file_google_protobuf_descriptor_proto_msgTypes[13] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use OneofOptions.ProtoReflect.Descriptor instead. -func (*OneofOptions) Descriptor() ([]byte, []int) { - return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{13} -} - -func (x *OneofOptions) GetUninterpretedOption() []*UninterpretedOption { - if x != nil { - return x.UninterpretedOption - } - return nil -} - -type EnumOptions struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - extensionFields protoimpl.ExtensionFields - - // Set this option to true to allow mapping different tag names to the same - // value. - AllowAlias *bool `protobuf:"varint,2,opt,name=allow_alias,json=allowAlias" json:"allow_alias,omitempty"` - // Is this enum deprecated? - // Depending on the target platform, this can emit Deprecated annotations - // for the enum, or it will be completely ignored; in the very least, this - // is a formalization for deprecating enums. - Deprecated *bool `protobuf:"varint,3,opt,name=deprecated,def=0" json:"deprecated,omitempty"` - // The parser stores options it doesn't recognize here. See above. - UninterpretedOption []*UninterpretedOption `protobuf:"bytes,999,rep,name=uninterpreted_option,json=uninterpretedOption" json:"uninterpreted_option,omitempty"` -} - -// Default values for EnumOptions fields. -const ( - Default_EnumOptions_Deprecated = bool(false) -) - -func (x *EnumOptions) Reset() { - *x = EnumOptions{} - if protoimpl.UnsafeEnabled { - mi := &file_google_protobuf_descriptor_proto_msgTypes[14] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *EnumOptions) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*EnumOptions) ProtoMessage() {} - -func (x *EnumOptions) ProtoReflect() protoreflect.Message { - mi := &file_google_protobuf_descriptor_proto_msgTypes[14] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use EnumOptions.ProtoReflect.Descriptor instead. -func (*EnumOptions) Descriptor() ([]byte, []int) { - return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{14} -} - -func (x *EnumOptions) GetAllowAlias() bool { - if x != nil && x.AllowAlias != nil { - return *x.AllowAlias - } - return false -} - -func (x *EnumOptions) GetDeprecated() bool { - if x != nil && x.Deprecated != nil { - return *x.Deprecated - } - return Default_EnumOptions_Deprecated -} - -func (x *EnumOptions) GetUninterpretedOption() []*UninterpretedOption { - if x != nil { - return x.UninterpretedOption - } - return nil -} - -type EnumValueOptions struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - extensionFields protoimpl.ExtensionFields - - // Is this enum value deprecated? - // Depending on the target platform, this can emit Deprecated annotations - // for the enum value, or it will be completely ignored; in the very least, - // this is a formalization for deprecating enum values. - Deprecated *bool `protobuf:"varint,1,opt,name=deprecated,def=0" json:"deprecated,omitempty"` - // The parser stores options it doesn't recognize here. See above. - UninterpretedOption []*UninterpretedOption `protobuf:"bytes,999,rep,name=uninterpreted_option,json=uninterpretedOption" json:"uninterpreted_option,omitempty"` -} - -// Default values for EnumValueOptions fields. -const ( - Default_EnumValueOptions_Deprecated = bool(false) -) - -func (x *EnumValueOptions) Reset() { - *x = EnumValueOptions{} - if protoimpl.UnsafeEnabled { - mi := &file_google_protobuf_descriptor_proto_msgTypes[15] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *EnumValueOptions) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*EnumValueOptions) ProtoMessage() {} - -func (x *EnumValueOptions) ProtoReflect() protoreflect.Message { - mi := &file_google_protobuf_descriptor_proto_msgTypes[15] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use EnumValueOptions.ProtoReflect.Descriptor instead. -func (*EnumValueOptions) Descriptor() ([]byte, []int) { - return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{15} -} - -func (x *EnumValueOptions) GetDeprecated() bool { - if x != nil && x.Deprecated != nil { - return *x.Deprecated - } - return Default_EnumValueOptions_Deprecated -} - -func (x *EnumValueOptions) GetUninterpretedOption() []*UninterpretedOption { - if x != nil { - return x.UninterpretedOption - } - return nil -} - -type ServiceOptions struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - extensionFields protoimpl.ExtensionFields - - // Is this service deprecated? - // Depending on the target platform, this can emit Deprecated annotations - // for the service, or it will be completely ignored; in the very least, - // this is a formalization for deprecating services. - Deprecated *bool `protobuf:"varint,33,opt,name=deprecated,def=0" json:"deprecated,omitempty"` - // The parser stores options it doesn't recognize here. See above. - UninterpretedOption []*UninterpretedOption `protobuf:"bytes,999,rep,name=uninterpreted_option,json=uninterpretedOption" json:"uninterpreted_option,omitempty"` -} - -// Default values for ServiceOptions fields. -const ( - Default_ServiceOptions_Deprecated = bool(false) -) - -func (x *ServiceOptions) Reset() { - *x = ServiceOptions{} - if protoimpl.UnsafeEnabled { - mi := &file_google_protobuf_descriptor_proto_msgTypes[16] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ServiceOptions) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ServiceOptions) ProtoMessage() {} - -func (x *ServiceOptions) ProtoReflect() protoreflect.Message { - mi := &file_google_protobuf_descriptor_proto_msgTypes[16] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ServiceOptions.ProtoReflect.Descriptor instead. -func (*ServiceOptions) Descriptor() ([]byte, []int) { - return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{16} -} - -func (x *ServiceOptions) GetDeprecated() bool { - if x != nil && x.Deprecated != nil { - return *x.Deprecated - } - return Default_ServiceOptions_Deprecated -} - -func (x *ServiceOptions) GetUninterpretedOption() []*UninterpretedOption { - if x != nil { - return x.UninterpretedOption - } - return nil -} - -type MethodOptions struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - extensionFields protoimpl.ExtensionFields - - // Is this method deprecated? - // Depending on the target platform, this can emit Deprecated annotations - // for the method, or it will be completely ignored; in the very least, - // this is a formalization for deprecating methods. - Deprecated *bool `protobuf:"varint,33,opt,name=deprecated,def=0" json:"deprecated,omitempty"` - IdempotencyLevel *MethodOptions_IdempotencyLevel `protobuf:"varint,34,opt,name=idempotency_level,json=idempotencyLevel,enum=google.protobuf.MethodOptions_IdempotencyLevel,def=0" json:"idempotency_level,omitempty"` - // The parser stores options it doesn't recognize here. See above. - UninterpretedOption []*UninterpretedOption `protobuf:"bytes,999,rep,name=uninterpreted_option,json=uninterpretedOption" json:"uninterpreted_option,omitempty"` -} - -// Default values for MethodOptions fields. -const ( - Default_MethodOptions_Deprecated = bool(false) - Default_MethodOptions_IdempotencyLevel = MethodOptions_IDEMPOTENCY_UNKNOWN -) - -func (x *MethodOptions) Reset() { - *x = MethodOptions{} - if protoimpl.UnsafeEnabled { - mi := &file_google_protobuf_descriptor_proto_msgTypes[17] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *MethodOptions) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*MethodOptions) ProtoMessage() {} - -func (x *MethodOptions) ProtoReflect() protoreflect.Message { - mi := &file_google_protobuf_descriptor_proto_msgTypes[17] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use MethodOptions.ProtoReflect.Descriptor instead. -func (*MethodOptions) Descriptor() ([]byte, []int) { - return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{17} -} - -func (x *MethodOptions) GetDeprecated() bool { - if x != nil && x.Deprecated != nil { - return *x.Deprecated - } - return Default_MethodOptions_Deprecated -} - -func (x *MethodOptions) GetIdempotencyLevel() MethodOptions_IdempotencyLevel { - if x != nil && x.IdempotencyLevel != nil { - return *x.IdempotencyLevel - } - return Default_MethodOptions_IdempotencyLevel -} - -func (x *MethodOptions) GetUninterpretedOption() []*UninterpretedOption { - if x != nil { - return x.UninterpretedOption - } - return nil -} - -// A message representing a option the parser does not recognize. This only -// appears in options protos created by the compiler::Parser class. -// DescriptorPool resolves these when building Descriptor objects. Therefore, -// options protos in descriptor objects (e.g. returned by Descriptor::options(), -// or produced by Descriptor::CopyTo()) will never have UninterpretedOptions -// in them. -type UninterpretedOption struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Name []*UninterpretedOption_NamePart `protobuf:"bytes,2,rep,name=name" json:"name,omitempty"` - // The value of the uninterpreted option, in whatever type the tokenizer - // identified it as during parsing. Exactly one of these should be set. - IdentifierValue *string `protobuf:"bytes,3,opt,name=identifier_value,json=identifierValue" json:"identifier_value,omitempty"` - PositiveIntValue *uint64 `protobuf:"varint,4,opt,name=positive_int_value,json=positiveIntValue" json:"positive_int_value,omitempty"` - NegativeIntValue *int64 `protobuf:"varint,5,opt,name=negative_int_value,json=negativeIntValue" json:"negative_int_value,omitempty"` - DoubleValue *float64 `protobuf:"fixed64,6,opt,name=double_value,json=doubleValue" json:"double_value,omitempty"` - StringValue []byte `protobuf:"bytes,7,opt,name=string_value,json=stringValue" json:"string_value,omitempty"` - AggregateValue *string `protobuf:"bytes,8,opt,name=aggregate_value,json=aggregateValue" json:"aggregate_value,omitempty"` -} - -func (x *UninterpretedOption) Reset() { - *x = UninterpretedOption{} - if protoimpl.UnsafeEnabled { - mi := &file_google_protobuf_descriptor_proto_msgTypes[18] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *UninterpretedOption) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*UninterpretedOption) ProtoMessage() {} - -func (x *UninterpretedOption) ProtoReflect() protoreflect.Message { - mi := &file_google_protobuf_descriptor_proto_msgTypes[18] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use UninterpretedOption.ProtoReflect.Descriptor instead. -func (*UninterpretedOption) Descriptor() ([]byte, []int) { - return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{18} -} - -func (x *UninterpretedOption) GetName() []*UninterpretedOption_NamePart { - if x != nil { - return x.Name - } - return nil -} - -func (x *UninterpretedOption) GetIdentifierValue() string { - if x != nil && x.IdentifierValue != nil { - return *x.IdentifierValue - } - return "" -} - -func (x *UninterpretedOption) GetPositiveIntValue() uint64 { - if x != nil && x.PositiveIntValue != nil { - return *x.PositiveIntValue - } - return 0 -} - -func (x *UninterpretedOption) GetNegativeIntValue() int64 { - if x != nil && x.NegativeIntValue != nil { - return *x.NegativeIntValue - } - return 0 -} - -func (x *UninterpretedOption) GetDoubleValue() float64 { - if x != nil && x.DoubleValue != nil { - return *x.DoubleValue - } - return 0 -} - -func (x *UninterpretedOption) GetStringValue() []byte { - if x != nil { - return x.StringValue - } - return nil -} - -func (x *UninterpretedOption) GetAggregateValue() string { - if x != nil && x.AggregateValue != nil { - return *x.AggregateValue - } - return "" -} - -// Encapsulates information about the original source file from which a -// FileDescriptorProto was generated. -type SourceCodeInfo struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // A Location identifies a piece of source code in a .proto file which - // corresponds to a particular definition. This information is intended - // to be useful to IDEs, code indexers, documentation generators, and similar - // tools. - // - // For example, say we have a file like: - // message Foo { - // optional string foo = 1; - // } - // Let's look at just the field definition: - // optional string foo = 1; - // ^ ^^ ^^ ^ ^^^ - // a bc de f ghi - // We have the following locations: - // span path represents - // [a,i) [ 4, 0, 2, 0 ] The whole field definition. - // [a,b) [ 4, 0, 2, 0, 4 ] The label (optional). - // [c,d) [ 4, 0, 2, 0, 5 ] The type (string). - // [e,f) [ 4, 0, 2, 0, 1 ] The name (foo). - // [g,h) [ 4, 0, 2, 0, 3 ] The number (1). - // - // Notes: - // - A location may refer to a repeated field itself (i.e. not to any - // particular index within it). This is used whenever a set of elements are - // logically enclosed in a single code segment. For example, an entire - // extend block (possibly containing multiple extension definitions) will - // have an outer location whose path refers to the "extensions" repeated - // field without an index. - // - Multiple locations may have the same path. This happens when a single - // logical declaration is spread out across multiple places. The most - // obvious example is the "extend" block again -- there may be multiple - // extend blocks in the same scope, each of which will have the same path. - // - A location's span is not always a subset of its parent's span. For - // example, the "extendee" of an extension declaration appears at the - // beginning of the "extend" block and is shared by all extensions within - // the block. - // - Just because a location's span is a subset of some other location's span - // does not mean that it is a descendant. For example, a "group" defines - // both a type and a field in a single declaration. Thus, the locations - // corresponding to the type and field and their components will overlap. - // - Code which tries to interpret locations should probably be designed to - // ignore those that it doesn't understand, as more types of locations could - // be recorded in the future. - Location []*SourceCodeInfo_Location `protobuf:"bytes,1,rep,name=location" json:"location,omitempty"` -} - -func (x *SourceCodeInfo) Reset() { - *x = SourceCodeInfo{} - if protoimpl.UnsafeEnabled { - mi := &file_google_protobuf_descriptor_proto_msgTypes[19] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *SourceCodeInfo) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*SourceCodeInfo) ProtoMessage() {} - -func (x *SourceCodeInfo) ProtoReflect() protoreflect.Message { - mi := &file_google_protobuf_descriptor_proto_msgTypes[19] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use SourceCodeInfo.ProtoReflect.Descriptor instead. -func (*SourceCodeInfo) Descriptor() ([]byte, []int) { - return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{19} -} - -func (x *SourceCodeInfo) GetLocation() []*SourceCodeInfo_Location { - if x != nil { - return x.Location - } - return nil -} - -// Describes the relationship between generated code and its original source -// file. A GeneratedCodeInfo message is associated with only one generated -// source file, but may contain references to different source .proto files. -type GeneratedCodeInfo struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // An Annotation connects some span of text in generated code to an element - // of its generating .proto file. - Annotation []*GeneratedCodeInfo_Annotation `protobuf:"bytes,1,rep,name=annotation" json:"annotation,omitempty"` -} - -func (x *GeneratedCodeInfo) Reset() { - *x = GeneratedCodeInfo{} - if protoimpl.UnsafeEnabled { - mi := &file_google_protobuf_descriptor_proto_msgTypes[20] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *GeneratedCodeInfo) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*GeneratedCodeInfo) ProtoMessage() {} - -func (x *GeneratedCodeInfo) ProtoReflect() protoreflect.Message { - mi := &file_google_protobuf_descriptor_proto_msgTypes[20] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use GeneratedCodeInfo.ProtoReflect.Descriptor instead. -func (*GeneratedCodeInfo) Descriptor() ([]byte, []int) { - return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{20} -} - -func (x *GeneratedCodeInfo) GetAnnotation() []*GeneratedCodeInfo_Annotation { - if x != nil { - return x.Annotation - } - return nil -} - -type DescriptorProto_ExtensionRange struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Start *int32 `protobuf:"varint,1,opt,name=start" json:"start,omitempty"` // Inclusive. - End *int32 `protobuf:"varint,2,opt,name=end" json:"end,omitempty"` // Exclusive. - Options *ExtensionRangeOptions `protobuf:"bytes,3,opt,name=options" json:"options,omitempty"` -} - -func (x *DescriptorProto_ExtensionRange) Reset() { - *x = DescriptorProto_ExtensionRange{} - if protoimpl.UnsafeEnabled { - mi := &file_google_protobuf_descriptor_proto_msgTypes[21] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *DescriptorProto_ExtensionRange) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*DescriptorProto_ExtensionRange) ProtoMessage() {} - -func (x *DescriptorProto_ExtensionRange) ProtoReflect() protoreflect.Message { - mi := &file_google_protobuf_descriptor_proto_msgTypes[21] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use DescriptorProto_ExtensionRange.ProtoReflect.Descriptor instead. -func (*DescriptorProto_ExtensionRange) Descriptor() ([]byte, []int) { - return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{2, 0} -} - -func (x *DescriptorProto_ExtensionRange) GetStart() int32 { - if x != nil && x.Start != nil { - return *x.Start - } - return 0 -} - -func (x *DescriptorProto_ExtensionRange) GetEnd() int32 { - if x != nil && x.End != nil { - return *x.End - } - return 0 -} - -func (x *DescriptorProto_ExtensionRange) GetOptions() *ExtensionRangeOptions { - if x != nil { - return x.Options - } - return nil -} - -// Range of reserved tag numbers. Reserved tag numbers may not be used by -// fields or extension ranges in the same message. Reserved ranges may -// not overlap. -type DescriptorProto_ReservedRange struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Start *int32 `protobuf:"varint,1,opt,name=start" json:"start,omitempty"` // Inclusive. - End *int32 `protobuf:"varint,2,opt,name=end" json:"end,omitempty"` // Exclusive. -} - -func (x *DescriptorProto_ReservedRange) Reset() { - *x = DescriptorProto_ReservedRange{} - if protoimpl.UnsafeEnabled { - mi := &file_google_protobuf_descriptor_proto_msgTypes[22] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *DescriptorProto_ReservedRange) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*DescriptorProto_ReservedRange) ProtoMessage() {} - -func (x *DescriptorProto_ReservedRange) ProtoReflect() protoreflect.Message { - mi := &file_google_protobuf_descriptor_proto_msgTypes[22] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use DescriptorProto_ReservedRange.ProtoReflect.Descriptor instead. -func (*DescriptorProto_ReservedRange) Descriptor() ([]byte, []int) { - return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{2, 1} -} - -func (x *DescriptorProto_ReservedRange) GetStart() int32 { - if x != nil && x.Start != nil { - return *x.Start - } - return 0 -} - -func (x *DescriptorProto_ReservedRange) GetEnd() int32 { - if x != nil && x.End != nil { - return *x.End - } - return 0 -} - -// Range of reserved numeric values. Reserved values may not be used by -// entries in the same enum. Reserved ranges may not overlap. -// -// Note that this is distinct from DescriptorProto.ReservedRange in that it -// is inclusive such that it can appropriately represent the entire int32 -// domain. -type EnumDescriptorProto_EnumReservedRange struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Start *int32 `protobuf:"varint,1,opt,name=start" json:"start,omitempty"` // Inclusive. - End *int32 `protobuf:"varint,2,opt,name=end" json:"end,omitempty"` // Inclusive. -} - -func (x *EnumDescriptorProto_EnumReservedRange) Reset() { - *x = EnumDescriptorProto_EnumReservedRange{} - if protoimpl.UnsafeEnabled { - mi := &file_google_protobuf_descriptor_proto_msgTypes[23] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *EnumDescriptorProto_EnumReservedRange) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*EnumDescriptorProto_EnumReservedRange) ProtoMessage() {} - -func (x *EnumDescriptorProto_EnumReservedRange) ProtoReflect() protoreflect.Message { - mi := &file_google_protobuf_descriptor_proto_msgTypes[23] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use EnumDescriptorProto_EnumReservedRange.ProtoReflect.Descriptor instead. -func (*EnumDescriptorProto_EnumReservedRange) Descriptor() ([]byte, []int) { - return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{6, 0} -} - -func (x *EnumDescriptorProto_EnumReservedRange) GetStart() int32 { - if x != nil && x.Start != nil { - return *x.Start - } - return 0 -} - -func (x *EnumDescriptorProto_EnumReservedRange) GetEnd() int32 { - if x != nil && x.End != nil { - return *x.End - } - return 0 -} - -// The name of the uninterpreted option. Each string represents a segment in -// a dot-separated name. is_extension is true iff a segment represents an -// extension (denoted with parentheses in options specs in .proto files). -// E.g.,{ ["foo", false], ["bar.baz", true], ["qux", false] } represents -// "foo.(bar.baz).qux". -type UninterpretedOption_NamePart struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - NamePart *string `protobuf:"bytes,1,req,name=name_part,json=namePart" json:"name_part,omitempty"` - IsExtension *bool `protobuf:"varint,2,req,name=is_extension,json=isExtension" json:"is_extension,omitempty"` -} - -func (x *UninterpretedOption_NamePart) Reset() { - *x = UninterpretedOption_NamePart{} - if protoimpl.UnsafeEnabled { - mi := &file_google_protobuf_descriptor_proto_msgTypes[24] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *UninterpretedOption_NamePart) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*UninterpretedOption_NamePart) ProtoMessage() {} - -func (x *UninterpretedOption_NamePart) ProtoReflect() protoreflect.Message { - mi := &file_google_protobuf_descriptor_proto_msgTypes[24] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use UninterpretedOption_NamePart.ProtoReflect.Descriptor instead. -func (*UninterpretedOption_NamePart) Descriptor() ([]byte, []int) { - return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{18, 0} -} - -func (x *UninterpretedOption_NamePart) GetNamePart() string { - if x != nil && x.NamePart != nil { - return *x.NamePart - } - return "" -} - -func (x *UninterpretedOption_NamePart) GetIsExtension() bool { - if x != nil && x.IsExtension != nil { - return *x.IsExtension - } - return false -} - -type SourceCodeInfo_Location struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Identifies which part of the FileDescriptorProto was defined at this - // location. - // - // Each element is a field number or an index. They form a path from - // the root FileDescriptorProto to the place where the definition. For - // example, this path: - // [ 4, 3, 2, 7, 1 ] - // refers to: - // file.message_type(3) // 4, 3 - // .field(7) // 2, 7 - // .name() // 1 - // This is because FileDescriptorProto.message_type has field number 4: - // repeated DescriptorProto message_type = 4; - // and DescriptorProto.field has field number 2: - // repeated FieldDescriptorProto field = 2; - // and FieldDescriptorProto.name has field number 1: - // optional string name = 1; - // - // Thus, the above path gives the location of a field name. If we removed - // the last element: - // [ 4, 3, 2, 7 ] - // this path refers to the whole field declaration (from the beginning - // of the label to the terminating semicolon). - Path []int32 `protobuf:"varint,1,rep,packed,name=path" json:"path,omitempty"` - // Always has exactly three or four elements: start line, start column, - // end line (optional, otherwise assumed same as start line), end column. - // These are packed into a single field for efficiency. Note that line - // and column numbers are zero-based -- typically you will want to add - // 1 to each before displaying to a user. - Span []int32 `protobuf:"varint,2,rep,packed,name=span" json:"span,omitempty"` - // If this SourceCodeInfo represents a complete declaration, these are any - // comments appearing before and after the declaration which appear to be - // attached to the declaration. - // - // A series of line comments appearing on consecutive lines, with no other - // tokens appearing on those lines, will be treated as a single comment. - // - // leading_detached_comments will keep paragraphs of comments that appear - // before (but not connected to) the current element. Each paragraph, - // separated by empty lines, will be one comment element in the repeated - // field. - // - // Only the comment content is provided; comment markers (e.g. //) are - // stripped out. For block comments, leading whitespace and an asterisk - // will be stripped from the beginning of each line other than the first. - // Newlines are included in the output. - // - // Examples: - // - // optional int32 foo = 1; // Comment attached to foo. - // // Comment attached to bar. - // optional int32 bar = 2; - // - // optional string baz = 3; - // // Comment attached to baz. - // // Another line attached to baz. - // - // // Comment attached to qux. - // // - // // Another line attached to qux. - // optional double qux = 4; - // - // // Detached comment for corge. This is not leading or trailing comments - // // to qux or corge because there are blank lines separating it from - // // both. - // - // // Detached comment for corge paragraph 2. - // - // optional string corge = 5; - // /* Block comment attached - // * to corge. Leading asterisks - // * will be removed. */ - // /* Block comment attached to - // * grault. */ - // optional int32 grault = 6; - // - // // ignored detached comments. - LeadingComments *string `protobuf:"bytes,3,opt,name=leading_comments,json=leadingComments" json:"leading_comments,omitempty"` - TrailingComments *string `protobuf:"bytes,4,opt,name=trailing_comments,json=trailingComments" json:"trailing_comments,omitempty"` - LeadingDetachedComments []string `protobuf:"bytes,6,rep,name=leading_detached_comments,json=leadingDetachedComments" json:"leading_detached_comments,omitempty"` -} - -func (x *SourceCodeInfo_Location) Reset() { - *x = SourceCodeInfo_Location{} - if protoimpl.UnsafeEnabled { - mi := &file_google_protobuf_descriptor_proto_msgTypes[25] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *SourceCodeInfo_Location) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*SourceCodeInfo_Location) ProtoMessage() {} - -func (x *SourceCodeInfo_Location) ProtoReflect() protoreflect.Message { - mi := &file_google_protobuf_descriptor_proto_msgTypes[25] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use SourceCodeInfo_Location.ProtoReflect.Descriptor instead. -func (*SourceCodeInfo_Location) Descriptor() ([]byte, []int) { - return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{19, 0} -} - -func (x *SourceCodeInfo_Location) GetPath() []int32 { - if x != nil { - return x.Path - } - return nil -} - -func (x *SourceCodeInfo_Location) GetSpan() []int32 { - if x != nil { - return x.Span - } - return nil -} - -func (x *SourceCodeInfo_Location) GetLeadingComments() string { - if x != nil && x.LeadingComments != nil { - return *x.LeadingComments - } - return "" -} - -func (x *SourceCodeInfo_Location) GetTrailingComments() string { - if x != nil && x.TrailingComments != nil { - return *x.TrailingComments - } - return "" -} - -func (x *SourceCodeInfo_Location) GetLeadingDetachedComments() []string { - if x != nil { - return x.LeadingDetachedComments - } - return nil -} - -type GeneratedCodeInfo_Annotation struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Identifies the element in the original source .proto file. This field - // is formatted the same as SourceCodeInfo.Location.path. - Path []int32 `protobuf:"varint,1,rep,packed,name=path" json:"path,omitempty"` - // Identifies the filesystem path to the original source .proto. - SourceFile *string `protobuf:"bytes,2,opt,name=source_file,json=sourceFile" json:"source_file,omitempty"` - // Identifies the starting offset in bytes in the generated code - // that relates to the identified object. - Begin *int32 `protobuf:"varint,3,opt,name=begin" json:"begin,omitempty"` - // Identifies the ending offset in bytes in the generated code that - // relates to the identified offset. The end offset should be one past - // the last relevant byte (so the length of the text = end - begin). - End *int32 `protobuf:"varint,4,opt,name=end" json:"end,omitempty"` -} - -func (x *GeneratedCodeInfo_Annotation) Reset() { - *x = GeneratedCodeInfo_Annotation{} - if protoimpl.UnsafeEnabled { - mi := &file_google_protobuf_descriptor_proto_msgTypes[26] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *GeneratedCodeInfo_Annotation) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*GeneratedCodeInfo_Annotation) ProtoMessage() {} - -func (x *GeneratedCodeInfo_Annotation) ProtoReflect() protoreflect.Message { - mi := &file_google_protobuf_descriptor_proto_msgTypes[26] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use GeneratedCodeInfo_Annotation.ProtoReflect.Descriptor instead. -func (*GeneratedCodeInfo_Annotation) Descriptor() ([]byte, []int) { - return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{20, 0} -} - -func (x *GeneratedCodeInfo_Annotation) GetPath() []int32 { - if x != nil { - return x.Path - } - return nil -} - -func (x *GeneratedCodeInfo_Annotation) GetSourceFile() string { - if x != nil && x.SourceFile != nil { - return *x.SourceFile - } - return "" -} - -func (x *GeneratedCodeInfo_Annotation) GetBegin() int32 { - if x != nil && x.Begin != nil { - return *x.Begin - } - return 0 -} - -func (x *GeneratedCodeInfo_Annotation) GetEnd() int32 { - if x != nil && x.End != nil { - return *x.End - } - return 0 -} - -var File_google_protobuf_descriptor_proto protoreflect.FileDescriptor - -var file_google_protobuf_descriptor_proto_rawDesc = []byte{ - 0x0a, 0x20, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, - 0x66, 0x2f, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x12, 0x0f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x62, 0x75, 0x66, 0x22, 0x4d, 0x0a, 0x11, 0x46, 0x69, 0x6c, 0x65, 0x44, 0x65, 0x73, 0x63, 0x72, - 0x69, 0x70, 0x74, 0x6f, 0x72, 0x53, 0x65, 0x74, 0x12, 0x38, 0x0a, 0x04, 0x66, 0x69, 0x6c, 0x65, - 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x6c, 0x65, 0x44, 0x65, 0x73, - 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x52, 0x04, 0x66, 0x69, - 0x6c, 0x65, 0x22, 0xe4, 0x04, 0x0a, 0x13, 0x46, 0x69, 0x6c, 0x65, 0x44, 0x65, 0x73, 0x63, 0x72, - 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, - 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x18, - 0x0a, 0x07, 0x70, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x07, 0x70, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x12, 0x1e, 0x0a, 0x0a, 0x64, 0x65, 0x70, 0x65, - 0x6e, 0x64, 0x65, 0x6e, 0x63, 0x79, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a, 0x64, 0x65, - 0x70, 0x65, 0x6e, 0x64, 0x65, 0x6e, 0x63, 0x79, 0x12, 0x2b, 0x0a, 0x11, 0x70, 0x75, 0x62, 0x6c, - 0x69, 0x63, 0x5f, 0x64, 0x65, 0x70, 0x65, 0x6e, 0x64, 0x65, 0x6e, 0x63, 0x79, 0x18, 0x0a, 0x20, - 0x03, 0x28, 0x05, 0x52, 0x10, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x44, 0x65, 0x70, 0x65, 0x6e, - 0x64, 0x65, 0x6e, 0x63, 0x79, 0x12, 0x27, 0x0a, 0x0f, 0x77, 0x65, 0x61, 0x6b, 0x5f, 0x64, 0x65, - 0x70, 0x65, 0x6e, 0x64, 0x65, 0x6e, 0x63, 0x79, 0x18, 0x0b, 0x20, 0x03, 0x28, 0x05, 0x52, 0x0e, - 0x77, 0x65, 0x61, 0x6b, 0x44, 0x65, 0x70, 0x65, 0x6e, 0x64, 0x65, 0x6e, 0x63, 0x79, 0x12, 0x43, - 0x0a, 0x0c, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x04, - 0x20, 0x03, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, - 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x52, 0x0b, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x54, - 0x79, 0x70, 0x65, 0x12, 0x41, 0x0a, 0x09, 0x65, 0x6e, 0x75, 0x6d, 0x5f, 0x74, 0x79, 0x70, 0x65, - 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6e, 0x75, 0x6d, 0x44, 0x65, 0x73, - 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x52, 0x08, 0x65, 0x6e, - 0x75, 0x6d, 0x54, 0x79, 0x70, 0x65, 0x12, 0x41, 0x0a, 0x07, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, - 0x65, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, - 0x65, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, - 0x52, 0x07, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x43, 0x0a, 0x09, 0x65, 0x78, 0x74, - 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x67, - 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, - 0x69, 0x65, 0x6c, 0x64, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, - 0x6f, 0x74, 0x6f, 0x52, 0x09, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x36, - 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, - 0x66, 0x2e, 0x46, 0x69, 0x6c, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, - 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x49, 0x0a, 0x10, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, - 0x5f, 0x63, 0x6f, 0x64, 0x65, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x1f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, - 0x75, 0x66, 0x2e, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x43, 0x6f, 0x64, 0x65, 0x49, 0x6e, 0x66, - 0x6f, 0x52, 0x0e, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x43, 0x6f, 0x64, 0x65, 0x49, 0x6e, 0x66, - 0x6f, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x79, 0x6e, 0x74, 0x61, 0x78, 0x18, 0x0c, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x06, 0x73, 0x79, 0x6e, 0x74, 0x61, 0x78, 0x22, 0xb9, 0x06, 0x0a, 0x0f, 0x44, 0x65, - 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a, - 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, - 0x65, 0x12, 0x3b, 0x0a, 0x05, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, - 0x32, 0x25, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, - 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, - 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x52, 0x05, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x12, 0x43, - 0x0a, 0x09, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x06, 0x20, 0x03, 0x28, - 0x0b, 0x32, 0x25, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, - 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x52, 0x09, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, - 0x69, 0x6f, 0x6e, 0x12, 0x41, 0x0a, 0x0b, 0x6e, 0x65, 0x73, 0x74, 0x65, 0x64, 0x5f, 0x74, 0x79, - 0x70, 0x65, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, - 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x65, 0x73, 0x63, 0x72, - 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x52, 0x0a, 0x6e, 0x65, 0x73, 0x74, - 0x65, 0x64, 0x54, 0x79, 0x70, 0x65, 0x12, 0x41, 0x0a, 0x09, 0x65, 0x6e, 0x75, 0x6d, 0x5f, 0x74, - 0x79, 0x70, 0x65, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, - 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6e, 0x75, 0x6d, - 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x52, - 0x08, 0x65, 0x6e, 0x75, 0x6d, 0x54, 0x79, 0x70, 0x65, 0x12, 0x58, 0x0a, 0x0f, 0x65, 0x78, 0x74, - 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x5f, 0x72, 0x61, 0x6e, 0x67, 0x65, 0x18, 0x05, 0x20, 0x03, - 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, - 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x61, - 0x6e, 0x67, 0x65, 0x52, 0x0e, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x61, - 0x6e, 0x67, 0x65, 0x12, 0x44, 0x0a, 0x0a, 0x6f, 0x6e, 0x65, 0x6f, 0x66, 0x5f, 0x64, 0x65, 0x63, - 0x6c, 0x18, 0x08, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x4f, 0x6e, 0x65, 0x6f, 0x66, 0x44, - 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x52, 0x09, - 0x6f, 0x6e, 0x65, 0x6f, 0x66, 0x44, 0x65, 0x63, 0x6c, 0x12, 0x39, 0x0a, 0x07, 0x6f, 0x70, 0x74, - 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x67, 0x6f, 0x6f, - 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x4d, 0x65, 0x73, - 0x73, 0x61, 0x67, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74, - 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x55, 0x0a, 0x0e, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, - 0x5f, 0x72, 0x61, 0x6e, 0x67, 0x65, 0x18, 0x09, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x67, - 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, - 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x52, - 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x52, 0x0d, 0x72, 0x65, - 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x72, - 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x0a, 0x20, 0x03, - 0x28, 0x09, 0x52, 0x0c, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x4e, 0x61, 0x6d, 0x65, - 0x1a, 0x7a, 0x0a, 0x0e, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x61, 0x6e, - 0x67, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x73, 0x74, 0x61, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x05, 0x52, 0x05, 0x73, 0x74, 0x61, 0x72, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x65, 0x6e, 0x64, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x65, 0x6e, 0x64, 0x12, 0x40, 0x0a, 0x07, 0x6f, 0x70, - 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x67, 0x6f, - 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x78, - 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x4f, 0x70, 0x74, 0x69, - 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x1a, 0x37, 0x0a, 0x0d, - 0x52, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x12, 0x14, 0x0a, - 0x05, 0x73, 0x74, 0x61, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x05, 0x73, 0x74, - 0x61, 0x72, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x65, 0x6e, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, - 0x52, 0x03, 0x65, 0x6e, 0x64, 0x22, 0x7c, 0x0a, 0x15, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, - 0x6f, 0x6e, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x58, - 0x0a, 0x14, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x5f, - 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0xe7, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, - 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, - 0x55, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, - 0x69, 0x6f, 0x6e, 0x52, 0x13, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, - 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x2a, 0x09, 0x08, 0xe8, 0x07, 0x10, 0x80, 0x80, - 0x80, 0x80, 0x02, 0x22, 0xc1, 0x06, 0x0a, 0x14, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x44, 0x65, 0x73, - 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a, 0x04, - 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, - 0x12, 0x16, 0x0a, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05, - 0x52, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, 0x41, 0x0a, 0x05, 0x6c, 0x61, 0x62, 0x65, - 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x44, - 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x4c, - 0x61, 0x62, 0x65, 0x6c, 0x52, 0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x12, 0x3e, 0x0a, 0x04, 0x74, - 0x79, 0x70, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, - 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, - 0x64, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, - 0x2e, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x1b, 0x0a, 0x09, 0x74, - 0x79, 0x70, 0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, - 0x74, 0x79, 0x70, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x65, 0x78, 0x74, 0x65, - 0x6e, 0x64, 0x65, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x65, 0x78, 0x74, 0x65, - 0x6e, 0x64, 0x65, 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x5f, - 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x64, 0x65, 0x66, - 0x61, 0x75, 0x6c, 0x74, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x6f, 0x6e, 0x65, - 0x6f, 0x66, 0x5f, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x09, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0a, - 0x6f, 0x6e, 0x65, 0x6f, 0x66, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x1b, 0x0a, 0x09, 0x6a, 0x73, - 0x6f, 0x6e, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x6a, - 0x73, 0x6f, 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x37, 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, - 0x6e, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, - 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, - 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, - 0x12, 0x27, 0x0a, 0x0f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, - 0x6e, 0x61, 0x6c, 0x18, 0x11, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x33, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x22, 0xb6, 0x02, 0x0a, 0x04, 0x54, 0x79, - 0x70, 0x65, 0x12, 0x0f, 0x0a, 0x0b, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x44, 0x4f, 0x55, 0x42, 0x4c, - 0x45, 0x10, 0x01, 0x12, 0x0e, 0x0a, 0x0a, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x46, 0x4c, 0x4f, 0x41, - 0x54, 0x10, 0x02, 0x12, 0x0e, 0x0a, 0x0a, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x49, 0x4e, 0x54, 0x36, - 0x34, 0x10, 0x03, 0x12, 0x0f, 0x0a, 0x0b, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x49, 0x4e, 0x54, - 0x36, 0x34, 0x10, 0x04, 0x12, 0x0e, 0x0a, 0x0a, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x49, 0x4e, 0x54, - 0x33, 0x32, 0x10, 0x05, 0x12, 0x10, 0x0a, 0x0c, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x46, 0x49, 0x58, - 0x45, 0x44, 0x36, 0x34, 0x10, 0x06, 0x12, 0x10, 0x0a, 0x0c, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x46, - 0x49, 0x58, 0x45, 0x44, 0x33, 0x32, 0x10, 0x07, 0x12, 0x0d, 0x0a, 0x09, 0x54, 0x59, 0x50, 0x45, - 0x5f, 0x42, 0x4f, 0x4f, 0x4c, 0x10, 0x08, 0x12, 0x0f, 0x0a, 0x0b, 0x54, 0x59, 0x50, 0x45, 0x5f, - 0x53, 0x54, 0x52, 0x49, 0x4e, 0x47, 0x10, 0x09, 0x12, 0x0e, 0x0a, 0x0a, 0x54, 0x59, 0x50, 0x45, - 0x5f, 0x47, 0x52, 0x4f, 0x55, 0x50, 0x10, 0x0a, 0x12, 0x10, 0x0a, 0x0c, 0x54, 0x59, 0x50, 0x45, - 0x5f, 0x4d, 0x45, 0x53, 0x53, 0x41, 0x47, 0x45, 0x10, 0x0b, 0x12, 0x0e, 0x0a, 0x0a, 0x54, 0x59, - 0x50, 0x45, 0x5f, 0x42, 0x59, 0x54, 0x45, 0x53, 0x10, 0x0c, 0x12, 0x0f, 0x0a, 0x0b, 0x54, 0x59, - 0x50, 0x45, 0x5f, 0x55, 0x49, 0x4e, 0x54, 0x33, 0x32, 0x10, 0x0d, 0x12, 0x0d, 0x0a, 0x09, 0x54, - 0x59, 0x50, 0x45, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x10, 0x0e, 0x12, 0x11, 0x0a, 0x0d, 0x54, 0x59, - 0x50, 0x45, 0x5f, 0x53, 0x46, 0x49, 0x58, 0x45, 0x44, 0x33, 0x32, 0x10, 0x0f, 0x12, 0x11, 0x0a, - 0x0d, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x46, 0x49, 0x58, 0x45, 0x44, 0x36, 0x34, 0x10, 0x10, - 0x12, 0x0f, 0x0a, 0x0b, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x49, 0x4e, 0x54, 0x33, 0x32, 0x10, - 0x11, 0x12, 0x0f, 0x0a, 0x0b, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x49, 0x4e, 0x54, 0x36, 0x34, - 0x10, 0x12, 0x22, 0x43, 0x0a, 0x05, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x12, 0x12, 0x0a, 0x0e, 0x4c, - 0x41, 0x42, 0x45, 0x4c, 0x5f, 0x4f, 0x50, 0x54, 0x49, 0x4f, 0x4e, 0x41, 0x4c, 0x10, 0x01, 0x12, - 0x12, 0x0a, 0x0e, 0x4c, 0x41, 0x42, 0x45, 0x4c, 0x5f, 0x52, 0x45, 0x51, 0x55, 0x49, 0x52, 0x45, - 0x44, 0x10, 0x02, 0x12, 0x12, 0x0a, 0x0e, 0x4c, 0x41, 0x42, 0x45, 0x4c, 0x5f, 0x52, 0x45, 0x50, - 0x45, 0x41, 0x54, 0x45, 0x44, 0x10, 0x03, 0x22, 0x63, 0x0a, 0x14, 0x4f, 0x6e, 0x65, 0x6f, 0x66, - 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12, - 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, - 0x61, 0x6d, 0x65, 0x12, 0x37, 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x4f, 0x6e, 0x65, 0x6f, 0x66, 0x4f, 0x70, 0x74, 0x69, - 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0xe3, 0x02, 0x0a, - 0x13, 0x45, 0x6e, 0x75, 0x6d, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, - 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x3f, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, - 0x65, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6e, 0x75, 0x6d, 0x56, 0x61, - 0x6c, 0x75, 0x65, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, - 0x74, 0x6f, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x36, 0x0a, 0x07, 0x6f, 0x70, 0x74, - 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, - 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6e, 0x75, - 0x6d, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, - 0x73, 0x12, 0x5d, 0x0a, 0x0e, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x5f, 0x72, 0x61, - 0x6e, 0x67, 0x65, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x67, 0x6f, 0x6f, 0x67, - 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6e, 0x75, 0x6d, - 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x2e, - 0x45, 0x6e, 0x75, 0x6d, 0x52, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x52, 0x61, 0x6e, 0x67, - 0x65, 0x52, 0x0d, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x52, 0x61, 0x6e, 0x67, 0x65, - 0x12, 0x23, 0x0a, 0x0d, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x5f, 0x6e, 0x61, 0x6d, - 0x65, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0c, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, - 0x64, 0x4e, 0x61, 0x6d, 0x65, 0x1a, 0x3b, 0x0a, 0x11, 0x45, 0x6e, 0x75, 0x6d, 0x52, 0x65, 0x73, - 0x65, 0x72, 0x76, 0x65, 0x64, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x73, 0x74, - 0x61, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x05, 0x73, 0x74, 0x61, 0x72, 0x74, - 0x12, 0x10, 0x0a, 0x03, 0x65, 0x6e, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x65, - 0x6e, 0x64, 0x22, 0x83, 0x01, 0x0a, 0x18, 0x45, 0x6e, 0x75, 0x6d, 0x56, 0x61, 0x6c, 0x75, 0x65, - 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12, - 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, - 0x61, 0x6d, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x05, 0x52, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, 0x3b, 0x0a, 0x07, 0x6f, - 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x67, - 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, - 0x6e, 0x75, 0x6d, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, - 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0xa7, 0x01, 0x0a, 0x16, 0x53, 0x65, 0x72, - 0x76, 0x69, 0x63, 0x65, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, - 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x3e, 0x0a, 0x06, 0x6d, 0x65, 0x74, 0x68, 0x6f, - 0x64, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, - 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x52, - 0x06, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x12, 0x39, 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, - 0x6e, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, - 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, - 0x63, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, - 0x6e, 0x73, 0x22, 0x89, 0x02, 0x0a, 0x15, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x44, 0x65, 0x73, - 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a, 0x04, - 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, - 0x12, 0x1d, 0x0a, 0x0a, 0x69, 0x6e, 0x70, 0x75, 0x74, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x69, 0x6e, 0x70, 0x75, 0x74, 0x54, 0x79, 0x70, 0x65, 0x12, - 0x1f, 0x0a, 0x0b, 0x6f, 0x75, 0x74, 0x70, 0x75, 0x74, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x6f, 0x75, 0x74, 0x70, 0x75, 0x74, 0x54, 0x79, 0x70, 0x65, - 0x12, 0x38, 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x1e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x62, 0x75, 0x66, 0x2e, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, - 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x30, 0x0a, 0x10, 0x63, 0x6c, - 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x69, 0x6e, 0x67, 0x18, 0x05, - 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0f, 0x63, 0x6c, 0x69, - 0x65, 0x6e, 0x74, 0x53, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x69, 0x6e, 0x67, 0x12, 0x30, 0x0a, 0x10, - 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x69, 0x6e, 0x67, - 0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0f, 0x73, - 0x65, 0x72, 0x76, 0x65, 0x72, 0x53, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x69, 0x6e, 0x67, 0x22, 0x91, - 0x09, 0x0a, 0x0b, 0x46, 0x69, 0x6c, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x21, - 0x0a, 0x0c, 0x6a, 0x61, 0x76, 0x61, 0x5f, 0x70, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x6a, 0x61, 0x76, 0x61, 0x50, 0x61, 0x63, 0x6b, 0x61, 0x67, - 0x65, 0x12, 0x30, 0x0a, 0x14, 0x6a, 0x61, 0x76, 0x61, 0x5f, 0x6f, 0x75, 0x74, 0x65, 0x72, 0x5f, - 0x63, 0x6c, 0x61, 0x73, 0x73, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x12, 0x6a, 0x61, 0x76, 0x61, 0x4f, 0x75, 0x74, 0x65, 0x72, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x6e, - 0x61, 0x6d, 0x65, 0x12, 0x35, 0x0a, 0x13, 0x6a, 0x61, 0x76, 0x61, 0x5f, 0x6d, 0x75, 0x6c, 0x74, - 0x69, 0x70, 0x6c, 0x65, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x73, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x08, - 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x11, 0x6a, 0x61, 0x76, 0x61, 0x4d, 0x75, 0x6c, - 0x74, 0x69, 0x70, 0x6c, 0x65, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x12, 0x44, 0x0a, 0x1d, 0x6a, 0x61, - 0x76, 0x61, 0x5f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x5f, 0x65, 0x71, 0x75, 0x61, - 0x6c, 0x73, 0x5f, 0x61, 0x6e, 0x64, 0x5f, 0x68, 0x61, 0x73, 0x68, 0x18, 0x14, 0x20, 0x01, 0x28, - 0x08, 0x42, 0x02, 0x18, 0x01, 0x52, 0x19, 0x6a, 0x61, 0x76, 0x61, 0x47, 0x65, 0x6e, 0x65, 0x72, - 0x61, 0x74, 0x65, 0x45, 0x71, 0x75, 0x61, 0x6c, 0x73, 0x41, 0x6e, 0x64, 0x48, 0x61, 0x73, 0x68, - 0x12, 0x3a, 0x0a, 0x16, 0x6a, 0x61, 0x76, 0x61, 0x5f, 0x73, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x5f, - 0x63, 0x68, 0x65, 0x63, 0x6b, 0x5f, 0x75, 0x74, 0x66, 0x38, 0x18, 0x1b, 0x20, 0x01, 0x28, 0x08, - 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x13, 0x6a, 0x61, 0x76, 0x61, 0x53, 0x74, 0x72, - 0x69, 0x6e, 0x67, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x55, 0x74, 0x66, 0x38, 0x12, 0x53, 0x0a, 0x0c, - 0x6f, 0x70, 0x74, 0x69, 0x6d, 0x69, 0x7a, 0x65, 0x5f, 0x66, 0x6f, 0x72, 0x18, 0x09, 0x20, 0x01, - 0x28, 0x0e, 0x32, 0x29, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x6c, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, - 0x2e, 0x4f, 0x70, 0x74, 0x69, 0x6d, 0x69, 0x7a, 0x65, 0x4d, 0x6f, 0x64, 0x65, 0x3a, 0x05, 0x53, - 0x50, 0x45, 0x45, 0x44, 0x52, 0x0b, 0x6f, 0x70, 0x74, 0x69, 0x6d, 0x69, 0x7a, 0x65, 0x46, 0x6f, - 0x72, 0x12, 0x1d, 0x0a, 0x0a, 0x67, 0x6f, 0x5f, 0x70, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x18, - 0x0b, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x67, 0x6f, 0x50, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, - 0x12, 0x35, 0x0a, 0x13, 0x63, 0x63, 0x5f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x5f, 0x73, - 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x18, 0x10, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, - 0x61, 0x6c, 0x73, 0x65, 0x52, 0x11, 0x63, 0x63, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x53, - 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x39, 0x0a, 0x15, 0x6a, 0x61, 0x76, 0x61, 0x5f, - 0x67, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, - 0x18, 0x11, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x13, 0x6a, - 0x61, 0x76, 0x61, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, - 0x65, 0x73, 0x12, 0x35, 0x0a, 0x13, 0x70, 0x79, 0x5f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, - 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x18, 0x12, 0x20, 0x01, 0x28, 0x08, 0x3a, - 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x11, 0x70, 0x79, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x69, - 0x63, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x37, 0x0a, 0x14, 0x70, 0x68, 0x70, - 0x5f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, - 0x73, 0x18, 0x2a, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x12, - 0x70, 0x68, 0x70, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, - 0x65, 0x73, 0x12, 0x25, 0x0a, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, - 0x18, 0x17, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0a, 0x64, - 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x12, 0x2e, 0x0a, 0x10, 0x63, 0x63, 0x5f, - 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x5f, 0x61, 0x72, 0x65, 0x6e, 0x61, 0x73, 0x18, 0x1f, 0x20, - 0x01, 0x28, 0x08, 0x3a, 0x04, 0x74, 0x72, 0x75, 0x65, 0x52, 0x0e, 0x63, 0x63, 0x45, 0x6e, 0x61, - 0x62, 0x6c, 0x65, 0x41, 0x72, 0x65, 0x6e, 0x61, 0x73, 0x12, 0x2a, 0x0a, 0x11, 0x6f, 0x62, 0x6a, - 0x63, 0x5f, 0x63, 0x6c, 0x61, 0x73, 0x73, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x24, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x6f, 0x62, 0x6a, 0x63, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x50, - 0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x29, 0x0a, 0x10, 0x63, 0x73, 0x68, 0x61, 0x72, 0x70, 0x5f, - 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x25, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x0f, 0x63, 0x73, 0x68, 0x61, 0x72, 0x70, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, - 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x77, 0x69, 0x66, 0x74, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, - 0x18, 0x27, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x73, 0x77, 0x69, 0x66, 0x74, 0x50, 0x72, 0x65, - 0x66, 0x69, 0x78, 0x12, 0x28, 0x0a, 0x10, 0x70, 0x68, 0x70, 0x5f, 0x63, 0x6c, 0x61, 0x73, 0x73, - 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x28, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x70, - 0x68, 0x70, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x23, 0x0a, - 0x0d, 0x70, 0x68, 0x70, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x29, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x70, 0x68, 0x70, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, - 0x63, 0x65, 0x12, 0x34, 0x0a, 0x16, 0x70, 0x68, 0x70, 0x5f, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, - 0x74, 0x61, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x2c, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x14, 0x70, 0x68, 0x70, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x4e, - 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x72, 0x75, 0x62, 0x79, - 0x5f, 0x70, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x18, 0x2d, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, - 0x72, 0x75, 0x62, 0x79, 0x50, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x12, 0x58, 0x0a, 0x14, 0x75, - 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x5f, 0x6f, 0x70, 0x74, - 0x69, 0x6f, 0x6e, 0x18, 0xe7, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, - 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x6e, 0x69, - 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, - 0x52, 0x13, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, - 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x3a, 0x0a, 0x0c, 0x4f, 0x70, 0x74, 0x69, 0x6d, 0x69, 0x7a, - 0x65, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x09, 0x0a, 0x05, 0x53, 0x50, 0x45, 0x45, 0x44, 0x10, 0x01, - 0x12, 0x0d, 0x0a, 0x09, 0x43, 0x4f, 0x44, 0x45, 0x5f, 0x53, 0x49, 0x5a, 0x45, 0x10, 0x02, 0x12, - 0x10, 0x0a, 0x0c, 0x4c, 0x49, 0x54, 0x45, 0x5f, 0x52, 0x55, 0x4e, 0x54, 0x49, 0x4d, 0x45, 0x10, - 0x03, 0x2a, 0x09, 0x08, 0xe8, 0x07, 0x10, 0x80, 0x80, 0x80, 0x80, 0x02, 0x4a, 0x04, 0x08, 0x26, - 0x10, 0x27, 0x22, 0xd1, 0x02, 0x0a, 0x0e, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x4f, 0x70, - 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x3c, 0x0a, 0x17, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, - 0x5f, 0x73, 0x65, 0x74, 0x5f, 0x77, 0x69, 0x72, 0x65, 0x5f, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x14, 0x6d, - 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x53, 0x65, 0x74, 0x57, 0x69, 0x72, 0x65, 0x46, 0x6f, 0x72, - 0x6d, 0x61, 0x74, 0x12, 0x4c, 0x0a, 0x1f, 0x6e, 0x6f, 0x5f, 0x73, 0x74, 0x61, 0x6e, 0x64, 0x61, - 0x72, 0x64, 0x5f, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x5f, 0x61, 0x63, - 0x63, 0x65, 0x73, 0x73, 0x6f, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, - 0x6c, 0x73, 0x65, 0x52, 0x1c, 0x6e, 0x6f, 0x53, 0x74, 0x61, 0x6e, 0x64, 0x61, 0x72, 0x64, 0x44, - 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6f, - 0x72, 0x12, 0x25, 0x0a, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x18, - 0x03, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0a, 0x64, 0x65, - 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x12, 0x1b, 0x0a, 0x09, 0x6d, 0x61, 0x70, 0x5f, - 0x65, 0x6e, 0x74, 0x72, 0x79, 0x18, 0x07, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x6d, 0x61, 0x70, - 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x58, 0x0a, 0x14, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, - 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0xe7, 0x07, - 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, - 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x13, 0x75, 0x6e, 0x69, 0x6e, - 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x2a, - 0x09, 0x08, 0xe8, 0x07, 0x10, 0x80, 0x80, 0x80, 0x80, 0x02, 0x4a, 0x04, 0x08, 0x08, 0x10, 0x09, - 0x4a, 0x04, 0x08, 0x09, 0x10, 0x0a, 0x22, 0xe2, 0x03, 0x0a, 0x0c, 0x46, 0x69, 0x65, 0x6c, 0x64, - 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x41, 0x0a, 0x05, 0x63, 0x74, 0x79, 0x70, 0x65, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x23, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4f, 0x70, - 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x43, 0x54, 0x79, 0x70, 0x65, 0x3a, 0x06, 0x53, 0x54, 0x52, - 0x49, 0x4e, 0x47, 0x52, 0x05, 0x63, 0x74, 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x70, 0x61, - 0x63, 0x6b, 0x65, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06, 0x70, 0x61, 0x63, 0x6b, - 0x65, 0x64, 0x12, 0x47, 0x0a, 0x06, 0x6a, 0x73, 0x74, 0x79, 0x70, 0x65, 0x18, 0x06, 0x20, 0x01, - 0x28, 0x0e, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, - 0x73, 0x2e, 0x4a, 0x53, 0x54, 0x79, 0x70, 0x65, 0x3a, 0x09, 0x4a, 0x53, 0x5f, 0x4e, 0x4f, 0x52, - 0x4d, 0x41, 0x4c, 0x52, 0x06, 0x6a, 0x73, 0x74, 0x79, 0x70, 0x65, 0x12, 0x19, 0x0a, 0x04, 0x6c, - 0x61, 0x7a, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, - 0x52, 0x04, 0x6c, 0x61, 0x7a, 0x79, 0x12, 0x25, 0x0a, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, - 0x61, 0x74, 0x65, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, - 0x65, 0x52, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x12, 0x19, 0x0a, - 0x04, 0x77, 0x65, 0x61, 0x6b, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, - 0x73, 0x65, 0x52, 0x04, 0x77, 0x65, 0x61, 0x6b, 0x12, 0x58, 0x0a, 0x14, 0x75, 0x6e, 0x69, 0x6e, - 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, - 0x18, 0xe7, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x6e, 0x69, 0x6e, 0x74, 0x65, - 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x13, 0x75, - 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, - 0x6f, 0x6e, 0x22, 0x2f, 0x0a, 0x05, 0x43, 0x54, 0x79, 0x70, 0x65, 0x12, 0x0a, 0x0a, 0x06, 0x53, - 0x54, 0x52, 0x49, 0x4e, 0x47, 0x10, 0x00, 0x12, 0x08, 0x0a, 0x04, 0x43, 0x4f, 0x52, 0x44, 0x10, - 0x01, 0x12, 0x10, 0x0a, 0x0c, 0x53, 0x54, 0x52, 0x49, 0x4e, 0x47, 0x5f, 0x50, 0x49, 0x45, 0x43, - 0x45, 0x10, 0x02, 0x22, 0x35, 0x0a, 0x06, 0x4a, 0x53, 0x54, 0x79, 0x70, 0x65, 0x12, 0x0d, 0x0a, - 0x09, 0x4a, 0x53, 0x5f, 0x4e, 0x4f, 0x52, 0x4d, 0x41, 0x4c, 0x10, 0x00, 0x12, 0x0d, 0x0a, 0x09, - 0x4a, 0x53, 0x5f, 0x53, 0x54, 0x52, 0x49, 0x4e, 0x47, 0x10, 0x01, 0x12, 0x0d, 0x0a, 0x09, 0x4a, - 0x53, 0x5f, 0x4e, 0x55, 0x4d, 0x42, 0x45, 0x52, 0x10, 0x02, 0x2a, 0x09, 0x08, 0xe8, 0x07, 0x10, - 0x80, 0x80, 0x80, 0x80, 0x02, 0x4a, 0x04, 0x08, 0x04, 0x10, 0x05, 0x22, 0x73, 0x0a, 0x0c, 0x4f, - 0x6e, 0x65, 0x6f, 0x66, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x58, 0x0a, 0x14, 0x75, - 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x5f, 0x6f, 0x70, 0x74, - 0x69, 0x6f, 0x6e, 0x18, 0xe7, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, - 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x6e, 0x69, - 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, - 0x52, 0x13, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, - 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x2a, 0x09, 0x08, 0xe8, 0x07, 0x10, 0x80, 0x80, 0x80, 0x80, 0x02, - 0x22, 0xc0, 0x01, 0x0a, 0x0b, 0x45, 0x6e, 0x75, 0x6d, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, - 0x12, 0x1f, 0x0a, 0x0b, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x5f, 0x61, 0x6c, 0x69, 0x61, 0x73, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x41, 0x6c, 0x69, 0x61, - 0x73, 0x12, 0x25, 0x0a, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x18, - 0x03, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0a, 0x64, 0x65, - 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x12, 0x58, 0x0a, 0x14, 0x75, 0x6e, 0x69, 0x6e, - 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, - 0x18, 0xe7, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x6e, 0x69, 0x6e, 0x74, 0x65, - 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x13, 0x75, - 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, - 0x6f, 0x6e, 0x2a, 0x09, 0x08, 0xe8, 0x07, 0x10, 0x80, 0x80, 0x80, 0x80, 0x02, 0x4a, 0x04, 0x08, - 0x05, 0x10, 0x06, 0x22, 0x9e, 0x01, 0x0a, 0x10, 0x45, 0x6e, 0x75, 0x6d, 0x56, 0x61, 0x6c, 0x75, - 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x25, 0x0a, 0x0a, 0x64, 0x65, 0x70, 0x72, - 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, - 0x6c, 0x73, 0x65, 0x52, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x12, - 0x58, 0x0a, 0x14, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, - 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0xe7, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, - 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, - 0x2e, 0x55, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, - 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x13, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, - 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x2a, 0x09, 0x08, 0xe8, 0x07, 0x10, 0x80, - 0x80, 0x80, 0x80, 0x02, 0x22, 0x9c, 0x01, 0x0a, 0x0e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, - 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x25, 0x0a, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, - 0x63, 0x61, 0x74, 0x65, 0x64, 0x18, 0x21, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, - 0x73, 0x65, 0x52, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x12, 0x58, - 0x0a, 0x14, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x5f, - 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0xe7, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, - 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, - 0x55, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, - 0x69, 0x6f, 0x6e, 0x52, 0x13, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, - 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x2a, 0x09, 0x08, 0xe8, 0x07, 0x10, 0x80, 0x80, - 0x80, 0x80, 0x02, 0x22, 0xe0, 0x02, 0x0a, 0x0d, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x4f, 0x70, - 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x25, 0x0a, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, - 0x74, 0x65, 0x64, 0x18, 0x21, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, - 0x52, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x12, 0x71, 0x0a, 0x11, - 0x69, 0x64, 0x65, 0x6d, 0x70, 0x6f, 0x74, 0x65, 0x6e, 0x63, 0x79, 0x5f, 0x6c, 0x65, 0x76, 0x65, - 0x6c, 0x18, 0x22, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, - 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x49, 0x64, 0x65, 0x6d, 0x70, 0x6f, 0x74, 0x65, - 0x6e, 0x63, 0x79, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x3a, 0x13, 0x49, 0x44, 0x45, 0x4d, 0x50, 0x4f, - 0x54, 0x45, 0x4e, 0x43, 0x59, 0x5f, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x52, 0x10, 0x69, - 0x64, 0x65, 0x6d, 0x70, 0x6f, 0x74, 0x65, 0x6e, 0x63, 0x79, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x12, - 0x58, 0x0a, 0x14, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, - 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0xe7, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, - 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, - 0x2e, 0x55, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, - 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x13, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, - 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x50, 0x0a, 0x10, 0x49, 0x64, 0x65, - 0x6d, 0x70, 0x6f, 0x74, 0x65, 0x6e, 0x63, 0x79, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x12, 0x17, 0x0a, - 0x13, 0x49, 0x44, 0x45, 0x4d, 0x50, 0x4f, 0x54, 0x45, 0x4e, 0x43, 0x59, 0x5f, 0x55, 0x4e, 0x4b, - 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x13, 0x0a, 0x0f, 0x4e, 0x4f, 0x5f, 0x53, 0x49, 0x44, - 0x45, 0x5f, 0x45, 0x46, 0x46, 0x45, 0x43, 0x54, 0x53, 0x10, 0x01, 0x12, 0x0e, 0x0a, 0x0a, 0x49, - 0x44, 0x45, 0x4d, 0x50, 0x4f, 0x54, 0x45, 0x4e, 0x54, 0x10, 0x02, 0x2a, 0x09, 0x08, 0xe8, 0x07, - 0x10, 0x80, 0x80, 0x80, 0x80, 0x02, 0x22, 0x9a, 0x03, 0x0a, 0x13, 0x55, 0x6e, 0x69, 0x6e, 0x74, - 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x41, - 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x67, - 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, - 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, - 0x6f, 0x6e, 0x2e, 0x4e, 0x61, 0x6d, 0x65, 0x50, 0x61, 0x72, 0x74, 0x52, 0x04, 0x6e, 0x61, 0x6d, - 0x65, 0x12, 0x29, 0x0a, 0x10, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x5f, - 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x69, 0x64, 0x65, - 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x2c, 0x0a, 0x12, - 0x70, 0x6f, 0x73, 0x69, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x69, 0x6e, 0x74, 0x5f, 0x76, 0x61, 0x6c, - 0x75, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x04, 0x52, 0x10, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x69, - 0x76, 0x65, 0x49, 0x6e, 0x74, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x2c, 0x0a, 0x12, 0x6e, 0x65, - 0x67, 0x61, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x69, 0x6e, 0x74, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, - 0x18, 0x05, 0x20, 0x01, 0x28, 0x03, 0x52, 0x10, 0x6e, 0x65, 0x67, 0x61, 0x74, 0x69, 0x76, 0x65, - 0x49, 0x6e, 0x74, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x64, 0x6f, 0x75, 0x62, - 0x6c, 0x65, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x01, 0x52, 0x0b, - 0x64, 0x6f, 0x75, 0x62, 0x6c, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x73, - 0x74, 0x72, 0x69, 0x6e, 0x67, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, - 0x0c, 0x52, 0x0b, 0x73, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x27, - 0x0a, 0x0f, 0x61, 0x67, 0x67, 0x72, 0x65, 0x67, 0x61, 0x74, 0x65, 0x5f, 0x76, 0x61, 0x6c, 0x75, - 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x61, 0x67, 0x67, 0x72, 0x65, 0x67, 0x61, - 0x74, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x1a, 0x4a, 0x0a, 0x08, 0x4e, 0x61, 0x6d, 0x65, 0x50, - 0x61, 0x72, 0x74, 0x12, 0x1b, 0x0a, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x5f, 0x70, 0x61, 0x72, 0x74, - 0x18, 0x01, 0x20, 0x02, 0x28, 0x09, 0x52, 0x08, 0x6e, 0x61, 0x6d, 0x65, 0x50, 0x61, 0x72, 0x74, - 0x12, 0x21, 0x0a, 0x0c, 0x69, 0x73, 0x5f, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, - 0x18, 0x02, 0x20, 0x02, 0x28, 0x08, 0x52, 0x0b, 0x69, 0x73, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, - 0x69, 0x6f, 0x6e, 0x22, 0xa7, 0x02, 0x0a, 0x0e, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x43, 0x6f, - 0x64, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x44, 0x0a, 0x08, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, - 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x6f, 0x75, 0x72, 0x63, - 0x65, 0x43, 0x6f, 0x64, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x2e, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x52, 0x08, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x1a, 0xce, 0x01, 0x0a, - 0x08, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x16, 0x0a, 0x04, 0x70, 0x61, 0x74, - 0x68, 0x18, 0x01, 0x20, 0x03, 0x28, 0x05, 0x42, 0x02, 0x10, 0x01, 0x52, 0x04, 0x70, 0x61, 0x74, - 0x68, 0x12, 0x16, 0x0a, 0x04, 0x73, 0x70, 0x61, 0x6e, 0x18, 0x02, 0x20, 0x03, 0x28, 0x05, 0x42, - 0x02, 0x10, 0x01, 0x52, 0x04, 0x73, 0x70, 0x61, 0x6e, 0x12, 0x29, 0x0a, 0x10, 0x6c, 0x65, 0x61, - 0x64, 0x69, 0x6e, 0x67, 0x5f, 0x63, 0x6f, 0x6d, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x03, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x0f, 0x6c, 0x65, 0x61, 0x64, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6d, 0x6d, - 0x65, 0x6e, 0x74, 0x73, 0x12, 0x2b, 0x0a, 0x11, 0x74, 0x72, 0x61, 0x69, 0x6c, 0x69, 0x6e, 0x67, - 0x5f, 0x63, 0x6f, 0x6d, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x10, 0x74, 0x72, 0x61, 0x69, 0x6c, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6d, 0x6d, 0x65, 0x6e, 0x74, - 0x73, 0x12, 0x3a, 0x0a, 0x19, 0x6c, 0x65, 0x61, 0x64, 0x69, 0x6e, 0x67, 0x5f, 0x64, 0x65, 0x74, - 0x61, 0x63, 0x68, 0x65, 0x64, 0x5f, 0x63, 0x6f, 0x6d, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x06, - 0x20, 0x03, 0x28, 0x09, 0x52, 0x17, 0x6c, 0x65, 0x61, 0x64, 0x69, 0x6e, 0x67, 0x44, 0x65, 0x74, - 0x61, 0x63, 0x68, 0x65, 0x64, 0x43, 0x6f, 0x6d, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x22, 0xd1, 0x01, - 0x0a, 0x11, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x64, 0x43, 0x6f, 0x64, 0x65, 0x49, - 0x6e, 0x66, 0x6f, 0x12, 0x4d, 0x0a, 0x0a, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, - 0x74, 0x65, 0x64, 0x43, 0x6f, 0x64, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x2e, 0x41, 0x6e, 0x6e, 0x6f, - 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0a, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x1a, 0x6d, 0x0a, 0x0a, 0x41, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x12, 0x16, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x01, 0x20, 0x03, 0x28, 0x05, 0x42, 0x02, - 0x10, 0x01, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x12, 0x1f, 0x0a, 0x0b, 0x73, 0x6f, 0x75, 0x72, - 0x63, 0x65, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x73, - 0x6f, 0x75, 0x72, 0x63, 0x65, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x62, 0x65, 0x67, - 0x69, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05, 0x52, 0x05, 0x62, 0x65, 0x67, 0x69, 0x6e, 0x12, - 0x10, 0x0a, 0x03, 0x65, 0x6e, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x65, 0x6e, - 0x64, 0x42, 0x7e, 0x0a, 0x13, 0x63, 0x6f, 0x6d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x42, 0x10, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, - 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x73, 0x48, 0x01, 0x5a, 0x2d, 0x67, 0x6f, - 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x67, 0x6f, 0x6c, 0x61, 0x6e, 0x67, 0x2e, 0x6f, 0x72, 0x67, 0x2f, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x74, 0x79, 0x70, 0x65, 0x73, 0x2f, 0x64, - 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x70, 0x62, 0xf8, 0x01, 0x01, 0xa2, 0x02, - 0x03, 0x47, 0x50, 0x42, 0xaa, 0x02, 0x1a, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x50, 0x72, - 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x52, 0x65, 0x66, 0x6c, 0x65, 0x63, 0x74, 0x69, 0x6f, - 0x6e, -} - -var ( - file_google_protobuf_descriptor_proto_rawDescOnce sync.Once - file_google_protobuf_descriptor_proto_rawDescData = file_google_protobuf_descriptor_proto_rawDesc -) - -func file_google_protobuf_descriptor_proto_rawDescGZIP() []byte { - file_google_protobuf_descriptor_proto_rawDescOnce.Do(func() { - file_google_protobuf_descriptor_proto_rawDescData = protoimpl.X.CompressGZIP(file_google_protobuf_descriptor_proto_rawDescData) - }) - return file_google_protobuf_descriptor_proto_rawDescData -} - -var file_google_protobuf_descriptor_proto_enumTypes = make([]protoimpl.EnumInfo, 6) -var file_google_protobuf_descriptor_proto_msgTypes = make([]protoimpl.MessageInfo, 27) -var file_google_protobuf_descriptor_proto_goTypes = []interface{}{ - (FieldDescriptorProto_Type)(0), // 0: google.protobuf.FieldDescriptorProto.Type - (FieldDescriptorProto_Label)(0), // 1: google.protobuf.FieldDescriptorProto.Label - (FileOptions_OptimizeMode)(0), // 2: google.protobuf.FileOptions.OptimizeMode - (FieldOptions_CType)(0), // 3: google.protobuf.FieldOptions.CType - (FieldOptions_JSType)(0), // 4: google.protobuf.FieldOptions.JSType - (MethodOptions_IdempotencyLevel)(0), // 5: google.protobuf.MethodOptions.IdempotencyLevel - (*FileDescriptorSet)(nil), // 6: google.protobuf.FileDescriptorSet - (*FileDescriptorProto)(nil), // 7: google.protobuf.FileDescriptorProto - (*DescriptorProto)(nil), // 8: google.protobuf.DescriptorProto - (*ExtensionRangeOptions)(nil), // 9: google.protobuf.ExtensionRangeOptions - (*FieldDescriptorProto)(nil), // 10: google.protobuf.FieldDescriptorProto - (*OneofDescriptorProto)(nil), // 11: google.protobuf.OneofDescriptorProto - (*EnumDescriptorProto)(nil), // 12: google.protobuf.EnumDescriptorProto - (*EnumValueDescriptorProto)(nil), // 13: google.protobuf.EnumValueDescriptorProto - (*ServiceDescriptorProto)(nil), // 14: google.protobuf.ServiceDescriptorProto - (*MethodDescriptorProto)(nil), // 15: google.protobuf.MethodDescriptorProto - (*FileOptions)(nil), // 16: google.protobuf.FileOptions - (*MessageOptions)(nil), // 17: google.protobuf.MessageOptions - (*FieldOptions)(nil), // 18: google.protobuf.FieldOptions - (*OneofOptions)(nil), // 19: google.protobuf.OneofOptions - (*EnumOptions)(nil), // 20: google.protobuf.EnumOptions - (*EnumValueOptions)(nil), // 21: google.protobuf.EnumValueOptions - (*ServiceOptions)(nil), // 22: google.protobuf.ServiceOptions - (*MethodOptions)(nil), // 23: google.protobuf.MethodOptions - (*UninterpretedOption)(nil), // 24: google.protobuf.UninterpretedOption - (*SourceCodeInfo)(nil), // 25: google.protobuf.SourceCodeInfo - (*GeneratedCodeInfo)(nil), // 26: google.protobuf.GeneratedCodeInfo - (*DescriptorProto_ExtensionRange)(nil), // 27: google.protobuf.DescriptorProto.ExtensionRange - (*DescriptorProto_ReservedRange)(nil), // 28: google.protobuf.DescriptorProto.ReservedRange - (*EnumDescriptorProto_EnumReservedRange)(nil), // 29: google.protobuf.EnumDescriptorProto.EnumReservedRange - (*UninterpretedOption_NamePart)(nil), // 30: google.protobuf.UninterpretedOption.NamePart - (*SourceCodeInfo_Location)(nil), // 31: google.protobuf.SourceCodeInfo.Location - (*GeneratedCodeInfo_Annotation)(nil), // 32: google.protobuf.GeneratedCodeInfo.Annotation -} -var file_google_protobuf_descriptor_proto_depIdxs = []int32{ - 7, // 0: google.protobuf.FileDescriptorSet.file:type_name -> google.protobuf.FileDescriptorProto - 8, // 1: google.protobuf.FileDescriptorProto.message_type:type_name -> google.protobuf.DescriptorProto - 12, // 2: google.protobuf.FileDescriptorProto.enum_type:type_name -> google.protobuf.EnumDescriptorProto - 14, // 3: google.protobuf.FileDescriptorProto.service:type_name -> google.protobuf.ServiceDescriptorProto - 10, // 4: google.protobuf.FileDescriptorProto.extension:type_name -> google.protobuf.FieldDescriptorProto - 16, // 5: google.protobuf.FileDescriptorProto.options:type_name -> google.protobuf.FileOptions - 25, // 6: google.protobuf.FileDescriptorProto.source_code_info:type_name -> google.protobuf.SourceCodeInfo - 10, // 7: google.protobuf.DescriptorProto.field:type_name -> google.protobuf.FieldDescriptorProto - 10, // 8: google.protobuf.DescriptorProto.extension:type_name -> google.protobuf.FieldDescriptorProto - 8, // 9: google.protobuf.DescriptorProto.nested_type:type_name -> google.protobuf.DescriptorProto - 12, // 10: google.protobuf.DescriptorProto.enum_type:type_name -> google.protobuf.EnumDescriptorProto - 27, // 11: google.protobuf.DescriptorProto.extension_range:type_name -> google.protobuf.DescriptorProto.ExtensionRange - 11, // 12: google.protobuf.DescriptorProto.oneof_decl:type_name -> google.protobuf.OneofDescriptorProto - 17, // 13: google.protobuf.DescriptorProto.options:type_name -> google.protobuf.MessageOptions - 28, // 14: google.protobuf.DescriptorProto.reserved_range:type_name -> google.protobuf.DescriptorProto.ReservedRange - 24, // 15: google.protobuf.ExtensionRangeOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption - 1, // 16: google.protobuf.FieldDescriptorProto.label:type_name -> google.protobuf.FieldDescriptorProto.Label - 0, // 17: google.protobuf.FieldDescriptorProto.type:type_name -> google.protobuf.FieldDescriptorProto.Type - 18, // 18: google.protobuf.FieldDescriptorProto.options:type_name -> google.protobuf.FieldOptions - 19, // 19: google.protobuf.OneofDescriptorProto.options:type_name -> google.protobuf.OneofOptions - 13, // 20: google.protobuf.EnumDescriptorProto.value:type_name -> google.protobuf.EnumValueDescriptorProto - 20, // 21: google.protobuf.EnumDescriptorProto.options:type_name -> google.protobuf.EnumOptions - 29, // 22: google.protobuf.EnumDescriptorProto.reserved_range:type_name -> google.protobuf.EnumDescriptorProto.EnumReservedRange - 21, // 23: google.protobuf.EnumValueDescriptorProto.options:type_name -> google.protobuf.EnumValueOptions - 15, // 24: google.protobuf.ServiceDescriptorProto.method:type_name -> google.protobuf.MethodDescriptorProto - 22, // 25: google.protobuf.ServiceDescriptorProto.options:type_name -> google.protobuf.ServiceOptions - 23, // 26: google.protobuf.MethodDescriptorProto.options:type_name -> google.protobuf.MethodOptions - 2, // 27: google.protobuf.FileOptions.optimize_for:type_name -> google.protobuf.FileOptions.OptimizeMode - 24, // 28: google.protobuf.FileOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption - 24, // 29: google.protobuf.MessageOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption - 3, // 30: google.protobuf.FieldOptions.ctype:type_name -> google.protobuf.FieldOptions.CType - 4, // 31: google.protobuf.FieldOptions.jstype:type_name -> google.protobuf.FieldOptions.JSType - 24, // 32: google.protobuf.FieldOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption - 24, // 33: google.protobuf.OneofOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption - 24, // 34: google.protobuf.EnumOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption - 24, // 35: google.protobuf.EnumValueOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption - 24, // 36: google.protobuf.ServiceOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption - 5, // 37: google.protobuf.MethodOptions.idempotency_level:type_name -> google.protobuf.MethodOptions.IdempotencyLevel - 24, // 38: google.protobuf.MethodOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption - 30, // 39: google.protobuf.UninterpretedOption.name:type_name -> google.protobuf.UninterpretedOption.NamePart - 31, // 40: google.protobuf.SourceCodeInfo.location:type_name -> google.protobuf.SourceCodeInfo.Location - 32, // 41: google.protobuf.GeneratedCodeInfo.annotation:type_name -> google.protobuf.GeneratedCodeInfo.Annotation - 9, // 42: google.protobuf.DescriptorProto.ExtensionRange.options:type_name -> google.protobuf.ExtensionRangeOptions - 43, // [43:43] is the sub-list for method output_type - 43, // [43:43] is the sub-list for method input_type - 43, // [43:43] is the sub-list for extension type_name - 43, // [43:43] is the sub-list for extension extendee - 0, // [0:43] is the sub-list for field type_name -} - -func init() { file_google_protobuf_descriptor_proto_init() } -func file_google_protobuf_descriptor_proto_init() { - if File_google_protobuf_descriptor_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_google_protobuf_descriptor_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*FileDescriptorSet); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_google_protobuf_descriptor_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*FileDescriptorProto); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_google_protobuf_descriptor_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*DescriptorProto); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_google_protobuf_descriptor_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ExtensionRangeOptions); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - case 3: - return &v.extensionFields - default: - return nil - } - } - file_google_protobuf_descriptor_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*FieldDescriptorProto); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_google_protobuf_descriptor_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*OneofDescriptorProto); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_google_protobuf_descriptor_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*EnumDescriptorProto); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_google_protobuf_descriptor_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*EnumValueDescriptorProto); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_google_protobuf_descriptor_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ServiceDescriptorProto); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_google_protobuf_descriptor_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*MethodDescriptorProto); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_google_protobuf_descriptor_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*FileOptions); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - case 3: - return &v.extensionFields - default: - return nil - } - } - file_google_protobuf_descriptor_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*MessageOptions); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - case 3: - return &v.extensionFields - default: - return nil - } - } - file_google_protobuf_descriptor_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*FieldOptions); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - case 3: - return &v.extensionFields - default: - return nil - } - } - file_google_protobuf_descriptor_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*OneofOptions); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - case 3: - return &v.extensionFields - default: - return nil - } - } - file_google_protobuf_descriptor_proto_msgTypes[14].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*EnumOptions); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - case 3: - return &v.extensionFields - default: - return nil - } - } - file_google_protobuf_descriptor_proto_msgTypes[15].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*EnumValueOptions); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - case 3: - return &v.extensionFields - default: - return nil - } - } - file_google_protobuf_descriptor_proto_msgTypes[16].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ServiceOptions); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - case 3: - return &v.extensionFields - default: - return nil - } - } - file_google_protobuf_descriptor_proto_msgTypes[17].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*MethodOptions); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - case 3: - return &v.extensionFields - default: - return nil - } - } - file_google_protobuf_descriptor_proto_msgTypes[18].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*UninterpretedOption); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_google_protobuf_descriptor_proto_msgTypes[19].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*SourceCodeInfo); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_google_protobuf_descriptor_proto_msgTypes[20].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*GeneratedCodeInfo); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_google_protobuf_descriptor_proto_msgTypes[21].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*DescriptorProto_ExtensionRange); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_google_protobuf_descriptor_proto_msgTypes[22].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*DescriptorProto_ReservedRange); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_google_protobuf_descriptor_proto_msgTypes[23].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*EnumDescriptorProto_EnumReservedRange); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_google_protobuf_descriptor_proto_msgTypes[24].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*UninterpretedOption_NamePart); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_google_protobuf_descriptor_proto_msgTypes[25].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*SourceCodeInfo_Location); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_google_protobuf_descriptor_proto_msgTypes[26].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*GeneratedCodeInfo_Annotation); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_google_protobuf_descriptor_proto_rawDesc, - NumEnums: 6, - NumMessages: 27, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_google_protobuf_descriptor_proto_goTypes, - DependencyIndexes: file_google_protobuf_descriptor_proto_depIdxs, - EnumInfos: file_google_protobuf_descriptor_proto_enumTypes, - MessageInfos: file_google_protobuf_descriptor_proto_msgTypes, - }.Build() - File_google_protobuf_descriptor_proto = out.File - file_google_protobuf_descriptor_proto_rawDesc = nil - file_google_protobuf_descriptor_proto_goTypes = nil - file_google_protobuf_descriptor_proto_depIdxs = nil -} diff --git a/vendor/modules.txt b/vendor/modules.txt index e99b21fafac..eecc87aa800 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1,7 +1,7 @@ -# github.com/checkpoint-restore/go-criu/v6 v6.2.0 +# github.com/checkpoint-restore/go-criu/v6 v6.3.0 ## explicit; go 1.16 github.com/checkpoint-restore/go-criu/v6 -github.com/checkpoint-restore/go-criu/v6/crit/images +github.com/checkpoint-restore/go-criu/v6/rpc # github.com/cilium/ebpf v0.9.3 ## explicit; go 1.18 github.com/cilium/ebpf @@ -104,4 +104,3 @@ google.golang.org/protobuf/reflect/protoreflect google.golang.org/protobuf/reflect/protoregistry google.golang.org/protobuf/runtime/protoiface google.golang.org/protobuf/runtime/protoimpl -google.golang.org/protobuf/types/descriptorpb From 2cd05e44b662fb79c46d5ebfd6c71e9ebc98d40c Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 14 Oct 2022 18:37:00 -0700 Subject: [PATCH 0112/1176] libct/seccomp/patchbpf: rm duplicated code In findLastSyscalls, we convert libseccomp.ArchNative to the real libseccomp architecture, but archToNative already does that, so this code is redundant. Remove the redundant code, and move its comment to archToNative. Fixes: 7a8d7162f Signed-off-by: Kir Kolyshkin --- libcontainer/seccomp/patchbpf/enosys_linux.go | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/libcontainer/seccomp/patchbpf/enosys_linux.go b/libcontainer/seccomp/patchbpf/enosys_linux.go index b92eba8922e..1427f261d93 100644 --- a/libcontainer/seccomp/patchbpf/enosys_linux.go +++ b/libcontainer/seccomp/patchbpf/enosys_linux.go @@ -240,16 +240,6 @@ func findLastSyscalls(config *configs.Seccomp) (lastSyscallMap, error) { return nil, fmt.Errorf("unable to validate seccomp architecture: %w", err) } - // Map native architecture to a real architecture value to avoid - // doubling-up the lastSyscall mapping. - if arch == libseccomp.ArchNative { - nativeArch, err := libseccomp.GetNativeArch() - if err != nil { - return nil, fmt.Errorf("unable to get native architecture: %w", err) - } - arch = nativeArch - } - // Figure out native architecture representation of the architecture. nativeArch, err := archToNative(arch) if err != nil { From 18f8f482b19e9fcb0f975d5ee0334b09f1f5d7fa Mon Sep 17 00:00:00 2001 From: Walt Chen Date: Mon, 26 Sep 2022 17:59:42 +0800 Subject: [PATCH 0113/1176] Fix comment of signalAllProcesses for process wait due to sigkill Signed-off-by: Walt Chen --- libcontainer/init_linux.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go index 8e8d3abd93d..410fca7ad75 100644 --- a/libcontainer/init_linux.go +++ b/libcontainer/init_linux.go @@ -522,7 +522,8 @@ func isWaitable(pid int) (bool, error) { // signalAllProcesses freezes then iterates over all the processes inside the // manager's cgroups sending the signal s to them. -// If s is SIGKILL then it will wait for each process to exit. +// If s is SIGKILL and subreaper is not enabled then it will wait for each +// process to exit. // For all other signals it will check if the process is ready to report its // exit status and only if it is will a wait be performed. func signalAllProcesses(m cgroups.Manager, s os.Signal) error { From 56edc41ca6a438a0638f4ddc1a2aa55fd0f78297 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 23 Mar 2022 11:31:48 -0700 Subject: [PATCH 0114/1176] ci: bump shfmt to 3.5.1, simplify CI setup 1. Bump shfmt to v3.5.1. Release notes: https://github.com/mvdan/sh/releases 2. Since shfmt v3.5.0, specifying -l bash (or -l bats) is no longer necessary. Therefore, we can use shfmt to find all the files. Add .editorconfig to ignore vendor subdirectory. 3. Use shfmt docker image, so that we don't have to install anything explicitly. This greatly simplifies the shfmt CI job. Add localshfmt target so developers can still use a local shfmt binary when necessary. Signed-off-by: Kir Kolyshkin --- .editorconfig | 8 ++++++++ .github/workflows/validate.yml | 16 ---------------- Makefile | 12 +++++++----- 3 files changed, 15 insertions(+), 21 deletions(-) create mode 100644 .editorconfig diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 00000000000..3bde04225f7 --- /dev/null +++ b/.editorconfig @@ -0,0 +1,8 @@ +# This file is used by shfmt. See https://EditorConfig.org + +# This is a top-most EditorConfig file. +root = true + +# Ignore the entire "vendor" directory. +[vendor/**] +ignore = true diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 17bf79cb230..5a31d509017 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -67,22 +67,6 @@ jobs: runs-on: ubuntu-20.04 steps: - uses: actions/checkout@v3 - - name: vars - run: | - echo "VERSION=3.3.1" >> $GITHUB_ENV - echo "$(go env GOPATH)/bin" >> $GITHUB_PATH - - name: cache go mod and $GOCACHE - uses: actions/cache@v3 - with: - path: | - ~/go/pkg/mod - ~/.cache/go-build - key: ${{ runner.os }}-shfmt-${{ env.VERSION }} - restore-keys: ${{ runner.os }}-shfmt- - - name: install shfmt - run: | - command -v shfmt || \ - (cd ~ && GO111MODULE=on time go get mvdan.cc/sh/v3/cmd/shfmt@v$VERSION) - name: shfmt run: make shfmt diff --git a/Makefile b/Makefile index 9ebf0c61d2c..38849921854 100644 --- a/Makefile +++ b/Makefile @@ -165,10 +165,12 @@ shellcheck: # TODO: add shellcheck for more sh files (contrib/completions/bash/runc). shfmt: - shfmt -ln bats -d -w tests/integration/*.bats - shfmt -ln bash -d -w man/*.sh script/* \ - tests/*.sh tests/integration/*.bash tests/fuzzing/*.sh \ - contrib/completions/bash/runc contrib/cmd/seccompagent/*.sh + $(CONTAINER_ENGINE) run $(CONTAINER_ENGINE_RUN_FLAGS) \ + --rm -v $(CURDIR):/src -w /src \ + mvdan/shfmt:v3.5.1 -d -w . + +localshfmt: + shfmt -d -w . vendor: $(GO) mod tidy @@ -192,5 +194,5 @@ verify-dependencies: vendor localrelease dbuild lint man runcimage \ test localtest unittest localunittest integration localintegration \ rootlessintegration localrootlessintegration shell install install-bash \ - install-man clean cfmt shfmt shellcheck \ + install-man clean cfmt shfmt localshfmt shellcheck \ vendor verify-changelog verify-dependencies From 6462e9de6752a729518b3fe63b340cbcd14adb19 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 29 Aug 2022 12:16:46 -0700 Subject: [PATCH 0115/1176] runc update: implement memory.checkBeforeUpdate This is aimed at solving the problem of cgroup v2 memory controller behavior which is not compatible with that of cgroup v1. In cgroup v1, if the new memory limit being set is lower than the current usage, setting the new limit fails. In cgroup v2, same operation succeeds, and the container is OOM killed. Introduce a new setting, memory.checkBeforeUpdate, and use it to mimic cgroup v1 behavior. Note that this is not 100% reliable because of TOCTOU, but this is the best we can do. Add some test cases. Signed-off-by: Kir Kolyshkin --- go.mod | 2 +- go.sum | 4 +- libcontainer/cgroups/fs2/fs2.go | 32 +++++++++++++++ libcontainer/cgroups/fs2/memory.go | 5 +++ libcontainer/cgroups/systemd/v2.go | 11 ++++- libcontainer/configs/cgroup_linux.go | 5 +++ libcontainer/specconv/spec_linux.go | 3 ++ tests/integration/update.bats | 40 +++++++++++++++++++ update.go | 16 +++++--- .../runtime-spec/specs-go/config.go | 10 +++++ vendor/modules.txt | 2 +- 11 files changed, 118 insertions(+), 12 deletions(-) diff --git a/go.mod b/go.mod index 08c1dda6bf9..6aba3012de6 100644 --- a/go.mod +++ b/go.mod @@ -12,7 +12,7 @@ require ( github.com/godbus/dbus/v5 v5.1.0 github.com/moby/sys/mountinfo v0.6.2 github.com/mrunalp/fileutils v0.5.0 - github.com/opencontainers/runtime-spec v1.0.3-0.20220718201635-a8106e99982b + github.com/opencontainers/runtime-spec v1.0.3-0.20220909204839-494a5a6aca78 github.com/opencontainers/selinux v1.10.2 github.com/seccomp/libseccomp-golang v0.10.0 github.com/sirupsen/logrus v1.9.0 diff --git a/go.sum b/go.sum index ca21b0937f0..8a399d74f7d 100644 --- a/go.sum +++ b/go.sum @@ -31,8 +31,8 @@ github.com/moby/sys/mountinfo v0.6.2 h1:BzJjoreD5BMFNmD9Rus6gdd1pLuecOFPt8wC+Vyg github.com/moby/sys/mountinfo v0.6.2/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI= github.com/mrunalp/fileutils v0.5.0 h1:NKzVxiH7eSk+OQ4M+ZYW1K6h27RUV3MI6NUTsHhU6Z4= github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ= -github.com/opencontainers/runtime-spec v1.0.3-0.20220718201635-a8106e99982b h1:udwtfS44rxYE/ViMLchHQBjfE60GZSB1arY7BFbyxLs= -github.com/opencontainers/runtime-spec v1.0.3-0.20220718201635-a8106e99982b/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= +github.com/opencontainers/runtime-spec v1.0.3-0.20220909204839-494a5a6aca78 h1:R5M2qXZiK/mWPMT4VldCOiSL9HIAMuxQZWdG0CSM5+4= +github.com/opencontainers/runtime-spec v1.0.3-0.20220909204839-494a5a6aca78/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/selinux v1.10.2 h1:NFy2xCsjn7+WspbfZkUd5zyVeisV7VFbPSP96+8/ha4= github.com/opencontainers/selinux v1.10.2/go.mod h1:cARutUbaUrlRClyvxOICCgKixCs6L05aUsohzA3EkHQ= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= diff --git a/libcontainer/cgroups/fs2/fs2.go b/libcontainer/cgroups/fs2/fs2.go index 7d366d0f3b9..42b5bcb60cf 100644 --- a/libcontainer/cgroups/fs2/fs2.go +++ b/libcontainer/cgroups/fs2/fs2.go @@ -269,3 +269,35 @@ func (m *Manager) OOMKillCount() (uint64, error) { return c, err } + +func CheckMemoryUsage(dirPath string, r *configs.Resources) error { + if !r.MemoryCheckBeforeUpdate { + return nil + } + + if r.Memory <= 0 && r.MemorySwap <= 0 { + return nil + } + + usage, err := fscommon.GetCgroupParamUint(dirPath, "memory.current") + if err != nil { + // This check is on best-effort basis, so if we can't read the + // current usage (cgroup not yet created, or any other error), + // we should not fail. + return nil + } + + if r.MemorySwap > 0 { + if uint64(r.MemorySwap) <= usage { + return fmt.Errorf("rejecting memory+swap limit %d <= usage %d", r.MemorySwap, usage) + } + } + + if r.Memory > 0 { + if uint64(r.Memory) <= usage { + return fmt.Errorf("rejecting memory limit %d <= usage %d", r.Memory, usage) + } + } + + return nil +} diff --git a/libcontainer/cgroups/fs2/memory.go b/libcontainer/cgroups/fs2/memory.go index adbc4b23086..e3b857dc1db 100644 --- a/libcontainer/cgroups/fs2/memory.go +++ b/libcontainer/cgroups/fs2/memory.go @@ -40,6 +40,11 @@ func setMemory(dirPath string, r *configs.Resources) error { if !isMemorySet(r) { return nil } + + if err := CheckMemoryUsage(dirPath, r); err != nil { + return err + } + swap, err := cgroups.ConvertMemorySwapToCgroupV2Value(r.MemorySwap, r.Memory) if err != nil { return err diff --git a/libcontainer/cgroups/systemd/v2.go b/libcontainer/cgroups/systemd/v2.go index 48e9750cb87..823bf38fc17 100644 --- a/libcontainer/cgroups/systemd/v2.go +++ b/libcontainer/cgroups/systemd/v2.go @@ -174,7 +174,14 @@ func unifiedResToSystemdProps(cm *dbusConnManager, res map[string]string) (props return props, nil } -func genV2ResourcesProperties(r *configs.Resources, cm *dbusConnManager) ([]systemdDbus.Property, error) { +func genV2ResourcesProperties(dirPath string, r *configs.Resources, cm *dbusConnManager) ([]systemdDbus.Property, error) { + // We need this check before setting systemd properties, otherwise + // the container is OOM-killed and the systemd unit is removed + // before we get to fsMgr.Set(). + if err := fs2.CheckMemoryUsage(dirPath, r); err != nil { + return nil, err + } + var properties []systemdDbus.Property // NOTE: This is of questionable correctness because we insert our own @@ -437,7 +444,7 @@ func (m *UnifiedManager) Set(r *configs.Resources) error { if r == nil { return nil } - properties, err := genV2ResourcesProperties(r, m.dbus) + properties, err := genV2ResourcesProperties(m.fsMgr.Path(""), r, m.dbus) if err != nil { return err } diff --git a/libcontainer/configs/cgroup_linux.go b/libcontainer/configs/cgroup_linux.go index 2d4a8987109..b5a1ebb9169 100644 --- a/libcontainer/configs/cgroup_linux.go +++ b/libcontainer/configs/cgroup_linux.go @@ -155,4 +155,9 @@ type Resources struct { // during Set() to figure out whether the freeze is required. Those // methods may be relatively slow, thus this flag. SkipFreezeOnSet bool `json:"-"` + + // MemoryCheckBeforeUpdate is a flag for cgroup v2 managers to check + // if the new memory limits (Memory and MemorySwap) being set are lower + // than the current memory usage, and reject if so. + MemoryCheckBeforeUpdate bool `json:"memory_check_before_update"` } diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go index d62e34be713..4b32f286e44 100644 --- a/libcontainer/specconv/spec_linux.go +++ b/libcontainer/specconv/spec_linux.go @@ -723,6 +723,9 @@ func CreateCgroupConfig(opts *CreateOpts, defaultDevs []*devices.Device) (*confi if r.Memory.DisableOOMKiller != nil { c.Resources.OomKillDisable = *r.Memory.DisableOOMKiller } + if r.Memory.CheckBeforeUpdate != nil { + c.Resources.MemoryCheckBeforeUpdate = *r.Memory.CheckBeforeUpdate + } } if r.CPU != nil { if r.CPU.Shares != nil { diff --git a/tests/integration/update.bats b/tests/integration/update.bats index d2489009304..1407118c42b 100644 --- a/tests/integration/update.bats +++ b/tests/integration/update.bats @@ -726,3 +726,43 @@ EOF runc resume test_update [ "$status" -eq 0 ] } + +@test "update memory vs CheckBeforeUpdate" { + requires cgroups_v2 + [ $EUID -ne 0 ] && requires rootless_cgroup + + runc run -d --console-socket "$CONSOLE_SOCKET" test_update + [ "$status" -eq 0 ] + + # Setting memory to low value with checkBeforeUpdate=true should fail. + runc update -r - test_update < Date: Thu, 3 Nov 2022 10:01:53 +0900 Subject: [PATCH 0116/1176] go.mod: golang.org/x/*: use tagged versions Signed-off-by: Akihiro Suda --- go.mod | 4 +- go.sum | 12 +- vendor/golang.org/x/net/AUTHORS | 3 - vendor/golang.org/x/net/CONTRIBUTORS | 3 - vendor/golang.org/x/net/bpf/doc.go | 6 +- .../golang.org/x/net/bpf/vm_instructions.go | 4 +- vendor/golang.org/x/sys/unix/asm_bsd_ppc64.s | 31 + vendor/golang.org/x/sys/unix/dirent.go | 4 +- vendor/golang.org/x/sys/unix/mkall.sh | 18 + vendor/golang.org/x/sys/unix/mkerrors.sh | 4 +- .../golang.org/x/sys/unix/syscall_illumos.go | 106 - .../x/sys/unix/syscall_openbsd_libc.go | 4 +- .../x/sys/unix/syscall_openbsd_ppc64.go | 42 + .../x/sys/unix/syscall_openbsd_riscv64.go | 42 + .../golang.org/x/sys/unix/syscall_solaris.go | 104 + .../golang.org/x/sys/unix/syscall_unix_gc.go | 6 +- .../x/sys/unix/syscall_zos_s390x.go | 173 +- .../x/sys/unix/zerrors_openbsd_ppc64.go | 1905 ++++++++++++++ .../x/sys/unix/zerrors_openbsd_riscv64.go | 1904 ++++++++++++++ .../x/sys/unix/zsyscall_illumos_amd64.go | 28 +- .../x/sys/unix/zsyscall_openbsd_ppc64.go | 2221 +++++++++++++++++ .../x/sys/unix/zsyscall_openbsd_ppc64.s | 796 ++++++ .../x/sys/unix/zsyscall_openbsd_riscv64.go | 2221 +++++++++++++++++ .../x/sys/unix/zsyscall_openbsd_riscv64.s | 796 ++++++ .../x/sys/unix/zsyscall_solaris_amd64.go | 28 +- .../x/sys/unix/zsysctl_openbsd_ppc64.go | 281 +++ .../x/sys/unix/zsysctl_openbsd_riscv64.go | 282 +++ .../x/sys/unix/zsysnum_openbsd_ppc64.go | 218 ++ .../x/sys/unix/zsysnum_openbsd_riscv64.go | 219 ++ .../x/sys/unix/ztypes_illumos_amd64.go | 42 - .../x/sys/unix/ztypes_openbsd_ppc64.go | 571 +++++ .../x/sys/unix/ztypes_openbsd_riscv64.go | 571 +++++ .../x/sys/unix/ztypes_solaris_amd64.go | 35 + .../golang.org/x/sys/unix/ztypes_zos_s390x.go | 11 +- .../x/sys/windows/syscall_windows.go | 4 +- vendor/modules.txt | 6 +- 36 files changed, 12490 insertions(+), 215 deletions(-) delete mode 100644 vendor/golang.org/x/net/AUTHORS delete mode 100644 vendor/golang.org/x/net/CONTRIBUTORS create mode 100644 vendor/golang.org/x/sys/unix/asm_bsd_ppc64.s create mode 100644 vendor/golang.org/x/sys/unix/syscall_openbsd_ppc64.go create mode 100644 vendor/golang.org/x/sys/unix/syscall_openbsd_riscv64.go create mode 100644 vendor/golang.org/x/sys/unix/zerrors_openbsd_ppc64.go create mode 100644 vendor/golang.org/x/sys/unix/zerrors_openbsd_riscv64.go create mode 100644 vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go create mode 100644 vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s create mode 100644 vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go create mode 100644 vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s create mode 100644 vendor/golang.org/x/sys/unix/zsysctl_openbsd_ppc64.go create mode 100644 vendor/golang.org/x/sys/unix/zsysctl_openbsd_riscv64.go create mode 100644 vendor/golang.org/x/sys/unix/zsysnum_openbsd_ppc64.go create mode 100644 vendor/golang.org/x/sys/unix/zsysnum_openbsd_riscv64.go delete mode 100644 vendor/golang.org/x/sys/unix/ztypes_illumos_amd64.go create mode 100644 vendor/golang.org/x/sys/unix/ztypes_openbsd_ppc64.go create mode 100644 vendor/golang.org/x/sys/unix/ztypes_openbsd_riscv64.go diff --git a/go.mod b/go.mod index 08c1dda6bf9..41b04ba8a47 100644 --- a/go.mod +++ b/go.mod @@ -19,8 +19,8 @@ require ( github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 github.com/urfave/cli v1.22.9 github.com/vishvananda/netlink v1.1.0 - golang.org/x/net v0.0.0-20201224014010-6772e930b67b - golang.org/x/sys v0.0.0-20220928140112-f11e5e49a4ec + golang.org/x/net v0.1.0 + golang.org/x/sys v0.1.0 google.golang.org/protobuf v1.28.1 ) diff --git a/go.sum b/go.sum index ca21b0937f0..aa20780dbae 100644 --- a/go.sum +++ b/go.sum @@ -59,18 +59,14 @@ github.com/vishvananda/netlink v1.1.0 h1:1iyaYNBLmP6L0220aDnYQpo1QEV4t4hJ+xEEhhJ github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE= github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df h1:OviZH7qLw/7ZovXvuNyL3XQl8UFofeikI1NW1Gypu7k= github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU= -golang.org/x/net v0.0.0-20201224014010-6772e930b67b h1:iFwSg7t5GZmB/Q5TjiEAsdoLDrdJRC1RiF2WhuV29Qw= -golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.1.0 h1:hZ/3BUoy5aId7sCpA/Tc5lt8DkFgdVS2onTpJsZ/fl0= +golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220928140112-f11e5e49a4ec h1:BkDtF2Ih9xZ7le9ndzTA7KJow28VbQW3odyk/8drmuI= -golang.org/x/sys v0.0.0-20220928140112-f11e5e49a4ec/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/sys v0.1.0 h1:kunALQeHf1/185U1i0GOB/fy1IPRDDpuoOOqRReG57U= +golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= diff --git a/vendor/golang.org/x/net/AUTHORS b/vendor/golang.org/x/net/AUTHORS deleted file mode 100644 index 15167cd746c..00000000000 --- a/vendor/golang.org/x/net/AUTHORS +++ /dev/null @@ -1,3 +0,0 @@ -# This source code refers to The Go Authors for copyright purposes. -# The master list of authors is in the main Go distribution, -# visible at http://tip.golang.org/AUTHORS. diff --git a/vendor/golang.org/x/net/CONTRIBUTORS b/vendor/golang.org/x/net/CONTRIBUTORS deleted file mode 100644 index 1c4577e9680..00000000000 --- a/vendor/golang.org/x/net/CONTRIBUTORS +++ /dev/null @@ -1,3 +0,0 @@ -# This source code was written by the Go contributors. -# The master list of contributors is in the main Go distribution, -# visible at http://tip.golang.org/CONTRIBUTORS. diff --git a/vendor/golang.org/x/net/bpf/doc.go b/vendor/golang.org/x/net/bpf/doc.go index ae62feb5341..04ec1c8ab52 100644 --- a/vendor/golang.org/x/net/bpf/doc.go +++ b/vendor/golang.org/x/net/bpf/doc.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. /* - Package bpf implements marshaling and unmarshaling of programs for the Berkeley Packet Filter virtual machine, and provides a Go implementation of the virtual machine. @@ -21,7 +20,7 @@ access to kernel functions, and while conditional branches are allowed, they can only jump forwards, to guarantee that there are no infinite loops. -The virtual machine +# The virtual machine The BPF VM is an accumulator machine. Its main register, called register A, is an implicit source and destination in all arithmetic @@ -50,7 +49,7 @@ to extensions, which are essentially calls to kernel utility functions. Currently, the only extensions supported by this package are the Linux packet filter extensions. -Examples +# Examples This packet filter selects all ARP packets. @@ -77,6 +76,5 @@ This packet filter captures a random 1% sample of traffic. // Ignore. bpf.RetConstant{Val: 0}, }) - */ package bpf // import "golang.org/x/net/bpf" diff --git a/vendor/golang.org/x/net/bpf/vm_instructions.go b/vendor/golang.org/x/net/bpf/vm_instructions.go index cf8947c3327..0aa307c0611 100644 --- a/vendor/golang.org/x/net/bpf/vm_instructions.go +++ b/vendor/golang.org/x/net/bpf/vm_instructions.go @@ -94,7 +94,7 @@ func jumpIfCommon(cond JumpTest, skipTrue, skipFalse uint8, regA uint32, value u func loadAbsolute(ins LoadAbsolute, in []byte) (uint32, bool) { offset := int(ins.Off) - size := int(ins.Size) + size := ins.Size return loadCommon(in, offset, size) } @@ -121,7 +121,7 @@ func loadExtension(ins LoadExtension, in []byte) uint32 { func loadIndirect(ins LoadIndirect, in []byte, regX uint32) (uint32, bool) { offset := int(ins.Off) + int(regX) - size := int(ins.Size) + size := ins.Size return loadCommon(in, offset, size) } diff --git a/vendor/golang.org/x/sys/unix/asm_bsd_ppc64.s b/vendor/golang.org/x/sys/unix/asm_bsd_ppc64.s new file mode 100644 index 00000000000..e5b9a84899a --- /dev/null +++ b/vendor/golang.org/x/sys/unix/asm_bsd_ppc64.s @@ -0,0 +1,31 @@ +// Copyright 2022 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build (darwin || freebsd || netbsd || openbsd) && gc +// +build darwin freebsd netbsd openbsd +// +build gc + +#include "textflag.h" + +// +// System call support for ppc64, BSD +// + +// Just jump to package syscall's implementation for all these functions. +// The runtime may know about them. + +TEXT ·Syscall(SB),NOSPLIT,$0-56 + JMP syscall·Syscall(SB) + +TEXT ·Syscall6(SB),NOSPLIT,$0-80 + JMP syscall·Syscall6(SB) + +TEXT ·Syscall9(SB),NOSPLIT,$0-104 + JMP syscall·Syscall9(SB) + +TEXT ·RawSyscall(SB),NOSPLIT,$0-56 + JMP syscall·RawSyscall(SB) + +TEXT ·RawSyscall6(SB),NOSPLIT,$0-80 + JMP syscall·RawSyscall6(SB) diff --git a/vendor/golang.org/x/sys/unix/dirent.go b/vendor/golang.org/x/sys/unix/dirent.go index e74e5eaa3bf..2499f977b07 100644 --- a/vendor/golang.org/x/sys/unix/dirent.go +++ b/vendor/golang.org/x/sys/unix/dirent.go @@ -2,8 +2,8 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris -// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris +//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos +// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos package unix diff --git a/vendor/golang.org/x/sys/unix/mkall.sh b/vendor/golang.org/x/sys/unix/mkall.sh index 1b2b424a726..727cba21270 100644 --- a/vendor/golang.org/x/sys/unix/mkall.sh +++ b/vendor/golang.org/x/sys/unix/mkall.sh @@ -182,6 +182,24 @@ openbsd_mips64) # API consistent across platforms. mktypes="GOARCH=$GOARCH go tool cgo -godefs -- -fsigned-char" ;; +openbsd_ppc64) + mkasm="go run mkasm.go" + mkerrors="$mkerrors -m64" + mksyscall="go run mksyscall.go -openbsd -libc" + mksysctl="go run mksysctl_openbsd.go" + # Let the type of C char be signed for making the bare syscall + # API consistent across platforms. + mktypes="GOARCH=$GOARCH go tool cgo -godefs -- -fsigned-char" + ;; +openbsd_riscv64) + mkasm="go run mkasm.go" + mkerrors="$mkerrors -m64" + mksyscall="go run mksyscall.go -openbsd -libc" + mksysctl="go run mksysctl_openbsd.go" + # Let the type of C char be signed for making the bare syscall + # API consistent across platforms. + mktypes="GOARCH=$GOARCH go tool cgo -godefs -- -fsigned-char" + ;; solaris_amd64) mksyscall="go run mksyscall_solaris.go" mkerrors="$mkerrors -m64" diff --git a/vendor/golang.org/x/sys/unix/mkerrors.sh b/vendor/golang.org/x/sys/unix/mkerrors.sh index 2ab44aa6591..7456d9ddde1 100644 --- a/vendor/golang.org/x/sys/unix/mkerrors.sh +++ b/vendor/golang.org/x/sys/unix/mkerrors.sh @@ -642,7 +642,7 @@ errors=$( signals=$( echo '#include ' | $CC -x c - -E -dM $ccflags | awk '$1=="#define" && $2 ~ /^SIG[A-Z0-9]+$/ { print $2 }' | - egrep -v '(SIGSTKSIZE|SIGSTKSZ|SIGRT|SIGMAX64)' | + grep -v 'SIGSTKSIZE\|SIGSTKSZ\|SIGRT\|SIGMAX64' | sort ) @@ -652,7 +652,7 @@ echo '#include ' | $CC -x c - -E -dM $ccflags | sort >_error.grep echo '#include ' | $CC -x c - -E -dM $ccflags | awk '$1=="#define" && $2 ~ /^SIG[A-Z0-9]+$/ { print "^\t" $2 "[ \t]*=" }' | - egrep -v '(SIGSTKSIZE|SIGSTKSZ|SIGRT|SIGMAX64)' | + grep -v 'SIGSTKSIZE\|SIGSTKSZ\|SIGRT\|SIGMAX64' | sort >_signal.grep echo '// mkerrors.sh' "$@" diff --git a/vendor/golang.org/x/sys/unix/syscall_illumos.go b/vendor/golang.org/x/sys/unix/syscall_illumos.go index e48244a9c9a..87db5a6a8cc 100644 --- a/vendor/golang.org/x/sys/unix/syscall_illumos.go +++ b/vendor/golang.org/x/sys/unix/syscall_illumos.go @@ -10,8 +10,6 @@ package unix import ( - "fmt" - "runtime" "unsafe" ) @@ -79,107 +77,3 @@ func Accept4(fd int, flags int) (nfd int, sa Sockaddr, err error) { } return } - -//sys putmsg(fd int, clptr *strbuf, dataptr *strbuf, flags int) (err error) - -func Putmsg(fd int, cl []byte, data []byte, flags int) (err error) { - var clp, datap *strbuf - if len(cl) > 0 { - clp = &strbuf{ - Len: int32(len(cl)), - Buf: (*int8)(unsafe.Pointer(&cl[0])), - } - } - if len(data) > 0 { - datap = &strbuf{ - Len: int32(len(data)), - Buf: (*int8)(unsafe.Pointer(&data[0])), - } - } - return putmsg(fd, clp, datap, flags) -} - -//sys getmsg(fd int, clptr *strbuf, dataptr *strbuf, flags *int) (err error) - -func Getmsg(fd int, cl []byte, data []byte) (retCl []byte, retData []byte, flags int, err error) { - var clp, datap *strbuf - if len(cl) > 0 { - clp = &strbuf{ - Maxlen: int32(len(cl)), - Buf: (*int8)(unsafe.Pointer(&cl[0])), - } - } - if len(data) > 0 { - datap = &strbuf{ - Maxlen: int32(len(data)), - Buf: (*int8)(unsafe.Pointer(&data[0])), - } - } - - if err = getmsg(fd, clp, datap, &flags); err != nil { - return nil, nil, 0, err - } - - if len(cl) > 0 { - retCl = cl[:clp.Len] - } - if len(data) > 0 { - retData = data[:datap.Len] - } - return retCl, retData, flags, nil -} - -func IoctlSetIntRetInt(fd int, req uint, arg int) (int, error) { - return ioctlRet(fd, req, uintptr(arg)) -} - -func IoctlSetString(fd int, req uint, val string) error { - bs := make([]byte, len(val)+1) - copy(bs[:len(bs)-1], val) - err := ioctl(fd, req, uintptr(unsafe.Pointer(&bs[0]))) - runtime.KeepAlive(&bs[0]) - return err -} - -// Lifreq Helpers - -func (l *Lifreq) SetName(name string) error { - if len(name) >= len(l.Name) { - return fmt.Errorf("name cannot be more than %d characters", len(l.Name)-1) - } - for i := range name { - l.Name[i] = int8(name[i]) - } - return nil -} - -func (l *Lifreq) SetLifruInt(d int) { - *(*int)(unsafe.Pointer(&l.Lifru[0])) = d -} - -func (l *Lifreq) GetLifruInt() int { - return *(*int)(unsafe.Pointer(&l.Lifru[0])) -} - -func (l *Lifreq) SetLifruUint(d uint) { - *(*uint)(unsafe.Pointer(&l.Lifru[0])) = d -} - -func (l *Lifreq) GetLifruUint() uint { - return *(*uint)(unsafe.Pointer(&l.Lifru[0])) -} - -func IoctlLifreq(fd int, req uint, l *Lifreq) error { - return ioctl(fd, req, uintptr(unsafe.Pointer(l))) -} - -// Strioctl Helpers - -func (s *Strioctl) SetInt(i int) { - s.Len = int32(unsafe.Sizeof(i)) - s.Dp = (*int8)(unsafe.Pointer(&i)) -} - -func IoctlSetStrioctlRetInt(fd int, req uint, s *Strioctl) (int, error) { - return ioctlRet(fd, req, uintptr(unsafe.Pointer(s))) -} diff --git a/vendor/golang.org/x/sys/unix/syscall_openbsd_libc.go b/vendor/golang.org/x/sys/unix/syscall_openbsd_libc.go index 5930a8972b1..e23c5394eff 100644 --- a/vendor/golang.org/x/sys/unix/syscall_openbsd_libc.go +++ b/vendor/golang.org/x/sys/unix/syscall_openbsd_libc.go @@ -2,8 +2,8 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build (openbsd && 386) || (openbsd && amd64) || (openbsd && arm) || (openbsd && arm64) -// +build openbsd,386 openbsd,amd64 openbsd,arm openbsd,arm64 +//go:build openbsd && !mips64 +// +build openbsd,!mips64 package unix diff --git a/vendor/golang.org/x/sys/unix/syscall_openbsd_ppc64.go b/vendor/golang.org/x/sys/unix/syscall_openbsd_ppc64.go new file mode 100644 index 00000000000..c2796139c01 --- /dev/null +++ b/vendor/golang.org/x/sys/unix/syscall_openbsd_ppc64.go @@ -0,0 +1,42 @@ +// Copyright 2019 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build ppc64 && openbsd +// +build ppc64,openbsd + +package unix + +func setTimespec(sec, nsec int64) Timespec { + return Timespec{Sec: sec, Nsec: nsec} +} + +func setTimeval(sec, usec int64) Timeval { + return Timeval{Sec: sec, Usec: usec} +} + +func SetKevent(k *Kevent_t, fd, mode, flags int) { + k.Ident = uint64(fd) + k.Filter = int16(mode) + k.Flags = uint16(flags) +} + +func (iov *Iovec) SetLen(length int) { + iov.Len = uint64(length) +} + +func (msghdr *Msghdr) SetControllen(length int) { + msghdr.Controllen = uint32(length) +} + +func (msghdr *Msghdr) SetIovlen(length int) { + msghdr.Iovlen = uint32(length) +} + +func (cmsg *Cmsghdr) SetLen(length int) { + cmsg.Len = uint32(length) +} + +// SYS___SYSCTL is used by syscall_bsd.go for all BSDs, but in modern versions +// of openbsd/ppc64 the syscall is called sysctl instead of __sysctl. +const SYS___SYSCTL = SYS_SYSCTL diff --git a/vendor/golang.org/x/sys/unix/syscall_openbsd_riscv64.go b/vendor/golang.org/x/sys/unix/syscall_openbsd_riscv64.go new file mode 100644 index 00000000000..23199a7ff62 --- /dev/null +++ b/vendor/golang.org/x/sys/unix/syscall_openbsd_riscv64.go @@ -0,0 +1,42 @@ +// Copyright 2019 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build riscv64 && openbsd +// +build riscv64,openbsd + +package unix + +func setTimespec(sec, nsec int64) Timespec { + return Timespec{Sec: sec, Nsec: nsec} +} + +func setTimeval(sec, usec int64) Timeval { + return Timeval{Sec: sec, Usec: usec} +} + +func SetKevent(k *Kevent_t, fd, mode, flags int) { + k.Ident = uint64(fd) + k.Filter = int16(mode) + k.Flags = uint16(flags) +} + +func (iov *Iovec) SetLen(length int) { + iov.Len = uint64(length) +} + +func (msghdr *Msghdr) SetControllen(length int) { + msghdr.Controllen = uint32(length) +} + +func (msghdr *Msghdr) SetIovlen(length int) { + msghdr.Iovlen = uint32(length) +} + +func (cmsg *Cmsghdr) SetLen(length int) { + cmsg.Len = uint32(length) +} + +// SYS___SYSCTL is used by syscall_bsd.go for all BSDs, but in modern versions +// of openbsd/riscv64 the syscall is called sysctl instead of __sysctl. +const SYS___SYSCTL = SYS_SYSCTL diff --git a/vendor/golang.org/x/sys/unix/syscall_solaris.go b/vendor/golang.org/x/sys/unix/syscall_solaris.go index 8c6f4092abe..2109e569cce 100644 --- a/vendor/golang.org/x/sys/unix/syscall_solaris.go +++ b/vendor/golang.org/x/sys/unix/syscall_solaris.go @@ -1026,3 +1026,107 @@ func (e *EventPort) Get(s []PortEvent, min int, timeout *Timespec) (int, error) } return valid, err } + +//sys putmsg(fd int, clptr *strbuf, dataptr *strbuf, flags int) (err error) + +func Putmsg(fd int, cl []byte, data []byte, flags int) (err error) { + var clp, datap *strbuf + if len(cl) > 0 { + clp = &strbuf{ + Len: int32(len(cl)), + Buf: (*int8)(unsafe.Pointer(&cl[0])), + } + } + if len(data) > 0 { + datap = &strbuf{ + Len: int32(len(data)), + Buf: (*int8)(unsafe.Pointer(&data[0])), + } + } + return putmsg(fd, clp, datap, flags) +} + +//sys getmsg(fd int, clptr *strbuf, dataptr *strbuf, flags *int) (err error) + +func Getmsg(fd int, cl []byte, data []byte) (retCl []byte, retData []byte, flags int, err error) { + var clp, datap *strbuf + if len(cl) > 0 { + clp = &strbuf{ + Maxlen: int32(len(cl)), + Buf: (*int8)(unsafe.Pointer(&cl[0])), + } + } + if len(data) > 0 { + datap = &strbuf{ + Maxlen: int32(len(data)), + Buf: (*int8)(unsafe.Pointer(&data[0])), + } + } + + if err = getmsg(fd, clp, datap, &flags); err != nil { + return nil, nil, 0, err + } + + if len(cl) > 0 { + retCl = cl[:clp.Len] + } + if len(data) > 0 { + retData = data[:datap.Len] + } + return retCl, retData, flags, nil +} + +func IoctlSetIntRetInt(fd int, req uint, arg int) (int, error) { + return ioctlRet(fd, req, uintptr(arg)) +} + +func IoctlSetString(fd int, req uint, val string) error { + bs := make([]byte, len(val)+1) + copy(bs[:len(bs)-1], val) + err := ioctl(fd, req, uintptr(unsafe.Pointer(&bs[0]))) + runtime.KeepAlive(&bs[0]) + return err +} + +// Lifreq Helpers + +func (l *Lifreq) SetName(name string) error { + if len(name) >= len(l.Name) { + return fmt.Errorf("name cannot be more than %d characters", len(l.Name)-1) + } + for i := range name { + l.Name[i] = int8(name[i]) + } + return nil +} + +func (l *Lifreq) SetLifruInt(d int) { + *(*int)(unsafe.Pointer(&l.Lifru[0])) = d +} + +func (l *Lifreq) GetLifruInt() int { + return *(*int)(unsafe.Pointer(&l.Lifru[0])) +} + +func (l *Lifreq) SetLifruUint(d uint) { + *(*uint)(unsafe.Pointer(&l.Lifru[0])) = d +} + +func (l *Lifreq) GetLifruUint() uint { + return *(*uint)(unsafe.Pointer(&l.Lifru[0])) +} + +func IoctlLifreq(fd int, req uint, l *Lifreq) error { + return ioctl(fd, req, uintptr(unsafe.Pointer(l))) +} + +// Strioctl Helpers + +func (s *Strioctl) SetInt(i int) { + s.Len = int32(unsafe.Sizeof(i)) + s.Dp = (*int8)(unsafe.Pointer(&i)) +} + +func IoctlSetStrioctlRetInt(fd int, req uint, s *Strioctl) (int, error) { + return ioctlRet(fd, req, uintptr(unsafe.Pointer(s))) +} diff --git a/vendor/golang.org/x/sys/unix/syscall_unix_gc.go b/vendor/golang.org/x/sys/unix/syscall_unix_gc.go index 5898e9a52b7..b6919ca580e 100644 --- a/vendor/golang.org/x/sys/unix/syscall_unix_gc.go +++ b/vendor/golang.org/x/sys/unix/syscall_unix_gc.go @@ -2,11 +2,9 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build (darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris) && gc && !ppc64le && !ppc64 -// +build darwin dragonfly freebsd linux netbsd openbsd solaris +//go:build (darwin || dragonfly || freebsd || (linux && !ppc64 && !ppc64le) || netbsd || openbsd || solaris) && gc +// +build darwin dragonfly freebsd linux,!ppc64,!ppc64le netbsd openbsd solaris // +build gc -// +build !ppc64le -// +build !ppc64 package unix diff --git a/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go b/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go index f8616f454ec..68b2f3e1cd0 100644 --- a/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go +++ b/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go @@ -9,8 +9,10 @@ package unix import ( "bytes" + "fmt" "runtime" "sort" + "strings" "sync" "syscall" "unsafe" @@ -55,7 +57,13 @@ func (d *Dirent) NameString() string { if d == nil { return "" } - return string(d.Name[:d.Namlen]) + s := string(d.Name[:]) + idx := strings.IndexByte(s, 0) + if idx == -1 { + return s + } else { + return s[:idx] + } } func (sa *SockaddrInet4) sockaddr() (unsafe.Pointer, _Socklen, error) { @@ -1230,6 +1238,14 @@ func Readdir(dir uintptr) (*Dirent, error) { return &ent, err } +func readdir_r(dirp uintptr, entry *direntLE, result **direntLE) (err error) { + r0, _, e1 := syscall_syscall(SYS___READDIR_R_A, dirp, uintptr(unsafe.Pointer(entry)), uintptr(unsafe.Pointer(result))) + if int64(r0) == -1 { + err = errnoErr(Errno(e1)) + } + return +} + func Closedir(dir uintptr) error { _, _, e := syscall_syscall(SYS_CLOSEDIR, dir, 0, 0) if e != 0 { @@ -1821,3 +1837,158 @@ func Unmount(name string, mtm int) (err error) { } return err } + +func fdToPath(dirfd int) (path string, err error) { + var buffer [1024]byte + // w_ctrl() + ret := runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS_W_IOCTL<<4, + []uintptr{uintptr(dirfd), 17, 1024, uintptr(unsafe.Pointer(&buffer[0]))}) + if ret == 0 { + zb := bytes.IndexByte(buffer[:], 0) + if zb == -1 { + zb = len(buffer) + } + // __e2a_l() + runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS___E2A_L<<4, + []uintptr{uintptr(unsafe.Pointer(&buffer[0])), uintptr(zb)}) + return string(buffer[:zb]), nil + } + // __errno() + errno := int(*(*int32)(unsafe.Pointer(runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS___ERRNO<<4, + []uintptr{})))) + // __errno2() + errno2 := int(runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS___ERRNO2<<4, + []uintptr{})) + // strerror_r() + ret = runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS_STRERROR_R<<4, + []uintptr{uintptr(errno), uintptr(unsafe.Pointer(&buffer[0])), 1024}) + if ret == 0 { + zb := bytes.IndexByte(buffer[:], 0) + if zb == -1 { + zb = len(buffer) + } + return "", fmt.Errorf("%s (errno2=0x%x)", buffer[:zb], errno2) + } else { + return "", fmt.Errorf("fdToPath errno %d (errno2=0x%x)", errno, errno2) + } +} + +func direntLeToDirentUnix(dirent *direntLE, dir uintptr, path string) (Dirent, error) { + var d Dirent + + d.Ino = uint64(dirent.Ino) + offset, err := Telldir(dir) + if err != nil { + return d, err + } + + d.Off = int64(offset) + s := string(bytes.Split(dirent.Name[:], []byte{0})[0]) + copy(d.Name[:], s) + + d.Reclen = uint16(24 + len(d.NameString())) + var st Stat_t + path = path + "/" + s + err = Lstat(path, &st) + if err != nil { + return d, err + } + + d.Type = uint8(st.Mode >> 24) + return d, err +} + +func Getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) { + // Simulation of Getdirentries port from the Darwin implementation. + // COMMENTS FROM DARWIN: + // It's not the full required semantics, but should handle the case + // of calling Getdirentries or ReadDirent repeatedly. + // It won't handle assigning the results of lseek to *basep, or handle + // the directory being edited underfoot. + + skip, err := Seek(fd, 0, 1 /* SEEK_CUR */) + if err != nil { + return 0, err + } + + // Get path from fd to avoid unavailable call (fdopendir) + path, err := fdToPath(fd) + if err != nil { + return 0, err + } + d, err := Opendir(path) + if err != nil { + return 0, err + } + defer Closedir(d) + + var cnt int64 + for { + var entryLE direntLE + var entrypLE *direntLE + e := readdir_r(d, &entryLE, &entrypLE) + if e != nil { + return n, e + } + if entrypLE == nil { + break + } + if skip > 0 { + skip-- + cnt++ + continue + } + + // Dirent on zos has a different structure + entry, e := direntLeToDirentUnix(&entryLE, d, path) + if e != nil { + return n, e + } + + reclen := int(entry.Reclen) + if reclen > len(buf) { + // Not enough room. Return for now. + // The counter will let us know where we should start up again. + // Note: this strategy for suspending in the middle and + // restarting is O(n^2) in the length of the directory. Oh well. + break + } + + // Copy entry into return buffer. + s := unsafe.Slice((*byte)(unsafe.Pointer(&entry)), reclen) + copy(buf, s) + + buf = buf[reclen:] + n += reclen + cnt++ + } + // Set the seek offset of the input fd to record + // how many files we've already returned. + _, err = Seek(fd, cnt, 0 /* SEEK_SET */) + if err != nil { + return n, err + } + + return n, nil +} + +func ReadDirent(fd int, buf []byte) (n int, err error) { + var base = (*uintptr)(unsafe.Pointer(new(uint64))) + return Getdirentries(fd, buf, base) +} + +func direntIno(buf []byte) (uint64, bool) { + return readInt(buf, unsafe.Offsetof(Dirent{}.Ino), unsafe.Sizeof(Dirent{}.Ino)) +} + +func direntReclen(buf []byte) (uint64, bool) { + return readInt(buf, unsafe.Offsetof(Dirent{}.Reclen), unsafe.Sizeof(Dirent{}.Reclen)) +} + +func direntNamlen(buf []byte) (uint64, bool) { + reclen, ok := direntReclen(buf) + if !ok { + return 0, false + } + return reclen - uint64(unsafe.Offsetof(Dirent{}.Name)), true +} diff --git a/vendor/golang.org/x/sys/unix/zerrors_openbsd_ppc64.go b/vendor/golang.org/x/sys/unix/zerrors_openbsd_ppc64.go new file mode 100644 index 00000000000..8e2c51b1eec --- /dev/null +++ b/vendor/golang.org/x/sys/unix/zerrors_openbsd_ppc64.go @@ -0,0 +1,1905 @@ +// mkerrors.sh -m64 +// Code generated by the command above; see README.md. DO NOT EDIT. + +//go:build ppc64 && openbsd +// +build ppc64,openbsd + +// Code generated by cmd/cgo -godefs; DO NOT EDIT. +// cgo -godefs -- -m64 _const.go + +package unix + +import "syscall" + +const ( + AF_APPLETALK = 0x10 + AF_BLUETOOTH = 0x20 + AF_CCITT = 0xa + AF_CHAOS = 0x5 + AF_CNT = 0x15 + AF_COIP = 0x14 + AF_DATAKIT = 0x9 + AF_DECnet = 0xc + AF_DLI = 0xd + AF_E164 = 0x1a + AF_ECMA = 0x8 + AF_ENCAP = 0x1c + AF_HYLINK = 0xf + AF_IMPLINK = 0x3 + AF_INET = 0x2 + AF_INET6 = 0x18 + AF_IPX = 0x17 + AF_ISDN = 0x1a + AF_ISO = 0x7 + AF_KEY = 0x1e + AF_LAT = 0xe + AF_LINK = 0x12 + AF_LOCAL = 0x1 + AF_MAX = 0x24 + AF_MPLS = 0x21 + AF_NATM = 0x1b + AF_NS = 0x6 + AF_OSI = 0x7 + AF_PUP = 0x4 + AF_ROUTE = 0x11 + AF_SIP = 0x1d + AF_SNA = 0xb + AF_UNIX = 0x1 + AF_UNSPEC = 0x0 + ALTWERASE = 0x200 + ARPHRD_ETHER = 0x1 + ARPHRD_FRELAY = 0xf + ARPHRD_IEEE1394 = 0x18 + ARPHRD_IEEE802 = 0x6 + B0 = 0x0 + B110 = 0x6e + B115200 = 0x1c200 + B1200 = 0x4b0 + B134 = 0x86 + B14400 = 0x3840 + B150 = 0x96 + B1800 = 0x708 + B19200 = 0x4b00 + B200 = 0xc8 + B230400 = 0x38400 + B2400 = 0x960 + B28800 = 0x7080 + B300 = 0x12c + B38400 = 0x9600 + B4800 = 0x12c0 + B50 = 0x32 + B57600 = 0xe100 + B600 = 0x258 + B7200 = 0x1c20 + B75 = 0x4b + B76800 = 0x12c00 + B9600 = 0x2580 + BIOCFLUSH = 0x20004268 + BIOCGBLEN = 0x40044266 + BIOCGDIRFILT = 0x4004427c + BIOCGDLT = 0x4004426a + BIOCGDLTLIST = 0xc010427b + BIOCGETIF = 0x4020426b + BIOCGFILDROP = 0x40044278 + BIOCGHDRCMPLT = 0x40044274 + BIOCGRSIG = 0x40044273 + BIOCGRTIMEOUT = 0x4010426e + BIOCGSTATS = 0x4008426f + BIOCIMMEDIATE = 0x80044270 + BIOCLOCK = 0x20004276 + BIOCPROMISC = 0x20004269 + BIOCSBLEN = 0xc0044266 + BIOCSDIRFILT = 0x8004427d + BIOCSDLT = 0x8004427a + BIOCSETF = 0x80104267 + BIOCSETIF = 0x8020426c + BIOCSETWF = 0x80104277 + BIOCSFILDROP = 0x80044279 + BIOCSHDRCMPLT = 0x80044275 + BIOCSRSIG = 0x80044272 + BIOCSRTIMEOUT = 0x8010426d + BIOCVERSION = 0x40044271 + BPF_A = 0x10 + BPF_ABS = 0x20 + BPF_ADD = 0x0 + BPF_ALIGNMENT = 0x4 + BPF_ALU = 0x4 + BPF_AND = 0x50 + BPF_B = 0x10 + BPF_DIRECTION_IN = 0x1 + BPF_DIRECTION_OUT = 0x2 + BPF_DIV = 0x30 + BPF_FILDROP_CAPTURE = 0x1 + BPF_FILDROP_DROP = 0x2 + BPF_FILDROP_PASS = 0x0 + BPF_F_DIR_IN = 0x10 + BPF_F_DIR_MASK = 0x30 + BPF_F_DIR_OUT = 0x20 + BPF_F_DIR_SHIFT = 0x4 + BPF_F_FLOWID = 0x8 + BPF_F_PRI_MASK = 0x7 + BPF_H = 0x8 + BPF_IMM = 0x0 + BPF_IND = 0x40 + BPF_JA = 0x0 + BPF_JEQ = 0x10 + BPF_JGE = 0x30 + BPF_JGT = 0x20 + BPF_JMP = 0x5 + BPF_JSET = 0x40 + BPF_K = 0x0 + BPF_LD = 0x0 + BPF_LDX = 0x1 + BPF_LEN = 0x80 + BPF_LSH = 0x60 + BPF_MAJOR_VERSION = 0x1 + BPF_MAXBUFSIZE = 0x200000 + BPF_MAXINSNS = 0x200 + BPF_MEM = 0x60 + BPF_MEMWORDS = 0x10 + BPF_MINBUFSIZE = 0x20 + BPF_MINOR_VERSION = 0x1 + BPF_MISC = 0x7 + BPF_MSH = 0xa0 + BPF_MUL = 0x20 + BPF_NEG = 0x80 + BPF_OR = 0x40 + BPF_RELEASE = 0x30bb6 + BPF_RET = 0x6 + BPF_RND = 0xc0 + BPF_RSH = 0x70 + BPF_ST = 0x2 + BPF_STX = 0x3 + BPF_SUB = 0x10 + BPF_TAX = 0x0 + BPF_TXA = 0x80 + BPF_W = 0x0 + BPF_X = 0x8 + BRKINT = 0x2 + CFLUSH = 0xf + CLOCAL = 0x8000 + CLOCK_BOOTTIME = 0x6 + CLOCK_MONOTONIC = 0x3 + CLOCK_PROCESS_CPUTIME_ID = 0x2 + CLOCK_REALTIME = 0x0 + CLOCK_THREAD_CPUTIME_ID = 0x4 + CLOCK_UPTIME = 0x5 + CPUSTATES = 0x6 + CP_IDLE = 0x5 + CP_INTR = 0x4 + CP_NICE = 0x1 + CP_SPIN = 0x3 + CP_SYS = 0x2 + CP_USER = 0x0 + CREAD = 0x800 + CRTSCTS = 0x10000 + CS5 = 0x0 + CS6 = 0x100 + CS7 = 0x200 + CS8 = 0x300 + CSIZE = 0x300 + CSTART = 0x11 + CSTATUS = 0xff + CSTOP = 0x13 + CSTOPB = 0x400 + CSUSP = 0x1a + CTL_HW = 0x6 + CTL_KERN = 0x1 + CTL_MAXNAME = 0xc + CTL_NET = 0x4 + DIOCADDQUEUE = 0xc110445d + DIOCADDRULE = 0xcd604404 + DIOCADDSTATE = 0xc1084425 + DIOCCHANGERULE = 0xcd60441a + DIOCCLRIFFLAG = 0xc028445a + DIOCCLRSRCNODES = 0x20004455 + DIOCCLRSTATES = 0xc0e04412 + DIOCCLRSTATUS = 0xc0284416 + DIOCGETLIMIT = 0xc0084427 + DIOCGETQSTATS = 0xc1204460 + DIOCGETQUEUE = 0xc110445f + DIOCGETQUEUES = 0xc110445e + DIOCGETRULE = 0xcd604407 + DIOCGETRULES = 0xcd604406 + DIOCGETRULESET = 0xc444443b + DIOCGETRULESETS = 0xc444443a + DIOCGETSRCNODES = 0xc0104454 + DIOCGETSTATE = 0xc1084413 + DIOCGETSTATES = 0xc0104419 + DIOCGETSTATUS = 0xc1e84415 + DIOCGETSYNFLWATS = 0xc0084463 + DIOCGETTIMEOUT = 0xc008441e + DIOCIGETIFACES = 0xc0284457 + DIOCKILLSRCNODES = 0xc080445b + DIOCKILLSTATES = 0xc0e04429 + DIOCNATLOOK = 0xc0504417 + DIOCOSFPADD = 0xc088444f + DIOCOSFPFLUSH = 0x2000444e + DIOCOSFPGET = 0xc0884450 + DIOCRADDADDRS = 0xc4504443 + DIOCRADDTABLES = 0xc450443d + DIOCRCLRADDRS = 0xc4504442 + DIOCRCLRASTATS = 0xc4504448 + DIOCRCLRTABLES = 0xc450443c + DIOCRCLRTSTATS = 0xc4504441 + DIOCRDELADDRS = 0xc4504444 + DIOCRDELTABLES = 0xc450443e + DIOCRGETADDRS = 0xc4504446 + DIOCRGETASTATS = 0xc4504447 + DIOCRGETTABLES = 0xc450443f + DIOCRGETTSTATS = 0xc4504440 + DIOCRINADEFINE = 0xc450444d + DIOCRSETADDRS = 0xc4504445 + DIOCRSETTFLAGS = 0xc450444a + DIOCRTSTADDRS = 0xc4504449 + DIOCSETDEBUG = 0xc0044418 + DIOCSETHOSTID = 0xc0044456 + DIOCSETIFFLAG = 0xc0284459 + DIOCSETLIMIT = 0xc0084428 + DIOCSETREASS = 0xc004445c + DIOCSETSTATUSIF = 0xc0284414 + DIOCSETSYNCOOKIES = 0xc0014462 + DIOCSETSYNFLWATS = 0xc0084461 + DIOCSETTIMEOUT = 0xc008441d + DIOCSTART = 0x20004401 + DIOCSTOP = 0x20004402 + DIOCXBEGIN = 0xc0104451 + DIOCXCOMMIT = 0xc0104452 + DIOCXROLLBACK = 0xc0104453 + DLT_ARCNET = 0x7 + DLT_ATM_RFC1483 = 0xb + DLT_AX25 = 0x3 + DLT_CHAOS = 0x5 + DLT_C_HDLC = 0x68 + DLT_EN10MB = 0x1 + DLT_EN3MB = 0x2 + DLT_ENC = 0xd + DLT_FDDI = 0xa + DLT_IEEE802 = 0x6 + DLT_IEEE802_11 = 0x69 + DLT_IEEE802_11_RADIO = 0x7f + DLT_LOOP = 0xc + DLT_MPLS = 0xdb + DLT_NULL = 0x0 + DLT_OPENFLOW = 0x10b + DLT_PFLOG = 0x75 + DLT_PFSYNC = 0x12 + DLT_PPP = 0x9 + DLT_PPP_BSDOS = 0x10 + DLT_PPP_ETHER = 0x33 + DLT_PPP_SERIAL = 0x32 + DLT_PRONET = 0x4 + DLT_RAW = 0xe + DLT_SLIP = 0x8 + DLT_SLIP_BSDOS = 0xf + DLT_USBPCAP = 0xf9 + DLT_USER0 = 0x93 + DLT_USER1 = 0x94 + DLT_USER10 = 0x9d + DLT_USER11 = 0x9e + DLT_USER12 = 0x9f + DLT_USER13 = 0xa0 + DLT_USER14 = 0xa1 + DLT_USER15 = 0xa2 + DLT_USER2 = 0x95 + DLT_USER3 = 0x96 + DLT_USER4 = 0x97 + DLT_USER5 = 0x98 + DLT_USER6 = 0x99 + DLT_USER7 = 0x9a + DLT_USER8 = 0x9b + DLT_USER9 = 0x9c + DT_BLK = 0x6 + DT_CHR = 0x2 + DT_DIR = 0x4 + DT_FIFO = 0x1 + DT_LNK = 0xa + DT_REG = 0x8 + DT_SOCK = 0xc + DT_UNKNOWN = 0x0 + ECHO = 0x8 + ECHOCTL = 0x40 + ECHOE = 0x2 + ECHOK = 0x4 + ECHOKE = 0x1 + ECHONL = 0x10 + ECHOPRT = 0x20 + EMT_TAGOVF = 0x1 + EMUL_ENABLED = 0x1 + EMUL_NATIVE = 0x2 + ENDRUNDISC = 0x9 + ETH64_8021_RSVD_MASK = 0xfffffffffff0 + ETH64_8021_RSVD_PREFIX = 0x180c2000000 + ETHERMIN = 0x2e + ETHERMTU = 0x5dc + ETHERTYPE_8023 = 0x4 + ETHERTYPE_AARP = 0x80f3 + ETHERTYPE_ACCTON = 0x8390 + ETHERTYPE_AEONIC = 0x8036 + ETHERTYPE_ALPHA = 0x814a + ETHERTYPE_AMBER = 0x6008 + ETHERTYPE_AMOEBA = 0x8145 + ETHERTYPE_AOE = 0x88a2 + ETHERTYPE_APOLLO = 0x80f7 + ETHERTYPE_APOLLODOMAIN = 0x8019 + ETHERTYPE_APPLETALK = 0x809b + ETHERTYPE_APPLITEK = 0x80c7 + ETHERTYPE_ARGONAUT = 0x803a + ETHERTYPE_ARP = 0x806 + ETHERTYPE_AT = 0x809b + ETHERTYPE_ATALK = 0x809b + ETHERTYPE_ATOMIC = 0x86df + ETHERTYPE_ATT = 0x8069 + ETHERTYPE_ATTSTANFORD = 0x8008 + ETHERTYPE_AUTOPHON = 0x806a + ETHERTYPE_AXIS = 0x8856 + ETHERTYPE_BCLOOP = 0x9003 + ETHERTYPE_BOFL = 0x8102 + ETHERTYPE_CABLETRON = 0x7034 + ETHERTYPE_CHAOS = 0x804 + ETHERTYPE_COMDESIGN = 0x806c + ETHERTYPE_COMPUGRAPHIC = 0x806d + ETHERTYPE_COUNTERPOINT = 0x8062 + ETHERTYPE_CRONUS = 0x8004 + ETHERTYPE_CRONUSVLN = 0x8003 + ETHERTYPE_DCA = 0x1234 + ETHERTYPE_DDE = 0x807b + ETHERTYPE_DEBNI = 0xaaaa + ETHERTYPE_DECAM = 0x8048 + ETHERTYPE_DECCUST = 0x6006 + ETHERTYPE_DECDIAG = 0x6005 + ETHERTYPE_DECDNS = 0x803c + ETHERTYPE_DECDTS = 0x803e + ETHERTYPE_DECEXPER = 0x6000 + ETHERTYPE_DECLAST = 0x8041 + ETHERTYPE_DECLTM = 0x803f + ETHERTYPE_DECMUMPS = 0x6009 + ETHERTYPE_DECNETBIOS = 0x8040 + ETHERTYPE_DELTACON = 0x86de + ETHERTYPE_DIDDLE = 0x4321 + ETHERTYPE_DLOG1 = 0x660 + ETHERTYPE_DLOG2 = 0x661 + ETHERTYPE_DN = 0x6003 + ETHERTYPE_DOGFIGHT = 0x1989 + ETHERTYPE_DSMD = 0x8039 + ETHERTYPE_EAPOL = 0x888e + ETHERTYPE_ECMA = 0x803 + ETHERTYPE_ENCRYPT = 0x803d + ETHERTYPE_ES = 0x805d + ETHERTYPE_EXCELAN = 0x8010 + ETHERTYPE_EXPERDATA = 0x8049 + ETHERTYPE_FLIP = 0x8146 + ETHERTYPE_FLOWCONTROL = 0x8808 + ETHERTYPE_FRARP = 0x808 + ETHERTYPE_GENDYN = 0x8068 + ETHERTYPE_HAYES = 0x8130 + ETHERTYPE_HIPPI_FP = 0x8180 + ETHERTYPE_HITACHI = 0x8820 + ETHERTYPE_HP = 0x8005 + ETHERTYPE_IEEEPUP = 0xa00 + ETHERTYPE_IEEEPUPAT = 0xa01 + ETHERTYPE_IMLBL = 0x4c42 + ETHERTYPE_IMLBLDIAG = 0x424c + ETHERTYPE_IP = 0x800 + ETHERTYPE_IPAS = 0x876c + ETHERTYPE_IPV6 = 0x86dd + ETHERTYPE_IPX = 0x8137 + ETHERTYPE_IPXNEW = 0x8037 + ETHERTYPE_KALPANA = 0x8582 + ETHERTYPE_LANBRIDGE = 0x8038 + ETHERTYPE_LANPROBE = 0x8888 + ETHERTYPE_LAT = 0x6004 + ETHERTYPE_LBACK = 0x9000 + ETHERTYPE_LITTLE = 0x8060 + ETHERTYPE_LLDP = 0x88cc + ETHERTYPE_LOGICRAFT = 0x8148 + ETHERTYPE_LOOPBACK = 0x9000 + ETHERTYPE_MACSEC = 0x88e5 + ETHERTYPE_MATRA = 0x807a + ETHERTYPE_MAX = 0xffff + ETHERTYPE_MERIT = 0x807c + ETHERTYPE_MICP = 0x873a + ETHERTYPE_MOPDL = 0x6001 + ETHERTYPE_MOPRC = 0x6002 + ETHERTYPE_MOTOROLA = 0x818d + ETHERTYPE_MPLS = 0x8847 + ETHERTYPE_MPLS_MCAST = 0x8848 + ETHERTYPE_MUMPS = 0x813f + ETHERTYPE_NBPCC = 0x3c04 + ETHERTYPE_NBPCLAIM = 0x3c09 + ETHERTYPE_NBPCLREQ = 0x3c05 + ETHERTYPE_NBPCLRSP = 0x3c06 + ETHERTYPE_NBPCREQ = 0x3c02 + ETHERTYPE_NBPCRSP = 0x3c03 + ETHERTYPE_NBPDG = 0x3c07 + ETHERTYPE_NBPDGB = 0x3c08 + ETHERTYPE_NBPDLTE = 0x3c0a + ETHERTYPE_NBPRAR = 0x3c0c + ETHERTYPE_NBPRAS = 0x3c0b + ETHERTYPE_NBPRST = 0x3c0d + ETHERTYPE_NBPSCD = 0x3c01 + ETHERTYPE_NBPVCD = 0x3c00 + ETHERTYPE_NBS = 0x802 + ETHERTYPE_NCD = 0x8149 + ETHERTYPE_NESTAR = 0x8006 + ETHERTYPE_NETBEUI = 0x8191 + ETHERTYPE_NHRP = 0x2001 + ETHERTYPE_NOVELL = 0x8138 + ETHERTYPE_NS = 0x600 + ETHERTYPE_NSAT = 0x601 + ETHERTYPE_NSCOMPAT = 0x807 + ETHERTYPE_NSH = 0x984f + ETHERTYPE_NTRAILER = 0x10 + ETHERTYPE_OS9 = 0x7007 + ETHERTYPE_OS9NET = 0x7009 + ETHERTYPE_PACER = 0x80c6 + ETHERTYPE_PBB = 0x88e7 + ETHERTYPE_PCS = 0x4242 + ETHERTYPE_PLANNING = 0x8044 + ETHERTYPE_PPP = 0x880b + ETHERTYPE_PPPOE = 0x8864 + ETHERTYPE_PPPOEDISC = 0x8863 + ETHERTYPE_PRIMENTS = 0x7031 + ETHERTYPE_PUP = 0x200 + ETHERTYPE_PUPAT = 0x200 + ETHERTYPE_QINQ = 0x88a8 + ETHERTYPE_RACAL = 0x7030 + ETHERTYPE_RATIONAL = 0x8150 + ETHERTYPE_RAWFR = 0x6559 + ETHERTYPE_RCL = 0x1995 + ETHERTYPE_RDP = 0x8739 + ETHERTYPE_RETIX = 0x80f2 + ETHERTYPE_REVARP = 0x8035 + ETHERTYPE_SCA = 0x6007 + ETHERTYPE_SECTRA = 0x86db + ETHERTYPE_SECUREDATA = 0x876d + ETHERTYPE_SGITW = 0x817e + ETHERTYPE_SG_BOUNCE = 0x8016 + ETHERTYPE_SG_DIAG = 0x8013 + ETHERTYPE_SG_NETGAMES = 0x8014 + ETHERTYPE_SG_RESV = 0x8015 + ETHERTYPE_SIMNET = 0x5208 + ETHERTYPE_SLOW = 0x8809 + ETHERTYPE_SNA = 0x80d5 + ETHERTYPE_SNMP = 0x814c + ETHERTYPE_SONIX = 0xfaf5 + ETHERTYPE_SPIDER = 0x809f + ETHERTYPE_SPRITE = 0x500 + ETHERTYPE_STP = 0x8181 + ETHERTYPE_TALARIS = 0x812b + ETHERTYPE_TALARISMC = 0x852b + ETHERTYPE_TCPCOMP = 0x876b + ETHERTYPE_TCPSM = 0x9002 + ETHERTYPE_TEC = 0x814f + ETHERTYPE_TIGAN = 0x802f + ETHERTYPE_TRAIL = 0x1000 + ETHERTYPE_TRANSETHER = 0x6558 + ETHERTYPE_TYMSHARE = 0x802e + ETHERTYPE_UBBST = 0x7005 + ETHERTYPE_UBDEBUG = 0x900 + ETHERTYPE_UBDIAGLOOP = 0x7002 + ETHERTYPE_UBDL = 0x7000 + ETHERTYPE_UBNIU = 0x7001 + ETHERTYPE_UBNMC = 0x7003 + ETHERTYPE_VALID = 0x1600 + ETHERTYPE_VARIAN = 0x80dd + ETHERTYPE_VAXELN = 0x803b + ETHERTYPE_VEECO = 0x8067 + ETHERTYPE_VEXP = 0x805b + ETHERTYPE_VGLAB = 0x8131 + ETHERTYPE_VINES = 0xbad + ETHERTYPE_VINESECHO = 0xbaf + ETHERTYPE_VINESLOOP = 0xbae + ETHERTYPE_VITAL = 0xff00 + ETHERTYPE_VLAN = 0x8100 + ETHERTYPE_VLTLMAN = 0x8080 + ETHERTYPE_VPROD = 0x805c + ETHERTYPE_VURESERVED = 0x8147 + ETHERTYPE_WATERLOO = 0x8130 + ETHERTYPE_WELLFLEET = 0x8103 + ETHERTYPE_X25 = 0x805 + ETHERTYPE_X75 = 0x801 + ETHERTYPE_XNSSM = 0x9001 + ETHERTYPE_XTP = 0x817d + ETHER_ADDR_LEN = 0x6 + ETHER_ALIGN = 0x2 + ETHER_CRC_LEN = 0x4 + ETHER_CRC_POLY_BE = 0x4c11db6 + ETHER_CRC_POLY_LE = 0xedb88320 + ETHER_HDR_LEN = 0xe + ETHER_MAX_DIX_LEN = 0x600 + ETHER_MAX_HARDMTU_LEN = 0xff9b + ETHER_MAX_LEN = 0x5ee + ETHER_MIN_LEN = 0x40 + ETHER_TYPE_LEN = 0x2 + ETHER_VLAN_ENCAP_LEN = 0x4 + EVFILT_AIO = -0x3 + EVFILT_DEVICE = -0x8 + EVFILT_EXCEPT = -0x9 + EVFILT_PROC = -0x5 + EVFILT_READ = -0x1 + EVFILT_SIGNAL = -0x6 + EVFILT_SYSCOUNT = 0x9 + EVFILT_TIMER = -0x7 + EVFILT_VNODE = -0x4 + EVFILT_WRITE = -0x2 + EVL_ENCAPLEN = 0x4 + EVL_PRIO_BITS = 0xd + EVL_PRIO_MAX = 0x7 + EVL_VLID_MASK = 0xfff + EVL_VLID_MAX = 0xffe + EVL_VLID_MIN = 0x1 + EVL_VLID_NULL = 0x0 + EV_ADD = 0x1 + EV_CLEAR = 0x20 + EV_DELETE = 0x2 + EV_DISABLE = 0x8 + EV_DISPATCH = 0x80 + EV_ENABLE = 0x4 + EV_EOF = 0x8000 + EV_ERROR = 0x4000 + EV_FLAG1 = 0x2000 + EV_ONESHOT = 0x10 + EV_RECEIPT = 0x40 + EV_SYSFLAGS = 0xf800 + EXTA = 0x4b00 + EXTB = 0x9600 + EXTPROC = 0x800 + FD_CLOEXEC = 0x1 + FD_SETSIZE = 0x400 + FLUSHO = 0x800000 + F_DUPFD = 0x0 + F_DUPFD_CLOEXEC = 0xa + F_GETFD = 0x1 + F_GETFL = 0x3 + F_GETLK = 0x7 + F_GETOWN = 0x5 + F_ISATTY = 0xb + F_OK = 0x0 + F_RDLCK = 0x1 + F_SETFD = 0x2 + F_SETFL = 0x4 + F_SETLK = 0x8 + F_SETLKW = 0x9 + F_SETOWN = 0x6 + F_UNLCK = 0x2 + F_WRLCK = 0x3 + HUPCL = 0x4000 + HW_MACHINE = 0x1 + ICANON = 0x100 + ICMP6_FILTER = 0x12 + ICRNL = 0x100 + IEXTEN = 0x400 + IFAN_ARRIVAL = 0x0 + IFAN_DEPARTURE = 0x1 + IFF_ALLMULTI = 0x200 + IFF_BROADCAST = 0x2 + IFF_CANTCHANGE = 0x8e52 + IFF_DEBUG = 0x4 + IFF_LINK0 = 0x1000 + IFF_LINK1 = 0x2000 + IFF_LINK2 = 0x4000 + IFF_LOOPBACK = 0x8 + IFF_MULTICAST = 0x8000 + IFF_NOARP = 0x80 + IFF_OACTIVE = 0x400 + IFF_POINTOPOINT = 0x10 + IFF_PROMISC = 0x100 + IFF_RUNNING = 0x40 + IFF_SIMPLEX = 0x800 + IFF_STATICARP = 0x20 + IFF_UP = 0x1 + IFNAMSIZ = 0x10 + IFT_1822 = 0x2 + IFT_A12MPPSWITCH = 0x82 + IFT_AAL2 = 0xbb + IFT_AAL5 = 0x31 + IFT_ADSL = 0x5e + IFT_AFLANE8023 = 0x3b + IFT_AFLANE8025 = 0x3c + IFT_ARAP = 0x58 + IFT_ARCNET = 0x23 + IFT_ARCNETPLUS = 0x24 + IFT_ASYNC = 0x54 + IFT_ATM = 0x25 + IFT_ATMDXI = 0x69 + IFT_ATMFUNI = 0x6a + IFT_ATMIMA = 0x6b + IFT_ATMLOGICAL = 0x50 + IFT_ATMRADIO = 0xbd + IFT_ATMSUBINTERFACE = 0x86 + IFT_ATMVCIENDPT = 0xc2 + IFT_ATMVIRTUAL = 0x95 + IFT_BGPPOLICYACCOUNTING = 0xa2 + IFT_BLUETOOTH = 0xf8 + IFT_BRIDGE = 0xd1 + IFT_BSC = 0x53 + IFT_CARP = 0xf7 + IFT_CCTEMUL = 0x3d + IFT_CEPT = 0x13 + IFT_CES = 0x85 + IFT_CHANNEL = 0x46 + IFT_CNR = 0x55 + IFT_COFFEE = 0x84 + IFT_COMPOSITELINK = 0x9b + IFT_DCN = 0x8d + IFT_DIGITALPOWERLINE = 0x8a + IFT_DIGITALWRAPPEROVERHEADCHANNEL = 0xba + IFT_DLSW = 0x4a + IFT_DOCSCABLEDOWNSTREAM = 0x80 + IFT_DOCSCABLEMACLAYER = 0x7f + IFT_DOCSCABLEUPSTREAM = 0x81 + IFT_DOCSCABLEUPSTREAMCHANNEL = 0xcd + IFT_DS0 = 0x51 + IFT_DS0BUNDLE = 0x52 + IFT_DS1FDL = 0xaa + IFT_DS3 = 0x1e + IFT_DTM = 0x8c + IFT_DUMMY = 0xf1 + IFT_DVBASILN = 0xac + IFT_DVBASIOUT = 0xad + IFT_DVBRCCDOWNSTREAM = 0x93 + IFT_DVBRCCMACLAYER = 0x92 + IFT_DVBRCCUPSTREAM = 0x94 + IFT_ECONET = 0xce + IFT_ENC = 0xf4 + IFT_EON = 0x19 + IFT_EPLRS = 0x57 + IFT_ESCON = 0x49 + IFT_ETHER = 0x6 + IFT_FAITH = 0xf3 + IFT_FAST = 0x7d + IFT_FASTETHER = 0x3e + IFT_FASTETHERFX = 0x45 + IFT_FDDI = 0xf + IFT_FIBRECHANNEL = 0x38 + IFT_FRAMERELAYINTERCONNECT = 0x3a + IFT_FRAMERELAYMPI = 0x5c + IFT_FRDLCIENDPT = 0xc1 + IFT_FRELAY = 0x20 + IFT_FRELAYDCE = 0x2c + IFT_FRF16MFRBUNDLE = 0xa3 + IFT_FRFORWARD = 0x9e + IFT_G703AT2MB = 0x43 + IFT_G703AT64K = 0x42 + IFT_GIF = 0xf0 + IFT_GIGABITETHERNET = 0x75 + IFT_GR303IDT = 0xb2 + IFT_GR303RDT = 0xb1 + IFT_H323GATEKEEPER = 0xa4 + IFT_H323PROXY = 0xa5 + IFT_HDH1822 = 0x3 + IFT_HDLC = 0x76 + IFT_HDSL2 = 0xa8 + IFT_HIPERLAN2 = 0xb7 + IFT_HIPPI = 0x2f + IFT_HIPPIINTERFACE = 0x39 + IFT_HOSTPAD = 0x5a + IFT_HSSI = 0x2e + IFT_HY = 0xe + IFT_IBM370PARCHAN = 0x48 + IFT_IDSL = 0x9a + IFT_IEEE1394 = 0x90 + IFT_IEEE80211 = 0x47 + IFT_IEEE80212 = 0x37 + IFT_IEEE8023ADLAG = 0xa1 + IFT_IFGSN = 0x91 + IFT_IMT = 0xbe + IFT_INFINIBAND = 0xc7 + IFT_INTERLEAVE = 0x7c + IFT_IP = 0x7e + IFT_IPFORWARD = 0x8e + IFT_IPOVERATM = 0x72 + IFT_IPOVERCDLC = 0x6d + IFT_IPOVERCLAW = 0x6e + IFT_IPSWITCH = 0x4e + IFT_ISDN = 0x3f + IFT_ISDNBASIC = 0x14 + IFT_ISDNPRIMARY = 0x15 + IFT_ISDNS = 0x4b + IFT_ISDNU = 0x4c + IFT_ISO88022LLC = 0x29 + IFT_ISO88023 = 0x7 + IFT_ISO88024 = 0x8 + IFT_ISO88025 = 0x9 + IFT_ISO88025CRFPINT = 0x62 + IFT_ISO88025DTR = 0x56 + IFT_ISO88025FIBER = 0x73 + IFT_ISO88026 = 0xa + IFT_ISUP = 0xb3 + IFT_L2VLAN = 0x87 + IFT_L3IPVLAN = 0x88 + IFT_L3IPXVLAN = 0x89 + IFT_LAPB = 0x10 + IFT_LAPD = 0x4d + IFT_LAPF = 0x77 + IFT_LINEGROUP = 0xd2 + IFT_LOCALTALK = 0x2a + IFT_LOOP = 0x18 + IFT_MBIM = 0xfa + IFT_MEDIAMAILOVERIP = 0x8b + IFT_MFSIGLINK = 0xa7 + IFT_MIOX25 = 0x26 + IFT_MODEM = 0x30 + IFT_MPC = 0x71 + IFT_MPLS = 0xa6 + IFT_MPLSTUNNEL = 0x96 + IFT_MSDSL = 0x8f + IFT_MVL = 0xbf + IFT_MYRINET = 0x63 + IFT_NFAS = 0xaf + IFT_NSIP = 0x1b + IFT_OPTICALCHANNEL = 0xc3 + IFT_OPTICALTRANSPORT = 0xc4 + IFT_OTHER = 0x1 + IFT_P10 = 0xc + IFT_P80 = 0xd + IFT_PARA = 0x22 + IFT_PFLOG = 0xf5 + IFT_PFLOW = 0xf9 + IFT_PFSYNC = 0xf6 + IFT_PLC = 0xae + IFT_PON155 = 0xcf + IFT_PON622 = 0xd0 + IFT_POS = 0xab + IFT_PPP = 0x17 + IFT_PPPMULTILINKBUNDLE = 0x6c + IFT_PROPATM = 0xc5 + IFT_PROPBWAP2MP = 0xb8 + IFT_PROPCNLS = 0x59 + IFT_PROPDOCSWIRELESSDOWNSTREAM = 0xb5 + IFT_PROPDOCSWIRELESSMACLAYER = 0xb4 + IFT_PROPDOCSWIRELESSUPSTREAM = 0xb6 + IFT_PROPMUX = 0x36 + IFT_PROPVIRTUAL = 0x35 + IFT_PROPWIRELESSP2P = 0x9d + IFT_PTPSERIAL = 0x16 + IFT_PVC = 0xf2 + IFT_Q2931 = 0xc9 + IFT_QLLC = 0x44 + IFT_RADIOMAC = 0xbc + IFT_RADSL = 0x5f + IFT_REACHDSL = 0xc0 + IFT_RFC1483 = 0x9f + IFT_RS232 = 0x21 + IFT_RSRB = 0x4f + IFT_SDLC = 0x11 + IFT_SDSL = 0x60 + IFT_SHDSL = 0xa9 + IFT_SIP = 0x1f + IFT_SIPSIG = 0xcc + IFT_SIPTG = 0xcb + IFT_SLIP = 0x1c + IFT_SMDSDXI = 0x2b + IFT_SMDSICIP = 0x34 + IFT_SONET = 0x27 + IFT_SONETOVERHEADCHANNEL = 0xb9 + IFT_SONETPATH = 0x32 + IFT_SONETVT = 0x33 + IFT_SRP = 0x97 + IFT_SS7SIGLINK = 0x9c + IFT_STACKTOSTACK = 0x6f + IFT_STARLAN = 0xb + IFT_T1 = 0x12 + IFT_TDLC = 0x74 + IFT_TELINK = 0xc8 + IFT_TERMPAD = 0x5b + IFT_TR008 = 0xb0 + IFT_TRANSPHDLC = 0x7b + IFT_TUNNEL = 0x83 + IFT_ULTRA = 0x1d + IFT_USB = 0xa0 + IFT_V11 = 0x40 + IFT_V35 = 0x2d + IFT_V36 = 0x41 + IFT_V37 = 0x78 + IFT_VDSL = 0x61 + IFT_VIRTUALIPADDRESS = 0x70 + IFT_VIRTUALTG = 0xca + IFT_VOICEDID = 0xd5 + IFT_VOICEEM = 0x64 + IFT_VOICEEMFGD = 0xd3 + IFT_VOICEENCAP = 0x67 + IFT_VOICEFGDEANA = 0xd4 + IFT_VOICEFXO = 0x65 + IFT_VOICEFXS = 0x66 + IFT_VOICEOVERATM = 0x98 + IFT_VOICEOVERCABLE = 0xc6 + IFT_VOICEOVERFRAMERELAY = 0x99 + IFT_VOICEOVERIP = 0x68 + IFT_WIREGUARD = 0xfb + IFT_X213 = 0x5d + IFT_X25 = 0x5 + IFT_X25DDN = 0x4 + IFT_X25HUNTGROUP = 0x7a + IFT_X25MLP = 0x79 + IFT_X25PLE = 0x28 + IFT_XETHER = 0x1a + IGNBRK = 0x1 + IGNCR = 0x80 + IGNPAR = 0x4 + IMAXBEL = 0x2000 + INLCR = 0x40 + INPCK = 0x10 + IN_CLASSA_HOST = 0xffffff + IN_CLASSA_MAX = 0x80 + IN_CLASSA_NET = 0xff000000 + IN_CLASSA_NSHIFT = 0x18 + IN_CLASSB_HOST = 0xffff + IN_CLASSB_MAX = 0x10000 + IN_CLASSB_NET = 0xffff0000 + IN_CLASSB_NSHIFT = 0x10 + IN_CLASSC_HOST = 0xff + IN_CLASSC_NET = 0xffffff00 + IN_CLASSC_NSHIFT = 0x8 + IN_CLASSD_HOST = 0xfffffff + IN_CLASSD_NET = 0xf0000000 + IN_CLASSD_NSHIFT = 0x1c + IN_LOOPBACKNET = 0x7f + IN_RFC3021_HOST = 0x1 + IN_RFC3021_NET = 0xfffffffe + IN_RFC3021_NSHIFT = 0x1f + IPPROTO_AH = 0x33 + IPPROTO_CARP = 0x70 + IPPROTO_DIVERT = 0x102 + IPPROTO_DONE = 0x101 + IPPROTO_DSTOPTS = 0x3c + IPPROTO_EGP = 0x8 + IPPROTO_ENCAP = 0x62 + IPPROTO_EON = 0x50 + IPPROTO_ESP = 0x32 + IPPROTO_ETHERIP = 0x61 + IPPROTO_FRAGMENT = 0x2c + IPPROTO_GGP = 0x3 + IPPROTO_GRE = 0x2f + IPPROTO_HOPOPTS = 0x0 + IPPROTO_ICMP = 0x1 + IPPROTO_ICMPV6 = 0x3a + IPPROTO_IDP = 0x16 + IPPROTO_IGMP = 0x2 + IPPROTO_IP = 0x0 + IPPROTO_IPCOMP = 0x6c + IPPROTO_IPIP = 0x4 + IPPROTO_IPV4 = 0x4 + IPPROTO_IPV6 = 0x29 + IPPROTO_MAX = 0x100 + IPPROTO_MAXID = 0x103 + IPPROTO_MOBILE = 0x37 + IPPROTO_MPLS = 0x89 + IPPROTO_NONE = 0x3b + IPPROTO_PFSYNC = 0xf0 + IPPROTO_PIM = 0x67 + IPPROTO_PUP = 0xc + IPPROTO_RAW = 0xff + IPPROTO_ROUTING = 0x2b + IPPROTO_RSVP = 0x2e + IPPROTO_SCTP = 0x84 + IPPROTO_TCP = 0x6 + IPPROTO_TP = 0x1d + IPPROTO_UDP = 0x11 + IPPROTO_UDPLITE = 0x88 + IPV6_AUTH_LEVEL = 0x35 + IPV6_AUTOFLOWLABEL = 0x3b + IPV6_CHECKSUM = 0x1a + IPV6_DEFAULT_MULTICAST_HOPS = 0x1 + IPV6_DEFAULT_MULTICAST_LOOP = 0x1 + IPV6_DEFHLIM = 0x40 + IPV6_DONTFRAG = 0x3e + IPV6_DSTOPTS = 0x32 + IPV6_ESP_NETWORK_LEVEL = 0x37 + IPV6_ESP_TRANS_LEVEL = 0x36 + IPV6_FAITH = 0x1d + IPV6_FLOWINFO_MASK = 0xfffffff + IPV6_FLOWLABEL_MASK = 0xfffff + IPV6_FRAGTTL = 0x78 + IPV6_HLIMDEC = 0x1 + IPV6_HOPLIMIT = 0x2f + IPV6_HOPOPTS = 0x31 + IPV6_IPCOMP_LEVEL = 0x3c + IPV6_JOIN_GROUP = 0xc + IPV6_LEAVE_GROUP = 0xd + IPV6_MAXHLIM = 0xff + IPV6_MAXPACKET = 0xffff + IPV6_MINHOPCOUNT = 0x41 + IPV6_MMTU = 0x500 + IPV6_MULTICAST_HOPS = 0xa + IPV6_MULTICAST_IF = 0x9 + IPV6_MULTICAST_LOOP = 0xb + IPV6_NEXTHOP = 0x30 + IPV6_OPTIONS = 0x1 + IPV6_PATHMTU = 0x2c + IPV6_PIPEX = 0x3f + IPV6_PKTINFO = 0x2e + IPV6_PORTRANGE = 0xe + IPV6_PORTRANGE_DEFAULT = 0x0 + IPV6_PORTRANGE_HIGH = 0x1 + IPV6_PORTRANGE_LOW = 0x2 + IPV6_RECVDSTOPTS = 0x28 + IPV6_RECVDSTPORT = 0x40 + IPV6_RECVHOPLIMIT = 0x25 + IPV6_RECVHOPOPTS = 0x27 + IPV6_RECVPATHMTU = 0x2b + IPV6_RECVPKTINFO = 0x24 + IPV6_RECVRTHDR = 0x26 + IPV6_RECVTCLASS = 0x39 + IPV6_RTABLE = 0x1021 + IPV6_RTHDR = 0x33 + IPV6_RTHDRDSTOPTS = 0x23 + IPV6_RTHDR_LOOSE = 0x0 + IPV6_RTHDR_STRICT = 0x1 + IPV6_RTHDR_TYPE_0 = 0x0 + IPV6_SOCKOPT_RESERVED1 = 0x3 + IPV6_TCLASS = 0x3d + IPV6_UNICAST_HOPS = 0x4 + IPV6_USE_MIN_MTU = 0x2a + IPV6_V6ONLY = 0x1b + IPV6_VERSION = 0x60 + IPV6_VERSION_MASK = 0xf0 + IP_ADD_MEMBERSHIP = 0xc + IP_AUTH_LEVEL = 0x14 + IP_DEFAULT_MULTICAST_LOOP = 0x1 + IP_DEFAULT_MULTICAST_TTL = 0x1 + IP_DF = 0x4000 + IP_DROP_MEMBERSHIP = 0xd + IP_ESP_NETWORK_LEVEL = 0x16 + IP_ESP_TRANS_LEVEL = 0x15 + IP_HDRINCL = 0x2 + IP_IPCOMP_LEVEL = 0x1d + IP_IPDEFTTL = 0x25 + IP_IPSECFLOWINFO = 0x24 + IP_IPSEC_LOCAL_AUTH = 0x1b + IP_IPSEC_LOCAL_CRED = 0x19 + IP_IPSEC_LOCAL_ID = 0x17 + IP_IPSEC_REMOTE_AUTH = 0x1c + IP_IPSEC_REMOTE_CRED = 0x1a + IP_IPSEC_REMOTE_ID = 0x18 + IP_MAXPACKET = 0xffff + IP_MAX_MEMBERSHIPS = 0xfff + IP_MF = 0x2000 + IP_MINTTL = 0x20 + IP_MIN_MEMBERSHIPS = 0xf + IP_MSS = 0x240 + IP_MULTICAST_IF = 0x9 + IP_MULTICAST_LOOP = 0xb + IP_MULTICAST_TTL = 0xa + IP_OFFMASK = 0x1fff + IP_OPTIONS = 0x1 + IP_PIPEX = 0x22 + IP_PORTRANGE = 0x13 + IP_PORTRANGE_DEFAULT = 0x0 + IP_PORTRANGE_HIGH = 0x1 + IP_PORTRANGE_LOW = 0x2 + IP_RECVDSTADDR = 0x7 + IP_RECVDSTPORT = 0x21 + IP_RECVIF = 0x1e + IP_RECVOPTS = 0x5 + IP_RECVRETOPTS = 0x6 + IP_RECVRTABLE = 0x23 + IP_RECVTTL = 0x1f + IP_RETOPTS = 0x8 + IP_RF = 0x8000 + IP_RTABLE = 0x1021 + IP_SENDSRCADDR = 0x7 + IP_TOS = 0x3 + IP_TTL = 0x4 + ISIG = 0x80 + ISTRIP = 0x20 + ITIMER_PROF = 0x2 + ITIMER_REAL = 0x0 + ITIMER_VIRTUAL = 0x1 + IUCLC = 0x1000 + IXANY = 0x800 + IXOFF = 0x400 + IXON = 0x200 + KERN_HOSTNAME = 0xa + KERN_OSRELEASE = 0x2 + KERN_OSTYPE = 0x1 + KERN_VERSION = 0x4 + LCNT_OVERLOAD_FLUSH = 0x6 + LOCK_EX = 0x2 + LOCK_NB = 0x4 + LOCK_SH = 0x1 + LOCK_UN = 0x8 + MADV_DONTNEED = 0x4 + MADV_FREE = 0x6 + MADV_NORMAL = 0x0 + MADV_RANDOM = 0x1 + MADV_SEQUENTIAL = 0x2 + MADV_SPACEAVAIL = 0x5 + MADV_WILLNEED = 0x3 + MAP_ANON = 0x1000 + MAP_ANONYMOUS = 0x1000 + MAP_CONCEAL = 0x8000 + MAP_COPY = 0x2 + MAP_FILE = 0x0 + MAP_FIXED = 0x10 + MAP_FLAGMASK = 0xfff7 + MAP_HASSEMAPHORE = 0x0 + MAP_INHERIT = 0x0 + MAP_INHERIT_COPY = 0x1 + MAP_INHERIT_NONE = 0x2 + MAP_INHERIT_SHARE = 0x0 + MAP_INHERIT_ZERO = 0x3 + MAP_NOEXTEND = 0x0 + MAP_NORESERVE = 0x0 + MAP_PRIVATE = 0x2 + MAP_RENAME = 0x0 + MAP_SHARED = 0x1 + MAP_STACK = 0x4000 + MAP_TRYFIXED = 0x0 + MCL_CURRENT = 0x1 + MCL_FUTURE = 0x2 + MNT_ASYNC = 0x40 + MNT_DEFEXPORTED = 0x200 + MNT_DELEXPORT = 0x20000 + MNT_DOOMED = 0x8000000 + MNT_EXPORTANON = 0x400 + MNT_EXPORTED = 0x100 + MNT_EXRDONLY = 0x80 + MNT_FORCE = 0x80000 + MNT_LAZY = 0x3 + MNT_LOCAL = 0x1000 + MNT_NOATIME = 0x8000 + MNT_NODEV = 0x10 + MNT_NOEXEC = 0x4 + MNT_NOPERM = 0x20 + MNT_NOSUID = 0x8 + MNT_NOWAIT = 0x2 + MNT_QUOTA = 0x2000 + MNT_RDONLY = 0x1 + MNT_RELOAD = 0x40000 + MNT_ROOTFS = 0x4000 + MNT_SOFTDEP = 0x4000000 + MNT_STALLED = 0x100000 + MNT_SWAPPABLE = 0x200000 + MNT_SYNCHRONOUS = 0x2 + MNT_UPDATE = 0x10000 + MNT_VISFLAGMASK = 0x400ffff + MNT_WAIT = 0x1 + MNT_WANTRDWR = 0x2000000 + MNT_WXALLOWED = 0x800 + MOUNT_AFS = "afs" + MOUNT_CD9660 = "cd9660" + MOUNT_EXT2FS = "ext2fs" + MOUNT_FFS = "ffs" + MOUNT_FUSEFS = "fuse" + MOUNT_MFS = "mfs" + MOUNT_MSDOS = "msdos" + MOUNT_NCPFS = "ncpfs" + MOUNT_NFS = "nfs" + MOUNT_NTFS = "ntfs" + MOUNT_TMPFS = "tmpfs" + MOUNT_UDF = "udf" + MOUNT_UFS = "ffs" + MSG_BCAST = 0x100 + MSG_CMSG_CLOEXEC = 0x800 + MSG_CTRUNC = 0x20 + MSG_DONTROUTE = 0x4 + MSG_DONTWAIT = 0x80 + MSG_EOR = 0x8 + MSG_MCAST = 0x200 + MSG_NOSIGNAL = 0x400 + MSG_OOB = 0x1 + MSG_PEEK = 0x2 + MSG_TRUNC = 0x10 + MSG_WAITALL = 0x40 + MSG_WAITFORONE = 0x1000 + MS_ASYNC = 0x1 + MS_INVALIDATE = 0x4 + MS_SYNC = 0x2 + NAME_MAX = 0xff + NET_RT_DUMP = 0x1 + NET_RT_FLAGS = 0x2 + NET_RT_IFLIST = 0x3 + NET_RT_IFNAMES = 0x6 + NET_RT_MAXID = 0x8 + NET_RT_SOURCE = 0x7 + NET_RT_STATS = 0x4 + NET_RT_TABLE = 0x5 + NFDBITS = 0x20 + NOFLSH = 0x80000000 + NOKERNINFO = 0x2000000 + NOTE_ATTRIB = 0x8 + NOTE_CHANGE = 0x1 + NOTE_CHILD = 0x4 + NOTE_DELETE = 0x1 + NOTE_EOF = 0x2 + NOTE_EXEC = 0x20000000 + NOTE_EXIT = 0x80000000 + NOTE_EXTEND = 0x4 + NOTE_FORK = 0x40000000 + NOTE_LINK = 0x10 + NOTE_LOWAT = 0x1 + NOTE_OOB = 0x4 + NOTE_PCTRLMASK = 0xf0000000 + NOTE_PDATAMASK = 0xfffff + NOTE_RENAME = 0x20 + NOTE_REVOKE = 0x40 + NOTE_TRACK = 0x1 + NOTE_TRACKERR = 0x2 + NOTE_TRUNCATE = 0x80 + NOTE_WRITE = 0x2 + OCRNL = 0x10 + OLCUC = 0x20 + ONLCR = 0x2 + ONLRET = 0x80 + ONOCR = 0x40 + ONOEOT = 0x8 + OPOST = 0x1 + OXTABS = 0x4 + O_ACCMODE = 0x3 + O_APPEND = 0x8 + O_ASYNC = 0x40 + O_CLOEXEC = 0x10000 + O_CREAT = 0x200 + O_DIRECTORY = 0x20000 + O_DSYNC = 0x80 + O_EXCL = 0x800 + O_EXLOCK = 0x20 + O_FSYNC = 0x80 + O_NDELAY = 0x4 + O_NOCTTY = 0x8000 + O_NOFOLLOW = 0x100 + O_NONBLOCK = 0x4 + O_RDONLY = 0x0 + O_RDWR = 0x2 + O_RSYNC = 0x80 + O_SHLOCK = 0x10 + O_SYNC = 0x80 + O_TRUNC = 0x400 + O_WRONLY = 0x1 + PARENB = 0x1000 + PARMRK = 0x8 + PARODD = 0x2000 + PENDIN = 0x20000000 + PF_FLUSH = 0x1 + PRIO_PGRP = 0x1 + PRIO_PROCESS = 0x0 + PRIO_USER = 0x2 + PROT_EXEC = 0x4 + PROT_NONE = 0x0 + PROT_READ = 0x1 + PROT_WRITE = 0x2 + RLIMIT_CORE = 0x4 + RLIMIT_CPU = 0x0 + RLIMIT_DATA = 0x2 + RLIMIT_FSIZE = 0x1 + RLIMIT_MEMLOCK = 0x6 + RLIMIT_NOFILE = 0x8 + RLIMIT_NPROC = 0x7 + RLIMIT_RSS = 0x5 + RLIMIT_STACK = 0x3 + RLIM_INFINITY = 0x7fffffffffffffff + RTAX_AUTHOR = 0x6 + RTAX_BFD = 0xb + RTAX_BRD = 0x7 + RTAX_DNS = 0xc + RTAX_DST = 0x0 + RTAX_GATEWAY = 0x1 + RTAX_GENMASK = 0x3 + RTAX_IFA = 0x5 + RTAX_IFP = 0x4 + RTAX_LABEL = 0xa + RTAX_MAX = 0xf + RTAX_NETMASK = 0x2 + RTAX_SEARCH = 0xe + RTAX_SRC = 0x8 + RTAX_SRCMASK = 0x9 + RTAX_STATIC = 0xd + RTA_AUTHOR = 0x40 + RTA_BFD = 0x800 + RTA_BRD = 0x80 + RTA_DNS = 0x1000 + RTA_DST = 0x1 + RTA_GATEWAY = 0x2 + RTA_GENMASK = 0x8 + RTA_IFA = 0x20 + RTA_IFP = 0x10 + RTA_LABEL = 0x400 + RTA_NETMASK = 0x4 + RTA_SEARCH = 0x4000 + RTA_SRC = 0x100 + RTA_SRCMASK = 0x200 + RTA_STATIC = 0x2000 + RTF_ANNOUNCE = 0x4000 + RTF_BFD = 0x1000000 + RTF_BLACKHOLE = 0x1000 + RTF_BROADCAST = 0x400000 + RTF_CACHED = 0x20000 + RTF_CLONED = 0x10000 + RTF_CLONING = 0x100 + RTF_CONNECTED = 0x800000 + RTF_DONE = 0x40 + RTF_DYNAMIC = 0x10 + RTF_FMASK = 0x110fc08 + RTF_GATEWAY = 0x2 + RTF_HOST = 0x4 + RTF_LLINFO = 0x400 + RTF_LOCAL = 0x200000 + RTF_MODIFIED = 0x20 + RTF_MPATH = 0x40000 + RTF_MPLS = 0x100000 + RTF_MULTICAST = 0x200 + RTF_PERMANENT_ARP = 0x2000 + RTF_PROTO1 = 0x8000 + RTF_PROTO2 = 0x4000 + RTF_PROTO3 = 0x2000 + RTF_REJECT = 0x8 + RTF_STATIC = 0x800 + RTF_UP = 0x1 + RTF_USETRAILERS = 0x8000 + RTM_80211INFO = 0x15 + RTM_ADD = 0x1 + RTM_BFD = 0x12 + RTM_CHANGE = 0x3 + RTM_CHGADDRATTR = 0x14 + RTM_DELADDR = 0xd + RTM_DELETE = 0x2 + RTM_DESYNC = 0x10 + RTM_GET = 0x4 + RTM_IFANNOUNCE = 0xf + RTM_IFINFO = 0xe + RTM_INVALIDATE = 0x11 + RTM_LOSING = 0x5 + RTM_MAXSIZE = 0x800 + RTM_MISS = 0x7 + RTM_NEWADDR = 0xc + RTM_PROPOSAL = 0x13 + RTM_REDIRECT = 0x6 + RTM_RESOLVE = 0xb + RTM_SOURCE = 0x16 + RTM_VERSION = 0x5 + RTV_EXPIRE = 0x4 + RTV_HOPCOUNT = 0x2 + RTV_MTU = 0x1 + RTV_RPIPE = 0x8 + RTV_RTT = 0x40 + RTV_RTTVAR = 0x80 + RTV_SPIPE = 0x10 + RTV_SSTHRESH = 0x20 + RT_TABLEID_BITS = 0x8 + RT_TABLEID_MASK = 0xff + RT_TABLEID_MAX = 0xff + RUSAGE_CHILDREN = -0x1 + RUSAGE_SELF = 0x0 + RUSAGE_THREAD = 0x1 + SCM_RIGHTS = 0x1 + SCM_TIMESTAMP = 0x4 + SEEK_CUR = 0x1 + SEEK_END = 0x2 + SEEK_SET = 0x0 + SHUT_RD = 0x0 + SHUT_RDWR = 0x2 + SHUT_WR = 0x1 + SIOCADDMULTI = 0x80206931 + SIOCAIFADDR = 0x8040691a + SIOCAIFGROUP = 0x80286987 + SIOCATMARK = 0x40047307 + SIOCBRDGADD = 0x8060693c + SIOCBRDGADDL = 0x80606949 + SIOCBRDGADDS = 0x80606941 + SIOCBRDGARL = 0x808c694d + SIOCBRDGDADDR = 0x81286947 + SIOCBRDGDEL = 0x8060693d + SIOCBRDGDELS = 0x80606942 + SIOCBRDGFLUSH = 0x80606948 + SIOCBRDGFRL = 0x808c694e + SIOCBRDGGCACHE = 0xc0146941 + SIOCBRDGGFD = 0xc0146952 + SIOCBRDGGHT = 0xc0146951 + SIOCBRDGGIFFLGS = 0xc060693e + SIOCBRDGGMA = 0xc0146953 + SIOCBRDGGPARAM = 0xc0406958 + SIOCBRDGGPRI = 0xc0146950 + SIOCBRDGGRL = 0xc030694f + SIOCBRDGGTO = 0xc0146946 + SIOCBRDGIFS = 0xc0606942 + SIOCBRDGRTS = 0xc0206943 + SIOCBRDGSADDR = 0xc1286944 + SIOCBRDGSCACHE = 0x80146940 + SIOCBRDGSFD = 0x80146952 + SIOCBRDGSHT = 0x80146951 + SIOCBRDGSIFCOST = 0x80606955 + SIOCBRDGSIFFLGS = 0x8060693f + SIOCBRDGSIFPRIO = 0x80606954 + SIOCBRDGSIFPROT = 0x8060694a + SIOCBRDGSMA = 0x80146953 + SIOCBRDGSPRI = 0x80146950 + SIOCBRDGSPROTO = 0x8014695a + SIOCBRDGSTO = 0x80146945 + SIOCBRDGSTXHC = 0x80146959 + SIOCDELLABEL = 0x80206997 + SIOCDELMULTI = 0x80206932 + SIOCDIFADDR = 0x80206919 + SIOCDIFGROUP = 0x80286989 + SIOCDIFPARENT = 0x802069b4 + SIOCDIFPHYADDR = 0x80206949 + SIOCDPWE3NEIGHBOR = 0x802069de + SIOCDVNETID = 0x802069af + SIOCGETKALIVE = 0xc01869a4 + SIOCGETLABEL = 0x8020699a + SIOCGETMPWCFG = 0xc02069ae + SIOCGETPFLOW = 0xc02069fe + SIOCGETPFSYNC = 0xc02069f8 + SIOCGETSGCNT = 0xc0207534 + SIOCGETVIFCNT = 0xc0287533 + SIOCGETVLAN = 0xc0206990 + SIOCGIFADDR = 0xc0206921 + SIOCGIFBRDADDR = 0xc0206923 + SIOCGIFCONF = 0xc0106924 + SIOCGIFDATA = 0xc020691b + SIOCGIFDESCR = 0xc0206981 + SIOCGIFDSTADDR = 0xc0206922 + SIOCGIFFLAGS = 0xc0206911 + SIOCGIFGATTR = 0xc028698b + SIOCGIFGENERIC = 0xc020693a + SIOCGIFGLIST = 0xc028698d + SIOCGIFGMEMB = 0xc028698a + SIOCGIFGROUP = 0xc0286988 + SIOCGIFHARDMTU = 0xc02069a5 + SIOCGIFLLPRIO = 0xc02069b6 + SIOCGIFMEDIA = 0xc0406938 + SIOCGIFMETRIC = 0xc0206917 + SIOCGIFMTU = 0xc020697e + SIOCGIFNETMASK = 0xc0206925 + SIOCGIFPAIR = 0xc02069b1 + SIOCGIFPARENT = 0xc02069b3 + SIOCGIFPRIORITY = 0xc020699c + SIOCGIFRDOMAIN = 0xc02069a0 + SIOCGIFRTLABEL = 0xc0206983 + SIOCGIFRXR = 0x802069aa + SIOCGIFSFFPAGE = 0xc1126939 + SIOCGIFXFLAGS = 0xc020699e + SIOCGLIFPHYADDR = 0xc218694b + SIOCGLIFPHYDF = 0xc02069c2 + SIOCGLIFPHYECN = 0xc02069c8 + SIOCGLIFPHYRTABLE = 0xc02069a2 + SIOCGLIFPHYTTL = 0xc02069a9 + SIOCGPGRP = 0x40047309 + SIOCGPWE3 = 0xc0206998 + SIOCGPWE3CTRLWORD = 0xc02069dc + SIOCGPWE3FAT = 0xc02069dd + SIOCGPWE3NEIGHBOR = 0xc21869de + SIOCGRXHPRIO = 0xc02069db + SIOCGSPPPPARAMS = 0xc0206994 + SIOCGTXHPRIO = 0xc02069c6 + SIOCGUMBINFO = 0xc02069be + SIOCGUMBPARAM = 0xc02069c0 + SIOCGVH = 0xc02069f6 + SIOCGVNETFLOWID = 0xc02069c4 + SIOCGVNETID = 0xc02069a7 + SIOCIFAFATTACH = 0x801169ab + SIOCIFAFDETACH = 0x801169ac + SIOCIFCREATE = 0x8020697a + SIOCIFDESTROY = 0x80206979 + SIOCIFGCLONERS = 0xc0106978 + SIOCSETKALIVE = 0x801869a3 + SIOCSETLABEL = 0x80206999 + SIOCSETMPWCFG = 0x802069ad + SIOCSETPFLOW = 0x802069fd + SIOCSETPFSYNC = 0x802069f7 + SIOCSETVLAN = 0x8020698f + SIOCSIFADDR = 0x8020690c + SIOCSIFBRDADDR = 0x80206913 + SIOCSIFDESCR = 0x80206980 + SIOCSIFDSTADDR = 0x8020690e + SIOCSIFFLAGS = 0x80206910 + SIOCSIFGATTR = 0x8028698c + SIOCSIFGENERIC = 0x80206939 + SIOCSIFLLADDR = 0x8020691f + SIOCSIFLLPRIO = 0x802069b5 + SIOCSIFMEDIA = 0xc0206937 + SIOCSIFMETRIC = 0x80206918 + SIOCSIFMTU = 0x8020697f + SIOCSIFNETMASK = 0x80206916 + SIOCSIFPAIR = 0x802069b0 + SIOCSIFPARENT = 0x802069b2 + SIOCSIFPRIORITY = 0x8020699b + SIOCSIFRDOMAIN = 0x8020699f + SIOCSIFRTLABEL = 0x80206982 + SIOCSIFXFLAGS = 0x8020699d + SIOCSLIFPHYADDR = 0x8218694a + SIOCSLIFPHYDF = 0x802069c1 + SIOCSLIFPHYECN = 0x802069c7 + SIOCSLIFPHYRTABLE = 0x802069a1 + SIOCSLIFPHYTTL = 0x802069a8 + SIOCSPGRP = 0x80047308 + SIOCSPWE3CTRLWORD = 0x802069dc + SIOCSPWE3FAT = 0x802069dd + SIOCSPWE3NEIGHBOR = 0x821869de + SIOCSRXHPRIO = 0x802069db + SIOCSSPPPPARAMS = 0x80206993 + SIOCSTXHPRIO = 0x802069c5 + SIOCSUMBPARAM = 0x802069bf + SIOCSVH = 0xc02069f5 + SIOCSVNETFLOWID = 0x802069c3 + SIOCSVNETID = 0x802069a6 + SOCK_CLOEXEC = 0x8000 + SOCK_DGRAM = 0x2 + SOCK_DNS = 0x1000 + SOCK_NONBLOCK = 0x4000 + SOCK_RAW = 0x3 + SOCK_RDM = 0x4 + SOCK_SEQPACKET = 0x5 + SOCK_STREAM = 0x1 + SOL_SOCKET = 0xffff + SOMAXCONN = 0x80 + SO_ACCEPTCONN = 0x2 + SO_BINDANY = 0x1000 + SO_BROADCAST = 0x20 + SO_DEBUG = 0x1 + SO_DOMAIN = 0x1024 + SO_DONTROUTE = 0x10 + SO_ERROR = 0x1007 + SO_KEEPALIVE = 0x8 + SO_LINGER = 0x80 + SO_NETPROC = 0x1020 + SO_OOBINLINE = 0x100 + SO_PEERCRED = 0x1022 + SO_PROTOCOL = 0x1025 + SO_RCVBUF = 0x1002 + SO_RCVLOWAT = 0x1004 + SO_RCVTIMEO = 0x1006 + SO_REUSEADDR = 0x4 + SO_REUSEPORT = 0x200 + SO_RTABLE = 0x1021 + SO_SNDBUF = 0x1001 + SO_SNDLOWAT = 0x1003 + SO_SNDTIMEO = 0x1005 + SO_SPLICE = 0x1023 + SO_TIMESTAMP = 0x800 + SO_TYPE = 0x1008 + SO_USELOOPBACK = 0x40 + SO_ZEROIZE = 0x2000 + S_BLKSIZE = 0x200 + S_IEXEC = 0x40 + S_IFBLK = 0x6000 + S_IFCHR = 0x2000 + S_IFDIR = 0x4000 + S_IFIFO = 0x1000 + S_IFLNK = 0xa000 + S_IFMT = 0xf000 + S_IFREG = 0x8000 + S_IFSOCK = 0xc000 + S_IREAD = 0x100 + S_IRGRP = 0x20 + S_IROTH = 0x4 + S_IRUSR = 0x100 + S_IRWXG = 0x38 + S_IRWXO = 0x7 + S_IRWXU = 0x1c0 + S_ISGID = 0x400 + S_ISTXT = 0x200 + S_ISUID = 0x800 + S_ISVTX = 0x200 + S_IWGRP = 0x10 + S_IWOTH = 0x2 + S_IWRITE = 0x80 + S_IWUSR = 0x80 + S_IXGRP = 0x8 + S_IXOTH = 0x1 + S_IXUSR = 0x40 + TCIFLUSH = 0x1 + TCIOFF = 0x3 + TCIOFLUSH = 0x3 + TCION = 0x4 + TCOFLUSH = 0x2 + TCOOFF = 0x1 + TCOON = 0x2 + TCPOPT_EOL = 0x0 + TCPOPT_MAXSEG = 0x2 + TCPOPT_NOP = 0x1 + TCPOPT_SACK = 0x5 + TCPOPT_SACK_HDR = 0x1010500 + TCPOPT_SACK_PERMITTED = 0x4 + TCPOPT_SACK_PERMIT_HDR = 0x1010402 + TCPOPT_SIGNATURE = 0x13 + TCPOPT_TIMESTAMP = 0x8 + TCPOPT_TSTAMP_HDR = 0x101080a + TCPOPT_WINDOW = 0x3 + TCP_INFO = 0x9 + TCP_MAXSEG = 0x2 + TCP_MAXWIN = 0xffff + TCP_MAX_SACK = 0x3 + TCP_MAX_WINSHIFT = 0xe + TCP_MD5SIG = 0x4 + TCP_MSS = 0x200 + TCP_NODELAY = 0x1 + TCP_NOPUSH = 0x10 + TCP_SACKHOLE_LIMIT = 0x80 + TCP_SACK_ENABLE = 0x8 + TCSAFLUSH = 0x2 + TIMER_ABSTIME = 0x1 + TIMER_RELTIME = 0x0 + TIOCCBRK = 0x2000747a + TIOCCDTR = 0x20007478 + TIOCCHKVERAUTH = 0x2000741e + TIOCCLRVERAUTH = 0x2000741d + TIOCCONS = 0x80047462 + TIOCDRAIN = 0x2000745e + TIOCEXCL = 0x2000740d + TIOCEXT = 0x80047460 + TIOCFLAG_CLOCAL = 0x2 + TIOCFLAG_CRTSCTS = 0x4 + TIOCFLAG_MDMBUF = 0x8 + TIOCFLAG_PPS = 0x10 + TIOCFLAG_SOFTCAR = 0x1 + TIOCFLUSH = 0x80047410 + TIOCGETA = 0x402c7413 + TIOCGETD = 0x4004741a + TIOCGFLAGS = 0x4004745d + TIOCGPGRP = 0x40047477 + TIOCGSID = 0x40047463 + TIOCGTSTAMP = 0x4010745b + TIOCGWINSZ = 0x40087468 + TIOCMBIC = 0x8004746b + TIOCMBIS = 0x8004746c + TIOCMGET = 0x4004746a + TIOCMODG = 0x4004746a + TIOCMODS = 0x8004746d + TIOCMSET = 0x8004746d + TIOCM_CAR = 0x40 + TIOCM_CD = 0x40 + TIOCM_CTS = 0x20 + TIOCM_DSR = 0x100 + TIOCM_DTR = 0x2 + TIOCM_LE = 0x1 + TIOCM_RI = 0x80 + TIOCM_RNG = 0x80 + TIOCM_RTS = 0x4 + TIOCM_SR = 0x10 + TIOCM_ST = 0x8 + TIOCNOTTY = 0x20007471 + TIOCNXCL = 0x2000740e + TIOCOUTQ = 0x40047473 + TIOCPKT = 0x80047470 + TIOCPKT_DATA = 0x0 + TIOCPKT_DOSTOP = 0x20 + TIOCPKT_FLUSHREAD = 0x1 + TIOCPKT_FLUSHWRITE = 0x2 + TIOCPKT_IOCTL = 0x40 + TIOCPKT_NOSTOP = 0x10 + TIOCPKT_START = 0x8 + TIOCPKT_STOP = 0x4 + TIOCREMOTE = 0x80047469 + TIOCSBRK = 0x2000747b + TIOCSCTTY = 0x20007461 + TIOCSDTR = 0x20007479 + TIOCSETA = 0x802c7414 + TIOCSETAF = 0x802c7416 + TIOCSETAW = 0x802c7415 + TIOCSETD = 0x8004741b + TIOCSETVERAUTH = 0x8004741c + TIOCSFLAGS = 0x8004745c + TIOCSIG = 0x8004745f + TIOCSPGRP = 0x80047476 + TIOCSTART = 0x2000746e + TIOCSTAT = 0x20007465 + TIOCSTOP = 0x2000746f + TIOCSTSTAMP = 0x8008745a + TIOCSWINSZ = 0x80087467 + TIOCUCNTL = 0x80047466 + TIOCUCNTL_CBRK = 0x7a + TIOCUCNTL_SBRK = 0x7b + TOSTOP = 0x400000 + UTIME_NOW = -0x2 + UTIME_OMIT = -0x1 + VDISCARD = 0xf + VDSUSP = 0xb + VEOF = 0x0 + VEOL = 0x1 + VEOL2 = 0x2 + VERASE = 0x3 + VINTR = 0x8 + VKILL = 0x5 + VLNEXT = 0xe + VMIN = 0x10 + VM_ANONMIN = 0x7 + VM_LOADAVG = 0x2 + VM_MALLOC_CONF = 0xc + VM_MAXID = 0xd + VM_MAXSLP = 0xa + VM_METER = 0x1 + VM_NKMEMPAGES = 0x6 + VM_PSSTRINGS = 0x3 + VM_SWAPENCRYPT = 0x5 + VM_USPACE = 0xb + VM_UVMEXP = 0x4 + VM_VNODEMIN = 0x9 + VM_VTEXTMIN = 0x8 + VQUIT = 0x9 + VREPRINT = 0x6 + VSTART = 0xc + VSTATUS = 0x12 + VSTOP = 0xd + VSUSP = 0xa + VTIME = 0x11 + VWERASE = 0x4 + WALTSIG = 0x4 + WCONTINUED = 0x8 + WCOREFLAG = 0x80 + WNOHANG = 0x1 + WUNTRACED = 0x2 + XCASE = 0x1000000 +) + +// Errors +const ( + E2BIG = syscall.Errno(0x7) + EACCES = syscall.Errno(0xd) + EADDRINUSE = syscall.Errno(0x30) + EADDRNOTAVAIL = syscall.Errno(0x31) + EAFNOSUPPORT = syscall.Errno(0x2f) + EAGAIN = syscall.Errno(0x23) + EALREADY = syscall.Errno(0x25) + EAUTH = syscall.Errno(0x50) + EBADF = syscall.Errno(0x9) + EBADMSG = syscall.Errno(0x5c) + EBADRPC = syscall.Errno(0x48) + EBUSY = syscall.Errno(0x10) + ECANCELED = syscall.Errno(0x58) + ECHILD = syscall.Errno(0xa) + ECONNABORTED = syscall.Errno(0x35) + ECONNREFUSED = syscall.Errno(0x3d) + ECONNRESET = syscall.Errno(0x36) + EDEADLK = syscall.Errno(0xb) + EDESTADDRREQ = syscall.Errno(0x27) + EDOM = syscall.Errno(0x21) + EDQUOT = syscall.Errno(0x45) + EEXIST = syscall.Errno(0x11) + EFAULT = syscall.Errno(0xe) + EFBIG = syscall.Errno(0x1b) + EFTYPE = syscall.Errno(0x4f) + EHOSTDOWN = syscall.Errno(0x40) + EHOSTUNREACH = syscall.Errno(0x41) + EIDRM = syscall.Errno(0x59) + EILSEQ = syscall.Errno(0x54) + EINPROGRESS = syscall.Errno(0x24) + EINTR = syscall.Errno(0x4) + EINVAL = syscall.Errno(0x16) + EIO = syscall.Errno(0x5) + EIPSEC = syscall.Errno(0x52) + EISCONN = syscall.Errno(0x38) + EISDIR = syscall.Errno(0x15) + ELAST = syscall.Errno(0x5f) + ELOOP = syscall.Errno(0x3e) + EMEDIUMTYPE = syscall.Errno(0x56) + EMFILE = syscall.Errno(0x18) + EMLINK = syscall.Errno(0x1f) + EMSGSIZE = syscall.Errno(0x28) + ENAMETOOLONG = syscall.Errno(0x3f) + ENEEDAUTH = syscall.Errno(0x51) + ENETDOWN = syscall.Errno(0x32) + ENETRESET = syscall.Errno(0x34) + ENETUNREACH = syscall.Errno(0x33) + ENFILE = syscall.Errno(0x17) + ENOATTR = syscall.Errno(0x53) + ENOBUFS = syscall.Errno(0x37) + ENODEV = syscall.Errno(0x13) + ENOENT = syscall.Errno(0x2) + ENOEXEC = syscall.Errno(0x8) + ENOLCK = syscall.Errno(0x4d) + ENOMEDIUM = syscall.Errno(0x55) + ENOMEM = syscall.Errno(0xc) + ENOMSG = syscall.Errno(0x5a) + ENOPROTOOPT = syscall.Errno(0x2a) + ENOSPC = syscall.Errno(0x1c) + ENOSYS = syscall.Errno(0x4e) + ENOTBLK = syscall.Errno(0xf) + ENOTCONN = syscall.Errno(0x39) + ENOTDIR = syscall.Errno(0x14) + ENOTEMPTY = syscall.Errno(0x42) + ENOTRECOVERABLE = syscall.Errno(0x5d) + ENOTSOCK = syscall.Errno(0x26) + ENOTSUP = syscall.Errno(0x5b) + ENOTTY = syscall.Errno(0x19) + ENXIO = syscall.Errno(0x6) + EOPNOTSUPP = syscall.Errno(0x2d) + EOVERFLOW = syscall.Errno(0x57) + EOWNERDEAD = syscall.Errno(0x5e) + EPERM = syscall.Errno(0x1) + EPFNOSUPPORT = syscall.Errno(0x2e) + EPIPE = syscall.Errno(0x20) + EPROCLIM = syscall.Errno(0x43) + EPROCUNAVAIL = syscall.Errno(0x4c) + EPROGMISMATCH = syscall.Errno(0x4b) + EPROGUNAVAIL = syscall.Errno(0x4a) + EPROTO = syscall.Errno(0x5f) + EPROTONOSUPPORT = syscall.Errno(0x2b) + EPROTOTYPE = syscall.Errno(0x29) + ERANGE = syscall.Errno(0x22) + EREMOTE = syscall.Errno(0x47) + EROFS = syscall.Errno(0x1e) + ERPCMISMATCH = syscall.Errno(0x49) + ESHUTDOWN = syscall.Errno(0x3a) + ESOCKTNOSUPPORT = syscall.Errno(0x2c) + ESPIPE = syscall.Errno(0x1d) + ESRCH = syscall.Errno(0x3) + ESTALE = syscall.Errno(0x46) + ETIMEDOUT = syscall.Errno(0x3c) + ETOOMANYREFS = syscall.Errno(0x3b) + ETXTBSY = syscall.Errno(0x1a) + EUSERS = syscall.Errno(0x44) + EWOULDBLOCK = syscall.Errno(0x23) + EXDEV = syscall.Errno(0x12) +) + +// Signals +const ( + SIGABRT = syscall.Signal(0x6) + SIGALRM = syscall.Signal(0xe) + SIGBUS = syscall.Signal(0xa) + SIGCHLD = syscall.Signal(0x14) + SIGCONT = syscall.Signal(0x13) + SIGEMT = syscall.Signal(0x7) + SIGFPE = syscall.Signal(0x8) + SIGHUP = syscall.Signal(0x1) + SIGILL = syscall.Signal(0x4) + SIGINFO = syscall.Signal(0x1d) + SIGINT = syscall.Signal(0x2) + SIGIO = syscall.Signal(0x17) + SIGIOT = syscall.Signal(0x6) + SIGKILL = syscall.Signal(0x9) + SIGPIPE = syscall.Signal(0xd) + SIGPROF = syscall.Signal(0x1b) + SIGQUIT = syscall.Signal(0x3) + SIGSEGV = syscall.Signal(0xb) + SIGSTOP = syscall.Signal(0x11) + SIGSYS = syscall.Signal(0xc) + SIGTERM = syscall.Signal(0xf) + SIGTHR = syscall.Signal(0x20) + SIGTRAP = syscall.Signal(0x5) + SIGTSTP = syscall.Signal(0x12) + SIGTTIN = syscall.Signal(0x15) + SIGTTOU = syscall.Signal(0x16) + SIGURG = syscall.Signal(0x10) + SIGUSR1 = syscall.Signal(0x1e) + SIGUSR2 = syscall.Signal(0x1f) + SIGVTALRM = syscall.Signal(0x1a) + SIGWINCH = syscall.Signal(0x1c) + SIGXCPU = syscall.Signal(0x18) + SIGXFSZ = syscall.Signal(0x19) +) + +// Error table +var errorList = [...]struct { + num syscall.Errno + name string + desc string +}{ + {1, "EPERM", "operation not permitted"}, + {2, "ENOENT", "no such file or directory"}, + {3, "ESRCH", "no such process"}, + {4, "EINTR", "interrupted system call"}, + {5, "EIO", "input/output error"}, + {6, "ENXIO", "device not configured"}, + {7, "E2BIG", "argument list too long"}, + {8, "ENOEXEC", "exec format error"}, + {9, "EBADF", "bad file descriptor"}, + {10, "ECHILD", "no child processes"}, + {11, "EDEADLK", "resource deadlock avoided"}, + {12, "ENOMEM", "cannot allocate memory"}, + {13, "EACCES", "permission denied"}, + {14, "EFAULT", "bad address"}, + {15, "ENOTBLK", "block device required"}, + {16, "EBUSY", "device busy"}, + {17, "EEXIST", "file exists"}, + {18, "EXDEV", "cross-device link"}, + {19, "ENODEV", "operation not supported by device"}, + {20, "ENOTDIR", "not a directory"}, + {21, "EISDIR", "is a directory"}, + {22, "EINVAL", "invalid argument"}, + {23, "ENFILE", "too many open files in system"}, + {24, "EMFILE", "too many open files"}, + {25, "ENOTTY", "inappropriate ioctl for device"}, + {26, "ETXTBSY", "text file busy"}, + {27, "EFBIG", "file too large"}, + {28, "ENOSPC", "no space left on device"}, + {29, "ESPIPE", "illegal seek"}, + {30, "EROFS", "read-only file system"}, + {31, "EMLINK", "too many links"}, + {32, "EPIPE", "broken pipe"}, + {33, "EDOM", "numerical argument out of domain"}, + {34, "ERANGE", "result too large"}, + {35, "EAGAIN", "resource temporarily unavailable"}, + {36, "EINPROGRESS", "operation now in progress"}, + {37, "EALREADY", "operation already in progress"}, + {38, "ENOTSOCK", "socket operation on non-socket"}, + {39, "EDESTADDRREQ", "destination address required"}, + {40, "EMSGSIZE", "message too long"}, + {41, "EPROTOTYPE", "protocol wrong type for socket"}, + {42, "ENOPROTOOPT", "protocol not available"}, + {43, "EPROTONOSUPPORT", "protocol not supported"}, + {44, "ESOCKTNOSUPPORT", "socket type not supported"}, + {45, "EOPNOTSUPP", "operation not supported"}, + {46, "EPFNOSUPPORT", "protocol family not supported"}, + {47, "EAFNOSUPPORT", "address family not supported by protocol family"}, + {48, "EADDRINUSE", "address already in use"}, + {49, "EADDRNOTAVAIL", "can't assign requested address"}, + {50, "ENETDOWN", "network is down"}, + {51, "ENETUNREACH", "network is unreachable"}, + {52, "ENETRESET", "network dropped connection on reset"}, + {53, "ECONNABORTED", "software caused connection abort"}, + {54, "ECONNRESET", "connection reset by peer"}, + {55, "ENOBUFS", "no buffer space available"}, + {56, "EISCONN", "socket is already connected"}, + {57, "ENOTCONN", "socket is not connected"}, + {58, "ESHUTDOWN", "can't send after socket shutdown"}, + {59, "ETOOMANYREFS", "too many references: can't splice"}, + {60, "ETIMEDOUT", "operation timed out"}, + {61, "ECONNREFUSED", "connection refused"}, + {62, "ELOOP", "too many levels of symbolic links"}, + {63, "ENAMETOOLONG", "file name too long"}, + {64, "EHOSTDOWN", "host is down"}, + {65, "EHOSTUNREACH", "no route to host"}, + {66, "ENOTEMPTY", "directory not empty"}, + {67, "EPROCLIM", "too many processes"}, + {68, "EUSERS", "too many users"}, + {69, "EDQUOT", "disk quota exceeded"}, + {70, "ESTALE", "stale NFS file handle"}, + {71, "EREMOTE", "too many levels of remote in path"}, + {72, "EBADRPC", "RPC struct is bad"}, + {73, "ERPCMISMATCH", "RPC version wrong"}, + {74, "EPROGUNAVAIL", "RPC program not available"}, + {75, "EPROGMISMATCH", "program version wrong"}, + {76, "EPROCUNAVAIL", "bad procedure for program"}, + {77, "ENOLCK", "no locks available"}, + {78, "ENOSYS", "function not implemented"}, + {79, "EFTYPE", "inappropriate file type or format"}, + {80, "EAUTH", "authentication error"}, + {81, "ENEEDAUTH", "need authenticator"}, + {82, "EIPSEC", "IPsec processing failure"}, + {83, "ENOATTR", "attribute not found"}, + {84, "EILSEQ", "illegal byte sequence"}, + {85, "ENOMEDIUM", "no medium found"}, + {86, "EMEDIUMTYPE", "wrong medium type"}, + {87, "EOVERFLOW", "value too large to be stored in data type"}, + {88, "ECANCELED", "operation canceled"}, + {89, "EIDRM", "identifier removed"}, + {90, "ENOMSG", "no message of desired type"}, + {91, "ENOTSUP", "not supported"}, + {92, "EBADMSG", "bad message"}, + {93, "ENOTRECOVERABLE", "state not recoverable"}, + {94, "EOWNERDEAD", "previous owner died"}, + {95, "ELAST", "protocol error"}, +} + +// Signal table +var signalList = [...]struct { + num syscall.Signal + name string + desc string +}{ + {1, "SIGHUP", "hangup"}, + {2, "SIGINT", "interrupt"}, + {3, "SIGQUIT", "quit"}, + {4, "SIGILL", "illegal instruction"}, + {5, "SIGTRAP", "trace/BPT trap"}, + {6, "SIGABRT", "abort trap"}, + {7, "SIGEMT", "EMT trap"}, + {8, "SIGFPE", "floating point exception"}, + {9, "SIGKILL", "killed"}, + {10, "SIGBUS", "bus error"}, + {11, "SIGSEGV", "segmentation fault"}, + {12, "SIGSYS", "bad system call"}, + {13, "SIGPIPE", "broken pipe"}, + {14, "SIGALRM", "alarm clock"}, + {15, "SIGTERM", "terminated"}, + {16, "SIGURG", "urgent I/O condition"}, + {17, "SIGSTOP", "suspended (signal)"}, + {18, "SIGTSTP", "suspended"}, + {19, "SIGCONT", "continued"}, + {20, "SIGCHLD", "child exited"}, + {21, "SIGTTIN", "stopped (tty input)"}, + {22, "SIGTTOU", "stopped (tty output)"}, + {23, "SIGIO", "I/O possible"}, + {24, "SIGXCPU", "cputime limit exceeded"}, + {25, "SIGXFSZ", "filesize limit exceeded"}, + {26, "SIGVTALRM", "virtual timer expired"}, + {27, "SIGPROF", "profiling timer expired"}, + {28, "SIGWINCH", "window size changes"}, + {29, "SIGINFO", "information request"}, + {30, "SIGUSR1", "user defined signal 1"}, + {31, "SIGUSR2", "user defined signal 2"}, + {32, "SIGTHR", "thread AST"}, +} diff --git a/vendor/golang.org/x/sys/unix/zerrors_openbsd_riscv64.go b/vendor/golang.org/x/sys/unix/zerrors_openbsd_riscv64.go new file mode 100644 index 00000000000..13d403031ed --- /dev/null +++ b/vendor/golang.org/x/sys/unix/zerrors_openbsd_riscv64.go @@ -0,0 +1,1904 @@ +// mkerrors.sh -m64 +// Code generated by the command above; see README.md. DO NOT EDIT. + +//go:build riscv64 && openbsd +// +build riscv64,openbsd + +// Code generated by cmd/cgo -godefs; DO NOT EDIT. +// cgo -godefs -- -m64 _const.go + +package unix + +import "syscall" + +const ( + AF_APPLETALK = 0x10 + AF_BLUETOOTH = 0x20 + AF_CCITT = 0xa + AF_CHAOS = 0x5 + AF_CNT = 0x15 + AF_COIP = 0x14 + AF_DATAKIT = 0x9 + AF_DECnet = 0xc + AF_DLI = 0xd + AF_E164 = 0x1a + AF_ECMA = 0x8 + AF_ENCAP = 0x1c + AF_HYLINK = 0xf + AF_IMPLINK = 0x3 + AF_INET = 0x2 + AF_INET6 = 0x18 + AF_IPX = 0x17 + AF_ISDN = 0x1a + AF_ISO = 0x7 + AF_KEY = 0x1e + AF_LAT = 0xe + AF_LINK = 0x12 + AF_LOCAL = 0x1 + AF_MAX = 0x24 + AF_MPLS = 0x21 + AF_NATM = 0x1b + AF_NS = 0x6 + AF_OSI = 0x7 + AF_PUP = 0x4 + AF_ROUTE = 0x11 + AF_SIP = 0x1d + AF_SNA = 0xb + AF_UNIX = 0x1 + AF_UNSPEC = 0x0 + ALTWERASE = 0x200 + ARPHRD_ETHER = 0x1 + ARPHRD_FRELAY = 0xf + ARPHRD_IEEE1394 = 0x18 + ARPHRD_IEEE802 = 0x6 + B0 = 0x0 + B110 = 0x6e + B115200 = 0x1c200 + B1200 = 0x4b0 + B134 = 0x86 + B14400 = 0x3840 + B150 = 0x96 + B1800 = 0x708 + B19200 = 0x4b00 + B200 = 0xc8 + B230400 = 0x38400 + B2400 = 0x960 + B28800 = 0x7080 + B300 = 0x12c + B38400 = 0x9600 + B4800 = 0x12c0 + B50 = 0x32 + B57600 = 0xe100 + B600 = 0x258 + B7200 = 0x1c20 + B75 = 0x4b + B76800 = 0x12c00 + B9600 = 0x2580 + BIOCFLUSH = 0x20004268 + BIOCGBLEN = 0x40044266 + BIOCGDIRFILT = 0x4004427c + BIOCGDLT = 0x4004426a + BIOCGDLTLIST = 0xc010427b + BIOCGETIF = 0x4020426b + BIOCGFILDROP = 0x40044278 + BIOCGHDRCMPLT = 0x40044274 + BIOCGRSIG = 0x40044273 + BIOCGRTIMEOUT = 0x4010426e + BIOCGSTATS = 0x4008426f + BIOCIMMEDIATE = 0x80044270 + BIOCLOCK = 0x20004276 + BIOCPROMISC = 0x20004269 + BIOCSBLEN = 0xc0044266 + BIOCSDIRFILT = 0x8004427d + BIOCSDLT = 0x8004427a + BIOCSETF = 0x80104267 + BIOCSETIF = 0x8020426c + BIOCSETWF = 0x80104277 + BIOCSFILDROP = 0x80044279 + BIOCSHDRCMPLT = 0x80044275 + BIOCSRSIG = 0x80044272 + BIOCSRTIMEOUT = 0x8010426d + BIOCVERSION = 0x40044271 + BPF_A = 0x10 + BPF_ABS = 0x20 + BPF_ADD = 0x0 + BPF_ALIGNMENT = 0x4 + BPF_ALU = 0x4 + BPF_AND = 0x50 + BPF_B = 0x10 + BPF_DIRECTION_IN = 0x1 + BPF_DIRECTION_OUT = 0x2 + BPF_DIV = 0x30 + BPF_FILDROP_CAPTURE = 0x1 + BPF_FILDROP_DROP = 0x2 + BPF_FILDROP_PASS = 0x0 + BPF_F_DIR_IN = 0x10 + BPF_F_DIR_MASK = 0x30 + BPF_F_DIR_OUT = 0x20 + BPF_F_DIR_SHIFT = 0x4 + BPF_F_FLOWID = 0x8 + BPF_F_PRI_MASK = 0x7 + BPF_H = 0x8 + BPF_IMM = 0x0 + BPF_IND = 0x40 + BPF_JA = 0x0 + BPF_JEQ = 0x10 + BPF_JGE = 0x30 + BPF_JGT = 0x20 + BPF_JMP = 0x5 + BPF_JSET = 0x40 + BPF_K = 0x0 + BPF_LD = 0x0 + BPF_LDX = 0x1 + BPF_LEN = 0x80 + BPF_LSH = 0x60 + BPF_MAJOR_VERSION = 0x1 + BPF_MAXBUFSIZE = 0x200000 + BPF_MAXINSNS = 0x200 + BPF_MEM = 0x60 + BPF_MEMWORDS = 0x10 + BPF_MINBUFSIZE = 0x20 + BPF_MINOR_VERSION = 0x1 + BPF_MISC = 0x7 + BPF_MSH = 0xa0 + BPF_MUL = 0x20 + BPF_NEG = 0x80 + BPF_OR = 0x40 + BPF_RELEASE = 0x30bb6 + BPF_RET = 0x6 + BPF_RND = 0xc0 + BPF_RSH = 0x70 + BPF_ST = 0x2 + BPF_STX = 0x3 + BPF_SUB = 0x10 + BPF_TAX = 0x0 + BPF_TXA = 0x80 + BPF_W = 0x0 + BPF_X = 0x8 + BRKINT = 0x2 + CFLUSH = 0xf + CLOCAL = 0x8000 + CLOCK_BOOTTIME = 0x6 + CLOCK_MONOTONIC = 0x3 + CLOCK_PROCESS_CPUTIME_ID = 0x2 + CLOCK_REALTIME = 0x0 + CLOCK_THREAD_CPUTIME_ID = 0x4 + CLOCK_UPTIME = 0x5 + CPUSTATES = 0x6 + CP_IDLE = 0x5 + CP_INTR = 0x4 + CP_NICE = 0x1 + CP_SPIN = 0x3 + CP_SYS = 0x2 + CP_USER = 0x0 + CREAD = 0x800 + CRTSCTS = 0x10000 + CS5 = 0x0 + CS6 = 0x100 + CS7 = 0x200 + CS8 = 0x300 + CSIZE = 0x300 + CSTART = 0x11 + CSTATUS = 0xff + CSTOP = 0x13 + CSTOPB = 0x400 + CSUSP = 0x1a + CTL_HW = 0x6 + CTL_KERN = 0x1 + CTL_MAXNAME = 0xc + CTL_NET = 0x4 + DIOCADDQUEUE = 0xc110445d + DIOCADDRULE = 0xcd604404 + DIOCADDSTATE = 0xc1084425 + DIOCCHANGERULE = 0xcd60441a + DIOCCLRIFFLAG = 0xc028445a + DIOCCLRSRCNODES = 0x20004455 + DIOCCLRSTATES = 0xc0e04412 + DIOCCLRSTATUS = 0xc0284416 + DIOCGETLIMIT = 0xc0084427 + DIOCGETQSTATS = 0xc1204460 + DIOCGETQUEUE = 0xc110445f + DIOCGETQUEUES = 0xc110445e + DIOCGETRULE = 0xcd604407 + DIOCGETRULES = 0xcd604406 + DIOCGETRULESET = 0xc444443b + DIOCGETRULESETS = 0xc444443a + DIOCGETSRCNODES = 0xc0104454 + DIOCGETSTATE = 0xc1084413 + DIOCGETSTATES = 0xc0104419 + DIOCGETSTATUS = 0xc1e84415 + DIOCGETSYNFLWATS = 0xc0084463 + DIOCGETTIMEOUT = 0xc008441e + DIOCIGETIFACES = 0xc0284457 + DIOCKILLSRCNODES = 0xc080445b + DIOCKILLSTATES = 0xc0e04429 + DIOCNATLOOK = 0xc0504417 + DIOCOSFPADD = 0xc088444f + DIOCOSFPFLUSH = 0x2000444e + DIOCOSFPGET = 0xc0884450 + DIOCRADDADDRS = 0xc4504443 + DIOCRADDTABLES = 0xc450443d + DIOCRCLRADDRS = 0xc4504442 + DIOCRCLRASTATS = 0xc4504448 + DIOCRCLRTABLES = 0xc450443c + DIOCRCLRTSTATS = 0xc4504441 + DIOCRDELADDRS = 0xc4504444 + DIOCRDELTABLES = 0xc450443e + DIOCRGETADDRS = 0xc4504446 + DIOCRGETASTATS = 0xc4504447 + DIOCRGETTABLES = 0xc450443f + DIOCRGETTSTATS = 0xc4504440 + DIOCRINADEFINE = 0xc450444d + DIOCRSETADDRS = 0xc4504445 + DIOCRSETTFLAGS = 0xc450444a + DIOCRTSTADDRS = 0xc4504449 + DIOCSETDEBUG = 0xc0044418 + DIOCSETHOSTID = 0xc0044456 + DIOCSETIFFLAG = 0xc0284459 + DIOCSETLIMIT = 0xc0084428 + DIOCSETREASS = 0xc004445c + DIOCSETSTATUSIF = 0xc0284414 + DIOCSETSYNCOOKIES = 0xc0014462 + DIOCSETSYNFLWATS = 0xc0084461 + DIOCSETTIMEOUT = 0xc008441d + DIOCSTART = 0x20004401 + DIOCSTOP = 0x20004402 + DIOCXBEGIN = 0xc0104451 + DIOCXCOMMIT = 0xc0104452 + DIOCXROLLBACK = 0xc0104453 + DLT_ARCNET = 0x7 + DLT_ATM_RFC1483 = 0xb + DLT_AX25 = 0x3 + DLT_CHAOS = 0x5 + DLT_C_HDLC = 0x68 + DLT_EN10MB = 0x1 + DLT_EN3MB = 0x2 + DLT_ENC = 0xd + DLT_FDDI = 0xa + DLT_IEEE802 = 0x6 + DLT_IEEE802_11 = 0x69 + DLT_IEEE802_11_RADIO = 0x7f + DLT_LOOP = 0xc + DLT_MPLS = 0xdb + DLT_NULL = 0x0 + DLT_OPENFLOW = 0x10b + DLT_PFLOG = 0x75 + DLT_PFSYNC = 0x12 + DLT_PPP = 0x9 + DLT_PPP_BSDOS = 0x10 + DLT_PPP_ETHER = 0x33 + DLT_PPP_SERIAL = 0x32 + DLT_PRONET = 0x4 + DLT_RAW = 0xe + DLT_SLIP = 0x8 + DLT_SLIP_BSDOS = 0xf + DLT_USBPCAP = 0xf9 + DLT_USER0 = 0x93 + DLT_USER1 = 0x94 + DLT_USER10 = 0x9d + DLT_USER11 = 0x9e + DLT_USER12 = 0x9f + DLT_USER13 = 0xa0 + DLT_USER14 = 0xa1 + DLT_USER15 = 0xa2 + DLT_USER2 = 0x95 + DLT_USER3 = 0x96 + DLT_USER4 = 0x97 + DLT_USER5 = 0x98 + DLT_USER6 = 0x99 + DLT_USER7 = 0x9a + DLT_USER8 = 0x9b + DLT_USER9 = 0x9c + DT_BLK = 0x6 + DT_CHR = 0x2 + DT_DIR = 0x4 + DT_FIFO = 0x1 + DT_LNK = 0xa + DT_REG = 0x8 + DT_SOCK = 0xc + DT_UNKNOWN = 0x0 + ECHO = 0x8 + ECHOCTL = 0x40 + ECHOE = 0x2 + ECHOK = 0x4 + ECHOKE = 0x1 + ECHONL = 0x10 + ECHOPRT = 0x20 + EMT_TAGOVF = 0x1 + EMUL_ENABLED = 0x1 + EMUL_NATIVE = 0x2 + ENDRUNDISC = 0x9 + ETH64_8021_RSVD_MASK = 0xfffffffffff0 + ETH64_8021_RSVD_PREFIX = 0x180c2000000 + ETHERMIN = 0x2e + ETHERMTU = 0x5dc + ETHERTYPE_8023 = 0x4 + ETHERTYPE_AARP = 0x80f3 + ETHERTYPE_ACCTON = 0x8390 + ETHERTYPE_AEONIC = 0x8036 + ETHERTYPE_ALPHA = 0x814a + ETHERTYPE_AMBER = 0x6008 + ETHERTYPE_AMOEBA = 0x8145 + ETHERTYPE_AOE = 0x88a2 + ETHERTYPE_APOLLO = 0x80f7 + ETHERTYPE_APOLLODOMAIN = 0x8019 + ETHERTYPE_APPLETALK = 0x809b + ETHERTYPE_APPLITEK = 0x80c7 + ETHERTYPE_ARGONAUT = 0x803a + ETHERTYPE_ARP = 0x806 + ETHERTYPE_AT = 0x809b + ETHERTYPE_ATALK = 0x809b + ETHERTYPE_ATOMIC = 0x86df + ETHERTYPE_ATT = 0x8069 + ETHERTYPE_ATTSTANFORD = 0x8008 + ETHERTYPE_AUTOPHON = 0x806a + ETHERTYPE_AXIS = 0x8856 + ETHERTYPE_BCLOOP = 0x9003 + ETHERTYPE_BOFL = 0x8102 + ETHERTYPE_CABLETRON = 0x7034 + ETHERTYPE_CHAOS = 0x804 + ETHERTYPE_COMDESIGN = 0x806c + ETHERTYPE_COMPUGRAPHIC = 0x806d + ETHERTYPE_COUNTERPOINT = 0x8062 + ETHERTYPE_CRONUS = 0x8004 + ETHERTYPE_CRONUSVLN = 0x8003 + ETHERTYPE_DCA = 0x1234 + ETHERTYPE_DDE = 0x807b + ETHERTYPE_DEBNI = 0xaaaa + ETHERTYPE_DECAM = 0x8048 + ETHERTYPE_DECCUST = 0x6006 + ETHERTYPE_DECDIAG = 0x6005 + ETHERTYPE_DECDNS = 0x803c + ETHERTYPE_DECDTS = 0x803e + ETHERTYPE_DECEXPER = 0x6000 + ETHERTYPE_DECLAST = 0x8041 + ETHERTYPE_DECLTM = 0x803f + ETHERTYPE_DECMUMPS = 0x6009 + ETHERTYPE_DECNETBIOS = 0x8040 + ETHERTYPE_DELTACON = 0x86de + ETHERTYPE_DIDDLE = 0x4321 + ETHERTYPE_DLOG1 = 0x660 + ETHERTYPE_DLOG2 = 0x661 + ETHERTYPE_DN = 0x6003 + ETHERTYPE_DOGFIGHT = 0x1989 + ETHERTYPE_DSMD = 0x8039 + ETHERTYPE_EAPOL = 0x888e + ETHERTYPE_ECMA = 0x803 + ETHERTYPE_ENCRYPT = 0x803d + ETHERTYPE_ES = 0x805d + ETHERTYPE_EXCELAN = 0x8010 + ETHERTYPE_EXPERDATA = 0x8049 + ETHERTYPE_FLIP = 0x8146 + ETHERTYPE_FLOWCONTROL = 0x8808 + ETHERTYPE_FRARP = 0x808 + ETHERTYPE_GENDYN = 0x8068 + ETHERTYPE_HAYES = 0x8130 + ETHERTYPE_HIPPI_FP = 0x8180 + ETHERTYPE_HITACHI = 0x8820 + ETHERTYPE_HP = 0x8005 + ETHERTYPE_IEEEPUP = 0xa00 + ETHERTYPE_IEEEPUPAT = 0xa01 + ETHERTYPE_IMLBL = 0x4c42 + ETHERTYPE_IMLBLDIAG = 0x424c + ETHERTYPE_IP = 0x800 + ETHERTYPE_IPAS = 0x876c + ETHERTYPE_IPV6 = 0x86dd + ETHERTYPE_IPX = 0x8137 + ETHERTYPE_IPXNEW = 0x8037 + ETHERTYPE_KALPANA = 0x8582 + ETHERTYPE_LANBRIDGE = 0x8038 + ETHERTYPE_LANPROBE = 0x8888 + ETHERTYPE_LAT = 0x6004 + ETHERTYPE_LBACK = 0x9000 + ETHERTYPE_LITTLE = 0x8060 + ETHERTYPE_LLDP = 0x88cc + ETHERTYPE_LOGICRAFT = 0x8148 + ETHERTYPE_LOOPBACK = 0x9000 + ETHERTYPE_MACSEC = 0x88e5 + ETHERTYPE_MATRA = 0x807a + ETHERTYPE_MAX = 0xffff + ETHERTYPE_MERIT = 0x807c + ETHERTYPE_MICP = 0x873a + ETHERTYPE_MOPDL = 0x6001 + ETHERTYPE_MOPRC = 0x6002 + ETHERTYPE_MOTOROLA = 0x818d + ETHERTYPE_MPLS = 0x8847 + ETHERTYPE_MPLS_MCAST = 0x8848 + ETHERTYPE_MUMPS = 0x813f + ETHERTYPE_NBPCC = 0x3c04 + ETHERTYPE_NBPCLAIM = 0x3c09 + ETHERTYPE_NBPCLREQ = 0x3c05 + ETHERTYPE_NBPCLRSP = 0x3c06 + ETHERTYPE_NBPCREQ = 0x3c02 + ETHERTYPE_NBPCRSP = 0x3c03 + ETHERTYPE_NBPDG = 0x3c07 + ETHERTYPE_NBPDGB = 0x3c08 + ETHERTYPE_NBPDLTE = 0x3c0a + ETHERTYPE_NBPRAR = 0x3c0c + ETHERTYPE_NBPRAS = 0x3c0b + ETHERTYPE_NBPRST = 0x3c0d + ETHERTYPE_NBPSCD = 0x3c01 + ETHERTYPE_NBPVCD = 0x3c00 + ETHERTYPE_NBS = 0x802 + ETHERTYPE_NCD = 0x8149 + ETHERTYPE_NESTAR = 0x8006 + ETHERTYPE_NETBEUI = 0x8191 + ETHERTYPE_NHRP = 0x2001 + ETHERTYPE_NOVELL = 0x8138 + ETHERTYPE_NS = 0x600 + ETHERTYPE_NSAT = 0x601 + ETHERTYPE_NSCOMPAT = 0x807 + ETHERTYPE_NSH = 0x984f + ETHERTYPE_NTRAILER = 0x10 + ETHERTYPE_OS9 = 0x7007 + ETHERTYPE_OS9NET = 0x7009 + ETHERTYPE_PACER = 0x80c6 + ETHERTYPE_PBB = 0x88e7 + ETHERTYPE_PCS = 0x4242 + ETHERTYPE_PLANNING = 0x8044 + ETHERTYPE_PPP = 0x880b + ETHERTYPE_PPPOE = 0x8864 + ETHERTYPE_PPPOEDISC = 0x8863 + ETHERTYPE_PRIMENTS = 0x7031 + ETHERTYPE_PUP = 0x200 + ETHERTYPE_PUPAT = 0x200 + ETHERTYPE_QINQ = 0x88a8 + ETHERTYPE_RACAL = 0x7030 + ETHERTYPE_RATIONAL = 0x8150 + ETHERTYPE_RAWFR = 0x6559 + ETHERTYPE_RCL = 0x1995 + ETHERTYPE_RDP = 0x8739 + ETHERTYPE_RETIX = 0x80f2 + ETHERTYPE_REVARP = 0x8035 + ETHERTYPE_SCA = 0x6007 + ETHERTYPE_SECTRA = 0x86db + ETHERTYPE_SECUREDATA = 0x876d + ETHERTYPE_SGITW = 0x817e + ETHERTYPE_SG_BOUNCE = 0x8016 + ETHERTYPE_SG_DIAG = 0x8013 + ETHERTYPE_SG_NETGAMES = 0x8014 + ETHERTYPE_SG_RESV = 0x8015 + ETHERTYPE_SIMNET = 0x5208 + ETHERTYPE_SLOW = 0x8809 + ETHERTYPE_SNA = 0x80d5 + ETHERTYPE_SNMP = 0x814c + ETHERTYPE_SONIX = 0xfaf5 + ETHERTYPE_SPIDER = 0x809f + ETHERTYPE_SPRITE = 0x500 + ETHERTYPE_STP = 0x8181 + ETHERTYPE_TALARIS = 0x812b + ETHERTYPE_TALARISMC = 0x852b + ETHERTYPE_TCPCOMP = 0x876b + ETHERTYPE_TCPSM = 0x9002 + ETHERTYPE_TEC = 0x814f + ETHERTYPE_TIGAN = 0x802f + ETHERTYPE_TRAIL = 0x1000 + ETHERTYPE_TRANSETHER = 0x6558 + ETHERTYPE_TYMSHARE = 0x802e + ETHERTYPE_UBBST = 0x7005 + ETHERTYPE_UBDEBUG = 0x900 + ETHERTYPE_UBDIAGLOOP = 0x7002 + ETHERTYPE_UBDL = 0x7000 + ETHERTYPE_UBNIU = 0x7001 + ETHERTYPE_UBNMC = 0x7003 + ETHERTYPE_VALID = 0x1600 + ETHERTYPE_VARIAN = 0x80dd + ETHERTYPE_VAXELN = 0x803b + ETHERTYPE_VEECO = 0x8067 + ETHERTYPE_VEXP = 0x805b + ETHERTYPE_VGLAB = 0x8131 + ETHERTYPE_VINES = 0xbad + ETHERTYPE_VINESECHO = 0xbaf + ETHERTYPE_VINESLOOP = 0xbae + ETHERTYPE_VITAL = 0xff00 + ETHERTYPE_VLAN = 0x8100 + ETHERTYPE_VLTLMAN = 0x8080 + ETHERTYPE_VPROD = 0x805c + ETHERTYPE_VURESERVED = 0x8147 + ETHERTYPE_WATERLOO = 0x8130 + ETHERTYPE_WELLFLEET = 0x8103 + ETHERTYPE_X25 = 0x805 + ETHERTYPE_X75 = 0x801 + ETHERTYPE_XNSSM = 0x9001 + ETHERTYPE_XTP = 0x817d + ETHER_ADDR_LEN = 0x6 + ETHER_ALIGN = 0x2 + ETHER_CRC_LEN = 0x4 + ETHER_CRC_POLY_BE = 0x4c11db6 + ETHER_CRC_POLY_LE = 0xedb88320 + ETHER_HDR_LEN = 0xe + ETHER_MAX_DIX_LEN = 0x600 + ETHER_MAX_HARDMTU_LEN = 0xff9b + ETHER_MAX_LEN = 0x5ee + ETHER_MIN_LEN = 0x40 + ETHER_TYPE_LEN = 0x2 + ETHER_VLAN_ENCAP_LEN = 0x4 + EVFILT_AIO = -0x3 + EVFILT_DEVICE = -0x8 + EVFILT_EXCEPT = -0x9 + EVFILT_PROC = -0x5 + EVFILT_READ = -0x1 + EVFILT_SIGNAL = -0x6 + EVFILT_SYSCOUNT = 0x9 + EVFILT_TIMER = -0x7 + EVFILT_VNODE = -0x4 + EVFILT_WRITE = -0x2 + EVL_ENCAPLEN = 0x4 + EVL_PRIO_BITS = 0xd + EVL_PRIO_MAX = 0x7 + EVL_VLID_MASK = 0xfff + EVL_VLID_MAX = 0xffe + EVL_VLID_MIN = 0x1 + EVL_VLID_NULL = 0x0 + EV_ADD = 0x1 + EV_CLEAR = 0x20 + EV_DELETE = 0x2 + EV_DISABLE = 0x8 + EV_DISPATCH = 0x80 + EV_ENABLE = 0x4 + EV_EOF = 0x8000 + EV_ERROR = 0x4000 + EV_FLAG1 = 0x2000 + EV_ONESHOT = 0x10 + EV_RECEIPT = 0x40 + EV_SYSFLAGS = 0xf800 + EXTA = 0x4b00 + EXTB = 0x9600 + EXTPROC = 0x800 + FD_CLOEXEC = 0x1 + FD_SETSIZE = 0x400 + FLUSHO = 0x800000 + F_DUPFD = 0x0 + F_DUPFD_CLOEXEC = 0xa + F_GETFD = 0x1 + F_GETFL = 0x3 + F_GETLK = 0x7 + F_GETOWN = 0x5 + F_ISATTY = 0xb + F_OK = 0x0 + F_RDLCK = 0x1 + F_SETFD = 0x2 + F_SETFL = 0x4 + F_SETLK = 0x8 + F_SETLKW = 0x9 + F_SETOWN = 0x6 + F_UNLCK = 0x2 + F_WRLCK = 0x3 + HUPCL = 0x4000 + HW_MACHINE = 0x1 + ICANON = 0x100 + ICMP6_FILTER = 0x12 + ICRNL = 0x100 + IEXTEN = 0x400 + IFAN_ARRIVAL = 0x0 + IFAN_DEPARTURE = 0x1 + IFF_ALLMULTI = 0x200 + IFF_BROADCAST = 0x2 + IFF_CANTCHANGE = 0x8e52 + IFF_DEBUG = 0x4 + IFF_LINK0 = 0x1000 + IFF_LINK1 = 0x2000 + IFF_LINK2 = 0x4000 + IFF_LOOPBACK = 0x8 + IFF_MULTICAST = 0x8000 + IFF_NOARP = 0x80 + IFF_OACTIVE = 0x400 + IFF_POINTOPOINT = 0x10 + IFF_PROMISC = 0x100 + IFF_RUNNING = 0x40 + IFF_SIMPLEX = 0x800 + IFF_STATICARP = 0x20 + IFF_UP = 0x1 + IFNAMSIZ = 0x10 + IFT_1822 = 0x2 + IFT_A12MPPSWITCH = 0x82 + IFT_AAL2 = 0xbb + IFT_AAL5 = 0x31 + IFT_ADSL = 0x5e + IFT_AFLANE8023 = 0x3b + IFT_AFLANE8025 = 0x3c + IFT_ARAP = 0x58 + IFT_ARCNET = 0x23 + IFT_ARCNETPLUS = 0x24 + IFT_ASYNC = 0x54 + IFT_ATM = 0x25 + IFT_ATMDXI = 0x69 + IFT_ATMFUNI = 0x6a + IFT_ATMIMA = 0x6b + IFT_ATMLOGICAL = 0x50 + IFT_ATMRADIO = 0xbd + IFT_ATMSUBINTERFACE = 0x86 + IFT_ATMVCIENDPT = 0xc2 + IFT_ATMVIRTUAL = 0x95 + IFT_BGPPOLICYACCOUNTING = 0xa2 + IFT_BLUETOOTH = 0xf8 + IFT_BRIDGE = 0xd1 + IFT_BSC = 0x53 + IFT_CARP = 0xf7 + IFT_CCTEMUL = 0x3d + IFT_CEPT = 0x13 + IFT_CES = 0x85 + IFT_CHANNEL = 0x46 + IFT_CNR = 0x55 + IFT_COFFEE = 0x84 + IFT_COMPOSITELINK = 0x9b + IFT_DCN = 0x8d + IFT_DIGITALPOWERLINE = 0x8a + IFT_DIGITALWRAPPEROVERHEADCHANNEL = 0xba + IFT_DLSW = 0x4a + IFT_DOCSCABLEDOWNSTREAM = 0x80 + IFT_DOCSCABLEMACLAYER = 0x7f + IFT_DOCSCABLEUPSTREAM = 0x81 + IFT_DOCSCABLEUPSTREAMCHANNEL = 0xcd + IFT_DS0 = 0x51 + IFT_DS0BUNDLE = 0x52 + IFT_DS1FDL = 0xaa + IFT_DS3 = 0x1e + IFT_DTM = 0x8c + IFT_DUMMY = 0xf1 + IFT_DVBASILN = 0xac + IFT_DVBASIOUT = 0xad + IFT_DVBRCCDOWNSTREAM = 0x93 + IFT_DVBRCCMACLAYER = 0x92 + IFT_DVBRCCUPSTREAM = 0x94 + IFT_ECONET = 0xce + IFT_ENC = 0xf4 + IFT_EON = 0x19 + IFT_EPLRS = 0x57 + IFT_ESCON = 0x49 + IFT_ETHER = 0x6 + IFT_FAITH = 0xf3 + IFT_FAST = 0x7d + IFT_FASTETHER = 0x3e + IFT_FASTETHERFX = 0x45 + IFT_FDDI = 0xf + IFT_FIBRECHANNEL = 0x38 + IFT_FRAMERELAYINTERCONNECT = 0x3a + IFT_FRAMERELAYMPI = 0x5c + IFT_FRDLCIENDPT = 0xc1 + IFT_FRELAY = 0x20 + IFT_FRELAYDCE = 0x2c + IFT_FRF16MFRBUNDLE = 0xa3 + IFT_FRFORWARD = 0x9e + IFT_G703AT2MB = 0x43 + IFT_G703AT64K = 0x42 + IFT_GIF = 0xf0 + IFT_GIGABITETHERNET = 0x75 + IFT_GR303IDT = 0xb2 + IFT_GR303RDT = 0xb1 + IFT_H323GATEKEEPER = 0xa4 + IFT_H323PROXY = 0xa5 + IFT_HDH1822 = 0x3 + IFT_HDLC = 0x76 + IFT_HDSL2 = 0xa8 + IFT_HIPERLAN2 = 0xb7 + IFT_HIPPI = 0x2f + IFT_HIPPIINTERFACE = 0x39 + IFT_HOSTPAD = 0x5a + IFT_HSSI = 0x2e + IFT_HY = 0xe + IFT_IBM370PARCHAN = 0x48 + IFT_IDSL = 0x9a + IFT_IEEE1394 = 0x90 + IFT_IEEE80211 = 0x47 + IFT_IEEE80212 = 0x37 + IFT_IEEE8023ADLAG = 0xa1 + IFT_IFGSN = 0x91 + IFT_IMT = 0xbe + IFT_INFINIBAND = 0xc7 + IFT_INTERLEAVE = 0x7c + IFT_IP = 0x7e + IFT_IPFORWARD = 0x8e + IFT_IPOVERATM = 0x72 + IFT_IPOVERCDLC = 0x6d + IFT_IPOVERCLAW = 0x6e + IFT_IPSWITCH = 0x4e + IFT_ISDN = 0x3f + IFT_ISDNBASIC = 0x14 + IFT_ISDNPRIMARY = 0x15 + IFT_ISDNS = 0x4b + IFT_ISDNU = 0x4c + IFT_ISO88022LLC = 0x29 + IFT_ISO88023 = 0x7 + IFT_ISO88024 = 0x8 + IFT_ISO88025 = 0x9 + IFT_ISO88025CRFPINT = 0x62 + IFT_ISO88025DTR = 0x56 + IFT_ISO88025FIBER = 0x73 + IFT_ISO88026 = 0xa + IFT_ISUP = 0xb3 + IFT_L2VLAN = 0x87 + IFT_L3IPVLAN = 0x88 + IFT_L3IPXVLAN = 0x89 + IFT_LAPB = 0x10 + IFT_LAPD = 0x4d + IFT_LAPF = 0x77 + IFT_LINEGROUP = 0xd2 + IFT_LOCALTALK = 0x2a + IFT_LOOP = 0x18 + IFT_MBIM = 0xfa + IFT_MEDIAMAILOVERIP = 0x8b + IFT_MFSIGLINK = 0xa7 + IFT_MIOX25 = 0x26 + IFT_MODEM = 0x30 + IFT_MPC = 0x71 + IFT_MPLS = 0xa6 + IFT_MPLSTUNNEL = 0x96 + IFT_MSDSL = 0x8f + IFT_MVL = 0xbf + IFT_MYRINET = 0x63 + IFT_NFAS = 0xaf + IFT_NSIP = 0x1b + IFT_OPTICALCHANNEL = 0xc3 + IFT_OPTICALTRANSPORT = 0xc4 + IFT_OTHER = 0x1 + IFT_P10 = 0xc + IFT_P80 = 0xd + IFT_PARA = 0x22 + IFT_PFLOG = 0xf5 + IFT_PFLOW = 0xf9 + IFT_PFSYNC = 0xf6 + IFT_PLC = 0xae + IFT_PON155 = 0xcf + IFT_PON622 = 0xd0 + IFT_POS = 0xab + IFT_PPP = 0x17 + IFT_PPPMULTILINKBUNDLE = 0x6c + IFT_PROPATM = 0xc5 + IFT_PROPBWAP2MP = 0xb8 + IFT_PROPCNLS = 0x59 + IFT_PROPDOCSWIRELESSDOWNSTREAM = 0xb5 + IFT_PROPDOCSWIRELESSMACLAYER = 0xb4 + IFT_PROPDOCSWIRELESSUPSTREAM = 0xb6 + IFT_PROPMUX = 0x36 + IFT_PROPVIRTUAL = 0x35 + IFT_PROPWIRELESSP2P = 0x9d + IFT_PTPSERIAL = 0x16 + IFT_PVC = 0xf2 + IFT_Q2931 = 0xc9 + IFT_QLLC = 0x44 + IFT_RADIOMAC = 0xbc + IFT_RADSL = 0x5f + IFT_REACHDSL = 0xc0 + IFT_RFC1483 = 0x9f + IFT_RS232 = 0x21 + IFT_RSRB = 0x4f + IFT_SDLC = 0x11 + IFT_SDSL = 0x60 + IFT_SHDSL = 0xa9 + IFT_SIP = 0x1f + IFT_SIPSIG = 0xcc + IFT_SIPTG = 0xcb + IFT_SLIP = 0x1c + IFT_SMDSDXI = 0x2b + IFT_SMDSICIP = 0x34 + IFT_SONET = 0x27 + IFT_SONETOVERHEADCHANNEL = 0xb9 + IFT_SONETPATH = 0x32 + IFT_SONETVT = 0x33 + IFT_SRP = 0x97 + IFT_SS7SIGLINK = 0x9c + IFT_STACKTOSTACK = 0x6f + IFT_STARLAN = 0xb + IFT_T1 = 0x12 + IFT_TDLC = 0x74 + IFT_TELINK = 0xc8 + IFT_TERMPAD = 0x5b + IFT_TR008 = 0xb0 + IFT_TRANSPHDLC = 0x7b + IFT_TUNNEL = 0x83 + IFT_ULTRA = 0x1d + IFT_USB = 0xa0 + IFT_V11 = 0x40 + IFT_V35 = 0x2d + IFT_V36 = 0x41 + IFT_V37 = 0x78 + IFT_VDSL = 0x61 + IFT_VIRTUALIPADDRESS = 0x70 + IFT_VIRTUALTG = 0xca + IFT_VOICEDID = 0xd5 + IFT_VOICEEM = 0x64 + IFT_VOICEEMFGD = 0xd3 + IFT_VOICEENCAP = 0x67 + IFT_VOICEFGDEANA = 0xd4 + IFT_VOICEFXO = 0x65 + IFT_VOICEFXS = 0x66 + IFT_VOICEOVERATM = 0x98 + IFT_VOICEOVERCABLE = 0xc6 + IFT_VOICEOVERFRAMERELAY = 0x99 + IFT_VOICEOVERIP = 0x68 + IFT_WIREGUARD = 0xfb + IFT_X213 = 0x5d + IFT_X25 = 0x5 + IFT_X25DDN = 0x4 + IFT_X25HUNTGROUP = 0x7a + IFT_X25MLP = 0x79 + IFT_X25PLE = 0x28 + IFT_XETHER = 0x1a + IGNBRK = 0x1 + IGNCR = 0x80 + IGNPAR = 0x4 + IMAXBEL = 0x2000 + INLCR = 0x40 + INPCK = 0x10 + IN_CLASSA_HOST = 0xffffff + IN_CLASSA_MAX = 0x80 + IN_CLASSA_NET = 0xff000000 + IN_CLASSA_NSHIFT = 0x18 + IN_CLASSB_HOST = 0xffff + IN_CLASSB_MAX = 0x10000 + IN_CLASSB_NET = 0xffff0000 + IN_CLASSB_NSHIFT = 0x10 + IN_CLASSC_HOST = 0xff + IN_CLASSC_NET = 0xffffff00 + IN_CLASSC_NSHIFT = 0x8 + IN_CLASSD_HOST = 0xfffffff + IN_CLASSD_NET = 0xf0000000 + IN_CLASSD_NSHIFT = 0x1c + IN_LOOPBACKNET = 0x7f + IN_RFC3021_HOST = 0x1 + IN_RFC3021_NET = 0xfffffffe + IN_RFC3021_NSHIFT = 0x1f + IPPROTO_AH = 0x33 + IPPROTO_CARP = 0x70 + IPPROTO_DIVERT = 0x102 + IPPROTO_DONE = 0x101 + IPPROTO_DSTOPTS = 0x3c + IPPROTO_EGP = 0x8 + IPPROTO_ENCAP = 0x62 + IPPROTO_EON = 0x50 + IPPROTO_ESP = 0x32 + IPPROTO_ETHERIP = 0x61 + IPPROTO_FRAGMENT = 0x2c + IPPROTO_GGP = 0x3 + IPPROTO_GRE = 0x2f + IPPROTO_HOPOPTS = 0x0 + IPPROTO_ICMP = 0x1 + IPPROTO_ICMPV6 = 0x3a + IPPROTO_IDP = 0x16 + IPPROTO_IGMP = 0x2 + IPPROTO_IP = 0x0 + IPPROTO_IPCOMP = 0x6c + IPPROTO_IPIP = 0x4 + IPPROTO_IPV4 = 0x4 + IPPROTO_IPV6 = 0x29 + IPPROTO_MAX = 0x100 + IPPROTO_MAXID = 0x103 + IPPROTO_MOBILE = 0x37 + IPPROTO_MPLS = 0x89 + IPPROTO_NONE = 0x3b + IPPROTO_PFSYNC = 0xf0 + IPPROTO_PIM = 0x67 + IPPROTO_PUP = 0xc + IPPROTO_RAW = 0xff + IPPROTO_ROUTING = 0x2b + IPPROTO_RSVP = 0x2e + IPPROTO_SCTP = 0x84 + IPPROTO_TCP = 0x6 + IPPROTO_TP = 0x1d + IPPROTO_UDP = 0x11 + IPPROTO_UDPLITE = 0x88 + IPV6_AUTH_LEVEL = 0x35 + IPV6_AUTOFLOWLABEL = 0x3b + IPV6_CHECKSUM = 0x1a + IPV6_DEFAULT_MULTICAST_HOPS = 0x1 + IPV6_DEFAULT_MULTICAST_LOOP = 0x1 + IPV6_DEFHLIM = 0x40 + IPV6_DONTFRAG = 0x3e + IPV6_DSTOPTS = 0x32 + IPV6_ESP_NETWORK_LEVEL = 0x37 + IPV6_ESP_TRANS_LEVEL = 0x36 + IPV6_FAITH = 0x1d + IPV6_FLOWINFO_MASK = 0xffffff0f + IPV6_FLOWLABEL_MASK = 0xffff0f00 + IPV6_FRAGTTL = 0x78 + IPV6_HLIMDEC = 0x1 + IPV6_HOPLIMIT = 0x2f + IPV6_HOPOPTS = 0x31 + IPV6_IPCOMP_LEVEL = 0x3c + IPV6_JOIN_GROUP = 0xc + IPV6_LEAVE_GROUP = 0xd + IPV6_MAXHLIM = 0xff + IPV6_MAXPACKET = 0xffff + IPV6_MINHOPCOUNT = 0x41 + IPV6_MMTU = 0x500 + IPV6_MULTICAST_HOPS = 0xa + IPV6_MULTICAST_IF = 0x9 + IPV6_MULTICAST_LOOP = 0xb + IPV6_NEXTHOP = 0x30 + IPV6_OPTIONS = 0x1 + IPV6_PATHMTU = 0x2c + IPV6_PIPEX = 0x3f + IPV6_PKTINFO = 0x2e + IPV6_PORTRANGE = 0xe + IPV6_PORTRANGE_DEFAULT = 0x0 + IPV6_PORTRANGE_HIGH = 0x1 + IPV6_PORTRANGE_LOW = 0x2 + IPV6_RECVDSTOPTS = 0x28 + IPV6_RECVDSTPORT = 0x40 + IPV6_RECVHOPLIMIT = 0x25 + IPV6_RECVHOPOPTS = 0x27 + IPV6_RECVPATHMTU = 0x2b + IPV6_RECVPKTINFO = 0x24 + IPV6_RECVRTHDR = 0x26 + IPV6_RECVTCLASS = 0x39 + IPV6_RTABLE = 0x1021 + IPV6_RTHDR = 0x33 + IPV6_RTHDRDSTOPTS = 0x23 + IPV6_RTHDR_LOOSE = 0x0 + IPV6_RTHDR_STRICT = 0x1 + IPV6_RTHDR_TYPE_0 = 0x0 + IPV6_SOCKOPT_RESERVED1 = 0x3 + IPV6_TCLASS = 0x3d + IPV6_UNICAST_HOPS = 0x4 + IPV6_USE_MIN_MTU = 0x2a + IPV6_V6ONLY = 0x1b + IPV6_VERSION = 0x60 + IPV6_VERSION_MASK = 0xf0 + IP_ADD_MEMBERSHIP = 0xc + IP_AUTH_LEVEL = 0x14 + IP_DEFAULT_MULTICAST_LOOP = 0x1 + IP_DEFAULT_MULTICAST_TTL = 0x1 + IP_DF = 0x4000 + IP_DROP_MEMBERSHIP = 0xd + IP_ESP_NETWORK_LEVEL = 0x16 + IP_ESP_TRANS_LEVEL = 0x15 + IP_HDRINCL = 0x2 + IP_IPCOMP_LEVEL = 0x1d + IP_IPDEFTTL = 0x25 + IP_IPSECFLOWINFO = 0x24 + IP_IPSEC_LOCAL_AUTH = 0x1b + IP_IPSEC_LOCAL_CRED = 0x19 + IP_IPSEC_LOCAL_ID = 0x17 + IP_IPSEC_REMOTE_AUTH = 0x1c + IP_IPSEC_REMOTE_CRED = 0x1a + IP_IPSEC_REMOTE_ID = 0x18 + IP_MAXPACKET = 0xffff + IP_MAX_MEMBERSHIPS = 0xfff + IP_MF = 0x2000 + IP_MINTTL = 0x20 + IP_MIN_MEMBERSHIPS = 0xf + IP_MSS = 0x240 + IP_MULTICAST_IF = 0x9 + IP_MULTICAST_LOOP = 0xb + IP_MULTICAST_TTL = 0xa + IP_OFFMASK = 0x1fff + IP_OPTIONS = 0x1 + IP_PIPEX = 0x22 + IP_PORTRANGE = 0x13 + IP_PORTRANGE_DEFAULT = 0x0 + IP_PORTRANGE_HIGH = 0x1 + IP_PORTRANGE_LOW = 0x2 + IP_RECVDSTADDR = 0x7 + IP_RECVDSTPORT = 0x21 + IP_RECVIF = 0x1e + IP_RECVOPTS = 0x5 + IP_RECVRETOPTS = 0x6 + IP_RECVRTABLE = 0x23 + IP_RECVTTL = 0x1f + IP_RETOPTS = 0x8 + IP_RF = 0x8000 + IP_RTABLE = 0x1021 + IP_SENDSRCADDR = 0x7 + IP_TOS = 0x3 + IP_TTL = 0x4 + ISIG = 0x80 + ISTRIP = 0x20 + ITIMER_PROF = 0x2 + ITIMER_REAL = 0x0 + ITIMER_VIRTUAL = 0x1 + IUCLC = 0x1000 + IXANY = 0x800 + IXOFF = 0x400 + IXON = 0x200 + KERN_HOSTNAME = 0xa + KERN_OSRELEASE = 0x2 + KERN_OSTYPE = 0x1 + KERN_VERSION = 0x4 + LCNT_OVERLOAD_FLUSH = 0x6 + LOCK_EX = 0x2 + LOCK_NB = 0x4 + LOCK_SH = 0x1 + LOCK_UN = 0x8 + MADV_DONTNEED = 0x4 + MADV_FREE = 0x6 + MADV_NORMAL = 0x0 + MADV_RANDOM = 0x1 + MADV_SEQUENTIAL = 0x2 + MADV_SPACEAVAIL = 0x5 + MADV_WILLNEED = 0x3 + MAP_ANON = 0x1000 + MAP_ANONYMOUS = 0x1000 + MAP_CONCEAL = 0x8000 + MAP_COPY = 0x2 + MAP_FILE = 0x0 + MAP_FIXED = 0x10 + MAP_FLAGMASK = 0xfff7 + MAP_HASSEMAPHORE = 0x0 + MAP_INHERIT = 0x0 + MAP_INHERIT_COPY = 0x1 + MAP_INHERIT_NONE = 0x2 + MAP_INHERIT_SHARE = 0x0 + MAP_INHERIT_ZERO = 0x3 + MAP_NOEXTEND = 0x0 + MAP_NORESERVE = 0x0 + MAP_PRIVATE = 0x2 + MAP_RENAME = 0x0 + MAP_SHARED = 0x1 + MAP_STACK = 0x4000 + MAP_TRYFIXED = 0x0 + MCL_CURRENT = 0x1 + MCL_FUTURE = 0x2 + MNT_ASYNC = 0x40 + MNT_DEFEXPORTED = 0x200 + MNT_DELEXPORT = 0x20000 + MNT_DOOMED = 0x8000000 + MNT_EXPORTANON = 0x400 + MNT_EXPORTED = 0x100 + MNT_EXRDONLY = 0x80 + MNT_FORCE = 0x80000 + MNT_LAZY = 0x3 + MNT_LOCAL = 0x1000 + MNT_NOATIME = 0x8000 + MNT_NODEV = 0x10 + MNT_NOEXEC = 0x4 + MNT_NOPERM = 0x20 + MNT_NOSUID = 0x8 + MNT_NOWAIT = 0x2 + MNT_QUOTA = 0x2000 + MNT_RDONLY = 0x1 + MNT_RELOAD = 0x40000 + MNT_ROOTFS = 0x4000 + MNT_SOFTDEP = 0x4000000 + MNT_STALLED = 0x100000 + MNT_SWAPPABLE = 0x200000 + MNT_SYNCHRONOUS = 0x2 + MNT_UPDATE = 0x10000 + MNT_VISFLAGMASK = 0x400ffff + MNT_WAIT = 0x1 + MNT_WANTRDWR = 0x2000000 + MNT_WXALLOWED = 0x800 + MOUNT_AFS = "afs" + MOUNT_CD9660 = "cd9660" + MOUNT_EXT2FS = "ext2fs" + MOUNT_FFS = "ffs" + MOUNT_FUSEFS = "fuse" + MOUNT_MFS = "mfs" + MOUNT_MSDOS = "msdos" + MOUNT_NCPFS = "ncpfs" + MOUNT_NFS = "nfs" + MOUNT_NTFS = "ntfs" + MOUNT_TMPFS = "tmpfs" + MOUNT_UDF = "udf" + MOUNT_UFS = "ffs" + MSG_BCAST = 0x100 + MSG_CMSG_CLOEXEC = 0x800 + MSG_CTRUNC = 0x20 + MSG_DONTROUTE = 0x4 + MSG_DONTWAIT = 0x80 + MSG_EOR = 0x8 + MSG_MCAST = 0x200 + MSG_NOSIGNAL = 0x400 + MSG_OOB = 0x1 + MSG_PEEK = 0x2 + MSG_TRUNC = 0x10 + MSG_WAITALL = 0x40 + MS_ASYNC = 0x1 + MS_INVALIDATE = 0x4 + MS_SYNC = 0x2 + NAME_MAX = 0xff + NET_RT_DUMP = 0x1 + NET_RT_FLAGS = 0x2 + NET_RT_IFLIST = 0x3 + NET_RT_IFNAMES = 0x6 + NET_RT_MAXID = 0x8 + NET_RT_SOURCE = 0x7 + NET_RT_STATS = 0x4 + NET_RT_TABLE = 0x5 + NFDBITS = 0x20 + NOFLSH = 0x80000000 + NOKERNINFO = 0x2000000 + NOTE_ATTRIB = 0x8 + NOTE_CHANGE = 0x1 + NOTE_CHILD = 0x4 + NOTE_DELETE = 0x1 + NOTE_EOF = 0x2 + NOTE_EXEC = 0x20000000 + NOTE_EXIT = 0x80000000 + NOTE_EXTEND = 0x4 + NOTE_FORK = 0x40000000 + NOTE_LINK = 0x10 + NOTE_LOWAT = 0x1 + NOTE_OOB = 0x4 + NOTE_PCTRLMASK = 0xf0000000 + NOTE_PDATAMASK = 0xfffff + NOTE_RENAME = 0x20 + NOTE_REVOKE = 0x40 + NOTE_TRACK = 0x1 + NOTE_TRACKERR = 0x2 + NOTE_TRUNCATE = 0x80 + NOTE_WRITE = 0x2 + OCRNL = 0x10 + OLCUC = 0x20 + ONLCR = 0x2 + ONLRET = 0x80 + ONOCR = 0x40 + ONOEOT = 0x8 + OPOST = 0x1 + OXTABS = 0x4 + O_ACCMODE = 0x3 + O_APPEND = 0x8 + O_ASYNC = 0x40 + O_CLOEXEC = 0x10000 + O_CREAT = 0x200 + O_DIRECTORY = 0x20000 + O_DSYNC = 0x80 + O_EXCL = 0x800 + O_EXLOCK = 0x20 + O_FSYNC = 0x80 + O_NDELAY = 0x4 + O_NOCTTY = 0x8000 + O_NOFOLLOW = 0x100 + O_NONBLOCK = 0x4 + O_RDONLY = 0x0 + O_RDWR = 0x2 + O_RSYNC = 0x80 + O_SHLOCK = 0x10 + O_SYNC = 0x80 + O_TRUNC = 0x400 + O_WRONLY = 0x1 + PARENB = 0x1000 + PARMRK = 0x8 + PARODD = 0x2000 + PENDIN = 0x20000000 + PF_FLUSH = 0x1 + PRIO_PGRP = 0x1 + PRIO_PROCESS = 0x0 + PRIO_USER = 0x2 + PROT_EXEC = 0x4 + PROT_NONE = 0x0 + PROT_READ = 0x1 + PROT_WRITE = 0x2 + RLIMIT_CORE = 0x4 + RLIMIT_CPU = 0x0 + RLIMIT_DATA = 0x2 + RLIMIT_FSIZE = 0x1 + RLIMIT_MEMLOCK = 0x6 + RLIMIT_NOFILE = 0x8 + RLIMIT_NPROC = 0x7 + RLIMIT_RSS = 0x5 + RLIMIT_STACK = 0x3 + RLIM_INFINITY = 0x7fffffffffffffff + RTAX_AUTHOR = 0x6 + RTAX_BFD = 0xb + RTAX_BRD = 0x7 + RTAX_DNS = 0xc + RTAX_DST = 0x0 + RTAX_GATEWAY = 0x1 + RTAX_GENMASK = 0x3 + RTAX_IFA = 0x5 + RTAX_IFP = 0x4 + RTAX_LABEL = 0xa + RTAX_MAX = 0xf + RTAX_NETMASK = 0x2 + RTAX_SEARCH = 0xe + RTAX_SRC = 0x8 + RTAX_SRCMASK = 0x9 + RTAX_STATIC = 0xd + RTA_AUTHOR = 0x40 + RTA_BFD = 0x800 + RTA_BRD = 0x80 + RTA_DNS = 0x1000 + RTA_DST = 0x1 + RTA_GATEWAY = 0x2 + RTA_GENMASK = 0x8 + RTA_IFA = 0x20 + RTA_IFP = 0x10 + RTA_LABEL = 0x400 + RTA_NETMASK = 0x4 + RTA_SEARCH = 0x4000 + RTA_SRC = 0x100 + RTA_SRCMASK = 0x200 + RTA_STATIC = 0x2000 + RTF_ANNOUNCE = 0x4000 + RTF_BFD = 0x1000000 + RTF_BLACKHOLE = 0x1000 + RTF_BROADCAST = 0x400000 + RTF_CACHED = 0x20000 + RTF_CLONED = 0x10000 + RTF_CLONING = 0x100 + RTF_CONNECTED = 0x800000 + RTF_DONE = 0x40 + RTF_DYNAMIC = 0x10 + RTF_FMASK = 0x110fc08 + RTF_GATEWAY = 0x2 + RTF_HOST = 0x4 + RTF_LLINFO = 0x400 + RTF_LOCAL = 0x200000 + RTF_MODIFIED = 0x20 + RTF_MPATH = 0x40000 + RTF_MPLS = 0x100000 + RTF_MULTICAST = 0x200 + RTF_PERMANENT_ARP = 0x2000 + RTF_PROTO1 = 0x8000 + RTF_PROTO2 = 0x4000 + RTF_PROTO3 = 0x2000 + RTF_REJECT = 0x8 + RTF_STATIC = 0x800 + RTF_UP = 0x1 + RTF_USETRAILERS = 0x8000 + RTM_80211INFO = 0x15 + RTM_ADD = 0x1 + RTM_BFD = 0x12 + RTM_CHANGE = 0x3 + RTM_CHGADDRATTR = 0x14 + RTM_DELADDR = 0xd + RTM_DELETE = 0x2 + RTM_DESYNC = 0x10 + RTM_GET = 0x4 + RTM_IFANNOUNCE = 0xf + RTM_IFINFO = 0xe + RTM_INVALIDATE = 0x11 + RTM_LOSING = 0x5 + RTM_MAXSIZE = 0x800 + RTM_MISS = 0x7 + RTM_NEWADDR = 0xc + RTM_PROPOSAL = 0x13 + RTM_REDIRECT = 0x6 + RTM_RESOLVE = 0xb + RTM_SOURCE = 0x16 + RTM_VERSION = 0x5 + RTV_EXPIRE = 0x4 + RTV_HOPCOUNT = 0x2 + RTV_MTU = 0x1 + RTV_RPIPE = 0x8 + RTV_RTT = 0x40 + RTV_RTTVAR = 0x80 + RTV_SPIPE = 0x10 + RTV_SSTHRESH = 0x20 + RT_TABLEID_BITS = 0x8 + RT_TABLEID_MASK = 0xff + RT_TABLEID_MAX = 0xff + RUSAGE_CHILDREN = -0x1 + RUSAGE_SELF = 0x0 + RUSAGE_THREAD = 0x1 + SCM_RIGHTS = 0x1 + SCM_TIMESTAMP = 0x4 + SEEK_CUR = 0x1 + SEEK_END = 0x2 + SEEK_SET = 0x0 + SHUT_RD = 0x0 + SHUT_RDWR = 0x2 + SHUT_WR = 0x1 + SIOCADDMULTI = 0x80206931 + SIOCAIFADDR = 0x8040691a + SIOCAIFGROUP = 0x80286987 + SIOCATMARK = 0x40047307 + SIOCBRDGADD = 0x8060693c + SIOCBRDGADDL = 0x80606949 + SIOCBRDGADDS = 0x80606941 + SIOCBRDGARL = 0x808c694d + SIOCBRDGDADDR = 0x81286947 + SIOCBRDGDEL = 0x8060693d + SIOCBRDGDELS = 0x80606942 + SIOCBRDGFLUSH = 0x80606948 + SIOCBRDGFRL = 0x808c694e + SIOCBRDGGCACHE = 0xc0146941 + SIOCBRDGGFD = 0xc0146952 + SIOCBRDGGHT = 0xc0146951 + SIOCBRDGGIFFLGS = 0xc060693e + SIOCBRDGGMA = 0xc0146953 + SIOCBRDGGPARAM = 0xc0406958 + SIOCBRDGGPRI = 0xc0146950 + SIOCBRDGGRL = 0xc030694f + SIOCBRDGGTO = 0xc0146946 + SIOCBRDGIFS = 0xc0606942 + SIOCBRDGRTS = 0xc0206943 + SIOCBRDGSADDR = 0xc1286944 + SIOCBRDGSCACHE = 0x80146940 + SIOCBRDGSFD = 0x80146952 + SIOCBRDGSHT = 0x80146951 + SIOCBRDGSIFCOST = 0x80606955 + SIOCBRDGSIFFLGS = 0x8060693f + SIOCBRDGSIFPRIO = 0x80606954 + SIOCBRDGSIFPROT = 0x8060694a + SIOCBRDGSMA = 0x80146953 + SIOCBRDGSPRI = 0x80146950 + SIOCBRDGSPROTO = 0x8014695a + SIOCBRDGSTO = 0x80146945 + SIOCBRDGSTXHC = 0x80146959 + SIOCDELLABEL = 0x80206997 + SIOCDELMULTI = 0x80206932 + SIOCDIFADDR = 0x80206919 + SIOCDIFGROUP = 0x80286989 + SIOCDIFPARENT = 0x802069b4 + SIOCDIFPHYADDR = 0x80206949 + SIOCDPWE3NEIGHBOR = 0x802069de + SIOCDVNETID = 0x802069af + SIOCGETKALIVE = 0xc01869a4 + SIOCGETLABEL = 0x8020699a + SIOCGETMPWCFG = 0xc02069ae + SIOCGETPFLOW = 0xc02069fe + SIOCGETPFSYNC = 0xc02069f8 + SIOCGETSGCNT = 0xc0207534 + SIOCGETVIFCNT = 0xc0287533 + SIOCGETVLAN = 0xc0206990 + SIOCGIFADDR = 0xc0206921 + SIOCGIFBRDADDR = 0xc0206923 + SIOCGIFCONF = 0xc0106924 + SIOCGIFDATA = 0xc020691b + SIOCGIFDESCR = 0xc0206981 + SIOCGIFDSTADDR = 0xc0206922 + SIOCGIFFLAGS = 0xc0206911 + SIOCGIFGATTR = 0xc028698b + SIOCGIFGENERIC = 0xc020693a + SIOCGIFGLIST = 0xc028698d + SIOCGIFGMEMB = 0xc028698a + SIOCGIFGROUP = 0xc0286988 + SIOCGIFHARDMTU = 0xc02069a5 + SIOCGIFLLPRIO = 0xc02069b6 + SIOCGIFMEDIA = 0xc0406938 + SIOCGIFMETRIC = 0xc0206917 + SIOCGIFMTU = 0xc020697e + SIOCGIFNETMASK = 0xc0206925 + SIOCGIFPAIR = 0xc02069b1 + SIOCGIFPARENT = 0xc02069b3 + SIOCGIFPRIORITY = 0xc020699c + SIOCGIFRDOMAIN = 0xc02069a0 + SIOCGIFRTLABEL = 0xc0206983 + SIOCGIFRXR = 0x802069aa + SIOCGIFSFFPAGE = 0xc1126939 + SIOCGIFXFLAGS = 0xc020699e + SIOCGLIFPHYADDR = 0xc218694b + SIOCGLIFPHYDF = 0xc02069c2 + SIOCGLIFPHYECN = 0xc02069c8 + SIOCGLIFPHYRTABLE = 0xc02069a2 + SIOCGLIFPHYTTL = 0xc02069a9 + SIOCGPGRP = 0x40047309 + SIOCGPWE3 = 0xc0206998 + SIOCGPWE3CTRLWORD = 0xc02069dc + SIOCGPWE3FAT = 0xc02069dd + SIOCGPWE3NEIGHBOR = 0xc21869de + SIOCGRXHPRIO = 0xc02069db + SIOCGSPPPPARAMS = 0xc0206994 + SIOCGTXHPRIO = 0xc02069c6 + SIOCGUMBINFO = 0xc02069be + SIOCGUMBPARAM = 0xc02069c0 + SIOCGVH = 0xc02069f6 + SIOCGVNETFLOWID = 0xc02069c4 + SIOCGVNETID = 0xc02069a7 + SIOCIFAFATTACH = 0x801169ab + SIOCIFAFDETACH = 0x801169ac + SIOCIFCREATE = 0x8020697a + SIOCIFDESTROY = 0x80206979 + SIOCIFGCLONERS = 0xc0106978 + SIOCSETKALIVE = 0x801869a3 + SIOCSETLABEL = 0x80206999 + SIOCSETMPWCFG = 0x802069ad + SIOCSETPFLOW = 0x802069fd + SIOCSETPFSYNC = 0x802069f7 + SIOCSETVLAN = 0x8020698f + SIOCSIFADDR = 0x8020690c + SIOCSIFBRDADDR = 0x80206913 + SIOCSIFDESCR = 0x80206980 + SIOCSIFDSTADDR = 0x8020690e + SIOCSIFFLAGS = 0x80206910 + SIOCSIFGATTR = 0x8028698c + SIOCSIFGENERIC = 0x80206939 + SIOCSIFLLADDR = 0x8020691f + SIOCSIFLLPRIO = 0x802069b5 + SIOCSIFMEDIA = 0xc0206937 + SIOCSIFMETRIC = 0x80206918 + SIOCSIFMTU = 0x8020697f + SIOCSIFNETMASK = 0x80206916 + SIOCSIFPAIR = 0x802069b0 + SIOCSIFPARENT = 0x802069b2 + SIOCSIFPRIORITY = 0x8020699b + SIOCSIFRDOMAIN = 0x8020699f + SIOCSIFRTLABEL = 0x80206982 + SIOCSIFXFLAGS = 0x8020699d + SIOCSLIFPHYADDR = 0x8218694a + SIOCSLIFPHYDF = 0x802069c1 + SIOCSLIFPHYECN = 0x802069c7 + SIOCSLIFPHYRTABLE = 0x802069a1 + SIOCSLIFPHYTTL = 0x802069a8 + SIOCSPGRP = 0x80047308 + SIOCSPWE3CTRLWORD = 0x802069dc + SIOCSPWE3FAT = 0x802069dd + SIOCSPWE3NEIGHBOR = 0x821869de + SIOCSRXHPRIO = 0x802069db + SIOCSSPPPPARAMS = 0x80206993 + SIOCSTXHPRIO = 0x802069c5 + SIOCSUMBPARAM = 0x802069bf + SIOCSVH = 0xc02069f5 + SIOCSVNETFLOWID = 0x802069c3 + SIOCSVNETID = 0x802069a6 + SOCK_CLOEXEC = 0x8000 + SOCK_DGRAM = 0x2 + SOCK_DNS = 0x1000 + SOCK_NONBLOCK = 0x4000 + SOCK_RAW = 0x3 + SOCK_RDM = 0x4 + SOCK_SEQPACKET = 0x5 + SOCK_STREAM = 0x1 + SOL_SOCKET = 0xffff + SOMAXCONN = 0x80 + SO_ACCEPTCONN = 0x2 + SO_BINDANY = 0x1000 + SO_BROADCAST = 0x20 + SO_DEBUG = 0x1 + SO_DOMAIN = 0x1024 + SO_DONTROUTE = 0x10 + SO_ERROR = 0x1007 + SO_KEEPALIVE = 0x8 + SO_LINGER = 0x80 + SO_NETPROC = 0x1020 + SO_OOBINLINE = 0x100 + SO_PEERCRED = 0x1022 + SO_PROTOCOL = 0x1025 + SO_RCVBUF = 0x1002 + SO_RCVLOWAT = 0x1004 + SO_RCVTIMEO = 0x1006 + SO_REUSEADDR = 0x4 + SO_REUSEPORT = 0x200 + SO_RTABLE = 0x1021 + SO_SNDBUF = 0x1001 + SO_SNDLOWAT = 0x1003 + SO_SNDTIMEO = 0x1005 + SO_SPLICE = 0x1023 + SO_TIMESTAMP = 0x800 + SO_TYPE = 0x1008 + SO_USELOOPBACK = 0x40 + SO_ZEROIZE = 0x2000 + S_BLKSIZE = 0x200 + S_IEXEC = 0x40 + S_IFBLK = 0x6000 + S_IFCHR = 0x2000 + S_IFDIR = 0x4000 + S_IFIFO = 0x1000 + S_IFLNK = 0xa000 + S_IFMT = 0xf000 + S_IFREG = 0x8000 + S_IFSOCK = 0xc000 + S_IREAD = 0x100 + S_IRGRP = 0x20 + S_IROTH = 0x4 + S_IRUSR = 0x100 + S_IRWXG = 0x38 + S_IRWXO = 0x7 + S_IRWXU = 0x1c0 + S_ISGID = 0x400 + S_ISTXT = 0x200 + S_ISUID = 0x800 + S_ISVTX = 0x200 + S_IWGRP = 0x10 + S_IWOTH = 0x2 + S_IWRITE = 0x80 + S_IWUSR = 0x80 + S_IXGRP = 0x8 + S_IXOTH = 0x1 + S_IXUSR = 0x40 + TCIFLUSH = 0x1 + TCIOFF = 0x3 + TCIOFLUSH = 0x3 + TCION = 0x4 + TCOFLUSH = 0x2 + TCOOFF = 0x1 + TCOON = 0x2 + TCPOPT_EOL = 0x0 + TCPOPT_MAXSEG = 0x2 + TCPOPT_NOP = 0x1 + TCPOPT_SACK = 0x5 + TCPOPT_SACK_HDR = 0x1010500 + TCPOPT_SACK_PERMITTED = 0x4 + TCPOPT_SACK_PERMIT_HDR = 0x1010402 + TCPOPT_SIGNATURE = 0x13 + TCPOPT_TIMESTAMP = 0x8 + TCPOPT_TSTAMP_HDR = 0x101080a + TCPOPT_WINDOW = 0x3 + TCP_INFO = 0x9 + TCP_MAXSEG = 0x2 + TCP_MAXWIN = 0xffff + TCP_MAX_SACK = 0x3 + TCP_MAX_WINSHIFT = 0xe + TCP_MD5SIG = 0x4 + TCP_MSS = 0x200 + TCP_NODELAY = 0x1 + TCP_NOPUSH = 0x10 + TCP_SACKHOLE_LIMIT = 0x80 + TCP_SACK_ENABLE = 0x8 + TCSAFLUSH = 0x2 + TIMER_ABSTIME = 0x1 + TIMER_RELTIME = 0x0 + TIOCCBRK = 0x2000747a + TIOCCDTR = 0x20007478 + TIOCCHKVERAUTH = 0x2000741e + TIOCCLRVERAUTH = 0x2000741d + TIOCCONS = 0x80047462 + TIOCDRAIN = 0x2000745e + TIOCEXCL = 0x2000740d + TIOCEXT = 0x80047460 + TIOCFLAG_CLOCAL = 0x2 + TIOCFLAG_CRTSCTS = 0x4 + TIOCFLAG_MDMBUF = 0x8 + TIOCFLAG_PPS = 0x10 + TIOCFLAG_SOFTCAR = 0x1 + TIOCFLUSH = 0x80047410 + TIOCGETA = 0x402c7413 + TIOCGETD = 0x4004741a + TIOCGFLAGS = 0x4004745d + TIOCGPGRP = 0x40047477 + TIOCGSID = 0x40047463 + TIOCGTSTAMP = 0x4010745b + TIOCGWINSZ = 0x40087468 + TIOCMBIC = 0x8004746b + TIOCMBIS = 0x8004746c + TIOCMGET = 0x4004746a + TIOCMODG = 0x4004746a + TIOCMODS = 0x8004746d + TIOCMSET = 0x8004746d + TIOCM_CAR = 0x40 + TIOCM_CD = 0x40 + TIOCM_CTS = 0x20 + TIOCM_DSR = 0x100 + TIOCM_DTR = 0x2 + TIOCM_LE = 0x1 + TIOCM_RI = 0x80 + TIOCM_RNG = 0x80 + TIOCM_RTS = 0x4 + TIOCM_SR = 0x10 + TIOCM_ST = 0x8 + TIOCNOTTY = 0x20007471 + TIOCNXCL = 0x2000740e + TIOCOUTQ = 0x40047473 + TIOCPKT = 0x80047470 + TIOCPKT_DATA = 0x0 + TIOCPKT_DOSTOP = 0x20 + TIOCPKT_FLUSHREAD = 0x1 + TIOCPKT_FLUSHWRITE = 0x2 + TIOCPKT_IOCTL = 0x40 + TIOCPKT_NOSTOP = 0x10 + TIOCPKT_START = 0x8 + TIOCPKT_STOP = 0x4 + TIOCREMOTE = 0x80047469 + TIOCSBRK = 0x2000747b + TIOCSCTTY = 0x20007461 + TIOCSDTR = 0x20007479 + TIOCSETA = 0x802c7414 + TIOCSETAF = 0x802c7416 + TIOCSETAW = 0x802c7415 + TIOCSETD = 0x8004741b + TIOCSETVERAUTH = 0x8004741c + TIOCSFLAGS = 0x8004745c + TIOCSIG = 0x8004745f + TIOCSPGRP = 0x80047476 + TIOCSTART = 0x2000746e + TIOCSTAT = 0x20007465 + TIOCSTOP = 0x2000746f + TIOCSTSTAMP = 0x8008745a + TIOCSWINSZ = 0x80087467 + TIOCUCNTL = 0x80047466 + TIOCUCNTL_CBRK = 0x7a + TIOCUCNTL_SBRK = 0x7b + TOSTOP = 0x400000 + UTIME_NOW = -0x2 + UTIME_OMIT = -0x1 + VDISCARD = 0xf + VDSUSP = 0xb + VEOF = 0x0 + VEOL = 0x1 + VEOL2 = 0x2 + VERASE = 0x3 + VINTR = 0x8 + VKILL = 0x5 + VLNEXT = 0xe + VMIN = 0x10 + VM_ANONMIN = 0x7 + VM_LOADAVG = 0x2 + VM_MALLOC_CONF = 0xc + VM_MAXID = 0xd + VM_MAXSLP = 0xa + VM_METER = 0x1 + VM_NKMEMPAGES = 0x6 + VM_PSSTRINGS = 0x3 + VM_SWAPENCRYPT = 0x5 + VM_USPACE = 0xb + VM_UVMEXP = 0x4 + VM_VNODEMIN = 0x9 + VM_VTEXTMIN = 0x8 + VQUIT = 0x9 + VREPRINT = 0x6 + VSTART = 0xc + VSTATUS = 0x12 + VSTOP = 0xd + VSUSP = 0xa + VTIME = 0x11 + VWERASE = 0x4 + WALTSIG = 0x4 + WCONTINUED = 0x8 + WCOREFLAG = 0x80 + WNOHANG = 0x1 + WUNTRACED = 0x2 + XCASE = 0x1000000 +) + +// Errors +const ( + E2BIG = syscall.Errno(0x7) + EACCES = syscall.Errno(0xd) + EADDRINUSE = syscall.Errno(0x30) + EADDRNOTAVAIL = syscall.Errno(0x31) + EAFNOSUPPORT = syscall.Errno(0x2f) + EAGAIN = syscall.Errno(0x23) + EALREADY = syscall.Errno(0x25) + EAUTH = syscall.Errno(0x50) + EBADF = syscall.Errno(0x9) + EBADMSG = syscall.Errno(0x5c) + EBADRPC = syscall.Errno(0x48) + EBUSY = syscall.Errno(0x10) + ECANCELED = syscall.Errno(0x58) + ECHILD = syscall.Errno(0xa) + ECONNABORTED = syscall.Errno(0x35) + ECONNREFUSED = syscall.Errno(0x3d) + ECONNRESET = syscall.Errno(0x36) + EDEADLK = syscall.Errno(0xb) + EDESTADDRREQ = syscall.Errno(0x27) + EDOM = syscall.Errno(0x21) + EDQUOT = syscall.Errno(0x45) + EEXIST = syscall.Errno(0x11) + EFAULT = syscall.Errno(0xe) + EFBIG = syscall.Errno(0x1b) + EFTYPE = syscall.Errno(0x4f) + EHOSTDOWN = syscall.Errno(0x40) + EHOSTUNREACH = syscall.Errno(0x41) + EIDRM = syscall.Errno(0x59) + EILSEQ = syscall.Errno(0x54) + EINPROGRESS = syscall.Errno(0x24) + EINTR = syscall.Errno(0x4) + EINVAL = syscall.Errno(0x16) + EIO = syscall.Errno(0x5) + EIPSEC = syscall.Errno(0x52) + EISCONN = syscall.Errno(0x38) + EISDIR = syscall.Errno(0x15) + ELAST = syscall.Errno(0x5f) + ELOOP = syscall.Errno(0x3e) + EMEDIUMTYPE = syscall.Errno(0x56) + EMFILE = syscall.Errno(0x18) + EMLINK = syscall.Errno(0x1f) + EMSGSIZE = syscall.Errno(0x28) + ENAMETOOLONG = syscall.Errno(0x3f) + ENEEDAUTH = syscall.Errno(0x51) + ENETDOWN = syscall.Errno(0x32) + ENETRESET = syscall.Errno(0x34) + ENETUNREACH = syscall.Errno(0x33) + ENFILE = syscall.Errno(0x17) + ENOATTR = syscall.Errno(0x53) + ENOBUFS = syscall.Errno(0x37) + ENODEV = syscall.Errno(0x13) + ENOENT = syscall.Errno(0x2) + ENOEXEC = syscall.Errno(0x8) + ENOLCK = syscall.Errno(0x4d) + ENOMEDIUM = syscall.Errno(0x55) + ENOMEM = syscall.Errno(0xc) + ENOMSG = syscall.Errno(0x5a) + ENOPROTOOPT = syscall.Errno(0x2a) + ENOSPC = syscall.Errno(0x1c) + ENOSYS = syscall.Errno(0x4e) + ENOTBLK = syscall.Errno(0xf) + ENOTCONN = syscall.Errno(0x39) + ENOTDIR = syscall.Errno(0x14) + ENOTEMPTY = syscall.Errno(0x42) + ENOTRECOVERABLE = syscall.Errno(0x5d) + ENOTSOCK = syscall.Errno(0x26) + ENOTSUP = syscall.Errno(0x5b) + ENOTTY = syscall.Errno(0x19) + ENXIO = syscall.Errno(0x6) + EOPNOTSUPP = syscall.Errno(0x2d) + EOVERFLOW = syscall.Errno(0x57) + EOWNERDEAD = syscall.Errno(0x5e) + EPERM = syscall.Errno(0x1) + EPFNOSUPPORT = syscall.Errno(0x2e) + EPIPE = syscall.Errno(0x20) + EPROCLIM = syscall.Errno(0x43) + EPROCUNAVAIL = syscall.Errno(0x4c) + EPROGMISMATCH = syscall.Errno(0x4b) + EPROGUNAVAIL = syscall.Errno(0x4a) + EPROTO = syscall.Errno(0x5f) + EPROTONOSUPPORT = syscall.Errno(0x2b) + EPROTOTYPE = syscall.Errno(0x29) + ERANGE = syscall.Errno(0x22) + EREMOTE = syscall.Errno(0x47) + EROFS = syscall.Errno(0x1e) + ERPCMISMATCH = syscall.Errno(0x49) + ESHUTDOWN = syscall.Errno(0x3a) + ESOCKTNOSUPPORT = syscall.Errno(0x2c) + ESPIPE = syscall.Errno(0x1d) + ESRCH = syscall.Errno(0x3) + ESTALE = syscall.Errno(0x46) + ETIMEDOUT = syscall.Errno(0x3c) + ETOOMANYREFS = syscall.Errno(0x3b) + ETXTBSY = syscall.Errno(0x1a) + EUSERS = syscall.Errno(0x44) + EWOULDBLOCK = syscall.Errno(0x23) + EXDEV = syscall.Errno(0x12) +) + +// Signals +const ( + SIGABRT = syscall.Signal(0x6) + SIGALRM = syscall.Signal(0xe) + SIGBUS = syscall.Signal(0xa) + SIGCHLD = syscall.Signal(0x14) + SIGCONT = syscall.Signal(0x13) + SIGEMT = syscall.Signal(0x7) + SIGFPE = syscall.Signal(0x8) + SIGHUP = syscall.Signal(0x1) + SIGILL = syscall.Signal(0x4) + SIGINFO = syscall.Signal(0x1d) + SIGINT = syscall.Signal(0x2) + SIGIO = syscall.Signal(0x17) + SIGIOT = syscall.Signal(0x6) + SIGKILL = syscall.Signal(0x9) + SIGPIPE = syscall.Signal(0xd) + SIGPROF = syscall.Signal(0x1b) + SIGQUIT = syscall.Signal(0x3) + SIGSEGV = syscall.Signal(0xb) + SIGSTOP = syscall.Signal(0x11) + SIGSYS = syscall.Signal(0xc) + SIGTERM = syscall.Signal(0xf) + SIGTHR = syscall.Signal(0x20) + SIGTRAP = syscall.Signal(0x5) + SIGTSTP = syscall.Signal(0x12) + SIGTTIN = syscall.Signal(0x15) + SIGTTOU = syscall.Signal(0x16) + SIGURG = syscall.Signal(0x10) + SIGUSR1 = syscall.Signal(0x1e) + SIGUSR2 = syscall.Signal(0x1f) + SIGVTALRM = syscall.Signal(0x1a) + SIGWINCH = syscall.Signal(0x1c) + SIGXCPU = syscall.Signal(0x18) + SIGXFSZ = syscall.Signal(0x19) +) + +// Error table +var errorList = [...]struct { + num syscall.Errno + name string + desc string +}{ + {1, "EPERM", "operation not permitted"}, + {2, "ENOENT", "no such file or directory"}, + {3, "ESRCH", "no such process"}, + {4, "EINTR", "interrupted system call"}, + {5, "EIO", "input/output error"}, + {6, "ENXIO", "device not configured"}, + {7, "E2BIG", "argument list too long"}, + {8, "ENOEXEC", "exec format error"}, + {9, "EBADF", "bad file descriptor"}, + {10, "ECHILD", "no child processes"}, + {11, "EDEADLK", "resource deadlock avoided"}, + {12, "ENOMEM", "cannot allocate memory"}, + {13, "EACCES", "permission denied"}, + {14, "EFAULT", "bad address"}, + {15, "ENOTBLK", "block device required"}, + {16, "EBUSY", "device busy"}, + {17, "EEXIST", "file exists"}, + {18, "EXDEV", "cross-device link"}, + {19, "ENODEV", "operation not supported by device"}, + {20, "ENOTDIR", "not a directory"}, + {21, "EISDIR", "is a directory"}, + {22, "EINVAL", "invalid argument"}, + {23, "ENFILE", "too many open files in system"}, + {24, "EMFILE", "too many open files"}, + {25, "ENOTTY", "inappropriate ioctl for device"}, + {26, "ETXTBSY", "text file busy"}, + {27, "EFBIG", "file too large"}, + {28, "ENOSPC", "no space left on device"}, + {29, "ESPIPE", "illegal seek"}, + {30, "EROFS", "read-only file system"}, + {31, "EMLINK", "too many links"}, + {32, "EPIPE", "broken pipe"}, + {33, "EDOM", "numerical argument out of domain"}, + {34, "ERANGE", "result too large"}, + {35, "EAGAIN", "resource temporarily unavailable"}, + {36, "EINPROGRESS", "operation now in progress"}, + {37, "EALREADY", "operation already in progress"}, + {38, "ENOTSOCK", "socket operation on non-socket"}, + {39, "EDESTADDRREQ", "destination address required"}, + {40, "EMSGSIZE", "message too long"}, + {41, "EPROTOTYPE", "protocol wrong type for socket"}, + {42, "ENOPROTOOPT", "protocol not available"}, + {43, "EPROTONOSUPPORT", "protocol not supported"}, + {44, "ESOCKTNOSUPPORT", "socket type not supported"}, + {45, "EOPNOTSUPP", "operation not supported"}, + {46, "EPFNOSUPPORT", "protocol family not supported"}, + {47, "EAFNOSUPPORT", "address family not supported by protocol family"}, + {48, "EADDRINUSE", "address already in use"}, + {49, "EADDRNOTAVAIL", "can't assign requested address"}, + {50, "ENETDOWN", "network is down"}, + {51, "ENETUNREACH", "network is unreachable"}, + {52, "ENETRESET", "network dropped connection on reset"}, + {53, "ECONNABORTED", "software caused connection abort"}, + {54, "ECONNRESET", "connection reset by peer"}, + {55, "ENOBUFS", "no buffer space available"}, + {56, "EISCONN", "socket is already connected"}, + {57, "ENOTCONN", "socket is not connected"}, + {58, "ESHUTDOWN", "can't send after socket shutdown"}, + {59, "ETOOMANYREFS", "too many references: can't splice"}, + {60, "ETIMEDOUT", "operation timed out"}, + {61, "ECONNREFUSED", "connection refused"}, + {62, "ELOOP", "too many levels of symbolic links"}, + {63, "ENAMETOOLONG", "file name too long"}, + {64, "EHOSTDOWN", "host is down"}, + {65, "EHOSTUNREACH", "no route to host"}, + {66, "ENOTEMPTY", "directory not empty"}, + {67, "EPROCLIM", "too many processes"}, + {68, "EUSERS", "too many users"}, + {69, "EDQUOT", "disk quota exceeded"}, + {70, "ESTALE", "stale NFS file handle"}, + {71, "EREMOTE", "too many levels of remote in path"}, + {72, "EBADRPC", "RPC struct is bad"}, + {73, "ERPCMISMATCH", "RPC version wrong"}, + {74, "EPROGUNAVAIL", "RPC program not available"}, + {75, "EPROGMISMATCH", "program version wrong"}, + {76, "EPROCUNAVAIL", "bad procedure for program"}, + {77, "ENOLCK", "no locks available"}, + {78, "ENOSYS", "function not implemented"}, + {79, "EFTYPE", "inappropriate file type or format"}, + {80, "EAUTH", "authentication error"}, + {81, "ENEEDAUTH", "need authenticator"}, + {82, "EIPSEC", "IPsec processing failure"}, + {83, "ENOATTR", "attribute not found"}, + {84, "EILSEQ", "illegal byte sequence"}, + {85, "ENOMEDIUM", "no medium found"}, + {86, "EMEDIUMTYPE", "wrong medium type"}, + {87, "EOVERFLOW", "value too large to be stored in data type"}, + {88, "ECANCELED", "operation canceled"}, + {89, "EIDRM", "identifier removed"}, + {90, "ENOMSG", "no message of desired type"}, + {91, "ENOTSUP", "not supported"}, + {92, "EBADMSG", "bad message"}, + {93, "ENOTRECOVERABLE", "state not recoverable"}, + {94, "EOWNERDEAD", "previous owner died"}, + {95, "ELAST", "protocol error"}, +} + +// Signal table +var signalList = [...]struct { + num syscall.Signal + name string + desc string +}{ + {1, "SIGHUP", "hangup"}, + {2, "SIGINT", "interrupt"}, + {3, "SIGQUIT", "quit"}, + {4, "SIGILL", "illegal instruction"}, + {5, "SIGTRAP", "trace/BPT trap"}, + {6, "SIGABRT", "abort trap"}, + {7, "SIGEMT", "EMT trap"}, + {8, "SIGFPE", "floating point exception"}, + {9, "SIGKILL", "killed"}, + {10, "SIGBUS", "bus error"}, + {11, "SIGSEGV", "segmentation fault"}, + {12, "SIGSYS", "bad system call"}, + {13, "SIGPIPE", "broken pipe"}, + {14, "SIGALRM", "alarm clock"}, + {15, "SIGTERM", "terminated"}, + {16, "SIGURG", "urgent I/O condition"}, + {17, "SIGSTOP", "suspended (signal)"}, + {18, "SIGTSTP", "suspended"}, + {19, "SIGCONT", "continued"}, + {20, "SIGCHLD", "child exited"}, + {21, "SIGTTIN", "stopped (tty input)"}, + {22, "SIGTTOU", "stopped (tty output)"}, + {23, "SIGIO", "I/O possible"}, + {24, "SIGXCPU", "cputime limit exceeded"}, + {25, "SIGXFSZ", "filesize limit exceeded"}, + {26, "SIGVTALRM", "virtual timer expired"}, + {27, "SIGPROF", "profiling timer expired"}, + {28, "SIGWINCH", "window size changes"}, + {29, "SIGINFO", "information request"}, + {30, "SIGUSR1", "user defined signal 1"}, + {31, "SIGUSR2", "user defined signal 2"}, + {32, "SIGTHR", "thread AST"}, +} diff --git a/vendor/golang.org/x/sys/unix/zsyscall_illumos_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_illumos_amd64.go index af5cb064ec4..b57c7050d7a 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_illumos_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_illumos_amd64.go @@ -15,25 +15,19 @@ import ( //go:cgo_import_dynamic libc_writev writev "libc.so" //go:cgo_import_dynamic libc_pwritev pwritev "libc.so" //go:cgo_import_dynamic libc_accept4 accept4 "libsocket.so" -//go:cgo_import_dynamic libc_putmsg putmsg "libc.so" -//go:cgo_import_dynamic libc_getmsg getmsg "libc.so" //go:linkname procreadv libc_readv //go:linkname procpreadv libc_preadv //go:linkname procwritev libc_writev //go:linkname procpwritev libc_pwritev //go:linkname procaccept4 libc_accept4 -//go:linkname procputmsg libc_putmsg -//go:linkname procgetmsg libc_getmsg var ( procreadv, procpreadv, procwritev, procpwritev, - procaccept4, - procputmsg, - procgetmsg syscallFunc + procaccept4 syscallFunc ) // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT @@ -106,23 +100,3 @@ func accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, } return } - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func putmsg(fd int, clptr *strbuf, dataptr *strbuf, flags int) (err error) { - _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procputmsg)), 4, uintptr(fd), uintptr(unsafe.Pointer(clptr)), uintptr(unsafe.Pointer(dataptr)), uintptr(flags), 0, 0) - if e1 != 0 { - err = e1 - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func getmsg(fd int, clptr *strbuf, dataptr *strbuf, flags *int) (err error) { - _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procgetmsg)), 4, uintptr(fd), uintptr(unsafe.Pointer(clptr)), uintptr(unsafe.Pointer(dataptr)), uintptr(unsafe.Pointer(flags)), 0, 0) - if e1 != 0 { - err = e1 - } - return -} diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go new file mode 100644 index 00000000000..c85de2d9766 --- /dev/null +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go @@ -0,0 +1,2221 @@ +// go run mksyscall.go -openbsd -libc -tags openbsd,ppc64 syscall_bsd.go syscall_openbsd.go syscall_openbsd_ppc64.go +// Code generated by the command above; see README.md. DO NOT EDIT. + +//go:build openbsd && ppc64 +// +build openbsd,ppc64 + +package unix + +import ( + "syscall" + "unsafe" +) + +var _ syscall.Errno + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func getgroups(ngid int, gid *_Gid_t) (n int, err error) { + r0, _, e1 := syscall_rawSyscall(libc_getgroups_trampoline_addr, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_getgroups_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getgroups getgroups "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func setgroups(ngid int, gid *_Gid_t) (err error) { + _, _, e1 := syscall_rawSyscall(libc_setgroups_trampoline_addr, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_setgroups_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setgroups setgroups "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err error) { + r0, _, e1 := syscall_syscall6(libc_wait4_trampoline_addr, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0, 0) + wpid = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_wait4_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_wait4 wait4 "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) { + r0, _, e1 := syscall_syscall(libc_accept_trampoline_addr, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) + fd = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_accept_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_accept accept "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) { + _, _, e1 := syscall_syscall(libc_bind_trampoline_addr, uintptr(s), uintptr(addr), uintptr(addrlen)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_bind_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_bind bind "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) { + _, _, e1 := syscall_syscall(libc_connect_trampoline_addr, uintptr(s), uintptr(addr), uintptr(addrlen)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_connect_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_connect connect "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func socket(domain int, typ int, proto int) (fd int, err error) { + r0, _, e1 := syscall_rawSyscall(libc_socket_trampoline_addr, uintptr(domain), uintptr(typ), uintptr(proto)) + fd = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_socket_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_socket socket "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) { + _, _, e1 := syscall_syscall6(libc_getsockopt_trampoline_addr, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_getsockopt_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getsockopt getsockopt "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) { + _, _, e1 := syscall_syscall6(libc_setsockopt_trampoline_addr, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_setsockopt_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setsockopt setsockopt "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) { + _, _, e1 := syscall_rawSyscall(libc_getpeername_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_getpeername_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getpeername getpeername "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) { + _, _, e1 := syscall_rawSyscall(libc_getsockname_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_getsockname_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getsockname getsockname "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Shutdown(s int, how int) (err error) { + _, _, e1 := syscall_syscall(libc_shutdown_trampoline_addr, uintptr(s), uintptr(how), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_shutdown_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_shutdown shutdown "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) { + _, _, e1 := syscall_rawSyscall6(libc_socketpair_trampoline_addr, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_socketpair_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_socketpair socketpair "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) { + var _p0 unsafe.Pointer + if len(p) > 0 { + _p0 = unsafe.Pointer(&p[0]) + } else { + _p0 = unsafe.Pointer(&_zero) + } + r0, _, e1 := syscall_syscall6(libc_recvfrom_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen))) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_recvfrom_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_recvfrom recvfrom "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) { + var _p0 unsafe.Pointer + if len(buf) > 0 { + _p0 = unsafe.Pointer(&buf[0]) + } else { + _p0 = unsafe.Pointer(&_zero) + } + _, _, e1 := syscall_syscall6(libc_sendto_trampoline_addr, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_sendto_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_sendto sendto "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) { + r0, _, e1 := syscall_syscall(libc_recvmsg_trampoline_addr, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags)) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_recvmsg_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_recvmsg recvmsg "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) { + r0, _, e1 := syscall_syscall(libc_sendmsg_trampoline_addr, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags)) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_sendmsg_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_sendmsg sendmsg "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func kevent(kq int, change unsafe.Pointer, nchange int, event unsafe.Pointer, nevent int, timeout *Timespec) (n int, err error) { + r0, _, e1 := syscall_syscall6(libc_kevent_trampoline_addr, uintptr(kq), uintptr(change), uintptr(nchange), uintptr(event), uintptr(nevent), uintptr(unsafe.Pointer(timeout))) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_kevent_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_kevent kevent "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func utimes(path string, timeval *[2]Timeval) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := syscall_syscall(libc_utimes_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(timeval)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_utimes_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_utimes utimes "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func futimes(fd int, timeval *[2]Timeval) (err error) { + _, _, e1 := syscall_syscall(libc_futimes_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(timeval)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_futimes_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_futimes futimes "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func poll(fds *PollFd, nfds int, timeout int) (n int, err error) { + r0, _, e1 := syscall_syscall(libc_poll_trampoline_addr, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout)) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_poll_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_poll poll "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Madvise(b []byte, behav int) (err error) { + var _p0 unsafe.Pointer + if len(b) > 0 { + _p0 = unsafe.Pointer(&b[0]) + } else { + _p0 = unsafe.Pointer(&_zero) + } + _, _, e1 := syscall_syscall(libc_madvise_trampoline_addr, uintptr(_p0), uintptr(len(b)), uintptr(behav)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_madvise_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_madvise madvise "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Mlock(b []byte) (err error) { + var _p0 unsafe.Pointer + if len(b) > 0 { + _p0 = unsafe.Pointer(&b[0]) + } else { + _p0 = unsafe.Pointer(&_zero) + } + _, _, e1 := syscall_syscall(libc_mlock_trampoline_addr, uintptr(_p0), uintptr(len(b)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_mlock_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mlock mlock "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Mlockall(flags int) (err error) { + _, _, e1 := syscall_syscall(libc_mlockall_trampoline_addr, uintptr(flags), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_mlockall_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mlockall mlockall "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Mprotect(b []byte, prot int) (err error) { + var _p0 unsafe.Pointer + if len(b) > 0 { + _p0 = unsafe.Pointer(&b[0]) + } else { + _p0 = unsafe.Pointer(&_zero) + } + _, _, e1 := syscall_syscall(libc_mprotect_trampoline_addr, uintptr(_p0), uintptr(len(b)), uintptr(prot)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_mprotect_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mprotect mprotect "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Msync(b []byte, flags int) (err error) { + var _p0 unsafe.Pointer + if len(b) > 0 { + _p0 = unsafe.Pointer(&b[0]) + } else { + _p0 = unsafe.Pointer(&_zero) + } + _, _, e1 := syscall_syscall(libc_msync_trampoline_addr, uintptr(_p0), uintptr(len(b)), uintptr(flags)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_msync_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_msync msync "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Munlock(b []byte) (err error) { + var _p0 unsafe.Pointer + if len(b) > 0 { + _p0 = unsafe.Pointer(&b[0]) + } else { + _p0 = unsafe.Pointer(&_zero) + } + _, _, e1 := syscall_syscall(libc_munlock_trampoline_addr, uintptr(_p0), uintptr(len(b)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_munlock_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_munlock munlock "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Munlockall() (err error) { + _, _, e1 := syscall_syscall(libc_munlockall_trampoline_addr, 0, 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_munlockall_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_munlockall munlockall "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func pipe2(p *[2]_C_int, flags int) (err error) { + _, _, e1 := syscall_rawSyscall(libc_pipe2_trampoline_addr, uintptr(unsafe.Pointer(p)), uintptr(flags), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_pipe2_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_pipe2 pipe2 "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Getdents(fd int, buf []byte) (n int, err error) { + var _p0 unsafe.Pointer + if len(buf) > 0 { + _p0 = unsafe.Pointer(&buf[0]) + } else { + _p0 = unsafe.Pointer(&_zero) + } + r0, _, e1 := syscall_syscall(libc_getdents_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(buf))) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_getdents_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getdents getdents "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Getcwd(buf []byte) (n int, err error) { + var _p0 unsafe.Pointer + if len(buf) > 0 { + _p0 = unsafe.Pointer(&buf[0]) + } else { + _p0 = unsafe.Pointer(&_zero) + } + r0, _, e1 := syscall_syscall(libc_getcwd_trampoline_addr, uintptr(_p0), uintptr(len(buf)), 0) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_getcwd_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getcwd getcwd "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func ioctl(fd int, req uint, arg uintptr) (err error) { + _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_ioctl_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_ioctl ioctl "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { + var _p0 unsafe.Pointer + if len(mib) > 0 { + _p0 = unsafe.Pointer(&mib[0]) + } else { + _p0 = unsafe.Pointer(&_zero) + } + _, _, e1 := syscall_syscall6(libc_sysctl_trampoline_addr, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_sysctl_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_sysctl sysctl "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) { + r0, _, e1 := syscall_syscall6(libc_ppoll_trampoline_addr, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_ppoll_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_ppoll ppoll "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Access(path string, mode uint32) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := syscall_syscall(libc_access_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_access_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_access access "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Adjtime(delta *Timeval, olddelta *Timeval) (err error) { + _, _, e1 := syscall_syscall(libc_adjtime_trampoline_addr, uintptr(unsafe.Pointer(delta)), uintptr(unsafe.Pointer(olddelta)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_adjtime_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_adjtime adjtime "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Chdir(path string) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := syscall_syscall(libc_chdir_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_chdir_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_chdir chdir "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Chflags(path string, flags int) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := syscall_syscall(libc_chflags_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_chflags_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_chflags chflags "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Chmod(path string, mode uint32) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := syscall_syscall(libc_chmod_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_chmod_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_chmod chmod "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Chown(path string, uid int, gid int) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := syscall_syscall(libc_chown_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_chown_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_chown chown "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Chroot(path string) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := syscall_syscall(libc_chroot_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_chroot_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_chroot chroot "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Close(fd int) (err error) { + _, _, e1 := syscall_syscall(libc_close_trampoline_addr, uintptr(fd), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_close_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_close close "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Dup(fd int) (nfd int, err error) { + r0, _, e1 := syscall_syscall(libc_dup_trampoline_addr, uintptr(fd), 0, 0) + nfd = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_dup_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_dup dup "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Dup2(from int, to int) (err error) { + _, _, e1 := syscall_syscall(libc_dup2_trampoline_addr, uintptr(from), uintptr(to), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_dup2_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_dup2 dup2 "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Dup3(from int, to int, flags int) (err error) { + _, _, e1 := syscall_syscall(libc_dup3_trampoline_addr, uintptr(from), uintptr(to), uintptr(flags)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_dup3_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_dup3 dup3 "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Exit(code int) { + syscall_syscall(libc_exit_trampoline_addr, uintptr(code), 0, 0) + return +} + +var libc_exit_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_exit exit "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := syscall_syscall6(libc_faccessat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_faccessat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_faccessat faccessat "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Fchdir(fd int) (err error) { + _, _, e1 := syscall_syscall(libc_fchdir_trampoline_addr, uintptr(fd), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_fchdir_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fchdir fchdir "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Fchflags(fd int, flags int) (err error) { + _, _, e1 := syscall_syscall(libc_fchflags_trampoline_addr, uintptr(fd), uintptr(flags), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_fchflags_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fchflags fchflags "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Fchmod(fd int, mode uint32) (err error) { + _, _, e1 := syscall_syscall(libc_fchmod_trampoline_addr, uintptr(fd), uintptr(mode), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_fchmod_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fchmod fchmod "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := syscall_syscall6(libc_fchmodat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_fchmodat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fchmodat fchmodat "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Fchown(fd int, uid int, gid int) (err error) { + _, _, e1 := syscall_syscall(libc_fchown_trampoline_addr, uintptr(fd), uintptr(uid), uintptr(gid)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_fchown_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fchown fchown "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := syscall_syscall6(libc_fchownat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_fchownat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fchownat fchownat "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Flock(fd int, how int) (err error) { + _, _, e1 := syscall_syscall(libc_flock_trampoline_addr, uintptr(fd), uintptr(how), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_flock_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_flock flock "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Fpathconf(fd int, name int) (val int, err error) { + r0, _, e1 := syscall_syscall(libc_fpathconf_trampoline_addr, uintptr(fd), uintptr(name), 0) + val = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_fpathconf_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fpathconf fpathconf "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Fstat(fd int, stat *Stat_t) (err error) { + _, _, e1 := syscall_syscall(libc_fstat_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_fstat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fstat fstat "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := syscall_syscall6(libc_fstatat_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_fstatat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fstatat fstatat "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Fstatfs(fd int, stat *Statfs_t) (err error) { + _, _, e1 := syscall_syscall(libc_fstatfs_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_fstatfs_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fstatfs fstatfs "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Fsync(fd int) (err error) { + _, _, e1 := syscall_syscall(libc_fsync_trampoline_addr, uintptr(fd), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_fsync_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fsync fsync "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Ftruncate(fd int, length int64) (err error) { + _, _, e1 := syscall_syscall(libc_ftruncate_trampoline_addr, uintptr(fd), uintptr(length), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_ftruncate_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_ftruncate ftruncate "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Getegid() (egid int) { + r0, _, _ := syscall_rawSyscall(libc_getegid_trampoline_addr, 0, 0, 0) + egid = int(r0) + return +} + +var libc_getegid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getegid getegid "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Geteuid() (uid int) { + r0, _, _ := syscall_rawSyscall(libc_geteuid_trampoline_addr, 0, 0, 0) + uid = int(r0) + return +} + +var libc_geteuid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_geteuid geteuid "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Getgid() (gid int) { + r0, _, _ := syscall_rawSyscall(libc_getgid_trampoline_addr, 0, 0, 0) + gid = int(r0) + return +} + +var libc_getgid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getgid getgid "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Getpgid(pid int) (pgid int, err error) { + r0, _, e1 := syscall_rawSyscall(libc_getpgid_trampoline_addr, uintptr(pid), 0, 0) + pgid = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_getpgid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getpgid getpgid "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Getpgrp() (pgrp int) { + r0, _, _ := syscall_rawSyscall(libc_getpgrp_trampoline_addr, 0, 0, 0) + pgrp = int(r0) + return +} + +var libc_getpgrp_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getpgrp getpgrp "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Getpid() (pid int) { + r0, _, _ := syscall_rawSyscall(libc_getpid_trampoline_addr, 0, 0, 0) + pid = int(r0) + return +} + +var libc_getpid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getpid getpid "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Getppid() (ppid int) { + r0, _, _ := syscall_rawSyscall(libc_getppid_trampoline_addr, 0, 0, 0) + ppid = int(r0) + return +} + +var libc_getppid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getppid getppid "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Getpriority(which int, who int) (prio int, err error) { + r0, _, e1 := syscall_syscall(libc_getpriority_trampoline_addr, uintptr(which), uintptr(who), 0) + prio = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_getpriority_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getpriority getpriority "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Getrlimit(which int, lim *Rlimit) (err error) { + _, _, e1 := syscall_rawSyscall(libc_getrlimit_trampoline_addr, uintptr(which), uintptr(unsafe.Pointer(lim)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_getrlimit_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getrlimit getrlimit "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Getrtable() (rtable int, err error) { + r0, _, e1 := syscall_rawSyscall(libc_getrtable_trampoline_addr, 0, 0, 0) + rtable = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_getrtable_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getrtable getrtable "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Getrusage(who int, rusage *Rusage) (err error) { + _, _, e1 := syscall_rawSyscall(libc_getrusage_trampoline_addr, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_getrusage_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getrusage getrusage "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Getsid(pid int) (sid int, err error) { + r0, _, e1 := syscall_rawSyscall(libc_getsid_trampoline_addr, uintptr(pid), 0, 0) + sid = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_getsid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getsid getsid "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Gettimeofday(tv *Timeval) (err error) { + _, _, e1 := syscall_rawSyscall(libc_gettimeofday_trampoline_addr, uintptr(unsafe.Pointer(tv)), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_gettimeofday_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_gettimeofday gettimeofday "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Getuid() (uid int) { + r0, _, _ := syscall_rawSyscall(libc_getuid_trampoline_addr, 0, 0, 0) + uid = int(r0) + return +} + +var libc_getuid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getuid getuid "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Issetugid() (tainted bool) { + r0, _, _ := syscall_syscall(libc_issetugid_trampoline_addr, 0, 0, 0) + tainted = bool(r0 != 0) + return +} + +var libc_issetugid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_issetugid issetugid "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Kill(pid int, signum syscall.Signal) (err error) { + _, _, e1 := syscall_syscall(libc_kill_trampoline_addr, uintptr(pid), uintptr(signum), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_kill_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_kill kill "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Kqueue() (fd int, err error) { + r0, _, e1 := syscall_syscall(libc_kqueue_trampoline_addr, 0, 0, 0) + fd = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_kqueue_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_kqueue kqueue "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Lchown(path string, uid int, gid int) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := syscall_syscall(libc_lchown_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_lchown_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_lchown lchown "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Link(path string, link string) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + var _p1 *byte + _p1, err = BytePtrFromString(link) + if err != nil { + return + } + _, _, e1 := syscall_syscall(libc_link_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_link_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_link link "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Linkat(pathfd int, path string, linkfd int, link string, flags int) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + var _p1 *byte + _p1, err = BytePtrFromString(link) + if err != nil { + return + } + _, _, e1 := syscall_syscall6(libc_linkat_trampoline_addr, uintptr(pathfd), uintptr(unsafe.Pointer(_p0)), uintptr(linkfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_linkat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_linkat linkat "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Listen(s int, backlog int) (err error) { + _, _, e1 := syscall_syscall(libc_listen_trampoline_addr, uintptr(s), uintptr(backlog), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_listen_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_listen listen "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Lstat(path string, stat *Stat_t) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := syscall_syscall(libc_lstat_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_lstat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_lstat lstat "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Mkdir(path string, mode uint32) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := syscall_syscall(libc_mkdir_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_mkdir_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mkdir mkdir "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Mkdirat(dirfd int, path string, mode uint32) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := syscall_syscall(libc_mkdirat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_mkdirat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mkdirat mkdirat "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Mkfifo(path string, mode uint32) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := syscall_syscall(libc_mkfifo_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_mkfifo_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mkfifo mkfifo "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Mkfifoat(dirfd int, path string, mode uint32) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := syscall_syscall(libc_mkfifoat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_mkfifoat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mkfifoat mkfifoat "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Mknod(path string, mode uint32, dev int) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := syscall_syscall(libc_mknod_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_mknod_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mknod mknod "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Mknodat(dirfd int, path string, mode uint32, dev int) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := syscall_syscall6(libc_mknodat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_mknodat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mknodat mknodat "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Nanosleep(time *Timespec, leftover *Timespec) (err error) { + _, _, e1 := syscall_syscall(libc_nanosleep_trampoline_addr, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_nanosleep_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_nanosleep nanosleep "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Open(path string, mode int, perm uint32) (fd int, err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + r0, _, e1 := syscall_syscall(libc_open_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm)) + fd = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_open_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_open open "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + r0, _, e1 := syscall_syscall6(libc_openat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm), 0, 0) + fd = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_openat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_openat openat "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Pathconf(path string, name int) (val int, err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + r0, _, e1 := syscall_syscall(libc_pathconf_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(name), 0) + val = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_pathconf_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_pathconf pathconf "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func pread(fd int, p []byte, offset int64) (n int, err error) { + var _p0 unsafe.Pointer + if len(p) > 0 { + _p0 = unsafe.Pointer(&p[0]) + } else { + _p0 = unsafe.Pointer(&_zero) + } + r0, _, e1 := syscall_syscall6(libc_pread_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_pread_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_pread pread "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func pwrite(fd int, p []byte, offset int64) (n int, err error) { + var _p0 unsafe.Pointer + if len(p) > 0 { + _p0 = unsafe.Pointer(&p[0]) + } else { + _p0 = unsafe.Pointer(&_zero) + } + r0, _, e1 := syscall_syscall6(libc_pwrite_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_pwrite_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_pwrite pwrite "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func read(fd int, p []byte) (n int, err error) { + var _p0 unsafe.Pointer + if len(p) > 0 { + _p0 = unsafe.Pointer(&p[0]) + } else { + _p0 = unsafe.Pointer(&_zero) + } + r0, _, e1 := syscall_syscall(libc_read_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(p))) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_read_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_read read "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Readlink(path string, buf []byte) (n int, err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + var _p1 unsafe.Pointer + if len(buf) > 0 { + _p1 = unsafe.Pointer(&buf[0]) + } else { + _p1 = unsafe.Pointer(&_zero) + } + r0, _, e1 := syscall_syscall(libc_readlink_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf))) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_readlink_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_readlink readlink "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + var _p1 unsafe.Pointer + if len(buf) > 0 { + _p1 = unsafe.Pointer(&buf[0]) + } else { + _p1 = unsafe.Pointer(&_zero) + } + r0, _, e1 := syscall_syscall6(libc_readlinkat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_readlinkat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_readlinkat readlinkat "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Rename(from string, to string) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(from) + if err != nil { + return + } + var _p1 *byte + _p1, err = BytePtrFromString(to) + if err != nil { + return + } + _, _, e1 := syscall_syscall(libc_rename_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_rename_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_rename rename "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Renameat(fromfd int, from string, tofd int, to string) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(from) + if err != nil { + return + } + var _p1 *byte + _p1, err = BytePtrFromString(to) + if err != nil { + return + } + _, _, e1 := syscall_syscall6(libc_renameat_trampoline_addr, uintptr(fromfd), uintptr(unsafe.Pointer(_p0)), uintptr(tofd), uintptr(unsafe.Pointer(_p1)), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_renameat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_renameat renameat "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Revoke(path string) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := syscall_syscall(libc_revoke_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_revoke_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_revoke revoke "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Rmdir(path string) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := syscall_syscall(libc_rmdir_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_rmdir_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_rmdir rmdir "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Seek(fd int, offset int64, whence int) (newoffset int64, err error) { + r0, _, e1 := syscall_syscall(libc_lseek_trampoline_addr, uintptr(fd), uintptr(offset), uintptr(whence)) + newoffset = int64(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_lseek_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_lseek lseek "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) { + r0, _, e1 := syscall_syscall6(libc_select_trampoline_addr, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_select_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_select select "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Setegid(egid int) (err error) { + _, _, e1 := syscall_rawSyscall(libc_setegid_trampoline_addr, uintptr(egid), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_setegid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setegid setegid "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Seteuid(euid int) (err error) { + _, _, e1 := syscall_rawSyscall(libc_seteuid_trampoline_addr, uintptr(euid), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_seteuid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_seteuid seteuid "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Setgid(gid int) (err error) { + _, _, e1 := syscall_rawSyscall(libc_setgid_trampoline_addr, uintptr(gid), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_setgid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setgid setgid "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Setlogin(name string) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(name) + if err != nil { + return + } + _, _, e1 := syscall_syscall(libc_setlogin_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_setlogin_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setlogin setlogin "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Setpgid(pid int, pgid int) (err error) { + _, _, e1 := syscall_rawSyscall(libc_setpgid_trampoline_addr, uintptr(pid), uintptr(pgid), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_setpgid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setpgid setpgid "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Setpriority(which int, who int, prio int) (err error) { + _, _, e1 := syscall_syscall(libc_setpriority_trampoline_addr, uintptr(which), uintptr(who), uintptr(prio)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_setpriority_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setpriority setpriority "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Setregid(rgid int, egid int) (err error) { + _, _, e1 := syscall_rawSyscall(libc_setregid_trampoline_addr, uintptr(rgid), uintptr(egid), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_setregid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setregid setregid "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Setreuid(ruid int, euid int) (err error) { + _, _, e1 := syscall_rawSyscall(libc_setreuid_trampoline_addr, uintptr(ruid), uintptr(euid), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_setreuid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setreuid setreuid "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Setresgid(rgid int, egid int, sgid int) (err error) { + _, _, e1 := syscall_rawSyscall(libc_setresgid_trampoline_addr, uintptr(rgid), uintptr(egid), uintptr(sgid)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_setresgid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setresgid setresgid "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Setresuid(ruid int, euid int, suid int) (err error) { + _, _, e1 := syscall_rawSyscall(libc_setresuid_trampoline_addr, uintptr(ruid), uintptr(euid), uintptr(suid)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_setresuid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setresuid setresuid "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Setrlimit(which int, lim *Rlimit) (err error) { + _, _, e1 := syscall_rawSyscall(libc_setrlimit_trampoline_addr, uintptr(which), uintptr(unsafe.Pointer(lim)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_setrlimit_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setrlimit setrlimit "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Setrtable(rtable int) (err error) { + _, _, e1 := syscall_rawSyscall(libc_setrtable_trampoline_addr, uintptr(rtable), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_setrtable_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setrtable setrtable "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Setsid() (pid int, err error) { + r0, _, e1 := syscall_rawSyscall(libc_setsid_trampoline_addr, 0, 0, 0) + pid = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_setsid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setsid setsid "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Settimeofday(tp *Timeval) (err error) { + _, _, e1 := syscall_rawSyscall(libc_settimeofday_trampoline_addr, uintptr(unsafe.Pointer(tp)), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_settimeofday_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_settimeofday settimeofday "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Setuid(uid int) (err error) { + _, _, e1 := syscall_rawSyscall(libc_setuid_trampoline_addr, uintptr(uid), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_setuid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setuid setuid "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Stat(path string, stat *Stat_t) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := syscall_syscall(libc_stat_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_stat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_stat stat "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Statfs(path string, stat *Statfs_t) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := syscall_syscall(libc_statfs_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_statfs_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_statfs statfs "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Symlink(path string, link string) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + var _p1 *byte + _p1, err = BytePtrFromString(link) + if err != nil { + return + } + _, _, e1 := syscall_syscall(libc_symlink_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_symlink_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_symlink symlink "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(oldpath) + if err != nil { + return + } + var _p1 *byte + _p1, err = BytePtrFromString(newpath) + if err != nil { + return + } + _, _, e1 := syscall_syscall(libc_symlinkat_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1))) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_symlinkat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_symlinkat symlinkat "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Sync() (err error) { + _, _, e1 := syscall_syscall(libc_sync_trampoline_addr, 0, 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_sync_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_sync sync "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Truncate(path string, length int64) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := syscall_syscall(libc_truncate_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(length), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_truncate_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_truncate truncate "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Umask(newmask int) (oldmask int) { + r0, _, _ := syscall_syscall(libc_umask_trampoline_addr, uintptr(newmask), 0, 0) + oldmask = int(r0) + return +} + +var libc_umask_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_umask umask "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Unlink(path string) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := syscall_syscall(libc_unlink_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_unlink_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_unlink unlink "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Unlinkat(dirfd int, path string, flags int) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := syscall_syscall(libc_unlinkat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_unlinkat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_unlinkat unlinkat "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Unmount(path string, flags int) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := syscall_syscall(libc_unmount_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_unmount_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_unmount unmount "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func write(fd int, p []byte) (n int, err error) { + var _p0 unsafe.Pointer + if len(p) > 0 { + _p0 = unsafe.Pointer(&p[0]) + } else { + _p0 = unsafe.Pointer(&_zero) + } + r0, _, e1 := syscall_syscall(libc_write_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(p))) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_write_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_write write "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error) { + r0, _, e1 := syscall_syscall6(libc_mmap_trampoline_addr, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flag), uintptr(fd), uintptr(pos)) + ret = uintptr(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_mmap_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mmap mmap "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func munmap(addr uintptr, length uintptr) (err error) { + _, _, e1 := syscall_syscall(libc_munmap_trampoline_addr, uintptr(addr), uintptr(length), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_munmap_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_munmap munmap "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func readlen(fd int, buf *byte, nbuf int) (n int, err error) { + r0, _, e1 := syscall_syscall(libc_read_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf)) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func writelen(fd int, buf *byte, nbuf int) (n int, err error) { + r0, _, e1 := syscall_syscall(libc_write_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf)) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := syscall_syscall6(libc_utimensat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), uintptr(flags), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_utimensat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_utimensat utimensat "libc.so" diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s new file mode 100644 index 00000000000..7c9223b6418 --- /dev/null +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s @@ -0,0 +1,796 @@ +// go run mkasm.go openbsd ppc64 +// Code generated by the command above; DO NOT EDIT. + +#include "textflag.h" + +TEXT libc_getgroups_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_getgroups(SB) + RET +GLOBL ·libc_getgroups_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getgroups_trampoline_addr(SB)/8, $libc_getgroups_trampoline<>(SB) + +TEXT libc_setgroups_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_setgroups(SB) + RET +GLOBL ·libc_setgroups_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setgroups_trampoline_addr(SB)/8, $libc_setgroups_trampoline<>(SB) + +TEXT libc_wait4_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_wait4(SB) + RET +GLOBL ·libc_wait4_trampoline_addr(SB), RODATA, $8 +DATA ·libc_wait4_trampoline_addr(SB)/8, $libc_wait4_trampoline<>(SB) + +TEXT libc_accept_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_accept(SB) + RET +GLOBL ·libc_accept_trampoline_addr(SB), RODATA, $8 +DATA ·libc_accept_trampoline_addr(SB)/8, $libc_accept_trampoline<>(SB) + +TEXT libc_bind_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_bind(SB) + RET +GLOBL ·libc_bind_trampoline_addr(SB), RODATA, $8 +DATA ·libc_bind_trampoline_addr(SB)/8, $libc_bind_trampoline<>(SB) + +TEXT libc_connect_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_connect(SB) + RET +GLOBL ·libc_connect_trampoline_addr(SB), RODATA, $8 +DATA ·libc_connect_trampoline_addr(SB)/8, $libc_connect_trampoline<>(SB) + +TEXT libc_socket_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_socket(SB) + RET +GLOBL ·libc_socket_trampoline_addr(SB), RODATA, $8 +DATA ·libc_socket_trampoline_addr(SB)/8, $libc_socket_trampoline<>(SB) + +TEXT libc_getsockopt_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_getsockopt(SB) + RET +GLOBL ·libc_getsockopt_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getsockopt_trampoline_addr(SB)/8, $libc_getsockopt_trampoline<>(SB) + +TEXT libc_setsockopt_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_setsockopt(SB) + RET +GLOBL ·libc_setsockopt_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setsockopt_trampoline_addr(SB)/8, $libc_setsockopt_trampoline<>(SB) + +TEXT libc_getpeername_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_getpeername(SB) + RET +GLOBL ·libc_getpeername_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getpeername_trampoline_addr(SB)/8, $libc_getpeername_trampoline<>(SB) + +TEXT libc_getsockname_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_getsockname(SB) + RET +GLOBL ·libc_getsockname_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getsockname_trampoline_addr(SB)/8, $libc_getsockname_trampoline<>(SB) + +TEXT libc_shutdown_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_shutdown(SB) + RET +GLOBL ·libc_shutdown_trampoline_addr(SB), RODATA, $8 +DATA ·libc_shutdown_trampoline_addr(SB)/8, $libc_shutdown_trampoline<>(SB) + +TEXT libc_socketpair_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_socketpair(SB) + RET +GLOBL ·libc_socketpair_trampoline_addr(SB), RODATA, $8 +DATA ·libc_socketpair_trampoline_addr(SB)/8, $libc_socketpair_trampoline<>(SB) + +TEXT libc_recvfrom_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_recvfrom(SB) + RET +GLOBL ·libc_recvfrom_trampoline_addr(SB), RODATA, $8 +DATA ·libc_recvfrom_trampoline_addr(SB)/8, $libc_recvfrom_trampoline<>(SB) + +TEXT libc_sendto_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_sendto(SB) + RET +GLOBL ·libc_sendto_trampoline_addr(SB), RODATA, $8 +DATA ·libc_sendto_trampoline_addr(SB)/8, $libc_sendto_trampoline<>(SB) + +TEXT libc_recvmsg_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_recvmsg(SB) + RET +GLOBL ·libc_recvmsg_trampoline_addr(SB), RODATA, $8 +DATA ·libc_recvmsg_trampoline_addr(SB)/8, $libc_recvmsg_trampoline<>(SB) + +TEXT libc_sendmsg_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_sendmsg(SB) + RET +GLOBL ·libc_sendmsg_trampoline_addr(SB), RODATA, $8 +DATA ·libc_sendmsg_trampoline_addr(SB)/8, $libc_sendmsg_trampoline<>(SB) + +TEXT libc_kevent_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_kevent(SB) + RET +GLOBL ·libc_kevent_trampoline_addr(SB), RODATA, $8 +DATA ·libc_kevent_trampoline_addr(SB)/8, $libc_kevent_trampoline<>(SB) + +TEXT libc_utimes_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_utimes(SB) + RET +GLOBL ·libc_utimes_trampoline_addr(SB), RODATA, $8 +DATA ·libc_utimes_trampoline_addr(SB)/8, $libc_utimes_trampoline<>(SB) + +TEXT libc_futimes_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_futimes(SB) + RET +GLOBL ·libc_futimes_trampoline_addr(SB), RODATA, $8 +DATA ·libc_futimes_trampoline_addr(SB)/8, $libc_futimes_trampoline<>(SB) + +TEXT libc_poll_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_poll(SB) + RET +GLOBL ·libc_poll_trampoline_addr(SB), RODATA, $8 +DATA ·libc_poll_trampoline_addr(SB)/8, $libc_poll_trampoline<>(SB) + +TEXT libc_madvise_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_madvise(SB) + RET +GLOBL ·libc_madvise_trampoline_addr(SB), RODATA, $8 +DATA ·libc_madvise_trampoline_addr(SB)/8, $libc_madvise_trampoline<>(SB) + +TEXT libc_mlock_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_mlock(SB) + RET +GLOBL ·libc_mlock_trampoline_addr(SB), RODATA, $8 +DATA ·libc_mlock_trampoline_addr(SB)/8, $libc_mlock_trampoline<>(SB) + +TEXT libc_mlockall_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_mlockall(SB) + RET +GLOBL ·libc_mlockall_trampoline_addr(SB), RODATA, $8 +DATA ·libc_mlockall_trampoline_addr(SB)/8, $libc_mlockall_trampoline<>(SB) + +TEXT libc_mprotect_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_mprotect(SB) + RET +GLOBL ·libc_mprotect_trampoline_addr(SB), RODATA, $8 +DATA ·libc_mprotect_trampoline_addr(SB)/8, $libc_mprotect_trampoline<>(SB) + +TEXT libc_msync_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_msync(SB) + RET +GLOBL ·libc_msync_trampoline_addr(SB), RODATA, $8 +DATA ·libc_msync_trampoline_addr(SB)/8, $libc_msync_trampoline<>(SB) + +TEXT libc_munlock_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_munlock(SB) + RET +GLOBL ·libc_munlock_trampoline_addr(SB), RODATA, $8 +DATA ·libc_munlock_trampoline_addr(SB)/8, $libc_munlock_trampoline<>(SB) + +TEXT libc_munlockall_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_munlockall(SB) + RET +GLOBL ·libc_munlockall_trampoline_addr(SB), RODATA, $8 +DATA ·libc_munlockall_trampoline_addr(SB)/8, $libc_munlockall_trampoline<>(SB) + +TEXT libc_pipe2_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_pipe2(SB) + RET +GLOBL ·libc_pipe2_trampoline_addr(SB), RODATA, $8 +DATA ·libc_pipe2_trampoline_addr(SB)/8, $libc_pipe2_trampoline<>(SB) + +TEXT libc_getdents_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_getdents(SB) + RET +GLOBL ·libc_getdents_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getdents_trampoline_addr(SB)/8, $libc_getdents_trampoline<>(SB) + +TEXT libc_getcwd_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_getcwd(SB) + RET +GLOBL ·libc_getcwd_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getcwd_trampoline_addr(SB)/8, $libc_getcwd_trampoline<>(SB) + +TEXT libc_ioctl_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_ioctl(SB) + RET +GLOBL ·libc_ioctl_trampoline_addr(SB), RODATA, $8 +DATA ·libc_ioctl_trampoline_addr(SB)/8, $libc_ioctl_trampoline<>(SB) + +TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_sysctl(SB) + RET +GLOBL ·libc_sysctl_trampoline_addr(SB), RODATA, $8 +DATA ·libc_sysctl_trampoline_addr(SB)/8, $libc_sysctl_trampoline<>(SB) + +TEXT libc_ppoll_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_ppoll(SB) + RET +GLOBL ·libc_ppoll_trampoline_addr(SB), RODATA, $8 +DATA ·libc_ppoll_trampoline_addr(SB)/8, $libc_ppoll_trampoline<>(SB) + +TEXT libc_access_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_access(SB) + RET +GLOBL ·libc_access_trampoline_addr(SB), RODATA, $8 +DATA ·libc_access_trampoline_addr(SB)/8, $libc_access_trampoline<>(SB) + +TEXT libc_adjtime_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_adjtime(SB) + RET +GLOBL ·libc_adjtime_trampoline_addr(SB), RODATA, $8 +DATA ·libc_adjtime_trampoline_addr(SB)/8, $libc_adjtime_trampoline<>(SB) + +TEXT libc_chdir_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_chdir(SB) + RET +GLOBL ·libc_chdir_trampoline_addr(SB), RODATA, $8 +DATA ·libc_chdir_trampoline_addr(SB)/8, $libc_chdir_trampoline<>(SB) + +TEXT libc_chflags_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_chflags(SB) + RET +GLOBL ·libc_chflags_trampoline_addr(SB), RODATA, $8 +DATA ·libc_chflags_trampoline_addr(SB)/8, $libc_chflags_trampoline<>(SB) + +TEXT libc_chmod_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_chmod(SB) + RET +GLOBL ·libc_chmod_trampoline_addr(SB), RODATA, $8 +DATA ·libc_chmod_trampoline_addr(SB)/8, $libc_chmod_trampoline<>(SB) + +TEXT libc_chown_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_chown(SB) + RET +GLOBL ·libc_chown_trampoline_addr(SB), RODATA, $8 +DATA ·libc_chown_trampoline_addr(SB)/8, $libc_chown_trampoline<>(SB) + +TEXT libc_chroot_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_chroot(SB) + RET +GLOBL ·libc_chroot_trampoline_addr(SB), RODATA, $8 +DATA ·libc_chroot_trampoline_addr(SB)/8, $libc_chroot_trampoline<>(SB) + +TEXT libc_close_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_close(SB) + RET +GLOBL ·libc_close_trampoline_addr(SB), RODATA, $8 +DATA ·libc_close_trampoline_addr(SB)/8, $libc_close_trampoline<>(SB) + +TEXT libc_dup_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_dup(SB) + RET +GLOBL ·libc_dup_trampoline_addr(SB), RODATA, $8 +DATA ·libc_dup_trampoline_addr(SB)/8, $libc_dup_trampoline<>(SB) + +TEXT libc_dup2_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_dup2(SB) + RET +GLOBL ·libc_dup2_trampoline_addr(SB), RODATA, $8 +DATA ·libc_dup2_trampoline_addr(SB)/8, $libc_dup2_trampoline<>(SB) + +TEXT libc_dup3_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_dup3(SB) + RET +GLOBL ·libc_dup3_trampoline_addr(SB), RODATA, $8 +DATA ·libc_dup3_trampoline_addr(SB)/8, $libc_dup3_trampoline<>(SB) + +TEXT libc_exit_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_exit(SB) + RET +GLOBL ·libc_exit_trampoline_addr(SB), RODATA, $8 +DATA ·libc_exit_trampoline_addr(SB)/8, $libc_exit_trampoline<>(SB) + +TEXT libc_faccessat_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_faccessat(SB) + RET +GLOBL ·libc_faccessat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_faccessat_trampoline_addr(SB)/8, $libc_faccessat_trampoline<>(SB) + +TEXT libc_fchdir_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_fchdir(SB) + RET +GLOBL ·libc_fchdir_trampoline_addr(SB), RODATA, $8 +DATA ·libc_fchdir_trampoline_addr(SB)/8, $libc_fchdir_trampoline<>(SB) + +TEXT libc_fchflags_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_fchflags(SB) + RET +GLOBL ·libc_fchflags_trampoline_addr(SB), RODATA, $8 +DATA ·libc_fchflags_trampoline_addr(SB)/8, $libc_fchflags_trampoline<>(SB) + +TEXT libc_fchmod_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_fchmod(SB) + RET +GLOBL ·libc_fchmod_trampoline_addr(SB), RODATA, $8 +DATA ·libc_fchmod_trampoline_addr(SB)/8, $libc_fchmod_trampoline<>(SB) + +TEXT libc_fchmodat_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_fchmodat(SB) + RET +GLOBL ·libc_fchmodat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_fchmodat_trampoline_addr(SB)/8, $libc_fchmodat_trampoline<>(SB) + +TEXT libc_fchown_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_fchown(SB) + RET +GLOBL ·libc_fchown_trampoline_addr(SB), RODATA, $8 +DATA ·libc_fchown_trampoline_addr(SB)/8, $libc_fchown_trampoline<>(SB) + +TEXT libc_fchownat_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_fchownat(SB) + RET +GLOBL ·libc_fchownat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_fchownat_trampoline_addr(SB)/8, $libc_fchownat_trampoline<>(SB) + +TEXT libc_flock_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_flock(SB) + RET +GLOBL ·libc_flock_trampoline_addr(SB), RODATA, $8 +DATA ·libc_flock_trampoline_addr(SB)/8, $libc_flock_trampoline<>(SB) + +TEXT libc_fpathconf_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_fpathconf(SB) + RET +GLOBL ·libc_fpathconf_trampoline_addr(SB), RODATA, $8 +DATA ·libc_fpathconf_trampoline_addr(SB)/8, $libc_fpathconf_trampoline<>(SB) + +TEXT libc_fstat_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_fstat(SB) + RET +GLOBL ·libc_fstat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_fstat_trampoline_addr(SB)/8, $libc_fstat_trampoline<>(SB) + +TEXT libc_fstatat_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_fstatat(SB) + RET +GLOBL ·libc_fstatat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_fstatat_trampoline_addr(SB)/8, $libc_fstatat_trampoline<>(SB) + +TEXT libc_fstatfs_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_fstatfs(SB) + RET +GLOBL ·libc_fstatfs_trampoline_addr(SB), RODATA, $8 +DATA ·libc_fstatfs_trampoline_addr(SB)/8, $libc_fstatfs_trampoline<>(SB) + +TEXT libc_fsync_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_fsync(SB) + RET +GLOBL ·libc_fsync_trampoline_addr(SB), RODATA, $8 +DATA ·libc_fsync_trampoline_addr(SB)/8, $libc_fsync_trampoline<>(SB) + +TEXT libc_ftruncate_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_ftruncate(SB) + RET +GLOBL ·libc_ftruncate_trampoline_addr(SB), RODATA, $8 +DATA ·libc_ftruncate_trampoline_addr(SB)/8, $libc_ftruncate_trampoline<>(SB) + +TEXT libc_getegid_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_getegid(SB) + RET +GLOBL ·libc_getegid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getegid_trampoline_addr(SB)/8, $libc_getegid_trampoline<>(SB) + +TEXT libc_geteuid_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_geteuid(SB) + RET +GLOBL ·libc_geteuid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_geteuid_trampoline_addr(SB)/8, $libc_geteuid_trampoline<>(SB) + +TEXT libc_getgid_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_getgid(SB) + RET +GLOBL ·libc_getgid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getgid_trampoline_addr(SB)/8, $libc_getgid_trampoline<>(SB) + +TEXT libc_getpgid_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_getpgid(SB) + RET +GLOBL ·libc_getpgid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getpgid_trampoline_addr(SB)/8, $libc_getpgid_trampoline<>(SB) + +TEXT libc_getpgrp_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_getpgrp(SB) + RET +GLOBL ·libc_getpgrp_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getpgrp_trampoline_addr(SB)/8, $libc_getpgrp_trampoline<>(SB) + +TEXT libc_getpid_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_getpid(SB) + RET +GLOBL ·libc_getpid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getpid_trampoline_addr(SB)/8, $libc_getpid_trampoline<>(SB) + +TEXT libc_getppid_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_getppid(SB) + RET +GLOBL ·libc_getppid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getppid_trampoline_addr(SB)/8, $libc_getppid_trampoline<>(SB) + +TEXT libc_getpriority_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_getpriority(SB) + RET +GLOBL ·libc_getpriority_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getpriority_trampoline_addr(SB)/8, $libc_getpriority_trampoline<>(SB) + +TEXT libc_getrlimit_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_getrlimit(SB) + RET +GLOBL ·libc_getrlimit_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getrlimit_trampoline_addr(SB)/8, $libc_getrlimit_trampoline<>(SB) + +TEXT libc_getrtable_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_getrtable(SB) + RET +GLOBL ·libc_getrtable_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getrtable_trampoline_addr(SB)/8, $libc_getrtable_trampoline<>(SB) + +TEXT libc_getrusage_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_getrusage(SB) + RET +GLOBL ·libc_getrusage_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getrusage_trampoline_addr(SB)/8, $libc_getrusage_trampoline<>(SB) + +TEXT libc_getsid_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_getsid(SB) + RET +GLOBL ·libc_getsid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getsid_trampoline_addr(SB)/8, $libc_getsid_trampoline<>(SB) + +TEXT libc_gettimeofday_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_gettimeofday(SB) + RET +GLOBL ·libc_gettimeofday_trampoline_addr(SB), RODATA, $8 +DATA ·libc_gettimeofday_trampoline_addr(SB)/8, $libc_gettimeofday_trampoline<>(SB) + +TEXT libc_getuid_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_getuid(SB) + RET +GLOBL ·libc_getuid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getuid_trampoline_addr(SB)/8, $libc_getuid_trampoline<>(SB) + +TEXT libc_issetugid_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_issetugid(SB) + RET +GLOBL ·libc_issetugid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_issetugid_trampoline_addr(SB)/8, $libc_issetugid_trampoline<>(SB) + +TEXT libc_kill_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_kill(SB) + RET +GLOBL ·libc_kill_trampoline_addr(SB), RODATA, $8 +DATA ·libc_kill_trampoline_addr(SB)/8, $libc_kill_trampoline<>(SB) + +TEXT libc_kqueue_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_kqueue(SB) + RET +GLOBL ·libc_kqueue_trampoline_addr(SB), RODATA, $8 +DATA ·libc_kqueue_trampoline_addr(SB)/8, $libc_kqueue_trampoline<>(SB) + +TEXT libc_lchown_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_lchown(SB) + RET +GLOBL ·libc_lchown_trampoline_addr(SB), RODATA, $8 +DATA ·libc_lchown_trampoline_addr(SB)/8, $libc_lchown_trampoline<>(SB) + +TEXT libc_link_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_link(SB) + RET +GLOBL ·libc_link_trampoline_addr(SB), RODATA, $8 +DATA ·libc_link_trampoline_addr(SB)/8, $libc_link_trampoline<>(SB) + +TEXT libc_linkat_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_linkat(SB) + RET +GLOBL ·libc_linkat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_linkat_trampoline_addr(SB)/8, $libc_linkat_trampoline<>(SB) + +TEXT libc_listen_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_listen(SB) + RET +GLOBL ·libc_listen_trampoline_addr(SB), RODATA, $8 +DATA ·libc_listen_trampoline_addr(SB)/8, $libc_listen_trampoline<>(SB) + +TEXT libc_lstat_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_lstat(SB) + RET +GLOBL ·libc_lstat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_lstat_trampoline_addr(SB)/8, $libc_lstat_trampoline<>(SB) + +TEXT libc_mkdir_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_mkdir(SB) + RET +GLOBL ·libc_mkdir_trampoline_addr(SB), RODATA, $8 +DATA ·libc_mkdir_trampoline_addr(SB)/8, $libc_mkdir_trampoline<>(SB) + +TEXT libc_mkdirat_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_mkdirat(SB) + RET +GLOBL ·libc_mkdirat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_mkdirat_trampoline_addr(SB)/8, $libc_mkdirat_trampoline<>(SB) + +TEXT libc_mkfifo_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_mkfifo(SB) + RET +GLOBL ·libc_mkfifo_trampoline_addr(SB), RODATA, $8 +DATA ·libc_mkfifo_trampoline_addr(SB)/8, $libc_mkfifo_trampoline<>(SB) + +TEXT libc_mkfifoat_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_mkfifoat(SB) + RET +GLOBL ·libc_mkfifoat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_mkfifoat_trampoline_addr(SB)/8, $libc_mkfifoat_trampoline<>(SB) + +TEXT libc_mknod_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_mknod(SB) + RET +GLOBL ·libc_mknod_trampoline_addr(SB), RODATA, $8 +DATA ·libc_mknod_trampoline_addr(SB)/8, $libc_mknod_trampoline<>(SB) + +TEXT libc_mknodat_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_mknodat(SB) + RET +GLOBL ·libc_mknodat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_mknodat_trampoline_addr(SB)/8, $libc_mknodat_trampoline<>(SB) + +TEXT libc_nanosleep_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_nanosleep(SB) + RET +GLOBL ·libc_nanosleep_trampoline_addr(SB), RODATA, $8 +DATA ·libc_nanosleep_trampoline_addr(SB)/8, $libc_nanosleep_trampoline<>(SB) + +TEXT libc_open_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_open(SB) + RET +GLOBL ·libc_open_trampoline_addr(SB), RODATA, $8 +DATA ·libc_open_trampoline_addr(SB)/8, $libc_open_trampoline<>(SB) + +TEXT libc_openat_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_openat(SB) + RET +GLOBL ·libc_openat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_openat_trampoline_addr(SB)/8, $libc_openat_trampoline<>(SB) + +TEXT libc_pathconf_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_pathconf(SB) + RET +GLOBL ·libc_pathconf_trampoline_addr(SB), RODATA, $8 +DATA ·libc_pathconf_trampoline_addr(SB)/8, $libc_pathconf_trampoline<>(SB) + +TEXT libc_pread_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_pread(SB) + RET +GLOBL ·libc_pread_trampoline_addr(SB), RODATA, $8 +DATA ·libc_pread_trampoline_addr(SB)/8, $libc_pread_trampoline<>(SB) + +TEXT libc_pwrite_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_pwrite(SB) + RET +GLOBL ·libc_pwrite_trampoline_addr(SB), RODATA, $8 +DATA ·libc_pwrite_trampoline_addr(SB)/8, $libc_pwrite_trampoline<>(SB) + +TEXT libc_read_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_read(SB) + RET +GLOBL ·libc_read_trampoline_addr(SB), RODATA, $8 +DATA ·libc_read_trampoline_addr(SB)/8, $libc_read_trampoline<>(SB) + +TEXT libc_readlink_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_readlink(SB) + RET +GLOBL ·libc_readlink_trampoline_addr(SB), RODATA, $8 +DATA ·libc_readlink_trampoline_addr(SB)/8, $libc_readlink_trampoline<>(SB) + +TEXT libc_readlinkat_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_readlinkat(SB) + RET +GLOBL ·libc_readlinkat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_readlinkat_trampoline_addr(SB)/8, $libc_readlinkat_trampoline<>(SB) + +TEXT libc_rename_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_rename(SB) + RET +GLOBL ·libc_rename_trampoline_addr(SB), RODATA, $8 +DATA ·libc_rename_trampoline_addr(SB)/8, $libc_rename_trampoline<>(SB) + +TEXT libc_renameat_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_renameat(SB) + RET +GLOBL ·libc_renameat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_renameat_trampoline_addr(SB)/8, $libc_renameat_trampoline<>(SB) + +TEXT libc_revoke_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_revoke(SB) + RET +GLOBL ·libc_revoke_trampoline_addr(SB), RODATA, $8 +DATA ·libc_revoke_trampoline_addr(SB)/8, $libc_revoke_trampoline<>(SB) + +TEXT libc_rmdir_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_rmdir(SB) + RET +GLOBL ·libc_rmdir_trampoline_addr(SB), RODATA, $8 +DATA ·libc_rmdir_trampoline_addr(SB)/8, $libc_rmdir_trampoline<>(SB) + +TEXT libc_lseek_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_lseek(SB) + RET +GLOBL ·libc_lseek_trampoline_addr(SB), RODATA, $8 +DATA ·libc_lseek_trampoline_addr(SB)/8, $libc_lseek_trampoline<>(SB) + +TEXT libc_select_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_select(SB) + RET +GLOBL ·libc_select_trampoline_addr(SB), RODATA, $8 +DATA ·libc_select_trampoline_addr(SB)/8, $libc_select_trampoline<>(SB) + +TEXT libc_setegid_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_setegid(SB) + RET +GLOBL ·libc_setegid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setegid_trampoline_addr(SB)/8, $libc_setegid_trampoline<>(SB) + +TEXT libc_seteuid_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_seteuid(SB) + RET +GLOBL ·libc_seteuid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_seteuid_trampoline_addr(SB)/8, $libc_seteuid_trampoline<>(SB) + +TEXT libc_setgid_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_setgid(SB) + RET +GLOBL ·libc_setgid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setgid_trampoline_addr(SB)/8, $libc_setgid_trampoline<>(SB) + +TEXT libc_setlogin_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_setlogin(SB) + RET +GLOBL ·libc_setlogin_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setlogin_trampoline_addr(SB)/8, $libc_setlogin_trampoline<>(SB) + +TEXT libc_setpgid_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_setpgid(SB) + RET +GLOBL ·libc_setpgid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setpgid_trampoline_addr(SB)/8, $libc_setpgid_trampoline<>(SB) + +TEXT libc_setpriority_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_setpriority(SB) + RET +GLOBL ·libc_setpriority_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setpriority_trampoline_addr(SB)/8, $libc_setpriority_trampoline<>(SB) + +TEXT libc_setregid_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_setregid(SB) + RET +GLOBL ·libc_setregid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setregid_trampoline_addr(SB)/8, $libc_setregid_trampoline<>(SB) + +TEXT libc_setreuid_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_setreuid(SB) + RET +GLOBL ·libc_setreuid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setreuid_trampoline_addr(SB)/8, $libc_setreuid_trampoline<>(SB) + +TEXT libc_setresgid_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_setresgid(SB) + RET +GLOBL ·libc_setresgid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setresgid_trampoline_addr(SB)/8, $libc_setresgid_trampoline<>(SB) + +TEXT libc_setresuid_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_setresuid(SB) + RET +GLOBL ·libc_setresuid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setresuid_trampoline_addr(SB)/8, $libc_setresuid_trampoline<>(SB) + +TEXT libc_setrlimit_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_setrlimit(SB) + RET +GLOBL ·libc_setrlimit_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setrlimit_trampoline_addr(SB)/8, $libc_setrlimit_trampoline<>(SB) + +TEXT libc_setrtable_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_setrtable(SB) + RET +GLOBL ·libc_setrtable_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setrtable_trampoline_addr(SB)/8, $libc_setrtable_trampoline<>(SB) + +TEXT libc_setsid_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_setsid(SB) + RET +GLOBL ·libc_setsid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setsid_trampoline_addr(SB)/8, $libc_setsid_trampoline<>(SB) + +TEXT libc_settimeofday_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_settimeofday(SB) + RET +GLOBL ·libc_settimeofday_trampoline_addr(SB), RODATA, $8 +DATA ·libc_settimeofday_trampoline_addr(SB)/8, $libc_settimeofday_trampoline<>(SB) + +TEXT libc_setuid_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_setuid(SB) + RET +GLOBL ·libc_setuid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setuid_trampoline_addr(SB)/8, $libc_setuid_trampoline<>(SB) + +TEXT libc_stat_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_stat(SB) + RET +GLOBL ·libc_stat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_stat_trampoline_addr(SB)/8, $libc_stat_trampoline<>(SB) + +TEXT libc_statfs_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_statfs(SB) + RET +GLOBL ·libc_statfs_trampoline_addr(SB), RODATA, $8 +DATA ·libc_statfs_trampoline_addr(SB)/8, $libc_statfs_trampoline<>(SB) + +TEXT libc_symlink_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_symlink(SB) + RET +GLOBL ·libc_symlink_trampoline_addr(SB), RODATA, $8 +DATA ·libc_symlink_trampoline_addr(SB)/8, $libc_symlink_trampoline<>(SB) + +TEXT libc_symlinkat_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_symlinkat(SB) + RET +GLOBL ·libc_symlinkat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_symlinkat_trampoline_addr(SB)/8, $libc_symlinkat_trampoline<>(SB) + +TEXT libc_sync_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_sync(SB) + RET +GLOBL ·libc_sync_trampoline_addr(SB), RODATA, $8 +DATA ·libc_sync_trampoline_addr(SB)/8, $libc_sync_trampoline<>(SB) + +TEXT libc_truncate_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_truncate(SB) + RET +GLOBL ·libc_truncate_trampoline_addr(SB), RODATA, $8 +DATA ·libc_truncate_trampoline_addr(SB)/8, $libc_truncate_trampoline<>(SB) + +TEXT libc_umask_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_umask(SB) + RET +GLOBL ·libc_umask_trampoline_addr(SB), RODATA, $8 +DATA ·libc_umask_trampoline_addr(SB)/8, $libc_umask_trampoline<>(SB) + +TEXT libc_unlink_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_unlink(SB) + RET +GLOBL ·libc_unlink_trampoline_addr(SB), RODATA, $8 +DATA ·libc_unlink_trampoline_addr(SB)/8, $libc_unlink_trampoline<>(SB) + +TEXT libc_unlinkat_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_unlinkat(SB) + RET +GLOBL ·libc_unlinkat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_unlinkat_trampoline_addr(SB)/8, $libc_unlinkat_trampoline<>(SB) + +TEXT libc_unmount_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_unmount(SB) + RET +GLOBL ·libc_unmount_trampoline_addr(SB), RODATA, $8 +DATA ·libc_unmount_trampoline_addr(SB)/8, $libc_unmount_trampoline<>(SB) + +TEXT libc_write_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_write(SB) + RET +GLOBL ·libc_write_trampoline_addr(SB), RODATA, $8 +DATA ·libc_write_trampoline_addr(SB)/8, $libc_write_trampoline<>(SB) + +TEXT libc_mmap_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_mmap(SB) + RET +GLOBL ·libc_mmap_trampoline_addr(SB), RODATA, $8 +DATA ·libc_mmap_trampoline_addr(SB)/8, $libc_mmap_trampoline<>(SB) + +TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_munmap(SB) + RET +GLOBL ·libc_munmap_trampoline_addr(SB), RODATA, $8 +DATA ·libc_munmap_trampoline_addr(SB)/8, $libc_munmap_trampoline<>(SB) + +TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_utimensat(SB) + RET +GLOBL ·libc_utimensat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_utimensat_trampoline_addr(SB)/8, $libc_utimensat_trampoline<>(SB) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go new file mode 100644 index 00000000000..8e3e7873f89 --- /dev/null +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go @@ -0,0 +1,2221 @@ +// go run mksyscall.go -openbsd -libc -tags openbsd,riscv64 syscall_bsd.go syscall_openbsd.go syscall_openbsd_riscv64.go +// Code generated by the command above; see README.md. DO NOT EDIT. + +//go:build openbsd && riscv64 +// +build openbsd,riscv64 + +package unix + +import ( + "syscall" + "unsafe" +) + +var _ syscall.Errno + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func getgroups(ngid int, gid *_Gid_t) (n int, err error) { + r0, _, e1 := syscall_rawSyscall(libc_getgroups_trampoline_addr, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_getgroups_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getgroups getgroups "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func setgroups(ngid int, gid *_Gid_t) (err error) { + _, _, e1 := syscall_rawSyscall(libc_setgroups_trampoline_addr, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_setgroups_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setgroups setgroups "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err error) { + r0, _, e1 := syscall_syscall6(libc_wait4_trampoline_addr, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0, 0) + wpid = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_wait4_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_wait4 wait4 "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) { + r0, _, e1 := syscall_syscall(libc_accept_trampoline_addr, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) + fd = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_accept_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_accept accept "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) { + _, _, e1 := syscall_syscall(libc_bind_trampoline_addr, uintptr(s), uintptr(addr), uintptr(addrlen)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_bind_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_bind bind "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) { + _, _, e1 := syscall_syscall(libc_connect_trampoline_addr, uintptr(s), uintptr(addr), uintptr(addrlen)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_connect_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_connect connect "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func socket(domain int, typ int, proto int) (fd int, err error) { + r0, _, e1 := syscall_rawSyscall(libc_socket_trampoline_addr, uintptr(domain), uintptr(typ), uintptr(proto)) + fd = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_socket_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_socket socket "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) { + _, _, e1 := syscall_syscall6(libc_getsockopt_trampoline_addr, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_getsockopt_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getsockopt getsockopt "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) { + _, _, e1 := syscall_syscall6(libc_setsockopt_trampoline_addr, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_setsockopt_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setsockopt setsockopt "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) { + _, _, e1 := syscall_rawSyscall(libc_getpeername_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_getpeername_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getpeername getpeername "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) { + _, _, e1 := syscall_rawSyscall(libc_getsockname_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_getsockname_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getsockname getsockname "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Shutdown(s int, how int) (err error) { + _, _, e1 := syscall_syscall(libc_shutdown_trampoline_addr, uintptr(s), uintptr(how), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_shutdown_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_shutdown shutdown "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) { + _, _, e1 := syscall_rawSyscall6(libc_socketpair_trampoline_addr, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_socketpair_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_socketpair socketpair "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) { + var _p0 unsafe.Pointer + if len(p) > 0 { + _p0 = unsafe.Pointer(&p[0]) + } else { + _p0 = unsafe.Pointer(&_zero) + } + r0, _, e1 := syscall_syscall6(libc_recvfrom_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen))) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_recvfrom_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_recvfrom recvfrom "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) { + var _p0 unsafe.Pointer + if len(buf) > 0 { + _p0 = unsafe.Pointer(&buf[0]) + } else { + _p0 = unsafe.Pointer(&_zero) + } + _, _, e1 := syscall_syscall6(libc_sendto_trampoline_addr, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_sendto_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_sendto sendto "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) { + r0, _, e1 := syscall_syscall(libc_recvmsg_trampoline_addr, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags)) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_recvmsg_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_recvmsg recvmsg "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) { + r0, _, e1 := syscall_syscall(libc_sendmsg_trampoline_addr, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags)) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_sendmsg_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_sendmsg sendmsg "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func kevent(kq int, change unsafe.Pointer, nchange int, event unsafe.Pointer, nevent int, timeout *Timespec) (n int, err error) { + r0, _, e1 := syscall_syscall6(libc_kevent_trampoline_addr, uintptr(kq), uintptr(change), uintptr(nchange), uintptr(event), uintptr(nevent), uintptr(unsafe.Pointer(timeout))) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_kevent_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_kevent kevent "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func utimes(path string, timeval *[2]Timeval) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := syscall_syscall(libc_utimes_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(timeval)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_utimes_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_utimes utimes "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func futimes(fd int, timeval *[2]Timeval) (err error) { + _, _, e1 := syscall_syscall(libc_futimes_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(timeval)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_futimes_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_futimes futimes "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func poll(fds *PollFd, nfds int, timeout int) (n int, err error) { + r0, _, e1 := syscall_syscall(libc_poll_trampoline_addr, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout)) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_poll_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_poll poll "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Madvise(b []byte, behav int) (err error) { + var _p0 unsafe.Pointer + if len(b) > 0 { + _p0 = unsafe.Pointer(&b[0]) + } else { + _p0 = unsafe.Pointer(&_zero) + } + _, _, e1 := syscall_syscall(libc_madvise_trampoline_addr, uintptr(_p0), uintptr(len(b)), uintptr(behav)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_madvise_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_madvise madvise "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Mlock(b []byte) (err error) { + var _p0 unsafe.Pointer + if len(b) > 0 { + _p0 = unsafe.Pointer(&b[0]) + } else { + _p0 = unsafe.Pointer(&_zero) + } + _, _, e1 := syscall_syscall(libc_mlock_trampoline_addr, uintptr(_p0), uintptr(len(b)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_mlock_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mlock mlock "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Mlockall(flags int) (err error) { + _, _, e1 := syscall_syscall(libc_mlockall_trampoline_addr, uintptr(flags), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_mlockall_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mlockall mlockall "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Mprotect(b []byte, prot int) (err error) { + var _p0 unsafe.Pointer + if len(b) > 0 { + _p0 = unsafe.Pointer(&b[0]) + } else { + _p0 = unsafe.Pointer(&_zero) + } + _, _, e1 := syscall_syscall(libc_mprotect_trampoline_addr, uintptr(_p0), uintptr(len(b)), uintptr(prot)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_mprotect_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mprotect mprotect "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Msync(b []byte, flags int) (err error) { + var _p0 unsafe.Pointer + if len(b) > 0 { + _p0 = unsafe.Pointer(&b[0]) + } else { + _p0 = unsafe.Pointer(&_zero) + } + _, _, e1 := syscall_syscall(libc_msync_trampoline_addr, uintptr(_p0), uintptr(len(b)), uintptr(flags)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_msync_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_msync msync "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Munlock(b []byte) (err error) { + var _p0 unsafe.Pointer + if len(b) > 0 { + _p0 = unsafe.Pointer(&b[0]) + } else { + _p0 = unsafe.Pointer(&_zero) + } + _, _, e1 := syscall_syscall(libc_munlock_trampoline_addr, uintptr(_p0), uintptr(len(b)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_munlock_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_munlock munlock "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Munlockall() (err error) { + _, _, e1 := syscall_syscall(libc_munlockall_trampoline_addr, 0, 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_munlockall_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_munlockall munlockall "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func pipe2(p *[2]_C_int, flags int) (err error) { + _, _, e1 := syscall_rawSyscall(libc_pipe2_trampoline_addr, uintptr(unsafe.Pointer(p)), uintptr(flags), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_pipe2_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_pipe2 pipe2 "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Getdents(fd int, buf []byte) (n int, err error) { + var _p0 unsafe.Pointer + if len(buf) > 0 { + _p0 = unsafe.Pointer(&buf[0]) + } else { + _p0 = unsafe.Pointer(&_zero) + } + r0, _, e1 := syscall_syscall(libc_getdents_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(buf))) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_getdents_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getdents getdents "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Getcwd(buf []byte) (n int, err error) { + var _p0 unsafe.Pointer + if len(buf) > 0 { + _p0 = unsafe.Pointer(&buf[0]) + } else { + _p0 = unsafe.Pointer(&_zero) + } + r0, _, e1 := syscall_syscall(libc_getcwd_trampoline_addr, uintptr(_p0), uintptr(len(buf)), 0) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_getcwd_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getcwd getcwd "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func ioctl(fd int, req uint, arg uintptr) (err error) { + _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_ioctl_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_ioctl ioctl "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { + var _p0 unsafe.Pointer + if len(mib) > 0 { + _p0 = unsafe.Pointer(&mib[0]) + } else { + _p0 = unsafe.Pointer(&_zero) + } + _, _, e1 := syscall_syscall6(libc_sysctl_trampoline_addr, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_sysctl_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_sysctl sysctl "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) { + r0, _, e1 := syscall_syscall6(libc_ppoll_trampoline_addr, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_ppoll_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_ppoll ppoll "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Access(path string, mode uint32) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := syscall_syscall(libc_access_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_access_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_access access "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Adjtime(delta *Timeval, olddelta *Timeval) (err error) { + _, _, e1 := syscall_syscall(libc_adjtime_trampoline_addr, uintptr(unsafe.Pointer(delta)), uintptr(unsafe.Pointer(olddelta)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_adjtime_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_adjtime adjtime "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Chdir(path string) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := syscall_syscall(libc_chdir_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_chdir_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_chdir chdir "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Chflags(path string, flags int) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := syscall_syscall(libc_chflags_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_chflags_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_chflags chflags "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Chmod(path string, mode uint32) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := syscall_syscall(libc_chmod_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_chmod_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_chmod chmod "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Chown(path string, uid int, gid int) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := syscall_syscall(libc_chown_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_chown_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_chown chown "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Chroot(path string) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := syscall_syscall(libc_chroot_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_chroot_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_chroot chroot "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Close(fd int) (err error) { + _, _, e1 := syscall_syscall(libc_close_trampoline_addr, uintptr(fd), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_close_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_close close "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Dup(fd int) (nfd int, err error) { + r0, _, e1 := syscall_syscall(libc_dup_trampoline_addr, uintptr(fd), 0, 0) + nfd = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_dup_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_dup dup "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Dup2(from int, to int) (err error) { + _, _, e1 := syscall_syscall(libc_dup2_trampoline_addr, uintptr(from), uintptr(to), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_dup2_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_dup2 dup2 "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Dup3(from int, to int, flags int) (err error) { + _, _, e1 := syscall_syscall(libc_dup3_trampoline_addr, uintptr(from), uintptr(to), uintptr(flags)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_dup3_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_dup3 dup3 "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Exit(code int) { + syscall_syscall(libc_exit_trampoline_addr, uintptr(code), 0, 0) + return +} + +var libc_exit_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_exit exit "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := syscall_syscall6(libc_faccessat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_faccessat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_faccessat faccessat "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Fchdir(fd int) (err error) { + _, _, e1 := syscall_syscall(libc_fchdir_trampoline_addr, uintptr(fd), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_fchdir_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fchdir fchdir "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Fchflags(fd int, flags int) (err error) { + _, _, e1 := syscall_syscall(libc_fchflags_trampoline_addr, uintptr(fd), uintptr(flags), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_fchflags_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fchflags fchflags "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Fchmod(fd int, mode uint32) (err error) { + _, _, e1 := syscall_syscall(libc_fchmod_trampoline_addr, uintptr(fd), uintptr(mode), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_fchmod_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fchmod fchmod "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := syscall_syscall6(libc_fchmodat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_fchmodat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fchmodat fchmodat "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Fchown(fd int, uid int, gid int) (err error) { + _, _, e1 := syscall_syscall(libc_fchown_trampoline_addr, uintptr(fd), uintptr(uid), uintptr(gid)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_fchown_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fchown fchown "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := syscall_syscall6(libc_fchownat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_fchownat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fchownat fchownat "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Flock(fd int, how int) (err error) { + _, _, e1 := syscall_syscall(libc_flock_trampoline_addr, uintptr(fd), uintptr(how), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_flock_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_flock flock "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Fpathconf(fd int, name int) (val int, err error) { + r0, _, e1 := syscall_syscall(libc_fpathconf_trampoline_addr, uintptr(fd), uintptr(name), 0) + val = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_fpathconf_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fpathconf fpathconf "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Fstat(fd int, stat *Stat_t) (err error) { + _, _, e1 := syscall_syscall(libc_fstat_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_fstat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fstat fstat "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := syscall_syscall6(libc_fstatat_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_fstatat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fstatat fstatat "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Fstatfs(fd int, stat *Statfs_t) (err error) { + _, _, e1 := syscall_syscall(libc_fstatfs_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_fstatfs_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fstatfs fstatfs "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Fsync(fd int) (err error) { + _, _, e1 := syscall_syscall(libc_fsync_trampoline_addr, uintptr(fd), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_fsync_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fsync fsync "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Ftruncate(fd int, length int64) (err error) { + _, _, e1 := syscall_syscall(libc_ftruncate_trampoline_addr, uintptr(fd), uintptr(length), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_ftruncate_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_ftruncate ftruncate "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Getegid() (egid int) { + r0, _, _ := syscall_rawSyscall(libc_getegid_trampoline_addr, 0, 0, 0) + egid = int(r0) + return +} + +var libc_getegid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getegid getegid "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Geteuid() (uid int) { + r0, _, _ := syscall_rawSyscall(libc_geteuid_trampoline_addr, 0, 0, 0) + uid = int(r0) + return +} + +var libc_geteuid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_geteuid geteuid "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Getgid() (gid int) { + r0, _, _ := syscall_rawSyscall(libc_getgid_trampoline_addr, 0, 0, 0) + gid = int(r0) + return +} + +var libc_getgid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getgid getgid "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Getpgid(pid int) (pgid int, err error) { + r0, _, e1 := syscall_rawSyscall(libc_getpgid_trampoline_addr, uintptr(pid), 0, 0) + pgid = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_getpgid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getpgid getpgid "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Getpgrp() (pgrp int) { + r0, _, _ := syscall_rawSyscall(libc_getpgrp_trampoline_addr, 0, 0, 0) + pgrp = int(r0) + return +} + +var libc_getpgrp_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getpgrp getpgrp "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Getpid() (pid int) { + r0, _, _ := syscall_rawSyscall(libc_getpid_trampoline_addr, 0, 0, 0) + pid = int(r0) + return +} + +var libc_getpid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getpid getpid "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Getppid() (ppid int) { + r0, _, _ := syscall_rawSyscall(libc_getppid_trampoline_addr, 0, 0, 0) + ppid = int(r0) + return +} + +var libc_getppid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getppid getppid "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Getpriority(which int, who int) (prio int, err error) { + r0, _, e1 := syscall_syscall(libc_getpriority_trampoline_addr, uintptr(which), uintptr(who), 0) + prio = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_getpriority_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getpriority getpriority "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Getrlimit(which int, lim *Rlimit) (err error) { + _, _, e1 := syscall_rawSyscall(libc_getrlimit_trampoline_addr, uintptr(which), uintptr(unsafe.Pointer(lim)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_getrlimit_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getrlimit getrlimit "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Getrtable() (rtable int, err error) { + r0, _, e1 := syscall_rawSyscall(libc_getrtable_trampoline_addr, 0, 0, 0) + rtable = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_getrtable_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getrtable getrtable "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Getrusage(who int, rusage *Rusage) (err error) { + _, _, e1 := syscall_rawSyscall(libc_getrusage_trampoline_addr, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_getrusage_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getrusage getrusage "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Getsid(pid int) (sid int, err error) { + r0, _, e1 := syscall_rawSyscall(libc_getsid_trampoline_addr, uintptr(pid), 0, 0) + sid = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_getsid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getsid getsid "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Gettimeofday(tv *Timeval) (err error) { + _, _, e1 := syscall_rawSyscall(libc_gettimeofday_trampoline_addr, uintptr(unsafe.Pointer(tv)), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_gettimeofday_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_gettimeofday gettimeofday "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Getuid() (uid int) { + r0, _, _ := syscall_rawSyscall(libc_getuid_trampoline_addr, 0, 0, 0) + uid = int(r0) + return +} + +var libc_getuid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getuid getuid "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Issetugid() (tainted bool) { + r0, _, _ := syscall_syscall(libc_issetugid_trampoline_addr, 0, 0, 0) + tainted = bool(r0 != 0) + return +} + +var libc_issetugid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_issetugid issetugid "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Kill(pid int, signum syscall.Signal) (err error) { + _, _, e1 := syscall_syscall(libc_kill_trampoline_addr, uintptr(pid), uintptr(signum), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_kill_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_kill kill "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Kqueue() (fd int, err error) { + r0, _, e1 := syscall_syscall(libc_kqueue_trampoline_addr, 0, 0, 0) + fd = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_kqueue_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_kqueue kqueue "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Lchown(path string, uid int, gid int) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := syscall_syscall(libc_lchown_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_lchown_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_lchown lchown "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Link(path string, link string) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + var _p1 *byte + _p1, err = BytePtrFromString(link) + if err != nil { + return + } + _, _, e1 := syscall_syscall(libc_link_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_link_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_link link "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Linkat(pathfd int, path string, linkfd int, link string, flags int) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + var _p1 *byte + _p1, err = BytePtrFromString(link) + if err != nil { + return + } + _, _, e1 := syscall_syscall6(libc_linkat_trampoline_addr, uintptr(pathfd), uintptr(unsafe.Pointer(_p0)), uintptr(linkfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_linkat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_linkat linkat "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Listen(s int, backlog int) (err error) { + _, _, e1 := syscall_syscall(libc_listen_trampoline_addr, uintptr(s), uintptr(backlog), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_listen_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_listen listen "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Lstat(path string, stat *Stat_t) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := syscall_syscall(libc_lstat_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_lstat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_lstat lstat "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Mkdir(path string, mode uint32) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := syscall_syscall(libc_mkdir_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_mkdir_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mkdir mkdir "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Mkdirat(dirfd int, path string, mode uint32) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := syscall_syscall(libc_mkdirat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_mkdirat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mkdirat mkdirat "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Mkfifo(path string, mode uint32) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := syscall_syscall(libc_mkfifo_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_mkfifo_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mkfifo mkfifo "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Mkfifoat(dirfd int, path string, mode uint32) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := syscall_syscall(libc_mkfifoat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_mkfifoat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mkfifoat mkfifoat "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Mknod(path string, mode uint32, dev int) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := syscall_syscall(libc_mknod_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_mknod_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mknod mknod "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Mknodat(dirfd int, path string, mode uint32, dev int) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := syscall_syscall6(libc_mknodat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_mknodat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mknodat mknodat "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Nanosleep(time *Timespec, leftover *Timespec) (err error) { + _, _, e1 := syscall_syscall(libc_nanosleep_trampoline_addr, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_nanosleep_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_nanosleep nanosleep "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Open(path string, mode int, perm uint32) (fd int, err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + r0, _, e1 := syscall_syscall(libc_open_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm)) + fd = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_open_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_open open "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + r0, _, e1 := syscall_syscall6(libc_openat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm), 0, 0) + fd = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_openat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_openat openat "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Pathconf(path string, name int) (val int, err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + r0, _, e1 := syscall_syscall(libc_pathconf_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(name), 0) + val = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_pathconf_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_pathconf pathconf "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func pread(fd int, p []byte, offset int64) (n int, err error) { + var _p0 unsafe.Pointer + if len(p) > 0 { + _p0 = unsafe.Pointer(&p[0]) + } else { + _p0 = unsafe.Pointer(&_zero) + } + r0, _, e1 := syscall_syscall6(libc_pread_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_pread_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_pread pread "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func pwrite(fd int, p []byte, offset int64) (n int, err error) { + var _p0 unsafe.Pointer + if len(p) > 0 { + _p0 = unsafe.Pointer(&p[0]) + } else { + _p0 = unsafe.Pointer(&_zero) + } + r0, _, e1 := syscall_syscall6(libc_pwrite_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_pwrite_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_pwrite pwrite "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func read(fd int, p []byte) (n int, err error) { + var _p0 unsafe.Pointer + if len(p) > 0 { + _p0 = unsafe.Pointer(&p[0]) + } else { + _p0 = unsafe.Pointer(&_zero) + } + r0, _, e1 := syscall_syscall(libc_read_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(p))) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_read_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_read read "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Readlink(path string, buf []byte) (n int, err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + var _p1 unsafe.Pointer + if len(buf) > 0 { + _p1 = unsafe.Pointer(&buf[0]) + } else { + _p1 = unsafe.Pointer(&_zero) + } + r0, _, e1 := syscall_syscall(libc_readlink_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf))) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_readlink_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_readlink readlink "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + var _p1 unsafe.Pointer + if len(buf) > 0 { + _p1 = unsafe.Pointer(&buf[0]) + } else { + _p1 = unsafe.Pointer(&_zero) + } + r0, _, e1 := syscall_syscall6(libc_readlinkat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_readlinkat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_readlinkat readlinkat "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Rename(from string, to string) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(from) + if err != nil { + return + } + var _p1 *byte + _p1, err = BytePtrFromString(to) + if err != nil { + return + } + _, _, e1 := syscall_syscall(libc_rename_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_rename_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_rename rename "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Renameat(fromfd int, from string, tofd int, to string) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(from) + if err != nil { + return + } + var _p1 *byte + _p1, err = BytePtrFromString(to) + if err != nil { + return + } + _, _, e1 := syscall_syscall6(libc_renameat_trampoline_addr, uintptr(fromfd), uintptr(unsafe.Pointer(_p0)), uintptr(tofd), uintptr(unsafe.Pointer(_p1)), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_renameat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_renameat renameat "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Revoke(path string) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := syscall_syscall(libc_revoke_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_revoke_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_revoke revoke "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Rmdir(path string) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := syscall_syscall(libc_rmdir_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_rmdir_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_rmdir rmdir "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Seek(fd int, offset int64, whence int) (newoffset int64, err error) { + r0, _, e1 := syscall_syscall(libc_lseek_trampoline_addr, uintptr(fd), uintptr(offset), uintptr(whence)) + newoffset = int64(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_lseek_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_lseek lseek "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) { + r0, _, e1 := syscall_syscall6(libc_select_trampoline_addr, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_select_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_select select "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Setegid(egid int) (err error) { + _, _, e1 := syscall_rawSyscall(libc_setegid_trampoline_addr, uintptr(egid), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_setegid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setegid setegid "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Seteuid(euid int) (err error) { + _, _, e1 := syscall_rawSyscall(libc_seteuid_trampoline_addr, uintptr(euid), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_seteuid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_seteuid seteuid "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Setgid(gid int) (err error) { + _, _, e1 := syscall_rawSyscall(libc_setgid_trampoline_addr, uintptr(gid), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_setgid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setgid setgid "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Setlogin(name string) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(name) + if err != nil { + return + } + _, _, e1 := syscall_syscall(libc_setlogin_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_setlogin_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setlogin setlogin "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Setpgid(pid int, pgid int) (err error) { + _, _, e1 := syscall_rawSyscall(libc_setpgid_trampoline_addr, uintptr(pid), uintptr(pgid), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_setpgid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setpgid setpgid "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Setpriority(which int, who int, prio int) (err error) { + _, _, e1 := syscall_syscall(libc_setpriority_trampoline_addr, uintptr(which), uintptr(who), uintptr(prio)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_setpriority_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setpriority setpriority "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Setregid(rgid int, egid int) (err error) { + _, _, e1 := syscall_rawSyscall(libc_setregid_trampoline_addr, uintptr(rgid), uintptr(egid), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_setregid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setregid setregid "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Setreuid(ruid int, euid int) (err error) { + _, _, e1 := syscall_rawSyscall(libc_setreuid_trampoline_addr, uintptr(ruid), uintptr(euid), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_setreuid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setreuid setreuid "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Setresgid(rgid int, egid int, sgid int) (err error) { + _, _, e1 := syscall_rawSyscall(libc_setresgid_trampoline_addr, uintptr(rgid), uintptr(egid), uintptr(sgid)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_setresgid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setresgid setresgid "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Setresuid(ruid int, euid int, suid int) (err error) { + _, _, e1 := syscall_rawSyscall(libc_setresuid_trampoline_addr, uintptr(ruid), uintptr(euid), uintptr(suid)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_setresuid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setresuid setresuid "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Setrlimit(which int, lim *Rlimit) (err error) { + _, _, e1 := syscall_rawSyscall(libc_setrlimit_trampoline_addr, uintptr(which), uintptr(unsafe.Pointer(lim)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_setrlimit_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setrlimit setrlimit "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Setrtable(rtable int) (err error) { + _, _, e1 := syscall_rawSyscall(libc_setrtable_trampoline_addr, uintptr(rtable), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_setrtable_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setrtable setrtable "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Setsid() (pid int, err error) { + r0, _, e1 := syscall_rawSyscall(libc_setsid_trampoline_addr, 0, 0, 0) + pid = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_setsid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setsid setsid "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Settimeofday(tp *Timeval) (err error) { + _, _, e1 := syscall_rawSyscall(libc_settimeofday_trampoline_addr, uintptr(unsafe.Pointer(tp)), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_settimeofday_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_settimeofday settimeofday "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Setuid(uid int) (err error) { + _, _, e1 := syscall_rawSyscall(libc_setuid_trampoline_addr, uintptr(uid), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_setuid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setuid setuid "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Stat(path string, stat *Stat_t) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := syscall_syscall(libc_stat_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_stat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_stat stat "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Statfs(path string, stat *Statfs_t) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := syscall_syscall(libc_statfs_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_statfs_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_statfs statfs "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Symlink(path string, link string) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + var _p1 *byte + _p1, err = BytePtrFromString(link) + if err != nil { + return + } + _, _, e1 := syscall_syscall(libc_symlink_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_symlink_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_symlink symlink "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(oldpath) + if err != nil { + return + } + var _p1 *byte + _p1, err = BytePtrFromString(newpath) + if err != nil { + return + } + _, _, e1 := syscall_syscall(libc_symlinkat_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1))) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_symlinkat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_symlinkat symlinkat "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Sync() (err error) { + _, _, e1 := syscall_syscall(libc_sync_trampoline_addr, 0, 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_sync_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_sync sync "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Truncate(path string, length int64) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := syscall_syscall(libc_truncate_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(length), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_truncate_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_truncate truncate "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Umask(newmask int) (oldmask int) { + r0, _, _ := syscall_syscall(libc_umask_trampoline_addr, uintptr(newmask), 0, 0) + oldmask = int(r0) + return +} + +var libc_umask_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_umask umask "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Unlink(path string) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := syscall_syscall(libc_unlink_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_unlink_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_unlink unlink "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Unlinkat(dirfd int, path string, flags int) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := syscall_syscall(libc_unlinkat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_unlinkat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_unlinkat unlinkat "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Unmount(path string, flags int) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := syscall_syscall(libc_unmount_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_unmount_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_unmount unmount "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func write(fd int, p []byte) (n int, err error) { + var _p0 unsafe.Pointer + if len(p) > 0 { + _p0 = unsafe.Pointer(&p[0]) + } else { + _p0 = unsafe.Pointer(&_zero) + } + r0, _, e1 := syscall_syscall(libc_write_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(p))) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_write_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_write write "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error) { + r0, _, e1 := syscall_syscall6(libc_mmap_trampoline_addr, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flag), uintptr(fd), uintptr(pos)) + ret = uintptr(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_mmap_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mmap mmap "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func munmap(addr uintptr, length uintptr) (err error) { + _, _, e1 := syscall_syscall(libc_munmap_trampoline_addr, uintptr(addr), uintptr(length), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_munmap_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_munmap munmap "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func readlen(fd int, buf *byte, nbuf int) (n int, err error) { + r0, _, e1 := syscall_syscall(libc_read_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf)) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func writelen(fd int, buf *byte, nbuf int) (n int, err error) { + r0, _, e1 := syscall_syscall(libc_write_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf)) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := syscall_syscall6(libc_utimensat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), uintptr(flags), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_utimensat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_utimensat utimensat "libc.so" diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s new file mode 100644 index 00000000000..7dba789271c --- /dev/null +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s @@ -0,0 +1,796 @@ +// go run mkasm.go openbsd riscv64 +// Code generated by the command above; DO NOT EDIT. + +#include "textflag.h" + +TEXT libc_getgroups_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getgroups(SB) + +GLOBL ·libc_getgroups_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getgroups_trampoline_addr(SB)/8, $libc_getgroups_trampoline<>(SB) + +TEXT libc_setgroups_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setgroups(SB) + +GLOBL ·libc_setgroups_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setgroups_trampoline_addr(SB)/8, $libc_setgroups_trampoline<>(SB) + +TEXT libc_wait4_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_wait4(SB) + +GLOBL ·libc_wait4_trampoline_addr(SB), RODATA, $8 +DATA ·libc_wait4_trampoline_addr(SB)/8, $libc_wait4_trampoline<>(SB) + +TEXT libc_accept_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_accept(SB) + +GLOBL ·libc_accept_trampoline_addr(SB), RODATA, $8 +DATA ·libc_accept_trampoline_addr(SB)/8, $libc_accept_trampoline<>(SB) + +TEXT libc_bind_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_bind(SB) + +GLOBL ·libc_bind_trampoline_addr(SB), RODATA, $8 +DATA ·libc_bind_trampoline_addr(SB)/8, $libc_bind_trampoline<>(SB) + +TEXT libc_connect_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_connect(SB) + +GLOBL ·libc_connect_trampoline_addr(SB), RODATA, $8 +DATA ·libc_connect_trampoline_addr(SB)/8, $libc_connect_trampoline<>(SB) + +TEXT libc_socket_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_socket(SB) + +GLOBL ·libc_socket_trampoline_addr(SB), RODATA, $8 +DATA ·libc_socket_trampoline_addr(SB)/8, $libc_socket_trampoline<>(SB) + +TEXT libc_getsockopt_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getsockopt(SB) + +GLOBL ·libc_getsockopt_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getsockopt_trampoline_addr(SB)/8, $libc_getsockopt_trampoline<>(SB) + +TEXT libc_setsockopt_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setsockopt(SB) + +GLOBL ·libc_setsockopt_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setsockopt_trampoline_addr(SB)/8, $libc_setsockopt_trampoline<>(SB) + +TEXT libc_getpeername_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getpeername(SB) + +GLOBL ·libc_getpeername_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getpeername_trampoline_addr(SB)/8, $libc_getpeername_trampoline<>(SB) + +TEXT libc_getsockname_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getsockname(SB) + +GLOBL ·libc_getsockname_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getsockname_trampoline_addr(SB)/8, $libc_getsockname_trampoline<>(SB) + +TEXT libc_shutdown_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_shutdown(SB) + +GLOBL ·libc_shutdown_trampoline_addr(SB), RODATA, $8 +DATA ·libc_shutdown_trampoline_addr(SB)/8, $libc_shutdown_trampoline<>(SB) + +TEXT libc_socketpair_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_socketpair(SB) + +GLOBL ·libc_socketpair_trampoline_addr(SB), RODATA, $8 +DATA ·libc_socketpair_trampoline_addr(SB)/8, $libc_socketpair_trampoline<>(SB) + +TEXT libc_recvfrom_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_recvfrom(SB) + +GLOBL ·libc_recvfrom_trampoline_addr(SB), RODATA, $8 +DATA ·libc_recvfrom_trampoline_addr(SB)/8, $libc_recvfrom_trampoline<>(SB) + +TEXT libc_sendto_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_sendto(SB) + +GLOBL ·libc_sendto_trampoline_addr(SB), RODATA, $8 +DATA ·libc_sendto_trampoline_addr(SB)/8, $libc_sendto_trampoline<>(SB) + +TEXT libc_recvmsg_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_recvmsg(SB) + +GLOBL ·libc_recvmsg_trampoline_addr(SB), RODATA, $8 +DATA ·libc_recvmsg_trampoline_addr(SB)/8, $libc_recvmsg_trampoline<>(SB) + +TEXT libc_sendmsg_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_sendmsg(SB) + +GLOBL ·libc_sendmsg_trampoline_addr(SB), RODATA, $8 +DATA ·libc_sendmsg_trampoline_addr(SB)/8, $libc_sendmsg_trampoline<>(SB) + +TEXT libc_kevent_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_kevent(SB) + +GLOBL ·libc_kevent_trampoline_addr(SB), RODATA, $8 +DATA ·libc_kevent_trampoline_addr(SB)/8, $libc_kevent_trampoline<>(SB) + +TEXT libc_utimes_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_utimes(SB) + +GLOBL ·libc_utimes_trampoline_addr(SB), RODATA, $8 +DATA ·libc_utimes_trampoline_addr(SB)/8, $libc_utimes_trampoline<>(SB) + +TEXT libc_futimes_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_futimes(SB) + +GLOBL ·libc_futimes_trampoline_addr(SB), RODATA, $8 +DATA ·libc_futimes_trampoline_addr(SB)/8, $libc_futimes_trampoline<>(SB) + +TEXT libc_poll_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_poll(SB) + +GLOBL ·libc_poll_trampoline_addr(SB), RODATA, $8 +DATA ·libc_poll_trampoline_addr(SB)/8, $libc_poll_trampoline<>(SB) + +TEXT libc_madvise_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_madvise(SB) + +GLOBL ·libc_madvise_trampoline_addr(SB), RODATA, $8 +DATA ·libc_madvise_trampoline_addr(SB)/8, $libc_madvise_trampoline<>(SB) + +TEXT libc_mlock_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_mlock(SB) + +GLOBL ·libc_mlock_trampoline_addr(SB), RODATA, $8 +DATA ·libc_mlock_trampoline_addr(SB)/8, $libc_mlock_trampoline<>(SB) + +TEXT libc_mlockall_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_mlockall(SB) + +GLOBL ·libc_mlockall_trampoline_addr(SB), RODATA, $8 +DATA ·libc_mlockall_trampoline_addr(SB)/8, $libc_mlockall_trampoline<>(SB) + +TEXT libc_mprotect_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_mprotect(SB) + +GLOBL ·libc_mprotect_trampoline_addr(SB), RODATA, $8 +DATA ·libc_mprotect_trampoline_addr(SB)/8, $libc_mprotect_trampoline<>(SB) + +TEXT libc_msync_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_msync(SB) + +GLOBL ·libc_msync_trampoline_addr(SB), RODATA, $8 +DATA ·libc_msync_trampoline_addr(SB)/8, $libc_msync_trampoline<>(SB) + +TEXT libc_munlock_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_munlock(SB) + +GLOBL ·libc_munlock_trampoline_addr(SB), RODATA, $8 +DATA ·libc_munlock_trampoline_addr(SB)/8, $libc_munlock_trampoline<>(SB) + +TEXT libc_munlockall_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_munlockall(SB) + +GLOBL ·libc_munlockall_trampoline_addr(SB), RODATA, $8 +DATA ·libc_munlockall_trampoline_addr(SB)/8, $libc_munlockall_trampoline<>(SB) + +TEXT libc_pipe2_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_pipe2(SB) + +GLOBL ·libc_pipe2_trampoline_addr(SB), RODATA, $8 +DATA ·libc_pipe2_trampoline_addr(SB)/8, $libc_pipe2_trampoline<>(SB) + +TEXT libc_getdents_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getdents(SB) + +GLOBL ·libc_getdents_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getdents_trampoline_addr(SB)/8, $libc_getdents_trampoline<>(SB) + +TEXT libc_getcwd_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getcwd(SB) + +GLOBL ·libc_getcwd_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getcwd_trampoline_addr(SB)/8, $libc_getcwd_trampoline<>(SB) + +TEXT libc_ioctl_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_ioctl(SB) + +GLOBL ·libc_ioctl_trampoline_addr(SB), RODATA, $8 +DATA ·libc_ioctl_trampoline_addr(SB)/8, $libc_ioctl_trampoline<>(SB) + +TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_sysctl(SB) + +GLOBL ·libc_sysctl_trampoline_addr(SB), RODATA, $8 +DATA ·libc_sysctl_trampoline_addr(SB)/8, $libc_sysctl_trampoline<>(SB) + +TEXT libc_ppoll_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_ppoll(SB) + +GLOBL ·libc_ppoll_trampoline_addr(SB), RODATA, $8 +DATA ·libc_ppoll_trampoline_addr(SB)/8, $libc_ppoll_trampoline<>(SB) + +TEXT libc_access_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_access(SB) + +GLOBL ·libc_access_trampoline_addr(SB), RODATA, $8 +DATA ·libc_access_trampoline_addr(SB)/8, $libc_access_trampoline<>(SB) + +TEXT libc_adjtime_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_adjtime(SB) + +GLOBL ·libc_adjtime_trampoline_addr(SB), RODATA, $8 +DATA ·libc_adjtime_trampoline_addr(SB)/8, $libc_adjtime_trampoline<>(SB) + +TEXT libc_chdir_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_chdir(SB) + +GLOBL ·libc_chdir_trampoline_addr(SB), RODATA, $8 +DATA ·libc_chdir_trampoline_addr(SB)/8, $libc_chdir_trampoline<>(SB) + +TEXT libc_chflags_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_chflags(SB) + +GLOBL ·libc_chflags_trampoline_addr(SB), RODATA, $8 +DATA ·libc_chflags_trampoline_addr(SB)/8, $libc_chflags_trampoline<>(SB) + +TEXT libc_chmod_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_chmod(SB) + +GLOBL ·libc_chmod_trampoline_addr(SB), RODATA, $8 +DATA ·libc_chmod_trampoline_addr(SB)/8, $libc_chmod_trampoline<>(SB) + +TEXT libc_chown_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_chown(SB) + +GLOBL ·libc_chown_trampoline_addr(SB), RODATA, $8 +DATA ·libc_chown_trampoline_addr(SB)/8, $libc_chown_trampoline<>(SB) + +TEXT libc_chroot_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_chroot(SB) + +GLOBL ·libc_chroot_trampoline_addr(SB), RODATA, $8 +DATA ·libc_chroot_trampoline_addr(SB)/8, $libc_chroot_trampoline<>(SB) + +TEXT libc_close_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_close(SB) + +GLOBL ·libc_close_trampoline_addr(SB), RODATA, $8 +DATA ·libc_close_trampoline_addr(SB)/8, $libc_close_trampoline<>(SB) + +TEXT libc_dup_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_dup(SB) + +GLOBL ·libc_dup_trampoline_addr(SB), RODATA, $8 +DATA ·libc_dup_trampoline_addr(SB)/8, $libc_dup_trampoline<>(SB) + +TEXT libc_dup2_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_dup2(SB) + +GLOBL ·libc_dup2_trampoline_addr(SB), RODATA, $8 +DATA ·libc_dup2_trampoline_addr(SB)/8, $libc_dup2_trampoline<>(SB) + +TEXT libc_dup3_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_dup3(SB) + +GLOBL ·libc_dup3_trampoline_addr(SB), RODATA, $8 +DATA ·libc_dup3_trampoline_addr(SB)/8, $libc_dup3_trampoline<>(SB) + +TEXT libc_exit_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_exit(SB) + +GLOBL ·libc_exit_trampoline_addr(SB), RODATA, $8 +DATA ·libc_exit_trampoline_addr(SB)/8, $libc_exit_trampoline<>(SB) + +TEXT libc_faccessat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_faccessat(SB) + +GLOBL ·libc_faccessat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_faccessat_trampoline_addr(SB)/8, $libc_faccessat_trampoline<>(SB) + +TEXT libc_fchdir_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fchdir(SB) + +GLOBL ·libc_fchdir_trampoline_addr(SB), RODATA, $8 +DATA ·libc_fchdir_trampoline_addr(SB)/8, $libc_fchdir_trampoline<>(SB) + +TEXT libc_fchflags_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fchflags(SB) + +GLOBL ·libc_fchflags_trampoline_addr(SB), RODATA, $8 +DATA ·libc_fchflags_trampoline_addr(SB)/8, $libc_fchflags_trampoline<>(SB) + +TEXT libc_fchmod_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fchmod(SB) + +GLOBL ·libc_fchmod_trampoline_addr(SB), RODATA, $8 +DATA ·libc_fchmod_trampoline_addr(SB)/8, $libc_fchmod_trampoline<>(SB) + +TEXT libc_fchmodat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fchmodat(SB) + +GLOBL ·libc_fchmodat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_fchmodat_trampoline_addr(SB)/8, $libc_fchmodat_trampoline<>(SB) + +TEXT libc_fchown_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fchown(SB) + +GLOBL ·libc_fchown_trampoline_addr(SB), RODATA, $8 +DATA ·libc_fchown_trampoline_addr(SB)/8, $libc_fchown_trampoline<>(SB) + +TEXT libc_fchownat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fchownat(SB) + +GLOBL ·libc_fchownat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_fchownat_trampoline_addr(SB)/8, $libc_fchownat_trampoline<>(SB) + +TEXT libc_flock_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_flock(SB) + +GLOBL ·libc_flock_trampoline_addr(SB), RODATA, $8 +DATA ·libc_flock_trampoline_addr(SB)/8, $libc_flock_trampoline<>(SB) + +TEXT libc_fpathconf_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fpathconf(SB) + +GLOBL ·libc_fpathconf_trampoline_addr(SB), RODATA, $8 +DATA ·libc_fpathconf_trampoline_addr(SB)/8, $libc_fpathconf_trampoline<>(SB) + +TEXT libc_fstat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fstat(SB) + +GLOBL ·libc_fstat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_fstat_trampoline_addr(SB)/8, $libc_fstat_trampoline<>(SB) + +TEXT libc_fstatat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fstatat(SB) + +GLOBL ·libc_fstatat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_fstatat_trampoline_addr(SB)/8, $libc_fstatat_trampoline<>(SB) + +TEXT libc_fstatfs_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fstatfs(SB) + +GLOBL ·libc_fstatfs_trampoline_addr(SB), RODATA, $8 +DATA ·libc_fstatfs_trampoline_addr(SB)/8, $libc_fstatfs_trampoline<>(SB) + +TEXT libc_fsync_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fsync(SB) + +GLOBL ·libc_fsync_trampoline_addr(SB), RODATA, $8 +DATA ·libc_fsync_trampoline_addr(SB)/8, $libc_fsync_trampoline<>(SB) + +TEXT libc_ftruncate_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_ftruncate(SB) + +GLOBL ·libc_ftruncate_trampoline_addr(SB), RODATA, $8 +DATA ·libc_ftruncate_trampoline_addr(SB)/8, $libc_ftruncate_trampoline<>(SB) + +TEXT libc_getegid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getegid(SB) + +GLOBL ·libc_getegid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getegid_trampoline_addr(SB)/8, $libc_getegid_trampoline<>(SB) + +TEXT libc_geteuid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_geteuid(SB) + +GLOBL ·libc_geteuid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_geteuid_trampoline_addr(SB)/8, $libc_geteuid_trampoline<>(SB) + +TEXT libc_getgid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getgid(SB) + +GLOBL ·libc_getgid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getgid_trampoline_addr(SB)/8, $libc_getgid_trampoline<>(SB) + +TEXT libc_getpgid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getpgid(SB) + +GLOBL ·libc_getpgid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getpgid_trampoline_addr(SB)/8, $libc_getpgid_trampoline<>(SB) + +TEXT libc_getpgrp_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getpgrp(SB) + +GLOBL ·libc_getpgrp_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getpgrp_trampoline_addr(SB)/8, $libc_getpgrp_trampoline<>(SB) + +TEXT libc_getpid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getpid(SB) + +GLOBL ·libc_getpid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getpid_trampoline_addr(SB)/8, $libc_getpid_trampoline<>(SB) + +TEXT libc_getppid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getppid(SB) + +GLOBL ·libc_getppid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getppid_trampoline_addr(SB)/8, $libc_getppid_trampoline<>(SB) + +TEXT libc_getpriority_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getpriority(SB) + +GLOBL ·libc_getpriority_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getpriority_trampoline_addr(SB)/8, $libc_getpriority_trampoline<>(SB) + +TEXT libc_getrlimit_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getrlimit(SB) + +GLOBL ·libc_getrlimit_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getrlimit_trampoline_addr(SB)/8, $libc_getrlimit_trampoline<>(SB) + +TEXT libc_getrtable_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getrtable(SB) + +GLOBL ·libc_getrtable_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getrtable_trampoline_addr(SB)/8, $libc_getrtable_trampoline<>(SB) + +TEXT libc_getrusage_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getrusage(SB) + +GLOBL ·libc_getrusage_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getrusage_trampoline_addr(SB)/8, $libc_getrusage_trampoline<>(SB) + +TEXT libc_getsid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getsid(SB) + +GLOBL ·libc_getsid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getsid_trampoline_addr(SB)/8, $libc_getsid_trampoline<>(SB) + +TEXT libc_gettimeofday_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_gettimeofday(SB) + +GLOBL ·libc_gettimeofday_trampoline_addr(SB), RODATA, $8 +DATA ·libc_gettimeofday_trampoline_addr(SB)/8, $libc_gettimeofday_trampoline<>(SB) + +TEXT libc_getuid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getuid(SB) + +GLOBL ·libc_getuid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getuid_trampoline_addr(SB)/8, $libc_getuid_trampoline<>(SB) + +TEXT libc_issetugid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_issetugid(SB) + +GLOBL ·libc_issetugid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_issetugid_trampoline_addr(SB)/8, $libc_issetugid_trampoline<>(SB) + +TEXT libc_kill_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_kill(SB) + +GLOBL ·libc_kill_trampoline_addr(SB), RODATA, $8 +DATA ·libc_kill_trampoline_addr(SB)/8, $libc_kill_trampoline<>(SB) + +TEXT libc_kqueue_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_kqueue(SB) + +GLOBL ·libc_kqueue_trampoline_addr(SB), RODATA, $8 +DATA ·libc_kqueue_trampoline_addr(SB)/8, $libc_kqueue_trampoline<>(SB) + +TEXT libc_lchown_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_lchown(SB) + +GLOBL ·libc_lchown_trampoline_addr(SB), RODATA, $8 +DATA ·libc_lchown_trampoline_addr(SB)/8, $libc_lchown_trampoline<>(SB) + +TEXT libc_link_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_link(SB) + +GLOBL ·libc_link_trampoline_addr(SB), RODATA, $8 +DATA ·libc_link_trampoline_addr(SB)/8, $libc_link_trampoline<>(SB) + +TEXT libc_linkat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_linkat(SB) + +GLOBL ·libc_linkat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_linkat_trampoline_addr(SB)/8, $libc_linkat_trampoline<>(SB) + +TEXT libc_listen_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_listen(SB) + +GLOBL ·libc_listen_trampoline_addr(SB), RODATA, $8 +DATA ·libc_listen_trampoline_addr(SB)/8, $libc_listen_trampoline<>(SB) + +TEXT libc_lstat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_lstat(SB) + +GLOBL ·libc_lstat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_lstat_trampoline_addr(SB)/8, $libc_lstat_trampoline<>(SB) + +TEXT libc_mkdir_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_mkdir(SB) + +GLOBL ·libc_mkdir_trampoline_addr(SB), RODATA, $8 +DATA ·libc_mkdir_trampoline_addr(SB)/8, $libc_mkdir_trampoline<>(SB) + +TEXT libc_mkdirat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_mkdirat(SB) + +GLOBL ·libc_mkdirat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_mkdirat_trampoline_addr(SB)/8, $libc_mkdirat_trampoline<>(SB) + +TEXT libc_mkfifo_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_mkfifo(SB) + +GLOBL ·libc_mkfifo_trampoline_addr(SB), RODATA, $8 +DATA ·libc_mkfifo_trampoline_addr(SB)/8, $libc_mkfifo_trampoline<>(SB) + +TEXT libc_mkfifoat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_mkfifoat(SB) + +GLOBL ·libc_mkfifoat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_mkfifoat_trampoline_addr(SB)/8, $libc_mkfifoat_trampoline<>(SB) + +TEXT libc_mknod_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_mknod(SB) + +GLOBL ·libc_mknod_trampoline_addr(SB), RODATA, $8 +DATA ·libc_mknod_trampoline_addr(SB)/8, $libc_mknod_trampoline<>(SB) + +TEXT libc_mknodat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_mknodat(SB) + +GLOBL ·libc_mknodat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_mknodat_trampoline_addr(SB)/8, $libc_mknodat_trampoline<>(SB) + +TEXT libc_nanosleep_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_nanosleep(SB) + +GLOBL ·libc_nanosleep_trampoline_addr(SB), RODATA, $8 +DATA ·libc_nanosleep_trampoline_addr(SB)/8, $libc_nanosleep_trampoline<>(SB) + +TEXT libc_open_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_open(SB) + +GLOBL ·libc_open_trampoline_addr(SB), RODATA, $8 +DATA ·libc_open_trampoline_addr(SB)/8, $libc_open_trampoline<>(SB) + +TEXT libc_openat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_openat(SB) + +GLOBL ·libc_openat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_openat_trampoline_addr(SB)/8, $libc_openat_trampoline<>(SB) + +TEXT libc_pathconf_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_pathconf(SB) + +GLOBL ·libc_pathconf_trampoline_addr(SB), RODATA, $8 +DATA ·libc_pathconf_trampoline_addr(SB)/8, $libc_pathconf_trampoline<>(SB) + +TEXT libc_pread_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_pread(SB) + +GLOBL ·libc_pread_trampoline_addr(SB), RODATA, $8 +DATA ·libc_pread_trampoline_addr(SB)/8, $libc_pread_trampoline<>(SB) + +TEXT libc_pwrite_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_pwrite(SB) + +GLOBL ·libc_pwrite_trampoline_addr(SB), RODATA, $8 +DATA ·libc_pwrite_trampoline_addr(SB)/8, $libc_pwrite_trampoline<>(SB) + +TEXT libc_read_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_read(SB) + +GLOBL ·libc_read_trampoline_addr(SB), RODATA, $8 +DATA ·libc_read_trampoline_addr(SB)/8, $libc_read_trampoline<>(SB) + +TEXT libc_readlink_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_readlink(SB) + +GLOBL ·libc_readlink_trampoline_addr(SB), RODATA, $8 +DATA ·libc_readlink_trampoline_addr(SB)/8, $libc_readlink_trampoline<>(SB) + +TEXT libc_readlinkat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_readlinkat(SB) + +GLOBL ·libc_readlinkat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_readlinkat_trampoline_addr(SB)/8, $libc_readlinkat_trampoline<>(SB) + +TEXT libc_rename_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_rename(SB) + +GLOBL ·libc_rename_trampoline_addr(SB), RODATA, $8 +DATA ·libc_rename_trampoline_addr(SB)/8, $libc_rename_trampoline<>(SB) + +TEXT libc_renameat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_renameat(SB) + +GLOBL ·libc_renameat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_renameat_trampoline_addr(SB)/8, $libc_renameat_trampoline<>(SB) + +TEXT libc_revoke_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_revoke(SB) + +GLOBL ·libc_revoke_trampoline_addr(SB), RODATA, $8 +DATA ·libc_revoke_trampoline_addr(SB)/8, $libc_revoke_trampoline<>(SB) + +TEXT libc_rmdir_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_rmdir(SB) + +GLOBL ·libc_rmdir_trampoline_addr(SB), RODATA, $8 +DATA ·libc_rmdir_trampoline_addr(SB)/8, $libc_rmdir_trampoline<>(SB) + +TEXT libc_lseek_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_lseek(SB) + +GLOBL ·libc_lseek_trampoline_addr(SB), RODATA, $8 +DATA ·libc_lseek_trampoline_addr(SB)/8, $libc_lseek_trampoline<>(SB) + +TEXT libc_select_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_select(SB) + +GLOBL ·libc_select_trampoline_addr(SB), RODATA, $8 +DATA ·libc_select_trampoline_addr(SB)/8, $libc_select_trampoline<>(SB) + +TEXT libc_setegid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setegid(SB) + +GLOBL ·libc_setegid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setegid_trampoline_addr(SB)/8, $libc_setegid_trampoline<>(SB) + +TEXT libc_seteuid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_seteuid(SB) + +GLOBL ·libc_seteuid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_seteuid_trampoline_addr(SB)/8, $libc_seteuid_trampoline<>(SB) + +TEXT libc_setgid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setgid(SB) + +GLOBL ·libc_setgid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setgid_trampoline_addr(SB)/8, $libc_setgid_trampoline<>(SB) + +TEXT libc_setlogin_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setlogin(SB) + +GLOBL ·libc_setlogin_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setlogin_trampoline_addr(SB)/8, $libc_setlogin_trampoline<>(SB) + +TEXT libc_setpgid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setpgid(SB) + +GLOBL ·libc_setpgid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setpgid_trampoline_addr(SB)/8, $libc_setpgid_trampoline<>(SB) + +TEXT libc_setpriority_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setpriority(SB) + +GLOBL ·libc_setpriority_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setpriority_trampoline_addr(SB)/8, $libc_setpriority_trampoline<>(SB) + +TEXT libc_setregid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setregid(SB) + +GLOBL ·libc_setregid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setregid_trampoline_addr(SB)/8, $libc_setregid_trampoline<>(SB) + +TEXT libc_setreuid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setreuid(SB) + +GLOBL ·libc_setreuid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setreuid_trampoline_addr(SB)/8, $libc_setreuid_trampoline<>(SB) + +TEXT libc_setresgid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setresgid(SB) + +GLOBL ·libc_setresgid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setresgid_trampoline_addr(SB)/8, $libc_setresgid_trampoline<>(SB) + +TEXT libc_setresuid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setresuid(SB) + +GLOBL ·libc_setresuid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setresuid_trampoline_addr(SB)/8, $libc_setresuid_trampoline<>(SB) + +TEXT libc_setrlimit_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setrlimit(SB) + +GLOBL ·libc_setrlimit_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setrlimit_trampoline_addr(SB)/8, $libc_setrlimit_trampoline<>(SB) + +TEXT libc_setrtable_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setrtable(SB) + +GLOBL ·libc_setrtable_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setrtable_trampoline_addr(SB)/8, $libc_setrtable_trampoline<>(SB) + +TEXT libc_setsid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setsid(SB) + +GLOBL ·libc_setsid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setsid_trampoline_addr(SB)/8, $libc_setsid_trampoline<>(SB) + +TEXT libc_settimeofday_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_settimeofday(SB) + +GLOBL ·libc_settimeofday_trampoline_addr(SB), RODATA, $8 +DATA ·libc_settimeofday_trampoline_addr(SB)/8, $libc_settimeofday_trampoline<>(SB) + +TEXT libc_setuid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setuid(SB) + +GLOBL ·libc_setuid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setuid_trampoline_addr(SB)/8, $libc_setuid_trampoline<>(SB) + +TEXT libc_stat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_stat(SB) + +GLOBL ·libc_stat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_stat_trampoline_addr(SB)/8, $libc_stat_trampoline<>(SB) + +TEXT libc_statfs_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_statfs(SB) + +GLOBL ·libc_statfs_trampoline_addr(SB), RODATA, $8 +DATA ·libc_statfs_trampoline_addr(SB)/8, $libc_statfs_trampoline<>(SB) + +TEXT libc_symlink_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_symlink(SB) + +GLOBL ·libc_symlink_trampoline_addr(SB), RODATA, $8 +DATA ·libc_symlink_trampoline_addr(SB)/8, $libc_symlink_trampoline<>(SB) + +TEXT libc_symlinkat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_symlinkat(SB) + +GLOBL ·libc_symlinkat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_symlinkat_trampoline_addr(SB)/8, $libc_symlinkat_trampoline<>(SB) + +TEXT libc_sync_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_sync(SB) + +GLOBL ·libc_sync_trampoline_addr(SB), RODATA, $8 +DATA ·libc_sync_trampoline_addr(SB)/8, $libc_sync_trampoline<>(SB) + +TEXT libc_truncate_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_truncate(SB) + +GLOBL ·libc_truncate_trampoline_addr(SB), RODATA, $8 +DATA ·libc_truncate_trampoline_addr(SB)/8, $libc_truncate_trampoline<>(SB) + +TEXT libc_umask_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_umask(SB) + +GLOBL ·libc_umask_trampoline_addr(SB), RODATA, $8 +DATA ·libc_umask_trampoline_addr(SB)/8, $libc_umask_trampoline<>(SB) + +TEXT libc_unlink_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_unlink(SB) + +GLOBL ·libc_unlink_trampoline_addr(SB), RODATA, $8 +DATA ·libc_unlink_trampoline_addr(SB)/8, $libc_unlink_trampoline<>(SB) + +TEXT libc_unlinkat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_unlinkat(SB) + +GLOBL ·libc_unlinkat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_unlinkat_trampoline_addr(SB)/8, $libc_unlinkat_trampoline<>(SB) + +TEXT libc_unmount_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_unmount(SB) + +GLOBL ·libc_unmount_trampoline_addr(SB), RODATA, $8 +DATA ·libc_unmount_trampoline_addr(SB)/8, $libc_unmount_trampoline<>(SB) + +TEXT libc_write_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_write(SB) + +GLOBL ·libc_write_trampoline_addr(SB), RODATA, $8 +DATA ·libc_write_trampoline_addr(SB)/8, $libc_write_trampoline<>(SB) + +TEXT libc_mmap_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_mmap(SB) + +GLOBL ·libc_mmap_trampoline_addr(SB), RODATA, $8 +DATA ·libc_mmap_trampoline_addr(SB)/8, $libc_mmap_trampoline<>(SB) + +TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_munmap(SB) + +GLOBL ·libc_munmap_trampoline_addr(SB), RODATA, $8 +DATA ·libc_munmap_trampoline_addr(SB)/8, $libc_munmap_trampoline<>(SB) + +TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_utimensat(SB) + +GLOBL ·libc_utimensat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_utimensat_trampoline_addr(SB)/8, $libc_utimensat_trampoline<>(SB) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go index fdf53f8daf3..91f5a2bde28 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go @@ -147,6 +147,8 @@ import ( //go:cgo_import_dynamic libc_port_dissociate port_dissociate "libc.so" //go:cgo_import_dynamic libc_port_get port_get "libc.so" //go:cgo_import_dynamic libc_port_getn port_getn "libc.so" +//go:cgo_import_dynamic libc_putmsg putmsg "libc.so" +//go:cgo_import_dynamic libc_getmsg getmsg "libc.so" //go:linkname procpipe libc_pipe //go:linkname procpipe2 libc_pipe2 @@ -284,6 +286,8 @@ import ( //go:linkname procport_dissociate libc_port_dissociate //go:linkname procport_get libc_port_get //go:linkname procport_getn libc_port_getn +//go:linkname procputmsg libc_putmsg +//go:linkname procgetmsg libc_getmsg var ( procpipe, @@ -421,7 +425,9 @@ var ( procport_associate, procport_dissociate, procport_get, - procport_getn syscallFunc + procport_getn, + procputmsg, + procgetmsg syscallFunc ) // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT @@ -2065,3 +2071,23 @@ func port_getn(port int, pe *portEvent, max uint32, nget *uint32, timeout *Times } return } + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func putmsg(fd int, clptr *strbuf, dataptr *strbuf, flags int) (err error) { + _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procputmsg)), 4, uintptr(fd), uintptr(unsafe.Pointer(clptr)), uintptr(unsafe.Pointer(dataptr)), uintptr(flags), 0, 0) + if e1 != 0 { + err = e1 + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func getmsg(fd int, clptr *strbuf, dataptr *strbuf, flags *int) (err error) { + _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procgetmsg)), 4, uintptr(fd), uintptr(unsafe.Pointer(clptr)), uintptr(unsafe.Pointer(dataptr)), uintptr(unsafe.Pointer(flags)), 0, 0) + if e1 != 0 { + err = e1 + } + return +} diff --git a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_ppc64.go b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_ppc64.go new file mode 100644 index 00000000000..e44054470b7 --- /dev/null +++ b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_ppc64.go @@ -0,0 +1,281 @@ +// go run mksysctl_openbsd.go +// Code generated by the command above; DO NOT EDIT. + +//go:build ppc64 && openbsd +// +build ppc64,openbsd + +package unix + +type mibentry struct { + ctlname string + ctloid []_C_int +} + +var sysctlMib = []mibentry{ + {"ddb.console", []_C_int{9, 6}}, + {"ddb.log", []_C_int{9, 7}}, + {"ddb.max_line", []_C_int{9, 3}}, + {"ddb.max_width", []_C_int{9, 2}}, + {"ddb.panic", []_C_int{9, 5}}, + {"ddb.profile", []_C_int{9, 9}}, + {"ddb.radix", []_C_int{9, 1}}, + {"ddb.tab_stop_width", []_C_int{9, 4}}, + {"ddb.trigger", []_C_int{9, 8}}, + {"fs.posix.setuid", []_C_int{3, 1, 1}}, + {"hw.allowpowerdown", []_C_int{6, 22}}, + {"hw.byteorder", []_C_int{6, 4}}, + {"hw.cpuspeed", []_C_int{6, 12}}, + {"hw.diskcount", []_C_int{6, 10}}, + {"hw.disknames", []_C_int{6, 8}}, + {"hw.diskstats", []_C_int{6, 9}}, + {"hw.machine", []_C_int{6, 1}}, + {"hw.model", []_C_int{6, 2}}, + {"hw.ncpu", []_C_int{6, 3}}, + {"hw.ncpufound", []_C_int{6, 21}}, + {"hw.ncpuonline", []_C_int{6, 25}}, + {"hw.pagesize", []_C_int{6, 7}}, + {"hw.perfpolicy", []_C_int{6, 23}}, + {"hw.physmem", []_C_int{6, 19}}, + {"hw.power", []_C_int{6, 26}}, + {"hw.product", []_C_int{6, 15}}, + {"hw.serialno", []_C_int{6, 17}}, + {"hw.setperf", []_C_int{6, 13}}, + {"hw.smt", []_C_int{6, 24}}, + {"hw.usermem", []_C_int{6, 20}}, + {"hw.uuid", []_C_int{6, 18}}, + {"hw.vendor", []_C_int{6, 14}}, + {"hw.version", []_C_int{6, 16}}, + {"kern.allowdt", []_C_int{1, 65}}, + {"kern.allowkmem", []_C_int{1, 52}}, + {"kern.argmax", []_C_int{1, 8}}, + {"kern.audio", []_C_int{1, 84}}, + {"kern.boottime", []_C_int{1, 21}}, + {"kern.bufcachepercent", []_C_int{1, 72}}, + {"kern.ccpu", []_C_int{1, 45}}, + {"kern.clockrate", []_C_int{1, 12}}, + {"kern.consbuf", []_C_int{1, 83}}, + {"kern.consbufsize", []_C_int{1, 82}}, + {"kern.consdev", []_C_int{1, 75}}, + {"kern.cp_time", []_C_int{1, 40}}, + {"kern.cp_time2", []_C_int{1, 71}}, + {"kern.cpustats", []_C_int{1, 85}}, + {"kern.domainname", []_C_int{1, 22}}, + {"kern.file", []_C_int{1, 73}}, + {"kern.forkstat", []_C_int{1, 42}}, + {"kern.fscale", []_C_int{1, 46}}, + {"kern.fsync", []_C_int{1, 33}}, + {"kern.global_ptrace", []_C_int{1, 81}}, + {"kern.hostid", []_C_int{1, 11}}, + {"kern.hostname", []_C_int{1, 10}}, + {"kern.intrcnt.nintrcnt", []_C_int{1, 63, 1}}, + {"kern.job_control", []_C_int{1, 19}}, + {"kern.malloc.buckets", []_C_int{1, 39, 1}}, + {"kern.malloc.kmemnames", []_C_int{1, 39, 3}}, + {"kern.maxclusters", []_C_int{1, 67}}, + {"kern.maxfiles", []_C_int{1, 7}}, + {"kern.maxlocksperuid", []_C_int{1, 70}}, + {"kern.maxpartitions", []_C_int{1, 23}}, + {"kern.maxproc", []_C_int{1, 6}}, + {"kern.maxthread", []_C_int{1, 25}}, + {"kern.maxvnodes", []_C_int{1, 5}}, + {"kern.mbstat", []_C_int{1, 59}}, + {"kern.msgbuf", []_C_int{1, 48}}, + {"kern.msgbufsize", []_C_int{1, 38}}, + {"kern.nchstats", []_C_int{1, 41}}, + {"kern.netlivelocks", []_C_int{1, 76}}, + {"kern.nfiles", []_C_int{1, 56}}, + {"kern.ngroups", []_C_int{1, 18}}, + {"kern.nosuidcoredump", []_C_int{1, 32}}, + {"kern.nprocs", []_C_int{1, 47}}, + {"kern.nthreads", []_C_int{1, 26}}, + {"kern.numvnodes", []_C_int{1, 58}}, + {"kern.osrelease", []_C_int{1, 2}}, + {"kern.osrevision", []_C_int{1, 3}}, + {"kern.ostype", []_C_int{1, 1}}, + {"kern.osversion", []_C_int{1, 27}}, + {"kern.pfstatus", []_C_int{1, 86}}, + {"kern.pool_debug", []_C_int{1, 77}}, + {"kern.posix1version", []_C_int{1, 17}}, + {"kern.proc", []_C_int{1, 66}}, + {"kern.rawpartition", []_C_int{1, 24}}, + {"kern.saved_ids", []_C_int{1, 20}}, + {"kern.securelevel", []_C_int{1, 9}}, + {"kern.seminfo", []_C_int{1, 61}}, + {"kern.shminfo", []_C_int{1, 62}}, + {"kern.somaxconn", []_C_int{1, 28}}, + {"kern.sominconn", []_C_int{1, 29}}, + {"kern.splassert", []_C_int{1, 54}}, + {"kern.stackgap_random", []_C_int{1, 50}}, + {"kern.sysvipc_info", []_C_int{1, 51}}, + {"kern.sysvmsg", []_C_int{1, 34}}, + {"kern.sysvsem", []_C_int{1, 35}}, + {"kern.sysvshm", []_C_int{1, 36}}, + {"kern.timecounter.choice", []_C_int{1, 69, 4}}, + {"kern.timecounter.hardware", []_C_int{1, 69, 3}}, + {"kern.timecounter.tick", []_C_int{1, 69, 1}}, + {"kern.timecounter.timestepwarnings", []_C_int{1, 69, 2}}, + {"kern.timeout_stats", []_C_int{1, 87}}, + {"kern.tty.tk_cancc", []_C_int{1, 44, 4}}, + {"kern.tty.tk_nin", []_C_int{1, 44, 1}}, + {"kern.tty.tk_nout", []_C_int{1, 44, 2}}, + {"kern.tty.tk_rawcc", []_C_int{1, 44, 3}}, + {"kern.tty.ttyinfo", []_C_int{1, 44, 5}}, + {"kern.ttycount", []_C_int{1, 57}}, + {"kern.utc_offset", []_C_int{1, 88}}, + {"kern.version", []_C_int{1, 4}}, + {"kern.video", []_C_int{1, 89}}, + {"kern.watchdog.auto", []_C_int{1, 64, 2}}, + {"kern.watchdog.period", []_C_int{1, 64, 1}}, + {"kern.witnesswatch", []_C_int{1, 53}}, + {"kern.wxabort", []_C_int{1, 74}}, + {"net.bpf.bufsize", []_C_int{4, 31, 1}}, + {"net.bpf.maxbufsize", []_C_int{4, 31, 2}}, + {"net.inet.ah.enable", []_C_int{4, 2, 51, 1}}, + {"net.inet.ah.stats", []_C_int{4, 2, 51, 2}}, + {"net.inet.carp.allow", []_C_int{4, 2, 112, 1}}, + {"net.inet.carp.log", []_C_int{4, 2, 112, 3}}, + {"net.inet.carp.preempt", []_C_int{4, 2, 112, 2}}, + {"net.inet.carp.stats", []_C_int{4, 2, 112, 4}}, + {"net.inet.divert.recvspace", []_C_int{4, 2, 258, 1}}, + {"net.inet.divert.sendspace", []_C_int{4, 2, 258, 2}}, + {"net.inet.divert.stats", []_C_int{4, 2, 258, 3}}, + {"net.inet.esp.enable", []_C_int{4, 2, 50, 1}}, + {"net.inet.esp.stats", []_C_int{4, 2, 50, 4}}, + {"net.inet.esp.udpencap", []_C_int{4, 2, 50, 2}}, + {"net.inet.esp.udpencap_port", []_C_int{4, 2, 50, 3}}, + {"net.inet.etherip.allow", []_C_int{4, 2, 97, 1}}, + {"net.inet.etherip.stats", []_C_int{4, 2, 97, 2}}, + {"net.inet.gre.allow", []_C_int{4, 2, 47, 1}}, + {"net.inet.gre.wccp", []_C_int{4, 2, 47, 2}}, + {"net.inet.icmp.bmcastecho", []_C_int{4, 2, 1, 2}}, + {"net.inet.icmp.errppslimit", []_C_int{4, 2, 1, 3}}, + {"net.inet.icmp.maskrepl", []_C_int{4, 2, 1, 1}}, + {"net.inet.icmp.rediraccept", []_C_int{4, 2, 1, 4}}, + {"net.inet.icmp.redirtimeout", []_C_int{4, 2, 1, 5}}, + {"net.inet.icmp.stats", []_C_int{4, 2, 1, 7}}, + {"net.inet.icmp.tstamprepl", []_C_int{4, 2, 1, 6}}, + {"net.inet.igmp.stats", []_C_int{4, 2, 2, 1}}, + {"net.inet.ip.arpdown", []_C_int{4, 2, 0, 40}}, + {"net.inet.ip.arpqueued", []_C_int{4, 2, 0, 36}}, + {"net.inet.ip.arptimeout", []_C_int{4, 2, 0, 39}}, + {"net.inet.ip.encdebug", []_C_int{4, 2, 0, 12}}, + {"net.inet.ip.forwarding", []_C_int{4, 2, 0, 1}}, + {"net.inet.ip.ifq.congestion", []_C_int{4, 2, 0, 30, 4}}, + {"net.inet.ip.ifq.drops", []_C_int{4, 2, 0, 30, 3}}, + {"net.inet.ip.ifq.len", []_C_int{4, 2, 0, 30, 1}}, + {"net.inet.ip.ifq.maxlen", []_C_int{4, 2, 0, 30, 2}}, + {"net.inet.ip.maxqueue", []_C_int{4, 2, 0, 11}}, + {"net.inet.ip.mforwarding", []_C_int{4, 2, 0, 31}}, + {"net.inet.ip.mrtmfc", []_C_int{4, 2, 0, 37}}, + {"net.inet.ip.mrtproto", []_C_int{4, 2, 0, 34}}, + {"net.inet.ip.mrtstats", []_C_int{4, 2, 0, 35}}, + {"net.inet.ip.mrtvif", []_C_int{4, 2, 0, 38}}, + {"net.inet.ip.mtu", []_C_int{4, 2, 0, 4}}, + {"net.inet.ip.mtudisc", []_C_int{4, 2, 0, 27}}, + {"net.inet.ip.mtudisctimeout", []_C_int{4, 2, 0, 28}}, + {"net.inet.ip.multipath", []_C_int{4, 2, 0, 32}}, + {"net.inet.ip.portfirst", []_C_int{4, 2, 0, 7}}, + {"net.inet.ip.porthifirst", []_C_int{4, 2, 0, 9}}, + {"net.inet.ip.porthilast", []_C_int{4, 2, 0, 10}}, + {"net.inet.ip.portlast", []_C_int{4, 2, 0, 8}}, + {"net.inet.ip.redirect", []_C_int{4, 2, 0, 2}}, + {"net.inet.ip.sourceroute", []_C_int{4, 2, 0, 5}}, + {"net.inet.ip.stats", []_C_int{4, 2, 0, 33}}, + {"net.inet.ip.ttl", []_C_int{4, 2, 0, 3}}, + {"net.inet.ipcomp.enable", []_C_int{4, 2, 108, 1}}, + {"net.inet.ipcomp.stats", []_C_int{4, 2, 108, 2}}, + {"net.inet.ipip.allow", []_C_int{4, 2, 4, 1}}, + {"net.inet.ipip.stats", []_C_int{4, 2, 4, 2}}, + {"net.inet.pfsync.stats", []_C_int{4, 2, 240, 1}}, + {"net.inet.tcp.ackonpush", []_C_int{4, 2, 6, 13}}, + {"net.inet.tcp.always_keepalive", []_C_int{4, 2, 6, 22}}, + {"net.inet.tcp.baddynamic", []_C_int{4, 2, 6, 6}}, + {"net.inet.tcp.drop", []_C_int{4, 2, 6, 19}}, + {"net.inet.tcp.ecn", []_C_int{4, 2, 6, 14}}, + {"net.inet.tcp.ident", []_C_int{4, 2, 6, 9}}, + {"net.inet.tcp.keepidle", []_C_int{4, 2, 6, 3}}, + {"net.inet.tcp.keepinittime", []_C_int{4, 2, 6, 2}}, + {"net.inet.tcp.keepintvl", []_C_int{4, 2, 6, 4}}, + {"net.inet.tcp.mssdflt", []_C_int{4, 2, 6, 11}}, + {"net.inet.tcp.reasslimit", []_C_int{4, 2, 6, 18}}, + {"net.inet.tcp.rfc1323", []_C_int{4, 2, 6, 1}}, + {"net.inet.tcp.rfc3390", []_C_int{4, 2, 6, 17}}, + {"net.inet.tcp.rootonly", []_C_int{4, 2, 6, 24}}, + {"net.inet.tcp.rstppslimit", []_C_int{4, 2, 6, 12}}, + {"net.inet.tcp.sack", []_C_int{4, 2, 6, 10}}, + {"net.inet.tcp.sackholelimit", []_C_int{4, 2, 6, 20}}, + {"net.inet.tcp.slowhz", []_C_int{4, 2, 6, 5}}, + {"net.inet.tcp.stats", []_C_int{4, 2, 6, 21}}, + {"net.inet.tcp.synbucketlimit", []_C_int{4, 2, 6, 16}}, + {"net.inet.tcp.syncachelimit", []_C_int{4, 2, 6, 15}}, + {"net.inet.tcp.synhashsize", []_C_int{4, 2, 6, 25}}, + {"net.inet.tcp.synuselimit", []_C_int{4, 2, 6, 23}}, + {"net.inet.udp.baddynamic", []_C_int{4, 2, 17, 2}}, + {"net.inet.udp.checksum", []_C_int{4, 2, 17, 1}}, + {"net.inet.udp.recvspace", []_C_int{4, 2, 17, 3}}, + {"net.inet.udp.rootonly", []_C_int{4, 2, 17, 6}}, + {"net.inet.udp.sendspace", []_C_int{4, 2, 17, 4}}, + {"net.inet.udp.stats", []_C_int{4, 2, 17, 5}}, + {"net.inet6.divert.recvspace", []_C_int{4, 24, 86, 1}}, + {"net.inet6.divert.sendspace", []_C_int{4, 24, 86, 2}}, + {"net.inet6.divert.stats", []_C_int{4, 24, 86, 3}}, + {"net.inet6.icmp6.errppslimit", []_C_int{4, 24, 30, 14}}, + {"net.inet6.icmp6.mtudisc_hiwat", []_C_int{4, 24, 30, 16}}, + {"net.inet6.icmp6.mtudisc_lowat", []_C_int{4, 24, 30, 17}}, + {"net.inet6.icmp6.nd6_debug", []_C_int{4, 24, 30, 18}}, + {"net.inet6.icmp6.nd6_delay", []_C_int{4, 24, 30, 8}}, + {"net.inet6.icmp6.nd6_maxnudhint", []_C_int{4, 24, 30, 15}}, + {"net.inet6.icmp6.nd6_mmaxtries", []_C_int{4, 24, 30, 10}}, + {"net.inet6.icmp6.nd6_umaxtries", []_C_int{4, 24, 30, 9}}, + {"net.inet6.icmp6.redirtimeout", []_C_int{4, 24, 30, 3}}, + {"net.inet6.ip6.auto_flowlabel", []_C_int{4, 24, 17, 17}}, + {"net.inet6.ip6.dad_count", []_C_int{4, 24, 17, 16}}, + {"net.inet6.ip6.dad_pending", []_C_int{4, 24, 17, 49}}, + {"net.inet6.ip6.defmcasthlim", []_C_int{4, 24, 17, 18}}, + {"net.inet6.ip6.forwarding", []_C_int{4, 24, 17, 1}}, + {"net.inet6.ip6.forwsrcrt", []_C_int{4, 24, 17, 5}}, + {"net.inet6.ip6.hdrnestlimit", []_C_int{4, 24, 17, 15}}, + {"net.inet6.ip6.hlim", []_C_int{4, 24, 17, 3}}, + {"net.inet6.ip6.log_interval", []_C_int{4, 24, 17, 14}}, + {"net.inet6.ip6.maxdynroutes", []_C_int{4, 24, 17, 48}}, + {"net.inet6.ip6.maxfragpackets", []_C_int{4, 24, 17, 9}}, + {"net.inet6.ip6.maxfrags", []_C_int{4, 24, 17, 41}}, + {"net.inet6.ip6.mforwarding", []_C_int{4, 24, 17, 42}}, + {"net.inet6.ip6.mrtmfc", []_C_int{4, 24, 17, 53}}, + {"net.inet6.ip6.mrtmif", []_C_int{4, 24, 17, 52}}, + {"net.inet6.ip6.mrtproto", []_C_int{4, 24, 17, 8}}, + {"net.inet6.ip6.mtudisctimeout", []_C_int{4, 24, 17, 50}}, + {"net.inet6.ip6.multicast_mtudisc", []_C_int{4, 24, 17, 44}}, + {"net.inet6.ip6.multipath", []_C_int{4, 24, 17, 43}}, + {"net.inet6.ip6.neighborgcthresh", []_C_int{4, 24, 17, 45}}, + {"net.inet6.ip6.redirect", []_C_int{4, 24, 17, 2}}, + {"net.inet6.ip6.soiikey", []_C_int{4, 24, 17, 54}}, + {"net.inet6.ip6.sourcecheck", []_C_int{4, 24, 17, 10}}, + {"net.inet6.ip6.sourcecheck_logint", []_C_int{4, 24, 17, 11}}, + {"net.inet6.ip6.use_deprecated", []_C_int{4, 24, 17, 21}}, + {"net.key.sadb_dump", []_C_int{4, 30, 1}}, + {"net.key.spd_dump", []_C_int{4, 30, 2}}, + {"net.mpls.ifq.congestion", []_C_int{4, 33, 3, 4}}, + {"net.mpls.ifq.drops", []_C_int{4, 33, 3, 3}}, + {"net.mpls.ifq.len", []_C_int{4, 33, 3, 1}}, + {"net.mpls.ifq.maxlen", []_C_int{4, 33, 3, 2}}, + {"net.mpls.mapttl_ip", []_C_int{4, 33, 5}}, + {"net.mpls.mapttl_ip6", []_C_int{4, 33, 6}}, + {"net.mpls.ttl", []_C_int{4, 33, 2}}, + {"net.pflow.stats", []_C_int{4, 34, 1}}, + {"net.pipex.enable", []_C_int{4, 35, 1}}, + {"vm.anonmin", []_C_int{2, 7}}, + {"vm.loadavg", []_C_int{2, 2}}, + {"vm.malloc_conf", []_C_int{2, 12}}, + {"vm.maxslp", []_C_int{2, 10}}, + {"vm.nkmempages", []_C_int{2, 6}}, + {"vm.psstrings", []_C_int{2, 3}}, + {"vm.swapencrypt.enable", []_C_int{2, 5, 0}}, + {"vm.swapencrypt.keyscreated", []_C_int{2, 5, 1}}, + {"vm.swapencrypt.keysdeleted", []_C_int{2, 5, 2}}, + {"vm.uspace", []_C_int{2, 11}}, + {"vm.uvmexp", []_C_int{2, 4}}, + {"vm.vmmeter", []_C_int{2, 1}}, + {"vm.vnodemin", []_C_int{2, 9}}, + {"vm.vtextmin", []_C_int{2, 8}}, +} diff --git a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_riscv64.go b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_riscv64.go new file mode 100644 index 00000000000..a0db82fce20 --- /dev/null +++ b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_riscv64.go @@ -0,0 +1,282 @@ +// go run mksysctl_openbsd.go +// Code generated by the command above; DO NOT EDIT. + +//go:build riscv64 && openbsd +// +build riscv64,openbsd + +package unix + +type mibentry struct { + ctlname string + ctloid []_C_int +} + +var sysctlMib = []mibentry{ + {"ddb.console", []_C_int{9, 6}}, + {"ddb.log", []_C_int{9, 7}}, + {"ddb.max_line", []_C_int{9, 3}}, + {"ddb.max_width", []_C_int{9, 2}}, + {"ddb.panic", []_C_int{9, 5}}, + {"ddb.profile", []_C_int{9, 9}}, + {"ddb.radix", []_C_int{9, 1}}, + {"ddb.tab_stop_width", []_C_int{9, 4}}, + {"ddb.trigger", []_C_int{9, 8}}, + {"fs.posix.setuid", []_C_int{3, 1, 1}}, + {"hw.allowpowerdown", []_C_int{6, 22}}, + {"hw.byteorder", []_C_int{6, 4}}, + {"hw.cpuspeed", []_C_int{6, 12}}, + {"hw.diskcount", []_C_int{6, 10}}, + {"hw.disknames", []_C_int{6, 8}}, + {"hw.diskstats", []_C_int{6, 9}}, + {"hw.machine", []_C_int{6, 1}}, + {"hw.model", []_C_int{6, 2}}, + {"hw.ncpu", []_C_int{6, 3}}, + {"hw.ncpufound", []_C_int{6, 21}}, + {"hw.ncpuonline", []_C_int{6, 25}}, + {"hw.pagesize", []_C_int{6, 7}}, + {"hw.perfpolicy", []_C_int{6, 23}}, + {"hw.physmem", []_C_int{6, 19}}, + {"hw.power", []_C_int{6, 26}}, + {"hw.product", []_C_int{6, 15}}, + {"hw.serialno", []_C_int{6, 17}}, + {"hw.setperf", []_C_int{6, 13}}, + {"hw.smt", []_C_int{6, 24}}, + {"hw.usermem", []_C_int{6, 20}}, + {"hw.uuid", []_C_int{6, 18}}, + {"hw.vendor", []_C_int{6, 14}}, + {"hw.version", []_C_int{6, 16}}, + {"kern.allowdt", []_C_int{1, 65}}, + {"kern.allowkmem", []_C_int{1, 52}}, + {"kern.argmax", []_C_int{1, 8}}, + {"kern.audio", []_C_int{1, 84}}, + {"kern.boottime", []_C_int{1, 21}}, + {"kern.bufcachepercent", []_C_int{1, 72}}, + {"kern.ccpu", []_C_int{1, 45}}, + {"kern.clockrate", []_C_int{1, 12}}, + {"kern.consbuf", []_C_int{1, 83}}, + {"kern.consbufsize", []_C_int{1, 82}}, + {"kern.consdev", []_C_int{1, 75}}, + {"kern.cp_time", []_C_int{1, 40}}, + {"kern.cp_time2", []_C_int{1, 71}}, + {"kern.cpustats", []_C_int{1, 85}}, + {"kern.domainname", []_C_int{1, 22}}, + {"kern.file", []_C_int{1, 73}}, + {"kern.forkstat", []_C_int{1, 42}}, + {"kern.fscale", []_C_int{1, 46}}, + {"kern.fsync", []_C_int{1, 33}}, + {"kern.global_ptrace", []_C_int{1, 81}}, + {"kern.hostid", []_C_int{1, 11}}, + {"kern.hostname", []_C_int{1, 10}}, + {"kern.intrcnt.nintrcnt", []_C_int{1, 63, 1}}, + {"kern.job_control", []_C_int{1, 19}}, + {"kern.malloc.buckets", []_C_int{1, 39, 1}}, + {"kern.malloc.kmemnames", []_C_int{1, 39, 3}}, + {"kern.maxclusters", []_C_int{1, 67}}, + {"kern.maxfiles", []_C_int{1, 7}}, + {"kern.maxlocksperuid", []_C_int{1, 70}}, + {"kern.maxpartitions", []_C_int{1, 23}}, + {"kern.maxproc", []_C_int{1, 6}}, + {"kern.maxthread", []_C_int{1, 25}}, + {"kern.maxvnodes", []_C_int{1, 5}}, + {"kern.mbstat", []_C_int{1, 59}}, + {"kern.msgbuf", []_C_int{1, 48}}, + {"kern.msgbufsize", []_C_int{1, 38}}, + {"kern.nchstats", []_C_int{1, 41}}, + {"kern.netlivelocks", []_C_int{1, 76}}, + {"kern.nfiles", []_C_int{1, 56}}, + {"kern.ngroups", []_C_int{1, 18}}, + {"kern.nosuidcoredump", []_C_int{1, 32}}, + {"kern.nprocs", []_C_int{1, 47}}, + {"kern.nselcoll", []_C_int{1, 43}}, + {"kern.nthreads", []_C_int{1, 26}}, + {"kern.numvnodes", []_C_int{1, 58}}, + {"kern.osrelease", []_C_int{1, 2}}, + {"kern.osrevision", []_C_int{1, 3}}, + {"kern.ostype", []_C_int{1, 1}}, + {"kern.osversion", []_C_int{1, 27}}, + {"kern.pfstatus", []_C_int{1, 86}}, + {"kern.pool_debug", []_C_int{1, 77}}, + {"kern.posix1version", []_C_int{1, 17}}, + {"kern.proc", []_C_int{1, 66}}, + {"kern.rawpartition", []_C_int{1, 24}}, + {"kern.saved_ids", []_C_int{1, 20}}, + {"kern.securelevel", []_C_int{1, 9}}, + {"kern.seminfo", []_C_int{1, 61}}, + {"kern.shminfo", []_C_int{1, 62}}, + {"kern.somaxconn", []_C_int{1, 28}}, + {"kern.sominconn", []_C_int{1, 29}}, + {"kern.splassert", []_C_int{1, 54}}, + {"kern.stackgap_random", []_C_int{1, 50}}, + {"kern.sysvipc_info", []_C_int{1, 51}}, + {"kern.sysvmsg", []_C_int{1, 34}}, + {"kern.sysvsem", []_C_int{1, 35}}, + {"kern.sysvshm", []_C_int{1, 36}}, + {"kern.timecounter.choice", []_C_int{1, 69, 4}}, + {"kern.timecounter.hardware", []_C_int{1, 69, 3}}, + {"kern.timecounter.tick", []_C_int{1, 69, 1}}, + {"kern.timecounter.timestepwarnings", []_C_int{1, 69, 2}}, + {"kern.timeout_stats", []_C_int{1, 87}}, + {"kern.tty.tk_cancc", []_C_int{1, 44, 4}}, + {"kern.tty.tk_nin", []_C_int{1, 44, 1}}, + {"kern.tty.tk_nout", []_C_int{1, 44, 2}}, + {"kern.tty.tk_rawcc", []_C_int{1, 44, 3}}, + {"kern.tty.ttyinfo", []_C_int{1, 44, 5}}, + {"kern.ttycount", []_C_int{1, 57}}, + {"kern.utc_offset", []_C_int{1, 88}}, + {"kern.version", []_C_int{1, 4}}, + {"kern.video", []_C_int{1, 89}}, + {"kern.watchdog.auto", []_C_int{1, 64, 2}}, + {"kern.watchdog.period", []_C_int{1, 64, 1}}, + {"kern.witnesswatch", []_C_int{1, 53}}, + {"kern.wxabort", []_C_int{1, 74}}, + {"net.bpf.bufsize", []_C_int{4, 31, 1}}, + {"net.bpf.maxbufsize", []_C_int{4, 31, 2}}, + {"net.inet.ah.enable", []_C_int{4, 2, 51, 1}}, + {"net.inet.ah.stats", []_C_int{4, 2, 51, 2}}, + {"net.inet.carp.allow", []_C_int{4, 2, 112, 1}}, + {"net.inet.carp.log", []_C_int{4, 2, 112, 3}}, + {"net.inet.carp.preempt", []_C_int{4, 2, 112, 2}}, + {"net.inet.carp.stats", []_C_int{4, 2, 112, 4}}, + {"net.inet.divert.recvspace", []_C_int{4, 2, 258, 1}}, + {"net.inet.divert.sendspace", []_C_int{4, 2, 258, 2}}, + {"net.inet.divert.stats", []_C_int{4, 2, 258, 3}}, + {"net.inet.esp.enable", []_C_int{4, 2, 50, 1}}, + {"net.inet.esp.stats", []_C_int{4, 2, 50, 4}}, + {"net.inet.esp.udpencap", []_C_int{4, 2, 50, 2}}, + {"net.inet.esp.udpencap_port", []_C_int{4, 2, 50, 3}}, + {"net.inet.etherip.allow", []_C_int{4, 2, 97, 1}}, + {"net.inet.etherip.stats", []_C_int{4, 2, 97, 2}}, + {"net.inet.gre.allow", []_C_int{4, 2, 47, 1}}, + {"net.inet.gre.wccp", []_C_int{4, 2, 47, 2}}, + {"net.inet.icmp.bmcastecho", []_C_int{4, 2, 1, 2}}, + {"net.inet.icmp.errppslimit", []_C_int{4, 2, 1, 3}}, + {"net.inet.icmp.maskrepl", []_C_int{4, 2, 1, 1}}, + {"net.inet.icmp.rediraccept", []_C_int{4, 2, 1, 4}}, + {"net.inet.icmp.redirtimeout", []_C_int{4, 2, 1, 5}}, + {"net.inet.icmp.stats", []_C_int{4, 2, 1, 7}}, + {"net.inet.icmp.tstamprepl", []_C_int{4, 2, 1, 6}}, + {"net.inet.igmp.stats", []_C_int{4, 2, 2, 1}}, + {"net.inet.ip.arpdown", []_C_int{4, 2, 0, 40}}, + {"net.inet.ip.arpqueued", []_C_int{4, 2, 0, 36}}, + {"net.inet.ip.arptimeout", []_C_int{4, 2, 0, 39}}, + {"net.inet.ip.encdebug", []_C_int{4, 2, 0, 12}}, + {"net.inet.ip.forwarding", []_C_int{4, 2, 0, 1}}, + {"net.inet.ip.ifq.congestion", []_C_int{4, 2, 0, 30, 4}}, + {"net.inet.ip.ifq.drops", []_C_int{4, 2, 0, 30, 3}}, + {"net.inet.ip.ifq.len", []_C_int{4, 2, 0, 30, 1}}, + {"net.inet.ip.ifq.maxlen", []_C_int{4, 2, 0, 30, 2}}, + {"net.inet.ip.maxqueue", []_C_int{4, 2, 0, 11}}, + {"net.inet.ip.mforwarding", []_C_int{4, 2, 0, 31}}, + {"net.inet.ip.mrtmfc", []_C_int{4, 2, 0, 37}}, + {"net.inet.ip.mrtproto", []_C_int{4, 2, 0, 34}}, + {"net.inet.ip.mrtstats", []_C_int{4, 2, 0, 35}}, + {"net.inet.ip.mrtvif", []_C_int{4, 2, 0, 38}}, + {"net.inet.ip.mtu", []_C_int{4, 2, 0, 4}}, + {"net.inet.ip.mtudisc", []_C_int{4, 2, 0, 27}}, + {"net.inet.ip.mtudisctimeout", []_C_int{4, 2, 0, 28}}, + {"net.inet.ip.multipath", []_C_int{4, 2, 0, 32}}, + {"net.inet.ip.portfirst", []_C_int{4, 2, 0, 7}}, + {"net.inet.ip.porthifirst", []_C_int{4, 2, 0, 9}}, + {"net.inet.ip.porthilast", []_C_int{4, 2, 0, 10}}, + {"net.inet.ip.portlast", []_C_int{4, 2, 0, 8}}, + {"net.inet.ip.redirect", []_C_int{4, 2, 0, 2}}, + {"net.inet.ip.sourceroute", []_C_int{4, 2, 0, 5}}, + {"net.inet.ip.stats", []_C_int{4, 2, 0, 33}}, + {"net.inet.ip.ttl", []_C_int{4, 2, 0, 3}}, + {"net.inet.ipcomp.enable", []_C_int{4, 2, 108, 1}}, + {"net.inet.ipcomp.stats", []_C_int{4, 2, 108, 2}}, + {"net.inet.ipip.allow", []_C_int{4, 2, 4, 1}}, + {"net.inet.ipip.stats", []_C_int{4, 2, 4, 2}}, + {"net.inet.pfsync.stats", []_C_int{4, 2, 240, 1}}, + {"net.inet.tcp.ackonpush", []_C_int{4, 2, 6, 13}}, + {"net.inet.tcp.always_keepalive", []_C_int{4, 2, 6, 22}}, + {"net.inet.tcp.baddynamic", []_C_int{4, 2, 6, 6}}, + {"net.inet.tcp.drop", []_C_int{4, 2, 6, 19}}, + {"net.inet.tcp.ecn", []_C_int{4, 2, 6, 14}}, + {"net.inet.tcp.ident", []_C_int{4, 2, 6, 9}}, + {"net.inet.tcp.keepidle", []_C_int{4, 2, 6, 3}}, + {"net.inet.tcp.keepinittime", []_C_int{4, 2, 6, 2}}, + {"net.inet.tcp.keepintvl", []_C_int{4, 2, 6, 4}}, + {"net.inet.tcp.mssdflt", []_C_int{4, 2, 6, 11}}, + {"net.inet.tcp.reasslimit", []_C_int{4, 2, 6, 18}}, + {"net.inet.tcp.rfc1323", []_C_int{4, 2, 6, 1}}, + {"net.inet.tcp.rfc3390", []_C_int{4, 2, 6, 17}}, + {"net.inet.tcp.rootonly", []_C_int{4, 2, 6, 24}}, + {"net.inet.tcp.rstppslimit", []_C_int{4, 2, 6, 12}}, + {"net.inet.tcp.sack", []_C_int{4, 2, 6, 10}}, + {"net.inet.tcp.sackholelimit", []_C_int{4, 2, 6, 20}}, + {"net.inet.tcp.slowhz", []_C_int{4, 2, 6, 5}}, + {"net.inet.tcp.stats", []_C_int{4, 2, 6, 21}}, + {"net.inet.tcp.synbucketlimit", []_C_int{4, 2, 6, 16}}, + {"net.inet.tcp.syncachelimit", []_C_int{4, 2, 6, 15}}, + {"net.inet.tcp.synhashsize", []_C_int{4, 2, 6, 25}}, + {"net.inet.tcp.synuselimit", []_C_int{4, 2, 6, 23}}, + {"net.inet.udp.baddynamic", []_C_int{4, 2, 17, 2}}, + {"net.inet.udp.checksum", []_C_int{4, 2, 17, 1}}, + {"net.inet.udp.recvspace", []_C_int{4, 2, 17, 3}}, + {"net.inet.udp.rootonly", []_C_int{4, 2, 17, 6}}, + {"net.inet.udp.sendspace", []_C_int{4, 2, 17, 4}}, + {"net.inet.udp.stats", []_C_int{4, 2, 17, 5}}, + {"net.inet6.divert.recvspace", []_C_int{4, 24, 86, 1}}, + {"net.inet6.divert.sendspace", []_C_int{4, 24, 86, 2}}, + {"net.inet6.divert.stats", []_C_int{4, 24, 86, 3}}, + {"net.inet6.icmp6.errppslimit", []_C_int{4, 24, 30, 14}}, + {"net.inet6.icmp6.mtudisc_hiwat", []_C_int{4, 24, 30, 16}}, + {"net.inet6.icmp6.mtudisc_lowat", []_C_int{4, 24, 30, 17}}, + {"net.inet6.icmp6.nd6_debug", []_C_int{4, 24, 30, 18}}, + {"net.inet6.icmp6.nd6_delay", []_C_int{4, 24, 30, 8}}, + {"net.inet6.icmp6.nd6_maxnudhint", []_C_int{4, 24, 30, 15}}, + {"net.inet6.icmp6.nd6_mmaxtries", []_C_int{4, 24, 30, 10}}, + {"net.inet6.icmp6.nd6_umaxtries", []_C_int{4, 24, 30, 9}}, + {"net.inet6.icmp6.redirtimeout", []_C_int{4, 24, 30, 3}}, + {"net.inet6.ip6.auto_flowlabel", []_C_int{4, 24, 17, 17}}, + {"net.inet6.ip6.dad_count", []_C_int{4, 24, 17, 16}}, + {"net.inet6.ip6.dad_pending", []_C_int{4, 24, 17, 49}}, + {"net.inet6.ip6.defmcasthlim", []_C_int{4, 24, 17, 18}}, + {"net.inet6.ip6.forwarding", []_C_int{4, 24, 17, 1}}, + {"net.inet6.ip6.forwsrcrt", []_C_int{4, 24, 17, 5}}, + {"net.inet6.ip6.hdrnestlimit", []_C_int{4, 24, 17, 15}}, + {"net.inet6.ip6.hlim", []_C_int{4, 24, 17, 3}}, + {"net.inet6.ip6.log_interval", []_C_int{4, 24, 17, 14}}, + {"net.inet6.ip6.maxdynroutes", []_C_int{4, 24, 17, 48}}, + {"net.inet6.ip6.maxfragpackets", []_C_int{4, 24, 17, 9}}, + {"net.inet6.ip6.maxfrags", []_C_int{4, 24, 17, 41}}, + {"net.inet6.ip6.mforwarding", []_C_int{4, 24, 17, 42}}, + {"net.inet6.ip6.mrtmfc", []_C_int{4, 24, 17, 53}}, + {"net.inet6.ip6.mrtmif", []_C_int{4, 24, 17, 52}}, + {"net.inet6.ip6.mrtproto", []_C_int{4, 24, 17, 8}}, + {"net.inet6.ip6.mtudisctimeout", []_C_int{4, 24, 17, 50}}, + {"net.inet6.ip6.multicast_mtudisc", []_C_int{4, 24, 17, 44}}, + {"net.inet6.ip6.multipath", []_C_int{4, 24, 17, 43}}, + {"net.inet6.ip6.neighborgcthresh", []_C_int{4, 24, 17, 45}}, + {"net.inet6.ip6.redirect", []_C_int{4, 24, 17, 2}}, + {"net.inet6.ip6.soiikey", []_C_int{4, 24, 17, 54}}, + {"net.inet6.ip6.sourcecheck", []_C_int{4, 24, 17, 10}}, + {"net.inet6.ip6.sourcecheck_logint", []_C_int{4, 24, 17, 11}}, + {"net.inet6.ip6.use_deprecated", []_C_int{4, 24, 17, 21}}, + {"net.key.sadb_dump", []_C_int{4, 30, 1}}, + {"net.key.spd_dump", []_C_int{4, 30, 2}}, + {"net.mpls.ifq.congestion", []_C_int{4, 33, 3, 4}}, + {"net.mpls.ifq.drops", []_C_int{4, 33, 3, 3}}, + {"net.mpls.ifq.len", []_C_int{4, 33, 3, 1}}, + {"net.mpls.ifq.maxlen", []_C_int{4, 33, 3, 2}}, + {"net.mpls.mapttl_ip", []_C_int{4, 33, 5}}, + {"net.mpls.mapttl_ip6", []_C_int{4, 33, 6}}, + {"net.mpls.ttl", []_C_int{4, 33, 2}}, + {"net.pflow.stats", []_C_int{4, 34, 1}}, + {"net.pipex.enable", []_C_int{4, 35, 1}}, + {"vm.anonmin", []_C_int{2, 7}}, + {"vm.loadavg", []_C_int{2, 2}}, + {"vm.malloc_conf", []_C_int{2, 12}}, + {"vm.maxslp", []_C_int{2, 10}}, + {"vm.nkmempages", []_C_int{2, 6}}, + {"vm.psstrings", []_C_int{2, 3}}, + {"vm.swapencrypt.enable", []_C_int{2, 5, 0}}, + {"vm.swapencrypt.keyscreated", []_C_int{2, 5, 1}}, + {"vm.swapencrypt.keysdeleted", []_C_int{2, 5, 2}}, + {"vm.uspace", []_C_int{2, 11}}, + {"vm.uvmexp", []_C_int{2, 4}}, + {"vm.vmmeter", []_C_int{2, 1}}, + {"vm.vnodemin", []_C_int{2, 9}}, + {"vm.vtextmin", []_C_int{2, 8}}, +} diff --git a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_ppc64.go b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_ppc64.go new file mode 100644 index 00000000000..f258cfa24ed --- /dev/null +++ b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_ppc64.go @@ -0,0 +1,218 @@ +// go run mksysnum.go https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/sys/kern/syscalls.master +// Code generated by the command above; see README.md. DO NOT EDIT. + +//go:build ppc64 && openbsd +// +build ppc64,openbsd + +package unix + +const ( + SYS_EXIT = 1 // { void sys_exit(int rval); } + SYS_FORK = 2 // { int sys_fork(void); } + SYS_READ = 3 // { ssize_t sys_read(int fd, void *buf, size_t nbyte); } + SYS_WRITE = 4 // { ssize_t sys_write(int fd, const void *buf, size_t nbyte); } + SYS_OPEN = 5 // { int sys_open(const char *path, int flags, ... mode_t mode); } + SYS_CLOSE = 6 // { int sys_close(int fd); } + SYS_GETENTROPY = 7 // { int sys_getentropy(void *buf, size_t nbyte); } + SYS___TFORK = 8 // { int sys___tfork(const struct __tfork *param, size_t psize); } + SYS_LINK = 9 // { int sys_link(const char *path, const char *link); } + SYS_UNLINK = 10 // { int sys_unlink(const char *path); } + SYS_WAIT4 = 11 // { pid_t sys_wait4(pid_t pid, int *status, int options, struct rusage *rusage); } + SYS_CHDIR = 12 // { int sys_chdir(const char *path); } + SYS_FCHDIR = 13 // { int sys_fchdir(int fd); } + SYS_MKNOD = 14 // { int sys_mknod(const char *path, mode_t mode, dev_t dev); } + SYS_CHMOD = 15 // { int sys_chmod(const char *path, mode_t mode); } + SYS_CHOWN = 16 // { int sys_chown(const char *path, uid_t uid, gid_t gid); } + SYS_OBREAK = 17 // { int sys_obreak(char *nsize); } break + SYS_GETDTABLECOUNT = 18 // { int sys_getdtablecount(void); } + SYS_GETRUSAGE = 19 // { int sys_getrusage(int who, struct rusage *rusage); } + SYS_GETPID = 20 // { pid_t sys_getpid(void); } + SYS_MOUNT = 21 // { int sys_mount(const char *type, const char *path, int flags, void *data); } + SYS_UNMOUNT = 22 // { int sys_unmount(const char *path, int flags); } + SYS_SETUID = 23 // { int sys_setuid(uid_t uid); } + SYS_GETUID = 24 // { uid_t sys_getuid(void); } + SYS_GETEUID = 25 // { uid_t sys_geteuid(void); } + SYS_PTRACE = 26 // { int sys_ptrace(int req, pid_t pid, caddr_t addr, int data); } + SYS_RECVMSG = 27 // { ssize_t sys_recvmsg(int s, struct msghdr *msg, int flags); } + SYS_SENDMSG = 28 // { ssize_t sys_sendmsg(int s, const struct msghdr *msg, int flags); } + SYS_RECVFROM = 29 // { ssize_t sys_recvfrom(int s, void *buf, size_t len, int flags, struct sockaddr *from, socklen_t *fromlenaddr); } + SYS_ACCEPT = 30 // { int sys_accept(int s, struct sockaddr *name, socklen_t *anamelen); } + SYS_GETPEERNAME = 31 // { int sys_getpeername(int fdes, struct sockaddr *asa, socklen_t *alen); } + SYS_GETSOCKNAME = 32 // { int sys_getsockname(int fdes, struct sockaddr *asa, socklen_t *alen); } + SYS_ACCESS = 33 // { int sys_access(const char *path, int amode); } + SYS_CHFLAGS = 34 // { int sys_chflags(const char *path, u_int flags); } + SYS_FCHFLAGS = 35 // { int sys_fchflags(int fd, u_int flags); } + SYS_SYNC = 36 // { void sys_sync(void); } + SYS_STAT = 38 // { int sys_stat(const char *path, struct stat *ub); } + SYS_GETPPID = 39 // { pid_t sys_getppid(void); } + SYS_LSTAT = 40 // { int sys_lstat(const char *path, struct stat *ub); } + SYS_DUP = 41 // { int sys_dup(int fd); } + SYS_FSTATAT = 42 // { int sys_fstatat(int fd, const char *path, struct stat *buf, int flag); } + SYS_GETEGID = 43 // { gid_t sys_getegid(void); } + SYS_PROFIL = 44 // { int sys_profil(caddr_t samples, size_t size, u_long offset, u_int scale); } + SYS_KTRACE = 45 // { int sys_ktrace(const char *fname, int ops, int facs, pid_t pid); } + SYS_SIGACTION = 46 // { int sys_sigaction(int signum, const struct sigaction *nsa, struct sigaction *osa); } + SYS_GETGID = 47 // { gid_t sys_getgid(void); } + SYS_SIGPROCMASK = 48 // { int sys_sigprocmask(int how, sigset_t mask); } + SYS_SETLOGIN = 50 // { int sys_setlogin(const char *namebuf); } + SYS_ACCT = 51 // { int sys_acct(const char *path); } + SYS_SIGPENDING = 52 // { int sys_sigpending(void); } + SYS_FSTAT = 53 // { int sys_fstat(int fd, struct stat *sb); } + SYS_IOCTL = 54 // { int sys_ioctl(int fd, u_long com, ... void *data); } + SYS_REBOOT = 55 // { int sys_reboot(int opt); } + SYS_REVOKE = 56 // { int sys_revoke(const char *path); } + SYS_SYMLINK = 57 // { int sys_symlink(const char *path, const char *link); } + SYS_READLINK = 58 // { ssize_t sys_readlink(const char *path, char *buf, size_t count); } + SYS_EXECVE = 59 // { int sys_execve(const char *path, char * const *argp, char * const *envp); } + SYS_UMASK = 60 // { mode_t sys_umask(mode_t newmask); } + SYS_CHROOT = 61 // { int sys_chroot(const char *path); } + SYS_GETFSSTAT = 62 // { int sys_getfsstat(struct statfs *buf, size_t bufsize, int flags); } + SYS_STATFS = 63 // { int sys_statfs(const char *path, struct statfs *buf); } + SYS_FSTATFS = 64 // { int sys_fstatfs(int fd, struct statfs *buf); } + SYS_FHSTATFS = 65 // { int sys_fhstatfs(const fhandle_t *fhp, struct statfs *buf); } + SYS_VFORK = 66 // { int sys_vfork(void); } + SYS_GETTIMEOFDAY = 67 // { int sys_gettimeofday(struct timeval *tp, struct timezone *tzp); } + SYS_SETTIMEOFDAY = 68 // { int sys_settimeofday(const struct timeval *tv, const struct timezone *tzp); } + SYS_SETITIMER = 69 // { int sys_setitimer(int which, const struct itimerval *itv, struct itimerval *oitv); } + SYS_GETITIMER = 70 // { int sys_getitimer(int which, struct itimerval *itv); } + SYS_SELECT = 71 // { int sys_select(int nd, fd_set *in, fd_set *ou, fd_set *ex, struct timeval *tv); } + SYS_KEVENT = 72 // { int sys_kevent(int fd, const struct kevent *changelist, int nchanges, struct kevent *eventlist, int nevents, const struct timespec *timeout); } + SYS_MUNMAP = 73 // { int sys_munmap(void *addr, size_t len); } + SYS_MPROTECT = 74 // { int sys_mprotect(void *addr, size_t len, int prot); } + SYS_MADVISE = 75 // { int sys_madvise(void *addr, size_t len, int behav); } + SYS_UTIMES = 76 // { int sys_utimes(const char *path, const struct timeval *tptr); } + SYS_FUTIMES = 77 // { int sys_futimes(int fd, const struct timeval *tptr); } + SYS_GETGROUPS = 79 // { int sys_getgroups(int gidsetsize, gid_t *gidset); } + SYS_SETGROUPS = 80 // { int sys_setgroups(int gidsetsize, const gid_t *gidset); } + SYS_GETPGRP = 81 // { int sys_getpgrp(void); } + SYS_SETPGID = 82 // { int sys_setpgid(pid_t pid, pid_t pgid); } + SYS_FUTEX = 83 // { int sys_futex(uint32_t *f, int op, int val, const struct timespec *timeout, uint32_t *g); } + SYS_UTIMENSAT = 84 // { int sys_utimensat(int fd, const char *path, const struct timespec *times, int flag); } + SYS_FUTIMENS = 85 // { int sys_futimens(int fd, const struct timespec *times); } + SYS_KBIND = 86 // { int sys_kbind(const struct __kbind *param, size_t psize, int64_t proc_cookie); } + SYS_CLOCK_GETTIME = 87 // { int sys_clock_gettime(clockid_t clock_id, struct timespec *tp); } + SYS_CLOCK_SETTIME = 88 // { int sys_clock_settime(clockid_t clock_id, const struct timespec *tp); } + SYS_CLOCK_GETRES = 89 // { int sys_clock_getres(clockid_t clock_id, struct timespec *tp); } + SYS_DUP2 = 90 // { int sys_dup2(int from, int to); } + SYS_NANOSLEEP = 91 // { int sys_nanosleep(const struct timespec *rqtp, struct timespec *rmtp); } + SYS_FCNTL = 92 // { int sys_fcntl(int fd, int cmd, ... void *arg); } + SYS_ACCEPT4 = 93 // { int sys_accept4(int s, struct sockaddr *name, socklen_t *anamelen, int flags); } + SYS___THRSLEEP = 94 // { int sys___thrsleep(const volatile void *ident, clockid_t clock_id, const struct timespec *tp, void *lock, const int *abort); } + SYS_FSYNC = 95 // { int sys_fsync(int fd); } + SYS_SETPRIORITY = 96 // { int sys_setpriority(int which, id_t who, int prio); } + SYS_SOCKET = 97 // { int sys_socket(int domain, int type, int protocol); } + SYS_CONNECT = 98 // { int sys_connect(int s, const struct sockaddr *name, socklen_t namelen); } + SYS_GETDENTS = 99 // { int sys_getdents(int fd, void *buf, size_t buflen); } + SYS_GETPRIORITY = 100 // { int sys_getpriority(int which, id_t who); } + SYS_PIPE2 = 101 // { int sys_pipe2(int *fdp, int flags); } + SYS_DUP3 = 102 // { int sys_dup3(int from, int to, int flags); } + SYS_SIGRETURN = 103 // { int sys_sigreturn(struct sigcontext *sigcntxp); } + SYS_BIND = 104 // { int sys_bind(int s, const struct sockaddr *name, socklen_t namelen); } + SYS_SETSOCKOPT = 105 // { int sys_setsockopt(int s, int level, int name, const void *val, socklen_t valsize); } + SYS_LISTEN = 106 // { int sys_listen(int s, int backlog); } + SYS_CHFLAGSAT = 107 // { int sys_chflagsat(int fd, const char *path, u_int flags, int atflags); } + SYS_PLEDGE = 108 // { int sys_pledge(const char *promises, const char *execpromises); } + SYS_PPOLL = 109 // { int sys_ppoll(struct pollfd *fds, u_int nfds, const struct timespec *ts, const sigset_t *mask); } + SYS_PSELECT = 110 // { int sys_pselect(int nd, fd_set *in, fd_set *ou, fd_set *ex, const struct timespec *ts, const sigset_t *mask); } + SYS_SIGSUSPEND = 111 // { int sys_sigsuspend(int mask); } + SYS_SENDSYSLOG = 112 // { int sys_sendsyslog(const char *buf, size_t nbyte, int flags); } + SYS_UNVEIL = 114 // { int sys_unveil(const char *path, const char *permissions); } + SYS_GETSOCKOPT = 118 // { int sys_getsockopt(int s, int level, int name, void *val, socklen_t *avalsize); } + SYS_THRKILL = 119 // { int sys_thrkill(pid_t tid, int signum, void *tcb); } + SYS_READV = 120 // { ssize_t sys_readv(int fd, const struct iovec *iovp, int iovcnt); } + SYS_WRITEV = 121 // { ssize_t sys_writev(int fd, const struct iovec *iovp, int iovcnt); } + SYS_KILL = 122 // { int sys_kill(int pid, int signum); } + SYS_FCHOWN = 123 // { int sys_fchown(int fd, uid_t uid, gid_t gid); } + SYS_FCHMOD = 124 // { int sys_fchmod(int fd, mode_t mode); } + SYS_SETREUID = 126 // { int sys_setreuid(uid_t ruid, uid_t euid); } + SYS_SETREGID = 127 // { int sys_setregid(gid_t rgid, gid_t egid); } + SYS_RENAME = 128 // { int sys_rename(const char *from, const char *to); } + SYS_FLOCK = 131 // { int sys_flock(int fd, int how); } + SYS_MKFIFO = 132 // { int sys_mkfifo(const char *path, mode_t mode); } + SYS_SENDTO = 133 // { ssize_t sys_sendto(int s, const void *buf, size_t len, int flags, const struct sockaddr *to, socklen_t tolen); } + SYS_SHUTDOWN = 134 // { int sys_shutdown(int s, int how); } + SYS_SOCKETPAIR = 135 // { int sys_socketpair(int domain, int type, int protocol, int *rsv); } + SYS_MKDIR = 136 // { int sys_mkdir(const char *path, mode_t mode); } + SYS_RMDIR = 137 // { int sys_rmdir(const char *path); } + SYS_ADJTIME = 140 // { int sys_adjtime(const struct timeval *delta, struct timeval *olddelta); } + SYS_GETLOGIN_R = 141 // { int sys_getlogin_r(char *namebuf, u_int namelen); } + SYS_SETSID = 147 // { int sys_setsid(void); } + SYS_QUOTACTL = 148 // { int sys_quotactl(const char *path, int cmd, int uid, char *arg); } + SYS_NFSSVC = 155 // { int sys_nfssvc(int flag, void *argp); } + SYS_GETFH = 161 // { int sys_getfh(const char *fname, fhandle_t *fhp); } + SYS_SYSARCH = 165 // { int sys_sysarch(int op, void *parms); } + SYS_PREAD = 173 // { ssize_t sys_pread(int fd, void *buf, size_t nbyte, int pad, off_t offset); } + SYS_PWRITE = 174 // { ssize_t sys_pwrite(int fd, const void *buf, size_t nbyte, int pad, off_t offset); } + SYS_SETGID = 181 // { int sys_setgid(gid_t gid); } + SYS_SETEGID = 182 // { int sys_setegid(gid_t egid); } + SYS_SETEUID = 183 // { int sys_seteuid(uid_t euid); } + SYS_PATHCONF = 191 // { long sys_pathconf(const char *path, int name); } + SYS_FPATHCONF = 192 // { long sys_fpathconf(int fd, int name); } + SYS_SWAPCTL = 193 // { int sys_swapctl(int cmd, const void *arg, int misc); } + SYS_GETRLIMIT = 194 // { int sys_getrlimit(int which, struct rlimit *rlp); } + SYS_SETRLIMIT = 195 // { int sys_setrlimit(int which, const struct rlimit *rlp); } + SYS_MMAP = 197 // { void *sys_mmap(void *addr, size_t len, int prot, int flags, int fd, long pad, off_t pos); } + SYS_LSEEK = 199 // { off_t sys_lseek(int fd, int pad, off_t offset, int whence); } + SYS_TRUNCATE = 200 // { int sys_truncate(const char *path, int pad, off_t length); } + SYS_FTRUNCATE = 201 // { int sys_ftruncate(int fd, int pad, off_t length); } + SYS_SYSCTL = 202 // { int sys_sysctl(const int *name, u_int namelen, void *old, size_t *oldlenp, void *new, size_t newlen); } + SYS_MLOCK = 203 // { int sys_mlock(const void *addr, size_t len); } + SYS_MUNLOCK = 204 // { int sys_munlock(const void *addr, size_t len); } + SYS_GETPGID = 207 // { pid_t sys_getpgid(pid_t pid); } + SYS_UTRACE = 209 // { int sys_utrace(const char *label, const void *addr, size_t len); } + SYS_SEMGET = 221 // { int sys_semget(key_t key, int nsems, int semflg); } + SYS_MSGGET = 225 // { int sys_msgget(key_t key, int msgflg); } + SYS_MSGSND = 226 // { int sys_msgsnd(int msqid, const void *msgp, size_t msgsz, int msgflg); } + SYS_MSGRCV = 227 // { int sys_msgrcv(int msqid, void *msgp, size_t msgsz, long msgtyp, int msgflg); } + SYS_SHMAT = 228 // { void *sys_shmat(int shmid, const void *shmaddr, int shmflg); } + SYS_SHMDT = 230 // { int sys_shmdt(const void *shmaddr); } + SYS_MINHERIT = 250 // { int sys_minherit(void *addr, size_t len, int inherit); } + SYS_POLL = 252 // { int sys_poll(struct pollfd *fds, u_int nfds, int timeout); } + SYS_ISSETUGID = 253 // { int sys_issetugid(void); } + SYS_LCHOWN = 254 // { int sys_lchown(const char *path, uid_t uid, gid_t gid); } + SYS_GETSID = 255 // { pid_t sys_getsid(pid_t pid); } + SYS_MSYNC = 256 // { int sys_msync(void *addr, size_t len, int flags); } + SYS_PIPE = 263 // { int sys_pipe(int *fdp); } + SYS_FHOPEN = 264 // { int sys_fhopen(const fhandle_t *fhp, int flags); } + SYS_PREADV = 267 // { ssize_t sys_preadv(int fd, const struct iovec *iovp, int iovcnt, int pad, off_t offset); } + SYS_PWRITEV = 268 // { ssize_t sys_pwritev(int fd, const struct iovec *iovp, int iovcnt, int pad, off_t offset); } + SYS_KQUEUE = 269 // { int sys_kqueue(void); } + SYS_MLOCKALL = 271 // { int sys_mlockall(int flags); } + SYS_MUNLOCKALL = 272 // { int sys_munlockall(void); } + SYS_GETRESUID = 281 // { int sys_getresuid(uid_t *ruid, uid_t *euid, uid_t *suid); } + SYS_SETRESUID = 282 // { int sys_setresuid(uid_t ruid, uid_t euid, uid_t suid); } + SYS_GETRESGID = 283 // { int sys_getresgid(gid_t *rgid, gid_t *egid, gid_t *sgid); } + SYS_SETRESGID = 284 // { int sys_setresgid(gid_t rgid, gid_t egid, gid_t sgid); } + SYS_MQUERY = 286 // { void *sys_mquery(void *addr, size_t len, int prot, int flags, int fd, long pad, off_t pos); } + SYS_CLOSEFROM = 287 // { int sys_closefrom(int fd); } + SYS_SIGALTSTACK = 288 // { int sys_sigaltstack(const struct sigaltstack *nss, struct sigaltstack *oss); } + SYS_SHMGET = 289 // { int sys_shmget(key_t key, size_t size, int shmflg); } + SYS_SEMOP = 290 // { int sys_semop(int semid, struct sembuf *sops, size_t nsops); } + SYS_FHSTAT = 294 // { int sys_fhstat(const fhandle_t *fhp, struct stat *sb); } + SYS___SEMCTL = 295 // { int sys___semctl(int semid, int semnum, int cmd, union semun *arg); } + SYS_SHMCTL = 296 // { int sys_shmctl(int shmid, int cmd, struct shmid_ds *buf); } + SYS_MSGCTL = 297 // { int sys_msgctl(int msqid, int cmd, struct msqid_ds *buf); } + SYS_SCHED_YIELD = 298 // { int sys_sched_yield(void); } + SYS_GETTHRID = 299 // { pid_t sys_getthrid(void); } + SYS___THRWAKEUP = 301 // { int sys___thrwakeup(const volatile void *ident, int n); } + SYS___THREXIT = 302 // { void sys___threxit(pid_t *notdead); } + SYS___THRSIGDIVERT = 303 // { int sys___thrsigdivert(sigset_t sigmask, siginfo_t *info, const struct timespec *timeout); } + SYS___GETCWD = 304 // { int sys___getcwd(char *buf, size_t len); } + SYS_ADJFREQ = 305 // { int sys_adjfreq(const int64_t *freq, int64_t *oldfreq); } + SYS_SETRTABLE = 310 // { int sys_setrtable(int rtableid); } + SYS_GETRTABLE = 311 // { int sys_getrtable(void); } + SYS_FACCESSAT = 313 // { int sys_faccessat(int fd, const char *path, int amode, int flag); } + SYS_FCHMODAT = 314 // { int sys_fchmodat(int fd, const char *path, mode_t mode, int flag); } + SYS_FCHOWNAT = 315 // { int sys_fchownat(int fd, const char *path, uid_t uid, gid_t gid, int flag); } + SYS_LINKAT = 317 // { int sys_linkat(int fd1, const char *path1, int fd2, const char *path2, int flag); } + SYS_MKDIRAT = 318 // { int sys_mkdirat(int fd, const char *path, mode_t mode); } + SYS_MKFIFOAT = 319 // { int sys_mkfifoat(int fd, const char *path, mode_t mode); } + SYS_MKNODAT = 320 // { int sys_mknodat(int fd, const char *path, mode_t mode, dev_t dev); } + SYS_OPENAT = 321 // { int sys_openat(int fd, const char *path, int flags, ... mode_t mode); } + SYS_READLINKAT = 322 // { ssize_t sys_readlinkat(int fd, const char *path, char *buf, size_t count); } + SYS_RENAMEAT = 323 // { int sys_renameat(int fromfd, const char *from, int tofd, const char *to); } + SYS_SYMLINKAT = 324 // { int sys_symlinkat(const char *path, int fd, const char *link); } + SYS_UNLINKAT = 325 // { int sys_unlinkat(int fd, const char *path, int flag); } + SYS___SET_TCB = 329 // { void sys___set_tcb(void *tcb); } + SYS___GET_TCB = 330 // { void *sys___get_tcb(void); } +) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_riscv64.go b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_riscv64.go new file mode 100644 index 00000000000..07919e0eccd --- /dev/null +++ b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_riscv64.go @@ -0,0 +1,219 @@ +// go run mksysnum.go https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/sys/kern/syscalls.master +// Code generated by the command above; see README.md. DO NOT EDIT. + +//go:build riscv64 && openbsd +// +build riscv64,openbsd + +package unix + +// Deprecated: Use libc wrappers instead of direct syscalls. +const ( + SYS_EXIT = 1 // { void sys_exit(int rval); } + SYS_FORK = 2 // { int sys_fork(void); } + SYS_READ = 3 // { ssize_t sys_read(int fd, void *buf, size_t nbyte); } + SYS_WRITE = 4 // { ssize_t sys_write(int fd, const void *buf, size_t nbyte); } + SYS_OPEN = 5 // { int sys_open(const char *path, int flags, ... mode_t mode); } + SYS_CLOSE = 6 // { int sys_close(int fd); } + SYS_GETENTROPY = 7 // { int sys_getentropy(void *buf, size_t nbyte); } + SYS___TFORK = 8 // { int sys___tfork(const struct __tfork *param, size_t psize); } + SYS_LINK = 9 // { int sys_link(const char *path, const char *link); } + SYS_UNLINK = 10 // { int sys_unlink(const char *path); } + SYS_WAIT4 = 11 // { pid_t sys_wait4(pid_t pid, int *status, int options, struct rusage *rusage); } + SYS_CHDIR = 12 // { int sys_chdir(const char *path); } + SYS_FCHDIR = 13 // { int sys_fchdir(int fd); } + SYS_MKNOD = 14 // { int sys_mknod(const char *path, mode_t mode, dev_t dev); } + SYS_CHMOD = 15 // { int sys_chmod(const char *path, mode_t mode); } + SYS_CHOWN = 16 // { int sys_chown(const char *path, uid_t uid, gid_t gid); } + SYS_OBREAK = 17 // { int sys_obreak(char *nsize); } break + SYS_GETDTABLECOUNT = 18 // { int sys_getdtablecount(void); } + SYS_GETRUSAGE = 19 // { int sys_getrusage(int who, struct rusage *rusage); } + SYS_GETPID = 20 // { pid_t sys_getpid(void); } + SYS_MOUNT = 21 // { int sys_mount(const char *type, const char *path, int flags, void *data); } + SYS_UNMOUNT = 22 // { int sys_unmount(const char *path, int flags); } + SYS_SETUID = 23 // { int sys_setuid(uid_t uid); } + SYS_GETUID = 24 // { uid_t sys_getuid(void); } + SYS_GETEUID = 25 // { uid_t sys_geteuid(void); } + SYS_PTRACE = 26 // { int sys_ptrace(int req, pid_t pid, caddr_t addr, int data); } + SYS_RECVMSG = 27 // { ssize_t sys_recvmsg(int s, struct msghdr *msg, int flags); } + SYS_SENDMSG = 28 // { ssize_t sys_sendmsg(int s, const struct msghdr *msg, int flags); } + SYS_RECVFROM = 29 // { ssize_t sys_recvfrom(int s, void *buf, size_t len, int flags, struct sockaddr *from, socklen_t *fromlenaddr); } + SYS_ACCEPT = 30 // { int sys_accept(int s, struct sockaddr *name, socklen_t *anamelen); } + SYS_GETPEERNAME = 31 // { int sys_getpeername(int fdes, struct sockaddr *asa, socklen_t *alen); } + SYS_GETSOCKNAME = 32 // { int sys_getsockname(int fdes, struct sockaddr *asa, socklen_t *alen); } + SYS_ACCESS = 33 // { int sys_access(const char *path, int amode); } + SYS_CHFLAGS = 34 // { int sys_chflags(const char *path, u_int flags); } + SYS_FCHFLAGS = 35 // { int sys_fchflags(int fd, u_int flags); } + SYS_SYNC = 36 // { void sys_sync(void); } + SYS_STAT = 38 // { int sys_stat(const char *path, struct stat *ub); } + SYS_GETPPID = 39 // { pid_t sys_getppid(void); } + SYS_LSTAT = 40 // { int sys_lstat(const char *path, struct stat *ub); } + SYS_DUP = 41 // { int sys_dup(int fd); } + SYS_FSTATAT = 42 // { int sys_fstatat(int fd, const char *path, struct stat *buf, int flag); } + SYS_GETEGID = 43 // { gid_t sys_getegid(void); } + SYS_PROFIL = 44 // { int sys_profil(caddr_t samples, size_t size, u_long offset, u_int scale); } + SYS_KTRACE = 45 // { int sys_ktrace(const char *fname, int ops, int facs, pid_t pid); } + SYS_SIGACTION = 46 // { int sys_sigaction(int signum, const struct sigaction *nsa, struct sigaction *osa); } + SYS_GETGID = 47 // { gid_t sys_getgid(void); } + SYS_SIGPROCMASK = 48 // { int sys_sigprocmask(int how, sigset_t mask); } + SYS_SETLOGIN = 50 // { int sys_setlogin(const char *namebuf); } + SYS_ACCT = 51 // { int sys_acct(const char *path); } + SYS_SIGPENDING = 52 // { int sys_sigpending(void); } + SYS_FSTAT = 53 // { int sys_fstat(int fd, struct stat *sb); } + SYS_IOCTL = 54 // { int sys_ioctl(int fd, u_long com, ... void *data); } + SYS_REBOOT = 55 // { int sys_reboot(int opt); } + SYS_REVOKE = 56 // { int sys_revoke(const char *path); } + SYS_SYMLINK = 57 // { int sys_symlink(const char *path, const char *link); } + SYS_READLINK = 58 // { ssize_t sys_readlink(const char *path, char *buf, size_t count); } + SYS_EXECVE = 59 // { int sys_execve(const char *path, char * const *argp, char * const *envp); } + SYS_UMASK = 60 // { mode_t sys_umask(mode_t newmask); } + SYS_CHROOT = 61 // { int sys_chroot(const char *path); } + SYS_GETFSSTAT = 62 // { int sys_getfsstat(struct statfs *buf, size_t bufsize, int flags); } + SYS_STATFS = 63 // { int sys_statfs(const char *path, struct statfs *buf); } + SYS_FSTATFS = 64 // { int sys_fstatfs(int fd, struct statfs *buf); } + SYS_FHSTATFS = 65 // { int sys_fhstatfs(const fhandle_t *fhp, struct statfs *buf); } + SYS_VFORK = 66 // { int sys_vfork(void); } + SYS_GETTIMEOFDAY = 67 // { int sys_gettimeofday(struct timeval *tp, struct timezone *tzp); } + SYS_SETTIMEOFDAY = 68 // { int sys_settimeofday(const struct timeval *tv, const struct timezone *tzp); } + SYS_SETITIMER = 69 // { int sys_setitimer(int which, const struct itimerval *itv, struct itimerval *oitv); } + SYS_GETITIMER = 70 // { int sys_getitimer(int which, struct itimerval *itv); } + SYS_SELECT = 71 // { int sys_select(int nd, fd_set *in, fd_set *ou, fd_set *ex, struct timeval *tv); } + SYS_KEVENT = 72 // { int sys_kevent(int fd, const struct kevent *changelist, int nchanges, struct kevent *eventlist, int nevents, const struct timespec *timeout); } + SYS_MUNMAP = 73 // { int sys_munmap(void *addr, size_t len); } + SYS_MPROTECT = 74 // { int sys_mprotect(void *addr, size_t len, int prot); } + SYS_MADVISE = 75 // { int sys_madvise(void *addr, size_t len, int behav); } + SYS_UTIMES = 76 // { int sys_utimes(const char *path, const struct timeval *tptr); } + SYS_FUTIMES = 77 // { int sys_futimes(int fd, const struct timeval *tptr); } + SYS_GETGROUPS = 79 // { int sys_getgroups(int gidsetsize, gid_t *gidset); } + SYS_SETGROUPS = 80 // { int sys_setgroups(int gidsetsize, const gid_t *gidset); } + SYS_GETPGRP = 81 // { int sys_getpgrp(void); } + SYS_SETPGID = 82 // { int sys_setpgid(pid_t pid, pid_t pgid); } + SYS_FUTEX = 83 // { int sys_futex(uint32_t *f, int op, int val, const struct timespec *timeout, uint32_t *g); } + SYS_UTIMENSAT = 84 // { int sys_utimensat(int fd, const char *path, const struct timespec *times, int flag); } + SYS_FUTIMENS = 85 // { int sys_futimens(int fd, const struct timespec *times); } + SYS_KBIND = 86 // { int sys_kbind(const struct __kbind *param, size_t psize, int64_t proc_cookie); } + SYS_CLOCK_GETTIME = 87 // { int sys_clock_gettime(clockid_t clock_id, struct timespec *tp); } + SYS_CLOCK_SETTIME = 88 // { int sys_clock_settime(clockid_t clock_id, const struct timespec *tp); } + SYS_CLOCK_GETRES = 89 // { int sys_clock_getres(clockid_t clock_id, struct timespec *tp); } + SYS_DUP2 = 90 // { int sys_dup2(int from, int to); } + SYS_NANOSLEEP = 91 // { int sys_nanosleep(const struct timespec *rqtp, struct timespec *rmtp); } + SYS_FCNTL = 92 // { int sys_fcntl(int fd, int cmd, ... void *arg); } + SYS_ACCEPT4 = 93 // { int sys_accept4(int s, struct sockaddr *name, socklen_t *anamelen, int flags); } + SYS___THRSLEEP = 94 // { int sys___thrsleep(const volatile void *ident, clockid_t clock_id, const struct timespec *tp, void *lock, const int *abort); } + SYS_FSYNC = 95 // { int sys_fsync(int fd); } + SYS_SETPRIORITY = 96 // { int sys_setpriority(int which, id_t who, int prio); } + SYS_SOCKET = 97 // { int sys_socket(int domain, int type, int protocol); } + SYS_CONNECT = 98 // { int sys_connect(int s, const struct sockaddr *name, socklen_t namelen); } + SYS_GETDENTS = 99 // { int sys_getdents(int fd, void *buf, size_t buflen); } + SYS_GETPRIORITY = 100 // { int sys_getpriority(int which, id_t who); } + SYS_PIPE2 = 101 // { int sys_pipe2(int *fdp, int flags); } + SYS_DUP3 = 102 // { int sys_dup3(int from, int to, int flags); } + SYS_SIGRETURN = 103 // { int sys_sigreturn(struct sigcontext *sigcntxp); } + SYS_BIND = 104 // { int sys_bind(int s, const struct sockaddr *name, socklen_t namelen); } + SYS_SETSOCKOPT = 105 // { int sys_setsockopt(int s, int level, int name, const void *val, socklen_t valsize); } + SYS_LISTEN = 106 // { int sys_listen(int s, int backlog); } + SYS_CHFLAGSAT = 107 // { int sys_chflagsat(int fd, const char *path, u_int flags, int atflags); } + SYS_PLEDGE = 108 // { int sys_pledge(const char *promises, const char *execpromises); } + SYS_PPOLL = 109 // { int sys_ppoll(struct pollfd *fds, u_int nfds, const struct timespec *ts, const sigset_t *mask); } + SYS_PSELECT = 110 // { int sys_pselect(int nd, fd_set *in, fd_set *ou, fd_set *ex, const struct timespec *ts, const sigset_t *mask); } + SYS_SIGSUSPEND = 111 // { int sys_sigsuspend(int mask); } + SYS_SENDSYSLOG = 112 // { int sys_sendsyslog(const char *buf, size_t nbyte, int flags); } + SYS_UNVEIL = 114 // { int sys_unveil(const char *path, const char *permissions); } + SYS_GETSOCKOPT = 118 // { int sys_getsockopt(int s, int level, int name, void *val, socklen_t *avalsize); } + SYS_THRKILL = 119 // { int sys_thrkill(pid_t tid, int signum, void *tcb); } + SYS_READV = 120 // { ssize_t sys_readv(int fd, const struct iovec *iovp, int iovcnt); } + SYS_WRITEV = 121 // { ssize_t sys_writev(int fd, const struct iovec *iovp, int iovcnt); } + SYS_KILL = 122 // { int sys_kill(int pid, int signum); } + SYS_FCHOWN = 123 // { int sys_fchown(int fd, uid_t uid, gid_t gid); } + SYS_FCHMOD = 124 // { int sys_fchmod(int fd, mode_t mode); } + SYS_SETREUID = 126 // { int sys_setreuid(uid_t ruid, uid_t euid); } + SYS_SETREGID = 127 // { int sys_setregid(gid_t rgid, gid_t egid); } + SYS_RENAME = 128 // { int sys_rename(const char *from, const char *to); } + SYS_FLOCK = 131 // { int sys_flock(int fd, int how); } + SYS_MKFIFO = 132 // { int sys_mkfifo(const char *path, mode_t mode); } + SYS_SENDTO = 133 // { ssize_t sys_sendto(int s, const void *buf, size_t len, int flags, const struct sockaddr *to, socklen_t tolen); } + SYS_SHUTDOWN = 134 // { int sys_shutdown(int s, int how); } + SYS_SOCKETPAIR = 135 // { int sys_socketpair(int domain, int type, int protocol, int *rsv); } + SYS_MKDIR = 136 // { int sys_mkdir(const char *path, mode_t mode); } + SYS_RMDIR = 137 // { int sys_rmdir(const char *path); } + SYS_ADJTIME = 140 // { int sys_adjtime(const struct timeval *delta, struct timeval *olddelta); } + SYS_GETLOGIN_R = 141 // { int sys_getlogin_r(char *namebuf, u_int namelen); } + SYS_SETSID = 147 // { int sys_setsid(void); } + SYS_QUOTACTL = 148 // { int sys_quotactl(const char *path, int cmd, int uid, char *arg); } + SYS_NFSSVC = 155 // { int sys_nfssvc(int flag, void *argp); } + SYS_GETFH = 161 // { int sys_getfh(const char *fname, fhandle_t *fhp); } + SYS_SYSARCH = 165 // { int sys_sysarch(int op, void *parms); } + SYS_PREAD = 173 // { ssize_t sys_pread(int fd, void *buf, size_t nbyte, int pad, off_t offset); } + SYS_PWRITE = 174 // { ssize_t sys_pwrite(int fd, const void *buf, size_t nbyte, int pad, off_t offset); } + SYS_SETGID = 181 // { int sys_setgid(gid_t gid); } + SYS_SETEGID = 182 // { int sys_setegid(gid_t egid); } + SYS_SETEUID = 183 // { int sys_seteuid(uid_t euid); } + SYS_PATHCONF = 191 // { long sys_pathconf(const char *path, int name); } + SYS_FPATHCONF = 192 // { long sys_fpathconf(int fd, int name); } + SYS_SWAPCTL = 193 // { int sys_swapctl(int cmd, const void *arg, int misc); } + SYS_GETRLIMIT = 194 // { int sys_getrlimit(int which, struct rlimit *rlp); } + SYS_SETRLIMIT = 195 // { int sys_setrlimit(int which, const struct rlimit *rlp); } + SYS_MMAP = 197 // { void *sys_mmap(void *addr, size_t len, int prot, int flags, int fd, long pad, off_t pos); } + SYS_LSEEK = 199 // { off_t sys_lseek(int fd, int pad, off_t offset, int whence); } + SYS_TRUNCATE = 200 // { int sys_truncate(const char *path, int pad, off_t length); } + SYS_FTRUNCATE = 201 // { int sys_ftruncate(int fd, int pad, off_t length); } + SYS_SYSCTL = 202 // { int sys_sysctl(const int *name, u_int namelen, void *old, size_t *oldlenp, void *new, size_t newlen); } + SYS_MLOCK = 203 // { int sys_mlock(const void *addr, size_t len); } + SYS_MUNLOCK = 204 // { int sys_munlock(const void *addr, size_t len); } + SYS_GETPGID = 207 // { pid_t sys_getpgid(pid_t pid); } + SYS_UTRACE = 209 // { int sys_utrace(const char *label, const void *addr, size_t len); } + SYS_SEMGET = 221 // { int sys_semget(key_t key, int nsems, int semflg); } + SYS_MSGGET = 225 // { int sys_msgget(key_t key, int msgflg); } + SYS_MSGSND = 226 // { int sys_msgsnd(int msqid, const void *msgp, size_t msgsz, int msgflg); } + SYS_MSGRCV = 227 // { int sys_msgrcv(int msqid, void *msgp, size_t msgsz, long msgtyp, int msgflg); } + SYS_SHMAT = 228 // { void *sys_shmat(int shmid, const void *shmaddr, int shmflg); } + SYS_SHMDT = 230 // { int sys_shmdt(const void *shmaddr); } + SYS_MINHERIT = 250 // { int sys_minherit(void *addr, size_t len, int inherit); } + SYS_POLL = 252 // { int sys_poll(struct pollfd *fds, u_int nfds, int timeout); } + SYS_ISSETUGID = 253 // { int sys_issetugid(void); } + SYS_LCHOWN = 254 // { int sys_lchown(const char *path, uid_t uid, gid_t gid); } + SYS_GETSID = 255 // { pid_t sys_getsid(pid_t pid); } + SYS_MSYNC = 256 // { int sys_msync(void *addr, size_t len, int flags); } + SYS_PIPE = 263 // { int sys_pipe(int *fdp); } + SYS_FHOPEN = 264 // { int sys_fhopen(const fhandle_t *fhp, int flags); } + SYS_PREADV = 267 // { ssize_t sys_preadv(int fd, const struct iovec *iovp, int iovcnt, int pad, off_t offset); } + SYS_PWRITEV = 268 // { ssize_t sys_pwritev(int fd, const struct iovec *iovp, int iovcnt, int pad, off_t offset); } + SYS_KQUEUE = 269 // { int sys_kqueue(void); } + SYS_MLOCKALL = 271 // { int sys_mlockall(int flags); } + SYS_MUNLOCKALL = 272 // { int sys_munlockall(void); } + SYS_GETRESUID = 281 // { int sys_getresuid(uid_t *ruid, uid_t *euid, uid_t *suid); } + SYS_SETRESUID = 282 // { int sys_setresuid(uid_t ruid, uid_t euid, uid_t suid); } + SYS_GETRESGID = 283 // { int sys_getresgid(gid_t *rgid, gid_t *egid, gid_t *sgid); } + SYS_SETRESGID = 284 // { int sys_setresgid(gid_t rgid, gid_t egid, gid_t sgid); } + SYS_MQUERY = 286 // { void *sys_mquery(void *addr, size_t len, int prot, int flags, int fd, long pad, off_t pos); } + SYS_CLOSEFROM = 287 // { int sys_closefrom(int fd); } + SYS_SIGALTSTACK = 288 // { int sys_sigaltstack(const struct sigaltstack *nss, struct sigaltstack *oss); } + SYS_SHMGET = 289 // { int sys_shmget(key_t key, size_t size, int shmflg); } + SYS_SEMOP = 290 // { int sys_semop(int semid, struct sembuf *sops, size_t nsops); } + SYS_FHSTAT = 294 // { int sys_fhstat(const fhandle_t *fhp, struct stat *sb); } + SYS___SEMCTL = 295 // { int sys___semctl(int semid, int semnum, int cmd, union semun *arg); } + SYS_SHMCTL = 296 // { int sys_shmctl(int shmid, int cmd, struct shmid_ds *buf); } + SYS_MSGCTL = 297 // { int sys_msgctl(int msqid, int cmd, struct msqid_ds *buf); } + SYS_SCHED_YIELD = 298 // { int sys_sched_yield(void); } + SYS_GETTHRID = 299 // { pid_t sys_getthrid(void); } + SYS___THRWAKEUP = 301 // { int sys___thrwakeup(const volatile void *ident, int n); } + SYS___THREXIT = 302 // { void sys___threxit(pid_t *notdead); } + SYS___THRSIGDIVERT = 303 // { int sys___thrsigdivert(sigset_t sigmask, siginfo_t *info, const struct timespec *timeout); } + SYS___GETCWD = 304 // { int sys___getcwd(char *buf, size_t len); } + SYS_ADJFREQ = 305 // { int sys_adjfreq(const int64_t *freq, int64_t *oldfreq); } + SYS_SETRTABLE = 310 // { int sys_setrtable(int rtableid); } + SYS_GETRTABLE = 311 // { int sys_getrtable(void); } + SYS_FACCESSAT = 313 // { int sys_faccessat(int fd, const char *path, int amode, int flag); } + SYS_FCHMODAT = 314 // { int sys_fchmodat(int fd, const char *path, mode_t mode, int flag); } + SYS_FCHOWNAT = 315 // { int sys_fchownat(int fd, const char *path, uid_t uid, gid_t gid, int flag); } + SYS_LINKAT = 317 // { int sys_linkat(int fd1, const char *path1, int fd2, const char *path2, int flag); } + SYS_MKDIRAT = 318 // { int sys_mkdirat(int fd, const char *path, mode_t mode); } + SYS_MKFIFOAT = 319 // { int sys_mkfifoat(int fd, const char *path, mode_t mode); } + SYS_MKNODAT = 320 // { int sys_mknodat(int fd, const char *path, mode_t mode, dev_t dev); } + SYS_OPENAT = 321 // { int sys_openat(int fd, const char *path, int flags, ... mode_t mode); } + SYS_READLINKAT = 322 // { ssize_t sys_readlinkat(int fd, const char *path, char *buf, size_t count); } + SYS_RENAMEAT = 323 // { int sys_renameat(int fromfd, const char *from, int tofd, const char *to); } + SYS_SYMLINKAT = 324 // { int sys_symlinkat(const char *path, int fd, const char *link); } + SYS_UNLINKAT = 325 // { int sys_unlinkat(int fd, const char *path, int flag); } + SYS___SET_TCB = 329 // { void sys___set_tcb(void *tcb); } + SYS___GET_TCB = 330 // { void *sys___get_tcb(void); } +) diff --git a/vendor/golang.org/x/sys/unix/ztypes_illumos_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_illumos_amd64.go deleted file mode 100644 index 4c485261d6d..00000000000 --- a/vendor/golang.org/x/sys/unix/ztypes_illumos_amd64.go +++ /dev/null @@ -1,42 +0,0 @@ -// cgo -godefs types_illumos.go | go run mkpost.go -// Code generated by the command above; see README.md. DO NOT EDIT. - -//go:build amd64 && illumos -// +build amd64,illumos - -package unix - -const ( - TUNNEWPPA = 0x540001 - TUNSETPPA = 0x540002 - - I_STR = 0x5308 - I_POP = 0x5303 - I_PUSH = 0x5302 - I_LINK = 0x530c - I_UNLINK = 0x530d - I_PLINK = 0x5316 - I_PUNLINK = 0x5317 - - IF_UNITSEL = -0x7ffb8cca -) - -type strbuf struct { - Maxlen int32 - Len int32 - Buf *int8 -} - -type Strioctl struct { - Cmd int32 - Timout int32 - Len int32 - Dp *int8 -} - -type Lifreq struct { - Name [32]int8 - Lifru1 [4]byte - Type uint32 - Lifru [336]byte -} diff --git a/vendor/golang.org/x/sys/unix/ztypes_openbsd_ppc64.go b/vendor/golang.org/x/sys/unix/ztypes_openbsd_ppc64.go new file mode 100644 index 00000000000..d6724c0102c --- /dev/null +++ b/vendor/golang.org/x/sys/unix/ztypes_openbsd_ppc64.go @@ -0,0 +1,571 @@ +// cgo -godefs -- -fsigned-char types_openbsd.go | go run mkpost.go +// Code generated by the command above; see README.md. DO NOT EDIT. + +//go:build ppc64 && openbsd +// +build ppc64,openbsd + +package unix + +const ( + SizeofPtr = 0x8 + SizeofShort = 0x2 + SizeofInt = 0x4 + SizeofLong = 0x8 + SizeofLongLong = 0x8 +) + +type ( + _C_short int16 + _C_int int32 + _C_long int64 + _C_long_long int64 +) + +type Timespec struct { + Sec int64 + Nsec int64 +} + +type Timeval struct { + Sec int64 + Usec int64 +} + +type Rusage struct { + Utime Timeval + Stime Timeval + Maxrss int64 + Ixrss int64 + Idrss int64 + Isrss int64 + Minflt int64 + Majflt int64 + Nswap int64 + Inblock int64 + Oublock int64 + Msgsnd int64 + Msgrcv int64 + Nsignals int64 + Nvcsw int64 + Nivcsw int64 +} + +type Rlimit struct { + Cur uint64 + Max uint64 +} + +type _Gid_t uint32 + +type Stat_t struct { + Mode uint32 + Dev int32 + Ino uint64 + Nlink uint32 + Uid uint32 + Gid uint32 + Rdev int32 + Atim Timespec + Mtim Timespec + Ctim Timespec + Size int64 + Blocks int64 + Blksize int32 + Flags uint32 + Gen uint32 + _ Timespec +} + +type Statfs_t struct { + F_flags uint32 + F_bsize uint32 + F_iosize uint32 + F_blocks uint64 + F_bfree uint64 + F_bavail int64 + F_files uint64 + F_ffree uint64 + F_favail int64 + F_syncwrites uint64 + F_syncreads uint64 + F_asyncwrites uint64 + F_asyncreads uint64 + F_fsid Fsid + F_namemax uint32 + F_owner uint32 + F_ctime uint64 + F_fstypename [16]byte + F_mntonname [90]byte + F_mntfromname [90]byte + F_mntfromspec [90]byte + _ [2]byte + Mount_info [160]byte +} + +type Flock_t struct { + Start int64 + Len int64 + Pid int32 + Type int16 + Whence int16 +} + +type Dirent struct { + Fileno uint64 + Off int64 + Reclen uint16 + Type uint8 + Namlen uint8 + _ [4]uint8 + Name [256]int8 +} + +type Fsid struct { + Val [2]int32 +} + +const ( + PathMax = 0x400 +) + +type RawSockaddrInet4 struct { + Len uint8 + Family uint8 + Port uint16 + Addr [4]byte /* in_addr */ + Zero [8]int8 +} + +type RawSockaddrInet6 struct { + Len uint8 + Family uint8 + Port uint16 + Flowinfo uint32 + Addr [16]byte /* in6_addr */ + Scope_id uint32 +} + +type RawSockaddrUnix struct { + Len uint8 + Family uint8 + Path [104]int8 +} + +type RawSockaddrDatalink struct { + Len uint8 + Family uint8 + Index uint16 + Type uint8 + Nlen uint8 + Alen uint8 + Slen uint8 + Data [24]int8 +} + +type RawSockaddr struct { + Len uint8 + Family uint8 + Data [14]int8 +} + +type RawSockaddrAny struct { + Addr RawSockaddr + Pad [92]int8 +} + +type _Socklen uint32 + +type Linger struct { + Onoff int32 + Linger int32 +} + +type Iovec struct { + Base *byte + Len uint64 +} + +type IPMreq struct { + Multiaddr [4]byte /* in_addr */ + Interface [4]byte /* in_addr */ +} + +type IPv6Mreq struct { + Multiaddr [16]byte /* in6_addr */ + Interface uint32 +} + +type Msghdr struct { + Name *byte + Namelen uint32 + Iov *Iovec + Iovlen uint32 + Control *byte + Controllen uint32 + Flags int32 +} + +type Cmsghdr struct { + Len uint32 + Level int32 + Type int32 +} + +type Inet6Pktinfo struct { + Addr [16]byte /* in6_addr */ + Ifindex uint32 +} + +type IPv6MTUInfo struct { + Addr RawSockaddrInet6 + Mtu uint32 +} + +type ICMPv6Filter struct { + Filt [8]uint32 +} + +const ( + SizeofSockaddrInet4 = 0x10 + SizeofSockaddrInet6 = 0x1c + SizeofSockaddrAny = 0x6c + SizeofSockaddrUnix = 0x6a + SizeofSockaddrDatalink = 0x20 + SizeofLinger = 0x8 + SizeofIovec = 0x10 + SizeofIPMreq = 0x8 + SizeofIPv6Mreq = 0x14 + SizeofMsghdr = 0x30 + SizeofCmsghdr = 0xc + SizeofInet6Pktinfo = 0x14 + SizeofIPv6MTUInfo = 0x20 + SizeofICMPv6Filter = 0x20 +) + +const ( + PTRACE_TRACEME = 0x0 + PTRACE_CONT = 0x7 + PTRACE_KILL = 0x8 +) + +type Kevent_t struct { + Ident uint64 + Filter int16 + Flags uint16 + Fflags uint32 + Data int64 + Udata *byte +} + +type FdSet struct { + Bits [32]uint32 +} + +const ( + SizeofIfMsghdr = 0xa8 + SizeofIfData = 0x90 + SizeofIfaMsghdr = 0x18 + SizeofIfAnnounceMsghdr = 0x1a + SizeofRtMsghdr = 0x60 + SizeofRtMetrics = 0x38 +) + +type IfMsghdr struct { + Msglen uint16 + Version uint8 + Type uint8 + Hdrlen uint16 + Index uint16 + Tableid uint16 + Pad1 uint8 + Pad2 uint8 + Addrs int32 + Flags int32 + Xflags int32 + Data IfData +} + +type IfData struct { + Type uint8 + Addrlen uint8 + Hdrlen uint8 + Link_state uint8 + Mtu uint32 + Metric uint32 + Rdomain uint32 + Baudrate uint64 + Ipackets uint64 + Ierrors uint64 + Opackets uint64 + Oerrors uint64 + Collisions uint64 + Ibytes uint64 + Obytes uint64 + Imcasts uint64 + Omcasts uint64 + Iqdrops uint64 + Oqdrops uint64 + Noproto uint64 + Capabilities uint32 + Lastchange Timeval +} + +type IfaMsghdr struct { + Msglen uint16 + Version uint8 + Type uint8 + Hdrlen uint16 + Index uint16 + Tableid uint16 + Pad1 uint8 + Pad2 uint8 + Addrs int32 + Flags int32 + Metric int32 +} + +type IfAnnounceMsghdr struct { + Msglen uint16 + Version uint8 + Type uint8 + Hdrlen uint16 + Index uint16 + What uint16 + Name [16]int8 +} + +type RtMsghdr struct { + Msglen uint16 + Version uint8 + Type uint8 + Hdrlen uint16 + Index uint16 + Tableid uint16 + Priority uint8 + Mpls uint8 + Addrs int32 + Flags int32 + Fmask int32 + Pid int32 + Seq int32 + Errno int32 + Inits uint32 + Rmx RtMetrics +} + +type RtMetrics struct { + Pksent uint64 + Expire int64 + Locks uint32 + Mtu uint32 + Refcnt uint32 + Hopcount uint32 + Recvpipe uint32 + Sendpipe uint32 + Ssthresh uint32 + Rtt uint32 + Rttvar uint32 + Pad uint32 +} + +type Mclpool struct{} + +const ( + SizeofBpfVersion = 0x4 + SizeofBpfStat = 0x8 + SizeofBpfProgram = 0x10 + SizeofBpfInsn = 0x8 + SizeofBpfHdr = 0x18 +) + +type BpfVersion struct { + Major uint16 + Minor uint16 +} + +type BpfStat struct { + Recv uint32 + Drop uint32 +} + +type BpfProgram struct { + Len uint32 + Insns *BpfInsn +} + +type BpfInsn struct { + Code uint16 + Jt uint8 + Jf uint8 + K uint32 +} + +type BpfHdr struct { + Tstamp BpfTimeval + Caplen uint32 + Datalen uint32 + Hdrlen uint16 + Ifidx uint16 + Flowid uint16 + Flags uint8 + Drops uint8 +} + +type BpfTimeval struct { + Sec uint32 + Usec uint32 +} + +type Termios struct { + Iflag uint32 + Oflag uint32 + Cflag uint32 + Lflag uint32 + Cc [20]uint8 + Ispeed int32 + Ospeed int32 +} + +type Winsize struct { + Row uint16 + Col uint16 + Xpixel uint16 + Ypixel uint16 +} + +const ( + AT_FDCWD = -0x64 + AT_EACCESS = 0x1 + AT_SYMLINK_NOFOLLOW = 0x2 + AT_SYMLINK_FOLLOW = 0x4 + AT_REMOVEDIR = 0x8 +) + +type PollFd struct { + Fd int32 + Events int16 + Revents int16 +} + +const ( + POLLERR = 0x8 + POLLHUP = 0x10 + POLLIN = 0x1 + POLLNVAL = 0x20 + POLLOUT = 0x4 + POLLPRI = 0x2 + POLLRDBAND = 0x80 + POLLRDNORM = 0x40 + POLLWRBAND = 0x100 + POLLWRNORM = 0x4 +) + +type Sigset_t uint32 + +type Utsname struct { + Sysname [256]byte + Nodename [256]byte + Release [256]byte + Version [256]byte + Machine [256]byte +} + +const SizeofUvmexp = 0x158 + +type Uvmexp struct { + Pagesize int32 + Pagemask int32 + Pageshift int32 + Npages int32 + Free int32 + Active int32 + Inactive int32 + Paging int32 + Wired int32 + Zeropages int32 + Reserve_pagedaemon int32 + Reserve_kernel int32 + Unused01 int32 + Vnodepages int32 + Vtextpages int32 + Freemin int32 + Freetarg int32 + Inactarg int32 + Wiredmax int32 + Anonmin int32 + Vtextmin int32 + Vnodemin int32 + Anonminpct int32 + Vtextminpct int32 + Vnodeminpct int32 + Nswapdev int32 + Swpages int32 + Swpginuse int32 + Swpgonly int32 + Nswget int32 + Nanon int32 + Unused05 int32 + Unused06 int32 + Faults int32 + Traps int32 + Intrs int32 + Swtch int32 + Softs int32 + Syscalls int32 + Pageins int32 + Unused07 int32 + Unused08 int32 + Pgswapin int32 + Pgswapout int32 + Forks int32 + Forks_ppwait int32 + Forks_sharevm int32 + Pga_zerohit int32 + Pga_zeromiss int32 + Unused09 int32 + Fltnoram int32 + Fltnoanon int32 + Fltnoamap int32 + Fltpgwait int32 + Fltpgrele int32 + Fltrelck int32 + Fltrelckok int32 + Fltanget int32 + Fltanretry int32 + Fltamcopy int32 + Fltnamap int32 + Fltnomap int32 + Fltlget int32 + Fltget int32 + Flt_anon int32 + Flt_acow int32 + Flt_obj int32 + Flt_prcopy int32 + Flt_przero int32 + Pdwoke int32 + Pdrevs int32 + Pdswout int32 + Pdfreed int32 + Pdscans int32 + Pdanscan int32 + Pdobscan int32 + Pdreact int32 + Pdbusy int32 + Pdpageouts int32 + Pdpending int32 + Pddeact int32 + Unused11 int32 + Unused12 int32 + Unused13 int32 + Fpswtch int32 + Kmapent int32 +} + +const SizeofClockinfo = 0x10 + +type Clockinfo struct { + Hz int32 + Tick int32 + Stathz int32 + Profhz int32 +} diff --git a/vendor/golang.org/x/sys/unix/ztypes_openbsd_riscv64.go b/vendor/golang.org/x/sys/unix/ztypes_openbsd_riscv64.go new file mode 100644 index 00000000000..ddfd27a434a --- /dev/null +++ b/vendor/golang.org/x/sys/unix/ztypes_openbsd_riscv64.go @@ -0,0 +1,571 @@ +// cgo -godefs -- -fsigned-char types_openbsd.go | go run mkpost.go +// Code generated by the command above; see README.md. DO NOT EDIT. + +//go:build riscv64 && openbsd +// +build riscv64,openbsd + +package unix + +const ( + SizeofPtr = 0x8 + SizeofShort = 0x2 + SizeofInt = 0x4 + SizeofLong = 0x8 + SizeofLongLong = 0x8 +) + +type ( + _C_short int16 + _C_int int32 + _C_long int64 + _C_long_long int64 +) + +type Timespec struct { + Sec int64 + Nsec int64 +} + +type Timeval struct { + Sec int64 + Usec int64 +} + +type Rusage struct { + Utime Timeval + Stime Timeval + Maxrss int64 + Ixrss int64 + Idrss int64 + Isrss int64 + Minflt int64 + Majflt int64 + Nswap int64 + Inblock int64 + Oublock int64 + Msgsnd int64 + Msgrcv int64 + Nsignals int64 + Nvcsw int64 + Nivcsw int64 +} + +type Rlimit struct { + Cur uint64 + Max uint64 +} + +type _Gid_t uint32 + +type Stat_t struct { + Mode uint32 + Dev int32 + Ino uint64 + Nlink uint32 + Uid uint32 + Gid uint32 + Rdev int32 + Atim Timespec + Mtim Timespec + Ctim Timespec + Size int64 + Blocks int64 + Blksize int32 + Flags uint32 + Gen uint32 + _ Timespec +} + +type Statfs_t struct { + F_flags uint32 + F_bsize uint32 + F_iosize uint32 + F_blocks uint64 + F_bfree uint64 + F_bavail int64 + F_files uint64 + F_ffree uint64 + F_favail int64 + F_syncwrites uint64 + F_syncreads uint64 + F_asyncwrites uint64 + F_asyncreads uint64 + F_fsid Fsid + F_namemax uint32 + F_owner uint32 + F_ctime uint64 + F_fstypename [16]byte + F_mntonname [90]byte + F_mntfromname [90]byte + F_mntfromspec [90]byte + _ [2]byte + Mount_info [160]byte +} + +type Flock_t struct { + Start int64 + Len int64 + Pid int32 + Type int16 + Whence int16 +} + +type Dirent struct { + Fileno uint64 + Off int64 + Reclen uint16 + Type uint8 + Namlen uint8 + _ [4]uint8 + Name [256]int8 +} + +type Fsid struct { + Val [2]int32 +} + +const ( + PathMax = 0x400 +) + +type RawSockaddrInet4 struct { + Len uint8 + Family uint8 + Port uint16 + Addr [4]byte /* in_addr */ + Zero [8]int8 +} + +type RawSockaddrInet6 struct { + Len uint8 + Family uint8 + Port uint16 + Flowinfo uint32 + Addr [16]byte /* in6_addr */ + Scope_id uint32 +} + +type RawSockaddrUnix struct { + Len uint8 + Family uint8 + Path [104]int8 +} + +type RawSockaddrDatalink struct { + Len uint8 + Family uint8 + Index uint16 + Type uint8 + Nlen uint8 + Alen uint8 + Slen uint8 + Data [24]int8 +} + +type RawSockaddr struct { + Len uint8 + Family uint8 + Data [14]int8 +} + +type RawSockaddrAny struct { + Addr RawSockaddr + Pad [92]int8 +} + +type _Socklen uint32 + +type Linger struct { + Onoff int32 + Linger int32 +} + +type Iovec struct { + Base *byte + Len uint64 +} + +type IPMreq struct { + Multiaddr [4]byte /* in_addr */ + Interface [4]byte /* in_addr */ +} + +type IPv6Mreq struct { + Multiaddr [16]byte /* in6_addr */ + Interface uint32 +} + +type Msghdr struct { + Name *byte + Namelen uint32 + Iov *Iovec + Iovlen uint32 + Control *byte + Controllen uint32 + Flags int32 +} + +type Cmsghdr struct { + Len uint32 + Level int32 + Type int32 +} + +type Inet6Pktinfo struct { + Addr [16]byte /* in6_addr */ + Ifindex uint32 +} + +type IPv6MTUInfo struct { + Addr RawSockaddrInet6 + Mtu uint32 +} + +type ICMPv6Filter struct { + Filt [8]uint32 +} + +const ( + SizeofSockaddrInet4 = 0x10 + SizeofSockaddrInet6 = 0x1c + SizeofSockaddrAny = 0x6c + SizeofSockaddrUnix = 0x6a + SizeofSockaddrDatalink = 0x20 + SizeofLinger = 0x8 + SizeofIovec = 0x10 + SizeofIPMreq = 0x8 + SizeofIPv6Mreq = 0x14 + SizeofMsghdr = 0x30 + SizeofCmsghdr = 0xc + SizeofInet6Pktinfo = 0x14 + SizeofIPv6MTUInfo = 0x20 + SizeofICMPv6Filter = 0x20 +) + +const ( + PTRACE_TRACEME = 0x0 + PTRACE_CONT = 0x7 + PTRACE_KILL = 0x8 +) + +type Kevent_t struct { + Ident uint64 + Filter int16 + Flags uint16 + Fflags uint32 + Data int64 + Udata *byte +} + +type FdSet struct { + Bits [32]uint32 +} + +const ( + SizeofIfMsghdr = 0xa8 + SizeofIfData = 0x90 + SizeofIfaMsghdr = 0x18 + SizeofIfAnnounceMsghdr = 0x1a + SizeofRtMsghdr = 0x60 + SizeofRtMetrics = 0x38 +) + +type IfMsghdr struct { + Msglen uint16 + Version uint8 + Type uint8 + Hdrlen uint16 + Index uint16 + Tableid uint16 + Pad1 uint8 + Pad2 uint8 + Addrs int32 + Flags int32 + Xflags int32 + Data IfData +} + +type IfData struct { + Type uint8 + Addrlen uint8 + Hdrlen uint8 + Link_state uint8 + Mtu uint32 + Metric uint32 + Rdomain uint32 + Baudrate uint64 + Ipackets uint64 + Ierrors uint64 + Opackets uint64 + Oerrors uint64 + Collisions uint64 + Ibytes uint64 + Obytes uint64 + Imcasts uint64 + Omcasts uint64 + Iqdrops uint64 + Oqdrops uint64 + Noproto uint64 + Capabilities uint32 + Lastchange Timeval +} + +type IfaMsghdr struct { + Msglen uint16 + Version uint8 + Type uint8 + Hdrlen uint16 + Index uint16 + Tableid uint16 + Pad1 uint8 + Pad2 uint8 + Addrs int32 + Flags int32 + Metric int32 +} + +type IfAnnounceMsghdr struct { + Msglen uint16 + Version uint8 + Type uint8 + Hdrlen uint16 + Index uint16 + What uint16 + Name [16]int8 +} + +type RtMsghdr struct { + Msglen uint16 + Version uint8 + Type uint8 + Hdrlen uint16 + Index uint16 + Tableid uint16 + Priority uint8 + Mpls uint8 + Addrs int32 + Flags int32 + Fmask int32 + Pid int32 + Seq int32 + Errno int32 + Inits uint32 + Rmx RtMetrics +} + +type RtMetrics struct { + Pksent uint64 + Expire int64 + Locks uint32 + Mtu uint32 + Refcnt uint32 + Hopcount uint32 + Recvpipe uint32 + Sendpipe uint32 + Ssthresh uint32 + Rtt uint32 + Rttvar uint32 + Pad uint32 +} + +type Mclpool struct{} + +const ( + SizeofBpfVersion = 0x4 + SizeofBpfStat = 0x8 + SizeofBpfProgram = 0x10 + SizeofBpfInsn = 0x8 + SizeofBpfHdr = 0x18 +) + +type BpfVersion struct { + Major uint16 + Minor uint16 +} + +type BpfStat struct { + Recv uint32 + Drop uint32 +} + +type BpfProgram struct { + Len uint32 + Insns *BpfInsn +} + +type BpfInsn struct { + Code uint16 + Jt uint8 + Jf uint8 + K uint32 +} + +type BpfHdr struct { + Tstamp BpfTimeval + Caplen uint32 + Datalen uint32 + Hdrlen uint16 + Ifidx uint16 + Flowid uint16 + Flags uint8 + Drops uint8 +} + +type BpfTimeval struct { + Sec uint32 + Usec uint32 +} + +type Termios struct { + Iflag uint32 + Oflag uint32 + Cflag uint32 + Lflag uint32 + Cc [20]uint8 + Ispeed int32 + Ospeed int32 +} + +type Winsize struct { + Row uint16 + Col uint16 + Xpixel uint16 + Ypixel uint16 +} + +const ( + AT_FDCWD = -0x64 + AT_EACCESS = 0x1 + AT_SYMLINK_NOFOLLOW = 0x2 + AT_SYMLINK_FOLLOW = 0x4 + AT_REMOVEDIR = 0x8 +) + +type PollFd struct { + Fd int32 + Events int16 + Revents int16 +} + +const ( + POLLERR = 0x8 + POLLHUP = 0x10 + POLLIN = 0x1 + POLLNVAL = 0x20 + POLLOUT = 0x4 + POLLPRI = 0x2 + POLLRDBAND = 0x80 + POLLRDNORM = 0x40 + POLLWRBAND = 0x100 + POLLWRNORM = 0x4 +) + +type Sigset_t uint32 + +type Utsname struct { + Sysname [256]byte + Nodename [256]byte + Release [256]byte + Version [256]byte + Machine [256]byte +} + +const SizeofUvmexp = 0x158 + +type Uvmexp struct { + Pagesize int32 + Pagemask int32 + Pageshift int32 + Npages int32 + Free int32 + Active int32 + Inactive int32 + Paging int32 + Wired int32 + Zeropages int32 + Reserve_pagedaemon int32 + Reserve_kernel int32 + Unused01 int32 + Vnodepages int32 + Vtextpages int32 + Freemin int32 + Freetarg int32 + Inactarg int32 + Wiredmax int32 + Anonmin int32 + Vtextmin int32 + Vnodemin int32 + Anonminpct int32 + Vtextminpct int32 + Vnodeminpct int32 + Nswapdev int32 + Swpages int32 + Swpginuse int32 + Swpgonly int32 + Nswget int32 + Nanon int32 + Unused05 int32 + Unused06 int32 + Faults int32 + Traps int32 + Intrs int32 + Swtch int32 + Softs int32 + Syscalls int32 + Pageins int32 + Unused07 int32 + Unused08 int32 + Pgswapin int32 + Pgswapout int32 + Forks int32 + Forks_ppwait int32 + Forks_sharevm int32 + Pga_zerohit int32 + Pga_zeromiss int32 + Unused09 int32 + Fltnoram int32 + Fltnoanon int32 + Fltnoamap int32 + Fltpgwait int32 + Fltpgrele int32 + Fltrelck int32 + Fltrelckok int32 + Fltanget int32 + Fltanretry int32 + Fltamcopy int32 + Fltnamap int32 + Fltnomap int32 + Fltlget int32 + Fltget int32 + Flt_anon int32 + Flt_acow int32 + Flt_obj int32 + Flt_prcopy int32 + Flt_przero int32 + Pdwoke int32 + Pdrevs int32 + Pdswout int32 + Pdfreed int32 + Pdscans int32 + Pdanscan int32 + Pdobscan int32 + Pdreact int32 + Pdbusy int32 + Pdpageouts int32 + Pdpending int32 + Pddeact int32 + Unused11 int32 + Unused12 int32 + Unused13 int32 + Fpswtch int32 + Kmapent int32 +} + +const SizeofClockinfo = 0x10 + +type Clockinfo struct { + Hz int32 + Tick int32 + Stathz int32 + Profhz int32 +} diff --git a/vendor/golang.org/x/sys/unix/ztypes_solaris_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_solaris_amd64.go index c1a9b83ad5e..0400747c67d 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_solaris_amd64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_solaris_amd64.go @@ -480,3 +480,38 @@ const ( MOUNTEDOVER = 0x40000000 FILE_EXCEPTION = 0x60000070 ) + +const ( + TUNNEWPPA = 0x540001 + TUNSETPPA = 0x540002 + + I_STR = 0x5308 + I_POP = 0x5303 + I_PUSH = 0x5302 + I_LINK = 0x530c + I_UNLINK = 0x530d + I_PLINK = 0x5316 + I_PUNLINK = 0x5317 + + IF_UNITSEL = -0x7ffb8cca +) + +type strbuf struct { + Maxlen int32 + Len int32 + Buf *int8 +} + +type Strioctl struct { + Cmd int32 + Timout int32 + Len int32 + Dp *int8 +} + +type Lifreq struct { + Name [32]int8 + Lifru1 [4]byte + Type uint32 + Lifru [336]byte +} diff --git a/vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go b/vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go index 4ab638cb94c..aec1efcb306 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go +++ b/vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go @@ -339,7 +339,7 @@ type Statfs_t struct { Flags uint64 } -type Dirent struct { +type direntLE struct { Reclen uint16 Namlen uint16 Ino uint32 @@ -347,6 +347,15 @@ type Dirent struct { Name [256]byte } +type Dirent struct { + Ino uint64 + Off int64 + Reclen uint16 + Type uint8 + Name [256]uint8 + _ [5]byte +} + type FdSet struct { Bits [64]int32 } diff --git a/vendor/golang.org/x/sys/windows/syscall_windows.go b/vendor/golang.org/x/sys/windows/syscall_windows.go index 5f4f0430e99..7a6ba43a7ee 100644 --- a/vendor/golang.org/x/sys/windows/syscall_windows.go +++ b/vendor/golang.org/x/sys/windows/syscall_windows.go @@ -755,7 +755,7 @@ func Utimes(path string, tv []Timeval) (err error) { if e != nil { return e } - defer Close(h) + defer CloseHandle(h) a := NsecToFiletime(tv[0].Nanoseconds()) w := NsecToFiletime(tv[1].Nanoseconds()) return SetFileTime(h, nil, &a, &w) @@ -775,7 +775,7 @@ func UtimesNano(path string, ts []Timespec) (err error) { if e != nil { return e } - defer Close(h) + defer CloseHandle(h) a := NsecToFiletime(TimespecToNsec(ts[0])) w := NsecToFiletime(TimespecToNsec(ts[1])) return SetFileTime(h, nil, &a, &w) diff --git a/vendor/modules.txt b/vendor/modules.txt index eecc87aa800..cd58adc5675 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -68,10 +68,10 @@ github.com/vishvananda/netlink/nl # github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df ## explicit; go 1.12 github.com/vishvananda/netns -# golang.org/x/net v0.0.0-20201224014010-6772e930b67b -## explicit; go 1.11 +# golang.org/x/net v0.1.0 +## explicit; go 1.17 golang.org/x/net/bpf -# golang.org/x/sys v0.0.0-20220928140112-f11e5e49a4ec +# golang.org/x/sys v0.1.0 ## explicit; go 1.17 golang.org/x/sys/execabs golang.org/x/sys/internal/unsafeheader From 783f9ffeeb16ea078a7d1894743a3ade4c5ef6e5 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 3 Nov 2022 15:54:46 -0700 Subject: [PATCH 0117/1176] runc checkpoint: destroy only on success If checkpointing has failed, the container is kept running. We do not want to, and we can't remove it in such case. Do not try to remove the container if there's an error from checkpointing. This avoids an unclear error message from destroy() saying "container still running" or "container paused". While at it, avoid using defer since it does not make a lot of sense here. Fixes: #3577 Reported-by: gosoon Signed-off-by: Kir Kolyshkin --- checkpoint.go | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/checkpoint.go b/checkpoint.go index e52165462a5..b8bfa045d6c 100644 --- a/checkpoint.go +++ b/checkpoint.go @@ -67,10 +67,6 @@ checkpointed.`, return err } - if !(options.LeaveRunning || options.PreDump) { - // destroy container unless we tell CRIU to keep it - defer destroy(container) - } // these are the mandatory criu options for a container if err := setPageServer(context, options); err != nil { return err @@ -81,7 +77,13 @@ checkpointed.`, if err := setEmptyNsMask(context, options); err != nil { return err } - return container.Checkpoint(options) + + err = container.Checkpoint(options) + if err == nil && !(options.LeaveRunning || options.PreDump) { + // Destroy the container unless we tell CRIU to keep it. + destroy(container) + } + return err }, } From e0d3c3e07f0667585d732b58930f397dd934bcd1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 8 Nov 2022 04:10:57 +0000 Subject: [PATCH 0118/1176] build(deps): bump github.com/coreos/go-systemd/v22 from 22.4.0 to 22.5.0 Bumps [github.com/coreos/go-systemd/v22](https://github.com/coreos/go-systemd) from 22.4.0 to 22.5.0. - [Release notes](https://github.com/coreos/go-systemd/releases) - [Commits](https://github.com/coreos/go-systemd/compare/v22.4.0...v22.5.0) --- updated-dependencies: - dependency-name: github.com/coreos/go-systemd/v22 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- vendor/modules.txt | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index 6aba3012de6..a1e5d818251 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( github.com/checkpoint-restore/go-criu/v6 v6.3.0 github.com/cilium/ebpf v0.9.3 github.com/containerd/console v1.0.3 - github.com/coreos/go-systemd/v22 v22.4.0 + github.com/coreos/go-systemd/v22 v22.5.0 github.com/cyphar/filepath-securejoin v0.2.3 github.com/docker/go-units v0.5.0 github.com/godbus/dbus/v5 v5.1.0 diff --git a/go.sum b/go.sum index 8a399d74f7d..3b395258f28 100644 --- a/go.sum +++ b/go.sum @@ -5,8 +5,8 @@ github.com/cilium/ebpf v0.9.3 h1:5KtxXZU+scyERvkJMEm16TbScVvuuMrlhPly78ZMbSc= github.com/cilium/ebpf v0.9.3/go.mod h1:w27N4UjpaQ9X/DGrSugxUG+H+NhgntDuPb5lCzxCn8A= github.com/containerd/console v1.0.3 h1:lIr7SlA5PxZyMV30bDW0MGbiOPXwc63yRuCP0ARubLw= github.com/containerd/console v1.0.3/go.mod h1:7LqA/THxQ86k76b8c/EMSiaJ3h1eZkMkXar0TQ1gf3U= -github.com/coreos/go-systemd/v22 v22.4.0 h1:y9YHcjnjynCd/DVbg5j9L/33jQM3MxJlbj/zWskzfGU= -github.com/coreos/go-systemd/v22 v22.4.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= +github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs= +github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w= github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= diff --git a/vendor/modules.txt b/vendor/modules.txt index b69f84b6ad1..9f88bdf0a8c 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -14,7 +14,7 @@ github.com/cilium/ebpf/link # github.com/containerd/console v1.0.3 ## explicit; go 1.13 github.com/containerd/console -# github.com/coreos/go-systemd/v22 v22.4.0 +# github.com/coreos/go-systemd/v22 v22.5.0 ## explicit; go 1.12 github.com/coreos/go-systemd/v22/activation github.com/coreos/go-systemd/v22/dbus From 467dd23402a61e237574199c404db0e257c1e3ab Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 9 Nov 2022 04:04:06 +0000 Subject: [PATCH 0119/1176] build(deps): bump golang.org/x/sys from 0.1.0 to 0.2.0 Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.1.0 to 0.2.0. - [Release notes](https://github.com/golang/sys/releases) - [Commits](https://github.com/golang/sys/compare/v0.1.0...v0.2.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- vendor/golang.org/x/sys/unix/sockcmsg_unix.go | 14 ++++++++++++++ vendor/golang.org/x/sys/unix/syscall_linux.go | 1 + vendor/modules.txt | 2 +- 5 files changed, 19 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index 64e8911d7db..d992164dd68 100644 --- a/go.mod +++ b/go.mod @@ -20,7 +20,7 @@ require ( github.com/urfave/cli v1.22.9 github.com/vishvananda/netlink v1.1.0 golang.org/x/net v0.1.0 - golang.org/x/sys v0.1.0 + golang.org/x/sys v0.2.0 google.golang.org/protobuf v1.28.1 ) diff --git a/go.sum b/go.sum index 0282886cea0..933412fd2ec 100644 --- a/go.sum +++ b/go.sum @@ -65,8 +65,8 @@ golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.1.0 h1:kunALQeHf1/185U1i0GOB/fy1IPRDDpuoOOqRReG57U= -golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.2.0 h1:ljd4t30dBnAvMZaQCevtY0xLLD0A+bRZXbgLMLU1F/A= +golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= diff --git a/vendor/golang.org/x/sys/unix/sockcmsg_unix.go b/vendor/golang.org/x/sys/unix/sockcmsg_unix.go index 453a942c5db..3865943f6e2 100644 --- a/vendor/golang.org/x/sys/unix/sockcmsg_unix.go +++ b/vendor/golang.org/x/sys/unix/sockcmsg_unix.go @@ -52,6 +52,20 @@ func ParseSocketControlMessage(b []byte) ([]SocketControlMessage, error) { return msgs, nil } +// ParseOneSocketControlMessage parses a single socket control message from b, returning the message header, +// message data (a slice of b), and the remainder of b after that single message. +// When there are no remaining messages, len(remainder) == 0. +func ParseOneSocketControlMessage(b []byte) (hdr Cmsghdr, data []byte, remainder []byte, err error) { + h, dbuf, err := socketControlMessageHeaderAndData(b) + if err != nil { + return Cmsghdr{}, nil, nil, err + } + if i := cmsgAlignOf(int(h.Len)); i < len(b) { + remainder = b[i:] + } + return *h, dbuf, remainder, nil +} + func socketControlMessageHeaderAndData(b []byte) (*Cmsghdr, []byte, error) { h := (*Cmsghdr)(unsafe.Pointer(&b[0])) if h.Len < SizeofCmsghdr || uint64(h.Len) > uint64(len(b)) { diff --git a/vendor/golang.org/x/sys/unix/syscall_linux.go b/vendor/golang.org/x/sys/unix/syscall_linux.go index e044d5b546b..c5a98440eca 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux.go @@ -1554,6 +1554,7 @@ func sendmsgN(fd int, iov []Iovec, oob []byte, ptr unsafe.Pointer, salen _Sockle var iova [1]Iovec iova[0].Base = &dummy iova[0].SetLen(1) + iov = iova[:] } } msg.Control = &oob[0] diff --git a/vendor/modules.txt b/vendor/modules.txt index e7a3c74322a..7d3b5a82ac2 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -71,7 +71,7 @@ github.com/vishvananda/netns # golang.org/x/net v0.1.0 ## explicit; go 1.17 golang.org/x/net/bpf -# golang.org/x/sys v0.1.0 +# golang.org/x/sys v0.2.0 ## explicit; go 1.17 golang.org/x/sys/execabs golang.org/x/sys/internal/unsafeheader From 9f38379308205eb7f07e86349d32d016b6f23b91 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 10 Nov 2022 01:07:13 +0000 Subject: [PATCH 0120/1176] build(deps): bump golang.org/x/net from 0.1.0 to 0.2.0 Bumps [golang.org/x/net](https://github.com/golang/net) from 0.1.0 to 0.2.0. - [Release notes](https://github.com/golang/net/releases) - [Commits](https://github.com/golang/net/compare/v0.1.0...v0.2.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- vendor/modules.txt | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index d992164dd68..7679c5c7ebb 100644 --- a/go.mod +++ b/go.mod @@ -19,7 +19,7 @@ require ( github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 github.com/urfave/cli v1.22.9 github.com/vishvananda/netlink v1.1.0 - golang.org/x/net v0.1.0 + golang.org/x/net v0.2.0 golang.org/x/sys v0.2.0 google.golang.org/protobuf v1.28.1 ) diff --git a/go.sum b/go.sum index 933412fd2ec..4918bc03df8 100644 --- a/go.sum +++ b/go.sum @@ -59,8 +59,8 @@ github.com/vishvananda/netlink v1.1.0 h1:1iyaYNBLmP6L0220aDnYQpo1QEV4t4hJ+xEEhhJ github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE= github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df h1:OviZH7qLw/7ZovXvuNyL3XQl8UFofeikI1NW1Gypu7k= github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU= -golang.org/x/net v0.1.0 h1:hZ/3BUoy5aId7sCpA/Tc5lt8DkFgdVS2onTpJsZ/fl0= -golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= +golang.org/x/net v0.2.0 h1:sZfSu1wtKLGlWI4ZZayP0ck9Y73K1ynO6gqzTdBVdPU= +golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= diff --git a/vendor/modules.txt b/vendor/modules.txt index 7d3b5a82ac2..8fdf4ee33c3 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -68,7 +68,7 @@ github.com/vishvananda/netlink/nl # github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df ## explicit; go 1.12 github.com/vishvananda/netns -# golang.org/x/net v0.1.0 +# golang.org/x/net v0.2.0 ## explicit; go 1.17 golang.org/x/net/bpf # golang.org/x/sys v0.2.0 From 313723fd5f9759d5b287ddf71f223950dbc9f90b Mon Sep 17 00:00:00 2001 From: yaozhenxiu <946666800@qq.com> Date: Fri, 11 Nov 2022 14:50:21 +0800 Subject: [PATCH 0121/1176] fix libcontainer example Signed-off-by: yaozhenxiu <946666800@qq.com> --- libcontainer/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libcontainer/README.md b/libcontainer/README.md index 20a215dc1bd..26f7b25c2ee 100644 --- a/libcontainer/README.md +++ b/libcontainer/README.md @@ -45,7 +45,7 @@ struct describing how the container is to be created. A sample would look simila ```go defaultMountFlags := unix.MS_NOEXEC | unix.MS_NOSUID | unix.MS_NODEV -var devices []*configs.DeviceRule +var devices []*devices.Rule for _, device := range specconv.AllowedDevices { devices = append(devices, &device.Rule) } From ee88b90032419f962e37d888872dbbb3ed8c3258 Mon Sep 17 00:00:00 2001 From: Jonas Eschenburg Date: Thu, 9 Dec 2021 09:32:04 +0100 Subject: [PATCH 0122/1176] notify_socket.go: avoid use of bytes.Buffer Signed-off-by: Jonas Eschenburg --- notify_socket.go | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) diff --git a/notify_socket.go b/notify_socket.go index 28c6c0ae65a..66dae0d63b3 100644 --- a/notify_socket.go +++ b/notify_socket.go @@ -141,18 +141,7 @@ func (n *notifySocket) run(pid1 int) error { return nil } case b := <-fileChan: - var out bytes.Buffer - _, err = out.Write(b) - if err != nil { - return err - } - - _, err = out.Write([]byte{'\n'}) - if err != nil { - return err - } - - _, err = client.Write(out.Bytes()) + _, err = client.Write(append(b, '\n')) if err != nil { return err } From 067ca8f5c8fadc5900c7d8ba3816fa1c6c372382 Mon Sep 17 00:00:00 2001 From: Jonas Eschenburg Date: Mon, 22 Nov 2021 10:04:23 +0100 Subject: [PATCH 0123/1176] notify_socket.go: use sd_notify_barrier mechanism Signed-off-by: Jonas Eschenburg --- notify_socket.go | 89 ++++++++++++++++++++++++++----- notify_socket_test.go | 120 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 197 insertions(+), 12 deletions(-) create mode 100644 notify_socket_test.go diff --git a/notify_socket.go b/notify_socket.go index 66dae0d63b3..559340e5696 100644 --- a/notify_socket.go +++ b/notify_socket.go @@ -2,6 +2,8 @@ package main import ( "bytes" + "errors" + "io" "net" "os" "path" @@ -11,7 +13,9 @@ import ( "github.com/opencontainers/runc/libcontainer" "github.com/opencontainers/runtime-spec/specs-go" + "github.com/sirupsen/logrus" "github.com/urfave/cli" + "golang.org/x/sys/unix" ) type notifySocket struct { @@ -141,18 +145,79 @@ func (n *notifySocket) run(pid1 int) error { return nil } case b := <-fileChan: - _, err = client.Write(append(b, '\n')) - if err != nil { - return err - } - - // now we can inform systemd to use pid1 as the pid to monitor - newPid := "MAINPID=" + strconv.Itoa(pid1) - _, err := client.Write([]byte(newPid + "\n")) - if err != nil { - return err - } - return nil + return notifyHost(client, b, pid1) } } } + +// notifyHost tells the host (usually systemd) that the container reported READY. +// Also sends MAINPID and BARRIER. +func notifyHost(client *net.UnixConn, ready []byte, pid1 int) error { + _, err := client.Write(append(ready, '\n')) + if err != nil { + return err + } + + // now we can inform systemd to use pid1 as the pid to monitor + newPid := "MAINPID=" + strconv.Itoa(pid1) + _, err = client.Write([]byte(newPid + "\n")) + if err != nil { + return err + } + + // wait for systemd to acknowledge the communication + return sdNotifyBarrier(client) +} + +// errUnexpectedRead is reported when actual data was read from the pipe used +// to synchronize with systemd. Usually, that pipe is only closed. +var errUnexpectedRead = errors.New("unexpected read from synchronization pipe") + +// sdNotifyBarrier performs synchronization with systemd by means of the sd_notify_barrier protocol. +func sdNotifyBarrier(client *net.UnixConn) error { + // Create a pipe for communicating with systemd daemon. + pipeR, pipeW, err := os.Pipe() + if err != nil { + return err + } + + // Get the FD for the unix socket file to be able to do perform syscall.Sendmsg. + clientFd, err := client.File() + if err != nil { + return err + } + + // Send the write end of the pipe along with a BARRIER=1 message. + fdRights := unix.UnixRights(int(pipeW.Fd())) + err = unix.Sendmsg(int(clientFd.Fd()), []byte("BARRIER=1"), fdRights, nil, 0) + if err != nil { + return &os.SyscallError{Syscall: "sendmsg", Err: err} + } + + // Close our copy of pipeW. + err = pipeW.Close() + if err != nil { + return err + } + + // Expect the read end of the pipe to be closed after 30 seconds. + err = pipeR.SetReadDeadline(time.Now().Add(30 * time.Second)) + if err != nil { + return nil + } + + // Read a single byte expecting EOF. + var buf [1]byte + n, err := pipeR.Read(buf[:]) + if n != 0 || err == nil { + return errUnexpectedRead + } else if errors.Is(err, os.ErrDeadlineExceeded) { + // Probably the other end doesn't support the sd_notify_barrier protocol. + logrus.Warn("Timeout after waiting 30s for barrier. Ignored.") + return nil + } else if err == io.EOF { //nolint:errorlint // comparison with io.EOF is legit. + return nil + } else { + return err + } +} diff --git a/notify_socket_test.go b/notify_socket_test.go new file mode 100644 index 00000000000..81210851d3b --- /dev/null +++ b/notify_socket_test.go @@ -0,0 +1,120 @@ +package main + +import ( + "bytes" + "io" + "net" + "testing" + "time" + + "golang.org/x/sys/unix" +) + +// TestNotifyHost tests how runc reports container readiness to the host (usually systemd). +func TestNotifyHost(t *testing.T) { + addr := net.UnixAddr{ + Name: t.TempDir() + "/testsocket", + Net: "unixgram", + } + + server, err := net.ListenUnixgram("unixgram", &addr) + if err != nil { + t.Fatal(err) + } + defer server.Close() + + client, err := net.DialUnix("unixgram", nil, &addr) + if err != nil { + t.Fatal(err) + } + defer client.Close() + + // run notifyHost in a separate goroutine + notifyHostChan := make(chan error) + go func() { + notifyHostChan <- notifyHost(client, []byte("READY=42"), 1337) + }() + + // mock a host process listening for runc's notifications + expectRead(t, server, "READY=42\n") + expectRead(t, server, "MAINPID=1337\n") + expectBarrier(t, server, notifyHostChan) +} + +func expectRead(t *testing.T, r io.Reader, expected string) { + var buf [1024]byte + n, err := r.Read(buf[:]) + if err != nil { + t.Fatal(err) + } + if !bytes.Equal(buf[:n], []byte(expected)) { + t.Fatalf("Expected to read '%s' but runc sent '%s' instead", expected, buf[:n]) + } +} + +func expectBarrier(t *testing.T, conn *net.UnixConn, notifyHostChan <-chan error) { + var msg, oob [1024]byte + n, oobn, _, _, err := conn.ReadMsgUnix(msg[:], oob[:]) + if err != nil { + t.Fatal("Failed to receive BARRIER message", err) + } + if !bytes.Equal(msg[:n], []byte("BARRIER=1")) { + t.Fatalf("Expected to receive 'BARRIER=1' but got '%s' instead.", msg[:n]) + } + + fd := mustExtractFd(t, oob[:oobn]) + + // Test whether notifyHost actually honors the barrier + timer := time.NewTimer(500 * time.Millisecond) + select { + case <-timer.C: + // this is the expected case + break + case <-notifyHostChan: + t.Fatal("runc has terminated before barrier was lifted") + } + + // Lift the barrier + err = unix.Close(fd) + if err != nil { + t.Fatal(err) + } + + // Expect notifyHost to terminate now + err = <-notifyHostChan + if err != nil { + t.Fatal("notifyHost function returned with error", err) + } +} + +func mustExtractFd(t *testing.T, buf []byte) int { + cmsgs, err := unix.ParseSocketControlMessage(buf) + if err != nil { + t.Fatal("Failed to parse control message", err) + } + + fd := 0 + seenScmRights := false + for _, cmsg := range cmsgs { + if cmsg.Header.Type != unix.SCM_RIGHTS { + continue + } + if seenScmRights { + t.Fatal("Expected to see exactly one SCM_RIGHTS message, but got a second one") + } + seenScmRights = true + fds, err := unix.ParseUnixRights(&cmsg) + if err != nil { + t.Fatal("Failed to parse SCM_RIGHTS message", err) + } + if len(fds) != 1 { + t.Fatal("Expected to read exactly one file descriptor, but got", len(fds)) + } + fd = fds[0] + } + if !seenScmRights { + t.Fatal("Control messages didn't contain an SCM_RIGHTS message") + } + + return fd +} From 9fc707e70335044090d5885a9c85ef5fdacdf120 Mon Sep 17 00:00:00 2001 From: Vipul Newaskar Date: Sun, 13 Nov 2022 23:46:12 +0530 Subject: [PATCH 0124/1176] Fixed init state error variable Init State Error message was using the err variable instead of uerr, which has been fixed now. The error message should not show "nil" now. Signed-off-by: Vipul Newaskar --- libcontainer/process_linux.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libcontainer/process_linux.go b/libcontainer/process_linux.go index ea3223ae0d7..ba2990a951b 100644 --- a/libcontainer/process_linux.go +++ b/libcontainer/process_linux.go @@ -548,7 +548,7 @@ func (p *initProcess) start() (retErr error) { // procRun sync. state, uerr := p.container.updateState(p) if uerr != nil { - return fmt.Errorf("unable to store init state: %w", err) + return fmt.Errorf("unable to store init state: %w", uerr) } p.container.initProcessStartTime = state.InitProcessStartTime From 8e9128ffcebccffaff375a54eb8df8158fdb0eb5 Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Fri, 18 Nov 2022 09:27:57 +0900 Subject: [PATCH 0125/1176] Vagrantfile.fedora: upgrade Fedora to 37 Signed-off-by: Akihiro Suda --- Vagrantfile.fedora | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Vagrantfile.fedora b/Vagrantfile.fedora index 7d35e3861d1..d99ba38c7e5 100644 --- a/Vagrantfile.fedora +++ b/Vagrantfile.fedora @@ -3,7 +3,7 @@ Vagrant.configure("2") do |config| # Fedora box is used for testing cgroup v2 support - config.vm.box = "fedora/36-cloud-base" + config.vm.box = "fedora/37-cloud-base" config.vm.provider :virtualbox do |v| v.memory = 2048 v.cpus = 2 From ab8480893ee1402a959d59b2684c2a49c25a23bd Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 1 Sep 2022 16:05:04 -0700 Subject: [PATCH 0126/1176] types/features: fix docstrings Fix a few copy-paste errors. Fixes: 520702dac Signed-off-by: Kir Kolyshkin --- types/features/features.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/types/features/features.go b/types/features/features.go index c6269ca6306..b9371daaa00 100644 --- a/types/features/features.go +++ b/types/features/features.go @@ -53,11 +53,11 @@ type Seccomp struct { // Nil value means "unknown", not "no support for any action". Actions []string `json:"actions,omitempty"` - // Operators is the list of the recognized actions, e.g., "SCMP_CMP_NE". + // Operators is the list of the recognized operators, e.g., "SCMP_CMP_NE". // Nil value means "unknown", not "no support for any operator". Operators []string `json:"operators,omitempty"` - // Operators is the list of the recognized archs, e.g., "SCMP_ARCH_X86_64". + // Archs is the list of the recognized archs, e.g., "SCMP_ARCH_X86_64". // Nil value means "unknown", not "no support for any arch". Archs []string `json:"archs,omitempty"` } From 076745a40fb6b8d84d2a31f038e987b1fdbc4b8c Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 2 Sep 2022 12:20:54 -0700 Subject: [PATCH 0127/1176] runc features: add seccomp filter flags Amend runc features to print seccomp flags. Two set of flags are added: * known flags are those that this version of runc is aware of; * supported flags are those that can be set; normally, this is the same set as known flags, but due to older version of kernel and/or libseccomp, some known flags might be unsupported. This commit also consolidates three different switch statements dealing with flags into one, in func setFlag. A note is added to this function telling what else to look for when adding new flags. Unfortunately, it also adds a list of known flags, that should be kept in sync with the switch statement. Signed-off-by: Kir Kolyshkin --- features.go | 10 ++- libcontainer/seccomp/config.go | 37 ++++++++ libcontainer/seccomp/patchbpf/enosys_linux.go | 1 + libcontainer/seccomp/seccomp_linux.go | 84 ++++++++++++++----- libcontainer/seccomp/seccomp_unsupported.go | 6 ++ libcontainer/specconv/spec_linux.go | 10 +-- types/features/features.go | 10 +++ 7 files changed, 127 insertions(+), 31 deletions(-) diff --git a/features.go b/features.go index c9cd15cd09d..c86adc0a266 100644 --- a/features.go +++ b/features.go @@ -59,10 +59,12 @@ var featuresCommand = cli.Command{ if seccomp.Enabled { feat.Linux.Seccomp = &features.Seccomp{ - Enabled: &tru, - Actions: seccomp.KnownActions(), - Operators: seccomp.KnownOperators(), - Archs: seccomp.KnownArchs(), + Enabled: &tru, + Actions: seccomp.KnownActions(), + Operators: seccomp.KnownOperators(), + Archs: seccomp.KnownArchs(), + KnownFlags: seccomp.KnownFlags(), + SupportedFlags: seccomp.SupportedFlags(), } major, minor, patch := seccomp.Version() feat.Annotations[features.AnnotationLibseccompVersion] = fmt.Sprintf("%d.%d.%d", major, minor, patch) diff --git a/libcontainer/seccomp/config.go b/libcontainer/seccomp/config.go index 2b15576ac90..3ca03ed8a30 100644 --- a/libcontainer/seccomp/config.go +++ b/libcontainer/seccomp/config.go @@ -5,8 +5,13 @@ import ( "sort" "github.com/opencontainers/runc/libcontainer/configs" + "github.com/opencontainers/runtime-spec/specs-go" ) +// flagTsync is recognized but ignored by runc, and it is not defined +// in the runtime-spec. +const flagTsync = "SECCOMP_FILTER_FLAG_TSYNC" + var operators = map[string]configs.Operator{ "SCMP_CMP_NE": configs.NotEqualTo, "SCMP_CMP_LT": configs.LessThan, @@ -111,3 +116,35 @@ func ConvertStringToArch(in string) (string, error) { } return "", fmt.Errorf("string %s is not a valid arch for seccomp", in) } + +// List of flags known to this version of runc. +var flags = []string{ + flagTsync, + string(specs.LinuxSeccompFlagSpecAllow), + string(specs.LinuxSeccompFlagLog), +} + +// KnownFlags returns the list of the known filter flags. +// Used by `runc features`. +func KnownFlags() []string { + return flags +} + +// SupportedFlags returns the list of the supported filter flags. +// This list may be a subset of one returned by KnownFlags due to +// some flags not supported by the current kernel and/or libseccomp. +// Used by `runc features`. +func SupportedFlags() []string { + if !Enabled { + return nil + } + + var res []string + for _, flag := range flags { + if FlagSupported(specs.LinuxSeccompFlag(flag)) == nil { + res = append(res, flag) + } + } + + return res +} diff --git a/libcontainer/seccomp/patchbpf/enosys_linux.go b/libcontainer/seccomp/patchbpf/enosys_linux.go index 1427f261d93..7fc9fd662c3 100644 --- a/libcontainer/seccomp/patchbpf/enosys_linux.go +++ b/libcontainer/seccomp/patchbpf/enosys_linux.go @@ -643,6 +643,7 @@ func filterFlags(config *configs.Seccomp, filter *libseccomp.ScmpFilter) (flags flags |= uint(C.C_FILTER_FLAG_SPEC_ALLOW) } } + // XXX: add newly supported filter flags above this line. for _, call := range config.Syscalls { if call.Action == configs.Notify { diff --git a/libcontainer/seccomp/seccomp_linux.go b/libcontainer/seccomp/seccomp_linux.go index 0cdb2f561fe..ffa79cdf105 100644 --- a/libcontainer/seccomp/seccomp_linux.go +++ b/libcontainer/seccomp/seccomp_linux.go @@ -87,27 +87,10 @@ func InitSeccomp(config *configs.Seccomp) (int, error) { } } - // Add extra flags + // Add extra flags. for _, flag := range config.Flags { - switch flag { - case "SECCOMP_FILTER_FLAG_TSYNC": - // libseccomp-golang always use filterAttrTsync when - // possible so all goroutines will receive the same - // rules, so there is nothing to do. It does not make - // sense to apply the seccomp filter on only one - // thread; other threads will be terminated after exec - // anyway. - case specs.LinuxSeccompFlagLog: - if err := filter.SetLogBit(true); err != nil { - return -1, fmt.Errorf("error adding log flag to seccomp filter: %w", err) - } - case specs.LinuxSeccompFlagSpecAllow: - if err := filter.SetSSB(true); err != nil { - return -1, fmt.Errorf("error adding SSB flag to seccomp filter: %w", err) - } - // NOTE when adding more flags, make sure to also modify filterFlags in patchbpf. - default: - return -1, fmt.Errorf("seccomp flags %q not yet supported by runc", flag) + if err := setFlag(filter, flag); err != nil { + return -1, err } } @@ -149,6 +132,67 @@ func InitSeccomp(config *configs.Seccomp) (int, error) { return seccompFd, nil } +type unknownFlagError struct { + flag specs.LinuxSeccompFlag +} + +func (e *unknownFlagError) Error() string { + return "seccomp flag " + string(e.flag) + " is not known to runc" +} + +func setFlag(filter *libseccomp.ScmpFilter, flag specs.LinuxSeccompFlag) error { + switch flag { + case flagTsync: + // libseccomp-golang always use filterAttrTsync when + // possible so all goroutines will receive the same + // rules, so there is nothing to do. It does not make + // sense to apply the seccomp filter on only one + // thread; other threads will be terminated after exec + // anyway. + return nil + case specs.LinuxSeccompFlagLog: + if err := filter.SetLogBit(true); err != nil { + return fmt.Errorf("error adding log flag to seccomp filter: %w", err) + } + return nil + case specs.LinuxSeccompFlagSpecAllow: + if err := filter.SetSSB(true); err != nil { + return fmt.Errorf("error adding SSB flag to seccomp filter: %w", err) + } + return nil + } + // NOTE when adding more flags above, do not forget to also: + // - add new flags to `flags` slice in config.go; + // - add new flags to tests/integration/seccomp.bats flags test; + // - modify func filterFlags in patchbpf/ accordingly. + + return &unknownFlagError{flag: flag} +} + +// FlagSupported checks if the flag is known to runc and supported by +// currently used libseccomp and kernel (i.e. it can be set). +func FlagSupported(flag specs.LinuxSeccompFlag) error { + filter := &libseccomp.ScmpFilter{} + err := setFlag(filter, flag) + + // For flags we don't know, setFlag returns unknownFlagError. + var uf *unknownFlagError + if errors.As(err, &uf) { + return err + } + // For flags that are known to runc and libseccomp-golang but can not + // be applied because either libseccomp or the kernel is too old, + // seccomp.VersionError is returned. + var verErr *libseccomp.VersionError + if errors.As(err, &verErr) { + // Not supported by libseccomp or the kernel. + return err + } + + // All other flags are known and supported. + return nil +} + // Convert Libcontainer Action to Libseccomp ScmpAction func getAction(act configs.Action, errnoRet *uint) (libseccomp.ScmpAction, error) { switch act { diff --git a/libcontainer/seccomp/seccomp_unsupported.go b/libcontainer/seccomp/seccomp_unsupported.go index be2b324e057..885529dc7d0 100644 --- a/libcontainer/seccomp/seccomp_unsupported.go +++ b/libcontainer/seccomp/seccomp_unsupported.go @@ -7,6 +7,7 @@ import ( "errors" "github.com/opencontainers/runc/libcontainer/configs" + "github.com/opencontainers/runtime-spec/specs-go" ) var ErrSeccompNotEnabled = errors.New("seccomp: config provided but seccomp not supported") @@ -19,6 +20,11 @@ func InitSeccomp(config *configs.Seccomp) (int, error) { return -1, nil } +// FlagSupported tells if a provided seccomp flag is supported. +func FlagSupported(_ specs.LinuxSeccompFlag) error { + return ErrSeccompNotEnabled +} + // Version returns major, minor, and micro. func Version() (uint, uint, uint) { return 0, 0, 0 diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go index 4b32f286e44..b4a001320b8 100644 --- a/libcontainer/specconv/spec_linux.go +++ b/libcontainer/specconv/spec_linux.go @@ -1026,14 +1026,10 @@ func SetupSeccomp(config *specs.LinuxSeccomp) (*configs.Seccomp, error) { // The list of flags defined in runtime-spec is a subset of the flags // in the seccomp() syscall for _, flag := range config.Flags { - switch flag { - case "SECCOMP_FILTER_FLAG_TSYNC": - // Tsync can be silently ignored - case specs.LinuxSeccompFlagLog, specs.LinuxSeccompFlagSpecAllow: - newConfig.Flags = append(newConfig.Flags, flag) - default: - return nil, fmt.Errorf("seccomp flag %q not yet supported by runc", flag) + if err := seccomp.FlagSupported(flag); err != nil { + return nil, err } + newConfig.Flags = append(newConfig.Flags, flag) } if len(config.Architectures) > 0 { diff --git a/types/features/features.go b/types/features/features.go index b9371daaa00..4ea629eeaf4 100644 --- a/types/features/features.go +++ b/types/features/features.go @@ -60,6 +60,16 @@ type Seccomp struct { // Archs is the list of the recognized archs, e.g., "SCMP_ARCH_X86_64". // Nil value means "unknown", not "no support for any arch". Archs []string `json:"archs,omitempty"` + + // KnownFlags is the list of the recognized filter flags, e.g., "SECCOMP_FILTER_FLAG_LOG". + // Nil value means "unknown", not "no flags are recognized". + KnownFlags []string `json:"knownFlags,omitempty"` + + // SupportedFlags is the list of the supported filter flags, e.g., "SECCOMP_FILTER_FLAG_LOG". + // This list may be a subset of KnownFlags due to some flags + // not supported by the current kernel and/or libseccomp. + // Nil value means "unknown", not "no flags are supported". + SupportedFlags []string `json:"supportedFlags,omitempty"` } // Apparmor represents the "apparmor" field. From ac04154f0b136ad3f8636acb8ed29431b7bddd83 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 30 Aug 2022 12:05:02 -0700 Subject: [PATCH 0128/1176] seccomp: set SPEC_ALLOW by default If no seccomps flags are set in OCI runtime spec (not even the empty set), set SPEC_ALLOW as the default (if it's supported). Otherwise, use the flags as they are set (that includes no flags for empty seccomp.Flags array). This mimics the crun behavior, and makes runc seccomp performance on par with crun. Signed-off-by: Kir Kolyshkin --- libcontainer/specconv/spec_linux.go | 20 +++++++++++++++----- tests/integration/seccomp.bats | 2 +- 2 files changed, 16 insertions(+), 6 deletions(-) diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go index b4a001320b8..0d53b20275f 100644 --- a/libcontainer/specconv/spec_linux.go +++ b/libcontainer/specconv/spec_linux.go @@ -1024,12 +1024,22 @@ func SetupSeccomp(config *specs.LinuxSeccomp) (*configs.Seccomp, error) { newConfig.Syscalls = []*configs.Syscall{} // The list of flags defined in runtime-spec is a subset of the flags - // in the seccomp() syscall - for _, flag := range config.Flags { - if err := seccomp.FlagSupported(flag); err != nil { - return nil, err + // in the seccomp() syscall. + if config.Flags == nil { + // No flags are set explicitly (not even the empty set); + // set the default of specs.LinuxSeccompFlagSpecAllow, + // if it is supported by the libseccomp and the kernel. + if err := seccomp.FlagSupported(specs.LinuxSeccompFlagSpecAllow); err == nil { + newConfig.Flags = []specs.LinuxSeccompFlag{specs.LinuxSeccompFlagSpecAllow} + } + } else { + // Fail early if some flags are unknown or unsupported. + for _, flag := range config.Flags { + if err := seccomp.FlagSupported(flag); err != nil { + return nil, err + } + newConfig.Flags = append(newConfig.Flags, flag) } - newConfig.Flags = append(newConfig.Flags, flag) } if len(config.Architectures) > 0 { diff --git a/tests/integration/seccomp.bats b/tests/integration/seccomp.bats index 2babf69047d..b0fdf85c345 100644 --- a/tests/integration/seccomp.bats +++ b/tests/integration/seccomp.bats @@ -80,7 +80,7 @@ function teardown() { }' declare -A FLAGS=( - ['REMOVE']=0 # No setting, use built-in default. + ['REMOVE']=4 # No setting, use built-in default. ['EMPTY']=0 # Empty set of flags. ['"SECCOMP_FILTER_FLAG_LOG"']=2 ['"SECCOMP_FILTER_FLAG_SPEC_ALLOW"']=4 From 19a9d9fc9e3530f483a7f121ae28f3f5764d8522 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 27 Sep 2022 18:33:32 -0700 Subject: [PATCH 0129/1176] tests/int: use runc features in seccomp flags test This test (initially added by commit 58ea21daefea8e3447d and later amended in commit 26dc55ef1a56ea0279) currently has two major deficiencies: 1. All possible flag combinations, and their respective numeric values, have to be explicitly listed. Currently we support 3 flags, so there is only 2^3 - 1 = 7 combinations, but adding more flags will become increasingly difficult (for example, 5 flags will result in 31 combinations). 2. The test requires kernel 4.17 (for SECCOMP_FILTER_FLAG_SPEC_ALLOW), and not doing any tests when running on an older kernel. This, too, will make it more difficult to add extra flags in the future. Both issues can be solved by using runc features which now prints all known and supported runc flags. We still have to hardcode the numeric values of all flags, but most of the other work is coded now. In particular: * The test only uses supported flags, meaning it can be used with older kernels, removing the limitation (2) above. * The test calculates the powerset (all possible combinations) of flags and their numeric values. This makes it easier to add more flags, removing the limitation (1) above. * The test will fail (in flags_value) if any new flags will be added to runc but the test itself is not amended. Signed-off-by: Kir Kolyshkin --- libcontainer/seccomp/seccomp_linux.go | 2 +- tests/integration/seccomp.bats | 70 +++++++++++++++++++++------ 2 files changed, 55 insertions(+), 17 deletions(-) diff --git a/libcontainer/seccomp/seccomp_linux.go b/libcontainer/seccomp/seccomp_linux.go index ffa79cdf105..fed02bcedc4 100644 --- a/libcontainer/seccomp/seccomp_linux.go +++ b/libcontainer/seccomp/seccomp_linux.go @@ -163,7 +163,7 @@ func setFlag(filter *libseccomp.ScmpFilter, flag specs.LinuxSeccompFlag) error { } // NOTE when adding more flags above, do not forget to also: // - add new flags to `flags` slice in config.go; - // - add new flags to tests/integration/seccomp.bats flags test; + // - add new flag values to flags_value() in tests/integration/seccomp.bats; // - modify func filterFlags in patchbpf/ accordingly. return &unknownFlagError{flag: flag} diff --git a/tests/integration/seccomp.bats b/tests/integration/seccomp.bats index b0fdf85c345..897c7ca8357 100644 --- a/tests/integration/seccomp.bats +++ b/tests/integration/seccomp.bats @@ -66,11 +66,32 @@ function teardown() { [[ "$output" == *"Network is down"* ]] } -@test "runc run [seccomp] (SECCOMP_FILTER_FLAG_*)" { - # Linux 4.14: SECCOMP_FILTER_FLAG_LOG - # Linux 4.17: SECCOMP_FILTER_FLAG_SPEC_ALLOW - requires_kernel 4.17 +# Prints the numeric value of provided seccomp flags combination. +# The parameter is flags string, as supplied in OCI spec, for example +# '"SECCOMP_FILTER_FLAG_TSYNC","SECCOMP_FILTER_FLAG_LOG"'. +function flags_value() { + # Numeric values of seccomp flags. + declare -A values=( + ['"SECCOMP_FILTER_FLAG_TSYNC"']=0 # Supported but ignored by runc, thus 0. + ['"SECCOMP_FILTER_FLAG_LOG"']=2 + ['"SECCOMP_FILTER_FLAG_SPEC_ALLOW"']=4 + # XXX: add new values above this line. + ) + # Split the flags. + IFS=',' read -ra flags <<<"$1" + + local flag v sum=0 + for flag in "${flags[@]}"; do + # This will produce "values[$flag]: unbound variable" + # error for a new flag yet unknown to the test. + v=${values[$flag]} + ((sum += v)) || true + done + + echo $sum +} +@test "runc run [seccomp] (SECCOMP_FILTER_FLAG_*)" { update_config ' .process.args = ["/bin/sh", "-c", "mkdir /dev/shm/foo"] | .process.noNewPrivileges = false | .linux.seccomp = { @@ -79,18 +100,35 @@ function teardown() { "syscalls":[{"names":["mkdir", "mkdirat"], "action":"SCMP_ACT_ERRNO"}] }' - declare -A FLAGS=( - ['REMOVE']=4 # No setting, use built-in default. - ['EMPTY']=0 # Empty set of flags. - ['"SECCOMP_FILTER_FLAG_LOG"']=2 - ['"SECCOMP_FILTER_FLAG_SPEC_ALLOW"']=4 - ['"SECCOMP_FILTER_FLAG_TSYNC"']=0 # tsync flag is ignored. - ['"SECCOMP_FILTER_FLAG_LOG","SECCOMP_FILTER_FLAG_SPEC_ALLOW"']=6 - ['"SECCOMP_FILTER_FLAG_LOG","SECCOMP_FILTER_FLAG_TSYNC"']=2 - ['"SECCOMP_FILTER_FLAG_SPEC_ALLOW","SECCOMP_FILTER_FLAG_TSYNC"']=4 - ['"SECCOMP_FILTER_FLAG_LOG","SECCOMP_FILTER_FLAG_SPEC_ALLOW","SECCOMP_FILTER_FLAG_TSYNC"']=6 + # Get the list of flags supported by runc/seccomp/kernel, + # or "null" if no flags are supported or runc is too old. + mapfile -t flags < <(__runc features | jq -c '.linux.seccomp.supportedFlags' | + tr -d '[]\n' | tr ',' '\n') + + # This is a set of all possible flag combinations to test. + declare -A TEST_CASES=( + ['EMPTY']=0 # Special value: empty set of flags. + ['REMOVE']=0 # Special value: no flags set. ) - for key in "${!FLAGS[@]}"; do + + # If supported, runc should set SPEC_ALLOW if no flags are set. + if [[ " ${flags[*]} " == *' "SECCOMP_FILTER_FLAG_SPEC_ALLOW" '* ]]; then + TEST_CASES['REMOVE']=$(flags_value '"SECCOMP_FILTER_FLAG_SPEC_ALLOW"') + fi + + # Add all possible combinations of seccomp flags + # and their expected numeric values to TEST_CASES. + if [ "${flags[0]}" != "null" ]; then + # Use shell {a,}{b,}{c,} to generate the powerset. + for fc in $(eval echo "$(printf "{'%s,',}" "${flags[@]}")"); do + # Remove the last comma. + fc="${fc/%,/}" + TEST_CASES[$fc]=$(flags_value "$fc") + done + fi + + # Finally, run the tests. + for key in "${!TEST_CASES[@]}"; do case "$key" in 'REMOVE') update_config ' del(.linux.seccomp.flags)' @@ -108,7 +146,7 @@ function teardown() { [[ "$output" == *"mkdir:"*"/dev/shm/foo"*"Operation not permitted"* ]] # Check the numeric flags value, as printed in the debug log, is as expected. - exp="\"seccomp filter flags: ${FLAGS[$key]}\"" + exp="\"seccomp filter flags: ${TEST_CASES[$key]}\"" echo "flags $key, expecting $exp" [[ "$output" == *"$exp"* ]] done From 4f2af60520c9f36d711b50deaf282a76c2d53ee3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 8 Dec 2022 04:04:47 +0000 Subject: [PATCH 0130/1176] build(deps): bump golang.org/x/net from 0.2.0 to 0.4.0 Bumps [golang.org/x/net](https://github.com/golang/net) from 0.2.0 to 0.4.0. - [Release notes](https://github.com/golang/net/releases) - [Commits](https://github.com/golang/net/compare/v0.2.0...v0.4.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 4 ++-- go.sum | 8 ++++---- vendor/golang.org/x/sys/execabs/execabs_go119.go | 8 +++++--- vendor/golang.org/x/sys/windows/syscall_windows.go | 1 + vendor/golang.org/x/sys/windows/zsyscall_windows.go | 7 +++++++ vendor/modules.txt | 4 ++-- 6 files changed, 21 insertions(+), 11 deletions(-) diff --git a/go.mod b/go.mod index 7679c5c7ebb..579930e8575 100644 --- a/go.mod +++ b/go.mod @@ -19,8 +19,8 @@ require ( github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 github.com/urfave/cli v1.22.9 github.com/vishvananda/netlink v1.1.0 - golang.org/x/net v0.2.0 - golang.org/x/sys v0.2.0 + golang.org/x/net v0.4.0 + golang.org/x/sys v0.3.0 google.golang.org/protobuf v1.28.1 ) diff --git a/go.sum b/go.sum index 4918bc03df8..1785a186d9f 100644 --- a/go.sum +++ b/go.sum @@ -59,14 +59,14 @@ github.com/vishvananda/netlink v1.1.0 h1:1iyaYNBLmP6L0220aDnYQpo1QEV4t4hJ+xEEhhJ github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE= github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df h1:OviZH7qLw/7ZovXvuNyL3XQl8UFofeikI1NW1Gypu7k= github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU= -golang.org/x/net v0.2.0 h1:sZfSu1wtKLGlWI4ZZayP0ck9Y73K1ynO6gqzTdBVdPU= -golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= +golang.org/x/net v0.4.0 h1:Q5QPcMlvfxFTAPV0+07Xz/MpK9NTXu2VDUuy0FeMfaU= +golang.org/x/net v0.4.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.2.0 h1:ljd4t30dBnAvMZaQCevtY0xLLD0A+bRZXbgLMLU1F/A= -golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.3.0 h1:w8ZOecv6NaNa/zC8944JTU3vz4u6Lagfk4RPQxv92NQ= +golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= diff --git a/vendor/golang.org/x/sys/execabs/execabs_go119.go b/vendor/golang.org/x/sys/execabs/execabs_go119.go index 1e7a9ada0b0..46c5b525e7b 100644 --- a/vendor/golang.org/x/sys/execabs/execabs_go119.go +++ b/vendor/golang.org/x/sys/execabs/execabs_go119.go @@ -7,9 +7,11 @@ package execabs -import "strings" +import ( + "errors" + "os/exec" +) func isGo119ErrDot(err error) bool { - // TODO: return errors.Is(err, exec.ErrDot) - return strings.Contains(err.Error(), "current directory") + return errors.Is(err, exec.ErrDot) } diff --git a/vendor/golang.org/x/sys/windows/syscall_windows.go b/vendor/golang.org/x/sys/windows/syscall_windows.go index 7a6ba43a7ee..a49853e9d3a 100644 --- a/vendor/golang.org/x/sys/windows/syscall_windows.go +++ b/vendor/golang.org/x/sys/windows/syscall_windows.go @@ -367,6 +367,7 @@ func NewCallbackCDecl(fn interface{}) uintptr { //sys IsWindowUnicode(hwnd HWND) (isUnicode bool) = user32.IsWindowUnicode //sys IsWindowVisible(hwnd HWND) (isVisible bool) = user32.IsWindowVisible //sys GetGUIThreadInfo(thread uint32, info *GUIThreadInfo) (err error) = user32.GetGUIThreadInfo +//sys GetLargePageMinimum() (size uintptr) // Volume Management Functions //sys DefineDosDevice(flags uint32, deviceName *uint16, targetPath *uint16) (err error) = DefineDosDeviceW diff --git a/vendor/golang.org/x/sys/windows/zsyscall_windows.go b/vendor/golang.org/x/sys/windows/zsyscall_windows.go index 96ba8559c37..ac60052e44a 100644 --- a/vendor/golang.org/x/sys/windows/zsyscall_windows.go +++ b/vendor/golang.org/x/sys/windows/zsyscall_windows.go @@ -252,6 +252,7 @@ var ( procGetFileType = modkernel32.NewProc("GetFileType") procGetFinalPathNameByHandleW = modkernel32.NewProc("GetFinalPathNameByHandleW") procGetFullPathNameW = modkernel32.NewProc("GetFullPathNameW") + procGetLargePageMinimum = modkernel32.NewProc("GetLargePageMinimum") procGetLastError = modkernel32.NewProc("GetLastError") procGetLogicalDriveStringsW = modkernel32.NewProc("GetLogicalDriveStringsW") procGetLogicalDrives = modkernel32.NewProc("GetLogicalDrives") @@ -2180,6 +2181,12 @@ func GetFullPathName(path *uint16, buflen uint32, buf *uint16, fname **uint16) ( return } +func GetLargePageMinimum() (size uintptr) { + r0, _, _ := syscall.Syscall(procGetLargePageMinimum.Addr(), 0, 0, 0, 0) + size = uintptr(r0) + return +} + func GetLastError() (lasterr error) { r0, _, _ := syscall.Syscall(procGetLastError.Addr(), 0, 0, 0, 0) if r0 != 0 { diff --git a/vendor/modules.txt b/vendor/modules.txt index 8fdf4ee33c3..a98a4dc492b 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -68,10 +68,10 @@ github.com/vishvananda/netlink/nl # github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df ## explicit; go 1.12 github.com/vishvananda/netns -# golang.org/x/net v0.2.0 +# golang.org/x/net v0.4.0 ## explicit; go 1.17 golang.org/x/net/bpf -# golang.org/x/sys v0.2.0 +# golang.org/x/sys v0.3.0 ## explicit; go 1.17 golang.org/x/sys/execabs golang.org/x/sys/internal/unsafeheader From ff3b4f3bb4a5d1adf0de646b73eee495e1cf9a69 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 1 Aug 2022 15:44:44 -0700 Subject: [PATCH 0131/1176] restore: fix ignoring --manage-cgroups-mode Merge the logic of setPageServer, setManageCgroupsMode, and setEmptyNsMask into criuOptions. This does three things: 1. Fixes ignoring --manage-cgroups-mode on restore; 2. Simplifies the code in checkpoint.go and restore.go; 3. Ensures issues like 1 won't happen again. Signed-off-by: Kir Kolyshkin --- checkpoint.go | 86 ++++++++++++++++++++++++++++----------------------- restore.go | 28 ----------------- 2 files changed, 47 insertions(+), 67 deletions(-) diff --git a/checkpoint.go b/checkpoint.go index b8bfa045d6c..ac32bbb50d6 100644 --- a/checkpoint.go +++ b/checkpoint.go @@ -67,17 +67,6 @@ checkpointed.`, return err } - // these are the mandatory criu options for a container - if err := setPageServer(context, options); err != nil { - return err - } - if err := setManageCgroupsMode(context, options); err != nil { - return err - } - if err := setEmptyNsMask(context, options); err != nil { - return err - } - err = container.Checkpoint(options) if err == nil && !(options.LeaveRunning || options.PreDump) { // Destroy the container unless we tell CRIU to keep it. @@ -119,59 +108,78 @@ func prepareImagePaths(context *cli.Context) (string, string, error) { return imagePath, parentPath, nil } -func setPageServer(context *cli.Context, options *libcontainer.CriuOpts) error { - // xxx following criu opts are optional - // The dump image can be sent to a criu page server +func criuOptions(context *cli.Context) (*libcontainer.CriuOpts, error) { + imagePath, parentPath, err := prepareImagePaths(context) + if err != nil { + return nil, err + } + + opts := &libcontainer.CriuOpts{ + ImagesDirectory: imagePath, + WorkDirectory: context.String("work-path"), + ParentImage: parentPath, + LeaveRunning: context.Bool("leave-running"), + TcpEstablished: context.Bool("tcp-established"), + ExternalUnixConnections: context.Bool("ext-unix-sk"), + ShellJob: context.Bool("shell-job"), + FileLocks: context.Bool("file-locks"), + PreDump: context.Bool("pre-dump"), + AutoDedup: context.Bool("auto-dedup"), + LazyPages: context.Bool("lazy-pages"), + StatusFd: context.Int("status-fd"), + LsmProfile: context.String("lsm-profile"), + LsmMountContext: context.String("lsm-mount-context"), + } + + // CRIU options below may or may not be set. + if psOpt := context.String("page-server"); psOpt != "" { address, port, err := net.SplitHostPort(psOpt) if err != nil || address == "" || port == "" { - return errors.New("Use --page-server ADDRESS:PORT to specify page server") + return nil, errors.New("Use --page-server ADDRESS:PORT to specify page server") } portInt, err := strconv.Atoi(port) if err != nil { - return errors.New("Invalid port number") + return nil, errors.New("Invalid port number") } - options.PageServer = libcontainer.CriuPageServerInfo{ + opts.PageServer = libcontainer.CriuPageServerInfo{ Address: address, Port: int32(portInt), } } - return nil -} -func setManageCgroupsMode(context *cli.Context, options *libcontainer.CriuOpts) error { if cgOpt := context.String("manage-cgroups-mode"); cgOpt != "" { switch cgOpt { case "soft": - options.ManageCgroupsMode = criu.CriuCgMode_SOFT + opts.ManageCgroupsMode = criu.CriuCgMode_SOFT case "full": - options.ManageCgroupsMode = criu.CriuCgMode_FULL + opts.ManageCgroupsMode = criu.CriuCgMode_FULL case "strict": - options.ManageCgroupsMode = criu.CriuCgMode_STRICT + opts.ManageCgroupsMode = criu.CriuCgMode_STRICT default: - return errors.New("Invalid manage cgroups mode") + return nil, errors.New("Invalid manage cgroups mode") } } - return nil -} -var namespaceMapping = map[specs.LinuxNamespaceType]int{ - specs.NetworkNamespace: unix.CLONE_NEWNET, -} - -func setEmptyNsMask(context *cli.Context, options *libcontainer.CriuOpts) error { - /* Runc doesn't manage network devices and their configuration */ + // runc doesn't manage network devices and their configuration. nsmask := unix.CLONE_NEWNET - for _, ns := range context.StringSlice("empty-ns") { - f, exists := namespaceMapping[specs.LinuxNamespaceType(ns)] - if !exists { - return fmt.Errorf("namespace %q is not supported", ns) + if context.IsSet("empty-ns") { + namespaceMapping := map[specs.LinuxNamespaceType]int{ + specs.NetworkNamespace: unix.CLONE_NEWNET, + } + + for _, ns := range context.StringSlice("empty-ns") { + f, exists := namespaceMapping[specs.LinuxNamespaceType(ns)] + if !exists { + return nil, fmt.Errorf("namespace %q is not supported", ns) + } + nsmask |= f } - nsmask |= f } - options.EmptyNs = uint32(nsmask) - return nil + opts.EmptyNs = uint32(nsmask) + + return opts, nil } diff --git a/restore.go b/restore.go index ccd1b232bc9..30ce89a2d9a 100644 --- a/restore.go +++ b/restore.go @@ -3,7 +3,6 @@ package main import ( "os" - "github.com/opencontainers/runc/libcontainer" "github.com/opencontainers/runc/libcontainer/userns" "github.com/sirupsen/logrus" "github.com/urfave/cli" @@ -113,9 +112,6 @@ using the runc checkpoint command.`, if err != nil { return err } - if err := setEmptyNsMask(context, options); err != nil { - return err - } status, err := startContainer(context, CT_ACT_RESTORE, options) if err != nil { return err @@ -126,27 +122,3 @@ using the runc checkpoint command.`, return nil }, } - -func criuOptions(context *cli.Context) (*libcontainer.CriuOpts, error) { - imagePath, parentPath, err := prepareImagePaths(context) - if err != nil { - return nil, err - } - - return &libcontainer.CriuOpts{ - ImagesDirectory: imagePath, - WorkDirectory: context.String("work-path"), - ParentImage: parentPath, - LeaveRunning: context.Bool("leave-running"), - TcpEstablished: context.Bool("tcp-established"), - ExternalUnixConnections: context.Bool("ext-unix-sk"), - ShellJob: context.Bool("shell-job"), - FileLocks: context.Bool("file-locks"), - PreDump: context.Bool("pre-dump"), - AutoDedup: context.Bool("auto-dedup"), - LazyPages: context.Bool("lazy-pages"), - StatusFd: context.Int("status-fd"), - LsmProfile: context.String("lsm-profile"), - LsmMountContext: context.String("lsm-mount-context"), - }, nil -} From 212d25e853adb4194e05a124ce81ee50d8dd6b16 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 1 Aug 2022 16:02:48 -0700 Subject: [PATCH 0132/1176] checkpoint/restore: add --manage-cgroups-mode ignore - add the new mode and document it; - slightly improve the --help output; - slightly simplify the parsing code. Signed-off-by: Kir Kolyshkin --- checkpoint.go | 26 ++++++++++++++------------ man/runc-checkpoint.8.md | 2 +- man/runc-restore.8.md | 2 +- restore.go | 2 +- 4 files changed, 17 insertions(+), 15 deletions(-) diff --git a/checkpoint.go b/checkpoint.go index ac32bbb50d6..a8a27f248bc 100644 --- a/checkpoint.go +++ b/checkpoint.go @@ -38,7 +38,7 @@ checkpointed.`, cli.StringFlag{Name: "page-server", Value: "", Usage: "ADDRESS:PORT of the page server"}, cli.BoolFlag{Name: "file-locks", Usage: "handle file locks, for safety"}, cli.BoolFlag{Name: "pre-dump", Usage: "dump container's memory information only, leave the container running after this"}, - cli.StringFlag{Name: "manage-cgroups-mode", Value: "", Usage: "cgroups mode: 'soft' (default), 'full' and 'strict'"}, + cli.StringFlag{Name: "manage-cgroups-mode", Value: "", Usage: "cgroups mode: soft|full|strict|ignore (default: soft)"}, cli.StringSliceFlag{Name: "empty-ns", Usage: "create a namespace, but don't restore its properties"}, cli.BoolFlag{Name: "auto-dedup", Usage: "enable auto deduplication of memory images"}, }, @@ -149,17 +149,19 @@ func criuOptions(context *cli.Context) (*libcontainer.CriuOpts, error) { } } - if cgOpt := context.String("manage-cgroups-mode"); cgOpt != "" { - switch cgOpt { - case "soft": - opts.ManageCgroupsMode = criu.CriuCgMode_SOFT - case "full": - opts.ManageCgroupsMode = criu.CriuCgMode_FULL - case "strict": - opts.ManageCgroupsMode = criu.CriuCgMode_STRICT - default: - return nil, errors.New("Invalid manage cgroups mode") - } + switch context.String("manage-cgroups-mode") { + case "": + // do nothing + case "soft": + opts.ManageCgroupsMode = criu.CriuCgMode_SOFT + case "full": + opts.ManageCgroupsMode = criu.CriuCgMode_FULL + case "strict": + opts.ManageCgroupsMode = criu.CriuCgMode_STRICT + case "ignore": + opts.ManageCgroupsMode = criu.CriuCgMode_IGNORE + default: + return nil, errors.New("Invalid manage-cgroups-mode value") } // runc doesn't manage network devices and their configuration. diff --git a/man/runc-checkpoint.8.md b/man/runc-checkpoint.8.md index 373259d4ccf..a7dad29d3b3 100644 --- a/man/runc-checkpoint.8.md +++ b/man/runc-checkpoint.8.md @@ -57,7 +57,7 @@ together with **criu lazy-pages**. See : Do a pre-dump, i.e. dump container's memory information only, leaving the container running. See [criu iterative migration](https://criu.org/Iterative_migration). -**--manage-cgroups-mode** **soft**|**full**|**strict**. +**--manage-cgroups-mode** **soft**|**full**|**strict**|**ignore**. : Cgroups mode. Default is **soft**. See [criu --manage-cgroups option](https://criu.org/CLI/opt/--manage-cgroups). diff --git a/man/runc-restore.8.md b/man/runc-restore.8.md index a2b3da6c6fa..4f9d55f443a 100644 --- a/man/runc-restore.8.md +++ b/man/runc-restore.8.md @@ -37,7 +37,7 @@ image files directory. : Allow checkpoint/restore of file locks. See [criu --file-locks option](https://criu.org/CLI/opt/--file-locks). -**--manage-cgroups-mode** **soft**|**full**|**strict**. +**--manage-cgroups-mode** **soft**|**full**|**strict**|**ignore**. : Cgroups mode. Default is **soft**. See [criu --manage-cgroups option](https://criu.org/CLI/opt/--manage-cgroups). diff --git a/restore.go b/restore.go index 30ce89a2d9a..d65afcfc788 100644 --- a/restore.go +++ b/restore.go @@ -52,7 +52,7 @@ using the runc checkpoint command.`, cli.StringFlag{ Name: "manage-cgroups-mode", Value: "", - Usage: "cgroups mode: 'soft' (default), 'full' and 'strict'", + Usage: "cgroups mode: soft|full|strict|ignore (default: soft)", }, cli.StringFlag{ Name: "bundle, b", From 3438ef30b259fa4a7b11e2cd6eb496696318b886 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 1 Aug 2022 16:05:00 -0700 Subject: [PATCH 0133/1176] restore: fix --manage-cgroups-mode ignore on cgroup v2 When manage-cgroups-mode: ignore is used, criu still needs to know the cgroup path to work properly (see [1]). Revert "libct/criuApplyCgroups: don't set cgroup paths for v2" This reverts commit d5c57dcea6d8b19c0f87fc0a212d3020215af06e. [1]: https://github.com/checkpoint-restore/criu/issues/1793#issuecomment-1086675168 Signed-off-by: Kir Kolyshkin --- libcontainer/container_linux.go | 5 ----- 1 file changed, 5 deletions(-) diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index c099e458aed..a3f4c44f8b4 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -1560,11 +1560,6 @@ func (c *Container) criuApplyCgroups(pid int, req *criurpc.CriuReq) error { return err } - if cgroups.IsCgroup2UnifiedMode() { - return nil - } - // the stuff below is cgroupv1-specific - path := fmt.Sprintf("/proc/%d/cgroup", pid) cgroupsPaths, err := cgroups.ParseCgroupFile(path) if err != nil { From e8cf8783d1245a7ffd86e88d42da1532a324e5c4 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 1 Aug 2022 16:29:08 -0700 Subject: [PATCH 0134/1176] libct/criuApplyCgroups: add a TODO I don't want to implement it now, because this might result in some new issues, but this is definitely something that is worth implementing. Signed-off-by: Kir Kolyshkin --- libcontainer/container_linux.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index a3f4c44f8b4..b498e33bce2 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -1560,6 +1560,8 @@ func (c *Container) criuApplyCgroups(pid int, req *criurpc.CriuReq) error { return err } + // TODO(@kolyshkin): should we use c.cgroupManager.GetPaths() + // instead of reading /proc/pid/cgroup? path := fmt.Sprintf("/proc/%d/cgroup", pid) cgroupsPaths, err := cgroups.ParseCgroupFile(path) if err != nil { From d4582ae2f1956ed0be25658ed54a89ce431a1942 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 1 Aug 2022 18:15:58 -0700 Subject: [PATCH 0135/1176] tests/int: add "--manage-cgroups-mode ignore" test This test checks that the container is restored into a different cgroup. To do so, a user should - use --manage-cgroups-mode ignore on both checkpoint and restore; - change the cgroupsPath value in config.json before restoring. The test does some checks to ensure that its logic is correct, and that after the restore the old (original) cgroup does not exist, the new one exists, and the container's init is in that new cgroup. Signed-off-by: Kir Kolyshkin --- tests/integration/checkpoint.bats | 41 +++++++++++++++++++++++++++++++ tests/integration/helpers.bash | 30 +++++++++++++--------- 2 files changed, 60 insertions(+), 11 deletions(-) diff --git a/tests/integration/checkpoint.bats b/tests/integration/checkpoint.bats index 615ef8cb65f..fe351e7476a 100644 --- a/tests/integration/checkpoint.bats +++ b/tests/integration/checkpoint.bats @@ -405,3 +405,44 @@ function simple_cr() { # busybox should be back up and running testcontainer test_busybox running } + +@test "checkpoint then restore into a different cgroup (via --manage-cgroups-mode ignore)" { + set_resources_limit + set_cgroups_path + runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox + [ "$status" -eq 0 ] + testcontainer test_busybox running + + local orig_path + orig_path=$(get_cgroup_path "pids") + # Check that the cgroup exists. + test -d "$orig_path" + + runc checkpoint --work-path ./work-dir --manage-cgroups-mode ignore test_busybox + grep -B 5 Error ./work-dir/dump.log || true + [ "$status" -eq 0 ] + testcontainer test_busybox checkpointed + # Check that the cgroup is gone. + ! test -d "$orig_path" + + # Restore into a different cgroup. + set_cgroups_path # Changes the path. + runc restore -d --manage-cgroups-mode ignore --pid-file pid \ + --work-path ./work-dir --console-socket "$CONSOLE_SOCKET" test_busybox + grep -B 5 Error ./work-dir/restore.log || true + [ "$status" -eq 0 ] + testcontainer test_busybox running + + # Check that the old cgroup path doesn't exist. + ! test -d "$orig_path" + + # Check that the new path exists. + local new_path + new_path=$(get_cgroup_path "pids") + test -d "$new_path" + + # Check that container's init is in the new cgroup. + local pid + pid=$(cat "pid") + grep -q "${REL_CGROUPS_PATH}$" "/proc/$pid/cgroup" +} diff --git a/tests/integration/helpers.bash b/tests/integration/helpers.bash index a9b70ffd887..f07996450b7 100644 --- a/tests/integration/helpers.bash +++ b/tests/integration/helpers.bash @@ -232,19 +232,27 @@ function set_cgroups_path() { update_config '.linux.cgroupsPath |= "'"${OCI_CGROUPS_PATH}"'"' } -# Get a value from a cgroup file. -function get_cgroup_value() { - local source=$1 - local cgroup var current - +# Get a path to cgroup directory, based on controller name. +# Parameters: +# $1: controller name (like "pids") or a file name (like "pids.max"). +function get_cgroup_path() { if [ -v CGROUP_V2 ]; then - cgroup=$CGROUP_PATH - else - var=${source%%.*} # controller name (e.g. memory) - var=CGROUP_${var^^}_BASE_PATH # variable name (e.g. CGROUP_MEMORY_BASE_PATH) - eval cgroup=\$"${var}${REL_CGROUPS_PATH}" + echo "$CGROUP_PATH" + return fi - cat "$cgroup/$source" + + local var cgroup + var=${1%%.*} # controller name (e.g. memory) + var=CGROUP_${var^^}_BASE_PATH # variable name (e.g. CGROUP_MEMORY_BASE_PATH) + eval cgroup=\$"${var}${REL_CGROUPS_PATH}" + echo "$cgroup" +} + +# Get a value from a cgroup file. +function get_cgroup_value() { + local cgroup + cgroup="$(get_cgroup_path "$1")" + cat "$cgroup/$1" } # Helper to check a if value in a cgroup file matches the expected one. From 683528783e38bb058c680bc8fa472b6a778f5904 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 4 Aug 2022 11:56:15 -0700 Subject: [PATCH 0136/1176] man/runc-restore: describe restore into different cgroup Signed-off-by: Kir Kolyshkin --- man/runc-restore.8.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/man/runc-restore.8.md b/man/runc-restore.8.md index 4f9d55f443a..eab50db9717 100644 --- a/man/runc-restore.8.md +++ b/man/runc-restore.8.md @@ -41,6 +41,11 @@ image files directory. : Cgroups mode. Default is **soft**. See [criu --manage-cgroups option](https://criu.org/CLI/opt/--manage-cgroups). +: In particular, to restore the container into a different cgroup, +**--manage-cgroups-mode ignore** must be used during both +**checkpoint** and **restore**, and the _container_id_ (or +**cgroupsPath** property in OCI config, if set) must be changed. + **--bundle**|**-b** _path_ : Path to the root of the bundle directory. Default is current directory. From c4aa452b18ae1c47596d6ce7623c90ff22fa9dcd Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 4 Aug 2022 11:57:31 -0700 Subject: [PATCH 0137/1176] tests/int/checkpoint: fix lazy migration flakiness When doing a lazy checkpoint/restore, we should not restore into the same cgroup, otherwise there is a race which result in occasional killing of the restored container (GH #2760, #2924). The fix is to use --manage-cgroup-mode=ignore, which allows to restore into a different cgroup. Note that since cgroupsPath is not set in config.json, the cgroup is derived from the container name, so calling set_cgroups_path is not needed. For the previous (unsuccessful) attempt to fix this, as well as detailed (and apparently correct) analysis, see commit 36fe3cc28c35d7157dc8b. Signed-off-by: Kir Kolyshkin --- tests/integration/checkpoint.bats | 25 ++++++++++++++++++------- 1 file changed, 18 insertions(+), 7 deletions(-) diff --git a/tests/integration/checkpoint.bats b/tests/integration/checkpoint.bats index fe351e7476a..0a8e58a2c9c 100644 --- a/tests/integration/checkpoint.bats +++ b/tests/integration/checkpoint.bats @@ -224,7 +224,14 @@ function simple_cr() { # TCP port for lazy migration port=27277 - __runc checkpoint --lazy-pages --page-server 0.0.0.0:${port} --status-fd ${lazy_w} --work-path ./work-dir --image-path ./image-dir test_busybox & + __runc checkpoint \ + --lazy-pages \ + --page-server 0.0.0.0:${port} \ + --status-fd ${lazy_w} \ + --manage-cgroups-mode=ignore \ + --work-path ./work-dir \ + --image-path ./image-dir \ + test_busybox & cpt_pid=$! # wait for lazy page server to be ready @@ -246,14 +253,18 @@ function simple_cr() { lp_pid=$! # Restore lazily from checkpoint. - # The restored container needs a different name (as well as systemd - # unit name, in case systemd cgroup driver is used) as the checkpointed - # container is not yet destroyed. It is only destroyed at that point - # in time when the last page is lazily transferred to the destination. + # + # The restored container needs a different name and a different cgroup + # (and a different systemd unit name, in case systemd cgroup driver is + # used) as the checkpointed container is not yet destroyed. It is only + # destroyed at that point in time when the last page is lazily + # transferred to the destination. + # # Killing the CRIU on the checkpoint side will let the container # continue to run if the migration failed at some point. - [ -v RUNC_USE_SYSTEMD ] && set_cgroups_path - runc_restore_with_pipes ./image-dir test_busybox_restore --lazy-pages + runc_restore_with_pipes ./image-dir test_busybox_restore \ + --lazy-pages \ + --manage-cgroups-mode=ignore wait $cpt_pid From 15677e7b030498fb0483a924d6597f4e5faf2bd0 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 26 Jul 2022 13:17:18 -0700 Subject: [PATCH 0138/1176] ci: fix delete.bats for GHA MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit A couple of test cases in delete.bats check that a particular cgroup exists (or doesn't exist) using find. This is now resulting in errors like these: find: ‘/sys/fs/cgroup/blkio/azsec’: Permission denied find: ‘/sys/fs/cgroup/blkio/azsec_clamav’: Permission denied find: ‘/sys/fs/cgroup/cpu,cpuacct/azsec’: Permission denied find: ‘/sys/fs/cgroup/cpu,cpuacct/azsec_clamav’: Permission denied find: ‘/sys/fs/cgroup/memory/azsec’: Permission denied find: ‘/sys/fs/cgroup/memory/azsec_clamav’: Permission denied leading to test case failures. Apparently, GHA runs something else on a test box, so we get this. To fix, ignore non-zero exit code from find, and redirect its stderr to /dev/null. Signed-off-by: Kir Kolyshkin --- tests/integration/delete.bats | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/integration/delete.bats b/tests/integration/delete.bats index d8e02f939bf..9b95b845a83 100644 --- a/tests/integration/delete.bats +++ b/tests/integration/delete.bats @@ -23,7 +23,7 @@ function teardown() { testcontainer testbusyboxdelete running # Ensure the find statement used later is correct. - output=$(find /sys/fs/cgroup -name testbusyboxdelete -o -name \*-testbusyboxdelete.scope) + output=$(find /sys/fs/cgroup -name testbusyboxdelete -o -name \*-testbusyboxdelete.scope 2>/dev/null || true) if [ -z "$output" ]; then fail "expected cgroup not found" fi @@ -38,7 +38,7 @@ function teardown() { runc state testbusyboxdelete [ "$status" -ne 0 ] - output=$(find /sys/fs/cgroup -name testbusyboxdelete -o -name \*-testbusyboxdelete.scope) + output=$(find /sys/fs/cgroup -name testbusyboxdelete -o -name \*-testbusyboxdelete.scope 2>/dev/null || true) [ "$output" = "" ] || fail "cgroup not cleaned up correctly: $output" } @@ -118,7 +118,7 @@ EOF runc state test_busybox [ "$status" -ne 0 ] - output=$(find /sys/fs/cgroup -wholename '*testbusyboxdelete*' -type d) + output=$(find /sys/fs/cgroup -wholename '*testbusyboxdelete*' -type d 2>/dev/null || true) [ "$output" = "" ] || fail "cgroup not cleaned up correctly: $output" } From b44da4c05f4972e19bb16a91aec2e3a0e089b516 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 14 Apr 2022 11:46:15 -0700 Subject: [PATCH 0139/1176] libct: validateID: stop using regexp Replace a regex with a simple for loop. Document the function. Signed-off-by: Kir Kolyshkin --- libcontainer/factory_linux.go | 44 +++++++++++++++++++++++++++++++---- 1 file changed, 40 insertions(+), 4 deletions(-) diff --git a/libcontainer/factory_linux.go b/libcontainer/factory_linux.go index cd39ca38fae..b8d2d9c287d 100644 --- a/libcontainer/factory_linux.go +++ b/libcontainer/factory_linux.go @@ -5,7 +5,6 @@ import ( "errors" "fmt" "os" - "regexp" "runtime/debug" "strconv" @@ -27,8 +26,6 @@ const ( execFifoFilename = "exec.fifo" ) -var idRegex = regexp.MustCompile(`^[\w+-\.]+$`) - // Create creates a new container with the given id inside a given state // directory (root), and returns a Container object. // @@ -260,8 +257,47 @@ func loadState(root string) (*State, error) { return state, nil } +// validateID checks if the supplied container ID is valid, returning +// the ErrInvalidID in case it is not. +// +// The format of valid ID was never formally defined, instead the code +// was modified to allow or disallow specific characters. +// +// Currently, a valid ID is a non-empty string consisting only of +// the following characters: +// - uppercase (A-Z) and lowercase (a-z) Latin letters; +// - digits (0-9); +// - underscore (_); +// - plus sign (+); +// - minus sign (-); +// - period (.). +// +// In addition, IDs that can't be used to represent a file name +// (such as . or ..) are rejected. + func validateID(id string) error { - if !idRegex.MatchString(id) || string(os.PathSeparator)+id != utils.CleanPath(string(os.PathSeparator)+id) { + if len(id) < 1 { + return ErrInvalidID + } + + // Allowed characters: 0-9 A-Z a-z _ + - . + for i := 0; i < len(id); i++ { + c := id[i] + switch { + case c >= 'a' && c <= 'z': + case c >= 'A' && c <= 'Z': + case c >= '0' && c <= '9': + case c == '_': + case c == '+': + case c == '-': + case c == '.': + default: + return ErrInvalidID + } + + } + + if string(os.PathSeparator)+id != utils.CleanPath(string(os.PathSeparator)+id) { return ErrInvalidID } From 0ac98807c3d058f2bccd7f4ac7abdd1dbddbdbf7 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 14 Apr 2022 12:19:39 -0700 Subject: [PATCH 0140/1176] libct/cg/sd: stop using regex, fix systemdVersionAtoi Rewrite systemdVersionAtoi to not use regexp, and fix two issues: 1. It was returning 0 (rather than -1) for some errors. 2. The comment was saying that the input string is without quotes, while in fact it is. Note the new function, similar to the old one, works on input either with or without quotes. Amend the test to add test cases without quotes. Signed-off-by: Kir Kolyshkin --- libcontainer/cgroups/systemd/common.go | 27 +++++++++++--------- libcontainer/cgroups/systemd/systemd_test.go | 7 +++-- 2 files changed, 20 insertions(+), 14 deletions(-) diff --git a/libcontainer/cgroups/systemd/common.go b/libcontainer/cgroups/systemd/common.go index 0c3562e6bfe..2f0767b2fd8 100644 --- a/libcontainer/cgroups/systemd/common.go +++ b/libcontainer/cgroups/systemd/common.go @@ -6,7 +6,6 @@ import ( "fmt" "math" "os" - "regexp" "strconv" "strings" "sync" @@ -231,18 +230,22 @@ func systemdVersion(cm *dbusConnManager) int { return version } -func systemdVersionAtoi(verStr string) (int, error) { - // verStr should be of the form: - // "v245.4-1.fc32", "245", "v245-1.fc32", "245-1.fc32" (without quotes). - // The result for all of the above should be 245. - // Thus, we unconditionally remove the "v" prefix - // and then match on the first integer we can grab. - re := regexp.MustCompile(`v?([0-9]+)`) - matches := re.FindStringSubmatch(verStr) - if len(matches) < 2 { - return 0, fmt.Errorf("can't parse version %s: incorrect number of matches %v", verStr, matches) +// systemdVersionAtoi extracts a numeric systemd version from the argument. +// The argument should be of the form: "v245.4-1.fc32", "245", "v245-1.fc32", +// "245-1.fc32" (with or without quotes). The result for all of the above +// should be 245. +func systemdVersionAtoi(str string) (int, error) { + // Unconditionally remove the leading prefix ("v). + str = strings.TrimLeft(str, `"v`) + // Match on the first integer we can grab. + for i := 0; i < len(str); i++ { + if str[i] < '0' || str[i] > '9' { + // First non-digit: cut the tail. + str = str[:i] + break + } } - ver, err := strconv.Atoi(matches[1]) + ver, err := strconv.Atoi(str) if err != nil { return -1, fmt.Errorf("can't parse version: %w", err) } diff --git a/libcontainer/cgroups/systemd/systemd_test.go b/libcontainer/cgroups/systemd/systemd_test.go index d280a3090aa..40584f78eba 100644 --- a/libcontainer/cgroups/systemd/systemd_test.go +++ b/libcontainer/cgroups/systemd/systemd_test.go @@ -35,8 +35,11 @@ func TestSystemdVersion(t *testing.T) { {`"v245.4-1.fc32"`, 245, false}, {`"241-1"`, 241, false}, {`"v241-1"`, 241, false}, - {"NaN", 0, true}, - {"", 0, true}, + {`333.45"`, 333, false}, + {`v321-0`, 321, false}, + {"NaN", -1, true}, + {"", -1, true}, + {"v", -1, true}, } for _, sdTest := range systemdVersionTests { ver, err := systemdVersionAtoi(sdTest.verStr) From eacada763001cb9e810316d4921c5ee9439f7a4b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 5 Jan 2023 04:08:48 +0000 Subject: [PATCH 0141/1176] build(deps): bump golang.org/x/net from 0.4.0 to 0.5.0 Bumps [golang.org/x/net](https://github.com/golang/net) from 0.4.0 to 0.5.0. - [Release notes](https://github.com/golang/net/releases) - [Commits](https://github.com/golang/net/compare/v0.4.0...v0.5.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 4 +- go.sum | 8 +- vendor/golang.org/x/sys/unix/gccgo.go | 4 +- vendor/golang.org/x/sys/unix/gccgo_c.c | 4 +- vendor/golang.org/x/sys/unix/ioctl.go | 4 +- vendor/golang.org/x/sys/unix/mkall.sh | 4 +- .../x/sys/unix/syscall_dragonfly.go | 1 + .../golang.org/x/sys/unix/syscall_freebsd.go | 1 + vendor/golang.org/x/sys/unix/syscall_hurd.go | 22 + .../golang.org/x/sys/unix/syscall_hurd_386.go | 29 + vendor/golang.org/x/sys/unix/syscall_linux.go | 50 +- .../golang.org/x/sys/unix/syscall_netbsd.go | 15 + .../golang.org/x/sys/unix/syscall_openbsd.go | 1 + .../x/sys/unix/syscall_openbsd_libc.go | 4 +- .../golang.org/x/sys/unix/syscall_solaris.go | 1 + vendor/golang.org/x/sys/unix/syscall_unix.go | 55 +- .../x/sys/unix/zerrors_openbsd_386.go | 356 ++++++-- .../x/sys/unix/zerrors_openbsd_amd64.go | 189 +++- .../x/sys/unix/zerrors_openbsd_arm.go | 348 ++++++-- .../x/sys/unix/zerrors_openbsd_arm64.go | 160 +++- .../x/sys/unix/zerrors_openbsd_mips64.go | 95 +- .../x/sys/unix/zsyscall_dragonfly_amd64.go | 10 + .../x/sys/unix/zsyscall_freebsd_386.go | 10 + .../x/sys/unix/zsyscall_freebsd_amd64.go | 10 + .../x/sys/unix/zsyscall_freebsd_arm.go | 10 + .../x/sys/unix/zsyscall_freebsd_arm64.go | 10 + .../x/sys/unix/zsyscall_freebsd_riscv64.go | 10 + .../x/sys/unix/zsyscall_netbsd_386.go | 10 + .../x/sys/unix/zsyscall_netbsd_amd64.go | 10 + .../x/sys/unix/zsyscall_netbsd_arm.go | 10 + .../x/sys/unix/zsyscall_netbsd_arm64.go | 10 + .../x/sys/unix/zsyscall_openbsd_386.go | 14 + .../x/sys/unix/zsyscall_openbsd_386.s | 137 +-- .../x/sys/unix/zsyscall_openbsd_amd64.go | 14 + .../x/sys/unix/zsyscall_openbsd_amd64.s | 137 +-- .../x/sys/unix/zsyscall_openbsd_arm.go | 14 + .../x/sys/unix/zsyscall_openbsd_arm.s | 137 +-- .../x/sys/unix/zsyscall_openbsd_arm64.go | 14 + .../x/sys/unix/zsyscall_openbsd_arm64.s | 137 +-- .../x/sys/unix/zsyscall_openbsd_mips64.go | 812 +++++++++++++++--- .../x/sys/unix/zsyscall_openbsd_mips64.s | 669 +++++++++++++++ .../x/sys/unix/zsyscall_openbsd_ppc64.go | 14 + .../x/sys/unix/zsyscall_openbsd_ppc64.s | 6 + .../x/sys/unix/zsyscall_openbsd_riscv64.go | 14 + .../x/sys/unix/zsyscall_openbsd_riscv64.s | 137 +-- .../x/sys/unix/zsyscall_solaris_amd64.go | 13 + .../x/sys/unix/zsysctl_openbsd_386.go | 51 +- .../x/sys/unix/zsysctl_openbsd_amd64.go | 17 +- .../x/sys/unix/zsysctl_openbsd_arm.go | 51 +- .../x/sys/unix/zsysctl_openbsd_arm64.go | 11 +- .../x/sys/unix/zsysctl_openbsd_mips64.go | 3 +- .../x/sys/unix/zsysnum_openbsd_mips64.go | 1 + .../x/sys/unix/ztypes_netbsd_386.go | 84 ++ .../x/sys/unix/ztypes_netbsd_amd64.go | 84 ++ .../x/sys/unix/ztypes_netbsd_arm.go | 84 ++ .../x/sys/unix/ztypes_netbsd_arm64.go | 84 ++ .../x/sys/unix/ztypes_openbsd_386.go | 97 +-- .../x/sys/unix/ztypes_openbsd_amd64.go | 33 +- .../x/sys/unix/ztypes_openbsd_arm.go | 9 +- .../x/sys/unix/ztypes_openbsd_arm64.go | 9 +- .../x/sys/unix/ztypes_openbsd_mips64.go | 9 +- vendor/modules.txt | 4 +- 62 files changed, 3184 insertions(+), 1171 deletions(-) create mode 100644 vendor/golang.org/x/sys/unix/syscall_hurd.go create mode 100644 vendor/golang.org/x/sys/unix/syscall_hurd_386.go create mode 100644 vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.s diff --git a/go.mod b/go.mod index 579930e8575..5763720fb86 100644 --- a/go.mod +++ b/go.mod @@ -19,8 +19,8 @@ require ( github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 github.com/urfave/cli v1.22.9 github.com/vishvananda/netlink v1.1.0 - golang.org/x/net v0.4.0 - golang.org/x/sys v0.3.0 + golang.org/x/net v0.5.0 + golang.org/x/sys v0.4.0 google.golang.org/protobuf v1.28.1 ) diff --git a/go.sum b/go.sum index 1785a186d9f..541f2a55ab8 100644 --- a/go.sum +++ b/go.sum @@ -59,14 +59,14 @@ github.com/vishvananda/netlink v1.1.0 h1:1iyaYNBLmP6L0220aDnYQpo1QEV4t4hJ+xEEhhJ github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE= github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df h1:OviZH7qLw/7ZovXvuNyL3XQl8UFofeikI1NW1Gypu7k= github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU= -golang.org/x/net v0.4.0 h1:Q5QPcMlvfxFTAPV0+07Xz/MpK9NTXu2VDUuy0FeMfaU= -golang.org/x/net v0.4.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= +golang.org/x/net v0.5.0 h1:GyT4nK/YDHSqa1c4753ouYCDajOYKTja9Xb/OHtgvSw= +golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws= golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.3.0 h1:w8ZOecv6NaNa/zC8944JTU3vz4u6Lagfk4RPQxv92NQ= -golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.4.0 h1:Zr2JFtRQNX3BCZ8YtxRE9hNJYC8J6I1MVbMg6owUp18= +golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= diff --git a/vendor/golang.org/x/sys/unix/gccgo.go b/vendor/golang.org/x/sys/unix/gccgo.go index 0dee23222ca..b06f52d748f 100644 --- a/vendor/golang.org/x/sys/unix/gccgo.go +++ b/vendor/golang.org/x/sys/unix/gccgo.go @@ -2,8 +2,8 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build gccgo && !aix -// +build gccgo,!aix +//go:build gccgo && !aix && !hurd +// +build gccgo,!aix,!hurd package unix diff --git a/vendor/golang.org/x/sys/unix/gccgo_c.c b/vendor/golang.org/x/sys/unix/gccgo_c.c index 2cb1fefac64..c4fce0e7003 100644 --- a/vendor/golang.org/x/sys/unix/gccgo_c.c +++ b/vendor/golang.org/x/sys/unix/gccgo_c.c @@ -2,8 +2,8 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -// +build gccgo -// +build !aix +// +build gccgo,!hurd +// +build !aix,!hurd #include #include diff --git a/vendor/golang.org/x/sys/unix/ioctl.go b/vendor/golang.org/x/sys/unix/ioctl.go index 6c7ad052e6b..1c51b0ec2bc 100644 --- a/vendor/golang.org/x/sys/unix/ioctl.go +++ b/vendor/golang.org/x/sys/unix/ioctl.go @@ -2,8 +2,8 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris -// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris +//go:build aix || darwin || dragonfly || freebsd || hurd || linux || netbsd || openbsd || solaris +// +build aix darwin dragonfly freebsd hurd linux netbsd openbsd solaris package unix diff --git a/vendor/golang.org/x/sys/unix/mkall.sh b/vendor/golang.org/x/sys/unix/mkall.sh index 727cba21270..8e3947c3686 100644 --- a/vendor/golang.org/x/sys/unix/mkall.sh +++ b/vendor/golang.org/x/sys/unix/mkall.sh @@ -174,10 +174,10 @@ openbsd_arm64) mktypes="GOARCH=$GOARCH go tool cgo -godefs -- -fsigned-char" ;; openbsd_mips64) + mkasm="go run mkasm.go" mkerrors="$mkerrors -m64" - mksyscall="go run mksyscall.go -openbsd" + mksyscall="go run mksyscall.go -openbsd -libc" mksysctl="go run mksysctl_openbsd.go" - mksysnum="go run mksysnum.go 'https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/sys/kern/syscalls.master'" # Let the type of C char be signed for making the bare syscall # API consistent across platforms. mktypes="GOARCH=$GOARCH go tool cgo -godefs -- -fsigned-char" diff --git a/vendor/golang.org/x/sys/unix/syscall_dragonfly.go b/vendor/golang.org/x/sys/unix/syscall_dragonfly.go index 61c0d0de15d..a41111a794e 100644 --- a/vendor/golang.org/x/sys/unix/syscall_dragonfly.go +++ b/vendor/golang.org/x/sys/unix/syscall_dragonfly.go @@ -255,6 +255,7 @@ func Sendfile(outfd int, infd int, offset *int64, count int) (written int, err e //sys Chmod(path string, mode uint32) (err error) //sys Chown(path string, uid int, gid int) (err error) //sys Chroot(path string) (err error) +//sys ClockGettime(clockid int32, time *Timespec) (err error) //sys Close(fd int) (err error) //sys Dup(fd int) (nfd int, err error) //sys Dup2(from int, to int) (err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd.go b/vendor/golang.org/x/sys/unix/syscall_freebsd.go index de7c23e0648..d50b9dc250b 100644 --- a/vendor/golang.org/x/sys/unix/syscall_freebsd.go +++ b/vendor/golang.org/x/sys/unix/syscall_freebsd.go @@ -319,6 +319,7 @@ func PtraceSingleStep(pid int) (err error) { //sys Chmod(path string, mode uint32) (err error) //sys Chown(path string, uid int, gid int) (err error) //sys Chroot(path string) (err error) +//sys ClockGettime(clockid int32, time *Timespec) (err error) //sys Close(fd int) (err error) //sys Dup(fd int) (nfd int, err error) //sys Dup2(from int, to int) (err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_hurd.go b/vendor/golang.org/x/sys/unix/syscall_hurd.go new file mode 100644 index 00000000000..4ffb64808d7 --- /dev/null +++ b/vendor/golang.org/x/sys/unix/syscall_hurd.go @@ -0,0 +1,22 @@ +// Copyright 2022 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build hurd +// +build hurd + +package unix + +/* +#include +int ioctl(int, unsigned long int, uintptr_t); +*/ +import "C" + +func ioctl(fd int, req uint, arg uintptr) (err error) { + r0, er := C.ioctl(C.int(fd), C.ulong(req), C.uintptr_t(arg)) + if r0 == -1 && er != nil { + err = er + } + return +} diff --git a/vendor/golang.org/x/sys/unix/syscall_hurd_386.go b/vendor/golang.org/x/sys/unix/syscall_hurd_386.go new file mode 100644 index 00000000000..7cf54a3e4f1 --- /dev/null +++ b/vendor/golang.org/x/sys/unix/syscall_hurd_386.go @@ -0,0 +1,29 @@ +// Copyright 2022 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build 386 && hurd +// +build 386,hurd + +package unix + +const ( + TIOCGETA = 0x62251713 +) + +type Winsize struct { + Row uint16 + Col uint16 + Xpixel uint16 + Ypixel uint16 +} + +type Termios struct { + Iflag uint32 + Oflag uint32 + Cflag uint32 + Lflag uint32 + Cc [20]uint8 + Ispeed int32 + Ospeed int32 +} diff --git a/vendor/golang.org/x/sys/unix/syscall_linux.go b/vendor/golang.org/x/sys/unix/syscall_linux.go index c5a98440eca..d839962e663 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux.go @@ -1973,36 +1973,46 @@ func Signalfd(fd int, sigmask *Sigset_t, flags int) (newfd int, err error) { //sys preadv2(fd int, iovs []Iovec, offs_l uintptr, offs_h uintptr, flags int) (n int, err error) = SYS_PREADV2 //sys pwritev2(fd int, iovs []Iovec, offs_l uintptr, offs_h uintptr, flags int) (n int, err error) = SYS_PWRITEV2 -func bytes2iovec(bs [][]byte) []Iovec { - iovecs := make([]Iovec, len(bs)) - for i, b := range bs { - iovecs[i].SetLen(len(b)) +// minIovec is the size of the small initial allocation used by +// Readv, Writev, etc. +// +// This small allocation gets stack allocated, which lets the +// common use case of len(iovs) <= minIovs avoid more expensive +// heap allocations. +const minIovec = 8 + +// appendBytes converts bs to Iovecs and appends them to vecs. +func appendBytes(vecs []Iovec, bs [][]byte) []Iovec { + for _, b := range bs { + var v Iovec + v.SetLen(len(b)) if len(b) > 0 { - iovecs[i].Base = &b[0] + v.Base = &b[0] } else { - iovecs[i].Base = (*byte)(unsafe.Pointer(&_zero)) + v.Base = (*byte)(unsafe.Pointer(&_zero)) } + vecs = append(vecs, v) } - return iovecs + return vecs } -// offs2lohi splits offs into its lower and upper unsigned long. On 64-bit -// systems, hi will always be 0. On 32-bit systems, offs will be split in half. -// preadv/pwritev chose this calling convention so they don't need to add a -// padding-register for alignment on ARM. +// offs2lohi splits offs into its low and high order bits. func offs2lohi(offs int64) (lo, hi uintptr) { - return uintptr(offs), uintptr(uint64(offs) >> SizeofLong) + const longBits = SizeofLong * 8 + return uintptr(offs), uintptr(uint64(offs) >> longBits) } func Readv(fd int, iovs [][]byte) (n int, err error) { - iovecs := bytes2iovec(iovs) + iovecs := make([]Iovec, 0, minIovec) + iovecs = appendBytes(iovecs, iovs) n, err = readv(fd, iovecs) readvRacedetect(iovecs, n, err) return n, err } func Preadv(fd int, iovs [][]byte, offset int64) (n int, err error) { - iovecs := bytes2iovec(iovs) + iovecs := make([]Iovec, 0, minIovec) + iovecs = appendBytes(iovecs, iovs) lo, hi := offs2lohi(offset) n, err = preadv(fd, iovecs, lo, hi) readvRacedetect(iovecs, n, err) @@ -2010,7 +2020,8 @@ func Preadv(fd int, iovs [][]byte, offset int64) (n int, err error) { } func Preadv2(fd int, iovs [][]byte, offset int64, flags int) (n int, err error) { - iovecs := bytes2iovec(iovs) + iovecs := make([]Iovec, 0, minIovec) + iovecs = appendBytes(iovecs, iovs) lo, hi := offs2lohi(offset) n, err = preadv2(fd, iovecs, lo, hi, flags) readvRacedetect(iovecs, n, err) @@ -2037,7 +2048,8 @@ func readvRacedetect(iovecs []Iovec, n int, err error) { } func Writev(fd int, iovs [][]byte) (n int, err error) { - iovecs := bytes2iovec(iovs) + iovecs := make([]Iovec, 0, minIovec) + iovecs = appendBytes(iovecs, iovs) if raceenabled { raceReleaseMerge(unsafe.Pointer(&ioSync)) } @@ -2047,7 +2059,8 @@ func Writev(fd int, iovs [][]byte) (n int, err error) { } func Pwritev(fd int, iovs [][]byte, offset int64) (n int, err error) { - iovecs := bytes2iovec(iovs) + iovecs := make([]Iovec, 0, minIovec) + iovecs = appendBytes(iovecs, iovs) if raceenabled { raceReleaseMerge(unsafe.Pointer(&ioSync)) } @@ -2058,7 +2071,8 @@ func Pwritev(fd int, iovs [][]byte, offset int64) (n int, err error) { } func Pwritev2(fd int, iovs [][]byte, offset int64, flags int) (n int, err error) { - iovecs := bytes2iovec(iovs) + iovecs := make([]Iovec, 0, minIovec) + iovecs = appendBytes(iovecs, iovs) if raceenabled { raceReleaseMerge(unsafe.Pointer(&ioSync)) } diff --git a/vendor/golang.org/x/sys/unix/syscall_netbsd.go b/vendor/golang.org/x/sys/unix/syscall_netbsd.go index 666f0a1b33d..35a3ad758f5 100644 --- a/vendor/golang.org/x/sys/unix/syscall_netbsd.go +++ b/vendor/golang.org/x/sys/unix/syscall_netbsd.go @@ -110,6 +110,20 @@ func direntNamlen(buf []byte) (uint64, bool) { return readInt(buf, unsafe.Offsetof(Dirent{}.Namlen), unsafe.Sizeof(Dirent{}.Namlen)) } +func SysctlUvmexp(name string) (*Uvmexp, error) { + mib, err := sysctlmib(name) + if err != nil { + return nil, err + } + + n := uintptr(SizeofUvmexp) + var u Uvmexp + if err := sysctl(mib, (*byte)(unsafe.Pointer(&u)), &n, nil, 0); err != nil { + return nil, err + } + return &u, nil +} + func Pipe(p []int) (err error) { return Pipe2(p, 0) } @@ -245,6 +259,7 @@ func Statvfs(path string, buf *Statvfs_t) (err error) { //sys Chmod(path string, mode uint32) (err error) //sys Chown(path string, uid int, gid int) (err error) //sys Chroot(path string) (err error) +//sys ClockGettime(clockid int32, time *Timespec) (err error) //sys Close(fd int) (err error) //sys Dup(fd int) (nfd int, err error) //sys Dup2(from int, to int) (err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_openbsd.go b/vendor/golang.org/x/sys/unix/syscall_openbsd.go index 78daceb338b..9b67b908e5f 100644 --- a/vendor/golang.org/x/sys/unix/syscall_openbsd.go +++ b/vendor/golang.org/x/sys/unix/syscall_openbsd.go @@ -220,6 +220,7 @@ func Uname(uname *Utsname) error { //sys Chmod(path string, mode uint32) (err error) //sys Chown(path string, uid int, gid int) (err error) //sys Chroot(path string) (err error) +//sys ClockGettime(clockid int32, time *Timespec) (err error) //sys Close(fd int) (err error) //sys Dup(fd int) (nfd int, err error) //sys Dup2(from int, to int) (err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_openbsd_libc.go b/vendor/golang.org/x/sys/unix/syscall_openbsd_libc.go index e23c5394eff..04aa43f41b2 100644 --- a/vendor/golang.org/x/sys/unix/syscall_openbsd_libc.go +++ b/vendor/golang.org/x/sys/unix/syscall_openbsd_libc.go @@ -2,8 +2,8 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build openbsd && !mips64 -// +build openbsd,!mips64 +//go:build openbsd +// +build openbsd package unix diff --git a/vendor/golang.org/x/sys/unix/syscall_solaris.go b/vendor/golang.org/x/sys/unix/syscall_solaris.go index 2109e569cce..07ac56109a0 100644 --- a/vendor/golang.org/x/sys/unix/syscall_solaris.go +++ b/vendor/golang.org/x/sys/unix/syscall_solaris.go @@ -590,6 +590,7 @@ func Sendfile(outfd int, infd int, offset *int64, count int) (written int, err e //sys Chmod(path string, mode uint32) (err error) //sys Chown(path string, uid int, gid int) (err error) //sys Chroot(path string) (err error) +//sys ClockGettime(clockid int32, time *Timespec) (err error) //sys Close(fd int) (err error) //sys Creat(path string, mode uint32) (fd int, err error) //sys Dup(fd int) (nfd int, err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_unix.go b/vendor/golang.org/x/sys/unix/syscall_unix.go index 00bafda8654..a386f8897df 100644 --- a/vendor/golang.org/x/sys/unix/syscall_unix.go +++ b/vendor/golang.org/x/sys/unix/syscall_unix.go @@ -331,6 +331,19 @@ func Recvfrom(fd int, p []byte, flags int) (n int, from Sockaddr, err error) { return } +// Recvmsg receives a message from a socket using the recvmsg system call. The +// received non-control data will be written to p, and any "out of band" +// control data will be written to oob. The flags are passed to recvmsg. +// +// The results are: +// - n is the number of non-control data bytes read into p +// - oobn is the number of control data bytes read into oob; this may be interpreted using [ParseSocketControlMessage] +// - recvflags is flags returned by recvmsg +// - from is the address of the sender +// +// If the underlying socket type is not SOCK_DGRAM, a received message +// containing oob data and a single '\0' of non-control data is treated as if +// the message contained only control data, i.e. n will be zero on return. func Recvmsg(fd int, p, oob []byte, flags int) (n, oobn int, recvflags int, from Sockaddr, err error) { var iov [1]Iovec if len(p) > 0 { @@ -346,13 +359,9 @@ func Recvmsg(fd int, p, oob []byte, flags int) (n, oobn int, recvflags int, from return } -// RecvmsgBuffers receives a message from a socket using the recvmsg -// system call. The flags are passed to recvmsg. Any non-control data -// read is scattered into the buffers slices. The results are: -// - n is the number of non-control data read into bufs -// - oobn is the number of control data read into oob; this may be interpreted using [ParseSocketControlMessage] -// - recvflags is flags returned by recvmsg -// - from is the address of the sender +// RecvmsgBuffers receives a message from a socket using the recvmsg system +// call. This function is equivalent to Recvmsg, but non-control data read is +// scattered into the buffers slices. func RecvmsgBuffers(fd int, buffers [][]byte, oob []byte, flags int) (n, oobn int, recvflags int, from Sockaddr, err error) { iov := make([]Iovec, len(buffers)) for i := range buffers { @@ -371,11 +380,38 @@ func RecvmsgBuffers(fd int, buffers [][]byte, oob []byte, flags int) (n, oobn in return } +// Sendmsg sends a message on a socket to an address using the sendmsg system +// call. This function is equivalent to SendmsgN, but does not return the +// number of bytes actually sent. func Sendmsg(fd int, p, oob []byte, to Sockaddr, flags int) (err error) { _, err = SendmsgN(fd, p, oob, to, flags) return } +// SendmsgN sends a message on a socket to an address using the sendmsg system +// call. p contains the non-control data to send, and oob contains the "out of +// band" control data. The flags are passed to sendmsg. The number of +// non-control bytes actually written to the socket is returned. +// +// Some socket types do not support sending control data without accompanying +// non-control data. If p is empty, and oob contains control data, and the +// underlying socket type is not SOCK_DGRAM, p will be treated as containing a +// single '\0' and the return value will indicate zero bytes sent. +// +// The Go function Recvmsg, if called with an empty p and a non-empty oob, +// will read and ignore this additional '\0'. If the message is received by +// code that does not use Recvmsg, or that does not use Go at all, that code +// will need to be written to expect and ignore the additional '\0'. +// +// If you need to send non-empty oob with p actually empty, and if the +// underlying socket type supports it, you can do so via a raw system call as +// follows: +// +// msg := &unix.Msghdr{ +// Control: &oob[0], +// } +// msg.SetControllen(len(oob)) +// n, _, errno := unix.Syscall(unix.SYS_SENDMSG, uintptr(fd), uintptr(unsafe.Pointer(msg)), flags) func SendmsgN(fd int, p, oob []byte, to Sockaddr, flags int) (n int, err error) { var iov [1]Iovec if len(p) > 0 { @@ -394,9 +430,8 @@ func SendmsgN(fd int, p, oob []byte, to Sockaddr, flags int) (n int, err error) } // SendmsgBuffers sends a message on a socket to an address using the sendmsg -// system call. The flags are passed to sendmsg. Any non-control data written -// is gathered from buffers. The function returns the number of bytes written -// to the socket. +// system call. This function is equivalent to SendmsgN, but the non-control +// data is gathered from buffers. func SendmsgBuffers(fd int, buffers [][]byte, oob []byte, to Sockaddr, flags int) (n int, err error) { iov := make([]Iovec, len(buffers)) for i := range buffers { diff --git a/vendor/golang.org/x/sys/unix/zerrors_openbsd_386.go b/vendor/golang.org/x/sys/unix/zerrors_openbsd_386.go index 6d56edc05ac..af20e474b38 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_openbsd_386.go +++ b/vendor/golang.org/x/sys/unix/zerrors_openbsd_386.go @@ -46,6 +46,7 @@ const ( AF_SNA = 0xb AF_UNIX = 0x1 AF_UNSPEC = 0x0 + ALTWERASE = 0x200 ARPHRD_ETHER = 0x1 ARPHRD_FRELAY = 0xf ARPHRD_IEEE1394 = 0x18 @@ -108,6 +109,15 @@ const ( BPF_DIRECTION_IN = 0x1 BPF_DIRECTION_OUT = 0x2 BPF_DIV = 0x30 + BPF_FILDROP_CAPTURE = 0x1 + BPF_FILDROP_DROP = 0x2 + BPF_FILDROP_PASS = 0x0 + BPF_F_DIR_IN = 0x10 + BPF_F_DIR_MASK = 0x30 + BPF_F_DIR_OUT = 0x20 + BPF_F_DIR_SHIFT = 0x4 + BPF_F_FLOWID = 0x8 + BPF_F_PRI_MASK = 0x7 BPF_H = 0x8 BPF_IMM = 0x0 BPF_IND = 0x40 @@ -136,6 +146,7 @@ const ( BPF_OR = 0x40 BPF_RELEASE = 0x30bb6 BPF_RET = 0x6 + BPF_RND = 0xc0 BPF_RSH = 0x70 BPF_ST = 0x2 BPF_STX = 0x3 @@ -147,6 +158,12 @@ const ( BRKINT = 0x2 CFLUSH = 0xf CLOCAL = 0x8000 + CLOCK_BOOTTIME = 0x6 + CLOCK_MONOTONIC = 0x3 + CLOCK_PROCESS_CPUTIME_ID = 0x2 + CLOCK_REALTIME = 0x0 + CLOCK_THREAD_CPUTIME_ID = 0x4 + CLOCK_UPTIME = 0x5 CPUSTATES = 0x6 CP_IDLE = 0x5 CP_INTR = 0x4 @@ -170,7 +187,65 @@ const ( CTL_KERN = 0x1 CTL_MAXNAME = 0xc CTL_NET = 0x4 + DIOCADDQUEUE = 0xc100445d + DIOCADDRULE = 0xccc84404 + DIOCADDSTATE = 0xc1084425 + DIOCCHANGERULE = 0xccc8441a + DIOCCLRIFFLAG = 0xc024445a + DIOCCLRSRCNODES = 0x20004455 + DIOCCLRSTATES = 0xc0d04412 + DIOCCLRSTATUS = 0xc0244416 + DIOCGETLIMIT = 0xc0084427 + DIOCGETQSTATS = 0xc1084460 + DIOCGETQUEUE = 0xc100445f + DIOCGETQUEUES = 0xc100445e + DIOCGETRULE = 0xccc84407 + DIOCGETRULES = 0xccc84406 + DIOCGETRULESET = 0xc444443b + DIOCGETRULESETS = 0xc444443a + DIOCGETSRCNODES = 0xc0084454 + DIOCGETSTATE = 0xc1084413 + DIOCGETSTATES = 0xc0084419 + DIOCGETSTATUS = 0xc1e84415 + DIOCGETSYNFLWATS = 0xc0084463 + DIOCGETTIMEOUT = 0xc008441e + DIOCIGETIFACES = 0xc0244457 + DIOCKILLSRCNODES = 0xc068445b + DIOCKILLSTATES = 0xc0d04429 + DIOCNATLOOK = 0xc0504417 + DIOCOSFPADD = 0xc084444f DIOCOSFPFLUSH = 0x2000444e + DIOCOSFPGET = 0xc0844450 + DIOCRADDADDRS = 0xc44c4443 + DIOCRADDTABLES = 0xc44c443d + DIOCRCLRADDRS = 0xc44c4442 + DIOCRCLRASTATS = 0xc44c4448 + DIOCRCLRTABLES = 0xc44c443c + DIOCRCLRTSTATS = 0xc44c4441 + DIOCRDELADDRS = 0xc44c4444 + DIOCRDELTABLES = 0xc44c443e + DIOCRGETADDRS = 0xc44c4446 + DIOCRGETASTATS = 0xc44c4447 + DIOCRGETTABLES = 0xc44c443f + DIOCRGETTSTATS = 0xc44c4440 + DIOCRINADEFINE = 0xc44c444d + DIOCRSETADDRS = 0xc44c4445 + DIOCRSETTFLAGS = 0xc44c444a + DIOCRTSTADDRS = 0xc44c4449 + DIOCSETDEBUG = 0xc0044418 + DIOCSETHOSTID = 0xc0044456 + DIOCSETIFFLAG = 0xc0244459 + DIOCSETLIMIT = 0xc0084428 + DIOCSETREASS = 0xc004445c + DIOCSETSTATUSIF = 0xc0244414 + DIOCSETSYNCOOKIES = 0xc0014462 + DIOCSETSYNFLWATS = 0xc0084461 + DIOCSETTIMEOUT = 0xc008441d + DIOCSTART = 0x20004401 + DIOCSTOP = 0x20004402 + DIOCXBEGIN = 0xc00c4451 + DIOCXCOMMIT = 0xc00c4452 + DIOCXROLLBACK = 0xc00c4453 DLT_ARCNET = 0x7 DLT_ATM_RFC1483 = 0xb DLT_AX25 = 0x3 @@ -186,6 +261,7 @@ const ( DLT_LOOP = 0xc DLT_MPLS = 0xdb DLT_NULL = 0x0 + DLT_OPENFLOW = 0x10b DLT_PFLOG = 0x75 DLT_PFSYNC = 0x12 DLT_PPP = 0x9 @@ -196,6 +272,23 @@ const ( DLT_RAW = 0xe DLT_SLIP = 0x8 DLT_SLIP_BSDOS = 0xf + DLT_USBPCAP = 0xf9 + DLT_USER0 = 0x93 + DLT_USER1 = 0x94 + DLT_USER10 = 0x9d + DLT_USER11 = 0x9e + DLT_USER12 = 0x9f + DLT_USER13 = 0xa0 + DLT_USER14 = 0xa1 + DLT_USER15 = 0xa2 + DLT_USER2 = 0x95 + DLT_USER3 = 0x96 + DLT_USER4 = 0x97 + DLT_USER5 = 0x98 + DLT_USER6 = 0x99 + DLT_USER7 = 0x9a + DLT_USER8 = 0x9b + DLT_USER9 = 0x9c DT_BLK = 0x6 DT_CHR = 0x2 DT_DIR = 0x4 @@ -215,6 +308,8 @@ const ( EMUL_ENABLED = 0x1 EMUL_NATIVE = 0x2 ENDRUNDISC = 0x9 + ETH64_8021_RSVD_MASK = 0xfffffffffff0 + ETH64_8021_RSVD_PREFIX = 0x180c2000000 ETHERMIN = 0x2e ETHERMTU = 0x5dc ETHERTYPE_8023 = 0x4 @@ -267,6 +362,7 @@ const ( ETHERTYPE_DN = 0x6003 ETHERTYPE_DOGFIGHT = 0x1989 ETHERTYPE_DSMD = 0x8039 + ETHERTYPE_EAPOL = 0x888e ETHERTYPE_ECMA = 0x803 ETHERTYPE_ENCRYPT = 0x803d ETHERTYPE_ES = 0x805d @@ -298,6 +394,7 @@ const ( ETHERTYPE_LLDP = 0x88cc ETHERTYPE_LOGICRAFT = 0x8148 ETHERTYPE_LOOPBACK = 0x9000 + ETHERTYPE_MACSEC = 0x88e5 ETHERTYPE_MATRA = 0x807a ETHERTYPE_MAX = 0xffff ETHERTYPE_MERIT = 0x807c @@ -326,15 +423,17 @@ const ( ETHERTYPE_NCD = 0x8149 ETHERTYPE_NESTAR = 0x8006 ETHERTYPE_NETBEUI = 0x8191 + ETHERTYPE_NHRP = 0x2001 ETHERTYPE_NOVELL = 0x8138 ETHERTYPE_NS = 0x600 ETHERTYPE_NSAT = 0x601 ETHERTYPE_NSCOMPAT = 0x807 + ETHERTYPE_NSH = 0x984f ETHERTYPE_NTRAILER = 0x10 ETHERTYPE_OS9 = 0x7007 ETHERTYPE_OS9NET = 0x7009 ETHERTYPE_PACER = 0x80c6 - ETHERTYPE_PAE = 0x888e + ETHERTYPE_PBB = 0x88e7 ETHERTYPE_PCS = 0x4242 ETHERTYPE_PLANNING = 0x8044 ETHERTYPE_PPP = 0x880b @@ -409,28 +508,40 @@ const ( ETHER_CRC_POLY_LE = 0xedb88320 ETHER_HDR_LEN = 0xe ETHER_MAX_DIX_LEN = 0x600 + ETHER_MAX_HARDMTU_LEN = 0xff9b ETHER_MAX_LEN = 0x5ee ETHER_MIN_LEN = 0x40 ETHER_TYPE_LEN = 0x2 ETHER_VLAN_ENCAP_LEN = 0x4 EVFILT_AIO = -0x3 + EVFILT_DEVICE = -0x8 + EVFILT_EXCEPT = -0x9 EVFILT_PROC = -0x5 EVFILT_READ = -0x1 EVFILT_SIGNAL = -0x6 - EVFILT_SYSCOUNT = 0x7 + EVFILT_SYSCOUNT = 0x9 EVFILT_TIMER = -0x7 EVFILT_VNODE = -0x4 EVFILT_WRITE = -0x2 + EVL_ENCAPLEN = 0x4 + EVL_PRIO_BITS = 0xd + EVL_PRIO_MAX = 0x7 + EVL_VLID_MASK = 0xfff + EVL_VLID_MAX = 0xffe + EVL_VLID_MIN = 0x1 + EVL_VLID_NULL = 0x0 EV_ADD = 0x1 EV_CLEAR = 0x20 EV_DELETE = 0x2 EV_DISABLE = 0x8 + EV_DISPATCH = 0x80 EV_ENABLE = 0x4 EV_EOF = 0x8000 EV_ERROR = 0x4000 EV_FLAG1 = 0x2000 EV_ONESHOT = 0x10 - EV_SYSFLAGS = 0xf000 + EV_RECEIPT = 0x40 + EV_SYSFLAGS = 0xf800 EXTA = 0x4b00 EXTB = 0x9600 EXTPROC = 0x800 @@ -443,6 +554,7 @@ const ( F_GETFL = 0x3 F_GETLK = 0x7 F_GETOWN = 0x5 + F_ISATTY = 0xb F_OK = 0x0 F_RDLCK = 0x1 F_SETFD = 0x2 @@ -460,7 +572,6 @@ const ( IEXTEN = 0x400 IFAN_ARRIVAL = 0x0 IFAN_DEPARTURE = 0x1 - IFA_ROUTE = 0x1 IFF_ALLMULTI = 0x200 IFF_BROADCAST = 0x2 IFF_CANTCHANGE = 0x8e52 @@ -471,12 +582,12 @@ const ( IFF_LOOPBACK = 0x8 IFF_MULTICAST = 0x8000 IFF_NOARP = 0x80 - IFF_NOTRAILERS = 0x20 IFF_OACTIVE = 0x400 IFF_POINTOPOINT = 0x10 IFF_PROMISC = 0x100 IFF_RUNNING = 0x40 IFF_SIMPLEX = 0x800 + IFF_STATICARP = 0x20 IFF_UP = 0x1 IFNAMSIZ = 0x10 IFT_1822 = 0x2 @@ -605,6 +716,7 @@ const ( IFT_LINEGROUP = 0xd2 IFT_LOCALTALK = 0x2a IFT_LOOP = 0x18 + IFT_MBIM = 0xfa IFT_MEDIAMAILOVERIP = 0x8b IFT_MFSIGLINK = 0xa7 IFT_MIOX25 = 0x26 @@ -695,6 +807,7 @@ const ( IFT_VOICEOVERCABLE = 0xc6 IFT_VOICEOVERFRAMERELAY = 0x99 IFT_VOICEOVERIP = 0x68 + IFT_WIREGUARD = 0xfb IFT_X213 = 0x5d IFT_X25 = 0x5 IFT_X25DDN = 0x4 @@ -729,8 +842,6 @@ const ( IPPROTO_AH = 0x33 IPPROTO_CARP = 0x70 IPPROTO_DIVERT = 0x102 - IPPROTO_DIVERT_INIT = 0x2 - IPPROTO_DIVERT_RESP = 0x1 IPPROTO_DONE = 0x101 IPPROTO_DSTOPTS = 0x3c IPPROTO_EGP = 0x8 @@ -762,9 +873,11 @@ const ( IPPROTO_RAW = 0xff IPPROTO_ROUTING = 0x2b IPPROTO_RSVP = 0x2e + IPPROTO_SCTP = 0x84 IPPROTO_TCP = 0x6 IPPROTO_TP = 0x1d IPPROTO_UDP = 0x11 + IPPROTO_UDPLITE = 0x88 IPV6_AUTH_LEVEL = 0x35 IPV6_AUTOFLOWLABEL = 0x3b IPV6_CHECKSUM = 0x1a @@ -787,6 +900,7 @@ const ( IPV6_LEAVE_GROUP = 0xd IPV6_MAXHLIM = 0xff IPV6_MAXPACKET = 0xffff + IPV6_MINHOPCOUNT = 0x41 IPV6_MMTU = 0x500 IPV6_MULTICAST_HOPS = 0xa IPV6_MULTICAST_IF = 0x9 @@ -826,12 +940,12 @@ const ( IP_DEFAULT_MULTICAST_LOOP = 0x1 IP_DEFAULT_MULTICAST_TTL = 0x1 IP_DF = 0x4000 - IP_DIVERTFL = 0x1022 IP_DROP_MEMBERSHIP = 0xd IP_ESP_NETWORK_LEVEL = 0x16 IP_ESP_TRANS_LEVEL = 0x15 IP_HDRINCL = 0x2 IP_IPCOMP_LEVEL = 0x1d + IP_IPDEFTTL = 0x25 IP_IPSECFLOWINFO = 0x24 IP_IPSEC_LOCAL_AUTH = 0x1b IP_IPSEC_LOCAL_CRED = 0x19 @@ -865,10 +979,15 @@ const ( IP_RETOPTS = 0x8 IP_RF = 0x8000 IP_RTABLE = 0x1021 + IP_SENDSRCADDR = 0x7 IP_TOS = 0x3 IP_TTL = 0x4 ISIG = 0x80 ISTRIP = 0x20 + ITIMER_PROF = 0x2 + ITIMER_REAL = 0x0 + ITIMER_VIRTUAL = 0x1 + IUCLC = 0x1000 IXANY = 0x800 IXOFF = 0x400 IXON = 0x200 @@ -900,10 +1019,11 @@ const ( MAP_INHERIT_COPY = 0x1 MAP_INHERIT_NONE = 0x2 MAP_INHERIT_SHARE = 0x0 - MAP_NOEXTEND = 0x100 - MAP_NORESERVE = 0x40 + MAP_INHERIT_ZERO = 0x3 + MAP_NOEXTEND = 0x0 + MAP_NORESERVE = 0x0 MAP_PRIVATE = 0x2 - MAP_RENAME = 0x20 + MAP_RENAME = 0x0 MAP_SHARED = 0x1 MAP_STACK = 0x4000 MAP_TRYFIXED = 0x0 @@ -922,6 +1042,7 @@ const ( MNT_NOATIME = 0x8000 MNT_NODEV = 0x10 MNT_NOEXEC = 0x4 + MNT_NOPERM = 0x20 MNT_NOSUID = 0x8 MNT_NOWAIT = 0x2 MNT_QUOTA = 0x2000 @@ -929,13 +1050,29 @@ const ( MNT_RELOAD = 0x40000 MNT_ROOTFS = 0x4000 MNT_SOFTDEP = 0x4000000 + MNT_STALLED = 0x100000 + MNT_SWAPPABLE = 0x200000 MNT_SYNCHRONOUS = 0x2 MNT_UPDATE = 0x10000 MNT_VISFLAGMASK = 0x400ffff MNT_WAIT = 0x1 MNT_WANTRDWR = 0x2000000 MNT_WXALLOWED = 0x800 + MOUNT_AFS = "afs" + MOUNT_CD9660 = "cd9660" + MOUNT_EXT2FS = "ext2fs" + MOUNT_FFS = "ffs" + MOUNT_FUSEFS = "fuse" + MOUNT_MFS = "mfs" + MOUNT_MSDOS = "msdos" + MOUNT_NCPFS = "ncpfs" + MOUNT_NFS = "nfs" + MOUNT_NTFS = "ntfs" + MOUNT_TMPFS = "tmpfs" + MOUNT_UDF = "udf" + MOUNT_UFS = "ffs" MSG_BCAST = 0x100 + MSG_CMSG_CLOEXEC = 0x800 MSG_CTRUNC = 0x20 MSG_DONTROUTE = 0x4 MSG_DONTWAIT = 0x80 @@ -946,6 +1083,7 @@ const ( MSG_PEEK = 0x2 MSG_TRUNC = 0x10 MSG_WAITALL = 0x40 + MSG_WAITFORONE = 0x1000 MS_ASYNC = 0x1 MS_INVALIDATE = 0x4 MS_SYNC = 0x2 @@ -953,12 +1091,16 @@ const ( NET_RT_DUMP = 0x1 NET_RT_FLAGS = 0x2 NET_RT_IFLIST = 0x3 - NET_RT_MAXID = 0x6 + NET_RT_IFNAMES = 0x6 + NET_RT_MAXID = 0x8 + NET_RT_SOURCE = 0x7 NET_RT_STATS = 0x4 NET_RT_TABLE = 0x5 NFDBITS = 0x20 NOFLSH = 0x80000000 + NOKERNINFO = 0x2000000 NOTE_ATTRIB = 0x8 + NOTE_CHANGE = 0x1 NOTE_CHILD = 0x4 NOTE_DELETE = 0x1 NOTE_EOF = 0x2 @@ -968,6 +1110,7 @@ const ( NOTE_FORK = 0x40000000 NOTE_LINK = 0x10 NOTE_LOWAT = 0x1 + NOTE_OOB = 0x4 NOTE_PCTRLMASK = 0xf0000000 NOTE_PDATAMASK = 0xfffff NOTE_RENAME = 0x20 @@ -977,11 +1120,13 @@ const ( NOTE_TRUNCATE = 0x80 NOTE_WRITE = 0x2 OCRNL = 0x10 + OLCUC = 0x20 ONLCR = 0x2 ONLRET = 0x80 ONOCR = 0x40 ONOEOT = 0x8 OPOST = 0x1 + OXTABS = 0x4 O_ACCMODE = 0x3 O_APPEND = 0x8 O_ASYNC = 0x40 @@ -1015,7 +1160,6 @@ const ( PROT_NONE = 0x0 PROT_READ = 0x1 PROT_WRITE = 0x2 - PT_MASK = 0x3ff000 RLIMIT_CORE = 0x4 RLIMIT_CPU = 0x0 RLIMIT_DATA = 0x2 @@ -1027,19 +1171,25 @@ const ( RLIMIT_STACK = 0x3 RLIM_INFINITY = 0x7fffffffffffffff RTAX_AUTHOR = 0x6 + RTAX_BFD = 0xb RTAX_BRD = 0x7 + RTAX_DNS = 0xc RTAX_DST = 0x0 RTAX_GATEWAY = 0x1 RTAX_GENMASK = 0x3 RTAX_IFA = 0x5 RTAX_IFP = 0x4 RTAX_LABEL = 0xa - RTAX_MAX = 0xb + RTAX_MAX = 0xf RTAX_NETMASK = 0x2 + RTAX_SEARCH = 0xe RTAX_SRC = 0x8 RTAX_SRCMASK = 0x9 + RTAX_STATIC = 0xd RTA_AUTHOR = 0x40 + RTA_BFD = 0x800 RTA_BRD = 0x80 + RTA_DNS = 0x1000 RTA_DST = 0x1 RTA_GATEWAY = 0x2 RTA_GENMASK = 0x8 @@ -1047,49 +1197,57 @@ const ( RTA_IFP = 0x10 RTA_LABEL = 0x400 RTA_NETMASK = 0x4 + RTA_SEARCH = 0x4000 RTA_SRC = 0x100 RTA_SRCMASK = 0x200 + RTA_STATIC = 0x2000 RTF_ANNOUNCE = 0x4000 + RTF_BFD = 0x1000000 RTF_BLACKHOLE = 0x1000 + RTF_BROADCAST = 0x400000 + RTF_CACHED = 0x20000 RTF_CLONED = 0x10000 RTF_CLONING = 0x100 + RTF_CONNECTED = 0x800000 RTF_DONE = 0x40 RTF_DYNAMIC = 0x10 - RTF_FMASK = 0x10f808 + RTF_FMASK = 0x110fc08 RTF_GATEWAY = 0x2 RTF_HOST = 0x4 RTF_LLINFO = 0x400 - RTF_MASK = 0x80 + RTF_LOCAL = 0x200000 RTF_MODIFIED = 0x20 RTF_MPATH = 0x40000 RTF_MPLS = 0x100000 + RTF_MULTICAST = 0x200 RTF_PERMANENT_ARP = 0x2000 RTF_PROTO1 = 0x8000 RTF_PROTO2 = 0x4000 RTF_PROTO3 = 0x2000 RTF_REJECT = 0x8 - RTF_SOURCE = 0x20000 RTF_STATIC = 0x800 - RTF_TUNNEL = 0x100000 RTF_UP = 0x1 RTF_USETRAILERS = 0x8000 - RTF_XRESOLVE = 0x200 + RTM_80211INFO = 0x15 RTM_ADD = 0x1 + RTM_BFD = 0x12 RTM_CHANGE = 0x3 + RTM_CHGADDRATTR = 0x14 RTM_DELADDR = 0xd RTM_DELETE = 0x2 RTM_DESYNC = 0x10 RTM_GET = 0x4 RTM_IFANNOUNCE = 0xf RTM_IFINFO = 0xe - RTM_LOCK = 0x8 + RTM_INVALIDATE = 0x11 RTM_LOSING = 0x5 RTM_MAXSIZE = 0x800 RTM_MISS = 0x7 RTM_NEWADDR = 0xc + RTM_PROPOSAL = 0x13 RTM_REDIRECT = 0x6 RTM_RESOLVE = 0xb - RTM_RTTUNIT = 0xf4240 + RTM_SOURCE = 0x16 RTM_VERSION = 0x5 RTV_EXPIRE = 0x4 RTV_HOPCOUNT = 0x2 @@ -1099,67 +1257,74 @@ const ( RTV_RTTVAR = 0x80 RTV_SPIPE = 0x10 RTV_SSTHRESH = 0x20 + RT_TABLEID_BITS = 0x8 + RT_TABLEID_MASK = 0xff RT_TABLEID_MAX = 0xff RUSAGE_CHILDREN = -0x1 RUSAGE_SELF = 0x0 RUSAGE_THREAD = 0x1 SCM_RIGHTS = 0x1 SCM_TIMESTAMP = 0x4 + SEEK_CUR = 0x1 + SEEK_END = 0x2 + SEEK_SET = 0x0 SHUT_RD = 0x0 SHUT_RDWR = 0x2 SHUT_WR = 0x1 SIOCADDMULTI = 0x80206931 SIOCAIFADDR = 0x8040691a SIOCAIFGROUP = 0x80246987 - SIOCALIFADDR = 0x8218691c SIOCATMARK = 0x40047307 - SIOCBRDGADD = 0x8054693c - SIOCBRDGADDS = 0x80546941 - SIOCBRDGARL = 0x806e694d + SIOCBRDGADD = 0x805c693c + SIOCBRDGADDL = 0x805c6949 + SIOCBRDGADDS = 0x805c6941 + SIOCBRDGARL = 0x808c694d SIOCBRDGDADDR = 0x81286947 - SIOCBRDGDEL = 0x8054693d - SIOCBRDGDELS = 0x80546942 - SIOCBRDGFLUSH = 0x80546948 - SIOCBRDGFRL = 0x806e694e + SIOCBRDGDEL = 0x805c693d + SIOCBRDGDELS = 0x805c6942 + SIOCBRDGFLUSH = 0x805c6948 + SIOCBRDGFRL = 0x808c694e SIOCBRDGGCACHE = 0xc0146941 SIOCBRDGGFD = 0xc0146952 SIOCBRDGGHT = 0xc0146951 - SIOCBRDGGIFFLGS = 0xc054693e + SIOCBRDGGIFFLGS = 0xc05c693e SIOCBRDGGMA = 0xc0146953 SIOCBRDGGPARAM = 0xc03c6958 SIOCBRDGGPRI = 0xc0146950 SIOCBRDGGRL = 0xc028694f - SIOCBRDGGSIFS = 0xc054693c SIOCBRDGGTO = 0xc0146946 - SIOCBRDGIFS = 0xc0546942 + SIOCBRDGIFS = 0xc05c6942 SIOCBRDGRTS = 0xc0186943 SIOCBRDGSADDR = 0xc1286944 SIOCBRDGSCACHE = 0x80146940 SIOCBRDGSFD = 0x80146952 SIOCBRDGSHT = 0x80146951 - SIOCBRDGSIFCOST = 0x80546955 - SIOCBRDGSIFFLGS = 0x8054693f - SIOCBRDGSIFPRIO = 0x80546954 + SIOCBRDGSIFCOST = 0x805c6955 + SIOCBRDGSIFFLGS = 0x805c693f + SIOCBRDGSIFPRIO = 0x805c6954 + SIOCBRDGSIFPROT = 0x805c694a SIOCBRDGSMA = 0x80146953 SIOCBRDGSPRI = 0x80146950 SIOCBRDGSPROTO = 0x8014695a SIOCBRDGSTO = 0x80146945 SIOCBRDGSTXHC = 0x80146959 + SIOCDELLABEL = 0x80206997 SIOCDELMULTI = 0x80206932 SIOCDIFADDR = 0x80206919 SIOCDIFGROUP = 0x80246989 + SIOCDIFPARENT = 0x802069b4 SIOCDIFPHYADDR = 0x80206949 - SIOCDLIFADDR = 0x8218691e + SIOCDPWE3NEIGHBOR = 0x802069de + SIOCDVNETID = 0x802069af SIOCGETKALIVE = 0xc01869a4 SIOCGETLABEL = 0x8020699a + SIOCGETMPWCFG = 0xc02069ae SIOCGETPFLOW = 0xc02069fe SIOCGETPFSYNC = 0xc02069f8 SIOCGETSGCNT = 0xc0147534 SIOCGETVIFCNT = 0xc0147533 SIOCGETVLAN = 0xc0206990 - SIOCGHIWAT = 0x40047301 SIOCGIFADDR = 0xc0206921 - SIOCGIFASYNCMAP = 0xc020697c SIOCGIFBRDADDR = 0xc0206923 SIOCGIFCONF = 0xc0086924 SIOCGIFDATA = 0xc020691b @@ -1168,40 +1333,53 @@ const ( SIOCGIFFLAGS = 0xc0206911 SIOCGIFGATTR = 0xc024698b SIOCGIFGENERIC = 0xc020693a + SIOCGIFGLIST = 0xc024698d SIOCGIFGMEMB = 0xc024698a SIOCGIFGROUP = 0xc0246988 SIOCGIFHARDMTU = 0xc02069a5 - SIOCGIFMEDIA = 0xc0286936 + SIOCGIFLLPRIO = 0xc02069b6 + SIOCGIFMEDIA = 0xc0386938 SIOCGIFMETRIC = 0xc0206917 SIOCGIFMTU = 0xc020697e SIOCGIFNETMASK = 0xc0206925 - SIOCGIFPDSTADDR = 0xc0206948 + SIOCGIFPAIR = 0xc02069b1 + SIOCGIFPARENT = 0xc02069b3 SIOCGIFPRIORITY = 0xc020699c - SIOCGIFPSRCADDR = 0xc0206947 SIOCGIFRDOMAIN = 0xc02069a0 SIOCGIFRTLABEL = 0xc0206983 - SIOCGIFTIMESLOT = 0xc0206986 + SIOCGIFRXR = 0x802069aa + SIOCGIFSFFPAGE = 0xc1126939 SIOCGIFXFLAGS = 0xc020699e - SIOCGLIFADDR = 0xc218691d SIOCGLIFPHYADDR = 0xc218694b + SIOCGLIFPHYDF = 0xc02069c2 + SIOCGLIFPHYECN = 0xc02069c8 SIOCGLIFPHYRTABLE = 0xc02069a2 SIOCGLIFPHYTTL = 0xc02069a9 - SIOCGLOWAT = 0x40047303 SIOCGPGRP = 0x40047309 + SIOCGPWE3 = 0xc0206998 + SIOCGPWE3CTRLWORD = 0xc02069dc + SIOCGPWE3FAT = 0xc02069dd + SIOCGPWE3NEIGHBOR = 0xc21869de + SIOCGRXHPRIO = 0xc02069db SIOCGSPPPPARAMS = 0xc0206994 + SIOCGTXHPRIO = 0xc02069c6 + SIOCGUMBINFO = 0xc02069be + SIOCGUMBPARAM = 0xc02069c0 SIOCGVH = 0xc02069f6 + SIOCGVNETFLOWID = 0xc02069c4 SIOCGVNETID = 0xc02069a7 + SIOCIFAFATTACH = 0x801169ab + SIOCIFAFDETACH = 0x801169ac SIOCIFCREATE = 0x8020697a SIOCIFDESTROY = 0x80206979 SIOCIFGCLONERS = 0xc00c6978 SIOCSETKALIVE = 0x801869a3 SIOCSETLABEL = 0x80206999 + SIOCSETMPWCFG = 0x802069ad SIOCSETPFLOW = 0x802069fd SIOCSETPFSYNC = 0x802069f7 SIOCSETVLAN = 0x8020698f - SIOCSHIWAT = 0x80047300 SIOCSIFADDR = 0x8020690c - SIOCSIFASYNCMAP = 0x8020697d SIOCSIFBRDADDR = 0x80206913 SIOCSIFDESCR = 0x80206980 SIOCSIFDSTADDR = 0x8020690e @@ -1209,25 +1387,37 @@ const ( SIOCSIFGATTR = 0x8024698c SIOCSIFGENERIC = 0x80206939 SIOCSIFLLADDR = 0x8020691f - SIOCSIFMEDIA = 0xc0206935 + SIOCSIFLLPRIO = 0x802069b5 + SIOCSIFMEDIA = 0xc0206937 SIOCSIFMETRIC = 0x80206918 SIOCSIFMTU = 0x8020697f SIOCSIFNETMASK = 0x80206916 - SIOCSIFPHYADDR = 0x80406946 + SIOCSIFPAIR = 0x802069b0 + SIOCSIFPARENT = 0x802069b2 SIOCSIFPRIORITY = 0x8020699b SIOCSIFRDOMAIN = 0x8020699f SIOCSIFRTLABEL = 0x80206982 - SIOCSIFTIMESLOT = 0x80206985 SIOCSIFXFLAGS = 0x8020699d SIOCSLIFPHYADDR = 0x8218694a + SIOCSLIFPHYDF = 0x802069c1 + SIOCSLIFPHYECN = 0x802069c7 SIOCSLIFPHYRTABLE = 0x802069a1 SIOCSLIFPHYTTL = 0x802069a8 - SIOCSLOWAT = 0x80047302 SIOCSPGRP = 0x80047308 + SIOCSPWE3CTRLWORD = 0x802069dc + SIOCSPWE3FAT = 0x802069dd + SIOCSPWE3NEIGHBOR = 0x821869de + SIOCSRXHPRIO = 0x802069db SIOCSSPPPPARAMS = 0x80206993 + SIOCSTXHPRIO = 0x802069c5 + SIOCSUMBPARAM = 0x802069bf SIOCSVH = 0xc02069f5 + SIOCSVNETFLOWID = 0x802069c3 SIOCSVNETID = 0x802069a6 + SOCK_CLOEXEC = 0x8000 SOCK_DGRAM = 0x2 + SOCK_DNS = 0x1000 + SOCK_NONBLOCK = 0x4000 SOCK_RAW = 0x3 SOCK_RDM = 0x4 SOCK_SEQPACKET = 0x5 @@ -1238,6 +1428,7 @@ const ( SO_BINDANY = 0x1000 SO_BROADCAST = 0x20 SO_DEBUG = 0x1 + SO_DOMAIN = 0x1024 SO_DONTROUTE = 0x10 SO_ERROR = 0x1007 SO_KEEPALIVE = 0x8 @@ -1245,6 +1436,7 @@ const ( SO_NETPROC = 0x1020 SO_OOBINLINE = 0x100 SO_PEERCRED = 0x1022 + SO_PROTOCOL = 0x1025 SO_RCVBUF = 0x1002 SO_RCVLOWAT = 0x1004 SO_RCVTIMEO = 0x1006 @@ -1258,6 +1450,7 @@ const ( SO_TIMESTAMP = 0x800 SO_TYPE = 0x1008 SO_USELOOPBACK = 0x40 + SO_ZEROIZE = 0x2000 S_BLKSIZE = 0x200 S_IEXEC = 0x40 S_IFBLK = 0x6000 @@ -1287,9 +1480,24 @@ const ( S_IXOTH = 0x1 S_IXUSR = 0x40 TCIFLUSH = 0x1 + TCIOFF = 0x3 TCIOFLUSH = 0x3 + TCION = 0x4 TCOFLUSH = 0x2 - TCP_MAXBURST = 0x4 + TCOOFF = 0x1 + TCOON = 0x2 + TCPOPT_EOL = 0x0 + TCPOPT_MAXSEG = 0x2 + TCPOPT_NOP = 0x1 + TCPOPT_SACK = 0x5 + TCPOPT_SACK_HDR = 0x1010500 + TCPOPT_SACK_PERMITTED = 0x4 + TCPOPT_SACK_PERMIT_HDR = 0x1010402 + TCPOPT_SIGNATURE = 0x13 + TCPOPT_TIMESTAMP = 0x8 + TCPOPT_TSTAMP_HDR = 0x101080a + TCPOPT_WINDOW = 0x3 + TCP_INFO = 0x9 TCP_MAXSEG = 0x2 TCP_MAXWIN = 0xffff TCP_MAX_SACK = 0x3 @@ -1298,11 +1506,15 @@ const ( TCP_MSS = 0x200 TCP_NODELAY = 0x1 TCP_NOPUSH = 0x10 - TCP_NSTATES = 0xb + TCP_SACKHOLE_LIMIT = 0x80 TCP_SACK_ENABLE = 0x8 TCSAFLUSH = 0x2 + TIMER_ABSTIME = 0x1 + TIMER_RELTIME = 0x0 TIOCCBRK = 0x2000747a TIOCCDTR = 0x20007478 + TIOCCHKVERAUTH = 0x2000741e + TIOCCLRVERAUTH = 0x2000741d TIOCCONS = 0x80047462 TIOCDRAIN = 0x2000745e TIOCEXCL = 0x2000740d @@ -1357,17 +1569,21 @@ const ( TIOCSETAF = 0x802c7416 TIOCSETAW = 0x802c7415 TIOCSETD = 0x8004741b + TIOCSETVERAUTH = 0x8004741c TIOCSFLAGS = 0x8004745c TIOCSIG = 0x8004745f TIOCSPGRP = 0x80047476 TIOCSTART = 0x2000746e - TIOCSTAT = 0x80047465 - TIOCSTI = 0x80017472 + TIOCSTAT = 0x20007465 TIOCSTOP = 0x2000746f TIOCSTSTAMP = 0x8008745a TIOCSWINSZ = 0x80087467 TIOCUCNTL = 0x80047466 + TIOCUCNTL_CBRK = 0x7a + TIOCUCNTL_SBRK = 0x7b TOSTOP = 0x400000 + UTIME_NOW = -0x2 + UTIME_OMIT = -0x1 VDISCARD = 0xf VDSUSP = 0xb VEOF = 0x0 @@ -1378,6 +1594,19 @@ const ( VKILL = 0x5 VLNEXT = 0xe VMIN = 0x10 + VM_ANONMIN = 0x7 + VM_LOADAVG = 0x2 + VM_MALLOC_CONF = 0xc + VM_MAXID = 0xd + VM_MAXSLP = 0xa + VM_METER = 0x1 + VM_NKMEMPAGES = 0x6 + VM_PSSTRINGS = 0x3 + VM_SWAPENCRYPT = 0x5 + VM_USPACE = 0xb + VM_UVMEXP = 0x4 + VM_VNODEMIN = 0x9 + VM_VTEXTMIN = 0x8 VQUIT = 0x9 VREPRINT = 0x6 VSTART = 0xc @@ -1390,8 +1619,8 @@ const ( WCONTINUED = 0x8 WCOREFLAG = 0x80 WNOHANG = 0x1 - WSTOPPED = 0x7f WUNTRACED = 0x2 + XCASE = 0x1000000 ) // Errors @@ -1405,6 +1634,7 @@ const ( EALREADY = syscall.Errno(0x25) EAUTH = syscall.Errno(0x50) EBADF = syscall.Errno(0x9) + EBADMSG = syscall.Errno(0x5c) EBADRPC = syscall.Errno(0x48) EBUSY = syscall.Errno(0x10) ECANCELED = syscall.Errno(0x58) @@ -1431,7 +1661,7 @@ const ( EIPSEC = syscall.Errno(0x52) EISCONN = syscall.Errno(0x38) EISDIR = syscall.Errno(0x15) - ELAST = syscall.Errno(0x5b) + ELAST = syscall.Errno(0x5f) ELOOP = syscall.Errno(0x3e) EMEDIUMTYPE = syscall.Errno(0x56) EMFILE = syscall.Errno(0x18) @@ -1459,12 +1689,14 @@ const ( ENOTCONN = syscall.Errno(0x39) ENOTDIR = syscall.Errno(0x14) ENOTEMPTY = syscall.Errno(0x42) + ENOTRECOVERABLE = syscall.Errno(0x5d) ENOTSOCK = syscall.Errno(0x26) ENOTSUP = syscall.Errno(0x5b) ENOTTY = syscall.Errno(0x19) ENXIO = syscall.Errno(0x6) EOPNOTSUPP = syscall.Errno(0x2d) EOVERFLOW = syscall.Errno(0x57) + EOWNERDEAD = syscall.Errno(0x5e) EPERM = syscall.Errno(0x1) EPFNOSUPPORT = syscall.Errno(0x2e) EPIPE = syscall.Errno(0x20) @@ -1472,6 +1704,7 @@ const ( EPROCUNAVAIL = syscall.Errno(0x4c) EPROGMISMATCH = syscall.Errno(0x4b) EPROGUNAVAIL = syscall.Errno(0x4a) + EPROTO = syscall.Errno(0x5f) EPROTONOSUPPORT = syscall.Errno(0x2b) EPROTOTYPE = syscall.Errno(0x29) ERANGE = syscall.Errno(0x22) @@ -1568,7 +1801,7 @@ var errorList = [...]struct { {32, "EPIPE", "broken pipe"}, {33, "EDOM", "numerical argument out of domain"}, {34, "ERANGE", "result too large"}, - {35, "EWOULDBLOCK", "resource temporarily unavailable"}, + {35, "EAGAIN", "resource temporarily unavailable"}, {36, "EINPROGRESS", "operation now in progress"}, {37, "EALREADY", "operation already in progress"}, {38, "ENOTSOCK", "socket operation on non-socket"}, @@ -1624,7 +1857,11 @@ var errorList = [...]struct { {88, "ECANCELED", "operation canceled"}, {89, "EIDRM", "identifier removed"}, {90, "ENOMSG", "no message of desired type"}, - {91, "ELAST", "not supported"}, + {91, "ENOTSUP", "not supported"}, + {92, "EBADMSG", "bad message"}, + {93, "ENOTRECOVERABLE", "state not recoverable"}, + {94, "EOWNERDEAD", "previous owner died"}, + {95, "ELAST", "protocol error"}, } // Signal table @@ -1638,7 +1875,7 @@ var signalList = [...]struct { {3, "SIGQUIT", "quit"}, {4, "SIGILL", "illegal instruction"}, {5, "SIGTRAP", "trace/BPT trap"}, - {6, "SIGABRT", "abort trap"}, + {6, "SIGIOT", "abort trap"}, {7, "SIGEMT", "EMT trap"}, {8, "SIGFPE", "floating point exception"}, {9, "SIGKILL", "killed"}, @@ -1665,4 +1902,5 @@ var signalList = [...]struct { {30, "SIGUSR1", "user defined signal 1"}, {31, "SIGUSR2", "user defined signal 2"}, {32, "SIGTHR", "thread AST"}, + {28672, "SIGSTKSZ", "unknown signal"}, } diff --git a/vendor/golang.org/x/sys/unix/zerrors_openbsd_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_openbsd_amd64.go index 25cb6094813..6015fcb2bf6 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_openbsd_amd64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_openbsd_amd64.go @@ -109,6 +109,15 @@ const ( BPF_DIRECTION_IN = 0x1 BPF_DIRECTION_OUT = 0x2 BPF_DIV = 0x30 + BPF_FILDROP_CAPTURE = 0x1 + BPF_FILDROP_DROP = 0x2 + BPF_FILDROP_PASS = 0x0 + BPF_F_DIR_IN = 0x10 + BPF_F_DIR_MASK = 0x30 + BPF_F_DIR_OUT = 0x20 + BPF_F_DIR_SHIFT = 0x4 + BPF_F_FLOWID = 0x8 + BPF_F_PRI_MASK = 0x7 BPF_H = 0x8 BPF_IMM = 0x0 BPF_IND = 0x40 @@ -137,6 +146,7 @@ const ( BPF_OR = 0x40 BPF_RELEASE = 0x30bb6 BPF_RET = 0x6 + BPF_RND = 0xc0 BPF_RSH = 0x70 BPF_ST = 0x2 BPF_STX = 0x3 @@ -177,7 +187,65 @@ const ( CTL_KERN = 0x1 CTL_MAXNAME = 0xc CTL_NET = 0x4 + DIOCADDQUEUE = 0xc110445d + DIOCADDRULE = 0xcd604404 + DIOCADDSTATE = 0xc1084425 + DIOCCHANGERULE = 0xcd60441a + DIOCCLRIFFLAG = 0xc028445a + DIOCCLRSRCNODES = 0x20004455 + DIOCCLRSTATES = 0xc0e04412 + DIOCCLRSTATUS = 0xc0284416 + DIOCGETLIMIT = 0xc0084427 + DIOCGETQSTATS = 0xc1204460 + DIOCGETQUEUE = 0xc110445f + DIOCGETQUEUES = 0xc110445e + DIOCGETRULE = 0xcd604407 + DIOCGETRULES = 0xcd604406 + DIOCGETRULESET = 0xc444443b + DIOCGETRULESETS = 0xc444443a + DIOCGETSRCNODES = 0xc0104454 + DIOCGETSTATE = 0xc1084413 + DIOCGETSTATES = 0xc0104419 + DIOCGETSTATUS = 0xc1e84415 + DIOCGETSYNFLWATS = 0xc0084463 + DIOCGETTIMEOUT = 0xc008441e + DIOCIGETIFACES = 0xc0284457 + DIOCKILLSRCNODES = 0xc080445b + DIOCKILLSTATES = 0xc0e04429 + DIOCNATLOOK = 0xc0504417 + DIOCOSFPADD = 0xc088444f DIOCOSFPFLUSH = 0x2000444e + DIOCOSFPGET = 0xc0884450 + DIOCRADDADDRS = 0xc4504443 + DIOCRADDTABLES = 0xc450443d + DIOCRCLRADDRS = 0xc4504442 + DIOCRCLRASTATS = 0xc4504448 + DIOCRCLRTABLES = 0xc450443c + DIOCRCLRTSTATS = 0xc4504441 + DIOCRDELADDRS = 0xc4504444 + DIOCRDELTABLES = 0xc450443e + DIOCRGETADDRS = 0xc4504446 + DIOCRGETASTATS = 0xc4504447 + DIOCRGETTABLES = 0xc450443f + DIOCRGETTSTATS = 0xc4504440 + DIOCRINADEFINE = 0xc450444d + DIOCRSETADDRS = 0xc4504445 + DIOCRSETTFLAGS = 0xc450444a + DIOCRTSTADDRS = 0xc4504449 + DIOCSETDEBUG = 0xc0044418 + DIOCSETHOSTID = 0xc0044456 + DIOCSETIFFLAG = 0xc0284459 + DIOCSETLIMIT = 0xc0084428 + DIOCSETREASS = 0xc004445c + DIOCSETSTATUSIF = 0xc0284414 + DIOCSETSYNCOOKIES = 0xc0014462 + DIOCSETSYNFLWATS = 0xc0084461 + DIOCSETTIMEOUT = 0xc008441d + DIOCSTART = 0x20004401 + DIOCSTOP = 0x20004402 + DIOCXBEGIN = 0xc0104451 + DIOCXCOMMIT = 0xc0104452 + DIOCXROLLBACK = 0xc0104453 DLT_ARCNET = 0x7 DLT_ATM_RFC1483 = 0xb DLT_AX25 = 0x3 @@ -240,6 +308,8 @@ const ( EMUL_ENABLED = 0x1 EMUL_NATIVE = 0x2 ENDRUNDISC = 0x9 + ETH64_8021_RSVD_MASK = 0xfffffffffff0 + ETH64_8021_RSVD_PREFIX = 0x180c2000000 ETHERMIN = 0x2e ETHERMTU = 0x5dc ETHERTYPE_8023 = 0x4 @@ -292,6 +362,7 @@ const ( ETHERTYPE_DN = 0x6003 ETHERTYPE_DOGFIGHT = 0x1989 ETHERTYPE_DSMD = 0x8039 + ETHERTYPE_EAPOL = 0x888e ETHERTYPE_ECMA = 0x803 ETHERTYPE_ENCRYPT = 0x803d ETHERTYPE_ES = 0x805d @@ -323,6 +394,7 @@ const ( ETHERTYPE_LLDP = 0x88cc ETHERTYPE_LOGICRAFT = 0x8148 ETHERTYPE_LOOPBACK = 0x9000 + ETHERTYPE_MACSEC = 0x88e5 ETHERTYPE_MATRA = 0x807a ETHERTYPE_MAX = 0xffff ETHERTYPE_MERIT = 0x807c @@ -351,15 +423,17 @@ const ( ETHERTYPE_NCD = 0x8149 ETHERTYPE_NESTAR = 0x8006 ETHERTYPE_NETBEUI = 0x8191 + ETHERTYPE_NHRP = 0x2001 ETHERTYPE_NOVELL = 0x8138 ETHERTYPE_NS = 0x600 ETHERTYPE_NSAT = 0x601 ETHERTYPE_NSCOMPAT = 0x807 + ETHERTYPE_NSH = 0x984f ETHERTYPE_NTRAILER = 0x10 ETHERTYPE_OS9 = 0x7007 ETHERTYPE_OS9NET = 0x7009 ETHERTYPE_PACER = 0x80c6 - ETHERTYPE_PAE = 0x888e + ETHERTYPE_PBB = 0x88e7 ETHERTYPE_PCS = 0x4242 ETHERTYPE_PLANNING = 0x8044 ETHERTYPE_PPP = 0x880b @@ -441,10 +515,11 @@ const ( ETHER_VLAN_ENCAP_LEN = 0x4 EVFILT_AIO = -0x3 EVFILT_DEVICE = -0x8 + EVFILT_EXCEPT = -0x9 EVFILT_PROC = -0x5 EVFILT_READ = -0x1 EVFILT_SIGNAL = -0x6 - EVFILT_SYSCOUNT = 0x8 + EVFILT_SYSCOUNT = 0x9 EVFILT_TIMER = -0x7 EVFILT_VNODE = -0x4 EVFILT_WRITE = -0x2 @@ -466,7 +541,7 @@ const ( EV_FLAG1 = 0x2000 EV_ONESHOT = 0x10 EV_RECEIPT = 0x40 - EV_SYSFLAGS = 0xf000 + EV_SYSFLAGS = 0xf800 EXTA = 0x4b00 EXTB = 0x9600 EXTPROC = 0x800 @@ -732,6 +807,7 @@ const ( IFT_VOICEOVERCABLE = 0xc6 IFT_VOICEOVERFRAMERELAY = 0x99 IFT_VOICEOVERIP = 0x68 + IFT_WIREGUARD = 0xfb IFT_X213 = 0x5d IFT_X25 = 0x5 IFT_X25DDN = 0x4 @@ -797,9 +873,11 @@ const ( IPPROTO_RAW = 0xff IPPROTO_ROUTING = 0x2b IPPROTO_RSVP = 0x2e + IPPROTO_SCTP = 0x84 IPPROTO_TCP = 0x6 IPPROTO_TP = 0x1d IPPROTO_UDP = 0x11 + IPPROTO_UDPLITE = 0x88 IPV6_AUTH_LEVEL = 0x35 IPV6_AUTOFLOWLABEL = 0x3b IPV6_CHECKSUM = 0x1a @@ -906,6 +984,9 @@ const ( IP_TTL = 0x4 ISIG = 0x80 ISTRIP = 0x20 + ITIMER_PROF = 0x2 + ITIMER_REAL = 0x0 + ITIMER_VIRTUAL = 0x1 IUCLC = 0x1000 IXANY = 0x800 IXOFF = 0x400 @@ -970,12 +1051,26 @@ const ( MNT_ROOTFS = 0x4000 MNT_SOFTDEP = 0x4000000 MNT_STALLED = 0x100000 + MNT_SWAPPABLE = 0x200000 MNT_SYNCHRONOUS = 0x2 MNT_UPDATE = 0x10000 MNT_VISFLAGMASK = 0x400ffff MNT_WAIT = 0x1 MNT_WANTRDWR = 0x2000000 MNT_WXALLOWED = 0x800 + MOUNT_AFS = "afs" + MOUNT_CD9660 = "cd9660" + MOUNT_EXT2FS = "ext2fs" + MOUNT_FFS = "ffs" + MOUNT_FUSEFS = "fuse" + MOUNT_MFS = "mfs" + MOUNT_MSDOS = "msdos" + MOUNT_NCPFS = "ncpfs" + MOUNT_NFS = "nfs" + MOUNT_NTFS = "ntfs" + MOUNT_TMPFS = "tmpfs" + MOUNT_UDF = "udf" + MOUNT_UFS = "ffs" MSG_BCAST = 0x100 MSG_CMSG_CLOEXEC = 0x800 MSG_CTRUNC = 0x20 @@ -988,6 +1083,7 @@ const ( MSG_PEEK = 0x2 MSG_TRUNC = 0x10 MSG_WAITALL = 0x40 + MSG_WAITFORONE = 0x1000 MS_ASYNC = 0x1 MS_INVALIDATE = 0x4 MS_SYNC = 0x2 @@ -996,7 +1092,8 @@ const ( NET_RT_FLAGS = 0x2 NET_RT_IFLIST = 0x3 NET_RT_IFNAMES = 0x6 - NET_RT_MAXID = 0x7 + NET_RT_MAXID = 0x8 + NET_RT_SOURCE = 0x7 NET_RT_STATS = 0x4 NET_RT_TABLE = 0x5 NFDBITS = 0x20 @@ -1013,6 +1110,7 @@ const ( NOTE_FORK = 0x40000000 NOTE_LINK = 0x10 NOTE_LOWAT = 0x1 + NOTE_OOB = 0x4 NOTE_PCTRLMASK = 0xf0000000 NOTE_PDATAMASK = 0xfffff NOTE_RENAME = 0x20 @@ -1130,9 +1228,11 @@ const ( RTF_STATIC = 0x800 RTF_UP = 0x1 RTF_USETRAILERS = 0x8000 + RTM_80211INFO = 0x15 RTM_ADD = 0x1 RTM_BFD = 0x12 RTM_CHANGE = 0x3 + RTM_CHGADDRATTR = 0x14 RTM_DELADDR = 0xd RTM_DELETE = 0x2 RTM_DESYNC = 0x10 @@ -1140,7 +1240,6 @@ const ( RTM_IFANNOUNCE = 0xf RTM_IFINFO = 0xe RTM_INVALIDATE = 0x11 - RTM_LOCK = 0x8 RTM_LOSING = 0x5 RTM_MAXSIZE = 0x800 RTM_MISS = 0x7 @@ -1148,7 +1247,7 @@ const ( RTM_PROPOSAL = 0x13 RTM_REDIRECT = 0x6 RTM_RESOLVE = 0xb - RTM_RTTUNIT = 0xf4240 + RTM_SOURCE = 0x16 RTM_VERSION = 0x5 RTV_EXPIRE = 0x4 RTV_HOPCOUNT = 0x2 @@ -1166,6 +1265,9 @@ const ( RUSAGE_THREAD = 0x1 SCM_RIGHTS = 0x1 SCM_TIMESTAMP = 0x4 + SEEK_CUR = 0x1 + SEEK_END = 0x2 + SEEK_SET = 0x0 SHUT_RD = 0x0 SHUT_RDWR = 0x2 SHUT_WR = 0x1 @@ -1182,35 +1284,37 @@ const ( SIOCBRDGDELS = 0x80606942 SIOCBRDGFLUSH = 0x80606948 SIOCBRDGFRL = 0x808c694e - SIOCBRDGGCACHE = 0xc0186941 - SIOCBRDGGFD = 0xc0186952 - SIOCBRDGGHT = 0xc0186951 + SIOCBRDGGCACHE = 0xc0146941 + SIOCBRDGGFD = 0xc0146952 + SIOCBRDGGHT = 0xc0146951 SIOCBRDGGIFFLGS = 0xc060693e - SIOCBRDGGMA = 0xc0186953 + SIOCBRDGGMA = 0xc0146953 SIOCBRDGGPARAM = 0xc0406958 - SIOCBRDGGPRI = 0xc0186950 + SIOCBRDGGPRI = 0xc0146950 SIOCBRDGGRL = 0xc030694f - SIOCBRDGGTO = 0xc0186946 + SIOCBRDGGTO = 0xc0146946 SIOCBRDGIFS = 0xc0606942 SIOCBRDGRTS = 0xc0206943 SIOCBRDGSADDR = 0xc1286944 - SIOCBRDGSCACHE = 0x80186940 - SIOCBRDGSFD = 0x80186952 - SIOCBRDGSHT = 0x80186951 + SIOCBRDGSCACHE = 0x80146940 + SIOCBRDGSFD = 0x80146952 + SIOCBRDGSHT = 0x80146951 SIOCBRDGSIFCOST = 0x80606955 SIOCBRDGSIFFLGS = 0x8060693f SIOCBRDGSIFPRIO = 0x80606954 SIOCBRDGSIFPROT = 0x8060694a - SIOCBRDGSMA = 0x80186953 - SIOCBRDGSPRI = 0x80186950 - SIOCBRDGSPROTO = 0x8018695a - SIOCBRDGSTO = 0x80186945 - SIOCBRDGSTXHC = 0x80186959 + SIOCBRDGSMA = 0x80146953 + SIOCBRDGSPRI = 0x80146950 + SIOCBRDGSPROTO = 0x8014695a + SIOCBRDGSTO = 0x80146945 + SIOCBRDGSTXHC = 0x80146959 + SIOCDELLABEL = 0x80206997 SIOCDELMULTI = 0x80206932 SIOCDIFADDR = 0x80206919 SIOCDIFGROUP = 0x80286989 SIOCDIFPARENT = 0x802069b4 SIOCDIFPHYADDR = 0x80206949 + SIOCDPWE3NEIGHBOR = 0x802069de SIOCDVNETID = 0x802069af SIOCGETKALIVE = 0xc01869a4 SIOCGETLABEL = 0x8020699a @@ -1229,6 +1333,7 @@ const ( SIOCGIFFLAGS = 0xc0206911 SIOCGIFGATTR = 0xc028698b SIOCGIFGENERIC = 0xc020693a + SIOCGIFGLIST = 0xc028698d SIOCGIFGMEMB = 0xc028698a SIOCGIFGROUP = 0xc0286988 SIOCGIFHARDMTU = 0xc02069a5 @@ -1243,13 +1348,21 @@ const ( SIOCGIFRDOMAIN = 0xc02069a0 SIOCGIFRTLABEL = 0xc0206983 SIOCGIFRXR = 0x802069aa + SIOCGIFSFFPAGE = 0xc1126939 SIOCGIFXFLAGS = 0xc020699e SIOCGLIFPHYADDR = 0xc218694b SIOCGLIFPHYDF = 0xc02069c2 + SIOCGLIFPHYECN = 0xc02069c8 SIOCGLIFPHYRTABLE = 0xc02069a2 SIOCGLIFPHYTTL = 0xc02069a9 SIOCGPGRP = 0x40047309 + SIOCGPWE3 = 0xc0206998 + SIOCGPWE3CTRLWORD = 0xc02069dc + SIOCGPWE3FAT = 0xc02069dd + SIOCGPWE3NEIGHBOR = 0xc21869de + SIOCGRXHPRIO = 0xc02069db SIOCGSPPPPARAMS = 0xc0206994 + SIOCGTXHPRIO = 0xc02069c6 SIOCGUMBINFO = 0xc02069be SIOCGUMBPARAM = 0xc02069c0 SIOCGVH = 0xc02069f6 @@ -1287,19 +1400,20 @@ const ( SIOCSIFXFLAGS = 0x8020699d SIOCSLIFPHYADDR = 0x8218694a SIOCSLIFPHYDF = 0x802069c1 + SIOCSLIFPHYECN = 0x802069c7 SIOCSLIFPHYRTABLE = 0x802069a1 SIOCSLIFPHYTTL = 0x802069a8 SIOCSPGRP = 0x80047308 + SIOCSPWE3CTRLWORD = 0x802069dc + SIOCSPWE3FAT = 0x802069dd + SIOCSPWE3NEIGHBOR = 0x821869de + SIOCSRXHPRIO = 0x802069db SIOCSSPPPPARAMS = 0x80206993 + SIOCSTXHPRIO = 0x802069c5 SIOCSUMBPARAM = 0x802069bf SIOCSVH = 0xc02069f5 SIOCSVNETFLOWID = 0x802069c3 SIOCSVNETID = 0x802069a6 - SIOCSWGDPID = 0xc018695b - SIOCSWGMAXFLOW = 0xc0186960 - SIOCSWGMAXGROUP = 0xc018695d - SIOCSWSDPID = 0x8018695c - SIOCSWSPORTNO = 0xc060695f SOCK_CLOEXEC = 0x8000 SOCK_DGRAM = 0x2 SOCK_DNS = 0x1000 @@ -1314,6 +1428,7 @@ const ( SO_BINDANY = 0x1000 SO_BROADCAST = 0x20 SO_DEBUG = 0x1 + SO_DOMAIN = 0x1024 SO_DONTROUTE = 0x10 SO_ERROR = 0x1007 SO_KEEPALIVE = 0x8 @@ -1321,6 +1436,7 @@ const ( SO_NETPROC = 0x1020 SO_OOBINLINE = 0x100 SO_PEERCRED = 0x1022 + SO_PROTOCOL = 0x1025 SO_RCVBUF = 0x1002 SO_RCVLOWAT = 0x1004 SO_RCVTIMEO = 0x1006 @@ -1370,7 +1486,18 @@ const ( TCOFLUSH = 0x2 TCOOFF = 0x1 TCOON = 0x2 - TCP_MAXBURST = 0x4 + TCPOPT_EOL = 0x0 + TCPOPT_MAXSEG = 0x2 + TCPOPT_NOP = 0x1 + TCPOPT_SACK = 0x5 + TCPOPT_SACK_HDR = 0x1010500 + TCPOPT_SACK_PERMITTED = 0x4 + TCPOPT_SACK_PERMIT_HDR = 0x1010402 + TCPOPT_SIGNATURE = 0x13 + TCPOPT_TIMESTAMP = 0x8 + TCPOPT_TSTAMP_HDR = 0x101080a + TCPOPT_WINDOW = 0x3 + TCP_INFO = 0x9 TCP_MAXSEG = 0x2 TCP_MAXWIN = 0xffff TCP_MAX_SACK = 0x3 @@ -1379,8 +1506,11 @@ const ( TCP_MSS = 0x200 TCP_NODELAY = 0x1 TCP_NOPUSH = 0x10 + TCP_SACKHOLE_LIMIT = 0x80 TCP_SACK_ENABLE = 0x8 TCSAFLUSH = 0x2 + TIMER_ABSTIME = 0x1 + TIMER_RELTIME = 0x0 TIOCCBRK = 0x2000747a TIOCCDTR = 0x20007478 TIOCCHKVERAUTH = 0x2000741e @@ -1445,7 +1575,6 @@ const ( TIOCSPGRP = 0x80047476 TIOCSTART = 0x2000746e TIOCSTAT = 0x20007465 - TIOCSTI = 0x80017472 TIOCSTOP = 0x2000746f TIOCSTSTAMP = 0x8008745a TIOCSWINSZ = 0x80087467 @@ -1467,7 +1596,8 @@ const ( VMIN = 0x10 VM_ANONMIN = 0x7 VM_LOADAVG = 0x2 - VM_MAXID = 0xc + VM_MALLOC_CONF = 0xc + VM_MAXID = 0xd VM_MAXSLP = 0xa VM_METER = 0x1 VM_NKMEMPAGES = 0x6 @@ -1745,7 +1875,7 @@ var signalList = [...]struct { {3, "SIGQUIT", "quit"}, {4, "SIGILL", "illegal instruction"}, {5, "SIGTRAP", "trace/BPT trap"}, - {6, "SIGABRT", "abort trap"}, + {6, "SIGIOT", "abort trap"}, {7, "SIGEMT", "EMT trap"}, {8, "SIGFPE", "floating point exception"}, {9, "SIGKILL", "killed"}, @@ -1772,4 +1902,5 @@ var signalList = [...]struct { {30, "SIGUSR1", "user defined signal 1"}, {31, "SIGUSR2", "user defined signal 2"}, {32, "SIGTHR", "thread AST"}, + {28672, "SIGSTKSZ", "unknown signal"}, } diff --git a/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm.go b/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm.go index aef6c085609..8d44955e44d 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm.go +++ b/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm.go @@ -46,6 +46,7 @@ const ( AF_SNA = 0xb AF_UNIX = 0x1 AF_UNSPEC = 0x0 + ALTWERASE = 0x200 ARPHRD_ETHER = 0x1 ARPHRD_FRELAY = 0xf ARPHRD_IEEE1394 = 0x18 @@ -82,7 +83,7 @@ const ( BIOCGFILDROP = 0x40044278 BIOCGHDRCMPLT = 0x40044274 BIOCGRSIG = 0x40044273 - BIOCGRTIMEOUT = 0x400c426e + BIOCGRTIMEOUT = 0x4010426e BIOCGSTATS = 0x4008426f BIOCIMMEDIATE = 0x80044270 BIOCLOCK = 0x20004276 @@ -96,7 +97,7 @@ const ( BIOCSFILDROP = 0x80044279 BIOCSHDRCMPLT = 0x80044275 BIOCSRSIG = 0x80044272 - BIOCSRTIMEOUT = 0x800c426d + BIOCSRTIMEOUT = 0x8010426d BIOCVERSION = 0x40044271 BPF_A = 0x10 BPF_ABS = 0x20 @@ -108,6 +109,15 @@ const ( BPF_DIRECTION_IN = 0x1 BPF_DIRECTION_OUT = 0x2 BPF_DIV = 0x30 + BPF_FILDROP_CAPTURE = 0x1 + BPF_FILDROP_DROP = 0x2 + BPF_FILDROP_PASS = 0x0 + BPF_F_DIR_IN = 0x10 + BPF_F_DIR_MASK = 0x30 + BPF_F_DIR_OUT = 0x20 + BPF_F_DIR_SHIFT = 0x4 + BPF_F_FLOWID = 0x8 + BPF_F_PRI_MASK = 0x7 BPF_H = 0x8 BPF_IMM = 0x0 BPF_IND = 0x40 @@ -136,6 +146,7 @@ const ( BPF_OR = 0x40 BPF_RELEASE = 0x30bb6 BPF_RET = 0x6 + BPF_RND = 0xc0 BPF_RSH = 0x70 BPF_ST = 0x2 BPF_STX = 0x3 @@ -147,6 +158,12 @@ const ( BRKINT = 0x2 CFLUSH = 0xf CLOCAL = 0x8000 + CLOCK_BOOTTIME = 0x6 + CLOCK_MONOTONIC = 0x3 + CLOCK_PROCESS_CPUTIME_ID = 0x2 + CLOCK_REALTIME = 0x0 + CLOCK_THREAD_CPUTIME_ID = 0x4 + CLOCK_UPTIME = 0x5 CPUSTATES = 0x6 CP_IDLE = 0x5 CP_INTR = 0x4 @@ -170,7 +187,65 @@ const ( CTL_KERN = 0x1 CTL_MAXNAME = 0xc CTL_NET = 0x4 + DIOCADDQUEUE = 0xc100445d + DIOCADDRULE = 0xcce04404 + DIOCADDSTATE = 0xc1084425 + DIOCCHANGERULE = 0xcce0441a + DIOCCLRIFFLAG = 0xc024445a + DIOCCLRSRCNODES = 0x20004455 + DIOCCLRSTATES = 0xc0d04412 + DIOCCLRSTATUS = 0xc0244416 + DIOCGETLIMIT = 0xc0084427 + DIOCGETQSTATS = 0xc1084460 + DIOCGETQUEUE = 0xc100445f + DIOCGETQUEUES = 0xc100445e + DIOCGETRULE = 0xcce04407 + DIOCGETRULES = 0xcce04406 + DIOCGETRULESET = 0xc444443b + DIOCGETRULESETS = 0xc444443a + DIOCGETSRCNODES = 0xc0084454 + DIOCGETSTATE = 0xc1084413 + DIOCGETSTATES = 0xc0084419 + DIOCGETSTATUS = 0xc1e84415 + DIOCGETSYNFLWATS = 0xc0084463 + DIOCGETTIMEOUT = 0xc008441e + DIOCIGETIFACES = 0xc0244457 + DIOCKILLSRCNODES = 0xc068445b + DIOCKILLSTATES = 0xc0d04429 + DIOCNATLOOK = 0xc0504417 + DIOCOSFPADD = 0xc088444f DIOCOSFPFLUSH = 0x2000444e + DIOCOSFPGET = 0xc0884450 + DIOCRADDADDRS = 0xc44c4443 + DIOCRADDTABLES = 0xc44c443d + DIOCRCLRADDRS = 0xc44c4442 + DIOCRCLRASTATS = 0xc44c4448 + DIOCRCLRTABLES = 0xc44c443c + DIOCRCLRTSTATS = 0xc44c4441 + DIOCRDELADDRS = 0xc44c4444 + DIOCRDELTABLES = 0xc44c443e + DIOCRGETADDRS = 0xc44c4446 + DIOCRGETASTATS = 0xc44c4447 + DIOCRGETTABLES = 0xc44c443f + DIOCRGETTSTATS = 0xc44c4440 + DIOCRINADEFINE = 0xc44c444d + DIOCRSETADDRS = 0xc44c4445 + DIOCRSETTFLAGS = 0xc44c444a + DIOCRTSTADDRS = 0xc44c4449 + DIOCSETDEBUG = 0xc0044418 + DIOCSETHOSTID = 0xc0044456 + DIOCSETIFFLAG = 0xc0244459 + DIOCSETLIMIT = 0xc0084428 + DIOCSETREASS = 0xc004445c + DIOCSETSTATUSIF = 0xc0244414 + DIOCSETSYNCOOKIES = 0xc0014462 + DIOCSETSYNFLWATS = 0xc0084461 + DIOCSETTIMEOUT = 0xc008441d + DIOCSTART = 0x20004401 + DIOCSTOP = 0x20004402 + DIOCXBEGIN = 0xc00c4451 + DIOCXCOMMIT = 0xc00c4452 + DIOCXROLLBACK = 0xc00c4453 DLT_ARCNET = 0x7 DLT_ATM_RFC1483 = 0xb DLT_AX25 = 0x3 @@ -186,6 +261,7 @@ const ( DLT_LOOP = 0xc DLT_MPLS = 0xdb DLT_NULL = 0x0 + DLT_OPENFLOW = 0x10b DLT_PFLOG = 0x75 DLT_PFSYNC = 0x12 DLT_PPP = 0x9 @@ -196,6 +272,23 @@ const ( DLT_RAW = 0xe DLT_SLIP = 0x8 DLT_SLIP_BSDOS = 0xf + DLT_USBPCAP = 0xf9 + DLT_USER0 = 0x93 + DLT_USER1 = 0x94 + DLT_USER10 = 0x9d + DLT_USER11 = 0x9e + DLT_USER12 = 0x9f + DLT_USER13 = 0xa0 + DLT_USER14 = 0xa1 + DLT_USER15 = 0xa2 + DLT_USER2 = 0x95 + DLT_USER3 = 0x96 + DLT_USER4 = 0x97 + DLT_USER5 = 0x98 + DLT_USER6 = 0x99 + DLT_USER7 = 0x9a + DLT_USER8 = 0x9b + DLT_USER9 = 0x9c DT_BLK = 0x6 DT_CHR = 0x2 DT_DIR = 0x4 @@ -215,6 +308,8 @@ const ( EMUL_ENABLED = 0x1 EMUL_NATIVE = 0x2 ENDRUNDISC = 0x9 + ETH64_8021_RSVD_MASK = 0xfffffffffff0 + ETH64_8021_RSVD_PREFIX = 0x180c2000000 ETHERMIN = 0x2e ETHERMTU = 0x5dc ETHERTYPE_8023 = 0x4 @@ -267,6 +362,7 @@ const ( ETHERTYPE_DN = 0x6003 ETHERTYPE_DOGFIGHT = 0x1989 ETHERTYPE_DSMD = 0x8039 + ETHERTYPE_EAPOL = 0x888e ETHERTYPE_ECMA = 0x803 ETHERTYPE_ENCRYPT = 0x803d ETHERTYPE_ES = 0x805d @@ -298,6 +394,7 @@ const ( ETHERTYPE_LLDP = 0x88cc ETHERTYPE_LOGICRAFT = 0x8148 ETHERTYPE_LOOPBACK = 0x9000 + ETHERTYPE_MACSEC = 0x88e5 ETHERTYPE_MATRA = 0x807a ETHERTYPE_MAX = 0xffff ETHERTYPE_MERIT = 0x807c @@ -326,15 +423,17 @@ const ( ETHERTYPE_NCD = 0x8149 ETHERTYPE_NESTAR = 0x8006 ETHERTYPE_NETBEUI = 0x8191 + ETHERTYPE_NHRP = 0x2001 ETHERTYPE_NOVELL = 0x8138 ETHERTYPE_NS = 0x600 ETHERTYPE_NSAT = 0x601 ETHERTYPE_NSCOMPAT = 0x807 + ETHERTYPE_NSH = 0x984f ETHERTYPE_NTRAILER = 0x10 ETHERTYPE_OS9 = 0x7007 ETHERTYPE_OS9NET = 0x7009 ETHERTYPE_PACER = 0x80c6 - ETHERTYPE_PAE = 0x888e + ETHERTYPE_PBB = 0x88e7 ETHERTYPE_PCS = 0x4242 ETHERTYPE_PLANNING = 0x8044 ETHERTYPE_PPP = 0x880b @@ -409,28 +508,40 @@ const ( ETHER_CRC_POLY_LE = 0xedb88320 ETHER_HDR_LEN = 0xe ETHER_MAX_DIX_LEN = 0x600 + ETHER_MAX_HARDMTU_LEN = 0xff9b ETHER_MAX_LEN = 0x5ee ETHER_MIN_LEN = 0x40 ETHER_TYPE_LEN = 0x2 ETHER_VLAN_ENCAP_LEN = 0x4 EVFILT_AIO = -0x3 + EVFILT_DEVICE = -0x8 + EVFILT_EXCEPT = -0x9 EVFILT_PROC = -0x5 EVFILT_READ = -0x1 EVFILT_SIGNAL = -0x6 - EVFILT_SYSCOUNT = 0x7 + EVFILT_SYSCOUNT = 0x9 EVFILT_TIMER = -0x7 EVFILT_VNODE = -0x4 EVFILT_WRITE = -0x2 + EVL_ENCAPLEN = 0x4 + EVL_PRIO_BITS = 0xd + EVL_PRIO_MAX = 0x7 + EVL_VLID_MASK = 0xfff + EVL_VLID_MAX = 0xffe + EVL_VLID_MIN = 0x1 + EVL_VLID_NULL = 0x0 EV_ADD = 0x1 EV_CLEAR = 0x20 EV_DELETE = 0x2 EV_DISABLE = 0x8 + EV_DISPATCH = 0x80 EV_ENABLE = 0x4 EV_EOF = 0x8000 EV_ERROR = 0x4000 EV_FLAG1 = 0x2000 EV_ONESHOT = 0x10 - EV_SYSFLAGS = 0xf000 + EV_RECEIPT = 0x40 + EV_SYSFLAGS = 0xf800 EXTA = 0x4b00 EXTB = 0x9600 EXTPROC = 0x800 @@ -443,6 +554,8 @@ const ( F_GETFL = 0x3 F_GETLK = 0x7 F_GETOWN = 0x5 + F_ISATTY = 0xb + F_OK = 0x0 F_RDLCK = 0x1 F_SETFD = 0x2 F_SETFL = 0x4 @@ -459,7 +572,6 @@ const ( IEXTEN = 0x400 IFAN_ARRIVAL = 0x0 IFAN_DEPARTURE = 0x1 - IFA_ROUTE = 0x1 IFF_ALLMULTI = 0x200 IFF_BROADCAST = 0x2 IFF_CANTCHANGE = 0x8e52 @@ -470,12 +582,12 @@ const ( IFF_LOOPBACK = 0x8 IFF_MULTICAST = 0x8000 IFF_NOARP = 0x80 - IFF_NOTRAILERS = 0x20 IFF_OACTIVE = 0x400 IFF_POINTOPOINT = 0x10 IFF_PROMISC = 0x100 IFF_RUNNING = 0x40 IFF_SIMPLEX = 0x800 + IFF_STATICARP = 0x20 IFF_UP = 0x1 IFNAMSIZ = 0x10 IFT_1822 = 0x2 @@ -604,6 +716,7 @@ const ( IFT_LINEGROUP = 0xd2 IFT_LOCALTALK = 0x2a IFT_LOOP = 0x18 + IFT_MBIM = 0xfa IFT_MEDIAMAILOVERIP = 0x8b IFT_MFSIGLINK = 0xa7 IFT_MIOX25 = 0x26 @@ -694,6 +807,7 @@ const ( IFT_VOICEOVERCABLE = 0xc6 IFT_VOICEOVERFRAMERELAY = 0x99 IFT_VOICEOVERIP = 0x68 + IFT_WIREGUARD = 0xfb IFT_X213 = 0x5d IFT_X25 = 0x5 IFT_X25DDN = 0x4 @@ -728,8 +842,6 @@ const ( IPPROTO_AH = 0x33 IPPROTO_CARP = 0x70 IPPROTO_DIVERT = 0x102 - IPPROTO_DIVERT_INIT = 0x2 - IPPROTO_DIVERT_RESP = 0x1 IPPROTO_DONE = 0x101 IPPROTO_DSTOPTS = 0x3c IPPROTO_EGP = 0x8 @@ -761,9 +873,11 @@ const ( IPPROTO_RAW = 0xff IPPROTO_ROUTING = 0x2b IPPROTO_RSVP = 0x2e + IPPROTO_SCTP = 0x84 IPPROTO_TCP = 0x6 IPPROTO_TP = 0x1d IPPROTO_UDP = 0x11 + IPPROTO_UDPLITE = 0x88 IPV6_AUTH_LEVEL = 0x35 IPV6_AUTOFLOWLABEL = 0x3b IPV6_CHECKSUM = 0x1a @@ -786,6 +900,7 @@ const ( IPV6_LEAVE_GROUP = 0xd IPV6_MAXHLIM = 0xff IPV6_MAXPACKET = 0xffff + IPV6_MINHOPCOUNT = 0x41 IPV6_MMTU = 0x500 IPV6_MULTICAST_HOPS = 0xa IPV6_MULTICAST_IF = 0x9 @@ -825,12 +940,12 @@ const ( IP_DEFAULT_MULTICAST_LOOP = 0x1 IP_DEFAULT_MULTICAST_TTL = 0x1 IP_DF = 0x4000 - IP_DIVERTFL = 0x1022 IP_DROP_MEMBERSHIP = 0xd IP_ESP_NETWORK_LEVEL = 0x16 IP_ESP_TRANS_LEVEL = 0x15 IP_HDRINCL = 0x2 IP_IPCOMP_LEVEL = 0x1d + IP_IPDEFTTL = 0x25 IP_IPSECFLOWINFO = 0x24 IP_IPSEC_LOCAL_AUTH = 0x1b IP_IPSEC_LOCAL_CRED = 0x19 @@ -864,10 +979,15 @@ const ( IP_RETOPTS = 0x8 IP_RF = 0x8000 IP_RTABLE = 0x1021 + IP_SENDSRCADDR = 0x7 IP_TOS = 0x3 IP_TTL = 0x4 ISIG = 0x80 ISTRIP = 0x20 + ITIMER_PROF = 0x2 + ITIMER_REAL = 0x0 + ITIMER_VIRTUAL = 0x1 + IUCLC = 0x1000 IXANY = 0x800 IXOFF = 0x400 IXON = 0x200 @@ -922,6 +1042,7 @@ const ( MNT_NOATIME = 0x8000 MNT_NODEV = 0x10 MNT_NOEXEC = 0x4 + MNT_NOPERM = 0x20 MNT_NOSUID = 0x8 MNT_NOWAIT = 0x2 MNT_QUOTA = 0x2000 @@ -929,12 +1050,27 @@ const ( MNT_RELOAD = 0x40000 MNT_ROOTFS = 0x4000 MNT_SOFTDEP = 0x4000000 + MNT_STALLED = 0x100000 + MNT_SWAPPABLE = 0x200000 MNT_SYNCHRONOUS = 0x2 MNT_UPDATE = 0x10000 MNT_VISFLAGMASK = 0x400ffff MNT_WAIT = 0x1 MNT_WANTRDWR = 0x2000000 MNT_WXALLOWED = 0x800 + MOUNT_AFS = "afs" + MOUNT_CD9660 = "cd9660" + MOUNT_EXT2FS = "ext2fs" + MOUNT_FFS = "ffs" + MOUNT_FUSEFS = "fuse" + MOUNT_MFS = "mfs" + MOUNT_MSDOS = "msdos" + MOUNT_NCPFS = "ncpfs" + MOUNT_NFS = "nfs" + MOUNT_NTFS = "ntfs" + MOUNT_TMPFS = "tmpfs" + MOUNT_UDF = "udf" + MOUNT_UFS = "ffs" MSG_BCAST = 0x100 MSG_CMSG_CLOEXEC = 0x800 MSG_CTRUNC = 0x20 @@ -947,6 +1083,7 @@ const ( MSG_PEEK = 0x2 MSG_TRUNC = 0x10 MSG_WAITALL = 0x40 + MSG_WAITFORONE = 0x1000 MS_ASYNC = 0x1 MS_INVALIDATE = 0x4 MS_SYNC = 0x2 @@ -954,12 +1091,16 @@ const ( NET_RT_DUMP = 0x1 NET_RT_FLAGS = 0x2 NET_RT_IFLIST = 0x3 - NET_RT_MAXID = 0x6 + NET_RT_IFNAMES = 0x6 + NET_RT_MAXID = 0x8 + NET_RT_SOURCE = 0x7 NET_RT_STATS = 0x4 NET_RT_TABLE = 0x5 NFDBITS = 0x20 NOFLSH = 0x80000000 + NOKERNINFO = 0x2000000 NOTE_ATTRIB = 0x8 + NOTE_CHANGE = 0x1 NOTE_CHILD = 0x4 NOTE_DELETE = 0x1 NOTE_EOF = 0x2 @@ -969,6 +1110,7 @@ const ( NOTE_FORK = 0x40000000 NOTE_LINK = 0x10 NOTE_LOWAT = 0x1 + NOTE_OOB = 0x4 NOTE_PCTRLMASK = 0xf0000000 NOTE_PDATAMASK = 0xfffff NOTE_RENAME = 0x20 @@ -978,11 +1120,13 @@ const ( NOTE_TRUNCATE = 0x80 NOTE_WRITE = 0x2 OCRNL = 0x10 + OLCUC = 0x20 ONLCR = 0x2 ONLRET = 0x80 ONOCR = 0x40 ONOEOT = 0x8 OPOST = 0x1 + OXTABS = 0x4 O_ACCMODE = 0x3 O_APPEND = 0x8 O_ASYNC = 0x40 @@ -1027,19 +1171,25 @@ const ( RLIMIT_STACK = 0x3 RLIM_INFINITY = 0x7fffffffffffffff RTAX_AUTHOR = 0x6 + RTAX_BFD = 0xb RTAX_BRD = 0x7 + RTAX_DNS = 0xc RTAX_DST = 0x0 RTAX_GATEWAY = 0x1 RTAX_GENMASK = 0x3 RTAX_IFA = 0x5 RTAX_IFP = 0x4 RTAX_LABEL = 0xa - RTAX_MAX = 0xb + RTAX_MAX = 0xf RTAX_NETMASK = 0x2 + RTAX_SEARCH = 0xe RTAX_SRC = 0x8 RTAX_SRCMASK = 0x9 + RTAX_STATIC = 0xd RTA_AUTHOR = 0x40 + RTA_BFD = 0x800 RTA_BRD = 0x80 + RTA_DNS = 0x1000 RTA_DST = 0x1 RTA_GATEWAY = 0x2 RTA_GENMASK = 0x8 @@ -1047,24 +1197,29 @@ const ( RTA_IFP = 0x10 RTA_LABEL = 0x400 RTA_NETMASK = 0x4 + RTA_SEARCH = 0x4000 RTA_SRC = 0x100 RTA_SRCMASK = 0x200 + RTA_STATIC = 0x2000 RTF_ANNOUNCE = 0x4000 + RTF_BFD = 0x1000000 RTF_BLACKHOLE = 0x1000 RTF_BROADCAST = 0x400000 + RTF_CACHED = 0x20000 RTF_CLONED = 0x10000 RTF_CLONING = 0x100 + RTF_CONNECTED = 0x800000 RTF_DONE = 0x40 RTF_DYNAMIC = 0x10 - RTF_FMASK = 0x70f808 + RTF_FMASK = 0x110fc08 RTF_GATEWAY = 0x2 RTF_HOST = 0x4 RTF_LLINFO = 0x400 RTF_LOCAL = 0x200000 - RTF_MASK = 0x80 RTF_MODIFIED = 0x20 RTF_MPATH = 0x40000 RTF_MPLS = 0x100000 + RTF_MULTICAST = 0x200 RTF_PERMANENT_ARP = 0x2000 RTF_PROTO1 = 0x8000 RTF_PROTO2 = 0x4000 @@ -1073,23 +1228,26 @@ const ( RTF_STATIC = 0x800 RTF_UP = 0x1 RTF_USETRAILERS = 0x8000 - RTF_XRESOLVE = 0x200 + RTM_80211INFO = 0x15 RTM_ADD = 0x1 + RTM_BFD = 0x12 RTM_CHANGE = 0x3 + RTM_CHGADDRATTR = 0x14 RTM_DELADDR = 0xd RTM_DELETE = 0x2 RTM_DESYNC = 0x10 RTM_GET = 0x4 RTM_IFANNOUNCE = 0xf RTM_IFINFO = 0xe - RTM_LOCK = 0x8 + RTM_INVALIDATE = 0x11 RTM_LOSING = 0x5 RTM_MAXSIZE = 0x800 RTM_MISS = 0x7 RTM_NEWADDR = 0xc + RTM_PROPOSAL = 0x13 RTM_REDIRECT = 0x6 RTM_RESOLVE = 0xb - RTM_RTTUNIT = 0xf4240 + RTM_SOURCE = 0x16 RTM_VERSION = 0x5 RTV_EXPIRE = 0x4 RTV_HOPCOUNT = 0x2 @@ -1099,67 +1257,74 @@ const ( RTV_RTTVAR = 0x80 RTV_SPIPE = 0x10 RTV_SSTHRESH = 0x20 + RT_TABLEID_BITS = 0x8 + RT_TABLEID_MASK = 0xff RT_TABLEID_MAX = 0xff RUSAGE_CHILDREN = -0x1 RUSAGE_SELF = 0x0 RUSAGE_THREAD = 0x1 SCM_RIGHTS = 0x1 SCM_TIMESTAMP = 0x4 + SEEK_CUR = 0x1 + SEEK_END = 0x2 + SEEK_SET = 0x0 SHUT_RD = 0x0 SHUT_RDWR = 0x2 SHUT_WR = 0x1 SIOCADDMULTI = 0x80206931 SIOCAIFADDR = 0x8040691a SIOCAIFGROUP = 0x80246987 - SIOCALIFADDR = 0x8218691c SIOCATMARK = 0x40047307 - SIOCBRDGADD = 0x8054693c - SIOCBRDGADDS = 0x80546941 - SIOCBRDGARL = 0x806e694d + SIOCBRDGADD = 0x8060693c + SIOCBRDGADDL = 0x80606949 + SIOCBRDGADDS = 0x80606941 + SIOCBRDGARL = 0x808c694d SIOCBRDGDADDR = 0x81286947 - SIOCBRDGDEL = 0x8054693d - SIOCBRDGDELS = 0x80546942 - SIOCBRDGFLUSH = 0x80546948 - SIOCBRDGFRL = 0x806e694e + SIOCBRDGDEL = 0x8060693d + SIOCBRDGDELS = 0x80606942 + SIOCBRDGFLUSH = 0x80606948 + SIOCBRDGFRL = 0x808c694e SIOCBRDGGCACHE = 0xc0146941 SIOCBRDGGFD = 0xc0146952 SIOCBRDGGHT = 0xc0146951 - SIOCBRDGGIFFLGS = 0xc054693e + SIOCBRDGGIFFLGS = 0xc060693e SIOCBRDGGMA = 0xc0146953 - SIOCBRDGGPARAM = 0xc03c6958 + SIOCBRDGGPARAM = 0xc0406958 SIOCBRDGGPRI = 0xc0146950 SIOCBRDGGRL = 0xc028694f - SIOCBRDGGSIFS = 0xc054693c SIOCBRDGGTO = 0xc0146946 - SIOCBRDGIFS = 0xc0546942 + SIOCBRDGIFS = 0xc0606942 SIOCBRDGRTS = 0xc0186943 SIOCBRDGSADDR = 0xc1286944 SIOCBRDGSCACHE = 0x80146940 SIOCBRDGSFD = 0x80146952 SIOCBRDGSHT = 0x80146951 - SIOCBRDGSIFCOST = 0x80546955 - SIOCBRDGSIFFLGS = 0x8054693f - SIOCBRDGSIFPRIO = 0x80546954 + SIOCBRDGSIFCOST = 0x80606955 + SIOCBRDGSIFFLGS = 0x8060693f + SIOCBRDGSIFPRIO = 0x80606954 + SIOCBRDGSIFPROT = 0x8060694a SIOCBRDGSMA = 0x80146953 SIOCBRDGSPRI = 0x80146950 SIOCBRDGSPROTO = 0x8014695a SIOCBRDGSTO = 0x80146945 SIOCBRDGSTXHC = 0x80146959 + SIOCDELLABEL = 0x80206997 SIOCDELMULTI = 0x80206932 SIOCDIFADDR = 0x80206919 SIOCDIFGROUP = 0x80246989 + SIOCDIFPARENT = 0x802069b4 SIOCDIFPHYADDR = 0x80206949 - SIOCDLIFADDR = 0x8218691e + SIOCDPWE3NEIGHBOR = 0x802069de + SIOCDVNETID = 0x802069af SIOCGETKALIVE = 0xc01869a4 SIOCGETLABEL = 0x8020699a + SIOCGETMPWCFG = 0xc02069ae SIOCGETPFLOW = 0xc02069fe SIOCGETPFSYNC = 0xc02069f8 SIOCGETSGCNT = 0xc0147534 SIOCGETVIFCNT = 0xc0147533 SIOCGETVLAN = 0xc0206990 - SIOCGHIWAT = 0x40047301 SIOCGIFADDR = 0xc0206921 - SIOCGIFASYNCMAP = 0xc020697c SIOCGIFBRDADDR = 0xc0206923 SIOCGIFCONF = 0xc0086924 SIOCGIFDATA = 0xc020691b @@ -1168,41 +1333,53 @@ const ( SIOCGIFFLAGS = 0xc0206911 SIOCGIFGATTR = 0xc024698b SIOCGIFGENERIC = 0xc020693a + SIOCGIFGLIST = 0xc024698d SIOCGIFGMEMB = 0xc024698a SIOCGIFGROUP = 0xc0246988 SIOCGIFHARDMTU = 0xc02069a5 - SIOCGIFMEDIA = 0xc0286936 + SIOCGIFLLPRIO = 0xc02069b6 + SIOCGIFMEDIA = 0xc0386938 SIOCGIFMETRIC = 0xc0206917 SIOCGIFMTU = 0xc020697e SIOCGIFNETMASK = 0xc0206925 - SIOCGIFPDSTADDR = 0xc0206948 + SIOCGIFPAIR = 0xc02069b1 + SIOCGIFPARENT = 0xc02069b3 SIOCGIFPRIORITY = 0xc020699c - SIOCGIFPSRCADDR = 0xc0206947 SIOCGIFRDOMAIN = 0xc02069a0 SIOCGIFRTLABEL = 0xc0206983 SIOCGIFRXR = 0x802069aa - SIOCGIFTIMESLOT = 0xc0206986 + SIOCGIFSFFPAGE = 0xc1126939 SIOCGIFXFLAGS = 0xc020699e - SIOCGLIFADDR = 0xc218691d SIOCGLIFPHYADDR = 0xc218694b + SIOCGLIFPHYDF = 0xc02069c2 + SIOCGLIFPHYECN = 0xc02069c8 SIOCGLIFPHYRTABLE = 0xc02069a2 SIOCGLIFPHYTTL = 0xc02069a9 - SIOCGLOWAT = 0x40047303 SIOCGPGRP = 0x40047309 + SIOCGPWE3 = 0xc0206998 + SIOCGPWE3CTRLWORD = 0xc02069dc + SIOCGPWE3FAT = 0xc02069dd + SIOCGPWE3NEIGHBOR = 0xc21869de + SIOCGRXHPRIO = 0xc02069db SIOCGSPPPPARAMS = 0xc0206994 + SIOCGTXHPRIO = 0xc02069c6 + SIOCGUMBINFO = 0xc02069be + SIOCGUMBPARAM = 0xc02069c0 SIOCGVH = 0xc02069f6 + SIOCGVNETFLOWID = 0xc02069c4 SIOCGVNETID = 0xc02069a7 + SIOCIFAFATTACH = 0x801169ab + SIOCIFAFDETACH = 0x801169ac SIOCIFCREATE = 0x8020697a SIOCIFDESTROY = 0x80206979 SIOCIFGCLONERS = 0xc00c6978 SIOCSETKALIVE = 0x801869a3 SIOCSETLABEL = 0x80206999 + SIOCSETMPWCFG = 0x802069ad SIOCSETPFLOW = 0x802069fd SIOCSETPFSYNC = 0x802069f7 SIOCSETVLAN = 0x8020698f - SIOCSHIWAT = 0x80047300 SIOCSIFADDR = 0x8020690c - SIOCSIFASYNCMAP = 0x8020697d SIOCSIFBRDADDR = 0x80206913 SIOCSIFDESCR = 0x80206980 SIOCSIFDSTADDR = 0x8020690e @@ -1210,26 +1387,36 @@ const ( SIOCSIFGATTR = 0x8024698c SIOCSIFGENERIC = 0x80206939 SIOCSIFLLADDR = 0x8020691f - SIOCSIFMEDIA = 0xc0206935 + SIOCSIFLLPRIO = 0x802069b5 + SIOCSIFMEDIA = 0xc0206937 SIOCSIFMETRIC = 0x80206918 SIOCSIFMTU = 0x8020697f SIOCSIFNETMASK = 0x80206916 - SIOCSIFPHYADDR = 0x80406946 + SIOCSIFPAIR = 0x802069b0 + SIOCSIFPARENT = 0x802069b2 SIOCSIFPRIORITY = 0x8020699b SIOCSIFRDOMAIN = 0x8020699f SIOCSIFRTLABEL = 0x80206982 - SIOCSIFTIMESLOT = 0x80206985 SIOCSIFXFLAGS = 0x8020699d SIOCSLIFPHYADDR = 0x8218694a + SIOCSLIFPHYDF = 0x802069c1 + SIOCSLIFPHYECN = 0x802069c7 SIOCSLIFPHYRTABLE = 0x802069a1 SIOCSLIFPHYTTL = 0x802069a8 - SIOCSLOWAT = 0x80047302 SIOCSPGRP = 0x80047308 + SIOCSPWE3CTRLWORD = 0x802069dc + SIOCSPWE3FAT = 0x802069dd + SIOCSPWE3NEIGHBOR = 0x821869de + SIOCSRXHPRIO = 0x802069db SIOCSSPPPPARAMS = 0x80206993 + SIOCSTXHPRIO = 0x802069c5 + SIOCSUMBPARAM = 0x802069bf SIOCSVH = 0xc02069f5 + SIOCSVNETFLOWID = 0x802069c3 SIOCSVNETID = 0x802069a6 SOCK_CLOEXEC = 0x8000 SOCK_DGRAM = 0x2 + SOCK_DNS = 0x1000 SOCK_NONBLOCK = 0x4000 SOCK_RAW = 0x3 SOCK_RDM = 0x4 @@ -1241,6 +1428,7 @@ const ( SO_BINDANY = 0x1000 SO_BROADCAST = 0x20 SO_DEBUG = 0x1 + SO_DOMAIN = 0x1024 SO_DONTROUTE = 0x10 SO_ERROR = 0x1007 SO_KEEPALIVE = 0x8 @@ -1248,6 +1436,7 @@ const ( SO_NETPROC = 0x1020 SO_OOBINLINE = 0x100 SO_PEERCRED = 0x1022 + SO_PROTOCOL = 0x1025 SO_RCVBUF = 0x1002 SO_RCVLOWAT = 0x1004 SO_RCVTIMEO = 0x1006 @@ -1261,6 +1450,7 @@ const ( SO_TIMESTAMP = 0x800 SO_TYPE = 0x1008 SO_USELOOPBACK = 0x40 + SO_ZEROIZE = 0x2000 S_BLKSIZE = 0x200 S_IEXEC = 0x40 S_IFBLK = 0x6000 @@ -1290,9 +1480,24 @@ const ( S_IXOTH = 0x1 S_IXUSR = 0x40 TCIFLUSH = 0x1 + TCIOFF = 0x3 TCIOFLUSH = 0x3 + TCION = 0x4 TCOFLUSH = 0x2 - TCP_MAXBURST = 0x4 + TCOOFF = 0x1 + TCOON = 0x2 + TCPOPT_EOL = 0x0 + TCPOPT_MAXSEG = 0x2 + TCPOPT_NOP = 0x1 + TCPOPT_SACK = 0x5 + TCPOPT_SACK_HDR = 0x1010500 + TCPOPT_SACK_PERMITTED = 0x4 + TCPOPT_SACK_PERMIT_HDR = 0x1010402 + TCPOPT_SIGNATURE = 0x13 + TCPOPT_TIMESTAMP = 0x8 + TCPOPT_TSTAMP_HDR = 0x101080a + TCPOPT_WINDOW = 0x3 + TCP_INFO = 0x9 TCP_MAXSEG = 0x2 TCP_MAXWIN = 0xffff TCP_MAX_SACK = 0x3 @@ -1301,11 +1506,15 @@ const ( TCP_MSS = 0x200 TCP_NODELAY = 0x1 TCP_NOPUSH = 0x10 - TCP_NSTATES = 0xb + TCP_SACKHOLE_LIMIT = 0x80 TCP_SACK_ENABLE = 0x8 TCSAFLUSH = 0x2 + TIMER_ABSTIME = 0x1 + TIMER_RELTIME = 0x0 TIOCCBRK = 0x2000747a TIOCCDTR = 0x20007478 + TIOCCHKVERAUTH = 0x2000741e + TIOCCLRVERAUTH = 0x2000741d TIOCCONS = 0x80047462 TIOCDRAIN = 0x2000745e TIOCEXCL = 0x2000740d @@ -1321,7 +1530,7 @@ const ( TIOCGFLAGS = 0x4004745d TIOCGPGRP = 0x40047477 TIOCGSID = 0x40047463 - TIOCGTSTAMP = 0x400c745b + TIOCGTSTAMP = 0x4010745b TIOCGWINSZ = 0x40087468 TIOCMBIC = 0x8004746b TIOCMBIS = 0x8004746c @@ -1360,17 +1569,21 @@ const ( TIOCSETAF = 0x802c7416 TIOCSETAW = 0x802c7415 TIOCSETD = 0x8004741b + TIOCSETVERAUTH = 0x8004741c TIOCSFLAGS = 0x8004745c TIOCSIG = 0x8004745f TIOCSPGRP = 0x80047476 TIOCSTART = 0x2000746e - TIOCSTAT = 0x80047465 - TIOCSTI = 0x80017472 + TIOCSTAT = 0x20007465 TIOCSTOP = 0x2000746f TIOCSTSTAMP = 0x8008745a TIOCSWINSZ = 0x80087467 TIOCUCNTL = 0x80047466 + TIOCUCNTL_CBRK = 0x7a + TIOCUCNTL_SBRK = 0x7b TOSTOP = 0x400000 + UTIME_NOW = -0x2 + UTIME_OMIT = -0x1 VDISCARD = 0xf VDSUSP = 0xb VEOF = 0x0 @@ -1381,6 +1594,19 @@ const ( VKILL = 0x5 VLNEXT = 0xe VMIN = 0x10 + VM_ANONMIN = 0x7 + VM_LOADAVG = 0x2 + VM_MALLOC_CONF = 0xc + VM_MAXID = 0xd + VM_MAXSLP = 0xa + VM_METER = 0x1 + VM_NKMEMPAGES = 0x6 + VM_PSSTRINGS = 0x3 + VM_SWAPENCRYPT = 0x5 + VM_USPACE = 0xb + VM_UVMEXP = 0x4 + VM_VNODEMIN = 0x9 + VM_VTEXTMIN = 0x8 VQUIT = 0x9 VREPRINT = 0x6 VSTART = 0xc @@ -1394,6 +1620,7 @@ const ( WCOREFLAG = 0x80 WNOHANG = 0x1 WUNTRACED = 0x2 + XCASE = 0x1000000 ) // Errors @@ -1407,6 +1634,7 @@ const ( EALREADY = syscall.Errno(0x25) EAUTH = syscall.Errno(0x50) EBADF = syscall.Errno(0x9) + EBADMSG = syscall.Errno(0x5c) EBADRPC = syscall.Errno(0x48) EBUSY = syscall.Errno(0x10) ECANCELED = syscall.Errno(0x58) @@ -1433,7 +1661,7 @@ const ( EIPSEC = syscall.Errno(0x52) EISCONN = syscall.Errno(0x38) EISDIR = syscall.Errno(0x15) - ELAST = syscall.Errno(0x5b) + ELAST = syscall.Errno(0x5f) ELOOP = syscall.Errno(0x3e) EMEDIUMTYPE = syscall.Errno(0x56) EMFILE = syscall.Errno(0x18) @@ -1461,12 +1689,14 @@ const ( ENOTCONN = syscall.Errno(0x39) ENOTDIR = syscall.Errno(0x14) ENOTEMPTY = syscall.Errno(0x42) + ENOTRECOVERABLE = syscall.Errno(0x5d) ENOTSOCK = syscall.Errno(0x26) ENOTSUP = syscall.Errno(0x5b) ENOTTY = syscall.Errno(0x19) ENXIO = syscall.Errno(0x6) EOPNOTSUPP = syscall.Errno(0x2d) EOVERFLOW = syscall.Errno(0x57) + EOWNERDEAD = syscall.Errno(0x5e) EPERM = syscall.Errno(0x1) EPFNOSUPPORT = syscall.Errno(0x2e) EPIPE = syscall.Errno(0x20) @@ -1474,6 +1704,7 @@ const ( EPROCUNAVAIL = syscall.Errno(0x4c) EPROGMISMATCH = syscall.Errno(0x4b) EPROGUNAVAIL = syscall.Errno(0x4a) + EPROTO = syscall.Errno(0x5f) EPROTONOSUPPORT = syscall.Errno(0x2b) EPROTOTYPE = syscall.Errno(0x29) ERANGE = syscall.Errno(0x22) @@ -1570,7 +1801,7 @@ var errorList = [...]struct { {32, "EPIPE", "broken pipe"}, {33, "EDOM", "numerical argument out of domain"}, {34, "ERANGE", "result too large"}, - {35, "EWOULDBLOCK", "resource temporarily unavailable"}, + {35, "EAGAIN", "resource temporarily unavailable"}, {36, "EINPROGRESS", "operation now in progress"}, {37, "EALREADY", "operation already in progress"}, {38, "ENOTSOCK", "socket operation on non-socket"}, @@ -1626,7 +1857,11 @@ var errorList = [...]struct { {88, "ECANCELED", "operation canceled"}, {89, "EIDRM", "identifier removed"}, {90, "ENOMSG", "no message of desired type"}, - {91, "ELAST", "not supported"}, + {91, "ENOTSUP", "not supported"}, + {92, "EBADMSG", "bad message"}, + {93, "ENOTRECOVERABLE", "state not recoverable"}, + {94, "EOWNERDEAD", "previous owner died"}, + {95, "ELAST", "protocol error"}, } // Signal table @@ -1640,7 +1875,7 @@ var signalList = [...]struct { {3, "SIGQUIT", "quit"}, {4, "SIGILL", "illegal instruction"}, {5, "SIGTRAP", "trace/BPT trap"}, - {6, "SIGABRT", "abort trap"}, + {6, "SIGIOT", "abort trap"}, {7, "SIGEMT", "EMT trap"}, {8, "SIGFPE", "floating point exception"}, {9, "SIGKILL", "killed"}, @@ -1667,4 +1902,5 @@ var signalList = [...]struct { {30, "SIGUSR1", "user defined signal 1"}, {31, "SIGUSR2", "user defined signal 2"}, {32, "SIGTHR", "thread AST"}, + {28672, "SIGSTKSZ", "unknown signal"}, } diff --git a/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm64.go index 90de7dfc33a..ae16fe7542a 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm64.go @@ -112,6 +112,12 @@ const ( BPF_FILDROP_CAPTURE = 0x1 BPF_FILDROP_DROP = 0x2 BPF_FILDROP_PASS = 0x0 + BPF_F_DIR_IN = 0x10 + BPF_F_DIR_MASK = 0x30 + BPF_F_DIR_OUT = 0x20 + BPF_F_DIR_SHIFT = 0x4 + BPF_F_FLOWID = 0x8 + BPF_F_PRI_MASK = 0x7 BPF_H = 0x8 BPF_IMM = 0x0 BPF_IND = 0x40 @@ -140,6 +146,7 @@ const ( BPF_OR = 0x40 BPF_RELEASE = 0x30bb6 BPF_RET = 0x6 + BPF_RND = 0xc0 BPF_RSH = 0x70 BPF_ST = 0x2 BPF_STX = 0x3 @@ -180,7 +187,65 @@ const ( CTL_KERN = 0x1 CTL_MAXNAME = 0xc CTL_NET = 0x4 + DIOCADDQUEUE = 0xc110445d + DIOCADDRULE = 0xcd604404 + DIOCADDSTATE = 0xc1084425 + DIOCCHANGERULE = 0xcd60441a + DIOCCLRIFFLAG = 0xc028445a + DIOCCLRSRCNODES = 0x20004455 + DIOCCLRSTATES = 0xc0e04412 + DIOCCLRSTATUS = 0xc0284416 + DIOCGETLIMIT = 0xc0084427 + DIOCGETQSTATS = 0xc1204460 + DIOCGETQUEUE = 0xc110445f + DIOCGETQUEUES = 0xc110445e + DIOCGETRULE = 0xcd604407 + DIOCGETRULES = 0xcd604406 + DIOCGETRULESET = 0xc444443b + DIOCGETRULESETS = 0xc444443a + DIOCGETSRCNODES = 0xc0104454 + DIOCGETSTATE = 0xc1084413 + DIOCGETSTATES = 0xc0104419 + DIOCGETSTATUS = 0xc1e84415 + DIOCGETSYNFLWATS = 0xc0084463 + DIOCGETTIMEOUT = 0xc008441e + DIOCIGETIFACES = 0xc0284457 + DIOCKILLSRCNODES = 0xc080445b + DIOCKILLSTATES = 0xc0e04429 + DIOCNATLOOK = 0xc0504417 + DIOCOSFPADD = 0xc088444f DIOCOSFPFLUSH = 0x2000444e + DIOCOSFPGET = 0xc0884450 + DIOCRADDADDRS = 0xc4504443 + DIOCRADDTABLES = 0xc450443d + DIOCRCLRADDRS = 0xc4504442 + DIOCRCLRASTATS = 0xc4504448 + DIOCRCLRTABLES = 0xc450443c + DIOCRCLRTSTATS = 0xc4504441 + DIOCRDELADDRS = 0xc4504444 + DIOCRDELTABLES = 0xc450443e + DIOCRGETADDRS = 0xc4504446 + DIOCRGETASTATS = 0xc4504447 + DIOCRGETTABLES = 0xc450443f + DIOCRGETTSTATS = 0xc4504440 + DIOCRINADEFINE = 0xc450444d + DIOCRSETADDRS = 0xc4504445 + DIOCRSETTFLAGS = 0xc450444a + DIOCRTSTADDRS = 0xc4504449 + DIOCSETDEBUG = 0xc0044418 + DIOCSETHOSTID = 0xc0044456 + DIOCSETIFFLAG = 0xc0284459 + DIOCSETLIMIT = 0xc0084428 + DIOCSETREASS = 0xc004445c + DIOCSETSTATUSIF = 0xc0284414 + DIOCSETSYNCOOKIES = 0xc0014462 + DIOCSETSYNFLWATS = 0xc0084461 + DIOCSETTIMEOUT = 0xc008441d + DIOCSTART = 0x20004401 + DIOCSTOP = 0x20004402 + DIOCXBEGIN = 0xc0104451 + DIOCXCOMMIT = 0xc0104452 + DIOCXROLLBACK = 0xc0104453 DLT_ARCNET = 0x7 DLT_ATM_RFC1483 = 0xb DLT_AX25 = 0x3 @@ -243,6 +308,8 @@ const ( EMUL_ENABLED = 0x1 EMUL_NATIVE = 0x2 ENDRUNDISC = 0x9 + ETH64_8021_RSVD_MASK = 0xfffffffffff0 + ETH64_8021_RSVD_PREFIX = 0x180c2000000 ETHERMIN = 0x2e ETHERMTU = 0x5dc ETHERTYPE_8023 = 0x4 @@ -295,6 +362,7 @@ const ( ETHERTYPE_DN = 0x6003 ETHERTYPE_DOGFIGHT = 0x1989 ETHERTYPE_DSMD = 0x8039 + ETHERTYPE_EAPOL = 0x888e ETHERTYPE_ECMA = 0x803 ETHERTYPE_ENCRYPT = 0x803d ETHERTYPE_ES = 0x805d @@ -326,6 +394,7 @@ const ( ETHERTYPE_LLDP = 0x88cc ETHERTYPE_LOGICRAFT = 0x8148 ETHERTYPE_LOOPBACK = 0x9000 + ETHERTYPE_MACSEC = 0x88e5 ETHERTYPE_MATRA = 0x807a ETHERTYPE_MAX = 0xffff ETHERTYPE_MERIT = 0x807c @@ -354,15 +423,16 @@ const ( ETHERTYPE_NCD = 0x8149 ETHERTYPE_NESTAR = 0x8006 ETHERTYPE_NETBEUI = 0x8191 + ETHERTYPE_NHRP = 0x2001 ETHERTYPE_NOVELL = 0x8138 ETHERTYPE_NS = 0x600 ETHERTYPE_NSAT = 0x601 ETHERTYPE_NSCOMPAT = 0x807 + ETHERTYPE_NSH = 0x984f ETHERTYPE_NTRAILER = 0x10 ETHERTYPE_OS9 = 0x7007 ETHERTYPE_OS9NET = 0x7009 ETHERTYPE_PACER = 0x80c6 - ETHERTYPE_PAE = 0x888e ETHERTYPE_PBB = 0x88e7 ETHERTYPE_PCS = 0x4242 ETHERTYPE_PLANNING = 0x8044 @@ -445,10 +515,11 @@ const ( ETHER_VLAN_ENCAP_LEN = 0x4 EVFILT_AIO = -0x3 EVFILT_DEVICE = -0x8 + EVFILT_EXCEPT = -0x9 EVFILT_PROC = -0x5 EVFILT_READ = -0x1 EVFILT_SIGNAL = -0x6 - EVFILT_SYSCOUNT = 0x8 + EVFILT_SYSCOUNT = 0x9 EVFILT_TIMER = -0x7 EVFILT_VNODE = -0x4 EVFILT_WRITE = -0x2 @@ -470,7 +541,7 @@ const ( EV_FLAG1 = 0x2000 EV_ONESHOT = 0x10 EV_RECEIPT = 0x40 - EV_SYSFLAGS = 0xf000 + EV_SYSFLAGS = 0xf800 EXTA = 0x4b00 EXTB = 0x9600 EXTPROC = 0x800 @@ -736,6 +807,7 @@ const ( IFT_VOICEOVERCABLE = 0xc6 IFT_VOICEOVERFRAMERELAY = 0x99 IFT_VOICEOVERIP = 0x68 + IFT_WIREGUARD = 0xfb IFT_X213 = 0x5d IFT_X25 = 0x5 IFT_X25DDN = 0x4 @@ -801,9 +873,11 @@ const ( IPPROTO_RAW = 0xff IPPROTO_ROUTING = 0x2b IPPROTO_RSVP = 0x2e + IPPROTO_SCTP = 0x84 IPPROTO_TCP = 0x6 IPPROTO_TP = 0x1d IPPROTO_UDP = 0x11 + IPPROTO_UDPLITE = 0x88 IPV6_AUTH_LEVEL = 0x35 IPV6_AUTOFLOWLABEL = 0x3b IPV6_CHECKSUM = 0x1a @@ -910,6 +984,9 @@ const ( IP_TTL = 0x4 ISIG = 0x80 ISTRIP = 0x20 + ITIMER_PROF = 0x2 + ITIMER_REAL = 0x0 + ITIMER_VIRTUAL = 0x1 IUCLC = 0x1000 IXANY = 0x800 IXOFF = 0x400 @@ -981,6 +1058,19 @@ const ( MNT_WAIT = 0x1 MNT_WANTRDWR = 0x2000000 MNT_WXALLOWED = 0x800 + MOUNT_AFS = "afs" + MOUNT_CD9660 = "cd9660" + MOUNT_EXT2FS = "ext2fs" + MOUNT_FFS = "ffs" + MOUNT_FUSEFS = "fuse" + MOUNT_MFS = "mfs" + MOUNT_MSDOS = "msdos" + MOUNT_NCPFS = "ncpfs" + MOUNT_NFS = "nfs" + MOUNT_NTFS = "ntfs" + MOUNT_TMPFS = "tmpfs" + MOUNT_UDF = "udf" + MOUNT_UFS = "ffs" MSG_BCAST = 0x100 MSG_CMSG_CLOEXEC = 0x800 MSG_CTRUNC = 0x20 @@ -993,6 +1083,7 @@ const ( MSG_PEEK = 0x2 MSG_TRUNC = 0x10 MSG_WAITALL = 0x40 + MSG_WAITFORONE = 0x1000 MS_ASYNC = 0x1 MS_INVALIDATE = 0x4 MS_SYNC = 0x2 @@ -1001,7 +1092,8 @@ const ( NET_RT_FLAGS = 0x2 NET_RT_IFLIST = 0x3 NET_RT_IFNAMES = 0x6 - NET_RT_MAXID = 0x7 + NET_RT_MAXID = 0x8 + NET_RT_SOURCE = 0x7 NET_RT_STATS = 0x4 NET_RT_TABLE = 0x5 NFDBITS = 0x20 @@ -1018,6 +1110,7 @@ const ( NOTE_FORK = 0x40000000 NOTE_LINK = 0x10 NOTE_LOWAT = 0x1 + NOTE_OOB = 0x4 NOTE_PCTRLMASK = 0xf0000000 NOTE_PDATAMASK = 0xfffff NOTE_RENAME = 0x20 @@ -1154,7 +1247,7 @@ const ( RTM_PROPOSAL = 0x13 RTM_REDIRECT = 0x6 RTM_RESOLVE = 0xb - RTM_RTTUNIT = 0xf4240 + RTM_SOURCE = 0x16 RTM_VERSION = 0x5 RTV_EXPIRE = 0x4 RTV_HOPCOUNT = 0x2 @@ -1172,6 +1265,9 @@ const ( RUSAGE_THREAD = 0x1 SCM_RIGHTS = 0x1 SCM_TIMESTAMP = 0x4 + SEEK_CUR = 0x1 + SEEK_END = 0x2 + SEEK_SET = 0x0 SHUT_RD = 0x0 SHUT_RDWR = 0x2 SHUT_WR = 0x1 @@ -1188,30 +1284,30 @@ const ( SIOCBRDGDELS = 0x80606942 SIOCBRDGFLUSH = 0x80606948 SIOCBRDGFRL = 0x808c694e - SIOCBRDGGCACHE = 0xc0186941 - SIOCBRDGGFD = 0xc0186952 - SIOCBRDGGHT = 0xc0186951 + SIOCBRDGGCACHE = 0xc0146941 + SIOCBRDGGFD = 0xc0146952 + SIOCBRDGGHT = 0xc0146951 SIOCBRDGGIFFLGS = 0xc060693e - SIOCBRDGGMA = 0xc0186953 + SIOCBRDGGMA = 0xc0146953 SIOCBRDGGPARAM = 0xc0406958 - SIOCBRDGGPRI = 0xc0186950 + SIOCBRDGGPRI = 0xc0146950 SIOCBRDGGRL = 0xc030694f - SIOCBRDGGTO = 0xc0186946 + SIOCBRDGGTO = 0xc0146946 SIOCBRDGIFS = 0xc0606942 SIOCBRDGRTS = 0xc0206943 SIOCBRDGSADDR = 0xc1286944 - SIOCBRDGSCACHE = 0x80186940 - SIOCBRDGSFD = 0x80186952 - SIOCBRDGSHT = 0x80186951 + SIOCBRDGSCACHE = 0x80146940 + SIOCBRDGSFD = 0x80146952 + SIOCBRDGSHT = 0x80146951 SIOCBRDGSIFCOST = 0x80606955 SIOCBRDGSIFFLGS = 0x8060693f SIOCBRDGSIFPRIO = 0x80606954 SIOCBRDGSIFPROT = 0x8060694a - SIOCBRDGSMA = 0x80186953 - SIOCBRDGSPRI = 0x80186950 - SIOCBRDGSPROTO = 0x8018695a - SIOCBRDGSTO = 0x80186945 - SIOCBRDGSTXHC = 0x80186959 + SIOCBRDGSMA = 0x80146953 + SIOCBRDGSPRI = 0x80146950 + SIOCBRDGSPROTO = 0x8014695a + SIOCBRDGSTO = 0x80146945 + SIOCBRDGSTXHC = 0x80146959 SIOCDELLABEL = 0x80206997 SIOCDELMULTI = 0x80206932 SIOCDIFADDR = 0x80206919 @@ -1264,6 +1360,7 @@ const ( SIOCGPWE3CTRLWORD = 0xc02069dc SIOCGPWE3FAT = 0xc02069dd SIOCGPWE3NEIGHBOR = 0xc21869de + SIOCGRXHPRIO = 0xc02069db SIOCGSPPPPARAMS = 0xc0206994 SIOCGTXHPRIO = 0xc02069c6 SIOCGUMBINFO = 0xc02069be @@ -1310,17 +1407,13 @@ const ( SIOCSPWE3CTRLWORD = 0x802069dc SIOCSPWE3FAT = 0x802069dd SIOCSPWE3NEIGHBOR = 0x821869de + SIOCSRXHPRIO = 0x802069db SIOCSSPPPPARAMS = 0x80206993 SIOCSTXHPRIO = 0x802069c5 SIOCSUMBPARAM = 0x802069bf SIOCSVH = 0xc02069f5 SIOCSVNETFLOWID = 0x802069c3 SIOCSVNETID = 0x802069a6 - SIOCSWGDPID = 0xc018695b - SIOCSWGMAXFLOW = 0xc0186960 - SIOCSWGMAXGROUP = 0xc018695d - SIOCSWSDPID = 0x8018695c - SIOCSWSPORTNO = 0xc060695f SOCK_CLOEXEC = 0x8000 SOCK_DGRAM = 0x2 SOCK_DNS = 0x1000 @@ -1335,6 +1428,7 @@ const ( SO_BINDANY = 0x1000 SO_BROADCAST = 0x20 SO_DEBUG = 0x1 + SO_DOMAIN = 0x1024 SO_DONTROUTE = 0x10 SO_ERROR = 0x1007 SO_KEEPALIVE = 0x8 @@ -1342,6 +1436,7 @@ const ( SO_NETPROC = 0x1020 SO_OOBINLINE = 0x100 SO_PEERCRED = 0x1022 + SO_PROTOCOL = 0x1025 SO_RCVBUF = 0x1002 SO_RCVLOWAT = 0x1004 SO_RCVTIMEO = 0x1006 @@ -1391,7 +1486,18 @@ const ( TCOFLUSH = 0x2 TCOOFF = 0x1 TCOON = 0x2 - TCP_MAXBURST = 0x4 + TCPOPT_EOL = 0x0 + TCPOPT_MAXSEG = 0x2 + TCPOPT_NOP = 0x1 + TCPOPT_SACK = 0x5 + TCPOPT_SACK_HDR = 0x1010500 + TCPOPT_SACK_PERMITTED = 0x4 + TCPOPT_SACK_PERMIT_HDR = 0x1010402 + TCPOPT_SIGNATURE = 0x13 + TCPOPT_TIMESTAMP = 0x8 + TCPOPT_TSTAMP_HDR = 0x101080a + TCPOPT_WINDOW = 0x3 + TCP_INFO = 0x9 TCP_MAXSEG = 0x2 TCP_MAXWIN = 0xffff TCP_MAX_SACK = 0x3 @@ -1400,6 +1506,7 @@ const ( TCP_MSS = 0x200 TCP_NODELAY = 0x1 TCP_NOPUSH = 0x10 + TCP_SACKHOLE_LIMIT = 0x80 TCP_SACK_ENABLE = 0x8 TCSAFLUSH = 0x2 TIMER_ABSTIME = 0x1 @@ -1768,7 +1875,7 @@ var signalList = [...]struct { {3, "SIGQUIT", "quit"}, {4, "SIGILL", "illegal instruction"}, {5, "SIGTRAP", "trace/BPT trap"}, - {6, "SIGABRT", "abort trap"}, + {6, "SIGIOT", "abort trap"}, {7, "SIGEMT", "EMT trap"}, {8, "SIGFPE", "floating point exception"}, {9, "SIGKILL", "killed"}, @@ -1795,4 +1902,5 @@ var signalList = [...]struct { {30, "SIGUSR1", "user defined signal 1"}, {31, "SIGUSR2", "user defined signal 2"}, {32, "SIGTHR", "thread AST"}, + {28672, "SIGSTKSZ", "unknown signal"}, } diff --git a/vendor/golang.org/x/sys/unix/zerrors_openbsd_mips64.go b/vendor/golang.org/x/sys/unix/zerrors_openbsd_mips64.go index f1154ff56f6..03d90fe3550 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_openbsd_mips64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_openbsd_mips64.go @@ -112,6 +112,12 @@ const ( BPF_FILDROP_CAPTURE = 0x1 BPF_FILDROP_DROP = 0x2 BPF_FILDROP_PASS = 0x0 + BPF_F_DIR_IN = 0x10 + BPF_F_DIR_MASK = 0x30 + BPF_F_DIR_OUT = 0x20 + BPF_F_DIR_SHIFT = 0x4 + BPF_F_FLOWID = 0x8 + BPF_F_PRI_MASK = 0x7 BPF_H = 0x8 BPF_IMM = 0x0 BPF_IND = 0x40 @@ -140,6 +146,7 @@ const ( BPF_OR = 0x40 BPF_RELEASE = 0x30bb6 BPF_RET = 0x6 + BPF_RND = 0xc0 BPF_RSH = 0x70 BPF_ST = 0x2 BPF_STX = 0x3 @@ -301,6 +308,8 @@ const ( EMUL_ENABLED = 0x1 EMUL_NATIVE = 0x2 ENDRUNDISC = 0x9 + ETH64_8021_RSVD_MASK = 0xfffffffffff0 + ETH64_8021_RSVD_PREFIX = 0x180c2000000 ETHERMIN = 0x2e ETHERMTU = 0x5dc ETHERTYPE_8023 = 0x4 @@ -353,6 +362,7 @@ const ( ETHERTYPE_DN = 0x6003 ETHERTYPE_DOGFIGHT = 0x1989 ETHERTYPE_DSMD = 0x8039 + ETHERTYPE_EAPOL = 0x888e ETHERTYPE_ECMA = 0x803 ETHERTYPE_ENCRYPT = 0x803d ETHERTYPE_ES = 0x805d @@ -413,15 +423,16 @@ const ( ETHERTYPE_NCD = 0x8149 ETHERTYPE_NESTAR = 0x8006 ETHERTYPE_NETBEUI = 0x8191 + ETHERTYPE_NHRP = 0x2001 ETHERTYPE_NOVELL = 0x8138 ETHERTYPE_NS = 0x600 ETHERTYPE_NSAT = 0x601 ETHERTYPE_NSCOMPAT = 0x807 + ETHERTYPE_NSH = 0x984f ETHERTYPE_NTRAILER = 0x10 ETHERTYPE_OS9 = 0x7007 ETHERTYPE_OS9NET = 0x7009 ETHERTYPE_PACER = 0x80c6 - ETHERTYPE_PAE = 0x888e ETHERTYPE_PBB = 0x88e7 ETHERTYPE_PCS = 0x4242 ETHERTYPE_PLANNING = 0x8044 @@ -504,10 +515,11 @@ const ( ETHER_VLAN_ENCAP_LEN = 0x4 EVFILT_AIO = -0x3 EVFILT_DEVICE = -0x8 + EVFILT_EXCEPT = -0x9 EVFILT_PROC = -0x5 EVFILT_READ = -0x1 EVFILT_SIGNAL = -0x6 - EVFILT_SYSCOUNT = 0x8 + EVFILT_SYSCOUNT = 0x9 EVFILT_TIMER = -0x7 EVFILT_VNODE = -0x4 EVFILT_WRITE = -0x2 @@ -529,7 +541,7 @@ const ( EV_FLAG1 = 0x2000 EV_ONESHOT = 0x10 EV_RECEIPT = 0x40 - EV_SYSFLAGS = 0xf000 + EV_SYSFLAGS = 0xf800 EXTA = 0x4b00 EXTB = 0x9600 EXTPROC = 0x800 @@ -795,6 +807,7 @@ const ( IFT_VOICEOVERCABLE = 0xc6 IFT_VOICEOVERFRAMERELAY = 0x99 IFT_VOICEOVERIP = 0x68 + IFT_WIREGUARD = 0xfb IFT_X213 = 0x5d IFT_X25 = 0x5 IFT_X25DDN = 0x4 @@ -860,6 +873,7 @@ const ( IPPROTO_RAW = 0xff IPPROTO_ROUTING = 0x2b IPPROTO_RSVP = 0x2e + IPPROTO_SCTP = 0x84 IPPROTO_TCP = 0x6 IPPROTO_TP = 0x1d IPPROTO_UDP = 0x11 @@ -970,6 +984,9 @@ const ( IP_TTL = 0x4 ISIG = 0x80 ISTRIP = 0x20 + ITIMER_PROF = 0x2 + ITIMER_REAL = 0x0 + ITIMER_VIRTUAL = 0x1 IUCLC = 0x1000 IXANY = 0x800 IXOFF = 0x400 @@ -1041,6 +1058,19 @@ const ( MNT_WAIT = 0x1 MNT_WANTRDWR = 0x2000000 MNT_WXALLOWED = 0x800 + MOUNT_AFS = "afs" + MOUNT_CD9660 = "cd9660" + MOUNT_EXT2FS = "ext2fs" + MOUNT_FFS = "ffs" + MOUNT_FUSEFS = "fuse" + MOUNT_MFS = "mfs" + MOUNT_MSDOS = "msdos" + MOUNT_NCPFS = "ncpfs" + MOUNT_NFS = "nfs" + MOUNT_NTFS = "ntfs" + MOUNT_TMPFS = "tmpfs" + MOUNT_UDF = "udf" + MOUNT_UFS = "ffs" MSG_BCAST = 0x100 MSG_CMSG_CLOEXEC = 0x800 MSG_CTRUNC = 0x20 @@ -1053,6 +1083,7 @@ const ( MSG_PEEK = 0x2 MSG_TRUNC = 0x10 MSG_WAITALL = 0x40 + MSG_WAITFORONE = 0x1000 MS_ASYNC = 0x1 MS_INVALIDATE = 0x4 MS_SYNC = 0x2 @@ -1061,7 +1092,8 @@ const ( NET_RT_FLAGS = 0x2 NET_RT_IFLIST = 0x3 NET_RT_IFNAMES = 0x6 - NET_RT_MAXID = 0x7 + NET_RT_MAXID = 0x8 + NET_RT_SOURCE = 0x7 NET_RT_STATS = 0x4 NET_RT_TABLE = 0x5 NFDBITS = 0x20 @@ -1078,6 +1110,7 @@ const ( NOTE_FORK = 0x40000000 NOTE_LINK = 0x10 NOTE_LOWAT = 0x1 + NOTE_OOB = 0x4 NOTE_PCTRLMASK = 0xf0000000 NOTE_PDATAMASK = 0xfffff NOTE_RENAME = 0x20 @@ -1214,7 +1247,7 @@ const ( RTM_PROPOSAL = 0x13 RTM_REDIRECT = 0x6 RTM_RESOLVE = 0xb - RTM_RTTUNIT = 0xf4240 + RTM_SOURCE = 0x16 RTM_VERSION = 0x5 RTV_EXPIRE = 0x4 RTV_HOPCOUNT = 0x2 @@ -1232,6 +1265,9 @@ const ( RUSAGE_THREAD = 0x1 SCM_RIGHTS = 0x1 SCM_TIMESTAMP = 0x4 + SEEK_CUR = 0x1 + SEEK_END = 0x2 + SEEK_SET = 0x0 SHUT_RD = 0x0 SHUT_RDWR = 0x2 SHUT_WR = 0x1 @@ -1248,30 +1284,30 @@ const ( SIOCBRDGDELS = 0x80606942 SIOCBRDGFLUSH = 0x80606948 SIOCBRDGFRL = 0x808c694e - SIOCBRDGGCACHE = 0xc0186941 - SIOCBRDGGFD = 0xc0186952 - SIOCBRDGGHT = 0xc0186951 + SIOCBRDGGCACHE = 0xc0146941 + SIOCBRDGGFD = 0xc0146952 + SIOCBRDGGHT = 0xc0146951 SIOCBRDGGIFFLGS = 0xc060693e - SIOCBRDGGMA = 0xc0186953 + SIOCBRDGGMA = 0xc0146953 SIOCBRDGGPARAM = 0xc0406958 - SIOCBRDGGPRI = 0xc0186950 + SIOCBRDGGPRI = 0xc0146950 SIOCBRDGGRL = 0xc030694f - SIOCBRDGGTO = 0xc0186946 + SIOCBRDGGTO = 0xc0146946 SIOCBRDGIFS = 0xc0606942 SIOCBRDGRTS = 0xc0206943 SIOCBRDGSADDR = 0xc1286944 - SIOCBRDGSCACHE = 0x80186940 - SIOCBRDGSFD = 0x80186952 - SIOCBRDGSHT = 0x80186951 + SIOCBRDGSCACHE = 0x80146940 + SIOCBRDGSFD = 0x80146952 + SIOCBRDGSHT = 0x80146951 SIOCBRDGSIFCOST = 0x80606955 SIOCBRDGSIFFLGS = 0x8060693f SIOCBRDGSIFPRIO = 0x80606954 SIOCBRDGSIFPROT = 0x8060694a - SIOCBRDGSMA = 0x80186953 - SIOCBRDGSPRI = 0x80186950 - SIOCBRDGSPROTO = 0x8018695a - SIOCBRDGSTO = 0x80186945 - SIOCBRDGSTXHC = 0x80186959 + SIOCBRDGSMA = 0x80146953 + SIOCBRDGSPRI = 0x80146950 + SIOCBRDGSPROTO = 0x8014695a + SIOCBRDGSTO = 0x80146945 + SIOCBRDGSTXHC = 0x80146959 SIOCDELLABEL = 0x80206997 SIOCDELMULTI = 0x80206932 SIOCDIFADDR = 0x80206919 @@ -1378,11 +1414,6 @@ const ( SIOCSVH = 0xc02069f5 SIOCSVNETFLOWID = 0x802069c3 SIOCSVNETID = 0x802069a6 - SIOCSWGDPID = 0xc018695b - SIOCSWGMAXFLOW = 0xc0186960 - SIOCSWGMAXGROUP = 0xc018695d - SIOCSWSDPID = 0x8018695c - SIOCSWSPORTNO = 0xc060695f SOCK_CLOEXEC = 0x8000 SOCK_DGRAM = 0x2 SOCK_DNS = 0x1000 @@ -1455,7 +1486,18 @@ const ( TCOFLUSH = 0x2 TCOOFF = 0x1 TCOON = 0x2 - TCP_MAXBURST = 0x4 + TCPOPT_EOL = 0x0 + TCPOPT_MAXSEG = 0x2 + TCPOPT_NOP = 0x1 + TCPOPT_SACK = 0x5 + TCPOPT_SACK_HDR = 0x1010500 + TCPOPT_SACK_PERMITTED = 0x4 + TCPOPT_SACK_PERMIT_HDR = 0x1010402 + TCPOPT_SIGNATURE = 0x13 + TCPOPT_TIMESTAMP = 0x8 + TCPOPT_TSTAMP_HDR = 0x101080a + TCPOPT_WINDOW = 0x3 + TCP_INFO = 0x9 TCP_MAXSEG = 0x2 TCP_MAXWIN = 0xffff TCP_MAX_SACK = 0x3 @@ -1833,7 +1875,7 @@ var signalList = [...]struct { {3, "SIGQUIT", "quit"}, {4, "SIGILL", "illegal instruction"}, {5, "SIGTRAP", "trace/BPT trap"}, - {6, "SIGABRT", "abort trap"}, + {6, "SIGIOT", "abort trap"}, {7, "SIGEMT", "EMT trap"}, {8, "SIGFPE", "floating point exception"}, {9, "SIGKILL", "killed"}, @@ -1860,4 +1902,5 @@ var signalList = [...]struct { {30, "SIGUSR1", "user defined signal 1"}, {31, "SIGUSR2", "user defined signal 2"}, {32, "SIGTHR", "thread AST"}, + {81920, "SIGSTKSZ", "unknown signal"}, } diff --git a/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go index 1b6eedfa611..54749f9c5ed 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go @@ -552,6 +552,16 @@ func Chroot(path string) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ClockGettime(clockid int32, time *Timespec) (err error) { + _, _, e1 := Syscall(SYS_CLOCK_GETTIME, uintptr(clockid), uintptr(unsafe.Pointer(time)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func Close(fd int) (err error) { _, _, e1 := Syscall(SYS_CLOSE, uintptr(fd), 0, 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go index 039c4aa06c2..77479d45815 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go @@ -544,6 +544,16 @@ func Chroot(path string) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ClockGettime(clockid int32, time *Timespec) (err error) { + _, _, e1 := Syscall(SYS_CLOCK_GETTIME, uintptr(clockid), uintptr(unsafe.Pointer(time)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func Close(fd int) (err error) { _, _, e1 := Syscall(SYS_CLOSE, uintptr(fd), 0, 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go index 0535d3cfdf2..2e966d4d7a6 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go @@ -544,6 +544,16 @@ func Chroot(path string) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ClockGettime(clockid int32, time *Timespec) (err error) { + _, _, e1 := Syscall(SYS_CLOCK_GETTIME, uintptr(clockid), uintptr(unsafe.Pointer(time)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func Close(fd int) (err error) { _, _, e1 := Syscall(SYS_CLOSE, uintptr(fd), 0, 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go index 1018b522170..d65a7c0fa6e 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go @@ -544,6 +544,16 @@ func Chroot(path string) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ClockGettime(clockid int32, time *Timespec) (err error) { + _, _, e1 := Syscall(SYS_CLOCK_GETTIME, uintptr(clockid), uintptr(unsafe.Pointer(time)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func Close(fd int) (err error) { _, _, e1 := Syscall(SYS_CLOSE, uintptr(fd), 0, 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go index 3802f4b379a..6f0b97c6db3 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go @@ -544,6 +544,16 @@ func Chroot(path string) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ClockGettime(clockid int32, time *Timespec) (err error) { + _, _, e1 := Syscall(SYS_CLOCK_GETTIME, uintptr(clockid), uintptr(unsafe.Pointer(time)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func Close(fd int) (err error) { _, _, e1 := Syscall(SYS_CLOSE, uintptr(fd), 0, 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go index 8a2db7da9f3..e1c23b52723 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go @@ -544,6 +544,16 @@ func Chroot(path string) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ClockGettime(clockid int32, time *Timespec) (err error) { + _, _, e1 := Syscall(SYS_CLOCK_GETTIME, uintptr(clockid), uintptr(unsafe.Pointer(time)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func Close(fd int) (err error) { _, _, e1 := Syscall(SYS_CLOSE, uintptr(fd), 0, 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go index 4af561a48d8..79f7389963e 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go @@ -521,6 +521,16 @@ func Chroot(path string) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ClockGettime(clockid int32, time *Timespec) (err error) { + _, _, e1 := Syscall(SYS_CLOCK_GETTIME, uintptr(clockid), uintptr(unsafe.Pointer(time)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func Close(fd int) (err error) { _, _, e1 := Syscall(SYS_CLOSE, uintptr(fd), 0, 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go index 3b90e9448ad..fb161f3a263 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go @@ -521,6 +521,16 @@ func Chroot(path string) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ClockGettime(clockid int32, time *Timespec) (err error) { + _, _, e1 := Syscall(SYS_CLOCK_GETTIME, uintptr(clockid), uintptr(unsafe.Pointer(time)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func Close(fd int) (err error) { _, _, e1 := Syscall(SYS_CLOSE, uintptr(fd), 0, 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go index 890f4ccd131..4c8ac993a88 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go @@ -521,6 +521,16 @@ func Chroot(path string) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ClockGettime(clockid int32, time *Timespec) (err error) { + _, _, e1 := Syscall(SYS_CLOCK_GETTIME, uintptr(clockid), uintptr(unsafe.Pointer(time)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func Close(fd int) (err error) { _, _, e1 := Syscall(SYS_CLOSE, uintptr(fd), 0, 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go index c79f071fc6a..76dd8ec4fdb 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go @@ -521,6 +521,16 @@ func Chroot(path string) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ClockGettime(clockid int32, time *Timespec) (err error) { + _, _, e1 := Syscall(SYS_CLOCK_GETTIME, uintptr(clockid), uintptr(unsafe.Pointer(time)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func Close(fd int) (err error) { _, _, e1 := Syscall(SYS_CLOSE, uintptr(fd), 0, 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go index 2925fe0a7b7..caeb807bd4e 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go @@ -696,6 +696,20 @@ var libc_chroot_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ClockGettime(clockid int32, time *Timespec) (err error) { + _, _, e1 := syscall_syscall(libc_clock_gettime_trampoline_addr, uintptr(clockid), uintptr(unsafe.Pointer(time)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_clock_gettime_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_clock_gettime clock_gettime "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func Close(fd int) (err error) { _, _, e1 := syscall_syscall(libc_close_trampoline_addr, uintptr(fd), 0, 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s index 75eb2f5f3f7..087444250c9 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s @@ -5,792 +5,665 @@ TEXT libc_getgroups_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getgroups(SB) - GLOBL ·libc_getgroups_trampoline_addr(SB), RODATA, $4 DATA ·libc_getgroups_trampoline_addr(SB)/4, $libc_getgroups_trampoline<>(SB) TEXT libc_setgroups_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setgroups(SB) - GLOBL ·libc_setgroups_trampoline_addr(SB), RODATA, $4 DATA ·libc_setgroups_trampoline_addr(SB)/4, $libc_setgroups_trampoline<>(SB) TEXT libc_wait4_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_wait4(SB) - GLOBL ·libc_wait4_trampoline_addr(SB), RODATA, $4 DATA ·libc_wait4_trampoline_addr(SB)/4, $libc_wait4_trampoline<>(SB) TEXT libc_accept_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_accept(SB) - GLOBL ·libc_accept_trampoline_addr(SB), RODATA, $4 DATA ·libc_accept_trampoline_addr(SB)/4, $libc_accept_trampoline<>(SB) TEXT libc_bind_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_bind(SB) - GLOBL ·libc_bind_trampoline_addr(SB), RODATA, $4 DATA ·libc_bind_trampoline_addr(SB)/4, $libc_bind_trampoline<>(SB) TEXT libc_connect_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_connect(SB) - GLOBL ·libc_connect_trampoline_addr(SB), RODATA, $4 DATA ·libc_connect_trampoline_addr(SB)/4, $libc_connect_trampoline<>(SB) TEXT libc_socket_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_socket(SB) - GLOBL ·libc_socket_trampoline_addr(SB), RODATA, $4 DATA ·libc_socket_trampoline_addr(SB)/4, $libc_socket_trampoline<>(SB) TEXT libc_getsockopt_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getsockopt(SB) - GLOBL ·libc_getsockopt_trampoline_addr(SB), RODATA, $4 DATA ·libc_getsockopt_trampoline_addr(SB)/4, $libc_getsockopt_trampoline<>(SB) TEXT libc_setsockopt_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setsockopt(SB) - GLOBL ·libc_setsockopt_trampoline_addr(SB), RODATA, $4 DATA ·libc_setsockopt_trampoline_addr(SB)/4, $libc_setsockopt_trampoline<>(SB) TEXT libc_getpeername_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getpeername(SB) - GLOBL ·libc_getpeername_trampoline_addr(SB), RODATA, $4 DATA ·libc_getpeername_trampoline_addr(SB)/4, $libc_getpeername_trampoline<>(SB) TEXT libc_getsockname_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getsockname(SB) - GLOBL ·libc_getsockname_trampoline_addr(SB), RODATA, $4 DATA ·libc_getsockname_trampoline_addr(SB)/4, $libc_getsockname_trampoline<>(SB) TEXT libc_shutdown_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_shutdown(SB) - GLOBL ·libc_shutdown_trampoline_addr(SB), RODATA, $4 DATA ·libc_shutdown_trampoline_addr(SB)/4, $libc_shutdown_trampoline<>(SB) TEXT libc_socketpair_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_socketpair(SB) - GLOBL ·libc_socketpair_trampoline_addr(SB), RODATA, $4 DATA ·libc_socketpair_trampoline_addr(SB)/4, $libc_socketpair_trampoline<>(SB) TEXT libc_recvfrom_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_recvfrom(SB) - GLOBL ·libc_recvfrom_trampoline_addr(SB), RODATA, $4 DATA ·libc_recvfrom_trampoline_addr(SB)/4, $libc_recvfrom_trampoline<>(SB) TEXT libc_sendto_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_sendto(SB) - GLOBL ·libc_sendto_trampoline_addr(SB), RODATA, $4 DATA ·libc_sendto_trampoline_addr(SB)/4, $libc_sendto_trampoline<>(SB) TEXT libc_recvmsg_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_recvmsg(SB) - GLOBL ·libc_recvmsg_trampoline_addr(SB), RODATA, $4 DATA ·libc_recvmsg_trampoline_addr(SB)/4, $libc_recvmsg_trampoline<>(SB) TEXT libc_sendmsg_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_sendmsg(SB) - GLOBL ·libc_sendmsg_trampoline_addr(SB), RODATA, $4 DATA ·libc_sendmsg_trampoline_addr(SB)/4, $libc_sendmsg_trampoline<>(SB) TEXT libc_kevent_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_kevent(SB) - GLOBL ·libc_kevent_trampoline_addr(SB), RODATA, $4 DATA ·libc_kevent_trampoline_addr(SB)/4, $libc_kevent_trampoline<>(SB) TEXT libc_utimes_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_utimes(SB) - GLOBL ·libc_utimes_trampoline_addr(SB), RODATA, $4 DATA ·libc_utimes_trampoline_addr(SB)/4, $libc_utimes_trampoline<>(SB) TEXT libc_futimes_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_futimes(SB) - GLOBL ·libc_futimes_trampoline_addr(SB), RODATA, $4 DATA ·libc_futimes_trampoline_addr(SB)/4, $libc_futimes_trampoline<>(SB) TEXT libc_poll_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_poll(SB) - GLOBL ·libc_poll_trampoline_addr(SB), RODATA, $4 DATA ·libc_poll_trampoline_addr(SB)/4, $libc_poll_trampoline<>(SB) TEXT libc_madvise_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_madvise(SB) - GLOBL ·libc_madvise_trampoline_addr(SB), RODATA, $4 DATA ·libc_madvise_trampoline_addr(SB)/4, $libc_madvise_trampoline<>(SB) TEXT libc_mlock_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_mlock(SB) - GLOBL ·libc_mlock_trampoline_addr(SB), RODATA, $4 DATA ·libc_mlock_trampoline_addr(SB)/4, $libc_mlock_trampoline<>(SB) TEXT libc_mlockall_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_mlockall(SB) - GLOBL ·libc_mlockall_trampoline_addr(SB), RODATA, $4 DATA ·libc_mlockall_trampoline_addr(SB)/4, $libc_mlockall_trampoline<>(SB) TEXT libc_mprotect_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_mprotect(SB) - GLOBL ·libc_mprotect_trampoline_addr(SB), RODATA, $4 DATA ·libc_mprotect_trampoline_addr(SB)/4, $libc_mprotect_trampoline<>(SB) TEXT libc_msync_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_msync(SB) - GLOBL ·libc_msync_trampoline_addr(SB), RODATA, $4 DATA ·libc_msync_trampoline_addr(SB)/4, $libc_msync_trampoline<>(SB) TEXT libc_munlock_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_munlock(SB) - GLOBL ·libc_munlock_trampoline_addr(SB), RODATA, $4 DATA ·libc_munlock_trampoline_addr(SB)/4, $libc_munlock_trampoline<>(SB) TEXT libc_munlockall_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_munlockall(SB) - GLOBL ·libc_munlockall_trampoline_addr(SB), RODATA, $4 DATA ·libc_munlockall_trampoline_addr(SB)/4, $libc_munlockall_trampoline<>(SB) TEXT libc_pipe2_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_pipe2(SB) - GLOBL ·libc_pipe2_trampoline_addr(SB), RODATA, $4 DATA ·libc_pipe2_trampoline_addr(SB)/4, $libc_pipe2_trampoline<>(SB) TEXT libc_getdents_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getdents(SB) - GLOBL ·libc_getdents_trampoline_addr(SB), RODATA, $4 DATA ·libc_getdents_trampoline_addr(SB)/4, $libc_getdents_trampoline<>(SB) TEXT libc_getcwd_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getcwd(SB) - GLOBL ·libc_getcwd_trampoline_addr(SB), RODATA, $4 DATA ·libc_getcwd_trampoline_addr(SB)/4, $libc_getcwd_trampoline<>(SB) TEXT libc_ioctl_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_ioctl(SB) - GLOBL ·libc_ioctl_trampoline_addr(SB), RODATA, $4 DATA ·libc_ioctl_trampoline_addr(SB)/4, $libc_ioctl_trampoline<>(SB) TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_sysctl(SB) - GLOBL ·libc_sysctl_trampoline_addr(SB), RODATA, $4 DATA ·libc_sysctl_trampoline_addr(SB)/4, $libc_sysctl_trampoline<>(SB) TEXT libc_ppoll_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_ppoll(SB) - GLOBL ·libc_ppoll_trampoline_addr(SB), RODATA, $4 DATA ·libc_ppoll_trampoline_addr(SB)/4, $libc_ppoll_trampoline<>(SB) TEXT libc_access_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_access(SB) - GLOBL ·libc_access_trampoline_addr(SB), RODATA, $4 DATA ·libc_access_trampoline_addr(SB)/4, $libc_access_trampoline<>(SB) TEXT libc_adjtime_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_adjtime(SB) - GLOBL ·libc_adjtime_trampoline_addr(SB), RODATA, $4 DATA ·libc_adjtime_trampoline_addr(SB)/4, $libc_adjtime_trampoline<>(SB) TEXT libc_chdir_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_chdir(SB) - GLOBL ·libc_chdir_trampoline_addr(SB), RODATA, $4 DATA ·libc_chdir_trampoline_addr(SB)/4, $libc_chdir_trampoline<>(SB) TEXT libc_chflags_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_chflags(SB) - GLOBL ·libc_chflags_trampoline_addr(SB), RODATA, $4 DATA ·libc_chflags_trampoline_addr(SB)/4, $libc_chflags_trampoline<>(SB) TEXT libc_chmod_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_chmod(SB) - GLOBL ·libc_chmod_trampoline_addr(SB), RODATA, $4 DATA ·libc_chmod_trampoline_addr(SB)/4, $libc_chmod_trampoline<>(SB) TEXT libc_chown_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_chown(SB) - GLOBL ·libc_chown_trampoline_addr(SB), RODATA, $4 DATA ·libc_chown_trampoline_addr(SB)/4, $libc_chown_trampoline<>(SB) TEXT libc_chroot_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_chroot(SB) - GLOBL ·libc_chroot_trampoline_addr(SB), RODATA, $4 DATA ·libc_chroot_trampoline_addr(SB)/4, $libc_chroot_trampoline<>(SB) +TEXT libc_clock_gettime_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_clock_gettime(SB) +GLOBL ·libc_clock_gettime_trampoline_addr(SB), RODATA, $4 +DATA ·libc_clock_gettime_trampoline_addr(SB)/4, $libc_clock_gettime_trampoline<>(SB) + TEXT libc_close_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_close(SB) - GLOBL ·libc_close_trampoline_addr(SB), RODATA, $4 DATA ·libc_close_trampoline_addr(SB)/4, $libc_close_trampoline<>(SB) TEXT libc_dup_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_dup(SB) - GLOBL ·libc_dup_trampoline_addr(SB), RODATA, $4 DATA ·libc_dup_trampoline_addr(SB)/4, $libc_dup_trampoline<>(SB) TEXT libc_dup2_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_dup2(SB) - GLOBL ·libc_dup2_trampoline_addr(SB), RODATA, $4 DATA ·libc_dup2_trampoline_addr(SB)/4, $libc_dup2_trampoline<>(SB) TEXT libc_dup3_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_dup3(SB) - GLOBL ·libc_dup3_trampoline_addr(SB), RODATA, $4 DATA ·libc_dup3_trampoline_addr(SB)/4, $libc_dup3_trampoline<>(SB) TEXT libc_exit_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_exit(SB) - GLOBL ·libc_exit_trampoline_addr(SB), RODATA, $4 DATA ·libc_exit_trampoline_addr(SB)/4, $libc_exit_trampoline<>(SB) TEXT libc_faccessat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_faccessat(SB) - GLOBL ·libc_faccessat_trampoline_addr(SB), RODATA, $4 DATA ·libc_faccessat_trampoline_addr(SB)/4, $libc_faccessat_trampoline<>(SB) TEXT libc_fchdir_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fchdir(SB) - GLOBL ·libc_fchdir_trampoline_addr(SB), RODATA, $4 DATA ·libc_fchdir_trampoline_addr(SB)/4, $libc_fchdir_trampoline<>(SB) TEXT libc_fchflags_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fchflags(SB) - GLOBL ·libc_fchflags_trampoline_addr(SB), RODATA, $4 DATA ·libc_fchflags_trampoline_addr(SB)/4, $libc_fchflags_trampoline<>(SB) TEXT libc_fchmod_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fchmod(SB) - GLOBL ·libc_fchmod_trampoline_addr(SB), RODATA, $4 DATA ·libc_fchmod_trampoline_addr(SB)/4, $libc_fchmod_trampoline<>(SB) TEXT libc_fchmodat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fchmodat(SB) - GLOBL ·libc_fchmodat_trampoline_addr(SB), RODATA, $4 DATA ·libc_fchmodat_trampoline_addr(SB)/4, $libc_fchmodat_trampoline<>(SB) TEXT libc_fchown_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fchown(SB) - GLOBL ·libc_fchown_trampoline_addr(SB), RODATA, $4 DATA ·libc_fchown_trampoline_addr(SB)/4, $libc_fchown_trampoline<>(SB) TEXT libc_fchownat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fchownat(SB) - GLOBL ·libc_fchownat_trampoline_addr(SB), RODATA, $4 DATA ·libc_fchownat_trampoline_addr(SB)/4, $libc_fchownat_trampoline<>(SB) TEXT libc_flock_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_flock(SB) - GLOBL ·libc_flock_trampoline_addr(SB), RODATA, $4 DATA ·libc_flock_trampoline_addr(SB)/4, $libc_flock_trampoline<>(SB) TEXT libc_fpathconf_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fpathconf(SB) - GLOBL ·libc_fpathconf_trampoline_addr(SB), RODATA, $4 DATA ·libc_fpathconf_trampoline_addr(SB)/4, $libc_fpathconf_trampoline<>(SB) TEXT libc_fstat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fstat(SB) - GLOBL ·libc_fstat_trampoline_addr(SB), RODATA, $4 DATA ·libc_fstat_trampoline_addr(SB)/4, $libc_fstat_trampoline<>(SB) TEXT libc_fstatat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fstatat(SB) - GLOBL ·libc_fstatat_trampoline_addr(SB), RODATA, $4 DATA ·libc_fstatat_trampoline_addr(SB)/4, $libc_fstatat_trampoline<>(SB) TEXT libc_fstatfs_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fstatfs(SB) - GLOBL ·libc_fstatfs_trampoline_addr(SB), RODATA, $4 DATA ·libc_fstatfs_trampoline_addr(SB)/4, $libc_fstatfs_trampoline<>(SB) TEXT libc_fsync_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fsync(SB) - GLOBL ·libc_fsync_trampoline_addr(SB), RODATA, $4 DATA ·libc_fsync_trampoline_addr(SB)/4, $libc_fsync_trampoline<>(SB) TEXT libc_ftruncate_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_ftruncate(SB) - GLOBL ·libc_ftruncate_trampoline_addr(SB), RODATA, $4 DATA ·libc_ftruncate_trampoline_addr(SB)/4, $libc_ftruncate_trampoline<>(SB) TEXT libc_getegid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getegid(SB) - GLOBL ·libc_getegid_trampoline_addr(SB), RODATA, $4 DATA ·libc_getegid_trampoline_addr(SB)/4, $libc_getegid_trampoline<>(SB) TEXT libc_geteuid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_geteuid(SB) - GLOBL ·libc_geteuid_trampoline_addr(SB), RODATA, $4 DATA ·libc_geteuid_trampoline_addr(SB)/4, $libc_geteuid_trampoline<>(SB) TEXT libc_getgid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getgid(SB) - GLOBL ·libc_getgid_trampoline_addr(SB), RODATA, $4 DATA ·libc_getgid_trampoline_addr(SB)/4, $libc_getgid_trampoline<>(SB) TEXT libc_getpgid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getpgid(SB) - GLOBL ·libc_getpgid_trampoline_addr(SB), RODATA, $4 DATA ·libc_getpgid_trampoline_addr(SB)/4, $libc_getpgid_trampoline<>(SB) TEXT libc_getpgrp_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getpgrp(SB) - GLOBL ·libc_getpgrp_trampoline_addr(SB), RODATA, $4 DATA ·libc_getpgrp_trampoline_addr(SB)/4, $libc_getpgrp_trampoline<>(SB) TEXT libc_getpid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getpid(SB) - GLOBL ·libc_getpid_trampoline_addr(SB), RODATA, $4 DATA ·libc_getpid_trampoline_addr(SB)/4, $libc_getpid_trampoline<>(SB) TEXT libc_getppid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getppid(SB) - GLOBL ·libc_getppid_trampoline_addr(SB), RODATA, $4 DATA ·libc_getppid_trampoline_addr(SB)/4, $libc_getppid_trampoline<>(SB) TEXT libc_getpriority_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getpriority(SB) - GLOBL ·libc_getpriority_trampoline_addr(SB), RODATA, $4 DATA ·libc_getpriority_trampoline_addr(SB)/4, $libc_getpriority_trampoline<>(SB) TEXT libc_getrlimit_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getrlimit(SB) - GLOBL ·libc_getrlimit_trampoline_addr(SB), RODATA, $4 DATA ·libc_getrlimit_trampoline_addr(SB)/4, $libc_getrlimit_trampoline<>(SB) TEXT libc_getrtable_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getrtable(SB) - GLOBL ·libc_getrtable_trampoline_addr(SB), RODATA, $4 DATA ·libc_getrtable_trampoline_addr(SB)/4, $libc_getrtable_trampoline<>(SB) TEXT libc_getrusage_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getrusage(SB) - GLOBL ·libc_getrusage_trampoline_addr(SB), RODATA, $4 DATA ·libc_getrusage_trampoline_addr(SB)/4, $libc_getrusage_trampoline<>(SB) TEXT libc_getsid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getsid(SB) - GLOBL ·libc_getsid_trampoline_addr(SB), RODATA, $4 DATA ·libc_getsid_trampoline_addr(SB)/4, $libc_getsid_trampoline<>(SB) TEXT libc_gettimeofday_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_gettimeofday(SB) - GLOBL ·libc_gettimeofday_trampoline_addr(SB), RODATA, $4 DATA ·libc_gettimeofday_trampoline_addr(SB)/4, $libc_gettimeofday_trampoline<>(SB) TEXT libc_getuid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getuid(SB) - GLOBL ·libc_getuid_trampoline_addr(SB), RODATA, $4 DATA ·libc_getuid_trampoline_addr(SB)/4, $libc_getuid_trampoline<>(SB) TEXT libc_issetugid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_issetugid(SB) - GLOBL ·libc_issetugid_trampoline_addr(SB), RODATA, $4 DATA ·libc_issetugid_trampoline_addr(SB)/4, $libc_issetugid_trampoline<>(SB) TEXT libc_kill_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_kill(SB) - GLOBL ·libc_kill_trampoline_addr(SB), RODATA, $4 DATA ·libc_kill_trampoline_addr(SB)/4, $libc_kill_trampoline<>(SB) TEXT libc_kqueue_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_kqueue(SB) - GLOBL ·libc_kqueue_trampoline_addr(SB), RODATA, $4 DATA ·libc_kqueue_trampoline_addr(SB)/4, $libc_kqueue_trampoline<>(SB) TEXT libc_lchown_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_lchown(SB) - GLOBL ·libc_lchown_trampoline_addr(SB), RODATA, $4 DATA ·libc_lchown_trampoline_addr(SB)/4, $libc_lchown_trampoline<>(SB) TEXT libc_link_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_link(SB) - GLOBL ·libc_link_trampoline_addr(SB), RODATA, $4 DATA ·libc_link_trampoline_addr(SB)/4, $libc_link_trampoline<>(SB) TEXT libc_linkat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_linkat(SB) - GLOBL ·libc_linkat_trampoline_addr(SB), RODATA, $4 DATA ·libc_linkat_trampoline_addr(SB)/4, $libc_linkat_trampoline<>(SB) TEXT libc_listen_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_listen(SB) - GLOBL ·libc_listen_trampoline_addr(SB), RODATA, $4 DATA ·libc_listen_trampoline_addr(SB)/4, $libc_listen_trampoline<>(SB) TEXT libc_lstat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_lstat(SB) - GLOBL ·libc_lstat_trampoline_addr(SB), RODATA, $4 DATA ·libc_lstat_trampoline_addr(SB)/4, $libc_lstat_trampoline<>(SB) TEXT libc_mkdir_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_mkdir(SB) - GLOBL ·libc_mkdir_trampoline_addr(SB), RODATA, $4 DATA ·libc_mkdir_trampoline_addr(SB)/4, $libc_mkdir_trampoline<>(SB) TEXT libc_mkdirat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_mkdirat(SB) - GLOBL ·libc_mkdirat_trampoline_addr(SB), RODATA, $4 DATA ·libc_mkdirat_trampoline_addr(SB)/4, $libc_mkdirat_trampoline<>(SB) TEXT libc_mkfifo_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_mkfifo(SB) - GLOBL ·libc_mkfifo_trampoline_addr(SB), RODATA, $4 DATA ·libc_mkfifo_trampoline_addr(SB)/4, $libc_mkfifo_trampoline<>(SB) TEXT libc_mkfifoat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_mkfifoat(SB) - GLOBL ·libc_mkfifoat_trampoline_addr(SB), RODATA, $4 DATA ·libc_mkfifoat_trampoline_addr(SB)/4, $libc_mkfifoat_trampoline<>(SB) TEXT libc_mknod_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_mknod(SB) - GLOBL ·libc_mknod_trampoline_addr(SB), RODATA, $4 DATA ·libc_mknod_trampoline_addr(SB)/4, $libc_mknod_trampoline<>(SB) TEXT libc_mknodat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_mknodat(SB) - GLOBL ·libc_mknodat_trampoline_addr(SB), RODATA, $4 DATA ·libc_mknodat_trampoline_addr(SB)/4, $libc_mknodat_trampoline<>(SB) TEXT libc_nanosleep_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_nanosleep(SB) - GLOBL ·libc_nanosleep_trampoline_addr(SB), RODATA, $4 DATA ·libc_nanosleep_trampoline_addr(SB)/4, $libc_nanosleep_trampoline<>(SB) TEXT libc_open_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_open(SB) - GLOBL ·libc_open_trampoline_addr(SB), RODATA, $4 DATA ·libc_open_trampoline_addr(SB)/4, $libc_open_trampoline<>(SB) TEXT libc_openat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_openat(SB) - GLOBL ·libc_openat_trampoline_addr(SB), RODATA, $4 DATA ·libc_openat_trampoline_addr(SB)/4, $libc_openat_trampoline<>(SB) TEXT libc_pathconf_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_pathconf(SB) - GLOBL ·libc_pathconf_trampoline_addr(SB), RODATA, $4 DATA ·libc_pathconf_trampoline_addr(SB)/4, $libc_pathconf_trampoline<>(SB) TEXT libc_pread_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_pread(SB) - GLOBL ·libc_pread_trampoline_addr(SB), RODATA, $4 DATA ·libc_pread_trampoline_addr(SB)/4, $libc_pread_trampoline<>(SB) TEXT libc_pwrite_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_pwrite(SB) - GLOBL ·libc_pwrite_trampoline_addr(SB), RODATA, $4 DATA ·libc_pwrite_trampoline_addr(SB)/4, $libc_pwrite_trampoline<>(SB) TEXT libc_read_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_read(SB) - GLOBL ·libc_read_trampoline_addr(SB), RODATA, $4 DATA ·libc_read_trampoline_addr(SB)/4, $libc_read_trampoline<>(SB) TEXT libc_readlink_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_readlink(SB) - GLOBL ·libc_readlink_trampoline_addr(SB), RODATA, $4 DATA ·libc_readlink_trampoline_addr(SB)/4, $libc_readlink_trampoline<>(SB) TEXT libc_readlinkat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_readlinkat(SB) - GLOBL ·libc_readlinkat_trampoline_addr(SB), RODATA, $4 DATA ·libc_readlinkat_trampoline_addr(SB)/4, $libc_readlinkat_trampoline<>(SB) TEXT libc_rename_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_rename(SB) - GLOBL ·libc_rename_trampoline_addr(SB), RODATA, $4 DATA ·libc_rename_trampoline_addr(SB)/4, $libc_rename_trampoline<>(SB) TEXT libc_renameat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_renameat(SB) - GLOBL ·libc_renameat_trampoline_addr(SB), RODATA, $4 DATA ·libc_renameat_trampoline_addr(SB)/4, $libc_renameat_trampoline<>(SB) TEXT libc_revoke_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_revoke(SB) - GLOBL ·libc_revoke_trampoline_addr(SB), RODATA, $4 DATA ·libc_revoke_trampoline_addr(SB)/4, $libc_revoke_trampoline<>(SB) TEXT libc_rmdir_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_rmdir(SB) - GLOBL ·libc_rmdir_trampoline_addr(SB), RODATA, $4 DATA ·libc_rmdir_trampoline_addr(SB)/4, $libc_rmdir_trampoline<>(SB) TEXT libc_lseek_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_lseek(SB) - GLOBL ·libc_lseek_trampoline_addr(SB), RODATA, $4 DATA ·libc_lseek_trampoline_addr(SB)/4, $libc_lseek_trampoline<>(SB) TEXT libc_select_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_select(SB) - GLOBL ·libc_select_trampoline_addr(SB), RODATA, $4 DATA ·libc_select_trampoline_addr(SB)/4, $libc_select_trampoline<>(SB) TEXT libc_setegid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setegid(SB) - GLOBL ·libc_setegid_trampoline_addr(SB), RODATA, $4 DATA ·libc_setegid_trampoline_addr(SB)/4, $libc_setegid_trampoline<>(SB) TEXT libc_seteuid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_seteuid(SB) - GLOBL ·libc_seteuid_trampoline_addr(SB), RODATA, $4 DATA ·libc_seteuid_trampoline_addr(SB)/4, $libc_seteuid_trampoline<>(SB) TEXT libc_setgid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setgid(SB) - GLOBL ·libc_setgid_trampoline_addr(SB), RODATA, $4 DATA ·libc_setgid_trampoline_addr(SB)/4, $libc_setgid_trampoline<>(SB) TEXT libc_setlogin_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setlogin(SB) - GLOBL ·libc_setlogin_trampoline_addr(SB), RODATA, $4 DATA ·libc_setlogin_trampoline_addr(SB)/4, $libc_setlogin_trampoline<>(SB) TEXT libc_setpgid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setpgid(SB) - GLOBL ·libc_setpgid_trampoline_addr(SB), RODATA, $4 DATA ·libc_setpgid_trampoline_addr(SB)/4, $libc_setpgid_trampoline<>(SB) TEXT libc_setpriority_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setpriority(SB) - GLOBL ·libc_setpriority_trampoline_addr(SB), RODATA, $4 DATA ·libc_setpriority_trampoline_addr(SB)/4, $libc_setpriority_trampoline<>(SB) TEXT libc_setregid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setregid(SB) - GLOBL ·libc_setregid_trampoline_addr(SB), RODATA, $4 DATA ·libc_setregid_trampoline_addr(SB)/4, $libc_setregid_trampoline<>(SB) TEXT libc_setreuid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setreuid(SB) - GLOBL ·libc_setreuid_trampoline_addr(SB), RODATA, $4 DATA ·libc_setreuid_trampoline_addr(SB)/4, $libc_setreuid_trampoline<>(SB) TEXT libc_setresgid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setresgid(SB) - GLOBL ·libc_setresgid_trampoline_addr(SB), RODATA, $4 DATA ·libc_setresgid_trampoline_addr(SB)/4, $libc_setresgid_trampoline<>(SB) TEXT libc_setresuid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setresuid(SB) - GLOBL ·libc_setresuid_trampoline_addr(SB), RODATA, $4 DATA ·libc_setresuid_trampoline_addr(SB)/4, $libc_setresuid_trampoline<>(SB) TEXT libc_setrlimit_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setrlimit(SB) - GLOBL ·libc_setrlimit_trampoline_addr(SB), RODATA, $4 DATA ·libc_setrlimit_trampoline_addr(SB)/4, $libc_setrlimit_trampoline<>(SB) TEXT libc_setrtable_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setrtable(SB) - GLOBL ·libc_setrtable_trampoline_addr(SB), RODATA, $4 DATA ·libc_setrtable_trampoline_addr(SB)/4, $libc_setrtable_trampoline<>(SB) TEXT libc_setsid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setsid(SB) - GLOBL ·libc_setsid_trampoline_addr(SB), RODATA, $4 DATA ·libc_setsid_trampoline_addr(SB)/4, $libc_setsid_trampoline<>(SB) TEXT libc_settimeofday_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_settimeofday(SB) - GLOBL ·libc_settimeofday_trampoline_addr(SB), RODATA, $4 DATA ·libc_settimeofday_trampoline_addr(SB)/4, $libc_settimeofday_trampoline<>(SB) TEXT libc_setuid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setuid(SB) - GLOBL ·libc_setuid_trampoline_addr(SB), RODATA, $4 DATA ·libc_setuid_trampoline_addr(SB)/4, $libc_setuid_trampoline<>(SB) TEXT libc_stat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_stat(SB) - GLOBL ·libc_stat_trampoline_addr(SB), RODATA, $4 DATA ·libc_stat_trampoline_addr(SB)/4, $libc_stat_trampoline<>(SB) TEXT libc_statfs_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_statfs(SB) - GLOBL ·libc_statfs_trampoline_addr(SB), RODATA, $4 DATA ·libc_statfs_trampoline_addr(SB)/4, $libc_statfs_trampoline<>(SB) TEXT libc_symlink_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_symlink(SB) - GLOBL ·libc_symlink_trampoline_addr(SB), RODATA, $4 DATA ·libc_symlink_trampoline_addr(SB)/4, $libc_symlink_trampoline<>(SB) TEXT libc_symlinkat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_symlinkat(SB) - GLOBL ·libc_symlinkat_trampoline_addr(SB), RODATA, $4 DATA ·libc_symlinkat_trampoline_addr(SB)/4, $libc_symlinkat_trampoline<>(SB) TEXT libc_sync_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_sync(SB) - GLOBL ·libc_sync_trampoline_addr(SB), RODATA, $4 DATA ·libc_sync_trampoline_addr(SB)/4, $libc_sync_trampoline<>(SB) TEXT libc_truncate_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_truncate(SB) - GLOBL ·libc_truncate_trampoline_addr(SB), RODATA, $4 DATA ·libc_truncate_trampoline_addr(SB)/4, $libc_truncate_trampoline<>(SB) TEXT libc_umask_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_umask(SB) - GLOBL ·libc_umask_trampoline_addr(SB), RODATA, $4 DATA ·libc_umask_trampoline_addr(SB)/4, $libc_umask_trampoline<>(SB) TEXT libc_unlink_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_unlink(SB) - GLOBL ·libc_unlink_trampoline_addr(SB), RODATA, $4 DATA ·libc_unlink_trampoline_addr(SB)/4, $libc_unlink_trampoline<>(SB) TEXT libc_unlinkat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_unlinkat(SB) - GLOBL ·libc_unlinkat_trampoline_addr(SB), RODATA, $4 DATA ·libc_unlinkat_trampoline_addr(SB)/4, $libc_unlinkat_trampoline<>(SB) TEXT libc_unmount_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_unmount(SB) - GLOBL ·libc_unmount_trampoline_addr(SB), RODATA, $4 DATA ·libc_unmount_trampoline_addr(SB)/4, $libc_unmount_trampoline<>(SB) TEXT libc_write_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_write(SB) - GLOBL ·libc_write_trampoline_addr(SB), RODATA, $4 DATA ·libc_write_trampoline_addr(SB)/4, $libc_write_trampoline<>(SB) TEXT libc_mmap_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_mmap(SB) - GLOBL ·libc_mmap_trampoline_addr(SB), RODATA, $4 DATA ·libc_mmap_trampoline_addr(SB)/4, $libc_mmap_trampoline<>(SB) TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_munmap(SB) - GLOBL ·libc_munmap_trampoline_addr(SB), RODATA, $4 DATA ·libc_munmap_trampoline_addr(SB)/4, $libc_munmap_trampoline<>(SB) TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_utimensat(SB) - GLOBL ·libc_utimensat_trampoline_addr(SB), RODATA, $4 DATA ·libc_utimensat_trampoline_addr(SB)/4, $libc_utimensat_trampoline<>(SB) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go index 98446d2b954..a05e5f4fff6 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go @@ -696,6 +696,20 @@ var libc_chroot_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ClockGettime(clockid int32, time *Timespec) (err error) { + _, _, e1 := syscall_syscall(libc_clock_gettime_trampoline_addr, uintptr(clockid), uintptr(unsafe.Pointer(time)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_clock_gettime_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_clock_gettime clock_gettime "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func Close(fd int) (err error) { _, _, e1 := syscall_syscall(libc_close_trampoline_addr, uintptr(fd), 0, 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s index 243a6663ce6..5782cd10844 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s @@ -5,792 +5,665 @@ TEXT libc_getgroups_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getgroups(SB) - GLOBL ·libc_getgroups_trampoline_addr(SB), RODATA, $8 DATA ·libc_getgroups_trampoline_addr(SB)/8, $libc_getgroups_trampoline<>(SB) TEXT libc_setgroups_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setgroups(SB) - GLOBL ·libc_setgroups_trampoline_addr(SB), RODATA, $8 DATA ·libc_setgroups_trampoline_addr(SB)/8, $libc_setgroups_trampoline<>(SB) TEXT libc_wait4_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_wait4(SB) - GLOBL ·libc_wait4_trampoline_addr(SB), RODATA, $8 DATA ·libc_wait4_trampoline_addr(SB)/8, $libc_wait4_trampoline<>(SB) TEXT libc_accept_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_accept(SB) - GLOBL ·libc_accept_trampoline_addr(SB), RODATA, $8 DATA ·libc_accept_trampoline_addr(SB)/8, $libc_accept_trampoline<>(SB) TEXT libc_bind_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_bind(SB) - GLOBL ·libc_bind_trampoline_addr(SB), RODATA, $8 DATA ·libc_bind_trampoline_addr(SB)/8, $libc_bind_trampoline<>(SB) TEXT libc_connect_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_connect(SB) - GLOBL ·libc_connect_trampoline_addr(SB), RODATA, $8 DATA ·libc_connect_trampoline_addr(SB)/8, $libc_connect_trampoline<>(SB) TEXT libc_socket_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_socket(SB) - GLOBL ·libc_socket_trampoline_addr(SB), RODATA, $8 DATA ·libc_socket_trampoline_addr(SB)/8, $libc_socket_trampoline<>(SB) TEXT libc_getsockopt_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getsockopt(SB) - GLOBL ·libc_getsockopt_trampoline_addr(SB), RODATA, $8 DATA ·libc_getsockopt_trampoline_addr(SB)/8, $libc_getsockopt_trampoline<>(SB) TEXT libc_setsockopt_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setsockopt(SB) - GLOBL ·libc_setsockopt_trampoline_addr(SB), RODATA, $8 DATA ·libc_setsockopt_trampoline_addr(SB)/8, $libc_setsockopt_trampoline<>(SB) TEXT libc_getpeername_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getpeername(SB) - GLOBL ·libc_getpeername_trampoline_addr(SB), RODATA, $8 DATA ·libc_getpeername_trampoline_addr(SB)/8, $libc_getpeername_trampoline<>(SB) TEXT libc_getsockname_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getsockname(SB) - GLOBL ·libc_getsockname_trampoline_addr(SB), RODATA, $8 DATA ·libc_getsockname_trampoline_addr(SB)/8, $libc_getsockname_trampoline<>(SB) TEXT libc_shutdown_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_shutdown(SB) - GLOBL ·libc_shutdown_trampoline_addr(SB), RODATA, $8 DATA ·libc_shutdown_trampoline_addr(SB)/8, $libc_shutdown_trampoline<>(SB) TEXT libc_socketpair_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_socketpair(SB) - GLOBL ·libc_socketpair_trampoline_addr(SB), RODATA, $8 DATA ·libc_socketpair_trampoline_addr(SB)/8, $libc_socketpair_trampoline<>(SB) TEXT libc_recvfrom_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_recvfrom(SB) - GLOBL ·libc_recvfrom_trampoline_addr(SB), RODATA, $8 DATA ·libc_recvfrom_trampoline_addr(SB)/8, $libc_recvfrom_trampoline<>(SB) TEXT libc_sendto_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_sendto(SB) - GLOBL ·libc_sendto_trampoline_addr(SB), RODATA, $8 DATA ·libc_sendto_trampoline_addr(SB)/8, $libc_sendto_trampoline<>(SB) TEXT libc_recvmsg_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_recvmsg(SB) - GLOBL ·libc_recvmsg_trampoline_addr(SB), RODATA, $8 DATA ·libc_recvmsg_trampoline_addr(SB)/8, $libc_recvmsg_trampoline<>(SB) TEXT libc_sendmsg_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_sendmsg(SB) - GLOBL ·libc_sendmsg_trampoline_addr(SB), RODATA, $8 DATA ·libc_sendmsg_trampoline_addr(SB)/8, $libc_sendmsg_trampoline<>(SB) TEXT libc_kevent_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_kevent(SB) - GLOBL ·libc_kevent_trampoline_addr(SB), RODATA, $8 DATA ·libc_kevent_trampoline_addr(SB)/8, $libc_kevent_trampoline<>(SB) TEXT libc_utimes_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_utimes(SB) - GLOBL ·libc_utimes_trampoline_addr(SB), RODATA, $8 DATA ·libc_utimes_trampoline_addr(SB)/8, $libc_utimes_trampoline<>(SB) TEXT libc_futimes_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_futimes(SB) - GLOBL ·libc_futimes_trampoline_addr(SB), RODATA, $8 DATA ·libc_futimes_trampoline_addr(SB)/8, $libc_futimes_trampoline<>(SB) TEXT libc_poll_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_poll(SB) - GLOBL ·libc_poll_trampoline_addr(SB), RODATA, $8 DATA ·libc_poll_trampoline_addr(SB)/8, $libc_poll_trampoline<>(SB) TEXT libc_madvise_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_madvise(SB) - GLOBL ·libc_madvise_trampoline_addr(SB), RODATA, $8 DATA ·libc_madvise_trampoline_addr(SB)/8, $libc_madvise_trampoline<>(SB) TEXT libc_mlock_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_mlock(SB) - GLOBL ·libc_mlock_trampoline_addr(SB), RODATA, $8 DATA ·libc_mlock_trampoline_addr(SB)/8, $libc_mlock_trampoline<>(SB) TEXT libc_mlockall_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_mlockall(SB) - GLOBL ·libc_mlockall_trampoline_addr(SB), RODATA, $8 DATA ·libc_mlockall_trampoline_addr(SB)/8, $libc_mlockall_trampoline<>(SB) TEXT libc_mprotect_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_mprotect(SB) - GLOBL ·libc_mprotect_trampoline_addr(SB), RODATA, $8 DATA ·libc_mprotect_trampoline_addr(SB)/8, $libc_mprotect_trampoline<>(SB) TEXT libc_msync_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_msync(SB) - GLOBL ·libc_msync_trampoline_addr(SB), RODATA, $8 DATA ·libc_msync_trampoline_addr(SB)/8, $libc_msync_trampoline<>(SB) TEXT libc_munlock_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_munlock(SB) - GLOBL ·libc_munlock_trampoline_addr(SB), RODATA, $8 DATA ·libc_munlock_trampoline_addr(SB)/8, $libc_munlock_trampoline<>(SB) TEXT libc_munlockall_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_munlockall(SB) - GLOBL ·libc_munlockall_trampoline_addr(SB), RODATA, $8 DATA ·libc_munlockall_trampoline_addr(SB)/8, $libc_munlockall_trampoline<>(SB) TEXT libc_pipe2_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_pipe2(SB) - GLOBL ·libc_pipe2_trampoline_addr(SB), RODATA, $8 DATA ·libc_pipe2_trampoline_addr(SB)/8, $libc_pipe2_trampoline<>(SB) TEXT libc_getdents_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getdents(SB) - GLOBL ·libc_getdents_trampoline_addr(SB), RODATA, $8 DATA ·libc_getdents_trampoline_addr(SB)/8, $libc_getdents_trampoline<>(SB) TEXT libc_getcwd_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getcwd(SB) - GLOBL ·libc_getcwd_trampoline_addr(SB), RODATA, $8 DATA ·libc_getcwd_trampoline_addr(SB)/8, $libc_getcwd_trampoline<>(SB) TEXT libc_ioctl_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_ioctl(SB) - GLOBL ·libc_ioctl_trampoline_addr(SB), RODATA, $8 DATA ·libc_ioctl_trampoline_addr(SB)/8, $libc_ioctl_trampoline<>(SB) TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_sysctl(SB) - GLOBL ·libc_sysctl_trampoline_addr(SB), RODATA, $8 DATA ·libc_sysctl_trampoline_addr(SB)/8, $libc_sysctl_trampoline<>(SB) TEXT libc_ppoll_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_ppoll(SB) - GLOBL ·libc_ppoll_trampoline_addr(SB), RODATA, $8 DATA ·libc_ppoll_trampoline_addr(SB)/8, $libc_ppoll_trampoline<>(SB) TEXT libc_access_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_access(SB) - GLOBL ·libc_access_trampoline_addr(SB), RODATA, $8 DATA ·libc_access_trampoline_addr(SB)/8, $libc_access_trampoline<>(SB) TEXT libc_adjtime_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_adjtime(SB) - GLOBL ·libc_adjtime_trampoline_addr(SB), RODATA, $8 DATA ·libc_adjtime_trampoline_addr(SB)/8, $libc_adjtime_trampoline<>(SB) TEXT libc_chdir_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_chdir(SB) - GLOBL ·libc_chdir_trampoline_addr(SB), RODATA, $8 DATA ·libc_chdir_trampoline_addr(SB)/8, $libc_chdir_trampoline<>(SB) TEXT libc_chflags_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_chflags(SB) - GLOBL ·libc_chflags_trampoline_addr(SB), RODATA, $8 DATA ·libc_chflags_trampoline_addr(SB)/8, $libc_chflags_trampoline<>(SB) TEXT libc_chmod_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_chmod(SB) - GLOBL ·libc_chmod_trampoline_addr(SB), RODATA, $8 DATA ·libc_chmod_trampoline_addr(SB)/8, $libc_chmod_trampoline<>(SB) TEXT libc_chown_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_chown(SB) - GLOBL ·libc_chown_trampoline_addr(SB), RODATA, $8 DATA ·libc_chown_trampoline_addr(SB)/8, $libc_chown_trampoline<>(SB) TEXT libc_chroot_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_chroot(SB) - GLOBL ·libc_chroot_trampoline_addr(SB), RODATA, $8 DATA ·libc_chroot_trampoline_addr(SB)/8, $libc_chroot_trampoline<>(SB) +TEXT libc_clock_gettime_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_clock_gettime(SB) +GLOBL ·libc_clock_gettime_trampoline_addr(SB), RODATA, $8 +DATA ·libc_clock_gettime_trampoline_addr(SB)/8, $libc_clock_gettime_trampoline<>(SB) + TEXT libc_close_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_close(SB) - GLOBL ·libc_close_trampoline_addr(SB), RODATA, $8 DATA ·libc_close_trampoline_addr(SB)/8, $libc_close_trampoline<>(SB) TEXT libc_dup_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_dup(SB) - GLOBL ·libc_dup_trampoline_addr(SB), RODATA, $8 DATA ·libc_dup_trampoline_addr(SB)/8, $libc_dup_trampoline<>(SB) TEXT libc_dup2_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_dup2(SB) - GLOBL ·libc_dup2_trampoline_addr(SB), RODATA, $8 DATA ·libc_dup2_trampoline_addr(SB)/8, $libc_dup2_trampoline<>(SB) TEXT libc_dup3_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_dup3(SB) - GLOBL ·libc_dup3_trampoline_addr(SB), RODATA, $8 DATA ·libc_dup3_trampoline_addr(SB)/8, $libc_dup3_trampoline<>(SB) TEXT libc_exit_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_exit(SB) - GLOBL ·libc_exit_trampoline_addr(SB), RODATA, $8 DATA ·libc_exit_trampoline_addr(SB)/8, $libc_exit_trampoline<>(SB) TEXT libc_faccessat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_faccessat(SB) - GLOBL ·libc_faccessat_trampoline_addr(SB), RODATA, $8 DATA ·libc_faccessat_trampoline_addr(SB)/8, $libc_faccessat_trampoline<>(SB) TEXT libc_fchdir_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fchdir(SB) - GLOBL ·libc_fchdir_trampoline_addr(SB), RODATA, $8 DATA ·libc_fchdir_trampoline_addr(SB)/8, $libc_fchdir_trampoline<>(SB) TEXT libc_fchflags_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fchflags(SB) - GLOBL ·libc_fchflags_trampoline_addr(SB), RODATA, $8 DATA ·libc_fchflags_trampoline_addr(SB)/8, $libc_fchflags_trampoline<>(SB) TEXT libc_fchmod_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fchmod(SB) - GLOBL ·libc_fchmod_trampoline_addr(SB), RODATA, $8 DATA ·libc_fchmod_trampoline_addr(SB)/8, $libc_fchmod_trampoline<>(SB) TEXT libc_fchmodat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fchmodat(SB) - GLOBL ·libc_fchmodat_trampoline_addr(SB), RODATA, $8 DATA ·libc_fchmodat_trampoline_addr(SB)/8, $libc_fchmodat_trampoline<>(SB) TEXT libc_fchown_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fchown(SB) - GLOBL ·libc_fchown_trampoline_addr(SB), RODATA, $8 DATA ·libc_fchown_trampoline_addr(SB)/8, $libc_fchown_trampoline<>(SB) TEXT libc_fchownat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fchownat(SB) - GLOBL ·libc_fchownat_trampoline_addr(SB), RODATA, $8 DATA ·libc_fchownat_trampoline_addr(SB)/8, $libc_fchownat_trampoline<>(SB) TEXT libc_flock_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_flock(SB) - GLOBL ·libc_flock_trampoline_addr(SB), RODATA, $8 DATA ·libc_flock_trampoline_addr(SB)/8, $libc_flock_trampoline<>(SB) TEXT libc_fpathconf_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fpathconf(SB) - GLOBL ·libc_fpathconf_trampoline_addr(SB), RODATA, $8 DATA ·libc_fpathconf_trampoline_addr(SB)/8, $libc_fpathconf_trampoline<>(SB) TEXT libc_fstat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fstat(SB) - GLOBL ·libc_fstat_trampoline_addr(SB), RODATA, $8 DATA ·libc_fstat_trampoline_addr(SB)/8, $libc_fstat_trampoline<>(SB) TEXT libc_fstatat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fstatat(SB) - GLOBL ·libc_fstatat_trampoline_addr(SB), RODATA, $8 DATA ·libc_fstatat_trampoline_addr(SB)/8, $libc_fstatat_trampoline<>(SB) TEXT libc_fstatfs_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fstatfs(SB) - GLOBL ·libc_fstatfs_trampoline_addr(SB), RODATA, $8 DATA ·libc_fstatfs_trampoline_addr(SB)/8, $libc_fstatfs_trampoline<>(SB) TEXT libc_fsync_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fsync(SB) - GLOBL ·libc_fsync_trampoline_addr(SB), RODATA, $8 DATA ·libc_fsync_trampoline_addr(SB)/8, $libc_fsync_trampoline<>(SB) TEXT libc_ftruncate_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_ftruncate(SB) - GLOBL ·libc_ftruncate_trampoline_addr(SB), RODATA, $8 DATA ·libc_ftruncate_trampoline_addr(SB)/8, $libc_ftruncate_trampoline<>(SB) TEXT libc_getegid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getegid(SB) - GLOBL ·libc_getegid_trampoline_addr(SB), RODATA, $8 DATA ·libc_getegid_trampoline_addr(SB)/8, $libc_getegid_trampoline<>(SB) TEXT libc_geteuid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_geteuid(SB) - GLOBL ·libc_geteuid_trampoline_addr(SB), RODATA, $8 DATA ·libc_geteuid_trampoline_addr(SB)/8, $libc_geteuid_trampoline<>(SB) TEXT libc_getgid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getgid(SB) - GLOBL ·libc_getgid_trampoline_addr(SB), RODATA, $8 DATA ·libc_getgid_trampoline_addr(SB)/8, $libc_getgid_trampoline<>(SB) TEXT libc_getpgid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getpgid(SB) - GLOBL ·libc_getpgid_trampoline_addr(SB), RODATA, $8 DATA ·libc_getpgid_trampoline_addr(SB)/8, $libc_getpgid_trampoline<>(SB) TEXT libc_getpgrp_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getpgrp(SB) - GLOBL ·libc_getpgrp_trampoline_addr(SB), RODATA, $8 DATA ·libc_getpgrp_trampoline_addr(SB)/8, $libc_getpgrp_trampoline<>(SB) TEXT libc_getpid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getpid(SB) - GLOBL ·libc_getpid_trampoline_addr(SB), RODATA, $8 DATA ·libc_getpid_trampoline_addr(SB)/8, $libc_getpid_trampoline<>(SB) TEXT libc_getppid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getppid(SB) - GLOBL ·libc_getppid_trampoline_addr(SB), RODATA, $8 DATA ·libc_getppid_trampoline_addr(SB)/8, $libc_getppid_trampoline<>(SB) TEXT libc_getpriority_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getpriority(SB) - GLOBL ·libc_getpriority_trampoline_addr(SB), RODATA, $8 DATA ·libc_getpriority_trampoline_addr(SB)/8, $libc_getpriority_trampoline<>(SB) TEXT libc_getrlimit_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getrlimit(SB) - GLOBL ·libc_getrlimit_trampoline_addr(SB), RODATA, $8 DATA ·libc_getrlimit_trampoline_addr(SB)/8, $libc_getrlimit_trampoline<>(SB) TEXT libc_getrtable_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getrtable(SB) - GLOBL ·libc_getrtable_trampoline_addr(SB), RODATA, $8 DATA ·libc_getrtable_trampoline_addr(SB)/8, $libc_getrtable_trampoline<>(SB) TEXT libc_getrusage_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getrusage(SB) - GLOBL ·libc_getrusage_trampoline_addr(SB), RODATA, $8 DATA ·libc_getrusage_trampoline_addr(SB)/8, $libc_getrusage_trampoline<>(SB) TEXT libc_getsid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getsid(SB) - GLOBL ·libc_getsid_trampoline_addr(SB), RODATA, $8 DATA ·libc_getsid_trampoline_addr(SB)/8, $libc_getsid_trampoline<>(SB) TEXT libc_gettimeofday_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_gettimeofday(SB) - GLOBL ·libc_gettimeofday_trampoline_addr(SB), RODATA, $8 DATA ·libc_gettimeofday_trampoline_addr(SB)/8, $libc_gettimeofday_trampoline<>(SB) TEXT libc_getuid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getuid(SB) - GLOBL ·libc_getuid_trampoline_addr(SB), RODATA, $8 DATA ·libc_getuid_trampoline_addr(SB)/8, $libc_getuid_trampoline<>(SB) TEXT libc_issetugid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_issetugid(SB) - GLOBL ·libc_issetugid_trampoline_addr(SB), RODATA, $8 DATA ·libc_issetugid_trampoline_addr(SB)/8, $libc_issetugid_trampoline<>(SB) TEXT libc_kill_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_kill(SB) - GLOBL ·libc_kill_trampoline_addr(SB), RODATA, $8 DATA ·libc_kill_trampoline_addr(SB)/8, $libc_kill_trampoline<>(SB) TEXT libc_kqueue_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_kqueue(SB) - GLOBL ·libc_kqueue_trampoline_addr(SB), RODATA, $8 DATA ·libc_kqueue_trampoline_addr(SB)/8, $libc_kqueue_trampoline<>(SB) TEXT libc_lchown_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_lchown(SB) - GLOBL ·libc_lchown_trampoline_addr(SB), RODATA, $8 DATA ·libc_lchown_trampoline_addr(SB)/8, $libc_lchown_trampoline<>(SB) TEXT libc_link_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_link(SB) - GLOBL ·libc_link_trampoline_addr(SB), RODATA, $8 DATA ·libc_link_trampoline_addr(SB)/8, $libc_link_trampoline<>(SB) TEXT libc_linkat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_linkat(SB) - GLOBL ·libc_linkat_trampoline_addr(SB), RODATA, $8 DATA ·libc_linkat_trampoline_addr(SB)/8, $libc_linkat_trampoline<>(SB) TEXT libc_listen_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_listen(SB) - GLOBL ·libc_listen_trampoline_addr(SB), RODATA, $8 DATA ·libc_listen_trampoline_addr(SB)/8, $libc_listen_trampoline<>(SB) TEXT libc_lstat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_lstat(SB) - GLOBL ·libc_lstat_trampoline_addr(SB), RODATA, $8 DATA ·libc_lstat_trampoline_addr(SB)/8, $libc_lstat_trampoline<>(SB) TEXT libc_mkdir_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_mkdir(SB) - GLOBL ·libc_mkdir_trampoline_addr(SB), RODATA, $8 DATA ·libc_mkdir_trampoline_addr(SB)/8, $libc_mkdir_trampoline<>(SB) TEXT libc_mkdirat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_mkdirat(SB) - GLOBL ·libc_mkdirat_trampoline_addr(SB), RODATA, $8 DATA ·libc_mkdirat_trampoline_addr(SB)/8, $libc_mkdirat_trampoline<>(SB) TEXT libc_mkfifo_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_mkfifo(SB) - GLOBL ·libc_mkfifo_trampoline_addr(SB), RODATA, $8 DATA ·libc_mkfifo_trampoline_addr(SB)/8, $libc_mkfifo_trampoline<>(SB) TEXT libc_mkfifoat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_mkfifoat(SB) - GLOBL ·libc_mkfifoat_trampoline_addr(SB), RODATA, $8 DATA ·libc_mkfifoat_trampoline_addr(SB)/8, $libc_mkfifoat_trampoline<>(SB) TEXT libc_mknod_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_mknod(SB) - GLOBL ·libc_mknod_trampoline_addr(SB), RODATA, $8 DATA ·libc_mknod_trampoline_addr(SB)/8, $libc_mknod_trampoline<>(SB) TEXT libc_mknodat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_mknodat(SB) - GLOBL ·libc_mknodat_trampoline_addr(SB), RODATA, $8 DATA ·libc_mknodat_trampoline_addr(SB)/8, $libc_mknodat_trampoline<>(SB) TEXT libc_nanosleep_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_nanosleep(SB) - GLOBL ·libc_nanosleep_trampoline_addr(SB), RODATA, $8 DATA ·libc_nanosleep_trampoline_addr(SB)/8, $libc_nanosleep_trampoline<>(SB) TEXT libc_open_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_open(SB) - GLOBL ·libc_open_trampoline_addr(SB), RODATA, $8 DATA ·libc_open_trampoline_addr(SB)/8, $libc_open_trampoline<>(SB) TEXT libc_openat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_openat(SB) - GLOBL ·libc_openat_trampoline_addr(SB), RODATA, $8 DATA ·libc_openat_trampoline_addr(SB)/8, $libc_openat_trampoline<>(SB) TEXT libc_pathconf_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_pathconf(SB) - GLOBL ·libc_pathconf_trampoline_addr(SB), RODATA, $8 DATA ·libc_pathconf_trampoline_addr(SB)/8, $libc_pathconf_trampoline<>(SB) TEXT libc_pread_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_pread(SB) - GLOBL ·libc_pread_trampoline_addr(SB), RODATA, $8 DATA ·libc_pread_trampoline_addr(SB)/8, $libc_pread_trampoline<>(SB) TEXT libc_pwrite_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_pwrite(SB) - GLOBL ·libc_pwrite_trampoline_addr(SB), RODATA, $8 DATA ·libc_pwrite_trampoline_addr(SB)/8, $libc_pwrite_trampoline<>(SB) TEXT libc_read_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_read(SB) - GLOBL ·libc_read_trampoline_addr(SB), RODATA, $8 DATA ·libc_read_trampoline_addr(SB)/8, $libc_read_trampoline<>(SB) TEXT libc_readlink_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_readlink(SB) - GLOBL ·libc_readlink_trampoline_addr(SB), RODATA, $8 DATA ·libc_readlink_trampoline_addr(SB)/8, $libc_readlink_trampoline<>(SB) TEXT libc_readlinkat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_readlinkat(SB) - GLOBL ·libc_readlinkat_trampoline_addr(SB), RODATA, $8 DATA ·libc_readlinkat_trampoline_addr(SB)/8, $libc_readlinkat_trampoline<>(SB) TEXT libc_rename_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_rename(SB) - GLOBL ·libc_rename_trampoline_addr(SB), RODATA, $8 DATA ·libc_rename_trampoline_addr(SB)/8, $libc_rename_trampoline<>(SB) TEXT libc_renameat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_renameat(SB) - GLOBL ·libc_renameat_trampoline_addr(SB), RODATA, $8 DATA ·libc_renameat_trampoline_addr(SB)/8, $libc_renameat_trampoline<>(SB) TEXT libc_revoke_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_revoke(SB) - GLOBL ·libc_revoke_trampoline_addr(SB), RODATA, $8 DATA ·libc_revoke_trampoline_addr(SB)/8, $libc_revoke_trampoline<>(SB) TEXT libc_rmdir_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_rmdir(SB) - GLOBL ·libc_rmdir_trampoline_addr(SB), RODATA, $8 DATA ·libc_rmdir_trampoline_addr(SB)/8, $libc_rmdir_trampoline<>(SB) TEXT libc_lseek_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_lseek(SB) - GLOBL ·libc_lseek_trampoline_addr(SB), RODATA, $8 DATA ·libc_lseek_trampoline_addr(SB)/8, $libc_lseek_trampoline<>(SB) TEXT libc_select_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_select(SB) - GLOBL ·libc_select_trampoline_addr(SB), RODATA, $8 DATA ·libc_select_trampoline_addr(SB)/8, $libc_select_trampoline<>(SB) TEXT libc_setegid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setegid(SB) - GLOBL ·libc_setegid_trampoline_addr(SB), RODATA, $8 DATA ·libc_setegid_trampoline_addr(SB)/8, $libc_setegid_trampoline<>(SB) TEXT libc_seteuid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_seteuid(SB) - GLOBL ·libc_seteuid_trampoline_addr(SB), RODATA, $8 DATA ·libc_seteuid_trampoline_addr(SB)/8, $libc_seteuid_trampoline<>(SB) TEXT libc_setgid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setgid(SB) - GLOBL ·libc_setgid_trampoline_addr(SB), RODATA, $8 DATA ·libc_setgid_trampoline_addr(SB)/8, $libc_setgid_trampoline<>(SB) TEXT libc_setlogin_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setlogin(SB) - GLOBL ·libc_setlogin_trampoline_addr(SB), RODATA, $8 DATA ·libc_setlogin_trampoline_addr(SB)/8, $libc_setlogin_trampoline<>(SB) TEXT libc_setpgid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setpgid(SB) - GLOBL ·libc_setpgid_trampoline_addr(SB), RODATA, $8 DATA ·libc_setpgid_trampoline_addr(SB)/8, $libc_setpgid_trampoline<>(SB) TEXT libc_setpriority_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setpriority(SB) - GLOBL ·libc_setpriority_trampoline_addr(SB), RODATA, $8 DATA ·libc_setpriority_trampoline_addr(SB)/8, $libc_setpriority_trampoline<>(SB) TEXT libc_setregid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setregid(SB) - GLOBL ·libc_setregid_trampoline_addr(SB), RODATA, $8 DATA ·libc_setregid_trampoline_addr(SB)/8, $libc_setregid_trampoline<>(SB) TEXT libc_setreuid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setreuid(SB) - GLOBL ·libc_setreuid_trampoline_addr(SB), RODATA, $8 DATA ·libc_setreuid_trampoline_addr(SB)/8, $libc_setreuid_trampoline<>(SB) TEXT libc_setresgid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setresgid(SB) - GLOBL ·libc_setresgid_trampoline_addr(SB), RODATA, $8 DATA ·libc_setresgid_trampoline_addr(SB)/8, $libc_setresgid_trampoline<>(SB) TEXT libc_setresuid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setresuid(SB) - GLOBL ·libc_setresuid_trampoline_addr(SB), RODATA, $8 DATA ·libc_setresuid_trampoline_addr(SB)/8, $libc_setresuid_trampoline<>(SB) TEXT libc_setrlimit_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setrlimit(SB) - GLOBL ·libc_setrlimit_trampoline_addr(SB), RODATA, $8 DATA ·libc_setrlimit_trampoline_addr(SB)/8, $libc_setrlimit_trampoline<>(SB) TEXT libc_setrtable_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setrtable(SB) - GLOBL ·libc_setrtable_trampoline_addr(SB), RODATA, $8 DATA ·libc_setrtable_trampoline_addr(SB)/8, $libc_setrtable_trampoline<>(SB) TEXT libc_setsid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setsid(SB) - GLOBL ·libc_setsid_trampoline_addr(SB), RODATA, $8 DATA ·libc_setsid_trampoline_addr(SB)/8, $libc_setsid_trampoline<>(SB) TEXT libc_settimeofday_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_settimeofday(SB) - GLOBL ·libc_settimeofday_trampoline_addr(SB), RODATA, $8 DATA ·libc_settimeofday_trampoline_addr(SB)/8, $libc_settimeofday_trampoline<>(SB) TEXT libc_setuid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setuid(SB) - GLOBL ·libc_setuid_trampoline_addr(SB), RODATA, $8 DATA ·libc_setuid_trampoline_addr(SB)/8, $libc_setuid_trampoline<>(SB) TEXT libc_stat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_stat(SB) - GLOBL ·libc_stat_trampoline_addr(SB), RODATA, $8 DATA ·libc_stat_trampoline_addr(SB)/8, $libc_stat_trampoline<>(SB) TEXT libc_statfs_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_statfs(SB) - GLOBL ·libc_statfs_trampoline_addr(SB), RODATA, $8 DATA ·libc_statfs_trampoline_addr(SB)/8, $libc_statfs_trampoline<>(SB) TEXT libc_symlink_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_symlink(SB) - GLOBL ·libc_symlink_trampoline_addr(SB), RODATA, $8 DATA ·libc_symlink_trampoline_addr(SB)/8, $libc_symlink_trampoline<>(SB) TEXT libc_symlinkat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_symlinkat(SB) - GLOBL ·libc_symlinkat_trampoline_addr(SB), RODATA, $8 DATA ·libc_symlinkat_trampoline_addr(SB)/8, $libc_symlinkat_trampoline<>(SB) TEXT libc_sync_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_sync(SB) - GLOBL ·libc_sync_trampoline_addr(SB), RODATA, $8 DATA ·libc_sync_trampoline_addr(SB)/8, $libc_sync_trampoline<>(SB) TEXT libc_truncate_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_truncate(SB) - GLOBL ·libc_truncate_trampoline_addr(SB), RODATA, $8 DATA ·libc_truncate_trampoline_addr(SB)/8, $libc_truncate_trampoline<>(SB) TEXT libc_umask_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_umask(SB) - GLOBL ·libc_umask_trampoline_addr(SB), RODATA, $8 DATA ·libc_umask_trampoline_addr(SB)/8, $libc_umask_trampoline<>(SB) TEXT libc_unlink_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_unlink(SB) - GLOBL ·libc_unlink_trampoline_addr(SB), RODATA, $8 DATA ·libc_unlink_trampoline_addr(SB)/8, $libc_unlink_trampoline<>(SB) TEXT libc_unlinkat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_unlinkat(SB) - GLOBL ·libc_unlinkat_trampoline_addr(SB), RODATA, $8 DATA ·libc_unlinkat_trampoline_addr(SB)/8, $libc_unlinkat_trampoline<>(SB) TEXT libc_unmount_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_unmount(SB) - GLOBL ·libc_unmount_trampoline_addr(SB), RODATA, $8 DATA ·libc_unmount_trampoline_addr(SB)/8, $libc_unmount_trampoline<>(SB) TEXT libc_write_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_write(SB) - GLOBL ·libc_write_trampoline_addr(SB), RODATA, $8 DATA ·libc_write_trampoline_addr(SB)/8, $libc_write_trampoline<>(SB) TEXT libc_mmap_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_mmap(SB) - GLOBL ·libc_mmap_trampoline_addr(SB), RODATA, $8 DATA ·libc_mmap_trampoline_addr(SB)/8, $libc_mmap_trampoline<>(SB) TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_munmap(SB) - GLOBL ·libc_munmap_trampoline_addr(SB), RODATA, $8 DATA ·libc_munmap_trampoline_addr(SB)/8, $libc_munmap_trampoline<>(SB) TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_utimensat(SB) - GLOBL ·libc_utimensat_trampoline_addr(SB), RODATA, $8 DATA ·libc_utimensat_trampoline_addr(SB)/8, $libc_utimensat_trampoline<>(SB) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go index 8da6791d1e3..b2da8e50cc7 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go @@ -696,6 +696,20 @@ var libc_chroot_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ClockGettime(clockid int32, time *Timespec) (err error) { + _, _, e1 := syscall_syscall(libc_clock_gettime_trampoline_addr, uintptr(clockid), uintptr(unsafe.Pointer(time)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_clock_gettime_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_clock_gettime clock_gettime "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func Close(fd int) (err error) { _, _, e1 := syscall_syscall(libc_close_trampoline_addr, uintptr(fd), 0, 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s index 9ad116d9fbd..cf310420c94 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s @@ -5,792 +5,665 @@ TEXT libc_getgroups_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getgroups(SB) - GLOBL ·libc_getgroups_trampoline_addr(SB), RODATA, $4 DATA ·libc_getgroups_trampoline_addr(SB)/4, $libc_getgroups_trampoline<>(SB) TEXT libc_setgroups_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setgroups(SB) - GLOBL ·libc_setgroups_trampoline_addr(SB), RODATA, $4 DATA ·libc_setgroups_trampoline_addr(SB)/4, $libc_setgroups_trampoline<>(SB) TEXT libc_wait4_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_wait4(SB) - GLOBL ·libc_wait4_trampoline_addr(SB), RODATA, $4 DATA ·libc_wait4_trampoline_addr(SB)/4, $libc_wait4_trampoline<>(SB) TEXT libc_accept_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_accept(SB) - GLOBL ·libc_accept_trampoline_addr(SB), RODATA, $4 DATA ·libc_accept_trampoline_addr(SB)/4, $libc_accept_trampoline<>(SB) TEXT libc_bind_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_bind(SB) - GLOBL ·libc_bind_trampoline_addr(SB), RODATA, $4 DATA ·libc_bind_trampoline_addr(SB)/4, $libc_bind_trampoline<>(SB) TEXT libc_connect_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_connect(SB) - GLOBL ·libc_connect_trampoline_addr(SB), RODATA, $4 DATA ·libc_connect_trampoline_addr(SB)/4, $libc_connect_trampoline<>(SB) TEXT libc_socket_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_socket(SB) - GLOBL ·libc_socket_trampoline_addr(SB), RODATA, $4 DATA ·libc_socket_trampoline_addr(SB)/4, $libc_socket_trampoline<>(SB) TEXT libc_getsockopt_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getsockopt(SB) - GLOBL ·libc_getsockopt_trampoline_addr(SB), RODATA, $4 DATA ·libc_getsockopt_trampoline_addr(SB)/4, $libc_getsockopt_trampoline<>(SB) TEXT libc_setsockopt_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setsockopt(SB) - GLOBL ·libc_setsockopt_trampoline_addr(SB), RODATA, $4 DATA ·libc_setsockopt_trampoline_addr(SB)/4, $libc_setsockopt_trampoline<>(SB) TEXT libc_getpeername_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getpeername(SB) - GLOBL ·libc_getpeername_trampoline_addr(SB), RODATA, $4 DATA ·libc_getpeername_trampoline_addr(SB)/4, $libc_getpeername_trampoline<>(SB) TEXT libc_getsockname_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getsockname(SB) - GLOBL ·libc_getsockname_trampoline_addr(SB), RODATA, $4 DATA ·libc_getsockname_trampoline_addr(SB)/4, $libc_getsockname_trampoline<>(SB) TEXT libc_shutdown_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_shutdown(SB) - GLOBL ·libc_shutdown_trampoline_addr(SB), RODATA, $4 DATA ·libc_shutdown_trampoline_addr(SB)/4, $libc_shutdown_trampoline<>(SB) TEXT libc_socketpair_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_socketpair(SB) - GLOBL ·libc_socketpair_trampoline_addr(SB), RODATA, $4 DATA ·libc_socketpair_trampoline_addr(SB)/4, $libc_socketpair_trampoline<>(SB) TEXT libc_recvfrom_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_recvfrom(SB) - GLOBL ·libc_recvfrom_trampoline_addr(SB), RODATA, $4 DATA ·libc_recvfrom_trampoline_addr(SB)/4, $libc_recvfrom_trampoline<>(SB) TEXT libc_sendto_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_sendto(SB) - GLOBL ·libc_sendto_trampoline_addr(SB), RODATA, $4 DATA ·libc_sendto_trampoline_addr(SB)/4, $libc_sendto_trampoline<>(SB) TEXT libc_recvmsg_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_recvmsg(SB) - GLOBL ·libc_recvmsg_trampoline_addr(SB), RODATA, $4 DATA ·libc_recvmsg_trampoline_addr(SB)/4, $libc_recvmsg_trampoline<>(SB) TEXT libc_sendmsg_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_sendmsg(SB) - GLOBL ·libc_sendmsg_trampoline_addr(SB), RODATA, $4 DATA ·libc_sendmsg_trampoline_addr(SB)/4, $libc_sendmsg_trampoline<>(SB) TEXT libc_kevent_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_kevent(SB) - GLOBL ·libc_kevent_trampoline_addr(SB), RODATA, $4 DATA ·libc_kevent_trampoline_addr(SB)/4, $libc_kevent_trampoline<>(SB) TEXT libc_utimes_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_utimes(SB) - GLOBL ·libc_utimes_trampoline_addr(SB), RODATA, $4 DATA ·libc_utimes_trampoline_addr(SB)/4, $libc_utimes_trampoline<>(SB) TEXT libc_futimes_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_futimes(SB) - GLOBL ·libc_futimes_trampoline_addr(SB), RODATA, $4 DATA ·libc_futimes_trampoline_addr(SB)/4, $libc_futimes_trampoline<>(SB) TEXT libc_poll_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_poll(SB) - GLOBL ·libc_poll_trampoline_addr(SB), RODATA, $4 DATA ·libc_poll_trampoline_addr(SB)/4, $libc_poll_trampoline<>(SB) TEXT libc_madvise_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_madvise(SB) - GLOBL ·libc_madvise_trampoline_addr(SB), RODATA, $4 DATA ·libc_madvise_trampoline_addr(SB)/4, $libc_madvise_trampoline<>(SB) TEXT libc_mlock_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_mlock(SB) - GLOBL ·libc_mlock_trampoline_addr(SB), RODATA, $4 DATA ·libc_mlock_trampoline_addr(SB)/4, $libc_mlock_trampoline<>(SB) TEXT libc_mlockall_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_mlockall(SB) - GLOBL ·libc_mlockall_trampoline_addr(SB), RODATA, $4 DATA ·libc_mlockall_trampoline_addr(SB)/4, $libc_mlockall_trampoline<>(SB) TEXT libc_mprotect_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_mprotect(SB) - GLOBL ·libc_mprotect_trampoline_addr(SB), RODATA, $4 DATA ·libc_mprotect_trampoline_addr(SB)/4, $libc_mprotect_trampoline<>(SB) TEXT libc_msync_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_msync(SB) - GLOBL ·libc_msync_trampoline_addr(SB), RODATA, $4 DATA ·libc_msync_trampoline_addr(SB)/4, $libc_msync_trampoline<>(SB) TEXT libc_munlock_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_munlock(SB) - GLOBL ·libc_munlock_trampoline_addr(SB), RODATA, $4 DATA ·libc_munlock_trampoline_addr(SB)/4, $libc_munlock_trampoline<>(SB) TEXT libc_munlockall_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_munlockall(SB) - GLOBL ·libc_munlockall_trampoline_addr(SB), RODATA, $4 DATA ·libc_munlockall_trampoline_addr(SB)/4, $libc_munlockall_trampoline<>(SB) TEXT libc_pipe2_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_pipe2(SB) - GLOBL ·libc_pipe2_trampoline_addr(SB), RODATA, $4 DATA ·libc_pipe2_trampoline_addr(SB)/4, $libc_pipe2_trampoline<>(SB) TEXT libc_getdents_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getdents(SB) - GLOBL ·libc_getdents_trampoline_addr(SB), RODATA, $4 DATA ·libc_getdents_trampoline_addr(SB)/4, $libc_getdents_trampoline<>(SB) TEXT libc_getcwd_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getcwd(SB) - GLOBL ·libc_getcwd_trampoline_addr(SB), RODATA, $4 DATA ·libc_getcwd_trampoline_addr(SB)/4, $libc_getcwd_trampoline<>(SB) TEXT libc_ioctl_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_ioctl(SB) - GLOBL ·libc_ioctl_trampoline_addr(SB), RODATA, $4 DATA ·libc_ioctl_trampoline_addr(SB)/4, $libc_ioctl_trampoline<>(SB) TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_sysctl(SB) - GLOBL ·libc_sysctl_trampoline_addr(SB), RODATA, $4 DATA ·libc_sysctl_trampoline_addr(SB)/4, $libc_sysctl_trampoline<>(SB) TEXT libc_ppoll_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_ppoll(SB) - GLOBL ·libc_ppoll_trampoline_addr(SB), RODATA, $4 DATA ·libc_ppoll_trampoline_addr(SB)/4, $libc_ppoll_trampoline<>(SB) TEXT libc_access_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_access(SB) - GLOBL ·libc_access_trampoline_addr(SB), RODATA, $4 DATA ·libc_access_trampoline_addr(SB)/4, $libc_access_trampoline<>(SB) TEXT libc_adjtime_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_adjtime(SB) - GLOBL ·libc_adjtime_trampoline_addr(SB), RODATA, $4 DATA ·libc_adjtime_trampoline_addr(SB)/4, $libc_adjtime_trampoline<>(SB) TEXT libc_chdir_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_chdir(SB) - GLOBL ·libc_chdir_trampoline_addr(SB), RODATA, $4 DATA ·libc_chdir_trampoline_addr(SB)/4, $libc_chdir_trampoline<>(SB) TEXT libc_chflags_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_chflags(SB) - GLOBL ·libc_chflags_trampoline_addr(SB), RODATA, $4 DATA ·libc_chflags_trampoline_addr(SB)/4, $libc_chflags_trampoline<>(SB) TEXT libc_chmod_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_chmod(SB) - GLOBL ·libc_chmod_trampoline_addr(SB), RODATA, $4 DATA ·libc_chmod_trampoline_addr(SB)/4, $libc_chmod_trampoline<>(SB) TEXT libc_chown_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_chown(SB) - GLOBL ·libc_chown_trampoline_addr(SB), RODATA, $4 DATA ·libc_chown_trampoline_addr(SB)/4, $libc_chown_trampoline<>(SB) TEXT libc_chroot_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_chroot(SB) - GLOBL ·libc_chroot_trampoline_addr(SB), RODATA, $4 DATA ·libc_chroot_trampoline_addr(SB)/4, $libc_chroot_trampoline<>(SB) +TEXT libc_clock_gettime_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_clock_gettime(SB) +GLOBL ·libc_clock_gettime_trampoline_addr(SB), RODATA, $4 +DATA ·libc_clock_gettime_trampoline_addr(SB)/4, $libc_clock_gettime_trampoline<>(SB) + TEXT libc_close_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_close(SB) - GLOBL ·libc_close_trampoline_addr(SB), RODATA, $4 DATA ·libc_close_trampoline_addr(SB)/4, $libc_close_trampoline<>(SB) TEXT libc_dup_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_dup(SB) - GLOBL ·libc_dup_trampoline_addr(SB), RODATA, $4 DATA ·libc_dup_trampoline_addr(SB)/4, $libc_dup_trampoline<>(SB) TEXT libc_dup2_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_dup2(SB) - GLOBL ·libc_dup2_trampoline_addr(SB), RODATA, $4 DATA ·libc_dup2_trampoline_addr(SB)/4, $libc_dup2_trampoline<>(SB) TEXT libc_dup3_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_dup3(SB) - GLOBL ·libc_dup3_trampoline_addr(SB), RODATA, $4 DATA ·libc_dup3_trampoline_addr(SB)/4, $libc_dup3_trampoline<>(SB) TEXT libc_exit_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_exit(SB) - GLOBL ·libc_exit_trampoline_addr(SB), RODATA, $4 DATA ·libc_exit_trampoline_addr(SB)/4, $libc_exit_trampoline<>(SB) TEXT libc_faccessat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_faccessat(SB) - GLOBL ·libc_faccessat_trampoline_addr(SB), RODATA, $4 DATA ·libc_faccessat_trampoline_addr(SB)/4, $libc_faccessat_trampoline<>(SB) TEXT libc_fchdir_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fchdir(SB) - GLOBL ·libc_fchdir_trampoline_addr(SB), RODATA, $4 DATA ·libc_fchdir_trampoline_addr(SB)/4, $libc_fchdir_trampoline<>(SB) TEXT libc_fchflags_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fchflags(SB) - GLOBL ·libc_fchflags_trampoline_addr(SB), RODATA, $4 DATA ·libc_fchflags_trampoline_addr(SB)/4, $libc_fchflags_trampoline<>(SB) TEXT libc_fchmod_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fchmod(SB) - GLOBL ·libc_fchmod_trampoline_addr(SB), RODATA, $4 DATA ·libc_fchmod_trampoline_addr(SB)/4, $libc_fchmod_trampoline<>(SB) TEXT libc_fchmodat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fchmodat(SB) - GLOBL ·libc_fchmodat_trampoline_addr(SB), RODATA, $4 DATA ·libc_fchmodat_trampoline_addr(SB)/4, $libc_fchmodat_trampoline<>(SB) TEXT libc_fchown_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fchown(SB) - GLOBL ·libc_fchown_trampoline_addr(SB), RODATA, $4 DATA ·libc_fchown_trampoline_addr(SB)/4, $libc_fchown_trampoline<>(SB) TEXT libc_fchownat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fchownat(SB) - GLOBL ·libc_fchownat_trampoline_addr(SB), RODATA, $4 DATA ·libc_fchownat_trampoline_addr(SB)/4, $libc_fchownat_trampoline<>(SB) TEXT libc_flock_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_flock(SB) - GLOBL ·libc_flock_trampoline_addr(SB), RODATA, $4 DATA ·libc_flock_trampoline_addr(SB)/4, $libc_flock_trampoline<>(SB) TEXT libc_fpathconf_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fpathconf(SB) - GLOBL ·libc_fpathconf_trampoline_addr(SB), RODATA, $4 DATA ·libc_fpathconf_trampoline_addr(SB)/4, $libc_fpathconf_trampoline<>(SB) TEXT libc_fstat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fstat(SB) - GLOBL ·libc_fstat_trampoline_addr(SB), RODATA, $4 DATA ·libc_fstat_trampoline_addr(SB)/4, $libc_fstat_trampoline<>(SB) TEXT libc_fstatat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fstatat(SB) - GLOBL ·libc_fstatat_trampoline_addr(SB), RODATA, $4 DATA ·libc_fstatat_trampoline_addr(SB)/4, $libc_fstatat_trampoline<>(SB) TEXT libc_fstatfs_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fstatfs(SB) - GLOBL ·libc_fstatfs_trampoline_addr(SB), RODATA, $4 DATA ·libc_fstatfs_trampoline_addr(SB)/4, $libc_fstatfs_trampoline<>(SB) TEXT libc_fsync_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fsync(SB) - GLOBL ·libc_fsync_trampoline_addr(SB), RODATA, $4 DATA ·libc_fsync_trampoline_addr(SB)/4, $libc_fsync_trampoline<>(SB) TEXT libc_ftruncate_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_ftruncate(SB) - GLOBL ·libc_ftruncate_trampoline_addr(SB), RODATA, $4 DATA ·libc_ftruncate_trampoline_addr(SB)/4, $libc_ftruncate_trampoline<>(SB) TEXT libc_getegid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getegid(SB) - GLOBL ·libc_getegid_trampoline_addr(SB), RODATA, $4 DATA ·libc_getegid_trampoline_addr(SB)/4, $libc_getegid_trampoline<>(SB) TEXT libc_geteuid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_geteuid(SB) - GLOBL ·libc_geteuid_trampoline_addr(SB), RODATA, $4 DATA ·libc_geteuid_trampoline_addr(SB)/4, $libc_geteuid_trampoline<>(SB) TEXT libc_getgid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getgid(SB) - GLOBL ·libc_getgid_trampoline_addr(SB), RODATA, $4 DATA ·libc_getgid_trampoline_addr(SB)/4, $libc_getgid_trampoline<>(SB) TEXT libc_getpgid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getpgid(SB) - GLOBL ·libc_getpgid_trampoline_addr(SB), RODATA, $4 DATA ·libc_getpgid_trampoline_addr(SB)/4, $libc_getpgid_trampoline<>(SB) TEXT libc_getpgrp_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getpgrp(SB) - GLOBL ·libc_getpgrp_trampoline_addr(SB), RODATA, $4 DATA ·libc_getpgrp_trampoline_addr(SB)/4, $libc_getpgrp_trampoline<>(SB) TEXT libc_getpid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getpid(SB) - GLOBL ·libc_getpid_trampoline_addr(SB), RODATA, $4 DATA ·libc_getpid_trampoline_addr(SB)/4, $libc_getpid_trampoline<>(SB) TEXT libc_getppid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getppid(SB) - GLOBL ·libc_getppid_trampoline_addr(SB), RODATA, $4 DATA ·libc_getppid_trampoline_addr(SB)/4, $libc_getppid_trampoline<>(SB) TEXT libc_getpriority_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getpriority(SB) - GLOBL ·libc_getpriority_trampoline_addr(SB), RODATA, $4 DATA ·libc_getpriority_trampoline_addr(SB)/4, $libc_getpriority_trampoline<>(SB) TEXT libc_getrlimit_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getrlimit(SB) - GLOBL ·libc_getrlimit_trampoline_addr(SB), RODATA, $4 DATA ·libc_getrlimit_trampoline_addr(SB)/4, $libc_getrlimit_trampoline<>(SB) TEXT libc_getrtable_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getrtable(SB) - GLOBL ·libc_getrtable_trampoline_addr(SB), RODATA, $4 DATA ·libc_getrtable_trampoline_addr(SB)/4, $libc_getrtable_trampoline<>(SB) TEXT libc_getrusage_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getrusage(SB) - GLOBL ·libc_getrusage_trampoline_addr(SB), RODATA, $4 DATA ·libc_getrusage_trampoline_addr(SB)/4, $libc_getrusage_trampoline<>(SB) TEXT libc_getsid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getsid(SB) - GLOBL ·libc_getsid_trampoline_addr(SB), RODATA, $4 DATA ·libc_getsid_trampoline_addr(SB)/4, $libc_getsid_trampoline<>(SB) TEXT libc_gettimeofday_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_gettimeofday(SB) - GLOBL ·libc_gettimeofday_trampoline_addr(SB), RODATA, $4 DATA ·libc_gettimeofday_trampoline_addr(SB)/4, $libc_gettimeofday_trampoline<>(SB) TEXT libc_getuid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getuid(SB) - GLOBL ·libc_getuid_trampoline_addr(SB), RODATA, $4 DATA ·libc_getuid_trampoline_addr(SB)/4, $libc_getuid_trampoline<>(SB) TEXT libc_issetugid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_issetugid(SB) - GLOBL ·libc_issetugid_trampoline_addr(SB), RODATA, $4 DATA ·libc_issetugid_trampoline_addr(SB)/4, $libc_issetugid_trampoline<>(SB) TEXT libc_kill_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_kill(SB) - GLOBL ·libc_kill_trampoline_addr(SB), RODATA, $4 DATA ·libc_kill_trampoline_addr(SB)/4, $libc_kill_trampoline<>(SB) TEXT libc_kqueue_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_kqueue(SB) - GLOBL ·libc_kqueue_trampoline_addr(SB), RODATA, $4 DATA ·libc_kqueue_trampoline_addr(SB)/4, $libc_kqueue_trampoline<>(SB) TEXT libc_lchown_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_lchown(SB) - GLOBL ·libc_lchown_trampoline_addr(SB), RODATA, $4 DATA ·libc_lchown_trampoline_addr(SB)/4, $libc_lchown_trampoline<>(SB) TEXT libc_link_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_link(SB) - GLOBL ·libc_link_trampoline_addr(SB), RODATA, $4 DATA ·libc_link_trampoline_addr(SB)/4, $libc_link_trampoline<>(SB) TEXT libc_linkat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_linkat(SB) - GLOBL ·libc_linkat_trampoline_addr(SB), RODATA, $4 DATA ·libc_linkat_trampoline_addr(SB)/4, $libc_linkat_trampoline<>(SB) TEXT libc_listen_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_listen(SB) - GLOBL ·libc_listen_trampoline_addr(SB), RODATA, $4 DATA ·libc_listen_trampoline_addr(SB)/4, $libc_listen_trampoline<>(SB) TEXT libc_lstat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_lstat(SB) - GLOBL ·libc_lstat_trampoline_addr(SB), RODATA, $4 DATA ·libc_lstat_trampoline_addr(SB)/4, $libc_lstat_trampoline<>(SB) TEXT libc_mkdir_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_mkdir(SB) - GLOBL ·libc_mkdir_trampoline_addr(SB), RODATA, $4 DATA ·libc_mkdir_trampoline_addr(SB)/4, $libc_mkdir_trampoline<>(SB) TEXT libc_mkdirat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_mkdirat(SB) - GLOBL ·libc_mkdirat_trampoline_addr(SB), RODATA, $4 DATA ·libc_mkdirat_trampoline_addr(SB)/4, $libc_mkdirat_trampoline<>(SB) TEXT libc_mkfifo_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_mkfifo(SB) - GLOBL ·libc_mkfifo_trampoline_addr(SB), RODATA, $4 DATA ·libc_mkfifo_trampoline_addr(SB)/4, $libc_mkfifo_trampoline<>(SB) TEXT libc_mkfifoat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_mkfifoat(SB) - GLOBL ·libc_mkfifoat_trampoline_addr(SB), RODATA, $4 DATA ·libc_mkfifoat_trampoline_addr(SB)/4, $libc_mkfifoat_trampoline<>(SB) TEXT libc_mknod_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_mknod(SB) - GLOBL ·libc_mknod_trampoline_addr(SB), RODATA, $4 DATA ·libc_mknod_trampoline_addr(SB)/4, $libc_mknod_trampoline<>(SB) TEXT libc_mknodat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_mknodat(SB) - GLOBL ·libc_mknodat_trampoline_addr(SB), RODATA, $4 DATA ·libc_mknodat_trampoline_addr(SB)/4, $libc_mknodat_trampoline<>(SB) TEXT libc_nanosleep_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_nanosleep(SB) - GLOBL ·libc_nanosleep_trampoline_addr(SB), RODATA, $4 DATA ·libc_nanosleep_trampoline_addr(SB)/4, $libc_nanosleep_trampoline<>(SB) TEXT libc_open_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_open(SB) - GLOBL ·libc_open_trampoline_addr(SB), RODATA, $4 DATA ·libc_open_trampoline_addr(SB)/4, $libc_open_trampoline<>(SB) TEXT libc_openat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_openat(SB) - GLOBL ·libc_openat_trampoline_addr(SB), RODATA, $4 DATA ·libc_openat_trampoline_addr(SB)/4, $libc_openat_trampoline<>(SB) TEXT libc_pathconf_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_pathconf(SB) - GLOBL ·libc_pathconf_trampoline_addr(SB), RODATA, $4 DATA ·libc_pathconf_trampoline_addr(SB)/4, $libc_pathconf_trampoline<>(SB) TEXT libc_pread_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_pread(SB) - GLOBL ·libc_pread_trampoline_addr(SB), RODATA, $4 DATA ·libc_pread_trampoline_addr(SB)/4, $libc_pread_trampoline<>(SB) TEXT libc_pwrite_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_pwrite(SB) - GLOBL ·libc_pwrite_trampoline_addr(SB), RODATA, $4 DATA ·libc_pwrite_trampoline_addr(SB)/4, $libc_pwrite_trampoline<>(SB) TEXT libc_read_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_read(SB) - GLOBL ·libc_read_trampoline_addr(SB), RODATA, $4 DATA ·libc_read_trampoline_addr(SB)/4, $libc_read_trampoline<>(SB) TEXT libc_readlink_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_readlink(SB) - GLOBL ·libc_readlink_trampoline_addr(SB), RODATA, $4 DATA ·libc_readlink_trampoline_addr(SB)/4, $libc_readlink_trampoline<>(SB) TEXT libc_readlinkat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_readlinkat(SB) - GLOBL ·libc_readlinkat_trampoline_addr(SB), RODATA, $4 DATA ·libc_readlinkat_trampoline_addr(SB)/4, $libc_readlinkat_trampoline<>(SB) TEXT libc_rename_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_rename(SB) - GLOBL ·libc_rename_trampoline_addr(SB), RODATA, $4 DATA ·libc_rename_trampoline_addr(SB)/4, $libc_rename_trampoline<>(SB) TEXT libc_renameat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_renameat(SB) - GLOBL ·libc_renameat_trampoline_addr(SB), RODATA, $4 DATA ·libc_renameat_trampoline_addr(SB)/4, $libc_renameat_trampoline<>(SB) TEXT libc_revoke_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_revoke(SB) - GLOBL ·libc_revoke_trampoline_addr(SB), RODATA, $4 DATA ·libc_revoke_trampoline_addr(SB)/4, $libc_revoke_trampoline<>(SB) TEXT libc_rmdir_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_rmdir(SB) - GLOBL ·libc_rmdir_trampoline_addr(SB), RODATA, $4 DATA ·libc_rmdir_trampoline_addr(SB)/4, $libc_rmdir_trampoline<>(SB) TEXT libc_lseek_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_lseek(SB) - GLOBL ·libc_lseek_trampoline_addr(SB), RODATA, $4 DATA ·libc_lseek_trampoline_addr(SB)/4, $libc_lseek_trampoline<>(SB) TEXT libc_select_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_select(SB) - GLOBL ·libc_select_trampoline_addr(SB), RODATA, $4 DATA ·libc_select_trampoline_addr(SB)/4, $libc_select_trampoline<>(SB) TEXT libc_setegid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setegid(SB) - GLOBL ·libc_setegid_trampoline_addr(SB), RODATA, $4 DATA ·libc_setegid_trampoline_addr(SB)/4, $libc_setegid_trampoline<>(SB) TEXT libc_seteuid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_seteuid(SB) - GLOBL ·libc_seteuid_trampoline_addr(SB), RODATA, $4 DATA ·libc_seteuid_trampoline_addr(SB)/4, $libc_seteuid_trampoline<>(SB) TEXT libc_setgid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setgid(SB) - GLOBL ·libc_setgid_trampoline_addr(SB), RODATA, $4 DATA ·libc_setgid_trampoline_addr(SB)/4, $libc_setgid_trampoline<>(SB) TEXT libc_setlogin_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setlogin(SB) - GLOBL ·libc_setlogin_trampoline_addr(SB), RODATA, $4 DATA ·libc_setlogin_trampoline_addr(SB)/4, $libc_setlogin_trampoline<>(SB) TEXT libc_setpgid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setpgid(SB) - GLOBL ·libc_setpgid_trampoline_addr(SB), RODATA, $4 DATA ·libc_setpgid_trampoline_addr(SB)/4, $libc_setpgid_trampoline<>(SB) TEXT libc_setpriority_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setpriority(SB) - GLOBL ·libc_setpriority_trampoline_addr(SB), RODATA, $4 DATA ·libc_setpriority_trampoline_addr(SB)/4, $libc_setpriority_trampoline<>(SB) TEXT libc_setregid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setregid(SB) - GLOBL ·libc_setregid_trampoline_addr(SB), RODATA, $4 DATA ·libc_setregid_trampoline_addr(SB)/4, $libc_setregid_trampoline<>(SB) TEXT libc_setreuid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setreuid(SB) - GLOBL ·libc_setreuid_trampoline_addr(SB), RODATA, $4 DATA ·libc_setreuid_trampoline_addr(SB)/4, $libc_setreuid_trampoline<>(SB) TEXT libc_setresgid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setresgid(SB) - GLOBL ·libc_setresgid_trampoline_addr(SB), RODATA, $4 DATA ·libc_setresgid_trampoline_addr(SB)/4, $libc_setresgid_trampoline<>(SB) TEXT libc_setresuid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setresuid(SB) - GLOBL ·libc_setresuid_trampoline_addr(SB), RODATA, $4 DATA ·libc_setresuid_trampoline_addr(SB)/4, $libc_setresuid_trampoline<>(SB) TEXT libc_setrlimit_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setrlimit(SB) - GLOBL ·libc_setrlimit_trampoline_addr(SB), RODATA, $4 DATA ·libc_setrlimit_trampoline_addr(SB)/4, $libc_setrlimit_trampoline<>(SB) TEXT libc_setrtable_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setrtable(SB) - GLOBL ·libc_setrtable_trampoline_addr(SB), RODATA, $4 DATA ·libc_setrtable_trampoline_addr(SB)/4, $libc_setrtable_trampoline<>(SB) TEXT libc_setsid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setsid(SB) - GLOBL ·libc_setsid_trampoline_addr(SB), RODATA, $4 DATA ·libc_setsid_trampoline_addr(SB)/4, $libc_setsid_trampoline<>(SB) TEXT libc_settimeofday_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_settimeofday(SB) - GLOBL ·libc_settimeofday_trampoline_addr(SB), RODATA, $4 DATA ·libc_settimeofday_trampoline_addr(SB)/4, $libc_settimeofday_trampoline<>(SB) TEXT libc_setuid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setuid(SB) - GLOBL ·libc_setuid_trampoline_addr(SB), RODATA, $4 DATA ·libc_setuid_trampoline_addr(SB)/4, $libc_setuid_trampoline<>(SB) TEXT libc_stat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_stat(SB) - GLOBL ·libc_stat_trampoline_addr(SB), RODATA, $4 DATA ·libc_stat_trampoline_addr(SB)/4, $libc_stat_trampoline<>(SB) TEXT libc_statfs_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_statfs(SB) - GLOBL ·libc_statfs_trampoline_addr(SB), RODATA, $4 DATA ·libc_statfs_trampoline_addr(SB)/4, $libc_statfs_trampoline<>(SB) TEXT libc_symlink_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_symlink(SB) - GLOBL ·libc_symlink_trampoline_addr(SB), RODATA, $4 DATA ·libc_symlink_trampoline_addr(SB)/4, $libc_symlink_trampoline<>(SB) TEXT libc_symlinkat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_symlinkat(SB) - GLOBL ·libc_symlinkat_trampoline_addr(SB), RODATA, $4 DATA ·libc_symlinkat_trampoline_addr(SB)/4, $libc_symlinkat_trampoline<>(SB) TEXT libc_sync_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_sync(SB) - GLOBL ·libc_sync_trampoline_addr(SB), RODATA, $4 DATA ·libc_sync_trampoline_addr(SB)/4, $libc_sync_trampoline<>(SB) TEXT libc_truncate_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_truncate(SB) - GLOBL ·libc_truncate_trampoline_addr(SB), RODATA, $4 DATA ·libc_truncate_trampoline_addr(SB)/4, $libc_truncate_trampoline<>(SB) TEXT libc_umask_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_umask(SB) - GLOBL ·libc_umask_trampoline_addr(SB), RODATA, $4 DATA ·libc_umask_trampoline_addr(SB)/4, $libc_umask_trampoline<>(SB) TEXT libc_unlink_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_unlink(SB) - GLOBL ·libc_unlink_trampoline_addr(SB), RODATA, $4 DATA ·libc_unlink_trampoline_addr(SB)/4, $libc_unlink_trampoline<>(SB) TEXT libc_unlinkat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_unlinkat(SB) - GLOBL ·libc_unlinkat_trampoline_addr(SB), RODATA, $4 DATA ·libc_unlinkat_trampoline_addr(SB)/4, $libc_unlinkat_trampoline<>(SB) TEXT libc_unmount_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_unmount(SB) - GLOBL ·libc_unmount_trampoline_addr(SB), RODATA, $4 DATA ·libc_unmount_trampoline_addr(SB)/4, $libc_unmount_trampoline<>(SB) TEXT libc_write_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_write(SB) - GLOBL ·libc_write_trampoline_addr(SB), RODATA, $4 DATA ·libc_write_trampoline_addr(SB)/4, $libc_write_trampoline<>(SB) TEXT libc_mmap_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_mmap(SB) - GLOBL ·libc_mmap_trampoline_addr(SB), RODATA, $4 DATA ·libc_mmap_trampoline_addr(SB)/4, $libc_mmap_trampoline<>(SB) TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_munmap(SB) - GLOBL ·libc_munmap_trampoline_addr(SB), RODATA, $4 DATA ·libc_munmap_trampoline_addr(SB)/4, $libc_munmap_trampoline<>(SB) TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_utimensat(SB) - GLOBL ·libc_utimensat_trampoline_addr(SB), RODATA, $4 DATA ·libc_utimensat_trampoline_addr(SB)/4, $libc_utimensat_trampoline<>(SB) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go index 800aab6e3e7..048b2655e6f 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go @@ -696,6 +696,20 @@ var libc_chroot_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ClockGettime(clockid int32, time *Timespec) (err error) { + _, _, e1 := syscall_syscall(libc_clock_gettime_trampoline_addr, uintptr(clockid), uintptr(unsafe.Pointer(time)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_clock_gettime_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_clock_gettime clock_gettime "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func Close(fd int) (err error) { _, _, e1 := syscall_syscall(libc_close_trampoline_addr, uintptr(fd), 0, 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s index 4efeff9abbf..484bb42e0a8 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s @@ -5,792 +5,665 @@ TEXT libc_getgroups_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getgroups(SB) - GLOBL ·libc_getgroups_trampoline_addr(SB), RODATA, $8 DATA ·libc_getgroups_trampoline_addr(SB)/8, $libc_getgroups_trampoline<>(SB) TEXT libc_setgroups_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setgroups(SB) - GLOBL ·libc_setgroups_trampoline_addr(SB), RODATA, $8 DATA ·libc_setgroups_trampoline_addr(SB)/8, $libc_setgroups_trampoline<>(SB) TEXT libc_wait4_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_wait4(SB) - GLOBL ·libc_wait4_trampoline_addr(SB), RODATA, $8 DATA ·libc_wait4_trampoline_addr(SB)/8, $libc_wait4_trampoline<>(SB) TEXT libc_accept_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_accept(SB) - GLOBL ·libc_accept_trampoline_addr(SB), RODATA, $8 DATA ·libc_accept_trampoline_addr(SB)/8, $libc_accept_trampoline<>(SB) TEXT libc_bind_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_bind(SB) - GLOBL ·libc_bind_trampoline_addr(SB), RODATA, $8 DATA ·libc_bind_trampoline_addr(SB)/8, $libc_bind_trampoline<>(SB) TEXT libc_connect_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_connect(SB) - GLOBL ·libc_connect_trampoline_addr(SB), RODATA, $8 DATA ·libc_connect_trampoline_addr(SB)/8, $libc_connect_trampoline<>(SB) TEXT libc_socket_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_socket(SB) - GLOBL ·libc_socket_trampoline_addr(SB), RODATA, $8 DATA ·libc_socket_trampoline_addr(SB)/8, $libc_socket_trampoline<>(SB) TEXT libc_getsockopt_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getsockopt(SB) - GLOBL ·libc_getsockopt_trampoline_addr(SB), RODATA, $8 DATA ·libc_getsockopt_trampoline_addr(SB)/8, $libc_getsockopt_trampoline<>(SB) TEXT libc_setsockopt_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setsockopt(SB) - GLOBL ·libc_setsockopt_trampoline_addr(SB), RODATA, $8 DATA ·libc_setsockopt_trampoline_addr(SB)/8, $libc_setsockopt_trampoline<>(SB) TEXT libc_getpeername_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getpeername(SB) - GLOBL ·libc_getpeername_trampoline_addr(SB), RODATA, $8 DATA ·libc_getpeername_trampoline_addr(SB)/8, $libc_getpeername_trampoline<>(SB) TEXT libc_getsockname_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getsockname(SB) - GLOBL ·libc_getsockname_trampoline_addr(SB), RODATA, $8 DATA ·libc_getsockname_trampoline_addr(SB)/8, $libc_getsockname_trampoline<>(SB) TEXT libc_shutdown_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_shutdown(SB) - GLOBL ·libc_shutdown_trampoline_addr(SB), RODATA, $8 DATA ·libc_shutdown_trampoline_addr(SB)/8, $libc_shutdown_trampoline<>(SB) TEXT libc_socketpair_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_socketpair(SB) - GLOBL ·libc_socketpair_trampoline_addr(SB), RODATA, $8 DATA ·libc_socketpair_trampoline_addr(SB)/8, $libc_socketpair_trampoline<>(SB) TEXT libc_recvfrom_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_recvfrom(SB) - GLOBL ·libc_recvfrom_trampoline_addr(SB), RODATA, $8 DATA ·libc_recvfrom_trampoline_addr(SB)/8, $libc_recvfrom_trampoline<>(SB) TEXT libc_sendto_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_sendto(SB) - GLOBL ·libc_sendto_trampoline_addr(SB), RODATA, $8 DATA ·libc_sendto_trampoline_addr(SB)/8, $libc_sendto_trampoline<>(SB) TEXT libc_recvmsg_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_recvmsg(SB) - GLOBL ·libc_recvmsg_trampoline_addr(SB), RODATA, $8 DATA ·libc_recvmsg_trampoline_addr(SB)/8, $libc_recvmsg_trampoline<>(SB) TEXT libc_sendmsg_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_sendmsg(SB) - GLOBL ·libc_sendmsg_trampoline_addr(SB), RODATA, $8 DATA ·libc_sendmsg_trampoline_addr(SB)/8, $libc_sendmsg_trampoline<>(SB) TEXT libc_kevent_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_kevent(SB) - GLOBL ·libc_kevent_trampoline_addr(SB), RODATA, $8 DATA ·libc_kevent_trampoline_addr(SB)/8, $libc_kevent_trampoline<>(SB) TEXT libc_utimes_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_utimes(SB) - GLOBL ·libc_utimes_trampoline_addr(SB), RODATA, $8 DATA ·libc_utimes_trampoline_addr(SB)/8, $libc_utimes_trampoline<>(SB) TEXT libc_futimes_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_futimes(SB) - GLOBL ·libc_futimes_trampoline_addr(SB), RODATA, $8 DATA ·libc_futimes_trampoline_addr(SB)/8, $libc_futimes_trampoline<>(SB) TEXT libc_poll_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_poll(SB) - GLOBL ·libc_poll_trampoline_addr(SB), RODATA, $8 DATA ·libc_poll_trampoline_addr(SB)/8, $libc_poll_trampoline<>(SB) TEXT libc_madvise_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_madvise(SB) - GLOBL ·libc_madvise_trampoline_addr(SB), RODATA, $8 DATA ·libc_madvise_trampoline_addr(SB)/8, $libc_madvise_trampoline<>(SB) TEXT libc_mlock_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_mlock(SB) - GLOBL ·libc_mlock_trampoline_addr(SB), RODATA, $8 DATA ·libc_mlock_trampoline_addr(SB)/8, $libc_mlock_trampoline<>(SB) TEXT libc_mlockall_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_mlockall(SB) - GLOBL ·libc_mlockall_trampoline_addr(SB), RODATA, $8 DATA ·libc_mlockall_trampoline_addr(SB)/8, $libc_mlockall_trampoline<>(SB) TEXT libc_mprotect_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_mprotect(SB) - GLOBL ·libc_mprotect_trampoline_addr(SB), RODATA, $8 DATA ·libc_mprotect_trampoline_addr(SB)/8, $libc_mprotect_trampoline<>(SB) TEXT libc_msync_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_msync(SB) - GLOBL ·libc_msync_trampoline_addr(SB), RODATA, $8 DATA ·libc_msync_trampoline_addr(SB)/8, $libc_msync_trampoline<>(SB) TEXT libc_munlock_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_munlock(SB) - GLOBL ·libc_munlock_trampoline_addr(SB), RODATA, $8 DATA ·libc_munlock_trampoline_addr(SB)/8, $libc_munlock_trampoline<>(SB) TEXT libc_munlockall_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_munlockall(SB) - GLOBL ·libc_munlockall_trampoline_addr(SB), RODATA, $8 DATA ·libc_munlockall_trampoline_addr(SB)/8, $libc_munlockall_trampoline<>(SB) TEXT libc_pipe2_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_pipe2(SB) - GLOBL ·libc_pipe2_trampoline_addr(SB), RODATA, $8 DATA ·libc_pipe2_trampoline_addr(SB)/8, $libc_pipe2_trampoline<>(SB) TEXT libc_getdents_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getdents(SB) - GLOBL ·libc_getdents_trampoline_addr(SB), RODATA, $8 DATA ·libc_getdents_trampoline_addr(SB)/8, $libc_getdents_trampoline<>(SB) TEXT libc_getcwd_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getcwd(SB) - GLOBL ·libc_getcwd_trampoline_addr(SB), RODATA, $8 DATA ·libc_getcwd_trampoline_addr(SB)/8, $libc_getcwd_trampoline<>(SB) TEXT libc_ioctl_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_ioctl(SB) - GLOBL ·libc_ioctl_trampoline_addr(SB), RODATA, $8 DATA ·libc_ioctl_trampoline_addr(SB)/8, $libc_ioctl_trampoline<>(SB) TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_sysctl(SB) - GLOBL ·libc_sysctl_trampoline_addr(SB), RODATA, $8 DATA ·libc_sysctl_trampoline_addr(SB)/8, $libc_sysctl_trampoline<>(SB) TEXT libc_ppoll_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_ppoll(SB) - GLOBL ·libc_ppoll_trampoline_addr(SB), RODATA, $8 DATA ·libc_ppoll_trampoline_addr(SB)/8, $libc_ppoll_trampoline<>(SB) TEXT libc_access_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_access(SB) - GLOBL ·libc_access_trampoline_addr(SB), RODATA, $8 DATA ·libc_access_trampoline_addr(SB)/8, $libc_access_trampoline<>(SB) TEXT libc_adjtime_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_adjtime(SB) - GLOBL ·libc_adjtime_trampoline_addr(SB), RODATA, $8 DATA ·libc_adjtime_trampoline_addr(SB)/8, $libc_adjtime_trampoline<>(SB) TEXT libc_chdir_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_chdir(SB) - GLOBL ·libc_chdir_trampoline_addr(SB), RODATA, $8 DATA ·libc_chdir_trampoline_addr(SB)/8, $libc_chdir_trampoline<>(SB) TEXT libc_chflags_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_chflags(SB) - GLOBL ·libc_chflags_trampoline_addr(SB), RODATA, $8 DATA ·libc_chflags_trampoline_addr(SB)/8, $libc_chflags_trampoline<>(SB) TEXT libc_chmod_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_chmod(SB) - GLOBL ·libc_chmod_trampoline_addr(SB), RODATA, $8 DATA ·libc_chmod_trampoline_addr(SB)/8, $libc_chmod_trampoline<>(SB) TEXT libc_chown_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_chown(SB) - GLOBL ·libc_chown_trampoline_addr(SB), RODATA, $8 DATA ·libc_chown_trampoline_addr(SB)/8, $libc_chown_trampoline<>(SB) TEXT libc_chroot_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_chroot(SB) - GLOBL ·libc_chroot_trampoline_addr(SB), RODATA, $8 DATA ·libc_chroot_trampoline_addr(SB)/8, $libc_chroot_trampoline<>(SB) +TEXT libc_clock_gettime_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_clock_gettime(SB) +GLOBL ·libc_clock_gettime_trampoline_addr(SB), RODATA, $8 +DATA ·libc_clock_gettime_trampoline_addr(SB)/8, $libc_clock_gettime_trampoline<>(SB) + TEXT libc_close_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_close(SB) - GLOBL ·libc_close_trampoline_addr(SB), RODATA, $8 DATA ·libc_close_trampoline_addr(SB)/8, $libc_close_trampoline<>(SB) TEXT libc_dup_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_dup(SB) - GLOBL ·libc_dup_trampoline_addr(SB), RODATA, $8 DATA ·libc_dup_trampoline_addr(SB)/8, $libc_dup_trampoline<>(SB) TEXT libc_dup2_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_dup2(SB) - GLOBL ·libc_dup2_trampoline_addr(SB), RODATA, $8 DATA ·libc_dup2_trampoline_addr(SB)/8, $libc_dup2_trampoline<>(SB) TEXT libc_dup3_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_dup3(SB) - GLOBL ·libc_dup3_trampoline_addr(SB), RODATA, $8 DATA ·libc_dup3_trampoline_addr(SB)/8, $libc_dup3_trampoline<>(SB) TEXT libc_exit_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_exit(SB) - GLOBL ·libc_exit_trampoline_addr(SB), RODATA, $8 DATA ·libc_exit_trampoline_addr(SB)/8, $libc_exit_trampoline<>(SB) TEXT libc_faccessat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_faccessat(SB) - GLOBL ·libc_faccessat_trampoline_addr(SB), RODATA, $8 DATA ·libc_faccessat_trampoline_addr(SB)/8, $libc_faccessat_trampoline<>(SB) TEXT libc_fchdir_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fchdir(SB) - GLOBL ·libc_fchdir_trampoline_addr(SB), RODATA, $8 DATA ·libc_fchdir_trampoline_addr(SB)/8, $libc_fchdir_trampoline<>(SB) TEXT libc_fchflags_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fchflags(SB) - GLOBL ·libc_fchflags_trampoline_addr(SB), RODATA, $8 DATA ·libc_fchflags_trampoline_addr(SB)/8, $libc_fchflags_trampoline<>(SB) TEXT libc_fchmod_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fchmod(SB) - GLOBL ·libc_fchmod_trampoline_addr(SB), RODATA, $8 DATA ·libc_fchmod_trampoline_addr(SB)/8, $libc_fchmod_trampoline<>(SB) TEXT libc_fchmodat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fchmodat(SB) - GLOBL ·libc_fchmodat_trampoline_addr(SB), RODATA, $8 DATA ·libc_fchmodat_trampoline_addr(SB)/8, $libc_fchmodat_trampoline<>(SB) TEXT libc_fchown_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fchown(SB) - GLOBL ·libc_fchown_trampoline_addr(SB), RODATA, $8 DATA ·libc_fchown_trampoline_addr(SB)/8, $libc_fchown_trampoline<>(SB) TEXT libc_fchownat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fchownat(SB) - GLOBL ·libc_fchownat_trampoline_addr(SB), RODATA, $8 DATA ·libc_fchownat_trampoline_addr(SB)/8, $libc_fchownat_trampoline<>(SB) TEXT libc_flock_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_flock(SB) - GLOBL ·libc_flock_trampoline_addr(SB), RODATA, $8 DATA ·libc_flock_trampoline_addr(SB)/8, $libc_flock_trampoline<>(SB) TEXT libc_fpathconf_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fpathconf(SB) - GLOBL ·libc_fpathconf_trampoline_addr(SB), RODATA, $8 DATA ·libc_fpathconf_trampoline_addr(SB)/8, $libc_fpathconf_trampoline<>(SB) TEXT libc_fstat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fstat(SB) - GLOBL ·libc_fstat_trampoline_addr(SB), RODATA, $8 DATA ·libc_fstat_trampoline_addr(SB)/8, $libc_fstat_trampoline<>(SB) TEXT libc_fstatat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fstatat(SB) - GLOBL ·libc_fstatat_trampoline_addr(SB), RODATA, $8 DATA ·libc_fstatat_trampoline_addr(SB)/8, $libc_fstatat_trampoline<>(SB) TEXT libc_fstatfs_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fstatfs(SB) - GLOBL ·libc_fstatfs_trampoline_addr(SB), RODATA, $8 DATA ·libc_fstatfs_trampoline_addr(SB)/8, $libc_fstatfs_trampoline<>(SB) TEXT libc_fsync_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fsync(SB) - GLOBL ·libc_fsync_trampoline_addr(SB), RODATA, $8 DATA ·libc_fsync_trampoline_addr(SB)/8, $libc_fsync_trampoline<>(SB) TEXT libc_ftruncate_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_ftruncate(SB) - GLOBL ·libc_ftruncate_trampoline_addr(SB), RODATA, $8 DATA ·libc_ftruncate_trampoline_addr(SB)/8, $libc_ftruncate_trampoline<>(SB) TEXT libc_getegid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getegid(SB) - GLOBL ·libc_getegid_trampoline_addr(SB), RODATA, $8 DATA ·libc_getegid_trampoline_addr(SB)/8, $libc_getegid_trampoline<>(SB) TEXT libc_geteuid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_geteuid(SB) - GLOBL ·libc_geteuid_trampoline_addr(SB), RODATA, $8 DATA ·libc_geteuid_trampoline_addr(SB)/8, $libc_geteuid_trampoline<>(SB) TEXT libc_getgid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getgid(SB) - GLOBL ·libc_getgid_trampoline_addr(SB), RODATA, $8 DATA ·libc_getgid_trampoline_addr(SB)/8, $libc_getgid_trampoline<>(SB) TEXT libc_getpgid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getpgid(SB) - GLOBL ·libc_getpgid_trampoline_addr(SB), RODATA, $8 DATA ·libc_getpgid_trampoline_addr(SB)/8, $libc_getpgid_trampoline<>(SB) TEXT libc_getpgrp_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getpgrp(SB) - GLOBL ·libc_getpgrp_trampoline_addr(SB), RODATA, $8 DATA ·libc_getpgrp_trampoline_addr(SB)/8, $libc_getpgrp_trampoline<>(SB) TEXT libc_getpid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getpid(SB) - GLOBL ·libc_getpid_trampoline_addr(SB), RODATA, $8 DATA ·libc_getpid_trampoline_addr(SB)/8, $libc_getpid_trampoline<>(SB) TEXT libc_getppid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getppid(SB) - GLOBL ·libc_getppid_trampoline_addr(SB), RODATA, $8 DATA ·libc_getppid_trampoline_addr(SB)/8, $libc_getppid_trampoline<>(SB) TEXT libc_getpriority_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getpriority(SB) - GLOBL ·libc_getpriority_trampoline_addr(SB), RODATA, $8 DATA ·libc_getpriority_trampoline_addr(SB)/8, $libc_getpriority_trampoline<>(SB) TEXT libc_getrlimit_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getrlimit(SB) - GLOBL ·libc_getrlimit_trampoline_addr(SB), RODATA, $8 DATA ·libc_getrlimit_trampoline_addr(SB)/8, $libc_getrlimit_trampoline<>(SB) TEXT libc_getrtable_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getrtable(SB) - GLOBL ·libc_getrtable_trampoline_addr(SB), RODATA, $8 DATA ·libc_getrtable_trampoline_addr(SB)/8, $libc_getrtable_trampoline<>(SB) TEXT libc_getrusage_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getrusage(SB) - GLOBL ·libc_getrusage_trampoline_addr(SB), RODATA, $8 DATA ·libc_getrusage_trampoline_addr(SB)/8, $libc_getrusage_trampoline<>(SB) TEXT libc_getsid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getsid(SB) - GLOBL ·libc_getsid_trampoline_addr(SB), RODATA, $8 DATA ·libc_getsid_trampoline_addr(SB)/8, $libc_getsid_trampoline<>(SB) TEXT libc_gettimeofday_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_gettimeofday(SB) - GLOBL ·libc_gettimeofday_trampoline_addr(SB), RODATA, $8 DATA ·libc_gettimeofday_trampoline_addr(SB)/8, $libc_gettimeofday_trampoline<>(SB) TEXT libc_getuid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getuid(SB) - GLOBL ·libc_getuid_trampoline_addr(SB), RODATA, $8 DATA ·libc_getuid_trampoline_addr(SB)/8, $libc_getuid_trampoline<>(SB) TEXT libc_issetugid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_issetugid(SB) - GLOBL ·libc_issetugid_trampoline_addr(SB), RODATA, $8 DATA ·libc_issetugid_trampoline_addr(SB)/8, $libc_issetugid_trampoline<>(SB) TEXT libc_kill_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_kill(SB) - GLOBL ·libc_kill_trampoline_addr(SB), RODATA, $8 DATA ·libc_kill_trampoline_addr(SB)/8, $libc_kill_trampoline<>(SB) TEXT libc_kqueue_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_kqueue(SB) - GLOBL ·libc_kqueue_trampoline_addr(SB), RODATA, $8 DATA ·libc_kqueue_trampoline_addr(SB)/8, $libc_kqueue_trampoline<>(SB) TEXT libc_lchown_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_lchown(SB) - GLOBL ·libc_lchown_trampoline_addr(SB), RODATA, $8 DATA ·libc_lchown_trampoline_addr(SB)/8, $libc_lchown_trampoline<>(SB) TEXT libc_link_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_link(SB) - GLOBL ·libc_link_trampoline_addr(SB), RODATA, $8 DATA ·libc_link_trampoline_addr(SB)/8, $libc_link_trampoline<>(SB) TEXT libc_linkat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_linkat(SB) - GLOBL ·libc_linkat_trampoline_addr(SB), RODATA, $8 DATA ·libc_linkat_trampoline_addr(SB)/8, $libc_linkat_trampoline<>(SB) TEXT libc_listen_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_listen(SB) - GLOBL ·libc_listen_trampoline_addr(SB), RODATA, $8 DATA ·libc_listen_trampoline_addr(SB)/8, $libc_listen_trampoline<>(SB) TEXT libc_lstat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_lstat(SB) - GLOBL ·libc_lstat_trampoline_addr(SB), RODATA, $8 DATA ·libc_lstat_trampoline_addr(SB)/8, $libc_lstat_trampoline<>(SB) TEXT libc_mkdir_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_mkdir(SB) - GLOBL ·libc_mkdir_trampoline_addr(SB), RODATA, $8 DATA ·libc_mkdir_trampoline_addr(SB)/8, $libc_mkdir_trampoline<>(SB) TEXT libc_mkdirat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_mkdirat(SB) - GLOBL ·libc_mkdirat_trampoline_addr(SB), RODATA, $8 DATA ·libc_mkdirat_trampoline_addr(SB)/8, $libc_mkdirat_trampoline<>(SB) TEXT libc_mkfifo_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_mkfifo(SB) - GLOBL ·libc_mkfifo_trampoline_addr(SB), RODATA, $8 DATA ·libc_mkfifo_trampoline_addr(SB)/8, $libc_mkfifo_trampoline<>(SB) TEXT libc_mkfifoat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_mkfifoat(SB) - GLOBL ·libc_mkfifoat_trampoline_addr(SB), RODATA, $8 DATA ·libc_mkfifoat_trampoline_addr(SB)/8, $libc_mkfifoat_trampoline<>(SB) TEXT libc_mknod_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_mknod(SB) - GLOBL ·libc_mknod_trampoline_addr(SB), RODATA, $8 DATA ·libc_mknod_trampoline_addr(SB)/8, $libc_mknod_trampoline<>(SB) TEXT libc_mknodat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_mknodat(SB) - GLOBL ·libc_mknodat_trampoline_addr(SB), RODATA, $8 DATA ·libc_mknodat_trampoline_addr(SB)/8, $libc_mknodat_trampoline<>(SB) TEXT libc_nanosleep_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_nanosleep(SB) - GLOBL ·libc_nanosleep_trampoline_addr(SB), RODATA, $8 DATA ·libc_nanosleep_trampoline_addr(SB)/8, $libc_nanosleep_trampoline<>(SB) TEXT libc_open_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_open(SB) - GLOBL ·libc_open_trampoline_addr(SB), RODATA, $8 DATA ·libc_open_trampoline_addr(SB)/8, $libc_open_trampoline<>(SB) TEXT libc_openat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_openat(SB) - GLOBL ·libc_openat_trampoline_addr(SB), RODATA, $8 DATA ·libc_openat_trampoline_addr(SB)/8, $libc_openat_trampoline<>(SB) TEXT libc_pathconf_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_pathconf(SB) - GLOBL ·libc_pathconf_trampoline_addr(SB), RODATA, $8 DATA ·libc_pathconf_trampoline_addr(SB)/8, $libc_pathconf_trampoline<>(SB) TEXT libc_pread_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_pread(SB) - GLOBL ·libc_pread_trampoline_addr(SB), RODATA, $8 DATA ·libc_pread_trampoline_addr(SB)/8, $libc_pread_trampoline<>(SB) TEXT libc_pwrite_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_pwrite(SB) - GLOBL ·libc_pwrite_trampoline_addr(SB), RODATA, $8 DATA ·libc_pwrite_trampoline_addr(SB)/8, $libc_pwrite_trampoline<>(SB) TEXT libc_read_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_read(SB) - GLOBL ·libc_read_trampoline_addr(SB), RODATA, $8 DATA ·libc_read_trampoline_addr(SB)/8, $libc_read_trampoline<>(SB) TEXT libc_readlink_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_readlink(SB) - GLOBL ·libc_readlink_trampoline_addr(SB), RODATA, $8 DATA ·libc_readlink_trampoline_addr(SB)/8, $libc_readlink_trampoline<>(SB) TEXT libc_readlinkat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_readlinkat(SB) - GLOBL ·libc_readlinkat_trampoline_addr(SB), RODATA, $8 DATA ·libc_readlinkat_trampoline_addr(SB)/8, $libc_readlinkat_trampoline<>(SB) TEXT libc_rename_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_rename(SB) - GLOBL ·libc_rename_trampoline_addr(SB), RODATA, $8 DATA ·libc_rename_trampoline_addr(SB)/8, $libc_rename_trampoline<>(SB) TEXT libc_renameat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_renameat(SB) - GLOBL ·libc_renameat_trampoline_addr(SB), RODATA, $8 DATA ·libc_renameat_trampoline_addr(SB)/8, $libc_renameat_trampoline<>(SB) TEXT libc_revoke_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_revoke(SB) - GLOBL ·libc_revoke_trampoline_addr(SB), RODATA, $8 DATA ·libc_revoke_trampoline_addr(SB)/8, $libc_revoke_trampoline<>(SB) TEXT libc_rmdir_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_rmdir(SB) - GLOBL ·libc_rmdir_trampoline_addr(SB), RODATA, $8 DATA ·libc_rmdir_trampoline_addr(SB)/8, $libc_rmdir_trampoline<>(SB) TEXT libc_lseek_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_lseek(SB) - GLOBL ·libc_lseek_trampoline_addr(SB), RODATA, $8 DATA ·libc_lseek_trampoline_addr(SB)/8, $libc_lseek_trampoline<>(SB) TEXT libc_select_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_select(SB) - GLOBL ·libc_select_trampoline_addr(SB), RODATA, $8 DATA ·libc_select_trampoline_addr(SB)/8, $libc_select_trampoline<>(SB) TEXT libc_setegid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setegid(SB) - GLOBL ·libc_setegid_trampoline_addr(SB), RODATA, $8 DATA ·libc_setegid_trampoline_addr(SB)/8, $libc_setegid_trampoline<>(SB) TEXT libc_seteuid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_seteuid(SB) - GLOBL ·libc_seteuid_trampoline_addr(SB), RODATA, $8 DATA ·libc_seteuid_trampoline_addr(SB)/8, $libc_seteuid_trampoline<>(SB) TEXT libc_setgid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setgid(SB) - GLOBL ·libc_setgid_trampoline_addr(SB), RODATA, $8 DATA ·libc_setgid_trampoline_addr(SB)/8, $libc_setgid_trampoline<>(SB) TEXT libc_setlogin_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setlogin(SB) - GLOBL ·libc_setlogin_trampoline_addr(SB), RODATA, $8 DATA ·libc_setlogin_trampoline_addr(SB)/8, $libc_setlogin_trampoline<>(SB) TEXT libc_setpgid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setpgid(SB) - GLOBL ·libc_setpgid_trampoline_addr(SB), RODATA, $8 DATA ·libc_setpgid_trampoline_addr(SB)/8, $libc_setpgid_trampoline<>(SB) TEXT libc_setpriority_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setpriority(SB) - GLOBL ·libc_setpriority_trampoline_addr(SB), RODATA, $8 DATA ·libc_setpriority_trampoline_addr(SB)/8, $libc_setpriority_trampoline<>(SB) TEXT libc_setregid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setregid(SB) - GLOBL ·libc_setregid_trampoline_addr(SB), RODATA, $8 DATA ·libc_setregid_trampoline_addr(SB)/8, $libc_setregid_trampoline<>(SB) TEXT libc_setreuid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setreuid(SB) - GLOBL ·libc_setreuid_trampoline_addr(SB), RODATA, $8 DATA ·libc_setreuid_trampoline_addr(SB)/8, $libc_setreuid_trampoline<>(SB) TEXT libc_setresgid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setresgid(SB) - GLOBL ·libc_setresgid_trampoline_addr(SB), RODATA, $8 DATA ·libc_setresgid_trampoline_addr(SB)/8, $libc_setresgid_trampoline<>(SB) TEXT libc_setresuid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setresuid(SB) - GLOBL ·libc_setresuid_trampoline_addr(SB), RODATA, $8 DATA ·libc_setresuid_trampoline_addr(SB)/8, $libc_setresuid_trampoline<>(SB) TEXT libc_setrlimit_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setrlimit(SB) - GLOBL ·libc_setrlimit_trampoline_addr(SB), RODATA, $8 DATA ·libc_setrlimit_trampoline_addr(SB)/8, $libc_setrlimit_trampoline<>(SB) TEXT libc_setrtable_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setrtable(SB) - GLOBL ·libc_setrtable_trampoline_addr(SB), RODATA, $8 DATA ·libc_setrtable_trampoline_addr(SB)/8, $libc_setrtable_trampoline<>(SB) TEXT libc_setsid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setsid(SB) - GLOBL ·libc_setsid_trampoline_addr(SB), RODATA, $8 DATA ·libc_setsid_trampoline_addr(SB)/8, $libc_setsid_trampoline<>(SB) TEXT libc_settimeofday_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_settimeofday(SB) - GLOBL ·libc_settimeofday_trampoline_addr(SB), RODATA, $8 DATA ·libc_settimeofday_trampoline_addr(SB)/8, $libc_settimeofday_trampoline<>(SB) TEXT libc_setuid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setuid(SB) - GLOBL ·libc_setuid_trampoline_addr(SB), RODATA, $8 DATA ·libc_setuid_trampoline_addr(SB)/8, $libc_setuid_trampoline<>(SB) TEXT libc_stat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_stat(SB) - GLOBL ·libc_stat_trampoline_addr(SB), RODATA, $8 DATA ·libc_stat_trampoline_addr(SB)/8, $libc_stat_trampoline<>(SB) TEXT libc_statfs_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_statfs(SB) - GLOBL ·libc_statfs_trampoline_addr(SB), RODATA, $8 DATA ·libc_statfs_trampoline_addr(SB)/8, $libc_statfs_trampoline<>(SB) TEXT libc_symlink_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_symlink(SB) - GLOBL ·libc_symlink_trampoline_addr(SB), RODATA, $8 DATA ·libc_symlink_trampoline_addr(SB)/8, $libc_symlink_trampoline<>(SB) TEXT libc_symlinkat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_symlinkat(SB) - GLOBL ·libc_symlinkat_trampoline_addr(SB), RODATA, $8 DATA ·libc_symlinkat_trampoline_addr(SB)/8, $libc_symlinkat_trampoline<>(SB) TEXT libc_sync_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_sync(SB) - GLOBL ·libc_sync_trampoline_addr(SB), RODATA, $8 DATA ·libc_sync_trampoline_addr(SB)/8, $libc_sync_trampoline<>(SB) TEXT libc_truncate_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_truncate(SB) - GLOBL ·libc_truncate_trampoline_addr(SB), RODATA, $8 DATA ·libc_truncate_trampoline_addr(SB)/8, $libc_truncate_trampoline<>(SB) TEXT libc_umask_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_umask(SB) - GLOBL ·libc_umask_trampoline_addr(SB), RODATA, $8 DATA ·libc_umask_trampoline_addr(SB)/8, $libc_umask_trampoline<>(SB) TEXT libc_unlink_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_unlink(SB) - GLOBL ·libc_unlink_trampoline_addr(SB), RODATA, $8 DATA ·libc_unlink_trampoline_addr(SB)/8, $libc_unlink_trampoline<>(SB) TEXT libc_unlinkat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_unlinkat(SB) - GLOBL ·libc_unlinkat_trampoline_addr(SB), RODATA, $8 DATA ·libc_unlinkat_trampoline_addr(SB)/8, $libc_unlinkat_trampoline<>(SB) TEXT libc_unmount_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_unmount(SB) - GLOBL ·libc_unmount_trampoline_addr(SB), RODATA, $8 DATA ·libc_unmount_trampoline_addr(SB)/8, $libc_unmount_trampoline<>(SB) TEXT libc_write_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_write(SB) - GLOBL ·libc_write_trampoline_addr(SB), RODATA, $8 DATA ·libc_write_trampoline_addr(SB)/8, $libc_write_trampoline<>(SB) TEXT libc_mmap_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_mmap(SB) - GLOBL ·libc_mmap_trampoline_addr(SB), RODATA, $8 DATA ·libc_mmap_trampoline_addr(SB)/8, $libc_mmap_trampoline<>(SB) TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_munmap(SB) - GLOBL ·libc_munmap_trampoline_addr(SB), RODATA, $8 DATA ·libc_munmap_trampoline_addr(SB)/8, $libc_munmap_trampoline<>(SB) TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_utimensat(SB) - GLOBL ·libc_utimensat_trampoline_addr(SB), RODATA, $8 DATA ·libc_utimensat_trampoline_addr(SB)/8, $libc_utimensat_trampoline<>(SB) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go index 016d959bc66..6f33e37e723 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go @@ -1,4 +1,4 @@ -// go run mksyscall.go -openbsd -tags openbsd,mips64 syscall_bsd.go syscall_openbsd.go syscall_openbsd_mips64.go +// go run mksyscall.go -openbsd -libc -tags openbsd,mips64 syscall_bsd.go syscall_openbsd.go syscall_openbsd_mips64.go // Code generated by the command above; see README.md. DO NOT EDIT. //go:build openbsd && mips64 @@ -16,7 +16,7 @@ var _ syscall.Errno // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func getgroups(ngid int, gid *_Gid_t) (n int, err error) { - r0, _, e1 := RawSyscall(SYS_GETGROUPS, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0) + r0, _, e1 := syscall_rawSyscall(libc_getgroups_trampoline_addr, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -24,20 +24,28 @@ func getgroups(ngid int, gid *_Gid_t) (n int, err error) { return } +var libc_getgroups_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getgroups getgroups "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func setgroups(ngid int, gid *_Gid_t) (err error) { - _, _, e1 := RawSyscall(SYS_SETGROUPS, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0) + _, _, e1 := syscall_rawSyscall(libc_setgroups_trampoline_addr, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setgroups_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setgroups setgroups "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err error) { - r0, _, e1 := Syscall6(SYS_WAIT4, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0, 0) + r0, _, e1 := syscall_syscall6(libc_wait4_trampoline_addr, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0, 0) wpid = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -45,10 +53,14 @@ func wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err return } +var libc_wait4_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_wait4 wait4 "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) { - r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) + r0, _, e1 := syscall_syscall(libc_accept_trampoline_addr, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) fd = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -56,30 +68,42 @@ func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) { return } +var libc_accept_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_accept accept "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) { - _, _, e1 := Syscall(SYS_BIND, uintptr(s), uintptr(addr), uintptr(addrlen)) + _, _, e1 := syscall_syscall(libc_bind_trampoline_addr, uintptr(s), uintptr(addr), uintptr(addrlen)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_bind_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_bind bind "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) { - _, _, e1 := Syscall(SYS_CONNECT, uintptr(s), uintptr(addr), uintptr(addrlen)) + _, _, e1 := syscall_syscall(libc_connect_trampoline_addr, uintptr(s), uintptr(addr), uintptr(addrlen)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_connect_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_connect connect "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func socket(domain int, typ int, proto int) (fd int, err error) { - r0, _, e1 := RawSyscall(SYS_SOCKET, uintptr(domain), uintptr(typ), uintptr(proto)) + r0, _, e1 := syscall_rawSyscall(libc_socket_trampoline_addr, uintptr(domain), uintptr(typ), uintptr(proto)) fd = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -87,66 +111,94 @@ func socket(domain int, typ int, proto int) (fd int, err error) { return } +var libc_socket_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_socket socket "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) { - _, _, e1 := Syscall6(SYS_GETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0) + _, _, e1 := syscall_syscall6(libc_getsockopt_trampoline_addr, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_getsockopt_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getsockopt getsockopt "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) { - _, _, e1 := Syscall6(SYS_SETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0) + _, _, e1 := syscall_syscall6(libc_setsockopt_trampoline_addr, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setsockopt_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setsockopt setsockopt "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) { - _, _, e1 := RawSyscall(SYS_GETPEERNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) + _, _, e1 := syscall_rawSyscall(libc_getpeername_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) if e1 != 0 { err = errnoErr(e1) } return } +var libc_getpeername_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getpeername getpeername "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) { - _, _, e1 := RawSyscall(SYS_GETSOCKNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) + _, _, e1 := syscall_rawSyscall(libc_getsockname_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) if e1 != 0 { err = errnoErr(e1) } return } +var libc_getsockname_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getsockname getsockname "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Shutdown(s int, how int) (err error) { - _, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(s), uintptr(how), 0) + _, _, e1 := syscall_syscall(libc_shutdown_trampoline_addr, uintptr(s), uintptr(how), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_shutdown_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_shutdown shutdown "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) { - _, _, e1 := RawSyscall6(SYS_SOCKETPAIR, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0) + _, _, e1 := syscall_rawSyscall6(libc_socketpair_trampoline_addr, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_socketpair_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_socketpair socketpair "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) { @@ -156,7 +208,7 @@ func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Sockl } else { _p0 = unsafe.Pointer(&_zero) } - r0, _, e1 := Syscall6(SYS_RECVFROM, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen))) + r0, _, e1 := syscall_syscall6(libc_recvfrom_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen))) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -164,6 +216,10 @@ func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Sockl return } +var libc_recvfrom_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_recvfrom recvfrom "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) { @@ -173,17 +229,21 @@ func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) ( } else { _p0 = unsafe.Pointer(&_zero) } - _, _, e1 := Syscall6(SYS_SENDTO, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen)) + _, _, e1 := syscall_syscall6(libc_sendto_trampoline_addr, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_sendto_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_sendto sendto "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) { - r0, _, e1 := Syscall(SYS_RECVMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags)) + r0, _, e1 := syscall_syscall(libc_recvmsg_trampoline_addr, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags)) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -191,10 +251,14 @@ func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) { return } +var libc_recvmsg_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_recvmsg recvmsg "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) { - r0, _, e1 := Syscall(SYS_SENDMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags)) + r0, _, e1 := syscall_syscall(libc_sendmsg_trampoline_addr, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags)) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -202,10 +266,14 @@ func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) { return } +var libc_sendmsg_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_sendmsg sendmsg "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func kevent(kq int, change unsafe.Pointer, nchange int, event unsafe.Pointer, nevent int, timeout *Timespec) (n int, err error) { - r0, _, e1 := Syscall6(SYS_KEVENT, uintptr(kq), uintptr(change), uintptr(nchange), uintptr(event), uintptr(nevent), uintptr(unsafe.Pointer(timeout))) + r0, _, e1 := syscall_syscall6(libc_kevent_trampoline_addr, uintptr(kq), uintptr(change), uintptr(nchange), uintptr(event), uintptr(nevent), uintptr(unsafe.Pointer(timeout))) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -213,6 +281,10 @@ func kevent(kq int, change unsafe.Pointer, nchange int, event unsafe.Pointer, ne return } +var libc_kevent_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_kevent kevent "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func utimes(path string, timeval *[2]Timeval) (err error) { @@ -221,27 +293,35 @@ func utimes(path string, timeval *[2]Timeval) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_UTIMES, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(timeval)), 0) + _, _, e1 := syscall_syscall(libc_utimes_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(timeval)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_utimes_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_utimes utimes "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func futimes(fd int, timeval *[2]Timeval) (err error) { - _, _, e1 := Syscall(SYS_FUTIMES, uintptr(fd), uintptr(unsafe.Pointer(timeval)), 0) + _, _, e1 := syscall_syscall(libc_futimes_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(timeval)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_futimes_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_futimes futimes "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func poll(fds *PollFd, nfds int, timeout int) (n int, err error) { - r0, _, e1 := Syscall(SYS_POLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout)) + r0, _, e1 := syscall_syscall(libc_poll_trampoline_addr, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout)) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -249,6 +329,10 @@ func poll(fds *PollFd, nfds int, timeout int) (n int, err error) { return } +var libc_poll_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_poll poll "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Madvise(b []byte, behav int) (err error) { @@ -258,13 +342,17 @@ func Madvise(b []byte, behav int) (err error) { } else { _p0 = unsafe.Pointer(&_zero) } - _, _, e1 := Syscall(SYS_MADVISE, uintptr(_p0), uintptr(len(b)), uintptr(behav)) + _, _, e1 := syscall_syscall(libc_madvise_trampoline_addr, uintptr(_p0), uintptr(len(b)), uintptr(behav)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_madvise_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_madvise madvise "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Mlock(b []byte) (err error) { @@ -274,23 +362,31 @@ func Mlock(b []byte) (err error) { } else { _p0 = unsafe.Pointer(&_zero) } - _, _, e1 := Syscall(SYS_MLOCK, uintptr(_p0), uintptr(len(b)), 0) + _, _, e1 := syscall_syscall(libc_mlock_trampoline_addr, uintptr(_p0), uintptr(len(b)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_mlock_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mlock mlock "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Mlockall(flags int) (err error) { - _, _, e1 := Syscall(SYS_MLOCKALL, uintptr(flags), 0, 0) + _, _, e1 := syscall_syscall(libc_mlockall_trampoline_addr, uintptr(flags), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_mlockall_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mlockall mlockall "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Mprotect(b []byte, prot int) (err error) { @@ -300,13 +396,17 @@ func Mprotect(b []byte, prot int) (err error) { } else { _p0 = unsafe.Pointer(&_zero) } - _, _, e1 := Syscall(SYS_MPROTECT, uintptr(_p0), uintptr(len(b)), uintptr(prot)) + _, _, e1 := syscall_syscall(libc_mprotect_trampoline_addr, uintptr(_p0), uintptr(len(b)), uintptr(prot)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_mprotect_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mprotect mprotect "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Msync(b []byte, flags int) (err error) { @@ -316,13 +416,17 @@ func Msync(b []byte, flags int) (err error) { } else { _p0 = unsafe.Pointer(&_zero) } - _, _, e1 := Syscall(SYS_MSYNC, uintptr(_p0), uintptr(len(b)), uintptr(flags)) + _, _, e1 := syscall_syscall(libc_msync_trampoline_addr, uintptr(_p0), uintptr(len(b)), uintptr(flags)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_msync_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_msync msync "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Munlock(b []byte) (err error) { @@ -332,33 +436,45 @@ func Munlock(b []byte) (err error) { } else { _p0 = unsafe.Pointer(&_zero) } - _, _, e1 := Syscall(SYS_MUNLOCK, uintptr(_p0), uintptr(len(b)), 0) + _, _, e1 := syscall_syscall(libc_munlock_trampoline_addr, uintptr(_p0), uintptr(len(b)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_munlock_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_munlock munlock "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Munlockall() (err error) { - _, _, e1 := Syscall(SYS_MUNLOCKALL, 0, 0, 0) + _, _, e1 := syscall_syscall(libc_munlockall_trampoline_addr, 0, 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_munlockall_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_munlockall munlockall "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func pipe2(p *[2]_C_int, flags int) (err error) { - _, _, e1 := RawSyscall(SYS_PIPE2, uintptr(unsafe.Pointer(p)), uintptr(flags), 0) + _, _, e1 := syscall_rawSyscall(libc_pipe2_trampoline_addr, uintptr(unsafe.Pointer(p)), uintptr(flags), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_pipe2_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_pipe2 pipe2 "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getdents(fd int, buf []byte) (n int, err error) { @@ -368,7 +484,7 @@ func Getdents(fd int, buf []byte) (n int, err error) { } else { _p0 = unsafe.Pointer(&_zero) } - r0, _, e1 := Syscall(SYS_GETDENTS, uintptr(fd), uintptr(_p0), uintptr(len(buf))) + r0, _, e1 := syscall_syscall(libc_getdents_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(buf))) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -376,6 +492,10 @@ func Getdents(fd int, buf []byte) (n int, err error) { return } +var libc_getdents_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getdents getdents "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getcwd(buf []byte) (n int, err error) { @@ -385,7 +505,7 @@ func Getcwd(buf []byte) (n int, err error) { } else { _p0 = unsafe.Pointer(&_zero) } - r0, _, e1 := Syscall(SYS___GETCWD, uintptr(_p0), uintptr(len(buf)), 0) + r0, _, e1 := syscall_syscall(libc_getcwd_trampoline_addr, uintptr(_p0), uintptr(len(buf)), 0) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -393,16 +513,24 @@ func Getcwd(buf []byte) (n int, err error) { return } +var libc_getcwd_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getcwd getcwd "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func ioctl(fd int, req uint, arg uintptr) (err error) { - _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) + _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_ioctl_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_ioctl ioctl "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { @@ -412,17 +540,21 @@ func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) } else { _p0 = unsafe.Pointer(&_zero) } - _, _, e1 := Syscall6(SYS___SYSCTL, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen)) + _, _, e1 := syscall_syscall6(libc_sysctl_trampoline_addr, uintptr(_p0), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_sysctl_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_sysctl sysctl "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) { - r0, _, e1 := Syscall6(SYS_PPOLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0) + r0, _, e1 := syscall_syscall6(libc_ppoll_trampoline_addr, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -430,6 +562,10 @@ func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, return } +var libc_ppoll_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_ppoll ppoll "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Access(path string, mode uint32) (err error) { @@ -438,23 +574,31 @@ func Access(path string, mode uint32) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_ACCESS, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0) + _, _, e1 := syscall_syscall(libc_access_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_access_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_access access "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Adjtime(delta *Timeval, olddelta *Timeval) (err error) { - _, _, e1 := Syscall(SYS_ADJTIME, uintptr(unsafe.Pointer(delta)), uintptr(unsafe.Pointer(olddelta)), 0) + _, _, e1 := syscall_syscall(libc_adjtime_trampoline_addr, uintptr(unsafe.Pointer(delta)), uintptr(unsafe.Pointer(olddelta)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_adjtime_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_adjtime adjtime "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Chdir(path string) (err error) { @@ -463,13 +607,17 @@ func Chdir(path string) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_CHDIR, uintptr(unsafe.Pointer(_p0)), 0, 0) + _, _, e1 := syscall_syscall(libc_chdir_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_chdir_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_chdir chdir "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Chflags(path string, flags int) (err error) { @@ -478,13 +626,17 @@ func Chflags(path string, flags int) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_CHFLAGS, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0) + _, _, e1 := syscall_syscall(libc_chflags_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_chflags_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_chflags chflags "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Chmod(path string, mode uint32) (err error) { @@ -493,13 +645,17 @@ func Chmod(path string, mode uint32) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_CHMOD, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0) + _, _, e1 := syscall_syscall(libc_chmod_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_chmod_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_chmod chmod "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Chown(path string, uid int, gid int) (err error) { @@ -508,13 +664,17 @@ func Chown(path string, uid int, gid int) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_CHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid)) + _, _, e1 := syscall_syscall(libc_chown_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_chown_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_chown chown "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Chroot(path string) (err error) { @@ -523,27 +683,49 @@ func Chroot(path string) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_CHROOT, uintptr(unsafe.Pointer(_p0)), 0, 0) + _, _, e1 := syscall_syscall(libc_chroot_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_chroot_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_chroot chroot "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func ClockGettime(clockid int32, time *Timespec) (err error) { + _, _, e1 := syscall_syscall(libc_clock_gettime_trampoline_addr, uintptr(clockid), uintptr(unsafe.Pointer(time)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_clock_gettime_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_clock_gettime clock_gettime "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Close(fd int) (err error) { - _, _, e1 := Syscall(SYS_CLOSE, uintptr(fd), 0, 0) + _, _, e1 := syscall_syscall(libc_close_trampoline_addr, uintptr(fd), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_close_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_close close "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Dup(fd int) (nfd int, err error) { - r0, _, e1 := Syscall(SYS_DUP, uintptr(fd), 0, 0) + r0, _, e1 := syscall_syscall(libc_dup_trampoline_addr, uintptr(fd), 0, 0) nfd = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -551,33 +733,49 @@ func Dup(fd int) (nfd int, err error) { return } +var libc_dup_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_dup dup "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Dup2(from int, to int) (err error) { - _, _, e1 := Syscall(SYS_DUP2, uintptr(from), uintptr(to), 0) + _, _, e1 := syscall_syscall(libc_dup2_trampoline_addr, uintptr(from), uintptr(to), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_dup2_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_dup2 dup2 "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Dup3(from int, to int, flags int) (err error) { - _, _, e1 := Syscall(SYS_DUP3, uintptr(from), uintptr(to), uintptr(flags)) + _, _, e1 := syscall_syscall(libc_dup3_trampoline_addr, uintptr(from), uintptr(to), uintptr(flags)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_dup3_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_dup3 dup3 "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Exit(code int) { - Syscall(SYS_EXIT, uintptr(code), 0, 0) + syscall_syscall(libc_exit_trampoline_addr, uintptr(code), 0, 0) return } +var libc_exit_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_exit exit "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) { @@ -586,43 +784,59 @@ func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) { if err != nil { return } - _, _, e1 := Syscall6(SYS_FACCESSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0) + _, _, e1 := syscall_syscall6(libc_faccessat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_faccessat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_faccessat faccessat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Fchdir(fd int) (err error) { - _, _, e1 := Syscall(SYS_FCHDIR, uintptr(fd), 0, 0) + _, _, e1 := syscall_syscall(libc_fchdir_trampoline_addr, uintptr(fd), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_fchdir_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fchdir fchdir "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Fchflags(fd int, flags int) (err error) { - _, _, e1 := Syscall(SYS_FCHFLAGS, uintptr(fd), uintptr(flags), 0) + _, _, e1 := syscall_syscall(libc_fchflags_trampoline_addr, uintptr(fd), uintptr(flags), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_fchflags_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fchflags fchflags "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Fchmod(fd int, mode uint32) (err error) { - _, _, e1 := Syscall(SYS_FCHMOD, uintptr(fd), uintptr(mode), 0) + _, _, e1 := syscall_syscall(libc_fchmod_trampoline_addr, uintptr(fd), uintptr(mode), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_fchmod_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fchmod fchmod "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) { @@ -631,23 +845,31 @@ func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) { if err != nil { return } - _, _, e1 := Syscall6(SYS_FCHMODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0) + _, _, e1 := syscall_syscall6(libc_fchmodat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_fchmodat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fchmodat fchmodat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Fchown(fd int, uid int, gid int) (err error) { - _, _, e1 := Syscall(SYS_FCHOWN, uintptr(fd), uintptr(uid), uintptr(gid)) + _, _, e1 := syscall_syscall(libc_fchown_trampoline_addr, uintptr(fd), uintptr(uid), uintptr(gid)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_fchown_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fchown fchown "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) { @@ -656,27 +878,35 @@ func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) { if err != nil { return } - _, _, e1 := Syscall6(SYS_FCHOWNAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0) + _, _, e1 := syscall_syscall6(libc_fchownat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_fchownat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fchownat fchownat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Flock(fd int, how int) (err error) { - _, _, e1 := Syscall(SYS_FLOCK, uintptr(fd), uintptr(how), 0) + _, _, e1 := syscall_syscall(libc_flock_trampoline_addr, uintptr(fd), uintptr(how), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_flock_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_flock flock "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Fpathconf(fd int, name int) (val int, err error) { - r0, _, e1 := Syscall(SYS_FPATHCONF, uintptr(fd), uintptr(name), 0) + r0, _, e1 := syscall_syscall(libc_fpathconf_trampoline_addr, uintptr(fd), uintptr(name), 0) val = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -684,16 +914,24 @@ func Fpathconf(fd int, name int) (val int, err error) { return } +var libc_fpathconf_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fpathconf fpathconf "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Fstat(fd int, stat *Stat_t) (err error) { - _, _, e1 := Syscall(SYS_FSTAT, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0) + _, _, e1 := syscall_syscall(libc_fstat_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_fstat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fstat fstat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) { @@ -702,71 +940,99 @@ func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) { if err != nil { return } - _, _, e1 := Syscall6(SYS_FSTATAT, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0) + _, _, e1 := syscall_syscall6(libc_fstatat_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_fstatat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fstatat fstatat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Fstatfs(fd int, stat *Statfs_t) (err error) { - _, _, e1 := Syscall(SYS_FSTATFS, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0) + _, _, e1 := syscall_syscall(libc_fstatfs_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_fstatfs_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fstatfs fstatfs "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Fsync(fd int) (err error) { - _, _, e1 := Syscall(SYS_FSYNC, uintptr(fd), 0, 0) + _, _, e1 := syscall_syscall(libc_fsync_trampoline_addr, uintptr(fd), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_fsync_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fsync fsync "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Ftruncate(fd int, length int64) (err error) { - _, _, e1 := Syscall(SYS_FTRUNCATE, uintptr(fd), 0, uintptr(length)) + _, _, e1 := syscall_syscall(libc_ftruncate_trampoline_addr, uintptr(fd), uintptr(length), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_ftruncate_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_ftruncate ftruncate "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getegid() (egid int) { - r0, _, _ := RawSyscall(SYS_GETEGID, 0, 0, 0) + r0, _, _ := syscall_rawSyscall(libc_getegid_trampoline_addr, 0, 0, 0) egid = int(r0) return } +var libc_getegid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getegid getegid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Geteuid() (uid int) { - r0, _, _ := RawSyscall(SYS_GETEUID, 0, 0, 0) + r0, _, _ := syscall_rawSyscall(libc_geteuid_trampoline_addr, 0, 0, 0) uid = int(r0) return } +var libc_geteuid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_geteuid geteuid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getgid() (gid int) { - r0, _, _ := RawSyscall(SYS_GETGID, 0, 0, 0) + r0, _, _ := syscall_rawSyscall(libc_getgid_trampoline_addr, 0, 0, 0) gid = int(r0) return } +var libc_getgid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getgid getgid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getpgid(pid int) (pgid int, err error) { - r0, _, e1 := RawSyscall(SYS_GETPGID, uintptr(pid), 0, 0) + r0, _, e1 := syscall_rawSyscall(libc_getpgid_trampoline_addr, uintptr(pid), 0, 0) pgid = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -774,34 +1040,50 @@ func Getpgid(pid int) (pgid int, err error) { return } +var libc_getpgid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getpgid getpgid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getpgrp() (pgrp int) { - r0, _, _ := RawSyscall(SYS_GETPGRP, 0, 0, 0) + r0, _, _ := syscall_rawSyscall(libc_getpgrp_trampoline_addr, 0, 0, 0) pgrp = int(r0) return } +var libc_getpgrp_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getpgrp getpgrp "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getpid() (pid int) { - r0, _, _ := RawSyscall(SYS_GETPID, 0, 0, 0) + r0, _, _ := syscall_rawSyscall(libc_getpid_trampoline_addr, 0, 0, 0) pid = int(r0) return } +var libc_getpid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getpid getpid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getppid() (ppid int) { - r0, _, _ := RawSyscall(SYS_GETPPID, 0, 0, 0) + r0, _, _ := syscall_rawSyscall(libc_getppid_trampoline_addr, 0, 0, 0) ppid = int(r0) return } +var libc_getppid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getppid getppid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getpriority(which int, who int) (prio int, err error) { - r0, _, e1 := Syscall(SYS_GETPRIORITY, uintptr(which), uintptr(who), 0) + r0, _, e1 := syscall_syscall(libc_getpriority_trampoline_addr, uintptr(which), uintptr(who), 0) prio = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -809,20 +1091,28 @@ func Getpriority(which int, who int) (prio int, err error) { return } +var libc_getpriority_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getpriority getpriority "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getrlimit(which int, lim *Rlimit) (err error) { - _, _, e1 := RawSyscall(SYS_GETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0) + _, _, e1 := syscall_rawSyscall(libc_getrlimit_trampoline_addr, uintptr(which), uintptr(unsafe.Pointer(lim)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_getrlimit_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getrlimit getrlimit "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getrtable() (rtable int, err error) { - r0, _, e1 := RawSyscall(SYS_GETRTABLE, 0, 0, 0) + r0, _, e1 := syscall_rawSyscall(libc_getrtable_trampoline_addr, 0, 0, 0) rtable = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -830,20 +1120,28 @@ func Getrtable() (rtable int, err error) { return } +var libc_getrtable_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getrtable getrtable "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getrusage(who int, rusage *Rusage) (err error) { - _, _, e1 := RawSyscall(SYS_GETRUSAGE, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0) + _, _, e1 := syscall_rawSyscall(libc_getrusage_trampoline_addr, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_getrusage_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getrusage getrusage "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getsid(pid int) (sid int, err error) { - r0, _, e1 := RawSyscall(SYS_GETSID, uintptr(pid), 0, 0) + r0, _, e1 := syscall_rawSyscall(libc_getsid_trampoline_addr, uintptr(pid), 0, 0) sid = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -851,46 +1149,66 @@ func Getsid(pid int) (sid int, err error) { return } +var libc_getsid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getsid getsid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Gettimeofday(tv *Timeval) (err error) { - _, _, e1 := RawSyscall(SYS_GETTIMEOFDAY, uintptr(unsafe.Pointer(tv)), 0, 0) + _, _, e1 := syscall_rawSyscall(libc_gettimeofday_trampoline_addr, uintptr(unsafe.Pointer(tv)), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_gettimeofday_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_gettimeofday gettimeofday "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Getuid() (uid int) { - r0, _, _ := RawSyscall(SYS_GETUID, 0, 0, 0) + r0, _, _ := syscall_rawSyscall(libc_getuid_trampoline_addr, 0, 0, 0) uid = int(r0) return } +var libc_getuid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getuid getuid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Issetugid() (tainted bool) { - r0, _, _ := Syscall(SYS_ISSETUGID, 0, 0, 0) + r0, _, _ := syscall_syscall(libc_issetugid_trampoline_addr, 0, 0, 0) tainted = bool(r0 != 0) return } +var libc_issetugid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_issetugid issetugid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Kill(pid int, signum syscall.Signal) (err error) { - _, _, e1 := Syscall(SYS_KILL, uintptr(pid), uintptr(signum), 0) + _, _, e1 := syscall_syscall(libc_kill_trampoline_addr, uintptr(pid), uintptr(signum), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_kill_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_kill kill "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Kqueue() (fd int, err error) { - r0, _, e1 := Syscall(SYS_KQUEUE, 0, 0, 0) + r0, _, e1 := syscall_syscall(libc_kqueue_trampoline_addr, 0, 0, 0) fd = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -898,6 +1216,10 @@ func Kqueue() (fd int, err error) { return } +var libc_kqueue_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_kqueue kqueue "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Lchown(path string, uid int, gid int) (err error) { @@ -906,13 +1228,17 @@ func Lchown(path string, uid int, gid int) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_LCHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid)) + _, _, e1 := syscall_syscall(libc_lchown_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_lchown_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_lchown lchown "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Link(path string, link string) (err error) { @@ -926,13 +1252,17 @@ func Link(path string, link string) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_LINK, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0) + _, _, e1 := syscall_syscall(libc_link_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_link_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_link link "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Linkat(pathfd int, path string, linkfd int, link string, flags int) (err error) { @@ -946,23 +1276,31 @@ func Linkat(pathfd int, path string, linkfd int, link string, flags int) (err er if err != nil { return } - _, _, e1 := Syscall6(SYS_LINKAT, uintptr(pathfd), uintptr(unsafe.Pointer(_p0)), uintptr(linkfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0) + _, _, e1 := syscall_syscall6(libc_linkat_trampoline_addr, uintptr(pathfd), uintptr(unsafe.Pointer(_p0)), uintptr(linkfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_linkat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_linkat linkat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Listen(s int, backlog int) (err error) { - _, _, e1 := Syscall(SYS_LISTEN, uintptr(s), uintptr(backlog), 0) + _, _, e1 := syscall_syscall(libc_listen_trampoline_addr, uintptr(s), uintptr(backlog), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_listen_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_listen listen "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Lstat(path string, stat *Stat_t) (err error) { @@ -971,13 +1309,17 @@ func Lstat(path string, stat *Stat_t) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_LSTAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0) + _, _, e1 := syscall_syscall(libc_lstat_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_lstat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_lstat lstat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Mkdir(path string, mode uint32) (err error) { @@ -986,13 +1328,17 @@ func Mkdir(path string, mode uint32) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_MKDIR, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0) + _, _, e1 := syscall_syscall(libc_mkdir_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_mkdir_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mkdir mkdir "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Mkdirat(dirfd int, path string, mode uint32) (err error) { @@ -1001,13 +1347,17 @@ func Mkdirat(dirfd int, path string, mode uint32) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_MKDIRAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode)) + _, _, e1 := syscall_syscall(libc_mkdirat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_mkdirat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mkdirat mkdirat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Mkfifo(path string, mode uint32) (err error) { @@ -1016,13 +1366,17 @@ func Mkfifo(path string, mode uint32) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_MKFIFO, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0) + _, _, e1 := syscall_syscall(libc_mkfifo_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_mkfifo_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mkfifo mkfifo "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Mkfifoat(dirfd int, path string, mode uint32) (err error) { @@ -1031,13 +1385,17 @@ func Mkfifoat(dirfd int, path string, mode uint32) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_MKFIFOAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode)) + _, _, e1 := syscall_syscall(libc_mkfifoat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_mkfifoat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mkfifoat mkfifoat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Mknod(path string, mode uint32, dev int) (err error) { @@ -1046,13 +1404,17 @@ func Mknod(path string, mode uint32, dev int) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_MKNOD, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev)) + _, _, e1 := syscall_syscall(libc_mknod_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_mknod_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mknod mknod "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Mknodat(dirfd int, path string, mode uint32, dev int) (err error) { @@ -1061,23 +1423,31 @@ func Mknodat(dirfd int, path string, mode uint32, dev int) (err error) { if err != nil { return } - _, _, e1 := Syscall6(SYS_MKNODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0) + _, _, e1 := syscall_syscall6(libc_mknodat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_mknodat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mknodat mknodat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Nanosleep(time *Timespec, leftover *Timespec) (err error) { - _, _, e1 := Syscall(SYS_NANOSLEEP, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0) + _, _, e1 := syscall_syscall(libc_nanosleep_trampoline_addr, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_nanosleep_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_nanosleep nanosleep "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Open(path string, mode int, perm uint32) (fd int, err error) { @@ -1086,7 +1456,7 @@ func Open(path string, mode int, perm uint32) (fd int, err error) { if err != nil { return } - r0, _, e1 := Syscall(SYS_OPEN, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm)) + r0, _, e1 := syscall_syscall(libc_open_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm)) fd = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -1094,6 +1464,10 @@ func Open(path string, mode int, perm uint32) (fd int, err error) { return } +var libc_open_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_open open "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error) { @@ -1102,7 +1476,7 @@ func Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error) { if err != nil { return } - r0, _, e1 := Syscall6(SYS_OPENAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm), 0, 0) + r0, _, e1 := syscall_syscall6(libc_openat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm), 0, 0) fd = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -1110,6 +1484,10 @@ func Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error) { return } +var libc_openat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_openat openat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Pathconf(path string, name int) (val int, err error) { @@ -1118,7 +1496,7 @@ func Pathconf(path string, name int) (val int, err error) { if err != nil { return } - r0, _, e1 := Syscall(SYS_PATHCONF, uintptr(unsafe.Pointer(_p0)), uintptr(name), 0) + r0, _, e1 := syscall_syscall(libc_pathconf_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(name), 0) val = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -1126,6 +1504,10 @@ func Pathconf(path string, name int) (val int, err error) { return } +var libc_pathconf_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_pathconf pathconf "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func pread(fd int, p []byte, offset int64) (n int, err error) { @@ -1135,7 +1517,7 @@ func pread(fd int, p []byte, offset int64) (n int, err error) { } else { _p0 = unsafe.Pointer(&_zero) } - r0, _, e1 := Syscall6(SYS_PREAD, uintptr(fd), uintptr(_p0), uintptr(len(p)), 0, uintptr(offset), 0) + r0, _, e1 := syscall_syscall6(libc_pread_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -1143,6 +1525,10 @@ func pread(fd int, p []byte, offset int64) (n int, err error) { return } +var libc_pread_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_pread pread "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func pwrite(fd int, p []byte, offset int64) (n int, err error) { @@ -1152,7 +1538,7 @@ func pwrite(fd int, p []byte, offset int64) (n int, err error) { } else { _p0 = unsafe.Pointer(&_zero) } - r0, _, e1 := Syscall6(SYS_PWRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)), 0, uintptr(offset), 0) + r0, _, e1 := syscall_syscall6(libc_pwrite_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -1160,6 +1546,10 @@ func pwrite(fd int, p []byte, offset int64) (n int, err error) { return } +var libc_pwrite_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_pwrite pwrite "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func read(fd int, p []byte) (n int, err error) { @@ -1169,7 +1559,7 @@ func read(fd int, p []byte) (n int, err error) { } else { _p0 = unsafe.Pointer(&_zero) } - r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(_p0), uintptr(len(p))) + r0, _, e1 := syscall_syscall(libc_read_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(p))) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -1177,6 +1567,10 @@ func read(fd int, p []byte) (n int, err error) { return } +var libc_read_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_read read "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Readlink(path string, buf []byte) (n int, err error) { @@ -1191,7 +1585,7 @@ func Readlink(path string, buf []byte) (n int, err error) { } else { _p1 = unsafe.Pointer(&_zero) } - r0, _, e1 := Syscall(SYS_READLINK, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf))) + r0, _, e1 := syscall_syscall(libc_readlink_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf))) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -1199,6 +1593,10 @@ func Readlink(path string, buf []byte) (n int, err error) { return } +var libc_readlink_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_readlink readlink "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) { @@ -1213,7 +1611,7 @@ func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) { } else { _p1 = unsafe.Pointer(&_zero) } - r0, _, e1 := Syscall6(SYS_READLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0) + r0, _, e1 := syscall_syscall6(libc_readlinkat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -1221,6 +1619,10 @@ func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) { return } +var libc_readlinkat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_readlinkat readlinkat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Rename(from string, to string) (err error) { @@ -1234,13 +1636,17 @@ func Rename(from string, to string) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_RENAME, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0) + _, _, e1 := syscall_syscall(libc_rename_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_rename_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_rename rename "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Renameat(fromfd int, from string, tofd int, to string) (err error) { @@ -1254,13 +1660,17 @@ func Renameat(fromfd int, from string, tofd int, to string) (err error) { if err != nil { return } - _, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(fromfd), uintptr(unsafe.Pointer(_p0)), uintptr(tofd), uintptr(unsafe.Pointer(_p1)), 0, 0) + _, _, e1 := syscall_syscall6(libc_renameat_trampoline_addr, uintptr(fromfd), uintptr(unsafe.Pointer(_p0)), uintptr(tofd), uintptr(unsafe.Pointer(_p1)), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_renameat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_renameat renameat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Revoke(path string) (err error) { @@ -1269,13 +1679,17 @@ func Revoke(path string) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_REVOKE, uintptr(unsafe.Pointer(_p0)), 0, 0) + _, _, e1 := syscall_syscall(libc_revoke_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_revoke_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_revoke revoke "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Rmdir(path string) (err error) { @@ -1284,17 +1698,21 @@ func Rmdir(path string) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_RMDIR, uintptr(unsafe.Pointer(_p0)), 0, 0) + _, _, e1 := syscall_syscall(libc_rmdir_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_rmdir_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_rmdir rmdir "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Seek(fd int, offset int64, whence int) (newoffset int64, err error) { - r0, _, e1 := Syscall6(SYS_LSEEK, uintptr(fd), 0, uintptr(offset), uintptr(whence), 0, 0) + r0, _, e1 := syscall_syscall(libc_lseek_trampoline_addr, uintptr(fd), uintptr(offset), uintptr(whence)) newoffset = int64(r0) if e1 != 0 { err = errnoErr(e1) @@ -1302,10 +1720,14 @@ func Seek(fd int, offset int64, whence int) (newoffset int64, err error) { return } +var libc_lseek_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_lseek lseek "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) { - r0, _, e1 := Syscall6(SYS_SELECT, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0) + r0, _, e1 := syscall_syscall6(libc_select_trampoline_addr, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -1313,36 +1735,52 @@ func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err return } +var libc_select_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_select select "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setegid(egid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETEGID, uintptr(egid), 0, 0) + _, _, e1 := syscall_rawSyscall(libc_setegid_trampoline_addr, uintptr(egid), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setegid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setegid setegid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Seteuid(euid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETEUID, uintptr(euid), 0, 0) + _, _, e1 := syscall_rawSyscall(libc_seteuid_trampoline_addr, uintptr(euid), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_seteuid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_seteuid seteuid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setgid(gid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETGID, uintptr(gid), 0, 0) + _, _, e1 := syscall_rawSyscall(libc_setgid_trampoline_addr, uintptr(gid), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setgid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setgid setgid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setlogin(name string) (err error) { @@ -1351,97 +1789,133 @@ func Setlogin(name string) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_SETLOGIN, uintptr(unsafe.Pointer(_p0)), 0, 0) + _, _, e1 := syscall_syscall(libc_setlogin_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setlogin_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setlogin setlogin "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setpgid(pid int, pgid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETPGID, uintptr(pid), uintptr(pgid), 0) + _, _, e1 := syscall_rawSyscall(libc_setpgid_trampoline_addr, uintptr(pid), uintptr(pgid), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setpgid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setpgid setpgid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setpriority(which int, who int, prio int) (err error) { - _, _, e1 := Syscall(SYS_SETPRIORITY, uintptr(which), uintptr(who), uintptr(prio)) + _, _, e1 := syscall_syscall(libc_setpriority_trampoline_addr, uintptr(which), uintptr(who), uintptr(prio)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setpriority_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setpriority setpriority "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setregid(rgid int, egid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0) + _, _, e1 := syscall_rawSyscall(libc_setregid_trampoline_addr, uintptr(rgid), uintptr(egid), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setregid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setregid setregid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setreuid(ruid int, euid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0) + _, _, e1 := syscall_rawSyscall(libc_setreuid_trampoline_addr, uintptr(ruid), uintptr(euid), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setreuid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setreuid setreuid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setresgid(rgid int, egid int, sgid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETRESGID, uintptr(rgid), uintptr(egid), uintptr(sgid)) + _, _, e1 := syscall_rawSyscall(libc_setresgid_trampoline_addr, uintptr(rgid), uintptr(egid), uintptr(sgid)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setresgid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setresgid setresgid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setresuid(ruid int, euid int, suid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETRESUID, uintptr(ruid), uintptr(euid), uintptr(suid)) + _, _, e1 := syscall_rawSyscall(libc_setresuid_trampoline_addr, uintptr(ruid), uintptr(euid), uintptr(suid)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setresuid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setresuid setresuid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setrlimit(which int, lim *Rlimit) (err error) { - _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0) + _, _, e1 := syscall_rawSyscall(libc_setrlimit_trampoline_addr, uintptr(which), uintptr(unsafe.Pointer(lim)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setrlimit_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setrlimit setrlimit "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setrtable(rtable int) (err error) { - _, _, e1 := RawSyscall(SYS_SETRTABLE, uintptr(rtable), 0, 0) + _, _, e1 := syscall_rawSyscall(libc_setrtable_trampoline_addr, uintptr(rtable), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setrtable_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setrtable setrtable "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setsid() (pid int, err error) { - r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0) + r0, _, e1 := syscall_rawSyscall(libc_setsid_trampoline_addr, 0, 0, 0) pid = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -1449,26 +1923,38 @@ func Setsid() (pid int, err error) { return } +var libc_setsid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setsid setsid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Settimeofday(tp *Timeval) (err error) { - _, _, e1 := RawSyscall(SYS_SETTIMEOFDAY, uintptr(unsafe.Pointer(tp)), 0, 0) + _, _, e1 := syscall_rawSyscall(libc_settimeofday_trampoline_addr, uintptr(unsafe.Pointer(tp)), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_settimeofday_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_settimeofday settimeofday "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setuid(uid int) (err error) { - _, _, e1 := RawSyscall(SYS_SETUID, uintptr(uid), 0, 0) + _, _, e1 := syscall_rawSyscall(libc_setuid_trampoline_addr, uintptr(uid), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_setuid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setuid setuid "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Stat(path string, stat *Stat_t) (err error) { @@ -1477,13 +1963,17 @@ func Stat(path string, stat *Stat_t) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_STAT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0) + _, _, e1 := syscall_syscall(libc_stat_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_stat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_stat stat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Statfs(path string, stat *Statfs_t) (err error) { @@ -1492,13 +1982,17 @@ func Statfs(path string, stat *Statfs_t) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_STATFS, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0) + _, _, e1 := syscall_syscall(libc_statfs_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_statfs_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_statfs statfs "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Symlink(path string, link string) (err error) { @@ -1512,13 +2006,17 @@ func Symlink(path string, link string) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_SYMLINK, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0) + _, _, e1 := syscall_syscall(libc_symlink_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_symlink_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_symlink symlink "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) { @@ -1532,23 +2030,31 @@ func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_SYMLINKAT, uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1))) + _, _, e1 := syscall_syscall(libc_symlinkat_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1))) if e1 != 0 { err = errnoErr(e1) } return } +var libc_symlinkat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_symlinkat symlinkat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Sync() (err error) { - _, _, e1 := Syscall(SYS_SYNC, 0, 0, 0) + _, _, e1 := syscall_syscall(libc_sync_trampoline_addr, 0, 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_sync_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_sync sync "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Truncate(path string, length int64) (err error) { @@ -1557,21 +2063,29 @@ func Truncate(path string, length int64) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_TRUNCATE, uintptr(unsafe.Pointer(_p0)), 0, uintptr(length)) + _, _, e1 := syscall_syscall(libc_truncate_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(length), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_truncate_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_truncate truncate "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Umask(newmask int) (oldmask int) { - r0, _, _ := Syscall(SYS_UMASK, uintptr(newmask), 0, 0) + r0, _, _ := syscall_syscall(libc_umask_trampoline_addr, uintptr(newmask), 0, 0) oldmask = int(r0) return } +var libc_umask_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_umask umask "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Unlink(path string) (err error) { @@ -1580,13 +2094,17 @@ func Unlink(path string) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_UNLINK, uintptr(unsafe.Pointer(_p0)), 0, 0) + _, _, e1 := syscall_syscall(libc_unlink_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_unlink_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_unlink unlink "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Unlinkat(dirfd int, path string, flags int) (err error) { @@ -1595,13 +2113,17 @@ func Unlinkat(dirfd int, path string, flags int) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_UNLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags)) + _, _, e1 := syscall_syscall(libc_unlinkat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags)) if e1 != 0 { err = errnoErr(e1) } return } +var libc_unlinkat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_unlinkat unlinkat "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Unmount(path string, flags int) (err error) { @@ -1610,13 +2132,17 @@ func Unmount(path string, flags int) (err error) { if err != nil { return } - _, _, e1 := Syscall(SYS_UNMOUNT, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0) + _, _, e1 := syscall_syscall(libc_unmount_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_unmount_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_unmount unmount "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func write(fd int, p []byte) (n int, err error) { @@ -1626,7 +2152,7 @@ func write(fd int, p []byte) (n int, err error) { } else { _p0 = unsafe.Pointer(&_zero) } - r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(_p0), uintptr(len(p))) + r0, _, e1 := syscall_syscall(libc_write_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(p))) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -1634,10 +2160,14 @@ func write(fd int, p []byte) (n int, err error) { return } +var libc_write_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_write write "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error) { - r0, _, e1 := Syscall9(SYS_MMAP, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flag), uintptr(fd), 0, uintptr(pos), 0, 0) + r0, _, e1 := syscall_syscall6(libc_mmap_trampoline_addr, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flag), uintptr(fd), uintptr(pos)) ret = uintptr(r0) if e1 != 0 { err = errnoErr(e1) @@ -1645,20 +2175,28 @@ func mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) ( return } +var libc_mmap_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_mmap mmap "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func munmap(addr uintptr, length uintptr) (err error) { - _, _, e1 := Syscall(SYS_MUNMAP, uintptr(addr), uintptr(length), 0) + _, _, e1 := syscall_syscall(libc_munmap_trampoline_addr, uintptr(addr), uintptr(length), 0) if e1 != 0 { err = errnoErr(e1) } return } +var libc_munmap_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_munmap munmap "libc.so" + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func readlen(fd int, buf *byte, nbuf int) (n int, err error) { - r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf)) + r0, _, e1 := syscall_syscall(libc_read_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf)) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -1669,7 +2207,7 @@ func readlen(fd int, buf *byte, nbuf int) (n int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func writelen(fd int, buf *byte, nbuf int) (n int, err error) { - r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf)) + r0, _, e1 := syscall_syscall(libc_write_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf)) n = int(r0) if e1 != 0 { err = errnoErr(e1) @@ -1685,9 +2223,13 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error if err != nil { return } - _, _, e1 := Syscall6(SYS_UTIMENSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), uintptr(flags), 0, 0) + _, _, e1 := syscall_syscall6(libc_utimensat_trampoline_addr, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), uintptr(flags), 0, 0) if e1 != 0 { err = errnoErr(e1) } return } + +var libc_utimensat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_utimensat utimensat "libc.so" diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.s new file mode 100644 index 00000000000..55af27263ad --- /dev/null +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.s @@ -0,0 +1,669 @@ +// go run mkasm.go openbsd mips64 +// Code generated by the command above; DO NOT EDIT. + +#include "textflag.h" + +TEXT libc_getgroups_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getgroups(SB) +GLOBL ·libc_getgroups_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getgroups_trampoline_addr(SB)/8, $libc_getgroups_trampoline<>(SB) + +TEXT libc_setgroups_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setgroups(SB) +GLOBL ·libc_setgroups_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setgroups_trampoline_addr(SB)/8, $libc_setgroups_trampoline<>(SB) + +TEXT libc_wait4_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_wait4(SB) +GLOBL ·libc_wait4_trampoline_addr(SB), RODATA, $8 +DATA ·libc_wait4_trampoline_addr(SB)/8, $libc_wait4_trampoline<>(SB) + +TEXT libc_accept_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_accept(SB) +GLOBL ·libc_accept_trampoline_addr(SB), RODATA, $8 +DATA ·libc_accept_trampoline_addr(SB)/8, $libc_accept_trampoline<>(SB) + +TEXT libc_bind_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_bind(SB) +GLOBL ·libc_bind_trampoline_addr(SB), RODATA, $8 +DATA ·libc_bind_trampoline_addr(SB)/8, $libc_bind_trampoline<>(SB) + +TEXT libc_connect_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_connect(SB) +GLOBL ·libc_connect_trampoline_addr(SB), RODATA, $8 +DATA ·libc_connect_trampoline_addr(SB)/8, $libc_connect_trampoline<>(SB) + +TEXT libc_socket_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_socket(SB) +GLOBL ·libc_socket_trampoline_addr(SB), RODATA, $8 +DATA ·libc_socket_trampoline_addr(SB)/8, $libc_socket_trampoline<>(SB) + +TEXT libc_getsockopt_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getsockopt(SB) +GLOBL ·libc_getsockopt_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getsockopt_trampoline_addr(SB)/8, $libc_getsockopt_trampoline<>(SB) + +TEXT libc_setsockopt_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setsockopt(SB) +GLOBL ·libc_setsockopt_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setsockopt_trampoline_addr(SB)/8, $libc_setsockopt_trampoline<>(SB) + +TEXT libc_getpeername_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getpeername(SB) +GLOBL ·libc_getpeername_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getpeername_trampoline_addr(SB)/8, $libc_getpeername_trampoline<>(SB) + +TEXT libc_getsockname_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getsockname(SB) +GLOBL ·libc_getsockname_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getsockname_trampoline_addr(SB)/8, $libc_getsockname_trampoline<>(SB) + +TEXT libc_shutdown_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_shutdown(SB) +GLOBL ·libc_shutdown_trampoline_addr(SB), RODATA, $8 +DATA ·libc_shutdown_trampoline_addr(SB)/8, $libc_shutdown_trampoline<>(SB) + +TEXT libc_socketpair_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_socketpair(SB) +GLOBL ·libc_socketpair_trampoline_addr(SB), RODATA, $8 +DATA ·libc_socketpair_trampoline_addr(SB)/8, $libc_socketpair_trampoline<>(SB) + +TEXT libc_recvfrom_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_recvfrom(SB) +GLOBL ·libc_recvfrom_trampoline_addr(SB), RODATA, $8 +DATA ·libc_recvfrom_trampoline_addr(SB)/8, $libc_recvfrom_trampoline<>(SB) + +TEXT libc_sendto_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_sendto(SB) +GLOBL ·libc_sendto_trampoline_addr(SB), RODATA, $8 +DATA ·libc_sendto_trampoline_addr(SB)/8, $libc_sendto_trampoline<>(SB) + +TEXT libc_recvmsg_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_recvmsg(SB) +GLOBL ·libc_recvmsg_trampoline_addr(SB), RODATA, $8 +DATA ·libc_recvmsg_trampoline_addr(SB)/8, $libc_recvmsg_trampoline<>(SB) + +TEXT libc_sendmsg_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_sendmsg(SB) +GLOBL ·libc_sendmsg_trampoline_addr(SB), RODATA, $8 +DATA ·libc_sendmsg_trampoline_addr(SB)/8, $libc_sendmsg_trampoline<>(SB) + +TEXT libc_kevent_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_kevent(SB) +GLOBL ·libc_kevent_trampoline_addr(SB), RODATA, $8 +DATA ·libc_kevent_trampoline_addr(SB)/8, $libc_kevent_trampoline<>(SB) + +TEXT libc_utimes_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_utimes(SB) +GLOBL ·libc_utimes_trampoline_addr(SB), RODATA, $8 +DATA ·libc_utimes_trampoline_addr(SB)/8, $libc_utimes_trampoline<>(SB) + +TEXT libc_futimes_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_futimes(SB) +GLOBL ·libc_futimes_trampoline_addr(SB), RODATA, $8 +DATA ·libc_futimes_trampoline_addr(SB)/8, $libc_futimes_trampoline<>(SB) + +TEXT libc_poll_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_poll(SB) +GLOBL ·libc_poll_trampoline_addr(SB), RODATA, $8 +DATA ·libc_poll_trampoline_addr(SB)/8, $libc_poll_trampoline<>(SB) + +TEXT libc_madvise_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_madvise(SB) +GLOBL ·libc_madvise_trampoline_addr(SB), RODATA, $8 +DATA ·libc_madvise_trampoline_addr(SB)/8, $libc_madvise_trampoline<>(SB) + +TEXT libc_mlock_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_mlock(SB) +GLOBL ·libc_mlock_trampoline_addr(SB), RODATA, $8 +DATA ·libc_mlock_trampoline_addr(SB)/8, $libc_mlock_trampoline<>(SB) + +TEXT libc_mlockall_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_mlockall(SB) +GLOBL ·libc_mlockall_trampoline_addr(SB), RODATA, $8 +DATA ·libc_mlockall_trampoline_addr(SB)/8, $libc_mlockall_trampoline<>(SB) + +TEXT libc_mprotect_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_mprotect(SB) +GLOBL ·libc_mprotect_trampoline_addr(SB), RODATA, $8 +DATA ·libc_mprotect_trampoline_addr(SB)/8, $libc_mprotect_trampoline<>(SB) + +TEXT libc_msync_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_msync(SB) +GLOBL ·libc_msync_trampoline_addr(SB), RODATA, $8 +DATA ·libc_msync_trampoline_addr(SB)/8, $libc_msync_trampoline<>(SB) + +TEXT libc_munlock_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_munlock(SB) +GLOBL ·libc_munlock_trampoline_addr(SB), RODATA, $8 +DATA ·libc_munlock_trampoline_addr(SB)/8, $libc_munlock_trampoline<>(SB) + +TEXT libc_munlockall_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_munlockall(SB) +GLOBL ·libc_munlockall_trampoline_addr(SB), RODATA, $8 +DATA ·libc_munlockall_trampoline_addr(SB)/8, $libc_munlockall_trampoline<>(SB) + +TEXT libc_pipe2_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_pipe2(SB) +GLOBL ·libc_pipe2_trampoline_addr(SB), RODATA, $8 +DATA ·libc_pipe2_trampoline_addr(SB)/8, $libc_pipe2_trampoline<>(SB) + +TEXT libc_getdents_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getdents(SB) +GLOBL ·libc_getdents_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getdents_trampoline_addr(SB)/8, $libc_getdents_trampoline<>(SB) + +TEXT libc_getcwd_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getcwd(SB) +GLOBL ·libc_getcwd_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getcwd_trampoline_addr(SB)/8, $libc_getcwd_trampoline<>(SB) + +TEXT libc_ioctl_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_ioctl(SB) +GLOBL ·libc_ioctl_trampoline_addr(SB), RODATA, $8 +DATA ·libc_ioctl_trampoline_addr(SB)/8, $libc_ioctl_trampoline<>(SB) + +TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_sysctl(SB) +GLOBL ·libc_sysctl_trampoline_addr(SB), RODATA, $8 +DATA ·libc_sysctl_trampoline_addr(SB)/8, $libc_sysctl_trampoline<>(SB) + +TEXT libc_ppoll_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_ppoll(SB) +GLOBL ·libc_ppoll_trampoline_addr(SB), RODATA, $8 +DATA ·libc_ppoll_trampoline_addr(SB)/8, $libc_ppoll_trampoline<>(SB) + +TEXT libc_access_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_access(SB) +GLOBL ·libc_access_trampoline_addr(SB), RODATA, $8 +DATA ·libc_access_trampoline_addr(SB)/8, $libc_access_trampoline<>(SB) + +TEXT libc_adjtime_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_adjtime(SB) +GLOBL ·libc_adjtime_trampoline_addr(SB), RODATA, $8 +DATA ·libc_adjtime_trampoline_addr(SB)/8, $libc_adjtime_trampoline<>(SB) + +TEXT libc_chdir_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_chdir(SB) +GLOBL ·libc_chdir_trampoline_addr(SB), RODATA, $8 +DATA ·libc_chdir_trampoline_addr(SB)/8, $libc_chdir_trampoline<>(SB) + +TEXT libc_chflags_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_chflags(SB) +GLOBL ·libc_chflags_trampoline_addr(SB), RODATA, $8 +DATA ·libc_chflags_trampoline_addr(SB)/8, $libc_chflags_trampoline<>(SB) + +TEXT libc_chmod_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_chmod(SB) +GLOBL ·libc_chmod_trampoline_addr(SB), RODATA, $8 +DATA ·libc_chmod_trampoline_addr(SB)/8, $libc_chmod_trampoline<>(SB) + +TEXT libc_chown_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_chown(SB) +GLOBL ·libc_chown_trampoline_addr(SB), RODATA, $8 +DATA ·libc_chown_trampoline_addr(SB)/8, $libc_chown_trampoline<>(SB) + +TEXT libc_chroot_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_chroot(SB) +GLOBL ·libc_chroot_trampoline_addr(SB), RODATA, $8 +DATA ·libc_chroot_trampoline_addr(SB)/8, $libc_chroot_trampoline<>(SB) + +TEXT libc_clock_gettime_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_clock_gettime(SB) +GLOBL ·libc_clock_gettime_trampoline_addr(SB), RODATA, $8 +DATA ·libc_clock_gettime_trampoline_addr(SB)/8, $libc_clock_gettime_trampoline<>(SB) + +TEXT libc_close_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_close(SB) +GLOBL ·libc_close_trampoline_addr(SB), RODATA, $8 +DATA ·libc_close_trampoline_addr(SB)/8, $libc_close_trampoline<>(SB) + +TEXT libc_dup_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_dup(SB) +GLOBL ·libc_dup_trampoline_addr(SB), RODATA, $8 +DATA ·libc_dup_trampoline_addr(SB)/8, $libc_dup_trampoline<>(SB) + +TEXT libc_dup2_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_dup2(SB) +GLOBL ·libc_dup2_trampoline_addr(SB), RODATA, $8 +DATA ·libc_dup2_trampoline_addr(SB)/8, $libc_dup2_trampoline<>(SB) + +TEXT libc_dup3_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_dup3(SB) +GLOBL ·libc_dup3_trampoline_addr(SB), RODATA, $8 +DATA ·libc_dup3_trampoline_addr(SB)/8, $libc_dup3_trampoline<>(SB) + +TEXT libc_exit_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_exit(SB) +GLOBL ·libc_exit_trampoline_addr(SB), RODATA, $8 +DATA ·libc_exit_trampoline_addr(SB)/8, $libc_exit_trampoline<>(SB) + +TEXT libc_faccessat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_faccessat(SB) +GLOBL ·libc_faccessat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_faccessat_trampoline_addr(SB)/8, $libc_faccessat_trampoline<>(SB) + +TEXT libc_fchdir_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fchdir(SB) +GLOBL ·libc_fchdir_trampoline_addr(SB), RODATA, $8 +DATA ·libc_fchdir_trampoline_addr(SB)/8, $libc_fchdir_trampoline<>(SB) + +TEXT libc_fchflags_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fchflags(SB) +GLOBL ·libc_fchflags_trampoline_addr(SB), RODATA, $8 +DATA ·libc_fchflags_trampoline_addr(SB)/8, $libc_fchflags_trampoline<>(SB) + +TEXT libc_fchmod_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fchmod(SB) +GLOBL ·libc_fchmod_trampoline_addr(SB), RODATA, $8 +DATA ·libc_fchmod_trampoline_addr(SB)/8, $libc_fchmod_trampoline<>(SB) + +TEXT libc_fchmodat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fchmodat(SB) +GLOBL ·libc_fchmodat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_fchmodat_trampoline_addr(SB)/8, $libc_fchmodat_trampoline<>(SB) + +TEXT libc_fchown_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fchown(SB) +GLOBL ·libc_fchown_trampoline_addr(SB), RODATA, $8 +DATA ·libc_fchown_trampoline_addr(SB)/8, $libc_fchown_trampoline<>(SB) + +TEXT libc_fchownat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fchownat(SB) +GLOBL ·libc_fchownat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_fchownat_trampoline_addr(SB)/8, $libc_fchownat_trampoline<>(SB) + +TEXT libc_flock_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_flock(SB) +GLOBL ·libc_flock_trampoline_addr(SB), RODATA, $8 +DATA ·libc_flock_trampoline_addr(SB)/8, $libc_flock_trampoline<>(SB) + +TEXT libc_fpathconf_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fpathconf(SB) +GLOBL ·libc_fpathconf_trampoline_addr(SB), RODATA, $8 +DATA ·libc_fpathconf_trampoline_addr(SB)/8, $libc_fpathconf_trampoline<>(SB) + +TEXT libc_fstat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fstat(SB) +GLOBL ·libc_fstat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_fstat_trampoline_addr(SB)/8, $libc_fstat_trampoline<>(SB) + +TEXT libc_fstatat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fstatat(SB) +GLOBL ·libc_fstatat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_fstatat_trampoline_addr(SB)/8, $libc_fstatat_trampoline<>(SB) + +TEXT libc_fstatfs_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fstatfs(SB) +GLOBL ·libc_fstatfs_trampoline_addr(SB), RODATA, $8 +DATA ·libc_fstatfs_trampoline_addr(SB)/8, $libc_fstatfs_trampoline<>(SB) + +TEXT libc_fsync_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fsync(SB) +GLOBL ·libc_fsync_trampoline_addr(SB), RODATA, $8 +DATA ·libc_fsync_trampoline_addr(SB)/8, $libc_fsync_trampoline<>(SB) + +TEXT libc_ftruncate_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_ftruncate(SB) +GLOBL ·libc_ftruncate_trampoline_addr(SB), RODATA, $8 +DATA ·libc_ftruncate_trampoline_addr(SB)/8, $libc_ftruncate_trampoline<>(SB) + +TEXT libc_getegid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getegid(SB) +GLOBL ·libc_getegid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getegid_trampoline_addr(SB)/8, $libc_getegid_trampoline<>(SB) + +TEXT libc_geteuid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_geteuid(SB) +GLOBL ·libc_geteuid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_geteuid_trampoline_addr(SB)/8, $libc_geteuid_trampoline<>(SB) + +TEXT libc_getgid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getgid(SB) +GLOBL ·libc_getgid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getgid_trampoline_addr(SB)/8, $libc_getgid_trampoline<>(SB) + +TEXT libc_getpgid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getpgid(SB) +GLOBL ·libc_getpgid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getpgid_trampoline_addr(SB)/8, $libc_getpgid_trampoline<>(SB) + +TEXT libc_getpgrp_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getpgrp(SB) +GLOBL ·libc_getpgrp_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getpgrp_trampoline_addr(SB)/8, $libc_getpgrp_trampoline<>(SB) + +TEXT libc_getpid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getpid(SB) +GLOBL ·libc_getpid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getpid_trampoline_addr(SB)/8, $libc_getpid_trampoline<>(SB) + +TEXT libc_getppid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getppid(SB) +GLOBL ·libc_getppid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getppid_trampoline_addr(SB)/8, $libc_getppid_trampoline<>(SB) + +TEXT libc_getpriority_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getpriority(SB) +GLOBL ·libc_getpriority_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getpriority_trampoline_addr(SB)/8, $libc_getpriority_trampoline<>(SB) + +TEXT libc_getrlimit_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getrlimit(SB) +GLOBL ·libc_getrlimit_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getrlimit_trampoline_addr(SB)/8, $libc_getrlimit_trampoline<>(SB) + +TEXT libc_getrtable_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getrtable(SB) +GLOBL ·libc_getrtable_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getrtable_trampoline_addr(SB)/8, $libc_getrtable_trampoline<>(SB) + +TEXT libc_getrusage_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getrusage(SB) +GLOBL ·libc_getrusage_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getrusage_trampoline_addr(SB)/8, $libc_getrusage_trampoline<>(SB) + +TEXT libc_getsid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getsid(SB) +GLOBL ·libc_getsid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getsid_trampoline_addr(SB)/8, $libc_getsid_trampoline<>(SB) + +TEXT libc_gettimeofday_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_gettimeofday(SB) +GLOBL ·libc_gettimeofday_trampoline_addr(SB), RODATA, $8 +DATA ·libc_gettimeofday_trampoline_addr(SB)/8, $libc_gettimeofday_trampoline<>(SB) + +TEXT libc_getuid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getuid(SB) +GLOBL ·libc_getuid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getuid_trampoline_addr(SB)/8, $libc_getuid_trampoline<>(SB) + +TEXT libc_issetugid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_issetugid(SB) +GLOBL ·libc_issetugid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_issetugid_trampoline_addr(SB)/8, $libc_issetugid_trampoline<>(SB) + +TEXT libc_kill_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_kill(SB) +GLOBL ·libc_kill_trampoline_addr(SB), RODATA, $8 +DATA ·libc_kill_trampoline_addr(SB)/8, $libc_kill_trampoline<>(SB) + +TEXT libc_kqueue_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_kqueue(SB) +GLOBL ·libc_kqueue_trampoline_addr(SB), RODATA, $8 +DATA ·libc_kqueue_trampoline_addr(SB)/8, $libc_kqueue_trampoline<>(SB) + +TEXT libc_lchown_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_lchown(SB) +GLOBL ·libc_lchown_trampoline_addr(SB), RODATA, $8 +DATA ·libc_lchown_trampoline_addr(SB)/8, $libc_lchown_trampoline<>(SB) + +TEXT libc_link_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_link(SB) +GLOBL ·libc_link_trampoline_addr(SB), RODATA, $8 +DATA ·libc_link_trampoline_addr(SB)/8, $libc_link_trampoline<>(SB) + +TEXT libc_linkat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_linkat(SB) +GLOBL ·libc_linkat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_linkat_trampoline_addr(SB)/8, $libc_linkat_trampoline<>(SB) + +TEXT libc_listen_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_listen(SB) +GLOBL ·libc_listen_trampoline_addr(SB), RODATA, $8 +DATA ·libc_listen_trampoline_addr(SB)/8, $libc_listen_trampoline<>(SB) + +TEXT libc_lstat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_lstat(SB) +GLOBL ·libc_lstat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_lstat_trampoline_addr(SB)/8, $libc_lstat_trampoline<>(SB) + +TEXT libc_mkdir_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_mkdir(SB) +GLOBL ·libc_mkdir_trampoline_addr(SB), RODATA, $8 +DATA ·libc_mkdir_trampoline_addr(SB)/8, $libc_mkdir_trampoline<>(SB) + +TEXT libc_mkdirat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_mkdirat(SB) +GLOBL ·libc_mkdirat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_mkdirat_trampoline_addr(SB)/8, $libc_mkdirat_trampoline<>(SB) + +TEXT libc_mkfifo_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_mkfifo(SB) +GLOBL ·libc_mkfifo_trampoline_addr(SB), RODATA, $8 +DATA ·libc_mkfifo_trampoline_addr(SB)/8, $libc_mkfifo_trampoline<>(SB) + +TEXT libc_mkfifoat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_mkfifoat(SB) +GLOBL ·libc_mkfifoat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_mkfifoat_trampoline_addr(SB)/8, $libc_mkfifoat_trampoline<>(SB) + +TEXT libc_mknod_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_mknod(SB) +GLOBL ·libc_mknod_trampoline_addr(SB), RODATA, $8 +DATA ·libc_mknod_trampoline_addr(SB)/8, $libc_mknod_trampoline<>(SB) + +TEXT libc_mknodat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_mknodat(SB) +GLOBL ·libc_mknodat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_mknodat_trampoline_addr(SB)/8, $libc_mknodat_trampoline<>(SB) + +TEXT libc_nanosleep_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_nanosleep(SB) +GLOBL ·libc_nanosleep_trampoline_addr(SB), RODATA, $8 +DATA ·libc_nanosleep_trampoline_addr(SB)/8, $libc_nanosleep_trampoline<>(SB) + +TEXT libc_open_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_open(SB) +GLOBL ·libc_open_trampoline_addr(SB), RODATA, $8 +DATA ·libc_open_trampoline_addr(SB)/8, $libc_open_trampoline<>(SB) + +TEXT libc_openat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_openat(SB) +GLOBL ·libc_openat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_openat_trampoline_addr(SB)/8, $libc_openat_trampoline<>(SB) + +TEXT libc_pathconf_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_pathconf(SB) +GLOBL ·libc_pathconf_trampoline_addr(SB), RODATA, $8 +DATA ·libc_pathconf_trampoline_addr(SB)/8, $libc_pathconf_trampoline<>(SB) + +TEXT libc_pread_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_pread(SB) +GLOBL ·libc_pread_trampoline_addr(SB), RODATA, $8 +DATA ·libc_pread_trampoline_addr(SB)/8, $libc_pread_trampoline<>(SB) + +TEXT libc_pwrite_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_pwrite(SB) +GLOBL ·libc_pwrite_trampoline_addr(SB), RODATA, $8 +DATA ·libc_pwrite_trampoline_addr(SB)/8, $libc_pwrite_trampoline<>(SB) + +TEXT libc_read_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_read(SB) +GLOBL ·libc_read_trampoline_addr(SB), RODATA, $8 +DATA ·libc_read_trampoline_addr(SB)/8, $libc_read_trampoline<>(SB) + +TEXT libc_readlink_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_readlink(SB) +GLOBL ·libc_readlink_trampoline_addr(SB), RODATA, $8 +DATA ·libc_readlink_trampoline_addr(SB)/8, $libc_readlink_trampoline<>(SB) + +TEXT libc_readlinkat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_readlinkat(SB) +GLOBL ·libc_readlinkat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_readlinkat_trampoline_addr(SB)/8, $libc_readlinkat_trampoline<>(SB) + +TEXT libc_rename_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_rename(SB) +GLOBL ·libc_rename_trampoline_addr(SB), RODATA, $8 +DATA ·libc_rename_trampoline_addr(SB)/8, $libc_rename_trampoline<>(SB) + +TEXT libc_renameat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_renameat(SB) +GLOBL ·libc_renameat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_renameat_trampoline_addr(SB)/8, $libc_renameat_trampoline<>(SB) + +TEXT libc_revoke_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_revoke(SB) +GLOBL ·libc_revoke_trampoline_addr(SB), RODATA, $8 +DATA ·libc_revoke_trampoline_addr(SB)/8, $libc_revoke_trampoline<>(SB) + +TEXT libc_rmdir_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_rmdir(SB) +GLOBL ·libc_rmdir_trampoline_addr(SB), RODATA, $8 +DATA ·libc_rmdir_trampoline_addr(SB)/8, $libc_rmdir_trampoline<>(SB) + +TEXT libc_lseek_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_lseek(SB) +GLOBL ·libc_lseek_trampoline_addr(SB), RODATA, $8 +DATA ·libc_lseek_trampoline_addr(SB)/8, $libc_lseek_trampoline<>(SB) + +TEXT libc_select_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_select(SB) +GLOBL ·libc_select_trampoline_addr(SB), RODATA, $8 +DATA ·libc_select_trampoline_addr(SB)/8, $libc_select_trampoline<>(SB) + +TEXT libc_setegid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setegid(SB) +GLOBL ·libc_setegid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setegid_trampoline_addr(SB)/8, $libc_setegid_trampoline<>(SB) + +TEXT libc_seteuid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_seteuid(SB) +GLOBL ·libc_seteuid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_seteuid_trampoline_addr(SB)/8, $libc_seteuid_trampoline<>(SB) + +TEXT libc_setgid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setgid(SB) +GLOBL ·libc_setgid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setgid_trampoline_addr(SB)/8, $libc_setgid_trampoline<>(SB) + +TEXT libc_setlogin_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setlogin(SB) +GLOBL ·libc_setlogin_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setlogin_trampoline_addr(SB)/8, $libc_setlogin_trampoline<>(SB) + +TEXT libc_setpgid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setpgid(SB) +GLOBL ·libc_setpgid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setpgid_trampoline_addr(SB)/8, $libc_setpgid_trampoline<>(SB) + +TEXT libc_setpriority_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setpriority(SB) +GLOBL ·libc_setpriority_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setpriority_trampoline_addr(SB)/8, $libc_setpriority_trampoline<>(SB) + +TEXT libc_setregid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setregid(SB) +GLOBL ·libc_setregid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setregid_trampoline_addr(SB)/8, $libc_setregid_trampoline<>(SB) + +TEXT libc_setreuid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setreuid(SB) +GLOBL ·libc_setreuid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setreuid_trampoline_addr(SB)/8, $libc_setreuid_trampoline<>(SB) + +TEXT libc_setresgid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setresgid(SB) +GLOBL ·libc_setresgid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setresgid_trampoline_addr(SB)/8, $libc_setresgid_trampoline<>(SB) + +TEXT libc_setresuid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setresuid(SB) +GLOBL ·libc_setresuid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setresuid_trampoline_addr(SB)/8, $libc_setresuid_trampoline<>(SB) + +TEXT libc_setrlimit_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setrlimit(SB) +GLOBL ·libc_setrlimit_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setrlimit_trampoline_addr(SB)/8, $libc_setrlimit_trampoline<>(SB) + +TEXT libc_setrtable_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setrtable(SB) +GLOBL ·libc_setrtable_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setrtable_trampoline_addr(SB)/8, $libc_setrtable_trampoline<>(SB) + +TEXT libc_setsid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setsid(SB) +GLOBL ·libc_setsid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setsid_trampoline_addr(SB)/8, $libc_setsid_trampoline<>(SB) + +TEXT libc_settimeofday_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_settimeofday(SB) +GLOBL ·libc_settimeofday_trampoline_addr(SB), RODATA, $8 +DATA ·libc_settimeofday_trampoline_addr(SB)/8, $libc_settimeofday_trampoline<>(SB) + +TEXT libc_setuid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setuid(SB) +GLOBL ·libc_setuid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setuid_trampoline_addr(SB)/8, $libc_setuid_trampoline<>(SB) + +TEXT libc_stat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_stat(SB) +GLOBL ·libc_stat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_stat_trampoline_addr(SB)/8, $libc_stat_trampoline<>(SB) + +TEXT libc_statfs_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_statfs(SB) +GLOBL ·libc_statfs_trampoline_addr(SB), RODATA, $8 +DATA ·libc_statfs_trampoline_addr(SB)/8, $libc_statfs_trampoline<>(SB) + +TEXT libc_symlink_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_symlink(SB) +GLOBL ·libc_symlink_trampoline_addr(SB), RODATA, $8 +DATA ·libc_symlink_trampoline_addr(SB)/8, $libc_symlink_trampoline<>(SB) + +TEXT libc_symlinkat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_symlinkat(SB) +GLOBL ·libc_symlinkat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_symlinkat_trampoline_addr(SB)/8, $libc_symlinkat_trampoline<>(SB) + +TEXT libc_sync_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_sync(SB) +GLOBL ·libc_sync_trampoline_addr(SB), RODATA, $8 +DATA ·libc_sync_trampoline_addr(SB)/8, $libc_sync_trampoline<>(SB) + +TEXT libc_truncate_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_truncate(SB) +GLOBL ·libc_truncate_trampoline_addr(SB), RODATA, $8 +DATA ·libc_truncate_trampoline_addr(SB)/8, $libc_truncate_trampoline<>(SB) + +TEXT libc_umask_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_umask(SB) +GLOBL ·libc_umask_trampoline_addr(SB), RODATA, $8 +DATA ·libc_umask_trampoline_addr(SB)/8, $libc_umask_trampoline<>(SB) + +TEXT libc_unlink_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_unlink(SB) +GLOBL ·libc_unlink_trampoline_addr(SB), RODATA, $8 +DATA ·libc_unlink_trampoline_addr(SB)/8, $libc_unlink_trampoline<>(SB) + +TEXT libc_unlinkat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_unlinkat(SB) +GLOBL ·libc_unlinkat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_unlinkat_trampoline_addr(SB)/8, $libc_unlinkat_trampoline<>(SB) + +TEXT libc_unmount_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_unmount(SB) +GLOBL ·libc_unmount_trampoline_addr(SB), RODATA, $8 +DATA ·libc_unmount_trampoline_addr(SB)/8, $libc_unmount_trampoline<>(SB) + +TEXT libc_write_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_write(SB) +GLOBL ·libc_write_trampoline_addr(SB), RODATA, $8 +DATA ·libc_write_trampoline_addr(SB)/8, $libc_write_trampoline<>(SB) + +TEXT libc_mmap_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_mmap(SB) +GLOBL ·libc_mmap_trampoline_addr(SB), RODATA, $8 +DATA ·libc_mmap_trampoline_addr(SB)/8, $libc_mmap_trampoline<>(SB) + +TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_munmap(SB) +GLOBL ·libc_munmap_trampoline_addr(SB), RODATA, $8 +DATA ·libc_munmap_trampoline_addr(SB)/8, $libc_munmap_trampoline<>(SB) + +TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_utimensat(SB) +GLOBL ·libc_utimensat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_utimensat_trampoline_addr(SB)/8, $libc_utimensat_trampoline<>(SB) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go index c85de2d9766..330cf7f7ac6 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go @@ -696,6 +696,20 @@ var libc_chroot_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ClockGettime(clockid int32, time *Timespec) (err error) { + _, _, e1 := syscall_syscall(libc_clock_gettime_trampoline_addr, uintptr(clockid), uintptr(unsafe.Pointer(time)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_clock_gettime_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_clock_gettime clock_gettime "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func Close(fd int) (err error) { _, _, e1 := syscall_syscall(libc_close_trampoline_addr, uintptr(fd), 0, 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s index 7c9223b6418..4028255b0d5 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s @@ -249,6 +249,12 @@ TEXT libc_chroot_trampoline<>(SB),NOSPLIT,$0-0 GLOBL ·libc_chroot_trampoline_addr(SB), RODATA, $8 DATA ·libc_chroot_trampoline_addr(SB)/8, $libc_chroot_trampoline<>(SB) +TEXT libc_clock_gettime_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_clock_gettime(SB) + RET +GLOBL ·libc_clock_gettime_trampoline_addr(SB), RODATA, $8 +DATA ·libc_clock_gettime_trampoline_addr(SB)/8, $libc_clock_gettime_trampoline<>(SB) + TEXT libc_close_trampoline<>(SB),NOSPLIT,$0-0 CALL libc_close(SB) RET diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go index 8e3e7873f89..5f24de0d9d7 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go @@ -696,6 +696,20 @@ var libc_chroot_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ClockGettime(clockid int32, time *Timespec) (err error) { + _, _, e1 := syscall_syscall(libc_clock_gettime_trampoline_addr, uintptr(clockid), uintptr(unsafe.Pointer(time)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_clock_gettime_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_clock_gettime clock_gettime "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func Close(fd int) (err error) { _, _, e1 := syscall_syscall(libc_close_trampoline_addr, uintptr(fd), 0, 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s index 7dba789271c..e1fbd4dfa8c 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s @@ -5,792 +5,665 @@ TEXT libc_getgroups_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getgroups(SB) - GLOBL ·libc_getgroups_trampoline_addr(SB), RODATA, $8 DATA ·libc_getgroups_trampoline_addr(SB)/8, $libc_getgroups_trampoline<>(SB) TEXT libc_setgroups_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setgroups(SB) - GLOBL ·libc_setgroups_trampoline_addr(SB), RODATA, $8 DATA ·libc_setgroups_trampoline_addr(SB)/8, $libc_setgroups_trampoline<>(SB) TEXT libc_wait4_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_wait4(SB) - GLOBL ·libc_wait4_trampoline_addr(SB), RODATA, $8 DATA ·libc_wait4_trampoline_addr(SB)/8, $libc_wait4_trampoline<>(SB) TEXT libc_accept_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_accept(SB) - GLOBL ·libc_accept_trampoline_addr(SB), RODATA, $8 DATA ·libc_accept_trampoline_addr(SB)/8, $libc_accept_trampoline<>(SB) TEXT libc_bind_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_bind(SB) - GLOBL ·libc_bind_trampoline_addr(SB), RODATA, $8 DATA ·libc_bind_trampoline_addr(SB)/8, $libc_bind_trampoline<>(SB) TEXT libc_connect_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_connect(SB) - GLOBL ·libc_connect_trampoline_addr(SB), RODATA, $8 DATA ·libc_connect_trampoline_addr(SB)/8, $libc_connect_trampoline<>(SB) TEXT libc_socket_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_socket(SB) - GLOBL ·libc_socket_trampoline_addr(SB), RODATA, $8 DATA ·libc_socket_trampoline_addr(SB)/8, $libc_socket_trampoline<>(SB) TEXT libc_getsockopt_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getsockopt(SB) - GLOBL ·libc_getsockopt_trampoline_addr(SB), RODATA, $8 DATA ·libc_getsockopt_trampoline_addr(SB)/8, $libc_getsockopt_trampoline<>(SB) TEXT libc_setsockopt_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setsockopt(SB) - GLOBL ·libc_setsockopt_trampoline_addr(SB), RODATA, $8 DATA ·libc_setsockopt_trampoline_addr(SB)/8, $libc_setsockopt_trampoline<>(SB) TEXT libc_getpeername_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getpeername(SB) - GLOBL ·libc_getpeername_trampoline_addr(SB), RODATA, $8 DATA ·libc_getpeername_trampoline_addr(SB)/8, $libc_getpeername_trampoline<>(SB) TEXT libc_getsockname_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getsockname(SB) - GLOBL ·libc_getsockname_trampoline_addr(SB), RODATA, $8 DATA ·libc_getsockname_trampoline_addr(SB)/8, $libc_getsockname_trampoline<>(SB) TEXT libc_shutdown_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_shutdown(SB) - GLOBL ·libc_shutdown_trampoline_addr(SB), RODATA, $8 DATA ·libc_shutdown_trampoline_addr(SB)/8, $libc_shutdown_trampoline<>(SB) TEXT libc_socketpair_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_socketpair(SB) - GLOBL ·libc_socketpair_trampoline_addr(SB), RODATA, $8 DATA ·libc_socketpair_trampoline_addr(SB)/8, $libc_socketpair_trampoline<>(SB) TEXT libc_recvfrom_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_recvfrom(SB) - GLOBL ·libc_recvfrom_trampoline_addr(SB), RODATA, $8 DATA ·libc_recvfrom_trampoline_addr(SB)/8, $libc_recvfrom_trampoline<>(SB) TEXT libc_sendto_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_sendto(SB) - GLOBL ·libc_sendto_trampoline_addr(SB), RODATA, $8 DATA ·libc_sendto_trampoline_addr(SB)/8, $libc_sendto_trampoline<>(SB) TEXT libc_recvmsg_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_recvmsg(SB) - GLOBL ·libc_recvmsg_trampoline_addr(SB), RODATA, $8 DATA ·libc_recvmsg_trampoline_addr(SB)/8, $libc_recvmsg_trampoline<>(SB) TEXT libc_sendmsg_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_sendmsg(SB) - GLOBL ·libc_sendmsg_trampoline_addr(SB), RODATA, $8 DATA ·libc_sendmsg_trampoline_addr(SB)/8, $libc_sendmsg_trampoline<>(SB) TEXT libc_kevent_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_kevent(SB) - GLOBL ·libc_kevent_trampoline_addr(SB), RODATA, $8 DATA ·libc_kevent_trampoline_addr(SB)/8, $libc_kevent_trampoline<>(SB) TEXT libc_utimes_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_utimes(SB) - GLOBL ·libc_utimes_trampoline_addr(SB), RODATA, $8 DATA ·libc_utimes_trampoline_addr(SB)/8, $libc_utimes_trampoline<>(SB) TEXT libc_futimes_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_futimes(SB) - GLOBL ·libc_futimes_trampoline_addr(SB), RODATA, $8 DATA ·libc_futimes_trampoline_addr(SB)/8, $libc_futimes_trampoline<>(SB) TEXT libc_poll_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_poll(SB) - GLOBL ·libc_poll_trampoline_addr(SB), RODATA, $8 DATA ·libc_poll_trampoline_addr(SB)/8, $libc_poll_trampoline<>(SB) TEXT libc_madvise_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_madvise(SB) - GLOBL ·libc_madvise_trampoline_addr(SB), RODATA, $8 DATA ·libc_madvise_trampoline_addr(SB)/8, $libc_madvise_trampoline<>(SB) TEXT libc_mlock_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_mlock(SB) - GLOBL ·libc_mlock_trampoline_addr(SB), RODATA, $8 DATA ·libc_mlock_trampoline_addr(SB)/8, $libc_mlock_trampoline<>(SB) TEXT libc_mlockall_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_mlockall(SB) - GLOBL ·libc_mlockall_trampoline_addr(SB), RODATA, $8 DATA ·libc_mlockall_trampoline_addr(SB)/8, $libc_mlockall_trampoline<>(SB) TEXT libc_mprotect_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_mprotect(SB) - GLOBL ·libc_mprotect_trampoline_addr(SB), RODATA, $8 DATA ·libc_mprotect_trampoline_addr(SB)/8, $libc_mprotect_trampoline<>(SB) TEXT libc_msync_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_msync(SB) - GLOBL ·libc_msync_trampoline_addr(SB), RODATA, $8 DATA ·libc_msync_trampoline_addr(SB)/8, $libc_msync_trampoline<>(SB) TEXT libc_munlock_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_munlock(SB) - GLOBL ·libc_munlock_trampoline_addr(SB), RODATA, $8 DATA ·libc_munlock_trampoline_addr(SB)/8, $libc_munlock_trampoline<>(SB) TEXT libc_munlockall_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_munlockall(SB) - GLOBL ·libc_munlockall_trampoline_addr(SB), RODATA, $8 DATA ·libc_munlockall_trampoline_addr(SB)/8, $libc_munlockall_trampoline<>(SB) TEXT libc_pipe2_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_pipe2(SB) - GLOBL ·libc_pipe2_trampoline_addr(SB), RODATA, $8 DATA ·libc_pipe2_trampoline_addr(SB)/8, $libc_pipe2_trampoline<>(SB) TEXT libc_getdents_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getdents(SB) - GLOBL ·libc_getdents_trampoline_addr(SB), RODATA, $8 DATA ·libc_getdents_trampoline_addr(SB)/8, $libc_getdents_trampoline<>(SB) TEXT libc_getcwd_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getcwd(SB) - GLOBL ·libc_getcwd_trampoline_addr(SB), RODATA, $8 DATA ·libc_getcwd_trampoline_addr(SB)/8, $libc_getcwd_trampoline<>(SB) TEXT libc_ioctl_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_ioctl(SB) - GLOBL ·libc_ioctl_trampoline_addr(SB), RODATA, $8 DATA ·libc_ioctl_trampoline_addr(SB)/8, $libc_ioctl_trampoline<>(SB) TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_sysctl(SB) - GLOBL ·libc_sysctl_trampoline_addr(SB), RODATA, $8 DATA ·libc_sysctl_trampoline_addr(SB)/8, $libc_sysctl_trampoline<>(SB) TEXT libc_ppoll_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_ppoll(SB) - GLOBL ·libc_ppoll_trampoline_addr(SB), RODATA, $8 DATA ·libc_ppoll_trampoline_addr(SB)/8, $libc_ppoll_trampoline<>(SB) TEXT libc_access_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_access(SB) - GLOBL ·libc_access_trampoline_addr(SB), RODATA, $8 DATA ·libc_access_trampoline_addr(SB)/8, $libc_access_trampoline<>(SB) TEXT libc_adjtime_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_adjtime(SB) - GLOBL ·libc_adjtime_trampoline_addr(SB), RODATA, $8 DATA ·libc_adjtime_trampoline_addr(SB)/8, $libc_adjtime_trampoline<>(SB) TEXT libc_chdir_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_chdir(SB) - GLOBL ·libc_chdir_trampoline_addr(SB), RODATA, $8 DATA ·libc_chdir_trampoline_addr(SB)/8, $libc_chdir_trampoline<>(SB) TEXT libc_chflags_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_chflags(SB) - GLOBL ·libc_chflags_trampoline_addr(SB), RODATA, $8 DATA ·libc_chflags_trampoline_addr(SB)/8, $libc_chflags_trampoline<>(SB) TEXT libc_chmod_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_chmod(SB) - GLOBL ·libc_chmod_trampoline_addr(SB), RODATA, $8 DATA ·libc_chmod_trampoline_addr(SB)/8, $libc_chmod_trampoline<>(SB) TEXT libc_chown_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_chown(SB) - GLOBL ·libc_chown_trampoline_addr(SB), RODATA, $8 DATA ·libc_chown_trampoline_addr(SB)/8, $libc_chown_trampoline<>(SB) TEXT libc_chroot_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_chroot(SB) - GLOBL ·libc_chroot_trampoline_addr(SB), RODATA, $8 DATA ·libc_chroot_trampoline_addr(SB)/8, $libc_chroot_trampoline<>(SB) +TEXT libc_clock_gettime_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_clock_gettime(SB) +GLOBL ·libc_clock_gettime_trampoline_addr(SB), RODATA, $8 +DATA ·libc_clock_gettime_trampoline_addr(SB)/8, $libc_clock_gettime_trampoline<>(SB) + TEXT libc_close_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_close(SB) - GLOBL ·libc_close_trampoline_addr(SB), RODATA, $8 DATA ·libc_close_trampoline_addr(SB)/8, $libc_close_trampoline<>(SB) TEXT libc_dup_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_dup(SB) - GLOBL ·libc_dup_trampoline_addr(SB), RODATA, $8 DATA ·libc_dup_trampoline_addr(SB)/8, $libc_dup_trampoline<>(SB) TEXT libc_dup2_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_dup2(SB) - GLOBL ·libc_dup2_trampoline_addr(SB), RODATA, $8 DATA ·libc_dup2_trampoline_addr(SB)/8, $libc_dup2_trampoline<>(SB) TEXT libc_dup3_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_dup3(SB) - GLOBL ·libc_dup3_trampoline_addr(SB), RODATA, $8 DATA ·libc_dup3_trampoline_addr(SB)/8, $libc_dup3_trampoline<>(SB) TEXT libc_exit_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_exit(SB) - GLOBL ·libc_exit_trampoline_addr(SB), RODATA, $8 DATA ·libc_exit_trampoline_addr(SB)/8, $libc_exit_trampoline<>(SB) TEXT libc_faccessat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_faccessat(SB) - GLOBL ·libc_faccessat_trampoline_addr(SB), RODATA, $8 DATA ·libc_faccessat_trampoline_addr(SB)/8, $libc_faccessat_trampoline<>(SB) TEXT libc_fchdir_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fchdir(SB) - GLOBL ·libc_fchdir_trampoline_addr(SB), RODATA, $8 DATA ·libc_fchdir_trampoline_addr(SB)/8, $libc_fchdir_trampoline<>(SB) TEXT libc_fchflags_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fchflags(SB) - GLOBL ·libc_fchflags_trampoline_addr(SB), RODATA, $8 DATA ·libc_fchflags_trampoline_addr(SB)/8, $libc_fchflags_trampoline<>(SB) TEXT libc_fchmod_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fchmod(SB) - GLOBL ·libc_fchmod_trampoline_addr(SB), RODATA, $8 DATA ·libc_fchmod_trampoline_addr(SB)/8, $libc_fchmod_trampoline<>(SB) TEXT libc_fchmodat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fchmodat(SB) - GLOBL ·libc_fchmodat_trampoline_addr(SB), RODATA, $8 DATA ·libc_fchmodat_trampoline_addr(SB)/8, $libc_fchmodat_trampoline<>(SB) TEXT libc_fchown_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fchown(SB) - GLOBL ·libc_fchown_trampoline_addr(SB), RODATA, $8 DATA ·libc_fchown_trampoline_addr(SB)/8, $libc_fchown_trampoline<>(SB) TEXT libc_fchownat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fchownat(SB) - GLOBL ·libc_fchownat_trampoline_addr(SB), RODATA, $8 DATA ·libc_fchownat_trampoline_addr(SB)/8, $libc_fchownat_trampoline<>(SB) TEXT libc_flock_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_flock(SB) - GLOBL ·libc_flock_trampoline_addr(SB), RODATA, $8 DATA ·libc_flock_trampoline_addr(SB)/8, $libc_flock_trampoline<>(SB) TEXT libc_fpathconf_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fpathconf(SB) - GLOBL ·libc_fpathconf_trampoline_addr(SB), RODATA, $8 DATA ·libc_fpathconf_trampoline_addr(SB)/8, $libc_fpathconf_trampoline<>(SB) TEXT libc_fstat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fstat(SB) - GLOBL ·libc_fstat_trampoline_addr(SB), RODATA, $8 DATA ·libc_fstat_trampoline_addr(SB)/8, $libc_fstat_trampoline<>(SB) TEXT libc_fstatat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fstatat(SB) - GLOBL ·libc_fstatat_trampoline_addr(SB), RODATA, $8 DATA ·libc_fstatat_trampoline_addr(SB)/8, $libc_fstatat_trampoline<>(SB) TEXT libc_fstatfs_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fstatfs(SB) - GLOBL ·libc_fstatfs_trampoline_addr(SB), RODATA, $8 DATA ·libc_fstatfs_trampoline_addr(SB)/8, $libc_fstatfs_trampoline<>(SB) TEXT libc_fsync_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fsync(SB) - GLOBL ·libc_fsync_trampoline_addr(SB), RODATA, $8 DATA ·libc_fsync_trampoline_addr(SB)/8, $libc_fsync_trampoline<>(SB) TEXT libc_ftruncate_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_ftruncate(SB) - GLOBL ·libc_ftruncate_trampoline_addr(SB), RODATA, $8 DATA ·libc_ftruncate_trampoline_addr(SB)/8, $libc_ftruncate_trampoline<>(SB) TEXT libc_getegid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getegid(SB) - GLOBL ·libc_getegid_trampoline_addr(SB), RODATA, $8 DATA ·libc_getegid_trampoline_addr(SB)/8, $libc_getegid_trampoline<>(SB) TEXT libc_geteuid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_geteuid(SB) - GLOBL ·libc_geteuid_trampoline_addr(SB), RODATA, $8 DATA ·libc_geteuid_trampoline_addr(SB)/8, $libc_geteuid_trampoline<>(SB) TEXT libc_getgid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getgid(SB) - GLOBL ·libc_getgid_trampoline_addr(SB), RODATA, $8 DATA ·libc_getgid_trampoline_addr(SB)/8, $libc_getgid_trampoline<>(SB) TEXT libc_getpgid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getpgid(SB) - GLOBL ·libc_getpgid_trampoline_addr(SB), RODATA, $8 DATA ·libc_getpgid_trampoline_addr(SB)/8, $libc_getpgid_trampoline<>(SB) TEXT libc_getpgrp_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getpgrp(SB) - GLOBL ·libc_getpgrp_trampoline_addr(SB), RODATA, $8 DATA ·libc_getpgrp_trampoline_addr(SB)/8, $libc_getpgrp_trampoline<>(SB) TEXT libc_getpid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getpid(SB) - GLOBL ·libc_getpid_trampoline_addr(SB), RODATA, $8 DATA ·libc_getpid_trampoline_addr(SB)/8, $libc_getpid_trampoline<>(SB) TEXT libc_getppid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getppid(SB) - GLOBL ·libc_getppid_trampoline_addr(SB), RODATA, $8 DATA ·libc_getppid_trampoline_addr(SB)/8, $libc_getppid_trampoline<>(SB) TEXT libc_getpriority_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getpriority(SB) - GLOBL ·libc_getpriority_trampoline_addr(SB), RODATA, $8 DATA ·libc_getpriority_trampoline_addr(SB)/8, $libc_getpriority_trampoline<>(SB) TEXT libc_getrlimit_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getrlimit(SB) - GLOBL ·libc_getrlimit_trampoline_addr(SB), RODATA, $8 DATA ·libc_getrlimit_trampoline_addr(SB)/8, $libc_getrlimit_trampoline<>(SB) TEXT libc_getrtable_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getrtable(SB) - GLOBL ·libc_getrtable_trampoline_addr(SB), RODATA, $8 DATA ·libc_getrtable_trampoline_addr(SB)/8, $libc_getrtable_trampoline<>(SB) TEXT libc_getrusage_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getrusage(SB) - GLOBL ·libc_getrusage_trampoline_addr(SB), RODATA, $8 DATA ·libc_getrusage_trampoline_addr(SB)/8, $libc_getrusage_trampoline<>(SB) TEXT libc_getsid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getsid(SB) - GLOBL ·libc_getsid_trampoline_addr(SB), RODATA, $8 DATA ·libc_getsid_trampoline_addr(SB)/8, $libc_getsid_trampoline<>(SB) TEXT libc_gettimeofday_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_gettimeofday(SB) - GLOBL ·libc_gettimeofday_trampoline_addr(SB), RODATA, $8 DATA ·libc_gettimeofday_trampoline_addr(SB)/8, $libc_gettimeofday_trampoline<>(SB) TEXT libc_getuid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getuid(SB) - GLOBL ·libc_getuid_trampoline_addr(SB), RODATA, $8 DATA ·libc_getuid_trampoline_addr(SB)/8, $libc_getuid_trampoline<>(SB) TEXT libc_issetugid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_issetugid(SB) - GLOBL ·libc_issetugid_trampoline_addr(SB), RODATA, $8 DATA ·libc_issetugid_trampoline_addr(SB)/8, $libc_issetugid_trampoline<>(SB) TEXT libc_kill_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_kill(SB) - GLOBL ·libc_kill_trampoline_addr(SB), RODATA, $8 DATA ·libc_kill_trampoline_addr(SB)/8, $libc_kill_trampoline<>(SB) TEXT libc_kqueue_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_kqueue(SB) - GLOBL ·libc_kqueue_trampoline_addr(SB), RODATA, $8 DATA ·libc_kqueue_trampoline_addr(SB)/8, $libc_kqueue_trampoline<>(SB) TEXT libc_lchown_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_lchown(SB) - GLOBL ·libc_lchown_trampoline_addr(SB), RODATA, $8 DATA ·libc_lchown_trampoline_addr(SB)/8, $libc_lchown_trampoline<>(SB) TEXT libc_link_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_link(SB) - GLOBL ·libc_link_trampoline_addr(SB), RODATA, $8 DATA ·libc_link_trampoline_addr(SB)/8, $libc_link_trampoline<>(SB) TEXT libc_linkat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_linkat(SB) - GLOBL ·libc_linkat_trampoline_addr(SB), RODATA, $8 DATA ·libc_linkat_trampoline_addr(SB)/8, $libc_linkat_trampoline<>(SB) TEXT libc_listen_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_listen(SB) - GLOBL ·libc_listen_trampoline_addr(SB), RODATA, $8 DATA ·libc_listen_trampoline_addr(SB)/8, $libc_listen_trampoline<>(SB) TEXT libc_lstat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_lstat(SB) - GLOBL ·libc_lstat_trampoline_addr(SB), RODATA, $8 DATA ·libc_lstat_trampoline_addr(SB)/8, $libc_lstat_trampoline<>(SB) TEXT libc_mkdir_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_mkdir(SB) - GLOBL ·libc_mkdir_trampoline_addr(SB), RODATA, $8 DATA ·libc_mkdir_trampoline_addr(SB)/8, $libc_mkdir_trampoline<>(SB) TEXT libc_mkdirat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_mkdirat(SB) - GLOBL ·libc_mkdirat_trampoline_addr(SB), RODATA, $8 DATA ·libc_mkdirat_trampoline_addr(SB)/8, $libc_mkdirat_trampoline<>(SB) TEXT libc_mkfifo_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_mkfifo(SB) - GLOBL ·libc_mkfifo_trampoline_addr(SB), RODATA, $8 DATA ·libc_mkfifo_trampoline_addr(SB)/8, $libc_mkfifo_trampoline<>(SB) TEXT libc_mkfifoat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_mkfifoat(SB) - GLOBL ·libc_mkfifoat_trampoline_addr(SB), RODATA, $8 DATA ·libc_mkfifoat_trampoline_addr(SB)/8, $libc_mkfifoat_trampoline<>(SB) TEXT libc_mknod_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_mknod(SB) - GLOBL ·libc_mknod_trampoline_addr(SB), RODATA, $8 DATA ·libc_mknod_trampoline_addr(SB)/8, $libc_mknod_trampoline<>(SB) TEXT libc_mknodat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_mknodat(SB) - GLOBL ·libc_mknodat_trampoline_addr(SB), RODATA, $8 DATA ·libc_mknodat_trampoline_addr(SB)/8, $libc_mknodat_trampoline<>(SB) TEXT libc_nanosleep_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_nanosleep(SB) - GLOBL ·libc_nanosleep_trampoline_addr(SB), RODATA, $8 DATA ·libc_nanosleep_trampoline_addr(SB)/8, $libc_nanosleep_trampoline<>(SB) TEXT libc_open_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_open(SB) - GLOBL ·libc_open_trampoline_addr(SB), RODATA, $8 DATA ·libc_open_trampoline_addr(SB)/8, $libc_open_trampoline<>(SB) TEXT libc_openat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_openat(SB) - GLOBL ·libc_openat_trampoline_addr(SB), RODATA, $8 DATA ·libc_openat_trampoline_addr(SB)/8, $libc_openat_trampoline<>(SB) TEXT libc_pathconf_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_pathconf(SB) - GLOBL ·libc_pathconf_trampoline_addr(SB), RODATA, $8 DATA ·libc_pathconf_trampoline_addr(SB)/8, $libc_pathconf_trampoline<>(SB) TEXT libc_pread_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_pread(SB) - GLOBL ·libc_pread_trampoline_addr(SB), RODATA, $8 DATA ·libc_pread_trampoline_addr(SB)/8, $libc_pread_trampoline<>(SB) TEXT libc_pwrite_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_pwrite(SB) - GLOBL ·libc_pwrite_trampoline_addr(SB), RODATA, $8 DATA ·libc_pwrite_trampoline_addr(SB)/8, $libc_pwrite_trampoline<>(SB) TEXT libc_read_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_read(SB) - GLOBL ·libc_read_trampoline_addr(SB), RODATA, $8 DATA ·libc_read_trampoline_addr(SB)/8, $libc_read_trampoline<>(SB) TEXT libc_readlink_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_readlink(SB) - GLOBL ·libc_readlink_trampoline_addr(SB), RODATA, $8 DATA ·libc_readlink_trampoline_addr(SB)/8, $libc_readlink_trampoline<>(SB) TEXT libc_readlinkat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_readlinkat(SB) - GLOBL ·libc_readlinkat_trampoline_addr(SB), RODATA, $8 DATA ·libc_readlinkat_trampoline_addr(SB)/8, $libc_readlinkat_trampoline<>(SB) TEXT libc_rename_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_rename(SB) - GLOBL ·libc_rename_trampoline_addr(SB), RODATA, $8 DATA ·libc_rename_trampoline_addr(SB)/8, $libc_rename_trampoline<>(SB) TEXT libc_renameat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_renameat(SB) - GLOBL ·libc_renameat_trampoline_addr(SB), RODATA, $8 DATA ·libc_renameat_trampoline_addr(SB)/8, $libc_renameat_trampoline<>(SB) TEXT libc_revoke_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_revoke(SB) - GLOBL ·libc_revoke_trampoline_addr(SB), RODATA, $8 DATA ·libc_revoke_trampoline_addr(SB)/8, $libc_revoke_trampoline<>(SB) TEXT libc_rmdir_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_rmdir(SB) - GLOBL ·libc_rmdir_trampoline_addr(SB), RODATA, $8 DATA ·libc_rmdir_trampoline_addr(SB)/8, $libc_rmdir_trampoline<>(SB) TEXT libc_lseek_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_lseek(SB) - GLOBL ·libc_lseek_trampoline_addr(SB), RODATA, $8 DATA ·libc_lseek_trampoline_addr(SB)/8, $libc_lseek_trampoline<>(SB) TEXT libc_select_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_select(SB) - GLOBL ·libc_select_trampoline_addr(SB), RODATA, $8 DATA ·libc_select_trampoline_addr(SB)/8, $libc_select_trampoline<>(SB) TEXT libc_setegid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setegid(SB) - GLOBL ·libc_setegid_trampoline_addr(SB), RODATA, $8 DATA ·libc_setegid_trampoline_addr(SB)/8, $libc_setegid_trampoline<>(SB) TEXT libc_seteuid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_seteuid(SB) - GLOBL ·libc_seteuid_trampoline_addr(SB), RODATA, $8 DATA ·libc_seteuid_trampoline_addr(SB)/8, $libc_seteuid_trampoline<>(SB) TEXT libc_setgid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setgid(SB) - GLOBL ·libc_setgid_trampoline_addr(SB), RODATA, $8 DATA ·libc_setgid_trampoline_addr(SB)/8, $libc_setgid_trampoline<>(SB) TEXT libc_setlogin_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setlogin(SB) - GLOBL ·libc_setlogin_trampoline_addr(SB), RODATA, $8 DATA ·libc_setlogin_trampoline_addr(SB)/8, $libc_setlogin_trampoline<>(SB) TEXT libc_setpgid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setpgid(SB) - GLOBL ·libc_setpgid_trampoline_addr(SB), RODATA, $8 DATA ·libc_setpgid_trampoline_addr(SB)/8, $libc_setpgid_trampoline<>(SB) TEXT libc_setpriority_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setpriority(SB) - GLOBL ·libc_setpriority_trampoline_addr(SB), RODATA, $8 DATA ·libc_setpriority_trampoline_addr(SB)/8, $libc_setpriority_trampoline<>(SB) TEXT libc_setregid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setregid(SB) - GLOBL ·libc_setregid_trampoline_addr(SB), RODATA, $8 DATA ·libc_setregid_trampoline_addr(SB)/8, $libc_setregid_trampoline<>(SB) TEXT libc_setreuid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setreuid(SB) - GLOBL ·libc_setreuid_trampoline_addr(SB), RODATA, $8 DATA ·libc_setreuid_trampoline_addr(SB)/8, $libc_setreuid_trampoline<>(SB) TEXT libc_setresgid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setresgid(SB) - GLOBL ·libc_setresgid_trampoline_addr(SB), RODATA, $8 DATA ·libc_setresgid_trampoline_addr(SB)/8, $libc_setresgid_trampoline<>(SB) TEXT libc_setresuid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setresuid(SB) - GLOBL ·libc_setresuid_trampoline_addr(SB), RODATA, $8 DATA ·libc_setresuid_trampoline_addr(SB)/8, $libc_setresuid_trampoline<>(SB) TEXT libc_setrlimit_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setrlimit(SB) - GLOBL ·libc_setrlimit_trampoline_addr(SB), RODATA, $8 DATA ·libc_setrlimit_trampoline_addr(SB)/8, $libc_setrlimit_trampoline<>(SB) TEXT libc_setrtable_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setrtable(SB) - GLOBL ·libc_setrtable_trampoline_addr(SB), RODATA, $8 DATA ·libc_setrtable_trampoline_addr(SB)/8, $libc_setrtable_trampoline<>(SB) TEXT libc_setsid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setsid(SB) - GLOBL ·libc_setsid_trampoline_addr(SB), RODATA, $8 DATA ·libc_setsid_trampoline_addr(SB)/8, $libc_setsid_trampoline<>(SB) TEXT libc_settimeofday_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_settimeofday(SB) - GLOBL ·libc_settimeofday_trampoline_addr(SB), RODATA, $8 DATA ·libc_settimeofday_trampoline_addr(SB)/8, $libc_settimeofday_trampoline<>(SB) TEXT libc_setuid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setuid(SB) - GLOBL ·libc_setuid_trampoline_addr(SB), RODATA, $8 DATA ·libc_setuid_trampoline_addr(SB)/8, $libc_setuid_trampoline<>(SB) TEXT libc_stat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_stat(SB) - GLOBL ·libc_stat_trampoline_addr(SB), RODATA, $8 DATA ·libc_stat_trampoline_addr(SB)/8, $libc_stat_trampoline<>(SB) TEXT libc_statfs_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_statfs(SB) - GLOBL ·libc_statfs_trampoline_addr(SB), RODATA, $8 DATA ·libc_statfs_trampoline_addr(SB)/8, $libc_statfs_trampoline<>(SB) TEXT libc_symlink_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_symlink(SB) - GLOBL ·libc_symlink_trampoline_addr(SB), RODATA, $8 DATA ·libc_symlink_trampoline_addr(SB)/8, $libc_symlink_trampoline<>(SB) TEXT libc_symlinkat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_symlinkat(SB) - GLOBL ·libc_symlinkat_trampoline_addr(SB), RODATA, $8 DATA ·libc_symlinkat_trampoline_addr(SB)/8, $libc_symlinkat_trampoline<>(SB) TEXT libc_sync_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_sync(SB) - GLOBL ·libc_sync_trampoline_addr(SB), RODATA, $8 DATA ·libc_sync_trampoline_addr(SB)/8, $libc_sync_trampoline<>(SB) TEXT libc_truncate_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_truncate(SB) - GLOBL ·libc_truncate_trampoline_addr(SB), RODATA, $8 DATA ·libc_truncate_trampoline_addr(SB)/8, $libc_truncate_trampoline<>(SB) TEXT libc_umask_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_umask(SB) - GLOBL ·libc_umask_trampoline_addr(SB), RODATA, $8 DATA ·libc_umask_trampoline_addr(SB)/8, $libc_umask_trampoline<>(SB) TEXT libc_unlink_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_unlink(SB) - GLOBL ·libc_unlink_trampoline_addr(SB), RODATA, $8 DATA ·libc_unlink_trampoline_addr(SB)/8, $libc_unlink_trampoline<>(SB) TEXT libc_unlinkat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_unlinkat(SB) - GLOBL ·libc_unlinkat_trampoline_addr(SB), RODATA, $8 DATA ·libc_unlinkat_trampoline_addr(SB)/8, $libc_unlinkat_trampoline<>(SB) TEXT libc_unmount_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_unmount(SB) - GLOBL ·libc_unmount_trampoline_addr(SB), RODATA, $8 DATA ·libc_unmount_trampoline_addr(SB)/8, $libc_unmount_trampoline<>(SB) TEXT libc_write_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_write(SB) - GLOBL ·libc_write_trampoline_addr(SB), RODATA, $8 DATA ·libc_write_trampoline_addr(SB)/8, $libc_write_trampoline<>(SB) TEXT libc_mmap_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_mmap(SB) - GLOBL ·libc_mmap_trampoline_addr(SB), RODATA, $8 DATA ·libc_mmap_trampoline_addr(SB)/8, $libc_mmap_trampoline<>(SB) TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_munmap(SB) - GLOBL ·libc_munmap_trampoline_addr(SB), RODATA, $8 DATA ·libc_munmap_trampoline_addr(SB)/8, $libc_munmap_trampoline<>(SB) TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_utimensat(SB) - GLOBL ·libc_utimensat_trampoline_addr(SB), RODATA, $8 DATA ·libc_utimensat_trampoline_addr(SB)/8, $libc_utimensat_trampoline<>(SB) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go index 91f5a2bde28..78d4a4240e9 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go @@ -38,6 +38,7 @@ import ( //go:cgo_import_dynamic libc_chmod chmod "libc.so" //go:cgo_import_dynamic libc_chown chown "libc.so" //go:cgo_import_dynamic libc_chroot chroot "libc.so" +//go:cgo_import_dynamic libc_clockgettime clockgettime "libc.so" //go:cgo_import_dynamic libc_close close "libc.so" //go:cgo_import_dynamic libc_creat creat "libc.so" //go:cgo_import_dynamic libc_dup dup "libc.so" @@ -177,6 +178,7 @@ import ( //go:linkname procChmod libc_chmod //go:linkname procChown libc_chown //go:linkname procChroot libc_chroot +//go:linkname procClockGettime libc_clockgettime //go:linkname procClose libc_close //go:linkname procCreat libc_creat //go:linkname procDup libc_dup @@ -317,6 +319,7 @@ var ( procChmod, procChown, procChroot, + procClockGettime, procClose, procCreat, procDup, @@ -750,6 +753,16 @@ func Chroot(path string) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ClockGettime(clockid int32, time *Timespec) (err error) { + _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procClockGettime)), 2, uintptr(clockid), uintptr(unsafe.Pointer(time)), 0, 0, 0, 0) + if e1 != 0 { + err = e1 + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func Close(fd int) (err error) { _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procClose)), 1, uintptr(fd), 0, 0, 0, 0, 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_386.go b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_386.go index 9e9d0b2a9c4..55e0484719c 100644 --- a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_386.go +++ b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_386.go @@ -17,6 +17,7 @@ var sysctlMib = []mibentry{ {"ddb.max_line", []_C_int{9, 3}}, {"ddb.max_width", []_C_int{9, 2}}, {"ddb.panic", []_C_int{9, 5}}, + {"ddb.profile", []_C_int{9, 9}}, {"ddb.radix", []_C_int{9, 1}}, {"ddb.tab_stop_width", []_C_int{9, 4}}, {"ddb.trigger", []_C_int{9, 8}}, @@ -33,29 +34,37 @@ var sysctlMib = []mibentry{ {"hw.ncpufound", []_C_int{6, 21}}, {"hw.ncpuonline", []_C_int{6, 25}}, {"hw.pagesize", []_C_int{6, 7}}, + {"hw.perfpolicy", []_C_int{6, 23}}, {"hw.physmem", []_C_int{6, 19}}, + {"hw.power", []_C_int{6, 26}}, {"hw.product", []_C_int{6, 15}}, {"hw.serialno", []_C_int{6, 17}}, {"hw.setperf", []_C_int{6, 13}}, + {"hw.smt", []_C_int{6, 24}}, {"hw.usermem", []_C_int{6, 20}}, {"hw.uuid", []_C_int{6, 18}}, {"hw.vendor", []_C_int{6, 14}}, {"hw.version", []_C_int{6, 16}}, - {"kern.arandom", []_C_int{1, 37}}, + {"kern.allowdt", []_C_int{1, 65}}, + {"kern.allowkmem", []_C_int{1, 52}}, {"kern.argmax", []_C_int{1, 8}}, + {"kern.audio", []_C_int{1, 84}}, {"kern.boottime", []_C_int{1, 21}}, {"kern.bufcachepercent", []_C_int{1, 72}}, {"kern.ccpu", []_C_int{1, 45}}, {"kern.clockrate", []_C_int{1, 12}}, + {"kern.consbuf", []_C_int{1, 83}}, + {"kern.consbufsize", []_C_int{1, 82}}, {"kern.consdev", []_C_int{1, 75}}, {"kern.cp_time", []_C_int{1, 40}}, {"kern.cp_time2", []_C_int{1, 71}}, - {"kern.cryptodevallowsoft", []_C_int{1, 53}}, + {"kern.cpustats", []_C_int{1, 85}}, {"kern.domainname", []_C_int{1, 22}}, {"kern.file", []_C_int{1, 73}}, {"kern.forkstat", []_C_int{1, 42}}, {"kern.fscale", []_C_int{1, 46}}, {"kern.fsync", []_C_int{1, 33}}, + {"kern.global_ptrace", []_C_int{1, 81}}, {"kern.hostid", []_C_int{1, 11}}, {"kern.hostname", []_C_int{1, 10}}, {"kern.intrcnt.nintrcnt", []_C_int{1, 63, 1}}, @@ -78,17 +87,16 @@ var sysctlMib = []mibentry{ {"kern.ngroups", []_C_int{1, 18}}, {"kern.nosuidcoredump", []_C_int{1, 32}}, {"kern.nprocs", []_C_int{1, 47}}, - {"kern.nselcoll", []_C_int{1, 43}}, {"kern.nthreads", []_C_int{1, 26}}, {"kern.numvnodes", []_C_int{1, 58}}, {"kern.osrelease", []_C_int{1, 2}}, {"kern.osrevision", []_C_int{1, 3}}, {"kern.ostype", []_C_int{1, 1}}, {"kern.osversion", []_C_int{1, 27}}, + {"kern.pfstatus", []_C_int{1, 86}}, {"kern.pool_debug", []_C_int{1, 77}}, {"kern.posix1version", []_C_int{1, 17}}, {"kern.proc", []_C_int{1, 66}}, - {"kern.random", []_C_int{1, 31}}, {"kern.rawpartition", []_C_int{1, 24}}, {"kern.saved_ids", []_C_int{1, 20}}, {"kern.securelevel", []_C_int{1, 9}}, @@ -106,21 +114,20 @@ var sysctlMib = []mibentry{ {"kern.timecounter.hardware", []_C_int{1, 69, 3}}, {"kern.timecounter.tick", []_C_int{1, 69, 1}}, {"kern.timecounter.timestepwarnings", []_C_int{1, 69, 2}}, - {"kern.tty.maxptys", []_C_int{1, 44, 6}}, - {"kern.tty.nptys", []_C_int{1, 44, 7}}, + {"kern.timeout_stats", []_C_int{1, 87}}, {"kern.tty.tk_cancc", []_C_int{1, 44, 4}}, {"kern.tty.tk_nin", []_C_int{1, 44, 1}}, {"kern.tty.tk_nout", []_C_int{1, 44, 2}}, {"kern.tty.tk_rawcc", []_C_int{1, 44, 3}}, {"kern.tty.ttyinfo", []_C_int{1, 44, 5}}, {"kern.ttycount", []_C_int{1, 57}}, - {"kern.userasymcrypto", []_C_int{1, 60}}, - {"kern.usercrypto", []_C_int{1, 52}}, - {"kern.usermount", []_C_int{1, 30}}, + {"kern.utc_offset", []_C_int{1, 88}}, {"kern.version", []_C_int{1, 4}}, - {"kern.vnode", []_C_int{1, 13}}, + {"kern.video", []_C_int{1, 89}}, {"kern.watchdog.auto", []_C_int{1, 64, 2}}, {"kern.watchdog.period", []_C_int{1, 64, 1}}, + {"kern.witnesswatch", []_C_int{1, 53}}, + {"kern.wxabort", []_C_int{1, 74}}, {"net.bpf.bufsize", []_C_int{4, 31, 1}}, {"net.bpf.maxbufsize", []_C_int{4, 31, 2}}, {"net.inet.ah.enable", []_C_int{4, 2, 51, 1}}, @@ -148,7 +155,9 @@ var sysctlMib = []mibentry{ {"net.inet.icmp.stats", []_C_int{4, 2, 1, 7}}, {"net.inet.icmp.tstamprepl", []_C_int{4, 2, 1, 6}}, {"net.inet.igmp.stats", []_C_int{4, 2, 2, 1}}, + {"net.inet.ip.arpdown", []_C_int{4, 2, 0, 40}}, {"net.inet.ip.arpqueued", []_C_int{4, 2, 0, 36}}, + {"net.inet.ip.arptimeout", []_C_int{4, 2, 0, 39}}, {"net.inet.ip.encdebug", []_C_int{4, 2, 0, 12}}, {"net.inet.ip.forwarding", []_C_int{4, 2, 0, 1}}, {"net.inet.ip.ifq.congestion", []_C_int{4, 2, 0, 30, 4}}, @@ -157,8 +166,10 @@ var sysctlMib = []mibentry{ {"net.inet.ip.ifq.maxlen", []_C_int{4, 2, 0, 30, 2}}, {"net.inet.ip.maxqueue", []_C_int{4, 2, 0, 11}}, {"net.inet.ip.mforwarding", []_C_int{4, 2, 0, 31}}, + {"net.inet.ip.mrtmfc", []_C_int{4, 2, 0, 37}}, {"net.inet.ip.mrtproto", []_C_int{4, 2, 0, 34}}, {"net.inet.ip.mrtstats", []_C_int{4, 2, 0, 35}}, + {"net.inet.ip.mrtvif", []_C_int{4, 2, 0, 38}}, {"net.inet.ip.mtu", []_C_int{4, 2, 0, 4}}, {"net.inet.ip.mtudisc", []_C_int{4, 2, 0, 27}}, {"net.inet.ip.mtudisctimeout", []_C_int{4, 2, 0, 28}}, @@ -175,9 +186,7 @@ var sysctlMib = []mibentry{ {"net.inet.ipcomp.stats", []_C_int{4, 2, 108, 2}}, {"net.inet.ipip.allow", []_C_int{4, 2, 4, 1}}, {"net.inet.ipip.stats", []_C_int{4, 2, 4, 2}}, - {"net.inet.mobileip.allow", []_C_int{4, 2, 55, 1}}, {"net.inet.pfsync.stats", []_C_int{4, 2, 240, 1}}, - {"net.inet.pim.stats", []_C_int{4, 2, 103, 1}}, {"net.inet.tcp.ackonpush", []_C_int{4, 2, 6, 13}}, {"net.inet.tcp.always_keepalive", []_C_int{4, 2, 6, 22}}, {"net.inet.tcp.baddynamic", []_C_int{4, 2, 6, 6}}, @@ -191,6 +200,7 @@ var sysctlMib = []mibentry{ {"net.inet.tcp.reasslimit", []_C_int{4, 2, 6, 18}}, {"net.inet.tcp.rfc1323", []_C_int{4, 2, 6, 1}}, {"net.inet.tcp.rfc3390", []_C_int{4, 2, 6, 17}}, + {"net.inet.tcp.rootonly", []_C_int{4, 2, 6, 24}}, {"net.inet.tcp.rstppslimit", []_C_int{4, 2, 6, 12}}, {"net.inet.tcp.sack", []_C_int{4, 2, 6, 10}}, {"net.inet.tcp.sackholelimit", []_C_int{4, 2, 6, 20}}, @@ -198,9 +208,12 @@ var sysctlMib = []mibentry{ {"net.inet.tcp.stats", []_C_int{4, 2, 6, 21}}, {"net.inet.tcp.synbucketlimit", []_C_int{4, 2, 6, 16}}, {"net.inet.tcp.syncachelimit", []_C_int{4, 2, 6, 15}}, + {"net.inet.tcp.synhashsize", []_C_int{4, 2, 6, 25}}, + {"net.inet.tcp.synuselimit", []_C_int{4, 2, 6, 23}}, {"net.inet.udp.baddynamic", []_C_int{4, 2, 17, 2}}, {"net.inet.udp.checksum", []_C_int{4, 2, 17, 1}}, {"net.inet.udp.recvspace", []_C_int{4, 2, 17, 3}}, + {"net.inet.udp.rootonly", []_C_int{4, 2, 17, 6}}, {"net.inet.udp.sendspace", []_C_int{4, 2, 17, 4}}, {"net.inet.udp.stats", []_C_int{4, 2, 17, 5}}, {"net.inet6.divert.recvspace", []_C_int{4, 24, 86, 1}}, @@ -213,13 +226,8 @@ var sysctlMib = []mibentry{ {"net.inet6.icmp6.nd6_delay", []_C_int{4, 24, 30, 8}}, {"net.inet6.icmp6.nd6_maxnudhint", []_C_int{4, 24, 30, 15}}, {"net.inet6.icmp6.nd6_mmaxtries", []_C_int{4, 24, 30, 10}}, - {"net.inet6.icmp6.nd6_prune", []_C_int{4, 24, 30, 6}}, {"net.inet6.icmp6.nd6_umaxtries", []_C_int{4, 24, 30, 9}}, - {"net.inet6.icmp6.nd6_useloopback", []_C_int{4, 24, 30, 11}}, - {"net.inet6.icmp6.nodeinfo", []_C_int{4, 24, 30, 13}}, - {"net.inet6.icmp6.rediraccept", []_C_int{4, 24, 30, 2}}, {"net.inet6.icmp6.redirtimeout", []_C_int{4, 24, 30, 3}}, - {"net.inet6.ip6.accept_rtadv", []_C_int{4, 24, 17, 12}}, {"net.inet6.ip6.auto_flowlabel", []_C_int{4, 24, 17, 17}}, {"net.inet6.ip6.dad_count", []_C_int{4, 24, 17, 16}}, {"net.inet6.ip6.dad_pending", []_C_int{4, 24, 17, 49}}, @@ -232,20 +240,19 @@ var sysctlMib = []mibentry{ {"net.inet6.ip6.maxdynroutes", []_C_int{4, 24, 17, 48}}, {"net.inet6.ip6.maxfragpackets", []_C_int{4, 24, 17, 9}}, {"net.inet6.ip6.maxfrags", []_C_int{4, 24, 17, 41}}, - {"net.inet6.ip6.maxifdefrouters", []_C_int{4, 24, 17, 47}}, - {"net.inet6.ip6.maxifprefixes", []_C_int{4, 24, 17, 46}}, {"net.inet6.ip6.mforwarding", []_C_int{4, 24, 17, 42}}, + {"net.inet6.ip6.mrtmfc", []_C_int{4, 24, 17, 53}}, + {"net.inet6.ip6.mrtmif", []_C_int{4, 24, 17, 52}}, {"net.inet6.ip6.mrtproto", []_C_int{4, 24, 17, 8}}, {"net.inet6.ip6.mtudisctimeout", []_C_int{4, 24, 17, 50}}, {"net.inet6.ip6.multicast_mtudisc", []_C_int{4, 24, 17, 44}}, {"net.inet6.ip6.multipath", []_C_int{4, 24, 17, 43}}, {"net.inet6.ip6.neighborgcthresh", []_C_int{4, 24, 17, 45}}, {"net.inet6.ip6.redirect", []_C_int{4, 24, 17, 2}}, - {"net.inet6.ip6.rr_prune", []_C_int{4, 24, 17, 22}}, + {"net.inet6.ip6.soiikey", []_C_int{4, 24, 17, 54}}, {"net.inet6.ip6.sourcecheck", []_C_int{4, 24, 17, 10}}, {"net.inet6.ip6.sourcecheck_logint", []_C_int{4, 24, 17, 11}}, {"net.inet6.ip6.use_deprecated", []_C_int{4, 24, 17, 21}}, - {"net.inet6.ip6.v6only", []_C_int{4, 24, 17, 24}}, {"net.key.sadb_dump", []_C_int{4, 30, 1}}, {"net.key.spd_dump", []_C_int{4, 30, 2}}, {"net.mpls.ifq.congestion", []_C_int{4, 33, 3, 4}}, @@ -254,12 +261,12 @@ var sysctlMib = []mibentry{ {"net.mpls.ifq.maxlen", []_C_int{4, 33, 3, 2}}, {"net.mpls.mapttl_ip", []_C_int{4, 33, 5}}, {"net.mpls.mapttl_ip6", []_C_int{4, 33, 6}}, - {"net.mpls.maxloop_inkernel", []_C_int{4, 33, 4}}, {"net.mpls.ttl", []_C_int{4, 33, 2}}, {"net.pflow.stats", []_C_int{4, 34, 1}}, {"net.pipex.enable", []_C_int{4, 35, 1}}, {"vm.anonmin", []_C_int{2, 7}}, {"vm.loadavg", []_C_int{2, 2}}, + {"vm.malloc_conf", []_C_int{2, 12}}, {"vm.maxslp", []_C_int{2, 10}}, {"vm.nkmempages", []_C_int{2, 6}}, {"vm.psstrings", []_C_int{2, 3}}, diff --git a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_amd64.go b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_amd64.go index adecd09667d..d2243cf83f5 100644 --- a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_amd64.go @@ -36,23 +36,29 @@ var sysctlMib = []mibentry{ {"hw.pagesize", []_C_int{6, 7}}, {"hw.perfpolicy", []_C_int{6, 23}}, {"hw.physmem", []_C_int{6, 19}}, + {"hw.power", []_C_int{6, 26}}, {"hw.product", []_C_int{6, 15}}, {"hw.serialno", []_C_int{6, 17}}, {"hw.setperf", []_C_int{6, 13}}, + {"hw.smt", []_C_int{6, 24}}, {"hw.usermem", []_C_int{6, 20}}, {"hw.uuid", []_C_int{6, 18}}, {"hw.vendor", []_C_int{6, 14}}, {"hw.version", []_C_int{6, 16}}, + {"kern.allowdt", []_C_int{1, 65}}, {"kern.allowkmem", []_C_int{1, 52}}, {"kern.argmax", []_C_int{1, 8}}, + {"kern.audio", []_C_int{1, 84}}, {"kern.boottime", []_C_int{1, 21}}, {"kern.bufcachepercent", []_C_int{1, 72}}, {"kern.ccpu", []_C_int{1, 45}}, {"kern.clockrate", []_C_int{1, 12}}, + {"kern.consbuf", []_C_int{1, 83}}, + {"kern.consbufsize", []_C_int{1, 82}}, {"kern.consdev", []_C_int{1, 75}}, {"kern.cp_time", []_C_int{1, 40}}, {"kern.cp_time2", []_C_int{1, 71}}, - {"kern.dnsjackport", []_C_int{1, 13}}, + {"kern.cpustats", []_C_int{1, 85}}, {"kern.domainname", []_C_int{1, 22}}, {"kern.file", []_C_int{1, 73}}, {"kern.forkstat", []_C_int{1, 42}}, @@ -81,13 +87,13 @@ var sysctlMib = []mibentry{ {"kern.ngroups", []_C_int{1, 18}}, {"kern.nosuidcoredump", []_C_int{1, 32}}, {"kern.nprocs", []_C_int{1, 47}}, - {"kern.nselcoll", []_C_int{1, 43}}, {"kern.nthreads", []_C_int{1, 26}}, {"kern.numvnodes", []_C_int{1, 58}}, {"kern.osrelease", []_C_int{1, 2}}, {"kern.osrevision", []_C_int{1, 3}}, {"kern.ostype", []_C_int{1, 1}}, {"kern.osversion", []_C_int{1, 27}}, + {"kern.pfstatus", []_C_int{1, 86}}, {"kern.pool_debug", []_C_int{1, 77}}, {"kern.posix1version", []_C_int{1, 17}}, {"kern.proc", []_C_int{1, 66}}, @@ -108,15 +114,19 @@ var sysctlMib = []mibentry{ {"kern.timecounter.hardware", []_C_int{1, 69, 3}}, {"kern.timecounter.tick", []_C_int{1, 69, 1}}, {"kern.timecounter.timestepwarnings", []_C_int{1, 69, 2}}, + {"kern.timeout_stats", []_C_int{1, 87}}, {"kern.tty.tk_cancc", []_C_int{1, 44, 4}}, {"kern.tty.tk_nin", []_C_int{1, 44, 1}}, {"kern.tty.tk_nout", []_C_int{1, 44, 2}}, {"kern.tty.tk_rawcc", []_C_int{1, 44, 3}}, {"kern.tty.ttyinfo", []_C_int{1, 44, 5}}, {"kern.ttycount", []_C_int{1, 57}}, + {"kern.utc_offset", []_C_int{1, 88}}, {"kern.version", []_C_int{1, 4}}, + {"kern.video", []_C_int{1, 89}}, {"kern.watchdog.auto", []_C_int{1, 64, 2}}, {"kern.watchdog.period", []_C_int{1, 64, 1}}, + {"kern.witnesswatch", []_C_int{1, 53}}, {"kern.wxabort", []_C_int{1, 74}}, {"net.bpf.bufsize", []_C_int{4, 31, 1}}, {"net.bpf.maxbufsize", []_C_int{4, 31, 2}}, @@ -176,7 +186,6 @@ var sysctlMib = []mibentry{ {"net.inet.ipcomp.stats", []_C_int{4, 2, 108, 2}}, {"net.inet.ipip.allow", []_C_int{4, 2, 4, 1}}, {"net.inet.ipip.stats", []_C_int{4, 2, 4, 2}}, - {"net.inet.mobileip.allow", []_C_int{4, 2, 55, 1}}, {"net.inet.pfsync.stats", []_C_int{4, 2, 240, 1}}, {"net.inet.tcp.ackonpush", []_C_int{4, 2, 6, 13}}, {"net.inet.tcp.always_keepalive", []_C_int{4, 2, 6, 22}}, @@ -252,12 +261,12 @@ var sysctlMib = []mibentry{ {"net.mpls.ifq.maxlen", []_C_int{4, 33, 3, 2}}, {"net.mpls.mapttl_ip", []_C_int{4, 33, 5}}, {"net.mpls.mapttl_ip6", []_C_int{4, 33, 6}}, - {"net.mpls.maxloop_inkernel", []_C_int{4, 33, 4}}, {"net.mpls.ttl", []_C_int{4, 33, 2}}, {"net.pflow.stats", []_C_int{4, 34, 1}}, {"net.pipex.enable", []_C_int{4, 35, 1}}, {"vm.anonmin", []_C_int{2, 7}}, {"vm.loadavg", []_C_int{2, 2}}, + {"vm.malloc_conf", []_C_int{2, 12}}, {"vm.maxslp", []_C_int{2, 10}}, {"vm.nkmempages", []_C_int{2, 6}}, {"vm.psstrings", []_C_int{2, 3}}, diff --git a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm.go b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm.go index 8ea52a4a181..82dc51bd8b5 100644 --- a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm.go +++ b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm.go @@ -17,6 +17,7 @@ var sysctlMib = []mibentry{ {"ddb.max_line", []_C_int{9, 3}}, {"ddb.max_width", []_C_int{9, 2}}, {"ddb.panic", []_C_int{9, 5}}, + {"ddb.profile", []_C_int{9, 9}}, {"ddb.radix", []_C_int{9, 1}}, {"ddb.tab_stop_width", []_C_int{9, 4}}, {"ddb.trigger", []_C_int{9, 8}}, @@ -33,29 +34,37 @@ var sysctlMib = []mibentry{ {"hw.ncpufound", []_C_int{6, 21}}, {"hw.ncpuonline", []_C_int{6, 25}}, {"hw.pagesize", []_C_int{6, 7}}, + {"hw.perfpolicy", []_C_int{6, 23}}, {"hw.physmem", []_C_int{6, 19}}, + {"hw.power", []_C_int{6, 26}}, {"hw.product", []_C_int{6, 15}}, {"hw.serialno", []_C_int{6, 17}}, {"hw.setperf", []_C_int{6, 13}}, + {"hw.smt", []_C_int{6, 24}}, {"hw.usermem", []_C_int{6, 20}}, {"hw.uuid", []_C_int{6, 18}}, {"hw.vendor", []_C_int{6, 14}}, {"hw.version", []_C_int{6, 16}}, - {"kern.arandom", []_C_int{1, 37}}, + {"kern.allowdt", []_C_int{1, 65}}, + {"kern.allowkmem", []_C_int{1, 52}}, {"kern.argmax", []_C_int{1, 8}}, + {"kern.audio", []_C_int{1, 84}}, {"kern.boottime", []_C_int{1, 21}}, {"kern.bufcachepercent", []_C_int{1, 72}}, {"kern.ccpu", []_C_int{1, 45}}, {"kern.clockrate", []_C_int{1, 12}}, + {"kern.consbuf", []_C_int{1, 83}}, + {"kern.consbufsize", []_C_int{1, 82}}, {"kern.consdev", []_C_int{1, 75}}, {"kern.cp_time", []_C_int{1, 40}}, {"kern.cp_time2", []_C_int{1, 71}}, - {"kern.cryptodevallowsoft", []_C_int{1, 53}}, + {"kern.cpustats", []_C_int{1, 85}}, {"kern.domainname", []_C_int{1, 22}}, {"kern.file", []_C_int{1, 73}}, {"kern.forkstat", []_C_int{1, 42}}, {"kern.fscale", []_C_int{1, 46}}, {"kern.fsync", []_C_int{1, 33}}, + {"kern.global_ptrace", []_C_int{1, 81}}, {"kern.hostid", []_C_int{1, 11}}, {"kern.hostname", []_C_int{1, 10}}, {"kern.intrcnt.nintrcnt", []_C_int{1, 63, 1}}, @@ -78,17 +87,16 @@ var sysctlMib = []mibentry{ {"kern.ngroups", []_C_int{1, 18}}, {"kern.nosuidcoredump", []_C_int{1, 32}}, {"kern.nprocs", []_C_int{1, 47}}, - {"kern.nselcoll", []_C_int{1, 43}}, {"kern.nthreads", []_C_int{1, 26}}, {"kern.numvnodes", []_C_int{1, 58}}, {"kern.osrelease", []_C_int{1, 2}}, {"kern.osrevision", []_C_int{1, 3}}, {"kern.ostype", []_C_int{1, 1}}, {"kern.osversion", []_C_int{1, 27}}, + {"kern.pfstatus", []_C_int{1, 86}}, {"kern.pool_debug", []_C_int{1, 77}}, {"kern.posix1version", []_C_int{1, 17}}, {"kern.proc", []_C_int{1, 66}}, - {"kern.random", []_C_int{1, 31}}, {"kern.rawpartition", []_C_int{1, 24}}, {"kern.saved_ids", []_C_int{1, 20}}, {"kern.securelevel", []_C_int{1, 9}}, @@ -106,21 +114,20 @@ var sysctlMib = []mibentry{ {"kern.timecounter.hardware", []_C_int{1, 69, 3}}, {"kern.timecounter.tick", []_C_int{1, 69, 1}}, {"kern.timecounter.timestepwarnings", []_C_int{1, 69, 2}}, - {"kern.tty.maxptys", []_C_int{1, 44, 6}}, - {"kern.tty.nptys", []_C_int{1, 44, 7}}, + {"kern.timeout_stats", []_C_int{1, 87}}, {"kern.tty.tk_cancc", []_C_int{1, 44, 4}}, {"kern.tty.tk_nin", []_C_int{1, 44, 1}}, {"kern.tty.tk_nout", []_C_int{1, 44, 2}}, {"kern.tty.tk_rawcc", []_C_int{1, 44, 3}}, {"kern.tty.ttyinfo", []_C_int{1, 44, 5}}, {"kern.ttycount", []_C_int{1, 57}}, - {"kern.userasymcrypto", []_C_int{1, 60}}, - {"kern.usercrypto", []_C_int{1, 52}}, - {"kern.usermount", []_C_int{1, 30}}, + {"kern.utc_offset", []_C_int{1, 88}}, {"kern.version", []_C_int{1, 4}}, - {"kern.vnode", []_C_int{1, 13}}, + {"kern.video", []_C_int{1, 89}}, {"kern.watchdog.auto", []_C_int{1, 64, 2}}, {"kern.watchdog.period", []_C_int{1, 64, 1}}, + {"kern.witnesswatch", []_C_int{1, 53}}, + {"kern.wxabort", []_C_int{1, 74}}, {"net.bpf.bufsize", []_C_int{4, 31, 1}}, {"net.bpf.maxbufsize", []_C_int{4, 31, 2}}, {"net.inet.ah.enable", []_C_int{4, 2, 51, 1}}, @@ -148,7 +155,9 @@ var sysctlMib = []mibentry{ {"net.inet.icmp.stats", []_C_int{4, 2, 1, 7}}, {"net.inet.icmp.tstamprepl", []_C_int{4, 2, 1, 6}}, {"net.inet.igmp.stats", []_C_int{4, 2, 2, 1}}, + {"net.inet.ip.arpdown", []_C_int{4, 2, 0, 40}}, {"net.inet.ip.arpqueued", []_C_int{4, 2, 0, 36}}, + {"net.inet.ip.arptimeout", []_C_int{4, 2, 0, 39}}, {"net.inet.ip.encdebug", []_C_int{4, 2, 0, 12}}, {"net.inet.ip.forwarding", []_C_int{4, 2, 0, 1}}, {"net.inet.ip.ifq.congestion", []_C_int{4, 2, 0, 30, 4}}, @@ -157,8 +166,10 @@ var sysctlMib = []mibentry{ {"net.inet.ip.ifq.maxlen", []_C_int{4, 2, 0, 30, 2}}, {"net.inet.ip.maxqueue", []_C_int{4, 2, 0, 11}}, {"net.inet.ip.mforwarding", []_C_int{4, 2, 0, 31}}, + {"net.inet.ip.mrtmfc", []_C_int{4, 2, 0, 37}}, {"net.inet.ip.mrtproto", []_C_int{4, 2, 0, 34}}, {"net.inet.ip.mrtstats", []_C_int{4, 2, 0, 35}}, + {"net.inet.ip.mrtvif", []_C_int{4, 2, 0, 38}}, {"net.inet.ip.mtu", []_C_int{4, 2, 0, 4}}, {"net.inet.ip.mtudisc", []_C_int{4, 2, 0, 27}}, {"net.inet.ip.mtudisctimeout", []_C_int{4, 2, 0, 28}}, @@ -175,9 +186,7 @@ var sysctlMib = []mibentry{ {"net.inet.ipcomp.stats", []_C_int{4, 2, 108, 2}}, {"net.inet.ipip.allow", []_C_int{4, 2, 4, 1}}, {"net.inet.ipip.stats", []_C_int{4, 2, 4, 2}}, - {"net.inet.mobileip.allow", []_C_int{4, 2, 55, 1}}, {"net.inet.pfsync.stats", []_C_int{4, 2, 240, 1}}, - {"net.inet.pim.stats", []_C_int{4, 2, 103, 1}}, {"net.inet.tcp.ackonpush", []_C_int{4, 2, 6, 13}}, {"net.inet.tcp.always_keepalive", []_C_int{4, 2, 6, 22}}, {"net.inet.tcp.baddynamic", []_C_int{4, 2, 6, 6}}, @@ -191,6 +200,7 @@ var sysctlMib = []mibentry{ {"net.inet.tcp.reasslimit", []_C_int{4, 2, 6, 18}}, {"net.inet.tcp.rfc1323", []_C_int{4, 2, 6, 1}}, {"net.inet.tcp.rfc3390", []_C_int{4, 2, 6, 17}}, + {"net.inet.tcp.rootonly", []_C_int{4, 2, 6, 24}}, {"net.inet.tcp.rstppslimit", []_C_int{4, 2, 6, 12}}, {"net.inet.tcp.sack", []_C_int{4, 2, 6, 10}}, {"net.inet.tcp.sackholelimit", []_C_int{4, 2, 6, 20}}, @@ -198,9 +208,12 @@ var sysctlMib = []mibentry{ {"net.inet.tcp.stats", []_C_int{4, 2, 6, 21}}, {"net.inet.tcp.synbucketlimit", []_C_int{4, 2, 6, 16}}, {"net.inet.tcp.syncachelimit", []_C_int{4, 2, 6, 15}}, + {"net.inet.tcp.synhashsize", []_C_int{4, 2, 6, 25}}, + {"net.inet.tcp.synuselimit", []_C_int{4, 2, 6, 23}}, {"net.inet.udp.baddynamic", []_C_int{4, 2, 17, 2}}, {"net.inet.udp.checksum", []_C_int{4, 2, 17, 1}}, {"net.inet.udp.recvspace", []_C_int{4, 2, 17, 3}}, + {"net.inet.udp.rootonly", []_C_int{4, 2, 17, 6}}, {"net.inet.udp.sendspace", []_C_int{4, 2, 17, 4}}, {"net.inet.udp.stats", []_C_int{4, 2, 17, 5}}, {"net.inet6.divert.recvspace", []_C_int{4, 24, 86, 1}}, @@ -213,13 +226,8 @@ var sysctlMib = []mibentry{ {"net.inet6.icmp6.nd6_delay", []_C_int{4, 24, 30, 8}}, {"net.inet6.icmp6.nd6_maxnudhint", []_C_int{4, 24, 30, 15}}, {"net.inet6.icmp6.nd6_mmaxtries", []_C_int{4, 24, 30, 10}}, - {"net.inet6.icmp6.nd6_prune", []_C_int{4, 24, 30, 6}}, {"net.inet6.icmp6.nd6_umaxtries", []_C_int{4, 24, 30, 9}}, - {"net.inet6.icmp6.nd6_useloopback", []_C_int{4, 24, 30, 11}}, - {"net.inet6.icmp6.nodeinfo", []_C_int{4, 24, 30, 13}}, - {"net.inet6.icmp6.rediraccept", []_C_int{4, 24, 30, 2}}, {"net.inet6.icmp6.redirtimeout", []_C_int{4, 24, 30, 3}}, - {"net.inet6.ip6.accept_rtadv", []_C_int{4, 24, 17, 12}}, {"net.inet6.ip6.auto_flowlabel", []_C_int{4, 24, 17, 17}}, {"net.inet6.ip6.dad_count", []_C_int{4, 24, 17, 16}}, {"net.inet6.ip6.dad_pending", []_C_int{4, 24, 17, 49}}, @@ -232,20 +240,19 @@ var sysctlMib = []mibentry{ {"net.inet6.ip6.maxdynroutes", []_C_int{4, 24, 17, 48}}, {"net.inet6.ip6.maxfragpackets", []_C_int{4, 24, 17, 9}}, {"net.inet6.ip6.maxfrags", []_C_int{4, 24, 17, 41}}, - {"net.inet6.ip6.maxifdefrouters", []_C_int{4, 24, 17, 47}}, - {"net.inet6.ip6.maxifprefixes", []_C_int{4, 24, 17, 46}}, {"net.inet6.ip6.mforwarding", []_C_int{4, 24, 17, 42}}, + {"net.inet6.ip6.mrtmfc", []_C_int{4, 24, 17, 53}}, + {"net.inet6.ip6.mrtmif", []_C_int{4, 24, 17, 52}}, {"net.inet6.ip6.mrtproto", []_C_int{4, 24, 17, 8}}, {"net.inet6.ip6.mtudisctimeout", []_C_int{4, 24, 17, 50}}, {"net.inet6.ip6.multicast_mtudisc", []_C_int{4, 24, 17, 44}}, {"net.inet6.ip6.multipath", []_C_int{4, 24, 17, 43}}, {"net.inet6.ip6.neighborgcthresh", []_C_int{4, 24, 17, 45}}, {"net.inet6.ip6.redirect", []_C_int{4, 24, 17, 2}}, - {"net.inet6.ip6.rr_prune", []_C_int{4, 24, 17, 22}}, + {"net.inet6.ip6.soiikey", []_C_int{4, 24, 17, 54}}, {"net.inet6.ip6.sourcecheck", []_C_int{4, 24, 17, 10}}, {"net.inet6.ip6.sourcecheck_logint", []_C_int{4, 24, 17, 11}}, {"net.inet6.ip6.use_deprecated", []_C_int{4, 24, 17, 21}}, - {"net.inet6.ip6.v6only", []_C_int{4, 24, 17, 24}}, {"net.key.sadb_dump", []_C_int{4, 30, 1}}, {"net.key.spd_dump", []_C_int{4, 30, 2}}, {"net.mpls.ifq.congestion", []_C_int{4, 33, 3, 4}}, @@ -254,12 +261,12 @@ var sysctlMib = []mibentry{ {"net.mpls.ifq.maxlen", []_C_int{4, 33, 3, 2}}, {"net.mpls.mapttl_ip", []_C_int{4, 33, 5}}, {"net.mpls.mapttl_ip6", []_C_int{4, 33, 6}}, - {"net.mpls.maxloop_inkernel", []_C_int{4, 33, 4}}, {"net.mpls.ttl", []_C_int{4, 33, 2}}, {"net.pflow.stats", []_C_int{4, 34, 1}}, {"net.pipex.enable", []_C_int{4, 35, 1}}, {"vm.anonmin", []_C_int{2, 7}}, {"vm.loadavg", []_C_int{2, 2}}, + {"vm.malloc_conf", []_C_int{2, 12}}, {"vm.maxslp", []_C_int{2, 10}}, {"vm.nkmempages", []_C_int{2, 6}}, {"vm.psstrings", []_C_int{2, 3}}, diff --git a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm64.go b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm64.go index 154b57ae3e2..cbdda1a4ae2 100644 --- a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm64.go +++ b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm64.go @@ -36,6 +36,7 @@ var sysctlMib = []mibentry{ {"hw.pagesize", []_C_int{6, 7}}, {"hw.perfpolicy", []_C_int{6, 23}}, {"hw.physmem", []_C_int{6, 19}}, + {"hw.power", []_C_int{6, 26}}, {"hw.product", []_C_int{6, 15}}, {"hw.serialno", []_C_int{6, 17}}, {"hw.setperf", []_C_int{6, 13}}, @@ -44,6 +45,7 @@ var sysctlMib = []mibentry{ {"hw.uuid", []_C_int{6, 18}}, {"hw.vendor", []_C_int{6, 14}}, {"hw.version", []_C_int{6, 16}}, + {"kern.allowdt", []_C_int{1, 65}}, {"kern.allowkmem", []_C_int{1, 52}}, {"kern.argmax", []_C_int{1, 8}}, {"kern.audio", []_C_int{1, 84}}, @@ -51,6 +53,8 @@ var sysctlMib = []mibentry{ {"kern.bufcachepercent", []_C_int{1, 72}}, {"kern.ccpu", []_C_int{1, 45}}, {"kern.clockrate", []_C_int{1, 12}}, + {"kern.consbuf", []_C_int{1, 83}}, + {"kern.consbufsize", []_C_int{1, 82}}, {"kern.consdev", []_C_int{1, 75}}, {"kern.cp_time", []_C_int{1, 40}}, {"kern.cp_time2", []_C_int{1, 71}}, @@ -83,13 +87,13 @@ var sysctlMib = []mibentry{ {"kern.ngroups", []_C_int{1, 18}}, {"kern.nosuidcoredump", []_C_int{1, 32}}, {"kern.nprocs", []_C_int{1, 47}}, - {"kern.nselcoll", []_C_int{1, 43}}, {"kern.nthreads", []_C_int{1, 26}}, {"kern.numvnodes", []_C_int{1, 58}}, {"kern.osrelease", []_C_int{1, 2}}, {"kern.osrevision", []_C_int{1, 3}}, {"kern.ostype", []_C_int{1, 1}}, {"kern.osversion", []_C_int{1, 27}}, + {"kern.pfstatus", []_C_int{1, 86}}, {"kern.pool_debug", []_C_int{1, 77}}, {"kern.posix1version", []_C_int{1, 17}}, {"kern.proc", []_C_int{1, 66}}, @@ -110,13 +114,16 @@ var sysctlMib = []mibentry{ {"kern.timecounter.hardware", []_C_int{1, 69, 3}}, {"kern.timecounter.tick", []_C_int{1, 69, 1}}, {"kern.timecounter.timestepwarnings", []_C_int{1, 69, 2}}, + {"kern.timeout_stats", []_C_int{1, 87}}, {"kern.tty.tk_cancc", []_C_int{1, 44, 4}}, {"kern.tty.tk_nin", []_C_int{1, 44, 1}}, {"kern.tty.tk_nout", []_C_int{1, 44, 2}}, {"kern.tty.tk_rawcc", []_C_int{1, 44, 3}}, {"kern.tty.ttyinfo", []_C_int{1, 44, 5}}, {"kern.ttycount", []_C_int{1, 57}}, + {"kern.utc_offset", []_C_int{1, 88}}, {"kern.version", []_C_int{1, 4}}, + {"kern.video", []_C_int{1, 89}}, {"kern.watchdog.auto", []_C_int{1, 64, 2}}, {"kern.watchdog.period", []_C_int{1, 64, 1}}, {"kern.witnesswatch", []_C_int{1, 53}}, @@ -179,7 +186,6 @@ var sysctlMib = []mibentry{ {"net.inet.ipcomp.stats", []_C_int{4, 2, 108, 2}}, {"net.inet.ipip.allow", []_C_int{4, 2, 4, 1}}, {"net.inet.ipip.stats", []_C_int{4, 2, 4, 2}}, - {"net.inet.mobileip.allow", []_C_int{4, 2, 55, 1}}, {"net.inet.pfsync.stats", []_C_int{4, 2, 240, 1}}, {"net.inet.tcp.ackonpush", []_C_int{4, 2, 6, 13}}, {"net.inet.tcp.always_keepalive", []_C_int{4, 2, 6, 22}}, @@ -255,7 +261,6 @@ var sysctlMib = []mibentry{ {"net.mpls.ifq.maxlen", []_C_int{4, 33, 3, 2}}, {"net.mpls.mapttl_ip", []_C_int{4, 33, 5}}, {"net.mpls.mapttl_ip6", []_C_int{4, 33, 6}}, - {"net.mpls.maxloop_inkernel", []_C_int{4, 33, 4}}, {"net.mpls.ttl", []_C_int{4, 33, 2}}, {"net.pflow.stats", []_C_int{4, 34, 1}}, {"net.pipex.enable", []_C_int{4, 35, 1}}, diff --git a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_mips64.go b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_mips64.go index d96bb2ba4db..f55eae1a821 100644 --- a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_mips64.go +++ b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_mips64.go @@ -36,6 +36,7 @@ var sysctlMib = []mibentry{ {"hw.pagesize", []_C_int{6, 7}}, {"hw.perfpolicy", []_C_int{6, 23}}, {"hw.physmem", []_C_int{6, 19}}, + {"hw.power", []_C_int{6, 26}}, {"hw.product", []_C_int{6, 15}}, {"hw.serialno", []_C_int{6, 17}}, {"hw.setperf", []_C_int{6, 13}}, @@ -86,7 +87,6 @@ var sysctlMib = []mibentry{ {"kern.ngroups", []_C_int{1, 18}}, {"kern.nosuidcoredump", []_C_int{1, 32}}, {"kern.nprocs", []_C_int{1, 47}}, - {"kern.nselcoll", []_C_int{1, 43}}, {"kern.nthreads", []_C_int{1, 26}}, {"kern.numvnodes", []_C_int{1, 58}}, {"kern.osrelease", []_C_int{1, 2}}, @@ -123,6 +123,7 @@ var sysctlMib = []mibentry{ {"kern.ttycount", []_C_int{1, 57}}, {"kern.utc_offset", []_C_int{1, 88}}, {"kern.version", []_C_int{1, 4}}, + {"kern.video", []_C_int{1, 89}}, {"kern.watchdog.auto", []_C_int{1, 64, 2}}, {"kern.watchdog.period", []_C_int{1, 64, 1}}, {"kern.witnesswatch", []_C_int{1, 53}}, diff --git a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_mips64.go b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_mips64.go index a37f7737563..01c43a01fda 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_mips64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_mips64.go @@ -6,6 +6,7 @@ package unix +// Deprecated: Use libc wrappers instead of direct syscalls. const ( SYS_EXIT = 1 // { void sys_exit(int rval); } SYS_FORK = 2 // { int sys_fork(void); } diff --git a/vendor/golang.org/x/sys/unix/ztypes_netbsd_386.go b/vendor/golang.org/x/sys/unix/ztypes_netbsd_386.go index 2fd2060e617..9bc4c8f9d88 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_netbsd_386.go +++ b/vendor/golang.org/x/sys/unix/ztypes_netbsd_386.go @@ -491,6 +491,90 @@ type Utsname struct { Machine [256]byte } +const SizeofUvmexp = 0x278 + +type Uvmexp struct { + Pagesize int64 + Pagemask int64 + Pageshift int64 + Npages int64 + Free int64 + Active int64 + Inactive int64 + Paging int64 + Wired int64 + Zeropages int64 + Reserve_pagedaemon int64 + Reserve_kernel int64 + Freemin int64 + Freetarg int64 + Inactarg int64 + Wiredmax int64 + Nswapdev int64 + Swpages int64 + Swpginuse int64 + Swpgonly int64 + Nswget int64 + Unused1 int64 + Cpuhit int64 + Cpumiss int64 + Faults int64 + Traps int64 + Intrs int64 + Swtch int64 + Softs int64 + Syscalls int64 + Pageins int64 + Swapins int64 + Swapouts int64 + Pgswapin int64 + Pgswapout int64 + Forks int64 + Forks_ppwait int64 + Forks_sharevm int64 + Pga_zerohit int64 + Pga_zeromiss int64 + Zeroaborts int64 + Fltnoram int64 + Fltnoanon int64 + Fltpgwait int64 + Fltpgrele int64 + Fltrelck int64 + Fltrelckok int64 + Fltanget int64 + Fltanretry int64 + Fltamcopy int64 + Fltnamap int64 + Fltnomap int64 + Fltlget int64 + Fltget int64 + Flt_anon int64 + Flt_acow int64 + Flt_obj int64 + Flt_prcopy int64 + Flt_przero int64 + Pdwoke int64 + Pdrevs int64 + Unused4 int64 + Pdfreed int64 + Pdscans int64 + Pdanscan int64 + Pdobscan int64 + Pdreact int64 + Pdbusy int64 + Pdpageouts int64 + Pdpending int64 + Pddeact int64 + Anonpages int64 + Filepages int64 + Execpages int64 + Colorhit int64 + Colormiss int64 + Ncolors int64 + Bootpages int64 + Poolpages int64 +} + const SizeofClockinfo = 0x14 type Clockinfo struct { diff --git a/vendor/golang.org/x/sys/unix/ztypes_netbsd_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_netbsd_amd64.go index 6a5a1a8ae55..bb05f655d22 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_netbsd_amd64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_netbsd_amd64.go @@ -499,6 +499,90 @@ type Utsname struct { Machine [256]byte } +const SizeofUvmexp = 0x278 + +type Uvmexp struct { + Pagesize int64 + Pagemask int64 + Pageshift int64 + Npages int64 + Free int64 + Active int64 + Inactive int64 + Paging int64 + Wired int64 + Zeropages int64 + Reserve_pagedaemon int64 + Reserve_kernel int64 + Freemin int64 + Freetarg int64 + Inactarg int64 + Wiredmax int64 + Nswapdev int64 + Swpages int64 + Swpginuse int64 + Swpgonly int64 + Nswget int64 + Unused1 int64 + Cpuhit int64 + Cpumiss int64 + Faults int64 + Traps int64 + Intrs int64 + Swtch int64 + Softs int64 + Syscalls int64 + Pageins int64 + Swapins int64 + Swapouts int64 + Pgswapin int64 + Pgswapout int64 + Forks int64 + Forks_ppwait int64 + Forks_sharevm int64 + Pga_zerohit int64 + Pga_zeromiss int64 + Zeroaborts int64 + Fltnoram int64 + Fltnoanon int64 + Fltpgwait int64 + Fltpgrele int64 + Fltrelck int64 + Fltrelckok int64 + Fltanget int64 + Fltanretry int64 + Fltamcopy int64 + Fltnamap int64 + Fltnomap int64 + Fltlget int64 + Fltget int64 + Flt_anon int64 + Flt_acow int64 + Flt_obj int64 + Flt_prcopy int64 + Flt_przero int64 + Pdwoke int64 + Pdrevs int64 + Unused4 int64 + Pdfreed int64 + Pdscans int64 + Pdanscan int64 + Pdobscan int64 + Pdreact int64 + Pdbusy int64 + Pdpageouts int64 + Pdpending int64 + Pddeact int64 + Anonpages int64 + Filepages int64 + Execpages int64 + Colorhit int64 + Colormiss int64 + Ncolors int64 + Bootpages int64 + Poolpages int64 +} + const SizeofClockinfo = 0x14 type Clockinfo struct { diff --git a/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go b/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go index 84cc8d01e65..db40e3a19c6 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go +++ b/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go @@ -496,6 +496,90 @@ type Utsname struct { Machine [256]byte } +const SizeofUvmexp = 0x278 + +type Uvmexp struct { + Pagesize int64 + Pagemask int64 + Pageshift int64 + Npages int64 + Free int64 + Active int64 + Inactive int64 + Paging int64 + Wired int64 + Zeropages int64 + Reserve_pagedaemon int64 + Reserve_kernel int64 + Freemin int64 + Freetarg int64 + Inactarg int64 + Wiredmax int64 + Nswapdev int64 + Swpages int64 + Swpginuse int64 + Swpgonly int64 + Nswget int64 + Unused1 int64 + Cpuhit int64 + Cpumiss int64 + Faults int64 + Traps int64 + Intrs int64 + Swtch int64 + Softs int64 + Syscalls int64 + Pageins int64 + Swapins int64 + Swapouts int64 + Pgswapin int64 + Pgswapout int64 + Forks int64 + Forks_ppwait int64 + Forks_sharevm int64 + Pga_zerohit int64 + Pga_zeromiss int64 + Zeroaborts int64 + Fltnoram int64 + Fltnoanon int64 + Fltpgwait int64 + Fltpgrele int64 + Fltrelck int64 + Fltrelckok int64 + Fltanget int64 + Fltanretry int64 + Fltamcopy int64 + Fltnamap int64 + Fltnomap int64 + Fltlget int64 + Fltget int64 + Flt_anon int64 + Flt_acow int64 + Flt_obj int64 + Flt_prcopy int64 + Flt_przero int64 + Pdwoke int64 + Pdrevs int64 + Unused4 int64 + Pdfreed int64 + Pdscans int64 + Pdanscan int64 + Pdobscan int64 + Pdreact int64 + Pdbusy int64 + Pdpageouts int64 + Pdpending int64 + Pddeact int64 + Anonpages int64 + Filepages int64 + Execpages int64 + Colorhit int64 + Colormiss int64 + Ncolors int64 + Bootpages int64 + Poolpages int64 +} + const SizeofClockinfo = 0x14 type Clockinfo struct { diff --git a/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm64.go b/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm64.go index c844e7096ff..11121151ccf 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm64.go @@ -499,6 +499,90 @@ type Utsname struct { Machine [256]byte } +const SizeofUvmexp = 0x278 + +type Uvmexp struct { + Pagesize int64 + Pagemask int64 + Pageshift int64 + Npages int64 + Free int64 + Active int64 + Inactive int64 + Paging int64 + Wired int64 + Zeropages int64 + Reserve_pagedaemon int64 + Reserve_kernel int64 + Freemin int64 + Freetarg int64 + Inactarg int64 + Wiredmax int64 + Nswapdev int64 + Swpages int64 + Swpginuse int64 + Swpgonly int64 + Nswget int64 + Unused1 int64 + Cpuhit int64 + Cpumiss int64 + Faults int64 + Traps int64 + Intrs int64 + Swtch int64 + Softs int64 + Syscalls int64 + Pageins int64 + Swapins int64 + Swapouts int64 + Pgswapin int64 + Pgswapout int64 + Forks int64 + Forks_ppwait int64 + Forks_sharevm int64 + Pga_zerohit int64 + Pga_zeromiss int64 + Zeroaborts int64 + Fltnoram int64 + Fltnoanon int64 + Fltpgwait int64 + Fltpgrele int64 + Fltrelck int64 + Fltrelckok int64 + Fltanget int64 + Fltanretry int64 + Fltamcopy int64 + Fltnamap int64 + Fltnomap int64 + Fltlget int64 + Fltget int64 + Flt_anon int64 + Flt_acow int64 + Flt_obj int64 + Flt_prcopy int64 + Flt_przero int64 + Pdwoke int64 + Pdrevs int64 + Unused4 int64 + Pdfreed int64 + Pdscans int64 + Pdanscan int64 + Pdobscan int64 + Pdreact int64 + Pdbusy int64 + Pdpageouts int64 + Pdpending int64 + Pddeact int64 + Anonpages int64 + Filepages int64 + Execpages int64 + Colorhit int64 + Colormiss int64 + Ncolors int64 + Bootpages int64 + Poolpages int64 +} + const SizeofClockinfo = 0x14 type Clockinfo struct { diff --git a/vendor/golang.org/x/sys/unix/ztypes_openbsd_386.go b/vendor/golang.org/x/sys/unix/ztypes_openbsd_386.go index 2ed718ca06a..26eba23b729 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_openbsd_386.go +++ b/vendor/golang.org/x/sys/unix/ztypes_openbsd_386.go @@ -58,22 +58,22 @@ type Rlimit struct { type _Gid_t uint32 type Stat_t struct { - Mode uint32 - Dev int32 - Ino uint64 - Nlink uint32 - Uid uint32 - Gid uint32 - Rdev int32 - Atim Timespec - Mtim Timespec - Ctim Timespec - Size int64 - Blocks int64 - Blksize uint32 - Flags uint32 - Gen uint32 - X__st_birthtim Timespec + Mode uint32 + Dev int32 + Ino uint64 + Nlink uint32 + Uid uint32 + Gid uint32 + Rdev int32 + Atim Timespec + Mtim Timespec + Ctim Timespec + Size int64 + Blocks int64 + Blksize int32 + Flags uint32 + Gen uint32 + _ Timespec } type Statfs_t struct { @@ -98,7 +98,7 @@ type Statfs_t struct { F_mntonname [90]byte F_mntfromname [90]byte F_mntfromspec [90]byte - Pad_cgo_0 [2]byte + _ [2]byte Mount_info [160]byte } @@ -111,13 +111,13 @@ type Flock_t struct { } type Dirent struct { - Fileno uint64 - Off int64 - Reclen uint16 - Type uint8 - Namlen uint8 - X__d_padding [4]uint8 - Name [256]int8 + Fileno uint64 + Off int64 + Reclen uint16 + Type uint8 + Namlen uint8 + _ [4]uint8 + Name [256]int8 } type Fsid struct { @@ -262,8 +262,8 @@ type FdSet struct { } const ( - SizeofIfMsghdr = 0xec - SizeofIfData = 0xd4 + SizeofIfMsghdr = 0xa0 + SizeofIfData = 0x88 SizeofIfaMsghdr = 0x18 SizeofIfAnnounceMsghdr = 0x1a SizeofRtMsghdr = 0x60 @@ -292,7 +292,7 @@ type IfData struct { Link_state uint8 Mtu uint32 Metric uint32 - Pad uint32 + Rdomain uint32 Baudrate uint64 Ipackets uint64 Ierrors uint64 @@ -304,10 +304,10 @@ type IfData struct { Imcasts uint64 Omcasts uint64 Iqdrops uint64 + Oqdrops uint64 Noproto uint64 Capabilities uint32 Lastchange Timeval - Mclpool [7]Mclpool } type IfaMsghdr struct { @@ -368,20 +368,12 @@ type RtMetrics struct { Pad uint32 } -type Mclpool struct { - Grown int32 - Alive uint16 - Hwm uint16 - Cwm uint16 - Lwm uint16 -} - const ( SizeofBpfVersion = 0x4 SizeofBpfStat = 0x8 SizeofBpfProgram = 0x8 SizeofBpfInsn = 0x8 - SizeofBpfHdr = 0x14 + SizeofBpfHdr = 0x18 ) type BpfVersion struct { @@ -407,11 +399,14 @@ type BpfInsn struct { } type BpfHdr struct { - Tstamp BpfTimeval - Caplen uint32 - Datalen uint32 - Hdrlen uint16 - Pad_cgo_0 [2]byte + Tstamp BpfTimeval + Caplen uint32 + Datalen uint32 + Hdrlen uint16 + Ifidx uint16 + Flowid uint16 + Flags uint8 + Drops uint8 } type BpfTimeval struct { @@ -488,7 +483,7 @@ type Uvmexp struct { Zeropages int32 Reserve_pagedaemon int32 Reserve_kernel int32 - Anonpages int32 + Unused01 int32 Vnodepages int32 Vtextpages int32 Freemin int32 @@ -507,8 +502,8 @@ type Uvmexp struct { Swpgonly int32 Nswget int32 Nanon int32 - Nanonneeded int32 - Nfreeanon int32 + Unused05 int32 + Unused06 int32 Faults int32 Traps int32 Intrs int32 @@ -516,8 +511,8 @@ type Uvmexp struct { Softs int32 Syscalls int32 Pageins int32 - Obsolete_swapins int32 - Obsolete_swapouts int32 + Unused07 int32 + Unused08 int32 Pgswapin int32 Pgswapout int32 Forks int32 @@ -525,7 +520,7 @@ type Uvmexp struct { Forks_sharevm int32 Pga_zerohit int32 Pga_zeromiss int32 - Zeroaborts int32 + Unused09 int32 Fltnoram int32 Fltnoanon int32 Fltnoamap int32 @@ -557,9 +552,9 @@ type Uvmexp struct { Pdpageouts int32 Pdpending int32 Pddeact int32 - Pdreanon int32 - Pdrevnode int32 - Pdrevtext int32 + Unused11 int32 + Unused12 int32 + Unused13 int32 Fpswtch int32 Kmapent int32 } diff --git a/vendor/golang.org/x/sys/unix/ztypes_openbsd_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_openbsd_amd64.go index b4fb97ebe65..5a547988698 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_openbsd_amd64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_openbsd_amd64.go @@ -73,7 +73,6 @@ type Stat_t struct { Blksize int32 Flags uint32 Gen uint32 - _ [4]byte _ Timespec } @@ -81,7 +80,6 @@ type Statfs_t struct { F_flags uint32 F_bsize uint32 F_iosize uint32 - _ [4]byte F_blocks uint64 F_bfree uint64 F_bavail int64 @@ -200,10 +198,8 @@ type IPv6Mreq struct { type Msghdr struct { Name *byte Namelen uint32 - _ [4]byte Iov *Iovec Iovlen uint32 - _ [4]byte Control *byte Controllen uint32 Flags int32 @@ -311,7 +307,6 @@ type IfData struct { Oqdrops uint64 Noproto uint64 Capabilities uint32 - _ [4]byte Lastchange Timeval } @@ -373,14 +368,12 @@ type RtMetrics struct { Pad uint32 } -type Mclpool struct{} - const ( SizeofBpfVersion = 0x4 SizeofBpfStat = 0x8 SizeofBpfProgram = 0x10 SizeofBpfInsn = 0x8 - SizeofBpfHdr = 0x14 + SizeofBpfHdr = 0x18 ) type BpfVersion struct { @@ -395,7 +388,6 @@ type BpfStat struct { type BpfProgram struct { Len uint32 - _ [4]byte Insns *BpfInsn } @@ -411,7 +403,10 @@ type BpfHdr struct { Caplen uint32 Datalen uint32 Hdrlen uint16 - _ [2]byte + Ifidx uint16 + Flowid uint16 + Flags uint8 + Drops uint8 } type BpfTimeval struct { @@ -488,7 +483,7 @@ type Uvmexp struct { Zeropages int32 Reserve_pagedaemon int32 Reserve_kernel int32 - Anonpages int32 + Unused01 int32 Vnodepages int32 Vtextpages int32 Freemin int32 @@ -507,8 +502,8 @@ type Uvmexp struct { Swpgonly int32 Nswget int32 Nanon int32 - Nanonneeded int32 - Nfreeanon int32 + Unused05 int32 + Unused06 int32 Faults int32 Traps int32 Intrs int32 @@ -516,8 +511,8 @@ type Uvmexp struct { Softs int32 Syscalls int32 Pageins int32 - Obsolete_swapins int32 - Obsolete_swapouts int32 + Unused07 int32 + Unused08 int32 Pgswapin int32 Pgswapout int32 Forks int32 @@ -525,7 +520,7 @@ type Uvmexp struct { Forks_sharevm int32 Pga_zerohit int32 Pga_zeromiss int32 - Zeroaborts int32 + Unused09 int32 Fltnoram int32 Fltnoanon int32 Fltnoamap int32 @@ -557,9 +552,9 @@ type Uvmexp struct { Pdpageouts int32 Pdpending int32 Pddeact int32 - Pdreanon int32 - Pdrevnode int32 - Pdrevtext int32 + Unused11 int32 + Unused12 int32 + Unused13 int32 Fpswtch int32 Kmapent int32 } diff --git a/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm.go b/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm.go index 2c4675040ef..be58c4e1ff8 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm.go +++ b/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm.go @@ -375,14 +375,12 @@ type RtMetrics struct { Pad uint32 } -type Mclpool struct{} - const ( SizeofBpfVersion = 0x4 SizeofBpfStat = 0x8 SizeofBpfProgram = 0x8 SizeofBpfInsn = 0x8 - SizeofBpfHdr = 0x14 + SizeofBpfHdr = 0x18 ) type BpfVersion struct { @@ -412,7 +410,10 @@ type BpfHdr struct { Caplen uint32 Datalen uint32 Hdrlen uint16 - _ [2]byte + Ifidx uint16 + Flowid uint16 + Flags uint8 + Drops uint8 } type BpfTimeval struct { diff --git a/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm64.go b/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm64.go index ddee0451470..52338266cb3 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm64.go @@ -368,14 +368,12 @@ type RtMetrics struct { Pad uint32 } -type Mclpool struct{} - const ( SizeofBpfVersion = 0x4 SizeofBpfStat = 0x8 SizeofBpfProgram = 0x10 SizeofBpfInsn = 0x8 - SizeofBpfHdr = 0x14 + SizeofBpfHdr = 0x18 ) type BpfVersion struct { @@ -405,7 +403,10 @@ type BpfHdr struct { Caplen uint32 Datalen uint32 Hdrlen uint16 - _ [2]byte + Ifidx uint16 + Flowid uint16 + Flags uint8 + Drops uint8 } type BpfTimeval struct { diff --git a/vendor/golang.org/x/sys/unix/ztypes_openbsd_mips64.go b/vendor/golang.org/x/sys/unix/ztypes_openbsd_mips64.go index eb13d4e8bfc..605cfdb12b1 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_openbsd_mips64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_openbsd_mips64.go @@ -368,14 +368,12 @@ type RtMetrics struct { Pad uint32 } -type Mclpool struct{} - const ( SizeofBpfVersion = 0x4 SizeofBpfStat = 0x8 SizeofBpfProgram = 0x10 SizeofBpfInsn = 0x8 - SizeofBpfHdr = 0x14 + SizeofBpfHdr = 0x18 ) type BpfVersion struct { @@ -405,7 +403,10 @@ type BpfHdr struct { Caplen uint32 Datalen uint32 Hdrlen uint16 - _ [2]byte + Ifidx uint16 + Flowid uint16 + Flags uint8 + Drops uint8 } type BpfTimeval struct { diff --git a/vendor/modules.txt b/vendor/modules.txt index a98a4dc492b..2679a3c4242 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -68,10 +68,10 @@ github.com/vishvananda/netlink/nl # github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df ## explicit; go 1.12 github.com/vishvananda/netns -# golang.org/x/net v0.4.0 +# golang.org/x/net v0.5.0 ## explicit; go 1.17 golang.org/x/net/bpf -# golang.org/x/sys v0.3.0 +# golang.org/x/sys v0.4.0 ## explicit; go 1.17 golang.org/x/sys/execabs golang.org/x/sys/internal/unsafeheader From 6676f9807f919eeb57dd103466c7772176f70076 Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Thu, 12 Jan 2023 08:53:57 +0900 Subject: [PATCH 0142/1176] tests/integration/get-images.sh: fix busybox.tar.xz URL Fix issue 3699 Signed-off-by: Akihiro Suda --- tests/integration/get-images.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/integration/get-images.sh b/tests/integration/get-images.sh index 63ce40cdad1..7204478de10 100755 --- a/tests/integration/get-images.sh +++ b/tests/integration/get-images.sh @@ -56,7 +56,7 @@ esac # busybox BUSYBOX_IMAGE="$TESTDATA/busybox-${arch}.tar.xz" get "$BUSYBOX_IMAGE" \ - "https://github.com/docker-library/busybox/raw/dist-${arch}/stable/glibc/busybox.tar.xz" + "https://github.com/docker-library/busybox/raw/dist-${arch}/latest/glibc/busybox.tar.xz" echo "BUSYBOX_IMAGE=$BUSYBOX_IMAGE" # debian From cc63d074e6b7c44dcc70df8affa3dc0ea2a6c9be Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 17 Jan 2023 23:24:59 +0000 Subject: [PATCH 0143/1176] build(deps): bump github.com/cilium/ebpf from 0.9.3 to 0.10.0 Bumps [github.com/cilium/ebpf](https://github.com/cilium/ebpf) from 0.9.3 to 0.10.0. - [Release notes](https://github.com/cilium/ebpf/releases) - [Commits](https://github.com/cilium/ebpf/compare/v0.9.3...v0.10.0) --- updated-dependencies: - dependency-name: github.com/cilium/ebpf dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 13 +- vendor/github.com/cilium/ebpf/Makefile | 4 +- vendor/github.com/cilium/ebpf/README.md | 2 +- .../github.com/cilium/ebpf/asm/instruction.go | 7 + vendor/github.com/cilium/ebpf/btf/btf.go | 468 ++++++++---------- .../github.com/cilium/ebpf/btf/btf_types.go | 53 +- .../cilium/ebpf/btf/btf_types_string.go | 5 +- vendor/github.com/cilium/ebpf/btf/core.go | 24 +- vendor/github.com/cilium/ebpf/btf/ext_info.go | 102 +++- vendor/github.com/cilium/ebpf/btf/format.go | 6 +- vendor/github.com/cilium/ebpf/btf/handle.go | 141 ++++++ vendor/github.com/cilium/ebpf/btf/marshal.go | 422 ++++++++++++++++ vendor/github.com/cilium/ebpf/btf/strings.go | 89 ++++ .../github.com/cilium/ebpf/btf/traversal.go | 88 +++- vendor/github.com/cilium/ebpf/btf/types.go | 87 ++-- vendor/github.com/cilium/ebpf/collection.go | 70 +-- vendor/github.com/cilium/ebpf/elf_reader.go | 16 +- .../github.com/cilium/ebpf/internal/deque.go | 11 + .../github.com/cilium/ebpf/internal/errors.go | 23 +- .../cilium/ebpf/internal/feature.go | 174 +++++-- .../ebpf/internal/sys/mapflags_string.go | 49 ++ .../cilium/ebpf/internal/sys/syscall.go | 20 +- .../cilium/ebpf/internal/sys/types.go | 15 + .../cilium/ebpf/internal/unix/types_linux.go | 33 +- .../cilium/ebpf/internal/unix/types_other.go | 3 + .../github.com/cilium/ebpf/internal/vdso.go | 3 + vendor/github.com/cilium/ebpf/link/kprobe.go | 130 +++-- .../cilium/ebpf/link/kprobe_multi.go | 12 +- vendor/github.com/cilium/ebpf/link/link.go | 5 + .../github.com/cilium/ebpf/link/perf_event.go | 4 +- vendor/github.com/cilium/ebpf/link/query.go | 63 +++ .../github.com/cilium/ebpf/link/syscalls.go | 25 +- vendor/github.com/cilium/ebpf/link/tracing.go | 2 +- vendor/github.com/cilium/ebpf/link/uprobe.go | 2 +- vendor/github.com/cilium/ebpf/linker.go | 36 +- vendor/github.com/cilium/ebpf/map.go | 71 ++- vendor/github.com/cilium/ebpf/prog.go | 161 +++--- vendor/github.com/cilium/ebpf/syscalls.go | 20 +- vendor/github.com/cilium/ebpf/types.go | 24 - vendor/github.com/cilium/ebpf/types_string.go | 10 +- vendor/modules.txt | 2 +- 42 files changed, 1769 insertions(+), 728 deletions(-) create mode 100644 vendor/github.com/cilium/ebpf/btf/marshal.go create mode 100644 vendor/github.com/cilium/ebpf/internal/sys/mapflags_string.go create mode 100644 vendor/github.com/cilium/ebpf/link/query.go diff --git a/go.mod b/go.mod index 5763720fb86..d07608a1e10 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.18 require ( github.com/checkpoint-restore/go-criu/v6 v6.3.0 - github.com/cilium/ebpf v0.9.3 + github.com/cilium/ebpf v0.10.0 github.com/containerd/console v1.0.3 github.com/coreos/go-systemd/v22 v22.5.0 github.com/cyphar/filepath-securejoin v0.2.3 diff --git a/go.sum b/go.sum index 541f2a55ab8..11c74661403 100644 --- a/go.sum +++ b/go.sum @@ -1,8 +1,8 @@ github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/checkpoint-restore/go-criu/v6 v6.3.0 h1:mIdrSO2cPNWQY1truPg6uHLXyKHk3Z5Odx4wjKOASzA= github.com/checkpoint-restore/go-criu/v6 v6.3.0/go.mod h1:rrRTN/uSwY2X+BPRl/gkulo9gsKOSAeVp9/K2tv7xZI= -github.com/cilium/ebpf v0.9.3 h1:5KtxXZU+scyERvkJMEm16TbScVvuuMrlhPly78ZMbSc= -github.com/cilium/ebpf v0.9.3/go.mod h1:w27N4UjpaQ9X/DGrSugxUG+H+NhgntDuPb5lCzxCn8A= +github.com/cilium/ebpf v0.10.0 h1:nk5HPMeoBXtOzbkZBWym+ZWq1GIiHUsBFXxwewXAHLQ= +github.com/cilium/ebpf v0.10.0/go.mod h1:DPiVdY/kT534dgc9ERmvP8mWA+9gvwgKfRvk4nNWnoE= github.com/containerd/console v1.0.3 h1:lIr7SlA5PxZyMV30bDW0MGbiOPXwc63yRuCP0ARubLw= github.com/containerd/console v1.0.3/go.mod h1:7LqA/THxQ86k76b8c/EMSiaJ3h1eZkMkXar0TQ1gf3U= github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs= @@ -17,15 +17,15 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4= github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= -github.com/frankban/quicktest v1.14.0 h1:+cqqvzZV87b4adx/5ayVOaYZ2CrvM4ejQvUdBzPPUss= +github.com/frankban/quicktest v1.14.4 h1:g2rn0vABPOOXmZUj+vbmUp0lPoXEMuhTpIluN0XL9UY= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk= github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ= +github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= -github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0= +github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/moby/sys/mountinfo v0.6.2 h1:BzJjoreD5BMFNmD9Rus6gdd1pLuecOFPt8wC+Vygl78= github.com/moby/sys/mountinfo v0.6.2/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI= @@ -37,7 +37,7 @@ github.com/opencontainers/selinux v1.10.2 h1:NFy2xCsjn7+WspbfZkUd5zyVeisV7VFbPSP github.com/opencontainers/selinux v1.10.2/go.mod h1:cARutUbaUrlRClyvxOICCgKixCs6L05aUsohzA3EkHQ= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/rogpeppe/go-internal v1.6.1 h1:/FiVV8dS/e+YqF2JvO3yXRFbBLTIuSDkuC7aBOAvL+k= +github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= @@ -67,7 +67,6 @@ golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.4.0 h1:Zr2JFtRQNX3BCZ8YtxRE9hNJYC8J6I1MVbMg6owUp18= golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w= diff --git a/vendor/github.com/cilium/ebpf/Makefile b/vendor/github.com/cilium/ebpf/Makefile index 581be3e1be3..c6dbebca6c3 100644 --- a/vendor/github.com/cilium/ebpf/Makefile +++ b/vendor/github.com/cilium/ebpf/Makefile @@ -77,9 +77,7 @@ all: format $(addsuffix -el.elf,$(TARGETS)) $(addsuffix -eb.elf,$(TARGETS)) gene generate: export BPF_CLANG := $(CLANG) generate: export BPF_CFLAGS := $(CFLAGS) generate: - go generate ./cmd/bpf2go/test - go generate ./internal/sys - go generate ./examples/... + go generate ./... testdata/loader-%-el.elf: testdata/loader.c $* $(CFLAGS) -target bpfel -c $< -o $@ diff --git a/vendor/github.com/cilium/ebpf/README.md b/vendor/github.com/cilium/ebpf/README.md index d9cc1053675..85e2d150dc0 100644 --- a/vendor/github.com/cilium/ebpf/README.md +++ b/vendor/github.com/cilium/ebpf/README.md @@ -21,7 +21,7 @@ eBPF and the library, and help shape the future of the project. ## Getting Help -The community actively monitors our [GitHub Discussions](discussions/) page. +The community actively monitors our [GitHub Discussions](https://github.com/cilium/ebpf/discussions) page. Please search for existing threads before starting a new one. Refrain from opening issues on the bug tracker if you're just starting out or if you're not sure if something is a bug in the library code. diff --git a/vendor/github.com/cilium/ebpf/asm/instruction.go b/vendor/github.com/cilium/ebpf/asm/instruction.go index f17d88b5186..19c5b646f71 100644 --- a/vendor/github.com/cilium/ebpf/asm/instruction.go +++ b/vendor/github.com/cilium/ebpf/asm/instruction.go @@ -354,6 +354,13 @@ func (ins Instruction) Size() uint64 { return uint64(InstructionSize * ins.OpCode.rawInstructions()) } +// WithMetadata sets the given Metadata on the Instruction. e.g. to copy +// Metadata from another Instruction when replacing it. +func (ins Instruction) WithMetadata(meta Metadata) Instruction { + ins.Metadata = meta + return ins +} + type symbolMeta struct{} // WithSymbol marks the Instruction as a Symbol, which other Instructions diff --git a/vendor/github.com/cilium/ebpf/btf/btf.go b/vendor/github.com/cilium/ebpf/btf/btf.go index 02575de3018..a27dcd16a89 100644 --- a/vendor/github.com/cilium/ebpf/btf/btf.go +++ b/vendor/github.com/cilium/ebpf/btf/btf.go @@ -11,6 +11,7 @@ import ( "math" "os" "reflect" + "sync" "github.com/cilium/ebpf/internal" "github.com/cilium/ebpf/internal/sys" @@ -21,9 +22,10 @@ const btfMagic = 0xeB9F // Errors returned by BTF functions. var ( - ErrNotSupported = internal.ErrNotSupported - ErrNotFound = errors.New("not found") - ErrNoExtendedInfo = errors.New("no extended info") + ErrNotSupported = internal.ErrNotSupported + ErrNotFound = errors.New("not found") + ErrNoExtendedInfo = errors.New("no extended info") + ErrMultipleMatches = errors.New("multiple matching types") ) // ID represents the unique ID of a BTF object. @@ -32,12 +34,11 @@ type ID = sys.BTFID // Spec represents decoded BTF. type Spec struct { // Data from .BTF. - rawTypes []rawType - strings *stringTable + strings *stringTable - // All types contained by the spec. For the base type, the position of - // a type in the slice is its ID. - types types + // All types contained by the spec, not including types from the base in + // case the spec was parsed from split BTF. + types []Type // Type IDs indexed by type. typeIDs map[Type]TypeID @@ -49,6 +50,8 @@ type Spec struct { byteOrder binary.ByteOrder } +var btfHeaderLen = binary.Size(&btfHeader{}) + type btfHeader struct { Magic uint16 Version uint8 @@ -92,10 +95,7 @@ func LoadSpecFromReader(rd io.ReaderAt) (*Spec, error) { file, err := internal.NewSafeELFFile(rd) if err != nil { if bo := guessRawBTFByteOrder(rd); bo != nil { - // Try to parse a naked BTF blob. This will return an error if - // we encounter a Datasec, since we can't fix it up. - spec, err := loadRawSpec(io.NewSectionReader(rd, 0, math.MaxInt64), bo, nil, nil) - return spec, err + return loadRawSpec(io.NewSectionReader(rd, 0, math.MaxInt64), bo, nil, nil) } return nil, err @@ -106,7 +106,7 @@ func LoadSpecFromReader(rd io.ReaderAt) (*Spec, error) { // LoadSpecAndExtInfosFromReader reads from an ELF. // -// ExtInfos may be nil if the ELF doesn't contain section metadta. +// ExtInfos may be nil if the ELF doesn't contain section metadata. // Returns ErrNotFound if the ELF contains no BTF. func LoadSpecAndExtInfosFromReader(rd io.ReaderAt) (*Spec, *ExtInfos, error) { file, err := internal.NewSafeELFFile(rd) @@ -127,40 +127,40 @@ func LoadSpecAndExtInfosFromReader(rd io.ReaderAt) (*Spec, *ExtInfos, error) { return spec, extInfos, nil } -// variableOffsets extracts all symbols offsets from an ELF and indexes them by +// symbolOffsets extracts all symbols offsets from an ELF and indexes them by // section and variable name. // // References to variables in BTF data sections carry unsigned 32-bit offsets. // Some ELF symbols (e.g. in vmlinux) may point to virtual memory that is well // beyond this range. Since these symbols cannot be described by BTF info, // ignore them here. -func variableOffsets(file *internal.SafeELFFile) (map[variable]uint32, error) { +func symbolOffsets(file *internal.SafeELFFile) (map[symbol]uint32, error) { symbols, err := file.Symbols() if err != nil { return nil, fmt.Errorf("can't read symbols: %v", err) } - variableOffsets := make(map[variable]uint32) - for _, symbol := range symbols { - if idx := symbol.Section; idx >= elf.SHN_LORESERVE && idx <= elf.SHN_HIRESERVE { + offsets := make(map[symbol]uint32) + for _, sym := range symbols { + if idx := sym.Section; idx >= elf.SHN_LORESERVE && idx <= elf.SHN_HIRESERVE { // Ignore things like SHN_ABS continue } - if symbol.Value > math.MaxUint32 { + if sym.Value > math.MaxUint32 { // VarSecinfo offset is u32, cannot reference symbols in higher regions. continue } - if int(symbol.Section) >= len(file.Sections) { - return nil, fmt.Errorf("symbol %s: invalid section %d", symbol.Name, symbol.Section) + if int(sym.Section) >= len(file.Sections) { + return nil, fmt.Errorf("symbol %s: invalid section %d", sym.Name, sym.Section) } - secName := file.Sections[symbol.Section].Name - variableOffsets[variable{secName, symbol.Name}] = uint32(symbol.Value) + secName := file.Sections[sym.Section].Name + offsets[symbol{secName, sym.Name}] = uint32(sym.Value) } - return variableOffsets, nil + return offsets, nil } func loadSpecFromELF(file *internal.SafeELFFile) (*Spec, error) { @@ -190,7 +190,7 @@ func loadSpecFromELF(file *internal.SafeELFFile) (*Spec, error) { return nil, fmt.Errorf("btf: %w", ErrNotFound) } - vars, err := variableOffsets(file) + offsets, err := symbolOffsets(file) if err != nil { return nil, err } @@ -199,17 +199,17 @@ func loadSpecFromELF(file *internal.SafeELFFile) (*Spec, error) { return nil, fmt.Errorf("compressed BTF is not supported") } - rawTypes, rawStrings, err := parseBTF(btfSection.ReaderAt, file.ByteOrder, nil) + spec, err := loadRawSpec(btfSection.ReaderAt, file.ByteOrder, nil, nil) if err != nil { return nil, err } - err = fixupDatasec(rawTypes, rawStrings, sectionSizes, vars) + err = fixupDatasec(spec.types, sectionSizes, offsets) if err != nil { return nil, err } - return inflateSpec(rawTypes, rawStrings, file.ByteOrder, nil) + return spec, nil } func loadRawSpec(btf io.ReaderAt, bo binary.ByteOrder, @@ -220,12 +220,6 @@ func loadRawSpec(btf io.ReaderAt, bo binary.ByteOrder, return nil, err } - return inflateSpec(rawTypes, rawStrings, bo, baseTypes) -} - -func inflateSpec(rawTypes []rawType, rawStrings *stringTable, bo binary.ByteOrder, - baseTypes types) (*Spec, error) { - types, err := inflateRawTypes(rawTypes, baseTypes, rawStrings) if err != nil { return nil, err @@ -234,7 +228,6 @@ func inflateSpec(rawTypes []rawType, rawStrings *stringTable, bo binary.ByteOrde typeIDs, typesByName := indexTypes(types, TypeID(len(baseTypes))) return &Spec{ - rawTypes: rawTypes, namedTypes: typesByName, typeIDs: typeIDs, types: types, @@ -272,20 +265,67 @@ func indexTypes(types []Type, typeIDOffset TypeID) (map[Type]TypeID, map[essenti // Defaults to /sys/kernel/btf/vmlinux and falls back to scanning the file system // for vmlinux ELFs. Returns an error wrapping ErrNotSupported if BTF is not enabled. func LoadKernelSpec() (*Spec, error) { + spec, _, err := kernelSpec() + return spec, err +} + +var kernelBTF struct { + sync.RWMutex + spec *Spec + // True if the spec was read from an ELF instead of raw BTF in /sys. + fallback bool +} + +// FlushKernelSpec removes any cached kernel type information. +func FlushKernelSpec() { + kernelBTF.Lock() + defer kernelBTF.Unlock() + + kernelBTF.spec, kernelBTF.fallback = nil, false +} + +func kernelSpec() (*Spec, bool, error) { + kernelBTF.RLock() + spec, fallback := kernelBTF.spec, kernelBTF.fallback + kernelBTF.RUnlock() + + if spec == nil { + kernelBTF.Lock() + defer kernelBTF.Unlock() + + spec, fallback = kernelBTF.spec, kernelBTF.fallback + } + + if spec != nil { + return spec.Copy(), fallback, nil + } + + spec, fallback, err := loadKernelSpec() + if err != nil { + return nil, false, err + } + + kernelBTF.spec, kernelBTF.fallback = spec, fallback + return spec.Copy(), fallback, nil +} + +func loadKernelSpec() (_ *Spec, fallback bool, _ error) { fh, err := os.Open("/sys/kernel/btf/vmlinux") if err == nil { defer fh.Close() - return loadRawSpec(fh, internal.NativeEndian, nil, nil) + spec, err := loadRawSpec(fh, internal.NativeEndian, nil, nil) + return spec, false, err } file, err := findVMLinux() if err != nil { - return nil, err + return nil, false, err } defer file.Close() - return loadSpecFromELF(file) + spec, err := loadSpecFromELF(file) + return spec, true, err } // findVMLinux scans multiple well-known paths for vmlinux kernel images. @@ -388,55 +428,38 @@ func parseBTF(btf io.ReaderAt, bo binary.ByteOrder, baseStrings *stringTable) ([ return rawTypes, rawStrings, nil } -type variable struct { +type symbol struct { section string name string } -func fixupDatasec(rawTypes []rawType, rawStrings *stringTable, sectionSizes map[string]uint32, variableOffsets map[variable]uint32) error { - for i, rawType := range rawTypes { - if rawType.Kind() != kindDatasec { +func fixupDatasec(types []Type, sectionSizes map[string]uint32, offsets map[symbol]uint32) error { + for _, typ := range types { + ds, ok := typ.(*Datasec) + if !ok { continue } - name, err := rawStrings.Lookup(rawType.NameOff) - if err != nil { - return err - } - + name := ds.Name if name == ".kconfig" || name == ".ksyms" { return fmt.Errorf("reference to %s: %w", name, ErrNotSupported) } - if rawTypes[i].SizeType != 0 { + if ds.Size != 0 { continue } - size, ok := sectionSizes[name] + ds.Size, ok = sectionSizes[name] if !ok { return fmt.Errorf("data section %s: missing size", name) } - rawTypes[i].SizeType = size - - secinfos := rawType.data.([]btfVarSecinfo) - for j, secInfo := range secinfos { - id := int(secInfo.Type - 1) - if id >= len(rawTypes) { - return fmt.Errorf("data section %s: invalid type id %d for variable %d", name, id, j) - } - - varName, err := rawStrings.Lookup(rawTypes[id].NameOff) - if err != nil { - return fmt.Errorf("data section %s: can't get name for type %d: %w", name, id, err) - } - - offset, ok := variableOffsets[variable{name, varName}] + for i := range ds.Vars { + symName := ds.Vars[i].Type.TypeName() + ds.Vars[i].Offset, ok = offsets[symbol{name, symName}] if !ok { - return fmt.Errorf("data section %s: missing offset for variable %s", name, varName) + return fmt.Errorf("data section %s: missing offset for symbol %s", name, symName) } - - secinfos[j].Offset = offset } } @@ -447,15 +470,10 @@ func fixupDatasec(rawTypes []rawType, rawStrings *stringTable, sectionSizes map[ func (s *Spec) Copy() *Spec { types := copyTypes(s.types, nil) - typeIDOffset := TypeID(0) - if len(s.types) != 0 { - typeIDOffset = s.typeIDs[s.types[0]] - } - typeIDs, typesByName := indexTypes(types, typeIDOffset) + typeIDs, typesByName := indexTypes(types, s.firstTypeID()) // NB: Other parts of spec are not copied since they are immutable. return &Spec{ - s.rawTypes, s.strings, types, typeIDs, @@ -464,67 +482,6 @@ func (s *Spec) Copy() *Spec { } } -type marshalOpts struct { - ByteOrder binary.ByteOrder - StripFuncLinkage bool -} - -func (s *Spec) marshal(opts marshalOpts) ([]byte, error) { - var ( - buf bytes.Buffer - header = new(btfHeader) - headerLen = binary.Size(header) - stringsLen int - ) - - // Reserve space for the header. We have to write it last since - // we don't know the size of the type section yet. - _, _ = buf.Write(make([]byte, headerLen)) - - // Write type section, just after the header. - for _, raw := range s.rawTypes { - switch { - case opts.StripFuncLinkage && raw.Kind() == kindFunc: - raw.SetLinkage(StaticFunc) - } - - if err := raw.Marshal(&buf, opts.ByteOrder); err != nil { - return nil, fmt.Errorf("can't marshal BTF: %w", err) - } - } - - typeLen := uint32(buf.Len() - headerLen) - - // Write string section after type section. - if s.strings != nil { - stringsLen = s.strings.Length() - buf.Grow(stringsLen) - if err := s.strings.Marshal(&buf); err != nil { - return nil, err - } - } - - // Fill out the header, and write it out. - header = &btfHeader{ - Magic: btfMagic, - Version: 1, - Flags: 0, - HdrLen: uint32(headerLen), - TypeOff: 0, - TypeLen: typeLen, - StringOff: typeLen, - StringLen: uint32(stringsLen), - } - - raw := buf.Bytes() - err := binary.Write(sliceWriter(raw[:headerLen]), opts.ByteOrder, header) - if err != nil { - return nil, fmt.Errorf("can't write header: %v", err) - } - - return raw, nil -} - type sliceWriter []byte func (sw sliceWriter) Write(p []byte) (int, error) { @@ -540,7 +497,14 @@ func (sw sliceWriter) Write(p []byte) (int, error) { // Returns an error wrapping ErrNotFound if a Type with the given ID // does not exist in the Spec. func (s *Spec) TypeByID(id TypeID) (Type, error) { - return s.types.ByID(id) + firstID := s.firstTypeID() + lastID := firstID + TypeID(len(s.types)) + + if id < firstID || id >= lastID { + return nil, fmt.Errorf("expected type ID between %d and %d, got %d: %w", firstID, lastID, id, ErrNotFound) + } + + return s.types[id-firstID], nil } // TypeID returns the ID for a given Type. @@ -601,16 +565,15 @@ func (s *Spec) AnyTypeByName(name string) (Type, error) { return types[0], nil } -// TypeByName searches for a Type with a specific name. Since multiple -// Types with the same name can exist, the parameter typ is taken to -// narrow down the search in case of a clash. +// TypeByName searches for a Type with a specific name. Since multiple Types +// with the same name can exist, the parameter typ is taken to narrow down the +// search in case of a clash. // -// typ must be a non-nil pointer to an implementation of a Type. -// On success, the address of the found Type will be copied to typ. +// typ must be a non-nil pointer to an implementation of a Type. On success, the +// address of the found Type will be copied to typ. // -// Returns an error wrapping ErrNotFound if no matching -// Type exists in the Spec. If multiple candidates are found, -// an error is returned. +// Returns an error wrapping ErrNotFound if no matching Type exists in the Spec. +// Returns an error wrapping ErrMultipleTypes if multiple candidates are found. func (s *Spec) TypeByName(name string, typ interface{}) error { typeInterface := reflect.TypeOf((*Type)(nil)).Elem() @@ -647,7 +610,7 @@ func (s *Spec) TypeByName(name string, typ interface{}) error { } if candidate != nil { - return fmt.Errorf("type %s: multiple candidates for %T", name, typ) + return fmt.Errorf("type %s(%T): %w", name, typ, ErrMultipleMatches) } candidate = typ @@ -662,6 +625,14 @@ func (s *Spec) TypeByName(name string, typ interface{}) error { return nil } +// firstTypeID returns the first type ID or zero. +func (s *Spec) firstTypeID() TypeID { + if len(s.types) > 0 { + return s.typeIDs[s.types[0]] + } + return 0 +} + // LoadSplitSpecFromReader loads split BTF from a reader. // // Types from base are used to resolve references in the split BTF. @@ -694,128 +665,6 @@ func (iter *TypesIterator) Next() bool { return true } -// Handle is a reference to BTF loaded into the kernel. -type Handle struct { - fd *sys.FD - - // Size of the raw BTF in bytes. - size uint32 -} - -// NewHandle loads BTF into the kernel. -// -// Returns ErrNotSupported if BTF is not supported. -func NewHandle(spec *Spec) (*Handle, error) { - if err := haveBTF(); err != nil { - return nil, err - } - - if spec.byteOrder != nil && spec.byteOrder != internal.NativeEndian { - return nil, fmt.Errorf("can't load %s BTF on %s", spec.byteOrder, internal.NativeEndian) - } - - btf, err := spec.marshal(marshalOpts{ - ByteOrder: internal.NativeEndian, - StripFuncLinkage: haveFuncLinkage() != nil, - }) - if err != nil { - return nil, fmt.Errorf("can't marshal BTF: %w", err) - } - - if uint64(len(btf)) > math.MaxUint32 { - return nil, errors.New("BTF exceeds the maximum size") - } - - attr := &sys.BtfLoadAttr{ - Btf: sys.NewSlicePointer(btf), - BtfSize: uint32(len(btf)), - } - - fd, err := sys.BtfLoad(attr) - if err != nil { - logBuf := make([]byte, 64*1024) - attr.BtfLogBuf = sys.NewSlicePointer(logBuf) - attr.BtfLogSize = uint32(len(logBuf)) - attr.BtfLogLevel = 1 - - // Up until at least kernel 6.0, the BTF verifier does not return ENOSPC - // if there are other verification errors. ENOSPC is only returned when - // the BTF blob is correct, a log was requested, and the provided buffer - // is too small. - _, ve := sys.BtfLoad(attr) - return nil, internal.ErrorWithLog(err, logBuf, errors.Is(ve, unix.ENOSPC)) - } - - return &Handle{fd, attr.BtfSize}, nil -} - -// NewHandleFromID returns the BTF handle for a given id. -// -// Prefer calling [ebpf.Program.Handle] or [ebpf.Map.Handle] if possible. -// -// Returns ErrNotExist, if there is no BTF with the given id. -// -// Requires CAP_SYS_ADMIN. -func NewHandleFromID(id ID) (*Handle, error) { - fd, err := sys.BtfGetFdById(&sys.BtfGetFdByIdAttr{ - Id: uint32(id), - }) - if err != nil { - return nil, fmt.Errorf("get FD for ID %d: %w", id, err) - } - - info, err := newHandleInfoFromFD(fd) - if err != nil { - _ = fd.Close() - return nil, err - } - - return &Handle{fd, info.size}, nil -} - -// Spec parses the kernel BTF into Go types. -// -// base is used to decode split BTF and may be nil. -func (h *Handle) Spec(base *Spec) (*Spec, error) { - var btfInfo sys.BtfInfo - btfBuffer := make([]byte, h.size) - btfInfo.Btf, btfInfo.BtfSize = sys.NewSlicePointerLen(btfBuffer) - - if err := sys.ObjInfo(h.fd, &btfInfo); err != nil { - return nil, err - } - - var baseTypes types - var baseStrings *stringTable - if base != nil { - baseTypes = base.types - baseStrings = base.strings - } - - return loadRawSpec(bytes.NewReader(btfBuffer), internal.NativeEndian, baseTypes, baseStrings) -} - -// Close destroys the handle. -// -// Subsequent calls to FD will return an invalid value. -func (h *Handle) Close() error { - if h == nil { - return nil - } - - return h.fd.Close() -} - -// FD returns the file descriptor for the handle. -func (h *Handle) FD() int { - return h.fd.Int() -} - -// Info returns metadata about the handle. -func (h *Handle) Info() (*HandleInfo, error) { - return newHandleInfoFromFD(h.fd) -} - func marshalBTF(types interface{}, strings []byte, bo binary.ByteOrder) []byte { const minHeaderLength = 24 @@ -838,19 +687,52 @@ func marshalBTF(types interface{}, strings []byte, bo binary.ByteOrder) []byte { return buf.Bytes() } -var haveBTF = internal.FeatureTest("BTF", "5.1", func() error { +// haveBTF attempts to load a BTF blob containing an Int. It should pass on any +// kernel that supports BPF_BTF_LOAD. +var haveBTF = internal.NewFeatureTest("BTF", "4.18", func() error { + var ( + types struct { + Integer btfType + btfInt + } + strings = []byte{0} + ) + types.Integer.SetKind(kindInt) // 0-length anonymous integer + + btf := marshalBTF(&types, strings, internal.NativeEndian) + + fd, err := sys.BtfLoad(&sys.BtfLoadAttr{ + Btf: sys.NewSlicePointer(btf), + BtfSize: uint32(len(btf)), + }) + if errors.Is(err, unix.EINVAL) || errors.Is(err, unix.EPERM) { + return internal.ErrNotSupported + } + if err != nil { + return err + } + + fd.Close() + return nil +}) + +// haveMapBTF attempts to load a minimal BTF blob containing a Var. It is +// used as a proxy for .bss, .data and .rodata map support, which generally +// come with a Var and Datasec. These were introduced in Linux 5.2. +var haveMapBTF = internal.NewFeatureTest("Map BTF (Var/Datasec)", "5.2", func() error { + if err := haveBTF(); err != nil { + return err + } + var ( types struct { Integer btfType Var btfType - btfVar struct{ Linkage uint32 } + btfVariable } strings = []byte{0, 'a', 0} ) - // We use a BTF_KIND_VAR here, to make sure that - // the kernel understands BTF at least as well as we - // do. BTF_KIND_VAR was introduced ~5.1. types.Integer.SetKind(kindPointer) types.Var.NameOff = 1 types.Var.SetKind(kindVar) @@ -863,8 +745,8 @@ var haveBTF = internal.FeatureTest("BTF", "5.1", func() error { BtfSize: uint32(len(btf)), }) if errors.Is(err, unix.EINVAL) || errors.Is(err, unix.EPERM) { - // Treat both EINVAL and EPERM as not supported: loading the program - // might still succeed without BTF. + // Treat both EINVAL and EPERM as not supported: creating the map may still + // succeed without Btf* attrs. return internal.ErrNotSupported } if err != nil { @@ -875,7 +757,10 @@ var haveBTF = internal.FeatureTest("BTF", "5.1", func() error { return nil }) -var haveFuncLinkage = internal.FeatureTest("BTF func linkage", "5.6", func() error { +// haveProgBTF attempts to load a BTF blob containing a Func and FuncProto. It +// is used as a proxy for ext_info (func_info) support, which depends on +// Func(Proto) by definition. +var haveProgBTF = internal.NewFeatureTest("Program BTF (func/line_info)", "5.0", func() error { if err := haveBTF(); err != nil { return err } @@ -888,6 +773,41 @@ var haveFuncLinkage = internal.FeatureTest("BTF func linkage", "5.6", func() err strings = []byte{0, 'a', 0} ) + types.FuncProto.SetKind(kindFuncProto) + types.Func.SetKind(kindFunc) + types.Func.SizeType = 1 // aka FuncProto + types.Func.NameOff = 1 + + btf := marshalBTF(&types, strings, internal.NativeEndian) + + fd, err := sys.BtfLoad(&sys.BtfLoadAttr{ + Btf: sys.NewSlicePointer(btf), + BtfSize: uint32(len(btf)), + }) + if errors.Is(err, unix.EINVAL) || errors.Is(err, unix.EPERM) { + return internal.ErrNotSupported + } + if err != nil { + return err + } + + fd.Close() + return nil +}) + +var haveFuncLinkage = internal.NewFeatureTest("BTF func linkage", "5.6", func() error { + if err := haveProgBTF(); err != nil { + return err + } + + var ( + types struct { + FuncProto btfType + Func btfType + } + strings = []byte{0, 'a', 0} + ) + types.FuncProto.SetKind(kindFuncProto) types.Func.SetKind(kindFunc) types.Func.SizeType = 1 // aka FuncProto diff --git a/vendor/github.com/cilium/ebpf/btf/btf_types.go b/vendor/github.com/cilium/ebpf/btf/btf_types.go index d64916d76bb..dc568a90e1d 100644 --- a/vendor/github.com/cilium/ebpf/btf/btf_types.go +++ b/vendor/github.com/cilium/ebpf/btf/btf_types.go @@ -36,6 +36,8 @@ const ( // Added 5.16 kindDeclTag // DeclTag kindTypeTag // TypeTag + // Added 6.0 + kindEnum64 // Enum64 ) // FuncLinkage describes BTF function linkage metadata. @@ -66,6 +68,8 @@ const ( btfTypeKindFlagMask = 1 ) +var btfTypeLen = binary.Size(btfType{}) + // btfType is equivalent to struct btf_type in Documentation/bpf/btf.rst. type btfType struct { NameOff uint32 @@ -126,10 +130,43 @@ func (bt *btfType) SetVlen(vlen int) { bt.setInfo(uint32(vlen), btfTypeVlenMask, btfTypeVlenShift) } -func (bt *btfType) KindFlag() bool { +func (bt *btfType) kindFlagBool() bool { return bt.info(btfTypeKindFlagMask, btfTypeKindFlagShift) == 1 } +func (bt *btfType) setKindFlagBool(set bool) { + var value uint32 + if set { + value = 1 + } + bt.setInfo(value, btfTypeKindFlagMask, btfTypeKindFlagShift) +} + +// Bitfield returns true if the struct or union contain a bitfield. +func (bt *btfType) Bitfield() bool { + return bt.kindFlagBool() +} + +func (bt *btfType) SetBitfield(isBitfield bool) { + bt.setKindFlagBool(isBitfield) +} + +func (bt *btfType) FwdKind() FwdKind { + return FwdKind(bt.info(btfTypeKindFlagMask, btfTypeKindFlagShift)) +} + +func (bt *btfType) SetFwdKind(kind FwdKind) { + bt.setInfo(uint32(kind), btfTypeKindFlagMask, btfTypeKindFlagShift) +} + +func (bt *btfType) Signed() bool { + return bt.kindFlagBool() +} + +func (bt *btfType) SetSigned(signed bool) { + bt.setKindFlagBool(signed) +} + func (bt *btfType) Linkage() FuncLinkage { return FuncLinkage(bt.info(btfTypeVlenMask, btfTypeVlenShift)) } @@ -143,6 +180,10 @@ func (bt *btfType) Type() TypeID { return TypeID(bt.SizeType) } +func (bt *btfType) SetType(id TypeID) { + bt.SizeType = uint32(id) +} + func (bt *btfType) Size() uint32 { // TODO: Panic here if wrong kind? return bt.SizeType @@ -240,6 +281,12 @@ type btfEnum struct { Val uint32 } +type btfEnum64 struct { + NameOff uint32 + ValLo32 uint32 + ValHi32 uint32 +} + type btfParam struct { NameOff uint32 Type TypeID @@ -254,7 +301,7 @@ func readTypes(r io.Reader, bo binary.ByteOrder, typeLen uint32) ([]rawType, err // because of the interleaving between types and struct members it is difficult to // precompute the numbers of raw types this will parse // this "guess" is a good first estimation - sizeOfbtfType := uintptr(binary.Size(btfType{})) + sizeOfbtfType := uintptr(btfTypeLen) tyMaxCount := uintptr(typeLen) / sizeOfbtfType / 2 types := make([]rawType, 0, tyMaxCount) @@ -294,6 +341,8 @@ func readTypes(r io.Reader, bo binary.ByteOrder, typeLen uint32) ([]rawType, err case kindDeclTag: data = new(btfDeclTag) case kindTypeTag: + case kindEnum64: + data = make([]btfEnum64, header.Vlen()) default: return nil, fmt.Errorf("type id %v: unknown kind: %v", id, header.Kind()) } diff --git a/vendor/github.com/cilium/ebpf/btf/btf_types_string.go b/vendor/github.com/cilium/ebpf/btf/btf_types_string.go index fdb2662b0f1..b7a1b80d151 100644 --- a/vendor/github.com/cilium/ebpf/btf/btf_types_string.go +++ b/vendor/github.com/cilium/ebpf/btf/btf_types_string.go @@ -65,11 +65,12 @@ func _() { _ = x[kindFloat-16] _ = x[kindDeclTag-17] _ = x[kindTypeTag-18] + _ = x[kindEnum64-19] } -const _btfKind_name = "UnknownIntPointerArrayStructUnionEnumForwardTypedefVolatileConstRestrictFuncFuncProtoVarDatasecFloatDeclTagTypeTag" +const _btfKind_name = "UnknownIntPointerArrayStructUnionEnumForwardTypedefVolatileConstRestrictFuncFuncProtoVarDatasecFloatDeclTagTypeTagEnum64" -var _btfKind_index = [...]uint8{0, 7, 10, 17, 22, 28, 33, 37, 44, 51, 59, 64, 72, 76, 85, 88, 95, 100, 107, 114} +var _btfKind_index = [...]uint8{0, 7, 10, 17, 22, 28, 33, 37, 44, 51, 59, 64, 72, 76, 85, 88, 95, 100, 107, 114, 120} func (i btfKind) String() string { if i >= btfKind(len(_btfKind_index)-1) { diff --git a/vendor/github.com/cilium/ebpf/btf/core.go b/vendor/github.com/cilium/ebpf/btf/core.go index f952b654eca..a0d2c1f974a 100644 --- a/vendor/github.com/cilium/ebpf/btf/core.go +++ b/vendor/github.com/cilium/ebpf/btf/core.go @@ -251,7 +251,7 @@ func coreCalculateFixups(relos []*CORERelocation, targetSpec *Spec, targets []Ty for _, relo := range relos { fixup, err := coreCalculateFixup(relo, target, targetID, bo) if err != nil { - return nil, fmt.Errorf("target %s: %w", target, err) + return nil, fmt.Errorf("target %s: %s: %w", target, relo.kind, err) } if fixup.poison || fixup.isNonExistant() { score++ @@ -320,7 +320,7 @@ func coreCalculateFixup(relo *CORERelocation, target Type, targetID TypeID, bo b switch relo.kind { case reloTypeIDTarget, reloTypeSize, reloTypeExists: if len(relo.accessor) > 1 || relo.accessor[0] != 0 { - return zero, fmt.Errorf("%s: unexpected accessor %v", relo.kind, relo.accessor) + return zero, fmt.Errorf("unexpected accessor %v", relo.accessor) } err := coreAreTypesCompatible(local, target) @@ -328,7 +328,7 @@ func coreCalculateFixup(relo *CORERelocation, target Type, targetID TypeID, bo b return poison() } if err != nil { - return zero, fmt.Errorf("relocation %s: %w", relo.kind, err) + return zero, err } switch relo.kind { @@ -358,7 +358,7 @@ func coreCalculateFixup(relo *CORERelocation, target Type, targetID TypeID, bo b return poison() } if err != nil { - return zero, fmt.Errorf("relocation %s: %w", relo.kind, err) + return zero, err } switch relo.kind { @@ -395,7 +395,7 @@ func coreCalculateFixup(relo *CORERelocation, target Type, targetID TypeID, bo b return poison() } if err != nil { - return zero, fmt.Errorf("target %s: %w", target, err) + return zero, err } maybeSkipValidation := func(f COREFixup, err error) (COREFixup, error) { @@ -451,7 +451,7 @@ func coreCalculateFixup(relo *CORERelocation, target Type, targetID TypeID, bo b } } - return zero, fmt.Errorf("relocation %s: %w", relo.kind, ErrNotSupported) + return zero, ErrNotSupported } /* coreAccessor contains a path through a struct. It contains at least one index. @@ -552,6 +552,10 @@ type coreField struct { } func (cf *coreField) adjustOffsetToNthElement(n int) error { + if n == 0 { + return nil + } + size, err := Sizeof(cf.Type) if err != nil { return err @@ -608,6 +612,10 @@ func coreFindField(localT Type, localAcc coreAccessor, targetT Type) (coreField, local := coreField{Type: localT} target := coreField{Type: targetT} + if err := coreAreMembersCompatible(local.Type, target.Type); err != nil { + return coreField{}, coreField{}, fmt.Errorf("fields: %w", err) + } + // The first index is used to offset a pointer of the base type like // when accessing an array. if err := local.adjustOffsetToNthElement(localAcc[0]); err != nil { @@ -618,10 +626,6 @@ func coreFindField(localT Type, localAcc coreAccessor, targetT Type) (coreField, return coreField{}, coreField{}, err } - if err := coreAreMembersCompatible(local.Type, target.Type); err != nil { - return coreField{}, coreField{}, fmt.Errorf("fields: %w", err) - } - var localMaybeFlex, targetMaybeFlex bool for i, acc := range localAcc[1:] { switch localType := local.Type.(type) { diff --git a/vendor/github.com/cilium/ebpf/btf/ext_info.go b/vendor/github.com/cilium/ebpf/btf/ext_info.go index 36e38abaeb9..36f3b7baff3 100644 --- a/vendor/github.com/cilium/ebpf/btf/ext_info.go +++ b/vendor/github.com/cilium/ebpf/btf/ext_info.go @@ -8,6 +8,7 @@ import ( "io" "math" "sort" + "sync" "github.com/cilium/ebpf/asm" "github.com/cilium/ebpf/internal" @@ -114,7 +115,7 @@ func (ei *ExtInfos) Assign(insns asm.Instructions, section string) { iter := insns.Iterate() for iter.Next() { if len(funcInfos) > 0 && funcInfos[0].offset == iter.Offset { - iter.Ins.Metadata.Set(funcInfoMeta{}, funcInfos[0].fn) + *iter.Ins = WithFuncMetadata(*iter.Ins, funcInfos[0].fn) funcInfos = funcInfos[1:] } @@ -130,19 +131,50 @@ func (ei *ExtInfos) Assign(insns asm.Instructions, section string) { } } +var nativeEncoderPool = sync.Pool{ + New: func() any { + return newEncoder(kernelEncoderOptions, nil) + }, +} + // MarshalExtInfos encodes function and line info embedded in insns into kernel // wire format. -func MarshalExtInfos(insns asm.Instructions, typeID func(Type) (TypeID, error)) (funcInfos, lineInfos []byte, _ error) { +// +// Returns ErrNotSupported if the kernel doesn't support BTF-associated programs. +func MarshalExtInfos(insns asm.Instructions) (_ *Handle, funcInfos, lineInfos []byte, _ error) { + // Bail out early if the kernel doesn't support Func(Proto). If this is the + // case, func_info will also be unsupported. + if err := haveProgBTF(); err != nil { + return nil, nil, nil, err + } + iter := insns.Iterate() - var fiBuf, liBuf bytes.Buffer for iter.Next() { + _, ok := iter.Ins.Source().(*Line) + fn := FuncMetadata(iter.Ins) + if ok || fn != nil { + goto marshal + } + } + + // Avoid allocating encoder, etc. if there is no BTF at all. + return nil, nil, nil, nil + +marshal: + enc := nativeEncoderPool.Get().(*encoder) + defer nativeEncoderPool.Put(enc) + + enc.Reset() + + var fiBuf, liBuf bytes.Buffer + for { if fn := FuncMetadata(iter.Ins); fn != nil { fi := &funcInfo{ fn: fn, offset: iter.Offset, } - if err := fi.marshal(&fiBuf, typeID); err != nil { - return nil, nil, fmt.Errorf("write func info: %w", err) + if err := fi.marshal(&fiBuf, enc); err != nil { + return nil, nil, nil, fmt.Errorf("write func info: %w", err) } } @@ -151,12 +183,23 @@ func MarshalExtInfos(insns asm.Instructions, typeID func(Type) (TypeID, error)) line: line, offset: iter.Offset, } - if err := li.marshal(&liBuf); err != nil { - return nil, nil, fmt.Errorf("write line info: %w", err) + if err := li.marshal(&liBuf, enc.strings); err != nil { + return nil, nil, nil, fmt.Errorf("write line info: %w", err) } } + + if !iter.Next() { + break + } + } + + btf, err := enc.Encode() + if err != nil { + return nil, nil, nil, err } - return fiBuf.Bytes(), liBuf.Bytes(), nil + + handle, err := newHandleFromRawBTF(btf) + return handle, fiBuf.Bytes(), liBuf.Bytes(), err } // btfExtHeader is found at the start of the .BTF.ext section. @@ -349,8 +392,8 @@ func newFuncInfos(bfis []bpfFuncInfo, ts types) ([]funcInfo, error) { } // marshal into the BTF wire format. -func (fi *funcInfo) marshal(w io.Writer, typeID func(Type) (TypeID, error)) error { - id, err := typeID(fi.fn) +func (fi *funcInfo) marshal(w *bytes.Buffer, enc *encoder) error { + id, err := enc.Add(fi.fn) if err != nil { return err } @@ -358,7 +401,11 @@ func (fi *funcInfo) marshal(w io.Writer, typeID func(Type) (TypeID, error)) erro InsnOff: uint32(fi.offset), TypeID: id, } - return binary.Write(w, internal.NativeEndian, &bfi) + buf := make([]byte, FuncInfoSize) + internal.NativeEndian.PutUint32(buf, bfi.InsnOff) + internal.NativeEndian.PutUint32(buf[4:], uint32(bfi.TypeID)) + _, err = w.Write(buf) + return err } // parseLineInfos parses a func_info sub-section within .BTF.ext ito a map of @@ -428,12 +475,6 @@ type Line struct { line string lineNumber uint32 lineColumn uint32 - - // TODO: We should get rid of the fields below, but for that we need to be - // able to write BTF. - - fileNameOff uint32 - lineOff uint32 } func (li *Line) FileName() string { @@ -496,8 +537,6 @@ func newLineInfo(li bpfLineInfo, strings *stringTable) (*lineInfo, error) { line, lineNumber, lineColumn, - li.FileNameOff, - li.LineOff, }, asm.RawInstructionOffset(li.InsnOff), }, nil @@ -519,7 +558,7 @@ func newLineInfos(blis []bpfLineInfo, strings *stringTable) ([]lineInfo, error) } // marshal writes the binary representation of the LineInfo to w. -func (li *lineInfo) marshal(w io.Writer) error { +func (li *lineInfo) marshal(w *bytes.Buffer, stb *stringTableBuilder) error { line := li.line if line.lineNumber > bpfLineMax { return fmt.Errorf("line %d exceeds %d", line.lineNumber, bpfLineMax) @@ -529,13 +568,30 @@ func (li *lineInfo) marshal(w io.Writer) error { return fmt.Errorf("column %d exceeds %d", line.lineColumn, bpfColumnMax) } + fileNameOff, err := stb.Add(line.fileName) + if err != nil { + return fmt.Errorf("file name %q: %w", line.fileName, err) + } + + lineOff, err := stb.Add(line.line) + if err != nil { + return fmt.Errorf("line %q: %w", line.line, err) + } + bli := bpfLineInfo{ uint32(li.offset), - line.fileNameOff, - line.lineOff, + fileNameOff, + lineOff, (line.lineNumber << bpfLineShift) | line.lineColumn, } - return binary.Write(w, internal.NativeEndian, &bli) + + buf := make([]byte, LineInfoSize) + internal.NativeEndian.PutUint32(buf, bli.InsnOff) + internal.NativeEndian.PutUint32(buf[4:], bli.FileNameOff) + internal.NativeEndian.PutUint32(buf[8:], bli.LineOff) + internal.NativeEndian.PutUint32(buf[12:], bli.LineCol) + _, err = w.Write(buf) + return err } // parseLineInfos parses a line_info sub-section within .BTF.ext ito a map of diff --git a/vendor/github.com/cilium/ebpf/btf/format.go b/vendor/github.com/cilium/ebpf/btf/format.go index 4376ecc83ac..e85220259e7 100644 --- a/vendor/github.com/cilium/ebpf/btf/format.go +++ b/vendor/github.com/cilium/ebpf/btf/format.go @@ -293,7 +293,11 @@ func (gf *GoFormatter) writeDatasecLit(ds *Datasec, depth int) error { prevOffset := uint32(0) for i, vsi := range ds.Vars { - v := vsi.Type.(*Var) + v, ok := vsi.Type.(*Var) + if !ok { + return fmt.Errorf("can't format %s as part of data section", vsi.Type) + } + if v.Linkage != GlobalVar { // Ignore static, extern, etc. for now. continue diff --git a/vendor/github.com/cilium/ebpf/btf/handle.go b/vendor/github.com/cilium/ebpf/btf/handle.go index 3d540e49c46..9a864d1777b 100644 --- a/vendor/github.com/cilium/ebpf/btf/handle.go +++ b/vendor/github.com/cilium/ebpf/btf/handle.go @@ -1,14 +1,155 @@ package btf import ( + "bytes" "errors" "fmt" + "math" "os" + "github.com/cilium/ebpf/internal" "github.com/cilium/ebpf/internal/sys" "github.com/cilium/ebpf/internal/unix" ) +// Handle is a reference to BTF loaded into the kernel. +type Handle struct { + fd *sys.FD + + // Size of the raw BTF in bytes. + size uint32 + + needsKernelBase bool +} + +// NewHandle loads BTF into the kernel. +// +// Returns ErrNotSupported if BTF is not supported. +func NewHandle(spec *Spec) (*Handle, error) { + if spec.byteOrder != nil && spec.byteOrder != internal.NativeEndian { + return nil, fmt.Errorf("can't load %s BTF on %s", spec.byteOrder, internal.NativeEndian) + } + + enc := newEncoder(kernelEncoderOptions, newStringTableBuilderFromTable(spec.strings)) + + for _, typ := range spec.types { + _, err := enc.Add(typ) + if err != nil { + return nil, fmt.Errorf("add %s: %w", typ, err) + } + } + + btf, err := enc.Encode() + if err != nil { + return nil, fmt.Errorf("marshal BTF: %w", err) + } + + return newHandleFromRawBTF(btf) +} + +func newHandleFromRawBTF(btf []byte) (*Handle, error) { + if uint64(len(btf)) > math.MaxUint32 { + return nil, errors.New("BTF exceeds the maximum size") + } + + attr := &sys.BtfLoadAttr{ + Btf: sys.NewSlicePointer(btf), + BtfSize: uint32(len(btf)), + } + + fd, err := sys.BtfLoad(attr) + if err == nil { + return &Handle{fd, attr.BtfSize, false}, nil + } + + if err := haveBTF(); err != nil { + return nil, err + } + + logBuf := make([]byte, 64*1024) + attr.BtfLogBuf = sys.NewSlicePointer(logBuf) + attr.BtfLogSize = uint32(len(logBuf)) + attr.BtfLogLevel = 1 + + // Up until at least kernel 6.0, the BTF verifier does not return ENOSPC + // if there are other verification errors. ENOSPC is only returned when + // the BTF blob is correct, a log was requested, and the provided buffer + // is too small. + _, ve := sys.BtfLoad(attr) + return nil, internal.ErrorWithLog("load btf", err, logBuf, errors.Is(ve, unix.ENOSPC)) +} + +// NewHandleFromID returns the BTF handle for a given id. +// +// Prefer calling [ebpf.Program.Handle] or [ebpf.Map.Handle] if possible. +// +// Returns ErrNotExist, if there is no BTF with the given id. +// +// Requires CAP_SYS_ADMIN. +func NewHandleFromID(id ID) (*Handle, error) { + fd, err := sys.BtfGetFdById(&sys.BtfGetFdByIdAttr{ + Id: uint32(id), + }) + if err != nil { + return nil, fmt.Errorf("get FD for ID %d: %w", id, err) + } + + info, err := newHandleInfoFromFD(fd) + if err != nil { + _ = fd.Close() + return nil, err + } + + return &Handle{fd, info.size, info.IsModule()}, nil +} + +// Spec parses the kernel BTF into Go types. +func (h *Handle) Spec() (*Spec, error) { + var btfInfo sys.BtfInfo + btfBuffer := make([]byte, h.size) + btfInfo.Btf, btfInfo.BtfSize = sys.NewSlicePointerLen(btfBuffer) + + if err := sys.ObjInfo(h.fd, &btfInfo); err != nil { + return nil, err + } + + if !h.needsKernelBase { + return loadRawSpec(bytes.NewReader(btfBuffer), internal.NativeEndian, nil, nil) + } + + base, fallback, err := kernelSpec() + if err != nil { + return nil, fmt.Errorf("load BTF base: %w", err) + } + + if fallback { + return nil, fmt.Errorf("can't load split BTF without access to /sys") + } + + return loadRawSpec(bytes.NewReader(btfBuffer), internal.NativeEndian, base.types, base.strings) +} + +// Close destroys the handle. +// +// Subsequent calls to FD will return an invalid value. +func (h *Handle) Close() error { + if h == nil { + return nil + } + + return h.fd.Close() +} + +// FD returns the file descriptor for the handle. +func (h *Handle) FD() int { + return h.fd.Int() +} + +// Info returns metadata about the handle. +func (h *Handle) Info() (*HandleInfo, error) { + return newHandleInfoFromFD(h.fd) +} + // HandleInfo describes a Handle. type HandleInfo struct { // ID of this handle in the kernel. The ID is only valid as long as the diff --git a/vendor/github.com/cilium/ebpf/btf/marshal.go b/vendor/github.com/cilium/ebpf/btf/marshal.go new file mode 100644 index 00000000000..4ae479bd98a --- /dev/null +++ b/vendor/github.com/cilium/ebpf/btf/marshal.go @@ -0,0 +1,422 @@ +package btf + +import ( + "bytes" + "encoding/binary" + "errors" + "fmt" + "math" + + "github.com/cilium/ebpf/internal" +) + +type encoderOptions struct { + ByteOrder binary.ByteOrder + // Remove function linkage information for compatibility with <5.6 kernels. + StripFuncLinkage bool +} + +// kernelEncoderOptions will generate BTF suitable for the current kernel. +var kernelEncoderOptions encoderOptions + +func init() { + kernelEncoderOptions = encoderOptions{ + ByteOrder: internal.NativeEndian, + StripFuncLinkage: haveFuncLinkage() != nil, + } +} + +// encoder turns Types into raw BTF. +type encoder struct { + opts encoderOptions + + buf *bytes.Buffer + strings *stringTableBuilder + allocatedIDs map[Type]TypeID + nextID TypeID + // Temporary storage for Add. + pending internal.Deque[Type] + // Temporary storage for deflateType. + raw rawType +} + +// newEncoder returns a new builder for the given byte order. +// +// See [KernelEncoderOptions] to build BTF for the current system. +func newEncoder(opts encoderOptions, strings *stringTableBuilder) *encoder { + enc := &encoder{ + opts: opts, + buf: bytes.NewBuffer(make([]byte, btfHeaderLen)), + } + enc.reset(strings) + return enc +} + +// Reset internal state to be able to reuse the Encoder. +func (e *encoder) Reset() { + e.reset(nil) +} + +func (e *encoder) reset(strings *stringTableBuilder) { + if strings == nil { + strings = newStringTableBuilder() + } + + e.buf.Truncate(btfHeaderLen) + e.strings = strings + e.allocatedIDs = make(map[Type]TypeID) + e.nextID = 1 +} + +// Add a Type. +// +// Adding the same Type multiple times is valid and will return a stable ID. +// +// Calling the method has undefined behaviour if it previously returned an error. +func (e *encoder) Add(typ Type) (TypeID, error) { + if typ == nil { + return 0, errors.New("cannot Add a nil Type") + } + + hasID := func(t Type) (skip bool) { + _, isVoid := t.(*Void) + _, alreadyEncoded := e.allocatedIDs[t] + return isVoid || alreadyEncoded + } + + e.pending.Reset() + + allocateID := func(typ Type) { + e.pending.Push(typ) + e.allocatedIDs[typ] = e.nextID + e.nextID++ + } + + iter := postorderTraversal(typ, hasID) + for iter.Next() { + if hasID(iter.Type) { + // This type is part of a cycle and we've already deflated it. + continue + } + + // Allocate an ID for the next type. + allocateID(iter.Type) + + for !e.pending.Empty() { + t := e.pending.Shift() + + // Ensure that all direct descendants have been allocated an ID + // before calling deflateType. + walkType(t, func(child *Type) { + if !hasID(*child) { + // t refers to a type which hasn't been allocated an ID + // yet, which only happens for circular types. + allocateID(*child) + } + }) + + if err := e.deflateType(t); err != nil { + return 0, fmt.Errorf("deflate %s: %w", t, err) + } + } + } + + return e.allocatedIDs[typ], nil +} + +// Encode the raw BTF blob. +// +// The returned slice is valid until the next call to Add. +func (e *encoder) Encode() ([]byte, error) { + length := e.buf.Len() + + // Truncate the string table on return to allow adding more types. + defer e.buf.Truncate(length) + + typeLen := uint32(length - btfHeaderLen) + + // Reserve space for the string table. + stringLen := e.strings.Length() + e.buf.Grow(stringLen) + + buf := e.buf.Bytes()[:length+stringLen] + e.strings.MarshalBuffer(buf[length:]) + + // Fill out the header, and write it out. + header := &btfHeader{ + Magic: btfMagic, + Version: 1, + Flags: 0, + HdrLen: uint32(btfHeaderLen), + TypeOff: 0, + TypeLen: typeLen, + StringOff: typeLen, + StringLen: uint32(stringLen), + } + + err := binary.Write(sliceWriter(buf[:btfHeaderLen]), e.opts.ByteOrder, header) + if err != nil { + return nil, fmt.Errorf("can't write header: %v", err) + } + + return buf, nil +} + +func (e *encoder) deflateType(typ Type) (err error) { + raw := &e.raw + *raw = rawType{} + raw.NameOff, err = e.strings.Add(typ.TypeName()) + if err != nil { + return err + } + + switch v := typ.(type) { + case *Int: + raw.SetKind(kindInt) + raw.SetSize(v.Size) + + var bi btfInt + bi.SetEncoding(v.Encoding) + // We need to set bits in addition to size, since btf_type_int_is_regular + // otherwise flags this as a bitfield. + bi.SetBits(byte(v.Size) * 8) + raw.data = bi + + case *Pointer: + raw.SetKind(kindPointer) + raw.SetType(e.allocatedIDs[v.Target]) + + case *Array: + raw.SetKind(kindArray) + raw.data = &btfArray{ + e.allocatedIDs[v.Type], + e.allocatedIDs[v.Index], + v.Nelems, + } + + case *Struct: + raw.SetKind(kindStruct) + raw.SetSize(v.Size) + raw.data, err = e.convertMembers(&raw.btfType, v.Members) + + case *Union: + raw.SetKind(kindUnion) + raw.SetSize(v.Size) + raw.data, err = e.convertMembers(&raw.btfType, v.Members) + + case *Enum: + raw.SetSize(v.size()) + raw.SetVlen(len(v.Values)) + raw.SetSigned(v.Signed) + + if v.has64BitValues() { + raw.SetKind(kindEnum64) + raw.data, err = e.deflateEnum64Values(v.Values) + } else { + raw.SetKind(kindEnum) + raw.data, err = e.deflateEnumValues(v.Values) + } + + case *Fwd: + raw.SetKind(kindForward) + raw.SetFwdKind(v.Kind) + + case *Typedef: + raw.SetKind(kindTypedef) + raw.SetType(e.allocatedIDs[v.Type]) + + case *Volatile: + raw.SetKind(kindVolatile) + raw.SetType(e.allocatedIDs[v.Type]) + + case *Const: + raw.SetKind(kindConst) + raw.SetType(e.allocatedIDs[v.Type]) + + case *Restrict: + raw.SetKind(kindRestrict) + raw.SetType(e.allocatedIDs[v.Type]) + + case *Func: + raw.SetKind(kindFunc) + raw.SetType(e.allocatedIDs[v.Type]) + if !e.opts.StripFuncLinkage { + raw.SetLinkage(v.Linkage) + } + + case *FuncProto: + raw.SetKind(kindFuncProto) + raw.SetType(e.allocatedIDs[v.Return]) + raw.SetVlen(len(v.Params)) + raw.data, err = e.deflateFuncParams(v.Params) + + case *Var: + raw.SetKind(kindVar) + raw.SetType(e.allocatedIDs[v.Type]) + raw.data = btfVariable{uint32(v.Linkage)} + + case *Datasec: + raw.SetKind(kindDatasec) + raw.SetSize(v.Size) + raw.SetVlen(len(v.Vars)) + raw.data = e.deflateVarSecinfos(v.Vars) + + case *Float: + raw.SetKind(kindFloat) + raw.SetSize(v.Size) + + case *declTag: + raw.SetKind(kindDeclTag) + raw.data = &btfDeclTag{uint32(v.Index)} + + case *typeTag: + raw.SetKind(kindTypeTag) + raw.NameOff, err = e.strings.Add(v.Value) + + default: + return fmt.Errorf("don't know how to deflate %T", v) + } + + if err != nil { + return err + } + + return raw.Marshal(e.buf, e.opts.ByteOrder) +} + +func (e *encoder) convertMembers(header *btfType, members []Member) ([]btfMember, error) { + bms := make([]btfMember, 0, len(members)) + isBitfield := false + for _, member := range members { + isBitfield = isBitfield || member.BitfieldSize > 0 + + offset := member.Offset + if isBitfield { + offset = member.BitfieldSize<<24 | (member.Offset & 0xffffff) + } + + nameOff, err := e.strings.Add(member.Name) + if err != nil { + return nil, err + } + + bms = append(bms, btfMember{ + nameOff, + e.allocatedIDs[member.Type], + uint32(offset), + }) + } + + header.SetVlen(len(members)) + header.SetBitfield(isBitfield) + return bms, nil +} + +func (e *encoder) deflateEnumValues(values []EnumValue) ([]btfEnum, error) { + bes := make([]btfEnum, 0, len(values)) + for _, value := range values { + nameOff, err := e.strings.Add(value.Name) + if err != nil { + return nil, err + } + + if value.Value > math.MaxUint32 { + return nil, fmt.Errorf("value of enum %q exceeds 32 bits", value.Name) + } + + bes = append(bes, btfEnum{ + nameOff, + uint32(value.Value), + }) + } + + return bes, nil +} + +func (e *encoder) deflateEnum64Values(values []EnumValue) ([]btfEnum64, error) { + bes := make([]btfEnum64, 0, len(values)) + for _, value := range values { + nameOff, err := e.strings.Add(value.Name) + if err != nil { + return nil, err + } + + bes = append(bes, btfEnum64{ + nameOff, + uint32(value.Value), + uint32(value.Value >> 32), + }) + } + + return bes, nil +} + +func (e *encoder) deflateFuncParams(params []FuncParam) ([]btfParam, error) { + bps := make([]btfParam, 0, len(params)) + for _, param := range params { + nameOff, err := e.strings.Add(param.Name) + if err != nil { + return nil, err + } + + bps = append(bps, btfParam{ + nameOff, + e.allocatedIDs[param.Type], + }) + } + return bps, nil +} + +func (e *encoder) deflateVarSecinfos(vars []VarSecinfo) []btfVarSecinfo { + vsis := make([]btfVarSecinfo, 0, len(vars)) + for _, v := range vars { + vsis = append(vsis, btfVarSecinfo{ + e.allocatedIDs[v.Type], + v.Offset, + v.Size, + }) + } + return vsis +} + +// MarshalMapKV creates a BTF object containing a map key and value. +// +// The function is intended for the use of the ebpf package and may be removed +// at any point in time. +func MarshalMapKV(key, value Type) (_ *Handle, keyID, valueID TypeID, _ error) { + enc := nativeEncoderPool.Get().(*encoder) + defer nativeEncoderPool.Put(enc) + + enc.Reset() + + var err error + if key != nil { + keyID, err = enc.Add(key) + if err != nil { + return nil, 0, 0, fmt.Errorf("adding map key to BTF encoder: %w", err) + } + } + + if value != nil { + valueID, err = enc.Add(value) + if err != nil { + return nil, 0, 0, fmt.Errorf("adding map value to BTF encoder: %w", err) + } + } + + btf, err := enc.Encode() + if err != nil { + return nil, 0, 0, fmt.Errorf("marshal BTF: %w", err) + } + + handle, err := newHandleFromRawBTF(btf) + if err != nil { + // Check for 'full' map BTF support, since kernels between 4.18 and 5.2 + // already support BTF blobs for maps without Var or Datasec just fine. + if err := haveMapBTF(); err != nil { + return nil, 0, 0, err + } + } + + return handle, keyID, valueID, err +} diff --git a/vendor/github.com/cilium/ebpf/btf/strings.go b/vendor/github.com/cilium/ebpf/btf/strings.go index 9e1b3bb2c58..deeaeacaabd 100644 --- a/vendor/github.com/cilium/ebpf/btf/strings.go +++ b/vendor/github.com/cilium/ebpf/btf/strings.go @@ -6,6 +6,7 @@ import ( "errors" "fmt" "io" + "strings" ) type stringTable struct { @@ -130,3 +131,91 @@ func search(ints []uint32, needle uint32) int { // i == j, f(i-1) == false, and f(j) (= f(i)) == true => answer is i. return i } + +// stringTableBuilder builds BTF string tables. +type stringTableBuilder struct { + length uint32 + strings map[string]uint32 +} + +// newStringTableBuilder creates a builder with the given capacity. +// +// capacity may be zero. +func newStringTableBuilder() *stringTableBuilder { + stb := &stringTableBuilder{0, make(map[string]uint32)} + // Ensure that the empty string is at index 0. + stb.append("") + return stb +} + +// newStringTableBuilderFromTable creates a new builder from an existing string table. +func newStringTableBuilderFromTable(contents *stringTable) *stringTableBuilder { + stb := &stringTableBuilder{0, make(map[string]uint32, len(contents.strings)+1)} + stb.append("") + + for _, str := range contents.strings { + if str != "" { + stb.append(str) + } + } + + return stb +} + +// Add a string to the table. +// +// Adding the same string multiple times will only store it once. +func (stb *stringTableBuilder) Add(str string) (uint32, error) { + if strings.IndexByte(str, 0) != -1 { + return 0, fmt.Errorf("string contains null: %q", str) + } + + offset, ok := stb.strings[str] + if ok { + return offset, nil + } + + return stb.append(str), nil +} + +func (stb *stringTableBuilder) append(str string) uint32 { + offset := stb.length + stb.length += uint32(len(str)) + 1 + stb.strings[str] = offset + return offset +} + +// Lookup finds the offset of a string in the table. +// +// Returns an error if str hasn't been added yet. +func (stb *stringTableBuilder) Lookup(str string) (uint32, error) { + offset, ok := stb.strings[str] + if !ok { + return 0, fmt.Errorf("string %q is not in table", str) + } + + return offset, nil + +} + +// Length returns the length in bytes. +func (stb *stringTableBuilder) Length() int { + return int(stb.length) +} + +// Marshal a string table into its binary representation. +func (stb *stringTableBuilder) Marshal() []byte { + buf := make([]byte, stb.Length()) + stb.MarshalBuffer(buf) + return buf +} + +// Marshal a string table into a pre-allocated buffer. +// +// The buffer must be at least of size Length(). +func (stb *stringTableBuilder) MarshalBuffer(buf []byte) { + for str, offset := range stb.strings { + n := copy(buf[offset:], str) + buf[offset+uint32(n)] = 0 + } +} diff --git a/vendor/github.com/cilium/ebpf/btf/traversal.go b/vendor/github.com/cilium/ebpf/btf/traversal.go index a9ff1f70396..fa42815f3a6 100644 --- a/vendor/github.com/cilium/ebpf/btf/traversal.go +++ b/vendor/github.com/cilium/ebpf/btf/traversal.go @@ -1,6 +1,92 @@ package btf -import "fmt" +import ( + "fmt" + + "github.com/cilium/ebpf/internal" +) + +// Functions to traverse a cyclic graph of types. The below was very useful: +// https://eli.thegreenplace.net/2015/directed-graph-traversal-orderings-and-applications-to-data-flow-analysis/#post-order-and-reverse-post-order + +type postorderIterator struct { + // Iteration skips types for which this function returns true. + skip func(Type) bool + // The root type. May be nil if skip(root) is true. + root Type + + // Contains types which need to be either walked or passed to the callback. + types typeDeque + // Contains a boolean whether the type has been walked or not. + walked internal.Deque[bool] + // The set of types which has been pushed onto types. + pushed map[Type]struct{} + + // The current type. Only valid after a call to Next(). + Type Type +} + +// postorderTraversal calls fn for all types reachable from root. +// +// fn is invoked on children of root before root itself. +// +// Types for which skip returns true are ignored. skip may be nil. +func postorderTraversal(root Type, skip func(Type) (skip bool)) postorderIterator { + // Avoid allocations for the common case of a skipped root. + if skip != nil && skip(root) { + return postorderIterator{} + } + + po := postorderIterator{root: root, skip: skip} + walkType(root, po.push) + + return po +} + +func (po *postorderIterator) push(t *Type) { + if _, ok := po.pushed[*t]; ok || *t == po.root { + return + } + + if po.skip != nil && po.skip(*t) { + return + } + + if po.pushed == nil { + // Lazily allocate pushed to avoid an allocation for Types without children. + po.pushed = make(map[Type]struct{}) + } + + po.pushed[*t] = struct{}{} + po.types.Push(t) + po.walked.Push(false) +} + +// Next returns true if there is another Type to traverse. +func (po *postorderIterator) Next() bool { + for !po.types.Empty() { + t := po.types.Pop() + + if !po.walked.Pop() { + // Push the type again, so that we re-evaluate it in done state + // after all children have been handled. + po.types.Push(t) + po.walked.Push(true) + + // Add all direct children to todo. + walkType(*t, po.push) + } else { + // We've walked this type previously, so we now know that all + // children have been handled. + po.Type = *t + return true + } + } + + // Only return root once. + po.Type, po.root = po.root, nil + return po.Type != nil +} // walkType calls fn on each child of typ. func walkType(typ Type, fn func(*Type)) { diff --git a/vendor/github.com/cilium/ebpf/btf/types.go b/vendor/github.com/cilium/ebpf/btf/types.go index 3e98585cf58..e344bbdc30d 100644 --- a/vendor/github.com/cilium/ebpf/btf/types.go +++ b/vendor/github.com/cilium/ebpf/btf/types.go @@ -276,6 +276,21 @@ func (e *Enum) copy() Type { return &cpy } +// has64BitValues returns true if the Enum contains a value larger than 32 bits. +// Kernels before 6.0 have enum values that overrun u32 replaced with zeroes. +// +// 64-bit enums have their Enum.Size attributes correctly set to 8, but if we +// use the size attribute as a heuristic during BTF marshaling, we'll emit +// ENUM64s to kernels that don't support them. +func (e *Enum) has64BitValues() bool { + for _, v := range e.Values { + if v.Value > math.MaxUint32 { + return true + } + } + return false +} + // FwdKind is the type of forward declaration. type FwdKind int @@ -393,6 +408,12 @@ func FuncMetadata(ins *asm.Instruction) *Func { return fn } +// WithFuncMetadata adds a btf.Func to the Metadata of asm.Instruction. +func WithFuncMetadata(ins asm.Instruction, fn *Func) asm.Instruction { + ins.Metadata.Set(funcInfoMeta{}, fn) + return ins +} + func (f *Func) Format(fs fmt.State, verb rune) { formatType(fs, verb, f, f.Linkage, "proto=", f.Type) } @@ -472,6 +493,7 @@ func (ds *Datasec) copy() Type { // // It is not a valid Type. type VarSecinfo struct { + // Var or Func. Type Type Offset uint32 Size uint32 @@ -723,10 +745,10 @@ func inflateRawTypes(rawTypes []rawType, baseTypes types, rawStrings *stringTabl } var fixups []fixupDef - fixup := func(id TypeID, typ *Type) { + fixup := func(id TypeID, typ *Type) bool { if id < TypeID(len(baseTypes)) { *typ = baseTypes[id] - return + return true } idx := id @@ -736,26 +758,29 @@ func inflateRawTypes(rawTypes []rawType, baseTypes types, rawStrings *stringTabl if idx < TypeID(len(types)) { // We've already inflated this type, fix it up immediately. *typ = types[idx] - return + return true } fixups = append(fixups, fixupDef{id, typ}) + return false } type assertion struct { + id TypeID typ *Type want reflect.Type } var assertions []assertion - assert := func(typ *Type, want reflect.Type) error { - if *typ != nil { - // The type has already been fixed up, check the type immediately. - if reflect.TypeOf(*typ) != want { - return fmt.Errorf("expected %s, got %T", want, *typ) - } + fixupAndAssert := func(id TypeID, typ *Type, want reflect.Type) error { + if !fixup(id, typ) { + assertions = append(assertions, assertion{id, typ, want}) return nil } - assertions = append(assertions, assertion{typ, want}) + + // The type has already been fixed up, check the type immediately. + if reflect.TypeOf(*typ) != want { + return fmt.Errorf("type ID %d: expected %s, got %T", id, want, *typ) + } return nil } @@ -857,14 +882,14 @@ func inflateRawTypes(rawTypes []rawType, baseTypes types, rawStrings *stringTabl typ = arr case kindStruct: - members, err := convertMembers(raw.data.([]btfMember), raw.KindFlag()) + members, err := convertMembers(raw.data.([]btfMember), raw.Bitfield()) if err != nil { return nil, fmt.Errorf("struct %s (id %d): %w", name, id, err) } typ = &Struct{name, raw.Size(), members} case kindUnion: - members, err := convertMembers(raw.data.([]btfMember), raw.KindFlag()) + members, err := convertMembers(raw.data.([]btfMember), raw.Bitfield()) if err != nil { return nil, fmt.Errorf("union %s (id %d): %w", name, id, err) } @@ -873,7 +898,7 @@ func inflateRawTypes(rawTypes []rawType, baseTypes types, rawStrings *stringTabl case kindEnum: rawvals := raw.data.([]btfEnum) vals := make([]EnumValue, 0, len(rawvals)) - signed := raw.KindFlag() + signed := raw.Signed() for i, btfVal := range rawvals { name, err := rawStrings.Lookup(btfVal.NameOff) if err != nil { @@ -889,11 +914,7 @@ func inflateRawTypes(rawTypes []rawType, baseTypes types, rawStrings *stringTabl typ = &Enum{name, raw.Size(), signed, vals} case kindForward: - if raw.KindFlag() { - typ = &Fwd{name, FwdUnion} - } else { - typ = &Fwd{name, FwdStruct} - } + typ = &Fwd{name, raw.FwdKind()} case kindTypedef: typedef := &Typedef{name, nil} @@ -917,8 +938,7 @@ func inflateRawTypes(rawTypes []rawType, baseTypes types, rawStrings *stringTabl case kindFunc: fn := &Func{name, nil, raw.Linkage()} - fixup(raw.Type(), &fn.Type) - if err := assert(&fn.Type, reflect.TypeOf((*FuncProto)(nil))); err != nil { + if err := fixupAndAssert(raw.Type(), &fn.Type, reflect.TypeOf((*FuncProto)(nil))); err != nil { return nil, err } typ = fn @@ -960,11 +980,8 @@ func inflateRawTypes(rawTypes []rawType, baseTypes types, rawStrings *stringTabl } for i := range vars { fixup(btfVars[i].Type, &vars[i].Type) - if err := assert(&vars[i].Type, reflect.TypeOf((*Var)(nil))); err != nil { - return nil, err - } } - typ = &Datasec{name, raw.SizeType, vars} + typ = &Datasec{name, raw.Size(), vars} case kindFloat: typ = &Float{name, raw.Size()} @@ -975,12 +992,7 @@ func inflateRawTypes(rawTypes []rawType, baseTypes types, rawStrings *stringTabl return nil, fmt.Errorf("type id %d: index exceeds int", id) } - index := int(btfIndex) - if btfIndex == math.MaxUint32 { - index = -1 - } - - dt := &declTag{nil, name, index} + dt := &declTag{nil, name, int(int32(btfIndex))} fixup(raw.Type(), &dt.Type) typ = dt @@ -991,6 +1003,19 @@ func inflateRawTypes(rawTypes []rawType, baseTypes types, rawStrings *stringTabl fixup(raw.Type(), &tt.Type) typ = tt + case kindEnum64: + rawvals := raw.data.([]btfEnum64) + vals := make([]EnumValue, 0, len(rawvals)) + for i, btfVal := range rawvals { + name, err := rawStrings.Lookup(btfVal.NameOff) + if err != nil { + return nil, fmt.Errorf("get name for enum64 value %d: %s", i, err) + } + value := (uint64(btfVal.ValHi32) << 32) | uint64(btfVal.ValLo32) + vals = append(vals, EnumValue{name, value}) + } + typ = &Enum{name, raw.Size(), raw.Signed(), vals} + default: return nil, fmt.Errorf("type id %d: unknown kind: %v", id, raw.Kind()) } @@ -1025,7 +1050,7 @@ func inflateRawTypes(rawTypes []rawType, baseTypes types, rawStrings *stringTabl for _, assertion := range assertions { if reflect.TypeOf(*assertion.typ) != assertion.want { - return nil, fmt.Errorf("expected %s, got %T", assertion.want, *assertion.typ) + return nil, fmt.Errorf("type ID %d: expected %s, got %T", assertion.id, assertion.want, *assertion.typ) } } diff --git a/vendor/github.com/cilium/ebpf/collection.go b/vendor/github.com/cilium/ebpf/collection.go index 215869d9f9e..729e5e9d702 100644 --- a/vendor/github.com/cilium/ebpf/collection.go +++ b/vendor/github.com/cilium/ebpf/collection.go @@ -151,6 +151,10 @@ func (cs *CollectionSpec) RewriteConstants(consts map[string]interface{}) error continue } + if _, ok := v.Type.(*btf.Var); !ok { + return fmt.Errorf("section %s: unexpected type %T for variable %s", name, v.Type, vname) + } + if replaced[vname] { return fmt.Errorf("section %s: duplicate variable %s", name, vname) } @@ -386,42 +390,11 @@ func NewCollectionWithOptions(spec *CollectionSpec, opts CollectionOptions) (*Co }, nil } -type handleCache struct { - btfHandles map[*btf.Spec]*btf.Handle -} - -func newHandleCache() *handleCache { - return &handleCache{ - btfHandles: make(map[*btf.Spec]*btf.Handle), - } -} - -func (hc handleCache) btfHandle(spec *btf.Spec) (*btf.Handle, error) { - if hc.btfHandles[spec] != nil { - return hc.btfHandles[spec], nil - } - - handle, err := btf.NewHandle(spec) - if err != nil { - return nil, err - } - - hc.btfHandles[spec] = handle - return handle, nil -} - -func (hc handleCache) close() { - for _, handle := range hc.btfHandles { - handle.Close() - } -} - type collectionLoader struct { coll *CollectionSpec opts *CollectionOptions maps map[string]*Map programs map[string]*Program - handles *handleCache } func newCollectionLoader(coll *CollectionSpec, opts *CollectionOptions) (*collectionLoader, error) { @@ -436,7 +409,7 @@ func newCollectionLoader(coll *CollectionSpec, opts *CollectionOptions) (*collec return nil, fmt.Errorf("replacement map %s not found in CollectionSpec", name) } - if err := spec.checkCompatibility(m); err != nil { + if err := spec.Compatible(m); err != nil { return nil, fmt.Errorf("using replacement map %s: %w", spec.Name, err) } } @@ -446,13 +419,11 @@ func newCollectionLoader(coll *CollectionSpec, opts *CollectionOptions) (*collec opts, make(map[string]*Map), make(map[string]*Program), - newHandleCache(), }, nil } // close all resources left over in the collectionLoader. func (cl *collectionLoader) close() { - cl.handles.close() for _, m := range cl.maps { m.Close() } @@ -471,10 +442,6 @@ func (cl *collectionLoader) loadMap(mapName string) (*Map, error) { return nil, fmt.Errorf("missing map %s", mapName) } - if mapSpec.BTF != nil && cl.coll.Types != mapSpec.BTF { - return nil, fmt.Errorf("map %s: BTF doesn't match collection", mapName) - } - if replaceMap, ok := cl.opts.MapReplacements[mapName]; ok { // Clone the map to avoid closing user's map later on. m, err := replaceMap.Clone() @@ -486,7 +453,7 @@ func (cl *collectionLoader) loadMap(mapName string) (*Map, error) { return m, nil } - m, err := newMapWithOptions(mapSpec, cl.opts.Maps, cl.handles) + m, err := newMapWithOptions(mapSpec, cl.opts.Maps) if err != nil { return nil, fmt.Errorf("map %s: %w", mapName, err) } @@ -511,10 +478,6 @@ func (cl *collectionLoader) loadProgram(progName string) (*Program, error) { return nil, fmt.Errorf("cannot load program %s: program type is unspecified", progName) } - if progSpec.BTF != nil && cl.coll.Types != progSpec.BTF { - return nil, fmt.Errorf("program %s: BTF doesn't match collection", progName) - } - progSpec = progSpec.Copy() // Rewrite any reference to a valid map in the program's instructions, @@ -543,7 +506,7 @@ func (cl *collectionLoader) loadProgram(progName string) (*Program, error) { } } - prog, err := newProgramWithOptions(progSpec, cl.opts.Programs, cl.handles) + prog, err := newProgramWithOptions(progSpec, cl.opts.Programs) if err != nil { return nil, fmt.Errorf("program %s: %w", progName, err) } @@ -559,17 +522,22 @@ func (cl *collectionLoader) populateMaps() error { return fmt.Errorf("missing map spec %s", mapName) } - mapSpec = mapSpec.Copy() - // MapSpecs that refer to inner maps or programs within the same // CollectionSpec do so using strings. These strings are used as the key // to look up the respective object in the Maps or Programs fields. // Resolve those references to actual Map or Program resources that // have been loaded into the kernel. - for i, kv := range mapSpec.Contents { - if objName, ok := kv.Value.(string); ok { - switch mapSpec.Type { - case ProgramArray: + if mapSpec.Type.canStoreMap() || mapSpec.Type.canStoreProgram() { + mapSpec = mapSpec.Copy() + + for i, kv := range mapSpec.Contents { + objName, ok := kv.Value.(string) + if !ok { + continue + } + + switch t := mapSpec.Type; { + case t.canStoreProgram(): // loadProgram is idempotent and could return an existing Program. prog, err := cl.loadProgram(objName) if err != nil { @@ -577,7 +545,7 @@ func (cl *collectionLoader) populateMaps() error { } mapSpec.Contents[i] = MapKV{kv.Key, prog} - case ArrayOfMaps, HashOfMaps: + case t.canStoreMap(): // loadMap is idempotent and could return an existing Map. innerMap, err := cl.loadMap(objName) if err != nil { diff --git a/vendor/github.com/cilium/ebpf/elf_reader.go b/vendor/github.com/cilium/ebpf/elf_reader.go index a5b63538f71..9dc87787edc 100644 --- a/vendor/github.com/cilium/ebpf/elf_reader.go +++ b/vendor/github.com/cilium/ebpf/elf_reader.go @@ -51,6 +51,12 @@ func LoadCollectionSpecFromReader(rd io.ReaderAt) (*CollectionSpec, error) { return nil, err } + // Checks if the ELF file is for BPF data. + // Old LLVM versions set e_machine to EM_NONE. + if f.File.Machine != unix.EM_NONE && f.File.Machine != elf.EM_BPF { + return nil, fmt.Errorf("unexpected machine type for BPF ELF: %s", f.File.Machine) + } + var ( licenseSection *elf.Section versionSection *elf.Section @@ -308,7 +314,6 @@ func (ec *elfCode) loadProgramSections() (map[string]*ProgramSpec, error) { KernelVersion: ec.version, Instructions: insns, ByteOrder: ec.ByteOrder, - BTF: ec.btf, } // Function names must be unique within a single ELF blob. @@ -897,13 +902,6 @@ func mapSpecFromBTF(es *elfSection, vs *btf.VarSecinfo, def *btf.Struct, spec *b } } - if key == nil { - key = &btf.Void{} - } - if value == nil { - value = &btf.Void{} - } - return &MapSpec{ Name: SanitizeName(name, -1), Type: MapType(mapType), @@ -913,7 +911,6 @@ func mapSpecFromBTF(es *elfSection, vs *btf.VarSecinfo, def *btf.Struct, spec *b Flags: flags, Key: key, Value: value, - BTF: spec, Pinning: pinType, InnerMap: innerMapSpec, Contents: contents, @@ -1058,7 +1055,6 @@ func (ec *elfCode) loadDataSections(maps map[string]*MapSpec) error { var ds *btf.Datasec if ec.btf.TypeByName(sec.Name, &ds) == nil { // Assign the spec's key and BTF only if the Datasec lookup was successful. - mapSpec.BTF = ec.btf mapSpec.Key = &btf.Void{} mapSpec.Value = ds } diff --git a/vendor/github.com/cilium/ebpf/internal/deque.go b/vendor/github.com/cilium/ebpf/internal/deque.go index 1abc9a9bac9..05be23e61c6 100644 --- a/vendor/github.com/cilium/ebpf/internal/deque.go +++ b/vendor/github.com/cilium/ebpf/internal/deque.go @@ -9,6 +9,17 @@ type Deque[T any] struct { mask uint64 } +// Reset clears the contents of the deque while retaining the backing buffer. +func (dq *Deque[T]) Reset() { + var zero T + + for i := dq.read; i < dq.write; i++ { + dq.elems[i&dq.mask] = zero + } + + dq.read, dq.write = 0, 0 +} + func (dq *Deque[T]) Empty() bool { return dq.read == dq.write } diff --git a/vendor/github.com/cilium/ebpf/internal/errors.go b/vendor/github.com/cilium/ebpf/internal/errors.go index 29bd6551e5e..bda01e2fde5 100644 --- a/vendor/github.com/cilium/ebpf/internal/errors.go +++ b/vendor/github.com/cilium/ebpf/internal/errors.go @@ -12,7 +12,7 @@ import ( // // The default error output is a summary of the full log. The latter can be // accessed via VerifierError.Log or by formatting the error, see Format. -func ErrorWithLog(err error, log []byte, truncated bool) *VerifierError { +func ErrorWithLog(source string, err error, log []byte, truncated bool) *VerifierError { const whitespace = "\t\r\v\n " // Convert verifier log C string by truncating it on the first 0 byte @@ -23,7 +23,7 @@ func ErrorWithLog(err error, log []byte, truncated bool) *VerifierError { log = bytes.Trim(log, whitespace) if len(log) == 0 { - return &VerifierError{err, nil, truncated} + return &VerifierError{source, err, nil, truncated} } logLines := bytes.Split(log, []byte{'\n'}) @@ -34,13 +34,14 @@ func ErrorWithLog(err error, log []byte, truncated bool) *VerifierError { lines = append(lines, string(bytes.TrimRight(line, whitespace))) } - return &VerifierError{err, lines, truncated} + return &VerifierError{source, err, lines, truncated} } // VerifierError includes information from the eBPF verifier. // // It summarises the log output, see Format if you want to output the full contents. type VerifierError struct { + source string // The error which caused this error. Cause error // The verifier output split into lines. @@ -60,9 +61,12 @@ func (le *VerifierError) Error() string { log = log[:n-1] } + var b strings.Builder + fmt.Fprintf(&b, "%s: %s", le.source, le.Cause.Error()) + n := len(log) if n == 0 { - return le.Cause.Error() + return b.String() } lines := log[n-1:] @@ -71,14 +75,9 @@ func (le *VerifierError) Error() string { lines = log[n-2:] } - var b strings.Builder - fmt.Fprintf(&b, "%s: ", le.Cause.Error()) - - for i, line := range lines { + for _, line := range lines { + b.WriteString(": ") b.WriteString(strings.TrimSpace(line)) - if i != len(lines)-1 { - b.WriteString(": ") - } } omitted := len(le.Log) - len(lines) @@ -167,7 +166,7 @@ func (le *VerifierError) Format(f fmt.State, verb rune) { return } - fmt.Fprintf(f, "%s:", le.Cause.Error()) + fmt.Fprintf(f, "%s: %s:", le.source, le.Cause.Error()) omitted := len(le.Log) - n lines := le.Log[:n] diff --git a/vendor/github.com/cilium/ebpf/internal/feature.go b/vendor/github.com/cilium/ebpf/internal/feature.go index bf25d781ce1..b1f650751de 100644 --- a/vendor/github.com/cilium/ebpf/internal/feature.go +++ b/vendor/github.com/cilium/ebpf/internal/feature.go @@ -31,10 +31,20 @@ func (ufe *UnsupportedFeatureError) Is(target error) bool { return target == ErrNotSupported } -type featureTest struct { - sync.RWMutex - successful bool - result error +// FeatureTest caches the result of a [FeatureTestFn]. +// +// Fields should not be modified after creation. +type FeatureTest struct { + // The name of the feature being detected. + Name string + // Version in in the form Major.Minor[.Patch]. + Version string + // The feature test itself. + Fn FeatureTestFn + + mu sync.RWMutex + done bool + result error } // FeatureTestFn is used to determine whether the kernel supports @@ -47,54 +57,128 @@ type featureTest struct { // err != nil: the test couldn't be executed type FeatureTestFn func() error -// FeatureTest wraps a function so that it is run at most once. +// NewFeatureTest is a convenient way to create a single [FeatureTest]. +func NewFeatureTest(name, version string, fn FeatureTestFn) func() error { + ft := &FeatureTest{ + Name: name, + Version: version, + Fn: fn, + } + + return ft.execute +} + +// execute the feature test. // -// name should identify the tested feature, while version must be in the -// form Major.Minor[.Patch]. +// The result is cached if the test is conclusive. // -// Returns an error wrapping ErrNotSupported if the feature is not supported. -func FeatureTest(name, version string, fn FeatureTestFn) func() error { - ft := new(featureTest) - return func() error { - ft.RLock() - if ft.successful { - defer ft.RUnlock() - return ft.result - } - ft.RUnlock() - ft.Lock() - defer ft.Unlock() - // check one more time on the off - // chance that two go routines - // were able to call into the write - // lock - if ft.successful { - return ft.result - } - err := fn() - switch { - case errors.Is(err, ErrNotSupported): - v, err := NewVersion(version) - if err != nil { - return err - } +// See [FeatureTestFn] for the meaning of the returned error. +func (ft *FeatureTest) execute() error { + ft.mu.RLock() + result, done := ft.result, ft.done + ft.mu.RUnlock() - ft.result = &UnsupportedFeatureError{ - MinimumVersion: v, - Name: name, - } - fallthrough + if done { + return result + } + + ft.mu.Lock() + defer ft.mu.Unlock() + + // The test may have been executed by another caller while we were + // waiting to acquire ft.mu. + if ft.done { + return ft.result + } + + err := ft.Fn() + if err == nil { + ft.done = true + return nil + } - case err == nil: - ft.successful = true + if errors.Is(err, ErrNotSupported) { + var v Version + if ft.Version != "" { + v, err = NewVersion(ft.Version) + if err != nil { + return fmt.Errorf("feature %s: %w", ft.Name, err) + } + } - default: - // We couldn't execute the feature test to a point - // where it could make a determination. - // Don't cache the result, just return it. - return fmt.Errorf("detect support for %s: %w", name, err) + ft.done = true + ft.result = &UnsupportedFeatureError{ + MinimumVersion: v, + Name: ft.Name, } return ft.result } + + // We couldn't execute the feature test to a point + // where it could make a determination. + // Don't cache the result, just return it. + return fmt.Errorf("detect support for %s: %w", ft.Name, err) +} + +// FeatureMatrix groups multiple related feature tests into a map. +// +// Useful when there is a small number of discrete features which are known +// at compile time. +// +// It must not be modified concurrently with calling [FeatureMatrix.Result]. +type FeatureMatrix[K comparable] map[K]*FeatureTest + +// Result returns the outcome of the feature test for the given key. +// +// It's safe to call this function concurrently. +func (fm FeatureMatrix[K]) Result(key K) error { + ft, ok := fm[key] + if !ok { + return fmt.Errorf("no feature probe for %v", key) + } + + return ft.execute() +} + +// FeatureCache caches a potentially unlimited number of feature probes. +// +// Useful when there is a high cardinality for a feature test. +type FeatureCache[K comparable] struct { + mu sync.RWMutex + newTest func(K) *FeatureTest + features map[K]*FeatureTest +} + +func NewFeatureCache[K comparable](newTest func(K) *FeatureTest) *FeatureCache[K] { + return &FeatureCache[K]{ + newTest: newTest, + features: make(map[K]*FeatureTest), + } +} + +func (fc *FeatureCache[K]) Result(key K) error { + // NB: Executing the feature test happens without fc.mu taken. + return fc.retrieve(key).execute() +} + +func (fc *FeatureCache[K]) retrieve(key K) *FeatureTest { + fc.mu.RLock() + ft := fc.features[key] + fc.mu.RUnlock() + + if ft != nil { + return ft + } + + fc.mu.Lock() + defer fc.mu.Unlock() + + if ft := fc.features[key]; ft != nil { + return ft + } + + ft = fc.newTest(key) + fc.features[key] = ft + return ft } diff --git a/vendor/github.com/cilium/ebpf/internal/sys/mapflags_string.go b/vendor/github.com/cilium/ebpf/internal/sys/mapflags_string.go new file mode 100644 index 00000000000..c80744ae0e0 --- /dev/null +++ b/vendor/github.com/cilium/ebpf/internal/sys/mapflags_string.go @@ -0,0 +1,49 @@ +// Code generated by "stringer -type MapFlags"; DO NOT EDIT. + +package sys + +import "strconv" + +func _() { + // An "invalid array index" compiler error signifies that the constant values have changed. + // Re-run the stringer command to generate them again. + var x [1]struct{} + _ = x[BPF_F_NO_PREALLOC-1] + _ = x[BPF_F_NO_COMMON_LRU-2] + _ = x[BPF_F_NUMA_NODE-4] + _ = x[BPF_F_RDONLY-8] + _ = x[BPF_F_WRONLY-16] + _ = x[BPF_F_STACK_BUILD_ID-32] + _ = x[BPF_F_ZERO_SEED-64] + _ = x[BPF_F_RDONLY_PROG-128] + _ = x[BPF_F_WRONLY_PROG-256] + _ = x[BPF_F_CLONE-512] + _ = x[BPF_F_MMAPABLE-1024] + _ = x[BPF_F_PRESERVE_ELEMS-2048] + _ = x[BPF_F_INNER_MAP-4096] +} + +const _MapFlags_name = "BPF_F_NO_PREALLOCBPF_F_NO_COMMON_LRUBPF_F_NUMA_NODEBPF_F_RDONLYBPF_F_WRONLYBPF_F_STACK_BUILD_IDBPF_F_ZERO_SEEDBPF_F_RDONLY_PROGBPF_F_WRONLY_PROGBPF_F_CLONEBPF_F_MMAPABLEBPF_F_PRESERVE_ELEMSBPF_F_INNER_MAP" + +var _MapFlags_map = map[MapFlags]string{ + 1: _MapFlags_name[0:17], + 2: _MapFlags_name[17:36], + 4: _MapFlags_name[36:51], + 8: _MapFlags_name[51:63], + 16: _MapFlags_name[63:75], + 32: _MapFlags_name[75:95], + 64: _MapFlags_name[95:110], + 128: _MapFlags_name[110:127], + 256: _MapFlags_name[127:144], + 512: _MapFlags_name[144:155], + 1024: _MapFlags_name[155:169], + 2048: _MapFlags_name[169:189], + 4096: _MapFlags_name[189:204], +} + +func (i MapFlags) String() string { + if str, ok := _MapFlags_map[i]; ok { + return str + } + return "MapFlags(" + strconv.FormatInt(int64(i), 10) + ")" +} diff --git a/vendor/github.com/cilium/ebpf/internal/sys/syscall.go b/vendor/github.com/cilium/ebpf/internal/sys/syscall.go index 3205ede80b8..3c7ce5dd1f8 100644 --- a/vendor/github.com/cilium/ebpf/internal/sys/syscall.go +++ b/vendor/github.com/cilium/ebpf/internal/sys/syscall.go @@ -19,7 +19,7 @@ var ENOTSUPP = syscall.Errno(524) func BPF(cmd Cmd, attr unsafe.Pointer, size uintptr) (uintptr, error) { // Prevent the Go profiler from repeatedly interrupting the verifier, // which could otherwise lead to a livelock due to receiving EAGAIN. - if cmd == BPF_PROG_LOAD { + if cmd == BPF_PROG_LOAD || cmd == BPF_PROG_RUN { maskProfilerSignal() defer unmaskProfilerSignal() } @@ -120,6 +120,24 @@ type BTFID uint32 // MapFlags control map behaviour. type MapFlags uint32 +//go:generate stringer -type MapFlags + +const ( + BPF_F_NO_PREALLOC MapFlags = 1 << iota + BPF_F_NO_COMMON_LRU + BPF_F_NUMA_NODE + BPF_F_RDONLY + BPF_F_WRONLY + BPF_F_STACK_BUILD_ID + BPF_F_ZERO_SEED + BPF_F_RDONLY_PROG + BPF_F_WRONLY_PROG + BPF_F_CLONE + BPF_F_MMAPABLE + BPF_F_PRESERVE_ELEMS + BPF_F_INNER_MAP +) + // wrappedErrno wraps syscall.Errno to prevent direct comparisons with // syscall.E* or unix.E* constants. // diff --git a/vendor/github.com/cilium/ebpf/internal/sys/types.go b/vendor/github.com/cilium/ebpf/internal/sys/types.go index c82324834e3..bb778790d7f 100644 --- a/vendor/github.com/cilium/ebpf/internal/sys/types.go +++ b/vendor/github.com/cilium/ebpf/internal/sys/types.go @@ -1003,6 +1003,21 @@ func ProgLoad(attr *ProgLoadAttr) (*FD, error) { return NewFD(int(fd)) } +type ProgQueryAttr struct { + TargetFd uint32 + AttachType AttachType + QueryFlags uint32 + AttachFlags uint32 + ProgIds Pointer + ProgCount uint32 + _ [4]byte +} + +func ProgQuery(attr *ProgQueryAttr) error { + _, err := BPF(BPF_PROG_QUERY, unsafe.Pointer(attr), unsafe.Sizeof(*attr)) + return err +} + type ProgRunAttr struct { ProgFd uint32 Retval uint32 diff --git a/vendor/github.com/cilium/ebpf/internal/unix/types_linux.go b/vendor/github.com/cilium/ebpf/internal/unix/types_linux.go index 9b67b6116d9..04b828b4c0e 100644 --- a/vendor/github.com/cilium/ebpf/internal/unix/types_linux.go +++ b/vendor/github.com/cilium/ebpf/internal/unix/types_linux.go @@ -9,21 +9,22 @@ import ( ) const ( - ENOENT = linux.ENOENT - EEXIST = linux.EEXIST - EAGAIN = linux.EAGAIN - ENOSPC = linux.ENOSPC - EINVAL = linux.EINVAL - EPOLLIN = linux.EPOLLIN - EINTR = linux.EINTR - EPERM = linux.EPERM - ESRCH = linux.ESRCH - ENODEV = linux.ENODEV - EBADF = linux.EBADF - E2BIG = linux.E2BIG - EFAULT = linux.EFAULT - EACCES = linux.EACCES - EILSEQ = linux.EILSEQ + ENOENT = linux.ENOENT + EEXIST = linux.EEXIST + EAGAIN = linux.EAGAIN + ENOSPC = linux.ENOSPC + EINVAL = linux.EINVAL + EPOLLIN = linux.EPOLLIN + EINTR = linux.EINTR + EPERM = linux.EPERM + ESRCH = linux.ESRCH + ENODEV = linux.ENODEV + EBADF = linux.EBADF + E2BIG = linux.E2BIG + EFAULT = linux.EFAULT + EACCES = linux.EACCES + EILSEQ = linux.EILSEQ + EOPNOTSUPP = linux.EOPNOTSUPP ) const ( @@ -74,6 +75,8 @@ const ( SIGPROF = linux.SIGPROF SIG_BLOCK = linux.SIG_BLOCK SIG_UNBLOCK = linux.SIG_UNBLOCK + EM_NONE = linux.EM_NONE + EM_BPF = linux.EM_BPF ) type Statfs_t = linux.Statfs_t diff --git a/vendor/github.com/cilium/ebpf/internal/unix/types_other.go b/vendor/github.com/cilium/ebpf/internal/unix/types_other.go index eb84b255d27..e87bf830abc 100644 --- a/vendor/github.com/cilium/ebpf/internal/unix/types_other.go +++ b/vendor/github.com/cilium/ebpf/internal/unix/types_other.go @@ -26,6 +26,7 @@ const ( EFAULT EACCES EILSEQ + EOPNOTSUPP ) // Constants are distinct to avoid breaking switch statements. @@ -78,6 +79,8 @@ const ( SIGPROF SIG_BLOCK SIG_UNBLOCK + EM_NONE + EM_BPF ) type Statfs_t struct { diff --git a/vendor/github.com/cilium/ebpf/internal/vdso.go b/vendor/github.com/cilium/ebpf/internal/vdso.go index ae4821de20c..aaffa3cb877 100644 --- a/vendor/github.com/cilium/ebpf/internal/vdso.go +++ b/vendor/github.com/cilium/ebpf/internal/vdso.go @@ -23,6 +23,9 @@ func vdsoVersion() (uint32, error) { // to the process. Go does not expose that data, so we must read it from procfs. // https://man7.org/linux/man-pages/man3/getauxval.3.html av, err := os.Open("/proc/self/auxv") + if errors.Is(err, unix.EACCES) { + return 0, fmt.Errorf("opening auxv: %w (process may not be dumpable due to file capabilities)", err) + } if err != nil { return 0, fmt.Errorf("opening auxv: %w", err) } diff --git a/vendor/github.com/cilium/ebpf/link/kprobe.go b/vendor/github.com/cilium/ebpf/link/kprobe.go index 99715f6930f..9ce7eb4a4e2 100644 --- a/vendor/github.com/cilium/ebpf/link/kprobe.go +++ b/vendor/github.com/cilium/ebpf/link/kprobe.go @@ -25,7 +25,7 @@ type probeType uint8 type probeArgs struct { symbol, group, path string offset, refCtrOffset, cookie uint64 - pid int + pid, retprobeMaxActive int ret bool } @@ -41,6 +41,12 @@ type KprobeOptions struct { // Can be used to insert kprobes at arbitrary offsets in kernel functions, // e.g. in places where functions have been inlined. Offset uint64 + // Increase the maximum number of concurrent invocations of a kretprobe. + // Required when tracing some long running functions in the kernel. + // + // Deprecated: this setting forces the use of an outdated kernel API and is not portable + // across kernel versions. + RetprobeMaxActive int } const ( @@ -176,6 +182,7 @@ func kprobe(symbol string, prog *ebpf.Program, opts *KprobeOptions, ret bool) (* } if opts != nil { + args.retprobeMaxActive = opts.RetprobeMaxActive args.cookie = opts.Cookie args.offset = opts.Offset } @@ -231,6 +238,11 @@ func pmuProbe(typ probeType, args probeArgs) (*perfEvent, error) { return nil, err } + // Use tracefs if we want to set kretprobe's retprobeMaxActive. + if args.retprobeMaxActive != 0 { + return nil, fmt.Errorf("pmu probe: non-zero retprobeMaxActive: %w", ErrNotSupported) + } + var config uint64 if args.ret { bit, err := readUint64FromFileOnce("config:%d\n", "/sys/bus/event_source/devices", typ.String(), "/format/retprobe") @@ -347,7 +359,7 @@ func tracefsKprobe(args probeArgs) (*perfEvent, error) { // Path and offset are only set in the case of uprobe(s) and are used to set // the executable/library path on the filesystem and the offset where the probe is inserted. // A perf event is then opened on the newly-created trace event and returned to the caller. -func tracefsProbe(typ probeType, args probeArgs) (_ *perfEvent, err error) { +func tracefsProbe(typ probeType, args probeArgs) (*perfEvent, error) { // Generate a random string for each trace event we attempt to create. // This value is used as the 'group' token in tracefs to allow creating // multiple kprobe trace events with the same name. @@ -357,41 +369,20 @@ func tracefsProbe(typ probeType, args probeArgs) (_ *perfEvent, err error) { } args.group = group - // Before attempting to create a trace event through tracefs, - // check if an event with the same group and name already exists. - // Kernels 4.x and earlier don't return os.ErrExist on writing a duplicate - // entry, so we need to rely on reads for detecting uniqueness. - _, err = getTraceEventID(group, args.symbol) - if err == nil { - return nil, fmt.Errorf("trace event already exists: %s/%s", group, args.symbol) - } - if err != nil && !errors.Is(err, os.ErrNotExist) { - return nil, fmt.Errorf("checking trace event %s/%s: %w", group, args.symbol, err) - } - // Create the [k,u]probe trace event using tracefs. - if err := createTraceFSProbeEvent(typ, args); err != nil { - return nil, fmt.Errorf("creating probe entry on tracefs: %w", err) - } - defer func() { - if err != nil { - // Make sure we clean up the created tracefs event when we return error. - // If a livepatch handler is already active on the symbol, the write to - // tracefs will succeed, a trace event will show up, but creating the - // perf event will fail with EBUSY. - _ = closeTraceFSProbeEvent(typ, args.group, args.symbol) - } - }() - - // Get the newly-created trace event's id. - tid, err := getTraceEventID(group, args.symbol) + tid, err := createTraceFSProbeEvent(typ, args) if err != nil { - return nil, fmt.Errorf("getting trace event id: %w", err) + return nil, fmt.Errorf("creating probe entry on tracefs: %w", err) } // Kprobes are ephemeral tracepoints and share the same perf event type. fd, err := openTracepointPerfEvent(tid, args.pid) if err != nil { + // Make sure we clean up the created tracefs event when we return error. + // If a livepatch handler is already active on the symbol, the write to + // tracefs will succeed, a trace event will show up, but creating the + // perf event will fail with EBUSY. + _ = closeTraceFSProbeEvent(typ, args.group, args.symbol) return nil, err } @@ -405,15 +396,32 @@ func tracefsProbe(typ probeType, args probeArgs) (_ *perfEvent, err error) { }, nil } -// createTraceFSProbeEvent creates a new ephemeral trace event by writing to -// /[k,u]probe_events. Returns os.ErrNotExist if symbol is not a valid +var errInvalidMaxActive = errors.New("can only set maxactive on kretprobes") + +// createTraceFSProbeEvent creates a new ephemeral trace event. +// +// Returns os.ErrNotExist if symbol is not a valid // kernel symbol, or if it is not traceable with kprobes. Returns os.ErrExist -// if a probe with the same group and symbol already exists. -func createTraceFSProbeEvent(typ probeType, args probeArgs) error { +// if a probe with the same group and symbol already exists. Returns an error if +// args.retprobeMaxActive is used on non kprobe types. Returns ErrNotSupported if +// the kernel is too old to support kretprobe maxactive. +func createTraceFSProbeEvent(typ probeType, args probeArgs) (uint64, error) { + // Before attempting to create a trace event through tracefs, + // check if an event with the same group and name already exists. + // Kernels 4.x and earlier don't return os.ErrExist on writing a duplicate + // entry, so we need to rely on reads for detecting uniqueness. + _, err := getTraceEventID(args.group, args.symbol) + if err == nil { + return 0, fmt.Errorf("trace event %s/%s: %w", args.group, args.symbol, os.ErrExist) + } + if err != nil && !errors.Is(err, os.ErrNotExist) { + return 0, fmt.Errorf("checking trace event %s/%s: %w", args.group, args.symbol, err) + } + // Open the kprobe_events file in tracefs. f, err := os.OpenFile(typ.EventsPath(), os.O_APPEND|os.O_WRONLY, 0666) if err != nil { - return fmt.Errorf("error opening '%s': %w", typ.EventsPath(), err) + return 0, fmt.Errorf("error opening '%s': %w", typ.EventsPath(), err) } defer f.Close() @@ -434,8 +442,11 @@ func createTraceFSProbeEvent(typ probeType, args probeArgs) error { // subsampling or rate limiting logic can be more accurately implemented in // the eBPF program itself. // See Documentation/kprobes.txt for more details. + if args.retprobeMaxActive != 0 && !args.ret { + return 0, errInvalidMaxActive + } token = kprobeToken(args) - pe = fmt.Sprintf("%s:%s/%s %s", probePrefix(args.ret), args.group, sanitizeSymbol(args.symbol), token) + pe = fmt.Sprintf("%s:%s/%s %s", probePrefix(args.ret, args.retprobeMaxActive), args.group, sanitizeSymbol(args.symbol), token) case uprobeType: // The uprobe_events syntax is as follows: // p[:[GRP/]EVENT] PATH:OFFSET [FETCHARGS] : Set a probe @@ -447,38 +458,63 @@ func createTraceFSProbeEvent(typ probeType, args probeArgs) error { // p:ebpf_5678/main_mySymbol /bin/mybin:0x12345(0x123) // // See Documentation/trace/uprobetracer.txt for more details. + if args.retprobeMaxActive != 0 { + return 0, errInvalidMaxActive + } token = uprobeToken(args) - pe = fmt.Sprintf("%s:%s/%s %s", probePrefix(args.ret), args.group, args.symbol, token) + pe = fmt.Sprintf("%s:%s/%s %s", probePrefix(args.ret, 0), args.group, args.symbol, token) } _, err = f.WriteString(pe) // Since commit 97c753e62e6c, ENOENT is correctly returned instead of EINVAL // when trying to create a retprobe for a missing symbol. if errors.Is(err, os.ErrNotExist) { - return fmt.Errorf("token %s: not found: %w", token, err) + return 0, fmt.Errorf("token %s: not found: %w", token, err) } // Since commit ab105a4fb894, EILSEQ is returned when a kprobe sym+offset is resolved // to an invalid insn boundary. The exact conditions that trigger this error are // arch specific however. if errors.Is(err, syscall.EILSEQ) { - return fmt.Errorf("token %s: bad insn boundary: %w", token, os.ErrNotExist) + return 0, fmt.Errorf("token %s: bad insn boundary: %w", token, os.ErrNotExist) } // ERANGE is returned when the `SYM[+offs]` token is too big and cannot // be resolved. if errors.Is(err, syscall.ERANGE) { - return fmt.Errorf("token %s: offset too big: %w", token, os.ErrNotExist) + return 0, fmt.Errorf("token %s: offset too big: %w", token, os.ErrNotExist) } if err != nil { - return fmt.Errorf("token %s: writing '%s': %w", token, pe, err) + return 0, fmt.Errorf("token %s: writing '%s': %w", token, pe, err) } - return nil + // Get the newly-created trace event's id. + tid, err := getTraceEventID(args.group, args.symbol) + if args.retprobeMaxActive != 0 && errors.Is(err, os.ErrNotExist) { + // Kernels < 4.12 don't support maxactive and therefore auto generate + // group and event names from the symbol and offset. The symbol is used + // without any sanitization. + // See https://elixir.bootlin.com/linux/v4.10/source/kernel/trace/trace_kprobe.c#L712 + event := fmt.Sprintf("kprobes/r_%s_%d", args.symbol, args.offset) + if err := removeTraceFSProbeEvent(typ, event); err != nil { + return 0, fmt.Errorf("failed to remove spurious maxactive event: %s", err) + } + return 0, fmt.Errorf("create trace event with non-default maxactive: %w", ErrNotSupported) + } + if err != nil { + return 0, fmt.Errorf("get trace event id: %w", err) + } + + return tid, nil } // closeTraceFSProbeEvent removes the [k,u]probe with the given type, group and symbol // from /[k,u]probe_events. func closeTraceFSProbeEvent(typ probeType, group, symbol string) error { + pe := fmt.Sprintf("%s/%s", group, sanitizeSymbol(symbol)) + return removeTraceFSProbeEvent(typ, pe) +} + +func removeTraceFSProbeEvent(typ probeType, pe string) error { f, err := os.OpenFile(typ.EventsPath(), os.O_APPEND|os.O_WRONLY, 0666) if err != nil { return fmt.Errorf("error opening %s: %w", typ.EventsPath(), err) @@ -487,9 +523,8 @@ func closeTraceFSProbeEvent(typ probeType, group, symbol string) error { // See [k,u]probe_events syntax above. The probe type does not need to be specified // for removals. - pe := fmt.Sprintf("-:%s/%s", group, sanitizeSymbol(symbol)) - if _, err = f.WriteString(pe); err != nil { - return fmt.Errorf("writing '%s' to '%s': %w", pe, typ.EventsPath(), err) + if _, err = f.WriteString("-:" + pe); err != nil { + return fmt.Errorf("remove event %q from %s: %w", pe, typ.EventsPath(), err) } return nil @@ -517,8 +552,11 @@ func randomGroup(prefix string) (string, error) { return group, nil } -func probePrefix(ret bool) string { +func probePrefix(ret bool, maxActive int) string { if ret { + if maxActive > 0 { + return fmt.Sprintf("r%d", maxActive) + } return "r" } return "p" diff --git a/vendor/github.com/cilium/ebpf/link/kprobe_multi.go b/vendor/github.com/cilium/ebpf/link/kprobe_multi.go index 06db5185c1c..151f47d6687 100644 --- a/vendor/github.com/cilium/ebpf/link/kprobe_multi.go +++ b/vendor/github.com/cilium/ebpf/link/kprobe_multi.go @@ -138,7 +138,7 @@ func (kml *kprobeMultiLink) Unpin() error { return fmt.Errorf("unpin kprobe_multi: %w", ErrNotSupported) } -var haveBPFLinkKprobeMulti = internal.FeatureTest("bpf_link_kprobe_multi", "5.18", func() error { +var haveBPFLinkKprobeMulti = internal.NewFeatureTest("bpf_link_kprobe_multi", "5.18", func() error { prog, err := ebpf.NewProgram(&ebpf.ProgramSpec{ Name: "probe_kpm_link", Type: ebpf.Kprobe, @@ -164,12 +164,16 @@ var haveBPFLinkKprobeMulti = internal.FeatureTest("bpf_link_kprobe_multi", "5.18 Count: 1, Syms: sys.NewStringSlicePointer([]string{"vprintk"}), }) - if errors.Is(err, unix.EINVAL) { + switch { + case errors.Is(err, unix.EINVAL): return internal.ErrNotSupported - } - if err != nil { + // If CONFIG_FPROBE isn't set. + case errors.Is(err, unix.EOPNOTSUPP): + return internal.ErrNotSupported + case err != nil: return err } + fd.Close() return nil diff --git a/vendor/github.com/cilium/ebpf/link/link.go b/vendor/github.com/cilium/ebpf/link/link.go index 112785004a3..d4eeb92de0f 100644 --- a/vendor/github.com/cilium/ebpf/link/link.go +++ b/vendor/github.com/cilium/ebpf/link/link.go @@ -230,6 +230,11 @@ func (l *RawLink) Unpin() error { return nil } +// IsPinned returns true if the Link has a non-empty pinned path. +func (l *RawLink) IsPinned() bool { + return l.pinnedPath != "" +} + // Update implements the Link interface. func (l *RawLink) Update(new *ebpf.Program) error { return l.UpdateArgs(RawLinkUpdateOptions{ diff --git a/vendor/github.com/cilium/ebpf/link/perf_event.go b/vendor/github.com/cilium/ebpf/link/perf_event.go index 602f45b4b8e..61f80627a01 100644 --- a/vendor/github.com/cilium/ebpf/link/perf_event.go +++ b/vendor/github.com/cilium/ebpf/link/perf_event.go @@ -276,7 +276,7 @@ func getTraceEventID(group, name string) (uint64, error) { } tid, err := readUint64FromFile("%d\n", path) if errors.Is(err, os.ErrNotExist) { - return 0, fmt.Errorf("trace event %s/%s: %w", group, name, os.ErrNotExist) + return 0, err } if err != nil { return 0, fmt.Errorf("reading trace event ID of %s/%s: %w", group, name, err) @@ -380,7 +380,7 @@ func readUint64FromFileOnce(format string, path ...string) (uint64, error) { // // https://elixir.bootlin.com/linux/v5.16.8/source/kernel/bpf/syscall.c#L4307 // https://github.com/torvalds/linux/commit/b89fbfbb854c9afc3047e8273cc3a694650b802e -var haveBPFLinkPerfEvent = internal.FeatureTest("bpf_link_perf_event", "5.15", func() error { +var haveBPFLinkPerfEvent = internal.NewFeatureTest("bpf_link_perf_event", "5.15", func() error { prog, err := ebpf.NewProgram(&ebpf.ProgramSpec{ Name: "probe_bpf_perf_link", Type: ebpf.Kprobe, diff --git a/vendor/github.com/cilium/ebpf/link/query.go b/vendor/github.com/cilium/ebpf/link/query.go new file mode 100644 index 00000000000..8c882414d20 --- /dev/null +++ b/vendor/github.com/cilium/ebpf/link/query.go @@ -0,0 +1,63 @@ +package link + +import ( + "fmt" + "os" + "unsafe" + + "github.com/cilium/ebpf" + "github.com/cilium/ebpf/internal/sys" +) + +// QueryOptions defines additional parameters when querying for programs. +type QueryOptions struct { + // Path can be a path to a cgroup, netns or LIRC2 device + Path string + // Attach specifies the AttachType of the programs queried for + Attach ebpf.AttachType + // QueryFlags are flags for BPF_PROG_QUERY, e.g. BPF_F_QUERY_EFFECTIVE + QueryFlags uint32 +} + +// QueryPrograms retrieves ProgramIDs associated with the AttachType. +// +// It only returns IDs of programs that were attached using PROG_ATTACH and not bpf_link. +// Returns (nil, nil) if there are no programs attached to the queried kernel resource. +// Calling QueryPrograms on a kernel missing PROG_QUERY will result in ErrNotSupported. +func QueryPrograms(opts QueryOptions) ([]ebpf.ProgramID, error) { + if haveProgQuery() != nil { + return nil, fmt.Errorf("can't query program IDs: %w", ErrNotSupported) + } + + f, err := os.Open(opts.Path) + if err != nil { + return nil, fmt.Errorf("can't open file: %s", err) + } + defer f.Close() + + // query the number of programs to allocate correct slice size + attr := sys.ProgQueryAttr{ + TargetFd: uint32(f.Fd()), + AttachType: sys.AttachType(opts.Attach), + QueryFlags: opts.QueryFlags, + } + if err := sys.ProgQuery(&attr); err != nil { + return nil, fmt.Errorf("can't query program count: %w", err) + } + + // return nil if no progs are attached + if attr.ProgCount == 0 { + return nil, nil + } + + // we have at least one prog, so we query again + progIds := make([]ebpf.ProgramID, attr.ProgCount) + attr.ProgIds = sys.NewPointer(unsafe.Pointer(&progIds[0])) + attr.ProgCount = uint32(len(progIds)) + if err := sys.ProgQuery(&attr); err != nil { + return nil, fmt.Errorf("can't query program IDs: %w", err) + } + + return progIds, nil + +} diff --git a/vendor/github.com/cilium/ebpf/link/syscalls.go b/vendor/github.com/cilium/ebpf/link/syscalls.go index 035d8759fb9..38f7ae9b786 100644 --- a/vendor/github.com/cilium/ebpf/link/syscalls.go +++ b/vendor/github.com/cilium/ebpf/link/syscalls.go @@ -26,7 +26,7 @@ const ( KprobeMultiType = sys.BPF_LINK_TYPE_KPROBE_MULTI ) -var haveProgAttach = internal.FeatureTest("BPF_PROG_ATTACH", "4.10", func() error { +var haveProgAttach = internal.NewFeatureTest("BPF_PROG_ATTACH", "4.10", func() error { prog, err := ebpf.NewProgram(&ebpf.ProgramSpec{ Type: ebpf.CGroupSKB, License: "MIT", @@ -46,7 +46,7 @@ var haveProgAttach = internal.FeatureTest("BPF_PROG_ATTACH", "4.10", func() erro return nil }) -var haveProgAttachReplace = internal.FeatureTest("BPF_PROG_ATTACH atomic replacement", "5.5", func() error { +var haveProgAttachReplace = internal.NewFeatureTest("BPF_PROG_ATTACH atomic replacement", "5.5", func() error { if err := haveProgAttach(); err != nil { return err } @@ -86,7 +86,7 @@ var haveProgAttachReplace = internal.FeatureTest("BPF_PROG_ATTACH atomic replace return err }) -var haveBPFLink = internal.FeatureTest("bpf_link", "5.7", func() error { +var haveBPFLink = internal.NewFeatureTest("bpf_link", "5.7", func() error { attr := sys.LinkCreateAttr{ // This is a hopefully invalid file descriptor, which triggers EBADF. TargetFd: ^uint32(0), @@ -102,3 +102,22 @@ var haveBPFLink = internal.FeatureTest("bpf_link", "5.7", func() error { } return err }) + +var haveProgQuery = internal.NewFeatureTest("BPF_PROG_QUERY", "4.15", func() error { + attr := sys.ProgQueryAttr{ + // We rely on this being checked during the syscall. + // With an otherwise correct payload we expect EBADF here + // as an indication that the feature is present. + TargetFd: ^uint32(0), + AttachType: sys.AttachType(ebpf.AttachCGroupInetIngress), + } + + err := sys.ProgQuery(&attr) + if errors.Is(err, unix.EINVAL) { + return internal.ErrNotSupported + } + if errors.Is(err, unix.EBADF) { + return nil + } + return err +}) diff --git a/vendor/github.com/cilium/ebpf/link/tracing.go b/vendor/github.com/cilium/ebpf/link/tracing.go index 5c07b775943..e26cc91498b 100644 --- a/vendor/github.com/cilium/ebpf/link/tracing.go +++ b/vendor/github.com/cilium/ebpf/link/tracing.go @@ -48,7 +48,7 @@ func AttachFreplace(targetProg *ebpf.Program, name string, prog *ebpf.Program) ( } defer btfHandle.Close() - spec, err := btfHandle.Spec(nil) + spec, err := btfHandle.Spec() if err != nil { return nil, err } diff --git a/vendor/github.com/cilium/ebpf/link/uprobe.go b/vendor/github.com/cilium/ebpf/link/uprobe.go index b4ce55fcc60..aa1ad9bbef2 100644 --- a/vendor/github.com/cilium/ebpf/link/uprobe.go +++ b/vendor/github.com/cilium/ebpf/link/uprobe.go @@ -18,7 +18,7 @@ var ( uprobeRefCtrOffsetPMUPath = "/sys/bus/event_source/devices/uprobe/format/ref_ctr_offset" // elixir.bootlin.com/linux/v5.15-rc7/source/kernel/events/core.c#L9799 uprobeRefCtrOffsetShift = 32 - haveRefCtrOffsetPMU = internal.FeatureTest("RefCtrOffsetPMU", "4.20", func() error { + haveRefCtrOffsetPMU = internal.NewFeatureTest("RefCtrOffsetPMU", "4.20", func() error { _, err := os.Stat(uprobeRefCtrOffsetPMUPath) if err != nil { return internal.ErrNotSupported diff --git a/vendor/github.com/cilium/ebpf/linker.go b/vendor/github.com/cilium/ebpf/linker.go index 2a2c1b63910..d97a44b2926 100644 --- a/vendor/github.com/cilium/ebpf/linker.go +++ b/vendor/github.com/cilium/ebpf/linker.go @@ -4,7 +4,6 @@ import ( "encoding/binary" "errors" "fmt" - "sync" "github.com/cilium/ebpf/asm" "github.com/cilium/ebpf/btf" @@ -88,9 +87,12 @@ func applyRelocations(insns asm.Instructions, target *btf.Spec, bo binary.ByteOr bo = internal.NativeEndian } - target, err := maybeLoadKernelBTF(target) - if err != nil { - return err + if target == nil { + var err error + target, err = btf.LoadKernelSpec() + if err != nil { + return fmt.Errorf("load kernel spec: %w", err) + } } fixups, err := btf.CORERelocate(relos, target, bo) @@ -216,29 +218,3 @@ func fixupProbeReadKernel(ins *asm.Instruction) { ins.Constant = int64(asm.FnProbeReadStr) } } - -var kernelBTF struct { - sync.Mutex - spec *btf.Spec -} - -// maybeLoadKernelBTF loads the current kernel's BTF if spec is nil, otherwise -// it returns spec unchanged. -// -// The kernel BTF is cached for the lifetime of the process. -func maybeLoadKernelBTF(spec *btf.Spec) (*btf.Spec, error) { - if spec != nil { - return spec, nil - } - - kernelBTF.Lock() - defer kernelBTF.Unlock() - - if kernelBTF.spec != nil { - return kernelBTF.spec, nil - } - - var err error - kernelBTF.spec, err = btf.LoadKernelSpec() - return kernelBTF.spec, err -} diff --git a/vendor/github.com/cilium/ebpf/map.go b/vendor/github.com/cilium/ebpf/map.go index 6a134ae70cb..800d59da810 100644 --- a/vendor/github.com/cilium/ebpf/map.go +++ b/vendor/github.com/cilium/ebpf/map.go @@ -77,9 +77,6 @@ type MapSpec struct { // The key and value type of this map. May be nil. Key, Value btf.Type - - // The BTF associated with this map. - BTF *btf.Spec } func (ms *MapSpec) String() string { @@ -104,12 +101,6 @@ func (ms *MapSpec) Copy() *MapSpec { return &cpy } -// hasBTF returns true if the MapSpec has a valid BTF spec and if its -// map type supports associated BTF metadata in the kernel. -func (ms *MapSpec) hasBTF() bool { - return ms.BTF != nil && ms.Type.hasBTF() -} - func (ms *MapSpec) clampPerfEventArraySize() error { if ms.Type != PerfEventArray { return nil @@ -158,7 +149,11 @@ type MapKV struct { Value interface{} } -func (ms *MapSpec) checkCompatibility(m *Map) error { +// Compatible returns nil if an existing map may be used instead of creating +// one from the spec. +// +// Returns an error wrapping [ErrMapIncompatible] otherwise. +func (ms *MapSpec) Compatible(m *Map) error { switch { case m.typ != ms.Type: return fmt.Errorf("expected type %v, got %v: %w", ms.Type, m.typ, ErrMapIncompatible) @@ -241,10 +236,7 @@ func NewMap(spec *MapSpec) (*Map, error) { // // May return an error wrapping ErrMapIncompatible. func NewMapWithOptions(spec *MapSpec, opts MapOptions) (*Map, error) { - handles := newHandleCache() - defer handles.close() - - m, err := newMapWithOptions(spec, opts, handles) + m, err := newMapWithOptions(spec, opts) if err != nil { return nil, fmt.Errorf("creating map: %w", err) } @@ -257,7 +249,7 @@ func NewMapWithOptions(spec *MapSpec, opts MapOptions) (*Map, error) { return m, nil } -func newMapWithOptions(spec *MapSpec, opts MapOptions, handles *handleCache) (_ *Map, err error) { +func newMapWithOptions(spec *MapSpec, opts MapOptions) (_ *Map, err error) { closeOnError := func(c io.Closer) { if err != nil { c.Close() @@ -284,7 +276,7 @@ func newMapWithOptions(spec *MapSpec, opts MapOptions, handles *handleCache) (_ } defer closeOnError(m) - if err := spec.checkCompatibility(m); err != nil { + if err := spec.Compatible(m); err != nil { return nil, fmt.Errorf("use pinned map %s: %w", spec.Name, err) } @@ -307,7 +299,7 @@ func newMapWithOptions(spec *MapSpec, opts MapOptions, handles *handleCache) (_ return nil, errors.New("inner maps cannot be pinned") } - template, err := spec.InnerMap.createMap(nil, opts, handles) + template, err := spec.InnerMap.createMap(nil, opts) if err != nil { return nil, fmt.Errorf("inner map: %w", err) } @@ -319,7 +311,7 @@ func newMapWithOptions(spec *MapSpec, opts MapOptions, handles *handleCache) (_ innerFd = template.fd } - m, err := spec.createMap(innerFd, opts, handles) + m, err := spec.createMap(innerFd, opts) if err != nil { return nil, err } @@ -328,7 +320,7 @@ func newMapWithOptions(spec *MapSpec, opts MapOptions, handles *handleCache) (_ if spec.Pinning == PinByName { path := filepath.Join(opts.PinPath, spec.Name) if err := m.Pin(path); err != nil { - return nil, fmt.Errorf("pin map: %w", err) + return nil, fmt.Errorf("pin map to %s: %w", path, err) } } @@ -337,15 +329,13 @@ func newMapWithOptions(spec *MapSpec, opts MapOptions, handles *handleCache) (_ // createMap validates the spec's properties and creates the map in the kernel // using the given opts. It does not populate or freeze the map. -func (spec *MapSpec) createMap(inner *sys.FD, opts MapOptions, handles *handleCache) (_ *Map, err error) { +func (spec *MapSpec) createMap(inner *sys.FD, opts MapOptions) (_ *Map, err error) { closeOnError := func(closer io.Closer) { if err != nil { closer.Close() } } - spec = spec.Copy() - // Kernels 4.13 through 5.4 used a struct bpf_map_def that contained // additional 'inner_map_idx' and later 'numa_node' fields. // In order to support loading these definitions, tolerate the presence of @@ -365,17 +355,21 @@ func (spec *MapSpec) createMap(inner *sys.FD, opts MapOptions, handles *handleCa if spec.ValueSize != 0 && spec.ValueSize != 4 { return nil, errors.New("ValueSize must be zero or four for map of map") } + + spec = spec.Copy() spec.ValueSize = 4 case PerfEventArray: if spec.KeySize != 0 && spec.KeySize != 4 { return nil, errors.New("KeySize must be zero or four for perf event array") } - spec.KeySize = 4 if spec.ValueSize != 0 && spec.ValueSize != 4 { return nil, errors.New("ValueSize must be zero or four for perf event array") } + + spec = spec.Copy() + spec.KeySize = 4 spec.ValueSize = 4 if spec.MaxEntries == 0 { @@ -425,23 +419,16 @@ func (spec *MapSpec) createMap(inner *sys.FD, opts MapOptions, handles *handleCa attr.MapName = sys.NewObjName(spec.Name) } - if spec.hasBTF() { - handle, err := handles.btfHandle(spec.BTF) + if spec.Key != nil || spec.Value != nil { + handle, keyTypeID, valueTypeID, err := btf.MarshalMapKV(spec.Key, spec.Value) if err != nil && !errors.Is(err, btf.ErrNotSupported) { return nil, fmt.Errorf("load BTF: %w", err) } if handle != nil { - keyTypeID, err := spec.BTF.TypeID(spec.Key) - if err != nil { - return nil, err - } - - valueTypeID, err := spec.BTF.TypeID(spec.Value) - if err != nil { - return nil, err - } + defer handle.Close() + // Use BTF k/v during map creation. attr.BtfFd = uint32(handle.FD()) attr.BtfKeyTypeId = uint32(keyTypeID) attr.BtfValueTypeId = uint32(valueTypeID) @@ -449,16 +436,23 @@ func (spec *MapSpec) createMap(inner *sys.FD, opts MapOptions, handles *handleCa } fd, err := sys.MapCreate(&attr) + // Some map types don't support BTF k/v in earlier kernel versions. + // Remove BTF metadata and retry map creation. + if (errors.Is(err, sys.ENOTSUPP) || errors.Is(err, unix.EINVAL)) && attr.BtfFd != 0 { + attr.BtfFd, attr.BtfKeyTypeId, attr.BtfValueTypeId = 0, 0, 0 + fd, err = sys.MapCreate(&attr) + } + if err != nil { if errors.Is(err, unix.EPERM) { return nil, fmt.Errorf("map create: %w (MEMLOCK may be too low, consider rlimit.RemoveMemlock)", err) } - if !spec.hasBTF() { - return nil, fmt.Errorf("map create without BTF: %w", err) - } if errors.Is(err, unix.EINVAL) && attr.MaxEntries == 0 { return nil, fmt.Errorf("map create: %w (MaxEntries may be incorrectly set to zero)", err) } + if attr.BtfFd == 0 { + return nil, fmt.Errorf("map create: %w (without BTF k/v)", err) + } return nil, fmt.Errorf("map create: %w", err) } defer closeOnError(fd) @@ -1095,7 +1089,8 @@ func (m *Map) Clone() (*Map, error) { // the new path already exists. Re-pinning across filesystems is not supported. // You can Clone a map to pin it to a different path. // -// This requires bpffs to be mounted above fileName. See https://docs.cilium.io/en/k8s-doc/admin/#admin-mount-bpffs +// This requires bpffs to be mounted above fileName. +// See https://docs.cilium.io/en/stable/concepts/kubernetes/configuration/#mounting-bpffs-with-systemd func (m *Map) Pin(fileName string) error { if err := internal.Pin(m.pinnedPath, fileName, m.fd); err != nil { return err diff --git a/vendor/github.com/cilium/ebpf/prog.go b/vendor/github.com/cilium/ebpf/prog.go index dc58dbe989e..dbc25e4f5bf 100644 --- a/vendor/github.com/cilium/ebpf/prog.go +++ b/vendor/github.com/cilium/ebpf/prog.go @@ -123,11 +123,6 @@ type ProgramSpec struct { // detect this value automatically. KernelVersion uint32 - // The BTF associated with this program. Changing Instructions - // will most likely invalidate the contained data, and may - // result in errors when attempting to load it into the kernel. - BTF *btf.Spec - // The byte order this program was compiled for, may be nil. ByteOrder binary.ByteOrder } @@ -151,6 +146,10 @@ func (ps *ProgramSpec) Tag() (string, error) { return ps.Instructions.Tag(internal.NativeEndian) } +// VerifierError is returned by [NewProgram] and [NewProgramWithOptions] if a +// program is rejected by the verifier. +// +// Use [errors.As] to access the error. type VerifierError = internal.VerifierError // Program represents BPF program loaded into the kernel. @@ -169,7 +168,7 @@ type Program struct { // NewProgram creates a new Program. // -// See NewProgramWithOptions for details. +// See [NewProgramWithOptions] for details. func NewProgram(spec *ProgramSpec) (*Program, error) { return NewProgramWithOptions(spec, ProgramOptions{}) } @@ -179,24 +178,20 @@ func NewProgram(spec *ProgramSpec) (*Program, error) { // Loading a program for the first time will perform // feature detection by loading small, temporary programs. // -// Returns an error wrapping VerifierError if the program or its BTF is rejected -// by the kernel. +// Returns a [VerifierError] if the program is rejected by the kernel. func NewProgramWithOptions(spec *ProgramSpec, opts ProgramOptions) (*Program, error) { if spec == nil { return nil, errors.New("can't load a program from a nil spec") } - handles := newHandleCache() - defer handles.close() - - prog, err := newProgramWithOptions(spec, opts, handles) + prog, err := newProgramWithOptions(spec, opts) if errors.Is(err, asm.ErrUnsatisfiedMapReference) { return nil, fmt.Errorf("cannot load program without loading its whole collection: %w", err) } return prog, err } -func newProgramWithOptions(spec *ProgramSpec, opts ProgramOptions, handles *handleCache) (*Program, error) { +func newProgramWithOptions(spec *ProgramSpec, opts ProgramOptions) (*Program, error) { if len(spec.Instructions) == 0 { return nil, errors.New("instructions cannot be empty") } @@ -241,30 +236,22 @@ func newProgramWithOptions(spec *ProgramSpec, opts ProgramOptions, handles *hand insns := make(asm.Instructions, len(spec.Instructions)) copy(insns, spec.Instructions) - var btfDisabled bool - if spec.BTF != nil { - handle, err := handles.btfHandle(spec.BTF) - btfDisabled = errors.Is(err, btf.ErrNotSupported) - if err != nil && !btfDisabled { - return nil, fmt.Errorf("load BTF: %w", err) - } - - if handle != nil { - attr.ProgBtfFd = uint32(handle.FD()) + handle, fib, lib, err := btf.MarshalExtInfos(insns) + if err != nil && !errors.Is(err, btf.ErrNotSupported) { + return nil, fmt.Errorf("load ext_infos: %w", err) + } + if handle != nil { + defer handle.Close() - fib, lib, err := btf.MarshalExtInfos(insns, spec.BTF.TypeID) - if err != nil { - return nil, err - } + attr.ProgBtfFd = uint32(handle.FD()) - attr.FuncInfoRecSize = btf.FuncInfoSize - attr.FuncInfoCnt = uint32(len(fib)) / btf.FuncInfoSize - attr.FuncInfo = sys.NewSlicePointer(fib) + attr.FuncInfoRecSize = btf.FuncInfoSize + attr.FuncInfoCnt = uint32(len(fib)) / btf.FuncInfoSize + attr.FuncInfo = sys.NewSlicePointer(fib) - attr.LineInfoRecSize = btf.LineInfoSize - attr.LineInfoCnt = uint32(len(lib)) / btf.LineInfoSize - attr.LineInfo = sys.NewSlicePointer(lib) - } + attr.LineInfoRecSize = btf.LineInfoSize + attr.LineInfoCnt = uint32(len(lib)) / btf.LineInfoSize + attr.LineInfo = sys.NewSlicePointer(lib) } if err := applyRelocations(insns, opts.KernelTypes, spec.ByteOrder); err != nil { @@ -276,7 +263,7 @@ func newProgramWithOptions(spec *ProgramSpec, opts ProgramOptions, handles *hand } buf := bytes.NewBuffer(make([]byte, 0, insns.Size())) - err := insns.Marshal(buf, internal.NativeEndian) + err = insns.Marshal(buf, internal.NativeEndian) if err != nil { return nil, err } @@ -313,9 +300,7 @@ func newProgramWithOptions(spec *ProgramSpec, opts ProgramOptions, handles *hand opts.LogSize = DefaultVerifierLogSize } - // The caller provided a specific verifier log level. Immediately load - // the program with the given log level and buffer size, and skip retrying - // with a different level / size later. + // The caller requested a specific verifier log level. Set up the log buffer. var logBuf []byte if !opts.LogDisabled && opts.LogLevel != 0 { logBuf = make([]byte, opts.LogSize) @@ -329,17 +314,19 @@ func newProgramWithOptions(spec *ProgramSpec, opts ProgramOptions, handles *hand return &Program{unix.ByteSliceToString(logBuf), fd, spec.Name, "", spec.Type}, nil } - // A verifier error occurred, but the caller did not specify a log level. - // Re-run with branch-level verifier logs enabled to obtain more info. - var truncated bool + // An error occurred loading the program, but the caller did not explicitly + // enable the verifier log. Re-run with branch-level verifier logs enabled to + // obtain more info. Preserve the original error to return it to the caller. + // An undersized log buffer will result in ENOSPC regardless of the underlying + // cause. + var err2 error if !opts.LogDisabled && opts.LogLevel == 0 { logBuf = make([]byte, opts.LogSize) attr.LogLevel = LogLevelBranch attr.LogSize = uint32(len(logBuf)) attr.LogBuf = sys.NewSlicePointer(logBuf) - _, ve := sys.ProgLoad(attr) - truncated = errors.Is(ve, unix.ENOSPC) + _, err2 = sys.ProgLoad(attr) } switch { @@ -364,11 +351,8 @@ func newProgramWithOptions(spec *ProgramSpec, opts ProgramOptions, handles *hand } } - err = internal.ErrorWithLog(err, logBuf, truncated) - if btfDisabled { - return nil, fmt.Errorf("load program: %w (kernel without BTF support)", err) - } - return nil, fmt.Errorf("load program: %w", err) + truncated := errors.Is(err, unix.ENOSPC) || errors.Is(err2, unix.ENOSPC) + return nil, internal.ErrorWithLog("load program", err, logBuf, truncated) } // NewProgramFromFD creates a program from a raw fd. @@ -406,7 +390,7 @@ func newProgramFromFD(fd *sys.FD) (*Program, error) { return nil, fmt.Errorf("discover program type: %w", err) } - return &Program{"", fd, "", "", info.Type}, nil + return &Program{"", fd, info.Name, "", info.Type}, nil } func (p *Program) String() string { @@ -477,7 +461,8 @@ func (p *Program) Clone() (*Program, error) { // Calling Pin on a previously pinned program will overwrite the path, except when // the new path already exists. Re-pinning across filesystems is not supported. // -// This requires bpffs to be mounted above fileName. See https://docs.cilium.io/en/k8s-doc/admin/#admin-mount-bpffs +// This requires bpffs to be mounted above fileName. +// See https://docs.cilium.io/en/stable/concepts/kubernetes/configuration/#mounting-bpffs-with-systemd func (p *Program) Pin(fileName string) error { if err := internal.Pin(p.pinnedPath, fileName, p.fd); err != nil { return err @@ -518,6 +503,9 @@ func (p *Program) Close() error { // Various options for Run'ing a Program type RunOptions struct { // Program's data input. Required field. + // + // The kernel expects at least 14 bytes input for an ethernet header for + // XDP and SKB programs. Data []byte // Program's data after Program has run. Caller must allocate. Optional field. DataOut []byte @@ -525,7 +513,10 @@ type RunOptions struct { Context interface{} // Program's context after Program has run. Must be a pointer or slice. Optional field. ContextOut interface{} - // Number of times to run Program. Optional field. Defaults to 1. + // Minimum number of times to run Program. Optional field. Defaults to 1. + // + // The program may be executed more often than this due to interruptions, e.g. + // when runtime.AllThreadsSyscall is invoked. Repeat uint32 // Optional flags. Flags uint32 @@ -534,6 +525,8 @@ type RunOptions struct { CPU uint32 // Called whenever the syscall is interrupted, and should be set to testing.B.ResetTimer // or similar. Typically used during benchmarking. Optional field. + // + // Deprecated: use [testing.B.ReportMetric] with unit "ns/op" instead. Reset func() } @@ -561,9 +554,9 @@ func (p *Program) Test(in []byte) (uint32, []byte, error) { Repeat: 1, } - ret, _, err := p.testRun(&opts) + ret, _, err := p.run(&opts) if err != nil { - return ret, nil, fmt.Errorf("can't test program: %w", err) + return ret, nil, fmt.Errorf("test program: %w", err) } return ret, opts.DataOut, nil } @@ -572,9 +565,9 @@ func (p *Program) Test(in []byte) (uint32, []byte, error) { // // Note: the same restrictions from Test apply. func (p *Program) Run(opts *RunOptions) (uint32, error) { - ret, _, err := p.testRun(opts) + ret, _, err := p.run(opts) if err != nil { - return ret, fmt.Errorf("can't test program: %w", err) + return ret, fmt.Errorf("run program: %w", err) } return ret, nil } @@ -601,14 +594,14 @@ func (p *Program) Benchmark(in []byte, repeat int, reset func()) (uint32, time.D Reset: reset, } - ret, total, err := p.testRun(&opts) + ret, total, err := p.run(&opts) if err != nil { - return ret, total, fmt.Errorf("can't benchmark program: %w", err) + return ret, total, fmt.Errorf("benchmark program: %w", err) } return ret, total, nil } -var haveProgTestRun = internal.FeatureTest("BPF_PROG_TEST_RUN", "4.12", func() error { +var haveProgRun = internal.NewFeatureTest("BPF_PROG_RUN", "4.12", func() error { prog, err := NewProgram(&ProgramSpec{ // SocketFilter does not require privileges on newer kernels. Type: SocketFilter, @@ -652,12 +645,12 @@ var haveProgTestRun = internal.FeatureTest("BPF_PROG_TEST_RUN", "4.12", func() e return err }) -func (p *Program) testRun(opts *RunOptions) (uint32, time.Duration, error) { +func (p *Program) run(opts *RunOptions) (uint32, time.Duration, error) { if uint(len(opts.Data)) > math.MaxUint32 { return 0, 0, fmt.Errorf("input is too long") } - if err := haveProgTestRun(); err != nil { + if err := haveProgRun(); err != nil { return 0, 0, err } @@ -690,24 +683,45 @@ func (p *Program) testRun(opts *RunOptions) (uint32, time.Duration, error) { Cpu: opts.CPU, } + if attr.Repeat == 0 { + attr.Repeat = 1 + } + +retry: for { err := sys.ProgRun(&attr) if err == nil { - break + break retry } if errors.Is(err, unix.EINTR) { + if attr.Repeat == 1 { + // Older kernels check whether enough repetitions have been + // executed only after checking for pending signals. + // + // run signal? done? run ... + // + // As a result we can get EINTR for repeat==1 even though + // the program was run exactly once. Treat this as a + // successful run instead. + // + // Since commit 607b9cc92bd7 ("bpf: Consolidate shared test timing code") + // the conditions are reversed: + // run done? signal? ... + break retry + } + if opts.Reset != nil { opts.Reset() } - continue + continue retry } if errors.Is(err, sys.ENOTSUPP) { - return 0, 0, fmt.Errorf("kernel doesn't support testing program type %s: %w", p.Type(), ErrNotSupported) + return 0, 0, fmt.Errorf("kernel doesn't support running %s: %w", p.Type(), ErrNotSupported) } - return 0, 0, fmt.Errorf("can't run test: %w", err) + return 0, 0, err } if opts.DataOut != nil { @@ -861,17 +875,14 @@ func findTargetInKernel(name string, progType ProgramType, attachType AttachType return nil, 0, errUnrecognizedAttachType } - // maybeLoadKernelBTF may return external BTF if /sys/... is not available. - // Ideally we shouldn't use external BTF here, since we might try to use - // it for parsing kmod split BTF later on. That seems unlikely to work. - spec, err := maybeLoadKernelBTF(nil) + spec, err := btf.LoadKernelSpec() if err != nil { return nil, 0, fmt.Errorf("load kernel spec: %w", err) } err = spec.TypeByName(typeName, &target) if errors.Is(err, btf.ErrNotFound) { - module, id, err := findTargetInModule(spec, typeName, target) + module, id, err := findTargetInModule(typeName, target) if errors.Is(err, btf.ErrNotFound) { return nil, 0, &internal.UnsupportedFeatureError{Name: featureName} } @@ -880,6 +891,12 @@ func findTargetInKernel(name string, progType ProgramType, attachType AttachType } return module, id, nil } + // See cilium/ebpf#894. Until we can disambiguate between equally-named kernel + // symbols, we should explicitly refuse program loads. They will not reliably + // do what the caller intended. + if errors.Is(err, btf.ErrMultipleMatches) { + return nil, 0, fmt.Errorf("attaching to ambiguous kernel symbol is not supported: %w", err) + } if err != nil { return nil, 0, fmt.Errorf("find target for %s in vmlinux: %w", featureName, err) } @@ -893,7 +910,7 @@ func findTargetInKernel(name string, progType ProgramType, attachType AttachType // vmlinux must contain the kernel's types and is used to parse kmod BTF. // // Returns btf.ErrNotFound if the target can't be found in any module. -func findTargetInModule(vmlinux *btf.Spec, typeName string, target btf.Type) (*btf.Handle, btf.TypeID, error) { +func findTargetInModule(typeName string, target btf.Type) (*btf.Handle, btf.TypeID, error) { it := new(btf.HandleIterator) defer it.Handle.Close() @@ -907,7 +924,7 @@ func findTargetInModule(vmlinux *btf.Spec, typeName string, target btf.Type) (*b continue } - spec, err := it.Handle.Spec(vmlinux) + spec, err := it.Handle.Spec() if err != nil { return nil, 0, fmt.Errorf("parse types for module %s: %w", info.Name, err) } @@ -957,7 +974,7 @@ func findTargetInProgram(prog *Program, name string, progType ProgramType, attac } defer btfHandle.Close() - spec, err := btfHandle.Spec(nil) + spec, err := btfHandle.Spec() if err != nil { return 0, err } diff --git a/vendor/github.com/cilium/ebpf/syscalls.go b/vendor/github.com/cilium/ebpf/syscalls.go index c10014297b5..1ab13363f24 100644 --- a/vendor/github.com/cilium/ebpf/syscalls.go +++ b/vendor/github.com/cilium/ebpf/syscalls.go @@ -47,7 +47,7 @@ func progLoad(insns asm.Instructions, typ ProgramType, license string) (*sys.FD, }) } -var haveNestedMaps = internal.FeatureTest("nested maps", "4.12", func() error { +var haveNestedMaps = internal.NewFeatureTest("nested maps", "4.12", func() error { _, err := sys.MapCreate(&sys.MapCreateAttr{ MapType: sys.MapType(ArrayOfMaps), KeySize: 4, @@ -65,7 +65,7 @@ var haveNestedMaps = internal.FeatureTest("nested maps", "4.12", func() error { return err }) -var haveMapMutabilityModifiers = internal.FeatureTest("read- and write-only maps", "5.2", func() error { +var haveMapMutabilityModifiers = internal.NewFeatureTest("read- and write-only maps", "5.2", func() error { // This checks BPF_F_RDONLY_PROG and BPF_F_WRONLY_PROG. Since // BPF_MAP_FREEZE appeared in 5.2 as well we don't do a separate check. m, err := sys.MapCreate(&sys.MapCreateAttr{ @@ -82,7 +82,7 @@ var haveMapMutabilityModifiers = internal.FeatureTest("read- and write-only maps return nil }) -var haveMmapableMaps = internal.FeatureTest("mmapable maps", "5.5", func() error { +var haveMmapableMaps = internal.NewFeatureTest("mmapable maps", "5.5", func() error { // This checks BPF_F_MMAPABLE, which appeared in 5.5 for array maps. m, err := sys.MapCreate(&sys.MapCreateAttr{ MapType: sys.MapType(Array), @@ -98,7 +98,7 @@ var haveMmapableMaps = internal.FeatureTest("mmapable maps", "5.5", func() error return nil }) -var haveInnerMaps = internal.FeatureTest("inner maps", "5.10", func() error { +var haveInnerMaps = internal.NewFeatureTest("inner maps", "5.10", func() error { // This checks BPF_F_INNER_MAP, which appeared in 5.10. m, err := sys.MapCreate(&sys.MapCreateAttr{ MapType: sys.MapType(Array), @@ -114,7 +114,7 @@ var haveInnerMaps = internal.FeatureTest("inner maps", "5.10", func() error { return nil }) -var haveNoPreallocMaps = internal.FeatureTest("prealloc maps", "4.6", func() error { +var haveNoPreallocMaps = internal.NewFeatureTest("prealloc maps", "4.6", func() error { // This checks BPF_F_NO_PREALLOC, which appeared in 4.6. m, err := sys.MapCreate(&sys.MapCreateAttr{ MapType: sys.MapType(Hash), @@ -154,7 +154,7 @@ func wrapMapError(err error) error { return err } -var haveObjName = internal.FeatureTest("object names", "4.15", func() error { +var haveObjName = internal.NewFeatureTest("object names", "4.15", func() error { attr := sys.MapCreateAttr{ MapType: sys.MapType(Array), KeySize: 4, @@ -172,7 +172,7 @@ var haveObjName = internal.FeatureTest("object names", "4.15", func() error { return nil }) -var objNameAllowsDot = internal.FeatureTest("dot in object names", "5.2", func() error { +var objNameAllowsDot = internal.NewFeatureTest("dot in object names", "5.2", func() error { if err := haveObjName(); err != nil { return err } @@ -194,7 +194,7 @@ var objNameAllowsDot = internal.FeatureTest("dot in object names", "5.2", func() return nil }) -var haveBatchAPI = internal.FeatureTest("map batch api", "5.6", func() error { +var haveBatchAPI = internal.NewFeatureTest("map batch api", "5.6", func() error { var maxEntries uint32 = 2 attr := sys.MapCreateAttr{ MapType: sys.MapType(Hash), @@ -226,7 +226,7 @@ var haveBatchAPI = internal.FeatureTest("map batch api", "5.6", func() error { return nil }) -var haveProbeReadKernel = internal.FeatureTest("bpf_probe_read_kernel", "5.5", func() error { +var haveProbeReadKernel = internal.NewFeatureTest("bpf_probe_read_kernel", "5.5", func() error { insns := asm.Instructions{ asm.Mov.Reg(asm.R1, asm.R10), asm.Add.Imm(asm.R1, -8), @@ -244,7 +244,7 @@ var haveProbeReadKernel = internal.FeatureTest("bpf_probe_read_kernel", "5.5", f return nil }) -var haveBPFToBPFCalls = internal.FeatureTest("bpf2bpf calls", "4.16", func() error { +var haveBPFToBPFCalls = internal.NewFeatureTest("bpf2bpf calls", "4.16", func() error { insns := asm.Instructions{ asm.Call.Label("prog2").WithSymbol("prog1"), asm.Return(), diff --git a/vendor/github.com/cilium/ebpf/types.go b/vendor/github.com/cilium/ebpf/types.go index 03b7f11f3ac..35927e2ab80 100644 --- a/vendor/github.com/cilium/ebpf/types.go +++ b/vendor/github.com/cilium/ebpf/types.go @@ -11,11 +11,6 @@ import ( // that will be initialized in the kernel. type MapType uint32 -// Max returns the latest supported MapType. -func (MapType) Max() MapType { - return maxMapType - 1 -} - // All the various map types that can be created const ( UnspecifiedMap MapType = iota @@ -100,8 +95,6 @@ const ( InodeStorage // TaskStorage - Specialized local storage map for task_struct. TaskStorage - // maxMapType - Bound enum of MapTypes, has to be last in enum. - maxMapType ) // hasPerCPUValue returns true if the Map stores a value per CPU. @@ -121,25 +114,9 @@ func (mt MapType) canStoreProgram() bool { return mt == ProgramArray } -// hasBTF returns true if the map type supports BTF key/value metadata. -func (mt MapType) hasBTF() bool { - switch mt { - case PerfEventArray, CGroupArray, StackTrace, ArrayOfMaps, HashOfMaps, DevMap, - DevMapHash, CPUMap, XSKMap, SockMap, SockHash, Queue, Stack, RingBuf: - return false - default: - return true - } -} - // ProgramType of the eBPF program type ProgramType uint32 -// Max return the latest supported ProgramType. -func (ProgramType) Max() ProgramType { - return maxProgramType - 1 -} - // eBPF program types const ( UnspecifiedProgram ProgramType = iota @@ -174,7 +151,6 @@ const ( LSM SkLookup Syscall - maxProgramType ) // AttachType of the eBPF program, needed to differentiate allowed context accesses in diff --git a/vendor/github.com/cilium/ebpf/types_string.go b/vendor/github.com/cilium/ebpf/types_string.go index e80b948b096..5679f225430 100644 --- a/vendor/github.com/cilium/ebpf/types_string.go +++ b/vendor/github.com/cilium/ebpf/types_string.go @@ -38,12 +38,11 @@ func _() { _ = x[RingBuf-27] _ = x[InodeStorage-28] _ = x[TaskStorage-29] - _ = x[maxMapType-30] } -const _MapType_name = "UnspecifiedMapHashArrayProgramArrayPerfEventArrayPerCPUHashPerCPUArrayStackTraceCGroupArrayLRUHashLRUCPUHashLPMTrieArrayOfMapsHashOfMapsDevMapSockMapCPUMapXSKMapSockHashCGroupStorageReusePortSockArrayPerCPUCGroupStorageQueueStackSkStorageDevMapHashStructOpsMapRingBufInodeStorageTaskStoragemaxMapType" +const _MapType_name = "UnspecifiedMapHashArrayProgramArrayPerfEventArrayPerCPUHashPerCPUArrayStackTraceCGroupArrayLRUHashLRUCPUHashLPMTrieArrayOfMapsHashOfMapsDevMapSockMapCPUMapXSKMapSockHashCGroupStorageReusePortSockArrayPerCPUCGroupStorageQueueStackSkStorageDevMapHashStructOpsMapRingBufInodeStorageTaskStorage" -var _MapType_index = [...]uint16{0, 14, 18, 23, 35, 49, 59, 70, 80, 91, 98, 108, 115, 126, 136, 142, 149, 155, 161, 169, 182, 200, 219, 224, 229, 238, 248, 260, 267, 279, 290, 300} +var _MapType_index = [...]uint16{0, 14, 18, 23, 35, 49, 59, 70, 80, 91, 98, 108, 115, 126, 136, 142, 149, 155, 161, 169, 182, 200, 219, 224, 229, 238, 248, 260, 267, 279, 290} func (i MapType) String() string { if i >= MapType(len(_MapType_index)-1) { @@ -87,12 +86,11 @@ func _() { _ = x[LSM-29] _ = x[SkLookup-30] _ = x[Syscall-31] - _ = x[maxProgramType-32] } -const _ProgramType_name = "UnspecifiedProgramSocketFilterKprobeSchedCLSSchedACTTracePointXDPPerfEventCGroupSKBCGroupSockLWTInLWTOutLWTXmitSockOpsSkSKBCGroupDeviceSkMsgRawTracepointCGroupSockAddrLWTSeg6LocalLircMode2SkReuseportFlowDissectorCGroupSysctlRawTracepointWritableCGroupSockoptTracingStructOpsExtensionLSMSkLookupSyscallmaxProgramType" +const _ProgramType_name = "UnspecifiedProgramSocketFilterKprobeSchedCLSSchedACTTracePointXDPPerfEventCGroupSKBCGroupSockLWTInLWTOutLWTXmitSockOpsSkSKBCGroupDeviceSkMsgRawTracepointCGroupSockAddrLWTSeg6LocalLircMode2SkReuseportFlowDissectorCGroupSysctlRawTracepointWritableCGroupSockoptTracingStructOpsExtensionLSMSkLookupSyscall" -var _ProgramType_index = [...]uint16{0, 18, 30, 36, 44, 52, 62, 65, 74, 83, 93, 98, 104, 111, 118, 123, 135, 140, 153, 167, 179, 188, 199, 212, 224, 245, 258, 265, 274, 283, 286, 294, 301, 315} +var _ProgramType_index = [...]uint16{0, 18, 30, 36, 44, 52, 62, 65, 74, 83, 93, 98, 104, 111, 118, 123, 135, 140, 153, 167, 179, 188, 199, 212, 224, 245, 258, 265, 274, 283, 286, 294, 301} func (i ProgramType) String() string { if i >= ProgramType(len(_ProgramType_index)-1) { diff --git a/vendor/modules.txt b/vendor/modules.txt index 2679a3c4242..b308807ccca 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -2,7 +2,7 @@ ## explicit; go 1.16 github.com/checkpoint-restore/go-criu/v6 github.com/checkpoint-restore/go-criu/v6/rpc -# github.com/cilium/ebpf v0.9.3 +# github.com/cilium/ebpf v0.10.0 ## explicit; go 1.18 github.com/cilium/ebpf github.com/cilium/ebpf/asm From e29e57b5fcf88cca25c669360b2db10eb2cf4ec0 Mon Sep 17 00:00:00 2001 From: Eric Ernst Date: Tue, 10 Jan 2023 21:29:29 -0800 Subject: [PATCH 0144/1176] libcontainer: configs: ensure can build on darwin configs package can no longer be built on non-Linux OS, such as Darwin. When running `GOOS=darwin go build` on the packge, we had the following errors: ``` ./configs/mount.go:34:16: undefined: unix.MountAttr ./configs/mount.go:47:22: undefined: unix.MS_BIND ``` Let's ensure that the linux specific bits are handled in mount_linux.go, and introduce a _unsupported file, similar to how cgroups file is handled within the package. This'll facilitate utilization of the pkg for other projects that care about Darwin. Signed-off-by: Eric Ernst --- libcontainer/configs/mount.go | 35 ---------------------- libcontainer/configs/mount_linux.go | 36 +++++++++++++++++++++++ libcontainer/configs/mount_unsupported.go | 10 +++++++ 3 files changed, 46 insertions(+), 35 deletions(-) create mode 100644 libcontainer/configs/mount_linux.go create mode 100644 libcontainer/configs/mount_unsupported.go diff --git a/libcontainer/configs/mount.go b/libcontainer/configs/mount.go index b4c616d5538..e39440fc08d 100644 --- a/libcontainer/configs/mount.go +++ b/libcontainer/configs/mount.go @@ -1,42 +1,7 @@ package configs -import "golang.org/x/sys/unix" - const ( // EXT_COPYUP is a directive to copy up the contents of a directory when // a tmpfs is mounted over it. EXT_COPYUP = 1 << iota //nolint:golint // ignore "don't use ALL_CAPS" warning ) - -type Mount struct { - // Source path for the mount. - Source string `json:"source"` - - // Destination path for the mount inside the container. - Destination string `json:"destination"` - - // Device the mount is for. - Device string `json:"device"` - - // Mount flags. - Flags int `json:"flags"` - - // Propagation Flags - PropagationFlags []int `json:"propagation_flags"` - - // Mount data applied to the mount. - Data string `json:"data"` - - // Relabel source if set, "z" indicates shared, "Z" indicates unshared. - Relabel string `json:"relabel"` - - // RecAttr represents mount properties to be applied recursively (AT_RECURSIVE), see mount_setattr(2). - RecAttr *unix.MountAttr `json:"rec_attr"` - - // Extensions are additional flags that are specific to runc. - Extensions int `json:"extensions"` -} - -func (m *Mount) IsBind() bool { - return m.Flags&unix.MS_BIND != 0 -} diff --git a/libcontainer/configs/mount_linux.go b/libcontainer/configs/mount_linux.go new file mode 100644 index 00000000000..5cb7883c9a7 --- /dev/null +++ b/libcontainer/configs/mount_linux.go @@ -0,0 +1,36 @@ +package configs + +import "golang.org/x/sys/unix" + +type Mount struct { + // Source path for the mount. + Source string `json:"source"` + + // Destination path for the mount inside the container. + Destination string `json:"destination"` + + // Device the mount is for. + Device string `json:"device"` + + // Mount flags. + Flags int `json:"flags"` + + // Propagation Flags + PropagationFlags []int `json:"propagation_flags"` + + // Mount data applied to the mount. + Data string `json:"data"` + + // Relabel source if set, "z" indicates shared, "Z" indicates unshared. + Relabel string `json:"relabel"` + + // RecAttr represents mount properties to be applied recursively (AT_RECURSIVE), see mount_setattr(2). + RecAttr *unix.MountAttr `json:"rec_attr"` + + // Extensions are additional flags that are specific to runc. + Extensions int `json:"extensions"` +} + +func (m *Mount) IsBind() bool { + return m.Flags&unix.MS_BIND != 0 +} diff --git a/libcontainer/configs/mount_unsupported.go b/libcontainer/configs/mount_unsupported.go new file mode 100644 index 00000000000..21541912154 --- /dev/null +++ b/libcontainer/configs/mount_unsupported.go @@ -0,0 +1,10 @@ +//go:build !linux +// +build !linux + +package configs + +type Mount struct{} + +func (m *Mount) IsBind() bool { + return false +} From 6d28928c874b071f3e4d4fedca9269367408bd2e Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Wed, 11 Jan 2023 16:25:30 -0800 Subject: [PATCH 0145/1176] Explicitly pin busybox and debian downloads Signed-off-by: Tianon Gravi --- tests/integration/bootstrap-get-images.sh | 99 ++++++++++++++++ tests/integration/get-images.sh | 137 +++++++++++++++++++--- 2 files changed, 217 insertions(+), 19 deletions(-) create mode 100755 tests/integration/bootstrap-get-images.sh diff --git a/tests/integration/bootstrap-get-images.sh b/tests/integration/bootstrap-get-images.sh new file mode 100755 index 00000000000..78d512cfc68 --- /dev/null +++ b/tests/integration/bootstrap-get-images.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# This script generates "get-images.sh" using Official Images tooling. +# +# ./bootstrap-get-images.sh > get-images.sh +# +# This script requires "bashbrew". To get the latest version, visit +# https://github.com/docker-library/bashbrew/releases + +images=( + # pinned to an older BusyBox (prior to 1.36 becoming "latest") because 1.36.0 has some unresolved bugs, especially around sha256sum + 'https://github.com/docker-library/official-images/raw/eaed422a86b43c885a0f980d48f4bbf346086a4a/library/busybox:glibc' + + # pinned to an older Debian Buster which has more architectures than the latest does (Buster transitioned from the Debian Security Team to the LTS Team which supports a smaller set) + 'https://github.com/docker-library/official-images/raw/ce10f6b60289c0c0b5de6f785528b8725f225a58/library/debian:buster-slim' +) + +cat <<'EOH' +#!/bin/bash + +# DO NOT EDIT! Generated by "bootstrap-get-images.sh" + +# This script checks if container images needed for tests (currently +# busybox and Debian 10 "Buster") are available locally, and downloads +# them to testdata directory if not. +# +# The script is self-contained/standalone and is used from a few places +# that need to ensure the images are downloaded. Its output is suitable +# for consumption by shell via eval (see helpers.bash). + +set -e -u -o pipefail + +# Root directory of integration tests. +INTEGRATION_ROOT=$(dirname "$(readlink -f "${BASH_SOURCE[0]}")") +# Test data path. +TESTDATA="${INTEGRATION_ROOT}/testdata" +# Sanity check: $TESTDATA directory must exist. +if [ ! -d "$TESTDATA" ]; then + echo "Bad TESTDATA directory: $TESTDATA. Aborting" >&2 + exit 1 +fi + +function get() { + local dest="$1" url="$2" + + [ -e "$dest" ] && return + + # Sanity check: $TESTDATA directory must be writable. + if [ ! -w "$TESTDATA" ]; then + echo "TESTDATA directory ($TESTDATA) not writable. Aborting" >&2 + exit 1 + fi + + if ! curl -o "$dest" -fsSL --retry 5 "$url"; then + echo "Failed to get $url" 1>&2 + exit 1 + fi +} + +arch=$(go env GOARCH) +if [ "$arch" = 'arm' ]; then + arm=$(go env GOARM) + : "${arm:=7}" + arch=${arch}v$arm +fi +EOH + +# shellcheck disable=SC2016 # this generates shell code intentionally (and many of the '$' in here are intended for "text/template" not the end shell anyhow) +bashbrew cat --format ' + {{- "\n" -}} + {{- "case $arch in\n" -}} + + {{- range .TagEntry.Architectures -}} + {{- $repo := $.TagEntry.ArchGitRepo . | trimSuffixes ".git" -}} + {{- $branch := $.TagEntry.ArchGitFetch . | trimPrefixes "refs/heads/" -}} + {{- $commit := $.TagEntry.ArchGitCommit . -}} + {{- $dir := $.TagEntry.ArchDirectory . -}} + {{- $tarball := eq $.RepoName "debian" | ternary "rootfs.tar.xz" "busybox.tar.xz" -}} + + {{ . | replace "arm64v8" "arm64" "arm32" "arm" "i386" "386" }} {{- ")\n" -}} + {{- "\t" -}}# {{ $repo }}/tree/{{ $branch }}{{- "\n" -}} + {{- "\t" -}}# {{ $repo }}/tree/{{ $commit }}/{{ $dir }}{{- "\n" -}} + {{- "\t" -}} url="{{ $repo }}/raw/{{ $commit }}/{{ $dir }}/{{ $tarball }}"{{- "\n" -}} + {{- "\t" -}} ;; {{- "\n" -}} + {{- "\n" -}} + {{- end -}} + + *){{- "\n" -}} + {{- "\t" -}}echo >&2 "error: unsupported {{ $.RepoName }} architecture: $arch"{{- "\n" -}} + {{- "\t" -}}exit 1{{- "\n" -}} + {{- "\t" -}};;{{- "\n" -}} + + {{- "esac\n" -}} + {{- printf `rootfs="$TESTDATA/%s-${arch}.tar.xz"` $.RepoName -}}{{- "\n" -}} + {{- `get "$rootfs" "$url"` -}}{{- "\n" -}} + {{- printf "var=%s_image\n" $.RepoName -}} + {{- `echo "${var^^}=$rootfs"` -}} +' "${images[@]}" diff --git a/tests/integration/get-images.sh b/tests/integration/get-images.sh index 7204478de10..5fc20cf1b5e 100755 --- a/tests/integration/get-images.sh +++ b/tests/integration/get-images.sh @@ -1,5 +1,7 @@ #!/bin/bash +# DO NOT EDIT! Generated by "bootstrap-get-images.sh" + # This script checks if container images needed for tests (currently # busybox and Debian 10 "Buster") are available locally, and downloads # them to testdata directory if not. @@ -7,11 +9,6 @@ # The script is self-contained/standalone and is used from a few places # that need to ensure the images are downloaded. Its output is suitable # for consumption by shell via eval (see helpers.bash). -# -# XXX: Latest available images are fetched. Theoretically, -# this can bring some instability in case of a broken image. -# In this case, images will need to be pinned to a checksum -# on a per-image and per-architecture basis. set -e -u -o pipefail @@ -43,24 +40,126 @@ function get() { } arch=$(go env GOARCH) -# Convert from GOARCH to whatever the URLs below are using. +if [ "$arch" = 'arm' ]; then + arm=$(go env GOARM) + : "${arm:=7}" + arch=${arch}v$arm +fi + case $arch in +amd64) + # https://github.com/docker-library/busybox/tree/dist-amd64 + # https://github.com/docker-library/busybox/tree/31d342ad033e27c18723a516a2274ab39547be27/stable/glibc + url="https://github.com/docker-library/busybox/raw/31d342ad033e27c18723a516a2274ab39547be27/stable/glibc/busybox.tar.xz" + ;; + +armv5) + # https://github.com/docker-library/busybox/tree/dist-arm32v5 + # https://github.com/docker-library/busybox/tree/96ea82ea25565f78b50bd032d5768d64985d6e11/stable/glibc + url="https://github.com/docker-library/busybox/raw/96ea82ea25565f78b50bd032d5768d64985d6e11/stable/glibc/busybox.tar.xz" + ;; + +armv7) + # https://github.com/docker-library/busybox/tree/dist-arm32v7 + # https://github.com/docker-library/busybox/tree/5cb6c347469e86e4468e5e248de751b3598bb577/stable/glibc + url="https://github.com/docker-library/busybox/raw/5cb6c347469e86e4468e5e248de751b3598bb577/stable/glibc/busybox.tar.xz" + ;; + arm64) - arch=arm64v8 + # https://github.com/docker-library/busybox/tree/dist-arm64v8 + # https://github.com/docker-library/busybox/tree/94c664b5ca464546266bce54be0082874a44c7b2/stable/glibc + url="https://github.com/docker-library/busybox/raw/94c664b5ca464546266bce54be0082874a44c7b2/stable/glibc/busybox.tar.xz" ;; + 386) - arch=i386 + # https://github.com/docker-library/busybox/tree/dist-i386 + # https://github.com/docker-library/busybox/tree/461a473aef31b7726ea99909a24551bf44565c05/stable/glibc + url="https://github.com/docker-library/busybox/raw/461a473aef31b7726ea99909a24551bf44565c05/stable/glibc/busybox.tar.xz" + ;; + +mips64le) + # https://github.com/docker-library/busybox/tree/dist-mips64le + # https://github.com/docker-library/busybox/tree/47f73f7c735dcd6760a976bfe0012d251b6ef0a9/stable/glibc + url="https://github.com/docker-library/busybox/raw/47f73f7c735dcd6760a976bfe0012d251b6ef0a9/stable/glibc/busybox.tar.xz" + ;; + +ppc64le) + # https://github.com/docker-library/busybox/tree/dist-ppc64le + # https://github.com/docker-library/busybox/tree/9ca13bc214717966383cf97e08606b444b7300e4/stable/glibc + url="https://github.com/docker-library/busybox/raw/9ca13bc214717966383cf97e08606b444b7300e4/stable/glibc/busybox.tar.xz" + ;; + +s390x) + # https://github.com/docker-library/busybox/tree/dist-s390x + # https://github.com/docker-library/busybox/tree/a03814d21bcf97767121bb9422a742ec237a09e2/stable/glibc + url="https://github.com/docker-library/busybox/raw/a03814d21bcf97767121bb9422a742ec237a09e2/stable/glibc/busybox.tar.xz" + ;; + +*) + echo >&2 "error: unsupported busybox architecture: $arch" + exit 1 ;; esac +rootfs="$TESTDATA/busybox-${arch}.tar.xz" +get "$rootfs" "$url" +var=busybox_image +echo "${var^^}=$rootfs" + +case $arch in +amd64) + # https://github.com/debuerreotype/docker-debian-artifacts/tree/dist-amd64 + # https://github.com/debuerreotype/docker-debian-artifacts/tree/686d9f6eaada08a754bc7abf6f6184c65c5b378f/buster/slim + url="https://github.com/debuerreotype/docker-debian-artifacts/raw/686d9f6eaada08a754bc7abf6f6184c65c5b378f/buster/slim/rootfs.tar.xz" + ;; + +armv5) + # https://github.com/debuerreotype/docker-debian-artifacts/tree/dist-arm32v5 + # https://github.com/debuerreotype/docker-debian-artifacts/tree/155640b6e2e249dfaeee8795d5de539ef3e49417/buster/slim + url="https://github.com/debuerreotype/docker-debian-artifacts/raw/155640b6e2e249dfaeee8795d5de539ef3e49417/buster/slim/rootfs.tar.xz" + ;; + +armv7) + # https://github.com/debuerreotype/docker-debian-artifacts/tree/dist-arm32v7 + # https://github.com/debuerreotype/docker-debian-artifacts/tree/60ff0c2c6ce9556e5d8a2758dd2b3f3731716a6f/buster/slim + url="https://github.com/debuerreotype/docker-debian-artifacts/raw/60ff0c2c6ce9556e5d8a2758dd2b3f3731716a6f/buster/slim/rootfs.tar.xz" + ;; -# busybox -BUSYBOX_IMAGE="$TESTDATA/busybox-${arch}.tar.xz" -get "$BUSYBOX_IMAGE" \ - "https://github.com/docker-library/busybox/raw/dist-${arch}/latest/glibc/busybox.tar.xz" -echo "BUSYBOX_IMAGE=$BUSYBOX_IMAGE" - -# debian -DEBIAN_IMAGE="$TESTDATA/debian-${arch}.tar.xz" -get "$DEBIAN_IMAGE" \ - "https://github.com/debuerreotype/docker-debian-artifacts/raw/dist-${arch}/buster/slim/rootfs.tar.xz" -echo "DEBIAN_IMAGE=$DEBIAN_IMAGE" +arm64) + # https://github.com/debuerreotype/docker-debian-artifacts/tree/dist-arm64v8 + # https://github.com/debuerreotype/docker-debian-artifacts/tree/2f108af35e22064c848b8628a7cac56192246dba/buster/slim + url="https://github.com/debuerreotype/docker-debian-artifacts/raw/2f108af35e22064c848b8628a7cac56192246dba/buster/slim/rootfs.tar.xz" + ;; + +386) + # https://github.com/debuerreotype/docker-debian-artifacts/tree/dist-i386 + # https://github.com/debuerreotype/docker-debian-artifacts/tree/e4db8aa97f4366e6f27ddbdeaed0773fe0288d47/buster/slim + url="https://github.com/debuerreotype/docker-debian-artifacts/raw/e4db8aa97f4366e6f27ddbdeaed0773fe0288d47/buster/slim/rootfs.tar.xz" + ;; + +mips64le) + # https://github.com/debuerreotype/docker-debian-artifacts/tree/dist-mips64le + # https://github.com/debuerreotype/docker-debian-artifacts/tree/e28cbd76dcfba10446b1722aebb5a996121e3d27/buster/slim + url="https://github.com/debuerreotype/docker-debian-artifacts/raw/e28cbd76dcfba10446b1722aebb5a996121e3d27/buster/slim/rootfs.tar.xz" + ;; + +ppc64le) + # https://github.com/debuerreotype/docker-debian-artifacts/tree/dist-ppc64le + # https://github.com/debuerreotype/docker-debian-artifacts/tree/3ba08903ca3fd48fe59ba92b02744a2f5d4d9d6f/buster/slim + url="https://github.com/debuerreotype/docker-debian-artifacts/raw/3ba08903ca3fd48fe59ba92b02744a2f5d4d9d6f/buster/slim/rootfs.tar.xz" + ;; + +s390x) + # https://github.com/debuerreotype/docker-debian-artifacts/tree/dist-s390x + # https://github.com/debuerreotype/docker-debian-artifacts/tree/2fddbf8fe632fc5865b140341b68a1358586fff2/buster/slim + url="https://github.com/debuerreotype/docker-debian-artifacts/raw/2fddbf8fe632fc5865b140341b68a1358586fff2/buster/slim/rootfs.tar.xz" + ;; + +*) + echo >&2 "error: unsupported debian architecture: $arch" + exit 1 + ;; +esac +rootfs="$TESTDATA/debian-${arch}.tar.xz" +get "$rootfs" "$url" +var=debian_image +echo "${var^^}=$rootfs" From 3fbc5ba7ca567e99bc95334f19f1701605343ad3 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 24 Jan 2023 16:14:14 -0800 Subject: [PATCH 0146/1176] ci: add tests/int/get-images.sh check This is to check that tests/integration/get-images.sh is in sync with tests/integration/bootstrap-get-images.sh. Signed-off-by: Kir Kolyshkin --- .github/workflows/validate.yml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 5a31d509017..eb15b5bf897 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -181,3 +181,29 @@ jobs: with: name: release-${{ github.run_id }} path: release/* + + + get-images: + runs-on: ubuntu-20.04 + steps: + - uses: actions/checkout@v3 + with: + fetch-depth: 0 + - name: install bashbrew + env: + BASEURL: https://github.com/docker-library/bashbrew/releases/download + VERSION: v0.1.7 + SHA256: 6b71a6fccfb2025d48a2b23324836b5513c29abfd2d16a57b7a2f89bd02fe53a + run: | + mkdir ~/bin + curl -sSfL --retry 5 -o ~/bin/bashbrew \ + $BASEURL/$VERSION/bashbrew-amd64 + sha256sum --strict --check - <<<"$SHA256 *$HOME/bin/bashbrew" + chmod a+x ~/bin/bashbrew + # Add ~/bin to $PATH. + echo ~/bin >> $GITHUB_PATH + - name: check that get-images.sh is up to date + run: | + cd tests/integration + ./bootstrap-get-images.sh > get-images.sh + git diff --exit-code From 5ce511d6a65809be3fc58f8e2df585abb9c616d6 Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Fri, 27 Jan 2023 18:38:30 +0100 Subject: [PATCH 0147/1176] nsexec: Check for errors in write_log() First, check if strdup() fails and error out. While we are there, the else case was missing brackets, as we only need to check ret in the else case. Fix that too Signed-off-by: Rodrigo Campos --- libcontainer/nsenter/nsexec.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/libcontainer/nsenter/nsexec.c b/libcontainer/nsenter/nsexec.c index 9ecf791e93f..b12f2355c7a 100644 --- a/libcontainer/nsenter/nsexec.c +++ b/libcontainer/nsenter/nsexec.c @@ -168,15 +168,17 @@ static void write_log(int level, const char *format, ...) message = escape_json_string(message); - if (current_stage == STAGE_SETUP) + if (current_stage == STAGE_SETUP) { stage = strdup("nsexec"); - else + if (stage == NULL) + goto out; + } else { ret = asprintf(&stage, "nsexec-%d", current_stage); - if (ret < 0) { - stage = NULL; - goto out; + if (ret < 0) { + stage = NULL; + goto out; + } } - ret = asprintf(&json, "{\"level\":\"%s\", \"msg\": \"%s[%d]: %s\"}\n", level_str[level], stage, getpid(), message); if (ret < 0) { From 81c379fa8b67a099d895b59e62f25da210199872 Mon Sep 17 00:00:00 2001 From: wineway Date: Thu, 12 May 2022 05:43:33 +0000 Subject: [PATCH 0148/1176] support SCHED_IDLE for runc cgroupfs Signed-off-by: wineway --- contrib/completions/bash/runc | 1 + libcontainer/cgroups/fs/cpu.go | 8 +++++++ libcontainer/cgroups/fs2/cpu.go | 8 ++++++- libcontainer/configs/cgroup_linux.go | 3 +++ libcontainer/specconv/spec_linux.go | 1 + tests/integration/cgroups.bats | 12 ++++++++++ tests/integration/helpers.bash | 9 +++++++ tests/integration/update.bats | 35 ++++++++++++++++++++++++++++ update.go | 15 +++++++++++- 9 files changed, 90 insertions(+), 2 deletions(-) diff --git a/contrib/completions/bash/runc b/contrib/completions/bash/runc index 0b8bda9b652..23ff64e889d 100644 --- a/contrib/completions/bash/runc +++ b/contrib/completions/bash/runc @@ -743,6 +743,7 @@ _runc_update() { --pids-limit --l3-cache-schema --mem-bw-schema + --cpu-idle " case "$prev" in diff --git a/libcontainer/cgroups/fs/cpu.go b/libcontainer/cgroups/fs/cpu.go index 6c79f899b48..26a9d7c0f5f 100644 --- a/libcontainer/cgroups/fs/cpu.go +++ b/libcontainer/cgroups/fs/cpu.go @@ -94,6 +94,14 @@ func (s *CpuGroup) Set(path string, r *configs.Resources) error { } } } + + if r.CPUIdle != nil { + idle := strconv.FormatInt(*r.CPUIdle, 10) + if err := cgroups.WriteFile(path, "cpu.idle", idle); err != nil { + return err + } + } + return s.SetRtSched(path, r) } diff --git a/libcontainer/cgroups/fs2/cpu.go b/libcontainer/cgroups/fs2/cpu.go index bbbae4d58c4..3f8deb0adbe 100644 --- a/libcontainer/cgroups/fs2/cpu.go +++ b/libcontainer/cgroups/fs2/cpu.go @@ -11,7 +11,7 @@ import ( ) func isCpuSet(r *configs.Resources) bool { - return r.CpuWeight != 0 || r.CpuQuota != 0 || r.CpuPeriod != 0 + return r.CpuWeight != 0 || r.CpuQuota != 0 || r.CpuPeriod != 0 || r.CPUIdle != nil } func setCpu(dirPath string, r *configs.Resources) error { @@ -19,6 +19,12 @@ func setCpu(dirPath string, r *configs.Resources) error { return nil } + if r.CPUIdle != nil { + if err := cgroups.WriteFile(dirPath, "cpu.idle", strconv.FormatInt(*r.CPUIdle, 10)); err != nil { + return err + } + } + // NOTE: .CpuShares is not used here. Conversion is the caller's responsibility. if r.CpuWeight != 0 { if err := cgroups.WriteFile(dirPath, "cpu.weight", strconv.FormatUint(r.CpuWeight, 10)); err != nil { diff --git a/libcontainer/configs/cgroup_linux.go b/libcontainer/configs/cgroup_linux.go index b5a1ebb9169..1664304be21 100644 --- a/libcontainer/configs/cgroup_linux.go +++ b/libcontainer/configs/cgroup_linux.go @@ -84,6 +84,9 @@ type Resources struct { // MEM to use CpusetMems string `json:"cpuset_mems"` + // cgroup SCHED_IDLE + CPUIdle *int64 `json:"cpu_idle,omitempty"` + // Process limit; set <= `0' to disable limit. PidsLimit int64 `json:"pids_limit"` diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go index 0d53b20275f..5d57cdd02cb 100644 --- a/libcontainer/specconv/spec_linux.go +++ b/libcontainer/specconv/spec_linux.go @@ -748,6 +748,7 @@ func CreateCgroupConfig(opts *CreateOpts, defaultDevs []*devices.Device) (*confi } c.Resources.CpusetCpus = r.CPU.Cpus c.Resources.CpusetMems = r.CPU.Mems + c.Resources.CPUIdle = r.CPU.Idle } if r.Pids != nil { c.Resources.PidsLimit = r.Pids.Limit diff --git a/tests/integration/cgroups.bats b/tests/integration/cgroups.bats index ffa3fb0befe..14f26d2d5a4 100644 --- a/tests/integration/cgroups.bats +++ b/tests/integration/cgroups.bats @@ -187,6 +187,18 @@ function setup() { [[ "$weights" == *"$major:$minor 444"* ]] } +@test "runc run (cpu.idle)" { + requires cgroups_cpu_idle + [ $EUID -ne 0 ] && requires rootless_cgroup + + set_cgroups_path + update_config '.linux.resources.cpu.idle = 1' + + runc run -d --console-socket "$CONSOLE_SOCKET" test_cgroups_unified + [ "$status" -eq 0 ] + check_cgroup_value "cpu.idle" "1" +} + @test "runc run (cgroup v2 resources.unified only)" { requires root cgroups_v2 diff --git a/tests/integration/helpers.bash b/tests/integration/helpers.bash index f07996450b7..9f3890a8c3e 100644 --- a/tests/integration/helpers.bash +++ b/tests/integration/helpers.bash @@ -413,6 +413,15 @@ function requires() { skip_me=1 fi ;; + cgroups_cpu_idle) + local p + init_cgroup_paths + [ -v CGROUP_V1 ] && p="$CGROUP_CPU_BASE_PATH" + [ -v CGROUP_V2 ] && p="$CGROUP_BASE_PATH" + if [ -z "$(find "$p" -name cpu.idle -print -quit)" ]; then + skip_me=1 + fi + ;; cgroupns) if [ ! -e "/proc/self/ns/cgroup" ]; then skip_me=1 diff --git a/tests/integration/update.bats b/tests/integration/update.bats index 1407118c42b..09949a1ea99 100644 --- a/tests/integration/update.bats +++ b/tests/integration/update.bats @@ -425,6 +425,41 @@ EOF check_cpu_quota 3000 10000 "300ms" } +@test "update cgroup cpu.idle" { + requires cgroups_cpu_idle + [ $EUID -ne 0 ] && requires rootless_cgroup + + runc run -d --console-socket "$CONSOLE_SOCKET" test_update + [ "$status" -eq 0 ] + + check_cgroup_value "cpu.idle" "0" + + local val + for val in 1 0 1; do + runc update -r - test_update < Date: Thu, 2 Feb 2023 10:42:30 -0800 Subject: [PATCH 0149/1176] Disable clang-format For the sake of developers who have LSP configured to auto-format the code upon save (that would me with my new nvim setup), let's not autoformat the C code when using clangd. Initially I tried to write a set of rules for clang-format which is identical to what we use (indent with a handful of options invoked from cfmt target in Makefile), but it appears to be impossible. Signed-off-by: Kir Kolyshkin --- .clang-format | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 .clang-format diff --git a/.clang-format b/.clang-format new file mode 100644 index 00000000000..fc64cb573d3 --- /dev/null +++ b/.clang-format @@ -0,0 +1,8 @@ +--- +# We use GNU indent from the Makefile to format C code in this project. Alas, +# there is no way to map indent options to clang-format style options in a way +# to achieve identical results for both formatters. +# +# Therefore, let's disable clang-format entirely. +DisableFormat: true +... From 5ecd40b9bd52fe52a88648cebd4d57ee8a3e6f9f Mon Sep 17 00:00:00 2001 From: Austin Vazquez Date: Thu, 2 Feb 2023 19:34:13 +0000 Subject: [PATCH 0150/1176] Add Go 1.20, require Go 1.19, drop Go 1.18 Signed-off-by: Austin Vazquez --- .cirrus.yml | 2 +- .github/workflows/test.yml | 4 ++-- .github/workflows/validate.yml | 4 ++-- Dockerfile | 2 +- README.md | 2 +- go.mod | 2 +- 6 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.cirrus.yml b/.cirrus.yml index aad6ff143c4..aa0ea03b438 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -70,7 +70,7 @@ task: env: HOME: /root CIRRUS_WORKING_DIR: /home/runc - GO_VERSION: "1.18" + GO_VERSION: "1.19" BATS_VERSION: "v1.3.0" RPMS: gcc git iptables jq glibc-static libseccomp-devel make criu fuse-sshfs # yamllint disable rule:key-duplicates diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index b324282c544..73bae8009a5 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -23,13 +23,13 @@ jobs: strategy: fail-fast: false matrix: - go-version: [1.18.x, 1.19.x] + go-version: [1.19.x, 1.20.x] rootless: ["rootless", ""] race: ["-race", ""] criu: [""] include: # Also test against latest criu-dev - - go-version: 1.18.x + - go-version: 1.19.x rootless: "" race: "" criu: "criu-dev" diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index eb15b5bf897..0d2775ae536 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -8,7 +8,7 @@ on: - release-* pull_request: env: - GO_VERSION: 1.19.x + GO_VERSION: 1.20.x permissions: contents: read @@ -32,7 +32,7 @@ jobs: sudo apt -q install libseccomp-dev - uses: golangci/golangci-lint-action@v3 with: - version: v1.48 + version: v1.51 # Extra linters, only checking new code from a pull request. - name: lint-extra if: github.event_name == 'pull_request' diff --git a/Dockerfile b/Dockerfile index 1b41b7fc1ff..934883405a9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -ARG GO_VERSION=1.18 +ARG GO_VERSION=1.19 ARG BATS_VERSION=v1.3.0 ARG LIBSECCOMP_VERSION=2.5.4 diff --git a/README.md b/README.md index d0fa9e1dfb0..181f1dd2b91 100644 --- a/README.md +++ b/README.md @@ -24,7 +24,7 @@ A third party security audit was performed by Cure53, you can see the full repor ## Building -`runc` only supports Linux. It must be built with Go version 1.18 or higher. +`runc` only supports Linux. It must be built with Go version 1.19 or higher. In order to enable seccomp support you will need to install `libseccomp` on your platform. > e.g. `libseccomp-devel` for CentOS, or `libseccomp-dev` for Ubuntu diff --git a/go.mod b/go.mod index d07608a1e10..395a8b0a39e 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/opencontainers/runc -go 1.18 +go 1.19 require ( github.com/checkpoint-restore/go-criu/v6 v6.3.0 From 7e5e017dbab0f6ecb2c4b63c29c5ac44fc4e6ec6 Mon Sep 17 00:00:00 2001 From: Jaroslav Jindrak Date: Fri, 20 Jan 2023 21:41:12 +0100 Subject: [PATCH 0151/1176] libcontainer: skip chown of /dev/null caused by fd redirection In 18c4760a (libct: fixStdioPermissions: skip chown if not needed) the check whether the STDIO file descriptors point to /dev/null was removed which can cause /dev/null to change ownership e.g. when using docker exec on a running container: $ ls -l /dev/null crw-rw-rw- 1 root root 1, 3 Aug 1 14:12 /dev/null $ docker exec -u test 0ad6d3064e9d ls $ ls -l /dev/null crw-rw-rw- 1 test root 1, 3 Aug 1 14:12 /dev/null Signed-off-by: Jaroslav Jindrak --- libcontainer/init_linux.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go index 410fca7ad75..41cc9e2197c 100644 --- a/libcontainer/init_linux.go +++ b/libcontainer/init_linux.go @@ -411,8 +411,9 @@ func fixStdioPermissions(u *user.ExecUser) error { return &os.PathError{Op: "fstat", Path: file.Name(), Err: err} } - // Skip chown if uid is already the one we want. - if int(s.Uid) == u.Uid { + // Skip chown if uid is already the one we want or any of the STDIO descriptors + // were redirected to /dev/null. + if int(s.Uid) == u.Uid || s.Rdev == null.Rdev { continue } From 1bb6209aa1dac56b193d3947bc54292cbd8151cd Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 2 Feb 2023 13:07:56 -0800 Subject: [PATCH 0152/1176] tests/int: test for /dev/null owner regression Signed-off-by: Kir Kolyshkin --- tests/integration/exec.bats | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/tests/integration/exec.bats b/tests/integration/exec.bats index c6f4bfcb8a5..3bcd466297b 100644 --- a/tests/integration/exec.bats +++ b/tests/integration/exec.bats @@ -125,10 +125,25 @@ function teardown() { runc exec --user 1000:1000 test_busybox id [ "$status" -eq 0 ] - [[ "${output}" == "uid=1000 gid=1000"* ]] } +# https://github.com/opencontainers/runc/issues/3674. +@test "runc exec --user vs /dev/null ownership" { + requires root + + runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox + [ "$status" -eq 0 ] + + ls -l /dev/null + __runc exec -d --user 1000:1000 test_busybox id Date: Tue, 7 Feb 2023 04:03:31 +0000 Subject: [PATCH 0153/1176] build(deps): bump golang.org/x/sys from 0.4.0 to 0.5.0 Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.4.0 to 0.5.0. - [Release notes](https://github.com/golang/sys/releases) - [Commits](https://github.com/golang/sys/compare/v0.4.0...v0.5.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 +- vendor/golang.org/x/sys/unix/gccgo_c.c | 4 +- .../golang.org/x/sys/unix/syscall_darwin.go | 1 + .../x/sys/unix/syscall_freebsd_386.go | 9 +- .../x/sys/unix/syscall_freebsd_amd64.go | 9 +- .../x/sys/unix/syscall_freebsd_arm.go | 9 +- .../x/sys/unix/syscall_freebsd_arm64.go | 9 +- .../x/sys/unix/syscall_freebsd_riscv64.go | 9 +- vendor/golang.org/x/sys/unix/syscall_linux.go | 3 +- vendor/golang.org/x/sys/unix/syscall_unix.go | 2 +- vendor/golang.org/x/sys/unix/timestruct.go | 2 +- vendor/golang.org/x/sys/unix/xattr_bsd.go | 9 +- vendor/golang.org/x/sys/unix/zerrors_linux.go | 30 ++- .../x/sys/unix/zerrors_linux_386.go | 1 + .../x/sys/unix/zerrors_linux_amd64.go | 1 + .../x/sys/unix/zerrors_linux_arm.go | 1 + .../x/sys/unix/zerrors_linux_arm64.go | 1 + .../x/sys/unix/zerrors_linux_loong64.go | 1 + .../x/sys/unix/zerrors_linux_mips.go | 1 + .../x/sys/unix/zerrors_linux_mips64.go | 1 + .../x/sys/unix/zerrors_linux_mips64le.go | 1 + .../x/sys/unix/zerrors_linux_mipsle.go | 1 + .../x/sys/unix/zerrors_linux_ppc.go | 1 + .../x/sys/unix/zerrors_linux_ppc64.go | 1 + .../x/sys/unix/zerrors_linux_ppc64le.go | 1 + .../x/sys/unix/zerrors_linux_riscv64.go | 1 + .../x/sys/unix/zerrors_linux_s390x.go | 1 + .../x/sys/unix/zerrors_linux_sparc64.go | 1 + .../golang.org/x/sys/unix/zsyscall_linux.go | 11 + vendor/golang.org/x/sys/unix/ztypes_linux.go | 217 +++++++++++++++--- .../x/sys/windows/syscall_windows.go | 14 +- vendor/modules.txt | 2 +- 33 files changed, 285 insertions(+), 76 deletions(-) diff --git a/go.mod b/go.mod index d07608a1e10..85afd336478 100644 --- a/go.mod +++ b/go.mod @@ -20,7 +20,7 @@ require ( github.com/urfave/cli v1.22.9 github.com/vishvananda/netlink v1.1.0 golang.org/x/net v0.5.0 - golang.org/x/sys v0.4.0 + golang.org/x/sys v0.5.0 google.golang.org/protobuf v1.28.1 ) diff --git a/go.sum b/go.sum index 11c74661403..4db61fee651 100644 --- a/go.sum +++ b/go.sum @@ -65,8 +65,8 @@ golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.4.0 h1:Zr2JFtRQNX3BCZ8YtxRE9hNJYC8J6I1MVbMg6owUp18= -golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU= +golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w= diff --git a/vendor/golang.org/x/sys/unix/gccgo_c.c b/vendor/golang.org/x/sys/unix/gccgo_c.c index c4fce0e7003..f98a1c542f0 100644 --- a/vendor/golang.org/x/sys/unix/gccgo_c.c +++ b/vendor/golang.org/x/sys/unix/gccgo_c.c @@ -2,8 +2,8 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -// +build gccgo,!hurd -// +build !aix,!hurd +//go:build gccgo && !aix && !hurd +// +build gccgo,!aix,!hurd #include #include diff --git a/vendor/golang.org/x/sys/unix/syscall_darwin.go b/vendor/golang.org/x/sys/unix/syscall_darwin.go index 1f63382182f..192b071b3d0 100644 --- a/vendor/golang.org/x/sys/unix/syscall_darwin.go +++ b/vendor/golang.org/x/sys/unix/syscall_darwin.go @@ -230,6 +230,7 @@ func direntNamlen(buf []byte) (uint64, bool) { func PtraceAttach(pid int) (err error) { return ptrace(PT_ATTACH, pid, 0, 0) } func PtraceDetach(pid int) (err error) { return ptrace(PT_DETACH, pid, 0, 0) } +func PtraceDenyAttach() (err error) { return ptrace(PT_DENY_ATTACH, 0, 0, 0) } //sysnb pipe(p *[2]int32) (err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go index b11ede89a96..6a91d471d09 100644 --- a/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go +++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go @@ -60,8 +60,13 @@ func PtraceGetFsBase(pid int, fsbase *int64) (err error) { return ptrace(PT_GETFSBASE, pid, uintptr(unsafe.Pointer(fsbase)), 0) } -func PtraceIO(req int, pid int, addr uintptr, out []byte, countin int) (count int, err error) { - ioDesc := PtraceIoDesc{Op: int32(req), Offs: uintptr(unsafe.Pointer(addr)), Addr: uintptr(unsafe.Pointer(&out[0])), Len: uint32(countin)} +func PtraceIO(req int, pid int, offs uintptr, out []byte, countin int) (count int, err error) { + ioDesc := PtraceIoDesc{ + Op: int32(req), + Offs: offs, + Addr: uintptr(unsafe.Pointer(&out[0])), // TODO(#58351): this is not safe. + Len: uint32(countin), + } err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0) return int(ioDesc.Len), err } diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go index 9ed8eec6c28..48110a0abb9 100644 --- a/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go +++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go @@ -60,8 +60,13 @@ func PtraceGetFsBase(pid int, fsbase *int64) (err error) { return ptrace(PT_GETFSBASE, pid, uintptr(unsafe.Pointer(fsbase)), 0) } -func PtraceIO(req int, pid int, addr uintptr, out []byte, countin int) (count int, err error) { - ioDesc := PtraceIoDesc{Op: int32(req), Offs: uintptr(unsafe.Pointer(addr)), Addr: uintptr(unsafe.Pointer(&out[0])), Len: uint64(countin)} +func PtraceIO(req int, pid int, offs uintptr, out []byte, countin int) (count int, err error) { + ioDesc := PtraceIoDesc{ + Op: int32(req), + Offs: offs, + Addr: uintptr(unsafe.Pointer(&out[0])), // TODO(#58351): this is not safe. + Len: uint64(countin), + } err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0) return int(ioDesc.Len), err } diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go index f8ac9824790..52f1d4b75a3 100644 --- a/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go +++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go @@ -56,8 +56,13 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno) -func PtraceIO(req int, pid int, addr uintptr, out []byte, countin int) (count int, err error) { - ioDesc := PtraceIoDesc{Op: int32(req), Offs: uintptr(unsafe.Pointer(addr)), Addr: uintptr(unsafe.Pointer(&out[0])), Len: uint32(countin)} +func PtraceIO(req int, pid int, offs uintptr, out []byte, countin int) (count int, err error) { + ioDesc := PtraceIoDesc{ + Op: int32(req), + Offs: offs, + Addr: uintptr(unsafe.Pointer(&out[0])), // TODO(#58351): this is not safe. + Len: uint32(countin), + } err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0) return int(ioDesc.Len), err } diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go index 8e932036ec3..5537ee4f2ed 100644 --- a/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go +++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go @@ -56,8 +56,13 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno) -func PtraceIO(req int, pid int, addr uintptr, out []byte, countin int) (count int, err error) { - ioDesc := PtraceIoDesc{Op: int32(req), Offs: uintptr(unsafe.Pointer(addr)), Addr: uintptr(unsafe.Pointer(&out[0])), Len: uint64(countin)} +func PtraceIO(req int, pid int, offs uintptr, out []byte, countin int) (count int, err error) { + ioDesc := PtraceIoDesc{ + Op: int32(req), + Offs: offs, + Addr: uintptr(unsafe.Pointer(&out[0])), // TODO(#58351): this is not safe. + Len: uint64(countin), + } err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0) return int(ioDesc.Len), err } diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go index cbe12227896..164abd5d215 100644 --- a/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go +++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go @@ -56,8 +56,13 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno) -func PtraceIO(req int, pid int, addr uintptr, out []byte, countin int) (count int, err error) { - ioDesc := PtraceIoDesc{Op: int32(req), Offs: uintptr(unsafe.Pointer(addr)), Addr: uintptr(unsafe.Pointer(&out[0])), Len: uint64(countin)} +func PtraceIO(req int, pid int, offs uintptr, out []byte, countin int) (count int, err error) { + ioDesc := PtraceIoDesc{ + Op: int32(req), + Offs: offs, + Addr: uintptr(unsafe.Pointer(&out[0])), // TODO(#58351): this is not safe. + Len: uint64(countin), + } err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0) return int(ioDesc.Len), err } diff --git a/vendor/golang.org/x/sys/unix/syscall_linux.go b/vendor/golang.org/x/sys/unix/syscall_linux.go index d839962e663..5443dddd48d 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux.go @@ -1800,6 +1800,7 @@ func Sendfile(outfd int, infd int, offset *int64, count int) (written int, err e //sysnb Capset(hdr *CapUserHeader, data *CapUserData) (err error) //sys Chdir(path string) (err error) //sys Chroot(path string) (err error) +//sys ClockAdjtime(clockid int32, buf *Timex) (state int, err error) //sys ClockGetres(clockid int32, res *Timespec) (err error) //sys ClockGettime(clockid int32, time *Timespec) (err error) //sys ClockNanosleep(clockid int32, flags int, request *Timespec, remain *Timespec) (err error) @@ -1999,7 +2000,7 @@ func appendBytes(vecs []Iovec, bs [][]byte) []Iovec { // offs2lohi splits offs into its low and high order bits. func offs2lohi(offs int64) (lo, hi uintptr) { const longBits = SizeofLong * 8 - return uintptr(offs), uintptr(uint64(offs) >> longBits) + return uintptr(offs), uintptr(uint64(offs) >> (longBits - 1) >> 1) // two shifts to avoid false positive in vet } func Readv(fd int, iovs [][]byte) (n int, err error) { diff --git a/vendor/golang.org/x/sys/unix/syscall_unix.go b/vendor/golang.org/x/sys/unix/syscall_unix.go index a386f8897df..00f0aa37588 100644 --- a/vendor/golang.org/x/sys/unix/syscall_unix.go +++ b/vendor/golang.org/x/sys/unix/syscall_unix.go @@ -578,7 +578,7 @@ func Lutimes(path string, tv []Timeval) error { return UtimesNanoAt(AT_FDCWD, path, ts, AT_SYMLINK_NOFOLLOW) } -// emptyIovec reports whether there are no bytes in the slice of Iovec. +// emptyIovecs reports whether there are no bytes in the slice of Iovec. func emptyIovecs(iov []Iovec) bool { for i := range iov { if iov[i].Len > 0 { diff --git a/vendor/golang.org/x/sys/unix/timestruct.go b/vendor/golang.org/x/sys/unix/timestruct.go index 3d893040553..616b1b28485 100644 --- a/vendor/golang.org/x/sys/unix/timestruct.go +++ b/vendor/golang.org/x/sys/unix/timestruct.go @@ -9,7 +9,7 @@ package unix import "time" -// TimespecToNSec returns the time stored in ts as nanoseconds. +// TimespecToNsec returns the time stored in ts as nanoseconds. func TimespecToNsec(ts Timespec) int64 { return ts.Nano() } // NsecToTimespec converts a number of nanoseconds into a Timespec. diff --git a/vendor/golang.org/x/sys/unix/xattr_bsd.go b/vendor/golang.org/x/sys/unix/xattr_bsd.go index 663b3779de2..f5f8e9f3665 100644 --- a/vendor/golang.org/x/sys/unix/xattr_bsd.go +++ b/vendor/golang.org/x/sys/unix/xattr_bsd.go @@ -36,9 +36,14 @@ func xattrnamespace(fullattr string) (ns int, attr string, err error) { func initxattrdest(dest []byte, idx int) (d unsafe.Pointer) { if len(dest) > idx { return unsafe.Pointer(&dest[idx]) - } else { - return unsafe.Pointer(_zero) } + if dest != nil { + // extattr_get_file and extattr_list_file treat NULL differently from + // a non-NULL pointer of length zero. Preserve the property of nilness, + // even if we can't use dest directly. + return unsafe.Pointer(&_zero) + } + return nil } // FreeBSD and NetBSD implement their own syscalls to handle extended attributes diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux.go b/vendor/golang.org/x/sys/unix/zerrors_linux.go index 785d693eb32..e174685adbd 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux.go @@ -457,7 +457,6 @@ const ( B600 = 0x8 B75 = 0x2 B9600 = 0xd - BALLOON_KVM_MAGIC = 0x13661366 BDEVFS_MAGIC = 0x62646576 BINDERFS_SUPER_MAGIC = 0x6c6f6f70 BINFMTFS_MAGIC = 0x42494e4d @@ -563,6 +562,7 @@ const ( BUS_USB = 0x3 BUS_VIRTUAL = 0x6 CAN_BCM = 0x2 + CAN_BUS_OFF_THRESHOLD = 0x100 CAN_CTRLMODE_3_SAMPLES = 0x4 CAN_CTRLMODE_BERR_REPORTING = 0x10 CAN_CTRLMODE_CC_LEN8_DLC = 0x100 @@ -577,9 +577,12 @@ const ( CAN_EFF_FLAG = 0x80000000 CAN_EFF_ID_BITS = 0x1d CAN_EFF_MASK = 0x1fffffff + CAN_ERROR_PASSIVE_THRESHOLD = 0x80 + CAN_ERROR_WARNING_THRESHOLD = 0x60 CAN_ERR_ACK = 0x20 CAN_ERR_BUSERROR = 0x80 CAN_ERR_BUSOFF = 0x40 + CAN_ERR_CNT = 0x200 CAN_ERR_CRTL = 0x4 CAN_ERR_CRTL_ACTIVE = 0x40 CAN_ERR_CRTL_RX_OVERFLOW = 0x1 @@ -820,9 +823,9 @@ const ( DM_UUID_FLAG = 0x4000 DM_UUID_LEN = 0x81 DM_VERSION = 0xc138fd00 - DM_VERSION_EXTRA = "-ioctl (2022-02-22)" + DM_VERSION_EXTRA = "-ioctl (2022-07-28)" DM_VERSION_MAJOR = 0x4 - DM_VERSION_MINOR = 0x2e + DM_VERSION_MINOR = 0x2f DM_VERSION_PATCHLEVEL = 0x0 DT_BLK = 0x6 DT_CHR = 0x2 @@ -1049,6 +1052,7 @@ const ( ETH_P_CAIF = 0xf7 ETH_P_CAN = 0xc ETH_P_CANFD = 0xd + ETH_P_CANXL = 0xe ETH_P_CFM = 0x8902 ETH_P_CONTROL = 0x16 ETH_P_CUST = 0x6006 @@ -1060,6 +1064,7 @@ const ( ETH_P_DNA_RT = 0x6003 ETH_P_DSA = 0x1b ETH_P_DSA_8021Q = 0xdadb + ETH_P_DSA_A5PSW = 0xe001 ETH_P_ECONET = 0x18 ETH_P_EDSA = 0xdada ETH_P_ERSPAN = 0x88be @@ -1194,8 +1199,10 @@ const ( FAN_MARK_EVICTABLE = 0x200 FAN_MARK_FILESYSTEM = 0x100 FAN_MARK_FLUSH = 0x80 + FAN_MARK_IGNORE = 0x400 FAN_MARK_IGNORED_MASK = 0x20 FAN_MARK_IGNORED_SURV_MODIFY = 0x40 + FAN_MARK_IGNORE_SURV = 0x440 FAN_MARK_INODE = 0x0 FAN_MARK_MOUNT = 0x10 FAN_MARK_ONLYDIR = 0x8 @@ -1253,6 +1260,7 @@ const ( FSCRYPT_MODE_AES_128_CBC = 0x5 FSCRYPT_MODE_AES_128_CTS = 0x6 FSCRYPT_MODE_AES_256_CTS = 0x4 + FSCRYPT_MODE_AES_256_HCTR2 = 0xa FSCRYPT_MODE_AES_256_XTS = 0x1 FSCRYPT_POLICY_FLAGS_PAD_16 = 0x2 FSCRYPT_POLICY_FLAGS_PAD_32 = 0x3 @@ -1430,6 +1438,7 @@ const ( IFF_NOARP = 0x80 IFF_NOFILTER = 0x1000 IFF_NOTRAILERS = 0x20 + IFF_NO_CARRIER = 0x40 IFF_NO_PI = 0x1000 IFF_ONE_QUEUE = 0x2000 IFF_PERSIST = 0x800 @@ -1805,6 +1814,7 @@ const ( MADV_DONTDUMP = 0x10 MADV_DONTFORK = 0xa MADV_DONTNEED = 0x4 + MADV_DONTNEED_LOCKED = 0x18 MADV_FREE = 0x8 MADV_HUGEPAGE = 0xe MADV_HWPOISON = 0x64 @@ -1846,7 +1856,7 @@ const ( MFD_ALLOW_SEALING = 0x2 MFD_CLOEXEC = 0x1 MFD_HUGETLB = 0x4 - MFD_HUGE_16GB = -0x78000000 + MFD_HUGE_16GB = 0x88000000 MFD_HUGE_16MB = 0x60000000 MFD_HUGE_1GB = 0x78000000 MFD_HUGE_1MB = 0x50000000 @@ -2212,6 +2222,11 @@ const ( PERF_AUX_FLAG_PARTIAL = 0x4 PERF_AUX_FLAG_PMU_FORMAT_TYPE_MASK = 0xff00 PERF_AUX_FLAG_TRUNCATED = 0x1 + PERF_BR_ARM64_DEBUG_DATA = 0x7 + PERF_BR_ARM64_DEBUG_EXIT = 0x5 + PERF_BR_ARM64_DEBUG_HALT = 0x4 + PERF_BR_ARM64_DEBUG_INST = 0x6 + PERF_BR_ARM64_FIQ = 0x3 PERF_FLAG_FD_CLOEXEC = 0x8 PERF_FLAG_FD_NO_GROUP = 0x1 PERF_FLAG_FD_OUTPUT = 0x2 @@ -2232,6 +2247,8 @@ const ( PERF_MEM_LOCK_NA = 0x1 PERF_MEM_LOCK_SHIFT = 0x18 PERF_MEM_LVLNUM_ANY_CACHE = 0xb + PERF_MEM_LVLNUM_CXL = 0x9 + PERF_MEM_LVLNUM_IO = 0xa PERF_MEM_LVLNUM_L1 = 0x1 PERF_MEM_LVLNUM_L2 = 0x2 PERF_MEM_LVLNUM_L3 = 0x3 @@ -2265,6 +2282,7 @@ const ( PERF_MEM_REMOTE_REMOTE = 0x1 PERF_MEM_REMOTE_SHIFT = 0x25 PERF_MEM_SNOOPX_FWD = 0x1 + PERF_MEM_SNOOPX_PEER = 0x2 PERF_MEM_SNOOPX_SHIFT = 0x26 PERF_MEM_SNOOP_HIT = 0x4 PERF_MEM_SNOOP_HITM = 0x10 @@ -2301,7 +2319,6 @@ const ( PERF_SAMPLE_BRANCH_PLM_ALL = 0x7 PERF_SAMPLE_WEIGHT_TYPE = 0x1004000 PIPEFS_MAGIC = 0x50495045 - PPC_CMM_MAGIC = 0xc7571590 PPPIOCGNPMODE = 0xc008744c PPPIOCNEWUNIT = 0xc004743e PRIO_PGRP = 0x1 @@ -2999,6 +3016,7 @@ const ( STATX_BLOCKS = 0x400 STATX_BTIME = 0x800 STATX_CTIME = 0x80 + STATX_DIOALIGN = 0x2000 STATX_GID = 0x10 STATX_INO = 0x100 STATX_MNT_ID = 0x1000 @@ -3392,9 +3410,7 @@ const ( XDP_ZEROCOPY = 0x4 XENFS_SUPER_MAGIC = 0xabba1974 XFS_SUPER_MAGIC = 0x58465342 - Z3FOLD_MAGIC = 0x33 ZONEFS_MAGIC = 0x5a4f4653 - ZSMALLOC_MAGIC = 0x58295829 _HIDIOCGRAWNAME_LEN = 0x80 _HIDIOCGRAWPHYS_LEN = 0x40 _HIDIOCGRAWUNIQ_LEN = 0x40 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go index 36c0dfc7c4c..a46df0f1e57 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go @@ -133,6 +133,7 @@ const ( MEMGETREGIONCOUNT = 0x80044d07 MEMISLOCKED = 0x80084d17 MEMLOCK = 0x40084d05 + MEMREAD = 0xc03c4d1a MEMREADOOB = 0xc00c4d04 MEMSETBADBLOCK = 0x40084d0c MEMUNLOCK = 0x40084d06 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go index 4ff942703b7..6cd4a3ea9d3 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go @@ -133,6 +133,7 @@ const ( MEMGETREGIONCOUNT = 0x80044d07 MEMISLOCKED = 0x80084d17 MEMLOCK = 0x40084d05 + MEMREAD = 0xc0404d1a MEMREADOOB = 0xc0104d04 MEMSETBADBLOCK = 0x40084d0c MEMUNLOCK = 0x40084d06 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go index 3eaa0fb78e3..c7ebee24df3 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go @@ -131,6 +131,7 @@ const ( MEMGETREGIONCOUNT = 0x80044d07 MEMISLOCKED = 0x80084d17 MEMLOCK = 0x40084d05 + MEMREAD = 0xc0404d1a MEMREADOOB = 0xc00c4d04 MEMSETBADBLOCK = 0x40084d0c MEMUNLOCK = 0x40084d06 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go index d7995bdc3a2..9d5352c3e45 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go @@ -134,6 +134,7 @@ const ( MEMGETREGIONCOUNT = 0x80044d07 MEMISLOCKED = 0x80084d17 MEMLOCK = 0x40084d05 + MEMREAD = 0xc0404d1a MEMREADOOB = 0xc0104d04 MEMSETBADBLOCK = 0x40084d0c MEMUNLOCK = 0x40084d06 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go index 928e24c2053..f26a164f4aa 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go @@ -132,6 +132,7 @@ const ( MEMGETREGIONCOUNT = 0x80044d07 MEMISLOCKED = 0x80084d17 MEMLOCK = 0x40084d05 + MEMREAD = 0xc0404d1a MEMREADOOB = 0xc0104d04 MEMSETBADBLOCK = 0x40084d0c MEMUNLOCK = 0x40084d06 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go index 179bffb474b..890bc3c9b70 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go @@ -131,6 +131,7 @@ const ( MEMGETREGIONCOUNT = 0x40044d07 MEMISLOCKED = 0x40084d17 MEMLOCK = 0x80084d05 + MEMREAD = 0xc0404d1a MEMREADOOB = 0xc00c4d04 MEMSETBADBLOCK = 0x80084d0c MEMUNLOCK = 0x80084d06 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go index 1fba17bd75c..549f26ac646 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go @@ -131,6 +131,7 @@ const ( MEMGETREGIONCOUNT = 0x40044d07 MEMISLOCKED = 0x40084d17 MEMLOCK = 0x80084d05 + MEMREAD = 0xc0404d1a MEMREADOOB = 0xc0104d04 MEMSETBADBLOCK = 0x80084d0c MEMUNLOCK = 0x80084d06 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go index b77dde31537..e0365e32c17 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go @@ -131,6 +131,7 @@ const ( MEMGETREGIONCOUNT = 0x40044d07 MEMISLOCKED = 0x40084d17 MEMLOCK = 0x80084d05 + MEMREAD = 0xc0404d1a MEMREADOOB = 0xc0104d04 MEMSETBADBLOCK = 0x80084d0c MEMUNLOCK = 0x80084d06 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go index 78c6c751bfa..fdccce15ca2 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go @@ -131,6 +131,7 @@ const ( MEMGETREGIONCOUNT = 0x40044d07 MEMISLOCKED = 0x40084d17 MEMLOCK = 0x80084d05 + MEMREAD = 0xc0404d1a MEMREADOOB = 0xc00c4d04 MEMSETBADBLOCK = 0x80084d0c MEMUNLOCK = 0x80084d06 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go index 1c0d31f0b4c..b2205c83faa 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go @@ -131,6 +131,7 @@ const ( MEMGETREGIONCOUNT = 0x40044d07 MEMISLOCKED = 0x40084d17 MEMLOCK = 0x80084d05 + MEMREAD = 0xc0404d1a MEMREADOOB = 0xc00c4d04 MEMSETBADBLOCK = 0x80084d0c MEMUNLOCK = 0x80084d06 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go index 959dd9bb8fc..81aa5ad0f69 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go @@ -131,6 +131,7 @@ const ( MEMGETREGIONCOUNT = 0x40044d07 MEMISLOCKED = 0x40084d17 MEMLOCK = 0x80084d05 + MEMREAD = 0xc0404d1a MEMREADOOB = 0xc0104d04 MEMSETBADBLOCK = 0x80084d0c MEMUNLOCK = 0x80084d06 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go index 5a873cdbc9d..76807a1fd4f 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go @@ -131,6 +131,7 @@ const ( MEMGETREGIONCOUNT = 0x40044d07 MEMISLOCKED = 0x40084d17 MEMLOCK = 0x80084d05 + MEMREAD = 0xc0404d1a MEMREADOOB = 0xc0104d04 MEMSETBADBLOCK = 0x80084d0c MEMUNLOCK = 0x80084d06 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go index e336d141e1f..d4a5ab9e4e0 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go @@ -131,6 +131,7 @@ const ( MEMGETREGIONCOUNT = 0x80044d07 MEMISLOCKED = 0x80084d17 MEMLOCK = 0x40084d05 + MEMREAD = 0xc0404d1a MEMREADOOB = 0xc0104d04 MEMSETBADBLOCK = 0x40084d0c MEMUNLOCK = 0x40084d06 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go index 390c01d92a5..66e65db9519 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go @@ -131,6 +131,7 @@ const ( MEMGETREGIONCOUNT = 0x80044d07 MEMISLOCKED = 0x80084d17 MEMLOCK = 0x40084d05 + MEMREAD = 0xc0404d1a MEMREADOOB = 0xc0104d04 MEMSETBADBLOCK = 0x40084d0c MEMUNLOCK = 0x40084d06 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go index 98a6e5f11f5..f619252691e 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go @@ -136,6 +136,7 @@ const ( MEMGETREGIONCOUNT = 0x40044d07 MEMISLOCKED = 0x40084d17 MEMLOCK = 0x80084d05 + MEMREAD = 0xc0404d1a MEMREADOOB = 0xc0104d04 MEMSETBADBLOCK = 0x80084d0c MEMUNLOCK = 0x80084d06 diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux.go b/vendor/golang.org/x/sys/unix/zsyscall_linux.go index 293cf36804e..36ea3a55b72 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux.go @@ -537,6 +537,17 @@ func Chroot(path string) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ClockAdjtime(clockid int32, buf *Timex) (state int, err error) { + r0, _, e1 := Syscall(SYS_CLOCK_ADJTIME, uintptr(clockid), uintptr(unsafe.Pointer(buf)), 0) + state = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func ClockGetres(clockid int32, res *Timespec) (err error) { _, _, e1 := Syscall(SYS_CLOCK_GETRES, uintptr(clockid), uintptr(unsafe.Pointer(res)), 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux.go b/vendor/golang.org/x/sys/unix/ztypes_linux.go index ff6881167d9..7d9fc8f1c91 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux.go @@ -29,6 +29,41 @@ type Itimerval struct { Value Timeval } +const ( + ADJ_OFFSET = 0x1 + ADJ_FREQUENCY = 0x2 + ADJ_MAXERROR = 0x4 + ADJ_ESTERROR = 0x8 + ADJ_STATUS = 0x10 + ADJ_TIMECONST = 0x20 + ADJ_TAI = 0x80 + ADJ_SETOFFSET = 0x100 + ADJ_MICRO = 0x1000 + ADJ_NANO = 0x2000 + ADJ_TICK = 0x4000 + ADJ_OFFSET_SINGLESHOT = 0x8001 + ADJ_OFFSET_SS_READ = 0xa001 +) + +const ( + STA_PLL = 0x1 + STA_PPSFREQ = 0x2 + STA_PPSTIME = 0x4 + STA_FLL = 0x8 + STA_INS = 0x10 + STA_DEL = 0x20 + STA_UNSYNC = 0x40 + STA_FREQHOLD = 0x80 + STA_PPSSIGNAL = 0x100 + STA_PPSJITTER = 0x200 + STA_PPSWANDER = 0x400 + STA_PPSERROR = 0x800 + STA_CLOCKERR = 0x1000 + STA_NANO = 0x2000 + STA_MODE = 0x4000 + STA_CLK = 0x8000 +) + const ( TIME_OK = 0x0 TIME_INS = 0x1 @@ -53,29 +88,30 @@ type StatxTimestamp struct { } type Statx_t struct { - Mask uint32 - Blksize uint32 - Attributes uint64 - Nlink uint32 - Uid uint32 - Gid uint32 - Mode uint16 - _ [1]uint16 - Ino uint64 - Size uint64 - Blocks uint64 - Attributes_mask uint64 - Atime StatxTimestamp - Btime StatxTimestamp - Ctime StatxTimestamp - Mtime StatxTimestamp - Rdev_major uint32 - Rdev_minor uint32 - Dev_major uint32 - Dev_minor uint32 - Mnt_id uint64 - _ uint64 - _ [12]uint64 + Mask uint32 + Blksize uint32 + Attributes uint64 + Nlink uint32 + Uid uint32 + Gid uint32 + Mode uint16 + _ [1]uint16 + Ino uint64 + Size uint64 + Blocks uint64 + Attributes_mask uint64 + Atime StatxTimestamp + Btime StatxTimestamp + Ctime StatxTimestamp + Mtime StatxTimestamp + Rdev_major uint32 + Rdev_minor uint32 + Dev_major uint32 + Dev_minor uint32 + Mnt_id uint64 + Dio_mem_align uint32 + Dio_offset_align uint32 + _ [12]uint64 } type Fsid struct { @@ -1099,7 +1135,8 @@ const ( PERF_SAMPLE_BRANCH_NO_CYCLES_SHIFT = 0xf PERF_SAMPLE_BRANCH_TYPE_SAVE_SHIFT = 0x10 PERF_SAMPLE_BRANCH_HW_INDEX_SHIFT = 0x11 - PERF_SAMPLE_BRANCH_MAX_SHIFT = 0x12 + PERF_SAMPLE_BRANCH_PRIV_SAVE_SHIFT = 0x12 + PERF_SAMPLE_BRANCH_MAX_SHIFT = 0x13 PERF_SAMPLE_BRANCH_USER = 0x1 PERF_SAMPLE_BRANCH_KERNEL = 0x2 PERF_SAMPLE_BRANCH_HV = 0x4 @@ -1118,7 +1155,8 @@ const ( PERF_SAMPLE_BRANCH_NO_CYCLES = 0x8000 PERF_SAMPLE_BRANCH_TYPE_SAVE = 0x10000 PERF_SAMPLE_BRANCH_HW_INDEX = 0x20000 - PERF_SAMPLE_BRANCH_MAX = 0x40000 + PERF_SAMPLE_BRANCH_PRIV_SAVE = 0x40000 + PERF_SAMPLE_BRANCH_MAX = 0x80000 PERF_BR_UNKNOWN = 0x0 PERF_BR_COND = 0x1 PERF_BR_UNCOND = 0x2 @@ -1132,7 +1170,10 @@ const ( PERF_BR_COND_RET = 0xa PERF_BR_ERET = 0xb PERF_BR_IRQ = 0xc - PERF_BR_MAX = 0xd + PERF_BR_SERROR = 0xd + PERF_BR_NO_TX = 0xe + PERF_BR_EXTEND_ABI = 0xf + PERF_BR_MAX = 0x10 PERF_SAMPLE_REGS_ABI_NONE = 0x0 PERF_SAMPLE_REGS_ABI_32 = 0x1 PERF_SAMPLE_REGS_ABI_64 = 0x2 @@ -1151,7 +1192,8 @@ const ( PERF_FORMAT_TOTAL_TIME_RUNNING = 0x2 PERF_FORMAT_ID = 0x4 PERF_FORMAT_GROUP = 0x8 - PERF_FORMAT_MAX = 0x10 + PERF_FORMAT_LOST = 0x10 + PERF_FORMAT_MAX = 0x20 PERF_IOC_FLAG_GROUP = 0x1 PERF_RECORD_MMAP = 0x1 PERF_RECORD_LOST = 0x2 @@ -2979,7 +3021,16 @@ const ( DEVLINK_CMD_TRAP_POLICER_NEW = 0x47 DEVLINK_CMD_TRAP_POLICER_DEL = 0x48 DEVLINK_CMD_HEALTH_REPORTER_TEST = 0x49 - DEVLINK_CMD_MAX = 0x51 + DEVLINK_CMD_RATE_GET = 0x4a + DEVLINK_CMD_RATE_SET = 0x4b + DEVLINK_CMD_RATE_NEW = 0x4c + DEVLINK_CMD_RATE_DEL = 0x4d + DEVLINK_CMD_LINECARD_GET = 0x4e + DEVLINK_CMD_LINECARD_SET = 0x4f + DEVLINK_CMD_LINECARD_NEW = 0x50 + DEVLINK_CMD_LINECARD_DEL = 0x51 + DEVLINK_CMD_SELFTESTS_GET = 0x52 + DEVLINK_CMD_MAX = 0x53 DEVLINK_PORT_TYPE_NOTSET = 0x0 DEVLINK_PORT_TYPE_AUTO = 0x1 DEVLINK_PORT_TYPE_ETH = 0x2 @@ -3208,7 +3259,13 @@ const ( DEVLINK_ATTR_RATE_NODE_NAME = 0xa8 DEVLINK_ATTR_RATE_PARENT_NODE_NAME = 0xa9 DEVLINK_ATTR_REGION_MAX_SNAPSHOTS = 0xaa - DEVLINK_ATTR_MAX = 0xae + DEVLINK_ATTR_LINECARD_INDEX = 0xab + DEVLINK_ATTR_LINECARD_STATE = 0xac + DEVLINK_ATTR_LINECARD_TYPE = 0xad + DEVLINK_ATTR_LINECARD_SUPPORTED_TYPES = 0xae + DEVLINK_ATTR_NESTED_DEVLINK = 0xaf + DEVLINK_ATTR_SELFTESTS = 0xb0 + DEVLINK_ATTR_MAX = 0xb0 DEVLINK_DPIPE_FIELD_MAPPING_TYPE_NONE = 0x0 DEVLINK_DPIPE_FIELD_MAPPING_TYPE_IFINDEX = 0x1 DEVLINK_DPIPE_MATCH_TYPE_FIELD_EXACT = 0x0 @@ -3317,7 +3374,8 @@ const ( LWTUNNEL_ENCAP_SEG6_LOCAL = 0x7 LWTUNNEL_ENCAP_RPL = 0x8 LWTUNNEL_ENCAP_IOAM6 = 0x9 - LWTUNNEL_ENCAP_MAX = 0x9 + LWTUNNEL_ENCAP_XFRM = 0xa + LWTUNNEL_ENCAP_MAX = 0xa MPLS_IPTUNNEL_UNSPEC = 0x0 MPLS_IPTUNNEL_DST = 0x1 @@ -3512,7 +3570,9 @@ const ( ETHTOOL_MSG_PHC_VCLOCKS_GET = 0x21 ETHTOOL_MSG_MODULE_GET = 0x22 ETHTOOL_MSG_MODULE_SET = 0x23 - ETHTOOL_MSG_USER_MAX = 0x23 + ETHTOOL_MSG_PSE_GET = 0x24 + ETHTOOL_MSG_PSE_SET = 0x25 + ETHTOOL_MSG_USER_MAX = 0x25 ETHTOOL_MSG_KERNEL_NONE = 0x0 ETHTOOL_MSG_STRSET_GET_REPLY = 0x1 ETHTOOL_MSG_LINKINFO_GET_REPLY = 0x2 @@ -3550,7 +3610,8 @@ const ( ETHTOOL_MSG_PHC_VCLOCKS_GET_REPLY = 0x22 ETHTOOL_MSG_MODULE_GET_REPLY = 0x23 ETHTOOL_MSG_MODULE_NTF = 0x24 - ETHTOOL_MSG_KERNEL_MAX = 0x24 + ETHTOOL_MSG_PSE_GET_REPLY = 0x25 + ETHTOOL_MSG_KERNEL_MAX = 0x25 ETHTOOL_A_HEADER_UNSPEC = 0x0 ETHTOOL_A_HEADER_DEV_INDEX = 0x1 ETHTOOL_A_HEADER_DEV_NAME = 0x2 @@ -3609,7 +3670,8 @@ const ( ETHTOOL_A_LINKMODES_MASTER_SLAVE_CFG = 0x7 ETHTOOL_A_LINKMODES_MASTER_SLAVE_STATE = 0x8 ETHTOOL_A_LINKMODES_LANES = 0x9 - ETHTOOL_A_LINKMODES_MAX = 0x9 + ETHTOOL_A_LINKMODES_RATE_MATCHING = 0xa + ETHTOOL_A_LINKMODES_MAX = 0xa ETHTOOL_A_LINKSTATE_UNSPEC = 0x0 ETHTOOL_A_LINKSTATE_HEADER = 0x1 ETHTOOL_A_LINKSTATE_LINK = 0x2 @@ -4201,6 +4263,9 @@ const ( NL80211_ACL_POLICY_DENY_UNLESS_LISTED = 0x1 NL80211_AC_VI = 0x1 NL80211_AC_VO = 0x0 + NL80211_AP_SETTINGS_EXTERNAL_AUTH_SUPPORT = 0x1 + NL80211_AP_SETTINGS_SA_QUERY_OFFLOAD_SUPPORT = 0x2 + NL80211_AP_SME_SA_QUERY_OFFLOAD = 0x1 NL80211_ATTR_4ADDR = 0x53 NL80211_ATTR_ACK = 0x5c NL80211_ATTR_ACK_SIGNAL = 0x107 @@ -4209,6 +4274,7 @@ const ( NL80211_ATTR_AIRTIME_WEIGHT = 0x112 NL80211_ATTR_AKM_SUITES = 0x4c NL80211_ATTR_AP_ISOLATE = 0x60 + NL80211_ATTR_AP_SETTINGS_FLAGS = 0x135 NL80211_ATTR_AUTH_DATA = 0x9c NL80211_ATTR_AUTH_TYPE = 0x35 NL80211_ATTR_BANDS = 0xef @@ -4240,6 +4306,9 @@ const ( NL80211_ATTR_COALESCE_RULE_DELAY = 0x1 NL80211_ATTR_COALESCE_RULE_MAX = 0x3 NL80211_ATTR_COALESCE_RULE_PKT_PATTERN = 0x3 + NL80211_ATTR_COLOR_CHANGE_COLOR = 0x130 + NL80211_ATTR_COLOR_CHANGE_COUNT = 0x12f + NL80211_ATTR_COLOR_CHANGE_ELEMS = 0x131 NL80211_ATTR_CONN_FAILED_REASON = 0x9b NL80211_ATTR_CONTROL_PORT = 0x44 NL80211_ATTR_CONTROL_PORT_ETHERTYPE = 0x66 @@ -4266,6 +4335,7 @@ const ( NL80211_ATTR_DEVICE_AP_SME = 0x8d NL80211_ATTR_DFS_CAC_TIME = 0x7 NL80211_ATTR_DFS_REGION = 0x92 + NL80211_ATTR_DISABLE_EHT = 0x137 NL80211_ATTR_DISABLE_HE = 0x12d NL80211_ATTR_DISABLE_HT = 0x93 NL80211_ATTR_DISABLE_VHT = 0xaf @@ -4273,6 +4343,8 @@ const ( NL80211_ATTR_DONT_WAIT_FOR_ACK = 0x8e NL80211_ATTR_DTIM_PERIOD = 0xd NL80211_ATTR_DURATION = 0x57 + NL80211_ATTR_EHT_CAPABILITY = 0x136 + NL80211_ATTR_EML_CAPABILITY = 0x13d NL80211_ATTR_EXT_CAPA = 0xa9 NL80211_ATTR_EXT_CAPA_MASK = 0xaa NL80211_ATTR_EXTERNAL_AUTH_ACTION = 0x104 @@ -4337,10 +4409,11 @@ const ( NL80211_ATTR_MAC_HINT = 0xc8 NL80211_ATTR_MAC_MASK = 0xd7 NL80211_ATTR_MAX_AP_ASSOC_STA = 0xca - NL80211_ATTR_MAX = 0x137 + NL80211_ATTR_MAX = 0x140 NL80211_ATTR_MAX_CRIT_PROT_DURATION = 0xb4 NL80211_ATTR_MAX_CSA_COUNTERS = 0xce NL80211_ATTR_MAX_MATCH_SETS = 0x85 + NL80211_ATTR_MAX_NUM_AKM_SUITES = 0x13c NL80211_ATTR_MAX_NUM_PMKIDS = 0x56 NL80211_ATTR_MAX_NUM_SCAN_SSIDS = 0x2b NL80211_ATTR_MAX_NUM_SCHED_SCAN_PLANS = 0xde @@ -4350,6 +4423,8 @@ const ( NL80211_ATTR_MAX_SCAN_PLAN_INTERVAL = 0xdf NL80211_ATTR_MAX_SCAN_PLAN_ITERATIONS = 0xe0 NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN = 0x7c + NL80211_ATTR_MBSSID_CONFIG = 0x132 + NL80211_ATTR_MBSSID_ELEMS = 0x133 NL80211_ATTR_MCAST_RATE = 0x6b NL80211_ATTR_MDID = 0xb1 NL80211_ATTR_MEASUREMENT_DURATION = 0xeb @@ -4359,6 +4434,11 @@ const ( NL80211_ATTR_MESH_PEER_AID = 0xed NL80211_ATTR_MESH_SETUP = 0x70 NL80211_ATTR_MGMT_SUBTYPE = 0x29 + NL80211_ATTR_MLD_ADDR = 0x13a + NL80211_ATTR_MLD_CAPA_AND_OPS = 0x13e + NL80211_ATTR_MLO_LINK_ID = 0x139 + NL80211_ATTR_MLO_LINKS = 0x138 + NL80211_ATTR_MLO_SUPPORT = 0x13b NL80211_ATTR_MNTR_FLAGS = 0x17 NL80211_ATTR_MPATH_INFO = 0x1b NL80211_ATTR_MPATH_NEXT_HOP = 0x1a @@ -4371,6 +4451,7 @@ const ( NL80211_ATTR_NETNS_FD = 0xdb NL80211_ATTR_NOACK_MAP = 0x95 NL80211_ATTR_NSS = 0x106 + NL80211_ATTR_OBSS_COLOR_BITMAP = 0x12e NL80211_ATTR_OFFCHANNEL_TX_OK = 0x6c NL80211_ATTR_OPER_CLASS = 0xd6 NL80211_ATTR_OPMODE_NOTIF = 0xc2 @@ -4397,6 +4478,7 @@ const ( NL80211_ATTR_PROTOCOL_FEATURES = 0xad NL80211_ATTR_PS_STATE = 0x5d NL80211_ATTR_QOS_MAP = 0xc7 + NL80211_ATTR_RADAR_BACKGROUND = 0x134 NL80211_ATTR_RADAR_EVENT = 0xa8 NL80211_ATTR_REASON_CODE = 0x36 NL80211_ATTR_RECEIVE_MULTICAST = 0x121 @@ -4412,6 +4494,7 @@ const ( NL80211_ATTR_RESP_IE = 0x4e NL80211_ATTR_ROAM_SUPPORT = 0x83 NL80211_ATTR_RX_FRAME_TYPES = 0x64 + NL80211_ATTR_RX_HW_TIMESTAMP = 0x140 NL80211_ATTR_RXMGMT_FLAGS = 0xbc NL80211_ATTR_RX_SIGNAL_DBM = 0x97 NL80211_ATTR_S1G_CAPABILITY = 0x128 @@ -4484,6 +4567,7 @@ const ( NL80211_ATTR_TSID = 0xd2 NL80211_ATTR_TWT_RESPONDER = 0x116 NL80211_ATTR_TX_FRAME_TYPES = 0x63 + NL80211_ATTR_TX_HW_TIMESTAMP = 0x13f NL80211_ATTR_TX_NO_CCK_RATE = 0x87 NL80211_ATTR_TXQ_LIMIT = 0x10a NL80211_ATTR_TXQ_MEMORY_LIMIT = 0x10b @@ -4557,6 +4641,10 @@ const ( NL80211_BAND_ATTR_RATES = 0x2 NL80211_BAND_ATTR_VHT_CAPA = 0x8 NL80211_BAND_ATTR_VHT_MCS_SET = 0x7 + NL80211_BAND_IFTYPE_ATTR_EHT_CAP_MAC = 0x8 + NL80211_BAND_IFTYPE_ATTR_EHT_CAP_MCS_SET = 0xa + NL80211_BAND_IFTYPE_ATTR_EHT_CAP_PHY = 0x9 + NL80211_BAND_IFTYPE_ATTR_EHT_CAP_PPE = 0xb NL80211_BAND_IFTYPE_ATTR_HE_6GHZ_CAPA = 0x6 NL80211_BAND_IFTYPE_ATTR_HE_CAP_MAC = 0x2 NL80211_BAND_IFTYPE_ATTR_HE_CAP_MCS_SET = 0x4 @@ -4564,6 +4652,8 @@ const ( NL80211_BAND_IFTYPE_ATTR_HE_CAP_PPE = 0x5 NL80211_BAND_IFTYPE_ATTR_IFTYPES = 0x1 NL80211_BAND_IFTYPE_ATTR_MAX = 0xb + NL80211_BAND_IFTYPE_ATTR_VENDOR_ELEMS = 0x7 + NL80211_BAND_LC = 0x5 NL80211_BAND_S1GHZ = 0x4 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE = 0x2 NL80211_BITRATE_ATTR_MAX = 0x2 @@ -4584,7 +4674,9 @@ const ( NL80211_BSS_FREQUENCY_OFFSET = 0x14 NL80211_BSS_INFORMATION_ELEMENTS = 0x6 NL80211_BSS_LAST_SEEN_BOOTTIME = 0xf - NL80211_BSS_MAX = 0x14 + NL80211_BSS_MAX = 0x16 + NL80211_BSS_MLD_ADDR = 0x16 + NL80211_BSS_MLO_LINK_ID = 0x15 NL80211_BSS_PAD = 0x10 NL80211_BSS_PARENT_BSSID = 0x12 NL80211_BSS_PARENT_TSF = 0x11 @@ -4612,6 +4704,7 @@ const ( NL80211_CHAN_WIDTH_20 = 0x1 NL80211_CHAN_WIDTH_20_NOHT = 0x0 NL80211_CHAN_WIDTH_2 = 0x9 + NL80211_CHAN_WIDTH_320 = 0xd NL80211_CHAN_WIDTH_40 = 0x2 NL80211_CHAN_WIDTH_4 = 0xa NL80211_CHAN_WIDTH_5 = 0x6 @@ -4621,8 +4714,11 @@ const ( NL80211_CMD_ABORT_SCAN = 0x72 NL80211_CMD_ACTION = 0x3b NL80211_CMD_ACTION_TX_STATUS = 0x3c + NL80211_CMD_ADD_LINK = 0x94 + NL80211_CMD_ADD_LINK_STA = 0x96 NL80211_CMD_ADD_NAN_FUNCTION = 0x75 NL80211_CMD_ADD_TX_TS = 0x69 + NL80211_CMD_ASSOC_COMEBACK = 0x93 NL80211_CMD_ASSOCIATE = 0x26 NL80211_CMD_AUTHENTICATE = 0x25 NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL = 0x38 @@ -4630,6 +4726,10 @@ const ( NL80211_CMD_CHANNEL_SWITCH = 0x66 NL80211_CMD_CH_SWITCH_NOTIFY = 0x58 NL80211_CMD_CH_SWITCH_STARTED_NOTIFY = 0x6e + NL80211_CMD_COLOR_CHANGE_ABORTED = 0x90 + NL80211_CMD_COLOR_CHANGE_COMPLETED = 0x91 + NL80211_CMD_COLOR_CHANGE_REQUEST = 0x8e + NL80211_CMD_COLOR_CHANGE_STARTED = 0x8f NL80211_CMD_CONNECT = 0x2e NL80211_CMD_CONN_FAILED = 0x5b NL80211_CMD_CONTROL_PORT_FRAME = 0x81 @@ -4678,8 +4778,9 @@ const ( NL80211_CMD_LEAVE_IBSS = 0x2c NL80211_CMD_LEAVE_MESH = 0x45 NL80211_CMD_LEAVE_OCB = 0x6d - NL80211_CMD_MAX = 0x93 + NL80211_CMD_MAX = 0x98 NL80211_CMD_MICHAEL_MIC_FAILURE = 0x29 + NL80211_CMD_MODIFY_LINK_STA = 0x97 NL80211_CMD_NAN_MATCH = 0x78 NL80211_CMD_NEW_BEACON = 0xf NL80211_CMD_NEW_INTERFACE = 0x7 @@ -4692,6 +4793,7 @@ const ( NL80211_CMD_NEW_WIPHY = 0x3 NL80211_CMD_NOTIFY_CQM = 0x40 NL80211_CMD_NOTIFY_RADAR = 0x86 + NL80211_CMD_OBSS_COLOR_COLLISION = 0x8d NL80211_CMD_PEER_MEASUREMENT_COMPLETE = 0x85 NL80211_CMD_PEER_MEASUREMENT_RESULT = 0x84 NL80211_CMD_PEER_MEASUREMENT_START = 0x83 @@ -4707,6 +4809,8 @@ const ( NL80211_CMD_REGISTER_FRAME = 0x3a NL80211_CMD_RELOAD_REGDB = 0x7e NL80211_CMD_REMAIN_ON_CHANNEL = 0x37 + NL80211_CMD_REMOVE_LINK = 0x95 + NL80211_CMD_REMOVE_LINK_STA = 0x98 NL80211_CMD_REQ_SET_REG = 0x1b NL80211_CMD_ROAM = 0x2f NL80211_CMD_SCAN_ABORTED = 0x23 @@ -4717,6 +4821,7 @@ const ( NL80211_CMD_SET_CHANNEL = 0x41 NL80211_CMD_SET_COALESCE = 0x65 NL80211_CMD_SET_CQM = 0x3f + NL80211_CMD_SET_FILS_AAD = 0x92 NL80211_CMD_SET_INTERFACE = 0x6 NL80211_CMD_SET_KEY = 0xa NL80211_CMD_SET_MAC_ACL = 0x5d @@ -4791,6 +4896,8 @@ const ( NL80211_EDMG_BW_CONFIG_MIN = 0x4 NL80211_EDMG_CHANNELS_MAX = 0x3c NL80211_EDMG_CHANNELS_MIN = 0x1 + NL80211_EHT_MAX_CAPABILITY_LEN = 0x33 + NL80211_EHT_MIN_CAPABILITY_LEN = 0xd NL80211_EXTERNAL_AUTH_ABORT = 0x1 NL80211_EXTERNAL_AUTH_START = 0x0 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_AP_PSK = 0x32 @@ -4807,6 +4914,7 @@ const ( NL80211_EXT_FEATURE_BEACON_RATE_HT = 0x7 NL80211_EXT_FEATURE_BEACON_RATE_LEGACY = 0x6 NL80211_EXT_FEATURE_BEACON_RATE_VHT = 0x8 + NL80211_EXT_FEATURE_BSS_COLOR = 0x3a NL80211_EXT_FEATURE_BSS_PARENT_TSF = 0x4 NL80211_EXT_FEATURE_CAN_REPLACE_PTK0 = 0x1f NL80211_EXT_FEATURE_CONTROL_PORT_NO_PREAUTH = 0x2a @@ -4818,6 +4926,7 @@ const ( NL80211_EXT_FEATURE_DFS_OFFLOAD = 0x19 NL80211_EXT_FEATURE_ENABLE_FTM_RESPONDER = 0x20 NL80211_EXT_FEATURE_EXT_KEY_ID = 0x24 + NL80211_EXT_FEATURE_FILS_CRYPTO_OFFLOAD = 0x3b NL80211_EXT_FEATURE_FILS_DISCOVERY = 0x34 NL80211_EXT_FEATURE_FILS_MAX_CHANNEL_TIME = 0x11 NL80211_EXT_FEATURE_FILS_SK_OFFLOAD = 0xe @@ -4833,8 +4942,10 @@ const ( NL80211_EXT_FEATURE_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION = 0x14 NL80211_EXT_FEATURE_OCE_PROBE_REQ_HIGH_TX_RATE = 0x13 NL80211_EXT_FEATURE_OPERATING_CHANNEL_VALIDATION = 0x31 + NL80211_EXT_FEATURE_POWERED_ADDR_CHANGE = 0x3d NL80211_EXT_FEATURE_PROTECTED_TWT = 0x2b NL80211_EXT_FEATURE_PROT_RANGE_NEGO_AND_MEASURE = 0x39 + NL80211_EXT_FEATURE_RADAR_BACKGROUND = 0x3c NL80211_EXT_FEATURE_RRM = 0x1 NL80211_EXT_FEATURE_SAE_OFFLOAD_AP = 0x33 NL80211_EXT_FEATURE_SAE_OFFLOAD = 0x26 @@ -4906,7 +5017,9 @@ const ( NL80211_FREQUENCY_ATTR_NO_10MHZ = 0x11 NL80211_FREQUENCY_ATTR_NO_160MHZ = 0xc NL80211_FREQUENCY_ATTR_NO_20MHZ = 0x10 + NL80211_FREQUENCY_ATTR_NO_320MHZ = 0x1a NL80211_FREQUENCY_ATTR_NO_80MHZ = 0xb + NL80211_FREQUENCY_ATTR_NO_EHT = 0x1b NL80211_FREQUENCY_ATTR_NO_HE = 0x13 NL80211_FREQUENCY_ATTR_NO_HT40_MINUS = 0x9 NL80211_FREQUENCY_ATTR_NO_HT40_PLUS = 0xa @@ -5006,6 +5119,12 @@ const ( NL80211_MAX_SUPP_HT_RATES = 0x4d NL80211_MAX_SUPP_RATES = 0x20 NL80211_MAX_SUPP_REG_RULES = 0x80 + NL80211_MBSSID_CONFIG_ATTR_EMA = 0x5 + NL80211_MBSSID_CONFIG_ATTR_INDEX = 0x3 + NL80211_MBSSID_CONFIG_ATTR_MAX = 0x5 + NL80211_MBSSID_CONFIG_ATTR_MAX_EMA_PROFILE_PERIODICITY = 0x2 + NL80211_MBSSID_CONFIG_ATTR_MAX_INTERFACES = 0x1 + NL80211_MBSSID_CONFIG_ATTR_TX_IFINDEX = 0x4 NL80211_MESHCONF_ATTR_MAX = 0x1f NL80211_MESHCONF_AUTO_OPEN_PLINKS = 0x7 NL80211_MESHCONF_AWAKE_WINDOW = 0x1b @@ -5168,6 +5287,7 @@ const ( NL80211_PMSR_FTM_FAILURE_UNSPECIFIED = 0x0 NL80211_PMSR_FTM_FAILURE_WRONG_CHANNEL = 0x3 NL80211_PMSR_FTM_REQ_ATTR_ASAP = 0x1 + NL80211_PMSR_FTM_REQ_ATTR_BSS_COLOR = 0xd NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION = 0x5 NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD = 0x4 NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST = 0x6 @@ -5244,12 +5364,36 @@ const ( NL80211_RADAR_PRE_CAC_EXPIRED = 0x4 NL80211_RATE_INFO_10_MHZ_WIDTH = 0xb NL80211_RATE_INFO_160_MHZ_WIDTH = 0xa + NL80211_RATE_INFO_320_MHZ_WIDTH = 0x12 NL80211_RATE_INFO_40_MHZ_WIDTH = 0x3 NL80211_RATE_INFO_5_MHZ_WIDTH = 0xc NL80211_RATE_INFO_80_MHZ_WIDTH = 0x8 NL80211_RATE_INFO_80P80_MHZ_WIDTH = 0x9 NL80211_RATE_INFO_BITRATE32 = 0x5 NL80211_RATE_INFO_BITRATE = 0x1 + NL80211_RATE_INFO_EHT_GI_0_8 = 0x0 + NL80211_RATE_INFO_EHT_GI_1_6 = 0x1 + NL80211_RATE_INFO_EHT_GI_3_2 = 0x2 + NL80211_RATE_INFO_EHT_GI = 0x15 + NL80211_RATE_INFO_EHT_MCS = 0x13 + NL80211_RATE_INFO_EHT_NSS = 0x14 + NL80211_RATE_INFO_EHT_RU_ALLOC_106 = 0x3 + NL80211_RATE_INFO_EHT_RU_ALLOC_106P26 = 0x4 + NL80211_RATE_INFO_EHT_RU_ALLOC_242 = 0x5 + NL80211_RATE_INFO_EHT_RU_ALLOC_26 = 0x0 + NL80211_RATE_INFO_EHT_RU_ALLOC_2x996 = 0xb + NL80211_RATE_INFO_EHT_RU_ALLOC_2x996P484 = 0xc + NL80211_RATE_INFO_EHT_RU_ALLOC_3x996 = 0xd + NL80211_RATE_INFO_EHT_RU_ALLOC_3x996P484 = 0xe + NL80211_RATE_INFO_EHT_RU_ALLOC_484 = 0x6 + NL80211_RATE_INFO_EHT_RU_ALLOC_484P242 = 0x7 + NL80211_RATE_INFO_EHT_RU_ALLOC_4x996 = 0xf + NL80211_RATE_INFO_EHT_RU_ALLOC_52 = 0x1 + NL80211_RATE_INFO_EHT_RU_ALLOC_52P26 = 0x2 + NL80211_RATE_INFO_EHT_RU_ALLOC_996 = 0x8 + NL80211_RATE_INFO_EHT_RU_ALLOC_996P484 = 0x9 + NL80211_RATE_INFO_EHT_RU_ALLOC_996P484P242 = 0xa + NL80211_RATE_INFO_EHT_RU_ALLOC = 0x16 NL80211_RATE_INFO_HE_1XLTF = 0x0 NL80211_RATE_INFO_HE_2XLTF = 0x1 NL80211_RATE_INFO_HE_4XLTF = 0x2 @@ -5292,6 +5436,7 @@ const ( NL80211_RRF_GO_CONCURRENT = 0x1000 NL80211_RRF_IR_CONCURRENT = 0x1000 NL80211_RRF_NO_160MHZ = 0x10000 + NL80211_RRF_NO_320MHZ = 0x40000 NL80211_RRF_NO_80MHZ = 0x8000 NL80211_RRF_NO_CCK = 0x2 NL80211_RRF_NO_HE = 0x20000 diff --git a/vendor/golang.org/x/sys/windows/syscall_windows.go b/vendor/golang.org/x/sys/windows/syscall_windows.go index a49853e9d3a..41cb3c01fd9 100644 --- a/vendor/golang.org/x/sys/windows/syscall_windows.go +++ b/vendor/golang.org/x/sys/windows/syscall_windows.go @@ -10,7 +10,6 @@ import ( errorspkg "errors" "fmt" "runtime" - "strings" "sync" "syscall" "time" @@ -87,22 +86,13 @@ func StringToUTF16(s string) []uint16 { // s, with a terminating NUL added. If s contains a NUL byte at any // location, it returns (nil, syscall.EINVAL). func UTF16FromString(s string) ([]uint16, error) { - if strings.IndexByte(s, 0) != -1 { - return nil, syscall.EINVAL - } - return utf16.Encode([]rune(s + "\x00")), nil + return syscall.UTF16FromString(s) } // UTF16ToString returns the UTF-8 encoding of the UTF-16 sequence s, // with a terminating NUL and any bytes after the NUL removed. func UTF16ToString(s []uint16) string { - for i, v := range s { - if v == 0 { - s = s[:i] - break - } - } - return string(utf16.Decode(s)) + return syscall.UTF16ToString(s) } // StringToUTF16Ptr is deprecated. Use UTF16PtrFromString instead. diff --git a/vendor/modules.txt b/vendor/modules.txt index b308807ccca..2a0925a4932 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -71,7 +71,7 @@ github.com/vishvananda/netns # golang.org/x/net v0.5.0 ## explicit; go 1.17 golang.org/x/net/bpf -# golang.org/x/sys v0.4.0 +# golang.org/x/sys v0.5.0 ## explicit; go 1.17 golang.org/x/sys/execabs golang.org/x/sys/internal/unsafeheader From 42dffaaa4ebeabda38d14967836128042226c35f Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 8 Feb 2023 19:38:49 -0800 Subject: [PATCH 0154/1176] Dockerfile: fix build wrt new git With the updated git in golang:1.19-bullseye image, building fails with: make -C /go/src/github.com/opencontainers/runc PKG_CONFIG_PATH=/opt/libseccomp/lib/pkgconfig COMMIT_NO= EXTRA_FLAGS=-a 'EXTRA_LDFLAGS=-w -s -buildid=' static make[1]: Entering directory '/go/src/github.com/opencontainers/runc' fatal: detected dubious ownership in repository at '/go/src/github.com/opencontainers/runc' To add an exception for this directory, call: git config --global --add safe.directory /go/src/github.com/opencontainers/runc go build -trimpath -buildmode=pie -a -tags "seccomp urfave_cli_no_docs netgo osusergo" -ldflags "-X main.gitCommit= -X main.version=1.1.0+dev -linkmode external -extldflags --static-pie -w -s -buildid=" -o runc . error obtaining VCS status: exit status 128 Use -buildvcs=false to disable VCS stamping. This commit should fix it. Signed-off-by: Kir Kolyshkin --- Dockerfile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Dockerfile b/Dockerfile index 934883405a9..1504b4b1ba3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -58,4 +58,7 @@ ENV LIBSECCOMP_VERSION=$LIBSECCOMP_VERSION ENV LD_LIBRARY_PATH=/opt/libseccomp/lib ENV PKG_CONFIG_PATH=/opt/libseccomp/lib/pkgconfig +# Prevent the "fatal: detected dubious ownership in repository" git complain during build. +RUN git config --global --add safe.directory /go/src/github.com/opencontainers/runc + WORKDIR /go/src/github.com/opencontainers/runc From 0e1346fe6d6f91dae627f4a369f3fda378d7f441 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 9 Feb 2023 16:55:01 +0000 Subject: [PATCH 0155/1176] build(deps): bump golang.org/x/net from 0.5.0 to 0.6.0 Bumps [golang.org/x/net](https://github.com/golang/net) from 0.5.0 to 0.6.0. - [Release notes](https://github.com/golang/net/releases) - [Commits](https://github.com/golang/net/compare/v0.5.0...v0.6.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- vendor/modules.txt | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index 18acdd05b92..2f20e801b77 100644 --- a/go.mod +++ b/go.mod @@ -19,7 +19,7 @@ require ( github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 github.com/urfave/cli v1.22.9 github.com/vishvananda/netlink v1.1.0 - golang.org/x/net v0.5.0 + golang.org/x/net v0.6.0 golang.org/x/sys v0.5.0 google.golang.org/protobuf v1.28.1 ) diff --git a/go.sum b/go.sum index 4db61fee651..275452c4b5e 100644 --- a/go.sum +++ b/go.sum @@ -59,8 +59,8 @@ github.com/vishvananda/netlink v1.1.0 h1:1iyaYNBLmP6L0220aDnYQpo1QEV4t4hJ+xEEhhJ github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE= github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df h1:OviZH7qLw/7ZovXvuNyL3XQl8UFofeikI1NW1Gypu7k= github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU= -golang.org/x/net v0.5.0 h1:GyT4nK/YDHSqa1c4753ouYCDajOYKTja9Xb/OHtgvSw= -golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws= +golang.org/x/net v0.6.0 h1:L4ZwwTvKW9gr0ZMS1yrHD9GZhIuVjOBBnaKH+SPQK0Q= +golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= diff --git a/vendor/modules.txt b/vendor/modules.txt index 2a0925a4932..33eb02b3633 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -68,7 +68,7 @@ github.com/vishvananda/netlink/nl # github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df ## explicit; go 1.12 github.com/vishvananda/netns -# golang.org/x/net v0.5.0 +# golang.org/x/net v0.6.0 ## explicit; go 1.17 golang.org/x/net/bpf # golang.org/x/sys v0.5.0 From bc8d6e3b1fe48ca7c4dc0709de168c92ca17c017 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 10 Feb 2023 00:34:56 +0000 Subject: [PATCH 0156/1176] build(deps): bump github.com/opencontainers/selinux Bumps [github.com/opencontainers/selinux](https://github.com/opencontainers/selinux) from 1.10.2 to 1.11.0. - [Release notes](https://github.com/opencontainers/selinux/releases) - [Commits](https://github.com/opencontainers/selinux/compare/v1.10.2...v1.11.0) --- updated-dependencies: - dependency-name: github.com/opencontainers/selinux dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 +- .../selinux/go-selinux/label/label.go | 22 ++- .../selinux/go-selinux/rchcon.go | 34 ---- .../selinux/go-selinux/rchcon_go115.go | 22 --- .../selinux/go-selinux/selinux.go | 30 ++- .../selinux/go-selinux/selinux_linux.go | 185 ++++++++---------- .../selinux/go-selinux/selinux_stub.go | 44 ++--- .../selinux/pkg/pwalk/README.md | 48 ----- .../opencontainers/selinux/pkg/pwalk/pwalk.go | 115 ----------- .../selinux/pkg/pwalkdir/pwalkdir.go | 2 +- vendor/modules.txt | 5 +- 12 files changed, 150 insertions(+), 363 deletions(-) delete mode 100644 vendor/github.com/opencontainers/selinux/go-selinux/rchcon.go delete mode 100644 vendor/github.com/opencontainers/selinux/go-selinux/rchcon_go115.go delete mode 100644 vendor/github.com/opencontainers/selinux/pkg/pwalk/README.md delete mode 100644 vendor/github.com/opencontainers/selinux/pkg/pwalk/pwalk.go diff --git a/go.mod b/go.mod index 18acdd05b92..65912dba656 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/moby/sys/mountinfo v0.6.2 github.com/mrunalp/fileutils v0.5.0 github.com/opencontainers/runtime-spec v1.0.3-0.20220909204839-494a5a6aca78 - github.com/opencontainers/selinux v1.10.2 + github.com/opencontainers/selinux v1.11.0 github.com/seccomp/libseccomp-golang v0.10.0 github.com/sirupsen/logrus v1.9.0 github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 diff --git a/go.sum b/go.sum index 4db61fee651..920eed09eee 100644 --- a/go.sum +++ b/go.sum @@ -33,8 +33,8 @@ github.com/mrunalp/fileutils v0.5.0 h1:NKzVxiH7eSk+OQ4M+ZYW1K6h27RUV3MI6NUTsHhU6 github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ= github.com/opencontainers/runtime-spec v1.0.3-0.20220909204839-494a5a6aca78 h1:R5M2qXZiK/mWPMT4VldCOiSL9HIAMuxQZWdG0CSM5+4= github.com/opencontainers/runtime-spec v1.0.3-0.20220909204839-494a5a6aca78/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= -github.com/opencontainers/selinux v1.10.2 h1:NFy2xCsjn7+WspbfZkUd5zyVeisV7VFbPSP96+8/ha4= -github.com/opencontainers/selinux v1.10.2/go.mod h1:cARutUbaUrlRClyvxOICCgKixCs6L05aUsohzA3EkHQ= +github.com/opencontainers/selinux v1.11.0 h1:+5Zbo97w3Lbmb3PeqQtpmTkMwsW5nRI3YaLpt7tQ7oU= +github.com/opencontainers/selinux v1.11.0/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M586T4DlDRYpFkyec= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8= diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/label/label.go b/vendor/github.com/opencontainers/selinux/go-selinux/label/label.go index fea096c180f..07e0f77dc27 100644 --- a/vendor/github.com/opencontainers/selinux/go-selinux/label/label.go +++ b/vendor/github.com/opencontainers/selinux/go-selinux/label/label.go @@ -78,6 +78,9 @@ func ReleaseLabel(label string) error { // Deprecated: use selinux.DupSecOpt var DupSecOpt = selinux.DupSecOpt +// FormatMountLabel returns a string to be used by the mount command. Using +// the SELinux `context` mount option. Changing labels of files on mount +// points with this option can never be changed. // FormatMountLabel returns a string to be used by the mount command. // The format of this string will be used to alter the labeling of the mountpoint. // The string returned is suitable to be used as the options field of the mount command. @@ -85,12 +88,27 @@ var DupSecOpt = selinux.DupSecOpt // the first parameter. Second parameter is the label that you wish to apply // to all content in the mount point. func FormatMountLabel(src, mountLabel string) string { + return FormatMountLabelByType(src, mountLabel, "context") +} + +// FormatMountLabelByType returns a string to be used by the mount command. +// Allow caller to specify the mount options. For example using the SELinux +// `fscontext` mount option would allow certain container processes to change +// labels of files created on the mount points, where as `context` option does +// not. +// FormatMountLabelByType returns a string to be used by the mount command. +// The format of this string will be used to alter the labeling of the mountpoint. +// The string returned is suitable to be used as the options field of the mount command. +// If you need to have additional mount point options, you can pass them in as +// the first parameter. Second parameter is the label that you wish to apply +// to all content in the mount point. +func FormatMountLabelByType(src, mountLabel, contextType string) string { if mountLabel != "" { switch src { case "": - src = fmt.Sprintf("context=%q", mountLabel) + src = fmt.Sprintf("%s=%q", contextType, mountLabel) default: - src = fmt.Sprintf("%s,context=%q", src, mountLabel) + src = fmt.Sprintf("%s,%s=%q", src, contextType, mountLabel) } } return src diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/rchcon.go b/vendor/github.com/opencontainers/selinux/go-selinux/rchcon.go deleted file mode 100644 index 8bff2935579..00000000000 --- a/vendor/github.com/opencontainers/selinux/go-selinux/rchcon.go +++ /dev/null @@ -1,34 +0,0 @@ -//go:build linux && go1.16 -// +build linux,go1.16 - -package selinux - -import ( - "errors" - "io/fs" - "os" - - "github.com/opencontainers/selinux/pkg/pwalkdir" -) - -func rchcon(fpath, label string) error { - fastMode := false - // If the current label matches the new label, assume - // other labels are correct. - if cLabel, err := lFileLabel(fpath); err == nil && cLabel == label { - fastMode = true - } - return pwalkdir.Walk(fpath, func(p string, _ fs.DirEntry, _ error) error { - if fastMode { - if cLabel, err := lFileLabel(fpath); err == nil && cLabel == label { - return nil - } - } - e := lSetFileLabel(p, label) - // Walk a file tree can race with removal, so ignore ENOENT. - if errors.Is(e, os.ErrNotExist) { - return nil - } - return e - }) -} diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/rchcon_go115.go b/vendor/github.com/opencontainers/selinux/go-selinux/rchcon_go115.go deleted file mode 100644 index 303cb1890ad..00000000000 --- a/vendor/github.com/opencontainers/selinux/go-selinux/rchcon_go115.go +++ /dev/null @@ -1,22 +0,0 @@ -//go:build linux && !go1.16 -// +build linux,!go1.16 - -package selinux - -import ( - "errors" - "os" - - "github.com/opencontainers/selinux/pkg/pwalk" -) - -func rchcon(fpath, label string) error { - return pwalk.Walk(fpath, func(p string, _ os.FileInfo, _ error) error { - e := lSetFileLabel(p, label) - // Walk a file tree can race with removal, so ignore ENOENT. - if errors.Is(e, os.ErrNotExist) { - return nil - } - return e - }) -} diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/selinux.go b/vendor/github.com/opencontainers/selinux/go-selinux/selinux.go index 5a59d151f67..af058b84b13 100644 --- a/vendor/github.com/opencontainers/selinux/go-selinux/selinux.go +++ b/vendor/github.com/opencontainers/selinux/go-selinux/selinux.go @@ -23,8 +23,13 @@ var ( // ErrEmptyPath is returned when an empty path has been specified. ErrEmptyPath = errors.New("empty path") + // ErrInvalidLabel is returned when an invalid label is specified. + ErrInvalidLabel = errors.New("invalid Label") + // InvalidLabel is returned when an invalid label is specified. - InvalidLabel = errors.New("Invalid Label") + // + // Deprecated: use [ErrInvalidLabel]. + InvalidLabel = ErrInvalidLabel // ErrIncomparable is returned two levels are not comparable ErrIncomparable = errors.New("incomparable levels") @@ -144,7 +149,7 @@ func CalculateGlbLub(sourceRange, targetRange string) (string, error) { // of the program is finished to guarantee another goroutine does not migrate to the current // thread before execution is complete. func SetExecLabel(label string) error { - return setExecLabel(label) + return writeCon(attrPath("exec"), label) } // SetTaskLabel sets the SELinux label for the current thread, or an error. @@ -152,21 +157,21 @@ func SetExecLabel(label string) error { // be wrapped in runtime.LockOSThread()/runtime.UnlockOSThread() to guarantee // the current thread does not run in a new mislabeled thread. func SetTaskLabel(label string) error { - return setTaskLabel(label) + return writeCon(attrPath("current"), label) } // SetSocketLabel takes a process label and tells the kernel to assign the // label to the next socket that gets created. Calls to SetSocketLabel // should be wrapped in runtime.LockOSThread()/runtime.UnlockOSThread() until -// the the socket is created to guarantee another goroutine does not migrate +// the socket is created to guarantee another goroutine does not migrate // to the current thread before execution is complete. func SetSocketLabel(label string) error { - return setSocketLabel(label) + return writeCon(attrPath("sockcreate"), label) } // SocketLabel retrieves the current socket label setting func SocketLabel() (string, error) { - return socketLabel() + return readCon(attrPath("sockcreate")) } // PeerLabel retrieves the label of the client on the other side of a socket @@ -185,7 +190,7 @@ func SetKeyLabel(label string) error { // KeyLabel retrieves the current kernel keyring label setting func KeyLabel() (string, error) { - return keyLabel() + return readCon("/proc/self/attr/keycreate") } // Get returns the Context as a string @@ -208,6 +213,11 @@ func ReserveLabel(label string) { reserveLabel(label) } +// MLSEnabled checks if MLS is enabled. +func MLSEnabled() bool { + return isMLSEnabled() +} + // EnforceMode returns the current SELinux mode Enforcing, Permissive, Disabled func EnforceMode() int { return enforceMode() @@ -220,7 +230,7 @@ func SetEnforceMode(mode int) error { } // DefaultEnforceMode returns the systems default SELinux mode Enforcing, -// Permissive or Disabled. Note this is is just the default at boot time. +// Permissive or Disabled. Note this is just the default at boot time. // EnforceMode tells you the systems current mode. func DefaultEnforceMode() int { return defaultEnforceMode() @@ -266,7 +276,7 @@ func CopyLevel(src, dest string) (string, error) { return copyLevel(src, dest) } -// Chcon changes the fpath file object to the SELinux label label. +// Chcon changes the fpath file object to the SELinux label. // If fpath is a directory and recurse is true, then Chcon walks the // directory tree setting the label. // @@ -284,7 +294,7 @@ func DupSecOpt(src string) ([]string, error) { // DisableSecOpt returns a security opt that can be used to disable SELinux // labeling support for future container processes. func DisableSecOpt() []string { - return disableSecOpt() + return []string{"disable"} } // GetDefaultContextWithLevel gets a single context for the specified SELinux user diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go index 4582cc9e0a2..f1e95977d3b 100644 --- a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go +++ b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go @@ -8,16 +8,16 @@ import ( "errors" "fmt" "io" - "io/ioutil" + "io/fs" "math/big" "os" "os/user" - "path" "path/filepath" "strconv" "strings" "sync" + "github.com/opencontainers/selinux/pkg/pwalkdir" "golang.org/x/sys/unix" ) @@ -35,17 +35,17 @@ const ( ) type selinuxState struct { + mcsList map[string]bool + selinuxfs string + selinuxfsOnce sync.Once enabledSet bool enabled bool - selinuxfsOnce sync.Once - selinuxfs string - mcsList map[string]bool sync.Mutex } type level struct { - sens uint cats *big.Int + sens uint } type mlsRange struct { @@ -54,10 +54,10 @@ type mlsRange struct { } type defaultSECtx struct { - user, level, scon string - userRdr, defaultRdr io.Reader - - verifier func(string) error + userRdr io.Reader + verifier func(string) error + defaultRdr io.Reader + user, level, scon string } type levelItem byte @@ -155,7 +155,7 @@ func findSELinuxfs() string { } // check if selinuxfs is available before going the slow path - fs, err := ioutil.ReadFile("/proc/filesystems") + fs, err := os.ReadFile("/proc/filesystems") if err != nil { return "" } @@ -292,7 +292,7 @@ func readCon(fpath string) (string, error) { } func readConFd(in *os.File) (string, error) { - data, err := ioutil.ReadAll(in) + data, err := io.ReadAll(in) if err != nil { return "", err } @@ -305,7 +305,7 @@ func classIndex(class string) (int, error) { permpath := fmt.Sprintf("class/%s/index", class) indexpath := filepath.Join(getSelinuxMountPoint(), permpath) - indexB, err := ioutil.ReadFile(indexpath) + indexB, err := os.ReadFile(indexpath) if err != nil { return -1, err } @@ -391,21 +391,19 @@ func lFileLabel(fpath string) (string, error) { return string(label), nil } -// setFSCreateLabel tells kernel the label to create all file system objects -// created by this task. Setting label="" to return to default. func setFSCreateLabel(label string) error { - return writeAttr("fscreate", label) + return writeCon(attrPath("fscreate"), label) } // fsCreateLabel returns the default label the kernel which the kernel is using // for file system objects created by this task. "" indicates default. func fsCreateLabel() (string, error) { - return readAttr("fscreate") + return readCon(attrPath("fscreate")) } // currentLabel returns the SELinux label of the current process thread, or an error. func currentLabel() (string, error) { - return readAttr("current") + return readCon(attrPath("current")) } // pidLabel returns the SELinux label of the given pid, or an error. @@ -416,7 +414,7 @@ func pidLabel(pid int) (string, error) { // ExecLabel returns the SELinux label that the kernel will use for any programs // that are executed by the current process thread, or an error. func execLabel() (string, error) { - return readAttr("exec") + return readCon(attrPath("exec")) } func writeCon(fpath, val string) error { @@ -462,18 +460,10 @@ func attrPath(attr string) string { }) if haveThreadSelf { - return path.Join(threadSelfPrefix, attr) + return filepath.Join(threadSelfPrefix, attr) } - return path.Join("/proc/self/task/", strconv.Itoa(unix.Gettid()), "/attr/", attr) -} - -func readAttr(attr string) (string, error) { - return readCon(attrPath(attr)) -} - -func writeAttr(attr, val string) error { - return writeCon(attrPath(attr), val) + return filepath.Join("/proc/self/task", strconv.Itoa(unix.Gettid()), "attr", attr) } // canonicalizeContext takes a context string and writes it to the kernel @@ -560,30 +550,30 @@ func (l *level) parseLevel(levelStr string) error { // rangeStrToMLSRange marshals a string representation of a range. func rangeStrToMLSRange(rangeStr string) (*mlsRange, error) { - mlsRange := &mlsRange{} - levelSlice := strings.SplitN(rangeStr, "-", 2) + r := &mlsRange{} + l := strings.SplitN(rangeStr, "-", 2) - switch len(levelSlice) { + switch len(l) { // rangeStr that has a low and a high level, e.g. s4:c0.c1023-s6:c0.c1023 case 2: - mlsRange.high = &level{} - if err := mlsRange.high.parseLevel(levelSlice[1]); err != nil { - return nil, fmt.Errorf("failed to parse high level %q: %w", levelSlice[1], err) + r.high = &level{} + if err := r.high.parseLevel(l[1]); err != nil { + return nil, fmt.Errorf("failed to parse high level %q: %w", l[1], err) } fallthrough // rangeStr that is single level, e.g. s6:c0,c3,c5,c30.c1023 case 1: - mlsRange.low = &level{} - if err := mlsRange.low.parseLevel(levelSlice[0]); err != nil { - return nil, fmt.Errorf("failed to parse low level %q: %w", levelSlice[0], err) + r.low = &level{} + if err := r.low.parseLevel(l[0]); err != nil { + return nil, fmt.Errorf("failed to parse low level %q: %w", l[0], err) } } - if mlsRange.high == nil { - mlsRange.high = mlsRange.low + if r.high == nil { + r.high = r.low } - return mlsRange, nil + return r, nil } // bitsetToStr takes a category bitset and returns it in the @@ -617,17 +607,17 @@ func bitsetToStr(c *big.Int) string { return str } -func (l1 *level) equal(l2 *level) bool { - if l2 == nil || l1 == nil { - return l1 == l2 +func (l *level) equal(l2 *level) bool { + if l2 == nil || l == nil { + return l == l2 } - if l1.sens != l2.sens { + if l2.sens != l.sens { return false } - if l2.cats == nil || l1.cats == nil { - return l2.cats == l1.cats + if l2.cats == nil || l.cats == nil { + return l2.cats == l.cats } - return l1.cats.Cmp(l2.cats) == 0 + return l.cats.Cmp(l2.cats) == 0 } // String returns an mlsRange as a string. @@ -721,36 +711,13 @@ func readWriteCon(fpath string, val string) (string, error) { return readConFd(f) } -// setExecLabel sets the SELinux label that the kernel will use for any programs -// that are executed by the current process thread, or an error. -func setExecLabel(label string) error { - return writeAttr("exec", label) -} - -// setTaskLabel sets the SELinux label for the current thread, or an error. -// This requires the dyntransition permission. -func setTaskLabel(label string) error { - return writeAttr("current", label) -} - -// setSocketLabel takes a process label and tells the kernel to assign the -// label to the next socket that gets created -func setSocketLabel(label string) error { - return writeAttr("sockcreate", label) -} - -// socketLabel retrieves the current socket label setting -func socketLabel() (string, error) { - return readAttr("sockcreate") -} - // peerLabel retrieves the label of the client on the other side of a socket func peerLabel(fd uintptr) (string, error) { - label, err := unix.GetsockoptString(int(fd), unix.SOL_SOCKET, unix.SO_PEERSEC) + l, err := unix.GetsockoptString(int(fd), unix.SOL_SOCKET, unix.SO_PEERSEC) if err != nil { return "", &os.PathError{Op: "getsockopt", Path: "fd " + strconv.Itoa(int(fd)), Err: err} } - return label, nil + return l, nil } // setKeyLabel takes a process label and tells the kernel to assign the @@ -766,15 +733,10 @@ func setKeyLabel(label string) error { return err } -// keyLabel retrieves the current kernel keyring label setting -func keyLabel() (string, error) { - return readCon("/proc/self/attr/keycreate") -} - // get returns the Context as a string func (c Context) get() string { - if level := c["level"]; level != "" { - return c["user"] + ":" + c["role"] + ":" + c["type"] + ":" + level + if l := c["level"]; l != "" { + return c["user"] + ":" + c["role"] + ":" + c["type"] + ":" + l } return c["user"] + ":" + c["role"] + ":" + c["type"] } @@ -786,7 +748,7 @@ func newContext(label string) (Context, error) { if len(label) != 0 { con := strings.SplitN(label, ":", 4) if len(con) < 3 { - return c, InvalidLabel + return c, ErrInvalidLabel } c["user"] = con[0] c["role"] = con[1] @@ -816,14 +778,23 @@ func reserveLabel(label string) { } func selinuxEnforcePath() string { - return path.Join(getSelinuxMountPoint(), "enforce") + return filepath.Join(getSelinuxMountPoint(), "enforce") +} + +// isMLSEnabled checks if MLS is enabled. +func isMLSEnabled() bool { + enabledB, err := os.ReadFile(filepath.Join(getSelinuxMountPoint(), "mls")) + if err != nil { + return false + } + return bytes.Equal(enabledB, []byte{'1'}) } // enforceMode returns the current SELinux mode Enforcing, Permissive, Disabled func enforceMode() int { var enforce int - enforceB, err := ioutil.ReadFile(selinuxEnforcePath()) + enforceB, err := os.ReadFile(selinuxEnforcePath()) if err != nil { return -1 } @@ -837,11 +808,12 @@ func enforceMode() int { // setEnforceMode sets the current SELinux mode Enforcing, Permissive. // Disabled is not valid, since this needs to be set at boot time. func setEnforceMode(mode int) error { - return ioutil.WriteFile(selinuxEnforcePath(), []byte(strconv.Itoa(mode)), 0o644) + //nolint:gosec // ignore G306: permissions to be 0600 or less. + return os.WriteFile(selinuxEnforcePath(), []byte(strconv.Itoa(mode)), 0o644) } // defaultEnforceMode returns the systems default SELinux mode Enforcing, -// Permissive or Disabled. Note this is is just the default at boot time. +// Permissive or Disabled. Note this is just the default at boot time. // EnforceMode tells you the systems current mode. func defaultEnforceMode() int { switch readConfig(selinuxTag) { @@ -941,7 +913,7 @@ func openContextFile() (*os.File, error) { if f, err := os.Open(contextFile); err == nil { return f, nil } - return os.Open(filepath.Join(policyRoot(), "/contexts/lxc_contexts")) + return os.Open(filepath.Join(policyRoot(), "contexts", "lxc_contexts")) } func loadLabels() { @@ -1044,7 +1016,8 @@ func addMcs(processLabel, fileLabel string) (string, string) { // securityCheckContext validates that the SELinux label is understood by the kernel func securityCheckContext(val string) error { - return ioutil.WriteFile(path.Join(getSelinuxMountPoint(), "context"), []byte(val), 0o644) + //nolint:gosec // ignore G306: permissions to be 0600 or less. + return os.WriteFile(filepath.Join(getSelinuxMountPoint(), "context"), []byte(val), 0o644) } // copyLevel returns a label with the MLS/MCS level from src label replaced on @@ -1073,7 +1046,7 @@ func copyLevel(src, dest string) (string, error) { return tcon.Get(), nil } -// chcon changes the fpath file object to the SELinux label label. +// chcon changes the fpath file object to the SELinux label. // If fpath is a directory and recurse is true, then chcon walks the // directory tree setting the label. func chcon(fpath string, label string, recurse bool) error { @@ -1084,7 +1057,7 @@ func chcon(fpath string, label string, recurse bool) error { return nil } - exclude_paths := map[string]bool{ + excludePaths := map[string]bool{ "/": true, "/bin": true, "/boot": true, @@ -1112,19 +1085,19 @@ func chcon(fpath string, label string, recurse bool) error { } if home := os.Getenv("HOME"); home != "" { - exclude_paths[home] = true + excludePaths[home] = true } if sudoUser := os.Getenv("SUDO_USER"); sudoUser != "" { if usr, err := user.Lookup(sudoUser); err == nil { - exclude_paths[usr.HomeDir] = true + excludePaths[usr.HomeDir] = true } } if fpath != "/" { fpath = strings.TrimSuffix(fpath, "/") } - if exclude_paths[fpath] { + if excludePaths[fpath] { return fmt.Errorf("SELinux relabeling of %s is not allowed", fpath) } @@ -1152,6 +1125,28 @@ func chcon(fpath string, label string, recurse bool) error { return rchcon(fpath, label) } +func rchcon(fpath, label string) error { //revive:disable:cognitive-complexity + fastMode := false + // If the current label matches the new label, assume + // other labels are correct. + if cLabel, err := lFileLabel(fpath); err == nil && cLabel == label { + fastMode = true + } + return pwalkdir.Walk(fpath, func(p string, _ fs.DirEntry, _ error) error { + if fastMode { + if cLabel, err := lFileLabel(fpath); err == nil && cLabel == label { + return nil + } + } + err := lSetFileLabel(p, label) + // Walk a file tree can race with removal, so ignore ENOENT. + if errors.Is(err, os.ErrNotExist) { + return nil + } + return err + }) +} + // dupSecOpt takes an SELinux process label and returns security options that // can be used to set the SELinux Type and Level for future container processes. func dupSecOpt(src string) ([]string, error) { @@ -1180,12 +1175,6 @@ func dupSecOpt(src string) ([]string, error) { return dup, nil } -// disableSecOpt returns a security opt that can be used to disable SELinux -// labeling support for future container processes. -func disableSecOpt() []string { - return []string{"disable"} -} - // findUserInContext scans the reader for a valid SELinux context // match that is verified with the verifier. Invalid contexts are // skipped. It returns a matched context or an empty string if no diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go index 20d88803121..bc3fd3b3701 100644 --- a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go +++ b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go @@ -3,9 +3,20 @@ package selinux -func setDisabled() { +func attrPath(string) string { + return "" +} + +func readCon(fpath string) (string, error) { + return "", nil +} + +func writeCon(string, string) error { + return nil } +func setDisabled() {} + func getEnabled() bool { return false } @@ -62,22 +73,6 @@ func calculateGlbLub(sourceRange, targetRange string) (string, error) { return "", nil } -func setExecLabel(label string) error { - return nil -} - -func setTaskLabel(label string) error { - return nil -} - -func setSocketLabel(label string) error { - return nil -} - -func socketLabel() (string, error) { - return "", nil -} - func peerLabel(fd uintptr) (string, error) { return "", nil } @@ -86,17 +81,12 @@ func setKeyLabel(label string) error { return nil } -func keyLabel() (string, error) { - return "", nil -} - func (c Context) get() string { return "" } func newContext(label string) (Context, error) { - c := make(Context) - return c, nil + return Context{}, nil } func clearLabels() { @@ -105,6 +95,10 @@ func clearLabels() { func reserveLabel(label string) { } +func isMLSEnabled() bool { + return false +} + func enforceMode() int { return Disabled } @@ -152,10 +146,6 @@ func dupSecOpt(src string) ([]string, error) { return nil, nil } -func disableSecOpt() []string { - return []string{"disable"} -} - func getDefaultContextWithLevel(user, level, scon string) (string, error) { return "", nil } diff --git a/vendor/github.com/opencontainers/selinux/pkg/pwalk/README.md b/vendor/github.com/opencontainers/selinux/pkg/pwalk/README.md deleted file mode 100644 index 7e78dce0156..00000000000 --- a/vendor/github.com/opencontainers/selinux/pkg/pwalk/README.md +++ /dev/null @@ -1,48 +0,0 @@ -## pwalk: parallel implementation of filepath.Walk - -This is a wrapper for [filepath.Walk](https://pkg.go.dev/path/filepath?tab=doc#Walk) -which may speed it up by calling multiple callback functions (WalkFunc) in parallel, -utilizing goroutines. - -By default, it utilizes 2\*runtime.NumCPU() goroutines for callbacks. -This can be changed by using WalkN function which has the additional -parameter, specifying the number of goroutines (concurrency). - -### pwalk vs pwalkdir - -This package is deprecated in favor of -[pwalkdir](https://pkg.go.dev/github.com/opencontainers/selinux/pkg/pwalkdir), -which is faster, but requires at least Go 1.16. - -### Caveats - -Please note the following limitations of this code: - -* Unlike filepath.Walk, the order of calls is non-deterministic; - -* Only primitive error handling is supported: - - * filepath.SkipDir is not supported; - - * no errors are ever passed to WalkFunc; - - * once any error is returned from any WalkFunc instance, no more new calls - to WalkFunc are made, and the error is returned to the caller of Walk; - - * if more than one walkFunc instance will return an error, only one - of such errors will be propagated and returned by Walk, others - will be silently discarded. - -### Documentation - -For the official documentation, see -https://pkg.go.dev/github.com/opencontainers/selinux/pkg/pwalk?tab=doc - -### Benchmarks - -For a WalkFunc that consists solely of the return statement, this -implementation is about 10% slower than the standard library's -filepath.Walk. - -Otherwise (if a WalkFunc is doing something) this is usually faster, -except when the WalkN(..., 1) is used. diff --git a/vendor/github.com/opencontainers/selinux/pkg/pwalk/pwalk.go b/vendor/github.com/opencontainers/selinux/pkg/pwalk/pwalk.go deleted file mode 100644 index 202c80da59c..00000000000 --- a/vendor/github.com/opencontainers/selinux/pkg/pwalk/pwalk.go +++ /dev/null @@ -1,115 +0,0 @@ -package pwalk - -import ( - "fmt" - "os" - "path/filepath" - "runtime" - "sync" -) - -type WalkFunc = filepath.WalkFunc - -// Walk is a wrapper for filepath.Walk which can call multiple walkFn -// in parallel, allowing to handle each item concurrently. A maximum of -// twice the runtime.NumCPU() walkFn will be called at any one time. -// If you want to change the maximum, use WalkN instead. -// -// The order of calls is non-deterministic. -// -// Note that this implementation only supports primitive error handling: -// -// - no errors are ever passed to walkFn; -// -// - once a walkFn returns any error, all further processing stops -// and the error is returned to the caller of Walk; -// -// - filepath.SkipDir is not supported; -// -// - if more than one walkFn instance will return an error, only one -// of such errors will be propagated and returned by Walk, others -// will be silently discarded. -func Walk(root string, walkFn WalkFunc) error { - return WalkN(root, walkFn, runtime.NumCPU()*2) -} - -// WalkN is a wrapper for filepath.Walk which can call multiple walkFn -// in parallel, allowing to handle each item concurrently. A maximum of -// num walkFn will be called at any one time. -// -// Please see Walk documentation for caveats of using this function. -func WalkN(root string, walkFn WalkFunc, num int) error { - // make sure limit is sensible - if num < 1 { - return fmt.Errorf("walk(%q): num must be > 0", root) - } - - files := make(chan *walkArgs, 2*num) - errCh := make(chan error, 1) // get the first error, ignore others - - // Start walking a tree asap - var ( - err error - wg sync.WaitGroup - - rootLen = len(root) - rootEntry *walkArgs - ) - wg.Add(1) - go func() { - err = filepath.Walk(root, func(p string, info os.FileInfo, err error) error { - if err != nil { - close(files) - return err - } - if len(p) == rootLen { - // Root entry is processed separately below. - rootEntry = &walkArgs{path: p, info: &info} - return nil - } - // add a file to the queue unless a callback sent an error - select { - case e := <-errCh: - close(files) - return e - default: - files <- &walkArgs{path: p, info: &info} - return nil - } - }) - if err == nil { - close(files) - } - wg.Done() - }() - - wg.Add(num) - for i := 0; i < num; i++ { - go func() { - for file := range files { - if e := walkFn(file.path, *file.info, nil); e != nil { - select { - case errCh <- e: // sent ok - default: // buffer full - } - } - } - wg.Done() - }() - } - - wg.Wait() - - if err == nil { - err = walkFn(rootEntry.path, *rootEntry.info, nil) - } - - return err -} - -// walkArgs holds the arguments that were passed to the Walk or WalkN -// functions. -type walkArgs struct { - path string - info *os.FileInfo -} diff --git a/vendor/github.com/opencontainers/selinux/pkg/pwalkdir/pwalkdir.go b/vendor/github.com/opencontainers/selinux/pkg/pwalkdir/pwalkdir.go index a5796b2c4f1..0f5d9f580d1 100644 --- a/vendor/github.com/opencontainers/selinux/pkg/pwalkdir/pwalkdir.go +++ b/vendor/github.com/opencontainers/selinux/pkg/pwalkdir/pwalkdir.go @@ -111,6 +111,6 @@ func WalkN(root string, walkFn fs.WalkDirFunc, num int) error { // walkArgs holds the arguments that were passed to the Walk or WalkN // functions. type walkArgs struct { - path string entry fs.DirEntry + path string } diff --git a/vendor/modules.txt b/vendor/modules.txt index 2a0925a4932..840cb127638 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -39,11 +39,10 @@ github.com/mrunalp/fileutils # github.com/opencontainers/runtime-spec v1.0.3-0.20220909204839-494a5a6aca78 ## explicit github.com/opencontainers/runtime-spec/specs-go -# github.com/opencontainers/selinux v1.10.2 -## explicit; go 1.13 +# github.com/opencontainers/selinux v1.11.0 +## explicit; go 1.19 github.com/opencontainers/selinux/go-selinux github.com/opencontainers/selinux/go-selinux/label -github.com/opencontainers/selinux/pkg/pwalk github.com/opencontainers/selinux/pkg/pwalkdir # github.com/russross/blackfriday/v2 v2.1.0 ## explicit From fbfc6afe307228f0dabbf2fe80e66722f4866718 Mon Sep 17 00:00:00 2001 From: Alex Jia Date: Thu, 25 Aug 2022 22:26:37 +0800 Subject: [PATCH 0157/1176] tests: add tests for capabilities Signed-off-by: Alex Jia --- tests/integration/capabilities.bats | 55 +++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 tests/integration/capabilities.bats diff --git a/tests/integration/capabilities.bats b/tests/integration/capabilities.bats new file mode 100644 index 00000000000..968041223f7 --- /dev/null +++ b/tests/integration/capabilities.bats @@ -0,0 +1,55 @@ +#!/usr/bin/env bats + +load helpers + +function setup() { + setup_busybox + update_config '.process.args = ["/bin/cat", "/proc/self/status"]' +} + +function teardown() { + teardown_bundle +} + +@test "runc run no capability" { + runc run test_no_caps + [ "$status" -eq 0 ] + + [[ "${output}" == *"CapInh: 0000000000000000"* ]] + [[ "${output}" == *"CapAmb: 0000000000000000"* ]] + [[ "${output}" == *"NoNewPrivs: 1"* ]] +} + +@test "runc run with unknown capability" { + update_config '.process.capabilities.bounding = ["CAP_UNKNOWN", "UNKNOWN_CAP"]' + runc run test_unknown_caps + [ "$status" -eq 0 ] + + [[ "${output}" == *"CapInh: 0000000000000000"* ]] + [[ "${output}" == *"CapAmb: 0000000000000000"* ]] + [[ "${output}" == *"NoNewPrivs: 1"* ]] +} + +@test "runc run with new privileges" { + update_config '.process.noNewPrivileges = false' + runc run test_new_privileges + [ "$status" -eq 0 ] + + [[ "${output}" == *"CapInh: 0000000000000000"* ]] + [[ "${output}" == *"CapAmb: 0000000000000000"* ]] + [[ "${output}" == *"NoNewPrivs: 0"* ]] +} + +@test "runc run with some capabilities" { + update_config '.process.user = {"uid":0}' + update_config '.process.capabilities.bounding = ["CAP_SYS_ADMIN"]' + update_config '.process.capabilities.permitted = ["CAP_SYS_ADMIN", "CAP_AUDIT_WRITE", "CAP_KILL", "CAP_NET_BIND_SERVICE"]' + runc run test_some_caps + [ "$status" -eq 0 ] + + [[ "${output}" == *"CapInh: 0000000000000000"* ]] + [[ "${output}" == *"CapBnd: 0000000000200000"* ]] + [[ "${output}" == *"CapEff: 0000000000200000"* ]] + [[ "${output}" == *"CapPrm: 0000000000200000"* ]] + [[ "${output}" == *"NoNewPrivs: 1"* ]] +} From 787fcf09e7d954c00ec3571c062c64e23579d8c0 Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Wed, 1 Feb 2023 11:23:15 +0900 Subject: [PATCH 0158/1176] go.mod: github.com/opencontainers/runtime-spec v1.1.0-rc.1 Signed-off-by: Akihiro Suda --- go.mod | 2 +- go.sum | 4 ++-- .../opencontainers/runtime-spec/specs-go/config.go | 3 +++ .../opencontainers/runtime-spec/specs-go/version.go | 6 +++--- vendor/modules.txt | 2 +- 5 files changed, 10 insertions(+), 7 deletions(-) diff --git a/go.mod b/go.mod index dbe1343a020..c2299a880a0 100644 --- a/go.mod +++ b/go.mod @@ -12,7 +12,7 @@ require ( github.com/godbus/dbus/v5 v5.1.0 github.com/moby/sys/mountinfo v0.6.2 github.com/mrunalp/fileutils v0.5.0 - github.com/opencontainers/runtime-spec v1.0.3-0.20220909204839-494a5a6aca78 + github.com/opencontainers/runtime-spec v1.1.0-rc.1 github.com/opencontainers/selinux v1.11.0 github.com/seccomp/libseccomp-golang v0.10.0 github.com/sirupsen/logrus v1.9.0 diff --git a/go.sum b/go.sum index 01ea223658b..c31c339da4c 100644 --- a/go.sum +++ b/go.sum @@ -31,8 +31,8 @@ github.com/moby/sys/mountinfo v0.6.2 h1:BzJjoreD5BMFNmD9Rus6gdd1pLuecOFPt8wC+Vyg github.com/moby/sys/mountinfo v0.6.2/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI= github.com/mrunalp/fileutils v0.5.0 h1:NKzVxiH7eSk+OQ4M+ZYW1K6h27RUV3MI6NUTsHhU6Z4= github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ= -github.com/opencontainers/runtime-spec v1.0.3-0.20220909204839-494a5a6aca78 h1:R5M2qXZiK/mWPMT4VldCOiSL9HIAMuxQZWdG0CSM5+4= -github.com/opencontainers/runtime-spec v1.0.3-0.20220909204839-494a5a6aca78/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= +github.com/opencontainers/runtime-spec v1.1.0-rc.1 h1:wHa9jroFfKGQqFHj0I1fMRKLl0pfj+ynAqBxo3v6u9w= +github.com/opencontainers/runtime-spec v1.1.0-rc.1/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/selinux v1.11.0 h1:+5Zbo97w3Lbmb3PeqQtpmTkMwsW5nRI3YaLpt7tQ7oU= github.com/opencontainers/selinux v1.11.0/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M586T4DlDRYpFkyec= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= diff --git a/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go b/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go index 068edd052c1..5b4f691c70b 100644 --- a/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go +++ b/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go @@ -331,6 +331,9 @@ type LinuxCPU struct { Shares *uint64 `json:"shares,omitempty"` // CPU hardcap limit (in usecs). Allowed cpu time in a given period. Quota *int64 `json:"quota,omitempty"` + // CPU hardcap burst limit (in usecs). Allowed accumulated cpu time additionally for burst in a + // given period. + Burst *uint64 `json:"burst,omitempty"` // CPU period to be used for hardcapping (in usecs). Period *uint64 `json:"period,omitempty"` // How much time realtime scheduling may use (in usecs). diff --git a/vendor/github.com/opencontainers/runtime-spec/specs-go/version.go b/vendor/github.com/opencontainers/runtime-spec/specs-go/version.go index 596af0c2fdb..8ae4227b9ba 100644 --- a/vendor/github.com/opencontainers/runtime-spec/specs-go/version.go +++ b/vendor/github.com/opencontainers/runtime-spec/specs-go/version.go @@ -6,12 +6,12 @@ const ( // VersionMajor is for an API incompatible changes VersionMajor = 1 // VersionMinor is for functionality in a backwards-compatible manner - VersionMinor = 0 + VersionMinor = 1 // VersionPatch is for backwards-compatible bug fixes - VersionPatch = 2 + VersionPatch = 0 // VersionDev indicates development branch. Releases will be empty string. - VersionDev = "-dev" + VersionDev = "-rc.1" ) // Version is the specification version that the package types support. diff --git a/vendor/modules.txt b/vendor/modules.txt index df8cc688164..a4173bdffab 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -36,7 +36,7 @@ github.com/moby/sys/mountinfo # github.com/mrunalp/fileutils v0.5.0 ## explicit; go 1.13 github.com/mrunalp/fileutils -# github.com/opencontainers/runtime-spec v1.0.3-0.20220909204839-494a5a6aca78 +# github.com/opencontainers/runtime-spec v1.1.0-rc.1 ## explicit github.com/opencontainers/runtime-spec/specs-go # github.com/opencontainers/selinux v1.11.0 From e412b4e88cb28f6432bb6e7abcdd2fd6f02f108a Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Wed, 1 Feb 2023 11:43:13 +0900 Subject: [PATCH 0159/1176] docs: add docs/spec-conformance.md Signed-off-by: Akihiro Suda --- README.md | 1 + docs/spec-conformance.md | 17 +++++++++++++++++ 2 files changed, 18 insertions(+) create mode 100644 docs/spec-conformance.md diff --git a/README.md b/README.md index 181f1dd2b91..08ab46ecfd6 100644 --- a/README.md +++ b/README.md @@ -298,6 +298,7 @@ WantedBy=multi-user.target ## More documentation +* [Spec conformance](./docs/spec-conformance.md) * [cgroup v2](./docs/cgroup-v2.md) * [Checkpoint and restore](./docs/checkpoint-restore.md) * [systemd cgroup driver](./docs/systemd.md) diff --git a/docs/spec-conformance.md b/docs/spec-conformance.md new file mode 100644 index 00000000000..4f9d228aafe --- /dev/null +++ b/docs/spec-conformance.md @@ -0,0 +1,17 @@ +# Spec conformance + +This branch of runc implements the [OCI Runtime Spec v1.1.0-rc.1](https://github.com/opencontainers/runtime-spec/tree/v1.1.0-rc.1) +for the `linux` platform. + +The following features are not implemented yet: + +Spec version | Feature | PR +-------------|------------------------------------------|---------------------------------------------------------- +v1.0.0 | `SCMP_ARCH_PARISC` | Unplanned, due to lack of users +v1.0.0 | `SCMP_ARCH_PARISC64` | Unplanned, due to lack of users +v1.0.2 | `.linux.personality` | [#3126](https://github.com/opencontainers/runc/pull/3126) +v1.1.0-rc.1 | `.linux.resources.cpu.burst` | [#3205](https://github.com/opencontainers/runc/pull/3205) +v1.1.0-rc.1 | `.domainname` | [#3600](https://github.com/opencontainers/runc/pull/3600) +v1.1.0-rc.1 | `.[]mounts.uidMappings` | [#3717](https://github.com/opencontainers/runc/pull/3717) +v1.1.0-rc.1 | `.[]mounts.gidMappings` | [#3717](https://github.com/opencontainers/runc/pull/3717) +v1.1.0-rc.1 | `SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV` | TODO From 2ca3d230e281353714e1343c69e233fb4d583949 Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Thu, 9 Feb 2023 12:02:54 +0100 Subject: [PATCH 0160/1176] nsexec: Add debug logs to send mount sources I was adding it to new code I was writing, and for completeness I added to this case too. Signed-off-by: Rodrigo Campos --- libcontainer/nsenter/nsexec.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libcontainer/nsenter/nsexec.c b/libcontainer/nsenter/nsexec.c index b12f2355c7a..441cd0dc801 100644 --- a/libcontainer/nsenter/nsexec.c +++ b/libcontainer/nsenter/nsexec.c @@ -812,6 +812,7 @@ void send_mountsources(int sockfd, pid_t child, char *mountsources, size_t mount if (fd < 0) bail("failed to open mount source %s", mountsources); + write_log(DEBUG, "~> sending fd for: %s", mountsources); send_fd(sockfd, fd); ret = close(fd); @@ -1065,6 +1066,7 @@ void nsexec(void) } break; case SYNC_MOUNTSOURCES_PLS: + write_log(DEBUG, "stage-1 requested to open mount sources"); send_mountsources(syncfd, stage1_pid, config.mountsources, config.mountsources_len); @@ -1230,6 +1232,7 @@ void nsexec(void) /* Ask our parent to send the mount sources fds. */ if (config.mountsources) { + write_log(DEBUG, "request stage-0 to send mount sources"); s = SYNC_MOUNTSOURCES_PLS; if (write(syncfd, &s, sizeof(s)) != sizeof(s)) { sane_kill(stage2_pid, SIGKILL); From 4d0a60ca7f47e06815f5ba6a44a217ec13ffdbdb Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Fri, 10 Feb 2023 13:06:04 +0100 Subject: [PATCH 0161/1176] tests: Fix weird error on centos-9 centos-9 unit test sometimes fails with: === RUN TestPodSkipDevicesUpdate systemd_test.go:114: container stderr not empty: basename: missing operand Try 'basename --help' for more information. --- FAIL: TestPodSkipDevicesUpdate (0.11s) I'm not sure why the container output is an error in basename. It seems likely that the bashrc in that distro is kind of broken. Let's just run a sleep command and forget about bash. Signed-off-by: Rodrigo Campos --- libcontainer/cgroups/devices/systemd_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libcontainer/cgroups/devices/systemd_test.go b/libcontainer/cgroups/devices/systemd_test.go index e20b57c5d40..09fe814e99e 100644 --- a/libcontainer/cgroups/devices/systemd_test.go +++ b/libcontainer/cgroups/devices/systemd_test.go @@ -66,7 +66,7 @@ func TestPodSkipDevicesUpdate(t *testing.T) { // Create a "container" within the "pod" cgroup. // This is not a real container, just a process in the cgroup. - cmd := exec.Command("bash", "-c", "while true; do echo > /dev/null; done") + cmd := exec.Command("sleep", "infinity") cmd.Env = append(os.Environ(), "LANG=C") var stderr bytes.Buffer cmd.Stderr = &stderr From 2adeb6f9525d2444277c10a14e613b9ee536d291 Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Mon, 6 Feb 2023 16:43:40 +0100 Subject: [PATCH 0162/1176] nsexec: Remove bogus kill to stage_2_pid stage_2_pid is not yet assigned, so this kills the PID -1, but as the sane_kill() wrapper is just a nop in that case. Just remove these calls to kill stage_2_pid before it is cloned/assigned. I've checked by executing the error paths that no binary is left by mistake. Signed-off-by: Rodrigo Campos --- libcontainer/nsenter/nsexec.c | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/libcontainer/nsenter/nsexec.c b/libcontainer/nsenter/nsexec.c index b12f2355c7a..829dcc86343 100644 --- a/libcontainer/nsenter/nsexec.c +++ b/libcontainer/nsenter/nsexec.c @@ -1034,7 +1034,6 @@ void nsexec(void) /* Get the stage-2 pid. */ if (read(syncfd, &stage2_pid, sizeof(stage2_pid)) != sizeof(stage2_pid)) { sane_kill(stage1_pid, SIGKILL); - sane_kill(stage2_pid, SIGKILL); bail("failed to sync with stage-1: read(stage2_pid)"); } @@ -1231,23 +1230,17 @@ void nsexec(void) /* Ask our parent to send the mount sources fds. */ if (config.mountsources) { s = SYNC_MOUNTSOURCES_PLS; - if (write(syncfd, &s, sizeof(s)) != sizeof(s)) { - sane_kill(stage2_pid, SIGKILL); + if (write(syncfd, &s, sizeof(s)) != sizeof(s)) bail("failed to sync with parent: write(SYNC_MOUNTSOURCES_PLS)"); - } /* Receive and install all mount sources fds. */ receive_mountsources(syncfd); /* Parent finished to send the mount sources fds. */ - if (read(syncfd, &s, sizeof(s)) != sizeof(s)) { - sane_kill(stage2_pid, SIGKILL); + if (read(syncfd, &s, sizeof(s)) != sizeof(s)) bail("failed to sync with parent: read(SYNC_MOUNTSOURCES_ACK)"); - } - if (s != SYNC_MOUNTSOURCES_ACK) { - sane_kill(stage2_pid, SIGKILL); + if (s != SYNC_MOUNTSOURCES_ACK) bail("failed to sync with parent: SYNC_MOUNTSOURCES_ACK: got %u", s); - } } /* From 92a4ccb84ebfe239e1a62a147ac3c36c72b703ae Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Fri, 10 Feb 2023 15:36:54 +0900 Subject: [PATCH 0163/1176] specconv: avoid mapping "acl" to MS_POSIXACL From https://github.com/torvalds/linux/commit/caaef1ba8c9ee7a54b53dd8bf4bb7e8658185583 : > In fact SB_POSIXACL is an internal flag, and accepting MS_POSIXACL on > the mount(2) interface is possibly a bug. Fix issue 3738 Signed-off-by: Akihiro Suda --- libcontainer/specconv/spec_linux.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go index 5d57cdd02cb..345c467d0b1 100644 --- a/libcontainer/specconv/spec_linux.go +++ b/libcontainer/specconv/spec_linux.go @@ -66,7 +66,7 @@ func initMaps() { clear bool flag int }{ - "acl": {false, unix.MS_POSIXACL}, + // "acl" cannot be mapped to MS_POSIXACL: https://github.com/opencontainers/runc/issues/3738 "async": {true, unix.MS_SYNCHRONOUS}, "atime": {true, unix.MS_NOATIME}, "bind": {false, unix.MS_BIND}, @@ -79,7 +79,6 @@ func initMaps() { "lazytime": {false, unix.MS_LAZYTIME}, "loud": {true, unix.MS_SILENT}, "mand": {false, unix.MS_MANDLOCK}, - "noacl": {true, unix.MS_POSIXACL}, "noatime": {false, unix.MS_NOATIME}, "nodev": {false, unix.MS_NODEV}, "nodiratime": {false, unix.MS_NODIRATIME}, From 2e44a2028077685cde67d7988f95ce66110be5ae Mon Sep 17 00:00:00 2001 From: CrazyMax Date: Tue, 14 Feb 2023 21:27:26 +0100 Subject: [PATCH 0164/1176] Makefile: fix typo in LDFLAGS_STATIC Signed-off-by: CrazyMax --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 38849921854..8181e7bc0d1 100644 --- a/Makefile +++ b/Makefile @@ -36,7 +36,7 @@ LDFLAGS_STATIC := -extldflags -static ifneq (,$(filter $(GOARCH),arm64 amd64)) ifeq (,$(findstring -race,$(EXTRA_FLAGS))) GO_BUILDMODE_STATIC := -buildmode=pie - LDFLAGS_STATIC := -linkmode external -extldflags --static-pie + LDFLAGS_STATIC := -linkmode external -extldflags -static-pie endif endif # Enable static PIE binaries on supported platforms. From b3b0bde69b68c484086b46747710e2db8b8c99f2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 15 Feb 2023 04:59:08 +0000 Subject: [PATCH 0165/1176] build(deps): bump golang.org/x/net from 0.6.0 to 0.7.0 Bumps [golang.org/x/net](https://github.com/golang/net) from 0.6.0 to 0.7.0. - [Release notes](https://github.com/golang/net/releases) - [Commits](https://github.com/golang/net/compare/v0.6.0...v0.7.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- vendor/modules.txt | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index dbe1343a020..8481e44e093 100644 --- a/go.mod +++ b/go.mod @@ -19,7 +19,7 @@ require ( github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 github.com/urfave/cli v1.22.9 github.com/vishvananda/netlink v1.1.0 - golang.org/x/net v0.6.0 + golang.org/x/net v0.7.0 golang.org/x/sys v0.5.0 google.golang.org/protobuf v1.28.1 ) diff --git a/go.sum b/go.sum index 01ea223658b..90c6196ae92 100644 --- a/go.sum +++ b/go.sum @@ -59,8 +59,8 @@ github.com/vishvananda/netlink v1.1.0 h1:1iyaYNBLmP6L0220aDnYQpo1QEV4t4hJ+xEEhhJ github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE= github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df h1:OviZH7qLw/7ZovXvuNyL3XQl8UFofeikI1NW1Gypu7k= github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU= -golang.org/x/net v0.6.0 h1:L4ZwwTvKW9gr0ZMS1yrHD9GZhIuVjOBBnaKH+SPQK0Q= -golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g= +golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= diff --git a/vendor/modules.txt b/vendor/modules.txt index df8cc688164..e3daf796f52 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -67,7 +67,7 @@ github.com/vishvananda/netlink/nl # github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df ## explicit; go 1.12 github.com/vishvananda/netns -# golang.org/x/net v0.6.0 +# golang.org/x/net v0.7.0 ## explicit; go 1.17 golang.org/x/net/bpf # golang.org/x/sys v0.5.0 From 97ea1255ed552525619a9aac2faf4f316923bcde Mon Sep 17 00:00:00 2001 From: Andrey Tsygunka Date: Tue, 7 Feb 2023 10:29:23 +0300 Subject: [PATCH 0166/1176] Fix runc crushes when parsing invalid JSON Signed-off-by: Andrey Tsygunka --- spec.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/spec.go b/spec.go index 806d2f15f86..d03d644e28e 100644 --- a/spec.go +++ b/spec.go @@ -2,6 +2,7 @@ package main import ( "encoding/json" + "errors" "fmt" "os" @@ -126,6 +127,9 @@ func loadSpec(cPath string) (spec *specs.Spec, err error) { if err = json.NewDecoder(cf).Decode(&spec); err != nil { return nil, err } + if spec == nil { + return nil, errors.New("config cannot be null") + } return spec, validateProcessSpec(spec.Process) } From 7c75e84e22239a54d96eb2f32d218ccfea38ee87 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 9 Feb 2023 18:45:24 -0800 Subject: [PATCH 0167/1176] libc/int: add/use runContainerOk wrapper This is to de-duplicate the code that checks that err is nil and that the exit code is zero. Signed-off-by: Kir Kolyshkin --- libcontainer/integration/exec_test.go | 101 ++++------------------- libcontainer/integration/seccomp_test.go | 16 +--- libcontainer/integration/utils_test.go | 16 ++++ 3 files changed, 35 insertions(+), 98 deletions(-) diff --git a/libcontainer/integration/exec_test.go b/libcontainer/integration/exec_test.go index cb5c1b70f32..b35457951b4 100644 --- a/libcontainer/integration/exec_test.go +++ b/libcontainer/integration/exec_test.go @@ -40,13 +40,7 @@ func testExecPS(t *testing.T, userns bool) { } config := newTemplateConfig(t, &tParam{userns: userns}) - buffers, exitCode, err := runContainer(t, config, "ps", "-o", "pid,user,comm") - if err != nil { - t.Fatalf("%s: %s", buffers, err) - } - if exitCode != 0 { - t.Fatalf("exit code not 0. code %d stderr %q", exitCode, buffers.Stderr) - } + buffers := runContainerOk(t, config, "ps", "-o", "pid,user,comm") lines := strings.Split(buffers.Stdout.String(), "\n") if len(lines) < 2 { t.Fatalf("more than one process running for output %q", buffers.Stdout.String()) @@ -67,12 +61,7 @@ func TestIPCPrivate(t *testing.T) { ok(t, err) config := newTemplateConfig(t, nil) - buffers, exitCode, err := runContainer(t, config, "readlink", "/proc/self/ns/ipc") - ok(t, err) - - if exitCode != 0 { - t.Fatalf("exit code not 0. code %d stderr %q", exitCode, buffers.Stderr) - } + buffers := runContainerOk(t, config, "readlink", "/proc/self/ns/ipc") if actual := strings.Trim(buffers.Stdout.String(), "\n"); actual == l { t.Fatalf("ipc link should be private to the container but equals host %q %q", actual, l) @@ -89,12 +78,7 @@ func TestIPCHost(t *testing.T) { config := newTemplateConfig(t, nil) config.Namespaces.Remove(configs.NEWIPC) - buffers, exitCode, err := runContainer(t, config, "readlink", "/proc/self/ns/ipc") - ok(t, err) - - if exitCode != 0 { - t.Fatalf("exit code not 0. code %d stderr %q", exitCode, buffers.Stderr) - } + buffers := runContainerOk(t, config, "readlink", "/proc/self/ns/ipc") if actual := strings.Trim(buffers.Stdout.String(), "\n"); actual != l { t.Fatalf("ipc link not equal to host link %q %q", actual, l) @@ -111,13 +95,7 @@ func TestIPCJoinPath(t *testing.T) { config := newTemplateConfig(t, nil) config.Namespaces.Add(configs.NEWIPC, "/proc/1/ns/ipc") - - buffers, exitCode, err := runContainer(t, config, "readlink", "/proc/self/ns/ipc") - ok(t, err) - - if exitCode != 0 { - t.Fatalf("exit code not 0. code %d stderr %q", exitCode, buffers.Stderr) - } + buffers := runContainerOk(t, config, "readlink", "/proc/self/ns/ipc") if actual := strings.Trim(buffers.Stdout.String(), "\n"); actual != l { t.Fatalf("ipc link not equal to host link %q %q", actual, l) @@ -163,8 +141,7 @@ func testRlimit(t *testing.T, userns bool) { Cur: 1024, })) - out, _, err := runContainer(t, config, "/bin/sh", "-c", "ulimit -n") - ok(t, err) + out := runContainerOk(t, config, "/bin/sh", "-c", "ulimit -n") if limit := strings.TrimSpace(out.Stdout.String()); limit != "1025" { t.Fatalf("expected rlimit to be 1025, got %s", limit) } @@ -560,27 +537,17 @@ func testPids(t *testing.T, systemd bool) { config := newTemplateConfig(t, &tParam{systemd: systemd}) config.Cgroups.Resources.PidsLimit = -1 - // Running multiple processes. - _, ret, err := runContainer(t, config, "/bin/sh", "-c", "/bin/true | /bin/true | /bin/true | /bin/true") - ok(t, err) - - if ret != 0 { - t.Fatalf("expected fork() to succeed with no pids limit") - } + // Running multiple processes, expecting it to succeed with no pids limit. + _ = runContainerOk(t, config, "/bin/sh", "-c", "/bin/true | /bin/true | /bin/true | /bin/true") // Enforce a permissive limit. This needs to be fairly hand-wavey due to the // issues with running Go binaries with pids restrictions (see below). config.Cgroups.Resources.PidsLimit = 64 - _, ret, err = runContainer(t, config, "/bin/sh", "-c", ` + _ = runContainerOk(t, config, "/bin/sh", "-c", ` /bin/true | /bin/true | /bin/true | /bin/true | /bin/true | /bin/true | bin/true | /bin/true | /bin/true | /bin/true | /bin/true | /bin/true | /bin/true | /bin/true | bin/true | /bin/true | /bin/true | /bin/true | /bin/true | /bin/true | /bin/true | /bin/true | bin/true | /bin/true | /bin/true | /bin/true | /bin/true | /bin/true | /bin/true | /bin/true | bin/true | /bin/true`) - ok(t, err) - - if ret != 0 { - t.Fatalf("expected fork() to succeed with permissive pids limit") - } // Enforce a restrictive limit. 64 * /bin/true + 1 * shell should cause this // to fail reliability. @@ -884,13 +851,8 @@ func TestMountCgroupRO(t *testing.T) { return } config := newTemplateConfig(t, nil) - buffers, exitCode, err := runContainer(t, config, "mount") - if err != nil { - t.Fatalf("%s: %s", buffers, err) - } - if exitCode != 0 { - t.Fatalf("exit code not 0. code %d stderr %q", exitCode, buffers.Stderr) - } + buffers := runContainerOk(t, config, "mount") + mountInfo := buffers.Stdout.String() lines := strings.Split(mountInfo, "\n") for _, l := range lines { @@ -931,13 +893,8 @@ func TestMountCgroupRW(t *testing.T) { } } - buffers, exitCode, err := runContainer(t, config, "mount") - if err != nil { - t.Fatalf("%s: %s", buffers, err) - } - if exitCode != 0 { - t.Fatalf("exit code not 0. code %d stderr %q", exitCode, buffers.Stderr) - } + buffers := runContainerOk(t, config, "mount") + mountInfo := buffers.Stdout.String() lines := strings.Split(mountInfo, "\n") for _, l := range lines { @@ -1148,11 +1105,7 @@ func TestSTDIOPermissions(t *testing.T) { } config := newTemplateConfig(t, nil) - buffers, exitCode, err := runContainer(t, config, "sh", "-c", "echo hi > /dev/stderr") - ok(t, err) - if exitCode != 0 { - t.Fatalf("exit code not 0. code %d stderr %q", exitCode, buffers.Stderr) - } + buffers := runContainerOk(t, config, "sh", "-c", "echo hi > /dev/stderr") if actual := strings.Trim(buffers.Stderr.String(), "\n"); actual != "hi" { t.Fatalf("stderr should equal be equal %q %q", actual, "hi") @@ -1395,12 +1348,7 @@ func TestPIDHost(t *testing.T) { config := newTemplateConfig(t, nil) config.Namespaces.Remove(configs.NEWPID) - buffers, exitCode, err := runContainer(t, config, "readlink", "/proc/self/ns/pid") - ok(t, err) - - if exitCode != 0 { - t.Fatalf("exit code not 0. code %d stderr %q", exitCode, buffers.Stderr) - } + buffers := runContainerOk(t, config, "readlink", "/proc/self/ns/pid") if actual := strings.Trim(buffers.Stdout.String(), "\n"); actual != l { t.Fatalf("ipc link not equal to host link %q %q", actual, l) @@ -1689,12 +1637,7 @@ func TestCGROUPPrivate(t *testing.T) { config := newTemplateConfig(t, nil) config.Namespaces.Add(configs.NEWCGROUP, "") - buffers, exitCode, err := runContainer(t, config, "readlink", "/proc/self/ns/cgroup") - ok(t, err) - - if exitCode != 0 { - t.Fatalf("exit code not 0. code %d stderr %q", exitCode, buffers.Stderr) - } + buffers := runContainerOk(t, config, "readlink", "/proc/self/ns/cgroup") if actual := strings.Trim(buffers.Stdout.String(), "\n"); actual == l { t.Fatalf("cgroup link should be private to the container but equals host %q %q", actual, l) @@ -1713,12 +1656,7 @@ func TestCGROUPHost(t *testing.T) { ok(t, err) config := newTemplateConfig(t, nil) - buffers, exitCode, err := runContainer(t, config, "readlink", "/proc/self/ns/cgroup") - ok(t, err) - - if exitCode != 0 { - t.Fatalf("exit code not 0. code %d stderr %q", exitCode, buffers.Stderr) - } + buffers := runContainerOk(t, config, "readlink", "/proc/self/ns/cgroup") if actual := strings.Trim(buffers.Stdout.String(), "\n"); actual != l { t.Fatalf("cgroup link not equal to host link %q %q", actual, l) @@ -1750,12 +1688,7 @@ func testFdLeaks(t *testing.T, systemd bool) { ok(t, err) config := newTemplateConfig(t, &tParam{systemd: systemd}) - buffers, exitCode, err := runContainer(t, config, "true") - ok(t, err) - - if exitCode != 0 { - t.Fatalf("exit code not 0. code %d stderr %q", exitCode, buffers.Stderr) - } + _ = runContainerOk(t, config, "true") fds1, err := pfd.Readdirnames(0) ok(t, err) diff --git a/libcontainer/integration/seccomp_test.go b/libcontainer/integration/seccomp_test.go index a7eeefb1bc4..31092a0a5d2 100644 --- a/libcontainer/integration/seccomp_test.go +++ b/libcontainer/integration/seccomp_test.go @@ -282,13 +282,7 @@ func TestSeccompPermitWriteMultipleConditions(t *testing.T) { }, } - buffers, exitCode, err := runContainer(t, config, "ls", "/") - if err != nil { - t.Fatalf("%s: %s", buffers, err) - } - if exitCode != 0 { - t.Fatalf("exit code not 0. code %d buffers %s", exitCode, buffers) - } + buffers := runContainerOk(t, config, "ls", "/") // We don't need to verify the actual thing printed // Just that something was written to stdout if len(buffers.Stdout.String()) == 0 { @@ -375,13 +369,7 @@ func TestSeccompMultipleConditionSameArgDeniesStdout(t *testing.T) { }, } - buffers, exitCode, err := runContainer(t, config, "ls", "/") - if err != nil { - t.Fatalf("%s: %s", buffers, err) - } - if exitCode != 0 { - t.Fatalf("exit code not 0. code %d buffers %s", exitCode, buffers) - } + buffers := runContainerOk(t, config, "ls", "/") // Verify that nothing was printed if len(buffers.Stdout.String()) != 0 { t.Fatalf("Something was written to stdout, write call succeeded!\n") diff --git a/libcontainer/integration/utils_test.go b/libcontainer/integration/utils_test.go index 3bacf93d0ef..780288ad02b 100644 --- a/libcontainer/integration/utils_test.go +++ b/libcontainer/integration/utils_test.go @@ -212,6 +212,22 @@ func runContainer(t *testing.T, config *configs.Config, args ...string) (buffers return } +// runContainerOk is a wrapper for runContainer, simplifying its use for cases +// when the run is expected to succeed and return exit code of 0. +func runContainerOk(t *testing.T, config *configs.Config, args ...string) *stdBuffers { + buffers, exitCode, err := runContainer(t, config, args...) + + t.Helper() + if err != nil { + t.Fatalf("%s: %s", buffers, err) + } + if exitCode != 0 { + t.Fatalf("exit code not 0. code %d stderr %q", exitCode, buffers.Stderr) + } + + return buffers +} + func destroyContainer(container *libcontainer.Container) { _ = container.Destroy() } From be7e03940fc2e25466bc2724789f06f1150cf0fc Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 9 Feb 2023 18:50:15 -0800 Subject: [PATCH 0168/1176] libct/int: wording nits Signed-off-by: Kir Kolyshkin --- libcontainer/integration/exec_test.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libcontainer/integration/exec_test.go b/libcontainer/integration/exec_test.go index b35457951b4..dd12267cef1 100644 --- a/libcontainer/integration/exec_test.go +++ b/libcontainer/integration/exec_test.go @@ -514,7 +514,7 @@ func testCpuShares(t *testing.T, systemd bool) { config.Cgroups.Resources.CpuShares = 1 if _, _, err := runContainer(t, config, "ps"); err == nil { - t.Fatalf("runContainer should failed with invalid CpuShares") + t.Fatal("runContainer should fail with invalid CpuShares") } } @@ -549,8 +549,8 @@ func testPids(t *testing.T, systemd bool) { /bin/true | /bin/true | /bin/true | /bin/true | /bin/true | /bin/true | bin/true | /bin/true | /bin/true | /bin/true | /bin/true | /bin/true | /bin/true | /bin/true | bin/true | /bin/true`) - // Enforce a restrictive limit. 64 * /bin/true + 1 * shell should cause this - // to fail reliability. + // Enforce a restrictive limit. 64 * /bin/true + 1 * shell should cause + // this to fail reliably. config.Cgroups.Resources.PidsLimit = 64 out, _, err := runContainer(t, config, "/bin/sh", "-c", ` /bin/true | /bin/true | /bin/true | /bin/true | /bin/true | /bin/true | bin/true | /bin/true | From f2e71b085d923b978f4dd9ee78ed3d5f63035795 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 9 Feb 2023 19:00:00 -0800 Subject: [PATCH 0169/1176] libct/int: make TestFdLeaks more robust The purpose of this test is to check that there are no extra file descriptors left open after repeated calls to runContainer. In fact, the first call to runContainer leaves a few file descriptors opened, and this is by design. Previously, this test relied on two things: 1. some other tests were run before it (and thus all such opened-once file descriptors are already opened); 2. explicitly excluding fd opened to /sys/fs/cgroup. Now, if we run this test separately, it will fail (because of 1 above). The same may happen if the tests are run in a random order. To fix this, add a container run before collection the initial fd list, so those fds that are opened once are included and won't be reported. Signed-off-by: Kir Kolyshkin --- libcontainer/integration/exec_test.go | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/libcontainer/integration/exec_test.go b/libcontainer/integration/exec_test.go index dd12267cef1..530faf1aeaa 100644 --- a/libcontainer/integration/exec_test.go +++ b/libcontainer/integration/exec_test.go @@ -1679,6 +1679,16 @@ func testFdLeaks(t *testing.T, systemd bool) { return } + config := newTemplateConfig(t, &tParam{systemd: systemd}) + // Run a container once to exclude file descriptors that are only + // opened once during the process lifetime by the library and are + // never closed. Those are not considered leaks. + // + // Examples of this open-once file descriptors are: + // - /sys/fs/cgroup dirfd opened by prepareOpenat2 in libct/cgroups; + // - dbus connection opened by getConnection in libct/cgroups/systemd. + _ = runContainerOk(t, config, "true") + pfd, err := os.Open("/proc/self/fd") ok(t, err) defer pfd.Close() @@ -1687,7 +1697,6 @@ func testFdLeaks(t *testing.T, systemd bool) { _, err = pfd.Seek(0, 0) ok(t, err) - config := newTemplateConfig(t, &tParam{systemd: systemd}) _ = runContainerOk(t, config, "true") fds1, err := pfd.Readdirnames(0) @@ -1699,7 +1708,6 @@ func testFdLeaks(t *testing.T, systemd bool) { // Show the extra opened files. excludedPaths := []string{ - "/sys/fs/cgroup", // opened once, see prepareOpenat2 "anon_inode:bpf-prog", // FIXME: see https://github.com/opencontainers/runc/issues/2366#issuecomment-776411392 } From 7b4c3fc11161114572ec1bdcfcf35530e7c46e33 Mon Sep 17 00:00:00 2001 From: Wang-squirrel <117961776+Wang-squirrel@users.noreply.github.com> Date: Fri, 11 Nov 2022 17:25:22 +0800 Subject: [PATCH 0170/1176] Add support for umask when exec container Signed-off-by: WangXiaoSong --- libcontainer/setns_init_linux.go | 4 ++++ tests/integration/umask.bats | 5 +++++ 2 files changed, 9 insertions(+) diff --git a/libcontainer/setns_init_linux.go b/libcontainer/setns_init_linux.go index da31110aeee..ac58190758a 100644 --- a/libcontainer/setns_init_linux.go +++ b/libcontainer/setns_init_linux.go @@ -59,6 +59,10 @@ func (l *linuxSetnsInit) Init() error { return err } } + if l.config.Config.Umask != nil { + unix.Umask(int(*l.config.Config.Umask)) + } + if err := selinux.SetExecLabel(l.config.ProcessLabel); err != nil { return err } diff --git a/tests/integration/umask.bats b/tests/integration/umask.bats index fe9f9d637a9..38e8f62160c 100644 --- a/tests/integration/umask.bats +++ b/tests/integration/umask.bats @@ -21,4 +21,9 @@ function teardown() { [ "$status" -eq 0 ] # umask 63 decimal = umask 77 octal [[ "${output}" == *"77"* ]] + + runc exec test_busybox grep '^Umask:' "/proc/self/status" + [ "$status" -eq 0 ] + # umask 63 decimal = umask 77 octal + [[ "${output}" == *"77"* ]] } From 6faef164f51aab83a8c79d990da27458cbdc45e9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 6 Mar 2023 05:03:16 +0000 Subject: [PATCH 0171/1176] build(deps): bump golang.org/x/net from 0.7.0 to 0.8.0 Bumps [golang.org/x/net](https://github.com/golang/net) from 0.7.0 to 0.8.0. - [Release notes](https://github.com/golang/net/releases) - [Commits](https://github.com/golang/net/compare/v0.7.0...v0.8.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 4 +- go.sum | 8 +- vendor/golang.org/x/sys/execabs/execabs.go | 2 +- .../golang.org/x/sys/execabs/execabs_go118.go | 6 + .../golang.org/x/sys/execabs/execabs_go119.go | 4 + vendor/golang.org/x/sys/unix/ioctl.go | 17 +-- vendor/golang.org/x/sys/unix/ioctl_zos.go | 8 +- vendor/golang.org/x/sys/unix/ptrace_darwin.go | 6 + vendor/golang.org/x/sys/unix/ptrace_ios.go | 6 + vendor/golang.org/x/sys/unix/syscall_aix.go | 5 +- vendor/golang.org/x/sys/unix/syscall_bsd.go | 3 +- .../golang.org/x/sys/unix/syscall_darwin.go | 12 +- .../x/sys/unix/syscall_darwin_amd64.go | 1 + .../x/sys/unix/syscall_darwin_arm64.go | 1 + .../x/sys/unix/syscall_dragonfly.go | 1 + .../golang.org/x/sys/unix/syscall_freebsd.go | 43 +++++- .../x/sys/unix/syscall_freebsd_386.go | 17 +-- .../x/sys/unix/syscall_freebsd_amd64.go | 17 +-- .../x/sys/unix/syscall_freebsd_arm.go | 15 +- .../x/sys/unix/syscall_freebsd_arm64.go | 15 +- .../x/sys/unix/syscall_freebsd_riscv64.go | 15 +- vendor/golang.org/x/sys/unix/syscall_hurd.go | 8 + vendor/golang.org/x/sys/unix/syscall_linux.go | 36 +++-- .../golang.org/x/sys/unix/syscall_netbsd.go | 5 +- .../golang.org/x/sys/unix/syscall_openbsd.go | 1 + .../golang.org/x/sys/unix/syscall_solaris.go | 21 +-- .../x/sys/unix/syscall_zos_s390x.go | 4 +- vendor/golang.org/x/sys/unix/zerrors_linux.go | 10 +- .../x/sys/unix/zptrace_armnn_linux.go | 8 +- .../x/sys/unix/zptrace_linux_arm64.go | 4 +- .../x/sys/unix/zptrace_mipsnn_linux.go | 8 +- .../x/sys/unix/zptrace_mipsnnle_linux.go | 8 +- .../x/sys/unix/zptrace_x86_linux.go | 8 +- .../golang.org/x/sys/unix/zsyscall_aix_ppc.go | 10 ++ .../x/sys/unix/zsyscall_aix_ppc64.go | 10 ++ .../x/sys/unix/zsyscall_aix_ppc64_gc.go | 7 + .../x/sys/unix/zsyscall_aix_ppc64_gccgo.go | 8 + .../x/sys/unix/zsyscall_darwin_amd64.go | 16 ++ .../x/sys/unix/zsyscall_darwin_arm64.go | 16 ++ .../x/sys/unix/zsyscall_dragonfly_amd64.go | 10 ++ .../x/sys/unix/zsyscall_freebsd_386.go | 20 +++ .../x/sys/unix/zsyscall_freebsd_amd64.go | 20 +++ .../x/sys/unix/zsyscall_freebsd_arm.go | 20 +++ .../x/sys/unix/zsyscall_freebsd_arm64.go | 20 +++ .../x/sys/unix/zsyscall_freebsd_riscv64.go | 20 +++ .../golang.org/x/sys/unix/zsyscall_linux.go | 10 ++ .../x/sys/unix/zsyscall_netbsd_386.go | 10 ++ .../x/sys/unix/zsyscall_netbsd_amd64.go | 10 ++ .../x/sys/unix/zsyscall_netbsd_arm.go | 10 ++ .../x/sys/unix/zsyscall_netbsd_arm64.go | 10 ++ .../x/sys/unix/zsyscall_openbsd_386.go | 8 + .../x/sys/unix/zsyscall_openbsd_amd64.go | 8 + .../x/sys/unix/zsyscall_openbsd_arm.go | 8 + .../x/sys/unix/zsyscall_openbsd_arm64.go | 8 + .../x/sys/unix/zsyscall_openbsd_mips64.go | 8 + .../x/sys/unix/zsyscall_openbsd_ppc64.go | 8 + .../x/sys/unix/zsyscall_openbsd_riscv64.go | 8 + .../x/sys/unix/zsyscall_solaris_amd64.go | 11 ++ .../x/sys/unix/zsyscall_zos_s390x.go | 10 ++ .../x/sys/unix/ztypes_freebsd_386.go | 2 +- .../x/sys/unix/ztypes_freebsd_amd64.go | 2 +- .../x/sys/unix/ztypes_freebsd_arm.go | 2 +- .../x/sys/unix/ztypes_freebsd_arm64.go | 2 +- .../x/sys/unix/ztypes_freebsd_riscv64.go | 2 +- vendor/golang.org/x/sys/unix/ztypes_linux.go | 140 +++++++++++++----- .../golang.org/x/sys/unix/ztypes_linux_386.go | 2 +- .../x/sys/unix/ztypes_linux_amd64.go | 2 +- .../golang.org/x/sys/unix/ztypes_linux_arm.go | 2 +- .../x/sys/unix/ztypes_linux_arm64.go | 2 +- .../x/sys/unix/ztypes_linux_loong64.go | 2 +- .../x/sys/unix/ztypes_linux_mips.go | 2 +- .../x/sys/unix/ztypes_linux_mips64.go | 2 +- .../x/sys/unix/ztypes_linux_mips64le.go | 2 +- .../x/sys/unix/ztypes_linux_mipsle.go | 2 +- .../golang.org/x/sys/unix/ztypes_linux_ppc.go | 2 +- .../x/sys/unix/ztypes_linux_ppc64.go | 2 +- .../x/sys/unix/ztypes_linux_ppc64le.go | 2 +- .../x/sys/unix/ztypes_linux_riscv64.go | 2 +- .../x/sys/unix/ztypes_linux_s390x.go | 2 +- .../x/sys/unix/ztypes_linux_sparc64.go | 2 +- .../x/sys/windows/syscall_windows.go | 6 +- .../golang.org/x/sys/windows/types_windows.go | 85 +++++++++++ .../x/sys/windows/zsyscall_windows.go | 27 ++++ vendor/modules.txt | 4 +- 84 files changed, 726 insertions(+), 207 deletions(-) diff --git a/go.mod b/go.mod index 236e1142cb1..481070bafb2 100644 --- a/go.mod +++ b/go.mod @@ -19,8 +19,8 @@ require ( github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 github.com/urfave/cli v1.22.9 github.com/vishvananda/netlink v1.1.0 - golang.org/x/net v0.7.0 - golang.org/x/sys v0.5.0 + golang.org/x/net v0.8.0 + golang.org/x/sys v0.6.0 google.golang.org/protobuf v1.28.1 ) diff --git a/go.sum b/go.sum index 3c335afadad..e5f64e00489 100644 --- a/go.sum +++ b/go.sum @@ -59,14 +59,14 @@ github.com/vishvananda/netlink v1.1.0 h1:1iyaYNBLmP6L0220aDnYQpo1QEV4t4hJ+xEEhhJ github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE= github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df h1:OviZH7qLw/7ZovXvuNyL3XQl8UFofeikI1NW1Gypu7k= github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU= -golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g= -golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ= +golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU= -golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ= +golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w= diff --git a/vendor/golang.org/x/sys/execabs/execabs.go b/vendor/golang.org/x/sys/execabs/execabs.go index b981cfbb4ae..3bf40fdfecd 100644 --- a/vendor/golang.org/x/sys/execabs/execabs.go +++ b/vendor/golang.org/x/sys/execabs/execabs.go @@ -63,7 +63,7 @@ func LookPath(file string) (string, error) { } func fixCmd(name string, cmd *exec.Cmd) { - if filepath.Base(name) == name && !filepath.IsAbs(cmd.Path) { + if filepath.Base(name) == name && !filepath.IsAbs(cmd.Path) && !isGo119ErrFieldSet(cmd) { // exec.Command was called with a bare binary name and // exec.LookPath returned a path which is not absolute. // Set cmd.lookPathErr and clear cmd.Path so that it diff --git a/vendor/golang.org/x/sys/execabs/execabs_go118.go b/vendor/golang.org/x/sys/execabs/execabs_go118.go index 6ab5f50894e..2000064a812 100644 --- a/vendor/golang.org/x/sys/execabs/execabs_go118.go +++ b/vendor/golang.org/x/sys/execabs/execabs_go118.go @@ -7,6 +7,12 @@ package execabs +import "os/exec" + func isGo119ErrDot(err error) bool { return false } + +func isGo119ErrFieldSet(cmd *exec.Cmd) bool { + return false +} diff --git a/vendor/golang.org/x/sys/execabs/execabs_go119.go b/vendor/golang.org/x/sys/execabs/execabs_go119.go index 46c5b525e7b..f364b341892 100644 --- a/vendor/golang.org/x/sys/execabs/execabs_go119.go +++ b/vendor/golang.org/x/sys/execabs/execabs_go119.go @@ -15,3 +15,7 @@ import ( func isGo119ErrDot(err error) bool { return errors.Is(err, exec.ErrDot) } + +func isGo119ErrFieldSet(cmd *exec.Cmd) bool { + return cmd.Err != nil +} diff --git a/vendor/golang.org/x/sys/unix/ioctl.go b/vendor/golang.org/x/sys/unix/ioctl.go index 1c51b0ec2bc..7ce8dd406ff 100644 --- a/vendor/golang.org/x/sys/unix/ioctl.go +++ b/vendor/golang.org/x/sys/unix/ioctl.go @@ -8,7 +8,6 @@ package unix import ( - "runtime" "unsafe" ) @@ -27,7 +26,7 @@ func IoctlSetInt(fd int, req uint, value int) error { // passing the integer value directly. func IoctlSetPointerInt(fd int, req uint, value int) error { v := int32(value) - return ioctl(fd, req, uintptr(unsafe.Pointer(&v))) + return ioctlPtr(fd, req, unsafe.Pointer(&v)) } // IoctlSetWinsize performs an ioctl on fd with a *Winsize argument. @@ -36,9 +35,7 @@ func IoctlSetPointerInt(fd int, req uint, value int) error { func IoctlSetWinsize(fd int, req uint, value *Winsize) error { // TODO: if we get the chance, remove the req parameter and // hardcode TIOCSWINSZ. - err := ioctl(fd, req, uintptr(unsafe.Pointer(value))) - runtime.KeepAlive(value) - return err + return ioctlPtr(fd, req, unsafe.Pointer(value)) } // IoctlSetTermios performs an ioctl on fd with a *Termios. @@ -46,9 +43,7 @@ func IoctlSetWinsize(fd int, req uint, value *Winsize) error { // The req value will usually be TCSETA or TIOCSETA. func IoctlSetTermios(fd int, req uint, value *Termios) error { // TODO: if we get the chance, remove the req parameter. - err := ioctl(fd, req, uintptr(unsafe.Pointer(value))) - runtime.KeepAlive(value) - return err + return ioctlPtr(fd, req, unsafe.Pointer(value)) } // IoctlGetInt performs an ioctl operation which gets an integer value @@ -58,18 +53,18 @@ func IoctlSetTermios(fd int, req uint, value *Termios) error { // for those, IoctlRetInt should be used instead of this function. func IoctlGetInt(fd int, req uint) (int, error) { var value int - err := ioctl(fd, req, uintptr(unsafe.Pointer(&value))) + err := ioctlPtr(fd, req, unsafe.Pointer(&value)) return value, err } func IoctlGetWinsize(fd int, req uint) (*Winsize, error) { var value Winsize - err := ioctl(fd, req, uintptr(unsafe.Pointer(&value))) + err := ioctlPtr(fd, req, unsafe.Pointer(&value)) return &value, err } func IoctlGetTermios(fd int, req uint) (*Termios, error) { var value Termios - err := ioctl(fd, req, uintptr(unsafe.Pointer(&value))) + err := ioctlPtr(fd, req, unsafe.Pointer(&value)) return &value, err } diff --git a/vendor/golang.org/x/sys/unix/ioctl_zos.go b/vendor/golang.org/x/sys/unix/ioctl_zos.go index 5384e7d91d7..6532f09af2e 100644 --- a/vendor/golang.org/x/sys/unix/ioctl_zos.go +++ b/vendor/golang.org/x/sys/unix/ioctl_zos.go @@ -27,9 +27,7 @@ func IoctlSetInt(fd int, req uint, value int) error { func IoctlSetWinsize(fd int, req uint, value *Winsize) error { // TODO: if we get the chance, remove the req parameter and // hardcode TIOCSWINSZ. - err := ioctl(fd, req, uintptr(unsafe.Pointer(value))) - runtime.KeepAlive(value) - return err + return ioctlPtr(fd, req, unsafe.Pointer(value)) } // IoctlSetTermios performs an ioctl on fd with a *Termios. @@ -51,13 +49,13 @@ func IoctlSetTermios(fd int, req uint, value *Termios) error { // for those, IoctlRetInt should be used instead of this function. func IoctlGetInt(fd int, req uint) (int, error) { var value int - err := ioctl(fd, req, uintptr(unsafe.Pointer(&value))) + err := ioctlPtr(fd, req, unsafe.Pointer(&value)) return value, err } func IoctlGetWinsize(fd int, req uint) (*Winsize, error) { var value Winsize - err := ioctl(fd, req, uintptr(unsafe.Pointer(&value))) + err := ioctlPtr(fd, req, unsafe.Pointer(&value)) return &value, err } diff --git a/vendor/golang.org/x/sys/unix/ptrace_darwin.go b/vendor/golang.org/x/sys/unix/ptrace_darwin.go index 463c3eff7fd..39dba6ca6a3 100644 --- a/vendor/golang.org/x/sys/unix/ptrace_darwin.go +++ b/vendor/golang.org/x/sys/unix/ptrace_darwin.go @@ -7,6 +7,12 @@ package unix +import "unsafe" + func ptrace(request int, pid int, addr uintptr, data uintptr) error { return ptrace1(request, pid, addr, data) } + +func ptracePtr(request int, pid int, addr uintptr, data unsafe.Pointer) error { + return ptrace1Ptr(request, pid, addr, data) +} diff --git a/vendor/golang.org/x/sys/unix/ptrace_ios.go b/vendor/golang.org/x/sys/unix/ptrace_ios.go index ed0509a0117..9ea66330a96 100644 --- a/vendor/golang.org/x/sys/unix/ptrace_ios.go +++ b/vendor/golang.org/x/sys/unix/ptrace_ios.go @@ -7,6 +7,12 @@ package unix +import "unsafe" + func ptrace(request int, pid int, addr uintptr, data uintptr) (err error) { return ENOTSUP } + +func ptracePtr(request int, pid int, addr uintptr, data unsafe.Pointer) (err error) { + return ENOTSUP +} diff --git a/vendor/golang.org/x/sys/unix/syscall_aix.go b/vendor/golang.org/x/sys/unix/syscall_aix.go index 2db1b51e99f..d9f5544ccf4 100644 --- a/vendor/golang.org/x/sys/unix/syscall_aix.go +++ b/vendor/golang.org/x/sys/unix/syscall_aix.go @@ -292,9 +292,7 @@ func anyToSockaddr(fd int, rsa *RawSockaddrAny) (Sockaddr, error) { break } } - - bytes := (*[len(pp.Path)]byte)(unsafe.Pointer(&pp.Path[0]))[0:n] - sa.Name = string(bytes) + sa.Name = string(unsafe.Slice((*byte)(unsafe.Pointer(&pp.Path[0])), n)) return sa, nil case AF_INET: @@ -411,6 +409,7 @@ func (w WaitStatus) CoreDump() bool { return w&0x80 == 0x80 } func (w WaitStatus) TrapCause() int { return -1 } //sys ioctl(fd int, req uint, arg uintptr) (err error) +//sys ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) = ioctl // fcntl must never be called with cmd=F_DUP2FD because it doesn't work on AIX // There is no way to create a custom fcntl and to keep //sys fcntl easily, diff --git a/vendor/golang.org/x/sys/unix/syscall_bsd.go b/vendor/golang.org/x/sys/unix/syscall_bsd.go index eda42671f19..7705c3270b5 100644 --- a/vendor/golang.org/x/sys/unix/syscall_bsd.go +++ b/vendor/golang.org/x/sys/unix/syscall_bsd.go @@ -245,8 +245,7 @@ func anyToSockaddr(fd int, rsa *RawSockaddrAny) (Sockaddr, error) { break } } - bytes := (*[len(pp.Path)]byte)(unsafe.Pointer(&pp.Path[0]))[0:n] - sa.Name = string(bytes) + sa.Name = string(unsafe.Slice((*byte)(unsafe.Pointer(&pp.Path[0])), n)) return sa, nil case AF_INET: diff --git a/vendor/golang.org/x/sys/unix/syscall_darwin.go b/vendor/golang.org/x/sys/unix/syscall_darwin.go index 192b071b3d0..7064d6ebab6 100644 --- a/vendor/golang.org/x/sys/unix/syscall_darwin.go +++ b/vendor/golang.org/x/sys/unix/syscall_darwin.go @@ -14,7 +14,6 @@ package unix import ( "fmt" - "runtime" "syscall" "unsafe" ) @@ -376,11 +375,10 @@ func Flistxattr(fd int, dest []byte) (sz int, err error) { func Kill(pid int, signum syscall.Signal) (err error) { return kill(pid, int(signum), 1) } //sys ioctl(fd int, req uint, arg uintptr) (err error) +//sys ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) = SYS_IOCTL func IoctlCtlInfo(fd int, ctlInfo *CtlInfo) error { - err := ioctl(fd, CTLIOCGINFO, uintptr(unsafe.Pointer(ctlInfo))) - runtime.KeepAlive(ctlInfo) - return err + return ioctlPtr(fd, CTLIOCGINFO, unsafe.Pointer(ctlInfo)) } // IfreqMTU is struct ifreq used to get or set a network device's MTU. @@ -394,16 +392,14 @@ type IfreqMTU struct { func IoctlGetIfreqMTU(fd int, ifname string) (*IfreqMTU, error) { var ifreq IfreqMTU copy(ifreq.Name[:], ifname) - err := ioctl(fd, SIOCGIFMTU, uintptr(unsafe.Pointer(&ifreq))) + err := ioctlPtr(fd, SIOCGIFMTU, unsafe.Pointer(&ifreq)) return &ifreq, err } // IoctlSetIfreqMTU performs the SIOCSIFMTU ioctl operation on fd to set the MTU // of the network device specified by ifreq.Name. func IoctlSetIfreqMTU(fd int, ifreq *IfreqMTU) error { - err := ioctl(fd, SIOCSIFMTU, uintptr(unsafe.Pointer(ifreq))) - runtime.KeepAlive(ifreq) - return err + return ioctlPtr(fd, SIOCSIFMTU, unsafe.Pointer(ifreq)) } //sys sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) = SYS_SYSCTL diff --git a/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go b/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go index b37310ce9b4..9fa879806bc 100644 --- a/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go +++ b/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go @@ -47,5 +47,6 @@ func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, //sys getfsstat(buf unsafe.Pointer, size uintptr, flags int) (n int, err error) = SYS_GETFSSTAT64 //sys Lstat(path string, stat *Stat_t) (err error) = SYS_LSTAT64 //sys ptrace1(request int, pid int, addr uintptr, data uintptr) (err error) = SYS_ptrace +//sys ptrace1Ptr(request int, pid int, addr unsafe.Pointer, data uintptr) (err error) = SYS_ptrace //sys Stat(path string, stat *Stat_t) (err error) = SYS_STAT64 //sys Statfs(path string, stat *Statfs_t) (err error) = SYS_STATFS64 diff --git a/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go b/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go index d51ec996304..f17b8c526a5 100644 --- a/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go +++ b/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go @@ -47,5 +47,6 @@ func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, //sys getfsstat(buf unsafe.Pointer, size uintptr, flags int) (n int, err error) = SYS_GETFSSTAT //sys Lstat(path string, stat *Stat_t) (err error) //sys ptrace1(request int, pid int, addr uintptr, data uintptr) (err error) = SYS_ptrace +//sys ptrace1Ptr(request int, pid int, addr unsafe.Pointer, data uintptr) (err error) = SYS_ptrace //sys Stat(path string, stat *Stat_t) (err error) //sys Statfs(path string, stat *Statfs_t) (err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_dragonfly.go b/vendor/golang.org/x/sys/unix/syscall_dragonfly.go index a41111a794e..221efc26bcd 100644 --- a/vendor/golang.org/x/sys/unix/syscall_dragonfly.go +++ b/vendor/golang.org/x/sys/unix/syscall_dragonfly.go @@ -172,6 +172,7 @@ func Getfsstat(buf []Statfs_t, flags int) (n int, err error) { } //sys ioctl(fd int, req uint, arg uintptr) (err error) +//sys ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) = SYS_IOCTL //sys sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) = SYS___SYSCTL diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd.go b/vendor/golang.org/x/sys/unix/syscall_freebsd.go index d50b9dc250b..5bdde03e4a8 100644 --- a/vendor/golang.org/x/sys/unix/syscall_freebsd.go +++ b/vendor/golang.org/x/sys/unix/syscall_freebsd.go @@ -161,7 +161,8 @@ func Getfsstat(buf []Statfs_t, flags int) (n int, err error) { return } -//sys ioctl(fd int, req uint, arg uintptr) (err error) +//sys ioctl(fd int, req uint, arg uintptr) (err error) = SYS_IOCTL +//sys ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) = SYS_IOCTL //sys sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) = SYS___SYSCTL @@ -253,6 +254,7 @@ func Sendfile(outfd int, infd int, offset *int64, count int) (written int, err e } //sys ptrace(request int, pid int, addr uintptr, data int) (err error) +//sys ptracePtr(request int, pid int, addr unsafe.Pointer, data int) (err error) = SYS_PTRACE func PtraceAttach(pid int) (err error) { return ptrace(PT_ATTACH, pid, 0, 0) @@ -267,19 +269,36 @@ func PtraceDetach(pid int) (err error) { } func PtraceGetFpRegs(pid int, fpregsout *FpReg) (err error) { - return ptrace(PT_GETFPREGS, pid, uintptr(unsafe.Pointer(fpregsout)), 0) + return ptracePtr(PT_GETFPREGS, pid, unsafe.Pointer(fpregsout), 0) } func PtraceGetRegs(pid int, regsout *Reg) (err error) { - return ptrace(PT_GETREGS, pid, uintptr(unsafe.Pointer(regsout)), 0) + return ptracePtr(PT_GETREGS, pid, unsafe.Pointer(regsout), 0) +} + +func PtraceIO(req int, pid int, offs uintptr, out []byte, countin int) (count int, err error) { + ioDesc := PtraceIoDesc{ + Op: int32(req), + Offs: offs, + } + if countin > 0 { + _ = out[:countin] // check bounds + ioDesc.Addr = &out[0] + } else if out != nil { + ioDesc.Addr = (*byte)(unsafe.Pointer(&_zero)) + } + ioDesc.SetLen(countin) + + err = ptracePtr(PT_IO, pid, unsafe.Pointer(&ioDesc), 0) + return int(ioDesc.Len), err } func PtraceLwpEvents(pid int, enable int) (err error) { return ptrace(PT_LWP_EVENTS, pid, 0, enable) } -func PtraceLwpInfo(pid int, info uintptr) (err error) { - return ptrace(PT_LWPINFO, pid, info, int(unsafe.Sizeof(PtraceLwpInfoStruct{}))) +func PtraceLwpInfo(pid int, info *PtraceLwpInfoStruct) (err error) { + return ptracePtr(PT_LWPINFO, pid, unsafe.Pointer(info), int(unsafe.Sizeof(*info))) } func PtracePeekData(pid int, addr uintptr, out []byte) (count int, err error) { @@ -299,13 +318,25 @@ func PtracePokeText(pid int, addr uintptr, data []byte) (count int, err error) { } func PtraceSetRegs(pid int, regs *Reg) (err error) { - return ptrace(PT_SETREGS, pid, uintptr(unsafe.Pointer(regs)), 0) + return ptracePtr(PT_SETREGS, pid, unsafe.Pointer(regs), 0) } func PtraceSingleStep(pid int) (err error) { return ptrace(PT_STEP, pid, 1, 0) } +func Dup3(oldfd, newfd, flags int) error { + if oldfd == newfd || flags&^O_CLOEXEC != 0 { + return EINVAL + } + how := F_DUP2FD + if flags&O_CLOEXEC != 0 { + how = F_DUP2FD_CLOEXEC + } + _, err := fcntl(oldfd, how, newfd) + return err +} + /* * Exposed directly */ diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go index 6a91d471d09..b8da510043c 100644 --- a/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go +++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go @@ -42,6 +42,10 @@ func (cmsg *Cmsghdr) SetLen(length int) { cmsg.Len = uint32(length) } +func (d *PtraceIoDesc) SetLen(length int) { + d.Len = uint32(length) +} + func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) { var writtenOut uint64 = 0 _, _, e1 := Syscall9(SYS_SENDFILE, uintptr(infd), uintptr(outfd), uintptr(*offset), uintptr((*offset)>>32), uintptr(count), 0, uintptr(unsafe.Pointer(&writtenOut)), 0, 0) @@ -57,16 +61,5 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno) func PtraceGetFsBase(pid int, fsbase *int64) (err error) { - return ptrace(PT_GETFSBASE, pid, uintptr(unsafe.Pointer(fsbase)), 0) -} - -func PtraceIO(req int, pid int, offs uintptr, out []byte, countin int) (count int, err error) { - ioDesc := PtraceIoDesc{ - Op: int32(req), - Offs: offs, - Addr: uintptr(unsafe.Pointer(&out[0])), // TODO(#58351): this is not safe. - Len: uint32(countin), - } - err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0) - return int(ioDesc.Len), err + return ptracePtr(PT_GETFSBASE, pid, unsafe.Pointer(fsbase), 0) } diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go index 48110a0abb9..47155c48390 100644 --- a/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go +++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go @@ -42,6 +42,10 @@ func (cmsg *Cmsghdr) SetLen(length int) { cmsg.Len = uint32(length) } +func (d *PtraceIoDesc) SetLen(length int) { + d.Len = uint64(length) +} + func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) { var writtenOut uint64 = 0 _, _, e1 := Syscall9(SYS_SENDFILE, uintptr(infd), uintptr(outfd), uintptr(*offset), uintptr(count), 0, uintptr(unsafe.Pointer(&writtenOut)), 0, 0, 0) @@ -57,16 +61,5 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno) func PtraceGetFsBase(pid int, fsbase *int64) (err error) { - return ptrace(PT_GETFSBASE, pid, uintptr(unsafe.Pointer(fsbase)), 0) -} - -func PtraceIO(req int, pid int, offs uintptr, out []byte, countin int) (count int, err error) { - ioDesc := PtraceIoDesc{ - Op: int32(req), - Offs: offs, - Addr: uintptr(unsafe.Pointer(&out[0])), // TODO(#58351): this is not safe. - Len: uint64(countin), - } - err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0) - return int(ioDesc.Len), err + return ptracePtr(PT_GETFSBASE, pid, unsafe.Pointer(fsbase), 0) } diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go index 52f1d4b75a3..08932093fa2 100644 --- a/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go +++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go @@ -42,6 +42,10 @@ func (cmsg *Cmsghdr) SetLen(length int) { cmsg.Len = uint32(length) } +func (d *PtraceIoDesc) SetLen(length int) { + d.Len = uint32(length) +} + func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) { var writtenOut uint64 = 0 _, _, e1 := Syscall9(SYS_SENDFILE, uintptr(infd), uintptr(outfd), uintptr(*offset), uintptr((*offset)>>32), uintptr(count), 0, uintptr(unsafe.Pointer(&writtenOut)), 0, 0) @@ -55,14 +59,3 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e } func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno) - -func PtraceIO(req int, pid int, offs uintptr, out []byte, countin int) (count int, err error) { - ioDesc := PtraceIoDesc{ - Op: int32(req), - Offs: offs, - Addr: uintptr(unsafe.Pointer(&out[0])), // TODO(#58351): this is not safe. - Len: uint32(countin), - } - err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0) - return int(ioDesc.Len), err -} diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go index 5537ee4f2ed..d151a0d0e53 100644 --- a/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go +++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go @@ -42,6 +42,10 @@ func (cmsg *Cmsghdr) SetLen(length int) { cmsg.Len = uint32(length) } +func (d *PtraceIoDesc) SetLen(length int) { + d.Len = uint64(length) +} + func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) { var writtenOut uint64 = 0 _, _, e1 := Syscall9(SYS_SENDFILE, uintptr(infd), uintptr(outfd), uintptr(*offset), uintptr(count), 0, uintptr(unsafe.Pointer(&writtenOut)), 0, 0, 0) @@ -55,14 +59,3 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e } func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno) - -func PtraceIO(req int, pid int, offs uintptr, out []byte, countin int) (count int, err error) { - ioDesc := PtraceIoDesc{ - Op: int32(req), - Offs: offs, - Addr: uintptr(unsafe.Pointer(&out[0])), // TODO(#58351): this is not safe. - Len: uint64(countin), - } - err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0) - return int(ioDesc.Len), err -} diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go index 164abd5d215..d5cd64b3787 100644 --- a/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go +++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go @@ -42,6 +42,10 @@ func (cmsg *Cmsghdr) SetLen(length int) { cmsg.Len = uint32(length) } +func (d *PtraceIoDesc) SetLen(length int) { + d.Len = uint64(length) +} + func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) { var writtenOut uint64 = 0 _, _, e1 := Syscall9(SYS_SENDFILE, uintptr(infd), uintptr(outfd), uintptr(*offset), uintptr(count), 0, uintptr(unsafe.Pointer(&writtenOut)), 0, 0, 0) @@ -55,14 +59,3 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e } func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno) - -func PtraceIO(req int, pid int, offs uintptr, out []byte, countin int) (count int, err error) { - ioDesc := PtraceIoDesc{ - Op: int32(req), - Offs: offs, - Addr: uintptr(unsafe.Pointer(&out[0])), // TODO(#58351): this is not safe. - Len: uint64(countin), - } - err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0) - return int(ioDesc.Len), err -} diff --git a/vendor/golang.org/x/sys/unix/syscall_hurd.go b/vendor/golang.org/x/sys/unix/syscall_hurd.go index 4ffb64808d7..381fd4673be 100644 --- a/vendor/golang.org/x/sys/unix/syscall_hurd.go +++ b/vendor/golang.org/x/sys/unix/syscall_hurd.go @@ -20,3 +20,11 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { } return } + +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + r0, er := C.ioctl(C.int(fd), C.ulong(req), C.uintptr_t(uintptr(arg))) + if r0 == -1 && er != nil { + err = er + } + return +} diff --git a/vendor/golang.org/x/sys/unix/syscall_linux.go b/vendor/golang.org/x/sys/unix/syscall_linux.go index 5443dddd48d..9735331530a 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux.go @@ -1015,8 +1015,7 @@ func anyToSockaddr(fd int, rsa *RawSockaddrAny) (Sockaddr, error) { for n < len(pp.Path) && pp.Path[n] != 0 { n++ } - bytes := (*[len(pp.Path)]byte)(unsafe.Pointer(&pp.Path[0]))[0:n] - sa.Name = string(bytes) + sa.Name = string(unsafe.Slice((*byte)(unsafe.Pointer(&pp.Path[0])), n)) return sa, nil case AF_INET: @@ -1365,6 +1364,10 @@ func SetsockoptTCPRepairOpt(fd, level, opt int, o []TCPRepairOpt) (err error) { return setsockopt(fd, level, opt, unsafe.Pointer(&o[0]), uintptr(SizeofTCPRepairOpt*len(o))) } +func SetsockoptTCPMD5Sig(fd, level, opt int, s *TCPMD5Sig) error { + return setsockopt(fd, level, opt, unsafe.Pointer(s), unsafe.Sizeof(*s)) +} + // Keyctl Commands (http://man7.org/linux/man-pages/man2/keyctl.2.html) // KeyctlInt calls keyctl commands in which each argument is an int. @@ -1579,6 +1582,7 @@ func BindToDevice(fd int, device string) (err error) { } //sys ptrace(request int, pid int, addr uintptr, data uintptr) (err error) +//sys ptracePtr(request int, pid int, addr uintptr, data unsafe.Pointer) (err error) = SYS_PTRACE func ptracePeek(req int, pid int, addr uintptr, out []byte) (count int, err error) { // The peek requests are machine-size oriented, so we wrap it @@ -1596,7 +1600,7 @@ func ptracePeek(req int, pid int, addr uintptr, out []byte) (count int, err erro // boundary. n := 0 if addr%SizeofPtr != 0 { - err = ptrace(req, pid, addr-addr%SizeofPtr, uintptr(unsafe.Pointer(&buf[0]))) + err = ptracePtr(req, pid, addr-addr%SizeofPtr, unsafe.Pointer(&buf[0])) if err != nil { return 0, err } @@ -1608,7 +1612,7 @@ func ptracePeek(req int, pid int, addr uintptr, out []byte) (count int, err erro for len(out) > 0 { // We use an internal buffer to guarantee alignment. // It's not documented if this is necessary, but we're paranoid. - err = ptrace(req, pid, addr+uintptr(n), uintptr(unsafe.Pointer(&buf[0]))) + err = ptracePtr(req, pid, addr+uintptr(n), unsafe.Pointer(&buf[0])) if err != nil { return n, err } @@ -1640,7 +1644,7 @@ func ptracePoke(pokeReq int, peekReq int, pid int, addr uintptr, data []byte) (c n := 0 if addr%SizeofPtr != 0 { var buf [SizeofPtr]byte - err = ptrace(peekReq, pid, addr-addr%SizeofPtr, uintptr(unsafe.Pointer(&buf[0]))) + err = ptracePtr(peekReq, pid, addr-addr%SizeofPtr, unsafe.Pointer(&buf[0])) if err != nil { return 0, err } @@ -1667,7 +1671,7 @@ func ptracePoke(pokeReq int, peekReq int, pid int, addr uintptr, data []byte) (c // Trailing edge. if len(data) > 0 { var buf [SizeofPtr]byte - err = ptrace(peekReq, pid, addr+uintptr(n), uintptr(unsafe.Pointer(&buf[0]))) + err = ptracePtr(peekReq, pid, addr+uintptr(n), unsafe.Pointer(&buf[0])) if err != nil { return n, err } @@ -1696,11 +1700,11 @@ func PtracePokeUser(pid int, addr uintptr, data []byte) (count int, err error) { } func PtraceGetRegs(pid int, regsout *PtraceRegs) (err error) { - return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout))) + return ptracePtr(PTRACE_GETREGS, pid, 0, unsafe.Pointer(regsout)) } func PtraceSetRegs(pid int, regs *PtraceRegs) (err error) { - return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs))) + return ptracePtr(PTRACE_SETREGS, pid, 0, unsafe.Pointer(regs)) } func PtraceSetOptions(pid int, options int) (err error) { @@ -1709,7 +1713,7 @@ func PtraceSetOptions(pid int, options int) (err error) { func PtraceGetEventMsg(pid int) (msg uint, err error) { var data _C_long - err = ptrace(PTRACE_GETEVENTMSG, pid, 0, uintptr(unsafe.Pointer(&data))) + err = ptracePtr(PTRACE_GETEVENTMSG, pid, 0, unsafe.Pointer(&data)) msg = uint(data) return } @@ -2154,6 +2158,14 @@ func isGroupMember(gid int) bool { return false } +func isCapDacOverrideSet() bool { + hdr := CapUserHeader{Version: LINUX_CAPABILITY_VERSION_3} + data := [2]CapUserData{} + err := Capget(&hdr, &data[0]) + + return err == nil && data[0].Effective&(1< 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go index 77479d45815..1129065624e 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go @@ -388,6 +388,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { var _p0 unsafe.Pointer if len(mib) > 0 { @@ -414,6 +424,16 @@ func ptrace(request int, pid int, addr uintptr, data int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ptracePtr(request int, pid int, addr unsafe.Pointer, data int) (err error) { + _, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func Access(path string, mode uint32) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go index 2e966d4d7a6..55f5abfe599 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go @@ -388,6 +388,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { var _p0 unsafe.Pointer if len(mib) > 0 { @@ -414,6 +424,16 @@ func ptrace(request int, pid int, addr uintptr, data int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ptracePtr(request int, pid int, addr unsafe.Pointer, data int) (err error) { + _, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func Access(path string, mode uint32) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go index d65a7c0fa6e..d39651c2b58 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go @@ -388,6 +388,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { var _p0 unsafe.Pointer if len(mib) > 0 { @@ -414,6 +424,16 @@ func ptrace(request int, pid int, addr uintptr, data int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ptracePtr(request int, pid int, addr unsafe.Pointer, data int) (err error) { + _, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func Access(path string, mode uint32) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go index 6f0b97c6db3..ddb74086801 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go @@ -388,6 +388,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { var _p0 unsafe.Pointer if len(mib) > 0 { @@ -414,6 +424,16 @@ func ptrace(request int, pid int, addr uintptr, data int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ptracePtr(request int, pid int, addr unsafe.Pointer, data int) (err error) { + _, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func Access(path string, mode uint32) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go index e1c23b52723..09a53a616c0 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go @@ -388,6 +388,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { var _p0 unsafe.Pointer if len(mib) > 0 { @@ -414,6 +424,16 @@ func ptrace(request int, pid int, addr uintptr, data int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ptracePtr(request int, pid int, addr unsafe.Pointer, data int) (err error) { + _, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func Access(path string, mode uint32) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux.go b/vendor/golang.org/x/sys/unix/zsyscall_linux.go index 36ea3a55b72..430cb24de7e 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux.go @@ -379,6 +379,16 @@ func ptrace(request int, pid int, addr uintptr, data uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ptracePtr(request int, pid int, addr uintptr, data unsafe.Pointer) (err error) { + _, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func reboot(magic1 uint, magic2 uint, cmd int, arg string) (err error) { var _p0 *byte _p0, err = BytePtrFromString(arg) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go index 79f7389963e..8e1d9c8f666 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go @@ -405,6 +405,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { var _p0 unsafe.Pointer if len(mib) > 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go index fb161f3a263..21c6950400e 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go @@ -405,6 +405,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { var _p0 unsafe.Pointer if len(mib) > 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go index 4c8ac993a88..298168f90a1 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go @@ -405,6 +405,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { var _p0 unsafe.Pointer if len(mib) > 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go index 76dd8ec4fdb..68b8bd492fe 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go @@ -405,6 +405,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { var _p0 unsafe.Pointer if len(mib) > 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go index caeb807bd4e..0b0f910e1ab 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go @@ -527,6 +527,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { return } +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + var libc_ioctl_trampoline_addr uintptr //go:cgo_import_dynamic libc_ioctl ioctl "libc.so" diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go index a05e5f4fff6..48ff5de75b5 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go @@ -527,6 +527,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { return } +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + var libc_ioctl_trampoline_addr uintptr //go:cgo_import_dynamic libc_ioctl ioctl "libc.so" diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go index b2da8e50cc7..2452a641dae 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go @@ -527,6 +527,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { return } +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + var libc_ioctl_trampoline_addr uintptr //go:cgo_import_dynamic libc_ioctl ioctl "libc.so" diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go index 048b2655e6f..5e35600a60c 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go @@ -527,6 +527,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { return } +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + var libc_ioctl_trampoline_addr uintptr //go:cgo_import_dynamic libc_ioctl ioctl "libc.so" diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go index 6f33e37e723..b04cef1a198 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go @@ -527,6 +527,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { return } +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + var libc_ioctl_trampoline_addr uintptr //go:cgo_import_dynamic libc_ioctl ioctl "libc.so" diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go index 330cf7f7ac6..47a07ee0c27 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go @@ -527,6 +527,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { return } +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + var libc_ioctl_trampoline_addr uintptr //go:cgo_import_dynamic libc_ioctl ioctl "libc.so" diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go index 5f24de0d9d7..573378fdb96 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go @@ -527,6 +527,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { return } +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + var libc_ioctl_trampoline_addr uintptr //go:cgo_import_dynamic libc_ioctl ioctl "libc.so" diff --git a/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go index 78d4a4240e9..4873a1e5d3e 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go @@ -657,6 +657,17 @@ func ioctlRet(fd int, req uint, arg uintptr) (ret int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ioctlPtrRet(fd int, req uint, arg unsafe.Pointer) (ret int, err error) { + r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procioctl)), 3, uintptr(fd), uintptr(req), uintptr(arg), 0, 0, 0) + ret = int(r0) + if e1 != 0 { + err = e1 + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func poll(fds *PollFd, nfds int, timeout int) (n int, err error) { r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procpoll)), 3, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout), 0, 0, 0) n = int(r0) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go b/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go index f2079457c6b..07bfe2ef9ad 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go @@ -267,6 +267,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := syscall_syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func Access(path string, mode uint32) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go index d9c78cdcbc4..29dc483378a 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go +++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go @@ -362,7 +362,7 @@ type FpExtendedPrecision struct{} type PtraceIoDesc struct { Op int32 Offs uintptr - Addr uintptr + Addr *byte Len uint32 } diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go index 26991b16559..0a89b28906a 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go @@ -367,7 +367,7 @@ type FpExtendedPrecision struct{} type PtraceIoDesc struct { Op int32 Offs uintptr - Addr uintptr + Addr *byte Len uint64 } diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go index f8324e7e7f4..c8666bb1528 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go +++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go @@ -350,7 +350,7 @@ type FpExtendedPrecision struct { type PtraceIoDesc struct { Op int32 Offs uintptr - Addr uintptr + Addr *byte Len uint32 } diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go index 4220411f341..88fb48a887b 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go @@ -347,7 +347,7 @@ type FpExtendedPrecision struct{} type PtraceIoDesc struct { Op int32 Offs uintptr - Addr uintptr + Addr *byte Len uint64 } diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go index 0660fd45c7c..698dc975e92 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go @@ -348,7 +348,7 @@ type FpExtendedPrecision struct{} type PtraceIoDesc struct { Op int32 Offs uintptr - Addr uintptr + Addr *byte Len uint64 } diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux.go b/vendor/golang.org/x/sys/unix/ztypes_linux.go index 7d9fc8f1c91..ca84727cfe8 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux.go @@ -456,36 +456,60 @@ type Ucred struct { } type TCPInfo struct { - State uint8 - Ca_state uint8 - Retransmits uint8 - Probes uint8 - Backoff uint8 - Options uint8 - Rto uint32 - Ato uint32 - Snd_mss uint32 - Rcv_mss uint32 - Unacked uint32 - Sacked uint32 - Lost uint32 - Retrans uint32 - Fackets uint32 - Last_data_sent uint32 - Last_ack_sent uint32 - Last_data_recv uint32 - Last_ack_recv uint32 - Pmtu uint32 - Rcv_ssthresh uint32 - Rtt uint32 - Rttvar uint32 - Snd_ssthresh uint32 - Snd_cwnd uint32 - Advmss uint32 - Reordering uint32 - Rcv_rtt uint32 - Rcv_space uint32 - Total_retrans uint32 + State uint8 + Ca_state uint8 + Retransmits uint8 + Probes uint8 + Backoff uint8 + Options uint8 + Rto uint32 + Ato uint32 + Snd_mss uint32 + Rcv_mss uint32 + Unacked uint32 + Sacked uint32 + Lost uint32 + Retrans uint32 + Fackets uint32 + Last_data_sent uint32 + Last_ack_sent uint32 + Last_data_recv uint32 + Last_ack_recv uint32 + Pmtu uint32 + Rcv_ssthresh uint32 + Rtt uint32 + Rttvar uint32 + Snd_ssthresh uint32 + Snd_cwnd uint32 + Advmss uint32 + Reordering uint32 + Rcv_rtt uint32 + Rcv_space uint32 + Total_retrans uint32 + Pacing_rate uint64 + Max_pacing_rate uint64 + Bytes_acked uint64 + Bytes_received uint64 + Segs_out uint32 + Segs_in uint32 + Notsent_bytes uint32 + Min_rtt uint32 + Data_segs_in uint32 + Data_segs_out uint32 + Delivery_rate uint64 + Busy_time uint64 + Rwnd_limited uint64 + Sndbuf_limited uint64 + Delivered uint32 + Delivered_ce uint32 + Bytes_sent uint64 + Bytes_retrans uint64 + Dsack_dups uint32 + Reord_seen uint32 + Rcv_ooopack uint32 + Snd_wnd uint32 + Rcv_wnd uint32 + Rehash uint32 } type CanFilter struct { @@ -528,7 +552,7 @@ const ( SizeofIPv6MTUInfo = 0x20 SizeofICMPv6Filter = 0x20 SizeofUcred = 0xc - SizeofTCPInfo = 0x68 + SizeofTCPInfo = 0xf0 SizeofCanFilter = 0x8 SizeofTCPRepairOpt = 0x8 ) @@ -1043,6 +1067,7 @@ const ( PerfBitCommExec = CBitFieldMaskBit24 PerfBitUseClockID = CBitFieldMaskBit25 PerfBitContextSwitch = CBitFieldMaskBit26 + PerfBitWriteBackward = CBitFieldMaskBit27 ) const ( @@ -1239,7 +1264,7 @@ type TCPMD5Sig struct { Flags uint8 Prefixlen uint8 Keylen uint16 - _ uint32 + Ifindex int32 Key [80]uint8 } @@ -1939,7 +1964,11 @@ const ( NFT_MSG_GETOBJ = 0x13 NFT_MSG_DELOBJ = 0x14 NFT_MSG_GETOBJ_RESET = 0x15 - NFT_MSG_MAX = 0x19 + NFT_MSG_NEWFLOWTABLE = 0x16 + NFT_MSG_GETFLOWTABLE = 0x17 + NFT_MSG_DELFLOWTABLE = 0x18 + NFT_MSG_GETRULE_RESET = 0x19 + NFT_MSG_MAX = 0x1a NFTA_LIST_UNSPEC = 0x0 NFTA_LIST_ELEM = 0x1 NFTA_HOOK_UNSPEC = 0x0 @@ -2443,9 +2472,11 @@ const ( SOF_TIMESTAMPING_OPT_STATS = 0x1000 SOF_TIMESTAMPING_OPT_PKTINFO = 0x2000 SOF_TIMESTAMPING_OPT_TX_SWHW = 0x4000 + SOF_TIMESTAMPING_BIND_PHC = 0x8000 + SOF_TIMESTAMPING_OPT_ID_TCP = 0x10000 - SOF_TIMESTAMPING_LAST = 0x8000 - SOF_TIMESTAMPING_MASK = 0xffff + SOF_TIMESTAMPING_LAST = 0x10000 + SOF_TIMESTAMPING_MASK = 0x1ffff SCM_TSTAMP_SND = 0x0 SCM_TSTAMP_SCHED = 0x1 @@ -3265,7 +3296,7 @@ const ( DEVLINK_ATTR_LINECARD_SUPPORTED_TYPES = 0xae DEVLINK_ATTR_NESTED_DEVLINK = 0xaf DEVLINK_ATTR_SELFTESTS = 0xb0 - DEVLINK_ATTR_MAX = 0xb0 + DEVLINK_ATTR_MAX = 0xb3 DEVLINK_DPIPE_FIELD_MAPPING_TYPE_NONE = 0x0 DEVLINK_DPIPE_FIELD_MAPPING_TYPE_IFINDEX = 0x1 DEVLINK_DPIPE_MATCH_TYPE_FIELD_EXACT = 0x0 @@ -3281,7 +3312,8 @@ const ( DEVLINK_PORT_FUNCTION_ATTR_HW_ADDR = 0x1 DEVLINK_PORT_FN_ATTR_STATE = 0x2 DEVLINK_PORT_FN_ATTR_OPSTATE = 0x3 - DEVLINK_PORT_FUNCTION_ATTR_MAX = 0x3 + DEVLINK_PORT_FN_ATTR_CAPS = 0x4 + DEVLINK_PORT_FUNCTION_ATTR_MAX = 0x4 ) type FsverityDigest struct { @@ -3572,7 +3604,8 @@ const ( ETHTOOL_MSG_MODULE_SET = 0x23 ETHTOOL_MSG_PSE_GET = 0x24 ETHTOOL_MSG_PSE_SET = 0x25 - ETHTOOL_MSG_USER_MAX = 0x25 + ETHTOOL_MSG_RSS_GET = 0x26 + ETHTOOL_MSG_USER_MAX = 0x26 ETHTOOL_MSG_KERNEL_NONE = 0x0 ETHTOOL_MSG_STRSET_GET_REPLY = 0x1 ETHTOOL_MSG_LINKINFO_GET_REPLY = 0x2 @@ -3611,7 +3644,8 @@ const ( ETHTOOL_MSG_MODULE_GET_REPLY = 0x23 ETHTOOL_MSG_MODULE_NTF = 0x24 ETHTOOL_MSG_PSE_GET_REPLY = 0x25 - ETHTOOL_MSG_KERNEL_MAX = 0x25 + ETHTOOL_MSG_RSS_GET_REPLY = 0x26 + ETHTOOL_MSG_KERNEL_MAX = 0x26 ETHTOOL_A_HEADER_UNSPEC = 0x0 ETHTOOL_A_HEADER_DEV_INDEX = 0x1 ETHTOOL_A_HEADER_DEV_NAME = 0x2 @@ -3679,7 +3713,8 @@ const ( ETHTOOL_A_LINKSTATE_SQI_MAX = 0x4 ETHTOOL_A_LINKSTATE_EXT_STATE = 0x5 ETHTOOL_A_LINKSTATE_EXT_SUBSTATE = 0x6 - ETHTOOL_A_LINKSTATE_MAX = 0x6 + ETHTOOL_A_LINKSTATE_EXT_DOWN_CNT = 0x7 + ETHTOOL_A_LINKSTATE_MAX = 0x7 ETHTOOL_A_DEBUG_UNSPEC = 0x0 ETHTOOL_A_DEBUG_HEADER = 0x1 ETHTOOL_A_DEBUG_MSGMASK = 0x2 @@ -4409,7 +4444,7 @@ const ( NL80211_ATTR_MAC_HINT = 0xc8 NL80211_ATTR_MAC_MASK = 0xd7 NL80211_ATTR_MAX_AP_ASSOC_STA = 0xca - NL80211_ATTR_MAX = 0x140 + NL80211_ATTR_MAX = 0x141 NL80211_ATTR_MAX_CRIT_PROT_DURATION = 0xb4 NL80211_ATTR_MAX_CSA_COUNTERS = 0xce NL80211_ATTR_MAX_MATCH_SETS = 0x85 @@ -4552,6 +4587,7 @@ const ( NL80211_ATTR_SUPPORT_MESH_AUTH = 0x73 NL80211_ATTR_SURVEY_INFO = 0x54 NL80211_ATTR_SURVEY_RADIO_STATS = 0xda + NL80211_ATTR_TD_BITMAP = 0x141 NL80211_ATTR_TDLS_ACTION = 0x88 NL80211_ATTR_TDLS_DIALOG_TOKEN = 0x89 NL80211_ATTR_TDLS_EXTERNAL_SETUP = 0x8c @@ -5752,3 +5788,25 @@ const ( AUDIT_NLGRP_NONE = 0x0 AUDIT_NLGRP_READLOG = 0x1 ) + +const ( + TUN_F_CSUM = 0x1 + TUN_F_TSO4 = 0x2 + TUN_F_TSO6 = 0x4 + TUN_F_TSO_ECN = 0x8 + TUN_F_UFO = 0x10 +) + +const ( + VIRTIO_NET_HDR_F_NEEDS_CSUM = 0x1 + VIRTIO_NET_HDR_F_DATA_VALID = 0x2 + VIRTIO_NET_HDR_F_RSC_INFO = 0x4 +) + +const ( + VIRTIO_NET_HDR_GSO_NONE = 0x0 + VIRTIO_NET_HDR_GSO_TCPV4 = 0x1 + VIRTIO_NET_HDR_GSO_UDP = 0x3 + VIRTIO_NET_HDR_GSO_TCPV6 = 0x4 + VIRTIO_NET_HDR_GSO_ECN = 0x80 +) diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_386.go b/vendor/golang.org/x/sys/unix/ztypes_linux_386.go index 89c516a29ac..4ecc1495cd0 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_386.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_386.go @@ -414,7 +414,7 @@ const ( type SockaddrStorage struct { Family uint16 - _ [122]int8 + Data [122]byte _ uint32 } diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go index 62b4fb26996..34fddff964e 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go @@ -427,7 +427,7 @@ const ( type SockaddrStorage struct { Family uint16 - _ [118]int8 + Data [118]byte _ uint64 } diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go b/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go index e86b35893ec..3b14a6031f3 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go @@ -405,7 +405,7 @@ const ( type SockaddrStorage struct { Family uint16 - _ [122]uint8 + Data [122]byte _ uint32 } diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go index 6c6be4c911d..0517651ab3f 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go @@ -406,7 +406,7 @@ const ( type SockaddrStorage struct { Family uint16 - _ [118]int8 + Data [118]byte _ uint64 } diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go index 4982ea355a2..3b0c5181345 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go @@ -407,7 +407,7 @@ const ( type SockaddrStorage struct { Family uint16 - _ [118]int8 + Data [118]byte _ uint64 } diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go index 173141a6703..fccdf4dd0f4 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go @@ -410,7 +410,7 @@ const ( type SockaddrStorage struct { Family uint16 - _ [122]int8 + Data [122]byte _ uint32 } diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go index 93ae4c51673..500de8fc07d 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go @@ -409,7 +409,7 @@ const ( type SockaddrStorage struct { Family uint16 - _ [118]int8 + Data [118]byte _ uint64 } diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go index 4e4e510ca51..d0434cd2c6d 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go @@ -409,7 +409,7 @@ const ( type SockaddrStorage struct { Family uint16 - _ [118]int8 + Data [118]byte _ uint64 } diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go index 3f5ba013d99..84206ba5347 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go @@ -410,7 +410,7 @@ const ( type SockaddrStorage struct { Family uint16 - _ [122]int8 + Data [122]byte _ uint32 } diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go index 71dfe7cdb47..ab078cf1f51 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go @@ -417,7 +417,7 @@ const ( type SockaddrStorage struct { Family uint16 - _ [122]uint8 + Data [122]byte _ uint32 } diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go index 3a2b7f0a666..42eb2c4cefd 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go @@ -416,7 +416,7 @@ const ( type SockaddrStorage struct { Family uint16 - _ [118]uint8 + Data [118]byte _ uint64 } diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go index a52d6275632..31304a4e8bb 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go @@ -416,7 +416,7 @@ const ( type SockaddrStorage struct { Family uint16 - _ [118]uint8 + Data [118]byte _ uint64 } diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go index dfc007d8a69..c311f9612d8 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go @@ -434,7 +434,7 @@ const ( type SockaddrStorage struct { Family uint16 - _ [118]uint8 + Data [118]byte _ uint64 } diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go b/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go index b53cb9103d3..bba3cefac1d 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go @@ -429,7 +429,7 @@ const ( type SockaddrStorage struct { Family uint16 - _ [118]int8 + Data [118]byte _ uint64 } diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go index fe0aa354728..ad8a0138046 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go @@ -411,7 +411,7 @@ const ( type SockaddrStorage struct { Family uint16 - _ [118]int8 + Data [118]byte _ uint64 } diff --git a/vendor/golang.org/x/sys/windows/syscall_windows.go b/vendor/golang.org/x/sys/windows/syscall_windows.go index 41cb3c01fd9..3723b2c224c 100644 --- a/vendor/golang.org/x/sys/windows/syscall_windows.go +++ b/vendor/golang.org/x/sys/windows/syscall_windows.go @@ -824,6 +824,9 @@ const socket_error = uintptr(^uint32(0)) //sys WSAStartup(verreq uint32, data *WSAData) (sockerr error) = ws2_32.WSAStartup //sys WSACleanup() (err error) [failretval==socket_error] = ws2_32.WSACleanup //sys WSAIoctl(s Handle, iocc uint32, inbuf *byte, cbif uint32, outbuf *byte, cbob uint32, cbbr *uint32, overlapped *Overlapped, completionRoutine uintptr) (err error) [failretval==socket_error] = ws2_32.WSAIoctl +//sys WSALookupServiceBegin(querySet *WSAQUERYSET, flags uint32, handle *Handle) (err error) [failretval==socket_error] = ws2_32.WSALookupServiceBeginW +//sys WSALookupServiceNext(handle Handle, flags uint32, size *int32, querySet *WSAQUERYSET) (err error) [failretval==socket_error] = ws2_32.WSALookupServiceNextW +//sys WSALookupServiceEnd(handle Handle) (err error) [failretval==socket_error] = ws2_32.WSALookupServiceEnd //sys socket(af int32, typ int32, protocol int32) (handle Handle, err error) [failretval==InvalidHandle] = ws2_32.socket //sys sendto(s Handle, buf []byte, flags int32, to unsafe.Pointer, tolen int32) (err error) [failretval==socket_error] = ws2_32.sendto //sys recvfrom(s Handle, buf []byte, flags int32, from *RawSockaddrAny, fromlen *int32) (n int32, err error) [failretval==-1] = ws2_32.recvfrom @@ -1019,8 +1022,7 @@ func (rsa *RawSockaddrAny) Sockaddr() (Sockaddr, error) { for n < len(pp.Path) && pp.Path[n] != 0 { n++ } - bytes := (*[len(pp.Path)]byte)(unsafe.Pointer(&pp.Path[0]))[0:n] - sa.Name = string(bytes) + sa.Name = string(unsafe.Slice((*byte)(unsafe.Pointer(&pp.Path[0])), n)) return sa, nil case AF_INET: diff --git a/vendor/golang.org/x/sys/windows/types_windows.go b/vendor/golang.org/x/sys/windows/types_windows.go index 0c4add97410..857acf1032d 100644 --- a/vendor/golang.org/x/sys/windows/types_windows.go +++ b/vendor/golang.org/x/sys/windows/types_windows.go @@ -1243,6 +1243,51 @@ const ( DnsSectionAdditional = 0x0003 ) +const ( + // flags of WSALookupService + LUP_DEEP = 0x0001 + LUP_CONTAINERS = 0x0002 + LUP_NOCONTAINERS = 0x0004 + LUP_NEAREST = 0x0008 + LUP_RETURN_NAME = 0x0010 + LUP_RETURN_TYPE = 0x0020 + LUP_RETURN_VERSION = 0x0040 + LUP_RETURN_COMMENT = 0x0080 + LUP_RETURN_ADDR = 0x0100 + LUP_RETURN_BLOB = 0x0200 + LUP_RETURN_ALIASES = 0x0400 + LUP_RETURN_QUERY_STRING = 0x0800 + LUP_RETURN_ALL = 0x0FF0 + LUP_RES_SERVICE = 0x8000 + + LUP_FLUSHCACHE = 0x1000 + LUP_FLUSHPREVIOUS = 0x2000 + + LUP_NON_AUTHORITATIVE = 0x4000 + LUP_SECURE = 0x8000 + LUP_RETURN_PREFERRED_NAMES = 0x10000 + LUP_DNS_ONLY = 0x20000 + + LUP_ADDRCONFIG = 0x100000 + LUP_DUAL_ADDR = 0x200000 + LUP_FILESERVER = 0x400000 + LUP_DISABLE_IDN_ENCODING = 0x00800000 + LUP_API_ANSI = 0x01000000 + + LUP_RESOLUTION_HANDLE = 0x80000000 +) + +const ( + // values of WSAQUERYSET's namespace + NS_ALL = 0 + NS_DNS = 12 + NS_NLA = 15 + NS_BTH = 16 + NS_EMAIL = 37 + NS_PNRPNAME = 38 + NS_PNRPCLOUD = 39 +) + type DNSSRVData struct { Target *uint16 Priority uint16 @@ -3258,3 +3303,43 @@ const ( DWMWA_TEXT_COLOR = 36 DWMWA_VISIBLE_FRAME_BORDER_THICKNESS = 37 ) + +type WSAQUERYSET struct { + Size uint32 + ServiceInstanceName *uint16 + ServiceClassId *GUID + Version *WSAVersion + Comment *uint16 + NameSpace uint32 + NSProviderId *GUID + Context *uint16 + NumberOfProtocols uint32 + AfpProtocols *AFProtocols + QueryString *uint16 + NumberOfCsAddrs uint32 + SaBuffer *CSAddrInfo + OutputFlags uint32 + Blob *BLOB +} + +type WSAVersion struct { + Version uint32 + EnumerationOfComparison int32 +} + +type AFProtocols struct { + AddressFamily int32 + Protocol int32 +} + +type CSAddrInfo struct { + LocalAddr SocketAddress + RemoteAddr SocketAddress + SocketType int32 + Protocol int32 +} + +type BLOB struct { + Size uint32 + BlobData *byte +} diff --git a/vendor/golang.org/x/sys/windows/zsyscall_windows.go b/vendor/golang.org/x/sys/windows/zsyscall_windows.go index ac60052e44a..6d2a268534d 100644 --- a/vendor/golang.org/x/sys/windows/zsyscall_windows.go +++ b/vendor/golang.org/x/sys/windows/zsyscall_windows.go @@ -474,6 +474,9 @@ var ( procWSAEnumProtocolsW = modws2_32.NewProc("WSAEnumProtocolsW") procWSAGetOverlappedResult = modws2_32.NewProc("WSAGetOverlappedResult") procWSAIoctl = modws2_32.NewProc("WSAIoctl") + procWSALookupServiceBeginW = modws2_32.NewProc("WSALookupServiceBeginW") + procWSALookupServiceEnd = modws2_32.NewProc("WSALookupServiceEnd") + procWSALookupServiceNextW = modws2_32.NewProc("WSALookupServiceNextW") procWSARecv = modws2_32.NewProc("WSARecv") procWSARecvFrom = modws2_32.NewProc("WSARecvFrom") procWSASend = modws2_32.NewProc("WSASend") @@ -4067,6 +4070,30 @@ func WSAIoctl(s Handle, iocc uint32, inbuf *byte, cbif uint32, outbuf *byte, cbo return } +func WSALookupServiceBegin(querySet *WSAQUERYSET, flags uint32, handle *Handle) (err error) { + r1, _, e1 := syscall.Syscall(procWSALookupServiceBeginW.Addr(), 3, uintptr(unsafe.Pointer(querySet)), uintptr(flags), uintptr(unsafe.Pointer(handle))) + if r1 == socket_error { + err = errnoErr(e1) + } + return +} + +func WSALookupServiceEnd(handle Handle) (err error) { + r1, _, e1 := syscall.Syscall(procWSALookupServiceEnd.Addr(), 1, uintptr(handle), 0, 0) + if r1 == socket_error { + err = errnoErr(e1) + } + return +} + +func WSALookupServiceNext(handle Handle, flags uint32, size *int32, querySet *WSAQUERYSET) (err error) { + r1, _, e1 := syscall.Syscall6(procWSALookupServiceNextW.Addr(), 4, uintptr(handle), uintptr(flags), uintptr(unsafe.Pointer(size)), uintptr(unsafe.Pointer(querySet)), 0, 0) + if r1 == socket_error { + err = errnoErr(e1) + } + return +} + func WSARecv(s Handle, bufs *WSABuf, bufcnt uint32, recvd *uint32, flags *uint32, overlapped *Overlapped, croutine *byte) (err error) { r1, _, e1 := syscall.Syscall9(procWSARecv.Addr(), 7, uintptr(s), uintptr(unsafe.Pointer(bufs)), uintptr(bufcnt), uintptr(unsafe.Pointer(recvd)), uintptr(unsafe.Pointer(flags)), uintptr(unsafe.Pointer(overlapped)), uintptr(unsafe.Pointer(croutine)), 0, 0) if r1 == socket_error { diff --git a/vendor/modules.txt b/vendor/modules.txt index 59e8d48e215..359c7638952 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -67,10 +67,10 @@ github.com/vishvananda/netlink/nl # github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df ## explicit; go 1.12 github.com/vishvananda/netns -# golang.org/x/net v0.7.0 +# golang.org/x/net v0.8.0 ## explicit; go 1.17 golang.org/x/net/bpf -# golang.org/x/sys v0.5.0 +# golang.org/x/sys v0.6.0 ## explicit; go 1.17 golang.org/x/sys/execabs golang.org/x/sys/internal/unsafeheader From 6b41f8ed262d30e4cc09d911a9811440c2a97b3e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 9 Mar 2023 04:59:44 +0000 Subject: [PATCH 0172/1176] build(deps): bump google.golang.org/protobuf from 1.28.1 to 1.29.0 Bumps [google.golang.org/protobuf](https://github.com/protocolbuffers/protobuf-go) from 1.28.1 to 1.29.0. - [Release notes](https://github.com/protocolbuffers/protobuf-go/releases) - [Changelog](https://github.com/protocolbuffers/protobuf-go/blob/master/release.bash) - [Commits](https://github.com/protocolbuffers/protobuf-go/compare/v1.28.1...v1.29.0) --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 3 +- .../protobuf/encoding/protowire/wire.go | 8 +- .../protobuf/internal/encoding/text/decode.go | 5 +- .../internal/encoding/text/decode_number.go | 43 +++-- .../protobuf/internal/genid/descriptor_gen.go | 90 ++++++--- .../protobuf/internal/impl/convert.go | 1 - .../protobuf/internal/strs/strings_unsafe.go | 2 +- .../protobuf/internal/version/version.go | 4 +- .../google.golang.org/protobuf/proto/doc.go | 9 +- .../google.golang.org/protobuf/proto/equal.go | 172 +++--------------- .../reflect/protoreflect/source_gen.go | 14 ++ .../protobuf/reflect/protoreflect/value.go | 2 +- .../reflect/protoreflect/value_equal.go | 168 +++++++++++++++++ .../reflect/protoreflect/value_union.go | 4 +- .../reflect/protoregistry/registry.go | 2 +- vendor/modules.txt | 2 +- 17 files changed, 327 insertions(+), 204 deletions(-) create mode 100644 vendor/google.golang.org/protobuf/reflect/protoreflect/value_equal.go diff --git a/go.mod b/go.mod index 481070bafb2..17b502b89bd 100644 --- a/go.mod +++ b/go.mod @@ -21,7 +21,7 @@ require ( github.com/vishvananda/netlink v1.1.0 golang.org/x/net v0.8.0 golang.org/x/sys v0.6.0 - google.golang.org/protobuf v1.28.1 + google.golang.org/protobuf v1.29.0 ) require ( diff --git a/go.sum b/go.sum index e5f64e00489..8b6c7f690ba 100644 --- a/go.sum +++ b/go.sum @@ -69,8 +69,9 @@ golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= -google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w= google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.29.0 h1:44S3JjaKmLEE4YIkjzexaP+NzZsudE3Zin5Njn/pYX0= +google.golang.org/protobuf v1.29.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= diff --git a/vendor/google.golang.org/protobuf/encoding/protowire/wire.go b/vendor/google.golang.org/protobuf/encoding/protowire/wire.go index ce57f57ebd4..f4b4686cf9d 100644 --- a/vendor/google.golang.org/protobuf/encoding/protowire/wire.go +++ b/vendor/google.golang.org/protobuf/encoding/protowire/wire.go @@ -3,7 +3,7 @@ // license that can be found in the LICENSE file. // Package protowire parses and formats the raw wire encoding. -// See https://developers.google.com/protocol-buffers/docs/encoding. +// See https://protobuf.dev/programming-guides/encoding. // // For marshaling and unmarshaling entire protobuf messages, // use the "google.golang.org/protobuf/proto" package instead. @@ -29,12 +29,8 @@ const ( ) // IsValid reports whether the field number is semantically valid. -// -// Note that while numbers within the reserved range are semantically invalid, -// they are syntactically valid in the wire format. -// Implementations may treat records with reserved field numbers as unknown. func (n Number) IsValid() bool { - return MinValidNumber <= n && n < FirstReservedNumber || LastReservedNumber < n && n <= MaxValidNumber + return MinValidNumber <= n && n <= MaxValidNumber } // Type represents the wire type. diff --git a/vendor/google.golang.org/protobuf/internal/encoding/text/decode.go b/vendor/google.golang.org/protobuf/internal/encoding/text/decode.go index 427c62d037f..87853e786d0 100644 --- a/vendor/google.golang.org/protobuf/internal/encoding/text/decode.go +++ b/vendor/google.golang.org/protobuf/internal/encoding/text/decode.go @@ -412,12 +412,13 @@ func (d *Decoder) parseFieldName() (tok Token, err error) { // Field number. Identify if input is a valid number that is not negative // and is decimal integer within 32-bit range. if num := parseNumber(d.in); num.size > 0 { + str := num.string(d.in) if !num.neg && num.kind == numDec { - if _, err := strconv.ParseInt(string(d.in[:num.size]), 10, 32); err == nil { + if _, err := strconv.ParseInt(str, 10, 32); err == nil { return d.consumeToken(Name, num.size, uint8(FieldNumber)), nil } } - return Token{}, d.newSyntaxError("invalid field number: %s", d.in[:num.size]) + return Token{}, d.newSyntaxError("invalid field number: %s", str) } return Token{}, d.newSyntaxError("invalid field name: %s", errId(d.in)) diff --git a/vendor/google.golang.org/protobuf/internal/encoding/text/decode_number.go b/vendor/google.golang.org/protobuf/internal/encoding/text/decode_number.go index 81a5d8c8613..3dc8e97878b 100644 --- a/vendor/google.golang.org/protobuf/internal/encoding/text/decode_number.go +++ b/vendor/google.golang.org/protobuf/internal/encoding/text/decode_number.go @@ -15,17 +15,12 @@ func (d *Decoder) parseNumberValue() (Token, bool) { if num.neg { numAttrs |= isNegative } - strSize := num.size - last := num.size - 1 - if num.kind == numFloat && (d.in[last] == 'f' || d.in[last] == 'F') { - strSize = last - } tok := Token{ kind: Scalar, attrs: numberValue, pos: len(d.orig) - len(d.in), raw: d.in[:num.size], - str: string(d.in[:strSize]), + str: num.string(d.in), numAttrs: numAttrs, } d.consume(num.size) @@ -46,6 +41,27 @@ type number struct { kind uint8 neg bool size int + // if neg, this is the length of whitespace and comments between + // the minus sign and the rest fo the number literal + sep int +} + +func (num number) string(data []byte) string { + strSize := num.size + last := num.size - 1 + if num.kind == numFloat && (data[last] == 'f' || data[last] == 'F') { + strSize = last + } + if num.neg && num.sep > 0 { + // strip whitespace/comments between negative sign and the rest + strLen := strSize - num.sep + str := make([]byte, strLen) + str[0] = data[0] + copy(str[1:], data[num.sep+1:strSize]) + return string(str) + } + return string(data[:strSize]) + } // parseNumber constructs a number object from given input. It allows for the @@ -67,6 +83,7 @@ func parseNumber(input []byte) number { } // Optional - + var sep int if s[0] == '-' { neg = true s = s[1:] @@ -74,12 +91,14 @@ func parseNumber(input []byte) number { if len(s) == 0 { return number{} } + // Consume any whitespace or comments between the + // negative sign and the rest of the number + lenBefore := len(s) + s = consume(s, 0) + sep = lenBefore - len(s) + size += sep } - // C++ allows for whitespace and comments in between the negative sign and - // the rest of the number. This logic currently does not but is consistent - // with v1. - switch { case s[0] == '0': if len(s) > 1 { @@ -116,7 +135,7 @@ func parseNumber(input []byte) number { if len(s) > 0 && !isDelim(s[0]) { return number{} } - return number{kind: kind, neg: neg, size: size} + return number{kind: kind, neg: neg, size: size, sep: sep} } } s = s[1:] @@ -188,5 +207,5 @@ func parseNumber(input []byte) number { return number{} } - return number{kind: kind, neg: neg, size: size} + return number{kind: kind, neg: neg, size: size, sep: sep} } diff --git a/vendor/google.golang.org/protobuf/internal/genid/descriptor_gen.go b/vendor/google.golang.org/protobuf/internal/genid/descriptor_gen.go index e3cdf1c2059..5c0e8f73f4e 100644 --- a/vendor/google.golang.org/protobuf/internal/genid/descriptor_gen.go +++ b/vendor/google.golang.org/protobuf/internal/genid/descriptor_gen.go @@ -50,6 +50,7 @@ const ( FileDescriptorProto_Options_field_name protoreflect.Name = "options" FileDescriptorProto_SourceCodeInfo_field_name protoreflect.Name = "source_code_info" FileDescriptorProto_Syntax_field_name protoreflect.Name = "syntax" + FileDescriptorProto_Edition_field_name protoreflect.Name = "edition" FileDescriptorProto_Name_field_fullname protoreflect.FullName = "google.protobuf.FileDescriptorProto.name" FileDescriptorProto_Package_field_fullname protoreflect.FullName = "google.protobuf.FileDescriptorProto.package" @@ -63,6 +64,7 @@ const ( FileDescriptorProto_Options_field_fullname protoreflect.FullName = "google.protobuf.FileDescriptorProto.options" FileDescriptorProto_SourceCodeInfo_field_fullname protoreflect.FullName = "google.protobuf.FileDescriptorProto.source_code_info" FileDescriptorProto_Syntax_field_fullname protoreflect.FullName = "google.protobuf.FileDescriptorProto.syntax" + FileDescriptorProto_Edition_field_fullname protoreflect.FullName = "google.protobuf.FileDescriptorProto.edition" ) // Field numbers for google.protobuf.FileDescriptorProto. @@ -79,6 +81,7 @@ const ( FileDescriptorProto_Options_field_number protoreflect.FieldNumber = 8 FileDescriptorProto_SourceCodeInfo_field_number protoreflect.FieldNumber = 9 FileDescriptorProto_Syntax_field_number protoreflect.FieldNumber = 12 + FileDescriptorProto_Edition_field_number protoreflect.FieldNumber = 13 ) // Names for google.protobuf.DescriptorProto. @@ -494,26 +497,29 @@ const ( // Field names for google.protobuf.MessageOptions. const ( - MessageOptions_MessageSetWireFormat_field_name protoreflect.Name = "message_set_wire_format" - MessageOptions_NoStandardDescriptorAccessor_field_name protoreflect.Name = "no_standard_descriptor_accessor" - MessageOptions_Deprecated_field_name protoreflect.Name = "deprecated" - MessageOptions_MapEntry_field_name protoreflect.Name = "map_entry" - MessageOptions_UninterpretedOption_field_name protoreflect.Name = "uninterpreted_option" + MessageOptions_MessageSetWireFormat_field_name protoreflect.Name = "message_set_wire_format" + MessageOptions_NoStandardDescriptorAccessor_field_name protoreflect.Name = "no_standard_descriptor_accessor" + MessageOptions_Deprecated_field_name protoreflect.Name = "deprecated" + MessageOptions_MapEntry_field_name protoreflect.Name = "map_entry" + MessageOptions_DeprecatedLegacyJsonFieldConflicts_field_name protoreflect.Name = "deprecated_legacy_json_field_conflicts" + MessageOptions_UninterpretedOption_field_name protoreflect.Name = "uninterpreted_option" - MessageOptions_MessageSetWireFormat_field_fullname protoreflect.FullName = "google.protobuf.MessageOptions.message_set_wire_format" - MessageOptions_NoStandardDescriptorAccessor_field_fullname protoreflect.FullName = "google.protobuf.MessageOptions.no_standard_descriptor_accessor" - MessageOptions_Deprecated_field_fullname protoreflect.FullName = "google.protobuf.MessageOptions.deprecated" - MessageOptions_MapEntry_field_fullname protoreflect.FullName = "google.protobuf.MessageOptions.map_entry" - MessageOptions_UninterpretedOption_field_fullname protoreflect.FullName = "google.protobuf.MessageOptions.uninterpreted_option" + MessageOptions_MessageSetWireFormat_field_fullname protoreflect.FullName = "google.protobuf.MessageOptions.message_set_wire_format" + MessageOptions_NoStandardDescriptorAccessor_field_fullname protoreflect.FullName = "google.protobuf.MessageOptions.no_standard_descriptor_accessor" + MessageOptions_Deprecated_field_fullname protoreflect.FullName = "google.protobuf.MessageOptions.deprecated" + MessageOptions_MapEntry_field_fullname protoreflect.FullName = "google.protobuf.MessageOptions.map_entry" + MessageOptions_DeprecatedLegacyJsonFieldConflicts_field_fullname protoreflect.FullName = "google.protobuf.MessageOptions.deprecated_legacy_json_field_conflicts" + MessageOptions_UninterpretedOption_field_fullname protoreflect.FullName = "google.protobuf.MessageOptions.uninterpreted_option" ) // Field numbers for google.protobuf.MessageOptions. const ( - MessageOptions_MessageSetWireFormat_field_number protoreflect.FieldNumber = 1 - MessageOptions_NoStandardDescriptorAccessor_field_number protoreflect.FieldNumber = 2 - MessageOptions_Deprecated_field_number protoreflect.FieldNumber = 3 - MessageOptions_MapEntry_field_number protoreflect.FieldNumber = 7 - MessageOptions_UninterpretedOption_field_number protoreflect.FieldNumber = 999 + MessageOptions_MessageSetWireFormat_field_number protoreflect.FieldNumber = 1 + MessageOptions_NoStandardDescriptorAccessor_field_number protoreflect.FieldNumber = 2 + MessageOptions_Deprecated_field_number protoreflect.FieldNumber = 3 + MessageOptions_MapEntry_field_number protoreflect.FieldNumber = 7 + MessageOptions_DeprecatedLegacyJsonFieldConflicts_field_number protoreflect.FieldNumber = 11 + MessageOptions_UninterpretedOption_field_number protoreflect.FieldNumber = 999 ) // Names for google.protobuf.FieldOptions. @@ -528,16 +534,24 @@ const ( FieldOptions_Packed_field_name protoreflect.Name = "packed" FieldOptions_Jstype_field_name protoreflect.Name = "jstype" FieldOptions_Lazy_field_name protoreflect.Name = "lazy" + FieldOptions_UnverifiedLazy_field_name protoreflect.Name = "unverified_lazy" FieldOptions_Deprecated_field_name protoreflect.Name = "deprecated" FieldOptions_Weak_field_name protoreflect.Name = "weak" + FieldOptions_DebugRedact_field_name protoreflect.Name = "debug_redact" + FieldOptions_Retention_field_name protoreflect.Name = "retention" + FieldOptions_Target_field_name protoreflect.Name = "target" FieldOptions_UninterpretedOption_field_name protoreflect.Name = "uninterpreted_option" FieldOptions_Ctype_field_fullname protoreflect.FullName = "google.protobuf.FieldOptions.ctype" FieldOptions_Packed_field_fullname protoreflect.FullName = "google.protobuf.FieldOptions.packed" FieldOptions_Jstype_field_fullname protoreflect.FullName = "google.protobuf.FieldOptions.jstype" FieldOptions_Lazy_field_fullname protoreflect.FullName = "google.protobuf.FieldOptions.lazy" + FieldOptions_UnverifiedLazy_field_fullname protoreflect.FullName = "google.protobuf.FieldOptions.unverified_lazy" FieldOptions_Deprecated_field_fullname protoreflect.FullName = "google.protobuf.FieldOptions.deprecated" FieldOptions_Weak_field_fullname protoreflect.FullName = "google.protobuf.FieldOptions.weak" + FieldOptions_DebugRedact_field_fullname protoreflect.FullName = "google.protobuf.FieldOptions.debug_redact" + FieldOptions_Retention_field_fullname protoreflect.FullName = "google.protobuf.FieldOptions.retention" + FieldOptions_Target_field_fullname protoreflect.FullName = "google.protobuf.FieldOptions.target" FieldOptions_UninterpretedOption_field_fullname protoreflect.FullName = "google.protobuf.FieldOptions.uninterpreted_option" ) @@ -547,8 +561,12 @@ const ( FieldOptions_Packed_field_number protoreflect.FieldNumber = 2 FieldOptions_Jstype_field_number protoreflect.FieldNumber = 6 FieldOptions_Lazy_field_number protoreflect.FieldNumber = 5 + FieldOptions_UnverifiedLazy_field_number protoreflect.FieldNumber = 15 FieldOptions_Deprecated_field_number protoreflect.FieldNumber = 3 FieldOptions_Weak_field_number protoreflect.FieldNumber = 10 + FieldOptions_DebugRedact_field_number protoreflect.FieldNumber = 16 + FieldOptions_Retention_field_number protoreflect.FieldNumber = 17 + FieldOptions_Target_field_number protoreflect.FieldNumber = 18 FieldOptions_UninterpretedOption_field_number protoreflect.FieldNumber = 999 ) @@ -564,6 +582,18 @@ const ( FieldOptions_JSType_enum_name = "JSType" ) +// Full and short names for google.protobuf.FieldOptions.OptionRetention. +const ( + FieldOptions_OptionRetention_enum_fullname = "google.protobuf.FieldOptions.OptionRetention" + FieldOptions_OptionRetention_enum_name = "OptionRetention" +) + +// Full and short names for google.protobuf.FieldOptions.OptionTargetType. +const ( + FieldOptions_OptionTargetType_enum_fullname = "google.protobuf.FieldOptions.OptionTargetType" + FieldOptions_OptionTargetType_enum_name = "OptionTargetType" +) + // Names for google.protobuf.OneofOptions. const ( OneofOptions_message_name protoreflect.Name = "OneofOptions" @@ -590,20 +620,23 @@ const ( // Field names for google.protobuf.EnumOptions. const ( - EnumOptions_AllowAlias_field_name protoreflect.Name = "allow_alias" - EnumOptions_Deprecated_field_name protoreflect.Name = "deprecated" - EnumOptions_UninterpretedOption_field_name protoreflect.Name = "uninterpreted_option" + EnumOptions_AllowAlias_field_name protoreflect.Name = "allow_alias" + EnumOptions_Deprecated_field_name protoreflect.Name = "deprecated" + EnumOptions_DeprecatedLegacyJsonFieldConflicts_field_name protoreflect.Name = "deprecated_legacy_json_field_conflicts" + EnumOptions_UninterpretedOption_field_name protoreflect.Name = "uninterpreted_option" - EnumOptions_AllowAlias_field_fullname protoreflect.FullName = "google.protobuf.EnumOptions.allow_alias" - EnumOptions_Deprecated_field_fullname protoreflect.FullName = "google.protobuf.EnumOptions.deprecated" - EnumOptions_UninterpretedOption_field_fullname protoreflect.FullName = "google.protobuf.EnumOptions.uninterpreted_option" + EnumOptions_AllowAlias_field_fullname protoreflect.FullName = "google.protobuf.EnumOptions.allow_alias" + EnumOptions_Deprecated_field_fullname protoreflect.FullName = "google.protobuf.EnumOptions.deprecated" + EnumOptions_DeprecatedLegacyJsonFieldConflicts_field_fullname protoreflect.FullName = "google.protobuf.EnumOptions.deprecated_legacy_json_field_conflicts" + EnumOptions_UninterpretedOption_field_fullname protoreflect.FullName = "google.protobuf.EnumOptions.uninterpreted_option" ) // Field numbers for google.protobuf.EnumOptions. const ( - EnumOptions_AllowAlias_field_number protoreflect.FieldNumber = 2 - EnumOptions_Deprecated_field_number protoreflect.FieldNumber = 3 - EnumOptions_UninterpretedOption_field_number protoreflect.FieldNumber = 999 + EnumOptions_AllowAlias_field_number protoreflect.FieldNumber = 2 + EnumOptions_Deprecated_field_number protoreflect.FieldNumber = 3 + EnumOptions_DeprecatedLegacyJsonFieldConflicts_field_number protoreflect.FieldNumber = 6 + EnumOptions_UninterpretedOption_field_number protoreflect.FieldNumber = 999 ) // Names for google.protobuf.EnumValueOptions. @@ -813,11 +846,13 @@ const ( GeneratedCodeInfo_Annotation_SourceFile_field_name protoreflect.Name = "source_file" GeneratedCodeInfo_Annotation_Begin_field_name protoreflect.Name = "begin" GeneratedCodeInfo_Annotation_End_field_name protoreflect.Name = "end" + GeneratedCodeInfo_Annotation_Semantic_field_name protoreflect.Name = "semantic" GeneratedCodeInfo_Annotation_Path_field_fullname protoreflect.FullName = "google.protobuf.GeneratedCodeInfo.Annotation.path" GeneratedCodeInfo_Annotation_SourceFile_field_fullname protoreflect.FullName = "google.protobuf.GeneratedCodeInfo.Annotation.source_file" GeneratedCodeInfo_Annotation_Begin_field_fullname protoreflect.FullName = "google.protobuf.GeneratedCodeInfo.Annotation.begin" GeneratedCodeInfo_Annotation_End_field_fullname protoreflect.FullName = "google.protobuf.GeneratedCodeInfo.Annotation.end" + GeneratedCodeInfo_Annotation_Semantic_field_fullname protoreflect.FullName = "google.protobuf.GeneratedCodeInfo.Annotation.semantic" ) // Field numbers for google.protobuf.GeneratedCodeInfo.Annotation. @@ -826,4 +861,11 @@ const ( GeneratedCodeInfo_Annotation_SourceFile_field_number protoreflect.FieldNumber = 2 GeneratedCodeInfo_Annotation_Begin_field_number protoreflect.FieldNumber = 3 GeneratedCodeInfo_Annotation_End_field_number protoreflect.FieldNumber = 4 + GeneratedCodeInfo_Annotation_Semantic_field_number protoreflect.FieldNumber = 5 +) + +// Full and short names for google.protobuf.GeneratedCodeInfo.Annotation.Semantic. +const ( + GeneratedCodeInfo_Annotation_Semantic_enum_fullname = "google.protobuf.GeneratedCodeInfo.Annotation.Semantic" + GeneratedCodeInfo_Annotation_Semantic_enum_name = "Semantic" ) diff --git a/vendor/google.golang.org/protobuf/internal/impl/convert.go b/vendor/google.golang.org/protobuf/internal/impl/convert.go index 11a6128ba56..185ef2efa5b 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/convert.go +++ b/vendor/google.golang.org/protobuf/internal/impl/convert.go @@ -59,7 +59,6 @@ func NewConverter(t reflect.Type, fd protoreflect.FieldDescriptor) Converter { default: return newSingularConverter(t, fd) } - panic(fmt.Sprintf("invalid Go type %v for field %v", t, fd.FullName())) } var ( diff --git a/vendor/google.golang.org/protobuf/internal/strs/strings_unsafe.go b/vendor/google.golang.org/protobuf/internal/strs/strings_unsafe.go index fea589c457e..61a84d34185 100644 --- a/vendor/google.golang.org/protobuf/internal/strs/strings_unsafe.go +++ b/vendor/google.golang.org/protobuf/internal/strs/strings_unsafe.go @@ -87,7 +87,7 @@ func (sb *Builder) grow(n int) { // Unlike strings.Builder, we do not need to copy over the contents // of the old buffer since our builder provides no API for // retrieving previously created strings. - sb.buf = make([]byte, 2*(cap(sb.buf)+n)) + sb.buf = make([]byte, 0, 2*(cap(sb.buf)+n)) } func (sb *Builder) last(n int) string { diff --git a/vendor/google.golang.org/protobuf/internal/version/version.go b/vendor/google.golang.org/protobuf/internal/version/version.go index b480c5010f1..f6e0119fe9b 100644 --- a/vendor/google.golang.org/protobuf/internal/version/version.go +++ b/vendor/google.golang.org/protobuf/internal/version/version.go @@ -51,8 +51,8 @@ import ( // 10. Send out the CL for review and submit it. const ( Major = 1 - Minor = 28 - Patch = 1 + Minor = 29 + Patch = 0 PreRelease = "" ) diff --git a/vendor/google.golang.org/protobuf/proto/doc.go b/vendor/google.golang.org/protobuf/proto/doc.go index 08d2a46f535..ec71e717fe7 100644 --- a/vendor/google.golang.org/protobuf/proto/doc.go +++ b/vendor/google.golang.org/protobuf/proto/doc.go @@ -5,16 +5,13 @@ // Package proto provides functions operating on protocol buffer messages. // // For documentation on protocol buffers in general, see: -// -// https://developers.google.com/protocol-buffers +// https://protobuf.dev. // // For a tutorial on using protocol buffers with Go, see: -// -// https://developers.google.com/protocol-buffers/docs/gotutorial +// https://protobuf.dev/getting-started/gotutorial. // // For a guide to generated Go protocol buffer code, see: -// -// https://developers.google.com/protocol-buffers/docs/reference/go-generated +// https://protobuf.dev/reference/go/go-generated. // // # Binary serialization // diff --git a/vendor/google.golang.org/protobuf/proto/equal.go b/vendor/google.golang.org/protobuf/proto/equal.go index 67948dd1df8..1a0be1b03c7 100644 --- a/vendor/google.golang.org/protobuf/proto/equal.go +++ b/vendor/google.golang.org/protobuf/proto/equal.go @@ -5,30 +5,39 @@ package proto import ( - "bytes" - "math" "reflect" - "google.golang.org/protobuf/encoding/protowire" "google.golang.org/protobuf/reflect/protoreflect" ) -// Equal reports whether two messages are equal. -// If two messages marshal to the same bytes under deterministic serialization, -// then Equal is guaranteed to report true. +// Equal reports whether two messages are equal, +// by recursively comparing the fields of the message. // -// Two messages are equal if they belong to the same message descriptor, -// have the same set of populated known and extension field values, -// and the same set of unknown fields values. If either of the top-level -// messages are invalid, then Equal reports true only if both are invalid. +// - Bytes fields are equal if they contain identical bytes. +// Empty bytes (regardless of nil-ness) are considered equal. // -// Scalar values are compared with the equivalent of the == operator in Go, -// except bytes values which are compared using bytes.Equal and -// floating point values which specially treat NaNs as equal. -// Message values are compared by recursively calling Equal. -// Lists are equal if each element value is also equal. -// Maps are equal if they have the same set of keys, where the pair of values -// for each key is also equal. +// - Floating-point fields are equal if they contain the same value. +// Unlike the == operator, a NaN is equal to another NaN. +// +// - Other scalar fields are equal if they contain the same value. +// +// - Message fields are equal if they have +// the same set of populated known and extension field values, and +// the same set of unknown fields values. +// +// - Lists are equal if they are the same length and +// each corresponding element is equal. +// +// - Maps are equal if they have the same set of keys and +// the corresponding value for each key is equal. +// +// An invalid message is not equal to a valid message. +// An invalid message is only equal to another invalid message of the +// same type. An invalid message often corresponds to a nil pointer +// of the concrete message type. For example, (*pb.M)(nil) is not equal +// to &pb.M{}. +// If two valid messages marshal to the same bytes under deterministic +// serialization, then Equal is guaranteed to report true. func Equal(x, y Message) bool { if x == nil || y == nil { return x == nil && y == nil @@ -42,130 +51,7 @@ func Equal(x, y Message) bool { if mx.IsValid() != my.IsValid() { return false } - return equalMessage(mx, my) -} - -// equalMessage compares two messages. -func equalMessage(mx, my protoreflect.Message) bool { - if mx.Descriptor() != my.Descriptor() { - return false - } - - nx := 0 - equal := true - mx.Range(func(fd protoreflect.FieldDescriptor, vx protoreflect.Value) bool { - nx++ - vy := my.Get(fd) - equal = my.Has(fd) && equalField(fd, vx, vy) - return equal - }) - if !equal { - return false - } - ny := 0 - my.Range(func(fd protoreflect.FieldDescriptor, vx protoreflect.Value) bool { - ny++ - return true - }) - if nx != ny { - return false - } - - return equalUnknown(mx.GetUnknown(), my.GetUnknown()) -} - -// equalField compares two fields. -func equalField(fd protoreflect.FieldDescriptor, x, y protoreflect.Value) bool { - switch { - case fd.IsList(): - return equalList(fd, x.List(), y.List()) - case fd.IsMap(): - return equalMap(fd, x.Map(), y.Map()) - default: - return equalValue(fd, x, y) - } -} - -// equalMap compares two maps. -func equalMap(fd protoreflect.FieldDescriptor, x, y protoreflect.Map) bool { - if x.Len() != y.Len() { - return false - } - equal := true - x.Range(func(k protoreflect.MapKey, vx protoreflect.Value) bool { - vy := y.Get(k) - equal = y.Has(k) && equalValue(fd.MapValue(), vx, vy) - return equal - }) - return equal -} - -// equalList compares two lists. -func equalList(fd protoreflect.FieldDescriptor, x, y protoreflect.List) bool { - if x.Len() != y.Len() { - return false - } - for i := x.Len() - 1; i >= 0; i-- { - if !equalValue(fd, x.Get(i), y.Get(i)) { - return false - } - } - return true -} - -// equalValue compares two singular values. -func equalValue(fd protoreflect.FieldDescriptor, x, y protoreflect.Value) bool { - switch fd.Kind() { - case protoreflect.BoolKind: - return x.Bool() == y.Bool() - case protoreflect.EnumKind: - return x.Enum() == y.Enum() - case protoreflect.Int32Kind, protoreflect.Sint32Kind, - protoreflect.Int64Kind, protoreflect.Sint64Kind, - protoreflect.Sfixed32Kind, protoreflect.Sfixed64Kind: - return x.Int() == y.Int() - case protoreflect.Uint32Kind, protoreflect.Uint64Kind, - protoreflect.Fixed32Kind, protoreflect.Fixed64Kind: - return x.Uint() == y.Uint() - case protoreflect.FloatKind, protoreflect.DoubleKind: - fx := x.Float() - fy := y.Float() - if math.IsNaN(fx) || math.IsNaN(fy) { - return math.IsNaN(fx) && math.IsNaN(fy) - } - return fx == fy - case protoreflect.StringKind: - return x.String() == y.String() - case protoreflect.BytesKind: - return bytes.Equal(x.Bytes(), y.Bytes()) - case protoreflect.MessageKind, protoreflect.GroupKind: - return equalMessage(x.Message(), y.Message()) - default: - return x.Interface() == y.Interface() - } -} - -// equalUnknown compares unknown fields by direct comparison on the raw bytes -// of each individual field number. -func equalUnknown(x, y protoreflect.RawFields) bool { - if len(x) != len(y) { - return false - } - if bytes.Equal([]byte(x), []byte(y)) { - return true - } - - mx := make(map[protoreflect.FieldNumber]protoreflect.RawFields) - my := make(map[protoreflect.FieldNumber]protoreflect.RawFields) - for len(x) > 0 { - fnum, _, n := protowire.ConsumeField(x) - mx[fnum] = append(mx[fnum], x[:n]...) - x = x[n:] - } - for len(y) > 0 { - fnum, _, n := protowire.ConsumeField(y) - my[fnum] = append(my[fnum], y[:n]...) - y = y[n:] - } - return reflect.DeepEqual(mx, my) + vx := protoreflect.ValueOfMessage(mx) + vy := protoreflect.ValueOfMessage(my) + return vx.Equal(vy) } diff --git a/vendor/google.golang.org/protobuf/reflect/protoreflect/source_gen.go b/vendor/google.golang.org/protobuf/reflect/protoreflect/source_gen.go index b03c1223c4a..54ce326df94 100644 --- a/vendor/google.golang.org/protobuf/reflect/protoreflect/source_gen.go +++ b/vendor/google.golang.org/protobuf/reflect/protoreflect/source_gen.go @@ -35,6 +35,8 @@ func (p *SourcePath) appendFileDescriptorProto(b []byte) []byte { b = p.appendSingularField(b, "source_code_info", (*SourcePath).appendSourceCodeInfo) case 12: b = p.appendSingularField(b, "syntax", nil) + case 13: + b = p.appendSingularField(b, "edition", nil) } return b } @@ -236,6 +238,8 @@ func (p *SourcePath) appendMessageOptions(b []byte) []byte { b = p.appendSingularField(b, "deprecated", nil) case 7: b = p.appendSingularField(b, "map_entry", nil) + case 11: + b = p.appendSingularField(b, "deprecated_legacy_json_field_conflicts", nil) case 999: b = p.appendRepeatedField(b, "uninterpreted_option", (*SourcePath).appendUninterpretedOption) } @@ -279,6 +283,8 @@ func (p *SourcePath) appendEnumOptions(b []byte) []byte { b = p.appendSingularField(b, "allow_alias", nil) case 3: b = p.appendSingularField(b, "deprecated", nil) + case 6: + b = p.appendSingularField(b, "deprecated_legacy_json_field_conflicts", nil) case 999: b = p.appendRepeatedField(b, "uninterpreted_option", (*SourcePath).appendUninterpretedOption) } @@ -345,10 +351,18 @@ func (p *SourcePath) appendFieldOptions(b []byte) []byte { b = p.appendSingularField(b, "jstype", nil) case 5: b = p.appendSingularField(b, "lazy", nil) + case 15: + b = p.appendSingularField(b, "unverified_lazy", nil) case 3: b = p.appendSingularField(b, "deprecated", nil) case 10: b = p.appendSingularField(b, "weak", nil) + case 16: + b = p.appendSingularField(b, "debug_redact", nil) + case 17: + b = p.appendSingularField(b, "retention", nil) + case 18: + b = p.appendSingularField(b, "target", nil) case 999: b = p.appendRepeatedField(b, "uninterpreted_option", (*SourcePath).appendUninterpretedOption) } diff --git a/vendor/google.golang.org/protobuf/reflect/protoreflect/value.go b/vendor/google.golang.org/protobuf/reflect/protoreflect/value.go index f3198107782..37601b78199 100644 --- a/vendor/google.golang.org/protobuf/reflect/protoreflect/value.go +++ b/vendor/google.golang.org/protobuf/reflect/protoreflect/value.go @@ -148,7 +148,7 @@ type Message interface { // be preserved in marshaling or other operations. IsValid() bool - // ProtoMethods returns optional fast-path implementions of various operations. + // ProtoMethods returns optional fast-path implementations of various operations. // This method may return nil. // // The returned methods type is identical to diff --git a/vendor/google.golang.org/protobuf/reflect/protoreflect/value_equal.go b/vendor/google.golang.org/protobuf/reflect/protoreflect/value_equal.go new file mode 100644 index 00000000000..591652541f2 --- /dev/null +++ b/vendor/google.golang.org/protobuf/reflect/protoreflect/value_equal.go @@ -0,0 +1,168 @@ +// Copyright 2022 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package protoreflect + +import ( + "bytes" + "fmt" + "math" + "reflect" + + "google.golang.org/protobuf/encoding/protowire" +) + +// Equal reports whether v1 and v2 are recursively equal. +// +// - Values of different types are always unequal. +// +// - Bytes values are equal if they contain identical bytes. +// Empty bytes (regardless of nil-ness) are considered equal. +// +// - Floating point values are equal if they contain the same value. +// Unlike the == operator, a NaN is equal to another NaN. +// +// - Enums are equal if they contain the same number. +// Since Value does not contain an enum descriptor, +// enum values do not consider the type of the enum. +// +// - Other scalar values are equal if they contain the same value. +// +// - Message values are equal if they belong to the same message descriptor, +// have the same set of populated known and extension field values, +// and the same set of unknown fields values. +// +// - Lists are equal if they are the same length and +// each corresponding element is equal. +// +// - Maps are equal if they have the same set of keys and +// the corresponding value for each key is equal. +func (v1 Value) Equal(v2 Value) bool { + return equalValue(v1, v2) +} + +func equalValue(x, y Value) bool { + eqType := x.typ == y.typ + switch x.typ { + case nilType: + return eqType + case boolType: + return eqType && x.Bool() == y.Bool() + case int32Type, int64Type: + return eqType && x.Int() == y.Int() + case uint32Type, uint64Type: + return eqType && x.Uint() == y.Uint() + case float32Type, float64Type: + return eqType && equalFloat(x.Float(), y.Float()) + case stringType: + return eqType && x.String() == y.String() + case bytesType: + return eqType && bytes.Equal(x.Bytes(), y.Bytes()) + case enumType: + return eqType && x.Enum() == y.Enum() + default: + switch x := x.Interface().(type) { + case Message: + y, ok := y.Interface().(Message) + return ok && equalMessage(x, y) + case List: + y, ok := y.Interface().(List) + return ok && equalList(x, y) + case Map: + y, ok := y.Interface().(Map) + return ok && equalMap(x, y) + default: + panic(fmt.Sprintf("unknown type: %T", x)) + } + } +} + +// equalFloat compares two floats, where NaNs are treated as equal. +func equalFloat(x, y float64) bool { + if math.IsNaN(x) || math.IsNaN(y) { + return math.IsNaN(x) && math.IsNaN(y) + } + return x == y +} + +// equalMessage compares two messages. +func equalMessage(mx, my Message) bool { + if mx.Descriptor() != my.Descriptor() { + return false + } + + nx := 0 + equal := true + mx.Range(func(fd FieldDescriptor, vx Value) bool { + nx++ + vy := my.Get(fd) + equal = my.Has(fd) && equalValue(vx, vy) + return equal + }) + if !equal { + return false + } + ny := 0 + my.Range(func(fd FieldDescriptor, vx Value) bool { + ny++ + return true + }) + if nx != ny { + return false + } + + return equalUnknown(mx.GetUnknown(), my.GetUnknown()) +} + +// equalList compares two lists. +func equalList(x, y List) bool { + if x.Len() != y.Len() { + return false + } + for i := x.Len() - 1; i >= 0; i-- { + if !equalValue(x.Get(i), y.Get(i)) { + return false + } + } + return true +} + +// equalMap compares two maps. +func equalMap(x, y Map) bool { + if x.Len() != y.Len() { + return false + } + equal := true + x.Range(func(k MapKey, vx Value) bool { + vy := y.Get(k) + equal = y.Has(k) && equalValue(vx, vy) + return equal + }) + return equal +} + +// equalUnknown compares unknown fields by direct comparison on the raw bytes +// of each individual field number. +func equalUnknown(x, y RawFields) bool { + if len(x) != len(y) { + return false + } + if bytes.Equal([]byte(x), []byte(y)) { + return true + } + + mx := make(map[FieldNumber]RawFields) + my := make(map[FieldNumber]RawFields) + for len(x) > 0 { + fnum, _, n := protowire.ConsumeField(x) + mx[fnum] = append(mx[fnum], x[:n]...) + x = x[n:] + } + for len(y) > 0 { + fnum, _, n := protowire.ConsumeField(y) + my[fnum] = append(my[fnum], y[:n]...) + y = y[n:] + } + return reflect.DeepEqual(mx, my) +} diff --git a/vendor/google.golang.org/protobuf/reflect/protoreflect/value_union.go b/vendor/google.golang.org/protobuf/reflect/protoreflect/value_union.go index ca8e28c5bc8..08e5ef73fc0 100644 --- a/vendor/google.golang.org/protobuf/reflect/protoreflect/value_union.go +++ b/vendor/google.golang.org/protobuf/reflect/protoreflect/value_union.go @@ -54,11 +54,11 @@ import ( // // Append a 0 to a "repeated int32" field. // // Since the Value returned by Mutable is guaranteed to alias // // the source message, modifying the Value modifies the message. -// message.Mutable(fieldDesc).(List).Append(protoreflect.ValueOfInt32(0)) +// message.Mutable(fieldDesc).List().Append(protoreflect.ValueOfInt32(0)) // // // Assign [0] to a "repeated int32" field by creating a new Value, // // modifying it, and assigning it. -// list := message.NewField(fieldDesc).(List) +// list := message.NewField(fieldDesc).List() // list.Append(protoreflect.ValueOfInt32(0)) // message.Set(fieldDesc, list) // // ERROR: Since it is not defined whether Set aliases the source, diff --git a/vendor/google.golang.org/protobuf/reflect/protoregistry/registry.go b/vendor/google.golang.org/protobuf/reflect/protoregistry/registry.go index 58352a6978b..aeb55977446 100644 --- a/vendor/google.golang.org/protobuf/reflect/protoregistry/registry.go +++ b/vendor/google.golang.org/protobuf/reflect/protoregistry/registry.go @@ -46,7 +46,7 @@ var conflictPolicy = "panic" // "panic" | "warn" | "ignore" // It is a variable so that the behavior is easily overridden in another file. var ignoreConflict = func(d protoreflect.Descriptor, err error) bool { const env = "GOLANG_PROTOBUF_REGISTRATION_CONFLICT" - const faq = "https://developers.google.com/protocol-buffers/docs/reference/go/faq#namespace-conflict" + const faq = "https://protobuf.dev/reference/go/faq#namespace-conflict" policy := conflictPolicy if v := os.Getenv(env); v != "" { policy = v diff --git a/vendor/modules.txt b/vendor/modules.txt index 359c7638952..dc81688a765 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -76,7 +76,7 @@ golang.org/x/sys/execabs golang.org/x/sys/internal/unsafeheader golang.org/x/sys/unix golang.org/x/sys/windows -# google.golang.org/protobuf v1.28.1 +# google.golang.org/protobuf v1.29.0 ## explicit; go 1.11 google.golang.org/protobuf/encoding/prototext google.golang.org/protobuf/encoding/protowire From 7d940bdf994a85934154845dc3c31ffd1c94d21d Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Fri, 10 Mar 2023 00:01:43 +0900 Subject: [PATCH 0173/1176] Add `.github/ISSUE_TEMPLATE/config.yml` After merging this PR, the "Report a security vulnerability" button will appear in "New issue" screen. Demo: https://github.com/containerd/nerdctl/issues Signed-off-by: Akihiro Suda --- .github/ISSUE_TEMPLATE/bug_report.yaml | 54 ++++++++++++++++++++++++++ .github/ISSUE_TEMPLATE/config.yml | 14 +++++++ SECURITY.md | 1 + 3 files changed, 69 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE/bug_report.yaml create mode 100644 .github/ISSUE_TEMPLATE/config.yml diff --git a/.github/ISSUE_TEMPLATE/bug_report.yaml b/.github/ISSUE_TEMPLATE/bug_report.yaml new file mode 100644 index 00000000000..3af44b54025 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.yaml @@ -0,0 +1,54 @@ +# Forked from https://github.com/containerd/nerdctl/blob/v1.2.1/.github/ISSUE_TEMPLATE/bug_report.yaml +name: Bug report +description: Create a bug report to help improve runc +labels: kind/unconfirmed-bug-claim +body: + - type: markdown + attributes: + value: | + If you are reporting a new issue, make sure that we do not have any duplicates + already open. You can ensure this by searching the issue list for this + repository. If there is a duplicate, please close your issue and add a comment + to the existing issue instead. + + When reporting a security issue, do not create an issue or file a pull request on GitHub. + See [`opencontainers/.github/SECURITY.md`](https://github.com/opencontainers/.github/blob/master/SECURITY.md). + + - type: textarea + attributes: + label: Description + description: | + Briefly describe the problem you are having in a few paragraphs. + validations: + required: true + + - type: textarea + attributes: + label: Steps to reproduce the issue + value: | + 1. + 2. + 3. + + - type: textarea + attributes: + label: Describe the results you received and expected + validations: + required: true + + - type: textarea + attributes: + label: What version of runc are you using? + placeholder: runc --version + validations: + required: true + + - type: textarea + attributes: + label: Host OS information + placeholder: cat /etc/os-release + + - type: textarea + attributes: + label: Host kernel information + placeholder: uname -a diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml new file mode 100644 index 00000000000..857778b7224 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -0,0 +1,14 @@ +# Forked from https://github.com/containerd/nerdctl/blob/main/.github/ISSUE_TEMPLATE/config.yml +blank_issues_enabled: true +contact_links: + - name: Ask a question (GitHub Discussions) + url: https://github.com/opencontainers/runc/discussions + about: | + Please do not submit "a bug report" for asking a question. + In most cases, GitHub Discussions is the best place to ask a question. + If you are not sure whether you are going to report a bug or ask a question, + please consider asking in GitHub Discussions first. + - name: Slack (opencontainers.slack.com) + url: https://communityinviter.com/apps/opencontainers/join-the-oci-community + - name: Mailing list + url: https://groups.google.com/a/opencontainers.org/forum/#!forum/dev diff --git a/SECURITY.md b/SECURITY.md index 61e37bc568a..b2b58c451c8 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,3 +1,4 @@ # Security +When reporting a security issue, do not create an issue or file a pull request on GitHub. The reporting process and disclosure communications are outlined [here](https://github.com/opencontainers/org/blob/master/SECURITY.md). From afeffb7ea806166e3c2cce8327864c03c9a34e26 Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Fri, 10 Mar 2023 09:44:26 +0900 Subject: [PATCH 0174/1176] .github/ISSUE_TEMPLATE/config.yml: fix contact links `contact_links` without `about` properties are not shown in https://github.com/opencontainers/runc/issues/new/choose Signed-off-by: Akihiro Suda --- .github/ISSUE_TEMPLATE/config.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml index 857778b7224..528b06b44e8 100644 --- a/.github/ISSUE_TEMPLATE/config.yml +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -10,5 +10,8 @@ contact_links: please consider asking in GitHub Discussions first. - name: Slack (opencontainers.slack.com) url: https://communityinviter.com/apps/opencontainers/join-the-oci-community + # GitHub requires the `about` property to be set + about: Slack - name: Mailing list url: https://groups.google.com/a/opencontainers.org/forum/#!forum/dev + about: Mailing list From df4eae457b8ccffa619c659c2def5c777d8ff507 Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Mon, 26 Dec 2022 12:04:26 +0900 Subject: [PATCH 0175/1176] rootless: fix /sys/fs/cgroup mounts It was found that rootless runc makes `/sys/fs/cgroup` writable in following conditons: 1. when runc is executed inside the user namespace, and the config.json does not specify the cgroup namespace to be unshared (e.g.., `(docker|podman|nerdctl) run --cgroupns=host`, with Rootless Docker/Podman/nerdctl) 2. or, when runc is executed outside the user namespace, and `/sys` is mounted with `rbind, ro` (e.g., `runc spec --rootless`; this condition is very rare) A container may gain the write access to user-owned cgroup hierarchy `/sys/fs/cgroup/user.slice/...` on the host. Other users's cgroup hierarchies are not affected. To fix the issue, this commit does: 1. Remount `/sys/fs/cgroup` to apply `MS_RDONLY` when it is being bind-mounted 2. Mask `/sys/fs/cgroup` when the bind source is unavailable Fix CVE-2023-25809 (GHSA-m8cg-xc2p-r3fc) Co-authored-by: Kir Kolyshkin Signed-off-by: Akihiro Suda --- libcontainer/rootfs_linux.go | 53 ++++++++++++++++++++++------------- tests/integration/mounts.bats | 17 +++++++++++ 2 files changed, 51 insertions(+), 19 deletions(-) diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index 2a98372b561..2e0e3770c2f 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -306,26 +306,41 @@ func mountCgroupV2(m *configs.Mount, c *mountConfig) error { if err := os.MkdirAll(dest, 0o755); err != nil { return err } - return utils.WithProcfd(c.root, m.Destination, func(procfd string) error { - if err := mount(m.Source, m.Destination, procfd, "cgroup2", uintptr(m.Flags), m.Data); err != nil { - // when we are in UserNS but CgroupNS is not unshared, we cannot mount cgroup2 (#2158) - if errors.Is(err, unix.EPERM) || errors.Is(err, unix.EBUSY) { - src := fs2.UnifiedMountpoint - if c.cgroupns && c.cgroup2Path != "" { - // Emulate cgroupns by bind-mounting - // the container cgroup path rather than - // the whole /sys/fs/cgroup. - src = c.cgroup2Path - } - err = mount(src, m.Destination, procfd, "", uintptr(m.Flags)|unix.MS_BIND, "") - if c.rootlessCgroups && errors.Is(err, unix.ENOENT) { - err = nil - } - } - return err - } - return nil + err = utils.WithProcfd(c.root, m.Destination, func(procfd string) error { + return mount(m.Source, m.Destination, procfd, "cgroup2", uintptr(m.Flags), m.Data) }) + if err == nil || !(errors.Is(err, unix.EPERM) || errors.Is(err, unix.EBUSY)) { + return err + } + + // When we are in UserNS but CgroupNS is not unshared, we cannot mount + // cgroup2 (#2158), so fall back to bind mount. + bindM := &configs.Mount{ + Device: "bind", + Source: fs2.UnifiedMountpoint, + Destination: m.Destination, + Flags: unix.MS_BIND | m.Flags, + PropagationFlags: m.PropagationFlags, + } + if c.cgroupns && c.cgroup2Path != "" { + // Emulate cgroupns by bind-mounting the container cgroup path + // rather than the whole /sys/fs/cgroup. + bindM.Source = c.cgroup2Path + } + // mountToRootfs() handles remounting for MS_RDONLY. + // No need to set c.fd here, because mountToRootfs() calls utils.WithProcfd() by itself in mountPropagate(). + err = mountToRootfs(bindM, c) + if c.rootlessCgroups && errors.Is(err, unix.ENOENT) { + // ENOENT (for `src = c.cgroup2Path`) happens when rootless runc is being executed + // outside the userns+mountns. + // + // Mask `/sys/fs/cgroup` to ensure it is read-only, even when `/sys` is mounted + // with `rbind,ro` (`runc spec --rootless` produces `rbind,ro` for `/sys`). + err = utils.WithProcfd(c.root, m.Destination, func(procfd string) error { + return maskPath(procfd, c.label) + }) + } + return err } func doTmpfsCopyUp(m *configs.Mount, rootfs, mountLabel string) (Err error) { diff --git a/tests/integration/mounts.bats b/tests/integration/mounts.bats index 1ec675aca55..1e72c5b142f 100644 --- a/tests/integration/mounts.bats +++ b/tests/integration/mounts.bats @@ -63,3 +63,20 @@ function teardown() { runc run test_busybox [ "$status" -eq 0 ] } + +# https://github.com/opencontainers/runc/security/advisories/GHSA-m8cg-xc2p-r3fc +@test "runc run [ro /sys/fs/cgroup mount]" { + # With cgroup namespace + update_config '.process.args |= ["sh", "-euc", "for f in `grep /sys/fs/cgroup /proc/mounts | awk \"{print \\\\$2}\"| uniq`; do grep -w $f /proc/mounts | tail -n1; done"]' + runc run test_busybox + [ "$status" -eq 0 ] + [ "${#lines[@]}" -ne 0 ] + for line in "${lines[@]}"; do [[ "${line}" == *'ro,'* ]]; done + + # Without cgroup namespace + update_config '.linux.namespaces -= [{"type": "cgroup"}]' + runc run test_busybox + [ "$status" -eq 0 ] + [ "${#lines[@]}" -ne 0 ] + for line in "${lines[@]}"; do [[ "${line}" == *'ro,'* ]]; done +} From a7046b8387d5739276b68fa1cc03219678efc5a1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 15 Mar 2023 05:10:21 +0000 Subject: [PATCH 0176/1176] build(deps): bump google.golang.org/protobuf from 1.29.0 to 1.29.1 Bumps [google.golang.org/protobuf](https://github.com/protocolbuffers/protobuf-go) from 1.29.0 to 1.29.1. - [Release notes](https://github.com/protocolbuffers/protobuf-go/releases) - [Changelog](https://github.com/protocolbuffers/protobuf-go/blob/master/release.bash) - [Commits](https://github.com/protocolbuffers/protobuf-go/compare/v1.29.0...v1.29.1) --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- .../protobuf/internal/encoding/text/decode_number.go | 6 +++--- .../google.golang.org/protobuf/internal/version/version.go | 2 +- vendor/modules.txt | 2 +- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/go.mod b/go.mod index 17b502b89bd..b40e7babe91 100644 --- a/go.mod +++ b/go.mod @@ -21,7 +21,7 @@ require ( github.com/vishvananda/netlink v1.1.0 golang.org/x/net v0.8.0 golang.org/x/sys v0.6.0 - google.golang.org/protobuf v1.29.0 + google.golang.org/protobuf v1.29.1 ) require ( diff --git a/go.sum b/go.sum index 8b6c7f690ba..8ad1a667279 100644 --- a/go.sum +++ b/go.sum @@ -70,8 +70,8 @@ golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.29.0 h1:44S3JjaKmLEE4YIkjzexaP+NzZsudE3Zin5Njn/pYX0= -google.golang.org/protobuf v1.29.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.29.1 h1:7QBf+IK2gx70Ap/hDsOmam3GE0v9HicjfEdAxE62UoM= +google.golang.org/protobuf v1.29.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= diff --git a/vendor/google.golang.org/protobuf/internal/encoding/text/decode_number.go b/vendor/google.golang.org/protobuf/internal/encoding/text/decode_number.go index 3dc8e97878b..45c81f0298e 100644 --- a/vendor/google.golang.org/protobuf/internal/encoding/text/decode_number.go +++ b/vendor/google.golang.org/protobuf/internal/encoding/text/decode_number.go @@ -88,15 +88,15 @@ func parseNumber(input []byte) number { neg = true s = s[1:] size++ - if len(s) == 0 { - return number{} - } // Consume any whitespace or comments between the // negative sign and the rest of the number lenBefore := len(s) s = consume(s, 0) sep = lenBefore - len(s) size += sep + if len(s) == 0 { + return number{} + } } switch { diff --git a/vendor/google.golang.org/protobuf/internal/version/version.go b/vendor/google.golang.org/protobuf/internal/version/version.go index f6e0119fe9b..daefe110561 100644 --- a/vendor/google.golang.org/protobuf/internal/version/version.go +++ b/vendor/google.golang.org/protobuf/internal/version/version.go @@ -52,7 +52,7 @@ import ( const ( Major = 1 Minor = 29 - Patch = 0 + Patch = 1 PreRelease = "" ) diff --git a/vendor/modules.txt b/vendor/modules.txt index dc81688a765..2f04299ecb0 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -76,7 +76,7 @@ golang.org/x/sys/execabs golang.org/x/sys/internal/unsafeheader golang.org/x/sys/unix golang.org/x/sys/windows -# google.golang.org/protobuf v1.29.0 +# google.golang.org/protobuf v1.29.1 ## explicit; go 1.11 google.golang.org/protobuf/encoding/prototext google.golang.org/protobuf/encoding/protowire From e3cf217cf1fa9248d153f1ebfbc456fe853bb180 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 16 Mar 2023 05:11:04 +0000 Subject: [PATCH 0177/1176] build(deps): bump actions/setup-go from 3 to 4 Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3 to 4. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/test.yml | 4 ++-- .github/workflows/validate.yml | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 73bae8009a5..768d6f4147d 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -62,7 +62,7 @@ jobs: rm -rf ~/criu - name: install go ${{ matrix.go-version }} - uses: actions/setup-go@v3 + uses: actions/setup-go@v4 with: go-version: ${{ matrix.go-version }} @@ -121,7 +121,7 @@ jobs: sudo apt -q install libseccomp-dev libseccomp-dev:i386 gcc-multilib criu - name: install go - uses: actions/setup-go@v3 + uses: actions/setup-go@v4 with: go-version: 1.x # Latest stable diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 0d2775ae536..a84a18c124e 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -23,7 +23,7 @@ jobs: - uses: actions/checkout@v3 with: fetch-depth: 2 - - uses: actions/setup-go@v3 + - uses: actions/setup-go@v4 with: go-version: "${{ env.GO_VERSION }}" - name: install deps @@ -47,7 +47,7 @@ jobs: steps: - uses: actions/checkout@v3 - name: install go - uses: actions/setup-go@v3 + uses: actions/setup-go@v4 with: go-version: "${{ env.GO_VERSION }}" - name: compile with no build tags @@ -99,7 +99,7 @@ jobs: steps: - uses: actions/checkout@v3 - name: install go - uses: actions/setup-go@v3 + uses: actions/setup-go@v4 with: go-version: "${{ env.GO_VERSION }}" - name: cache go mod and $GOCACHE From cecb039d24d9cef17cc37df9d7cd338b83436138 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 16 Mar 2023 09:52:26 -0700 Subject: [PATCH 0178/1176] nsexec: retry unshare on EINVAL Older kernels may return EINVAL on unshare when a process is reading runc's /proc/$PID/status or /proc/$PID/maps. This was fixed by kernel commit 12c641ab8270f ("unshare: Unsharing a thread does not require unsharing a vm") in Linuxt v4.3. For CentOS 7, the fix was backported to CentOS 7.7 (kernel 3.10.0-1062). To work around this kernel bug, let's retry on EINVAL a few times. Reported-by: zzyyzte Signed-off-by: Kir Kolyshkin --- libcontainer/nsenter/nsexec.c | 30 ++++++++++++++++++++++-------- 1 file changed, 22 insertions(+), 8 deletions(-) diff --git a/libcontainer/nsenter/nsexec.c b/libcontainer/nsenter/nsexec.c index 8c795483b93..4702b2af310 100644 --- a/libcontainer/nsenter/nsexec.c +++ b/libcontainer/nsenter/nsexec.c @@ -833,6 +833,25 @@ void send_mountsources(int sockfd, pid_t child, char *mountsources, size_t mount bail("failed to close container mount namespace fd %d", container_mntns_fd); } +void try_unshare(int flags, const char *msg) +{ + write_log(DEBUG, "unshare %s", msg); + /* + * Kernels prior to v4.3 may return EINVAL on unshare when another process + * reads runc's /proc/$PID/status or /proc/$PID/maps. To work around this, + * retry on EINVAL a few times. + */ + int retries = 5; + for (; retries > 0; retries--) { + if (unshare(flags) == 0) { + return; + } + if (errno != EINVAL) + break; + } + bail("failed to unshare %s", msg); +} + void nsexec(void) { int pipenum; @@ -1171,9 +1190,7 @@ void nsexec(void) * problem. */ if (config.cloneflags & CLONE_NEWUSER) { - write_log(DEBUG, "unshare user namespace"); - if (unshare(CLONE_NEWUSER) < 0) - bail("failed to unshare user namespace"); + try_unshare(CLONE_NEWUSER, "user namespace"); config.cloneflags &= ~CLONE_NEWUSER; /* @@ -1225,9 +1242,7 @@ void nsexec(void) * some old kernel versions where clone(CLONE_PARENT | CLONE_NEWPID) * was broken, so we'll just do it the long way anyway. */ - write_log(DEBUG, "unshare remaining namespace (except cgroupns)"); - if (unshare(config.cloneflags & ~CLONE_NEWCGROUP) < 0) - bail("failed to unshare remaining namespaces (except cgroupns)"); + try_unshare(config.cloneflags & ~CLONE_NEWCGROUP, "remaining namespaces (except cgroupns)"); /* Ask our parent to send the mount sources fds. */ if (config.mountsources) { @@ -1340,8 +1355,7 @@ void nsexec(void) } if (config.cloneflags & CLONE_NEWCGROUP) { - if (unshare(CLONE_NEWCGROUP) < 0) - bail("failed to unshare cgroup namespace"); + try_unshare(CLONE_NEWCGROUP, "cgroup namespace"); } write_log(DEBUG, "signal completion to stage-0"); From 8f0d0c4dc8d8e96af6cb29c75ae6d3c82fe89881 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 17 Mar 2023 05:00:52 +0000 Subject: [PATCH 0179/1176] build(deps): bump google.golang.org/protobuf from 1.29.1 to 1.30.0 Bumps [google.golang.org/protobuf](https://github.com/protocolbuffers/protobuf-go) from 1.29.1 to 1.30.0. - [Release notes](https://github.com/protocolbuffers/protobuf-go/releases) - [Changelog](https://github.com/protocolbuffers/protobuf-go/blob/master/release.bash) - [Commits](https://github.com/protocolbuffers/protobuf-go/compare/v1.29.1...v1.30.0) --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- vendor/google.golang.org/protobuf/internal/version/version.go | 4 ++-- vendor/modules.txt | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index b40e7babe91..94bef572168 100644 --- a/go.mod +++ b/go.mod @@ -21,7 +21,7 @@ require ( github.com/vishvananda/netlink v1.1.0 golang.org/x/net v0.8.0 golang.org/x/sys v0.6.0 - google.golang.org/protobuf v1.29.1 + google.golang.org/protobuf v1.30.0 ) require ( diff --git a/go.sum b/go.sum index 8ad1a667279..ffdd97d406e 100644 --- a/go.sum +++ b/go.sum @@ -70,8 +70,8 @@ golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.29.1 h1:7QBf+IK2gx70Ap/hDsOmam3GE0v9HicjfEdAxE62UoM= -google.golang.org/protobuf v1.29.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng= +google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= diff --git a/vendor/google.golang.org/protobuf/internal/version/version.go b/vendor/google.golang.org/protobuf/internal/version/version.go index daefe110561..f7014cd51cd 100644 --- a/vendor/google.golang.org/protobuf/internal/version/version.go +++ b/vendor/google.golang.org/protobuf/internal/version/version.go @@ -51,8 +51,8 @@ import ( // 10. Send out the CL for review and submit it. const ( Major = 1 - Minor = 29 - Patch = 1 + Minor = 30 + Patch = 0 PreRelease = "" ) diff --git a/vendor/modules.txt b/vendor/modules.txt index 2f04299ecb0..17152bc2f49 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -76,7 +76,7 @@ golang.org/x/sys/execabs golang.org/x/sys/internal/unsafeheader golang.org/x/sys/unix golang.org/x/sys/windows -# google.golang.org/protobuf v1.29.1 +# google.golang.org/protobuf v1.30.0 ## explicit; go 1.11 google.golang.org/protobuf/encoding/prototext google.golang.org/protobuf/encoding/protowire From 0d72adf96dda1b687815bf89bb245b937a2f603c Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 16 Mar 2023 14:35:50 -0700 Subject: [PATCH 0180/1176] Prohibit /proc and /sys to be symlinks Commit 3291d66b9844 introduced a check for /proc and /sys, making sure the destination (dest) is a directory (and not e.g. a symlink). Later, a hunk from commit 0ca91f44f switched from using filepath.Join to SecureJoin for dest. As SecureJoin follows and resolves symlinks, the check whether dest is a symlink no longer works. To fix, do the check without/before using SecureJoin. Add integration tests to make sure we won't regress. Signed-off-by: Kir Kolyshkin --- libcontainer/rootfs_linux.go | 29 ++++++++++++++++++++--------- tests/integration/mask.bats | 19 +++++++++++++++++++ 2 files changed, 39 insertions(+), 9 deletions(-) diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index 2a98372b561..2421566039c 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -375,32 +375,43 @@ func doTmpfsCopyUp(m *configs.Mount, rootfs, mountLabel string) (Err error) { func mountToRootfs(m *configs.Mount, c *mountConfig) error { rootfs := c.root - mountLabel := c.label - mountFd := c.fd - dest, err := securejoin.SecureJoin(rootfs, m.Destination) - if err != nil { - return err - } + // procfs and sysfs are special because we need to ensure they are actually + // mounted on a specific path in a container without any funny business. switch m.Device { case "proc", "sysfs": // If the destination already exists and is not a directory, we bail - // out This is to avoid mounting through a symlink or similar -- which + // out. This is to avoid mounting through a symlink or similar -- which // has been a "fun" attack scenario in the past. // TODO: This won't be necessary once we switch to libpathrs and we can // stop all of these symlink-exchange attacks. + dest := filepath.Clean(m.Destination) + if !strings.HasPrefix(dest, rootfs) { + // Do not use securejoin as it resolves symlinks. + dest = filepath.Join(rootfs, dest) + } if fi, err := os.Lstat(dest); err != nil { if !os.IsNotExist(err) { return err } - } else if fi.Mode()&os.ModeDir == 0 { + } else if !fi.IsDir() { return fmt.Errorf("filesystem %q must be mounted on ordinary directory", m.Device) } if err := os.MkdirAll(dest, 0o755); err != nil { return err } - // Selinux kernels do not support labeling of /proc or /sys + // Selinux kernels do not support labeling of /proc or /sys. return mountPropagate(m, rootfs, "", nil) + } + + mountLabel := c.label + mountFd := c.fd + dest, err := securejoin.SecureJoin(rootfs, m.Destination) + if err != nil { + return err + } + + switch m.Device { case "mqueue": if err := os.MkdirAll(dest, 0o755); err != nil { return err diff --git a/tests/integration/mask.bats b/tests/integration/mask.bats index 4bf834ef92f..d324eb32524 100644 --- a/tests/integration/mask.bats +++ b/tests/integration/mask.bats @@ -56,3 +56,22 @@ function teardown() { [ "$status" -eq 1 ] [[ "${output}" == *"Operation not permitted"* ]] } + +@test "mask paths [prohibit symlink /proc]" { + ln -s /symlink rootfs/proc + runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox + [ "$status" -eq 1 ] + [[ "${output}" == *"must be mounted on ordinary directory"* ]] +} + +@test "mask paths [prohibit symlink /sys]" { + # In rootless containers, /sys is a bind mount not a real sysfs. + requires root + + ln -s /symlink rootfs/sys + runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox + [ "$status" -eq 1 ] + # On cgroup v1, this may fail before checking if /sys is a symlink, + # so we merely check that it fails, and do not check the exact error + # message like for /proc above. +} From 9d45ae8d34a800f6503222320cd72003a27fa55c Mon Sep 17 00:00:00 2001 From: TTFISH Date: Thu, 23 Mar 2023 03:21:17 +0800 Subject: [PATCH 0181/1176] tests: Fix fuzzer location in oss-fuzz config Signed-off-by: TTFISH --- tests/fuzzing/oss_fuzz_build.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/fuzzing/oss_fuzz_build.sh b/tests/fuzzing/oss_fuzz_build.sh index 6072dd9ba4c..5da59e7981e 100755 --- a/tests/fuzzing/oss_fuzz_build.sh +++ b/tests/fuzzing/oss_fuzz_build.sh @@ -8,6 +8,6 @@ # OSS-fuzz environment. # More info about compile_go_fuzzer() can be found here: # https://google.github.io/oss-fuzz/getting-started/new-project-guide/go-lang/#buildsh -compile_go_fuzzer github.com/opencontainers/runc/libcontainer/system FuzzUIDMap id_map_fuzzer linux,gofuzz +compile_go_fuzzer github.com/opencontainers/runc/libcontainer/userns FuzzUIDMap id_map_fuzzer linux,gofuzz compile_go_fuzzer github.com/opencontainers/runc/libcontainer/user FuzzUser user_fuzzer compile_go_fuzzer github.com/opencontainers/runc/libcontainer/configs FuzzUnmarshalJSON configs_fuzzer From 65df6b91b933cfcb7f234dac62121fe9f194a2dc Mon Sep 17 00:00:00 2001 From: yanggang Date: Thu, 23 Mar 2023 10:31:15 +0800 Subject: [PATCH 0182/1176] fix wrong notes for `const MaxNameLen` Signed-off-by: yanggang --- libcontainer/utils/cmsg.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libcontainer/utils/cmsg.go b/libcontainer/utils/cmsg.go index 7ef9da21fd2..fd9326cb59a 100644 --- a/libcontainer/utils/cmsg.go +++ b/libcontainer/utils/cmsg.go @@ -23,7 +23,7 @@ import ( "golang.org/x/sys/unix" ) -// MaxSendfdLen is the maximum length of the name of a file descriptor being +// MaxNameLen is the maximum length of the name of a file descriptor being // sent using SendFd. The name of the file handle returned by RecvFd will never // be larger than this value. const MaxNameLen = 4096 From a7a836effa691edb6e6c389ec8b2104867979f46 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 21 Mar 2023 20:09:07 -0700 Subject: [PATCH 0183/1176] libct/cg/dev: skip flaky test of CentOS 7 There is some kind of a race in CentOS 7 which sometimes result in one of these tests failing like this: systemd_test.go:136: mkdir /sys/fs/cgroup/hugetlb/system.slice/system-runc_test_pods.slice: no such file or directory or systemd_test.go:187: open /sys/fs/cgroup/cpuset/system.slice/system-runc_test_pods.slice/cpuset.mems: no such file or directory As this is only happening on CentOS 7, let's skip this test on this platform. Signed-off-by: Kir Kolyshkin --- libcontainer/cgroups/devices/systemd_test.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libcontainer/cgroups/devices/systemd_test.go b/libcontainer/cgroups/devices/systemd_test.go index 09fe814e99e..050fdd2d268 100644 --- a/libcontainer/cgroups/devices/systemd_test.go +++ b/libcontainer/cgroups/devices/systemd_test.go @@ -122,6 +122,11 @@ func testSkipDevices(t *testing.T, skipDevices bool, expected []string) { if os.Geteuid() != 0 { t.Skip("Test requires root.") } + // https://github.com/opencontainers/runc/issues/3743 + centosVer, _ := exec.Command("rpm", "-q", "--qf", "%{version}", "centos-release").CombinedOutput() + if string(centosVer) == "7" { + t.Skip("Flaky on CentOS 7") + } podConfig := &configs.Cgroup{ Parent: "system.slice", From 54e20217a86f117037e3f5dd20fed1fdbc34aaf4 Mon Sep 17 00:00:00 2001 From: Peter Hunt~ Date: Fri, 24 Mar 2023 15:09:16 -0400 Subject: [PATCH 0184/1176] libctr/cgroups: don't take init's cgroup into account Sometimes, the init process is not in the root cgroup. This can be noted by GetInitPath, which already scrubs the path of `init.scope`. This was encountered when trying to patch the Kubelet to handle systemd being in a separate cpuset from root (to allow load balance disabling for containers). At present, there's no way to have libcontainer or runc manage cgroups in a hierarchy outside of the one init is in (unless the path contains `init.scope`, which is limiting) Signed-off-by: Peter Hunt --- libcontainer/cgroups/systemd/v1.go | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/libcontainer/cgroups/systemd/v1.go b/libcontainer/cgroups/systemd/v1.go index ab9333cb2c8..de7bb56f407 100644 --- a/libcontainer/cgroups/systemd/v1.go +++ b/libcontainer/cgroups/systemd/v1.go @@ -271,14 +271,7 @@ func getSubsystemPath(slice, unit, subsystem string) (string, error) { return "", err } - initPath, err := cgroups.GetInitCgroup(subsystem) - if err != nil { - return "", err - } - // if pid 1 is systemd 226 or later, it will be in init.scope, not the root - initPath = strings.TrimSuffix(filepath.Clean(initPath), "init.scope") - - return filepath.Join(mountpoint, initPath, slice, unit), nil + return filepath.Join(mountpoint, slice, unit), nil } func (m *LegacyManager) Freeze(state configs.FreezerState) error { From da98076c97402eafba04ac5eb6032fb627aba929 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 27 Mar 2023 09:53:32 -0700 Subject: [PATCH 0185/1176] mountToRootfs: minor refactor The setRecAttr is only called for "bind" case, as cases end with a return statement. Indeed, recursive mount attributes only make sense for bind mounts. Move the code to under case "bind" to improve readability. No change in logic. Fixes: 382eba4354d764aaff Reported-by: Sebastiaan van Stijn Signed-off-by: Kir Kolyshkin --- libcontainer/rootfs_linux.go | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index 2421566039c..13188e81b54 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -469,6 +469,7 @@ func mountToRootfs(m *configs.Mount, c *mountConfig) error { return err } } + return setRecAttr(m, rootfs) case "cgroup": if cgroups.IsCgroup2UnifiedMode() { return mountCgroupV2(m, c) @@ -483,10 +484,6 @@ func mountToRootfs(m *configs.Mount, c *mountConfig) error { } return mountPropagate(m, rootfs, mountLabel, mountFd) } - if err := setRecAttr(m, rootfs); err != nil { - return err - } - return nil } func getCgroupMounts(m *configs.Mount) ([]*configs.Mount, error) { From 99a337f66dbd3adba4a519257e28fd62d4d8eae5 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 8 Mar 2023 09:51:56 -0800 Subject: [PATCH 0186/1176] Dockefile: bump go go 1.20 Go 1.20.2 has an important fix to an issue described in [1]. Switch from using Go 1.19 from Dockerfile, which is used for release binaries and some CI. [1] https://github.com/golang/go/issues/58624 Signed-off-by: Kir Kolyshkin --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 1504b4b1ba3..9610f430645 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -ARG GO_VERSION=1.19 +ARG GO_VERSION=1.20 ARG BATS_VERSION=v1.3.0 ARG LIBSECCOMP_VERSION=2.5.4 From 8491d33482a4cfd37bad86b75a02c8f63464f427 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 27 Feb 2023 15:40:38 -0800 Subject: [PATCH 0187/1176] Fix runc run "permission denied" when rootless Since commit 957d97bcf43f41beef96 was made to fix issue [7], a few things happened: - a similar functionality appeared in go 1.20 [1], so the issue mentioned in the comment (being removed) is no longer true; - a bug in runc was found [2], which also affects go [3]; - the bug was fixed in go 1.21 [4] and 1.20.2 [5]; - a similar fix was made to x/sys/unix.Faccessat [6]. The essense of [2] is, even if a (non-root) user that the container is run as does not have execute permission bit set for the executable, it should still work in case runc has the CAP_DAC_OVERRIDE capability set. To fix this [2] without reintroducing the older bug [7]: - drop own Eaccess implementation; - use the one from x/sys/unix for Go 1.19 (depends on [6]); - do not use anything when Go 1.20+ is used. NOTE it is virtually impossible to fix the bug [2] when Go 1.20 or Go 1.20.1 is used because of [3]. A test case is added by a separate commit. Fixes: #3715. [1] https://go-review.googlesource.com/c/go/+/414824 [2] https://github.com/opencontainers/runc/issues/3715 [3] https://go.dev/issue/58552 [4] https://go-review.googlesource.com/c/go/+/468735 [5] https://go-review.googlesource.com/c/go/+/469956 [6] https://go-review.googlesource.com/c/sys/+/468877 [7] https://github.com/opencontainers/runc/issues/3520 Signed-off-by: Kir Kolyshkin --- libcontainer/eaccess_go119.go | 17 +++++++++++++++++ libcontainer/eaccess_stub.go | 10 ++++++++++ libcontainer/standard_init_linux.go | 11 ++++++----- libcontainer/system/linux.go | 19 ------------------- 4 files changed, 33 insertions(+), 24 deletions(-) create mode 100644 libcontainer/eaccess_go119.go create mode 100644 libcontainer/eaccess_stub.go diff --git a/libcontainer/eaccess_go119.go b/libcontainer/eaccess_go119.go new file mode 100644 index 00000000000..cc1e2079a79 --- /dev/null +++ b/libcontainer/eaccess_go119.go @@ -0,0 +1,17 @@ +//go:build !go1.20 +// +build !go1.20 + +package libcontainer + +import "golang.org/x/sys/unix" + +func eaccess(path string) error { + // This check is similar to access(2) with X_OK except for + // setuid/setgid binaries where it checks against the effective + // (rather than real) uid and gid. It is not needed in go 1.20 + // and beyond and will be removed later. + + // Relies on code added in https://go-review.googlesource.com/c/sys/+/468877 + // and older CLs linked from there. + return unix.Faccessat(unix.AT_FDCWD, path, unix.X_OK, unix.AT_EACCESS) +} diff --git a/libcontainer/eaccess_stub.go b/libcontainer/eaccess_stub.go new file mode 100644 index 00000000000..7c049fd7aa0 --- /dev/null +++ b/libcontainer/eaccess_stub.go @@ -0,0 +1,10 @@ +//go:build go1.20 + +package libcontainer + +func eaccess(path string) error { + // Not needed in Go 1.20+ as the functionality is already in there + // (added by https://go.dev/cl/416115, https://go.dev/cl/414824, + // and fixed in Go 1.20.2 by https://go.dev/cl/469956). + return nil +} diff --git a/libcontainer/standard_init_linux.go b/libcontainer/standard_init_linux.go index 6ad25c9a4df..32de78eb20d 100644 --- a/libcontainer/standard_init_linux.go +++ b/libcontainer/standard_init_linux.go @@ -198,11 +198,12 @@ func (l *linuxStandardInit) Init() error { if err != nil { return err } - // exec.LookPath might return no error for an executable residing on a - // file system mounted with noexec flag, so perform this extra check - // now while we can still return a proper error. - if err := system.Eaccess(name); err != nil { - return &os.PathError{Op: "exec", Path: name, Err: err} + // exec.LookPath in Go < 1.20 might return no error for an executable + // residing on a file system mounted with noexec flag, so perform this + // extra check now while we can still return a proper error. + // TODO: remove this once go < 1.20 is not supported. + if err := eaccess(name); err != nil { + return &os.PathError{Op: "eaccess", Path: name, Err: err} } // Set seccomp as close to execve as possible, so as few syscalls take diff --git a/libcontainer/system/linux.go b/libcontainer/system/linux.go index 039059a444c..e1d6eb18034 100644 --- a/libcontainer/system/linux.go +++ b/libcontainer/system/linux.go @@ -31,25 +31,6 @@ func (p ParentDeathSignal) Set() error { return SetParentDeathSignal(uintptr(p)) } -// Eaccess is similar to unix.Access except for setuid/setgid binaries -// it checks against the effective (rather than real) uid and gid. -func Eaccess(path string) error { - err := unix.Faccessat2(unix.AT_FDCWD, path, unix.X_OK, unix.AT_EACCESS) - if err != unix.ENOSYS && err != unix.EPERM { //nolint:errorlint // unix errors are bare - return err - } - - // Faccessat2() not available; check if we are a set[ug]id binary. - if os.Getuid() == os.Geteuid() && os.Getgid() == os.Getegid() { - // For a non-set[ug]id binary, use access(2). - return unix.Access(path, unix.X_OK) - } - - // For a setuid/setgid binary, there is no fallback way - // so assume we can execute the binary. - return nil -} - func Execv(cmd string, args []string, env []string) error { name, err := exec.LookPath(cmd) if err != nil { From 8293ef2e74cdbcd6b1716ad9a7f0ca5441c6983c Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 13 Feb 2023 17:27:12 -0800 Subject: [PATCH 0188/1176] tests/int: test for CAP_DAC_OVERRIDE This is a test case for issue reported as #3715. In short, even if a (non-root) user that the container is run as does not have execute permission bit set for the executable, it should still work in case runc has the CAP_DAC_OVERRIDE capability set. Note that since the upstream golang is also broken (see [1]), this test will fail for Go 1.20 and 1.20.1 (fix is in Go 1.20.2 as per [2]). [1] https://go.dev/issue/58552 [2] https://go-review.googlesource.com/c/go/+/469956 Signed-off-by: Kir Kolyshkin --- tests/integration/start_hello.bats | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/tests/integration/start_hello.bats b/tests/integration/start_hello.bats index 77398c951f2..87005484748 100644 --- a/tests/integration/start_hello.bats +++ b/tests/integration/start_hello.bats @@ -37,6 +37,33 @@ function teardown() { [[ "${output}" == *"Hello"* ]] } +# https://github.com/opencontainers/runc/issues/3715. +# +# Fails when using Go 1.20 < 1.20.2, the reasons is https://go.dev/issue/58552. +@test "runc run as user with no exec bit but CAP_DAC_OVERRIDE set" { + requires root # Can't chown/chmod otherwise. + + # Remove exec perm for everyone but owner (root). + chown 0 rootfs/bin/echo + chmod go-x rootfs/bin/echo + + # Replace "uid": 0 with "uid": 1000 and do a similar thing for gid. + update_config ' (.. | select(.uid? == 0)) .uid |= 1000 + | (.. | select(.gid? == 0)) .gid |= 100' + + # Sanity check: make sure we can't run the container w/o CAP_DAC_OVERRIDE. + runc run test_busybox + [ "$status" -ne 0 ] + + # Enable CAP_DAC_OVERRIDE. + update_config ' .process.capabilities.bounding += ["CAP_DAC_OVERRIDE"] + | .process.capabilities.effective += ["CAP_DAC_OVERRIDE"] + | .process.capabilities.permitted += ["CAP_DAC_OVERRIDE"]' + + runc run test_busybox + [ "$status" -eq 0 ] +} + @test "runc run with rootfs set to ." { cp config.json rootfs/. rm config.json From a37109ce02c54d07e0d1f1cb348627f9675d84df Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 30 Mar 2023 14:33:04 -0700 Subject: [PATCH 0189/1176] tests/int/mount: fix issues with ro cgroup test Fix the following issues with the "ro /sys/fs/cgroup" test: 1. Disable bogus SC2016 warning from shellcheck. 2. Split the test into two -- with and without cgroupns. This is done because not all systems have cgroupns available (so the "+cgroupns" test will be skipped). 3. This splitting resulted in a few more bogus shellcheck warnings that we have to suppress -- due to a known bug in shellcheck (see [1]). 4. s/mount/mounts/ in the test name, because in case of cgroup v1 there are multiple mounts. [1] https://github.com/koalaman/shellcheck/issues/2431 Signed-off-by: Kir Kolyshkin --- tests/integration/mounts.bats | 27 ++++++++++++++++++--------- 1 file changed, 18 insertions(+), 9 deletions(-) diff --git a/tests/integration/mounts.bats b/tests/integration/mounts.bats index 1e72c5b142f..9ecf87ccfa2 100644 --- a/tests/integration/mounts.bats +++ b/tests/integration/mounts.bats @@ -64,19 +64,28 @@ function teardown() { [ "$status" -eq 0 ] } +@test "runc run [ro /sys/fs/cgroup mounts]" { + # Without cgroup namespace. + update_config '.linux.namespaces -= [{"type": "cgroup"}]' + test_ro_cgroup_mount +} + +# shellcheck disable=SC2030 +@test "runc run [ro /sys/fs/cgroup mounts + cgroupns]" { + requires cgroupns + # With cgroup namespace. + update_config '.linux.namespaces |= if index({"type": "cgroup"}) then . else . + [{"type": "cgroup"}] end' + test_ro_cgroup_mount +} + # https://github.com/opencontainers/runc/security/advisories/GHSA-m8cg-xc2p-r3fc -@test "runc run [ro /sys/fs/cgroup mount]" { - # With cgroup namespace +# shellcheck disable=SC2031 +function test_ro_cgroup_mount() { + local lines status + # shellcheck disable=SC2016 update_config '.process.args |= ["sh", "-euc", "for f in `grep /sys/fs/cgroup /proc/mounts | awk \"{print \\\\$2}\"| uniq`; do grep -w $f /proc/mounts | tail -n1; done"]' runc run test_busybox [ "$status" -eq 0 ] [ "${#lines[@]}" -ne 0 ] for line in "${lines[@]}"; do [[ "${line}" == *'ro,'* ]]; done - - # Without cgroup namespace - update_config '.linux.namespaces -= [{"type": "cgroup"}]' - runc run test_busybox - [ "$status" -eq 0 ] - [ "${#lines[@]}" -ne 0 ] - for line in "${lines[@]}"; do [[ "${line}" == *'ro,'* ]]; done } From 370e3be202fb3e2f1e3a05f98c59ae8042b4ad97 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 30 Mar 2023 14:45:14 -0700 Subject: [PATCH 0190/1176] tests/int/mounts: only check non-shadowed mounts This fixes a bogus failure in "ro cgroup" test cases when running as rootless. The test finds the following mount that is not read-only: > cgroup2 /sys/fs/cgroup/unified cgroup2 rw,nosuid,nodev,noexec,relatime,nsdelegate 0 0 This happens because: 1. runc spec --rootless adds an rbind /sys mounts, so we have all the /sys/fs/cgroup/XXX mounts inside the container; 2. Those /sys/fs/cgroup/XXX mounts are shadowed by the /sys/fs/cgroup tmpfs mount created by mountCgroupV1(). This means that this mount is shadowed, inaccessible, and it can not be unshadowed, thus it should not be checked. The fix is to check whether the directory exists, to exclude such shadowed mounts. NOTE that item 2 comes from commit ff692f289b60e19b3079cb; before it, we had the whole hierarchy of host /sys/fs/cgroup visible (though not writable -- because rootless) from inside of any rootless container. Signed-off-by: Kir Kolyshkin --- tests/integration/mounts.bats | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/integration/mounts.bats b/tests/integration/mounts.bats index 9ecf87ccfa2..d94b412e9aa 100644 --- a/tests/integration/mounts.bats +++ b/tests/integration/mounts.bats @@ -83,7 +83,7 @@ function teardown() { function test_ro_cgroup_mount() { local lines status # shellcheck disable=SC2016 - update_config '.process.args |= ["sh", "-euc", "for f in `grep /sys/fs/cgroup /proc/mounts | awk \"{print \\\\$2}\"| uniq`; do grep -w $f /proc/mounts | tail -n1; done"]' + update_config '.process.args |= ["sh", "-euc", "for f in `grep /sys/fs/cgroup /proc/mounts | awk \"{print \\\\$2}\"| uniq`; do test -e $f && grep -w $f /proc/mounts | tail -n1; done"]' runc run test_busybox [ "$status" -eq 0 ] [ "${#lines[@]}" -ne 0 ] From b2fc0a589cd03a254e2965796a0ab034ba0e0172 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 30 Mar 2023 16:36:42 -0700 Subject: [PATCH 0191/1176] verify-changelog: allow non-ASCII Previously (see commit 91fa032da406f16abcb3) we found a few issues using this check, but apparently the CHANGELOG.md is in UTF-8, and the recently added quote is breaking this, so remove. Signed-off-by: Kir Kolyshkin (cherry picked from commit 7b3ac330f74cc00923bdd876b7ae4e44c7d76847) Signed-off-by: Kir Kolyshkin --- Makefile | 2 -- 1 file changed, 2 deletions(-) diff --git a/Makefile b/Makefile index 8181e7bc0d1..66dae9d54fc 100644 --- a/Makefile +++ b/Makefile @@ -178,8 +178,6 @@ vendor: $(GO) mod verify verify-changelog: - # No non-ASCII characters. - ! LC_ALL=C grep -n -P '[\x80-\xFF]' CHANGELOG.md # No space at EOL. ! grep -n '\s$$' CHANGELOG.md # Period before issue/PR references. From 4ff490460377d1be0075e57598723d7206e555c5 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 29 Mar 2023 14:49:12 -0700 Subject: [PATCH 0192/1176] Makefile: add verify-changelog as release dependency ... as a way to maybe catch some CHANGELOG.md bugs at the last moment. Signed-off-by: Kir Kolyshkin (cherry picked from commit 54cfb25d696964fdcca8b27a8c9242a001139d96) Signed-off-by: Kir Kolyshkin --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 66dae9d54fc..870eb7a0015 100644 --- a/Makefile +++ b/Makefile @@ -78,7 +78,7 @@ release: runcimage $(RUNC_IMAGE) make localrelease script/release_sign.sh -S $(GPG_KEYID) -r release/$(VERSION) -v $(VERSION) -localrelease: +localrelease: verify-changelog script/release_build.sh -r release/$(VERSION) -v $(VERSION) $(RELEASE_ARGS) dbuild: runcimage From 73acc77be54707e20b8e6ff01347882544aed328 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 29 Mar 2023 13:28:13 -0700 Subject: [PATCH 0193/1176] libct/cg: rm EnterPid Since commit 39914db679b008d74 this function is not used by runc (see that commit to learn why this function is not that good). I was not able to find any external users either. Since it's not a good function, with no users, and it is rather trivial, let's remove it right away (rather than mark as deprecated). Signed-off-by: Kir Kolyshkin --- libcontainer/cgroups/utils.go | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/libcontainer/cgroups/utils.go b/libcontainer/cgroups/utils.go index fc4ae44a485..d75f3b8121f 100644 --- a/libcontainer/cgroups/utils.go +++ b/libcontainer/cgroups/utils.go @@ -217,17 +217,6 @@ func PathExists(path string) bool { return true } -func EnterPid(cgroupPaths map[string]string, pid int) error { - for _, path := range cgroupPaths { - if PathExists(path) { - if err := WriteCgroupProc(path, pid); err != nil { - return err - } - } - } - return nil -} - func rmdir(path string) error { err := unix.Rmdir(path) if err == nil || err == unix.ENOENT { //nolint:errorlint // unix errors are bare From 9f32ce6a2df5aba5e326ea53cfe4b322f82ca460 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 30 Mar 2023 19:46:00 -0700 Subject: [PATCH 0194/1176] CHANGELOG: forward-port 1.1.4 and 1.1.5 changes ...from the tip of release-1.1 branch (commit 060a61c69df928153). Signed-off-by: Kir Kolyshkin --- CHANGELOG.md | 61 ++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 59 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ae8b82981d7..03d8fce84aa 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -27,6 +27,61 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 support would return `-EPERM` despite the existence of the `-ENOSYS` stub code (this was due to how s390x does syscall multiplexing). (#3474) +## [1.1.5] - 2023-03-29 + +> å›ă‚ă‚ŒăŸå±ˆè¾±ă¯ +> åæ’ƒă®å†çŸ¢ă  + +### Security + +The following CVEs were fixed in this release: + +* [CVE-2023-25809][] is a vulnerability involving rootless containers where + (under specific configurations), the container would have write access to the + `/sys/fs/cgroup/user.slice/...` cgroup hierarchy. No other hierarchies on the + host were affected. This vulnerability was discovered by Akihiro Suda. + +* [CVE-2023-27561][] was a regression in our protections against tricky `/proc` + and `/sys` configurations (where the container mountpoint is a symlink) + causing us to be tricked into incorrectly configuring the container, which + effectively re-introduced [CVE-2019-19921][]. This regression was present + from v1.0.0-rc95 to v1.1.4 and was discovered by @Beuc. (#3785) + +* [CVE-2023-28642][] is a different attack vector using the same regression + as in [CVE-2023-27561][]. This was reported by Lei Wang. + +[CVE-2019-19921]: https://github.com/advisories/GHSA-fh74-hm69-rqjw +[CVE-2023-25809]: https://github.com/opencontainers/runc/security/advisories/GHSA-m8cg-xc2p-r3fc +[CVE-2023-27561]: https://github.com/advisories/GHSA-vpvm-3wq2-2wvm +[CVE-2023-28642]: https://github.com/opencontainers/runc/security/advisories/GHSA-g2j6-57v7-gm8c + +### Fixed + +* Fix the inability to use `/dev/null` when inside a container. (#3620) +* Fix changing the ownership of host's `/dev/null` caused by fd redirection + (a regression in 1.1.1). (#3674, #3731) +* Fix rare runc exec/enter unshare error on older kernels, including + CentOS < 7.7. (#3776) +* nsexec: Check for errors in `write_log()`. (#3721) +* Various CI fixes and updates. (#3618, #3630, #3640, #3729) + +## [1.1.4] - 2022-08-24 + +> If you look for perfection, you'll never be content. + +### Fixed + +* Fix mounting via wrong proc fd. + When the user and mount namespaces are used, and the bind mount is followed by + the cgroup mount in the spec, the cgroup was mounted using the bind mount's + mount fd. (#3511) +* Switch `kill()` in `libcontainer/nsenter` to `sane_kill()`. (#3536) +* Fix "permission denied" error from `runc run` on `noexec` fs. (#3541) +* Fix failed exec after `systemctl daemon-reload`. + Due to a regression in v1.1.3, the `DeviceAllow=char-pts rwm` rule was no + longer added and was causing an error `open /dev/pts/0: operation not permitted: unknown` + when systemd was reloaded. (#3554) +* Various CI fixes. (#3538, #3558, #3562) ## [1.1.3] - 2022-06-09 @@ -319,7 +374,7 @@ implementation (libcontainer) is *not* covered by this policy. cgroups at all during `runc update`). (#2994) -[Unreleased]: https://github.com/opencontainers/runc/compare/v1.1.3...HEAD +[Unreleased]: https://github.com/opencontainers/runc/compare/v1.1.0...HEAD [1.1.0]: https://github.com/opencontainers/runc/compare/v1.1.0-rc.1...v1.1.0 [1.0.0]: https://github.com/opencontainers/runc/releases/tag/v1.0.0 @@ -330,7 +385,9 @@ implementation (libcontainer) is *not* covered by this policy. [1.0.1]: https://github.com/opencontainers/runc/compare/v1.0.0...v1.0.1 -[Unreleased 1.1.z]: https://github.com/opencontainers/runc/compare/v1.1.3...release-1.1 +[Unreleased 1.1.z]: https://github.com/opencontainers/runc/compare/v1.1.5...release-1.1 +[1.1.5]: https://github.com/opencontainers/runc/compare/v1.1.4...v1.1.5 +[1.1.4]: https://github.com/opencontainers/runc/compare/v1.1.3...v1.1.4 [1.1.3]: https://github.com/opencontainers/runc/compare/v1.1.2...v1.1.3 [1.1.2]: https://github.com/opencontainers/runc/compare/v1.1.1...v1.1.2 [1.1.1]: https://github.com/opencontainers/runc/compare/v1.1.0...v1.1.1 From c6e8cb79260cdfc435ceecc797efb92cc5977632 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 23 Mar 2023 10:56:20 -0700 Subject: [PATCH 0195/1176] libct/cg/sd: refactor startUnit Move error handling earlier, removing "if err == nil" block. No change of logic. Signed-off-by: Kir Kolyshkin --- libcontainer/cgroups/systemd/common.go | 33 ++++++++++++++------------ 1 file changed, 18 insertions(+), 15 deletions(-) diff --git a/libcontainer/cgroups/systemd/common.go b/libcontainer/cgroups/systemd/common.go index 2f0767b2fd8..c0a058012ce 100644 --- a/libcontainer/cgroups/systemd/common.go +++ b/libcontainer/cgroups/systemd/common.go @@ -130,24 +130,27 @@ func startUnit(cm *dbusConnManager, unitName string, properties []systemdDbus.Pr _, err := c.StartTransientUnitContext(context.TODO(), unitName, "replace", properties, statusChan) return err }) - if err == nil { - timeout := time.NewTimer(30 * time.Second) - defer timeout.Stop() + if err != nil { + if !isUnitExists(err) { + return err + } + return nil + } - select { - case s := <-statusChan: - close(statusChan) - // Please refer to https://pkg.go.dev/github.com/coreos/go-systemd/v22/dbus#Conn.StartUnit - if s != "done" { - resetFailedUnit(cm, unitName) - return fmt.Errorf("error creating systemd unit `%s`: got `%s`", unitName, s) - } - case <-timeout.C: + timeout := time.NewTimer(30 * time.Second) + defer timeout.Stop() + + select { + case s := <-statusChan: + close(statusChan) + // Please refer to https://pkg.go.dev/github.com/coreos/go-systemd/v22/dbus#Conn.StartUnit + if s != "done" { resetFailedUnit(cm, unitName) - return errors.New("Timeout waiting for systemd to create " + unitName) + return fmt.Errorf("error creating systemd unit `%s`: got `%s`", unitName, s) } - } else if !isUnitExists(err) { - return err + case <-timeout.C: + resetFailedUnit(cm, unitName) + return errors.New("Timeout waiting for systemd to create " + unitName) } return nil From c2533420613be63ac9a84fc4363b8ddd46568985 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 23 Mar 2023 11:01:14 -0700 Subject: [PATCH 0196/1176] libct/cg/sd: ignore UnitExists only for Apply(-1) Commit d223e2adae83f62d5 ("Ignore error when starting transient unit that already exists" modified the code handling errors from startUnit to ignore UnitExists error. Apparently it was done so that kubelet can create the same pod slice over and over without hitting an error (see [1]). While it works for a pod slice to ensure it exists, it is a gross bug to ignore UnitExists when creating a container. In this case, the container init PID won't be added to the systemd unit (and to the required cgroup), and as a result the container will successfully run in a current user cgroup, without any cgroup limits applied. So, fix the code to only ignore UnitExists if we're not adding a process to the systemd unit. This way, kubelet will keep working as is, but runc will refuse to create containers which are not placed into a requested cgroup. [1] https://github.com/opencontainers/runc/pull/1124 Signed-off-by: Kir Kolyshkin --- libcontainer/cgroups/systemd/common.go | 10 ++++++++-- libcontainer/cgroups/systemd/v1.go | 2 +- libcontainer/cgroups/systemd/v2.go | 2 +- 3 files changed, 10 insertions(+), 4 deletions(-) diff --git a/libcontainer/cgroups/systemd/common.go b/libcontainer/cgroups/systemd/common.go index c0a058012ce..31a3656ee23 100644 --- a/libcontainer/cgroups/systemd/common.go +++ b/libcontainer/cgroups/systemd/common.go @@ -124,7 +124,7 @@ func isUnitExists(err error) bool { return isDbusError(err, "org.freedesktop.systemd1.UnitExists") } -func startUnit(cm *dbusConnManager, unitName string, properties []systemdDbus.Property) error { +func startUnit(cm *dbusConnManager, unitName string, properties []systemdDbus.Property, ignoreExist bool) error { statusChan := make(chan string, 1) err := cm.retryOnDisconnect(func(c *systemdDbus.Conn) error { _, err := c.StartTransientUnitContext(context.TODO(), unitName, "replace", properties, statusChan) @@ -134,7 +134,13 @@ func startUnit(cm *dbusConnManager, unitName string, properties []systemdDbus.Pr if !isUnitExists(err) { return err } - return nil + if ignoreExist { + // TODO: remove this hack. + // This is kubelet making sure a slice exists (see + // https://github.com/opencontainers/runc/pull/1124). + return nil + } + return err } timeout := time.NewTimer(30 * time.Second) diff --git a/libcontainer/cgroups/systemd/v1.go b/libcontainer/cgroups/systemd/v1.go index ab9333cb2c8..e76449910c2 100644 --- a/libcontainer/cgroups/systemd/v1.go +++ b/libcontainer/cgroups/systemd/v1.go @@ -204,7 +204,7 @@ func (m *LegacyManager) Apply(pid int) error { properties = append(properties, c.SystemdProps...) - if err := startUnit(m.dbus, unitName, properties); err != nil { + if err := startUnit(m.dbus, unitName, properties, pid == -1); err != nil { return err } diff --git a/libcontainer/cgroups/systemd/v2.go b/libcontainer/cgroups/systemd/v2.go index 823bf38fc17..3d66ed40610 100644 --- a/libcontainer/cgroups/systemd/v2.go +++ b/libcontainer/cgroups/systemd/v2.go @@ -291,7 +291,7 @@ func (m *UnifiedManager) Apply(pid int) error { properties = append(properties, c.SystemdProps...) - if err := startUnit(m.dbus, unitName, properties); err != nil { + if err := startUnit(m.dbus, unitName, properties, pid == -1); err != nil { return fmt.Errorf("unable to start unit %q (properties %+v): %w", unitName, properties, err) } From 1d18743f9e6767580a4276108e0c977d64fd03b6 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 23 Mar 2023 11:15:01 -0700 Subject: [PATCH 0197/1176] libct/cg/sd: reset-failed and retry startUnit on UnitExists In case a systemd unit fails (for example, timed out or OOM-killed), systemd keeps the unit. This prevents starting a new container with the same systemd unit name. The fix is to call reset-failed in case UnitExists error is returned, and retry once. Signed-off-by: Kir Kolyshkin --- libcontainer/cgroups/systemd/common.go | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/libcontainer/cgroups/systemd/common.go b/libcontainer/cgroups/systemd/common.go index 31a3656ee23..e6db845cb13 100644 --- a/libcontainer/cgroups/systemd/common.go +++ b/libcontainer/cgroups/systemd/common.go @@ -126,6 +126,9 @@ func isUnitExists(err error) bool { func startUnit(cm *dbusConnManager, unitName string, properties []systemdDbus.Property, ignoreExist bool) error { statusChan := make(chan string, 1) + retry := true + +retry: err := cm.retryOnDisconnect(func(c *systemdDbus.Conn) error { _, err := c.StartTransientUnitContext(context.TODO(), unitName, "replace", properties, statusChan) return err @@ -140,6 +143,14 @@ func startUnit(cm *dbusConnManager, unitName string, properties []systemdDbus.Pr // https://github.com/opencontainers/runc/pull/1124). return nil } + if retry { + // In case a unit with the same name exists, this may + // be a leftover failed unit. Reset it, so systemd can + // remove it, and retry once. + resetFailedUnit(cm, unitName) + retry = false + goto retry + } return err } From 82bc89cd10eb5fa5fdb5d77e41b7ea3c07f9d834 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 23 Mar 2023 11:57:46 -0700 Subject: [PATCH 0198/1176] runc run: refuse a non-empty cgroup Commit d08bc0c1b3bb2 ("runc run: warn on non-empty cgroup") introduced a warning when a container is started in a non-empty cgroup. Such configuration has lots of issues. In addition to that, such configuration is not possible at all when using the systemd cgroup driver. As planned, let's promote this warning to an error, and fix the test case accordingly. Signed-off-by: Kir Kolyshkin --- libcontainer/factory_linux.go | 4 +--- tests/integration/cgroups.bats | 6 +++--- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/libcontainer/factory_linux.go b/libcontainer/factory_linux.go index b8d2d9c287d..bf8904efb85 100644 --- a/libcontainer/factory_linux.go +++ b/libcontainer/factory_linux.go @@ -77,9 +77,7 @@ func Create(root, id string, config *configs.Config) (*Container, error) { return nil, fmt.Errorf("unable to get cgroup PIDs: %w", err) } if len(pids) != 0 { - // TODO: return an error. - logrus.Warnf("container's cgroup is not empty: %d process(es) found", len(pids)) - logrus.Warn("DEPRECATED: running container in a non-empty cgroup won't be supported in runc 1.2; https://github.com/opencontainers/runc/issues/3132") + return nil, fmt.Errorf("container's cgroup is not empty: %d process(es) found", len(pids)) } } diff --git a/tests/integration/cgroups.bats b/tests/integration/cgroups.bats index 14f26d2d5a4..17e384e2c86 100644 --- a/tests/integration/cgroups.bats +++ b/tests/integration/cgroups.bats @@ -356,7 +356,7 @@ function setup() { [ "$output" = "ok" ] } -@test "runc run/create should warn about a non-empty cgroup" { +@test "runc run/create should error for a non-empty cgroup" { [ $EUID -ne 0 ] && requires rootless_cgroup set_cgroups_path @@ -366,12 +366,12 @@ function setup() { # Run a second container sharing the cgroup with the first one. runc --debug run -d --console-socket "$CONSOLE_SOCKET" ct2 - [ "$status" -eq 0 ] + [ "$status" -ne 0 ] [[ "$output" == *"container's cgroup is not empty"* ]] # Same but using runc create. runc create --console-socket "$CONSOLE_SOCKET" ct3 - [ "$status" -eq 0 ] + [ "$status" -ne 0 ] [[ "$output" == *"container's cgroup is not empty"* ]] } From 509b312cfb7a038f237c91ebac88107fa62eb3a1 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 27 Mar 2023 17:47:32 -0700 Subject: [PATCH 0199/1176] libct/cg/sd/v2: unifiedResToSystemdProps nit In code that checks that the resource name is in the for Using strings.SplitN is an overkill in this case, resulting in allocations and thus garbage to collect. Using strings.IndexByte and checking that result is not less than 1 (meaning there is a period, and it is not the first character) is sufficient here. Fixes: 0cb8bf67a3418996820ae Signed-off-by: Kir Kolyshkin --- libcontainer/cgroups/systemd/v2.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/libcontainer/cgroups/systemd/v2.go b/libcontainer/cgroups/systemd/v2.go index 3d66ed40610..e8c47123388 100644 --- a/libcontainer/cgroups/systemd/v2.go +++ b/libcontainer/cgroups/systemd/v2.go @@ -64,8 +64,7 @@ func unifiedResToSystemdProps(cm *dbusConnManager, res map[string]string) (props if strings.Contains(k, "/") { return nil, fmt.Errorf("unified resource %q must be a file name (no slashes)", k) } - sk := strings.SplitN(k, ".", 2) - if len(sk) != 2 { + if strings.IndexByte(k, '.') <= 0 { return nil, fmt.Errorf("unified resource %q must be in the form CONTROLLER.PARAMETER", k) } // Kernel is quite forgiving to extra whitespace From 3ffbd4c85a8e7f2fab1e0248202cc247325f2554 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 27 Mar 2023 16:02:36 -0700 Subject: [PATCH 0200/1176] tests/int: fix update cpu.idle failure on CS9 Systemd v252 (available in CentOS Stream 9 in our CI) added support for setting cpu.idle (see [1]). The way it works is: - if CPUWeight == 0, cpu.idle is set to 1; - if CPUWeight != 0, cpu.idle is set to 0. This behavior breaks the existing test case, as described in [2]. To fix, skip the last check in the test case in case a newer systemd is used. Fixes: #3786 [1] https://github.com/systemd/systemd/pull/23299 [2] https://github.com/opencontainers/runc/issues/3786 Signed-off-by: Kir Kolyshkin --- tests/integration/update.bats | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/integration/update.bats b/tests/integration/update.bats index 09949a1ea99..62f80793836 100644 --- a/tests/integration/update.bats +++ b/tests/integration/update.bats @@ -454,6 +454,8 @@ EOF check_cgroup_value "cpu.idle" "$val" done + # https://github.com/opencontainers/runc/issues/3786 + [ "$(systemd_version)" -ge 252 ] && return # test update other option won't impact on cpu.idle runc update --cpu-period 10000 test_update [ "$status" -eq 0 ] From b5ecad7ba3998e551789d591d565aa825dae5768 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 28 Mar 2023 13:57:58 -0700 Subject: [PATCH 0201/1176] tests/int/update: test bad cpu.idle values Values other than 1 or 0 are ignored by the kernel, see sched_group_set_idle() in kernel/sched/fair.c If the added test case ever fails, it means that the kernel now accepts values other than 0 or 1, and runc needs to adopt to that. Signed-off-by: Kir Kolyshkin --- tests/integration/update.bats | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/tests/integration/update.bats b/tests/integration/update.bats index 62f80793836..2e52af6fb54 100644 --- a/tests/integration/update.bats +++ b/tests/integration/update.bats @@ -454,6 +454,17 @@ EOF check_cgroup_value "cpu.idle" "$val" done + # Values other than 1 or 0 are ignored by the kernel, see + # sched_group_set_idle() in kernel/sched/fair.c. + # + # If this ever fails, it means that the kernel now accepts values + # other than 0 or 1, and runc needs to adopt. + for val in -1 2 3; do + runc update --cpu-idle "$val" test_update + [ "$status" -ne 0 ] + check_cgroup_value "cpu.idle" "1" + done + # https://github.com/opencontainers/runc/issues/3786 [ "$(systemd_version)" -ge 252 ] && return # test update other option won't impact on cpu.idle From ed9651bc715b767651cc869fb880b64cf12daddb Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 27 Mar 2023 10:59:40 -0700 Subject: [PATCH 0202/1176] libct/cg/sd: support setting cpu.idle via systemd Systemd v252 (available in CentOS Stream 9 in our CI) added support for setting cpu.idle (see [1]). The way it works is: - if CPUWeight == 0, cpu.idle is set to 1; - if CPUWeight != 0, cpu.idle is set to 0. This commit implements setting cpu.idle in systemd cgroup driver via a unit property. In case CPUIdle is set to non-zero value, the driver sets adds CPUWeight=0 property, which will result in systemd setting cpu.idle to 1. Unfortunately, there's no way to set cpu.idle to 0 without also changing the CPUWeight value, so the driver doesn't do anything if CPUIdle is explicitly set to 0. This case is handled by the fs driver which is always used as a followup to setting systemd unit properties. Also, handle cpu.idle set via unified map. In case it is set to non-zero value, add CPUWeight=0 property, and ignore cpu.weight (otherwise we'll get two different CPUWeight properties set). Add a unit test for new values in unified map, and an integration test case. [1] https://github.com/systemd/systemd/pull/23299 [2] https://github.com/opencontainers/runc/issues/3786 Signed-off-by: Kir Kolyshkin --- docs/systemd.md | 1 + libcontainer/cgroups/systemd/systemd_test.go | 84 ++++++++++++++++++++ libcontainer/cgroups/systemd/v2.go | 42 +++++++++- tests/integration/update.bats | 45 +++++++++++ 4 files changed, 170 insertions(+), 2 deletions(-) diff --git a/docs/systemd.md b/docs/systemd.md index c74e2e2f407..a119d935a41 100644 --- a/docs/systemd.md +++ b/docs/systemd.md @@ -91,6 +91,7 @@ The following tables summarize which properties are translated. | cpu.mems | AllowedMemoryNodes | v244 | | unified.cpu.max | CPUQuota, CPUQuotaPeriodSec | v242 | | unified.cpu.weight | CPUWeight | | +| unified.cpu.idle | CPUWeight | v252 | | unified.cpuset.cpus | AllowedCPUs | v244 | | unified.cpuset.mems | AllowedMemoryNodes | v244 | | unified.memory.high | MemoryHigh | | diff --git a/libcontainer/cgroups/systemd/systemd_test.go b/libcontainer/cgroups/systemd/systemd_test.go index 40584f78eba..8e333a00649 100644 --- a/libcontainer/cgroups/systemd/systemd_test.go +++ b/libcontainer/cgroups/systemd/systemd_test.go @@ -2,8 +2,10 @@ package systemd import ( "os" + "reflect" "testing" + systemdDbus "github.com/coreos/go-systemd/v22/dbus" "github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/configs" ) @@ -95,3 +97,85 @@ func TestUnitExistsIgnored(t *testing.T) { } } } + +func TestUnifiedResToSystemdProps(t *testing.T) { + if !IsRunningSystemd() { + t.Skip("Test requires systemd.") + } + if !cgroups.IsCgroup2UnifiedMode() { + t.Skip("cgroup v2 is required") + } + + cm := newDbusConnManager(os.Geteuid() != 0) + + testCases := []struct { + name string + minVer int + res map[string]string + expError bool + expProps []systemdDbus.Property + }{ + { + name: "empty map", + res: map[string]string{}, + }, + { + name: "only cpu.idle=1", + minVer: cpuIdleSupportedVersion, + res: map[string]string{ + "cpu.idle": "1", + }, + expProps: []systemdDbus.Property{ + newProp("CPUWeight", uint64(0)), + }, + }, + { + name: "only cpu.idle=0", + minVer: cpuIdleSupportedVersion, + res: map[string]string{ + "cpu.idle": "0", + }, + }, + { + name: "cpu.idle=1 and cpu.weight=1000", + minVer: cpuIdleSupportedVersion, + res: map[string]string{ + "cpu.idle": "1", + "cpu.weight": "1000", + }, + expProps: []systemdDbus.Property{ + newProp("CPUWeight", uint64(0)), + }, + }, + { + name: "cpu.idle=0 and cpu.weight=1000", + minVer: cpuIdleSupportedVersion, + res: map[string]string{ + "cpu.idle": "0", + "cpu.weight": "1000", + }, + expProps: []systemdDbus.Property{ + newProp("CPUWeight", uint64(1000)), + }, + }, + } + + for _, tc := range testCases { + tc := tc + t.Run(tc.name, func(t *testing.T) { + if tc.minVer != 0 && systemdVersion(cm) < tc.minVer { + t.Skipf("requires systemd >= %d", tc.minVer) + } + props, err := unifiedResToSystemdProps(cm, tc.res) + if err != nil && !tc.expError { + t.Fatalf("expected no error, got: %v", err) + } + if err == nil && tc.expError { + t.Fatal("expected error, got nil") + } + if !reflect.DeepEqual(tc.expProps, props) { + t.Errorf("wrong properties (exp %+v, got %+v)", tc.expProps, props) + } + }) + } +} diff --git a/libcontainer/cgroups/systemd/v2.go b/libcontainer/cgroups/systemd/v2.go index e8c47123388..c5576441c47 100644 --- a/libcontainer/cgroups/systemd/v2.go +++ b/libcontainer/cgroups/systemd/v2.go @@ -20,6 +20,10 @@ import ( "github.com/opencontainers/runc/libcontainer/configs" ) +const ( + cpuIdleSupportedVersion = 252 +) + type UnifiedManager struct { mu sync.Mutex cgroups *configs.Cgroup @@ -48,6 +52,14 @@ func NewUnifiedManager(config *configs.Cgroup, path string) (*UnifiedManager, er return m, nil } +func shouldSetCPUIdle(cm *dbusConnManager, v string) bool { + // The only valid values for cpu.idle are 0 and 1. As it is + // not possible to directly set cpu.idle to 0 via systemd, + // ignore 0. Ignore other values as we'll error out later + // in Set() while calling fsMgr.Set(). + return v == "1" && systemdVersion(cm) >= cpuIdleSupportedVersion +} + // unifiedResToSystemdProps tries to convert from Cgroup.Resources.Unified // key/value map (where key is cgroupfs file name) to systemd unit properties. // This is on a best-effort basis, so the properties that are not known @@ -72,6 +84,14 @@ func unifiedResToSystemdProps(cm *dbusConnManager, res map[string]string) (props v = strings.TrimSpace(v) // Please keep cases in alphabetical order. switch k { + case "cpu.idle": + if shouldSetCPUIdle(cm, v) { + // Setting CPUWeight to 0 tells systemd + // to set cpu.idle to 1. + props = append(props, + newProp("CPUWeight", uint64(0))) + } + case "cpu.max": // value: quota [period] quota := int64(0) // 0 means "unlimited" for addCpuQuota, if period is set @@ -97,6 +117,12 @@ func unifiedResToSystemdProps(cm *dbusConnManager, res map[string]string) (props addCpuQuota(cm, &props, quota, period) case "cpu.weight": + if shouldSetCPUIdle(cm, strings.TrimSpace(res["cpu.idle"])) { + // Do not add duplicate CPUWeight property + // (see case "cpu.idle" above). + logrus.Warn("unable to apply both cpu.weight and cpu.idle to systemd, ignoring cpu.weight") + continue + } num, err := strconv.ParseUint(v, 10, 64) if err != nil { return nil, fmt.Errorf("unified resource %q value conversion error: %w", k, err) @@ -212,9 +238,21 @@ func genV2ResourcesProperties(dirPath string, r *configs.Resources, cm *dbusConn newProp("MemorySwapMax", uint64(swap))) } - if r.CpuWeight != 0 { + idleSet := false + // The logic here is the same as in shouldSetCPUIdle. + if r.CPUIdle != nil && *r.CPUIdle == 1 && systemdVersion(cm) >= cpuIdleSupportedVersion { properties = append(properties, - newProp("CPUWeight", r.CpuWeight)) + newProp("CPUWeight", uint64(0))) + idleSet = true + } + if r.CpuWeight != 0 { + if idleSet { + // Ignore CpuWeight if CPUIdle is already set. + logrus.Warn("unable to apply both CPUWeight and CpuIdle to systemd, ignoring CPUWeight") + } else { + properties = append(properties, + newProp("CPUWeight", r.CpuWeight)) + } } addCpuQuota(cm, &properties, r.CpuQuota, r.CpuPeriod) diff --git a/tests/integration/update.bats b/tests/integration/update.bats index 2e52af6fb54..56d9f98d43e 100644 --- a/tests/integration/update.bats +++ b/tests/integration/update.bats @@ -473,6 +473,51 @@ EOF check_cgroup_value "cpu.idle" "1" } +@test "update cgroup cpu.idle via systemd v252+" { + requires cgroups_v2 systemd cgroups_cpu_idle + [ $EUID -ne 0 ] && requires rootless_cgroup + if [ "$(systemd_version)" -lt 252 ]; then + skip "requires systemd >= v252" + fi + + runc run -d --console-socket "$CONSOLE_SOCKET" test_update + [ "$status" -eq 0 ] + check_cgroup_value "cpu.idle" "0" + + # If cpu-idle is set, cpu-share (converted to CPUWeight) can't be set via systemd. + runc update --cpu-share 200 --cpu-idle 1 test_update + [[ "$output" == *"unable to apply both"* ]] + check_cgroup_value "cpu.idle" "1" + + # Changing cpu-shares (converted to CPU weight) resets cpu.idle to 0. + runc update --cpu-share 200 test_update + check_cgroup_value "cpu.idle" "0" + + # Setting values via unified map. + + # If cpu.idle is set, cpu.weight is ignored. + runc update -r - test_update < Date: Tue, 4 Apr 2023 17:44:14 +0000 Subject: [PATCH 0203/1176] build(deps): bump lumaxis/shellcheck-problem-matchers from 1 to 2 Bumps [lumaxis/shellcheck-problem-matchers](https://github.com/lumaxis/shellcheck-problem-matchers) from 1 to 2. - [Release notes](https://github.com/lumaxis/shellcheck-problem-matchers/releases) - [Commits](https://github.com/lumaxis/shellcheck-problem-matchers/compare/v1...v2) --- updated-dependencies: - dependency-name: lumaxis/shellcheck-problem-matchers dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/validate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index a84a18c124e..c6ba662b220 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -88,7 +88,7 @@ jobs: sudo rm -f /usr/bin/shellcheck # Add ~/bin to $PATH. echo ~/bin >> $GITHUB_PATH - - uses: lumaxis/shellcheck-problem-matchers@v1 + - uses: lumaxis/shellcheck-problem-matchers@v2 - name: run run: make shellcheck - name: check-config.sh From fd5debf3aa79620ee6e04e499bfca2b5ec7083a8 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 4 Apr 2023 11:09:38 -0700 Subject: [PATCH 0204/1176] libct/cg: rm GetInitCgroup[Path] These functions were added in ancient times, facilitating the docker-in-docker case when cgroup namespace was not available. As pointed out in commit 2b28b3c2769, using init 1 cgroup is not correct because it won't work in case of host PID namespace. The last user of GetInitCgroup was removed by commit 54e20217a86f117037e3f5. GetInitCgroupPath was never used as far as I can see, nor was I able to find any external users. Remove both functions. Modify the comment in libct/cg/fs.subsysPath to not refer to GetInitCgroupPath. Signed-off-by: Kir Kolyshkin --- libcontainer/cgroups/fs/paths.go | 5 ++--- libcontainer/cgroups/v1_utils.go | 21 --------------------- 2 files changed, 2 insertions(+), 24 deletions(-) diff --git a/libcontainer/cgroups/fs/paths.go b/libcontainer/cgroups/fs/paths.go index 1092331b25d..c5d234acf1a 100644 --- a/libcontainer/cgroups/fs/paths.go +++ b/libcontainer/cgroups/fs/paths.go @@ -164,9 +164,8 @@ func subsysPath(root, inner, subsystem string) (string, error) { return filepath.Join(root, filepath.Base(mnt), inner), nil } - // Use GetOwnCgroupPath instead of GetInitCgroupPath, because the creating - // process could in container and shared pid namespace with host, and - // /proc/1/cgroup could point to whole other world of cgroups. + // Use GetOwnCgroupPath for dind-like cases, when cgroupns is not + // available. This is ugly. parentPath, err := cgroups.GetOwnCgroupPath(subsystem) if err != nil { return "", err diff --git a/libcontainer/cgroups/v1_utils.go b/libcontainer/cgroups/v1_utils.go index 47c75f22b42..8524c468434 100644 --- a/libcontainer/cgroups/v1_utils.go +++ b/libcontainer/cgroups/v1_utils.go @@ -236,27 +236,6 @@ func GetOwnCgroupPath(subsystem string) (string, error) { return getCgroupPathHelper(subsystem, cgroup) } -func GetInitCgroup(subsystem string) (string, error) { - if IsCgroup2UnifiedMode() { - return "", errUnified - } - cgroups, err := ParseCgroupFile("/proc/1/cgroup") - if err != nil { - return "", err - } - - return getControllerPath(subsystem, cgroups) -} - -func GetInitCgroupPath(subsystem string) (string, error) { - cgroup, err := GetInitCgroup(subsystem) - if err != nil { - return "", err - } - - return getCgroupPathHelper(subsystem, cgroup) -} - func getCgroupPathHelper(subsystem, cgroup string) (string, error) { mnt, root, err := FindCgroupMountpointAndRoot("", subsystem) if err != nil { From a6e95c53f4d3af6439a10b8314b24aeadc35a7c7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 5 Apr 2023 04:59:43 +0000 Subject: [PATCH 0205/1176] build(deps): bump golang.org/x/sys from 0.6.0 to 0.7.0 Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.6.0 to 0.7.0. - [Release notes](https://github.com/golang/sys/releases) - [Commits](https://github.com/golang/sys/compare/v0.6.0...v0.7.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 +- vendor/golang.org/x/sys/unix/ioctl_signed.go | 70 +++++++++++++++++++ .../sys/unix/{ioctl.go => ioctl_unsigned.go} | 4 +- vendor/golang.org/x/sys/unix/ioctl_zos.go | 12 ++-- vendor/golang.org/x/sys/unix/mkerrors.sh | 2 + vendor/golang.org/x/sys/unix/syscall_aix.go | 4 +- .../golang.org/x/sys/unix/syscall_aix_ppc.go | 1 - .../x/sys/unix/syscall_aix_ppc64.go | 1 - .../golang.org/x/sys/unix/syscall_darwin.go | 3 +- .../x/sys/unix/syscall_dragonfly.go | 1 - .../golang.org/x/sys/unix/syscall_freebsd.go | 1 - vendor/golang.org/x/sys/unix/syscall_linux.go | 10 ++- .../x/sys/unix/syscall_linux_386.go | 27 ------- .../x/sys/unix/syscall_linux_amd64.go | 1 - .../x/sys/unix/syscall_linux_arm.go | 27 ------- .../x/sys/unix/syscall_linux_arm64.go | 10 --- .../x/sys/unix/syscall_linux_loong64.go | 5 -- .../x/sys/unix/syscall_linux_mips64x.go | 1 - .../x/sys/unix/syscall_linux_mipsx.go | 27 ------- .../x/sys/unix/syscall_linux_ppc.go | 27 ------- .../x/sys/unix/syscall_linux_ppc64x.go | 1 - .../x/sys/unix/syscall_linux_riscv64.go | 1 - .../x/sys/unix/syscall_linux_s390x.go | 1 - .../x/sys/unix/syscall_linux_sparc64.go | 1 - .../golang.org/x/sys/unix/syscall_netbsd.go | 2 - .../golang.org/x/sys/unix/syscall_openbsd.go | 1 - .../golang.org/x/sys/unix/syscall_solaris.go | 21 +++--- vendor/golang.org/x/sys/unix/syscall_unix.go | 7 ++ .../x/sys/unix/syscall_zos_s390x.go | 4 +- .../x/sys/unix/zerrors_darwin_amd64.go | 19 +++++ .../x/sys/unix/zerrors_darwin_arm64.go | 19 +++++ .../golang.org/x/sys/unix/zsyscall_aix_ppc.go | 15 +--- .../x/sys/unix/zsyscall_aix_ppc64.go | 18 ++--- .../x/sys/unix/zsyscall_aix_ppc64_gc.go | 10 --- .../x/sys/unix/zsyscall_aix_ppc64_gccgo.go | 10 +-- .../x/sys/unix/zsyscall_darwin_amd64.go | 39 +++++++---- .../x/sys/unix/zsyscall_darwin_amd64.s | 11 ++- .../x/sys/unix/zsyscall_darwin_arm64.go | 39 +++++++---- .../x/sys/unix/zsyscall_darwin_arm64.s | 11 ++- .../x/sys/unix/zsyscall_dragonfly_amd64.go | 10 --- .../x/sys/unix/zsyscall_freebsd_386.go | 10 --- .../x/sys/unix/zsyscall_freebsd_amd64.go | 10 --- .../x/sys/unix/zsyscall_freebsd_arm.go | 10 --- .../x/sys/unix/zsyscall_freebsd_arm64.go | 10 --- .../x/sys/unix/zsyscall_freebsd_riscv64.go | 10 --- .../golang.org/x/sys/unix/zsyscall_linux.go | 10 --- .../x/sys/unix/zsyscall_linux_386.go | 10 --- .../x/sys/unix/zsyscall_linux_amd64.go | 10 --- .../x/sys/unix/zsyscall_linux_arm.go | 10 --- .../x/sys/unix/zsyscall_linux_arm64.go | 10 --- .../x/sys/unix/zsyscall_linux_mips.go | 10 --- .../x/sys/unix/zsyscall_linux_mips64.go | 10 --- .../x/sys/unix/zsyscall_linux_mips64le.go | 10 --- .../x/sys/unix/zsyscall_linux_mipsle.go | 10 --- .../x/sys/unix/zsyscall_linux_ppc.go | 10 --- .../x/sys/unix/zsyscall_linux_ppc64.go | 10 --- .../x/sys/unix/zsyscall_linux_ppc64le.go | 10 --- .../x/sys/unix/zsyscall_linux_riscv64.go | 10 --- .../x/sys/unix/zsyscall_linux_s390x.go | 10 --- .../x/sys/unix/zsyscall_linux_sparc64.go | 10 --- .../x/sys/unix/zsyscall_netbsd_386.go | 10 --- .../x/sys/unix/zsyscall_netbsd_amd64.go | 10 --- .../x/sys/unix/zsyscall_netbsd_arm.go | 10 --- .../x/sys/unix/zsyscall_netbsd_arm64.go | 10 --- .../x/sys/unix/zsyscall_openbsd_386.go | 14 ---- .../x/sys/unix/zsyscall_openbsd_386.s | 5 -- .../x/sys/unix/zsyscall_openbsd_amd64.go | 14 ---- .../x/sys/unix/zsyscall_openbsd_amd64.s | 5 -- .../x/sys/unix/zsyscall_openbsd_arm.go | 14 ---- .../x/sys/unix/zsyscall_openbsd_arm.s | 5 -- .../x/sys/unix/zsyscall_openbsd_arm64.go | 14 ---- .../x/sys/unix/zsyscall_openbsd_arm64.s | 5 -- .../x/sys/unix/zsyscall_openbsd_mips64.go | 14 ---- .../x/sys/unix/zsyscall_openbsd_mips64.s | 5 -- .../x/sys/unix/zsyscall_openbsd_ppc64.go | 14 ---- .../x/sys/unix/zsyscall_openbsd_ppc64.s | 6 -- .../x/sys/unix/zsyscall_openbsd_riscv64.go | 14 ---- .../x/sys/unix/zsyscall_openbsd_riscv64.s | 5 -- .../x/sys/unix/zsyscall_solaris_amd64.go | 17 +---- .../x/sys/unix/zsyscall_zos_s390x.go | 4 +- .../x/sys/unix/ztypes_darwin_amd64.go | 11 +++ .../x/sys/unix/ztypes_darwin_arm64.go | 11 +++ .../golang.org/x/sys/windows/types_windows.go | 4 +- vendor/modules.txt | 2 +- 85 files changed, 248 insertions(+), 655 deletions(-) create mode 100644 vendor/golang.org/x/sys/unix/ioctl_signed.go rename vendor/golang.org/x/sys/unix/{ioctl.go => ioctl_unsigned.go} (92%) diff --git a/go.mod b/go.mod index 94bef572168..c16c7e67661 100644 --- a/go.mod +++ b/go.mod @@ -20,7 +20,7 @@ require ( github.com/urfave/cli v1.22.9 github.com/vishvananda/netlink v1.1.0 golang.org/x/net v0.8.0 - golang.org/x/sys v0.6.0 + golang.org/x/sys v0.7.0 google.golang.org/protobuf v1.30.0 ) diff --git a/go.sum b/go.sum index ffdd97d406e..5cc89050e1f 100644 --- a/go.sum +++ b/go.sum @@ -65,8 +65,8 @@ golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ= -golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.7.0 h1:3jlCCIQZPdOYu1h8BkNvLz8Kgwtae2cagcG/VamtZRU= +golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= diff --git a/vendor/golang.org/x/sys/unix/ioctl_signed.go b/vendor/golang.org/x/sys/unix/ioctl_signed.go new file mode 100644 index 00000000000..7def9580e6f --- /dev/null +++ b/vendor/golang.org/x/sys/unix/ioctl_signed.go @@ -0,0 +1,70 @@ +// Copyright 2018 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build aix || solaris +// +build aix solaris + +package unix + +import ( + "unsafe" +) + +// ioctl itself should not be exposed directly, but additional get/set +// functions for specific types are permissible. + +// IoctlSetInt performs an ioctl operation which sets an integer value +// on fd, using the specified request number. +func IoctlSetInt(fd int, req int, value int) error { + return ioctl(fd, req, uintptr(value)) +} + +// IoctlSetPointerInt performs an ioctl operation which sets an +// integer value on fd, using the specified request number. The ioctl +// argument is called with a pointer to the integer value, rather than +// passing the integer value directly. +func IoctlSetPointerInt(fd int, req int, value int) error { + v := int32(value) + return ioctlPtr(fd, req, unsafe.Pointer(&v)) +} + +// IoctlSetWinsize performs an ioctl on fd with a *Winsize argument. +// +// To change fd's window size, the req argument should be TIOCSWINSZ. +func IoctlSetWinsize(fd int, req int, value *Winsize) error { + // TODO: if we get the chance, remove the req parameter and + // hardcode TIOCSWINSZ. + return ioctlPtr(fd, req, unsafe.Pointer(value)) +} + +// IoctlSetTermios performs an ioctl on fd with a *Termios. +// +// The req value will usually be TCSETA or TIOCSETA. +func IoctlSetTermios(fd int, req int, value *Termios) error { + // TODO: if we get the chance, remove the req parameter. + return ioctlPtr(fd, req, unsafe.Pointer(value)) +} + +// IoctlGetInt performs an ioctl operation which gets an integer value +// from fd, using the specified request number. +// +// A few ioctl requests use the return value as an output parameter; +// for those, IoctlRetInt should be used instead of this function. +func IoctlGetInt(fd int, req int) (int, error) { + var value int + err := ioctlPtr(fd, req, unsafe.Pointer(&value)) + return value, err +} + +func IoctlGetWinsize(fd int, req int) (*Winsize, error) { + var value Winsize + err := ioctlPtr(fd, req, unsafe.Pointer(&value)) + return &value, err +} + +func IoctlGetTermios(fd int, req int) (*Termios, error) { + var value Termios + err := ioctlPtr(fd, req, unsafe.Pointer(&value)) + return &value, err +} diff --git a/vendor/golang.org/x/sys/unix/ioctl.go b/vendor/golang.org/x/sys/unix/ioctl_unsigned.go similarity index 92% rename from vendor/golang.org/x/sys/unix/ioctl.go rename to vendor/golang.org/x/sys/unix/ioctl_unsigned.go index 7ce8dd406ff..649913d1ea7 100644 --- a/vendor/golang.org/x/sys/unix/ioctl.go +++ b/vendor/golang.org/x/sys/unix/ioctl_unsigned.go @@ -2,8 +2,8 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build aix || darwin || dragonfly || freebsd || hurd || linux || netbsd || openbsd || solaris -// +build aix darwin dragonfly freebsd hurd linux netbsd openbsd solaris +//go:build darwin || dragonfly || freebsd || hurd || linux || netbsd || openbsd +// +build darwin dragonfly freebsd hurd linux netbsd openbsd package unix diff --git a/vendor/golang.org/x/sys/unix/ioctl_zos.go b/vendor/golang.org/x/sys/unix/ioctl_zos.go index 6532f09af2e..cdc21bf76dc 100644 --- a/vendor/golang.org/x/sys/unix/ioctl_zos.go +++ b/vendor/golang.org/x/sys/unix/ioctl_zos.go @@ -17,14 +17,14 @@ import ( // IoctlSetInt performs an ioctl operation which sets an integer value // on fd, using the specified request number. -func IoctlSetInt(fd int, req uint, value int) error { +func IoctlSetInt(fd int, req int, value int) error { return ioctl(fd, req, uintptr(value)) } // IoctlSetWinsize performs an ioctl on fd with a *Winsize argument. // // To change fd's window size, the req argument should be TIOCSWINSZ. -func IoctlSetWinsize(fd int, req uint, value *Winsize) error { +func IoctlSetWinsize(fd int, req int, value *Winsize) error { // TODO: if we get the chance, remove the req parameter and // hardcode TIOCSWINSZ. return ioctlPtr(fd, req, unsafe.Pointer(value)) @@ -33,7 +33,7 @@ func IoctlSetWinsize(fd int, req uint, value *Winsize) error { // IoctlSetTermios performs an ioctl on fd with a *Termios. // // The req value is expected to be TCSETS, TCSETSW, or TCSETSF -func IoctlSetTermios(fd int, req uint, value *Termios) error { +func IoctlSetTermios(fd int, req int, value *Termios) error { if (req != TCSETS) && (req != TCSETSW) && (req != TCSETSF) { return ENOSYS } @@ -47,13 +47,13 @@ func IoctlSetTermios(fd int, req uint, value *Termios) error { // // A few ioctl requests use the return value as an output parameter; // for those, IoctlRetInt should be used instead of this function. -func IoctlGetInt(fd int, req uint) (int, error) { +func IoctlGetInt(fd int, req int) (int, error) { var value int err := ioctlPtr(fd, req, unsafe.Pointer(&value)) return value, err } -func IoctlGetWinsize(fd int, req uint) (*Winsize, error) { +func IoctlGetWinsize(fd int, req int) (*Winsize, error) { var value Winsize err := ioctlPtr(fd, req, unsafe.Pointer(&value)) return &value, err @@ -62,7 +62,7 @@ func IoctlGetWinsize(fd int, req uint) (*Winsize, error) { // IoctlGetTermios performs an ioctl on fd with a *Termios. // // The req value is expected to be TCGETS -func IoctlGetTermios(fd int, req uint) (*Termios, error) { +func IoctlGetTermios(fd int, req int) (*Termios, error) { var value Termios if req != TCGETS { return &value, ENOSYS diff --git a/vendor/golang.org/x/sys/unix/mkerrors.sh b/vendor/golang.org/x/sys/unix/mkerrors.sh index 7456d9ddde1..2045d3dadb8 100644 --- a/vendor/golang.org/x/sys/unix/mkerrors.sh +++ b/vendor/golang.org/x/sys/unix/mkerrors.sh @@ -66,6 +66,7 @@ includes_Darwin=' #include #include #include +#include #include #include #include @@ -521,6 +522,7 @@ ccflags="$@" $2 ~ /^NFC_(GENL|PROTO|COMM|RF|SE|DIRECTION|LLCP|SOCKPROTO)_/ || $2 ~ /^NFC_.*_(MAX)?SIZE$/ || $2 ~ /^RAW_PAYLOAD_/ || + $2 ~ /^[US]F_/ || $2 ~ /^TP_STATUS_/ || $2 ~ /^FALLOC_/ || $2 ~ /^ICMPV?6?_(FILTER|SEC)/ || diff --git a/vendor/golang.org/x/sys/unix/syscall_aix.go b/vendor/golang.org/x/sys/unix/syscall_aix.go index d9f5544ccf4..c406ae00f41 100644 --- a/vendor/golang.org/x/sys/unix/syscall_aix.go +++ b/vendor/golang.org/x/sys/unix/syscall_aix.go @@ -408,8 +408,8 @@ func (w WaitStatus) CoreDump() bool { return w&0x80 == 0x80 } func (w WaitStatus) TrapCause() int { return -1 } -//sys ioctl(fd int, req uint, arg uintptr) (err error) -//sys ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) = ioctl +//sys ioctl(fd int, req int, arg uintptr) (err error) +//sys ioctlPtr(fd int, req int, arg unsafe.Pointer) (err error) = ioctl // fcntl must never be called with cmd=F_DUP2FD because it doesn't work on AIX // There is no way to create a custom fcntl and to keep //sys fcntl easily, diff --git a/vendor/golang.org/x/sys/unix/syscall_aix_ppc.go b/vendor/golang.org/x/sys/unix/syscall_aix_ppc.go index e92a0be1630..f2871fa9535 100644 --- a/vendor/golang.org/x/sys/unix/syscall_aix_ppc.go +++ b/vendor/golang.org/x/sys/unix/syscall_aix_ppc.go @@ -8,7 +8,6 @@ package unix //sysnb Getrlimit(resource int, rlim *Rlimit) (err error) = getrlimit64 -//sysnb Setrlimit(resource int, rlim *Rlimit) (err error) = setrlimit64 //sys Seek(fd int, offset int64, whence int) (off int64, err error) = lseek64 //sys mmap(addr uintptr, length uintptr, prot int, flags int, fd int, offset int64) (xaddr uintptr, err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_aix_ppc64.go b/vendor/golang.org/x/sys/unix/syscall_aix_ppc64.go index 16eed17098e..75718ec0f19 100644 --- a/vendor/golang.org/x/sys/unix/syscall_aix_ppc64.go +++ b/vendor/golang.org/x/sys/unix/syscall_aix_ppc64.go @@ -8,7 +8,6 @@ package unix //sysnb Getrlimit(resource int, rlim *Rlimit) (err error) -//sysnb Setrlimit(resource int, rlim *Rlimit) (err error) //sys Seek(fd int, offset int64, whence int) (off int64, err error) = lseek //sys mmap(addr uintptr, length uintptr, prot int, flags int, fd int, offset int64) (xaddr uintptr, err error) = mmap64 diff --git a/vendor/golang.org/x/sys/unix/syscall_darwin.go b/vendor/golang.org/x/sys/unix/syscall_darwin.go index 7064d6ebab6..206921504cb 100644 --- a/vendor/golang.org/x/sys/unix/syscall_darwin.go +++ b/vendor/golang.org/x/sys/unix/syscall_darwin.go @@ -613,6 +613,7 @@ func SysctlKinfoProcSlice(name string, args ...int) ([]KinfoProc, error) { //sys Rmdir(path string) (err error) //sys Seek(fd int, offset int64, whence int) (newoffset int64, err error) = SYS_LSEEK //sys Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) +//sys Setattrlist(path string, attrlist *Attrlist, attrBuf []byte, options int) (err error) //sys Setegid(egid int) (err error) //sysnb Seteuid(euid int) (err error) //sysnb Setgid(gid int) (err error) @@ -622,7 +623,6 @@ func SysctlKinfoProcSlice(name string, args ...int) ([]KinfoProc, error) { //sys Setprivexec(flag int) (err error) //sysnb Setregid(rgid int, egid int) (err error) //sysnb Setreuid(ruid int, euid int) (err error) -//sysnb Setrlimit(which int, lim *Rlimit) (err error) //sysnb Setsid() (pid int, err error) //sysnb Settimeofday(tp *Timeval) (err error) //sysnb Setuid(uid int) (err error) @@ -676,7 +676,6 @@ func SysctlKinfoProcSlice(name string, args ...int) ([]KinfoProc, error) { // Kqueue_from_portset_np // Kqueue_portset // Getattrlist -// Setattrlist // Getdirentriesattr // Searchfs // Delete diff --git a/vendor/golang.org/x/sys/unix/syscall_dragonfly.go b/vendor/golang.org/x/sys/unix/syscall_dragonfly.go index 221efc26bcd..d4ce988e72f 100644 --- a/vendor/golang.org/x/sys/unix/syscall_dragonfly.go +++ b/vendor/golang.org/x/sys/unix/syscall_dragonfly.go @@ -326,7 +326,6 @@ func Sendfile(outfd int, infd int, offset *int64, count int) (written int, err e //sysnb Setreuid(ruid int, euid int) (err error) //sysnb Setresgid(rgid int, egid int, sgid int) (err error) //sysnb Setresuid(ruid int, euid int, suid int) (err error) -//sysnb Setrlimit(which int, lim *Rlimit) (err error) //sysnb Setsid() (pid int, err error) //sysnb Settimeofday(tp *Timeval) (err error) //sysnb Setuid(uid int) (err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd.go b/vendor/golang.org/x/sys/unix/syscall_freebsd.go index 5bdde03e4a8..afb10106f6e 100644 --- a/vendor/golang.org/x/sys/unix/syscall_freebsd.go +++ b/vendor/golang.org/x/sys/unix/syscall_freebsd.go @@ -433,7 +433,6 @@ func Dup3(oldfd, newfd, flags int) error { //sysnb Setreuid(ruid int, euid int) (err error) //sysnb Setresgid(rgid int, egid int, sgid int) (err error) //sysnb Setresuid(ruid int, euid int, suid int) (err error) -//sysnb Setrlimit(which int, lim *Rlimit) (err error) //sysnb Setsid() (pid int, err error) //sysnb Settimeofday(tp *Timeval) (err error) //sysnb Setuid(uid int) (err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_linux.go b/vendor/golang.org/x/sys/unix/syscall_linux.go index 9735331530a..fbaeb5fff14 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux.go @@ -1873,7 +1873,6 @@ func Getpgrp() (pid int) { //sys OpenTree(dfd int, fileName string, flags uint) (r int, err error) //sys PerfEventOpen(attr *PerfEventAttr, pid int, cpu int, groupFd int, flags int) (fd int, err error) //sys PivotRoot(newroot string, putold string) (err error) = SYS_PIVOT_ROOT -//sysnb Prlimit(pid int, resource int, newlimit *Rlimit, old *Rlimit) (err error) = SYS_PRLIMIT64 //sys Prctl(option int, arg2 uintptr, arg3 uintptr, arg4 uintptr, arg5 uintptr) (err error) //sys Pselect(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timespec, sigmask *Sigset_t) (n int, err error) = SYS_PSELECT6 //sys read(fd int, p []byte) (n int, err error) @@ -1887,6 +1886,15 @@ func Getpgrp() (pid int) { //sysnb Settimeofday(tv *Timeval) (err error) //sys Setns(fd int, nstype int) (err error) +//go:linkname syscall_prlimit syscall.prlimit +func syscall_prlimit(pid, resource int, newlimit, old *syscall.Rlimit) error + +func Prlimit(pid, resource int, newlimit, old *Rlimit) error { + // Just call the syscall version, because as of Go 1.21 + // it will affect starting a new process. + return syscall_prlimit(pid, resource, (*syscall.Rlimit)(newlimit), (*syscall.Rlimit)(old)) +} + // PrctlRetInt performs a prctl operation specified by option and further // optional arguments arg2 through arg5 depending on option. It returns a // non-negative integer that is returned by the prctl syscall. diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_386.go b/vendor/golang.org/x/sys/unix/syscall_linux_386.go index ff5b5899d6d..c7d9945ea19 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_386.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_386.go @@ -97,33 +97,6 @@ func Getrlimit(resource int, rlim *Rlimit) (err error) { return } -//sysnb setrlimit(resource int, rlim *rlimit32) (err error) = SYS_SETRLIMIT - -func Setrlimit(resource int, rlim *Rlimit) (err error) { - err = Prlimit(0, resource, rlim, nil) - if err != ENOSYS { - return err - } - - rl := rlimit32{} - if rlim.Cur == rlimInf64 { - rl.Cur = rlimInf32 - } else if rlim.Cur < uint64(rlimInf32) { - rl.Cur = uint32(rlim.Cur) - } else { - return EINVAL - } - if rlim.Max == rlimInf64 { - rl.Max = rlimInf32 - } else if rlim.Max < uint64(rlimInf32) { - rl.Max = uint32(rlim.Max) - } else { - return EINVAL - } - - return setrlimit(resource, &rl) -} - func Seek(fd int, offset int64, whence int) (newoffset int64, err error) { newoffset, errno := seek(fd, offset, whence) if errno != 0 { diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go b/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go index 9b270353298..5b21fcfd753 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go @@ -46,7 +46,6 @@ func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err //sys sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) //sys setfsgid(gid int) (prev int, err error) //sys setfsuid(uid int) (prev int, err error) -//sysnb Setrlimit(resource int, rlim *Rlimit) (err error) //sys Shutdown(fd int, how int) (err error) //sys Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_arm.go b/vendor/golang.org/x/sys/unix/syscall_linux_arm.go index 856ad1d635c..da2986415ae 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_arm.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_arm.go @@ -171,33 +171,6 @@ func Getrlimit(resource int, rlim *Rlimit) (err error) { return } -//sysnb setrlimit(resource int, rlim *rlimit32) (err error) = SYS_SETRLIMIT - -func Setrlimit(resource int, rlim *Rlimit) (err error) { - err = Prlimit(0, resource, rlim, nil) - if err != ENOSYS { - return err - } - - rl := rlimit32{} - if rlim.Cur == rlimInf64 { - rl.Cur = rlimInf32 - } else if rlim.Cur < uint64(rlimInf32) { - rl.Cur = uint32(rlim.Cur) - } else { - return EINVAL - } - if rlim.Max == rlimInf64 { - rl.Max = rlimInf32 - } else if rlim.Max < uint64(rlimInf32) { - rl.Max = uint32(rlim.Max) - } else { - return EINVAL - } - - return setrlimit(resource, &rl) -} - func (r *PtraceRegs) PC() uint64 { return uint64(r.Uregs[15]) } func (r *PtraceRegs) SetPC(pc uint64) { r.Uregs[15] = uint32(pc) } diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go b/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go index 6422704bc52..a81f5742b8a 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go @@ -39,7 +39,6 @@ func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err //sys sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) //sys setfsgid(gid int) (prev int, err error) //sys setfsuid(uid int) (prev int, err error) -//sysnb setrlimit(resource int, rlim *Rlimit) (err error) //sys Shutdown(fd int, how int) (err error) //sys Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error) @@ -143,15 +142,6 @@ func Getrlimit(resource int, rlim *Rlimit) error { return getrlimit(resource, rlim) } -// Setrlimit prefers the prlimit64 system call. See issue 38604. -func Setrlimit(resource int, rlim *Rlimit) error { - err := Prlimit(0, resource, rlim, nil) - if err != ENOSYS { - return err - } - return setrlimit(resource, rlim) -} - func (r *PtraceRegs) PC() uint64 { return r.Pc } func (r *PtraceRegs) SetPC(pc uint64) { r.Pc = pc } diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go b/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go index 59dab510e97..69d2d7c3db7 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go @@ -126,11 +126,6 @@ func Getrlimit(resource int, rlim *Rlimit) (err error) { return } -func Setrlimit(resource int, rlim *Rlimit) (err error) { - err = Prlimit(0, resource, rlim, nil) - return -} - func futimesat(dirfd int, path string, tv *[2]Timeval) (err error) { if tv == nil { return utimensat(dirfd, path, nil, 0) diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go b/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go index bfef09a39eb..76d564095ef 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go @@ -37,7 +37,6 @@ func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err //sys sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) //sys setfsgid(gid int) (prev int, err error) //sys setfsuid(uid int) (prev int, err error) -//sysnb Setrlimit(resource int, rlim *Rlimit) (err error) //sys Shutdown(fd int, how int) (err error) //sys Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error) //sys Statfs(path string, buf *Statfs_t) (err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go b/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go index ab302509663..aae7f0ffd3f 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go @@ -151,33 +151,6 @@ func Getrlimit(resource int, rlim *Rlimit) (err error) { return } -//sysnb setrlimit(resource int, rlim *rlimit32) (err error) = SYS_SETRLIMIT - -func Setrlimit(resource int, rlim *Rlimit) (err error) { - err = Prlimit(0, resource, rlim, nil) - if err != ENOSYS { - return err - } - - rl := rlimit32{} - if rlim.Cur == rlimInf64 { - rl.Cur = rlimInf32 - } else if rlim.Cur < uint64(rlimInf32) { - rl.Cur = uint32(rlim.Cur) - } else { - return EINVAL - } - if rlim.Max == rlimInf64 { - rl.Max = rlimInf32 - } else if rlim.Max < uint64(rlimInf32) { - rl.Max = uint32(rlim.Max) - } else { - return EINVAL - } - - return setrlimit(resource, &rl) -} - func (r *PtraceRegs) PC() uint64 { return r.Epc } func (r *PtraceRegs) SetPC(pc uint64) { r.Epc = pc } diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go b/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go index eac1cf1acc8..66eff19a320 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go @@ -159,33 +159,6 @@ func Getrlimit(resource int, rlim *Rlimit) (err error) { return } -//sysnb setrlimit(resource int, rlim *rlimit32) (err error) = SYS_SETRLIMIT - -func Setrlimit(resource int, rlim *Rlimit) (err error) { - err = Prlimit(0, resource, rlim, nil) - if err != ENOSYS { - return err - } - - rl := rlimit32{} - if rlim.Cur == rlimInf64 { - rl.Cur = rlimInf32 - } else if rlim.Cur < uint64(rlimInf32) { - rl.Cur = uint32(rlim.Cur) - } else { - return EINVAL - } - if rlim.Max == rlimInf64 { - rl.Max = rlimInf32 - } else if rlim.Max < uint64(rlimInf32) { - rl.Max = uint32(rlim.Max) - } else { - return EINVAL - } - - return setrlimit(resource, &rl) -} - func (r *PtraceRegs) PC() uint32 { return r.Nip } func (r *PtraceRegs) SetPC(pc uint32) { r.Nip = pc } diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go b/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go index 4df56616b8f..806aa2574d8 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go @@ -34,7 +34,6 @@ package unix //sys sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) //sys setfsgid(gid int) (prev int, err error) //sys setfsuid(uid int) (prev int, err error) -//sysnb Setrlimit(resource int, rlim *Rlimit) (err error) //sys Shutdown(fd int, how int) (err error) //sys Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error) //sys Stat(path string, stat *Stat_t) (err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go b/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go index 5f4243dea2c..35851ef70b8 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go @@ -38,7 +38,6 @@ func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err //sys sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) //sys setfsgid(gid int) (prev int, err error) //sys setfsuid(uid int) (prev int, err error) -//sysnb Setrlimit(resource int, rlim *Rlimit) (err error) //sys Shutdown(fd int, how int) (err error) //sys Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go b/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go index d0a7d406685..2f89e8f5def 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go @@ -34,7 +34,6 @@ import ( //sys sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) //sys setfsgid(gid int) (prev int, err error) //sys setfsuid(uid int) (prev int, err error) -//sysnb Setrlimit(resource int, rlim *Rlimit) (err error) //sys Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error) //sys Stat(path string, stat *Stat_t) (err error) //sys Statfs(path string, buf *Statfs_t) (err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go b/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go index f5c793be26d..7ca064ae764 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go @@ -31,7 +31,6 @@ package unix //sys sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) //sys setfsgid(gid int) (prev int, err error) //sys setfsuid(uid int) (prev int, err error) -//sysnb Setrlimit(resource int, rlim *Rlimit) (err error) //sys Shutdown(fd int, how int) (err error) //sys Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error) //sys Stat(path string, stat *Stat_t) (err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_netbsd.go b/vendor/golang.org/x/sys/unix/syscall_netbsd.go index e66865dccbe..018d7d47822 100644 --- a/vendor/golang.org/x/sys/unix/syscall_netbsd.go +++ b/vendor/golang.org/x/sys/unix/syscall_netbsd.go @@ -340,7 +340,6 @@ func Statvfs(path string, buf *Statvfs_t) (err error) { //sys Setpriority(which int, who int, prio int) (err error) //sysnb Setregid(rgid int, egid int) (err error) //sysnb Setreuid(ruid int, euid int) (err error) -//sysnb Setrlimit(which int, lim *Rlimit) (err error) //sysnb Setsid() (pid int, err error) //sysnb Settimeofday(tp *Timeval) (err error) //sysnb Setuid(uid int) (err error) @@ -501,7 +500,6 @@ func Statvfs(path string, buf *Statvfs_t) (err error) { // compat_43_osendmsg // compat_43_osethostid // compat_43_osethostname -// compat_43_osetrlimit // compat_43_osigblock // compat_43_osigsetmask // compat_43_osigstack diff --git a/vendor/golang.org/x/sys/unix/syscall_openbsd.go b/vendor/golang.org/x/sys/unix/syscall_openbsd.go index 5e9de23ae37..f9c7a9663c6 100644 --- a/vendor/golang.org/x/sys/unix/syscall_openbsd.go +++ b/vendor/golang.org/x/sys/unix/syscall_openbsd.go @@ -294,7 +294,6 @@ func Uname(uname *Utsname) error { //sysnb Setreuid(ruid int, euid int) (err error) //sysnb Setresgid(rgid int, egid int, sgid int) (err error) //sysnb Setresuid(ruid int, euid int, suid int) (err error) -//sysnb Setrlimit(which int, lim *Rlimit) (err error) //sysnb Setrtable(rtable int) (err error) //sysnb Setsid() (pid int, err error) //sysnb Settimeofday(tp *Timeval) (err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_solaris.go b/vendor/golang.org/x/sys/unix/syscall_solaris.go index d3444b64d6d..b600a289d33 100644 --- a/vendor/golang.org/x/sys/unix/syscall_solaris.go +++ b/vendor/golang.org/x/sys/unix/syscall_solaris.go @@ -545,24 +545,24 @@ func Minor(dev uint64) uint32 { * Expose the ioctl function */ -//sys ioctlRet(fd int, req uint, arg uintptr) (ret int, err error) = libc.ioctl -//sys ioctlPtrRet(fd int, req uint, arg unsafe.Pointer) (ret int, err error) = libc.ioctl +//sys ioctlRet(fd int, req int, arg uintptr) (ret int, err error) = libc.ioctl +//sys ioctlPtrRet(fd int, req int, arg unsafe.Pointer) (ret int, err error) = libc.ioctl -func ioctl(fd int, req uint, arg uintptr) (err error) { +func ioctl(fd int, req int, arg uintptr) (err error) { _, err = ioctlRet(fd, req, arg) return err } -func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { +func ioctlPtr(fd int, req int, arg unsafe.Pointer) (err error) { _, err = ioctlPtrRet(fd, req, arg) return err } -func IoctlSetTermio(fd int, req uint, value *Termio) error { +func IoctlSetTermio(fd int, req int, value *Termio) error { return ioctlPtr(fd, req, unsafe.Pointer(value)) } -func IoctlGetTermio(fd int, req uint) (*Termio, error) { +func IoctlGetTermio(fd int, req int) (*Termio, error) { var value Termio err := ioctlPtr(fd, req, unsafe.Pointer(&value)) return &value, err @@ -665,7 +665,6 @@ func Sendfile(outfd int, infd int, offset *int64, count int) (written int, err e //sys Setpriority(which int, who int, prio int) (err error) //sysnb Setregid(rgid int, egid int) (err error) //sysnb Setreuid(ruid int, euid int) (err error) -//sysnb Setrlimit(which int, lim *Rlimit) (err error) //sysnb Setsid() (pid int, err error) //sysnb Setuid(uid int) (err error) //sys Shutdown(s int, how int) (err error) = libsocket.shutdown @@ -1080,11 +1079,11 @@ func Getmsg(fd int, cl []byte, data []byte) (retCl []byte, retData []byte, flags return retCl, retData, flags, nil } -func IoctlSetIntRetInt(fd int, req uint, arg int) (int, error) { +func IoctlSetIntRetInt(fd int, req int, arg int) (int, error) { return ioctlRet(fd, req, uintptr(arg)) } -func IoctlSetString(fd int, req uint, val string) error { +func IoctlSetString(fd int, req int, val string) error { bs := make([]byte, len(val)+1) copy(bs[:len(bs)-1], val) err := ioctlPtr(fd, req, unsafe.Pointer(&bs[0])) @@ -1120,7 +1119,7 @@ func (l *Lifreq) GetLifruUint() uint { return *(*uint)(unsafe.Pointer(&l.Lifru[0])) } -func IoctlLifreq(fd int, req uint, l *Lifreq) error { +func IoctlLifreq(fd int, req int, l *Lifreq) error { return ioctlPtr(fd, req, unsafe.Pointer(l)) } @@ -1131,6 +1130,6 @@ func (s *Strioctl) SetInt(i int) { s.Dp = (*int8)(unsafe.Pointer(&i)) } -func IoctlSetStrioctlRetInt(fd int, req uint, s *Strioctl) (int, error) { +func IoctlSetStrioctlRetInt(fd int, req int, s *Strioctl) (int, error) { return ioctlPtrRet(fd, req, unsafe.Pointer(s)) } diff --git a/vendor/golang.org/x/sys/unix/syscall_unix.go b/vendor/golang.org/x/sys/unix/syscall_unix.go index 00f0aa37588..8e48c29ec33 100644 --- a/vendor/golang.org/x/sys/unix/syscall_unix.go +++ b/vendor/golang.org/x/sys/unix/syscall_unix.go @@ -587,3 +587,10 @@ func emptyIovecs(iov []Iovec) bool { } return true } + +// Setrlimit sets a resource limit. +func Setrlimit(resource int, rlim *Rlimit) error { + // Just call the syscall version, because as of Go 1.21 + // it will affect starting a new process. + return syscall.Setrlimit(resource, (*syscall.Rlimit)(rlim)) +} diff --git a/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go b/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go index b295497ae47..d3d49ec3ed7 100644 --- a/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go +++ b/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go @@ -212,8 +212,8 @@ func (cmsg *Cmsghdr) SetLen(length int) { //sys sendmsg(s int, msg *Msghdr, flags int) (n int, err error) = SYS___SENDMSG_A //sys mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error) = SYS_MMAP //sys munmap(addr uintptr, length uintptr) (err error) = SYS_MUNMAP -//sys ioctl(fd int, req uint, arg uintptr) (err error) = SYS_IOCTL -//sys ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) = SYS_IOCTL +//sys ioctl(fd int, req int, arg uintptr) (err error) = SYS_IOCTL +//sys ioctlPtr(fd int, req int, arg unsafe.Pointer) (err error) = SYS_IOCTL //sys Access(path string, mode uint32) (err error) = SYS___ACCESS_A //sys Chdir(path string) (err error) = SYS___CHDIR_A diff --git a/vendor/golang.org/x/sys/unix/zerrors_darwin_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_darwin_amd64.go index 476a1c7e77c..14300762715 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_darwin_amd64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_darwin_amd64.go @@ -1270,6 +1270,16 @@ const ( SEEK_END = 0x2 SEEK_HOLE = 0x3 SEEK_SET = 0x0 + SF_APPEND = 0x40000 + SF_ARCHIVED = 0x10000 + SF_DATALESS = 0x40000000 + SF_FIRMLINK = 0x800000 + SF_IMMUTABLE = 0x20000 + SF_NOUNLINK = 0x100000 + SF_RESTRICTED = 0x80000 + SF_SETTABLE = 0x3fff0000 + SF_SUPPORTED = 0x9f0000 + SF_SYNTHETIC = 0xc0000000 SHUT_RD = 0x0 SHUT_RDWR = 0x2 SHUT_WR = 0x1 @@ -1543,6 +1553,15 @@ const ( TIOCTIMESTAMP = 0x40107459 TIOCUCNTL = 0x80047466 TOSTOP = 0x400000 + UF_APPEND = 0x4 + UF_COMPRESSED = 0x20 + UF_DATAVAULT = 0x80 + UF_HIDDEN = 0x8000 + UF_IMMUTABLE = 0x2 + UF_NODUMP = 0x1 + UF_OPAQUE = 0x8 + UF_SETTABLE = 0xffff + UF_TRACKED = 0x40 VDISCARD = 0xf VDSUSP = 0xb VEOF = 0x0 diff --git a/vendor/golang.org/x/sys/unix/zerrors_darwin_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_darwin_arm64.go index e36f5178d60..ab044a74274 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_darwin_arm64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_darwin_arm64.go @@ -1270,6 +1270,16 @@ const ( SEEK_END = 0x2 SEEK_HOLE = 0x3 SEEK_SET = 0x0 + SF_APPEND = 0x40000 + SF_ARCHIVED = 0x10000 + SF_DATALESS = 0x40000000 + SF_FIRMLINK = 0x800000 + SF_IMMUTABLE = 0x20000 + SF_NOUNLINK = 0x100000 + SF_RESTRICTED = 0x80000 + SF_SETTABLE = 0x3fff0000 + SF_SUPPORTED = 0x9f0000 + SF_SYNTHETIC = 0xc0000000 SHUT_RD = 0x0 SHUT_RDWR = 0x2 SHUT_WR = 0x1 @@ -1543,6 +1553,15 @@ const ( TIOCTIMESTAMP = 0x40107459 TIOCUCNTL = 0x80047466 TOSTOP = 0x400000 + UF_APPEND = 0x4 + UF_COMPRESSED = 0x20 + UF_DATAVAULT = 0x80 + UF_HIDDEN = 0x8000 + UF_IMMUTABLE = 0x2 + UF_NODUMP = 0x1 + UF_OPAQUE = 0x8 + UF_SETTABLE = 0xffff + UF_TRACKED = 0x40 VDISCARD = 0xf VDSUSP = 0xb VEOF = 0x0 diff --git a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go index ef9dcd1bef8..9a257219d70 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go @@ -124,7 +124,6 @@ int utime(uintptr_t, uintptr_t); unsigned long long getsystemcfg(int); int umount(uintptr_t); int getrlimit64(int, uintptr_t); -int setrlimit64(int, uintptr_t); long long lseek64(int, long long, int); uintptr_t mmap(uintptr_t, uintptr_t, int, int, int, long long); @@ -213,7 +212,7 @@ func wait4(pid Pid_t, status *_C_int, options int, rusage *Rusage) (wpid Pid_t, // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func ioctl(fd int, req uint, arg uintptr) (err error) { +func ioctl(fd int, req int, arg uintptr) (err error) { r0, er := C.ioctl(C.int(fd), C.int(req), C.uintptr_t(arg)) if r0 == -1 && er != nil { err = er @@ -223,7 +222,7 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { +func ioctlPtr(fd int, req int, arg unsafe.Pointer) (err error) { r0, er := C.ioctl(C.int(fd), C.int(req), C.uintptr_t(uintptr(arg))) if r0 == -1 && er != nil { err = er @@ -1464,16 +1463,6 @@ func Getrlimit(resource int, rlim *Rlimit) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setrlimit(resource int, rlim *Rlimit) (err error) { - r0, er := C.setrlimit64(C.int(resource), C.uintptr_t(uintptr(unsafe.Pointer(rlim)))) - if r0 == -1 && er != nil { - err = er - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Seek(fd int, offset int64, whence int) (off int64, err error) { r0, er := C.lseek64(C.int(fd), C.longlong(offset), C.int(whence)) off = int64(r0) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go index f86a9459234..6de80c20cf2 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go @@ -93,8 +93,8 @@ func wait4(pid Pid_t, status *_C_int, options int, rusage *Rusage) (wpid Pid_t, // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func ioctl(fd int, req uint, arg uintptr) (err error) { - _, e1 := callioctl(fd, int(req), arg) +func ioctl(fd int, req int, arg uintptr) (err error) { + _, e1 := callioctl(fd, req, arg) if e1 != 0 { err = errnoErr(e1) } @@ -103,8 +103,8 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { - _, e1 := callioctl_ptr(fd, int(req), arg) +func ioctlPtr(fd int, req int, arg unsafe.Pointer) (err error) { + _, e1 := callioctl_ptr(fd, req, arg) if e1 != 0 { err = errnoErr(e1) } @@ -1422,16 +1422,6 @@ func Getrlimit(resource int, rlim *Rlimit) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setrlimit(resource int, rlim *Rlimit) (err error) { - _, e1 := callsetrlimit(resource, uintptr(unsafe.Pointer(rlim))) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Seek(fd int, offset int64, whence int) (off int64, err error) { r0, e1 := calllseek(fd, offset, whence) off = int64(r0) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go index d32a84cae27..c4d50ae5005 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go @@ -124,7 +124,6 @@ import ( //go:cgo_import_dynamic libc_getsystemcfg getsystemcfg "libc.a/shr_64.o" //go:cgo_import_dynamic libc_umount umount "libc.a/shr_64.o" //go:cgo_import_dynamic libc_getrlimit getrlimit "libc.a/shr_64.o" -//go:cgo_import_dynamic libc_setrlimit setrlimit "libc.a/shr_64.o" //go:cgo_import_dynamic libc_lseek lseek "libc.a/shr_64.o" //go:cgo_import_dynamic libc_mmap64 mmap64 "libc.a/shr_64.o" @@ -242,7 +241,6 @@ import ( //go:linkname libc_getsystemcfg libc_getsystemcfg //go:linkname libc_umount libc_umount //go:linkname libc_getrlimit libc_getrlimit -//go:linkname libc_setrlimit libc_setrlimit //go:linkname libc_lseek libc_lseek //go:linkname libc_mmap64 libc_mmap64 @@ -363,7 +361,6 @@ var ( libc_getsystemcfg, libc_umount, libc_getrlimit, - libc_setrlimit, libc_lseek, libc_mmap64 syscallFunc ) @@ -1179,13 +1176,6 @@ func callgetrlimit(resource int, rlim uintptr) (r1 uintptr, e1 Errno) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func callsetrlimit(resource int, rlim uintptr) (r1 uintptr, e1 Errno) { - r1, _, e1 = rawSyscall6(uintptr(unsafe.Pointer(&libc_setrlimit)), 2, uintptr(resource), rlim, 0, 0, 0, 0) - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func calllseek(fd int, offset int64, whence int) (r1 uintptr, e1 Errno) { r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_lseek)), 3, uintptr(fd), uintptr(offset), uintptr(whence), 0, 0, 0) return diff --git a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go index d7d8baf819c..6903d3b09e3 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go @@ -123,7 +123,6 @@ int utime(uintptr_t, uintptr_t); unsigned long long getsystemcfg(int); int umount(uintptr_t); int getrlimit(int, uintptr_t); -int setrlimit(int, uintptr_t); long long lseek(int, long long, int); uintptr_t mmap64(uintptr_t, uintptr_t, int, int, int, long long); @@ -131,6 +130,7 @@ uintptr_t mmap64(uintptr_t, uintptr_t, int, int, int, long long); import "C" import ( "syscall" + "unsafe" ) // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT @@ -1055,14 +1055,6 @@ func callgetrlimit(resource int, rlim uintptr) (r1 uintptr, e1 Errno) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func callsetrlimit(resource int, rlim uintptr) (r1 uintptr, e1 Errno) { - r1 = uintptr(C.setrlimit(C.int(resource), C.uintptr_t(rlim))) - e1 = syscall.GetErrno() - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func calllseek(fd int, offset int64, whence int) (r1 uintptr, e1 Errno) { r1 = uintptr(C.lseek(C.int(fd), C.longlong(offset), C.int(whence))) e1 = syscall.GetErrno() diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go index a29ffdd566d..4037ccf7a94 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go @@ -1992,6 +1992,31 @@ var libc_select_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func Setattrlist(path string, attrlist *Attrlist, attrBuf []byte, options int) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + var _p1 unsafe.Pointer + if len(attrBuf) > 0 { + _p1 = unsafe.Pointer(&attrBuf[0]) + } else { + _p1 = unsafe.Pointer(&_zero) + } + _, _, e1 := syscall_syscall6(libc_setattrlist_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(attrlist)), uintptr(_p1), uintptr(len(attrBuf)), uintptr(options), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_setattrlist_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setattrlist setattrlist "/usr/lib/libSystem.B.dylib" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func Setegid(egid int) (err error) { _, _, e1 := syscall_syscall(libc_setegid_trampoline_addr, uintptr(egid), 0, 0) if e1 != 0 { @@ -2123,20 +2148,6 @@ var libc_setreuid_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setrlimit(which int, lim *Rlimit) (err error) { - _, _, e1 := syscall_rawSyscall(libc_setrlimit_trampoline_addr, uintptr(which), uintptr(unsafe.Pointer(lim)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -var libc_setrlimit_trampoline_addr uintptr - -//go:cgo_import_dynamic libc_setrlimit setrlimit "/usr/lib/libSystem.B.dylib" - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Setsid() (pid int, err error) { r0, _, e1 := syscall_rawSyscall(libc_setsid_trampoline_addr, 0, 0, 0) pid = int(r0) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s index 95fe4c0eb96..4baaed0bc12 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s +++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s @@ -705,6 +705,11 @@ TEXT libc_select_trampoline<>(SB),NOSPLIT,$0-0 GLOBL ·libc_select_trampoline_addr(SB), RODATA, $8 DATA ·libc_select_trampoline_addr(SB)/8, $libc_select_trampoline<>(SB) +TEXT libc_setattrlist_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setattrlist(SB) +GLOBL ·libc_setattrlist_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setattrlist_trampoline_addr(SB)/8, $libc_setattrlist_trampoline<>(SB) + TEXT libc_setegid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setegid(SB) @@ -759,12 +764,6 @@ TEXT libc_setreuid_trampoline<>(SB),NOSPLIT,$0-0 GLOBL ·libc_setreuid_trampoline_addr(SB), RODATA, $8 DATA ·libc_setreuid_trampoline_addr(SB)/8, $libc_setreuid_trampoline<>(SB) -TEXT libc_setrlimit_trampoline<>(SB),NOSPLIT,$0-0 - JMP libc_setrlimit(SB) - -GLOBL ·libc_setrlimit_trampoline_addr(SB), RODATA, $8 -DATA ·libc_setrlimit_trampoline_addr(SB)/8, $libc_setrlimit_trampoline<>(SB) - TEXT libc_setsid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setsid(SB) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go index 2fd4590bb78..51d6f3fb256 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go @@ -1992,6 +1992,31 @@ var libc_select_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func Setattrlist(path string, attrlist *Attrlist, attrBuf []byte, options int) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + var _p1 unsafe.Pointer + if len(attrBuf) > 0 { + _p1 = unsafe.Pointer(&attrBuf[0]) + } else { + _p1 = unsafe.Pointer(&_zero) + } + _, _, e1 := syscall_syscall6(libc_setattrlist_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(attrlist)), uintptr(_p1), uintptr(len(attrBuf)), uintptr(options), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_setattrlist_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_setattrlist setattrlist "/usr/lib/libSystem.B.dylib" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func Setegid(egid int) (err error) { _, _, e1 := syscall_syscall(libc_setegid_trampoline_addr, uintptr(egid), 0, 0) if e1 != 0 { @@ -2123,20 +2148,6 @@ var libc_setreuid_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setrlimit(which int, lim *Rlimit) (err error) { - _, _, e1 := syscall_rawSyscall(libc_setrlimit_trampoline_addr, uintptr(which), uintptr(unsafe.Pointer(lim)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -var libc_setrlimit_trampoline_addr uintptr - -//go:cgo_import_dynamic libc_setrlimit setrlimit "/usr/lib/libSystem.B.dylib" - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Setsid() (pid int, err error) { r0, _, e1 := syscall_rawSyscall(libc_setsid_trampoline_addr, 0, 0, 0) pid = int(r0) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s index efa5b4c987c..c3b82c03793 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s +++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s @@ -705,6 +705,11 @@ TEXT libc_select_trampoline<>(SB),NOSPLIT,$0-0 GLOBL ·libc_select_trampoline_addr(SB), RODATA, $8 DATA ·libc_select_trampoline_addr(SB)/8, $libc_select_trampoline<>(SB) +TEXT libc_setattrlist_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_setattrlist(SB) +GLOBL ·libc_setattrlist_trampoline_addr(SB), RODATA, $8 +DATA ·libc_setattrlist_trampoline_addr(SB)/8, $libc_setattrlist_trampoline<>(SB) + TEXT libc_setegid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setegid(SB) @@ -759,12 +764,6 @@ TEXT libc_setreuid_trampoline<>(SB),NOSPLIT,$0-0 GLOBL ·libc_setreuid_trampoline_addr(SB), RODATA, $8 DATA ·libc_setreuid_trampoline_addr(SB)/8, $libc_setreuid_trampoline<>(SB) -TEXT libc_setrlimit_trampoline<>(SB),NOSPLIT,$0-0 - JMP libc_setrlimit(SB) - -GLOBL ·libc_setrlimit_trampoline_addr(SB), RODATA, $8 -DATA ·libc_setrlimit_trampoline_addr(SB)/8, $libc_setrlimit_trampoline<>(SB) - TEXT libc_setsid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setsid(SB) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go index 3b85134707e..0eabac7ade2 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go @@ -1410,16 +1410,6 @@ func Setresuid(ruid int, euid int, suid int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setrlimit(which int, lim *Rlimit) (err error) { - _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Setsid() (pid int, err error) { r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0) pid = int(r0) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go index 1129065624e..ee313eb0073 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go @@ -1645,16 +1645,6 @@ func Setresuid(ruid int, euid int, suid int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setrlimit(which int, lim *Rlimit) (err error) { - _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Setsid() (pid int, err error) { r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0) pid = int(r0) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go index 55f5abfe599..4c986e448ee 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go @@ -1645,16 +1645,6 @@ func Setresuid(ruid int, euid int, suid int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setrlimit(which int, lim *Rlimit) (err error) { - _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Setsid() (pid int, err error) { r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0) pid = int(r0) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go index d39651c2b58..555216944a0 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go @@ -1645,16 +1645,6 @@ func Setresuid(ruid int, euid int, suid int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setrlimit(which int, lim *Rlimit) (err error) { - _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Setsid() (pid int, err error) { r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0) pid = int(r0) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go index ddb74086801..67a226fbf5e 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go @@ -1645,16 +1645,6 @@ func Setresuid(ruid int, euid int, suid int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setrlimit(which int, lim *Rlimit) (err error) { - _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Setsid() (pid int, err error) { r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0) pid = int(r0) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go index 09a53a616c0..f0b9ddaaa26 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go @@ -1645,16 +1645,6 @@ func Setresuid(ruid int, euid int, suid int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setrlimit(which int, lim *Rlimit) (err error) { - _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Setsid() (pid int, err error) { r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0) pid = int(r0) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux.go b/vendor/golang.org/x/sys/unix/zsyscall_linux.go index 430cb24de7e..da63d9d7822 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux.go @@ -1346,16 +1346,6 @@ func PivotRoot(newroot string, putold string) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Prlimit(pid int, resource int, newlimit *Rlimit, old *Rlimit) (err error) { - _, _, e1 := RawSyscall6(SYS_PRLIMIT64, uintptr(pid), uintptr(resource), uintptr(unsafe.Pointer(newlimit)), uintptr(unsafe.Pointer(old)), 0, 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Prctl(option int, arg2 uintptr, arg3 uintptr, arg4 uintptr, arg5 uintptr) (err error) { _, _, e1 := Syscall6(SYS_PRCTL, uintptr(option), uintptr(arg2), uintptr(arg3), uintptr(arg4), uintptr(arg5), 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go index c81b0ad4777..07b549cc25e 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go @@ -411,16 +411,6 @@ func getrlimit(resource int, rlim *rlimit32) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func setrlimit(resource int, rlim *rlimit32) (err error) { - _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func futimesat(dirfd int, path string, times *[2]Timeval) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go index 2206bce7f4d..5f481bf83f4 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go @@ -334,16 +334,6 @@ func setfsuid(uid int) (prev int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setrlimit(resource int, rlim *Rlimit) (err error) { - _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Shutdown(fd int, how int) (err error) { _, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go index edf6b39f161..824cd52c7fa 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go @@ -578,16 +578,6 @@ func getrlimit(resource int, rlim *rlimit32) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func setrlimit(resource int, rlim *rlimit32) (err error) { - _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func armSyncFileRange(fd int, flags int, off int64, n int64) (err error) { _, _, e1 := Syscall6(SYS_ARM_SYNC_FILE_RANGE, uintptr(fd), uintptr(flags), uintptr(off), uintptr(off>>32), uintptr(n), uintptr(n>>32)) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go index 190609f2140..e77aecfe985 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go @@ -289,16 +289,6 @@ func setfsuid(uid int) (prev int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func setrlimit(resource int, rlim *Rlimit) (err error) { - _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Shutdown(fd int, how int) (err error) { _, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go index 5f984cbb1ca..961a3afb7b7 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go @@ -644,16 +644,6 @@ func getrlimit(resource int, rlim *rlimit32) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func setrlimit(resource int, rlim *rlimit32) (err error) { - _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Alarm(seconds uint) (remaining uint, err error) { r0, _, e1 := Syscall(SYS_ALARM, uintptr(seconds), 0, 0) remaining = uint(r0) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go index 46fc380a40e..ed05005e91b 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go @@ -278,16 +278,6 @@ func setfsuid(uid int) (prev int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setrlimit(resource int, rlim *Rlimit) (err error) { - _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Shutdown(fd int, how int) (err error) { _, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go index cbd0d4dadba..d365b718f30 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go @@ -278,16 +278,6 @@ func setfsuid(uid int) (prev int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setrlimit(resource int, rlim *Rlimit) (err error) { - _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Shutdown(fd int, how int) (err error) { _, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go index 0c13d15f07c..c3f1b8bbde0 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go @@ -644,16 +644,6 @@ func getrlimit(resource int, rlim *rlimit32) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func setrlimit(resource int, rlim *rlimit32) (err error) { - _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Alarm(seconds uint) (remaining uint, err error) { r0, _, e1 := Syscall(SYS_ALARM, uintptr(seconds), 0, 0) remaining = uint(r0) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go index e01432aed51..a6574cf98b1 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go @@ -624,16 +624,6 @@ func getrlimit(resource int, rlim *rlimit32) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func setrlimit(resource int, rlim *rlimit32) (err error) { - _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func syncFileRange2(fd int, flags int, off int64, n int64) (err error) { _, _, e1 := Syscall6(SYS_SYNC_FILE_RANGE2, uintptr(fd), uintptr(flags), uintptr(off>>32), uintptr(off), uintptr(n>>32), uintptr(n)) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go index 13c7ee7baff..f40990264f4 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go @@ -349,16 +349,6 @@ func setfsuid(uid int) (prev int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setrlimit(resource int, rlim *Rlimit) (err error) { - _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Shutdown(fd int, how int) (err error) { _, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go index 02d0c0fd61e..9dfcc29974f 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go @@ -349,16 +349,6 @@ func setfsuid(uid int) (prev int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setrlimit(resource int, rlim *Rlimit) (err error) { - _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Shutdown(fd int, how int) (err error) { _, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go index 9fee3b1d239..0b29239583b 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go @@ -269,16 +269,6 @@ func setfsuid(uid int) (prev int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setrlimit(resource int, rlim *Rlimit) (err error) { - _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Shutdown(fd int, how int) (err error) { _, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go index 647bbfecd6a..6cde32237dc 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go @@ -319,16 +319,6 @@ func setfsuid(uid int) (prev int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setrlimit(resource int, rlim *Rlimit) (err error) { - _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error) { r0, _, e1 := Syscall6(SYS_SPLICE, uintptr(rfd), uintptr(unsafe.Pointer(roff)), uintptr(wfd), uintptr(unsafe.Pointer(woff)), uintptr(len), uintptr(flags)) n = int64(r0) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go index ada057f8914..5253d65bf1b 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go @@ -329,16 +329,6 @@ func setfsuid(uid int) (prev int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setrlimit(resource int, rlim *Rlimit) (err error) { - _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Shutdown(fd int, how int) (err error) { _, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go index 8e1d9c8f666..cdb2af5ae0f 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go @@ -1607,16 +1607,6 @@ func Setreuid(ruid int, euid int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setrlimit(which int, lim *Rlimit) (err error) { - _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Setsid() (pid int, err error) { r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0) pid = int(r0) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go index 21c6950400e..9d25f76b0bf 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go @@ -1607,16 +1607,6 @@ func Setreuid(ruid int, euid int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setrlimit(which int, lim *Rlimit) (err error) { - _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Setsid() (pid int, err error) { r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0) pid = int(r0) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go index 298168f90a1..d3f8035169f 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go @@ -1607,16 +1607,6 @@ func Setreuid(ruid int, euid int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setrlimit(which int, lim *Rlimit) (err error) { - _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Setsid() (pid int, err error) { r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0) pid = int(r0) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go index 68b8bd492fe..887188a529e 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go @@ -1607,16 +1607,6 @@ func Setreuid(ruid int, euid int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setrlimit(which int, lim *Rlimit) (err error) { - _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(which), uintptr(unsafe.Pointer(lim)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Setsid() (pid int, err error) { r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0) pid = int(r0) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go index 0b0f910e1ab..6699a783e1f 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go @@ -1894,20 +1894,6 @@ var libc_setresuid_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setrlimit(which int, lim *Rlimit) (err error) { - _, _, e1 := syscall_rawSyscall(libc_setrlimit_trampoline_addr, uintptr(which), uintptr(unsafe.Pointer(lim)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -var libc_setrlimit_trampoline_addr uintptr - -//go:cgo_import_dynamic libc_setrlimit setrlimit "libc.so" - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Setrtable(rtable int) (err error) { _, _, e1 := syscall_rawSyscall(libc_setrtable_trampoline_addr, uintptr(rtable), 0, 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s index 087444250c9..04f0de34b2e 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s @@ -573,11 +573,6 @@ TEXT libc_setresuid_trampoline<>(SB),NOSPLIT,$0-0 GLOBL ·libc_setresuid_trampoline_addr(SB), RODATA, $4 DATA ·libc_setresuid_trampoline_addr(SB)/4, $libc_setresuid_trampoline<>(SB) -TEXT libc_setrlimit_trampoline<>(SB),NOSPLIT,$0-0 - JMP libc_setrlimit(SB) -GLOBL ·libc_setrlimit_trampoline_addr(SB), RODATA, $4 -DATA ·libc_setrlimit_trampoline_addr(SB)/4, $libc_setrlimit_trampoline<>(SB) - TEXT libc_setrtable_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setrtable(SB) GLOBL ·libc_setrtable_trampoline_addr(SB), RODATA, $4 diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go index 48ff5de75b5..1e775fe0571 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go @@ -1894,20 +1894,6 @@ var libc_setresuid_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setrlimit(which int, lim *Rlimit) (err error) { - _, _, e1 := syscall_rawSyscall(libc_setrlimit_trampoline_addr, uintptr(which), uintptr(unsafe.Pointer(lim)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -var libc_setrlimit_trampoline_addr uintptr - -//go:cgo_import_dynamic libc_setrlimit setrlimit "libc.so" - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Setrtable(rtable int) (err error) { _, _, e1 := syscall_rawSyscall(libc_setrtable_trampoline_addr, uintptr(rtable), 0, 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s index 5782cd10844..27b6f4df74f 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s @@ -573,11 +573,6 @@ TEXT libc_setresuid_trampoline<>(SB),NOSPLIT,$0-0 GLOBL ·libc_setresuid_trampoline_addr(SB), RODATA, $8 DATA ·libc_setresuid_trampoline_addr(SB)/8, $libc_setresuid_trampoline<>(SB) -TEXT libc_setrlimit_trampoline<>(SB),NOSPLIT,$0-0 - JMP libc_setrlimit(SB) -GLOBL ·libc_setrlimit_trampoline_addr(SB), RODATA, $8 -DATA ·libc_setrlimit_trampoline_addr(SB)/8, $libc_setrlimit_trampoline<>(SB) - TEXT libc_setrtable_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setrtable(SB) GLOBL ·libc_setrtable_trampoline_addr(SB), RODATA, $8 diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go index 2452a641dae..7f6427899a5 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go @@ -1894,20 +1894,6 @@ var libc_setresuid_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setrlimit(which int, lim *Rlimit) (err error) { - _, _, e1 := syscall_rawSyscall(libc_setrlimit_trampoline_addr, uintptr(which), uintptr(unsafe.Pointer(lim)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -var libc_setrlimit_trampoline_addr uintptr - -//go:cgo_import_dynamic libc_setrlimit setrlimit "libc.so" - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Setrtable(rtable int) (err error) { _, _, e1 := syscall_rawSyscall(libc_setrtable_trampoline_addr, uintptr(rtable), 0, 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s index cf310420c94..b797045fd2d 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s @@ -573,11 +573,6 @@ TEXT libc_setresuid_trampoline<>(SB),NOSPLIT,$0-0 GLOBL ·libc_setresuid_trampoline_addr(SB), RODATA, $4 DATA ·libc_setresuid_trampoline_addr(SB)/4, $libc_setresuid_trampoline<>(SB) -TEXT libc_setrlimit_trampoline<>(SB),NOSPLIT,$0-0 - JMP libc_setrlimit(SB) -GLOBL ·libc_setrlimit_trampoline_addr(SB), RODATA, $4 -DATA ·libc_setrlimit_trampoline_addr(SB)/4, $libc_setrlimit_trampoline<>(SB) - TEXT libc_setrtable_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setrtable(SB) GLOBL ·libc_setrtable_trampoline_addr(SB), RODATA, $4 diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go index 5e35600a60c..756ef7b1736 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go @@ -1894,20 +1894,6 @@ var libc_setresuid_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setrlimit(which int, lim *Rlimit) (err error) { - _, _, e1 := syscall_rawSyscall(libc_setrlimit_trampoline_addr, uintptr(which), uintptr(unsafe.Pointer(lim)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -var libc_setrlimit_trampoline_addr uintptr - -//go:cgo_import_dynamic libc_setrlimit setrlimit "libc.so" - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Setrtable(rtable int) (err error) { _, _, e1 := syscall_rawSyscall(libc_setrtable_trampoline_addr, uintptr(rtable), 0, 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s index 484bb42e0a8..a871266221e 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s @@ -573,11 +573,6 @@ TEXT libc_setresuid_trampoline<>(SB),NOSPLIT,$0-0 GLOBL ·libc_setresuid_trampoline_addr(SB), RODATA, $8 DATA ·libc_setresuid_trampoline_addr(SB)/8, $libc_setresuid_trampoline<>(SB) -TEXT libc_setrlimit_trampoline<>(SB),NOSPLIT,$0-0 - JMP libc_setrlimit(SB) -GLOBL ·libc_setrlimit_trampoline_addr(SB), RODATA, $8 -DATA ·libc_setrlimit_trampoline_addr(SB)/8, $libc_setrlimit_trampoline<>(SB) - TEXT libc_setrtable_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setrtable(SB) GLOBL ·libc_setrtable_trampoline_addr(SB), RODATA, $8 diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go index b04cef1a198..7bc2e24eb95 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go @@ -1894,20 +1894,6 @@ var libc_setresuid_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setrlimit(which int, lim *Rlimit) (err error) { - _, _, e1 := syscall_rawSyscall(libc_setrlimit_trampoline_addr, uintptr(which), uintptr(unsafe.Pointer(lim)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -var libc_setrlimit_trampoline_addr uintptr - -//go:cgo_import_dynamic libc_setrlimit setrlimit "libc.so" - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Setrtable(rtable int) (err error) { _, _, e1 := syscall_rawSyscall(libc_setrtable_trampoline_addr, uintptr(rtable), 0, 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.s index 55af27263ad..05d4bffd791 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.s +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.s @@ -573,11 +573,6 @@ TEXT libc_setresuid_trampoline<>(SB),NOSPLIT,$0-0 GLOBL ·libc_setresuid_trampoline_addr(SB), RODATA, $8 DATA ·libc_setresuid_trampoline_addr(SB)/8, $libc_setresuid_trampoline<>(SB) -TEXT libc_setrlimit_trampoline<>(SB),NOSPLIT,$0-0 - JMP libc_setrlimit(SB) -GLOBL ·libc_setrlimit_trampoline_addr(SB), RODATA, $8 -DATA ·libc_setrlimit_trampoline_addr(SB)/8, $libc_setrlimit_trampoline<>(SB) - TEXT libc_setrtable_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setrtable(SB) GLOBL ·libc_setrtable_trampoline_addr(SB), RODATA, $8 diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go index 47a07ee0c27..739be6217a3 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go @@ -1894,20 +1894,6 @@ var libc_setresuid_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setrlimit(which int, lim *Rlimit) (err error) { - _, _, e1 := syscall_rawSyscall(libc_setrlimit_trampoline_addr, uintptr(which), uintptr(unsafe.Pointer(lim)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -var libc_setrlimit_trampoline_addr uintptr - -//go:cgo_import_dynamic libc_setrlimit setrlimit "libc.so" - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Setrtable(rtable int) (err error) { _, _, e1 := syscall_rawSyscall(libc_setrtable_trampoline_addr, uintptr(rtable), 0, 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s index 4028255b0d5..74a25f8d643 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s @@ -687,12 +687,6 @@ TEXT libc_setresuid_trampoline<>(SB),NOSPLIT,$0-0 GLOBL ·libc_setresuid_trampoline_addr(SB), RODATA, $8 DATA ·libc_setresuid_trampoline_addr(SB)/8, $libc_setresuid_trampoline<>(SB) -TEXT libc_setrlimit_trampoline<>(SB),NOSPLIT,$0-0 - CALL libc_setrlimit(SB) - RET -GLOBL ·libc_setrlimit_trampoline_addr(SB), RODATA, $8 -DATA ·libc_setrlimit_trampoline_addr(SB)/8, $libc_setrlimit_trampoline<>(SB) - TEXT libc_setrtable_trampoline<>(SB),NOSPLIT,$0-0 CALL libc_setrtable(SB) RET diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go index 573378fdb96..7d95a197803 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go @@ -1894,20 +1894,6 @@ var libc_setresuid_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setrlimit(which int, lim *Rlimit) (err error) { - _, _, e1 := syscall_rawSyscall(libc_setrlimit_trampoline_addr, uintptr(which), uintptr(unsafe.Pointer(lim)), 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -var libc_setrlimit_trampoline_addr uintptr - -//go:cgo_import_dynamic libc_setrlimit setrlimit "libc.so" - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Setrtable(rtable int) (err error) { _, _, e1 := syscall_rawSyscall(libc_setrtable_trampoline_addr, uintptr(rtable), 0, 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s index e1fbd4dfa8c..990be245740 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s @@ -573,11 +573,6 @@ TEXT libc_setresuid_trampoline<>(SB),NOSPLIT,$0-0 GLOBL ·libc_setresuid_trampoline_addr(SB), RODATA, $8 DATA ·libc_setresuid_trampoline_addr(SB)/8, $libc_setresuid_trampoline<>(SB) -TEXT libc_setrlimit_trampoline<>(SB),NOSPLIT,$0-0 - JMP libc_setrlimit(SB) -GLOBL ·libc_setrlimit_trampoline_addr(SB), RODATA, $8 -DATA ·libc_setrlimit_trampoline_addr(SB)/8, $libc_setrlimit_trampoline<>(SB) - TEXT libc_setrtable_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setrtable(SB) GLOBL ·libc_setrtable_trampoline_addr(SB), RODATA, $8 diff --git a/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go index 4873a1e5d3e..609d1c598a8 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go @@ -110,7 +110,6 @@ import ( //go:cgo_import_dynamic libc_setpriority setpriority "libc.so" //go:cgo_import_dynamic libc_setregid setregid "libc.so" //go:cgo_import_dynamic libc_setreuid setreuid "libc.so" -//go:cgo_import_dynamic libc_setrlimit setrlimit "libc.so" //go:cgo_import_dynamic libc_setsid setsid "libc.so" //go:cgo_import_dynamic libc_setuid setuid "libc.so" //go:cgo_import_dynamic libc_shutdown shutdown "libsocket.so" @@ -250,7 +249,6 @@ import ( //go:linkname procSetpriority libc_setpriority //go:linkname procSetregid libc_setregid //go:linkname procSetreuid libc_setreuid -//go:linkname procSetrlimit libc_setrlimit //go:linkname procSetsid libc_setsid //go:linkname procSetuid libc_setuid //go:linkname procshutdown libc_shutdown @@ -391,7 +389,6 @@ var ( procSetpriority, procSetregid, procSetreuid, - procSetrlimit, procSetsid, procSetuid, procshutdown, @@ -646,7 +643,7 @@ func __minor(version int, dev uint64) (val uint) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func ioctlRet(fd int, req uint, arg uintptr) (ret int, err error) { +func ioctlRet(fd int, req int, arg uintptr) (ret int, err error) { r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procioctl)), 3, uintptr(fd), uintptr(req), uintptr(arg), 0, 0, 0) ret = int(r0) if e1 != 0 { @@ -657,7 +654,7 @@ func ioctlRet(fd int, req uint, arg uintptr) (ret int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func ioctlPtrRet(fd int, req uint, arg unsafe.Pointer) (ret int, err error) { +func ioctlPtrRet(fd int, req int, arg unsafe.Pointer) (ret int, err error) { r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procioctl)), 3, uintptr(fd), uintptr(req), uintptr(arg), 0, 0, 0) ret = int(r0) if e1 != 0 { @@ -1650,16 +1647,6 @@ func Setreuid(ruid int, euid int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Setrlimit(which int, lim *Rlimit) (err error) { - _, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procSetrlimit)), 2, uintptr(which), uintptr(unsafe.Pointer(lim)), 0, 0, 0, 0) - if e1 != 0 { - err = e1 - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Setsid() (pid int, err error) { r0, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procSetsid)), 0, 0, 0, 0, 0, 0, 0) pid = int(r0) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go b/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go index 07bfe2ef9ad..c31681743c7 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go @@ -257,7 +257,7 @@ func munmap(addr uintptr, length uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func ioctl(fd int, req uint, arg uintptr) (err error) { +func ioctl(fd int, req int, arg uintptr) (err error) { _, _, e1 := syscall_syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) if e1 != 0 { err = errnoErr(e1) @@ -267,7 +267,7 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { +func ioctlPtr(fd int, req int, arg unsafe.Pointer) (err error) { _, _, e1 := syscall_syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) if e1 != 0 { err = errnoErr(e1) diff --git a/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go index e2a64f0991a..690cefc3d06 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go @@ -151,6 +151,16 @@ type Dirent struct { _ [3]byte } +type Attrlist struct { + Bitmapcount uint16 + Reserved uint16 + Commonattr uint32 + Volattr uint32 + Dirattr uint32 + Fileattr uint32 + Forkattr uint32 +} + const ( PathMax = 0x400 ) @@ -610,6 +620,7 @@ const ( AT_REMOVEDIR = 0x80 AT_SYMLINK_FOLLOW = 0x40 AT_SYMLINK_NOFOLLOW = 0x20 + AT_EACCESS = 0x10 ) type PollFd struct { diff --git a/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go b/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go index 34aa775219f..5bffc10eac0 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go @@ -151,6 +151,16 @@ type Dirent struct { _ [3]byte } +type Attrlist struct { + Bitmapcount uint16 + Reserved uint16 + Commonattr uint32 + Volattr uint32 + Dirattr uint32 + Fileattr uint32 + Forkattr uint32 +} + const ( PathMax = 0x400 ) @@ -610,6 +620,7 @@ const ( AT_REMOVEDIR = 0x80 AT_SYMLINK_FOLLOW = 0x40 AT_SYMLINK_NOFOLLOW = 0x20 + AT_EACCESS = 0x10 ) type PollFd struct { diff --git a/vendor/golang.org/x/sys/windows/types_windows.go b/vendor/golang.org/x/sys/windows/types_windows.go index 857acf1032d..0dbb2084117 100644 --- a/vendor/golang.org/x/sys/windows/types_windows.go +++ b/vendor/golang.org/x/sys/windows/types_windows.go @@ -2229,10 +2229,10 @@ const ( JobObjectExtendedLimitInformation = 9 JobObjectGroupInformation = 11 JobObjectGroupInformationEx = 14 - JobObjectLimitViolationInformation2 = 35 + JobObjectLimitViolationInformation2 = 34 JobObjectNetRateControlInformation = 32 JobObjectNotificationLimitInformation = 12 - JobObjectNotificationLimitInformation2 = 34 + JobObjectNotificationLimitInformation2 = 33 JobObjectSecurityLimitInformation = 5 ) diff --git a/vendor/modules.txt b/vendor/modules.txt index 17152bc2f49..6d1bf21fb1d 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -70,7 +70,7 @@ github.com/vishvananda/netns # golang.org/x/net v0.8.0 ## explicit; go 1.17 golang.org/x/net/bpf -# golang.org/x/sys v0.6.0 +# golang.org/x/sys v0.7.0 ## explicit; go 1.17 golang.org/x/sys/execabs golang.org/x/sys/internal/unsafeheader From 9dbb9f90b96cc383dbb86b746847d015bd7f1e3b Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 5 Apr 2023 15:05:37 -0700 Subject: [PATCH 0206/1176] ci: bump bats 1.3.0 -> 1.8.2 This version is already used by Cirrus CI Fedora 37 job, but other CI jobs are still using 1.3.0. Bump it everywhere so we can enjoy new version features and fixes. For one thing, I noticed that new bats is reporting error location correctly. We will also be able to use "run !" and "run -N" commands. Signed-off-by: Kir Kolyshkin --- .cirrus.yml | 2 +- .github/workflows/test.yml | 2 +- Dockerfile | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.cirrus.yml b/.cirrus.yml index aa0ea03b438..2a843b2e13c 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -71,7 +71,7 @@ task: HOME: /root CIRRUS_WORKING_DIR: /home/runc GO_VERSION: "1.19" - BATS_VERSION: "v1.3.0" + BATS_VERSION: "v1.8.2" RPMS: gcc git iptables jq glibc-static libseccomp-devel make criu fuse-sshfs # yamllint disable rule:key-duplicates matrix: diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 768d6f4147d..76687f8a026 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -72,7 +72,7 @@ jobs: - name: install bats uses: mig4/setup-bats@v1 with: - bats-version: 1.3.0 + bats-version: 1.8.2 - name: unit test if: matrix.rootless != 'rootless' diff --git a/Dockerfile b/Dockerfile index 9610f430645..9412e0a15da 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ ARG GO_VERSION=1.20 -ARG BATS_VERSION=v1.3.0 +ARG BATS_VERSION=v1.8.2 ARG LIBSECCOMP_VERSION=2.5.4 FROM golang:${GO_VERSION}-bullseye From 9b71787be0ca628956d0ade3cd059a8ea03e4b64 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 5 Apr 2023 15:15:07 -0700 Subject: [PATCH 0207/1176] tests/int: fix some checks Apparently, bash with set -e deliberately ignores non-zero return codes from ! cmd, unless this is the last command. The workaround is to either use "! cmd || false', "or run ! cmd". Choose the latter, and require bash-core 1.5.0 (since this is when "run !" was added), replacing the older check. Alas I only learned this recently from the bash-core documentation. Signed-off-by: Kir Kolyshkin --- tests/integration/checkpoint.bats | 8 ++++---- tests/integration/exec.bats | 4 ++-- tests/integration/helpers.bash | 8 ++------ 3 files changed, 8 insertions(+), 12 deletions(-) diff --git a/tests/integration/checkpoint.bats b/tests/integration/checkpoint.bats index 0a8e58a2c9c..de3647b23d0 100644 --- a/tests/integration/checkpoint.bats +++ b/tests/integration/checkpoint.bats @@ -355,7 +355,7 @@ function simple_cr() { runc checkpoint --work-path ./work-dir test_busybox grep -B 5 Error ./work-dir/dump.log || true [ "$status" -eq 0 ] - ! test -f ./work-dir/"$tmplog1" + run ! test -f ./work-dir/"$tmplog1" test -f ./work-dir/"$tmplog2" # after checkpoint busybox is no longer running @@ -366,7 +366,7 @@ function simple_cr() { runc restore -d --work-path ./work-dir --console-socket "$CONSOLE_SOCKET" test_busybox grep -B 5 Error ./work-dir/restore.log || true [ "$status" -eq 0 ] - ! test -f ./work-dir/"$tmplog1" + run ! test -f ./work-dir/"$tmplog1" test -f ./work-dir/"$tmplog2" # busybox should be back up and running @@ -434,7 +434,7 @@ function simple_cr() { [ "$status" -eq 0 ] testcontainer test_busybox checkpointed # Check that the cgroup is gone. - ! test -d "$orig_path" + run ! test -d "$orig_path" # Restore into a different cgroup. set_cgroups_path # Changes the path. @@ -445,7 +445,7 @@ function simple_cr() { testcontainer test_busybox running # Check that the old cgroup path doesn't exist. - ! test -d "$orig_path" + run ! test -d "$orig_path" # Check that the new path exists. local new_path diff --git a/tests/integration/exec.bats b/tests/integration/exec.bats index 3bcd466297b..069214cc956 100644 --- a/tests/integration/exec.bats +++ b/tests/integration/exec.bats @@ -234,12 +234,12 @@ function check_exec_debug() { # Check we can join top-level cgroup (implicit). runc exec test_busybox cat /proc/self/cgroup [ "$status" -eq 0 ] - ! grep -v ":$REL_CGROUPS_PATH\$" <<<"$output" + run ! grep -v ":$REL_CGROUPS_PATH\$" <<<"$output" # Check we can join top-level cgroup (explicit). runc exec --cgroup / test_busybox cat /proc/self/cgroup [ "$status" -eq 0 ] - ! grep -v ":$REL_CGROUPS_PATH\$" <<<"$output" + run ! grep -v ":$REL_CGROUPS_PATH\$" <<<"$output" # Create a few subcgroups. # Note that cpu,cpuacct may be mounted together or separate. diff --git a/tests/integration/helpers.bash b/tests/integration/helpers.bash index 9f3890a8c3e..ee2e9c9e012 100644 --- a/tests/integration/helpers.bash +++ b/tests/integration/helpers.bash @@ -2,11 +2,7 @@ set -u -# bats-core v1.2.1 defines BATS_RUN_TMPDIR. -if [ ! -v BATS_RUN_TMPDIR ]; then - echo "bats >= v1.2.1 is required. Aborting." >&2 - exit 1 -fi +bats_require_minimum_version 1.5.0 # Root directory of integration tests. INTEGRATION_ROOT=$(dirname "$(readlink -f "${BASH_SOURCE[0]}")") @@ -357,7 +353,7 @@ function have_criu() { # Workaround for https://github.com/opencontainers/runc/issues/3532. local ver ver=$(rpm -q criu 2>/dev/null || true) - ! grep -q '^criu-3\.17-[123]\.el9' <<<"$ver" + run ! grep -q '^criu-3\.17-[123]\.el9' <<<"$ver" } # Allows a test to specify what things it requires. If the environment can't From 611bbacb3bbed377f8427ea398c800de526481f3 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 5 Apr 2023 15:49:58 -0700 Subject: [PATCH 0208/1176] libct/cg: add misc controller to v1 drivers This is just so that the container can join the misc controller. Signed-off-by: Kir Kolyshkin --- libcontainer/cgroups/fs/fs.go | 1 + libcontainer/cgroups/systemd/v1.go | 1 + 2 files changed, 2 insertions(+) diff --git a/libcontainer/cgroups/fs/fs.go b/libcontainer/cgroups/fs/fs.go index 43c547838d5..d2decb127ca 100644 --- a/libcontainer/cgroups/fs/fs.go +++ b/libcontainer/cgroups/fs/fs.go @@ -28,6 +28,7 @@ var subsystems = []subsystem{ &FreezerGroup{}, &RdmaGroup{}, &NameGroup{GroupName: "name=systemd", Join: true}, + &NameGroup{GroupName: "misc", Join: true}, } var errSubsystemDoesNotExist = errors.New("cgroup: subsystem does not exist") diff --git a/libcontainer/cgroups/systemd/v1.go b/libcontainer/cgroups/systemd/v1.go index 1af2f308683..a26b5f29c70 100644 --- a/libcontainer/cgroups/systemd/v1.go +++ b/libcontainer/cgroups/systemd/v1.go @@ -69,6 +69,7 @@ var legacySubsystems = []subsystem{ &fs.NetClsGroup{}, &fs.NameGroup{GroupName: "name=systemd"}, &fs.RdmaGroup{}, + &fs.NameGroup{GroupName: "misc"}, } func genV1ResourcesProperties(r *configs.Resources, cm *dbusConnManager) ([]systemdDbus.Property, error) { From 873d7bb3a3a135398228f6ad48f527cba69393d9 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 5 Apr 2023 10:03:58 -0700 Subject: [PATCH 0209/1176] ci/cirrus: use Go 1.19.x not 1.19 This variable is used in curl to download a go release, so we are using the initial Go 1.19 release in Cirrus CI, not the latest Go 1.19.x release. From the CI perspective, it makes more sense to use the latest release. Add some jq magic to extract the latest minor release information from the download page, and use it. This brings Cirrus CI jobs logic in line with all the others (GHA, Dockerfile), where by 1.20 we actually mean "latest 1.20.x". Signed-off-by: Kir Kolyshkin --- .cirrus.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.cirrus.yml b/.cirrus.yml index aa0ea03b438..26ce012ca31 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -118,7 +118,10 @@ task: # Use --whatprovides since some packages are renamed. rpm -q --whatprovides $RPMS # install Go - curl -fsSL "https://dl.google.com/go/go${GO_VERSION}.linux-amd64.tar.gz" | tar Cxz /usr/local + PREFIX="https://go.dev/dl/" + # Find out the latest minor release URL. + eval $(curl -fsSL "${PREFIX}?mode=json" | jq -r --arg Ver "$GO_VERSION" '.[] | select(.version | startswith("go\($Ver)")) | .files[] | select(.os == "linux" and .arch == "amd64" and .kind == "archive") | "filename=\"" + .filename + "\""') + curl -fsSL "$PREFIX$filename" | tar Cxz /usr/local # install bats cd /tmp git clone https://github.com/bats-core/bats-core From fd1a79ffc8c6c0a5c682df2c54184d9f2636fe45 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 5 Apr 2023 15:56:30 -0700 Subject: [PATCH 0210/1176] ci/cirrus: improve host_info 1. Do not use echo, as this results in lines like this: ... echo "-----" ----- ... 2. Move "cat /proc/cpuinfo" to be the last one, as the output is usually very long. 3. Add "go version" to CentOS jobs. Signed-off-by: Kir Kolyshkin --- .cirrus.yml | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/.cirrus.yml b/.cirrus.yml index 26ce012ca31..08a343fe231 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -30,12 +30,12 @@ task: host_info_script: | uname -a - echo "-----" + # ----- cat /etc/os-release - echo "-----" - cat /proc/cpuinfo - echo "-----" + # ----- df -T + # ----- + cat /proc/cpuinfo install_libvirt_vagrant_script: | apt-get update apt-get install -y libvirt-daemon libvirt-daemon-system vagrant vagrant-libvirt @@ -149,14 +149,16 @@ task: systemctl restart sshd host_info_script: | uname -a - echo "-----" + # ----- + /usr/local/go/bin/go version + # ----- + systemctl --version + # ----- cat /etc/os-release - echo "-----" - cat /proc/cpuinfo - echo "-----" + # ----- df -T - echo "-----" - systemctl --version + # ----- + cat /proc/cpuinfo check_config_script: | /home/runc/script/check-config.sh unit_tests_script: | From 439673d51020dad9af945209c6477986a6b3646b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 7 Apr 2023 04:59:18 +0000 Subject: [PATCH 0211/1176] build(deps): bump golang.org/x/net from 0.8.0 to 0.9.0 Bumps [golang.org/x/net](https://github.com/golang/net) from 0.8.0 to 0.9.0. - [Release notes](https://github.com/golang/net/releases) - [Commits](https://github.com/golang/net/compare/v0.8.0...v0.9.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- vendor/modules.txt | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index c16c7e67661..4b3dd391308 100644 --- a/go.mod +++ b/go.mod @@ -19,7 +19,7 @@ require ( github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 github.com/urfave/cli v1.22.9 github.com/vishvananda/netlink v1.1.0 - golang.org/x/net v0.8.0 + golang.org/x/net v0.9.0 golang.org/x/sys v0.7.0 google.golang.org/protobuf v1.30.0 ) diff --git a/go.sum b/go.sum index 5cc89050e1f..273bf447e5f 100644 --- a/go.sum +++ b/go.sum @@ -59,8 +59,8 @@ github.com/vishvananda/netlink v1.1.0 h1:1iyaYNBLmP6L0220aDnYQpo1QEV4t4hJ+xEEhhJ github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE= github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df h1:OviZH7qLw/7ZovXvuNyL3XQl8UFofeikI1NW1Gypu7k= github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU= -golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ= -golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= +golang.org/x/net v0.9.0 h1:aWJ/m6xSmxWBx+V0XRHTlrYrPG56jKsLdTFmsSsCzOM= +golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns= golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= diff --git a/vendor/modules.txt b/vendor/modules.txt index 6d1bf21fb1d..b701072b5c8 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -67,7 +67,7 @@ github.com/vishvananda/netlink/nl # github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df ## explicit; go 1.12 github.com/vishvananda/netns -# golang.org/x/net v0.8.0 +# golang.org/x/net v0.9.0 ## explicit; go 1.17 golang.org/x/net/bpf # golang.org/x/sys v0.7.0 From 953e1cc48547942481ff71f58fff7bb9cb76e5d2 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 7 Apr 2023 15:45:06 -0700 Subject: [PATCH 0212/1176] ci/gha: switch to or add ubuntu 22.04 For test jobs, add ubuntu 22.04 into the matrix, so we can test of both cgroup v1 and v2. For validate jobs, just switch to ubuntu 22.04 Signed-off-by: Kir Kolyshkin --- .github/workflows/test.yml | 25 +++++++++++++++---------- .github/workflows/validate.yml | 20 ++++++++++---------- 2 files changed, 25 insertions(+), 20 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 76687f8a026..4bdf9526b08 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -19,20 +19,22 @@ env: jobs: test: - runs-on: ubuntu-20.04 strategy: fail-fast: false matrix: + os: [ubuntu-20.04, ubuntu-22.04] go-version: [1.19.x, 1.20.x] rootless: ["rootless", ""] race: ["-race", ""] - criu: [""] - include: - # Also test against latest criu-dev - - go-version: 1.19.x - rootless: "" - race: "" - criu: "criu-dev" + criu: ["", "criu-dev"] + exclude: + - criu: criu-dev + rootless: rootless + - criu: criu-dev + go-version: 1.19.x + - criu: criu-dev + race: -race + runs-on: ${{ matrix.os }} steps: @@ -42,9 +44,10 @@ jobs: - name: install deps if: matrix.criu == '' env: - REPO: https://download.opensuse.org/repositories/devel:/tools:/criu/xUbuntu_20.04 + PREFIX: https://download.opensuse.org/repositories/devel:/tools:/criu/xUbuntu run: | # criu repo + REPO=${PREFIX}_$(echo ${{ matrix.os }} | sed 's/.*-//') curl -fSsl $REPO/Release.key | sudo apt-key add - echo "deb $REPO/ /" | sudo tee /etc/apt/sources.list.d/criu.list sudo apt update @@ -64,6 +67,7 @@ jobs: - name: install go ${{ matrix.go-version }} uses: actions/setup-go@v4 with: + cache: false # https://github.com/actions/setup-go/issues/368 go-version: ${{ matrix.go-version }} - name: build @@ -88,6 +92,7 @@ jobs: sudo cp $HOME/rootless.key /home/rootless/.ssh/id_ecdsa sudo cp $HOME/rootless.key.pub /home/rootless/.ssh/authorized_keys sudo chown -R rootless.rootless /home/rootless + sudo chmod a+X $HOME # for Ubuntu 22.04 - name: integration test (fs driver) run: sudo -E PATH="$PATH" script -e -c 'make local${{ matrix.rootless }}integration' @@ -101,7 +106,7 @@ jobs: # However, we do not have 32-bit ARM CI, so we use i386 for testing 32bit stuff. # We are not interested in providing official support for i386. cross-i386: - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 steps: diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index c6ba662b220..da4ce1ff965 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -18,7 +18,7 @@ jobs: permissions: contents: read pull-requests: read - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v3 with: @@ -40,7 +40,7 @@ jobs: golangci-lint run --config .golangci-extra.yml --new-from-rev=HEAD~1 --out-format=github-actions compile-buildtags: - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 env: # Don't ignore C warnings. Note that the output of "go env CGO_CFLAGS" by default is "-g -O2", so we keep them. CGO_CFLAGS: -g -O2 -Werror @@ -54,7 +54,7 @@ jobs: run: make BUILDTAGS="" codespell: - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v3 - name: install deps @@ -64,14 +64,14 @@ jobs: run: codespell shfmt: - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v3 - name: shfmt run: make shfmt shellcheck: - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v3 - name: install shellcheck @@ -95,7 +95,7 @@ jobs: run : ./script/check-config.sh deps: - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v3 - name: install go @@ -118,7 +118,7 @@ jobs: permissions: contents: read pull-requests: read - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 # Only check commits on pull requests. if: github.event_name == 'pull_request' steps: @@ -136,7 +136,7 @@ jobs: error: 'Subject too long (max 72)' cfmt: - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 steps: - name: checkout uses: actions/checkout@v3 @@ -153,7 +153,7 @@ jobs: release: - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 steps: - name: checkout uses: actions/checkout@v3 @@ -184,7 +184,7 @@ jobs: get-images: - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v3 with: From 6053aea46f18f86a3e1cdb0f18a1094079af4aeb Mon Sep 17 00:00:00 2001 From: Kazuki Hasegawa Date: Tue, 28 Mar 2023 19:54:11 +0900 Subject: [PATCH 0213/1176] Fix undefined behavior. Do not accept setjmp return value as variable. Signed-off-by: Kazuki Hasegawa --- libcontainer/nsenter/nsexec.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/libcontainer/nsenter/nsexec.c b/libcontainer/nsenter/nsexec.c index 4702b2af310..0e60bef47cc 100644 --- a/libcontainer/nsenter/nsexec.c +++ b/libcontainer/nsenter/nsexec.c @@ -980,8 +980,7 @@ void nsexec(void) * -- Aleksa "what has my life come to?" Sarai */ - current_stage = setjmp(env); - switch (current_stage) { + switch (setjmp(env)) { /* * Stage 0: We're in the parent. Our job is just to create a new child * (stage 1: STAGE_CHILD) process and write its uid_map and @@ -995,6 +994,7 @@ void nsexec(void) bool stage1_complete, stage2_complete; /* For debugging. */ + current_stage = STAGE_PARENT; prctl(PR_SET_NAME, (unsigned long)"runc:[0:PARENT]", 0, 0, 0); write_log(DEBUG, "~> nsexec stage-0"); @@ -1152,6 +1152,9 @@ void nsexec(void) pid_t stage2_pid = -1; enum sync_t s; + /* For debugging. */ + current_stage = STAGE_CHILD; + /* We're in a child and thus need to tell the parent if we die. */ syncfd = sync_child_pipe[0]; if (close(sync_child_pipe[1]) < 0) @@ -1323,6 +1326,9 @@ void nsexec(void) */ enum sync_t s; + /* For debugging. */ + current_stage = STAGE_INIT; + /* We're in a child and thus need to tell the parent if we die. */ syncfd = sync_grandchild_pipe[0]; if (close(sync_grandchild_pipe[1]) < 0) @@ -1377,7 +1383,7 @@ void nsexec(void) } break; default: - bail("unknown stage '%d' for jump value", current_stage); + bail("unexpected jump value"); } /* Should never be reached. */ From d9230602e9cc011dc6c2d3e628d02fb4812ead38 Mon Sep 17 00:00:00 2001 From: utam0k Date: Tue, 4 Oct 2022 20:45:50 +0900 Subject: [PATCH 0214/1176] Implement to set a domainname opencontainers/runtime-spec#1156 Signed-off-by: utam0k --- libcontainer/configs/config.go | 3 ++ libcontainer/configs/validate/validator.go | 7 +++-- .../configs/validate/validator_test.go | 30 ++++++++++++++++++- libcontainer/integration/template_test.go | 5 ++-- libcontainer/specconv/spec_linux.go | 1 + libcontainer/standard_init_linux.go | 5 ++++ tests/integration/run.bats | 19 ++++++++++++ 7 files changed, 65 insertions(+), 5 deletions(-) diff --git a/libcontainer/configs/config.go b/libcontainer/configs/config.go index 18955cf95c9..d43ea7860a2 100644 --- a/libcontainer/configs/config.go +++ b/libcontainer/configs/config.go @@ -119,6 +119,9 @@ type Config struct { // Hostname optionally sets the container's hostname if provided Hostname string `json:"hostname"` + // Domainname optionally sets the container's domainname if provided + Domainname string `json:"domainname"` + // Namespaces specifies the container's namespaces that it should setup when cloning the init process // If a namespace is not provided that namespace is shared from the container's parent process Namespaces Namespaces `json:"namespaces"` diff --git a/libcontainer/configs/validate/validator.go b/libcontainer/configs/validate/validator.go index 2027a37203e..483e7a2ff3e 100644 --- a/libcontainer/configs/validate/validator.go +++ b/libcontainer/configs/validate/validator.go @@ -23,7 +23,7 @@ func Validate(config *configs.Config) error { cgroupsCheck, rootfs, network, - hostname, + uts, security, namespaces, sysctl, @@ -75,10 +75,13 @@ func network(config *configs.Config) error { return nil } -func hostname(config *configs.Config) error { +func uts(config *configs.Config) error { if config.Hostname != "" && !config.Namespaces.Contains(configs.NEWUTS) { return errors.New("unable to set hostname without a private UTS namespace") } + if config.Domainname != "" && !config.Namespaces.Contains(configs.NEWUTS) { + return errors.New("unable to set domainname without a private UTS namespace") + } return nil } diff --git a/libcontainer/configs/validate/validator_test.go b/libcontainer/configs/validate/validator_test.go index 59a4033899e..f59d0f2030c 100644 --- a/libcontainer/configs/validate/validator_test.go +++ b/libcontainer/configs/validate/validator_test.go @@ -82,7 +82,25 @@ func TestValidateHostname(t *testing.T) { } } -func TestValidateHostnameWithoutUTSNamespace(t *testing.T) { +func TestValidateUTS(t *testing.T) { + config := &configs.Config{ + Rootfs: "/var", + Domainname: "runc", + Hostname: "runc", + Namespaces: configs.Namespaces( + []configs.Namespace{ + {Type: configs.NEWUTS}, + }, + ), + } + + err := Validate(config) + if err != nil { + t.Errorf("Expected error to not occur: %+v", err) + } +} + +func TestValidateUTSWithoutUTSNamespace(t *testing.T) { config := &configs.Config{ Rootfs: "/var", Hostname: "runc", @@ -92,6 +110,16 @@ func TestValidateHostnameWithoutUTSNamespace(t *testing.T) { if err == nil { t.Error("Expected error to occur but it was nil") } + + config = &configs.Config{ + Rootfs: "/var", + Domainname: "runc", + } + + err = Validate(config) + if err == nil { + t.Error("Expected error to occur but it was nil") + } } func TestValidateSecurityWithMaskPaths(t *testing.T) { diff --git a/libcontainer/integration/template_test.go b/libcontainer/integration/template_test.go index 0e054b55b45..3de1d3e325d 100644 --- a/libcontainer/integration/template_test.go +++ b/libcontainer/integration/template_test.go @@ -129,8 +129,9 @@ func newTemplateConfig(t *testing.T, p *tParam) *configs.Config { ReadonlyPaths: []string{ "/proc/sys", "/proc/sysrq-trigger", "/proc/irq", "/proc/bus", }, - Devices: specconv.AllowedDevices, - Hostname: "integration", + Devices: specconv.AllowedDevices, + Hostname: "integration", + Domainname: "integration", Mounts: []*configs.Mount{ { Source: "proc", diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go index 345c467d0b1..809424a97eb 100644 --- a/libcontainer/specconv/spec_linux.go +++ b/libcontainer/specconv/spec_linux.go @@ -353,6 +353,7 @@ func CreateLibcontainerConfig(opts *CreateOpts) (*configs.Config, error) { NoPivotRoot: opts.NoPivotRoot, Readonlyfs: spec.Root.Readonly, Hostname: spec.Hostname, + Domainname: spec.Domainname, Labels: append(labels, "bundle="+cwd), NoNewKeyring: opts.NoNewKeyring, RootlessEUID: opts.RootlessEUID, diff --git a/libcontainer/standard_init_linux.go b/libcontainer/standard_init_linux.go index 32de78eb20d..a4c01953aeb 100644 --- a/libcontainer/standard_init_linux.go +++ b/libcontainer/standard_init_linux.go @@ -126,6 +126,11 @@ func (l *linuxStandardInit) Init() error { return &os.SyscallError{Syscall: "sethostname", Err: err} } } + if domainname := l.config.Config.Domainname; domainname != "" { + if err := unix.Setdomainname([]byte(domainname)); err != nil { + return &os.SyscallError{Syscall: "setdomainname", Err: err} + } + } if err := apparmor.ApplyProfile(l.config.AppArmorProfile); err != nil { return fmt.Errorf("unable to apply apparmor profile: %w", err) } diff --git a/tests/integration/run.bats b/tests/integration/run.bats index 2cef4fdbc4f..ae4e0fa593a 100644 --- a/tests/integration/run.bats +++ b/tests/integration/run.bats @@ -57,3 +57,22 @@ function teardown() { runc state test_run_keep [ "$status" -ne 0 ] } + +@test "runc run [hostname domainname]" { + update_config ' .process.args |= ["sh"] + | .hostname = "myhostname" + | .domainname= "mydomainname"' + + runc run -d --console-socket "$CONSOLE_SOCKET" test_utc + [ "$status" -eq 0 ] + + # test hostname + runc exec test_utc hostname + [ "$status" -eq 0 ] + [[ "${lines[0]}" == *'myhostname'* ]] + + # test domainname + runc exec test_utc cat /proc/sys/kernel/domainname + [ "$status" -eq 0 ] + [[ "${lines[0]}" == *'mydomainname'* ]] +} From 872149470b023dc13ee72de81998c78942adddbd Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Fri, 7 Apr 2023 11:23:22 +1000 Subject: [PATCH 0215/1176] release: add runc.keyring file and script In order to allow any of the maintainers to cut releases for runc, create a keyring file that distributions can use to verify that releases are signed by one of the maintainers. The format matches the gpg-offline format used by openSUSE packaging, but it can be easily imported with "gpg --import" so any distribution should be able to handle this keyring format wtihout issues. Each key includes the GitHub handle of the associated user. There isn't any way for this information to be automatically verified (outside of using something like keybase.io) but since all changes of this file need to be approved by maintainers this is okay for now. Signed-off-by: Aleksa Sarai --- README.md | 2 ++ runc.keyring | 0 script/keyring_addkey.sh | 37 +++++++++++++++++++++++++++++++++++++ 3 files changed, 39 insertions(+) create mode 100644 runc.keyring create mode 100755 script/keyring_addkey.sh diff --git a/README.md b/README.md index 08ab46ecfd6..b209c7dcd55 100644 --- a/README.md +++ b/README.md @@ -15,6 +15,8 @@ You can find official releases of `runc` on the [release](https://github.com/opencontainers/runc/releases) page. +All releases are signed by one of the keys listed in the [`runc.keyring` file in the root of this repository](runc.keyring). + ## Security The reporting process and disclosure communications are outlined [here](https://github.com/opencontainers/org/blob/master/SECURITY.md). diff --git a/runc.keyring b/runc.keyring new file mode 100644 index 00000000000..e69de29bb2d diff --git a/script/keyring_addkey.sh b/script/keyring_addkey.sh new file mode 100755 index 00000000000..bb319218fb3 --- /dev/null +++ b/script/keyring_addkey.sh @@ -0,0 +1,37 @@ +#!/bin/bash +# Copyright (C) 2023 SUSE LLC. +# Copyright (C) 2023 Open Containers Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -Eeuxo pipefail + +root="$(readlink -f "$(dirname "${BASH_SOURCE[0]}")/..")" +keyring_file="$root/runc.keyring" + +function bail() { + echo "$@" >&2 + exit 1 +} + +[[ "$#" -eq 2 ]] || bail "usage: $0 " + +github_handle="${1}" +gpg_keyid="${2}" + +cat >>"$keyring_file" < Date: Fri, 7 Apr 2023 14:31:01 +1000 Subject: [PATCH 0216/1176] scripts: release: add verification checks for signing keys We need to make sure the release is being signed by a key that is actually listed as a trusted signing key, and we also need to ask the person cutting the release whether the list of trusted keys is acceptable. Also add some verification checks after a release is signed to make sure everything was signed with the correct keys. Signed-off-by: Aleksa Sarai --- script/release_sign.sh | 71 ++++++++++++++++++++++++++++++++++++------ 1 file changed, 61 insertions(+), 10 deletions(-) diff --git a/script/release_sign.sh b/script/release_sign.sh index 8cc224ac6b1..e66a81bc7b2 100755 --- a/script/release_sign.sh +++ b/script/release_sign.sh @@ -1,6 +1,6 @@ #!/bin/bash -# Copyright (C) 2017 SUSE LLC. -# Copyright (C) 2017-2021 Open Containers Authors +# Copyright (C) 2017-2023 SUSE LLC. +# Copyright (C) 2017-2023 Open Containers Authors # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,7 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -set -e +set -Eeuo pipefail project="runc" root="$(readlink -f "$(dirname "${BASH_SOURCE[0]}")/..")" @@ -28,15 +28,21 @@ function usage() { # Log something to stderr. function log() { - echo "[*] $*" >&2 + echo "[*]" "$@" >&2 } # Log something to stderr and then exit with 0. -function bail() { +function quit() { log "$@" exit 0 } +# Log something to stderr and then exit with 1. +function bail() { + log "$@" + exit 1 +} + # Conduct a sanity-check to make sure that GPG provided with the given # arguments can sign something. Inability to sign things is not a fatal error. function gpg_cansign() { @@ -86,17 +92,47 @@ log "signing $project release in '$releasedir'" log " key: ${keyid:-DEFAULT}" log " hash: $hashcmd" -# Make explicit what we're doing. -set -x - # Set up the gpgflags. gpgflags=() [[ "$keyid" ]] && gpgflags=(--default-key "$keyid") -gpg_cansign "${gpgflags[@]}" || bail "Could not find suitable GPG key, skipping signing step." +gpg_cansign "${gpgflags[@]}" || quit "Could not find suitable GPG key, skipping signing step." + +# Make explicit what we're doing. +set -x + +# Check that the keyid is actually in the $project.keyring by signing a piece +# of dummy text then verifying it against the list of keys in that keyring. +tmp_gpgdir="$(mktemp -d --tmpdir "$project-sign-tmpkeyring.XXXXXX")" +trap 'rm -r "$tmp_gpgdir"' EXIT + +tmp_runc_gpgflags=("--no-default-keyring" "--keyring=$tmp_gpgdir/$project.keyring") +gpg "${tmp_runc_gpgflags[@]}" --import <"$root/$project.keyring" + +tmp_seccomp_gpgflags=("--no-default-keyring" "--keyring=$tmp_gpgdir/seccomp.keyring") +gpg "${tmp_seccomp_gpgflags[@]}" --recv-keys 0x47A68FCE37C7D7024FD65E11356CE62C2B524099 +gpg "${tmp_seccomp_gpgflags[@]}" --recv-keys 0x7100AADFAE6E6E940D2E0AD655E45A5AE8CA7C8A + +gpg "${gpgflags[@]}" --clear-sign <<<"[This is test text used for $project release scripts. $(date --rfc-email)]" | + gpg "${tmp_runc_gpgflags[@]}" --verify || bail "Signing key ${keyid:-DEFAULT} is not in trusted $project.keyring list!" + +# Make sure the signer is okay with the list of keys in the keyring (once this +# release is signed, distributions will trust this keyring). +cat >&2 < Date: Wed, 19 Apr 2023 12:29:21 +1000 Subject: [PATCH 0217/1176] keyring: verify runc.keyring has legitimate maintainer keys These checks ensure that all of the keys in the runc.keyring list are actually the keys of the specified user and that the users themselves are actually maintainers. Signed-off-by: Aleksa Sarai --- .github/workflows/validate.yml | 6 +++ Makefile | 5 +- script/keyring_validate.sh | 98 ++++++++++++++++++++++++++++++++++ 3 files changed, 108 insertions(+), 1 deletion(-) create mode 100755 script/keyring_validate.sh diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index da4ce1ff965..a22676b52fa 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -13,6 +13,12 @@ permissions: contents: read jobs: + keyring: + runs-on: ubuntu-22.04 + steps: + - uses: actions/checkout@v3 + - name: check runc.keyring + run: make validate-keyring lint: permissions: diff --git a/Makefile b/Makefile index 870eb7a0015..00c8d71ab68 100644 --- a/Makefile +++ b/Makefile @@ -188,9 +188,12 @@ verify-dependencies: vendor || (echo -e "git status:\n $$(git status -- go.mod go.sum vendor/)\nerror: vendor/, go.mod and/or go.sum not up to date. Run \"make vendor\" to update"; exit 1) \ && echo "all vendor files are up to date." +validate-keyring: + script/keyring_validate.sh + .PHONY: runc all recvtty sd-helper seccompagent static releaseall release \ localrelease dbuild lint man runcimage \ test localtest unittest localunittest integration localintegration \ rootlessintegration localrootlessintegration shell install install-bash \ install-man clean cfmt shfmt localshfmt shellcheck \ - vendor verify-changelog verify-dependencies + vendor verify-changelog verify-dependencies validate-keyring diff --git a/script/keyring_validate.sh b/script/keyring_validate.sh new file mode 100755 index 00000000000..61ed80cc0f4 --- /dev/null +++ b/script/keyring_validate.sh @@ -0,0 +1,98 @@ +#!/bin/bash +# Copyright (C) 2023 SUSE LLC. +# Copyright (C) 2023 Open Containers Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -Eeuo pipefail + +project="runc" +root="$(readlink -f "$(dirname "${BASH_SOURCE[0]}")/..")" + +function log() { + echo "[*]" "$@" >&2 +} + +function bail() { + log "$@" + exit 1 +} + +# Temporary GPG keyring for messing around with. +tmp_gpgdir="$(mktemp -d --tmpdir "$project-validate-tmpkeyring.XXXXXX")" +trap 'rm -r "$tmp_gpgdir"' EXIT + +# Get the set of MAINTAINERS. +readarray -t maintainers < <(sed -E 's|.* <.*> \(@?(.*)\)$|\1|' <"$root/MAINTAINERS") +echo "$project maintainers:" +printf " %s\n" "${maintainers[@]}" + +# Create a dummy gpg keyring from the set of MAINTAINERS. +while IFS="" read -r username || [ -n "$username" ]; do + curl -sSL "https://github.com/$username.gpg" | + gpg --no-default-keyring --keyring="$tmp_gpgdir/$username.keyring" --import +done < <(printf '%s\n' "${maintainers[@]}") + +# Make sure all of the keys in the keyring have a github=... comment. +awk <"$root/$project.keyring" ' + /^-----BEGIN PGP PUBLIC KEY BLOCK-----$/ { key_idx++; in_pgp=1; has_comment=0; } + + # PGP comments are never broken up over several lines, and we only have one + # comment entry in our keyring file anyway. + in_pgp && /^Comment:.* github=\w+.*/ { has_comment=1 } + + /^-----END PGP PUBLIC KEY BLOCK-----$/ { + if (!has_comment) { + print "[!] Key", key_idx, "in '$project'.keyring is missing a github= comment." + exit 1 + } + } +' + +# Check that each entry in the kering is actually a maintainer's key. +while IFS="" read -d $'\0' -r block || [ -n "$block" ]; do + username="$(sed -En "s|^Comment:.* github=(\w+).*|\1|p" <<<"$block")" + + # FIXME: This is to work around codespell thinking that f-p-r is a + # misspelling of some other word, and the lack of support for inline + # ignores in codespell. + fprfield="f""p""r" + + # Check the username is actually a maintainer. This is just a sanity check, + # since you can put whatever you like in the Comment field. + [ -f "$tmp_gpgdir/$username.keyring" ] || bail "User $username in runc.keyring is not a maintainer!" + grep "(@$username)$" "$root/MAINTAINERS" >/dev/null || bail "User $username in runc.keyring is not a maintainer!" + + # Check that the key in the block actually matches a known key for that + # maintainer. Note that a block can contain multiple keys, so we need to + # check all of them. Since we have to handle multiple keys anyway, we'll + # also verify all of the subkeys (this is simpler to implement anyway since + # the --with-colons format outputs fingerprints for both primary and + # subkeys in the same way). + # + # Fingerprints have a field 1 of $fprfield and field 10 containing the + # fingerprint. See + # for more details. + while IFS="" read -r key || [ -n "$key" ]; do + gpg --no-default-keyring --keyring="$tmp_gpgdir/$username.keyring" \ + --list-keys --with-colons | grep "$fprfield:::::::::$key:" >/dev/null || + bail "(Sub?)Key $key in $project.keyring is NOT actually one of $username's keys!" + log "Successfully verified $username's (sub?)key $key is legitimate." + done < <(gpg --no-default-keyring \ + --import --import-options=show-only --with-colons <<<"$block" | + grep "^$fprfield:" | cut -d: -f10) +done < <(awk <"$project.keyring" ' + /^-----BEGIN PGP PUBLIC KEY BLOCK-----$/ { in_block=1 } + in_block { print } + /^-----END PGP PUBLIC KEY BLOCK-----$/ { in_block=0; printf("\0"); } +') From 0c9c60aa18239785e9acd037445717cab462c395 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Fri, 7 Apr 2023 11:34:38 +1000 Subject: [PATCH 0218/1176] keyring: add Aleksa's signing key keyid 5F36C6C61B5460124A75F5A69E18AA267DDB8DB4 This is the signing key I have used for all previous runc releases. You can also verify that this is the key trusted by openSUSE for all of our releases. Ref: https://keyserver.ubuntu.com/pks/lookup?search=5F36C6C61B5460124A75F5A69E18AA267DDB8DB4&fingerprint=on&op=index Ref: https://build.opensuse.org/package/view_file/openSUSE:Factory/runc/runc.keyring?expand=1&rev=54 Signed-off-by: Aleksa Sarai --- runc.keyring | 71 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 71 insertions(+) diff --git a/runc.keyring b/runc.keyring index e69de29bb2d..12cb0bcdf1a 100644 --- a/runc.keyring +++ b/runc.keyring @@ -0,0 +1,71 @@ +pub rsa4096 2016-06-21 [SC] [expires: 2031-06-18] + 5F36C6C61B5460124A75F5A69E18AA267DDB8DB4 +uid [ultimate] Aleksa Sarai +uid [ultimate] Aleksa Sarai +sub rsa4096 2016-06-21 [E] [expires: 2031-06-18] + +-----BEGIN PGP PUBLIC KEY BLOCK----- +Comment: github=cyphar + +mQINBFdpGN0BEADMEmLpnUel7OI2SM8f88i7w0iRgJd4kOvF1z673+zWCgaw9QW8 +ha7wAm/+3isas9IqlvGx61i6hbO7TFwcYi472VHhs4HP8jMtWytHHkjc3O9xlMc0 +CfekjIpoR1CffYtCvkLr8/f74jHNRfqsmZ1Oxa9GjbhgDnbw4Baztp6WctzMXyOJ +j5bJuSfQTcgFbIeQ27zx7gNjbnHyEP5TEm1/CeoWpGPpZLJPiKHdI/TBCyFexHJ0 +IlabKc4DC43RZyh0Btuf+FiX9K2NkoCC7l5nQdde8B6YG7SA6xEhwhQ73bSs7A56 +rlZxfIFmLCB/81FyXk5eH0Eu9Lbwj69YQ81EdkLnLAyP3ZB+MRGuiWVD88Jr1He2 +25m3dxTVzaP0TAV4LqdbuqTwr2wagu9MZQ5XXDiaEuiPwTrO10xlmivOjRaWxoWA +E0I3fOdrzqfg9XK6g1pG23v2WhHFIejqVCXrf5oPcCd62lGeh0ghEdNN89ikXbka +1PJRiWI3uDQ6STSKa+6uC5eUM7tK/ymqS8JYSQf4d3eIaC2H403psPt5kbq1bHdx +nRPX2eh/t1QzR1dhPxzai4CzLERIYJ9iD4nGiSscwy0P44AgyeuywSg4qXzr9Sfe +igOj+6lfJb3iZRN3dKLTRAKWvo7yfdi/UOycodlaQyW8v0yXAx7Yh1NgJQARAQAB +tB1BbGVrc2EgU2FyYWkgPGFzYXJhaUBzdXNlLmRlPokCPQQTAQgAJwUCV2kY3QIb +AwUJHDIEgAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRCeGKomfduNtGecEACZ +JLVdeKHKsSUqTLOjbC6t9uKfKlNpu+iQ2/TS9YazLWXoFEc8f/uWB8BpHcJBFrqz +j+mI34ShEkbbNJArxR76njnAtPF+73GiD0dAjRDWz8YtQgSg5UhYm6O2Si/EM4I8 +TDzflyjaZltCkDe2U+2T8dTkYxqOi11IuCukPBNe0moxGKvLGPWEqZQMPCfBgllD +lv2Toiry2Fp1bkBlT6hk0C684rfAwzPQuH0BBv8vgfgroRMJg/qfZb64lhMCXaPr +rCtVHP+F1bVXKZCBCt7ETTtcteUEKaFmGgDGpXGnIqPL5iWLK5u8DQL/1lGcinj9 +QdD9IUNqsrsNAbdyMMqQvZKQwIVDgFMXrCwSRymOi6cppN7eF0VyFN7YsATttRGx +CZBoSMhVW6VVxuJFGaQWFXWthVGVEd2jkvny1TX8Nm8KBHC2G/wNVU3pKrCPhMCt +rYc8xWZ+6uisQ6XWs8H4nyBOVN6RvhIqqXJL1nvViOSFMLSDyFgPA16368krgxYE +pVDvie04aDjKZj2/0LSogNQPqZxs8uKIjLZ1NYQQmCQ8Dx9/nshg1wbyDD/c///M +EmVFmZhlNLZ8tV/iTlwfD/4vjbeaAQTVanhPFRbUtmL/iuz5f0gH0b0xc+mc+yQ1 +egjBwMuKr+h7jbSXIWoFGZLrqT3WswTg0Khk6oEL57QeQWxla3NhIFNhcmFpIDxh +c2FyYWlAc3VzZS5jb20+iQI9BBMBCAAnBQJXaRngAhsDBQkcMgSABQsJCAcCBhUI +CQoLAgQWAgMBAh4BAheAAAoJEJ4YqiZ924202mIQAIjGrikF7OPBCbV5Oo4oC0QQ +7HcG+DM9cN6UcFO+rzWQxZ/atEpiULa4O3YKoGOkSV5WAjUpaY5Rf7Obt3EjgrwE +PhtGvOpC6kkkTV43RmmK06CxHiZPrUJBwcpbW1rf2JZx7PPBMbZfsmWdVZc+LjzC +D3KtJ7xhzT0mi+zN5ONNHody6sDQO6n0mN+bRVxiVdcxwjYHfJYGobI6aaKyupvl ++xCGK4ekzNCVzaxudzqmbFE6qk+cWcvcA8HpggA63rCvCLfK1embNOtqzKAcJh1o +cJvrtpe18qBvd4yXFWEqQBW6IoDLvdzaLY7eNMI97UDInciz/GUtbxhqbs1lAOBz +V1y9fi0+NIIq1qmhbLxpUFC2BWsZRuWEqYWdr4FFJCuYEEXX6KXM7d9CSdWlErCU +mqKYsx6X4E7Iy1yupYbIqXRea9wBr8aPoFk+gLdNbCWAE4o7InKJY1uqOt141ffs ++6XJe2wVvA2xLr0ZphlcyF0EHZX8tMWLCYdQJdLMps2hl5oFpi7ccdM1GpE/Kwt5 +pEBqsJ6vP59BsbmciYmNkYKvFIKJcasImglQP6nrQiBwjTd7fYXpMDeO0yNtklaZ +IZlbNvxOe1TqbRzfVFk3oSBbEaFzPAx/W0uU1evZynpu2PcIvOuadScc9j0jMzt8 +0wknTD5AqhD/fkfZlwRouQINBFdpGN0BEADfqvO6AkGOWf+lcQZfWBMSMpzneCCS +JvQvD65VrFt0CCbSlJv1pc3GwLlL2dMulIxQGg0JMTjfPZcCYqrnOcWe0gedETRV +nOucY7zWmohR7L70YWwh46FlAPifY6bIIYGYTHyI9w1adS9K4tAJW/XS0WrvZ5KA +l7htrAzUAsMhag9y9jtQJVPLErGJta3jZJASs8PZWWmLYZE+oy1R3W52w/HqGQHS +8BPgo4oL+lrjPmjAwouhhNETTq9W2xmCe18EJodOjNKdF5ODOq1LOkPNHIaIdG0s +sY3qbifcRLVDvSmb8++4WRYl1HLy2vpsTQ31mZ3KyRKR6cP61ivTZy8idwD+Qt1t +3uKTCGNZj96OCob8ZeZsak6enuFZleVbLty1eULIw/IZuq8g6E+/V7mbFo4vkXMN +q4YrX0Q3XEzB8Cdxd5vsnz7Uga35j44gwJ+BUsCyaRUyGzLqhUWHJS73Vy3IxHfX +Rj7TQUBFYDKbOS9oKearmvTb1SQzH7NM5jQUFzXeJQE03jetRneNQ5hkh9UhUr64 +gtRnnKXTimXkczEMU9eDSTgQoaebdPnWEnzoStS5ln03zH+CNTQF9qjcpYBrJ2mZ +wnxO9OP/45KQL4hPAi2+hGkq2yjuIzeCkFJabAc7sF6lwJqH82XtiIIR+AGTM8QC +Eno0eqAytg8YawARAQABiQIlBBgBCAAPBQJXaRjdAhsMBQkcMgSAAAoJEJ4YqiZ9 +2420AuIP/1PYZDKFLv//+iY6Z9xGz4zHL+9nWND/Kll3xHeuWjYGZ2nmcovSnEW4 +0eiMn1c6KMgs/CCR4+9bm7MdgaF73pjM4xzHBIBetLLkcKQIrniX2Fq+WgscJfFx ++0ha7Xb2TTpSy8PRiYHowVUaMPwyqSsAUwrSenLuwyiKr+EW4Wzo+YM2w9a86yw1 +GfWuiyk0Z4sGoPoPEjmD4y6Xlf8kIfuZeb+joHd6W1nMf7cxDkNLQqX6sWvs62Tv +Lsx2jApPKD2PyTyyxItJKc6NXFVM+Uww323ZYVWMkz+VKalHRiv6xzGqArhpAIH6 +fn+1WjjqkrrLU4I7smjlulZCy/NZLOKqQYaqM+7BgC2mOPMb5CM99cg4SrK86dFr +3Cf22+OTmC6/Wb5Gu4PzTzkYIJDnt3BJQYjJlp4zyOHluN6notrWagLIB06oX+jQ +pxGySHW++Cha/JCUb0mfeHIJKvRor3v7YaSJoFIo//rz6XJ9WVZfsKnOte/3s9m7 +qkEvLArbe2o7pUJ2mxZZw/nAk/Y39FYAMvgMA9f+uv18O7u+ojYjS6DlrmNuIEg/ +mp8FqVxVNdIS2capSF4+eOn3a4kcF0018xbTLA2AwQ2o9eF5G9qTdSVrN865VPCd +KWr9ByCKAwVHsaSgVSJE/dse4f1toqeEHHbWk682U4RqOWZR4bA0 +=3/jE +-----END PGP PUBLIC KEY BLOCK----- + From 056ec0caa65b57ec0f47233f405fc0e5005d7e06 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Wed, 19 Apr 2023 12:51:59 +1000 Subject: [PATCH 0219/1176] keyring: add Aleksa's signing key keyid C9C370B246B09F6DBCFC744C34401015D1D2D386 This is my personal signing key, which I've used to sign the vast majority of my commits on GitHub. While I usually sign releases using my signing key, it doesn't hurt to include this key too. Ref: https://keyserver.ubuntu.com/pks/lookup?search=C9C370B246B09F6DBCFC744C34401015D1D2D386&fingerprint=on&op=index Signed-off-by: Aleksa Sarai --- runc.keyring | 53 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) diff --git a/runc.keyring b/runc.keyring index 12cb0bcdf1a..f5733cce423 100644 --- a/runc.keyring +++ b/runc.keyring @@ -69,3 +69,56 @@ KWr9ByCKAwVHsaSgVSJE/dse4f1toqeEHHbWk682U4RqOWZR4bA0 =3/jE -----END PGP PUBLIC KEY BLOCK----- +pub ed25519 2019-06-21 [C] + C9C370B246B09F6DBCFC744C34401015D1D2D386 +uid [ultimate] Aleksa Sarai +sub ed25519 2022-09-30 [S] [expires: 2024-09-29] +sub cv25519 2022-09-30 [E] [expires: 2024-09-29] +sub ed25519 2022-09-30 [A] [expires: 2024-09-29] + +-----BEGIN PGP PUBLIC KEY BLOCK----- +Comment: github=cyphar + +mDMEXQxvLxYJKwYBBAHaRw8BAQdArRQoZs9YzYtQIiPA1qdvUT8Q0wbPZyRV65Tz +QNTIZla0IEFsZWtzYSBTYXJhaSA8Y3lwaGFyQGN5cGhhci5jb20+iJAEExYIADgF +CwkIBwIGFQoJCAsCBBYCAwECHgECF4AWIQTJw3CyRrCfbbz8dEw0QBAV0dLThgUC +XQzCHwIbAQAKCRA0QBAV0dLThvUpAP9SwyOijLqEBz1A9pTqRAB0l/r+ABq+iUmH +UjMHO34LZAD/biRuAadaxIYJtmn7nKA55doyN2fQXhjArqypJ1SQywi4MwRdDMJS +FgkrBgEEAdpHDwEBB0B2IGusH7LuDH3hNT6JYM30S7G92FGogA6a9WQzKRlqvIh4 +BCgWCgAgFiEEycNwskawn228/HRMNEAQFdHS04YFAmM2ukUCHQEACgkQNEAQFdHS +04ZTQAEAjAT0fXVJHdRL6UMCxDYsgjG+QyH1mr7gKgbPvB8A5LgBAN4QDqCxIY3b +8+X4Ud3C9yLfkbcsdgctU3fO/jHpKVIIiO8EGBYIACAWIQTJw3CyRrCfbbz8dEw0 +QBAV0dLThgUCXQzCUgIbAgCBCRA0QBAV0dLThnYgBBkWCAAdFiEEsWZunbXxPIMS +y32KnZS5YyG50BIFAl0MwlIACgkQnZS5YyG50BLusQD/aPjX4NhlSYgzNV2x31aw +x5AxTp+18xoQDwaU123grDgA/2B73RiaTO2boRK5UETxx6awdsA51hZubxo4LyxG +SP8IW5gA/2JWrDg+7cSQrS71gHmtqvz0se+D7zmWdcnN8O3LoUZeAQDW3Pkq0cru +YVbsXiTwzenLPUJrjGBAVaoFmYqFUelFDLg4BF0MwmoSCisGAQQBl1UBBQEBB0BL +FI5mD555F7t6dovnw4DW19nkG/g/Vd5Zb/7qhMLWagMBCAeIeAQoFgoAIBYhBMnD +cLJGsJ9tvPx0TDRAEBXR0tOGBQJjNrpFAh0BAAoJEDRAEBXR0tOGgPkA/1Z69M4e +qU3ZM7czYOHKAbNHiRuAqzc6o90WBJLhgFJmAQCcKmpnnnTpbnGoXgkcRSr2y1wk +uId1oVRwfRbN9h94Doh4BBgWCAAgFiEEycNwskawn228/HRMNEAQFdHS04YFAl0M +wmoCGwwACgkQNEAQFdHS04aZWgD/d0gCCB7ytnRB9RBtns9RRrtGXOIrzzWKw+zx +za6Y2zgBANoj7CUeH0MygzZkgMrCmKPNnMxEnHJaTuYZA4yBixkIuDMEXQzCjRYJ +KwYBBAHaRw8BAQdAAiFh7AD1u/UhjVbGJkRflPhjHBKIsAuP4pkI/qjavwaIeAQo +FgoAIBYhBMnDcLJGsJ9tvPx0TDRAEBXR0tOGBQJjNrpFAh0BAAoJEDRAEBXR0tOG +AUgA/2ZDB3tCRBON1WjLBESkHZmNtplYcV03u/oshA/MVCzpAQDGusGcv/rf1ZI9 +o7lcWozXFlQDOM7eoT4avvWOVcsaD4h4BBgWCAAgFiEEycNwskawn228/HRMNEAQ +FdHS04YFAl0Mwo0CGyAACgkQNEAQFdHS04ajxQEAsZf1yDORUVYicREc/7z0U+51 +DJzeAexeJTYM+N+x13EA/0Ex+o7qQ7dZLGDn7x4LSbd39C+++suHsEaE4XwlX6cH +uDMEYza6SxYJKwYBBAHaRw8BAQdAE3s7dZQFuImQX2tWshIdGjeUKZc7rlMcrZ6+ +q25gaH2I9QQYFgoAJhYhBMnDcLJGsJ9tvPx0TDRAEBXR0tOGBQJjNrpLAhsCBQkD +wmcAAIEJEDRAEBXR0tOGdiAEGRYKAB0WIQS2TklVsp+j1GPyqQYol/rSt+lEbwUC +Yza6SwAKCRAol/rSt+lEb9obAQC8ij4yJTU7ZcAtTx2ZMjj8EoruGb3ku6VpRyx1 ++pyQQgD/QgQ7X1G7xtwuVpY0kHYga1yoKLA2ycT8F8PrVtF7pAMWkgD9EWe1E77C +BVd//i3ib+h9ikCeJ+gaxc6aU24ZBcN2tfUBAJmCmYQ0VEbXyvCqkdJEQ4qk5Y9C +2V4w83dj4a5RYKUGuDgEYza6YBIKKwYBBAGXVQEFAQEHQKECW5Y7nUGCka0/WcCM +OerRY95Pm2DQVL76QzvhXD8tAwEIB4h+BBgWCgAmFiEEycNwskawn228/HRMNEAQ +FdHS04YFAmM2umACGwwFCQPCZwAACgkQNEAQFdHS04bkuwEA7AEL+iSPlA8/YILp +0sFMzmtRqTDMqx2BY8K5wEk9fusA/jAhbeJw57bZYvK4MghfUa9tRocyII84UmOA +cgDbPPIFuDMEYza6bhYJKwYBBAHaRw8BAQdAgHXd0yf6MPXJZCZ3TFz8xLymyPsD +TF2SQwwqM4+nYbeIfgQYFgoAJhYhBMnDcLJGsJ9tvPx0TDRAEBXR0tOGBQJjNrpu +AhsgBQkDwmcAAAoJEDRAEBXR0tOGB8UA/0wf8uECKMmXGQ4DNi+ei2E9Ft6GL8qw +UGjwM/EKH2RoAP9HNRRKBjDxs/AZ3pBx1Q8hnHELLo0kXPc+3BG6Pht5BA== +=KN4V +-----END PGP PUBLIC KEY BLOCK----- + From fe278b9caae21e048ae83b96815a985826b4c464 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 4 Apr 2023 16:59:43 -0700 Subject: [PATCH 0220/1176] libct: fix a race with systemd removal For a previous attempt to fix that (and added test cases), see commit 9087f2e827d971. Alas, it's not always working because of cgroup directory TOCTOU. To solve this and avoid the race, add an error _after_ the operation. Implement it as a method that ignores the error that should be ignored. Instead of currentStatus(), use faster runType(), since we are not interested in Paused status here. For Processes(), remove the pre-op check, and only use it after getting an error, making the non-error path more straightforward. For Signal(), add a second check after getting an error. The first check is left as is because signalAllProcesses might print a warning if the cgroup does not exist, and we'd like to avoid that. This should fix an occasional failure like this one: not ok 84 kill detached busybox # (in test file tests/integration/kill.bats, line 27) # `[ "$status" -eq 0 ]' failed .... # runc kill test_busybox KILL (status=0): # runc kill -a test_busybox 0 (status=1): # time="2023-04-04T18:24:27Z" level=error msg="lstat /sys/fs/cgroup/devices/system.slice/runc-test_busybox.scope: no such file or directory" Signed-off-by: Kir Kolyshkin --- libcontainer/container_linux.go | 31 +++++++++++++++++-------------- 1 file changed, 17 insertions(+), 14 deletions(-) diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index b498e33bce2..67232dfa11f 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -112,6 +112,18 @@ func (c *Container) OCIState() (*specs.State, error) { return c.currentOCIState() } +// ignoreCgroupError filters out cgroup-related errors that can be ignored, +// because the container is stopped and its cgroup is gone. +func (c *Container) ignoreCgroupError(err error) error { + if err == nil { + return nil + } + if errors.Is(err, os.ErrNotExist) && c.runType() == Stopped && !c.cgroupManager.Exists() { + return nil + } + return err +} + // Processes returns the PIDs inside this container. The PIDs are in the // namespace of the calling process. // @@ -119,18 +131,8 @@ func (c *Container) OCIState() (*specs.State, error) { // unless the container state is PAUSED in which case every PID in the slice is // valid. func (c *Container) Processes() ([]int, error) { - var pids []int - status, err := c.currentStatus() - if err != nil { - return pids, err - } - // for systemd cgroup, the unit's cgroup path will be auto removed if container's all processes exited - if status == Stopped && !c.cgroupManager.Exists() { - return pids, nil - } - - pids, err = c.cgroupManager.GetAllPids() - if err != nil { + pids, err := c.cgroupManager.GetAllPids() + if err = c.ignoreCgroupError(err); err != nil { return nil, fmt.Errorf("unable to get all container pids: %w", err) } return pids, nil @@ -363,11 +365,12 @@ func (c *Container) Signal(s os.Signal, all bool) error { return err } if all { - // for systemd cgroup, the unit's cgroup path will be auto removed if container's all processes exited if status == Stopped && !c.cgroupManager.Exists() { + // Avoid calling signalAllProcesses which may print + // a warning trying to freeze a non-existing cgroup. return nil } - return signalAllProcesses(c.cgroupManager, s) + return c.ignoreCgroupError(signalAllProcesses(c.cgroupManager, s)) } // to avoid a PID reuse attack if status == Running || status == Created || status == Paused { From 42a109198c42ef1fa2ef43815b0701932e3731c0 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 20 Apr 2023 17:57:23 -0700 Subject: [PATCH 0221/1176] runc-kill(8): amend the --all description Document the aspects of --all. Signed-off-by: Kir Kolyshkin --- man/runc-kill.8.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/man/runc-kill.8.md b/man/runc-kill.8.md index c18fe9442da..5f0f51ed9b9 100644 --- a/man/runc-kill.8.md +++ b/man/runc-kill.8.md @@ -17,7 +17,12 @@ to list available signals. # OPTIONS **--all**|**-a** -: Send the signal to all processes inside the container. +: Send the signal to all processes inside the container, rather than +the container's init only. This option is useful when the container does not +have its own PID namespace. + +: When this option is set, no error is returned if the container is stopped +or does not exist. # EXAMPLES From a75831037f008612b1fc67e20f0840e8f210897f Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 21 Apr 2023 17:07:32 -0700 Subject: [PATCH 0222/1176] runc.keyring: add Kolyshkin Signed-off-by: Kir Kolyshkin --- runc.keyring | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/runc.keyring b/runc.keyring index f5733cce423..d963d8aba26 100644 --- a/runc.keyring +++ b/runc.keyring @@ -122,3 +122,40 @@ UGjwM/EKH2RoAP9HNRRKBjDxs/AZ3pBx1Q8hnHELLo0kXPc+3BG6Pht5BA== =KN4V -----END PGP PUBLIC KEY BLOCK----- +pub rsa2048 2020-04-28 [SC] [expires: 2025-04-18] + C2428CD75720FACDCF76B6EA17DE5ECB75A1100E +uid [ultimate] Kir Kolyshkin +sub rsa2048 2020-04-28 [E] [expires: 2025-04-18] + +-----BEGIN PGP PUBLIC KEY BLOCK----- +Comment: github=kolyshkin + +mQENBF6ou34BCACow4f1kUqw0varU4pq+C91xhYeNb/0sGyFKCvYfiLY74yG8EXW +rZ8n06AYDHzPv9oubkUhnFk/u25kXQVgLB6Z5SKRBCiFq1QZirXeNJ8Iss8AwDBV +ppTSiCl8/x/gKoXiJ+7MyvOZozUavkVHdim1NKCzwD014VOB8RXz+heUjS+HDXY9 +2IknlaZg2oGpQe6weVmXmEhxERapG/y+/Vo6t8UfhSv0gEeM00/yWhBJKSYPtzMg +SbTL4jCsN/x0bq+ZNp4lunihVY5WqX+BGLcx7xPnJ0Rp9Ju1mAhKrbKUmOG3rkWu +DIJuVP8HQfCoffsBLUKQ0V4fh18kfq1bo3JvABEBAAG0I0tpciBLb2x5c2hraW4g +PGtvbHlzaGtpbkBnbWFpbC5jb20+iQFUBBMBCAA+AhsDBQsJCAcCBhUKCQgLAgQW +AgMBAh4BAheAFiEEwkKM11cg+s3PdrbqF95ey3WhEA4FAmRAbOgFCQlaGGoACgkQ +F95ey3WhEA6dRQf+P+OHI3QiZu3TnrNBTsf+V8HhFBWKqafrjKbIE1A5HOHzcK2F +t2afYG+MZQILwSuCQOObgr3o7hGlqkwMwGtHt5nqG6/Z0bmkowG4JJmYIg9FhvQW +JEm/7lSBtxvFkw05H90UlzCM7AigD+PrLs96Zb0+FqdzEDWTMJeU7yYUFRNbXEu3 +wqpOZpHlYCJGKzFJBbGxYphlmljexRlWdZPwACKg7lBsVkM8JDPGxmmEe7/5tXPt +Oa1yS13SleLv4muHH3KO3cgJGqBfY/XIExZUQUF0GdL0yppBDbn0oZ/wvRuibCR0 +1P7rW88csSjAjhNjja4v/zWleSIpyWVi8IvYLLkBDQReqLt+AQgAtKUDLyUFxQ9k +p8OwI/MsPTLLoYfjilJaXnmtzQjGYFrEuU3lt7omRUBldNChkjGghEukGTq0RD7Z +s6Qv5PM5dtOypPJM0lmz2j7seun3AfDV44h/bjOFwTUjab3Nr9fQ52qESmRS03ik +6+5YNwq2D/+2kHVJ2vkUoo6KvioA1vPU311oW/Yfky8dLS5NguikE3to6YElWW38 +oqFUVdMScCbf9a6CPXSQEz/rH4TgAhwyTo6oegv+8L/szGFy5ToNGiA0D45HcFDc +yXs1d+b3bYRuGfC1l/z+WZWwbeHt1fKEQ8pCLDLRre5y0hPRHeN2CG4U7iyI5B5h +8LITPcZ66wARAQABiQE8BBgBCAAmAhsMFiEEwkKM11cg+s3PdrbqF95ey3WhEA4F +AmRAbRQFCQlaGJYACgkQF95ey3WhEA7vywf9FFTeRgNji8ZIPMM2vIlns+CMkP5R +uXakU6Q0O6Wmbb/ULOkobTqJ/Jcze8OuembuU3V6MiOQKgUIDrN7itjnJPQBneKT +iqJdPK8KOiGIzqa0aRekvOu2nCz9n87Bf48pviH922yfs8gXYRCUnSV/i7/p+N8r +5Fy7dJen5SXksN2/rUCEgU9FD17l2uMAoQbRqZg74/GwSDLnhrZ9eMrbPnguSQF4 +S1NPMeS7+G/gPN9Ze9qFmOF2p57cmEa+8mriZCYY3BcUBOiMOV5HSBKJwqA2M8au +2dAKmFWb/G+K/dgBdkAulQ/BfCpwgFmmgJ5dAeaS3y8Xd86aBE0/eLCrhQ== +=GkpD +-----END PGP PUBLIC KEY BLOCK----- + From cfc3c6da3984500a1944bb967ed7a1c44fe59614 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Sun, 23 Apr 2023 00:21:25 +1000 Subject: [PATCH 0223/1176] scripts: keyring validate: print some more information Add a little bit more diagnostic information to "make validate-keyring". Signed-off-by: Aleksa Sarai --- script/keyring_validate.sh | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/script/keyring_validate.sh b/script/keyring_validate.sh index 61ed80cc0f4..ccb3da2a679 100755 --- a/script/keyring_validate.sh +++ b/script/keyring_validate.sh @@ -34,8 +34,10 @@ trap 'rm -r "$tmp_gpgdir"' EXIT # Get the set of MAINTAINERS. readarray -t maintainers < <(sed -E 's|.* <.*> \(@?(.*)\)$|\1|' <"$root/MAINTAINERS") +echo "------------------------------------------------------------" echo "$project maintainers:" -printf " %s\n" "${maintainers[@]}" +printf " * %s\n" "${maintainers[@]}" +echo "------------------------------------------------------------" # Create a dummy gpg keyring from the set of MAINTAINERS. while IFS="" read -r username || [ -n "$username" ]; do @@ -59,6 +61,14 @@ awk <"$root/$project.keyring" ' } ' +echo "------------------------------------------------------------" +echo "$project release managers:" +sed -En "s|^Comment:.* github=(\w+).*| * \1|p" <"$root/$project.keyring" | sort -u +echo "------------------------------------------------------------" +gpg --no-default-keyring --keyring="$tmp_gpgdir/keyring" \ + --import --import-options=show-only <"$root/$project.keyring" +echo "------------------------------------------------------------" + # Check that each entry in the kering is actually a maintainer's key. while IFS="" read -d $'\0' -r block || [ -n "$block" ]; do username="$(sed -En "s|^Comment:.* github=(\w+).*|\1|p" <<<"$block")" @@ -91,7 +101,7 @@ while IFS="" read -d $'\0' -r block || [ -n "$block" ]; do done < <(gpg --no-default-keyring \ --import --import-options=show-only --with-colons <<<"$block" | grep "^$fprfield:" | cut -d: -f10) -done < <(awk <"$project.keyring" ' +done < <(awk <"$root/$project.keyring" ' /^-----BEGIN PGP PUBLIC KEY BLOCK-----$/ { in_block=1 } in_block { print } /^-----END PGP PUBLIC KEY BLOCK-----$/ { in_block=0; printf("\0"); } From d7208f59105e079ba037aea05f9d0603ba7f779f Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 24 Apr 2023 15:49:19 -0700 Subject: [PATCH 0224/1176] libct/cg/sd: use systemd version when generating dev props Commit 343951a22b58c38feb added a call to os.Stat for the device path when generating systemd device properties, to avoid systemd warning for non-existing devices. The idea was, since systemd uses stat(2) to look up device properties for a given path, it will fail anyway. In addition, this allowed to suppress a warning like this from systemd: > Couldn't stat device /dev/char/10:200 NOTE that this was done because: - systemd could not add the rule anyway; - runs puts its own set of rules on top of what systemd does. Apparently, the above change broke some setups, resulting in inability to use e.g. /dev/null inside a container. My guess is this is because in cgroup v2 we add a second eBPF program, which is not used if the first one (added by systemd) returns "access denied". Next, commit 3b9582895b8685 fixed that by adding a call to os.Stat for "/sys/"+path (meaning, if "/dev/char/10:200" does not exist, we retry with "/sys/dev/char/10:200", and if it exists, proceed with adding a device rule with the original (non-"/sys") path). How that second fix ever worked was a mystery, because the path we gave to systemd still doesn't exist. Well, I think now I know. Since systemd v240 (commit 74c48bf5a8005f20) device access rules specified as /dev/{block|char}/MM:mm are no longer looked up on the filesystem, instead, if possible, those are parsed from the string. So, we need to do different things, depending on systemd version: - for systemd >= v240, use the /dev/{char,block}/MM:mm as is, without doing stat() -- since systemd doesn't do stat() either; - for older version, check if the path exists, and skip passing it on to systemd otherwise. - the check for /sys/dev/{block,char}/MM:mm is not needed in either case. Pass the systemd version to the function that generates the rules, and fix it accordingly. Signed-off-by: Kir Kolyshkin --- libcontainer/cgroups/devices/systemd.go | 32 ++++++++++--------------- libcontainer/cgroups/systemd/common.go | 6 ++--- libcontainer/cgroups/systemd/v1.go | 2 +- libcontainer/cgroups/systemd/v2.go | 2 +- 4 files changed, 18 insertions(+), 24 deletions(-) diff --git a/libcontainer/cgroups/devices/systemd.go b/libcontainer/cgroups/devices/systemd.go index eb5ecb064d1..b78d90eafb0 100644 --- a/libcontainer/cgroups/devices/systemd.go +++ b/libcontainer/cgroups/devices/systemd.go @@ -17,7 +17,7 @@ import ( // systemdProperties takes the configured device rules and generates a // corresponding set of systemd properties to configure the devices correctly. -func systemdProperties(r *configs.Resources) ([]systemdDbus.Property, error) { +func systemdProperties(r *configs.Resources, sdVer int) ([]systemdDbus.Property, error) { if r.SkipDevices { return nil, nil } @@ -78,9 +78,10 @@ func systemdProperties(r *configs.Resources) ([]systemdDbus.Property, error) { // trickery to convert things: // // * Concrete rules with non-wildcard major/minor numbers have to use - // /dev/{block,char} paths. This is slightly odd because it means - // that we cannot add whitelist rules for devices that don't exist, - // but there's not too much we can do about that. + // /dev/{block,char}/MAJOR:minor paths. Before v240, systemd uses + // stat(2) on such paths to look up device properties, meaning we + // cannot add whitelist rules for devices that don't exist. Since v240, + // device properties are parsed from the path string. // // However, path globbing is not support for path-based rules so we // need to handle wildcards in some other manner. @@ -128,21 +129,14 @@ func systemdProperties(r *configs.Resources) ([]systemdDbus.Property, error) { case devices.CharDevice: entry.Path = fmt.Sprintf("/dev/char/%d:%d", rule.Major, rule.Minor) } - // systemd will issue a warning if the path we give here doesn't exist. - // Since all of this logic is best-effort anyway (we manually set these - // rules separately to systemd) we can safely skip entries that don't - // have a corresponding path. - if _, err := os.Stat(entry.Path); err != nil { - // Also check /sys/dev so that we don't depend on /dev/{block,char} - // being populated. (/dev/{block,char} is populated by udev, which - // isn't strictly required for systemd). Ironically, this happens most - // easily when starting containerd within a runc created container - // itself. - - // We don't bother with securejoin here because we create entry.Path - // right above here, so we know it's safe. - if _, err := os.Stat("/sys" + entry.Path); err != nil { - logrus.Warnf("skipping device %s for systemd: %s", entry.Path, err) + if sdVer < 240 { + // Old systemd versions use stat(2) on path to find out device major:minor + // numbers and type. If the path doesn't exist, it will not add the rule, + // emitting a warning instead. + // Since all of this logic is best-effort anyway (we manually set these + // rules separately to systemd) we can safely skip entries that don't + // have a corresponding path. + if _, err := os.Stat(entry.Path); err != nil { continue } } diff --git a/libcontainer/cgroups/systemd/common.go b/libcontainer/cgroups/systemd/common.go index e6db845cb13..c577a22b03a 100644 --- a/libcontainer/cgroups/systemd/common.go +++ b/libcontainer/cgroups/systemd/common.go @@ -33,7 +33,7 @@ var ( isRunningSystemdOnce sync.Once isRunningSystemd bool - GenerateDeviceProps func(*configs.Resources) ([]systemdDbus.Property, error) + GenerateDeviceProps func(r *configs.Resources, sdVer int) ([]systemdDbus.Property, error) ) // NOTE: This function comes from package github.com/coreos/go-systemd/util @@ -342,7 +342,7 @@ func addCpuset(cm *dbusConnManager, props *[]systemdDbus.Property, cpus, mems st // generateDeviceProperties takes the configured device rules and generates a // corresponding set of systemd properties to configure the devices correctly. -func generateDeviceProperties(r *configs.Resources) ([]systemdDbus.Property, error) { +func generateDeviceProperties(r *configs.Resources, cm *dbusConnManager) ([]systemdDbus.Property, error) { if GenerateDeviceProps == nil { if len(r.Devices) > 0 { return nil, cgroups.ErrDevicesUnsupported @@ -350,5 +350,5 @@ func generateDeviceProperties(r *configs.Resources) ([]systemdDbus.Property, err return nil, nil } - return GenerateDeviceProps(r) + return GenerateDeviceProps(r, systemdVersion(cm)) } diff --git a/libcontainer/cgroups/systemd/v1.go b/libcontainer/cgroups/systemd/v1.go index a26b5f29c70..ffe87798782 100644 --- a/libcontainer/cgroups/systemd/v1.go +++ b/libcontainer/cgroups/systemd/v1.go @@ -75,7 +75,7 @@ var legacySubsystems = []subsystem{ func genV1ResourcesProperties(r *configs.Resources, cm *dbusConnManager) ([]systemdDbus.Property, error) { var properties []systemdDbus.Property - deviceProperties, err := generateDeviceProperties(r) + deviceProperties, err := generateDeviceProperties(r, cm) if err != nil { return nil, err } diff --git a/libcontainer/cgroups/systemd/v2.go b/libcontainer/cgroups/systemd/v2.go index c5576441c47..b28ec6b22f2 100644 --- a/libcontainer/cgroups/systemd/v2.go +++ b/libcontainer/cgroups/systemd/v2.go @@ -214,7 +214,7 @@ func genV2ResourcesProperties(dirPath string, r *configs.Resources, cm *dbusConn // aren't the end of the world, but it is a bit concerning. However // it's unclear if systemd removes all eBPF programs attached when // doing SetUnitProperties... - deviceProperties, err := generateDeviceProperties(r) + deviceProperties, err := generateDeviceProperties(r, cm) if err != nil { return nil, err } From 14d6c7dfcbf7bdb6b4c031e2b365a95701eaafad Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Tue, 25 Apr 2023 10:33:12 +0900 Subject: [PATCH 0225/1176] runc.keyring: add Akihiro Suda Signed-off-by: Akihiro Suda --- runc.keyring | 60 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) diff --git a/runc.keyring b/runc.keyring index d963d8aba26..84b4ca38a1e 100644 --- a/runc.keyring +++ b/runc.keyring @@ -159,3 +159,63 @@ S1NPMeS7+G/gPN9Ze9qFmOF2p57cmEa+8mriZCYY3BcUBOiMOV5HSBKJwqA2M8au =GkpD -----END PGP PUBLIC KEY BLOCK----- +pub rsa3072 2019-07-25 [SC] [expires: 2023-11-02] + C020EA876CE4E06C7AB95AEF49524C6F9F638F1A +uid [ultimate] Akihiro Suda +uid [ultimate] Akihiro Suda +sub rsa3072 2019-07-25 [E] [expires: 2023-11-02] + +-----BEGIN PGP PUBLIC KEY BLOCK----- +Comment: github=AkihiroSuda + +mQGNBF06GR8BDADEpCHv9HzGbqzQ2RAqTWBGHUNsiHD89NVmbXx4nw56odXf5mAK +QHxyh9tKkt0BIaKMLcxcU6+GXP5iSLdHnQvnxxbR0gW3CJ8bIWPUflE4hjv8QLbc +5CSpqa3d7/tsntVYNLPFs6B0acTXB4YLK+u2aC42US6by5zO4KS+8/7RyXhdkYGY +wy6dCU1ysnuG4QstxlObKJUtxcW/9vQkF/ZdqaqLf6HHL/kMasWUxWG1uvf+V/MO +BRKu7zBW290XDE5Dd9DomyX4q2kqoWQBkpvkJlVsKWpW+AXnBizbVD+pX90VEQmk +Tvnr6U9OiArS6m2yVwZlu836l2yo3tX2tsgTNn8gtZugO4Qb3iZnDUexqgCwnLBx +dsyq4W565jNRV/HWRUMR+LDIS1KiEalzDoID3aUXRHHLUQG0oqX8jqFJUqp1P9pO +9nezuUDg8SsaBg8O4tyv/CZq/FeF3RMMc2EHTiO8HTERqmRMxUFZv3bkgA4GnjnA +3wsZhLXQq+UaIJUAEQEAAbQsQWtpaGlybyBTdWRhIDxha2loaXJvLnN1ZGEuY3pA +aGNvLm50dC5jby5qcD6JAdQEEwEKAD4CGwMFCwkIBwIGFQoJCAsCBBYCAwECHgEC +F4AWIQTAIOqHbOTgbHq5Wu9JUkxvn2OPGgUCYYDT5gUJCAkhxwAKCRBJUkxvn2OP +GiHnC/wOqAvEcRmpKjqx4QUNkE34oGwiPgV5vyDlQElvBzyazQEcIdt9xaIE+4IS +7L7L6Q7WOGxWCvmRZ58E32m4RB1F8L7XQW0l3f6jESYLGPb6XDloux5poJzGxaGK +9gd6ItNmjOCmt08Icv0ZVTvKv20ej71aepllE5UaM9p5AlEwLkzQxPoGpB7E1Sdy +citRg6YEqTY+i5IeZ5xMthWXcushyLRRvm43DwbPsuZHVC1yMfo5VrF9JE65BdE9 +dIsCrZDnde/jUm4pAAwyAKSLLRVgj4xVP0XIdO2nVXDBWp9z4gUt/gMjuutO1a2U +Xw+XhkirUb2C++L0KvVBMbU303Q+xV/iaYjAuFjNy94HZms0iTBTB4qFHT4ClYHi +mNwTgfwRclpywkHzDi8496hsyzoVCeHSsu+ScDE1qAw6zrxASZXevYhhB2aBLr1s +d58WsYA37iXTEO4Hxm5V0Wh110hlCGFwcN8vWNhMCdIj7JN8nWZQNLZyppN7bCDu +FX8cE260I0FraWhpcm8gU3VkYSA8c3VkYS5reW90b0BnbWFpbC5jb20+iQHUBBMB +CgA+AhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAFiEEwCDqh2zk4Gx6uVrvSVJM +b59jjxoFAmGA0+YFCQgJIccACgkQSVJMb59jjxoMJwwAgZxXa8DPoUWeazt5TIVX +omVcsor2J75CqPKlOjvSVXSnCzkBM1kYN2RwVjNivuIEUWPDOohvUvJxllkm7dxd +g+XfLL3/luB4B+R06n78339K0pu4+n5eDIF0UiNbfuGocqFtVBXuC0uj7ZWPJnZe +tdbspisggJ8Q2Im7mQPQRQZ1Q1qBlogxpeeDzyGkrLRusryfd8LwPz7/8I59pkwG +hkNm0+JbaDJ1NtFElX+XvPaOxfCB3ut94CUjac0DdkQNDX+i2ruZNAsIjEuxQbuT +UAc1ouv+R126SBqVdkRLtRw+d0DmAR7PiL37C8KjQa6s+H46jzhLDQ0a3frZdo2w +c1Sony8C60w9q8wpGjJjjelTimsEW8aa7e17xMVgZrawAOAPDuGvbRMGl6fla9T2 +ZYTF6QDzoeqB4VgL441yJm0c2/c6L8gz8ehCNGyqxtfFX+8OO4W3+p4a/mKP8MLz +9l04g71QkuAi3bF7bbrsWmagMXJJJWTHbizDLaytI/6nuQGNBF06GR8BDACxpQ9c +y72+/WZGon+CToNj+a24PiduyExfFv26E0D77ACS6UAC5jz71mSuLbHiauQ3MHj+ +786z4m4St8+HjDL9YrAe19MobxWsLHAFvBJ8UHfZdkLzBkIKPHz7TUqlhvFR13b6 +ZAZVZk975hgCT3LpzA1miHBY2E5WDpVa3pe94xshVHL3iVf9Jv1a4hmM+eu0gxX4 +iEw7RLq9LssTyjeuRVN23X+ojD4Mp3jQnPA+cjLF718KpCsw5r+tGZ98/5GZevmH +Qf6sg0b/k6/vkVveopeeH28zb/nnVuhgGSxcbiZUrFC9EfhX4/6NNFRhE300AjeF +bP7SoXx3qRhr993BDSP32r44hy+kYLhZP5K5oXivcITJZuGcJh49P4QuYGrnODIL +gEhedWeePcJXFcEz09teizlWKGzd+EA3uwYd/bQelflwXkGuCLaoNv4qcH3oJDp1 +vYI0zT7hGvnz3thRLg3SOWFq5cBhnfNGXPLsoNZBzWGn2cm5MJYSKjIM470AEQEA +AYkBvAQYAQoAJgIbDBYhBMAg6ods5OBserla70lSTG+fY48aBQJhgNRTBQkICSI0 +AAoJEElSTG+fY48a3YML/3snhGBx/Xd0EcK0pzyvyivZwavlGsQPAF2c1Rj7Lr1i +eUrp6CZ/yW7/oAvlk6Ngc0SoWba/pgnz7bVQEc21JTY86M1bRLLh3fmYCx8YFbsR +43zVr2bxDledzKV3bIuWStWbljHECuNTT91907pc3r4jv+jN4ZaXVUQ9pXj0DrV+ +MTJVCo7nrEXiq6q1WqaUAV9dMQE3rWGFa2u45QCZGLckOu3cuSCU8CVxSScmxgII +bUBu17xDzQnDkdcEQzzkZtDOrwF76dPdlrW69PXtC9oElRJbGCERivqlrpKDagXI +h4eZYfcFb2gc0qZjblvfVHiot65WM9bUsSAUAEfskYqIGLshzV9MrxFYQYvgt3ym +Qs7D8ORJiphjaOvDeqVyGdPm/rN5SVMVGYpJX6EkZkHinV/kRChtuLAD7NQ3YH5O +5l+Ehze9Nm4laEXQC/tme9B1XH0PUBJk1x8NeoVrYCTnypVFfRw37mC9XBu5TF6U +ix7vx45U/EvZrqmkDrEFOQ== +=4+1P +-----END PGP PUBLIC KEY BLOCK----- + From 33b6ec2925feac9146d07e7c775443d08558e2d1 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 26 Apr 2023 15:13:59 -0700 Subject: [PATCH 0226/1176] ci/cirrus: use vagrant from hashicorp repo A version of vagrant available from the stock repos (2.2.19) is too old and contains a bug that prevents downloading Fedora 38 image (see [1]). Use packages from hashicorp repo, which currently has vagrant 2.3.4. This resolves the problem of downloading the latest Fedora image. Also, vagrant-libvirt plugin from Ubuntu repos is not working with vagrant from hashicorp, so switch to using "vagrant plugin install". The downside it, this takes extra 4 minutes or so in our CI, and I am not sure how to cache it or speed it up. [1] https://github.com/opencontainers/runc/pull/3835#issuecomment-1519321619 Signed-off-by: Kir Kolyshkin --- .cirrus.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.cirrus.yml b/.cirrus.yml index ec4be03abae..a1edca0e281 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -37,9 +37,15 @@ task: # ----- cat /proc/cpuinfo install_libvirt_vagrant_script: | + curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg + echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list + sudo sed -i 's/^# deb-src/deb-src/' /etc/apt/sources.list apt-get update - apt-get install -y libvirt-daemon libvirt-daemon-system vagrant vagrant-libvirt + apt-get install -y libvirt-daemon libvirt-daemon-system vagrant systemctl enable --now libvirtd + apt-get build-dep -y vagrant ruby-libvirt + apt-get install -y --no-install-recommends libxslt-dev libxml2-dev libvirt-dev ruby-bundler ruby-dev zlib1g-dev + vagrant plugin install vagrant-libvirt vagrant_cache: fingerprint_script: uname -s ; cat Vagrantfile.$DISTRO folder: /root/.vagrant.d From a19200096e287a72d43ed0e8a50a2ba4a9d6cc17 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 26 Apr 2023 15:46:31 -0700 Subject: [PATCH 0227/1176] Vagrantfile.fedora: bump to 38 Signed-off-by: Kir Kolyshkin --- Vagrantfile.fedora | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Vagrantfile.fedora b/Vagrantfile.fedora index d99ba38c7e5..4e9bd87c2ad 100644 --- a/Vagrantfile.fedora +++ b/Vagrantfile.fedora @@ -3,7 +3,7 @@ Vagrant.configure("2") do |config| # Fedora box is used for testing cgroup v2 support - config.vm.box = "fedora/37-cloud-base" + config.vm.box = "fedora/38-cloud-base" config.vm.provider :virtualbox do |v| v.memory = 2048 v.cpus = 2 From 13091eeefaea7dc5367f6ea70e8fcec6da492d8c Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 26 Apr 2023 15:48:03 -0700 Subject: [PATCH 0228/1176] ci: bump bats 1.8.2 -> 1.9.0 As Fedora 38 uses bats 1.9.0, let's switch to this version in other places. Signed-off-by: Kir Kolyshkin --- .cirrus.yml | 2 +- .github/workflows/test.yml | 2 +- Dockerfile | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.cirrus.yml b/.cirrus.yml index a1edca0e281..bf76a6b2379 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -77,7 +77,7 @@ task: HOME: /root CIRRUS_WORKING_DIR: /home/runc GO_VERSION: "1.19" - BATS_VERSION: "v1.8.2" + BATS_VERSION: "v1.9.0" RPMS: gcc git iptables jq glibc-static libseccomp-devel make criu fuse-sshfs # yamllint disable rule:key-duplicates matrix: diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 4bdf9526b08..d938bec4d20 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -76,7 +76,7 @@ jobs: - name: install bats uses: mig4/setup-bats@v1 with: - bats-version: 1.8.2 + bats-version: 1.9.0 - name: unit test if: matrix.rootless != 'rootless' diff --git a/Dockerfile b/Dockerfile index 9412e0a15da..8c4138b6dae 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ ARG GO_VERSION=1.20 -ARG BATS_VERSION=v1.8.2 +ARG BATS_VERSION=v1.9.0 ARG LIBSECCOMP_VERSION=2.5.4 FROM golang:${GO_VERSION}-bullseye From defb1cc718c3c7ebdc62345a54b7eafe2850cff0 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 27 Jan 2022 19:23:18 -0800 Subject: [PATCH 0229/1176] libct/cg/dev: optimize and test findDeviceGroup MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 1. Use strings.TrimPrefix instead of fmt.Sscanf and simplify the code. 2. Add a test case and a benchmark. The benchmark shows some improvement, compared to the old implementation: name old time/op new time/op delta FindDeviceGroup-4 39.7µs ± 2% 26.8µs ± 2% -32.63% (p=0.008 n=5+5) name old alloc/op new alloc/op delta FindDeviceGroup-4 6.08kB ± 0% 4.23kB ± 0% -30.39% (p=0.008 n=5+5) name old allocs/op new allocs/op delta FindDeviceGroup-4 117 ± 0% 6 ± 0% -94.87% (p=0.008 n=5+5) Signed-off-by: Kir Kolyshkin --- libcontainer/cgroups/devices/systemd.go | 20 ++++----------- libcontainer/cgroups/devices/systemd_test.go | 27 ++++++++++++++++++++ 2 files changed, 32 insertions(+), 15 deletions(-) diff --git a/libcontainer/cgroups/devices/systemd.go b/libcontainer/cgroups/devices/systemd.go index b78d90eafb0..70768f9dbbb 100644 --- a/libcontainer/cgroups/devices/systemd.go +++ b/libcontainer/cgroups/devices/systemd.go @@ -2,9 +2,9 @@ package devices import ( "bufio" - "errors" "fmt" "os" + "strconv" "strings" systemdDbus "github.com/coreos/go-systemd/v22/dbus" @@ -181,6 +181,7 @@ func findDeviceGroup(ruleType devices.Type, ruleMajor int64) (string, error) { if err != nil { return "", err } + ruleMajorStr := strconv.FormatInt(ruleMajor, 10) + " " scanner := bufio.NewScanner(fh) var currentType devices.Type @@ -205,20 +206,9 @@ func findDeviceGroup(ruleType devices.Type, ruleMajor int64) (string, error) { continue } - // Parse out the (major, name). - var ( - currMajor int64 - currName string - ) - if n, err := fmt.Sscanf(line, "%d %s", &currMajor, &currName); err != nil || n != 2 { - if err == nil { - err = errors.New("wrong number of fields") - } - return "", fmt.Errorf("scan /proc/devices line %q: %w", line, err) - } - - if currMajor == ruleMajor { - return prefix + currName, nil + group := strings.TrimPrefix(line, ruleMajorStr) + if len(group) < len(line) { // got it + return prefix + group, nil } } if err := scanner.Err(); err != nil { diff --git a/libcontainer/cgroups/devices/systemd_test.go b/libcontainer/cgroups/devices/systemd_test.go index 050fdd2d268..b6e81dcd827 100644 --- a/libcontainer/cgroups/devices/systemd_test.go +++ b/libcontainer/cgroups/devices/systemd_test.go @@ -2,6 +2,7 @@ package devices import ( "bytes" + "fmt" "os" "os/exec" "strings" @@ -240,6 +241,32 @@ func TestSkipDevicesFalse(t *testing.T) { }) } +func testFindDeviceGroup() error { + const ( + major = 136 + group = "char-pts" + ) + res, err := findDeviceGroup(devices.CharDevice, major) + if res != group || err != nil { + return fmt.Errorf("expected %v, nil, got %v, %w", group, res, err) + } + return nil +} + +func TestFindDeviceGroup(t *testing.T) { + if err := testFindDeviceGroup(); err != nil { + t.Fatal(err) + } +} + +func BenchmarkFindDeviceGroup(b *testing.B) { + for i := 0; i < b.N; i++ { + if err := testFindDeviceGroup(); err != nil { + b.Fatal(err) + } + } +} + func newManager(t *testing.T, config *configs.Cgroup) (m cgroups.Manager) { t.Helper() var err error From 5f6aafb30973dbe26a6039686f25f58b56d33be7 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 27 Apr 2023 11:59:09 -0700 Subject: [PATCH 0230/1176] libct: document process.LogLevel field This field used to hold a string representation of log level (like "debug" or "info"). Since commit 6c4a3b13d132aa4 this is now a string holding a numeric representation of log level (e.g. "4"). This was done in preparation to commit f1b703fc45dd6142, and simplifies things in a few places. Let's document it. Fixes: 6c4a3b13d132aa4 Signed-off-by: Kir Kolyshkin --- libcontainer/process.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libcontainer/process.go b/libcontainer/process.go index 8a5d340dacd..4de4a9e75c2 100644 --- a/libcontainer/process.go +++ b/libcontainer/process.go @@ -79,6 +79,9 @@ type Process struct { ops processOperations + // LogLevel is a string containing a numeric representation of the current + // log level (i.e. "4", but never "info"). It is passed on to runc init as + // _LIBCONTAINER_LOGLEVEL environment variable. LogLevel string // SubCgroupPaths specifies sub-cgroups to run the process in. From 20e38fb2b1201325e7cd275afbb5c7d17ccfde60 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Fri, 28 Apr 2023 16:26:19 +1000 Subject: [PATCH 0231/1176] init: do not print environment variable value When given an environment variable that is invalid, it's not a good idea to output the contents in case they are supposed to be private (though such a container wouldn't start anyway so it seems unlikely there's a real way to use this to exfiltrate environment variables you didn't already know). Reported-by: Carl Henrik Lunde Signed-off-by: Aleksa Sarai --- libcontainer/init_linux.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go index 41cc9e2197c..6a88f1b211c 100644 --- a/libcontainer/init_linux.go +++ b/libcontainer/init_linux.go @@ -116,17 +116,17 @@ func populateProcessEnvironment(env []string) error { for _, pair := range env { p := strings.SplitN(pair, "=", 2) if len(p) < 2 { - return fmt.Errorf("invalid environment variable: %q", pair) + return errors.New("invalid environment variable: missing '='") } name, val := p[0], p[1] if name == "" { - return fmt.Errorf("environment variable name can't be empty: %q", pair) + return errors.New("invalid environment variable: name cannot be empty") } if strings.IndexByte(name, 0) >= 0 { - return fmt.Errorf("environment variable name can't contain null(\\x00): %q", pair) + return fmt.Errorf("invalid environment variable %q: name contains nul byte (\\x00)", name) } if strings.IndexByte(val, 0) >= 0 { - return fmt.Errorf("environment variable value can't contain null(\\x00): %q", pair) + return fmt.Errorf("invalid environment variable %q: value contains nul byte (\\x00)", name) } if err := os.Setenv(name, val); err != nil { return err From 5a17746302851d0d5c434649d3c663942218b718 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 28 Apr 2023 12:43:08 -0700 Subject: [PATCH 0232/1176] deps: bump urfave/cli Signed-off-by: Kir Kolyshkin --- go.mod | 2 +- go.sum | 20 ++++----- vendor/github.com/urfave/cli/.gitignore | 5 +++ vendor/github.com/urfave/cli/LICENSE | 2 +- vendor/github.com/urfave/cli/README.md | 49 +++++------------------ vendor/github.com/urfave/cli/app.go | 8 ++-- vendor/github.com/urfave/cli/appveyor.yml | 28 ------------- vendor/github.com/urfave/cli/command.go | 8 ++-- vendor/modules.txt | 2 +- 9 files changed, 38 insertions(+), 86 deletions(-) delete mode 100644 vendor/github.com/urfave/cli/appveyor.yml diff --git a/go.mod b/go.mod index 4b3dd391308..4cfd54f7c41 100644 --- a/go.mod +++ b/go.mod @@ -17,7 +17,7 @@ require ( github.com/seccomp/libseccomp-golang v0.10.0 github.com/sirupsen/logrus v1.9.0 github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 - github.com/urfave/cli v1.22.9 + github.com/urfave/cli v1.22.12 github.com/vishvananda/netlink v1.1.0 golang.org/x/net v0.9.0 golang.org/x/sys v0.7.0 diff --git a/go.sum b/go.sum index 273bf447e5f..e635e6a82c6 100644 --- a/go.sum +++ b/go.sum @@ -1,4 +1,4 @@ -github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= +github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/checkpoint-restore/go-criu/v6 v6.3.0 h1:mIdrSO2cPNWQY1truPg6uHLXyKHk3Z5Odx4wjKOASzA= github.com/checkpoint-restore/go-criu/v6 v6.3.0/go.mod h1:rrRTN/uSwY2X+BPRl/gkulo9gsKOSAeVp9/K2tv7xZI= github.com/cilium/ebpf v0.10.0 h1:nk5HPMeoBXtOzbkZBWym+ZWq1GIiHUsBFXxwewXAHLQ= @@ -7,7 +7,6 @@ github.com/containerd/console v1.0.3 h1:lIr7SlA5PxZyMV30bDW0MGbiOPXwc63yRuCP0ARu github.com/containerd/console v1.0.3/go.mod h1:7LqA/THxQ86k76b8c/EMSiaJ3h1eZkMkXar0TQ1gf3U= github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs= github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= -github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w= github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/cyphar/filepath-securejoin v0.2.3 h1:YX6ebbZCZP7VkM3scTTokDgBL2TY741X51MTk3ycuNI= @@ -38,23 +37,26 @@ github.com/opencontainers/selinux v1.11.0/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M5 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8= -github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/seccomp/libseccomp-golang v0.10.0 h1:aA4bp+/Zzi0BnWZ2F1wgNBs5gTpm+na2rWM6M9YjLpY= github.com/seccomp/libseccomp-golang v0.10.0/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg= -github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0= github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/spf13/cobra v1.5.0/go.mod h1:dWXEIy2H428czQCjInthrTRUg7yKbok+2Qi/yBIJoUM= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY= +github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= +github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= +github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk= +github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 h1:kdXcSzyDtseVEc4yCz2qF8ZrQvIDBJLl4S1c3GCXmoI= github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= -github.com/urfave/cli v1.22.9 h1:cv3/KhXGBGjEXLC4bH0sLuJ9BewaAbpk5oyMOveu4pw= -github.com/urfave/cli v1.22.9/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= +github.com/urfave/cli v1.22.12 h1:igJgVw1JdKH+trcLWLeLwZjU9fEfPesQ+9/e4MQ44S8= +github.com/urfave/cli v1.22.12/go.mod h1:sSBEIC79qR6OvcmsD4U3KABeOTxDqQtdDnaFuUN30b8= github.com/vishvananda/netlink v1.1.0 h1:1iyaYNBLmP6L0220aDnYQpo1QEV4t4hJ+xEEhhJH8j0= github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE= github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df h1:OviZH7qLw/7ZovXvuNyL3XQl8UFofeikI1NW1Gypu7k= @@ -73,7 +75,7 @@ google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqw google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng= google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= -gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/vendor/github.com/urfave/cli/.gitignore b/vendor/github.com/urfave/cli/.gitignore index 8ae196feed2..9d1812002b4 100644 --- a/vendor/github.com/urfave/cli/.gitignore +++ b/vendor/github.com/urfave/cli/.gitignore @@ -3,3 +3,8 @@ coverage.txt node_modules/ vendor .idea +/.local/ +/internal/ +/site/ +package.json +package-lock.json diff --git a/vendor/github.com/urfave/cli/LICENSE b/vendor/github.com/urfave/cli/LICENSE index 42a597e29bb..99d8559da84 100644 --- a/vendor/github.com/urfave/cli/LICENSE +++ b/vendor/github.com/urfave/cli/LICENSE @@ -1,6 +1,6 @@ MIT License -Copyright (c) 2016 Jeremy Saenz & Contributors +Copyright (c) 2023 Jeremy Saenz & Contributors Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/vendor/github.com/urfave/cli/README.md b/vendor/github.com/urfave/cli/README.md index 9c2cf851a32..c7dd62bc674 100644 --- a/vendor/github.com/urfave/cli/README.md +++ b/vendor/github.com/urfave/cli/README.md @@ -1,13 +1,10 @@ cli === -[![Build Status](https://travis-ci.org/urfave/cli.svg?branch=master)](https://travis-ci.org/urfave/cli) -[![Windows Build Status](https://ci.appveyor.com/api/projects/status/rtgk5xufi932pb2v?svg=true)](https://ci.appveyor.com/project/urfave/cli) - -[![GoDoc](https://godoc.org/github.com/urfave/cli?status.svg)](https://godoc.org/github.com/urfave/cli) -[![codebeat](https://codebeat.co/badges/0a8f30aa-f975-404b-b878-5fab3ae1cc5f)](https://codebeat.co/projects/github-com-urfave-cli) +[![Run Tests](https://github.com/urfave/cli/actions/workflows/cli.yml/badge.svg?branch=v1-maint)](https://github.com/urfave/cli/actions/workflows/cli.yml) +[![Go Reference](https://pkg.go.dev/badge/github.com/urfave/cli/.svg)](https://pkg.go.dev/github.com/urfave/cli/) [![Go Report Card](https://goreportcard.com/badge/urfave/cli)](https://goreportcard.com/report/urfave/cli) -[![codecov](https://codecov.io/gh/urfave/cli/branch/master/graph/badge.svg)](https://codecov.io/gh/urfave/cli) +[![codecov](https://codecov.io/gh/urfave/cli/branch/v1-maint/graph/badge.svg)](https://codecov.io/gh/urfave/cli) cli is a simple, fast, and fun package for building command line apps in Go. The goal is to enable developers to write fast and distributable command line @@ -15,29 +12,19 @@ applications in an expressive way. ## Usage Documentation -Usage documentation exists for each major version - -- `v1` - [./docs/v1/manual.md](./docs/v1/manual.md) -- `v2` - đŸ§ documentation for `v2` is WIP đŸ§ +Usage documentation for `v1` is available [at the docs +site](https://cli.urfave.org/v1/getting-started/) or in-tree at +[./docs/v1/manual.md](./docs/v1/manual.md) ## Installation -Make sure you have a working Go environment. Go version 1.10+ is supported. [See -the install instructions for Go](http://golang.org/doc/install.html). - -### GOPATH - -Make sure your `PATH` includes the `$GOPATH/bin` directory so your commands can -be easily used: -``` -export PATH=$PATH:$GOPATH/bin -``` +Make sure you have a working Go environment. Go version 1.18+ is supported. ### Supported platforms -cli is tested against multiple versions of Go on Linux, and against the latest -released version of Go on OS X and Windows. For full details, see -[`./.travis.yml`](./.travis.yml) and [`./appveyor.yml`](./appveyor.yml). +cli is tested against multiple versions of Go on Linux, and against the latest released +version of Go on OS X and Windows. For full details, see +[./.github/workflows/cli.yml](./.github/workflows/cli.yml). ### Build tags @@ -62,19 +49,3 @@ import ( ) ... ``` - -### Using `v2` releases - -**Warning**: `v2` is in a pre-release state. - -``` -$ go get github.com/urfave/cli.v2 -``` - -```go -... -import ( - "github.com/urfave/cli.v2" // imports as package "cli" -) -... -``` diff --git a/vendor/github.com/urfave/cli/app.go b/vendor/github.com/urfave/cli/app.go index 382f238f495..df5a9a91be3 100644 --- a/vendor/github.com/urfave/cli/app.go +++ b/vendor/github.com/urfave/cli/app.go @@ -248,7 +248,7 @@ func (a *App) Run(arguments []string) (err error) { return cerr } - if a.After != nil { + if a.After != nil && !context.shellComplete { defer func() { if afterErr := a.After(context); afterErr != nil { if err != nil { @@ -260,7 +260,7 @@ func (a *App) Run(arguments []string) (err error) { }() } - if a.Before != nil { + if a.Before != nil && !context.shellComplete { beforeErr := a.Before(context) if beforeErr != nil { a.handleExitCoder(context, beforeErr) @@ -374,7 +374,7 @@ func (a *App) RunAsSubcommand(ctx *Context) (err error) { return cerr } - if a.After != nil { + if a.After != nil && !context.shellComplete { defer func() { afterErr := a.After(context) if afterErr != nil { @@ -388,7 +388,7 @@ func (a *App) RunAsSubcommand(ctx *Context) (err error) { }() } - if a.Before != nil { + if a.Before != nil && !context.shellComplete { beforeErr := a.Before(context) if beforeErr != nil { a.handleExitCoder(context, beforeErr) diff --git a/vendor/github.com/urfave/cli/appveyor.yml b/vendor/github.com/urfave/cli/appveyor.yml deleted file mode 100644 index 8ef2fea1a61..00000000000 --- a/vendor/github.com/urfave/cli/appveyor.yml +++ /dev/null @@ -1,28 +0,0 @@ -version: "{build}" - -os: Windows Server 2016 - -image: Visual Studio 2017 - -clone_folder: c:\gopath\src\github.com\urfave\cli - -cache: - - node_modules - -environment: - GOPATH: C:\gopath - GOVERSION: 1.11.x - GO111MODULE: on - GOPROXY: https://proxy.golang.org - -install: - - set PATH=%GOPATH%\bin;C:\go\bin;%PATH% - - go version - - go env - - go get github.com/urfave/gfmrun/cmd/gfmrun - - go mod vendor - -build_script: - - go run build.go vet - - go run build.go test - - go run build.go gfmrun docs/v1/manual.md diff --git a/vendor/github.com/urfave/cli/command.go b/vendor/github.com/urfave/cli/command.go index 09fda1642fe..6c2f9cad526 100644 --- a/vendor/github.com/urfave/cli/command.go +++ b/vendor/github.com/urfave/cli/command.go @@ -98,8 +98,10 @@ type Commands []Command // Run invokes the command given the context, parses ctx.Args() to generate command-specific flags func (c Command) Run(ctx *Context) (err error) { - if len(c.Subcommands) > 0 { - return c.startApp(ctx) + if !c.SkipFlagParsing { + if len(c.Subcommands) > 0 { + return c.startApp(ctx) + } } if !c.HideHelp && (HelpFlag != BoolFlag{}) { @@ -261,7 +263,7 @@ func reorderArgs(commandFlags []Flag, args []string) []string { // argIsFlag checks if an arg is one of our command flags func argIsFlag(commandFlags []Flag, arg string) bool { - if arg == "-" || arg == "--"{ + if arg == "-" || arg == "--" { // `-` is never a flag // `--` is an option-value when following a flag, and a delimiter indicating the end of options in other cases. return false diff --git a/vendor/modules.txt b/vendor/modules.txt index b701072b5c8..5fd949c16b6 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -57,7 +57,7 @@ github.com/sirupsen/logrus/hooks/test # github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 ## explicit github.com/syndtr/gocapability/capability -# github.com/urfave/cli v1.22.9 +# github.com/urfave/cli v1.22.12 ## explicit; go 1.11 github.com/urfave/cli # github.com/vishvananda/netlink v1.1.0 From 976748e8d677aae35a1cc4ebed967ef8b9ed5a6d Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 15 Jun 2022 19:54:06 -0700 Subject: [PATCH 0233/1176] libct: add mountViaFDs, simplify mount 1. Simplify mount call by removing the procfd argument, and use the new mount() where procfd is not used. Now, the mount() arguments are the same as for unix.Mount. 2. Introduce a new mountViaFDs function, which is similar to the old mount(), except it can take procfd for both source and target. The new arguments are called srcFD and dstFD. 3. Modify the mount error to show both srcFD and dstFD so it's clear which one is used for which purpose. This fixes the issue of having a somewhat cryptic errors like this: > mount /proc/self/fd/11:/sys/fs/cgroup/systemd (via /proc/self/fd/12), flags: 0x20502f: operation not permitted (in which fd 11 is actually the source, and fd 12 is the target). After this change, it looks like > mount src=/proc/self/fd/11, dst=/sys/fs/cgroup/systemd, dstFD=/proc/self/fd/12, flags=0x20502f: operation not permitted so it's clear that 12 is a destination fd. 4. Fix the mountViaFDs callers to use dstFD (rather than procfd) for the variable name. 5. Use srcFD where mountFd is set. Signed-off-by: Kir Kolyshkin --- libcontainer/console_linux.go | 2 +- libcontainer/container_linux.go | 6 +-- libcontainer/mount_linux.go | 50 ++++++++++++++------ libcontainer/rootfs_linux.go | 84 ++++++++++++++++----------------- 4 files changed, 81 insertions(+), 61 deletions(-) diff --git a/libcontainer/console_linux.go b/libcontainer/console_linux.go index 29b9c3b0897..d2b9cf59438 100644 --- a/libcontainer/console_linux.go +++ b/libcontainer/console_linux.go @@ -18,7 +18,7 @@ func mountConsole(slavePath string) error { if f != nil { f.Close() } - return mount(slavePath, "/dev/console", "", "bind", unix.MS_BIND, "") + return mount(slavePath, "/dev/console", "bind", unix.MS_BIND, "") } // dupStdio opens the slavePath for the console and dups the fds to the current diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index 67232dfa11f..7ba49a116b4 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -1357,8 +1357,8 @@ func (c *Container) prepareCriuRestoreMounts(mounts []*configs.Mount) error { // because during initial container creation mounts are // set up in the order they are configured. if m.Device == "bind" { - if err := utils.WithProcfd(c.config.Rootfs, m.Destination, func(procfd string) error { - if err := mount(m.Source, m.Destination, procfd, "", unix.MS_BIND|unix.MS_REC, ""); err != nil { + if err := utils.WithProcfd(c.config.Rootfs, m.Destination, func(dstFD string) error { + if err := mountViaFDs(m.Source, "", m.Destination, dstFD, "", unix.MS_BIND|unix.MS_REC, ""); err != nil { return err } return nil @@ -1411,7 +1411,7 @@ func (c *Container) Restore(process *Process, criuOpts *CriuOpts) error { if err != nil { return err } - err = mount(c.config.Rootfs, root, "", "", unix.MS_BIND|unix.MS_REC, "") + err = mount(c.config.Rootfs, root, "", unix.MS_BIND|unix.MS_REC, "") if err != nil { return err } diff --git a/libcontainer/mount_linux.go b/libcontainer/mount_linux.go index 5f49de964ff..751262f3153 100644 --- a/libcontainer/mount_linux.go +++ b/libcontainer/mount_linux.go @@ -10,8 +10,9 @@ import ( type mountError struct { op string source string + srcFD string target string - procfd string + dstFD string flags uintptr data string err error @@ -22,19 +23,21 @@ func (e *mountError) Error() string { out := e.op + " " if e.source != "" { - out += e.source + ":" + e.target - } else { - out += e.target + out += "src=" + e.source + ", " + if e.srcFD != "" { + out += "srcFD=" + e.srcFD + ", " + } } - if e.procfd != "" { - out += " (via " + e.procfd + ")" + out += "dst=" + e.target + if e.dstFD != "" { + out += ", dstFD=" + e.dstFD } if e.flags != uintptr(0) { - out += ", flags: 0x" + strconv.FormatUint(uint64(e.flags), 16) + out += ", flags=0x" + strconv.FormatUint(uint64(e.flags), 16) } if e.data != "" { - out += ", data: " + e.data + out += ", data=" + e.data } out += ": " + e.err.Error() @@ -47,19 +50,36 @@ func (e *mountError) Unwrap() error { return e.err } -// mount is a simple unix.Mount wrapper. If procfd is not empty, it is used -// instead of target (and the target is only used to add context to an error). -func mount(source, target, procfd, fstype string, flags uintptr, data string) error { +// mount is a simple unix.Mount wrapper, returning an error with more context +// in case it failed. +func mount(source, target, fstype string, flags uintptr, data string) error { + return mountViaFDs(source, "", target, "", fstype, flags, data) +} + +// mountViaFDs is a unix.Mount wrapper which uses srcFD instead of source, +// and dstFD instead of target, unless those are empty. The *FD arguments, +// if non-empty, are expected to be in the form of a path to an opened file +// descriptor on procfs (i.e. "/proc/self/fd/NN"). +// +// If case an FD is used instead of a source or a target path, the +// corresponding path is only used to add context to an error in case +// the mount operation has failed. +func mountViaFDs(source, srcFD, target, dstFD, fstype string, flags uintptr, data string) error { + src := source + if srcFD != "" { + src = srcFD + } dst := target - if procfd != "" { - dst = procfd + if dstFD != "" { + dst = dstFD } - if err := unix.Mount(source, dst, fstype, flags, data); err != nil { + if err := unix.Mount(src, dst, fstype, flags, data); err != nil { return &mountError{ op: "mount", source: source, + srcFD: srcFD, target: target, - procfd: procfd, + dstFD: dstFD, flags: flags, data: data, err: err, diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index 582029288c6..4104eaaea01 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -187,10 +187,10 @@ func prepareTmp(topTmpDir string) (string, error) { if err != nil { return "", err } - if err := mount(tmpdir, tmpdir, "", "bind", unix.MS_BIND, ""); err != nil { + if err := mount(tmpdir, tmpdir, "bind", unix.MS_BIND, ""); err != nil { return "", err } - if err := mount("", tmpdir, "", "", uintptr(unix.MS_PRIVATE), ""); err != nil { + if err := mount("", tmpdir, "", uintptr(unix.MS_PRIVATE), ""); err != nil { return "", err } return tmpdir, nil @@ -262,7 +262,7 @@ func mountCgroupV1(m *configs.Mount, c *mountConfig) error { if err := os.MkdirAll(subsystemPath, 0o755); err != nil { return err } - if err := utils.WithProcfd(c.root, b.Destination, func(procfd string) error { + if err := utils.WithProcfd(c.root, b.Destination, func(dstFD string) error { flags := defaultMountFlags if m.Flags&unix.MS_RDONLY != 0 { flags = flags | unix.MS_RDONLY @@ -275,7 +275,7 @@ func mountCgroupV1(m *configs.Mount, c *mountConfig) error { data = cgroups.CgroupNamePrefix + data source = "systemd" } - return mount(source, b.Destination, procfd, "cgroup", uintptr(flags), data) + return mountViaFDs(source, "", b.Destination, dstFD, "cgroup", uintptr(flags), data) }); err != nil { return err } @@ -306,8 +306,8 @@ func mountCgroupV2(m *configs.Mount, c *mountConfig) error { if err := os.MkdirAll(dest, 0o755); err != nil { return err } - err = utils.WithProcfd(c.root, m.Destination, func(procfd string) error { - return mount(m.Source, m.Destination, procfd, "cgroup2", uintptr(m.Flags), m.Data) + err = utils.WithProcfd(c.root, m.Destination, func(dstFD string) error { + return mountViaFDs(m.Source, "", m.Destination, dstFD, "cgroup2", uintptr(m.Flags), m.Data) }) if err == nil || !(errors.Is(err, unix.EPERM) || errors.Is(err, unix.EBUSY)) { return err @@ -373,15 +373,15 @@ func doTmpfsCopyUp(m *configs.Mount, rootfs, mountLabel string) (Err error) { } }() - return utils.WithProcfd(rootfs, m.Destination, func(procfd string) (Err error) { + return utils.WithProcfd(rootfs, m.Destination, func(dstFD string) (Err error) { // Copy the container data to the host tmpdir. We append "/" to force // CopyDirectory to resolve the symlink rather than trying to copy the // symlink itself. - if err := fileutils.CopyDirectory(procfd+"/", tmpDir); err != nil { - return fmt.Errorf("tmpcopyup: failed to copy %s to %s (%s): %w", m.Destination, procfd, tmpDir, err) + if err := fileutils.CopyDirectory(dstFD+"/", tmpDir); err != nil { + return fmt.Errorf("tmpcopyup: failed to copy %s to %s (%s): %w", m.Destination, dstFD, tmpDir, err) } // Now move the mount into the container. - if err := mount(tmpDir, m.Destination, procfd, "", unix.MS_MOVE, ""); err != nil { + if err := mountViaFDs(tmpDir, "", m.Destination, dstFD, "", unix.MS_MOVE, ""); err != nil { return fmt.Errorf("tmpcopyup: failed to move mount: %w", err) } return nil @@ -688,8 +688,8 @@ func bindMountDeviceNode(rootfs, dest string, node *devices.Device) error { if f != nil { _ = f.Close() } - return utils.WithProcfd(rootfs, dest, func(procfd string) error { - return mount(node.Path, dest, procfd, "bind", unix.MS_BIND, "") + return utils.WithProcfd(rootfs, dest, func(dstFD string) error { + return mountViaFDs(node.Path, "", dest, dstFD, "bind", unix.MS_BIND, "") }) } @@ -786,7 +786,7 @@ func rootfsParentMountPrivate(rootfs string) error { // shared. Secondly when we bind mount rootfs it will propagate to // parent namespace and we don't want that to happen. if sharedMount { - return mount("", parentMount, "", "", unix.MS_PRIVATE, "") + return mount("", parentMount, "", unix.MS_PRIVATE, "") } return nil @@ -797,7 +797,7 @@ func prepareRoot(config *configs.Config) error { if config.RootPropagation != 0 { flag = config.RootPropagation } - if err := mount("", "/", "", "", uintptr(flag), ""); err != nil { + if err := mount("", "/", "", uintptr(flag), ""); err != nil { return err } @@ -808,13 +808,13 @@ func prepareRoot(config *configs.Config) error { return err } - return mount(config.Rootfs, config.Rootfs, "", "bind", unix.MS_BIND|unix.MS_REC, "") + return mount(config.Rootfs, config.Rootfs, "bind", unix.MS_BIND|unix.MS_REC, "") } func setReadonly() error { flags := uintptr(unix.MS_BIND | unix.MS_REMOUNT | unix.MS_RDONLY) - err := mount("", "/", "", "", flags, "") + err := mount("", "/", "", flags, "") if err == nil { return nil } @@ -823,7 +823,7 @@ func setReadonly() error { return &os.PathError{Op: "statfs", Path: "/", Err: err} } flags |= uintptr(s.Flags) - return mount("", "/", "", "", flags, "") + return mount("", "/", "", flags, "") } func setupPtmx(config *configs.Config) error { @@ -881,7 +881,7 @@ func pivotRoot(rootfs string) error { // known to cause issues due to races where we still have a reference to a // mount while a process in the host namespace are trying to operate on // something they think has no mounts (devicemapper in particular). - if err := mount("", ".", "", "", unix.MS_SLAVE|unix.MS_REC, ""); err != nil { + if err := mount("", ".", "", unix.MS_SLAVE|unix.MS_REC, ""); err != nil { return err } // Perform the unmount. MNT_DETACH allows us to unmount /proc/self/cwd. @@ -930,7 +930,7 @@ func msMoveRoot(rootfs string) error { for _, info := range mountinfos { p := info.Mountpoint // Be sure umount events are not propagated to the host. - if err := mount("", p, "", "", unix.MS_SLAVE|unix.MS_REC, ""); err != nil { + if err := mount("", p, "", unix.MS_SLAVE|unix.MS_REC, ""); err != nil { if errors.Is(err, unix.ENOENT) { // If the mountpoint doesn't exist that means that we've // already blasted away some parent directory of the mountpoint @@ -945,7 +945,7 @@ func msMoveRoot(rootfs string) error { } else { // If we have not privileges for umounting (e.g. rootless), then // cover the path. - if err := mount("tmpfs", p, "", "tmpfs", 0, ""); err != nil { + if err := mount("tmpfs", p, "tmpfs", 0, ""); err != nil { return err } } @@ -953,7 +953,7 @@ func msMoveRoot(rootfs string) error { } // Move the rootfs on top of "/" in our mount namespace. - if err := mount(rootfs, "/", "", "", unix.MS_MOVE, ""); err != nil { + if err := mount(rootfs, "/", "", unix.MS_MOVE, ""); err != nil { return err } return chroot() @@ -991,7 +991,7 @@ func createIfNotExists(path string, isDir bool) error { // readonlyPath will make a path read only. func readonlyPath(path string) error { - if err := mount(path, path, "", "", unix.MS_BIND|unix.MS_REC, ""); err != nil { + if err := mount(path, path, "", unix.MS_BIND|unix.MS_REC, ""); err != nil { if errors.Is(err, os.ErrNotExist) { return nil } @@ -1004,7 +1004,7 @@ func readonlyPath(path string) error { } flags := uintptr(s.Flags) & (unix.MS_NOSUID | unix.MS_NODEV | unix.MS_NOEXEC) - if err := mount(path, path, "", "", flags|unix.MS_BIND|unix.MS_REMOUNT|unix.MS_RDONLY, ""); err != nil { + if err := mount(path, path, "", flags|unix.MS_BIND|unix.MS_REMOUNT|unix.MS_RDONLY, ""); err != nil { return err } @@ -1025,7 +1025,7 @@ func remountReadonly(m *configs.Mount) error { // nosuid, etc.). So, let's use that case so that we can do // this re-mount without failing in a userns. flags |= unix.MS_REMOUNT | unix.MS_BIND | unix.MS_RDONLY - if err := mount("", dest, "", "", uintptr(flags), ""); err != nil { + if err := mount("", dest, "", uintptr(flags), ""); err != nil { if errors.Is(err, unix.EBUSY) { time.Sleep(100 * time.Millisecond) continue @@ -1043,9 +1043,9 @@ func remountReadonly(m *configs.Mount) error { // For files, maskPath bind mounts /dev/null over the top of the specified path. // For directories, maskPath mounts read-only tmpfs over the top of the specified path. func maskPath(path string, mountLabel string) error { - if err := mount("/dev/null", path, "", "", unix.MS_BIND, ""); err != nil && !errors.Is(err, os.ErrNotExist) { + if err := mount("/dev/null", path, "", unix.MS_BIND, ""); err != nil && !errors.Is(err, os.ErrNotExist) { if errors.Is(err, unix.ENOTDIR) { - return mount("tmpfs", path, "", "tmpfs", unix.MS_RDONLY, label.FormatMountLabel("", mountLabel)) + return mount("tmpfs", path, "tmpfs", unix.MS_RDONLY, label.FormatMountLabel("", mountLabel)) } return err } @@ -1060,28 +1060,28 @@ func writeSystemProperty(key, value string) error { } func remount(m *configs.Mount, rootfs string, mountFd *int) error { - source := m.Source + srcFD := "" if mountFd != nil { - source = "/proc/self/fd/" + strconv.Itoa(*mountFd) + srcFD = "/proc/self/fd/" + strconv.Itoa(*mountFd) } - return utils.WithProcfd(rootfs, m.Destination, func(procfd string) error { + return utils.WithProcfd(rootfs, m.Destination, func(dstFD string) error { flags := uintptr(m.Flags | unix.MS_REMOUNT) - err := mount(source, m.Destination, procfd, m.Device, flags, "") + err := mountViaFDs(m.Source, srcFD, m.Destination, dstFD, m.Device, flags, "") if err == nil { return nil } // Check if the source has ro flag... var s unix.Statfs_t - if err := unix.Statfs(source, &s); err != nil { - return &os.PathError{Op: "statfs", Path: source, Err: err} + if err := unix.Statfs(m.Source, &s); err != nil { + return &os.PathError{Op: "statfs", Path: m.Source, Err: err} } if s.Flags&unix.MS_RDONLY != unix.MS_RDONLY { return err } // ... and retry the mount with ro flag set. flags |= unix.MS_RDONLY - return mount(source, m.Destination, procfd, m.Device, flags, "") + return mountViaFDs(m.Source, srcFD, m.Destination, dstFD, m.Device, flags, "") }) } @@ -1100,26 +1100,26 @@ func mountPropagate(m *configs.Mount, rootfs string, mountLabel string, mountFd flags &= ^unix.MS_RDONLY } + srcFD := "" + if mountFd != nil { + srcFD = "/proc/self/fd/" + strconv.Itoa(*mountFd) + } + // Because the destination is inside a container path which might be // mutating underneath us, we verify that we are actually going to mount // inside the container with WithProcfd() -- mounting through a procfd // mounts on the target. - source := m.Source - if mountFd != nil { - source = "/proc/self/fd/" + strconv.Itoa(*mountFd) - } - - if err := utils.WithProcfd(rootfs, m.Destination, func(procfd string) error { - return mount(source, m.Destination, procfd, m.Device, uintptr(flags), data) + if err := utils.WithProcfd(rootfs, m.Destination, func(dstFD string) error { + return mountViaFDs(m.Source, srcFD, m.Destination, dstFD, m.Device, uintptr(flags), data) }); err != nil { return err } // We have to apply mount propagation flags in a separate WithProcfd() call // because the previous call invalidates the passed procfd -- the mount // target needs to be re-opened. - if err := utils.WithProcfd(rootfs, m.Destination, func(procfd string) error { + if err := utils.WithProcfd(rootfs, m.Destination, func(dstFD string) error { for _, pflag := range m.PropagationFlags { - if err := mount("", m.Destination, procfd, "", uintptr(pflag), ""); err != nil { + if err := mountViaFDs("", "", m.Destination, dstFD, "", uintptr(pflag), ""); err != nil { return err } } From a60933bb245657e3e1f3bc30f78a70329a78243c Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 16 Jun 2022 21:09:11 -0700 Subject: [PATCH 0234/1176] libct/rootfs: introduce and use mountEntry Adding fd field to mountConfig was not a good thing since mountConfig contains data that is not specific to a particular mount, while fd is a mount entry attribute. Introduce mountEntry structure, which embeds configs.Mount and adds srcFd to replace the removed mountConfig.fd. Signed-off-by: Kir Kolyshkin --- libcontainer/container_linux.go | 5 +- libcontainer/rootfs_linux.go | 92 ++++++++++++++++----------------- 2 files changed, 47 insertions(+), 50 deletions(-) diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index 7ba49a116b4..3c0857d0604 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -1277,9 +1277,8 @@ func (c *Container) makeCriuRestoreMountpoints(m *configs.Mount) error { case "bind": // The prepareBindMount() function checks if source // exists. So it cannot be used for other filesystem types. - // TODO: pass something else than nil? Not sure if criu is - // impacted by issue #2484 - if err := prepareBindMount(m, c.config.Rootfs, nil); err != nil { + // TODO: pass srcFD? Not sure if criu is impacted by issue #2484. + if err := prepareBindMount(mountEntry{Mount: m}, c.config.Rootfs); err != nil { return err } default: diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index 4104eaaea01..4c9e90f047f 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -28,13 +28,26 @@ import ( const defaultMountFlags = unix.MS_NOEXEC | unix.MS_NOSUID | unix.MS_NODEV +// mountConfig contains mount data not specific to a mount point. type mountConfig struct { root string label string cgroup2Path string rootlessCgroups bool cgroupns bool - fd *int +} + +// mountEntry contains mount data specific to a mount point. +type mountEntry struct { + *configs.Mount + srcFD string +} + +func (m *mountEntry) src() string { + if m.srcFD != "" { + return m.srcFD + } + return m.Source } // needsSetupDev returns true if /dev needs to be set up. @@ -67,21 +80,20 @@ func prepareRootfs(pipe io.ReadWriter, iConfig *initConfig, mountFds []int) (err rootlessCgroups: iConfig.RootlessCgroups, cgroupns: config.Namespaces.Contains(configs.NEWCGROUP), } - setupDev := needsSetupDev(config) for i, m := range config.Mounts { + entry := mountEntry{Mount: m} // Just before the loop we checked that if not empty, len(mountFds) == len(config.Mounts). // Therefore, we can access mountFds[i] without any concerns. if mountFds != nil && mountFds[i] != -1 { - mountConfig.fd = &mountFds[i] - } else { - mountConfig.fd = nil + entry.srcFD = "/proc/self/fd/" + strconv.Itoa(mountFds[i]) } - if err := mountToRootfs(m, mountConfig); err != nil { + if err := mountToRootfs(mountConfig, entry); err != nil { return fmt.Errorf("error mounting %q to rootfs at %q: %w", m.Source, m.Destination, err) } } + setupDev := needsSetupDev(config) if setupDev { if err := createDevices(config); err != nil { return fmt.Errorf("error creating device nodes: %w", err) @@ -201,12 +213,8 @@ func cleanupTmp(tmpdir string) { _ = os.RemoveAll(tmpdir) } -func prepareBindMount(m *configs.Mount, rootfs string, mountFd *int) error { - source := m.Source - if mountFd != nil { - source = "/proc/self/fd/" + strconv.Itoa(*mountFd) - } - +func prepareBindMount(m mountEntry, rootfs string) error { + source := m.src() stat, err := os.Stat(source) if err != nil { // error out if the source of a bind mount does not exist as we will be @@ -252,7 +260,7 @@ func mountCgroupV1(m *configs.Mount, c *mountConfig) error { PropagationFlags: m.PropagationFlags, } - if err := mountToRootfs(tmpfs, c); err != nil { + if err := mountToRootfs(c, mountEntry{Mount: tmpfs}); err != nil { return err } @@ -280,7 +288,7 @@ func mountCgroupV1(m *configs.Mount, c *mountConfig) error { return err } } else { - if err := mountToRootfs(b, c); err != nil { + if err := mountToRootfs(c, mountEntry{Mount: b}); err != nil { return err } } @@ -328,8 +336,8 @@ func mountCgroupV2(m *configs.Mount, c *mountConfig) error { bindM.Source = c.cgroup2Path } // mountToRootfs() handles remounting for MS_RDONLY. - // No need to set c.fd here, because mountToRootfs() calls utils.WithProcfd() by itself in mountPropagate(). - err = mountToRootfs(bindM, c) + // No need to set mountEntry.srcFD here, because mountToRootfs() calls utils.WithProcfd() by itself in mountPropagate(). + err = mountToRootfs(c, mountEntry{Mount: bindM}) if c.rootlessCgroups && errors.Is(err, unix.ENOENT) { // ENOENT (for `src = c.cgroup2Path`) happens when rootless runc is being executed // outside the userns+mountns. @@ -343,7 +351,7 @@ func mountCgroupV2(m *configs.Mount, c *mountConfig) error { return err } -func doTmpfsCopyUp(m *configs.Mount, rootfs, mountLabel string) (Err error) { +func doTmpfsCopyUp(m mountEntry, rootfs, mountLabel string) (Err error) { // Set up a scratch dir for the tmpfs on the host. tmpdir, err := prepareTmp("/tmp") if err != nil { @@ -360,7 +368,7 @@ func doTmpfsCopyUp(m *configs.Mount, rootfs, mountLabel string) (Err error) { // m.Destination since we are going to mount *on the host*. oldDest := m.Destination m.Destination = tmpDir - err = mountPropagate(m, "/", mountLabel, nil) + err = mountPropagate(m, "/", mountLabel) m.Destination = oldDest if err != nil { return err @@ -388,7 +396,7 @@ func doTmpfsCopyUp(m *configs.Mount, rootfs, mountLabel string) (Err error) { }) } -func mountToRootfs(m *configs.Mount, c *mountConfig) error { +func mountToRootfs(c *mountConfig, m mountEntry) error { rootfs := c.root // procfs and sysfs are special because we need to ensure they are actually @@ -416,11 +424,10 @@ func mountToRootfs(m *configs.Mount, c *mountConfig) error { return err } // Selinux kernels do not support labeling of /proc or /sys. - return mountPropagate(m, rootfs, "", nil) + return mountPropagate(m, rootfs, "") } mountLabel := c.label - mountFd := c.fd dest, err := securejoin.SecureJoin(rootfs, m.Destination) if err != nil { return err @@ -431,7 +438,7 @@ func mountToRootfs(m *configs.Mount, c *mountConfig) error { if err := os.MkdirAll(dest, 0o755); err != nil { return err } - if err := mountPropagate(m, rootfs, "", nil); err != nil { + if err := mountPropagate(m, rootfs, ""); err != nil { return err } return label.SetFileLabel(dest, mountLabel) @@ -446,7 +453,7 @@ func mountToRootfs(m *configs.Mount, c *mountConfig) error { if m.Extensions&configs.EXT_COPYUP == configs.EXT_COPYUP { err = doTmpfsCopyUp(m, rootfs, mountLabel) } else { - err = mountPropagate(m, rootfs, mountLabel, nil) + err = mountPropagate(m, rootfs, mountLabel) } if err != nil { @@ -460,17 +467,17 @@ func mountToRootfs(m *configs.Mount, c *mountConfig) error { } return nil case "bind": - if err := prepareBindMount(m, rootfs, mountFd); err != nil { + if err := prepareBindMount(m, rootfs); err != nil { return err } - if err := mountPropagate(m, rootfs, mountLabel, mountFd); err != nil { + if err := mountPropagate(m, rootfs, mountLabel); err != nil { return err } // bind mount won't change mount options, we need remount to make mount options effective. // first check that we have non-default options required before attempting a remount if m.Flags&^(unix.MS_REC|unix.MS_REMOUNT|unix.MS_BIND) != 0 { // only remount if unique mount options are set - if err := remount(m, rootfs, mountFd); err != nil { + if err := remount(m, rootfs); err != nil { return err } } @@ -484,12 +491,12 @@ func mountToRootfs(m *configs.Mount, c *mountConfig) error { return err } } - return setRecAttr(m, rootfs) + return setRecAttr(m.Mount, rootfs) case "cgroup": if cgroups.IsCgroup2UnifiedMode() { - return mountCgroupV2(m, c) + return mountCgroupV2(m.Mount, c) } - return mountCgroupV1(m, c) + return mountCgroupV1(m.Mount, c) default: if err := checkProcMount(rootfs, dest, m.Source); err != nil { return err @@ -497,7 +504,7 @@ func mountToRootfs(m *configs.Mount, c *mountConfig) error { if err := os.MkdirAll(dest, 0o755); err != nil { return err } - return mountPropagate(m, rootfs, mountLabel, mountFd) + return mountPropagate(m, rootfs, mountLabel) } } @@ -1059,35 +1066,31 @@ func writeSystemProperty(key, value string) error { return os.WriteFile(path.Join("/proc/sys", keyPath), []byte(value), 0o644) } -func remount(m *configs.Mount, rootfs string, mountFd *int) error { - srcFD := "" - if mountFd != nil { - srcFD = "/proc/self/fd/" + strconv.Itoa(*mountFd) - } - +func remount(m mountEntry, rootfs string) error { return utils.WithProcfd(rootfs, m.Destination, func(dstFD string) error { flags := uintptr(m.Flags | unix.MS_REMOUNT) - err := mountViaFDs(m.Source, srcFD, m.Destination, dstFD, m.Device, flags, "") + err := mountViaFDs(m.Source, m.srcFD, m.Destination, dstFD, m.Device, flags, "") if err == nil { return nil } // Check if the source has ro flag... + src := m.src() var s unix.Statfs_t - if err := unix.Statfs(m.Source, &s); err != nil { - return &os.PathError{Op: "statfs", Path: m.Source, Err: err} + if err := unix.Statfs(src, &s); err != nil { + return &os.PathError{Op: "statfs", Path: src, Err: err} } if s.Flags&unix.MS_RDONLY != unix.MS_RDONLY { return err } // ... and retry the mount with ro flag set. flags |= unix.MS_RDONLY - return mountViaFDs(m.Source, srcFD, m.Destination, dstFD, m.Device, flags, "") + return mountViaFDs(m.Source, m.srcFD, m.Destination, dstFD, m.Device, flags, "") }) } // Do the mount operation followed by additional mounts required to take care // of propagation flags. This will always be scoped inside the container rootfs. -func mountPropagate(m *configs.Mount, rootfs string, mountLabel string, mountFd *int) error { +func mountPropagate(m mountEntry, rootfs string, mountLabel string) error { var ( data = label.FormatMountLabel(m.Data, mountLabel) flags = m.Flags @@ -1100,17 +1103,12 @@ func mountPropagate(m *configs.Mount, rootfs string, mountLabel string, mountFd flags &= ^unix.MS_RDONLY } - srcFD := "" - if mountFd != nil { - srcFD = "/proc/self/fd/" + strconv.Itoa(*mountFd) - } - // Because the destination is inside a container path which might be // mutating underneath us, we verify that we are actually going to mount // inside the container with WithProcfd() -- mounting through a procfd // mounts on the target. if err := utils.WithProcfd(rootfs, m.Destination, func(dstFD string) error { - return mountViaFDs(m.Source, srcFD, m.Destination, dstFD, m.Device, uintptr(flags), data) + return mountViaFDs(m.Source, m.srcFD, m.Destination, dstFD, m.Device, uintptr(flags), data) }); err != nil { return err } From 02afa9f1423857dbb0794fb46757cf4d988a373c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 5 May 2023 04:58:43 +0000 Subject: [PATCH 0235/1176] build(deps): bump golang.org/x/sys from 0.7.0 to 0.8.0 Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.7.0 to 0.8.0. - [Commits](https://github.com/golang/sys/compare/v0.7.0...v0.8.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- vendor/golang.org/x/sys/unix/mkerrors.sh | 3 ++- vendor/golang.org/x/sys/unix/zerrors_linux.go | 14 ++++++++++++++ vendor/golang.org/x/sys/windows/env_windows.go | 6 +++--- vendor/golang.org/x/sys/windows/exec_windows.go | 7 ++++++- vendor/golang.org/x/sys/windows/service.go | 7 +++++++ vendor/golang.org/x/sys/windows/types_windows.go | 6 +++++- .../golang.org/x/sys/windows/zsyscall_windows.go | 9 +++++++++ vendor/modules.txt | 2 +- 10 files changed, 50 insertions(+), 10 deletions(-) diff --git a/go.mod b/go.mod index 4cfd54f7c41..bd5640bfbd8 100644 --- a/go.mod +++ b/go.mod @@ -20,7 +20,7 @@ require ( github.com/urfave/cli v1.22.12 github.com/vishvananda/netlink v1.1.0 golang.org/x/net v0.9.0 - golang.org/x/sys v0.7.0 + golang.org/x/sys v0.8.0 google.golang.org/protobuf v1.30.0 ) diff --git a/go.sum b/go.sum index e635e6a82c6..e01ea06de0a 100644 --- a/go.sum +++ b/go.sum @@ -67,8 +67,8 @@ golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.7.0 h1:3jlCCIQZPdOYu1h8BkNvLz8Kgwtae2cagcG/VamtZRU= -golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU= +golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= diff --git a/vendor/golang.org/x/sys/unix/mkerrors.sh b/vendor/golang.org/x/sys/unix/mkerrors.sh index 2045d3dadb8..be0423e6856 100644 --- a/vendor/golang.org/x/sys/unix/mkerrors.sh +++ b/vendor/golang.org/x/sys/unix/mkerrors.sh @@ -204,6 +204,7 @@ struct ltchars { #include #include #include +#include #include #include #include @@ -518,7 +519,7 @@ ccflags="$@" $2 ~ /^LOCK_(SH|EX|NB|UN)$/ || $2 ~ /^LO_(KEY|NAME)_SIZE$/ || $2 ~ /^LOOP_(CLR|CTL|GET|SET)_/ || - $2 ~ /^(AF|SOCK|SO|SOL|IPPROTO|IP|IPV6|TCP|MCAST|EVFILT|NOTE|SHUT|PROT|MAP|MFD|T?PACKET|MSG|SCM|MCL|DT|MADV|PR|LOCAL|TCPOPT)_/ || + $2 ~ /^(AF|SOCK|SO|SOL|IPPROTO|IP|IPV6|TCP|MCAST|EVFILT|NOTE|SHUT|PROT|MAP|MFD|T?PACKET|MSG|SCM|MCL|DT|MADV|PR|LOCAL|TCPOPT|UDP)_/ || $2 ~ /^NFC_(GENL|PROTO|COMM|RF|SE|DIRECTION|LLCP|SOCKPROTO)_/ || $2 ~ /^NFC_.*_(MAX)?SIZE$/ || $2 ~ /^RAW_PAYLOAD_/ || diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux.go b/vendor/golang.org/x/sys/unix/zerrors_linux.go index 398c37e52d6..de936b677b6 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux.go @@ -2967,6 +2967,7 @@ const ( SOL_TCP = 0x6 SOL_TIPC = 0x10f SOL_TLS = 0x11a + SOL_UDP = 0x11 SOL_X25 = 0x106 SOL_XDP = 0x11b SOMAXCONN = 0x1000 @@ -3251,6 +3252,19 @@ const ( TRACEFS_MAGIC = 0x74726163 TS_COMM_LEN = 0x20 UDF_SUPER_MAGIC = 0x15013346 + UDP_CORK = 0x1 + UDP_ENCAP = 0x64 + UDP_ENCAP_ESPINUDP = 0x2 + UDP_ENCAP_ESPINUDP_NON_IKE = 0x1 + UDP_ENCAP_GTP0 = 0x4 + UDP_ENCAP_GTP1U = 0x5 + UDP_ENCAP_L2TPINUDP = 0x3 + UDP_GRO = 0x68 + UDP_NO_CHECK6_RX = 0x66 + UDP_NO_CHECK6_TX = 0x65 + UDP_SEGMENT = 0x67 + UDP_V4_FLOW = 0x2 + UDP_V6_FLOW = 0x6 UMOUNT_NOFOLLOW = 0x8 USBDEVICE_SUPER_MAGIC = 0x9fa2 UTIME_NOW = 0x3fffffff diff --git a/vendor/golang.org/x/sys/windows/env_windows.go b/vendor/golang.org/x/sys/windows/env_windows.go index 92ac05ff4ea..b8ad1925068 100644 --- a/vendor/golang.org/x/sys/windows/env_windows.go +++ b/vendor/golang.org/x/sys/windows/env_windows.go @@ -37,14 +37,14 @@ func (token Token) Environ(inheritExisting bool) (env []string, err error) { return nil, err } defer DestroyEnvironmentBlock(block) - blockp := uintptr(unsafe.Pointer(block)) + blockp := unsafe.Pointer(block) for { - entry := UTF16PtrToString((*uint16)(unsafe.Pointer(blockp))) + entry := UTF16PtrToString((*uint16)(blockp)) if len(entry) == 0 { break } env = append(env, entry) - blockp += 2 * (uintptr(len(entry)) + 1) + blockp = unsafe.Add(blockp, 2*(len(entry)+1)) } return env, nil } diff --git a/vendor/golang.org/x/sys/windows/exec_windows.go b/vendor/golang.org/x/sys/windows/exec_windows.go index 75980fd44ad..a52e0331d8b 100644 --- a/vendor/golang.org/x/sys/windows/exec_windows.go +++ b/vendor/golang.org/x/sys/windows/exec_windows.go @@ -95,12 +95,17 @@ func ComposeCommandLine(args []string) string { // DecomposeCommandLine breaks apart its argument command line into unescaped parts using CommandLineToArgv, // as gathered from GetCommandLine, QUERY_SERVICE_CONFIG's BinaryPathName argument, or elsewhere that // command lines are passed around. +// DecomposeCommandLine returns error if commandLine contains NUL. func DecomposeCommandLine(commandLine string) ([]string, error) { if len(commandLine) == 0 { return []string{}, nil } + utf16CommandLine, err := UTF16FromString(commandLine) + if err != nil { + return nil, errorspkg.New("string with NUL passed to DecomposeCommandLine") + } var argc int32 - argv, err := CommandLineToArgv(StringToUTF16Ptr(commandLine), &argc) + argv, err := CommandLineToArgv(&utf16CommandLine[0], &argc) if err != nil { return nil, err } diff --git a/vendor/golang.org/x/sys/windows/service.go b/vendor/golang.org/x/sys/windows/service.go index f8deca8397a..c964b6848d4 100644 --- a/vendor/golang.org/x/sys/windows/service.go +++ b/vendor/golang.org/x/sys/windows/service.go @@ -141,6 +141,12 @@ const ( SERVICE_DYNAMIC_INFORMATION_LEVEL_START_REASON = 1 ) +type ENUM_SERVICE_STATUS struct { + ServiceName *uint16 + DisplayName *uint16 + ServiceStatus SERVICE_STATUS +} + type SERVICE_STATUS struct { ServiceType uint32 CurrentState uint32 @@ -245,3 +251,4 @@ type QUERY_SERVICE_LOCK_STATUS struct { //sys UnsubscribeServiceChangeNotifications(subscription uintptr) = sechost.UnsubscribeServiceChangeNotifications? //sys RegisterServiceCtrlHandlerEx(serviceName *uint16, handlerProc uintptr, context uintptr) (handle Handle, err error) = advapi32.RegisterServiceCtrlHandlerExW //sys QueryServiceDynamicInformation(service Handle, infoLevel uint32, dynamicInfo unsafe.Pointer) (err error) = advapi32.QueryServiceDynamicInformation? +//sys EnumDependentServices(service Handle, activityState uint32, services *ENUM_SERVICE_STATUS, buffSize uint32, bytesNeeded *uint32, servicesReturned *uint32) (err error) = advapi32.EnumDependentServicesW diff --git a/vendor/golang.org/x/sys/windows/types_windows.go b/vendor/golang.org/x/sys/windows/types_windows.go index 0dbb2084117..88e62a63851 100644 --- a/vendor/golang.org/x/sys/windows/types_windows.go +++ b/vendor/golang.org/x/sys/windows/types_windows.go @@ -2220,15 +2220,19 @@ type JOBOBJECT_BASIC_UI_RESTRICTIONS struct { } const ( - // JobObjectInformationClass + // JobObjectInformationClass for QueryInformationJobObject and SetInformationJobObject JobObjectAssociateCompletionPortInformation = 7 + JobObjectBasicAccountingInformation = 1 + JobObjectBasicAndIoAccountingInformation = 8 JobObjectBasicLimitInformation = 2 + JobObjectBasicProcessIdList = 3 JobObjectBasicUIRestrictions = 4 JobObjectCpuRateControlInformation = 15 JobObjectEndOfJobTimeInformation = 6 JobObjectExtendedLimitInformation = 9 JobObjectGroupInformation = 11 JobObjectGroupInformationEx = 14 + JobObjectLimitViolationInformation = 13 JobObjectLimitViolationInformation2 = 34 JobObjectNetRateControlInformation = 32 JobObjectNotificationLimitInformation = 12 diff --git a/vendor/golang.org/x/sys/windows/zsyscall_windows.go b/vendor/golang.org/x/sys/windows/zsyscall_windows.go index 6d2a268534d..a81ea2c7001 100644 --- a/vendor/golang.org/x/sys/windows/zsyscall_windows.go +++ b/vendor/golang.org/x/sys/windows/zsyscall_windows.go @@ -86,6 +86,7 @@ var ( procDeleteService = modadvapi32.NewProc("DeleteService") procDeregisterEventSource = modadvapi32.NewProc("DeregisterEventSource") procDuplicateTokenEx = modadvapi32.NewProc("DuplicateTokenEx") + procEnumDependentServicesW = modadvapi32.NewProc("EnumDependentServicesW") procEnumServicesStatusExW = modadvapi32.NewProc("EnumServicesStatusExW") procEqualSid = modadvapi32.NewProc("EqualSid") procFreeSid = modadvapi32.NewProc("FreeSid") @@ -734,6 +735,14 @@ func DuplicateTokenEx(existingToken Token, desiredAccess uint32, tokenAttributes return } +func EnumDependentServices(service Handle, activityState uint32, services *ENUM_SERVICE_STATUS, buffSize uint32, bytesNeeded *uint32, servicesReturned *uint32) (err error) { + r1, _, e1 := syscall.Syscall6(procEnumDependentServicesW.Addr(), 6, uintptr(service), uintptr(activityState), uintptr(unsafe.Pointer(services)), uintptr(buffSize), uintptr(unsafe.Pointer(bytesNeeded)), uintptr(unsafe.Pointer(servicesReturned))) + if r1 == 0 { + err = errnoErr(e1) + } + return +} + func EnumServicesStatusEx(mgr Handle, infoLevel uint32, serviceType uint32, serviceState uint32, services *byte, bufSize uint32, bytesNeeded *uint32, servicesReturned *uint32, resumeHandle *uint32, groupName *uint16) (err error) { r1, _, e1 := syscall.Syscall12(procEnumServicesStatusExW.Addr(), 10, uintptr(mgr), uintptr(infoLevel), uintptr(serviceType), uintptr(serviceState), uintptr(unsafe.Pointer(services)), uintptr(bufSize), uintptr(unsafe.Pointer(bytesNeeded)), uintptr(unsafe.Pointer(servicesReturned)), uintptr(unsafe.Pointer(resumeHandle)), uintptr(unsafe.Pointer(groupName)), 0, 0) if r1 == 0 { diff --git a/vendor/modules.txt b/vendor/modules.txt index 5fd949c16b6..a38884fc931 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -70,7 +70,7 @@ github.com/vishvananda/netns # golang.org/x/net v0.9.0 ## explicit; go 1.17 golang.org/x/net/bpf -# golang.org/x/sys v0.7.0 +# golang.org/x/sys v0.8.0 ## explicit; go 1.17 golang.org/x/sys/execabs golang.org/x/sys/internal/unsafeheader From 882a2cc887d0c60a75dbff2f8e3579ab5cf12798 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 9 May 2023 08:36:13 +0000 Subject: [PATCH 0236/1176] build(deps): bump golang.org/x/net from 0.9.0 to 0.10.0 Bumps [golang.org/x/net](https://github.com/golang/net) from 0.9.0 to 0.10.0. - [Commits](https://github.com/golang/net/compare/v0.9.0...v0.10.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- vendor/modules.txt | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index bd5640bfbd8..96d5332c963 100644 --- a/go.mod +++ b/go.mod @@ -19,7 +19,7 @@ require ( github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 github.com/urfave/cli v1.22.12 github.com/vishvananda/netlink v1.1.0 - golang.org/x/net v0.9.0 + golang.org/x/net v0.10.0 golang.org/x/sys v0.8.0 google.golang.org/protobuf v1.30.0 ) diff --git a/go.sum b/go.sum index e01ea06de0a..7942deb648c 100644 --- a/go.sum +++ b/go.sum @@ -61,8 +61,8 @@ github.com/vishvananda/netlink v1.1.0 h1:1iyaYNBLmP6L0220aDnYQpo1QEV4t4hJ+xEEhhJ github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE= github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df h1:OviZH7qLw/7ZovXvuNyL3XQl8UFofeikI1NW1Gypu7k= github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU= -golang.org/x/net v0.9.0 h1:aWJ/m6xSmxWBx+V0XRHTlrYrPG56jKsLdTFmsSsCzOM= -golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns= +golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M= +golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= diff --git a/vendor/modules.txt b/vendor/modules.txt index a38884fc931..26998203cf9 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -67,7 +67,7 @@ github.com/vishvananda/netlink/nl # github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df ## explicit; go 1.12 github.com/vishvananda/netns -# golang.org/x/net v0.9.0 +# golang.org/x/net v0.10.0 ## explicit; go 1.17 golang.org/x/net/bpf # golang.org/x/sys v0.8.0 From 6beb3c6a3ebab5681d70e95191861feb168e8c55 Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Tue, 18 Apr 2023 14:31:00 +0900 Subject: [PATCH 0237/1176] go.mod: runtime-spec v1.1.0-rc.2 See https://github.com/opencontainers/runtime-spec/releases/tag/v1.1.0-rc.2 for the spec changes. The `runc features` json is now defined in https://github.com/opencontainers/runtime-spec/blob/v1.1.0-rc.2/specs-go/features/features.go Replaces PR 3829 Signed-off-by: Akihiro Suda --- docs/spec-conformance.md | 9 +- features.go | 15 ++- go.mod | 2 +- go.sum | 4 +- types/features/features.go | 118 +---------------- .../runtime-spec/specs-go/config.go | 23 +++- .../specs-go/features/features.go | 125 ++++++++++++++++++ .../runtime-spec/specs-go/version.go | 2 +- vendor/modules.txt | 3 +- 9 files changed, 165 insertions(+), 136 deletions(-) create mode 100644 vendor/github.com/opencontainers/runtime-spec/specs-go/features/features.go diff --git a/docs/spec-conformance.md b/docs/spec-conformance.md index 4f9d228aafe..1c5964b76a3 100644 --- a/docs/spec-conformance.md +++ b/docs/spec-conformance.md @@ -1,6 +1,6 @@ # Spec conformance -This branch of runc implements the [OCI Runtime Spec v1.1.0-rc.1](https://github.com/opencontainers/runtime-spec/tree/v1.1.0-rc.1) +This branch of runc implements the [OCI Runtime Spec v1.1.0-rc.2](https://github.com/opencontainers/runtime-spec/tree/v1.1.0-rc.2) for the `linux` platform. The following features are not implemented yet: @@ -10,8 +10,9 @@ Spec version | Feature | PR v1.0.0 | `SCMP_ARCH_PARISC` | Unplanned, due to lack of users v1.0.0 | `SCMP_ARCH_PARISC64` | Unplanned, due to lack of users v1.0.2 | `.linux.personality` | [#3126](https://github.com/opencontainers/runc/pull/3126) -v1.1.0-rc.1 | `.linux.resources.cpu.burst` | [#3205](https://github.com/opencontainers/runc/pull/3205) -v1.1.0-rc.1 | `.domainname` | [#3600](https://github.com/opencontainers/runc/pull/3600) +v1.1.0-rc.1 | `.linux.resources.cpu.burst` | [#3749](https://github.com/opencontainers/runc/pull/3749) v1.1.0-rc.1 | `.[]mounts.uidMappings` | [#3717](https://github.com/opencontainers/runc/pull/3717) v1.1.0-rc.1 | `.[]mounts.gidMappings` | [#3717](https://github.com/opencontainers/runc/pull/3717) -v1.1.0-rc.1 | `SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV` | TODO +v1.1.0-rc.1 | `SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV` | TODO ([#3860](https://github.com/opencontainers/runc/issues/3860)) +v1.1.0-rc.2 | time namespaces | TODO ([#2345](https://github.com/opencontainers/runc/issues/2345)) +v1.1.0-rc.2 | rsvd hugetlb cgroup | TODO ([#3859](https://github.com/opencontainers/runc/issues/3859)) diff --git a/features.go b/features.go index c86adc0a266..a01b4ae3e90 100644 --- a/features.go +++ b/features.go @@ -8,8 +8,9 @@ import ( "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/seccomp" "github.com/opencontainers/runc/libcontainer/specconv" - "github.com/opencontainers/runc/types/features" + runcfeatures "github.com/opencontainers/runc/types/features" "github.com/opencontainers/runtime-spec/specs-go" + "github.com/opencontainers/runtime-spec/specs-go/features" "github.com/urfave/cli" ) @@ -33,9 +34,9 @@ var featuresCommand = cli.Command{ OCIVersionMin: "1.0.0", OCIVersionMax: specs.Version, Annotations: map[string]string{ - features.AnnotationRuncVersion: version, - features.AnnotationRuncCommit: gitCommit, - features.AnnotationRuncCheckpointEnabled: "true", + runcfeatures.AnnotationRuncVersion: version, + runcfeatures.AnnotationRuncCommit: gitCommit, + runcfeatures.AnnotationRuncCheckpointEnabled: "true", }, Hooks: configs.KnownHookNames(), MountOptions: specconv.KnownMountOptions(), @@ -47,6 +48,7 @@ var featuresCommand = cli.Command{ V2: &tru, Systemd: &tru, SystemdUser: &tru, + Rdma: &tru, }, Apparmor: &features.Apparmor{ Enabled: &tru, @@ -54,6 +56,9 @@ var featuresCommand = cli.Command{ Selinux: &features.Selinux{ Enabled: &tru, }, + IntelRdt: &features.IntelRdt{ + Enabled: &tru, + }, }, } @@ -67,7 +72,7 @@ var featuresCommand = cli.Command{ SupportedFlags: seccomp.SupportedFlags(), } major, minor, patch := seccomp.Version() - feat.Annotations[features.AnnotationLibseccompVersion] = fmt.Sprintf("%d.%d.%d", major, minor, patch) + feat.Annotations[runcfeatures.AnnotationLibseccompVersion] = fmt.Sprintf("%d.%d.%d", major, minor, patch) } enc := json.NewEncoder(context.App.Writer) diff --git a/go.mod b/go.mod index bd5640bfbd8..a000d2569d8 100644 --- a/go.mod +++ b/go.mod @@ -12,7 +12,7 @@ require ( github.com/godbus/dbus/v5 v5.1.0 github.com/moby/sys/mountinfo v0.6.2 github.com/mrunalp/fileutils v0.5.0 - github.com/opencontainers/runtime-spec v1.1.0-rc.1 + github.com/opencontainers/runtime-spec v1.1.0-rc.2 github.com/opencontainers/selinux v1.11.0 github.com/seccomp/libseccomp-golang v0.10.0 github.com/sirupsen/logrus v1.9.0 diff --git a/go.sum b/go.sum index e01ea06de0a..0dc992136e4 100644 --- a/go.sum +++ b/go.sum @@ -30,8 +30,8 @@ github.com/moby/sys/mountinfo v0.6.2 h1:BzJjoreD5BMFNmD9Rus6gdd1pLuecOFPt8wC+Vyg github.com/moby/sys/mountinfo v0.6.2/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI= github.com/mrunalp/fileutils v0.5.0 h1:NKzVxiH7eSk+OQ4M+ZYW1K6h27RUV3MI6NUTsHhU6Z4= github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ= -github.com/opencontainers/runtime-spec v1.1.0-rc.1 h1:wHa9jroFfKGQqFHj0I1fMRKLl0pfj+ynAqBxo3v6u9w= -github.com/opencontainers/runtime-spec v1.1.0-rc.1/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= +github.com/opencontainers/runtime-spec v1.1.0-rc.2 h1:ucBtEms2tamYYW/SvGpvq9yUN0NEVL6oyLEwDcTSrk8= +github.com/opencontainers/runtime-spec v1.1.0-rc.2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/selinux v1.11.0 h1:+5Zbo97w3Lbmb3PeqQtpmTkMwsW5nRI3YaLpt7tQ7oU= github.com/opencontainers/selinux v1.11.0/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M586T4DlDRYpFkyec= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= diff --git a/types/features/features.go b/types/features/features.go index 4ea629eeaf4..a81893c8d45 100644 --- a/types/features/features.go +++ b/types/features/features.go @@ -1,122 +1,6 @@ -// Package features provides the JSON structure that is printed by `runc features` (since runc v1.1.0). -// The types in this package are experimental and subject to change. +// Package features provides the annotations for [github.com/opencontainers/runtime-spec/specs-go/features]. package features -// Features represents the supported features of the runtime. -type Features struct { - // OCIVersionMin is the minimum OCI Runtime Spec version recognized by the runtime, e.g., "1.0.0". - OCIVersionMin string `json:"ociVersionMin,omitempty"` - - // OCIVersionMax is the maximum OCI Runtime Spec version recognized by the runtime, e.g., "1.0.2-dev". - OCIVersionMax string `json:"ociVersionMax,omitempty"` - - // Hooks is the list of the recognized hook names, e.g., "createRuntime". - // Nil value means "unknown", not "no support for any hook". - Hooks []string `json:"hooks,omitempty"` - - // MountOptions is the list of the recognized mount options, e.g., "ro". - // Nil value means "unknown", not "no support for any mount option". - // This list does not contain filesystem-specific options passed to mount(2) syscall as (const void *). - MountOptions []string `json:"mountOptions,omitempty"` - - // Linux is specific to Linux. - Linux *Linux `json:"linux,omitempty"` - - // Annotations contains implementation-specific annotation strings, - // such as the implementation version, and third-party extensions. - Annotations map[string]string `json:"annotations,omitempty"` -} - -// Linux is specific to Linux. -type Linux struct { - // Namespaces is the list of the recognized namespaces, e.g., "mount". - // Nil value means "unknown", not "no support for any namespace". - Namespaces []string `json:"namespaces,omitempty"` - - // Capabilities is the list of the recognized capabilities , e.g., "CAP_SYS_ADMIN". - // Nil value means "unknown", not "no support for any capability". - Capabilities []string `json:"capabilities,omitempty"` - - Cgroup *Cgroup `json:"cgroup,omitempty"` - Seccomp *Seccomp `json:"seccomp,omitempty"` - Apparmor *Apparmor `json:"apparmor,omitempty"` - Selinux *Selinux `json:"selinux,omitempty"` -} - -// Seccomp represents the "seccomp" field. -type Seccomp struct { - // Enabled is true if seccomp support is compiled in. - // Nil value means "unknown", not "false". - Enabled *bool `json:"enabled,omitempty"` - - // Actions is the list of the recognized actions, e.g., "SCMP_ACT_NOTIFY". - // Nil value means "unknown", not "no support for any action". - Actions []string `json:"actions,omitempty"` - - // Operators is the list of the recognized operators, e.g., "SCMP_CMP_NE". - // Nil value means "unknown", not "no support for any operator". - Operators []string `json:"operators,omitempty"` - - // Archs is the list of the recognized archs, e.g., "SCMP_ARCH_X86_64". - // Nil value means "unknown", not "no support for any arch". - Archs []string `json:"archs,omitempty"` - - // KnownFlags is the list of the recognized filter flags, e.g., "SECCOMP_FILTER_FLAG_LOG". - // Nil value means "unknown", not "no flags are recognized". - KnownFlags []string `json:"knownFlags,omitempty"` - - // SupportedFlags is the list of the supported filter flags, e.g., "SECCOMP_FILTER_FLAG_LOG". - // This list may be a subset of KnownFlags due to some flags - // not supported by the current kernel and/or libseccomp. - // Nil value means "unknown", not "no flags are supported". - SupportedFlags []string `json:"supportedFlags,omitempty"` -} - -// Apparmor represents the "apparmor" field. -type Apparmor struct { - // Enabled is true if AppArmor support is compiled in. - // Unrelated to whether the host supports AppArmor or not. - // Nil value means "unknown", not "false". - // Always true in the current version of runc. - Enabled *bool `json:"enabled,omitempty"` -} - -// Selinux represents the "selinux" field. -type Selinux struct { - // Enabled is true if SELinux support is compiled in. - // Unrelated to whether the host supports SELinux or not. - // Nil value means "unknown", not "false". - // Always true in the current version of runc. - Enabled *bool `json:"enabled,omitempty"` -} - -// Cgroup represents the "cgroup" field. -type Cgroup struct { - // V1 represents whether Cgroup v1 support is compiled in. - // Unrelated to whether the host uses cgroup v1 or not. - // Nil value means "unknown", not "false". - // Always true in the current version of runc. - V1 *bool `json:"v1,omitempty"` - - // V2 represents whether Cgroup v2 support is compiled in. - // Unrelated to whether the host uses cgroup v2 or not. - // Nil value means "unknown", not "false". - // Always true in the current version of runc. - V2 *bool `json:"v2,omitempty"` - - // Systemd represents whether systemd-cgroup support is compiled in. - // Unrelated to whether the host uses systemd or not. - // Nil value means "unknown", not "false". - // Always true in the current version of runc. - Systemd *bool `json:"systemd,omitempty"` - - // SystemdUser represents whether user-scoped systemd-cgroup support is compiled in. - // Unrelated to whether the host uses systemd or not. - // Nil value means "unknown", not "false". - // Always true in the current version of runc. - SystemdUser *bool `json:"systemdUser,omitempty"` -} - const ( // AnnotationRuncVersion represents the version of runc, e.g., "1.2.3", "1.2.3+dev", "1.2.3-rc.4.", "1.2.3-rc.4+dev". // Third party implementations such as crun and runsc MAY use this annotation to report the most compatible runc version, diff --git a/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go b/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go index 5b4f691c70b..25f4e6e823a 100644 --- a/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go +++ b/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go @@ -191,6 +191,8 @@ type Linux struct { IntelRdt *LinuxIntelRdt `json:"intelRdt,omitempty"` // Personality contains configuration for the Linux personality syscall Personality *LinuxPersonality `json:"personality,omitempty"` + // TimeOffsets specifies the offset for supporting time namespaces. + TimeOffsets map[string]LinuxTimeOffset `json:"timeOffsets,omitempty"` } // LinuxNamespace is the configuration for a Linux namespace @@ -220,6 +222,8 @@ const ( UserNamespace LinuxNamespaceType = "user" // CgroupNamespace for isolating cgroup hierarchies CgroupNamespace LinuxNamespaceType = "cgroup" + // TimeNamespace for isolating the clocks + TimeNamespace LinuxNamespaceType = "time" ) // LinuxIDMapping specifies UID/GID mappings @@ -232,6 +236,14 @@ type LinuxIDMapping struct { Size uint32 `json:"size"` } +// LinuxTimeOffset specifies the offset for Time Namespace +type LinuxTimeOffset struct { + // Secs is the offset of clock (in secs) in the container + Secs int64 `json:"secs,omitempty"` + // Nanosecs is the additional offset for Secs (in nanosecs) + Nanosecs uint32 `json:"nanosecs,omitempty"` +} + // POSIXRlimit type and restrictions type POSIXRlimit struct { // Type of the rlimit to set @@ -242,12 +254,13 @@ type POSIXRlimit struct { Soft uint64 `json:"soft"` } -// LinuxHugepageLimit structure corresponds to limiting kernel hugepages +// LinuxHugepageLimit structure corresponds to limiting kernel hugepages. +// Default to reservation limits if supported. Otherwise fallback to page fault limits. type LinuxHugepageLimit struct { - // Pagesize is the hugepage size - // Format: "B' (e.g. 64KB, 2MB, 1GB, etc.) + // Pagesize is the hugepage size. + // Format: "B' (e.g. 64KB, 2MB, 1GB, etc.). Pagesize string `json:"pageSize"` - // Limit is the limit of "hugepagesize" hugetlb usage + // Limit is the limit of "hugepagesize" hugetlb reservations (if supported) or usage. Limit uint64 `json:"limit"` } @@ -382,7 +395,7 @@ type LinuxResources struct { Pids *LinuxPids `json:"pids,omitempty"` // BlockIO restriction configuration BlockIO *LinuxBlockIO `json:"blockIO,omitempty"` - // Hugetlb limit (in bytes) + // Hugetlb limits (in bytes). Default to reservation limits if supported. HugepageLimits []LinuxHugepageLimit `json:"hugepageLimits,omitempty"` // Network restriction configuration Network *LinuxNetwork `json:"network,omitempty"` diff --git a/vendor/github.com/opencontainers/runtime-spec/specs-go/features/features.go b/vendor/github.com/opencontainers/runtime-spec/specs-go/features/features.go new file mode 100644 index 00000000000..230e88f568e --- /dev/null +++ b/vendor/github.com/opencontainers/runtime-spec/specs-go/features/features.go @@ -0,0 +1,125 @@ +// Package features provides the Features struct. +package features + +// Features represents the supported features of the runtime. +type Features struct { + // OCIVersionMin is the minimum OCI Runtime Spec version recognized by the runtime, e.g., "1.0.0". + OCIVersionMin string `json:"ociVersionMin,omitempty"` + + // OCIVersionMax is the maximum OCI Runtime Spec version recognized by the runtime, e.g., "1.0.2-dev". + OCIVersionMax string `json:"ociVersionMax,omitempty"` + + // Hooks is the list of the recognized hook names, e.g., "createRuntime". + // Nil value means "unknown", not "no support for any hook". + Hooks []string `json:"hooks,omitempty"` + + // MountOptions is the list of the recognized mount options, e.g., "ro". + // Nil value means "unknown", not "no support for any mount option". + // This list does not contain filesystem-specific options passed to mount(2) syscall as (const void *). + MountOptions []string `json:"mountOptions,omitempty"` + + // Linux is specific to Linux. + Linux *Linux `json:"linux,omitempty"` + + // Annotations contains implementation-specific annotation strings, + // such as the implementation version, and third-party extensions. + Annotations map[string]string `json:"annotations,omitempty"` +} + +// Linux is specific to Linux. +type Linux struct { + // Namespaces is the list of the recognized namespaces, e.g., "mount". + // Nil value means "unknown", not "no support for any namespace". + Namespaces []string `json:"namespaces,omitempty"` + + // Capabilities is the list of the recognized capabilities , e.g., "CAP_SYS_ADMIN". + // Nil value means "unknown", not "no support for any capability". + Capabilities []string `json:"capabilities,omitempty"` + + Cgroup *Cgroup `json:"cgroup,omitempty"` + Seccomp *Seccomp `json:"seccomp,omitempty"` + Apparmor *Apparmor `json:"apparmor,omitempty"` + Selinux *Selinux `json:"selinux,omitempty"` + IntelRdt *IntelRdt `json:"intelRdt,omitempty"` +} + +// Cgroup represents the "cgroup" field. +type Cgroup struct { + // V1 represents whether Cgroup v1 support is compiled in. + // Unrelated to whether the host uses cgroup v1 or not. + // Nil value means "unknown", not "false". + V1 *bool `json:"v1,omitempty"` + + // V2 represents whether Cgroup v2 support is compiled in. + // Unrelated to whether the host uses cgroup v2 or not. + // Nil value means "unknown", not "false". + V2 *bool `json:"v2,omitempty"` + + // Systemd represents whether systemd-cgroup support is compiled in. + // Unrelated to whether the host uses systemd or not. + // Nil value means "unknown", not "false". + Systemd *bool `json:"systemd,omitempty"` + + // SystemdUser represents whether user-scoped systemd-cgroup support is compiled in. + // Unrelated to whether the host uses systemd or not. + // Nil value means "unknown", not "false". + SystemdUser *bool `json:"systemdUser,omitempty"` + + // Rdma represents whether RDMA cgroup support is compiled in. + // Unrelated to whether the host supports RDMA or not. + // Nil value means "unknown", not "false". + Rdma *bool `json:"rdma,omitempty"` +} + +// Seccomp represents the "seccomp" field. +type Seccomp struct { + // Enabled is true if seccomp support is compiled in. + // Nil value means "unknown", not "false". + Enabled *bool `json:"enabled,omitempty"` + + // Actions is the list of the recognized actions, e.g., "SCMP_ACT_NOTIFY". + // Nil value means "unknown", not "no support for any action". + Actions []string `json:"actions,omitempty"` + + // Operators is the list of the recognized operators, e.g., "SCMP_CMP_NE". + // Nil value means "unknown", not "no support for any operator". + Operators []string `json:"operators,omitempty"` + + // Archs is the list of the recognized archs, e.g., "SCMP_ARCH_X86_64". + // Nil value means "unknown", not "no support for any arch". + Archs []string `json:"archs,omitempty"` + + // KnownFlags is the list of the recognized filter flags, e.g., "SECCOMP_FILTER_FLAG_LOG". + // Nil value means "unknown", not "no flags are recognized". + KnownFlags []string `json:"knownFlags,omitempty"` + + // SupportedFlags is the list of the supported filter flags, e.g., "SECCOMP_FILTER_FLAG_LOG". + // This list may be a subset of KnownFlags due to some flags + // not supported by the current kernel and/or libseccomp. + // Nil value means "unknown", not "no flags are supported". + SupportedFlags []string `json:"supportedFlags,omitempty"` +} + +// Apparmor represents the "apparmor" field. +type Apparmor struct { + // Enabled is true if AppArmor support is compiled in. + // Unrelated to whether the host supports AppArmor or not. + // Nil value means "unknown", not "false". + Enabled *bool `json:"enabled,omitempty"` +} + +// Selinux represents the "selinux" field. +type Selinux struct { + // Enabled is true if SELinux support is compiled in. + // Unrelated to whether the host supports SELinux or not. + // Nil value means "unknown", not "false". + Enabled *bool `json:"enabled,omitempty"` +} + +// IntelRdt represents the "intelRdt" field. +type IntelRdt struct { + // Enabled is true if Intel RDT support is compiled in. + // Unrelated to whether the host supports Intel RDT or not. + // Nil value means "unknown", not "false". + Enabled *bool `json:"enabled,omitempty"` +} diff --git a/vendor/github.com/opencontainers/runtime-spec/specs-go/version.go b/vendor/github.com/opencontainers/runtime-spec/specs-go/version.go index 8ae4227b9ba..1b81f3c9d6d 100644 --- a/vendor/github.com/opencontainers/runtime-spec/specs-go/version.go +++ b/vendor/github.com/opencontainers/runtime-spec/specs-go/version.go @@ -11,7 +11,7 @@ const ( VersionPatch = 0 // VersionDev indicates development branch. Releases will be empty string. - VersionDev = "-rc.1" + VersionDev = "-rc.2" ) // Version is the specification version that the package types support. diff --git a/vendor/modules.txt b/vendor/modules.txt index a38884fc931..3fb85c3071e 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -36,9 +36,10 @@ github.com/moby/sys/mountinfo # github.com/mrunalp/fileutils v0.5.0 ## explicit; go 1.13 github.com/mrunalp/fileutils -# github.com/opencontainers/runtime-spec v1.1.0-rc.1 +# github.com/opencontainers/runtime-spec v1.1.0-rc.2 ## explicit github.com/opencontainers/runtime-spec/specs-go +github.com/opencontainers/runtime-spec/specs-go/features # github.com/opencontainers/selinux v1.11.0 ## explicit; go 1.19 github.com/opencontainers/selinux/go-selinux From f6c393da9e0b179d7220b2ba347b0e21f059b37e Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Thu, 11 May 2023 11:41:22 +0900 Subject: [PATCH 0238/1176] features: graduate from experimental The type definition was merged into the OCI Runtime Spec v1.1.0-rc.2: https://github.com/opencontainers/runtime-spec/blob/v1.1.0-rc.2/features.md Signed-off-by: Akihiro Suda --- docs/experimental.md | 5 +---- features.go | 3 +-- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/docs/experimental.md b/docs/experimental.md index a68dd068062..a61cf60ed74 100644 --- a/docs/experimental.md +++ b/docs/experimental.md @@ -1,11 +1,8 @@ # Experimental features -The following features are experimental and subject to change: - -- The `runc features` command (since runc v1.1.0) - The following features were experimental in the past: Feature | Experimental release | Graduation release ---------------------------------------- | -------------------- | ------------------ cgroup v2 | v1.0.0-rc91 | v1.0.0-rc93 +The `runc features` command | v1.1.0 | v1.2.0 diff --git a/features.go b/features.go index a01b4ae3e90..d3ffda349bd 100644 --- a/features.go +++ b/features.go @@ -20,8 +20,7 @@ var featuresCommand = cli.Command{ ArgsUsage: "", Description: `Show the enabled features. The result is parsable as a JSON. - See https://pkg.go.dev/github.com/opencontainers/runc/types/features for the type definition. - The types are experimental and subject to change. + See https://github.com/opencontainers/runtime-spec/blob/main/features.md for the type definition. `, Action: func(context *cli.Context) error { if err := checkArgs(context, 0, exactArgs); err != nil { From b32655d2bc90d89512a5ca5830be90bd56621098 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 15 May 2023 15:10:34 -0700 Subject: [PATCH 0239/1176] ci/gha: rm kludges for cross-i386 job The first kludge is not needed since the switch to Ubuntu 22.04 in commit 953e1cc48. The second one is not needed since Go 1.20. Signed-off-by: Kir Kolyshkin --- .github/workflows/test.yml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index d938bec4d20..8136d648812 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -120,9 +120,6 @@ jobs: sudo add-apt-repository -y ppa:criu/ppa # apt-add-repository runs apt update so we don't have to. - # Due to a bug in apt, we have to update it first - # (see https://bugs.launchpad.net/ubuntu-cdimage/+bug/1871268) - sudo apt -q install apt sudo apt -q install libseccomp-dev libseccomp-dev:i386 gcc-multilib criu - name: install go @@ -131,5 +128,4 @@ jobs: go-version: 1.x # Latest stable - name: unit test - # See https://go-review.googlesource.com/c/go/+/421935 - run: sudo -E PATH="$PATH" -- make GOARCH=386 CGO_CFLAGS=-fno-stack-protector localunittest + run: sudo -E PATH="$PATH" -- make GOARCH=386 localunittest From da5cdfed7cb5b0240db57b44e21d9258c73bf4b8 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 15 May 2023 16:19:39 -0700 Subject: [PATCH 0240/1176] ci/gha: fix cross-i386 As of today, installing fails with > libc6:i386 : Depends: libgcc-s1:i386 but it is not going to be installed Add the package explicitly to work around that. Signed-off-by: Kir Kolyshkin --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 8136d648812..4e830e53a87 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -120,7 +120,7 @@ jobs: sudo add-apt-repository -y ppa:criu/ppa # apt-add-repository runs apt update so we don't have to. - sudo apt -q install libseccomp-dev libseccomp-dev:i386 gcc-multilib criu + sudo apt -q install libseccomp-dev libseccomp-dev:i386 gcc-multilib libgcc-s1:i386 criu - name: install go uses: actions/setup-go@v4 From 083e9789b84ebd88ea15fc2a66b6eae2730f47c4 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 10 Apr 2023 10:33:44 -0700 Subject: [PATCH 0241/1176] ci/gha: rm actions/cache from validate/deps job Since commit e3cf217cf1fa9248d153 actions/setup-go@v4 uses caching implicitly, so it is no longer required. Signed-off-by: Kir Kolyshkin --- .github/workflows/validate.yml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index a22676b52fa..2e54e648b9f 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -108,14 +108,6 @@ jobs: uses: actions/setup-go@v4 with: go-version: "${{ env.GO_VERSION }}" - - name: cache go mod and $GOCACHE - uses: actions/cache@v3 - with: - path: | - ~/go/pkg/mod - ~/.cache/go-build - key: ${{ runner.os }}-go.sum-${{ hashFiles('**/go.sum') }} - restore-keys: ${{ runner.os }}-go.sum- - name: verify deps run: make verify-dependencies From 62cc13ea1abaa939e24c291d545059a1e8f12e3b Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 10 Apr 2023 12:26:42 -0700 Subject: [PATCH 0242/1176] gha: disable setup-go cache for golangci job Since commit e3cf217cf1fa9248d153 actions/setup-go@v4 uses caching implicitly, and olangci/golangci-lint-action also uses caching. These two caches clash, resulting in multiple warnings in CI logs. The official golangci-lint-action solution is to disable caching for setup-go job (see [1]). Do the same. [1] https://github.com/golangci/golangci-lint-action/pull/704 Signed-off-by: Kir Kolyshkin --- .github/workflows/validate.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 2e54e648b9f..55777d912e4 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -32,6 +32,7 @@ jobs: - uses: actions/setup-go@v4 with: go-version: "${{ env.GO_VERSION }}" + cache: false # golangci-lint-action does its own caching - name: install deps run: | sudo apt -q update From 2a3470456ed473be27dde0181bc6b774f4915a37 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 17 May 2023 05:00:09 +0000 Subject: [PATCH 0243/1176] build(deps): bump tim-actions/get-pr-commits from 1.2.0 to 1.3.0 Bumps [tim-actions/get-pr-commits](https://github.com/tim-actions/get-pr-commits) from 1.2.0 to 1.3.0. - [Release notes](https://github.com/tim-actions/get-pr-commits/releases) - [Commits](https://github.com/tim-actions/get-pr-commits/compare/v1.2.0...v1.3.0) --- updated-dependencies: - dependency-name: tim-actions/get-pr-commits dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/validate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 55777d912e4..869a49e259f 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -123,7 +123,7 @@ jobs: steps: - name: get pr commits id: 'get-pr-commits' - uses: tim-actions/get-pr-commits@v1.2.0 + uses: tim-actions/get-pr-commits@v1.3.0 with: token: ${{ secrets.GITHUB_TOKEN }} From 72657eac2e6af14ec00512d40872168bb11ac4a5 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 11 Apr 2023 16:38:50 -0700 Subject: [PATCH 0244/1176] libct: move StartInitialization No code change, just moving a function from factory_linux.go to init_linux.go. Signed-off-by: Kir Kolyshkin --- libcontainer/factory_linux.go | 87 ----------------------------------- libcontainer/init_linux.go | 86 ++++++++++++++++++++++++++++++++++ 2 files changed, 86 insertions(+), 87 deletions(-) diff --git a/libcontainer/factory_linux.go b/libcontainer/factory_linux.go index bf8904efb85..d10a278102e 100644 --- a/libcontainer/factory_linux.go +++ b/libcontainer/factory_linux.go @@ -5,8 +5,6 @@ import ( "errors" "fmt" "os" - "runtime/debug" - "strconv" securejoin "github.com/cyphar/filepath-securejoin" "golang.org/x/sys/unix" @@ -18,7 +16,6 @@ import ( "github.com/opencontainers/runc/libcontainer/configs/validate" "github.com/opencontainers/runc/libcontainer/intelrdt" "github.com/opencontainers/runc/libcontainer/utils" - "github.com/sirupsen/logrus" ) const ( @@ -151,90 +148,6 @@ func Load(root, id string) (*Container, error) { return c, nil } -// StartInitialization loads a container by opening the pipe fd from the parent -// to read the configuration and state. This is a low level implementation -// detail of the reexec and should not be consumed externally. -func StartInitialization() (err error) { - // Get the INITPIPE. - envInitPipe := os.Getenv("_LIBCONTAINER_INITPIPE") - pipefd, err := strconv.Atoi(envInitPipe) - if err != nil { - err = fmt.Errorf("unable to convert _LIBCONTAINER_INITPIPE: %w", err) - logrus.Error(err) - return err - } - pipe := os.NewFile(uintptr(pipefd), "pipe") - defer pipe.Close() - - defer func() { - // We have an error during the initialization of the container's init, - // send it back to the parent process in the form of an initError. - if werr := writeSync(pipe, procError); werr != nil { - fmt.Fprintln(os.Stderr, err) - return - } - if werr := utils.WriteJSON(pipe, &initError{Message: err.Error()}); werr != nil { - fmt.Fprintln(os.Stderr, err) - return - } - }() - - // Only init processes have FIFOFD. - fifofd := -1 - envInitType := os.Getenv("_LIBCONTAINER_INITTYPE") - it := initType(envInitType) - if it == initStandard { - envFifoFd := os.Getenv("_LIBCONTAINER_FIFOFD") - if fifofd, err = strconv.Atoi(envFifoFd); err != nil { - return fmt.Errorf("unable to convert _LIBCONTAINER_FIFOFD: %w", err) - } - } - - var consoleSocket *os.File - if envConsole := os.Getenv("_LIBCONTAINER_CONSOLE"); envConsole != "" { - console, err := strconv.Atoi(envConsole) - if err != nil { - return fmt.Errorf("unable to convert _LIBCONTAINER_CONSOLE: %w", err) - } - consoleSocket = os.NewFile(uintptr(console), "console-socket") - defer consoleSocket.Close() - } - - logPipeFdStr := os.Getenv("_LIBCONTAINER_LOGPIPE") - logPipeFd, err := strconv.Atoi(logPipeFdStr) - if err != nil { - return fmt.Errorf("unable to convert _LIBCONTAINER_LOGPIPE: %w", err) - } - - // Get mount files (O_PATH). - mountFds, err := parseMountFds() - if err != nil { - return err - } - - // clear the current process's environment to clean any libcontainer - // specific env vars. - os.Clearenv() - - defer func() { - if e := recover(); e != nil { - if ee, ok := e.(error); ok { - err = fmt.Errorf("panic from initialization: %w, %s", ee, debug.Stack()) - } else { - err = fmt.Errorf("panic from initialization: %v, %s", e, debug.Stack()) - } - } - }() - - i, err := newContainerInit(it, pipe, consoleSocket, fifofd, logPipeFd, mountFds) - if err != nil { - return err - } - - // If Init succeeds, syscall.Exec will not return, hence none of the defers will be called. - return i.Init() -} - func loadState(root string) (*State, error) { stateFilePath, err := securejoin.SecureJoin(root, stateFilename) if err != nil { diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go index 6a88f1b211c..763ff9a1556 100644 --- a/libcontainer/init_linux.go +++ b/libcontainer/init_linux.go @@ -8,6 +8,8 @@ import ( "io" "net" "os" + "runtime/debug" + "strconv" "strings" "unsafe" @@ -71,6 +73,90 @@ type initConfig struct { Cgroup2Path string `json:"cgroup2_path,omitempty"` } +// StartInitialization loads a container by opening the pipe fd from the parent +// to read the configuration and state. This is a low level implementation +// detail of the reexec and should not be consumed externally. +func StartInitialization() (err error) { + // Get the INITPIPE. + envInitPipe := os.Getenv("_LIBCONTAINER_INITPIPE") + pipefd, err := strconv.Atoi(envInitPipe) + if err != nil { + err = fmt.Errorf("unable to convert _LIBCONTAINER_INITPIPE: %w", err) + logrus.Error(err) + return err + } + pipe := os.NewFile(uintptr(pipefd), "pipe") + defer pipe.Close() + + defer func() { + // We have an error during the initialization of the container's init, + // send it back to the parent process in the form of an initError. + if werr := writeSync(pipe, procError); werr != nil { + fmt.Fprintln(os.Stderr, err) + return + } + if werr := utils.WriteJSON(pipe, &initError{Message: err.Error()}); werr != nil { + fmt.Fprintln(os.Stderr, err) + return + } + }() + + // Only init processes have FIFOFD. + fifofd := -1 + envInitType := os.Getenv("_LIBCONTAINER_INITTYPE") + it := initType(envInitType) + if it == initStandard { + envFifoFd := os.Getenv("_LIBCONTAINER_FIFOFD") + if fifofd, err = strconv.Atoi(envFifoFd); err != nil { + return fmt.Errorf("unable to convert _LIBCONTAINER_FIFOFD: %w", err) + } + } + + var consoleSocket *os.File + if envConsole := os.Getenv("_LIBCONTAINER_CONSOLE"); envConsole != "" { + console, err := strconv.Atoi(envConsole) + if err != nil { + return fmt.Errorf("unable to convert _LIBCONTAINER_CONSOLE: %w", err) + } + consoleSocket = os.NewFile(uintptr(console), "console-socket") + defer consoleSocket.Close() + } + + logPipeFdStr := os.Getenv("_LIBCONTAINER_LOGPIPE") + logPipeFd, err := strconv.Atoi(logPipeFdStr) + if err != nil { + return fmt.Errorf("unable to convert _LIBCONTAINER_LOGPIPE: %w", err) + } + + // Get mount files (O_PATH). + mountFds, err := parseMountFds() + if err != nil { + return err + } + + // clear the current process's environment to clean any libcontainer + // specific env vars. + os.Clearenv() + + defer func() { + if e := recover(); e != nil { + if ee, ok := e.(error); ok { + err = fmt.Errorf("panic from initialization: %w, %s", ee, debug.Stack()) + } else { + err = fmt.Errorf("panic from initialization: %v, %s", e, debug.Stack()) + } + } + }() + + i, err := newContainerInit(it, pipe, consoleSocket, fifofd, logPipeFd, mountFds) + if err != nil { + return err + } + + // If Init succeeds, syscall.Exec will not return, hence none of the defers will be called. + return i.Init() +} + type initer interface { Init() error } From 4f0a7e78c3881375159ce649e45a7f2074aa94be Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 9 Dec 2021 14:22:34 -0800 Subject: [PATCH 0245/1176] libct/init: call Init from containerInit Instead of having newContainerInit return an interface, and let its caller call Init(), it is easier to call Init directly. Do that, and rename newContainerInit to containerInit. I think it makes the code more readable and straightforward. Signed-off-by: Kir Kolyshkin --- libcontainer/init_linux.go | 33 +++++++++++++-------------------- 1 file changed, 13 insertions(+), 20 deletions(-) diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go index 763ff9a1556..2a49d40ba89 100644 --- a/libcontainer/init_linux.go +++ b/libcontainer/init_linux.go @@ -148,42 +148,34 @@ func StartInitialization() (err error) { } }() - i, err := newContainerInit(it, pipe, consoleSocket, fifofd, logPipeFd, mountFds) - if err != nil { - return err - } - - // If Init succeeds, syscall.Exec will not return, hence none of the defers will be called. - return i.Init() -} - -type initer interface { - Init() error + // If init succeeds, it will not return, hence none of the defers will be called. + return containerInit(it, pipe, consoleSocket, fifofd, logPipeFd, mountFds) } -func newContainerInit(t initType, pipe *os.File, consoleSocket *os.File, fifoFd, logFd int, mountFds []int) (initer, error) { +func containerInit(t initType, pipe *os.File, consoleSocket *os.File, fifoFd, logFd int, mountFds []int) error { var config *initConfig if err := json.NewDecoder(pipe).Decode(&config); err != nil { - return nil, err + return err } if err := populateProcessEnvironment(config.Env); err != nil { - return nil, err + return err } switch t { case initSetns: // mountFds must be nil in this case. We don't mount while doing runc exec. if mountFds != nil { - return nil, errors.New("mountFds must be nil; can't mount from exec") + return errors.New("mountFds must be nil; can't mount from exec") } - return &linuxSetnsInit{ + i := &linuxSetnsInit{ pipe: pipe, consoleSocket: consoleSocket, config: config, logFd: logFd, - }, nil + } + return i.Init() case initStandard: - return &linuxStandardInit{ + i := &linuxStandardInit{ pipe: pipe, consoleSocket: consoleSocket, parentPid: unix.Getppid(), @@ -191,9 +183,10 @@ func newContainerInit(t initType, pipe *os.File, consoleSocket *os.File, fifoFd, fifoFd: fifoFd, logFd: logFd, mountFds: mountFds, - }, nil + } + return i.Init() } - return nil, fmt.Errorf("unknown init type %q", t) + return fmt.Errorf("unknown init type %q", t) } // populateProcessEnvironment loads the provided environment variables into the From eba31a7c6c70ab98bb05266f201e64069b91921b Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 4 Aug 2022 16:33:57 -0700 Subject: [PATCH 0246/1176] libct/StartInitialization: rename returned error This is a cosmetic change to improve code readability, making it easier to distinguish between a local error and the error being returned. While at it, rename e to err (it was originally called e to not clash with returned error named err) and ee to err2. Signed-off-by: Kir Kolyshkin --- libcontainer/init_linux.go | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go index 2a49d40ba89..52cb7d57374 100644 --- a/libcontainer/init_linux.go +++ b/libcontainer/init_linux.go @@ -76,7 +76,7 @@ type initConfig struct { // StartInitialization loads a container by opening the pipe fd from the parent // to read the configuration and state. This is a low level implementation // detail of the reexec and should not be consumed externally. -func StartInitialization() (err error) { +func StartInitialization() (retErr error) { // Get the INITPIPE. envInitPipe := os.Getenv("_LIBCONTAINER_INITPIPE") pipefd, err := strconv.Atoi(envInitPipe) @@ -91,12 +91,12 @@ func StartInitialization() (err error) { defer func() { // We have an error during the initialization of the container's init, // send it back to the parent process in the form of an initError. - if werr := writeSync(pipe, procError); werr != nil { - fmt.Fprintln(os.Stderr, err) + if err := writeSync(pipe, procError); err != nil { + fmt.Fprintln(os.Stderr, retErr) return } - if werr := utils.WriteJSON(pipe, &initError{Message: err.Error()}); werr != nil { - fmt.Fprintln(os.Stderr, err) + if err := utils.WriteJSON(pipe, &initError{Message: retErr.Error()}); err != nil { + fmt.Fprintln(os.Stderr, retErr) return } }() @@ -139,11 +139,11 @@ func StartInitialization() (err error) { os.Clearenv() defer func() { - if e := recover(); e != nil { - if ee, ok := e.(error); ok { - err = fmt.Errorf("panic from initialization: %w, %s", ee, debug.Stack()) + if err := recover(); err != nil { + if err2, ok := err.(error); ok { + retErr = fmt.Errorf("panic from initialization: %w, %s", err2, debug.Stack()) } else { - err = fmt.Errorf("panic from initialization: %v, %s", e, debug.Stack()) + retErr = fmt.Errorf("panic from initialization: %v, %s", err, debug.Stack()) } } }() From 7e481ee2eb069fba08bcffd04c3f5f723ae96527 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 10 Dec 2021 12:58:35 -0800 Subject: [PATCH 0247/1176] libct/int: remove logger from init Currently, TestInit sets up logrus, and init uses it to log an error from StartInitialization(). This is solely used by TestExecInError to check that error returned from StartInitialization is the one it expects. Note that the very same error is communicated to the runc init parent and is ultimately returned by container.Run(), so checking what StartInitialization returned is redundant. Remove logrus setup and use from TestMain/init. Signed-off-by: Kir Kolyshkin --- libcontainer/integration/execin_test.go | 11 +++-------- libcontainer/integration/init_test.go | 17 +++++++++-------- 2 files changed, 12 insertions(+), 16 deletions(-) diff --git a/libcontainer/integration/execin_test.go b/libcontainer/integration/execin_test.go index f8a6a9c6996..58519a419c0 100644 --- a/libcontainer/integration/execin_test.go +++ b/libcontainer/integration/execin_test.go @@ -215,12 +215,10 @@ func TestExecInError(t *testing.T) { ok(t, err) for i := 0; i < 42; i++ { - var out bytes.Buffer unexistent := &libcontainer.Process{ - Cwd: "/", - Args: []string{"unexistent"}, - Env: standardEnvironment, - Stderr: &out, + Cwd: "/", + Args: []string{"unexistent"}, + Env: standardEnvironment, } err = container.Run(unexistent) if err == nil { @@ -229,9 +227,6 @@ func TestExecInError(t *testing.T) { if !strings.Contains(err.Error(), "executable file not found") { t.Fatalf("Should be error about not found executable, got %s", err) } - if !bytes.Contains(out.Bytes(), []byte("executable file not found")) { - t.Fatalf("executable file not found error not delivered to stdio:\n%s", out.String()) - } } } diff --git a/libcontainer/integration/init_test.go b/libcontainer/integration/init_test.go index 76638ffc7fa..efcbe72b0f1 100644 --- a/libcontainer/integration/init_test.go +++ b/libcontainer/integration/init_test.go @@ -1,6 +1,7 @@ package integration import ( + "fmt" "os" "runtime" "testing" @@ -9,27 +10,27 @@ import ( //nolint:revive // Enable cgroup manager to manage devices _ "github.com/opencontainers/runc/libcontainer/cgroups/devices" _ "github.com/opencontainers/runc/libcontainer/nsenter" - - "github.com/sirupsen/logrus" ) -// init runs the libcontainer initialization code because of the busybox style needs -// to work around the go runtime and the issues with forking +// Same as ../../init.go but for libcontainer/integration. func init() { if len(os.Args) < 2 || os.Args[1] != "init" { return } + // This is the golang entry point for runc init, executed + // before TestMain() but after libcontainer/nsenter's nsexec(). runtime.GOMAXPROCS(1) runtime.LockOSThread() if err := libcontainer.StartInitialization(); err != nil { - logrus.Fatal(err) + // logrus is not initialized + fmt.Fprintln(os.Stderr, err) } + // Normally, StartInitialization() never returns, meaning + // if we are here, it had failed. + os.Exit(1) } func TestMain(m *testing.M) { - logrus.SetOutput(os.Stderr) - logrus.SetLevel(logrus.InfoLevel) - ret := m.Run() os.Exit(ret) } From b9d2d8d8a646fdd12042bb5636c326a1310e945b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 18 May 2023 05:00:24 +0000 Subject: [PATCH 0248/1176] build(deps): bump github.com/sirupsen/logrus from 1.9.0 to 1.9.2 Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.9.0 to 1.9.2. - [Release notes](https://github.com/sirupsen/logrus/releases) - [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md) - [Commits](https://github.com/sirupsen/logrus/compare/v1.9.0...v1.9.2) --- updated-dependencies: - dependency-name: github.com/sirupsen/logrus dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- vendor/github.com/sirupsen/logrus/README.md | 8 +++++--- vendor/github.com/sirupsen/logrus/hooks/test/test.go | 2 +- vendor/modules.txt | 2 +- 5 files changed, 10 insertions(+), 8 deletions(-) diff --git a/go.mod b/go.mod index e61272649ae..32acc2ba9b7 100644 --- a/go.mod +++ b/go.mod @@ -15,7 +15,7 @@ require ( github.com/opencontainers/runtime-spec v1.1.0-rc.2 github.com/opencontainers/selinux v1.11.0 github.com/seccomp/libseccomp-golang v0.10.0 - github.com/sirupsen/logrus v1.9.0 + github.com/sirupsen/logrus v1.9.2 github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 github.com/urfave/cli v1.22.12 github.com/vishvananda/netlink v1.1.0 diff --git a/go.sum b/go.sum index e2cf34fe826..c3cf5988843 100644 --- a/go.sum +++ b/go.sum @@ -41,8 +41,8 @@ github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/seccomp/libseccomp-golang v0.10.0 h1:aA4bp+/Zzi0BnWZ2F1wgNBs5gTpm+na2rWM6M9YjLpY= github.com/seccomp/libseccomp-golang v0.10.0/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg= -github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0= -github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= +github.com/sirupsen/logrus v1.9.2 h1:oxx1eChJGI6Uks2ZC4W1zpLlVgqB8ner4EuQwV4Ik1Y= +github.com/sirupsen/logrus v1.9.2/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/spf13/cobra v1.5.0/go.mod h1:dWXEIy2H428czQCjInthrTRUg7yKbok+2Qi/yBIJoUM= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= diff --git a/vendor/github.com/sirupsen/logrus/README.md b/vendor/github.com/sirupsen/logrus/README.md index b042c896f25..d1d4a85fd75 100644 --- a/vendor/github.com/sirupsen/logrus/README.md +++ b/vendor/github.com/sirupsen/logrus/README.md @@ -9,7 +9,7 @@ the last thing you want from your Logging library (again...). This does not mean Logrus is dead. Logrus will continue to be maintained for security, (backwards compatible) bug fixes, and performance (where we are -limited by the interface). +limited by the interface). I believe Logrus' biggest contribution is to have played a part in today's widespread use of structured logging in Golang. There doesn't seem to be a @@ -43,7 +43,7 @@ plain text): With `log.SetFormatter(&log.JSONFormatter{})`, for easy parsing by logstash or Splunk: -```json +```text {"animal":"walrus","level":"info","msg":"A group of walrus emerges from the ocean","size":10,"time":"2014-03-10 19:57:38.562264131 -0400 EDT"} @@ -99,7 +99,7 @@ time="2015-03-26T01:27:38-04:00" level=fatal method=github.com/sirupsen/arcticcr ``` Note that this does add measurable overhead - the cost will depend on the version of Go, but is between 20 and 40% in recent tests with 1.6 and 1.7. You can validate this in your -environment via benchmarks: +environment via benchmarks: ``` go test -bench=.*CallerTracing ``` @@ -317,6 +317,8 @@ log.SetLevel(log.InfoLevel) It may be useful to set `log.Level = logrus.DebugLevel` in a debug or verbose environment if your application has that. +Note: If you want different log levels for global (`log.SetLevel(...)`) and syslog logging, please check the [syslog hook README](hooks/syslog/README.md#different-log-levels-for-local-and-remote-logging). + #### Entries Besides the fields added with `WithField` or `WithFields` some fields are diff --git a/vendor/github.com/sirupsen/logrus/hooks/test/test.go b/vendor/github.com/sirupsen/logrus/hooks/test/test.go index b16d06654ae..046f0bf6cf2 100644 --- a/vendor/github.com/sirupsen/logrus/hooks/test/test.go +++ b/vendor/github.com/sirupsen/logrus/hooks/test/test.go @@ -32,7 +32,7 @@ func NewGlobal() *Hook { func NewLocal(logger *logrus.Logger) *Hook { hook := new(Hook) - logger.Hooks.Add(hook) + logger.AddHook(hook) return hook diff --git a/vendor/modules.txt b/vendor/modules.txt index 8748b1638b2..24ae37ab85c 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -51,7 +51,7 @@ github.com/russross/blackfriday/v2 # github.com/seccomp/libseccomp-golang v0.10.0 ## explicit; go 1.14 github.com/seccomp/libseccomp-golang -# github.com/sirupsen/logrus v1.9.0 +# github.com/sirupsen/logrus v1.9.2 ## explicit; go 1.13 github.com/sirupsen/logrus github.com/sirupsen/logrus/hooks/test From 650efb2c2234dd7c85191d9e051392044dd12fae Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 22 May 2023 17:40:27 -0700 Subject: [PATCH 0249/1176] Fix Vagrant caching As of today, vagrant stopped working, my best guess is due to bad caching. Here's an excerpt from logs: ... vagrant plugin install vagrant-libvirt Installing the 'vagrant-libvirt' plugin. This can take a few minutes... Building native extensions. This could take a while... Installed the plugin 'vagrant-libvirt (0.12.1)'! ... uname -s ; cat Vagrantfile.$DISTRO Linux ... Downloaded 481Mb in 4.096201s. Cache hit for vagrant-8be35383dc00f23d080ff00b2a724c938d650254861f26b67624c28e3fe5e6ae! ... Vagrant failed to initialize at a very early stage: The plugins failed to initialize correctly. This may be due to manual modifications made within the Vagrant home directory. ... Error message given during initialization: Unable to resolve dependency: user requested 'vagrant-libvirt (= 0.12.0)' ... The problem is, vagrant cache overwrites newer plugin with an older one. Let's only cache the downloaded image. Also, change the cache fingerprint script (remove "Linux"). Signed-off-by: Kir Kolyshkin --- .cirrus.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.cirrus.yml b/.cirrus.yml index bf76a6b2379..eb4ba652be3 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -47,8 +47,8 @@ task: apt-get install -y --no-install-recommends libxslt-dev libxml2-dev libvirt-dev ruby-bundler ruby-dev zlib1g-dev vagrant plugin install vagrant-libvirt vagrant_cache: - fingerprint_script: uname -s ; cat Vagrantfile.$DISTRO - folder: /root/.vagrant.d + fingerprint_script: cat Vagrantfile.$DISTRO + folder: /root/.vagrant.d/boxes vagrant_up_script: | ln -sf Vagrantfile.$DISTRO Vagrantfile # Retry if it fails (download.fedoraproject.org returns 404 sometimes) From bb4dbbc4f506a4565d08764ccec50e9bf4523142 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 23 May 2023 11:48:49 -0700 Subject: [PATCH 0250/1176] ci/cirrus: limit numcpu ... so we can run all four jobs in parallel. While at it, fix the comment in the file. Signed-off-by: Kir Kolyshkin --- .cirrus.yml | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/.cirrus.yml b/.cirrus.yml index eb4ba652be3..c6d238726f1 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -1,7 +1,8 @@ --- -# We use Cirrus for Vagrant tests and native CentOS 7 and 8, because macOS -# instances of GHA are too slow and flaky, and Linux instances of GHA do not -# support KVM. +# We use Cirrus for CentOS (native) and Fedora (in Vagrant), because neither +# CentOS nor Fedora is available on GHA natively, so the only option is VM. +# In GHA, nested virtualization is only supported on macOS instances, which +# are slow and flaky. # NOTE Cirrus execution environments lack a terminal, needed for # some integration tests. So we use `ssh -tt` command to fake a terminal. @@ -24,9 +25,9 @@ task: platform: linux nested_virtualization: true # CPU limit: `16 / NTASK`: see https://cirrus-ci.org/faq/#are-there-any-limits - cpu: 8 + cpu: 4 # Memory limit: `4GB * NCPU` - memory: 32G + memory: 16G host_info_script: | uname -a From 511c76143bba15712d4b5159aeef2f4903005809 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 5 Jun 2023 12:02:14 -0700 Subject: [PATCH 0251/1176] man/runc: fixes 1. Fix some missing punctuation, use proper case. 2. Remove "runc init" (previously removed from "runc --help" by commit 7a0302f0d79e32766). Signed-off-by: Kir Kolyshkin --- man/runc.8.md | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/man/runc.8.md b/man/runc.8.md index ed5cd3a0fe0..7e93a401f20 100644 --- a/man/runc.8.md +++ b/man/runc.8.md @@ -40,20 +40,16 @@ value for _bundle_ is the current directory. : Create a container. See **runc-create**(8). **delete** -: Delete any resources held by the container often used with detached +: Delete any resources held by the container; often used with detached containers. See **runc-delete**(8). **events** -: Display container events such as OOM notifications, cpu, memory, IO and -network stats. See **runc-events**(8). +: Display container events, such as OOM notifications, CPU, memory, I/O and +network statistics. See **runc-events**(8). **exec** : Execute a new process inside the container. See **runc-exec**(8). -**init** -: Initialize the namespaces and launch the container init process. This command -is not supposed to be used directly. - **kill** : Send a specified signal to the container's init process. See **runc-kill**(8). From 5929b01989c083b92ce794777437c17a2e3a3479 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 30 May 2023 17:24:21 -0700 Subject: [PATCH 0252/1176] ci/gha: add space-at-eol check, fix existing issues Signed-off-by: Kir Kolyshkin --- .github/workflows/validate.yml | 7 +++++ MAINTAINERS_GUIDE.md | 2 +- NOTICE | 4 +-- contrib/completions/bash/runc | 2 +- libcontainer/SPEC.md | 52 +++++++++++++++++----------------- libcontainer/nsenter/README.md | 12 ++++---- 6 files changed, 43 insertions(+), 36 deletions(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 869a49e259f..591a11bed62 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -101,6 +101,13 @@ jobs: - name: check-config.sh run : ./script/check-config.sh + space-at-eol: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - run: rm -fr vendor + - run: if git -P grep -I -n '\s$'; then echo "^^^ extra whitespace at EOL, please fix"; exit 1; fi + deps: runs-on: ubuntu-22.04 steps: diff --git a/MAINTAINERS_GUIDE.md b/MAINTAINERS_GUIDE.md index 7442103d398..926ac969140 100644 --- a/MAINTAINERS_GUIDE.md +++ b/MAINTAINERS_GUIDE.md @@ -50,7 +50,7 @@ All decisions affecting runc, big and small, follow the same 3 steps: * Step 2: Discuss the pull request. Anyone can do this. -* Step 3: Accept (`LGTM`) or refuse a pull request. The relevant maintainers do +* Step 3: Accept (`LGTM`) or refuse a pull request. The relevant maintainers do this (see below "Who decides what?") *I'm a maintainer, should I make pull requests too?* diff --git a/NOTICE b/NOTICE index 5c97abce4b9..c29775c0d9d 100644 --- a/NOTICE +++ b/NOTICE @@ -8,9 +8,9 @@ The following is courtesy of our legal counsel: Use and transfer of Docker may be subject to certain restrictions by the -United States and other governments. +United States and other governments. It is your responsibility to ensure that your use and/or transfer does not -violate applicable laws. +violate applicable laws. For more information, please see http://www.bis.doc.gov diff --git a/contrib/completions/bash/runc b/contrib/completions/bash/runc index 23ff64e889d..1f2da1c045f 100644 --- a/contrib/completions/bash/runc +++ b/contrib/completions/bash/runc @@ -382,7 +382,7 @@ _runc_events() { _runc_list() { local boolean_options=" --help - --quiet + --quiet -q " diff --git a/libcontainer/SPEC.md b/libcontainer/SPEC.md index 07ebdc12153..c6fe4eaa8a0 100644 --- a/libcontainer/SPEC.md +++ b/libcontainer/SPEC.md @@ -2,7 +2,7 @@ This is the standard configuration for version 1 containers. It includes namespaces, standard filesystem setup, a default Linux capability set, and -information about resource reservations. It also has information about any +information about resource reservations. It also has information about any populated environment settings for the processes running inside a container. Along with the configuration of how a container is created the standard also @@ -42,10 +42,10 @@ the binaries and system libraries are local to that directory. Any binaries to be executed must be contained within this rootfs. Mounts that happen inside the container are automatically cleaned up when the -container exits as the mount namespace is destroyed and the kernel will +container exits as the mount namespace is destroyed and the kernel will unmount all the mounts that were setup within that namespace. -For a container to execute properly there are certain filesystems that +For a container to execute properly there are certain filesystems that are required to be mounted within the rootfs that the runtime will setup. | Path | Type | Flags | Data | @@ -58,7 +58,7 @@ are required to be mounted within the rootfs that the runtime will setup. | /sys | sysfs | MS_NOEXEC,MS_NOSUID,MS_NODEV,MS_RDONLY | | -After a container's filesystems are mounted within the newly created +After a container's filesystems are mounted within the newly created mount namespace `/dev` will need to be populated with a set of device nodes. It is expected that a rootfs does not need to have any device nodes specified for `/dev` within the rootfs as the container will setup the correct devices @@ -76,25 +76,25 @@ that are required for executing a container's process. **ptmx** `/dev/ptmx` will need to be a symlink to the host's `/dev/ptmx` within -the container. +the container. The use of a pseudo TTY is optional within a container and it should support both. -If a pseudo is provided to the container `/dev/console` will need to be +If a pseudo is provided to the container `/dev/console` will need to be setup by binding the console in `/dev/` after it has been populated and mounted in tmpfs. | Source | Destination | UID GID | Mode | Type | | --------------- | ------------ | ------- | ---- | ---- | -| *pty host path* | /dev/console | 0 0 | 0600 | bind | +| *pty host path* | /dev/console | 0 0 | 0600 | bind | After `/dev/null` has been setup we check for any external links between the container's io, STDIN, STDOUT, STDERR. If the container's io is pointing -to `/dev/null` outside the container we close and `dup2` the `/dev/null` +to `/dev/null` outside the container we close and `dup2` the `/dev/null` that is local to the container's rootfs. -After the container has `/proc` mounted a few standard symlinks are setup +After the container has `/proc` mounted a few standard symlinks are setup within `/dev/` for the io. | Source | Destination | @@ -104,7 +104,7 @@ within `/dev/` for the io. | /proc/self/fd/1 | /dev/stdout | | /proc/self/fd/2 | /dev/stderr | -A `pivot_root` is used to change the root for the process, effectively +A `pivot_root` is used to change the root for the process, effectively jailing the process inside the rootfs. ```c @@ -151,7 +151,7 @@ so that containers can be paused and resumed. The parent process of the container's init must place the init pid inside the correct cgroups before the initialization begins. This is done so -that no processes or threads escape the cgroups. This sync is +that no processes or threads escape the cgroups. This sync is done via a pipe ( specified in the runtime section below ) that the container's init process will block waiting for the parent to finish setup. @@ -263,7 +263,7 @@ For example, on a two-socket machine, the schema line could be "MB:0=5000;1=7000" which means 5000 MBps memory bandwidth limit on socket 0 and 7000 MBps memory bandwidth limit on socket 1. -For more information about Intel RDT kernel interface: +For more information about Intel RDT kernel interface: https://www.kernel.org/doc/Documentation/x86/intel_rdt_ui.txt ``` @@ -285,7 +285,7 @@ maximum memory bandwidth of 20% on socket 0 and 70% on socket 1. } ``` -### Security +### Security The standard set of Linux capabilities that are set in a container provide a good default for security and flexibility for the applications. @@ -335,8 +335,8 @@ provide a good default for security and flexibility for the applications. Additional security layers like [apparmor](https://wiki.ubuntu.com/AppArmor) and [selinux](http://selinuxproject.org/page/Main_Page) can be used with -the containers. A container should support setting an apparmor profile or -selinux process and mount labels if provided in the configuration. +the containers. A container should support setting an apparmor profile or +selinux process and mount labels if provided in the configuration. Standard apparmor profile: ```c @@ -371,17 +371,17 @@ profile flags=(attach_disconnected,mediate_deleted) { ### Runtime and Init Process -During container creation the parent process needs to talk to the container's init +During container creation the parent process needs to talk to the container's init process and have a form of synchronization. This is accomplished by creating -a pipe that is passed to the container's init. When the init process first spawns +a pipe that is passed to the container's init. When the init process first spawns it will block on its side of the pipe until the parent closes its side. This -allows the parent to have time to set the new process inside a cgroup hierarchy -and/or write any uid/gid mappings required for user namespaces. +allows the parent to have time to set the new process inside a cgroup hierarchy +and/or write any uid/gid mappings required for user namespaces. The pipe is passed to the init process via FD 3. The application consuming libcontainer should be compiled statically. libcontainer does not define any init process and the arguments provided are used to `exec` the -process inside the application. There should be no long running init within the +process inside the application. There should be no long running init within the container spec. If a pseudo tty is provided to a container it will open and `dup2` the console @@ -391,10 +391,10 @@ as `/dev/console`. An extra set of mounts are provided to a container and setup for use. A container's rootfs can contain some non portable files inside that can cause side effects during execution of a process. These files are usually created and populated with the container -specific information via the runtime. +specific information via the runtime. **Extra runtime files:** -* /etc/hosts +* /etc/hosts * /etc/resolv.conf * /etc/hostname * /etc/localtime @@ -407,7 +407,7 @@ these apply to processes within a container. | Type | Value | | ------------------- | ------------------------------ | -| Parent Death Signal | SIGKILL | +| Parent Death Signal | SIGKILL | | UID | 0 | | GID | 0 | | GROUPS | 0, NULL | @@ -420,15 +420,15 @@ these apply to processes within a container. ## Actions After a container is created there is a standard set of actions that can -be done to the container. These actions are part of the public API for +be done to the container. These actions are part of the public API for a container. | Action | Description | | -------------- | ------------------------------------------------------------------ | -| Get processes | Return all the pids for processes running inside a container | +| Get processes | Return all the pids for processes running inside a container | | Get Stats | Return resource statistics for the container as a whole | | Wait | Waits on the container's init process ( pid 1 ) | -| Wait Process | Wait on any of the container's processes returning the exit status | +| Wait Process | Wait on any of the container's processes returning the exit status | | Destroy | Kill the container's init process and remove any filesystem state | | Signal | Send a signal to the container's init process | | Signal Process | Send a signal to any of the container's processes | diff --git a/libcontainer/nsenter/README.md b/libcontainer/nsenter/README.md index 9ec6c39316b..92957d3dfc6 100644 --- a/libcontainer/nsenter/README.md +++ b/libcontainer/nsenter/README.md @@ -1,15 +1,15 @@ ## nsenter -The `nsenter` package registers a special init constructor that is called before -the Go runtime has a chance to boot. This provides us the ability to `setns` on -existing namespaces and avoid the issues that the Go runtime has with multiple -threads. This constructor will be called if this package is registered, +The `nsenter` package registers a special init constructor that is called before +the Go runtime has a chance to boot. This provides us the ability to `setns` on +existing namespaces and avoid the issues that the Go runtime has with multiple +threads. This constructor will be called if this package is registered, imported, in your go application. The `nsenter` package will `import "C"` and it uses [cgo](https://golang.org/cmd/cgo/) -package. In cgo, if the import of "C" is immediately preceded by a comment, that comment, +package. In cgo, if the import of "C" is immediately preceded by a comment, that comment, called the preamble, is used as a header when compiling the C parts of the package. -So every time we import package `nsenter`, the C code function `nsexec()` would be +So every time we import package `nsenter`, the C code function `nsexec()` would be called. And package `nsenter` is only imported in `init.go`, so every time the runc `init` command is invoked, that C code is run. From fed0b12436e652feffca4d9107c3f68c49fbc202 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 17 May 2023 17:08:31 -0700 Subject: [PATCH 0253/1176] tests/int: increase num retries for oom tests This test is occasionally failing on CS9. The test case always takes about 7 seconds on my laptop (decreasing memory, using a different memory eater in shell etc. doesn't help). Increase the number of iterations from 10 to 30 to make sure we don't see any flakes. Signed-off-by: Kir Kolyshkin --- tests/integration/events.bats | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/integration/events.bats b/tests/integration/events.bats index a8fe52baf69..051c81e4e28 100644 --- a/tests/integration/events.bats +++ b/tests/integration/events.bats @@ -93,7 +93,7 @@ function test_events() { retry 10 1 grep -q test_busybox events.log # shellcheck disable=SC2016 __runc exec -d test_busybox sh -c 'test=$(dd if=/dev/urandom ibs=5120k)' - retry 10 1 grep -q oom events.log + retry 30 1 grep -q oom events.log __runc delete -f test_busybox ) & wait # wait for the above sub shells to finish From 67bc4bc2409faa0137dad48b822e8ce572302991 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 12 May 2023 10:40:14 -0700 Subject: [PATCH 0254/1176] tests/rootless.sh: drop set -x It seems that set -x was temporarily added as a debug measure, but slipped into the final commit. Remove it, for the sake of test logs brevity. Fixes: 9f656dbb11c42fbe3 Signed-off-by: Kir Kolyshkin --- tests/rootless.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/rootless.sh b/tests/rootless.sh index 83be248a108..7f0408508ce 100755 --- a/tests/rootless.sh +++ b/tests/rootless.sh @@ -1,4 +1,4 @@ -#!/bin/bash -x +#!/bin/bash # Copyright (C) 2017 SUSE LLC # # Licensed under the Apache License, Version 2.0 (the "License"); From e0e8d9c8860c2c4b7c844daff3a25884ce2c8ecf Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 11 May 2023 19:47:26 -0700 Subject: [PATCH 0255/1176] tests/int/kill: add kill -a with host pidns test This is roughly the same as TestPIDHostInitProcessWait in libct/int, except that here we use separate processes to create and to kill a container, so the processes inside a container are not children of "runc kill", and also we hit different codepaths (nonChildProcess.signal rather than initProcess.signal). One other thing is, rootless is also tested. Signed-off-by: Kir Kolyshkin --- tests/integration/kill.bats | 48 +++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) diff --git a/tests/integration/kill.bats b/tests/integration/kill.bats index 590ddd5ef07..2a78778bdee 100644 --- a/tests/integration/kill.bats +++ b/tests/integration/kill.bats @@ -29,3 +29,51 @@ function teardown() { runc delete test_busybox [ "$status" -eq 0 ] } + +# This is roughly the same as TestPIDHostInitProcessWait in libcontainer/integration. +@test "kill --all KILL [host pidns]" { + # kill -a currently requires cgroup freezer. + requires cgroups_freezer + + update_config ' .linux.namespaces -= [{"type": "pid"}]' + set_cgroups_path + if [ $EUID -ne 0 ]; then + # kill --all requires working cgroups. + requires rootless_cgroup + update_config ' .mounts |= map((select(.type == "proc") + | .type = "none" + | .source = "/proc" + | .options = ["rbind", "nosuid", "nodev", "noexec"] + ) // .)' + fi + + runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox + [ "$status" -eq 0 ] + + # Start a few more processes. + for _ in 1 2 3 4 5; do + __runc exec -d test_busybox sleep 1h + [ "$status" -eq 0 ] + done + + # Get the list of all container processes. + path=$(get_cgroup_path "pids") + pids=$(cat "$path"/cgroup.procs) + echo "pids: $pids" + # Sanity check -- make sure all processes exist. + for p in $pids; do + kill -0 "$p" + done + + runc kill -a test_busybox KILL + [ "$status" -eq 0 ] + wait_for_container 10 1 test_busybox stopped + + # Make sure all processes are gone. + pids=$(cat "$path"/cgroup.procs) || true # OK if cgroup is gone + echo "pids: $pids" + for p in $pids; do + run ! kill -0 "$p" + [[ "$output" = *"No such process" ]] + done +} From 5b8f8712a41514d8777ee2aeb28ea4c2d9bb0d8a Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 12 May 2023 11:04:21 -0700 Subject: [PATCH 0256/1176] libct: signalAllProcesses: remove child reaping There are two very distinct usage scenarios for signalAllProcesses: * when used from the runc binary ("runc kill" command), the processes that it kills are not the children of "runc kill", and so calling wait(2) on each process is totally useless, as it will return ECHLD; * when used from a program that have created the container (such as libcontainer/integration test suite), that program can and should call wait(2), not the signalling code. So, the child reaping code is totally useless in the first case, and should be implemented by the program using libcontainer in the second case. I was not able to track down how this code was added, my best guess is it happened when this code was part of dockerd, which did not have a proper child reaper implemented at that time. Remove it, and add a proper documentation piece. Change the integration test accordingly. PS the first attempt to disable the child reaping code in signalAllProcesses was made in commit bb912eb00c51f, which used a questionable heuristic to figure out whether wait(2) should be called. This heuristic worked for a particular use case, but is not correct in general. While at it: - simplify signalAllProcesses to use unix.Kill; - document (container).Signal. Signed-off-by: Kir Kolyshkin --- libcontainer/container_linux.go | 12 +++- libcontainer/init_linux.go | 80 ++------------------------- libcontainer/integration/exec_test.go | 13 +++-- 3 files changed, 22 insertions(+), 83 deletions(-) diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index 3c0857d0604..73264bc90e1 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -357,6 +357,12 @@ func (c *Container) start(process *Process) (retErr error) { return nil } +// Signal sends a specified signal to container's init, or, if all is true, +// true, to all container's processes (as determined by container's cgroup). +// +// Setting all=true is useful when s is SIGKILL and the container does not have +// its own PID namespace. In this scenario, the libcontainer user may be required +// to implement a proper child reaper. func (c *Container) Signal(s os.Signal, all bool) error { c.m.Lock() defer c.m.Unlock() @@ -365,12 +371,16 @@ func (c *Container) Signal(s os.Signal, all bool) error { return err } if all { + sig, ok := s.(unix.Signal) + if !ok { + return errors.New("unsupported signal type") + } if status == Stopped && !c.cgroupManager.Exists() { // Avoid calling signalAllProcesses which may print // a warning trying to freeze a non-existing cgroup. return nil } - return c.ignoreCgroupError(signalAllProcesses(c.cgroupManager, s)) + return c.ignoreCgroupError(signalAllProcesses(c.cgroupManager, sig)) } // to avoid a PID reuse attack if status == Running || status == Created || status == Paused { diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go index 52cb7d57374..9bf13d9d5d4 100644 --- a/libcontainer/init_linux.go +++ b/libcontainer/init_linux.go @@ -11,7 +11,6 @@ import ( "runtime/debug" "strconv" "strings" - "unsafe" "github.com/containerd/console" "github.com/opencontainers/runtime-spec/specs-go" @@ -575,39 +574,9 @@ func setupRlimits(limits []configs.Rlimit, pid int) error { return nil } -const _P_PID = 1 - -//nolint:structcheck,unused -type siginfo struct { - si_signo int32 - si_errno int32 - si_code int32 - // below here is a union; si_pid is the only field we use - si_pid int32 - // Pad to 128 bytes as detailed in blockUntilWaitable - pad [96]byte -} - -// isWaitable returns true if the process has exited false otherwise. -// Its based off blockUntilWaitable in src/os/wait_waitid.go -func isWaitable(pid int) (bool, error) { - si := &siginfo{} - _, _, e := unix.Syscall6(unix.SYS_WAITID, _P_PID, uintptr(pid), uintptr(unsafe.Pointer(si)), unix.WEXITED|unix.WNOWAIT|unix.WNOHANG, 0, 0) - if e != 0 { - return false, &os.SyscallError{Syscall: "waitid", Err: e} - } - - return si.si_pid != 0, nil -} - // signalAllProcesses freezes then iterates over all the processes inside the // manager's cgroups sending the signal s to them. -// If s is SIGKILL and subreaper is not enabled then it will wait for each -// process to exit. -// For all other signals it will check if the process is ready to report its -// exit status and only if it is will a wait be performed. -func signalAllProcesses(m cgroups.Manager, s os.Signal) error { - var procs []*os.Process +func signalAllProcesses(m cgroups.Manager, s unix.Signal) error { if err := m.Freeze(configs.Frozen); err != nil { logrus.Warn(err) } @@ -619,55 +588,14 @@ func signalAllProcesses(m cgroups.Manager, s os.Signal) error { return err } for _, pid := range pids { - p, err := os.FindProcess(pid) - if err != nil { - logrus.Warn(err) - continue - } - procs = append(procs, p) - if err := p.Signal(s); err != nil { - logrus.Warn(err) + err := unix.Kill(pid, s) + if err != nil && err != unix.ESRCH { //nolint:errorlint // unix errors are bare + logrus.Warnf("kill %d: %v", pid, err) } } if err := m.Freeze(configs.Thawed); err != nil { logrus.Warn(err) } - subreaper, err := system.GetSubreaper() - if err != nil { - // The error here means that PR_GET_CHILD_SUBREAPER is not - // supported because this code might run on a kernel older - // than 3.4. We don't want to throw an error in that case, - // and we simplify things, considering there is no subreaper - // set. - subreaper = 0 - } - - for _, p := range procs { - if s != unix.SIGKILL { - if ok, err := isWaitable(p.Pid); err != nil { - if !errors.Is(err, unix.ECHILD) { - logrus.Warn("signalAllProcesses: ", p.Pid, err) - } - continue - } else if !ok { - // Not ready to report so don't wait - continue - } - } - - // In case a subreaper has been setup, this code must not - // wait for the process. Otherwise, we cannot be sure the - // current process will be reaped by the subreaper, while - // the subreaper might be waiting for this process in order - // to retrieve its exit code. - if subreaper == 0 { - if _, err := p.Wait(); err != nil { - if !errors.Is(err, unix.ECHILD) { - logrus.Warn("wait: ", err) - } - } - } - } return nil } diff --git a/libcontainer/integration/exec_test.go b/libcontainer/integration/exec_test.go index 530faf1aeaa..376dd0f1f3b 100644 --- a/libcontainer/integration/exec_test.go +++ b/libcontainer/integration/exec_test.go @@ -1373,7 +1373,7 @@ func TestPIDHostInitProcessWait(t *testing.T) { process1 := &libcontainer.Process{ Cwd: "/", - Args: []string{"sleep", "100"}, + Args: []string{"sleep", "1h"}, Env: standardEnvironment, Init: true, } @@ -1382,7 +1382,7 @@ func TestPIDHostInitProcessWait(t *testing.T) { process2 := &libcontainer.Process{ Cwd: "/", - Args: []string{"sleep", "100"}, + Args: []string{"sleep", "1h"}, Env: standardEnvironment, Init: false, } @@ -1397,10 +1397,11 @@ func TestPIDHostInitProcessWait(t *testing.T) { t.Fatal("expected Wait to indicate failure") } - // The non-init process must've been killed. - err = process2.Signal(syscall.Signal(0)) - if err == nil || err.Error() != "no such process" { - t.Fatalf("expected process to have been killed: %v", err) + // The non-init process must've also been killed. If not, + // the test will time out. + _, err = process2.Wait() + if err == nil { + t.Fatal("expected Wait to indicate failure") } } From 2a7dcbbb4039f51c21b2051124ff2ac40a785b46 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 12 May 2023 16:04:11 -0700 Subject: [PATCH 0257/1176] libct: fix shared pidns detection When someone is using libcontainer to start and kill containers from a long lived process (i.e. the same process creates and removes the container), initProcess.wait method is used, which has a kludge to work around killing containers that do not have their own PID namespace. The code that checks for own PID namespace is not entirely correct. To be exact, it does not set sharePidns flag when the host/caller PID namespace is implicitly used. As a result, the above mentioned kludge does not work. Fix the issue, add a test case (which fails without the fix). Signed-off-by: Kir Kolyshkin --- libcontainer/configs/namespaces_syscall.go | 12 ++++++++++++ libcontainer/container_linux.go | 3 +-- libcontainer/integration/exec_test.go | 20 +++++++++++++++----- 3 files changed, 28 insertions(+), 7 deletions(-) diff --git a/libcontainer/configs/namespaces_syscall.go b/libcontainer/configs/namespaces_syscall.go index 0516dba8d09..543e059aa67 100644 --- a/libcontainer/configs/namespaces_syscall.go +++ b/libcontainer/configs/namespaces_syscall.go @@ -31,3 +31,15 @@ func (n *Namespaces) CloneFlags() uintptr { } return uintptr(flag) } + +// IsPrivate tells whether the namespace of type t is configured as private +// (i.e. it exists and is not shared). +func (n Namespaces) IsPrivate(t NamespaceType) bool { + for _, v := range n { + if v.Type == t { + return v.Path == "" + } + } + // Not found, so implicitly sharing a parent namespace. + return false +} diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index 73264bc90e1..59262d3ab22 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -549,7 +549,6 @@ func (c *Container) newInitProcess(p *Process, cmd *exec.Cmd, messageSockPair, l nsMaps[ns.Type] = ns.Path } } - _, sharePidns := nsMaps[configs.NEWPID] data, err := c.bootstrapData(c.config.Namespaces.CloneFlags(), nsMaps, initStandard) if err != nil { return nil, err @@ -594,7 +593,7 @@ func (c *Container) newInitProcess(p *Process, cmd *exec.Cmd, messageSockPair, l container: c, process: p, bootstrapData: data, - sharePidns: sharePidns, + sharePidns: !c.config.Namespaces.IsPrivate(configs.NEWPID), } c.initProcess = init return init, nil diff --git a/libcontainer/integration/exec_test.go b/libcontainer/integration/exec_test.go index 376dd0f1f3b..4ac0f466bd9 100644 --- a/libcontainer/integration/exec_test.go +++ b/libcontainer/integration/exec_test.go @@ -1355,16 +1355,26 @@ func TestPIDHost(t *testing.T) { } } -func TestPIDHostInitProcessWait(t *testing.T) { +func TestHostPidnsInitKill(t *testing.T) { + config := newTemplateConfig(t, nil) + // Implicitly use host pid ns. + config.Namespaces.Remove(configs.NEWPID) + testPidnsInitKill(t, config) +} + +func TestSharedPidnsInitKill(t *testing.T) { + config := newTemplateConfig(t, nil) + // Explicitly use host pid ns. + config.Namespaces.Add(configs.NEWPID, "/proc/1/ns/pid") + testPidnsInitKill(t, config) +} + +func testPidnsInitKill(t *testing.T, config *configs.Config) { if testing.Short() { return } - pidns := "/proc/1/ns/pid" - // Run a container with two long-running processes. - config := newTemplateConfig(t, nil) - config.Namespaces.Add(configs.NEWPID, pidns) container, err := newContainer(t, config) ok(t, err) defer func() { From 9583b3d1c297021109081872c52302316ede15b1 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 13 Apr 2023 11:13:13 -0700 Subject: [PATCH 0258/1176] libct: move killing logic to container.Signal By default, the container has its own PID namespace, and killing (with SIGKILL) its init process from the parent PID namespace also kills all the other processes. Obviously, it does not work that way when the container is sharing its PID namespace with the host or another container, since init is no longer special (it's not PID 1). In this case, killing container's init will result in a bunch of other processes left running (and thus the inability to remove the cgroup). The solution to the above problem is killing all the container processes, not just init. The problem with the current implementation is, the killing logic is implemented in libcontainer's initProcess.wait, and thus only available to libcontainer users, but not the runc kill command (which uses nonChildProcess.kill and does not use wait at all). So, some workarounds exist: - func destroy(c *Container) calls signalAllProcesses; - runc kill implements -a flag. This code became very tangled over time. Let's simplify things by moving the killing all processes from initProcess.wait to container.Signal, and documents the new behavior. In essence, this also makes `runc kill` to automatically kill all container processes when the container does not have its own PID namespace. Document that as well. Signed-off-by: Kir Kolyshkin --- libcontainer/container_linux.go | 52 ++++++++++++++++----------- libcontainer/integration/exec_test.go | 4 +-- libcontainer/process_linux.go | 5 --- libcontainer/state_linux.go | 7 ---- man/runc-kill.8.md | 4 +-- 5 files changed, 36 insertions(+), 36 deletions(-) diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index 59262d3ab22..1fa7e2b60c1 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -358,9 +358,9 @@ func (c *Container) start(process *Process) (retErr error) { } // Signal sends a specified signal to container's init, or, if all is true, -// true, to all container's processes (as determined by container's cgroup). +// to all container's processes (as determined by container's cgroup). // -// Setting all=true is useful when s is SIGKILL and the container does not have +// Note all=true is implied when s is SIGKILL and the container does not have // its own PID namespace. In this scenario, the libcontainer user may be required // to implement a proper child reaper. func (c *Container) Signal(s os.Signal, all bool) error { @@ -382,22 +382,36 @@ func (c *Container) Signal(s os.Signal, all bool) error { } return c.ignoreCgroupError(signalAllProcesses(c.cgroupManager, sig)) } - // to avoid a PID reuse attack - if status == Running || status == Created || status == Paused { - if err := c.initProcess.signal(s); err != nil { - return fmt.Errorf("unable to signal init: %w", err) - } - if status == Paused { - // For cgroup v1, killing a process in a frozen cgroup - // does nothing until it's thawed. Only thaw the cgroup - // for SIGKILL. - if s, ok := s.(unix.Signal); ok && s == unix.SIGKILL { - _ = c.cgroupManager.Freeze(configs.Thawed) - } - } - return nil + + // To avoid a PID reuse attack, don't kill non-running container. + switch status { + case Running, Created, Paused: + default: + return ErrNotRunning } - return ErrNotRunning + + // When a container has its own PID namespace, inside it the init PID + // is 1, and thus it is handled specially by the kernel. In particular, + // killing init with SIGKILL from an ancestor namespace will also kill + // all other processes in that PID namespace (see pid_namespaces(7)). + // + // OTOH, if PID namespace is shared, we should kill all pids to avoid + // leftover processes. + if s == unix.SIGKILL && !c.config.Namespaces.IsPrivate(configs.NEWPID) { + err = signalAllProcesses(c.cgroupManager, unix.SIGKILL) + } else { + err = c.initProcess.signal(s) + } + if err != nil { + return fmt.Errorf("unable to signal init: %w", err) + } + if status == Paused && s == unix.SIGKILL { + // For cgroup v1, killing a process in a frozen cgroup + // does nothing until it's thawed. Only thaw the cgroup + // for SIGKILL. + _ = c.cgroupManager.Freeze(configs.Thawed) + } + return nil } func (c *Container) createExecFifo() error { @@ -593,7 +607,6 @@ func (c *Container) newInitProcess(p *Process, cmd *exec.Cmd, messageSockPair, l container: c, process: p, bootstrapData: data, - sharePidns: !c.config.Namespaces.IsPrivate(configs.NEWPID), } c.initProcess = init return init, nil @@ -696,8 +709,7 @@ func (c *Container) newInitConfig(process *Process) *initConfig { return cfg } -// Destroy destroys the container, if its in a valid state, after killing any -// remaining running processes. +// Destroy destroys the container, if its in a valid state. // // Any event registrations are removed before the container is destroyed. // No error is returned if the container is already destroyed. diff --git a/libcontainer/integration/exec_test.go b/libcontainer/integration/exec_test.go index 4ac0f466bd9..e1ee5f7b4ed 100644 --- a/libcontainer/integration/exec_test.go +++ b/libcontainer/integration/exec_test.go @@ -1399,8 +1399,8 @@ func testPidnsInitKill(t *testing.T, config *configs.Config) { err = container.Run(process2) ok(t, err) - // Kill the init process and Wait for it. - err = process1.Signal(syscall.SIGKILL) + // Kill the container. + err = container.Signal(syscall.SIGKILL, false) ok(t, err) _, err = process1.Wait() if err == nil { diff --git a/libcontainer/process_linux.go b/libcontainer/process_linux.go index ba2990a951b..48861406dba 100644 --- a/libcontainer/process_linux.go +++ b/libcontainer/process_linux.go @@ -304,7 +304,6 @@ type initProcess struct { fds []string process *Process bootstrapData io.Reader - sharePidns bool } func (p *initProcess) pid() int { @@ -616,10 +615,6 @@ func (p *initProcess) start() (retErr error) { func (p *initProcess) wait() (*os.ProcessState, error) { err := p.cmd.Wait() - // we should kill all processes in cgroup when init is died if we use host PID namespace - if p.sharePidns { - _ = signalAllProcesses(p.manager, unix.SIGKILL) - } return p.cmd.ProcessState, err } diff --git a/libcontainer/state_linux.go b/libcontainer/state_linux.go index 4895612e257..442d0baaf5b 100644 --- a/libcontainer/state_linux.go +++ b/libcontainer/state_linux.go @@ -7,7 +7,6 @@ import ( "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runtime-spec/specs-go" - "github.com/sirupsen/logrus" "golang.org/x/sys/unix" ) @@ -36,12 +35,6 @@ type containerState interface { } func destroy(c *Container) error { - if !c.config.Namespaces.Contains(configs.NEWPID) || - c.config.Namespaces.PathOf(configs.NEWPID) != "" { - if err := signalAllProcesses(c.cgroupManager, unix.SIGKILL); err != nil { - logrus.Warn(err) - } - } err := c.cgroupManager.Destroy() if c.intelRdtManager != nil { if ierr := c.intelRdtManager.Destroy(); err == nil { diff --git a/man/runc-kill.8.md b/man/runc-kill.8.md index 5f0f51ed9b9..684666396bd 100644 --- a/man/runc-kill.8.md +++ b/man/runc-kill.8.md @@ -18,8 +18,8 @@ to list available signals. # OPTIONS **--all**|**-a** : Send the signal to all processes inside the container, rather than -the container's init only. This option is useful when the container does not -have its own PID namespace. +the container's init only. This option is implied when the _signal_ is **KILL** +and the container does not have its own PID namespace. : When this option is set, no error is returned if the container is stopped or does not exist. From f8ad20f500bf75edd86041657ee762bce116f8f5 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 12 May 2023 12:55:17 -0700 Subject: [PATCH 0259/1176] runc kill: drop -a option As of previous commit, this is implied in a particular scenario. In fact, this is the one and only scenario that justifies the use of -a. Drop the option from the documentation. For backward compatibility, do recognize it, and retain the feature of ignoring the "container is stopped" error when set. Signed-off-by: Kir Kolyshkin --- delete.go | 4 ++-- kill.go | 13 ++++++++++--- libcontainer/container_linux.go | 24 +++++------------------- libcontainer/integration/exec_test.go | 2 +- man/runc-kill.8.md | 11 +---------- tests/integration/kill.bats | 11 ++++++++--- 6 files changed, 27 insertions(+), 38 deletions(-) diff --git a/delete.go b/delete.go index dd3041f8722..682101ccad8 100644 --- a/delete.go +++ b/delete.go @@ -14,10 +14,10 @@ import ( ) func killContainer(container *libcontainer.Container) error { - _ = container.Signal(unix.SIGKILL, false) + _ = container.Signal(unix.SIGKILL) for i := 0; i < 100; i++ { time.Sleep(100 * time.Millisecond) - if err := container.Signal(unix.Signal(0), false); err != nil { + if err := container.Signal(unix.Signal(0)); err != nil { destroy(container) return nil } diff --git a/kill.go b/kill.go index e5b13b1230d..ac1e47a5b19 100644 --- a/kill.go +++ b/kill.go @@ -1,10 +1,12 @@ package main import ( + "errors" "fmt" "strconv" "strings" + "github.com/opencontainers/runc/libcontainer" "github.com/urfave/cli" "golang.org/x/sys/unix" ) @@ -24,8 +26,9 @@ signal to the init process of the "ubuntu01" container: # runc kill ubuntu01 KILL`, Flags: []cli.Flag{ cli.BoolFlag{ - Name: "all, a", - Usage: "send the specified signal to all processes inside the container", + Name: "all, a", + Usage: "(obsoleted, do not use)", + Hidden: true, }, }, Action: func(context *cli.Context) error { @@ -49,7 +52,11 @@ signal to the init process of the "ubuntu01" container: if err != nil { return err } - return container.Signal(signal, context.Bool("all")) + err = container.Signal(signal) + if errors.Is(err, libcontainer.ErrNotRunning) && context.Bool("all") { + err = nil + } + return err }, } diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index 1fa7e2b60c1..eac17027af8 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -357,32 +357,18 @@ func (c *Container) start(process *Process) (retErr error) { return nil } -// Signal sends a specified signal to container's init, or, if all is true, -// to all container's processes (as determined by container's cgroup). +// Signal sends a specified signal to container's init. // -// Note all=true is implied when s is SIGKILL and the container does not have -// its own PID namespace. In this scenario, the libcontainer user may be required -// to implement a proper child reaper. -func (c *Container) Signal(s os.Signal, all bool) error { +// When s is SIGKILL and the container does not have its own PID namespace, all +// the container's processes are killed. In this scenario, the libcontainer +// user may be required to implement a proper child reaper. +func (c *Container) Signal(s os.Signal) error { c.m.Lock() defer c.m.Unlock() status, err := c.currentStatus() if err != nil { return err } - if all { - sig, ok := s.(unix.Signal) - if !ok { - return errors.New("unsupported signal type") - } - if status == Stopped && !c.cgroupManager.Exists() { - // Avoid calling signalAllProcesses which may print - // a warning trying to freeze a non-existing cgroup. - return nil - } - return c.ignoreCgroupError(signalAllProcesses(c.cgroupManager, sig)) - } - // To avoid a PID reuse attack, don't kill non-running container. switch status { case Running, Created, Paused: diff --git a/libcontainer/integration/exec_test.go b/libcontainer/integration/exec_test.go index e1ee5f7b4ed..03d16639067 100644 --- a/libcontainer/integration/exec_test.go +++ b/libcontainer/integration/exec_test.go @@ -1400,7 +1400,7 @@ func testPidnsInitKill(t *testing.T, config *configs.Config) { ok(t, err) // Kill the container. - err = container.Signal(syscall.SIGKILL, false) + err = container.Signal(syscall.SIGKILL) ok(t, err) _, err = process1.Wait() if err == nil { diff --git a/man/runc-kill.8.md b/man/runc-kill.8.md index 684666396bd..0d4cb68e2ff 100644 --- a/man/runc-kill.8.md +++ b/man/runc-kill.8.md @@ -4,7 +4,7 @@ **runc-kill** - send a specified signal to container # SYNOPSIS -**runc kill** [**--all**|**-a**] _container-id_ [_signal_] +**runc kill** _container-id_ [_signal_] # DESCRIPTION @@ -15,15 +15,6 @@ A different signal can be specified either by its name (with or without the **SIG** prefix), or its numeric value. Use **kill**(1) with **-l** option to list available signals. -# OPTIONS -**--all**|**-a** -: Send the signal to all processes inside the container, rather than -the container's init only. This option is implied when the _signal_ is **KILL** -and the container does not have its own PID namespace. - -: When this option is set, no error is returned if the container is stopped -or does not exist. - # EXAMPLES The following will send a **KILL** signal to the init process of the diff --git a/tests/integration/kill.bats b/tests/integration/kill.bats index 2a78778bdee..8f2f4a7b4e8 100644 --- a/tests/integration/kill.bats +++ b/tests/integration/kill.bats @@ -22,7 +22,12 @@ function teardown() { [ "$status" -eq 0 ] wait_for_container 10 1 test_busybox stopped - # we should ensure kill work after the container stopped + # Check that kill errors on a stopped container. + runc kill test_busybox 0 + [ "$status" -ne 0 ] + [[ "$output" == *"container not running"* ]] + + # Check that -a (now obsoleted) makes kill return no error for a stopped container. runc kill -a test_busybox 0 [ "$status" -eq 0 ] @@ -31,7 +36,7 @@ function teardown() { } # This is roughly the same as TestPIDHostInitProcessWait in libcontainer/integration. -@test "kill --all KILL [host pidns]" { +@test "kill KILL [host pidns]" { # kill -a currently requires cgroup freezer. requires cgroups_freezer @@ -65,7 +70,7 @@ function teardown() { kill -0 "$p" done - runc kill -a test_busybox KILL + runc kill test_busybox KILL [ "$status" -eq 0 ] wait_for_container 10 1 test_busybox stopped From 7d09ba10cc873f3332dd3de5304fbcd6814d72eb Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 12 May 2023 12:57:50 -0700 Subject: [PATCH 0260/1176] libct: implement support for cgroup.kill Signed-off-by: Kir Kolyshkin --- libcontainer/init_linux.go | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go index 9bf13d9d5d4..ed84ab59e86 100644 --- a/libcontainer/init_linux.go +++ b/libcontainer/init_linux.go @@ -577,6 +577,17 @@ func setupRlimits(limits []configs.Rlimit, pid int) error { // signalAllProcesses freezes then iterates over all the processes inside the // manager's cgroups sending the signal s to them. func signalAllProcesses(m cgroups.Manager, s unix.Signal) error { + // Use cgroup.kill, if available. + if s == unix.SIGKILL { + if p := m.Path(""); p != "" { // Either cgroup v2 or hybrid. + err := cgroups.WriteFile(p, "cgroup.kill", "1") + if err == nil || !errors.Is(err, os.ErrNotExist) { + return err + } + // Fallback to old implementation. + } + } + if err := m.Freeze(configs.Frozen); err != nil { logrus.Warn(err) } From 31e3c229ac83c3508acb06614c5d58ddf560e737 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 8 Jun 2023 17:23:42 +0000 Subject: [PATCH 0261/1176] build(deps): bump github.com/sirupsen/logrus from 1.9.2 to 1.9.3 Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.9.2 to 1.9.3. - [Release notes](https://github.com/sirupsen/logrus/releases) - [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md) - [Commits](https://github.com/sirupsen/logrus/compare/v1.9.2...v1.9.3) --- updated-dependencies: - dependency-name: github.com/sirupsen/logrus dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 +-- vendor/github.com/sirupsen/logrus/writer.go | 34 ++++++++++++++++++++- vendor/modules.txt | 2 +- 4 files changed, 37 insertions(+), 5 deletions(-) diff --git a/go.mod b/go.mod index 32acc2ba9b7..0d07821a677 100644 --- a/go.mod +++ b/go.mod @@ -15,7 +15,7 @@ require ( github.com/opencontainers/runtime-spec v1.1.0-rc.2 github.com/opencontainers/selinux v1.11.0 github.com/seccomp/libseccomp-golang v0.10.0 - github.com/sirupsen/logrus v1.9.2 + github.com/sirupsen/logrus v1.9.3 github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 github.com/urfave/cli v1.22.12 github.com/vishvananda/netlink v1.1.0 diff --git a/go.sum b/go.sum index c3cf5988843..b26feb3b303 100644 --- a/go.sum +++ b/go.sum @@ -41,8 +41,8 @@ github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/seccomp/libseccomp-golang v0.10.0 h1:aA4bp+/Zzi0BnWZ2F1wgNBs5gTpm+na2rWM6M9YjLpY= github.com/seccomp/libseccomp-golang v0.10.0/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg= -github.com/sirupsen/logrus v1.9.2 h1:oxx1eChJGI6Uks2ZC4W1zpLlVgqB8ner4EuQwV4Ik1Y= -github.com/sirupsen/logrus v1.9.2/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= +github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= +github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/spf13/cobra v1.5.0/go.mod h1:dWXEIy2H428czQCjInthrTRUg7yKbok+2Qi/yBIJoUM= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= diff --git a/vendor/github.com/sirupsen/logrus/writer.go b/vendor/github.com/sirupsen/logrus/writer.go index 72e8e3a1b65..074fd4b8bd7 100644 --- a/vendor/github.com/sirupsen/logrus/writer.go +++ b/vendor/github.com/sirupsen/logrus/writer.go @@ -4,6 +4,7 @@ import ( "bufio" "io" "runtime" + "strings" ) // Writer at INFO level. See WriterLevel for details. @@ -20,15 +21,18 @@ func (logger *Logger) WriterLevel(level Level) *io.PipeWriter { return NewEntry(logger).WriterLevel(level) } +// Writer returns an io.Writer that writes to the logger at the info log level func (entry *Entry) Writer() *io.PipeWriter { return entry.WriterLevel(InfoLevel) } +// WriterLevel returns an io.Writer that writes to the logger at the given log level func (entry *Entry) WriterLevel(level Level) *io.PipeWriter { reader, writer := io.Pipe() var printFunc func(args ...interface{}) + // Determine which log function to use based on the specified log level switch level { case TraceLevel: printFunc = entry.Trace @@ -48,23 +52,51 @@ func (entry *Entry) WriterLevel(level Level) *io.PipeWriter { printFunc = entry.Print } + // Start a new goroutine to scan the input and write it to the logger using the specified print function. + // It splits the input into chunks of up to 64KB to avoid buffer overflows. go entry.writerScanner(reader, printFunc) + + // Set a finalizer function to close the writer when it is garbage collected runtime.SetFinalizer(writer, writerFinalizer) return writer } +// writerScanner scans the input from the reader and writes it to the logger func (entry *Entry) writerScanner(reader *io.PipeReader, printFunc func(args ...interface{})) { scanner := bufio.NewScanner(reader) + + // Set the buffer size to the maximum token size to avoid buffer overflows + scanner.Buffer(make([]byte, bufio.MaxScanTokenSize), bufio.MaxScanTokenSize) + + // Define a split function to split the input into chunks of up to 64KB + chunkSize := bufio.MaxScanTokenSize // 64KB + splitFunc := func(data []byte, atEOF bool) (int, []byte, error) { + if len(data) >= chunkSize { + return chunkSize, data[:chunkSize], nil + } + + return bufio.ScanLines(data, atEOF) + } + + // Use the custom split function to split the input + scanner.Split(splitFunc) + + // Scan the input and write it to the logger using the specified print function for scanner.Scan() { - printFunc(scanner.Text()) + printFunc(strings.TrimRight(scanner.Text(), "\r\n")) } + + // If there was an error while scanning the input, log an error if err := scanner.Err(); err != nil { entry.Errorf("Error while reading from Writer: %s", err) } + + // Close the reader when we are done reader.Close() } +// WriterFinalizer is a finalizer function that closes then given writer when it is garbage collected func writerFinalizer(writer *io.PipeWriter) { writer.Close() } diff --git a/vendor/modules.txt b/vendor/modules.txt index 24ae37ab85c..480d81dddb7 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -51,7 +51,7 @@ github.com/russross/blackfriday/v2 # github.com/seccomp/libseccomp-golang v0.10.0 ## explicit; go 1.14 github.com/seccomp/libseccomp-golang -# github.com/sirupsen/logrus v1.9.2 +# github.com/sirupsen/logrus v1.9.3 ## explicit; go 1.13 github.com/sirupsen/logrus github.com/sirupsen/logrus/hooks/test From e83ca5191304963b66f6a917d119ac6c1fb5ef8d Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 16 May 2023 12:27:46 -0700 Subject: [PATCH 0262/1176] tests/int/cgroups: filter out rdma Filter out rdma controller since systemd is unable to delegate it. Similar to commits 05272718f4ec414d and 601cf5825f6cf7cd4c360. Signed-off-by: Kir Kolyshkin --- tests/integration/cgroups.bats | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/integration/cgroups.bats b/tests/integration/cgroups.bats index 17e384e2c86..89d4b3626c6 100644 --- a/tests/integration/cgroups.bats +++ b/tests/integration/cgroups.bats @@ -49,8 +49,8 @@ function setup() { if [ $EUID -eq 0 ]; then check_cgroup_value "cgroup.controllers" "$(cat /sys/fs/cgroup/machine.slice/cgroup.controllers)" else - # Filter out hugetlb and misc as systemd is unable to delegate them. - check_cgroup_value "cgroup.controllers" "$(sed -e 's/ hugetlb//' -e 's/ misc//' Date: Tue, 9 Aug 2022 14:10:22 -0700 Subject: [PATCH 0263/1176] tests/int: rename a variable Rename CGROUP_PATH to CGROUP_V2_PATH so it is more clear that it can only be used for CGROUP_V2, and to resolve ambiguity with CGROUP_PATH variable used in tests/rootless.sh. Signed-off-by: Kir Kolyshkin --- tests/integration/cgroups.bats | 2 +- tests/integration/delete.bats | 4 ++-- tests/integration/helpers.bash | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/integration/cgroups.bats b/tests/integration/cgroups.bats index 89d4b3626c6..1842bdcf3de 100644 --- a/tests/integration/cgroups.bats +++ b/tests/integration/cgroups.bats @@ -386,7 +386,7 @@ function setup() { FREEZER="${FREEZER_DIR}/freezer.state" STATE="FROZEN" else - FREEZER_DIR="${CGROUP_PATH}" + FREEZER_DIR="${CGROUP_V2_PATH}" FREEZER="${FREEZER_DIR}/cgroup.freeze" STATE="1" fi diff --git a/tests/integration/delete.bats b/tests/integration/delete.bats index 9b95b845a83..efd43de5b93 100644 --- a/tests/integration/delete.bats +++ b/tests/integration/delete.bats @@ -157,7 +157,7 @@ EOF [[ "$output" =~ [0-9]+ ]] # check create subcgroups success - [ -d "$CGROUP_PATH"/foo ] + [ -d "$CGROUP_V2_PATH"/foo ] # force delete test_busybox runc delete --force test_busybox @@ -166,5 +166,5 @@ EOF [ "$status" -ne 0 ] # check delete subcgroups success - [ ! -d "$CGROUP_PATH"/foo ] + [ ! -d "$CGROUP_V2_PATH"/foo ] } diff --git a/tests/integration/helpers.bash b/tests/integration/helpers.bash index ee2e9c9e012..7b1cc4a088f 100644 --- a/tests/integration/helpers.bash +++ b/tests/integration/helpers.bash @@ -220,7 +220,7 @@ function set_cgroups_path() { # Absolute path to container's cgroup v2. if [ -v CGROUP_V2 ]; then - CGROUP_PATH=${CGROUP_BASE_PATH}${REL_CGROUPS_PATH} + CGROUP_V2_PATH=${CGROUP_BASE_PATH}${REL_CGROUPS_PATH} fi [ -v pod ] && create_parent @@ -233,7 +233,7 @@ function set_cgroups_path() { # $1: controller name (like "pids") or a file name (like "pids.max"). function get_cgroup_path() { if [ -v CGROUP_V2 ]; then - echo "$CGROUP_PATH" + echo "$CGROUP_V2_PATH" return fi From 78d31a49411392f79209d8337361745e87562a39 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 8 Aug 2022 16:11:17 -0700 Subject: [PATCH 0264/1176] ci/cirrus: enable rootless tests on cs9 We were not running localrootlessintegration test on CentOS Stream 9 because of some failures fixed by previous commits. Enable rootless integration with both systemd and fs drivers. Signed-off-by: Kir Kolyshkin --- .cirrus.yml | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/.cirrus.yml b/.cirrus.yml index c6d238726f1..e09df466d89 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -111,6 +111,11 @@ task: centos-stream-9) dnf config-manager --set-enabled crb # for glibc-static dnf -y install epel-release epel-next-release # for fuse-sshfs + # Delegate all cgroup v2 controllers to rootless user via --systemd-cgroup. + # The default (since systemd v252) is "pids memory cpu". + mkdir -p /etc/systemd/system/user@.service.d + printf "[Service]\nDelegate=yes\n" > /etc/systemd/system/user@.service.d/delegate.conf + systemctl daemon-reload ;; esac # Work around dnf mirror failures by retrying a few times. @@ -175,13 +180,19 @@ task: integration_fs_script: | ssh -tt localhost "make -C /home/runc localintegration" integration_systemd_rootless_script: | - echo "SKIP: integration_systemd_rootless_script requires cgroup v2" + case $DISTRO in + centos-7|centos-stream-8) + echo "SKIP: integration_systemd_rootless_script requires cgroup v2" + ;; + *) + ssh -tt localhost "make -C /home/runc localrootlessintegration RUNC_USE_SYSTEMD=yes" + esac integration_fs_rootless_script: | case $DISTRO in centos-7) echo "SKIP: FIXME: integration_fs_rootless_script is skipped because of EPERM on writing cgroup.procs" ;; - centos-stream-8) + *) ssh -tt localhost "make -C /home/runc localrootlessintegration" ;; esac From 0ac3376c205e88a4173f46e4e60c1d7c88bd60d6 Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Sat, 10 Jun 2023 16:47:39 +0900 Subject: [PATCH 0265/1176] go.mod: runtime-spec v1.1.0-rc.3 https://github.com/opencontainers/runtime-spec/releases/tag/v1.1.0-rc.3 Signed-off-by: Akihiro Suda --- docs/spec-conformance.md | 8 +- go.mod | 2 +- go.sum | 4 +- .../runtime-spec/specs-go/config.go | 88 +++++++++++++++++++ .../runtime-spec/specs-go/version.go | 2 +- vendor/modules.txt | 2 +- 6 files changed, 98 insertions(+), 8 deletions(-) diff --git a/docs/spec-conformance.md b/docs/spec-conformance.md index 1c5964b76a3..10496703ba1 100644 --- a/docs/spec-conformance.md +++ b/docs/spec-conformance.md @@ -1,6 +1,6 @@ # Spec conformance -This branch of runc implements the [OCI Runtime Spec v1.1.0-rc.2](https://github.com/opencontainers/runtime-spec/tree/v1.1.0-rc.2) +This branch of runc implements the [OCI Runtime Spec v1.1.0-rc.3](https://github.com/opencontainers/runtime-spec/tree/v1.1.0-rc.3) for the `linux` platform. The following features are not implemented yet: @@ -13,6 +13,8 @@ v1.0.2 | `.linux.personality` | [#3126](https://github v1.1.0-rc.1 | `.linux.resources.cpu.burst` | [#3749](https://github.com/opencontainers/runc/pull/3749) v1.1.0-rc.1 | `.[]mounts.uidMappings` | [#3717](https://github.com/opencontainers/runc/pull/3717) v1.1.0-rc.1 | `.[]mounts.gidMappings` | [#3717](https://github.com/opencontainers/runc/pull/3717) -v1.1.0-rc.1 | `SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV` | TODO ([#3860](https://github.com/opencontainers/runc/issues/3860)) -v1.1.0-rc.2 | time namespaces | TODO ([#2345](https://github.com/opencontainers/runc/issues/2345)) +v1.1.0-rc.1 | `SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV` | [#3862](https://github.com/opencontainers/runc/pull/3862) +v1.1.0-rc.2 | time namespaces | [#3876](https://github.com/opencontainers/runc/pull/3876) v1.1.0-rc.2 | rsvd hugetlb cgroup | TODO ([#3859](https://github.com/opencontainers/runc/issues/3859)) +v1.1.0-rc.3 | `.process.scheduler` | TODO ([#3895](https://github.com/opencontainers/runc/issues/3895)) +v1.1.0-rc.3 | `.process.ioPriority` | [#3783](https://github.com/opencontainers/runc/pull/3783) diff --git a/go.mod b/go.mod index 0d07821a677..ce2c0360c77 100644 --- a/go.mod +++ b/go.mod @@ -12,7 +12,7 @@ require ( github.com/godbus/dbus/v5 v5.1.0 github.com/moby/sys/mountinfo v0.6.2 github.com/mrunalp/fileutils v0.5.0 - github.com/opencontainers/runtime-spec v1.1.0-rc.2 + github.com/opencontainers/runtime-spec v1.1.0-rc.3 github.com/opencontainers/selinux v1.11.0 github.com/seccomp/libseccomp-golang v0.10.0 github.com/sirupsen/logrus v1.9.3 diff --git a/go.sum b/go.sum index b26feb3b303..a8d9a8b6a44 100644 --- a/go.sum +++ b/go.sum @@ -30,8 +30,8 @@ github.com/moby/sys/mountinfo v0.6.2 h1:BzJjoreD5BMFNmD9Rus6gdd1pLuecOFPt8wC+Vyg github.com/moby/sys/mountinfo v0.6.2/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI= github.com/mrunalp/fileutils v0.5.0 h1:NKzVxiH7eSk+OQ4M+ZYW1K6h27RUV3MI6NUTsHhU6Z4= github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ= -github.com/opencontainers/runtime-spec v1.1.0-rc.2 h1:ucBtEms2tamYYW/SvGpvq9yUN0NEVL6oyLEwDcTSrk8= -github.com/opencontainers/runtime-spec v1.1.0-rc.2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= +github.com/opencontainers/runtime-spec v1.1.0-rc.3 h1:l04uafi6kxByhbxev7OWiuUv0LZxEsYUfDWZ6bztAuU= +github.com/opencontainers/runtime-spec v1.1.0-rc.3/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/selinux v1.11.0 h1:+5Zbo97w3Lbmb3PeqQtpmTkMwsW5nRI3YaLpt7tQ7oU= github.com/opencontainers/selinux v1.11.0/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M586T4DlDRYpFkyec= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= diff --git a/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go b/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go index 25f4e6e823a..4e7717d53f1 100644 --- a/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go +++ b/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go @@ -33,6 +33,34 @@ type Spec struct { ZOS *ZOS `json:"zos,omitempty" platform:"zos"` } +// Scheduler represents the scheduling attributes for a process. It is based on +// the Linux sched_setattr(2) syscall. +type Scheduler struct { + // Policy represents the scheduling policy (e.g., SCHED_FIFO, SCHED_RR, SCHED_OTHER). + Policy LinuxSchedulerPolicy `json:"policy"` + + // Nice is the nice value for the process, which affects its priority. + Nice int32 `json:"nice,omitempty"` + + // Priority represents the static priority of the process. + Priority int32 `json:"priority,omitempty"` + + // Flags is an array of scheduling flags. + Flags []LinuxSchedulerFlag `json:"flags,omitempty"` + + // The following ones are used by the DEADLINE scheduler. + + // Runtime is the amount of time in nanoseconds during which the process + // is allowed to run in a given period. + Runtime uint64 `json:"runtime,omitempty"` + + // Deadline is the absolute deadline for the process to complete its execution. + Deadline uint64 `json:"deadline,omitempty"` + + // Period is the length of the period in nanoseconds used for determining the process runtime. + Period uint64 `json:"period,omitempty"` +} + // Process contains information to start a specific application inside the container. type Process struct { // Terminal creates an interactive terminal for the container. @@ -60,8 +88,12 @@ type Process struct { ApparmorProfile string `json:"apparmorProfile,omitempty" platform:"linux"` // Specify an oom_score_adj for the container. OOMScoreAdj *int `json:"oomScoreAdj,omitempty" platform:"linux"` + // Scheduler specifies the scheduling attributes for a process + Scheduler *Scheduler `json:"scheduler,omitempty" platform:"linux"` // SelinuxLabel specifies the selinux context that the container process is run as. SelinuxLabel string `json:"selinuxLabel,omitempty" platform:"linux"` + // IOPriority contains the I/O priority settings for the cgroup. + IOPriority *LinuxIOPriority `json:"ioPriority,omitempty" platform:"linux"` } // LinuxCapabilities specifies the list of allowed capabilities that are kept for a process. @@ -79,6 +111,22 @@ type LinuxCapabilities struct { Ambient []string `json:"ambient,omitempty" platform:"linux"` } +// IOPriority represents I/O priority settings for the container's processes within the process group. +type LinuxIOPriority struct { + Class IOPriorityClass `json:"class"` + Priority int `json:"priority"` +} + +// IOPriorityClass represents an I/O scheduling class. +type IOPriorityClass string + +// Possible values for IOPriorityClass. +const ( + IOPRIO_CLASS_RT IOPriorityClass = "IOPRIO_CLASS_RT" + IOPRIO_CLASS_BE IOPriorityClass = "IOPRIO_CLASS_BE" + IOPRIO_CLASS_IDLE IOPriorityClass = "IOPRIO_CLASS_IDLE" +) + // Box specifies dimensions of a rectangle. Used for specifying the size of a console. type Box struct { // Height is the vertical dimension of a box. @@ -789,3 +837,43 @@ type ZOSDevice struct { // Gid of the device. GID *uint32 `json:"gid,omitempty"` } + +// LinuxSchedulerPolicy represents different scheduling policies used with the Linux Scheduler +type LinuxSchedulerPolicy string + +const ( + // SchedOther is the default scheduling policy + SchedOther LinuxSchedulerPolicy = "SCHED_OTHER" + // SchedFIFO is the First-In-First-Out scheduling policy + SchedFIFO LinuxSchedulerPolicy = "SCHED_FIFO" + // SchedRR is the Round-Robin scheduling policy + SchedRR LinuxSchedulerPolicy = "SCHED_RR" + // SchedBatch is the Batch scheduling policy + SchedBatch LinuxSchedulerPolicy = "SCHED_BATCH" + // SchedISO is the Isolation scheduling policy + SchedISO LinuxSchedulerPolicy = "SCHED_ISO" + // SchedIdle is the Idle scheduling policy + SchedIdle LinuxSchedulerPolicy = "SCHED_IDLE" + // SchedDeadline is the Deadline scheduling policy + SchedDeadline LinuxSchedulerPolicy = "SCHED_DEADLINE" +) + +// LinuxSchedulerFlag represents the flags used by the Linux Scheduler. +type LinuxSchedulerFlag string + +const ( + // SchedFlagResetOnFork represents the reset on fork scheduling flag + SchedFlagResetOnFork LinuxSchedulerFlag = "SCHED_FLAG_RESET_ON_FORK" + // SchedFlagReclaim represents the reclaim scheduling flag + SchedFlagReclaim LinuxSchedulerFlag = "SCHED_FLAG_RECLAIM" + // SchedFlagDLOverrun represents the deadline overrun scheduling flag + SchedFlagDLOverrun LinuxSchedulerFlag = "SCHED_FLAG_DL_OVERRUN" + // SchedFlagKeepPolicy represents the keep policy scheduling flag + SchedFlagKeepPolicy LinuxSchedulerFlag = "SCHED_FLAG_KEEP_POLICY" + // SchedFlagKeepParams represents the keep parameters scheduling flag + SchedFlagKeepParams LinuxSchedulerFlag = "SCHED_FLAG_KEEP_PARAMS" + // SchedFlagUtilClampMin represents the utilization clamp minimum scheduling flag + SchedFlagUtilClampMin LinuxSchedulerFlag = "SCHED_FLAG_UTIL_CLAMP_MIN" + // SchedFlagUtilClampMin represents the utilization clamp maximum scheduling flag + SchedFlagUtilClampMax LinuxSchedulerFlag = "SCHED_FLAG_UTIL_CLAMP_MAX" +) diff --git a/vendor/github.com/opencontainers/runtime-spec/specs-go/version.go b/vendor/github.com/opencontainers/runtime-spec/specs-go/version.go index 1b81f3c9d6d..41933fb1719 100644 --- a/vendor/github.com/opencontainers/runtime-spec/specs-go/version.go +++ b/vendor/github.com/opencontainers/runtime-spec/specs-go/version.go @@ -11,7 +11,7 @@ const ( VersionPatch = 0 // VersionDev indicates development branch. Releases will be empty string. - VersionDev = "-rc.2" + VersionDev = "-rc.3" ) // Version is the specification version that the package types support. diff --git a/vendor/modules.txt b/vendor/modules.txt index 480d81dddb7..26bd2c969cf 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -36,7 +36,7 @@ github.com/moby/sys/mountinfo # github.com/mrunalp/fileutils v0.5.0 ## explicit; go 1.13 github.com/mrunalp/fileutils -# github.com/opencontainers/runtime-spec v1.1.0-rc.2 +# github.com/opencontainers/runtime-spec v1.1.0-rc.3 ## explicit github.com/opencontainers/runtime-spec/specs-go github.com/opencontainers/runtime-spec/specs-go/features From 62963fef9f33860eb99b2fa8b238e47bd60afcea Mon Sep 17 00:00:00 2001 From: Zoe Date: Mon, 3 Apr 2023 21:44:23 +0800 Subject: [PATCH 0266/1176] libct/cg/sd/v1: do not update non-frozen cgroup after frozen failed. In code we have frozen the cgroup to avoid the processes get an occasional "permission denied" error, while the systemd's application of device rules is done disruptively. When the processes in the container can not be frozen over 2 seconds (which defined in fs/freezer.go), we still update the cgroup which resulting the container get an occasional "permission denied" error in some cases. Return error directly without updating cgroup, when freeze fails. Fixes: #3803 Signed-off-by: Zoe --- libcontainer/cgroups/systemd/v1.go | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/libcontainer/cgroups/systemd/v1.go b/libcontainer/cgroups/systemd/v1.go index ffe87798782..8c64a5887a9 100644 --- a/libcontainer/cgroups/systemd/v1.go +++ b/libcontainer/cgroups/systemd/v1.go @@ -350,6 +350,15 @@ func (m *LegacyManager) Set(r *configs.Resources) error { if err := m.doFreeze(configs.Frozen); err != nil { // If freezer cgroup isn't supported, we just warn about it. logrus.Infof("freeze container before SetUnitProperties failed: %v", err) + // skip update the cgroup while frozen failed. #3803 + if !errors.Is(err, errSubsystemDoesNotExist) { + if needsThaw { + if thawErr := m.doFreeze(configs.Thawed); thawErr != nil { + logrus.Infof("thaw container after doFreeze failed: %v", thawErr) + } + } + return err + } } } setErr := setUnitProperties(m.dbus, unitName, properties...) From 73b5dc027dc33959a3c48807ca70d9be6a64125c Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 12 Jun 2023 16:03:43 -0700 Subject: [PATCH 0267/1176] docs/systemd: fix a broken link Apparently, developer.gnome.org/documentation no longer hosts the documentation we used to refer to. Link to docs.gtk.org instead. Signed-off-by: Kir Kolyshkin --- docs/systemd.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/systemd.md b/docs/systemd.md index a119d935a41..afe262462a0 100644 --- a/docs/systemd.md +++ b/docs/systemd.md @@ -124,8 +124,8 @@ The above will set the following properties: * `TimeoutStopSec` to 2 minutes and 3 seconds; * `CollectMode` to "inactive-or-failed". -The values must be in the gvariant format (for details, see -[gvariant documentation](https://developer.gnome.org/glib/stable/gvariant-text.html)). +The values must be in the gvariant text format, as described in +[gvariant documentation](https://docs.gtk.org/glib/gvariant-text.html). To find out which type systemd expects for a particular parameter, please consult systemd sources. From bc390b2e67de3157ce086e8626ea62221761b65d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 13 Jun 2023 04:58:49 +0000 Subject: [PATCH 0268/1176] build(deps): bump golang.org/x/sys from 0.8.0 to 0.9.0 Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.8.0 to 0.9.0. - [Commits](https://github.com/golang/sys/compare/v0.8.0...v0.9.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 +- vendor/golang.org/x/sys/unix/mkall.sh | 2 +- vendor/golang.org/x/sys/unix/mkerrors.sh | 6 ++- vendor/golang.org/x/sys/unix/syscall_linux.go | 30 +++++++++++- .../golang.org/x/sys/unix/syscall_openbsd.go | 17 ++++++- .../x/sys/unix/zerrors_linux_sparc64.go | 48 +++++++++++++++++++ .../golang.org/x/sys/unix/zsyscall_linux.go | 14 ++++++ .../x/sys/unix/zsyscall_openbsd_386.go | 22 +++++++++ .../x/sys/unix/zsyscall_openbsd_386.s | 10 ++++ .../x/sys/unix/zsyscall_openbsd_amd64.go | 32 +++++++++++-- .../x/sys/unix/zsyscall_openbsd_amd64.s | 10 ++++ .../x/sys/unix/zsyscall_openbsd_arm.go | 22 +++++++++ .../x/sys/unix/zsyscall_openbsd_arm.s | 10 ++++ .../x/sys/unix/zsyscall_openbsd_arm64.go | 22 +++++++++ .../x/sys/unix/zsyscall_openbsd_arm64.s | 10 ++++ .../x/sys/unix/zsyscall_openbsd_mips64.go | 22 +++++++++ .../x/sys/unix/zsyscall_openbsd_mips64.s | 10 ++++ .../x/sys/unix/zsyscall_openbsd_ppc64.go | 22 +++++++++ .../x/sys/unix/zsyscall_openbsd_ppc64.s | 12 +++++ .../x/sys/unix/zsyscall_openbsd_riscv64.go | 22 +++++++++ .../x/sys/unix/zsyscall_openbsd_riscv64.s | 10 ++++ vendor/golang.org/x/sys/unix/ztypes_linux.go | 46 ++++++++++++++++++ .../x/sys/windows/syscall_windows.go | 13 ++++- .../x/sys/windows/zsyscall_windows.go | 8 +--- vendor/modules.txt | 2 +- 26 files changed, 406 insertions(+), 22 deletions(-) diff --git a/go.mod b/go.mod index 0d07821a677..7db674ad19d 100644 --- a/go.mod +++ b/go.mod @@ -20,7 +20,7 @@ require ( github.com/urfave/cli v1.22.12 github.com/vishvananda/netlink v1.1.0 golang.org/x/net v0.10.0 - golang.org/x/sys v0.8.0 + golang.org/x/sys v0.9.0 google.golang.org/protobuf v1.30.0 ) diff --git a/go.sum b/go.sum index b26feb3b303..4ce91fe24a7 100644 --- a/go.sum +++ b/go.sum @@ -67,8 +67,8 @@ golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU= -golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.9.0 h1:KS/R3tvhPqvJvwcKfnBHJwwthS11LRhmM5D59eEXa0s= +golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= diff --git a/vendor/golang.org/x/sys/unix/mkall.sh b/vendor/golang.org/x/sys/unix/mkall.sh index 8e3947c3686..e6f31d374df 100644 --- a/vendor/golang.org/x/sys/unix/mkall.sh +++ b/vendor/golang.org/x/sys/unix/mkall.sh @@ -50,7 +50,7 @@ if [[ "$GOOS" = "linux" ]]; then # Use the Docker-based build system # Files generated through docker (use $cmd so you can Ctl-C the build or run) $cmd docker build --tag generate:$GOOS $GOOS - $cmd docker run --interactive --tty --volume $(cd -- "$(dirname -- "$0")/.." && /bin/pwd):/build generate:$GOOS + $cmd docker run --interactive --tty --volume $(cd -- "$(dirname -- "$0")/.." && pwd):/build generate:$GOOS exit fi diff --git a/vendor/golang.org/x/sys/unix/mkerrors.sh b/vendor/golang.org/x/sys/unix/mkerrors.sh index be0423e6856..3156462715a 100644 --- a/vendor/golang.org/x/sys/unix/mkerrors.sh +++ b/vendor/golang.org/x/sys/unix/mkerrors.sh @@ -741,7 +741,8 @@ main(void) e = errors[i].num; if(i > 0 && errors[i-1].num == e) continue; - strcpy(buf, strerror(e)); + strncpy(buf, strerror(e), sizeof(buf) - 1); + buf[sizeof(buf) - 1] = '\0'; // lowercase first letter: Bad -> bad, but STREAM -> STREAM. if(A <= buf[0] && buf[0] <= Z && a <= buf[1] && buf[1] <= z) buf[0] += a - A; @@ -760,7 +761,8 @@ main(void) e = signals[i].num; if(i > 0 && signals[i-1].num == e) continue; - strcpy(buf, strsignal(e)); + strncpy(buf, strsignal(e), sizeof(buf) - 1); + buf[sizeof(buf) - 1] = '\0'; // lowercase first letter: Bad -> bad, but STREAM -> STREAM. if(A <= buf[0] && buf[0] <= Z && a <= buf[1] && buf[1] <= z) buf[0] += a - A; diff --git a/vendor/golang.org/x/sys/unix/syscall_linux.go b/vendor/golang.org/x/sys/unix/syscall_linux.go index fbaeb5fff14..6de486befe1 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux.go @@ -1699,12 +1699,23 @@ func PtracePokeUser(pid int, addr uintptr, data []byte) (count int, err error) { return ptracePoke(PTRACE_POKEUSR, PTRACE_PEEKUSR, pid, addr, data) } +// elfNT_PRSTATUS is a copy of the debug/elf.NT_PRSTATUS constant so +// x/sys/unix doesn't need to depend on debug/elf and thus +// compress/zlib, debug/dwarf, and other packages. +const elfNT_PRSTATUS = 1 + func PtraceGetRegs(pid int, regsout *PtraceRegs) (err error) { - return ptracePtr(PTRACE_GETREGS, pid, 0, unsafe.Pointer(regsout)) + var iov Iovec + iov.Base = (*byte)(unsafe.Pointer(regsout)) + iov.SetLen(int(unsafe.Sizeof(*regsout))) + return ptracePtr(PTRACE_GETREGSET, pid, uintptr(elfNT_PRSTATUS), unsafe.Pointer(&iov)) } func PtraceSetRegs(pid int, regs *PtraceRegs) (err error) { - return ptracePtr(PTRACE_SETREGS, pid, 0, unsafe.Pointer(regs)) + var iov Iovec + iov.Base = (*byte)(unsafe.Pointer(regs)) + iov.SetLen(int(unsafe.Sizeof(*regs))) + return ptracePtr(PTRACE_SETREGSET, pid, uintptr(elfNT_PRSTATUS), unsafe.Pointer(&iov)) } func PtraceSetOptions(pid int, options int) (err error) { @@ -2420,6 +2431,21 @@ func PthreadSigmask(how int, set, oldset *Sigset_t) error { return rtSigprocmask(how, set, oldset, _C__NSIG/8) } +//sysnb getresuid(ruid *_C_int, euid *_C_int, suid *_C_int) +//sysnb getresgid(rgid *_C_int, egid *_C_int, sgid *_C_int) + +func Getresuid() (ruid, euid, suid int) { + var r, e, s _C_int + getresuid(&r, &e, &s) + return int(r), int(e), int(s) +} + +func Getresgid() (rgid, egid, sgid int) { + var r, e, s _C_int + getresgid(&r, &e, &s) + return int(r), int(e), int(s) +} + /* * Unimplemented */ diff --git a/vendor/golang.org/x/sys/unix/syscall_openbsd.go b/vendor/golang.org/x/sys/unix/syscall_openbsd.go index f9c7a9663c6..c5f166a1152 100644 --- a/vendor/golang.org/x/sys/unix/syscall_openbsd.go +++ b/vendor/golang.org/x/sys/unix/syscall_openbsd.go @@ -151,6 +151,21 @@ func Getfsstat(buf []Statfs_t, flags int) (n int, err error) { return } +//sysnb getresuid(ruid *_C_int, euid *_C_int, suid *_C_int) +//sysnb getresgid(rgid *_C_int, egid *_C_int, sgid *_C_int) + +func Getresuid() (ruid, euid, suid int) { + var r, e, s _C_int + getresuid(&r, &e, &s) + return int(r), int(e), int(s) +} + +func Getresgid() (rgid, egid, sgid int) { + var r, e, s _C_int + getresgid(&r, &e, &s) + return int(r), int(e), int(s) +} + //sys ioctl(fd int, req uint, arg uintptr) (err error) //sys ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) = SYS_IOCTL @@ -338,8 +353,6 @@ func Uname(uname *Utsname) error { // getgid // getitimer // getlogin -// getresgid -// getresuid // getthrid // ktrace // lfs_bmapv diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go index f619252691e..48984202c65 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go @@ -329,6 +329,54 @@ const ( SCM_WIFI_STATUS = 0x25 SFD_CLOEXEC = 0x400000 SFD_NONBLOCK = 0x4000 + SF_FP = 0x38 + SF_I0 = 0x20 + SF_I1 = 0x24 + SF_I2 = 0x28 + SF_I3 = 0x2c + SF_I4 = 0x30 + SF_I5 = 0x34 + SF_L0 = 0x0 + SF_L1 = 0x4 + SF_L2 = 0x8 + SF_L3 = 0xc + SF_L4 = 0x10 + SF_L5 = 0x14 + SF_L6 = 0x18 + SF_L7 = 0x1c + SF_PC = 0x3c + SF_RETP = 0x40 + SF_V9_FP = 0x70 + SF_V9_I0 = 0x40 + SF_V9_I1 = 0x48 + SF_V9_I2 = 0x50 + SF_V9_I3 = 0x58 + SF_V9_I4 = 0x60 + SF_V9_I5 = 0x68 + SF_V9_L0 = 0x0 + SF_V9_L1 = 0x8 + SF_V9_L2 = 0x10 + SF_V9_L3 = 0x18 + SF_V9_L4 = 0x20 + SF_V9_L5 = 0x28 + SF_V9_L6 = 0x30 + SF_V9_L7 = 0x38 + SF_V9_PC = 0x78 + SF_V9_RETP = 0x80 + SF_V9_XARG0 = 0x88 + SF_V9_XARG1 = 0x90 + SF_V9_XARG2 = 0x98 + SF_V9_XARG3 = 0xa0 + SF_V9_XARG4 = 0xa8 + SF_V9_XARG5 = 0xb0 + SF_V9_XXARG = 0xb8 + SF_XARG0 = 0x44 + SF_XARG1 = 0x48 + SF_XARG2 = 0x4c + SF_XARG3 = 0x50 + SF_XARG4 = 0x54 + SF_XARG5 = 0x58 + SF_XXARG = 0x5c SIOCATMARK = 0x8905 SIOCGPGRP = 0x8904 SIOCGSTAMPNS_NEW = 0x40108907 diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux.go b/vendor/golang.org/x/sys/unix/zsyscall_linux.go index da63d9d7822..722c29a0087 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux.go @@ -2172,3 +2172,17 @@ func rtSigprocmask(how int, set *Sigset_t, oldset *Sigset_t, sigsetsize uintptr) } return } + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func getresuid(ruid *_C_int, euid *_C_int, suid *_C_int) { + RawSyscallNoError(SYS_GETRESUID, uintptr(unsafe.Pointer(ruid)), uintptr(unsafe.Pointer(euid)), uintptr(unsafe.Pointer(suid))) + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func getresgid(rgid *_C_int, egid *_C_int, sgid *_C_int) { + RawSyscallNoError(SYS_GETRESGID, uintptr(unsafe.Pointer(rgid)), uintptr(unsafe.Pointer(egid)), uintptr(unsafe.Pointer(sgid))) + return +} diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go index 6699a783e1f..9ab9abf7215 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go @@ -519,6 +519,28 @@ var libc_getcwd_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func getresuid(ruid *_C_int, euid *_C_int, suid *_C_int) { + syscall_rawSyscall(libc_getresuid_trampoline_addr, uintptr(unsafe.Pointer(ruid)), uintptr(unsafe.Pointer(euid)), uintptr(unsafe.Pointer(suid))) + return +} + +var libc_getresuid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getresuid getresuid "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func getresgid(rgid *_C_int, egid *_C_int, sgid *_C_int) { + syscall_rawSyscall(libc_getresgid_trampoline_addr, uintptr(unsafe.Pointer(rgid)), uintptr(unsafe.Pointer(egid)), uintptr(unsafe.Pointer(sgid))) + return +} + +var libc_getresgid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getresgid getresgid "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func ioctl(fd int, req uint, arg uintptr) (err error) { _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg)) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s index 04f0de34b2e..3dcacd30d7e 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s @@ -158,6 +158,16 @@ TEXT libc_getcwd_trampoline<>(SB),NOSPLIT,$0-0 GLOBL ·libc_getcwd_trampoline_addr(SB), RODATA, $4 DATA ·libc_getcwd_trampoline_addr(SB)/4, $libc_getcwd_trampoline<>(SB) +TEXT libc_getresuid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getresuid(SB) +GLOBL ·libc_getresuid_trampoline_addr(SB), RODATA, $4 +DATA ·libc_getresuid_trampoline_addr(SB)/4, $libc_getresuid_trampoline<>(SB) + +TEXT libc_getresgid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getresgid(SB) +GLOBL ·libc_getresgid_trampoline_addr(SB), RODATA, $4 +DATA ·libc_getresgid_trampoline_addr(SB)/4, $libc_getresgid_trampoline<>(SB) + TEXT libc_ioctl_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_ioctl(SB) GLOBL ·libc_ioctl_trampoline_addr(SB), RODATA, $4 diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go index 1e775fe0571..915761eab77 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go @@ -519,6 +519,28 @@ var libc_getcwd_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func getresuid(ruid *_C_int, euid *_C_int, suid *_C_int) { + syscall_rawSyscall(libc_getresuid_trampoline_addr, uintptr(unsafe.Pointer(ruid)), uintptr(unsafe.Pointer(euid)), uintptr(unsafe.Pointer(suid))) + return +} + +var libc_getresuid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getresuid getresuid "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func getresgid(rgid *_C_int, egid *_C_int, sgid *_C_int) { + syscall_rawSyscall(libc_getresgid_trampoline_addr, uintptr(unsafe.Pointer(rgid)), uintptr(unsafe.Pointer(egid)), uintptr(unsafe.Pointer(sgid))) + return +} + +var libc_getresgid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getresgid getresgid "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func ioctl(fd int, req uint, arg uintptr) (err error) { _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg)) if e1 != 0 { @@ -527,6 +549,12 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { return } +var libc_ioctl_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_ioctl ioctl "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg)) if e1 != 0 { @@ -535,10 +563,6 @@ func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { return } -var libc_ioctl_trampoline_addr uintptr - -//go:cgo_import_dynamic libc_ioctl ioctl "libc.so" - // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s index 27b6f4df74f..2763620b01a 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s @@ -158,6 +158,16 @@ TEXT libc_getcwd_trampoline<>(SB),NOSPLIT,$0-0 GLOBL ·libc_getcwd_trampoline_addr(SB), RODATA, $8 DATA ·libc_getcwd_trampoline_addr(SB)/8, $libc_getcwd_trampoline<>(SB) +TEXT libc_getresuid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getresuid(SB) +GLOBL ·libc_getresuid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getresuid_trampoline_addr(SB)/8, $libc_getresuid_trampoline<>(SB) + +TEXT libc_getresgid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getresgid(SB) +GLOBL ·libc_getresgid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getresgid_trampoline_addr(SB)/8, $libc_getresgid_trampoline<>(SB) + TEXT libc_ioctl_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_ioctl(SB) GLOBL ·libc_ioctl_trampoline_addr(SB), RODATA, $8 diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go index 7f6427899a5..8e87fdf153f 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go @@ -519,6 +519,28 @@ var libc_getcwd_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func getresuid(ruid *_C_int, euid *_C_int, suid *_C_int) { + syscall_rawSyscall(libc_getresuid_trampoline_addr, uintptr(unsafe.Pointer(ruid)), uintptr(unsafe.Pointer(euid)), uintptr(unsafe.Pointer(suid))) + return +} + +var libc_getresuid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getresuid getresuid "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func getresgid(rgid *_C_int, egid *_C_int, sgid *_C_int) { + syscall_rawSyscall(libc_getresgid_trampoline_addr, uintptr(unsafe.Pointer(rgid)), uintptr(unsafe.Pointer(egid)), uintptr(unsafe.Pointer(sgid))) + return +} + +var libc_getresgid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getresgid getresgid "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func ioctl(fd int, req uint, arg uintptr) (err error) { _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg)) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s index b797045fd2d..c922314048f 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s @@ -158,6 +158,16 @@ TEXT libc_getcwd_trampoline<>(SB),NOSPLIT,$0-0 GLOBL ·libc_getcwd_trampoline_addr(SB), RODATA, $4 DATA ·libc_getcwd_trampoline_addr(SB)/4, $libc_getcwd_trampoline<>(SB) +TEXT libc_getresuid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getresuid(SB) +GLOBL ·libc_getresuid_trampoline_addr(SB), RODATA, $4 +DATA ·libc_getresuid_trampoline_addr(SB)/4, $libc_getresuid_trampoline<>(SB) + +TEXT libc_getresgid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getresgid(SB) +GLOBL ·libc_getresgid_trampoline_addr(SB), RODATA, $4 +DATA ·libc_getresgid_trampoline_addr(SB)/4, $libc_getresgid_trampoline<>(SB) + TEXT libc_ioctl_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_ioctl(SB) GLOBL ·libc_ioctl_trampoline_addr(SB), RODATA, $4 diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go index 756ef7b1736..12a7a2160e0 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go @@ -519,6 +519,28 @@ var libc_getcwd_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func getresuid(ruid *_C_int, euid *_C_int, suid *_C_int) { + syscall_rawSyscall(libc_getresuid_trampoline_addr, uintptr(unsafe.Pointer(ruid)), uintptr(unsafe.Pointer(euid)), uintptr(unsafe.Pointer(suid))) + return +} + +var libc_getresuid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getresuid getresuid "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func getresgid(rgid *_C_int, egid *_C_int, sgid *_C_int) { + syscall_rawSyscall(libc_getresgid_trampoline_addr, uintptr(unsafe.Pointer(rgid)), uintptr(unsafe.Pointer(egid)), uintptr(unsafe.Pointer(sgid))) + return +} + +var libc_getresgid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getresgid getresgid "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func ioctl(fd int, req uint, arg uintptr) (err error) { _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg)) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s index a871266221e..a6bc32c9220 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s @@ -158,6 +158,16 @@ TEXT libc_getcwd_trampoline<>(SB),NOSPLIT,$0-0 GLOBL ·libc_getcwd_trampoline_addr(SB), RODATA, $8 DATA ·libc_getcwd_trampoline_addr(SB)/8, $libc_getcwd_trampoline<>(SB) +TEXT libc_getresuid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getresuid(SB) +GLOBL ·libc_getresuid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getresuid_trampoline_addr(SB)/8, $libc_getresuid_trampoline<>(SB) + +TEXT libc_getresgid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getresgid(SB) +GLOBL ·libc_getresgid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getresgid_trampoline_addr(SB)/8, $libc_getresgid_trampoline<>(SB) + TEXT libc_ioctl_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_ioctl(SB) GLOBL ·libc_ioctl_trampoline_addr(SB), RODATA, $8 diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go index 7bc2e24eb95..b19e8aa031d 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go @@ -519,6 +519,28 @@ var libc_getcwd_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func getresuid(ruid *_C_int, euid *_C_int, suid *_C_int) { + syscall_rawSyscall(libc_getresuid_trampoline_addr, uintptr(unsafe.Pointer(ruid)), uintptr(unsafe.Pointer(euid)), uintptr(unsafe.Pointer(suid))) + return +} + +var libc_getresuid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getresuid getresuid "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func getresgid(rgid *_C_int, egid *_C_int, sgid *_C_int) { + syscall_rawSyscall(libc_getresgid_trampoline_addr, uintptr(unsafe.Pointer(rgid)), uintptr(unsafe.Pointer(egid)), uintptr(unsafe.Pointer(sgid))) + return +} + +var libc_getresgid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getresgid getresgid "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func ioctl(fd int, req uint, arg uintptr) (err error) { _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg)) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.s index 05d4bffd791..b4e7bceabf3 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.s +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.s @@ -158,6 +158,16 @@ TEXT libc_getcwd_trampoline<>(SB),NOSPLIT,$0-0 GLOBL ·libc_getcwd_trampoline_addr(SB), RODATA, $8 DATA ·libc_getcwd_trampoline_addr(SB)/8, $libc_getcwd_trampoline<>(SB) +TEXT libc_getresuid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getresuid(SB) +GLOBL ·libc_getresuid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getresuid_trampoline_addr(SB)/8, $libc_getresuid_trampoline<>(SB) + +TEXT libc_getresgid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getresgid(SB) +GLOBL ·libc_getresgid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getresgid_trampoline_addr(SB)/8, $libc_getresgid_trampoline<>(SB) + TEXT libc_ioctl_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_ioctl(SB) GLOBL ·libc_ioctl_trampoline_addr(SB), RODATA, $8 diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go index 739be6217a3..fb99594c937 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go @@ -519,6 +519,28 @@ var libc_getcwd_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func getresuid(ruid *_C_int, euid *_C_int, suid *_C_int) { + syscall_rawSyscall(libc_getresuid_trampoline_addr, uintptr(unsafe.Pointer(ruid)), uintptr(unsafe.Pointer(euid)), uintptr(unsafe.Pointer(suid))) + return +} + +var libc_getresuid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getresuid getresuid "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func getresgid(rgid *_C_int, egid *_C_int, sgid *_C_int) { + syscall_rawSyscall(libc_getresgid_trampoline_addr, uintptr(unsafe.Pointer(rgid)), uintptr(unsafe.Pointer(egid)), uintptr(unsafe.Pointer(sgid))) + return +} + +var libc_getresgid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getresgid getresgid "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func ioctl(fd int, req uint, arg uintptr) (err error) { _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg)) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s index 74a25f8d643..ca3f766009c 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s @@ -189,6 +189,18 @@ TEXT libc_getcwd_trampoline<>(SB),NOSPLIT,$0-0 GLOBL ·libc_getcwd_trampoline_addr(SB), RODATA, $8 DATA ·libc_getcwd_trampoline_addr(SB)/8, $libc_getcwd_trampoline<>(SB) +TEXT libc_getresuid_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_getresuid(SB) + RET +GLOBL ·libc_getresuid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getresuid_trampoline_addr(SB)/8, $libc_getresuid_trampoline<>(SB) + +TEXT libc_getresgid_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_getresgid(SB) + RET +GLOBL ·libc_getresgid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getresgid_trampoline_addr(SB)/8, $libc_getresgid_trampoline<>(SB) + TEXT libc_ioctl_trampoline<>(SB),NOSPLIT,$0-0 CALL libc_ioctl(SB) RET diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go index 7d95a197803..32cbbbc52b5 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go @@ -519,6 +519,28 @@ var libc_getcwd_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func getresuid(ruid *_C_int, euid *_C_int, suid *_C_int) { + syscall_rawSyscall(libc_getresuid_trampoline_addr, uintptr(unsafe.Pointer(ruid)), uintptr(unsafe.Pointer(euid)), uintptr(unsafe.Pointer(suid))) + return +} + +var libc_getresuid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getresuid getresuid "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func getresgid(rgid *_C_int, egid *_C_int, sgid *_C_int) { + syscall_rawSyscall(libc_getresgid_trampoline_addr, uintptr(unsafe.Pointer(rgid)), uintptr(unsafe.Pointer(egid)), uintptr(unsafe.Pointer(sgid))) + return +} + +var libc_getresgid_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getresgid getresgid "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func ioctl(fd int, req uint, arg uintptr) (err error) { _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg)) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s index 990be245740..477a7d5b21e 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s @@ -158,6 +158,16 @@ TEXT libc_getcwd_trampoline<>(SB),NOSPLIT,$0-0 GLOBL ·libc_getcwd_trampoline_addr(SB), RODATA, $8 DATA ·libc_getcwd_trampoline_addr(SB)/8, $libc_getcwd_trampoline<>(SB) +TEXT libc_getresuid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getresuid(SB) +GLOBL ·libc_getresuid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getresuid_trampoline_addr(SB)/8, $libc_getresuid_trampoline<>(SB) + +TEXT libc_getresgid_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getresgid(SB) +GLOBL ·libc_getresgid_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getresgid_trampoline_addr(SB)/8, $libc_getresgid_trampoline<>(SB) + TEXT libc_ioctl_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_ioctl(SB) GLOBL ·libc_ioctl_trampoline_addr(SB), RODATA, $8 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux.go b/vendor/golang.org/x/sys/unix/ztypes_linux.go index ca84727cfe8..00c3b8c20f3 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux.go @@ -2555,6 +2555,11 @@ const ( BPF_REG_8 = 0x8 BPF_REG_9 = 0x9 BPF_REG_10 = 0xa + BPF_CGROUP_ITER_ORDER_UNSPEC = 0x0 + BPF_CGROUP_ITER_SELF_ONLY = 0x1 + BPF_CGROUP_ITER_DESCENDANTS_PRE = 0x2 + BPF_CGROUP_ITER_DESCENDANTS_POST = 0x3 + BPF_CGROUP_ITER_ANCESTORS_UP = 0x4 BPF_MAP_CREATE = 0x0 BPF_MAP_LOOKUP_ELEM = 0x1 BPF_MAP_UPDATE_ELEM = 0x2 @@ -2566,6 +2571,7 @@ const ( BPF_PROG_ATTACH = 0x8 BPF_PROG_DETACH = 0x9 BPF_PROG_TEST_RUN = 0xa + BPF_PROG_RUN = 0xa BPF_PROG_GET_NEXT_ID = 0xb BPF_MAP_GET_NEXT_ID = 0xc BPF_PROG_GET_FD_BY_ID = 0xd @@ -2610,6 +2616,7 @@ const ( BPF_MAP_TYPE_CPUMAP = 0x10 BPF_MAP_TYPE_XSKMAP = 0x11 BPF_MAP_TYPE_SOCKHASH = 0x12 + BPF_MAP_TYPE_CGROUP_STORAGE_DEPRECATED = 0x13 BPF_MAP_TYPE_CGROUP_STORAGE = 0x13 BPF_MAP_TYPE_REUSEPORT_SOCKARRAY = 0x14 BPF_MAP_TYPE_PERCPU_CGROUP_STORAGE = 0x15 @@ -2620,6 +2627,10 @@ const ( BPF_MAP_TYPE_STRUCT_OPS = 0x1a BPF_MAP_TYPE_RINGBUF = 0x1b BPF_MAP_TYPE_INODE_STORAGE = 0x1c + BPF_MAP_TYPE_TASK_STORAGE = 0x1d + BPF_MAP_TYPE_BLOOM_FILTER = 0x1e + BPF_MAP_TYPE_USER_RINGBUF = 0x1f + BPF_MAP_TYPE_CGRP_STORAGE = 0x20 BPF_PROG_TYPE_UNSPEC = 0x0 BPF_PROG_TYPE_SOCKET_FILTER = 0x1 BPF_PROG_TYPE_KPROBE = 0x2 @@ -2651,6 +2662,7 @@ const ( BPF_PROG_TYPE_EXT = 0x1c BPF_PROG_TYPE_LSM = 0x1d BPF_PROG_TYPE_SK_LOOKUP = 0x1e + BPF_PROG_TYPE_SYSCALL = 0x1f BPF_CGROUP_INET_INGRESS = 0x0 BPF_CGROUP_INET_EGRESS = 0x1 BPF_CGROUP_INET_SOCK_CREATE = 0x2 @@ -2689,6 +2701,12 @@ const ( BPF_XDP_CPUMAP = 0x23 BPF_SK_LOOKUP = 0x24 BPF_XDP = 0x25 + BPF_SK_SKB_VERDICT = 0x26 + BPF_SK_REUSEPORT_SELECT = 0x27 + BPF_SK_REUSEPORT_SELECT_OR_MIGRATE = 0x28 + BPF_PERF_EVENT = 0x29 + BPF_TRACE_KPROBE_MULTI = 0x2a + BPF_LSM_CGROUP = 0x2b BPF_LINK_TYPE_UNSPEC = 0x0 BPF_LINK_TYPE_RAW_TRACEPOINT = 0x1 BPF_LINK_TYPE_TRACING = 0x2 @@ -2696,6 +2714,9 @@ const ( BPF_LINK_TYPE_ITER = 0x4 BPF_LINK_TYPE_NETNS = 0x5 BPF_LINK_TYPE_XDP = 0x6 + BPF_LINK_TYPE_PERF_EVENT = 0x7 + BPF_LINK_TYPE_KPROBE_MULTI = 0x8 + BPF_LINK_TYPE_STRUCT_OPS = 0x9 BPF_ANY = 0x0 BPF_NOEXIST = 0x1 BPF_EXIST = 0x2 @@ -2733,6 +2754,7 @@ const ( BPF_F_ZERO_CSUM_TX = 0x2 BPF_F_DONT_FRAGMENT = 0x4 BPF_F_SEQ_NUMBER = 0x8 + BPF_F_TUNINFO_FLAGS = 0x10 BPF_F_INDEX_MASK = 0xffffffff BPF_F_CURRENT_CPU = 0xffffffff BPF_F_CTXLEN_MASK = 0xfffff00000000 @@ -2747,6 +2769,7 @@ const ( BPF_F_ADJ_ROOM_ENCAP_L4_GRE = 0x8 BPF_F_ADJ_ROOM_ENCAP_L4_UDP = 0x10 BPF_F_ADJ_ROOM_NO_CSUM_RESET = 0x20 + BPF_F_ADJ_ROOM_ENCAP_L2_ETH = 0x40 BPF_ADJ_ROOM_ENCAP_L2_MASK = 0xff BPF_ADJ_ROOM_ENCAP_L2_SHIFT = 0x38 BPF_F_SYSCTL_BASE_NAME = 0x1 @@ -2771,10 +2794,16 @@ const ( BPF_LWT_ENCAP_SEG6 = 0x0 BPF_LWT_ENCAP_SEG6_INLINE = 0x1 BPF_LWT_ENCAP_IP = 0x2 + BPF_F_BPRM_SECUREEXEC = 0x1 + BPF_F_BROADCAST = 0x8 + BPF_F_EXCLUDE_INGRESS = 0x10 + BPF_SKB_TSTAMP_UNSPEC = 0x0 + BPF_SKB_TSTAMP_DELIVERY_MONO = 0x1 BPF_OK = 0x0 BPF_DROP = 0x2 BPF_REDIRECT = 0x7 BPF_LWT_REROUTE = 0x80 + BPF_FLOW_DISSECTOR_CONTINUE = 0x81 BPF_SOCK_OPS_RTO_CB_FLAG = 0x1 BPF_SOCK_OPS_RETRANS_CB_FLAG = 0x2 BPF_SOCK_OPS_STATE_CB_FLAG = 0x4 @@ -2838,6 +2867,10 @@ const ( BPF_FIB_LKUP_RET_UNSUPP_LWT = 0x6 BPF_FIB_LKUP_RET_NO_NEIGH = 0x7 BPF_FIB_LKUP_RET_FRAG_NEEDED = 0x8 + BPF_MTU_CHK_SEGS = 0x1 + BPF_MTU_CHK_RET_SUCCESS = 0x0 + BPF_MTU_CHK_RET_FRAG_NEEDED = 0x1 + BPF_MTU_CHK_RET_SEGS_TOOBIG = 0x2 BPF_FD_TYPE_RAW_TRACEPOINT = 0x0 BPF_FD_TYPE_TRACEPOINT = 0x1 BPF_FD_TYPE_KPROBE = 0x2 @@ -2847,6 +2880,19 @@ const ( BPF_FLOW_DISSECTOR_F_PARSE_1ST_FRAG = 0x1 BPF_FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL = 0x2 BPF_FLOW_DISSECTOR_F_STOP_AT_ENCAP = 0x4 + BPF_CORE_FIELD_BYTE_OFFSET = 0x0 + BPF_CORE_FIELD_BYTE_SIZE = 0x1 + BPF_CORE_FIELD_EXISTS = 0x2 + BPF_CORE_FIELD_SIGNED = 0x3 + BPF_CORE_FIELD_LSHIFT_U64 = 0x4 + BPF_CORE_FIELD_RSHIFT_U64 = 0x5 + BPF_CORE_TYPE_ID_LOCAL = 0x6 + BPF_CORE_TYPE_ID_TARGET = 0x7 + BPF_CORE_TYPE_EXISTS = 0x8 + BPF_CORE_TYPE_SIZE = 0x9 + BPF_CORE_ENUMVAL_EXISTS = 0xa + BPF_CORE_ENUMVAL_VALUE = 0xb + BPF_CORE_TYPE_MATCHES = 0xc ) const ( diff --git a/vendor/golang.org/x/sys/windows/syscall_windows.go b/vendor/golang.org/x/sys/windows/syscall_windows.go index 3723b2c224c..9645900754f 100644 --- a/vendor/golang.org/x/sys/windows/syscall_windows.go +++ b/vendor/golang.org/x/sys/windows/syscall_windows.go @@ -405,7 +405,7 @@ func NewCallbackCDecl(fn interface{}) uintptr { //sys VerQueryValue(block unsafe.Pointer, subBlock string, pointerToBufferPointer unsafe.Pointer, bufSize *uint32) (err error) = version.VerQueryValueW // Process Status API (PSAPI) -//sys EnumProcesses(processIds []uint32, bytesReturned *uint32) (err error) = psapi.EnumProcesses +//sys enumProcesses(processIds *uint32, nSize uint32, bytesReturned *uint32) (err error) = psapi.EnumProcesses //sys EnumProcessModules(process Handle, module *Handle, cb uint32, cbNeeded *uint32) (err error) = psapi.EnumProcessModules //sys EnumProcessModulesEx(process Handle, module *Handle, cb uint32, cbNeeded *uint32, filterFlag uint32) (err error) = psapi.EnumProcessModulesEx //sys GetModuleInformation(process Handle, module Handle, modinfo *ModuleInfo, cb uint32) (err error) = psapi.GetModuleInformation @@ -1354,6 +1354,17 @@ func SetsockoptIPv6Mreq(fd Handle, level, opt int, mreq *IPv6Mreq) (err error) { return syscall.EWINDOWS } +func EnumProcesses(processIds []uint32, bytesReturned *uint32) error { + // EnumProcesses syscall expects the size parameter to be in bytes, but the code generated with mksyscall uses + // the length of the processIds slice instead. Hence, this wrapper function is added to fix the discrepancy. + var p *uint32 + if len(processIds) > 0 { + p = &processIds[0] + } + size := uint32(len(processIds) * 4) + return enumProcesses(p, size, bytesReturned) +} + func Getpid() (pid int) { return int(GetCurrentProcessId()) } func FindFirstFile(name *uint16, data *Win32finddata) (handle Handle, err error) { diff --git a/vendor/golang.org/x/sys/windows/zsyscall_windows.go b/vendor/golang.org/x/sys/windows/zsyscall_windows.go index a81ea2c7001..566dd3e315f 100644 --- a/vendor/golang.org/x/sys/windows/zsyscall_windows.go +++ b/vendor/golang.org/x/sys/windows/zsyscall_windows.go @@ -3516,12 +3516,8 @@ func EnumProcessModulesEx(process Handle, module *Handle, cb uint32, cbNeeded *u return } -func EnumProcesses(processIds []uint32, bytesReturned *uint32) (err error) { - var _p0 *uint32 - if len(processIds) > 0 { - _p0 = &processIds[0] - } - r1, _, e1 := syscall.Syscall(procEnumProcesses.Addr(), 3, uintptr(unsafe.Pointer(_p0)), uintptr(len(processIds)), uintptr(unsafe.Pointer(bytesReturned))) +func enumProcesses(processIds *uint32, nSize uint32, bytesReturned *uint32) (err error) { + r1, _, e1 := syscall.Syscall(procEnumProcesses.Addr(), 3, uintptr(unsafe.Pointer(processIds)), uintptr(nSize), uintptr(unsafe.Pointer(bytesReturned))) if r1 == 0 { err = errnoErr(e1) } diff --git a/vendor/modules.txt b/vendor/modules.txt index 480d81dddb7..7690dc73e4f 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -71,7 +71,7 @@ github.com/vishvananda/netns # golang.org/x/net v0.10.0 ## explicit; go 1.17 golang.org/x/net/bpf -# golang.org/x/sys v0.8.0 +# golang.org/x/sys v0.9.0 ## explicit; go 1.17 golang.org/x/sys/execabs golang.org/x/sys/internal/unsafeheader From 1aa7ca804641ebd22b3abea68bf834a80d259cda Mon Sep 17 00:00:00 2001 From: Daniel Dao Date: Fri, 28 Jan 2022 17:07:36 +0000 Subject: [PATCH 0269/1176] libct/cg/stats: support PSI for cgroup v2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We read output from the following files if they exists: - cpu.pressure - memory.pressure - io.pressure Each are in format: ``` some avg10=0.00 avg60=0.00 avg300=0.00 total=0 full avg10=0.00 avg60=0.00 avg300=0.00 total=0 ``` Signed-off-by: Daniel Dao Co-authored-by: Sandor SzĂ¼cs Co-authored-by: Kir Kolyshkin Signed-off-by: Kir Kolyshkin --- events.go | 3 + libcontainer/cgroups/fs2/fs2.go | 11 ++++ libcontainer/cgroups/fs2/psi.go | 89 ++++++++++++++++++++++++++++ libcontainer/cgroups/fs2/psi_test.go | 47 +++++++++++++++ libcontainer/cgroups/stats.go | 15 +++++ tests/integration/events.bats | 29 +++++++++ tests/integration/helpers.bash | 7 +++ types/events.go | 12 +++- 8 files changed, 212 insertions(+), 1 deletion(-) create mode 100644 libcontainer/cgroups/fs2/psi.go create mode 100644 libcontainer/cgroups/fs2/psi_test.go mode change 100644 => 100755 tests/integration/helpers.bash diff --git a/events.go b/events.go index 6cdc01cdd3a..47aa1abe22b 100644 --- a/events.go +++ b/events.go @@ -129,6 +129,7 @@ func convertLibcontainerStats(ls *libcontainer.Stats) *types.Stats { s.CPU.Throttling.Periods = cg.CpuStats.ThrottlingData.Periods s.CPU.Throttling.ThrottledPeriods = cg.CpuStats.ThrottlingData.ThrottledPeriods s.CPU.Throttling.ThrottledTime = cg.CpuStats.ThrottlingData.ThrottledTime + s.CPU.PSI = cg.CpuStats.PSI s.CPUSet = types.CPUSet(cg.CPUSetStats) @@ -138,6 +139,7 @@ func convertLibcontainerStats(ls *libcontainer.Stats) *types.Stats { s.Memory.Swap = convertMemoryEntry(cg.MemoryStats.SwapUsage) s.Memory.Usage = convertMemoryEntry(cg.MemoryStats.Usage) s.Memory.Raw = cg.MemoryStats.Stats + s.Memory.PSI = cg.MemoryStats.PSI s.Blkio.IoServiceBytesRecursive = convertBlkioEntry(cg.BlkioStats.IoServiceBytesRecursive) s.Blkio.IoServicedRecursive = convertBlkioEntry(cg.BlkioStats.IoServicedRecursive) @@ -147,6 +149,7 @@ func convertLibcontainerStats(ls *libcontainer.Stats) *types.Stats { s.Blkio.IoMergedRecursive = convertBlkioEntry(cg.BlkioStats.IoMergedRecursive) s.Blkio.IoTimeRecursive = convertBlkioEntry(cg.BlkioStats.IoTimeRecursive) s.Blkio.SectorsRecursive = convertBlkioEntry(cg.BlkioStats.SectorsRecursive) + s.Blkio.PSI = cg.BlkioStats.PSI s.Hugetlb = make(map[string]types.Hugetlb) for k, v := range cg.HugetlbStats { diff --git a/libcontainer/cgroups/fs2/fs2.go b/libcontainer/cgroups/fs2/fs2.go index 42b5bcb60cf..47b67afc2a1 100644 --- a/libcontainer/cgroups/fs2/fs2.go +++ b/libcontainer/cgroups/fs2/fs2.go @@ -114,6 +114,17 @@ func (m *Manager) GetStats() (*cgroups.Stats, error) { if err := statCpu(m.dirPath, st); err != nil && !os.IsNotExist(err) { errs = append(errs, err) } + // PSI (since kernel 4.20). + var err error + if st.CpuStats.PSI, err = statPSI(m.dirPath, "cpu.pressure"); err != nil { + errs = append(errs, err) + } + if st.MemoryStats.PSI, err = statPSI(m.dirPath, "memory.pressure"); err != nil { + errs = append(errs, err) + } + if st.BlkioStats.PSI, err = statPSI(m.dirPath, "io.pressure"); err != nil { + errs = append(errs, err) + } // hugetlb (since kernel 5.6) if err := statHugeTlb(m.dirPath, st); err != nil && !os.IsNotExist(err) { errs = append(errs, err) diff --git a/libcontainer/cgroups/fs2/psi.go b/libcontainer/cgroups/fs2/psi.go new file mode 100644 index 00000000000..09f34888516 --- /dev/null +++ b/libcontainer/cgroups/fs2/psi.go @@ -0,0 +1,89 @@ +package fs2 + +import ( + "bufio" + "errors" + "fmt" + "os" + "strconv" + "strings" + + "golang.org/x/sys/unix" + + "github.com/opencontainers/runc/libcontainer/cgroups" +) + +func statPSI(dirPath string, file string) (*cgroups.PSIStats, error) { + f, err := cgroups.OpenFile(dirPath, file, os.O_RDONLY) + if err != nil { + if errors.Is(err, os.ErrNotExist) { + // Kernel < 4.20, or CONFIG_PSI is not set, + // or PSI stats are turned off for the cgroup + // ("echo 0 > cgroup.pressure", kernel >= 6.1). + return nil, nil + } + return nil, err + } + defer f.Close() + + var psistats cgroups.PSIStats + sc := bufio.NewScanner(f) + for sc.Scan() { + parts := strings.Fields(sc.Text()) + var pv *cgroups.PSIData + switch parts[0] { + case "some": + pv = &psistats.Some + case "full": + pv = &psistats.Full + } + if pv != nil { + *pv, err = parsePSIData(parts[1:]) + if err != nil { + return nil, &parseError{Path: dirPath, File: file, Err: err} + } + } + } + if err := sc.Err(); err != nil { + if errors.Is(err, unix.ENOTSUP) { + // Some kernels (e.g. CS9) may return ENOTSUP on read + // if psi=1 kernel cmdline parameter is required. + return nil, nil + } + return nil, &parseError{Path: dirPath, File: file, Err: err} + } + return &psistats, nil +} + +func parsePSIData(psi []string) (cgroups.PSIData, error) { + data := cgroups.PSIData{} + for _, f := range psi { + kv := strings.SplitN(f, "=", 2) + if len(kv) != 2 { + return data, fmt.Errorf("invalid psi data: %q", f) + } + var pv *float64 + switch kv[0] { + case "avg10": + pv = &data.Avg10 + case "avg60": + pv = &data.Avg60 + case "avg300": + pv = &data.Avg300 + case "total": + v, err := strconv.ParseUint(kv[1], 10, 64) + if err != nil { + return data, fmt.Errorf("invalid %s PSI value: %w", kv[0], err) + } + data.Total = v + } + if pv != nil { + v, err := strconv.ParseFloat(kv[1], 64) + if err != nil { + return data, fmt.Errorf("invalid %s PSI value: %w", kv[0], err) + } + *pv = v + } + } + return data, nil +} diff --git a/libcontainer/cgroups/fs2/psi_test.go b/libcontainer/cgroups/fs2/psi_test.go new file mode 100644 index 00000000000..f70c19f7835 --- /dev/null +++ b/libcontainer/cgroups/fs2/psi_test.go @@ -0,0 +1,47 @@ +package fs2 + +import ( + "os" + "path/filepath" + "reflect" + "testing" + + "github.com/opencontainers/runc/libcontainer/cgroups" +) + +func TestStatCPUPSI(t *testing.T) { + const examplePSIData = `some avg10=1.71 avg60=2.36 avg300=2.57 total=230548833 +full avg10=1.00 avg60=1.01 avg300=1.00 total=157622356` + + // We're using a fake cgroupfs. + cgroups.TestMode = true + + fakeCgroupDir := t.TempDir() + statPath := filepath.Join(fakeCgroupDir, "cpu.pressure") + + if err := os.WriteFile(statPath, []byte(examplePSIData), 0o644); err != nil { + t.Fatal(err) + } + + st, err := statPSI(fakeCgroupDir, "cpu.pressure") + if err != nil { + t.Fatal(err) + } + + if !reflect.DeepEqual(*st, cgroups.PSIStats{ + Some: cgroups.PSIData{ + Avg10: 1.71, + Avg60: 2.36, + Avg300: 2.57, + Total: 230548833, + }, + Full: cgroups.PSIData{ + Avg10: 1.00, + Avg60: 1.01, + Avg300: 1.00, + Total: 157622356, + }, + }) { + t.Errorf("unexpected PSI result: %+v", st) + } +} diff --git a/libcontainer/cgroups/stats.go b/libcontainer/cgroups/stats.go index 40a81dd5a86..8ff1fbb52bb 100644 --- a/libcontainer/cgroups/stats.go +++ b/libcontainer/cgroups/stats.go @@ -32,9 +32,22 @@ type CpuUsage struct { UsageInUsermode uint64 `json:"usage_in_usermode"` } +type PSIData struct { + Avg10 float64 `json:"avg10"` + Avg60 float64 `json:"avg60"` + Avg300 float64 `json:"avg300"` + Total uint64 `json:"total"` +} + +type PSIStats struct { + Some PSIData `json:"some,omitempty"` + Full PSIData `json:"full,omitempty"` +} + type CpuStats struct { CpuUsage CpuUsage `json:"cpu_usage,omitempty"` ThrottlingData ThrottlingData `json:"throttling_data,omitempty"` + PSI *PSIStats `json:"psi,omitempty"` } type CPUSetStats struct { @@ -89,6 +102,7 @@ type MemoryStats struct { UseHierarchy bool `json:"use_hierarchy"` Stats map[string]uint64 `json:"stats,omitempty"` + PSI *PSIStats `json:"psi,omitempty"` } type PageUsageByNUMA struct { @@ -133,6 +147,7 @@ type BlkioStats struct { IoMergedRecursive []BlkioStatEntry `json:"io_merged_recursive,omitempty"` IoTimeRecursive []BlkioStatEntry `json:"io_time_recursive,omitempty"` SectorsRecursive []BlkioStatEntry `json:"sectors_recursive,omitempty"` + PSI *PSIStats `json:"psi,omitempty"` } type HugetlbStats struct { diff --git a/tests/integration/events.bats b/tests/integration/events.bats index 051c81e4e28..707fe4e73fc 100644 --- a/tests/integration/events.bats +++ b/tests/integration/events.bats @@ -27,6 +27,35 @@ function teardown() { [[ "${lines[0]}" == *"data"* ]] } +# shellcheck disable=SC2030 +@test "events --stats with psi data" { + requires root cgroups_v2 psi + init_cgroup_paths + + update_config '.linux.resources.cpu |= { "quota": 1000 }' + + runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox + [ "$status" -eq 0 ] + + # Stress the CPU a bit. Need something that runs for more than 10s. + runc exec test_busybox dd if=/dev/zero bs=1 count=128K of=/dev/null + [ "$status" -eq 0 ] + + runc exec test_busybox sh -c 'tail /sys/fs/cgroup/*.pressure' + + runc events --stats test_busybox + [ "$status" -eq 0 ] + + # Check PSI metrics. + jq '.data.cpu.psi' <<<"${lines[0]}" + for psi_type in some full; do + for psi_metric in avg10 avg60 avg300 total; do + echo -n "checking .data.cpu.psi.$psi_type.$psi_metric != 0: " + jq -e '.data.cpu.psi.'$psi_type.$psi_metric' != 0' <<<"${lines[0]}" + done + done +} + function test_events() { # XXX: currently cgroups require root containers. requires root diff --git a/tests/integration/helpers.bash b/tests/integration/helpers.bash old mode 100644 new mode 100755 index 7b1cc4a088f..fb3d0e50e72 --- a/tests/integration/helpers.bash +++ b/tests/integration/helpers.bash @@ -477,6 +477,13 @@ function requires() { skip_me=1 fi ;; + psi) + # If PSI is not compiled in the kernel, the file will not exist. + # If PSI is compiled, but not enabled, read will fail with ENOTSUPP. + if ! cat /sys/fs/cgroup/cpu.pressure &>/dev/null; then + skip_me=1 + fi + ;; *) fail "BUG: Invalid requires $var." ;; diff --git a/types/events.go b/types/events.go index 81bde829da5..e28ac8c3836 100644 --- a/types/events.go +++ b/types/events.go @@ -1,6 +1,9 @@ package types -import "github.com/opencontainers/runc/libcontainer/intelrdt" +import ( + "github.com/opencontainers/runc/libcontainer/cgroups" + "github.com/opencontainers/runc/libcontainer/intelrdt" +) // Event struct for encoding the event data to json. type Event struct { @@ -21,6 +24,10 @@ type Stats struct { NetworkInterfaces []*NetworkInterface `json:"network_interfaces"` } +type PSIData = cgroups.PSIData + +type PSIStats = cgroups.PSIStats + type Hugetlb struct { Usage uint64 `json:"usage,omitempty"` Max uint64 `json:"max,omitempty"` @@ -43,6 +50,7 @@ type Blkio struct { IoMergedRecursive []BlkioEntry `json:"ioMergedRecursive,omitempty"` IoTimeRecursive []BlkioEntry `json:"ioTimeRecursive,omitempty"` SectorsRecursive []BlkioEntry `json:"sectorsRecursive,omitempty"` + PSI *PSIStats `json:"psi,omitempty"` } type Pids struct { @@ -69,6 +77,7 @@ type CpuUsage struct { type Cpu struct { Usage CpuUsage `json:"usage,omitempty"` Throttling Throttling `json:"throttling,omitempty"` + PSI *PSIStats `json:"psi,omitempty"` } type CPUSet struct { @@ -99,6 +108,7 @@ type Memory struct { Kernel MemoryEntry `json:"kernel,omitempty"` KernelTCP MemoryEntry `json:"kernelTCP,omitempty"` Raw map[string]uint64 `json:"raw,omitempty"` + PSI *PSIStats `json:"psi,omitempty"` } type L3CacheInfo struct { From c9209fd22369dfa4704ebec23b20c4a4112b4759 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 13 Jun 2023 17:35:27 -0700 Subject: [PATCH 0270/1176] ci/gha: don't skip rootless+systemd on ubuntu 22.04 We used to skip testing rootless integration tests for systemd, because in case of cgroup v1 it does not support user delegation. Since we added ubuntu 22.04 to the testing matrix, we can actually test rootless+systemd there (with the proper systemd setup). Fixes: 953e1cc48547942481ff71f58fff7bb9cb76e5d2 Signed-off-by: Kir Kolyshkin --- .github/workflows/test.yml | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 4e830e53a87..56bae35f36f 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -98,9 +98,16 @@ jobs: run: sudo -E PATH="$PATH" script -e -c 'make local${{ matrix.rootless }}integration' - name: integration test (systemd driver) - # can't use systemd driver with cgroupv1 - if: matrix.rootless != 'rootless' - run: sudo -E PATH="$PATH" script -e -c 'make RUNC_USE_SYSTEMD=yes local${{ matrix.rootless }}integration' + # Skip rootless+systemd for ubuntu 20.04 because of cgroup v1. + if: ${{ !(matrix.os == 'ubuntu-20.04' && matrix.rootless == 'rootless') }} + run: | + # Delegate all cgroup v2 controllers to rootless user via --systemd-cgroup. + # The default (since systemd v252) is "pids memory cpu". + sudo mkdir -p /etc/systemd/system/user@.service.d + printf "[Service]\nDelegate=yes\n" | sudo tee /etc/systemd/system/user@.service.d/delegate.conf + sudo systemctl daemon-reload + # Run the tests. + sudo -E PATH="$PATH" script -e -c 'make RUNC_USE_SYSTEMD=yes local${{ matrix.rootless }}integration' # We need to continue support for 32-bit ARM. # However, we do not have 32-bit ARM CI, so we use i386 for testing 32bit stuff. From e3627658fa92f304d72a00a21dc729571a7fd4f6 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 16 Jun 2023 10:04:01 -0700 Subject: [PATCH 0271/1176] .codespellrc: update for 2.2.5 Remove some old exceptions (no longer needed), add a new one (codespell 2.2.5 flags "(mis)features" in docs/terminal.md). Signed-off-by: Kir Kolyshkin --- .codespellrc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.codespellrc b/.codespellrc index cd594b8d3c7..07cbbb1d420 100644 --- a/.codespellrc +++ b/.codespellrc @@ -1,3 +1,3 @@ [codespell] skip = ./vendor,./.git,./go.sum -ignore-words-list = clos,creat,ro,complies +ignore-words-list = clos,mis From a52efc1ffd79d27959138f159526e737781fa804 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 21 Jun 2023 18:13:29 +0000 Subject: [PATCH 0272/1176] build(deps): bump golang.org/x/net from 0.10.0 to 0.11.0 Bumps [golang.org/x/net](https://github.com/golang/net) from 0.10.0 to 0.11.0. - [Commits](https://github.com/golang/net/compare/v0.10.0...v0.11.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- vendor/modules.txt | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index c0375db7f12..2484eaffbfc 100644 --- a/go.mod +++ b/go.mod @@ -19,7 +19,7 @@ require ( github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 github.com/urfave/cli v1.22.12 github.com/vishvananda/netlink v1.1.0 - golang.org/x/net v0.10.0 + golang.org/x/net v0.11.0 golang.org/x/sys v0.9.0 google.golang.org/protobuf v1.30.0 ) diff --git a/go.sum b/go.sum index 64eda00e1c2..9d2065c5604 100644 --- a/go.sum +++ b/go.sum @@ -61,8 +61,8 @@ github.com/vishvananda/netlink v1.1.0 h1:1iyaYNBLmP6L0220aDnYQpo1QEV4t4hJ+xEEhhJ github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE= github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df h1:OviZH7qLw/7ZovXvuNyL3XQl8UFofeikI1NW1Gypu7k= github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU= -golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M= -golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= +golang.org/x/net v0.11.0 h1:Gi2tvZIJyBtO9SDr1q9h5hEQCp/4L2RQ+ar0qjx2oNU= +golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ= golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= diff --git a/vendor/modules.txt b/vendor/modules.txt index f27f20fef44..74aab0fe853 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -68,7 +68,7 @@ github.com/vishvananda/netlink/nl # github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df ## explicit; go 1.12 github.com/vishvananda/netns -# golang.org/x/net v0.10.0 +# golang.org/x/net v0.11.0 ## explicit; go 1.17 golang.org/x/net/bpf # golang.org/x/sys v0.9.0 From eb55472ee1254269296e021284045cea21d6a9e6 Mon Sep 17 00:00:00 2001 From: TTFISH Date: Sun, 25 Jun 2023 17:32:23 +0800 Subject: [PATCH 0273/1176] Fix integration tests failure when calling "ip" Signed-off-by: TTFISH --- Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile b/Dockerfile index 8c4138b6dae..96ead8c4918 100644 --- a/Dockerfile +++ b/Dockerfile @@ -31,6 +31,7 @@ RUN KEYFILE=/usr/share/keyrings/criu-repo-keyring.gpg; \ sshfs \ sudo \ uidmap \ + iproute2 \ && apt-get clean \ && rm -rf /var/cache/apt /var/lib/apt/lists/* /etc/apt/sources.list.d/*.list From 9fa8b9de3e74c306db186494187fb789f0fdab4d Mon Sep 17 00:00:00 2001 From: Brian Goff Date: Thu, 22 Jun 2023 21:35:19 +0000 Subject: [PATCH 0274/1176] Fix tmpfs mode opts when dir already exists When a directory already exists (or after a container is restarted) the perms of the directory being mounted to were being used even when a different permission is set on the tmpfs mount options. This prepends the original directory perms to the mount options. If the perms were already set in the mount opts then those perms will win. This eliminates the need to perform a chmod after mount entirely. Signed-off-by: Brian Goff --- libcontainer/rootfs_linux.go | 20 ++++++++------------ tests/integration/run.bats | 34 ++++++++++++++++++++++++++++++++++ 2 files changed, 42 insertions(+), 12 deletions(-) diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index 4c9e90f047f..00e84e7918f 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -443,11 +443,16 @@ func mountToRootfs(c *mountConfig, m mountEntry) error { } return label.SetFileLabel(dest, mountLabel) case "tmpfs": - stat, err := os.Stat(dest) - if err != nil { + if stat, err := os.Stat(dest); err != nil { if err := os.MkdirAll(dest, 0o755); err != nil { return err } + } else { + dt := fmt.Sprintf("mode=%04o", stat.Mode()) + if m.Data != "" { + dt = dt + "," + m.Data + } + m.Data = dt } if m.Extensions&configs.EXT_COPYUP == configs.EXT_COPYUP { @@ -456,16 +461,7 @@ func mountToRootfs(c *mountConfig, m mountEntry) error { err = mountPropagate(m, rootfs, mountLabel) } - if err != nil { - return err - } - - if stat != nil { - if err = os.Chmod(dest, stat.Mode()); err != nil { - return err - } - } - return nil + return err case "bind": if err := prepareBindMount(m, rootfs); err != nil { return err diff --git a/tests/integration/run.bats b/tests/integration/run.bats index ae4e0fa593a..8afc4bbe860 100644 --- a/tests/integration/run.bats +++ b/tests/integration/run.bats @@ -76,3 +76,37 @@ function teardown() { [ "$status" -eq 0 ] [[ "${lines[0]}" == *'mydomainname'* ]] } + +@test "runc run with tmpfs perms" { + # shellcheck disable=SC2016 + update_config '.process.args = ["sh", "-c", "stat -c %a /tmp/test"]' + update_config '.mounts += [{"destination": "/tmp/test", "type": "tmpfs", "source": "tmpfs", "options": ["mode=0444"]}]' + + # Directory is to be created by runc. + runc run test_tmpfs + [ "$status" -eq 0 ] + [ "$output" = "444" ] + + # Run a 2nd time with the pre-existing directory. + # Ref: https://github.com/opencontainers/runc/issues/3911 + runc run test_tmpfs + [ "$status" -eq 0 ] + [ "$output" = "444" ] + + # Existing directory, custom perms, no mode on the mount, + # so it should use the directory's perms. + update_config '.mounts[-1].options = []' + chmod 0710 rootfs/tmp/test + # shellcheck disable=SC2016 + runc run test_tmpfs + [ "$status" -eq 0 ] + [ "$output" = "710" ] + + # Add back the mode on the mount, and it should use that instead. + # Just for fun, use different perms than was used earlier. + # shellcheck disable=SC2016 + update_config '.mounts[-1].options = ["mode=0410"]' + runc run test_tmpfs + [ "$status" -eq 0 ] + [ "$output" = "410" ] +} From a57d94d3ad81ab190d422c65d1448b35e774605a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 27 Jun 2023 04:58:59 +0000 Subject: [PATCH 0275/1176] build(deps): bump google.golang.org/protobuf from 1.30.0 to 1.31.0 Bumps google.golang.org/protobuf from 1.30.0 to 1.31.0. --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 +- .../protobuf/encoding/prototext/encode.go | 14 ++++-- .../protobuf/internal/encoding/text/encode.go | 10 ++-- .../protobuf/internal/genid/descriptor_gen.go | 48 +++++++++++++++++++ .../protobuf/internal/genid/type_gen.go | 6 +++ .../protobuf/internal/order/order.go | 2 +- .../protobuf/internal/version/version.go | 2 +- .../google.golang.org/protobuf/proto/size.go | 10 ++-- .../reflect/protoreflect/source_gen.go | 27 +++++++++++ vendor/modules.txt | 2 +- 11 files changed, 110 insertions(+), 17 deletions(-) diff --git a/go.mod b/go.mod index 2484eaffbfc..404913a1e05 100644 --- a/go.mod +++ b/go.mod @@ -21,7 +21,7 @@ require ( github.com/vishvananda/netlink v1.1.0 golang.org/x/net v0.11.0 golang.org/x/sys v0.9.0 - google.golang.org/protobuf v1.30.0 + google.golang.org/protobuf v1.31.0 ) require ( diff --git a/go.sum b/go.sum index 9d2065c5604..28b2e2a954c 100644 --- a/go.sum +++ b/go.sum @@ -72,8 +72,8 @@ golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng= -google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8= +google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/vendor/google.golang.org/protobuf/encoding/prototext/encode.go b/vendor/google.golang.org/protobuf/encoding/prototext/encode.go index ebf6c65284d..722a7b41df3 100644 --- a/vendor/google.golang.org/protobuf/encoding/prototext/encode.go +++ b/vendor/google.golang.org/protobuf/encoding/prototext/encode.go @@ -101,13 +101,19 @@ func (o MarshalOptions) Format(m proto.Message) string { // MarshalOptions object. Do not depend on the output being stable. It may // change over time across different versions of the program. func (o MarshalOptions) Marshal(m proto.Message) ([]byte, error) { - return o.marshal(m) + return o.marshal(nil, m) +} + +// MarshalAppend appends the textproto format encoding of m to b, +// returning the result. +func (o MarshalOptions) MarshalAppend(b []byte, m proto.Message) ([]byte, error) { + return o.marshal(b, m) } // marshal is a centralized function that all marshal operations go through. // For profiling purposes, avoid changing the name of this function or // introducing other code paths for marshal that do not go through this. -func (o MarshalOptions) marshal(m proto.Message) ([]byte, error) { +func (o MarshalOptions) marshal(b []byte, m proto.Message) ([]byte, error) { var delims = [2]byte{'{', '}'} if o.Multiline && o.Indent == "" { @@ -117,7 +123,7 @@ func (o MarshalOptions) marshal(m proto.Message) ([]byte, error) { o.Resolver = protoregistry.GlobalTypes } - internalEnc, err := text.NewEncoder(o.Indent, delims, o.EmitASCII) + internalEnc, err := text.NewEncoder(b, o.Indent, delims, o.EmitASCII) if err != nil { return nil, err } @@ -125,7 +131,7 @@ func (o MarshalOptions) marshal(m proto.Message) ([]byte, error) { // Treat nil message interface as an empty message, // in which case there is nothing to output. if m == nil { - return []byte{}, nil + return b, nil } enc := encoder{internalEnc, o} diff --git a/vendor/google.golang.org/protobuf/internal/encoding/text/encode.go b/vendor/google.golang.org/protobuf/internal/encoding/text/encode.go index da289ccce6e..cf7aed77bc3 100644 --- a/vendor/google.golang.org/protobuf/internal/encoding/text/encode.go +++ b/vendor/google.golang.org/protobuf/internal/encoding/text/encode.go @@ -53,8 +53,10 @@ type encoderState struct { // If outputASCII is true, strings will be serialized in such a way that // multi-byte UTF-8 sequences are escaped. This property ensures that the // overall output is ASCII (as opposed to UTF-8). -func NewEncoder(indent string, delims [2]byte, outputASCII bool) (*Encoder, error) { - e := &Encoder{} +func NewEncoder(buf []byte, indent string, delims [2]byte, outputASCII bool) (*Encoder, error) { + e := &Encoder{ + encoderState: encoderState{out: buf}, + } if len(indent) > 0 { if strings.Trim(indent, " \t") != "" { return nil, errors.New("indent may only be composed of space and tab characters") @@ -195,13 +197,13 @@ func appendFloat(out []byte, n float64, bitSize int) []byte { // WriteInt writes out the given signed integer value. func (e *Encoder) WriteInt(n int64) { e.prepareNext(scalar) - e.out = append(e.out, strconv.FormatInt(n, 10)...) + e.out = strconv.AppendInt(e.out, n, 10) } // WriteUint writes out the given unsigned integer value. func (e *Encoder) WriteUint(n uint64) { e.prepareNext(scalar) - e.out = append(e.out, strconv.FormatUint(n, 10)...) + e.out = strconv.AppendUint(e.out, n, 10) } // WriteLiteral writes out the given string as a literal value without quotes. diff --git a/vendor/google.golang.org/protobuf/internal/genid/descriptor_gen.go b/vendor/google.golang.org/protobuf/internal/genid/descriptor_gen.go index 5c0e8f73f4e..136f1b21573 100644 --- a/vendor/google.golang.org/protobuf/internal/genid/descriptor_gen.go +++ b/vendor/google.golang.org/protobuf/internal/genid/descriptor_gen.go @@ -183,13 +183,58 @@ const ( // Field names for google.protobuf.ExtensionRangeOptions. const ( ExtensionRangeOptions_UninterpretedOption_field_name protoreflect.Name = "uninterpreted_option" + ExtensionRangeOptions_Declaration_field_name protoreflect.Name = "declaration" + ExtensionRangeOptions_Verification_field_name protoreflect.Name = "verification" ExtensionRangeOptions_UninterpretedOption_field_fullname protoreflect.FullName = "google.protobuf.ExtensionRangeOptions.uninterpreted_option" + ExtensionRangeOptions_Declaration_field_fullname protoreflect.FullName = "google.protobuf.ExtensionRangeOptions.declaration" + ExtensionRangeOptions_Verification_field_fullname protoreflect.FullName = "google.protobuf.ExtensionRangeOptions.verification" ) // Field numbers for google.protobuf.ExtensionRangeOptions. const ( ExtensionRangeOptions_UninterpretedOption_field_number protoreflect.FieldNumber = 999 + ExtensionRangeOptions_Declaration_field_number protoreflect.FieldNumber = 2 + ExtensionRangeOptions_Verification_field_number protoreflect.FieldNumber = 3 +) + +// Full and short names for google.protobuf.ExtensionRangeOptions.VerificationState. +const ( + ExtensionRangeOptions_VerificationState_enum_fullname = "google.protobuf.ExtensionRangeOptions.VerificationState" + ExtensionRangeOptions_VerificationState_enum_name = "VerificationState" +) + +// Names for google.protobuf.ExtensionRangeOptions.Declaration. +const ( + ExtensionRangeOptions_Declaration_message_name protoreflect.Name = "Declaration" + ExtensionRangeOptions_Declaration_message_fullname protoreflect.FullName = "google.protobuf.ExtensionRangeOptions.Declaration" +) + +// Field names for google.protobuf.ExtensionRangeOptions.Declaration. +const ( + ExtensionRangeOptions_Declaration_Number_field_name protoreflect.Name = "number" + ExtensionRangeOptions_Declaration_FullName_field_name protoreflect.Name = "full_name" + ExtensionRangeOptions_Declaration_Type_field_name protoreflect.Name = "type" + ExtensionRangeOptions_Declaration_IsRepeated_field_name protoreflect.Name = "is_repeated" + ExtensionRangeOptions_Declaration_Reserved_field_name protoreflect.Name = "reserved" + ExtensionRangeOptions_Declaration_Repeated_field_name protoreflect.Name = "repeated" + + ExtensionRangeOptions_Declaration_Number_field_fullname protoreflect.FullName = "google.protobuf.ExtensionRangeOptions.Declaration.number" + ExtensionRangeOptions_Declaration_FullName_field_fullname protoreflect.FullName = "google.protobuf.ExtensionRangeOptions.Declaration.full_name" + ExtensionRangeOptions_Declaration_Type_field_fullname protoreflect.FullName = "google.protobuf.ExtensionRangeOptions.Declaration.type" + ExtensionRangeOptions_Declaration_IsRepeated_field_fullname protoreflect.FullName = "google.protobuf.ExtensionRangeOptions.Declaration.is_repeated" + ExtensionRangeOptions_Declaration_Reserved_field_fullname protoreflect.FullName = "google.protobuf.ExtensionRangeOptions.Declaration.reserved" + ExtensionRangeOptions_Declaration_Repeated_field_fullname protoreflect.FullName = "google.protobuf.ExtensionRangeOptions.Declaration.repeated" +) + +// Field numbers for google.protobuf.ExtensionRangeOptions.Declaration. +const ( + ExtensionRangeOptions_Declaration_Number_field_number protoreflect.FieldNumber = 1 + ExtensionRangeOptions_Declaration_FullName_field_number protoreflect.FieldNumber = 2 + ExtensionRangeOptions_Declaration_Type_field_number protoreflect.FieldNumber = 3 + ExtensionRangeOptions_Declaration_IsRepeated_field_number protoreflect.FieldNumber = 4 + ExtensionRangeOptions_Declaration_Reserved_field_number protoreflect.FieldNumber = 5 + ExtensionRangeOptions_Declaration_Repeated_field_number protoreflect.FieldNumber = 6 ) // Names for google.protobuf.FieldDescriptorProto. @@ -540,6 +585,7 @@ const ( FieldOptions_DebugRedact_field_name protoreflect.Name = "debug_redact" FieldOptions_Retention_field_name protoreflect.Name = "retention" FieldOptions_Target_field_name protoreflect.Name = "target" + FieldOptions_Targets_field_name protoreflect.Name = "targets" FieldOptions_UninterpretedOption_field_name protoreflect.Name = "uninterpreted_option" FieldOptions_Ctype_field_fullname protoreflect.FullName = "google.protobuf.FieldOptions.ctype" @@ -552,6 +598,7 @@ const ( FieldOptions_DebugRedact_field_fullname protoreflect.FullName = "google.protobuf.FieldOptions.debug_redact" FieldOptions_Retention_field_fullname protoreflect.FullName = "google.protobuf.FieldOptions.retention" FieldOptions_Target_field_fullname protoreflect.FullName = "google.protobuf.FieldOptions.target" + FieldOptions_Targets_field_fullname protoreflect.FullName = "google.protobuf.FieldOptions.targets" FieldOptions_UninterpretedOption_field_fullname protoreflect.FullName = "google.protobuf.FieldOptions.uninterpreted_option" ) @@ -567,6 +614,7 @@ const ( FieldOptions_DebugRedact_field_number protoreflect.FieldNumber = 16 FieldOptions_Retention_field_number protoreflect.FieldNumber = 17 FieldOptions_Target_field_number protoreflect.FieldNumber = 18 + FieldOptions_Targets_field_number protoreflect.FieldNumber = 19 FieldOptions_UninterpretedOption_field_number protoreflect.FieldNumber = 999 ) diff --git a/vendor/google.golang.org/protobuf/internal/genid/type_gen.go b/vendor/google.golang.org/protobuf/internal/genid/type_gen.go index 3bc710138ad..e0f75fea0a1 100644 --- a/vendor/google.golang.org/protobuf/internal/genid/type_gen.go +++ b/vendor/google.golang.org/protobuf/internal/genid/type_gen.go @@ -32,6 +32,7 @@ const ( Type_Options_field_name protoreflect.Name = "options" Type_SourceContext_field_name protoreflect.Name = "source_context" Type_Syntax_field_name protoreflect.Name = "syntax" + Type_Edition_field_name protoreflect.Name = "edition" Type_Name_field_fullname protoreflect.FullName = "google.protobuf.Type.name" Type_Fields_field_fullname protoreflect.FullName = "google.protobuf.Type.fields" @@ -39,6 +40,7 @@ const ( Type_Options_field_fullname protoreflect.FullName = "google.protobuf.Type.options" Type_SourceContext_field_fullname protoreflect.FullName = "google.protobuf.Type.source_context" Type_Syntax_field_fullname protoreflect.FullName = "google.protobuf.Type.syntax" + Type_Edition_field_fullname protoreflect.FullName = "google.protobuf.Type.edition" ) // Field numbers for google.protobuf.Type. @@ -49,6 +51,7 @@ const ( Type_Options_field_number protoreflect.FieldNumber = 4 Type_SourceContext_field_number protoreflect.FieldNumber = 5 Type_Syntax_field_number protoreflect.FieldNumber = 6 + Type_Edition_field_number protoreflect.FieldNumber = 7 ) // Names for google.protobuf.Field. @@ -121,12 +124,14 @@ const ( Enum_Options_field_name protoreflect.Name = "options" Enum_SourceContext_field_name protoreflect.Name = "source_context" Enum_Syntax_field_name protoreflect.Name = "syntax" + Enum_Edition_field_name protoreflect.Name = "edition" Enum_Name_field_fullname protoreflect.FullName = "google.protobuf.Enum.name" Enum_Enumvalue_field_fullname protoreflect.FullName = "google.protobuf.Enum.enumvalue" Enum_Options_field_fullname protoreflect.FullName = "google.protobuf.Enum.options" Enum_SourceContext_field_fullname protoreflect.FullName = "google.protobuf.Enum.source_context" Enum_Syntax_field_fullname protoreflect.FullName = "google.protobuf.Enum.syntax" + Enum_Edition_field_fullname protoreflect.FullName = "google.protobuf.Enum.edition" ) // Field numbers for google.protobuf.Enum. @@ -136,6 +141,7 @@ const ( Enum_Options_field_number protoreflect.FieldNumber = 3 Enum_SourceContext_field_number protoreflect.FieldNumber = 4 Enum_Syntax_field_number protoreflect.FieldNumber = 5 + Enum_Edition_field_number protoreflect.FieldNumber = 6 ) // Names for google.protobuf.EnumValue. diff --git a/vendor/google.golang.org/protobuf/internal/order/order.go b/vendor/google.golang.org/protobuf/internal/order/order.go index 33745ed0625..dea522e127d 100644 --- a/vendor/google.golang.org/protobuf/internal/order/order.go +++ b/vendor/google.golang.org/protobuf/internal/order/order.go @@ -33,7 +33,7 @@ var ( return !inOneof(ox) && inOneof(oy) } // Fields in disjoint oneof sets are sorted by declaration index. - if ox != nil && oy != nil && ox != oy { + if inOneof(ox) && inOneof(oy) && ox != oy { return ox.Index() < oy.Index() } // Fields sorted by field number. diff --git a/vendor/google.golang.org/protobuf/internal/version/version.go b/vendor/google.golang.org/protobuf/internal/version/version.go index f7014cd51cd..0999f29d501 100644 --- a/vendor/google.golang.org/protobuf/internal/version/version.go +++ b/vendor/google.golang.org/protobuf/internal/version/version.go @@ -51,7 +51,7 @@ import ( // 10. Send out the CL for review and submit it. const ( Major = 1 - Minor = 30 + Minor = 31 Patch = 0 PreRelease = "" ) diff --git a/vendor/google.golang.org/protobuf/proto/size.go b/vendor/google.golang.org/protobuf/proto/size.go index 554b9c6c09a..f1692b49b6c 100644 --- a/vendor/google.golang.org/protobuf/proto/size.go +++ b/vendor/google.golang.org/protobuf/proto/size.go @@ -73,23 +73,27 @@ func (o MarshalOptions) sizeField(fd protoreflect.FieldDescriptor, value protore } func (o MarshalOptions) sizeList(num protowire.Number, fd protoreflect.FieldDescriptor, list protoreflect.List) (size int) { + sizeTag := protowire.SizeTag(num) + if fd.IsPacked() && list.Len() > 0 { content := 0 for i, llen := 0, list.Len(); i < llen; i++ { content += o.sizeSingular(num, fd.Kind(), list.Get(i)) } - return protowire.SizeTag(num) + protowire.SizeBytes(content) + return sizeTag + protowire.SizeBytes(content) } for i, llen := 0, list.Len(); i < llen; i++ { - size += protowire.SizeTag(num) + o.sizeSingular(num, fd.Kind(), list.Get(i)) + size += sizeTag + o.sizeSingular(num, fd.Kind(), list.Get(i)) } return size } func (o MarshalOptions) sizeMap(num protowire.Number, fd protoreflect.FieldDescriptor, mapv protoreflect.Map) (size int) { + sizeTag := protowire.SizeTag(num) + mapv.Range(func(key protoreflect.MapKey, value protoreflect.Value) bool { - size += protowire.SizeTag(num) + size += sizeTag size += protowire.SizeBytes(o.sizeField(fd.MapKey(), key.Value()) + o.sizeField(fd.MapValue(), value)) return true }) diff --git a/vendor/google.golang.org/protobuf/reflect/protoreflect/source_gen.go b/vendor/google.golang.org/protobuf/reflect/protoreflect/source_gen.go index 54ce326df94..717b106f3da 100644 --- a/vendor/google.golang.org/protobuf/reflect/protoreflect/source_gen.go +++ b/vendor/google.golang.org/protobuf/reflect/protoreflect/source_gen.go @@ -363,6 +363,8 @@ func (p *SourcePath) appendFieldOptions(b []byte) []byte { b = p.appendSingularField(b, "retention", nil) case 18: b = p.appendSingularField(b, "target", nil) + case 19: + b = p.appendRepeatedField(b, "targets", nil) case 999: b = p.appendRepeatedField(b, "uninterpreted_option", (*SourcePath).appendUninterpretedOption) } @@ -418,6 +420,10 @@ func (p *SourcePath) appendExtensionRangeOptions(b []byte) []byte { switch (*p)[0] { case 999: b = p.appendRepeatedField(b, "uninterpreted_option", (*SourcePath).appendUninterpretedOption) + case 2: + b = p.appendRepeatedField(b, "declaration", (*SourcePath).appendExtensionRangeOptions_Declaration) + case 3: + b = p.appendSingularField(b, "verification", nil) } return b } @@ -473,3 +479,24 @@ func (p *SourcePath) appendUninterpretedOption_NamePart(b []byte) []byte { } return b } + +func (p *SourcePath) appendExtensionRangeOptions_Declaration(b []byte) []byte { + if len(*p) == 0 { + return b + } + switch (*p)[0] { + case 1: + b = p.appendSingularField(b, "number", nil) + case 2: + b = p.appendSingularField(b, "full_name", nil) + case 3: + b = p.appendSingularField(b, "type", nil) + case 4: + b = p.appendSingularField(b, "is_repeated", nil) + case 5: + b = p.appendSingularField(b, "reserved", nil) + case 6: + b = p.appendSingularField(b, "repeated", nil) + } + return b +} diff --git a/vendor/modules.txt b/vendor/modules.txt index 74aab0fe853..8a79dde9645 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -77,7 +77,7 @@ golang.org/x/sys/execabs golang.org/x/sys/internal/unsafeheader golang.org/x/sys/unix golang.org/x/sys/windows -# google.golang.org/protobuf v1.30.0 +# google.golang.org/protobuf v1.31.0 ## explicit; go 1.11 google.golang.org/protobuf/encoding/prototext google.golang.org/protobuf/encoding/protowire From 5e53e6592af16d78ea41eb3a87cb368bb6a628e3 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 6 Jun 2023 17:39:47 -0700 Subject: [PATCH 0276/1176] ci: bump shellcheck to 0.9.0, fix new SC2016 warnings Signed-off-by: Kir Kolyshkin --- .github/workflows/validate.yml | 4 ++-- tests/integration/helpers.bash | 2 +- tests/integration/hooks.bats | 10 +++++----- tests/integration/update.bats | 12 ++++++------ 4 files changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 591a11bed62..0dd805e810f 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -83,9 +83,9 @@ jobs: - uses: actions/checkout@v3 - name: install shellcheck env: - VERSION: v0.8.0 + VERSION: v0.9.0 BASEURL: https://github.com/koalaman/shellcheck/releases/download - SHA256: f4bce23c11c3919c1b20bcb0f206f6b44c44e26f2bc95f8aa708716095fa0651 + SHA256: 7087178d54de6652b404c306233264463cb9e7a9afeb259bb663cc4dbfd64149 run: | mkdir ~/bin curl -sSfL --retry 5 $BASEURL/$VERSION/shellcheck-$VERSION.linux.x86_64.tar.xz | diff --git a/tests/integration/helpers.bash b/tests/integration/helpers.bash index 7b1cc4a088f..e2e6c86bb53 100644 --- a/tests/integration/helpers.bash +++ b/tests/integration/helpers.bash @@ -287,7 +287,7 @@ function check_cpu_quota() { fi check_cgroup_value "cpu.max" "$quota $period" else - check_cgroup_value "cpu.cfs_quota_us" $quota + check_cgroup_value "cpu.cfs_quota_us" "$quota" check_cgroup_value "cpu.cfs_period_us" "$period" fi # systemd values are the same for v1 and v2 diff --git a/tests/integration/hooks.bats b/tests/integration/hooks.bats index 1850f33e691..2ebc174e5a1 100644 --- a/tests/integration/hooks.bats +++ b/tests/integration/hooks.bats @@ -14,9 +14,9 @@ function setup() { function teardown() { if [ -v LIBPATH ]; then - umount "$LIBPATH"/$HOOKLIBCR.1.0.0 &>/dev/null || true - umount "$LIBPATH"/$HOOKLIBCC.1.0.0 &>/dev/null || true - rm -f $HOOKLIBCR.1.0.0 $HOOKLIBCC.1.0.0 + umount "$LIBPATH/$HOOKLIBCR".1.0.0 &>/dev/null || true + umount "$LIBPATH/$HOOKLIBCC".1.0.0 &>/dev/null || true + rm -f "$HOOKLIBCR".1.0.0 "$HOOKLIBCC".1.0.0 unset LIBPATH HOOKLIBCR HOOKLIBCC fi teardown_bundle @@ -52,8 +52,8 @@ function teardown() { [ "$status" -eq 0 ] echo "Checking create-runtime library" - echo "$output" | grep $HOOKLIBCR + echo "$output" | grep "$HOOKLIBCR" echo "Checking create-container library" - echo "$output" | grep $HOOKLIBCC + echo "$output" | grep "$HOOKLIBCC" } diff --git a/tests/integration/update.bats b/tests/integration/update.bats index 56d9f98d43e..ba7a41809f4 100644 --- a/tests/integration/update.bats +++ b/tests/integration/update.bats @@ -99,8 +99,8 @@ function setup() { # try to remove memory swap limit runc update test_update --memory-swap -1 [ "$status" -eq 0 ] - check_cgroup_value "$MEM_SWAP" $SYSTEM_MEM - check_systemd_value "$SD_MEM_SWAP" $SD_UNLIMITED + check_cgroup_value "$MEM_SWAP" "$SYSTEM_MEM" + check_systemd_value "$SD_MEM_SWAP" "$SD_UNLIMITED" # update memory swap if [ -v CGROUP_V2 ]; then @@ -123,13 +123,13 @@ function setup() { [ "$status" -eq 0 ] # check memory limit is gone - check_cgroup_value $MEM_LIMIT $SYSTEM_MEM - check_systemd_value $SD_MEM_LIMIT $SD_UNLIMITED + check_cgroup_value "$MEM_LIMIT" "$SYSTEM_MEM" + check_systemd_value "$SD_MEM_LIMIT" "$SD_UNLIMITED" # check swap memory limited is gone if [ "$HAVE_SWAP" = "yes" ]; then - check_cgroup_value $MEM_SWAP $SYSTEM_MEM - check_systemd_value "$SD_MEM_SWAP" $SD_UNLIMITED + check_cgroup_value "$MEM_SWAP" "$SYSTEM_MEM" + check_systemd_value "$SD_MEM_SWAP" "$SD_UNLIMITED" fi # update pids limit From 5cdf76719ec5b5b4b76ac498c64609beaff1c191 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 12 Apr 2023 18:55:40 -0700 Subject: [PATCH 0277/1176] libct/cg: IsCgroup2UnifiedMode: don't panic Replace a panic with a warning, unless it's ENOENT and we're running in a user namespace. In the latter case, do the same as before, i.e. report the error but using a Debug logging level. This prevents software that uses libcontainer from panicking in some exotic setups. This will also print a warning on some very old systems which does not use /sys/fs/cgroup for cgroup mount point. My bet is such systems no longer exist. Signed-off-by: Kir Kolyshkin --- libcontainer/cgroups/utils.go | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/libcontainer/cgroups/utils.go b/libcontainer/cgroups/utils.go index d75f3b8121f..27c18b697f6 100644 --- a/libcontainer/cgroups/utils.go +++ b/libcontainer/cgroups/utils.go @@ -36,13 +36,13 @@ func IsCgroup2UnifiedMode() bool { var st unix.Statfs_t err := unix.Statfs(unifiedMountpoint, &st) if err != nil { + level := logrus.WarnLevel if os.IsNotExist(err) && userns.RunningInUserNS() { - // ignore the "not found" error if running in userns - logrus.WithError(err).Debugf("%s missing, assuming cgroup v1", unifiedMountpoint) - isUnified = false - return + // For rootless containers, sweep it under the rug. + level = logrus.DebugLevel } - panic(fmt.Sprintf("cannot statfs cgroup root: %s", err)) + logrus.StandardLogger().Logf(level, + "statfs %s: %v; assuming cgroup v1", unifiedMountpoint, err) } isUnified = st.Type == unix.CGROUP2_SUPER_MAGIC }) From dacb3aaa0dc11b3af7d6d6ef1fb93536f3530b3a Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 9 Jun 2023 14:05:16 -0700 Subject: [PATCH 0278/1176] tests/int/cgroups: remove useless/wrong setting There is no such thing as linux.resources.memorySwap (the mem+swap is set as linux.resources.memory.swap). As it is not used in this test anyway, remove it. Fixes: 4929c05ad18ab99686040d8b40a969c3f884717c Signed-off-by: Kir Kolyshkin --- tests/integration/cgroups.bats | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/integration/cgroups.bats b/tests/integration/cgroups.bats index 1842bdcf3de..f06bd25f3b9 100644 --- a/tests/integration/cgroups.bats +++ b/tests/integration/cgroups.bats @@ -245,7 +245,6 @@ function setup() { set_cgroups_path # CPU shares of 3333 corresponds to CPU weight of 128. update_config ' .linux.resources.memory |= {"limit": 33554432} - | .linux.resources.memorySwap |= {"limit": 33554432} | .linux.resources.cpu |= { "shares": 3333, "quota": 40000, From 91b4cd25b7c698ff158afddc8d918546d3966fdc Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 5 Jun 2023 18:28:44 -0700 Subject: [PATCH 0279/1176] libct/cg/sd: remove logging from resetFailedUnit Sometimes we call resetFailedUnit as a cleanup measure, and we don't care if it fails or not. So, move error reporting to its callers, and ignore error in cases we don't really expect it to succeed. Signed-off-by: Kir Kolyshkin --- libcontainer/cgroups/systemd/common.go | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/libcontainer/cgroups/systemd/common.go b/libcontainer/cgroups/systemd/common.go index c577a22b03a..cbc0fb8ddaf 100644 --- a/libcontainer/cgroups/systemd/common.go +++ b/libcontainer/cgroups/systemd/common.go @@ -147,7 +147,10 @@ retry: // In case a unit with the same name exists, this may // be a leftover failed unit. Reset it, so systemd can // remove it, and retry once. - resetFailedUnit(cm, unitName) + err = resetFailedUnit(cm, unitName) + if err != nil { + logrus.Warnf("unable to reset failed unit: %v", err) + } retry = false goto retry } @@ -162,11 +165,11 @@ retry: close(statusChan) // Please refer to https://pkg.go.dev/github.com/coreos/go-systemd/v22/dbus#Conn.StartUnit if s != "done" { - resetFailedUnit(cm, unitName) + _ = resetFailedUnit(cm, unitName) return fmt.Errorf("error creating systemd unit `%s`: got `%s`", unitName, s) } case <-timeout.C: - resetFailedUnit(cm, unitName) + _ = resetFailedUnit(cm, unitName) return errors.New("Timeout waiting for systemd to create " + unitName) } @@ -197,13 +200,10 @@ func stopUnit(cm *dbusConnManager, unitName string) error { return nil } -func resetFailedUnit(cm *dbusConnManager, name string) { - err := cm.retryOnDisconnect(func(c *systemdDbus.Conn) error { +func resetFailedUnit(cm *dbusConnManager, name string) error { + return cm.retryOnDisconnect(func(c *systemdDbus.Conn) error { return c.ResetFailedUnitContext(context.TODO(), name) }) - if err != nil { - logrus.Warnf("unable to reset failed unit: %v", err) - } } func getUnitTypeProperty(cm *dbusConnManager, unitName string, unitType string, propertyName string) (*systemdDbus.Property, error) { From 43564a7b55a9299a8ef0ddaf5d01295b7a418928 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 5 Jun 2023 12:09:04 -0700 Subject: [PATCH 0280/1176] runc delete: call systemd's reset-failed runc delete is supposed to remove all the container's artefacts. In case systemd cgroup driver is used, and the systemd unit has failed (e.g. oom-killed), systemd won't remove the unit (that is, unless the "CollectMode: inactive-or-failed" property is set). Call reset-failed from manager.Destroy so the failed unit will be removed during "runc delete". Signed-off-by: Kir Kolyshkin --- libcontainer/cgroups/systemd/common.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libcontainer/cgroups/systemd/common.go b/libcontainer/cgroups/systemd/common.go index cbc0fb8ddaf..3e1a9a833e8 100644 --- a/libcontainer/cgroups/systemd/common.go +++ b/libcontainer/cgroups/systemd/common.go @@ -197,6 +197,10 @@ func stopUnit(cm *dbusConnManager, unitName string) error { return errors.New("Timed out while waiting for systemd to remove " + unitName) } } + + // In case of a failed unit, let systemd remove it. + _ = resetFailedUnit(cm, unitName) + return nil } From 58a811f6aaa6051fdf807ac1de9f95d74589dc69 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 13 Jun 2023 15:04:30 -0700 Subject: [PATCH 0281/1176] tests/int: add/use "requires systemd_vNNN" Signed-off-by: Kir Kolyshkin --- tests/integration/helpers.bash | 6 ++++++ tests/integration/update.bats | 5 +---- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/tests/integration/helpers.bash b/tests/integration/helpers.bash index e2e6c86bb53..4998390e2ee 100644 --- a/tests/integration/helpers.bash +++ b/tests/integration/helpers.bash @@ -460,6 +460,12 @@ function requires() { skip_me=1 fi ;; + systemd_v*) + var=${var#systemd_v} + if [ "$(systemd_version)" -lt "$var" ]; then + skip "requires systemd >= v${var}" + fi + ;; no_systemd) if [ -v RUNC_USE_SYSTEMD ]; then skip_me=1 diff --git a/tests/integration/update.bats b/tests/integration/update.bats index ba7a41809f4..1a16c9ae34c 100644 --- a/tests/integration/update.bats +++ b/tests/integration/update.bats @@ -474,11 +474,8 @@ EOF } @test "update cgroup cpu.idle via systemd v252+" { - requires cgroups_v2 systemd cgroups_cpu_idle + requires cgroups_v2 systemd_v252 cgroups_cpu_idle [ $EUID -ne 0 ] && requires rootless_cgroup - if [ "$(systemd_version)" -lt 252 ]; then - skip "requires systemd >= v252" - fi runc run -d --console-socket "$CONSOLE_SOCKET" test_update [ "$status" -eq 0 ] From ad040b1caf545928a465eef69f6a6c7436cf7e57 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 12 Jun 2023 17:24:24 -0700 Subject: [PATCH 0282/1176] tests/int/delete: make sure runc delete removes failed unit MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The passing run (with the fix) looks like this: ---- delete.bats ✓ runc delete removes failed systemd unit [4556] runc spec (status=0): runc run -d --console-socket /tmp/bats-run-B08vu1/runc.lbQwU5/tty/sock test-failed-unit (status=0): Warning: The unit file, source configuration file or drop-ins of runc-cgroups-integration-test-12869.scope changed on disk. Run 'systemctl daemon-reload' to reload units. Ă— runc-cgroups-integration-test-12869.scope - libcontainer container integration-test-12869 Loaded: loaded (/run/systemd/transient/runc-cgroups-integration-test-12869.scope; transient) Transient: yes Drop-In: /run/systemd/transient/runc-cgroups-integration-test-12869.scope.d └─50-DevicePolicy.conf, 50-DeviceAllow.conf Active: failed (Result: timeout) since Tue 2023-06-13 14:41:38 PDT; 751ms ago Duration: 2.144s CPU: 8ms Jun 13 14:41:34 kir-rhat systemd[1]: Started runc-cgroups-integration-test-12869.scope - libcontainer container integration-test-12869. Jun 13 14:41:37 kir-rhat systemd[1]: runc-cgroups-integration-test-12869.scope: Scope reached runtime time limit. Stopping. Jun 13 14:41:38 kir-rhat systemd[1]: runc-cgroups-integration-test-12869.scope: Stopping timed out. Killing. Jun 13 14:41:38 kir-rhat systemd[1]: runc-cgroups-integration-test-12869.scope: Killing process 1107438 (sleep) with signal SIGKILL. Jun 13 14:41:38 kir-rhat systemd[1]: runc-cgroups-integration-test-12869.scope: Failed with result 'timeout'. runc delete test-failed-unit (status=0): Unit runc-cgroups-integration-test-12869.scope could not be found. ---- Before the fix, the test was failing like this: ---- delete.bats ✗ runc delete removes failed systemd unit (in test file tests/integration/delete.bats, line 194) `run -4 systemctl status "$SD_UNIT_NAME"' failed, expected exit code 4, got 3 .... ---- Signed-off-by: Kir Kolyshkin --- tests/integration/delete.bats | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/tests/integration/delete.bats b/tests/integration/delete.bats index efd43de5b93..e9b80b64d06 100644 --- a/tests/integration/delete.bats +++ b/tests/integration/delete.bats @@ -168,3 +168,30 @@ EOF # check delete subcgroups success [ ! -d "$CGROUP_V2_PATH"/foo ] } + +@test "runc delete removes failed systemd unit" { + requires systemd_v244 # Older systemd lacks RuntimeMaxSec support. + + set_cgroups_path + # shellcheck disable=SC2016 + update_config ' .annotations += { + "org.systemd.property.RuntimeMaxSec": "2", + "org.systemd.property.TimeoutStopSec": "1" + } + | .process.args |= ["/bin/sleep", "10"]' + + runc run -d --console-socket "$CONSOLE_SOCKET" test-failed-unit + [ "$status" -eq 0 ] + + wait_for_container 10 1 test-failed-unit stopped + + local user="" + [ $EUID -ne 0 ] && user="--user" + + # Expect "unit is not active" exit code. + run -3 systemctl status $user "$SD_UNIT_NAME" + + runc delete test-failed-unit + # Expect "no such unit" exit code. + run -4 systemctl status $user "$SD_UNIT_NAME" +} From 37732d1e7df5b3944f546ceff1251321accdec2f Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 30 Jun 2023 10:46:45 -0700 Subject: [PATCH 0283/1176] MAINTAINERS: add Li Fu Bang I am nominating @lifubang for the role of runc maintainer. He provided a number of valuable contributions to runc, and demonstrated both deep technical expertise and the long term commitment to the project. As noted in MAINTAINERS_GUIDE.md, we have a week to vote, and need to get 66% of current maintainers' votes. Signed-off-by: Kir Kolyshkin --- MAINTAINERS | 1 + 1 file changed, 1 insertion(+) diff --git a/MAINTAINERS b/MAINTAINERS index e7fa530bc5b..e959e4fed31 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -6,3 +6,4 @@ Aleksa Sarai (@cyphar) Akihiro Suda (@AkihiroSuda) Kir Kolyshkin (@kolyshkin) Sebastiaan van Stijn (@thaJeztah) +Li Fu Bang (@lifubang) From 35fddfd28f4b36c4edd26ed655c77e5c4b58f574 Mon Sep 17 00:00:00 2001 From: Cory Snider Date: Thu, 15 Sep 2022 15:37:03 -0400 Subject: [PATCH 0284/1176] chore(libct/nsenter): extract utility code ...from nsexec.c so they can be used in cloned_binary.c. Signed-off-by: Cory Snider --- libcontainer/nsenter/getenv.c | 27 ++++ libcontainer/nsenter/getenv.h | 13 ++ libcontainer/nsenter/ipc.c | 103 ++++++++++++++++ libcontainer/nsenter/ipc.h | 7 ++ libcontainer/nsenter/log.c | 83 +++++++++++++ libcontainer/nsenter/log.h | 37 ++++++ libcontainer/nsenter/nsexec.c | 224 +--------------------------------- 7 files changed, 273 insertions(+), 221 deletions(-) create mode 100644 libcontainer/nsenter/getenv.c create mode 100644 libcontainer/nsenter/getenv.h create mode 100644 libcontainer/nsenter/ipc.c create mode 100644 libcontainer/nsenter/ipc.h create mode 100644 libcontainer/nsenter/log.c create mode 100644 libcontainer/nsenter/log.h diff --git a/libcontainer/nsenter/getenv.c b/libcontainer/nsenter/getenv.c new file mode 100644 index 00000000000..b0ee6ac78b6 --- /dev/null +++ b/libcontainer/nsenter/getenv.c @@ -0,0 +1,27 @@ +#define _GNU_SOURCE +#include +#include +#include "getenv.h" +#include "log.h" + +int getenv_int(const char *name) +{ + char *val, *endptr; + int ret; + + val = getenv(name); + /* Treat empty value as unset variable. */ + if (val == NULL || *val == '\0') + return -ENOENT; + + ret = strtol(val, &endptr, 10); + if (val == endptr || *endptr != '\0') + bail("unable to parse %s=%s", name, val); + /* + * Sanity check: this must be a non-negative number. + */ + if (ret < 0) + bail("bad value for %s=%s (%d)", name, val, ret); + + return ret; +} diff --git a/libcontainer/nsenter/getenv.h b/libcontainer/nsenter/getenv.h new file mode 100644 index 00000000000..6f66f34c5d3 --- /dev/null +++ b/libcontainer/nsenter/getenv.h @@ -0,0 +1,13 @@ +#ifndef NSENTER_GETENV_H +#define NSENTER_GETENV_H + +/* + * Returns an environment variable value as a non-negative integer, or -ENOENT + * if the variable was not found or has an empty value. + * + * If the value can not be converted to an integer, or the result is out of + * range, the function bails out. + */ +int getenv_int(const char *name); + +#endif /* NSENTER_GETENV_H */ diff --git a/libcontainer/nsenter/ipc.c b/libcontainer/nsenter/ipc.c new file mode 100644 index 00000000000..ac1b7e0db93 --- /dev/null +++ b/libcontainer/nsenter/ipc.c @@ -0,0 +1,103 @@ +#define _GNU_SOURCE +#include +#include +#include +#include +#include +#include "ipc.h" +#include "log.h" + +void receive_fd(int sockfd, int new_fd) +{ + int bytes_read; + struct msghdr msg = { }; + struct cmsghdr *cmsg; + struct iovec iov = { }; + char null_byte = '\0'; + int ret; + int fd_count; + int *fd_payload; + + iov.iov_base = &null_byte; + iov.iov_len = 1; + + msg.msg_iov = &iov; + msg.msg_iovlen = 1; + + msg.msg_controllen = CMSG_SPACE(sizeof(int)); + msg.msg_control = malloc(msg.msg_controllen); + if (msg.msg_control == NULL) { + bail("Can't allocate memory to receive fd."); + } + + memset(msg.msg_control, 0, msg.msg_controllen); + + bytes_read = recvmsg(sockfd, &msg, 0); + if (bytes_read != 1) + bail("failed to receive fd from unix socket %d", sockfd); + if (msg.msg_flags & MSG_CTRUNC) + bail("received truncated control message from unix socket %d", sockfd); + + cmsg = CMSG_FIRSTHDR(&msg); + if (!cmsg) + bail("received message from unix socket %d without control message", sockfd); + + if (cmsg->cmsg_level != SOL_SOCKET) + bail("received unknown control message from unix socket %d: cmsg_level=%d", sockfd, cmsg->cmsg_level); + + if (cmsg->cmsg_type != SCM_RIGHTS) + bail("received unknown control message from unix socket %d: cmsg_type=%d", sockfd, cmsg->cmsg_type); + + fd_count = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int); + if (fd_count != 1) + bail("received control message from unix socket %d with too many fds: %d", sockfd, fd_count); + + fd_payload = (int *)CMSG_DATA(cmsg); + ret = dup3(*fd_payload, new_fd, O_CLOEXEC); + if (ret < 0) + bail("cannot dup3 fd %d to %d", *fd_payload, new_fd); + + free(msg.msg_control); + + ret = close(*fd_payload); + if (ret < 0) + bail("cannot close fd %d", *fd_payload); +} + +void send_fd(int sockfd, int fd) +{ + int bytes_written; + struct msghdr msg = { }; + struct cmsghdr *cmsg; + struct iovec iov[1] = { }; + char null_byte = '\0'; + + iov[0].iov_base = &null_byte; + iov[0].iov_len = 1; + + msg.msg_iov = iov; + msg.msg_iovlen = 1; + + /* We send only one fd as specified by cmsg->cmsg_len below, even + * though msg.msg_controllen might have more space due to alignment. */ + msg.msg_controllen = CMSG_SPACE(sizeof(int)); + msg.msg_control = malloc(msg.msg_controllen); + if (msg.msg_control == NULL) { + bail("Can't allocate memory to send fd."); + } + + memset(msg.msg_control, 0, msg.msg_controllen); + + cmsg = CMSG_FIRSTHDR(&msg); + cmsg->cmsg_level = SOL_SOCKET; + cmsg->cmsg_type = SCM_RIGHTS; + cmsg->cmsg_len = CMSG_LEN(sizeof(int)); + memcpy(CMSG_DATA(cmsg), &fd, sizeof(int)); + + bytes_written = sendmsg(sockfd, &msg, 0); + + free(msg.msg_control); + + if (bytes_written != 1) + bail("failed to send fd %d via unix socket %d", fd, sockfd); +} diff --git a/libcontainer/nsenter/ipc.h b/libcontainer/nsenter/ipc.h new file mode 100644 index 00000000000..18441d74c12 --- /dev/null +++ b/libcontainer/nsenter/ipc.h @@ -0,0 +1,7 @@ +#ifndef NSENTER_IPC_H +#define NSENTER_IPC_H + +void receive_fd(int sockfd, int new_fd); +void send_fd(int sockfd, int fd); + +#endif /* NSENTER_IPC_H */ diff --git a/libcontainer/nsenter/log.c b/libcontainer/nsenter/log.c new file mode 100644 index 00000000000..086b539833c --- /dev/null +++ b/libcontainer/nsenter/log.c @@ -0,0 +1,83 @@ +#define _GNU_SOURCE +#include +#include +#include +#include +#include + +#include "log.h" +#include "getenv.h" + +static const char *level_str[] = { "panic", "fatal", "error", "warning", "info", "debug", "trace" }; + +int logfd = -1; +static int loglevel = DEBUG; + +extern char *escape_json_string(char *str); +void setup_logpipe(void) +{ + int i; + + i = getenv_int("_LIBCONTAINER_LOGPIPE"); + if (i < 0) { + /* We are not runc init, or log pipe was not provided. */ + return; + } + logfd = i; + + i = getenv_int("_LIBCONTAINER_LOGLEVEL"); + if (i < 0) + return; + loglevel = i; +} + +/* Defined in nsexec.c */ +extern int current_stage; + +void write_log(int level, const char *format, ...) +{ + char *message = NULL, *stage = NULL, *json = NULL; + va_list args; + int ret; + + if (logfd < 0 || level > loglevel) + goto out; + + va_start(args, format); + ret = vasprintf(&message, format, args); + va_end(args); + if (ret < 0) { + message = NULL; + goto out; + } + + message = escape_json_string(message); + + if (current_stage < 0) { + stage = strdup("nsexec"); + if (stage == NULL) + goto out; + } else { + ret = asprintf(&stage, "nsexec-%d", current_stage); + if (ret < 0) { + stage = NULL; + goto out; + } + } + ret = asprintf(&json, "{\"level\":\"%s\", \"msg\": \"%s[%d]: %s\"}\n", + level_str[level], stage, getpid(), message); + if (ret < 0) { + json = NULL; + goto out; + } + + /* This logging is on a best-effort basis. In case of a short or failed + * write there is nothing we can do, so just ignore write() errors. + */ + ssize_t __attribute__((unused)) __res = write(logfd, json, ret); + +out: + free(message); + free(stage); + free(json); +} diff --git a/libcontainer/nsenter/log.h b/libcontainer/nsenter/log.h new file mode 100644 index 00000000000..124d9da7e12 --- /dev/null +++ b/libcontainer/nsenter/log.h @@ -0,0 +1,37 @@ +#ifndef NSENTER_LOG_H +#define NSENTER_LOG_H + +#include + +/* + * Log levels are the same as in logrus. + */ +#define PANIC 0 +#define FATAL 1 +#define ERROR 2 +#define WARNING 3 +#define INFO 4 +#define DEBUG 5 +#define TRACE 6 + +/* + * Sets up logging by getting log fd and log level from the environment, + * if available. + */ +void setup_logpipe(void); + +void write_log(int level, const char *format, ...); + +extern int logfd; +#define bail(fmt, ...) \ + do { \ + if (logfd < 0) \ + fprintf(stderr, "FATAL: " fmt ": %m\n", \ + ##__VA_ARGS__); \ + else \ + write_log(FATAL, fmt ": %m", ##__VA_ARGS__); \ + exit(1); \ + } while(0) + + +#endif /* NSENTER_LOG_H */ diff --git a/libcontainer/nsenter/nsexec.c b/libcontainer/nsenter/nsexec.c index 0e60bef47cc..844d25117a3 100644 --- a/libcontainer/nsenter/nsexec.c +++ b/libcontainer/nsenter/nsexec.c @@ -27,11 +27,12 @@ #include #include +#include "getenv.h" +#include "ipc.h" +#include "log.h" /* Get all of the CLONE_NEW* flags. */ #include "namespace.h" -extern char *escape_json_string(char *str); - /* Synchronisation values. */ enum sync_t { SYNC_USERMAP_PLS = 0x40, /* Request parent to map our users. */ @@ -96,22 +97,6 @@ struct nlconfig_t { size_t mountsources_len; }; -/* - * Log levels are the same as in logrus. - */ -#define PANIC 0 -#define FATAL 1 -#define ERROR 2 -#define WARNING 3 -#define INFO 4 -#define DEBUG 5 -#define TRACE 6 - -static const char *level_str[] = { "panic", "fatal", "error", "warning", "info", "debug", "trace" }; - -static int logfd = -1; -static int loglevel = DEBUG; - /* * List of netlink message types sent to us as part of bootstrapping the init. * These constants are defined in libcontainer/message_linux.go. @@ -149,67 +134,9 @@ int setns(int fd, int nstype) } #endif -static void write_log(int level, const char *format, ...) -{ - char *message = NULL, *stage = NULL, *json = NULL; - va_list args; - int ret; - - if (logfd < 0 || level > loglevel) - goto out; - - va_start(args, format); - ret = vasprintf(&message, format, args); - va_end(args); - if (ret < 0) { - message = NULL; - goto out; - } - - message = escape_json_string(message); - - if (current_stage == STAGE_SETUP) { - stage = strdup("nsexec"); - if (stage == NULL) - goto out; - } else { - ret = asprintf(&stage, "nsexec-%d", current_stage); - if (ret < 0) { - stage = NULL; - goto out; - } - } - ret = asprintf(&json, "{\"level\":\"%s\", \"msg\": \"%s[%d]: %s\"}\n", - level_str[level], stage, getpid(), message); - if (ret < 0) { - json = NULL; - goto out; - } - - /* This logging is on a best-effort basis. In case of a short or failed - * write there is nothing we can do, so just ignore write() errors. - */ - ssize_t __attribute__((unused)) __res = write(logfd, json, ret); - -out: - free(message); - free(stage); - free(json); -} - /* XXX: This is ugly. */ static int syncfd = -1; -#define bail(fmt, ...) \ - do { \ - if (logfd < 0) \ - fprintf(stderr, "FATAL: " fmt ": %m\n", \ - ##__VA_ARGS__); \ - else \ - write_log(FATAL, fmt ": %m", ##__VA_ARGS__); \ - exit(1); \ - } while(0) - static int write_file(char *data, size_t data_len, char *pathfmt, ...) { int fd, len, ret = 0; @@ -397,56 +324,6 @@ static int clone_parent(jmp_buf *env, int jmpval) return clone(child_func, ca.stack_ptr, CLONE_PARENT | SIGCHLD, &ca); } -/* - * Returns an environment variable value as a non-negative integer, or -ENOENT - * if the variable was not found or has an empty value. - * - * If the value can not be converted to an integer, or the result is out of - * range, the function bails out. - */ -static int getenv_int(const char *name) -{ - char *val, *endptr; - int ret; - - val = getenv(name); - /* Treat empty value as unset variable. */ - if (val == NULL || *val == '\0') - return -ENOENT; - - ret = strtol(val, &endptr, 10); - if (val == endptr || *endptr != '\0') - bail("unable to parse %s=%s", name, val); - /* - * Sanity check: this must be a non-negative number. - */ - if (ret < 0) - bail("bad value for %s=%s (%d)", name, val, ret); - - return ret; -} - -/* - * Sets up logging by getting log fd and log level from the environment, - * if available. - */ -static void setup_logpipe(void) -{ - int i; - - i = getenv_int("_LIBCONTAINER_LOGPIPE"); - if (i < 0) { - /* We are not runc init, or log pipe was not provided. */ - return; - } - logfd = i; - - i = getenv_int("_LIBCONTAINER_LOGLEVEL"); - if (i < 0) - return; - loglevel = i; -} - /* Returns the clone(2) flag for a namespace, given the name of a namespace. */ static int nsflag(char *name) { @@ -645,101 +522,6 @@ static inline int sane_kill(pid_t pid, int signum) return 0; } -void receive_fd(int sockfd, int new_fd) -{ - int bytes_read; - struct msghdr msg = { }; - struct cmsghdr *cmsg; - struct iovec iov = { }; - char null_byte = '\0'; - int ret; - int fd_count; - int *fd_payload; - - iov.iov_base = &null_byte; - iov.iov_len = 1; - - msg.msg_iov = &iov; - msg.msg_iovlen = 1; - - msg.msg_controllen = CMSG_SPACE(sizeof(int)); - msg.msg_control = malloc(msg.msg_controllen); - if (msg.msg_control == NULL) { - bail("Can't allocate memory to receive fd."); - } - - memset(msg.msg_control, 0, msg.msg_controllen); - - bytes_read = recvmsg(sockfd, &msg, 0); - if (bytes_read != 1) - bail("failed to receive fd from unix socket %d", sockfd); - if (msg.msg_flags & MSG_CTRUNC) - bail("received truncated control message from unix socket %d", sockfd); - - cmsg = CMSG_FIRSTHDR(&msg); - if (!cmsg) - bail("received message from unix socket %d without control message", sockfd); - - if (cmsg->cmsg_level != SOL_SOCKET) - bail("received unknown control message from unix socket %d: cmsg_level=%d", sockfd, cmsg->cmsg_level); - - if (cmsg->cmsg_type != SCM_RIGHTS) - bail("received unknown control message from unix socket %d: cmsg_type=%d", sockfd, cmsg->cmsg_type); - - fd_count = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int); - if (fd_count != 1) - bail("received control message from unix socket %d with too many fds: %d", sockfd, fd_count); - - fd_payload = (int *)CMSG_DATA(cmsg); - ret = dup3(*fd_payload, new_fd, O_CLOEXEC); - if (ret < 0) - bail("cannot dup3 fd %d to %d", *fd_payload, new_fd); - - free(msg.msg_control); - - ret = close(*fd_payload); - if (ret < 0) - bail("cannot close fd %d", *fd_payload); -} - -void send_fd(int sockfd, int fd) -{ - int bytes_written; - struct msghdr msg = { }; - struct cmsghdr *cmsg; - struct iovec iov[1] = { }; - char null_byte = '\0'; - - iov[0].iov_base = &null_byte; - iov[0].iov_len = 1; - - msg.msg_iov = iov; - msg.msg_iovlen = 1; - - /* We send only one fd as specified by cmsg->cmsg_len below, even - * though msg.msg_controllen might have more space due to alignment. */ - msg.msg_controllen = CMSG_SPACE(sizeof(int)); - msg.msg_control = malloc(msg.msg_controllen); - if (msg.msg_control == NULL) { - bail("Can't allocate memory to send fd."); - } - - memset(msg.msg_control, 0, msg.msg_controllen); - - cmsg = CMSG_FIRSTHDR(&msg); - cmsg->cmsg_level = SOL_SOCKET; - cmsg->cmsg_type = SCM_RIGHTS; - cmsg->cmsg_len = CMSG_LEN(sizeof(int)); - memcpy(CMSG_DATA(cmsg), &fd, sizeof(int)); - - bytes_written = sendmsg(sockfd, &msg, 0); - - free(msg.msg_control); - - if (bytes_written != 1) - bail("failed to send fd %d via unix socket %d", fd, sockfd); -} - void receive_mountsources(int sockfd) { char *mount_fds, *endp; From 890dceeebf78072ef6fe591d0d66c5a48d6e4d50 Mon Sep 17 00:00:00 2001 From: Cory Snider Date: Thu, 15 Sep 2022 15:40:10 -0400 Subject: [PATCH 0285/1176] libct/nsenter: annotate write_log() prototype ...so the compiler can warn about mismatches between the format string and varargs. Signed-off-by: Cory Snider --- libcontainer/nsenter/log.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libcontainer/nsenter/log.h b/libcontainer/nsenter/log.h index 124d9da7e12..1fe95a111f7 100644 --- a/libcontainer/nsenter/log.h +++ b/libcontainer/nsenter/log.h @@ -20,7 +20,7 @@ */ void setup_logpipe(void); -void write_log(int level, const char *format, ...); +void write_log(int level, const char *format, ...) __attribute__((format(printf, 2, 3))); extern int logfd; #define bail(fmt, ...) \ From 8f671781392483345048e25a13ac459c126f7a5a Mon Sep 17 00:00:00 2001 From: Cory Snider Date: Thu, 15 Sep 2022 15:46:24 -0400 Subject: [PATCH 0286/1176] libct/nsenter: refactor ipc funcs for reusability Modify receive_fd() and send_fd() so they can be more readily reused in cloned_binary.c. Change receive_fd() to have a single responsibility: receiving and returning a single file descriptor over a UNIX domain socket. Make send_fd() useable in precarious execution contexts such as a clone(CLONE_VFORK|CLONE_VM) "thread" where allocating heap memory or calling exit() would be dangerous. Signed-off-by: Cory Snider --- libcontainer/nsenter/ipc.c | 33 +++++++-------------------------- libcontainer/nsenter/ipc.h | 9 +++++++-- libcontainer/nsenter/nsexec.c | 11 +++++++++-- 3 files changed, 23 insertions(+), 30 deletions(-) diff --git a/libcontainer/nsenter/ipc.c b/libcontainer/nsenter/ipc.c index ac1b7e0db93..8e99bb6575c 100644 --- a/libcontainer/nsenter/ipc.c +++ b/libcontainer/nsenter/ipc.c @@ -1,13 +1,12 @@ #define _GNU_SOURCE -#include +#include #include #include #include -#include #include "ipc.h" #include "log.h" -void receive_fd(int sockfd, int new_fd) +int receive_fd(int sockfd) { int bytes_read; struct msghdr msg = { }; @@ -16,7 +15,6 @@ void receive_fd(int sockfd, int new_fd) char null_byte = '\0'; int ret; int fd_count; - int *fd_payload; iov.iov_base = &null_byte; iov.iov_len = 1; @@ -52,21 +50,13 @@ void receive_fd(int sockfd, int new_fd) if (fd_count != 1) bail("received control message from unix socket %d with too many fds: %d", sockfd, fd_count); - fd_payload = (int *)CMSG_DATA(cmsg); - ret = dup3(*fd_payload, new_fd, O_CLOEXEC); - if (ret < 0) - bail("cannot dup3 fd %d to %d", *fd_payload, new_fd); - + ret = *(int *)CMSG_DATA(cmsg); free(msg.msg_control); - - ret = close(*fd_payload); - if (ret < 0) - bail("cannot close fd %d", *fd_payload); + return ret; } -void send_fd(int sockfd, int fd) +int send_fd(int sockfd, int fd) { - int bytes_written; struct msghdr msg = { }; struct cmsghdr *cmsg; struct iovec iov[1] = { }; @@ -81,11 +71,7 @@ void send_fd(int sockfd, int fd) /* We send only one fd as specified by cmsg->cmsg_len below, even * though msg.msg_controllen might have more space due to alignment. */ msg.msg_controllen = CMSG_SPACE(sizeof(int)); - msg.msg_control = malloc(msg.msg_controllen); - if (msg.msg_control == NULL) { - bail("Can't allocate memory to send fd."); - } - + msg.msg_control = alloca(msg.msg_controllen); memset(msg.msg_control, 0, msg.msg_controllen); cmsg = CMSG_FIRSTHDR(&msg); @@ -94,10 +80,5 @@ void send_fd(int sockfd, int fd) cmsg->cmsg_len = CMSG_LEN(sizeof(int)); memcpy(CMSG_DATA(cmsg), &fd, sizeof(int)); - bytes_written = sendmsg(sockfd, &msg, 0); - - free(msg.msg_control); - - if (bytes_written != 1) - bail("failed to send fd %d via unix socket %d", fd, sockfd); + return sendmsg(sockfd, &msg, 0); } diff --git a/libcontainer/nsenter/ipc.h b/libcontainer/nsenter/ipc.h index 18441d74c12..6e5972697d9 100644 --- a/libcontainer/nsenter/ipc.h +++ b/libcontainer/nsenter/ipc.h @@ -1,7 +1,12 @@ #ifndef NSENTER_IPC_H #define NSENTER_IPC_H -void receive_fd(int sockfd, int new_fd); -void send_fd(int sockfd, int fd); +int receive_fd(int sockfd); + +/* + * send_fd passes the open file descriptor fd to another process via the UNIX + * domain socket sockfd. The return value of the sendmsg(2) call is returned. + */ +int send_fd(int sockfd, int fd); #endif /* NSENTER_IPC_H */ diff --git a/libcontainer/nsenter/nsexec.c b/libcontainer/nsenter/nsexec.c index 844d25117a3..748791d6b82 100644 --- a/libcontainer/nsenter/nsexec.c +++ b/libcontainer/nsenter/nsexec.c @@ -552,7 +552,13 @@ void receive_mountsources(int sockfd) bail("malformed _LIBCONTAINER_MOUNT_FDS env var: fds out of range"); } - receive_fd(sockfd, new_fd); + int recv_fd = receive_fd(sockfd); + if (dup3(recv_fd, new_fd, O_CLOEXEC) < 0) { + bail("cannot dup3 fd %d to %ld", recv_fd, new_fd); + } + if (close(recv_fd) < 0) { + bail("cannot close fd %d", recv_fd); + } } } @@ -595,7 +601,8 @@ void send_mountsources(int sockfd, pid_t child, char *mountsources, size_t mount bail("failed to open mount source %s", mountsources); write_log(DEBUG, "~> sending fd for: %s", mountsources); - send_fd(sockfd, fd); + if (send_fd(sockfd, fd) < 0) + bail("failed to send fd %d via unix socket %d", fd, sockfd); ret = close(fd); if (ret != 0) From 3b191ff710a7e3e68c282e22c8432ecdb00f2079 Mon Sep 17 00:00:00 2001 From: Cory Snider Date: Tue, 25 Oct 2022 16:32:29 -0400 Subject: [PATCH 0287/1176] libct/nsenter: set FD_CLOEXEC on received fd Signed-off-by: Cory Snider --- libcontainer/nsenter/ipc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libcontainer/nsenter/ipc.c b/libcontainer/nsenter/ipc.c index 8e99bb6575c..01321a718cb 100644 --- a/libcontainer/nsenter/ipc.c +++ b/libcontainer/nsenter/ipc.c @@ -30,7 +30,7 @@ int receive_fd(int sockfd) memset(msg.msg_control, 0, msg.msg_controllen); - bytes_read = recvmsg(sockfd, &msg, 0); + bytes_read = recvmsg(sockfd, &msg, MSG_CMSG_CLOEXEC); if (bytes_read != 1) bail("failed to receive fd from unix socket %d", sockfd); if (msg.msg_flags & MSG_CTRUNC) From 017d6996c013b2af01d32fb5d7b4796cb99155d0 Mon Sep 17 00:00:00 2001 From: Cory Snider Date: Thu, 15 Sep 2022 16:21:55 -0400 Subject: [PATCH 0288/1176] libct/nsenter: namespace the bindfd shuffle Processes can watch /proc/self/mounts or /mountinfo, and the kernel will notify them whenever the namespace's mount table is modified. The notified process still needs to read and parse the mountinfo to determine what changed once notified. Many such processes, including udisksd and SystemD < v248, make no attempt to rate-limit their mountinfo notifications. This tends to not be a problem on many systems, where mount tables are small and mounting and unmounting is uncommon. Every runC exec which successfully uses the try_bindfd container-escape mitigation performs two mount()s and one umount() in the host's mount namespace, causing any mount-watching processes to wake up and parse the mountinfo file three times in a row. Consequently, using 'exec' health checks on containers has a larger-than-expected impact on system load when such mount-watching daemons are running. Furthermore, the size of the mount table in the host's mount namespace tends to be proportional to the number of OCI containers as a unique mount is required for the rootfs of each container. Therefore, on systems with mount-watching processes, the system load increases *quadratically* with the number of running containers which use health checks! Prevent runC from incidentally modifying the host's mount namespace for container-escape mitigations by setting up the mitigation in a temporary mount namespace. Signed-off-by: Cory Snider --- libcontainer/nsenter/cloned_binary.c | 186 ++++++++++++++++++++++++--- 1 file changed, 165 insertions(+), 21 deletions(-) diff --git a/libcontainer/nsenter/cloned_binary.c b/libcontainer/nsenter/cloned_binary.c index 73c0a27b571..06c7b00b91a 100644 --- a/libcontainer/nsenter/cloned_binary.c +++ b/libcontainer/nsenter/cloned_binary.c @@ -49,6 +49,7 @@ #include #include +#include #include #include #include @@ -56,7 +57,12 @@ #include #include #include +#include #include +#include + +#include "ipc.h" +#include "log.h" /* Use our own wrapper for memfd_create. */ #ifndef SYS_memfd_create @@ -394,6 +400,123 @@ static int seal_execfd(int *fd, int fdtype) return -1; } +struct bindfd_child_args { + int sockfd; + const char *mount_target; +}; + +static int bindfd_in_subprocess(void *arg) +{ + /* + * In the interests of efficiency (read: minimizing the syscall count) + * and conciseness, no attempt is made to release resources which would + * be cleaned up automatically on process exit, i.e. when this function + * returns. This includes filesystem mounts, as this function is + * executed in a dedicated mount namespace. + */ + + /* + * For obvious reasons this won't work in rootless mode because we + * haven't created a userns -- but getting that to work will be a bit + * complicated and it's only worth doing if someone actually needs it. + */ + if (mount("none", "/", NULL, MS_SLAVE | MS_REC, NULL) < 0) + return errno; + /* + * The kernel resolves the magic symlink /proc/self/exe to the real file + * _in the original mount namespace_. Cross-namespace bind mounts are + * not allowed, so we must locate the file inside the current mount + * namespace to be able to bind-mount it. (The mount(8) command resolves + * symlinks, which is why it appears to work at first glance.) + */ + char linkbuf[PATH_MAX + 1] = { 0 }; + ssize_t linkpathlen = readlink("/proc/self/exe", linkbuf, sizeof(linkbuf)); + if (linkpathlen < 0) + return errno; + if (linkpathlen == sizeof(linkbuf)) { + /* + * The link path is longer than PATH_MAX, and the contents of + * linkbuf might have been truncated. A truncated path could + * happen to be a valid path to a different file, which could + * allow for local privilege escalation if we were to exec it. + * The mount syscall doesn't accept paths longer than PATH_MAX, + * anyway. + */ + return ENAMETOOLONG; + } + + int srcfd = open(linkbuf, O_PATH | O_CLOEXEC); + if (srcfd < 0) + return errno; + /* + * linkbuf holds the path to the binary which the parent process was + * launched from. Someone could have moved a different file to that path + * in the interim, in which case srcfd is not the file we want to + * bind-mount. Guard against this situation by verifying srcfd is the + * same file as /proc/self/exe. + */ + struct stat realexe = { 0 }; + if (stat("/proc/self/exe", &realexe) < 0) + return errno; + struct stat resolved = { 0 }; + if (fstat(srcfd, &resolved) < 0) + return errno; + if (resolved.st_dev != realexe.st_dev || resolved.st_ino != realexe.st_ino) + return ENOENT; + if (snprintf(linkbuf, sizeof(linkbuf), "/proc/self/fd/%d", srcfd) == sizeof(linkbuf)) + return ENAMETOOLONG; + + const struct bindfd_child_args *args = arg; + if (mount(linkbuf, args->mount_target, "", MS_BIND, "") < 0) + return errno; + if (mount("", args->mount_target, "", MS_REMOUNT | MS_BIND | MS_RDONLY, "") < 0) + return errno; + + int fd = open(args->mount_target, O_PATH | O_CLOEXEC); + if (fd < 0) + return errno; + + /* + * Make sure the MNT_DETACH works, otherwise we could get remounted + * read-write and that would be quite bad. + */ + if (umount2(args->mount_target, MNT_DETACH) < 0) + return errno; + + if (send_fd(args->sockfd, fd) < 0) + return errno; + return 0; +} + +static int spawn_bindfd_child(const struct bindfd_child_args *args) __attribute__((noinline)); +static int spawn_bindfd_child(const struct bindfd_child_args *args) +{ + /* + * Carve out a chunk of our call stack for the child process to use as + * we can be sure it is correctly mapped for use as stack. (Technically + * only the libc clone() wrapper writes to this buffer. The child + * process operates on a copy of the parent's virtual memory space and + * so can safely overflow into the rest of the stack memory region + * without consequence.) + */ + char stack[4 * 1024] __attribute__((aligned(16))); + int tid = clone(bindfd_in_subprocess, + /* + * Assume stack grows down, as HP-PA, the only Linux + * platform where stack grows up, is obsolete. + */ + stack + sizeof(stack), + /* + * Suspend the parent process until the child has exited to + * save an unnecessary context switch as we'd just be + * waiting for the child process to exit anyway. + */ + CLONE_NEWNS | CLONE_VFORK, (void *)args); + if (tid < 0) + return -errno; + return tid; +} + static int try_bindfd(void) { int fd, ret = -1; @@ -415,32 +538,53 @@ static int try_bindfd(void) close(fd); /* - * For obvious reasons this won't work in rootless mode because we haven't - * created a userns+mntns -- but getting that to work will be a bit - * complicated and it's only worth doing if someone actually needs it. + * Daemons such as systemd and udisks2 watch /proc/self/mountinfo and + * re-parse it on every change, which gets expensive when the mount table + * is large and/or changes frequently. Perform the mount operations in a + * new, private mount namespace so as not to wake up those processes + * every time we nsexec into a container. We clone a child process into + * a new mount namespace to do the dirty work so the side effects of + * unsharing the mount namespace do not leak into the current process. */ - ret = -EPERM; - if (mount("/proc/self/exe", template, "", MS_BIND, "") < 0) - goto out; - if (mount("", template, "", MS_REMOUNT | MS_BIND | MS_RDONLY, "") < 0) - goto out_umount; + int sock[2]; + if (socketpair(AF_LOCAL, SOCK_STREAM, 0, sock) < 0) { + ret = -errno; + goto cleanup_unlink; + } - /* Get read-only handle that we're sure can't be made read-write. */ - ret = open(template, O_PATH | O_CLOEXEC); + struct bindfd_child_args args = { + .sockfd = sock[0], + .mount_target = template, + }; + int cpid = spawn_bindfd_child(&args); + close(sock[0]); + if (cpid < 0) { + ret = cpid; + goto cleanup_socketpair; + } -out_umount: - /* - * Make sure the MNT_DETACH works, otherwise we could get remounted - * read-write and that would be quite bad (the fd would be made read-write - * too, invalidating the protection). - */ - if (umount2(template, MNT_DETACH) < 0) { - if (ret >= 0) - close(ret); - ret = -ENOTRECOVERABLE; + int wstatus = 0; + if (waitpid(cpid, &wstatus, __WCLONE) < 0) + bail("error waiting for bindfd child process to exit"); + if (WIFEXITED(wstatus)) { + if (WEXITSTATUS(wstatus)) { + ret = -WEXITSTATUS(wstatus); + goto cleanup_socketpair; + } + } else if (WIFSIGNALED(wstatus)) { + int sig = WTERMSIG(wstatus); + bail("bindfd child process terminated by signal %d (%s)", sig, strsignal(sig)); + } else { + /* Should never happen... */ + bail("unexpected waitpid() status for bindfd child process: 0x%x", wstatus); } -out: + ret = receive_fd(sock[1]); + +cleanup_socketpair: + close(sock[1]); + +cleanup_unlink: /* * We don't care about unlink errors, the worst that happens is that * there's an empty file left around in STATEDIR. From 45c75ac7edd486165b85856eab960e304f34ff5a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 5 Jul 2023 04:35:31 +0000 Subject: [PATCH 0289/1176] build(deps): bump golang.org/x/sys from 0.9.0 to 0.10.0 Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.9.0 to 0.10.0. - [Commits](https://github.com/golang/sys/compare/v0.9.0...v0.10.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 +- vendor/golang.org/x/sys/unix/mkerrors.sh | 2 +- vendor/golang.org/x/sys/unix/mremap.go | 40 +++++++++++++++++++ vendor/golang.org/x/sys/unix/syscall_linux.go | 17 +++++--- vendor/golang.org/x/sys/unix/zerrors_linux.go | 26 ++++++++++-- .../x/sys/unix/zerrors_linux_arm64.go | 2 + .../golang.org/x/sys/unix/zsyscall_linux.go | 11 +++++ .../x/sys/unix/zsysnum_linux_s390x.go | 1 + vendor/golang.org/x/sys/unix/ztypes_linux.go | 35 +++++++++------- .../golang.org/x/sys/unix/ztypes_linux_386.go | 2 + .../x/sys/unix/ztypes_linux_amd64.go | 2 + .../golang.org/x/sys/unix/ztypes_linux_arm.go | 2 + .../x/sys/unix/ztypes_linux_arm64.go | 2 + .../x/sys/unix/ztypes_linux_loong64.go | 2 + .../x/sys/unix/ztypes_linux_mips.go | 2 + .../x/sys/unix/ztypes_linux_mips64.go | 2 + .../x/sys/unix/ztypes_linux_mips64le.go | 2 + .../x/sys/unix/ztypes_linux_mipsle.go | 2 + .../golang.org/x/sys/unix/ztypes_linux_ppc.go | 2 + .../x/sys/unix/ztypes_linux_ppc64.go | 2 + .../x/sys/unix/ztypes_linux_ppc64le.go | 2 + .../x/sys/unix/ztypes_linux_riscv64.go | 2 + .../x/sys/unix/ztypes_linux_s390x.go | 2 + .../x/sys/unix/ztypes_linux_sparc64.go | 2 + vendor/golang.org/x/sys/windows/service.go | 4 ++ vendor/modules.txt | 2 +- 27 files changed, 149 insertions(+), 27 deletions(-) create mode 100644 vendor/golang.org/x/sys/unix/mremap.go diff --git a/go.mod b/go.mod index 404913a1e05..0dac9ba4a76 100644 --- a/go.mod +++ b/go.mod @@ -20,7 +20,7 @@ require ( github.com/urfave/cli v1.22.12 github.com/vishvananda/netlink v1.1.0 golang.org/x/net v0.11.0 - golang.org/x/sys v0.9.0 + golang.org/x/sys v0.10.0 google.golang.org/protobuf v1.31.0 ) diff --git a/go.sum b/go.sum index 28b2e2a954c..e3e025350cc 100644 --- a/go.sum +++ b/go.sum @@ -67,8 +67,8 @@ golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.9.0 h1:KS/R3tvhPqvJvwcKfnBHJwwthS11LRhmM5D59eEXa0s= -golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA= +golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= diff --git a/vendor/golang.org/x/sys/unix/mkerrors.sh b/vendor/golang.org/x/sys/unix/mkerrors.sh index 3156462715a..0c4d14929a4 100644 --- a/vendor/golang.org/x/sys/unix/mkerrors.sh +++ b/vendor/golang.org/x/sys/unix/mkerrors.sh @@ -519,7 +519,7 @@ ccflags="$@" $2 ~ /^LOCK_(SH|EX|NB|UN)$/ || $2 ~ /^LO_(KEY|NAME)_SIZE$/ || $2 ~ /^LOOP_(CLR|CTL|GET|SET)_/ || - $2 ~ /^(AF|SOCK|SO|SOL|IPPROTO|IP|IPV6|TCP|MCAST|EVFILT|NOTE|SHUT|PROT|MAP|MFD|T?PACKET|MSG|SCM|MCL|DT|MADV|PR|LOCAL|TCPOPT|UDP)_/ || + $2 ~ /^(AF|SOCK|SO|SOL|IPPROTO|IP|IPV6|TCP|MCAST|EVFILT|NOTE|SHUT|PROT|MAP|MREMAP|MFD|T?PACKET|MSG|SCM|MCL|DT|MADV|PR|LOCAL|TCPOPT|UDP)_/ || $2 ~ /^NFC_(GENL|PROTO|COMM|RF|SE|DIRECTION|LLCP|SOCKPROTO)_/ || $2 ~ /^NFC_.*_(MAX)?SIZE$/ || $2 ~ /^RAW_PAYLOAD_/ || diff --git a/vendor/golang.org/x/sys/unix/mremap.go b/vendor/golang.org/x/sys/unix/mremap.go new file mode 100644 index 00000000000..86213c05d69 --- /dev/null +++ b/vendor/golang.org/x/sys/unix/mremap.go @@ -0,0 +1,40 @@ +// Copyright 2023 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build linux +// +build linux + +package unix + +import "unsafe" + +type mremapMmapper struct { + mmapper + mremap func(oldaddr uintptr, oldlength uintptr, newlength uintptr, flags int, newaddr uintptr) (xaddr uintptr, err error) +} + +func (m *mremapMmapper) Mremap(oldData []byte, newLength int, flags int) (data []byte, err error) { + if newLength <= 0 || len(oldData) == 0 || len(oldData) != cap(oldData) || flags&MREMAP_FIXED != 0 { + return nil, EINVAL + } + + pOld := &oldData[cap(oldData)-1] + m.Lock() + defer m.Unlock() + bOld := m.active[pOld] + if bOld == nil || &bOld[0] != &oldData[0] { + return nil, EINVAL + } + newAddr, errno := m.mremap(uintptr(unsafe.Pointer(&bOld[0])), uintptr(len(bOld)), uintptr(newLength), flags, 0) + if errno != nil { + return nil, errno + } + bNew := unsafe.Slice((*byte)(unsafe.Pointer(newAddr)), newLength) + pNew := &bNew[cap(bNew)-1] + if flags&MREMAP_DONTUNMAP == 0 { + delete(m.active, pOld) + } + m.active[pNew] = bNew + return bNew, nil +} diff --git a/vendor/golang.org/x/sys/unix/syscall_linux.go b/vendor/golang.org/x/sys/unix/syscall_linux.go index 6de486befe1..39de5f1430b 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux.go @@ -2124,11 +2124,15 @@ func writevRacedetect(iovecs []Iovec, n int) { // mmap varies by architecture; see syscall_linux_*.go. //sys munmap(addr uintptr, length uintptr) (err error) +//sys mremap(oldaddr uintptr, oldlength uintptr, newlength uintptr, flags int, newaddr uintptr) (xaddr uintptr, err error) -var mapper = &mmapper{ - active: make(map[*byte][]byte), - mmap: mmap, - munmap: munmap, +var mapper = &mremapMmapper{ + mmapper: mmapper{ + active: make(map[*byte][]byte), + mmap: mmap, + munmap: munmap, + }, + mremap: mremap, } func Mmap(fd int, offset int64, length int, prot int, flags int) (data []byte, err error) { @@ -2139,6 +2143,10 @@ func Munmap(b []byte) (err error) { return mapper.Munmap(b) } +func Mremap(oldData []byte, newLength int, flags int) (data []byte, err error) { + return mapper.Mremap(oldData, newLength, flags) +} + //sys Madvise(b []byte, advice int) (err error) //sys Mprotect(b []byte, prot int) (err error) //sys Mlock(b []byte) (err error) @@ -2487,7 +2495,6 @@ func Getresgid() (rgid, egid, sgid int) { // MqTimedreceive // MqTimedsend // MqUnlink -// Mremap // Msgctl // Msgget // Msgrcv diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux.go b/vendor/golang.org/x/sys/unix/zerrors_linux.go index de936b677b6..3784f402e55 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux.go @@ -493,6 +493,7 @@ const ( BPF_F_TEST_RUN_ON_CPU = 0x1 BPF_F_TEST_STATE_FREQ = 0x8 BPF_F_TEST_XDP_LIVE_FRAMES = 0x2 + BPF_F_XDP_DEV_BOUND_ONLY = 0x40 BPF_F_XDP_HAS_FRAGS = 0x20 BPF_H = 0x8 BPF_IMM = 0x0 @@ -826,9 +827,9 @@ const ( DM_UUID_FLAG = 0x4000 DM_UUID_LEN = 0x81 DM_VERSION = 0xc138fd00 - DM_VERSION_EXTRA = "-ioctl (2022-07-28)" + DM_VERSION_EXTRA = "-ioctl (2023-03-01)" DM_VERSION_MAJOR = 0x4 - DM_VERSION_MINOR = 0x2f + DM_VERSION_MINOR = 0x30 DM_VERSION_PATCHLEVEL = 0x0 DT_BLK = 0x6 DT_CHR = 0x2 @@ -1197,6 +1198,7 @@ const ( FAN_EVENT_METADATA_LEN = 0x18 FAN_EVENT_ON_CHILD = 0x8000000 FAN_FS_ERROR = 0x8000 + FAN_INFO = 0x20 FAN_MARK_ADD = 0x1 FAN_MARK_DONT_FOLLOW = 0x4 FAN_MARK_EVICTABLE = 0x200 @@ -1233,6 +1235,8 @@ const ( FAN_REPORT_PIDFD = 0x80 FAN_REPORT_TARGET_FID = 0x1000 FAN_REPORT_TID = 0x100 + FAN_RESPONSE_INFO_AUDIT_RULE = 0x1 + FAN_RESPONSE_INFO_NONE = 0x0 FAN_UNLIMITED_MARKS = 0x20 FAN_UNLIMITED_QUEUE = 0x10 FD_CLOEXEC = 0x1 @@ -1860,6 +1864,7 @@ const ( MEMWRITEOOB64 = 0xc0184d15 MFD_ALLOW_SEALING = 0x2 MFD_CLOEXEC = 0x1 + MFD_EXEC = 0x10 MFD_HUGETLB = 0x4 MFD_HUGE_16GB = 0x88000000 MFD_HUGE_16MB = 0x60000000 @@ -1875,6 +1880,7 @@ const ( MFD_HUGE_8MB = 0x5c000000 MFD_HUGE_MASK = 0x3f MFD_HUGE_SHIFT = 0x1a + MFD_NOEXEC_SEAL = 0x8 MINIX2_SUPER_MAGIC = 0x2468 MINIX2_SUPER_MAGIC2 = 0x2478 MINIX3_SUPER_MAGIC = 0x4d5a @@ -1898,6 +1904,9 @@ const ( MOUNT_ATTR_SIZE_VER0 = 0x20 MOUNT_ATTR_STRICTATIME = 0x20 MOUNT_ATTR__ATIME = 0x70 + MREMAP_DONTUNMAP = 0x4 + MREMAP_FIXED = 0x2 + MREMAP_MAYMOVE = 0x1 MSDOS_SUPER_MAGIC = 0x4d44 MSG_BATCH = 0x40000 MSG_CMSG_CLOEXEC = 0x40000000 @@ -2204,6 +2213,7 @@ const ( PACKET_USER = 0x6 PACKET_VERSION = 0xa PACKET_VNET_HDR = 0xf + PACKET_VNET_HDR_SZ = 0x18 PARITY_CRC16_PR0 = 0x2 PARITY_CRC16_PR0_CCITT = 0x4 PARITY_CRC16_PR1 = 0x3 @@ -2221,6 +2231,7 @@ const ( PERF_ATTR_SIZE_VER5 = 0x70 PERF_ATTR_SIZE_VER6 = 0x78 PERF_ATTR_SIZE_VER7 = 0x80 + PERF_ATTR_SIZE_VER8 = 0x88 PERF_AUX_FLAG_COLLISION = 0x8 PERF_AUX_FLAG_CORESIGHT_FORMAT_CORESIGHT = 0x0 PERF_AUX_FLAG_CORESIGHT_FORMAT_RAW = 0x100 @@ -2361,6 +2372,7 @@ const ( PR_FP_EXC_UND = 0x40000 PR_FP_MODE_FR = 0x1 PR_FP_MODE_FRE = 0x2 + PR_GET_AUXV = 0x41555856 PR_GET_CHILD_SUBREAPER = 0x25 PR_GET_DUMPABLE = 0x3 PR_GET_ENDIAN = 0x13 @@ -2369,6 +2381,8 @@ const ( PR_GET_FP_MODE = 0x2e PR_GET_IO_FLUSHER = 0x3a PR_GET_KEEPCAPS = 0x7 + PR_GET_MDWE = 0x42 + PR_GET_MEMORY_MERGE = 0x44 PR_GET_NAME = 0x10 PR_GET_NO_NEW_PRIVS = 0x27 PR_GET_PDEATHSIG = 0x2 @@ -2389,6 +2403,7 @@ const ( PR_MCE_KILL_GET = 0x22 PR_MCE_KILL_LATE = 0x0 PR_MCE_KILL_SET = 0x1 + PR_MDWE_REFUSE_EXEC_GAIN = 0x1 PR_MPX_DISABLE_MANAGEMENT = 0x2c PR_MPX_ENABLE_MANAGEMENT = 0x2b PR_MTE_TAG_MASK = 0x7fff8 @@ -2423,6 +2438,8 @@ const ( PR_SET_FP_MODE = 0x2d PR_SET_IO_FLUSHER = 0x39 PR_SET_KEEPCAPS = 0x8 + PR_SET_MDWE = 0x41 + PR_SET_MEMORY_MERGE = 0x43 PR_SET_MM = 0x23 PR_SET_MM_ARG_END = 0x9 PR_SET_MM_ARG_START = 0x8 @@ -2506,6 +2523,7 @@ const ( PTRACE_GETSIGMASK = 0x420a PTRACE_GET_RSEQ_CONFIGURATION = 0x420f PTRACE_GET_SYSCALL_INFO = 0x420e + PTRACE_GET_SYSCALL_USER_DISPATCH_CONFIG = 0x4211 PTRACE_INTERRUPT = 0x4207 PTRACE_KILL = 0x8 PTRACE_LISTEN = 0x4208 @@ -2536,6 +2554,7 @@ const ( PTRACE_SETREGSET = 0x4205 PTRACE_SETSIGINFO = 0x4203 PTRACE_SETSIGMASK = 0x420b + PTRACE_SET_SYSCALL_USER_DISPATCH_CONFIG = 0x4210 PTRACE_SINGLESTEP = 0x9 PTRACE_SYSCALL = 0x18 PTRACE_SYSCALL_INFO_ENTRY = 0x1 @@ -3072,7 +3091,7 @@ const ( TASKSTATS_GENL_NAME = "TASKSTATS" TASKSTATS_GENL_VERSION = 0x1 TASKSTATS_TYPE_MAX = 0x6 - TASKSTATS_VERSION = 0xd + TASKSTATS_VERSION = 0xe TCIFLUSH = 0x0 TCIOFF = 0x2 TCIOFLUSH = 0x2 @@ -3238,6 +3257,7 @@ const ( TP_STATUS_COPY = 0x2 TP_STATUS_CSUMNOTREADY = 0x8 TP_STATUS_CSUM_VALID = 0x80 + TP_STATUS_GSO_TCP = 0x100 TP_STATUS_KERNEL = 0x0 TP_STATUS_LOSING = 0x4 TP_STATUS_SENDING = 0x2 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go index 9d5352c3e45..12a9a1389ea 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go @@ -443,6 +443,7 @@ const ( TIOCSWINSZ = 0x5414 TIOCVHANGUP = 0x5437 TOSTOP = 0x100 + TPIDR2_MAGIC = 0x54504902 TUNATTACHFILTER = 0x401054d5 TUNDETACHFILTER = 0x401054d6 TUNGETDEVNETNS = 0x54e3 @@ -515,6 +516,7 @@ const ( XCASE = 0x4 XTABS = 0x1800 ZA_MAGIC = 0x54366345 + ZT_MAGIC = 0x5a544e01 _HIDIOCGRAWNAME = 0x80804804 _HIDIOCGRAWPHYS = 0x80404805 _HIDIOCGRAWUNIQ = 0x80404808 diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux.go b/vendor/golang.org/x/sys/unix/zsyscall_linux.go index 722c29a0087..7ceec233fbb 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux.go @@ -1868,6 +1868,17 @@ func munmap(addr uintptr, length uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func mremap(oldaddr uintptr, oldlength uintptr, newlength uintptr, flags int, newaddr uintptr) (xaddr uintptr, err error) { + r0, _, e1 := Syscall6(SYS_MREMAP, uintptr(oldaddr), uintptr(oldlength), uintptr(newlength), uintptr(flags), uintptr(newaddr), 0) + xaddr = uintptr(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func Madvise(b []byte, advice int) (err error) { var _p0 unsafe.Pointer if len(b) > 0 { diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go index 7ea465204b7..e6ed7d637d0 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go @@ -372,6 +372,7 @@ const ( SYS_LANDLOCK_CREATE_RULESET = 444 SYS_LANDLOCK_ADD_RULE = 445 SYS_LANDLOCK_RESTRICT_SELF = 446 + SYS_MEMFD_SECRET = 447 SYS_PROCESS_MRELEASE = 448 SYS_FUTEX_WAITV = 449 SYS_SET_MEMPOLICY_HOME_NODE = 450 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux.go b/vendor/golang.org/x/sys/unix/ztypes_linux.go index 00c3b8c20f3..02e2462c8f9 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux.go @@ -1538,6 +1538,10 @@ const ( IFLA_GRO_MAX_SIZE = 0x3a IFLA_TSO_MAX_SIZE = 0x3b IFLA_TSO_MAX_SEGS = 0x3c + IFLA_ALLMULTI = 0x3d + IFLA_DEVLINK_PORT = 0x3e + IFLA_GSO_IPV4_MAX_SIZE = 0x3f + IFLA_GRO_IPV4_MAX_SIZE = 0x40 IFLA_PROTO_DOWN_REASON_UNSPEC = 0x0 IFLA_PROTO_DOWN_REASON_MASK = 0x1 IFLA_PROTO_DOWN_REASON_VALUE = 0x2 @@ -1968,7 +1972,7 @@ const ( NFT_MSG_GETFLOWTABLE = 0x17 NFT_MSG_DELFLOWTABLE = 0x18 NFT_MSG_GETRULE_RESET = 0x19 - NFT_MSG_MAX = 0x1a + NFT_MSG_MAX = 0x21 NFTA_LIST_UNSPEC = 0x0 NFTA_LIST_ELEM = 0x1 NFTA_HOOK_UNSPEC = 0x0 @@ -3651,7 +3655,7 @@ const ( ETHTOOL_MSG_PSE_GET = 0x24 ETHTOOL_MSG_PSE_SET = 0x25 ETHTOOL_MSG_RSS_GET = 0x26 - ETHTOOL_MSG_USER_MAX = 0x26 + ETHTOOL_MSG_USER_MAX = 0x2b ETHTOOL_MSG_KERNEL_NONE = 0x0 ETHTOOL_MSG_STRSET_GET_REPLY = 0x1 ETHTOOL_MSG_LINKINFO_GET_REPLY = 0x2 @@ -3691,7 +3695,7 @@ const ( ETHTOOL_MSG_MODULE_NTF = 0x24 ETHTOOL_MSG_PSE_GET_REPLY = 0x25 ETHTOOL_MSG_RSS_GET_REPLY = 0x26 - ETHTOOL_MSG_KERNEL_MAX = 0x26 + ETHTOOL_MSG_KERNEL_MAX = 0x2b ETHTOOL_A_HEADER_UNSPEC = 0x0 ETHTOOL_A_HEADER_DEV_INDEX = 0x1 ETHTOOL_A_HEADER_DEV_NAME = 0x2 @@ -3795,7 +3799,7 @@ const ( ETHTOOL_A_RINGS_TCP_DATA_SPLIT = 0xb ETHTOOL_A_RINGS_CQE_SIZE = 0xc ETHTOOL_A_RINGS_TX_PUSH = 0xd - ETHTOOL_A_RINGS_MAX = 0xd + ETHTOOL_A_RINGS_MAX = 0x10 ETHTOOL_A_CHANNELS_UNSPEC = 0x0 ETHTOOL_A_CHANNELS_HEADER = 0x1 ETHTOOL_A_CHANNELS_RX_MAX = 0x2 @@ -3833,14 +3837,14 @@ const ( ETHTOOL_A_COALESCE_RATE_SAMPLE_INTERVAL = 0x17 ETHTOOL_A_COALESCE_USE_CQE_MODE_TX = 0x18 ETHTOOL_A_COALESCE_USE_CQE_MODE_RX = 0x19 - ETHTOOL_A_COALESCE_MAX = 0x19 + ETHTOOL_A_COALESCE_MAX = 0x1c ETHTOOL_A_PAUSE_UNSPEC = 0x0 ETHTOOL_A_PAUSE_HEADER = 0x1 ETHTOOL_A_PAUSE_AUTONEG = 0x2 ETHTOOL_A_PAUSE_RX = 0x3 ETHTOOL_A_PAUSE_TX = 0x4 ETHTOOL_A_PAUSE_STATS = 0x5 - ETHTOOL_A_PAUSE_MAX = 0x5 + ETHTOOL_A_PAUSE_MAX = 0x6 ETHTOOL_A_PAUSE_STAT_UNSPEC = 0x0 ETHTOOL_A_PAUSE_STAT_PAD = 0x1 ETHTOOL_A_PAUSE_STAT_TX_FRAMES = 0x2 @@ -4490,7 +4494,7 @@ const ( NL80211_ATTR_MAC_HINT = 0xc8 NL80211_ATTR_MAC_MASK = 0xd7 NL80211_ATTR_MAX_AP_ASSOC_STA = 0xca - NL80211_ATTR_MAX = 0x141 + NL80211_ATTR_MAX = 0x145 NL80211_ATTR_MAX_CRIT_PROT_DURATION = 0xb4 NL80211_ATTR_MAX_CSA_COUNTERS = 0xce NL80211_ATTR_MAX_MATCH_SETS = 0x85 @@ -4719,7 +4723,7 @@ const ( NL80211_BAND_ATTR_HT_CAPA = 0x4 NL80211_BAND_ATTR_HT_MCS_SET = 0x3 NL80211_BAND_ATTR_IFTYPE_DATA = 0x9 - NL80211_BAND_ATTR_MAX = 0xb + NL80211_BAND_ATTR_MAX = 0xd NL80211_BAND_ATTR_RATES = 0x2 NL80211_BAND_ATTR_VHT_CAPA = 0x8 NL80211_BAND_ATTR_VHT_MCS_SET = 0x7 @@ -4860,7 +4864,7 @@ const ( NL80211_CMD_LEAVE_IBSS = 0x2c NL80211_CMD_LEAVE_MESH = 0x45 NL80211_CMD_LEAVE_OCB = 0x6d - NL80211_CMD_MAX = 0x98 + NL80211_CMD_MAX = 0x99 NL80211_CMD_MICHAEL_MIC_FAILURE = 0x29 NL80211_CMD_MODIFY_LINK_STA = 0x97 NL80211_CMD_NAN_MATCH = 0x78 @@ -5841,6 +5845,8 @@ const ( TUN_F_TSO6 = 0x4 TUN_F_TSO_ECN = 0x8 TUN_F_UFO = 0x10 + TUN_F_USO4 = 0x20 + TUN_F_USO6 = 0x40 ) const ( @@ -5850,9 +5856,10 @@ const ( ) const ( - VIRTIO_NET_HDR_GSO_NONE = 0x0 - VIRTIO_NET_HDR_GSO_TCPV4 = 0x1 - VIRTIO_NET_HDR_GSO_UDP = 0x3 - VIRTIO_NET_HDR_GSO_TCPV6 = 0x4 - VIRTIO_NET_HDR_GSO_ECN = 0x80 + VIRTIO_NET_HDR_GSO_NONE = 0x0 + VIRTIO_NET_HDR_GSO_TCPV4 = 0x1 + VIRTIO_NET_HDR_GSO_UDP = 0x3 + VIRTIO_NET_HDR_GSO_TCPV6 = 0x4 + VIRTIO_NET_HDR_GSO_UDP_L4 = 0x5 + VIRTIO_NET_HDR_GSO_ECN = 0x80 ) diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_386.go b/vendor/golang.org/x/sys/unix/ztypes_linux_386.go index 4ecc1495cd0..6d8acbcc570 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_386.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_386.go @@ -337,6 +337,8 @@ type Taskstats struct { Ac_exe_inode uint64 Wpcopy_count uint64 Wpcopy_delay_total uint64 + Irq_count uint64 + Irq_delay_total uint64 } type cpuMask uint32 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go index 34fddff964e..59293c68841 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go @@ -350,6 +350,8 @@ type Taskstats struct { Ac_exe_inode uint64 Wpcopy_count uint64 Wpcopy_delay_total uint64 + Irq_count uint64 + Irq_delay_total uint64 } type cpuMask uint64 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go b/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go index 3b14a6031f3..40cfa38c29f 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go @@ -328,6 +328,8 @@ type Taskstats struct { Ac_exe_inode uint64 Wpcopy_count uint64 Wpcopy_delay_total uint64 + Irq_count uint64 + Irq_delay_total uint64 } type cpuMask uint32 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go index 0517651ab3f..055bc4216d4 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go @@ -329,6 +329,8 @@ type Taskstats struct { Ac_exe_inode uint64 Wpcopy_count uint64 Wpcopy_delay_total uint64 + Irq_count uint64 + Irq_delay_total uint64 } type cpuMask uint64 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go index 3b0c5181345..f28affbc607 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go @@ -330,6 +330,8 @@ type Taskstats struct { Ac_exe_inode uint64 Wpcopy_count uint64 Wpcopy_delay_total uint64 + Irq_count uint64 + Irq_delay_total uint64 } type cpuMask uint64 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go index fccdf4dd0f4..9d71e7ccd8b 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go @@ -333,6 +333,8 @@ type Taskstats struct { Ac_exe_inode uint64 Wpcopy_count uint64 Wpcopy_delay_total uint64 + Irq_count uint64 + Irq_delay_total uint64 } type cpuMask uint32 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go index 500de8fc07d..fd5ccd332a1 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go @@ -332,6 +332,8 @@ type Taskstats struct { Ac_exe_inode uint64 Wpcopy_count uint64 Wpcopy_delay_total uint64 + Irq_count uint64 + Irq_delay_total uint64 } type cpuMask uint64 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go index d0434cd2c6d..7704de77a2f 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go @@ -332,6 +332,8 @@ type Taskstats struct { Ac_exe_inode uint64 Wpcopy_count uint64 Wpcopy_delay_total uint64 + Irq_count uint64 + Irq_delay_total uint64 } type cpuMask uint64 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go index 84206ba5347..df00b87571a 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go @@ -333,6 +333,8 @@ type Taskstats struct { Ac_exe_inode uint64 Wpcopy_count uint64 Wpcopy_delay_total uint64 + Irq_count uint64 + Irq_delay_total uint64 } type cpuMask uint32 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go index ab078cf1f51..0942840db6e 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go @@ -340,6 +340,8 @@ type Taskstats struct { Ac_exe_inode uint64 Wpcopy_count uint64 Wpcopy_delay_total uint64 + Irq_count uint64 + Irq_delay_total uint64 } type cpuMask uint32 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go index 42eb2c4cefd..03487439508 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go @@ -339,6 +339,8 @@ type Taskstats struct { Ac_exe_inode uint64 Wpcopy_count uint64 Wpcopy_delay_total uint64 + Irq_count uint64 + Irq_delay_total uint64 } type cpuMask uint64 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go index 31304a4e8bb..bad06704757 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go @@ -339,6 +339,8 @@ type Taskstats struct { Ac_exe_inode uint64 Wpcopy_count uint64 Wpcopy_delay_total uint64 + Irq_count uint64 + Irq_delay_total uint64 } type cpuMask uint64 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go index c311f9612d8..9ea54b7b860 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go @@ -357,6 +357,8 @@ type Taskstats struct { Ac_exe_inode uint64 Wpcopy_count uint64 Wpcopy_delay_total uint64 + Irq_count uint64 + Irq_delay_total uint64 } type cpuMask uint64 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go b/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go index bba3cefac1d..aa268d025cf 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go @@ -352,6 +352,8 @@ type Taskstats struct { Ac_exe_inode uint64 Wpcopy_count uint64 Wpcopy_delay_total uint64 + Irq_count uint64 + Irq_delay_total uint64 } type cpuMask uint64 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go index ad8a0138046..444045b6c58 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go @@ -334,6 +334,8 @@ type Taskstats struct { Ac_exe_inode uint64 Wpcopy_count uint64 Wpcopy_delay_total uint64 + Irq_count uint64 + Irq_delay_total uint64 } type cpuMask uint64 diff --git a/vendor/golang.org/x/sys/windows/service.go b/vendor/golang.org/x/sys/windows/service.go index c964b6848d4..c44a1b96360 100644 --- a/vendor/golang.org/x/sys/windows/service.go +++ b/vendor/golang.org/x/sys/windows/service.go @@ -218,6 +218,10 @@ type SERVICE_FAILURE_ACTIONS struct { Actions *SC_ACTION } +type SERVICE_FAILURE_ACTIONS_FLAG struct { + FailureActionsOnNonCrashFailures int32 +} + type SC_ACTION struct { Type uint32 Delay uint32 diff --git a/vendor/modules.txt b/vendor/modules.txt index 8a79dde9645..64c08832f8e 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -71,7 +71,7 @@ github.com/vishvananda/netns # golang.org/x/net v0.11.0 ## explicit; go 1.17 golang.org/x/net/bpf -# golang.org/x/sys v0.9.0 +# golang.org/x/sys v0.10.0 ## explicit; go 1.17 golang.org/x/sys/execabs golang.org/x/sys/internal/unsafeheader From 881e92a3fd5eeef80bac57efbb1c822deed4f895 Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Tue, 11 Apr 2023 11:07:04 +0200 Subject: [PATCH 0290/1176] libct/validator: Error out on non-abs paths This was a warning already and it was requested to make this an error while we will add validation of idmap mounts: https://github.com/opencontainers/runc/pull/3717#discussion_r1154705318 I've also tested a k8s cluster and the config.json generated by containerd didn't use any relative paths. I tested one pod, so it was definitely not an extensive test. Signed-off-by: Rodrigo Campos --- libcontainer/configs/validate/validator.go | 11 +---------- libcontainer/configs/validate/validator_test.go | 9 ++++----- 2 files changed, 5 insertions(+), 15 deletions(-) diff --git a/libcontainer/configs/validate/validator.go b/libcontainer/configs/validate/validator.go index 483e7a2ff3e..26e13790194 100644 --- a/libcontainer/configs/validate/validator.go +++ b/libcontainer/configs/validate/validator.go @@ -12,7 +12,6 @@ import ( "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/intelrdt" selinux "github.com/opencontainers/selinux/go-selinux" - "github.com/sirupsen/logrus" "golang.org/x/sys/unix" ) @@ -29,21 +28,13 @@ func Validate(config *configs.Config) error { sysctl, intelrdtCheck, rootlessEUIDCheck, + mounts, } for _, c := range checks { if err := c(config); err != nil { return err } } - // Relaxed validation rules for backward compatibility - warns := []check{ - mounts, // TODO (runc v1.x.x): make this an error instead of a warning - } - for _, c := range warns { - if err := c(config); err != nil { - logrus.WithError(err).Warn("invalid configuration") - } - } return nil } diff --git a/libcontainer/configs/validate/validator_test.go b/libcontainer/configs/validate/validator_test.go index f59d0f2030c..ad632c89fce 100644 --- a/libcontainer/configs/validate/validator_test.go +++ b/libcontainer/configs/validate/validator_test.go @@ -360,11 +360,10 @@ func TestValidateMounts(t *testing.T) { isErr bool dest string }{ - // TODO (runc v1.x.x): make these relative paths an error. See https://github.com/opencontainers/runc/pull/3004 - {isErr: false, dest: "not/an/abs/path"}, - {isErr: false, dest: "./rel/path"}, - {isErr: false, dest: "./rel/path"}, - {isErr: false, dest: "../../path"}, + {isErr: true, dest: "not/an/abs/path"}, + {isErr: true, dest: "./rel/path"}, + {isErr: true, dest: "./rel/path"}, + {isErr: true, dest: "../../path"}, {isErr: false, dest: "/abs/path"}, {isErr: false, dest: "/abs/but/../unclean"}, From 2c844977d449a93e9db46e62e385faea141b4de0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 6 Jul 2023 14:42:14 +0000 Subject: [PATCH 0291/1176] build(deps): bump golang.org/x/net from 0.11.0 to 0.12.0 Bumps [golang.org/x/net](https://github.com/golang/net) from 0.11.0 to 0.12.0. - [Commits](https://github.com/golang/net/compare/v0.11.0...v0.12.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- vendor/modules.txt | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index 0dac9ba4a76..05393185601 100644 --- a/go.mod +++ b/go.mod @@ -19,7 +19,7 @@ require ( github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 github.com/urfave/cli v1.22.12 github.com/vishvananda/netlink v1.1.0 - golang.org/x/net v0.11.0 + golang.org/x/net v0.12.0 golang.org/x/sys v0.10.0 google.golang.org/protobuf v1.31.0 ) diff --git a/go.sum b/go.sum index e3e025350cc..3d9cd5a13d0 100644 --- a/go.sum +++ b/go.sum @@ -61,8 +61,8 @@ github.com/vishvananda/netlink v1.1.0 h1:1iyaYNBLmP6L0220aDnYQpo1QEV4t4hJ+xEEhhJ github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE= github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df h1:OviZH7qLw/7ZovXvuNyL3XQl8UFofeikI1NW1Gypu7k= github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU= -golang.org/x/net v0.11.0 h1:Gi2tvZIJyBtO9SDr1q9h5hEQCp/4L2RQ+ar0qjx2oNU= -golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ= +golang.org/x/net v0.12.0 h1:cfawfvKITfUsFCeJIHJrbSxpeu/E81khclypR0GVT50= +golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA= golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= diff --git a/vendor/modules.txt b/vendor/modules.txt index 64c08832f8e..32022e7381a 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -68,7 +68,7 @@ github.com/vishvananda/netlink/nl # github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df ## explicit; go 1.12 github.com/vishvananda/netns -# golang.org/x/net v0.11.0 +# golang.org/x/net v0.12.0 ## explicit; go 1.17 golang.org/x/net/bpf # golang.org/x/sys v0.10.0 From 83418f8878c1d171d56a5b1e6d1ba78726b6e128 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 11 Jul 2023 01:40:04 +0000 Subject: [PATCH 0292/1176] build(deps): bump github.com/cilium/ebpf from 0.10.0 to 0.11.0 Bumps [github.com/cilium/ebpf](https://github.com/cilium/ebpf) from 0.10.0 to 0.11.0. - [Release notes](https://github.com/cilium/ebpf/releases) - [Commits](https://github.com/cilium/ebpf/compare/v0.10.0...v0.11.0) --- updated-dependencies: - dependency-name: github.com/cilium/ebpf dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 3 +- go.sum | 8 +- vendor/github.com/cilium/ebpf/.clang-format | 2 + vendor/github.com/cilium/ebpf/.golangci.yaml | 4 +- vendor/github.com/cilium/ebpf/ARCHITECTURE.md | 62 ++- vendor/github.com/cilium/ebpf/CONTRIBUTING.md | 26 +- vendor/github.com/cilium/ebpf/MAINTAINERS.md | 7 +- vendor/github.com/cilium/ebpf/Makefile | 17 +- vendor/github.com/cilium/ebpf/README.md | 3 +- vendor/github.com/cilium/ebpf/asm/func.go | 10 +- .../github.com/cilium/ebpf/asm/func_string.go | 14 +- .../github.com/cilium/ebpf/asm/instruction.go | 15 +- vendor/github.com/cilium/ebpf/asm/register.go | 9 +- vendor/github.com/cilium/ebpf/btf/btf.go | 357 +++++++------ .../github.com/cilium/ebpf/btf/btf_types.go | 12 +- vendor/github.com/cilium/ebpf/btf/core.go | 106 ++-- vendor/github.com/cilium/ebpf/btf/ext_info.go | 67 +-- vendor/github.com/cilium/ebpf/btf/handle.go | 51 +- vendor/github.com/cilium/ebpf/btf/marshal.go | 367 ++++++++----- vendor/github.com/cilium/ebpf/btf/strings.go | 67 ++- .../github.com/cilium/ebpf/btf/traversal.go | 7 +- vendor/github.com/cilium/ebpf/btf/types.go | 169 +++--- .../github.com/cilium/ebpf/btf/workarounds.go | 26 + vendor/github.com/cilium/ebpf/collection.go | 105 +++- vendor/github.com/cilium/ebpf/elf_reader.go | 148 +++++- vendor/github.com/cilium/ebpf/info.go | 54 +- .../github.com/cilium/ebpf/internal/align.go | 6 +- .../github.com/cilium/ebpf/internal/buffer.go | 31 ++ vendor/github.com/cilium/ebpf/internal/cpu.go | 17 +- .../github.com/cilium/ebpf/internal/deque.go | 47 +- .../cilium/ebpf/internal/endian_be.go | 1 - .../cilium/ebpf/internal/endian_le.go | 3 +- vendor/github.com/cilium/ebpf/internal/io.go | 66 +++ .../cilium/ebpf/internal/kconfig/kconfig.go | 267 ++++++++++ .../cilium/ebpf/internal/memoize.go | 26 + .../github.com/cilium/ebpf/internal/output.go | 13 + .../cilium/ebpf/internal/pinning.go | 20 +- .../cilium/ebpf/internal/platform.go | 43 ++ .../github.com/cilium/ebpf/internal/statfs.go | 23 + .../github.com/cilium/ebpf/internal/sys/fd.go | 53 +- .../cilium/ebpf/internal/sys/fd_trace.go | 93 ++++ .../cilium/ebpf/internal/sys/ptr.go | 2 +- .../cilium/ebpf/internal/sys/ptr_32_be.go | 1 - .../cilium/ebpf/internal/sys/ptr_32_le.go | 1 - .../cilium/ebpf/internal/sys/ptr_64.go | 1 - .../cilium/ebpf/internal/sys/signals.go | 25 +- .../cilium/ebpf/internal/sys/syscall.go | 3 + .../cilium/ebpf/internal/sys/types.go | 54 +- .../cilium/ebpf/internal/tracefs/kprobe.go | 359 +++++++++++++ .../ebpf/internal/tracefs/probetype_string.go | 24 + .../cilium/ebpf/internal/tracefs/uprobe.go | 16 + .../cilium/ebpf/internal/unix/types_linux.go | 12 + .../cilium/ebpf/internal/unix/types_other.go | 26 +- .../github.com/cilium/ebpf/internal/vdso.go | 4 +- .../cilium/ebpf/internal/version.go | 22 +- vendor/github.com/cilium/ebpf/link/cgroup.go | 55 +- vendor/github.com/cilium/ebpf/link/kprobe.go | 371 +++----------- .../cilium/ebpf/link/kprobe_multi.go | 2 +- vendor/github.com/cilium/ebpf/link/link.go | 27 +- .../github.com/cilium/ebpf/link/perf_event.go | 228 ++------- .../github.com/cilium/ebpf/link/platform.go | 25 - vendor/github.com/cilium/ebpf/link/query.go | 6 +- .../cilium/ebpf/link/socket_filter.go | 4 +- .../github.com/cilium/ebpf/link/syscalls.go | 2 +- .../github.com/cilium/ebpf/link/tracepoint.go | 19 +- vendor/github.com/cilium/ebpf/link/tracing.go | 79 ++- vendor/github.com/cilium/ebpf/link/uprobe.go | 131 ++--- vendor/github.com/cilium/ebpf/linker.go | 193 ++++++- vendor/github.com/cilium/ebpf/map.go | 135 +++-- vendor/github.com/cilium/ebpf/marshalers.go | 6 +- vendor/github.com/cilium/ebpf/prog.go | 113 ++-- vendor/github.com/cilium/ebpf/run-tests.sh | 47 +- vendor/github.com/cilium/ebpf/syscalls.go | 47 +- vendor/golang.org/x/exp/LICENSE | 27 + vendor/golang.org/x/exp/PATENTS | 22 + .../x/exp/constraints/constraints.go | 50 ++ vendor/golang.org/x/exp/maps/maps.go | 94 ++++ vendor/golang.org/x/exp/slices/slices.go | 258 ++++++++++ vendor/golang.org/x/exp/slices/sort.go | 126 +++++ vendor/golang.org/x/exp/slices/zsortfunc.go | 479 +++++++++++++++++ .../golang.org/x/exp/slices/zsortordered.go | 481 ++++++++++++++++++ vendor/modules.txt | 11 +- 82 files changed, 4553 insertions(+), 1460 deletions(-) create mode 100644 vendor/github.com/cilium/ebpf/btf/workarounds.go create mode 100644 vendor/github.com/cilium/ebpf/internal/buffer.go create mode 100644 vendor/github.com/cilium/ebpf/internal/kconfig/kconfig.go create mode 100644 vendor/github.com/cilium/ebpf/internal/memoize.go create mode 100644 vendor/github.com/cilium/ebpf/internal/platform.go create mode 100644 vendor/github.com/cilium/ebpf/internal/statfs.go create mode 100644 vendor/github.com/cilium/ebpf/internal/sys/fd_trace.go create mode 100644 vendor/github.com/cilium/ebpf/internal/tracefs/kprobe.go create mode 100644 vendor/github.com/cilium/ebpf/internal/tracefs/probetype_string.go create mode 100644 vendor/github.com/cilium/ebpf/internal/tracefs/uprobe.go delete mode 100644 vendor/github.com/cilium/ebpf/link/platform.go create mode 100644 vendor/golang.org/x/exp/LICENSE create mode 100644 vendor/golang.org/x/exp/PATENTS create mode 100644 vendor/golang.org/x/exp/constraints/constraints.go create mode 100644 vendor/golang.org/x/exp/maps/maps.go create mode 100644 vendor/golang.org/x/exp/slices/slices.go create mode 100644 vendor/golang.org/x/exp/slices/sort.go create mode 100644 vendor/golang.org/x/exp/slices/zsortfunc.go create mode 100644 vendor/golang.org/x/exp/slices/zsortordered.go diff --git a/go.mod b/go.mod index 05393185601..f536220b12d 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.19 require ( github.com/checkpoint-restore/go-criu/v6 v6.3.0 - github.com/cilium/ebpf v0.10.0 + github.com/cilium/ebpf v0.11.0 github.com/containerd/console v1.0.3 github.com/coreos/go-systemd/v22 v22.5.0 github.com/cyphar/filepath-securejoin v0.2.3 @@ -28,4 +28,5 @@ require ( github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df // indirect + golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2 // indirect ) diff --git a/go.sum b/go.sum index 3d9cd5a13d0..93838f70e91 100644 --- a/go.sum +++ b/go.sum @@ -1,8 +1,8 @@ github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/checkpoint-restore/go-criu/v6 v6.3.0 h1:mIdrSO2cPNWQY1truPg6uHLXyKHk3Z5Odx4wjKOASzA= github.com/checkpoint-restore/go-criu/v6 v6.3.0/go.mod h1:rrRTN/uSwY2X+BPRl/gkulo9gsKOSAeVp9/K2tv7xZI= -github.com/cilium/ebpf v0.10.0 h1:nk5HPMeoBXtOzbkZBWym+ZWq1GIiHUsBFXxwewXAHLQ= -github.com/cilium/ebpf v0.10.0/go.mod h1:DPiVdY/kT534dgc9ERmvP8mWA+9gvwgKfRvk4nNWnoE= +github.com/cilium/ebpf v0.11.0 h1:V8gS/bTCCjX9uUnkUFUpPsksM8n1lXBAvHcpiFk1X2Y= +github.com/cilium/ebpf v0.11.0/go.mod h1:WE7CZAnqOL2RouJ4f1uyNhqr2P4CCvXFIqdRDUgWsVs= github.com/containerd/console v1.0.3 h1:lIr7SlA5PxZyMV30bDW0MGbiOPXwc63yRuCP0ARubLw= github.com/containerd/console v1.0.3/go.mod h1:7LqA/THxQ86k76b8c/EMSiaJ3h1eZkMkXar0TQ1gf3U= github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs= @@ -16,7 +16,7 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4= github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= -github.com/frankban/quicktest v1.14.4 h1:g2rn0vABPOOXmZUj+vbmUp0lPoXEMuhTpIluN0XL9UY= +github.com/frankban/quicktest v1.14.5 h1:dfYrrRyLtiqT9GyKXgdh+k4inNeTvmGbuSgZ3lx3GhA= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk= github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= @@ -61,6 +61,8 @@ github.com/vishvananda/netlink v1.1.0 h1:1iyaYNBLmP6L0220aDnYQpo1QEV4t4hJ+xEEhhJ github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE= github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df h1:OviZH7qLw/7ZovXvuNyL3XQl8UFofeikI1NW1Gypu7k= github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU= +golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2 h1:Jvc7gsqn21cJHCmAWx0LiimpP18LZmUxkT5Mp7EZ1mI= +golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= golang.org/x/net v0.12.0 h1:cfawfvKITfUsFCeJIHJrbSxpeu/E81khclypR0GVT50= golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA= golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= diff --git a/vendor/github.com/cilium/ebpf/.clang-format b/vendor/github.com/cilium/ebpf/.clang-format index 4eb94b1baa8..3f74dc02366 100644 --- a/vendor/github.com/cilium/ebpf/.clang-format +++ b/vendor/github.com/cilium/ebpf/.clang-format @@ -14,4 +14,6 @@ KeepEmptyLinesAtTheStartOfBlocks: false TabWidth: 4 UseTab: ForContinuationAndIndentation ColumnLimit: 1000 +# Go compiler comments need to stay unindented. +CommentPragmas: '^go:.*' ... diff --git a/vendor/github.com/cilium/ebpf/.golangci.yaml b/vendor/github.com/cilium/ebpf/.golangci.yaml index dc62dd6d0fc..06743dfc91b 100644 --- a/vendor/github.com/cilium/ebpf/.golangci.yaml +++ b/vendor/github.com/cilium/ebpf/.golangci.yaml @@ -9,7 +9,6 @@ issues: linters: disable-all: true enable: - - deadcode - errcheck - goimports - gosimple @@ -17,10 +16,9 @@ linters: - ineffassign - misspell - staticcheck - - structcheck - typecheck - unused - - varcheck + - gofmt # Could be enabled later: # - gocyclo diff --git a/vendor/github.com/cilium/ebpf/ARCHITECTURE.md b/vendor/github.com/cilium/ebpf/ARCHITECTURE.md index 8cd7e2486e7..26f555eb7a7 100644 --- a/vendor/github.com/cilium/ebpf/ARCHITECTURE.md +++ b/vendor/github.com/cilium/ebpf/ARCHITECTURE.md @@ -1,7 +1,21 @@ Architecture of the library === - ELF -> Specifications -> Objects -> Links +```mermaid +graph RL + Program --> ProgramSpec --> ELF + btf.Spec --> ELF + Map --> MapSpec --> ELF + Links --> Map & Program + ProgramSpec -.-> btf.Spec + MapSpec -.-> btf.Spec + subgraph Collection + Program & Map + end + subgraph CollectionSpec + ProgramSpec & MapSpec & btf.Spec + end +``` ELF --- @@ -11,7 +25,7 @@ an ELF file which contains program byte code (aka BPF), but also metadata for maps used by the program. The metadata follows the conventions set by libbpf shipped with the kernel. Certain ELF sections have special meaning and contain structures defined by libbpf. Newer versions of clang emit -additional metadata in BPF Type Format (aka BTF). +additional metadata in [BPF Type Format](#BTF). The library aims to be compatible with libbpf so that moving from a C toolchain to a Go one creates little friction. To that end, the [ELF reader](elf_reader.go) @@ -20,41 +34,33 @@ if possible. The output of the ELF reader is a `CollectionSpec` which encodes all of the information contained in the ELF in a form that is easy to work with -in Go. - -### BTF - -The BPF Type Format describes more than just the types used by a BPF program. It -includes debug aids like which source line corresponds to which instructions and -what global variables are used. - -[BTF parsing](internal/btf/) lives in a separate internal package since exposing -it would mean an additional maintenance burden, and because the API still -has sharp corners. The most important concept is the `btf.Type` interface, which -also describes things that aren't really types like `.rodata` or `.bss` sections. -`btf.Type`s can form cyclical graphs, which can easily lead to infinite loops if -one is not careful. Hopefully a safe pattern to work with `btf.Type` emerges as -we write more code that deals with it. +in Go. The returned `CollectionSpec` should be deterministic: reading the same ELF +file on different systems must produce the same output. +As a corollary, any changes that depend on the runtime environment like the +current kernel version must happen when creating [Objects](#Objects). Specifications --- -`CollectionSpec`, `ProgramSpec` and `MapSpec` are blueprints for in-kernel +`CollectionSpec` is a very simple container for `ProgramSpec`, `MapSpec` and +`btf.Spec`. Avoid adding functionality to it if possible. + +`ProgramSpec` and `MapSpec` are blueprints for in-kernel objects and contain everything necessary to execute the relevant `bpf(2)` -syscalls. Since the ELF reader outputs a `CollectionSpec` it's possible to -modify clang-compiled BPF code, for example to rewrite constants. At the same -time the [asm](asm/) package provides an assembler that can be used to generate -`ProgramSpec` on the fly. +syscalls. They refer to `btf.Spec` for type information such as `Map` key and +value types. -Creating a spec should never require any privileges or be restricted in any way, -for example by only allowing programs in native endianness. This ensures that -the library stays flexible. +The [asm](asm/) package provides an assembler that can be used to generate +`ProgramSpec` on the fly. Objects --- -`Program` and `Map` are the result of loading specs into the kernel. Sometimes -loading a spec will fail because the kernel is too old, or a feature is not +`Program` and `Map` are the result of loading specifications into the kernel. +Features that depend on knowledge of the current system (e.g kernel version) +are implemented at this point. + +Sometimes loading a spec will fail because the kernel is too old, or a feature is not enabled. There are multiple ways the library deals with that: * Fallback: older kernels don't allow naming programs and maps. The library @@ -73,7 +79,7 @@ useful when our higher-level API doesn't support a particular use case. Links --- -BPF can be attached to many different points in the kernel and newer BPF hooks +Programs can be attached to many different points in the kernel and newer BPF hooks tend to use bpf_link to do so. Older hooks unfortunately use a combination of syscalls, netlink messages, etc. Adding support for a new link type should not pull in large dependencies like netlink, so XDP programs or tracepoints are diff --git a/vendor/github.com/cilium/ebpf/CONTRIBUTING.md b/vendor/github.com/cilium/ebpf/CONTRIBUTING.md index 0d29eae81e3..bf57da93953 100644 --- a/vendor/github.com/cilium/ebpf/CONTRIBUTING.md +++ b/vendor/github.com/cilium/ebpf/CONTRIBUTING.md @@ -5,15 +5,23 @@ the form of pull requests and issues reporting bugs or suggesting new features are welcome. Please take a look at [the architecture](ARCHITECTURE.md) to get a better understanding for the high-level goals. -New features must be accompanied by tests. Before starting work on any large -feature, please [join](https://ebpf.io/slack) the -[#ebpf-go](https://cilium.slack.com/messages/ebpf-go) channel on Slack to -discuss the design first. +## Adding a new feature -When submitting pull requests, consider writing details about what problem you -are solving and why the proposed approach solves that problem in commit messages -and/or pull request description to help future library users and maintainers to -reason about the proposed changes. +1. [Join](https://ebpf.io/slack) the +[#ebpf-go](https://cilium.slack.com/messages/ebpf-go) channel to discuss your requirements and how the feature can be implemented. The most important part is figuring out how much new exported API is necessary. **The less new API is required the easier it will be to land the feature.** +2. (*optional*) Create a draft PR if you want to discuss the implementation or have hit a problem. It's fine if this doesn't compile or contains debug statements. +3. Create a PR that is ready to merge. This must pass CI and have tests. + +### API stability + +The library doesn't guarantee the stability of its API at the moment. + +1. If possible avoid breakage by introducing new API and deprecating the old one + at the same time. If an API was deprecated in v0.x it can be removed in v0.x+1. +2. Breaking API in a way that causes compilation failures is acceptable but must + have good reasons. +3. Changing the semantics of the API without causing compilation failures is + heavily discouraged. ## Running the tests @@ -35,6 +43,6 @@ Examples: ./run-tests.sh 5.4 # Run a subset of tests: -./run-tests.sh 5.4 go test ./link +./run-tests.sh 5.4 ./link ``` diff --git a/vendor/github.com/cilium/ebpf/MAINTAINERS.md b/vendor/github.com/cilium/ebpf/MAINTAINERS.md index 9c18e7e76f5..a56a03e3947 100644 --- a/vendor/github.com/cilium/ebpf/MAINTAINERS.md +++ b/vendor/github.com/cilium/ebpf/MAINTAINERS.md @@ -1,8 +1,3 @@ # Maintainers - * [Lorenz Bauer] - * [Timo Beckers] (Isovalent) - - -[Lorenz Bauer]: https://github.com/lmb -[Timo Beckers]: https://github.com/ti-mo +Maintainers can be found in the [Cilium Maintainers file](https://github.com/cilium/community/blob/main/roles/Maintainers.md) diff --git a/vendor/github.com/cilium/ebpf/Makefile b/vendor/github.com/cilium/ebpf/Makefile index c6dbebca6c3..abcd6c1a47c 100644 --- a/vendor/github.com/cilium/ebpf/Makefile +++ b/vendor/github.com/cilium/ebpf/Makefile @@ -28,6 +28,7 @@ TARGETS := \ testdata/loader-clang-7 \ testdata/loader-clang-9 \ testdata/loader-$(CLANG) \ + testdata/manyprogs \ testdata/btf_map_init \ testdata/invalid_map \ testdata/raw_tracepoint \ @@ -39,9 +40,15 @@ TARGETS := \ testdata/map_spin_lock \ testdata/subprog_reloc \ testdata/fwd_decl \ + testdata/kconfig \ + testdata/kconfig_config \ + testdata/kfunc \ + testdata/invalid-kfunc \ + testdata/kfunc-kmod \ btf/testdata/relocs \ btf/testdata/relocs_read \ - btf/testdata/relocs_read_tgt + btf/testdata/relocs_read_tgt \ + cmd/bpf2go/testdata/minimal .PHONY: all clean container-all container-shell generate @@ -49,12 +56,12 @@ TARGETS := \ # Build all ELF binaries using a containerized LLVM toolchain. container-all: - ${CONTAINER_ENGINE} run --rm ${CONTAINER_RUN_ARGS} \ + +${CONTAINER_ENGINE} run --rm -ti ${CONTAINER_RUN_ARGS} \ -v "${REPODIR}":/ebpf -w /ebpf --env MAKEFLAGS \ --env CFLAGS="-fdebug-prefix-map=/ebpf=." \ --env HOME="/tmp" \ "${IMAGE}:${VERSION}" \ - $(MAKE) all + make all # (debug) Drop the user into a shell inside the container as root. container-shell: @@ -96,11 +103,11 @@ testdata/loader-%-eb.elf: testdata/loader.c $(STRIP) -g $@ .PHONY: generate-btf -generate-btf: KERNEL_VERSION?=5.18 +generate-btf: KERNEL_VERSION?=5.19 generate-btf: $(eval TMP := $(shell mktemp -d)) curl -fL "$(CI_KERNEL_URL)/linux-$(KERNEL_VERSION).bz" -o "$(TMP)/bzImage" - ./testdata/extract-vmlinux "$(TMP)/bzImage" > "$(TMP)/vmlinux" + /lib/modules/$(uname -r)/build/scripts/extract-vmlinux "$(TMP)/bzImage" > "$(TMP)/vmlinux" $(OBJCOPY) --dump-section .BTF=/dev/stdout "$(TMP)/vmlinux" /dev/null | gzip > "btf/testdata/vmlinux.btf.gz" curl -fL "$(CI_KERNEL_URL)/linux-$(KERNEL_VERSION)-selftests-bpf.tgz" -o "$(TMP)/selftests.tgz" tar -xf "$(TMP)/selftests.tgz" --to-stdout tools/testing/selftests/bpf/bpf_testmod/bpf_testmod.ko | \ diff --git a/vendor/github.com/cilium/ebpf/README.md b/vendor/github.com/cilium/ebpf/README.md index 85e2d150dc0..eff08d8df69 100644 --- a/vendor/github.com/cilium/ebpf/README.md +++ b/vendor/github.com/cilium/ebpf/README.md @@ -16,7 +16,7 @@ ecosystem. A small collection of Go and eBPF programs that serve as examples for building your own tools can be found under [examples/](examples/). -Contributions are highly encouraged, as they highlight certain use cases of +[Contributions](CONTRIBUTING.md) are highly encouraged, as they highlight certain use cases of eBPF and the library, and help shape the future of the project. ## Getting Help @@ -53,6 +53,7 @@ This library includes the following packages: of `bpftool feature probe` for discovering BPF-related kernel features using native Go. * [rlimit](https://pkg.go.dev/github.com/cilium/ebpf/rlimit) provides a convenient API to lift the `RLIMIT_MEMLOCK` constraint on kernels before 5.11. +* [btf](https://pkg.go.dev/github.com/cilium/ebpf/btf) allows reading the BPF Type Format. ## Requirements diff --git a/vendor/github.com/cilium/ebpf/asm/func.go b/vendor/github.com/cilium/ebpf/asm/func.go index 4c0ac9a205a..18f6a75db58 100644 --- a/vendor/github.com/cilium/ebpf/asm/func.go +++ b/vendor/github.com/cilium/ebpf/asm/func.go @@ -14,7 +14,7 @@ func (_ BuiltinFunc) Max() BuiltinFunc { // You can regenerate this list using the following gawk script: // // /FN\(.+\),/ { -// match($1, /\((.+)\)/, r) +// match($1, /\(([a-z_0-9]+),/, r) // split(r[1], p, "_") // printf "Fn" // for (i in p) { @@ -229,6 +229,14 @@ const ( FnDynptrRead FnDynptrWrite FnDynptrData + FnTcpRawGenSyncookieIpv4 + FnTcpRawGenSyncookieIpv6 + FnTcpRawCheckSyncookieIpv4 + FnTcpRawCheckSyncookieIpv6 + FnKtimeGetTaiNs + FnUserRingbufDrain + FnCgrpStorageGet + FnCgrpStorageDelete maxBuiltinFunc ) diff --git a/vendor/github.com/cilium/ebpf/asm/func_string.go b/vendor/github.com/cilium/ebpf/asm/func_string.go index b7431b7f605..47150bc4f2d 100644 --- a/vendor/github.com/cilium/ebpf/asm/func_string.go +++ b/vendor/github.com/cilium/ebpf/asm/func_string.go @@ -212,12 +212,20 @@ func _() { _ = x[FnDynptrRead-201] _ = x[FnDynptrWrite-202] _ = x[FnDynptrData-203] - _ = x[maxBuiltinFunc-204] + _ = x[FnTcpRawGenSyncookieIpv4-204] + _ = x[FnTcpRawGenSyncookieIpv6-205] + _ = x[FnTcpRawCheckSyncookieIpv4-206] + _ = x[FnTcpRawCheckSyncookieIpv6-207] + _ = x[FnKtimeGetTaiNs-208] + _ = x[FnUserRingbufDrain-209] + _ = x[FnCgrpStorageGet-210] + _ = x[FnCgrpStorageDelete-211] + _ = x[maxBuiltinFunc-212] } -const _BuiltinFunc_name = "FnUnspecFnMapLookupElemFnMapUpdateElemFnMapDeleteElemFnProbeReadFnKtimeGetNsFnTracePrintkFnGetPrandomU32FnGetSmpProcessorIdFnSkbStoreBytesFnL3CsumReplaceFnL4CsumReplaceFnTailCallFnCloneRedirectFnGetCurrentPidTgidFnGetCurrentUidGidFnGetCurrentCommFnGetCgroupClassidFnSkbVlanPushFnSkbVlanPopFnSkbGetTunnelKeyFnSkbSetTunnelKeyFnPerfEventReadFnRedirectFnGetRouteRealmFnPerfEventOutputFnSkbLoadBytesFnGetStackidFnCsumDiffFnSkbGetTunnelOptFnSkbSetTunnelOptFnSkbChangeProtoFnSkbChangeTypeFnSkbUnderCgroupFnGetHashRecalcFnGetCurrentTaskFnProbeWriteUserFnCurrentTaskUnderCgroupFnSkbChangeTailFnSkbPullDataFnCsumUpdateFnSetHashInvalidFnGetNumaNodeIdFnSkbChangeHeadFnXdpAdjustHeadFnProbeReadStrFnGetSocketCookieFnGetSocketUidFnSetHashFnSetsockoptFnSkbAdjustRoomFnRedirectMapFnSkRedirectMapFnSockMapUpdateFnXdpAdjustMetaFnPerfEventReadValueFnPerfProgReadValueFnGetsockoptFnOverrideReturnFnSockOpsCbFlagsSetFnMsgRedirectMapFnMsgApplyBytesFnMsgCorkBytesFnMsgPullDataFnBindFnXdpAdjustTailFnSkbGetXfrmStateFnGetStackFnSkbLoadBytesRelativeFnFibLookupFnSockHashUpdateFnMsgRedirectHashFnSkRedirectHashFnLwtPushEncapFnLwtSeg6StoreBytesFnLwtSeg6AdjustSrhFnLwtSeg6ActionFnRcRepeatFnRcKeydownFnSkbCgroupIdFnGetCurrentCgroupIdFnGetLocalStorageFnSkSelectReuseportFnSkbAncestorCgroupIdFnSkLookupTcpFnSkLookupUdpFnSkReleaseFnMapPushElemFnMapPopElemFnMapPeekElemFnMsgPushDataFnMsgPopDataFnRcPointerRelFnSpinLockFnSpinUnlockFnSkFullsockFnTcpSockFnSkbEcnSetCeFnGetListenerSockFnSkcLookupTcpFnTcpCheckSyncookieFnSysctlGetNameFnSysctlGetCurrentValueFnSysctlGetNewValueFnSysctlSetNewValueFnStrtolFnStrtoulFnSkStorageGetFnSkStorageDeleteFnSendSignalFnTcpGenSyncookieFnSkbOutputFnProbeReadUserFnProbeReadKernelFnProbeReadUserStrFnProbeReadKernelStrFnTcpSendAckFnSendSignalThreadFnJiffies64FnReadBranchRecordsFnGetNsCurrentPidTgidFnXdpOutputFnGetNetnsCookieFnGetCurrentAncestorCgroupIdFnSkAssignFnKtimeGetBootNsFnSeqPrintfFnSeqWriteFnSkCgroupIdFnSkAncestorCgroupIdFnRingbufOutputFnRingbufReserveFnRingbufSubmitFnRingbufDiscardFnRingbufQueryFnCsumLevelFnSkcToTcp6SockFnSkcToTcpSockFnSkcToTcpTimewaitSockFnSkcToTcpRequestSockFnSkcToUdp6SockFnGetTaskStackFnLoadHdrOptFnStoreHdrOptFnReserveHdrOptFnInodeStorageGetFnInodeStorageDeleteFnDPathFnCopyFromUserFnSnprintfBtfFnSeqPrintfBtfFnSkbCgroupClassidFnRedirectNeighFnPerCpuPtrFnThisCpuPtrFnRedirectPeerFnTaskStorageGetFnTaskStorageDeleteFnGetCurrentTaskBtfFnBprmOptsSetFnKtimeGetCoarseNsFnImaInodeHashFnSockFromFileFnCheckMtuFnForEachMapElemFnSnprintfFnSysBpfFnBtfFindByNameKindFnSysCloseFnTimerInitFnTimerSetCallbackFnTimerStartFnTimerCancelFnGetFuncIpFnGetAttachCookieFnTaskPtRegsFnGetBranchSnapshotFnTraceVprintkFnSkcToUnixSockFnKallsymsLookupNameFnFindVmaFnLoopFnStrncmpFnGetFuncArgFnGetFuncRetFnGetFuncArgCntFnGetRetvalFnSetRetvalFnXdpGetBuffLenFnXdpLoadBytesFnXdpStoreBytesFnCopyFromUserTaskFnSkbSetTstampFnImaFileHashFnKptrXchgFnMapLookupPercpuElemFnSkcToMptcpSockFnDynptrFromMemFnRingbufReserveDynptrFnRingbufSubmitDynptrFnRingbufDiscardDynptrFnDynptrReadFnDynptrWriteFnDynptrDatamaxBuiltinFunc" +const _BuiltinFunc_name = "FnUnspecFnMapLookupElemFnMapUpdateElemFnMapDeleteElemFnProbeReadFnKtimeGetNsFnTracePrintkFnGetPrandomU32FnGetSmpProcessorIdFnSkbStoreBytesFnL3CsumReplaceFnL4CsumReplaceFnTailCallFnCloneRedirectFnGetCurrentPidTgidFnGetCurrentUidGidFnGetCurrentCommFnGetCgroupClassidFnSkbVlanPushFnSkbVlanPopFnSkbGetTunnelKeyFnSkbSetTunnelKeyFnPerfEventReadFnRedirectFnGetRouteRealmFnPerfEventOutputFnSkbLoadBytesFnGetStackidFnCsumDiffFnSkbGetTunnelOptFnSkbSetTunnelOptFnSkbChangeProtoFnSkbChangeTypeFnSkbUnderCgroupFnGetHashRecalcFnGetCurrentTaskFnProbeWriteUserFnCurrentTaskUnderCgroupFnSkbChangeTailFnSkbPullDataFnCsumUpdateFnSetHashInvalidFnGetNumaNodeIdFnSkbChangeHeadFnXdpAdjustHeadFnProbeReadStrFnGetSocketCookieFnGetSocketUidFnSetHashFnSetsockoptFnSkbAdjustRoomFnRedirectMapFnSkRedirectMapFnSockMapUpdateFnXdpAdjustMetaFnPerfEventReadValueFnPerfProgReadValueFnGetsockoptFnOverrideReturnFnSockOpsCbFlagsSetFnMsgRedirectMapFnMsgApplyBytesFnMsgCorkBytesFnMsgPullDataFnBindFnXdpAdjustTailFnSkbGetXfrmStateFnGetStackFnSkbLoadBytesRelativeFnFibLookupFnSockHashUpdateFnMsgRedirectHashFnSkRedirectHashFnLwtPushEncapFnLwtSeg6StoreBytesFnLwtSeg6AdjustSrhFnLwtSeg6ActionFnRcRepeatFnRcKeydownFnSkbCgroupIdFnGetCurrentCgroupIdFnGetLocalStorageFnSkSelectReuseportFnSkbAncestorCgroupIdFnSkLookupTcpFnSkLookupUdpFnSkReleaseFnMapPushElemFnMapPopElemFnMapPeekElemFnMsgPushDataFnMsgPopDataFnRcPointerRelFnSpinLockFnSpinUnlockFnSkFullsockFnTcpSockFnSkbEcnSetCeFnGetListenerSockFnSkcLookupTcpFnTcpCheckSyncookieFnSysctlGetNameFnSysctlGetCurrentValueFnSysctlGetNewValueFnSysctlSetNewValueFnStrtolFnStrtoulFnSkStorageGetFnSkStorageDeleteFnSendSignalFnTcpGenSyncookieFnSkbOutputFnProbeReadUserFnProbeReadKernelFnProbeReadUserStrFnProbeReadKernelStrFnTcpSendAckFnSendSignalThreadFnJiffies64FnReadBranchRecordsFnGetNsCurrentPidTgidFnXdpOutputFnGetNetnsCookieFnGetCurrentAncestorCgroupIdFnSkAssignFnKtimeGetBootNsFnSeqPrintfFnSeqWriteFnSkCgroupIdFnSkAncestorCgroupIdFnRingbufOutputFnRingbufReserveFnRingbufSubmitFnRingbufDiscardFnRingbufQueryFnCsumLevelFnSkcToTcp6SockFnSkcToTcpSockFnSkcToTcpTimewaitSockFnSkcToTcpRequestSockFnSkcToUdp6SockFnGetTaskStackFnLoadHdrOptFnStoreHdrOptFnReserveHdrOptFnInodeStorageGetFnInodeStorageDeleteFnDPathFnCopyFromUserFnSnprintfBtfFnSeqPrintfBtfFnSkbCgroupClassidFnRedirectNeighFnPerCpuPtrFnThisCpuPtrFnRedirectPeerFnTaskStorageGetFnTaskStorageDeleteFnGetCurrentTaskBtfFnBprmOptsSetFnKtimeGetCoarseNsFnImaInodeHashFnSockFromFileFnCheckMtuFnForEachMapElemFnSnprintfFnSysBpfFnBtfFindByNameKindFnSysCloseFnTimerInitFnTimerSetCallbackFnTimerStartFnTimerCancelFnGetFuncIpFnGetAttachCookieFnTaskPtRegsFnGetBranchSnapshotFnTraceVprintkFnSkcToUnixSockFnKallsymsLookupNameFnFindVmaFnLoopFnStrncmpFnGetFuncArgFnGetFuncRetFnGetFuncArgCntFnGetRetvalFnSetRetvalFnXdpGetBuffLenFnXdpLoadBytesFnXdpStoreBytesFnCopyFromUserTaskFnSkbSetTstampFnImaFileHashFnKptrXchgFnMapLookupPercpuElemFnSkcToMptcpSockFnDynptrFromMemFnRingbufReserveDynptrFnRingbufSubmitDynptrFnRingbufDiscardDynptrFnDynptrReadFnDynptrWriteFnDynptrDataFnTcpRawGenSyncookieIpv4FnTcpRawGenSyncookieIpv6FnTcpRawCheckSyncookieIpv4FnTcpRawCheckSyncookieIpv6FnKtimeGetTaiNsFnUserRingbufDrainFnCgrpStorageGetFnCgrpStorageDeletemaxBuiltinFunc" -var _BuiltinFunc_index = [...]uint16{0, 8, 23, 38, 53, 64, 76, 89, 104, 123, 138, 153, 168, 178, 193, 212, 230, 246, 264, 277, 289, 306, 323, 338, 348, 363, 380, 394, 406, 416, 433, 450, 466, 481, 497, 512, 528, 544, 568, 583, 596, 608, 624, 639, 654, 669, 683, 700, 714, 723, 735, 750, 763, 778, 793, 808, 828, 847, 859, 875, 894, 910, 925, 939, 952, 958, 973, 990, 1000, 1022, 1033, 1049, 1066, 1082, 1096, 1115, 1133, 1148, 1158, 1169, 1182, 1202, 1219, 1238, 1259, 1272, 1285, 1296, 1309, 1321, 1334, 1347, 1359, 1373, 1383, 1395, 1407, 1416, 1429, 1446, 1460, 1479, 1494, 1517, 1536, 1555, 1563, 1572, 1586, 1603, 1615, 1632, 1643, 1658, 1675, 1693, 1713, 1725, 1743, 1754, 1773, 1794, 1805, 1821, 1849, 1859, 1875, 1886, 1896, 1908, 1928, 1943, 1959, 1974, 1990, 2004, 2015, 2030, 2044, 2066, 2087, 2102, 2116, 2128, 2141, 2156, 2173, 2193, 2200, 2214, 2227, 2241, 2259, 2274, 2285, 2297, 2311, 2327, 2346, 2365, 2378, 2396, 2410, 2424, 2434, 2450, 2460, 2468, 2487, 2497, 2508, 2526, 2538, 2551, 2562, 2579, 2591, 2610, 2624, 2639, 2659, 2668, 2674, 2683, 2695, 2707, 2722, 2733, 2744, 2759, 2773, 2788, 2806, 2820, 2833, 2843, 2864, 2880, 2895, 2917, 2938, 2960, 2972, 2985, 2997, 3011} +var _BuiltinFunc_index = [...]uint16{0, 8, 23, 38, 53, 64, 76, 89, 104, 123, 138, 153, 168, 178, 193, 212, 230, 246, 264, 277, 289, 306, 323, 338, 348, 363, 380, 394, 406, 416, 433, 450, 466, 481, 497, 512, 528, 544, 568, 583, 596, 608, 624, 639, 654, 669, 683, 700, 714, 723, 735, 750, 763, 778, 793, 808, 828, 847, 859, 875, 894, 910, 925, 939, 952, 958, 973, 990, 1000, 1022, 1033, 1049, 1066, 1082, 1096, 1115, 1133, 1148, 1158, 1169, 1182, 1202, 1219, 1238, 1259, 1272, 1285, 1296, 1309, 1321, 1334, 1347, 1359, 1373, 1383, 1395, 1407, 1416, 1429, 1446, 1460, 1479, 1494, 1517, 1536, 1555, 1563, 1572, 1586, 1603, 1615, 1632, 1643, 1658, 1675, 1693, 1713, 1725, 1743, 1754, 1773, 1794, 1805, 1821, 1849, 1859, 1875, 1886, 1896, 1908, 1928, 1943, 1959, 1974, 1990, 2004, 2015, 2030, 2044, 2066, 2087, 2102, 2116, 2128, 2141, 2156, 2173, 2193, 2200, 2214, 2227, 2241, 2259, 2274, 2285, 2297, 2311, 2327, 2346, 2365, 2378, 2396, 2410, 2424, 2434, 2450, 2460, 2468, 2487, 2497, 2508, 2526, 2538, 2551, 2562, 2579, 2591, 2610, 2624, 2639, 2659, 2668, 2674, 2683, 2695, 2707, 2722, 2733, 2744, 2759, 2773, 2788, 2806, 2820, 2833, 2843, 2864, 2880, 2895, 2917, 2938, 2960, 2972, 2985, 2997, 3021, 3045, 3071, 3097, 3112, 3130, 3146, 3165, 3179} func (i BuiltinFunc) String() string { if i < 0 || i >= BuiltinFunc(len(_BuiltinFunc_index)-1) { diff --git a/vendor/github.com/cilium/ebpf/asm/instruction.go b/vendor/github.com/cilium/ebpf/asm/instruction.go index 19c5b646f71..ef01eaa35ae 100644 --- a/vendor/github.com/cilium/ebpf/asm/instruction.go +++ b/vendor/github.com/cilium/ebpf/asm/instruction.go @@ -226,6 +226,13 @@ func (ins *Instruction) IsFunctionCall() bool { return ins.OpCode.JumpOp() == Call && ins.Src == PseudoCall } +// IsKfuncCall returns true if the instruction calls a kfunc. +// +// This is not the same thing as a BPF helper call. +func (ins *Instruction) IsKfuncCall() bool { + return ins.OpCode.JumpOp() == Call && ins.Src == PseudoKfuncCall +} + // IsLoadOfFunctionPointer returns true if the instruction loads a function pointer. func (ins *Instruction) IsLoadOfFunctionPointer() bool { return ins.OpCode.IsDWordLoad() && ins.Src == PseudoFunc @@ -318,10 +325,14 @@ func (ins Instruction) Format(f fmt.State, c rune) { case cls.IsJump(): switch jop := op.JumpOp(); jop { case Call: - if ins.Src == PseudoCall { + switch ins.Src { + case PseudoCall: // bpf-to-bpf call fmt.Fprint(f, ins.Constant) - } else { + case PseudoKfuncCall: + // kfunc call + fmt.Fprintf(f, "Kfunc(%d)", ins.Constant) + default: fmt.Fprint(f, BuiltinFunc(ins.Constant)) } diff --git a/vendor/github.com/cilium/ebpf/asm/register.go b/vendor/github.com/cilium/ebpf/asm/register.go index dd5d44f1c19..457a3b8a883 100644 --- a/vendor/github.com/cilium/ebpf/asm/register.go +++ b/vendor/github.com/cilium/ebpf/asm/register.go @@ -35,10 +35,11 @@ const ( // Pseudo registers used by 64bit loads and jumps const ( - PseudoMapFD = R1 // BPF_PSEUDO_MAP_FD - PseudoMapValue = R2 // BPF_PSEUDO_MAP_VALUE - PseudoCall = R1 // BPF_PSEUDO_CALL - PseudoFunc = R4 // BPF_PSEUDO_FUNC + PseudoMapFD = R1 // BPF_PSEUDO_MAP_FD + PseudoMapValue = R2 // BPF_PSEUDO_MAP_VALUE + PseudoCall = R1 // BPF_PSEUDO_CALL + PseudoFunc = R4 // BPF_PSEUDO_FUNC + PseudoKfuncCall = R2 // BPF_PSEUDO_KFUNC_CALL ) func (r Register) String() string { diff --git a/vendor/github.com/cilium/ebpf/btf/btf.go b/vendor/github.com/cilium/ebpf/btf/btf.go index a27dcd16a89..86eb7d6819d 100644 --- a/vendor/github.com/cilium/ebpf/btf/btf.go +++ b/vendor/github.com/cilium/ebpf/btf/btf.go @@ -2,7 +2,6 @@ package btf import ( "bufio" - "bytes" "debug/elf" "encoding/binary" "errors" @@ -31,11 +30,9 @@ var ( // ID represents the unique ID of a BTF object. type ID = sys.BTFID -// Spec represents decoded BTF. +// Spec allows querying a set of Types and loading the set into the +// kernel. type Spec struct { - // Data from .BTF. - strings *stringTable - // All types contained by the spec, not including types from the base in // case the spec was parsed from split BTF. types []Type @@ -43,10 +40,17 @@ type Spec struct { // Type IDs indexed by type. typeIDs map[Type]TypeID + // The ID of the first type in types. + firstTypeID TypeID + // Types indexed by essential name. // Includes all struct flavors and types with the same name. namedTypes map[essentialName][]Type + // String table from ELF, may be nil. + strings *stringTable + + // Byte order of the ELF we decoded the spec from, may be nil. byteOrder binary.ByteOrder } @@ -76,6 +80,18 @@ func (h *btfHeader) stringStart() int64 { return int64(h.HdrLen + h.StringOff) } +// newSpec creates a Spec containing only Void. +func newSpec() *Spec { + return &Spec{ + []Type{(*Void)(nil)}, + map[Type]TypeID{(*Void)(nil): 0}, + 0, + make(map[essentialName][]Type), + nil, + nil, + } +} + // LoadSpec opens file and calls LoadSpecFromReader on it. func LoadSpec(file string) (*Spec, error) { fh, err := os.Open(file) @@ -95,7 +111,7 @@ func LoadSpecFromReader(rd io.ReaderAt) (*Spec, error) { file, err := internal.NewSafeELFFile(rd) if err != nil { if bo := guessRawBTFByteOrder(rd); bo != nil { - return loadRawSpec(io.NewSectionReader(rd, 0, math.MaxInt64), bo, nil, nil) + return loadRawSpec(io.NewSectionReader(rd, 0, math.MaxInt64), bo, nil) } return nil, err @@ -119,7 +135,7 @@ func LoadSpecAndExtInfosFromReader(rd io.ReaderAt) (*Spec, *ExtInfos, error) { return nil, nil, err } - extInfos, err := loadExtInfosFromELF(file, spec.types, spec.strings) + extInfos, err := loadExtInfosFromELF(file, spec) if err != nil && !errors.Is(err, ErrNotFound) { return nil, nil, err } @@ -199,7 +215,7 @@ func loadSpecFromELF(file *internal.SafeELFFile) (*Spec, error) { return nil, fmt.Errorf("compressed BTF is not supported") } - spec, err := loadRawSpec(btfSection.ReaderAt, file.ByteOrder, nil, nil) + spec, err := loadRawSpec(btfSection.ReaderAt, file.ByteOrder, nil) if err != nil { return nil, err } @@ -212,31 +228,53 @@ func loadSpecFromELF(file *internal.SafeELFFile) (*Spec, error) { return spec, nil } -func loadRawSpec(btf io.ReaderAt, bo binary.ByteOrder, - baseTypes types, baseStrings *stringTable) (*Spec, error) { +func loadRawSpec(btf io.ReaderAt, bo binary.ByteOrder, base *Spec) (*Spec, error) { + var ( + baseStrings *stringTable + firstTypeID TypeID + err error + ) + + if base != nil { + if base.firstTypeID != 0 { + return nil, fmt.Errorf("can't use split BTF as base") + } + + if base.strings == nil { + return nil, fmt.Errorf("parse split BTF: base must be loaded from an ELF") + } + + baseStrings = base.strings + + firstTypeID, err = base.nextTypeID() + if err != nil { + return nil, err + } + } rawTypes, rawStrings, err := parseBTF(btf, bo, baseStrings) if err != nil { return nil, err } - types, err := inflateRawTypes(rawTypes, baseTypes, rawStrings) + types, err := inflateRawTypes(rawTypes, rawStrings, base) if err != nil { return nil, err } - typeIDs, typesByName := indexTypes(types, TypeID(len(baseTypes))) + typeIDs, typesByName := indexTypes(types, firstTypeID) return &Spec{ - namedTypes: typesByName, - typeIDs: typeIDs, - types: types, - strings: rawStrings, - byteOrder: bo, + namedTypes: typesByName, + typeIDs: typeIDs, + types: types, + firstTypeID: firstTypeID, + strings: rawStrings, + byteOrder: bo, }, nil } -func indexTypes(types []Type, typeIDOffset TypeID) (map[Type]TypeID, map[essentialName][]Type) { +func indexTypes(types []Type, firstTypeID TypeID) (map[Type]TypeID, map[essentialName][]Type) { namedTypes := 0 for _, typ := range types { if typ.TypeName() != "" { @@ -254,7 +292,7 @@ func indexTypes(types []Type, typeIDOffset TypeID) (map[Type]TypeID, map[essenti if name := newEssentialName(typ.TypeName()); name != "" { typesByName[name] = append(typesByName[name], typ) } - typeIDs[typ] = TypeID(i) + typeIDOffset + typeIDs[typ] = firstTypeID + TypeID(i) } return typeIDs, typesByName @@ -266,7 +304,10 @@ func indexTypes(types []Type, typeIDOffset TypeID) (map[Type]TypeID, map[essenti // for vmlinux ELFs. Returns an error wrapping ErrNotSupported if BTF is not enabled. func LoadKernelSpec() (*Spec, error) { spec, _, err := kernelSpec() - return spec, err + if err != nil { + return nil, err + } + return spec.Copy(), nil } var kernelBTF struct { @@ -297,7 +338,7 @@ func kernelSpec() (*Spec, bool, error) { } if spec != nil { - return spec.Copy(), fallback, nil + return spec, fallback, nil } spec, fallback, err := loadKernelSpec() @@ -306,7 +347,7 @@ func kernelSpec() (*Spec, bool, error) { } kernelBTF.spec, kernelBTF.fallback = spec, fallback - return spec.Copy(), fallback, nil + return spec, fallback, nil } func loadKernelSpec() (_ *Spec, fallback bool, _ error) { @@ -314,7 +355,7 @@ func loadKernelSpec() (_ *Spec, fallback bool, _ error) { if err == nil { defer fh.Close() - spec, err := loadRawSpec(fh, internal.NativeEndian, nil, nil) + spec, err := loadRawSpec(fh, internal.NativeEndian, nil) return spec, false, err } @@ -433,6 +474,8 @@ type symbol struct { name string } +// fixupDatasec attempts to patch up missing info in Datasecs and its members by +// supplementing them with information from the ELF headers and symbol table. func fixupDatasec(types []Type, sectionSizes map[string]uint32, offsets map[symbol]uint32) error { for _, typ := range types { ds, ok := typ.(*Datasec) @@ -441,8 +484,34 @@ func fixupDatasec(types []Type, sectionSizes map[string]uint32, offsets map[symb } name := ds.Name - if name == ".kconfig" || name == ".ksyms" { - return fmt.Errorf("reference to %s: %w", name, ErrNotSupported) + + // Some Datasecs are virtual and don't have corresponding ELF sections. + switch name { + case ".ksyms": + // .ksyms describes forward declarations of kfunc signatures. + // Nothing to fix up, all sizes and offsets are 0. + for _, vsi := range ds.Vars { + _, ok := vsi.Type.(*Func) + if !ok { + // Only Funcs are supported in the .ksyms Datasec. + return fmt.Errorf("data section %s: expected *btf.Func, not %T: %w", name, vsi.Type, ErrNotSupported) + } + } + + continue + case ".kconfig": + // .kconfig has a size of 0 and has all members' offsets set to 0. + // Fix up all offsets and set the Datasec's size. + if err := fixupDatasecLayout(ds); err != nil { + return err + } + + // Fix up extern to global linkage to avoid a BTF verifier error. + for _, vsi := range ds.Vars { + vsi.Type.(*Var).Linkage = GlobalVar + } + + continue } if ds.Size != 0 { @@ -466,18 +535,52 @@ func fixupDatasec(types []Type, sectionSizes map[string]uint32, offsets map[symb return nil } +// fixupDatasecLayout populates ds.Vars[].Offset according to var sizes and +// alignment. Calculate and set ds.Size. +func fixupDatasecLayout(ds *Datasec) error { + var off uint32 + + for i, vsi := range ds.Vars { + v, ok := vsi.Type.(*Var) + if !ok { + return fmt.Errorf("member %d: unsupported type %T", i, vsi.Type) + } + + size, err := Sizeof(v.Type) + if err != nil { + return fmt.Errorf("variable %s: getting size: %w", v.Name, err) + } + align, err := alignof(v.Type) + if err != nil { + return fmt.Errorf("variable %s: getting alignment: %w", v.Name, err) + } + + // Align the current member based on the offset of the end of the previous + // member and the alignment of the current member. + off = internal.Align(off, uint32(align)) + + ds.Vars[i].Offset = off + + off += uint32(size) + } + + ds.Size = off + + return nil +} + // Copy creates a copy of Spec. func (s *Spec) Copy() *Spec { types := copyTypes(s.types, nil) - - typeIDs, typesByName := indexTypes(types, s.firstTypeID()) + typeIDs, typesByName := indexTypes(types, s.firstTypeID) // NB: Other parts of spec are not copied since they are immutable. return &Spec{ - s.strings, types, typeIDs, + s.firstTypeID, typesByName, + s.strings, s.byteOrder, } } @@ -492,19 +595,31 @@ func (sw sliceWriter) Write(p []byte) (int, error) { return copy(sw, p), nil } +// nextTypeID returns the next unallocated type ID or an error if there are no +// more type IDs. +func (s *Spec) nextTypeID() (TypeID, error) { + id := s.firstTypeID + TypeID(len(s.types)) + if id < s.firstTypeID { + return 0, fmt.Errorf("no more type IDs") + } + return id, nil +} + // TypeByID returns the BTF Type with the given type ID. // // Returns an error wrapping ErrNotFound if a Type with the given ID // does not exist in the Spec. func (s *Spec) TypeByID(id TypeID) (Type, error) { - firstID := s.firstTypeID() - lastID := firstID + TypeID(len(s.types)) + if id < s.firstTypeID { + return nil, fmt.Errorf("look up type with ID %d (first ID is %d): %w", id, s.firstTypeID, ErrNotFound) + } - if id < firstID || id >= lastID { - return nil, fmt.Errorf("expected type ID between %d and %d, got %d: %w", firstID, lastID, id, ErrNotFound) + index := int(id - s.firstTypeID) + if index >= len(s.types) { + return nil, fmt.Errorf("look up type with ID %d: %w", id, ErrNotFound) } - return s.types[id-firstID], nil + return s.types[index], nil } // TypeID returns the ID for a given Type. @@ -625,25 +740,17 @@ func (s *Spec) TypeByName(name string, typ interface{}) error { return nil } -// firstTypeID returns the first type ID or zero. -func (s *Spec) firstTypeID() TypeID { - if len(s.types) > 0 { - return s.typeIDs[s.types[0]] - } - return 0 -} - // LoadSplitSpecFromReader loads split BTF from a reader. // // Types from base are used to resolve references in the split BTF. // The returned Spec only contains types from the split BTF, not from the base. func LoadSplitSpecFromReader(r io.ReaderAt, base *Spec) (*Spec, error) { - return loadRawSpec(r, internal.NativeEndian, base.types, base.strings) + return loadRawSpec(r, internal.NativeEndian, base) } // TypesIterator iterates over types of a given spec. type TypesIterator struct { - spec *Spec + types []Type index int // The last visited type in the spec. Type Type @@ -651,69 +758,31 @@ type TypesIterator struct { // Iterate returns the types iterator. func (s *Spec) Iterate() *TypesIterator { - return &TypesIterator{spec: s, index: 0} + // We share the backing array of types with the Spec. This is safe since + // we don't allow deletion or shuffling of types. + return &TypesIterator{types: s.types, index: 0} } // Next returns true as long as there are any remaining types. func (iter *TypesIterator) Next() bool { - if len(iter.spec.types) <= iter.index { + if len(iter.types) <= iter.index { return false } - iter.Type = iter.spec.types[iter.index] + iter.Type = iter.types[iter.index] iter.index++ return true } -func marshalBTF(types interface{}, strings []byte, bo binary.ByteOrder) []byte { - const minHeaderLength = 24 - - typesLen := uint32(binary.Size(types)) - header := btfHeader{ - Magic: btfMagic, - Version: 1, - HdrLen: minHeaderLength, - TypeOff: 0, - TypeLen: typesLen, - StringOff: typesLen, - StringLen: uint32(len(strings)), - } - - buf := new(bytes.Buffer) - _ = binary.Write(buf, bo, &header) - _ = binary.Write(buf, bo, types) - buf.Write(strings) - - return buf.Bytes() -} - // haveBTF attempts to load a BTF blob containing an Int. It should pass on any // kernel that supports BPF_BTF_LOAD. var haveBTF = internal.NewFeatureTest("BTF", "4.18", func() error { - var ( - types struct { - Integer btfType - btfInt - } - strings = []byte{0} - ) - types.Integer.SetKind(kindInt) // 0-length anonymous integer - - btf := marshalBTF(&types, strings, internal.NativeEndian) - - fd, err := sys.BtfLoad(&sys.BtfLoadAttr{ - Btf: sys.NewSlicePointer(btf), - BtfSize: uint32(len(btf)), - }) + // 0-length anonymous integer + err := probeBTF(&Int{}) if errors.Is(err, unix.EINVAL) || errors.Is(err, unix.EPERM) { return internal.ErrNotSupported } - if err != nil { - return err - } - - fd.Close() - return nil + return err }) // haveMapBTF attempts to load a minimal BTF blob containing a Var. It is @@ -724,37 +793,18 @@ var haveMapBTF = internal.NewFeatureTest("Map BTF (Var/Datasec)", "5.2", func() return err } - var ( - types struct { - Integer btfType - Var btfType - btfVariable - } - strings = []byte{0, 'a', 0} - ) - - types.Integer.SetKind(kindPointer) - types.Var.NameOff = 1 - types.Var.SetKind(kindVar) - types.Var.SizeType = 1 - - btf := marshalBTF(&types, strings, internal.NativeEndian) + v := &Var{ + Name: "a", + Type: &Pointer{(*Void)(nil)}, + } - fd, err := sys.BtfLoad(&sys.BtfLoadAttr{ - Btf: sys.NewSlicePointer(btf), - BtfSize: uint32(len(btf)), - }) + err := probeBTF(v) if errors.Is(err, unix.EINVAL) || errors.Is(err, unix.EPERM) { // Treat both EINVAL and EPERM as not supported: creating the map may still // succeed without Btf* attrs. return internal.ErrNotSupported } - if err != nil { - return err - } - - fd.Close() - return nil + return err }) // haveProgBTF attempts to load a BTF blob containing a Func and FuncProto. It @@ -765,34 +815,16 @@ var haveProgBTF = internal.NewFeatureTest("Program BTF (func/line_info)", "5.0", return err } - var ( - types struct { - FuncProto btfType - Func btfType - } - strings = []byte{0, 'a', 0} - ) - - types.FuncProto.SetKind(kindFuncProto) - types.Func.SetKind(kindFunc) - types.Func.SizeType = 1 // aka FuncProto - types.Func.NameOff = 1 - - btf := marshalBTF(&types, strings, internal.NativeEndian) + fn := &Func{ + Name: "a", + Type: &FuncProto{Return: (*Void)(nil)}, + } - fd, err := sys.BtfLoad(&sys.BtfLoadAttr{ - Btf: sys.NewSlicePointer(btf), - BtfSize: uint32(len(btf)), - }) + err := probeBTF(fn) if errors.Is(err, unix.EINVAL) || errors.Is(err, unix.EPERM) { return internal.ErrNotSupported } - if err != nil { - return err - } - - fd.Close() - return nil + return err }) var haveFuncLinkage = internal.NewFeatureTest("BTF func linkage", "5.6", func() error { @@ -800,33 +832,38 @@ var haveFuncLinkage = internal.NewFeatureTest("BTF func linkage", "5.6", func() return err } - var ( - types struct { - FuncProto btfType - Func btfType - } - strings = []byte{0, 'a', 0} - ) - - types.FuncProto.SetKind(kindFuncProto) - types.Func.SetKind(kindFunc) - types.Func.SizeType = 1 // aka FuncProto - types.Func.NameOff = 1 - types.Func.SetLinkage(GlobalFunc) - - btf := marshalBTF(&types, strings, internal.NativeEndian) + fn := &Func{ + Name: "a", + Type: &FuncProto{Return: (*Void)(nil)}, + Linkage: GlobalFunc, + } - fd, err := sys.BtfLoad(&sys.BtfLoadAttr{ - Btf: sys.NewSlicePointer(btf), - BtfSize: uint32(len(btf)), - }) + err := probeBTF(fn) if errors.Is(err, unix.EINVAL) { return internal.ErrNotSupported } + return err +}) + +func probeBTF(typ Type) error { + b, err := NewBuilder([]Type{typ}) if err != nil { return err } - fd.Close() - return nil -}) + buf, err := b.Marshal(nil, nil) + if err != nil { + return err + } + + fd, err := sys.BtfLoad(&sys.BtfLoadAttr{ + Btf: sys.NewSlicePointer(buf), + BtfSize: uint32(len(buf)), + }) + + if err == nil { + fd.Close() + } + + return err +} diff --git a/vendor/github.com/cilium/ebpf/btf/btf_types.go b/vendor/github.com/cilium/ebpf/btf/btf_types.go index dc568a90e1d..a253b7c9b9e 100644 --- a/vendor/github.com/cilium/ebpf/btf/btf_types.go +++ b/vendor/github.com/cilium/ebpf/btf/btf_types.go @@ -4,6 +4,7 @@ import ( "encoding/binary" "fmt" "io" + "unsafe" ) //go:generate stringer -linecomment -output=btf_types_string.go -type=FuncLinkage,VarLinkage,btfKind @@ -193,13 +194,22 @@ func (bt *btfType) SetSize(size uint32) { bt.SizeType = size } +func (bt *btfType) Marshal(w io.Writer, bo binary.ByteOrder) error { + buf := make([]byte, unsafe.Sizeof(*bt)) + bo.PutUint32(buf[0:], bt.NameOff) + bo.PutUint32(buf[4:], bt.Info) + bo.PutUint32(buf[8:], bt.SizeType) + _, err := w.Write(buf) + return err +} + type rawType struct { btfType data interface{} } func (rt *rawType) Marshal(w io.Writer, bo binary.ByteOrder) error { - if err := binary.Write(w, bo, &rt.btfType); err != nil { + if err := rt.btfType.Marshal(w, bo); err != nil { return err } diff --git a/vendor/github.com/cilium/ebpf/btf/core.go b/vendor/github.com/cilium/ebpf/btf/core.go index a0d2c1f974a..a5c40d36af4 100644 --- a/vendor/github.com/cilium/ebpf/btf/core.go +++ b/vendor/github.com/cilium/ebpf/btf/core.go @@ -165,6 +165,14 @@ func (k coreKind) String() string { // Fixups are returned in the order of relos, e.g. fixup[i] is the solution // for relos[i]. func CORERelocate(relos []*CORERelocation, target *Spec, bo binary.ByteOrder) ([]COREFixup, error) { + if target == nil { + var err error + target, _, err = kernelSpec() + if err != nil { + return nil, fmt.Errorf("load kernel spec: %w", err) + } + } + if bo != target.byteOrder { return nil, fmt.Errorf("can't relocate %s against %s", bo, target.byteOrder) } @@ -229,6 +237,7 @@ func CORERelocate(relos []*CORERelocation, target *Spec, bo binary.ByteOrder) ([ var errAmbiguousRelocation = errors.New("ambiguous relocation") var errImpossibleRelocation = errors.New("impossible relocation") +var errIncompatibleTypes = errors.New("incompatible types") // coreCalculateFixups finds the target type that best matches all relocations. // @@ -239,12 +248,11 @@ var errImpossibleRelocation = errors.New("impossible relocation") func coreCalculateFixups(relos []*CORERelocation, targetSpec *Spec, targets []Type, bo binary.ByteOrder) ([]COREFixup, error) { bestScore := len(relos) var bestFixups []COREFixup - for i := range targets { - targetID, err := targetSpec.TypeID(targets[i]) + for _, target := range targets { + targetID, err := targetSpec.TypeID(target) if err != nil { return nil, fmt.Errorf("target type ID: %w", err) } - target := Copy(targets[i], UnderlyingType) score := 0 // lower is better fixups := make([]COREFixup, 0, len(relos)) @@ -298,6 +306,8 @@ func coreCalculateFixups(relos []*CORERelocation, targetSpec *Spec, targets []Ty return bestFixups, nil } +var errNoSignedness = errors.New("no signedness") + // coreCalculateFixup calculates the fixup for a single local type, target type // and relocation. func coreCalculateFixup(relo *CORERelocation, target Type, targetID TypeID, bo binary.ByteOrder) (COREFixup, error) { @@ -315,7 +325,7 @@ func coreCalculateFixup(relo *CORERelocation, target Type, targetID TypeID, bo b } zero := COREFixup{} - local := Copy(relo.typ, UnderlyingType) + local := relo.typ switch relo.kind { case reloTypeIDTarget, reloTypeSize, reloTypeExists: @@ -324,7 +334,7 @@ func coreCalculateFixup(relo *CORERelocation, target Type, targetID TypeID, bo b } err := coreAreTypesCompatible(local, target) - if errors.Is(err, errImpossibleRelocation) { + if errors.Is(err, errIncompatibleTypes) { return poison() } if err != nil { @@ -369,21 +379,8 @@ func coreCalculateFixup(relo *CORERelocation, target Type, targetID TypeID, bo b return fixup(uint32(localValue.Value), uint32(targetValue.Value)) } - case reloFieldSigned: - switch local.(type) { - case *Enum: - return fixup(1, 1) - case *Int: - return fixup( - uint32(local.(*Int).Encoding&Signed), - uint32(target.(*Int).Encoding&Signed), - ) - default: - return fixupWithoutValidation(0, 0) - } - - case reloFieldByteOffset, reloFieldByteSize, reloFieldExists, reloFieldLShiftU64, reloFieldRShiftU64: - if _, ok := target.(*Fwd); ok { + case reloFieldByteOffset, reloFieldByteSize, reloFieldExists, reloFieldLShiftU64, reloFieldRShiftU64, reloFieldSigned: + if _, ok := as[*Fwd](target); ok { // We can't relocate fields using a forward declaration, so // skip it. If a non-forward declaration is present in the BTF // we'll find it in one of the other iterations. @@ -448,12 +445,42 @@ func coreCalculateFixup(relo *CORERelocation, target Type, targetID TypeID, bo b } return fixupWithoutValidation(0, uint32(64-targetSize)) + + case reloFieldSigned: + switch local := UnderlyingType(localField.Type).(type) { + case *Enum: + target, ok := as[*Enum](targetField.Type) + if !ok { + return zero, fmt.Errorf("target isn't *Enum but %T", targetField.Type) + } + + return fixup(boolToUint32(local.Signed), boolToUint32(target.Signed)) + case *Int: + target, ok := as[*Int](targetField.Type) + if !ok { + return zero, fmt.Errorf("target isn't *Int but %T", targetField.Type) + } + + return fixup( + uint32(local.Encoding&Signed), + uint32(target.Encoding&Signed), + ) + default: + return zero, fmt.Errorf("type %T: %w", local, errNoSignedness) + } } } return zero, ErrNotSupported } +func boolToUint32(val bool) uint32 { + if val { + return 1 + } + return 0 +} + /* coreAccessor contains a path through a struct. It contains at least one index. * * The interpretation depends on the kind of the relocation. The following is @@ -513,7 +540,7 @@ func (ca coreAccessor) String() string { } func (ca coreAccessor) enumValue(t Type) (*EnumValue, error) { - e, ok := t.(*Enum) + e, ok := as[*Enum](t) if !ok { return nil, fmt.Errorf("not an enum: %s", t) } @@ -598,7 +625,7 @@ func (cf *coreField) sizeBits() (Bits, error) { // between kernel versions. Synthesise the size to make the shifts work. size, err := Sizeof(cf.Type) if err != nil { - return 0, nil + return 0, err } return Bits(size * 8), nil } @@ -628,7 +655,7 @@ func coreFindField(localT Type, localAcc coreAccessor, targetT Type) (coreField, var localMaybeFlex, targetMaybeFlex bool for i, acc := range localAcc[1:] { - switch localType := local.Type.(type) { + switch localType := UnderlyingType(local.Type).(type) { case composite: // For composite types acc is used to find the field in the local type, // and then we try to find a field in target with the same name. @@ -639,21 +666,21 @@ func coreFindField(localT Type, localAcc coreAccessor, targetT Type) (coreField, localMember := localMembers[acc] if localMember.Name == "" { - _, ok := localMember.Type.(composite) + localMemberType, ok := as[composite](localMember.Type) if !ok { return coreField{}, coreField{}, fmt.Errorf("unnamed field with type %s: %s", localMember.Type, ErrNotSupported) } // This is an anonymous struct or union, ignore it. local = coreField{ - Type: localMember.Type, + Type: localMemberType, offset: local.offset + localMember.Offset.Bytes(), } localMaybeFlex = false continue } - targetType, ok := target.Type.(composite) + targetType, ok := as[composite](target.Type) if !ok { return coreField{}, coreField{}, fmt.Errorf("target not composite: %w", errImpossibleRelocation) } @@ -699,7 +726,7 @@ func coreFindField(localT Type, localAcc coreAccessor, targetT Type) (coreField, case *Array: // For arrays, acc is the index in the target. - targetType, ok := target.Type.(*Array) + targetType, ok := as[*Array](target.Type) if !ok { return coreField{}, coreField{}, fmt.Errorf("target not array: %w", errImpossibleRelocation) } @@ -793,7 +820,7 @@ func coreFindMember(typ composite, name string) (Member, bool, error) { continue } - comp, ok := member.Type.(composite) + comp, ok := as[composite](member.Type) if !ok { return Member{}, false, fmt.Errorf("anonymous non-composite type %T not allowed", member.Type) } @@ -812,7 +839,7 @@ func coreFindEnumValue(local Type, localAcc coreAccessor, target Type) (localVal return nil, nil, err } - targetEnum, ok := target.(*Enum) + targetEnum, ok := as[*Enum](target) if !ok { return nil, nil, errImpossibleRelocation } @@ -829,6 +856,13 @@ func coreFindEnumValue(local Type, localAcc coreAccessor, target Type) (localVal return nil, nil, errImpossibleRelocation } +// CheckTypeCompatibility checks local and target types for Compatibility according to CO-RE rules. +// +// Only layout compatibility is checked, ignoring names of the root type. +func CheckTypeCompatibility(localType Type, targetType Type) error { + return coreAreTypesCompatible(localType, targetType) +} + /* The comment below is from bpf_core_types_are_compat in libbpf.c: * * Check local and target types for compatibility. This check is used for @@ -850,9 +884,10 @@ func coreFindEnumValue(local Type, localAcc coreAccessor, target Type) (localVal * These rules are not set in stone and probably will be adjusted as we get * more experience with using BPF CO-RE relocations. * - * Returns errImpossibleRelocation if types are not compatible. + * Returns errIncompatibleTypes if types are not compatible. */ func coreAreTypesCompatible(localType Type, targetType Type) error { + var ( localTs, targetTs typeDeque l, t = &localType, &targetType @@ -864,11 +899,11 @@ func coreAreTypesCompatible(localType Type, targetType Type) error { return errors.New("types are nested too deep") } - localType = *l - targetType = *t + localType = UnderlyingType(*l) + targetType = UnderlyingType(*t) if reflect.TypeOf(localType) != reflect.TypeOf(targetType) { - return fmt.Errorf("type mismatch: %w", errImpossibleRelocation) + return fmt.Errorf("type mismatch: %w", errIncompatibleTypes) } switch lv := (localType).(type) { @@ -883,7 +918,7 @@ func coreAreTypesCompatible(localType Type, targetType Type) error { case *FuncProto: tv := targetType.(*FuncProto) if len(lv.Params) != len(tv.Params) { - return fmt.Errorf("function param mismatch: %w", errImpossibleRelocation) + return fmt.Errorf("function param mismatch: %w", errIncompatibleTypes) } depth++ @@ -932,6 +967,9 @@ func coreAreTypesCompatible(localType Type, targetType Type) error { * Returns errImpossibleRelocation if the members are not compatible. */ func coreAreMembersCompatible(localType Type, targetType Type) error { + localType = UnderlyingType(localType) + targetType = UnderlyingType(targetType) + doNamesMatch := func(a, b string) error { if a == "" || b == "" { // allow anonymous and named type to match diff --git a/vendor/github.com/cilium/ebpf/btf/ext_info.go b/vendor/github.com/cilium/ebpf/btf/ext_info.go index 36f3b7baff3..b764fb7bcc1 100644 --- a/vendor/github.com/cilium/ebpf/btf/ext_info.go +++ b/vendor/github.com/cilium/ebpf/btf/ext_info.go @@ -8,7 +8,6 @@ import ( "io" "math" "sort" - "sync" "github.com/cilium/ebpf/asm" "github.com/cilium/ebpf/internal" @@ -25,7 +24,7 @@ type ExtInfos struct { // loadExtInfosFromELF parses ext infos from the .BTF.ext section in an ELF. // // Returns an error wrapping ErrNotFound if no ext infos are present. -func loadExtInfosFromELF(file *internal.SafeELFFile, ts types, strings *stringTable) (*ExtInfos, error) { +func loadExtInfosFromELF(file *internal.SafeELFFile, spec *Spec) (*ExtInfos, error) { section := file.Section(".BTF.ext") if section == nil { return nil, fmt.Errorf("btf ext infos: %w", ErrNotFound) @@ -35,11 +34,11 @@ func loadExtInfosFromELF(file *internal.SafeELFFile, ts types, strings *stringTa return nil, fmt.Errorf("compressed ext_info is not supported") } - return loadExtInfos(section.ReaderAt, file.ByteOrder, ts, strings) + return loadExtInfos(section.ReaderAt, file.ByteOrder, spec, spec.strings) } // loadExtInfos parses bare ext infos. -func loadExtInfos(r io.ReaderAt, bo binary.ByteOrder, ts types, strings *stringTable) (*ExtInfos, error) { +func loadExtInfos(r io.ReaderAt, bo binary.ByteOrder, spec *Spec, strings *stringTable) (*ExtInfos, error) { // Open unbuffered section reader. binary.Read() calls io.ReadFull on // the header structs, resulting in one syscall per header. headerRd := io.NewSectionReader(r, 0, math.MaxInt64) @@ -61,7 +60,7 @@ func loadExtInfos(r io.ReaderAt, bo binary.ByteOrder, ts types, strings *stringT funcInfos := make(map[string][]funcInfo, len(btfFuncInfos)) for section, bfis := range btfFuncInfos { - funcInfos[section], err = newFuncInfos(bfis, ts) + funcInfos[section], err = newFuncInfos(bfis, spec) if err != nil { return nil, fmt.Errorf("section %s: func infos: %w", section, err) } @@ -94,7 +93,7 @@ func loadExtInfos(r io.ReaderAt, bo binary.ByteOrder, ts types, strings *stringT coreRelos := make(map[string][]coreRelocationInfo, len(btfCORERelos)) for section, brs := range btfCORERelos { - coreRelos[section], err = newRelocationInfos(brs, ts, strings) + coreRelos[section], err = newRelocationInfos(brs, spec, strings) if err != nil { return nil, fmt.Errorf("section %s: CO-RE relocations: %w", section, err) } @@ -131,12 +130,6 @@ func (ei *ExtInfos) Assign(insns asm.Instructions, section string) { } } -var nativeEncoderPool = sync.Pool{ - New: func() any { - return newEncoder(kernelEncoderOptions, nil) - }, -} - // MarshalExtInfos encodes function and line info embedded in insns into kernel // wire format. // @@ -157,15 +150,10 @@ func MarshalExtInfos(insns asm.Instructions) (_ *Handle, funcInfos, lineInfos [] } } - // Avoid allocating encoder, etc. if there is no BTF at all. return nil, nil, nil, nil marshal: - enc := nativeEncoderPool.Get().(*encoder) - defer nativeEncoderPool.Put(enc) - - enc.Reset() - + var b Builder var fiBuf, liBuf bytes.Buffer for { if fn := FuncMetadata(iter.Ins); fn != nil { @@ -173,7 +161,7 @@ marshal: fn: fn, offset: iter.Offset, } - if err := fi.marshal(&fiBuf, enc); err != nil { + if err := fi.marshal(&fiBuf, &b); err != nil { return nil, nil, nil, fmt.Errorf("write func info: %w", err) } } @@ -183,7 +171,7 @@ marshal: line: line, offset: iter.Offset, } - if err := li.marshal(&liBuf, enc.strings); err != nil { + if err := li.marshal(&liBuf, &b); err != nil { return nil, nil, nil, fmt.Errorf("write line info: %w", err) } } @@ -193,12 +181,7 @@ marshal: } } - btf, err := enc.Encode() - if err != nil { - return nil, nil, nil, err - } - - handle, err := newHandleFromRawBTF(btf) + handle, err := NewHandle(&b) return handle, fiBuf.Bytes(), liBuf.Bytes(), err } @@ -354,8 +337,8 @@ type bpfFuncInfo struct { TypeID TypeID } -func newFuncInfo(fi bpfFuncInfo, ts types) (*funcInfo, error) { - typ, err := ts.ByID(fi.TypeID) +func newFuncInfo(fi bpfFuncInfo, spec *Spec) (*funcInfo, error) { + typ, err := spec.TypeByID(fi.TypeID) if err != nil { return nil, err } @@ -376,10 +359,10 @@ func newFuncInfo(fi bpfFuncInfo, ts types) (*funcInfo, error) { }, nil } -func newFuncInfos(bfis []bpfFuncInfo, ts types) ([]funcInfo, error) { +func newFuncInfos(bfis []bpfFuncInfo, spec *Spec) ([]funcInfo, error) { fis := make([]funcInfo, 0, len(bfis)) for _, bfi := range bfis { - fi, err := newFuncInfo(bfi, ts) + fi, err := newFuncInfo(bfi, spec) if err != nil { return nil, fmt.Errorf("offset %d: %w", bfi.InsnOff, err) } @@ -392,8 +375,8 @@ func newFuncInfos(bfis []bpfFuncInfo, ts types) ([]funcInfo, error) { } // marshal into the BTF wire format. -func (fi *funcInfo) marshal(w *bytes.Buffer, enc *encoder) error { - id, err := enc.Add(fi.fn) +func (fi *funcInfo) marshal(w *bytes.Buffer, b *Builder) error { + id, err := b.Add(fi.fn) if err != nil { return err } @@ -408,7 +391,7 @@ func (fi *funcInfo) marshal(w *bytes.Buffer, enc *encoder) error { return err } -// parseLineInfos parses a func_info sub-section within .BTF.ext ito a map of +// parseFuncInfos parses a func_info sub-section within .BTF.ext ito a map of // func infos indexed by section name. func parseFuncInfos(r io.Reader, bo binary.ByteOrder, strings *stringTable) (map[string][]bpfFuncInfo, error) { recordSize, err := parseExtInfoRecordSize(r, bo) @@ -558,7 +541,7 @@ func newLineInfos(blis []bpfLineInfo, strings *stringTable) ([]lineInfo, error) } // marshal writes the binary representation of the LineInfo to w. -func (li *lineInfo) marshal(w *bytes.Buffer, stb *stringTableBuilder) error { +func (li *lineInfo) marshal(w *bytes.Buffer, b *Builder) error { line := li.line if line.lineNumber > bpfLineMax { return fmt.Errorf("line %d exceeds %d", line.lineNumber, bpfLineMax) @@ -568,12 +551,12 @@ func (li *lineInfo) marshal(w *bytes.Buffer, stb *stringTableBuilder) error { return fmt.Errorf("column %d exceeds %d", line.lineColumn, bpfColumnMax) } - fileNameOff, err := stb.Add(line.fileName) + fileNameOff, err := b.addString(line.fileName) if err != nil { return fmt.Errorf("file name %q: %w", line.fileName, err) } - lineOff, err := stb.Add(line.line) + lineOff, err := b.addString(line.line) if err != nil { return fmt.Errorf("line %q: %w", line.line, err) } @@ -669,6 +652,10 @@ type CORERelocation struct { id TypeID } +func (cr *CORERelocation) String() string { + return fmt.Sprintf("CORERelocation(%s, %s[%s], local_id=%d)", cr.kind, cr.typ, cr.accessor, cr.id) +} + func CORERelocationMetadata(ins *asm.Instruction) *CORERelocation { relo, _ := ins.Metadata.Get(coreRelocationMeta{}).(*CORERelocation) return relo @@ -679,8 +666,8 @@ type coreRelocationInfo struct { offset asm.RawInstructionOffset } -func newRelocationInfo(relo bpfCORERelo, ts types, strings *stringTable) (*coreRelocationInfo, error) { - typ, err := ts.ByID(relo.TypeID) +func newRelocationInfo(relo bpfCORERelo, spec *Spec, strings *stringTable) (*coreRelocationInfo, error) { + typ, err := spec.TypeByID(relo.TypeID) if err != nil { return nil, err } @@ -706,10 +693,10 @@ func newRelocationInfo(relo bpfCORERelo, ts types, strings *stringTable) (*coreR }, nil } -func newRelocationInfos(brs []bpfCORERelo, ts types, strings *stringTable) ([]coreRelocationInfo, error) { +func newRelocationInfos(brs []bpfCORERelo, spec *Spec, strings *stringTable) ([]coreRelocationInfo, error) { rs := make([]coreRelocationInfo, 0, len(brs)) for _, br := range brs { - relo, err := newRelocationInfo(br, ts, strings) + relo, err := newRelocationInfo(br, spec, strings) if err != nil { return nil, fmt.Errorf("offset %d: %w", br.InsnOff, err) } diff --git a/vendor/github.com/cilium/ebpf/btf/handle.go b/vendor/github.com/cilium/ebpf/btf/handle.go index 9a864d1777b..b6b3e87f504 100644 --- a/vendor/github.com/cilium/ebpf/btf/handle.go +++ b/vendor/github.com/cilium/ebpf/btf/handle.go @@ -22,32 +22,25 @@ type Handle struct { needsKernelBase bool } -// NewHandle loads BTF into the kernel. +// NewHandle loads the contents of a [Builder] into the kernel. // -// Returns ErrNotSupported if BTF is not supported. -func NewHandle(spec *Spec) (*Handle, error) { - if spec.byteOrder != nil && spec.byteOrder != internal.NativeEndian { - return nil, fmt.Errorf("can't load %s BTF on %s", spec.byteOrder, internal.NativeEndian) - } - - enc := newEncoder(kernelEncoderOptions, newStringTableBuilderFromTable(spec.strings)) +// Returns an error wrapping ErrNotSupported if the kernel doesn't support BTF. +func NewHandle(b *Builder) (*Handle, error) { + small := getByteSlice() + defer putByteSlice(small) - for _, typ := range spec.types { - _, err := enc.Add(typ) - if err != nil { - return nil, fmt.Errorf("add %s: %w", typ, err) - } - } - - btf, err := enc.Encode() + buf, err := b.Marshal(*small, KernelMarshalOptions()) if err != nil { return nil, fmt.Errorf("marshal BTF: %w", err) } - return newHandleFromRawBTF(btf) + return NewHandleFromRawBTF(buf) } -func newHandleFromRawBTF(btf []byte) (*Handle, error) { +// NewHandleFromRawBTF loads raw BTF into the kernel. +// +// Returns an error wrapping ErrNotSupported if the kernel doesn't support BTF. +func NewHandleFromRawBTF(btf []byte) (*Handle, error) { if uint64(len(btf)) > math.MaxUint32 { return nil, errors.New("BTF exceeds the maximum size") } @@ -104,7 +97,10 @@ func NewHandleFromID(id ID) (*Handle, error) { } // Spec parses the kernel BTF into Go types. -func (h *Handle) Spec() (*Spec, error) { +// +// base must contain type information for vmlinux if the handle is for +// a kernel module. It may be nil otherwise. +func (h *Handle) Spec(base *Spec) (*Spec, error) { var btfInfo sys.BtfInfo btfBuffer := make([]byte, h.size) btfInfo.Btf, btfInfo.BtfSize = sys.NewSlicePointerLen(btfBuffer) @@ -113,20 +109,11 @@ func (h *Handle) Spec() (*Spec, error) { return nil, err } - if !h.needsKernelBase { - return loadRawSpec(bytes.NewReader(btfBuffer), internal.NativeEndian, nil, nil) - } - - base, fallback, err := kernelSpec() - if err != nil { - return nil, fmt.Errorf("load BTF base: %w", err) - } - - if fallback { - return nil, fmt.Errorf("can't load split BTF without access to /sys") + if h.needsKernelBase && base == nil { + return nil, fmt.Errorf("missing base types") } - return loadRawSpec(bytes.NewReader(btfBuffer), internal.NativeEndian, base.types, base.strings) + return loadRawSpec(bytes.NewReader(btfBuffer), internal.NativeEndian, base) } // Close destroys the handle. @@ -200,7 +187,7 @@ func newHandleInfoFromFD(fd *sys.FD) (*HandleInfo, error) { }, nil } -// IsModule returns true if the BTF is for the kernel itself. +// IsVmlinux returns true if the BTF is for the kernel itself. func (i *HandleInfo) IsVmlinux() bool { return i.IsKernel && i.Name == "vmlinux" } diff --git a/vendor/github.com/cilium/ebpf/btf/marshal.go b/vendor/github.com/cilium/ebpf/btf/marshal.go index 4ae479bd98a..bfe53b41072 100644 --- a/vendor/github.com/cilium/ebpf/btf/marshal.go +++ b/vendor/github.com/cilium/ebpf/btf/marshal.go @@ -6,141 +6,176 @@ import ( "errors" "fmt" "math" + "sync" "github.com/cilium/ebpf/internal" + + "golang.org/x/exp/slices" ) -type encoderOptions struct { - ByteOrder binary.ByteOrder +type MarshalOptions struct { + // Target byte order. Defaults to the system's native endianness. + Order binary.ByteOrder // Remove function linkage information for compatibility with <5.6 kernels. StripFuncLinkage bool } -// kernelEncoderOptions will generate BTF suitable for the current kernel. -var kernelEncoderOptions encoderOptions - -func init() { - kernelEncoderOptions = encoderOptions{ - ByteOrder: internal.NativeEndian, +// KernelMarshalOptions will generate BTF suitable for the current kernel. +func KernelMarshalOptions() *MarshalOptions { + return &MarshalOptions{ + Order: internal.NativeEndian, StripFuncLinkage: haveFuncLinkage() != nil, } } // encoder turns Types into raw BTF. type encoder struct { - opts encoderOptions + MarshalOptions - buf *bytes.Buffer - strings *stringTableBuilder - allocatedIDs map[Type]TypeID - nextID TypeID - // Temporary storage for Add. pending internal.Deque[Type] - // Temporary storage for deflateType. - raw rawType + buf *bytes.Buffer + strings *stringTableBuilder + ids map[Type]TypeID + lastID TypeID } -// newEncoder returns a new builder for the given byte order. -// -// See [KernelEncoderOptions] to build BTF for the current system. -func newEncoder(opts encoderOptions, strings *stringTableBuilder) *encoder { - enc := &encoder{ - opts: opts, - buf: bytes.NewBuffer(make([]byte, btfHeaderLen)), - } - enc.reset(strings) - return enc +var bufferPool = sync.Pool{ + New: func() any { + buf := make([]byte, btfHeaderLen+128) + return &buf + }, } -// Reset internal state to be able to reuse the Encoder. -func (e *encoder) Reset() { - e.reset(nil) +func getByteSlice() *[]byte { + return bufferPool.Get().(*[]byte) } -func (e *encoder) reset(strings *stringTableBuilder) { - if strings == nil { - strings = newStringTableBuilder() - } +func putByteSlice(buf *[]byte) { + *buf = (*buf)[:0] + bufferPool.Put(buf) +} - e.buf.Truncate(btfHeaderLen) - e.strings = strings - e.allocatedIDs = make(map[Type]TypeID) - e.nextID = 1 +// Builder turns Types into raw BTF. +// +// The default value may be used and represents an empty BTF blob. Void is +// added implicitly if necessary. +type Builder struct { + // Explicitly added types. + types []Type + // IDs for all added types which the user knows about. + stableIDs map[Type]TypeID + // Explicitly added strings. + strings *stringTableBuilder } -// Add a Type. +// NewBuilder creates a Builder from a list of types. // -// Adding the same Type multiple times is valid and will return a stable ID. +// It is more efficient than calling [Add] individually. // -// Calling the method has undefined behaviour if it previously returned an error. -func (e *encoder) Add(typ Type) (TypeID, error) { - if typ == nil { - return 0, errors.New("cannot Add a nil Type") +// Returns an error if adding any of the types fails. +func NewBuilder(types []Type) (*Builder, error) { + b := &Builder{ + make([]Type, 0, len(types)), + make(map[Type]TypeID, len(types)), + nil, } - hasID := func(t Type) (skip bool) { - _, isVoid := t.(*Void) - _, alreadyEncoded := e.allocatedIDs[t] - return isVoid || alreadyEncoded + for _, typ := range types { + _, err := b.Add(typ) + if err != nil { + return nil, fmt.Errorf("add %s: %w", typ, err) + } } - e.pending.Reset() + return b, nil +} - allocateID := func(typ Type) { - e.pending.Push(typ) - e.allocatedIDs[typ] = e.nextID - e.nextID++ +// Add a Type and allocate a stable ID for it. +// +// Adding the identical Type multiple times is valid and will return the same ID. +// +// See [Type] for details on identity. +func (b *Builder) Add(typ Type) (TypeID, error) { + if b.stableIDs == nil { + b.stableIDs = make(map[Type]TypeID) } - iter := postorderTraversal(typ, hasID) - for iter.Next() { - if hasID(iter.Type) { - // This type is part of a cycle and we've already deflated it. - continue - } + if _, ok := typ.(*Void); ok { + // Equality is weird for void, since it is a zero sized type. + return 0, nil + } - // Allocate an ID for the next type. - allocateID(iter.Type) + if ds, ok := typ.(*Datasec); ok { + if err := datasecResolveWorkaround(b, ds); err != nil { + return 0, err + } + } - for !e.pending.Empty() { - t := e.pending.Shift() + id, ok := b.stableIDs[typ] + if ok { + return id, nil + } - // Ensure that all direct descendants have been allocated an ID - // before calling deflateType. - walkType(t, func(child *Type) { - if !hasID(*child) { - // t refers to a type which hasn't been allocated an ID - // yet, which only happens for circular types. - allocateID(*child) - } - }) + b.types = append(b.types, typ) - if err := e.deflateType(t); err != nil { - return 0, fmt.Errorf("deflate %s: %w", t, err) - } - } + id = TypeID(len(b.types)) + if int(id) != len(b.types) { + return 0, fmt.Errorf("no more type IDs") } - return e.allocatedIDs[typ], nil + b.stableIDs[typ] = id + return id, nil } -// Encode the raw BTF blob. +// Marshal encodes all types in the Marshaler into BTF wire format. // -// The returned slice is valid until the next call to Add. -func (e *encoder) Encode() ([]byte, error) { - length := e.buf.Len() +// opts may be nil. +func (b *Builder) Marshal(buf []byte, opts *MarshalOptions) ([]byte, error) { + stb := b.strings + if stb == nil { + // Assume that most types are named. This makes encoding large BTF like + // vmlinux a lot cheaper. + stb = newStringTableBuilder(len(b.types)) + } else { + // Avoid modifying the Builder's string table. + stb = b.strings.Copy() + } + + if opts == nil { + opts = &MarshalOptions{Order: internal.NativeEndian} + } - // Truncate the string table on return to allow adding more types. - defer e.buf.Truncate(length) + // Reserve space for the BTF header. + buf = slices.Grow(buf, btfHeaderLen)[:btfHeaderLen] + w := internal.NewBuffer(buf) + defer internal.PutBuffer(w) + + e := encoder{ + MarshalOptions: *opts, + buf: w, + strings: stb, + lastID: TypeID(len(b.types)), + ids: make(map[Type]TypeID, len(b.types)), + } + + // Ensure that types are marshaled in the exact order they were Add()ed. + // Otherwise the ID returned from Add() won't match. + e.pending.Grow(len(b.types)) + for _, typ := range b.types { + e.pending.Push(typ) + e.ids[typ] = b.stableIDs[typ] + } + + if err := e.deflatePending(); err != nil { + return nil, err + } + + length := e.buf.Len() typeLen := uint32(length - btfHeaderLen) - // Reserve space for the string table. stringLen := e.strings.Length() - e.buf.Grow(stringLen) - - buf := e.buf.Bytes()[:length+stringLen] - e.strings.MarshalBuffer(buf[length:]) + buf = e.strings.AppendEncoded(e.buf.Bytes()) // Fill out the header, and write it out. header := &btfHeader{ @@ -154,23 +189,116 @@ func (e *encoder) Encode() ([]byte, error) { StringLen: uint32(stringLen), } - err := binary.Write(sliceWriter(buf[:btfHeaderLen]), e.opts.ByteOrder, header) + err := binary.Write(sliceWriter(buf[:btfHeaderLen]), e.Order, header) if err != nil { - return nil, fmt.Errorf("can't write header: %v", err) + return nil, fmt.Errorf("write header: %v", err) } return buf, nil } +// addString adds a string to the resulting BTF. +// +// Adding the same string multiple times will return the same result. +// +// Returns an identifier into the string table or an error if the string +// contains invalid characters. +func (b *Builder) addString(str string) (uint32, error) { + if b.strings == nil { + b.strings = newStringTableBuilder(0) + } + + return b.strings.Add(str) +} + +func (e *encoder) allocateID(typ Type) error { + id := e.lastID + 1 + if id < e.lastID { + return errors.New("type ID overflow") + } + + e.pending.Push(typ) + e.ids[typ] = id + e.lastID = id + return nil +} + +// id returns the ID for the given type or panics with an error. +func (e *encoder) id(typ Type) TypeID { + if _, ok := typ.(*Void); ok { + return 0 + } + + id, ok := e.ids[typ] + if !ok { + panic(fmt.Errorf("no ID for type %v", typ)) + } + + return id +} + +func (e *encoder) deflatePending() error { + // Declare root outside of the loop to avoid repeated heap allocations. + var root Type + skip := func(t Type) (skip bool) { + if t == root { + // Force descending into the current root type even if it already + // has an ID. Otherwise we miss children of types that have their + // ID pre-allocated via Add. + return false + } + + _, isVoid := t.(*Void) + _, alreadyEncoded := e.ids[t] + return isVoid || alreadyEncoded + } + + for !e.pending.Empty() { + root = e.pending.Shift() + + // Allocate IDs for all children of typ, including transitive dependencies. + iter := postorderTraversal(root, skip) + for iter.Next() { + if iter.Type == root { + // The iterator yields root at the end, do not allocate another ID. + break + } + + if err := e.allocateID(iter.Type); err != nil { + return err + } + } + + if err := e.deflateType(root); err != nil { + id := e.ids[root] + return fmt.Errorf("deflate %v with ID %d: %w", root, id, err) + } + } + + return nil +} + func (e *encoder) deflateType(typ Type) (err error) { - raw := &e.raw - *raw = rawType{} + defer func() { + if r := recover(); r != nil { + var ok bool + err, ok = r.(error) + if !ok { + panic(r) + } + } + }() + + var raw rawType raw.NameOff, err = e.strings.Add(typ.TypeName()) if err != nil { return err } switch v := typ.(type) { + case *Void: + return errors.New("Void is implicit in BTF wire format") + case *Int: raw.SetKind(kindInt) raw.SetSize(v.Size) @@ -184,13 +312,13 @@ func (e *encoder) deflateType(typ Type) (err error) { case *Pointer: raw.SetKind(kindPointer) - raw.SetType(e.allocatedIDs[v.Target]) + raw.SetType(e.id(v.Target)) case *Array: raw.SetKind(kindArray) raw.data = &btfArray{ - e.allocatedIDs[v.Type], - e.allocatedIDs[v.Index], + e.id(v.Type), + e.id(v.Index), v.Nelems, } @@ -223,36 +351,36 @@ func (e *encoder) deflateType(typ Type) (err error) { case *Typedef: raw.SetKind(kindTypedef) - raw.SetType(e.allocatedIDs[v.Type]) + raw.SetType(e.id(v.Type)) case *Volatile: raw.SetKind(kindVolatile) - raw.SetType(e.allocatedIDs[v.Type]) + raw.SetType(e.id(v.Type)) case *Const: raw.SetKind(kindConst) - raw.SetType(e.allocatedIDs[v.Type]) + raw.SetType(e.id(v.Type)) case *Restrict: raw.SetKind(kindRestrict) - raw.SetType(e.allocatedIDs[v.Type]) + raw.SetType(e.id(v.Type)) case *Func: raw.SetKind(kindFunc) - raw.SetType(e.allocatedIDs[v.Type]) - if !e.opts.StripFuncLinkage { + raw.SetType(e.id(v.Type)) + if !e.StripFuncLinkage { raw.SetLinkage(v.Linkage) } case *FuncProto: raw.SetKind(kindFuncProto) - raw.SetType(e.allocatedIDs[v.Return]) + raw.SetType(e.id(v.Return)) raw.SetVlen(len(v.Params)) raw.data, err = e.deflateFuncParams(v.Params) case *Var: raw.SetKind(kindVar) - raw.SetType(e.allocatedIDs[v.Type]) + raw.SetType(e.id(v.Type)) raw.data = btfVariable{uint32(v.Linkage)} case *Datasec: @@ -267,10 +395,13 @@ func (e *encoder) deflateType(typ Type) (err error) { case *declTag: raw.SetKind(kindDeclTag) + raw.SetType(e.id(v.Type)) raw.data = &btfDeclTag{uint32(v.Index)} + raw.NameOff, err = e.strings.Add(v.Value) case *typeTag: raw.SetKind(kindTypeTag) + raw.SetType(e.id(v.Type)) raw.NameOff, err = e.strings.Add(v.Value) default: @@ -281,7 +412,7 @@ func (e *encoder) deflateType(typ Type) (err error) { return err } - return raw.Marshal(e.buf, e.opts.ByteOrder) + return raw.Marshal(e.buf, e.Order) } func (e *encoder) convertMembers(header *btfType, members []Member) ([]btfMember, error) { @@ -302,7 +433,7 @@ func (e *encoder) convertMembers(header *btfType, members []Member) ([]btfMember bms = append(bms, btfMember{ nameOff, - e.allocatedIDs[member.Type], + e.id(member.Type), uint32(offset), }) } @@ -361,7 +492,7 @@ func (e *encoder) deflateFuncParams(params []FuncParam) ([]btfParam, error) { bps = append(bps, btfParam{ nameOff, - e.allocatedIDs[param.Type], + e.id(param.Type), }) } return bps, nil @@ -371,7 +502,7 @@ func (e *encoder) deflateVarSecinfos(vars []VarSecinfo) []btfVarSecinfo { vsis := make([]btfVarSecinfo, 0, len(vars)) for _, v := range vars { vsis = append(vsis, btfVarSecinfo{ - e.allocatedIDs[v.Type], + e.id(v.Type), v.Offset, v.Size, }) @@ -383,33 +514,24 @@ func (e *encoder) deflateVarSecinfos(vars []VarSecinfo) []btfVarSecinfo { // // The function is intended for the use of the ebpf package and may be removed // at any point in time. -func MarshalMapKV(key, value Type) (_ *Handle, keyID, valueID TypeID, _ error) { - enc := nativeEncoderPool.Get().(*encoder) - defer nativeEncoderPool.Put(enc) - - enc.Reset() +func MarshalMapKV(key, value Type) (_ *Handle, keyID, valueID TypeID, err error) { + var b Builder - var err error if key != nil { - keyID, err = enc.Add(key) + keyID, err = b.Add(key) if err != nil { - return nil, 0, 0, fmt.Errorf("adding map key to BTF encoder: %w", err) + return nil, 0, 0, fmt.Errorf("add key type: %w", err) } } if value != nil { - valueID, err = enc.Add(value) + valueID, err = b.Add(value) if err != nil { - return nil, 0, 0, fmt.Errorf("adding map value to BTF encoder: %w", err) + return nil, 0, 0, fmt.Errorf("add value type: %w", err) } } - btf, err := enc.Encode() - if err != nil { - return nil, 0, 0, fmt.Errorf("marshal BTF: %w", err) - } - - handle, err := newHandleFromRawBTF(btf) + handle, err := NewHandle(&b) if err != nil { // Check for 'full' map BTF support, since kernels between 4.18 and 5.2 // already support BTF blobs for maps without Var or Datasec just fine. @@ -417,6 +539,5 @@ func MarshalMapKV(key, value Type) (_ *Handle, keyID, valueID TypeID, _ error) { return nil, 0, 0, err } } - return handle, keyID, valueID, err } diff --git a/vendor/github.com/cilium/ebpf/btf/strings.go b/vendor/github.com/cilium/ebpf/btf/strings.go index deeaeacaabd..bc6aff28142 100644 --- a/vendor/github.com/cilium/ebpf/btf/strings.go +++ b/vendor/github.com/cilium/ebpf/btf/strings.go @@ -7,6 +7,8 @@ import ( "fmt" "io" "strings" + + "golang.org/x/exp/maps" ) type stringTable struct { @@ -89,15 +91,6 @@ func (st *stringTable) lookup(offset uint32) (string, error) { return st.strings[i], nil } -func (st *stringTable) Length() int { - if len(st.offsets) == 0 || len(st.strings) == 0 { - return 0 - } - - last := len(st.offsets) - 1 - return int(st.offsets[last]) + len(st.strings[last]) + 1 -} - func (st *stringTable) Marshal(w io.Writer) error { for _, str := range st.strings { _, err := io.WriteString(w, str) @@ -112,6 +105,11 @@ func (st *stringTable) Marshal(w io.Writer) error { return nil } +// Num returns the number of strings in the table. +func (st *stringTable) Num() int { + return len(st.strings) +} + // search is a copy of sort.Search specialised for uint32. // // Licensed under https://go.dev/LICENSE @@ -141,25 +139,19 @@ type stringTableBuilder struct { // newStringTableBuilder creates a builder with the given capacity. // // capacity may be zero. -func newStringTableBuilder() *stringTableBuilder { - stb := &stringTableBuilder{0, make(map[string]uint32)} - // Ensure that the empty string is at index 0. - stb.append("") - return stb -} +func newStringTableBuilder(capacity int) *stringTableBuilder { + var stb stringTableBuilder -// newStringTableBuilderFromTable creates a new builder from an existing string table. -func newStringTableBuilderFromTable(contents *stringTable) *stringTableBuilder { - stb := &stringTableBuilder{0, make(map[string]uint32, len(contents.strings)+1)} - stb.append("") - - for _, str := range contents.strings { - if str != "" { - stb.append(str) - } + if capacity == 0 { + // Use the runtime's small default size. + stb.strings = make(map[string]uint32) + } else { + stb.strings = make(map[string]uint32, capacity) } - return stb + // Ensure that the empty string is at index 0. + stb.append("") + return &stb } // Add a string to the table. @@ -195,7 +187,6 @@ func (stb *stringTableBuilder) Lookup(str string) (uint32, error) { } return offset, nil - } // Length returns the length in bytes. @@ -203,19 +194,21 @@ func (stb *stringTableBuilder) Length() int { return int(stb.length) } -// Marshal a string table into its binary representation. -func (stb *stringTableBuilder) Marshal() []byte { - buf := make([]byte, stb.Length()) - stb.MarshalBuffer(buf) +// AppendEncoded appends the string table to the end of the provided buffer. +func (stb *stringTableBuilder) AppendEncoded(buf []byte) []byte { + n := len(buf) + buf = append(buf, make([]byte, stb.Length())...) + strings := buf[n:] + for str, offset := range stb.strings { + copy(strings[offset:], str) + } return buf } -// Marshal a string table into a pre-allocated buffer. -// -// The buffer must be at least of size Length(). -func (stb *stringTableBuilder) MarshalBuffer(buf []byte) { - for str, offset := range stb.strings { - n := copy(buf[offset:], str) - buf[offset+uint32(n)] = 0 +// Copy the string table builder. +func (stb *stringTableBuilder) Copy() *stringTableBuilder { + return &stringTableBuilder{ + stb.length, + maps.Clone(stb.strings), } } diff --git a/vendor/github.com/cilium/ebpf/btf/traversal.go b/vendor/github.com/cilium/ebpf/btf/traversal.go index fa42815f3a6..a3a9dec940a 100644 --- a/vendor/github.com/cilium/ebpf/btf/traversal.go +++ b/vendor/github.com/cilium/ebpf/btf/traversal.go @@ -15,7 +15,7 @@ type postorderIterator struct { // The root type. May be nil if skip(root) is true. root Type - // Contains types which need to be either walked or passed to the callback. + // Contains types which need to be either walked or yielded. types typeDeque // Contains a boolean whether the type has been walked or not. walked internal.Deque[bool] @@ -26,9 +26,8 @@ type postorderIterator struct { Type Type } -// postorderTraversal calls fn for all types reachable from root. -// -// fn is invoked on children of root before root itself. +// postorderTraversal iterates all types reachable from root by visiting the +// leaves of the graph first. // // Types for which skip returns true are ignored. skip may be nil. func postorderTraversal(root Type, skip func(Type) (skip bool)) postorderIterator { diff --git a/vendor/github.com/cilium/ebpf/btf/types.go b/vendor/github.com/cilium/ebpf/btf/types.go index e344bbdc30d..68d4a175716 100644 --- a/vendor/github.com/cilium/ebpf/btf/types.go +++ b/vendor/github.com/cilium/ebpf/btf/types.go @@ -1,6 +1,7 @@ package btf import ( + "errors" "fmt" "io" "math" @@ -9,14 +10,26 @@ import ( "github.com/cilium/ebpf/asm" "github.com/cilium/ebpf/internal" + "github.com/cilium/ebpf/internal/sys" ) const maxTypeDepth = 32 // TypeID identifies a type in a BTF section. -type TypeID uint32 +type TypeID = sys.TypeID // Type represents a type described by BTF. +// +// Identity of Type follows the [Go specification]: two Types are considered +// equal if they have the same concrete type and the same dynamic value, aka +// they point at the same location in memory. This means that the following +// Types are considered distinct even though they have the same "shape". +// +// a := &Int{Size: 1} +// b := &Int{Size: 1} +// a != b +// +// [Go specification]: https://go.dev/ref/spec#Comparison_operators type Type interface { // Type can be formatted using the %s and %v verbs. %s outputs only the // identity of the type, without any detail. %v outputs additional detail. @@ -55,18 +68,6 @@ var ( _ Type = (*cycle)(nil) ) -// types is a list of Type. -// -// The order determines the ID of a type. -type types []Type - -func (ts types) ByID(id TypeID) (Type, error) { - if int(id) > len(ts) { - return nil, fmt.Errorf("type ID %d: %w", id, ErrNotFound) - } - return ts[id], nil -} - // Void is the unit type of BTF. type Void struct{} @@ -218,6 +219,7 @@ func copyMembers(orig []Member) []Member { } type composite interface { + Type members() []Member } @@ -592,6 +594,8 @@ var ( _ qualifier = (*typeTag)(nil) ) +var errUnsizedType = errors.New("type is unsized") + // Sizeof returns the size of a type in bytes. // // Returns an error if the size can't be computed. @@ -626,7 +630,7 @@ func Sizeof(typ Type) (int, error) { continue default: - return 0, fmt.Errorf("unsized type %T", typ) + return 0, fmt.Errorf("type %T: %w", typ, errUnsizedType) } if n > 0 && elem > math.MaxInt64/n { @@ -646,16 +650,33 @@ func Sizeof(typ Type) (int, error) { // alignof returns the alignment of a type. // -// Currently only supports the subset of types necessary for bitfield relocations. +// Returns an error if the Type can't be aligned, like an integer with an uneven +// size. Currently only supports the subset of types necessary for bitfield +// relocations. func alignof(typ Type) (int, error) { + var n int + switch t := UnderlyingType(typ).(type) { case *Enum: - return int(t.size()), nil + n = int(t.size()) case *Int: - return int(t.Size), nil + n = int(t.Size) + case *Array: + return alignof(t.Type) default: return 0, fmt.Errorf("can't calculate alignment of %T", t) } + + if !pow(n) { + return 0, fmt.Errorf("alignment value %d is not a power of two", n) + } + + return n, nil +} + +// pow returns true if n is a power of two. +func pow(n int) bool { + return n != 0 && (n&(n-1)) == 0 } // Transformer modifies a given Type and returns the result. @@ -669,7 +690,7 @@ type Transformer func(Type) Type // typ may form a cycle. If transform is not nil, it is called with the // to be copied type, and the returned value is copied instead. func Copy(typ Type, transform Transformer) Type { - copies := make(copier) + copies := copier{copies: make(map[Type]Type)} copies.copy(&typ, transform) return typ } @@ -681,7 +702,7 @@ func copyTypes(types []Type, transform Transformer) []Type { result := make([]Type, len(types)) copy(result, types) - copies := make(copier) + copies := copier{copies: make(map[Type]Type, len(types))} for i := range result { copies.copy(&result[i], transform) } @@ -689,13 +710,15 @@ func copyTypes(types []Type, transform Transformer) []Type { return result } -type copier map[Type]Type +type copier struct { + copies map[Type]Type + work typeDeque +} -func (c copier) copy(typ *Type, transform Transformer) { - var work typeDeque - for t := typ; t != nil; t = work.Pop() { +func (c *copier) copy(typ *Type, transform Transformer) { + for t := typ; t != nil; t = c.work.Pop() { // *t is the identity of the type. - if cpy := c[*t]; cpy != nil { + if cpy := c.copies[*t]; cpy != nil { *t = cpy continue } @@ -707,11 +730,11 @@ func (c copier) copy(typ *Type, transform Transformer) { cpy = (*t).copy() } - c[*t] = cpy + c.copies[*t] = cpy *t = cpy // Mark any nested types for copying. - walkType(cpy, work.Push) + walkType(cpy, c.work.Push) } } @@ -720,23 +743,28 @@ type typeDeque = internal.Deque[*Type] // inflateRawTypes takes a list of raw btf types linked via type IDs, and turns // it into a graph of Types connected via pointers. // -// If baseTypes are provided, then the raw types are -// considered to be of a split BTF (e.g., a kernel module). +// If base is provided, then the raw types are considered to be of a split BTF +// (e.g., a kernel module). // -// Returns a slice of types indexed by TypeID. Since BTF ignores compilation +// Returns a slice of types indexed by TypeID. Since BTF ignores compilation // units, multiple types may share the same name. A Type may form a cyclic graph // by pointing at itself. -func inflateRawTypes(rawTypes []rawType, baseTypes types, rawStrings *stringTable) ([]Type, error) { +func inflateRawTypes(rawTypes []rawType, rawStrings *stringTable, base *Spec) ([]Type, error) { types := make([]Type, 0, len(rawTypes)+1) // +1 for Void added to base types - typeIDOffset := TypeID(1) // Void is TypeID(0), so the rest starts from TypeID(1) + // Void is defined to always be type ID 0, and is thus omitted from BTF. + types = append(types, (*Void)(nil)) - if baseTypes == nil { - // Void is defined to always be type ID 0, and is thus omitted from BTF. - types = append(types, (*Void)(nil)) - } else { - // For split BTF, the next ID is max base BTF type ID + 1 - typeIDOffset = TypeID(len(baseTypes)) + firstTypeID := TypeID(0) + if base != nil { + var err error + firstTypeID, err = base.nextTypeID() + if err != nil { + return nil, err + } + + // Split BTF doesn't contain Void. + types = types[:0] } type fixupDef struct { @@ -746,20 +774,20 @@ func inflateRawTypes(rawTypes []rawType, baseTypes types, rawStrings *stringTabl var fixups []fixupDef fixup := func(id TypeID, typ *Type) bool { - if id < TypeID(len(baseTypes)) { - *typ = baseTypes[id] - return true + if id < firstTypeID { + if baseType, err := base.TypeByID(id); err == nil { + *typ = baseType + return true + } } - idx := id - if baseTypes != nil { - idx = id - TypeID(len(baseTypes)) - } - if idx < TypeID(len(types)) { + idx := int(id - firstTypeID) + if idx < len(types) { // We've already inflated this type, fix it up immediately. *typ = types[idx] return true } + fixups = append(fixups, fixupDef{id, typ}) return false } @@ -849,12 +877,16 @@ func inflateRawTypes(rawTypes []rawType, baseTypes types, rawStrings *stringTabl } var declTags []*declTag - for i, raw := range rawTypes { + for _, raw := range rawTypes { var ( - id = typeIDOffset + TypeID(i) + id = firstTypeID + TypeID(len(types)) typ Type ) + if id < firstTypeID { + return nil, fmt.Errorf("no more type IDs") + } + name, err := rawStrings.Lookup(raw.NameOff) if err != nil { return nil, fmt.Errorf("get name for type id %d: %w", id, err) @@ -1024,19 +1056,20 @@ func inflateRawTypes(rawTypes []rawType, baseTypes types, rawStrings *stringTabl } for _, fixup := range fixups { - i := int(fixup.id) - if i >= len(types)+len(baseTypes) { - return nil, fmt.Errorf("reference to invalid type id: %d", fixup.id) + if fixup.id < firstTypeID { + return nil, fmt.Errorf("fixup for base type id %d is not expected", fixup.id) } - if i < len(baseTypes) { - return nil, fmt.Errorf("fixup for base type id %d is not expected", i) + + idx := int(fixup.id - firstTypeID) + if idx >= len(types) { + return nil, fmt.Errorf("reference to invalid type id: %d", fixup.id) } - *fixup.typ = types[i-len(baseTypes)] + *fixup.typ = types[idx] } for _, bitfieldFixup := range bitfieldFixups { - if bitfieldFixup.id < TypeID(len(baseTypes)) { + if bitfieldFixup.id < firstTypeID { return nil, fmt.Errorf("bitfield fixup from split to base types is not expected") } @@ -1116,6 +1149,29 @@ func UnderlyingType(typ Type) Type { return &cycle{typ} } +// as returns typ if is of type T. Otherwise it peels qualifiers and Typedefs +// until it finds a T. +// +// Returns the zero value and false if there is no T or if the type is nested +// too deeply. +func as[T Type](typ Type) (T, bool) { + for depth := 0; depth <= maxTypeDepth; depth++ { + switch v := (typ).(type) { + case T: + return v, true + case qualifier: + typ = v.qualify() + case *Typedef: + typ = v.Type + default: + goto notFound + } + } +notFound: + var zero T + return zero, false +} + type formatState struct { fmt.State depth int @@ -1138,10 +1194,7 @@ func formatType(f fmt.State, verb rune, t formattableType, extra ...interface{}) return } - // This is the same as %T, but elides the package name. Assumes that - // formattableType is implemented by a pointer receiver. - goTypeName := reflect.TypeOf(t).Elem().Name() - _, _ = io.WriteString(f, goTypeName) + _, _ = io.WriteString(f, internal.GoTypeName(t)) if name := t.TypeName(); name != "" { // Output BTF type name if present. diff --git a/vendor/github.com/cilium/ebpf/btf/workarounds.go b/vendor/github.com/cilium/ebpf/btf/workarounds.go new file mode 100644 index 00000000000..12a89b87eed --- /dev/null +++ b/vendor/github.com/cilium/ebpf/btf/workarounds.go @@ -0,0 +1,26 @@ +package btf + +// datasecResolveWorkaround ensures that certain vars in a Datasec are added +// to a Spec before the Datasec. This avoids a bug in kernel BTF validation. +// +// See https://lore.kernel.org/bpf/20230302123440.1193507-1-lmb@isovalent.com/ +func datasecResolveWorkaround(b *Builder, ds *Datasec) error { + for _, vsi := range ds.Vars { + v, ok := vsi.Type.(*Var) + if !ok { + continue + } + + switch v.Type.(type) { + case *Typedef, *Volatile, *Const, *Restrict, *typeTag: + // NB: We must never call Add on a Datasec, otherwise we risk + // infinite recursion. + _, err := b.Add(v.Type) + if err != nil { + return err + } + } + } + + return nil +} diff --git a/vendor/github.com/cilium/ebpf/collection.go b/vendor/github.com/cilium/ebpf/collection.go index 729e5e9d702..fb720bebdb7 100644 --- a/vendor/github.com/cilium/ebpf/collection.go +++ b/vendor/github.com/cilium/ebpf/collection.go @@ -9,6 +9,8 @@ import ( "github.com/cilium/ebpf/asm" "github.com/cilium/ebpf/btf" + "github.com/cilium/ebpf/internal" + "github.com/cilium/ebpf/internal/kconfig" ) // CollectionOptions control loading a collection into the kernel. @@ -107,6 +109,16 @@ func (cs *CollectionSpec) RewriteMaps(maps map[string]*Map) error { return nil } +// MissingConstantsError is returned by [CollectionSpec.RewriteConstants]. +type MissingConstantsError struct { + // The constants missing from .rodata. + Constants []string +} + +func (m *MissingConstantsError) Error() string { + return fmt.Sprintf("some constants are missing from .rodata: %s", strings.Join(m.Constants, ", ")) +} + // RewriteConstants replaces the value of multiple constants. // // The constant must be defined like so in the C program: @@ -120,7 +132,7 @@ func (cs *CollectionSpec) RewriteMaps(maps map[string]*Map) error { // // From Linux 5.5 the verifier will use constants to eliminate dead code. // -// Returns an error if a constant doesn't exist. +// Returns an error wrapping [MissingConstantsError] if a constant doesn't exist. func (cs *CollectionSpec) RewriteConstants(consts map[string]interface{}) error { replaced := make(map[string]bool) @@ -184,7 +196,7 @@ func (cs *CollectionSpec) RewriteConstants(consts map[string]interface{}) error } if len(missing) != 0 { - return fmt.Errorf("spec is missing one or more constants: %s", strings.Join(missing, ",")) + return fmt.Errorf("rewrite constants: %w", &MissingConstantsError{Constants: missing}) } return nil @@ -565,6 +577,95 @@ func (cl *collectionLoader) populateMaps() error { return nil } +// resolveKconfig resolves all variables declared in .kconfig and populates +// m.Contents. Does nothing if the given m.Contents is non-empty. +func resolveKconfig(m *MapSpec) error { + ds, ok := m.Value.(*btf.Datasec) + if !ok { + return errors.New("map value is not a Datasec") + } + + type configInfo struct { + offset uint32 + typ btf.Type + } + + configs := make(map[string]configInfo) + + data := make([]byte, ds.Size) + for _, vsi := range ds.Vars { + v := vsi.Type.(*btf.Var) + n := v.TypeName() + + switch n { + case "LINUX_KERNEL_VERSION": + if integer, ok := v.Type.(*btf.Int); !ok || integer.Size != 4 { + return fmt.Errorf("variable %s must be a 32 bits integer, got %s", n, v.Type) + } + + kv, err := internal.KernelVersion() + if err != nil { + return fmt.Errorf("getting kernel version: %w", err) + } + internal.NativeEndian.PutUint32(data[vsi.Offset:], kv.Kernel()) + + case "LINUX_HAS_SYSCALL_WRAPPER": + if integer, ok := v.Type.(*btf.Int); !ok || integer.Size != 4 { + return fmt.Errorf("variable %s must be a 32 bits integer, got %s", n, v.Type) + } + var value uint32 = 1 + if err := haveSyscallWrapper(); errors.Is(err, ErrNotSupported) { + value = 0 + } else if err != nil { + return fmt.Errorf("unable to derive a value for LINUX_HAS_SYSCALL_WRAPPER: %w", err) + } + + internal.NativeEndian.PutUint32(data[vsi.Offset:], value) + + default: // Catch CONFIG_*. + configs[n] = configInfo{ + offset: vsi.Offset, + typ: v.Type, + } + } + } + + // We only parse kconfig file if a CONFIG_* variable was found. + if len(configs) > 0 { + f, err := kconfig.Find() + if err != nil { + return fmt.Errorf("cannot find a kconfig file: %w", err) + } + defer f.Close() + + filter := make(map[string]struct{}, len(configs)) + for config := range configs { + filter[config] = struct{}{} + } + + kernelConfig, err := kconfig.Parse(f, filter) + if err != nil { + return fmt.Errorf("cannot parse kconfig file: %w", err) + } + + for n, info := range configs { + value, ok := kernelConfig[n] + if !ok { + return fmt.Errorf("config option %q does not exists for this kernel", n) + } + + err := kconfig.PutValue(data[info.offset:], info.typ, value) + if err != nil { + return fmt.Errorf("problem adding value for %s: %w", n, err) + } + } + } + + m.Contents = []MapKV{{uint32(0), data}} + + return nil +} + // LoadCollection reads an object file and creates and loads its declared // resources into the kernel. // diff --git a/vendor/github.com/cilium/ebpf/elf_reader.go b/vendor/github.com/cilium/ebpf/elf_reader.go index 9dc87787edc..8d92672eb14 100644 --- a/vendor/github.com/cilium/ebpf/elf_reader.go +++ b/vendor/github.com/cilium/ebpf/elf_reader.go @@ -18,6 +18,15 @@ import ( "github.com/cilium/ebpf/internal/unix" ) +type kconfigMetaKey struct{} + +type kconfigMeta struct { + Map *MapSpec + Offset uint32 +} + +type kfuncMeta struct{} + // elfCode is a convenience to reduce the amount of arguments that have to // be passed around explicitly. You should treat its contents as immutable. type elfCode struct { @@ -27,6 +36,9 @@ type elfCode struct { version uint32 btf *btf.Spec extInfo *btf.ExtInfos + maps map[string]*MapSpec + kfuncs map[string]*btf.Func + kconfig *MapSpec } // LoadCollectionSpec parses an ELF file into a CollectionSpec. @@ -113,6 +125,8 @@ func LoadCollectionSpecFromReader(rd io.ReaderAt) (*CollectionSpec, error) { version: version, btf: btfSpec, extInfo: btfExtInfo, + maps: make(map[string]*MapSpec), + kfuncs: make(map[string]*btf.Func), } symbols, err := f.Symbols() @@ -126,27 +140,33 @@ func LoadCollectionSpecFromReader(rd io.ReaderAt) (*CollectionSpec, error) { return nil, fmt.Errorf("load relocations: %w", err) } - // Collect all the various ways to define maps. - maps := make(map[string]*MapSpec) - if err := ec.loadMaps(maps); err != nil { + if err := ec.loadMaps(); err != nil { return nil, fmt.Errorf("load maps: %w", err) } - if err := ec.loadBTFMaps(maps); err != nil { + if err := ec.loadBTFMaps(); err != nil { return nil, fmt.Errorf("load BTF maps: %w", err) } - if err := ec.loadDataSections(maps); err != nil { + if err := ec.loadDataSections(); err != nil { return nil, fmt.Errorf("load data sections: %w", err) } + if err := ec.loadKconfigSection(); err != nil { + return nil, fmt.Errorf("load virtual .kconfig section: %w", err) + } + + if err := ec.loadKsymsSection(); err != nil { + return nil, fmt.Errorf("load virtual .ksyms section: %w", err) + } + // Finally, collect programs and link them. progs, err := ec.loadProgramSections() if err != nil { return nil, fmt.Errorf("load programs: %w", err) } - return &CollectionSpec{maps, progs, btfSpec, ec.ByteOrder}, nil + return &CollectionSpec{ec.maps, progs, btfSpec, ec.ByteOrder}, nil } func loadLicense(sec *elf.Section) (string, error) { @@ -566,6 +586,10 @@ func (ec *elfCode) relocateInstruction(ins *asm.Instruction, rel elf.Symbol) err return fmt.Errorf("neither a call nor a load instruction: %v", ins) } + // The Undefined section is used for 'virtual' symbols that aren't backed by + // an ELF section. This includes symbol references from inline asm, forward + // function declarations, as well as extern kfunc declarations using __ksym + // and extern kconfig variables declared using __kconfig. case undefSection: if bind != elf.STB_GLOBAL { return fmt.Errorf("asm relocation: %s: unsupported binding: %s", name, bind) @@ -575,7 +599,36 @@ func (ec *elfCode) relocateInstruction(ins *asm.Instruction, rel elf.Symbol) err return fmt.Errorf("asm relocation: %s: unsupported type %s", name, typ) } - // There is nothing to do here but set ins.Reference. + kf := ec.kfuncs[name] + switch { + // If a Call instruction is found and the datasec has a btf.Func with a Name + // that matches the symbol name we mark the instruction as a call to a kfunc. + case kf != nil && ins.OpCode.JumpOp() == asm.Call: + ins.Metadata.Set(kfuncMeta{}, kf) + ins.Src = asm.PseudoKfuncCall + ins.Constant = -1 + + // If no kconfig map is found, this must be a symbol reference from inline + // asm (see testdata/loader.c:asm_relocation()) or a call to a forward + // function declaration (see testdata/fwd_decl.c). Don't interfere, These + // remain standard symbol references. + // extern __kconfig reads are represented as dword loads that need to be + // rewritten to pseudo map loads from .kconfig. If the map is present, + // require it to contain the symbol to disambiguate between inline asm + // relos and kconfigs. + case ec.kconfig != nil && ins.OpCode.IsDWordLoad(): + for _, vsi := range ec.kconfig.Value.(*btf.Datasec).Vars { + if vsi.Type.(*btf.Var).Name != rel.Name { + continue + } + + ins.Src = asm.PseudoMapValue + ins.Metadata.Set(kconfigMetaKey{}, &kconfigMeta{ec.kconfig, vsi.Offset}) + return nil + } + + return fmt.Errorf("kconfig %s not found in .kconfig", rel.Name) + } default: return fmt.Errorf("relocation to %q: %w", target.Name, ErrNotSupported) @@ -585,7 +638,7 @@ func (ec *elfCode) relocateInstruction(ins *asm.Instruction, rel elf.Symbol) err return nil } -func (ec *elfCode) loadMaps(maps map[string]*MapSpec) error { +func (ec *elfCode) loadMaps() error { for _, sec := range ec.sections { if sec.kind != mapSection { continue @@ -611,7 +664,7 @@ func (ec *elfCode) loadMaps(maps map[string]*MapSpec) error { } mapName := mapSym.Name - if maps[mapName] != nil { + if ec.maps[mapName] != nil { return fmt.Errorf("section %v: map %v already exists", sec.Name, mapSym) } @@ -645,7 +698,7 @@ func (ec *elfCode) loadMaps(maps map[string]*MapSpec) error { return fmt.Errorf("map %s: %w", mapName, err) } - maps[mapName] = &spec + ec.maps[mapName] = &spec } } @@ -655,7 +708,7 @@ func (ec *elfCode) loadMaps(maps map[string]*MapSpec) error { // loadBTFMaps iterates over all ELF sections marked as BTF map sections // (like .maps) and parses them into MapSpecs. Dump the .maps section and // any relocations with `readelf -x .maps -r `. -func (ec *elfCode) loadBTFMaps(maps map[string]*MapSpec) error { +func (ec *elfCode) loadBTFMaps() error { for _, sec := range ec.sections { if sec.kind != btfMapSection { continue @@ -694,7 +747,7 @@ func (ec *elfCode) loadBTFMaps(maps map[string]*MapSpec) error { return fmt.Errorf("section %v: map %s: initializing BTF map definitions: %w", sec.Name, name, internal.ErrNotSupported) } - if maps[name] != nil { + if ec.maps[name] != nil { return fmt.Errorf("section %v: map %s already exists", sec.Name, name) } @@ -713,7 +766,7 @@ func (ec *elfCode) loadBTFMaps(maps map[string]*MapSpec) error { return fmt.Errorf("map %v: %w", name, err) } - maps[name] = mapSpec + ec.maps[name] = mapSpec } // Drain the ELF section reader to make sure all bytes are accounted for @@ -1001,14 +1054,14 @@ func resolveBTFValuesContents(es *elfSection, vs *btf.VarSecinfo, member btf.Mem case elf.STT_OBJECT: contents = append(contents, MapKV{uint32(k), r.Name}) default: - return nil, fmt.Errorf("unknown relocation type %v", t) + return nil, fmt.Errorf("unknown relocation type %v for symbol %s", t, r.Name) } } return contents, nil } -func (ec *elfCode) loadDataSections(maps map[string]*MapSpec) error { +func (ec *elfCode) loadDataSections() error { for _, sec := range ec.sections { if sec.kind != dataSection { continue @@ -1065,8 +1118,68 @@ func (ec *elfCode) loadDataSections(maps map[string]*MapSpec) error { mapSpec.Freeze = true } - maps[sec.Name] = mapSpec + ec.maps[sec.Name] = mapSpec } + + return nil +} + +// loadKconfigSection handles the 'virtual' Datasec .kconfig that doesn't +// have a corresponding ELF section and exist purely in BTF. +func (ec *elfCode) loadKconfigSection() error { + if ec.btf == nil { + return nil + } + + var ds *btf.Datasec + err := ec.btf.TypeByName(".kconfig", &ds) + if errors.Is(err, btf.ErrNotFound) { + return nil + } + if err != nil { + return err + } + + if ds.Size == 0 { + return errors.New("zero-length .kconfig") + } + + ec.kconfig = &MapSpec{ + Name: ".kconfig", + Type: Array, + KeySize: uint32(4), + ValueSize: ds.Size, + MaxEntries: 1, + Flags: unix.BPF_F_RDONLY_PROG | unix.BPF_F_MMAPABLE, + Freeze: true, + Key: &btf.Int{Size: 4}, + Value: ds, + } + + return nil +} + +// loadKsymsSection handles the 'virtual' Datasec .ksyms that doesn't +// have a corresponding ELF section and exist purely in BTF. +func (ec *elfCode) loadKsymsSection() error { + if ec.btf == nil { + return nil + } + + var ds *btf.Datasec + err := ec.btf.TypeByName(".ksyms", &ds) + if errors.Is(err, btf.ErrNotFound) { + return nil + } + if err != nil { + return err + } + + for _, v := range ds.Vars { + // we have already checked the .ksyms Datasec to only contain Func Vars. + ec.kfuncs[v.Type.TypeName()] = v.Type.(*btf.Func) + } + return nil } @@ -1108,8 +1221,11 @@ func getProgType(sectionName string) (ProgramType, AttachType, uint32, string) { {"iter/", Tracing, AttachTraceIter, 0}, {"iter.s/", Tracing, AttachTraceIter, unix.BPF_F_SLEEPABLE}, {"syscall", Syscall, AttachNone, 0}, + {"xdp.frags_devmap/", XDP, AttachXDPDevMap, unix.BPF_F_XDP_HAS_FRAGS}, {"xdp_devmap/", XDP, AttachXDPDevMap, 0}, + {"xdp.frags_cpumap/", XDP, AttachXDPCPUMap, unix.BPF_F_XDP_HAS_FRAGS}, {"xdp_cpumap/", XDP, AttachXDPCPUMap, 0}, + {"xdp.frags", XDP, AttachNone, unix.BPF_F_XDP_HAS_FRAGS}, {"xdp", XDP, AttachNone, 0}, {"perf_event", PerfEvent, AttachNone, 0}, {"lwt_in", LWTIn, AttachNone, 0}, diff --git a/vendor/github.com/cilium/ebpf/info.go b/vendor/github.com/cilium/ebpf/info.go index 8f42173a3e7..a02e8a41618 100644 --- a/vendor/github.com/cilium/ebpf/info.go +++ b/vendor/github.com/cilium/ebpf/info.go @@ -94,8 +94,10 @@ type ProgramInfo struct { // Name as supplied by user space at load time. Available from 4.15. Name string - btf btf.ID - stats *programStats + createdByUID uint32 + haveCreatedByUID bool + btf btf.ID + stats *programStats maps []MapID insns []byte @@ -130,6 +132,18 @@ func newProgramInfoFromFd(fd *sys.FD) (*ProgramInfo, error) { pi.maps = make([]MapID, info.NrMapIds) info2.NrMapIds = info.NrMapIds info2.MapIds = sys.NewPointer(unsafe.Pointer(&pi.maps[0])) + } else if haveProgramInfoMapIDs() == nil { + // This program really has no associated maps. + pi.maps = make([]MapID, 0) + } else { + // The kernel doesn't report associated maps. + pi.maps = nil + } + + // createdByUID and NrMapIds were introduced in the same kernel version. + if pi.maps != nil { + pi.createdByUID = info.CreatedByUid + pi.haveCreatedByUID = true } if info.XlatedProgLen > 0 { @@ -175,6 +189,15 @@ func (pi *ProgramInfo) ID() (ProgramID, bool) { return pi.id, pi.id > 0 } +// CreatedByUID returns the Uid that created the program. +// +// Available from 4.15. +// +// The bool return value indicates whether this optional field is available. +func (pi *ProgramInfo) CreatedByUID() (uint32, bool) { + return pi.createdByUID, pi.haveCreatedByUID +} + // BTFID returns the BTF ID associated with the program. // // The ID is only valid as long as the associated program is kept alive. @@ -321,3 +344,30 @@ func EnableStats(which uint32) (io.Closer, error) { } return fd, nil } + +var haveProgramInfoMapIDs = internal.NewFeatureTest("map IDs in program info", "4.15", func() error { + prog, err := progLoad(asm.Instructions{ + asm.LoadImm(asm.R0, 0, asm.DWord), + asm.Return(), + }, SocketFilter, "MIT") + if err != nil { + return err + } + defer prog.Close() + + err = sys.ObjInfo(prog, &sys.ProgInfo{ + // NB: Don't need to allocate MapIds since the program isn't using + // any maps. + NrMapIds: 1, + }) + if errors.Is(err, unix.EINVAL) { + // Most likely the syscall doesn't exist. + return internal.ErrNotSupported + } + if errors.Is(err, unix.E2BIG) { + // We've hit check_uarg_tail_zero on older kernels. + return internal.ErrNotSupported + } + + return err +}) diff --git a/vendor/github.com/cilium/ebpf/internal/align.go b/vendor/github.com/cilium/ebpf/internal/align.go index 8b4f2658eac..edc898fa968 100644 --- a/vendor/github.com/cilium/ebpf/internal/align.go +++ b/vendor/github.com/cilium/ebpf/internal/align.go @@ -1,6 +1,8 @@ package internal +import "golang.org/x/exp/constraints" + // Align returns 'n' updated to 'alignment' boundary. -func Align(n, alignment int) int { - return (int(n) + alignment - 1) / alignment * alignment +func Align[I constraints.Integer](n, alignment I) I { + return (n + alignment - 1) / alignment * alignment } diff --git a/vendor/github.com/cilium/ebpf/internal/buffer.go b/vendor/github.com/cilium/ebpf/internal/buffer.go new file mode 100644 index 00000000000..81c6544330f --- /dev/null +++ b/vendor/github.com/cilium/ebpf/internal/buffer.go @@ -0,0 +1,31 @@ +package internal + +import ( + "bytes" + "sync" +) + +var bytesBufferPool = sync.Pool{ + New: func() interface{} { + return new(bytes.Buffer) + }, +} + +// NewBuffer retrieves a [bytes.Buffer] from a pool an re-initialises it. +// +// The returned buffer should be passed to [PutBuffer]. +func NewBuffer(buf []byte) *bytes.Buffer { + wr := bytesBufferPool.Get().(*bytes.Buffer) + // Reinitialize the Buffer with a new backing slice since it is returned to + // the caller by wr.Bytes() below. Pooling is faster despite calling + // NewBuffer. The pooled alloc is still reused, it only needs to be zeroed. + *wr = *bytes.NewBuffer(buf) + return wr +} + +// PutBuffer releases a buffer to the pool. +func PutBuffer(buf *bytes.Buffer) { + // Release reference to the backing buffer. + *buf = *bytes.NewBuffer(nil) + bytesBufferPool.Put(buf) +} diff --git a/vendor/github.com/cilium/ebpf/internal/cpu.go b/vendor/github.com/cilium/ebpf/internal/cpu.go index 3affa1efb9d..9e908b610b5 100644 --- a/vendor/github.com/cilium/ebpf/internal/cpu.go +++ b/vendor/github.com/cilium/ebpf/internal/cpu.go @@ -4,24 +4,13 @@ import ( "fmt" "os" "strings" - "sync" ) -var sysCPU struct { - once sync.Once - err error - num int -} - // PossibleCPUs returns the max number of CPUs a system may possibly have // Logical CPU numbers must be of the form 0-n -func PossibleCPUs() (int, error) { - sysCPU.once.Do(func() { - sysCPU.num, sysCPU.err = parseCPUsFromFile("/sys/devices/system/cpu/possible") - }) - - return sysCPU.num, sysCPU.err -} +var PossibleCPUs = Memoize(func() (int, error) { + return parseCPUsFromFile("/sys/devices/system/cpu/possible") +}) func parseCPUsFromFile(path string) (int, error) { spec, err := os.ReadFile(path) diff --git a/vendor/github.com/cilium/ebpf/internal/deque.go b/vendor/github.com/cilium/ebpf/internal/deque.go index 05be23e61c6..e3a30502159 100644 --- a/vendor/github.com/cilium/ebpf/internal/deque.go +++ b/vendor/github.com/cilium/ebpf/internal/deque.go @@ -24,24 +24,11 @@ func (dq *Deque[T]) Empty() bool { return dq.read == dq.write } -func (dq *Deque[T]) remainingCap() int { - return len(dq.elems) - int(dq.write-dq.read) -} - // Push adds an element to the end. func (dq *Deque[T]) Push(e T) { - if dq.remainingCap() >= 1 { - dq.elems[dq.write&dq.mask] = e - dq.write++ - return - } - - elems := dq.linearise(1) - elems = append(elems, e) - - dq.elems = elems[:cap(elems)] - dq.mask = uint64(cap(elems)) - 1 - dq.read, dq.write = 0, uint64(len(elems)) + dq.Grow(1) + dq.elems[dq.write&dq.mask] = e + dq.write++ } // Shift returns the first element or the zero value. @@ -74,16 +61,17 @@ func (dq *Deque[T]) Pop() T { return t } -// linearise the contents of the deque. -// -// The returned slice has space for at least n more elements and has power -// of two capacity. -func (dq *Deque[T]) linearise(n int) []T { - length := dq.write - dq.read - need := length + uint64(n) - if need < length { +// Grow the deque's capacity, if necessary, to guarantee space for another n +// elements. +func (dq *Deque[T]) Grow(n int) { + have := dq.write - dq.read + need := have + uint64(n) + if need < have { panic("overflow") } + if uint64(len(dq.elems)) >= need { + return + } // Round up to the new power of two which is at least 8. // See https://jameshfisher.com/2018/03/30/round-up-power-2/ @@ -92,9 +80,12 @@ func (dq *Deque[T]) linearise(n int) []T { capacity = 8 } - types := make([]T, length, capacity) + elems := make([]T, have, capacity) pivot := dq.read & dq.mask - copied := copy(types, dq.elems[pivot:]) - copy(types[copied:], dq.elems[:pivot]) - return types + copied := copy(elems, dq.elems[pivot:]) + copy(elems[copied:], dq.elems[:pivot]) + + dq.elems = elems[:capacity] + dq.mask = uint64(capacity) - 1 + dq.read, dq.write = 0, have } diff --git a/vendor/github.com/cilium/ebpf/internal/endian_be.go b/vendor/github.com/cilium/ebpf/internal/endian_be.go index ad33cda8511..96a2ac0de22 100644 --- a/vendor/github.com/cilium/ebpf/internal/endian_be.go +++ b/vendor/github.com/cilium/ebpf/internal/endian_be.go @@ -1,5 +1,4 @@ //go:build armbe || arm64be || mips || mips64 || mips64p32 || ppc64 || s390 || s390x || sparc || sparc64 -// +build armbe arm64be mips mips64 mips64p32 ppc64 s390 s390x sparc sparc64 package internal diff --git a/vendor/github.com/cilium/ebpf/internal/endian_le.go b/vendor/github.com/cilium/ebpf/internal/endian_le.go index 41a68224c83..fde4c55a6f5 100644 --- a/vendor/github.com/cilium/ebpf/internal/endian_le.go +++ b/vendor/github.com/cilium/ebpf/internal/endian_le.go @@ -1,5 +1,4 @@ -//go:build 386 || amd64 || amd64p32 || arm || arm64 || mipsle || mips64le || mips64p32le || ppc64le || riscv64 -// +build 386 amd64 amd64p32 arm arm64 mipsle mips64le mips64p32le ppc64le riscv64 +//go:build 386 || amd64 || amd64p32 || arm || arm64 || loong64 || mipsle || mips64le || mips64p32le || ppc64le || riscv64 package internal diff --git a/vendor/github.com/cilium/ebpf/internal/io.go b/vendor/github.com/cilium/ebpf/internal/io.go index 30b6641f076..1eaf4775ad7 100644 --- a/vendor/github.com/cilium/ebpf/internal/io.go +++ b/vendor/github.com/cilium/ebpf/internal/io.go @@ -2,10 +2,14 @@ package internal import ( "bufio" + "bytes" "compress/gzip" "errors" + "fmt" "io" "os" + "path/filepath" + "sync" ) // NewBufferedSectionReader wraps an io.ReaderAt in an appropriately-sized @@ -60,3 +64,65 @@ func ReadAllCompressed(file string) ([]byte, error) { return io.ReadAll(gz) } + +// ReadUint64FromFile reads a uint64 from a file. +// +// format specifies the contents of the file in fmt.Scanf syntax. +func ReadUint64FromFile(format string, path ...string) (uint64, error) { + filename := filepath.Join(path...) + data, err := os.ReadFile(filename) + if err != nil { + return 0, fmt.Errorf("reading file %q: %w", filename, err) + } + + var value uint64 + n, err := fmt.Fscanf(bytes.NewReader(data), format, &value) + if err != nil { + return 0, fmt.Errorf("parsing file %q: %w", filename, err) + } + if n != 1 { + return 0, fmt.Errorf("parsing file %q: expected 1 item, got %d", filename, n) + } + + return value, nil +} + +type uint64FromFileKey struct { + format, path string +} + +var uint64FromFileCache = struct { + sync.RWMutex + values map[uint64FromFileKey]uint64 +}{ + values: map[uint64FromFileKey]uint64{}, +} + +// ReadUint64FromFileOnce is like readUint64FromFile but memoizes the result. +func ReadUint64FromFileOnce(format string, path ...string) (uint64, error) { + filename := filepath.Join(path...) + key := uint64FromFileKey{format, filename} + + uint64FromFileCache.RLock() + if value, ok := uint64FromFileCache.values[key]; ok { + uint64FromFileCache.RUnlock() + return value, nil + } + uint64FromFileCache.RUnlock() + + value, err := ReadUint64FromFile(format, filename) + if err != nil { + return 0, err + } + + uint64FromFileCache.Lock() + defer uint64FromFileCache.Unlock() + + if value, ok := uint64FromFileCache.values[key]; ok { + // Someone else got here before us, use what is cached. + return value, nil + } + + uint64FromFileCache.values[key] = value + return value, nil +} diff --git a/vendor/github.com/cilium/ebpf/internal/kconfig/kconfig.go b/vendor/github.com/cilium/ebpf/internal/kconfig/kconfig.go new file mode 100644 index 00000000000..d95e7eb0e5d --- /dev/null +++ b/vendor/github.com/cilium/ebpf/internal/kconfig/kconfig.go @@ -0,0 +1,267 @@ +package kconfig + +import ( + "bufio" + "bytes" + "compress/gzip" + "fmt" + "io" + "math" + "os" + "strconv" + "strings" + + "github.com/cilium/ebpf/btf" + "github.com/cilium/ebpf/internal" +) + +// Find find a kconfig file on the host. +// It first reads from /boot/config- of the current running kernel and tries +// /proc/config.gz if nothing was found in /boot. +// If none of the file provide a kconfig, it returns an error. +func Find() (*os.File, error) { + kernelRelease, err := internal.KernelRelease() + if err != nil { + return nil, fmt.Errorf("cannot get kernel release: %w", err) + } + + path := "/boot/config-" + kernelRelease + f, err := os.Open(path) + if err == nil { + return f, nil + } + + f, err = os.Open("/proc/config.gz") + if err == nil { + return f, nil + } + + return nil, fmt.Errorf("neither %s nor /proc/config.gz provide a kconfig", path) +} + +// Parse parses the kconfig file for which a reader is given. +// All the CONFIG_* which are in filter and which are set set will be +// put in the returned map as key with their corresponding value as map value. +// If filter is nil, no filtering will occur. +// If the kconfig file is not valid, error will be returned. +func Parse(source io.ReaderAt, filter map[string]struct{}) (map[string]string, error) { + var r io.Reader + zr, err := gzip.NewReader(io.NewSectionReader(source, 0, math.MaxInt64)) + if err != nil { + r = io.NewSectionReader(source, 0, math.MaxInt64) + } else { + // Source is gzip compressed, transparently decompress. + r = zr + } + + ret := make(map[string]string, len(filter)) + + s := bufio.NewScanner(r) + + for s.Scan() { + line := s.Bytes() + err = processKconfigLine(line, ret, filter) + if err != nil { + return nil, fmt.Errorf("cannot parse line: %w", err) + } + + if filter != nil && len(ret) == len(filter) { + break + } + } + + if err := s.Err(); err != nil { + return nil, fmt.Errorf("cannot parse: %w", err) + } + + if zr != nil { + return ret, zr.Close() + } + + return ret, nil +} + +// Golang translation of libbpf bpf_object__process_kconfig_line(): +// https://github.com/libbpf/libbpf/blob/fbd60dbff51c870f5e80a17c4f2fd639eb80af90/src/libbpf.c#L1874 +// It does the same checks but does not put the data inside the BPF map. +func processKconfigLine(line []byte, m map[string]string, filter map[string]struct{}) error { + // Ignore empty lines and "# CONFIG_* is not set". + if !bytes.HasPrefix(line, []byte("CONFIG_")) { + return nil + } + + key, value, found := bytes.Cut(line, []byte{'='}) + if !found { + return fmt.Errorf("line %q does not contain separator '='", line) + } + + if len(value) == 0 { + return fmt.Errorf("line %q has no value", line) + } + + if filter != nil { + // NB: map[string(key)] gets special optimisation help from the compiler + // and doesn't allocate. Don't turn this into a variable. + _, ok := filter[string(key)] + if !ok { + return nil + } + } + + // This can seem odd, but libbpf only sets the value the first time the key is + // met: + // https://github.com/torvalds/linux/blob/0d85b27b0cc6/tools/lib/bpf/libbpf.c#L1906-L1908 + _, ok := m[string(key)] + if !ok { + m[string(key)] = string(value) + } + + return nil +} + +// PutValue translates the value given as parameter depending on the BTF +// type, the translated value is then written to the byte array. +func PutValue(data []byte, typ btf.Type, value string) error { + typ = btf.UnderlyingType(typ) + + switch value { + case "y", "n", "m": + return putValueTri(data, typ, value) + default: + if strings.HasPrefix(value, `"`) { + return putValueString(data, typ, value) + } + return putValueNumber(data, typ, value) + } +} + +// Golang translation of libbpf_tristate enum: +// https://github.com/libbpf/libbpf/blob/fbd60dbff51c870f5e80a17c4f2fd639eb80af90/src/bpf_helpers.h#L169 +type triState int + +const ( + TriNo triState = 0 + TriYes triState = 1 + TriModule triState = 2 +) + +func putValueTri(data []byte, typ btf.Type, value string) error { + switch v := typ.(type) { + case *btf.Int: + if v.Encoding != btf.Bool { + return fmt.Errorf("cannot add tri value, expected btf.Bool, got: %v", v.Encoding) + } + + if v.Size != 1 { + return fmt.Errorf("cannot add tri value, expected size of 1 byte, got: %d", v.Size) + } + + switch value { + case "y": + data[0] = 1 + case "n": + data[0] = 0 + default: + return fmt.Errorf("cannot use %q for btf.Bool", value) + } + case *btf.Enum: + if v.Name != "libbpf_tristate" { + return fmt.Errorf("cannot use enum %q, only libbpf_tristate is supported", v.Name) + } + + var tri triState + switch value { + case "y": + tri = TriYes + case "m": + tri = TriModule + case "n": + tri = TriNo + default: + return fmt.Errorf("value %q is not support for libbpf_tristate", value) + } + + internal.NativeEndian.PutUint64(data, uint64(tri)) + default: + return fmt.Errorf("cannot add number value, expected btf.Int or btf.Enum, got: %T", v) + } + + return nil +} + +func putValueString(data []byte, typ btf.Type, value string) error { + array, ok := typ.(*btf.Array) + if !ok { + return fmt.Errorf("cannot add string value, expected btf.Array, got %T", array) + } + + contentType, ok := btf.UnderlyingType(array.Type).(*btf.Int) + if !ok { + return fmt.Errorf("cannot add string value, expected array of btf.Int, got %T", contentType) + } + + // Any Int, which is not bool, of one byte could be used to store char: + // https://github.com/torvalds/linux/blob/1a5304fecee5/tools/lib/bpf/libbpf.c#L3637-L3638 + if contentType.Size != 1 && contentType.Encoding != btf.Bool { + return fmt.Errorf("cannot add string value, expected array of btf.Int of size 1, got array of btf.Int of size: %v", contentType.Size) + } + + if !strings.HasPrefix(value, `"`) || !strings.HasSuffix(value, `"`) { + return fmt.Errorf(`value %q must start and finish with '"'`, value) + } + + str := strings.Trim(value, `"`) + + // We need to trim string if the bpf array is smaller. + if uint32(len(str)) >= array.Nelems { + str = str[:array.Nelems] + } + + // Write the string content to .kconfig. + copy(data, str) + + return nil +} + +func putValueNumber(data []byte, typ btf.Type, value string) error { + integer, ok := typ.(*btf.Int) + if !ok { + return fmt.Errorf("cannot add number value, expected *btf.Int, got: %T", integer) + } + + size := integer.Size + sizeInBits := size * 8 + + var n uint64 + var err error + if integer.Encoding == btf.Signed { + parsed, e := strconv.ParseInt(value, 0, int(sizeInBits)) + + n = uint64(parsed) + err = e + } else { + parsed, e := strconv.ParseUint(value, 0, int(sizeInBits)) + + n = uint64(parsed) + err = e + } + + if err != nil { + return fmt.Errorf("cannot parse value: %w", err) + } + + switch size { + case 1: + data[0] = byte(n) + case 2: + internal.NativeEndian.PutUint16(data, uint16(n)) + case 4: + internal.NativeEndian.PutUint32(data, uint32(n)) + case 8: + internal.NativeEndian.PutUint64(data, uint64(n)) + default: + return fmt.Errorf("size (%d) is not valid, expected: 1, 2, 4 or 8", size) + } + + return nil +} diff --git a/vendor/github.com/cilium/ebpf/internal/memoize.go b/vendor/github.com/cilium/ebpf/internal/memoize.go new file mode 100644 index 00000000000..3de0a3fb95a --- /dev/null +++ b/vendor/github.com/cilium/ebpf/internal/memoize.go @@ -0,0 +1,26 @@ +package internal + +import ( + "sync" +) + +type memoizedFunc[T any] struct { + once sync.Once + fn func() (T, error) + result T + err error +} + +func (mf *memoizedFunc[T]) do() (T, error) { + mf.once.Do(func() { + mf.result, mf.err = mf.fn() + }) + return mf.result, mf.err +} + +// Memoize the result of a function call. +// +// fn is only ever called once, even if it returns an error. +func Memoize[T any](fn func() (T, error)) func() (T, error) { + return (&memoizedFunc[T]{fn: fn}).do +} diff --git a/vendor/github.com/cilium/ebpf/internal/output.go b/vendor/github.com/cilium/ebpf/internal/output.go index aeab37fcfaf..dd6e6cbafe0 100644 --- a/vendor/github.com/cilium/ebpf/internal/output.go +++ b/vendor/github.com/cilium/ebpf/internal/output.go @@ -6,6 +6,7 @@ import ( "go/format" "go/scanner" "io" + "reflect" "strings" "unicode" ) @@ -82,3 +83,15 @@ func WriteFormatted(src []byte, out io.Writer) error { return nel } + +// GoTypeName is like %T, but elides the package name. +// +// Pointers to a type are peeled off. +func GoTypeName(t any) string { + rT := reflect.TypeOf(t) + for rT.Kind() == reflect.Pointer { + rT = rT.Elem() + } + // Doesn't return the correct Name for generic types due to https://github.com/golang/go/issues/55924 + return rT.Name() +} diff --git a/vendor/github.com/cilium/ebpf/internal/pinning.go b/vendor/github.com/cilium/ebpf/internal/pinning.go index c711353c3ea..01d892f9344 100644 --- a/vendor/github.com/cilium/ebpf/internal/pinning.go +++ b/vendor/github.com/cilium/ebpf/internal/pinning.go @@ -6,15 +6,12 @@ import ( "os" "path/filepath" "runtime" - "unsafe" "github.com/cilium/ebpf/internal/sys" "github.com/cilium/ebpf/internal/unix" ) func Pin(currentPath, newPath string, fd *sys.FD) error { - const bpfFSType = 0xcafe4a11 - if newPath == "" { return errors.New("given pinning path cannot be empty") } @@ -22,20 +19,11 @@ func Pin(currentPath, newPath string, fd *sys.FD) error { return nil } - var statfs unix.Statfs_t - if err := unix.Statfs(filepath.Dir(newPath), &statfs); err != nil { + fsType, err := FSType(filepath.Dir(newPath)) + if err != nil { return err } - - fsType := int64(statfs.Type) - if unsafe.Sizeof(statfs.Type) == 4 { - // We're on a 32 bit arch, where statfs.Type is int32. bpfFSType is a - // negative number when interpreted as int32 so we need to cast via - // uint32 to avoid sign extension. - fsType = int64(uint32(statfs.Type)) - } - - if fsType != bpfFSType { + if fsType != unix.BPF_FS_MAGIC { return fmt.Errorf("%s is not on a bpf filesystem", newPath) } @@ -50,7 +38,7 @@ func Pin(currentPath, newPath string, fd *sys.FD) error { // Renameat2 is used instead of os.Rename to disallow the new path replacing // an existing path. - err := unix.Renameat2(unix.AT_FDCWD, currentPath, unix.AT_FDCWD, newPath, unix.RENAME_NOREPLACE) + err = unix.Renameat2(unix.AT_FDCWD, currentPath, unix.AT_FDCWD, newPath, unix.RENAME_NOREPLACE) if err == nil { // Object is now moved to the new pinning path. return nil diff --git a/vendor/github.com/cilium/ebpf/internal/platform.go b/vendor/github.com/cilium/ebpf/internal/platform.go new file mode 100644 index 00000000000..6e90f2ef714 --- /dev/null +++ b/vendor/github.com/cilium/ebpf/internal/platform.go @@ -0,0 +1,43 @@ +package internal + +import ( + "runtime" +) + +// PlatformPrefix returns the platform-dependent syscall wrapper prefix used by +// the linux kernel. +// +// Based on https://github.com/golang/go/blob/master/src/go/build/syslist.go +// and https://github.com/libbpf/libbpf/blob/master/src/libbpf.c#L10047 +func PlatformPrefix() string { + switch runtime.GOARCH { + case "386": + return "__ia32_" + case "amd64", "amd64p32": + return "__x64_" + + case "arm", "armbe": + return "__arm_" + case "arm64", "arm64be": + return "__arm64_" + + case "mips", "mipsle", "mips64", "mips64le", "mips64p32", "mips64p32le": + return "__mips_" + + case "s390": + return "__s390_" + case "s390x": + return "__s390x_" + + case "riscv", "riscv64": + return "__riscv_" + + case "ppc": + return "__powerpc_" + case "ppc64", "ppc64le": + return "__powerpc64_" + + default: + return "" + } +} diff --git a/vendor/github.com/cilium/ebpf/internal/statfs.go b/vendor/github.com/cilium/ebpf/internal/statfs.go new file mode 100644 index 00000000000..44c02d676e6 --- /dev/null +++ b/vendor/github.com/cilium/ebpf/internal/statfs.go @@ -0,0 +1,23 @@ +package internal + +import ( + "unsafe" + + "github.com/cilium/ebpf/internal/unix" +) + +func FSType(path string) (int64, error) { + var statfs unix.Statfs_t + if err := unix.Statfs(path, &statfs); err != nil { + return 0, err + } + + fsType := int64(statfs.Type) + if unsafe.Sizeof(statfs.Type) == 4 { + // We're on a 32 bit arch, where statfs.Type is int32. bpfFSType is a + // negative number when interpreted as int32 so we need to cast via + // uint32 to avoid sign extension. + fsType = int64(uint32(statfs.Type)) + } + return fsType, nil +} diff --git a/vendor/github.com/cilium/ebpf/internal/sys/fd.go b/vendor/github.com/cilium/ebpf/internal/sys/fd.go index 65517d45e26..941a56fb91b 100644 --- a/vendor/github.com/cilium/ebpf/internal/sys/fd.go +++ b/vendor/github.com/cilium/ebpf/internal/sys/fd.go @@ -17,11 +17,39 @@ type FD struct { } func newFD(value int) *FD { + if onLeakFD != nil { + // Attempt to store the caller's stack for the given fd value. + // Panic if fds contains an existing stack for the fd. + old, exist := fds.LoadOrStore(value, callersFrames()) + if exist { + f := old.(*runtime.Frames) + panic(fmt.Sprintf("found existing stack for fd %d:\n%s", value, FormatFrames(f))) + } + } + fd := &FD{value} - runtime.SetFinalizer(fd, (*FD).Close) + runtime.SetFinalizer(fd, (*FD).finalize) return fd } +// finalize is set as the FD's runtime finalizer and +// sends a leak trace before calling FD.Close(). +func (fd *FD) finalize() { + if fd.raw < 0 { + return + } + + // Invoke the fd leak callback. Calls LoadAndDelete to guarantee the callback + // is invoked at most once for one sys.FD allocation, runtime.Frames can only + // be unwound once. + f, ok := fds.LoadAndDelete(fd.Int()) + if ok && onLeakFD != nil { + onLeakFD(f.(*runtime.Frames)) + } + + _ = fd.Close() +} + // NewFD wraps a raw fd with a finalizer. // // You must not use the raw fd after calling this function, since the underlying @@ -64,15 +92,16 @@ func (fd *FD) Close() error { return nil } + return unix.Close(fd.disown()) +} + +func (fd *FD) disown() int { value := int(fd.raw) + fds.Delete(int(value)) fd.raw = -1 - fd.Forget() - return unix.Close(value) -} - -func (fd *FD) Forget() { runtime.SetFinalizer(fd, nil) + return value } func (fd *FD) Dup() (*FD, error) { @@ -90,7 +119,15 @@ func (fd *FD) Dup() (*FD, error) { return newFD(dup), nil } +// File takes ownership of FD and turns it into an [*os.File]. +// +// You must not use the FD after the call returns. +// +// Returns nil if the FD is not valid. func (fd *FD) File(name string) *os.File { - fd.Forget() - return os.NewFile(uintptr(fd.raw), name) + if fd.raw < 0 { + return nil + } + + return os.NewFile(uintptr(fd.disown()), name) } diff --git a/vendor/github.com/cilium/ebpf/internal/sys/fd_trace.go b/vendor/github.com/cilium/ebpf/internal/sys/fd_trace.go new file mode 100644 index 00000000000..cd50dd1f642 --- /dev/null +++ b/vendor/github.com/cilium/ebpf/internal/sys/fd_trace.go @@ -0,0 +1,93 @@ +package sys + +import ( + "bytes" + "fmt" + "runtime" + "sync" +) + +// OnLeakFD controls tracing [FD] lifetime to detect resources that are not +// closed by Close(). +// +// If fn is not nil, tracing is enabled for all FDs created going forward. fn is +// invoked for all FDs that are closed by the garbage collector instead of an +// explicit Close() by a caller. Calling OnLeakFD twice with a non-nil fn +// (without disabling tracing in the meantime) will cause a panic. +// +// If fn is nil, tracing will be disabled. Any FDs that have not been closed are +// considered to be leaked, fn will be invoked for them, and the process will be +// terminated. +// +// fn will be invoked at most once for every unique sys.FD allocation since a +// runtime.Frames can only be unwound once. +func OnLeakFD(fn func(*runtime.Frames)) { + // Enable leak tracing if new fn is provided. + if fn != nil { + if onLeakFD != nil { + panic("OnLeakFD called twice with non-nil fn") + } + + onLeakFD = fn + return + } + + // fn is nil past this point. + + if onLeakFD == nil { + return + } + + // Call onLeakFD for all open fds. + if fs := flushFrames(); len(fs) != 0 { + for _, f := range fs { + onLeakFD(f) + } + } + + onLeakFD = nil +} + +var onLeakFD func(*runtime.Frames) + +// fds is a registry of all file descriptors wrapped into sys.fds that were +// created while an fd tracer was active. +var fds sync.Map // map[int]*runtime.Frames + +// flushFrames removes all elements from fds and returns them as a slice. This +// deals with the fact that a runtime.Frames can only be unwound once using +// Next(). +func flushFrames() []*runtime.Frames { + var frames []*runtime.Frames + fds.Range(func(key, value any) bool { + frames = append(frames, value.(*runtime.Frames)) + fds.Delete(key) + return true + }) + return frames +} + +func callersFrames() *runtime.Frames { + c := make([]uintptr, 32) + + // Skip runtime.Callers and this function. + i := runtime.Callers(2, c) + if i == 0 { + return nil + } + + return runtime.CallersFrames(c) +} + +// FormatFrames formats a runtime.Frames as a human-readable string. +func FormatFrames(fs *runtime.Frames) string { + var b bytes.Buffer + for { + f, more := fs.Next() + b.WriteString(fmt.Sprintf("\t%s+%#x\n\t\t%s:%d\n", f.Function, f.PC-f.Entry, f.File, f.Line)) + if !more { + break + } + } + return b.String() +} diff --git a/vendor/github.com/cilium/ebpf/internal/sys/ptr.go b/vendor/github.com/cilium/ebpf/internal/sys/ptr.go index bc7ebb44432..e9bb5905973 100644 --- a/vendor/github.com/cilium/ebpf/internal/sys/ptr.go +++ b/vendor/github.com/cilium/ebpf/internal/sys/ptr.go @@ -20,7 +20,7 @@ func NewSlicePointer(buf []byte) Pointer { return Pointer{ptr: unsafe.Pointer(&buf[0])} } -// NewSlicePointer creates a 64-bit pointer from a byte slice. +// NewSlicePointerLen creates a 64-bit pointer from a byte slice. // // Useful to assign both the pointer and the length in one go. func NewSlicePointerLen(buf []byte) (Pointer, uint32) { diff --git a/vendor/github.com/cilium/ebpf/internal/sys/ptr_32_be.go b/vendor/github.com/cilium/ebpf/internal/sys/ptr_32_be.go index df903d780b1..6278c79c9ef 100644 --- a/vendor/github.com/cilium/ebpf/internal/sys/ptr_32_be.go +++ b/vendor/github.com/cilium/ebpf/internal/sys/ptr_32_be.go @@ -1,5 +1,4 @@ //go:build armbe || mips || mips64p32 -// +build armbe mips mips64p32 package sys diff --git a/vendor/github.com/cilium/ebpf/internal/sys/ptr_32_le.go b/vendor/github.com/cilium/ebpf/internal/sys/ptr_32_le.go index a6a51edb6e1..c27b537e8e0 100644 --- a/vendor/github.com/cilium/ebpf/internal/sys/ptr_32_le.go +++ b/vendor/github.com/cilium/ebpf/internal/sys/ptr_32_le.go @@ -1,5 +1,4 @@ //go:build 386 || amd64p32 || arm || mipsle || mips64p32le -// +build 386 amd64p32 arm mipsle mips64p32le package sys diff --git a/vendor/github.com/cilium/ebpf/internal/sys/ptr_64.go b/vendor/github.com/cilium/ebpf/internal/sys/ptr_64.go index 7c0279e487c..2d7828230ae 100644 --- a/vendor/github.com/cilium/ebpf/internal/sys/ptr_64.go +++ b/vendor/github.com/cilium/ebpf/internal/sys/ptr_64.go @@ -1,5 +1,4 @@ //go:build !386 && !amd64p32 && !arm && !mipsle && !mips64p32le && !armbe && !mips && !mips64p32 -// +build !386,!amd64p32,!arm,!mipsle,!mips64p32le,!armbe,!mips,!mips64p32 package sys diff --git a/vendor/github.com/cilium/ebpf/internal/sys/signals.go b/vendor/github.com/cilium/ebpf/internal/sys/signals.go index 84d63313d55..7494c030c01 100644 --- a/vendor/github.com/cilium/ebpf/internal/sys/signals.go +++ b/vendor/github.com/cilium/ebpf/internal/sys/signals.go @@ -8,19 +8,20 @@ import ( "github.com/cilium/ebpf/internal/unix" ) +// A sigset containing only SIGPROF. var profSet unix.Sigset_t func init() { - if err := sigsetAdd(&profSet, unix.SIGPROF); err != nil { - panic(fmt.Errorf("creating signal set: %w", err)) - } + // See sigsetAdd for details on the implementation. Open coded here so + // that the compiler will check the constant calculations for us. + profSet.Val[sigprofBit/wordBits] |= 1 << (sigprofBit % wordBits) } // maskProfilerSignal locks the calling goroutine to its underlying OS thread // and adds SIGPROF to the thread's signal mask. This prevents pprof from // interrupting expensive syscalls like e.g. BPF_PROG_LOAD. // -// The caller must defer sys.UnmaskProfilerSignal() to reverse the operation. +// The caller must defer unmaskProfilerSignal() to reverse the operation. func maskProfilerSignal() { runtime.LockOSThread() @@ -43,11 +44,10 @@ func unmaskProfilerSignal() { } const ( - wordBytes = int(unsafe.Sizeof(unix.Sigset_t{}.Val[0])) - wordBits = wordBytes * 8 - - setBytes = int(unsafe.Sizeof(unix.Sigset_t{})) - setBits = setBytes * 8 + // Signal is the nth bit in the bitfield. + sigprofBit = int(unix.SIGPROF - 1) + // The number of bits in one Sigset_t word. + wordBits = int(unsafe.Sizeof(unix.Sigset_t{}.Val[0])) * 8 ) // sigsetAdd adds signal to set. @@ -59,9 +59,6 @@ func sigsetAdd(set *unix.Sigset_t, signal unix.Signal) error { if signal < 1 { return fmt.Errorf("signal %d must be larger than 0", signal) } - if int(signal) > setBits { - return fmt.Errorf("signal %d does not fit within unix.Sigset_t", signal) - } // For amd64, runtime.sigaddset() performs the following operation: // set[(signal-1)/32] |= 1 << ((uint32(signal) - 1) & 31) @@ -75,6 +72,10 @@ func sigsetAdd(set *unix.Sigset_t, signal unix.Signal) error { // Word within the sigset the bit needs to be written to. word := bit / wordBits + if word >= len(set.Val) { + return fmt.Errorf("signal %d does not fit within unix.Sigset_t", signal) + } + // Write the signal bit into its corresponding word at the corrected offset. set.Val[word] |= 1 << (bit % wordBits) diff --git a/vendor/github.com/cilium/ebpf/internal/sys/syscall.go b/vendor/github.com/cilium/ebpf/internal/sys/syscall.go index 3c7ce5dd1f8..4fae04db5d8 100644 --- a/vendor/github.com/cilium/ebpf/internal/sys/syscall.go +++ b/vendor/github.com/cilium/ebpf/internal/sys/syscall.go @@ -117,6 +117,9 @@ type LinkID uint32 // BTFID uniquely identifies a BTF blob loaded into the kernel. type BTFID uint32 +// TypeID identifies a type in a BTF blob. +type TypeID uint32 + // MapFlags control map behaviour. type MapFlags uint32 diff --git a/vendor/github.com/cilium/ebpf/internal/sys/types.go b/vendor/github.com/cilium/ebpf/internal/sys/types.go index bb778790d7f..2af7759e5a3 100644 --- a/vendor/github.com/cilium/ebpf/internal/sys/types.go +++ b/vendor/github.com/cilium/ebpf/internal/sys/types.go @@ -301,7 +301,17 @@ const ( BPF_FUNC_copy_from_user_task FunctionId = 191 BPF_FUNC_skb_set_tstamp FunctionId = 192 BPF_FUNC_ima_file_hash FunctionId = 193 - __BPF_FUNC_MAX_ID FunctionId = 194 + BPF_FUNC_kptr_xchg FunctionId = 194 + BPF_FUNC_map_lookup_percpu_elem FunctionId = 195 + BPF_FUNC_skc_to_mptcp_sock FunctionId = 196 + BPF_FUNC_dynptr_from_mem FunctionId = 197 + BPF_FUNC_ringbuf_reserve_dynptr FunctionId = 198 + BPF_FUNC_ringbuf_submit_dynptr FunctionId = 199 + BPF_FUNC_ringbuf_discard_dynptr FunctionId = 200 + BPF_FUNC_dynptr_read FunctionId = 201 + BPF_FUNC_dynptr_write FunctionId = 202 + BPF_FUNC_dynptr_data FunctionId = 203 + __BPF_FUNC_MAX_ID FunctionId = 204 ) type HdrStartOff uint32 @@ -323,7 +333,8 @@ const ( BPF_LINK_TYPE_XDP LinkType = 6 BPF_LINK_TYPE_PERF_EVENT LinkType = 7 BPF_LINK_TYPE_KPROBE_MULTI LinkType = 8 - MAX_BPF_LINK_TYPE LinkType = 9 + BPF_LINK_TYPE_STRUCT_OPS LinkType = 9 + MAX_BPF_LINK_TYPE LinkType = 10 ) type MapType uint32 @@ -477,12 +488,12 @@ type MapInfo struct { MapFlags MapFlags Name ObjName Ifindex uint32 - BtfVmlinuxValueTypeId uint32 + BtfVmlinuxValueTypeId TypeID NetnsDev uint64 NetnsIno uint64 BtfId uint32 - BtfKeyTypeId uint32 - BtfValueTypeId uint32 + BtfKeyTypeId TypeID + BtfValueTypeId TypeID _ [4]byte MapExtra uint64 } @@ -508,7 +519,7 @@ type ProgInfo struct { NrJitedFuncLens uint32 JitedKsyms uint64 JitedFuncLens uint64 - BtfId uint32 + BtfId BTFID FuncInfoRecSize uint32 FuncInfo uint64 NrFuncInfo uint32 @@ -616,7 +627,7 @@ type LinkCreateAttr struct { TargetFd uint32 AttachType AttachType Flags uint32 - TargetBtfId uint32 + TargetBtfId TypeID _ [28]byte } @@ -683,6 +694,25 @@ func LinkCreatePerfEvent(attr *LinkCreatePerfEventAttr) (*FD, error) { return NewFD(int(fd)) } +type LinkCreateTracingAttr struct { + ProgFd uint32 + TargetFd uint32 + AttachType AttachType + Flags uint32 + TargetBtfId BTFID + _ [4]byte + Cookie uint64 + _ [16]byte +} + +func LinkCreateTracing(attr *LinkCreateTracingAttr) (*FD, error) { + fd, err := BPF(BPF_LINK_CREATE, unsafe.Pointer(attr), unsafe.Sizeof(*attr)) + if err != nil { + return nil, err + } + return NewFD(int(fd)) +} + type LinkUpdateAttr struct { LinkFd uint32 NewProgFd uint32 @@ -706,9 +736,9 @@ type MapCreateAttr struct { MapName ObjName MapIfindex uint32 BtfFd uint32 - BtfKeyTypeId uint32 - BtfValueTypeId uint32 - BtfVmlinuxValueTypeId uint32 + BtfKeyTypeId TypeID + BtfValueTypeId TypeID + BtfVmlinuxValueTypeId TypeID MapExtra uint64 } @@ -986,7 +1016,7 @@ type ProgLoadAttr struct { LineInfoRecSize uint32 LineInfo Pointer LineInfoCnt uint32 - AttachBtfId uint32 + AttachBtfId TypeID AttachBtfObjFd uint32 CoreReloCnt uint32 FdArray Pointer @@ -1081,7 +1111,7 @@ type RawTracepointLinkInfo struct { type TracingLinkInfo struct { AttachType AttachType TargetObjId uint32 - TargetBtfId uint32 + TargetBtfId TypeID } type XDPLinkInfo struct{ Ifindex uint32 } diff --git a/vendor/github.com/cilium/ebpf/internal/tracefs/kprobe.go b/vendor/github.com/cilium/ebpf/internal/tracefs/kprobe.go new file mode 100644 index 00000000000..4059a099b08 --- /dev/null +++ b/vendor/github.com/cilium/ebpf/internal/tracefs/kprobe.go @@ -0,0 +1,359 @@ +package tracefs + +import ( + "crypto/rand" + "errors" + "fmt" + "os" + "path/filepath" + "runtime" + "strings" + "syscall" + + "github.com/cilium/ebpf/internal" + "github.com/cilium/ebpf/internal/unix" +) + +var ( + ErrInvalidInput = errors.New("invalid input") + + ErrInvalidMaxActive = errors.New("can only set maxactive on kretprobes") +) + +//go:generate stringer -type=ProbeType -linecomment + +type ProbeType uint8 + +const ( + Kprobe ProbeType = iota // kprobe + Uprobe // uprobe +) + +func (pt ProbeType) eventsFile() (*os.File, error) { + path, err := sanitizeTracefsPath(fmt.Sprintf("%s_events", pt.String())) + if err != nil { + return nil, err + } + + return os.OpenFile(path, os.O_APPEND|os.O_WRONLY, 0666) +} + +type ProbeArgs struct { + Type ProbeType + Symbol, Group, Path string + Offset, RefCtrOffset, Cookie uint64 + Pid, RetprobeMaxActive int + Ret bool +} + +// RandomGroup generates a pseudorandom string for use as a tracefs group name. +// Returns an error when the output string would exceed 63 characters (kernel +// limitation), when rand.Read() fails or when prefix contains characters not +// allowed by IsValidTraceID. +func RandomGroup(prefix string) (string, error) { + if !validIdentifier(prefix) { + return "", fmt.Errorf("prefix '%s' must be alphanumeric or underscore: %w", prefix, ErrInvalidInput) + } + + b := make([]byte, 8) + if _, err := rand.Read(b); err != nil { + return "", fmt.Errorf("reading random bytes: %w", err) + } + + group := fmt.Sprintf("%s_%x", prefix, b) + if len(group) > 63 { + return "", fmt.Errorf("group name '%s' cannot be longer than 63 characters: %w", group, ErrInvalidInput) + } + + return group, nil +} + +// validIdentifier implements the equivalent of a regex match +// against "^[a-zA-Z_][0-9a-zA-Z_]*$". +// +// Trace event groups, names and kernel symbols must adhere to this set +// of characters. Non-empty, first character must not be a number, all +// characters must be alphanumeric or underscore. +func validIdentifier(s string) bool { + if len(s) < 1 { + return false + } + for i, c := range []byte(s) { + switch { + case c >= 'a' && c <= 'z': + case c >= 'A' && c <= 'Z': + case c == '_': + case i > 0 && c >= '0' && c <= '9': + + default: + return false + } + } + + return true +} + +func sanitizeTracefsPath(path ...string) (string, error) { + base, err := getTracefsPath() + if err != nil { + return "", err + } + l := filepath.Join(path...) + p := filepath.Join(base, l) + if !strings.HasPrefix(p, base) { + return "", fmt.Errorf("path '%s' attempts to escape base path '%s': %w", l, base, ErrInvalidInput) + } + return p, nil +} + +// getTracefsPath will return a correct path to the tracefs mount point. +// Since kernel 4.1 tracefs should be mounted by default at /sys/kernel/tracing, +// but may be also be available at /sys/kernel/debug/tracing if debugfs is mounted. +// The available tracefs paths will depends on distribution choices. +var getTracefsPath = internal.Memoize(func() (string, error) { + for _, p := range []struct { + path string + fsType int64 + }{ + {"/sys/kernel/tracing", unix.TRACEFS_MAGIC}, + {"/sys/kernel/debug/tracing", unix.TRACEFS_MAGIC}, + // RHEL/CentOS + {"/sys/kernel/debug/tracing", unix.DEBUGFS_MAGIC}, + } { + if fsType, err := internal.FSType(p.path); err == nil && fsType == p.fsType { + return p.path, nil + } + } + + return "", errors.New("neither debugfs nor tracefs are mounted") +}) + +// sanitizeIdentifier replaces every invalid character for the tracefs api with an underscore. +// +// It is equivalent to calling regexp.MustCompile("[^a-zA-Z0-9]+").ReplaceAllString("_"). +func sanitizeIdentifier(s string) string { + var skip bool + return strings.Map(func(c rune) rune { + switch { + case c >= 'a' && c <= 'z', + c >= 'A' && c <= 'Z', + c >= '0' && c <= '9': + skip = false + return c + + case skip: + return -1 + + default: + skip = true + return '_' + } + }, s) +} + +// EventID reads a trace event's ID from tracefs given its group and name. +// The kernel requires group and name to be alphanumeric or underscore. +func EventID(group, name string) (uint64, error) { + if !validIdentifier(group) { + return 0, fmt.Errorf("invalid tracefs group: %q", group) + } + + if !validIdentifier(name) { + return 0, fmt.Errorf("invalid tracefs name: %q", name) + } + + path, err := sanitizeTracefsPath("events", group, name, "id") + if err != nil { + return 0, err + } + tid, err := internal.ReadUint64FromFile("%d\n", path) + if errors.Is(err, os.ErrNotExist) { + return 0, err + } + if err != nil { + return 0, fmt.Errorf("reading trace event ID of %s/%s: %w", group, name, err) + } + + return tid, nil +} + +func probePrefix(ret bool, maxActive int) string { + if ret { + if maxActive > 0 { + return fmt.Sprintf("r%d", maxActive) + } + return "r" + } + return "p" +} + +// Event represents an entry in a tracefs probe events file. +type Event struct { + typ ProbeType + group, name string + // event id allocated by the kernel. 0 if the event has already been removed. + id uint64 +} + +// NewEvent creates a new ephemeral trace event. +// +// Returns os.ErrNotExist if symbol is not a valid +// kernel symbol, or if it is not traceable with kprobes. Returns os.ErrExist +// if a probe with the same group and symbol already exists. Returns an error if +// args.RetprobeMaxActive is used on non kprobe types. Returns ErrNotSupported if +// the kernel is too old to support kretprobe maxactive. +func NewEvent(args ProbeArgs) (*Event, error) { + // Before attempting to create a trace event through tracefs, + // check if an event with the same group and name already exists. + // Kernels 4.x and earlier don't return os.ErrExist on writing a duplicate + // entry, so we need to rely on reads for detecting uniqueness. + eventName := sanitizeIdentifier(args.Symbol) + _, err := EventID(args.Group, eventName) + if err == nil { + return nil, fmt.Errorf("trace event %s/%s: %w", args.Group, eventName, os.ErrExist) + } + if err != nil && !errors.Is(err, os.ErrNotExist) { + return nil, fmt.Errorf("checking trace event %s/%s: %w", args.Group, eventName, err) + } + + // Open the kprobe_events file in tracefs. + f, err := args.Type.eventsFile() + if err != nil { + return nil, err + } + defer f.Close() + + var pe, token string + switch args.Type { + case Kprobe: + // The kprobe_events syntax is as follows (see Documentation/trace/kprobetrace.txt): + // p[:[GRP/]EVENT] [MOD:]SYM[+offs]|MEMADDR [FETCHARGS] : Set a probe + // r[MAXACTIVE][:[GRP/]EVENT] [MOD:]SYM[+0] [FETCHARGS] : Set a return probe + // -:[GRP/]EVENT : Clear a probe + // + // Some examples: + // r:ebpf_1234/r_my_kretprobe nf_conntrack_destroy + // p:ebpf_5678/p_my_kprobe __x64_sys_execve + // + // Leaving the kretprobe's MAXACTIVE set to 0 (or absent) will make the + // kernel default to NR_CPUS. This is desired in most eBPF cases since + // subsampling or rate limiting logic can be more accurately implemented in + // the eBPF program itself. + // See Documentation/kprobes.txt for more details. + if args.RetprobeMaxActive != 0 && !args.Ret { + return nil, ErrInvalidMaxActive + } + token = KprobeToken(args) + pe = fmt.Sprintf("%s:%s/%s %s", probePrefix(args.Ret, args.RetprobeMaxActive), args.Group, eventName, token) + case Uprobe: + // The uprobe_events syntax is as follows: + // p[:[GRP/]EVENT] PATH:OFFSET [FETCHARGS] : Set a probe + // r[:[GRP/]EVENT] PATH:OFFSET [FETCHARGS] : Set a return probe + // -:[GRP/]EVENT : Clear a probe + // + // Some examples: + // r:ebpf_1234/readline /bin/bash:0x12345 + // p:ebpf_5678/main_mySymbol /bin/mybin:0x12345(0x123) + // + // See Documentation/trace/uprobetracer.txt for more details. + if args.RetprobeMaxActive != 0 { + return nil, ErrInvalidMaxActive + } + token = UprobeToken(args) + pe = fmt.Sprintf("%s:%s/%s %s", probePrefix(args.Ret, 0), args.Group, eventName, token) + } + _, err = f.WriteString(pe) + + // Since commit 97c753e62e6c, ENOENT is correctly returned instead of EINVAL + // when trying to create a retprobe for a missing symbol. + if errors.Is(err, os.ErrNotExist) { + return nil, fmt.Errorf("token %s: not found: %w", token, err) + } + // Since commit ab105a4fb894, EILSEQ is returned when a kprobe sym+offset is resolved + // to an invalid insn boundary. The exact conditions that trigger this error are + // arch specific however. + if errors.Is(err, syscall.EILSEQ) { + return nil, fmt.Errorf("token %s: bad insn boundary: %w", token, os.ErrNotExist) + } + // ERANGE is returned when the `SYM[+offs]` token is too big and cannot + // be resolved. + if errors.Is(err, syscall.ERANGE) { + return nil, fmt.Errorf("token %s: offset too big: %w", token, os.ErrNotExist) + } + + if err != nil { + return nil, fmt.Errorf("token %s: writing '%s': %w", token, pe, err) + } + + // Get the newly-created trace event's id. + tid, err := EventID(args.Group, eventName) + if args.RetprobeMaxActive != 0 && errors.Is(err, os.ErrNotExist) { + // Kernels < 4.12 don't support maxactive and therefore auto generate + // group and event names from the symbol and offset. The symbol is used + // without any sanitization. + // See https://elixir.bootlin.com/linux/v4.10/source/kernel/trace/trace_kprobe.c#L712 + event := fmt.Sprintf("kprobes/r_%s_%d", args.Symbol, args.Offset) + if err := removeEvent(args.Type, event); err != nil { + return nil, fmt.Errorf("failed to remove spurious maxactive event: %s", err) + } + return nil, fmt.Errorf("create trace event with non-default maxactive: %w", internal.ErrNotSupported) + } + if err != nil { + return nil, fmt.Errorf("get trace event id: %w", err) + } + + evt := &Event{args.Type, args.Group, eventName, tid} + runtime.SetFinalizer(evt, (*Event).Close) + return evt, nil +} + +// Close removes the event from tracefs. +// +// Returns os.ErrClosed if the event has already been closed before. +func (evt *Event) Close() error { + if evt.id == 0 { + return os.ErrClosed + } + + evt.id = 0 + runtime.SetFinalizer(evt, nil) + pe := fmt.Sprintf("%s/%s", evt.group, evt.name) + return removeEvent(evt.typ, pe) +} + +func removeEvent(typ ProbeType, pe string) error { + f, err := typ.eventsFile() + if err != nil { + return err + } + defer f.Close() + + // See [k,u]probe_events syntax above. The probe type does not need to be specified + // for removals. + if _, err = f.WriteString("-:" + pe); err != nil { + return fmt.Errorf("remove event %q from %s: %w", pe, f.Name(), err) + } + + return nil +} + +// ID returns the tracefs ID associated with the event. +func (evt *Event) ID() uint64 { + return evt.id +} + +// Group returns the tracefs group used by the event. +func (evt *Event) Group() string { + return evt.group +} + +// KprobeToken creates the SYM[+offs] token for the tracefs api. +func KprobeToken(args ProbeArgs) string { + po := args.Symbol + + if args.Offset != 0 { + po += fmt.Sprintf("+%#x", args.Offset) + } + + return po +} diff --git a/vendor/github.com/cilium/ebpf/internal/tracefs/probetype_string.go b/vendor/github.com/cilium/ebpf/internal/tracefs/probetype_string.go new file mode 100644 index 00000000000..87cb0a059b4 --- /dev/null +++ b/vendor/github.com/cilium/ebpf/internal/tracefs/probetype_string.go @@ -0,0 +1,24 @@ +// Code generated by "stringer -type=ProbeType -linecomment"; DO NOT EDIT. + +package tracefs + +import "strconv" + +func _() { + // An "invalid array index" compiler error signifies that the constant values have changed. + // Re-run the stringer command to generate them again. + var x [1]struct{} + _ = x[Kprobe-0] + _ = x[Uprobe-1] +} + +const _ProbeType_name = "kprobeuprobe" + +var _ProbeType_index = [...]uint8{0, 6, 12} + +func (i ProbeType) String() string { + if i >= ProbeType(len(_ProbeType_index)-1) { + return "ProbeType(" + strconv.FormatInt(int64(i), 10) + ")" + } + return _ProbeType_name[_ProbeType_index[i]:_ProbeType_index[i+1]] +} diff --git a/vendor/github.com/cilium/ebpf/internal/tracefs/uprobe.go b/vendor/github.com/cilium/ebpf/internal/tracefs/uprobe.go new file mode 100644 index 00000000000..994f31260de --- /dev/null +++ b/vendor/github.com/cilium/ebpf/internal/tracefs/uprobe.go @@ -0,0 +1,16 @@ +package tracefs + +import "fmt" + +// UprobeToken creates the PATH:OFFSET(REF_CTR_OFFSET) token for the tracefs api. +func UprobeToken(args ProbeArgs) string { + po := fmt.Sprintf("%s:%#x", args.Path, args.Offset) + + if args.RefCtrOffset != 0 { + // This is not documented in Documentation/trace/uprobetracer.txt. + // elixir.bootlin.com/linux/v5.15-rc7/source/kernel/trace/trace.c#L5564 + po += fmt.Sprintf("(%#x)", args.RefCtrOffset) + } + + return po +} diff --git a/vendor/github.com/cilium/ebpf/internal/unix/types_linux.go b/vendor/github.com/cilium/ebpf/internal/unix/types_linux.go index 04b828b4c0e..7c9705919a3 100644 --- a/vendor/github.com/cilium/ebpf/internal/unix/types_linux.go +++ b/vendor/github.com/cilium/ebpf/internal/unix/types_linux.go @@ -35,6 +35,7 @@ const ( BPF_F_RDONLY_PROG = linux.BPF_F_RDONLY_PROG BPF_F_WRONLY_PROG = linux.BPF_F_WRONLY_PROG BPF_F_SLEEPABLE = linux.BPF_F_SLEEPABLE + BPF_F_XDP_HAS_FRAGS = linux.BPF_F_XDP_HAS_FRAGS BPF_F_MMAPABLE = linux.BPF_F_MMAPABLE BPF_F_INNER_MAP = linux.BPF_F_INNER_MAP BPF_F_KPROBE_MULTI_RETURN = linux.BPF_F_KPROBE_MULTI_RETURN @@ -49,9 +50,12 @@ const ( EPOLL_CLOEXEC = linux.EPOLL_CLOEXEC O_CLOEXEC = linux.O_CLOEXEC O_NONBLOCK = linux.O_NONBLOCK + PROT_NONE = linux.PROT_NONE PROT_READ = linux.PROT_READ PROT_WRITE = linux.PROT_WRITE + MAP_ANON = linux.MAP_ANON MAP_SHARED = linux.MAP_SHARED + MAP_PRIVATE = linux.MAP_PRIVATE PERF_ATTR_SIZE_VER1 = linux.PERF_ATTR_SIZE_VER1 PERF_TYPE_SOFTWARE = linux.PERF_TYPE_SOFTWARE PERF_TYPE_TRACEPOINT = linux.PERF_TYPE_TRACEPOINT @@ -60,6 +64,7 @@ const ( PERF_EVENT_IOC_ENABLE = linux.PERF_EVENT_IOC_ENABLE PERF_EVENT_IOC_SET_BPF = linux.PERF_EVENT_IOC_SET_BPF PerfBitWatermark = linux.PerfBitWatermark + PerfBitWriteBackward = linux.PerfBitWriteBackward PERF_SAMPLE_RAW = linux.PERF_SAMPLE_RAW PERF_FLAG_FD_CLOEXEC = linux.PERF_FLAG_FD_CLOEXEC RLIM_INFINITY = linux.RLIM_INFINITY @@ -77,6 +82,9 @@ const ( SIG_UNBLOCK = linux.SIG_UNBLOCK EM_NONE = linux.EM_NONE EM_BPF = linux.EM_BPF + BPF_FS_MAGIC = linux.BPF_FS_MAGIC + TRACEFS_MAGIC = linux.TRACEFS_MAGIC + DEBUGFS_MAGIC = linux.DEBUGFS_MAGIC ) type Statfs_t = linux.Statfs_t @@ -188,3 +196,7 @@ func Open(path string, mode int, perm uint32) (int, error) { func Fstat(fd int, stat *Stat_t) error { return linux.Fstat(fd, stat) } + +func SetsockoptInt(fd, level, opt, value int) error { + return linux.SetsockoptInt(fd, level, opt, value) +} diff --git a/vendor/github.com/cilium/ebpf/internal/unix/types_other.go b/vendor/github.com/cilium/ebpf/internal/unix/types_other.go index e87bf830abc..5e86b5052a1 100644 --- a/vendor/github.com/cilium/ebpf/internal/unix/types_other.go +++ b/vendor/github.com/cilium/ebpf/internal/unix/types_other.go @@ -41,6 +41,7 @@ const ( BPF_F_MMAPABLE BPF_F_INNER_MAP BPF_F_KPROBE_MULTI_RETURN + BPF_F_XDP_HAS_FRAGS BPF_OBJ_NAME_LEN BPF_TAG_SIZE BPF_RINGBUF_BUSY_BIT @@ -53,9 +54,12 @@ const ( EPOLL_CLOEXEC O_CLOEXEC O_NONBLOCK + PROT_NONE PROT_READ PROT_WRITE + MAP_ANON MAP_SHARED + MAP_PRIVATE PERF_ATTR_SIZE_VER1 PERF_TYPE_SOFTWARE PERF_TYPE_TRACEPOINT @@ -64,6 +68,7 @@ const ( PERF_EVENT_IOC_ENABLE PERF_EVENT_IOC_SET_BPF PerfBitWatermark + PerfBitWriteBackward PERF_SAMPLE_RAW PERF_FLAG_FD_CLOEXEC RLIM_INFINITY @@ -81,6 +86,9 @@ const ( SIG_UNBLOCK EM_NONE EM_BPF + BPF_FS_MAGIC + TRACEFS_MAGIC + DEBUGFS_MAGIC ) type Statfs_t struct { @@ -98,7 +106,19 @@ type Statfs_t struct { Spare [4]int64 } -type Stat_t struct{} +type Stat_t struct { + Dev uint64 + Ino uint64 + Nlink uint64 + Mode uint32 + Uid uint32 + Gid uint32 + _ int32 + Rdev uint64 + Size int64 + Blksize int64 + Blocks int64 +} type Rlimit struct { Cur uint64 @@ -268,3 +288,7 @@ func Open(path string, mode int, perm uint32) (int, error) { func Fstat(fd int, stat *Stat_t) error { return errNonLinux } + +func SetsockoptInt(fd, level, opt, value int) error { + return errNonLinux +} diff --git a/vendor/github.com/cilium/ebpf/internal/vdso.go b/vendor/github.com/cilium/ebpf/internal/vdso.go index aaffa3cb877..10e639bf06e 100644 --- a/vendor/github.com/cilium/ebpf/internal/vdso.go +++ b/vendor/github.com/cilium/ebpf/internal/vdso.go @@ -120,7 +120,7 @@ func vdsoLinuxVersionCode(r io.ReaderAt) (uint32, error) { var name string if n.NameSize > 0 { // Read the note name, aligned to 4 bytes. - buf := make([]byte, Align(int(n.NameSize), 4)) + buf := make([]byte, Align(n.NameSize, 4)) if err := binary.Read(sr, hdr.ByteOrder, &buf); err != nil { return 0, fmt.Errorf("reading note name: %w", err) } @@ -142,7 +142,7 @@ func vdsoLinuxVersionCode(r io.ReaderAt) (uint32, error) { } // Discard the note descriptor if it exists but we're not interested in it. - if _, err := io.CopyN(io.Discard, sr, int64(Align(int(n.DescSize), 4))); err != nil { + if _, err := io.CopyN(io.Discard, sr, int64(Align(n.DescSize, 4))); err != nil { return 0, err } } diff --git a/vendor/github.com/cilium/ebpf/internal/version.go b/vendor/github.com/cilium/ebpf/internal/version.go index 370e01e4447..9b17ffb44de 100644 --- a/vendor/github.com/cilium/ebpf/internal/version.go +++ b/vendor/github.com/cilium/ebpf/internal/version.go @@ -2,7 +2,6 @@ package internal import ( "fmt" - "sync" "github.com/cilium/ebpf/internal/unix" ) @@ -15,14 +14,6 @@ const ( MagicKernelVersion = 0xFFFFFFFE ) -var ( - kernelVersion = struct { - once sync.Once - version Version - err error - }{} -) - // A Version in the form Major.Minor.Patch. type Version [3]uint16 @@ -88,16 +79,9 @@ func (v Version) Kernel() uint32 { } // KernelVersion returns the version of the currently running kernel. -func KernelVersion() (Version, error) { - kernelVersion.once.Do(func() { - kernelVersion.version, kernelVersion.err = detectKernelVersion() - }) - - if kernelVersion.err != nil { - return Version{}, kernelVersion.err - } - return kernelVersion.version, nil -} +var KernelVersion = Memoize(func() (Version, error) { + return detectKernelVersion() +}) // detectKernelVersion returns the version of the running kernel. func detectKernelVersion() (Version, error) { diff --git a/vendor/github.com/cilium/ebpf/link/cgroup.go b/vendor/github.com/cilium/ebpf/link/cgroup.go index bfad1ccedfb..58e85fe9d47 100644 --- a/vendor/github.com/cilium/ebpf/link/cgroup.go +++ b/vendor/github.com/cilium/ebpf/link/cgroup.go @@ -10,10 +10,15 @@ import ( type cgroupAttachFlags uint32 -// cgroup attach flags const ( + // Allow programs attached to sub-cgroups to override the verdict of this + // program. flagAllowOverride cgroupAttachFlags = 1 << iota + // Allow attaching multiple programs to the cgroup. Only works if the cgroup + // has zero or more programs attached using the Multi flag. Implies override. flagAllowMulti + // Set automatically by progAttachCgroup.Update(). Used for updating a + // specific given program attached in multi-mode. flagReplace ) @@ -27,29 +32,39 @@ type CgroupOptions struct { } // AttachCgroup links a BPF program to a cgroup. -func AttachCgroup(opts CgroupOptions) (Link, error) { +// +// If the running kernel doesn't support bpf_link, attempts to emulate its +// semantics using the legacy PROG_ATTACH mechanism. If bpf_link is not +// available, the returned [Link] will not support pinning to bpffs. +// +// If you need more control over attachment flags or the attachment mechanism +// used, look at [RawAttachProgram] and [AttachRawLink] instead. +func AttachCgroup(opts CgroupOptions) (cg Link, err error) { cgroup, err := os.Open(opts.Path) if err != nil { return nil, fmt.Errorf("can't open cgroup: %s", err) } - - clone, err := opts.Program.Clone() - if err != nil { + defer func() { + if _, ok := cg.(*progAttachCgroup); ok { + // Skip closing the cgroup handle if we return a valid progAttachCgroup, + // where the handle is retained to implement Update(). + return + } cgroup.Close() - return nil, err + }() + + cg, err = newLinkCgroup(cgroup, opts.Attach, opts.Program) + if err == nil { + return cg, nil } - var cg Link - cg, err = newLinkCgroup(cgroup, opts.Attach, clone) if errors.Is(err, ErrNotSupported) { - cg, err = newProgAttachCgroup(cgroup, opts.Attach, clone, flagAllowMulti) + cg, err = newProgAttachCgroup(cgroup, opts.Attach, opts.Program, flagAllowMulti) } if errors.Is(err, ErrNotSupported) { - cg, err = newProgAttachCgroup(cgroup, opts.Attach, clone, flagAllowOverride) + cg, err = newProgAttachCgroup(cgroup, opts.Attach, opts.Program, flagAllowOverride) } if err != nil { - cgroup.Close() - clone.Close() return nil, err } @@ -67,6 +82,8 @@ var _ Link = (*progAttachCgroup)(nil) func (cg *progAttachCgroup) isLink() {} +// newProgAttachCgroup attaches prog to cgroup using BPF_PROG_ATTACH. +// cgroup and prog are retained by [progAttachCgroup]. func newProgAttachCgroup(cgroup *os.File, attach ebpf.AttachType, prog *ebpf.Program, flags cgroupAttachFlags) (*progAttachCgroup, error) { if flags&flagAllowMulti > 0 { if err := haveProgAttachReplace(); err != nil { @@ -74,17 +91,24 @@ func newProgAttachCgroup(cgroup *os.File, attach ebpf.AttachType, prog *ebpf.Pro } } - err := RawAttachProgram(RawAttachProgramOptions{ + // Use a program handle that cannot be closed by the caller. + clone, err := prog.Clone() + if err != nil { + return nil, err + } + + err = RawAttachProgram(RawAttachProgramOptions{ Target: int(cgroup.Fd()), - Program: prog, + Program: clone, Flags: uint32(flags), Attach: attach, }) if err != nil { + clone.Close() return nil, fmt.Errorf("cgroup: %w", err) } - return &progAttachCgroup{cgroup, prog, attach, flags}, nil + return &progAttachCgroup{cgroup, clone, attach, flags}, nil } func (cg *progAttachCgroup) Close() error { @@ -151,6 +175,7 @@ type linkCgroup struct { var _ Link = (*linkCgroup)(nil) +// newLinkCgroup attaches prog to cgroup using BPF_LINK_CREATE. func newLinkCgroup(cgroup *os.File, attach ebpf.AttachType, prog *ebpf.Program) (*linkCgroup, error) { link, err := AttachRawLink(RawLinkOptions{ Target: int(cgroup.Fd()), diff --git a/vendor/github.com/cilium/ebpf/link/kprobe.go b/vendor/github.com/cilium/ebpf/link/kprobe.go index 9ce7eb4a4e2..b54ca908533 100644 --- a/vendor/github.com/cilium/ebpf/link/kprobe.go +++ b/vendor/github.com/cilium/ebpf/link/kprobe.go @@ -1,34 +1,20 @@ package link import ( - "crypto/rand" "errors" "fmt" "os" - "path/filepath" "runtime" "strings" - "syscall" "unsafe" "github.com/cilium/ebpf" + "github.com/cilium/ebpf/internal" "github.com/cilium/ebpf/internal/sys" + "github.com/cilium/ebpf/internal/tracefs" "github.com/cilium/ebpf/internal/unix" ) -var ( - kprobeEventsPath = filepath.Join(tracefsPath, "kprobe_events") -) - -type probeType uint8 - -type probeArgs struct { - symbol, group, path string - offset, refCtrOffset, cookie uint64 - pid, retprobeMaxActive int - ret bool -} - // KprobeOptions defines additional parameters that will be used // when loading Kprobes. type KprobeOptions struct { @@ -47,38 +33,17 @@ type KprobeOptions struct { // Deprecated: this setting forces the use of an outdated kernel API and is not portable // across kernel versions. RetprobeMaxActive int + // Prefix used for the event name if the kprobe must be attached using tracefs. + // The group name will be formatted as `_`. + // The default empty string is equivalent to "ebpf" as the prefix. + TraceFSPrefix string } -const ( - kprobeType probeType = iota - uprobeType -) - -func (pt probeType) String() string { - if pt == kprobeType { - return "kprobe" - } - return "uprobe" -} - -func (pt probeType) EventsPath() string { - if pt == kprobeType { - return kprobeEventsPath +func (ko *KprobeOptions) cookie() uint64 { + if ko == nil { + return 0 } - return uprobeEventsPath -} - -func (pt probeType) PerfEventType(ret bool) perfEventType { - if pt == kprobeType { - if ret { - return kretprobeEvent - } - return kprobeEvent - } - if ret { - return uretprobeEvent - } - return uprobeEvent + return ko.Cookie } // Kprobe attaches the given eBPF program to a perf event that fires when the @@ -90,13 +55,17 @@ func (pt probeType) PerfEventType(ret bool) perfEventType { // Losing the reference to the resulting Link (kp) will close the Kprobe // and prevent further execution of prog. The Link must be Closed during // program shutdown to avoid leaking system resources. +// +// If attaching to symbol fails, automatically retries with the running +// platform's syscall prefix (e.g. __x64_) to support attaching to syscalls +// in a portable fashion. func Kprobe(symbol string, prog *ebpf.Program, opts *KprobeOptions) (Link, error) { k, err := kprobe(symbol, prog, opts, false) if err != nil { return nil, err } - lnk, err := attachPerfEvent(k, prog) + lnk, err := attachPerfEvent(k, prog, opts.cookie()) if err != nil { k.Close() return nil, err @@ -115,6 +84,10 @@ func Kprobe(symbol string, prog *ebpf.Program, opts *KprobeOptions) (Link, error // and prevent further execution of prog. The Link must be Closed during // program shutdown to avoid leaking system resources. // +// If attaching to symbol fails, automatically retries with the running +// platform's syscall prefix (e.g. __x64_) to support attaching to syscalls +// in a portable fashion. +// // On kernels 5.10 and earlier, setting a kretprobe on a nonexistent symbol // incorrectly returns unix.EINVAL instead of os.ErrNotExist. func Kretprobe(symbol string, prog *ebpf.Program, opts *KprobeOptions) (Link, error) { @@ -123,7 +96,7 @@ func Kretprobe(symbol string, prog *ebpf.Program, opts *KprobeOptions) (Link, er return nil, err } - lnk, err := attachPerfEvent(k, prog) + lnk, err := attachPerfEvent(k, prog, opts.cookie()) if err != nil { k.Close() return nil, err @@ -175,51 +148,51 @@ func kprobe(symbol string, prog *ebpf.Program, opts *KprobeOptions, ret bool) (* return nil, fmt.Errorf("eBPF program type %s is not a Kprobe: %w", prog.Type(), errInvalidInput) } - args := probeArgs{ - pid: perfAllThreads, - symbol: symbol, - ret: ret, + args := tracefs.ProbeArgs{ + Type: tracefs.Kprobe, + Pid: perfAllThreads, + Symbol: symbol, + Ret: ret, } if opts != nil { - args.retprobeMaxActive = opts.RetprobeMaxActive - args.cookie = opts.Cookie - args.offset = opts.Offset + args.RetprobeMaxActive = opts.RetprobeMaxActive + args.Cookie = opts.Cookie + args.Offset = opts.Offset + args.Group = opts.TraceFSPrefix } // Use kprobe PMU if the kernel has it available. - tp, err := pmuKprobe(args) + tp, err := pmuProbe(args) if errors.Is(err, os.ErrNotExist) || errors.Is(err, unix.EINVAL) { - args.symbol = platformPrefix(symbol) - tp, err = pmuKprobe(args) + if prefix := internal.PlatformPrefix(); prefix != "" { + args.Symbol = prefix + symbol + tp, err = pmuProbe(args) + } } if err == nil { return tp, nil } if err != nil && !errors.Is(err, ErrNotSupported) { - return nil, fmt.Errorf("creating perf_kprobe PMU: %w", err) + return nil, fmt.Errorf("creating perf_kprobe PMU (arch-specific fallback for %q): %w", symbol, err) } // Use tracefs if kprobe PMU is missing. - args.symbol = symbol - tp, err = tracefsKprobe(args) + args.Symbol = symbol + tp, err = tracefsProbe(args) if errors.Is(err, os.ErrNotExist) || errors.Is(err, unix.EINVAL) { - args.symbol = platformPrefix(symbol) - tp, err = tracefsKprobe(args) + if prefix := internal.PlatformPrefix(); prefix != "" { + args.Symbol = prefix + symbol + tp, err = tracefsProbe(args) + } } if err != nil { - return nil, fmt.Errorf("creating trace event '%s' in tracefs: %w", symbol, err) + return nil, fmt.Errorf("creating tracefs event (arch-specific fallback for %q): %w", symbol, err) } return tp, nil } -// pmuKprobe opens a perf event based on the kprobe PMU. -// Returns os.ErrNotExist if the given symbol does not exist in the kernel. -func pmuKprobe(args probeArgs) (*perfEvent, error) { - return pmuProbe(kprobeType, args) -} - // pmuProbe opens a perf event based on a Performance Monitoring Unit. // // Requires at least a 4.17 kernel. @@ -227,25 +200,25 @@ func pmuKprobe(args probeArgs) (*perfEvent, error) { // 33ea4b24277b "perf/core: Implement the 'perf_uprobe' PMU" // // Returns ErrNotSupported if the kernel doesn't support perf_[k,u]probe PMU -func pmuProbe(typ probeType, args probeArgs) (*perfEvent, error) { +func pmuProbe(args tracefs.ProbeArgs) (*perfEvent, error) { // Getting the PMU type will fail if the kernel doesn't support // the perf_[k,u]probe PMU. - et, err := readUint64FromFileOnce("%d\n", "/sys/bus/event_source/devices", typ.String(), "type") + eventType, err := internal.ReadUint64FromFileOnce("%d\n", "/sys/bus/event_source/devices", args.Type.String(), "type") if errors.Is(err, os.ErrNotExist) { - return nil, fmt.Errorf("%s: %w", typ, ErrNotSupported) + return nil, fmt.Errorf("%s: %w", args.Type, ErrNotSupported) } if err != nil { return nil, err } // Use tracefs if we want to set kretprobe's retprobeMaxActive. - if args.retprobeMaxActive != 0 { + if args.RetprobeMaxActive != 0 { return nil, fmt.Errorf("pmu probe: non-zero retprobeMaxActive: %w", ErrNotSupported) } var config uint64 - if args.ret { - bit, err := readUint64FromFileOnce("config:%d\n", "/sys/bus/event_source/devices", typ.String(), "/format/retprobe") + if args.Ret { + bit, err := internal.ReadUint64FromFileOnce("config:%d\n", "/sys/bus/event_source/devices", args.Type.String(), "/format/retprobe") if err != nil { return nil, err } @@ -257,36 +230,36 @@ func pmuProbe(typ probeType, args probeArgs) (*perfEvent, error) { sp unsafe.Pointer token string ) - switch typ { - case kprobeType: + switch args.Type { + case tracefs.Kprobe: // Create a pointer to a NUL-terminated string for the kernel. - sp, err = unsafeStringPtr(args.symbol) + sp, err = unsafeStringPtr(args.Symbol) if err != nil { return nil, err } - token = kprobeToken(args) + token = tracefs.KprobeToken(args) attr = unix.PerfEventAttr{ // The minimum size required for PMU kprobes is PERF_ATTR_SIZE_VER1, // since it added the config2 (Ext2) field. Use Ext2 as probe_offset. Size: unix.PERF_ATTR_SIZE_VER1, - Type: uint32(et), // PMU event type read from sysfs + Type: uint32(eventType), // PMU event type read from sysfs Ext1: uint64(uintptr(sp)), // Kernel symbol to trace - Ext2: args.offset, // Kernel symbol offset + Ext2: args.Offset, // Kernel symbol offset Config: config, // Retprobe flag } - case uprobeType: - sp, err = unsafeStringPtr(args.path) + case tracefs.Uprobe: + sp, err = unsafeStringPtr(args.Path) if err != nil { return nil, err } - if args.refCtrOffset != 0 { - config |= args.refCtrOffset << uprobeRefCtrOffsetShift + if args.RefCtrOffset != 0 { + config |= args.RefCtrOffset << uprobeRefCtrOffsetShift } - token = uprobeToken(args) + token = tracefs.UprobeToken(args) attr = unix.PerfEventAttr{ // The minimum size required for PMU uprobes is PERF_ATTR_SIZE_VER1, @@ -294,19 +267,19 @@ func pmuProbe(typ probeType, args probeArgs) (*perfEvent, error) { // size of the internal buffer the kernel allocates for reading the // perf_event_attr argument from userspace. Size: unix.PERF_ATTR_SIZE_VER1, - Type: uint32(et), // PMU event type read from sysfs + Type: uint32(eventType), // PMU event type read from sysfs Ext1: uint64(uintptr(sp)), // Uprobe path - Ext2: args.offset, // Uprobe offset + Ext2: args.Offset, // Uprobe offset Config: config, // RefCtrOffset, Retprobe flag } } - rawFd, err := unix.PerfEventOpen(&attr, args.pid, 0, -1, unix.PERF_FLAG_FD_CLOEXEC) + rawFd, err := unix.PerfEventOpen(&attr, args.Pid, 0, -1, unix.PERF_FLAG_FD_CLOEXEC) // On some old kernels, kprobe PMU doesn't allow `.` in symbol names and // return -EINVAL. Return ErrNotSupported to allow falling back to tracefs. // https://github.com/torvalds/linux/blob/94710cac0ef4/kernel/trace/trace_kprobe.c#L340-L343 - if errors.Is(err, unix.EINVAL) && strings.Contains(args.symbol, ".") { + if errors.Is(err, unix.EINVAL) && strings.Contains(args.Symbol, ".") { return nil, fmt.Errorf("token %s: older kernels don't accept dots: %w", token, ErrNotSupported) } // Since commit 97c753e62e6c, ENOENT is correctly returned instead of EINVAL @@ -323,7 +296,7 @@ func pmuProbe(typ probeType, args probeArgs) (*perfEvent, error) { // Since at least commit cb9a19fe4aa51, ENOTSUPP is returned // when attempting to set a uprobe on a trap instruction. if errors.Is(err, sys.ENOTSUPP) { - return nil, fmt.Errorf("token %s: failed setting uprobe on offset %#x (possible trap insn): %w", token, args.offset, err) + return nil, fmt.Errorf("token %s: failed setting uprobe on offset %#x (possible trap insn): %w", token, args.Offset, err) } if err != nil { @@ -339,18 +312,7 @@ func pmuProbe(typ probeType, args probeArgs) (*perfEvent, error) { } // Kernel has perf_[k,u]probe PMU available, initialize perf event. - return &perfEvent{ - typ: typ.PerfEventType(args.ret), - name: args.symbol, - pmuID: et, - cookie: args.cookie, - fd: fd, - }, nil -} - -// tracefsKprobe creates a Kprobe tracefs entry. -func tracefsKprobe(args probeArgs) (*perfEvent, error) { - return tracefsProbe(kprobeType, args) + return newPerfEvent(fd, nil), nil } // tracefsProbe creates a trace event by writing an entry to /[k,u]probe_events. @@ -359,216 +321,37 @@ func tracefsKprobe(args probeArgs) (*perfEvent, error) { // Path and offset are only set in the case of uprobe(s) and are used to set // the executable/library path on the filesystem and the offset where the probe is inserted. // A perf event is then opened on the newly-created trace event and returned to the caller. -func tracefsProbe(typ probeType, args probeArgs) (*perfEvent, error) { +func tracefsProbe(args tracefs.ProbeArgs) (*perfEvent, error) { + groupPrefix := "ebpf" + if args.Group != "" { + groupPrefix = args.Group + } + // Generate a random string for each trace event we attempt to create. // This value is used as the 'group' token in tracefs to allow creating // multiple kprobe trace events with the same name. - group, err := randomGroup("ebpf") + group, err := tracefs.RandomGroup(groupPrefix) if err != nil { return nil, fmt.Errorf("randomizing group name: %w", err) } - args.group = group + args.Group = group // Create the [k,u]probe trace event using tracefs. - tid, err := createTraceFSProbeEvent(typ, args) + evt, err := tracefs.NewEvent(args) if err != nil { return nil, fmt.Errorf("creating probe entry on tracefs: %w", err) } // Kprobes are ephemeral tracepoints and share the same perf event type. - fd, err := openTracepointPerfEvent(tid, args.pid) + fd, err := openTracepointPerfEvent(evt.ID(), args.Pid) if err != nil { // Make sure we clean up the created tracefs event when we return error. // If a livepatch handler is already active on the symbol, the write to // tracefs will succeed, a trace event will show up, but creating the // perf event will fail with EBUSY. - _ = closeTraceFSProbeEvent(typ, args.group, args.symbol) + _ = evt.Close() return nil, err } - return &perfEvent{ - typ: typ.PerfEventType(args.ret), - group: group, - name: args.symbol, - tracefsID: tid, - cookie: args.cookie, - fd: fd, - }, nil -} - -var errInvalidMaxActive = errors.New("can only set maxactive on kretprobes") - -// createTraceFSProbeEvent creates a new ephemeral trace event. -// -// Returns os.ErrNotExist if symbol is not a valid -// kernel symbol, or if it is not traceable with kprobes. Returns os.ErrExist -// if a probe with the same group and symbol already exists. Returns an error if -// args.retprobeMaxActive is used on non kprobe types. Returns ErrNotSupported if -// the kernel is too old to support kretprobe maxactive. -func createTraceFSProbeEvent(typ probeType, args probeArgs) (uint64, error) { - // Before attempting to create a trace event through tracefs, - // check if an event with the same group and name already exists. - // Kernels 4.x and earlier don't return os.ErrExist on writing a duplicate - // entry, so we need to rely on reads for detecting uniqueness. - _, err := getTraceEventID(args.group, args.symbol) - if err == nil { - return 0, fmt.Errorf("trace event %s/%s: %w", args.group, args.symbol, os.ErrExist) - } - if err != nil && !errors.Is(err, os.ErrNotExist) { - return 0, fmt.Errorf("checking trace event %s/%s: %w", args.group, args.symbol, err) - } - - // Open the kprobe_events file in tracefs. - f, err := os.OpenFile(typ.EventsPath(), os.O_APPEND|os.O_WRONLY, 0666) - if err != nil { - return 0, fmt.Errorf("error opening '%s': %w", typ.EventsPath(), err) - } - defer f.Close() - - var pe, token string - switch typ { - case kprobeType: - // The kprobe_events syntax is as follows (see Documentation/trace/kprobetrace.txt): - // p[:[GRP/]EVENT] [MOD:]SYM[+offs]|MEMADDR [FETCHARGS] : Set a probe - // r[MAXACTIVE][:[GRP/]EVENT] [MOD:]SYM[+0] [FETCHARGS] : Set a return probe - // -:[GRP/]EVENT : Clear a probe - // - // Some examples: - // r:ebpf_1234/r_my_kretprobe nf_conntrack_destroy - // p:ebpf_5678/p_my_kprobe __x64_sys_execve - // - // Leaving the kretprobe's MAXACTIVE set to 0 (or absent) will make the - // kernel default to NR_CPUS. This is desired in most eBPF cases since - // subsampling or rate limiting logic can be more accurately implemented in - // the eBPF program itself. - // See Documentation/kprobes.txt for more details. - if args.retprobeMaxActive != 0 && !args.ret { - return 0, errInvalidMaxActive - } - token = kprobeToken(args) - pe = fmt.Sprintf("%s:%s/%s %s", probePrefix(args.ret, args.retprobeMaxActive), args.group, sanitizeSymbol(args.symbol), token) - case uprobeType: - // The uprobe_events syntax is as follows: - // p[:[GRP/]EVENT] PATH:OFFSET [FETCHARGS] : Set a probe - // r[:[GRP/]EVENT] PATH:OFFSET [FETCHARGS] : Set a return probe - // -:[GRP/]EVENT : Clear a probe - // - // Some examples: - // r:ebpf_1234/readline /bin/bash:0x12345 - // p:ebpf_5678/main_mySymbol /bin/mybin:0x12345(0x123) - // - // See Documentation/trace/uprobetracer.txt for more details. - if args.retprobeMaxActive != 0 { - return 0, errInvalidMaxActive - } - token = uprobeToken(args) - pe = fmt.Sprintf("%s:%s/%s %s", probePrefix(args.ret, 0), args.group, args.symbol, token) - } - _, err = f.WriteString(pe) - - // Since commit 97c753e62e6c, ENOENT is correctly returned instead of EINVAL - // when trying to create a retprobe for a missing symbol. - if errors.Is(err, os.ErrNotExist) { - return 0, fmt.Errorf("token %s: not found: %w", token, err) - } - // Since commit ab105a4fb894, EILSEQ is returned when a kprobe sym+offset is resolved - // to an invalid insn boundary. The exact conditions that trigger this error are - // arch specific however. - if errors.Is(err, syscall.EILSEQ) { - return 0, fmt.Errorf("token %s: bad insn boundary: %w", token, os.ErrNotExist) - } - // ERANGE is returned when the `SYM[+offs]` token is too big and cannot - // be resolved. - if errors.Is(err, syscall.ERANGE) { - return 0, fmt.Errorf("token %s: offset too big: %w", token, os.ErrNotExist) - } - - if err != nil { - return 0, fmt.Errorf("token %s: writing '%s': %w", token, pe, err) - } - - // Get the newly-created trace event's id. - tid, err := getTraceEventID(args.group, args.symbol) - if args.retprobeMaxActive != 0 && errors.Is(err, os.ErrNotExist) { - // Kernels < 4.12 don't support maxactive and therefore auto generate - // group and event names from the symbol and offset. The symbol is used - // without any sanitization. - // See https://elixir.bootlin.com/linux/v4.10/source/kernel/trace/trace_kprobe.c#L712 - event := fmt.Sprintf("kprobes/r_%s_%d", args.symbol, args.offset) - if err := removeTraceFSProbeEvent(typ, event); err != nil { - return 0, fmt.Errorf("failed to remove spurious maxactive event: %s", err) - } - return 0, fmt.Errorf("create trace event with non-default maxactive: %w", ErrNotSupported) - } - if err != nil { - return 0, fmt.Errorf("get trace event id: %w", err) - } - - return tid, nil -} - -// closeTraceFSProbeEvent removes the [k,u]probe with the given type, group and symbol -// from /[k,u]probe_events. -func closeTraceFSProbeEvent(typ probeType, group, symbol string) error { - pe := fmt.Sprintf("%s/%s", group, sanitizeSymbol(symbol)) - return removeTraceFSProbeEvent(typ, pe) -} - -func removeTraceFSProbeEvent(typ probeType, pe string) error { - f, err := os.OpenFile(typ.EventsPath(), os.O_APPEND|os.O_WRONLY, 0666) - if err != nil { - return fmt.Errorf("error opening %s: %w", typ.EventsPath(), err) - } - defer f.Close() - - // See [k,u]probe_events syntax above. The probe type does not need to be specified - // for removals. - if _, err = f.WriteString("-:" + pe); err != nil { - return fmt.Errorf("remove event %q from %s: %w", pe, typ.EventsPath(), err) - } - - return nil -} - -// randomGroup generates a pseudorandom string for use as a tracefs group name. -// Returns an error when the output string would exceed 63 characters (kernel -// limitation), when rand.Read() fails or when prefix contains characters not -// allowed by isValidTraceID. -func randomGroup(prefix string) (string, error) { - if !isValidTraceID(prefix) { - return "", fmt.Errorf("prefix '%s' must be alphanumeric or underscore: %w", prefix, errInvalidInput) - } - - b := make([]byte, 8) - if _, err := rand.Read(b); err != nil { - return "", fmt.Errorf("reading random bytes: %w", err) - } - - group := fmt.Sprintf("%s_%x", prefix, b) - if len(group) > 63 { - return "", fmt.Errorf("group name '%s' cannot be longer than 63 characters: %w", group, errInvalidInput) - } - - return group, nil -} - -func probePrefix(ret bool, maxActive int) string { - if ret { - if maxActive > 0 { - return fmt.Sprintf("r%d", maxActive) - } - return "r" - } - return "p" -} - -// kprobeToken creates the SYM[+offs] token for the tracefs api. -func kprobeToken(args probeArgs) string { - po := args.symbol - - if args.offset != 0 { - po += fmt.Sprintf("+%#x", args.offset) - } - - return po + return newPerfEvent(fd, evt), nil } diff --git a/vendor/github.com/cilium/ebpf/link/kprobe_multi.go b/vendor/github.com/cilium/ebpf/link/kprobe_multi.go index 151f47d6687..697c6d7362a 100644 --- a/vendor/github.com/cilium/ebpf/link/kprobe_multi.go +++ b/vendor/github.com/cilium/ebpf/link/kprobe_multi.go @@ -28,7 +28,7 @@ type KprobeMultiOptions struct { // limits the attach point to the function entry or return. // // Mutually exclusive with Symbols. - Addresses []uint64 + Addresses []uintptr // Cookies specifies arbitrary values that can be fetched from an eBPF // program via `bpf_get_attach_cookie()`. diff --git a/vendor/github.com/cilium/ebpf/link/link.go b/vendor/github.com/cilium/ebpf/link/link.go index d4eeb92de0f..36acd6ee4b9 100644 --- a/vendor/github.com/cilium/ebpf/link/link.go +++ b/vendor/github.com/cilium/ebpf/link/link.go @@ -46,6 +46,18 @@ type Link interface { isLink() } +// NewLinkFromFD creates a link from a raw fd. +// +// You should not use fd after calling this function. +func NewLinkFromFD(fd int) (Link, error) { + sysFD, err := sys.NewFD(fd) + if err != nil { + return nil, err + } + + return wrapRawLink(&RawLink{fd: sysFD}) +} + // LoadPinnedLink loads a link that was persisted into a bpffs. func LoadPinnedLink(fileName string, opts *ebpf.LoadPinOptions) (Link, error) { raw, err := loadPinnedRawLink(fileName, opts) @@ -59,10 +71,15 @@ func LoadPinnedLink(fileName string, opts *ebpf.LoadPinOptions) (Link, error) { // wrap a RawLink in a more specific type if possible. // // The function takes ownership of raw and closes it on error. -func wrapRawLink(raw *RawLink) (Link, error) { +func wrapRawLink(raw *RawLink) (_ Link, err error) { + defer func() { + if err != nil { + raw.Close() + } + }() + info, err := raw.Info() if err != nil { - raw.Close() return nil, err } @@ -77,6 +94,10 @@ func wrapRawLink(raw *RawLink) (Link, error) { return &Iter{*raw}, nil case NetNsType: return &NetNsLink{*raw}, nil + case KprobeMultiType: + return &kprobeMultiLink{*raw}, nil + case PerfEventType: + return nil, fmt.Errorf("recovering perf event fd: %w", ErrNotSupported) default: return raw, nil } @@ -172,7 +193,7 @@ func AttachRawLink(opts RawLinkOptions) (*RawLink, error) { TargetFd: uint32(opts.Target), ProgFd: uint32(progFd), AttachType: sys.AttachType(opts.Attach), - TargetBtfId: uint32(opts.BTF), + TargetBtfId: opts.BTF, Flags: opts.Flags, } fd, err := sys.LinkCreate(&attr) diff --git a/vendor/github.com/cilium/ebpf/link/perf_event.go b/vendor/github.com/cilium/ebpf/link/perf_event.go index 61f80627a01..5f7a628b3d7 100644 --- a/vendor/github.com/cilium/ebpf/link/perf_event.go +++ b/vendor/github.com/cilium/ebpf/link/perf_event.go @@ -1,20 +1,16 @@ package link import ( - "bytes" "errors" "fmt" - "os" - "path/filepath" "runtime" - "strings" - "sync" "unsafe" "github.com/cilium/ebpf" "github.com/cilium/ebpf/asm" "github.com/cilium/ebpf/internal" "github.com/cilium/ebpf/internal/sys" + "github.com/cilium/ebpf/internal/tracefs" "github.com/cilium/ebpf/internal/unix" ) @@ -42,67 +38,41 @@ import ( // stops any further invocations of the attached eBPF program. var ( - tracefsPath = "/sys/kernel/debug/tracing" - - errInvalidInput = errors.New("invalid input") + errInvalidInput = tracefs.ErrInvalidInput ) const ( perfAllThreads = -1 ) -type perfEventType uint8 - -const ( - tracepointEvent perfEventType = iota - kprobeEvent - kretprobeEvent - uprobeEvent - uretprobeEvent -) - // A perfEvent represents a perf event kernel object. Exactly one eBPF program // can be attached to it. It is created based on a tracefs trace event or a // Performance Monitoring Unit (PMU). type perfEvent struct { - // The event type determines the types of programs that can be attached. - typ perfEventType - - // Group and name of the tracepoint/kprobe/uprobe. - group string - name string - - // PMU event ID read from sysfs. Valid IDs are non-zero. - pmuID uint64 - // ID of the trace event read from tracefs. Valid IDs are non-zero. - tracefsID uint64 - - // User provided arbitrary value. - cookie uint64 + // Trace event backing this perfEvent. May be nil. + tracefsEvent *tracefs.Event // This is the perf event FD. fd *sys.FD } +func newPerfEvent(fd *sys.FD, event *tracefs.Event) *perfEvent { + pe := &perfEvent{event, fd} + // Both event and fd have their own finalizer, but we want to + // guarantee that they are closed in a certain order. + runtime.SetFinalizer(pe, (*perfEvent).Close) + return pe +} + func (pe *perfEvent) Close() error { + runtime.SetFinalizer(pe, nil) + if err := pe.fd.Close(); err != nil { return fmt.Errorf("closing perf event fd: %w", err) } - switch pe.typ { - case kprobeEvent, kretprobeEvent: - // Clean up kprobe tracefs entry. - if pe.tracefsID != 0 { - return closeTraceFSProbeEvent(kprobeType, pe.group, pe.name) - } - case uprobeEvent, uretprobeEvent: - // Clean up uprobe tracefs entry. - if pe.tracefsID != 0 { - return closeTraceFSProbeEvent(uprobeType, pe.group, pe.name) - } - case tracepointEvent: - // Tracepoint trace events don't hold any extra resources. - return nil + if pe.tracefsEvent != nil { + return pe.tracefsEvent.Close() } return nil @@ -136,10 +106,14 @@ func (pl *perfEventLink) Unpin() error { } func (pl *perfEventLink) Close() error { + if err := pl.fd.Close(); err != nil { + return fmt.Errorf("perf link close: %w", err) + } + if err := pl.pe.Close(); err != nil { - return fmt.Errorf("perf event link close: %w", err) + return fmt.Errorf("perf event close: %w", err) } - return pl.fd.Close() + return nil } func (pl *perfEventLink) Update(prog *ebpf.Program) error { @@ -183,7 +157,7 @@ func (pi *perfEventIoctl) Info() (*Info, error) { // attach the given eBPF prog to the perf event stored in pe. // pe must contain a valid perf event fd. // prog's type must match the program type stored in pe. -func attachPerfEvent(pe *perfEvent, prog *ebpf.Program) (Link, error) { +func attachPerfEvent(pe *perfEvent, prog *ebpf.Program, cookie uint64) (Link, error) { if prog == nil { return nil, errors.New("cannot attach a nil program") } @@ -191,30 +165,18 @@ func attachPerfEvent(pe *perfEvent, prog *ebpf.Program) (Link, error) { return nil, fmt.Errorf("invalid program: %w", sys.ErrClosedFd) } - switch pe.typ { - case kprobeEvent, kretprobeEvent, uprobeEvent, uretprobeEvent: - if t := prog.Type(); t != ebpf.Kprobe { - return nil, fmt.Errorf("invalid program type (expected %s): %s", ebpf.Kprobe, t) - } - case tracepointEvent: - if t := prog.Type(); t != ebpf.TracePoint { - return nil, fmt.Errorf("invalid program type (expected %s): %s", ebpf.TracePoint, t) - } - default: - return nil, fmt.Errorf("unknown perf event type: %d", pe.typ) + if err := haveBPFLinkPerfEvent(); err == nil { + return attachPerfEventLink(pe, prog, cookie) } - if err := haveBPFLinkPerfEvent(); err == nil { - return attachPerfEventLink(pe, prog) + if cookie != 0 { + return nil, fmt.Errorf("cookies are not supported: %w", ErrNotSupported) } + return attachPerfEventIoctl(pe, prog) } func attachPerfEventIoctl(pe *perfEvent, prog *ebpf.Program) (*perfEventIoctl, error) { - if pe.cookie != 0 { - return nil, fmt.Errorf("cookies are not supported: %w", ErrNotSupported) - } - // Assign the eBPF program to the perf event. err := unix.IoctlSetInt(pe.fd.Int(), unix.PERF_EVENT_IOC_SET_BPF, prog.FD()) if err != nil { @@ -226,32 +188,24 @@ func attachPerfEventIoctl(pe *perfEvent, prog *ebpf.Program) (*perfEventIoctl, e return nil, fmt.Errorf("enable perf event: %s", err) } - pi := &perfEventIoctl{pe} - - // Close the perf event when its reference is lost to avoid leaking system resources. - runtime.SetFinalizer(pi, (*perfEventIoctl).Close) - return pi, nil + return &perfEventIoctl{pe}, nil } // Use the bpf api to attach the perf event (BPF_LINK_TYPE_PERF_EVENT, 5.15+). // // https://github.com/torvalds/linux/commit/b89fbfbb854c9afc3047e8273cc3a694650b802e -func attachPerfEventLink(pe *perfEvent, prog *ebpf.Program) (*perfEventLink, error) { +func attachPerfEventLink(pe *perfEvent, prog *ebpf.Program, cookie uint64) (*perfEventLink, error) { fd, err := sys.LinkCreatePerfEvent(&sys.LinkCreatePerfEventAttr{ ProgFd: uint32(prog.FD()), TargetFd: pe.fd.Uint(), AttachType: sys.BPF_PERF_EVENT, - BpfCookie: pe.cookie, + BpfCookie: cookie, }) if err != nil { return nil, fmt.Errorf("cannot create bpf perf link: %v", err) } - pl := &perfEventLink{RawLink{fd: fd}, pe} - - // Close the perf event when its reference is lost to avoid leaking system resources. - runtime.SetFinalizer(pl, (*perfEventLink).Close) - return pl, nil + return &perfEventLink{RawLink{fd: fd}, pe}, nil } // unsafeStringPtr returns an unsafe.Pointer to a NUL-terminated copy of str. @@ -263,28 +217,6 @@ func unsafeStringPtr(str string) (unsafe.Pointer, error) { return unsafe.Pointer(p), nil } -// getTraceEventID reads a trace event's ID from tracefs given its group and name. -// The kernel requires group and name to be alphanumeric or underscore. -// -// name automatically has its invalid symbols converted to underscores so the caller -// can pass a raw symbol name, e.g. a kernel symbol containing dots. -func getTraceEventID(group, name string) (uint64, error) { - name = sanitizeSymbol(name) - path, err := sanitizePath(tracefsPath, "events", group, name, "id") - if err != nil { - return 0, err - } - tid, err := readUint64FromFile("%d\n", path) - if errors.Is(err, os.ErrNotExist) { - return 0, err - } - if err != nil { - return 0, fmt.Errorf("reading trace event ID of %s/%s: %w", group, name, err) - } - - return tid, nil -} - // openTracepointPerfEvent opens a tracepoint-type perf event. System-wide // [k,u]probes created by writing to /[k,u]probe_events are tracepoints // behind the scenes, and can be attached to using these perf events. @@ -305,77 +237,6 @@ func openTracepointPerfEvent(tid uint64, pid int) (*sys.FD, error) { return sys.NewFD(fd) } -func sanitizePath(base string, path ...string) (string, error) { - l := filepath.Join(path...) - p := filepath.Join(base, l) - if !strings.HasPrefix(p, base) { - return "", fmt.Errorf("path '%s' attempts to escape base path '%s': %w", l, base, errInvalidInput) - } - return p, nil -} - -// readUint64FromFile reads a uint64 from a file. -// -// format specifies the contents of the file in fmt.Scanf syntax. -func readUint64FromFile(format string, path ...string) (uint64, error) { - filename := filepath.Join(path...) - data, err := os.ReadFile(filename) - if err != nil { - return 0, fmt.Errorf("reading file %q: %w", filename, err) - } - - var value uint64 - n, err := fmt.Fscanf(bytes.NewReader(data), format, &value) - if err != nil { - return 0, fmt.Errorf("parsing file %q: %w", filename, err) - } - if n != 1 { - return 0, fmt.Errorf("parsing file %q: expected 1 item, got %d", filename, n) - } - - return value, nil -} - -type uint64FromFileKey struct { - format, path string -} - -var uint64FromFileCache = struct { - sync.RWMutex - values map[uint64FromFileKey]uint64 -}{ - values: map[uint64FromFileKey]uint64{}, -} - -// readUint64FromFileOnce is like readUint64FromFile but memoizes the result. -func readUint64FromFileOnce(format string, path ...string) (uint64, error) { - filename := filepath.Join(path...) - key := uint64FromFileKey{format, filename} - - uint64FromFileCache.RLock() - if value, ok := uint64FromFileCache.values[key]; ok { - uint64FromFileCache.RUnlock() - return value, nil - } - uint64FromFileCache.RUnlock() - - value, err := readUint64FromFile(format, filename) - if err != nil { - return 0, err - } - - uint64FromFileCache.Lock() - defer uint64FromFileCache.Unlock() - - if value, ok := uint64FromFileCache.values[key]; ok { - // Someone else got here before us, use what is cached. - return value, nil - } - - uint64FromFileCache.values[key] = value - return value, nil -} - // Probe BPF perf link. // // https://elixir.bootlin.com/linux/v5.16.8/source/kernel/bpf/syscall.c#L4307 @@ -407,28 +268,3 @@ var haveBPFLinkPerfEvent = internal.NewFeatureTest("bpf_link_perf_event", "5.15" } return err }) - -// isValidTraceID implements the equivalent of a regex match -// against "^[a-zA-Z_][0-9a-zA-Z_]*$". -// -// Trace event groups, names and kernel symbols must adhere to this set -// of characters. Non-empty, first character must not be a number, all -// characters must be alphanumeric or underscore. -func isValidTraceID(s string) bool { - if len(s) < 1 { - return false - } - for i, c := range []byte(s) { - switch { - case c >= 'a' && c <= 'z': - case c >= 'A' && c <= 'Z': - case c == '_': - case i > 0 && c >= '0' && c <= '9': - - default: - return false - } - } - - return true -} diff --git a/vendor/github.com/cilium/ebpf/link/platform.go b/vendor/github.com/cilium/ebpf/link/platform.go deleted file mode 100644 index eb6f7b7a376..00000000000 --- a/vendor/github.com/cilium/ebpf/link/platform.go +++ /dev/null @@ -1,25 +0,0 @@ -package link - -import ( - "fmt" - "runtime" -) - -func platformPrefix(symbol string) string { - - prefix := runtime.GOARCH - - // per https://github.com/golang/go/blob/master/src/go/build/syslist.go - switch prefix { - case "386": - prefix = "ia32" - case "amd64", "amd64p32": - prefix = "x64" - case "arm64", "arm64be": - prefix = "arm64" - default: - return symbol - } - - return fmt.Sprintf("__%s_%s", prefix, symbol) -} diff --git a/vendor/github.com/cilium/ebpf/link/query.go b/vendor/github.com/cilium/ebpf/link/query.go index 8c882414d20..c05656512d5 100644 --- a/vendor/github.com/cilium/ebpf/link/query.go +++ b/vendor/github.com/cilium/ebpf/link/query.go @@ -21,9 +21,9 @@ type QueryOptions struct { // QueryPrograms retrieves ProgramIDs associated with the AttachType. // -// It only returns IDs of programs that were attached using PROG_ATTACH and not bpf_link. -// Returns (nil, nil) if there are no programs attached to the queried kernel resource. -// Calling QueryPrograms on a kernel missing PROG_QUERY will result in ErrNotSupported. +// Returns (nil, nil) if there are no programs attached to the queried kernel +// resource. Calling QueryPrograms on a kernel missing PROG_QUERY will result in +// ErrNotSupported. func QueryPrograms(opts QueryOptions) ([]ebpf.ProgramID, error) { if haveProgQuery() != nil { return nil, fmt.Errorf("can't query program IDs: %w", ErrNotSupported) diff --git a/vendor/github.com/cilium/ebpf/link/socket_filter.go b/vendor/github.com/cilium/ebpf/link/socket_filter.go index 94f3958cc4d..84f0b656f80 100644 --- a/vendor/github.com/cilium/ebpf/link/socket_filter.go +++ b/vendor/github.com/cilium/ebpf/link/socket_filter.go @@ -15,7 +15,7 @@ func AttachSocketFilter(conn syscall.Conn, program *ebpf.Program) error { } var ssoErr error err = rawConn.Control(func(fd uintptr) { - ssoErr = syscall.SetsockoptInt(int(fd), unix.SOL_SOCKET, unix.SO_ATTACH_BPF, program.FD()) + ssoErr = unix.SetsockoptInt(int(fd), unix.SOL_SOCKET, unix.SO_ATTACH_BPF, program.FD()) }) if ssoErr != nil { return ssoErr @@ -31,7 +31,7 @@ func DetachSocketFilter(conn syscall.Conn) error { } var ssoErr error err = rawConn.Control(func(fd uintptr) { - ssoErr = syscall.SetsockoptInt(int(fd), unix.SOL_SOCKET, unix.SO_DETACH_BPF, 0) + ssoErr = unix.SetsockoptInt(int(fd), unix.SOL_SOCKET, unix.SO_DETACH_BPF, 0) }) if ssoErr != nil { return ssoErr diff --git a/vendor/github.com/cilium/ebpf/link/syscalls.go b/vendor/github.com/cilium/ebpf/link/syscalls.go index 38f7ae9b786..c9c998c2014 100644 --- a/vendor/github.com/cilium/ebpf/link/syscalls.go +++ b/vendor/github.com/cilium/ebpf/link/syscalls.go @@ -46,7 +46,7 @@ var haveProgAttach = internal.NewFeatureTest("BPF_PROG_ATTACH", "4.10", func() e return nil }) -var haveProgAttachReplace = internal.NewFeatureTest("BPF_PROG_ATTACH atomic replacement", "5.5", func() error { +var haveProgAttachReplace = internal.NewFeatureTest("BPF_PROG_ATTACH atomic replacement of MULTI progs", "5.5", func() error { if err := haveProgAttach(); err != nil { return err } diff --git a/vendor/github.com/cilium/ebpf/link/tracepoint.go b/vendor/github.com/cilium/ebpf/link/tracepoint.go index a59ef9d1c52..95f5fae3b09 100644 --- a/vendor/github.com/cilium/ebpf/link/tracepoint.go +++ b/vendor/github.com/cilium/ebpf/link/tracepoint.go @@ -4,6 +4,7 @@ import ( "fmt" "github.com/cilium/ebpf" + "github.com/cilium/ebpf/internal/tracefs" ) // TracepointOptions defines additional parameters that will be used @@ -17,7 +18,7 @@ type TracepointOptions struct { } // Tracepoint attaches the given eBPF program to the tracepoint with the given -// group and name. See /sys/kernel/debug/tracing/events to find available +// group and name. See /sys/kernel/tracing/events to find available // tracepoints. The top-level directory is the group, the event's subdirectory // is the name. Example: // @@ -36,14 +37,11 @@ func Tracepoint(group, name string, prog *ebpf.Program, opts *TracepointOptions) if prog == nil { return nil, fmt.Errorf("prog cannot be nil: %w", errInvalidInput) } - if !isValidTraceID(group) || !isValidTraceID(name) { - return nil, fmt.Errorf("group and name '%s/%s' must be alphanumeric or underscore: %w", group, name, errInvalidInput) - } if prog.Type() != ebpf.TracePoint { return nil, fmt.Errorf("eBPF program type %s is not a Tracepoint: %w", prog.Type(), errInvalidInput) } - tid, err := getTraceEventID(group, name) + tid, err := tracefs.EventID(group, name) if err != nil { return nil, err } @@ -58,16 +56,9 @@ func Tracepoint(group, name string, prog *ebpf.Program, opts *TracepointOptions) cookie = opts.Cookie } - pe := &perfEvent{ - typ: tracepointEvent, - group: group, - name: name, - tracefsID: tid, - cookie: cookie, - fd: fd, - } + pe := newPerfEvent(fd, nil) - lnk, err := attachPerfEvent(pe, prog) + lnk, err := attachPerfEvent(pe, prog, cookie) if err != nil { pe.Close() return nil, err diff --git a/vendor/github.com/cilium/ebpf/link/tracing.go b/vendor/github.com/cilium/ebpf/link/tracing.go index e26cc91498b..1e1a7834d8e 100644 --- a/vendor/github.com/cilium/ebpf/link/tracing.go +++ b/vendor/github.com/cilium/ebpf/link/tracing.go @@ -7,6 +7,7 @@ import ( "github.com/cilium/ebpf" "github.com/cilium/ebpf/btf" "github.com/cilium/ebpf/internal/sys" + "github.com/cilium/ebpf/internal/unix" ) type tracing struct { @@ -48,7 +49,7 @@ func AttachFreplace(targetProg *ebpf.Program, name string, prog *ebpf.Program) ( } defer btfHandle.Close() - spec, err := btfHandle.Spec() + spec, err := btfHandle.Spec(nil) if err != nil { return nil, err } @@ -87,29 +88,71 @@ type TracingOptions struct { // AttachTraceFEntry/AttachTraceFExit/AttachModifyReturn or // AttachTraceRawTp. Program *ebpf.Program + // Program attach type. Can be one of: + // - AttachTraceFEntry + // - AttachTraceFExit + // - AttachModifyReturn + // - AttachTraceRawTp + // This field is optional. + AttachType ebpf.AttachType + // Arbitrary value that can be fetched from an eBPF program + // via `bpf_get_attach_cookie()`. + Cookie uint64 } type LSMOptions struct { // Program must be of type LSM with attach type // AttachLSMMac. Program *ebpf.Program + // Arbitrary value that can be fetched from an eBPF program + // via `bpf_get_attach_cookie()`. + Cookie uint64 } // attachBTFID links all BPF program types (Tracing/LSM) that they attach to a btf_id. -func attachBTFID(program *ebpf.Program) (Link, error) { +func attachBTFID(program *ebpf.Program, at ebpf.AttachType, cookie uint64) (Link, error) { if program.FD() < 0 { return nil, fmt.Errorf("invalid program %w", sys.ErrClosedFd) } - fd, err := sys.RawTracepointOpen(&sys.RawTracepointOpenAttr{ - ProgFd: uint32(program.FD()), - }) - if errors.Is(err, sys.ENOTSUPP) { - // This may be returned by bpf_tracing_prog_attach via bpf_arch_text_poke. - return nil, fmt.Errorf("create raw tracepoint: %w", ErrNotSupported) - } - if err != nil { - return nil, fmt.Errorf("create raw tracepoint: %w", err) + var ( + fd *sys.FD + err error + ) + switch at { + case ebpf.AttachTraceFEntry, ebpf.AttachTraceFExit, ebpf.AttachTraceRawTp, + ebpf.AttachModifyReturn, ebpf.AttachLSMMac: + // Attach via BPF link + fd, err = sys.LinkCreateTracing(&sys.LinkCreateTracingAttr{ + ProgFd: uint32(program.FD()), + AttachType: sys.AttachType(at), + Cookie: cookie, + }) + if err == nil { + break + } + if !errors.Is(err, unix.EINVAL) && !errors.Is(err, sys.ENOTSUPP) { + return nil, fmt.Errorf("create tracing link: %w", err) + } + fallthrough + case ebpf.AttachNone: + // Attach via RawTracepointOpen + if cookie > 0 { + return nil, fmt.Errorf("create raw tracepoint with cookie: %w", ErrNotSupported) + } + + fd, err = sys.RawTracepointOpen(&sys.RawTracepointOpenAttr{ + ProgFd: uint32(program.FD()), + }) + if errors.Is(err, sys.ENOTSUPP) { + // This may be returned by bpf_tracing_prog_attach via bpf_arch_text_poke. + return nil, fmt.Errorf("create raw tracepoint: %w", ErrNotSupported) + } + if err != nil { + return nil, fmt.Errorf("create raw tracepoint: %w", err) + } + default: + return nil, fmt.Errorf("invalid attach type: %s", at.String()) } raw := RawLink{fd: fd} @@ -124,8 +167,7 @@ func attachBTFID(program *ebpf.Program) (Link, error) { // a raw_tracepoint link. Other types return a tracing link. return &rawTracepoint{raw}, nil } - - return &tracing{RawLink: RawLink{fd: fd}}, nil + return &tracing{raw}, nil } // AttachTracing links a tracing (fentry/fexit/fmod_ret) BPF program or @@ -136,7 +178,14 @@ func AttachTracing(opts TracingOptions) (Link, error) { return nil, fmt.Errorf("invalid program type %s, expected Tracing", t) } - return attachBTFID(opts.Program) + switch opts.AttachType { + case ebpf.AttachTraceFEntry, ebpf.AttachTraceFExit, ebpf.AttachModifyReturn, + ebpf.AttachTraceRawTp, ebpf.AttachNone: + default: + return nil, fmt.Errorf("invalid attach type: %s", opts.AttachType.String()) + } + + return attachBTFID(opts.Program, opts.AttachType, opts.Cookie) } // AttachLSM links a Linux security module (LSM) BPF Program to a BPF @@ -146,5 +195,5 @@ func AttachLSM(opts LSMOptions) (Link, error) { return nil, fmt.Errorf("invalid program type %s, expected LSM", t) } - return attachBTFID(opts.Program) + return attachBTFID(opts.Program, ebpf.AttachLSMMac, opts.Cookie) } diff --git a/vendor/github.com/cilium/ebpf/link/uprobe.go b/vendor/github.com/cilium/ebpf/link/uprobe.go index aa1ad9bbef2..272bac4151d 100644 --- a/vendor/github.com/cilium/ebpf/link/uprobe.go +++ b/vendor/github.com/cilium/ebpf/link/uprobe.go @@ -5,16 +5,14 @@ import ( "errors" "fmt" "os" - "path/filepath" - "strings" + "sync" "github.com/cilium/ebpf" "github.com/cilium/ebpf/internal" + "github.com/cilium/ebpf/internal/tracefs" ) var ( - uprobeEventsPath = filepath.Join(tracefsPath, "uprobe_events") - uprobeRefCtrOffsetPMUPath = "/sys/bus/event_source/devices/uprobe/format/ref_ctr_offset" // elixir.bootlin.com/linux/v5.15-rc7/source/kernel/events/core.c#L9799 uprobeRefCtrOffsetShift = 32 @@ -37,6 +35,8 @@ type Executable struct { path string // Parsed ELF and dynamic symbols' addresses. addresses map[string]uint64 + // Keep track of symbol table lazy load. + addressesOnce sync.Once } // UprobeOptions defines additional parameters that will be used @@ -70,6 +70,17 @@ type UprobeOptions struct { // // Needs kernel 5.15+. Cookie uint64 + // Prefix used for the event name if the uprobe must be attached using tracefs. + // The group name will be formatted as `_`. + // The default empty string is equivalent to "ebpf" as the prefix. + TraceFSPrefix string +} + +func (uo *UprobeOptions) cookie() uint64 { + if uo == nil { + return 0 + } + return uo.Cookie } // To open a new Executable, use: @@ -82,32 +93,21 @@ func OpenExecutable(path string) (*Executable, error) { return nil, fmt.Errorf("path cannot be empty") } - f, err := os.Open(path) - if err != nil { - return nil, fmt.Errorf("open file '%s': %w", path, err) - } - defer f.Close() - - se, err := internal.NewSafeELFFile(f) + f, err := internal.OpenSafeELFFile(path) if err != nil { return nil, fmt.Errorf("parse ELF file: %w", err) } + defer f.Close() - if se.Type != elf.ET_EXEC && se.Type != elf.ET_DYN { + if f.Type != elf.ET_EXEC && f.Type != elf.ET_DYN { // ELF is not an executable or a shared object. return nil, errors.New("the given file is not an executable or a shared object") } - ex := Executable{ + return &Executable{ path: path, addresses: make(map[string]uint64), - } - - if err := ex.load(se); err != nil { - return nil, err - } - - return &ex, nil + }, nil } func (ex *Executable) load(f *internal.SafeELFFile) error { @@ -164,6 +164,22 @@ func (ex *Executable) address(symbol string, opts *UprobeOptions) (uint64, error return opts.Address + opts.Offset, nil } + var err error + ex.addressesOnce.Do(func() { + var f *internal.SafeELFFile + f, err = internal.OpenSafeELFFile(ex.path) + if err != nil { + err = fmt.Errorf("parse ELF file: %w", err) + return + } + defer f.Close() + + err = ex.load(f) + }) + if err != nil { + return 0, fmt.Errorf("lazy load symbols: %w", err) + } + address, ok := ex.addresses[symbol] if !ok { return 0, fmt.Errorf("symbol %s: %w", symbol, ErrNoSymbol) @@ -209,7 +225,7 @@ func (ex *Executable) Uprobe(symbol string, prog *ebpf.Program, opts *UprobeOpti return nil, err } - lnk, err := attachPerfEvent(u, prog) + lnk, err := attachPerfEvent(u, prog, opts.cookie()) if err != nil { u.Close() return nil, err @@ -243,7 +259,7 @@ func (ex *Executable) Uretprobe(symbol string, prog *ebpf.Program, opts *UprobeO return nil, err } - lnk, err := attachPerfEvent(u, prog) + lnk, err := attachPerfEvent(u, prog, opts.cookie()) if err != nil { u.Close() return nil, err @@ -281,18 +297,20 @@ func (ex *Executable) uprobe(symbol string, prog *ebpf.Program, opts *UprobeOpti } } - args := probeArgs{ - symbol: symbol, - path: ex.path, - offset: offset, - pid: pid, - refCtrOffset: opts.RefCtrOffset, - ret: ret, - cookie: opts.Cookie, + args := tracefs.ProbeArgs{ + Type: tracefs.Uprobe, + Symbol: symbol, + Path: ex.path, + Offset: offset, + Pid: pid, + RefCtrOffset: opts.RefCtrOffset, + Ret: ret, + Cookie: opts.Cookie, + Group: opts.TraceFSPrefix, } // Use uprobe PMU if the kernel has it available. - tp, err := pmuUprobe(args) + tp, err := pmuProbe(args) if err == nil { return tp, nil } @@ -301,59 +319,10 @@ func (ex *Executable) uprobe(symbol string, prog *ebpf.Program, opts *UprobeOpti } // Use tracefs if uprobe PMU is missing. - args.symbol = sanitizeSymbol(symbol) - tp, err = tracefsUprobe(args) + tp, err = tracefsProbe(args) if err != nil { return nil, fmt.Errorf("creating trace event '%s:%s' in tracefs: %w", ex.path, symbol, err) } return tp, nil } - -// pmuUprobe opens a perf event based on the uprobe PMU. -func pmuUprobe(args probeArgs) (*perfEvent, error) { - return pmuProbe(uprobeType, args) -} - -// tracefsUprobe creates a Uprobe tracefs entry. -func tracefsUprobe(args probeArgs) (*perfEvent, error) { - return tracefsProbe(uprobeType, args) -} - -// sanitizeSymbol replaces every invalid character for the tracefs api with an underscore. -// It is equivalent to calling regexp.MustCompile("[^a-zA-Z0-9]+").ReplaceAllString("_"). -func sanitizeSymbol(s string) string { - var b strings.Builder - b.Grow(len(s)) - var skip bool - for _, c := range []byte(s) { - switch { - case c >= 'a' && c <= 'z', - c >= 'A' && c <= 'Z', - c >= '0' && c <= '9': - skip = false - b.WriteByte(c) - - default: - if !skip { - b.WriteByte('_') - skip = true - } - } - } - - return b.String() -} - -// uprobeToken creates the PATH:OFFSET(REF_CTR_OFFSET) token for the tracefs api. -func uprobeToken(args probeArgs) string { - po := fmt.Sprintf("%s:%#x", args.path, args.offset) - - if args.refCtrOffset != 0 { - // This is not documented in Documentation/trace/uprobetracer.txt. - // elixir.bootlin.com/linux/v5.15-rc7/source/kernel/trace/trace.c#L5564 - po += fmt.Sprintf("(%#x)", args.refCtrOffset) - } - - return po -} diff --git a/vendor/github.com/cilium/ebpf/linker.go b/vendor/github.com/cilium/ebpf/linker.go index d97a44b2926..e0dbfcffd37 100644 --- a/vendor/github.com/cilium/ebpf/linker.go +++ b/vendor/github.com/cilium/ebpf/linker.go @@ -4,12 +4,48 @@ import ( "encoding/binary" "errors" "fmt" + "io" + "math" "github.com/cilium/ebpf/asm" "github.com/cilium/ebpf/btf" "github.com/cilium/ebpf/internal" ) +// handles stores handle objects to avoid gc cleanup +type handles []*btf.Handle + +func (hs *handles) add(h *btf.Handle) (int, error) { + if h == nil { + return 0, nil + } + + if len(*hs) == math.MaxInt16 { + return 0, fmt.Errorf("can't add more than %d module FDs to fdArray", math.MaxInt16) + } + + *hs = append(*hs, h) + + // return length of slice so that indexes start at 1 + return len(*hs), nil +} + +func (hs handles) fdArray() []int32 { + // first element of fda is reserved as no module can be indexed with 0 + fda := []int32{0} + for _, h := range hs { + fda = append(fda, int32(h.FD())) + } + + return fda +} + +func (hs handles) close() { + for _, h := range hs { + h.Close() + } +} + // splitSymbols splits insns into subsections delimited by Symbol Instructions. // insns cannot be empty and must start with a Symbol Instruction. // @@ -87,14 +123,6 @@ func applyRelocations(insns asm.Instructions, target *btf.Spec, bo binary.ByteOr bo = internal.NativeEndian } - if target == nil { - var err error - target, err = btf.LoadKernelSpec() - if err != nil { - return fmt.Errorf("load kernel spec: %w", err) - } - } - fixups, err := btf.CORERelocate(relos, target, bo) if err != nil { return err @@ -102,7 +130,7 @@ func applyRelocations(insns asm.Instructions, target *btf.Spec, bo binary.ByteOr for i, fixup := range fixups { if err := fixup.Apply(reloInsns[i]); err != nil { - return fmt.Errorf("apply fixup %s: %w", &fixup, err) + return fmt.Errorf("fixup for %s: %w", relos[i], err) } } @@ -189,8 +217,9 @@ func fixupAndValidate(insns asm.Instructions) error { ins := iter.Ins // Map load was tagged with a Reference, but does not contain a Map pointer. - if ins.IsLoadFromMap() && ins.Reference() != "" && ins.Map() == nil { - return fmt.Errorf("instruction %d: map %s: %w", iter.Index, ins.Reference(), asm.ErrUnsatisfiedMapReference) + needsMap := ins.Reference() != "" || ins.Metadata.Get(kconfigMetaKey{}) != nil + if ins.IsLoadFromMap() && needsMap && ins.Map() == nil { + return fmt.Errorf("instruction %d: %w", iter.Index, asm.ErrUnsatisfiedMapReference) } fixupProbeReadKernel(ins) @@ -199,6 +228,88 @@ func fixupAndValidate(insns asm.Instructions) error { return nil } +// fixupKfuncs loops over all instructions in search for kfunc calls. +// If at least one is found, the current kernels BTF and module BTFis are searched to set Instruction.Constant +// and Instruction.Offset to the correct values. +func fixupKfuncs(insns asm.Instructions) (handles, error) { + iter := insns.Iterate() + for iter.Next() { + ins := iter.Ins + if ins.IsKfuncCall() { + goto fixups + } + } + + return nil, nil + +fixups: + // only load the kernel spec if we found at least one kfunc call + kernelSpec, err := btf.LoadKernelSpec() + if err != nil { + return nil, err + } + + fdArray := make(handles, 0) + for { + ins := iter.Ins + + if !ins.IsKfuncCall() { + if !iter.Next() { + // break loop if this was the last instruction in the stream. + break + } + continue + } + + // check meta, if no meta return err + kfm, _ := ins.Metadata.Get(kfuncMeta{}).(*btf.Func) + if kfm == nil { + return nil, fmt.Errorf("kfunc call has no kfuncMeta") + } + + target := btf.Type((*btf.Func)(nil)) + spec, module, err := findTargetInKernel(kernelSpec, kfm.Name, &target) + if errors.Is(err, btf.ErrNotFound) { + return nil, fmt.Errorf("kfunc %q: %w", kfm.Name, ErrNotSupported) + } + if err != nil { + return nil, err + } + + if err := btf.CheckTypeCompatibility(kfm.Type, target.(*btf.Func).Type); err != nil { + return nil, &incompatibleKfuncError{kfm.Name, err} + } + + id, err := spec.TypeID(target) + if err != nil { + return nil, err + } + + idx, err := fdArray.add(module) + if err != nil { + return nil, err + } + + ins.Constant = int64(id) + ins.Offset = int16(idx) + + if !iter.Next() { + break + } + } + + return fdArray, nil +} + +type incompatibleKfuncError struct { + name string + err error +} + +func (ike *incompatibleKfuncError) Error() string { + return fmt.Sprintf("kfunc %q: %s", ike.name, ike.err) +} + // fixupProbeReadKernel replaces calls to bpf_probe_read_{kernel,user}(_str) // with bpf_probe_read(_str) on kernels that don't support it yet. func fixupProbeReadKernel(ins *asm.Instruction) { @@ -218,3 +329,63 @@ func fixupProbeReadKernel(ins *asm.Instruction) { ins.Constant = int64(asm.FnProbeReadStr) } } + +// resolveKconfigReferences creates and populates a .kconfig map if necessary. +// +// Returns a nil Map and no error if no references exist. +func resolveKconfigReferences(insns asm.Instructions) (_ *Map, err error) { + closeOnError := func(c io.Closer) { + if err != nil { + c.Close() + } + } + + var spec *MapSpec + iter := insns.Iterate() + for iter.Next() { + meta, _ := iter.Ins.Metadata.Get(kconfigMetaKey{}).(*kconfigMeta) + if meta != nil { + spec = meta.Map + break + } + } + + if spec == nil { + return nil, nil + } + + cpy := spec.Copy() + if err := resolveKconfig(cpy); err != nil { + return nil, err + } + + kconfig, err := NewMap(cpy) + if err != nil { + return nil, err + } + defer closeOnError(kconfig) + + // Resolve all instructions which load from .kconfig map with actual map + // and offset inside it. + iter = insns.Iterate() + for iter.Next() { + meta, _ := iter.Ins.Metadata.Get(kconfigMetaKey{}).(*kconfigMeta) + if meta == nil { + continue + } + + if meta.Map != spec { + return nil, fmt.Errorf("instruction %d: reference to multiple .kconfig maps is not allowed", iter.Index) + } + + if err := iter.Ins.AssociateMap(kconfig); err != nil { + return nil, fmt.Errorf("instruction %d: %w", iter.Index, err) + } + + // Encode a map read at the offset of the var in the datasec. + iter.Ins.Constant = int64(uint64(meta.Offset) << 32) + iter.Ins.Metadata.Set(kconfigMetaKey{}, nil) + } + + return kconfig, nil +} diff --git a/vendor/github.com/cilium/ebpf/map.go b/vendor/github.com/cilium/ebpf/map.go index 800d59da810..a11664cc72d 100644 --- a/vendor/github.com/cilium/ebpf/map.go +++ b/vendor/github.com/cilium/ebpf/map.go @@ -6,6 +6,7 @@ import ( "fmt" "io" "math/rand" + "os" "path/filepath" "reflect" "time" @@ -168,7 +169,10 @@ func (ms *MapSpec) Compatible(m *Map) error { m.maxEntries != ms.MaxEntries: return fmt.Errorf("expected max entries %v, got %v: %w", ms.MaxEntries, m.maxEntries, ErrMapIncompatible) - case m.flags != ms.Flags: + // BPF_F_RDONLY_PROG is set unconditionally for devmaps. Explicitly allow + // this mismatch. + case !((ms.Type == DevMap || ms.Type == DevMapHash) && m.flags^ms.Flags == unix.BPF_F_RDONLY_PROG) && + m.flags != ms.Flags: return fmt.Errorf("expected flags %v, got %v: %w", ms.Flags, m.flags, ErrMapIncompatible) } return nil @@ -430,8 +434,8 @@ func (spec *MapSpec) createMap(inner *sys.FD, opts MapOptions) (_ *Map, err erro // Use BTF k/v during map creation. attr.BtfFd = uint32(handle.FD()) - attr.BtfKeyTypeId = uint32(keyTypeID) - attr.BtfValueTypeId = uint32(valueTypeID) + attr.BtfKeyTypeId = keyTypeID + attr.BtfValueTypeId = valueTypeID } } @@ -450,6 +454,9 @@ func (spec *MapSpec) createMap(inner *sys.FD, opts MapOptions) (_ *Map, err erro if errors.Is(err, unix.EINVAL) && attr.MaxEntries == 0 { return nil, fmt.Errorf("map create: %w (MaxEntries may be incorrectly set to zero)", err) } + if errors.Is(err, unix.EINVAL) && spec.Type == UnspecifiedMap { + return nil, fmt.Errorf("map create: cannot use type %s", UnspecifiedMap) + } if attr.BtfFd == 0 { return nil, fmt.Errorf("map create: %w (without BTF k/v)", err) } @@ -489,7 +496,7 @@ func newMap(fd *sys.FD, name string, typ MapType, keySize, valueSize, maxEntries return nil, err } - m.fullValueSize = internal.Align(int(valueSize), 8) * possibleCPUs + m.fullValueSize = int(internal.Align(valueSize, 8)) * possibleCPUs return m, nil } @@ -543,12 +550,7 @@ const LookupLock MapLookupFlags = 4 // // Returns an error if the key doesn't exist, see ErrKeyNotExist. func (m *Map) Lookup(key, valueOut interface{}) error { - valuePtr, valueBytes := makeBuffer(valueOut, m.fullValueSize) - if err := m.lookup(key, valuePtr, 0); err != nil { - return err - } - - return m.unmarshalValue(valueOut, valueBytes) + return m.LookupWithFlags(key, valueOut, 0) } // LookupWithFlags retrieves a value from a Map with flags. @@ -562,6 +564,10 @@ func (m *Map) Lookup(key, valueOut interface{}) error { // // Returns an error if the key doesn't exist, see ErrKeyNotExist. func (m *Map) LookupWithFlags(key, valueOut interface{}, flags MapLookupFlags) error { + if m.typ.hasPerCPUValue() { + return m.lookupPerCPU(key, valueOut, flags) + } + valuePtr, valueBytes := makeBuffer(valueOut, m.fullValueSize) if err := m.lookup(key, valuePtr, flags); err != nil { return err @@ -574,7 +580,7 @@ func (m *Map) LookupWithFlags(key, valueOut interface{}, flags MapLookupFlags) e // // Returns ErrKeyNotExist if the key doesn't exist. func (m *Map) LookupAndDelete(key, valueOut interface{}) error { - return m.lookupAndDelete(key, valueOut, 0) + return m.LookupAndDeleteWithFlags(key, valueOut, 0) } // LookupAndDeleteWithFlags retrieves and deletes a value from a Map. @@ -585,7 +591,15 @@ func (m *Map) LookupAndDelete(key, valueOut interface{}) error { // // Returns ErrKeyNotExist if the key doesn't exist. func (m *Map) LookupAndDeleteWithFlags(key, valueOut interface{}, flags MapLookupFlags) error { - return m.lookupAndDelete(key, valueOut, flags) + if m.typ.hasPerCPUValue() { + return m.lookupAndDeletePerCPU(key, valueOut, flags) + } + + valuePtr, valueBytes := makeBuffer(valueOut, m.fullValueSize) + if err := m.lookupAndDelete(key, valuePtr, flags); err != nil { + return err + } + return m.unmarshalValue(valueOut, valueBytes) } // LookupBytes gets a value from Map. @@ -603,6 +617,14 @@ func (m *Map) LookupBytes(key interface{}) ([]byte, error) { return valueBytes, err } +func (m *Map) lookupPerCPU(key, valueOut any, flags MapLookupFlags) error { + valueBytes := make([]byte, m.fullValueSize) + if err := m.lookup(key, sys.NewSlicePointer(valueBytes), flags); err != nil { + return err + } + return unmarshalPerCPUValue(valueOut, int(m.valueSize), valueBytes) +} + func (m *Map) lookup(key interface{}, valueOut sys.Pointer, flags MapLookupFlags) error { keyPtr, err := m.marshalKey(key) if err != nil { @@ -622,9 +644,15 @@ func (m *Map) lookup(key interface{}, valueOut sys.Pointer, flags MapLookupFlags return nil } -func (m *Map) lookupAndDelete(key, valueOut interface{}, flags MapLookupFlags) error { - valuePtr, valueBytes := makeBuffer(valueOut, m.fullValueSize) +func (m *Map) lookupAndDeletePerCPU(key, valueOut any, flags MapLookupFlags) error { + valueBytes := make([]byte, m.fullValueSize) + if err := m.lookupAndDelete(key, sys.NewSlicePointer(valueBytes), flags); err != nil { + return err + } + return unmarshalPerCPUValue(valueOut, int(m.valueSize), valueBytes) +} +func (m *Map) lookupAndDelete(key any, valuePtr sys.Pointer, flags MapLookupFlags) error { keyPtr, err := m.marshalKey(key) if err != nil { return fmt.Errorf("can't marshal key: %w", err) @@ -641,7 +669,7 @@ func (m *Map) lookupAndDelete(key, valueOut interface{}, flags MapLookupFlags) e return fmt.Errorf("lookup and delete: %w", wrapMapError(err)) } - return m.unmarshalValue(valueOut, valueBytes) + return nil } // MapUpdateFlags controls the behaviour of the Map.Update call. @@ -668,15 +696,32 @@ func (m *Map) Put(key, value interface{}) error { } // Update changes the value of a key. -func (m *Map) Update(key, value interface{}, flags MapUpdateFlags) error { - keyPtr, err := m.marshalKey(key) - if err != nil { - return fmt.Errorf("can't marshal key: %w", err) +func (m *Map) Update(key, value any, flags MapUpdateFlags) error { + if m.typ.hasPerCPUValue() { + return m.updatePerCPU(key, value, flags) } valuePtr, err := m.marshalValue(value) if err != nil { - return fmt.Errorf("can't marshal value: %w", err) + return fmt.Errorf("marshal value: %w", err) + } + + return m.update(key, valuePtr, flags) +} + +func (m *Map) updatePerCPU(key, value any, flags MapUpdateFlags) error { + valuePtr, err := marshalPerCPUValue(value, int(m.valueSize)) + if err != nil { + return fmt.Errorf("marshal value: %w", err) + } + + return m.update(key, valuePtr, flags) +} + +func (m *Map) update(key any, valuePtr sys.Pointer, flags MapUpdateFlags) error { + keyPtr, err := m.marshalKey(key) + if err != nil { + return fmt.Errorf("marshal key: %w", err) } attr := sys.MapUpdateElemAttr{ @@ -792,12 +837,22 @@ func (m *Map) nextKey(key interface{}, nextKeyOut sys.Pointer) error { return nil } +var mmapProtectedPage = internal.Memoize(func() ([]byte, error) { + return unix.Mmap(-1, 0, os.Getpagesize(), unix.PROT_NONE, unix.MAP_ANON|unix.MAP_SHARED) +}) + // guessNonExistentKey attempts to perform a map lookup that returns ENOENT. // This is necessary on kernels before 4.4.132, since those don't support // iterating maps from the start by providing an invalid key pointer. func (m *Map) guessNonExistentKey() ([]byte, error) { - // Provide an invalid value pointer to prevent a copy on the kernel side. - valuePtr := sys.NewPointer(unsafe.Pointer(^uintptr(0))) + // Map a protected page and use that as the value pointer. This saves some + // work copying out the value, which we're not interested in. + page, err := mmapProtectedPage() + if err != nil { + return nil, err + } + valuePtr := sys.NewSlicePointer(page) + randKey := make([]byte, int(m.keySize)) for i := 0; i < 4; i++ { @@ -1090,7 +1145,7 @@ func (m *Map) Clone() (*Map, error) { // You can Clone a map to pin it to a different path. // // This requires bpffs to be mounted above fileName. -// See https://docs.cilium.io/en/stable/concepts/kubernetes/configuration/#mounting-bpffs-with-systemd +// See https://docs.cilium.io/en/stable/network/kubernetes/configuration/#mounting-bpffs-with-systemd func (m *Map) Pin(fileName string) error { if err := internal.Pin(m.pinnedPath, fileName, m.fd); err != nil { return err @@ -1175,10 +1230,6 @@ func (m *Map) unmarshalKey(data interface{}, buf []byte) error { } func (m *Map) marshalValue(data interface{}) (sys.Pointer, error) { - if m.typ.hasPerCPUValue() { - return marshalPerCPUValue(data, int(m.valueSize)) - } - var ( buf []byte err error @@ -1311,8 +1362,7 @@ func marshalMap(m *Map, length int) ([]byte, error) { // See Map.Iterate. type MapIterator struct { target *Map - prevKey interface{} - prevBytes []byte + curKey []byte count, maxEntries uint32 done bool err error @@ -1322,7 +1372,6 @@ func newMapIterator(target *Map) *MapIterator { return &MapIterator{ target: target, maxEntries: target.maxEntries, - prevBytes: make([]byte, target.keySize), } } @@ -1344,26 +1393,35 @@ func (mi *MapIterator) Next(keyOut, valueOut interface{}) bool { // For array-like maps NextKeyBytes returns nil only on after maxEntries // iterations. for mi.count <= mi.maxEntries { - var nextBytes []byte - nextBytes, mi.err = mi.target.NextKeyBytes(mi.prevKey) + var nextKey []byte + if mi.curKey == nil { + // Pass nil interface to NextKeyBytes to make sure the Map's first key + // is returned. If we pass an uninitialized []byte instead, it'll see a + // non-nil interface and try to marshal it. + nextKey, mi.err = mi.target.NextKeyBytes(nil) + + mi.curKey = make([]byte, mi.target.keySize) + } else { + nextKey, mi.err = mi.target.NextKeyBytes(mi.curKey) + } if mi.err != nil { + mi.err = fmt.Errorf("get next key: %w", mi.err) return false } - if nextBytes == nil { + if nextKey == nil { mi.done = true return false } - // The user can get access to nextBytes since unmarshalBytes + // The user can get access to nextKey since unmarshalBytes // does not copy when unmarshaling into a []byte. // Make a copy to prevent accidental corruption of // iterator state. - copy(mi.prevBytes, nextBytes) - mi.prevKey = mi.prevBytes + copy(mi.curKey, nextKey) mi.count++ - mi.err = mi.target.Lookup(nextBytes, valueOut) + mi.err = mi.target.Lookup(nextKey, valueOut) if errors.Is(mi.err, ErrKeyNotExist) { // Even though the key should be valid, we couldn't look up // its value. If we're iterating a hash map this is probably @@ -1376,10 +1434,11 @@ func (mi *MapIterator) Next(keyOut, valueOut interface{}) bool { continue } if mi.err != nil { + mi.err = fmt.Errorf("look up next key: %w", mi.err) return false } - mi.err = mi.target.unmarshalKey(keyOut, nextBytes) + mi.err = mi.target.unmarshalKey(keyOut, nextKey) return mi.err == nil } diff --git a/vendor/github.com/cilium/ebpf/marshalers.go b/vendor/github.com/cilium/ebpf/marshalers.go index 544d17f35e1..a568bff9207 100644 --- a/vendor/github.com/cilium/ebpf/marshalers.go +++ b/vendor/github.com/cilium/ebpf/marshalers.go @@ -57,8 +57,10 @@ func marshalBytes(data interface{}, length int) (buf []byte, err error) { case Map, *Map, Program, *Program: err = fmt.Errorf("can't marshal %T", value) default: - var wr bytes.Buffer - err = binary.Write(&wr, internal.NativeEndian, value) + wr := internal.NewBuffer(make([]byte, 0, length)) + defer internal.PutBuffer(wr) + + err = binary.Write(wr, internal.NativeEndian, value) if err != nil { err = fmt.Errorf("encoding %T: %v", value, err) } diff --git a/vendor/github.com/cilium/ebpf/prog.go b/vendor/github.com/cilium/ebpf/prog.go index dbc25e4f5bf..70aaef55327 100644 --- a/vendor/github.com/cilium/ebpf/prog.go +++ b/vendor/github.com/cilium/ebpf/prog.go @@ -10,6 +10,7 @@ import ( "runtime" "strings" "time" + "unsafe" "github.com/cilium/ebpf/asm" "github.com/cilium/ebpf/btf" @@ -169,6 +170,9 @@ type Program struct { // NewProgram creates a new Program. // // See [NewProgramWithOptions] for details. +// +// Returns a [VerifierError] containing the full verifier log if the program is +// rejected by the kernel. func NewProgram(spec *ProgramSpec) (*Program, error) { return NewProgramWithOptions(spec, ProgramOptions{}) } @@ -178,7 +182,8 @@ func NewProgram(spec *ProgramSpec) (*Program, error) { // Loading a program for the first time will perform // feature detection by loading small, temporary programs. // -// Returns a [VerifierError] if the program is rejected by the kernel. +// Returns a [VerifierError] containing the full verifier log if the program is +// rejected by the kernel. func NewProgramWithOptions(spec *ProgramSpec, opts ProgramOptions) (*Program, error) { if spec == nil { return nil, errors.New("can't load a program from a nil spec") @@ -258,10 +263,27 @@ func newProgramWithOptions(spec *ProgramSpec, opts ProgramOptions) (*Program, er return nil, fmt.Errorf("apply CO-RE relocations: %w", err) } + kconfig, err := resolveKconfigReferences(insns) + if err != nil { + return nil, fmt.Errorf("resolve .kconfig: %w", err) + } + defer kconfig.Close() + if err := fixupAndValidate(insns); err != nil { return nil, err } + handles, err := fixupKfuncs(insns) + if err != nil { + return nil, fmt.Errorf("fixing up kfuncs: %w", err) + } + defer handles.close() + + if len(handles) > 0 { + fdArray := handles.fdArray() + attr.FdArray = sys.NewPointer(unsafe.Pointer(&fdArray[0])) + } + buf := bytes.NewBuffer(make([]byte, 0, insns.Size())) err = insns.Marshal(buf, internal.NativeEndian) if err != nil { @@ -278,18 +300,18 @@ func newProgramWithOptions(spec *ProgramSpec, opts ProgramOptions) (*Program, er return nil, fmt.Errorf("attach %s/%s: %w", spec.Type, spec.AttachType, err) } - attr.AttachBtfId = uint32(targetID) + attr.AttachBtfId = targetID attr.AttachBtfObjFd = uint32(spec.AttachTarget.FD()) defer runtime.KeepAlive(spec.AttachTarget) } else if spec.AttachTo != "" { - module, targetID, err := findTargetInKernel(spec.AttachTo, spec.Type, spec.AttachType) + module, targetID, err := findProgramTargetInKernel(spec.AttachTo, spec.Type, spec.AttachType) if err != nil && !errors.Is(err, errUnrecognizedAttachType) { // We ignore errUnrecognizedAttachType since AttachTo may be non-empty // for programs that don't attach anywhere. return nil, fmt.Errorf("attach %s/%s: %w", spec.Type, spec.AttachType, err) } - attr.AttachBtfId = uint32(targetID) + attr.AttachBtfId = targetID if module != nil { attr.AttachBtfObjFd = uint32(module.FD()) defer module.Close() @@ -462,7 +484,7 @@ func (p *Program) Clone() (*Program, error) { // the new path already exists. Re-pinning across filesystems is not supported. // // This requires bpffs to be mounted above fileName. -// See https://docs.cilium.io/en/stable/concepts/kubernetes/configuration/#mounting-bpffs-with-systemd +// See https://docs.cilium.io/en/stable/network/kubernetes/configuration/#mounting-bpffs-with-systemd func (p *Program) Pin(fileName string) error { if err := internal.Pin(p.pinnedPath, fileName, p.fd); err != nil { return err @@ -579,9 +601,6 @@ func (p *Program) Run(opts *RunOptions) (uint32, error) { // run or an error. reset is called whenever the benchmark syscall is // interrupted, and should be set to testing.B.ResetTimer or similar. // -// Note: profiling a call to this function will skew its results, see -// https://github.com/cilium/ebpf/issues/24 -// // This function requires at least Linux 4.12. func (p *Program) Benchmark(in []byte, repeat int, reset func()) (uint32, time.Duration, error) { if uint(repeat) > math.MaxUint32 { @@ -783,7 +802,14 @@ func LoadPinnedProgram(fileName string, opts *LoadPinOptions) (*Program, error) return nil, fmt.Errorf("info for %s: %w", fileName, err) } - return &Program{"", fd, filepath.Base(fileName), fileName, info.Type}, nil + var progName string + if haveObjName() == nil { + progName = info.Name + } else { + progName = filepath.Base(fileName) + } + + return &Program{"", fd, progName, fileName, info.Type}, nil } // SanitizeName replaces all invalid characters in name with replacement. @@ -835,7 +861,7 @@ var errUnrecognizedAttachType = errors.New("unrecognized attach type") // // Returns errUnrecognizedAttachType if the combination of progType and attachType // is not recognised. -func findTargetInKernel(name string, progType ProgramType, attachType AttachType) (*btf.Handle, btf.TypeID, error) { +func findProgramTargetInKernel(name string, progType ProgramType, attachType AttachType) (*btf.Handle, btf.TypeID, error) { type match struct { p ProgramType a AttachType @@ -880,16 +906,9 @@ func findTargetInKernel(name string, progType ProgramType, attachType AttachType return nil, 0, fmt.Errorf("load kernel spec: %w", err) } - err = spec.TypeByName(typeName, &target) + spec, module, err := findTargetInKernel(spec, typeName, &target) if errors.Is(err, btf.ErrNotFound) { - module, id, err := findTargetInModule(typeName, target) - if errors.Is(err, btf.ErrNotFound) { - return nil, 0, &internal.UnsupportedFeatureError{Name: featureName} - } - if err != nil { - return nil, 0, fmt.Errorf("find target for %s in modules: %w", featureName, err) - } - return module, id, nil + return nil, 0, &internal.UnsupportedFeatureError{Name: featureName} } // See cilium/ebpf#894. Until we can disambiguate between equally-named kernel // symbols, we should explicitly refuse program loads. They will not reliably @@ -898,57 +917,75 @@ func findTargetInKernel(name string, progType ProgramType, attachType AttachType return nil, 0, fmt.Errorf("attaching to ambiguous kernel symbol is not supported: %w", err) } if err != nil { - return nil, 0, fmt.Errorf("find target for %s in vmlinux: %w", featureName, err) + return nil, 0, fmt.Errorf("find target for %s: %w", featureName, err) } id, err := spec.TypeID(target) - return nil, id, err + return module, id, err } -// find an attach target type in a kernel module. +// findTargetInKernel attempts to find a named type in the current kernel. // -// vmlinux must contain the kernel's types and is used to parse kmod BTF. +// target will point at the found type after a successful call. Searches both +// vmlinux and any loaded modules. +// +// Returns a non-nil handle if the type was found in a module, or btf.ErrNotFound +// if the type wasn't found at all. +func findTargetInKernel(kernelSpec *btf.Spec, typeName string, target *btf.Type) (*btf.Spec, *btf.Handle, error) { + err := kernelSpec.TypeByName(typeName, target) + if errors.Is(err, btf.ErrNotFound) { + spec, module, err := findTargetInModule(kernelSpec, typeName, target) + if err != nil { + return nil, nil, fmt.Errorf("find target in modules: %w", err) + } + return spec, module, nil + } + if err != nil { + return nil, nil, fmt.Errorf("find target in vmlinux: %w", err) + } + return kernelSpec, nil, err +} + +// findTargetInModule attempts to find a named type in any loaded module. +// +// base must contain the kernel's types and is used to parse kmod BTF. Modules +// are searched in the order they were loaded. // // Returns btf.ErrNotFound if the target can't be found in any module. -func findTargetInModule(typeName string, target btf.Type) (*btf.Handle, btf.TypeID, error) { +func findTargetInModule(base *btf.Spec, typeName string, target *btf.Type) (*btf.Spec, *btf.Handle, error) { it := new(btf.HandleIterator) defer it.Handle.Close() for it.Next() { info, err := it.Handle.Info() if err != nil { - return nil, 0, fmt.Errorf("get info for BTF ID %d: %w", it.ID, err) + return nil, nil, fmt.Errorf("get info for BTF ID %d: %w", it.ID, err) } if !info.IsModule() { continue } - spec, err := it.Handle.Spec() + spec, err := it.Handle.Spec(base) if err != nil { - return nil, 0, fmt.Errorf("parse types for module %s: %w", info.Name, err) + return nil, nil, fmt.Errorf("parse types for module %s: %w", info.Name, err) } - err = spec.TypeByName(typeName, &target) + err = spec.TypeByName(typeName, target) if errors.Is(err, btf.ErrNotFound) { continue } if err != nil { - return nil, 0, fmt.Errorf("lookup type in module %s: %w", info.Name, err) - } - - id, err := spec.TypeID(target) - if err != nil { - return nil, 0, fmt.Errorf("lookup type id in module %s: %w", info.Name, err) + return nil, nil, fmt.Errorf("lookup type in module %s: %w", info.Name, err) } - return it.Take(), id, nil + return spec, it.Take(), nil } if err := it.Err(); err != nil { - return nil, 0, fmt.Errorf("iterate modules: %w", err) + return nil, nil, fmt.Errorf("iterate modules: %w", err) } - return nil, 0, btf.ErrNotFound + return nil, nil, btf.ErrNotFound } // find an attach target type in a program. @@ -974,7 +1011,7 @@ func findTargetInProgram(prog *Program, name string, progType ProgramType, attac } defer btfHandle.Close() - spec, err := btfHandle.Spec() + spec, err := btfHandle.Spec(nil) if err != nil { return 0, err } diff --git a/vendor/github.com/cilium/ebpf/run-tests.sh b/vendor/github.com/cilium/ebpf/run-tests.sh index 3507ece39b4..1d1490ad1d9 100644 --- a/vendor/github.com/cilium/ebpf/run-tests.sh +++ b/vendor/github.com/cilium/ebpf/run-tests.sh @@ -6,6 +6,8 @@ # $ ./run-tests.sh 5.4 # Run a subset of tests: # $ ./run-tests.sh 5.4 ./link +# Run using a local kernel image +# $ ./run-tests.sh /path/to/bzImage set -euo pipefail @@ -95,38 +97,45 @@ elif [[ "${1:-}" = "--exec-test" ]]; then exit $rc # this return code is "swallowed" by qemu fi -readonly kernel_version="${1:-}" -if [[ -z "${kernel_version}" ]]; then - echo "Expecting kernel version as first argument" +if [[ -z "${1:-}" ]]; then + echo "Expecting kernel version or path as first argument" exit 1 fi -shift -readonly kernel="linux-${kernel_version}.bz" -readonly selftests="linux-${kernel_version}-selftests-bpf.tgz" readonly input="$(mktemp -d)" readonly tmp_dir="${TMPDIR:-/tmp}" -readonly branch="${BRANCH:-master}" fetch() { echo Fetching "${1}" pushd "${tmp_dir}" > /dev/null - curl --no-progress-meter -L -O --fail --etag-compare "${1}.etag" --etag-save "${1}.etag" "https://github.com/cilium/ci-kernels/raw/${branch}/${1}" + curl --no-progress-meter -L -O --fail --etag-compare "${1}.etag" --etag-save "${1}.etag" "https://github.com/cilium/ci-kernels/raw/${BRANCH:-master}/${1}" local ret=$? popd > /dev/null return $ret } -fetch "${kernel}" -cp "${tmp_dir}/${kernel}" "${input}/bzImage" - -if fetch "${selftests}"; then - echo "Decompressing selftests" - mkdir "${input}/bpf" - tar --strip-components=4 -xf "${tmp_dir}/${selftests}" -C "${input}/bpf" +if [[ -f "${1}" ]]; then + readonly kernel="${1}" + cp "${1}" "${input}/bzImage" else - echo "No selftests found, disabling" +# LINUX_VERSION_CODE test compares this to discovered value. + export KERNEL_VERSION="${1}" + + readonly kernel="linux-${1}.bz" + readonly selftests="linux-${1}-selftests-bpf.tgz" + + fetch "${kernel}" + cp "${tmp_dir}/${kernel}" "${input}/bzImage" + + if fetch "${selftests}"; then + echo "Decompressing selftests" + mkdir "${input}/bpf" + tar --strip-components=4 -xf "${tmp_dir}/${selftests}" -C "${input}/bpf" + else + echo "No selftests found, disabling" + fi fi +shift args=(-short -coverpkg=./... -coverprofile=coverage.out -count 1 ./...) if (( $# > 0 )); then @@ -135,11 +144,9 @@ fi export GOFLAGS=-mod=readonly export CGO_ENABLED=0 -# LINUX_VERSION_CODE test compares this to discovered value. -export KERNEL_VERSION="${kernel_version}" -echo Testing on "${kernel_version}" +echo Testing on "${kernel}" go test -exec "$script --exec-vm $input" "${args[@]}" -echo "Test successful on ${kernel_version}" +echo "Test successful on ${kernel}" rm -r "${input}" diff --git a/vendor/github.com/cilium/ebpf/syscalls.go b/vendor/github.com/cilium/ebpf/syscalls.go index 1ab13363f24..fd21dea24ff 100644 --- a/vendor/github.com/cilium/ebpf/syscalls.go +++ b/vendor/github.com/cilium/ebpf/syscalls.go @@ -4,13 +4,25 @@ import ( "bytes" "errors" "fmt" + "os" + "runtime" "github.com/cilium/ebpf/asm" "github.com/cilium/ebpf/internal" "github.com/cilium/ebpf/internal/sys" + "github.com/cilium/ebpf/internal/tracefs" "github.com/cilium/ebpf/internal/unix" ) +var ( + // pre-allocating these here since they may + // get called in hot code paths and cause + // unnecessary memory allocations + sysErrKeyNotExist = sys.Error(ErrKeyNotExist, unix.ENOENT) + sysErrKeyExist = sys.Error(ErrKeyExist, unix.EEXIST) + sysErrNotSupported = sys.Error(ErrNotSupported, sys.ENOTSUPP) +) + // invalidBPFObjNameChar returns true if char may not appear in // a BPF object name. func invalidBPFObjNameChar(char rune) bool { @@ -136,15 +148,15 @@ func wrapMapError(err error) error { } if errors.Is(err, unix.ENOENT) { - return sys.Error(ErrKeyNotExist, unix.ENOENT) + return sysErrKeyNotExist } if errors.Is(err, unix.EEXIST) { - return sys.Error(ErrKeyExist, unix.EEXIST) + return sysErrKeyExist } if errors.Is(err, sys.ENOTSUPP) { - return sys.Error(ErrNotSupported, sys.ENOTSUPP) + return sysErrNotSupported } if errors.Is(err, unix.E2BIG) { @@ -262,3 +274,32 @@ var haveBPFToBPFCalls = internal.NewFeatureTest("bpf2bpf calls", "4.16", func() _ = fd.Close() return nil }) + +var haveSyscallWrapper = internal.NewFeatureTest("syscall wrapper", "4.17", func() error { + prefix := internal.PlatformPrefix() + if prefix == "" { + return fmt.Errorf("unable to find the platform prefix for (%s)", runtime.GOARCH) + } + + args := tracefs.ProbeArgs{ + Type: tracefs.Kprobe, + Symbol: prefix + "sys_bpf", + Pid: -1, + } + + var err error + args.Group, err = tracefs.RandomGroup("ebpf_probe") + if err != nil { + return err + } + + evt, err := tracefs.NewEvent(args) + if errors.Is(err, os.ErrNotExist) { + return internal.ErrNotSupported + } + if err != nil { + return err + } + + return evt.Close() +}) diff --git a/vendor/golang.org/x/exp/LICENSE b/vendor/golang.org/x/exp/LICENSE new file mode 100644 index 00000000000..6a66aea5eaf --- /dev/null +++ b/vendor/golang.org/x/exp/LICENSE @@ -0,0 +1,27 @@ +Copyright (c) 2009 The Go Authors. All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: + + * Redistributions of source code must retain the above copyright +notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above +copyright notice, this list of conditions and the following disclaimer +in the documentation and/or other materials provided with the +distribution. + * Neither the name of Google Inc. nor the names of its +contributors may be used to endorse or promote products derived from +this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/vendor/golang.org/x/exp/PATENTS b/vendor/golang.org/x/exp/PATENTS new file mode 100644 index 00000000000..733099041f8 --- /dev/null +++ b/vendor/golang.org/x/exp/PATENTS @@ -0,0 +1,22 @@ +Additional IP Rights Grant (Patents) + +"This implementation" means the copyrightable works distributed by +Google as part of the Go project. + +Google hereby grants to You a perpetual, worldwide, non-exclusive, +no-charge, royalty-free, irrevocable (except as stated in this section) +patent license to make, have made, use, offer to sell, sell, import, +transfer and otherwise run, modify and propagate the contents of this +implementation of Go, where such license applies only to those patent +claims, both currently owned or controlled by Google and acquired in +the future, licensable by Google that are necessarily infringed by this +implementation of Go. This grant does not include claims that would be +infringed only as a consequence of further modification of this +implementation. If you or your agent or exclusive licensee institute or +order or agree to the institution of patent litigation against any +entity (including a cross-claim or counterclaim in a lawsuit) alleging +that this implementation of Go or any code incorporated within this +implementation of Go constitutes direct or contributory patent +infringement, or inducement of patent infringement, then any patent +rights granted to you under this License for this implementation of Go +shall terminate as of the date such litigation is filed. diff --git a/vendor/golang.org/x/exp/constraints/constraints.go b/vendor/golang.org/x/exp/constraints/constraints.go new file mode 100644 index 00000000000..2c033dff47e --- /dev/null +++ b/vendor/golang.org/x/exp/constraints/constraints.go @@ -0,0 +1,50 @@ +// Copyright 2021 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Package constraints defines a set of useful constraints to be used +// with type parameters. +package constraints + +// Signed is a constraint that permits any signed integer type. +// If future releases of Go add new predeclared signed integer types, +// this constraint will be modified to include them. +type Signed interface { + ~int | ~int8 | ~int16 | ~int32 | ~int64 +} + +// Unsigned is a constraint that permits any unsigned integer type. +// If future releases of Go add new predeclared unsigned integer types, +// this constraint will be modified to include them. +type Unsigned interface { + ~uint | ~uint8 | ~uint16 | ~uint32 | ~uint64 | ~uintptr +} + +// Integer is a constraint that permits any integer type. +// If future releases of Go add new predeclared integer types, +// this constraint will be modified to include them. +type Integer interface { + Signed | Unsigned +} + +// Float is a constraint that permits any floating-point type. +// If future releases of Go add new predeclared floating-point types, +// this constraint will be modified to include them. +type Float interface { + ~float32 | ~float64 +} + +// Complex is a constraint that permits any complex numeric type. +// If future releases of Go add new predeclared complex numeric types, +// this constraint will be modified to include them. +type Complex interface { + ~complex64 | ~complex128 +} + +// Ordered is a constraint that permits any ordered type: any type +// that supports the operators < <= >= >. +// If future releases of Go add new ordered types, +// this constraint will be modified to include them. +type Ordered interface { + Integer | Float | ~string +} diff --git a/vendor/golang.org/x/exp/maps/maps.go b/vendor/golang.org/x/exp/maps/maps.go new file mode 100644 index 00000000000..ecc0dabb74d --- /dev/null +++ b/vendor/golang.org/x/exp/maps/maps.go @@ -0,0 +1,94 @@ +// Copyright 2021 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Package maps defines various functions useful with maps of any type. +package maps + +// Keys returns the keys of the map m. +// The keys will be in an indeterminate order. +func Keys[M ~map[K]V, K comparable, V any](m M) []K { + r := make([]K, 0, len(m)) + for k := range m { + r = append(r, k) + } + return r +} + +// Values returns the values of the map m. +// The values will be in an indeterminate order. +func Values[M ~map[K]V, K comparable, V any](m M) []V { + r := make([]V, 0, len(m)) + for _, v := range m { + r = append(r, v) + } + return r +} + +// Equal reports whether two maps contain the same key/value pairs. +// Values are compared using ==. +func Equal[M1, M2 ~map[K]V, K, V comparable](m1 M1, m2 M2) bool { + if len(m1) != len(m2) { + return false + } + for k, v1 := range m1 { + if v2, ok := m2[k]; !ok || v1 != v2 { + return false + } + } + return true +} + +// EqualFunc is like Equal, but compares values using eq. +// Keys are still compared with ==. +func EqualFunc[M1 ~map[K]V1, M2 ~map[K]V2, K comparable, V1, V2 any](m1 M1, m2 M2, eq func(V1, V2) bool) bool { + if len(m1) != len(m2) { + return false + } + for k, v1 := range m1 { + if v2, ok := m2[k]; !ok || !eq(v1, v2) { + return false + } + } + return true +} + +// Clear removes all entries from m, leaving it empty. +func Clear[M ~map[K]V, K comparable, V any](m M) { + for k := range m { + delete(m, k) + } +} + +// Clone returns a copy of m. This is a shallow clone: +// the new keys and values are set using ordinary assignment. +func Clone[M ~map[K]V, K comparable, V any](m M) M { + // Preserve nil in case it matters. + if m == nil { + return nil + } + r := make(M, len(m)) + for k, v := range m { + r[k] = v + } + return r +} + +// Copy copies all key/value pairs in src adding them to dst. +// When a key in src is already present in dst, +// the value in dst will be overwritten by the value associated +// with the key in src. +func Copy[M1 ~map[K]V, M2 ~map[K]V, K comparable, V any](dst M1, src M2) { + for k, v := range src { + dst[k] = v + } +} + +// DeleteFunc deletes any key/value pairs from m for which del returns true. +func DeleteFunc[M ~map[K]V, K comparable, V any](m M, del func(K, V) bool) { + for k, v := range m { + if del(k, v) { + delete(m, k) + } + } +} diff --git a/vendor/golang.org/x/exp/slices/slices.go b/vendor/golang.org/x/exp/slices/slices.go new file mode 100644 index 00000000000..cff0cd49ecf --- /dev/null +++ b/vendor/golang.org/x/exp/slices/slices.go @@ -0,0 +1,258 @@ +// Copyright 2021 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Package slices defines various functions useful with slices of any type. +// Unless otherwise specified, these functions all apply to the elements +// of a slice at index 0 <= i < len(s). +// +// Note that the less function in IsSortedFunc, SortFunc, SortStableFunc requires a +// strict weak ordering (https://en.wikipedia.org/wiki/Weak_ordering#Strict_weak_orderings), +// or the sorting may fail to sort correctly. A common case is when sorting slices of +// floating-point numbers containing NaN values. +package slices + +import "golang.org/x/exp/constraints" + +// Equal reports whether two slices are equal: the same length and all +// elements equal. If the lengths are different, Equal returns false. +// Otherwise, the elements are compared in increasing index order, and the +// comparison stops at the first unequal pair. +// Floating point NaNs are not considered equal. +func Equal[E comparable](s1, s2 []E) bool { + if len(s1) != len(s2) { + return false + } + for i := range s1 { + if s1[i] != s2[i] { + return false + } + } + return true +} + +// EqualFunc reports whether two slices are equal using a comparison +// function on each pair of elements. If the lengths are different, +// EqualFunc returns false. Otherwise, the elements are compared in +// increasing index order, and the comparison stops at the first index +// for which eq returns false. +func EqualFunc[E1, E2 any](s1 []E1, s2 []E2, eq func(E1, E2) bool) bool { + if len(s1) != len(s2) { + return false + } + for i, v1 := range s1 { + v2 := s2[i] + if !eq(v1, v2) { + return false + } + } + return true +} + +// Compare compares the elements of s1 and s2. +// The elements are compared sequentially, starting at index 0, +// until one element is not equal to the other. +// The result of comparing the first non-matching elements is returned. +// If both slices are equal until one of them ends, the shorter slice is +// considered less than the longer one. +// The result is 0 if s1 == s2, -1 if s1 < s2, and +1 if s1 > s2. +// Comparisons involving floating point NaNs are ignored. +func Compare[E constraints.Ordered](s1, s2 []E) int { + s2len := len(s2) + for i, v1 := range s1 { + if i >= s2len { + return +1 + } + v2 := s2[i] + switch { + case v1 < v2: + return -1 + case v1 > v2: + return +1 + } + } + if len(s1) < s2len { + return -1 + } + return 0 +} + +// CompareFunc is like Compare but uses a comparison function +// on each pair of elements. The elements are compared in increasing +// index order, and the comparisons stop after the first time cmp +// returns non-zero. +// The result is the first non-zero result of cmp; if cmp always +// returns 0 the result is 0 if len(s1) == len(s2), -1 if len(s1) < len(s2), +// and +1 if len(s1) > len(s2). +func CompareFunc[E1, E2 any](s1 []E1, s2 []E2, cmp func(E1, E2) int) int { + s2len := len(s2) + for i, v1 := range s1 { + if i >= s2len { + return +1 + } + v2 := s2[i] + if c := cmp(v1, v2); c != 0 { + return c + } + } + if len(s1) < s2len { + return -1 + } + return 0 +} + +// Index returns the index of the first occurrence of v in s, +// or -1 if not present. +func Index[E comparable](s []E, v E) int { + for i, vs := range s { + if v == vs { + return i + } + } + return -1 +} + +// IndexFunc returns the first index i satisfying f(s[i]), +// or -1 if none do. +func IndexFunc[E any](s []E, f func(E) bool) int { + for i, v := range s { + if f(v) { + return i + } + } + return -1 +} + +// Contains reports whether v is present in s. +func Contains[E comparable](s []E, v E) bool { + return Index(s, v) >= 0 +} + +// ContainsFunc reports whether at least one +// element e of s satisfies f(e). +func ContainsFunc[E any](s []E, f func(E) bool) bool { + return IndexFunc(s, f) >= 0 +} + +// Insert inserts the values v... into s at index i, +// returning the modified slice. +// In the returned slice r, r[i] == v[0]. +// Insert panics if i is out of range. +// This function is O(len(s) + len(v)). +func Insert[S ~[]E, E any](s S, i int, v ...E) S { + tot := len(s) + len(v) + if tot <= cap(s) { + s2 := s[:tot] + copy(s2[i+len(v):], s[i:]) + copy(s2[i:], v) + return s2 + } + s2 := make(S, tot) + copy(s2, s[:i]) + copy(s2[i:], v) + copy(s2[i+len(v):], s[i:]) + return s2 +} + +// Delete removes the elements s[i:j] from s, returning the modified slice. +// Delete panics if s[i:j] is not a valid slice of s. +// Delete modifies the contents of the slice s; it does not create a new slice. +// Delete is O(len(s)-j), so if many items must be deleted, it is better to +// make a single call deleting them all together than to delete one at a time. +// Delete might not modify the elements s[len(s)-(j-i):len(s)]. If those +// elements contain pointers you might consider zeroing those elements so that +// objects they reference can be garbage collected. +func Delete[S ~[]E, E any](s S, i, j int) S { + _ = s[i:j] // bounds check + + return append(s[:i], s[j:]...) +} + +// Replace replaces the elements s[i:j] by the given v, and returns the +// modified slice. Replace panics if s[i:j] is not a valid slice of s. +func Replace[S ~[]E, E any](s S, i, j int, v ...E) S { + _ = s[i:j] // verify that i:j is a valid subslice + tot := len(s[:i]) + len(v) + len(s[j:]) + if tot <= cap(s) { + s2 := s[:tot] + copy(s2[i+len(v):], s[j:]) + copy(s2[i:], v) + return s2 + } + s2 := make(S, tot) + copy(s2, s[:i]) + copy(s2[i:], v) + copy(s2[i+len(v):], s[j:]) + return s2 +} + +// Clone returns a copy of the slice. +// The elements are copied using assignment, so this is a shallow clone. +func Clone[S ~[]E, E any](s S) S { + // Preserve nil in case it matters. + if s == nil { + return nil + } + return append(S([]E{}), s...) +} + +// Compact replaces consecutive runs of equal elements with a single copy. +// This is like the uniq command found on Unix. +// Compact modifies the contents of the slice s; it does not create a new slice. +// When Compact discards m elements in total, it might not modify the elements +// s[len(s)-m:len(s)]. If those elements contain pointers you might consider +// zeroing those elements so that objects they reference can be garbage collected. +func Compact[S ~[]E, E comparable](s S) S { + if len(s) < 2 { + return s + } + i := 1 + last := s[0] + for _, v := range s[1:] { + if v != last { + s[i] = v + i++ + last = v + } + } + return s[:i] +} + +// CompactFunc is like Compact but uses a comparison function. +func CompactFunc[S ~[]E, E any](s S, eq func(E, E) bool) S { + if len(s) < 2 { + return s + } + i := 1 + last := s[0] + for _, v := range s[1:] { + if !eq(v, last) { + s[i] = v + i++ + last = v + } + } + return s[:i] +} + +// Grow increases the slice's capacity, if necessary, to guarantee space for +// another n elements. After Grow(n), at least n elements can be appended +// to the slice without another allocation. If n is negative or too large to +// allocate the memory, Grow panics. +func Grow[S ~[]E, E any](s S, n int) S { + if n < 0 { + panic("cannot be negative") + } + if n -= cap(s) - len(s); n > 0 { + // TODO(https://go.dev/issue/53888): Make using []E instead of S + // to workaround a compiler bug where the runtime.growslice optimization + // does not take effect. Revert when the compiler is fixed. + s = append([]E(s)[:cap(s)], make([]E, n)...)[:len(s)] + } + return s +} + +// Clip removes unused capacity from the slice, returning s[:len(s):len(s)]. +func Clip[S ~[]E, E any](s S) S { + return s[:len(s):len(s)] +} diff --git a/vendor/golang.org/x/exp/slices/sort.go b/vendor/golang.org/x/exp/slices/sort.go new file mode 100644 index 00000000000..f14f40da712 --- /dev/null +++ b/vendor/golang.org/x/exp/slices/sort.go @@ -0,0 +1,126 @@ +// Copyright 2022 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package slices + +import ( + "math/bits" + + "golang.org/x/exp/constraints" +) + +// Sort sorts a slice of any ordered type in ascending order. +// Sort may fail to sort correctly when sorting slices of floating-point +// numbers containing Not-a-number (NaN) values. +// Use slices.SortFunc(x, func(a, b float64) bool {return a < b || (math.IsNaN(a) && !math.IsNaN(b))}) +// instead if the input may contain NaNs. +func Sort[E constraints.Ordered](x []E) { + n := len(x) + pdqsortOrdered(x, 0, n, bits.Len(uint(n))) +} + +// SortFunc sorts the slice x in ascending order as determined by the less function. +// This sort is not guaranteed to be stable. +// +// SortFunc requires that less is a strict weak ordering. +// See https://en.wikipedia.org/wiki/Weak_ordering#Strict_weak_orderings. +func SortFunc[E any](x []E, less func(a, b E) bool) { + n := len(x) + pdqsortLessFunc(x, 0, n, bits.Len(uint(n)), less) +} + +// SortStableFunc sorts the slice x while keeping the original order of equal +// elements, using less to compare elements. +func SortStableFunc[E any](x []E, less func(a, b E) bool) { + stableLessFunc(x, len(x), less) +} + +// IsSorted reports whether x is sorted in ascending order. +func IsSorted[E constraints.Ordered](x []E) bool { + for i := len(x) - 1; i > 0; i-- { + if x[i] < x[i-1] { + return false + } + } + return true +} + +// IsSortedFunc reports whether x is sorted in ascending order, with less as the +// comparison function. +func IsSortedFunc[E any](x []E, less func(a, b E) bool) bool { + for i := len(x) - 1; i > 0; i-- { + if less(x[i], x[i-1]) { + return false + } + } + return true +} + +// BinarySearch searches for target in a sorted slice and returns the position +// where target is found, or the position where target would appear in the +// sort order; it also returns a bool saying whether the target is really found +// in the slice. The slice must be sorted in increasing order. +func BinarySearch[E constraints.Ordered](x []E, target E) (int, bool) { + // Inlining is faster than calling BinarySearchFunc with a lambda. + n := len(x) + // Define x[-1] < target and x[n] >= target. + // Invariant: x[i-1] < target, x[j] >= target. + i, j := 0, n + for i < j { + h := int(uint(i+j) >> 1) // avoid overflow when computing h + // i ≤ h < j + if x[h] < target { + i = h + 1 // preserves x[i-1] < target + } else { + j = h // preserves x[j] >= target + } + } + // i == j, x[i-1] < target, and x[j] (= x[i]) >= target => answer is i. + return i, i < n && x[i] == target +} + +// BinarySearchFunc works like BinarySearch, but uses a custom comparison +// function. The slice must be sorted in increasing order, where "increasing" is +// defined by cmp. cmp(a, b) is expected to return an integer comparing the two +// parameters: 0 if a == b, a negative number if a < b and a positive number if +// a > b. +func BinarySearchFunc[E, T any](x []E, target T, cmp func(E, T) int) (int, bool) { + n := len(x) + // Define cmp(x[-1], target) < 0 and cmp(x[n], target) >= 0 . + // Invariant: cmp(x[i - 1], target) < 0, cmp(x[j], target) >= 0. + i, j := 0, n + for i < j { + h := int(uint(i+j) >> 1) // avoid overflow when computing h + // i ≤ h < j + if cmp(x[h], target) < 0 { + i = h + 1 // preserves cmp(x[i - 1], target) < 0 + } else { + j = h // preserves cmp(x[j], target) >= 0 + } + } + // i == j, cmp(x[i-1], target) < 0, and cmp(x[j], target) (= cmp(x[i], target)) >= 0 => answer is i. + return i, i < n && cmp(x[i], target) == 0 +} + +type sortedHint int // hint for pdqsort when choosing the pivot + +const ( + unknownHint sortedHint = iota + increasingHint + decreasingHint +) + +// xorshift paper: https://www.jstatsoft.org/article/view/v008i14/xorshift.pdf +type xorshift uint64 + +func (r *xorshift) Next() uint64 { + *r ^= *r << 13 + *r ^= *r >> 17 + *r ^= *r << 5 + return uint64(*r) +} + +func nextPowerOfTwo(length int) uint { + return 1 << bits.Len(uint(length)) +} diff --git a/vendor/golang.org/x/exp/slices/zsortfunc.go b/vendor/golang.org/x/exp/slices/zsortfunc.go new file mode 100644 index 00000000000..2a632476c50 --- /dev/null +++ b/vendor/golang.org/x/exp/slices/zsortfunc.go @@ -0,0 +1,479 @@ +// Code generated by gen_sort_variants.go; DO NOT EDIT. + +// Copyright 2022 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package slices + +// insertionSortLessFunc sorts data[a:b] using insertion sort. +func insertionSortLessFunc[E any](data []E, a, b int, less func(a, b E) bool) { + for i := a + 1; i < b; i++ { + for j := i; j > a && less(data[j], data[j-1]); j-- { + data[j], data[j-1] = data[j-1], data[j] + } + } +} + +// siftDownLessFunc implements the heap property on data[lo:hi]. +// first is an offset into the array where the root of the heap lies. +func siftDownLessFunc[E any](data []E, lo, hi, first int, less func(a, b E) bool) { + root := lo + for { + child := 2*root + 1 + if child >= hi { + break + } + if child+1 < hi && less(data[first+child], data[first+child+1]) { + child++ + } + if !less(data[first+root], data[first+child]) { + return + } + data[first+root], data[first+child] = data[first+child], data[first+root] + root = child + } +} + +func heapSortLessFunc[E any](data []E, a, b int, less func(a, b E) bool) { + first := a + lo := 0 + hi := b - a + + // Build heap with greatest element at top. + for i := (hi - 1) / 2; i >= 0; i-- { + siftDownLessFunc(data, i, hi, first, less) + } + + // Pop elements, largest first, into end of data. + for i := hi - 1; i >= 0; i-- { + data[first], data[first+i] = data[first+i], data[first] + siftDownLessFunc(data, lo, i, first, less) + } +} + +// pdqsortLessFunc sorts data[a:b]. +// The algorithm based on pattern-defeating quicksort(pdqsort), but without the optimizations from BlockQuicksort. +// pdqsort paper: https://arxiv.org/pdf/2106.05123.pdf +// C++ implementation: https://github.com/orlp/pdqsort +// Rust implementation: https://docs.rs/pdqsort/latest/pdqsort/ +// limit is the number of allowed bad (very unbalanced) pivots before falling back to heapsort. +func pdqsortLessFunc[E any](data []E, a, b, limit int, less func(a, b E) bool) { + const maxInsertion = 12 + + var ( + wasBalanced = true // whether the last partitioning was reasonably balanced + wasPartitioned = true // whether the slice was already partitioned + ) + + for { + length := b - a + + if length <= maxInsertion { + insertionSortLessFunc(data, a, b, less) + return + } + + // Fall back to heapsort if too many bad choices were made. + if limit == 0 { + heapSortLessFunc(data, a, b, less) + return + } + + // If the last partitioning was imbalanced, we need to breaking patterns. + if !wasBalanced { + breakPatternsLessFunc(data, a, b, less) + limit-- + } + + pivot, hint := choosePivotLessFunc(data, a, b, less) + if hint == decreasingHint { + reverseRangeLessFunc(data, a, b, less) + // The chosen pivot was pivot-a elements after the start of the array. + // After reversing it is pivot-a elements before the end of the array. + // The idea came from Rust's implementation. + pivot = (b - 1) - (pivot - a) + hint = increasingHint + } + + // The slice is likely already sorted. + if wasBalanced && wasPartitioned && hint == increasingHint { + if partialInsertionSortLessFunc(data, a, b, less) { + return + } + } + + // Probably the slice contains many duplicate elements, partition the slice into + // elements equal to and elements greater than the pivot. + if a > 0 && !less(data[a-1], data[pivot]) { + mid := partitionEqualLessFunc(data, a, b, pivot, less) + a = mid + continue + } + + mid, alreadyPartitioned := partitionLessFunc(data, a, b, pivot, less) + wasPartitioned = alreadyPartitioned + + leftLen, rightLen := mid-a, b-mid + balanceThreshold := length / 8 + if leftLen < rightLen { + wasBalanced = leftLen >= balanceThreshold + pdqsortLessFunc(data, a, mid, limit, less) + a = mid + 1 + } else { + wasBalanced = rightLen >= balanceThreshold + pdqsortLessFunc(data, mid+1, b, limit, less) + b = mid + } + } +} + +// partitionLessFunc does one quicksort partition. +// Let p = data[pivot] +// Moves elements in data[a:b] around, so that data[i]

=p for inewpivot. +// On return, data[newpivot] = p +func partitionLessFunc[E any](data []E, a, b, pivot int, less func(a, b E) bool) (newpivot int, alreadyPartitioned bool) { + data[a], data[pivot] = data[pivot], data[a] + i, j := a+1, b-1 // i and j are inclusive of the elements remaining to be partitioned + + for i <= j && less(data[i], data[a]) { + i++ + } + for i <= j && !less(data[j], data[a]) { + j-- + } + if i > j { + data[j], data[a] = data[a], data[j] + return j, true + } + data[i], data[j] = data[j], data[i] + i++ + j-- + + for { + for i <= j && less(data[i], data[a]) { + i++ + } + for i <= j && !less(data[j], data[a]) { + j-- + } + if i > j { + break + } + data[i], data[j] = data[j], data[i] + i++ + j-- + } + data[j], data[a] = data[a], data[j] + return j, false +} + +// partitionEqualLessFunc partitions data[a:b] into elements equal to data[pivot] followed by elements greater than data[pivot]. +// It assumed that data[a:b] does not contain elements smaller than the data[pivot]. +func partitionEqualLessFunc[E any](data []E, a, b, pivot int, less func(a, b E) bool) (newpivot int) { + data[a], data[pivot] = data[pivot], data[a] + i, j := a+1, b-1 // i and j are inclusive of the elements remaining to be partitioned + + for { + for i <= j && !less(data[a], data[i]) { + i++ + } + for i <= j && less(data[a], data[j]) { + j-- + } + if i > j { + break + } + data[i], data[j] = data[j], data[i] + i++ + j-- + } + return i +} + +// partialInsertionSortLessFunc partially sorts a slice, returns true if the slice is sorted at the end. +func partialInsertionSortLessFunc[E any](data []E, a, b int, less func(a, b E) bool) bool { + const ( + maxSteps = 5 // maximum number of adjacent out-of-order pairs that will get shifted + shortestShifting = 50 // don't shift any elements on short arrays + ) + i := a + 1 + for j := 0; j < maxSteps; j++ { + for i < b && !less(data[i], data[i-1]) { + i++ + } + + if i == b { + return true + } + + if b-a < shortestShifting { + return false + } + + data[i], data[i-1] = data[i-1], data[i] + + // Shift the smaller one to the left. + if i-a >= 2 { + for j := i - 1; j >= 1; j-- { + if !less(data[j], data[j-1]) { + break + } + data[j], data[j-1] = data[j-1], data[j] + } + } + // Shift the greater one to the right. + if b-i >= 2 { + for j := i + 1; j < b; j++ { + if !less(data[j], data[j-1]) { + break + } + data[j], data[j-1] = data[j-1], data[j] + } + } + } + return false +} + +// breakPatternsLessFunc scatters some elements around in an attempt to break some patterns +// that might cause imbalanced partitions in quicksort. +func breakPatternsLessFunc[E any](data []E, a, b int, less func(a, b E) bool) { + length := b - a + if length >= 8 { + random := xorshift(length) + modulus := nextPowerOfTwo(length) + + for idx := a + (length/4)*2 - 1; idx <= a+(length/4)*2+1; idx++ { + other := int(uint(random.Next()) & (modulus - 1)) + if other >= length { + other -= length + } + data[idx], data[a+other] = data[a+other], data[idx] + } + } +} + +// choosePivotLessFunc chooses a pivot in data[a:b]. +// +// [0,8): chooses a static pivot. +// [8,shortestNinther): uses the simple median-of-three method. +// [shortestNinther,âˆ): uses the Tukey ninther method. +func choosePivotLessFunc[E any](data []E, a, b int, less func(a, b E) bool) (pivot int, hint sortedHint) { + const ( + shortestNinther = 50 + maxSwaps = 4 * 3 + ) + + l := b - a + + var ( + swaps int + i = a + l/4*1 + j = a + l/4*2 + k = a + l/4*3 + ) + + if l >= 8 { + if l >= shortestNinther { + // Tukey ninther method, the idea came from Rust's implementation. + i = medianAdjacentLessFunc(data, i, &swaps, less) + j = medianAdjacentLessFunc(data, j, &swaps, less) + k = medianAdjacentLessFunc(data, k, &swaps, less) + } + // Find the median among i, j, k and stores it into j. + j = medianLessFunc(data, i, j, k, &swaps, less) + } + + switch swaps { + case 0: + return j, increasingHint + case maxSwaps: + return j, decreasingHint + default: + return j, unknownHint + } +} + +// order2LessFunc returns x,y where data[x] <= data[y], where x,y=a,b or x,y=b,a. +func order2LessFunc[E any](data []E, a, b int, swaps *int, less func(a, b E) bool) (int, int) { + if less(data[b], data[a]) { + *swaps++ + return b, a + } + return a, b +} + +// medianLessFunc returns x where data[x] is the median of data[a],data[b],data[c], where x is a, b, or c. +func medianLessFunc[E any](data []E, a, b, c int, swaps *int, less func(a, b E) bool) int { + a, b = order2LessFunc(data, a, b, swaps, less) + b, c = order2LessFunc(data, b, c, swaps, less) + a, b = order2LessFunc(data, a, b, swaps, less) + return b +} + +// medianAdjacentLessFunc finds the median of data[a - 1], data[a], data[a + 1] and stores the index into a. +func medianAdjacentLessFunc[E any](data []E, a int, swaps *int, less func(a, b E) bool) int { + return medianLessFunc(data, a-1, a, a+1, swaps, less) +} + +func reverseRangeLessFunc[E any](data []E, a, b int, less func(a, b E) bool) { + i := a + j := b - 1 + for i < j { + data[i], data[j] = data[j], data[i] + i++ + j-- + } +} + +func swapRangeLessFunc[E any](data []E, a, b, n int, less func(a, b E) bool) { + for i := 0; i < n; i++ { + data[a+i], data[b+i] = data[b+i], data[a+i] + } +} + +func stableLessFunc[E any](data []E, n int, less func(a, b E) bool) { + blockSize := 20 // must be > 0 + a, b := 0, blockSize + for b <= n { + insertionSortLessFunc(data, a, b, less) + a = b + b += blockSize + } + insertionSortLessFunc(data, a, n, less) + + for blockSize < n { + a, b = 0, 2*blockSize + for b <= n { + symMergeLessFunc(data, a, a+blockSize, b, less) + a = b + b += 2 * blockSize + } + if m := a + blockSize; m < n { + symMergeLessFunc(data, a, m, n, less) + } + blockSize *= 2 + } +} + +// symMergeLessFunc merges the two sorted subsequences data[a:m] and data[m:b] using +// the SymMerge algorithm from Pok-Son Kim and Arne Kutzner, "Stable Minimum +// Storage Merging by Symmetric Comparisons", in Susanne Albers and Tomasz +// Radzik, editors, Algorithms - ESA 2004, volume 3221 of Lecture Notes in +// Computer Science, pages 714-723. Springer, 2004. +// +// Let M = m-a and N = b-n. Wolog M < N. +// The recursion depth is bound by ceil(log(N+M)). +// The algorithm needs O(M*log(N/M + 1)) calls to data.Less. +// The algorithm needs O((M+N)*log(M)) calls to data.Swap. +// +// The paper gives O((M+N)*log(M)) as the number of assignments assuming a +// rotation algorithm which uses O(M+N+gcd(M+N)) assignments. The argumentation +// in the paper carries through for Swap operations, especially as the block +// swapping rotate uses only O(M+N) Swaps. +// +// symMerge assumes non-degenerate arguments: a < m && m < b. +// Having the caller check this condition eliminates many leaf recursion calls, +// which improves performance. +func symMergeLessFunc[E any](data []E, a, m, b int, less func(a, b E) bool) { + // Avoid unnecessary recursions of symMerge + // by direct insertion of data[a] into data[m:b] + // if data[a:m] only contains one element. + if m-a == 1 { + // Use binary search to find the lowest index i + // such that data[i] >= data[a] for m <= i < b. + // Exit the search loop with i == b in case no such index exists. + i := m + j := b + for i < j { + h := int(uint(i+j) >> 1) + if less(data[h], data[a]) { + i = h + 1 + } else { + j = h + } + } + // Swap values until data[a] reaches the position before i. + for k := a; k < i-1; k++ { + data[k], data[k+1] = data[k+1], data[k] + } + return + } + + // Avoid unnecessary recursions of symMerge + // by direct insertion of data[m] into data[a:m] + // if data[m:b] only contains one element. + if b-m == 1 { + // Use binary search to find the lowest index i + // such that data[i] > data[m] for a <= i < m. + // Exit the search loop with i == m in case no such index exists. + i := a + j := m + for i < j { + h := int(uint(i+j) >> 1) + if !less(data[m], data[h]) { + i = h + 1 + } else { + j = h + } + } + // Swap values until data[m] reaches the position i. + for k := m; k > i; k-- { + data[k], data[k-1] = data[k-1], data[k] + } + return + } + + mid := int(uint(a+b) >> 1) + n := mid + m + var start, r int + if m > mid { + start = n - b + r = mid + } else { + start = a + r = m + } + p := n - 1 + + for start < r { + c := int(uint(start+r) >> 1) + if !less(data[p-c], data[c]) { + start = c + 1 + } else { + r = c + } + } + + end := n - start + if start < m && m < end { + rotateLessFunc(data, start, m, end, less) + } + if a < start && start < mid { + symMergeLessFunc(data, a, start, mid, less) + } + if mid < end && end < b { + symMergeLessFunc(data, mid, end, b, less) + } +} + +// rotateLessFunc rotates two consecutive blocks u = data[a:m] and v = data[m:b] in data: +// Data of the form 'x u v y' is changed to 'x v u y'. +// rotate performs at most b-a many calls to data.Swap, +// and it assumes non-degenerate arguments: a < m && m < b. +func rotateLessFunc[E any](data []E, a, m, b int, less func(a, b E) bool) { + i := m - a + j := b - m + + for i != j { + if i > j { + swapRangeLessFunc(data, m-i, m, j, less) + i -= j + } else { + swapRangeLessFunc(data, m-i, m+j-i, i, less) + j -= i + } + } + // i == j + swapRangeLessFunc(data, m-i, m, i, less) +} diff --git a/vendor/golang.org/x/exp/slices/zsortordered.go b/vendor/golang.org/x/exp/slices/zsortordered.go new file mode 100644 index 00000000000..efaa1c8b714 --- /dev/null +++ b/vendor/golang.org/x/exp/slices/zsortordered.go @@ -0,0 +1,481 @@ +// Code generated by gen_sort_variants.go; DO NOT EDIT. + +// Copyright 2022 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package slices + +import "golang.org/x/exp/constraints" + +// insertionSortOrdered sorts data[a:b] using insertion sort. +func insertionSortOrdered[E constraints.Ordered](data []E, a, b int) { + for i := a + 1; i < b; i++ { + for j := i; j > a && (data[j] < data[j-1]); j-- { + data[j], data[j-1] = data[j-1], data[j] + } + } +} + +// siftDownOrdered implements the heap property on data[lo:hi]. +// first is an offset into the array where the root of the heap lies. +func siftDownOrdered[E constraints.Ordered](data []E, lo, hi, first int) { + root := lo + for { + child := 2*root + 1 + if child >= hi { + break + } + if child+1 < hi && (data[first+child] < data[first+child+1]) { + child++ + } + if !(data[first+root] < data[first+child]) { + return + } + data[first+root], data[first+child] = data[first+child], data[first+root] + root = child + } +} + +func heapSortOrdered[E constraints.Ordered](data []E, a, b int) { + first := a + lo := 0 + hi := b - a + + // Build heap with greatest element at top. + for i := (hi - 1) / 2; i >= 0; i-- { + siftDownOrdered(data, i, hi, first) + } + + // Pop elements, largest first, into end of data. + for i := hi - 1; i >= 0; i-- { + data[first], data[first+i] = data[first+i], data[first] + siftDownOrdered(data, lo, i, first) + } +} + +// pdqsortOrdered sorts data[a:b]. +// The algorithm based on pattern-defeating quicksort(pdqsort), but without the optimizations from BlockQuicksort. +// pdqsort paper: https://arxiv.org/pdf/2106.05123.pdf +// C++ implementation: https://github.com/orlp/pdqsort +// Rust implementation: https://docs.rs/pdqsort/latest/pdqsort/ +// limit is the number of allowed bad (very unbalanced) pivots before falling back to heapsort. +func pdqsortOrdered[E constraints.Ordered](data []E, a, b, limit int) { + const maxInsertion = 12 + + var ( + wasBalanced = true // whether the last partitioning was reasonably balanced + wasPartitioned = true // whether the slice was already partitioned + ) + + for { + length := b - a + + if length <= maxInsertion { + insertionSortOrdered(data, a, b) + return + } + + // Fall back to heapsort if too many bad choices were made. + if limit == 0 { + heapSortOrdered(data, a, b) + return + } + + // If the last partitioning was imbalanced, we need to breaking patterns. + if !wasBalanced { + breakPatternsOrdered(data, a, b) + limit-- + } + + pivot, hint := choosePivotOrdered(data, a, b) + if hint == decreasingHint { + reverseRangeOrdered(data, a, b) + // The chosen pivot was pivot-a elements after the start of the array. + // After reversing it is pivot-a elements before the end of the array. + // The idea came from Rust's implementation. + pivot = (b - 1) - (pivot - a) + hint = increasingHint + } + + // The slice is likely already sorted. + if wasBalanced && wasPartitioned && hint == increasingHint { + if partialInsertionSortOrdered(data, a, b) { + return + } + } + + // Probably the slice contains many duplicate elements, partition the slice into + // elements equal to and elements greater than the pivot. + if a > 0 && !(data[a-1] < data[pivot]) { + mid := partitionEqualOrdered(data, a, b, pivot) + a = mid + continue + } + + mid, alreadyPartitioned := partitionOrdered(data, a, b, pivot) + wasPartitioned = alreadyPartitioned + + leftLen, rightLen := mid-a, b-mid + balanceThreshold := length / 8 + if leftLen < rightLen { + wasBalanced = leftLen >= balanceThreshold + pdqsortOrdered(data, a, mid, limit) + a = mid + 1 + } else { + wasBalanced = rightLen >= balanceThreshold + pdqsortOrdered(data, mid+1, b, limit) + b = mid + } + } +} + +// partitionOrdered does one quicksort partition. +// Let p = data[pivot] +// Moves elements in data[a:b] around, so that data[i]

=p for inewpivot. +// On return, data[newpivot] = p +func partitionOrdered[E constraints.Ordered](data []E, a, b, pivot int) (newpivot int, alreadyPartitioned bool) { + data[a], data[pivot] = data[pivot], data[a] + i, j := a+1, b-1 // i and j are inclusive of the elements remaining to be partitioned + + for i <= j && (data[i] < data[a]) { + i++ + } + for i <= j && !(data[j] < data[a]) { + j-- + } + if i > j { + data[j], data[a] = data[a], data[j] + return j, true + } + data[i], data[j] = data[j], data[i] + i++ + j-- + + for { + for i <= j && (data[i] < data[a]) { + i++ + } + for i <= j && !(data[j] < data[a]) { + j-- + } + if i > j { + break + } + data[i], data[j] = data[j], data[i] + i++ + j-- + } + data[j], data[a] = data[a], data[j] + return j, false +} + +// partitionEqualOrdered partitions data[a:b] into elements equal to data[pivot] followed by elements greater than data[pivot]. +// It assumed that data[a:b] does not contain elements smaller than the data[pivot]. +func partitionEqualOrdered[E constraints.Ordered](data []E, a, b, pivot int) (newpivot int) { + data[a], data[pivot] = data[pivot], data[a] + i, j := a+1, b-1 // i and j are inclusive of the elements remaining to be partitioned + + for { + for i <= j && !(data[a] < data[i]) { + i++ + } + for i <= j && (data[a] < data[j]) { + j-- + } + if i > j { + break + } + data[i], data[j] = data[j], data[i] + i++ + j-- + } + return i +} + +// partialInsertionSortOrdered partially sorts a slice, returns true if the slice is sorted at the end. +func partialInsertionSortOrdered[E constraints.Ordered](data []E, a, b int) bool { + const ( + maxSteps = 5 // maximum number of adjacent out-of-order pairs that will get shifted + shortestShifting = 50 // don't shift any elements on short arrays + ) + i := a + 1 + for j := 0; j < maxSteps; j++ { + for i < b && !(data[i] < data[i-1]) { + i++ + } + + if i == b { + return true + } + + if b-a < shortestShifting { + return false + } + + data[i], data[i-1] = data[i-1], data[i] + + // Shift the smaller one to the left. + if i-a >= 2 { + for j := i - 1; j >= 1; j-- { + if !(data[j] < data[j-1]) { + break + } + data[j], data[j-1] = data[j-1], data[j] + } + } + // Shift the greater one to the right. + if b-i >= 2 { + for j := i + 1; j < b; j++ { + if !(data[j] < data[j-1]) { + break + } + data[j], data[j-1] = data[j-1], data[j] + } + } + } + return false +} + +// breakPatternsOrdered scatters some elements around in an attempt to break some patterns +// that might cause imbalanced partitions in quicksort. +func breakPatternsOrdered[E constraints.Ordered](data []E, a, b int) { + length := b - a + if length >= 8 { + random := xorshift(length) + modulus := nextPowerOfTwo(length) + + for idx := a + (length/4)*2 - 1; idx <= a+(length/4)*2+1; idx++ { + other := int(uint(random.Next()) & (modulus - 1)) + if other >= length { + other -= length + } + data[idx], data[a+other] = data[a+other], data[idx] + } + } +} + +// choosePivotOrdered chooses a pivot in data[a:b]. +// +// [0,8): chooses a static pivot. +// [8,shortestNinther): uses the simple median-of-three method. +// [shortestNinther,âˆ): uses the Tukey ninther method. +func choosePivotOrdered[E constraints.Ordered](data []E, a, b int) (pivot int, hint sortedHint) { + const ( + shortestNinther = 50 + maxSwaps = 4 * 3 + ) + + l := b - a + + var ( + swaps int + i = a + l/4*1 + j = a + l/4*2 + k = a + l/4*3 + ) + + if l >= 8 { + if l >= shortestNinther { + // Tukey ninther method, the idea came from Rust's implementation. + i = medianAdjacentOrdered(data, i, &swaps) + j = medianAdjacentOrdered(data, j, &swaps) + k = medianAdjacentOrdered(data, k, &swaps) + } + // Find the median among i, j, k and stores it into j. + j = medianOrdered(data, i, j, k, &swaps) + } + + switch swaps { + case 0: + return j, increasingHint + case maxSwaps: + return j, decreasingHint + default: + return j, unknownHint + } +} + +// order2Ordered returns x,y where data[x] <= data[y], where x,y=a,b or x,y=b,a. +func order2Ordered[E constraints.Ordered](data []E, a, b int, swaps *int) (int, int) { + if data[b] < data[a] { + *swaps++ + return b, a + } + return a, b +} + +// medianOrdered returns x where data[x] is the median of data[a],data[b],data[c], where x is a, b, or c. +func medianOrdered[E constraints.Ordered](data []E, a, b, c int, swaps *int) int { + a, b = order2Ordered(data, a, b, swaps) + b, c = order2Ordered(data, b, c, swaps) + a, b = order2Ordered(data, a, b, swaps) + return b +} + +// medianAdjacentOrdered finds the median of data[a - 1], data[a], data[a + 1] and stores the index into a. +func medianAdjacentOrdered[E constraints.Ordered](data []E, a int, swaps *int) int { + return medianOrdered(data, a-1, a, a+1, swaps) +} + +func reverseRangeOrdered[E constraints.Ordered](data []E, a, b int) { + i := a + j := b - 1 + for i < j { + data[i], data[j] = data[j], data[i] + i++ + j-- + } +} + +func swapRangeOrdered[E constraints.Ordered](data []E, a, b, n int) { + for i := 0; i < n; i++ { + data[a+i], data[b+i] = data[b+i], data[a+i] + } +} + +func stableOrdered[E constraints.Ordered](data []E, n int) { + blockSize := 20 // must be > 0 + a, b := 0, blockSize + for b <= n { + insertionSortOrdered(data, a, b) + a = b + b += blockSize + } + insertionSortOrdered(data, a, n) + + for blockSize < n { + a, b = 0, 2*blockSize + for b <= n { + symMergeOrdered(data, a, a+blockSize, b) + a = b + b += 2 * blockSize + } + if m := a + blockSize; m < n { + symMergeOrdered(data, a, m, n) + } + blockSize *= 2 + } +} + +// symMergeOrdered merges the two sorted subsequences data[a:m] and data[m:b] using +// the SymMerge algorithm from Pok-Son Kim and Arne Kutzner, "Stable Minimum +// Storage Merging by Symmetric Comparisons", in Susanne Albers and Tomasz +// Radzik, editors, Algorithms - ESA 2004, volume 3221 of Lecture Notes in +// Computer Science, pages 714-723. Springer, 2004. +// +// Let M = m-a and N = b-n. Wolog M < N. +// The recursion depth is bound by ceil(log(N+M)). +// The algorithm needs O(M*log(N/M + 1)) calls to data.Less. +// The algorithm needs O((M+N)*log(M)) calls to data.Swap. +// +// The paper gives O((M+N)*log(M)) as the number of assignments assuming a +// rotation algorithm which uses O(M+N+gcd(M+N)) assignments. The argumentation +// in the paper carries through for Swap operations, especially as the block +// swapping rotate uses only O(M+N) Swaps. +// +// symMerge assumes non-degenerate arguments: a < m && m < b. +// Having the caller check this condition eliminates many leaf recursion calls, +// which improves performance. +func symMergeOrdered[E constraints.Ordered](data []E, a, m, b int) { + // Avoid unnecessary recursions of symMerge + // by direct insertion of data[a] into data[m:b] + // if data[a:m] only contains one element. + if m-a == 1 { + // Use binary search to find the lowest index i + // such that data[i] >= data[a] for m <= i < b. + // Exit the search loop with i == b in case no such index exists. + i := m + j := b + for i < j { + h := int(uint(i+j) >> 1) + if data[h] < data[a] { + i = h + 1 + } else { + j = h + } + } + // Swap values until data[a] reaches the position before i. + for k := a; k < i-1; k++ { + data[k], data[k+1] = data[k+1], data[k] + } + return + } + + // Avoid unnecessary recursions of symMerge + // by direct insertion of data[m] into data[a:m] + // if data[m:b] only contains one element. + if b-m == 1 { + // Use binary search to find the lowest index i + // such that data[i] > data[m] for a <= i < m. + // Exit the search loop with i == m in case no such index exists. + i := a + j := m + for i < j { + h := int(uint(i+j) >> 1) + if !(data[m] < data[h]) { + i = h + 1 + } else { + j = h + } + } + // Swap values until data[m] reaches the position i. + for k := m; k > i; k-- { + data[k], data[k-1] = data[k-1], data[k] + } + return + } + + mid := int(uint(a+b) >> 1) + n := mid + m + var start, r int + if m > mid { + start = n - b + r = mid + } else { + start = a + r = m + } + p := n - 1 + + for start < r { + c := int(uint(start+r) >> 1) + if !(data[p-c] < data[c]) { + start = c + 1 + } else { + r = c + } + } + + end := n - start + if start < m && m < end { + rotateOrdered(data, start, m, end) + } + if a < start && start < mid { + symMergeOrdered(data, a, start, mid) + } + if mid < end && end < b { + symMergeOrdered(data, mid, end, b) + } +} + +// rotateOrdered rotates two consecutive blocks u = data[a:m] and v = data[m:b] in data: +// Data of the form 'x u v y' is changed to 'x v u y'. +// rotate performs at most b-a many calls to data.Swap, +// and it assumes non-degenerate arguments: a < m && m < b. +func rotateOrdered[E constraints.Ordered](data []E, a, m, b int) { + i := m - a + j := b - m + + for i != j { + if i > j { + swapRangeOrdered(data, m-i, m, j) + i -= j + } else { + swapRangeOrdered(data, m-i, m+j-i, i) + j -= i + } + } + // i == j + swapRangeOrdered(data, m-i, m, i) +} diff --git a/vendor/modules.txt b/vendor/modules.txt index 32022e7381a..3085d5d8734 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -2,13 +2,15 @@ ## explicit; go 1.16 github.com/checkpoint-restore/go-criu/v6 github.com/checkpoint-restore/go-criu/v6/rpc -# github.com/cilium/ebpf v0.10.0 -## explicit; go 1.18 +# github.com/cilium/ebpf v0.11.0 +## explicit; go 1.19 github.com/cilium/ebpf github.com/cilium/ebpf/asm github.com/cilium/ebpf/btf github.com/cilium/ebpf/internal +github.com/cilium/ebpf/internal/kconfig github.com/cilium/ebpf/internal/sys +github.com/cilium/ebpf/internal/tracefs github.com/cilium/ebpf/internal/unix github.com/cilium/ebpf/link # github.com/containerd/console v1.0.3 @@ -68,6 +70,11 @@ github.com/vishvananda/netlink/nl # github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df ## explicit; go 1.12 github.com/vishvananda/netns +# golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2 +## explicit; go 1.18 +golang.org/x/exp/constraints +golang.org/x/exp/maps +golang.org/x/exp/slices # golang.org/x/net v0.12.0 ## explicit; go 1.17 golang.org/x/net/bpf From fbf183c6f8c44859173fdc11020f78ea2def1550 Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Tue, 11 Apr 2023 11:23:26 +0200 Subject: [PATCH 0293/1176] Add uid and gid mappings to mounts Co-authored-by: Francis Laniel Signed-off-by: Rodrigo Campos --- libcontainer/configs/mount_linux.go | 16 ++ libcontainer/configs/validate/validator.go | 56 +++++ .../configs/validate/validator_test.go | 196 ++++++++++++++++++ libcontainer/container_linux.go | 6 +- libcontainer/specconv/spec_linux.go | 15 ++ 5 files changed, 286 insertions(+), 3 deletions(-) diff --git a/libcontainer/configs/mount_linux.go b/libcontainer/configs/mount_linux.go index 5cb7883c9a7..a4275df3a03 100644 --- a/libcontainer/configs/mount_linux.go +++ b/libcontainer/configs/mount_linux.go @@ -29,8 +29,24 @@ type Mount struct { // Extensions are additional flags that are specific to runc. Extensions int `json:"extensions"` + + // UIDMappings is used to changing file user owners w/o calling chown. + // Note that, the underlying filesystem should support this feature to be + // used. + // Every mount point could have its own mapping. + UIDMappings []IDMap `json:"uidMappings,omitempty"` + + // GIDMappings is used to changing file group owners w/o calling chown. + // Note that, the underlying filesystem should support this feature to be + // used. + // Every mount point could have its own mapping. + GIDMappings []IDMap `json:"gidMappings,omitempty"` } func (m *Mount) IsBind() bool { return m.Flags&unix.MS_BIND != 0 } + +func (m *Mount) IsIDMapped() bool { + return len(m.UIDMappings) > 0 || len(m.GIDMappings) > 0 +} diff --git a/libcontainer/configs/validate/validator.go b/libcontainer/configs/validate/validator.go index 26e13790194..5f065a38408 100644 --- a/libcontainer/configs/validate/validator.go +++ b/libcontainer/configs/validate/validator.go @@ -253,16 +253,72 @@ func cgroupsCheck(config *configs.Config) error { return nil } +func checkIDMapMounts(config *configs.Config, m *configs.Mount) error { + if !m.IsIDMapped() { + return nil + } + + if !m.IsBind() { + return fmt.Errorf("gidMappings/uidMappings is supported only for mounts with the option 'bind'") + } + if config.RootlessEUID { + return fmt.Errorf("gidMappings/uidMappings is not supported when runc is being launched with EUID != 0, needs CAP_SYS_ADMIN on the runc parent's user namespace") + } + if len(config.UidMappings) == 0 || len(config.GidMappings) == 0 { + return fmt.Errorf("not yet supported to use gidMappings/uidMappings in a mount without also using a user namespace") + } + if !sameMapping(config.UidMappings, m.UIDMappings) { + return fmt.Errorf("not yet supported for the mount uidMappings to be different than user namespace uidMapping") + } + if !sameMapping(config.GidMappings, m.GIDMappings) { + return fmt.Errorf("not yet supported for the mount gidMappings to be different than user namespace gidMapping") + } + if !filepath.IsAbs(m.Source) { + return fmt.Errorf("mount source not absolute") + } + + return nil +} + func mounts(config *configs.Config) error { for _, m := range config.Mounts { + // We upgraded this to an error in runc 1.2. We might need to + // revert this change if some users haven't still moved to use + // abs paths, in that please move this check inside + // checkIDMapMounts() as we do want to ensure that for idmap + // mounts anyways. if !filepath.IsAbs(m.Destination) { return fmt.Errorf("invalid mount %+v: mount destination not absolute", m) } + if err := checkIDMapMounts(config, m); err != nil { + return fmt.Errorf("invalid mount %+v: %w", m, err) + } } return nil } +// sameMapping checks if the mappings are the same. If the mappings are the same +// but in different order, it returns false. +func sameMapping(a, b []configs.IDMap) bool { + if len(a) != len(b) { + return false + } + + for i := range a { + if a[i].ContainerID != b[i].ContainerID { + return false + } + if a[i].HostID != b[i].HostID { + return false + } + if a[i].Size != b[i].Size { + return false + } + } + return true +} + func isHostNetNS(path string) (bool, error) { const currentProcessNetns = "/proc/self/ns/net" diff --git a/libcontainer/configs/validate/validator_test.go b/libcontainer/configs/validate/validator_test.go index ad632c89fce..fc92a7bb813 100644 --- a/libcontainer/configs/validate/validator_test.go +++ b/libcontainer/configs/validate/validator_test.go @@ -386,3 +386,199 @@ func TestValidateMounts(t *testing.T) { } } } + +func TestValidateIDMapMounts(t *testing.T) { + mapping := []configs.IDMap{ + { + ContainerID: 0, + HostID: 10000, + Size: 1, + }, + } + + testCases := []struct { + name string + isErr bool + config *configs.Config + }{ + { + name: "idmap mount without bind opt specified", + isErr: true, + config: &configs.Config{ + UidMappings: mapping, + GidMappings: mapping, + Mounts: []*configs.Mount{ + { + Source: "/abs/path/", + Destination: "/abs/path/", + UIDMappings: mapping, + GIDMappings: mapping, + }, + }, + }, + }, + { + name: "rootless idmap mount", + isErr: true, + config: &configs.Config{ + RootlessEUID: true, + UidMappings: mapping, + GidMappings: mapping, + Mounts: []*configs.Mount{ + { + Source: "/abs/path/", + Destination: "/abs/path/", + Flags: unix.MS_BIND, + UIDMappings: mapping, + GIDMappings: mapping, + }, + }, + }, + }, + { + name: "idmap mount without userns mappings", + isErr: true, + config: &configs.Config{ + Mounts: []*configs.Mount{ + { + Source: "/abs/path/", + Destination: "/abs/path/", + Flags: unix.MS_BIND, + UIDMappings: mapping, + GIDMappings: mapping, + }, + }, + }, + }, + { + name: "idmap mounts with different userns and mount mappings", + isErr: true, + config: &configs.Config{ + UidMappings: mapping, + GidMappings: mapping, + Mounts: []*configs.Mount{ + { + Source: "/abs/path/", + Destination: "/abs/path/", + Flags: unix.MS_BIND, + UIDMappings: []configs.IDMap{ + { + ContainerID: 10, + HostID: 10, + Size: 1, + }, + }, + GIDMappings: mapping, + }, + }, + }, + }, + { + name: "idmap mounts with different userns and mount mappings", + isErr: true, + config: &configs.Config{ + UidMappings: mapping, + GidMappings: mapping, + Mounts: []*configs.Mount{ + { + Source: "/abs/path/", + Destination: "/abs/path/", + Flags: unix.MS_BIND, + UIDMappings: mapping, + GIDMappings: []configs.IDMap{ + { + ContainerID: 10, + HostID: 10, + Size: 1, + }, + }, + }, + }, + }, + }, + { + name: "idmap mounts without abs source path", + isErr: true, + config: &configs.Config{ + UidMappings: mapping, + GidMappings: mapping, + Mounts: []*configs.Mount{ + { + Source: "./rel/path/", + Destination: "/abs/path/", + Flags: unix.MS_BIND, + UIDMappings: mapping, + GIDMappings: mapping, + }, + }, + }, + }, + { + name: "idmap mounts without abs dest path", + isErr: true, + config: &configs.Config{ + UidMappings: mapping, + GidMappings: mapping, + Mounts: []*configs.Mount{ + { + Source: "/abs/path/", + Destination: "./rel/path/", + Flags: unix.MS_BIND, + UIDMappings: mapping, + GIDMappings: mapping, + }, + }, + }, + }, + + { + name: "simple idmap mount", + config: &configs.Config{ + UidMappings: mapping, + GidMappings: mapping, + Mounts: []*configs.Mount{ + { + Source: "/another-abs/path/", + Destination: "/abs/path/", + Flags: unix.MS_BIND, + UIDMappings: mapping, + GIDMappings: mapping, + }, + }, + }, + }, + { + name: "idmap mount with more flags", + config: &configs.Config{ + UidMappings: mapping, + GidMappings: mapping, + Mounts: []*configs.Mount{ + { + Source: "/another-abs/path/", + Destination: "/abs/path/", + Flags: unix.MS_BIND | unix.MS_RDONLY, + UIDMappings: mapping, + GIDMappings: mapping, + }, + }, + }, + }, + } + + for _, tc := range testCases { + tc := tc + t.Run(tc.name, func(t *testing.T) { + config := tc.config + config.Rootfs = "/var" + + err := mounts(config) + if tc.isErr && err == nil { + t.Error("expected error, got nil") + } + + if !tc.isErr && err != nil { + t.Error(err) + } + }) + } +} diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index eac17027af8..e608d76093b 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -531,9 +531,9 @@ func (c *Container) shouldSendMountSources() bool { return false } - // We need to send sources if there are bind-mounts. + // We need to send sources if there are non-idmap bind-mounts. for _, m := range c.config.Mounts { - if m.IsBind() { + if m.IsBind() && !m.IsIDMapped() { return true } } @@ -2231,7 +2231,7 @@ func (c *Container) bootstrapData(cloneFlags uintptr, nsMaps map[configs.Namespa if it == initStandard && c.shouldSendMountSources() { var mounts []byte for _, m := range c.config.Mounts { - if m.IsBind() { + if m.IsBind() && !m.IsIDMapped() { if strings.IndexByte(m.Source, 0) >= 0 { return nil, fmt.Errorf("mount source string contains null byte: %q", m.Source) } diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go index 809424a97eb..cda29f4141d 100644 --- a/libcontainer/specconv/spec_linux.go +++ b/libcontainer/specconv/spec_linux.go @@ -497,6 +497,18 @@ func CreateLibcontainerConfig(opts *CreateOpts) (*configs.Config, error) { return config, nil } +func toConfigIDMap(specMaps []specs.LinuxIDMapping) []configs.IDMap { + idmaps := make([]configs.IDMap, len(specMaps)) + for i, id := range specMaps { + idmaps[i] = configs.IDMap{ + ContainerID: int(id.ContainerID), + HostID: int(id.HostID), + Size: int(id.Size), + } + } + return idmaps +} + func createLibcontainerMount(cwd string, m specs.Mount) (*configs.Mount, error) { if !filepath.IsAbs(m.Destination) { // Relax validation for backward compatibility @@ -519,6 +531,9 @@ func createLibcontainerMount(cwd string, m specs.Mount) (*configs.Mount, error) } } + mnt.UIDMappings = toConfigIDMap(m.UIDMappings) + mnt.GIDMappings = toConfigIDMap(m.GIDMappings) + // None of the mount arguments can contain a null byte. Normally such // strings would either cause some other failure or would just be truncated // when we hit the null byte, but because we serialise these strings as From 4b668a822487680a4a359f6003131aac07cfb3d4 Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Tue, 25 Apr 2023 16:09:50 +0200 Subject: [PATCH 0294/1176] Switch setupUserNamespace() to use the toConfigIDMap() helper We just added this helper for other parts of the code, let's switch this function to use the helper too. Signed-off-by: Rodrigo Campos --- libcontainer/specconv/spec_linux.go | 15 ++------------- 1 file changed, 2 insertions(+), 13 deletions(-) diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go index cda29f4141d..d7ca7a53dd4 100644 --- a/libcontainer/specconv/spec_linux.go +++ b/libcontainer/specconv/spec_linux.go @@ -944,20 +944,9 @@ next: } func setupUserNamespace(spec *specs.Spec, config *configs.Config) error { - create := func(m specs.LinuxIDMapping) configs.IDMap { - return configs.IDMap{ - HostID: int(m.HostID), - ContainerID: int(m.ContainerID), - Size: int(m.Size), - } - } if spec.Linux != nil { - for _, m := range spec.Linux.UIDMappings { - config.UidMappings = append(config.UidMappings, create(m)) - } - for _, m := range spec.Linux.GIDMappings { - config.GidMappings = append(config.GidMappings, create(m)) - } + config.UidMappings = toConfigIDMap(spec.Linux.UIDMappings) + config.GidMappings = toConfigIDMap(spec.Linux.GIDMappings) } rootUID, err := config.HostRootUID() if err != nil { From 5166164dedddffaa92dc9af4514ff6af54fa8070 Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Thu, 9 Feb 2023 12:55:19 +0100 Subject: [PATCH 0295/1176] nsexec: Add generic receive_sources() Future patches will use this with another env var. Co-authored-by: Francis Laniel Signed-off-by: Rodrigo Campos --- libcontainer/nsenter/nsexec.c | 33 +++++++++++++++++++++------------ 1 file changed, 21 insertions(+), 12 deletions(-) diff --git a/libcontainer/nsenter/nsexec.c b/libcontainer/nsenter/nsexec.c index 748791d6b82..92583a995db 100644 --- a/libcontainer/nsenter/nsexec.c +++ b/libcontainer/nsenter/nsexec.c @@ -522,26 +522,30 @@ static inline int sane_kill(pid_t pid, int signum) return 0; } -void receive_mountsources(int sockfd) +/* receive_fd_sources parses env_var as an array of fd numbers and, for each element that is + * not -1, it receives an fd via SCM_RIGHTS and dup3 it to the fd requested in + * the element of the env var. + */ +void receive_fd_sources(int sockfd, const char *env_var) { - char *mount_fds, *endp; + char *fds, *endp; long new_fd; // This env var must be a json array of ints. - mount_fds = getenv("_LIBCONTAINER_MOUNT_FDS"); + fds = getenv(env_var); - if (mount_fds[0] != '[') { - bail("malformed _LIBCONTAINER_MOUNT_FDS env var: missing '['"); + if (fds[0] != '[') { + bail("malformed %s env var: missing '['", env_var); } - mount_fds++; + fds++; - for (endp = mount_fds; *endp != ']'; mount_fds = endp + 1) { - new_fd = strtol(mount_fds, &endp, 10); - if (endp == mount_fds) { - bail("malformed _LIBCONTAINER_MOUNT_FDS env var: not a number"); + for (endp = fds; *endp != ']'; fds = endp + 1) { + new_fd = strtol(fds, &endp, 10); + if (endp == fds) { + bail("malformed %s env var: not a number", env_var); } if (*endp == '\0') { - bail("malformed _LIBCONTAINER_MOUNT_FDS env var: missing ]"); + bail("malformed %s env var: missing ]", env_var); } // The list contains -1 when no fd is needed. Ignore them. if (new_fd == -1) { @@ -549,7 +553,7 @@ void receive_mountsources(int sockfd) } if (new_fd == LONG_MAX || new_fd < 0 || new_fd > INT_MAX) { - bail("malformed _LIBCONTAINER_MOUNT_FDS env var: fds out of range"); + bail("malformed %s env var: fds out of range", env_var); } int recv_fd = receive_fd(sockfd); @@ -562,6 +566,11 @@ void receive_mountsources(int sockfd) } } +void receive_mountsources(int sockfd) +{ + receive_fd_sources(sockfd, "_LIBCONTAINER_MOUNT_FDS"); +} + void send_mountsources(int sockfd, pid_t child, char *mountsources, size_t mountsources_len) { char proc_path[PATH_MAX]; From 96bd487590bdcd075b32eea1741f3626ae15be43 Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Thu, 9 Feb 2023 12:58:30 +0100 Subject: [PATCH 0296/1176] nsenter: Add idmap helpers We add idmap.h with the needed includes and defines in case the system headers don't have the definition for the idmap syscalls we need. Future patches will use these helpers. Co-authored-by: Francis Laniel Signed-off-by: Rodrigo Campos --- libcontainer/nsenter/idmap.h | 76 ++++++++++++++++++++++++++++++++++++ 1 file changed, 76 insertions(+) create mode 100644 libcontainer/nsenter/idmap.h diff --git a/libcontainer/nsenter/idmap.h b/libcontainer/nsenter/idmap.h new file mode 100644 index 00000000000..fa25a3bfb2f --- /dev/null +++ b/libcontainer/nsenter/idmap.h @@ -0,0 +1,76 @@ +#ifndef IDMAP_H +#define IDMAP_H + +#include +// Centos-7 doesn't have this file nor the __has_include() directive, so let's +// just leave this commented out and we can uncomment when it hits EOL (2024-06-30). +//#include +#include +#include + +/* mount_setattr() */ +#ifndef MOUNT_ATTR_IDMAP +#define MOUNT_ATTR_IDMAP 0x00100000 +#endif + +#ifndef __NR_mount_setattr + #if defined _MIPS_SIM + #if _MIPS_SIM == _MIPS_SIM_ABI32 /* o32 */ + #define __NR_mount_setattr (442 + 4000) + #endif + #if _MIPS_SIM == _MIPS_SIM_NABI32 /* n32 */ + #define __NR_mount_setattr (442 + 6000) + #endif + #if _MIPS_SIM == _MIPS_SIM_ABI64 /* n64 */ + #define __NR_mount_setattr (442 + 5000) + #endif + #else + #define __NR_mount_setattr 442 + #endif +#endif +#ifndef MOUNT_ATTR_SIZE_VER0 +struct mount_attr { + __u64 attr_set; + __u64 attr_clr; + __u64 propagation; + __u64 userns_fd; +}; +#endif + +/* open_tree() */ +#ifndef OPEN_TREE_CLONE +#define OPEN_TREE_CLONE 1 +#endif + +#ifndef OPEN_TREE_CLOEXEC +#define OPEN_TREE_CLOEXEC O_CLOEXEC +#endif + +#ifndef __NR_open_tree + #if defined _MIPS_SIM + #if _MIPS_SIM == _MIPS_SIM_ABI32 /* o32 */ + #define __NR_open_tree 4428 + #endif + #if _MIPS_SIM == _MIPS_SIM_NABI32 /* n32 */ + #define __NR_open_tree 6428 + #endif + #if _MIPS_SIM == _MIPS_SIM_ABI64 /* n64 */ + #define __NR_open_tree 5428 + #endif + #else + #define __NR_open_tree 428 + #endif +#endif + +static inline int sys_mount_setattr(int dfd, const char *path, unsigned int flags, struct mount_attr *attr, size_t size) +{ + return syscall(__NR_mount_setattr, dfd, path, flags, attr, size); +} + +static inline int sys_open_tree(int dfd, const char *filename, unsigned int flags) +{ + return syscall(__NR_open_tree, dfd, filename, flags); +} + + +#endif /* IDMAP_H */ From f5814a1007089facbc262389c7acd12330fcf89b Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Mon, 3 Apr 2023 15:19:37 +0200 Subject: [PATCH 0297/1176] libcontainer: Add generic sendFdsSources() Let's move the code to send mount sources to a generic function. Future patches will use it for idmap sources too. Signed-off-by: Rodrigo Campos --- libcontainer/container_linux.go | 66 +++++++++++++++++++-------------- 1 file changed, 38 insertions(+), 28 deletions(-) diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index e608d76093b..8b5709cf6a0 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -541,6 +541,42 @@ func (c *Container) shouldSendMountSources() bool { return false } +func (c *Container) sendMountSources(cmd *exec.Cmd, messageSockPair filePair) error { + if !c.shouldSendMountSources() { + return nil + } + + return c.sendFdsSources(cmd, messageSockPair, "_LIBCONTAINER_MOUNT_FDS", func(m *configs.Mount) bool { + return m.IsBind() && !m.IsIDMapped() + }) +} + +func (c *Container) sendFdsSources(cmd *exec.Cmd, messageSockPair filePair, envVar string, condition func(*configs.Mount) bool) error { + // Elements on these slices will be paired with mounts (see StartInitialization() and + // prepareRootfs()). These slices MUST have the same size as c.config.Mounts. + fds := make([]int, len(c.config.Mounts)) + for i, m := range c.config.Mounts { + if !condition(m) { + // The -1 fd is ignored later. + fds[i] = -1 + continue + } + + // The fd passed here will not be used: nsexec.c will overwrite it with dup3(). We just need + // to allocate a fd so that we know the number to pass in the environment variable. The fd + // must not be closed before cmd.Start(), so we reuse messageSockPair.child because the + // lifecycle of that fd is already taken care of. + cmd.ExtraFiles = append(cmd.ExtraFiles, messageSockPair.child) + fds[i] = stdioFdCount + len(cmd.ExtraFiles) - 1 + } + fdsJSON, err := json.Marshal(fds) + if err != nil { + return fmt.Errorf("Error creating %v: %w", envVar, err) + } + cmd.Env = append(cmd.Env, envVar+"="+string(fdsJSON)) + return nil +} + func (c *Container) newInitProcess(p *Process, cmd *exec.Cmd, messageSockPair, logFilePair filePair) (*initProcess, error) { cmd.Env = append(cmd.Env, "_LIBCONTAINER_INITTYPE="+string(initStandard)) nsMaps := make(map[configs.NamespaceType]string) @@ -553,34 +589,8 @@ func (c *Container) newInitProcess(p *Process, cmd *exec.Cmd, messageSockPair, l if err != nil { return nil, err } - - if c.shouldSendMountSources() { - // Elements on this slice will be paired with mounts (see StartInitialization() and - // prepareRootfs()). This slice MUST have the same size as c.config.Mounts. - mountFds := make([]int, len(c.config.Mounts)) - for i, m := range c.config.Mounts { - if !m.IsBind() { - // Non bind-mounts do not use an fd. - mountFds[i] = -1 - continue - } - - // The fd passed here will not be used: nsexec.c will overwrite it with dup3(). We just need - // to allocate a fd so that we know the number to pass in the environment variable. The fd - // must not be closed before cmd.Start(), so we reuse messageSockPair.child because the - // lifecycle of that fd is already taken care of. - cmd.ExtraFiles = append(cmd.ExtraFiles, messageSockPair.child) - mountFds[i] = stdioFdCount + len(cmd.ExtraFiles) - 1 - } - - mountFdsJson, err := json.Marshal(mountFds) - if err != nil { - return nil, fmt.Errorf("Error creating _LIBCONTAINER_MOUNT_FDS: %w", err) - } - - cmd.Env = append(cmd.Env, - "_LIBCONTAINER_MOUNT_FDS="+string(mountFdsJson), - ) + if err := c.sendMountSources(cmd, messageSockPair); err != nil { + return nil, err } init := &initProcess{ From 0172016a535e25f6c1052aaa3a8b7a1616b1bf28 Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Mon, 3 Apr 2023 15:49:07 +0200 Subject: [PATCH 0298/1176] libcontainer: Add generic parseFdsFromEnv() We will add code that uses this function in future patches. So let's just split it to a new function now and reuse it later. Signed-off-by: Rodrigo Campos --- libcontainer/factory_linux.go | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/libcontainer/factory_linux.go b/libcontainer/factory_linux.go index d10a278102e..4cb4a88bf0d 100644 --- a/libcontainer/factory_linux.go +++ b/libcontainer/factory_linux.go @@ -215,17 +215,17 @@ func validateID(id string) error { return nil } -func parseMountFds() ([]int, error) { - fdsJSON := os.Getenv("_LIBCONTAINER_MOUNT_FDS") +func parseFdsFromEnv(envVar string) ([]int, error) { + fdsJSON := os.Getenv(envVar) if fdsJSON == "" { // Always return the nil slice if no fd is present. return nil, nil } - var mountFds []int - if err := json.Unmarshal([]byte(fdsJSON), &mountFds); err != nil { - return nil, fmt.Errorf("Error unmarshalling _LIBCONTAINER_MOUNT_FDS: %w", err) + var fds []int + if err := json.Unmarshal([]byte(fdsJSON), &fds); err != nil { + return nil, fmt.Errorf("Error unmarshalling %v: %w", envVar, err) } - return mountFds, nil + return fds, nil } From 73b649705a33c0cb6862042826eeb5115ec32b03 Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Mon, 3 Apr 2023 15:43:21 +0200 Subject: [PATCH 0299/1176] libcontainer: Add mountFds struct We will need to pass more slices of fds to these functions in future patches. Let's add a struct that just contains them all, instead of adding lot of parameters to these functions. Signed-off-by: Rodrigo Campos --- libcontainer/init_linux.go | 19 ++++++++++++++----- libcontainer/rootfs_linux.go | 10 +++++----- libcontainer/standard_init_linux.go | 8 ++++---- 3 files changed, 23 insertions(+), 14 deletions(-) diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go index ed84ab59e86..4f6ed61c076 100644 --- a/libcontainer/init_linux.go +++ b/libcontainer/init_linux.go @@ -47,6 +47,15 @@ type network struct { TempVethPeerName string `json:"temp_veth_peer_name"` } +type mountFds struct { + // Fds to use as source when mounting + // Size should be the same as container mounts, as it will be paired. + // The value -1 is used when no fd is needed for the mount. + // Can't have a valid fd in the same position that other slices in this struct. + // We need to use only one of these fds on any single mount. + sourceFds []int +} + // initConfig is used for transferring parameters from Exec() to Init() type initConfig struct { Args []string `json:"args"` @@ -128,7 +137,7 @@ func StartInitialization() (retErr error) { } // Get mount files (O_PATH). - mountFds, err := parseMountFds() + mountSrcFds, err := parseFdsFromEnv("_LIBCONTAINER_MOUNT_FDS") if err != nil { return err } @@ -148,10 +157,10 @@ func StartInitialization() (retErr error) { }() // If init succeeds, it will not return, hence none of the defers will be called. - return containerInit(it, pipe, consoleSocket, fifofd, logPipeFd, mountFds) + return containerInit(it, pipe, consoleSocket, fifofd, logPipeFd, mountFds{sourceFds: mountSrcFds}) } -func containerInit(t initType, pipe *os.File, consoleSocket *os.File, fifoFd, logFd int, mountFds []int) error { +func containerInit(t initType, pipe *os.File, consoleSocket *os.File, fifoFd, logFd int, mountFds mountFds) error { var config *initConfig if err := json.NewDecoder(pipe).Decode(&config); err != nil { return err @@ -162,8 +171,8 @@ func containerInit(t initType, pipe *os.File, consoleSocket *os.File, fifoFd, lo switch t { case initSetns: // mountFds must be nil in this case. We don't mount while doing runc exec. - if mountFds != nil { - return errors.New("mountFds must be nil; can't mount from exec") + if mountFds.sourceFds != nil { + return errors.New("mount source fds must be nil; can't mount from exec") } i := &linuxSetnsInit{ diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index 00e84e7918f..d93f9246fa6 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -63,14 +63,14 @@ func needsSetupDev(config *configs.Config) bool { // prepareRootfs sets up the devices, mount points, and filesystems for use // inside a new mount namespace. It doesn't set anything as ro. You must call // finalizeRootfs after this function to finish setting up the rootfs. -func prepareRootfs(pipe io.ReadWriter, iConfig *initConfig, mountFds []int) (err error) { +func prepareRootfs(pipe io.ReadWriter, iConfig *initConfig, mountFds mountFds) (err error) { config := iConfig.Config if err := prepareRoot(config); err != nil { return fmt.Errorf("error preparing rootfs: %w", err) } - if mountFds != nil && len(mountFds) != len(config.Mounts) { - return fmt.Errorf("malformed mountFds slice. Expected size: %v, got: %v. Slice: %v", len(config.Mounts), len(mountFds), mountFds) + if mountFds.sourceFds != nil && len(mountFds.sourceFds) != len(config.Mounts) { + return fmt.Errorf("malformed mountFds slice. Expected size: %v, got: %v. Slice: %v", len(config.Mounts), len(mountFds.sourceFds), mountFds.sourceFds) } mountConfig := &mountConfig{ @@ -84,8 +84,8 @@ func prepareRootfs(pipe io.ReadWriter, iConfig *initConfig, mountFds []int) (err entry := mountEntry{Mount: m} // Just before the loop we checked that if not empty, len(mountFds) == len(config.Mounts). // Therefore, we can access mountFds[i] without any concerns. - if mountFds != nil && mountFds[i] != -1 { - entry.srcFD = "/proc/self/fd/" + strconv.Itoa(mountFds[i]) + if mountFds.sourceFds != nil && mountFds.sourceFds[i] != -1 { + entry.srcFD = "/proc/self/fd/" + strconv.Itoa(mountFds.sourceFds[i]) } if err := mountToRootfs(mountConfig, entry); err != nil { diff --git a/libcontainer/standard_init_linux.go b/libcontainer/standard_init_linux.go index a4c01953aeb..b22b37ecdd6 100644 --- a/libcontainer/standard_init_linux.go +++ b/libcontainer/standard_init_linux.go @@ -25,7 +25,7 @@ type linuxStandardInit struct { parentPid int fifoFd int logFd int - mountFds []int + mountFds mountFds config *initConfig } @@ -86,15 +86,15 @@ func (l *linuxStandardInit) Init() error { // initialises the labeling system selinux.GetEnabled() - // We don't need the mountFds after prepareRootfs() nor if it fails. + // We don't need the mountFds.SourceFds after prepareRootfs() nor if it fails. err := prepareRootfs(l.pipe, l.config, l.mountFds) - for _, m := range l.mountFds { + for _, m := range l.mountFds.sourceFds { if m == -1 { continue } if err := unix.Close(m); err != nil { - return fmt.Errorf("Unable to close mountFds fds: %w", err) + return fmt.Errorf("unable to close mount sourceFds: %w", err) } } From fe4528b176821edddcb1e41b0322c0baf45ad94c Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Tue, 11 Jul 2023 16:02:31 +0200 Subject: [PATCH 0300/1176] libcontainer: Just print the mountFds slice len on errors Signed-off-by: Rodrigo Campos --- libcontainer/rootfs_linux.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index d93f9246fa6..9622798f0fd 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -70,7 +70,7 @@ func prepareRootfs(pipe io.ReadWriter, iConfig *initConfig, mountFds mountFds) ( } if mountFds.sourceFds != nil && len(mountFds.sourceFds) != len(config.Mounts) { - return fmt.Errorf("malformed mountFds slice. Expected size: %v, got: %v. Slice: %v", len(config.Mounts), len(mountFds.sourceFds), mountFds.sourceFds) + return fmt.Errorf("malformed mountFds slice. Expected size: %v, got: %v", len(config.Mounts), len(mountFds.sourceFds)) } mountConfig := &mountConfig{ From 98317c16ed1edb9405232662589fe704fff50641 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 28 Jun 2023 13:20:09 -0700 Subject: [PATCH 0301/1176] ci: bump golangci-lint, remove fixed exception The exception was fixed by https://github.com/polyfloyd/go-errorlint/pull/12 which eventually made its way into golangci-lint. Signed-off-by: Kir Kolyshkin --- .github/workflows/validate.yml | 2 +- libcontainer/user/user.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 0dd805e810f..984e4f6721b 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -39,7 +39,7 @@ jobs: sudo apt -q install libseccomp-dev - uses: golangci/golangci-lint-action@v3 with: - version: v1.51 + version: v1.53 # Extra linters, only checking new code from a pull request. - name: lint-extra if: github.event_name == 'pull_request' diff --git a/libcontainer/user/user.go b/libcontainer/user/user.go index a1e216683d9..984466d1ab5 100644 --- a/libcontainer/user/user.go +++ b/libcontainer/user/user.go @@ -201,7 +201,7 @@ func ParseGroupFilter(r io.Reader, filter func(Group) bool) ([]Group, error) { if err != nil { // We should return no error if EOF is reached // without a match. - if err == io.EOF { //nolint:errorlint // comparison with io.EOF is legit, https://github.com/polyfloyd/go-errorlint/pull/12 + if err == io.EOF { err = nil } return out, err From fda12ab1014e0ee23323cff6ec27ce7809c1e531 Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Mon, 3 Apr 2023 15:52:35 +0200 Subject: [PATCH 0302/1176] Support idmap mounts on volumes This commit adds support for idmap mounts as specified in the runtime-spec. We open the idmap source paths and call mount_setattr() in runc PARENT, as we need privileges in the init userns for that, and then sends the fds to the child process. For this fd passing we use the same mechanism used in other parts of thecode, the _LIBCONTAINER_ env vars. The mount is finished (unix.MoveMount) from go code, inside the userns, so we reuse all the prepareBindMount() security checks and the remount logic for some flags too. This commit only supports idmap mounts when userns are used AND the mappings are the same specified for the userns mapping. This limitation is to simplify the initial implementation, as all our users so far only need this, and we can avoid sending over netlink the mappings, creating a userns with this custom mapping, etc. Future PRs will remove this limitation. Co-authored-by: Francis Laniel Signed-off-by: Rodrigo Campos --- libcontainer/container_linux.go | 68 ++++++++++++++++ libcontainer/init_linux.go | 21 +++-- libcontainer/message_linux.go | 1 + libcontainer/nsenter/nsexec.c | 117 ++++++++++++++++++++++++++++ libcontainer/rootfs_linux.go | 49 +++++++++++- libcontainer/standard_init_linux.go | 7 +- 6 files changed, 249 insertions(+), 14 deletions(-) diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index 8b5709cf6a0..21c9905e69e 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -541,6 +541,38 @@ func (c *Container) shouldSendMountSources() bool { return false } +// shouldSendIdmapSources says whether the child process must setup idmap mounts with +// the mount_setattr already done in the host user namespace. +func (c *Container) shouldSendIdmapSources() bool { + // nsexec.c mount_setattr() requires CAP_SYS_ADMIN in: + // * the user namespace the filesystem was mounted in; + // * the user namespace we're trying to idmap the mount to; + // * the owning user namespace of the mount namespace you're currently located in. + // + // See the comment from Christian Brauner: + // https://github.com/opencontainers/runc/pull/3717#discussion_r1103607972 + // + // Let's just rule out rootless, we don't have those permission in the + // rootless case. + if c.config.RootlessEUID { + return false + } + + // For the time being we require userns to be in use. + if !c.config.Namespaces.Contains(configs.NEWUSER) { + return false + } + + // We need to send sources if there are idmap bind-mounts. + for _, m := range c.config.Mounts { + if m.IsBind() && m.IsIDMapped() { + return true + } + } + + return false +} + func (c *Container) sendMountSources(cmd *exec.Cmd, messageSockPair filePair) error { if !c.shouldSendMountSources() { return nil @@ -551,6 +583,16 @@ func (c *Container) sendMountSources(cmd *exec.Cmd, messageSockPair filePair) er }) } +func (c *Container) sendIdmapSources(cmd *exec.Cmd, messageSockPair filePair) error { + if !c.shouldSendIdmapSources() { + return nil + } + + return c.sendFdsSources(cmd, messageSockPair, "_LIBCONTAINER_IDMAP_FDS", func(m *configs.Mount) bool { + return m.IsBind() && m.IsIDMapped() + }) +} + func (c *Container) sendFdsSources(cmd *exec.Cmd, messageSockPair filePair, envVar string, condition func(*configs.Mount) bool) error { // Elements on these slices will be paired with mounts (see StartInitialization() and // prepareRootfs()). These slices MUST have the same size as c.config.Mounts. @@ -592,6 +634,9 @@ func (c *Container) newInitProcess(p *Process, cmd *exec.Cmd, messageSockPair, l if err := c.sendMountSources(cmd, messageSockPair); err != nil { return nil, err } + if err := c.sendIdmapSources(cmd, messageSockPair); err != nil { + return nil, err + } init := &initProcess{ cmd: cmd, @@ -2256,6 +2301,29 @@ func (c *Container) bootstrapData(cloneFlags uintptr, nsMaps map[configs.Namespa }) } + // Idmap mount sources to open. + if it == initStandard && c.shouldSendIdmapSources() { + var mounts []byte + for _, m := range c.config.Mounts { + if m.IsBind() && m.IsIDMapped() { + // While other parts of the code check this too (like + // libcontainer/specconv/spec_linux.go) we do it here also because some libcontainer + // users don't use those functions. + if strings.IndexByte(m.Source, 0) >= 0 { + return nil, fmt.Errorf("mount source string contains null byte: %q", m.Source) + } + + mounts = append(mounts, []byte(m.Source)...) + } + mounts = append(mounts, byte(0)) + } + + r.AddData(&Bytemsg{ + Type: IdmapSourcesAttr, + Value: mounts, + }) + } + return bytes.NewReader(r.Serialize()), nil } diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go index 4f6ed61c076..42cae1ccb65 100644 --- a/libcontainer/init_linux.go +++ b/libcontainer/init_linux.go @@ -48,12 +48,15 @@ type network struct { } type mountFds struct { - // Fds to use as source when mounting - // Size should be the same as container mounts, as it will be paired. + // sourceFds are the fds to use as source when mounting. + // The slice size should be the same as container mounts, as it will be + // paired with them. // The value -1 is used when no fd is needed for the mount. // Can't have a valid fd in the same position that other slices in this struct. // We need to use only one of these fds on any single mount. sourceFds []int + // Idem sourceFds, but fds of already created idmap mounts, to use with unix.MoveMount(). + idmapFds []int } // initConfig is used for transferring parameters from Exec() to Init() @@ -142,6 +145,12 @@ func StartInitialization() (retErr error) { return err } + // Get idmap fds. + idmapFds, err := parseFdsFromEnv("_LIBCONTAINER_IDMAP_FDS") + if err != nil { + return err + } + // clear the current process's environment to clean any libcontainer // specific env vars. os.Clearenv() @@ -157,7 +166,7 @@ func StartInitialization() (retErr error) { }() // If init succeeds, it will not return, hence none of the defers will be called. - return containerInit(it, pipe, consoleSocket, fifofd, logPipeFd, mountFds{sourceFds: mountSrcFds}) + return containerInit(it, pipe, consoleSocket, fifofd, logPipeFd, mountFds{sourceFds: mountSrcFds, idmapFds: idmapFds}) } func containerInit(t initType, pipe *os.File, consoleSocket *os.File, fifoFd, logFd int, mountFds mountFds) error { @@ -170,9 +179,9 @@ func containerInit(t initType, pipe *os.File, consoleSocket *os.File, fifoFd, lo } switch t { case initSetns: - // mountFds must be nil in this case. We don't mount while doing runc exec. - if mountFds.sourceFds != nil { - return errors.New("mount source fds must be nil; can't mount from exec") + // mount and idmap fds must be nil in this case. We don't mount while doing runc exec. + if mountFds.sourceFds != nil || mountFds.idmapFds != nil { + return errors.New("mount and idmap fds must be nil; can't mount from exec") } i := &linuxSetnsInit{ diff --git a/libcontainer/message_linux.go b/libcontainer/message_linux.go index 6d1107e875d..17db81a29f3 100644 --- a/libcontainer/message_linux.go +++ b/libcontainer/message_linux.go @@ -22,6 +22,7 @@ const ( UidmapPathAttr uint16 = 27288 GidmapPathAttr uint16 = 27289 MountSourcesAttr uint16 = 27290 + IdmapSourcesAttr uint16 = 27291 ) type Int32msg struct { diff --git a/libcontainer/nsenter/nsexec.c b/libcontainer/nsenter/nsexec.c index 92583a995db..6297276f8b2 100644 --- a/libcontainer/nsenter/nsexec.c +++ b/libcontainer/nsenter/nsexec.c @@ -33,6 +33,9 @@ /* Get all of the CLONE_NEW* flags. */ #include "namespace.h" +/* Get definitions for idmap sources */ +#include "idmap.h" + /* Synchronisation values. */ enum sync_t { SYNC_USERMAP_PLS = 0x40, /* Request parent to map our users. */ @@ -43,6 +46,8 @@ enum sync_t { SYNC_CHILD_FINISH = 0x45, /* The child or grandchild has finished. */ SYNC_MOUNTSOURCES_PLS = 0x46, /* Tell parent to send mount sources by SCM_RIGHTS. */ SYNC_MOUNTSOURCES_ACK = 0x47, /* All mount sources have been sent. */ + SYNC_MOUNT_IDMAP_PLS = 0x48, /* Tell parent to mount idmap sources. */ + SYNC_MOUNT_IDMAP_ACK = 0x49, /* All idmap mounts have been done. */ }; #define STAGE_SETUP -1 @@ -95,6 +100,10 @@ struct nlconfig_t { /* Mount sources opened outside the container userns. */ char *mountsources; size_t mountsources_len; + + /* Idmap sources opened outside the container userns which will be id mapped. */ + char *idmapsources; + size_t idmapsources_len; }; /* @@ -112,6 +121,7 @@ struct nlconfig_t { #define UIDMAPPATH_ATTR 27288 #define GIDMAPPATH_ATTR 27289 #define MOUNT_SOURCES_ATTR 27290 +#define IDMAP_SOURCES_ATTR 27291 /* * Use the raw syscall for versions of glibc which don't include a function for @@ -431,6 +441,10 @@ static void nl_parse(int fd, struct nlconfig_t *config) config->mountsources = current; config->mountsources_len = payload_len; break; + case IDMAP_SOURCES_ATTR: + config->idmapsources = current; + config->idmapsources_len = payload_len; + break; default: bail("unknown netlink message type %d", nlattr->nla_type); } @@ -650,6 +664,83 @@ void try_unshare(int flags, const char *msg) bail("failed to unshare %s", msg); } +void send_idmapsources(int sockfd, pid_t pid, char *idmap_src, int idmap_src_len) +{ + char proc_user_path[PATH_MAX]; + + /* Open the userns fd only once. + * Currently we only support idmap mounts that use the same mapping than + * the userns. This is validated in libcontainer/configs/validate/validator.go, + * so if we reached here, we know the mapping for the idmap is the same + * as the userns. This is why we just open the userns_fd once from the + * PID of the child process that has the userns already applied. + */ + int ret = snprintf(proc_user_path, sizeof(proc_user_path), "/proc/%d/ns/user", pid); + if (ret < 0 || (size_t)ret >= sizeof(proc_user_path)) { + sane_kill(pid, SIGKILL); + bail("failed to create userns path string"); + } + + int userns_fd = open(proc_user_path, O_RDONLY | O_CLOEXEC | O_NOCTTY); + if (userns_fd < 0) { + sane_kill(pid, SIGKILL); + bail("failed to get user namespace fd"); + } + + char *idmap_end = idmap_src + idmap_src_len; + while (idmap_src < idmap_end) { + if (idmap_src[0] == '\0') { + idmap_src++; + continue; + } + + int fd_tree = sys_open_tree(-EBADF, idmap_src, + OPEN_TREE_CLONE | OPEN_TREE_CLOEXEC | + AT_SYMLINK_NOFOLLOW | AT_NO_AUTOMOUNT); + if (fd_tree < 0) { + sane_kill(pid, SIGKILL); + if (errno == EINVAL) + bail("failed to use open_tree(2) with path: %s, the kernel doesn't supports ID-mapped mounts", idmap_src); + else + bail("failed to use open_tree(2) with path: %s", idmap_src); + } + + struct mount_attr attr = { + .attr_set = MOUNT_ATTR_IDMAP, + .userns_fd = userns_fd, + }; + + ret = sys_mount_setattr(fd_tree, "", AT_EMPTY_PATH, &attr, sizeof(attr)); + if (ret < 0) { + sane_kill(pid, SIGKILL); + if (errno == EINVAL) + bail("failed to change mount attributes, maybe the filesystem doesn't supports ID-mapped mounts"); + else + bail("failed to change mount attributes"); + } + + write_log(DEBUG, "~> sending idmap source: %s with mapping from: %s", idmap_src, proc_user_path); + send_fd(sockfd, fd_tree); + + if (close(fd_tree) < 0) { + sane_kill(pid, SIGKILL); + bail("error closing fd_tree"); + } + + idmap_src += strlen(idmap_src) + 1; + } + + if (close(userns_fd) < 0) { + sane_kill(pid, SIGKILL); + bail("error closing userns fd"); + } +} + +void receive_idmapsources(int sockfd) +{ + receive_fd_sources(sockfd, "_LIBCONTAINER_IDMAP_FDS"); +} + void nsexec(void) { int pipenum; @@ -891,6 +982,17 @@ void nsexec(void) sane_kill(stage1_pid, SIGKILL); bail("failed to sync with child: write(SYNC_MOUNTSOURCES_ACK)"); } + break; + case SYNC_MOUNT_IDMAP_PLS: + write_log(DEBUG, "stage-1 requested to open idmap sources"); + send_idmapsources(syncfd, stage1_pid, config.idmapsources, + config.idmapsources_len); + s = SYNC_MOUNT_IDMAP_ACK; + if (write(syncfd, &s, sizeof(s)) != sizeof(s)) { + sane_kill(stage1_pid, SIGKILL); + bail("failed to sync with child: write(SYNC_MOUNT_IDMAP_ACK)"); + } + break; case SYNC_CHILD_FINISH: write_log(DEBUG, "stage-1 complete"); @@ -1062,6 +1164,21 @@ void nsexec(void) bail("failed to sync with parent: SYNC_MOUNTSOURCES_ACK: got %u", s); } + if (config.idmapsources) { + write_log(DEBUG, "request stage-0 to send idmap sources"); + s = SYNC_MOUNT_IDMAP_PLS; + if (write(syncfd, &s, sizeof(s)) != sizeof(s)) + bail("failed to sync with parent: write(SYNC_MOUNT_IDMAP_PLS)"); + + /* Receive and install all idmap fds. */ + receive_idmapsources(syncfd); + + if (read(syncfd, &s, sizeof(s)) != sizeof(s)) + bail("failed to sync with parent: read(SYNC_MOUNT_IDMAP_ACK)"); + if (s != SYNC_MOUNT_IDMAP_ACK) + bail("failed to sync with parent: SYNC_MOUNT_IDMAP_ACK: got %u", s); + } + /* * TODO: What about non-namespace clone flags that we're dropping here? * diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index 9622798f0fd..edd3abd3c82 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -40,7 +40,8 @@ type mountConfig struct { // mountEntry contains mount data specific to a mount point. type mountEntry struct { *configs.Mount - srcFD string + srcFD string + idmapFD int } func (m *mountEntry) src() string { @@ -73,6 +74,10 @@ func prepareRootfs(pipe io.ReadWriter, iConfig *initConfig, mountFds mountFds) ( return fmt.Errorf("malformed mountFds slice. Expected size: %v, got: %v", len(config.Mounts), len(mountFds.sourceFds)) } + if mountFds.idmapFds != nil && len(mountFds.idmapFds) != len(config.Mounts) { + return fmt.Errorf("malformed idmapFds slice: expected size: %v, got: %v", len(config.Mounts), len(mountFds.idmapFds)) + } + mountConfig := &mountConfig{ root: config.Rootfs, label: config.MountLabel, @@ -81,13 +86,22 @@ func prepareRootfs(pipe io.ReadWriter, iConfig *initConfig, mountFds mountFds) ( cgroupns: config.Namespaces.Contains(configs.NEWCGROUP), } for i, m := range config.Mounts { - entry := mountEntry{Mount: m} + entry := mountEntry{Mount: m, idmapFD: -1} // Just before the loop we checked that if not empty, len(mountFds) == len(config.Mounts). // Therefore, we can access mountFds[i] without any concerns. if mountFds.sourceFds != nil && mountFds.sourceFds[i] != -1 { entry.srcFD = "/proc/self/fd/" + strconv.Itoa(mountFds.sourceFds[i]) } + // We validated before we can access idmapFds[i]. + if mountFds.idmapFds != nil && mountFds.idmapFds[i] != -1 { + entry.idmapFD = mountFds.idmapFds[i] + } + + if entry.idmapFD != -1 && entry.srcFD != "" { + return fmt.Errorf("malformed mountFds and idmapFds slice, entry: %v has fds in both slices", i) + } + if err := mountToRootfs(mountConfig, entry); err != nil { return fmt.Errorf("error mounting %q to rootfs at %q: %w", m.Source, m.Destination, err) } @@ -466,8 +480,35 @@ func mountToRootfs(c *mountConfig, m mountEntry) error { if err := prepareBindMount(m, rootfs); err != nil { return err } - if err := mountPropagate(m, rootfs, mountLabel); err != nil { - return err + + if m.IsBind() && m.IsIDMapped() { + if m.idmapFD == -1 { + return fmt.Errorf("error creating mount %+v: idmapFD is invalid, should point to a valid fd", m) + } + if err := unix.MoveMount(m.idmapFD, "", -1, dest, unix.MOVE_MOUNT_F_EMPTY_PATH); err != nil { + return fmt.Errorf("error on unix.MoveMount %+v: %w", m, err) + } + + // In nsexec.c, we did not set the propagation field of mount_attr struct. + // So, let's deal with these flags right now! + if err := utils.WithProcfd(rootfs, dest, func(dstFD string) error { + for _, pflag := range m.PropagationFlags { + // When using mount for setting propagations flags, the source, file + // system type and data arguments are ignored: + // https://man7.org/linux/man-pages/man2/mount.2.html + // We also ignore procfd because we want to act on dest. + if err := mountViaFDs("", "", dest, dstFD, "", uintptr(pflag), ""); err != nil { + return err + } + } + return nil + }); err != nil { + return fmt.Errorf("change mount propagation through procfd: %w", err) + } + } else { + if err := mountPropagate(m, rootfs, mountLabel); err != nil { + return err + } } // bind mount won't change mount options, we need remount to make mount options effective. // first check that we have non-default options required before attempting a remount diff --git a/libcontainer/standard_init_linux.go b/libcontainer/standard_init_linux.go index b22b37ecdd6..f3d04282362 100644 --- a/libcontainer/standard_init_linux.go +++ b/libcontainer/standard_init_linux.go @@ -86,15 +86,14 @@ func (l *linuxStandardInit) Init() error { // initialises the labeling system selinux.GetEnabled() - // We don't need the mountFds.SourceFds after prepareRootfs() nor if it fails. + // We don't need the mount nor idmap fds after prepareRootfs() nor if it fails. err := prepareRootfs(l.pipe, l.config, l.mountFds) - for _, m := range l.mountFds.sourceFds { + for _, m := range append(l.mountFds.sourceFds, l.mountFds.idmapFds...) { if m == -1 { continue } - if err := unix.Close(m); err != nil { - return fmt.Errorf("unable to close mount sourceFds: %w", err) + return fmt.Errorf("unable to close mountFds fds: %w", err) } } From b460dc39b7c9113db60cf81bb9edf77d523c5be0 Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Fri, 10 Feb 2023 15:54:05 +0100 Subject: [PATCH 0303/1176] tests/integration: Add tests for idmap mounts Co-authored-by: Francis Laniel Signed-off-by: Rodrigo Campos --- .gitignore | 1 + Makefile | 7 +- contrib/cmd/fs-idmap/fs-idmap.go | 50 ++++++++++ tests/integration/helpers.bash | 40 ++++++++ tests/integration/idmap.bats | 160 +++++++++++++++++++++++++++++++ 5 files changed, 255 insertions(+), 3 deletions(-) create mode 100644 contrib/cmd/fs-idmap/fs-idmap.go create mode 100644 tests/integration/idmap.bats diff --git a/.gitignore b/.gitignore index 76aefa1e233..4df0d6abfde 100644 --- a/.gitignore +++ b/.gitignore @@ -4,6 +4,7 @@ vendor/pkg contrib/cmd/recvtty/recvtty contrib/cmd/sd-helper/sd-helper contrib/cmd/seccompagent/seccompagent +contrib/cmd/fs-idmap/fs-idmap man/man8 release Vagrantfile diff --git a/Makefile b/Makefile index 00c8d71ab68..c72dd2f414d 100644 --- a/Makefile +++ b/Makefile @@ -60,9 +60,9 @@ endif runc: $(GO_BUILD) -o runc . -all: runc recvtty sd-helper seccompagent +all: runc recvtty sd-helper seccompagent fs-idmap -recvtty sd-helper seccompagent: +recvtty sd-helper seccompagent fs-idmap: $(GO_BUILD) -o contrib/cmd/$@/$@ ./contrib/cmd/$@ static: @@ -151,6 +151,7 @@ clean: rm -f contrib/cmd/recvtty/recvtty rm -f contrib/cmd/sd-helper/sd-helper rm -f contrib/cmd/seccompagent/seccompagent + rm -f contrib/cmd/fs-idmap/fs-idmap rm -rf release rm -rf man/man8 @@ -191,7 +192,7 @@ verify-dependencies: vendor validate-keyring: script/keyring_validate.sh -.PHONY: runc all recvtty sd-helper seccompagent static releaseall release \ +.PHONY: runc all recvtty sd-helper seccompagent fs-idmap static releaseall release \ localrelease dbuild lint man runcimage \ test localtest unittest localunittest integration localintegration \ rootlessintegration localrootlessintegration shell install install-bash \ diff --git a/contrib/cmd/fs-idmap/fs-idmap.go b/contrib/cmd/fs-idmap/fs-idmap.go new file mode 100644 index 00000000000..b48114dfe03 --- /dev/null +++ b/contrib/cmd/fs-idmap/fs-idmap.go @@ -0,0 +1,50 @@ +package main + +import ( + "fmt" + "log" + "os" + "os/exec" + "syscall" + + "golang.org/x/sys/unix" +) + +func main() { + if len(os.Args) < 2 { + log.Fatalf("usage: %s path_to_mount_set_attr", os.Args[0]) + } + + src := os.Args[1] + treeFD, err := unix.OpenTree(-1, src, uint(unix.OPEN_TREE_CLONE|unix.OPEN_TREE_CLOEXEC|unix.AT_EMPTY_PATH|unix.AT_RECURSIVE)) + if err != nil { + log.Fatalf("error calling open_tree %q: %v", src, err) + } + defer unix.Close(treeFD) + + cmd := exec.Command("/usr/bin/sleep", "5") + cmd.SysProcAttr = &syscall.SysProcAttr{ + Cloneflags: syscall.CLONE_NEWUSER, + UidMappings: []syscall.SysProcIDMap{{ContainerID: 0, HostID: 65536, Size: 65536}}, + GidMappings: []syscall.SysProcIDMap{{ContainerID: 0, HostID: 65536, Size: 65536}}, + } + if err := cmd.Start(); err != nil { + log.Fatalf("failed to run the helper binary: %v", err) + } + + path := fmt.Sprintf("/proc/%d/ns/user", cmd.Process.Pid) + var userNsFile *os.File + if userNsFile, err = os.Open(path); err != nil { + log.Fatalf("unable to get user ns file descriptor: %v", err) + return + } + defer userNsFile.Close() + + attr := unix.MountAttr{ + Attr_set: unix.MOUNT_ATTR_IDMAP, + Userns_fd: uint64(userNsFile.Fd()), + } + if err := unix.MountSetattr(treeFD, "", unix.AT_EMPTY_PATH|unix.AT_RECURSIVE, &attr); err != nil { + log.Fatalf("error calling mount_setattr: %v", err) + } +} diff --git a/tests/integration/helpers.bash b/tests/integration/helpers.bash index 4998390e2ee..d4494bea045 100644 --- a/tests/integration/helpers.bash +++ b/tests/integration/helpers.bash @@ -16,6 +16,7 @@ unset IMAGES RECVTTY="${INTEGRATION_ROOT}/../../contrib/cmd/recvtty/recvtty" SD_HELPER="${INTEGRATION_ROOT}/../../contrib/cmd/sd-helper/sd-helper" SECCOMP_AGENT="${INTEGRATION_ROOT}/../../contrib/cmd/seccompagent/seccompagent" +FS_IDMAP="${INTEGRATION_ROOT}/../../contrib/cmd/fs-idmap/fs-idmap" # Some variables may not always be set. Set those to empty value, # if unset, to avoid "unbound variable" error. @@ -622,3 +623,42 @@ function requires_kernel() { skip "requires kernel $1" fi } + +function requires_idmap_fs() { + local fs + fs=$1 + + # We need to "|| true" it to avoid CI failure as this binary may return with + # something different than 0. + stderr=$($FS_IDMAP "$fs" 2>&1 >/dev/null || true) + + case $stderr in + *invalid\ argument) + skip "$fs underlying file system does not support ID map mounts" + ;; + *operation\ not\ permitted) + if uname -r | grep -q el9; then + # centos kernel 5.14.0-200 does not permit using ID map mounts due to a + # specific patch added to their sources: + # https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/merge_requests/131 + # + # There doesn't seem to be any technical reason behind + # it, none was provided in numerous examples, like: + # https://lore.kernel.org/lkml/20210213130042.828076-1-christian.brauner@ubuntu.com/T/#m3a9df31aa183e8797c70bc193040adfd601399ad + # https://lore.kernel.org/lkml/20210213130042.828076-1-christian.brauner@ubuntu.com/T/#m59cdad9630d5a279aeecd0c1f117115144bc15eb + # https://lore.kernel.org/lkml/m1r1ifzf8x.fsf@fess.ebiederm.org + # https://lore.kernel.org/lkml/20210510125147.tkgeurcindldiwxg@wittgenstein + # + # So, sadly we just need to skip this on centos. + # + # TODO Nonetheless, there are ongoing works to revert the patch + # deactivating ID map mounts: + # https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/merge_requests/2179/diffs?commit_id=06f4fe946394cb94d2cf274aa7f3091d8f8469dc + # Once this patch is merge, we should be able to remove the below skip + # if the revert is backported or if CI centos kernel is upgraded. + skip "sadly, centos kernel 5.14 does not permit using ID map mounts" + fi + ;; + esac + # If we have another error, the integration test will fail and report it. +} diff --git a/tests/integration/idmap.bats b/tests/integration/idmap.bats new file mode 100644 index 00000000000..375191bf705 --- /dev/null +++ b/tests/integration/idmap.bats @@ -0,0 +1,160 @@ +#!/usr/bin/env bats + +load helpers + +function setup() { + requires root + requires_kernel 5.12 + requires_idmap_fs /tmp + + setup_debian + + # Prepare source folders for bind mount + mkdir -p source-{1,2}/ + touch source-{1,2}/foo.txt + + # Use other owner for source-2 + chown 1:1 source-2/foo.txt + + mkdir -p rootfs/{proc,sys,tmp} + mkdir -p rootfs/tmp/mount-{1,2} + mkdir -p rootfs/mnt/bind-mount-{1,2} + + update_config ' .linux.namespaces += [{"type": "user"}] + | .linux.uidMappings += [{"hostID": 100000, "containerID": 0, "size": 65536}] + | .linux.gidMappings += [{"hostID": 100000, "containerID": 0, "size": 65536}] + | .process.args += ["-c", "stat -c =%u=%g= /tmp/mount-1/foo.txt"] + | .mounts += [ + { + "source": "source-1/", + "destination": "/tmp/mount-1", + "options": ["bind"], + "uidMappings": [ { + "containerID": 0, + "hostID": 100000, + "size": 65536 + } + ], + "gidMappings": [ { + "containerID": 0, + "hostID": 100000, + "size": 65536 + } + ] + } + ] ' +} + +function teardown() { + teardown_bundle +} + +@test "simple idmap mount" { + runc run test_debian + [ "$status" -eq 0 ] + [[ "$output" == *"=0=0="* ]] +} + +@test "write to an idmap mount" { + update_config ' .process.args = ["sh", "-c", "touch /tmp/mount-1/bar && stat -c =%u=%g= /tmp/mount-1/bar"]' + runc run test_debian + [ "$status" -eq 0 ] + [[ "$output" == *"=0=0="* ]] +} + +@test "idmap mount with propagation flag" { + update_config ' .process.args = ["sh", "-c", "findmnt -o PROPAGATION /tmp/mount-1"]' + # Add the shared option to the idmap mount + update_config ' .mounts |= map((select(.source == "source-1/") | .options += ["shared"]) // .)' + + runc run test_debian + [ "$status" -eq 0 ] + [[ "$output" == *"shared"* ]] +} + +@test "idmap mount with bind mount" { + update_config ' .mounts += [ + { + "source": "source-2/", + "destination": "/tmp/mount-2", + "options": ["bind"] + } + ] ' + + runc run test_debian + [ "$status" -eq 0 ] + [[ "$output" == *"=0=0="* ]] +} + +@test "two idmap mounts with two bind mounts" { + update_config ' .process.args = ["sh", "-c", "stat -c =%u=%g= /tmp/mount-1/foo.txt /tmp/mount-2/foo.txt"] + | .mounts += [ + { + "source": "source-1/", + "destination": "/mnt/bind-mount-1", + "options": ["bind"] + }, + { + "source": "source-2/", + "destination": "/mnt/bind-mount-2", + "options": ["bind"] + }, + { + "source": "source-2/", + "destination": "/tmp/mount-2", + "options": ["bind"], + "uidMappings": [ { + "containerID": 0, + "hostID": 100000, + "size": 65536 + } + ], + "gidMappings": [ { + "containerID": 0, + "hostID": 100000, + "size": 65536 + } + ] + } + ] ' + + runc run test_debian + [ "$status" -eq 0 ] + [[ "$output" == *"=0=0="* ]] + # source-2/ is owned by 1:1, so we expect this with the idmap mount too. + [[ "$output" == *"=1=1="* ]] +} + +@test "idmap mount without gidMappings fails" { + update_config ' .mounts |= map((select(.source == "source-1/") | del(.gidMappings) ) // .)' + + runc run test_debian + [ "$status" -eq 1 ] + [[ "${output}" == *"invalid mount"* ]] +} + +@test "idmap mount without uidMappings fails" { + update_config ' .mounts |= map((select(.source == "source-1/") | del(.uidMappings) ) // .)' + + runc run test_debian + [ "$status" -eq 1 ] + [[ "${output}" == *"invalid mount"* ]] +} + +@test "idmap mount without bind fails" { + update_config ' .mounts |= map((select(.source == "source-1/") | .options = [""]) // .)' + + runc run test_debian + [ "$status" -eq 1 ] + [[ "${output}" == *"invalid mount"* ]] +} + +@test "idmap mount with different mapping than userns fails" { + # Let's modify the containerID to be 1, instead of 0 as it is in the + # userns config. + update_config ' .mounts |= map((select(.source == "source-1/") | .uidMappings[0]["containerID"] = 1 ) // .)' + + runc run test_debian + [ "$status" -eq 1 ] + [[ "${output}" == *"invalid mount"* ]] +} From 867ee905345bcf53cb9801903225a3431aa03f75 Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Fri, 24 Feb 2023 14:35:34 +0100 Subject: [PATCH 0304/1176] docs: Update spec conformance for idmap mounts Signed-off-by: Rodrigo Campos --- docs/spec-conformance.md | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/docs/spec-conformance.md b/docs/spec-conformance.md index 10496703ba1..cff0d38c913 100644 --- a/docs/spec-conformance.md +++ b/docs/spec-conformance.md @@ -11,10 +11,15 @@ v1.0.0 | `SCMP_ARCH_PARISC` | Unplanned, due to lack v1.0.0 | `SCMP_ARCH_PARISC64` | Unplanned, due to lack of users v1.0.2 | `.linux.personality` | [#3126](https://github.com/opencontainers/runc/pull/3126) v1.1.0-rc.1 | `.linux.resources.cpu.burst` | [#3749](https://github.com/opencontainers/runc/pull/3749) -v1.1.0-rc.1 | `.[]mounts.uidMappings` | [#3717](https://github.com/opencontainers/runc/pull/3717) -v1.1.0-rc.1 | `.[]mounts.gidMappings` | [#3717](https://github.com/opencontainers/runc/pull/3717) v1.1.0-rc.1 | `SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV` | [#3862](https://github.com/opencontainers/runc/pull/3862) v1.1.0-rc.2 | time namespaces | [#3876](https://github.com/opencontainers/runc/pull/3876) v1.1.0-rc.2 | rsvd hugetlb cgroup | TODO ([#3859](https://github.com/opencontainers/runc/issues/3859)) v1.1.0-rc.3 | `.process.scheduler` | TODO ([#3895](https://github.com/opencontainers/runc/issues/3895)) v1.1.0-rc.3 | `.process.ioPriority` | [#3783](https://github.com/opencontainers/runc/pull/3783) + + +The following features are implemented with some limitations: +Spec version | Feature | Limitation +-------------|------------------------------------------|---------------------------------------------------------- +v1.1.0-rc.1 | `.[]mounts.uidMappings` | Requires using UserNS with identical uidMappings +v1.1.0-rc.1 | `.[]mounts.gidMappings` | Requires using UserNS with identical gidMappings From 19f76b66c12e35539281032c34c835ca1ba18d10 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 11 Apr 2023 18:25:25 -0700 Subject: [PATCH 0305/1176] tests/int/ps: enable for rootless runc ps requires cgroup, but all the tests but one required root. Let's fix this. 1. Add rootless cgroup requirement to setup() to avoid repetition. 2. Add set_cgroups_path to setup() for rootless containers because there is no default cgroup path. 3. Modify output checks to use $output rather than $lines because in case of rootless the first line of output contains the following warning: > runc ps may fail if you don't have the full access to cgroups 4. While at it, move the common part of every test (creating the container and making sure it's running) to setup(). Signed-off-by: Kir Kolyshkin --- tests/integration/ps.bats | 61 ++++++++++----------------------------- 1 file changed, 15 insertions(+), 46 deletions(-) diff --git a/tests/integration/ps.bats b/tests/integration/ps.bats index 0d96cb250c7..b63260f83ca 100644 --- a/tests/integration/ps.bats +++ b/tests/integration/ps.bats @@ -3,7 +3,17 @@ load helpers function setup() { + # ps requires cgroups + [ $EUID -ne 0 ] && requires rootless_cgroup + setup_busybox + + # Rootless does not have default cgroup path. + [ $EUID -ne 0 ] && set_cgroups_path + + runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox + [ "$status" -eq 0 ] + testcontainer test_busybox running } function teardown() { @@ -11,67 +21,26 @@ function teardown() { } @test "ps" { - # ps is not supported, it requires cgroups - requires root - - # start busybox detached - runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox - [ "$status" -eq 0 ] - - # check state - testcontainer test_busybox running - runc ps test_busybox [ "$status" -eq 0 ] - [[ ${lines[0]} =~ UID\ +PID\ +PPID\ +C\ +STIME\ +TTY\ +TIME\ +CMD+ ]] - [[ "${lines[1]}" == *"$(id -un 2>/dev/null)"*[0-9]* ]] + [[ "$output" =~ UID\ +PID\ +PPID\ +C\ +STIME\ +TTY\ +TIME\ +CMD+ ]] + [[ "$output" == *"$(id -un 2>/dev/null)"*[0-9]* ]] } @test "ps -f json" { - # ps is not supported, it requires cgroups - requires root - - # start busybox detached - runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox - [ "$status" -eq 0 ] - - # check state - testcontainer test_busybox running - runc ps -f json test_busybox [ "$status" -eq 0 ] - [[ ${lines[0]} =~ [0-9]+ ]] + [[ "$output" =~ [0-9]+ ]] } @test "ps -e -x" { - # ps is not supported, it requires cgroups - requires root - - # start busybox detached - runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox - [ "$status" -eq 0 ] - - # check state - testcontainer test_busybox running - runc ps test_busybox -e -x [ "$status" -eq 0 ] - [[ ${lines[0]} =~ \ +PID\ +TTY\ +STAT\ +TIME\ +COMMAND+ ]] - [[ "${lines[1]}" =~ [0-9]+ ]] + [[ "$output" =~ \ +PID\ +TTY\ +STAT\ +TIME\ +COMMAND+ ]] + [[ "$output" =~ [0-9]+ ]] } @test "ps after the container stopped" { - # ps requires cgroups - [ $EUID -ne 0 ] && requires rootless_cgroup - set_cgroups_path - - # start busybox detached - runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox - [ "$status" -eq 0 ] - - # check state - testcontainer test_busybox running - runc ps test_busybox [ "$status" -eq 0 ] From f92057aa1e92874b332f34065d540095f3302ca2 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 17 Apr 2023 10:41:06 -0700 Subject: [PATCH 0306/1176] tests/int: update set_cgroups_path doc Signed-off-by: Kir Kolyshkin --- tests/integration/helpers.bash | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/tests/integration/helpers.bash b/tests/integration/helpers.bash index b5f2158f1f6..e1ce4214418 100755 --- a/tests/integration/helpers.bash +++ b/tests/integration/helpers.bash @@ -184,7 +184,12 @@ function set_parent_systemd_properties() { } # Randomize cgroup path(s), and update cgroupsPath in config.json. -# This function sets a few cgroup-related variables. +# This function also sets a few cgroup-related variables that are used +# by other cgroup-related functions. +# +# If this function is not called (and cgroupsPath is not set in config), +# runc uses default container's cgroup path derived from the container's name +# (except for rootless containers, that have no default cgroup path). # # Optional parameter $1 is a pod/parent name. If set, a parent/pod cgroup is # created, and variables $REL_PARENT_PATH and $SD_PARENT_NAME can be used to From c47f58c4e9a6b5a4cb36bb953ae24ef6e81b38f0 Mon Sep 17 00:00:00 2001 From: Francis Laniel Date: Tue, 18 Jul 2023 10:38:47 +0200 Subject: [PATCH 0307/1176] Capitalize [UG]idMappings as [UG]IDMappings Signed-off-by: Francis Laniel --- libcontainer/README.md | 4 +-- libcontainer/configs/config.go | 8 ++--- libcontainer/configs/config_linux.go | 8 ++--- libcontainer/configs/config_linux_test.go | 4 +-- libcontainer/configs/validate/rootless.go | 8 ++--- .../configs/validate/rootless_test.go | 26 +++++++------- libcontainer/configs/validate/validator.go | 8 ++--- .../configs/validate/validator_test.go | 34 +++++++++---------- libcontainer/container_linux.go | 10 +++--- libcontainer/integration/exec_test.go | 4 +-- libcontainer/integration/template_test.go | 4 +-- libcontainer/specconv/spec_linux.go | 4 +-- 12 files changed, 61 insertions(+), 61 deletions(-) diff --git a/libcontainer/README.md b/libcontainer/README.md index 26f7b25c2ee..303dd6125aa 100644 --- a/libcontainer/README.md +++ b/libcontainer/README.md @@ -184,14 +184,14 @@ config := &configs.Config{ Flags: defaultMountFlags | unix.MS_RDONLY, }, }, - UidMappings: []configs.IDMap{ + UIDMappings: []configs.IDMap{ { ContainerID: 0, HostID: 1000, Size: 65536, }, }, - GidMappings: []configs.IDMap{ + GIDMappings: []configs.IDMap{ { ContainerID: 0, HostID: 1000, diff --git a/libcontainer/configs/config.go b/libcontainer/configs/config.go index d43ea7860a2..576db59523e 100644 --- a/libcontainer/configs/config.go +++ b/libcontainer/configs/config.go @@ -159,11 +159,11 @@ type Config struct { // More information about kernel oom score calculation here: https://lwn.net/Articles/317814/ OomScoreAdj *int `json:"oom_score_adj,omitempty"` - // UidMappings is an array of User ID mappings for User Namespaces - UidMappings []IDMap `json:"uid_mappings"` + // UIDMappings is an array of User ID mappings for User Namespaces + UIDMappings []IDMap `json:"uid_mappings"` - // GidMappings is an array of Group ID mappings for User Namespaces - GidMappings []IDMap `json:"gid_mappings"` + // GIDMappings is an array of Group ID mappings for User Namespaces + GIDMappings []IDMap `json:"gid_mappings"` // MaskPaths specifies paths within the container's rootfs to mask over with a bind // mount pointing to /dev/null as to prevent reads of the file. diff --git a/libcontainer/configs/config_linux.go b/libcontainer/configs/config_linux.go index 8c02848b70a..41a365612a3 100644 --- a/libcontainer/configs/config_linux.go +++ b/libcontainer/configs/config_linux.go @@ -13,10 +13,10 @@ var ( // different when user namespaces are enabled. func (c Config) HostUID(containerId int) (int, error) { if c.Namespaces.Contains(NEWUSER) { - if c.UidMappings == nil { + if c.UIDMappings == nil { return -1, errNoUIDMap } - id, found := c.hostIDFromMapping(containerId, c.UidMappings) + id, found := c.hostIDFromMapping(containerId, c.UIDMappings) if !found { return -1, errNoUserMap } @@ -36,10 +36,10 @@ func (c Config) HostRootUID() (int, error) { // different when user namespaces are enabled. func (c Config) HostGID(containerId int) (int, error) { if c.Namespaces.Contains(NEWUSER) { - if c.GidMappings == nil { + if c.GIDMappings == nil { return -1, errNoGIDMap } - id, found := c.hostIDFromMapping(containerId, c.GidMappings) + id, found := c.hostIDFromMapping(containerId, c.GIDMappings) if !found { return -1, errNoGroupMap } diff --git a/libcontainer/configs/config_linux_test.go b/libcontainer/configs/config_linux_test.go index 68d33e61a22..b94ffaed2c1 100644 --- a/libcontainer/configs/config_linux_test.go +++ b/libcontainer/configs/config_linux_test.go @@ -34,7 +34,7 @@ func TestHostRootUIDNoUSERNS(t *testing.T) { func TestHostRootUIDWithUSERNS(t *testing.T) { config := &Config{ Namespaces: Namespaces{{Type: NEWUSER}}, - UidMappings: []IDMap{ + UIDMappings: []IDMap{ { ContainerID: 0, HostID: 1000, @@ -67,7 +67,7 @@ func TestHostRootGIDNoUSERNS(t *testing.T) { func TestHostRootGIDWithUSERNS(t *testing.T) { config := &Config{ Namespaces: Namespaces{{Type: NEWUSER}}, - GidMappings: []IDMap{ + GIDMappings: []IDMap{ { ContainerID: 0, HostID: 1000, diff --git a/libcontainer/configs/validate/rootless.go b/libcontainer/configs/validate/rootless.go index 99ab3f8f389..6d32704a32a 100644 --- a/libcontainer/configs/validate/rootless.go +++ b/libcontainer/configs/validate/rootless.go @@ -42,10 +42,10 @@ func rootlessEUIDMappings(config *configs.Config) error { return errors.New("rootless container requires user namespaces") } - if len(config.UidMappings) == 0 { + if len(config.UIDMappings) == 0 { return errors.New("rootless containers requires at least one UID mapping") } - if len(config.GidMappings) == 0 { + if len(config.GIDMappings) == 0 { return errors.New("rootless containers requires at least one GID mapping") } return nil @@ -68,7 +68,7 @@ func rootlessEUIDMount(config *configs.Config) error { // Ignore unknown mount options. continue } - if !hasIDMapping(uid, config.UidMappings) { + if !hasIDMapping(uid, config.UIDMappings) { return errors.New("cannot specify uid= mount options for unmapped uid in rootless containers") } } @@ -79,7 +79,7 @@ func rootlessEUIDMount(config *configs.Config) error { // Ignore unknown mount options. continue } - if !hasIDMapping(gid, config.GidMappings) { + if !hasIDMapping(gid, config.GIDMappings) { return errors.New("cannot specify gid= mount options for unmapped gid in rootless containers") } } diff --git a/libcontainer/configs/validate/rootless_test.go b/libcontainer/configs/validate/rootless_test.go index 0e8df6eb297..7b088739910 100644 --- a/libcontainer/configs/validate/rootless_test.go +++ b/libcontainer/configs/validate/rootless_test.go @@ -16,14 +16,14 @@ func rootlessEUIDConfig() *configs.Config { {Type: configs.NEWUSER}, }, ), - UidMappings: []configs.IDMap{ + UIDMappings: []configs.IDMap{ { HostID: 1337, ContainerID: 0, Size: 1, }, }, - GidMappings: []configs.IDMap{ + GIDMappings: []configs.IDMap{ { HostID: 7331, ContainerID: 0, @@ -52,7 +52,7 @@ func TestValidateRootlessEUIDUserns(t *testing.T) { func TestValidateRootlessEUIDMappingUid(t *testing.T) { config := rootlessEUIDConfig() - config.UidMappings = nil + config.UIDMappings = nil if err := Validate(config); err == nil { t.Errorf("Expected error to occur if no uid mappings provided") } @@ -60,7 +60,7 @@ func TestValidateRootlessEUIDMappingUid(t *testing.T) { func TestValidateNonZeroEUIDMappingGid(t *testing.T) { config := rootlessEUIDConfig() - config.GidMappings = nil + config.GIDMappings = nil if err := Validate(config); err == nil { t.Errorf("Expected error to occur if no gid mappings provided") } @@ -93,15 +93,15 @@ func TestValidateRootlessEUIDMountUid(t *testing.T) { } config.Mounts[0].Data = "uid=2" - config.UidMappings[0].Size = 10 + config.UIDMappings[0].Size = 10 if err := Validate(config); err != nil { - t.Errorf("Expected error to not occur when setting uid=2 in mount options and UidMapping[0].size is 10") + t.Errorf("Expected error to not occur when setting uid=2 in mount options and UIDMappings[0].size is 10") } config.Mounts[0].Data = "uid=20" - config.UidMappings[0].Size = 10 + config.UIDMappings[0].Size = 10 if err := Validate(config); err == nil { - t.Errorf("Expected error to occur when setting uid=20 in mount options and UidMapping[0].size is 10") + t.Errorf("Expected error to occur when setting uid=20 in mount options and UIDMappings[0].size is 10") } } @@ -130,21 +130,21 @@ func TestValidateRootlessEUIDMountGid(t *testing.T) { } config.Mounts[0].Data = "gid=5" - config.GidMappings[0].Size = 10 + config.GIDMappings[0].Size = 10 if err := Validate(config); err != nil { - t.Errorf("Expected error to not occur when setting gid=5 in mount options and GidMapping[0].size is 10") + t.Errorf("Expected error to not occur when setting gid=5 in mount options and GIDMappings[0].size is 10") } config.Mounts[0].Data = "gid=11" - config.GidMappings[0].Size = 10 + config.GIDMappings[0].Size = 10 if err := Validate(config); err == nil { - t.Errorf("Expected error to occur when setting gid=11 in mount options and GidMapping[0].size is 10") + t.Errorf("Expected error to occur when setting gid=11 in mount options and GIDMappings[0].size is 10") } } func BenchmarkRootlessEUIDMount(b *testing.B) { config := rootlessEUIDConfig() - config.GidMappings[0].Size = 10 + config.GIDMappings[0].Size = 10 config.Mounts = []*configs.Mount{ { Source: "devpts", diff --git a/libcontainer/configs/validate/validator.go b/libcontainer/configs/validate/validator.go index 5f065a38408..196b431dba1 100644 --- a/libcontainer/configs/validate/validator.go +++ b/libcontainer/configs/validate/validator.go @@ -95,7 +95,7 @@ func namespaces(config *configs.Config) error { return errors.New("USER namespaces aren't enabled in the kernel") } } else { - if config.UidMappings != nil || config.GidMappings != nil { + if config.UIDMappings != nil || config.GIDMappings != nil { return errors.New("User namespace mappings specified, but USER namespace isn't enabled in the config") } } @@ -264,13 +264,13 @@ func checkIDMapMounts(config *configs.Config, m *configs.Mount) error { if config.RootlessEUID { return fmt.Errorf("gidMappings/uidMappings is not supported when runc is being launched with EUID != 0, needs CAP_SYS_ADMIN on the runc parent's user namespace") } - if len(config.UidMappings) == 0 || len(config.GidMappings) == 0 { + if len(config.UIDMappings) == 0 || len(config.GIDMappings) == 0 { return fmt.Errorf("not yet supported to use gidMappings/uidMappings in a mount without also using a user namespace") } - if !sameMapping(config.UidMappings, m.UIDMappings) { + if !sameMapping(config.UIDMappings, m.UIDMappings) { return fmt.Errorf("not yet supported for the mount uidMappings to be different than user namespace uidMapping") } - if !sameMapping(config.GidMappings, m.GIDMappings) { + if !sameMapping(config.GIDMappings, m.GIDMappings) { return fmt.Errorf("not yet supported for the mount gidMappings to be different than user namespace gidMapping") } if !filepath.IsAbs(m.Source) { diff --git a/libcontainer/configs/validate/validator_test.go b/libcontainer/configs/validate/validator_test.go index fc92a7bb813..58aae7a68f8 100644 --- a/libcontainer/configs/validate/validator_test.go +++ b/libcontainer/configs/validate/validator_test.go @@ -192,7 +192,7 @@ func TestValidateUsernamespaceWithoutUserNS(t *testing.T) { uidMap := configs.IDMap{ContainerID: 123} config := &configs.Config{ Rootfs: "/var", - UidMappings: []configs.IDMap{uidMap}, + UIDMappings: []configs.IDMap{uidMap}, } err := Validate(config) @@ -405,8 +405,8 @@ func TestValidateIDMapMounts(t *testing.T) { name: "idmap mount without bind opt specified", isErr: true, config: &configs.Config{ - UidMappings: mapping, - GidMappings: mapping, + UIDMappings: mapping, + GIDMappings: mapping, Mounts: []*configs.Mount{ { Source: "/abs/path/", @@ -422,8 +422,8 @@ func TestValidateIDMapMounts(t *testing.T) { isErr: true, config: &configs.Config{ RootlessEUID: true, - UidMappings: mapping, - GidMappings: mapping, + UIDMappings: mapping, + GIDMappings: mapping, Mounts: []*configs.Mount{ { Source: "/abs/path/", @@ -454,8 +454,8 @@ func TestValidateIDMapMounts(t *testing.T) { name: "idmap mounts with different userns and mount mappings", isErr: true, config: &configs.Config{ - UidMappings: mapping, - GidMappings: mapping, + UIDMappings: mapping, + GIDMappings: mapping, Mounts: []*configs.Mount{ { Source: "/abs/path/", @@ -477,8 +477,8 @@ func TestValidateIDMapMounts(t *testing.T) { name: "idmap mounts with different userns and mount mappings", isErr: true, config: &configs.Config{ - UidMappings: mapping, - GidMappings: mapping, + UIDMappings: mapping, + GIDMappings: mapping, Mounts: []*configs.Mount{ { Source: "/abs/path/", @@ -500,8 +500,8 @@ func TestValidateIDMapMounts(t *testing.T) { name: "idmap mounts without abs source path", isErr: true, config: &configs.Config{ - UidMappings: mapping, - GidMappings: mapping, + UIDMappings: mapping, + GIDMappings: mapping, Mounts: []*configs.Mount{ { Source: "./rel/path/", @@ -517,8 +517,8 @@ func TestValidateIDMapMounts(t *testing.T) { name: "idmap mounts without abs dest path", isErr: true, config: &configs.Config{ - UidMappings: mapping, - GidMappings: mapping, + UIDMappings: mapping, + GIDMappings: mapping, Mounts: []*configs.Mount{ { Source: "/abs/path/", @@ -534,8 +534,8 @@ func TestValidateIDMapMounts(t *testing.T) { { name: "simple idmap mount", config: &configs.Config{ - UidMappings: mapping, - GidMappings: mapping, + UIDMappings: mapping, + GIDMappings: mapping, Mounts: []*configs.Mount{ { Source: "/another-abs/path/", @@ -550,8 +550,8 @@ func TestValidateIDMapMounts(t *testing.T) { { name: "idmap mount with more flags", config: &configs.Config{ - UidMappings: mapping, - GidMappings: mapping, + UIDMappings: mapping, + GIDMappings: mapping, Mounts: []*configs.Mount{ { Source: "/another-abs/path/", diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index 21c9905e69e..e4a1e6d7d05 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -2219,7 +2219,7 @@ func (c *Container) bootstrapData(cloneFlags uintptr, nsMaps map[configs.Namespa _, joinExistingUser := nsMaps[configs.NEWUSER] if !joinExistingUser { // write uid mappings - if len(c.config.UidMappings) > 0 { + if len(c.config.UIDMappings) > 0 { if c.config.RootlessEUID { // We resolve the paths for new{u,g}idmap from // the context of runc to avoid doing a path @@ -2231,7 +2231,7 @@ func (c *Container) bootstrapData(cloneFlags uintptr, nsMaps map[configs.Namespa }) } } - b, err := encodeIDMapping(c.config.UidMappings) + b, err := encodeIDMapping(c.config.UIDMappings) if err != nil { return nil, err } @@ -2242,8 +2242,8 @@ func (c *Container) bootstrapData(cloneFlags uintptr, nsMaps map[configs.Namespa } // write gid mappings - if len(c.config.GidMappings) > 0 { - b, err := encodeIDMapping(c.config.GidMappings) + if len(c.config.GIDMappings) > 0 { + b, err := encodeIDMapping(c.config.GIDMappings) if err != nil { return nil, err } @@ -2356,5 +2356,5 @@ func requiresRootOrMappingTool(c *configs.Config) bool { gidMap := []configs.IDMap{ {ContainerID: 0, HostID: os.Getegid(), Size: 1}, } - return !reflect.DeepEqual(c.GidMappings, gidMap) + return !reflect.DeepEqual(c.GIDMappings, gidMap) } diff --git a/libcontainer/integration/exec_test.go b/libcontainer/integration/exec_test.go index 03d16639067..9795964caf2 100644 --- a/libcontainer/integration/exec_test.go +++ b/libcontainer/integration/exec_test.go @@ -1774,8 +1774,8 @@ func TestBindMountAndUser(t *testing.T) { }) // Set HostID to 1000 to avoid DAC_OVERRIDE bypassing the purpose of this test. - config.UidMappings[0].HostID = 1000 - config.GidMappings[0].HostID = 1000 + config.UIDMappings[0].HostID = 1000 + config.GIDMappings[0].HostID = 1000 // Set the owner of rootfs to the effective IDs in the host to avoid errors // while creating the folders to perform the mounts. diff --git a/libcontainer/integration/template_test.go b/libcontainer/integration/template_test.go index 3de1d3e325d..63c46b28fae 100644 --- a/libcontainer/integration/template_test.go +++ b/libcontainer/integration/template_test.go @@ -193,8 +193,8 @@ func newTemplateConfig(t *testing.T, p *tParam) *configs.Config { } if p.userns { - config.UidMappings = []configs.IDMap{{HostID: 0, ContainerID: 0, Size: 1000}} - config.GidMappings = []configs.IDMap{{HostID: 0, ContainerID: 0, Size: 1000}} + config.UIDMappings = []configs.IDMap{{HostID: 0, ContainerID: 0, Size: 1000}} + config.GIDMappings = []configs.IDMap{{HostID: 0, ContainerID: 0, Size: 1000}} config.Namespaces = append(config.Namespaces, configs.Namespace{Type: configs.NEWUSER}) } else { config.Mounts = append(config.Mounts, &configs.Mount{ diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go index d7ca7a53dd4..7fb67d8eee5 100644 --- a/libcontainer/specconv/spec_linux.go +++ b/libcontainer/specconv/spec_linux.go @@ -945,8 +945,8 @@ next: func setupUserNamespace(spec *specs.Spec, config *configs.Config) error { if spec.Linux != nil { - config.UidMappings = toConfigIDMap(spec.Linux.UIDMappings) - config.GidMappings = toConfigIDMap(spec.Linux.GIDMappings) + config.UIDMappings = toConfigIDMap(spec.Linux.UIDMappings) + config.GIDMappings = toConfigIDMap(spec.Linux.GIDMappings) } rootUID, err := config.HostRootUID() if err != nil { From 46ada59ba2339d4a7bef5a7682dba70d351551bc Mon Sep 17 00:00:00 2001 From: Francis Laniel Date: Tue, 18 Jul 2023 10:56:15 +0200 Subject: [PATCH 0308/1176] Use an *int for srcFD Previously to this commit, we used a string for srcFD as /proc/self/fd/NN. This commit modified to this behavior, so srcFD is only an *int and the full path is constructed in mountViaFDs() if srcFD is different than nil. Signed-off-by: Francis Laniel --- libcontainer/container_linux.go | 5 +---- libcontainer/mount_linux.go | 22 ++++++++++++---------- libcontainer/rootfs_linux.go | 22 +++++++++++----------- 3 files changed, 24 insertions(+), 25 deletions(-) diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index e4a1e6d7d05..2f0a6c64166 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -1419,10 +1419,7 @@ func (c *Container) prepareCriuRestoreMounts(mounts []*configs.Mount) error { // set up in the order they are configured. if m.Device == "bind" { if err := utils.WithProcfd(c.config.Rootfs, m.Destination, func(dstFD string) error { - if err := mountViaFDs(m.Source, "", m.Destination, dstFD, "", unix.MS_BIND|unix.MS_REC, ""); err != nil { - return err - } - return nil + return mountViaFDs(m.Source, nil, m.Destination, dstFD, "", unix.MS_BIND|unix.MS_REC, "") }); err != nil { return err } diff --git a/libcontainer/mount_linux.go b/libcontainer/mount_linux.go index 751262f3153..b391dd849fc 100644 --- a/libcontainer/mount_linux.go +++ b/libcontainer/mount_linux.go @@ -10,7 +10,7 @@ import ( type mountError struct { op string source string - srcFD string + srcFD *int target string dstFD string flags uintptr @@ -24,8 +24,8 @@ func (e *mountError) Error() string { if e.source != "" { out += "src=" + e.source + ", " - if e.srcFD != "" { - out += "srcFD=" + e.srcFD + ", " + if e.srcFD != nil { + out += "srcFD=" + strconv.Itoa(*e.srcFD) + ", " } } out += "dst=" + e.target @@ -53,21 +53,23 @@ func (e *mountError) Unwrap() error { // mount is a simple unix.Mount wrapper, returning an error with more context // in case it failed. func mount(source, target, fstype string, flags uintptr, data string) error { - return mountViaFDs(source, "", target, "", fstype, flags, data) + return mountViaFDs(source, nil, target, "", fstype, flags, data) } // mountViaFDs is a unix.Mount wrapper which uses srcFD instead of source, -// and dstFD instead of target, unless those are empty. The *FD arguments, -// if non-empty, are expected to be in the form of a path to an opened file -// descriptor on procfs (i.e. "/proc/self/fd/NN"). +// and dstFD instead of target, unless those are empty. +// If srcFD is different than nil, its path (i.e. "/proc/self/fd/NN") will be +// constructed by this function. +// dstFD argument, if non-empty, is expected to be in the form of a path to an +// opened file descriptor on procfs (i.e. "/proc/self/fd/NN"). // // If case an FD is used instead of a source or a target path, the // corresponding path is only used to add context to an error in case // the mount operation has failed. -func mountViaFDs(source, srcFD, target, dstFD, fstype string, flags uintptr, data string) error { +func mountViaFDs(source string, srcFD *int, target, dstFD, fstype string, flags uintptr, data string) error { src := source - if srcFD != "" { - src = srcFD + if srcFD != nil { + src = "/proc/self/fd/" + strconv.Itoa(*srcFD) } dst := target if dstFD != "" { diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index edd3abd3c82..0da300f9912 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -40,13 +40,13 @@ type mountConfig struct { // mountEntry contains mount data specific to a mount point. type mountEntry struct { *configs.Mount - srcFD string + srcFD *int idmapFD int } func (m *mountEntry) src() string { - if m.srcFD != "" { - return m.srcFD + if m.srcFD != nil { + return "/proc/self/fd/" + strconv.Itoa(*m.srcFD) } return m.Source } @@ -90,7 +90,7 @@ func prepareRootfs(pipe io.ReadWriter, iConfig *initConfig, mountFds mountFds) ( // Just before the loop we checked that if not empty, len(mountFds) == len(config.Mounts). // Therefore, we can access mountFds[i] without any concerns. if mountFds.sourceFds != nil && mountFds.sourceFds[i] != -1 { - entry.srcFD = "/proc/self/fd/" + strconv.Itoa(mountFds.sourceFds[i]) + entry.srcFD = &mountFds.sourceFds[i] } // We validated before we can access idmapFds[i]. @@ -98,7 +98,7 @@ func prepareRootfs(pipe io.ReadWriter, iConfig *initConfig, mountFds mountFds) ( entry.idmapFD = mountFds.idmapFds[i] } - if entry.idmapFD != -1 && entry.srcFD != "" { + if entry.idmapFD != -1 && entry.srcFD != nil { return fmt.Errorf("malformed mountFds and idmapFds slice, entry: %v has fds in both slices", i) } @@ -297,7 +297,7 @@ func mountCgroupV1(m *configs.Mount, c *mountConfig) error { data = cgroups.CgroupNamePrefix + data source = "systemd" } - return mountViaFDs(source, "", b.Destination, dstFD, "cgroup", uintptr(flags), data) + return mountViaFDs(source, nil, b.Destination, dstFD, "cgroup", uintptr(flags), data) }); err != nil { return err } @@ -329,7 +329,7 @@ func mountCgroupV2(m *configs.Mount, c *mountConfig) error { return err } err = utils.WithProcfd(c.root, m.Destination, func(dstFD string) error { - return mountViaFDs(m.Source, "", m.Destination, dstFD, "cgroup2", uintptr(m.Flags), m.Data) + return mountViaFDs(m.Source, nil, m.Destination, dstFD, "cgroup2", uintptr(m.Flags), m.Data) }) if err == nil || !(errors.Is(err, unix.EPERM) || errors.Is(err, unix.EBUSY)) { return err @@ -403,7 +403,7 @@ func doTmpfsCopyUp(m mountEntry, rootfs, mountLabel string) (Err error) { return fmt.Errorf("tmpcopyup: failed to copy %s to %s (%s): %w", m.Destination, dstFD, tmpDir, err) } // Now move the mount into the container. - if err := mountViaFDs(tmpDir, "", m.Destination, dstFD, "", unix.MS_MOVE, ""); err != nil { + if err := mountViaFDs(tmpDir, nil, m.Destination, dstFD, "", unix.MS_MOVE, ""); err != nil { return fmt.Errorf("tmpcopyup: failed to move mount: %w", err) } return nil @@ -497,7 +497,7 @@ func mountToRootfs(c *mountConfig, m mountEntry) error { // system type and data arguments are ignored: // https://man7.org/linux/man-pages/man2/mount.2.html // We also ignore procfd because we want to act on dest. - if err := mountViaFDs("", "", dest, dstFD, "", uintptr(pflag), ""); err != nil { + if err := mountViaFDs("", nil, dest, dstFD, "", uintptr(pflag), ""); err != nil { return err } } @@ -733,7 +733,7 @@ func bindMountDeviceNode(rootfs, dest string, node *devices.Device) error { _ = f.Close() } return utils.WithProcfd(rootfs, dest, func(dstFD string) error { - return mountViaFDs(node.Path, "", dest, dstFD, "bind", unix.MS_BIND, "") + return mountViaFDs(node.Path, nil, dest, dstFD, "bind", unix.MS_BIND, "") }) } @@ -1154,7 +1154,7 @@ func mountPropagate(m mountEntry, rootfs string, mountLabel string) error { // target needs to be re-opened. if err := utils.WithProcfd(rootfs, m.Destination, func(dstFD string) error { for _, pflag := range m.PropagationFlags { - if err := mountViaFDs("", "", m.Destination, dstFD, "", uintptr(pflag), ""); err != nil { + if err := mountViaFDs("", nil, m.Destination, dstFD, "", uintptr(pflag), ""); err != nil { return err } } From a3785c88ec5b2b271e13ebb872cf5bd49bcedace Mon Sep 17 00:00:00 2001 From: Francis Laniel Date: Thu, 20 Jul 2023 12:04:08 +0200 Subject: [PATCH 0309/1176] Remove idmapFD field for mountEntry We cannot have both srcFD and idMapFD set at the same time. So, we can simplify this struct to only have one field which is used a srcFD most of the time and as idMapFD when we do an id map mount. Signed-off-by: Francis Laniel --- libcontainer/rootfs_linux.go | 24 +++++++++++------------- 1 file changed, 11 insertions(+), 13 deletions(-) diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index 0da300f9912..4894400b625 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -40,8 +40,7 @@ type mountConfig struct { // mountEntry contains mount data specific to a mount point. type mountEntry struct { *configs.Mount - srcFD *int - idmapFD int + srcFD *int } func (m *mountEntry) src() string { @@ -86,20 +85,19 @@ func prepareRootfs(pipe io.ReadWriter, iConfig *initConfig, mountFds mountFds) ( cgroupns: config.Namespaces.Contains(configs.NEWCGROUP), } for i, m := range config.Mounts { - entry := mountEntry{Mount: m, idmapFD: -1} - // Just before the loop we checked that if not empty, len(mountFds) == len(config.Mounts). - // Therefore, we can access mountFds[i] without any concerns. + entry := mountEntry{Mount: m} + // Just before the loop we checked that if not empty, len(mountFds.sourceFds) == len(config.Mounts). + // Therefore, we can access mountFds.sourceFds[i] without any concerns. if mountFds.sourceFds != nil && mountFds.sourceFds[i] != -1 { entry.srcFD = &mountFds.sourceFds[i] } - // We validated before we can access idmapFds[i]. + // We validated before we can access mountFds.idmapFds[i]. if mountFds.idmapFds != nil && mountFds.idmapFds[i] != -1 { - entry.idmapFD = mountFds.idmapFds[i] - } - - if entry.idmapFD != -1 && entry.srcFD != nil { - return fmt.Errorf("malformed mountFds and idmapFds slice, entry: %v has fds in both slices", i) + if entry.srcFD != nil { + return fmt.Errorf("malformed mountFds and idmapFds slice, entry: %v has fds in both slices", i) + } + entry.srcFD = &mountFds.idmapFds[i] } if err := mountToRootfs(mountConfig, entry); err != nil { @@ -482,10 +480,10 @@ func mountToRootfs(c *mountConfig, m mountEntry) error { } if m.IsBind() && m.IsIDMapped() { - if m.idmapFD == -1 { + if m.srcFD == nil { return fmt.Errorf("error creating mount %+v: idmapFD is invalid, should point to a valid fd", m) } - if err := unix.MoveMount(m.idmapFD, "", -1, dest, unix.MOVE_MOUNT_F_EMPTY_PATH); err != nil { + if err := unix.MoveMount(*m.srcFD, "", -1, dest, unix.MOVE_MOUNT_F_EMPTY_PATH); err != nil { return fmt.Errorf("error on unix.MoveMount %+v: %w", m, err) } From 11b6c9b63896adb39d4877755c4c29bdbd345a3f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 22 Jul 2023 04:01:30 +0000 Subject: [PATCH 0310/1176] build(deps): bump github.com/opencontainers/runtime-spec Bumps [github.com/opencontainers/runtime-spec](https://github.com/opencontainers/runtime-spec) from 1.1.0-rc.3 to 1.1.0. - [Release notes](https://github.com/opencontainers/runtime-spec/releases) - [Changelog](https://github.com/opencontainers/runtime-spec/blob/main/ChangeLog) - [Commits](https://github.com/opencontainers/runtime-spec/compare/v1.1.0-rc.3...v1.1.0) --- updated-dependencies: - dependency-name: github.com/opencontainers/runtime-spec dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: Akihiro Suda --- docs/spec-conformance.md | 18 +++++++++--------- go.mod | 2 +- go.sum | 4 ++-- .../runtime-spec/specs-go/version.go | 2 +- vendor/modules.txt | 2 +- 5 files changed, 14 insertions(+), 14 deletions(-) diff --git a/docs/spec-conformance.md b/docs/spec-conformance.md index cff0d38c913..b512e5f5bb1 100644 --- a/docs/spec-conformance.md +++ b/docs/spec-conformance.md @@ -1,6 +1,6 @@ # Spec conformance -This branch of runc implements the [OCI Runtime Spec v1.1.0-rc.3](https://github.com/opencontainers/runtime-spec/tree/v1.1.0-rc.3) +This branch of runc implements the [OCI Runtime Spec v1.1.0](https://github.com/opencontainers/runtime-spec/tree/v1.1.0) for the `linux` platform. The following features are not implemented yet: @@ -10,16 +10,16 @@ Spec version | Feature | PR v1.0.0 | `SCMP_ARCH_PARISC` | Unplanned, due to lack of users v1.0.0 | `SCMP_ARCH_PARISC64` | Unplanned, due to lack of users v1.0.2 | `.linux.personality` | [#3126](https://github.com/opencontainers/runc/pull/3126) -v1.1.0-rc.1 | `.linux.resources.cpu.burst` | [#3749](https://github.com/opencontainers/runc/pull/3749) -v1.1.0-rc.1 | `SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV` | [#3862](https://github.com/opencontainers/runc/pull/3862) -v1.1.0-rc.2 | time namespaces | [#3876](https://github.com/opencontainers/runc/pull/3876) -v1.1.0-rc.2 | rsvd hugetlb cgroup | TODO ([#3859](https://github.com/opencontainers/runc/issues/3859)) -v1.1.0-rc.3 | `.process.scheduler` | TODO ([#3895](https://github.com/opencontainers/runc/issues/3895)) -v1.1.0-rc.3 | `.process.ioPriority` | [#3783](https://github.com/opencontainers/runc/pull/3783) +v1.1.0 | `.linux.resources.cpu.burst` | [#3749](https://github.com/opencontainers/runc/pull/3749) +v1.1.0 | `SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV` | [#3862](https://github.com/opencontainers/runc/pull/3862) +v1.1.0 | time namespaces | [#3876](https://github.com/opencontainers/runc/pull/3876) +v1.1.0 | rsvd hugetlb cgroup | TODO ([#3859](https://github.com/opencontainers/runc/issues/3859)) +v1.1.0 | `.process.scheduler` | TODO ([#3895](https://github.com/opencontainers/runc/issues/3895)) +v1.1.0 | `.process.ioPriority` | [#3783](https://github.com/opencontainers/runc/pull/3783) The following features are implemented with some limitations: Spec version | Feature | Limitation -------------|------------------------------------------|---------------------------------------------------------- -v1.1.0-rc.1 | `.[]mounts.uidMappings` | Requires using UserNS with identical uidMappings -v1.1.0-rc.1 | `.[]mounts.gidMappings` | Requires using UserNS with identical gidMappings +v1.1.0 | `.[]mounts.uidMappings` | Requires using UserNS with identical uidMappings +v1.1.0 | `.[]mounts.gidMappings` | Requires using UserNS with identical gidMappings diff --git a/go.mod b/go.mod index f536220b12d..a6b8eda71a9 100644 --- a/go.mod +++ b/go.mod @@ -12,7 +12,7 @@ require ( github.com/godbus/dbus/v5 v5.1.0 github.com/moby/sys/mountinfo v0.6.2 github.com/mrunalp/fileutils v0.5.0 - github.com/opencontainers/runtime-spec v1.1.0-rc.3 + github.com/opencontainers/runtime-spec v1.1.0 github.com/opencontainers/selinux v1.11.0 github.com/seccomp/libseccomp-golang v0.10.0 github.com/sirupsen/logrus v1.9.3 diff --git a/go.sum b/go.sum index 93838f70e91..ffee232f89e 100644 --- a/go.sum +++ b/go.sum @@ -30,8 +30,8 @@ github.com/moby/sys/mountinfo v0.6.2 h1:BzJjoreD5BMFNmD9Rus6gdd1pLuecOFPt8wC+Vyg github.com/moby/sys/mountinfo v0.6.2/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI= github.com/mrunalp/fileutils v0.5.0 h1:NKzVxiH7eSk+OQ4M+ZYW1K6h27RUV3MI6NUTsHhU6Z4= github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ= -github.com/opencontainers/runtime-spec v1.1.0-rc.3 h1:l04uafi6kxByhbxev7OWiuUv0LZxEsYUfDWZ6bztAuU= -github.com/opencontainers/runtime-spec v1.1.0-rc.3/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= +github.com/opencontainers/runtime-spec v1.1.0 h1:HHUyrt9mwHUjtasSbXSMvs4cyFxh+Bll4AjJ9odEGpg= +github.com/opencontainers/runtime-spec v1.1.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/selinux v1.11.0 h1:+5Zbo97w3Lbmb3PeqQtpmTkMwsW5nRI3YaLpt7tQ7oU= github.com/opencontainers/selinux v1.11.0/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M586T4DlDRYpFkyec= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= diff --git a/vendor/github.com/opencontainers/runtime-spec/specs-go/version.go b/vendor/github.com/opencontainers/runtime-spec/specs-go/version.go index 41933fb1719..b3fca349cb9 100644 --- a/vendor/github.com/opencontainers/runtime-spec/specs-go/version.go +++ b/vendor/github.com/opencontainers/runtime-spec/specs-go/version.go @@ -11,7 +11,7 @@ const ( VersionPatch = 0 // VersionDev indicates development branch. Releases will be empty string. - VersionDev = "-rc.3" + VersionDev = "" ) // Version is the specification version that the package types support. diff --git a/vendor/modules.txt b/vendor/modules.txt index 3085d5d8734..d66ef707c93 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -38,7 +38,7 @@ github.com/moby/sys/mountinfo # github.com/mrunalp/fileutils v0.5.0 ## explicit; go 1.13 github.com/mrunalp/fileutils -# github.com/opencontainers/runtime-spec v1.1.0-rc.3 +# github.com/opencontainers/runtime-spec v1.1.0 ## explicit github.com/opencontainers/runtime-spec/specs-go github.com/opencontainers/runtime-spec/specs-go/features From d9494fc6b400a532e5eae19b76e4a44c8fefaab8 Mon Sep 17 00:00:00 2001 From: lifubang Date: Sun, 23 Jul 2023 10:31:34 +0800 Subject: [PATCH 0311/1176] CHANGELOG: forward-port 1.1.6-1.1.8 changes Signed-off-by: lifubang --- CHANGELOG.md | 76 +++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 75 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 03d8fce84aa..03879e29ee9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -27,6 +27,77 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 support would return `-EPERM` despite the existence of the `-ENOSYS` stub code (this was due to how s390x does syscall multiplexing). (#3474) +## [1.1.8] - 2023-07-20 + +> æµ·çº³ç™¾å· æœ‰å®¹ä¹ƒå¤§ + +### Added + +* Support riscv64. (#3905) + +### Fixed + +* init: do not print environment variable value. (#3879) +* libct: fix a race with systemd removal. (#3877) +* tests/int: increase num retries for oom tests. (#3891) +* man/runc: fixes. (#3892) +* Fix tmpfs mode opts when dir already exists. (#3916) +* docs/systemd: fix a broken link. (#3917) +* ci/cirrus: enable some rootless tests on cs9. (#3918) +* runc delete: call systemd's reset-failed. (#3932) +* libct/cg/sd/v1: do not update non-frozen cgroup after frozen failed. (#3921) + +### Changed + +* CI: bump Fedora, Vagrant, bats. (#3878) +* `.codespellrc`: update for 2.2.5. (#3909) + +## [1.1.7] - 2023-04-26 + +> ĐĐ¾Ñ‡ĐµĐ²Đ°Đ»Đ° Ñ‚ÑƒÑ‡ĐºĐ° Đ·Đ¾Đ»Đ¾Ñ‚Đ°Ñ Đ½Đ° Đ³Ñ€ÑƒĐ´Đ¸ ÑƒÑ‚ĐµÑĐ°-Đ²ĐµĐ»Đ¸ĐºĐ°Đ½Đ°. + +### Fixed + +* When used with systemd v240+, systemd cgroup drivers no longer skip + `DeviceAllow` rules if the device does not exist (a regression introduced + in runc 1.1.3). This fix also reverts the workaround added in runc 1.1.5, + removing an extra warning emitted by runc run/start. (#3845, #3708, #3671) + +### Added + +* The source code now has a new file, `runc.keyring`, which contains the keys + used to sign runc releases. (#3838) + +## [1.1.6] - 2023-04-11 + +> In this world nothing is certain but death and taxes. + +### Compatibility + +* This release can no longer be built from sources using Go 1.16. Using a + latest maintained Go 1.20.x or Go 1.19.x release is recommended. + Go 1.17 can still be used. + +### Fixed + +* systemd cgroup v1 and v2 drivers were deliberately ignoring `UnitExist` error + from systemd while trying to create a systemd unit, which in some scenarios + may result in a container not being added to the proper systemd unit and + cgroup. (#3780, #3806) +* systemd cgroup v2 driver was incorrectly translating cpuset range from spec's + `resources.cpu.cpus` to systemd unit property (`AllowedCPUs`) in case of more + than 8 CPUs, resulting in the wrong AllowedCPUs setting. (#3808) +* systemd cgroup v1 driver was prefixing container's cgroup path with the path + of PID 1 cgroup, resulting in inability to place PID 1 in a non-root cgroup. + (#3811) +* runc run/start may return "permission denied" error when starting a rootless + container when the file to be executed does not have executable bit set for + the user, not taking the `CAP_DAC_OVERRIDE` capability into account. This is + a regression in runc 1.1.4, as well as in Go 1.20 and 1.20.1 (#3715, #3817) +* cgroup v1 drivers are now aware of `misc` controller. (#3823) +* Various CI fixes and improvements, mostly to ensure Go 1.19.x and Go 1.20.x + compatibility. + ## [1.1.5] - 2023-03-29 > å›ă‚ă‚ŒăŸå±ˆè¾±ă¯ @@ -385,7 +456,10 @@ implementation (libcontainer) is *not* covered by this policy. [1.0.1]: https://github.com/opencontainers/runc/compare/v1.0.0...v1.0.1 -[Unreleased 1.1.z]: https://github.com/opencontainers/runc/compare/v1.1.5...release-1.1 +[Unreleased 1.1.z]: https://github.com/opencontainers/runc/compare/v1.1.8...release-1.1 +[1.1.8]: https://github.com/opencontainers/runc/compare/v1.1.7...v1.1.8 +[1.1.7]: https://github.com/opencontainers/runc/compare/v1.1.6...v1.1.7 +[1.1.6]: https://github.com/opencontainers/runc/compare/v1.1.5...v1.1.6 [1.1.5]: https://github.com/opencontainers/runc/compare/v1.1.4...v1.1.5 [1.1.4]: https://github.com/opencontainers/runc/compare/v1.1.3...v1.1.4 [1.1.3]: https://github.com/opencontainers/runc/compare/v1.1.2...v1.1.3 From c875ea8529a2d9c89a5705f459acf91dc842d635 Mon Sep 17 00:00:00 2001 From: lifubang Date: Sun, 23 Jul 2023 11:59:18 +0800 Subject: [PATCH 0312/1176] use the length of UIDMappings/GIDMappings to check whether empty or not Signed-off-by: lifubang --- libcontainer/configs/config_linux.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libcontainer/configs/config_linux.go b/libcontainer/configs/config_linux.go index 41a365612a3..4e58bb39630 100644 --- a/libcontainer/configs/config_linux.go +++ b/libcontainer/configs/config_linux.go @@ -13,7 +13,7 @@ var ( // different when user namespaces are enabled. func (c Config) HostUID(containerId int) (int, error) { if c.Namespaces.Contains(NEWUSER) { - if c.UIDMappings == nil { + if len(c.UIDMappings) == 0 { return -1, errNoUIDMap } id, found := c.hostIDFromMapping(containerId, c.UIDMappings) @@ -36,7 +36,7 @@ func (c Config) HostRootUID() (int, error) { // different when user namespaces are enabled. func (c Config) HostGID(containerId int) (int, error) { if c.Namespaces.Contains(NEWUSER) { - if c.GIDMappings == nil { + if len(c.GIDMappings) == 0 { return -1, errNoGIDMap } id, found := c.hostIDFromMapping(containerId, c.GIDMappings) From 237acdd813fbf0da6e08d51aaec5cda6bb19d880 Mon Sep 17 00:00:00 2001 From: lifubang Date: Sun, 23 Jul 2023 10:45:40 +0800 Subject: [PATCH 0313/1176] add some important announcements in unreleased section Signed-off-by: lifubang --- CHANGELOG.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 03879e29ee9..b09d44c88c2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,11 +12,20 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 be removed entirely in a future release. Users who need a non-standard `criu` binary should rely on the standard way of looking up binaries in `$PATH`. (#3316) + * `runc kill` option `-a` is now deprecated. Previously, it had to be specified + to kill a container (with SIGKILL) which does not have its own private PID + namespace (so that runc would send SIGKILL to all processes). Now, this is + done automatically. (#3864, #3825) ### Changed * When Intel RDT feature is not available, its initialization is skipped, resulting in slightly faster `runc exec` and `runc run`. (#3306) + * Enforce absolute paths for mounts. (#3020, #3717) + * libcontainer users that create and kill containers from a daemon process + (so that the container init is a child of that process) must now implement + a proper child reaper in case a container does not have its own private PID + namespace, as documented in `container.Signal`. (#3825) ### Fixed @@ -26,6 +35,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 s390 and s390x. This solves the issue where syscalls the host kernel did not support would return `-EPERM` despite the existence of the `-ENOSYS` stub code (this was due to how s390x does syscall multiplexing). (#3474) + * Remove tun/tap from the default device rules. (#3468) + * specconv: avoid mapping "acl" to MS_POSIXACL. (#3739) ## [1.1.8] - 2023-07-20 From da780e4d275444e9be5fc75d2005f51d71669a8e Mon Sep 17 00:00:00 2001 From: Ruediger Pluem Date: Tue, 9 May 2023 10:51:39 +0200 Subject: [PATCH 0314/1176] Fix bind mounts of filesystems with certain options set Currently bind mounts of filesystems with nodev, nosuid, noexec, noatime, relatime, strictatime, nodiratime options set fail in rootless mode if the same options are not set for the bind mount. For ro filesystems this was resolved by #2570 by remounting again with ro set. Follow the same approach for nodev, nosuid, noexec, noatime, relatime, strictatime, nodiratime but allow to revert back to the old behaviour via the new `--no-mount-fallback` command line option. Add a testcase to verify that bind mounts of filesystems with nodev, nosuid, noexec, noatime options set work in rootless mode. Add a testcase that mounts a nodev, nosuid, noexec, noatime filesystem with a ro flag. Add two further testcases that ensure that the above testcases would fail if the `--no-mount-fallback` command line option is set. * contrib/completions/bash/runc: Add `--no-mount-fallback` command line option for bash completion. * create.go: Add `--no-mount-fallback` command line option. * restore.go: Add `--no-mount-fallback` command line option. * run.go: Add `--no-mount-fallback` command line option. * libcontainer/configs/config.go: Add `NoMountFallback` field to the `Config` struct to store the command line option value. * libcontainer/specconv/spec_linux.go: Add `NoMountFallback` field to the `CreateOpts` struct to store the command line option value and store it in the libcontainer config. * utils_linux.go: Store the command line option value in the `CreateOpts` struct. * libcontainer/rootfs_linux.go: In case that `--no-mount-fallback` is not set try to remount the bind filesystem again with the options nodev, nosuid, noexec, noatime, relatime, strictatime or nodiratime if they are set on the source filesystem. * tests/integration/mounts_sshfs.bats: Add testcases and rework sshfs setup to allow specifying different mount options depending on the test case. Signed-off-by: Ruediger Pluem --- contrib/completions/bash/runc | 3 + create.go | 4 ++ libcontainer/configs/config.go | 4 ++ libcontainer/rootfs_linux.go | 23 ++++++-- libcontainer/specconv/spec_linux.go | 2 + restore.go | 4 ++ run.go | 4 ++ tests/integration/mounts_sshfs.bats | 91 +++++++++++++++++++++++++---- utils_linux.go | 1 + 9 files changed, 119 insertions(+), 17 deletions(-) diff --git a/contrib/completions/bash/runc b/contrib/completions/bash/runc index 1f2da1c045f..69a3b953750 100644 --- a/contrib/completions/bash/runc +++ b/contrib/completions/bash/runc @@ -461,6 +461,7 @@ _runc_run() { --no-subreaper --no-pivot --no-new-keyring + --no-mount-fallback " local options_with_args=" @@ -567,6 +568,7 @@ _runc_create() { --help --no-pivot --no-new-keyring + --no-mount-fallback " local options_with_args=" @@ -627,6 +629,7 @@ _runc_restore() { --no-pivot --auto-dedup --lazy-pages + --no-mount-fallback " local options_with_args=" diff --git a/create.go b/create.go index 97854b846cb..3788a532fce 100644 --- a/create.go +++ b/create.go @@ -51,6 +51,10 @@ command(s) that get executed on start, edit the args parameter of the spec. See Name: "preserve-fds", Usage: "Pass N additional file descriptors to the container (stdio + $LISTEN_FDS + N in total)", }, + cli.BoolFlag{ + Name: "no-mount-fallback", + Usage: "Do not fallback when the specific configuration is not applicable (e.g., do not try to remount a bind mount again after the first attempt failed on source filesystems that have nodev, noexec, nosuid, noatime, relatime, strictatime, nodiratime set)", + }, }, Action: func(context *cli.Context) error { if err := checkArgs(context, 1, exactArgs); err != nil { diff --git a/libcontainer/configs/config.go b/libcontainer/configs/config.go index 576db59523e..bb5dbba6588 100644 --- a/libcontainer/configs/config.go +++ b/libcontainer/configs/config.go @@ -212,6 +212,10 @@ type Config struct { // RootlessCgroups is set when unlikely to have the full access to cgroups. // When RootlessCgroups is set, cgroups errors are ignored. RootlessCgroups bool `json:"rootless_cgroups,omitempty"` + + // Do not try to remount a bind mount again after the first attempt failed on source + // filesystems that have nodev, noexec, nosuid, noatime, relatime, strictatime, nodiratime set + NoMountFallback bool `json:"no_mount_fallback,omitempty"` } type ( diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index 4894400b625..32e61778e1a 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -35,6 +35,7 @@ type mountConfig struct { cgroup2Path string rootlessCgroups bool cgroupns bool + noMountFallback bool } // mountEntry contains mount data specific to a mount point. @@ -83,6 +84,7 @@ func prepareRootfs(pipe io.ReadWriter, iConfig *initConfig, mountFds mountFds) ( cgroup2Path: iConfig.Cgroup2Path, rootlessCgroups: iConfig.RootlessCgroups, cgroupns: config.Namespaces.Contains(configs.NEWCGROUP), + noMountFallback: config.NoMountFallback, } for i, m := range config.Mounts { entry := mountEntry{Mount: m} @@ -512,7 +514,7 @@ func mountToRootfs(c *mountConfig, m mountEntry) error { // first check that we have non-default options required before attempting a remount if m.Flags&^(unix.MS_REC|unix.MS_REMOUNT|unix.MS_BIND) != 0 { // only remount if unique mount options are set - if err := remount(m, rootfs); err != nil { + if err := remount(m, rootfs, c.noMountFallback); err != nil { return err } } @@ -1101,24 +1103,33 @@ func writeSystemProperty(key, value string) error { return os.WriteFile(path.Join("/proc/sys", keyPath), []byte(value), 0o644) } -func remount(m mountEntry, rootfs string) error { +func remount(m mountEntry, rootfs string, noMountFallback bool) error { return utils.WithProcfd(rootfs, m.Destination, func(dstFD string) error { flags := uintptr(m.Flags | unix.MS_REMOUNT) err := mountViaFDs(m.Source, m.srcFD, m.Destination, dstFD, m.Device, flags, "") if err == nil { return nil } - // Check if the source has ro flag... + // Check if the source has flags set according to noMountFallback src := m.src() var s unix.Statfs_t if err := unix.Statfs(src, &s); err != nil { return &os.PathError{Op: "statfs", Path: src, Err: err} } - if s.Flags&unix.MS_RDONLY != unix.MS_RDONLY { + var checkflags int + if noMountFallback { + // Check for ro only + checkflags = unix.MS_RDONLY + } else { + // Check for ro, nodev, noexec, nosuid, noatime, relatime, strictatime, + // nodiratime + checkflags = unix.MS_RDONLY | unix.MS_NODEV | unix.MS_NOEXEC | unix.MS_NOSUID | unix.MS_NOATIME | unix.MS_RELATIME | unix.MS_STRICTATIME | unix.MS_NODIRATIME + } + if int(s.Flags)&checkflags == 0 { return err } - // ... and retry the mount with ro flag set. - flags |= unix.MS_RDONLY + // ... and retry the mount with flags found above. + flags |= uintptr(int(s.Flags) & checkflags) return mountViaFDs(m.Source, m.srcFD, m.Destination, dstFD, m.Device, flags, "") }) } diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go index 7fb67d8eee5..d3938da516c 100644 --- a/libcontainer/specconv/spec_linux.go +++ b/libcontainer/specconv/spec_linux.go @@ -312,6 +312,7 @@ type CreateOpts struct { Spec *specs.Spec RootlessEUID bool RootlessCgroups bool + NoMountFallback bool } // getwd is a wrapper similar to os.Getwd, except it always gets @@ -358,6 +359,7 @@ func CreateLibcontainerConfig(opts *CreateOpts) (*configs.Config, error) { NoNewKeyring: opts.NoNewKeyring, RootlessEUID: opts.RootlessEUID, RootlessCgroups: opts.RootlessCgroups, + NoMountFallback: opts.NoMountFallback, } for _, m := range spec.Mounts { diff --git a/restore.go b/restore.go index d65afcfc788..de5b48d54c2 100644 --- a/restore.go +++ b/restore.go @@ -98,6 +98,10 @@ using the runc checkpoint command.`, Value: "", Usage: "Specify an LSM mount context to be used during restore.", }, + cli.BoolFlag{ + Name: "no-mount-fallback", + Usage: "Do not fallback when the specific configuration is not applicable (e.g., do not try to remount a bind mount again after the first attempt failed on source filesystems that have nodev, noexec, nosuid, noatime, relatime, strictatime, nodiratime set)", + }, }, Action: func(context *cli.Context) error { if err := checkArgs(context, 1, exactArgs); err != nil { diff --git a/run.go b/run.go index 82781669d10..8b4f4d1fb23 100644 --- a/run.go +++ b/run.go @@ -64,6 +64,10 @@ command(s) that get executed on start, edit the args parameter of the spec. See Name: "preserve-fds", Usage: "Pass N additional file descriptors to the container (stdio + $LISTEN_FDS + N in total)", }, + cli.BoolFlag{ + Name: "no-mount-fallback", + Usage: "Do not fallback when the specific configuration is not applicable (e.g., do not try to remount a bind mount again after the first attempt failed on source filesystems that have nodev, noexec, nosuid, noatime, relatime, strictatime, nodiratime set)", + }, }, Action: func(context *cli.Context) error { if err := checkArgs(context, 1, exactArgs); err != nil { diff --git a/tests/integration/mounts_sshfs.bats b/tests/integration/mounts_sshfs.bats index 41f1cf4ebc9..540403e4051 100644 --- a/tests/integration/mounts_sshfs.bats +++ b/tests/integration/mounts_sshfs.bats @@ -3,7 +3,20 @@ load helpers function setup() { - # Create a ro fuse-sshfs mount; skip the test if it's not working. + setup_busybox + update_config '.process.args = ["/bin/echo", "Hello World"]' +} + +function teardown() { + # Some distros do not have fusermount installed + # as a dependency of fuse-sshfs, and good ol' umount works. + fusermount -u "$DIR" || umount "$DIR" + + teardown_bundle +} + +function setup_sshfs() { + # Create a fuse-sshfs mount; skip the test if it's not working. local sshfs="sshfs -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no @@ -12,30 +25,86 @@ function setup() { DIR="$BATS_RUN_TMPDIR/fuse-sshfs" mkdir -p "$DIR" - if ! $sshfs -o ro rootless@localhost: "$DIR"; then + if ! $sshfs -o "$1" rootless@localhost: "$DIR"; then skip "test requires working sshfs mounts" fi +} - setup_busybox - update_config '.process.args = ["/bin/echo", "Hello World"]' +@test "runc run [rw bind mount of a ro fuse sshfs mount]" { + setup_sshfs "ro" + update_config ' .mounts += [{ + type: "bind", + source: "'"$DIR"'", + destination: "/mnt", + options: ["rw", "rprivate", "nosuid", "nodev", "rbind"] + }]' + + runc run --no-mount-fallback test_busybox + [ "$status" -eq 0 ] } -function teardown() { - # New distros (Fedora 35) do not have fusermount installed - # as a dependency of fuse-sshfs, and good ol' umount works. - fusermount -u "$DIR" || umount "$DIR" +@test "runc run [dev,exec,suid,atime bind mount of a nodev,nosuid,noexec,noatime fuse sshfs mount]" { + setup_sshfs "nodev,nosuid,noexec,noatime" + # The "sync" option is used to trigger a remount with the below options. + # It serves no further purpose. Otherwise only a bind mount without + # applying the below options will be done. + update_config ' .mounts += [{ + type: "bind", + source: "'"$DIR"'", + destination: "/mnt", + options: ["dev", "suid", "exec", "atime", "rprivate", "rbind", "sync"] + }]' - teardown_bundle + runc run test_busybox + [ "$status" -eq 0 ] } -@test "runc run [rw bind mount of a ro fuse sshfs mount]" { +@test "runc run [ro bind mount of a nodev,nosuid,noexec,noatime fuse sshfs mount]" { + setup_sshfs "nodev,nosuid,noexec,noatime" update_config ' .mounts += [{ type: "bind", source: "'"$DIR"'", destination: "/mnt", - options: ["rw", "rprivate", "nosuid", "nodev", "rbind"] + options: ["rbind", "ro"] }]' runc run test_busybox [ "$status" -eq 0 ] } + +@test "runc run [dev,exec,suid,atime bind mount of a nodev,nosuid,noexec,noatime fuse sshfs mount without fallback]" { + setup_sshfs "nodev,nosuid,noexec,noatime" + # The "sync" option is used to trigger a remount with the below options. + # It serves no further purpose. Otherwise only a bind mount without + # applying the below options will be done. + update_config ' .mounts += [{ + type: "bind", + source: "'"$DIR"'", + destination: "/mnt", + options: ["dev", "suid", "exec", "atime", "rprivate", "rbind", "sync"] + }]' + + runc run --no-mount-fallback test_busybox + # The above will fail as we added --no-mount-fallback which causes us not to + # try to remount a bind mount again after the first attempt failed on source + # filesystems that have nodev, noexec, nosuid, noatime set. + [ "$status" -ne 0 ] + [[ "$output" == *"runc run failed: unable to start container process: error during container init: error mounting"*"operation not permitted"* ]] +} + +@test "runc run [ro bind mount of a nodev,nosuid,noexec,noatime fuse sshfs mount without fallback]" { + setup_sshfs "nodev,nosuid,noexec,noatime" + update_config ' .mounts += [{ + type: "bind", + source: "'"$DIR"'", + destination: "/mnt", + options: ["rbind", "ro"] + }]' + + runc run --no-mount-fallback test_busybox + # The above will fail as we added --no-mount-fallback which causes us not to + # try to remount a bind mount again after the first attempt failed on source + # filesystems that have nodev, noexec, nosuid, noatime set. + [ "$status" -ne 0 ] + [[ "$output" == *"runc run failed: unable to start container process: error during container init: error mounting"*"operation not permitted"* ]] +} diff --git a/utils_linux.go b/utils_linux.go index 4c00b2092db..0f787cb3387 100644 --- a/utils_linux.go +++ b/utils_linux.go @@ -175,6 +175,7 @@ func createContainer(context *cli.Context, id string, spec *specs.Spec) (*libcon Spec: spec, RootlessEUID: os.Geteuid() != 0, RootlessCgroups: rootlessCg, + NoMountFallback: context.Bool("no-mount-fallback"), }) if err != nil { return nil, err From 701dff798d951b8448eb98860ba423b5a2ecdf5a Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 24 Apr 2023 17:07:04 -0700 Subject: [PATCH 0315/1176] libct/cg/sd: use systemd v240+ new MAJOR:* syntax Since systemd v240 (commit 8e8b5d2e6d91180a), one can use /dev/{char,block}-MAJOR syntax to specify that all MAJOR:* devices are allowed. Use it, if available, since it's more straightforward, plus we can skip somewhat expensive parsing of /proc/devices. Signed-off-by: Kir Kolyshkin --- libcontainer/cgroups/devices/systemd.go | 36 ++++++++++++++++--------- 1 file changed, 23 insertions(+), 13 deletions(-) diff --git a/libcontainer/cgroups/devices/systemd.go b/libcontainer/cgroups/devices/systemd.go index 70768f9dbbb..5e7e46ae250 100644 --- a/libcontainer/cgroups/devices/systemd.go +++ b/libcontainer/cgroups/devices/systemd.go @@ -83,11 +83,12 @@ func systemdProperties(r *configs.Resources, sdVer int) ([]systemdDbus.Property, // cannot add whitelist rules for devices that don't exist. Since v240, // device properties are parsed from the path string. // - // However, path globbing is not support for path-based rules so we + // However, path globbing is not supported for path-based rules so we // need to handle wildcards in some other manner. // - // * Wildcard-minor rules have to specify a "device group name" (the - // second column in /proc/devices). + // * If systemd older than v240 is used, wildcard-minor rules + // have to specify a "device group name" (the second column + // in /proc/devices). // // * Wildcard (major and minor) rules can just specify a glob with the // type ("char-*" or "block-*"). @@ -110,17 +111,26 @@ func systemdProperties(r *configs.Resources, sdVer int) ([]systemdDbus.Property, } entry.Path = prefix + "*" } else if rule.Minor == devices.Wildcard { - // "_ n:* _" rules require a device group from /proc/devices. - group, err := findDeviceGroup(rule.Type, rule.Major) - if err != nil { - return nil, fmt.Errorf("unable to find device '%v/%d': %w", rule.Type, rule.Major, err) - } - if group == "" { - // Couldn't find a group. - logrus.Warnf("could not find device group for '%v/%d' in /proc/devices -- temporarily ignoring rule: %v", rule.Type, rule.Major, *rule) - continue + if sdVer >= 240 { + // systemd v240+ allows for {block,char}-MAJOR syntax. + prefix, err := groupPrefix(rule.Type) + if err != nil { + return nil, err + } + entry.Path = prefix + strconv.FormatInt(rule.Major, 10) + } else { + // For older systemd, "_ n:* _" rules require a device group from /proc/devices. + group, err := findDeviceGroup(rule.Type, rule.Major) + if err != nil { + return nil, fmt.Errorf("unable to find device '%v/%d': %w", rule.Type, rule.Major, err) + } + if group == "" { + // Couldn't find a group. + logrus.Warnf("could not find device group for '%v/%d' in /proc/devices -- temporarily ignoring rule: %v", rule.Type, rule.Major, *rule) + continue + } + entry.Path = group } - entry.Path = group } else { // "_ n:m _" rules are just a path in /dev/{block,char}/. switch rule.Type { From 57f31c68dca758a94fc9ebd22e286bc5b7196c07 Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Thu, 27 Jul 2023 14:10:08 +0200 Subject: [PATCH 0316/1176] libct/nsenter: Show better errors for idmap mounts While testing this with old kernel versions and kernels that don't support idmap mounts for some of the filesystems used by a container, I realized we can throw a more clear errors. Let's make it clear which syscall we are using, when it is not supported and when if the fs doesn't support idmap mounts, which path it is. Signed-off-by: Rodrigo Campos --- libcontainer/nsenter/nsexec.c | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/libcontainer/nsenter/nsexec.c b/libcontainer/nsenter/nsexec.c index 6297276f8b2..22b6ea1cd21 100644 --- a/libcontainer/nsenter/nsexec.c +++ b/libcontainer/nsenter/nsexec.c @@ -699,10 +699,14 @@ void send_idmapsources(int sockfd, pid_t pid, char *idmap_src, int idmap_src_len AT_SYMLINK_NOFOLLOW | AT_NO_AUTOMOUNT); if (fd_tree < 0) { sane_kill(pid, SIGKILL); - if (errno == EINVAL) - bail("failed to use open_tree(2) with path: %s, the kernel doesn't supports ID-mapped mounts", idmap_src); - else - bail("failed to use open_tree(2) with path: %s", idmap_src); + if (errno == ENOSYS) { + bail("open_tree(2) failed, the kernel doesn't support ID-mapped mounts"); + } else if (errno == EINVAL) { + bail("open_tree(2) failed with path: %s, the kernel doesn't support ID-mapped mounts", + idmap_src); + } else { + bail("open_tree(2) failed with path: %s", idmap_src); + } } struct mount_attr attr = { @@ -713,10 +717,12 @@ void send_idmapsources(int sockfd, pid_t pid, char *idmap_src, int idmap_src_len ret = sys_mount_setattr(fd_tree, "", AT_EMPTY_PATH, &attr, sizeof(attr)); if (ret < 0) { sane_kill(pid, SIGKILL); - if (errno == EINVAL) - bail("failed to change mount attributes, maybe the filesystem doesn't supports ID-mapped mounts"); + if (errno == ENOSYS) + bail("mount_setattr(2) failed, the kernel doesn't support ID-mapped mounts"); + else if (errno == EINVAL) + bail("mount_setattr(2) failed with path: %s, maybe the filesystem doesn't support ID-mapped mounts", idmap_src); else - bail("failed to change mount attributes"); + bail("mount_setattr(2) failed with path: %s", idmap_src); } write_log(DEBUG, "~> sending idmap source: %s with mapping from: %s", idmap_src, proc_user_path); From 70f4e46e68d6795863b13743ed6d3895fd721318 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Fri, 7 Jul 2023 15:11:41 +1000 Subject: [PATCH 0317/1176] utils: use close_range(2) to close leftover file descriptors close_range(2) is far more efficient than a readdir of /proc/self/fd and then doing a syscall for each file descriptor. Signed-off-by: Aleksa Sarai --- libcontainer/utils/utils_unix.go | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/libcontainer/utils/utils_unix.go b/libcontainer/utils/utils_unix.go index 220d0b43937..6b9a7be038f 100644 --- a/libcontainer/utils/utils_unix.go +++ b/libcontainer/utils/utils_unix.go @@ -5,8 +5,10 @@ package utils import ( "fmt" + "math" "os" "strconv" + "sync" "golang.org/x/sys/unix" ) @@ -23,9 +25,38 @@ func EnsureProcHandle(fh *os.File) error { return nil } +var ( + haveCloseRangeCloexecBool bool + haveCloseRangeCloexecOnce sync.Once +) + +func haveCloseRangeCloexec() bool { + haveCloseRangeCloexecOnce.Do(func() { + // Make sure we're not closing a random file descriptor. + tmpFd, err := unix.FcntlInt(0, unix.F_DUPFD_CLOEXEC, 0) + if err != nil { + return + } + defer unix.Close(tmpFd) + + err = unix.CloseRange(uint(tmpFd), uint(tmpFd), unix.CLOSE_RANGE_CLOEXEC) + // Any error means we cannot use close_range(CLOSE_RANGE_CLOEXEC). + // -ENOSYS and -EINVAL ultimately mean we don't have support, but any + // other potential error would imply that even the most basic close + // operation wouldn't work. + haveCloseRangeCloexecBool = err == nil + }) + return haveCloseRangeCloexecBool +} + // CloseExecFrom applies O_CLOEXEC to all file descriptors currently open for // the process (except for those below the given fd value). func CloseExecFrom(minFd int) error { + if haveCloseRangeCloexec() { + err := unix.CloseRange(uint(minFd), math.MaxUint, unix.CLOSE_RANGE_CLOEXEC) + return os.NewSyscallError("close_range", err) + } + fdDir, err := os.Open("/proc/self/fd") if err != nil { return err From c537cb3d5990aded3316878219a256b9a1629dbe Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 2 Aug 2023 04:55:22 +0000 Subject: [PATCH 0318/1176] build(deps): bump golang.org/x/net from 0.12.0 to 0.13.0 Bumps [golang.org/x/net](https://github.com/golang/net) from 0.12.0 to 0.13.0. - [Commits](https://github.com/golang/net/compare/v0.12.0...v0.13.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- vendor/modules.txt | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index a6b8eda71a9..8b048df4063 100644 --- a/go.mod +++ b/go.mod @@ -19,7 +19,7 @@ require ( github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 github.com/urfave/cli v1.22.12 github.com/vishvananda/netlink v1.1.0 - golang.org/x/net v0.12.0 + golang.org/x/net v0.13.0 golang.org/x/sys v0.10.0 google.golang.org/protobuf v1.31.0 ) diff --git a/go.sum b/go.sum index ffee232f89e..ee4a036c720 100644 --- a/go.sum +++ b/go.sum @@ -63,8 +63,8 @@ github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df h1:OviZH7qLw/7Zo github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU= golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2 h1:Jvc7gsqn21cJHCmAWx0LiimpP18LZmUxkT5Mp7EZ1mI= golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= -golang.org/x/net v0.12.0 h1:cfawfvKITfUsFCeJIHJrbSxpeu/E81khclypR0GVT50= -golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA= +golang.org/x/net v0.13.0 h1:Nvo8UFsZ8X3BhAC9699Z1j7XQ3rsZnUUm7jfBEk1ueY= +golang.org/x/net v0.13.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA= golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= diff --git a/vendor/modules.txt b/vendor/modules.txt index d66ef707c93..67468530e90 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -75,7 +75,7 @@ github.com/vishvananda/netns golang.org/x/exp/constraints golang.org/x/exp/maps golang.org/x/exp/slices -# golang.org/x/net v0.12.0 +# golang.org/x/net v0.13.0 ## explicit; go 1.17 golang.org/x/net/bpf # golang.org/x/sys v0.10.0 From 99340bb0bd6cf2f3560ab5fb69eecf0b55b12a39 Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Tue, 1 Aug 2023 16:30:05 +0200 Subject: [PATCH 0319/1176] contrib/fs-idmap: Reap childs This is what we should do, although in practice this probably won't be a big issue as the parent also exits. While we are there, instead of waiting for the child to finish, kill it if we did everything we wanted to do. Signed-off-by: Rodrigo Campos --- contrib/cmd/fs-idmap/fs-idmap.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/contrib/cmd/fs-idmap/fs-idmap.go b/contrib/cmd/fs-idmap/fs-idmap.go index b48114dfe03..c060bc5a2b2 100644 --- a/contrib/cmd/fs-idmap/fs-idmap.go +++ b/contrib/cmd/fs-idmap/fs-idmap.go @@ -31,6 +31,10 @@ func main() { if err := cmd.Start(); err != nil { log.Fatalf("failed to run the helper binary: %v", err) } + defer func() { + _ = cmd.Process.Kill() + _ = cmd.Wait() + }() path := fmt.Sprintf("/proc/%d/ns/user", cmd.Process.Pid) var userNsFile *os.File From 7d2becdf2cc45209411d8cb992b218136cf5acd9 Mon Sep 17 00:00:00 2001 From: Alexander Eldeib Date: Mon, 10 Jul 2023 15:34:07 +0200 Subject: [PATCH 0320/1176] libct/cg/fs2: use `file` + `anon` + `swap` for usage This aligns v2 usage calculations more closely with v1. Current node-level reporting for v1 vs v2 on the same machine under similar load may differ by ~250-750Mi. Also return usage as combined swap + memory usage, aligned with v1 and non-root v2 cgroups. `mem_cgroup_usage` in the kernel counts NR_FILE_PAGES + NR_ANON_MAPPED + `nr_swap_pages` (if swap enabled) [^0]. Using total - free results in higher "usage" numbers. This is likely due to various types of reclaimable memory technically counted as in use (e.g. inactive anon). See also https://github.com/kubernetes/kubernetes/issues/118916 for more context [^0]: https://github.com/torvalds/linux/blob/06c2afb862f9da8dc5efa4b6076a0e48c3fbaaa5/mm/memcontrol.c#L3673-L3680 Signed-off-by: Alexander Eldeib --- CHANGELOG.md | 5 + libcontainer/cgroups/fs2/memory.go | 24 ++-- libcontainer/cgroups/fs2/memory_test.go | 139 ++++++++++++++++++++++++ 3 files changed, 158 insertions(+), 10 deletions(-) create mode 100644 libcontainer/cgroups/fs2/memory_test.go diff --git a/CHANGELOG.md b/CHANGELOG.md index b09d44c88c2..adcf084d0b6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -26,6 +26,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 (so that the container init is a child of that process) must now implement a proper child reaper in case a container does not have its own private PID namespace, as documented in `container.Signal`. (#3825) + * Sum `anon` and `file` from `memory.stat` for cgroupv2 root usage, + as the root does not have `memory.current` for cgroupv2. + This aligns cgroupv2 root usage more closely with cgroupv1 reporting. + Additionally, report root swap usage as sum of swap and memory usage, + aligned with v1 and existing non-root v2 reporting. (#3933) ### Fixed diff --git a/libcontainer/cgroups/fs2/memory.go b/libcontainer/cgroups/fs2/memory.go index e3b857dc1db..85e96b1ce98 100644 --- a/libcontainer/cgroups/fs2/memory.go +++ b/libcontainer/cgroups/fs2/memory.go @@ -106,8 +106,9 @@ func statMemory(dirPath string, stats *cgroups.Stats) error { if err != nil { if errors.Is(err, unix.ENOENT) && dirPath == UnifiedMountpoint { // The root cgroup does not have memory.{current,max} - // so emulate those using data from /proc/meminfo. - return statsFromMeminfo(stats) + // so emulate those using data from /proc/meminfo and + // /sys/fs/cgroup/memory.stat + return rootStatsFromMeminfo(stats) } return err } @@ -159,7 +160,7 @@ func getMemoryDataV2(path, name string) (cgroups.MemoryData, error) { return memoryData, nil } -func statsFromMeminfo(stats *cgroups.Stats) error { +func rootStatsFromMeminfo(stats *cgroups.Stats) error { const file = "/proc/meminfo" f, err := os.Open(file) if err != nil { @@ -171,14 +172,10 @@ func statsFromMeminfo(stats *cgroups.Stats) error { var ( swap_free uint64 swap_total uint64 - main_total uint64 - main_free uint64 ) mem := map[string]*uint64{ "SwapFree": &swap_free, "SwapTotal": &swap_total, - "MemTotal": &main_total, - "MemFree": &main_free, } found := 0 @@ -211,11 +208,18 @@ func statsFromMeminfo(stats *cgroups.Stats) error { return &parseError{Path: "", File: file, Err: err} } + // cgroup v1 `usage_in_bytes` reports memory usage as the sum of + // - rss (NR_ANON_MAPPED) + // - cache (NR_FILE_PAGES) + // cgroup v1 reports SwapUsage values as mem+swap combined + // cgroup v2 reports rss and cache as anon and file. + // sum `anon` + `file` to report the same value as `usage_in_bytes` in v1. + // sum swap usage as combined mem+swap usage for consistency as well. + stats.MemoryStats.Usage.Usage = stats.MemoryStats.Stats["anon"] + stats.MemoryStats.Stats["file"] + stats.MemoryStats.Usage.Limit = math.MaxUint64 stats.MemoryStats.SwapUsage.Usage = (swap_total - swap_free) * 1024 stats.MemoryStats.SwapUsage.Limit = math.MaxUint64 - - stats.MemoryStats.Usage.Usage = (main_total - main_free) * 1024 - stats.MemoryStats.Usage.Limit = math.MaxUint64 + stats.MemoryStats.SwapUsage.Usage += stats.MemoryStats.Usage.Usage return nil } diff --git a/libcontainer/cgroups/fs2/memory_test.go b/libcontainer/cgroups/fs2/memory_test.go new file mode 100644 index 00000000000..2e2713c29ae --- /dev/null +++ b/libcontainer/cgroups/fs2/memory_test.go @@ -0,0 +1,139 @@ +package fs2 + +import ( + "os" + "path/filepath" + "strings" + "testing" + + "github.com/opencontainers/runc/libcontainer/cgroups" +) + +const exampleMemoryStatData = `anon 790425600 +file 6502666240 +kernel_stack 7012352 +pagetables 8867840 +percpu 2445520 +sock 40960 +shmem 6721536 +file_mapped 656187392 +file_dirty 1122304 +file_writeback 0 +swapcached 10 +anon_thp 438304768 +file_thp 0 +shmem_thp 0 +inactive_anon 892223488 +active_anon 2973696 +inactive_file 5307346944 +active_file 1179316224 +unevictable 31477760 +slab_reclaimable 348866240 +slab_unreclaimable 10099808 +slab 358966048 +workingset_refault_anon 0 +workingset_refault_file 0 +workingset_activate_anon 0 +workingset_activate_file 0 +workingset_restore_anon 0 +workingset_restore_file 0 +workingset_nodereclaim 0 +pgfault 103216687 +pgmajfault 6879 +pgrefill 0 +pgscan 0 +pgsteal 0 +pgactivate 1110217 +pgdeactivate 292 +pglazyfree 267 +pglazyfreed 0 +thp_fault_alloc 57411 +thp_collapse_alloc 443` + +func TestStatMemoryPodCgroupNotFound(t *testing.T) { + // We're using a fake cgroupfs. + cgroups.TestMode = true + fakeCgroupDir := t.TempDir() + + // only write memory.stat to ensure pod cgroup usage + // still reads memory.current. + statPath := filepath.Join(fakeCgroupDir, "memory.stat") + if err := os.WriteFile(statPath, []byte(exampleMemoryStatData), 0o644); err != nil { + t.Fatal(err) + } + + gotStats := cgroups.NewStats() + + // use a fake root path to mismatch the file we wrote. + // this triggers the non-root path which should fail to find memory.current. + err := statMemory(fakeCgroupDir, gotStats) + if err == nil { + t.Errorf("expected error when statting memory for cgroupv2 root, but was nil") + } + + if !strings.Contains(err.Error(), "memory.current: no such file or directory") { + t.Errorf("expected error to contain 'memory.current: no such file or directory', but was %s", err.Error()) + } +} + +func TestStatMemoryPodCgroup(t *testing.T) { + // We're using a fake cgroupfs. + cgroups.TestMode = true + fakeCgroupDir := t.TempDir() + + statPath := filepath.Join(fakeCgroupDir, "memory.stat") + if err := os.WriteFile(statPath, []byte(exampleMemoryStatData), 0o644); err != nil { + t.Fatal(err) + } + + if err := os.WriteFile(filepath.Join(fakeCgroupDir, "memory.current"), []byte("123456789"), 0o644); err != nil { + t.Fatal(err) + } + + if err := os.WriteFile(filepath.Join(fakeCgroupDir, "memory.max"), []byte("999999999"), 0o644); err != nil { + t.Fatal(err) + } + + gotStats := cgroups.NewStats() + + // use a fake root path to trigger the pod cgroup lookup. + err := statMemory(fakeCgroupDir, gotStats) + if err != nil { + t.Errorf("expected no error when statting memory for cgroupv2 root, but got %#+v", err) + } + + // result should be "memory.current" + var expectedUsageBytes uint64 = 123456789 + if gotStats.MemoryStats.Usage.Usage != expectedUsageBytes { + t.Errorf("parsed cgroupv2 memory.stat doesn't match expected result: \ngot %#v\nexpected %#v\n", gotStats.MemoryStats.Usage.Usage, expectedUsageBytes) + } +} + +func TestRootStatsFromMeminfo(t *testing.T) { + stats := &cgroups.Stats{ + MemoryStats: cgroups.MemoryStats{ + Stats: map[string]uint64{ + "anon": 790425600, + "file": 6502666240, + }, + }, + } + + if err := rootStatsFromMeminfo(stats); err != nil { + t.Fatal(err) + } + + // result is anon + file + var expectedUsageBytes uint64 = 7293091840 + if stats.MemoryStats.Usage.Usage != expectedUsageBytes { + t.Errorf("parsed cgroupv2 memory.stat doesn't match expected result: \ngot %d\nexpected %d\n", stats.MemoryStats.Usage.Usage, expectedUsageBytes) + } + + // swap is adjusted to mem+swap + if stats.MemoryStats.SwapUsage.Usage < stats.MemoryStats.Usage.Usage { + t.Errorf("swap usage %d should be at least mem usage %d", stats.MemoryStats.SwapUsage.Usage, stats.MemoryStats.Usage.Usage) + } + if stats.MemoryStats.SwapUsage.Limit < stats.MemoryStats.Usage.Limit { + t.Errorf("swap limit %d should be at least mem limit %d", stats.MemoryStats.SwapUsage.Limit, stats.MemoryStats.Usage.Limit) + } +} From 821d0018f55523ec139338236792327866ed9910 Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Tue, 1 Aug 2023 16:34:51 +0200 Subject: [PATCH 0321/1176] contrib/fs-idmap: Remove not needed flags We don't really need to check if AT_RECURSIVE is possible here. We just want to check if we can idmap the src, it doesn't matter other nested mounts. While we are there, allow relative paths too. Signed-off-by: Rodrigo Campos --- contrib/cmd/fs-idmap/fs-idmap.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/contrib/cmd/fs-idmap/fs-idmap.go b/contrib/cmd/fs-idmap/fs-idmap.go index c060bc5a2b2..45f171c69b5 100644 --- a/contrib/cmd/fs-idmap/fs-idmap.go +++ b/contrib/cmd/fs-idmap/fs-idmap.go @@ -16,7 +16,7 @@ func main() { } src := os.Args[1] - treeFD, err := unix.OpenTree(-1, src, uint(unix.OPEN_TREE_CLONE|unix.OPEN_TREE_CLOEXEC|unix.AT_EMPTY_PATH|unix.AT_RECURSIVE)) + treeFD, err := unix.OpenTree(unix.AT_FDCWD, src, uint(unix.OPEN_TREE_CLONE|unix.OPEN_TREE_CLOEXEC|unix.AT_EMPTY_PATH)) if err != nil { log.Fatalf("error calling open_tree %q: %v", src, err) } @@ -48,7 +48,7 @@ func main() { Attr_set: unix.MOUNT_ATTR_IDMAP, Userns_fd: uint64(userNsFile.Fd()), } - if err := unix.MountSetattr(treeFD, "", unix.AT_EMPTY_PATH|unix.AT_RECURSIVE, &attr); err != nil { + if err := unix.MountSetattr(treeFD, "", unix.AT_EMPTY_PATH, &attr); err != nil { log.Fatalf("error calling mount_setattr: %v", err) } } From 882e5fe3bab0a27005f83d954c7dd43fbc00d8b3 Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Tue, 1 Aug 2023 16:36:18 +0200 Subject: [PATCH 0322/1176] contrib/fs-idmap: Check exactly 2 args are received If more args are passed, let's just throw an error. Signed-off-by: Rodrigo Campos --- contrib/cmd/fs-idmap/fs-idmap.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/cmd/fs-idmap/fs-idmap.go b/contrib/cmd/fs-idmap/fs-idmap.go index 45f171c69b5..5879c74e793 100644 --- a/contrib/cmd/fs-idmap/fs-idmap.go +++ b/contrib/cmd/fs-idmap/fs-idmap.go @@ -11,7 +11,7 @@ import ( ) func main() { - if len(os.Args) < 2 { + if len(os.Args) != 2 { log.Fatalf("usage: %s path_to_mount_set_attr", os.Args[0]) } From 855c5a0e8b51b156effa486ee1bc70fdf59a0258 Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Tue, 1 Aug 2023 16:37:27 +0200 Subject: [PATCH 0323/1176] contrib/fs-idmap: Don't hardcode sleep path Let's just rely on the lookup performed to find the sleep binary. This didn't cause any issues as far as I know, I just saw this while doing other cleanups. Signed-off-by: Rodrigo Campos --- contrib/cmd/fs-idmap/fs-idmap.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/cmd/fs-idmap/fs-idmap.go b/contrib/cmd/fs-idmap/fs-idmap.go index 5879c74e793..71971056dc0 100644 --- a/contrib/cmd/fs-idmap/fs-idmap.go +++ b/contrib/cmd/fs-idmap/fs-idmap.go @@ -22,7 +22,7 @@ func main() { } defer unix.Close(treeFD) - cmd := exec.Command("/usr/bin/sleep", "5") + cmd := exec.Command("sleep", "5") cmd.SysProcAttr = &syscall.SysProcAttr{ Cloneflags: syscall.CLONE_NEWUSER, UidMappings: []syscall.SysProcIDMap{{ContainerID: 0, HostID: 65536, Size: 65536}}, From 0688288876deb45cba0a9bb3f87798aaf5a6d676 Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Tue, 1 Aug 2023 16:33:23 +0200 Subject: [PATCH 0324/1176] contrib/fs-idmap: Move logic to a new function We can't call log.Fatalf() and defer functions, as the former doesn't call any defers. Let's just move the code to a new function and call os.Exit() only in main, when all defer executed. Now that all the code is one function, we only print twice to stderr. It is simpler to just print to stderr instead of logging and having also the timestamp we don't really want. Signed-off-by: Rodrigo Campos --- contrib/cmd/fs-idmap/fs-idmap.go | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/contrib/cmd/fs-idmap/fs-idmap.go b/contrib/cmd/fs-idmap/fs-idmap.go index 71971056dc0..4593490f371 100644 --- a/contrib/cmd/fs-idmap/fs-idmap.go +++ b/contrib/cmd/fs-idmap/fs-idmap.go @@ -2,7 +2,6 @@ package main import ( "fmt" - "log" "os" "os/exec" "syscall" @@ -12,13 +11,20 @@ import ( func main() { if len(os.Args) != 2 { - log.Fatalf("usage: %s path_to_mount_set_attr", os.Args[0]) + fmt.Fprintln(os.Stderr, "usage:", os.Args[0], "path_to_mount_set_attr") + os.Exit(1) } - src := os.Args[1] + if err := supportsIDMap(src); err != nil { + fmt.Fprintln(os.Stderr, "fatal error:", err) + os.Exit(1) + } +} + +func supportsIDMap(src string) error { treeFD, err := unix.OpenTree(unix.AT_FDCWD, src, uint(unix.OPEN_TREE_CLONE|unix.OPEN_TREE_CLOEXEC|unix.AT_EMPTY_PATH)) if err != nil { - log.Fatalf("error calling open_tree %q: %v", src, err) + return fmt.Errorf("error calling open_tree %q: %w", src, err) } defer unix.Close(treeFD) @@ -29,7 +35,7 @@ func main() { GidMappings: []syscall.SysProcIDMap{{ContainerID: 0, HostID: 65536, Size: 65536}}, } if err := cmd.Start(); err != nil { - log.Fatalf("failed to run the helper binary: %v", err) + return fmt.Errorf("failed to run the helper binary: %w", err) } defer func() { _ = cmd.Process.Kill() @@ -39,8 +45,7 @@ func main() { path := fmt.Sprintf("/proc/%d/ns/user", cmd.Process.Pid) var userNsFile *os.File if userNsFile, err = os.Open(path); err != nil { - log.Fatalf("unable to get user ns file descriptor: %v", err) - return + return fmt.Errorf("unable to get user ns file descriptor: %w", err) } defer userNsFile.Close() @@ -49,6 +54,8 @@ func main() { Userns_fd: uint64(userNsFile.Fd()), } if err := unix.MountSetattr(treeFD, "", unix.AT_EMPTY_PATH, &attr); err != nil { - log.Fatalf("error calling mount_setattr: %v", err) + return fmt.Errorf("error calling mount_setattr: %w", err) } + + return nil } From 6092a4b42dc0ab0df9aa55dbdb4e6db6c490e14d Mon Sep 17 00:00:00 2001 From: lifubang Date: Thu, 3 Aug 2023 08:44:00 +0800 Subject: [PATCH 0325/1176] fix some file mode bits missing when doing mount syscall Signed-off-by: lifubang --- libcontainer/mount_linux.go | 18 ++++++++++++++++++ libcontainer/rootfs_linux.go | 2 +- 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/libcontainer/mount_linux.go b/libcontainer/mount_linux.go index b391dd849fc..da11da68ea0 100644 --- a/libcontainer/mount_linux.go +++ b/libcontainer/mount_linux.go @@ -1,6 +1,7 @@ package libcontainer import ( + "io/fs" "strconv" "golang.org/x/sys/unix" @@ -103,3 +104,20 @@ func unmount(target string, flags int) error { } return nil } + +// syscallMode returns the syscall-specific mode bits from Go's portable mode bits. +// Copy from https://cs.opensource.google/go/go/+/refs/tags/go1.20.7:src/os/file_posix.go;l=61-75 +func syscallMode(i fs.FileMode) (o uint32) { + o |= uint32(i.Perm()) + if i&fs.ModeSetuid != 0 { + o |= unix.S_ISUID + } + if i&fs.ModeSetgid != 0 { + o |= unix.S_ISGID + } + if i&fs.ModeSticky != 0 { + o |= unix.S_ISVTX + } + // No mapping for Go's ModeTemporary (plan9 only). + return +} diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index 32e61778e1a..ac3ba183e12 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -462,7 +462,7 @@ func mountToRootfs(c *mountConfig, m mountEntry) error { return err } } else { - dt := fmt.Sprintf("mode=%04o", stat.Mode()) + dt := fmt.Sprintf("mode=%04o", syscallMode(stat.Mode())) if m.Data != "" { dt = dt + "," + m.Data } From 83137c6884a4838ae03baa8b7f311729cc93c285 Mon Sep 17 00:00:00 2001 From: lifubang Date: Thu, 3 Aug 2023 08:46:37 +0800 Subject: [PATCH 0326/1176] add a test case about missing stricky bit Signed-off-by: lifubang --- tests/integration/run.bats | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/tests/integration/run.bats b/tests/integration/run.bats index 8afc4bbe860..9f1f1d8bc74 100644 --- a/tests/integration/run.bats +++ b/tests/integration/run.bats @@ -77,6 +77,22 @@ function teardown() { [[ "${lines[0]}" == *'mydomainname'* ]] } +# https://github.com/opencontainers/runc/issues/3952 +@test "runc run with tmpfs" { + requires root + + chmod 'a=rwx,ug+s,+t' rootfs/tmp # set all bits + mode=$(stat -c %A rootfs/tmp) + + # shellcheck disable=SC2016 + update_config '.process.args = ["sh", "-c", "stat -c %A /tmp"]' + update_config '.mounts += [{"destination": "/tmp", "type": "tmpfs", "source": "tmpfs", "options":["noexec","nosuid","nodev","rprivate"]}]' + + runc run test_tmpfs + [ "$status" -eq 0 ] + [ "$output" = "$mode" ] +} + @test "runc run with tmpfs perms" { # shellcheck disable=SC2016 update_config '.process.args = ["sh", "-c", "stat -c %a /tmp/test"]' From ebc2e7c43523d067a56b561dc92e7b59d6392b87 Mon Sep 17 00:00:00 2001 From: Chethan Suresh Date: Thu, 3 Aug 2023 10:12:01 +0530 Subject: [PATCH 0327/1176] Support time namespace "time" namespace was introduced in Linux v5.6 support new time namespace to set boottime and monotonic time offset Example runtime spec "timeOffsets": { "monotonic": { "secs": 172800, "nanosecs": 0 }, "boottime": { "secs": 604800, "nanosecs": 0 } } Signed-off-by: Chethan Suresh --- libcontainer/configs/config.go | 3 +++ libcontainer/configs/namespaces_linux.go | 4 ++++ libcontainer/configs/namespaces_syscall.go | 1 + libcontainer/configs/validate/validator.go | 6 +++++ libcontainer/container_linux.go | 12 ++++++++++ libcontainer/message_linux.go | 1 + libcontainer/nsenter/namespace.h | 3 +++ libcontainer/nsenter/nsexec.c | 27 ++++++++++++++++++++++ libcontainer/specconv/spec_linux.go | 4 ++++ 9 files changed, 61 insertions(+) diff --git a/libcontainer/configs/config.go b/libcontainer/configs/config.go index bb5dbba6588..ea33b110a67 100644 --- a/libcontainer/configs/config.go +++ b/libcontainer/configs/config.go @@ -216,6 +216,9 @@ type Config struct { // Do not try to remount a bind mount again after the first attempt failed on source // filesystems that have nodev, noexec, nosuid, noatime, relatime, strictatime, nodiratime set NoMountFallback bool `json:"no_mount_fallback,omitempty"` + + // TimeOffsets specifies the offset for supporting time namespaces. + TimeOffsets map[string]specs.LinuxTimeOffset `json:"time_offsets,omitempty"` } type ( diff --git a/libcontainer/configs/namespaces_linux.go b/libcontainer/configs/namespaces_linux.go index d52d6fcd147..5062432f8c3 100644 --- a/libcontainer/configs/namespaces_linux.go +++ b/libcontainer/configs/namespaces_linux.go @@ -14,6 +14,7 @@ const ( NEWIPC NamespaceType = "NEWIPC" NEWUSER NamespaceType = "NEWUSER" NEWCGROUP NamespaceType = "NEWCGROUP" + NEWTIME NamespaceType = "NEWTIME" ) var ( @@ -38,6 +39,8 @@ func NsName(ns NamespaceType) string { return "uts" case NEWCGROUP: return "cgroup" + case NEWTIME: + return "time" } return "" } @@ -72,6 +75,7 @@ func NamespaceTypes() []NamespaceType { NEWPID, NEWNS, NEWCGROUP, + NEWTIME, } } diff --git a/libcontainer/configs/namespaces_syscall.go b/libcontainer/configs/namespaces_syscall.go index 543e059aa67..15d8046f3d6 100644 --- a/libcontainer/configs/namespaces_syscall.go +++ b/libcontainer/configs/namespaces_syscall.go @@ -17,6 +17,7 @@ var namespaceInfo = map[NamespaceType]int{ NEWUTS: unix.CLONE_NEWUTS, NEWPID: unix.CLONE_NEWPID, NEWCGROUP: unix.CLONE_NEWCGROUP, + NEWTIME: unix.CLONE_NEWTIME, } // CloneFlags parses the container's Namespaces options to set the correct diff --git a/libcontainer/configs/validate/validator.go b/libcontainer/configs/validate/validator.go index 196b431dba1..231df9db1ab 100644 --- a/libcontainer/configs/validate/validator.go +++ b/libcontainer/configs/validate/validator.go @@ -106,6 +106,12 @@ func namespaces(config *configs.Config) error { } } + if config.Namespaces.Contains(configs.NEWTIME) { + if _, err := os.Stat("/proc/self/timens_offsets"); os.IsNotExist(err) { + return errors.New("time namespaces aren't enabled in the kernel") + } + } + return nil } diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index 2f0a6c64166..e0f99961f00 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -2321,6 +2321,18 @@ func (c *Container) bootstrapData(cloneFlags uintptr, nsMaps map[configs.Namespa }) } + // write boottime and monotonic time ns offsets. + if c.config.Namespaces.Contains(configs.NEWTIME) && c.config.TimeOffsets != nil { + var offsetSpec bytes.Buffer + for clock, offset := range c.config.TimeOffsets { + fmt.Fprintf(&offsetSpec, "%s %d %d\n", clock, offset.Secs, offset.Nanosecs) + } + r.AddData(&Bytemsg{ + Type: TimeOffsetsAttr, + Value: offsetSpec.Bytes(), + }) + } + return bytes.NewReader(r.Serialize()), nil } diff --git a/libcontainer/message_linux.go b/libcontainer/message_linux.go index 17db81a29f3..4e48826cdb5 100644 --- a/libcontainer/message_linux.go +++ b/libcontainer/message_linux.go @@ -23,6 +23,7 @@ const ( GidmapPathAttr uint16 = 27289 MountSourcesAttr uint16 = 27290 IdmapSourcesAttr uint16 = 27291 + TimeOffsetsAttr uint16 = 27292 ) type Int32msg struct { diff --git a/libcontainer/nsenter/namespace.h b/libcontainer/nsenter/namespace.h index 9e9bdca05e1..ac443c40f41 100644 --- a/libcontainer/nsenter/namespace.h +++ b/libcontainer/nsenter/namespace.h @@ -28,5 +28,8 @@ #ifndef CLONE_NEWNET # define CLONE_NEWNET 0x40000000 /* New network namespace */ #endif +#ifndef CLONE_NEWTIME +# define CLONE_NEWTIME 0x00000080 /* New time namespace */ +#endif #endif /* NSENTER_NAMESPACE_H */ diff --git a/libcontainer/nsenter/nsexec.c b/libcontainer/nsenter/nsexec.c index 22b6ea1cd21..8d4148cc645 100644 --- a/libcontainer/nsenter/nsexec.c +++ b/libcontainer/nsenter/nsexec.c @@ -104,6 +104,10 @@ struct nlconfig_t { /* Idmap sources opened outside the container userns which will be id mapped. */ char *idmapsources; size_t idmapsources_len; + + /* Time NS offsets. */ + char *timensoffset; + size_t timensoffset_len; }; /* @@ -122,6 +126,7 @@ struct nlconfig_t { #define GIDMAPPATH_ATTR 27289 #define MOUNT_SOURCES_ATTR 27290 #define IDMAP_SOURCES_ATTR 27291 +#define TIMENSOFFSET_ATTR 27292 /* * Use the raw syscall for versions of glibc which don't include a function for @@ -351,6 +356,8 @@ static int nsflag(char *name) return CLONE_NEWUSER; else if (!strcmp(name, "uts")) return CLONE_NEWUTS; + else if (!strcmp(name, "time")) + return CLONE_NEWTIME; /* If we don't recognise a name, fallback to 0. */ return 0; @@ -445,6 +452,10 @@ static void nl_parse(int fd, struct nlconfig_t *config) config->idmapsources = current; config->idmapsources_len = payload_len; break; + case TIMENSOFFSET_ATTR: + config->timensoffset = current; + config->timensoffset_len = payload_len; + break; default: bail("unknown netlink message type %d", nlattr->nla_type); } @@ -747,6 +758,17 @@ void receive_idmapsources(int sockfd) receive_fd_sources(sockfd, "_LIBCONTAINER_IDMAP_FDS"); } +static void update_timens(char *map, size_t map_len) +{ + if (map == NULL || map_len == 0) + return; + write_log(DEBUG, "update /proc/self/timens_offsets to '%s'", map); + if (write_file(map, map_len, "/proc/self/timens_offsets") < 0) { + if (errno != EPERM) + bail("failed to update /proc/self/timens_offsets"); + } +} + void nsexec(void) { int pipenum; @@ -1185,6 +1207,11 @@ void nsexec(void) bail("failed to sync with parent: SYNC_MOUNT_IDMAP_ACK: got %u", s); } + /* + * set boottime and monotonic timens offsets. + */ + update_timens(config.timensoffset, config.timensoffset_len); + /* * TODO: What about non-namespace clone flags that we're dropping here? * diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go index d3938da516c..0afb4a6d8be 100644 --- a/libcontainer/specconv/spec_linux.go +++ b/libcontainer/specconv/spec_linux.go @@ -49,6 +49,7 @@ func initMaps() { specs.IPCNamespace: configs.NEWIPC, specs.UTSNamespace: configs.NEWUTS, specs.CgroupNamespace: configs.NEWCGROUP, + specs.TimeNamespace: configs.NEWTIME, } mountPropagationMapping = map[string]int{ @@ -435,6 +436,9 @@ func CreateLibcontainerConfig(opts *CreateOpts) (*configs.Config, error) { MemBwSchema: spec.Linux.IntelRdt.MemBwSchema, } } + + // update timens offsets + config.TimeOffsets = spec.Linux.TimeOffsets } // Set the host UID that should own the container's cgroup. From cfc801b7ed89555b5622bfc9a88ee731d0670e90 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 2 Aug 2023 18:54:43 -0700 Subject: [PATCH 0328/1176] Fix running tests under Docker/Podman and cgroup v2 For "make integration", the tests are run inside a Docker/Podman container. Problem is, if cgroup v2 is used, the in-container /sys/fs/cgroup/cgroup.subtree_control is empty. The added script, used as Docker entrypoint, moves the current process into a sub-cgroup, and then adds all controllers in top-level cgroup.subtree_control. Signed-off-by: Kir Kolyshkin --- Dockerfile | 4 ++++ script/prepare-cgroup-v2.sh | 17 +++++++++++++++++ 2 files changed, 21 insertions(+) create mode 100755 script/prepare-cgroup-v2.sh diff --git a/Dockerfile b/Dockerfile index 96ead8c4918..9fd29a59371 100644 --- a/Dockerfile +++ b/Dockerfile @@ -63,3 +63,7 @@ ENV PKG_CONFIG_PATH=/opt/libseccomp/lib/pkgconfig RUN git config --global --add safe.directory /go/src/github.com/opencontainers/runc WORKDIR /go/src/github.com/opencontainers/runc + +# Fixup for cgroup v2. +COPY script/prepare-cgroup-v2.sh / +ENTRYPOINT [ "/prepare-cgroup-v2.sh" ] diff --git a/script/prepare-cgroup-v2.sh b/script/prepare-cgroup-v2.sh new file mode 100755 index 00000000000..886c550ec46 --- /dev/null +++ b/script/prepare-cgroup-v2.sh @@ -0,0 +1,17 @@ +#!/bin/bash +# +# This script is used from ../Dockerfile as the ENTRYPOINT. It sets up cgroup +# delegation for cgroup v2 to make sure runc tests can be properly run inside +# a container. + +# Only do this for cgroup v2. +if [ -f /sys/fs/cgroup/cgroup.controllers ]; then + set -x + # Move the current process to a sub-cgroup. + mkdir /sys/fs/cgroup/init + echo 0 >/sys/fs/cgroup/init/cgroup.procs + # Enable all controllers. + sed 's/\b\w/+\0/g' <"/sys/fs/cgroup/cgroup.controllers" >"/sys/fs/cgroup/cgroup.subtree_control" +fi + +exec "$@" From 962019d64e578be4fbd3a2b2ce5c9f19be7346c0 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 2 Aug 2023 20:13:03 -0700 Subject: [PATCH 0329/1176] ci: fix TestNilResources when systemd not available Split the test into two -- for fs and systemd cgroup managers, and only run the second one if systemd is available. Prevents the following failure during `make unittest`: > === RUN TestNilResources > manager_test.go:27: systemd not running on this host, cannot use systemd cgroups manager > --- FAIL: TestNilResources (0.22s) Signed-off-by: Kir Kolyshkin --- libcontainer/cgroups/manager/manager_test.go | 65 ++++++++++++-------- 1 file changed, 38 insertions(+), 27 deletions(-) diff --git a/libcontainer/cgroups/manager/manager_test.go b/libcontainer/cgroups/manager/manager_test.go index b53e6f1761e..6f0c0703a60 100644 --- a/libcontainer/cgroups/manager/manager_test.go +++ b/libcontainer/cgroups/manager/manager_test.go @@ -3,6 +3,7 @@ package manager import ( "testing" + "github.com/opencontainers/runc/libcontainer/cgroups/systemd" "github.com/opencontainers/runc/libcontainer/configs" ) @@ -10,35 +11,45 @@ import ( // config.Resources is nil. While it does not make sense to use a // manager with no resources, it should not result in a panic. // -// This tests either v1 or v2 managers (both fs and systemd), -// depending on what cgroup version is available on the host. +// This tests either v1 or v2 fs cgroup manager, depending on which +// cgroup version is available. func TestNilResources(t *testing.T) { - for _, sd := range []bool{false, true} { - cg := &configs.Cgroup{} // .Resources is nil - cg.Systemd = sd - mgr, err := New(cg) + testNilResources(t, false) +} + +// TestNilResourcesSystemd is the same as TestNilResources, +// only checking the systemd cgroup manager. +func TestNilResourcesSystemd(t *testing.T) { + if !systemd.IsRunningSystemd() { + t.Skip("requires systemd") + } + testNilResources(t, true) +} + +func testNilResources(t *testing.T, systemd bool) { + cg := &configs.Cgroup{} // .Resources is nil + cg.Systemd = systemd + mgr, err := New(cg) + if err != nil { + // Some managers require non-nil Resources during + // instantiation -- provide and retry. In such case + // we're mostly testing Set(nil) below. + cg.Resources = &configs.Resources{} + mgr, err = New(cg) if err != nil { - // Some managers require non-nil Resources during - // instantiation -- provide and retry. In such case - // we're mostly testing Set(nil) below. - cg.Resources = &configs.Resources{} - mgr, err = New(cg) - if err != nil { - t.Error(err) - continue - } + t.Fatal(err) } - _ = mgr.Apply(-1) - _ = mgr.Set(nil) - _ = mgr.Freeze(configs.Thawed) - _ = mgr.Exists() - _, _ = mgr.GetAllPids() - _, _ = mgr.GetCgroups() - _, _ = mgr.GetFreezerState() - _ = mgr.Path("") - _ = mgr.GetPaths() - _, _ = mgr.GetStats() - _, _ = mgr.OOMKillCount() - _ = mgr.Destroy() } + _ = mgr.Apply(-1) + _ = mgr.Set(nil) + _ = mgr.Freeze(configs.Thawed) + _ = mgr.Exists() + _, _ = mgr.GetAllPids() + _, _ = mgr.GetCgroups() + _, _ = mgr.GetFreezerState() + _ = mgr.Path("") + _ = mgr.GetPaths() + _, _ = mgr.GetStats() + _, _ = mgr.OOMKillCount() + _ = mgr.Destroy() } From 5c6b334c88f761dca933ca58cd221cf32327e943 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 2 Aug 2023 20:21:24 -0700 Subject: [PATCH 0330/1176] ci: fix TestOpenat2 when no systemd is used A few cases relied on the fact that systemd is used, and thus /sys/fs/cgroup/user.slice is available. Guess what, in case of "make unittest" it might not be. Signed-off-by: Kir Kolyshkin --- libcontainer/cgroups/file_test.go | 2 -- 1 file changed, 2 deletions(-) diff --git a/libcontainer/cgroups/file_test.go b/libcontainer/cgroups/file_test.go index dc2b0630cde..94f1a99bff0 100644 --- a/libcontainer/cgroups/file_test.go +++ b/libcontainer/cgroups/file_test.go @@ -58,8 +58,6 @@ func TestOpenat2(t *testing.T) { {"/sys/fs/cgroup", "/cgroup.controllers"}, {"/sys/fs/cgroup/", "cgroup.controllers"}, {"/sys/fs/cgroup/", "/cgroup.controllers"}, - {"/sys/fs/cgroup/user.slice", "cgroup.controllers"}, - {"/sys/fs/cgroup/user.slice/", "/cgroup.controllers"}, {"/", "/sys/fs/cgroup/cgroup.controllers"}, {"/", "sys/fs/cgroup/cgroup.controllers"}, {"/sys/fs/cgroup/cgroup.controllers", ""}, From f88a7654601a9c50ba5e0c47f49eb81134b23146 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 2 Aug 2023 20:38:09 -0700 Subject: [PATCH 0331/1176] ci: fix flaky test "update memory vs CheckBeforeUpdate" This test fails in CI sometimes with the following error: > `testcontainer test_update stopped' failed Give OOM killer some time to do its job. Signed-off-by: Kir Kolyshkin --- tests/integration/update.bats | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/integration/update.bats b/tests/integration/update.bats index 1a16c9ae34c..5a87fa1500d 100644 --- a/tests/integration/update.bats +++ b/tests/integration/update.bats @@ -854,5 +854,5 @@ EOF # The container will be OOM killed, and runc might either succeed # or fail depending on the timing, so we don't check its exit code. runc update test_update --memory 1024 - testcontainer test_update stopped + wait_for_container 10 1 test_update stopped } From cb981e510bd29195fde6e6233c49a6a32a954f53 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 1 Aug 2023 09:56:32 -0700 Subject: [PATCH 0332/1176] libct: move criu-related stuff to separate file No code change, only added periods to some comments to make godot happy. Signed-off-by: Kir Kolyshkin --- libcontainer/container_linux.go | 1131 ------------------------------ libcontainer/criu_linux.go | 1151 +++++++++++++++++++++++++++++++ 2 files changed, 1151 insertions(+), 1131 deletions(-) create mode 100644 libcontainer/criu_linux.go diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index 2f0a6c64166..889dadd34d1 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -6,7 +6,6 @@ import ( "errors" "fmt" "io" - "net" "os" "os/exec" "path" @@ -17,15 +16,11 @@ import ( "sync" "time" - "github.com/checkpoint-restore/go-criu/v6" - criurpc "github.com/checkpoint-restore/go-criu/v6/rpc" - securejoin "github.com/cyphar/filepath-securejoin" "github.com/opencontainers/runtime-spec/specs-go" "github.com/sirupsen/logrus" "github.com/vishvananda/netlink/nl" "golang.org/x/sys/execabs" "golang.org/x/sys/unix" - "google.golang.org/protobuf/proto" "github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/configs" @@ -830,1132 +825,6 @@ func (c *Container) NotifyMemoryPressure(level PressureLevel) (<-chan struct{}, return notifyMemoryPressure(c.cgroupManager.Path("memory"), level) } -var criuFeatures *criurpc.CriuFeatures - -func (c *Container) checkCriuFeatures(criuOpts *CriuOpts, rpcOpts *criurpc.CriuOpts, criuFeat *criurpc.CriuFeatures) error { - t := criurpc.CriuReqType_FEATURE_CHECK - - // make sure the features we are looking for are really not from - // some previous check - criuFeatures = nil - - req := &criurpc.CriuReq{ - Type: &t, - // Theoretically this should not be necessary but CRIU - // segfaults if Opts is empty. - // Fixed in CRIU 2.12 - Opts: rpcOpts, - Features: criuFeat, - } - - err := c.criuSwrk(nil, req, criuOpts, nil) - if err != nil { - logrus.Debugf("%s", err) - return errors.New("CRIU feature check failed") - } - - missingFeatures := false - - // The outer if checks if the fields actually exist - if (criuFeat.MemTrack != nil) && - (criuFeatures.MemTrack != nil) { - // The inner if checks if they are set to true - if *criuFeat.MemTrack && !*criuFeatures.MemTrack { - missingFeatures = true - logrus.Debugf("CRIU does not support MemTrack") - } - } - - // This needs to be repeated for every new feature check. - // Is there a way to put this in a function. Reflection? - if (criuFeat.LazyPages != nil) && - (criuFeatures.LazyPages != nil) { - if *criuFeat.LazyPages && !*criuFeatures.LazyPages { - missingFeatures = true - logrus.Debugf("CRIU does not support LazyPages") - } - } - - if missingFeatures { - return errors.New("CRIU is missing features") - } - - return nil -} - -func compareCriuVersion(criuVersion int, minVersion int) error { - // simple function to perform the actual version compare - if criuVersion < minVersion { - return fmt.Errorf("CRIU version %d must be %d or higher", criuVersion, minVersion) - } - - return nil -} - -// checkCriuVersion checks CRIU version greater than or equal to minVersion. -func (c *Container) checkCriuVersion(minVersion int) error { - // If the version of criu has already been determined there is no need - // to ask criu for the version again. Use the value from c.criuVersion. - if c.criuVersion != 0 { - return compareCriuVersion(c.criuVersion, minVersion) - } - - criu := criu.MakeCriu() - var err error - c.criuVersion, err = criu.GetCriuVersion() - if err != nil { - return fmt.Errorf("CRIU version check failed: %w", err) - } - - return compareCriuVersion(c.criuVersion, minVersion) -} - -const descriptorsFilename = "descriptors.json" - -func (c *Container) addCriuDumpMount(req *criurpc.CriuReq, m *configs.Mount) { - mountDest := strings.TrimPrefix(m.Destination, c.config.Rootfs) - if dest, err := securejoin.SecureJoin(c.config.Rootfs, mountDest); err == nil { - mountDest = dest[len(c.config.Rootfs):] - } - extMnt := &criurpc.ExtMountMap{ - Key: proto.String(mountDest), - Val: proto.String(mountDest), - } - req.Opts.ExtMnt = append(req.Opts.ExtMnt, extMnt) -} - -func (c *Container) addMaskPaths(req *criurpc.CriuReq) error { - for _, path := range c.config.MaskPaths { - fi, err := os.Stat(fmt.Sprintf("/proc/%d/root/%s", c.initProcess.pid(), path)) - if err != nil { - if os.IsNotExist(err) { - continue - } - return err - } - if fi.IsDir() { - continue - } - - extMnt := &criurpc.ExtMountMap{ - Key: proto.String(path), - Val: proto.String("/dev/null"), - } - req.Opts.ExtMnt = append(req.Opts.ExtMnt, extMnt) - } - return nil -} - -func (c *Container) handleCriuConfigurationFile(rpcOpts *criurpc.CriuOpts) { - // CRIU will evaluate a configuration starting with release 3.11. - // Settings in the configuration file will overwrite RPC settings. - // Look for annotations. The annotation 'org.criu.config' - // specifies if CRIU should use a different, container specific - // configuration file. - configFile, exists := utils.SearchLabels(c.config.Labels, "org.criu.config") - if exists { - // If the annotation 'org.criu.config' exists and is set - // to a non-empty string, tell CRIU to use that as a - // configuration file. If the file does not exist, CRIU - // will just ignore it. - if configFile != "" { - rpcOpts.ConfigFile = proto.String(configFile) - } - // If 'org.criu.config' exists and is set to an empty - // string, a runc specific CRIU configuration file will - // be not set at all. - } else { - // If the mentioned annotation has not been found, specify - // a default CRIU configuration file. - rpcOpts.ConfigFile = proto.String("/etc/criu/runc.conf") - } -} - -func (c *Container) criuSupportsExtNS(t configs.NamespaceType) bool { - var minVersion int - switch t { - case configs.NEWNET: - // CRIU supports different external namespace with different released CRIU versions. - // For network namespaces to work we need at least criu 3.11.0 => 31100. - minVersion = 31100 - case configs.NEWPID: - // For PID namespaces criu 31500 is needed. - minVersion = 31500 - default: - return false - } - return c.checkCriuVersion(minVersion) == nil -} - -func criuNsToKey(t configs.NamespaceType) string { - return "extRoot" + strings.Title(configs.NsName(t)) + "NS" //nolint:staticcheck // SA1019: strings.Title is deprecated -} - -func (c *Container) handleCheckpointingExternalNamespaces(rpcOpts *criurpc.CriuOpts, t configs.NamespaceType) error { - if !c.criuSupportsExtNS(t) { - return nil - } - - nsPath := c.config.Namespaces.PathOf(t) - if nsPath == "" { - return nil - } - // CRIU expects the information about an external namespace - // like this: --external []: - // This is always 'extRootNS'. - var ns unix.Stat_t - if err := unix.Stat(nsPath, &ns); err != nil { - return err - } - criuExternal := fmt.Sprintf("%s[%d]:%s", configs.NsName(t), ns.Ino, criuNsToKey(t)) - rpcOpts.External = append(rpcOpts.External, criuExternal) - - return nil -} - -func (c *Container) handleRestoringNamespaces(rpcOpts *criurpc.CriuOpts, extraFiles *[]*os.File) error { - for _, ns := range c.config.Namespaces { - switch ns.Type { - case configs.NEWNET, configs.NEWPID: - // If the container is running in a network or PID namespace and has - // a path to the network or PID namespace configured, we will dump - // that network or PID namespace as an external namespace and we - // will expect that the namespace exists during restore. - // This basically means that CRIU will ignore the namespace - // and expect it to be setup correctly. - if err := c.handleRestoringExternalNamespaces(rpcOpts, extraFiles, ns.Type); err != nil { - return err - } - default: - // For all other namespaces except NET and PID CRIU has - // a simpler way of joining the existing namespace if set - nsPath := c.config.Namespaces.PathOf(ns.Type) - if nsPath == "" { - continue - } - if ns.Type == configs.NEWCGROUP { - // CRIU has no code to handle NEWCGROUP - return fmt.Errorf("Do not know how to handle namespace %v", ns.Type) - } - // CRIU has code to handle NEWTIME, but it does not seem to be defined in runc - - // CRIU will issue a warning for NEWUSER: - // criu/namespaces.c: 'join-ns with user-namespace is not fully tested and dangerous' - rpcOpts.JoinNs = append(rpcOpts.JoinNs, &criurpc.JoinNamespace{ - Ns: proto.String(configs.NsName(ns.Type)), - NsFile: proto.String(nsPath), - }) - } - } - - return nil -} - -func (c *Container) handleRestoringExternalNamespaces(rpcOpts *criurpc.CriuOpts, extraFiles *[]*os.File, t configs.NamespaceType) error { - if !c.criuSupportsExtNS(t) { - return nil - } - - nsPath := c.config.Namespaces.PathOf(t) - if nsPath == "" { - return nil - } - // CRIU wants the information about an existing namespace - // like this: --inherit-fd fd[]: - // The needs to be the same as during checkpointing. - // We are always using 'extRootNS' as the key in this. - nsFd, err := os.Open(nsPath) - if err != nil { - logrus.Errorf("If a specific network namespace is defined it must exist: %s", err) - return fmt.Errorf("Requested network namespace %v does not exist", nsPath) - } - inheritFd := &criurpc.InheritFd{ - Key: proto.String(criuNsToKey(t)), - // The offset of four is necessary because 0, 1, 2 and 3 are - // already used by stdin, stdout, stderr, 'criu swrk' socket. - Fd: proto.Int32(int32(4 + len(*extraFiles))), - } - rpcOpts.InheritFd = append(rpcOpts.InheritFd, inheritFd) - // All open FDs need to be transferred to CRIU via extraFiles - *extraFiles = append(*extraFiles, nsFd) - - return nil -} - -func (c *Container) Checkpoint(criuOpts *CriuOpts) error { - c.m.Lock() - defer c.m.Unlock() - - // Checkpoint is unlikely to work if os.Geteuid() != 0 || system.RunningInUserNS(). - // (CLI prints a warning) - // TODO(avagin): Figure out how to make this work nicely. CRIU 2.0 has - // support for doing unprivileged dumps, but the setup of - // rootless containers might make this complicated. - - // We are relying on the CRIU version RPC which was introduced with CRIU 3.0.0 - if err := c.checkCriuVersion(30000); err != nil { - return err - } - - if criuOpts.ImagesDirectory == "" { - return errors.New("invalid directory to save checkpoint") - } - - // Since a container can be C/R'ed multiple times, - // the checkpoint directory may already exist. - if err := os.Mkdir(criuOpts.ImagesDirectory, 0o700); err != nil && !os.IsExist(err) { - return err - } - - imageDir, err := os.Open(criuOpts.ImagesDirectory) - if err != nil { - return err - } - defer imageDir.Close() - - rpcOpts := criurpc.CriuOpts{ - ImagesDirFd: proto.Int32(int32(imageDir.Fd())), - LogLevel: proto.Int32(4), - LogFile: proto.String("dump.log"), - Root: proto.String(c.config.Rootfs), - ManageCgroups: proto.Bool(true), - NotifyScripts: proto.Bool(true), - Pid: proto.Int32(int32(c.initProcess.pid())), - ShellJob: proto.Bool(criuOpts.ShellJob), - LeaveRunning: proto.Bool(criuOpts.LeaveRunning), - TcpEstablished: proto.Bool(criuOpts.TcpEstablished), - ExtUnixSk: proto.Bool(criuOpts.ExternalUnixConnections), - FileLocks: proto.Bool(criuOpts.FileLocks), - EmptyNs: proto.Uint32(criuOpts.EmptyNs), - OrphanPtsMaster: proto.Bool(true), - AutoDedup: proto.Bool(criuOpts.AutoDedup), - LazyPages: proto.Bool(criuOpts.LazyPages), - } - - // if criuOpts.WorkDirectory is not set, criu default is used. - if criuOpts.WorkDirectory != "" { - if err := os.Mkdir(criuOpts.WorkDirectory, 0o700); err != nil && !os.IsExist(err) { - return err - } - workDir, err := os.Open(criuOpts.WorkDirectory) - if err != nil { - return err - } - defer workDir.Close() - rpcOpts.WorkDirFd = proto.Int32(int32(workDir.Fd())) - } - - c.handleCriuConfigurationFile(&rpcOpts) - - // If the container is running in a network namespace and has - // a path to the network namespace configured, we will dump - // that network namespace as an external namespace and we - // will expect that the namespace exists during restore. - // This basically means that CRIU will ignore the namespace - // and expect to be setup correctly. - if err := c.handleCheckpointingExternalNamespaces(&rpcOpts, configs.NEWNET); err != nil { - return err - } - - // Same for possible external PID namespaces - if err := c.handleCheckpointingExternalNamespaces(&rpcOpts, configs.NEWPID); err != nil { - return err - } - - // CRIU can use cgroup freezer; when rpcOpts.FreezeCgroup - // is not set, CRIU uses ptrace() to pause the processes. - // Note cgroup v2 freezer is only supported since CRIU release 3.14. - if !cgroups.IsCgroup2UnifiedMode() || c.checkCriuVersion(31400) == nil { - if fcg := c.cgroupManager.Path("freezer"); fcg != "" { - rpcOpts.FreezeCgroup = proto.String(fcg) - } - } - - // append optional criu opts, e.g., page-server and port - if criuOpts.PageServer.Address != "" && criuOpts.PageServer.Port != 0 { - rpcOpts.Ps = &criurpc.CriuPageServerInfo{ - Address: proto.String(criuOpts.PageServer.Address), - Port: proto.Int32(criuOpts.PageServer.Port), - } - } - - // pre-dump may need parentImage param to complete iterative migration - if criuOpts.ParentImage != "" { - rpcOpts.ParentImg = proto.String(criuOpts.ParentImage) - rpcOpts.TrackMem = proto.Bool(true) - } - - // append optional manage cgroups mode - if criuOpts.ManageCgroupsMode != 0 { - mode := criuOpts.ManageCgroupsMode - rpcOpts.ManageCgroupsMode = &mode - } - - var t criurpc.CriuReqType - if criuOpts.PreDump { - feat := criurpc.CriuFeatures{ - MemTrack: proto.Bool(true), - } - - if err := c.checkCriuFeatures(criuOpts, &rpcOpts, &feat); err != nil { - return err - } - - t = criurpc.CriuReqType_PRE_DUMP - } else { - t = criurpc.CriuReqType_DUMP - } - - if criuOpts.LazyPages { - // lazy migration requested; check if criu supports it - feat := criurpc.CriuFeatures{ - LazyPages: proto.Bool(true), - } - if err := c.checkCriuFeatures(criuOpts, &rpcOpts, &feat); err != nil { - return err - } - - if fd := criuOpts.StatusFd; fd != -1 { - // check that the FD is valid - flags, err := unix.FcntlInt(uintptr(fd), unix.F_GETFL, 0) - if err != nil { - return fmt.Errorf("invalid --status-fd argument %d: %w", fd, err) - } - // and writable - if flags&unix.O_WRONLY == 0 { - return fmt.Errorf("invalid --status-fd argument %d: not writable", fd) - } - - if c.checkCriuVersion(31500) != nil { - // For criu 3.15+, use notifications (see case "status-ready" - // in criuNotifications). Otherwise, rely on criu status fd. - rpcOpts.StatusFd = proto.Int32(int32(fd)) - } - } - } - - req := &criurpc.CriuReq{ - Type: &t, - Opts: &rpcOpts, - } - - // no need to dump all this in pre-dump - if !criuOpts.PreDump { - hasCgroupns := c.config.Namespaces.Contains(configs.NEWCGROUP) - for _, m := range c.config.Mounts { - switch m.Device { - case "bind": - c.addCriuDumpMount(req, m) - case "cgroup": - if cgroups.IsCgroup2UnifiedMode() || hasCgroupns { - // real mount(s) - continue - } - // a set of "external" bind mounts - binds, err := getCgroupMounts(m) - if err != nil { - return err - } - for _, b := range binds { - c.addCriuDumpMount(req, b) - } - } - } - - if err := c.addMaskPaths(req); err != nil { - return err - } - - for _, node := range c.config.Devices { - m := &configs.Mount{Destination: node.Path, Source: node.Path} - c.addCriuDumpMount(req, m) - } - - // Write the FD info to a file in the image directory - fdsJSON, err := json.Marshal(c.initProcess.externalDescriptors()) - if err != nil { - return err - } - - err = os.WriteFile(filepath.Join(criuOpts.ImagesDirectory, descriptorsFilename), fdsJSON, 0o600) - if err != nil { - return err - } - } - - err = c.criuSwrk(nil, req, criuOpts, nil) - if err != nil { - return err - } - return nil -} - -func (c *Container) addCriuRestoreMount(req *criurpc.CriuReq, m *configs.Mount) { - mountDest := strings.TrimPrefix(m.Destination, c.config.Rootfs) - if dest, err := securejoin.SecureJoin(c.config.Rootfs, mountDest); err == nil { - mountDest = dest[len(c.config.Rootfs):] - } - extMnt := &criurpc.ExtMountMap{ - Key: proto.String(mountDest), - Val: proto.String(m.Source), - } - req.Opts.ExtMnt = append(req.Opts.ExtMnt, extMnt) -} - -func (c *Container) restoreNetwork(req *criurpc.CriuReq, criuOpts *CriuOpts) { - for _, iface := range c.config.Networks { - switch iface.Type { - case "veth": - veth := new(criurpc.CriuVethPair) - veth.IfOut = proto.String(iface.HostInterfaceName) - veth.IfIn = proto.String(iface.Name) - req.Opts.Veths = append(req.Opts.Veths, veth) - case "loopback": - // Do nothing - } - } - for _, i := range criuOpts.VethPairs { - veth := new(criurpc.CriuVethPair) - veth.IfOut = proto.String(i.HostInterfaceName) - veth.IfIn = proto.String(i.ContainerInterfaceName) - req.Opts.Veths = append(req.Opts.Veths, veth) - } -} - -// makeCriuRestoreMountpoints makes the actual mountpoints for the -// restore using CRIU. This function is inspired from the code in -// rootfs_linux.go -func (c *Container) makeCriuRestoreMountpoints(m *configs.Mount) error { - switch m.Device { - case "cgroup": - // No mount point(s) need to be created: - // - // * for v1, mount points are saved by CRIU because - // /sys/fs/cgroup is a tmpfs mount - // - // * for v2, /sys/fs/cgroup is a real mount, but - // the mountpoint appears as soon as /sys is mounted - return nil - case "bind": - // The prepareBindMount() function checks if source - // exists. So it cannot be used for other filesystem types. - // TODO: pass srcFD? Not sure if criu is impacted by issue #2484. - if err := prepareBindMount(mountEntry{Mount: m}, c.config.Rootfs); err != nil { - return err - } - default: - // for all other filesystems just create the mountpoints - dest, err := securejoin.SecureJoin(c.config.Rootfs, m.Destination) - if err != nil { - return err - } - if err := checkProcMount(c.config.Rootfs, dest, ""); err != nil { - return err - } - if err := os.MkdirAll(dest, 0o755); err != nil { - return err - } - } - return nil -} - -// isPathInPrefixList is a small function for CRIU restore to make sure -// mountpoints, which are on a tmpfs, are not created in the roofs -func isPathInPrefixList(path string, prefix []string) bool { - for _, p := range prefix { - if strings.HasPrefix(path, p+"/") { - return true - } - } - return false -} - -// prepareCriuRestoreMounts tries to set up the rootfs of the -// container to be restored in the same way runc does it for -// initial container creation. Even for a read-only rootfs container -// runc modifies the rootfs to add mountpoints which do not exist. -// This function also creates missing mountpoints as long as they -// are not on top of a tmpfs, as CRIU will restore tmpfs content anyway. -func (c *Container) prepareCriuRestoreMounts(mounts []*configs.Mount) error { - // First get a list of a all tmpfs mounts - tmpfs := []string{} - for _, m := range mounts { - switch m.Device { - case "tmpfs": - tmpfs = append(tmpfs, m.Destination) - } - } - // Now go through all mounts and create the mountpoints - // if the mountpoints are not on a tmpfs, as CRIU will - // restore the complete tmpfs content from its checkpoint. - umounts := []string{} - defer func() { - for _, u := range umounts { - _ = utils.WithProcfd(c.config.Rootfs, u, func(procfd string) error { - if e := unix.Unmount(procfd, unix.MNT_DETACH); e != nil { - if e != unix.EINVAL { //nolint:errorlint // unix errors are bare - // Ignore EINVAL as it means 'target is not a mount point.' - // It probably has already been unmounted. - logrus.Warnf("Error during cleanup unmounting of %s (%s): %v", procfd, u, e) - } - } - return nil - }) - } - }() - for _, m := range mounts { - if !isPathInPrefixList(m.Destination, tmpfs) { - if err := c.makeCriuRestoreMountpoints(m); err != nil { - return err - } - // If the mount point is a bind mount, we need to mount - // it now so that runc can create the necessary mount - // points for mounts in bind mounts. - // This also happens during initial container creation. - // Without this CRIU restore will fail - // See: https://github.com/opencontainers/runc/issues/2748 - // It is also not necessary to order the mount points - // because during initial container creation mounts are - // set up in the order they are configured. - if m.Device == "bind" { - if err := utils.WithProcfd(c.config.Rootfs, m.Destination, func(dstFD string) error { - return mountViaFDs(m.Source, nil, m.Destination, dstFD, "", unix.MS_BIND|unix.MS_REC, "") - }); err != nil { - return err - } - umounts = append(umounts, m.Destination) - } - } - } - return nil -} - -// Restore restores the checkpointed container to a running state using the -// criu(8) utility. -func (c *Container) Restore(process *Process, criuOpts *CriuOpts) error { - c.m.Lock() - defer c.m.Unlock() - - var extraFiles []*os.File - - // Restore is unlikely to work if os.Geteuid() != 0 || system.RunningInUserNS(). - // (CLI prints a warning) - // TODO(avagin): Figure out how to make this work nicely. CRIU doesn't have - // support for unprivileged restore at the moment. - - // We are relying on the CRIU version RPC which was introduced with CRIU 3.0.0 - if err := c.checkCriuVersion(30000); err != nil { - return err - } - if criuOpts.ImagesDirectory == "" { - return errors.New("invalid directory to restore checkpoint") - } - imageDir, err := os.Open(criuOpts.ImagesDirectory) - if err != nil { - return err - } - defer imageDir.Close() - // CRIU has a few requirements for a root directory: - // * it must be a mount point - // * its parent must not be overmounted - // c.config.Rootfs is bind-mounted to a temporary directory - // to satisfy these requirements. - root := filepath.Join(c.root, "criu-root") - if err := os.Mkdir(root, 0o755); err != nil { - return err - } - defer os.Remove(root) - root, err = filepath.EvalSymlinks(root) - if err != nil { - return err - } - err = mount(c.config.Rootfs, root, "", unix.MS_BIND|unix.MS_REC, "") - if err != nil { - return err - } - defer unix.Unmount(root, unix.MNT_DETACH) //nolint: errcheck - t := criurpc.CriuReqType_RESTORE - req := &criurpc.CriuReq{ - Type: &t, - Opts: &criurpc.CriuOpts{ - ImagesDirFd: proto.Int32(int32(imageDir.Fd())), - EvasiveDevices: proto.Bool(true), - LogLevel: proto.Int32(4), - LogFile: proto.String("restore.log"), - RstSibling: proto.Bool(true), - Root: proto.String(root), - ManageCgroups: proto.Bool(true), - NotifyScripts: proto.Bool(true), - ShellJob: proto.Bool(criuOpts.ShellJob), - ExtUnixSk: proto.Bool(criuOpts.ExternalUnixConnections), - TcpEstablished: proto.Bool(criuOpts.TcpEstablished), - FileLocks: proto.Bool(criuOpts.FileLocks), - EmptyNs: proto.Uint32(criuOpts.EmptyNs), - OrphanPtsMaster: proto.Bool(true), - AutoDedup: proto.Bool(criuOpts.AutoDedup), - LazyPages: proto.Bool(criuOpts.LazyPages), - }, - } - - if criuOpts.LsmProfile != "" { - // CRIU older than 3.16 has a bug which breaks the possibility - // to set a different LSM profile. - if err := c.checkCriuVersion(31600); err != nil { - return errors.New("--lsm-profile requires at least CRIU 3.16") - } - req.Opts.LsmProfile = proto.String(criuOpts.LsmProfile) - } - if criuOpts.LsmMountContext != "" { - if err := c.checkCriuVersion(31600); err != nil { - return errors.New("--lsm-mount-context requires at least CRIU 3.16") - } - req.Opts.LsmMountContext = proto.String(criuOpts.LsmMountContext) - } - - if criuOpts.WorkDirectory != "" { - // Since a container can be C/R'ed multiple times, - // the work directory may already exist. - if err := os.Mkdir(criuOpts.WorkDirectory, 0o700); err != nil && !os.IsExist(err) { - return err - } - workDir, err := os.Open(criuOpts.WorkDirectory) - if err != nil { - return err - } - defer workDir.Close() - req.Opts.WorkDirFd = proto.Int32(int32(workDir.Fd())) - } - c.handleCriuConfigurationFile(req.Opts) - - if err := c.handleRestoringNamespaces(req.Opts, &extraFiles); err != nil { - return err - } - - // This will modify the rootfs of the container in the same way runc - // modifies the container during initial creation. - if err := c.prepareCriuRestoreMounts(c.config.Mounts); err != nil { - return err - } - - hasCgroupns := c.config.Namespaces.Contains(configs.NEWCGROUP) - for _, m := range c.config.Mounts { - switch m.Device { - case "bind": - c.addCriuRestoreMount(req, m) - case "cgroup": - if cgroups.IsCgroup2UnifiedMode() || hasCgroupns { - continue - } - // cgroup v1 is a set of bind mounts, unless cgroupns is used - binds, err := getCgroupMounts(m) - if err != nil { - return err - } - for _, b := range binds { - c.addCriuRestoreMount(req, b) - } - } - } - - if len(c.config.MaskPaths) > 0 { - m := &configs.Mount{Destination: "/dev/null", Source: "/dev/null"} - c.addCriuRestoreMount(req, m) - } - - for _, node := range c.config.Devices { - m := &configs.Mount{Destination: node.Path, Source: node.Path} - c.addCriuRestoreMount(req, m) - } - - if criuOpts.EmptyNs&unix.CLONE_NEWNET == 0 { - c.restoreNetwork(req, criuOpts) - } - - // append optional manage cgroups mode - if criuOpts.ManageCgroupsMode != 0 { - mode := criuOpts.ManageCgroupsMode - req.Opts.ManageCgroupsMode = &mode - } - - var ( - fds []string - fdJSON []byte - ) - if fdJSON, err = os.ReadFile(filepath.Join(criuOpts.ImagesDirectory, descriptorsFilename)); err != nil { - return err - } - - if err := json.Unmarshal(fdJSON, &fds); err != nil { - return err - } - for i := range fds { - if s := fds[i]; strings.Contains(s, "pipe:") { - inheritFd := new(criurpc.InheritFd) - inheritFd.Key = proto.String(s) - inheritFd.Fd = proto.Int32(int32(i)) - req.Opts.InheritFd = append(req.Opts.InheritFd, inheritFd) - } - } - err = c.criuSwrk(process, req, criuOpts, extraFiles) - - // Now that CRIU is done let's close all opened FDs CRIU needed. - for _, fd := range extraFiles { - fd.Close() - } - - return err -} - -func (c *Container) criuApplyCgroups(pid int, req *criurpc.CriuReq) error { - // need to apply cgroups only on restore - if req.GetType() != criurpc.CriuReqType_RESTORE { - return nil - } - - // XXX: Do we need to deal with this case? AFAIK criu still requires root. - if err := c.cgroupManager.Apply(pid); err != nil { - return err - } - - if err := c.cgroupManager.Set(c.config.Cgroups.Resources); err != nil { - return err - } - - // TODO(@kolyshkin): should we use c.cgroupManager.GetPaths() - // instead of reading /proc/pid/cgroup? - path := fmt.Sprintf("/proc/%d/cgroup", pid) - cgroupsPaths, err := cgroups.ParseCgroupFile(path) - if err != nil { - return err - } - - for c, p := range cgroupsPaths { - cgroupRoot := &criurpc.CgroupRoot{ - Ctrl: proto.String(c), - Path: proto.String(p), - } - req.Opts.CgRoot = append(req.Opts.CgRoot, cgroupRoot) - } - - return nil -} - -func (c *Container) criuSwrk(process *Process, req *criurpc.CriuReq, opts *CriuOpts, extraFiles []*os.File) error { - fds, err := unix.Socketpair(unix.AF_LOCAL, unix.SOCK_SEQPACKET|unix.SOCK_CLOEXEC, 0) - if err != nil { - return err - } - - var logPath string - if opts != nil { - logPath = filepath.Join(opts.WorkDirectory, req.GetOpts().GetLogFile()) - } else { - // For the VERSION RPC 'opts' is set to 'nil' and therefore - // opts.WorkDirectory does not exist. Set logPath to "". - logPath = "" - } - criuClient := os.NewFile(uintptr(fds[0]), "criu-transport-client") - criuClientFileCon, err := net.FileConn(criuClient) - criuClient.Close() - if err != nil { - return err - } - - criuClientCon := criuClientFileCon.(*net.UnixConn) - defer criuClientCon.Close() - - criuServer := os.NewFile(uintptr(fds[1]), "criu-transport-server") - defer criuServer.Close() - - if c.criuVersion != 0 { - // If the CRIU Version is still '0' then this is probably - // the initial CRIU run to detect the version. Skip it. - logrus.Debugf("Using CRIU %d", c.criuVersion) - } - cmd := exec.Command("criu", "swrk", "3") - if process != nil { - cmd.Stdin = process.Stdin - cmd.Stdout = process.Stdout - cmd.Stderr = process.Stderr - } - cmd.ExtraFiles = append(cmd.ExtraFiles, criuServer) - if extraFiles != nil { - cmd.ExtraFiles = append(cmd.ExtraFiles, extraFiles...) - } - - if err := cmd.Start(); err != nil { - return err - } - // we close criuServer so that even if CRIU crashes or unexpectedly exits, runc will not hang. - criuServer.Close() - // cmd.Process will be replaced by a restored init. - criuProcess := cmd.Process - - var criuProcessState *os.ProcessState - defer func() { - if criuProcessState == nil { - criuClientCon.Close() - _, err := criuProcess.Wait() - if err != nil { - logrus.Warnf("wait on criuProcess returned %v", err) - } - } - }() - - if err := c.criuApplyCgroups(criuProcess.Pid, req); err != nil { - return err - } - - var extFds []string - if process != nil { - extFds, err = getPipeFds(criuProcess.Pid) - if err != nil { - return err - } - } - - logrus.Debugf("Using CRIU in %s mode", req.GetType().String()) - // In the case of criurpc.CriuReqType_FEATURE_CHECK req.GetOpts() - // should be empty. For older CRIU versions it still will be - // available but empty. criurpc.CriuReqType_VERSION actually - // has no req.GetOpts(). - if logrus.GetLevel() >= logrus.DebugLevel && - !(req.GetType() == criurpc.CriuReqType_FEATURE_CHECK || - req.GetType() == criurpc.CriuReqType_VERSION) { - - val := reflect.ValueOf(req.GetOpts()) - v := reflect.Indirect(val) - for i := 0; i < v.NumField(); i++ { - st := v.Type() - name := st.Field(i).Name - if 'A' <= name[0] && name[0] <= 'Z' { - value := val.MethodByName("Get" + name).Call([]reflect.Value{}) - logrus.Debugf("CRIU option %s with value %v", name, value[0]) - } - } - } - data, err := proto.Marshal(req) - if err != nil { - return err - } - _, err = criuClientCon.Write(data) - if err != nil { - return err - } - - buf := make([]byte, 10*4096) - oob := make([]byte, 4096) - for { - n, oobn, _, _, err := criuClientCon.ReadMsgUnix(buf, oob) - if req.Opts != nil && req.Opts.StatusFd != nil { - // Close status_fd as soon as we got something back from criu, - // assuming it has consumed (reopened) it by this time. - // Otherwise it will might be left open forever and whoever - // is waiting on it will wait forever. - fd := int(*req.Opts.StatusFd) - _ = unix.Close(fd) - req.Opts.StatusFd = nil - } - if err != nil { - return err - } - if n == 0 { - return errors.New("unexpected EOF") - } - if n == len(buf) { - return errors.New("buffer is too small") - } - - resp := new(criurpc.CriuResp) - err = proto.Unmarshal(buf[:n], resp) - if err != nil { - return err - } - if !resp.GetSuccess() { - typeString := req.GetType().String() - return fmt.Errorf("criu failed: type %s errno %d\nlog file: %s", typeString, resp.GetCrErrno(), logPath) - } - - t := resp.GetType() - switch { - case t == criurpc.CriuReqType_FEATURE_CHECK: - logrus.Debugf("Feature check says: %s", resp) - criuFeatures = resp.GetFeatures() - case t == criurpc.CriuReqType_NOTIFY: - if err := c.criuNotifications(resp, process, cmd, opts, extFds, oob[:oobn]); err != nil { - return err - } - t = criurpc.CriuReqType_NOTIFY - req = &criurpc.CriuReq{ - Type: &t, - NotifySuccess: proto.Bool(true), - } - data, err = proto.Marshal(req) - if err != nil { - return err - } - _, err = criuClientCon.Write(data) - if err != nil { - return err - } - continue - case t == criurpc.CriuReqType_RESTORE: - case t == criurpc.CriuReqType_DUMP: - case t == criurpc.CriuReqType_PRE_DUMP: - default: - return fmt.Errorf("unable to parse the response %s", resp.String()) - } - - break - } - - _ = criuClientCon.CloseWrite() - // cmd.Wait() waits cmd.goroutines which are used for proxying file descriptors. - // Here we want to wait only the CRIU process. - criuProcessState, err = criuProcess.Wait() - if err != nil { - return err - } - - // In pre-dump mode CRIU is in a loop and waits for - // the final DUMP command. - // The current runc pre-dump approach, however, is - // start criu in PRE_DUMP once for a single pre-dump - // and not the whole series of pre-dump, pre-dump, ...m, dump - // If we got the message CriuReqType_PRE_DUMP it means - // CRIU was successful and we need to forcefully stop CRIU - if !criuProcessState.Success() && *req.Type != criurpc.CriuReqType_PRE_DUMP { - return fmt.Errorf("criu failed: %s\nlog file: %s", criuProcessState.String(), logPath) - } - return nil -} - -// block any external network activity -func lockNetwork(config *configs.Config) error { - for _, config := range config.Networks { - strategy, err := getStrategy(config.Type) - if err != nil { - return err - } - - if err := strategy.detach(config); err != nil { - return err - } - } - return nil -} - -func unlockNetwork(config *configs.Config) error { - for _, config := range config.Networks { - strategy, err := getStrategy(config.Type) - if err != nil { - return err - } - if err = strategy.attach(config); err != nil { - return err - } - } - return nil -} - -func (c *Container) criuNotifications(resp *criurpc.CriuResp, process *Process, cmd *exec.Cmd, opts *CriuOpts, fds []string, oob []byte) error { - notify := resp.GetNotify() - if notify == nil { - return fmt.Errorf("invalid response: %s", resp.String()) - } - script := notify.GetScript() - logrus.Debugf("notify: %s\n", script) - switch script { - case "post-dump": - f, err := os.Create(filepath.Join(c.root, "checkpoint")) - if err != nil { - return err - } - f.Close() - case "network-unlock": - if err := unlockNetwork(c.config); err != nil { - return err - } - case "network-lock": - if err := lockNetwork(c.config); err != nil { - return err - } - case "setup-namespaces": - if c.config.Hooks != nil { - s, err := c.currentOCIState() - if err != nil { - return nil - } - s.Pid = int(notify.GetPid()) - - if err := c.config.Hooks[configs.Prestart].RunHooks(s); err != nil { - return err - } - if err := c.config.Hooks[configs.CreateRuntime].RunHooks(s); err != nil { - return err - } - } - case "post-restore": - pid := notify.GetPid() - - p, err := os.FindProcess(int(pid)) - if err != nil { - return err - } - cmd.Process = p - - r, err := newRestoredProcess(cmd, fds) - if err != nil { - return err - } - process.ops = r - if err := c.state.transition(&restoredState{ - imageDir: opts.ImagesDirectory, - c: c, - }); err != nil { - return err - } - // create a timestamp indicating when the restored checkpoint was started - c.created = time.Now().UTC() - if _, err := c.updateState(r); err != nil { - return err - } - if err := os.Remove(filepath.Join(c.root, "checkpoint")); err != nil { - if !os.IsNotExist(err) { - logrus.Error(err) - } - } - case "orphan-pts-master": - scm, err := unix.ParseSocketControlMessage(oob) - if err != nil { - return err - } - fds, err := unix.ParseUnixRights(&scm[0]) - if err != nil { - return err - } - - master := os.NewFile(uintptr(fds[0]), "orphan-pts-master") - defer master.Close() - - // While we can access console.master, using the API is a good idea. - if err := utils.SendFd(process.ConsoleSocket, master.Name(), master.Fd()); err != nil { - return err - } - case "status-ready": - if opts.StatusFd != -1 { - // write \0 to status fd to notify that lazy page server is ready - _, err := unix.Write(opts.StatusFd, []byte{0}) - if err != nil { - logrus.Warnf("can't write \\0 to status fd: %v", err) - } - _ = unix.Close(opts.StatusFd) - opts.StatusFd = -1 - } - } - return nil -} - func (c *Container) updateState(process parentProcess) (*State, error) { if process != nil { c.initProcess = process diff --git a/libcontainer/criu_linux.go b/libcontainer/criu_linux.go new file mode 100644 index 00000000000..4df92c116f2 --- /dev/null +++ b/libcontainer/criu_linux.go @@ -0,0 +1,1151 @@ +package libcontainer + +import ( + "encoding/json" + "errors" + "fmt" + "net" + "os" + "os/exec" + "path/filepath" + "reflect" + "strings" + "time" + + "github.com/checkpoint-restore/go-criu/v6" + criurpc "github.com/checkpoint-restore/go-criu/v6/rpc" + securejoin "github.com/cyphar/filepath-securejoin" + "github.com/sirupsen/logrus" + "golang.org/x/sys/unix" + "google.golang.org/protobuf/proto" + + "github.com/opencontainers/runc/libcontainer/cgroups" + "github.com/opencontainers/runc/libcontainer/configs" + "github.com/opencontainers/runc/libcontainer/utils" +) + +var criuFeatures *criurpc.CriuFeatures + +func (c *Container) checkCriuFeatures(criuOpts *CriuOpts, rpcOpts *criurpc.CriuOpts, criuFeat *criurpc.CriuFeatures) error { + t := criurpc.CriuReqType_FEATURE_CHECK + + // make sure the features we are looking for are really not from + // some previous check + criuFeatures = nil + + req := &criurpc.CriuReq{ + Type: &t, + // Theoretically this should not be necessary but CRIU + // segfaults if Opts is empty. + // Fixed in CRIU 2.12 + Opts: rpcOpts, + Features: criuFeat, + } + + err := c.criuSwrk(nil, req, criuOpts, nil) + if err != nil { + logrus.Debugf("%s", err) + return errors.New("CRIU feature check failed") + } + + missingFeatures := false + + // The outer if checks if the fields actually exist + if (criuFeat.MemTrack != nil) && + (criuFeatures.MemTrack != nil) { + // The inner if checks if they are set to true + if *criuFeat.MemTrack && !*criuFeatures.MemTrack { + missingFeatures = true + logrus.Debugf("CRIU does not support MemTrack") + } + } + + // This needs to be repeated for every new feature check. + // Is there a way to put this in a function. Reflection? + if (criuFeat.LazyPages != nil) && + (criuFeatures.LazyPages != nil) { + if *criuFeat.LazyPages && !*criuFeatures.LazyPages { + missingFeatures = true + logrus.Debugf("CRIU does not support LazyPages") + } + } + + if missingFeatures { + return errors.New("CRIU is missing features") + } + + return nil +} + +func compareCriuVersion(criuVersion int, minVersion int) error { + // simple function to perform the actual version compare + if criuVersion < minVersion { + return fmt.Errorf("CRIU version %d must be %d or higher", criuVersion, minVersion) + } + + return nil +} + +// checkCriuVersion checks CRIU version greater than or equal to minVersion. +func (c *Container) checkCriuVersion(minVersion int) error { + // If the version of criu has already been determined there is no need + // to ask criu for the version again. Use the value from c.criuVersion. + if c.criuVersion != 0 { + return compareCriuVersion(c.criuVersion, minVersion) + } + + criu := criu.MakeCriu() + var err error + c.criuVersion, err = criu.GetCriuVersion() + if err != nil { + return fmt.Errorf("CRIU version check failed: %w", err) + } + + return compareCriuVersion(c.criuVersion, minVersion) +} + +const descriptorsFilename = "descriptors.json" + +func (c *Container) addCriuDumpMount(req *criurpc.CriuReq, m *configs.Mount) { + mountDest := strings.TrimPrefix(m.Destination, c.config.Rootfs) + if dest, err := securejoin.SecureJoin(c.config.Rootfs, mountDest); err == nil { + mountDest = dest[len(c.config.Rootfs):] + } + extMnt := &criurpc.ExtMountMap{ + Key: proto.String(mountDest), + Val: proto.String(mountDest), + } + req.Opts.ExtMnt = append(req.Opts.ExtMnt, extMnt) +} + +func (c *Container) addMaskPaths(req *criurpc.CriuReq) error { + for _, path := range c.config.MaskPaths { + fi, err := os.Stat(fmt.Sprintf("/proc/%d/root/%s", c.initProcess.pid(), path)) + if err != nil { + if os.IsNotExist(err) { + continue + } + return err + } + if fi.IsDir() { + continue + } + + extMnt := &criurpc.ExtMountMap{ + Key: proto.String(path), + Val: proto.String("/dev/null"), + } + req.Opts.ExtMnt = append(req.Opts.ExtMnt, extMnt) + } + return nil +} + +func (c *Container) handleCriuConfigurationFile(rpcOpts *criurpc.CriuOpts) { + // CRIU will evaluate a configuration starting with release 3.11. + // Settings in the configuration file will overwrite RPC settings. + // Look for annotations. The annotation 'org.criu.config' + // specifies if CRIU should use a different, container specific + // configuration file. + configFile, exists := utils.SearchLabels(c.config.Labels, "org.criu.config") + if exists { + // If the annotation 'org.criu.config' exists and is set + // to a non-empty string, tell CRIU to use that as a + // configuration file. If the file does not exist, CRIU + // will just ignore it. + if configFile != "" { + rpcOpts.ConfigFile = proto.String(configFile) + } + // If 'org.criu.config' exists and is set to an empty + // string, a runc specific CRIU configuration file will + // be not set at all. + } else { + // If the mentioned annotation has not been found, specify + // a default CRIU configuration file. + rpcOpts.ConfigFile = proto.String("/etc/criu/runc.conf") + } +} + +func (c *Container) criuSupportsExtNS(t configs.NamespaceType) bool { + var minVersion int + switch t { + case configs.NEWNET: + // CRIU supports different external namespace with different released CRIU versions. + // For network namespaces to work we need at least criu 3.11.0 => 31100. + minVersion = 31100 + case configs.NEWPID: + // For PID namespaces criu 31500 is needed. + minVersion = 31500 + default: + return false + } + return c.checkCriuVersion(minVersion) == nil +} + +func criuNsToKey(t configs.NamespaceType) string { + return "extRoot" + strings.Title(configs.NsName(t)) + "NS" //nolint:staticcheck // SA1019: strings.Title is deprecated +} + +func (c *Container) handleCheckpointingExternalNamespaces(rpcOpts *criurpc.CriuOpts, t configs.NamespaceType) error { + if !c.criuSupportsExtNS(t) { + return nil + } + + nsPath := c.config.Namespaces.PathOf(t) + if nsPath == "" { + return nil + } + // CRIU expects the information about an external namespace + // like this: --external []: + // This is always 'extRootNS'. + var ns unix.Stat_t + if err := unix.Stat(nsPath, &ns); err != nil { + return err + } + criuExternal := fmt.Sprintf("%s[%d]:%s", configs.NsName(t), ns.Ino, criuNsToKey(t)) + rpcOpts.External = append(rpcOpts.External, criuExternal) + + return nil +} + +func (c *Container) handleRestoringNamespaces(rpcOpts *criurpc.CriuOpts, extraFiles *[]*os.File) error { + for _, ns := range c.config.Namespaces { + switch ns.Type { + case configs.NEWNET, configs.NEWPID: + // If the container is running in a network or PID namespace and has + // a path to the network or PID namespace configured, we will dump + // that network or PID namespace as an external namespace and we + // will expect that the namespace exists during restore. + // This basically means that CRIU will ignore the namespace + // and expect it to be setup correctly. + if err := c.handleRestoringExternalNamespaces(rpcOpts, extraFiles, ns.Type); err != nil { + return err + } + default: + // For all other namespaces except NET and PID CRIU has + // a simpler way of joining the existing namespace if set + nsPath := c.config.Namespaces.PathOf(ns.Type) + if nsPath == "" { + continue + } + if ns.Type == configs.NEWCGROUP { + // CRIU has no code to handle NEWCGROUP + return fmt.Errorf("Do not know how to handle namespace %v", ns.Type) + } + // CRIU has code to handle NEWTIME, but it does not seem to be defined in runc + + // CRIU will issue a warning for NEWUSER: + // criu/namespaces.c: 'join-ns with user-namespace is not fully tested and dangerous' + rpcOpts.JoinNs = append(rpcOpts.JoinNs, &criurpc.JoinNamespace{ + Ns: proto.String(configs.NsName(ns.Type)), + NsFile: proto.String(nsPath), + }) + } + } + + return nil +} + +func (c *Container) handleRestoringExternalNamespaces(rpcOpts *criurpc.CriuOpts, extraFiles *[]*os.File, t configs.NamespaceType) error { + if !c.criuSupportsExtNS(t) { + return nil + } + + nsPath := c.config.Namespaces.PathOf(t) + if nsPath == "" { + return nil + } + // CRIU wants the information about an existing namespace + // like this: --inherit-fd fd[]: + // The needs to be the same as during checkpointing. + // We are always using 'extRootNS' as the key in this. + nsFd, err := os.Open(nsPath) + if err != nil { + logrus.Errorf("If a specific network namespace is defined it must exist: %s", err) + return fmt.Errorf("Requested network namespace %v does not exist", nsPath) + } + inheritFd := &criurpc.InheritFd{ + Key: proto.String(criuNsToKey(t)), + // The offset of four is necessary because 0, 1, 2 and 3 are + // already used by stdin, stdout, stderr, 'criu swrk' socket. + Fd: proto.Int32(int32(4 + len(*extraFiles))), + } + rpcOpts.InheritFd = append(rpcOpts.InheritFd, inheritFd) + // All open FDs need to be transferred to CRIU via extraFiles + *extraFiles = append(*extraFiles, nsFd) + + return nil +} + +func (c *Container) Checkpoint(criuOpts *CriuOpts) error { + c.m.Lock() + defer c.m.Unlock() + + // Checkpoint is unlikely to work if os.Geteuid() != 0 || system.RunningInUserNS(). + // (CLI prints a warning) + // TODO(avagin): Figure out how to make this work nicely. CRIU 2.0 has + // support for doing unprivileged dumps, but the setup of + // rootless containers might make this complicated. + + // We are relying on the CRIU version RPC which was introduced with CRIU 3.0.0 + if err := c.checkCriuVersion(30000); err != nil { + return err + } + + if criuOpts.ImagesDirectory == "" { + return errors.New("invalid directory to save checkpoint") + } + + // Since a container can be C/R'ed multiple times, + // the checkpoint directory may already exist. + if err := os.Mkdir(criuOpts.ImagesDirectory, 0o700); err != nil && !os.IsExist(err) { + return err + } + + imageDir, err := os.Open(criuOpts.ImagesDirectory) + if err != nil { + return err + } + defer imageDir.Close() + + rpcOpts := criurpc.CriuOpts{ + ImagesDirFd: proto.Int32(int32(imageDir.Fd())), + LogLevel: proto.Int32(4), + LogFile: proto.String("dump.log"), + Root: proto.String(c.config.Rootfs), + ManageCgroups: proto.Bool(true), + NotifyScripts: proto.Bool(true), + Pid: proto.Int32(int32(c.initProcess.pid())), + ShellJob: proto.Bool(criuOpts.ShellJob), + LeaveRunning: proto.Bool(criuOpts.LeaveRunning), + TcpEstablished: proto.Bool(criuOpts.TcpEstablished), + ExtUnixSk: proto.Bool(criuOpts.ExternalUnixConnections), + FileLocks: proto.Bool(criuOpts.FileLocks), + EmptyNs: proto.Uint32(criuOpts.EmptyNs), + OrphanPtsMaster: proto.Bool(true), + AutoDedup: proto.Bool(criuOpts.AutoDedup), + LazyPages: proto.Bool(criuOpts.LazyPages), + } + + // if criuOpts.WorkDirectory is not set, criu default is used. + if criuOpts.WorkDirectory != "" { + if err := os.Mkdir(criuOpts.WorkDirectory, 0o700); err != nil && !os.IsExist(err) { + return err + } + workDir, err := os.Open(criuOpts.WorkDirectory) + if err != nil { + return err + } + defer workDir.Close() + rpcOpts.WorkDirFd = proto.Int32(int32(workDir.Fd())) + } + + c.handleCriuConfigurationFile(&rpcOpts) + + // If the container is running in a network namespace and has + // a path to the network namespace configured, we will dump + // that network namespace as an external namespace and we + // will expect that the namespace exists during restore. + // This basically means that CRIU will ignore the namespace + // and expect to be setup correctly. + if err := c.handleCheckpointingExternalNamespaces(&rpcOpts, configs.NEWNET); err != nil { + return err + } + + // Same for possible external PID namespaces + if err := c.handleCheckpointingExternalNamespaces(&rpcOpts, configs.NEWPID); err != nil { + return err + } + + // CRIU can use cgroup freezer; when rpcOpts.FreezeCgroup + // is not set, CRIU uses ptrace() to pause the processes. + // Note cgroup v2 freezer is only supported since CRIU release 3.14. + if !cgroups.IsCgroup2UnifiedMode() || c.checkCriuVersion(31400) == nil { + if fcg := c.cgroupManager.Path("freezer"); fcg != "" { + rpcOpts.FreezeCgroup = proto.String(fcg) + } + } + + // append optional criu opts, e.g., page-server and port + if criuOpts.PageServer.Address != "" && criuOpts.PageServer.Port != 0 { + rpcOpts.Ps = &criurpc.CriuPageServerInfo{ + Address: proto.String(criuOpts.PageServer.Address), + Port: proto.Int32(criuOpts.PageServer.Port), + } + } + + // pre-dump may need parentImage param to complete iterative migration + if criuOpts.ParentImage != "" { + rpcOpts.ParentImg = proto.String(criuOpts.ParentImage) + rpcOpts.TrackMem = proto.Bool(true) + } + + // append optional manage cgroups mode + if criuOpts.ManageCgroupsMode != 0 { + mode := criuOpts.ManageCgroupsMode + rpcOpts.ManageCgroupsMode = &mode + } + + var t criurpc.CriuReqType + if criuOpts.PreDump { + feat := criurpc.CriuFeatures{ + MemTrack: proto.Bool(true), + } + + if err := c.checkCriuFeatures(criuOpts, &rpcOpts, &feat); err != nil { + return err + } + + t = criurpc.CriuReqType_PRE_DUMP + } else { + t = criurpc.CriuReqType_DUMP + } + + if criuOpts.LazyPages { + // lazy migration requested; check if criu supports it + feat := criurpc.CriuFeatures{ + LazyPages: proto.Bool(true), + } + if err := c.checkCriuFeatures(criuOpts, &rpcOpts, &feat); err != nil { + return err + } + + if fd := criuOpts.StatusFd; fd != -1 { + // check that the FD is valid + flags, err := unix.FcntlInt(uintptr(fd), unix.F_GETFL, 0) + if err != nil { + return fmt.Errorf("invalid --status-fd argument %d: %w", fd, err) + } + // and writable + if flags&unix.O_WRONLY == 0 { + return fmt.Errorf("invalid --status-fd argument %d: not writable", fd) + } + + if c.checkCriuVersion(31500) != nil { + // For criu 3.15+, use notifications (see case "status-ready" + // in criuNotifications). Otherwise, rely on criu status fd. + rpcOpts.StatusFd = proto.Int32(int32(fd)) + } + } + } + + req := &criurpc.CriuReq{ + Type: &t, + Opts: &rpcOpts, + } + + // no need to dump all this in pre-dump + if !criuOpts.PreDump { + hasCgroupns := c.config.Namespaces.Contains(configs.NEWCGROUP) + for _, m := range c.config.Mounts { + switch m.Device { + case "bind": + c.addCriuDumpMount(req, m) + case "cgroup": + if cgroups.IsCgroup2UnifiedMode() || hasCgroupns { + // real mount(s) + continue + } + // a set of "external" bind mounts + binds, err := getCgroupMounts(m) + if err != nil { + return err + } + for _, b := range binds { + c.addCriuDumpMount(req, b) + } + } + } + + if err := c.addMaskPaths(req); err != nil { + return err + } + + for _, node := range c.config.Devices { + m := &configs.Mount{Destination: node.Path, Source: node.Path} + c.addCriuDumpMount(req, m) + } + + // Write the FD info to a file in the image directory + fdsJSON, err := json.Marshal(c.initProcess.externalDescriptors()) + if err != nil { + return err + } + + err = os.WriteFile(filepath.Join(criuOpts.ImagesDirectory, descriptorsFilename), fdsJSON, 0o600) + if err != nil { + return err + } + } + + err = c.criuSwrk(nil, req, criuOpts, nil) + if err != nil { + return err + } + return nil +} + +func (c *Container) addCriuRestoreMount(req *criurpc.CriuReq, m *configs.Mount) { + mountDest := strings.TrimPrefix(m.Destination, c.config.Rootfs) + if dest, err := securejoin.SecureJoin(c.config.Rootfs, mountDest); err == nil { + mountDest = dest[len(c.config.Rootfs):] + } + extMnt := &criurpc.ExtMountMap{ + Key: proto.String(mountDest), + Val: proto.String(m.Source), + } + req.Opts.ExtMnt = append(req.Opts.ExtMnt, extMnt) +} + +func (c *Container) restoreNetwork(req *criurpc.CriuReq, criuOpts *CriuOpts) { + for _, iface := range c.config.Networks { + switch iface.Type { + case "veth": + veth := new(criurpc.CriuVethPair) + veth.IfOut = proto.String(iface.HostInterfaceName) + veth.IfIn = proto.String(iface.Name) + req.Opts.Veths = append(req.Opts.Veths, veth) + case "loopback": + // Do nothing + } + } + for _, i := range criuOpts.VethPairs { + veth := new(criurpc.CriuVethPair) + veth.IfOut = proto.String(i.HostInterfaceName) + veth.IfIn = proto.String(i.ContainerInterfaceName) + req.Opts.Veths = append(req.Opts.Veths, veth) + } +} + +// makeCriuRestoreMountpoints makes the actual mountpoints for the +// restore using CRIU. This function is inspired from the code in +// rootfs_linux.go. +func (c *Container) makeCriuRestoreMountpoints(m *configs.Mount) error { + switch m.Device { + case "cgroup": + // No mount point(s) need to be created: + // + // * for v1, mount points are saved by CRIU because + // /sys/fs/cgroup is a tmpfs mount + // + // * for v2, /sys/fs/cgroup is a real mount, but + // the mountpoint appears as soon as /sys is mounted + return nil + case "bind": + // The prepareBindMount() function checks if source + // exists. So it cannot be used for other filesystem types. + // TODO: pass srcFD? Not sure if criu is impacted by issue #2484. + if err := prepareBindMount(mountEntry{Mount: m}, c.config.Rootfs); err != nil { + return err + } + default: + // for all other filesystems just create the mountpoints + dest, err := securejoin.SecureJoin(c.config.Rootfs, m.Destination) + if err != nil { + return err + } + if err := checkProcMount(c.config.Rootfs, dest, ""); err != nil { + return err + } + if err := os.MkdirAll(dest, 0o755); err != nil { + return err + } + } + return nil +} + +// isPathInPrefixList is a small function for CRIU restore to make sure +// mountpoints, which are on a tmpfs, are not created in the roofs. +func isPathInPrefixList(path string, prefix []string) bool { + for _, p := range prefix { + if strings.HasPrefix(path, p+"/") { + return true + } + } + return false +} + +// prepareCriuRestoreMounts tries to set up the rootfs of the +// container to be restored in the same way runc does it for +// initial container creation. Even for a read-only rootfs container +// runc modifies the rootfs to add mountpoints which do not exist. +// This function also creates missing mountpoints as long as they +// are not on top of a tmpfs, as CRIU will restore tmpfs content anyway. +func (c *Container) prepareCriuRestoreMounts(mounts []*configs.Mount) error { + // First get a list of a all tmpfs mounts + tmpfs := []string{} + for _, m := range mounts { + switch m.Device { + case "tmpfs": + tmpfs = append(tmpfs, m.Destination) + } + } + // Now go through all mounts and create the mountpoints + // if the mountpoints are not on a tmpfs, as CRIU will + // restore the complete tmpfs content from its checkpoint. + umounts := []string{} + defer func() { + for _, u := range umounts { + _ = utils.WithProcfd(c.config.Rootfs, u, func(procfd string) error { + if e := unix.Unmount(procfd, unix.MNT_DETACH); e != nil { + if e != unix.EINVAL { //nolint:errorlint // unix errors are bare + // Ignore EINVAL as it means 'target is not a mount point.' + // It probably has already been unmounted. + logrus.Warnf("Error during cleanup unmounting of %s (%s): %v", procfd, u, e) + } + } + return nil + }) + } + }() + for _, m := range mounts { + if !isPathInPrefixList(m.Destination, tmpfs) { + if err := c.makeCriuRestoreMountpoints(m); err != nil { + return err + } + // If the mount point is a bind mount, we need to mount + // it now so that runc can create the necessary mount + // points for mounts in bind mounts. + // This also happens during initial container creation. + // Without this CRIU restore will fail + // See: https://github.com/opencontainers/runc/issues/2748 + // It is also not necessary to order the mount points + // because during initial container creation mounts are + // set up in the order they are configured. + if m.Device == "bind" { + if err := utils.WithProcfd(c.config.Rootfs, m.Destination, func(dstFD string) error { + return mountViaFDs(m.Source, nil, m.Destination, dstFD, "", unix.MS_BIND|unix.MS_REC, "") + }); err != nil { + return err + } + umounts = append(umounts, m.Destination) + } + } + } + return nil +} + +// Restore restores the checkpointed container to a running state using the +// criu(8) utility. +func (c *Container) Restore(process *Process, criuOpts *CriuOpts) error { + c.m.Lock() + defer c.m.Unlock() + + var extraFiles []*os.File + + // Restore is unlikely to work if os.Geteuid() != 0 || system.RunningInUserNS(). + // (CLI prints a warning) + // TODO(avagin): Figure out how to make this work nicely. CRIU doesn't have + // support for unprivileged restore at the moment. + + // We are relying on the CRIU version RPC which was introduced with CRIU 3.0.0 + if err := c.checkCriuVersion(30000); err != nil { + return err + } + if criuOpts.ImagesDirectory == "" { + return errors.New("invalid directory to restore checkpoint") + } + imageDir, err := os.Open(criuOpts.ImagesDirectory) + if err != nil { + return err + } + defer imageDir.Close() + // CRIU has a few requirements for a root directory: + // * it must be a mount point + // * its parent must not be overmounted + // c.config.Rootfs is bind-mounted to a temporary directory + // to satisfy these requirements. + root := filepath.Join(c.root, "criu-root") + if err := os.Mkdir(root, 0o755); err != nil { + return err + } + defer os.Remove(root) + root, err = filepath.EvalSymlinks(root) + if err != nil { + return err + } + err = mount(c.config.Rootfs, root, "", unix.MS_BIND|unix.MS_REC, "") + if err != nil { + return err + } + defer unix.Unmount(root, unix.MNT_DETACH) //nolint: errcheck + t := criurpc.CriuReqType_RESTORE + req := &criurpc.CriuReq{ + Type: &t, + Opts: &criurpc.CriuOpts{ + ImagesDirFd: proto.Int32(int32(imageDir.Fd())), + EvasiveDevices: proto.Bool(true), + LogLevel: proto.Int32(4), + LogFile: proto.String("restore.log"), + RstSibling: proto.Bool(true), + Root: proto.String(root), + ManageCgroups: proto.Bool(true), + NotifyScripts: proto.Bool(true), + ShellJob: proto.Bool(criuOpts.ShellJob), + ExtUnixSk: proto.Bool(criuOpts.ExternalUnixConnections), + TcpEstablished: proto.Bool(criuOpts.TcpEstablished), + FileLocks: proto.Bool(criuOpts.FileLocks), + EmptyNs: proto.Uint32(criuOpts.EmptyNs), + OrphanPtsMaster: proto.Bool(true), + AutoDedup: proto.Bool(criuOpts.AutoDedup), + LazyPages: proto.Bool(criuOpts.LazyPages), + }, + } + + if criuOpts.LsmProfile != "" { + // CRIU older than 3.16 has a bug which breaks the possibility + // to set a different LSM profile. + if err := c.checkCriuVersion(31600); err != nil { + return errors.New("--lsm-profile requires at least CRIU 3.16") + } + req.Opts.LsmProfile = proto.String(criuOpts.LsmProfile) + } + if criuOpts.LsmMountContext != "" { + if err := c.checkCriuVersion(31600); err != nil { + return errors.New("--lsm-mount-context requires at least CRIU 3.16") + } + req.Opts.LsmMountContext = proto.String(criuOpts.LsmMountContext) + } + + if criuOpts.WorkDirectory != "" { + // Since a container can be C/R'ed multiple times, + // the work directory may already exist. + if err := os.Mkdir(criuOpts.WorkDirectory, 0o700); err != nil && !os.IsExist(err) { + return err + } + workDir, err := os.Open(criuOpts.WorkDirectory) + if err != nil { + return err + } + defer workDir.Close() + req.Opts.WorkDirFd = proto.Int32(int32(workDir.Fd())) + } + c.handleCriuConfigurationFile(req.Opts) + + if err := c.handleRestoringNamespaces(req.Opts, &extraFiles); err != nil { + return err + } + + // This will modify the rootfs of the container in the same way runc + // modifies the container during initial creation. + if err := c.prepareCriuRestoreMounts(c.config.Mounts); err != nil { + return err + } + + hasCgroupns := c.config.Namespaces.Contains(configs.NEWCGROUP) + for _, m := range c.config.Mounts { + switch m.Device { + case "bind": + c.addCriuRestoreMount(req, m) + case "cgroup": + if cgroups.IsCgroup2UnifiedMode() || hasCgroupns { + continue + } + // cgroup v1 is a set of bind mounts, unless cgroupns is used + binds, err := getCgroupMounts(m) + if err != nil { + return err + } + for _, b := range binds { + c.addCriuRestoreMount(req, b) + } + } + } + + if len(c.config.MaskPaths) > 0 { + m := &configs.Mount{Destination: "/dev/null", Source: "/dev/null"} + c.addCriuRestoreMount(req, m) + } + + for _, node := range c.config.Devices { + m := &configs.Mount{Destination: node.Path, Source: node.Path} + c.addCriuRestoreMount(req, m) + } + + if criuOpts.EmptyNs&unix.CLONE_NEWNET == 0 { + c.restoreNetwork(req, criuOpts) + } + + // append optional manage cgroups mode + if criuOpts.ManageCgroupsMode != 0 { + mode := criuOpts.ManageCgroupsMode + req.Opts.ManageCgroupsMode = &mode + } + + var ( + fds []string + fdJSON []byte + ) + if fdJSON, err = os.ReadFile(filepath.Join(criuOpts.ImagesDirectory, descriptorsFilename)); err != nil { + return err + } + + if err := json.Unmarshal(fdJSON, &fds); err != nil { + return err + } + for i := range fds { + if s := fds[i]; strings.Contains(s, "pipe:") { + inheritFd := new(criurpc.InheritFd) + inheritFd.Key = proto.String(s) + inheritFd.Fd = proto.Int32(int32(i)) + req.Opts.InheritFd = append(req.Opts.InheritFd, inheritFd) + } + } + err = c.criuSwrk(process, req, criuOpts, extraFiles) + + // Now that CRIU is done let's close all opened FDs CRIU needed. + for _, fd := range extraFiles { + fd.Close() + } + + return err +} + +func (c *Container) criuApplyCgroups(pid int, req *criurpc.CriuReq) error { + // need to apply cgroups only on restore + if req.GetType() != criurpc.CriuReqType_RESTORE { + return nil + } + + // XXX: Do we need to deal with this case? AFAIK criu still requires root. + if err := c.cgroupManager.Apply(pid); err != nil { + return err + } + + if err := c.cgroupManager.Set(c.config.Cgroups.Resources); err != nil { + return err + } + + // TODO(@kolyshkin): should we use c.cgroupManager.GetPaths() + // instead of reading /proc/pid/cgroup? + path := fmt.Sprintf("/proc/%d/cgroup", pid) + cgroupsPaths, err := cgroups.ParseCgroupFile(path) + if err != nil { + return err + } + + for c, p := range cgroupsPaths { + cgroupRoot := &criurpc.CgroupRoot{ + Ctrl: proto.String(c), + Path: proto.String(p), + } + req.Opts.CgRoot = append(req.Opts.CgRoot, cgroupRoot) + } + + return nil +} + +func (c *Container) criuSwrk(process *Process, req *criurpc.CriuReq, opts *CriuOpts, extraFiles []*os.File) error { + fds, err := unix.Socketpair(unix.AF_LOCAL, unix.SOCK_SEQPACKET|unix.SOCK_CLOEXEC, 0) + if err != nil { + return err + } + + var logPath string + if opts != nil { + logPath = filepath.Join(opts.WorkDirectory, req.GetOpts().GetLogFile()) + } else { + // For the VERSION RPC 'opts' is set to 'nil' and therefore + // opts.WorkDirectory does not exist. Set logPath to "". + logPath = "" + } + criuClient := os.NewFile(uintptr(fds[0]), "criu-transport-client") + criuClientFileCon, err := net.FileConn(criuClient) + criuClient.Close() + if err != nil { + return err + } + + criuClientCon := criuClientFileCon.(*net.UnixConn) + defer criuClientCon.Close() + + criuServer := os.NewFile(uintptr(fds[1]), "criu-transport-server") + defer criuServer.Close() + + if c.criuVersion != 0 { + // If the CRIU Version is still '0' then this is probably + // the initial CRIU run to detect the version. Skip it. + logrus.Debugf("Using CRIU %d", c.criuVersion) + } + cmd := exec.Command("criu", "swrk", "3") + if process != nil { + cmd.Stdin = process.Stdin + cmd.Stdout = process.Stdout + cmd.Stderr = process.Stderr + } + cmd.ExtraFiles = append(cmd.ExtraFiles, criuServer) + if extraFiles != nil { + cmd.ExtraFiles = append(cmd.ExtraFiles, extraFiles...) + } + + if err := cmd.Start(); err != nil { + return err + } + // we close criuServer so that even if CRIU crashes or unexpectedly exits, runc will not hang. + criuServer.Close() + // cmd.Process will be replaced by a restored init. + criuProcess := cmd.Process + + var criuProcessState *os.ProcessState + defer func() { + if criuProcessState == nil { + criuClientCon.Close() + _, err := criuProcess.Wait() + if err != nil { + logrus.Warnf("wait on criuProcess returned %v", err) + } + } + }() + + if err := c.criuApplyCgroups(criuProcess.Pid, req); err != nil { + return err + } + + var extFds []string + if process != nil { + extFds, err = getPipeFds(criuProcess.Pid) + if err != nil { + return err + } + } + + logrus.Debugf("Using CRIU in %s mode", req.GetType().String()) + // In the case of criurpc.CriuReqType_FEATURE_CHECK req.GetOpts() + // should be empty. For older CRIU versions it still will be + // available but empty. criurpc.CriuReqType_VERSION actually + // has no req.GetOpts(). + if logrus.GetLevel() >= logrus.DebugLevel && + !(req.GetType() == criurpc.CriuReqType_FEATURE_CHECK || + req.GetType() == criurpc.CriuReqType_VERSION) { + + val := reflect.ValueOf(req.GetOpts()) + v := reflect.Indirect(val) + for i := 0; i < v.NumField(); i++ { + st := v.Type() + name := st.Field(i).Name + if 'A' <= name[0] && name[0] <= 'Z' { + value := val.MethodByName("Get" + name).Call([]reflect.Value{}) + logrus.Debugf("CRIU option %s with value %v", name, value[0]) + } + } + } + data, err := proto.Marshal(req) + if err != nil { + return err + } + _, err = criuClientCon.Write(data) + if err != nil { + return err + } + + buf := make([]byte, 10*4096) + oob := make([]byte, 4096) + for { + n, oobn, _, _, err := criuClientCon.ReadMsgUnix(buf, oob) + if req.Opts != nil && req.Opts.StatusFd != nil { + // Close status_fd as soon as we got something back from criu, + // assuming it has consumed (reopened) it by this time. + // Otherwise it will might be left open forever and whoever + // is waiting on it will wait forever. + fd := int(*req.Opts.StatusFd) + _ = unix.Close(fd) + req.Opts.StatusFd = nil + } + if err != nil { + return err + } + if n == 0 { + return errors.New("unexpected EOF") + } + if n == len(buf) { + return errors.New("buffer is too small") + } + + resp := new(criurpc.CriuResp) + err = proto.Unmarshal(buf[:n], resp) + if err != nil { + return err + } + if !resp.GetSuccess() { + typeString := req.GetType().String() + return fmt.Errorf("criu failed: type %s errno %d\nlog file: %s", typeString, resp.GetCrErrno(), logPath) + } + + t := resp.GetType() + switch { + case t == criurpc.CriuReqType_FEATURE_CHECK: + logrus.Debugf("Feature check says: %s", resp) + criuFeatures = resp.GetFeatures() + case t == criurpc.CriuReqType_NOTIFY: + if err := c.criuNotifications(resp, process, cmd, opts, extFds, oob[:oobn]); err != nil { + return err + } + t = criurpc.CriuReqType_NOTIFY + req = &criurpc.CriuReq{ + Type: &t, + NotifySuccess: proto.Bool(true), + } + data, err = proto.Marshal(req) + if err != nil { + return err + } + _, err = criuClientCon.Write(data) + if err != nil { + return err + } + continue + case t == criurpc.CriuReqType_RESTORE: + case t == criurpc.CriuReqType_DUMP: + case t == criurpc.CriuReqType_PRE_DUMP: + default: + return fmt.Errorf("unable to parse the response %s", resp.String()) + } + + break + } + + _ = criuClientCon.CloseWrite() + // cmd.Wait() waits cmd.goroutines which are used for proxying file descriptors. + // Here we want to wait only the CRIU process. + criuProcessState, err = criuProcess.Wait() + if err != nil { + return err + } + + // In pre-dump mode CRIU is in a loop and waits for + // the final DUMP command. + // The current runc pre-dump approach, however, is + // start criu in PRE_DUMP once for a single pre-dump + // and not the whole series of pre-dump, pre-dump, ...m, dump + // If we got the message CriuReqType_PRE_DUMP it means + // CRIU was successful and we need to forcefully stop CRIU + if !criuProcessState.Success() && *req.Type != criurpc.CriuReqType_PRE_DUMP { + return fmt.Errorf("criu failed: %s\nlog file: %s", criuProcessState.String(), logPath) + } + return nil +} + +// lockNetwork blocks any external network activity. +func lockNetwork(config *configs.Config) error { + for _, config := range config.Networks { + strategy, err := getStrategy(config.Type) + if err != nil { + return err + } + + if err := strategy.detach(config); err != nil { + return err + } + } + return nil +} + +func unlockNetwork(config *configs.Config) error { + for _, config := range config.Networks { + strategy, err := getStrategy(config.Type) + if err != nil { + return err + } + if err = strategy.attach(config); err != nil { + return err + } + } + return nil +} + +func (c *Container) criuNotifications(resp *criurpc.CriuResp, process *Process, cmd *exec.Cmd, opts *CriuOpts, fds []string, oob []byte) error { + notify := resp.GetNotify() + if notify == nil { + return fmt.Errorf("invalid response: %s", resp.String()) + } + script := notify.GetScript() + logrus.Debugf("notify: %s\n", script) + switch script { + case "post-dump": + f, err := os.Create(filepath.Join(c.root, "checkpoint")) + if err != nil { + return err + } + f.Close() + case "network-unlock": + if err := unlockNetwork(c.config); err != nil { + return err + } + case "network-lock": + if err := lockNetwork(c.config); err != nil { + return err + } + case "setup-namespaces": + if c.config.Hooks != nil { + s, err := c.currentOCIState() + if err != nil { + return nil + } + s.Pid = int(notify.GetPid()) + + if err := c.config.Hooks[configs.Prestart].RunHooks(s); err != nil { + return err + } + if err := c.config.Hooks[configs.CreateRuntime].RunHooks(s); err != nil { + return err + } + } + case "post-restore": + pid := notify.GetPid() + + p, err := os.FindProcess(int(pid)) + if err != nil { + return err + } + cmd.Process = p + + r, err := newRestoredProcess(cmd, fds) + if err != nil { + return err + } + process.ops = r + if err := c.state.transition(&restoredState{ + imageDir: opts.ImagesDirectory, + c: c, + }); err != nil { + return err + } + // create a timestamp indicating when the restored checkpoint was started + c.created = time.Now().UTC() + if _, err := c.updateState(r); err != nil { + return err + } + if err := os.Remove(filepath.Join(c.root, "checkpoint")); err != nil { + if !os.IsNotExist(err) { + logrus.Error(err) + } + } + case "orphan-pts-master": + scm, err := unix.ParseSocketControlMessage(oob) + if err != nil { + return err + } + fds, err := unix.ParseUnixRights(&scm[0]) + if err != nil { + return err + } + + master := os.NewFile(uintptr(fds[0]), "orphan-pts-master") + defer master.Close() + + // While we can access console.master, using the API is a good idea. + if err := utils.SendFd(process.ConsoleSocket, master.Name(), master.Fd()); err != nil { + return err + } + case "status-ready": + if opts.StatusFd != -1 { + // write \0 to status fd to notify that lazy page server is ready + _, err := unix.Write(opts.StatusFd, []byte{0}) + if err != nil { + logrus.Warnf("can't write \\0 to status fd: %v", err) + } + _ = unix.Close(opts.StatusFd) + opts.StatusFd = -1 + } + } + return nil +} From e4478e9fff6dc11234c82d24cc27bb31e406aeec Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 3 Aug 2023 10:27:14 -0700 Subject: [PATCH 0333/1176] criuSwrk: simplify switch 1. Use "switch t" since we only check t. 2. Remove unneeded t assignment. Signed-off-by: Kir Kolyshkin --- libcontainer/criu_linux.go | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/libcontainer/criu_linux.go b/libcontainer/criu_linux.go index 4df92c116f2..76ca672bef4 100644 --- a/libcontainer/criu_linux.go +++ b/libcontainer/criu_linux.go @@ -971,15 +971,14 @@ func (c *Container) criuSwrk(process *Process, req *criurpc.CriuReq, opts *CriuO } t := resp.GetType() - switch { - case t == criurpc.CriuReqType_FEATURE_CHECK: + switch t { + case criurpc.CriuReqType_FEATURE_CHECK: logrus.Debugf("Feature check says: %s", resp) criuFeatures = resp.GetFeatures() - case t == criurpc.CriuReqType_NOTIFY: + case criurpc.CriuReqType_NOTIFY: if err := c.criuNotifications(resp, process, cmd, opts, extFds, oob[:oobn]); err != nil { return err } - t = criurpc.CriuReqType_NOTIFY req = &criurpc.CriuReq{ Type: &t, NotifySuccess: proto.Bool(true), @@ -993,9 +992,9 @@ func (c *Container) criuSwrk(process *Process, req *criurpc.CriuReq, opts *CriuO return err } continue - case t == criurpc.CriuReqType_RESTORE: - case t == criurpc.CriuReqType_DUMP: - case t == criurpc.CriuReqType_PRE_DUMP: + case criurpc.CriuReqType_RESTORE: + case criurpc.CriuReqType_DUMP: + case criurpc.CriuReqType_PRE_DUMP: default: return fmt.Errorf("unable to parse the response %s", resp.String()) } From c77aaa3f95ec7cffbb24c53b0ee8a0b6d19d8839 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 6 Apr 2023 15:09:20 -0700 Subject: [PATCH 0334/1176] criu checkpoint/restore: print errors from criu log When criu fails, it does not give us much context to understand what was the cause of an error -- for that, we need to take a look into its log file. This is somewhat complicated to do (as you can see in parts of checkpoint.bats removed by this commit), and not very user-friendly. Add a function to find and log errors from criu logs, together with some preceding context, in case either checkpoint or restore has failed. Signed-off-by: Kir Kolyshkin --- libcontainer/criu_linux.go | 66 ++++++++++++++++++++++++++++++++++++-- 1 file changed, 64 insertions(+), 2 deletions(-) diff --git a/libcontainer/criu_linux.go b/libcontainer/criu_linux.go index 76ca672bef4..10a5cc12d77 100644 --- a/libcontainer/criu_linux.go +++ b/libcontainer/criu_linux.go @@ -1,6 +1,8 @@ package libcontainer import ( + "bufio" + "bytes" "encoding/json" "errors" "fmt" @@ -277,6 +279,7 @@ func (c *Container) handleRestoringExternalNamespaces(rpcOpts *criurpc.CriuOpts, } func (c *Container) Checkpoint(criuOpts *CriuOpts) error { + const logFile = "dump.log" c.m.Lock() defer c.m.Unlock() @@ -301,6 +304,7 @@ func (c *Container) Checkpoint(criuOpts *CriuOpts) error { return err } + logDir := criuOpts.ImagesDirectory imageDir, err := os.Open(criuOpts.ImagesDirectory) if err != nil { return err @@ -310,7 +314,7 @@ func (c *Container) Checkpoint(criuOpts *CriuOpts) error { rpcOpts := criurpc.CriuOpts{ ImagesDirFd: proto.Int32(int32(imageDir.Fd())), LogLevel: proto.Int32(4), - LogFile: proto.String("dump.log"), + LogFile: proto.String(logFile), Root: proto.String(c.config.Rootfs), ManageCgroups: proto.Bool(true), NotifyScripts: proto.Bool(true), @@ -337,6 +341,7 @@ func (c *Container) Checkpoint(criuOpts *CriuOpts) error { } defer workDir.Close() rpcOpts.WorkDirFd = proto.Int32(int32(workDir.Fd())) + logDir = criuOpts.WorkDirectory } c.handleCriuConfigurationFile(&rpcOpts) @@ -479,6 +484,7 @@ func (c *Container) Checkpoint(criuOpts *CriuOpts) error { err = c.criuSwrk(nil, req, criuOpts, nil) if err != nil { + logCriuErrors(logDir, logFile) return err } return nil @@ -627,6 +633,7 @@ func (c *Container) prepareCriuRestoreMounts(mounts []*configs.Mount) error { // Restore restores the checkpointed container to a running state using the // criu(8) utility. func (c *Container) Restore(process *Process, criuOpts *CriuOpts) error { + const logFile = "restore.log" c.m.Lock() defer c.m.Unlock() @@ -644,6 +651,7 @@ func (c *Container) Restore(process *Process, criuOpts *CriuOpts) error { if criuOpts.ImagesDirectory == "" { return errors.New("invalid directory to restore checkpoint") } + logDir := criuOpts.ImagesDirectory imageDir, err := os.Open(criuOpts.ImagesDirectory) if err != nil { return err @@ -675,7 +683,7 @@ func (c *Container) Restore(process *Process, criuOpts *CriuOpts) error { ImagesDirFd: proto.Int32(int32(imageDir.Fd())), EvasiveDevices: proto.Bool(true), LogLevel: proto.Int32(4), - LogFile: proto.String("restore.log"), + LogFile: proto.String(logFile), RstSibling: proto.Bool(true), Root: proto.String(root), ManageCgroups: proto.Bool(true), @@ -718,6 +726,7 @@ func (c *Container) Restore(process *Process, criuOpts *CriuOpts) error { } defer workDir.Close() req.Opts.WorkDirFd = proto.Int32(int32(workDir.Fd())) + logDir = criuOpts.WorkDirectory } c.handleCriuConfigurationFile(req.Opts) @@ -791,6 +800,9 @@ func (c *Container) Restore(process *Process, criuOpts *CriuOpts) error { } } err = c.criuSwrk(process, req, criuOpts, extraFiles) + if err != nil { + logCriuErrors(logDir, logFile) + } // Now that CRIU is done let's close all opened FDs CRIU needed. for _, fd := range extraFiles { @@ -800,6 +812,56 @@ func (c *Container) Restore(process *Process, criuOpts *CriuOpts) error { return err } +// logCriuErrors tries to find and log errors from a criu log file. +// The output is similar to what "grep -n -B5 Error" does. +func logCriuErrors(dir, file string) { + lookFor := []byte("Error") // Print the line that contains this... + const max = 5 + 1 // ... and a few preceding lines. + + logFile := filepath.Join(dir, file) + f, err := os.Open(logFile) + if err != nil { + logrus.Warn(err) + return + } + defer f.Close() + + var lines [max][]byte + var idx, lineNo, printedLineNo int + s := bufio.NewScanner(f) + for s.Scan() { + lineNo++ + lines[idx] = s.Bytes() + idx = (idx + 1) % max + if !bytes.Contains(s.Bytes(), lookFor) { + continue + } + // Found an error. + if printedLineNo == 0 { + logrus.Warnf("--- Quoting %q", logFile) + } else if lineNo-max > printedLineNo { + // Mark the gap. + logrus.Warn("...") + } + // Print the last lines. + for add := 0; add < max; add++ { + i := (idx + add) % max + s := lines[i] + actLineNo := lineNo + add - max + 1 + if len(s) > 0 && actLineNo > printedLineNo { + logrus.Warnf("%d:%s", actLineNo, s) + printedLineNo = actLineNo + } + } + } + if printedLineNo != 0 { + logrus.Warn("---") // End of "Quoting ...". + } + if err := s.Err(); err != nil { + logrus.Warnf("read %q: %v", logFile, err) + } +} + func (c *Container) criuApplyCgroups(pid int, req *criurpc.CriuReq) error { // need to apply cgroups only on restore if req.GetType() != criurpc.CriuReqType_RESTORE { From 38676931ed9ea2e7fbe4fac2b6c6d131900a05a9 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 3 Aug 2023 10:37:43 -0700 Subject: [PATCH 0335/1176] criu: do not add log file into error message As we now log the log file name in logCriuErrors. While at it, there is no need to use var.String() with %s as it is done by the runtime. Signed-off-by: Kir Kolyshkin --- libcontainer/criu_linux.go | 15 +++------------ 1 file changed, 3 insertions(+), 12 deletions(-) diff --git a/libcontainer/criu_linux.go b/libcontainer/criu_linux.go index 10a5cc12d77..31c8a900eb1 100644 --- a/libcontainer/criu_linux.go +++ b/libcontainer/criu_linux.go @@ -902,14 +902,6 @@ func (c *Container) criuSwrk(process *Process, req *criurpc.CriuReq, opts *CriuO return err } - var logPath string - if opts != nil { - logPath = filepath.Join(opts.WorkDirectory, req.GetOpts().GetLogFile()) - } else { - // For the VERSION RPC 'opts' is set to 'nil' and therefore - // opts.WorkDirectory does not exist. Set logPath to "". - logPath = "" - } criuClient := os.NewFile(uintptr(fds[0]), "criu-transport-client") criuClientFileCon, err := net.FileConn(criuClient) criuClient.Close() @@ -1027,12 +1019,11 @@ func (c *Container) criuSwrk(process *Process, req *criurpc.CriuReq, opts *CriuO if err != nil { return err } + t := resp.GetType() if !resp.GetSuccess() { - typeString := req.GetType().String() - return fmt.Errorf("criu failed: type %s errno %d\nlog file: %s", typeString, resp.GetCrErrno(), logPath) + return fmt.Errorf("criu failed: type %s errno %d", t, resp.GetCrErrno()) } - t := resp.GetType() switch t { case criurpc.CriuReqType_FEATURE_CHECK: logrus.Debugf("Feature check says: %s", resp) @@ -1080,7 +1071,7 @@ func (c *Container) criuSwrk(process *Process, req *criurpc.CriuReq, opts *CriuO // If we got the message CriuReqType_PRE_DUMP it means // CRIU was successful and we need to forcefully stop CRIU if !criuProcessState.Success() && *req.Type != criurpc.CriuReqType_PRE_DUMP { - return fmt.Errorf("criu failed: %s\nlog file: %s", criuProcessState.String(), logPath) + return fmt.Errorf("criu failed: %s", criuProcessState) } return nil } From b999376fb237195265081a8b8ba3fd3bd6ef8c2c Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Fri, 7 Jul 2023 22:45:44 +1000 Subject: [PATCH 0336/1176] nsenter: cloned_binary: remove bindfd logic entirely While the ro-bind-mount trick did eliminate the memory overhead of copying the runc binary for each "runc init" invocation, on machines with very significant container churn, creating a temporary mount namespace on every container invocation can trigger severe lock contention on namespace_sem that makes containers fail to spawn. The only reason we added bindfd in commit 16612d74de5f ("nsenter: cloned_binary: try to ro-bind /proc/self/exe before copying") was due to a Kubernetes e2e test failure where they had a ridiculously small memory limit. It seems incredibly unlikely that real workloads are running without 10MB to spare for the very short time that runc is interacting with the container. In addition, since the original cloned_binary implementation, cgroupv2 is now almost universally used on modern systems. Unlike cgroupv1, the cgroupv2 memcg implementation does not migrate memory usage when processes change cgroups (even cgroupv1 only did this if you had memory.move_charge_at_immigrate enabled). In addition, because we do the /proc/self/exe clone before synchronising the bootstrap data read, we are guaranteed to do the clone before "runc init" is moved into the container cgroup -- meaning that the memory used by the /proc/self/exe clone is charged against the root cgroup, and thus container workloads should not be affected at all with memfd cloning. The long-term fix for this problem is to block the /proc/self/exe re-opening attack entirely in-kernel, which is something I'm working on[1]. Though it should also be noted that because the memfd is completely separate to the host binary, even attacks like Dirty COW against the runc binary can be defended against with the memfd approach. Of course, once we have in-kernel protection against the /proc/self/exe re-opening attack, we won't have that protection anymore... [1]: https://lwn.net/Articles/934460/ Signed-off-by: Aleksa Sarai --- libcontainer/nsenter/cloned_binary.c | 205 --------------------------- 1 file changed, 205 deletions(-) diff --git a/libcontainer/nsenter/cloned_binary.c b/libcontainer/nsenter/cloned_binary.c index 06c7b00b91a..d4740c0b7ee 100644 --- a/libcontainer/nsenter/cloned_binary.c +++ b/libcontainer/nsenter/cloned_binary.c @@ -400,199 +400,6 @@ static int seal_execfd(int *fd, int fdtype) return -1; } -struct bindfd_child_args { - int sockfd; - const char *mount_target; -}; - -static int bindfd_in_subprocess(void *arg) -{ - /* - * In the interests of efficiency (read: minimizing the syscall count) - * and conciseness, no attempt is made to release resources which would - * be cleaned up automatically on process exit, i.e. when this function - * returns. This includes filesystem mounts, as this function is - * executed in a dedicated mount namespace. - */ - - /* - * For obvious reasons this won't work in rootless mode because we - * haven't created a userns -- but getting that to work will be a bit - * complicated and it's only worth doing if someone actually needs it. - */ - if (mount("none", "/", NULL, MS_SLAVE | MS_REC, NULL) < 0) - return errno; - /* - * The kernel resolves the magic symlink /proc/self/exe to the real file - * _in the original mount namespace_. Cross-namespace bind mounts are - * not allowed, so we must locate the file inside the current mount - * namespace to be able to bind-mount it. (The mount(8) command resolves - * symlinks, which is why it appears to work at first glance.) - */ - char linkbuf[PATH_MAX + 1] = { 0 }; - ssize_t linkpathlen = readlink("/proc/self/exe", linkbuf, sizeof(linkbuf)); - if (linkpathlen < 0) - return errno; - if (linkpathlen == sizeof(linkbuf)) { - /* - * The link path is longer than PATH_MAX, and the contents of - * linkbuf might have been truncated. A truncated path could - * happen to be a valid path to a different file, which could - * allow for local privilege escalation if we were to exec it. - * The mount syscall doesn't accept paths longer than PATH_MAX, - * anyway. - */ - return ENAMETOOLONG; - } - - int srcfd = open(linkbuf, O_PATH | O_CLOEXEC); - if (srcfd < 0) - return errno; - /* - * linkbuf holds the path to the binary which the parent process was - * launched from. Someone could have moved a different file to that path - * in the interim, in which case srcfd is not the file we want to - * bind-mount. Guard against this situation by verifying srcfd is the - * same file as /proc/self/exe. - */ - struct stat realexe = { 0 }; - if (stat("/proc/self/exe", &realexe) < 0) - return errno; - struct stat resolved = { 0 }; - if (fstat(srcfd, &resolved) < 0) - return errno; - if (resolved.st_dev != realexe.st_dev || resolved.st_ino != realexe.st_ino) - return ENOENT; - if (snprintf(linkbuf, sizeof(linkbuf), "/proc/self/fd/%d", srcfd) == sizeof(linkbuf)) - return ENAMETOOLONG; - - const struct bindfd_child_args *args = arg; - if (mount(linkbuf, args->mount_target, "", MS_BIND, "") < 0) - return errno; - if (mount("", args->mount_target, "", MS_REMOUNT | MS_BIND | MS_RDONLY, "") < 0) - return errno; - - int fd = open(args->mount_target, O_PATH | O_CLOEXEC); - if (fd < 0) - return errno; - - /* - * Make sure the MNT_DETACH works, otherwise we could get remounted - * read-write and that would be quite bad. - */ - if (umount2(args->mount_target, MNT_DETACH) < 0) - return errno; - - if (send_fd(args->sockfd, fd) < 0) - return errno; - return 0; -} - -static int spawn_bindfd_child(const struct bindfd_child_args *args) __attribute__((noinline)); -static int spawn_bindfd_child(const struct bindfd_child_args *args) -{ - /* - * Carve out a chunk of our call stack for the child process to use as - * we can be sure it is correctly mapped for use as stack. (Technically - * only the libc clone() wrapper writes to this buffer. The child - * process operates on a copy of the parent's virtual memory space and - * so can safely overflow into the rest of the stack memory region - * without consequence.) - */ - char stack[4 * 1024] __attribute__((aligned(16))); - int tid = clone(bindfd_in_subprocess, - /* - * Assume stack grows down, as HP-PA, the only Linux - * platform where stack grows up, is obsolete. - */ - stack + sizeof(stack), - /* - * Suspend the parent process until the child has exited to - * save an unnecessary context switch as we'd just be - * waiting for the child process to exit anyway. - */ - CLONE_NEWNS | CLONE_VFORK, (void *)args); - if (tid < 0) - return -errno; - return tid; -} - -static int try_bindfd(void) -{ - int fd, ret = -1; - char template[PATH_MAX] = { 0 }; - char *prefix = getenv("_LIBCONTAINER_STATEDIR"); - - if (!prefix || *prefix != '/') - prefix = "/tmp"; - if (snprintf(template, sizeof(template), "%s/runc.XXXXXX", prefix) < 0) - return ret; - - /* - * We need somewhere to mount it, mounting anything over /proc/self is a - * BAD idea on the host -- even if we do it temporarily. - */ - fd = mkstemp(template); - if (fd < 0) - return ret; - close(fd); - - /* - * Daemons such as systemd and udisks2 watch /proc/self/mountinfo and - * re-parse it on every change, which gets expensive when the mount table - * is large and/or changes frequently. Perform the mount operations in a - * new, private mount namespace so as not to wake up those processes - * every time we nsexec into a container. We clone a child process into - * a new mount namespace to do the dirty work so the side effects of - * unsharing the mount namespace do not leak into the current process. - */ - int sock[2]; - if (socketpair(AF_LOCAL, SOCK_STREAM, 0, sock) < 0) { - ret = -errno; - goto cleanup_unlink; - } - - struct bindfd_child_args args = { - .sockfd = sock[0], - .mount_target = template, - }; - int cpid = spawn_bindfd_child(&args); - close(sock[0]); - if (cpid < 0) { - ret = cpid; - goto cleanup_socketpair; - } - - int wstatus = 0; - if (waitpid(cpid, &wstatus, __WCLONE) < 0) - bail("error waiting for bindfd child process to exit"); - if (WIFEXITED(wstatus)) { - if (WEXITSTATUS(wstatus)) { - ret = -WEXITSTATUS(wstatus); - goto cleanup_socketpair; - } - } else if (WIFSIGNALED(wstatus)) { - int sig = WTERMSIG(wstatus); - bail("bindfd child process terminated by signal %d (%s)", sig, strsignal(sig)); - } else { - /* Should never happen... */ - bail("unexpected waitpid() status for bindfd child process: 0x%x", wstatus); - } - - ret = receive_fd(sock[1]); - -cleanup_socketpair: - close(sock[1]); - -cleanup_unlink: - /* - * We don't care about unlink errors, the worst that happens is that - * there's an empty file left around in STATEDIR. - */ - unlink(template); - return ret; -} - static ssize_t fd_to_fd(int outfd, int infd) { ssize_t total = 0; @@ -627,18 +434,6 @@ static int clone_binary(void) size_t sent = 0; int fdtype = EFD_NONE; - /* - * Before we resort to copying, let's try creating an ro-binfd in one shot - * by getting a handle for a read-only bind-mount of the execfd. - */ - execfd = try_bindfd(); - if (execfd >= 0) - return execfd; - - /* - * Dammit, that didn't work -- time to copy the binary to a safe place we - * can seal the contents. - */ execfd = make_execfd(&fdtype); if (execfd < 0 || fdtype == EFD_NONE) return -ENOTRECOVERABLE; From 0d890ad66f4d1cb8f3591eff60cb49a2cf2e80d0 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Fri, 7 Jul 2023 22:55:03 +1000 Subject: [PATCH 0337/1176] nsenter: cloned_binary: use MFD_EXEC and F_SEAL_EXEC With the new vm.memfd_noexec sysctl, we need to make sure we explicitly request MFD_EXEC, otherwise an admin could inadvertently break containers in a somewhat-annoying-to-debug fashion. It should be noted that vm.memfd_noexec=2 is broken on Linux 6.4 (MFD_EXEC works even in the most restrictive mode) and the most severe breakage is going to be fixed in Linux 6.6[1]. [1]: https://lore.kernel.org/20230705063315.3680666-2-jeffxu@google.com/ Signed-off-by: Aleksa Sarai --- libcontainer/nsenter/cloned_binary.c | 100 ++++++++++++++++++++++----- 1 file changed, 83 insertions(+), 17 deletions(-) diff --git a/libcontainer/nsenter/cloned_binary.c b/libcontainer/nsenter/cloned_binary.c index d4740c0b7ee..a7f992fddd7 100644 --- a/libcontainer/nsenter/cloned_binary.c +++ b/libcontainer/nsenter/cloned_binary.c @@ -96,6 +96,9 @@ # define MFD_CLOEXEC 0x0001U # define MFD_ALLOW_SEALING 0x0002U #endif +#ifndef MFD_EXEC +# define MFD_EXEC 0x0010U +#endif int memfd_create(const char *name, unsigned int flags) { @@ -116,15 +119,27 @@ int memfd_create(const char *name, unsigned int flags) # define F_GET_SEALS (F_LINUX_SPECIFIC_BASE + 10) #endif #ifndef F_SEAL_SEAL -# define F_SEAL_SEAL 0x0001 /* prevent further seals from being set */ -# define F_SEAL_SHRINK 0x0002 /* prevent file from shrinking */ -# define F_SEAL_GROW 0x0004 /* prevent file from growing */ -# define F_SEAL_WRITE 0x0008 /* prevent writes */ +# define F_SEAL_SEAL 0x0001 /* prevent further seals from being set */ +# define F_SEAL_SHRINK 0x0002 /* prevent file from shrinking */ +# define F_SEAL_GROW 0x0004 /* prevent file from growing */ +# define F_SEAL_WRITE 0x0008 /* prevent writes */ +#endif +#ifndef F_SEAL_FUTURE_WRITE +# define F_SEAL_FUTURE_WRITE 0x0010 /* prevent future writes while mapped */ +#endif +#ifndef F_SEAL_EXEC +# define F_SEAL_EXEC 0x0020 /* prevent chmod modifying exec bits */ #endif #define CLONED_BINARY_ENV "_LIBCONTAINER_CLONED_BINARY" #define RUNC_MEMFD_COMMENT "runc_cloned:/proc/self/exe" -#define RUNC_MEMFD_SEALS \ +/* + * There are newer memfd seals (such as F_SEAL_FUTURE_WRITE and F_SEAL_EXEC), + * which we use opportunistically. However, this set is the original set of + * memfd seals, and we require them all to be set to trust our /proc/self/exe + * if it is a memfd. + */ +#define RUNC_MEMFD_MIN_SEALS \ (F_SEAL_SEAL | F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_WRITE) static void *must_realloc(void *ptr, size_t size) @@ -143,25 +158,27 @@ static void *must_realloc(void *ptr, size_t size) */ static int is_self_cloned(void) { - int fd, is_cloned = 0; + int fd, seals = 0, is_cloned = false; struct stat statbuf = { }; struct statfs fsbuf = { }; fd = open("/proc/self/exe", O_RDONLY | O_CLOEXEC); if (fd < 0) { - fprintf(stderr, "you have no read access to runc binary file\n"); + write_log(ERROR, "cannot open runc binary for reading: open /proc/self/exe: %m"); return -ENOTRECOVERABLE; } /* * Is the binary a fully-sealed memfd? We don't need CLONED_BINARY_ENV for - * this, because you cannot write to a sealed memfd no matter what (so - * sharing it isn't a bad thing -- and an admin could bind-mount a sealed - * memfd to /usr/bin/runc to allow re-use). + * this, because you cannot write to a sealed memfd no matter what. */ - is_cloned = (fcntl(fd, F_GET_SEALS) == RUNC_MEMFD_SEALS); - if (is_cloned) - goto out; + seals = fcntl(fd, F_GET_SEALS); + if (seals >= 0) { + write_log(DEBUG, "checking /proc/self/exe memfd seals: 0x%x", seals); + is_cloned = (seals & RUNC_MEMFD_MIN_SEALS) == RUNC_MEMFD_MIN_SEALS; + if (is_cloned) + goto out; + } /* * All other forms require CLONED_BINARY_ENV, since they are potentially @@ -298,6 +315,35 @@ enum { # endif #endif +static inline bool is_memfd_unsupported_error(int err) +{ + /* + * - ENOSYS is obviously an "unsupported" error. + * + * - EINVAL could be hit if MFD_EXEC is not supported (pre-6.3 kernel), + * but it can also be hit if vm.memfd_noexec=2 (in kernels without + * [1] applied) and the flags does not contain MFD_EXEC. However, + * there was a bug in the original 6.3 implementation of + * vm.memfd_noexec=2, which meant that MFD_EXEC would work even in + * the "strict" mode. Because we try MFD_EXEC first, we won't get + * EINVAL in the vm.memfd_noexec=2 case (which means we don't need to + * figure out whether to log the message about memfd_create). + * + * - EACCES is returned in kernels that contain [1] in the + * vm.memfd_noexec=2 case. + * + * At time of writing, [1] is not in Linus's tree and it't not clear if + * it will be backported to stable, so what exact versions apply here + * is unclear. But the bug is present in 6.3-6.5 at the very least. + * + * [1]: https://lore.kernel.org/all/20230705063315.3680666-2-jeffxu@google.com/ + */ + if (err == EACCES) + write_log(INFO, + "memfd_create(MFD_EXEC) failed, possibly due to vm.memfd_noexec=2 -- falling back to less secure O_TMPFILE"); + return err == ENOSYS || err == EINVAL || err == EACCES; +} + static int make_execfd(int *fdtype) { int fd = -1; @@ -315,10 +361,20 @@ static int make_execfd(int *fdtype) * assumptions about STATEDIR. */ *fdtype = EFD_MEMFD; - fd = memfd_create(RUNC_MEMFD_COMMENT, MFD_CLOEXEC | MFD_ALLOW_SEALING); + /* + * On newer kernels we should set MFD_EXEC to indicate we need +x + * permissions. Otherwise an admin with vm.memfd_noexec=1 would subtly + * break runc. vm.memfd_noexec=2 is a little bit more complicated, see the + * comment in is_memfd_unsupported_error() -- the upshot is that doing it + * this way works, but only because of two overlapping bugs in the sysctl + * implementation. + */ + fd = memfd_create(RUNC_MEMFD_COMMENT, MFD_EXEC | MFD_CLOEXEC | MFD_ALLOW_SEALING); + if (fd < 0 && is_memfd_unsupported_error(errno)) + fd = memfd_create(RUNC_MEMFD_COMMENT, MFD_CLOEXEC | MFD_ALLOW_SEALING); if (fd >= 0) return fd; - if (errno != ENOSYS && errno != EINVAL) + if (!is_memfd_unsupported_error(errno)) goto error; #ifdef O_TMPFILE @@ -373,8 +429,18 @@ static int make_execfd(int *fdtype) static int seal_execfd(int *fd, int fdtype) { switch (fdtype) { - case EFD_MEMFD: - return fcntl(*fd, F_ADD_SEALS, RUNC_MEMFD_SEALS); + case EFD_MEMFD:{ + /* + * Try to seal with newer seals, but we ignore errors because older + * kernels don't support some of them. For container security only + * RUNC_MEMFD_MIN_SEALS are strictly required, but the rest are + * nice-to-haves. We apply RUNC_MEMFD_MIN_SEALS at the end because it + * contains F_SEAL_SEAL. + */ + int __attribute__((unused)) _err1 = fcntl(*fd, F_ADD_SEALS, F_SEAL_FUTURE_WRITE); // Linux 5.1 + int __attribute__((unused)) _err2 = fcntl(*fd, F_ADD_SEALS, F_SEAL_EXEC); // Linux 6.3 + return fcntl(*fd, F_ADD_SEALS, RUNC_MEMFD_MIN_SEALS); + } case EFD_FILE:{ /* Need to re-open our pseudo-memfd as an O_PATH to avoid execve(2) giving -ETXTBSY. */ int newfd; From 789a73db22b5618486a06cdf6e8616bf55d9ae9f Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 9 Dec 2021 13:01:03 -0800 Subject: [PATCH 0338/1176] init.go: move logger setup to StartInitialization Currently, logrus is used from the Go part of runc init, mostly for a few debug messages (see setns_init_linux.go and standard_init_linux.go), and a single warning (see rootfs_linux.go). This means logrus is part of init implementation, and thus, its setup belongs to StartInitialization(). Move the code there. As a nice side effect, now we don't have to convert _LIBCONTAINER_LOGPIPE twice. Note that since this initialization is now also called from libct/int tests, which do not set _LIBCONTAINER_LOGLEVEL, let's make _LIBCONTAINER_LOGLEVEL optional. Signed-off-by: Kir Kolyshkin --- init.go | 17 ----------------- libcontainer/container_linux.go | 7 ++++--- libcontainer/init_linux.go | 32 ++++++++++++++++++++++---------- 3 files changed, 26 insertions(+), 30 deletions(-) diff --git a/init.go b/init.go index 2f44ce8a555..79176e2f14f 100644 --- a/init.go +++ b/init.go @@ -3,11 +3,9 @@ package main import ( "os" "runtime" - "strconv" "github.com/opencontainers/runc/libcontainer" _ "github.com/opencontainers/runc/libcontainer/nsenter" - "github.com/sirupsen/logrus" ) func init() { @@ -17,21 +15,6 @@ func init() { runtime.GOMAXPROCS(1) runtime.LockOSThread() - level, err := strconv.Atoi(os.Getenv("_LIBCONTAINER_LOGLEVEL")) - if err != nil { - panic(err) - } - - logPipeFd, err := strconv.Atoi(os.Getenv("_LIBCONTAINER_LOGPIPE")) - if err != nil { - panic(err) - } - - logrus.SetLevel(logrus.Level(level)) - logrus.SetOutput(os.NewFile(uintptr(logPipeFd), "logpipe")) - logrus.SetFormatter(new(logrus.JSONFormatter)) - logrus.Debug("child process in init()") - if err := libcontainer.StartInitialization(); err != nil { // as the error is sent back to the parent there is no need to log // or write it to stderr because the parent process will handle this diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index 2f0a6c64166..1756c384cad 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -501,9 +501,10 @@ func (c *Container) commandTemplate(p *Process, childInitPipe *os.File, childLog cmd.ExtraFiles = append(cmd.ExtraFiles, childLogPipe) cmd.Env = append(cmd.Env, - "_LIBCONTAINER_LOGPIPE="+strconv.Itoa(stdioFdCount+len(cmd.ExtraFiles)-1), - "_LIBCONTAINER_LOGLEVEL="+p.LogLevel, - ) + "_LIBCONTAINER_LOGPIPE="+strconv.Itoa(stdioFdCount+len(cmd.ExtraFiles)-1)) + if p.LogLevel != "" { + cmd.Env = append(cmd.Env, "_LIBCONTAINER_LOGLEVEL="+p.LogLevel) + } // NOTE: when running a container with no PID namespace and the parent process spawning the container is // PID1 the pdeathsig is being delivered to the container's init process by the kernel for some reason diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go index 42cae1ccb65..9d187c9308c 100644 --- a/libcontainer/init_linux.go +++ b/libcontainer/init_linux.go @@ -92,9 +92,7 @@ func StartInitialization() (retErr error) { envInitPipe := os.Getenv("_LIBCONTAINER_INITPIPE") pipefd, err := strconv.Atoi(envInitPipe) if err != nil { - err = fmt.Errorf("unable to convert _LIBCONTAINER_INITPIPE: %w", err) - logrus.Error(err) - return err + return fmt.Errorf("unable to convert _LIBCONTAINER_INITPIPE: %w", err) } pipe := os.NewFile(uintptr(pipefd), "pipe") defer pipe.Close() @@ -112,6 +110,26 @@ func StartInitialization() (retErr error) { } }() + // Set up logging. This is used rarely, and mostly for init debugging. + + // Passing log level is optional; currently libcontainer/integration does not do it. + if levelStr := os.Getenv("_LIBCONTAINER_LOGLEVEL"); levelStr != "" { + logLevel, err := strconv.Atoi(levelStr) + if err != nil { + return fmt.Errorf("unable to convert _LIBCONTAINER_LOGLEVEL: %w", err) + } + logrus.SetLevel(logrus.Level(logLevel)) + } + + logFD, err := strconv.Atoi(os.Getenv("_LIBCONTAINER_LOGPIPE")) + if err != nil { + return fmt.Errorf("unable to convert _LIBCONTAINER_LOGPIPE: %w", err) + } + + logrus.SetOutput(os.NewFile(uintptr(logFD), "logpipe")) + logrus.SetFormatter(new(logrus.JSONFormatter)) + logrus.Debug("child process in init()") + // Only init processes have FIFOFD. fifofd := -1 envInitType := os.Getenv("_LIBCONTAINER_INITTYPE") @@ -133,12 +151,6 @@ func StartInitialization() (retErr error) { defer consoleSocket.Close() } - logPipeFdStr := os.Getenv("_LIBCONTAINER_LOGPIPE") - logPipeFd, err := strconv.Atoi(logPipeFdStr) - if err != nil { - return fmt.Errorf("unable to convert _LIBCONTAINER_LOGPIPE: %w", err) - } - // Get mount files (O_PATH). mountSrcFds, err := parseFdsFromEnv("_LIBCONTAINER_MOUNT_FDS") if err != nil { @@ -166,7 +178,7 @@ func StartInitialization() (retErr error) { }() // If init succeeds, it will not return, hence none of the defers will be called. - return containerInit(it, pipe, consoleSocket, fifofd, logPipeFd, mountFds{sourceFds: mountSrcFds, idmapFds: idmapFds}) + return containerInit(it, pipe, consoleSocket, fifofd, logFD, mountFds{sourceFds: mountSrcFds, idmapFds: idmapFds}) } func containerInit(t initType, pipe *os.File, consoleSocket *os.File, fifoFd, logFd int, mountFds mountFds) error { From 883aef789b36853df7b30a5aaed3154d93d4e0f2 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 19 Apr 2023 14:52:30 -0700 Subject: [PATCH 0339/1176] libct/init: unify init, fix its error logic This commit does two things: 1. Consolidate StartInitialization calling logic into Init(). 2. Fix init error handling logic. The main issues at hand are: - the "unable to convert _LIBCONTAINER_INITPIPE" error from StartInitialization is never shown; - errors from WriteSync and WriteJSON are never shown; - the StartInit calling code is triplicated; - using panic is questionable. Generally, our goals are: - if there's any error, do our best to show it; - but only show each error once; - simplify the code, unify init implementations. Signed-off-by: Kir Kolyshkin --- init.go | 11 +------- libcontainer/README.md | 19 +++---------- libcontainer/init_linux.go | 39 +++++++++++++++++++++------ libcontainer/integration/init_test.go | 17 ++---------- 4 files changed, 37 insertions(+), 49 deletions(-) diff --git a/init.go b/init.go index 79176e2f14f..7933630635b 100644 --- a/init.go +++ b/init.go @@ -2,7 +2,6 @@ package main import ( "os" - "runtime" "github.com/opencontainers/runc/libcontainer" _ "github.com/opencontainers/runc/libcontainer/nsenter" @@ -12,14 +11,6 @@ func init() { if len(os.Args) > 1 && os.Args[1] == "init" { // This is the golang entry point for runc init, executed // before main() but after libcontainer/nsenter's nsexec(). - runtime.GOMAXPROCS(1) - runtime.LockOSThread() - - if err := libcontainer.StartInitialization(); err != nil { - // as the error is sent back to the parent there is no need to log - // or write it to stderr because the parent process will handle this - os.Exit(1) - } - panic("libcontainer: container init failed to exec") + libcontainer.Init() } } diff --git a/libcontainer/README.md b/libcontainer/README.md index 303dd6125aa..0a4ae96c9b3 100644 --- a/libcontainer/README.md +++ b/libcontainer/README.md @@ -23,22 +23,9 @@ function as the entry of "bootstrap". In addition to the go init function the early stage bootstrap is handled by importing [nsenter](https://github.com/opencontainers/runc/blob/master/libcontainer/nsenter/README.md). -```go -import ( - _ "github.com/opencontainers/runc/libcontainer/nsenter" -) - -func init() { - if len(os.Args) > 1 && os.Args[1] == "init" { - runtime.GOMAXPROCS(1) - runtime.LockOSThread() - if err := libcontainer.StartInitialization(); err != nil { - logrus.Fatal(err) - } - panic("--this line should have never been executed, congratulations--") - } -} -``` +For details on how runc implements such "init", see +[init.go](https://github.com/opencontainers/runc/blob/master/init.go) +and [libcontainer/init_linux.go](https://github.com/opencontainers/runc/blob/master/libcontainer/init_linux.go). Then to create a container you first have to create a configuration struct describing how the container is to be created. A sample would look similar to this: diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go index 9d187c9308c..2e2d00ff83a 100644 --- a/libcontainer/init_linux.go +++ b/libcontainer/init_linux.go @@ -8,6 +8,7 @@ import ( "io" "net" "os" + "runtime" "runtime/debug" "strconv" "strings" @@ -84,10 +85,30 @@ type initConfig struct { Cgroup2Path string `json:"cgroup2_path,omitempty"` } -// StartInitialization loads a container by opening the pipe fd from the parent -// to read the configuration and state. This is a low level implementation -// detail of the reexec and should not be consumed externally. -func StartInitialization() (retErr error) { +// Init is part of "runc init" implementation. +func Init() { + runtime.GOMAXPROCS(1) + runtime.LockOSThread() + + if err := startInitialization(); err != nil { + // If the error is returned, it was not communicated + // back to the parent (which is not a common case), + // so print it to stderr here as a last resort. + // + // Do not use logrus as we are not sure if it has been + // set up yet, but most important, if the parent is + // alive (and its log forwarding is working). + fmt.Fprintln(os.Stderr, err) + } + // Normally, StartInitialization() never returns, meaning + // if we are here, it had failed. + os.Exit(1) +} + +// Normally, this function does not return. If it returns, with or without an +// error, it means the initialization has failed. If the error is returned, +// it means the error can not be communicated back to the parent. +func startInitialization() (retErr error) { // Get the INITPIPE. envInitPipe := os.Getenv("_LIBCONTAINER_INITPIPE") pipefd, err := strconv.Atoi(envInitPipe) @@ -98,16 +119,18 @@ func StartInitialization() (retErr error) { defer pipe.Close() defer func() { - // We have an error during the initialization of the container's init, - // send it back to the parent process in the form of an initError. + // If this defer is ever called, this means initialization has failed. + // Send the error back to the parent process in the form of an initError. if err := writeSync(pipe, procError); err != nil { - fmt.Fprintln(os.Stderr, retErr) + fmt.Fprintln(os.Stderr, err) return } if err := utils.WriteJSON(pipe, &initError{Message: retErr.Error()}); err != nil { - fmt.Fprintln(os.Stderr, retErr) + fmt.Fprintln(os.Stderr, err) return } + // The error is sent, no need to also return it (or it will be reported twice). + retErr = nil }() // Set up logging. This is used rarely, and mostly for init debugging. diff --git a/libcontainer/integration/init_test.go b/libcontainer/integration/init_test.go index efcbe72b0f1..a79ffe5c36f 100644 --- a/libcontainer/integration/init_test.go +++ b/libcontainer/integration/init_test.go @@ -1,9 +1,7 @@ package integration import ( - "fmt" "os" - "runtime" "testing" "github.com/opencontainers/runc/libcontainer" @@ -14,20 +12,9 @@ import ( // Same as ../../init.go but for libcontainer/integration. func init() { - if len(os.Args) < 2 || os.Args[1] != "init" { - return + if len(os.Args) > 1 && os.Args[1] == "init" { + libcontainer.Init() } - // This is the golang entry point for runc init, executed - // before TestMain() but after libcontainer/nsenter's nsexec(). - runtime.GOMAXPROCS(1) - runtime.LockOSThread() - if err := libcontainer.StartInitialization(); err != nil { - // logrus is not initialized - fmt.Fprintln(os.Stderr, err) - } - // Normally, StartInitialization() never returns, meaning - // if we are here, it had failed. - os.Exit(1) } func TestMain(m *testing.M) { From 61a454cc0899b6a62c60272c854aefcc2e9c4f1a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 7 Aug 2023 04:19:31 +0000 Subject: [PATCH 0340/1176] build(deps): bump golang.org/x/net from 0.13.0 to 0.14.0 Bumps [golang.org/x/net](https://github.com/golang/net) from 0.13.0 to 0.14.0. - [Commits](https://github.com/golang/net/compare/v0.13.0...v0.14.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 4 +- go.sum | 8 +-- vendor/golang.org/x/sys/unix/mkerrors.sh | 2 +- vendor/golang.org/x/sys/unix/mmap_nomremap.go | 14 +++++ vendor/golang.org/x/sys/unix/mremap.go | 21 +++++-- vendor/golang.org/x/sys/unix/syscall_aix.go | 15 ----- vendor/golang.org/x/sys/unix/syscall_bsd.go | 14 ----- .../golang.org/x/sys/unix/syscall_darwin.go | 50 ++++++++------- vendor/golang.org/x/sys/unix/syscall_linux.go | 63 ++++++++++++------- .../x/sys/unix/syscall_linux_amd64.go | 2 +- .../x/sys/unix/syscall_linux_arm64.go | 2 +- .../x/sys/unix/syscall_linux_loong64.go | 2 +- .../x/sys/unix/syscall_linux_mips64x.go | 2 +- .../x/sys/unix/syscall_linux_riscv64.go | 13 +++- .../golang.org/x/sys/unix/syscall_netbsd.go | 13 +++- .../golang.org/x/sys/unix/syscall_solaris.go | 14 ----- vendor/golang.org/x/sys/unix/syscall_unix.go | 8 +++ .../x/sys/unix/syscall_zos_s390x.go | 14 ----- .../x/sys/unix/zerrors_linux_386.go | 9 +++ .../x/sys/unix/zerrors_linux_amd64.go | 9 +++ .../x/sys/unix/zerrors_linux_arm.go | 9 +++ .../x/sys/unix/zerrors_linux_arm64.go | 9 +++ .../x/sys/unix/zerrors_linux_loong64.go | 9 +++ .../x/sys/unix/zerrors_linux_mips.go | 9 +++ .../x/sys/unix/zerrors_linux_mips64.go | 9 +++ .../x/sys/unix/zerrors_linux_mips64le.go | 9 +++ .../x/sys/unix/zerrors_linux_mipsle.go | 9 +++ .../x/sys/unix/zerrors_linux_ppc.go | 9 +++ .../x/sys/unix/zerrors_linux_ppc64.go | 9 +++ .../x/sys/unix/zerrors_linux_ppc64le.go | 9 +++ .../x/sys/unix/zerrors_linux_riscv64.go | 9 +++ .../x/sys/unix/zerrors_linux_s390x.go | 9 +++ .../x/sys/unix/zerrors_linux_sparc64.go | 9 +++ .../golang.org/x/sys/unix/zsyscall_linux.go | 2 +- .../x/sys/unix/zsyscall_linux_riscv64.go | 16 +++++ .../x/sys/unix/zsyscall_netbsd_386.go | 11 ++++ .../x/sys/unix/zsyscall_netbsd_amd64.go | 11 ++++ .../x/sys/unix/zsyscall_netbsd_arm.go | 11 ++++ .../x/sys/unix/zsyscall_netbsd_arm64.go | 11 ++++ .../x/sys/unix/zsysnum_linux_riscv64.go | 2 + vendor/golang.org/x/sys/unix/ztypes_linux.go | 5 ++ .../x/sys/unix/ztypes_linux_riscv64.go | 23 +++++++ .../x/sys/windows/syscall_windows.go | 4 +- vendor/modules.txt | 4 +- 44 files changed, 372 insertions(+), 124 deletions(-) create mode 100644 vendor/golang.org/x/sys/unix/mmap_nomremap.go diff --git a/go.mod b/go.mod index 8b048df4063..ac4d2d9b28f 100644 --- a/go.mod +++ b/go.mod @@ -19,8 +19,8 @@ require ( github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 github.com/urfave/cli v1.22.12 github.com/vishvananda/netlink v1.1.0 - golang.org/x/net v0.13.0 - golang.org/x/sys v0.10.0 + golang.org/x/net v0.14.0 + golang.org/x/sys v0.11.0 google.golang.org/protobuf v1.31.0 ) diff --git a/go.sum b/go.sum index ee4a036c720..ba4dfeffaf2 100644 --- a/go.sum +++ b/go.sum @@ -63,14 +63,14 @@ github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df h1:OviZH7qLw/7Zo github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU= golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2 h1:Jvc7gsqn21cJHCmAWx0LiimpP18LZmUxkT5Mp7EZ1mI= golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= -golang.org/x/net v0.13.0 h1:Nvo8UFsZ8X3BhAC9699Z1j7XQ3rsZnUUm7jfBEk1ueY= -golang.org/x/net v0.13.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA= +golang.org/x/net v0.14.0 h1:BONx9s002vGdD9umnlX1Po8vOZmrgH34qlHcD1MfK14= +golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI= golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA= -golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.11.0 h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM= +golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= diff --git a/vendor/golang.org/x/sys/unix/mkerrors.sh b/vendor/golang.org/x/sys/unix/mkerrors.sh index 0c4d14929a4..8f775fafa69 100644 --- a/vendor/golang.org/x/sys/unix/mkerrors.sh +++ b/vendor/golang.org/x/sys/unix/mkerrors.sh @@ -624,7 +624,7 @@ ccflags="$@" $2 ~ /^MEM/ || $2 ~ /^WG/ || $2 ~ /^FIB_RULE_/ || - $2 ~ /^BLK[A-Z]*(GET$|SET$|BUF$|PART$|SIZE)/ {printf("\t%s = C.%s\n", $2, $2)} + $2 ~ /^BLK[A-Z]*(GET$|SET$|BUF$|PART$|SIZE|IOMIN$|IOOPT$|ALIGNOFF$|DISCARD|ROTATIONAL$|ZEROOUT$|GETDISKSEQ$)/ {printf("\t%s = C.%s\n", $2, $2)} $2 ~ /^__WCOREFLAG$/ {next} $2 ~ /^__W[A-Z0-9]+$/ {printf("\t%s = C.%s\n", substr($2,3), $2)} diff --git a/vendor/golang.org/x/sys/unix/mmap_nomremap.go b/vendor/golang.org/x/sys/unix/mmap_nomremap.go new file mode 100644 index 00000000000..ca0513632ee --- /dev/null +++ b/vendor/golang.org/x/sys/unix/mmap_nomremap.go @@ -0,0 +1,14 @@ +// Copyright 2023 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build aix || darwin || dragonfly || freebsd || openbsd || solaris +// +build aix darwin dragonfly freebsd openbsd solaris + +package unix + +var mapper = &mmapper{ + active: make(map[*byte][]byte), + mmap: mmap, + munmap: munmap, +} diff --git a/vendor/golang.org/x/sys/unix/mremap.go b/vendor/golang.org/x/sys/unix/mremap.go index 86213c05d69..fa93d0aa904 100644 --- a/vendor/golang.org/x/sys/unix/mremap.go +++ b/vendor/golang.org/x/sys/unix/mremap.go @@ -2,8 +2,8 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build linux -// +build linux +//go:build linux || netbsd +// +build linux netbsd package unix @@ -14,8 +14,17 @@ type mremapMmapper struct { mremap func(oldaddr uintptr, oldlength uintptr, newlength uintptr, flags int, newaddr uintptr) (xaddr uintptr, err error) } +var mapper = &mremapMmapper{ + mmapper: mmapper{ + active: make(map[*byte][]byte), + mmap: mmap, + munmap: munmap, + }, + mremap: mremap, +} + func (m *mremapMmapper) Mremap(oldData []byte, newLength int, flags int) (data []byte, err error) { - if newLength <= 0 || len(oldData) == 0 || len(oldData) != cap(oldData) || flags&MREMAP_FIXED != 0 { + if newLength <= 0 || len(oldData) == 0 || len(oldData) != cap(oldData) || flags&mremapFixed != 0 { return nil, EINVAL } @@ -32,9 +41,13 @@ func (m *mremapMmapper) Mremap(oldData []byte, newLength int, flags int) (data [ } bNew := unsafe.Slice((*byte)(unsafe.Pointer(newAddr)), newLength) pNew := &bNew[cap(bNew)-1] - if flags&MREMAP_DONTUNMAP == 0 { + if flags&mremapDontunmap == 0 { delete(m.active, pOld) } m.active[pNew] = bNew return bNew, nil } + +func Mremap(oldData []byte, newLength int, flags int) (data []byte, err error) { + return mapper.Mremap(oldData, newLength, flags) +} diff --git a/vendor/golang.org/x/sys/unix/syscall_aix.go b/vendor/golang.org/x/sys/unix/syscall_aix.go index c406ae00f41..9a6e5acacbf 100644 --- a/vendor/golang.org/x/sys/unix/syscall_aix.go +++ b/vendor/golang.org/x/sys/unix/syscall_aix.go @@ -535,21 +535,6 @@ func Fsync(fd int) error { //sys sendmsg(s int, msg *Msghdr, flags int) (n int, err error) = nsendmsg //sys munmap(addr uintptr, length uintptr) (err error) - -var mapper = &mmapper{ - active: make(map[*byte][]byte), - mmap: mmap, - munmap: munmap, -} - -func Mmap(fd int, offset int64, length int, prot int, flags int) (data []byte, err error) { - return mapper.Mmap(fd, offset, length, prot, flags) -} - -func Munmap(b []byte) (err error) { - return mapper.Munmap(b) -} - //sys Madvise(b []byte, advice int) (err error) //sys Mprotect(b []byte, prot int) (err error) //sys Mlock(b []byte) (err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_bsd.go b/vendor/golang.org/x/sys/unix/syscall_bsd.go index 7705c3270b5..4217de518bc 100644 --- a/vendor/golang.org/x/sys/unix/syscall_bsd.go +++ b/vendor/golang.org/x/sys/unix/syscall_bsd.go @@ -601,20 +601,6 @@ func Poll(fds []PollFd, timeout int) (n int, err error) { // Gethostuuid(uuid *byte, timeout *Timespec) (err error) // Ptrace(req int, pid int, addr uintptr, data int) (ret uintptr, err error) -var mapper = &mmapper{ - active: make(map[*byte][]byte), - mmap: mmap, - munmap: munmap, -} - -func Mmap(fd int, offset int64, length int, prot int, flags int) (data []byte, err error) { - return mapper.Mmap(fd, offset, length, prot, flags) -} - -func Munmap(b []byte) (err error) { - return mapper.Munmap(b) -} - //sys Madvise(b []byte, behav int) (err error) //sys Mlock(b []byte) (err error) //sys Mlockall(flags int) (err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_darwin.go b/vendor/golang.org/x/sys/unix/syscall_darwin.go index 206921504cb..135cc3cd75b 100644 --- a/vendor/golang.org/x/sys/unix/syscall_darwin.go +++ b/vendor/golang.org/x/sys/unix/syscall_darwin.go @@ -510,30 +510,36 @@ func SysctlKinfoProcSlice(name string, args ...int) ([]KinfoProc, error) { return nil, err } - // Find size. - n := uintptr(0) - if err := sysctl(mib, nil, &n, nil, 0); err != nil { - return nil, err - } - if n == 0 { - return nil, nil - } - if n%SizeofKinfoProc != 0 { - return nil, fmt.Errorf("sysctl() returned a size of %d, which is not a multiple of %d", n, SizeofKinfoProc) - } + for { + // Find size. + n := uintptr(0) + if err := sysctl(mib, nil, &n, nil, 0); err != nil { + return nil, err + } + if n == 0 { + return nil, nil + } + if n%SizeofKinfoProc != 0 { + return nil, fmt.Errorf("sysctl() returned a size of %d, which is not a multiple of %d", n, SizeofKinfoProc) + } - // Read into buffer of that size. - buf := make([]KinfoProc, n/SizeofKinfoProc) - if err := sysctl(mib, (*byte)(unsafe.Pointer(&buf[0])), &n, nil, 0); err != nil { - return nil, err - } - if n%SizeofKinfoProc != 0 { - return nil, fmt.Errorf("sysctl() returned a size of %d, which is not a multiple of %d", n, SizeofKinfoProc) - } + // Read into buffer of that size. + buf := make([]KinfoProc, n/SizeofKinfoProc) + if err := sysctl(mib, (*byte)(unsafe.Pointer(&buf[0])), &n, nil, 0); err != nil { + if err == ENOMEM { + // Process table grew. Try again. + continue + } + return nil, err + } + if n%SizeofKinfoProc != 0 { + return nil, fmt.Errorf("sysctl() returned a size of %d, which is not a multiple of %d", n, SizeofKinfoProc) + } - // The actual call may return less than the original reported required - // size so ensure we deal with that. - return buf[:n/SizeofKinfoProc], nil + // The actual call may return less than the original reported required + // size so ensure we deal with that. + return buf[:n/SizeofKinfoProc], nil + } } //sys sendfile(infd int, outfd int, offset int64, len *int64, hdtr unsafe.Pointer, flags int) (err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_linux.go b/vendor/golang.org/x/sys/unix/syscall_linux.go index 39de5f1430b..a730878e493 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux.go @@ -1885,7 +1885,7 @@ func Getpgrp() (pid int) { //sys PerfEventOpen(attr *PerfEventAttr, pid int, cpu int, groupFd int, flags int) (fd int, err error) //sys PivotRoot(newroot string, putold string) (err error) = SYS_PIVOT_ROOT //sys Prctl(option int, arg2 uintptr, arg3 uintptr, arg4 uintptr, arg5 uintptr) (err error) -//sys Pselect(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timespec, sigmask *Sigset_t) (n int, err error) = SYS_PSELECT6 +//sys pselect6(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timespec, sigmask *sigset_argpack) (n int, err error) //sys read(fd int, p []byte) (n int, err error) //sys Removexattr(path string, attr string) (err error) //sys Renameat2(olddirfd int, oldpath string, newdirfd int, newpath string, flags uint) (err error) @@ -2125,28 +2125,6 @@ func writevRacedetect(iovecs []Iovec, n int) { // mmap varies by architecture; see syscall_linux_*.go. //sys munmap(addr uintptr, length uintptr) (err error) //sys mremap(oldaddr uintptr, oldlength uintptr, newlength uintptr, flags int, newaddr uintptr) (xaddr uintptr, err error) - -var mapper = &mremapMmapper{ - mmapper: mmapper{ - active: make(map[*byte][]byte), - mmap: mmap, - munmap: munmap, - }, - mremap: mremap, -} - -func Mmap(fd int, offset int64, length int, prot int, flags int) (data []byte, err error) { - return mapper.Mmap(fd, offset, length, prot, flags) -} - -func Munmap(b []byte) (err error) { - return mapper.Munmap(b) -} - -func Mremap(oldData []byte, newLength int, flags int) (data []byte, err error) { - return mapper.Mremap(oldData, newLength, flags) -} - //sys Madvise(b []byte, advice int) (err error) //sys Mprotect(b []byte, prot int) (err error) //sys Mlock(b []byte) (err error) @@ -2155,6 +2133,12 @@ func Mremap(oldData []byte, newLength int, flags int) (data []byte, err error) { //sys Munlock(b []byte) (err error) //sys Munlockall() (err error) +const ( + mremapFixed = MREMAP_FIXED + mremapDontunmap = MREMAP_DONTUNMAP + mremapMaymove = MREMAP_MAYMOVE +) + // Vmsplice splices user pages from a slice of Iovecs into a pipe specified by fd, // using the specified flags. func Vmsplice(fd int, iovs []Iovec, flags int) (int, error) { @@ -2454,6 +2438,39 @@ func Getresgid() (rgid, egid, sgid int) { return int(r), int(e), int(s) } +// Pselect is a wrapper around the Linux pselect6 system call. +// This version does not modify the timeout argument. +func Pselect(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timespec, sigmask *Sigset_t) (n int, err error) { + // Per https://man7.org/linux/man-pages/man2/select.2.html#NOTES, + // The Linux pselect6() system call modifies its timeout argument. + // [Not modifying the argument] is the behavior required by POSIX.1-2001. + var mutableTimeout *Timespec + if timeout != nil { + mutableTimeout = new(Timespec) + *mutableTimeout = *timeout + } + + // The final argument of the pselect6() system call is not a + // sigset_t * pointer, but is instead a structure + var kernelMask *sigset_argpack + if sigmask != nil { + wordBits := 32 << (^uintptr(0) >> 63) // see math.intSize + + // A sigset stores one bit per signal, + // offset by 1 (because signal 0 does not exist). + // So the number of words needed is ⌈__C_NSIG - 1 / wordBits⌉. + sigsetWords := (_C__NSIG - 1 + wordBits - 1) / (wordBits) + + sigsetBytes := uintptr(sigsetWords * (wordBits / 8)) + kernelMask = &sigset_argpack{ + ss: sigmask, + ssLen: sigsetBytes, + } + } + + return pselect6(nfd, r, w, e, mutableTimeout, kernelMask) +} + /* * Unimplemented */ diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go b/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go index 5b21fcfd753..70601ce3692 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go @@ -40,7 +40,7 @@ func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err if timeout != nil { ts = &Timespec{Sec: timeout.Sec, Nsec: timeout.Usec * 1000} } - return Pselect(nfd, r, w, e, ts, nil) + return pselect6(nfd, r, w, e, ts, nil) } //sys sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go b/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go index a81f5742b8a..f5266689af0 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go @@ -33,7 +33,7 @@ func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err if timeout != nil { ts = &Timespec{Sec: timeout.Sec, Nsec: timeout.Usec * 1000} } - return Pselect(nfd, r, w, e, ts, nil) + return pselect6(nfd, r, w, e, ts, nil) } //sys sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go b/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go index 69d2d7c3db7..f6ab02ec150 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go @@ -28,7 +28,7 @@ func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err if timeout != nil { ts = &Timespec{Sec: timeout.Sec, Nsec: timeout.Usec * 1000} } - return Pselect(nfd, r, w, e, ts, nil) + return pselect6(nfd, r, w, e, ts, nil) } //sys sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go b/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go index 76d564095ef..93fe59d25d9 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go @@ -31,7 +31,7 @@ func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err if timeout != nil { ts = &Timespec{Sec: timeout.Sec, Nsec: timeout.Usec * 1000} } - return Pselect(nfd, r, w, e, ts, nil) + return pselect6(nfd, r, w, e, ts, nil) } //sys sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go b/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go index 35851ef70b8..5e6ceee129f 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go @@ -32,7 +32,7 @@ func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err if timeout != nil { ts = &Timespec{Sec: timeout.Sec, Nsec: timeout.Usec * 1000} } - return Pselect(nfd, r, w, e, ts, nil) + return pselect6(nfd, r, w, e, ts, nil) } //sys sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) @@ -177,3 +177,14 @@ func KexecFileLoad(kernelFd int, initrdFd int, cmdline string, flags int) error } return kexecFileLoad(kernelFd, initrdFd, cmdlineLen, cmdline, flags) } + +//sys riscvHWProbe(pairs []RISCVHWProbePairs, cpuCount uintptr, cpus *CPUSet, flags uint) (err error) + +func RISCVHWProbe(pairs []RISCVHWProbePairs, set *CPUSet, flags uint) (err error) { + var setSize uintptr + + if set != nil { + setSize = uintptr(unsafe.Sizeof(*set)) + } + return riscvHWProbe(pairs, setSize, set, flags) +} diff --git a/vendor/golang.org/x/sys/unix/syscall_netbsd.go b/vendor/golang.org/x/sys/unix/syscall_netbsd.go index 018d7d47822..ddd1ac85341 100644 --- a/vendor/golang.org/x/sys/unix/syscall_netbsd.go +++ b/vendor/golang.org/x/sys/unix/syscall_netbsd.go @@ -360,6 +360,18 @@ func Statvfs(path string, buf *Statvfs_t) (err error) { //sys writelen(fd int, buf *byte, nbuf int) (n int, err error) = SYS_WRITE //sys utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) +const ( + mremapFixed = MAP_FIXED + mremapDontunmap = 0 + mremapMaymove = 0 +) + +//sys mremapNetBSD(oldp uintptr, oldsize uintptr, newp uintptr, newsize uintptr, flags int) (xaddr uintptr, err error) = SYS_MREMAP + +func mremap(oldaddr uintptr, oldlength uintptr, newlength uintptr, flags int, newaddr uintptr) (uintptr, error) { + return mremapNetBSD(oldaddr, oldlength, newaddr, newlength, flags) +} + /* * Unimplemented */ @@ -564,7 +576,6 @@ func Statvfs(path string, buf *Statvfs_t) (err error) { // mq_timedreceive // mq_timedsend // mq_unlink -// mremap // msgget // msgrcv // msgsnd diff --git a/vendor/golang.org/x/sys/unix/syscall_solaris.go b/vendor/golang.org/x/sys/unix/syscall_solaris.go index b600a289d33..72d23575fa4 100644 --- a/vendor/golang.org/x/sys/unix/syscall_solaris.go +++ b/vendor/golang.org/x/sys/unix/syscall_solaris.go @@ -716,20 +716,6 @@ func writelen(fd int, buf *byte, nbuf int) (n int, err error) { return } -var mapper = &mmapper{ - active: make(map[*byte][]byte), - mmap: mmap, - munmap: munmap, -} - -func Mmap(fd int, offset int64, length int, prot int, flags int) (data []byte, err error) { - return mapper.Mmap(fd, offset, length, prot, flags) -} - -func Munmap(b []byte) (err error) { - return mapper.Munmap(b) -} - // Event Ports type fileObjCookie struct { diff --git a/vendor/golang.org/x/sys/unix/syscall_unix.go b/vendor/golang.org/x/sys/unix/syscall_unix.go index 8e48c29ec33..8bb30e7ce3f 100644 --- a/vendor/golang.org/x/sys/unix/syscall_unix.go +++ b/vendor/golang.org/x/sys/unix/syscall_unix.go @@ -147,6 +147,14 @@ func (m *mmapper) Munmap(data []byte) (err error) { return nil } +func Mmap(fd int, offset int64, length int, prot int, flags int) (data []byte, err error) { + return mapper.Mmap(fd, offset, length, prot, flags) +} + +func Munmap(b []byte) (err error) { + return mapper.Munmap(b) +} + func Read(fd int, p []byte) (n int, err error) { n, err = read(fd, p) if raceenabled { diff --git a/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go b/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go index d3d49ec3ed7..44e72edb42d 100644 --- a/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go +++ b/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go @@ -285,25 +285,11 @@ func Close(fd int) (err error) { return } -var mapper = &mmapper{ - active: make(map[*byte][]byte), - mmap: mmap, - munmap: munmap, -} - // Dummy function: there are no semantics for Madvise on z/OS func Madvise(b []byte, advice int) (err error) { return } -func Mmap(fd int, offset int64, length int, prot int, flags int) (data []byte, err error) { - return mapper.Mmap(fd, offset, length, prot, flags) -} - -func Munmap(b []byte) (err error) { - return mapper.Munmap(b) -} - //sys Gethostname(buf []byte) (err error) = SYS___GETHOSTNAME_A //sysnb Getegid() (egid int) //sysnb Geteuid() (uid int) diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go index a46df0f1e57..cfb14300186 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go @@ -27,22 +27,31 @@ const ( B57600 = 0x1001 B576000 = 0x1006 B921600 = 0x1007 + BLKALIGNOFF = 0x127a BLKBSZGET = 0x80041270 BLKBSZSET = 0x40041271 + BLKDISCARD = 0x1277 + BLKDISCARDZEROES = 0x127c BLKFLSBUF = 0x1261 BLKFRAGET = 0x1265 BLKFRASET = 0x1264 + BLKGETDISKSEQ = 0x80081280 BLKGETSIZE = 0x1260 BLKGETSIZE64 = 0x80041272 + BLKIOMIN = 0x1278 + BLKIOOPT = 0x1279 BLKPBSZGET = 0x127b BLKRAGET = 0x1263 BLKRASET = 0x1262 BLKROGET = 0x125e BLKROSET = 0x125d + BLKROTATIONAL = 0x127e BLKRRPART = 0x125f + BLKSECDISCARD = 0x127d BLKSECTGET = 0x1267 BLKSECTSET = 0x1266 BLKSSZGET = 0x1268 + BLKZEROOUT = 0x127f BOTHER = 0x1000 BS1 = 0x2000 BSDLY = 0x2000 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go index 6cd4a3ea9d3..df64f2d590a 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go @@ -27,22 +27,31 @@ const ( B57600 = 0x1001 B576000 = 0x1006 B921600 = 0x1007 + BLKALIGNOFF = 0x127a BLKBSZGET = 0x80081270 BLKBSZSET = 0x40081271 + BLKDISCARD = 0x1277 + BLKDISCARDZEROES = 0x127c BLKFLSBUF = 0x1261 BLKFRAGET = 0x1265 BLKFRASET = 0x1264 + BLKGETDISKSEQ = 0x80081280 BLKGETSIZE = 0x1260 BLKGETSIZE64 = 0x80081272 + BLKIOMIN = 0x1278 + BLKIOOPT = 0x1279 BLKPBSZGET = 0x127b BLKRAGET = 0x1263 BLKRASET = 0x1262 BLKROGET = 0x125e BLKROSET = 0x125d + BLKROTATIONAL = 0x127e BLKRRPART = 0x125f + BLKSECDISCARD = 0x127d BLKSECTGET = 0x1267 BLKSECTSET = 0x1266 BLKSSZGET = 0x1268 + BLKZEROOUT = 0x127f BOTHER = 0x1000 BS1 = 0x2000 BSDLY = 0x2000 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go index c7ebee24df3..3025cd5b2d9 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go @@ -27,22 +27,31 @@ const ( B57600 = 0x1001 B576000 = 0x1006 B921600 = 0x1007 + BLKALIGNOFF = 0x127a BLKBSZGET = 0x80041270 BLKBSZSET = 0x40041271 + BLKDISCARD = 0x1277 + BLKDISCARDZEROES = 0x127c BLKFLSBUF = 0x1261 BLKFRAGET = 0x1265 BLKFRASET = 0x1264 + BLKGETDISKSEQ = 0x80081280 BLKGETSIZE = 0x1260 BLKGETSIZE64 = 0x80041272 + BLKIOMIN = 0x1278 + BLKIOOPT = 0x1279 BLKPBSZGET = 0x127b BLKRAGET = 0x1263 BLKRASET = 0x1262 BLKROGET = 0x125e BLKROSET = 0x125d + BLKROTATIONAL = 0x127e BLKRRPART = 0x125f + BLKSECDISCARD = 0x127d BLKSECTGET = 0x1267 BLKSECTSET = 0x1266 BLKSSZGET = 0x1268 + BLKZEROOUT = 0x127f BOTHER = 0x1000 BS1 = 0x2000 BSDLY = 0x2000 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go index 12a9a1389ea..09e1ffbef90 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go @@ -27,22 +27,31 @@ const ( B57600 = 0x1001 B576000 = 0x1006 B921600 = 0x1007 + BLKALIGNOFF = 0x127a BLKBSZGET = 0x80081270 BLKBSZSET = 0x40081271 + BLKDISCARD = 0x1277 + BLKDISCARDZEROES = 0x127c BLKFLSBUF = 0x1261 BLKFRAGET = 0x1265 BLKFRASET = 0x1264 + BLKGETDISKSEQ = 0x80081280 BLKGETSIZE = 0x1260 BLKGETSIZE64 = 0x80081272 + BLKIOMIN = 0x1278 + BLKIOOPT = 0x1279 BLKPBSZGET = 0x127b BLKRAGET = 0x1263 BLKRASET = 0x1262 BLKROGET = 0x125e BLKROSET = 0x125d + BLKROTATIONAL = 0x127e BLKRRPART = 0x125f + BLKSECDISCARD = 0x127d BLKSECTGET = 0x1267 BLKSECTSET = 0x1266 BLKSSZGET = 0x1268 + BLKZEROOUT = 0x127f BOTHER = 0x1000 BS1 = 0x2000 BSDLY = 0x2000 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go index f26a164f4aa..a4572354079 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go @@ -27,22 +27,31 @@ const ( B57600 = 0x1001 B576000 = 0x1006 B921600 = 0x1007 + BLKALIGNOFF = 0x127a BLKBSZGET = 0x80081270 BLKBSZSET = 0x40081271 + BLKDISCARD = 0x1277 + BLKDISCARDZEROES = 0x127c BLKFLSBUF = 0x1261 BLKFRAGET = 0x1265 BLKFRASET = 0x1264 + BLKGETDISKSEQ = 0x80081280 BLKGETSIZE = 0x1260 BLKGETSIZE64 = 0x80081272 + BLKIOMIN = 0x1278 + BLKIOOPT = 0x1279 BLKPBSZGET = 0x127b BLKRAGET = 0x1263 BLKRASET = 0x1262 BLKROGET = 0x125e BLKROSET = 0x125d + BLKROTATIONAL = 0x127e BLKRRPART = 0x125f + BLKSECDISCARD = 0x127d BLKSECTGET = 0x1267 BLKSECTSET = 0x1266 BLKSSZGET = 0x1268 + BLKZEROOUT = 0x127f BOTHER = 0x1000 BS1 = 0x2000 BSDLY = 0x2000 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go index 890bc3c9b70..fee7dfb819d 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go @@ -27,22 +27,31 @@ const ( B57600 = 0x1001 B576000 = 0x1006 B921600 = 0x1007 + BLKALIGNOFF = 0x2000127a BLKBSZGET = 0x40041270 BLKBSZSET = 0x80041271 + BLKDISCARD = 0x20001277 + BLKDISCARDZEROES = 0x2000127c BLKFLSBUF = 0x20001261 BLKFRAGET = 0x20001265 BLKFRASET = 0x20001264 + BLKGETDISKSEQ = 0x40081280 BLKGETSIZE = 0x20001260 BLKGETSIZE64 = 0x40041272 + BLKIOMIN = 0x20001278 + BLKIOOPT = 0x20001279 BLKPBSZGET = 0x2000127b BLKRAGET = 0x20001263 BLKRASET = 0x20001262 BLKROGET = 0x2000125e BLKROSET = 0x2000125d + BLKROTATIONAL = 0x2000127e BLKRRPART = 0x2000125f + BLKSECDISCARD = 0x2000127d BLKSECTGET = 0x20001267 BLKSECTSET = 0x20001266 BLKSSZGET = 0x20001268 + BLKZEROOUT = 0x2000127f BOTHER = 0x1000 BS1 = 0x2000 BSDLY = 0x2000 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go index 549f26ac646..a5b2373aea0 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go @@ -27,22 +27,31 @@ const ( B57600 = 0x1001 B576000 = 0x1006 B921600 = 0x1007 + BLKALIGNOFF = 0x2000127a BLKBSZGET = 0x40081270 BLKBSZSET = 0x80081271 + BLKDISCARD = 0x20001277 + BLKDISCARDZEROES = 0x2000127c BLKFLSBUF = 0x20001261 BLKFRAGET = 0x20001265 BLKFRASET = 0x20001264 + BLKGETDISKSEQ = 0x40081280 BLKGETSIZE = 0x20001260 BLKGETSIZE64 = 0x40081272 + BLKIOMIN = 0x20001278 + BLKIOOPT = 0x20001279 BLKPBSZGET = 0x2000127b BLKRAGET = 0x20001263 BLKRASET = 0x20001262 BLKROGET = 0x2000125e BLKROSET = 0x2000125d + BLKROTATIONAL = 0x2000127e BLKRRPART = 0x2000125f + BLKSECDISCARD = 0x2000127d BLKSECTGET = 0x20001267 BLKSECTSET = 0x20001266 BLKSSZGET = 0x20001268 + BLKZEROOUT = 0x2000127f BOTHER = 0x1000 BS1 = 0x2000 BSDLY = 0x2000 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go index e0365e32c17..5dde82c98ab 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go @@ -27,22 +27,31 @@ const ( B57600 = 0x1001 B576000 = 0x1006 B921600 = 0x1007 + BLKALIGNOFF = 0x2000127a BLKBSZGET = 0x40081270 BLKBSZSET = 0x80081271 + BLKDISCARD = 0x20001277 + BLKDISCARDZEROES = 0x2000127c BLKFLSBUF = 0x20001261 BLKFRAGET = 0x20001265 BLKFRASET = 0x20001264 + BLKGETDISKSEQ = 0x40081280 BLKGETSIZE = 0x20001260 BLKGETSIZE64 = 0x40081272 + BLKIOMIN = 0x20001278 + BLKIOOPT = 0x20001279 BLKPBSZGET = 0x2000127b BLKRAGET = 0x20001263 BLKRASET = 0x20001262 BLKROGET = 0x2000125e BLKROSET = 0x2000125d + BLKROTATIONAL = 0x2000127e BLKRRPART = 0x2000125f + BLKSECDISCARD = 0x2000127d BLKSECTGET = 0x20001267 BLKSECTSET = 0x20001266 BLKSSZGET = 0x20001268 + BLKZEROOUT = 0x2000127f BOTHER = 0x1000 BS1 = 0x2000 BSDLY = 0x2000 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go index fdccce15ca2..2e80ea6b33f 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go @@ -27,22 +27,31 @@ const ( B57600 = 0x1001 B576000 = 0x1006 B921600 = 0x1007 + BLKALIGNOFF = 0x2000127a BLKBSZGET = 0x40041270 BLKBSZSET = 0x80041271 + BLKDISCARD = 0x20001277 + BLKDISCARDZEROES = 0x2000127c BLKFLSBUF = 0x20001261 BLKFRAGET = 0x20001265 BLKFRASET = 0x20001264 + BLKGETDISKSEQ = 0x40081280 BLKGETSIZE = 0x20001260 BLKGETSIZE64 = 0x40041272 + BLKIOMIN = 0x20001278 + BLKIOOPT = 0x20001279 BLKPBSZGET = 0x2000127b BLKRAGET = 0x20001263 BLKRASET = 0x20001262 BLKROGET = 0x2000125e BLKROSET = 0x2000125d + BLKROTATIONAL = 0x2000127e BLKRRPART = 0x2000125f + BLKSECDISCARD = 0x2000127d BLKSECTGET = 0x20001267 BLKSECTSET = 0x20001266 BLKSSZGET = 0x20001268 + BLKZEROOUT = 0x2000127f BOTHER = 0x1000 BS1 = 0x2000 BSDLY = 0x2000 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go index b2205c83faa..a65dcd7cbe3 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go @@ -27,22 +27,31 @@ const ( B57600 = 0x10 B576000 = 0x15 B921600 = 0x16 + BLKALIGNOFF = 0x2000127a BLKBSZGET = 0x40041270 BLKBSZSET = 0x80041271 + BLKDISCARD = 0x20001277 + BLKDISCARDZEROES = 0x2000127c BLKFLSBUF = 0x20001261 BLKFRAGET = 0x20001265 BLKFRASET = 0x20001264 + BLKGETDISKSEQ = 0x40081280 BLKGETSIZE = 0x20001260 BLKGETSIZE64 = 0x40041272 + BLKIOMIN = 0x20001278 + BLKIOOPT = 0x20001279 BLKPBSZGET = 0x2000127b BLKRAGET = 0x20001263 BLKRASET = 0x20001262 BLKROGET = 0x2000125e BLKROSET = 0x2000125d + BLKROTATIONAL = 0x2000127e BLKRRPART = 0x2000125f + BLKSECDISCARD = 0x2000127d BLKSECTGET = 0x20001267 BLKSECTSET = 0x20001266 BLKSSZGET = 0x20001268 + BLKZEROOUT = 0x2000127f BOTHER = 0x1f BS1 = 0x8000 BSDLY = 0x8000 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go index 81aa5ad0f69..cbd34e3d89a 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go @@ -27,22 +27,31 @@ const ( B57600 = 0x10 B576000 = 0x15 B921600 = 0x16 + BLKALIGNOFF = 0x2000127a BLKBSZGET = 0x40081270 BLKBSZSET = 0x80081271 + BLKDISCARD = 0x20001277 + BLKDISCARDZEROES = 0x2000127c BLKFLSBUF = 0x20001261 BLKFRAGET = 0x20001265 BLKFRASET = 0x20001264 + BLKGETDISKSEQ = 0x40081280 BLKGETSIZE = 0x20001260 BLKGETSIZE64 = 0x40081272 + BLKIOMIN = 0x20001278 + BLKIOOPT = 0x20001279 BLKPBSZGET = 0x2000127b BLKRAGET = 0x20001263 BLKRASET = 0x20001262 BLKROGET = 0x2000125e BLKROSET = 0x2000125d + BLKROTATIONAL = 0x2000127e BLKRRPART = 0x2000125f + BLKSECDISCARD = 0x2000127d BLKSECTGET = 0x20001267 BLKSECTSET = 0x20001266 BLKSSZGET = 0x20001268 + BLKZEROOUT = 0x2000127f BOTHER = 0x1f BS1 = 0x8000 BSDLY = 0x8000 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go index 76807a1fd4f..e4afa7a3178 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go @@ -27,22 +27,31 @@ const ( B57600 = 0x10 B576000 = 0x15 B921600 = 0x16 + BLKALIGNOFF = 0x2000127a BLKBSZGET = 0x40081270 BLKBSZSET = 0x80081271 + BLKDISCARD = 0x20001277 + BLKDISCARDZEROES = 0x2000127c BLKFLSBUF = 0x20001261 BLKFRAGET = 0x20001265 BLKFRASET = 0x20001264 + BLKGETDISKSEQ = 0x40081280 BLKGETSIZE = 0x20001260 BLKGETSIZE64 = 0x40081272 + BLKIOMIN = 0x20001278 + BLKIOOPT = 0x20001279 BLKPBSZGET = 0x2000127b BLKRAGET = 0x20001263 BLKRASET = 0x20001262 BLKROGET = 0x2000125e BLKROSET = 0x2000125d + BLKROTATIONAL = 0x2000127e BLKRRPART = 0x2000125f + BLKSECDISCARD = 0x2000127d BLKSECTGET = 0x20001267 BLKSECTSET = 0x20001266 BLKSSZGET = 0x20001268 + BLKZEROOUT = 0x2000127f BOTHER = 0x1f BS1 = 0x8000 BSDLY = 0x8000 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go index d4a5ab9e4e0..44f45a039d9 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go @@ -27,22 +27,31 @@ const ( B57600 = 0x1001 B576000 = 0x1006 B921600 = 0x1007 + BLKALIGNOFF = 0x127a BLKBSZGET = 0x80081270 BLKBSZSET = 0x40081271 + BLKDISCARD = 0x1277 + BLKDISCARDZEROES = 0x127c BLKFLSBUF = 0x1261 BLKFRAGET = 0x1265 BLKFRASET = 0x1264 + BLKGETDISKSEQ = 0x80081280 BLKGETSIZE = 0x1260 BLKGETSIZE64 = 0x80081272 + BLKIOMIN = 0x1278 + BLKIOOPT = 0x1279 BLKPBSZGET = 0x127b BLKRAGET = 0x1263 BLKRASET = 0x1262 BLKROGET = 0x125e BLKROSET = 0x125d + BLKROTATIONAL = 0x127e BLKRRPART = 0x125f + BLKSECDISCARD = 0x127d BLKSECTGET = 0x1267 BLKSECTSET = 0x1266 BLKSSZGET = 0x1268 + BLKZEROOUT = 0x127f BOTHER = 0x1000 BS1 = 0x2000 BSDLY = 0x2000 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go index 66e65db9519..74733e260f7 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go @@ -27,22 +27,31 @@ const ( B57600 = 0x1001 B576000 = 0x1006 B921600 = 0x1007 + BLKALIGNOFF = 0x127a BLKBSZGET = 0x80081270 BLKBSZSET = 0x40081271 + BLKDISCARD = 0x1277 + BLKDISCARDZEROES = 0x127c BLKFLSBUF = 0x1261 BLKFRAGET = 0x1265 BLKFRASET = 0x1264 + BLKGETDISKSEQ = 0x80081280 BLKGETSIZE = 0x1260 BLKGETSIZE64 = 0x80081272 + BLKIOMIN = 0x1278 + BLKIOOPT = 0x1279 BLKPBSZGET = 0x127b BLKRAGET = 0x1263 BLKRASET = 0x1262 BLKROGET = 0x125e BLKROSET = 0x125d + BLKROTATIONAL = 0x127e BLKRRPART = 0x125f + BLKSECDISCARD = 0x127d BLKSECTGET = 0x1267 BLKSECTSET = 0x1266 BLKSSZGET = 0x1268 + BLKZEROOUT = 0x127f BOTHER = 0x1000 BS1 = 0x2000 BSDLY = 0x2000 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go index 48984202c65..f5f3934b1a9 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go @@ -30,22 +30,31 @@ const ( B57600 = 0x1001 B576000 = 0x1006 B921600 = 0x1007 + BLKALIGNOFF = 0x2000127a BLKBSZGET = 0x40081270 BLKBSZSET = 0x80081271 + BLKDISCARD = 0x20001277 + BLKDISCARDZEROES = 0x2000127c BLKFLSBUF = 0x20001261 BLKFRAGET = 0x20001265 BLKFRASET = 0x20001264 + BLKGETDISKSEQ = 0x40081280 BLKGETSIZE = 0x20001260 BLKGETSIZE64 = 0x40081272 + BLKIOMIN = 0x20001278 + BLKIOOPT = 0x20001279 BLKPBSZGET = 0x2000127b BLKRAGET = 0x20001263 BLKRASET = 0x20001262 BLKROGET = 0x2000125e BLKROSET = 0x2000125d + BLKROTATIONAL = 0x2000127e BLKRRPART = 0x2000125f + BLKSECDISCARD = 0x2000127d BLKSECTGET = 0x20001267 BLKSECTSET = 0x20001266 BLKSSZGET = 0x20001268 + BLKZEROOUT = 0x2000127f BOTHER = 0x1000 BS1 = 0x2000 BSDLY = 0x2000 diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux.go b/vendor/golang.org/x/sys/unix/zsyscall_linux.go index 7ceec233fbb..a07321bed9b 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux.go @@ -1356,7 +1356,7 @@ func Prctl(option int, arg2 uintptr, arg3 uintptr, arg4 uintptr, arg5 uintptr) ( // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Pselect(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timespec, sigmask *Sigset_t) (n int, err error) { +func pselect6(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timespec, sigmask *sigset_argpack) (n int, err error) { r0, _, e1 := Syscall6(SYS_PSELECT6, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask))) n = int(r0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go index 0b29239583b..0ab4f2ed720 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go @@ -531,3 +531,19 @@ func kexecFileLoad(kernelFd int, initrdFd int, cmdlineLen int, cmdline string, f } return } + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func riscvHWProbe(pairs []RISCVHWProbePairs, cpuCount uintptr, cpus *CPUSet, flags uint) (err error) { + var _p0 unsafe.Pointer + if len(pairs) > 0 { + _p0 = unsafe.Pointer(&pairs[0]) + } else { + _p0 = unsafe.Pointer(&_zero) + } + _, _, e1 := Syscall6(SYS_RISCV_HWPROBE, uintptr(_p0), uintptr(len(pairs)), uintptr(cpuCount), uintptr(unsafe.Pointer(cpus)), uintptr(flags), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go index cdb2af5ae0f..35f499b32a3 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go @@ -1858,3 +1858,14 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error } return } + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func mremapNetBSD(oldp uintptr, oldsize uintptr, newp uintptr, newsize uintptr, flags int) (xaddr uintptr, err error) { + r0, _, e1 := Syscall6(SYS_MREMAP, uintptr(oldp), uintptr(oldsize), uintptr(newp), uintptr(newsize), uintptr(flags), 0) + xaddr = uintptr(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go index 9d25f76b0bf..3cda65b0da3 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go @@ -1858,3 +1858,14 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error } return } + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func mremapNetBSD(oldp uintptr, oldsize uintptr, newp uintptr, newsize uintptr, flags int) (xaddr uintptr, err error) { + r0, _, e1 := Syscall6(SYS_MREMAP, uintptr(oldp), uintptr(oldsize), uintptr(newp), uintptr(newsize), uintptr(flags), 0) + xaddr = uintptr(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go index d3f8035169f..1e1fea902be 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go @@ -1858,3 +1858,14 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error } return } + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func mremapNetBSD(oldp uintptr, oldsize uintptr, newp uintptr, newsize uintptr, flags int) (xaddr uintptr, err error) { + r0, _, e1 := Syscall6(SYS_MREMAP, uintptr(oldp), uintptr(oldsize), uintptr(newp), uintptr(newsize), uintptr(flags), 0) + xaddr = uintptr(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go index 887188a529e..3b77da11079 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go @@ -1858,3 +1858,14 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error } return } + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func mremapNetBSD(oldp uintptr, oldsize uintptr, newp uintptr, newsize uintptr, flags int) (xaddr uintptr, err error) { + r0, _, e1 := Syscall6(SYS_MREMAP, uintptr(oldp), uintptr(oldsize), uintptr(newp), uintptr(newsize), uintptr(flags), 0) + xaddr = uintptr(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go index 3e594a8c091..ef285c567b6 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go @@ -251,6 +251,8 @@ const ( SYS_ACCEPT4 = 242 SYS_RECVMMSG = 243 SYS_ARCH_SPECIFIC_SYSCALL = 244 + SYS_RISCV_HWPROBE = 258 + SYS_RISCV_FLUSH_ICACHE = 259 SYS_WAIT4 = 260 SYS_PRLIMIT64 = 261 SYS_FANOTIFY_INIT = 262 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux.go b/vendor/golang.org/x/sys/unix/ztypes_linux.go index 02e2462c8f9..26ef52aafc2 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux.go @@ -866,6 +866,11 @@ const ( POLLNVAL = 0x20 ) +type sigset_argpack struct { + ss *Sigset_t + ssLen uintptr +} + type SignalfdSiginfo struct { Signo uint32 Errno int32 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go index 9ea54b7b860..83c69c119fa 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go @@ -718,3 +718,26 @@ type SysvShmDesc struct { _ uint64 _ uint64 } + +type RISCVHWProbePairs struct { + Key int64 + Value uint64 +} + +const ( + RISCV_HWPROBE_KEY_MVENDORID = 0x0 + RISCV_HWPROBE_KEY_MARCHID = 0x1 + RISCV_HWPROBE_KEY_MIMPID = 0x2 + RISCV_HWPROBE_KEY_BASE_BEHAVIOR = 0x3 + RISCV_HWPROBE_BASE_BEHAVIOR_IMA = 0x1 + RISCV_HWPROBE_KEY_IMA_EXT_0 = 0x4 + RISCV_HWPROBE_IMA_FD = 0x1 + RISCV_HWPROBE_IMA_C = 0x2 + RISCV_HWPROBE_KEY_CPUPERF_0 = 0x5 + RISCV_HWPROBE_MISALIGNED_UNKNOWN = 0x0 + RISCV_HWPROBE_MISALIGNED_EMULATED = 0x1 + RISCV_HWPROBE_MISALIGNED_SLOW = 0x2 + RISCV_HWPROBE_MISALIGNED_FAST = 0x3 + RISCV_HWPROBE_MISALIGNED_UNSUPPORTED = 0x4 + RISCV_HWPROBE_MISALIGNED_MASK = 0x7 +) diff --git a/vendor/golang.org/x/sys/windows/syscall_windows.go b/vendor/golang.org/x/sys/windows/syscall_windows.go index 9645900754f..373d16388a1 100644 --- a/vendor/golang.org/x/sys/windows/syscall_windows.go +++ b/vendor/golang.org/x/sys/windows/syscall_windows.go @@ -135,14 +135,14 @@ func Getpagesize() int { return 4096 } // NewCallback converts a Go function to a function pointer conforming to the stdcall calling convention. // This is useful when interoperating with Windows code requiring callbacks. -// The argument is expected to be a function with with one uintptr-sized result. The function must not have arguments with size larger than the size of uintptr. +// The argument is expected to be a function with one uintptr-sized result. The function must not have arguments with size larger than the size of uintptr. func NewCallback(fn interface{}) uintptr { return syscall.NewCallback(fn) } // NewCallbackCDecl converts a Go function to a function pointer conforming to the cdecl calling convention. // This is useful when interoperating with Windows code requiring callbacks. -// The argument is expected to be a function with with one uintptr-sized result. The function must not have arguments with size larger than the size of uintptr. +// The argument is expected to be a function with one uintptr-sized result. The function must not have arguments with size larger than the size of uintptr. func NewCallbackCDecl(fn interface{}) uintptr { return syscall.NewCallbackCDecl(fn) } diff --git a/vendor/modules.txt b/vendor/modules.txt index 67468530e90..40f644d8efc 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -75,10 +75,10 @@ github.com/vishvananda/netns golang.org/x/exp/constraints golang.org/x/exp/maps golang.org/x/exp/slices -# golang.org/x/net v0.13.0 +# golang.org/x/net v0.14.0 ## explicit; go 1.17 golang.org/x/net/bpf -# golang.org/x/sys v0.10.0 +# golang.org/x/sys v0.11.0 ## explicit; go 1.17 golang.org/x/sys/execabs golang.org/x/sys/internal/unsafeheader From 19d26a65963406fc8b47e6f64c1e1f988314ce8c Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Mon, 7 Aug 2023 16:43:25 +0200 Subject: [PATCH 0341/1176] Revert "libct/validator: Error out on non-abs paths" This reverts commit 881e92a3fd5eeef80bac57efbb1c822deed4f895 and adjust the code so the idmap validations are strict. We now only throw a warning and the container is started just fine. Signed-off-by: Rodrigo Campos --- libcontainer/configs/validate/validator.go | 24 +++++++++++++------ .../configs/validate/validator_test.go | 15 ++++++------ 2 files changed, 24 insertions(+), 15 deletions(-) diff --git a/libcontainer/configs/validate/validator.go b/libcontainer/configs/validate/validator.go index 196b431dba1..cb4b32de338 100644 --- a/libcontainer/configs/validate/validator.go +++ b/libcontainer/configs/validate/validator.go @@ -12,6 +12,7 @@ import ( "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/intelrdt" selinux "github.com/opencontainers/selinux/go-selinux" + "github.com/sirupsen/logrus" "golang.org/x/sys/unix" ) @@ -28,13 +29,22 @@ func Validate(config *configs.Config) error { sysctl, intelrdtCheck, rootlessEUIDCheck, - mounts, + mountsStrict, } for _, c := range checks { if err := c(config); err != nil { return err } } + // Relaxed validation rules for backward compatibility + warns := []check{ + mounts, // TODO (runc v1.x.x): make this an error instead of a warning + } + for _, c := range warns { + if err := c(config); err != nil { + logrus.WithError(err).Warn("invalid configuration") + } + } return nil } @@ -282,19 +292,19 @@ func checkIDMapMounts(config *configs.Config, m *configs.Mount) error { func mounts(config *configs.Config) error { for _, m := range config.Mounts { - // We upgraded this to an error in runc 1.2. We might need to - // revert this change if some users haven't still moved to use - // abs paths, in that please move this check inside - // checkIDMapMounts() as we do want to ensure that for idmap - // mounts anyways. if !filepath.IsAbs(m.Destination) { return fmt.Errorf("invalid mount %+v: mount destination not absolute", m) } + } + return nil +} + +func mountsStrict(config *configs.Config) error { + for _, m := range config.Mounts { if err := checkIDMapMounts(config, m); err != nil { return fmt.Errorf("invalid mount %+v: %w", m, err) } } - return nil } diff --git a/libcontainer/configs/validate/validator_test.go b/libcontainer/configs/validate/validator_test.go index 58aae7a68f8..b6b2d372313 100644 --- a/libcontainer/configs/validate/validator_test.go +++ b/libcontainer/configs/validate/validator_test.go @@ -360,10 +360,11 @@ func TestValidateMounts(t *testing.T) { isErr bool dest string }{ - {isErr: true, dest: "not/an/abs/path"}, - {isErr: true, dest: "./rel/path"}, - {isErr: true, dest: "./rel/path"}, - {isErr: true, dest: "../../path"}, + // TODO (runc v1.x.x): make these relative paths an error. See https://github.com/opencontainers/runc/pull/3004 + {isErr: false, dest: "not/an/abs/path"}, + {isErr: false, dest: "./rel/path"}, + {isErr: false, dest: "./rel/path"}, + {isErr: false, dest: "../../path"}, {isErr: false, dest: "/abs/path"}, {isErr: false, dest: "/abs/but/../unclean"}, @@ -514,8 +515,7 @@ func TestValidateIDMapMounts(t *testing.T) { }, }, { - name: "idmap mounts without abs dest path", - isErr: true, + name: "idmap mounts without abs dest path", config: &configs.Config{ UIDMappings: mapping, GIDMappings: mapping, @@ -530,7 +530,6 @@ func TestValidateIDMapMounts(t *testing.T) { }, }, }, - { name: "simple idmap mount", config: &configs.Config{ @@ -571,7 +570,7 @@ func TestValidateIDMapMounts(t *testing.T) { config := tc.config config.Rootfs = "/var" - err := mounts(config) + err := mountsStrict(config) if tc.isErr && err == nil { t.Error("expected error, got nil") } From ec2ffae5f19bd961e9ed0c17239ffe259e35aa11 Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Tue, 8 Aug 2023 12:21:43 +0200 Subject: [PATCH 0342/1176] libct: Allow rel paths for idmap mounts The idea was to make them strict on dest path from the beginning for idmap mounts, as runc would do that for all mounts in the future. But that is causing too many problems. For now, let's just allow relative paths for idmap mounts too. It just seems safer. Signed-off-by: Rodrigo Campos --- libcontainer/rootfs_linux.go | 2 +- tests/integration/idmap.bats | 8 ++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index ac3ba183e12..54a2ff57a85 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -485,7 +485,7 @@ func mountToRootfs(c *mountConfig, m mountEntry) error { if m.srcFD == nil { return fmt.Errorf("error creating mount %+v: idmapFD is invalid, should point to a valid fd", m) } - if err := unix.MoveMount(*m.srcFD, "", -1, dest, unix.MOVE_MOUNT_F_EMPTY_PATH); err != nil { + if err := unix.MoveMount(*m.srcFD, "", unix.AT_FDCWD, dest, unix.MOVE_MOUNT_F_EMPTY_PATH); err != nil { return fmt.Errorf("error on unix.MoveMount %+v: %w", m, err) } diff --git a/tests/integration/idmap.bats b/tests/integration/idmap.bats index 375191bf705..5bd554ca322 100644 --- a/tests/integration/idmap.bats +++ b/tests/integration/idmap.bats @@ -72,6 +72,14 @@ function teardown() { [[ "$output" == *"shared"* ]] } +@test "idmap mount with relative path" { + update_config ' .mounts |= map((select(.source == "source-1/") | .destination = "tmp/mount-1") // .)' + + runc run test_debian + [ "$status" -eq 0 ] + [[ "$output" == *"=0=0="* ]] +} + @test "idmap mount with bind mount" { update_config ' .mounts += [ { From 5741ea230a460c559f9f2c288b171a21ad90e9fd Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 29 Jun 2023 11:39:41 -0700 Subject: [PATCH 0343/1176] ci: add go 1.21, remove go 1.19 Go 1.21 is out, and go 1.19 is no longer supported. This also fixes cirrus-ci failure. Signed-off-by: Kir Kolyshkin --- .cirrus.yml | 2 +- .github/workflows/test.yml | 4 ++-- go.mod | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.cirrus.yml b/.cirrus.yml index e09df466d89..cfd238f154e 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -77,7 +77,7 @@ task: env: HOME: /root CIRRUS_WORKING_DIR: /home/runc - GO_VERSION: "1.19" + GO_VERSION: "1.20" BATS_VERSION: "v1.9.0" RPMS: gcc git iptables jq glibc-static libseccomp-devel make criu fuse-sshfs # yamllint disable rule:key-duplicates diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 56bae35f36f..23b559304e8 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -23,7 +23,7 @@ jobs: fail-fast: false matrix: os: [ubuntu-20.04, ubuntu-22.04] - go-version: [1.19.x, 1.20.x] + go-version: [1.20.x, 1.21.x] rootless: ["rootless", ""] race: ["-race", ""] criu: ["", "criu-dev"] @@ -31,7 +31,7 @@ jobs: - criu: criu-dev rootless: rootless - criu: criu-dev - go-version: 1.19.x + go-version: 1.20.x - criu: criu-dev race: -race runs-on: ${{ matrix.os }} diff --git a/go.mod b/go.mod index ac4d2d9b28f..ddde397f4bf 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/opencontainers/runc -go 1.19 +go 1.20 require ( github.com/checkpoint-restore/go-criu/v6 v6.3.0 From 46d6089fb560ab777447d499b1b8eb03e176cebf Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 8 Aug 2023 10:58:25 -0700 Subject: [PATCH 0344/1176] ci/gha: re-enable go caching Since https://github.com/actions/setup-go/issues/368 is now fixed (in https://github.com/actions/setup-go/releases/tag/v4.1.0), there is no need to disable caching when using different distros. Signed-off-by: Kir Kolyshkin --- .github/workflows/test.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 23b559304e8..7ed6ab1c423 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -67,7 +67,6 @@ jobs: - name: install go ${{ matrix.go-version }} uses: actions/setup-go@v4 with: - cache: false # https://github.com/actions/setup-go/issues/368 go-version: ${{ matrix.go-version }} - name: build From 9acfd7b1a30afeec48f1223870435b9f0d6a40c8 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Thu, 10 Aug 2023 18:32:24 +1000 Subject: [PATCH 0345/1176] timens: minor cleanups Fix up a few things that were flagged in the review of the original timens PR, namely around error handling and validation. Signed-off-by: Aleksa Sarai --- libcontainer/configs/validate/validator.go | 4 ++++ libcontainer/container_linux.go | 2 +- libcontainer/nsenter/nsexec.c | 14 ++++---------- libcontainer/specconv/spec_linux.go | 4 +--- 4 files changed, 10 insertions(+), 14 deletions(-) diff --git a/libcontainer/configs/validate/validator.go b/libcontainer/configs/validate/validator.go index 7e8e6c6f594..81eebba797f 100644 --- a/libcontainer/configs/validate/validator.go +++ b/libcontainer/configs/validate/validator.go @@ -120,6 +120,10 @@ func namespaces(config *configs.Config) error { if _, err := os.Stat("/proc/self/timens_offsets"); os.IsNotExist(err) { return errors.New("time namespaces aren't enabled in the kernel") } + } else { + if config.TimeOffsets != nil { + return errors.New("time namespace offsets specified, but time namespace isn't enabled in the config") + } } return nil diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index daec0ec4b71..1a2a6fe37ac 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -1192,7 +1192,7 @@ func (c *Container) bootstrapData(cloneFlags uintptr, nsMaps map[configs.Namespa } // write boottime and monotonic time ns offsets. - if c.config.Namespaces.Contains(configs.NEWTIME) && c.config.TimeOffsets != nil { + if c.config.TimeOffsets != nil { var offsetSpec bytes.Buffer for clock, offset := range c.config.TimeOffsets { fmt.Fprintf(&offsetSpec, "%s %d %d\n", clock, offset.Secs, offset.Nanosecs) diff --git a/libcontainer/nsenter/nsexec.c b/libcontainer/nsenter/nsexec.c index 8d4148cc645..07d9e0df130 100644 --- a/libcontainer/nsenter/nsexec.c +++ b/libcontainer/nsenter/nsexec.c @@ -758,15 +758,13 @@ void receive_idmapsources(int sockfd) receive_fd_sources(sockfd, "_LIBCONTAINER_IDMAP_FDS"); } -static void update_timens(char *map, size_t map_len) +static void update_timens_offsets(char *map, size_t map_len) { if (map == NULL || map_len == 0) return; write_log(DEBUG, "update /proc/self/timens_offsets to '%s'", map); - if (write_file(map, map_len, "/proc/self/timens_offsets") < 0) { - if (errno != EPERM) - bail("failed to update /proc/self/timens_offsets"); - } + if (write_file(map, map_len, "/proc/self/timens_offsets") < 0) + bail("failed to update /proc/self/timens_offsets"); } void nsexec(void) @@ -1174,6 +1172,7 @@ void nsexec(void) * was broken, so we'll just do it the long way anyway. */ try_unshare(config.cloneflags & ~CLONE_NEWCGROUP, "remaining namespaces (except cgroupns)"); + update_timens_offsets(config.timensoffset, config.timensoffset_len); /* Ask our parent to send the mount sources fds. */ if (config.mountsources) { @@ -1207,11 +1206,6 @@ void nsexec(void) bail("failed to sync with parent: SYNC_MOUNT_IDMAP_ACK: got %u", s); } - /* - * set boottime and monotonic timens offsets. - */ - update_timens(config.timensoffset, config.timensoffset_len); - /* * TODO: What about non-namespace clone flags that we're dropping here? * diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go index 0afb4a6d8be..5ccaf356efb 100644 --- a/libcontainer/specconv/spec_linux.go +++ b/libcontainer/specconv/spec_linux.go @@ -422,6 +422,7 @@ func CreateLibcontainerConfig(opts *CreateOpts) (*configs.Config, error) { config.ReadonlyPaths = spec.Linux.ReadonlyPaths config.MountLabel = spec.Linux.MountLabel config.Sysctl = spec.Linux.Sysctl + config.TimeOffsets = spec.Linux.TimeOffsets if spec.Linux.Seccomp != nil { seccomp, err := SetupSeccomp(spec.Linux.Seccomp) if err != nil { @@ -436,9 +437,6 @@ func CreateLibcontainerConfig(opts *CreateOpts) (*configs.Config, error) { MemBwSchema: spec.Linux.IntelRdt.MemBwSchema, } } - - // update timens offsets - config.TimeOffsets = spec.Linux.TimeOffsets } // Set the host UID that should own the container's cgroup. From aa5f4c11372020343d0265ddad060c40963ac60a Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Thu, 10 Aug 2023 18:55:11 +1000 Subject: [PATCH 0346/1176] tests: add several timens tests These are not exhaustive, but at least confirm that the feature is not obviously broken (we correctly set the time offsets). Signed-off-by: Aleksa Sarai --- .../configs/validate/validator_test.go | 35 ++++++++++++ tests/integration/helpers.bash | 5 ++ tests/integration/timens.bats | 55 +++++++++++++++++++ 3 files changed, 95 insertions(+) create mode 100644 tests/integration/timens.bats diff --git a/libcontainer/configs/validate/validator_test.go b/libcontainer/configs/validate/validator_test.go index b6b2d372313..d2b3c70ad9d 100644 --- a/libcontainer/configs/validate/validator_test.go +++ b/libcontainer/configs/validate/validator_test.go @@ -6,6 +6,7 @@ import ( "testing" "github.com/opencontainers/runc/libcontainer/configs" + "github.com/opencontainers/runtime-spec/specs-go" "golang.org/x/sys/unix" ) @@ -201,6 +202,40 @@ func TestValidateUsernamespaceWithoutUserNS(t *testing.T) { } } +func TestValidateTimeNamespace(t *testing.T) { + if _, err := os.Stat("/proc/self/ns/time"); os.IsNotExist(err) { + t.Skip("Test requires timens.") + } + config := &configs.Config{ + Rootfs: "/var", + Namespaces: configs.Namespaces( + []configs.Namespace{ + {Type: configs.NEWTIME}, + }, + ), + } + + err := Validate(config) + if err != nil { + t.Errorf("expected error to not occur %+v", err) + } +} + +func TestValidateTimeOffsetsWithoutTimeNamespace(t *testing.T) { + config := &configs.Config{ + Rootfs: "/var", + TimeOffsets: map[string]specs.LinuxTimeOffset{ + "boottime": {Secs: 150, Nanosecs: 314159}, + "monotonic": {Secs: 512, Nanosecs: 271818}, + }, + } + + err := Validate(config) + if err == nil { + t.Error("Expected error to occur but it was nil") + } +} + // TestConvertSysctlVariableToDotsSeparator tests whether the sysctl variable // can be correctly converted to a dot as a separator. func TestConvertSysctlVariableToDotsSeparator(t *testing.T) { diff --git a/tests/integration/helpers.bash b/tests/integration/helpers.bash index e1ce4214418..65912951d58 100755 --- a/tests/integration/helpers.bash +++ b/tests/integration/helpers.bash @@ -429,6 +429,11 @@ function requires() { skip_me=1 fi ;; + timens) + if [ ! -e "/proc/self/ns/time" ]; then + skip_me=1 + fi + ;; cgroups_v1) init_cgroup_paths if [ ! -v CGROUP_V1 ]; then diff --git a/tests/integration/timens.bats b/tests/integration/timens.bats new file mode 100644 index 00000000000..e0d21d5510f --- /dev/null +++ b/tests/integration/timens.bats @@ -0,0 +1,55 @@ +#!/usr/bin/env bats + +load helpers + +function setup() { + setup_busybox +} + +function teardown() { + teardown_bundle +} + +@test "runc run [timens offsets with no timens]" { + requires timens + + update_config '.process.args = ["cat", "/proc/self/timens_offsets"]' + update_config '.linux.namespaces = .linux.namespace | map(select(.type != "time"))' + update_config '.linux.timeOffsets = { + "monotonic": { "secs": 7881, "nanosecs": 2718281 }, + "boottime": { "secs": 1337, "nanosecs": 3141519 } + }' + + runc run test_busybox + [ "$status" -ne 0 ] +} + +@test "runc run [timens with no offsets]" { + requires timens + + update_config '.process.args = ["cat", "/proc/self/timens_offsets"]' + update_config '.linux.namespaces += [{"type": "time"}] + | .linux.timeOffsets = null' + + runc run test_busybox + [ "$status" -eq 0 ] + # Default offsets are 0. + grep -E '^monotonic\s+0\s+0$' <<<"$output" + grep -E '^boottime\s+0\s+0$' <<<"$output" +} + +@test "runc run [simple timens]" { + requires timens + + update_config '.process.args = ["cat", "/proc/self/timens_offsets"]' + update_config '.linux.namespaces += [{"type": "time"}] + | .linux.timeOffsets = { + "monotonic": { "secs": 7881, "nanosecs": 2718281 }, + "boottime": { "secs": 1337, "nanosecs": 3141519 } + }' + + runc run test_busybox + [ "$status" -eq 0 ] + grep -E '^monotonic\s+7881\s+2718281$' <<<"$output" + grep -E '^boottime\s+1337\s+3141519$' <<<"$output" +} From b0c7ce51588cca89fa32772ccdb50397f218332f Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Fri, 4 Aug 2023 17:57:35 +1000 Subject: [PATCH 0347/1176] makefile: quote TESTFLAGS when passing to containerised make Otherwise TESTFLAGS="-run FooBar" will result in TESTFLAGS=-run being executed in the container. Signed-off-by: Aleksa Sarai --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index c72dd2f414d..0d48fe8c521 100644 --- a/Makefile +++ b/Makefile @@ -105,7 +105,7 @@ unittest: runcimage -t --privileged --rm \ -v /lib/modules:/lib/modules:ro \ -v $(CURDIR):/go/src/$(PROJECT) \ - $(RUNC_IMAGE) make localunittest TESTFLAGS=$(TESTFLAGS) + $(RUNC_IMAGE) make localunittest TESTFLAGS="$(TESTFLAGS)" localunittest: all $(GO) test -timeout 3m -tags "$(BUILDTAGS)" $(TESTFLAGS) -v ./... @@ -115,7 +115,7 @@ integration: runcimage -t --privileged --rm \ -v /lib/modules:/lib/modules:ro \ -v $(CURDIR):/go/src/$(PROJECT) \ - $(RUNC_IMAGE) make localintegration TESTPATH=$(TESTPATH) + $(RUNC_IMAGE) make localintegration TESTPATH="$(TESTPATH)" localintegration: all bats -t tests/integration$(TESTPATH) From c6e7b1a8ec55d0d3f3d6e72c7ea1d8bd6bca0f04 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 15 Aug 2023 18:22:38 -0700 Subject: [PATCH 0348/1176] libct: initProcess.start: fix sync logic The code in this function became quite complicated and not entirely correct over time. As a result, if an error is returned from parseSync, it might end up stuck waiting for the child to finish. 1. Let's not wait() for the child twice. We already do it in the defer statement (call p.terminate()) when we are returning an error. 2. Remove sentResume and sentRun since we do not want to check if these were sent or not. Instead, introduce and check seenProcReady, as procReady is always expected from runc init. 3. Eliminate the possibility to wrap nil as an error. 4. Make sure we always call shutdown on the sync socket, and do not let shutdown error shadow the ierr. This fixes the issue of stuck `runc runc` with the optimization patch (sending procSeccompDone earlier) applied. Signed-off-by: Kir Kolyshkin --- libcontainer/process_linux.go | 24 +++++++----------------- 1 file changed, 7 insertions(+), 17 deletions(-) diff --git a/libcontainer/process_linux.go b/libcontainer/process_linux.go index 48861406dba..41709a4ea21 100644 --- a/libcontainer/process_linux.go +++ b/libcontainer/process_linux.go @@ -451,11 +451,8 @@ func (p *initProcess) start() (retErr error) { if err := p.sendConfig(); err != nil { return fmt.Errorf("error sending config to init process: %w", err) } - var ( - sentRun bool - sentResume bool - ) + var seenProcReady bool ierr := parseSync(p.messageSockPair.parent, func(sync *syncT) error { switch sync.Type { case procSeccomp: @@ -494,6 +491,7 @@ func (p *initProcess) start() (retErr error) { return err } case procReady: + seenProcReady = true // set rlimits, this has to be done here because we lose permissions // to raise the limits once we enter a user-namespace if err := setupRlimits(p.config.Rlimits, p.pid()); err != nil { @@ -555,7 +553,6 @@ func (p *initProcess) start() (retErr error) { if err := writeSync(p.messageSockPair.parent, procRun); err != nil { return err } - sentRun = true case procHooks: // Setup cgroup before prestart hook, so that the prestart hook could apply cgroup permissions. if err := p.manager.Set(p.config.Config.Cgroups.Resources); err != nil { @@ -587,7 +584,6 @@ func (p *initProcess) start() (retErr error) { if err := writeSync(p.messageSockPair.parent, procResume); err != nil { return err } - sentResume = true default: return errors.New("invalid JSON payload from child") } @@ -595,20 +591,14 @@ func (p *initProcess) start() (retErr error) { return nil }) - if !sentRun { - return fmt.Errorf("error during container init: %w", ierr) - } - if p.config.Config.Namespaces.Contains(configs.NEWNS) && !sentResume { - return errors.New("could not synchronise after executing prestart and CreateRuntime hooks with container process") - } - if err := unix.Shutdown(int(p.messageSockPair.parent.Fd()), unix.SHUT_WR); err != nil { + if err := unix.Shutdown(int(p.messageSockPair.parent.Fd()), unix.SHUT_WR); err != nil && ierr == nil { return &os.PathError{Op: "shutdown", Path: "(init pipe)", Err: err} } - - // Must be done after Shutdown so the child will exit and we can wait for it. + if !seenProcReady && ierr == nil { + ierr = errors.New("procReady not received") + } if ierr != nil { - _, _ = p.wait() - return ierr + return fmt.Errorf("error during container init: %w", ierr) } return nil } From f81ef1493d35ad708bf5e08f5ec5bb29d9f45294 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Tue, 8 Aug 2023 11:33:06 +1000 Subject: [PATCH 0349/1176] libcontainer: sync: cleanup synchronisation code This includes quite a few cleanups and improvements to the way we do synchronisation. The core behaviour is unchanged, but switching to embedding json.RawMessage into the synchronisation structure will allow us to do more complicated synchronisation operations in future patches. The file descriptor passing through the synchronisation system feature will be used as part of the idmapped-mount and bind-mount-source features when switching that code to use the new mount API outside of nsexec.c. Signed-off-by: Aleksa Sarai Signed-off-by: Kir Kolyshkin --- contrib/cmd/recvtty/recvtty.go | 4 +- libcontainer/criu_linux.go | 2 +- libcontainer/init_linux.go | 59 ++++------ libcontainer/integration/execin_test.go | 4 +- libcontainer/process_linux.go | 83 ++++++++------ libcontainer/rootfs_linux.go | 3 +- libcontainer/setns_init_linux.go | 2 - libcontainer/sync.go | 141 +++++++++++++++--------- libcontainer/utils/cmsg.go | 85 ++++++++------ libcontainer/utils/utils_unix.go | 2 +- tty.go | 2 +- 11 files changed, 224 insertions(+), 163 deletions(-) diff --git a/contrib/cmd/recvtty/recvtty.go b/contrib/cmd/recvtty/recvtty.go index 35c293de642..532a4c33904 100644 --- a/contrib/cmd/recvtty/recvtty.go +++ b/contrib/cmd/recvtty/recvtty.go @@ -98,7 +98,7 @@ func handleSingle(path string, noStdin bool) error { defer socket.Close() // Get the master file descriptor from runC. - master, err := utils.RecvFd(socket) + master, err := utils.RecvFile(socket) if err != nil { return err } @@ -171,7 +171,7 @@ func handleNull(path string) error { defer socket.Close() // Get the master file descriptor from runC. - master, err := utils.RecvFd(socket) + master, err := utils.RecvFile(socket) if err != nil { return } diff --git a/libcontainer/criu_linux.go b/libcontainer/criu_linux.go index 31c8a900eb1..ec6228399d8 100644 --- a/libcontainer/criu_linux.go +++ b/libcontainer/criu_linux.go @@ -1185,7 +1185,7 @@ func (c *Container) criuNotifications(resp *criurpc.CriuResp, process *Process, defer master.Close() // While we can access console.master, using the API is a good idea. - if err := utils.SendFd(process.ConsoleSocket, master.Name(), master.Fd()); err != nil { + if err := utils.SendFile(process.ConsoleSocket, master); err != nil { return err } case "status-ready": diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go index 2e2d00ff83a..cef1142a2bc 100644 --- a/libcontainer/init_linux.go +++ b/libcontainer/init_linux.go @@ -5,7 +5,6 @@ import ( "encoding/json" "errors" "fmt" - "io" "net" "os" "runtime" @@ -121,11 +120,8 @@ func startInitialization() (retErr error) { defer func() { // If this defer is ever called, this means initialization has failed. // Send the error back to the parent process in the form of an initError. - if err := writeSync(pipe, procError); err != nil { - fmt.Fprintln(os.Stderr, err) - return - } - if err := utils.WriteJSON(pipe, &initError{Message: retErr.Error()}); err != nil { + ierr := initError{Message: retErr.Error()} + if err := writeSyncArg(pipe, procError, ierr); err != nil { fmt.Fprintln(os.Stderr, err) return } @@ -352,7 +348,6 @@ func setupConsole(socket *os.File, config *initConfig, mount bool) error { if err != nil { return err } - // After we return from here, we don't need the console anymore. defer pty.Close() @@ -374,9 +369,11 @@ func setupConsole(socket *os.File, config *initConfig, mount bool) error { } } // While we can access console.master, using the API is a good idea. - if err := utils.SendFd(socket, pty.Name(), pty.Fd()); err != nil { + if err := utils.SendRawFd(socket, pty.Name(), pty.Fd()); err != nil { return err } + runtime.KeepAlive(pty) + // Now, dup over all the things. return dupStdio(slavePath) } @@ -384,12 +381,11 @@ func setupConsole(socket *os.File, config *initConfig, mount bool) error { // syncParentReady sends to the given pipe a JSON payload which indicates that // the init is ready to Exec the child process. It then waits for the parent to // indicate that it is cleared to Exec. -func syncParentReady(pipe io.ReadWriter) error { +func syncParentReady(pipe *os.File) error { // Tell parent. if err := writeSync(pipe, procReady); err != nil { return err } - // Wait for parent to give the all-clear. return readSync(pipe, procRun) } @@ -397,44 +393,37 @@ func syncParentReady(pipe io.ReadWriter) error { // syncParentHooks sends to the given pipe a JSON payload which indicates that // the parent should execute pre-start hooks. It then waits for the parent to // indicate that it is cleared to resume. -func syncParentHooks(pipe io.ReadWriter) error { +func syncParentHooks(pipe *os.File) error { // Tell parent. if err := writeSync(pipe, procHooks); err != nil { return err } - // Wait for parent to give the all-clear. return readSync(pipe, procResume) } -// syncParentSeccomp sends to the given pipe a JSON payload which -// indicates that the parent should pick up the seccomp fd with pidfd_getfd() -// and send it to the seccomp agent over a unix socket. It then waits for -// the parent to indicate that it is cleared to resume and closes the seccompFd. -// If the seccompFd is -1, there isn't anything to sync with the parent, so it -// returns no error. -func syncParentSeccomp(pipe io.ReadWriter, seccompFd int) error { +// syncParentSeccomp sends the fd associated with the seccomp file descriptor +// to the parent, and wait for the parent to do pidfd_getfd() to grab a copy. +func syncParentSeccomp(pipe *os.File, seccompFd int) error { if seccompFd == -1 { return nil } - - // Tell parent. - if err := writeSyncWithFd(pipe, procSeccomp, seccompFd); err != nil { - unix.Close(seccompFd) + defer unix.Close(seccompFd) + + // Tell parent to grab our fd. + // + // Notably, we do not use writeSyncFile here because a container might have + // an SCMP_ACT_NOTIFY action on sendmsg(2) so we need to use the smallest + // possible number of system calls here because all of those syscalls + // cannot be used with SCMP_ACT_NOTIFY as a result (any syscall we use here + // before the parent gets the file descriptor would deadlock "runc init" if + // we allowed it for SCMP_ACT_NOTIFY). See seccomp.InitSeccomp() for more + // details. + if err := writeSyncArg(pipe, procSeccomp, seccompFd); err != nil { return err } - - // Wait for parent to give the all-clear. - if err := readSync(pipe, procSeccompDone); err != nil { - unix.Close(seccompFd) - return fmt.Errorf("sync parent seccomp: %w", err) - } - - if err := unix.Close(seccompFd); err != nil { - return fmt.Errorf("close seccomp fd: %w", err) - } - - return nil + // Wait for parent to tell us they've grabbed the seccompfd. + return readSync(pipe, procSeccompDone) } // setupUser changes the groups, gid, and uid for the user inside the container diff --git a/libcontainer/integration/execin_test.go b/libcontainer/integration/execin_test.go index 58519a419c0..c5c324130c6 100644 --- a/libcontainer/integration/execin_test.go +++ b/libcontainer/integration/execin_test.go @@ -277,9 +277,9 @@ func TestExecInTTY(t *testing.T) { done := make(chan (error)) go func() { - f, err := utils.RecvFd(parent) + f, err := utils.RecvFile(parent) if err != nil { - done <- fmt.Errorf("RecvFd: %w", err) + done <- fmt.Errorf("RecvFile: %w", err) return } c, err := console.ConsoleFromFile(f) diff --git a/libcontainer/process_linux.go b/libcontainer/process_linux.go index 41709a4ea21..7f78f730257 100644 --- a/libcontainer/process_linux.go +++ b/libcontainer/process_linux.go @@ -9,6 +9,7 @@ import ( "os" "os/exec" "path/filepath" + "runtime" "strconv" "time" @@ -171,14 +172,27 @@ func (p *setnsProcess) start() (retErr error) { panic("unexpected procHooks in setns") case procSeccomp: if p.config.Config.Seccomp.ListenerPath == "" { - return errors.New("listenerPath is not set") + return errors.New("seccomp listenerPath is not set") } - - seccompFd, err := recvSeccompFd(uintptr(p.pid()), uintptr(sync.Fd)) + if sync.Arg == nil { + return fmt.Errorf("sync %q is missing an argument", sync.Type) + } + var srcFd int + if err := json.Unmarshal(*sync.Arg, &srcFd); err != nil { + return fmt.Errorf("sync %q passed invalid fd arg: %w", sync.Type, err) + } + seccompFd, err := pidGetFd(p.pid(), srcFd) if err != nil { + return fmt.Errorf("sync %q get fd %d from child failed: %w", sync.Type, srcFd, err) + } + defer seccompFd.Close() + // We have a copy, the child can keep working. We don't need to + // wait for the seccomp notify listener to get the fd before we + // permit the child to continue because the child will happily wait + // for the listener if it hits SCMP_ACT_NOTIFY. + if err := writeSync(p.messageSockPair.parent, procSeccompDone); err != nil { return err } - defer unix.Close(seccompFd) bundle, annotations := utils.Annotations(p.config.Config.Labels) containerProcessState := &specs.ContainerProcessState{ @@ -199,15 +213,10 @@ func (p *setnsProcess) start() (retErr error) { containerProcessState, seccompFd); err != nil { return err } - - // Sync with child. - if err := writeSync(p.messageSockPair.parent, procSeccompDone); err != nil { - return err - } - return nil default: return errors.New("invalid JSON payload from child") } + return nil }) if err := unix.Shutdown(int(p.messageSockPair.parent.Fd()), unix.SHUT_WR); err != nil { @@ -457,14 +466,27 @@ func (p *initProcess) start() (retErr error) { switch sync.Type { case procSeccomp: if p.config.Config.Seccomp.ListenerPath == "" { - return errors.New("listenerPath is not set") + return errors.New("seccomp listenerPath is not set") } - - seccompFd, err := recvSeccompFd(uintptr(childPid), uintptr(sync.Fd)) + var srcFd int + if sync.Arg == nil { + return fmt.Errorf("sync %q is missing an argument", sync.Type) + } + if err := json.Unmarshal(*sync.Arg, &srcFd); err != nil { + return fmt.Errorf("sync %q passed invalid fd arg: %w", sync.Type, err) + } + seccompFd, err := pidGetFd(p.pid(), srcFd) if err != nil { + return fmt.Errorf("sync %q get fd %d from child failed: %w", sync.Type, srcFd, err) + } + defer seccompFd.Close() + // We have a copy, the child can keep working. We don't need to + // wait for the seccomp notify listener to get the fd before we + // permit the child to continue because the child will happily wait + // for the listener if it hits SCMP_ACT_NOTIFY. + if err := writeSync(p.messageSockPair.parent, procSeccompDone); err != nil { return err } - defer unix.Close(seccompFd) s, err := p.container.currentOCIState() if err != nil { @@ -485,11 +507,6 @@ func (p *initProcess) start() (retErr error) { containerProcessState, seccompFd); err != nil { return err } - - // Sync with child. - if err := writeSync(p.messageSockPair.parent, procSeccompDone); err != nil { - return err - } case procReady: seenProcReady = true // set rlimits, this has to be done here because we lose permissions @@ -587,7 +604,6 @@ func (p *initProcess) start() (retErr error) { default: return errors.New("invalid JSON payload from child") } - return nil }) @@ -674,22 +690,20 @@ func (p *initProcess) forwardChildLogs() chan error { return logs.ForwardLogs(p.logFilePair.parent) } -func recvSeccompFd(childPid, childFd uintptr) (int, error) { - pidfd, _, errno := unix.Syscall(unix.SYS_PIDFD_OPEN, childPid, 0, 0) - if errno != 0 { - return -1, fmt.Errorf("performing SYS_PIDFD_OPEN syscall: %w", errno) +func pidGetFd(pid, srcFd int) (*os.File, error) { + pidFd, err := unix.PidfdOpen(pid, 0) + if err != nil { + return nil, os.NewSyscallError("pidfd_open", err) } - defer unix.Close(int(pidfd)) - - seccompFd, _, errno := unix.Syscall(unix.SYS_PIDFD_GETFD, pidfd, childFd, 0) - if errno != 0 { - return -1, fmt.Errorf("performing SYS_PIDFD_GETFD syscall: %w", errno) + defer unix.Close(pidFd) + fd, err := unix.PidfdGetfd(pidFd, srcFd, 0) + if err != nil { + return nil, os.NewSyscallError("pidfd_getfd", err) } - - return int(seccompFd), nil + return os.NewFile(uintptr(fd), "[pidfd_getfd]"), nil } -func sendContainerProcessState(listenerPath string, state *specs.ContainerProcessState, fd int) error { +func sendContainerProcessState(listenerPath string, state *specs.ContainerProcessState, file *os.File) error { conn, err := net.Dial("unix", listenerPath) if err != nil { return fmt.Errorf("failed to connect with seccomp agent specified in the seccomp profile: %w", err) @@ -706,11 +720,10 @@ func sendContainerProcessState(listenerPath string, state *specs.ContainerProces return fmt.Errorf("cannot marshall seccomp state: %w", err) } - err = utils.SendFds(socket, b, fd) - if err != nil { + if err := utils.SendRawFd(socket, string(b), file.Fd()); err != nil { return fmt.Errorf("cannot send seccomp fd to %s: %w", listenerPath, err) } - + runtime.KeepAlive(file) return nil } diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index 54a2ff57a85..be6c73000eb 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -3,7 +3,6 @@ package libcontainer import ( "errors" "fmt" - "io" "os" "path" "path/filepath" @@ -64,7 +63,7 @@ func needsSetupDev(config *configs.Config) bool { // prepareRootfs sets up the devices, mount points, and filesystems for use // inside a new mount namespace. It doesn't set anything as ro. You must call // finalizeRootfs after this function to finish setting up the rootfs. -func prepareRootfs(pipe io.ReadWriter, iConfig *initConfig, mountFds mountFds) (err error) { +func prepareRootfs(pipe *os.File, iConfig *initConfig, mountFds mountFds) (err error) { config := iConfig.Config if err := prepareRoot(config); err != nil { return fmt.Errorf("error preparing rootfs: %w", err) diff --git a/libcontainer/setns_init_linux.go b/libcontainer/setns_init_linux.go index ac58190758a..40a47a2e95c 100644 --- a/libcontainer/setns_init_linux.go +++ b/libcontainer/setns_init_linux.go @@ -75,7 +75,6 @@ func (l *linuxSetnsInit) Init() error { if err != nil { return err } - if err := syncParentSeccomp(l.pipe, seccompFd); err != nil { return err } @@ -94,7 +93,6 @@ func (l *linuxSetnsInit) Init() error { if err != nil { return fmt.Errorf("unable to init seccomp: %w", err) } - if err := syncParentSeccomp(l.pipe, seccompFd); err != nil { return err } diff --git a/libcontainer/sync.go b/libcontainer/sync.go index 25dc2863071..25507e58ad9 100644 --- a/libcontainer/sync.go +++ b/libcontainer/sync.go @@ -5,6 +5,7 @@ import ( "errors" "fmt" "io" + "os" "github.com/opencontainers/runc/libcontainer/utils" ) @@ -15,15 +16,19 @@ type syncType string // during container setup. They come in pairs (with procError being a generic // response which is followed by an &initError). // -// [ child ] <-> [ parent ] +// [ child ] <-> [ parent ] // -// procHooks --> [run hooks] -// <-- procResume +// procSeccomp --> [forward fd to listenerPath] +// file: seccomp fd +// --- no return synchronisation // -// procReady --> [final setup] -// <-- procRun +// procHooks --> [run hooks] +// <-- procResume // -// procSeccomp --> [pick up seccomp fd with pidfd_getfd()] +// procReady --> [final setup] +// <-- procRun +// +// procSeccomp --> [grab seccomp fd with pidfd_getfd()] // <-- procSeccompDone const ( procError syncType = "procError" @@ -35,9 +40,17 @@ const ( procSeccompDone syncType = "procSeccompDone" ) +type syncFlags int + +const ( + syncFlagHasFd syncFlags = (1 << iota) +) + type syncT struct { - Type syncType `json:"type"` - Fd int `json:"fd"` + Type syncType `json:"type"` + Flags syncFlags `json:"flags"` + Arg *json.RawMessage `json:"arg,omitempty"` + File *os.File `json:"-"` // passed oob through SCM_RIGHTS } // initError is used to wrap errors for passing them via JSON, @@ -50,74 +63,100 @@ func (i initError) Error() string { return i.Message } -// writeSync is used to write to a synchronisation pipe. An error is returned -// if there was a problem writing the payload. -func writeSync(pipe io.Writer, sync syncType) error { - return writeSyncWithFd(pipe, sync, -1) +func doWriteSync(pipe *os.File, sync syncT) error { + sync.Flags &= ^syncFlagHasFd + if sync.File != nil { + sync.Flags |= syncFlagHasFd + } + if err := utils.WriteJSON(pipe, sync); err != nil { + return fmt.Errorf("writing sync %q: %w", sync.Type, err) + } + if sync.Flags&syncFlagHasFd != 0 { + if err := utils.SendFile(pipe, sync.File); err != nil { + return fmt.Errorf("sending file after sync %q: %w", sync.Type, err) + } + } + return nil +} + +func writeSync(pipe *os.File, sync syncType) error { + return doWriteSync(pipe, syncT{Type: sync}) } -// writeSyncWithFd is used to write to a synchronisation pipe. An error is -// returned if there was a problem writing the payload. -func writeSyncWithFd(pipe io.Writer, sync syncType, fd int) error { - if err := utils.WriteJSON(pipe, syncT{sync, fd}); err != nil { - return fmt.Errorf("writing syncT %q: %w", string(sync), err) +func writeSyncArg(pipe *os.File, sync syncType, arg interface{}) error { + argJSON, err := json.Marshal(arg) + if err != nil { + return fmt.Errorf("writing sync %q: marshal argument failed: %w", sync, err) } - return nil + argJSONMsg := json.RawMessage(argJSON) + return doWriteSync(pipe, syncT{Type: sync, Arg: &argJSONMsg}) } -// readSync is used to read from a synchronisation pipe. An error is returned -// if we got an initError, the pipe was closed, or we got an unexpected flag. -func readSync(pipe io.Reader, expected syncType) error { - var procSync syncT - if err := json.NewDecoder(pipe).Decode(&procSync); err != nil { +func doReadSync(pipe *os.File) (syncT, error) { + var sync syncT + if err := json.NewDecoder(pipe).Decode(&sync); err != nil { if errors.Is(err, io.EOF) { - return errors.New("parent closed synchronisation channel") + return sync, err } - return fmt.Errorf("failed reading error from parent: %w", err) + return sync, fmt.Errorf("reading from parent failed: %w", err) } - - if procSync.Type == procError { + if sync.Type == procError { var ierr initError - - if err := json.NewDecoder(pipe).Decode(&ierr); err != nil { - return fmt.Errorf("failed reading error from parent: %w", err) + if sync.Arg == nil { + return sync, errors.New("procError missing error payload") } + if err := json.Unmarshal(*sync.Arg, &ierr); err != nil { + return sync, fmt.Errorf("unmarshal procError failed: %w", err) + } + return sync, &ierr + } + if sync.Flags&syncFlagHasFd != 0 { + file, err := utils.RecvFile(pipe) + if err != nil { + return sync, fmt.Errorf("receiving fd from sync %q failed: %w", sync.Type, err) + } + sync.File = file + } + return sync, nil +} - return &ierr +func readSyncFull(pipe *os.File, expected syncType) (syncT, error) { + sync, err := doReadSync(pipe) + if err != nil { + return sync, err + } + if sync.Type != expected { + return sync, fmt.Errorf("unexpected synchronisation flag: got %q, expected %q", sync.Type, expected) } + return sync, nil +} - if procSync.Type != expected { - return errors.New("invalid synchronisation flag from parent") +func readSync(pipe *os.File, expected syncType) error { + sync, err := readSyncFull(pipe, expected) + if err != nil { + return err + } + if sync.Arg != nil { + return fmt.Errorf("sync %q had unexpected argument passed: %q", expected, string(*sync.Arg)) + } + if sync.File != nil { + _ = sync.File.Close() + return fmt.Errorf("sync %q had unexpected file passed", sync.Type) } return nil } // parseSync runs the given callback function on each syncT received from the // child. It will return once io.EOF is returned from the given pipe. -func parseSync(pipe io.Reader, fn func(*syncT) error) error { - dec := json.NewDecoder(pipe) +func parseSync(pipe *os.File, fn func(*syncT) error) error { for { - var sync syncT - if err := dec.Decode(&sync); err != nil { + sync, err := doReadSync(pipe) + if err != nil { if errors.Is(err, io.EOF) { break } return err } - - // We handle this case outside fn for cleanliness reasons. - var ierr *initError - if sync.Type == procError { - if err := dec.Decode(&ierr); err != nil && !errors.Is(err, io.EOF) { - return fmt.Errorf("error decoding proc error from init: %w", err) - } - if ierr != nil { - return ierr - } - // Programmer error. - panic("No error following JSON procError payload.") - } - if err := fn(&sync); err != nil { return err } diff --git a/libcontainer/utils/cmsg.go b/libcontainer/utils/cmsg.go index fd9326cb59a..2edd1417af3 100644 --- a/libcontainer/utils/cmsg.go +++ b/libcontainer/utils/cmsg.go @@ -19,13 +19,14 @@ package utils import ( "fmt" "os" + "runtime" "golang.org/x/sys/unix" ) -// MaxNameLen is the maximum length of the name of a file descriptor being -// sent using SendFd. The name of the file handle returned by RecvFd will never -// be larger than this value. +// MaxNameLen is the maximum length of the name of a file descriptor being sent +// using SendFile. The name of the file handle returned by RecvFile will never be +// larger than this value. const MaxNameLen = 4096 // oobSpace is the size of the oob slice required to store a single FD. Note @@ -33,26 +34,21 @@ const MaxNameLen = 4096 // so sizeof(fd) = 4. var oobSpace = unix.CmsgSpace(4) -// RecvFd waits for a file descriptor to be sent over the given AF_UNIX +// RecvFile waits for a file descriptor to be sent over the given AF_UNIX // socket. The file name of the remote file descriptor will be recreated // locally (it is sent as non-auxiliary data in the same payload). -func RecvFd(socket *os.File) (*os.File, error) { - // For some reason, unix.Recvmsg uses the length rather than the capacity - // when passing the msg_controllen and other attributes to recvmsg. So we - // have to actually set the length. +func RecvFile(socket *os.File) (_ *os.File, Err error) { name := make([]byte, MaxNameLen) oob := make([]byte, oobSpace) sockfd := socket.Fd() - n, oobn, _, _, err := unix.Recvmsg(int(sockfd), name, oob, 0) + n, oobn, _, _, err := unix.Recvmsg(int(sockfd), name, oob, unix.MSG_CMSG_CLOEXEC) if err != nil { return nil, err } - if n >= MaxNameLen || oobn != oobSpace { - return nil, fmt.Errorf("recvfd: incorrect number of bytes read (n=%d oobn=%d)", n, oobn) + return nil, fmt.Errorf("recvfile: incorrect number of bytes read (n=%d oobn=%d)", n, oobn) } - // Truncate. name = name[:n] oob = oob[:oobn] @@ -61,36 +57,63 @@ func RecvFd(socket *os.File) (*os.File, error) { if err != nil { return nil, err } - if len(scms) != 1 { - return nil, fmt.Errorf("recvfd: number of SCMs is not 1: %d", len(scms)) + + // We cannot control how many SCM_RIGHTS we receive, and upon receiving + // them all of the descriptors are installed in our fd table, so we need to + // parse all of the SCM_RIGHTS we received in order to close all of the + // descriptors on error. + var fds []int + defer func() { + for i, fd := range fds { + if i == 0 && Err == nil { + // Only close the first one on error. + continue + } + // Always close extra ones. + _ = unix.Close(fd) + } + }() + var lastErr error + for _, scm := range scms { + if scm.Header.Type == unix.SCM_RIGHTS { + scmFds, err := unix.ParseUnixRights(&scm) + if err != nil { + lastErr = err + } else { + fds = append(fds, scmFds...) + } + } + } + if lastErr != nil { + return nil, lastErr } - scm := scms[0] - fds, err := unix.ParseUnixRights(&scm) - if err != nil { - return nil, err + // We do this after collecting the fds to make sure we close them all when + // returning an error here. + if len(scms) != 1 { + return nil, fmt.Errorf("recvfd: number of SCMs is not 1: %d", len(scms)) } if len(fds) != 1 { return nil, fmt.Errorf("recvfd: number of fds is not 1: %d", len(fds)) } - fd := uintptr(fds[0]) - - return os.NewFile(fd, string(name)), nil + return os.NewFile(uintptr(fds[0]), string(name)), nil } -// SendFd sends a file descriptor over the given AF_UNIX socket. In -// addition, the file.Name() of the given file will also be sent as -// non-auxiliary data in the same payload (allowing to send contextual -// information for a file descriptor). -func SendFd(socket *os.File, name string, fd uintptr) error { +// SendFile sends a file over the given AF_UNIX socket. file.Name() is also +// included so that if the other end uses RecvFile, the file will have the same +// name information. +func SendFile(socket *os.File, file *os.File) error { + name := file.Name() if len(name) >= MaxNameLen { return fmt.Errorf("sendfd: filename too long: %s", name) } - return SendFds(socket, []byte(name), int(fd)) + err := SendRawFd(socket, name, file.Fd()) + runtime.KeepAlive(file) + return err } -// SendFds sends a list of files descriptor and msg over the given AF_UNIX socket. -func SendFds(socket *os.File, msg []byte, fds ...int) error { - oob := unix.UnixRights(fds...) - return unix.Sendmsg(int(socket.Fd()), msg, oob, nil, 0) +// SendRawFd sends a specific file descriptor over the given AF_UNIX socket. +func SendRawFd(socket *os.File, msg string, fd uintptr) error { + oob := unix.UnixRights(int(fd)) + return unix.Sendmsg(int(socket.Fd()), []byte(msg), oob, nil, 0) } diff --git a/libcontainer/utils/utils_unix.go b/libcontainer/utils/utils_unix.go index 6b9a7be038f..ca520b63b36 100644 --- a/libcontainer/utils/utils_unix.go +++ b/libcontainer/utils/utils_unix.go @@ -91,7 +91,7 @@ func CloseExecFrom(minFd int) error { } // NewSockPair returns a new unix socket pair -func NewSockPair(name string) (parent *os.File, child *os.File, err error) { +func NewSockPair(name string) (parent, child *os.File, err error) { fds, err := unix.Socketpair(unix.AF_LOCAL, unix.SOCK_STREAM|unix.SOCK_CLOEXEC, 0) if err != nil { return nil, nil, err diff --git a/tty.go b/tty.go index fba3e025bc0..c101aacb78b 100644 --- a/tty.go +++ b/tty.go @@ -100,7 +100,7 @@ func (t *tty) initHostConsole() error { } func (t *tty) recvtty(socket *os.File) (Err error) { - f, err := utils.RecvFd(socket) + f, err := utils.RecvFile(socket) if err != nil { return err } From 20b95f23ca33cb1751ee0b5318e1d5f3676032c6 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Tue, 8 Aug 2023 11:42:24 +1000 Subject: [PATCH 0350/1176] libcontainer: seccomp: pass around *os.File for notifyfd *os.File is correctly tracked by the garbage collector, and there's no need to use raw file descriptors for this code. Signed-off-by: Aleksa Sarai --- libcontainer/init_linux.go | 8 ++--- libcontainer/seccomp/patchbpf/enosys_linux.go | 13 ++++--- libcontainer/seccomp/seccomp_linux.go | 35 +++++++++---------- libcontainer/seccomp/seccomp_unsupported.go | 7 ++-- 4 files changed, 31 insertions(+), 32 deletions(-) diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go index cef1142a2bc..7b6c8113b6c 100644 --- a/libcontainer/init_linux.go +++ b/libcontainer/init_linux.go @@ -404,11 +404,11 @@ func syncParentHooks(pipe *os.File) error { // syncParentSeccomp sends the fd associated with the seccomp file descriptor // to the parent, and wait for the parent to do pidfd_getfd() to grab a copy. -func syncParentSeccomp(pipe *os.File, seccompFd int) error { - if seccompFd == -1 { +func syncParentSeccomp(pipe *os.File, seccompFd *os.File) error { + if seccompFd == nil { return nil } - defer unix.Close(seccompFd) + defer seccompFd.Close() // Tell parent to grab our fd. // @@ -419,7 +419,7 @@ func syncParentSeccomp(pipe *os.File, seccompFd int) error { // before the parent gets the file descriptor would deadlock "runc init" if // we allowed it for SCMP_ACT_NOTIFY). See seccomp.InitSeccomp() for more // details. - if err := writeSyncArg(pipe, procSeccomp, seccompFd); err != nil { + if err := writeSyncArg(pipe, procSeccomp, seccompFd.Fd()); err != nil { return err } // Wait for parent to tell us they've grabbed the seccompfd. diff --git a/libcontainer/seccomp/patchbpf/enosys_linux.go b/libcontainer/seccomp/patchbpf/enosys_linux.go index 7fc9fd662c3..40e51533410 100644 --- a/libcontainer/seccomp/patchbpf/enosys_linux.go +++ b/libcontainer/seccomp/patchbpf/enosys_linux.go @@ -690,17 +690,17 @@ func sysSeccompSetFilter(flags uint, filter []unix.SockFilter) (fd int, err erro // patches said filter to handle -ENOSYS in a much nicer manner than the // default libseccomp default action behaviour, and loads the patched filter // into the kernel for the current process. -func PatchAndLoad(config *configs.Seccomp, filter *libseccomp.ScmpFilter) (int, error) { +func PatchAndLoad(config *configs.Seccomp, filter *libseccomp.ScmpFilter) (*os.File, error) { // Generate a patched filter. fprog, err := enosysPatchFilter(config, filter) if err != nil { - return -1, fmt.Errorf("error patching filter: %w", err) + return nil, fmt.Errorf("error patching filter: %w", err) } // Get the set of libseccomp flags set. seccompFlags, noNewPrivs, err := filterFlags(config, filter) if err != nil { - return -1, fmt.Errorf("unable to fetch seccomp filter flags: %w", err) + return nil, fmt.Errorf("unable to fetch seccomp filter flags: %w", err) } // Set no_new_privs if it was requested, though in runc we handle @@ -708,15 +708,14 @@ func PatchAndLoad(config *configs.Seccomp, filter *libseccomp.ScmpFilter) (int, if noNewPrivs { logrus.Warnf("potentially misconfigured filter -- setting no_new_privs in seccomp path") if err := unix.Prctl(unix.PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0); err != nil { - return -1, fmt.Errorf("error enabling no_new_privs bit: %w", err) + return nil, fmt.Errorf("error enabling no_new_privs bit: %w", err) } } // Finally, load the filter. fd, err := sysSeccompSetFilter(seccompFlags, fprog) if err != nil { - return -1, fmt.Errorf("error loading seccomp filter: %w", err) + return nil, fmt.Errorf("error loading seccomp filter: %w", err) } - - return fd, nil + return os.NewFile(uintptr(fd), "[seccomp filter]"), nil } diff --git a/libcontainer/seccomp/seccomp_linux.go b/libcontainer/seccomp/seccomp_linux.go index fed02bcedc4..2c64ebbbadd 100644 --- a/libcontainer/seccomp/seccomp_linux.go +++ b/libcontainer/seccomp/seccomp_linux.go @@ -6,6 +6,7 @@ package seccomp import ( "errors" "fmt" + "os" libseccomp "github.com/seccomp/libseccomp-golang" "github.com/sirupsen/logrus" @@ -27,17 +28,16 @@ const ( ) // InitSeccomp installs the seccomp filters to be used in the container as -// specified in config. -// Returns the seccomp file descriptor if any of the filters include a -// SCMP_ACT_NOTIFY action, otherwise returns -1. -func InitSeccomp(config *configs.Seccomp) (int, error) { +// specified in config. Returns the seccomp file descriptor if any of the +// filters include a SCMP_ACT_NOTIFY action. +func InitSeccomp(config *configs.Seccomp) (*os.File, error) { if config == nil { - return -1, errors.New("cannot initialize Seccomp - nil config passed") + return nil, errors.New("cannot initialize Seccomp - nil config passed") } defaultAction, err := getAction(config.DefaultAction, config.DefaultErrnoRet) if err != nil { - return -1, errors.New("error initializing seccomp - invalid default action") + return nil, errors.New("error initializing seccomp - invalid default action") } // Ignore the error since pre-2.4 libseccomp is treated as API level 0. @@ -45,7 +45,7 @@ func InitSeccomp(config *configs.Seccomp) (int, error) { for _, call := range config.Syscalls { if call.Action == configs.Notify { if apiLevel < 6 { - return -1, fmt.Errorf("seccomp notify unsupported: API level: got %d, want at least 6. Please try with libseccomp >= 2.5.0 and Linux >= 5.7", apiLevel) + return nil, fmt.Errorf("seccomp notify unsupported: API level: got %d, want at least 6. Please try with libseccomp >= 2.5.0 and Linux >= 5.7", apiLevel) } // We can't allow the write syscall to notify to the seccomp agent. @@ -61,36 +61,36 @@ func InitSeccomp(config *configs.Seccomp) (int, error) { // agent allows those syscalls to proceed, initialization works just fine and the agent can // handle future read()/close() syscalls as it wanted. if call.Name == "write" { - return -1, errors.New("SCMP_ACT_NOTIFY cannot be used for the write syscall") + return nil, errors.New("SCMP_ACT_NOTIFY cannot be used for the write syscall") } } } // See comment on why write is not allowed. The same reason applies, as this can mean handling write too. if defaultAction == libseccomp.ActNotify { - return -1, errors.New("SCMP_ACT_NOTIFY cannot be used as default action") + return nil, errors.New("SCMP_ACT_NOTIFY cannot be used as default action") } filter, err := libseccomp.NewFilter(defaultAction) if err != nil { - return -1, fmt.Errorf("error creating filter: %w", err) + return nil, fmt.Errorf("error creating filter: %w", err) } // Add extra architectures for _, arch := range config.Architectures { scmpArch, err := libseccomp.GetArchFromString(arch) if err != nil { - return -1, fmt.Errorf("error validating Seccomp architecture: %w", err) + return nil, fmt.Errorf("error validating Seccomp architecture: %w", err) } if err := filter.AddArch(scmpArch); err != nil { - return -1, fmt.Errorf("error adding architecture to seccomp filter: %w", err) + return nil, fmt.Errorf("error adding architecture to seccomp filter: %w", err) } } // Add extra flags. for _, flag := range config.Flags { if err := setFlag(filter, flag); err != nil { - return -1, err + return nil, err } } @@ -110,25 +110,24 @@ func InitSeccomp(config *configs.Seccomp) (int, error) { // Unset no new privs bit if err := filter.SetNoNewPrivsBit(false); err != nil { - return -1, fmt.Errorf("error setting no new privileges: %w", err) + return nil, fmt.Errorf("error setting no new privileges: %w", err) } // Add a rule for each syscall for _, call := range config.Syscalls { if call == nil { - return -1, errors.New("encountered nil syscall while initializing Seccomp") + return nil, errors.New("encountered nil syscall while initializing Seccomp") } if err := matchCall(filter, call, defaultAction); err != nil { - return -1, err + return nil, err } } seccompFd, err := patchbpf.PatchAndLoad(config, filter) if err != nil { - return -1, fmt.Errorf("error loading seccomp filter into kernel: %w", err) + return nil, fmt.Errorf("error loading seccomp filter into kernel: %w", err) } - return seccompFd, nil } diff --git a/libcontainer/seccomp/seccomp_unsupported.go b/libcontainer/seccomp/seccomp_unsupported.go index 885529dc7d0..b08a3498687 100644 --- a/libcontainer/seccomp/seccomp_unsupported.go +++ b/libcontainer/seccomp/seccomp_unsupported.go @@ -5,6 +5,7 @@ package seccomp import ( "errors" + "os" "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runtime-spec/specs-go" @@ -13,11 +14,11 @@ import ( var ErrSeccompNotEnabled = errors.New("seccomp: config provided but seccomp not supported") // InitSeccomp does nothing because seccomp is not supported. -func InitSeccomp(config *configs.Seccomp) (int, error) { +func InitSeccomp(config *configs.Seccomp) (*os.File, error) { if config != nil { - return -1, ErrSeccompNotEnabled + return nil, ErrSeccompNotEnabled } - return -1, nil + return nil, nil } // FlagSupported tells if a provided seccomp flag is supported. From 5c7839b50315a6874fc8e4989960de5ed4f57d14 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Wed, 2 Aug 2023 12:33:14 +1000 Subject: [PATCH 0351/1176] rootfs: use empty src for MS_REMOUNT The kernel ignores these arguments, and passing them can lead to confusing error messages (the old source is irrelevant for MS_REMOUNT), as well as causing issues for a future patch where we switch to move_mount(2). Signed-off-by: Aleksa Sarai --- libcontainer/rootfs_linux.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index be6c73000eb..4212b33a314 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -1105,7 +1105,7 @@ func writeSystemProperty(key, value string) error { func remount(m mountEntry, rootfs string, noMountFallback bool) error { return utils.WithProcfd(rootfs, m.Destination, func(dstFD string) error { flags := uintptr(m.Flags | unix.MS_REMOUNT) - err := mountViaFDs(m.Source, m.srcFD, m.Destination, dstFD, m.Device, flags, "") + err := mountViaFDs("", nil, m.Destination, dstFD, m.Device, flags, "") if err == nil { return nil } @@ -1129,7 +1129,7 @@ func remount(m mountEntry, rootfs string, noMountFallback bool) error { } // ... and retry the mount with flags found above. flags |= uintptr(int(s.Flags) & checkflags) - return mountViaFDs(m.Source, m.srcFD, m.Destination, dstFD, m.Device, flags, "") + return mountViaFDs("", nil, m.Destination, dstFD, m.Device, flags, "") }) } From 8aa97ad3a38833359511c8b5c7320e2b714b53c9 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Tue, 1 Aug 2023 20:30:53 +1000 Subject: [PATCH 0352/1176] nsexec: remove cgroupns special-casing The original implementation of cgroupns had additional synchronisation to "ensure" that the process is in the correct cgroup before unsharing the cgroupns. This behaviour was actually never necessary, and after commit 5110bd2fc026 ("nsenter: remove cgroupns sync mechanism") there is no synchronisation at all, meaning that CLONE_NEWCGROUP should not get any special treatment. Fixes: 5110bd2fc026 ("nsenter: remove cgroupns sync mechanism") Fixes: df3fa115f974 ("Add support for cgroup namespace") Signed-off-by: Aleksa Sarai --- libcontainer/nsenter/nsexec.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/libcontainer/nsenter/nsexec.c b/libcontainer/nsenter/nsexec.c index 07d9e0df130..17e0468c6af 100644 --- a/libcontainer/nsenter/nsexec.c +++ b/libcontainer/nsenter/nsexec.c @@ -1171,7 +1171,7 @@ void nsexec(void) * some old kernel versions where clone(CLONE_PARENT | CLONE_NEWPID) * was broken, so we'll just do it the long way anyway. */ - try_unshare(config.cloneflags & ~CLONE_NEWCGROUP, "remaining namespaces (except cgroupns)"); + try_unshare(config.cloneflags, "remaining namespaces"); update_timens_offsets(config.timensoffset, config.timensoffset_len); /* Ask our parent to send the mount sources fds. */ @@ -1302,10 +1302,6 @@ void nsexec(void) bail("setgroups failed"); } - if (config.cloneflags & CLONE_NEWCGROUP) { - try_unshare(CLONE_NEWCGROUP, "cgroup namespace"); - } - write_log(DEBUG, "signal completion to stage-0"); s = SYNC_CHILD_FINISH; if (write(syncfd, &s, sizeof(s)) != sizeof(s)) From 1f25724a962c8049d876915085d348fbc2154f7f Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Sun, 6 Aug 2023 13:59:06 +1000 Subject: [PATCH 0353/1176] configs: fix idmapped mounts json field names In the runc state JSON we always use snake_case. This is a no-op change, but it will cause any existing container state files to be incorrectly parsed. Luckily, commit fbf183c6f8c4 ("Add uid and gid mappings to mounts") has never been in a runc release so we can change this before a 1.2.z release. Fixes: fbf183c6f8c4 ("Add uid and gid mappings to mounts") Signed-off-by: Aleksa Sarai --- libcontainer/configs/mount_linux.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libcontainer/configs/mount_linux.go b/libcontainer/configs/mount_linux.go index a4275df3a03..6d4106de0c6 100644 --- a/libcontainer/configs/mount_linux.go +++ b/libcontainer/configs/mount_linux.go @@ -34,13 +34,13 @@ type Mount struct { // Note that, the underlying filesystem should support this feature to be // used. // Every mount point could have its own mapping. - UIDMappings []IDMap `json:"uidMappings,omitempty"` + UIDMappings []IDMap `json:"uid_mappings,omitempty"` // GIDMappings is used to changing file group owners w/o calling chown. // Note that, the underlying filesystem should support this feature to be // used. // Every mount point could have its own mapping. - GIDMappings []IDMap `json:"gidMappings,omitempty"` + GIDMappings []IDMap `json:"gid_mappings,omitempty"` } func (m *Mount) IsBind() bool { From b22073c5fe8237882bf353fe8b549de56b077577 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 15 Aug 2023 19:37:28 -0700 Subject: [PATCH 0354/1176] ci/gha: add job timeouts The default timeout is 360 minutes, which is way long for these jobs. If the CI (or a test) has stuck, we'd better know about it earlier than in 6 hours. Set the timeouts for some [relatively] long running jobs conservatively: - test and release jobs usually take ~10 minutes; - lint job takes 1 minute (but can be a few times slower when we switch Go or golangci-lint version); - cross-386 job takes about 2 minutes; - the rest is seconds (and I am lazy to set timeouts everywhere). Signed-off-by: Kir Kolyshkin --- .github/workflows/test.yml | 2 ++ .github/workflows/validate.yml | 2 ++ 2 files changed, 4 insertions(+) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 7ed6ab1c423..3381bf23d1b 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -19,6 +19,7 @@ env: jobs: test: + timeout-minutes: 30 strategy: fail-fast: false matrix: @@ -113,6 +114,7 @@ jobs: # We are not interested in providing official support for i386. cross-i386: runs-on: ubuntu-22.04 + timeout-minutes: 15 steps: diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 984e4f6721b..f3b9e676585 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -21,6 +21,7 @@ jobs: run: make validate-keyring lint: + timeout-minutes: 30 permissions: contents: read pull-requests: read @@ -159,6 +160,7 @@ jobs: release: + timeout-minutes: 30 runs-on: ubuntu-22.04 steps: - name: checkout From 671e211ef8791239fd0d281e81ccbf7af2d72153 Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Wed, 23 Aug 2023 15:57:16 +0200 Subject: [PATCH 0355/1176] vendor: Update runtime-spec to expose mountExtensions Future commits will expose this info in the features sub-command. Signed-off-by: Rodrigo Campos --- go.mod | 2 +- go.sum | 4 ++-- .../specs-go/features/features.go | 24 +++++++++++++++---- .../runtime-spec/specs-go/version.go | 2 +- vendor/modules.txt | 2 +- 5 files changed, 24 insertions(+), 10 deletions(-) diff --git a/go.mod b/go.mod index ddde397f4bf..cf33bbe284d 100644 --- a/go.mod +++ b/go.mod @@ -12,7 +12,7 @@ require ( github.com/godbus/dbus/v5 v5.1.0 github.com/moby/sys/mountinfo v0.6.2 github.com/mrunalp/fileutils v0.5.0 - github.com/opencontainers/runtime-spec v1.1.0 + github.com/opencontainers/runtime-spec v1.1.1-0.20230823135140-4fec88fd00a4 github.com/opencontainers/selinux v1.11.0 github.com/seccomp/libseccomp-golang v0.10.0 github.com/sirupsen/logrus v1.9.3 diff --git a/go.sum b/go.sum index ba4dfeffaf2..cc133684550 100644 --- a/go.sum +++ b/go.sum @@ -30,8 +30,8 @@ github.com/moby/sys/mountinfo v0.6.2 h1:BzJjoreD5BMFNmD9Rus6gdd1pLuecOFPt8wC+Vyg github.com/moby/sys/mountinfo v0.6.2/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI= github.com/mrunalp/fileutils v0.5.0 h1:NKzVxiH7eSk+OQ4M+ZYW1K6h27RUV3MI6NUTsHhU6Z4= github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ= -github.com/opencontainers/runtime-spec v1.1.0 h1:HHUyrt9mwHUjtasSbXSMvs4cyFxh+Bll4AjJ9odEGpg= -github.com/opencontainers/runtime-spec v1.1.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= +github.com/opencontainers/runtime-spec v1.1.1-0.20230823135140-4fec88fd00a4 h1:EctkgBjZ1y4q+sibyuuIgiKpa0QSd2elFtSSdNvBVow= +github.com/opencontainers/runtime-spec v1.1.1-0.20230823135140-4fec88fd00a4/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/selinux v1.11.0 h1:+5Zbo97w3Lbmb3PeqQtpmTkMwsW5nRI3YaLpt7tQ7oU= github.com/opencontainers/selinux v1.11.0/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M586T4DlDRYpFkyec= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= diff --git a/vendor/github.com/opencontainers/runtime-spec/specs-go/features/features.go b/vendor/github.com/opencontainers/runtime-spec/specs-go/features/features.go index 230e88f568e..39009c79d2c 100644 --- a/vendor/github.com/opencontainers/runtime-spec/specs-go/features/features.go +++ b/vendor/github.com/opencontainers/runtime-spec/specs-go/features/features.go @@ -36,11 +36,12 @@ type Linux struct { // Nil value means "unknown", not "no support for any capability". Capabilities []string `json:"capabilities,omitempty"` - Cgroup *Cgroup `json:"cgroup,omitempty"` - Seccomp *Seccomp `json:"seccomp,omitempty"` - Apparmor *Apparmor `json:"apparmor,omitempty"` - Selinux *Selinux `json:"selinux,omitempty"` - IntelRdt *IntelRdt `json:"intelRdt,omitempty"` + Cgroup *Cgroup `json:"cgroup,omitempty"` + Seccomp *Seccomp `json:"seccomp,omitempty"` + Apparmor *Apparmor `json:"apparmor,omitempty"` + Selinux *Selinux `json:"selinux,omitempty"` + IntelRdt *IntelRdt `json:"intelRdt,omitempty"` + MountExtensions *MountExtensions `json:"mountExtensions,omitempty"` } // Cgroup represents the "cgroup" field. @@ -123,3 +124,16 @@ type IntelRdt struct { // Nil value means "unknown", not "false". Enabled *bool `json:"enabled,omitempty"` } + +// MountExtensions represents the "mountExtensions" field. +type MountExtensions struct { + // IDMap represents the status of idmap mounts support. + IDMap *IDMap `json:"idmap,omitempty"` +} + +type IDMap struct { + // Enabled represents whether idmap mounts supports is compiled in. + // Unrelated to whether the host supports it or not. + // Nil value means "unknown", not "false". + Enabled *bool `json:"enabled,omitempty"` +} diff --git a/vendor/github.com/opencontainers/runtime-spec/specs-go/version.go b/vendor/github.com/opencontainers/runtime-spec/specs-go/version.go index b3fca349cb9..35358c2c5b2 100644 --- a/vendor/github.com/opencontainers/runtime-spec/specs-go/version.go +++ b/vendor/github.com/opencontainers/runtime-spec/specs-go/version.go @@ -11,7 +11,7 @@ const ( VersionPatch = 0 // VersionDev indicates development branch. Releases will be empty string. - VersionDev = "" + VersionDev = "+dev" ) // Version is the specification version that the package types support. diff --git a/vendor/modules.txt b/vendor/modules.txt index 40f644d8efc..0ad9ccca49a 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -38,7 +38,7 @@ github.com/moby/sys/mountinfo # github.com/mrunalp/fileutils v0.5.0 ## explicit; go 1.13 github.com/mrunalp/fileutils -# github.com/opencontainers/runtime-spec v1.1.0 +# github.com/opencontainers/runtime-spec v1.1.1-0.20230823135140-4fec88fd00a4 ## explicit github.com/opencontainers/runtime-spec/specs-go github.com/opencontainers/runtime-spec/specs-go/features From cc7e607a49648d4c9e32ccbc665aa7333a3ac0c6 Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Wed, 23 Aug 2023 16:09:36 +0200 Subject: [PATCH 0356/1176] features: Expose idmap support Signed-off-by: Rodrigo Campos --- features.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/features.go b/features.go index d3ffda349bd..81cd149ac73 100644 --- a/features.go +++ b/features.go @@ -58,6 +58,11 @@ var featuresCommand = cli.Command{ IntelRdt: &features.IntelRdt{ Enabled: &tru, }, + MountExtensions: &features.MountExtensions{ + IDMap: &features.IDMap{ + Enabled: &tru, + }, + }, }, } From b3e972141fbf068f66786b1a49026f86e74df859 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 24 Aug 2023 17:19:03 -0700 Subject: [PATCH 0357/1176] Add issue reference to nolint annotation Usually errorlint allows io.EOF comparison (based on a whitelist of functions that can return bare io.EOF), thus there is no need for nolint annotation. In this very case, though, the need for nolint is caused by issue with errorlint, which fails to see where err is coming from. Refer to the issue so when it is fixed we can remove the annotation. Signed-off-by: Kir Kolyshkin --- notify_socket.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/notify_socket.go b/notify_socket.go index 559340e5696..34c31cc3ffb 100644 --- a/notify_socket.go +++ b/notify_socket.go @@ -215,7 +215,7 @@ func sdNotifyBarrier(client *net.UnixConn) error { // Probably the other end doesn't support the sd_notify_barrier protocol. logrus.Warn("Timeout after waiting 30s for barrier. Ignored.") return nil - } else if err == io.EOF { //nolint:errorlint // comparison with io.EOF is legit. + } else if err == io.EOF { //nolint:errorlint // https://github.com/polyfloyd/go-errorlint/issues/49 return nil } else { return err From 17e7e230bd52b6f6c0167be8aedb940ac7160820 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 24 Aug 2023 17:22:23 -0700 Subject: [PATCH 0358/1176] ci/gha: bump golangci-lint to v1.54 Currently, it is at v1.54.2. Signed-off-by: Kir Kolyshkin --- .github/workflows/validate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index f3b9e676585..4082258ebb4 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -40,7 +40,7 @@ jobs: sudo apt -q install libseccomp-dev - uses: golangci/golangci-lint-action@v3 with: - version: v1.53 + version: v1.54 # Extra linters, only checking new code from a pull request. - name: lint-extra if: github.event_name == 'pull_request' From f62f0bdfbf450b942491de02d8f223cdee79e0cb Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 24 Aug 2023 17:27:14 -0700 Subject: [PATCH 0359/1176] Remove nolint annotations for unix errno comparisons golangci-lint v1.54.2 comes with errorlint v1.4.4, which contains the fix [1] whitelisting all errno comparisons for errors coming from x/sys/unix. Thus, these annotations are no longer necessary. Hooray! [1] https://github.com/polyfloyd/go-errorlint/pull/47 Signed-off-by: Kir Kolyshkin --- libcontainer/cgroups/file.go | 2 +- libcontainer/cgroups/fs/cpuset.go | 2 +- libcontainer/cgroups/utils.go | 2 +- libcontainer/criu_linux.go | 2 +- libcontainer/init_linux.go | 2 +- libcontainer/specconv/spec_linux.go | 1 - libcontainer/system/linux.go | 2 +- signals.go | 2 +- 8 files changed, 7 insertions(+), 8 deletions(-) diff --git a/libcontainer/cgroups/file.go b/libcontainer/cgroups/file.go index 0cdaf747849..048a0ca4bef 100644 --- a/libcontainer/cgroups/file.go +++ b/libcontainer/cgroups/file.go @@ -89,7 +89,7 @@ func prepareOpenat2() error { }) if err != nil { prepErr = &os.PathError{Op: "openat2", Path: cgroupfsDir, Err: err} - if err != unix.ENOSYS { //nolint:errorlint // unix errors are bare + if err != unix.ENOSYS { logrus.Warnf("falling back to securejoin: %s", prepErr) } else { logrus.Debug("openat2 not available, falling back to securejoin") diff --git a/libcontainer/cgroups/fs/cpuset.go b/libcontainer/cgroups/fs/cpuset.go index 550baa42756..fe01ba98408 100644 --- a/libcontainer/cgroups/fs/cpuset.go +++ b/libcontainer/cgroups/fs/cpuset.go @@ -195,7 +195,7 @@ func cpusetEnsureParent(current string) error { } // Treat non-existing directory as cgroupfs as it will be created, // and the root cpuset directory obviously exists. - if err != nil && err != unix.ENOENT { //nolint:errorlint // unix errors are bare + if err != nil && err != unix.ENOENT { return &os.PathError{Op: "statfs", Path: parent, Err: err} } diff --git a/libcontainer/cgroups/utils.go b/libcontainer/cgroups/utils.go index 27c18b697f6..965c607c682 100644 --- a/libcontainer/cgroups/utils.go +++ b/libcontainer/cgroups/utils.go @@ -219,7 +219,7 @@ func PathExists(path string) bool { func rmdir(path string) error { err := unix.Rmdir(path) - if err == nil || err == unix.ENOENT { //nolint:errorlint // unix errors are bare + if err == nil || err == unix.ENOENT { return nil } return &os.PathError{Op: "rmdir", Path: path, Err: err} diff --git a/libcontainer/criu_linux.go b/libcontainer/criu_linux.go index ec6228399d8..9750ceaa36c 100644 --- a/libcontainer/criu_linux.go +++ b/libcontainer/criu_linux.go @@ -593,7 +593,7 @@ func (c *Container) prepareCriuRestoreMounts(mounts []*configs.Mount) error { for _, u := range umounts { _ = utils.WithProcfd(c.config.Rootfs, u, func(procfd string) error { if e := unix.Unmount(procfd, unix.MNT_DETACH); e != nil { - if e != unix.EINVAL { //nolint:errorlint // unix errors are bare + if e != unix.EINVAL { // Ignore EINVAL as it means 'target is not a mount point.' // It probably has already been unmounted. logrus.Warnf("Error during cleanup unmounting of %s (%s): %v", procfd, u, e) diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go index 7b6c8113b6c..30152696f72 100644 --- a/libcontainer/init_linux.go +++ b/libcontainer/init_linux.go @@ -642,7 +642,7 @@ func signalAllProcesses(m cgroups.Manager, s unix.Signal) error { } for _, pid := range pids { err := unix.Kill(pid, s) - if err != nil && err != unix.ESRCH { //nolint:errorlint // unix errors are bare + if err != nil && err != unix.ESRCH { logrus.Warnf("kill %d: %v", pid, err) } } diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go index 5ccaf356efb..88f9c6777ef 100644 --- a/libcontainer/specconv/spec_linux.go +++ b/libcontainer/specconv/spec_linux.go @@ -322,7 +322,6 @@ type CreateOpts struct { func getwd() (wd string, err error) { for { wd, err = unix.Getwd() - //nolint:errorlint // unix errors are bare if err != unix.EINTR { break } diff --git a/libcontainer/system/linux.go b/libcontainer/system/linux.go index e1d6eb18034..d2ad5cea229 100644 --- a/libcontainer/system/linux.go +++ b/libcontainer/system/linux.go @@ -43,7 +43,7 @@ func Execv(cmd string, args []string, env []string) error { func Exec(cmd string, args []string, env []string) error { for { err := unix.Exec(cmd, args, env) - if err != unix.EINTR { //nolint:errorlint // unix errors are bare + if err != unix.EINTR { return &os.PathError{Op: "exec", Path: cmd, Err: err} } } diff --git a/signals.go b/signals.go index cec4cb54a3c..e0bc7c61cab 100644 --- a/signals.go +++ b/signals.go @@ -124,7 +124,7 @@ func (h *signalHandler) reap() (exits []exit, err error) { for { pid, err := unix.Wait4(-1, &ws, unix.WNOHANG, &rus) if err != nil { - if err == unix.ECHILD { //nolint:errorlint // unix errors are bare + if err == unix.ECHILD { return exits, nil } return nil, err From 6a4870e4ac400ad5dce236fc3baef43b5ea5691f Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 15 May 2023 14:36:44 -0700 Subject: [PATCH 0360/1176] libct: better errors for hooks When a hook has failed, the error message looks like this: > error running hook: error running hook #1: exit status 1, stdout: ... The two problems here are: 1. it is impossible to know what kind of hook it was; 2. "error running hook" stuttering; Change that to > error running createContainer hook #1: exit status 1, stdout: ... Signed-off-by: Kir Kolyshkin --- libcontainer/configs/config.go | 15 ++++++++++++++- libcontainer/container_linux.go | 2 +- libcontainer/criu_linux.go | 4 ++-- libcontainer/process_linux.go | 8 ++++---- libcontainer/rootfs_linux.go | 2 +- libcontainer/standard_init_linux.go | 2 +- libcontainer/state_linux.go | 6 +----- tests/integration/seccomp.bats | 2 +- 8 files changed, 25 insertions(+), 16 deletions(-) diff --git a/libcontainer/configs/config.go b/libcontainer/configs/config.go index ea33b110a67..19541293b6f 100644 --- a/libcontainer/configs/config.go +++ b/libcontainer/configs/config.go @@ -285,6 +285,7 @@ type Capabilities struct { Ambient []string } +// Deprecated: use (Hooks).Run instead. func (hooks HookList) RunHooks(state *specs.State) error { for i, h := range hooks { if err := h.Run(state); err != nil { @@ -341,6 +342,18 @@ func (hooks *Hooks) MarshalJSON() ([]byte, error) { }) } +// Run executes all hooks for the given hook name. +func (hooks Hooks) Run(name HookName, state *specs.State) error { + list := hooks[name] + for i, h := range list { + if err := h.Run(state); err != nil { + return fmt.Errorf("error running %s hook #%d: %w", name, i, err) + } + } + + return nil +} + type Hook interface { // Run executes the hook with the provided state. Run(*specs.State) error @@ -401,7 +414,7 @@ func (c Command) Run(s *specs.State) error { go func() { err := cmd.Wait() if err != nil { - err = fmt.Errorf("error running hook: %w, stdout: %s, stderr: %s", err, stdout.String(), stderr.String()) + err = fmt.Errorf("%w, stdout: %s, stderr: %s", err, stdout.String(), stderr.String()) } errC <- err }() diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index 1a2a6fe37ac..c941239b841 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -341,7 +341,7 @@ func (c *Container) start(process *Process) (retErr error) { return err } - if err := c.config.Hooks[configs.Poststart].RunHooks(s); err != nil { + if err := c.config.Hooks.Run(configs.Poststart, s); err != nil { if err := ignoreTerminateErrors(parent.terminate()); err != nil { logrus.Warn(fmt.Errorf("error running poststart hook: %w", err)) } diff --git a/libcontainer/criu_linux.go b/libcontainer/criu_linux.go index ec6228399d8..6dc729c9b6d 100644 --- a/libcontainer/criu_linux.go +++ b/libcontainer/criu_linux.go @@ -1134,10 +1134,10 @@ func (c *Container) criuNotifications(resp *criurpc.CriuResp, process *Process, } s.Pid = int(notify.GetPid()) - if err := c.config.Hooks[configs.Prestart].RunHooks(s); err != nil { + if err := c.config.Hooks.Run(configs.Prestart, s); err != nil { return err } - if err := c.config.Hooks[configs.CreateRuntime].RunHooks(s); err != nil { + if err := c.config.Hooks.Run(configs.CreateRuntime, s); err != nil { return err } } diff --git a/libcontainer/process_linux.go b/libcontainer/process_linux.go index 7f78f730257..c83d41cefc1 100644 --- a/libcontainer/process_linux.go +++ b/libcontainer/process_linux.go @@ -536,10 +536,10 @@ func (p *initProcess) start() (retErr error) { s.Status = specs.StateCreating hooks := p.config.Config.Hooks - if err := hooks[configs.Prestart].RunHooks(s); err != nil { + if err := hooks.Run(configs.Prestart, s); err != nil { return err } - if err := hooks[configs.CreateRuntime].RunHooks(s); err != nil { + if err := hooks.Run(configs.CreateRuntime, s); err != nil { return err } } @@ -590,10 +590,10 @@ func (p *initProcess) start() (retErr error) { s.Status = specs.StateCreating hooks := p.config.Config.Hooks - if err := hooks[configs.Prestart].RunHooks(s); err != nil { + if err := hooks.Run(configs.Prestart, s); err != nil { return err } - if err := hooks[configs.CreateRuntime].RunHooks(s); err != nil { + if err := hooks.Run(configs.CreateRuntime, s); err != nil { return err } } diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index 4212b33a314..88ecb287c11 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -143,7 +143,7 @@ func prepareRootfs(pipe *os.File, iConfig *initConfig, mountFds mountFds) (err e s := iConfig.SpecState s.Pid = unix.Getpid() s.Status = specs.StateCreating - if err := iConfig.Config.Hooks[configs.CreateContainer].RunHooks(s); err != nil { + if err := iConfig.Config.Hooks.Run(configs.CreateContainer, s); err != nil { return err } diff --git a/libcontainer/standard_init_linux.go b/libcontainer/standard_init_linux.go index f3d04282362..c64173ecfc3 100644 --- a/libcontainer/standard_init_linux.go +++ b/libcontainer/standard_init_linux.go @@ -258,7 +258,7 @@ func (l *linuxStandardInit) Init() error { s := l.config.SpecState s.Pid = unix.Getpid() s.Status = specs.StateCreated - if err := l.config.Config.Hooks[configs.StartContainer].RunHooks(s); err != nil { + if err := l.config.Config.Hooks.Run(configs.StartContainer, s); err != nil { return err } diff --git a/libcontainer/state_linux.go b/libcontainer/state_linux.go index 442d0baaf5b..8d8f31d3678 100644 --- a/libcontainer/state_linux.go +++ b/libcontainer/state_linux.go @@ -64,11 +64,7 @@ func runPoststopHooks(c *Container) error { } s.Status = specs.StateStopped - if err := hooks[configs.Poststop].RunHooks(s); err != nil { - return err - } - - return nil + return hooks.Run(configs.Poststop, s) } // stoppedState represents a container is a stopped/destroyed state. diff --git a/tests/integration/seccomp.bats b/tests/integration/seccomp.bats index 897c7ca8357..748dbd2bfca 100644 --- a/tests/integration/seccomp.bats +++ b/tests/integration/seccomp.bats @@ -182,6 +182,6 @@ function flags_value() { runc run test_busybox [ "$status" -ne 0 ] - [[ "$output" == *"error running hook"* ]] + [[ "$output" == *"error running startContainer hook"* ]] [[ "$output" == *"bad system call"* ]] } From cadf0a14ae27f91ab02d01ec0721ce0d76700799 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 10 Aug 2023 18:15:14 -0700 Subject: [PATCH 0361/1176] tests/int: rename hooks.bats to hooks_so.bats This file contains a test that tests .so hooks. It has a complicated setup and teardown, and has special requirements (root and no_systemd). Rename it to hooks_so.bats, so we can add hooks.bats for hooks tests that do not have such complicated setup and requirements. Signed-off-by: Kir Kolyshkin --- tests/integration/{hooks.bats => hooks_so.bats} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename tests/integration/{hooks.bats => hooks_so.bats} (100%) diff --git a/tests/integration/hooks.bats b/tests/integration/hooks_so.bats similarity index 100% rename from tests/integration/hooks.bats rename to tests/integration/hooks_so.bats From 0f3eeb9badc92b081ac6d9881dba8d1bdbd36b77 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 15 May 2023 15:01:33 -0700 Subject: [PATCH 0362/1176] tests/int: add failed hooks tests To ensure that if a hook has failed, the container won't be started. Signed-off-by: Kir Kolyshkin --- tests/integration/hooks.bats | 44 ++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 tests/integration/hooks.bats diff --git a/tests/integration/hooks.bats b/tests/integration/hooks.bats new file mode 100644 index 00000000000..099337a2b2c --- /dev/null +++ b/tests/integration/hooks.bats @@ -0,0 +1,44 @@ +#!/usr/bin/env bats + +load helpers + +function setup() { + setup_busybox +} + +function teardown() { + teardown_bundle +} + +@test "runc create [second createRuntime hook fails]" { + update_config '.hooks |= {"createRuntime": [{"path": "/bin/true"}, {"path": "/bin/false"}]}' + + runc create --console-socket "$CONSOLE_SOCKET" test_hooks + [ "$status" -ne 0 ] + [[ "$output" == *"error running createRuntime hook #1:"* ]] +} + +@test "runc create [hook fails]" { + for hook in prestart createRuntime createContainer; do + echo "testing hook $hook" + # shellcheck disable=SC2016 + update_config '.hooks |= {"'$hook'": [{"path": "/bin/true"}, {"path": "/bin/false"}]}' + runc create --console-socket "$CONSOLE_SOCKET" test_hooks + [ "$status" -ne 0 ] + [[ "$output" == *"error running $hook hook #1:"* ]] + done +} + +@test "runc run [hook fails]" { + update_config '.process.args = ["/bin/echo", "Hello World"]' + # All hooks except Poststop. + for hook in prestart createRuntime createContainer startContainer poststart; do + echo "testing hook $hook" + # shellcheck disable=SC2016 + update_config '.hooks |= {"'$hook'": [{"path": "/bin/true"}, {"path": "/bin/false"}]}' + runc run "test_hook-$hook" + [[ "$output" != "Hello World" ]] + [ "$status" -ne 0 ] + [[ "$output" == *"error running $hook hook #1:"* ]] + done +} From fe6f33b2c0e298554ea620db7bf7f20e6da2e3e9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 28 Aug 2023 04:21:42 +0000 Subject: [PATCH 0363/1176] build(deps): bump tim-actions/commit-message-checker-with-regex Bumps [tim-actions/commit-message-checker-with-regex](https://github.com/tim-actions/commit-message-checker-with-regex) from 0.3.1 to 0.3.2. - [Release notes](https://github.com/tim-actions/commit-message-checker-with-regex/releases) - [Commits](https://github.com/tim-actions/commit-message-checker-with-regex/compare/v0.3.1...v0.3.2) --- updated-dependencies: - dependency-name: tim-actions/commit-message-checker-with-regex dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/validate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 4082258ebb4..e14e713a8d2 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -136,7 +136,7 @@ jobs: token: ${{ secrets.GITHUB_TOKEN }} - name: check subject line length - uses: tim-actions/commit-message-checker-with-regex@v0.3.1 + uses: tim-actions/commit-message-checker-with-regex@v0.3.2 with: commits: ${{ steps.get-pr-commits.outputs.commits }} pattern: '^.{0,72}(\n.*)*$' From 41778ddc2cda81b45e3ade976a1cb66a976b163d Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 25 Aug 2023 18:58:01 -0700 Subject: [PATCH 0364/1176] Fix for host mount ns containers If the container does not have own mount namespace configured (i.e. it shares the mount namespace with the host), its "prestart" (obsoleted) and "createRuntime" hooks are called twice, and its cgroups and Intel RDT settings are also applied twice. The code being removed was originally added by commit 2f2764984 ("Move pre-start hooks after container mounts", Feb 17 2016). At that time, the syncParentHooks() was called from setupRootfs(), which was only used when the container config has mount namespace (NEWNS) enabled. Later, commit 244c9fc426a ("*: console rewrite", Jun 4 2016) spli the relevant part of setupRootfs() into prepareRootfs(). It was still called conditionally (only if mount namespace was enabled). Finally, commit 91ca331474b6b ("chroot when no mount namespaces is provided", Jan 25 2018) removed the above condition, meaning prepareRootfs(), and thus syncParentHooks(), is now called for any container. Meaning, the special case for when mount namespace is not enabled is no longer needed. Remove it. Signed-off-by: Kir Kolyshkin --- libcontainer/process_linux.go | 30 ------------------------------ 1 file changed, 30 deletions(-) diff --git a/libcontainer/process_linux.go b/libcontainer/process_linux.go index c83d41cefc1..8785d65700f 100644 --- a/libcontainer/process_linux.go +++ b/libcontainer/process_linux.go @@ -514,36 +514,6 @@ func (p *initProcess) start() (retErr error) { if err := setupRlimits(p.config.Rlimits, p.pid()); err != nil { return fmt.Errorf("error setting rlimits for ready process: %w", err) } - // call prestart and CreateRuntime hooks - if !p.config.Config.Namespaces.Contains(configs.NEWNS) { - // Setup cgroup before the hook, so that the prestart and CreateRuntime hook could apply cgroup permissions. - if err := p.manager.Set(p.config.Config.Cgroups.Resources); err != nil { - return fmt.Errorf("error setting cgroup config for ready process: %w", err) - } - if p.intelRdtManager != nil { - if err := p.intelRdtManager.Set(p.config.Config); err != nil { - return fmt.Errorf("error setting Intel RDT config for ready process: %w", err) - } - } - - if len(p.config.Config.Hooks) != 0 { - s, err := p.container.currentOCIState() - if err != nil { - return err - } - // initProcessStartTime hasn't been set yet. - s.Pid = p.cmd.Process.Pid - s.Status = specs.StateCreating - hooks := p.config.Config.Hooks - - if err := hooks.Run(configs.Prestart, s); err != nil { - return err - } - if err := hooks.Run(configs.CreateRuntime, s); err != nil { - return err - } - } - } // generate a timestamp indicating when the container was started p.container.created = time.Now().UTC() From e8525238853035464c6393d3e681d31fe55434f9 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 25 Aug 2023 20:06:20 -0700 Subject: [PATCH 0365/1176] tests/int: add a test for host mntns vs hooks Signed-off-by: Kir Kolyshkin --- tests/integration/host-mntns.bats | 33 +++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 tests/integration/host-mntns.bats diff --git a/tests/integration/host-mntns.bats b/tests/integration/host-mntns.bats new file mode 100644 index 00000000000..7907a5b9e47 --- /dev/null +++ b/tests/integration/host-mntns.bats @@ -0,0 +1,33 @@ +#!/usr/bin/env bats + +load helpers + +function setup() { + requires root + setup_busybox +} + +function teardown() { + [ ! -v ROOT ] && return 0 # nothing to teardown + + # XXX runc does not unmount a container which + # shares mount namespace with the host. + umount -R --lazy "$ROOT"/bundle/rootfs + + teardown_bundle +} + +@test "runc run [host mount ns + hooks]" { + update_config ' .process.args = ["/bin/echo", "Hello World"] + | .hooks |= . + {"createRuntime": [{"path": "/bin/sh", "args": ["/bin/sh", "-c", "touch createRuntimeHook.$$"]}]} + | .linux.namespaces -= [{"type": "mount"}] + | .linux.maskedPaths = [] + | .linux.readonlyPaths = []' + runc run test_host_mntns + [ "$status" -eq 0 ] + runc delete -f test_host_mntns + + # There should be one such file. + run -0 ls createRuntimeHook.* + [ "$(echo "$output" | wc -w)" -eq 1 ] +} From 937ca107c3d22da77eb8e8030f2342253b980980 Mon Sep 17 00:00:00 2001 From: "hang.jiang" Date: Fri, 1 Sep 2023 16:17:13 +0800 Subject: [PATCH 0366/1176] Fix File to Close Signed-off-by: hang.jiang --- libcontainer/cgroups/fs/paths.go | 1 + update.go | 1 + 2 files changed, 2 insertions(+) diff --git a/libcontainer/cgroups/fs/paths.go b/libcontainer/cgroups/fs/paths.go index c5d234acf1a..5f119bac31b 100644 --- a/libcontainer/cgroups/fs/paths.go +++ b/libcontainer/cgroups/fs/paths.go @@ -83,6 +83,7 @@ func tryDefaultCgroupRoot() string { if err != nil { return "" } + defer dir.Close() names, err := dir.Readdirnames(1) if err != nil { return "" diff --git a/update.go b/update.go index 425ce135397..e5de1a77f57 100644 --- a/update.go +++ b/update.go @@ -182,6 +182,7 @@ other options are ignored. if err != nil { return err } + defer f.Close() } err = json.NewDecoder(f).Decode(&r) if err != nil { From 5f05b96ead1d3e8b5709459d2ce5bc4eae1f7bde Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 Sep 2023 04:09:40 +0000 Subject: [PATCH 0367/1176] build(deps): bump golang.org/x/sys from 0.11.0 to 0.12.0 Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.11.0 to 0.12.0. - [Commits](https://github.com/golang/sys/compare/v0.11.0...v0.12.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 +-- vendor/golang.org/x/sys/unix/mkerrors.sh | 1 + vendor/golang.org/x/sys/unix/syscall_linux.go | 23 ++++++++++++++++ vendor/golang.org/x/sys/unix/syscall_unix.go | 3 +++ vendor/golang.org/x/sys/unix/zerrors_linux.go | 17 ++++++++++++ .../golang.org/x/sys/unix/zsyscall_linux.go | 20 ++++++++++++++ vendor/golang.org/x/sys/unix/ztypes_linux.go | 15 +++++++++++ .../x/sys/windows/syscall_windows.go | 11 +++++++- .../x/sys/windows/zsyscall_windows.go | 26 +++++++++++++++---- vendor/modules.txt | 2 +- 11 files changed, 114 insertions(+), 10 deletions(-) diff --git a/go.mod b/go.mod index cf33bbe284d..abbe4d4bda9 100644 --- a/go.mod +++ b/go.mod @@ -20,7 +20,7 @@ require ( github.com/urfave/cli v1.22.12 github.com/vishvananda/netlink v1.1.0 golang.org/x/net v0.14.0 - golang.org/x/sys v0.11.0 + golang.org/x/sys v0.12.0 google.golang.org/protobuf v1.31.0 ) diff --git a/go.sum b/go.sum index cc133684550..96c2a345797 100644 --- a/go.sum +++ b/go.sum @@ -69,8 +69,8 @@ golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.11.0 h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM= -golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.12.0 h1:CM0HF96J0hcLAwsHPJZjfdNzs0gftsLfgKt57wWHJ0o= +golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= diff --git a/vendor/golang.org/x/sys/unix/mkerrors.sh b/vendor/golang.org/x/sys/unix/mkerrors.sh index 8f775fafa69..47fa6a7ebd4 100644 --- a/vendor/golang.org/x/sys/unix/mkerrors.sh +++ b/vendor/golang.org/x/sys/unix/mkerrors.sh @@ -583,6 +583,7 @@ ccflags="$@" $2 ~ /^PERF_/ || $2 ~ /^SECCOMP_MODE_/ || $2 ~ /^SEEK_/ || + $2 ~ /^SCHED_/ || $2 ~ /^SPLICE_/ || $2 ~ /^SYNC_FILE_RANGE_/ || $2 !~ /IOC_MAGIC/ && diff --git a/vendor/golang.org/x/sys/unix/syscall_linux.go b/vendor/golang.org/x/sys/unix/syscall_linux.go index a730878e493..0ba030197f2 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux.go @@ -2471,6 +2471,29 @@ func Pselect(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timespec, sigmask * return pselect6(nfd, r, w, e, mutableTimeout, kernelMask) } +//sys schedSetattr(pid int, attr *SchedAttr, flags uint) (err error) +//sys schedGetattr(pid int, attr *SchedAttr, size uint, flags uint) (err error) + +// SchedSetAttr is a wrapper for sched_setattr(2) syscall. +// https://man7.org/linux/man-pages/man2/sched_setattr.2.html +func SchedSetAttr(pid int, attr *SchedAttr, flags uint) error { + if attr == nil { + return EINVAL + } + attr.Size = SizeofSchedAttr + return schedSetattr(pid, attr, flags) +} + +// SchedGetAttr is a wrapper for sched_getattr(2) syscall. +// https://man7.org/linux/man-pages/man2/sched_getattr.2.html +func SchedGetAttr(pid int, flags uint) (*SchedAttr, error) { + attr := &SchedAttr{} + if err := schedGetattr(pid, attr, SizeofSchedAttr, flags); err != nil { + return nil, err + } + return attr, nil +} + /* * Unimplemented */ diff --git a/vendor/golang.org/x/sys/unix/syscall_unix.go b/vendor/golang.org/x/sys/unix/syscall_unix.go index 8bb30e7ce3f..f6eda27050d 100644 --- a/vendor/golang.org/x/sys/unix/syscall_unix.go +++ b/vendor/golang.org/x/sys/unix/syscall_unix.go @@ -549,6 +549,9 @@ func SetNonblock(fd int, nonblocking bool) (err error) { if err != nil { return err } + if (flag&O_NONBLOCK != 0) == nonblocking { + return nil + } if nonblocking { flag |= O_NONBLOCK } else { diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux.go b/vendor/golang.org/x/sys/unix/zerrors_linux.go index 3784f402e55..0787a043be1 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux.go @@ -2821,6 +2821,23 @@ const ( RWF_SUPPORTED = 0x1f RWF_SYNC = 0x4 RWF_WRITE_LIFE_NOT_SET = 0x0 + SCHED_BATCH = 0x3 + SCHED_DEADLINE = 0x6 + SCHED_FIFO = 0x1 + SCHED_FLAG_ALL = 0x7f + SCHED_FLAG_DL_OVERRUN = 0x4 + SCHED_FLAG_KEEP_ALL = 0x18 + SCHED_FLAG_KEEP_PARAMS = 0x10 + SCHED_FLAG_KEEP_POLICY = 0x8 + SCHED_FLAG_RECLAIM = 0x2 + SCHED_FLAG_RESET_ON_FORK = 0x1 + SCHED_FLAG_UTIL_CLAMP = 0x60 + SCHED_FLAG_UTIL_CLAMP_MAX = 0x40 + SCHED_FLAG_UTIL_CLAMP_MIN = 0x20 + SCHED_IDLE = 0x5 + SCHED_NORMAL = 0x0 + SCHED_RESET_ON_FORK = 0x40000000 + SCHED_RR = 0x2 SCM_CREDENTIALS = 0x2 SCM_RIGHTS = 0x1 SCM_TIMESTAMP = 0x1d diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux.go b/vendor/golang.org/x/sys/unix/zsyscall_linux.go index a07321bed9b..14ab34a5651 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux.go @@ -2197,3 +2197,23 @@ func getresgid(rgid *_C_int, egid *_C_int, sgid *_C_int) { RawSyscallNoError(SYS_GETRESGID, uintptr(unsafe.Pointer(rgid)), uintptr(unsafe.Pointer(egid)), uintptr(unsafe.Pointer(sgid))) return } + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func schedSetattr(pid int, attr *SchedAttr, flags uint) (err error) { + _, _, e1 := Syscall(SYS_SCHED_SETATTR, uintptr(pid), uintptr(unsafe.Pointer(attr)), uintptr(flags)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func schedGetattr(pid int, attr *SchedAttr, size uint, flags uint) (err error) { + _, _, e1 := Syscall6(SYS_SCHED_GETATTR, uintptr(pid), uintptr(unsafe.Pointer(attr)), uintptr(size), uintptr(flags), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux.go b/vendor/golang.org/x/sys/unix/ztypes_linux.go index 26ef52aafc2..494493c78c9 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux.go @@ -5868,3 +5868,18 @@ const ( VIRTIO_NET_HDR_GSO_UDP_L4 = 0x5 VIRTIO_NET_HDR_GSO_ECN = 0x80 ) + +type SchedAttr struct { + Size uint32 + Policy uint32 + Flags uint64 + Nice int32 + Priority uint32 + Runtime uint64 + Deadline uint64 + Period uint64 + Util_min uint32 + Util_max uint32 +} + +const SizeofSchedAttr = 0x38 diff --git a/vendor/golang.org/x/sys/windows/syscall_windows.go b/vendor/golang.org/x/sys/windows/syscall_windows.go index 373d16388a1..67bad0926ae 100644 --- a/vendor/golang.org/x/sys/windows/syscall_windows.go +++ b/vendor/golang.org/x/sys/windows/syscall_windows.go @@ -216,7 +216,7 @@ func NewCallbackCDecl(fn interface{}) uintptr { //sys shGetKnownFolderPath(id *KNOWNFOLDERID, flags uint32, token Token, path **uint16) (ret error) = shell32.SHGetKnownFolderPath //sys TerminateProcess(handle Handle, exitcode uint32) (err error) //sys GetExitCodeProcess(handle Handle, exitcode *uint32) (err error) -//sys GetStartupInfo(startupInfo *StartupInfo) (err error) = GetStartupInfoW +//sys getStartupInfo(startupInfo *StartupInfo) = GetStartupInfoW //sys GetProcessTimes(handle Handle, creationTime *Filetime, exitTime *Filetime, kernelTime *Filetime, userTime *Filetime) (err error) //sys DuplicateHandle(hSourceProcessHandle Handle, hSourceHandle Handle, hTargetProcessHandle Handle, lpTargetHandle *Handle, dwDesiredAccess uint32, bInheritHandle bool, dwOptions uint32) (err error) //sys WaitForSingleObject(handle Handle, waitMilliseconds uint32) (event uint32, err error) [failretval==0xffffffff] @@ -437,6 +437,10 @@ func NewCallbackCDecl(fn interface{}) uintptr { //sys DwmGetWindowAttribute(hwnd HWND, attribute uint32, value unsafe.Pointer, size uint32) (ret error) = dwmapi.DwmGetWindowAttribute //sys DwmSetWindowAttribute(hwnd HWND, attribute uint32, value unsafe.Pointer, size uint32) (ret error) = dwmapi.DwmSetWindowAttribute +// Windows Multimedia API +//sys TimeBeginPeriod (period uint32) (err error) [failretval != 0] = winmm.timeBeginPeriod +//sys TimeEndPeriod (period uint32) (err error) [failretval != 0] = winmm.timeEndPeriod + // syscall interface implementation for other packages // GetCurrentProcess returns the handle for the current process. @@ -1624,6 +1628,11 @@ func SetConsoleCursorPosition(console Handle, position Coord) error { return setConsoleCursorPosition(console, *((*uint32)(unsafe.Pointer(&position)))) } +func GetStartupInfo(startupInfo *StartupInfo) error { + getStartupInfo(startupInfo) + return nil +} + func (s NTStatus) Errno() syscall.Errno { return rtlNtStatusToDosErrorNoTeb(s) } diff --git a/vendor/golang.org/x/sys/windows/zsyscall_windows.go b/vendor/golang.org/x/sys/windows/zsyscall_windows.go index 566dd3e315f..5c385580f68 100644 --- a/vendor/golang.org/x/sys/windows/zsyscall_windows.go +++ b/vendor/golang.org/x/sys/windows/zsyscall_windows.go @@ -55,6 +55,7 @@ var ( moduser32 = NewLazySystemDLL("user32.dll") moduserenv = NewLazySystemDLL("userenv.dll") modversion = NewLazySystemDLL("version.dll") + modwinmm = NewLazySystemDLL("winmm.dll") modwintrust = NewLazySystemDLL("wintrust.dll") modws2_32 = NewLazySystemDLL("ws2_32.dll") modwtsapi32 = NewLazySystemDLL("wtsapi32.dll") @@ -468,6 +469,8 @@ var ( procGetFileVersionInfoSizeW = modversion.NewProc("GetFileVersionInfoSizeW") procGetFileVersionInfoW = modversion.NewProc("GetFileVersionInfoW") procVerQueryValueW = modversion.NewProc("VerQueryValueW") + proctimeBeginPeriod = modwinmm.NewProc("timeBeginPeriod") + proctimeEndPeriod = modwinmm.NewProc("timeEndPeriod") procWinVerifyTrustEx = modwintrust.NewProc("WinVerifyTrustEx") procFreeAddrInfoW = modws2_32.NewProc("FreeAddrInfoW") procGetAddrInfoW = modws2_32.NewProc("GetAddrInfoW") @@ -2367,11 +2370,8 @@ func GetShortPathName(longpath *uint16, shortpath *uint16, buflen uint32) (n uin return } -func GetStartupInfo(startupInfo *StartupInfo) (err error) { - r1, _, e1 := syscall.Syscall(procGetStartupInfoW.Addr(), 1, uintptr(unsafe.Pointer(startupInfo)), 0, 0) - if r1 == 0 { - err = errnoErr(e1) - } +func getStartupInfo(startupInfo *StartupInfo) { + syscall.Syscall(procGetStartupInfoW.Addr(), 1, uintptr(unsafe.Pointer(startupInfo)), 0, 0) return } @@ -4017,6 +4017,22 @@ func _VerQueryValue(block unsafe.Pointer, subBlock *uint16, pointerToBufferPoint return } +func TimeBeginPeriod(period uint32) (err error) { + r1, _, e1 := syscall.Syscall(proctimeBeginPeriod.Addr(), 1, uintptr(period), 0, 0) + if r1 != 0 { + err = errnoErr(e1) + } + return +} + +func TimeEndPeriod(period uint32) (err error) { + r1, _, e1 := syscall.Syscall(proctimeEndPeriod.Addr(), 1, uintptr(period), 0, 0) + if r1 != 0 { + err = errnoErr(e1) + } + return +} + func WinVerifyTrustEx(hwnd HWND, actionId *GUID, data *WinTrustData) (ret error) { r0, _, _ := syscall.Syscall(procWinVerifyTrustEx.Addr(), 3, uintptr(hwnd), uintptr(unsafe.Pointer(actionId)), uintptr(unsafe.Pointer(data))) if r0 != 0 { diff --git a/vendor/modules.txt b/vendor/modules.txt index 0ad9ccca49a..9632ee2895f 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -78,7 +78,7 @@ golang.org/x/exp/slices # golang.org/x/net v0.14.0 ## explicit; go 1.17 golang.org/x/net/bpf -# golang.org/x/sys v0.11.0 +# golang.org/x/sys v0.12.0 ## explicit; go 1.17 golang.org/x/sys/execabs golang.org/x/sys/internal/unsafeheader From d8e9ed3e08e2bfcd340ff5c66c87a30b102bf7bd Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Mon, 22 Mar 2021 14:22:14 +0100 Subject: [PATCH 0368/1176] libcontainer/userns: simplify, and separate from "user" package. This makes libcontainer/userns self-dependent, largely returning to the original implementation from lxc. The `uiMapInUserNS` is kept as a separate function for unit-testing and fuzzing. Signed-off-by: Sebastiaan van Stijn --- libcontainer/userns/userns.go | 1 - libcontainer/userns/userns_fuzzer.go | 11 ++---- libcontainer/userns/userns_linux.go | 44 ++++++++++++++++------- libcontainer/userns/userns_linux_test.go | 13 ++----- libcontainer/userns/userns_unsupported.go | 4 +-- 5 files changed, 36 insertions(+), 37 deletions(-) diff --git a/libcontainer/userns/userns.go b/libcontainer/userns/userns.go index f6cb98e5e49..b225f18f2e2 100644 --- a/libcontainer/userns/userns.go +++ b/libcontainer/userns/userns.go @@ -1,5 +1,4 @@ package userns // RunningInUserNS detects whether we are currently running in a user namespace. -// Originally copied from github.com/lxc/lxd/shared/util.go var RunningInUserNS = runningInUserNS diff --git a/libcontainer/userns/userns_fuzzer.go b/libcontainer/userns/userns_fuzzer.go index 1e00ab8b505..bff03f8d859 100644 --- a/libcontainer/userns/userns_fuzzer.go +++ b/libcontainer/userns/userns_fuzzer.go @@ -3,14 +3,7 @@ package userns -import ( - "strings" - - "github.com/opencontainers/runc/libcontainer/user" -) - -func FuzzUIDMap(data []byte) int { - uidmap, _ := user.ParseIDMap(strings.NewReader(string(data))) - _ = uidMapInUserNS(uidmap) +func FuzzUIDMap(uidmap []byte) int { + _ = uidMapInUserNS(string(uidmap)) return 1 } diff --git a/libcontainer/userns/userns_linux.go b/libcontainer/userns/userns_linux.go index 724e6df0120..a6710b321be 100644 --- a/libcontainer/userns/userns_linux.go +++ b/libcontainer/userns/userns_linux.go @@ -1,9 +1,10 @@ package userns import ( + "bufio" + "fmt" + "os" "sync" - - "github.com/opencontainers/runc/libcontainer/user" ) var ( @@ -12,26 +13,43 @@ var ( ) // runningInUserNS detects whether we are currently running in a user namespace. -// Originally copied from github.com/lxc/lxd/shared/util.go +// +// Originally copied from https://github.com/lxc/incus/blob/e45085dd42f826b3c8c3228e9733c0b6f998eafe/shared/util.go#L678-L700. func runningInUserNS() bool { nsOnce.Do(func() { - uidmap, err := user.CurrentProcessUIDMap() + file, err := os.Open("/proc/self/uid_map") + if err != nil { + // This kernel-provided file only exists if user namespaces are supported. + return + } + defer file.Close() + + buf := bufio.NewReader(file) + l, _, err := buf.ReadLine() if err != nil { - // This kernel-provided file only exists if user namespaces are supported return } - inUserNS = uidMapInUserNS(uidmap) + + inUserNS = uidMapInUserNS(string(l)) }) return inUserNS } -func uidMapInUserNS(uidmap []user.IDMap) bool { - /* - * We assume we are in the initial user namespace if we have a full - * range - 4294967295 uids starting at uid 0. - */ - if len(uidmap) == 1 && uidmap[0].ID == 0 && uidmap[0].ParentID == 0 && uidmap[0].Count == 4294967295 { +func uidMapInUserNS(uidMap string) bool { + if uidMap == "" { + // File exist but empty (the initial state when userns is created, + // see user_namespaces(7)). + return true + } + + var a, b, c int64 + if _, err := fmt.Sscanf(uidMap, "%d %d %d", &a, &b, &c); err != nil { + // Assume we are in a regular, non user namespace. return false } - return true + + // As per user_namespaces(7), /proc/self/uid_map of + // the initial user namespace shows 0 0 4294967295. + initNS := a == 0 && b == 0 && c == 4294967295 + return !initNS } diff --git a/libcontainer/userns/userns_linux_test.go b/libcontainer/userns/userns_linux_test.go index 90d9270db6f..25c4ac301de 100644 --- a/libcontainer/userns/userns_linux_test.go +++ b/libcontainer/userns/userns_linux_test.go @@ -1,11 +1,6 @@ package userns -import ( - "strings" - "testing" - - "github.com/opencontainers/runc/libcontainer/user" -) +import "testing" func TestUIDMapInUserNS(t *testing.T) { cases := []struct { @@ -31,11 +26,7 @@ func TestUIDMapInUserNS(t *testing.T) { }, } for _, c := range cases { - uidmap, err := user.ParseIDMap(strings.NewReader(c.s)) - if err != nil { - t.Fatal(err) - } - actual := uidMapInUserNS(uidmap) + actual := uidMapInUserNS(c.s) if c.expected != actual { t.Fatalf("expected %v, got %v for %q", c.expected, actual, c.s) } diff --git a/libcontainer/userns/userns_unsupported.go b/libcontainer/userns/userns_unsupported.go index f35c13a10e0..391c811c680 100644 --- a/libcontainer/userns/userns_unsupported.go +++ b/libcontainer/userns/userns_unsupported.go @@ -3,8 +3,6 @@ package userns -import "github.com/opencontainers/runc/libcontainer/user" - // runningInUserNS is a stub for non-Linux systems // Always returns false func runningInUserNS() bool { @@ -13,6 +11,6 @@ func runningInUserNS() bool { // uidMapInUserNS is a stub for non-Linux systems // Always returns false -func uidMapInUserNS(uidmap []user.IDMap) bool { +func uidMapInUserNS(uidMap string) bool { return false } From 2d0cd0b381e333c03925470a0bfcb34e4e3e10f5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 5 Sep 2023 04:50:22 +0000 Subject: [PATCH 0369/1176] build(deps): bump actions/checkout from 3 to 4 Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/test.yml | 4 ++-- .github/workflows/validate.yml | 22 +++++++++++----------- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 3381bf23d1b..7f6799f18f6 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -40,7 +40,7 @@ jobs: steps: - name: checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: install deps if: matrix.criu == '' @@ -119,7 +119,7 @@ jobs: steps: - name: checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: install deps run: | diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index e14e713a8d2..5ee06770ed4 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -16,7 +16,7 @@ jobs: keyring: runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: check runc.keyring run: make validate-keyring @@ -27,7 +27,7 @@ jobs: pull-requests: read runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: fetch-depth: 2 - uses: actions/setup-go@v4 @@ -53,7 +53,7 @@ jobs: # Don't ignore C warnings. Note that the output of "go env CGO_CFLAGS" by default is "-g -O2", so we keep them. CGO_CFLAGS: -g -O2 -Werror steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: install go uses: actions/setup-go@v4 with: @@ -64,7 +64,7 @@ jobs: codespell: runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: install deps # Version of codespell bundled with Ubuntu is way old, so use pip. run: pip install codespell @@ -74,14 +74,14 @@ jobs: shfmt: runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: shfmt run: make shfmt shellcheck: runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: install shellcheck env: VERSION: v0.9.0 @@ -105,14 +105,14 @@ jobs: space-at-eol: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - run: rm -fr vendor - run: if git -P grep -I -n '\s$'; then echo "^^^ extra whitespace at EOL, please fix"; exit 1; fi deps: runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: install go uses: actions/setup-go@v4 with: @@ -146,7 +146,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 - name: install deps @@ -164,7 +164,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 @@ -194,7 +194,7 @@ jobs: get-images: runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: fetch-depth: 0 - name: install bashbrew From 1fe9447f658e71a0bf0358148251fa5e0faa7446 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 6 Sep 2023 04:09:10 +0000 Subject: [PATCH 0370/1176] build(deps): bump golang.org/x/net from 0.14.0 to 0.15.0 Bumps [golang.org/x/net](https://github.com/golang/net) from 0.14.0 to 0.15.0. - [Commits](https://github.com/golang/net/compare/v0.14.0...v0.15.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- vendor/modules.txt | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index abbe4d4bda9..b82432af41b 100644 --- a/go.mod +++ b/go.mod @@ -19,7 +19,7 @@ require ( github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 github.com/urfave/cli v1.22.12 github.com/vishvananda/netlink v1.1.0 - golang.org/x/net v0.14.0 + golang.org/x/net v0.15.0 golang.org/x/sys v0.12.0 google.golang.org/protobuf v1.31.0 ) diff --git a/go.sum b/go.sum index 96c2a345797..7c803e618b2 100644 --- a/go.sum +++ b/go.sum @@ -63,8 +63,8 @@ github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df h1:OviZH7qLw/7Zo github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU= golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2 h1:Jvc7gsqn21cJHCmAWx0LiimpP18LZmUxkT5Mp7EZ1mI= golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= -golang.org/x/net v0.14.0 h1:BONx9s002vGdD9umnlX1Po8vOZmrgH34qlHcD1MfK14= -golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI= +golang.org/x/net v0.15.0 h1:ugBLEUaxABaB5AJqW9enI0ACdci2RUd4eP51NTBvuJ8= +golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= diff --git a/vendor/modules.txt b/vendor/modules.txt index 9632ee2895f..98d2a5e61e9 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -75,7 +75,7 @@ github.com/vishvananda/netns golang.org/x/exp/constraints golang.org/x/exp/maps golang.org/x/exp/slices -# golang.org/x/net v0.14.0 +# golang.org/x/net v0.15.0 ## explicit; go 1.17 golang.org/x/net/bpf # golang.org/x/sys v0.12.0 From e1584831b6835d3e8b9a239cb10503bcf6b9b9e8 Mon Sep 17 00:00:00 2001 From: Kailun Qin Date: Thu, 9 Sep 2021 18:29:31 -0400 Subject: [PATCH 0371/1176] libct/cg: add CFS bandwidth burst for CPU Burstable CFS controller is introduced in Linux 5.14. This helps with parallel workloads that might be bursty. They can get throttled even when their average utilization is under quota. And they may be latency sensitive at the same time so that throttling them is undesired. This feature borrows time now against the future underrun, at the cost of increased interference against the other system users, by introducing cfs_burst_us into CFS bandwidth control to enact the cap on unused bandwidth accumulation, which will then used additionally for burst. The patch adds the support/control for CFS bandwidth burst. runtime-spec: https://github.com/opencontainers/runtime-spec/pull/1120 Co-authored-by: Akihiro Suda Co-authored-by: Nadeshiko Manju Signed-off-by: Kailun Qin --- contrib/completions/bash/runc | 1 + docs/spec-conformance.md | 1 - libcontainer/cgroups/fs/cpu.go | 29 ++++++++++++++++++++++++++++ libcontainer/cgroups/fs/cpu_test.go | 12 ++++++++++++ libcontainer/cgroups/fs/fs.go | 2 +- libcontainer/cgroups/fs2/cpu.go | 27 +++++++++++++++++++++++++- libcontainer/configs/cgroup_linux.go | 3 +++ libcontainer/specconv/spec_linux.go | 3 +++ man/runc-update.8.md | 4 ++++ tests/integration/helpers.bash | 16 ++++++++++++++- tests/integration/update.bats | 6 ++++++ update.go | 8 ++++++++ 12 files changed, 108 insertions(+), 4 deletions(-) diff --git a/contrib/completions/bash/runc b/contrib/completions/bash/runc index 69a3b953750..782234e86d4 100644 --- a/contrib/completions/bash/runc +++ b/contrib/completions/bash/runc @@ -735,6 +735,7 @@ _runc_update() { --blkio-weight --cpu-period --cpu-quota + --cpu-burst --cpu-rt-period --cpu-rt-runtime --cpu-share diff --git a/docs/spec-conformance.md b/docs/spec-conformance.md index b512e5f5bb1..4ec89dcab4a 100644 --- a/docs/spec-conformance.md +++ b/docs/spec-conformance.md @@ -10,7 +10,6 @@ Spec version | Feature | PR v1.0.0 | `SCMP_ARCH_PARISC` | Unplanned, due to lack of users v1.0.0 | `SCMP_ARCH_PARISC64` | Unplanned, due to lack of users v1.0.2 | `.linux.personality` | [#3126](https://github.com/opencontainers/runc/pull/3126) -v1.1.0 | `.linux.resources.cpu.burst` | [#3749](https://github.com/opencontainers/runc/pull/3749) v1.1.0 | `SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV` | [#3862](https://github.com/opencontainers/runc/pull/3862) v1.1.0 | time namespaces | [#3876](https://github.com/opencontainers/runc/pull/3876) v1.1.0 | rsvd hugetlb cgroup | TODO ([#3859](https://github.com/opencontainers/runc/issues/3859)) diff --git a/libcontainer/cgroups/fs/cpu.go b/libcontainer/cgroups/fs/cpu.go index 26a9d7c0f5f..727f7f9184f 100644 --- a/libcontainer/cgroups/fs/cpu.go +++ b/libcontainer/cgroups/fs/cpu.go @@ -84,6 +84,28 @@ func (s *CpuGroup) Set(path string, r *configs.Resources) error { period = "" } } + + var burst string + if r.CpuBurst != nil { + burst = strconv.FormatUint(*r.CpuBurst, 10) + if err := cgroups.WriteFile(path, "cpu.cfs_burst_us", burst); err != nil { + // this is a special trick for burst feature, the current systemd and low version of kernel will not support it. + // So, an `no such file or directory` error would be raised, and we can ignore it . + if !errors.Is(err, unix.ENOENT) { + // Sometimes when the burst to be set is larger + // than the current one, it is rejected by the kernel + // (EINVAL) as old_quota/new_burst exceeds the parent + // cgroup quota limit. If this happens and the quota is + // going to be set, ignore the error for now and retry + // after setting the quota. + if !errors.Is(err, unix.EINVAL) || r.CpuQuota == 0 { + return err + } + } + } else { + burst = "" + } + } if r.CpuQuota != 0 { if err := cgroups.WriteFile(path, "cpu.cfs_quota_us", strconv.FormatInt(r.CpuQuota, 10)); err != nil { return err @@ -93,6 +115,13 @@ func (s *CpuGroup) Set(path string, r *configs.Resources) error { return err } } + if burst != "" { + if err := cgroups.WriteFile(path, "cpu.cfs_burst_us", burst); err != nil { + if !errors.Is(err, unix.ENOENT) { + return err + } + } + } } if r.CPUIdle != nil { diff --git a/libcontainer/cgroups/fs/cpu_test.go b/libcontainer/cgroups/fs/cpu_test.go index bbdd45a7118..4848b56a354 100644 --- a/libcontainer/cgroups/fs/cpu_test.go +++ b/libcontainer/cgroups/fs/cpu_test.go @@ -45,6 +45,7 @@ func TestCpuSetBandWidth(t *testing.T) { const ( quotaBefore = 8000 quotaAfter = 5000 + burstBefore = 2000 periodBefore = 10000 periodAfter = 7000 rtRuntimeBefore = 8000 @@ -52,9 +53,11 @@ func TestCpuSetBandWidth(t *testing.T) { rtPeriodBefore = 10000 rtPeriodAfter = 7000 ) + burstAfter := uint64(1000) writeFileContents(t, path, map[string]string{ "cpu.cfs_quota_us": strconv.Itoa(quotaBefore), + "cpu.cfs_burst_us": strconv.Itoa(burstBefore), "cpu.cfs_period_us": strconv.Itoa(periodBefore), "cpu.rt_runtime_us": strconv.Itoa(rtRuntimeBefore), "cpu.rt_period_us": strconv.Itoa(rtPeriodBefore), @@ -62,6 +65,7 @@ func TestCpuSetBandWidth(t *testing.T) { r := &configs.Resources{ CpuQuota: quotaAfter, + CpuBurst: &burstAfter, CpuPeriod: periodAfter, CpuRtRuntime: rtRuntimeAfter, CpuRtPeriod: rtPeriodAfter, @@ -79,6 +83,14 @@ func TestCpuSetBandWidth(t *testing.T) { t.Fatal("Got the wrong value, set cpu.cfs_quota_us failed.") } + burst, err := fscommon.GetCgroupParamUint(path, "cpu.cfs_burst_us") + if err != nil { + t.Fatal(err) + } + if burst != burstAfter { + t.Fatal("Got the wrong value, set cpu.cfs_burst_us failed.") + } + period, err := fscommon.GetCgroupParamUint(path, "cpu.cfs_period_us") if err != nil { t.Fatal(err) diff --git a/libcontainer/cgroups/fs/fs.go b/libcontainer/cgroups/fs/fs.go index d2decb127ca..e2c425d0cd0 100644 --- a/libcontainer/cgroups/fs/fs.go +++ b/libcontainer/cgroups/fs/fs.go @@ -191,7 +191,7 @@ func (m *Manager) Set(r *configs.Resources) error { if path == "" { // We never created a path for this cgroup, so we cannot set // limits for it (though we have already tried at this point). - return fmt.Errorf("cannot set %s limit: container could not join or create cgroup", sys.Name()) + return fmt.Errorf("cannot set %s limit: container could not join or create cgroup, and the error is %w", sys.Name(), err) } return err } diff --git a/libcontainer/cgroups/fs2/cpu.go b/libcontainer/cgroups/fs2/cpu.go index 3f8deb0adbe..8ee49d499f1 100644 --- a/libcontainer/cgroups/fs2/cpu.go +++ b/libcontainer/cgroups/fs2/cpu.go @@ -2,16 +2,19 @@ package fs2 import ( "bufio" + "errors" "os" "strconv" + "golang.org/x/sys/unix" + "github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/cgroups/fscommon" "github.com/opencontainers/runc/libcontainer/configs" ) func isCpuSet(r *configs.Resources) bool { - return r.CpuWeight != 0 || r.CpuQuota != 0 || r.CpuPeriod != 0 || r.CPUIdle != nil + return r.CpuWeight != 0 || r.CpuQuota != 0 || r.CpuPeriod != 0 || r.CPUIdle != nil || r.CpuBurst != nil } func setCpu(dirPath string, r *configs.Resources) error { @@ -32,6 +35,23 @@ func setCpu(dirPath string, r *configs.Resources) error { } } + var burst string + if r.CpuBurst != nil { + burst = strconv.FormatUint(*r.CpuBurst, 10) + if err := cgroups.WriteFile(dirPath, "cpu.max.burst", burst); err != nil { + // Sometimes when the burst to be set is larger + // than the current one, it is rejected by the kernel + // (EINVAL) as old_quota/new_burst exceeds the parent + // cgroup quota limit. If this happens and the quota is + // going to be set, ignore the error for now and retry + // after setting the quota. + if !errors.Is(err, unix.EINVAL) || r.CpuQuota == 0 { + return err + } + } else { + burst = "" + } + } if r.CpuQuota != 0 || r.CpuPeriod != 0 { str := "max" if r.CpuQuota > 0 { @@ -47,6 +67,11 @@ func setCpu(dirPath string, r *configs.Resources) error { if err := cgroups.WriteFile(dirPath, "cpu.max", str); err != nil { return err } + if burst != "" { + if err := cgroups.WriteFile(dirPath, "cpu.max.burst", burst); err != nil { + return err + } + } } return nil diff --git a/libcontainer/configs/cgroup_linux.go b/libcontainer/configs/cgroup_linux.go index 1664304be21..4a34cf76fc5 100644 --- a/libcontainer/configs/cgroup_linux.go +++ b/libcontainer/configs/cgroup_linux.go @@ -69,6 +69,9 @@ type Resources struct { // CPU hardcap limit (in usecs). Allowed cpu time in a given period. CpuQuota int64 `json:"cpu_quota"` + // CPU hardcap burst limit (in usecs). Allowed accumulated cpu time additionally for burst in a given period. + CpuBurst *uint64 `json:"cpu_burst"` //nolint:revive + // CPU period to be used for hardcapping (in usecs). 0 to use system default. CpuPeriod uint64 `json:"cpu_period"` diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go index 88f9c6777ef..818afcff59e 100644 --- a/libcontainer/specconv/spec_linux.go +++ b/libcontainer/specconv/spec_linux.go @@ -755,6 +755,9 @@ func CreateCgroupConfig(opts *CreateOpts, defaultDevs []*devices.Device) (*confi if r.CPU.Quota != nil { c.Resources.CpuQuota = *r.CPU.Quota } + if r.CPU.Burst != nil { + c.Resources.CpuBurst = r.CPU.Burst + } if r.CPU.Period != nil { c.Resources.CpuPeriod = *r.CPU.Period } diff --git a/man/runc-update.8.md b/man/runc-update.8.md index 8ceaa386fe8..8ca69451ddd 100644 --- a/man/runc-update.8.md +++ b/man/runc-update.8.md @@ -28,6 +28,7 @@ In case **-r** is used, the JSON format is like this: "cpu": { "shares": 0, "quota": 0, + "burst": 0, "period": 0, "realtimeRuntime": 0, "realtimePeriod": 0, @@ -53,6 +54,9 @@ stdin. If this option is used, all other options are ignored. **--cpu-quota** _num_ : Set CPU usage limit within a given period (in microseconds). +**--cpu-burst** _num_ +: Set CPU burst limit within a given period (in microseconds). + **--cpu-rt-period** _num_ : Set CPU realtime period to be used for hardcapping (in microseconds). diff --git a/tests/integration/helpers.bash b/tests/integration/helpers.bash index 65912951d58..cd08fb2459f 100755 --- a/tests/integration/helpers.bash +++ b/tests/integration/helpers.bash @@ -260,11 +260,16 @@ function get_cgroup_value() { # Helper to check a if value in a cgroup file matches the expected one. function check_cgroup_value() { local current + local cgroup + cgroup="$(get_cgroup_path "$1")" + if [ ! -f "$cgroup/$1" ]; then + skip "$cgroup/$1 does not exist" + fi current="$(get_cgroup_value "$1")" local expected=$2 echo "current $current !? $expected" - [ "$current" = "$expected" ] + [ "$current" = "$expected" ] || [ "$current" = "$((expected / 1000))" ] } # Helper to check a value in systemd. @@ -310,6 +315,15 @@ function check_cpu_quota() { check_systemd_value "CPUQuotaPeriodUSec" $sd_period $sd_infinity } +function check_cpu_burst() { + local burst=$1 + if [ -v CGROUP_V2 ]; then + check_cgroup_value "cpu.max.burst" "$burst" + else + check_cgroup_value "cpu.cfs_burst_us" "$burst" + fi +} + # Works for cgroup v1 and v2, accepts v1 shares as an argument. function check_cpu_shares() { local shares=$1 diff --git a/tests/integration/update.bats b/tests/integration/update.bats index 5a87fa1500d..616fe809b9c 100644 --- a/tests/integration/update.bats +++ b/tests/integration/update.bats @@ -288,6 +288,12 @@ EOF runc update test_update --cpu-share 200 [ "$status" -eq 0 ] check_cpu_shares 200 + runc update test_update --cpu-period 900000 --cpu-burst 500000 + [ "$status" -eq 0 ] + check_cpu_burst 500000 + runc update test_update --cpu-period 900000 --cpu-burst 0 + [ "$status" -eq 0 ] + check_cpu_burst 0 # Revert to the test initial value via json on stding runc update -r - test_update < Date: Thu, 7 Sep 2023 04:30:28 +0000 Subject: [PATCH 0372/1176] build(deps): bump github.com/cyphar/filepath-securejoin Bumps [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) from 0.2.3 to 0.2.4. - [Release notes](https://github.com/cyphar/filepath-securejoin/releases) - [Commits](https://github.com/cyphar/filepath-securejoin/compare/v0.2.3...v0.2.4) --- updated-dependencies: - dependency-name: github.com/cyphar/filepath-securejoin dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- .../cyphar/filepath-securejoin/.travis.yml | 21 ------------------- .../cyphar/filepath-securejoin/README.md | 2 +- .../cyphar/filepath-securejoin/VERSION | 2 +- .../cyphar/filepath-securejoin/join.go | 12 ++++++++++- vendor/modules.txt | 2 +- 7 files changed, 17 insertions(+), 28 deletions(-) delete mode 100644 vendor/github.com/cyphar/filepath-securejoin/.travis.yml diff --git a/go.mod b/go.mod index b82432af41b..15766026008 100644 --- a/go.mod +++ b/go.mod @@ -7,7 +7,7 @@ require ( github.com/cilium/ebpf v0.11.0 github.com/containerd/console v1.0.3 github.com/coreos/go-systemd/v22 v22.5.0 - github.com/cyphar/filepath-securejoin v0.2.3 + github.com/cyphar/filepath-securejoin v0.2.4 github.com/docker/go-units v0.5.0 github.com/godbus/dbus/v5 v5.1.0 github.com/moby/sys/mountinfo v0.6.2 diff --git a/go.sum b/go.sum index 7c803e618b2..2592c4538d5 100644 --- a/go.sum +++ b/go.sum @@ -9,8 +9,8 @@ github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8 github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w= github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= -github.com/cyphar/filepath-securejoin v0.2.3 h1:YX6ebbZCZP7VkM3scTTokDgBL2TY741X51MTk3ycuNI= -github.com/cyphar/filepath-securejoin v0.2.3/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= +github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg= +github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= diff --git a/vendor/github.com/cyphar/filepath-securejoin/.travis.yml b/vendor/github.com/cyphar/filepath-securejoin/.travis.yml deleted file mode 100644 index b94ff8cf92a..00000000000 --- a/vendor/github.com/cyphar/filepath-securejoin/.travis.yml +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright (C) 2017 SUSE LLC. All rights reserved. -# Use of this source code is governed by a BSD-style -# license that can be found in the LICENSE file. - -language: go -go: - - 1.13.x - - 1.16.x - - tip -arch: - - AMD64 - - ppc64le -os: - - linux - - osx - -script: - - go test -cover -v ./... - -notifications: - email: false diff --git a/vendor/github.com/cyphar/filepath-securejoin/README.md b/vendor/github.com/cyphar/filepath-securejoin/README.md index 3624617c89b..4eca0f23550 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/README.md +++ b/vendor/github.com/cyphar/filepath-securejoin/README.md @@ -1,6 +1,6 @@ ## `filepath-securejoin` ## -[![Build Status](https://travis-ci.org/cyphar/filepath-securejoin.svg?branch=master)](https://travis-ci.org/cyphar/filepath-securejoin) +[![Build Status](https://github.com/cyphar/filepath-securejoin/actions/workflows/ci.yml/badge.svg)](https://github.com/cyphar/filepath-securejoin/actions/workflows/ci.yml) An implementation of `SecureJoin`, a [candidate for inclusion in the Go standard library][go#20126]. The purpose of this function is to be a "secure" diff --git a/vendor/github.com/cyphar/filepath-securejoin/VERSION b/vendor/github.com/cyphar/filepath-securejoin/VERSION index 7179039691c..abd410582de 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/VERSION +++ b/vendor/github.com/cyphar/filepath-securejoin/VERSION @@ -1 +1 @@ -0.2.3 +0.2.4 diff --git a/vendor/github.com/cyphar/filepath-securejoin/join.go b/vendor/github.com/cyphar/filepath-securejoin/join.go index 7dd08dbbdf7..aa32b85fb84 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/join.go +++ b/vendor/github.com/cyphar/filepath-securejoin/join.go @@ -39,17 +39,27 @@ func IsNotExist(err error) bool { // components in the returned string are not modified (in other words are not // replaced with symlinks on the filesystem) after this function has returned. // Such a symlink race is necessarily out-of-scope of SecureJoin. +// +// Volume names in unsafePath are always discarded, regardless if they are +// provided via direct input or when evaluating symlinks. Therefore: +// +// "C:\Temp" + "D:\path\to\file.txt" results in "C:\Temp\path\to\file.txt" func SecureJoinVFS(root, unsafePath string, vfs VFS) (string, error) { // Use the os.* VFS implementation if none was specified. if vfs == nil { vfs = osVFS{} } + unsafePath = filepath.FromSlash(unsafePath) var path bytes.Buffer n := 0 for unsafePath != "" { if n > 255 { - return "", &os.PathError{Op: "SecureJoin", Path: root + "/" + unsafePath, Err: syscall.ELOOP} + return "", &os.PathError{Op: "SecureJoin", Path: root + string(filepath.Separator) + unsafePath, Err: syscall.ELOOP} + } + + if v := filepath.VolumeName(unsafePath); v != "" { + unsafePath = unsafePath[len(v):] } // Next path component, p. diff --git a/vendor/modules.txt b/vendor/modules.txt index 98d2a5e61e9..b2d26f63ddb 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -23,7 +23,7 @@ github.com/coreos/go-systemd/v22/dbus # github.com/cpuguy83/go-md2man/v2 v2.0.2 ## explicit; go 1.11 github.com/cpuguy83/go-md2man/v2/md2man -# github.com/cyphar/filepath-securejoin v0.2.3 +# github.com/cyphar/filepath-securejoin v0.2.4 ## explicit; go 1.13 github.com/cyphar/filepath-securejoin # github.com/docker/go-units v0.5.0 From c378602bf6fbcc9525688a74a03aff06f9988c5e Mon Sep 17 00:00:00 2001 From: Eng Zer Jun Date: Fri, 8 Sep 2023 23:40:51 +0800 Subject: [PATCH 0373/1176] libct/specconv: remove redundant nil check From the Go specification: "1. For a nil slice, the number of iterations is 0." [1] Therefore, an additional nil check for before the loop is unnecessary. [1]: https://go.dev/ref/spec#For_range Signed-off-by: Eng Zer Jun --- libcontainer/specconv/spec_linux.go | 60 ++++++++++++----------------- 1 file changed, 25 insertions(+), 35 deletions(-) diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go index 818afcff59e..cc4e3d256ba 100644 --- a/libcontainer/specconv/spec_linux.go +++ b/libcontainer/specconv/spec_linux.go @@ -781,46 +781,36 @@ func CreateCgroupConfig(opts *CreateOpts, defaultDevs []*devices.Device) (*confi if r.BlockIO.LeafWeight != nil { c.Resources.BlkioLeafWeight = *r.BlockIO.LeafWeight } - if r.BlockIO.WeightDevice != nil { - for _, wd := range r.BlockIO.WeightDevice { - var weight, leafWeight uint16 - if wd.Weight != nil { - weight = *wd.Weight - } - if wd.LeafWeight != nil { - leafWeight = *wd.LeafWeight - } - weightDevice := configs.NewWeightDevice(wd.Major, wd.Minor, weight, leafWeight) - c.Resources.BlkioWeightDevice = append(c.Resources.BlkioWeightDevice, weightDevice) + for _, wd := range r.BlockIO.WeightDevice { + var weight, leafWeight uint16 + if wd.Weight != nil { + weight = *wd.Weight } - } - if r.BlockIO.ThrottleReadBpsDevice != nil { - for _, td := range r.BlockIO.ThrottleReadBpsDevice { - rate := td.Rate - throttleDevice := configs.NewThrottleDevice(td.Major, td.Minor, rate) - c.Resources.BlkioThrottleReadBpsDevice = append(c.Resources.BlkioThrottleReadBpsDevice, throttleDevice) + if wd.LeafWeight != nil { + leafWeight = *wd.LeafWeight } + weightDevice := configs.NewWeightDevice(wd.Major, wd.Minor, weight, leafWeight) + c.Resources.BlkioWeightDevice = append(c.Resources.BlkioWeightDevice, weightDevice) } - if r.BlockIO.ThrottleWriteBpsDevice != nil { - for _, td := range r.BlockIO.ThrottleWriteBpsDevice { - rate := td.Rate - throttleDevice := configs.NewThrottleDevice(td.Major, td.Minor, rate) - c.Resources.BlkioThrottleWriteBpsDevice = append(c.Resources.BlkioThrottleWriteBpsDevice, throttleDevice) - } + for _, td := range r.BlockIO.ThrottleReadBpsDevice { + rate := td.Rate + throttleDevice := configs.NewThrottleDevice(td.Major, td.Minor, rate) + c.Resources.BlkioThrottleReadBpsDevice = append(c.Resources.BlkioThrottleReadBpsDevice, throttleDevice) } - if r.BlockIO.ThrottleReadIOPSDevice != nil { - for _, td := range r.BlockIO.ThrottleReadIOPSDevice { - rate := td.Rate - throttleDevice := configs.NewThrottleDevice(td.Major, td.Minor, rate) - c.Resources.BlkioThrottleReadIOPSDevice = append(c.Resources.BlkioThrottleReadIOPSDevice, throttleDevice) - } + for _, td := range r.BlockIO.ThrottleWriteBpsDevice { + rate := td.Rate + throttleDevice := configs.NewThrottleDevice(td.Major, td.Minor, rate) + c.Resources.BlkioThrottleWriteBpsDevice = append(c.Resources.BlkioThrottleWriteBpsDevice, throttleDevice) } - if r.BlockIO.ThrottleWriteIOPSDevice != nil { - for _, td := range r.BlockIO.ThrottleWriteIOPSDevice { - rate := td.Rate - throttleDevice := configs.NewThrottleDevice(td.Major, td.Minor, rate) - c.Resources.BlkioThrottleWriteIOPSDevice = append(c.Resources.BlkioThrottleWriteIOPSDevice, throttleDevice) - } + for _, td := range r.BlockIO.ThrottleReadIOPSDevice { + rate := td.Rate + throttleDevice := configs.NewThrottleDevice(td.Major, td.Minor, rate) + c.Resources.BlkioThrottleReadIOPSDevice = append(c.Resources.BlkioThrottleReadIOPSDevice, throttleDevice) + } + for _, td := range r.BlockIO.ThrottleWriteIOPSDevice { + rate := td.Rate + throttleDevice := configs.NewThrottleDevice(td.Major, td.Minor, rate) + c.Resources.BlkioThrottleWriteIOPSDevice = append(c.Resources.BlkioThrottleWriteIOPSDevice, throttleDevice) } } for _, l := range r.HugepageLimits { From b17c6f237dfd6d2dab9bd9c9b36cb9e429ee1fd1 Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Mon, 11 Sep 2023 15:57:14 +0200 Subject: [PATCH 0374/1176] validator: Relax warning for not abs mount dst path The runtime spec now allows relative mount dst paths, so remove the comment saying we will switch this to an error later and change the error messages to reflect that. Signed-off-by: Rodrigo Campos --- libcontainer/configs/validate/validator.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/libcontainer/configs/validate/validator.go b/libcontainer/configs/validate/validator.go index 81eebba797f..11b80ddaae6 100644 --- a/libcontainer/configs/validate/validator.go +++ b/libcontainer/configs/validate/validator.go @@ -38,11 +38,11 @@ func Validate(config *configs.Config) error { } // Relaxed validation rules for backward compatibility warns := []check{ - mounts, // TODO (runc v1.x.x): make this an error instead of a warning + mountsWarn, } for _, c := range warns { if err := c(config); err != nil { - logrus.WithError(err).Warn("invalid configuration") + logrus.WithError(err).Warn("configuration") } } return nil @@ -300,10 +300,10 @@ func checkIDMapMounts(config *configs.Config, m *configs.Mount) error { return nil } -func mounts(config *configs.Config) error { +func mountsWarn(config *configs.Config) error { for _, m := range config.Mounts { if !filepath.IsAbs(m.Destination) { - return fmt.Errorf("invalid mount %+v: mount destination not absolute", m) + return fmt.Errorf("mount %+v: relative destination path is **deprecated**, using it as relative to /", m) } } return nil From 65a1074c75123afbe1d59e6ca2abc683e9d0d9dc Mon Sep 17 00:00:00 2001 From: lifubang Date: Sun, 17 Sep 2023 09:55:12 +0800 Subject: [PATCH 0375/1176] increase memory.max in cgroups.bats Signed-off-by: lifubang --- tests/integration/cgroups.bats | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/integration/cgroups.bats b/tests/integration/cgroups.bats index f06bd25f3b9..ed2da3303c9 100644 --- a/tests/integration/cgroups.bats +++ b/tests/integration/cgroups.bats @@ -207,7 +207,7 @@ function setup() { "memory.min": "131072", "memory.low": "524288", "memory.high": "5242880", - "memory.max": "10485760", + "memory.max": "20484096", "memory.swap.max": "20971520", "pids.max": "99", "cpu.max": "10000 100000", @@ -224,7 +224,7 @@ function setup() { echo "$output" | grep -q '^memory.min:131072$' echo "$output" | grep -q '^memory.low:524288$' echo "$output" | grep -q '^memory.high:5242880$' - echo "$output" | grep -q '^memory.max:10485760$' + echo "$output" | grep -q '^memory.max:20484096$' echo "$output" | grep -q '^memory.swap.max:20971520$' echo "$output" | grep -q '^pids.max:99$' echo "$output" | grep -q '^cpu.max:10000 100000$' @@ -232,7 +232,7 @@ function setup() { check_systemd_value "MemoryMin" 131072 check_systemd_value "MemoryLow" 524288 check_systemd_value "MemoryHigh" 5242880 - check_systemd_value "MemoryMax" 10485760 + check_systemd_value "MemoryMax" 20484096 check_systemd_value "MemorySwapMax" 20971520 check_systemd_value "TasksMax" 99 check_cpu_quota 10000 100000 "100ms" @@ -252,7 +252,7 @@ function setup() { } | .linux.resources.unified |= { "memory.min": "131072", - "memory.max": "10485760", + "memory.max": "40484864", "pids.max": "42", "cpu.max": "5000 50000", "cpu.weight": "42" @@ -267,7 +267,7 @@ function setup() { runc exec test_cgroups_unified cat /sys/fs/cgroup/memory.max [ "$status" -eq 0 ] - [ "$output" = '10485760' ] + [ "$output" = '40484864' ] runc exec test_cgroups_unified cat /sys/fs/cgroup/pids.max [ "$status" -eq 0 ] From ca32014adbc5bcdd1ec5862672c35c7d4cbd849d Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Sat, 16 Sep 2023 13:17:20 +0200 Subject: [PATCH 0376/1176] migrate libcontainer/user to github.com/moby/sys/user Signed-off-by: Sebastiaan van Stijn --- go.mod | 1 + go.sum | 2 + libcontainer/init_linux.go | 2 +- libcontainer/user/lookup_deprecated.go | 81 +++ libcontainer/user/user_deprecated.go | 143 +++++ libcontainer/user/user_test.go | 530 ------------------ list.go | 2 +- vendor/github.com/moby/sys/user/LICENSE | 202 +++++++ .../github.com/moby/sys}/user/lookup_unix.go | 0 .../github.com/moby/sys}/user/user.go | 0 .../github.com/moby/sys}/user/user_fuzzer.go | 0 vendor/modules.txt | 3 + 12 files changed, 434 insertions(+), 532 deletions(-) create mode 100644 libcontainer/user/lookup_deprecated.go create mode 100644 libcontainer/user/user_deprecated.go delete mode 100644 libcontainer/user/user_test.go create mode 100644 vendor/github.com/moby/sys/user/LICENSE rename {libcontainer => vendor/github.com/moby/sys}/user/lookup_unix.go (100%) rename {libcontainer => vendor/github.com/moby/sys}/user/user.go (100%) rename {libcontainer => vendor/github.com/moby/sys}/user/user_fuzzer.go (100%) diff --git a/go.mod b/go.mod index 15766026008..235f6b3f4c1 100644 --- a/go.mod +++ b/go.mod @@ -11,6 +11,7 @@ require ( github.com/docker/go-units v0.5.0 github.com/godbus/dbus/v5 v5.1.0 github.com/moby/sys/mountinfo v0.6.2 + github.com/moby/sys/user v0.1.0 github.com/mrunalp/fileutils v0.5.0 github.com/opencontainers/runtime-spec v1.1.1-0.20230823135140-4fec88fd00a4 github.com/opencontainers/selinux v1.11.0 diff --git a/go.sum b/go.sum index 2592c4538d5..ff43962d6f1 100644 --- a/go.sum +++ b/go.sum @@ -28,6 +28,8 @@ github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/moby/sys/mountinfo v0.6.2 h1:BzJjoreD5BMFNmD9Rus6gdd1pLuecOFPt8wC+Vygl78= github.com/moby/sys/mountinfo v0.6.2/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI= +github.com/moby/sys/user v0.1.0 h1:WmZ93f5Ux6het5iituh9x2zAG7NFY9Aqi49jjE1PaQg= +github.com/moby/sys/user v0.1.0/go.mod h1:fKJhFOnsCN6xZ5gSfbM6zaHGgDJMrqt9/reuj4T7MmU= github.com/mrunalp/fileutils v0.5.0 h1:NKzVxiH7eSk+OQ4M+ZYW1K6h27RUV3MI6NUTsHhU6Z4= github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ= github.com/opencontainers/runtime-spec v1.1.1-0.20230823135140-4fec88fd00a4 h1:EctkgBjZ1y4q+sibyuuIgiKpa0QSd2elFtSSdNvBVow= diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go index 30152696f72..732f64dc660 100644 --- a/libcontainer/init_linux.go +++ b/libcontainer/init_linux.go @@ -13,6 +13,7 @@ import ( "strings" "github.com/containerd/console" + "github.com/moby/sys/user" "github.com/opencontainers/runtime-spec/specs-go" "github.com/sirupsen/logrus" "github.com/vishvananda/netlink" @@ -22,7 +23,6 @@ import ( "github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/system" - "github.com/opencontainers/runc/libcontainer/user" "github.com/opencontainers/runc/libcontainer/utils" ) diff --git a/libcontainer/user/lookup_deprecated.go b/libcontainer/user/lookup_deprecated.go new file mode 100644 index 00000000000..c6cd4434551 --- /dev/null +++ b/libcontainer/user/lookup_deprecated.go @@ -0,0 +1,81 @@ +package user + +import ( + "io" + + "github.com/moby/sys/user" +) + +// LookupUser looks up a user by their username in /etc/passwd. If the user +// cannot be found (or there is no /etc/passwd file on the filesystem), then +// LookupUser returns an error. +func LookupUser(username string) (user.User, error) { + return user.LookupUser(username) +} + +// LookupUid looks up a user by their user id in /etc/passwd. If the user cannot +// be found (or there is no /etc/passwd file on the filesystem), then LookupId +// returns an error. +func LookupUid(uid int) (user.User, error) { //nolint:revive // ignore var-naming: func LookupUid should be LookupUID + return user.LookupUid(uid) +} + +// LookupGroup looks up a group by its name in /etc/group. If the group cannot +// be found (or there is no /etc/group file on the filesystem), then LookupGroup +// returns an error. +func LookupGroup(groupname string) (user.Group, error) { + return user.LookupGroup(groupname) +} + +// LookupGid looks up a group by its group id in /etc/group. If the group cannot +// be found (or there is no /etc/group file on the filesystem), then LookupGid +// returns an error. +func LookupGid(gid int) (user.Group, error) { + return user.LookupGid(gid) +} + +func GetPasswdPath() (string, error) { + return user.GetPasswdPath() +} + +func GetPasswd() (io.ReadCloser, error) { + return user.GetPasswd() +} + +func GetGroupPath() (string, error) { + return user.GetGroupPath() +} + +func GetGroup() (io.ReadCloser, error) { + return user.GetGroup() +} + +// CurrentUser looks up the current user by their user id in /etc/passwd. If the +// user cannot be found (or there is no /etc/passwd file on the filesystem), +// then CurrentUser returns an error. +func CurrentUser() (user.User, error) { + return user.CurrentUser() +} + +// CurrentGroup looks up the current user's group by their primary group id's +// entry in /etc/passwd. If the group cannot be found (or there is no +// /etc/group file on the filesystem), then CurrentGroup returns an error. +func CurrentGroup() (user.Group, error) { + return user.CurrentGroup() +} + +func CurrentUserSubUIDs() ([]user.SubID, error) { + return user.CurrentUserSubUIDs() +} + +func CurrentUserSubGIDs() ([]user.SubID, error) { + return user.CurrentUserSubGIDs() +} + +func CurrentProcessUIDMap() ([]user.IDMap, error) { + return user.CurrentProcessUIDMap() +} + +func CurrentProcessGIDMap() ([]user.IDMap, error) { + return user.CurrentProcessGIDMap() +} diff --git a/libcontainer/user/user_deprecated.go b/libcontainer/user/user_deprecated.go new file mode 100644 index 00000000000..b20e47ca108 --- /dev/null +++ b/libcontainer/user/user_deprecated.go @@ -0,0 +1,143 @@ +package user + +import ( + "io" + + "github.com/moby/sys/user" +) + +var ( + // ErrNoPasswdEntries is returned if no matching entries were found in /etc/group. + ErrNoPasswdEntries = user.ErrNoPasswdEntries + // ErrNoGroupEntries is returned if no matching entries were found in /etc/passwd. + ErrNoGroupEntries = user.ErrNoGroupEntries + // ErrRange is returned if a UID or GID is outside of the valid range. + ErrRange = user.ErrRange +) + +type ( + User = user.User + + Group = user.Group + + // SubID represents an entry in /etc/sub{u,g}id. + SubID = user.SubID + + // IDMap represents an entry in /proc/PID/{u,g}id_map. + IDMap = user.IDMap + + ExecUser = user.ExecUser +) + +func ParsePasswdFile(path string) ([]user.User, error) { + return user.ParsePasswdFile(path) +} + +func ParsePasswd(passwd io.Reader) ([]user.User, error) { + return user.ParsePasswd(passwd) +} + +func ParsePasswdFileFilter(path string, filter func(user.User) bool) ([]user.User, error) { + return user.ParsePasswdFileFilter(path, filter) +} + +func ParsePasswdFilter(r io.Reader, filter func(user.User) bool) ([]user.User, error) { + return user.ParsePasswdFilter(r, filter) +} + +func ParseGroupFile(path string) ([]user.Group, error) { + return user.ParseGroupFile(path) +} + +func ParseGroup(group io.Reader) ([]user.Group, error) { + return user.ParseGroup(group) +} + +func ParseGroupFileFilter(path string, filter func(user.Group) bool) ([]user.Group, error) { + return user.ParseGroupFileFilter(path, filter) +} + +func ParseGroupFilter(r io.Reader, filter func(user.Group) bool) ([]user.Group, error) { + return user.ParseGroupFilter(r, filter) +} + +// GetExecUserPath is a wrapper for GetExecUser. It reads data from each of the +// given file paths and uses that data as the arguments to GetExecUser. If the +// files cannot be opened for any reason, the error is ignored and a nil +// io.Reader is passed instead. +func GetExecUserPath(userSpec string, defaults *user.ExecUser, passwdPath, groupPath string) (*user.ExecUser, error) { + return user.GetExecUserPath(userSpec, defaults, passwdPath, groupPath) +} + +// GetExecUser parses a user specification string (using the passwd and group +// readers as sources for /etc/passwd and /etc/group data, respectively). In +// the case of blank fields or missing data from the sources, the values in +// defaults is used. +// +// GetExecUser will return an error if a user or group literal could not be +// found in any entry in passwd and group respectively. +// +// Examples of valid user specifications are: +// - "" +// - "user" +// - "uid" +// - "user:group" +// - "uid:gid +// - "user:gid" +// - "uid:group" +// +// It should be noted that if you specify a numeric user or group id, they will +// not be evaluated as usernames (only the metadata will be filled). So attempting +// to parse a user with user.Name = "1337" will produce the user with a UID of +// 1337. +func GetExecUser(userSpec string, defaults *user.ExecUser, passwd, group io.Reader) (*user.ExecUser, error) { + return user.GetExecUser(userSpec, defaults, passwd, group) +} + +// GetAdditionalGroups looks up a list of groups by name or group id +// against the given /etc/group formatted data. If a group name cannot +// be found, an error will be returned. If a group id cannot be found, +// or the given group data is nil, the id will be returned as-is +// provided it is in the legal range. +func GetAdditionalGroups(additionalGroups []string, group io.Reader) ([]int, error) { + return user.GetAdditionalGroups(additionalGroups, group) +} + +// GetAdditionalGroupsPath is a wrapper around GetAdditionalGroups +// that opens the groupPath given and gives it as an argument to +// GetAdditionalGroups. +func GetAdditionalGroupsPath(additionalGroups []string, groupPath string) ([]int, error) { + return user.GetAdditionalGroupsPath(additionalGroups, groupPath) +} + +func ParseSubIDFile(path string) ([]user.SubID, error) { + return user.ParseSubIDFile(path) +} + +func ParseSubID(subid io.Reader) ([]user.SubID, error) { + return user.ParseSubID(subid) +} + +func ParseSubIDFileFilter(path string, filter func(user.SubID) bool) ([]user.SubID, error) { + return user.ParseSubIDFileFilter(path, filter) +} + +func ParseSubIDFilter(r io.Reader, filter func(user.SubID) bool) ([]user.SubID, error) { + return user.ParseSubIDFilter(r, filter) +} + +func ParseIDMapFile(path string) ([]user.IDMap, error) { + return user.ParseIDMapFile(path) +} + +func ParseIDMap(r io.Reader) ([]user.IDMap, error) { + return user.ParseIDMap(r) +} + +func ParseIDMapFileFilter(path string, filter func(user.IDMap) bool) ([]user.IDMap, error) { + return user.ParseIDMapFileFilter(path, filter) +} + +func ParseIDMapFilter(r io.Reader, filter func(user.IDMap) bool) ([]user.IDMap, error) { + return user.ParseIDMapFilter(r, filter) +} diff --git a/libcontainer/user/user_test.go b/libcontainer/user/user_test.go deleted file mode 100644 index c0c762d6a89..00000000000 --- a/libcontainer/user/user_test.go +++ /dev/null @@ -1,530 +0,0 @@ -package user - -import ( - "fmt" - "io" - "reflect" - "sort" - "strconv" - "strings" - "testing" -) - -func TestUserParseLine(t *testing.T) { - var ( - a, b string - c []string - d int - ) - - parseLine([]byte(""), &a, &b) - if a != "" || b != "" { - t.Fatalf("a and b should be empty ('%v', '%v')", a, b) - } - - parseLine([]byte("a"), &a, &b) - if a != "a" || b != "" { - t.Fatalf("a should be 'a' and b should be empty ('%v', '%v')", a, b) - } - - parseLine([]byte("bad boys:corny cows"), &a, &b) - if a != "bad boys" || b != "corny cows" { - t.Fatalf("a should be 'bad boys' and b should be 'corny cows' ('%v', '%v')", a, b) - } - - parseLine([]byte(""), &c) - if len(c) != 0 { - t.Fatalf("c should be empty (%#v)", c) - } - - parseLine([]byte("d,e,f:g:h:i,j,k"), &c, &a, &b, &c) - if a != "g" || b != "h" || len(c) != 3 || c[0] != "i" || c[1] != "j" || c[2] != "k" { - t.Fatalf("a should be 'g', b should be 'h', and c should be ['i','j','k'] ('%v', '%v', '%#v')", a, b, c) - } - - parseLine([]byte("::::::::::"), &a, &b, &c) - if a != "" || b != "" || len(c) != 0 { - t.Fatalf("a, b, and c should all be empty ('%v', '%v', '%#v')", a, b, c) - } - - parseLine([]byte("not a number"), &d) - if d != 0 { - t.Fatalf("d should be 0 (%v)", d) - } - - parseLine([]byte("b:12:c"), &a, &d, &b) - if a != "b" || b != "c" || d != 12 { - t.Fatalf("a should be 'b' and b should be 'c', and d should be 12 ('%v', '%v', %v)", a, b, d) - } -} - -func TestUserParsePasswd(t *testing.T) { - users, err := ParsePasswdFilter(strings.NewReader(` -root:x:0:0:root:/root:/bin/bash -adm:x:3:4:adm:/var/adm:/bin/false -this is just some garbage data -`), nil) - if err != nil { - t.Fatalf("Unexpected error: %v", err) - } - if len(users) != 3 { - t.Fatalf("Expected 3 users, got %v", len(users)) - } - if users[0].Uid != 0 || users[0].Name != "root" { - t.Fatalf("Expected users[0] to be 0 - root, got %v - %v", users[0].Uid, users[0].Name) - } - if users[1].Uid != 3 || users[1].Name != "adm" { - t.Fatalf("Expected users[1] to be 3 - adm, got %v - %v", users[1].Uid, users[1].Name) - } -} - -func TestUserParseGroup(t *testing.T) { - groups, err := ParseGroupFilter(strings.NewReader(` -root:x:0:root -adm:x:4:root,adm,daemon -this is just some garbage data -`+largeGroup()), nil) - if err != nil { - t.Fatalf("Unexpected error: %v", err) - } - if len(groups) != 4 { - t.Fatalf("Expected 4 groups, got %v", len(groups)) - } - if groups[0].Gid != 0 || groups[0].Name != "root" || len(groups[0].List) != 1 { - t.Fatalf("Expected groups[0] to be 0 - root - 1 member, got %v - %v - %v", groups[0].Gid, groups[0].Name, len(groups[0].List)) - } - if groups[1].Gid != 4 || groups[1].Name != "adm" || len(groups[1].List) != 3 { - t.Fatalf("Expected groups[1] to be 4 - adm - 3 members, got %v - %v - %v", groups[1].Gid, groups[1].Name, len(groups[1].List)) - } -} - -func TestValidGetExecUser(t *testing.T) { - const passwdContent = ` -root:x:0:0:root user:/root:/bin/bash -adm:x:42:43:adm:/var/adm:/bin/false -111:x:222:333::/var/garbage -odd:x:111:112::/home/odd::::: -user7456:x:7456:100:Vasya:/home/user7456 -this is just some garbage data -` - groupContent := ` -root:x:0:root -adm:x:43: -grp:x:1234:root,adm,user7456 -444:x:555:111 -odd:x:444: -this is just some garbage data -` + largeGroup() - - defaultExecUser := ExecUser{ - Uid: 8888, - Gid: 8888, - Sgids: []int{8888}, - Home: "/8888", - } - - tests := []struct { - ref string - expected ExecUser - }{ - { - ref: "root", - expected: ExecUser{ - Uid: 0, - Gid: 0, - Sgids: []int{0, 1234}, - Home: "/root", - }, - }, - { - ref: "adm", - expected: ExecUser{ - Uid: 42, - Gid: 43, - Sgids: []int{1234}, - Home: "/var/adm", - }, - }, - { - ref: "root:adm", - expected: ExecUser{ - Uid: 0, - Gid: 43, - Sgids: defaultExecUser.Sgids, - Home: "/root", - }, - }, - { - ref: "adm:1234", - expected: ExecUser{ - Uid: 42, - Gid: 1234, - Sgids: defaultExecUser.Sgids, - Home: "/var/adm", - }, - }, - { - ref: "42:1234", - expected: ExecUser{ - Uid: 42, - Gid: 1234, - Sgids: defaultExecUser.Sgids, - Home: "/var/adm", - }, - }, - { - ref: "1337:1234", - expected: ExecUser{ - Uid: 1337, - Gid: 1234, - Sgids: defaultExecUser.Sgids, - Home: defaultExecUser.Home, - }, - }, - { - ref: "1337", - expected: ExecUser{ - Uid: 1337, - Gid: defaultExecUser.Gid, - Sgids: defaultExecUser.Sgids, - Home: defaultExecUser.Home, - }, - }, - { - ref: "", - expected: ExecUser{ - Uid: defaultExecUser.Uid, - Gid: defaultExecUser.Gid, - Sgids: defaultExecUser.Sgids, - Home: defaultExecUser.Home, - }, - }, - - // Regression tests for #695. - { - ref: "111", - expected: ExecUser{ - Uid: 111, - Gid: 112, - Sgids: defaultExecUser.Sgids, - Home: "/home/odd", - }, - }, - { - ref: "111:444", - expected: ExecUser{ - Uid: 111, - Gid: 444, - Sgids: defaultExecUser.Sgids, - Home: "/home/odd", - }, - }, - // Test for #3036. - { - ref: "7456", - expected: ExecUser{ - Uid: 7456, - Gid: 100, - Sgids: []int{1234, 1000}, // 1000 is largegroup GID - Home: "/home/user7456", - }, - }, - } - - for _, test := range tests { - passwd := strings.NewReader(passwdContent) - group := strings.NewReader(groupContent) - - execUser, err := GetExecUser(test.ref, &defaultExecUser, passwd, group) - if err != nil { - t.Logf("got unexpected error when parsing '%s': %s", test.ref, err.Error()) - t.Fail() - continue - } - - if !reflect.DeepEqual(test.expected, *execUser) { - t.Logf("ref: %v", test.ref) - t.Logf("got: %#v", execUser) - t.Logf("expected: %#v", test.expected) - t.Fail() - continue - } - } -} - -func TestInvalidGetExecUser(t *testing.T) { - const passwdContent = ` -root:x:0:0:root user:/root:/bin/bash -adm:x:42:43:adm:/var/adm:/bin/false --42:x:12:13:broken:/very/broken -this is just some garbage data -` - const groupContent = ` -root:x:0:root -adm:x:43: -grp:x:1234:root,adm -this is just some garbage data -` - - tests := []string{ - // No such user/group. - "notuser", - "notuser:notgroup", - "root:notgroup", - "notuser:adm", - "8888:notgroup", - "notuser:8888", - - // Invalid user/group values. - "-1:0", - "0:-3", - "-5:-2", - "-42", - "-43", - } - - for _, test := range tests { - passwd := strings.NewReader(passwdContent) - group := strings.NewReader(groupContent) - - execUser, err := GetExecUser(test, nil, passwd, group) - if err == nil { - t.Logf("got unexpected success when parsing '%s': %#v", test, execUser) - t.Fail() - continue - } - } -} - -func TestGetExecUserNilSources(t *testing.T) { - const passwdContent = ` -root:x:0:0:root user:/root:/bin/bash -adm:x:42:43:adm:/var/adm:/bin/false -this is just some garbage data -` - const groupContent = ` -root:x:0:root -adm:x:43: -grp:x:1234:root,adm -this is just some garbage data -` - - defaultExecUser := ExecUser{ - Uid: 8888, - Gid: 8888, - Sgids: []int{8888}, - Home: "/8888", - } - - tests := []struct { - ref string - passwd, group bool - expected ExecUser - }{ - { - ref: "", - passwd: false, - group: false, - expected: ExecUser{ - Uid: 8888, - Gid: 8888, - Sgids: []int{8888}, - Home: "/8888", - }, - }, - { - ref: "root", - passwd: true, - group: false, - expected: ExecUser{ - Uid: 0, - Gid: 0, - Sgids: []int{8888}, - Home: "/root", - }, - }, - { - ref: "0", - passwd: false, - group: false, - expected: ExecUser{ - Uid: 0, - Gid: 8888, - Sgids: []int{8888}, - Home: "/8888", - }, - }, - { - ref: "0:0", - passwd: false, - group: false, - expected: ExecUser{ - Uid: 0, - Gid: 0, - Sgids: []int{8888}, - Home: "/8888", - }, - }, - } - - for _, test := range tests { - var passwd, group io.Reader - - if test.passwd { - passwd = strings.NewReader(passwdContent) - } - - if test.group { - group = strings.NewReader(groupContent) - } - - execUser, err := GetExecUser(test.ref, &defaultExecUser, passwd, group) - if err != nil { - t.Logf("got unexpected error when parsing '%s': %s", test.ref, err.Error()) - t.Fail() - continue - } - - if !reflect.DeepEqual(test.expected, *execUser) { - t.Logf("got: %#v", execUser) - t.Logf("expected: %#v", test.expected) - t.Fail() - continue - } - } -} - -func TestGetAdditionalGroups(t *testing.T) { - type foo struct { - groups []string - expected []int - hasError bool - } - - groupContent := ` -root:x:0:root -adm:x:43: -grp:x:1234:root,adm -adm:x:4343:root,adm-duplicate -this is just some garbage data -` + largeGroup() - tests := []foo{ - { - // empty group - groups: []string{}, - expected: []int{}, - }, - { - // single group - groups: []string{"adm"}, - expected: []int{43}, - }, - { - // multiple groups - groups: []string{"adm", "grp"}, - expected: []int{43, 1234}, - }, - { - // invalid group - groups: []string{"adm", "grp", "not-exist"}, - expected: nil, - hasError: true, - }, - { - // group with numeric id - groups: []string{"43"}, - expected: []int{43}, - }, - { - // group with unknown numeric id - groups: []string{"adm", "10001"}, - expected: []int{43, 10001}, - }, - { - // groups specified twice with numeric and name - groups: []string{"adm", "43"}, - expected: []int{43}, - }, - { - // groups with too small id - groups: []string{"-1"}, - expected: nil, - hasError: true, - }, - { - // groups with too large id - groups: []string{strconv.FormatInt(1<<31, 10)}, - expected: nil, - hasError: true, - }, - { - // group with very long list of users - groups: []string{"largegroup"}, - expected: []int{1000}, - }, - } - - for _, test := range tests { - group := strings.NewReader(groupContent) - - gids, err := GetAdditionalGroups(test.groups, group) - if test.hasError && err == nil { - t.Errorf("Parse(%#v) expects error but has none", test) - continue - } - if !test.hasError && err != nil { - t.Errorf("Parse(%#v) has error %v", test, err) - continue - } - sort.Ints(gids) - if !reflect.DeepEqual(gids, test.expected) { - t.Errorf("Gids(%v), expect %v from groups %v", gids, test.expected, test.groups) - } - } -} - -func TestGetAdditionalGroupsNumeric(t *testing.T) { - tests := []struct { - groups []string - expected []int - hasError bool - }{ - { - // numeric groups only - groups: []string{"1234", "5678"}, - expected: []int{1234, 5678}, - }, - { - // numeric and alphabetic - groups: []string{"1234", "fake"}, - expected: nil, - hasError: true, - }, - } - - for _, test := range tests { - gids, err := GetAdditionalGroups(test.groups, nil) - if test.hasError && err == nil { - t.Errorf("Parse(%#v) expects error but has none", test) - continue - } - if !test.hasError && err != nil { - t.Errorf("Parse(%#v) has error %v", test, err) - continue - } - sort.Ints(gids) - if !reflect.DeepEqual(gids, test.expected) { - t.Errorf("Gids(%v), expect %v from groups %v", gids, test.expected, test.groups) - } - } -} - -// Generate a proper "largegroup" entry for group tests. -func largeGroup() (res string) { - var b strings.Builder - b.WriteString("largegroup:x:1000:user1") - for i := 2; i <= 7500; i++ { - fmt.Fprintf(&b, ",user%d", i) - } - return b.String() -} diff --git a/list.go b/list.go index 01e282714fd..615f6271cb2 100644 --- a/list.go +++ b/list.go @@ -9,8 +9,8 @@ import ( "text/tabwriter" "time" + "github.com/moby/sys/user" "github.com/opencontainers/runc/libcontainer" - "github.com/opencontainers/runc/libcontainer/user" "github.com/opencontainers/runc/libcontainer/utils" "github.com/urfave/cli" ) diff --git a/vendor/github.com/moby/sys/user/LICENSE b/vendor/github.com/moby/sys/user/LICENSE new file mode 100644 index 00000000000..d6456956733 --- /dev/null +++ b/vendor/github.com/moby/sys/user/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/libcontainer/user/lookup_unix.go b/vendor/github.com/moby/sys/user/lookup_unix.go similarity index 100% rename from libcontainer/user/lookup_unix.go rename to vendor/github.com/moby/sys/user/lookup_unix.go diff --git a/libcontainer/user/user.go b/vendor/github.com/moby/sys/user/user.go similarity index 100% rename from libcontainer/user/user.go rename to vendor/github.com/moby/sys/user/user.go diff --git a/libcontainer/user/user_fuzzer.go b/vendor/github.com/moby/sys/user/user_fuzzer.go similarity index 100% rename from libcontainer/user/user_fuzzer.go rename to vendor/github.com/moby/sys/user/user_fuzzer.go diff --git a/vendor/modules.txt b/vendor/modules.txt index b2d26f63ddb..cee8a9ba81c 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -35,6 +35,9 @@ github.com/godbus/dbus/v5 # github.com/moby/sys/mountinfo v0.6.2 ## explicit; go 1.16 github.com/moby/sys/mountinfo +# github.com/moby/sys/user v0.1.0 +## explicit; go 1.17 +github.com/moby/sys/user # github.com/mrunalp/fileutils v0.5.0 ## explicit; go 1.13 github.com/mrunalp/fileutils From d9ea71bf96861a93f9cb4f4831238eaf4a0317c7 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Sat, 16 Sep 2023 13:18:31 +0200 Subject: [PATCH 0377/1176] deprecate libcontainer/user Signed-off-by: Sebastiaan van Stijn --- libcontainer/user/user_deprecated.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libcontainer/user/user_deprecated.go b/libcontainer/user/user_deprecated.go index b20e47ca108..3c29f3d1d86 100644 --- a/libcontainer/user/user_deprecated.go +++ b/libcontainer/user/user_deprecated.go @@ -1,3 +1,6 @@ +// Package user is an alias for [github.com/moby/sys/user]. +// +// Deprecated: use [github.com/moby/sys/user]. package user import ( From 321aa20c49568ea2e2a3f708a50ccffb1bd67c79 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Sat, 19 Aug 2023 12:18:08 +1000 Subject: [PATCH 0378/1176] scripts: add proper 386 and amd64 target triples and builds We need these to match the Makefile detection of the right gcc for runc-dmz, as well as making sure that everything builds properly for our cross-i386 tests. While we're at it, add x86 to the list of build targets for release builds (presumably nobody will use it, but since we do test builds of this anyway it probably won't hurt). In addition, clean up the handling of the native architecture build by treating it the same as any other build (ensuring that building runc from a different platform will work the same way regardless of the native architecture). In practice, the build works the same way as before. Signed-off-by: Aleksa Sarai --- Dockerfile | 20 ++++++++++------- Makefile | 2 +- script/lib.sh | 50 +++++++++++++++++++++++++++++++++-------- script/release_build.sh | 42 +++++++++++++++++----------------- script/seccomp.sh | 9 ++++++-- 5 files changed, 83 insertions(+), 40 deletions(-) diff --git a/Dockerfile b/Dockerfile index 9fd29a59371..6fa8752b5e3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,19 +9,15 @@ ARG CRIU_REPO=https://download.opensuse.org/repositories/devel:/tools:/criu/Debi RUN KEYFILE=/usr/share/keyrings/criu-repo-keyring.gpg; \ wget -nv $CRIU_REPO/Release.key -O- | gpg --dearmor > "$KEYFILE" \ && echo "deb [signed-by=$KEYFILE] $CRIU_REPO/ /" > /etc/apt/sources.list.d/criu.list \ + && dpkg --add-architecture i386 \ && apt-get update \ && apt-get install -y --no-install-recommends \ build-essential \ criu \ - gcc-aarch64-linux-gnu libc-dev-arm64-cross \ - gcc-arm-linux-gnueabi libc-dev-armel-cross \ - gcc-arm-linux-gnueabihf libc-dev-armhf-cross \ - gcc-powerpc64le-linux-gnu libc-dev-ppc64el-cross \ - gcc-s390x-linux-gnu libc-dev-s390x-cross \ - gcc-riscv64-linux-gnu libc-dev-riscv64-cross \ + gcc \ + gcc-multilib \ curl \ gawk \ - gcc \ gperf \ iptables \ jq \ @@ -32,6 +28,14 @@ RUN KEYFILE=/usr/share/keyrings/criu-repo-keyring.gpg; \ sudo \ uidmap \ iproute2 \ + && apt-get install -y --no-install-recommends \ + libc-dev:i386 libgcc-s1:i386 \ + gcc-aarch64-linux-gnu libc-dev-arm64-cross \ + gcc-arm-linux-gnueabi libc-dev-armel-cross \ + gcc-arm-linux-gnueabihf libc-dev-armhf-cross \ + gcc-powerpc64le-linux-gnu libc-dev-ppc64el-cross \ + gcc-s390x-linux-gnu libc-dev-s390x-cross \ + gcc-riscv64-linux-gnu libc-dev-riscv64-cross \ && apt-get clean \ && rm -rf /var/cache/apt /var/lib/apt/lists/* /etc/apt/sources.list.d/*.list @@ -54,7 +58,7 @@ RUN cd /tmp \ ARG LIBSECCOMP_VERSION COPY script/seccomp.sh script/lib.sh /tmp/script/ RUN mkdir -p /opt/libseccomp \ - && /tmp/script/seccomp.sh "$LIBSECCOMP_VERSION" /opt/libseccomp arm64 armel armhf ppc64le riscv64 s390x + && /tmp/script/seccomp.sh "$LIBSECCOMP_VERSION" /opt/libseccomp 386 amd64 arm64 armel armhf ppc64le riscv64 s390x ENV LIBSECCOMP_VERSION=$LIBSECCOMP_VERSION ENV LD_LIBRARY_PATH=/opt/libseccomp/lib ENV PKG_CONFIG_PATH=/opt/libseccomp/lib/pkgconfig diff --git a/Makefile b/Makefile index 0d48fe8c521..4e90e1c7c4f 100644 --- a/Makefile +++ b/Makefile @@ -68,7 +68,7 @@ recvtty sd-helper seccompagent fs-idmap: static: $(GO_BUILD_STATIC) -o runc . -releaseall: RELEASE_ARGS := "-a arm64 -a armel -a armhf -a ppc64le -a riscv64 -a s390x" +releaseall: RELEASE_ARGS := "-a 386 -a amd64 -a arm64 -a armel -a armhf -a ppc64le -a riscv64 -a s390x" releaseall: release release: runcimage diff --git a/script/lib.sh b/script/lib.sh index 9fee8e29f38..f79dc3c2335 100644 --- a/script/lib.sh +++ b/script/lib.sh @@ -1,33 +1,65 @@ #!/bin/bash +# NOTE: Make sure you keep this file in sync with cc_platform.mk. + # set_cross_vars sets a few environment variables used for cross-compiling, # based on the architecture specified in $1. function set_cross_vars() { GOARCH="$1" # default, may be overridden below unset GOARM + PLATFORM=linux-gnu + # openSUSE has a custom PLATFORM + if grep -iq "ID_LIKE=.*suse" /etc/os-release; then + PLATFORM=suse-linux + is_suse=1 + fi + case $1 in + 386) + # Always use the 64-bit compiler to build the 386 binary, which works + # for the more common cross-build method for x86 (namely, the + # equivalent of dpkg --add-architecture). + local cpu_type + if [ -v is_suse ]; then + # There is no x86_64-suse-linux-gcc, so use the native one. + HOST= + cpu_type=i586 + else + HOST=x86_64-${PLATFORM} + cpu_type=i686 + fi + CFLAGS="-m32 -march=$cpu_type ${CFLAGS[*]}" + ;; + amd64) + if [ -n "${is_suse:-}" ]; then + # There is no x86_64-suse-linux-gcc, so use the native one. + HOST= + else + HOST=x86_64-${PLATFORM} + fi + ;; arm64) - HOST=aarch64-linux-gnu + HOST=aarch64-${PLATFORM} ;; armel) - HOST=arm-linux-gnueabi + HOST=arm-${PLATFORM}eabi GOARCH=arm GOARM=6 ;; armhf) - HOST=arm-linux-gnueabihf + HOST=arm-${PLATFORM}eabihf GOARCH=arm GOARM=7 ;; ppc64le) - HOST=powerpc64le-linux-gnu + HOST=powerpc64le-${PLATFORM} ;; riscv64) - HOST=riscv64-linux-gnu + HOST=riscv64-${PLATFORM} ;; s390x) - HOST=s390x-linux-gnu + HOST=s390x-${PLATFORM} ;; *) echo "set_cross_vars: unsupported architecture: $1" >&2 @@ -35,8 +67,8 @@ function set_cross_vars() { ;; esac - CC=$HOST-gcc - STRIP=$HOST-strip + CC="${HOST:+$HOST-}gcc" + STRIP="${HOST:+$HOST-}strip" - export HOST GOARM GOARCH CC STRIP + export HOST CFLAGS GOARM GOARCH CC STRIP } diff --git a/script/release_build.sh b/script/release_build.sh index af238628cbd..6c7aee88b23 100755 --- a/script/release_build.sh +++ b/script/release_build.sh @@ -60,24 +60,14 @@ function build_project() { # it can reuse cached pkg-config results). local make_args=(COMMIT_NO= EXTRA_FLAGS="-a" EXTRA_LDFLAGS="${ldflags}" static) - # Build natively. - make -C "$root" \ - PKG_CONFIG_PATH="$seccompdir/lib/pkgconfig" \ - "${make_args[@]}" - strip "$root/$project" - # Sanity check: make sure libseccomp version is as expected. - local ver - ver=$("$root/$project" --version | awk '$1 == "libseccomp:" {print $2}') - if [ "$ver" != "$LIBSECCOMP_VERSION" ]; then - echo >&2 "libseccomp version mismatch: want $LIBSECCOMP_VERSION, got $ver" - exit 1 - fi + # Save the original cflags. + local original_cflags="${CFLAGS:-}" - mv "$root/$project" "$builddir/$project.$native_arch" - - # Cross-build for for other architectures. + # Build for all requested architectures. local arch for arch in "${arches[@]}"; do + # Reset CFLAGS. + CFLAGS="$original_cflags" set_cross_vars "$arch" make -C "$root" \ PKG_CONFIG_PATH="$seccompdir/$arch/lib/pkgconfig" \ @@ -86,6 +76,14 @@ function build_project() { mv "$root/$project" "$builddir/$project.$arch" done + # Sanity check: make sure libseccomp version is as expected. + local ver + ver=$("$builddir/$project.$native_arch" --version | awk '$1 == "libseccomp:" {print $2}') + if [ "$ver" != "$LIBSECCOMP_VERSION" ]; then + echo >&2 "libseccomp version mismatch: want $LIBSECCOMP_VERSION, got $ver" + exit 1 + fi + # Copy libseccomp source tarball. cp "$seccompdir"/src/* "$builddir" @@ -122,12 +120,17 @@ commit="HEAD" version="" releasedir="" hashcmd="" -declare -a add_arches +# Always build a native binary. +native_arch="$(go env GOARCH || echo "amd64")" +arches=("$native_arch") while getopts "a:c:H:hr:v:" opt; do case "$opt" in a) - add_arches+=("$OPTARG") + # Add architecture if not already present in arches. + if ! (printf "%s\0" "${arches[@]}" | grep -zqxF "$OPTARG"); then + arches+=("$OPTARG") + fi ;; c) commit="$OPTARG" @@ -158,9 +161,8 @@ done version="${version:-$(<"$root/VERSION")}" releasedir="${releasedir:-release/$version}" hashcmd="${hashcmd:-sha256sum}" -native_arch="$(go env GOARCH || echo "amd64")" # Suffixes of files to checksum/sign. -suffixes=("$native_arch" "${add_arches[@]}" tar.xz) +suffixes=("${arches[@]}" tar.xz) log "creating $project release in '$releasedir'" log " version: $version" @@ -174,7 +176,7 @@ set -x rm -rf "$releasedir" && mkdir -p "$releasedir" # Build project. -build_project "$releasedir/$project" "$native_arch" "${add_arches[@]}" +build_project "$releasedir/$project" "$native_arch" "${arches[@]}" # Generate new archive. git archive --format=tar --prefix="$project-$version/" "$commit" | xz >"$releasedir/$project.tar.xz" diff --git a/script/seccomp.sh b/script/seccomp.sh index beea612ac83..955437c2fb4 100755 --- a/script/seccomp.sh +++ b/script/seccomp.sh @@ -33,16 +33,21 @@ function build_libseccomp() { tar xf "$tar" -C "$srcdir" pushd "$srcdir/libseccomp-$ver" || return - # Build natively and install to /usr/local. + # Install native version for Dockerfile builds. ./configure \ --prefix="$dest" --libdir="$dest/lib" \ --enable-static --enable-shared make install make clean - # Build and install for additional architectures. + # Save the original cflags. + local original_cflags="${CFLAGS:-}" + + # Build and install for all requested architectures. local arch for arch in "${arches[@]}"; do + # Reset CFLAGS. + CFLAGS="$original_cflags" set_cross_vars "$arch" ./configure --host "$HOST" \ --prefix="$dest/$arch" --libdir="$dest/$arch/lib" \ From 0e9a3358f84813120b38f01cd8ad153ddf3a1694 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Fri, 4 Aug 2023 11:59:31 +1000 Subject: [PATCH 0379/1176] nsexec: migrate memfd /proc/self/exe logic to Go code This allow us to remove the amount of C code in runc quite substantially, as well as removing a whole execve(2) from the nsexec path because we no longer spawn "runc init" only to re-exec "runc init" after doing the clone. Signed-off-by: Aleksa Sarai --- libcontainer/container_linux.go | 74 +++- libcontainer/dmz/cloned_binary_linux.go | 192 ++++++++ libcontainer/nsenter/cloned_binary.c | 567 ------------------------ libcontainer/nsenter/nsexec.c | 11 - libcontainer/process.go | 12 + libcontainer/system/linux.go | 28 ++ 6 files changed, 286 insertions(+), 598 deletions(-) create mode 100644 libcontainer/dmz/cloned_binary_linux.go delete mode 100644 libcontainer/nsenter/cloned_binary.c diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index c941239b841..9eb72f86600 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -24,6 +24,7 @@ import ( "github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/configs" + "github.com/opencontainers/runc/libcontainer/dmz" "github.com/opencontainers/runc/libcontainer/intelrdt" "github.com/opencontainers/runc/libcontainer/system" "github.com/opencontainers/runc/libcontainer/utils" @@ -316,6 +317,8 @@ func (c *Container) start(process *Process) (retErr error) { if err != nil { return fmt.Errorf("unable to create new parent process: %w", err) } + // We do not need the cloned binaries once the process is spawned. + defer process.closeClonedExes() logsDone := parent.forwardChildLogs() if logsDone != nil { @@ -454,24 +457,30 @@ func (c *Container) newParentProcess(p *Process) (parentProcess, error) { } logFilePair := filePair{parentLogPipe, childLogPipe} - cmd := c.commandTemplate(p, childInitPipe, childLogPipe) - if !p.Init { - return c.newSetnsProcess(p, cmd, messageSockPair, logFilePair) + // Make sure we use a new safe copy of /proc/self/exe each time this is + // called, to make sure that if a container manages to overwrite the file + // it cannot affect other containers on the system. For runc, this code + // will only ever be called once, but libcontainer users might call this + // more than once. + p.closeClonedExes() + var ( + exePath string + safeExe *os.File + ) + if dmz.IsSelfExeCloned() { + // /proc/self/exe is already a cloned binary -- no need to do anything + logrus.Debug("skipping binary cloning -- /proc/self/exe is already cloned!") + exePath = "/proc/self/exe" + } else { + safeExe, err = dmz.CloneSelfExe(c.root) + if err != nil { + return nil, fmt.Errorf("unable to create safe /proc/self/exe clone for runc init: %w", err) + } + exePath = "/proc/self/fd/" + strconv.Itoa(int(safeExe.Fd())) + p.clonedExes = append(p.clonedExes, safeExe) } - // We only set up fifoFd if we're not doing a `runc exec`. The historic - // reason for this is that previously we would pass a dirfd that allowed - // for container rootfs escape (and not doing it in `runc exec` avoided - // that problem), but we no longer do that. However, there's no need to do - // this for `runc exec` so we just keep it this way to be safe. - if err := c.includeExecFifo(cmd); err != nil { - return nil, fmt.Errorf("unable to setup exec fifo: %w", err) - } - return c.newInitProcess(p, cmd, messageSockPair, logFilePair) -} - -func (c *Container) commandTemplate(p *Process, childInitPipe *os.File, childLogPipe *os.File) *exec.Cmd { - cmd := exec.Command("/proc/self/exe", "init") + cmd := exec.Command(exePath, "init") cmd.Args[0] = os.Args[0] cmd.Stdin = p.Stdin cmd.Stdout = p.Stdout @@ -501,13 +510,38 @@ func (c *Container) commandTemplate(p *Process, childInitPipe *os.File, childLog cmd.Env = append(cmd.Env, "_LIBCONTAINER_LOGLEVEL="+p.LogLevel) } - // NOTE: when running a container with no PID namespace and the parent process spawning the container is - // PID1 the pdeathsig is being delivered to the container's init process by the kernel for some reason - // even with the parent still running. + if safeExe != nil { + // Due to a Go stdlib bug, we need to add safeExe to the set of + // ExtraFiles otherwise it is possible for the stdlib to clobber the fd + // during forkAndExecInChild1 and replace it with some other file that + // might be malicious. This is less than ideal (because the descriptor + // will be non-O_CLOEXEC) however we have protections in "runc init" to + // stop us from leaking extra file descriptors. + // + // See . + cmd.ExtraFiles = append(cmd.ExtraFiles, safeExe) + } + + // NOTE: when running a container with no PID namespace and the parent + // process spawning the container is PID1 the pdeathsig is being + // delivered to the container's init process by the kernel for some + // reason even with the parent still running. if c.config.ParentDeathSignal > 0 { cmd.SysProcAttr.Pdeathsig = unix.Signal(c.config.ParentDeathSignal) } - return cmd + + if p.Init { + // We only set up fifoFd if we're not doing a `runc exec`. The historic + // reason for this is that previously we would pass a dirfd that allowed + // for container rootfs escape (and not doing it in `runc exec` avoided + // that problem), but we no longer do that. However, there's no need to do + // this for `runc exec` so we just keep it this way to be safe. + if err := c.includeExecFifo(cmd); err != nil { + return nil, fmt.Errorf("unable to setup exec fifo: %w", err) + } + return c.newInitProcess(p, cmd, messageSockPair, logFilePair) + } + return c.newSetnsProcess(p, cmd, messageSockPair, logFilePair) } // shouldSendMountSources says whether the child process must setup bind mounts with diff --git a/libcontainer/dmz/cloned_binary_linux.go b/libcontainer/dmz/cloned_binary_linux.go new file mode 100644 index 00000000000..c962ea6fcba --- /dev/null +++ b/libcontainer/dmz/cloned_binary_linux.go @@ -0,0 +1,192 @@ +package dmz + +import ( + "errors" + "fmt" + "io" + "os" + + "github.com/sirupsen/logrus" + "golang.org/x/sys/unix" + + "github.com/opencontainers/runc/libcontainer/system" +) + +type SealFunc func(**os.File) error + +var ( + _ SealFunc = sealMemfd + _ SealFunc = sealFile +) + +const baseMemfdSeals = unix.F_SEAL_SEAL | unix.F_SEAL_SHRINK | unix.F_SEAL_GROW | unix.F_SEAL_WRITE + +func sealMemfd(f **os.File) error { + if err := (*f).Chmod(0o511); err != nil { + return err + } + // Try to set the newer memfd sealing flags, but we ignore + // errors because they are not needed and we want to continue + // to work on older kernels. + fd := (*f).Fd() + // F_SEAL_FUTURE_WRITE -- Linux 5.1 + _, _ = unix.FcntlInt(fd, unix.F_ADD_SEALS, unix.F_SEAL_FUTURE_WRITE) + // F_SEAL_EXEC -- Linux 6.3 + const F_SEAL_EXEC = 0x20 //nolint:revive // this matches the unix.* name + _, _ = unix.FcntlInt(fd, unix.F_ADD_SEALS, F_SEAL_EXEC) + // Apply all original memfd seals. + _, err := unix.FcntlInt(fd, unix.F_ADD_SEALS, baseMemfdSeals) + return os.NewSyscallError("fcntl(F_ADD_SEALS)", err) +} + +// Memfd creates a sealable executable memfd (supported since Linux 3.17). +func Memfd(comment string) (*os.File, SealFunc, error) { + file, err := system.ExecutableMemfd("runc_cloned:"+comment, unix.MFD_ALLOW_SEALING|unix.MFD_CLOEXEC) + return file, sealMemfd, err +} + +func sealFile(f **os.File) error { + if err := (*f).Chmod(0o511); err != nil { + return err + } + // When sealing an O_TMPFILE-style descriptor we need to + // re-open the path as O_PATH to clear the existing write + // handle we have. + opath, err := os.OpenFile(fmt.Sprintf("/proc/self/fd/%d", (*f).Fd()), unix.O_PATH|unix.O_CLOEXEC, 0) + if err != nil { + return fmt.Errorf("reopen tmpfile: %w", err) + } + _ = (*f).Close() + *f = opath + return nil +} + +// otmpfile creates an open(O_TMPFILE) file in the given directory (supported +// since Linux 3.11). +func otmpfile(dir string) (*os.File, SealFunc, error) { + file, err := os.OpenFile(dir, unix.O_TMPFILE|unix.O_RDWR|unix.O_EXCL|unix.O_CLOEXEC, 0o700) + if err != nil { + return nil, nil, fmt.Errorf("O_TMPFILE creation failed: %w", err) + } + // Make sure we actually got an unlinked O_TMPFILE descriptor. + var stat unix.Stat_t + if err := unix.Fstat(int(file.Fd()), &stat); err != nil { + file.Close() + return nil, nil, fmt.Errorf("cannot fstat O_TMPFILE fd: %w", err) + } else if stat.Nlink != 0 { + file.Close() + return nil, nil, errors.New("O_TMPFILE has non-zero nlink") + } + return file, sealFile, err +} + +// mktemp creates a classic unlinked file in the given directory. +func mktemp(dir string) (*os.File, SealFunc, error) { + file, err := os.CreateTemp(dir, "runc.") + if err != nil { + return nil, nil, err + } + // Unlink the file and verify it was unlinked. + if err := os.Remove(file.Name()); err != nil { + return nil, nil, fmt.Errorf("unlinking classic tmpfile: %w", err) + } + var stat unix.Stat_t + if err := unix.Fstat(int(file.Fd()), &stat); err != nil { + return nil, nil, fmt.Errorf("cannot fstat classic tmpfile: %w", err) + } else if stat.Nlink != 0 { + return nil, nil, fmt.Errorf("classic tmpfile %s has non-zero nlink after unlink", file.Name()) + } + return file, sealFile, err +} + +func getSealableFile(comment, tmpDir string) (file *os.File, sealFn SealFunc, err error) { + // First, try an executable memfd (supported since Linux 3.17). + file, sealFn, err = Memfd(comment) + if err == nil { + return + } + logrus.Debugf("memfd cloned binary failed, falling back to O_TMPFILE: %v", err) + // Try to fallback to O_TMPFILE (supported since Linux 3.11). + file, sealFn, err = otmpfile(tmpDir) + if err == nil { + return + } + logrus.Debugf("O_TMPFILE cloned binary failed, falling back to mktemp(): %v", err) + // Finally, try a classic unlinked temporary file. + file, sealFn, err = mktemp(tmpDir) + if err == nil { + return + } + return nil, nil, fmt.Errorf("could not create sealable file for cloned binary: %w", err) +} + +// CloneBinary creates a "sealed" clone of a given binary, which can be used to +// thwart attempts by the container process to gain access to host binaries +// through procfs magic-link shenanigans. For more details on why this is +// necessary, see CVE-2019-5736. +func CloneBinary(src io.Reader, size int64, name, tmpDir string) (*os.File, error) { + logrus.Debugf("cloning %s binary (%d bytes)", name, size) + file, sealFn, err := getSealableFile(name, tmpDir) + if err != nil { + return nil, err + } + copied, err := io.Copy(file, src) + if err != nil { + file.Close() + return nil, fmt.Errorf("copy binary: %w", err) + } else if copied != size { + file.Close() + return nil, fmt.Errorf("copied binary size mismatch: %d != %d", copied, size) + } + if err := sealFn(&file); err != nil { + file.Close() + return nil, fmt.Errorf("could not seal fd: %w", err) + } + return file, nil +} + +// IsCloned returns whether the given file can be guaranteed to be a safe exe. +func IsCloned(exe *os.File) bool { + seals, err := unix.FcntlInt(exe.Fd(), unix.F_GET_SEALS, 0) + if err != nil { + // /proc/self/exe is probably not a memfd + logrus.Debugf("F_GET_SEALS on %s failed: %v", exe.Name(), err) + return false + } + // The memfd must have all of the base seals applied. + logrus.Debugf("checking %s memfd seals: 0x%x", exe.Name(), seals) + return seals&baseMemfdSeals == baseMemfdSeals +} + +// CloneSelfExe makes a clone of the current process's binary (through +// /proc/self/exe). This binary can then be used for "runc init" in order to +// make sure the container process can never resolve the original runc binary. +// For more details on why this is necessary, see CVE-2019-5736. +func CloneSelfExe(tmpDir string) (*os.File, error) { + selfExe, err := os.Open("/proc/self/exe") + if err != nil { + return nil, fmt.Errorf("opening current binary: %w", err) + } + defer selfExe.Close() + + stat, err := selfExe.Stat() + if err != nil { + return nil, fmt.Errorf("checking /proc/self/exe size: %w", err) + } + size := stat.Size() + + return CloneBinary(selfExe, size, "/proc/self/exe", tmpDir) +} + +// IsSelfExeCloned returns whether /proc/self/exe is a cloned binary that can +// be guaranteed to be safe. This means that it must be a sealed memfd. Other +// types of clones cannot be completely verified as safe. +func IsSelfExeCloned() bool { + selfExe, err := os.Open("/proc/self/exe") + if err != nil { + logrus.Debugf("open /proc/self/exe failed: %v", err) + return false + } + defer selfExe.Close() + return IsCloned(selfExe) +} diff --git a/libcontainer/nsenter/cloned_binary.c b/libcontainer/nsenter/cloned_binary.c deleted file mode 100644 index a7f992fddd7..00000000000 --- a/libcontainer/nsenter/cloned_binary.c +++ /dev/null @@ -1,567 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 OR LGPL-2.1-or-later -/* - * Copyright (C) 2019 Aleksa Sarai - * Copyright (C) 2019 SUSE LLC - * - * This work is dual licensed under the following licenses. You may use, - * redistribute, and/or modify the work under the conditions of either (or - * both) licenses. - * - * === Apache-2.0 === - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * === LGPL-2.1-or-later === - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library. If not, see - * . - * - */ - -#define _GNU_SOURCE -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "ipc.h" -#include "log.h" - -/* Use our own wrapper for memfd_create. */ -#ifndef SYS_memfd_create -# ifdef __NR_memfd_create -# define SYS_memfd_create __NR_memfd_create -# else -/* These values come from . */ -# warning "libc is outdated -- using hard-coded SYS_memfd_create" -# if defined(__x86_64__) -# define SYS_memfd_create 319 -# elif defined(__i386__) -# define SYS_memfd_create 356 -# elif defined(__ia64__) -# define SYS_memfd_create 1340 -# elif defined(__arm__) -# define SYS_memfd_create 385 -# elif defined(__aarch64__) -# define SYS_memfd_create 279 -# elif defined(__ppc__) || defined(__PPC64__) || defined(__powerpc64__) -# define SYS_memfd_create 360 -# elif defined(__s390__) || defined(__s390x__) -# define SYS_memfd_create 350 -# else -# warning "unknown architecture -- cannot hard-code SYS_memfd_create" -# endif -# endif -#endif - -/* memfd_create(2) flags -- copied from . */ -#ifndef MFD_CLOEXEC -# define MFD_CLOEXEC 0x0001U -# define MFD_ALLOW_SEALING 0x0002U -#endif -#ifndef MFD_EXEC -# define MFD_EXEC 0x0010U -#endif - -int memfd_create(const char *name, unsigned int flags) -{ -#ifdef SYS_memfd_create - return syscall(SYS_memfd_create, name, flags); -#else - errno = ENOSYS; - return -1; -#endif -} - -/* This comes directly from . */ -#ifndef F_LINUX_SPECIFIC_BASE -# define F_LINUX_SPECIFIC_BASE 1024 -#endif -#ifndef F_ADD_SEALS -# define F_ADD_SEALS (F_LINUX_SPECIFIC_BASE + 9) -# define F_GET_SEALS (F_LINUX_SPECIFIC_BASE + 10) -#endif -#ifndef F_SEAL_SEAL -# define F_SEAL_SEAL 0x0001 /* prevent further seals from being set */ -# define F_SEAL_SHRINK 0x0002 /* prevent file from shrinking */ -# define F_SEAL_GROW 0x0004 /* prevent file from growing */ -# define F_SEAL_WRITE 0x0008 /* prevent writes */ -#endif -#ifndef F_SEAL_FUTURE_WRITE -# define F_SEAL_FUTURE_WRITE 0x0010 /* prevent future writes while mapped */ -#endif -#ifndef F_SEAL_EXEC -# define F_SEAL_EXEC 0x0020 /* prevent chmod modifying exec bits */ -#endif - -#define CLONED_BINARY_ENV "_LIBCONTAINER_CLONED_BINARY" -#define RUNC_MEMFD_COMMENT "runc_cloned:/proc/self/exe" -/* - * There are newer memfd seals (such as F_SEAL_FUTURE_WRITE and F_SEAL_EXEC), - * which we use opportunistically. However, this set is the original set of - * memfd seals, and we require them all to be set to trust our /proc/self/exe - * if it is a memfd. - */ -#define RUNC_MEMFD_MIN_SEALS \ - (F_SEAL_SEAL | F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_WRITE) - -static void *must_realloc(void *ptr, size_t size) -{ - void *old = ptr; - do { - ptr = realloc(old, size); - } while (!ptr); - return ptr; -} - -/* - * Verify whether we are currently in a self-cloned program (namely, is - * /proc/self/exe a memfd). F_GET_SEALS will only succeed for memfds (or rather - * for shmem files), and we want to be sure it's actually sealed. - */ -static int is_self_cloned(void) -{ - int fd, seals = 0, is_cloned = false; - struct stat statbuf = { }; - struct statfs fsbuf = { }; - - fd = open("/proc/self/exe", O_RDONLY | O_CLOEXEC); - if (fd < 0) { - write_log(ERROR, "cannot open runc binary for reading: open /proc/self/exe: %m"); - return -ENOTRECOVERABLE; - } - - /* - * Is the binary a fully-sealed memfd? We don't need CLONED_BINARY_ENV for - * this, because you cannot write to a sealed memfd no matter what. - */ - seals = fcntl(fd, F_GET_SEALS); - if (seals >= 0) { - write_log(DEBUG, "checking /proc/self/exe memfd seals: 0x%x", seals); - is_cloned = (seals & RUNC_MEMFD_MIN_SEALS) == RUNC_MEMFD_MIN_SEALS; - if (is_cloned) - goto out; - } - - /* - * All other forms require CLONED_BINARY_ENV, since they are potentially - * writeable (or we can't tell if they're fully safe) and thus we must - * check the environment as an extra layer of defence. - */ - if (!getenv(CLONED_BINARY_ENV)) { - is_cloned = false; - goto out; - } - - /* - * Is the binary on a read-only filesystem? We can't detect bind-mounts in - * particular (in-kernel they are identical to regular mounts) but we can - * at least be sure that it's read-only. In addition, to make sure that - * it's *our* bind-mount we check CLONED_BINARY_ENV. - */ - if (fstatfs(fd, &fsbuf) >= 0) - is_cloned |= (fsbuf.f_flags & MS_RDONLY); - - /* - * Okay, we're a tmpfile -- or we're currently running on RHEL <=7.6 - * which appears to have a borked backport of F_GET_SEALS. Either way, - * having a file which has no hardlinks indicates that we aren't using - * a host-side "runc" binary and this is something that a container - * cannot fake (because unlinking requires being able to resolve the - * path that you want to unlink). - */ - if (fstat(fd, &statbuf) >= 0) - is_cloned |= (statbuf.st_nlink == 0); - -out: - close(fd); - return is_cloned; -} - -/* Read a given file into a new buffer, and providing the length. */ -static char *read_file(char *path, size_t *length) -{ - int fd; - char buf[4096], *copy = NULL; - - if (!length) - return NULL; - - fd = open(path, O_RDONLY | O_CLOEXEC); - if (fd < 0) - return NULL; - - *length = 0; - for (;;) { - ssize_t n; - - n = read(fd, buf, sizeof(buf)); - if (n < 0) - goto error; - if (!n) - break; - - copy = must_realloc(copy, (*length + n) * sizeof(*copy)); - memcpy(copy + *length, buf, n); - *length += n; - } - close(fd); - return copy; - -error: - close(fd); - free(copy); - return NULL; -} - -/* - * A poor-man's version of "xargs -0". Basically parses a given block of - * NUL-delimited data, within the given length and adds a pointer to each entry - * to the array of pointers. - */ -static int parse_xargs(char *data, int data_length, char ***output) -{ - int num = 0; - char *cur = data; - - if (!data || *output != NULL) - return -1; - - while (cur < data + data_length) { - num++; - *output = must_realloc(*output, (num + 1) * sizeof(**output)); - (*output)[num - 1] = cur; - cur += strlen(cur) + 1; - } - (*output)[num] = NULL; - return num; -} - -/* - * "Parse" out argv from /proc/self/cmdline. - * This is necessary because we are running in a context where we don't have a - * main() that we can just get the arguments from. - */ -static int fetchve(char ***argv) -{ - char *cmdline = NULL; - size_t cmdline_size; - - cmdline = read_file("/proc/self/cmdline", &cmdline_size); - if (!cmdline) - goto error; - - if (parse_xargs(cmdline, cmdline_size, argv) <= 0) - goto error; - - return 0; - -error: - free(cmdline); - return -EINVAL; -} - -enum { - EFD_NONE = 0, - EFD_MEMFD, - EFD_FILE, -}; - -/* - * This comes from . We can't hard-code __O_TMPFILE because it - * changes depending on the architecture. If we don't have O_TMPFILE we always - * have the mkostemp(3) fallback. - */ -#ifndef O_TMPFILE -# if defined(__O_TMPFILE) && defined(O_DIRECTORY) -# define O_TMPFILE (__O_TMPFILE | O_DIRECTORY) -# endif -#endif - -static inline bool is_memfd_unsupported_error(int err) -{ - /* - * - ENOSYS is obviously an "unsupported" error. - * - * - EINVAL could be hit if MFD_EXEC is not supported (pre-6.3 kernel), - * but it can also be hit if vm.memfd_noexec=2 (in kernels without - * [1] applied) and the flags does not contain MFD_EXEC. However, - * there was a bug in the original 6.3 implementation of - * vm.memfd_noexec=2, which meant that MFD_EXEC would work even in - * the "strict" mode. Because we try MFD_EXEC first, we won't get - * EINVAL in the vm.memfd_noexec=2 case (which means we don't need to - * figure out whether to log the message about memfd_create). - * - * - EACCES is returned in kernels that contain [1] in the - * vm.memfd_noexec=2 case. - * - * At time of writing, [1] is not in Linus's tree and it't not clear if - * it will be backported to stable, so what exact versions apply here - * is unclear. But the bug is present in 6.3-6.5 at the very least. - * - * [1]: https://lore.kernel.org/all/20230705063315.3680666-2-jeffxu@google.com/ - */ - if (err == EACCES) - write_log(INFO, - "memfd_create(MFD_EXEC) failed, possibly due to vm.memfd_noexec=2 -- falling back to less secure O_TMPFILE"); - return err == ENOSYS || err == EINVAL || err == EACCES; -} - -static int make_execfd(int *fdtype) -{ - int fd = -1; - char template[PATH_MAX] = { 0 }; - char *prefix = getenv("_LIBCONTAINER_STATEDIR"); - - if (!prefix || *prefix != '/') - prefix = "/tmp"; - if (snprintf(template, sizeof(template), "%s/runc.XXXXXX", prefix) < 0) - return -1; - - /* - * Now try memfd, it's much nicer than actually creating a file in STATEDIR - * since it's easily detected thanks to sealing and also doesn't require - * assumptions about STATEDIR. - */ - *fdtype = EFD_MEMFD; - /* - * On newer kernels we should set MFD_EXEC to indicate we need +x - * permissions. Otherwise an admin with vm.memfd_noexec=1 would subtly - * break runc. vm.memfd_noexec=2 is a little bit more complicated, see the - * comment in is_memfd_unsupported_error() -- the upshot is that doing it - * this way works, but only because of two overlapping bugs in the sysctl - * implementation. - */ - fd = memfd_create(RUNC_MEMFD_COMMENT, MFD_EXEC | MFD_CLOEXEC | MFD_ALLOW_SEALING); - if (fd < 0 && is_memfd_unsupported_error(errno)) - fd = memfd_create(RUNC_MEMFD_COMMENT, MFD_CLOEXEC | MFD_ALLOW_SEALING); - if (fd >= 0) - return fd; - if (!is_memfd_unsupported_error(errno)) - goto error; - -#ifdef O_TMPFILE - /* - * Try O_TMPFILE to avoid races where someone might snatch our file. Note - * that O_EXCL isn't actually a security measure here (since you can just - * fd re-open it and clear O_EXCL). - */ - *fdtype = EFD_FILE; - fd = open(prefix, O_TMPFILE | O_EXCL | O_RDWR | O_CLOEXEC, 0700); - if (fd >= 0) { - struct stat statbuf = { }; - bool working_otmpfile = false; - - /* - * open(2) ignores unknown O_* flags -- yeah, I was surprised when I - * found this out too. As a result we can't check for EINVAL. However, - * if we get nlink != 0 (or EISDIR) then we know that this kernel - * doesn't support O_TMPFILE. - */ - if (fstat(fd, &statbuf) >= 0) - working_otmpfile = (statbuf.st_nlink == 0); - - if (working_otmpfile) - return fd; - - /* Pretend that we got EISDIR since O_TMPFILE failed. */ - close(fd); - errno = EISDIR; - } - if (errno != EISDIR) - goto error; -#endif /* defined(O_TMPFILE) */ - - /* - * Our final option is to create a temporary file the old-school way, and - * then unlink it so that nothing else sees it by accident. - */ - *fdtype = EFD_FILE; - fd = mkostemp(template, O_CLOEXEC); - if (fd >= 0) { - if (unlink(template) >= 0) - return fd; - close(fd); - } - -error: - *fdtype = EFD_NONE; - return -1; -} - -static int seal_execfd(int *fd, int fdtype) -{ - switch (fdtype) { - case EFD_MEMFD:{ - /* - * Try to seal with newer seals, but we ignore errors because older - * kernels don't support some of them. For container security only - * RUNC_MEMFD_MIN_SEALS are strictly required, but the rest are - * nice-to-haves. We apply RUNC_MEMFD_MIN_SEALS at the end because it - * contains F_SEAL_SEAL. - */ - int __attribute__((unused)) _err1 = fcntl(*fd, F_ADD_SEALS, F_SEAL_FUTURE_WRITE); // Linux 5.1 - int __attribute__((unused)) _err2 = fcntl(*fd, F_ADD_SEALS, F_SEAL_EXEC); // Linux 6.3 - return fcntl(*fd, F_ADD_SEALS, RUNC_MEMFD_MIN_SEALS); - } - case EFD_FILE:{ - /* Need to re-open our pseudo-memfd as an O_PATH to avoid execve(2) giving -ETXTBSY. */ - int newfd; - char fdpath[PATH_MAX] = { 0 }; - - if (fchmod(*fd, 0100) < 0) - return -1; - - if (snprintf(fdpath, sizeof(fdpath), "/proc/self/fd/%d", *fd) < 0) - return -1; - - newfd = open(fdpath, O_PATH | O_CLOEXEC); - if (newfd < 0) - return -1; - - close(*fd); - *fd = newfd; - return 0; - } - default: - break; - } - return -1; -} - -static ssize_t fd_to_fd(int outfd, int infd) -{ - ssize_t total = 0; - char buffer[4096]; - - for (;;) { - ssize_t nread, nwritten = 0; - - nread = read(infd, buffer, sizeof(buffer)); - if (nread < 0) - return -1; - if (!nread) - break; - - do { - ssize_t n = write(outfd, buffer + nwritten, nread - nwritten); - if (n < 0) - return -1; - nwritten += n; - } while (nwritten < nread); - - total += nwritten; - } - - return total; -} - -static int clone_binary(void) -{ - int binfd, execfd; - struct stat statbuf = { }; - size_t sent = 0; - int fdtype = EFD_NONE; - - execfd = make_execfd(&fdtype); - if (execfd < 0 || fdtype == EFD_NONE) - return -ENOTRECOVERABLE; - - binfd = open("/proc/self/exe", O_RDONLY | O_CLOEXEC); - if (binfd < 0) - goto error; - - if (fstat(binfd, &statbuf) < 0) - goto error_binfd; - - while (sent < statbuf.st_size) { - int n = sendfile(execfd, binfd, NULL, statbuf.st_size - sent); - if (n < 0) { - /* sendfile can fail so we fallback to a dumb user-space copy. */ - n = fd_to_fd(execfd, binfd); - if (n < 0) - goto error_binfd; - } - sent += n; - } - close(binfd); - if (sent != statbuf.st_size) - goto error; - - if (seal_execfd(&execfd, fdtype) < 0) - goto error; - - return execfd; - -error_binfd: - close(binfd); -error: - close(execfd); - return -EIO; -} - -/* Get cheap access to the environment. */ -extern char **environ; - -int ensure_cloned_binary(void) -{ - int execfd; - char **argv = NULL; - - /* Check that we're not self-cloned, and if we are then bail. */ - int cloned = is_self_cloned(); - if (cloned > 0 || cloned == -ENOTRECOVERABLE) - return cloned; - - if (fetchve(&argv) < 0) - return -EINVAL; - - execfd = clone_binary(); - if (execfd < 0) - return -EIO; - - if (putenv(CLONED_BINARY_ENV "=1")) - goto error; - - fexecve(execfd, argv, environ); -error: - close(execfd); - return -ENOEXEC; -} diff --git a/libcontainer/nsenter/nsexec.c b/libcontainer/nsenter/nsexec.c index 17e0468c6af..9b10b232528 100644 --- a/libcontainer/nsenter/nsexec.c +++ b/libcontainer/nsenter/nsexec.c @@ -536,9 +536,6 @@ void join_namespaces(char *nslist) free(namespaces); } -/* Defined in cloned_binary.c. */ -extern int ensure_cloned_binary(void); - static inline int sane_kill(pid_t pid, int signum) { if (pid > 0) @@ -791,14 +788,6 @@ void nsexec(void) return; } - /* - * We need to re-exec if we are not in a cloned binary. This is necessary - * to ensure that containers won't be able to access the host binary - * through /proc/self/exe. See CVE-2019-5736. - */ - if (ensure_cloned_binary() < 0) - bail("could not ensure we are a cloned binary"); - /* * Inform the parent we're past initial setup. * For the other side of this, see initWaiter. diff --git a/libcontainer/process.go b/libcontainer/process.go index 4de4a9e75c2..d2c7bfcda36 100644 --- a/libcontainer/process.go +++ b/libcontainer/process.go @@ -49,6 +49,9 @@ type Process struct { // ExtraFiles specifies additional open files to be inherited by the container ExtraFiles []*os.File + // open handles to cloned binaries -- see dmz.ClonedBinary for more details + clonedExes []*os.File + // Initial sizings for the console ConsoleWidth uint16 ConsoleHeight uint16 @@ -121,6 +124,15 @@ func (p Process) Signal(sig os.Signal) error { return p.ops.signal(sig) } +// closeClonedExes cleans up any existing cloned binaries associated with the +// Process. +func (p *Process) closeClonedExes() { + for _, exe := range p.clonedExes { + _ = exe.Close() + } + p.clonedExes = nil +} + // IO holds the process's STDIO type IO struct { Stdin io.WriteCloser diff --git a/libcontainer/system/linux.go b/libcontainer/system/linux.go index d2ad5cea229..5acaa4df384 100644 --- a/libcontainer/system/linux.go +++ b/libcontainer/system/linux.go @@ -4,10 +4,12 @@ package system import ( + "fmt" "os" "os/exec" "unsafe" + "github.com/sirupsen/logrus" "golang.org/x/sys/unix" ) @@ -102,3 +104,29 @@ func GetSubreaper() (int, error) { return int(i), nil } + +func ExecutableMemfd(comment string, flags int) (*os.File, error) { + // Try to use MFD_EXEC first. On pre-6.3 kernels we get -EINVAL for this + // flag. On post-6.3 kernels, with vm.memfd_noexec=1 this ensures we get an + // executable memfd. For vm.memfd_noexec=2 this is a bit more complicated. + // The original vm.memfd_noexec=2 implementation incorrectly silently + // allowed MFD_EXEC[1] -- this should be fixed in 6.6. On 6.6 and newer + // kernels, we will get -EACCES if we try to use MFD_EXEC with + // vm.memfd_noexec=2 (for 6.3-6.5, -EINVAL was the intended return value). + // + // The upshot is we only need to retry without MFD_EXEC on -EINVAL because + // it just so happens that passing MFD_EXEC bypasses vm.memfd_noexec=2 on + // kernels where -EINVAL is actually a security denial. + memfd, err := unix.MemfdCreate(comment, flags|unix.MFD_EXEC) + if err == unix.EINVAL { + memfd, err = unix.MemfdCreate(comment, flags) + } + if err != nil { + if err == unix.EACCES { + logrus.Info("memfd_create(MFD_EXEC) failed, possibly due to vm.memfd_noexec=2 -- falling back to less secure O_TMPFILE") + } + err := os.NewSyscallError("memfd_create", err) + return nil, fmt.Errorf("failed to create executable memfd: %w", err) + } + return os.NewFile(uintptr(memfd), "/memfd:"+comment), nil +} From e089db3b4a31a51c176cc2e26cce9ad0730a8a41 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Sat, 19 Aug 2023 02:12:24 +1000 Subject: [PATCH 0380/1176] dmz: add fallbacks to handle noexec for O_TMPFILE and mktemp() Previously, if /var/run was mounted noexec, our cloned binary logic would not work if memfd_create(2) was not available because we would try to exec a binary that is on a noexec filesystem. We cannot guarantee there will be an executable filesystem on the system (other than mounting one ourselves, which would cause a bunch of other headaches) but we can at least try the obvious options (/tmp, /bin, and /). If none of these work, we will have to fail. Reported-by: lifubang Signed-off-by: Aleksa Sarai --- libcontainer/dmz/cloned_binary_linux.go | 57 +++++++++++++++++++++++-- 1 file changed, 53 insertions(+), 4 deletions(-) diff --git a/libcontainer/dmz/cloned_binary_linux.go b/libcontainer/dmz/cloned_binary_linux.go index c962ea6fcba..133bdefaff7 100644 --- a/libcontainer/dmz/cloned_binary_linux.go +++ b/libcontainer/dmz/cloned_binary_linux.go @@ -5,6 +5,7 @@ import ( "fmt" "io" "os" + "strconv" "github.com/sirupsen/logrus" "golang.org/x/sys/unix" @@ -19,6 +20,23 @@ var ( _ SealFunc = sealFile ) +func isExecutable(f *os.File) bool { + if err := unix.Faccessat(int(f.Fd()), "", unix.X_OK, unix.AT_EACCESS|unix.AT_EMPTY_PATH); err == nil { + return true + } else if err == unix.EACCES { + return false + } + path := "/proc/self/fd/" + strconv.Itoa(int(f.Fd())) + if err := unix.Access(path, unix.X_OK); err == nil { + return true + } else if err == unix.EACCES { + return false + } + // Cannot check -- assume it's executable (if not, exec will fail). + logrus.Debugf("cannot do X_OK check on binary %s -- assuming it's executable", f.Name()) + return true +} + const baseMemfdSeals = unix.F_SEAL_SEAL | unix.F_SEAL_SHRINK | unix.F_SEAL_GROW | unix.F_SEAL_WRITE func sealMemfd(f **os.File) error { @@ -106,15 +124,46 @@ func getSealableFile(comment, tmpDir string) (file *os.File, sealFn SealFunc, er return } logrus.Debugf("memfd cloned binary failed, falling back to O_TMPFILE: %v", err) + + // The tmpDir here (c.root) might be mounted noexec, so we need a couple of + // fallbacks to try. It's possible that none of these are writable and + // executable, in which case there's nothing we can practically do (other + // than mounting our own executable tmpfs, which would have its own + // issues). + tmpDirs := []string{ + tmpDir, + os.TempDir(), + "/tmp", + ".", + "/bin", + "/", + } + // Try to fallback to O_TMPFILE (supported since Linux 3.11). - file, sealFn, err = otmpfile(tmpDir) - if err == nil { + for _, dir := range tmpDirs { + file, sealFn, err = otmpfile(dir) + if err != nil { + continue + } + if !isExecutable(file) { + logrus.Debugf("tmpdir %s is noexec -- trying a different tmpdir", dir) + file.Close() + continue + } return } logrus.Debugf("O_TMPFILE cloned binary failed, falling back to mktemp(): %v", err) // Finally, try a classic unlinked temporary file. - file, sealFn, err = mktemp(tmpDir) - if err == nil { + for _, dir := range tmpDirs { + file, sealFn, err = mktemp(dir) + if err != nil { + continue + } + if !isExecutable(file) { + logrus.Debugf("tmpdir %s is noexec -- trying a different tmpdir", dir) + file.Close() + continue + } return } return nil, nil, fmt.Errorf("could not create sealable file for cloned binary: %w", err) From dac41717465462b21fab5b5942fe4cb3f47d7e53 Mon Sep 17 00:00:00 2001 From: lifubang Date: Tue, 15 Aug 2023 17:00:22 +0800 Subject: [PATCH 0381/1176] runc-dmz: reduce memfd binary cloning cost with small C binary The idea is to remove the need for cloning the entire runc binary by replacing the final execve() call of the container process with an execve() call to a clone of a small C binary which just does an execve() of its arguments. This provides similar protection against CVE-2019-5736 but without requiring a >10MB binary copy for each "runc init". When compiled with musl, runc-dmz is 13kB (though unfortunately with glibc, it is 1.1MB which is still quite large). It should be noted that there is still a window where the container processes could get access to the host runc binary, but because we set ourselves as non-dumpable the container would need CAP_SYS_PTRACE (which is not enabled by default in Docker) in order to get around the proc_fd_access_allowed() checks. In addition, since Linux 4.10[1] the kernel blocks access entirely for user namespaced containers in this scenario. For those cases we cannot use runc-dmz, but most containers won't have this issue. This new runc-dmz binary can be opted out of at compile time by setting the "runc_nodmz" buildtag, and at runtime by setting the RUNC_DMZ=legacy environment variable. In both cases, runc will fall back to the classic /proc/self/exe-based cloning trick. If /proc/self/exe is already a sealed memfd (namely if the user is using contrib/cmd/memfd-bind to create a persistent sealed memfd for runc), neither runc-dmz nor /proc/self/exe cloning will be used because they are not necessary. [1]: https://github.com/torvalds/linux/commit/bfedb589252c01fa505ac9f6f2a3d5d68d707ef4 Co-authored-by: lifubang Signed-off-by: lifubang [cyphar: address various review nits] [cyphar: fix runc-dmz cross-compilation] [cyphar: embed runc-dmz into runc binary and clone in Go code] [cyphar: make runc-dmz optional, with fallback to /proc/self/exe cloning] [cyphar: do not use runc-dmz when the container has certain privs] Co-authored-by: Aleksa Sarai Signed-off-by: Aleksa Sarai --- .github/workflows/test.yml | 17 ++- .golangci-extra.yml | 1 + .golangci.yml | 1 + Makefile | 35 ++++- README.md | 7 +- cc_platform.mk | 61 ++++++++ libcontainer/container_linux.go | 98 ++++++++++-- libcontainer/dmz/.gitignore | 1 + libcontainer/dmz/Makefile | 6 + libcontainer/dmz/_dmz.c | 10 ++ libcontainer/dmz/dmz.go | 9 ++ libcontainer/dmz/dmz_fallback_linux.go | 1 + libcontainer/dmz/dmz_linux.go | 48 ++++++ libcontainer/dmz/dmz_unsupported.go | 12 ++ libcontainer/init_linux.go | 18 ++- libcontainer/setns_init_linux.go | 21 ++- libcontainer/standard_init_linux.go | 7 +- .../system/kernelversion/kernel_linux.go | 94 ++++++++++++ .../system/kernelversion/kernel_linux_test.go | 140 ++++++++++++++++++ libcontainer/system/linux.go | 46 +++++- 20 files changed, 608 insertions(+), 25 deletions(-) create mode 100644 cc_platform.mk create mode 100644 libcontainer/dmz/.gitignore create mode 100644 libcontainer/dmz/Makefile create mode 100644 libcontainer/dmz/_dmz.c create mode 100644 libcontainer/dmz/dmz.go create mode 100644 libcontainer/dmz/dmz_fallback_linux.go create mode 100644 libcontainer/dmz/dmz_linux.go create mode 100644 libcontainer/dmz/dmz_unsupported.go create mode 100644 libcontainer/system/kernelversion/kernel_linux.go create mode 100644 libcontainer/system/kernelversion/kernel_linux_test.go diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 7f6799f18f6..5a53f1de1eb 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -28,6 +28,7 @@ jobs: rootless: ["rootless", ""] race: ["-race", ""] criu: ["", "criu-dev"] + dmz: ["", "runc_nodmz"] exclude: - criu: criu-dev rootless: rootless @@ -35,6 +36,10 @@ jobs: go-version: 1.20.x - criu: criu-dev race: -race + - dmz: runc_nodmz + criu: criu-dev + - dmz: runc_nodmz + os: ubuntu-20.04 runs-on: ${{ matrix.os }} steps: @@ -71,6 +76,8 @@ jobs: go-version: ${{ matrix.go-version }} - name: build + env: + EXTRA_BUILDTAGS: ${{ matrix.dmz }} run: sudo -E PATH="$PATH" make EXTRA_FLAGS="${{ matrix.race }}" all - name: install bats @@ -80,6 +87,8 @@ jobs: - name: unit test if: matrix.rootless != 'rootless' + env: + EXTRA_BUILDTAGS: ${{ matrix.dmz }} run: sudo -E PATH="$PATH" -- make TESTFLAGS="${{ matrix.race }}" localunittest - name: add rootless user @@ -113,8 +122,12 @@ jobs: # However, we do not have 32-bit ARM CI, so we use i386 for testing 32bit stuff. # We are not interested in providing official support for i386. cross-i386: - runs-on: ubuntu-22.04 timeout-minutes: 15 + strategy: + fail-fast: false + matrix: + dmz: ["", "runc_nodmz"] + runs-on: ubuntu-22.04 steps: @@ -136,4 +149,6 @@ jobs: go-version: 1.x # Latest stable - name: unit test + env: + EXTRA_BUILDTAGS: ${{ matrix.dmz }} run: sudo -E PATH="$PATH" -- make GOARCH=386 localunittest diff --git a/.golangci-extra.yml b/.golangci-extra.yml index be33f90d7f9..23b57e040b6 100644 --- a/.golangci-extra.yml +++ b/.golangci-extra.yml @@ -7,6 +7,7 @@ run: build-tags: - seccomp + - runc_nodmz linters: disable-all: true diff --git a/.golangci.yml b/.golangci.yml index 96b321019e4..c088117d2ca 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -3,6 +3,7 @@ run: build-tags: - seccomp + - runc_nodmz linters: enable: diff --git a/Makefile b/Makefile index 4e90e1c7c4f..d39df7d0752 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,11 @@ +SHELL = /bin/bash + CONTAINER_ENGINE := docker GO ?= go +# Get CC values for cross-compilation. +include cc_platform.mk + PREFIX ?= /usr/local BINDIR := $(PREFIX)/sbin MANDIR := $(PREFIX)/share/man @@ -10,6 +15,7 @@ GIT_BRANCH_CLEAN := $(shell echo $(GIT_BRANCH) | sed -e "s/[^[:alnum:]]/-/g") RUNC_IMAGE := runc_dev$(if $(GIT_BRANCH_CLEAN),:$(GIT_BRANCH_CLEAN)) PROJECT := github.com/opencontainers/runc BUILDTAGS ?= seccomp urfave_cli_no_docs +BUILDTAGS += $(EXTRA_BUILDTAGS) COMMIT ?= $(shell git describe --dirty --long --always) VERSION := $(shell cat ./VERSION) @@ -57,16 +63,23 @@ endif .DEFAULT: runc -runc: +runc: runc-dmz $(GO_BUILD) -o runc . + make verify-dmz-arch all: runc recvtty sd-helper seccompagent fs-idmap recvtty sd-helper seccompagent fs-idmap: $(GO_BUILD) -o contrib/cmd/$@/$@ ./contrib/cmd/$@ -static: +static: runc-dmz $(GO_BUILD_STATIC) -o runc . + make verify-dmz-arch + +.PHONY: runc-dmz +runc-dmz: + rm -f libcontainer/dmz/runc-dmz + $(GO) generate -tags "$(BUILDTAGS)" ./libcontainer/dmz releaseall: RELEASE_ARGS := "-a 386 -a amd64 -a arm64 -a armel -a armhf -a ppc64le -a riscv64 -a s390x" releaseall: release @@ -147,12 +160,12 @@ install-man: man install -D -m 644 man/man8/*.8 $(DESTDIR)$(MANDIR)/man8 clean: - rm -f runc runc-* + rm -f runc runc-* libcontainer/dmz/runc-dmz rm -f contrib/cmd/recvtty/recvtty rm -f contrib/cmd/sd-helper/sd-helper rm -f contrib/cmd/seccompagent/seccompagent rm -f contrib/cmd/fs-idmap/fs-idmap - rm -rf release + sudo rm -rf release rm -rf man/man8 cfmt: C_SRC=$(shell git ls-files '*.c' | grep -v '^vendor/') @@ -188,6 +201,18 @@ verify-dependencies: vendor @test -z "$$(git status --porcelain -- go.mod go.sum vendor/)" \ || (echo -e "git status:\n $$(git status -- go.mod go.sum vendor/)\nerror: vendor/, go.mod and/or go.sum not up to date. Run \"make vendor\" to update"; exit 1) \ && echo "all vendor files are up to date." +verify-dmz-arch: + @test -s libcontainer/dmz/runc-dmz || exit 0; \ + set -Eeuo pipefail; \ + export LC_ALL=C; \ + echo "readelf -h runc"; \ + readelf -h runc | grep -E "(Machine|Flags):"; \ + echo "readelf -h libcontainer/dmz/runc-dmz"; \ + readelf -h libcontainer/dmz/runc-dmz | grep -E "(Machine|Flags):"; \ + diff -u \ + <(readelf -h runc | grep -E "(Machine|Flags):") \ + <(readelf -h libcontainer/dmz/runc-dmz | grep -E "(Machine|Flags):") \ + && echo "runc-dmz architecture matches runc binary." validate-keyring: script/keyring_validate.sh @@ -197,4 +222,4 @@ validate-keyring: test localtest unittest localunittest integration localintegration \ rootlessintegration localrootlessintegration shell install install-bash \ install-man clean cfmt shfmt localshfmt shellcheck \ - vendor verify-changelog verify-dependencies validate-keyring + vendor verify-changelog verify-dependencies verify-dmz-arch validate-keyring diff --git a/README.md b/README.md index b209c7dcd55..da9786632da 100644 --- a/README.md +++ b/README.md @@ -65,9 +65,10 @@ e.g. to disable seccomp: make BUILDTAGS="" ``` -| Build Tag | Feature | Enabled by default | Dependency | -|-----------|------------------------------------|--------------------|------------| -| seccomp | Syscall filtering | yes | libseccomp | +| Build Tag | Feature | Enabled by Default | Dependencies | +|---------------|---------------------------------------|--------------------|---------------------| +| `seccomp` | Syscall filtering using `libseccomp`. | yes | `libseccomp` | +| `!runc_nodmz` | Reduce memory usage for CVE-2019-5736 protection by using a small C binary. `runc_nodmz` disables this feature and causes runc to use a different protection mechanism which will further increases memory usage temporarily during container startup. This feature can also be disabled at runtime by setting the `RUNC_DMZ=legacy` environment variable. | yes || The following build tags were used earlier, but are now obsoleted: - **nokmem** (since runc v1.0.0-rc94 kernel memory settings are ignored) diff --git a/cc_platform.mk b/cc_platform.mk new file mode 100644 index 00000000000..6aa2b5ecb8b --- /dev/null +++ b/cc_platform.mk @@ -0,0 +1,61 @@ +# NOTE: Make sure you keep this file in sync with scripts/lib.sh. + +GO ?= go +GOARCH ?= $(shell $(GO) env GOARCH) + +ifneq ($(shell grep -i "ID_LIKE=.*suse" /etc/os-release),) + # openSUSE has a custom PLATFORM + PLATFORM ?= suse-linux + IS_SUSE := 1 +else + PLATFORM ?= linux-gnu +endif + +ifeq ($(GOARCH),$(shell GOARCH= $(GO) env GOARCH)) + # use the native CC and STRIP + HOST := +else ifeq ($(GOARCH),386) + # Always use the 64-bit compiler to build the 386 binary, which works for + # the more common cross-build method for x86 (namely, the equivalent of + # dpkg --add-architecture). + ifdef IS_SUSE + # There is no x86_64-suse-linux-gcc, so use the native one. + HOST := + CPU_TYPE := i586 + else + HOST := x86_64-$(PLATFORM)- + CPU_TYPE := i686 + endif + CFLAGS := -m32 -march=$(CPU_TYPE) $(CFLAGS) +else ifeq ($(GOARCH),amd64) + ifdef IS_SUSE + # There is no x86_64-suse-linux-gcc, so use the native one. + HOST := + else + HOST := x86_64-$(PLATFORM)- + endif +else ifeq ($(GOARCH),arm64) + HOST := aarch64-$(PLATFORM)- +else ifeq ($(GOARCH),arm) + # HOST already configured by release_build.sh in this case. +else ifeq ($(GOARCH),armel) + HOST := arm-$(PLATFORM)eabi- +else ifeq ($(GOARCH),armhf) + HOST := arm-$(PLATFORM)eabihf- +else ifeq ($(GOARCH),ppc64le) + HOST := powerpc64le-$(PLATFORM)- +else ifeq ($(GOARCH),riscv64) + HOST := riscv64-$(PLATFORM)- +else ifeq ($(GOARCH),s390x) + HOST := s390x-$(PLATFORM)- +else +$(error Unsupported GOARCH $(GOARCH)) +endif + +ifeq ($(origin CC),$(filter $(origin CC),undefined default)) + # Override CC if it's undefined or just the default value set by Make. + CC := $(HOST)gcc + export CC +endif +STRIP ?= $(HOST)strip +export STRIP diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index 9eb72f86600..e10ca2332ff 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -27,6 +27,7 @@ import ( "github.com/opencontainers/runc/libcontainer/dmz" "github.com/opencontainers/runc/libcontainer/intelrdt" "github.com/opencontainers/runc/libcontainer/system" + "github.com/opencontainers/runc/libcontainer/system/kernelversion" "github.com/opencontainers/runc/libcontainer/utils" ) @@ -444,6 +445,48 @@ func (c *Container) includeExecFifo(cmd *exec.Cmd) error { return nil } +// No longer needed in Go 1.21. +func slicesContains[S ~[]E, E comparable](slice S, needle E) bool { + for _, val := range slice { + if val == needle { + return true + } + } + return false +} + +func isDmzBinarySafe(c *configs.Config) bool { + // Because we set the dumpable flag in nsexec, the only time when it is + // unsafe to use runc-dmz is when the container process would be able to + // race against "runc init" and bypass the ptrace_may_access() checks. + // + // This is only the case if the container processes could have + // CAP_SYS_PTRACE somehow (i.e. the capability is present in the bounding, + // inheritable, or ambient sets). Luckily, most containers do not have this + // capability. + if c.Capabilities == nil || + (!slicesContains(c.Capabilities.Bounding, "CAP_SYS_PTRACE") && + !slicesContains(c.Capabilities.Inheritable, "CAP_SYS_PTRACE") && + !slicesContains(c.Capabilities.Ambient, "CAP_SYS_PTRACE")) { + return true + } + + // Since Linux 4.10 (see bfedb589252c0) user namespaced containers cannot + // access /proc/$pid/exe of runc after it joins the namespace (until it + // does an exec), regardless of the capability set. This has been + // backported to other distribution kernels, but there's no way of checking + // this cheaply -- better to be safe than sorry here. + linux410 := kernelversion.KernelVersion{Kernel: 4, Major: 10} + if ok, err := kernelversion.GreaterEqualThan(linux410); ok && err == nil { + if c.Namespaces.Contains(configs.NEWUSER) { + return true + } + } + + // Assume it's unsafe otherwise. + return false +} + func (c *Container) newParentProcess(p *Process) (parentProcess, error) { parentInitPipe, childInitPipe, err := utils.NewSockPair("init") if err != nil { @@ -457,27 +500,54 @@ func (c *Container) newParentProcess(p *Process) (parentProcess, error) { } logFilePair := filePair{parentLogPipe, childLogPipe} - // Make sure we use a new safe copy of /proc/self/exe each time this is - // called, to make sure that if a container manages to overwrite the file - // it cannot affect other containers on the system. For runc, this code - // will only ever be called once, but libcontainer users might call this - // more than once. + // Make sure we use a new safe copy of /proc/self/exe or the runc-dmz + // binary each time this is called, to make sure that if a container + // manages to overwrite the file it cannot affect other containers on the + // system. For runc, this code will only ever be called once, but + // libcontainer users might call this more than once. p.closeClonedExes() var ( exePath string - safeExe *os.File + // only one of dmzExe or safeExe are used at a time + dmzExe, safeExe *os.File ) if dmz.IsSelfExeCloned() { // /proc/self/exe is already a cloned binary -- no need to do anything logrus.Debug("skipping binary cloning -- /proc/self/exe is already cloned!") exePath = "/proc/self/exe" } else { - safeExe, err = dmz.CloneSelfExe(c.root) - if err != nil { - return nil, fmt.Errorf("unable to create safe /proc/self/exe clone for runc init: %w", err) + var err error + if isDmzBinarySafe(c.config) { + dmzExe, err = dmz.Binary(c.root) + if err == nil { + // We can use our own executable without cloning if we are using + // runc-dmz. + exePath = "/proc/self/exe" + p.clonedExes = append(p.clonedExes, dmzExe) + } else if errors.Is(err, dmz.ErrNoDmzBinary) { + logrus.Debug("runc-dmz binary not embedded in runc binary, falling back to /proc/self/exe clone") + } else if err != nil { + return nil, fmt.Errorf("failed to create runc-dmz binary clone: %w", err) + } + } else { + // If the configuration makes it unsafe to use runc-dmz, pretend we + // don't have it embedded so we do /proc/self/exe cloning. + logrus.Debug("container configuration unsafe for runc-dmz, falling back to /proc/self/exe clone") + err = dmz.ErrNoDmzBinary + } + if errors.Is(err, dmz.ErrNoDmzBinary) { + safeExe, err = dmz.CloneSelfExe(c.root) + if err != nil { + return nil, fmt.Errorf("unable to create safe /proc/self/exe clone for runc init: %w", err) + } + exePath = "/proc/self/fd/" + strconv.Itoa(int(safeExe.Fd())) + p.clonedExes = append(p.clonedExes, safeExe) + } + // Just to make sure we don't run without protection. + if dmzExe == nil && safeExe == nil { + // This should never happen. + return nil, fmt.Errorf("[internal error] attempted to spawn a container with no /proc/self/exe protection") } - exePath = "/proc/self/fd/" + strconv.Itoa(int(safeExe.Fd())) - p.clonedExes = append(p.clonedExes, safeExe) } cmd := exec.Command(exePath, "init") @@ -503,6 +573,12 @@ func (c *Container) newParentProcess(p *Process) (parentProcess, error) { "_LIBCONTAINER_STATEDIR="+c.root, ) + if dmzExe != nil { + cmd.ExtraFiles = append(cmd.ExtraFiles, dmzExe) + cmd.Env = append(cmd.Env, + "_LIBCONTAINER_DMZEXEFD="+strconv.Itoa(stdioFdCount+len(cmd.ExtraFiles)-1)) + } + cmd.ExtraFiles = append(cmd.ExtraFiles, childLogPipe) cmd.Env = append(cmd.Env, "_LIBCONTAINER_LOGPIPE="+strconv.Itoa(stdioFdCount+len(cmd.ExtraFiles)-1)) diff --git a/libcontainer/dmz/.gitignore b/libcontainer/dmz/.gitignore new file mode 100644 index 00000000000..f163ef41c1f --- /dev/null +++ b/libcontainer/dmz/.gitignore @@ -0,0 +1 @@ +/runc-dmz diff --git a/libcontainer/dmz/Makefile b/libcontainer/dmz/Makefile new file mode 100644 index 00000000000..24e92db716b --- /dev/null +++ b/libcontainer/dmz/Makefile @@ -0,0 +1,6 @@ +# Get CC values for cross-compilation. +include ../../cc_platform.mk + +runc-dmz: _dmz.c + $(CC) $(CFLAGS) -static -o $@ $^ + $(STRIP) -gs $@ diff --git a/libcontainer/dmz/_dmz.c b/libcontainer/dmz/_dmz.c new file mode 100644 index 00000000000..6e91b0f90a9 --- /dev/null +++ b/libcontainer/dmz/_dmz.c @@ -0,0 +1,10 @@ +#include + +extern char **environ; + +int main(int argc, char **argv) +{ + if (argc < 1) + return 127; + return execve(argv[0], argv, environ); +} diff --git a/libcontainer/dmz/dmz.go b/libcontainer/dmz/dmz.go new file mode 100644 index 00000000000..9b6b500807c --- /dev/null +++ b/libcontainer/dmz/dmz.go @@ -0,0 +1,9 @@ +package dmz + +import ( + "errors" +) + +// ErrNoDmzBinary is returned by Binary when there is no runc-dmz binary +// embedded in the runc program. +var ErrNoDmzBinary = errors.New("runc-dmz binary not embedded in this program") diff --git a/libcontainer/dmz/dmz_fallback_linux.go b/libcontainer/dmz/dmz_fallback_linux.go new file mode 100644 index 00000000000..4f624e048b9 --- /dev/null +++ b/libcontainer/dmz/dmz_fallback_linux.go @@ -0,0 +1 @@ +package dmz diff --git a/libcontainer/dmz/dmz_linux.go b/libcontainer/dmz/dmz_linux.go new file mode 100644 index 00000000000..12f9709a269 --- /dev/null +++ b/libcontainer/dmz/dmz_linux.go @@ -0,0 +1,48 @@ +//go:build !runc_nodmz +// +build !runc_nodmz + +package dmz + +import ( + "bytes" + "debug/elf" + _ "embed" + "os" + + "github.com/sirupsen/logrus" +) + +// Try to build the runc-dmz binary. If it fails, replace it with an empty file +// (this will trigger us to fall back to a clone of /proc/self/exe). Yeah, this +// is a bit ugly but it makes sure that weird cross-compilation setups don't +// break because of runc-dmz. +// +//go:generate sh -c "make -B runc-dmz || echo -n >runc-dmz" +//go:embed runc-dmz +var runcDmzBinary []byte + +// Binary returns a cloned copy (see CloneBinary) of a very minimal C program +// that just does an execve() of its arguments. This is used in the final +// execution step of the container execution as an intermediate process before +// the container process is execve'd. This allows for protection against +// CVE-2019-5736 without requiring a complete copy of the runc binary. Each +// call to Binary will return a new copy. +// +// If the runc-dmz binary is not embedded into the runc binary, Binary will +// return ErrNoDmzBinary as the error. +func Binary(tmpDir string) (*os.File, error) { + rdr := bytes.NewBuffer(runcDmzBinary) + // Verify that our embedded binary has a standard ELF header. + if !bytes.HasPrefix(rdr.Bytes(), []byte(elf.ELFMAG)) { + if rdr.Len() != 0 { + logrus.Infof("misconfigured build: embedded runc-dmz binary is non-empty but is missing a proper ELF header") + } + return nil, ErrNoDmzBinary + } + // Setting RUNC_DMZ=legacy disables this dmz method. + if os.Getenv("RUNC_DMZ") == "legacy" { + logrus.Debugf("RUNC_DMZ=legacy set -- switching back to classic /proc/self/exe cloning") + return nil, ErrNoDmzBinary + } + return CloneBinary(rdr, int64(rdr.Len()), "runc-dmz", tmpDir) +} diff --git a/libcontainer/dmz/dmz_unsupported.go b/libcontainer/dmz/dmz_unsupported.go new file mode 100644 index 00000000000..2ba67270495 --- /dev/null +++ b/libcontainer/dmz/dmz_unsupported.go @@ -0,0 +1,12 @@ +//go:build !linux || runc_nodmz +// +build !linux runc_nodmz + +package dmz + +import ( + "os" +) + +func Binary(_ string) (*os.File, error) { + return nil, ErrNoDmzBinary +} diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go index 732f64dc660..a24be276878 100644 --- a/libcontainer/init_linux.go +++ b/libcontainer/init_linux.go @@ -182,6 +182,17 @@ func startInitialization() (retErr error) { return err } + // Get runc-dmz fds. + var dmzExe *os.File + if dmzFdStr := os.Getenv("_LIBCONTAINER_DMZEXEFD"); dmzFdStr != "" { + dmzFd, err := strconv.Atoi(dmzFdStr) + if err != nil { + return fmt.Errorf("unable to convert _LIBCONTAINER_DMZEXEFD: %w", err) + } + unix.CloseOnExec(dmzFd) + dmzExe = os.NewFile(uintptr(dmzFd), "runc-dmz") + } + // clear the current process's environment to clean any libcontainer // specific env vars. os.Clearenv() @@ -197,10 +208,10 @@ func startInitialization() (retErr error) { }() // If init succeeds, it will not return, hence none of the defers will be called. - return containerInit(it, pipe, consoleSocket, fifofd, logFD, mountFds{sourceFds: mountSrcFds, idmapFds: idmapFds}) + return containerInit(it, pipe, consoleSocket, fifofd, logFD, dmzExe, mountFds{sourceFds: mountSrcFds, idmapFds: idmapFds}) } -func containerInit(t initType, pipe *os.File, consoleSocket *os.File, fifoFd, logFd int, mountFds mountFds) error { +func containerInit(t initType, pipe *os.File, consoleSocket *os.File, fifoFd, logFd int, dmzExe *os.File, mountFds mountFds) error { var config *initConfig if err := json.NewDecoder(pipe).Decode(&config); err != nil { return err @@ -208,6 +219,7 @@ func containerInit(t initType, pipe *os.File, consoleSocket *os.File, fifoFd, lo if err := populateProcessEnvironment(config.Env); err != nil { return err } + switch t { case initSetns: // mount and idmap fds must be nil in this case. We don't mount while doing runc exec. @@ -220,6 +232,7 @@ func containerInit(t initType, pipe *os.File, consoleSocket *os.File, fifoFd, lo consoleSocket: consoleSocket, config: config, logFd: logFd, + dmzExe: dmzExe, } return i.Init() case initStandard: @@ -230,6 +243,7 @@ func containerInit(t initType, pipe *os.File, consoleSocket *os.File, fifoFd, lo config: config, fifoFd: fifoFd, logFd: logFd, + dmzExe: dmzExe, mountFds: mountFds, } return i.Init() diff --git a/libcontainer/setns_init_linux.go b/libcontainer/setns_init_linux.go index 40a47a2e95c..7709219300b 100644 --- a/libcontainer/setns_init_linux.go +++ b/libcontainer/setns_init_linux.go @@ -4,6 +4,7 @@ import ( "errors" "fmt" "os" + "os/exec" "strconv" "github.com/opencontainers/selinux/go-selinux" @@ -23,6 +24,7 @@ type linuxSetnsInit struct { consoleSocket *os.File config *initConfig logFd int + dmzExe *os.File } func (l *linuxSetnsInit) getSessionRingName() string { @@ -85,6 +87,18 @@ func (l *linuxSetnsInit) Init() error { if err := apparmor.ApplyProfile(l.config.AppArmorProfile); err != nil { return err } + // Check for the arg early to make sure it exists. + name, err := exec.LookPath(l.config.Args[0]) + if err != nil { + return err + } + // exec.LookPath in Go < 1.20 might return no error for an executable + // residing on a file system mounted with noexec flag, so perform this + // extra check now while we can still return a proper error. + // TODO: remove this once go < 1.20 is not supported. + if err := eaccess(name); err != nil { + return &os.PathError{Op: "eaccess", Path: name, Err: err} + } // Set seccomp as close to execve as possible, so as few syscalls take // place afterward (reducing the amount of syscalls that users need to // enable in their seccomp profiles). @@ -98,10 +112,15 @@ func (l *linuxSetnsInit) Init() error { } } logrus.Debugf("setns_init: about to exec") + // Close the log pipe fd so the parent's ForwardLogs can exit. if err := unix.Close(l.logFd); err != nil { return &os.PathError{Op: "close log pipe", Path: "fd " + strconv.Itoa(l.logFd), Err: err} } - return system.Execv(l.config.Args[0], l.config.Args[0:], os.Environ()) + if l.dmzExe != nil { + l.config.Args[0] = name + return system.Fexecve(l.dmzExe.Fd(), l.config.Args, os.Environ()) + } + return system.Exec(name, l.config.Args, os.Environ()) } diff --git a/libcontainer/standard_init_linux.go b/libcontainer/standard_init_linux.go index c64173ecfc3..4eb3d8db435 100644 --- a/libcontainer/standard_init_linux.go +++ b/libcontainer/standard_init_linux.go @@ -25,6 +25,7 @@ type linuxStandardInit struct { parentPid int fifoFd int logFd int + dmzExe *os.File mountFds mountFds config *initConfig } @@ -262,5 +263,9 @@ func (l *linuxStandardInit) Init() error { return err } - return system.Exec(name, l.config.Args[0:], os.Environ()) + if l.dmzExe != nil { + l.config.Args[0] = name + return system.Fexecve(l.dmzExe.Fd(), l.config.Args, os.Environ()) + } + return system.Exec(name, l.config.Args, os.Environ()) } diff --git a/libcontainer/system/kernelversion/kernel_linux.go b/libcontainer/system/kernelversion/kernel_linux.go new file mode 100644 index 00000000000..ca5d4130d0c --- /dev/null +++ b/libcontainer/system/kernelversion/kernel_linux.go @@ -0,0 +1,94 @@ +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + + File copied and customized based on + https://github.com/moby/moby/tree/v20.10.14/profiles/seccomp/kernel_linux.go + + File copied from + https://github.com/containerd/containerd/blob/v1.7.5/contrib/seccomp/kernelversion/kernel_linux.go +*/ + +package kernelversion + +import ( + "bytes" + "fmt" + "sync" + + "golang.org/x/sys/unix" +) + +// KernelVersion holds information about the kernel. +type KernelVersion struct { + Kernel uint64 // Version of the Kernel (i.e., the "4" in "4.1.2-generic") + Major uint64 // Major revision of the Kernel (i.e., the "1" in "4.1.2-generic") +} + +func (k *KernelVersion) String() string { + if k.Kernel > 0 || k.Major > 0 { + return fmt.Sprintf("%d.%d", k.Kernel, k.Major) + } + return "" +} + +var ( + currentKernelVersion *KernelVersion + kernelVersionError error + once sync.Once +) + +// getKernelVersion gets the current kernel version. +func getKernelVersion() (*KernelVersion, error) { + once.Do(func() { + var uts unix.Utsname + if err := unix.Uname(&uts); err != nil { + return + } + // Remove the \x00 from the release for Atoi to parse correctly + currentKernelVersion, kernelVersionError = parseRelease(string(uts.Release[:bytes.IndexByte(uts.Release[:], 0)])) + }) + return currentKernelVersion, kernelVersionError +} + +// parseRelease parses a string and creates a KernelVersion based on it. +func parseRelease(release string) (*KernelVersion, error) { + var version KernelVersion + + // We're only make sure we get the "kernel" and "major revision". Sometimes we have + // 3.12.25-gentoo, but sometimes we just have 3.12-1-amd64. + _, err := fmt.Sscanf(release, "%d.%d", &version.Kernel, &version.Major) + if err != nil { + return nil, fmt.Errorf("failed to parse kernel version %q: %w", release, err) + } + return &version, nil +} + +// GreaterEqualThan checks if the host's kernel version is greater than, or +// equal to the given kernel version v. Only "kernel version" and "major revision" +// can be specified (e.g., "3.12") and will be taken into account, which means +// that 3.12.25-gentoo and 3.12-1-amd64 are considered equal (kernel: 3, major: 12). +func GreaterEqualThan(minVersion KernelVersion) (bool, error) { + kv, err := getKernelVersion() + if err != nil { + return false, err + } + if kv.Kernel > minVersion.Kernel { + return true, nil + } + if kv.Kernel == minVersion.Kernel && kv.Major >= minVersion.Major { + return true, nil + } + return false, nil +} diff --git a/libcontainer/system/kernelversion/kernel_linux_test.go b/libcontainer/system/kernelversion/kernel_linux_test.go new file mode 100644 index 00000000000..a18f1f2226f --- /dev/null +++ b/libcontainer/system/kernelversion/kernel_linux_test.go @@ -0,0 +1,140 @@ +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + + File copied and customized based on + https://github.com/moby/moby/tree/v20.10.14/profiles/seccomp/kernel_linux_test.go +*/ + +package kernelversion + +import ( + "fmt" + "testing" +) + +func TestGetKernelVersion(t *testing.T) { + version, err := getKernelVersion() + if err != nil { + t.Fatal(err) + } + if version == nil { + t.Fatal("version is nil") + } + if version.Kernel == 0 { + t.Fatal("no kernel version") + } +} + +func TestParseRelease(t *testing.T) { + tests := []struct { + in string + out KernelVersion + expectedErr error + }{ + {in: "3.8", out: KernelVersion{Kernel: 3, Major: 8}}, + {in: "3.8.0", out: KernelVersion{Kernel: 3, Major: 8}}, + {in: "3.8.0-19-generic", out: KernelVersion{Kernel: 3, Major: 8}}, + {in: "3.4.54.longterm-1", out: KernelVersion{Kernel: 3, Major: 4}}, + {in: "3.10.0-862.2.3.el7.x86_64", out: KernelVersion{Kernel: 3, Major: 10}}, + {in: "3.12.8tag", out: KernelVersion{Kernel: 3, Major: 12}}, + {in: "3.12-1-amd64", out: KernelVersion{Kernel: 3, Major: 12}}, + {in: "3.12foobar", out: KernelVersion{Kernel: 3, Major: 12}}, + {in: "99.999.999-19-generic", out: KernelVersion{Kernel: 99, Major: 999}}, + {in: "", expectedErr: fmt.Errorf(`failed to parse kernel version "": EOF`)}, + {in: "3", expectedErr: fmt.Errorf(`failed to parse kernel version "3": unexpected EOF`)}, + {in: "3.", expectedErr: fmt.Errorf(`failed to parse kernel version "3.": EOF`)}, + {in: "3a", expectedErr: fmt.Errorf(`failed to parse kernel version "3a": input does not match format`)}, + {in: "3.a", expectedErr: fmt.Errorf(`failed to parse kernel version "3.a": expected integer`)}, + {in: "a", expectedErr: fmt.Errorf(`failed to parse kernel version "a": expected integer`)}, + {in: "a.a", expectedErr: fmt.Errorf(`failed to parse kernel version "a.a": expected integer`)}, + {in: "a.a.a-a", expectedErr: fmt.Errorf(`failed to parse kernel version "a.a.a-a": expected integer`)}, + {in: "-3", expectedErr: fmt.Errorf(`failed to parse kernel version "-3": expected integer`)}, + {in: "-3.", expectedErr: fmt.Errorf(`failed to parse kernel version "-3.": expected integer`)}, + {in: "-3.8", expectedErr: fmt.Errorf(`failed to parse kernel version "-3.8": expected integer`)}, + {in: "-3.-8", expectedErr: fmt.Errorf(`failed to parse kernel version "-3.-8": expected integer`)}, + {in: "3.-8", expectedErr: fmt.Errorf(`failed to parse kernel version "3.-8": expected integer`)}, + } + for _, tc := range tests { + tc := tc + t.Run(tc.in, func(t *testing.T) { + version, err := parseRelease(tc.in) + if tc.expectedErr != nil { + if err == nil { + t.Fatal("expected an error") + } + if err.Error() != tc.expectedErr.Error() { + t.Fatalf("expected: %s, got: %s", tc.expectedErr, err) + } + return + } + if err != nil { + t.Fatal("unexpected error:", err) + } + if version == nil { + t.Fatal("version is nil") + } + if version.Kernel != tc.out.Kernel || version.Major != tc.out.Major { + t.Fatalf("expected: %d.%d, got: %d.%d", tc.out.Kernel, tc.out.Major, version.Kernel, version.Major) + } + }) + } +} + +func TestGreaterEqualThan(t *testing.T) { + // Get the current kernel version, so that we can make test relative to that + v, err := getKernelVersion() + if err != nil { + t.Fatal(err) + } + + tests := []struct { + doc string + in KernelVersion + expected bool + }{ + { + doc: "same version", + in: KernelVersion{v.Kernel, v.Major}, + expected: true, + }, + { + doc: "kernel minus one", + in: KernelVersion{v.Kernel - 1, v.Major}, + expected: true, + }, + { + doc: "kernel plus one", + in: KernelVersion{v.Kernel + 1, v.Major}, + expected: false, + }, + { + doc: "major plus one", + in: KernelVersion{v.Kernel, v.Major + 1}, + expected: false, + }, + } + for _, tc := range tests { + tc := tc + t.Run(tc.doc+": "+tc.in.String(), func(t *testing.T) { + ok, err := GreaterEqualThan(tc.in) + if err != nil { + t.Fatal("unexpected error:", err) + } + if ok != tc.expected { + t.Fatalf("expected: %v, got: %v", tc.expected, ok) + } + }) + } +} diff --git a/libcontainer/system/linux.go b/libcontainer/system/linux.go index 5acaa4df384..8f52496e9bb 100644 --- a/libcontainer/system/linux.go +++ b/libcontainer/system/linux.go @@ -7,6 +7,8 @@ import ( "fmt" "os" "os/exec" + "strconv" + "syscall" "unsafe" "github.com/sirupsen/logrus" @@ -38,7 +40,6 @@ func Execv(cmd string, args []string, env []string) error { if err != nil { return err } - return Exec(name, args, env) } @@ -51,6 +52,49 @@ func Exec(cmd string, args []string, env []string) error { } } +func execveat(fd uintptr, pathname string, args []string, env []string, flags int) error { + pathnamep, err := syscall.BytePtrFromString(pathname) + if err != nil { + return err + } + + argvp, err := syscall.SlicePtrFromStrings(args) + if err != nil { + return err + } + + envp, err := syscall.SlicePtrFromStrings(env) + if err != nil { + return err + } + + _, _, errno := syscall.Syscall6( + unix.SYS_EXECVEAT, + fd, + uintptr(unsafe.Pointer(pathnamep)), + uintptr(unsafe.Pointer(&argvp[0])), + uintptr(unsafe.Pointer(&envp[0])), + uintptr(flags), + 0, + ) + return errno +} + +func Fexecve(fd uintptr, args []string, env []string) error { + var err error + for { + err = execveat(fd, "", args, env, unix.AT_EMPTY_PATH) + if err != unix.EINTR { // nolint:errorlint // unix errors are bare + break + } + } + if err == unix.ENOSYS { // nolint:errorlint // unix errors are bare + // Fallback to classic /proc/self/fd/... exec. + return Exec("/proc/self/fd/"+strconv.Itoa(int(fd)), args, env) + } + return os.NewSyscallError("execveat", err) +} + func SetParentDeathSignal(sig uintptr) error { if err := unix.Prctl(unix.PR_SET_PDEATHSIG, sig, 0, 0, 0); err != nil { return err From b9a4727f54c02bda3e3ad87b6340980cc73f9b42 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Tue, 11 Jul 2023 22:20:48 +1000 Subject: [PATCH 0382/1176] contrib: memfd-bind: add helper for memfd-sealed-bind trick This really isn't ideal but it can be used to avoid the largest issues with the memfd-based runc binary protection. There are several caveats with using this tool, see the help page for the new binary for details. Signed-off-by: Aleksa Sarai --- .gitignore | 9 +- Makefile | 7 +- README.md | 4 +- contrib/cmd/memfd-bind/README.md | 67 ++++++ contrib/cmd/memfd-bind/memfd-bind.go | 240 +++++++++++++++++++++ contrib/cmd/memfd-bind/memfd-bind@.service | 11 + 6 files changed, 330 insertions(+), 8 deletions(-) create mode 100644 contrib/cmd/memfd-bind/README.md create mode 100644 contrib/cmd/memfd-bind/memfd-bind.go create mode 100644 contrib/cmd/memfd-bind/memfd-bind@.service diff --git a/.gitignore b/.gitignore index 4df0d6abfde..f022ed275cd 100644 --- a/.gitignore +++ b/.gitignore @@ -1,10 +1,11 @@ vendor/pkg /runc /runc-* -contrib/cmd/recvtty/recvtty -contrib/cmd/sd-helper/sd-helper -contrib/cmd/seccompagent/seccompagent -contrib/cmd/fs-idmap/fs-idmap +/contrib/cmd/recvtty/recvtty +/contrib/cmd/sd-helper/sd-helper +/contrib/cmd/seccompagent/seccompagent +/contrib/cmd/fs-idmap/fs-idmap +/contrib/cmd/memfd-bind/memfd-bind man/man8 release Vagrantfile diff --git a/Makefile b/Makefile index d39df7d0752..d3c1c11cb86 100644 --- a/Makefile +++ b/Makefile @@ -67,9 +67,9 @@ runc: runc-dmz $(GO_BUILD) -o runc . make verify-dmz-arch -all: runc recvtty sd-helper seccompagent fs-idmap +all: runc recvtty sd-helper seccompagent fs-idmap memfd-bind -recvtty sd-helper seccompagent fs-idmap: +recvtty sd-helper seccompagent fs-idmap memfd-bind: $(GO_BUILD) -o contrib/cmd/$@/$@ ./contrib/cmd/$@ static: runc-dmz @@ -161,10 +161,11 @@ install-man: man clean: rm -f runc runc-* libcontainer/dmz/runc-dmz + rm -f contrib/cmd/fs-idmap/fs-idmap rm -f contrib/cmd/recvtty/recvtty rm -f contrib/cmd/sd-helper/sd-helper rm -f contrib/cmd/seccompagent/seccompagent - rm -f contrib/cmd/fs-idmap/fs-idmap + rm -f contrib/cmd/memfd-bind/memfd-bind sudo rm -rf release rm -rf man/man8 diff --git a/README.md b/README.md index da9786632da..827f837e06f 100644 --- a/README.md +++ b/README.md @@ -68,13 +68,15 @@ make BUILDTAGS="" | Build Tag | Feature | Enabled by Default | Dependencies | |---------------|---------------------------------------|--------------------|---------------------| | `seccomp` | Syscall filtering using `libseccomp`. | yes | `libseccomp` | -| `!runc_nodmz` | Reduce memory usage for CVE-2019-5736 protection by using a small C binary. `runc_nodmz` disables this feature and causes runc to use a different protection mechanism which will further increases memory usage temporarily during container startup. This feature can also be disabled at runtime by setting the `RUNC_DMZ=legacy` environment variable. | yes || +| `!runc_nodmz` | Reduce memory usage for CVE-2019-5736 protection by using a small C binary, [see `memfd-bind` for more details][contrib-memfd-bind]. `runc_nodmz` disables this feature and causes runc to use a different protection mechanism which will further increases memory usage temporarily during container startup. This feature can also be disabled at runtime by setting the `RUNC_DMZ=legacy` environment variable. | yes || The following build tags were used earlier, but are now obsoleted: - **nokmem** (since runc v1.0.0-rc94 kernel memory settings are ignored) - **apparmor** (since runc v1.0.0-rc93 the feature is always enabled) - **selinux** (since runc v1.0.0-rc93 the feature is always enabled) + [contrib-memfd-bind]: /contrib/memfd-bind/README.md + ### Running the test suite `runc` currently supports running its test suite via Docker. diff --git a/contrib/cmd/memfd-bind/README.md b/contrib/cmd/memfd-bind/README.md new file mode 100644 index 00000000000..f2ceae2fa78 --- /dev/null +++ b/contrib/cmd/memfd-bind/README.md @@ -0,0 +1,67 @@ +## memfd-bind ## + +`runc` normally has to make a binary copy of itself (or of a smaller helper +binary called `runc-dmz`) when constructing a container process in order to +defend against certain container runtime attacks such as CVE-2019-5736. + +This cloned binary only exists until the container process starts (this means +for `runc run` and `runc exec`, it only exists for a few hundred milliseconds +-- for `runc create` it exists until `runc start` is called). However, because +the clone is done using a memfd (or by creating files in directories that are +likely to be a `tmpfs`), this can lead to temporary increases in *host* memory +usage. Unless you are running on a cgroupv1 system with the cgroupv1 memory +controller enabled and the (deprecated) `memory.move_charge_at_immigrate` +enabled, there is no effect on the container's memory. + +However, for certain configurations this can still be undesirable. This daemon +allows you to create a sealed memfd copy of the `runc` binary, which will cause +`runc` to skip all binary copying, resulting in no additional memory usage for +each container process (instead there is a single in-memory copy of the +binary). It should be noted that (strictly speaking) this is slightly less +secure if you are concerned about Dirty Cow-like 0-day kernel vulnerabilities, +but for most users the security benefit is identical. + +The provided `memfd-bind@.service` file can be used to get systemd to manage +this daemon. You can supply the path like so: + +``` +% systemctl start memfd-bind@/usr/bin/runc +``` + +Thus, there are three ways of protecting against CVE-2019-5736, in order of how +much memory usage they can use: + +* `memfd-bind` only creates a single in-memory copy of the `runc` binary (about + 10MB), regardless of how many containers are running. + +* `runc-dmz` is (depending on which libc it was compiled with) between 10kB and + 1MB in size, and a copy is created once per process spawned inside a + container by runc (both the pid1 and every `runc exec`). There are + circumstances where using `runc-dmz` will fail in ways that runc cannot + predict ahead of time (such as restrictive LSMs applied to containers), in + which case users can disable it with the `RUNC_DMZ=legacy` setting. + `runc-dmz` also requires an additional `execve` over the other options, + though since the binary is so small the cost is probably not even noticeable. + +* The classic method of making a copy of the entire `runc` binary during + container process setup takes up about 10MB per process spawned inside the + container by runc (both pid1 and `runc exec`). + +### Caveats ### + +There are several downsides with using `memfd-bind` on the `runc` binary: + +* The `memfd-bind` process needs to continue to run indefinitely in order for + the memfd reference to stay alive. If the process is forcefully killed, the + bind-mount on top of the `runc` binary will become stale and nobody will be + able to execute it (you can use `memfd-bind --cleanup` to clean up the stale + mount). + +* Only root can execute the cloned binary due to permission restrictions on + accessing other process's files. More specifically, only users with ptrace + privileges over the memfd-bind daemon can access the file (but in practice + this is usually only root). + +* When updating `runc`, the daemon needs to be stopped before the update (so + the package manager can access the underlying file) and then restarted after + the update. diff --git a/contrib/cmd/memfd-bind/memfd-bind.go b/contrib/cmd/memfd-bind/memfd-bind.go new file mode 100644 index 00000000000..e73739f0c4d --- /dev/null +++ b/contrib/cmd/memfd-bind/memfd-bind.go @@ -0,0 +1,240 @@ +/* + * Copyright (c) 2023 SUSE LLC + * Copyright (c) 2023 Aleksa Sarai + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package main + +import ( + "errors" + "fmt" + "io" + "os" + "os/signal" + "runtime" + "strings" + "time" + + "github.com/opencontainers/runc/libcontainer/dmz" + + "github.com/sirupsen/logrus" + "github.com/urfave/cli" + "golang.org/x/sys/unix" +) + +// version will be populated by the Makefile, read from +// VERSION file of the source code. +var version = "" + +// gitCommit will be the hash that the binary was built from +// and will be populated by the Makefile. +var gitCommit = "" + +const ( + usage = `Open Container Initiative contrib/cmd/memfd-bind + +In order to protect against certain container attacks, every runc invocation +that involves creating or joining a container will cause runc to make a copy of +the runc binary in memory (usually to a memfd). While "runc init" is very +short-lived, this extra memory usage can cause problems for containers with +very small memory limits (or containers that have many "runc exec" invocations +applied to them at the same time). + +memfd-bind is a tool to create a persistent memfd-sealed-copy of the runc binary, +which will cause runc to not make its own copy. This means you can get the +benefits of using a sealed memfd as runc's binary (even in a container breakout +attack to get write access to the runc binary, neither the underlying binary +nor the memfd copy can be changed). + +To use memfd-bind, just specify which path you want to create a socket path at +which you want to receive terminals: + + $ sudo memfd-bind /usr/bin/runc + +Note that (due to kernel restrictions on bind-mounts), this program must remain +running on the host in order for the binary to be readable (it is recommended +you use a systemd unit to keep this process around). + +If this program dies, there will be a leftover mountpoint that always returns +-EINVAL when attempting to access it. You need to use memfd-bind --cleanup on the +path in order to unmount the path (regular umount(8) will not work): + + $ sudo memfd-bind --cleanup /usr/bin/runc + +Note that (due to restrictions on /proc/$pid/fd/$fd magic-link resolution), +only privileged users (specifically, those that have ptrace privileges over the +memfd-bind daemon) can access the memfd bind-mount. This means that using this +tool to harden your /usr/bin/runc binary would result in unprivileged users +being unable to execute the binary. If this is an issue, you could make all +privileged process use a different copy of runc (by making a copy in somewhere +like /usr/sbin/runc) and only using memfd-bind for the version used by +privileged users. +` +) + +func cleanup(path string) error { + file, err := os.OpenFile(path, unix.O_PATH|unix.O_NOFOLLOW|unix.O_CLOEXEC, 0) + if err != nil { + return fmt.Errorf("cleanup: failed to open runc binary path: %w", err) + } + defer file.Close() + fdPath := fmt.Sprintf("/proc/self/fd/%d", file.Fd()) + + // Keep umounting until we hit a umount error. + for unix.Unmount(fdPath, unix.MNT_DETACH) == nil { + // loop... + logrus.Debugf("memfd-bind: path %q unmount succeeded...", path) + } + logrus.Infof("memfd-bind: path %q has been cleared of all old bind-mounts", path) + return nil +} + +// memfdClone is a memfd-only implementation of dmz.CloneBinary. +func memfdClone(path string) (*os.File, error) { + binFile, err := os.Open(path) + if err != nil { + return nil, fmt.Errorf("failed to open runc binary path: %w", err) + } + defer binFile.Close() + stat, err := binFile.Stat() + if err != nil { + return nil, fmt.Errorf("checking %s size: %w", path, err) + } + size := stat.Size() + memfd, sealFn, err := dmz.Memfd("/proc/self/exe") + if err != nil { + return nil, fmt.Errorf("creating memfd failed: %w", err) + } + copied, err := io.Copy(memfd, binFile) + if err != nil { + return nil, fmt.Errorf("copy binary: %w", err) + } else if copied != size { + return nil, fmt.Errorf("copied binary size mismatch: %d != %d", copied, size) + } + if err := sealFn(&memfd); err != nil { + return nil, fmt.Errorf("could not seal fd: %w", err) + } + if !dmz.IsCloned(memfd) { + return nil, fmt.Errorf("cloned memfd is not properly sealed") + } + return memfd, nil +} + +func mount(path string) error { + memfdFile, err := memfdClone(path) + if err != nil { + return fmt.Errorf("memfd clone: %w", err) + } + defer memfdFile.Close() + memfdPath := fmt.Sprintf("/proc/self/fd/%d", memfdFile.Fd()) + + // We have to open an O_NOFOLLOW|O_PATH to the memfd magic-link because we + // cannot bind-mount the memfd itself (it's in the internal kernel mount + // namespace and cross-mount-namespace bind-mounts are not allowed). This + // also requires that this program stay alive continuously for the + // magic-link to stay alive... + memfdLink, err := os.OpenFile(memfdPath, unix.O_PATH|unix.O_NOFOLLOW|unix.O_CLOEXEC, 0) + if err != nil { + return fmt.Errorf("mount: failed to /proc/self/fd magic-link for memfd: %w", err) + } + defer memfdLink.Close() + memfdLinkFdPath := fmt.Sprintf("/proc/self/fd/%d", memfdLink.Fd()) + + exeFile, err := os.OpenFile(path, unix.O_PATH|unix.O_NOFOLLOW|unix.O_CLOEXEC, 0) + if err != nil { + return fmt.Errorf("mount: failed to open target runc binary path: %w", err) + } + defer exeFile.Close() + exeFdPath := fmt.Sprintf("/proc/self/fd/%d", exeFile.Fd()) + + err = unix.Mount(memfdLinkFdPath, exeFdPath, "", unix.MS_BIND, "") + if err != nil { + return fmt.Errorf("mount: failed to mount memfd on top of runc binary path target: %w", err) + } + + // If there is a signal we want to do cleanup. + sigCh := make(chan os.Signal, 1) + signal.Notify(sigCh, os.Interrupt, unix.SIGTERM, unix.SIGINT) + go func() { + <-sigCh + logrus.Infof("memfd-bind: exit signal caught! cleaning up the bind-mount on %q...", path) + _ = cleanup(path) + os.Exit(0) + }() + + // Clean up things we don't need... + _ = exeFile.Close() + _ = memfdLink.Close() + + // We now have to stay alive to keep the magic-link alive... + logrus.Infof("memfd-bind: bind-mount of memfd over %q created -- looping forever!", path) + for { + // loop forever... + time.Sleep(time.Duration(1<<63 - 1)) + // make sure the memfd isn't gc'd + runtime.KeepAlive(memfdFile) + } +} + +func main() { + app := cli.NewApp() + app.Name = "memfd-bind" + app.Usage = usage + + // Set version to be the same as runC. + var v []string + if version != "" { + v = append(v, version) + } + if gitCommit != "" { + v = append(v, "commit: "+gitCommit) + } + app.Version = strings.Join(v, "\n") + + // Set the flags. + app.Flags = []cli.Flag{ + cli.BoolFlag{ + Name: "cleanup", + Usage: "Do not create a new memfd-sealed file, only clean up an existing one at .", + }, + cli.BoolFlag{ + Name: "debug", + Usage: "Enable debug logging.", + }, + } + + app.Action = func(ctx *cli.Context) error { + args := ctx.Args() + if len(args) != 1 { + return errors.New("need to specify a single path to the runc binary") + } + path := ctx.Args()[0] + + if ctx.Bool("debug") { + logrus.SetLevel(logrus.DebugLevel) + } + + err := cleanup(path) + // We only care about cleanup errors when doing --cleanup. + if ctx.Bool("cleanup") { + return err + } + return mount(path) + } + if err := app.Run(os.Args); err != nil { + fmt.Fprintf(os.Stderr, "memfd-bind: %v\n", err) + os.Exit(1) + } +} diff --git a/contrib/cmd/memfd-bind/memfd-bind@.service b/contrib/cmd/memfd-bind/memfd-bind@.service new file mode 100644 index 00000000000..591548ea4d9 --- /dev/null +++ b/contrib/cmd/memfd-bind/memfd-bind@.service @@ -0,0 +1,11 @@ +[Unit] +Description=Manage memfd-bind of %I +Documentation=https://github.com/opencontainers/runc + +[Service] +Type=simple +ExecStart=memfd-bind "%I" +ExecStop=memfd-bind --cleanup "%I" + +[Install] +WantedBy=multi-user.target From 6be763eeaa89df33d54f865ffc21372262b4806e Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Sat, 19 Aug 2023 00:01:55 +1000 Subject: [PATCH 0383/1176] tests: integration: fix capability setting for CAP_DAC_OVERRIDE Due to the way capabilities have to be set by runc, capabilities need to be included in the inheritable and ambient sets anyway. Otherwise, the container process would not have the correct privileges. This test only functioned because adding CAP_DAC_OVERRIDE to the inherited, permissible, and bounding sets means that only "runc init" has these capabilities -- everything other than the bounding set is cleared on the first execve(). This breaks with runc-dmz, but the behaviour was broken from the outset. Docker appears to not handle this properly at all (the logic for capability sets changed with the introduction of ambient capabilities, and while Docker was updated it seems the behaviour is still incorrect for non-root users). Signed-off-by: Aleksa Sarai --- tests/integration/start_hello.bats | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/integration/start_hello.bats b/tests/integration/start_hello.bats index 87005484748..6fbb893e695 100644 --- a/tests/integration/start_hello.bats +++ b/tests/integration/start_hello.bats @@ -58,6 +58,8 @@ function teardown() { # Enable CAP_DAC_OVERRIDE. update_config ' .process.capabilities.bounding += ["CAP_DAC_OVERRIDE"] | .process.capabilities.effective += ["CAP_DAC_OVERRIDE"] + | .process.capabilities.inheritable += ["CAP_DAC_OVERRIDE"] + | .process.capabilities.ambient += ["CAP_DAC_OVERRIDE"] | .process.capabilities.permitted += ["CAP_DAC_OVERRIDE"]' runc run test_busybox From f8348f64ae2789edd1a930b449cc7e11bbc54b0e Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Sat, 16 Sep 2023 15:28:52 +1000 Subject: [PATCH 0384/1176] tests: integration: add runc-dmz smoke tests Signed-off-by: Aleksa Sarai --- libcontainer/container_linux.go | 2 ++ tests/integration/helpers.bash | 10 ++++-- tests/integration/run.bats | 34 ++++++++++++++++++++ tests/integration/seccomp-notify-compat.bats | 4 +-- 4 files changed, 45 insertions(+), 5 deletions(-) diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index e10ca2332ff..ae5d4fb46b4 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -524,6 +524,7 @@ func (c *Container) newParentProcess(p *Process) (parentProcess, error) { // runc-dmz. exePath = "/proc/self/exe" p.clonedExes = append(p.clonedExes, dmzExe) + logrus.Debug("runc-dmz: using runc-dmz") // used for tests } else if errors.Is(err, dmz.ErrNoDmzBinary) { logrus.Debug("runc-dmz binary not embedded in runc binary, falling back to /proc/self/exe clone") } else if err != nil { @@ -542,6 +543,7 @@ func (c *Container) newParentProcess(p *Process) (parentProcess, error) { } exePath = "/proc/self/fd/" + strconv.Itoa(int(safeExe.Fd())) p.clonedExes = append(p.clonedExes, safeExe) + logrus.Debug("runc-dmz: using /proc/self/exe clone") // used for tests } // Just to make sure we don't run without protection. if dmzExe == nil && safeExe == nil { diff --git a/tests/integration/helpers.bash b/tests/integration/helpers.bash index cd08fb2459f..7e6399a47b8 100755 --- a/tests/integration/helpers.bash +++ b/tests/integration/helpers.bash @@ -646,12 +646,16 @@ function teardown_bundle() { remove_parent } -function requires_kernel() { +function is_kernel_gte() { local major_required minor_required major_required=$(echo "$1" | cut -d. -f1) minor_required=$(echo "$1" | cut -d. -f2) - if [[ "$KERNEL_MAJOR" -lt $major_required || ("$KERNEL_MAJOR" -eq $major_required && "$KERNEL_MINOR" -lt $minor_required) ]]; then - skip "requires kernel $1" + [[ "$KERNEL_MAJOR" -gt $major_required || ("$KERNEL_MAJOR" -eq $major_required && "$KERNEL_MINOR" -ge $minor_required) ]] +} + +function requires_kernel() { + if ! is_kernel_gte "$@"; then + skip "requires kernel >= $1" fi } diff --git a/tests/integration/run.bats b/tests/integration/run.bats index 9f1f1d8bc74..baf91fb00cd 100644 --- a/tests/integration/run.bats +++ b/tests/integration/run.bats @@ -126,3 +126,37 @@ function teardown() { [ "$status" -eq 0 ] [ "$output" = "410" ] } + +@test "runc run [runc-dmz]" { + runc --debug run test_hello + [ "$status" -eq 0 ] + [[ "$output" = *"Hello World"* ]] + # We use runc-dmz if we can. + [[ "$output" = *"runc-dmz: using runc-dmz"* ]] +} + +@test "runc run [cap_sys_ptrace -> /proc/self/exe clone]" { + # Add CAP_SYS_PTRACE to the bounding set, the minimum needed to indicate a + # container process _could_ get CAP_SYS_PTRACE. + update_config '.process.capabilities.bounding += ["CAP_SYS_PTRACE"]' + + runc --debug run test_hello + [ "$status" -eq 0 ] + [[ "$output" = *"Hello World"* ]] + if [ "$EUID" -ne 0 ] && is_kernel_gte 4.10; then + # For Linux 4.10 and later, rootless containers will use runc-dmz + # because they are running in a user namespace. See isDmzBinarySafe(). + [[ "$output" = *"runc-dmz: using runc-dmz"* ]] + else + # If the container has CAP_SYS_PTRACE and is not rootless, we use + # /proc/self/exe cloning. + [[ "$output" = *"runc-dmz: using /proc/self/exe clone"* ]] + fi +} + +@test "RUNC_DMZ=legacy runc run [/proc/self/exe clone]" { + RUNC_DMZ=legacy runc --debug run test_hello + [ "$status" -eq 0 ] + [[ "$output" = *"Hello World"* ]] + [[ "$output" = *"runc-dmz: using /proc/self/exe clone"* ]] +} diff --git a/tests/integration/seccomp-notify-compat.bats b/tests/integration/seccomp-notify-compat.bats index 8d663edda51..6ca3449bffa 100644 --- a/tests/integration/seccomp-notify-compat.bats +++ b/tests/integration/seccomp-notify-compat.bats @@ -3,8 +3,8 @@ load helpers function setup() { - if [[ "$KERNEL_MAJOR" -gt 5 || ("$KERNEL_MAJOR" -eq 5 && "$KERNEL_MINOR" -ge 6) ]]; then - skip "requires kernel less than 5.6" + if is_kernel_gte 5.6; then + skip "requires kernel < 5.6" fi requires arch_x86_64 From 90c8d36afe5c5b6ff181d27c1389990497ffc6ab Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Fri, 22 Sep 2023 15:51:36 +1000 Subject: [PATCH 0385/1176] dmz: use sendfile(2) when cloning /proc/self/exe This results in a 5-20% speedup of dmz.CloneBinary(), depending on the machine. io.Copy: goos: linux goarch: amd64 pkg: github.com/opencontainers/runc/libcontainer/dmz cpu: Intel(R) Core(TM) i5-10210U CPU @ 1.60GHz BenchmarkCloneBinary BenchmarkCloneBinary-8 139 8075074 ns/op PASS ok github.com/opencontainers/runc/libcontainer/dmz 2.286s unix.Sendfile: goos: linux goarch: amd64 pkg: github.com/opencontainers/runc/libcontainer/dmz cpu: Intel(R) Core(TM) i5-10210U CPU @ 1.60GHz BenchmarkCloneBinary BenchmarkCloneBinary-8 192 6382121 ns/op PASS ok github.com/opencontainers/runc/libcontainer/dmz 2.415s Signed-off-by: Aleksa Sarai --- libcontainer/dmz/cloned_binary_linux.go | 2 +- libcontainer/system/linux.go | 40 +++++++++++++++++++++++++ 2 files changed, 41 insertions(+), 1 deletion(-) diff --git a/libcontainer/dmz/cloned_binary_linux.go b/libcontainer/dmz/cloned_binary_linux.go index 133bdefaff7..db5e18a3260 100644 --- a/libcontainer/dmz/cloned_binary_linux.go +++ b/libcontainer/dmz/cloned_binary_linux.go @@ -179,7 +179,7 @@ func CloneBinary(src io.Reader, size int64, name, tmpDir string) (*os.File, erro if err != nil { return nil, err } - copied, err := io.Copy(file, src) + copied, err := system.Copy(file, src) if err != nil { file.Close() return nil, fmt.Errorf("copy binary: %w", err) diff --git a/libcontainer/system/linux.go b/libcontainer/system/linux.go index 8f52496e9bb..318b6edfe81 100644 --- a/libcontainer/system/linux.go +++ b/libcontainer/system/linux.go @@ -5,6 +5,7 @@ package system import ( "fmt" + "io" "os" "os/exec" "strconv" @@ -174,3 +175,42 @@ func ExecutableMemfd(comment string, flags int) (*os.File, error) { } return os.NewFile(uintptr(memfd), "/memfd:"+comment), nil } + +// Copy is like io.Copy except it uses sendfile(2) if the source and sink are +// both (*os.File) as an optimisation to make copies faster. +func Copy(dst io.Writer, src io.Reader) (copied int64, err error) { + dstFile, _ := dst.(*os.File) + srcFile, _ := src.(*os.File) + + if dstFile != nil && srcFile != nil { + fi, err := srcFile.Stat() + if err != nil { + goto fallback + } + size := fi.Size() + for size > 0 { + n, err := unix.Sendfile(int(dstFile.Fd()), int(srcFile.Fd()), nil, int(size)) + if n > 0 { + size -= int64(n) + copied += int64(n) + } + if err == unix.EINTR { + continue + } + if err != nil { + if copied == 0 { + // If we haven't copied anything so far, we can safely just + // fallback to io.Copy. We could always do the fallback but + // it's safer to error out in the case of a partial copy + // followed by an error (which should never happen). + goto fallback + } + return copied, fmt.Errorf("partial sendfile copy: %w", err) + } + } + return copied, nil + } + +fallback: + return io.Copy(dst, src) +} From 99469eba3e4488ed8eba9154529171f875cc67c1 Mon Sep 17 00:00:00 2001 From: Jordan Rife Date: Sat, 16 Sep 2023 18:10:00 +0000 Subject: [PATCH 0386/1176] Handle kmem.limit_in_bytes removal kmem.limit_in_bytes has been removed in upstream linux and this patch is queued to be backported to linux 6.1 stable: - https://lore.kernel.org/linux-mm/20230705134434.GA156754@cmpxchg.org/T/ - https://www.spinics.net/lists/stable-commits/msg316619.html Without this change to libcontainerd, GetStats() will return an error on the latest kernel(s). A downstream effect is that Kubernetes's kubelet does not start up. This fix was tested by ensuring that it unblocks kubelet startup when running on the latest kernel. Signed-off-by: Jordan Rife --- libcontainer/cgroups/fs/memory.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/libcontainer/cgroups/fs/memory.go b/libcontainer/cgroups/fs/memory.go index b7c75f94138..a0e78074980 100644 --- a/libcontainer/cgroups/fs/memory.go +++ b/libcontainer/cgroups/fs/memory.go @@ -234,6 +234,12 @@ func getMemoryData(path, name string) (cgroups.MemoryData, error) { memoryData.Failcnt = value value, err = fscommon.GetCgroupParamUint(path, limit) if err != nil { + if name == "kmem" && os.IsNotExist(err) { + // Ignore ENOENT as kmem.limit_in_bytes has + // been removed in newer kernels. + return memoryData, nil + } + return cgroups.MemoryData{}, err } memoryData.Limit = value From ccc76713a7614d4386fcc1108147bb768106d70a Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Thu, 17 Aug 2023 15:13:33 +1000 Subject: [PATCH 0387/1176] sync: rename procResume -> procHooksDone The old name was quite confusing, and with the addition of the procMountPlease sync message there are now multiple sync messages that are related to "resuming" runc-init. Signed-off-by: Aleksa Sarai --- libcontainer/init_linux.go | 2 +- libcontainer/process_linux.go | 2 +- libcontainer/sync.go | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go index a24be276878..71956d6dabd 100644 --- a/libcontainer/init_linux.go +++ b/libcontainer/init_linux.go @@ -413,7 +413,7 @@ func syncParentHooks(pipe *os.File) error { return err } // Wait for parent to give the all-clear. - return readSync(pipe, procResume) + return readSync(pipe, procHooksDone) } // syncParentSeccomp sends the fd associated with the seccomp file descriptor diff --git a/libcontainer/process_linux.go b/libcontainer/process_linux.go index 8785d65700f..9ea8ad5b2bc 100644 --- a/libcontainer/process_linux.go +++ b/libcontainer/process_linux.go @@ -568,7 +568,7 @@ func (p *initProcess) start() (retErr error) { } } // Sync with child. - if err := writeSync(p.messageSockPair.parent, procResume); err != nil { + if err := writeSync(p.messageSockPair.parent, procHooksDone); err != nil { return err } default: diff --git a/libcontainer/sync.go b/libcontainer/sync.go index 25507e58ad9..36e657f66d8 100644 --- a/libcontainer/sync.go +++ b/libcontainer/sync.go @@ -23,7 +23,7 @@ type syncType string // --- no return synchronisation // // procHooks --> [run hooks] -// <-- procResume +// <-- procHooksDone // // procReady --> [final setup] // <-- procRun @@ -35,7 +35,7 @@ const ( procReady syncType = "procReady" procRun syncType = "procRun" procHooks syncType = "procHooks" - procResume syncType = "procResume" + procHooksDone syncType = "procHooksDone" procSeccomp syncType = "procSeccomp" procSeccompDone syncType = "procSeccompDone" ) From 8da42aaec275f2ff93c4f7a2f3b08e7ad48a08a3 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Thu, 17 Aug 2023 21:20:33 +1000 Subject: [PATCH 0388/1176] sync: split init config (stream) and synchronisation (seqpacket) pipes We have different requirements for the initial configuration and initWaiter pipe (just send netlink and JSON blobs with no complicated handling needed for message coalescing) and the packet-based synchronisation pipe. Tests with switching everything to SOCK_SEQPACKET lead to endless issues with runc hanging on start-up because random things would try to do short reads (which SOCK_SEQPACKET will not allow and the Go stdlib explicitly treats as a streaming source), so splitting it was the only reasonable solution. Even doing somewhat dodgy tricks such as adding a Read() wrapper which actually calls ReadPacket() and makes it seem like a stream source doesn't work -- and is a bit too magical. One upside is that doing it this way makes the difference between the modes clearer -- INITPIPE is still used for initWaiter syncrhonisation but aside from that all other synchronisation is done by SYNCPIPE. Signed-off-by: Aleksa Sarai --- libcontainer/container_linux.go | 61 +++++++-------- libcontainer/init_linux.go | 42 +++++++---- libcontainer/process_linux.go | 113 +++++++++++++++++----------- libcontainer/rootfs_linux.go | 2 +- libcontainer/setns_init_linux.go | 4 +- libcontainer/standard_init_linux.go | 3 +- libcontainer/sync.go | 63 ++++++++++++---- libcontainer/sync_unix.go | 76 +++++++++++++++++++ libcontainer/utils/utils.go | 3 + libcontainer/utils/utils_unix.go | 2 +- 10 files changed, 258 insertions(+), 111 deletions(-) create mode 100644 libcontainer/sync_unix.go diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index ae5d4fb46b4..618128e2ab6 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -488,17 +488,10 @@ func isDmzBinarySafe(c *configs.Config) bool { } func (c *Container) newParentProcess(p *Process) (parentProcess, error) { - parentInitPipe, childInitPipe, err := utils.NewSockPair("init") + comm, err := newProcessComm() if err != nil { - return nil, fmt.Errorf("unable to create init pipe: %w", err) - } - messageSockPair := filePair{parentInitPipe, childInitPipe} - - parentLogPipe, childLogPipe, err := os.Pipe() - if err != nil { - return nil, fmt.Errorf("unable to create log pipe: %w", err) + return nil, err } - logFilePair := filePair{parentLogPipe, childLogPipe} // Make sure we use a new safe copy of /proc/self/exe or the runc-dmz // binary each time this is called, to make sure that if a container @@ -569,10 +562,15 @@ func (c *Container) newParentProcess(p *Process) (parentProcess, error) { "_LIBCONTAINER_CONSOLE="+strconv.Itoa(stdioFdCount+len(cmd.ExtraFiles)-1), ) } - cmd.ExtraFiles = append(cmd.ExtraFiles, childInitPipe) + cmd.Env = append(cmd.Env, "_LIBCONTAINER_STATEDIR="+c.root) + + cmd.ExtraFiles = append(cmd.ExtraFiles, comm.initSockChild) cmd.Env = append(cmd.Env, "_LIBCONTAINER_INITPIPE="+strconv.Itoa(stdioFdCount+len(cmd.ExtraFiles)-1), - "_LIBCONTAINER_STATEDIR="+c.root, + ) + cmd.ExtraFiles = append(cmd.ExtraFiles, comm.syncSockChild.File()) + cmd.Env = append(cmd.Env, + "_LIBCONTAINER_SYNCPIPE="+strconv.Itoa(stdioFdCount+len(cmd.ExtraFiles)-1), ) if dmzExe != nil { @@ -581,7 +579,7 @@ func (c *Container) newParentProcess(p *Process) (parentProcess, error) { "_LIBCONTAINER_DMZEXEFD="+strconv.Itoa(stdioFdCount+len(cmd.ExtraFiles)-1)) } - cmd.ExtraFiles = append(cmd.ExtraFiles, childLogPipe) + cmd.ExtraFiles = append(cmd.ExtraFiles, comm.logPipeChild) cmd.Env = append(cmd.Env, "_LIBCONTAINER_LOGPIPE="+strconv.Itoa(stdioFdCount+len(cmd.ExtraFiles)-1)) if p.LogLevel != "" { @@ -617,9 +615,9 @@ func (c *Container) newParentProcess(p *Process) (parentProcess, error) { if err := c.includeExecFifo(cmd); err != nil { return nil, fmt.Errorf("unable to setup exec fifo: %w", err) } - return c.newInitProcess(p, cmd, messageSockPair, logFilePair) + return c.newInitProcess(p, cmd, comm) } - return c.newSetnsProcess(p, cmd, messageSockPair, logFilePair) + return c.newSetnsProcess(p, cmd, comm) } // shouldSendMountSources says whether the child process must setup bind mounts with @@ -681,27 +679,27 @@ func (c *Container) shouldSendIdmapSources() bool { return false } -func (c *Container) sendMountSources(cmd *exec.Cmd, messageSockPair filePair) error { +func (c *Container) sendMountSources(cmd *exec.Cmd, comm *processComm) error { if !c.shouldSendMountSources() { return nil } - return c.sendFdsSources(cmd, messageSockPair, "_LIBCONTAINER_MOUNT_FDS", func(m *configs.Mount) bool { + return c.sendFdsSources(cmd, comm, "_LIBCONTAINER_MOUNT_FDS", func(m *configs.Mount) bool { return m.IsBind() && !m.IsIDMapped() }) } -func (c *Container) sendIdmapSources(cmd *exec.Cmd, messageSockPair filePair) error { +func (c *Container) sendIdmapSources(cmd *exec.Cmd, comm *processComm) error { if !c.shouldSendIdmapSources() { return nil } - return c.sendFdsSources(cmd, messageSockPair, "_LIBCONTAINER_IDMAP_FDS", func(m *configs.Mount) bool { + return c.sendFdsSources(cmd, comm, "_LIBCONTAINER_IDMAP_FDS", func(m *configs.Mount) bool { return m.IsBind() && m.IsIDMapped() }) } -func (c *Container) sendFdsSources(cmd *exec.Cmd, messageSockPair filePair, envVar string, condition func(*configs.Mount) bool) error { +func (c *Container) sendFdsSources(cmd *exec.Cmd, comm *processComm, envVar string, condition func(*configs.Mount) bool) error { // Elements on these slices will be paired with mounts (see StartInitialization() and // prepareRootfs()). These slices MUST have the same size as c.config.Mounts. fds := make([]int, len(c.config.Mounts)) @@ -712,11 +710,12 @@ func (c *Container) sendFdsSources(cmd *exec.Cmd, messageSockPair filePair, envV continue } - // The fd passed here will not be used: nsexec.c will overwrite it with dup3(). We just need - // to allocate a fd so that we know the number to pass in the environment variable. The fd - // must not be closed before cmd.Start(), so we reuse messageSockPair.child because the - // lifecycle of that fd is already taken care of. - cmd.ExtraFiles = append(cmd.ExtraFiles, messageSockPair.child) + // The fd passed here will not be used: nsexec.c will overwrite it with + // dup3(). We just need to allocate a fd so that we know the number to + // pass in the environment variable. The fd must not be closed before + // cmd.Start(), so we reuse initSockChild because the lifecycle of that + // fd is already taken care of. + cmd.ExtraFiles = append(cmd.ExtraFiles, comm.initSockChild) fds[i] = stdioFdCount + len(cmd.ExtraFiles) - 1 } fdsJSON, err := json.Marshal(fds) @@ -727,7 +726,7 @@ func (c *Container) sendFdsSources(cmd *exec.Cmd, messageSockPair filePair, envV return nil } -func (c *Container) newInitProcess(p *Process, cmd *exec.Cmd, messageSockPair, logFilePair filePair) (*initProcess, error) { +func (c *Container) newInitProcess(p *Process, cmd *exec.Cmd, comm *processComm) (*initProcess, error) { cmd.Env = append(cmd.Env, "_LIBCONTAINER_INITTYPE="+string(initStandard)) nsMaps := make(map[configs.NamespaceType]string) for _, ns := range c.config.Namespaces { @@ -739,17 +738,16 @@ func (c *Container) newInitProcess(p *Process, cmd *exec.Cmd, messageSockPair, l if err != nil { return nil, err } - if err := c.sendMountSources(cmd, messageSockPair); err != nil { + if err := c.sendMountSources(cmd, comm); err != nil { return nil, err } - if err := c.sendIdmapSources(cmd, messageSockPair); err != nil { + if err := c.sendIdmapSources(cmd, comm); err != nil { return nil, err } init := &initProcess{ cmd: cmd, - messageSockPair: messageSockPair, - logFilePair: logFilePair, + comm: comm, manager: c.cgroupManager, intelRdtManager: c.intelRdtManager, config: c.newInitConfig(p), @@ -761,7 +759,7 @@ func (c *Container) newInitProcess(p *Process, cmd *exec.Cmd, messageSockPair, l return init, nil } -func (c *Container) newSetnsProcess(p *Process, cmd *exec.Cmd, messageSockPair, logFilePair filePair) (*setnsProcess, error) { +func (c *Container) newSetnsProcess(p *Process, cmd *exec.Cmd, comm *processComm) (*setnsProcess, error) { cmd.Env = append(cmd.Env, "_LIBCONTAINER_INITTYPE="+string(initSetns)) state, err := c.currentState() if err != nil { @@ -778,8 +776,7 @@ func (c *Container) newSetnsProcess(p *Process, cmd *exec.Cmd, messageSockPair, cgroupPaths: state.CgroupPaths, rootlessCgroups: c.config.RootlessCgroups, intelRdtPath: state.IntelRdtPath, - messageSockPair: messageSockPair, - logFilePair: logFilePair, + comm: comm, manager: c.cgroupManager, config: c.newInitConfig(p), process: p, diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go index 71956d6dabd..edb112f64bd 100644 --- a/libcontainer/init_linux.go +++ b/libcontainer/init_linux.go @@ -108,20 +108,20 @@ func Init() { // error, it means the initialization has failed. If the error is returned, // it means the error can not be communicated back to the parent. func startInitialization() (retErr error) { - // Get the INITPIPE. - envInitPipe := os.Getenv("_LIBCONTAINER_INITPIPE") - pipefd, err := strconv.Atoi(envInitPipe) + // Get the syncrhonisation pipe. + envSyncPipe := os.Getenv("_LIBCONTAINER_SYNCPIPE") + syncPipeFd, err := strconv.Atoi(envSyncPipe) if err != nil { - return fmt.Errorf("unable to convert _LIBCONTAINER_INITPIPE: %w", err) + return fmt.Errorf("unable to convert _LIBCONTAINER_SYNCPIPE: %w", err) } - pipe := os.NewFile(uintptr(pipefd), "pipe") - defer pipe.Close() + syncPipe := newSyncSocket(os.NewFile(uintptr(syncPipeFd), "sync")) + defer syncPipe.Close() defer func() { // If this defer is ever called, this means initialization has failed. // Send the error back to the parent process in the form of an initError. ierr := initError{Message: retErr.Error()} - if err := writeSyncArg(pipe, procError, ierr); err != nil { + if err := writeSyncArg(syncPipe, procError, ierr); err != nil { fmt.Fprintln(os.Stderr, err) return } @@ -129,6 +129,15 @@ func startInitialization() (retErr error) { retErr = nil }() + // Get the INITPIPE. + envInitPipe := os.Getenv("_LIBCONTAINER_INITPIPE") + initPipeFd, err := strconv.Atoi(envInitPipe) + if err != nil { + return fmt.Errorf("unable to convert _LIBCONTAINER_INITPIPE: %w", err) + } + initPipe := os.NewFile(uintptr(initPipeFd), "init") + defer initPipe.Close() + // Set up logging. This is used rarely, and mostly for init debugging. // Passing log level is optional; currently libcontainer/integration does not do it. @@ -207,15 +216,16 @@ func startInitialization() (retErr error) { } }() + var config initConfig + if err := json.NewDecoder(initPipe).Decode(&config); err != nil { + return err + } + // If init succeeds, it will not return, hence none of the defers will be called. - return containerInit(it, pipe, consoleSocket, fifofd, logFD, dmzExe, mountFds{sourceFds: mountSrcFds, idmapFds: idmapFds}) + return containerInit(it, &config, syncPipe, consoleSocket, fifofd, logFD, dmzExe, mountFds{sourceFds: mountSrcFds, idmapFds: idmapFds}) } -func containerInit(t initType, pipe *os.File, consoleSocket *os.File, fifoFd, logFd int, dmzExe *os.File, mountFds mountFds) error { - var config *initConfig - if err := json.NewDecoder(pipe).Decode(&config); err != nil { - return err - } +func containerInit(t initType, config *initConfig, pipe *syncSocket, consoleSocket *os.File, fifoFd, logFd int, dmzExe *os.File, mountFds mountFds) error { if err := populateProcessEnvironment(config.Env); err != nil { return err } @@ -395,7 +405,7 @@ func setupConsole(socket *os.File, config *initConfig, mount bool) error { // syncParentReady sends to the given pipe a JSON payload which indicates that // the init is ready to Exec the child process. It then waits for the parent to // indicate that it is cleared to Exec. -func syncParentReady(pipe *os.File) error { +func syncParentReady(pipe *syncSocket) error { // Tell parent. if err := writeSync(pipe, procReady); err != nil { return err @@ -407,7 +417,7 @@ func syncParentReady(pipe *os.File) error { // syncParentHooks sends to the given pipe a JSON payload which indicates that // the parent should execute pre-start hooks. It then waits for the parent to // indicate that it is cleared to resume. -func syncParentHooks(pipe *os.File) error { +func syncParentHooks(pipe *syncSocket) error { // Tell parent. if err := writeSync(pipe, procHooks); err != nil { return err @@ -418,7 +428,7 @@ func syncParentHooks(pipe *os.File) error { // syncParentSeccomp sends the fd associated with the seccomp file descriptor // to the parent, and wait for the parent to do pidfd_getfd() to grab a copy. -func syncParentSeccomp(pipe *os.File, seccompFd *os.File) error { +func syncParentSeccomp(pipe *syncSocket, seccompFd *os.File) error { if seccompFd == nil { return nil } diff --git a/libcontainer/process_linux.go b/libcontainer/process_linux.go index 9ea8ad5b2bc..c1b60c49884 100644 --- a/libcontainer/process_linux.go +++ b/libcontainer/process_linux.go @@ -46,15 +46,54 @@ type parentProcess interface { forwardChildLogs() chan error } -type filePair struct { - parent *os.File - child *os.File +type processComm struct { + // Used to send initial configuration to "runc init" and for "runc init" to + // indicate that it is ready. + initSockParent *os.File + initSockChild *os.File + // Used for control messages between parent and "runc init". + syncSockParent *syncSocket + syncSockChild *syncSocket + // Used for log forwarding from "runc init" to the parent. + logPipeParent *os.File + logPipeChild *os.File +} + +func newProcessComm() (*processComm, error) { + var ( + comm processComm + err error + ) + comm.initSockParent, comm.initSockChild, err = utils.NewSockPair("init") + if err != nil { + return nil, fmt.Errorf("unable to create init pipe: %w", err) + } + comm.syncSockParent, comm.syncSockChild, err = newSyncSockpair("sync") + if err != nil { + return nil, fmt.Errorf("unable to create sync pipe: %w", err) + } + comm.logPipeParent, comm.logPipeChild, err = os.Pipe() + if err != nil { + return nil, fmt.Errorf("unable to create log pipe: %w", err) + } + return &comm, nil +} + +func (c *processComm) closeChild() { + _ = c.initSockChild.Close() + _ = c.syncSockChild.Close() + _ = c.logPipeChild.Close() +} + +func (c *processComm) closeParent() { + _ = c.initSockParent.Close() + _ = c.syncSockParent.Close() + // c.logPipeParent is kept alive for ForwardLogs } type setnsProcess struct { cmd *exec.Cmd - messageSockPair filePair - logFilePair filePair + comm *processComm cgroupPaths map[string]string rootlessCgroups bool manager cgroups.Manager @@ -80,18 +119,17 @@ func (p *setnsProcess) signal(sig os.Signal) error { } func (p *setnsProcess) start() (retErr error) { - defer p.messageSockPair.parent.Close() + defer p.comm.closeParent() // get the "before" value of oom kill count oom, _ := p.manager.OOMKillCount() err := p.cmd.Start() - // close the write-side of the pipes (controlled by child) - p.messageSockPair.child.Close() - p.logFilePair.child.Close() + // close the child-side of the pipes (controlled by child) + p.comm.closeChild() if err != nil { return fmt.Errorf("error starting setns process: %w", err) } - waitInit := initWaiter(p.messageSockPair.parent) + waitInit := initWaiter(p.comm.initSockParent) defer func() { if retErr != nil { if newOom, err := p.manager.OOMKillCount(); err == nil && newOom != oom { @@ -110,7 +148,7 @@ func (p *setnsProcess) start() (retErr error) { }() if p.bootstrapData != nil { - if _, err := io.Copy(p.messageSockPair.parent, p.bootstrapData); err != nil { + if _, err := io.Copy(p.comm.initSockParent, p.bootstrapData); err != nil { return fmt.Errorf("error copying bootstrap data to pipe: %w", err) } } @@ -158,11 +196,11 @@ func (p *setnsProcess) start() (retErr error) { if err := setupRlimits(p.config.Rlimits, p.pid()); err != nil { return fmt.Errorf("error setting rlimits for process: %w", err) } - if err := utils.WriteJSON(p.messageSockPair.parent, p.config); err != nil { + if err := utils.WriteJSON(p.comm.initSockParent, p.config); err != nil { return fmt.Errorf("error writing config to pipe: %w", err) } - ierr := parseSync(p.messageSockPair.parent, func(sync *syncT) error { + ierr := parseSync(p.comm.syncSockParent, func(sync *syncT) error { switch sync.Type { case procReady: // This shouldn't happen. @@ -190,7 +228,7 @@ func (p *setnsProcess) start() (retErr error) { // wait for the seccomp notify listener to get the fd before we // permit the child to continue because the child will happily wait // for the listener if it hits SCMP_ACT_NOTIFY. - if err := writeSync(p.messageSockPair.parent, procSeccompDone); err != nil { + if err := writeSync(p.comm.syncSockParent, procSeccompDone); err != nil { return err } @@ -219,8 +257,8 @@ func (p *setnsProcess) start() (retErr error) { return nil }) - if err := unix.Shutdown(int(p.messageSockPair.parent.Fd()), unix.SHUT_WR); err != nil { - return &os.PathError{Op: "shutdown", Path: "(init pipe)", Err: err} + if err := p.comm.syncSockParent.Shutdown(unix.SHUT_WR); err != nil && ierr == nil { + return err } // Must be done after Shutdown so the child will exit and we can wait for it. if ierr != nil { @@ -245,7 +283,7 @@ func (p *setnsProcess) execSetns() error { return &exec.ExitError{ProcessState: status} } var pid *pid - if err := json.NewDecoder(p.messageSockPair.parent).Decode(&pid); err != nil { + if err := json.NewDecoder(p.comm.initSockParent).Decode(&pid); err != nil { _ = p.cmd.Wait() return fmt.Errorf("error reading pid from init pipe: %w", err) } @@ -299,13 +337,12 @@ func (p *setnsProcess) setExternalDescriptors(newFds []string) { } func (p *setnsProcess) forwardChildLogs() chan error { - return logs.ForwardLogs(p.logFilePair.parent) + return logs.ForwardLogs(p.comm.logPipeParent) } type initProcess struct { cmd *exec.Cmd - messageSockPair filePair - logFilePair filePair + comm *processComm config *initConfig manager cgroups.Manager intelRdtManager *intelrdt.Manager @@ -326,7 +363,7 @@ func (p *initProcess) externalDescriptors() []string { // getChildPid receives the final child's pid over the provided pipe. func (p *initProcess) getChildPid() (int, error) { var pid pid - if err := json.NewDecoder(p.messageSockPair.parent).Decode(&pid); err != nil { + if err := json.NewDecoder(p.comm.initSockParent).Decode(&pid); err != nil { _ = p.cmd.Wait() return -1, err } @@ -362,18 +399,17 @@ func (p *initProcess) waitForChildExit(childPid int) error { } func (p *initProcess) start() (retErr error) { - defer p.messageSockPair.parent.Close() //nolint: errcheck + defer p.comm.closeParent() err := p.cmd.Start() p.process.ops = p - // close the write-side of the pipes (controlled by child) - _ = p.messageSockPair.child.Close() - _ = p.logFilePair.child.Close() + // close the child-side of the pipes (controlled by child) + p.comm.closeChild() if err != nil { p.process.ops = nil return fmt.Errorf("unable to start init: %w", err) } - waitInit := initWaiter(p.messageSockPair.parent) + waitInit := initWaiter(p.comm.initSockParent) defer func() { if retErr != nil { // Find out if init is killed by the kernel's OOM killer. @@ -424,7 +460,7 @@ func (p *initProcess) start() (retErr error) { return fmt.Errorf("unable to apply Intel RDT configuration: %w", err) } } - if _, err := io.Copy(p.messageSockPair.parent, p.bootstrapData); err != nil { + if _, err := io.Copy(p.comm.initSockParent, p.bootstrapData); err != nil { return fmt.Errorf("can't copy bootstrap data to pipe: %w", err) } err = <-waitInit @@ -457,12 +493,12 @@ func (p *initProcess) start() (retErr error) { if err := p.updateSpecState(); err != nil { return fmt.Errorf("error updating spec state: %w", err) } - if err := p.sendConfig(); err != nil { + if err := utils.WriteJSON(p.comm.initSockParent, p.config); err != nil { return fmt.Errorf("error sending config to init process: %w", err) } var seenProcReady bool - ierr := parseSync(p.messageSockPair.parent, func(sync *syncT) error { + ierr := parseSync(p.comm.syncSockParent, func(sync *syncT) error { switch sync.Type { case procSeccomp: if p.config.Config.Seccomp.ListenerPath == "" { @@ -484,7 +520,7 @@ func (p *initProcess) start() (retErr error) { // wait for the seccomp notify listener to get the fd before we // permit the child to continue because the child will happily wait // for the listener if it hits SCMP_ACT_NOTIFY. - if err := writeSync(p.messageSockPair.parent, procSeccompDone); err != nil { + if err := writeSync(p.comm.syncSockParent, procSeccompDone); err != nil { return err } @@ -537,7 +573,7 @@ func (p *initProcess) start() (retErr error) { p.container.initProcessStartTime = state.InitProcessStartTime // Sync with child. - if err := writeSync(p.messageSockPair.parent, procRun); err != nil { + if err := writeSync(p.comm.syncSockParent, procRun); err != nil { return err } case procHooks: @@ -568,7 +604,7 @@ func (p *initProcess) start() (retErr error) { } } // Sync with child. - if err := writeSync(p.messageSockPair.parent, procHooksDone); err != nil { + if err := writeSync(p.comm.syncSockParent, procHooksDone); err != nil { return err } default: @@ -577,8 +613,8 @@ func (p *initProcess) start() (retErr error) { return nil }) - if err := unix.Shutdown(int(p.messageSockPair.parent.Fd()), unix.SHUT_WR); err != nil && ierr == nil { - return &os.PathError{Op: "shutdown", Path: "(init pipe)", Err: err} + if err := p.comm.syncSockParent.Shutdown(unix.SHUT_WR); err != nil && ierr == nil { + return err } if !seenProcReady && ierr == nil { ierr = errors.New("procReady not received") @@ -620,13 +656,6 @@ func (p *initProcess) updateSpecState() error { return nil } -func (p *initProcess) sendConfig() error { - // send the config to the container's init process, we don't use JSON Encode - // here because there might be a problem in JSON decoder in some cases, see: - // https://github.com/docker/docker/issues/14203#issuecomment-174177790 - return utils.WriteJSON(p.messageSockPair.parent, p.config) -} - func (p *initProcess) createNetworkInterfaces() error { for _, config := range p.config.Config.Networks { strategy, err := getStrategy(config.Type) @@ -657,7 +686,7 @@ func (p *initProcess) setExternalDescriptors(newFds []string) { } func (p *initProcess) forwardChildLogs() chan error { - return logs.ForwardLogs(p.logFilePair.parent) + return logs.ForwardLogs(p.comm.logPipeParent) } func pidGetFd(pid, srcFd int) (*os.File, error) { diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index 88ecb287c11..d76dadcd842 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -63,7 +63,7 @@ func needsSetupDev(config *configs.Config) bool { // prepareRootfs sets up the devices, mount points, and filesystems for use // inside a new mount namespace. It doesn't set anything as ro. You must call // finalizeRootfs after this function to finish setting up the rootfs. -func prepareRootfs(pipe *os.File, iConfig *initConfig, mountFds mountFds) (err error) { +func prepareRootfs(pipe *syncSocket, iConfig *initConfig, mountFds mountFds) (err error) { config := iConfig.Config if err := prepareRoot(config); err != nil { return fmt.Errorf("error preparing rootfs: %w", err) diff --git a/libcontainer/setns_init_linux.go b/libcontainer/setns_init_linux.go index 7709219300b..82bcfec2aa4 100644 --- a/libcontainer/setns_init_linux.go +++ b/libcontainer/setns_init_linux.go @@ -20,7 +20,7 @@ import ( // linuxSetnsInit performs the container's initialization for running a new process // inside an existing container. type linuxSetnsInit struct { - pipe *os.File + pipe *syncSocket consoleSocket *os.File config *initConfig logFd int @@ -111,9 +111,9 @@ func (l *linuxSetnsInit) Init() error { return err } } - logrus.Debugf("setns_init: about to exec") // Close the log pipe fd so the parent's ForwardLogs can exit. + logrus.Debugf("setns_init: about to exec") if err := unix.Close(l.logFd); err != nil { return &os.PathError{Op: "close log pipe", Path: "fd " + strconv.Itoa(l.logFd), Err: err} } diff --git a/libcontainer/standard_init_linux.go b/libcontainer/standard_init_linux.go index 4eb3d8db435..86750700c60 100644 --- a/libcontainer/standard_init_linux.go +++ b/libcontainer/standard_init_linux.go @@ -20,7 +20,7 @@ import ( ) type linuxStandardInit struct { - pipe *os.File + pipe *syncSocket consoleSocket *os.File parentPid int fifoFd int @@ -231,6 +231,7 @@ func (l *linuxStandardInit) Init() error { _ = l.pipe.Close() // Close the log pipe fd so the parent's ForwardLogs can exit. + logrus.Debugf("init: about to wait on exec fifo") if err := unix.Close(l.logFd); err != nil { return &os.PathError{Op: "close log pipe", Path: "fd " + strconv.Itoa(l.logFd), Err: err} } diff --git a/libcontainer/sync.go b/libcontainer/sync.go index 36e657f66d8..1894e870e53 100644 --- a/libcontainer/sync.go +++ b/libcontainer/sync.go @@ -6,8 +6,11 @@ import ( "fmt" "io" "os" + "strconv" "github.com/opencontainers/runc/libcontainer/utils" + + "github.com/sirupsen/logrus" ) type syncType string @@ -53,6 +56,20 @@ type syncT struct { File *os.File `json:"-"` // passed oob through SCM_RIGHTS } +func (s syncT) String() string { + str := "type:" + string(s.Type) + if s.Flags != 0 { + str += " flags:0b" + strconv.FormatInt(int64(s.Flags), 2) + } + if s.Arg != nil { + str += " arg:" + string(*s.Arg) + } + if s.File != nil { + str += " file:" + s.File.Name() + " (fd:" + strconv.Itoa(int(s.File.Fd())) + ")" + } + return str +} + // initError is used to wrap errors for passing them via JSON, // as encoding/json can't unmarshal into error type. type initError struct { @@ -63,43 +80,56 @@ func (i initError) Error() string { return i.Message } -func doWriteSync(pipe *os.File, sync syncT) error { +func doWriteSync(pipe *syncSocket, sync syncT) error { sync.Flags &= ^syncFlagHasFd if sync.File != nil { sync.Flags |= syncFlagHasFd } - if err := utils.WriteJSON(pipe, sync); err != nil { - return fmt.Errorf("writing sync %q: %w", sync.Type, err) + logrus.Debugf("writing sync %s", sync) + data, err := json.Marshal(sync) + if err != nil { + return fmt.Errorf("marshal sync %v: %w", sync.Type, err) + } + if _, err := pipe.WritePacket(data); err != nil { + return fmt.Errorf("writing sync %v: %w", sync.Type, err) } if sync.Flags&syncFlagHasFd != 0 { - if err := utils.SendFile(pipe, sync.File); err != nil { + logrus.Debugf("writing sync file %s", sync) + if err := utils.SendFile(pipe.File(), sync.File); err != nil { return fmt.Errorf("sending file after sync %q: %w", sync.Type, err) } } return nil } -func writeSync(pipe *os.File, sync syncType) error { +func writeSync(pipe *syncSocket, sync syncType) error { return doWriteSync(pipe, syncT{Type: sync}) } -func writeSyncArg(pipe *os.File, sync syncType, arg interface{}) error { +func writeSyncArg(pipe *syncSocket, sync syncType, arg interface{}) error { argJSON, err := json.Marshal(arg) if err != nil { - return fmt.Errorf("writing sync %q: marshal argument failed: %w", sync, err) + return fmt.Errorf("writing sync %v: marshal argument failed: %w", sync, err) } argJSONMsg := json.RawMessage(argJSON) return doWriteSync(pipe, syncT{Type: sync, Arg: &argJSONMsg}) } -func doReadSync(pipe *os.File) (syncT, error) { +func doReadSync(pipe *syncSocket) (syncT, error) { var sync syncT - if err := json.NewDecoder(pipe).Decode(&sync); err != nil { + logrus.Debugf("reading sync") + packet, err := pipe.ReadPacket() + if err != nil { if errors.Is(err, io.EOF) { + logrus.Debugf("sync pipe closed") return sync, err } return sync, fmt.Errorf("reading from parent failed: %w", err) } + if err := json.Unmarshal(packet, &sync); err != nil { + return sync, fmt.Errorf("unmarshal sync from parent failed: %w", err) + } + logrus.Debugf("read sync %s", sync) if sync.Type == procError { var ierr initError if sync.Arg == nil { @@ -111,16 +141,17 @@ func doReadSync(pipe *os.File) (syncT, error) { return sync, &ierr } if sync.Flags&syncFlagHasFd != 0 { - file, err := utils.RecvFile(pipe) + logrus.Debugf("reading sync file %s", sync) + file, err := utils.RecvFile(pipe.File()) if err != nil { - return sync, fmt.Errorf("receiving fd from sync %q failed: %w", sync.Type, err) + return sync, fmt.Errorf("receiving fd from sync %v failed: %w", sync.Type, err) } sync.File = file } return sync, nil } -func readSyncFull(pipe *os.File, expected syncType) (syncT, error) { +func readSyncFull(pipe *syncSocket, expected syncType) (syncT, error) { sync, err := doReadSync(pipe) if err != nil { return sync, err @@ -131,24 +162,24 @@ func readSyncFull(pipe *os.File, expected syncType) (syncT, error) { return sync, nil } -func readSync(pipe *os.File, expected syncType) error { +func readSync(pipe *syncSocket, expected syncType) error { sync, err := readSyncFull(pipe, expected) if err != nil { return err } if sync.Arg != nil { - return fmt.Errorf("sync %q had unexpected argument passed: %q", expected, string(*sync.Arg)) + return fmt.Errorf("sync %v had unexpected argument passed: %q", expected, string(*sync.Arg)) } if sync.File != nil { _ = sync.File.Close() - return fmt.Errorf("sync %q had unexpected file passed", sync.Type) + return fmt.Errorf("sync %v had unexpected file passed", sync.Type) } return nil } // parseSync runs the given callback function on each syncT received from the // child. It will return once io.EOF is returned from the given pipe. -func parseSync(pipe *os.File, fn func(*syncT) error) error { +func parseSync(pipe *syncSocket, fn func(*syncT) error) error { for { sync, err := doReadSync(pipe) if err != nil { diff --git a/libcontainer/sync_unix.go b/libcontainer/sync_unix.go new file mode 100644 index 00000000000..f94486cb300 --- /dev/null +++ b/libcontainer/sync_unix.go @@ -0,0 +1,76 @@ +package libcontainer + +import ( + "fmt" + "io" + "os" + + "golang.org/x/sys/unix" +) + +// syncSocket is a wrapper around a SOCK_SEQPACKET socket, providing +// packet-oriented methods. This is needed because SOCK_SEQPACKET does not +// allow for partial reads, but the Go stdlib treats it as a streamable source, +// which ends up making things like json.Decoder hang forever if the packet is +// bigger than the internal read buffer. +type syncSocket struct { + f *os.File +} + +func newSyncSocket(f *os.File) *syncSocket { + return &syncSocket{f: f} +} + +func (s *syncSocket) File() *os.File { + return s.f +} + +func (s *syncSocket) Close() error { + return s.f.Close() +} + +func (s *syncSocket) WritePacket(b []byte) (int, error) { + return s.f.Write(b) +} + +func (s *syncSocket) ReadPacket() ([]byte, error) { + size, _, err := unix.Recvfrom(int(s.f.Fd()), nil, unix.MSG_TRUNC|unix.MSG_PEEK) + if err != nil { + return nil, fmt.Errorf("fetch packet length from socket: %w", err) + } + // We will only get a zero size if the socket has been closed from the + // other end (otherwise recvfrom(2) will block until a packet is ready). In + // addition, SOCK_SEQPACKET is treated as a stream source by Go stdlib so + // returning io.EOF here is correct from that perspective too. + if size == 0 { + return nil, io.EOF + } + buf := make([]byte, size) + n, err := s.f.Read(buf) + if err != nil { + return nil, err + } + if n != size { + return nil, fmt.Errorf("packet read too short: expected %d byte packet but only %d bytes read", size, n) + } + return buf, nil +} + +func (s *syncSocket) Shutdown(how int) error { + if err := unix.Shutdown(int(s.f.Fd()), how); err != nil { + return &os.PathError{Op: "shutdown", Path: s.f.Name() + " (sync pipe)", Err: err} + } + return nil +} + +// newSyncSockpair returns a new SOCK_SEQPACKET unix socket pair to be used for +// runc-init synchronisation. +func newSyncSockpair(name string) (parent, child *syncSocket, err error) { + fds, err := unix.Socketpair(unix.AF_LOCAL, unix.SOCK_SEQPACKET|unix.SOCK_CLOEXEC, 0) + if err != nil { + return nil, nil, err + } + parentFile := os.NewFile(uintptr(fds[1]), name+"-p") + childFile := os.NewFile(uintptr(fds[0]), name+"-c") + return newSyncSocket(parentFile), newSyncSocket(childFile), nil +} diff --git a/libcontainer/utils/utils.go b/libcontainer/utils/utils.go index dbd43534165..74d9d20c7f1 100644 --- a/libcontainer/utils/utils.go +++ b/libcontainer/utils/utils.go @@ -43,6 +43,9 @@ func ExitStatus(status unix.WaitStatus) int { } // WriteJSON writes the provided struct v to w using standard json marshaling +// without a trailing newline. This is used instead of json.Encoder because +// there might be a problem in json decoder in some cases, see: +// https://github.com/docker/docker/issues/14203#issuecomment-174177790 func WriteJSON(w io.Writer, v interface{}) error { data, err := json.Marshal(v) if err != nil { diff --git a/libcontainer/utils/utils_unix.go b/libcontainer/utils/utils_unix.go index ca520b63b36..e5f11523d1d 100644 --- a/libcontainer/utils/utils_unix.go +++ b/libcontainer/utils/utils_unix.go @@ -90,7 +90,7 @@ func CloseExecFrom(minFd int) error { return nil } -// NewSockPair returns a new unix socket pair +// NewSockPair returns a new SOCK_STREAM unix socket pair. func NewSockPair(name string) (parent, child *os.File, err error) { fds, err := unix.Socketpair(unix.AF_LOCAL, unix.SOCK_STREAM|unix.SOCK_CLOEXEC, 0) if err != nil { From 90f5da651aed192e104bb77284adcf2bb148ee12 Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Mon, 25 Sep 2023 12:20:18 +0200 Subject: [PATCH 0389/1176] libct/dmz: Reduce the binary size using nolibc Linux repo has under `tools/include/nolibc` very simple include files that we can use to generate very small binaries that don't depend on libc. To make things even better, since Linux 6.6 it supports all the architectures we support in runc, which is just beautiful. The runc-dmz binary on x86_64 before this patch (on my debian host) was taking 636K, with this patch it takes only 8K. Signed-off-by: Rodrigo Campos --- libcontainer/dmz/Makefile | 3 +- libcontainer/dmz/README.md | 16 + libcontainer/dmz/_dmz.c | 3 +- libcontainer/dmz/linux/README.md | 5 + libcontainer/dmz/linux/stat.h | 194 ++++ libcontainer/dmz/nolibc/arch-aarch64.h | 157 +++ libcontainer/dmz/nolibc/arch-arm.h | 199 ++++ libcontainer/dmz/nolibc/arch-i386.h | 178 ++++ libcontainer/dmz/nolibc/arch-loongarch.h | 164 +++ libcontainer/dmz/nolibc/arch-mips.h | 195 ++++ libcontainer/dmz/nolibc/arch-powerpc.h | 221 ++++ libcontainer/dmz/nolibc/arch-riscv.h | 160 +++ libcontainer/dmz/nolibc/arch-s390.h | 186 ++++ libcontainer/dmz/nolibc/arch-x86_64.h | 176 ++++ libcontainer/dmz/nolibc/arch.h | 38 + libcontainer/dmz/nolibc/compiler.h | 25 + libcontainer/dmz/nolibc/crt.h | 61 ++ libcontainer/dmz/nolibc/ctype.h | 102 ++ libcontainer/dmz/nolibc/errno.h | 28 + libcontainer/dmz/nolibc/nolibc.h | 111 ++ libcontainer/dmz/nolibc/signal.h | 25 + libcontainer/dmz/nolibc/stackprotector.h | 51 + libcontainer/dmz/nolibc/std.h | 36 + libcontainer/dmz/nolibc/stdint.h | 113 ++ libcontainer/dmz/nolibc/stdio.h | 383 +++++++ libcontainer/dmz/nolibc/stdlib.h | 444 ++++++++ libcontainer/dmz/nolibc/string.h | 294 ++++++ libcontainer/dmz/nolibc/sys.h | 1189 ++++++++++++++++++++++ libcontainer/dmz/nolibc/time.h | 31 + libcontainer/dmz/nolibc/types.h | 241 +++++ libcontainer/dmz/nolibc/unistd.h | 68 ++ libcontainer/dmz/xstat.h | 15 + 32 files changed, 5110 insertions(+), 2 deletions(-) create mode 100644 libcontainer/dmz/README.md create mode 100644 libcontainer/dmz/linux/README.md create mode 100644 libcontainer/dmz/linux/stat.h create mode 100644 libcontainer/dmz/nolibc/arch-aarch64.h create mode 100644 libcontainer/dmz/nolibc/arch-arm.h create mode 100644 libcontainer/dmz/nolibc/arch-i386.h create mode 100644 libcontainer/dmz/nolibc/arch-loongarch.h create mode 100644 libcontainer/dmz/nolibc/arch-mips.h create mode 100644 libcontainer/dmz/nolibc/arch-powerpc.h create mode 100644 libcontainer/dmz/nolibc/arch-riscv.h create mode 100644 libcontainer/dmz/nolibc/arch-s390.h create mode 100644 libcontainer/dmz/nolibc/arch-x86_64.h create mode 100644 libcontainer/dmz/nolibc/arch.h create mode 100644 libcontainer/dmz/nolibc/compiler.h create mode 100644 libcontainer/dmz/nolibc/crt.h create mode 100644 libcontainer/dmz/nolibc/ctype.h create mode 100644 libcontainer/dmz/nolibc/errno.h create mode 100644 libcontainer/dmz/nolibc/nolibc.h create mode 100644 libcontainer/dmz/nolibc/signal.h create mode 100644 libcontainer/dmz/nolibc/stackprotector.h create mode 100644 libcontainer/dmz/nolibc/std.h create mode 100644 libcontainer/dmz/nolibc/stdint.h create mode 100644 libcontainer/dmz/nolibc/stdio.h create mode 100644 libcontainer/dmz/nolibc/stdlib.h create mode 100644 libcontainer/dmz/nolibc/string.h create mode 100644 libcontainer/dmz/nolibc/sys.h create mode 100644 libcontainer/dmz/nolibc/time.h create mode 100644 libcontainer/dmz/nolibc/types.h create mode 100644 libcontainer/dmz/nolibc/unistd.h create mode 100644 libcontainer/dmz/xstat.h diff --git a/libcontainer/dmz/Makefile b/libcontainer/dmz/Makefile index 24e92db716b..e1282d3afd6 100644 --- a/libcontainer/dmz/Makefile +++ b/libcontainer/dmz/Makefile @@ -2,5 +2,6 @@ include ../../cc_platform.mk runc-dmz: _dmz.c - $(CC) $(CFLAGS) -static -o $@ $^ + # We use the flags suggested in nolibc/nolibc.h, it makes the binary very small. + $(CC) $(CFLAGS) -fno-asynchronous-unwind-tables -fno-ident -s -Os -nostdlib -lgcc -static -o $@ $^ $(STRIP) -gs $@ diff --git a/libcontainer/dmz/README.md b/libcontainer/dmz/README.md new file mode 100644 index 00000000000..72d577019c1 --- /dev/null +++ b/libcontainer/dmz/README.md @@ -0,0 +1,16 @@ +# Runc-dmz + +runc-dmz is a small and very simple binary used to execute the container's entrypoint. + +## Making it small + +To make it small we use the Linux kernel's [nolibc include files][nolibc-upstream], so we don't use the libc. + +A full `cp` of it is here in `nolibc/`, but removing the Makefile that is GPL. DO NOT FORGET to +remove the GPL code if updating the nolibc/ directory. + +The current version in that folder is from Linux 6.6-rc3 tag (556fb7131e03b0283672fb40f6dc2d151752aaa7). + +It also support all the architectures we support in runc. + +[nolibc-upstream]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/tools/include/nolibc?h=v6.6-rc3 diff --git a/libcontainer/dmz/_dmz.c b/libcontainer/dmz/_dmz.c index 6e91b0f90a9..73ecf25412a 100644 --- a/libcontainer/dmz/_dmz.c +++ b/libcontainer/dmz/_dmz.c @@ -1,4 +1,5 @@ -#include +#include "xstat.h" +#include "nolibc/nolibc.h" extern char **environ; diff --git a/libcontainer/dmz/linux/README.md b/libcontainer/dmz/linux/README.md new file mode 100644 index 00000000000..d9838abb675 --- /dev/null +++ b/libcontainer/dmz/linux/README.md @@ -0,0 +1,5 @@ +This directory contains some files copied from Linux's repo, from the uapi: + + tools/include/uapi/linux/ + +The linux repo was used at Linux 6.6.-rc3 tag (556fb7131e03b0283672fb40f6dc2d151752aaa7). diff --git a/libcontainer/dmz/linux/stat.h b/libcontainer/dmz/linux/stat.h new file mode 100644 index 00000000000..7cab2c65d3d --- /dev/null +++ b/libcontainer/dmz/linux/stat.h @@ -0,0 +1,194 @@ +/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ +#ifndef _UAPI_LINUX_STAT_H +#define _UAPI_LINUX_STAT_H + +#include + +#if defined(__KERNEL__) || !defined(__GLIBC__) || (__GLIBC__ < 2) + +#define S_IFMT 00170000 +#define S_IFSOCK 0140000 +#define S_IFLNK 0120000 +#define S_IFREG 0100000 +#define S_IFBLK 0060000 +#define S_IFDIR 0040000 +#define S_IFCHR 0020000 +#define S_IFIFO 0010000 +#define S_ISUID 0004000 +#define S_ISGID 0002000 +#define S_ISVTX 0001000 + +#define S_ISLNK(m) (((m) & S_IFMT) == S_IFLNK) +#define S_ISREG(m) (((m) & S_IFMT) == S_IFREG) +#define S_ISDIR(m) (((m) & S_IFMT) == S_IFDIR) +#define S_ISCHR(m) (((m) & S_IFMT) == S_IFCHR) +#define S_ISBLK(m) (((m) & S_IFMT) == S_IFBLK) +#define S_ISFIFO(m) (((m) & S_IFMT) == S_IFIFO) +#define S_ISSOCK(m) (((m) & S_IFMT) == S_IFSOCK) + +#define S_IRWXU 00700 +#define S_IRUSR 00400 +#define S_IWUSR 00200 +#define S_IXUSR 00100 + +#define S_IRWXG 00070 +#define S_IRGRP 00040 +#define S_IWGRP 00020 +#define S_IXGRP 00010 + +#define S_IRWXO 00007 +#define S_IROTH 00004 +#define S_IWOTH 00002 +#define S_IXOTH 00001 + +#endif + +/* + * Timestamp structure for the timestamps in struct statx. + * + * tv_sec holds the number of seconds before (negative) or after (positive) + * 00:00:00 1st January 1970 UTC. + * + * tv_nsec holds a number of nanoseconds (0..999,999,999) after the tv_sec time. + * + * __reserved is held in case we need a yet finer resolution. + */ +struct statx_timestamp { + __s64 tv_sec; + __u32 tv_nsec; + __s32 __reserved; +}; + +/* + * Structures for the extended file attribute retrieval system call + * (statx()). + * + * The caller passes a mask of what they're specifically interested in as a + * parameter to statx(). What statx() actually got will be indicated in + * st_mask upon return. + * + * For each bit in the mask argument: + * + * - if the datum is not supported: + * + * - the bit will be cleared, and + * + * - the datum will be set to an appropriate fabricated value if one is + * available (eg. CIFS can take a default uid and gid), otherwise + * + * - the field will be cleared; + * + * - otherwise, if explicitly requested: + * + * - the datum will be synchronised to the server if AT_STATX_FORCE_SYNC is + * set or if the datum is considered out of date, and + * + * - the field will be filled in and the bit will be set; + * + * - otherwise, if not requested, but available in approximate form without any + * effort, it will be filled in anyway, and the bit will be set upon return + * (it might not be up to date, however, and no attempt will be made to + * synchronise the internal state first); + * + * - otherwise the field and the bit will be cleared before returning. + * + * Items in STATX_BASIC_STATS may be marked unavailable on return, but they + * will have values installed for compatibility purposes so that stat() and + * co. can be emulated in userspace. + */ +struct statx { + /* 0x00 */ + __u32 stx_mask; /* What results were written [uncond] */ + __u32 stx_blksize; /* Preferred general I/O size [uncond] */ + __u64 stx_attributes; /* Flags conveying information about the file [uncond] */ + /* 0x10 */ + __u32 stx_nlink; /* Number of hard links */ + __u32 stx_uid; /* User ID of owner */ + __u32 stx_gid; /* Group ID of owner */ + __u16 stx_mode; /* File mode */ + __u16 __spare0[1]; + /* 0x20 */ + __u64 stx_ino; /* Inode number */ + __u64 stx_size; /* File size */ + __u64 stx_blocks; /* Number of 512-byte blocks allocated */ + __u64 stx_attributes_mask; /* Mask to show what's supported in stx_attributes */ + /* 0x40 */ + struct statx_timestamp stx_atime; /* Last access time */ + struct statx_timestamp stx_btime; /* File creation time */ + struct statx_timestamp stx_ctime; /* Last attribute change time */ + struct statx_timestamp stx_mtime; /* Last data modification time */ + /* 0x80 */ + __u32 stx_rdev_major; /* Device ID of special file [if bdev/cdev] */ + __u32 stx_rdev_minor; + __u32 stx_dev_major; /* ID of device containing file [uncond] */ + __u32 stx_dev_minor; + /* 0x90 */ + __u64 stx_mnt_id; + __u32 stx_dio_mem_align; /* Memory buffer alignment for direct I/O */ + __u32 stx_dio_offset_align; /* File offset alignment for direct I/O */ + /* 0xa0 */ + __u64 __spare3[12]; /* Spare space for future expansion */ + /* 0x100 */ +}; + +/* + * Flags to be stx_mask + * + * Query request/result mask for statx() and struct statx::stx_mask. + * + * These bits should be set in the mask argument of statx() to request + * particular items when calling statx(). + */ +#define STATX_TYPE 0x00000001U /* Want/got stx_mode & S_IFMT */ +#define STATX_MODE 0x00000002U /* Want/got stx_mode & ~S_IFMT */ +#define STATX_NLINK 0x00000004U /* Want/got stx_nlink */ +#define STATX_UID 0x00000008U /* Want/got stx_uid */ +#define STATX_GID 0x00000010U /* Want/got stx_gid */ +#define STATX_ATIME 0x00000020U /* Want/got stx_atime */ +#define STATX_MTIME 0x00000040U /* Want/got stx_mtime */ +#define STATX_CTIME 0x00000080U /* Want/got stx_ctime */ +#define STATX_INO 0x00000100U /* Want/got stx_ino */ +#define STATX_SIZE 0x00000200U /* Want/got stx_size */ +#define STATX_BLOCKS 0x00000400U /* Want/got stx_blocks */ +#define STATX_BASIC_STATS 0x000007ffU /* The stuff in the normal stat struct */ +#define STATX_BTIME 0x00000800U /* Want/got stx_btime */ +#define STATX_MNT_ID 0x00001000U /* Got stx_mnt_id */ +#define STATX_DIOALIGN 0x00002000U /* Want/got direct I/O alignment info */ + +#define STATX__RESERVED 0x80000000U /* Reserved for future struct statx expansion */ + +#ifndef __KERNEL__ +/* + * This is deprecated, and shall remain the same value in the future. To avoid + * confusion please use the equivalent (STATX_BASIC_STATS | STATX_BTIME) + * instead. + */ +#define STATX_ALL 0x00000fffU +#endif + +/* + * Attributes to be found in stx_attributes and masked in stx_attributes_mask. + * + * These give information about the features or the state of a file that might + * be of use to ordinary userspace programs such as GUIs or ls rather than + * specialised tools. + * + * Note that the flags marked [I] correspond to the FS_IOC_SETFLAGS flags + * semantically. Where possible, the numerical value is picked to correspond + * also. Note that the DAX attribute indicates that the file is in the CPU + * direct access state. It does not correspond to the per-inode flag that + * some filesystems support. + * + */ +#define STATX_ATTR_COMPRESSED 0x00000004 /* [I] File is compressed by the fs */ +#define STATX_ATTR_IMMUTABLE 0x00000010 /* [I] File is marked immutable */ +#define STATX_ATTR_APPEND 0x00000020 /* [I] File is append-only */ +#define STATX_ATTR_NODUMP 0x00000040 /* [I] File is not to be dumped */ +#define STATX_ATTR_ENCRYPTED 0x00000800 /* [I] File requires key to decrypt in fs */ +#define STATX_ATTR_AUTOMOUNT 0x00001000 /* Dir: Automount trigger */ +#define STATX_ATTR_MOUNT_ROOT 0x00002000 /* Root of a mount */ +#define STATX_ATTR_VERITY 0x00100000 /* [I] Verity protected file */ +#define STATX_ATTR_DAX 0x00200000 /* File is currently in DAX state */ + + +#endif /* _UAPI_LINUX_STAT_H */ diff --git a/libcontainer/dmz/nolibc/arch-aarch64.h b/libcontainer/dmz/nolibc/arch-aarch64.h new file mode 100644 index 00000000000..6c33c46848e --- /dev/null +++ b/libcontainer/dmz/nolibc/arch-aarch64.h @@ -0,0 +1,157 @@ +/* SPDX-License-Identifier: LGPL-2.1 OR MIT */ +/* + * AARCH64 specific definitions for NOLIBC + * Copyright (C) 2017-2022 Willy Tarreau + */ + +#ifndef _NOLIBC_ARCH_AARCH64_H +#define _NOLIBC_ARCH_AARCH64_H + +#include "compiler.h" +#include "crt.h" + +/* Syscalls for AARCH64 : + * - registers are 64-bit + * - stack is 16-byte aligned + * - syscall number is passed in x8 + * - arguments are in x0, x1, x2, x3, x4, x5 + * - the system call is performed by calling svc 0 + * - syscall return comes in x0. + * - the arguments are cast to long and assigned into the target registers + * which are then simply passed as registers to the asm code, so that we + * don't have to experience issues with register constraints. + * + * On aarch64, select() is not implemented so we have to use pselect6(). + */ +#define __ARCH_WANT_SYS_PSELECT6 + +#define my_syscall0(num) \ +({ \ + register long _num __asm__ ("x8") = (num); \ + register long _arg1 __asm__ ("x0"); \ + \ + __asm__ volatile ( \ + "svc #0\n" \ + : "=r"(_arg1) \ + : "r"(_num) \ + : "memory", "cc" \ + ); \ + _arg1; \ +}) + +#define my_syscall1(num, arg1) \ +({ \ + register long _num __asm__ ("x8") = (num); \ + register long _arg1 __asm__ ("x0") = (long)(arg1); \ + \ + __asm__ volatile ( \ + "svc #0\n" \ + : "=r"(_arg1) \ + : "r"(_arg1), \ + "r"(_num) \ + : "memory", "cc" \ + ); \ + _arg1; \ +}) + +#define my_syscall2(num, arg1, arg2) \ +({ \ + register long _num __asm__ ("x8") = (num); \ + register long _arg1 __asm__ ("x0") = (long)(arg1); \ + register long _arg2 __asm__ ("x1") = (long)(arg2); \ + \ + __asm__ volatile ( \ + "svc #0\n" \ + : "=r"(_arg1) \ + : "r"(_arg1), "r"(_arg2), \ + "r"(_num) \ + : "memory", "cc" \ + ); \ + _arg1; \ +}) + +#define my_syscall3(num, arg1, arg2, arg3) \ +({ \ + register long _num __asm__ ("x8") = (num); \ + register long _arg1 __asm__ ("x0") = (long)(arg1); \ + register long _arg2 __asm__ ("x1") = (long)(arg2); \ + register long _arg3 __asm__ ("x2") = (long)(arg3); \ + \ + __asm__ volatile ( \ + "svc #0\n" \ + : "=r"(_arg1) \ + : "r"(_arg1), "r"(_arg2), "r"(_arg3), \ + "r"(_num) \ + : "memory", "cc" \ + ); \ + _arg1; \ +}) + +#define my_syscall4(num, arg1, arg2, arg3, arg4) \ +({ \ + register long _num __asm__ ("x8") = (num); \ + register long _arg1 __asm__ ("x0") = (long)(arg1); \ + register long _arg2 __asm__ ("x1") = (long)(arg2); \ + register long _arg3 __asm__ ("x2") = (long)(arg3); \ + register long _arg4 __asm__ ("x3") = (long)(arg4); \ + \ + __asm__ volatile ( \ + "svc #0\n" \ + : "=r"(_arg1) \ + : "r"(_arg1), "r"(_arg2), "r"(_arg3), "r"(_arg4), \ + "r"(_num) \ + : "memory", "cc" \ + ); \ + _arg1; \ +}) + +#define my_syscall5(num, arg1, arg2, arg3, arg4, arg5) \ +({ \ + register long _num __asm__ ("x8") = (num); \ + register long _arg1 __asm__ ("x0") = (long)(arg1); \ + register long _arg2 __asm__ ("x1") = (long)(arg2); \ + register long _arg3 __asm__ ("x2") = (long)(arg3); \ + register long _arg4 __asm__ ("x3") = (long)(arg4); \ + register long _arg5 __asm__ ("x4") = (long)(arg5); \ + \ + __asm__ volatile ( \ + "svc #0\n" \ + : "=r" (_arg1) \ + : "r"(_arg1), "r"(_arg2), "r"(_arg3), "r"(_arg4), "r"(_arg5), \ + "r"(_num) \ + : "memory", "cc" \ + ); \ + _arg1; \ +}) + +#define my_syscall6(num, arg1, arg2, arg3, arg4, arg5, arg6) \ +({ \ + register long _num __asm__ ("x8") = (num); \ + register long _arg1 __asm__ ("x0") = (long)(arg1); \ + register long _arg2 __asm__ ("x1") = (long)(arg2); \ + register long _arg3 __asm__ ("x2") = (long)(arg3); \ + register long _arg4 __asm__ ("x3") = (long)(arg4); \ + register long _arg5 __asm__ ("x4") = (long)(arg5); \ + register long _arg6 __asm__ ("x5") = (long)(arg6); \ + \ + __asm__ volatile ( \ + "svc #0\n" \ + : "=r" (_arg1) \ + : "r"(_arg1), "r"(_arg2), "r"(_arg3), "r"(_arg4), "r"(_arg5), \ + "r"(_arg6), "r"(_num) \ + : "memory", "cc" \ + ); \ + _arg1; \ +}) + +/* startup code */ +void __attribute__((weak, noreturn, optimize("Os", "omit-frame-pointer"))) __no_stack_protector _start(void) +{ + __asm__ volatile ( + "mov x0, sp\n" /* save stack pointer to x0, as arg1 of _start_c */ + "and sp, x0, -16\n" /* sp must be 16-byte aligned in the callee */ + "bl _start_c\n" /* transfer to c runtime */ + ); + __builtin_unreachable(); +} +#endif /* _NOLIBC_ARCH_AARCH64_H */ diff --git a/libcontainer/dmz/nolibc/arch-arm.h b/libcontainer/dmz/nolibc/arch-arm.h new file mode 100644 index 00000000000..cae4afa7c1c --- /dev/null +++ b/libcontainer/dmz/nolibc/arch-arm.h @@ -0,0 +1,199 @@ +/* SPDX-License-Identifier: LGPL-2.1 OR MIT */ +/* + * ARM specific definitions for NOLIBC + * Copyright (C) 2017-2022 Willy Tarreau + */ + +#ifndef _NOLIBC_ARCH_ARM_H +#define _NOLIBC_ARCH_ARM_H + +#include "compiler.h" +#include "crt.h" + +/* Syscalls for ARM in ARM or Thumb modes : + * - registers are 32-bit + * - stack is 8-byte aligned + * ( http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.faqs/ka4127.html) + * - syscall number is passed in r7 + * - arguments are in r0, r1, r2, r3, r4, r5 + * - the system call is performed by calling svc #0 + * - syscall return comes in r0. + * - only lr is clobbered. + * - the arguments are cast to long and assigned into the target registers + * which are then simply passed as registers to the asm code, so that we + * don't have to experience issues with register constraints. + * - the syscall number is always specified last in order to allow to force + * some registers before (gcc refuses a %-register at the last position). + * - in thumb mode without -fomit-frame-pointer, r7 is also used to store the + * frame pointer, and we cannot directly assign it as a register variable, + * nor can we clobber it. Instead we assign the r6 register and swap it + * with r7 before calling svc, and r6 is marked as clobbered. + * We're just using any regular register which we assign to r7 after saving + * it. + * + * Also, ARM supports the old_select syscall if newselect is not available + */ +#define __ARCH_WANT_SYS_OLD_SELECT + +#if (defined(__THUMBEB__) || defined(__THUMBEL__)) && \ + !defined(NOLIBC_OMIT_FRAME_POINTER) +/* swap r6,r7 needed in Thumb mode since we can't use nor clobber r7 */ +#define _NOLIBC_SYSCALL_REG "r6" +#define _NOLIBC_THUMB_SET_R7 "eor r7, r6\neor r6, r7\neor r7, r6\n" +#define _NOLIBC_THUMB_RESTORE_R7 "mov r7, r6\n" + +#else /* we're in ARM mode */ +/* in Arm mode we can directly use r7 */ +#define _NOLIBC_SYSCALL_REG "r7" +#define _NOLIBC_THUMB_SET_R7 "" +#define _NOLIBC_THUMB_RESTORE_R7 "" + +#endif /* end THUMB */ + +#define my_syscall0(num) \ +({ \ + register long _num __asm__(_NOLIBC_SYSCALL_REG) = (num); \ + register long _arg1 __asm__ ("r0"); \ + \ + __asm__ volatile ( \ + _NOLIBC_THUMB_SET_R7 \ + "svc #0\n" \ + _NOLIBC_THUMB_RESTORE_R7 \ + : "=r"(_arg1), "=r"(_num) \ + : "r"(_arg1), \ + "r"(_num) \ + : "memory", "cc", "lr" \ + ); \ + _arg1; \ +}) + +#define my_syscall1(num, arg1) \ +({ \ + register long _num __asm__(_NOLIBC_SYSCALL_REG) = (num); \ + register long _arg1 __asm__ ("r0") = (long)(arg1); \ + \ + __asm__ volatile ( \ + _NOLIBC_THUMB_SET_R7 \ + "svc #0\n" \ + _NOLIBC_THUMB_RESTORE_R7 \ + : "=r"(_arg1), "=r" (_num) \ + : "r"(_arg1), \ + "r"(_num) \ + : "memory", "cc", "lr" \ + ); \ + _arg1; \ +}) + +#define my_syscall2(num, arg1, arg2) \ +({ \ + register long _num __asm__(_NOLIBC_SYSCALL_REG) = (num); \ + register long _arg1 __asm__ ("r0") = (long)(arg1); \ + register long _arg2 __asm__ ("r1") = (long)(arg2); \ + \ + __asm__ volatile ( \ + _NOLIBC_THUMB_SET_R7 \ + "svc #0\n" \ + _NOLIBC_THUMB_RESTORE_R7 \ + : "=r"(_arg1), "=r" (_num) \ + : "r"(_arg1), "r"(_arg2), \ + "r"(_num) \ + : "memory", "cc", "lr" \ + ); \ + _arg1; \ +}) + +#define my_syscall3(num, arg1, arg2, arg3) \ +({ \ + register long _num __asm__(_NOLIBC_SYSCALL_REG) = (num); \ + register long _arg1 __asm__ ("r0") = (long)(arg1); \ + register long _arg2 __asm__ ("r1") = (long)(arg2); \ + register long _arg3 __asm__ ("r2") = (long)(arg3); \ + \ + __asm__ volatile ( \ + _NOLIBC_THUMB_SET_R7 \ + "svc #0\n" \ + _NOLIBC_THUMB_RESTORE_R7 \ + : "=r"(_arg1), "=r" (_num) \ + : "r"(_arg1), "r"(_arg2), "r"(_arg3), \ + "r"(_num) \ + : "memory", "cc", "lr" \ + ); \ + _arg1; \ +}) + +#define my_syscall4(num, arg1, arg2, arg3, arg4) \ +({ \ + register long _num __asm__(_NOLIBC_SYSCALL_REG) = (num); \ + register long _arg1 __asm__ ("r0") = (long)(arg1); \ + register long _arg2 __asm__ ("r1") = (long)(arg2); \ + register long _arg3 __asm__ ("r2") = (long)(arg3); \ + register long _arg4 __asm__ ("r3") = (long)(arg4); \ + \ + __asm__ volatile ( \ + _NOLIBC_THUMB_SET_R7 \ + "svc #0\n" \ + _NOLIBC_THUMB_RESTORE_R7 \ + : "=r"(_arg1), "=r" (_num) \ + : "r"(_arg1), "r"(_arg2), "r"(_arg3), "r"(_arg4), \ + "r"(_num) \ + : "memory", "cc", "lr" \ + ); \ + _arg1; \ +}) + +#define my_syscall5(num, arg1, arg2, arg3, arg4, arg5) \ +({ \ + register long _num __asm__(_NOLIBC_SYSCALL_REG) = (num); \ + register long _arg1 __asm__ ("r0") = (long)(arg1); \ + register long _arg2 __asm__ ("r1") = (long)(arg2); \ + register long _arg3 __asm__ ("r2") = (long)(arg3); \ + register long _arg4 __asm__ ("r3") = (long)(arg4); \ + register long _arg5 __asm__ ("r4") = (long)(arg5); \ + \ + __asm__ volatile ( \ + _NOLIBC_THUMB_SET_R7 \ + "svc #0\n" \ + _NOLIBC_THUMB_RESTORE_R7 \ + : "=r"(_arg1), "=r" (_num) \ + : "r"(_arg1), "r"(_arg2), "r"(_arg3), "r"(_arg4), "r"(_arg5), \ + "r"(_num) \ + : "memory", "cc", "lr" \ + ); \ + _arg1; \ +}) + +#define my_syscall6(num, arg1, arg2, arg3, arg4, arg5, arg6) \ +({ \ + register long _num __asm__(_NOLIBC_SYSCALL_REG) = (num); \ + register long _arg1 __asm__ ("r0") = (long)(arg1); \ + register long _arg2 __asm__ ("r1") = (long)(arg2); \ + register long _arg3 __asm__ ("r2") = (long)(arg3); \ + register long _arg4 __asm__ ("r3") = (long)(arg4); \ + register long _arg5 __asm__ ("r4") = (long)(arg5); \ + register long _arg6 __asm__ ("r5") = (long)(arg6); \ + \ + __asm__ volatile ( \ + _NOLIBC_THUMB_SET_R7 \ + "svc #0\n" \ + _NOLIBC_THUMB_RESTORE_R7 \ + : "=r"(_arg1), "=r" (_num) \ + : "r"(_arg1), "r"(_arg2), "r"(_arg3), "r"(_arg4), "r"(_arg5), \ + "r"(_arg6), "r"(_num) \ + : "memory", "cc", "lr" \ + ); \ + _arg1; \ +}) + +/* startup code */ +void __attribute__((weak, noreturn, optimize("Os", "omit-frame-pointer"))) __no_stack_protector _start(void) +{ + __asm__ volatile ( + "mov %r0, sp\n" /* save stack pointer to %r0, as arg1 of _start_c */ + "and ip, %r0, #-8\n" /* sp must be 8-byte aligned in the callee */ + "mov sp, ip\n" + "bl _start_c\n" /* transfer to c runtime */ + ); + __builtin_unreachable(); +} + +#endif /* _NOLIBC_ARCH_ARM_H */ diff --git a/libcontainer/dmz/nolibc/arch-i386.h b/libcontainer/dmz/nolibc/arch-i386.h new file mode 100644 index 00000000000..64415b9fac7 --- /dev/null +++ b/libcontainer/dmz/nolibc/arch-i386.h @@ -0,0 +1,178 @@ +/* SPDX-License-Identifier: LGPL-2.1 OR MIT */ +/* + * i386 specific definitions for NOLIBC + * Copyright (C) 2017-2022 Willy Tarreau + */ + +#ifndef _NOLIBC_ARCH_I386_H +#define _NOLIBC_ARCH_I386_H + +#include "compiler.h" +#include "crt.h" + +/* Syscalls for i386 : + * - mostly similar to x86_64 + * - registers are 32-bit + * - syscall number is passed in eax + * - arguments are in ebx, ecx, edx, esi, edi, ebp respectively + * - all registers are preserved (except eax of course) + * - the system call is performed by calling int $0x80 + * - syscall return comes in eax + * - the arguments are cast to long and assigned into the target registers + * which are then simply passed as registers to the asm code, so that we + * don't have to experience issues with register constraints. + * - the syscall number is always specified last in order to allow to force + * some registers before (gcc refuses a %-register at the last position). + * + * Also, i386 supports the old_select syscall if newselect is not available + */ +#define __ARCH_WANT_SYS_OLD_SELECT + +#define my_syscall0(num) \ +({ \ + long _ret; \ + register long _num __asm__ ("eax") = (num); \ + \ + __asm__ volatile ( \ + "int $0x80\n" \ + : "=a" (_ret) \ + : "0"(_num) \ + : "memory", "cc" \ + ); \ + _ret; \ +}) + +#define my_syscall1(num, arg1) \ +({ \ + long _ret; \ + register long _num __asm__ ("eax") = (num); \ + register long _arg1 __asm__ ("ebx") = (long)(arg1); \ + \ + __asm__ volatile ( \ + "int $0x80\n" \ + : "=a" (_ret) \ + : "r"(_arg1), \ + "0"(_num) \ + : "memory", "cc" \ + ); \ + _ret; \ +}) + +#define my_syscall2(num, arg1, arg2) \ +({ \ + long _ret; \ + register long _num __asm__ ("eax") = (num); \ + register long _arg1 __asm__ ("ebx") = (long)(arg1); \ + register long _arg2 __asm__ ("ecx") = (long)(arg2); \ + \ + __asm__ volatile ( \ + "int $0x80\n" \ + : "=a" (_ret) \ + : "r"(_arg1), "r"(_arg2), \ + "0"(_num) \ + : "memory", "cc" \ + ); \ + _ret; \ +}) + +#define my_syscall3(num, arg1, arg2, arg3) \ +({ \ + long _ret; \ + register long _num __asm__ ("eax") = (num); \ + register long _arg1 __asm__ ("ebx") = (long)(arg1); \ + register long _arg2 __asm__ ("ecx") = (long)(arg2); \ + register long _arg3 __asm__ ("edx") = (long)(arg3); \ + \ + __asm__ volatile ( \ + "int $0x80\n" \ + : "=a" (_ret) \ + : "r"(_arg1), "r"(_arg2), "r"(_arg3), \ + "0"(_num) \ + : "memory", "cc" \ + ); \ + _ret; \ +}) + +#define my_syscall4(num, arg1, arg2, arg3, arg4) \ +({ \ + long _ret; \ + register long _num __asm__ ("eax") = (num); \ + register long _arg1 __asm__ ("ebx") = (long)(arg1); \ + register long _arg2 __asm__ ("ecx") = (long)(arg2); \ + register long _arg3 __asm__ ("edx") = (long)(arg3); \ + register long _arg4 __asm__ ("esi") = (long)(arg4); \ + \ + __asm__ volatile ( \ + "int $0x80\n" \ + : "=a" (_ret) \ + : "r"(_arg1), "r"(_arg2), "r"(_arg3), "r"(_arg4), \ + "0"(_num) \ + : "memory", "cc" \ + ); \ + _ret; \ +}) + +#define my_syscall5(num, arg1, arg2, arg3, arg4, arg5) \ +({ \ + long _ret; \ + register long _num __asm__ ("eax") = (num); \ + register long _arg1 __asm__ ("ebx") = (long)(arg1); \ + register long _arg2 __asm__ ("ecx") = (long)(arg2); \ + register long _arg3 __asm__ ("edx") = (long)(arg3); \ + register long _arg4 __asm__ ("esi") = (long)(arg4); \ + register long _arg5 __asm__ ("edi") = (long)(arg5); \ + \ + __asm__ volatile ( \ + "int $0x80\n" \ + : "=a" (_ret) \ + : "r"(_arg1), "r"(_arg2), "r"(_arg3), "r"(_arg4), "r"(_arg5), \ + "0"(_num) \ + : "memory", "cc" \ + ); \ + _ret; \ +}) + +#define my_syscall6(num, arg1, arg2, arg3, arg4, arg5, arg6) \ +({ \ + long _eax = (long)(num); \ + long _arg6 = (long)(arg6); /* Always in memory */ \ + __asm__ volatile ( \ + "pushl %[_arg6]\n\t" \ + "pushl %%ebp\n\t" \ + "movl 4(%%esp),%%ebp\n\t" \ + "int $0x80\n\t" \ + "popl %%ebp\n\t" \ + "addl $4,%%esp\n\t" \ + : "+a"(_eax) /* %eax */ \ + : "b"(arg1), /* %ebx */ \ + "c"(arg2), /* %ecx */ \ + "d"(arg3), /* %edx */ \ + "S"(arg4), /* %esi */ \ + "D"(arg5), /* %edi */ \ + [_arg6]"m"(_arg6) /* memory */ \ + : "memory", "cc" \ + ); \ + _eax; \ +}) + +/* startup code */ +/* + * i386 System V ABI mandates: + * 1) last pushed argument must be 16-byte aligned. + * 2) The deepest stack frame should be set to zero + * + */ +void __attribute__((weak, noreturn, optimize("Os", "omit-frame-pointer"))) __no_stack_protector _start(void) +{ + __asm__ volatile ( + "xor %ebp, %ebp\n" /* zero the stack frame */ + "mov %esp, %eax\n" /* save stack pointer to %eax, as arg1 of _start_c */ + "and $-16, %esp\n" /* last pushed argument must be 16-byte aligned */ + "push %eax\n" /* push arg1 on stack to support plain stack modes too */ + "call _start_c\n" /* transfer to c runtime */ + "hlt\n" /* ensure it does not return */ + ); + __builtin_unreachable(); +} + +#endif /* _NOLIBC_ARCH_I386_H */ diff --git a/libcontainer/dmz/nolibc/arch-loongarch.h b/libcontainer/dmz/nolibc/arch-loongarch.h new file mode 100644 index 00000000000..bf98f622019 --- /dev/null +++ b/libcontainer/dmz/nolibc/arch-loongarch.h @@ -0,0 +1,164 @@ +/* SPDX-License-Identifier: LGPL-2.1 OR MIT */ +/* + * LoongArch specific definitions for NOLIBC + * Copyright (C) 2023 Loongson Technology Corporation Limited + */ + +#ifndef _NOLIBC_ARCH_LOONGARCH_H +#define _NOLIBC_ARCH_LOONGARCH_H + +#include "compiler.h" +#include "crt.h" + +/* Syscalls for LoongArch : + * - stack is 16-byte aligned + * - syscall number is passed in a7 + * - arguments are in a0, a1, a2, a3, a4, a5 + * - the system call is performed by calling "syscall 0" + * - syscall return comes in a0 + * - the arguments are cast to long and assigned into the target + * registers which are then simply passed as registers to the asm code, + * so that we don't have to experience issues with register constraints. + * + * On LoongArch, select() is not implemented so we have to use pselect6(). + */ +#define __ARCH_WANT_SYS_PSELECT6 +#define _NOLIBC_SYSCALL_CLOBBERLIST \ + "memory", "$t0", "$t1", "$t2", "$t3", "$t4", "$t5", "$t6", "$t7", "$t8" + +#define my_syscall0(num) \ +({ \ + register long _num __asm__ ("a7") = (num); \ + register long _arg1 __asm__ ("a0"); \ + \ + __asm__ volatile ( \ + "syscall 0\n" \ + : "=r"(_arg1) \ + : "r"(_num) \ + : _NOLIBC_SYSCALL_CLOBBERLIST \ + ); \ + _arg1; \ +}) + +#define my_syscall1(num, arg1) \ +({ \ + register long _num __asm__ ("a7") = (num); \ + register long _arg1 __asm__ ("a0") = (long)(arg1); \ + \ + __asm__ volatile ( \ + "syscall 0\n" \ + : "+r"(_arg1) \ + : "r"(_num) \ + : _NOLIBC_SYSCALL_CLOBBERLIST \ + ); \ + _arg1; \ +}) + +#define my_syscall2(num, arg1, arg2) \ +({ \ + register long _num __asm__ ("a7") = (num); \ + register long _arg1 __asm__ ("a0") = (long)(arg1); \ + register long _arg2 __asm__ ("a1") = (long)(arg2); \ + \ + __asm__ volatile ( \ + "syscall 0\n" \ + : "+r"(_arg1) \ + : "r"(_arg2), \ + "r"(_num) \ + : _NOLIBC_SYSCALL_CLOBBERLIST \ + ); \ + _arg1; \ +}) + +#define my_syscall3(num, arg1, arg2, arg3) \ +({ \ + register long _num __asm__ ("a7") = (num); \ + register long _arg1 __asm__ ("a0") = (long)(arg1); \ + register long _arg2 __asm__ ("a1") = (long)(arg2); \ + register long _arg3 __asm__ ("a2") = (long)(arg3); \ + \ + __asm__ volatile ( \ + "syscall 0\n" \ + : "+r"(_arg1) \ + : "r"(_arg2), "r"(_arg3), \ + "r"(_num) \ + : _NOLIBC_SYSCALL_CLOBBERLIST \ + ); \ + _arg1; \ +}) + +#define my_syscall4(num, arg1, arg2, arg3, arg4) \ +({ \ + register long _num __asm__ ("a7") = (num); \ + register long _arg1 __asm__ ("a0") = (long)(arg1); \ + register long _arg2 __asm__ ("a1") = (long)(arg2); \ + register long _arg3 __asm__ ("a2") = (long)(arg3); \ + register long _arg4 __asm__ ("a3") = (long)(arg4); \ + \ + __asm__ volatile ( \ + "syscall 0\n" \ + : "+r"(_arg1) \ + : "r"(_arg2), "r"(_arg3), "r"(_arg4), \ + "r"(_num) \ + : _NOLIBC_SYSCALL_CLOBBERLIST \ + ); \ + _arg1; \ +}) + +#define my_syscall5(num, arg1, arg2, arg3, arg4, arg5) \ +({ \ + register long _num __asm__ ("a7") = (num); \ + register long _arg1 __asm__ ("a0") = (long)(arg1); \ + register long _arg2 __asm__ ("a1") = (long)(arg2); \ + register long _arg3 __asm__ ("a2") = (long)(arg3); \ + register long _arg4 __asm__ ("a3") = (long)(arg4); \ + register long _arg5 __asm__ ("a4") = (long)(arg5); \ + \ + __asm__ volatile ( \ + "syscall 0\n" \ + : "+r"(_arg1) \ + : "r"(_arg2), "r"(_arg3), "r"(_arg4), "r"(_arg5), \ + "r"(_num) \ + : _NOLIBC_SYSCALL_CLOBBERLIST \ + ); \ + _arg1; \ +}) + +#define my_syscall6(num, arg1, arg2, arg3, arg4, arg5, arg6) \ +({ \ + register long _num __asm__ ("a7") = (num); \ + register long _arg1 __asm__ ("a0") = (long)(arg1); \ + register long _arg2 __asm__ ("a1") = (long)(arg2); \ + register long _arg3 __asm__ ("a2") = (long)(arg3); \ + register long _arg4 __asm__ ("a3") = (long)(arg4); \ + register long _arg5 __asm__ ("a4") = (long)(arg5); \ + register long _arg6 __asm__ ("a5") = (long)(arg6); \ + \ + __asm__ volatile ( \ + "syscall 0\n" \ + : "+r"(_arg1) \ + : "r"(_arg2), "r"(_arg3), "r"(_arg4), "r"(_arg5), "r"(_arg6), \ + "r"(_num) \ + : _NOLIBC_SYSCALL_CLOBBERLIST \ + ); \ + _arg1; \ +}) + +#if __loongarch_grlen == 32 +#define LONG_BSTRINS "bstrins.w" +#else /* __loongarch_grlen == 64 */ +#define LONG_BSTRINS "bstrins.d" +#endif + +/* startup code */ +void __attribute__((weak, noreturn, optimize("Os", "omit-frame-pointer"))) __no_stack_protector _start(void) +{ + __asm__ volatile ( + "move $a0, $sp\n" /* save stack pointer to $a0, as arg1 of _start_c */ + LONG_BSTRINS " $sp, $zero, 3, 0\n" /* $sp must be 16-byte aligned */ + "bl _start_c\n" /* transfer to c runtime */ + ); + __builtin_unreachable(); +} + +#endif /* _NOLIBC_ARCH_LOONGARCH_H */ diff --git a/libcontainer/dmz/nolibc/arch-mips.h b/libcontainer/dmz/nolibc/arch-mips.h new file mode 100644 index 00000000000..4ab6fa54bee --- /dev/null +++ b/libcontainer/dmz/nolibc/arch-mips.h @@ -0,0 +1,195 @@ +/* SPDX-License-Identifier: LGPL-2.1 OR MIT */ +/* + * MIPS specific definitions for NOLIBC + * Copyright (C) 2017-2022 Willy Tarreau + */ + +#ifndef _NOLIBC_ARCH_MIPS_H +#define _NOLIBC_ARCH_MIPS_H + +#include "compiler.h" +#include "crt.h" + +/* Syscalls for MIPS ABI O32 : + * - WARNING! there's always a delayed slot! + * - WARNING again, the syntax is different, registers take a '$' and numbers + * do not. + * - registers are 32-bit + * - stack is 8-byte aligned + * - syscall number is passed in v0 (starts at 0xfa0). + * - arguments are in a0, a1, a2, a3, then the stack. The caller needs to + * leave some room in the stack for the callee to save a0..a3 if needed. + * - Many registers are clobbered, in fact only a0..a2 and s0..s8 are + * preserved. See: https://www.linux-mips.org/wiki/Syscall as well as + * scall32-o32.S in the kernel sources. + * - the system call is performed by calling "syscall" + * - syscall return comes in v0, and register a3 needs to be checked to know + * if an error occurred, in which case errno is in v0. + * - the arguments are cast to long and assigned into the target registers + * which are then simply passed as registers to the asm code, so that we + * don't have to experience issues with register constraints. + */ + +#define _NOLIBC_SYSCALL_CLOBBERLIST \ + "memory", "cc", "at", "v1", "hi", "lo", \ + "t0", "t1", "t2", "t3", "t4", "t5", "t6", "t7", "t8", "t9" + +#define my_syscall0(num) \ +({ \ + register long _num __asm__ ("v0") = (num); \ + register long _arg4 __asm__ ("a3"); \ + \ + __asm__ volatile ( \ + "addiu $sp, $sp, -32\n" \ + "syscall\n" \ + "addiu $sp, $sp, 32\n" \ + : "=r"(_num), "=r"(_arg4) \ + : "r"(_num) \ + : _NOLIBC_SYSCALL_CLOBBERLIST \ + ); \ + _arg4 ? -_num : _num; \ +}) + +#define my_syscall1(num, arg1) \ +({ \ + register long _num __asm__ ("v0") = (num); \ + register long _arg1 __asm__ ("a0") = (long)(arg1); \ + register long _arg4 __asm__ ("a3"); \ + \ + __asm__ volatile ( \ + "addiu $sp, $sp, -32\n" \ + "syscall\n" \ + "addiu $sp, $sp, 32\n" \ + : "=r"(_num), "=r"(_arg4) \ + : "0"(_num), \ + "r"(_arg1) \ + : _NOLIBC_SYSCALL_CLOBBERLIST \ + ); \ + _arg4 ? -_num : _num; \ +}) + +#define my_syscall2(num, arg1, arg2) \ +({ \ + register long _num __asm__ ("v0") = (num); \ + register long _arg1 __asm__ ("a0") = (long)(arg1); \ + register long _arg2 __asm__ ("a1") = (long)(arg2); \ + register long _arg4 __asm__ ("a3"); \ + \ + __asm__ volatile ( \ + "addiu $sp, $sp, -32\n" \ + "syscall\n" \ + "addiu $sp, $sp, 32\n" \ + : "=r"(_num), "=r"(_arg4) \ + : "0"(_num), \ + "r"(_arg1), "r"(_arg2) \ + : _NOLIBC_SYSCALL_CLOBBERLIST \ + ); \ + _arg4 ? -_num : _num; \ +}) + +#define my_syscall3(num, arg1, arg2, arg3) \ +({ \ + register long _num __asm__ ("v0") = (num); \ + register long _arg1 __asm__ ("a0") = (long)(arg1); \ + register long _arg2 __asm__ ("a1") = (long)(arg2); \ + register long _arg3 __asm__ ("a2") = (long)(arg3); \ + register long _arg4 __asm__ ("a3"); \ + \ + __asm__ volatile ( \ + "addiu $sp, $sp, -32\n" \ + "syscall\n" \ + "addiu $sp, $sp, 32\n" \ + : "=r"(_num), "=r"(_arg4) \ + : "0"(_num), \ + "r"(_arg1), "r"(_arg2), "r"(_arg3) \ + : _NOLIBC_SYSCALL_CLOBBERLIST \ + ); \ + _arg4 ? -_num : _num; \ +}) + +#define my_syscall4(num, arg1, arg2, arg3, arg4) \ +({ \ + register long _num __asm__ ("v0") = (num); \ + register long _arg1 __asm__ ("a0") = (long)(arg1); \ + register long _arg2 __asm__ ("a1") = (long)(arg2); \ + register long _arg3 __asm__ ("a2") = (long)(arg3); \ + register long _arg4 __asm__ ("a3") = (long)(arg4); \ + \ + __asm__ volatile ( \ + "addiu $sp, $sp, -32\n" \ + "syscall\n" \ + "addiu $sp, $sp, 32\n" \ + : "=r" (_num), "=r"(_arg4) \ + : "0"(_num), \ + "r"(_arg1), "r"(_arg2), "r"(_arg3), "r"(_arg4) \ + : _NOLIBC_SYSCALL_CLOBBERLIST \ + ); \ + _arg4 ? -_num : _num; \ +}) + +#define my_syscall5(num, arg1, arg2, arg3, arg4, arg5) \ +({ \ + register long _num __asm__ ("v0") = (num); \ + register long _arg1 __asm__ ("a0") = (long)(arg1); \ + register long _arg2 __asm__ ("a1") = (long)(arg2); \ + register long _arg3 __asm__ ("a2") = (long)(arg3); \ + register long _arg4 __asm__ ("a3") = (long)(arg4); \ + register long _arg5 = (long)(arg5); \ + \ + __asm__ volatile ( \ + "addiu $sp, $sp, -32\n" \ + "sw %7, 16($sp)\n" \ + "syscall\n" \ + "addiu $sp, $sp, 32\n" \ + : "=r" (_num), "=r"(_arg4) \ + : "0"(_num), \ + "r"(_arg1), "r"(_arg2), "r"(_arg3), "r"(_arg4), "r"(_arg5) \ + : _NOLIBC_SYSCALL_CLOBBERLIST \ + ); \ + _arg4 ? -_num : _num; \ +}) + +#define my_syscall6(num, arg1, arg2, arg3, arg4, arg5, arg6) \ +({ \ + register long _num __asm__ ("v0") = (num); \ + register long _arg1 __asm__ ("a0") = (long)(arg1); \ + register long _arg2 __asm__ ("a1") = (long)(arg2); \ + register long _arg3 __asm__ ("a2") = (long)(arg3); \ + register long _arg4 __asm__ ("a3") = (long)(arg4); \ + register long _arg5 = (long)(arg5); \ + register long _arg6 = (long)(arg6); \ + \ + __asm__ volatile ( \ + "addiu $sp, $sp, -32\n" \ + "sw %7, 16($sp)\n" \ + "sw %8, 20($sp)\n" \ + "syscall\n" \ + "addiu $sp, $sp, 32\n" \ + : "=r" (_num), "=r"(_arg4) \ + : "0"(_num), \ + "r"(_arg1), "r"(_arg2), "r"(_arg3), "r"(_arg4), "r"(_arg5), \ + "r"(_arg6) \ + : _NOLIBC_SYSCALL_CLOBBERLIST \ + ); \ + _arg4 ? -_num : _num; \ +}) + +/* startup code, note that it's called __start on MIPS */ +void __attribute__((weak, noreturn, optimize("Os", "omit-frame-pointer"))) __no_stack_protector __start(void) +{ + __asm__ volatile ( + ".set push\n" + ".set noreorder\n" + ".option pic0\n" + "move $a0, $sp\n" /* save stack pointer to $a0, as arg1 of _start_c */ + "li $t0, -8\n" + "and $sp, $sp, $t0\n" /* $sp must be 8-byte aligned */ + "addiu $sp, $sp, -16\n" /* the callee expects to save a0..a3 there */ + "jal _start_c\n" /* transfer to c runtime */ + " nop\n" /* delayed slot */ + ".set pop\n" + ); + __builtin_unreachable(); +} + +#endif /* _NOLIBC_ARCH_MIPS_H */ diff --git a/libcontainer/dmz/nolibc/arch-powerpc.h b/libcontainer/dmz/nolibc/arch-powerpc.h new file mode 100644 index 00000000000..ac212e6185b --- /dev/null +++ b/libcontainer/dmz/nolibc/arch-powerpc.h @@ -0,0 +1,221 @@ +/* SPDX-License-Identifier: LGPL-2.1 OR MIT */ +/* + * PowerPC specific definitions for NOLIBC + * Copyright (C) 2023 Zhangjin Wu + */ + +#ifndef _NOLIBC_ARCH_POWERPC_H +#define _NOLIBC_ARCH_POWERPC_H + +#include "compiler.h" +#include "crt.h" + +/* Syscalls for PowerPC : + * - stack is 16-byte aligned + * - syscall number is passed in r0 + * - arguments are in r3, r4, r5, r6, r7, r8, r9 + * - the system call is performed by calling "sc" + * - syscall return comes in r3, and the summary overflow bit is checked + * to know if an error occurred, in which case errno is in r3. + * - the arguments are cast to long and assigned into the target + * registers which are then simply passed as registers to the asm code, + * so that we don't have to experience issues with register constraints. + */ + +#define _NOLIBC_SYSCALL_CLOBBERLIST \ + "memory", "cr0", "r12", "r11", "r10", "r9" + +#define my_syscall0(num) \ +({ \ + register long _ret __asm__ ("r3"); \ + register long _num __asm__ ("r0") = (num); \ + \ + __asm__ volatile ( \ + " sc\n" \ + " bns+ 1f\n" \ + " neg %0, %0\n" \ + "1:\n" \ + : "=r"(_ret), "+r"(_num) \ + : \ + : _NOLIBC_SYSCALL_CLOBBERLIST, "r8", "r7", "r6", "r5", "r4" \ + ); \ + _ret; \ +}) + +#define my_syscall1(num, arg1) \ +({ \ + register long _ret __asm__ ("r3"); \ + register long _num __asm__ ("r0") = (num); \ + register long _arg1 __asm__ ("r3") = (long)(arg1); \ + \ + __asm__ volatile ( \ + " sc\n" \ + " bns+ 1f\n" \ + " neg %0, %0\n" \ + "1:\n" \ + : "=r"(_ret), "+r"(_num) \ + : "0"(_arg1) \ + : _NOLIBC_SYSCALL_CLOBBERLIST, "r8", "r7", "r6", "r5", "r4" \ + ); \ + _ret; \ +}) + + +#define my_syscall2(num, arg1, arg2) \ +({ \ + register long _ret __asm__ ("r3"); \ + register long _num __asm__ ("r0") = (num); \ + register long _arg1 __asm__ ("r3") = (long)(arg1); \ + register long _arg2 __asm__ ("r4") = (long)(arg2); \ + \ + __asm__ volatile ( \ + " sc\n" \ + " bns+ 1f\n" \ + " neg %0, %0\n" \ + "1:\n" \ + : "=r"(_ret), "+r"(_num), "+r"(_arg2) \ + : "0"(_arg1) \ + : _NOLIBC_SYSCALL_CLOBBERLIST, "r8", "r7", "r6", "r5" \ + ); \ + _ret; \ +}) + + +#define my_syscall3(num, arg1, arg2, arg3) \ +({ \ + register long _ret __asm__ ("r3"); \ + register long _num __asm__ ("r0") = (num); \ + register long _arg1 __asm__ ("r3") = (long)(arg1); \ + register long _arg2 __asm__ ("r4") = (long)(arg2); \ + register long _arg3 __asm__ ("r5") = (long)(arg3); \ + \ + __asm__ volatile ( \ + " sc\n" \ + " bns+ 1f\n" \ + " neg %0, %0\n" \ + "1:\n" \ + : "=r"(_ret), "+r"(_num), "+r"(_arg2), "+r"(_arg3) \ + : "0"(_arg1) \ + : _NOLIBC_SYSCALL_CLOBBERLIST, "r8", "r7", "r6" \ + ); \ + _ret; \ +}) + + +#define my_syscall4(num, arg1, arg2, arg3, arg4) \ +({ \ + register long _ret __asm__ ("r3"); \ + register long _num __asm__ ("r0") = (num); \ + register long _arg1 __asm__ ("r3") = (long)(arg1); \ + register long _arg2 __asm__ ("r4") = (long)(arg2); \ + register long _arg3 __asm__ ("r5") = (long)(arg3); \ + register long _arg4 __asm__ ("r6") = (long)(arg4); \ + \ + __asm__ volatile ( \ + " sc\n" \ + " bns+ 1f\n" \ + " neg %0, %0\n" \ + "1:\n" \ + : "=r"(_ret), "+r"(_num), "+r"(_arg2), "+r"(_arg3), \ + "+r"(_arg4) \ + : "0"(_arg1) \ + : _NOLIBC_SYSCALL_CLOBBERLIST, "r8", "r7" \ + ); \ + _ret; \ +}) + + +#define my_syscall5(num, arg1, arg2, arg3, arg4, arg5) \ +({ \ + register long _ret __asm__ ("r3"); \ + register long _num __asm__ ("r0") = (num); \ + register long _arg1 __asm__ ("r3") = (long)(arg1); \ + register long _arg2 __asm__ ("r4") = (long)(arg2); \ + register long _arg3 __asm__ ("r5") = (long)(arg3); \ + register long _arg4 __asm__ ("r6") = (long)(arg4); \ + register long _arg5 __asm__ ("r7") = (long)(arg5); \ + \ + __asm__ volatile ( \ + " sc\n" \ + " bns+ 1f\n" \ + " neg %0, %0\n" \ + "1:\n" \ + : "=r"(_ret), "+r"(_num), "+r"(_arg2), "+r"(_arg3), \ + "+r"(_arg4), "+r"(_arg5) \ + : "0"(_arg1) \ + : _NOLIBC_SYSCALL_CLOBBERLIST, "r8" \ + ); \ + _ret; \ +}) + +#define my_syscall6(num, arg1, arg2, arg3, arg4, arg5, arg6) \ +({ \ + register long _ret __asm__ ("r3"); \ + register long _num __asm__ ("r0") = (num); \ + register long _arg1 __asm__ ("r3") = (long)(arg1); \ + register long _arg2 __asm__ ("r4") = (long)(arg2); \ + register long _arg3 __asm__ ("r5") = (long)(arg3); \ + register long _arg4 __asm__ ("r6") = (long)(arg4); \ + register long _arg5 __asm__ ("r7") = (long)(arg5); \ + register long _arg6 __asm__ ("r8") = (long)(arg6); \ + \ + __asm__ volatile ( \ + " sc\n" \ + " bns+ 1f\n" \ + " neg %0, %0\n" \ + "1:\n" \ + : "=r"(_ret), "+r"(_num), "+r"(_arg2), "+r"(_arg3), \ + "+r"(_arg4), "+r"(_arg5), "+r"(_arg6) \ + : "0"(_arg1) \ + : _NOLIBC_SYSCALL_CLOBBERLIST \ + ); \ + _ret; \ +}) + +#ifndef __powerpc64__ +/* FIXME: For 32-bit PowerPC, with newer gcc compilers (e.g. gcc 13.1.0), + * "omit-frame-pointer" fails with __attribute__((no_stack_protector)) but + * works with __attribute__((__optimize__("-fno-stack-protector"))) + */ +#ifdef __no_stack_protector +#undef __no_stack_protector +#define __no_stack_protector __attribute__((__optimize__("-fno-stack-protector"))) +#endif +#endif /* !__powerpc64__ */ + +/* startup code */ +void __attribute__((weak, noreturn, optimize("Os", "omit-frame-pointer"))) __no_stack_protector _start(void) +{ +#ifdef __powerpc64__ +#if _CALL_ELF == 2 + /* with -mabi=elfv2, save TOC/GOT pointer to r2 + * r12 is global entry pointer, we use it to compute TOC from r12 + * https://www.llvm.org/devmtg/2014-04/PDFs/Talks/Euro-LLVM-2014-Weigand.pdf + * https://refspecs.linuxfoundation.org/ELF/ppc64/PPC-elf64abi.pdf + */ + __asm__ volatile ( + "addis 2, 12, .TOC. - _start@ha\n" + "addi 2, 2, .TOC. - _start@l\n" + ); +#endif /* _CALL_ELF == 2 */ + + __asm__ volatile ( + "mr 3, 1\n" /* save stack pointer to r3, as arg1 of _start_c */ + "clrrdi 1, 1, 4\n" /* align the stack to 16 bytes */ + "li 0, 0\n" /* zero the frame pointer */ + "stdu 1, -32(1)\n" /* the initial stack frame */ + "bl _start_c\n" /* transfer to c runtime */ + ); +#else + __asm__ volatile ( + "mr 3, 1\n" /* save stack pointer to r3, as arg1 of _start_c */ + "clrrwi 1, 1, 4\n" /* align the stack to 16 bytes */ + "li 0, 0\n" /* zero the frame pointer */ + "stwu 1, -16(1)\n" /* the initial stack frame */ + "bl _start_c\n" /* transfer to c runtime */ + ); +#endif + __builtin_unreachable(); +} + +#endif /* _NOLIBC_ARCH_POWERPC_H */ diff --git a/libcontainer/dmz/nolibc/arch-riscv.h b/libcontainer/dmz/nolibc/arch-riscv.h new file mode 100644 index 00000000000..950cc2283fd --- /dev/null +++ b/libcontainer/dmz/nolibc/arch-riscv.h @@ -0,0 +1,160 @@ +/* SPDX-License-Identifier: LGPL-2.1 OR MIT */ +/* + * RISCV (32 and 64) specific definitions for NOLIBC + * Copyright (C) 2017-2022 Willy Tarreau + */ + +#ifndef _NOLIBC_ARCH_RISCV_H +#define _NOLIBC_ARCH_RISCV_H + +#include "compiler.h" +#include "crt.h" + +/* Syscalls for RISCV : + * - stack is 16-byte aligned + * - syscall number is passed in a7 + * - arguments are in a0, a1, a2, a3, a4, a5 + * - the system call is performed by calling ecall + * - syscall return comes in a0 + * - the arguments are cast to long and assigned into the target + * registers which are then simply passed as registers to the asm code, + * so that we don't have to experience issues with register constraints. + * + * On riscv, select() is not implemented so we have to use pselect6(). + */ +#define __ARCH_WANT_SYS_PSELECT6 + +#define my_syscall0(num) \ +({ \ + register long _num __asm__ ("a7") = (num); \ + register long _arg1 __asm__ ("a0"); \ + \ + __asm__ volatile ( \ + "ecall\n\t" \ + : "=r"(_arg1) \ + : "r"(_num) \ + : "memory", "cc" \ + ); \ + _arg1; \ +}) + +#define my_syscall1(num, arg1) \ +({ \ + register long _num __asm__ ("a7") = (num); \ + register long _arg1 __asm__ ("a0") = (long)(arg1); \ + \ + __asm__ volatile ( \ + "ecall\n" \ + : "+r"(_arg1) \ + : "r"(_num) \ + : "memory", "cc" \ + ); \ + _arg1; \ +}) + +#define my_syscall2(num, arg1, arg2) \ +({ \ + register long _num __asm__ ("a7") = (num); \ + register long _arg1 __asm__ ("a0") = (long)(arg1); \ + register long _arg2 __asm__ ("a1") = (long)(arg2); \ + \ + __asm__ volatile ( \ + "ecall\n" \ + : "+r"(_arg1) \ + : "r"(_arg2), \ + "r"(_num) \ + : "memory", "cc" \ + ); \ + _arg1; \ +}) + +#define my_syscall3(num, arg1, arg2, arg3) \ +({ \ + register long _num __asm__ ("a7") = (num); \ + register long _arg1 __asm__ ("a0") = (long)(arg1); \ + register long _arg2 __asm__ ("a1") = (long)(arg2); \ + register long _arg3 __asm__ ("a2") = (long)(arg3); \ + \ + __asm__ volatile ( \ + "ecall\n\t" \ + : "+r"(_arg1) \ + : "r"(_arg2), "r"(_arg3), \ + "r"(_num) \ + : "memory", "cc" \ + ); \ + _arg1; \ +}) + +#define my_syscall4(num, arg1, arg2, arg3, arg4) \ +({ \ + register long _num __asm__ ("a7") = (num); \ + register long _arg1 __asm__ ("a0") = (long)(arg1); \ + register long _arg2 __asm__ ("a1") = (long)(arg2); \ + register long _arg3 __asm__ ("a2") = (long)(arg3); \ + register long _arg4 __asm__ ("a3") = (long)(arg4); \ + \ + __asm__ volatile ( \ + "ecall\n" \ + : "+r"(_arg1) \ + : "r"(_arg2), "r"(_arg3), "r"(_arg4), \ + "r"(_num) \ + : "memory", "cc" \ + ); \ + _arg1; \ +}) + +#define my_syscall5(num, arg1, arg2, arg3, arg4, arg5) \ +({ \ + register long _num __asm__ ("a7") = (num); \ + register long _arg1 __asm__ ("a0") = (long)(arg1); \ + register long _arg2 __asm__ ("a1") = (long)(arg2); \ + register long _arg3 __asm__ ("a2") = (long)(arg3); \ + register long _arg4 __asm__ ("a3") = (long)(arg4); \ + register long _arg5 __asm__ ("a4") = (long)(arg5); \ + \ + __asm__ volatile ( \ + "ecall\n" \ + : "+r"(_arg1) \ + : "r"(_arg2), "r"(_arg3), "r"(_arg4), "r"(_arg5), \ + "r"(_num) \ + : "memory", "cc" \ + ); \ + _arg1; \ +}) + +#define my_syscall6(num, arg1, arg2, arg3, arg4, arg5, arg6) \ +({ \ + register long _num __asm__ ("a7") = (num); \ + register long _arg1 __asm__ ("a0") = (long)(arg1); \ + register long _arg2 __asm__ ("a1") = (long)(arg2); \ + register long _arg3 __asm__ ("a2") = (long)(arg3); \ + register long _arg4 __asm__ ("a3") = (long)(arg4); \ + register long _arg5 __asm__ ("a4") = (long)(arg5); \ + register long _arg6 __asm__ ("a5") = (long)(arg6); \ + \ + __asm__ volatile ( \ + "ecall\n" \ + : "+r"(_arg1) \ + : "r"(_arg2), "r"(_arg3), "r"(_arg4), "r"(_arg5), "r"(_arg6), \ + "r"(_num) \ + : "memory", "cc" \ + ); \ + _arg1; \ +}) + +/* startup code */ +void __attribute__((weak, noreturn, optimize("Os", "omit-frame-pointer"))) __no_stack_protector _start(void) +{ + __asm__ volatile ( + ".option push\n" + ".option norelax\n" + "lla gp, __global_pointer$\n" + ".option pop\n" + "mv a0, sp\n" /* save stack pointer to a0, as arg1 of _start_c */ + "andi sp, a0, -16\n" /* sp must be 16-byte aligned */ + "call _start_c\n" /* transfer to c runtime */ + ); + __builtin_unreachable(); +} + +#endif /* _NOLIBC_ARCH_RISCV_H */ diff --git a/libcontainer/dmz/nolibc/arch-s390.h b/libcontainer/dmz/nolibc/arch-s390.h new file mode 100644 index 00000000000..5d60fd43f88 --- /dev/null +++ b/libcontainer/dmz/nolibc/arch-s390.h @@ -0,0 +1,186 @@ +/* SPDX-License-Identifier: LGPL-2.1 OR MIT */ +/* + * s390 specific definitions for NOLIBC + */ + +#ifndef _NOLIBC_ARCH_S390_H +#define _NOLIBC_ARCH_S390_H +#include +#include + +#include "compiler.h" +#include "crt.h" + +/* Syscalls for s390: + * - registers are 64-bit + * - syscall number is passed in r1 + * - arguments are in r2-r7 + * - the system call is performed by calling the svc instruction + * - syscall return value is in r2 + * - r1 and r2 are clobbered, others are preserved. + * + * Link s390 ABI: https://github.com/IBM/s390x-abi + * + */ + +#define my_syscall0(num) \ +({ \ + register long _num __asm__ ("1") = (num); \ + register long _rc __asm__ ("2"); \ + \ + __asm__ volatile ( \ + "svc 0\n" \ + : "=d"(_rc) \ + : "d"(_num) \ + : "memory", "cc" \ + ); \ + _rc; \ +}) + +#define my_syscall1(num, arg1) \ +({ \ + register long _num __asm__ ("1") = (num); \ + register long _arg1 __asm__ ("2") = (long)(arg1); \ + \ + __asm__ volatile ( \ + "svc 0\n" \ + : "+d"(_arg1) \ + : "d"(_num) \ + : "memory", "cc" \ + ); \ + _arg1; \ +}) + +#define my_syscall2(num, arg1, arg2) \ +({ \ + register long _num __asm__ ("1") = (num); \ + register long _arg1 __asm__ ("2") = (long)(arg1); \ + register long _arg2 __asm__ ("3") = (long)(arg2); \ + \ + __asm__ volatile ( \ + "svc 0\n" \ + : "+d"(_arg1) \ + : "d"(_arg2), "d"(_num) \ + : "memory", "cc" \ + ); \ + _arg1; \ +}) + +#define my_syscall3(num, arg1, arg2, arg3) \ +({ \ + register long _num __asm__ ("1") = (num); \ + register long _arg1 __asm__ ("2") = (long)(arg1); \ + register long _arg2 __asm__ ("3") = (long)(arg2); \ + register long _arg3 __asm__ ("4") = (long)(arg3); \ + \ + __asm__ volatile ( \ + "svc 0\n" \ + : "+d"(_arg1) \ + : "d"(_arg2), "d"(_arg3), "d"(_num) \ + : "memory", "cc" \ + ); \ + _arg1; \ +}) + +#define my_syscall4(num, arg1, arg2, arg3, arg4) \ +({ \ + register long _num __asm__ ("1") = (num); \ + register long _arg1 __asm__ ("2") = (long)(arg1); \ + register long _arg2 __asm__ ("3") = (long)(arg2); \ + register long _arg3 __asm__ ("4") = (long)(arg3); \ + register long _arg4 __asm__ ("5") = (long)(arg4); \ + \ + __asm__ volatile ( \ + "svc 0\n" \ + : "+d"(_arg1) \ + : "d"(_arg2), "d"(_arg3), "d"(_arg4), "d"(_num) \ + : "memory", "cc" \ + ); \ + _arg1; \ +}) + +#define my_syscall5(num, arg1, arg2, arg3, arg4, arg5) \ +({ \ + register long _num __asm__ ("1") = (num); \ + register long _arg1 __asm__ ("2") = (long)(arg1); \ + register long _arg2 __asm__ ("3") = (long)(arg2); \ + register long _arg3 __asm__ ("4") = (long)(arg3); \ + register long _arg4 __asm__ ("5") = (long)(arg4); \ + register long _arg5 __asm__ ("6") = (long)(arg5); \ + \ + __asm__ volatile ( \ + "svc 0\n" \ + : "+d"(_arg1) \ + : "d"(_arg2), "d"(_arg3), "d"(_arg4), "d"(_arg5), \ + "d"(_num) \ + : "memory", "cc" \ + ); \ + _arg1; \ +}) + +#define my_syscall6(num, arg1, arg2, arg3, arg4, arg5, arg6) \ +({ \ + register long _num __asm__ ("1") = (num); \ + register long _arg1 __asm__ ("2") = (long)(arg1); \ + register long _arg2 __asm__ ("3") = (long)(arg2); \ + register long _arg3 __asm__ ("4") = (long)(arg3); \ + register long _arg4 __asm__ ("5") = (long)(arg4); \ + register long _arg5 __asm__ ("6") = (long)(arg5); \ + register long _arg6 __asm__ ("7") = (long)(arg6); \ + \ + __asm__ volatile ( \ + "svc 0\n" \ + : "+d"(_arg1) \ + : "d"(_arg2), "d"(_arg3), "d"(_arg4), "d"(_arg5), \ + "d"(_arg6), "d"(_num) \ + : "memory", "cc" \ + ); \ + _arg1; \ +}) + +/* startup code */ +void __attribute__((weak, noreturn, optimize("Os", "omit-frame-pointer"))) __no_stack_protector _start(void) +{ + __asm__ volatile ( + "lgr %r2, %r15\n" /* save stack pointer to %r2, as arg1 of _start_c */ + "aghi %r15, -160\n" /* allocate new stackframe */ + "xc 0(8,%r15), 0(%r15)\n" /* clear backchain */ + "brasl %r14, _start_c\n" /* transfer to c runtime */ + ); + __builtin_unreachable(); +} + +struct s390_mmap_arg_struct { + unsigned long addr; + unsigned long len; + unsigned long prot; + unsigned long flags; + unsigned long fd; + unsigned long offset; +}; + +static __attribute__((unused)) +void *sys_mmap(void *addr, size_t length, int prot, int flags, int fd, + off_t offset) +{ + struct s390_mmap_arg_struct args = { + .addr = (unsigned long)addr, + .len = (unsigned long)length, + .prot = prot, + .flags = flags, + .fd = fd, + .offset = (unsigned long)offset + }; + + return (void *)my_syscall1(__NR_mmap, &args); +} +#define sys_mmap sys_mmap + +static __attribute__((unused)) +pid_t sys_fork(void) +{ + return my_syscall5(__NR_clone, 0, SIGCHLD, 0, 0, 0); +} +#define sys_fork sys_fork + +#endif /* _NOLIBC_ARCH_S390_H */ diff --git a/libcontainer/dmz/nolibc/arch-x86_64.h b/libcontainer/dmz/nolibc/arch-x86_64.h new file mode 100644 index 00000000000..e5ccb926c90 --- /dev/null +++ b/libcontainer/dmz/nolibc/arch-x86_64.h @@ -0,0 +1,176 @@ +/* SPDX-License-Identifier: LGPL-2.1 OR MIT */ +/* + * x86_64 specific definitions for NOLIBC + * Copyright (C) 2017-2022 Willy Tarreau + */ + +#ifndef _NOLIBC_ARCH_X86_64_H +#define _NOLIBC_ARCH_X86_64_H + +#include "compiler.h" +#include "crt.h" + +/* Syscalls for x86_64 : + * - registers are 64-bit + * - syscall number is passed in rax + * - arguments are in rdi, rsi, rdx, r10, r8, r9 respectively + * - the system call is performed by calling the syscall instruction + * - syscall return comes in rax + * - rcx and r11 are clobbered, others are preserved. + * - the arguments are cast to long and assigned into the target registers + * which are then simply passed as registers to the asm code, so that we + * don't have to experience issues with register constraints. + * - the syscall number is always specified last in order to allow to force + * some registers before (gcc refuses a %-register at the last position). + * - see also x86-64 ABI section A.2 AMD64 Linux Kernel Conventions, A.2.1 + * Calling Conventions. + * + * Link x86-64 ABI: https://gitlab.com/x86-psABIs/x86-64-ABI/-/wikis/home + * + */ + +#define my_syscall0(num) \ +({ \ + long _ret; \ + register long _num __asm__ ("rax") = (num); \ + \ + __asm__ volatile ( \ + "syscall\n" \ + : "=a"(_ret) \ + : "0"(_num) \ + : "rcx", "r11", "memory", "cc" \ + ); \ + _ret; \ +}) + +#define my_syscall1(num, arg1) \ +({ \ + long _ret; \ + register long _num __asm__ ("rax") = (num); \ + register long _arg1 __asm__ ("rdi") = (long)(arg1); \ + \ + __asm__ volatile ( \ + "syscall\n" \ + : "=a"(_ret) \ + : "r"(_arg1), \ + "0"(_num) \ + : "rcx", "r11", "memory", "cc" \ + ); \ + _ret; \ +}) + +#define my_syscall2(num, arg1, arg2) \ +({ \ + long _ret; \ + register long _num __asm__ ("rax") = (num); \ + register long _arg1 __asm__ ("rdi") = (long)(arg1); \ + register long _arg2 __asm__ ("rsi") = (long)(arg2); \ + \ + __asm__ volatile ( \ + "syscall\n" \ + : "=a"(_ret) \ + : "r"(_arg1), "r"(_arg2), \ + "0"(_num) \ + : "rcx", "r11", "memory", "cc" \ + ); \ + _ret; \ +}) + +#define my_syscall3(num, arg1, arg2, arg3) \ +({ \ + long _ret; \ + register long _num __asm__ ("rax") = (num); \ + register long _arg1 __asm__ ("rdi") = (long)(arg1); \ + register long _arg2 __asm__ ("rsi") = (long)(arg2); \ + register long _arg3 __asm__ ("rdx") = (long)(arg3); \ + \ + __asm__ volatile ( \ + "syscall\n" \ + : "=a"(_ret) \ + : "r"(_arg1), "r"(_arg2), "r"(_arg3), \ + "0"(_num) \ + : "rcx", "r11", "memory", "cc" \ + ); \ + _ret; \ +}) + +#define my_syscall4(num, arg1, arg2, arg3, arg4) \ +({ \ + long _ret; \ + register long _num __asm__ ("rax") = (num); \ + register long _arg1 __asm__ ("rdi") = (long)(arg1); \ + register long _arg2 __asm__ ("rsi") = (long)(arg2); \ + register long _arg3 __asm__ ("rdx") = (long)(arg3); \ + register long _arg4 __asm__ ("r10") = (long)(arg4); \ + \ + __asm__ volatile ( \ + "syscall\n" \ + : "=a"(_ret) \ + : "r"(_arg1), "r"(_arg2), "r"(_arg3), "r"(_arg4), \ + "0"(_num) \ + : "rcx", "r11", "memory", "cc" \ + ); \ + _ret; \ +}) + +#define my_syscall5(num, arg1, arg2, arg3, arg4, arg5) \ +({ \ + long _ret; \ + register long _num __asm__ ("rax") = (num); \ + register long _arg1 __asm__ ("rdi") = (long)(arg1); \ + register long _arg2 __asm__ ("rsi") = (long)(arg2); \ + register long _arg3 __asm__ ("rdx") = (long)(arg3); \ + register long _arg4 __asm__ ("r10") = (long)(arg4); \ + register long _arg5 __asm__ ("r8") = (long)(arg5); \ + \ + __asm__ volatile ( \ + "syscall\n" \ + : "=a"(_ret) \ + : "r"(_arg1), "r"(_arg2), "r"(_arg3), "r"(_arg4), "r"(_arg5), \ + "0"(_num) \ + : "rcx", "r11", "memory", "cc" \ + ); \ + _ret; \ +}) + +#define my_syscall6(num, arg1, arg2, arg3, arg4, arg5, arg6) \ +({ \ + long _ret; \ + register long _num __asm__ ("rax") = (num); \ + register long _arg1 __asm__ ("rdi") = (long)(arg1); \ + register long _arg2 __asm__ ("rsi") = (long)(arg2); \ + register long _arg3 __asm__ ("rdx") = (long)(arg3); \ + register long _arg4 __asm__ ("r10") = (long)(arg4); \ + register long _arg5 __asm__ ("r8") = (long)(arg5); \ + register long _arg6 __asm__ ("r9") = (long)(arg6); \ + \ + __asm__ volatile ( \ + "syscall\n" \ + : "=a"(_ret) \ + : "r"(_arg1), "r"(_arg2), "r"(_arg3), "r"(_arg4), "r"(_arg5), \ + "r"(_arg6), "0"(_num) \ + : "rcx", "r11", "memory", "cc" \ + ); \ + _ret; \ +}) + +/* startup code */ +/* + * x86-64 System V ABI mandates: + * 1) %rsp must be 16-byte aligned right before the function call. + * 2) The deepest stack frame should be zero (the %rbp). + * + */ +void __attribute__((weak, noreturn, optimize("Os", "omit-frame-pointer"))) __no_stack_protector _start(void) +{ + __asm__ volatile ( + "xor %ebp, %ebp\n" /* zero the stack frame */ + "mov %rsp, %rdi\n" /* save stack pointer to %rdi, as arg1 of _start_c */ + "and $-16, %rsp\n" /* %rsp must be 16-byte aligned before call */ + "call _start_c\n" /* transfer to c runtime */ + "hlt\n" /* ensure it does not return */ + ); + __builtin_unreachable(); +} + +#endif /* _NOLIBC_ARCH_X86_64_H */ diff --git a/libcontainer/dmz/nolibc/arch.h b/libcontainer/dmz/nolibc/arch.h new file mode 100644 index 00000000000..e276fb0680a --- /dev/null +++ b/libcontainer/dmz/nolibc/arch.h @@ -0,0 +1,38 @@ +/* SPDX-License-Identifier: LGPL-2.1 OR MIT */ +/* + * Copyright (C) 2017-2022 Willy Tarreau + */ + +/* Below comes the architecture-specific code. For each architecture, we have + * the syscall declarations and the _start code definition. This is the only + * global part. On all architectures the kernel puts everything in the stack + * before jumping to _start just above us, without any return address (_start + * is not a function but an entry point). So at the stack pointer we find argc. + * Then argv[] begins, and ends at the first NULL. Then we have envp which + * starts and ends with a NULL as well. So envp=argv+argc+1. + */ + +#ifndef _NOLIBC_ARCH_H +#define _NOLIBC_ARCH_H + +#if defined(__x86_64__) +#include "arch-x86_64.h" +#elif defined(__i386__) || defined(__i486__) || defined(__i586__) || defined(__i686__) +#include "arch-i386.h" +#elif defined(__ARM_EABI__) +#include "arch-arm.h" +#elif defined(__aarch64__) +#include "arch-aarch64.h" +#elif defined(__mips__) && defined(_ABIO32) +#include "arch-mips.h" +#elif defined(__powerpc__) +#include "arch-powerpc.h" +#elif defined(__riscv) +#include "arch-riscv.h" +#elif defined(__s390x__) +#include "arch-s390.h" +#elif defined(__loongarch__) +#include "arch-loongarch.h" +#endif + +#endif /* _NOLIBC_ARCH_H */ diff --git a/libcontainer/dmz/nolibc/compiler.h b/libcontainer/dmz/nolibc/compiler.h new file mode 100644 index 00000000000..beddc3665d6 --- /dev/null +++ b/libcontainer/dmz/nolibc/compiler.h @@ -0,0 +1,25 @@ +/* SPDX-License-Identifier: LGPL-2.1 OR MIT */ +/* + * NOLIBC compiler support header + * Copyright (C) 2023 Thomas WeiĂŸschuh + */ +#ifndef _NOLIBC_COMPILER_H +#define _NOLIBC_COMPILER_H + +#if defined(__SSP__) || defined(__SSP_STRONG__) || defined(__SSP_ALL__) || defined(__SSP_EXPLICIT__) + +#define _NOLIBC_STACKPROTECTOR + +#endif /* defined(__SSP__) ... */ + +#if defined(__has_attribute) +# if __has_attribute(no_stack_protector) +# define __no_stack_protector __attribute__((no_stack_protector)) +# else +# define __no_stack_protector __attribute__((__optimize__("-fno-stack-protector"))) +# endif +#else +# define __no_stack_protector __attribute__((__optimize__("-fno-stack-protector"))) +#endif /* defined(__has_attribute) */ + +#endif /* _NOLIBC_COMPILER_H */ diff --git a/libcontainer/dmz/nolibc/crt.h b/libcontainer/dmz/nolibc/crt.h new file mode 100644 index 00000000000..a5f33fef167 --- /dev/null +++ b/libcontainer/dmz/nolibc/crt.h @@ -0,0 +1,61 @@ +/* SPDX-License-Identifier: LGPL-2.1 OR MIT */ +/* + * C Run Time support for NOLIBC + * Copyright (C) 2023 Zhangjin Wu + */ + +#ifndef _NOLIBC_CRT_H +#define _NOLIBC_CRT_H + +char **environ __attribute__((weak)); +const unsigned long *_auxv __attribute__((weak)); + +static void __stack_chk_init(void); +static void exit(int); + +void _start_c(long *sp) +{ + long argc; + char **argv; + char **envp; + const unsigned long *auxv; + /* silence potential warning: conflicting types for 'main' */ + int _nolibc_main(int, char **, char **) __asm__ ("main"); + + /* initialize stack protector */ + __stack_chk_init(); + + /* + * sp : argc <-- argument count, required by main() + * argv: argv[0] <-- argument vector, required by main() + * argv[1] + * ... + * argv[argc-1] + * null + * environ: environ[0] <-- environment variables, required by main() and getenv() + * environ[1] + * ... + * null + * _auxv: _auxv[0] <-- auxiliary vector, required by getauxval() + * _auxv[1] + * ... + * null + */ + + /* assign argc and argv */ + argc = *sp; + argv = (void *)(sp + 1); + + /* find environ */ + environ = envp = argv + argc + 1; + + /* find _auxv */ + for (auxv = (void *)envp; *auxv++;) + ; + _auxv = auxv; + + /* go to application */ + exit(_nolibc_main(argc, argv, envp)); +} + +#endif /* _NOLIBC_CRT_H */ diff --git a/libcontainer/dmz/nolibc/ctype.h b/libcontainer/dmz/nolibc/ctype.h new file mode 100644 index 00000000000..6f90706d064 --- /dev/null +++ b/libcontainer/dmz/nolibc/ctype.h @@ -0,0 +1,102 @@ +/* SPDX-License-Identifier: LGPL-2.1 OR MIT */ +/* + * ctype function definitions for NOLIBC + * Copyright (C) 2017-2021 Willy Tarreau + */ + +#ifndef _NOLIBC_CTYPE_H +#define _NOLIBC_CTYPE_H + +#include "std.h" + +/* + * As much as possible, please keep functions alphabetically sorted. + */ + +static __attribute__((unused)) +int isascii(int c) +{ + /* 0x00..0x7f */ + return (unsigned int)c <= 0x7f; +} + +static __attribute__((unused)) +int isblank(int c) +{ + return c == '\t' || c == ' '; +} + +static __attribute__((unused)) +int iscntrl(int c) +{ + /* 0x00..0x1f, 0x7f */ + return (unsigned int)c < 0x20 || c == 0x7f; +} + +static __attribute__((unused)) +int isdigit(int c) +{ + return (unsigned int)(c - '0') < 10; +} + +static __attribute__((unused)) +int isgraph(int c) +{ + /* 0x21..0x7e */ + return (unsigned int)(c - 0x21) < 0x5e; +} + +static __attribute__((unused)) +int islower(int c) +{ + return (unsigned int)(c - 'a') < 26; +} + +static __attribute__((unused)) +int isprint(int c) +{ + /* 0x20..0x7e */ + return (unsigned int)(c - 0x20) < 0x5f; +} + +static __attribute__((unused)) +int isspace(int c) +{ + /* \t is 0x9, \n is 0xA, \v is 0xB, \f is 0xC, \r is 0xD */ + return ((unsigned int)c == ' ') || (unsigned int)(c - 0x09) < 5; +} + +static __attribute__((unused)) +int isupper(int c) +{ + return (unsigned int)(c - 'A') < 26; +} + +static __attribute__((unused)) +int isxdigit(int c) +{ + return isdigit(c) || (unsigned int)(c - 'A') < 6 || (unsigned int)(c - 'a') < 6; +} + +static __attribute__((unused)) +int isalpha(int c) +{ + return islower(c) || isupper(c); +} + +static __attribute__((unused)) +int isalnum(int c) +{ + return isalpha(c) || isdigit(c); +} + +static __attribute__((unused)) +int ispunct(int c) +{ + return isgraph(c) && !isalnum(c); +} + +/* make sure to include all global symbols */ +#include "nolibc.h" + +#endif /* _NOLIBC_CTYPE_H */ diff --git a/libcontainer/dmz/nolibc/errno.h b/libcontainer/dmz/nolibc/errno.h new file mode 100644 index 00000000000..a44486ff047 --- /dev/null +++ b/libcontainer/dmz/nolibc/errno.h @@ -0,0 +1,28 @@ +/* SPDX-License-Identifier: LGPL-2.1 OR MIT */ +/* + * Minimal errno definitions for NOLIBC + * Copyright (C) 2017-2022 Willy Tarreau + */ + +#ifndef _NOLIBC_ERRNO_H +#define _NOLIBC_ERRNO_H + +#include + +#ifndef NOLIBC_IGNORE_ERRNO +#define SET_ERRNO(v) do { errno = (v); } while (0) +int errno __attribute__((weak)); +#else +#define SET_ERRNO(v) do { } while (0) +#endif + + +/* errno codes all ensure that they will not conflict with a valid pointer + * because they all correspond to the highest addressable memory page. + */ +#define MAX_ERRNO 4095 + +/* make sure to include all global symbols */ +#include "nolibc.h" + +#endif /* _NOLIBC_ERRNO_H */ diff --git a/libcontainer/dmz/nolibc/nolibc.h b/libcontainer/dmz/nolibc/nolibc.h new file mode 100644 index 00000000000..1f8d821000a --- /dev/null +++ b/libcontainer/dmz/nolibc/nolibc.h @@ -0,0 +1,111 @@ +/* SPDX-License-Identifier: LGPL-2.1 OR MIT */ +/* nolibc.h + * Copyright (C) 2017-2018 Willy Tarreau + */ + +/* + * This file is designed to be used as a libc alternative for minimal programs + * with very limited requirements. It consists of a small number of syscall and + * type definitions, and the minimal startup code needed to call main(). + * All syscalls are declared as static functions so that they can be optimized + * away by the compiler when not used. + * + * Syscalls are split into 3 levels: + * - The lower level is the arch-specific syscall() definition, consisting in + * assembly code in compound expressions. These are called my_syscall0() to + * my_syscall6() depending on the number of arguments. All input arguments + * are castto a long stored in a register. These expressions always return + * the syscall's return value as a signed long value which is often either + * a pointer or the negated errno value. + * + * - The second level is mostly architecture-independent. It is made of + * static functions called sys_() which rely on my_syscallN() + * depending on the syscall definition. These functions are responsible + * for exposing the appropriate types for the syscall arguments (int, + * pointers, etc) and for setting the appropriate return type (often int). + * A few of them are architecture-specific because the syscalls are not all + * mapped exactly the same among architectures. For example, some archs do + * not implement select() and need pselect6() instead, so the sys_select() + * function will have to abstract this. + * + * - The third level is the libc call definition. It exposes the lower raw + * sys_() calls in a way that looks like what a libc usually does, + * takes care of specific input values, and of setting errno upon error. + * There can be minor variations compared to standard libc calls. For + * example the open() call always takes 3 args here. + * + * The errno variable is declared static and unused. This way it can be + * optimized away if not used. However this means that a program made of + * multiple C files may observe different errno values (one per C file). For + * the type of programs this project targets it usually is not a problem. The + * resulting program may even be reduced by defining the NOLIBC_IGNORE_ERRNO + * macro, in which case the errno value will never be assigned. + * + * Some stdint-like integer types are defined. These are valid on all currently + * supported architectures, because signs are enforced, ints are assumed to be + * 32 bits, longs the size of a pointer and long long 64 bits. If more + * architectures have to be supported, this may need to be adapted. + * + * Some macro definitions like the O_* values passed to open(), and some + * structures like the sys_stat struct depend on the architecture. + * + * The definitions start with the architecture-specific parts, which are picked + * based on what the compiler knows about the target architecture, and are + * completed with the generic code. Since it is the compiler which sets the + * target architecture, cross-compiling normally works out of the box without + * having to specify anything. + * + * Finally some very common libc-level functions are provided. It is the case + * for a few functions usually found in string.h, ctype.h, or stdlib.h. + * + * The nolibc.h file is only a convenient entry point which includes all other + * files. It also defines the NOLIBC macro, so that it is possible for a + * program to check this macro to know if it is being built against and decide + * to disable some features or simply not to include some standard libc files. + * + * A simple static executable may be built this way : + * $ gcc -fno-asynchronous-unwind-tables -fno-ident -s -Os -nostdlib \ + * -static -include nolibc.h -o hello hello.c -lgcc + * + * Simple programs meant to be reasonably portable to various libc and using + * only a few common includes, may also be built by simply making the include + * path point to the nolibc directory: + * $ gcc -fno-asynchronous-unwind-tables -fno-ident -s -Os -nostdlib \ + * -I../nolibc -o hello hello.c -lgcc + * + * The available standard (but limited) include files are: + * ctype.h, errno.h, signal.h, stdio.h, stdlib.h, string.h, time.h + * + * In addition, the following ones are expected to be provided by the compiler: + * float.h, stdarg.h, stddef.h + * + * The following ones which are part to the C standard are not provided: + * assert.h, locale.h, math.h, setjmp.h, limits.h + * + * A very useful calling convention table may be found here : + * http://man7.org/linux/man-pages/man2/syscall.2.html + * + * This doc is quite convenient though not necessarily up to date : + * https://w3challs.com/syscalls/ + * + */ +#ifndef _NOLIBC_H +#define _NOLIBC_H + +#include "std.h" +#include "arch.h" +#include "types.h" +#include "sys.h" +#include "ctype.h" +#include "signal.h" +#include "unistd.h" +#include "stdio.h" +#include "stdlib.h" +#include "string.h" +#include "time.h" +#include "stackprotector.h" + +/* Used by programs to avoid std includes */ +#define NOLIBC + +#endif /* _NOLIBC_H */ diff --git a/libcontainer/dmz/nolibc/signal.h b/libcontainer/dmz/nolibc/signal.h new file mode 100644 index 00000000000..137552216e4 --- /dev/null +++ b/libcontainer/dmz/nolibc/signal.h @@ -0,0 +1,25 @@ +/* SPDX-License-Identifier: LGPL-2.1 OR MIT */ +/* + * signal function definitions for NOLIBC + * Copyright (C) 2017-2022 Willy Tarreau + */ + +#ifndef _NOLIBC_SIGNAL_H +#define _NOLIBC_SIGNAL_H + +#include "std.h" +#include "arch.h" +#include "types.h" +#include "sys.h" + +/* This one is not marked static as it's needed by libgcc for divide by zero */ +__attribute__((weak,unused,section(".text.nolibc_raise"))) +int raise(int signal) +{ + return sys_kill(sys_getpid(), signal); +} + +/* make sure to include all global symbols */ +#include "nolibc.h" + +#endif /* _NOLIBC_SIGNAL_H */ diff --git a/libcontainer/dmz/nolibc/stackprotector.h b/libcontainer/dmz/nolibc/stackprotector.h new file mode 100644 index 00000000000..13f1d0e6038 --- /dev/null +++ b/libcontainer/dmz/nolibc/stackprotector.h @@ -0,0 +1,51 @@ +/* SPDX-License-Identifier: LGPL-2.1 OR MIT */ +/* + * Stack protector support for NOLIBC + * Copyright (C) 2023 Thomas WeiĂŸschuh + */ + +#ifndef _NOLIBC_STACKPROTECTOR_H +#define _NOLIBC_STACKPROTECTOR_H + +#include "compiler.h" + +#if defined(_NOLIBC_STACKPROTECTOR) + +#include "sys.h" +#include "stdlib.h" + +/* The functions in this header are using raw syscall macros to avoid + * triggering stack protector errors themselves + */ + +__attribute__((weak,noreturn,section(".text.nolibc_stack_chk"))) +void __stack_chk_fail(void) +{ + pid_t pid; + my_syscall3(__NR_write, STDERR_FILENO, "!!Stack smashing detected!!\n", 28); + pid = my_syscall0(__NR_getpid); + my_syscall2(__NR_kill, pid, SIGABRT); + for (;;); +} + +__attribute__((weak,noreturn,section(".text.nolibc_stack_chk"))) +void __stack_chk_fail_local(void) +{ + __stack_chk_fail(); +} + +__attribute__((weak,section(".data.nolibc_stack_chk"))) +uintptr_t __stack_chk_guard; + +static __no_stack_protector void __stack_chk_init(void) +{ + my_syscall3(__NR_getrandom, &__stack_chk_guard, sizeof(__stack_chk_guard), 0); + /* a bit more randomness in case getrandom() fails, ensure the guard is never 0 */ + if (__stack_chk_guard != (uintptr_t) &__stack_chk_guard) + __stack_chk_guard ^= (uintptr_t) &__stack_chk_guard; +} +#else /* !defined(_NOLIBC_STACKPROTECTOR) */ +static void __stack_chk_init(void) {} +#endif /* defined(_NOLIBC_STACKPROTECTOR) */ + +#endif /* _NOLIBC_STACKPROTECTOR_H */ diff --git a/libcontainer/dmz/nolibc/std.h b/libcontainer/dmz/nolibc/std.h new file mode 100644 index 00000000000..933bc0be7e1 --- /dev/null +++ b/libcontainer/dmz/nolibc/std.h @@ -0,0 +1,36 @@ +/* SPDX-License-Identifier: LGPL-2.1 OR MIT */ +/* + * Standard definitions and types for NOLIBC + * Copyright (C) 2017-2021 Willy Tarreau + */ + +#ifndef _NOLIBC_STD_H +#define _NOLIBC_STD_H + +/* Declare a few quite common macros and types that usually are in stdlib.h, + * stdint.h, ctype.h, unistd.h and a few other common locations. Please place + * integer type definitions and generic macros here, but avoid OS-specific and + * syscall-specific stuff, as this file is expected to be included very early. + */ + +/* note: may already be defined */ +#ifndef NULL +#define NULL ((void *)0) +#endif + +#include "stdint.h" + +/* those are commonly provided by sys/types.h */ +typedef unsigned int dev_t; +typedef unsigned long ino_t; +typedef unsigned int mode_t; +typedef signed int pid_t; +typedef unsigned int uid_t; +typedef unsigned int gid_t; +typedef unsigned long nlink_t; +typedef signed long off_t; +typedef signed long blksize_t; +typedef signed long blkcnt_t; +typedef signed long time_t; + +#endif /* _NOLIBC_STD_H */ diff --git a/libcontainer/dmz/nolibc/stdint.h b/libcontainer/dmz/nolibc/stdint.h new file mode 100644 index 00000000000..6665e272e21 --- /dev/null +++ b/libcontainer/dmz/nolibc/stdint.h @@ -0,0 +1,113 @@ +/* SPDX-License-Identifier: LGPL-2.1 OR MIT */ +/* + * Standard definitions and types for NOLIBC + * Copyright (C) 2023 Vincent Dagonneau + */ + +#ifndef _NOLIBC_STDINT_H +#define _NOLIBC_STDINT_H + +typedef unsigned char uint8_t; +typedef signed char int8_t; +typedef unsigned short uint16_t; +typedef signed short int16_t; +typedef unsigned int uint32_t; +typedef signed int int32_t; +typedef unsigned long long uint64_t; +typedef signed long long int64_t; +typedef __SIZE_TYPE__ size_t; +typedef signed long ssize_t; +typedef unsigned long uintptr_t; +typedef signed long intptr_t; +typedef signed long ptrdiff_t; + +typedef int8_t int_least8_t; +typedef uint8_t uint_least8_t; +typedef int16_t int_least16_t; +typedef uint16_t uint_least16_t; +typedef int32_t int_least32_t; +typedef uint32_t uint_least32_t; +typedef int64_t int_least64_t; +typedef uint64_t uint_least64_t; + +typedef int8_t int_fast8_t; +typedef uint8_t uint_fast8_t; +typedef ssize_t int_fast16_t; +typedef size_t uint_fast16_t; +typedef ssize_t int_fast32_t; +typedef size_t uint_fast32_t; +typedef int64_t int_fast64_t; +typedef uint64_t uint_fast64_t; + +typedef int64_t intmax_t; +typedef uint64_t uintmax_t; + +/* limits of integral types */ + +#define INT8_MIN (-128) +#define INT16_MIN (-32767-1) +#define INT32_MIN (-2147483647-1) +#define INT64_MIN (-9223372036854775807LL-1) + +#define INT8_MAX (127) +#define INT16_MAX (32767) +#define INT32_MAX (2147483647) +#define INT64_MAX (9223372036854775807LL) + +#define UINT8_MAX (255) +#define UINT16_MAX (65535) +#define UINT32_MAX (4294967295U) +#define UINT64_MAX (18446744073709551615ULL) + +#define INT_LEAST8_MIN INT8_MIN +#define INT_LEAST16_MIN INT16_MIN +#define INT_LEAST32_MIN INT32_MIN +#define INT_LEAST64_MIN INT64_MIN + +#define INT_LEAST8_MAX INT8_MAX +#define INT_LEAST16_MAX INT16_MAX +#define INT_LEAST32_MAX INT32_MAX +#define INT_LEAST64_MAX INT64_MAX + +#define UINT_LEAST8_MAX UINT8_MAX +#define UINT_LEAST16_MAX UINT16_MAX +#define UINT_LEAST32_MAX UINT32_MAX +#define UINT_LEAST64_MAX UINT64_MAX + +#define SIZE_MAX ((size_t)(__LONG_MAX__) * 2 + 1) +#define INTPTR_MIN (-__LONG_MAX__ - 1) +#define INTPTR_MAX __LONG_MAX__ +#define PTRDIFF_MIN INTPTR_MIN +#define PTRDIFF_MAX INTPTR_MAX +#define UINTPTR_MAX SIZE_MAX + +#define INT_FAST8_MIN INT8_MIN +#define INT_FAST16_MIN INTPTR_MIN +#define INT_FAST32_MIN INTPTR_MIN +#define INT_FAST64_MIN INT64_MIN + +#define INT_FAST8_MAX INT8_MAX +#define INT_FAST16_MAX INTPTR_MAX +#define INT_FAST32_MAX INTPTR_MAX +#define INT_FAST64_MAX INT64_MAX + +#define UINT_FAST8_MAX UINT8_MAX +#define UINT_FAST16_MAX SIZE_MAX +#define UINT_FAST32_MAX SIZE_MAX +#define UINT_FAST64_MAX UINT64_MAX + +#ifndef INT_MIN +#define INT_MIN (-__INT_MAX__ - 1) +#endif +#ifndef INT_MAX +#define INT_MAX __INT_MAX__ +#endif + +#ifndef LONG_MIN +#define LONG_MIN (-__LONG_MAX__ - 1) +#endif +#ifndef LONG_MAX +#define LONG_MAX __LONG_MAX__ +#endif + +#endif /* _NOLIBC_STDINT_H */ diff --git a/libcontainer/dmz/nolibc/stdio.h b/libcontainer/dmz/nolibc/stdio.h new file mode 100644 index 00000000000..cae402c11e5 --- /dev/null +++ b/libcontainer/dmz/nolibc/stdio.h @@ -0,0 +1,383 @@ +/* SPDX-License-Identifier: LGPL-2.1 OR MIT */ +/* + * minimal stdio function definitions for NOLIBC + * Copyright (C) 2017-2021 Willy Tarreau + */ + +#ifndef _NOLIBC_STDIO_H +#define _NOLIBC_STDIO_H + +#include + +#include "std.h" +#include "arch.h" +#include "errno.h" +#include "types.h" +#include "sys.h" +#include "stdlib.h" +#include "string.h" + +#ifndef EOF +#define EOF (-1) +#endif + +/* Buffering mode used by setvbuf. */ +#define _IOFBF 0 /* Fully buffered. */ +#define _IOLBF 1 /* Line buffered. */ +#define _IONBF 2 /* No buffering. */ + +/* just define FILE as a non-empty type. The value of the pointer gives + * the FD: FILE=~fd for fd>=0 or NULL for fd<0. This way positive FILE + * are immediately identified as abnormal entries (i.e. possible copies + * of valid pointers to something else). + */ +typedef struct FILE { + char dummy[1]; +} FILE; + +static __attribute__((unused)) FILE* const stdin = (FILE*)(intptr_t)~STDIN_FILENO; +static __attribute__((unused)) FILE* const stdout = (FILE*)(intptr_t)~STDOUT_FILENO; +static __attribute__((unused)) FILE* const stderr = (FILE*)(intptr_t)~STDERR_FILENO; + +/* provides a FILE* equivalent of fd. The mode is ignored. */ +static __attribute__((unused)) +FILE *fdopen(int fd, const char *mode __attribute__((unused))) +{ + if (fd < 0) { + SET_ERRNO(EBADF); + return NULL; + } + return (FILE*)(intptr_t)~fd; +} + +/* provides the fd of stream. */ +static __attribute__((unused)) +int fileno(FILE *stream) +{ + intptr_t i = (intptr_t)stream; + + if (i >= 0) { + SET_ERRNO(EBADF); + return -1; + } + return ~i; +} + +/* flush a stream. */ +static __attribute__((unused)) +int fflush(FILE *stream) +{ + intptr_t i = (intptr_t)stream; + + /* NULL is valid here. */ + if (i > 0) { + SET_ERRNO(EBADF); + return -1; + } + + /* Don't do anything, nolibc does not support buffering. */ + return 0; +} + +/* flush a stream. */ +static __attribute__((unused)) +int fclose(FILE *stream) +{ + intptr_t i = (intptr_t)stream; + + if (i >= 0) { + SET_ERRNO(EBADF); + return -1; + } + + if (close(~i)) + return EOF; + + return 0; +} + +/* getc(), fgetc(), getchar() */ + +#define getc(stream) fgetc(stream) + +static __attribute__((unused)) +int fgetc(FILE* stream) +{ + unsigned char ch; + + if (read(fileno(stream), &ch, 1) <= 0) + return EOF; + return ch; +} + +static __attribute__((unused)) +int getchar(void) +{ + return fgetc(stdin); +} + + +/* putc(), fputc(), putchar() */ + +#define putc(c, stream) fputc(c, stream) + +static __attribute__((unused)) +int fputc(int c, FILE* stream) +{ + unsigned char ch = c; + + if (write(fileno(stream), &ch, 1) <= 0) + return EOF; + return ch; +} + +static __attribute__((unused)) +int putchar(int c) +{ + return fputc(c, stdout); +} + + +/* fwrite(), puts(), fputs(). Note that puts() emits '\n' but not fputs(). */ + +/* internal fwrite()-like function which only takes a size and returns 0 on + * success or EOF on error. It automatically retries on short writes. + */ +static __attribute__((unused)) +int _fwrite(const void *buf, size_t size, FILE *stream) +{ + ssize_t ret; + int fd = fileno(stream); + + while (size) { + ret = write(fd, buf, size); + if (ret <= 0) + return EOF; + size -= ret; + buf += ret; + } + return 0; +} + +static __attribute__((unused)) +size_t fwrite(const void *s, size_t size, size_t nmemb, FILE *stream) +{ + size_t written; + + for (written = 0; written < nmemb; written++) { + if (_fwrite(s, size, stream) != 0) + break; + s += size; + } + return written; +} + +static __attribute__((unused)) +int fputs(const char *s, FILE *stream) +{ + return _fwrite(s, strlen(s), stream); +} + +static __attribute__((unused)) +int puts(const char *s) +{ + if (fputs(s, stdout) == EOF) + return EOF; + return putchar('\n'); +} + + +/* fgets() */ +static __attribute__((unused)) +char *fgets(char *s, int size, FILE *stream) +{ + int ofs; + int c; + + for (ofs = 0; ofs + 1 < size;) { + c = fgetc(stream); + if (c == EOF) + break; + s[ofs++] = c; + if (c == '\n') + break; + } + if (ofs < size) + s[ofs] = 0; + return ofs ? s : NULL; +} + + +/* minimal vfprintf(). It supports the following formats: + * - %[l*]{d,u,c,x,p} + * - %s + * - unknown modifiers are ignored. + */ +static __attribute__((unused)) +int vfprintf(FILE *stream, const char *fmt, va_list args) +{ + char escape, lpref, c; + unsigned long long v; + unsigned int written; + size_t len, ofs; + char tmpbuf[21]; + const char *outstr; + + written = ofs = escape = lpref = 0; + while (1) { + c = fmt[ofs++]; + + if (escape) { + /* we're in an escape sequence, ofs == 1 */ + escape = 0; + if (c == 'c' || c == 'd' || c == 'u' || c == 'x' || c == 'p') { + char *out = tmpbuf; + + if (c == 'p') + v = va_arg(args, unsigned long); + else if (lpref) { + if (lpref > 1) + v = va_arg(args, unsigned long long); + else + v = va_arg(args, unsigned long); + } else + v = va_arg(args, unsigned int); + + if (c == 'd') { + /* sign-extend the value */ + if (lpref == 0) + v = (long long)(int)v; + else if (lpref == 1) + v = (long long)(long)v; + } + + switch (c) { + case 'c': + out[0] = v; + out[1] = 0; + break; + case 'd': + i64toa_r(v, out); + break; + case 'u': + u64toa_r(v, out); + break; + case 'p': + *(out++) = '0'; + *(out++) = 'x'; + /* fall through */ + default: /* 'x' and 'p' above */ + u64toh_r(v, out); + break; + } + outstr = tmpbuf; + } + else if (c == 's') { + outstr = va_arg(args, char *); + if (!outstr) + outstr="(null)"; + } + else if (c == '%') { + /* queue it verbatim */ + continue; + } + else { + /* modifiers or final 0 */ + if (c == 'l') { + /* long format prefix, maintain the escape */ + lpref++; + } + escape = 1; + goto do_escape; + } + len = strlen(outstr); + goto flush_str; + } + + /* not an escape sequence */ + if (c == 0 || c == '%') { + /* flush pending data on escape or end */ + escape = 1; + lpref = 0; + outstr = fmt; + len = ofs - 1; + flush_str: + if (_fwrite(outstr, len, stream) != 0) + break; + + written += len; + do_escape: + if (c == 0) + break; + fmt += ofs; + ofs = 0; + continue; + } + + /* literal char, just queue it */ + } + return written; +} + +static __attribute__((unused)) +int vprintf(const char *fmt, va_list args) +{ + return vfprintf(stdout, fmt, args); +} + +static __attribute__((unused, format(printf, 2, 3))) +int fprintf(FILE *stream, const char *fmt, ...) +{ + va_list args; + int ret; + + va_start(args, fmt); + ret = vfprintf(stream, fmt, args); + va_end(args); + return ret; +} + +static __attribute__((unused, format(printf, 1, 2))) +int printf(const char *fmt, ...) +{ + va_list args; + int ret; + + va_start(args, fmt); + ret = vfprintf(stdout, fmt, args); + va_end(args); + return ret; +} + +static __attribute__((unused)) +void perror(const char *msg) +{ + fprintf(stderr, "%s%serrno=%d\n", (msg && *msg) ? msg : "", (msg && *msg) ? ": " : "", errno); +} + +static __attribute__((unused)) +int setvbuf(FILE *stream __attribute__((unused)), + char *buf __attribute__((unused)), + int mode, + size_t size __attribute__((unused))) +{ + /* + * nolibc does not support buffering so this is a nop. Just check mode + * is valid as required by the spec. + */ + switch (mode) { + case _IOFBF: + case _IOLBF: + case _IONBF: + break; + default: + return EOF; + } + + return 0; +} + +/* make sure to include all global symbols */ +#include "nolibc.h" + +#endif /* _NOLIBC_STDIO_H */ diff --git a/libcontainer/dmz/nolibc/stdlib.h b/libcontainer/dmz/nolibc/stdlib.h new file mode 100644 index 00000000000..bacfd35c515 --- /dev/null +++ b/libcontainer/dmz/nolibc/stdlib.h @@ -0,0 +1,444 @@ +/* SPDX-License-Identifier: LGPL-2.1 OR MIT */ +/* + * stdlib function definitions for NOLIBC + * Copyright (C) 2017-2021 Willy Tarreau + */ + +#ifndef _NOLIBC_STDLIB_H +#define _NOLIBC_STDLIB_H + +#include "std.h" +#include "arch.h" +#include "types.h" +#include "sys.h" +#include "string.h" +#include + +struct nolibc_heap { + size_t len; + char user_p[] __attribute__((__aligned__)); +}; + +/* Buffer used to store int-to-ASCII conversions. Will only be implemented if + * any of the related functions is implemented. The area is large enough to + * store "18446744073709551615" or "-9223372036854775808" and the final zero. + */ +static __attribute__((unused)) char itoa_buffer[21]; + +/* + * As much as possible, please keep functions alphabetically sorted. + */ + +/* must be exported, as it's used by libgcc for various divide functions */ +__attribute__((weak,unused,noreturn,section(".text.nolibc_abort"))) +void abort(void) +{ + sys_kill(sys_getpid(), SIGABRT); + for (;;); +} + +static __attribute__((unused)) +long atol(const char *s) +{ + unsigned long ret = 0; + unsigned long d; + int neg = 0; + + if (*s == '-') { + neg = 1; + s++; + } + + while (1) { + d = (*s++) - '0'; + if (d > 9) + break; + ret *= 10; + ret += d; + } + + return neg ? -ret : ret; +} + +static __attribute__((unused)) +int atoi(const char *s) +{ + return atol(s); +} + +static __attribute__((unused)) +void free(void *ptr) +{ + struct nolibc_heap *heap; + + if (!ptr) + return; + + heap = container_of(ptr, struct nolibc_heap, user_p); + munmap(heap, heap->len); +} + +/* getenv() tries to find the environment variable named in the + * environment array pointed to by global variable "environ" which must be + * declared as a char **, and must be terminated by a NULL (it is recommended + * to set this variable to the "envp" argument of main()). If the requested + * environment variable exists its value is returned otherwise NULL is + * returned. + */ +static __attribute__((unused)) +char *getenv(const char *name) +{ + int idx, i; + + if (environ) { + for (idx = 0; environ[idx]; idx++) { + for (i = 0; name[i] && name[i] == environ[idx][i];) + i++; + if (!name[i] && environ[idx][i] == '=') + return &environ[idx][i+1]; + } + } + return NULL; +} + +static __attribute__((unused)) +unsigned long getauxval(unsigned long type) +{ + const unsigned long *auxv = _auxv; + unsigned long ret; + + if (!auxv) + return 0; + + while (1) { + if (!auxv[0] && !auxv[1]) { + ret = 0; + break; + } + + if (auxv[0] == type) { + ret = auxv[1]; + break; + } + + auxv += 2; + } + + return ret; +} + +static __attribute__((unused)) +void *malloc(size_t len) +{ + struct nolibc_heap *heap; + + /* Always allocate memory with size multiple of 4096. */ + len = sizeof(*heap) + len; + len = (len + 4095UL) & -4096UL; + heap = mmap(NULL, len, PROT_READ|PROT_WRITE, MAP_ANONYMOUS|MAP_PRIVATE, + -1, 0); + if (__builtin_expect(heap == MAP_FAILED, 0)) + return NULL; + + heap->len = len; + return heap->user_p; +} + +static __attribute__((unused)) +void *calloc(size_t size, size_t nmemb) +{ + size_t x = size * nmemb; + + if (__builtin_expect(size && ((x / size) != nmemb), 0)) { + SET_ERRNO(ENOMEM); + return NULL; + } + + /* + * No need to zero the heap, the MAP_ANONYMOUS in malloc() + * already does it. + */ + return malloc(x); +} + +static __attribute__((unused)) +void *realloc(void *old_ptr, size_t new_size) +{ + struct nolibc_heap *heap; + size_t user_p_len; + void *ret; + + if (!old_ptr) + return malloc(new_size); + + heap = container_of(old_ptr, struct nolibc_heap, user_p); + user_p_len = heap->len - sizeof(*heap); + /* + * Don't realloc() if @user_p_len >= @new_size, this block of + * memory is still enough to handle the @new_size. Just return + * the same pointer. + */ + if (user_p_len >= new_size) + return old_ptr; + + ret = malloc(new_size); + if (__builtin_expect(!ret, 0)) + return NULL; + + memcpy(ret, heap->user_p, heap->len); + munmap(heap, heap->len); + return ret; +} + +/* Converts the unsigned long integer to its hex representation into + * buffer , which must be long enough to store the number and the + * trailing zero (17 bytes for "ffffffffffffffff" or 9 for "ffffffff"). The + * buffer is filled from the first byte, and the number of characters emitted + * (not counting the trailing zero) is returned. The function is constructed + * in a way to optimize the code size and avoid any divide that could add a + * dependency on large external functions. + */ +static __attribute__((unused)) +int utoh_r(unsigned long in, char *buffer) +{ + signed char pos = (~0UL > 0xfffffffful) ? 60 : 28; + int digits = 0; + int dig; + + do { + dig = in >> pos; + in -= (uint64_t)dig << pos; + pos -= 4; + if (dig || digits || pos < 0) { + if (dig > 9) + dig += 'a' - '0' - 10; + buffer[digits++] = '0' + dig; + } + } while (pos >= 0); + + buffer[digits] = 0; + return digits; +} + +/* converts unsigned long to an hex string using the static itoa_buffer + * and returns the pointer to that string. + */ +static __inline__ __attribute__((unused)) +char *utoh(unsigned long in) +{ + utoh_r(in, itoa_buffer); + return itoa_buffer; +} + +/* Converts the unsigned long integer to its string representation into + * buffer , which must be long enough to store the number and the + * trailing zero (21 bytes for 18446744073709551615 in 64-bit, 11 for + * 4294967295 in 32-bit). The buffer is filled from the first byte, and the + * number of characters emitted (not counting the trailing zero) is returned. + * The function is constructed in a way to optimize the code size and avoid + * any divide that could add a dependency on large external functions. + */ +static __attribute__((unused)) +int utoa_r(unsigned long in, char *buffer) +{ + unsigned long lim; + int digits = 0; + int pos = (~0UL > 0xfffffffful) ? 19 : 9; + int dig; + + do { + for (dig = 0, lim = 1; dig < pos; dig++) + lim *= 10; + + if (digits || in >= lim || !pos) { + for (dig = 0; in >= lim; dig++) + in -= lim; + buffer[digits++] = '0' + dig; + } + } while (pos--); + + buffer[digits] = 0; + return digits; +} + +/* Converts the signed long integer to its string representation into + * buffer , which must be long enough to store the number and the + * trailing zero (21 bytes for -9223372036854775808 in 64-bit, 12 for + * -2147483648 in 32-bit). The buffer is filled from the first byte, and the + * number of characters emitted (not counting the trailing zero) is returned. + */ +static __attribute__((unused)) +int itoa_r(long in, char *buffer) +{ + char *ptr = buffer; + int len = 0; + + if (in < 0) { + in = -in; + *(ptr++) = '-'; + len++; + } + len += utoa_r(in, ptr); + return len; +} + +/* for historical compatibility, same as above but returns the pointer to the + * buffer. + */ +static __inline__ __attribute__((unused)) +char *ltoa_r(long in, char *buffer) +{ + itoa_r(in, buffer); + return buffer; +} + +/* converts long integer to a string using the static itoa_buffer and + * returns the pointer to that string. + */ +static __inline__ __attribute__((unused)) +char *itoa(long in) +{ + itoa_r(in, itoa_buffer); + return itoa_buffer; +} + +/* converts long integer to a string using the static itoa_buffer and + * returns the pointer to that string. Same as above, for compatibility. + */ +static __inline__ __attribute__((unused)) +char *ltoa(long in) +{ + itoa_r(in, itoa_buffer); + return itoa_buffer; +} + +/* converts unsigned long integer to a string using the static itoa_buffer + * and returns the pointer to that string. + */ +static __inline__ __attribute__((unused)) +char *utoa(unsigned long in) +{ + utoa_r(in, itoa_buffer); + return itoa_buffer; +} + +/* Converts the unsigned 64-bit integer to its hex representation into + * buffer , which must be long enough to store the number and the + * trailing zero (17 bytes for "ffffffffffffffff"). The buffer is filled from + * the first byte, and the number of characters emitted (not counting the + * trailing zero) is returned. The function is constructed in a way to optimize + * the code size and avoid any divide that could add a dependency on large + * external functions. + */ +static __attribute__((unused)) +int u64toh_r(uint64_t in, char *buffer) +{ + signed char pos = 60; + int digits = 0; + int dig; + + do { + if (sizeof(long) >= 8) { + dig = (in >> pos) & 0xF; + } else { + /* 32-bit platforms: avoid a 64-bit shift */ + uint32_t d = (pos >= 32) ? (in >> 32) : in; + dig = (d >> (pos & 31)) & 0xF; + } + if (dig > 9) + dig += 'a' - '0' - 10; + pos -= 4; + if (dig || digits || pos < 0) + buffer[digits++] = '0' + dig; + } while (pos >= 0); + + buffer[digits] = 0; + return digits; +} + +/* converts uint64_t to an hex string using the static itoa_buffer and + * returns the pointer to that string. + */ +static __inline__ __attribute__((unused)) +char *u64toh(uint64_t in) +{ + u64toh_r(in, itoa_buffer); + return itoa_buffer; +} + +/* Converts the unsigned 64-bit integer to its string representation into + * buffer , which must be long enough to store the number and the + * trailing zero (21 bytes for 18446744073709551615). The buffer is filled from + * the first byte, and the number of characters emitted (not counting the + * trailing zero) is returned. The function is constructed in a way to optimize + * the code size and avoid any divide that could add a dependency on large + * external functions. + */ +static __attribute__((unused)) +int u64toa_r(uint64_t in, char *buffer) +{ + unsigned long long lim; + int digits = 0; + int pos = 19; /* start with the highest possible digit */ + int dig; + + do { + for (dig = 0, lim = 1; dig < pos; dig++) + lim *= 10; + + if (digits || in >= lim || !pos) { + for (dig = 0; in >= lim; dig++) + in -= lim; + buffer[digits++] = '0' + dig; + } + } while (pos--); + + buffer[digits] = 0; + return digits; +} + +/* Converts the signed 64-bit integer to its string representation into + * buffer , which must be long enough to store the number and the + * trailing zero (21 bytes for -9223372036854775808). The buffer is filled from + * the first byte, and the number of characters emitted (not counting the + * trailing zero) is returned. + */ +static __attribute__((unused)) +int i64toa_r(int64_t in, char *buffer) +{ + char *ptr = buffer; + int len = 0; + + if (in < 0) { + in = -in; + *(ptr++) = '-'; + len++; + } + len += u64toa_r(in, ptr); + return len; +} + +/* converts int64_t to a string using the static itoa_buffer and returns + * the pointer to that string. + */ +static __inline__ __attribute__((unused)) +char *i64toa(int64_t in) +{ + i64toa_r(in, itoa_buffer); + return itoa_buffer; +} + +/* converts uint64_t to a string using the static itoa_buffer and returns + * the pointer to that string. + */ +static __inline__ __attribute__((unused)) +char *u64toa(uint64_t in) +{ + u64toa_r(in, itoa_buffer); + return itoa_buffer; +} + +/* make sure to include all global symbols */ +#include "nolibc.h" + +#endif /* _NOLIBC_STDLIB_H */ diff --git a/libcontainer/dmz/nolibc/string.h b/libcontainer/dmz/nolibc/string.h new file mode 100644 index 00000000000..0c2e06c7c47 --- /dev/null +++ b/libcontainer/dmz/nolibc/string.h @@ -0,0 +1,294 @@ +/* SPDX-License-Identifier: LGPL-2.1 OR MIT */ +/* + * string function definitions for NOLIBC + * Copyright (C) 2017-2021 Willy Tarreau + */ + +#ifndef _NOLIBC_STRING_H +#define _NOLIBC_STRING_H + +#include "std.h" + +static void *malloc(size_t len); + +/* + * As much as possible, please keep functions alphabetically sorted. + */ + +static __attribute__((unused)) +int memcmp(const void *s1, const void *s2, size_t n) +{ + size_t ofs = 0; + int c1 = 0; + + while (ofs < n && !(c1 = ((unsigned char *)s1)[ofs] - ((unsigned char *)s2)[ofs])) { + ofs++; + } + return c1; +} + +static __attribute__((unused)) +void *_nolibc_memcpy_up(void *dst, const void *src, size_t len) +{ + size_t pos = 0; + + while (pos < len) { + ((char *)dst)[pos] = ((const char *)src)[pos]; + pos++; + } + return dst; +} + +static __attribute__((unused)) +void *_nolibc_memcpy_down(void *dst, const void *src, size_t len) +{ + while (len) { + len--; + ((char *)dst)[len] = ((const char *)src)[len]; + } + return dst; +} + +/* might be ignored by the compiler without -ffreestanding, then found as + * missing. + */ +__attribute__((weak,unused,section(".text.nolibc_memmove"))) +void *memmove(void *dst, const void *src, size_t len) +{ + size_t dir, pos; + + pos = len; + dir = -1; + + if (dst < src) { + pos = -1; + dir = 1; + } + + while (len) { + pos += dir; + ((char *)dst)[pos] = ((const char *)src)[pos]; + len--; + } + return dst; +} + +/* must be exported, as it's used by libgcc on ARM */ +__attribute__((weak,unused,section(".text.nolibc_memcpy"))) +void *memcpy(void *dst, const void *src, size_t len) +{ + return _nolibc_memcpy_up(dst, src, len); +} + +/* might be ignored by the compiler without -ffreestanding, then found as + * missing. + */ +__attribute__((weak,unused,section(".text.nolibc_memset"))) +void *memset(void *dst, int b, size_t len) +{ + char *p = dst; + + while (len--) { + /* prevent gcc from recognizing memset() here */ + __asm__ volatile(""); + *(p++) = b; + } + return dst; +} + +static __attribute__((unused)) +char *strchr(const char *s, int c) +{ + while (*s) { + if (*s == (char)c) + return (char *)s; + s++; + } + return NULL; +} + +static __attribute__((unused)) +int strcmp(const char *a, const char *b) +{ + unsigned int c; + int diff; + + while (!(diff = (unsigned char)*a++ - (c = (unsigned char)*b++)) && c) + ; + return diff; +} + +static __attribute__((unused)) +char *strcpy(char *dst, const char *src) +{ + char *ret = dst; + + while ((*dst++ = *src++)); + return ret; +} + +/* this function is only used with arguments that are not constants or when + * it's not known because optimizations are disabled. Note that gcc 12 + * recognizes an strlen() pattern and replaces it with a jump to strlen(), + * thus itself, hence the asm() statement below that's meant to disable this + * confusing practice. + */ +static __attribute__((unused)) +size_t strlen(const char *str) +{ + size_t len; + + for (len = 0; str[len]; len++) + __asm__(""); + return len; +} + +/* do not trust __builtin_constant_p() at -O0, as clang will emit a test and + * the two branches, then will rely on an external definition of strlen(). + */ +#if defined(__OPTIMIZE__) +#define nolibc_strlen(x) strlen(x) +#define strlen(str) ({ \ + __builtin_constant_p((str)) ? \ + __builtin_strlen((str)) : \ + nolibc_strlen((str)); \ +}) +#endif + +static __attribute__((unused)) +size_t strnlen(const char *str, size_t maxlen) +{ + size_t len; + + for (len = 0; (len < maxlen) && str[len]; len++); + return len; +} + +static __attribute__((unused)) +char *strdup(const char *str) +{ + size_t len; + char *ret; + + len = strlen(str); + ret = malloc(len + 1); + if (__builtin_expect(ret != NULL, 1)) + memcpy(ret, str, len + 1); + + return ret; +} + +static __attribute__((unused)) +char *strndup(const char *str, size_t maxlen) +{ + size_t len; + char *ret; + + len = strnlen(str, maxlen); + ret = malloc(len + 1); + if (__builtin_expect(ret != NULL, 1)) { + memcpy(ret, str, len); + ret[len] = '\0'; + } + + return ret; +} + +static __attribute__((unused)) +size_t strlcat(char *dst, const char *src, size_t size) +{ + size_t len; + char c; + + for (len = 0; dst[len]; len++) + ; + + for (;;) { + c = *src; + if (len < size) + dst[len] = c; + if (!c) + break; + len++; + src++; + } + + return len; +} + +static __attribute__((unused)) +size_t strlcpy(char *dst, const char *src, size_t size) +{ + size_t len; + char c; + + for (len = 0;;) { + c = src[len]; + if (len < size) + dst[len] = c; + if (!c) + break; + len++; + } + return len; +} + +static __attribute__((unused)) +char *strncat(char *dst, const char *src, size_t size) +{ + char *orig = dst; + + while (*dst) + dst++; + + while (size && (*dst = *src)) { + src++; + dst++; + size--; + } + + *dst = 0; + return orig; +} + +static __attribute__((unused)) +int strncmp(const char *a, const char *b, size_t size) +{ + unsigned int c; + int diff = 0; + + while (size-- && + !(diff = (unsigned char)*a++ - (c = (unsigned char)*b++)) && c) + ; + + return diff; +} + +static __attribute__((unused)) +char *strncpy(char *dst, const char *src, size_t size) +{ + size_t len; + + for (len = 0; len < size; len++) + if ((dst[len] = *src)) + src++; + return dst; +} + +static __attribute__((unused)) +char *strrchr(const char *s, int c) +{ + const char *ret = NULL; + + while (*s) { + if (*s == (char)c) + ret = s; + s++; + } + return (char *)ret; +} + +/* make sure to include all global symbols */ +#include "nolibc.h" + +#endif /* _NOLIBC_STRING_H */ diff --git a/libcontainer/dmz/nolibc/sys.h b/libcontainer/dmz/nolibc/sys.h new file mode 100644 index 00000000000..3b89433e2fd --- /dev/null +++ b/libcontainer/dmz/nolibc/sys.h @@ -0,0 +1,1189 @@ +/* SPDX-License-Identifier: LGPL-2.1 OR MIT */ +/* + * Syscall definitions for NOLIBC (those in man(2)) + * Copyright (C) 2017-2021 Willy Tarreau + */ + +#ifndef _NOLIBC_SYS_H +#define _NOLIBC_SYS_H + +#include +#include "std.h" + +/* system includes */ +#include +#include /* for SIGCHLD */ +#include +#include +#include +#include +#include +#include +#include /* for O_* and AT_* */ +#include /* for statx() */ +#include + +#include "arch.h" +#include "errno.h" +#include "types.h" + +/* Syscall return helper: takes the syscall value in argument and checks for an + * error in it. This may only be used with signed returns (int or long), but + * not with pointers. An error is any value < 0. When an error is encountered, + * -ret is set into errno and -1 is returned. Otherwise the returned value is + * passed as-is with its type preserved. + */ + +#define __sysret(arg) \ +({ \ + __typeof__(arg) __sysret_arg = (arg); \ + (__sysret_arg < 0) /* error ? */ \ + ? (({ SET_ERRNO(-__sysret_arg); }), -1) /* ret -1 with errno = -arg */ \ + : __sysret_arg; /* return original value */ \ +}) + + +/* Functions in this file only describe syscalls. They're declared static so + * that the compiler usually decides to inline them while still being allowed + * to pass a pointer to one of their instances. Each syscall exists in two + * versions: + * - the "internal" ones, which matches the raw syscall interface at the + * kernel level, which may sometimes slightly differ from the documented + * libc-level ones. For example most of them return either a valid value + * or -errno. All of these are prefixed with "sys_". They may be called + * by non-portable applications if desired. + * + * - the "exported" ones, whose interface must closely match the one + * documented in man(2), that applications are supposed to expect. These + * ones rely on the internal ones, and set errno. + * + * Each syscall will be defined with the two functions, sorted in alphabetical + * order applied to the exported names. + * + * In case of doubt about the relevance of a function here, only those which + * set errno should be defined here. Wrappers like those appearing in man(3) + * should not be placed here. + */ + + +/* + * int brk(void *addr); + * void *sbrk(intptr_t inc) + */ + +static __attribute__((unused)) +void *sys_brk(void *addr) +{ + return (void *)my_syscall1(__NR_brk, addr); +} + +static __attribute__((unused)) +int brk(void *addr) +{ + void *ret = sys_brk(addr); + + if (!ret) { + SET_ERRNO(ENOMEM); + return -1; + } + return 0; +} + +static __attribute__((unused)) +void *sbrk(intptr_t inc) +{ + /* first call to find current end */ + void *ret = sys_brk(0); + + if (ret && sys_brk(ret + inc) == ret + inc) + return ret + inc; + + SET_ERRNO(ENOMEM); + return (void *)-1; +} + + +/* + * int chdir(const char *path); + */ + +static __attribute__((unused)) +int sys_chdir(const char *path) +{ + return my_syscall1(__NR_chdir, path); +} + +static __attribute__((unused)) +int chdir(const char *path) +{ + return __sysret(sys_chdir(path)); +} + + +/* + * int chmod(const char *path, mode_t mode); + */ + +static __attribute__((unused)) +int sys_chmod(const char *path, mode_t mode) +{ +#ifdef __NR_fchmodat + return my_syscall4(__NR_fchmodat, AT_FDCWD, path, mode, 0); +#elif defined(__NR_chmod) + return my_syscall2(__NR_chmod, path, mode); +#else + return -ENOSYS; +#endif +} + +static __attribute__((unused)) +int chmod(const char *path, mode_t mode) +{ + return __sysret(sys_chmod(path, mode)); +} + + +/* + * int chown(const char *path, uid_t owner, gid_t group); + */ + +static __attribute__((unused)) +int sys_chown(const char *path, uid_t owner, gid_t group) +{ +#ifdef __NR_fchownat + return my_syscall5(__NR_fchownat, AT_FDCWD, path, owner, group, 0); +#elif defined(__NR_chown) + return my_syscall3(__NR_chown, path, owner, group); +#else + return -ENOSYS; +#endif +} + +static __attribute__((unused)) +int chown(const char *path, uid_t owner, gid_t group) +{ + return __sysret(sys_chown(path, owner, group)); +} + + +/* + * int chroot(const char *path); + */ + +static __attribute__((unused)) +int sys_chroot(const char *path) +{ + return my_syscall1(__NR_chroot, path); +} + +static __attribute__((unused)) +int chroot(const char *path) +{ + return __sysret(sys_chroot(path)); +} + + +/* + * int close(int fd); + */ + +static __attribute__((unused)) +int sys_close(int fd) +{ + return my_syscall1(__NR_close, fd); +} + +static __attribute__((unused)) +int close(int fd) +{ + return __sysret(sys_close(fd)); +} + + +/* + * int dup(int fd); + */ + +static __attribute__((unused)) +int sys_dup(int fd) +{ + return my_syscall1(__NR_dup, fd); +} + +static __attribute__((unused)) +int dup(int fd) +{ + return __sysret(sys_dup(fd)); +} + + +/* + * int dup2(int old, int new); + */ + +static __attribute__((unused)) +int sys_dup2(int old, int new) +{ +#ifdef __NR_dup3 + return my_syscall3(__NR_dup3, old, new, 0); +#elif defined(__NR_dup2) + return my_syscall2(__NR_dup2, old, new); +#else + return -ENOSYS; +#endif +} + +static __attribute__((unused)) +int dup2(int old, int new) +{ + return __sysret(sys_dup2(old, new)); +} + + +/* + * int dup3(int old, int new, int flags); + */ + +#ifdef __NR_dup3 +static __attribute__((unused)) +int sys_dup3(int old, int new, int flags) +{ + return my_syscall3(__NR_dup3, old, new, flags); +} + +static __attribute__((unused)) +int dup3(int old, int new, int flags) +{ + return __sysret(sys_dup3(old, new, flags)); +} +#endif + + +/* + * int execve(const char *filename, char *const argv[], char *const envp[]); + */ + +static __attribute__((unused)) +int sys_execve(const char *filename, char *const argv[], char *const envp[]) +{ + return my_syscall3(__NR_execve, filename, argv, envp); +} + +static __attribute__((unused)) +int execve(const char *filename, char *const argv[], char *const envp[]) +{ + return __sysret(sys_execve(filename, argv, envp)); +} + + +/* + * void exit(int status); + */ + +static __attribute__((noreturn,unused)) +void sys_exit(int status) +{ + my_syscall1(__NR_exit, status & 255); + while(1); /* shut the "noreturn" warnings. */ +} + +static __attribute__((noreturn,unused)) +void exit(int status) +{ + sys_exit(status); +} + + +/* + * pid_t fork(void); + */ + +#ifndef sys_fork +static __attribute__((unused)) +pid_t sys_fork(void) +{ +#ifdef __NR_clone + /* note: some archs only have clone() and not fork(). Different archs + * have a different API, but most archs have the flags on first arg and + * will not use the rest with no other flag. + */ + return my_syscall5(__NR_clone, SIGCHLD, 0, 0, 0, 0); +#elif defined(__NR_fork) + return my_syscall0(__NR_fork); +#else + return -ENOSYS; +#endif +} +#endif + +static __attribute__((unused)) +pid_t fork(void) +{ + return __sysret(sys_fork()); +} + + +/* + * int fsync(int fd); + */ + +static __attribute__((unused)) +int sys_fsync(int fd) +{ + return my_syscall1(__NR_fsync, fd); +} + +static __attribute__((unused)) +int fsync(int fd) +{ + return __sysret(sys_fsync(fd)); +} + + +/* + * int getdents64(int fd, struct linux_dirent64 *dirp, int count); + */ + +static __attribute__((unused)) +int sys_getdents64(int fd, struct linux_dirent64 *dirp, int count) +{ + return my_syscall3(__NR_getdents64, fd, dirp, count); +} + +static __attribute__((unused)) +int getdents64(int fd, struct linux_dirent64 *dirp, int count) +{ + return __sysret(sys_getdents64(fd, dirp, count)); +} + + +/* + * uid_t geteuid(void); + */ + +static __attribute__((unused)) +uid_t sys_geteuid(void) +{ +#ifdef __NR_geteuid32 + return my_syscall0(__NR_geteuid32); +#else + return my_syscall0(__NR_geteuid); +#endif +} + +static __attribute__((unused)) +uid_t geteuid(void) +{ + return sys_geteuid(); +} + + +/* + * pid_t getpgid(pid_t pid); + */ + +static __attribute__((unused)) +pid_t sys_getpgid(pid_t pid) +{ + return my_syscall1(__NR_getpgid, pid); +} + +static __attribute__((unused)) +pid_t getpgid(pid_t pid) +{ + return __sysret(sys_getpgid(pid)); +} + + +/* + * pid_t getpgrp(void); + */ + +static __attribute__((unused)) +pid_t sys_getpgrp(void) +{ + return sys_getpgid(0); +} + +static __attribute__((unused)) +pid_t getpgrp(void) +{ + return sys_getpgrp(); +} + + +/* + * pid_t getpid(void); + */ + +static __attribute__((unused)) +pid_t sys_getpid(void) +{ + return my_syscall0(__NR_getpid); +} + +static __attribute__((unused)) +pid_t getpid(void) +{ + return sys_getpid(); +} + + +/* + * pid_t getppid(void); + */ + +static __attribute__((unused)) +pid_t sys_getppid(void) +{ + return my_syscall0(__NR_getppid); +} + +static __attribute__((unused)) +pid_t getppid(void) +{ + return sys_getppid(); +} + + +/* + * pid_t gettid(void); + */ + +static __attribute__((unused)) +pid_t sys_gettid(void) +{ + return my_syscall0(__NR_gettid); +} + +static __attribute__((unused)) +pid_t gettid(void) +{ + return sys_gettid(); +} + +static unsigned long getauxval(unsigned long key); + +/* + * int getpagesize(void); + */ + +static __attribute__((unused)) +int getpagesize(void) +{ + return __sysret((int)getauxval(AT_PAGESZ) ?: -ENOENT); +} + + +/* + * int gettimeofday(struct timeval *tv, struct timezone *tz); + */ + +static __attribute__((unused)) +int sys_gettimeofday(struct timeval *tv, struct timezone *tz) +{ +#ifdef __NR_gettimeofday + return my_syscall2(__NR_gettimeofday, tv, tz); +#else + return -ENOSYS; +#endif +} + +static __attribute__((unused)) +int gettimeofday(struct timeval *tv, struct timezone *tz) +{ + return __sysret(sys_gettimeofday(tv, tz)); +} + + +/* + * uid_t getuid(void); + */ + +static __attribute__((unused)) +uid_t sys_getuid(void) +{ +#ifdef __NR_getuid32 + return my_syscall0(__NR_getuid32); +#else + return my_syscall0(__NR_getuid); +#endif +} + +static __attribute__((unused)) +uid_t getuid(void) +{ + return sys_getuid(); +} + + +/* + * int ioctl(int fd, unsigned long req, void *value); + */ + +static __attribute__((unused)) +int sys_ioctl(int fd, unsigned long req, void *value) +{ + return my_syscall3(__NR_ioctl, fd, req, value); +} + +static __attribute__((unused)) +int ioctl(int fd, unsigned long req, void *value) +{ + return __sysret(sys_ioctl(fd, req, value)); +} + +/* + * int kill(pid_t pid, int signal); + */ + +static __attribute__((unused)) +int sys_kill(pid_t pid, int signal) +{ + return my_syscall2(__NR_kill, pid, signal); +} + +static __attribute__((unused)) +int kill(pid_t pid, int signal) +{ + return __sysret(sys_kill(pid, signal)); +} + + +/* + * int link(const char *old, const char *new); + */ + +static __attribute__((unused)) +int sys_link(const char *old, const char *new) +{ +#ifdef __NR_linkat + return my_syscall5(__NR_linkat, AT_FDCWD, old, AT_FDCWD, new, 0); +#elif defined(__NR_link) + return my_syscall2(__NR_link, old, new); +#else + return -ENOSYS; +#endif +} + +static __attribute__((unused)) +int link(const char *old, const char *new) +{ + return __sysret(sys_link(old, new)); +} + + +/* + * off_t lseek(int fd, off_t offset, int whence); + */ + +static __attribute__((unused)) +off_t sys_lseek(int fd, off_t offset, int whence) +{ +#ifdef __NR_lseek + return my_syscall3(__NR_lseek, fd, offset, whence); +#else + return -ENOSYS; +#endif +} + +static __attribute__((unused)) +off_t lseek(int fd, off_t offset, int whence) +{ + return __sysret(sys_lseek(fd, offset, whence)); +} + + +/* + * int mkdir(const char *path, mode_t mode); + */ + +static __attribute__((unused)) +int sys_mkdir(const char *path, mode_t mode) +{ +#ifdef __NR_mkdirat + return my_syscall3(__NR_mkdirat, AT_FDCWD, path, mode); +#elif defined(__NR_mkdir) + return my_syscall2(__NR_mkdir, path, mode); +#else + return -ENOSYS; +#endif +} + +static __attribute__((unused)) +int mkdir(const char *path, mode_t mode) +{ + return __sysret(sys_mkdir(path, mode)); +} + +/* + * int rmdir(const char *path); + */ + +static __attribute__((unused)) +int sys_rmdir(const char *path) +{ +#ifdef __NR_rmdir + return my_syscall1(__NR_rmdir, path); +#elif defined(__NR_unlinkat) + return my_syscall3(__NR_unlinkat, AT_FDCWD, path, AT_REMOVEDIR); +#else + return -ENOSYS; +#endif +} + +static __attribute__((unused)) +int rmdir(const char *path) +{ + return __sysret(sys_rmdir(path)); +} + + +/* + * int mknod(const char *path, mode_t mode, dev_t dev); + */ + +static __attribute__((unused)) +long sys_mknod(const char *path, mode_t mode, dev_t dev) +{ +#ifdef __NR_mknodat + return my_syscall4(__NR_mknodat, AT_FDCWD, path, mode, dev); +#elif defined(__NR_mknod) + return my_syscall3(__NR_mknod, path, mode, dev); +#else + return -ENOSYS; +#endif +} + +static __attribute__((unused)) +int mknod(const char *path, mode_t mode, dev_t dev) +{ + return __sysret(sys_mknod(path, mode, dev)); +} + +#ifndef sys_mmap +static __attribute__((unused)) +void *sys_mmap(void *addr, size_t length, int prot, int flags, int fd, + off_t offset) +{ + int n; + +#if defined(__NR_mmap2) + n = __NR_mmap2; + offset >>= 12; +#else + n = __NR_mmap; +#endif + + return (void *)my_syscall6(n, addr, length, prot, flags, fd, offset); +} +#endif + +/* Note that on Linux, MAP_FAILED is -1 so we can use the generic __sysret() + * which returns -1 upon error and still satisfy user land that checks for + * MAP_FAILED. + */ + +static __attribute__((unused)) +void *mmap(void *addr, size_t length, int prot, int flags, int fd, off_t offset) +{ + void *ret = sys_mmap(addr, length, prot, flags, fd, offset); + + if ((unsigned long)ret >= -4095UL) { + SET_ERRNO(-(long)ret); + ret = MAP_FAILED; + } + return ret; +} + +static __attribute__((unused)) +int sys_munmap(void *addr, size_t length) +{ + return my_syscall2(__NR_munmap, addr, length); +} + +static __attribute__((unused)) +int munmap(void *addr, size_t length) +{ + return __sysret(sys_munmap(addr, length)); +} + +/* + * int mount(const char *source, const char *target, + * const char *fstype, unsigned long flags, + * const void *data); + */ +static __attribute__((unused)) +int sys_mount(const char *src, const char *tgt, const char *fst, + unsigned long flags, const void *data) +{ + return my_syscall5(__NR_mount, src, tgt, fst, flags, data); +} + +static __attribute__((unused)) +int mount(const char *src, const char *tgt, + const char *fst, unsigned long flags, + const void *data) +{ + return __sysret(sys_mount(src, tgt, fst, flags, data)); +} + + +/* + * int open(const char *path, int flags[, mode_t mode]); + */ + +static __attribute__((unused)) +int sys_open(const char *path, int flags, mode_t mode) +{ +#ifdef __NR_openat + return my_syscall4(__NR_openat, AT_FDCWD, path, flags, mode); +#elif defined(__NR_open) + return my_syscall3(__NR_open, path, flags, mode); +#else + return -ENOSYS; +#endif +} + +static __attribute__((unused)) +int open(const char *path, int flags, ...) +{ + mode_t mode = 0; + + if (flags & O_CREAT) { + va_list args; + + va_start(args, flags); + mode = va_arg(args, int); + va_end(args); + } + + return __sysret(sys_open(path, flags, mode)); +} + + +/* + * int pipe2(int pipefd[2], int flags); + * int pipe(int pipefd[2]); + */ + +static __attribute__((unused)) +int sys_pipe2(int pipefd[2], int flags) +{ + return my_syscall2(__NR_pipe2, pipefd, flags); +} + +static __attribute__((unused)) +int pipe2(int pipefd[2], int flags) +{ + return __sysret(sys_pipe2(pipefd, flags)); +} + +static __attribute__((unused)) +int pipe(int pipefd[2]) +{ + return pipe2(pipefd, 0); +} + + +/* + * int prctl(int option, unsigned long arg2, unsigned long arg3, + * unsigned long arg4, unsigned long arg5); + */ + +static __attribute__((unused)) +int sys_prctl(int option, unsigned long arg2, unsigned long arg3, + unsigned long arg4, unsigned long arg5) +{ + return my_syscall5(__NR_prctl, option, arg2, arg3, arg4, arg5); +} + +static __attribute__((unused)) +int prctl(int option, unsigned long arg2, unsigned long arg3, + unsigned long arg4, unsigned long arg5) +{ + return __sysret(sys_prctl(option, arg2, arg3, arg4, arg5)); +} + + +/* + * int pivot_root(const char *new, const char *old); + */ + +static __attribute__((unused)) +int sys_pivot_root(const char *new, const char *old) +{ + return my_syscall2(__NR_pivot_root, new, old); +} + +static __attribute__((unused)) +int pivot_root(const char *new, const char *old) +{ + return __sysret(sys_pivot_root(new, old)); +} + + +/* + * int poll(struct pollfd *fds, int nfds, int timeout); + */ + +static __attribute__((unused)) +int sys_poll(struct pollfd *fds, int nfds, int timeout) +{ +#if defined(__NR_ppoll) + struct timespec t; + + if (timeout >= 0) { + t.tv_sec = timeout / 1000; + t.tv_nsec = (timeout % 1000) * 1000000; + } + return my_syscall5(__NR_ppoll, fds, nfds, (timeout >= 0) ? &t : NULL, NULL, 0); +#elif defined(__NR_poll) + return my_syscall3(__NR_poll, fds, nfds, timeout); +#else + return -ENOSYS; +#endif +} + +static __attribute__((unused)) +int poll(struct pollfd *fds, int nfds, int timeout) +{ + return __sysret(sys_poll(fds, nfds, timeout)); +} + + +/* + * ssize_t read(int fd, void *buf, size_t count); + */ + +static __attribute__((unused)) +ssize_t sys_read(int fd, void *buf, size_t count) +{ + return my_syscall3(__NR_read, fd, buf, count); +} + +static __attribute__((unused)) +ssize_t read(int fd, void *buf, size_t count) +{ + return __sysret(sys_read(fd, buf, count)); +} + + +/* + * int reboot(int cmd); + * is among LINUX_REBOOT_CMD_* + */ + +static __attribute__((unused)) +ssize_t sys_reboot(int magic1, int magic2, int cmd, void *arg) +{ + return my_syscall4(__NR_reboot, magic1, magic2, cmd, arg); +} + +static __attribute__((unused)) +int reboot(int cmd) +{ + return __sysret(sys_reboot(LINUX_REBOOT_MAGIC1, LINUX_REBOOT_MAGIC2, cmd, 0)); +} + + +/* + * int sched_yield(void); + */ + +static __attribute__((unused)) +int sys_sched_yield(void) +{ + return my_syscall0(__NR_sched_yield); +} + +static __attribute__((unused)) +int sched_yield(void) +{ + return __sysret(sys_sched_yield()); +} + + +/* + * int select(int nfds, fd_set *read_fds, fd_set *write_fds, + * fd_set *except_fds, struct timeval *timeout); + */ + +static __attribute__((unused)) +int sys_select(int nfds, fd_set *rfds, fd_set *wfds, fd_set *efds, struct timeval *timeout) +{ +#if defined(__ARCH_WANT_SYS_OLD_SELECT) && !defined(__NR__newselect) + struct sel_arg_struct { + unsigned long n; + fd_set *r, *w, *e; + struct timeval *t; + } arg = { .n = nfds, .r = rfds, .w = wfds, .e = efds, .t = timeout }; + return my_syscall1(__NR_select, &arg); +#elif defined(__ARCH_WANT_SYS_PSELECT6) && defined(__NR_pselect6) + struct timespec t; + + if (timeout) { + t.tv_sec = timeout->tv_sec; + t.tv_nsec = timeout->tv_usec * 1000; + } + return my_syscall6(__NR_pselect6, nfds, rfds, wfds, efds, timeout ? &t : NULL, NULL); +#elif defined(__NR__newselect) || defined(__NR_select) +#ifndef __NR__newselect +#define __NR__newselect __NR_select +#endif + return my_syscall5(__NR__newselect, nfds, rfds, wfds, efds, timeout); +#else + return -ENOSYS; +#endif +} + +static __attribute__((unused)) +int select(int nfds, fd_set *rfds, fd_set *wfds, fd_set *efds, struct timeval *timeout) +{ + return __sysret(sys_select(nfds, rfds, wfds, efds, timeout)); +} + + +/* + * int setpgid(pid_t pid, pid_t pgid); + */ + +static __attribute__((unused)) +int sys_setpgid(pid_t pid, pid_t pgid) +{ + return my_syscall2(__NR_setpgid, pid, pgid); +} + +static __attribute__((unused)) +int setpgid(pid_t pid, pid_t pgid) +{ + return __sysret(sys_setpgid(pid, pgid)); +} + + +/* + * pid_t setsid(void); + */ + +static __attribute__((unused)) +pid_t sys_setsid(void) +{ + return my_syscall0(__NR_setsid); +} + +static __attribute__((unused)) +pid_t setsid(void) +{ + return __sysret(sys_setsid()); +} + +/* + * int statx(int fd, const char *path, int flags, unsigned int mask, struct statx *buf); + * int stat(const char *path, struct stat *buf); + */ + +static __attribute__((unused)) +int sys_statx(int fd, const char *path, int flags, unsigned int mask, struct statx *buf) +{ +#ifdef __NR_statx + return my_syscall5(__NR_statx, fd, path, flags, mask, buf); +#else + return -ENOSYS; +#endif +} + +static __attribute__((unused)) +int statx(int fd, const char *path, int flags, unsigned int mask, struct statx *buf) +{ + return __sysret(sys_statx(fd, path, flags, mask, buf)); +} + + +static __attribute__((unused)) +int stat(const char *path, struct stat *buf) +{ + struct statx statx; + long ret; + + ret = __sysret(sys_statx(AT_FDCWD, path, AT_NO_AUTOMOUNT, STATX_BASIC_STATS, &statx)); + if (ret == -1) + return ret; + + buf->st_dev = ((statx.stx_dev_minor & 0xff) + | (statx.stx_dev_major << 8) + | ((statx.stx_dev_minor & ~0xff) << 12)); + buf->st_ino = statx.stx_ino; + buf->st_mode = statx.stx_mode; + buf->st_nlink = statx.stx_nlink; + buf->st_uid = statx.stx_uid; + buf->st_gid = statx.stx_gid; + buf->st_rdev = ((statx.stx_rdev_minor & 0xff) + | (statx.stx_rdev_major << 8) + | ((statx.stx_rdev_minor & ~0xff) << 12)); + buf->st_size = statx.stx_size; + buf->st_blksize = statx.stx_blksize; + buf->st_blocks = statx.stx_blocks; + buf->st_atim.tv_sec = statx.stx_atime.tv_sec; + buf->st_atim.tv_nsec = statx.stx_atime.tv_nsec; + buf->st_mtim.tv_sec = statx.stx_mtime.tv_sec; + buf->st_mtim.tv_nsec = statx.stx_mtime.tv_nsec; + buf->st_ctim.tv_sec = statx.stx_ctime.tv_sec; + buf->st_ctim.tv_nsec = statx.stx_ctime.tv_nsec; + + return 0; +} + + +/* + * int symlink(const char *old, const char *new); + */ + +static __attribute__((unused)) +int sys_symlink(const char *old, const char *new) +{ +#ifdef __NR_symlinkat + return my_syscall3(__NR_symlinkat, old, AT_FDCWD, new); +#elif defined(__NR_symlink) + return my_syscall2(__NR_symlink, old, new); +#else + return -ENOSYS; +#endif +} + +static __attribute__((unused)) +int symlink(const char *old, const char *new) +{ + return __sysret(sys_symlink(old, new)); +} + + +/* + * mode_t umask(mode_t mode); + */ + +static __attribute__((unused)) +mode_t sys_umask(mode_t mode) +{ + return my_syscall1(__NR_umask, mode); +} + +static __attribute__((unused)) +mode_t umask(mode_t mode) +{ + return sys_umask(mode); +} + + +/* + * int umount2(const char *path, int flags); + */ + +static __attribute__((unused)) +int sys_umount2(const char *path, int flags) +{ + return my_syscall2(__NR_umount2, path, flags); +} + +static __attribute__((unused)) +int umount2(const char *path, int flags) +{ + return __sysret(sys_umount2(path, flags)); +} + + +/* + * int unlink(const char *path); + */ + +static __attribute__((unused)) +int sys_unlink(const char *path) +{ +#ifdef __NR_unlinkat + return my_syscall3(__NR_unlinkat, AT_FDCWD, path, 0); +#elif defined(__NR_unlink) + return my_syscall1(__NR_unlink, path); +#else + return -ENOSYS; +#endif +} + +static __attribute__((unused)) +int unlink(const char *path) +{ + return __sysret(sys_unlink(path)); +} + + +/* + * pid_t wait(int *status); + * pid_t wait4(pid_t pid, int *status, int options, struct rusage *rusage); + * pid_t waitpid(pid_t pid, int *status, int options); + */ + +static __attribute__((unused)) +pid_t sys_wait4(pid_t pid, int *status, int options, struct rusage *rusage) +{ +#ifdef __NR_wait4 + return my_syscall4(__NR_wait4, pid, status, options, rusage); +#else + return -ENOSYS; +#endif +} + +static __attribute__((unused)) +pid_t wait(int *status) +{ + return __sysret(sys_wait4(-1, status, 0, NULL)); +} + +static __attribute__((unused)) +pid_t wait4(pid_t pid, int *status, int options, struct rusage *rusage) +{ + return __sysret(sys_wait4(pid, status, options, rusage)); +} + + +static __attribute__((unused)) +pid_t waitpid(pid_t pid, int *status, int options) +{ + return __sysret(sys_wait4(pid, status, options, NULL)); +} + + +/* + * ssize_t write(int fd, const void *buf, size_t count); + */ + +static __attribute__((unused)) +ssize_t sys_write(int fd, const void *buf, size_t count) +{ + return my_syscall3(__NR_write, fd, buf, count); +} + +static __attribute__((unused)) +ssize_t write(int fd, const void *buf, size_t count) +{ + return __sysret(sys_write(fd, buf, count)); +} + + +/* + * int memfd_create(const char *name, unsigned int flags); + */ + +static __attribute__((unused)) +int sys_memfd_create(const char *name, unsigned int flags) +{ + return my_syscall2(__NR_memfd_create, name, flags); +} + +static __attribute__((unused)) +int memfd_create(const char *name, unsigned int flags) +{ + return __sysret(sys_memfd_create(name, flags)); +} + +/* make sure to include all global symbols */ +#include "nolibc.h" + +#endif /* _NOLIBC_SYS_H */ diff --git a/libcontainer/dmz/nolibc/time.h b/libcontainer/dmz/nolibc/time.h new file mode 100644 index 00000000000..84655361b9a --- /dev/null +++ b/libcontainer/dmz/nolibc/time.h @@ -0,0 +1,31 @@ +/* SPDX-License-Identifier: LGPL-2.1 OR MIT */ +/* + * time function definitions for NOLIBC + * Copyright (C) 2017-2022 Willy Tarreau + */ + +#ifndef _NOLIBC_TIME_H +#define _NOLIBC_TIME_H + +#include "std.h" +#include "arch.h" +#include "types.h" +#include "sys.h" + +static __attribute__((unused)) +time_t time(time_t *tptr) +{ + struct timeval tv; + + /* note, cannot fail here */ + sys_gettimeofday(&tv, NULL); + + if (tptr) + *tptr = tv.tv_sec; + return tv.tv_sec; +} + +/* make sure to include all global symbols */ +#include "nolibc.h" + +#endif /* _NOLIBC_TIME_H */ diff --git a/libcontainer/dmz/nolibc/types.h b/libcontainer/dmz/nolibc/types.h new file mode 100644 index 00000000000..8cfc4c860fa --- /dev/null +++ b/libcontainer/dmz/nolibc/types.h @@ -0,0 +1,241 @@ +/* SPDX-License-Identifier: LGPL-2.1 OR MIT */ +/* + * Special types used by various syscalls for NOLIBC + * Copyright (C) 2017-2021 Willy Tarreau + */ + +#ifndef _NOLIBC_TYPES_H +#define _NOLIBC_TYPES_H + +#include "std.h" +#include +#include /* for LINUX_REBOOT_* */ +#include +#include + + +/* Only the generic macros and types may be defined here. The arch-specific + * ones such as the O_RDONLY and related macros used by fcntl() and open() + * must not be defined here. + */ + +/* stat flags (WARNING, octal here). We need to check for an existing + * definition because linux/stat.h may omit to define those if it finds + * that any glibc header was already included. + */ +#if !defined(S_IFMT) +#define S_IFDIR 0040000 +#define S_IFCHR 0020000 +#define S_IFBLK 0060000 +#define S_IFREG 0100000 +#define S_IFIFO 0010000 +#define S_IFLNK 0120000 +#define S_IFSOCK 0140000 +#define S_IFMT 0170000 + +#define S_ISDIR(mode) (((mode) & S_IFMT) == S_IFDIR) +#define S_ISCHR(mode) (((mode) & S_IFMT) == S_IFCHR) +#define S_ISBLK(mode) (((mode) & S_IFMT) == S_IFBLK) +#define S_ISREG(mode) (((mode) & S_IFMT) == S_IFREG) +#define S_ISFIFO(mode) (((mode) & S_IFMT) == S_IFIFO) +#define S_ISLNK(mode) (((mode) & S_IFMT) == S_IFLNK) +#define S_ISSOCK(mode) (((mode) & S_IFMT) == S_IFSOCK) + +#define S_IRWXU 00700 +#define S_IRUSR 00400 +#define S_IWUSR 00200 +#define S_IXUSR 00100 + +#define S_IRWXG 00070 +#define S_IRGRP 00040 +#define S_IWGRP 00020 +#define S_IXGRP 00010 + +#define S_IRWXO 00007 +#define S_IROTH 00004 +#define S_IWOTH 00002 +#define S_IXOTH 00001 +#endif + +/* dirent types */ +#define DT_UNKNOWN 0x0 +#define DT_FIFO 0x1 +#define DT_CHR 0x2 +#define DT_DIR 0x4 +#define DT_BLK 0x6 +#define DT_REG 0x8 +#define DT_LNK 0xa +#define DT_SOCK 0xc + +/* commonly an fd_set represents 256 FDs */ +#ifndef FD_SETSIZE +#define FD_SETSIZE 256 +#endif + +/* PATH_MAX and MAXPATHLEN are often used and found with plenty of different + * values. + */ +#ifndef PATH_MAX +#define PATH_MAX 4096 +#endif + +#ifndef MAXPATHLEN +#define MAXPATHLEN (PATH_MAX) +#endif + +/* flags for mmap */ +#ifndef MAP_FAILED +#define MAP_FAILED ((void *)-1) +#endif + +/* whence values for lseek() */ +#define SEEK_SET 0 +#define SEEK_CUR 1 +#define SEEK_END 2 + +/* flags for reboot */ +#define RB_AUTOBOOT LINUX_REBOOT_CMD_RESTART +#define RB_HALT_SYSTEM LINUX_REBOOT_CMD_HALT +#define RB_ENABLE_CAD LINUX_REBOOT_CMD_CAD_ON +#define RB_DISABLE_CAD LINUX_REBOOT_CMD_CAD_OFF +#define RB_POWER_OFF LINUX_REBOOT_CMD_POWER_OFF +#define RB_SW_SUSPEND LINUX_REBOOT_CMD_SW_SUSPEND +#define RB_KEXEC LINUX_REBOOT_CMD_KEXEC + +/* Macros used on waitpid()'s return status */ +#define WEXITSTATUS(status) (((status) & 0xff00) >> 8) +#define WIFEXITED(status) (((status) & 0x7f) == 0) +#define WTERMSIG(status) ((status) & 0x7f) +#define WIFSIGNALED(status) ((status) - 1 < 0xff) + +/* waitpid() flags */ +#define WNOHANG 1 + +/* standard exit() codes */ +#define EXIT_SUCCESS 0 +#define EXIT_FAILURE 1 + +#define FD_SETIDXMASK (8 * sizeof(unsigned long)) +#define FD_SETBITMASK (8 * sizeof(unsigned long)-1) + +/* for select() */ +typedef struct { + unsigned long fds[(FD_SETSIZE + FD_SETBITMASK) / FD_SETIDXMASK]; +} fd_set; + +#define FD_CLR(fd, set) do { \ + fd_set *__set = (set); \ + int __fd = (fd); \ + if (__fd >= 0) \ + __set->fds[__fd / FD_SETIDXMASK] &= \ + ~(1U << (__fd & FX_SETBITMASK)); \ + } while (0) + +#define FD_SET(fd, set) do { \ + fd_set *__set = (set); \ + int __fd = (fd); \ + if (__fd >= 0) \ + __set->fds[__fd / FD_SETIDXMASK] |= \ + 1 << (__fd & FD_SETBITMASK); \ + } while (0) + +#define FD_ISSET(fd, set) ({ \ + fd_set *__set = (set); \ + int __fd = (fd); \ + int __r = 0; \ + if (__fd >= 0) \ + __r = !!(__set->fds[__fd / FD_SETIDXMASK] & \ +1U << (__fd & FD_SET_BITMASK)); \ + __r; \ + }) + +#define FD_ZERO(set) do { \ + fd_set *__set = (set); \ + int __idx; \ + int __size = (FD_SETSIZE+FD_SETBITMASK) / FD_SETIDXMASK;\ + for (__idx = 0; __idx < __size; __idx++) \ + __set->fds[__idx] = 0; \ + } while (0) + +/* for poll() */ +#define POLLIN 0x0001 +#define POLLPRI 0x0002 +#define POLLOUT 0x0004 +#define POLLERR 0x0008 +#define POLLHUP 0x0010 +#define POLLNVAL 0x0020 + +struct pollfd { + int fd; + short int events; + short int revents; +}; + +/* for getdents64() */ +struct linux_dirent64 { + uint64_t d_ino; + int64_t d_off; + unsigned short d_reclen; + unsigned char d_type; + char d_name[]; +}; + +/* needed by wait4() */ +struct rusage { + struct timeval ru_utime; + struct timeval ru_stime; + long ru_maxrss; + long ru_ixrss; + long ru_idrss; + long ru_isrss; + long ru_minflt; + long ru_majflt; + long ru_nswap; + long ru_inblock; + long ru_oublock; + long ru_msgsnd; + long ru_msgrcv; + long ru_nsignals; + long ru_nvcsw; + long ru_nivcsw; +}; + +/* The format of the struct as returned by the libc to the application, which + * significantly differs from the format returned by the stat() syscall flavours. + */ +struct stat { + dev_t st_dev; /* ID of device containing file */ + ino_t st_ino; /* inode number */ + mode_t st_mode; /* protection */ + nlink_t st_nlink; /* number of hard links */ + uid_t st_uid; /* user ID of owner */ + gid_t st_gid; /* group ID of owner */ + dev_t st_rdev; /* device ID (if special file) */ + off_t st_size; /* total size, in bytes */ + blksize_t st_blksize; /* blocksize for file system I/O */ + blkcnt_t st_blocks; /* number of 512B blocks allocated */ + union { time_t st_atime; struct timespec st_atim; }; /* time of last access */ + union { time_t st_mtime; struct timespec st_mtim; }; /* time of last modification */ + union { time_t st_ctime; struct timespec st_ctim; }; /* time of last status change */ +}; + +/* WARNING, it only deals with the 4096 first majors and 256 first minors */ +#define makedev(major, minor) ((dev_t)((((major) & 0xfff) << 8) | ((minor) & 0xff))) +#define major(dev) ((unsigned int)(((dev) >> 8) & 0xfff)) +#define minor(dev) ((unsigned int)(((dev) & 0xff)) + +#ifndef offsetof +#define offsetof(TYPE, FIELD) ((size_t) &((TYPE *)0)->FIELD) +#endif + +#ifndef container_of +#define container_of(PTR, TYPE, FIELD) ({ \ + __typeof__(((TYPE *)0)->FIELD) *__FIELD_PTR = (PTR); \ + (TYPE *)((char *) __FIELD_PTR - offsetof(TYPE, FIELD)); \ +}) +#endif + +/* make sure to include all global symbols */ +#include "nolibc.h" + +#endif /* _NOLIBC_TYPES_H */ diff --git a/libcontainer/dmz/nolibc/unistd.h b/libcontainer/dmz/nolibc/unistd.h new file mode 100644 index 00000000000..e38f3660c05 --- /dev/null +++ b/libcontainer/dmz/nolibc/unistd.h @@ -0,0 +1,68 @@ +/* SPDX-License-Identifier: LGPL-2.1 OR MIT */ +/* + * unistd function definitions for NOLIBC + * Copyright (C) 2017-2022 Willy Tarreau + */ + +#ifndef _NOLIBC_UNISTD_H +#define _NOLIBC_UNISTD_H + +#include "std.h" +#include "arch.h" +#include "types.h" +#include "sys.h" + + +#define STDIN_FILENO 0 +#define STDOUT_FILENO 1 +#define STDERR_FILENO 2 + + +static __attribute__((unused)) +int msleep(unsigned int msecs) +{ + struct timeval my_timeval = { msecs / 1000, (msecs % 1000) * 1000 }; + + if (sys_select(0, 0, 0, 0, &my_timeval) < 0) + return (my_timeval.tv_sec * 1000) + + (my_timeval.tv_usec / 1000) + + !!(my_timeval.tv_usec % 1000); + else + return 0; +} + +static __attribute__((unused)) +unsigned int sleep(unsigned int seconds) +{ + struct timeval my_timeval = { seconds, 0 }; + + if (sys_select(0, 0, 0, 0, &my_timeval) < 0) + return my_timeval.tv_sec + !!my_timeval.tv_usec; + else + return 0; +} + +static __attribute__((unused)) +int usleep(unsigned int usecs) +{ + struct timeval my_timeval = { usecs / 1000000, usecs % 1000000 }; + + return sys_select(0, 0, 0, 0, &my_timeval); +} + +static __attribute__((unused)) +int tcsetpgrp(int fd, pid_t pid) +{ + return ioctl(fd, TIOCSPGRP, &pid); +} + +#define __syscall_narg(_0, _1, _2, _3, _4, _5, _6, N, ...) N +#define _syscall_narg(...) __syscall_narg(__VA_ARGS__, 6, 5, 4, 3, 2, 1, 0) +#define _syscall(N, ...) __sysret(my_syscall##N(__VA_ARGS__)) +#define _syscall_n(N, ...) _syscall(N, __VA_ARGS__) +#define syscall(...) _syscall_n(_syscall_narg(__VA_ARGS__), ##__VA_ARGS__) + +/* make sure to include all global symbols */ +#include "nolibc.h" + +#endif /* _NOLIBC_UNISTD_H */ diff --git a/libcontainer/dmz/xstat.h b/libcontainer/dmz/xstat.h new file mode 100644 index 00000000000..4acef77c21c --- /dev/null +++ b/libcontainer/dmz/xstat.h @@ -0,0 +1,15 @@ +#ifndef XSTAT_H +#define XSTAT_H + +// Some old-kernels (like centos-7) don't have statx() defined in linux/stat.h. We can't include +// sys/stat.h because it creates conflicts, so let's just define what we need here and be done with +// this. +// TODO (rata): I'll probably submit a patch to nolibc upstream so we can remove this hack in the +// future. +#include /* for statx() */ + +#ifndef STATX_BASIC_STATS +#include "linux/stat.h" +#endif // STATX_BASIC_STATS + +#endif // XSTAT_H From 9976be86b3abd44d1edfcb9626c5acb93e440aaa Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Tue, 26 Sep 2023 18:46:01 +0200 Subject: [PATCH 0390/1176] libct/dmz: Move comment out of the Makefile rule Otherwise it is shown when compiling, like this: # We use the flags suggested in nolibc/nolibc.h, it makes the binary very small. gcc -fno-asynchronous-unwind-tables -fno-ident -s -Os -nostdlib -lgcc -static -o runc-dmz _dmz.c strip -gs runc-dmz Having it before the target is equally clear and will not be shown while compiling. Signed-off-by: Rodrigo Campos --- libcontainer/dmz/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libcontainer/dmz/Makefile b/libcontainer/dmz/Makefile index e1282d3afd6..57ff782bd50 100644 --- a/libcontainer/dmz/Makefile +++ b/libcontainer/dmz/Makefile @@ -1,7 +1,7 @@ # Get CC values for cross-compilation. include ../../cc_platform.mk +# We use the flags suggested in nolibc/nolibc.h, it makes the binary very small. runc-dmz: _dmz.c - # We use the flags suggested in nolibc/nolibc.h, it makes the binary very small. $(CC) $(CFLAGS) -fno-asynchronous-unwind-tables -fno-ident -s -Os -nostdlib -lgcc -static -o $@ $^ $(STRIP) -gs $@ From 9060666531c6b8e3a0a110187566b134b0b1d958 Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Wed, 27 Sep 2023 03:43:49 +0900 Subject: [PATCH 0391/1176] docs: clarify the supported architectures (No MIPS) In reviewing PR 4024 ("libct/dmz: Reduce the binary size using nolibc"), we noticed that we do not intend to actively support MIPS. We do not intend to support i386 either. This might be a breaking change for Debian, which has been officially providing runc packages for `i386`, `mips64el` and `mipsel`: https://packages.debian.org/bookworm/runc Signed-off-by: Akihiro Suda --- docs/spec-conformance.md | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/docs/spec-conformance.md b/docs/spec-conformance.md index 4ec89dcab4a..3678617bbf0 100644 --- a/docs/spec-conformance.md +++ b/docs/spec-conformance.md @@ -7,8 +7,6 @@ The following features are not implemented yet: Spec version | Feature | PR -------------|------------------------------------------|---------------------------------------------------------- -v1.0.0 | `SCMP_ARCH_PARISC` | Unplanned, due to lack of users -v1.0.0 | `SCMP_ARCH_PARISC64` | Unplanned, due to lack of users v1.0.2 | `.linux.personality` | [#3126](https://github.com/opencontainers/runc/pull/3126) v1.1.0 | `SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV` | [#3862](https://github.com/opencontainers/runc/pull/3862) v1.1.0 | time namespaces | [#3876](https://github.com/opencontainers/runc/pull/3876) @@ -22,3 +20,20 @@ Spec version | Feature | Limitation -------------|------------------------------------------|---------------------------------------------------------- v1.1.0 | `.[]mounts.uidMappings` | Requires using UserNS with identical uidMappings v1.1.0 | `.[]mounts.gidMappings` | Requires using UserNS with identical gidMappings + +## Architectures + +The following architectures are supported: + +runc binary | seccomp +-------------|------------------------------------------------------- +`amd64` | `SCMP_ARCH_X86`, `SCMP_ARCH_X86_64`, `SCMP_ARCH_X32` +`arm64` | `SCMP_ARCH_ARM`, `SCMP_ARCH_AARCH64` +`armel` | `SCMP_ARCH_ARM` +`armhf` | `SCMP_ARCH_ARM` +`ppc64le` | `SCMP_ARCH_PPC64LE` +`riscv64` | `SCMP_ARCH_RISCV64` +`s390x` | `SCMP_ARCH_S390`, `SCMP_ARCH_S390X` + +The runc binary might be compilable for i386, big-endian PPC64, +and several MIPS variants too, but these architectures are not officially supported. From 531e29e192113a2cae2d13b48901ec456175cb1e Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Wed, 27 Sep 2023 04:13:21 +0900 Subject: [PATCH 0392/1176] script/lib.sh: set GOARM=5 for armel, GOARM=6 for armhf "armhf" means ARMv7 for Debian, ARMv6 for Raspbian. ARMv6 is chosen here for compatibility. https://wiki.debian.org/RaspberryPi > Raspberry Pi OS builds a single image for all of the Raspberry families, > so you will get an armhf 32-bit, hard floating-point system, but built > for the ARMv6 ISA (with VFP2), unlike Debian's ARMv7 ISA (with VFP3) > port. Prior to this commit, the script was setting GOARM=6 for armel, GOARM=7 for armhf. Fix issue 4033 Signed-off-by: Akihiro Suda --- script/lib.sh | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/script/lib.sh b/script/lib.sh index f79dc3c2335..8ba99a995d3 100644 --- a/script/lib.sh +++ b/script/lib.sh @@ -45,12 +45,21 @@ function set_cross_vars() { armel) HOST=arm-${PLATFORM}eabi GOARCH=arm - GOARM=6 + GOARM=5 ;; armhf) HOST=arm-${PLATFORM}eabihf GOARCH=arm - GOARM=7 + # "armhf" means ARMv7 for Debian, ARMv6 for Raspbian. + # ARMv6 is chosen here for compatibility. + # + # https://wiki.debian.org/RaspberryPi + # + # > Raspberry Pi OS builds a single image for all of the Raspberry families, + # > so you will get an armhf 32-bit, hard floating-point system, but built + # > for the ARMv6 ISA (with VFP2), unlike Debian's ARMv7 ISA (with VFP3) + # > port. + GOARM=6 ;; ppc64le) HOST=powerpc64le-${PLATFORM} From 4b3b7e997352faa9933b95ac2243bb5de5dd991c Mon Sep 17 00:00:00 2001 From: Zheao Li Date: Wed, 27 Sep 2023 03:30:19 +0800 Subject: [PATCH 0393/1176] docs/spec-conformance: update Since PR 3876 was merged, let's remove time namespace from the list of unimplemented features. Signed-off-by: Zheao Li --- docs/spec-conformance.md | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/spec-conformance.md b/docs/spec-conformance.md index 4ec89dcab4a..871b9a2c8bb 100644 --- a/docs/spec-conformance.md +++ b/docs/spec-conformance.md @@ -11,7 +11,6 @@ v1.0.0 | `SCMP_ARCH_PARISC` | Unplanned, due to lack v1.0.0 | `SCMP_ARCH_PARISC64` | Unplanned, due to lack of users v1.0.2 | `.linux.personality` | [#3126](https://github.com/opencontainers/runc/pull/3126) v1.1.0 | `SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV` | [#3862](https://github.com/opencontainers/runc/pull/3862) -v1.1.0 | time namespaces | [#3876](https://github.com/opencontainers/runc/pull/3876) v1.1.0 | rsvd hugetlb cgroup | TODO ([#3859](https://github.com/opencontainers/runc/issues/3859)) v1.1.0 | `.process.scheduler` | TODO ([#3895](https://github.com/opencontainers/runc/issues/3895)) v1.1.0 | `.process.ioPriority` | [#3783](https://github.com/opencontainers/runc/pull/3783) From 2e2ecf29ff6f1fd32f819c5a168872bb90d454f8 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 27 Sep 2023 16:32:31 -0700 Subject: [PATCH 0394/1176] libct: use chmod instead of umask Umask is problematic for Go programs as it affects other goroutines (see [1] for more details). Instead of using it, let's just prop up with Chmod. Note this patch misses the MkdirAll call in createDeviceNode. Since the runtime spec does not say anything about creating intermediary directories for device nodes, let's assume that doing it via mkdir with the current umask set is sufficient (if not, we have to reimplement MkdirAll from scratch, with added call to os.Chmod). [1] https://github.com/opencontainers/runc/pull/3563#discussion_r990293788 Signed-off-by: Kir Kolyshkin --- libcontainer/console_linux.go | 6 ++++-- libcontainer/container_linux.go | 7 ++++--- libcontainer/rootfs_linux.go | 7 ++++--- 3 files changed, 12 insertions(+), 8 deletions(-) diff --git a/libcontainer/console_linux.go b/libcontainer/console_linux.go index d2b9cf59438..e506853e45a 100644 --- a/libcontainer/console_linux.go +++ b/libcontainer/console_linux.go @@ -9,13 +9,15 @@ import ( // mount initializes the console inside the rootfs mounting with the specified mount label // and applying the correct ownership of the console. func mountConsole(slavePath string) error { - oldMask := unix.Umask(0o000) - defer unix.Umask(oldMask) f, err := os.Create("/dev/console") if err != nil && !os.IsExist(err) { return err } if f != nil { + // Ensure permission bits (can be different because of umask). + if err := f.Chmod(0o666); err != nil { + return err + } f.Close() } return mount(slavePath, "/dev/console", "bind", unix.MS_BIND, "") diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index ae5d4fb46b4..d1a7b6055f8 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -413,12 +413,13 @@ func (c *Container) createExecFifo() error { if _, err := os.Stat(fifoName); err == nil { return fmt.Errorf("exec fifo %s already exists", fifoName) } - oldMask := unix.Umask(0o000) if err := unix.Mkfifo(fifoName, 0o622); err != nil { - unix.Umask(oldMask) + return &os.PathError{Op: "mkfifo", Path: fifoName, Err: err} + } + // Ensure permission bits (can be different because of umask). + if err := os.Chmod(fifoName, 0o622); err != nil { return err } - unix.Umask(oldMask) return os.Chown(fifoName, rootuid, rootgid) } diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index 88ecb287c11..3145299d33d 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -704,7 +704,6 @@ func reOpenDevNull() error { // Create the device nodes in the container. func createDevices(config *configs.Config) error { useBindMount := userns.RunningInUserNS() || config.Namespaces.Contains(configs.NEWUSER) - oldMask := unix.Umask(0o000) for _, node := range config.Devices { // The /dev/ptmx device is setup by setupPtmx() @@ -715,11 +714,9 @@ func createDevices(config *configs.Config) error { // containers running in a user namespace are not allowed to mknod // devices so we can just bind mount it from the host. if err := createDeviceNode(config.Rootfs, node, useBindMount); err != nil { - unix.Umask(oldMask) return err } } - unix.Umask(oldMask) return nil } @@ -782,6 +779,10 @@ func mknodDevice(dest string, node *devices.Device) error { if err := unix.Mknod(dest, uint32(fileMode), int(dev)); err != nil { return &os.PathError{Op: "mknod", Path: dest, Err: err} } + // Ensure permission bits (can be different because of umask). + if err := os.Chmod(dest, fileMode); err != nil { + return err + } return os.Chown(dest, int(node.Uid), int(node.Gid)) } From f755c8089b600356504c17b905330f462e587a19 Mon Sep 17 00:00:00 2001 From: Mikko Ylinen Date: Fri, 4 Aug 2023 14:53:10 +0300 Subject: [PATCH 0395/1176] libct/cg/stats: support misc for cgroup v2 Signed-off-by: Mikko Ylinen --- libcontainer/cgroups/fs2/fs2.go | 4 + libcontainer/cgroups/fs2/misc.go | 52 +++++++++++++ libcontainer/cgroups/fs2/misc_test.go | 103 ++++++++++++++++++++++++++ libcontainer/cgroups/stats.go | 12 ++- 4 files changed, 170 insertions(+), 1 deletion(-) create mode 100644 libcontainer/cgroups/fs2/misc.go create mode 100644 libcontainer/cgroups/fs2/misc_test.go diff --git a/libcontainer/cgroups/fs2/fs2.go b/libcontainer/cgroups/fs2/fs2.go index 47b67afc2a1..0760be74b97 100644 --- a/libcontainer/cgroups/fs2/fs2.go +++ b/libcontainer/cgroups/fs2/fs2.go @@ -133,6 +133,10 @@ func (m *Manager) GetStats() (*cgroups.Stats, error) { if err := fscommon.RdmaGetStats(m.dirPath, st); err != nil && !os.IsNotExist(err) { errs = append(errs, err) } + // misc (since kernel 5.13) + if err := statMisc(m.dirPath, st); err != nil && !os.IsNotExist(err) { + errs = append(errs, err) + } if len(errs) > 0 && !m.config.Rootless { return st, fmt.Errorf("error while statting cgroup v2: %+v", errs) } diff --git a/libcontainer/cgroups/fs2/misc.go b/libcontainer/cgroups/fs2/misc.go new file mode 100644 index 00000000000..f0b292aa015 --- /dev/null +++ b/libcontainer/cgroups/fs2/misc.go @@ -0,0 +1,52 @@ +package fs2 + +import ( + "bufio" + "os" + "strings" + + "github.com/opencontainers/runc/libcontainer/cgroups" + "github.com/opencontainers/runc/libcontainer/cgroups/fscommon" +) + +func statMisc(dirPath string, stats *cgroups.Stats) error { + for _, file := range []string{"current", "events"} { + fd, err := cgroups.OpenFile(dirPath, "misc."+file, os.O_RDONLY) + if err != nil { + return err + } + + s := bufio.NewScanner(fd) + for s.Scan() { + key, value, err := fscommon.ParseKeyValue(s.Text()) + if err != nil { + fd.Close() + return err + } + + key = strings.TrimSuffix(key, ".max") + + if _, ok := stats.MiscStats[key]; !ok { + stats.MiscStats[key] = cgroups.MiscStats{} + } + + tmp := stats.MiscStats[key] + + switch file { + case "current": + tmp.Usage = value + case "events": + tmp.Events = value + } + + stats.MiscStats[key] = tmp + } + fd.Close() + + if err := s.Err(); err != nil { + return err + } + } + + return nil +} diff --git a/libcontainer/cgroups/fs2/misc_test.go b/libcontainer/cgroups/fs2/misc_test.go new file mode 100644 index 00000000000..a3f82395196 --- /dev/null +++ b/libcontainer/cgroups/fs2/misc_test.go @@ -0,0 +1,103 @@ +package fs2 + +import ( + "os" + "path/filepath" + "strings" + "testing" + + "github.com/opencontainers/runc/libcontainer/cgroups" +) + +const exampleMiscCurrentData = `res_a 123 +res_b 456 +res_c 42` + +const exampleMiscEventsData = `res_a.max 1 +res_b.max 2 +res_c.max 3` + +func TestStatMiscPodCgroupEmpty(t *testing.T) { + // We're using a fake cgroupfs. + cgroups.TestMode = true + fakeCgroupDir := t.TempDir() + + // create empty misc.current and misc.events files to test the common case + // where no misc resource keys are available + for _, file := range []string{"misc.current", "misc.events"} { + if _, err := os.Create(filepath.Join(fakeCgroupDir, file)); err != nil { + t.Fatal(err) + } + } + + gotStats := cgroups.NewStats() + + err := statMisc(fakeCgroupDir, gotStats) + if err != nil { + t.Errorf("expected no error when statting empty misc.current/misc.events for cgroupv2, but got %#v", err) + } + + if len(gotStats.MiscStats) != 0 { + t.Errorf("parsed cgroupv2 misc.* returns unexpected resources: got %#v but expected nothing", gotStats.MiscStats) + } +} + +func TestStatMiscPodCgroupNotFound(t *testing.T) { + // We're using a fake cgroupfs. + cgroups.TestMode = true + fakeCgroupDir := t.TempDir() + + // only write misc.current to ensure pod cgroup usage + // still reads misc.events. + statPath := filepath.Join(fakeCgroupDir, "misc.current") + if err := os.WriteFile(statPath, []byte(exampleMiscCurrentData), 0o644); err != nil { + t.Fatal(err) + } + + gotStats := cgroups.NewStats() + + // use a fake root path to mismatch the file we wrote. + // this triggers the non-root path which should fail to find misc.events. + err := statMisc(fakeCgroupDir, gotStats) + if err == nil { + t.Errorf("expected error when statting misc.current for cgroupv2 root, but was nil") + } + + if !strings.Contains(err.Error(), "misc.events: no such file or directory") { + t.Errorf("expected error to contain 'misc.events: no such file or directory', but was %s", err.Error()) + } +} + +func TestStatMiscPodCgroup(t *testing.T) { + // We're using a fake cgroupfs. + cgroups.TestMode = true + fakeCgroupDir := t.TempDir() + + currentPath := filepath.Join(fakeCgroupDir, "misc.current") + if err := os.WriteFile(currentPath, []byte(exampleMiscCurrentData), 0o644); err != nil { + t.Fatal(err) + } + + eventsPath := filepath.Join(fakeCgroupDir, "misc.events") + if err := os.WriteFile(eventsPath, []byte(exampleMiscEventsData), 0o644); err != nil { + t.Fatal(err) + } + + gotStats := cgroups.NewStats() + + // use a fake root path to trigger the pod cgroup lookup. + err := statMisc(fakeCgroupDir, gotStats) + if err != nil { + t.Errorf("expected no error when statting misc for cgroupv2 root, but got %#+v", err) + } + + // make sure all res_* from exampleMisc*Data are returned + if len(gotStats.MiscStats) != 3 { + t.Errorf("parsed cgroupv2 misc doesn't return all expected resources: \ngot %#v\nexpected %#v\n", len(gotStats.MiscStats), 3) + } + + var expectedUsageBytes uint64 = 42 + if gotStats.MiscStats["res_c"].Usage != expectedUsageBytes { + t.Errorf("parsed cgroupv2 misc.current for res_c doesn't match expected result: \ngot %#v\nexpected %#v\n", gotStats.MiscStats["res_c"].Usage, expectedUsageBytes) + } +} diff --git a/libcontainer/cgroups/stats.go b/libcontainer/cgroups/stats.go index 8ff1fbb52bb..17a79ef2d36 100644 --- a/libcontainer/cgroups/stats.go +++ b/libcontainer/cgroups/stats.go @@ -170,6 +170,13 @@ type RdmaStats struct { RdmaCurrent []RdmaEntry `json:"rdma_current,omitempty"` } +type MiscStats struct { + // current resource usage for a key in misc + Usage uint64 `json:"usage,omitempty"` + // number of times the resource usage was about to go over the max boundary + Events uint64 `json:"events,omitempty"` +} + type Stats struct { CpuStats CpuStats `json:"cpu_stats,omitempty"` CPUSetStats CPUSetStats `json:"cpuset_stats,omitempty"` @@ -179,10 +186,13 @@ type Stats struct { // the map is in the format "size of hugepage: stats of the hugepage" HugetlbStats map[string]HugetlbStats `json:"hugetlb_stats,omitempty"` RdmaStats RdmaStats `json:"rdma_stats,omitempty"` + // the map is in the format "misc resource name: stats of the key" + MiscStats map[string]MiscStats `json:"misc_stats,omitempty"` } func NewStats() *Stats { memoryStats := MemoryStats{Stats: make(map[string]uint64)} hugetlbStats := make(map[string]HugetlbStats) - return &Stats{MemoryStats: memoryStats, HugetlbStats: hugetlbStats} + miscStats := make(map[string]MiscStats) + return &Stats{MemoryStats: memoryStats, HugetlbStats: hugetlbStats, MiscStats: miscStats} } From 109dcadd9d1756258ba0ee096871d11c8581002e Mon Sep 17 00:00:00 2001 From: lifubang Date: Tue, 3 Oct 2023 20:08:17 +0800 Subject: [PATCH 0396/1176] fix two typos Signed-off-by: lifubang --- libcontainer/seccomp/patchbpf/enosys_linux.go | 2 +- man/runc-update.8.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/libcontainer/seccomp/patchbpf/enosys_linux.go b/libcontainer/seccomp/patchbpf/enosys_linux.go index 40e51533410..665138609c7 100644 --- a/libcontainer/seccomp/patchbpf/enosys_linux.go +++ b/libcontainer/seccomp/patchbpf/enosys_linux.go @@ -89,7 +89,7 @@ var retErrnoEnosys = uint32(C.C_ACT_ERRNO_ENOSYS) const bpfSizeofInt = 4 // This syscall is used for multiplexing "large" syscalls on s390(x). Unknown -// syscalls will end up with this syscall number, so we need to explcitly +// syscalls will end up with this syscall number, so we need to explicitly // return -ENOSYS for this syscall on those architectures. const s390xMultiplexSyscall libseccomp.ScmpSyscall = 0 diff --git a/man/runc-update.8.md b/man/runc-update.8.md index 8ca69451ddd..0e95d85ded1 100644 --- a/man/runc-update.8.md +++ b/man/runc-update.8.md @@ -42,7 +42,7 @@ In case **-r** is used, the JSON format is like this: # OPTIONS **--resources**|**-r** _resources.json_ -: Read the new resource limtis from _resources.json_. Use **-** to read from +: Read the new resource limits from _resources.json_. Use **-** to read from stdin. If this option is used, all other options are ignored. **--blkio-weight** _weight_ From 6538e6d0bd81fc26e68a1468baad3b92277e0474 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 3 Oct 2023 17:48:04 -0700 Subject: [PATCH 0397/1176] libct: fix a typo syncrhonisation ==> synchronisation Signed-off-by: Kir Kolyshkin --- libcontainer/init_linux.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go index edb112f64bd..0abbccf569f 100644 --- a/libcontainer/init_linux.go +++ b/libcontainer/init_linux.go @@ -108,7 +108,7 @@ func Init() { // error, it means the initialization has failed. If the error is returned, // it means the error can not be communicated back to the parent. func startInitialization() (retErr error) { - // Get the syncrhonisation pipe. + // Get the synchronisation pipe. envSyncPipe := os.Getenv("_LIBCONTAINER_SYNCPIPE") syncPipeFd, err := strconv.Atoi(envSyncPipe) if err != nil { From c89faacc136ad89fc9c9bb498d19c5747145fd8a Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 3 Oct 2023 12:44:40 -0700 Subject: [PATCH 0398/1176] libc: rm _LIBCONTAINER_STATEDIR It's only user was recently removed. Fixes: 0e9a3358f84813120b38f01cd8ad153ddf3a1694 Signed-off-by: Kir Kolyshkin --- libcontainer/container_linux.go | 1 - 1 file changed, 1 deletion(-) diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index 24d80d151d1..1a18ba348b3 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -563,7 +563,6 @@ func (c *Container) newParentProcess(p *Process) (parentProcess, error) { "_LIBCONTAINER_CONSOLE="+strconv.Itoa(stdioFdCount+len(cmd.ExtraFiles)-1), ) } - cmd.Env = append(cmd.Env, "_LIBCONTAINER_STATEDIR="+c.root) cmd.ExtraFiles = append(cmd.ExtraFiles, comm.initSockChild) cmd.Env = append(cmd.Env, From efbebb39b519ed289ebe1e68925a61a6c404739b Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 3 Oct 2023 13:04:27 -0700 Subject: [PATCH 0399/1176] libct: rename root to stateDir in struct Container The name "root" (or "containerRoot") is confusing; one might think it is the root of container's file system (the directory we chroot into). Rename to stateDir for clarity. Signed-off-by: Kir Kolyshkin --- libcontainer/container_linux.go | 20 ++++++++++---------- libcontainer/container_linux_test.go | 4 ++-- libcontainer/criu_linux.go | 6 +++--- libcontainer/factory_linux.go | 14 +++++++------- libcontainer/state_linux.go | 4 ++-- 5 files changed, 24 insertions(+), 24 deletions(-) diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index 1a18ba348b3..35f4f5df390 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -36,7 +36,7 @@ const stdioFdCount = 3 // Container is a libcontainer container object. type Container struct { id string - root string + stateDir string config *configs.Config cgroupManager cgroups.Manager intelRdtManager *intelrdt.Manager @@ -242,7 +242,7 @@ func (c *Container) Exec() error { } func (c *Container) exec() error { - path := filepath.Join(c.root, execFifoFilename) + path := filepath.Join(c.stateDir, execFifoFilename) pid := c.initProcess.pid() blockingFifoOpenCh := awaitFifoOpen(path) for { @@ -409,7 +409,7 @@ func (c *Container) createExecFifo() error { return err } - fifoName := filepath.Join(c.root, execFifoFilename) + fifoName := filepath.Join(c.stateDir, execFifoFilename) if _, err := os.Stat(fifoName); err == nil { return fmt.Errorf("exec fifo %s already exists", fifoName) } @@ -424,7 +424,7 @@ func (c *Container) createExecFifo() error { } func (c *Container) deleteExecFifo() { - fifoName := filepath.Join(c.root, execFifoFilename) + fifoName := filepath.Join(c.stateDir, execFifoFilename) os.Remove(fifoName) } @@ -433,7 +433,7 @@ func (c *Container) deleteExecFifo() { // un-opened). It then adds the FifoFd to the given exec.Cmd as an inherited // fd, with _LIBCONTAINER_FIFOFD set to its fd number. func (c *Container) includeExecFifo(cmd *exec.Cmd) error { - fifoName := filepath.Join(c.root, execFifoFilename) + fifoName := filepath.Join(c.stateDir, execFifoFilename) fifo, err := os.OpenFile(fifoName, unix.O_PATH|unix.O_CLOEXEC, 0) if err != nil { return err @@ -512,7 +512,7 @@ func (c *Container) newParentProcess(p *Process) (parentProcess, error) { } else { var err error if isDmzBinarySafe(c.config) { - dmzExe, err = dmz.Binary(c.root) + dmzExe, err = dmz.Binary(c.stateDir) if err == nil { // We can use our own executable without cloning if we are using // runc-dmz. @@ -531,7 +531,7 @@ func (c *Container) newParentProcess(p *Process) (parentProcess, error) { err = dmz.ErrNoDmzBinary } if errors.Is(err, dmz.ErrNoDmzBinary) { - safeExe, err = dmz.CloneSelfExe(c.root) + safeExe, err = dmz.CloneSelfExe(c.stateDir) if err != nil { return nil, fmt.Errorf("unable to create safe /proc/self/exe clone for runc init: %w", err) } @@ -951,7 +951,7 @@ func (c *Container) updateState(process parentProcess) (*State, error) { } func (c *Container) saveState(s *State) (retErr error) { - tmpFile, err := os.CreateTemp(c.root, "state-") + tmpFile, err := os.CreateTemp(c.stateDir, "state-") if err != nil { return err } @@ -972,7 +972,7 @@ func (c *Container) saveState(s *State) (retErr error) { return err } - stateFilePath := filepath.Join(c.root, stateFilename) + stateFilePath := filepath.Join(c.stateDir, stateFilename) return os.Rename(tmpFile.Name(), stateFilePath) } @@ -1019,7 +1019,7 @@ func (c *Container) runType() Status { } // We'll create exec fifo and blocking on it after container is created, // and delete it after start container. - if _, err := os.Stat(filepath.Join(c.root, execFifoFilename)); err == nil { + if _, err := os.Stat(filepath.Join(c.stateDir, execFifoFilename)); err == nil { return Created } return Running diff --git a/libcontainer/container_linux_test.go b/libcontainer/container_linux_test.go index 6551de8085f..99908376562 100644 --- a/libcontainer/container_linux_test.go +++ b/libcontainer/container_linux_test.go @@ -233,8 +233,8 @@ func TestGetContainerStateAfterUpdate(t *testing.T) { } container := &Container{ - root: t.TempDir(), - id: "myid", + stateDir: t.TempDir(), + id: "myid", config: &configs.Config{ Namespaces: []configs.Namespace{ {Type: configs.NEWPID}, diff --git a/libcontainer/criu_linux.go b/libcontainer/criu_linux.go index 03a86c301de..360639e7fcd 100644 --- a/libcontainer/criu_linux.go +++ b/libcontainer/criu_linux.go @@ -662,7 +662,7 @@ func (c *Container) Restore(process *Process, criuOpts *CriuOpts) error { // * its parent must not be overmounted // c.config.Rootfs is bind-mounted to a temporary directory // to satisfy these requirements. - root := filepath.Join(c.root, "criu-root") + root := filepath.Join(c.stateDir, "criu-root") if err := os.Mkdir(root, 0o755); err != nil { return err } @@ -1113,7 +1113,7 @@ func (c *Container) criuNotifications(resp *criurpc.CriuResp, process *Process, logrus.Debugf("notify: %s\n", script) switch script { case "post-dump": - f, err := os.Create(filepath.Join(c.root, "checkpoint")) + f, err := os.Create(filepath.Join(c.stateDir, "checkpoint")) if err != nil { return err } @@ -1166,7 +1166,7 @@ func (c *Container) criuNotifications(resp *criurpc.CriuResp, process *Process, if _, err := c.updateState(r); err != nil { return err } - if err := os.Remove(filepath.Join(c.root, "checkpoint")); err != nil { + if err := os.Remove(filepath.Join(c.stateDir, "checkpoint")); err != nil { if !os.IsNotExist(err) { logrus.Error(err) } diff --git a/libcontainer/factory_linux.go b/libcontainer/factory_linux.go index 4cb4a88bf0d..b0bf6142109 100644 --- a/libcontainer/factory_linux.go +++ b/libcontainer/factory_linux.go @@ -46,11 +46,11 @@ func Create(root, id string, config *configs.Config) (*Container, error) { if err := os.MkdirAll(root, 0o700); err != nil { return nil, err } - containerRoot, err := securejoin.SecureJoin(root, id) + stateDir, err := securejoin.SecureJoin(root, id) if err != nil { return nil, err } - if _, err := os.Stat(containerRoot); err == nil { + if _, err := os.Stat(stateDir); err == nil { return nil, ErrExist } else if !os.IsNotExist(err) { return nil, err @@ -89,12 +89,12 @@ func Create(root, id string, config *configs.Config) (*Container, error) { } // Parent directory is already created above, so Mkdir is enough. - if err := os.Mkdir(containerRoot, 0o711); err != nil { + if err := os.Mkdir(stateDir, 0o711); err != nil { return nil, err } c := &Container{ id: id, - root: containerRoot, + stateDir: stateDir, config: config, cgroupManager: cm, intelRdtManager: intelrdt.NewManager(config, id, ""), @@ -114,11 +114,11 @@ func Load(root, id string) (*Container, error) { if err := validateID(id); err != nil { return nil, err } - containerRoot, err := securejoin.SecureJoin(root, id) + stateDir, err := securejoin.SecureJoin(root, id) if err != nil { return nil, err } - state, err := loadState(containerRoot) + state, err := loadState(stateDir) if err != nil { return nil, err } @@ -138,7 +138,7 @@ func Load(root, id string) (*Container, error) { config: &state.Config, cgroupManager: cm, intelRdtManager: intelrdt.NewManager(&state.Config, id, state.IntelRdtPath), - root: containerRoot, + stateDir: stateDir, created: state.Created, } c.state = &loadedState{c: c} diff --git a/libcontainer/state_linux.go b/libcontainer/state_linux.go index 8d8f31d3678..c6967e5f4f5 100644 --- a/libcontainer/state_linux.go +++ b/libcontainer/state_linux.go @@ -41,7 +41,7 @@ func destroy(c *Container) error { err = ierr } } - if rerr := os.RemoveAll(c.root); err == nil { + if rerr := os.RemoveAll(c.stateDir); err == nil { err = rerr } c.initProcess = nil @@ -200,7 +200,7 @@ func (r *restoredState) transition(s containerState) error { } func (r *restoredState) destroy() error { - if _, err := os.Stat(filepath.Join(r.c.root, "checkpoint")); err != nil { + if _, err := os.Stat(filepath.Join(r.c.stateDir, "checkpoint")); err != nil { if !os.IsNotExist(err) { return err } From 770728e16e0949aba34651f31afdf423ad19a000 Mon Sep 17 00:00:00 2001 From: utam0k Date: Fri, 4 Aug 2023 02:04:56 +0000 Subject: [PATCH 0400/1176] Support `process.scheduler` Spec: https://github.com/opencontainers/runtime-spec/pull/1188 Fix: https://github.com/opencontainers/runc/issues/3895 Co-authored-by: lifubang Signed-off-by: utam0k Signed-off-by: lifubang --- docs/spec-conformance.md | 1 - libcontainer/configs/config.go | 63 +++++++++++++++++++ libcontainer/configs/validate/validator.go | 23 +++++++ .../configs/validate/validator_test.go | 50 +++++++++++++++ libcontainer/init_linux.go | 14 +++++ libcontainer/process.go | 2 + libcontainer/setns_init_linux.go | 6 ++ libcontainer/specconv/spec_linux.go | 4 ++ libcontainer/standard_init_linux.go | 7 +++ tests/integration/scheduler.bats | 34 ++++++++++ utils_linux.go | 5 ++ 11 files changed, 208 insertions(+), 1 deletion(-) create mode 100644 tests/integration/scheduler.bats diff --git a/docs/spec-conformance.md b/docs/spec-conformance.md index 871b9a2c8bb..8ec1e8c3f0a 100644 --- a/docs/spec-conformance.md +++ b/docs/spec-conformance.md @@ -12,7 +12,6 @@ v1.0.0 | `SCMP_ARCH_PARISC64` | Unplanned, due to lack v1.0.2 | `.linux.personality` | [#3126](https://github.com/opencontainers/runc/pull/3126) v1.1.0 | `SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV` | [#3862](https://github.com/opencontainers/runc/pull/3862) v1.1.0 | rsvd hugetlb cgroup | TODO ([#3859](https://github.com/opencontainers/runc/issues/3859)) -v1.1.0 | `.process.scheduler` | TODO ([#3895](https://github.com/opencontainers/runc/issues/3895)) v1.1.0 | `.process.ioPriority` | [#3783](https://github.com/opencontainers/runc/pull/3783) diff --git a/libcontainer/configs/config.go b/libcontainer/configs/config.go index 19541293b6f..1ece49c3732 100644 --- a/libcontainer/configs/config.go +++ b/libcontainer/configs/config.go @@ -8,6 +8,7 @@ import ( "time" "github.com/sirupsen/logrus" + "golang.org/x/sys/unix" "github.com/opencontainers/runc/libcontainer/devices" "github.com/opencontainers/runtime-spec/specs-go" @@ -219,6 +220,68 @@ type Config struct { // TimeOffsets specifies the offset for supporting time namespaces. TimeOffsets map[string]specs.LinuxTimeOffset `json:"time_offsets,omitempty"` + + // Scheduler represents the scheduling attributes for a process. + Scheduler *Scheduler `json:"scheduler,omitempty"` +} + +// Scheduler is based on the Linux sched_setattr(2) syscall. +type Scheduler = specs.Scheduler + +// ToSchedAttr is to convert *configs.Scheduler to *unix.SchedAttr. +func ToSchedAttr(scheduler *Scheduler) (*unix.SchedAttr, error) { + var policy uint32 + switch scheduler.Policy { + case specs.SchedOther: + policy = 0 + case specs.SchedFIFO: + policy = 1 + case specs.SchedRR: + policy = 2 + case specs.SchedBatch: + policy = 3 + case specs.SchedISO: + policy = 4 + case specs.SchedIdle: + policy = 5 + case specs.SchedDeadline: + policy = 6 + default: + return nil, fmt.Errorf("invalid scheduler policy: %s", scheduler.Policy) + } + + var flags uint64 + for _, flag := range scheduler.Flags { + switch flag { + case specs.SchedFlagResetOnFork: + flags |= 0x01 + case specs.SchedFlagReclaim: + flags |= 0x02 + case specs.SchedFlagDLOverrun: + flags |= 0x04 + case specs.SchedFlagKeepPolicy: + flags |= 0x08 + case specs.SchedFlagKeepParams: + flags |= 0x10 + case specs.SchedFlagUtilClampMin: + flags |= 0x20 + case specs.SchedFlagUtilClampMax: + flags |= 0x40 + default: + return nil, fmt.Errorf("invalid scheduler flag: %s", flag) + } + } + + return &unix.SchedAttr{ + Size: unix.SizeofSchedAttr, + Policy: policy, + Flags: flags, + Nice: scheduler.Nice, + Priority: uint32(scheduler.Priority), + Runtime: scheduler.Runtime, + Deadline: scheduler.Deadline, + Period: scheduler.Period, + }, nil } type ( diff --git a/libcontainer/configs/validate/validator.go b/libcontainer/configs/validate/validator.go index 11b80ddaae6..a6736f26584 100644 --- a/libcontainer/configs/validate/validator.go +++ b/libcontainer/configs/validate/validator.go @@ -11,6 +11,7 @@ import ( "github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/intelrdt" + "github.com/opencontainers/runtime-spec/specs-go" selinux "github.com/opencontainers/selinux/go-selinux" "github.com/sirupsen/logrus" "golang.org/x/sys/unix" @@ -30,6 +31,7 @@ func Validate(config *configs.Config) error { intelrdtCheck, rootlessEUIDCheck, mountsStrict, + scheduler, } for _, c := range checks { if err := c(config); err != nil { @@ -353,3 +355,24 @@ func isHostNetNS(path string) (bool, error) { return (st1.Dev == st2.Dev) && (st1.Ino == st2.Ino), nil } + +// scheduler is to validate scheduler configs according to https://man7.org/linux/man-pages/man2/sched_setattr.2.html +func scheduler(config *configs.Config) error { + s := config.Scheduler + if s == nil { + return nil + } + if s.Policy == "" { + return errors.New("scheduler policy is required") + } + if s.Nice < -20 || s.Nice > 19 { + return fmt.Errorf("invalid scheduler.nice: %d", s.Nice) + } + if s.Priority != 0 && (s.Policy != specs.SchedFIFO && s.Policy != specs.SchedRR) { + return errors.New("scheduler.priority can only be specified for SchedFIFO or SchedRR policy") + } + if s.Policy != specs.SchedDeadline && (s.Runtime != 0 || s.Deadline != 0 || s.Period != 0) { + return errors.New("scheduler runtime/deadline/period can only be specified for SchedDeadline policy") + } + return nil +} diff --git a/libcontainer/configs/validate/validator_test.go b/libcontainer/configs/validate/validator_test.go index d2b3c70ad9d..176527ecc60 100644 --- a/libcontainer/configs/validate/validator_test.go +++ b/libcontainer/configs/validate/validator_test.go @@ -616,3 +616,53 @@ func TestValidateIDMapMounts(t *testing.T) { }) } } + +func TestValidateScheduler(t *testing.T) { + testCases := []struct { + isErr bool + policy string + niceValue int32 + priority int32 + runtime uint64 + deadline uint64 + period uint64 + }{ + {isErr: true, niceValue: 0}, + {isErr: false, policy: "SCHED_OTHER", niceValue: 19}, + {isErr: false, policy: "SCHED_OTHER", niceValue: -20}, + {isErr: true, policy: "SCHED_OTHER", niceValue: 20}, + {isErr: true, policy: "SCHED_OTHER", niceValue: -21}, + {isErr: true, policy: "SCHED_OTHER", priority: 100}, + {isErr: false, policy: "SCHED_FIFO", priority: 100}, + {isErr: true, policy: "SCHED_FIFO", runtime: 20}, + {isErr: true, policy: "SCHED_BATCH", deadline: 30}, + {isErr: true, policy: "SCHED_IDLE", period: 40}, + {isErr: true, policy: "SCHED_DEADLINE", priority: 100}, + {isErr: false, policy: "SCHED_DEADLINE", runtime: 200}, + {isErr: false, policy: "SCHED_DEADLINE", deadline: 300}, + {isErr: false, policy: "SCHED_DEADLINE", period: 400}, + } + + for _, tc := range testCases { + scheduler := configs.Scheduler{ + Policy: specs.LinuxSchedulerPolicy(tc.policy), + Nice: tc.niceValue, + Priority: tc.priority, + Runtime: tc.runtime, + Deadline: tc.deadline, + Period: tc.period, + } + config := &configs.Config{ + Rootfs: "/var", + Scheduler: &scheduler, + } + + err := Validate(config) + if tc.isErr && err == nil { + t.Errorf("scheduler: %d, expected error, got nil", tc.niceValue) + } + if !tc.isErr && err != nil { + t.Errorf("scheduler: %d, expected nil, got error %v", tc.niceValue, err) + } + } +} diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go index 0abbccf569f..20587a109bb 100644 --- a/libcontainer/init_linux.go +++ b/libcontainer/init_linux.go @@ -640,6 +640,20 @@ func setupRlimits(limits []configs.Rlimit, pid int) error { return nil } +func setupScheduler(config *configs.Config) error { + attr, err := configs.ToSchedAttr(config.Scheduler) + if err != nil { + return err + } + if err := unix.SchedSetAttr(0, attr, 0); err != nil { + if errors.Is(err, unix.EPERM) && config.Cgroups.CpusetCpus != "" { + return errors.New("process scheduler can't be used together with AllowedCPUs") + } + return fmt.Errorf("error setting scheduler: %w", err) + } + return nil +} + // signalAllProcesses freezes then iterates over all the processes inside the // manager's cgroups sending the signal s to them. func signalAllProcesses(m cgroups.Manager, s unix.Signal) error { diff --git a/libcontainer/process.go b/libcontainer/process.go index d2c7bfcda36..08c2396fe02 100644 --- a/libcontainer/process.go +++ b/libcontainer/process.go @@ -95,6 +95,8 @@ type Process struct { // // For cgroup v2, the only key allowed is "". SubCgroupPaths map[string]string + + Scheduler *configs.Scheduler } // Wait waits for the process to exit. diff --git a/libcontainer/setns_init_linux.go b/libcontainer/setns_init_linux.go index 82bcfec2aa4..f3edb7100c8 100644 --- a/libcontainer/setns_init_linux.go +++ b/libcontainer/setns_init_linux.go @@ -65,6 +65,12 @@ func (l *linuxSetnsInit) Init() error { unix.Umask(int(*l.config.Config.Umask)) } + if l.config.Config.Scheduler != nil { + if err := setupScheduler(l.config.Config); err != nil { + return err + } + } + if err := selinux.SetExecLabel(l.config.ProcessLabel); err != nil { return err } diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go index cc4e3d256ba..c5553832776 100644 --- a/libcontainer/specconv/spec_linux.go +++ b/libcontainer/specconv/spec_linux.go @@ -494,6 +494,10 @@ func CreateLibcontainerConfig(opts *CreateOpts) (*configs.Config, error) { Ambient: spec.Process.Capabilities.Ambient, } } + if spec.Process.Scheduler != nil { + s := *spec.Process.Scheduler + config.Scheduler = &s + } } createHooks(spec, config) config.Version = specs.Version diff --git a/libcontainer/standard_init_linux.go b/libcontainer/standard_init_linux.go index 86750700c60..4fab50c0581 100644 --- a/libcontainer/standard_init_linux.go +++ b/libcontainer/standard_init_linux.go @@ -159,6 +159,13 @@ func (l *linuxStandardInit) Init() error { return &os.SyscallError{Syscall: "prctl(SET_NO_NEW_PRIVS)", Err: err} } } + + if l.config.Config.Scheduler != nil { + if err := setupScheduler(l.config.Config); err != nil { + return err + } + } + // Tell our parent that we're ready to Execv. This must be done before the // Seccomp rules have been applied, because we need to be able to read and // write to a socket. diff --git a/tests/integration/scheduler.bats b/tests/integration/scheduler.bats new file mode 100644 index 00000000000..c07b760d6e5 --- /dev/null +++ b/tests/integration/scheduler.bats @@ -0,0 +1,34 @@ +#!/usr/bin/env bats + +load helpers + +function setup() { + requires root + setup_debian +} + +function teardown() { + teardown_bundle +} + +@test "scheduler is applied" { + update_config ' .process.scheduler = {"policy": "SCHED_DEADLINE", "nice": 19, "priority": 0, "runtime": 42000, "deadline": 1000000, "period": 1000000, }' + + runc run -d --console-socket "$CONSOLE_SOCKET" test_scheduler + [ "$status" -eq 0 ] + + runc exec test_scheduler chrt -p 1 + [ "$status" -eq 0 ] + + [[ "${lines[0]}" == *"scheduling policy: SCHED_DEADLINE" ]] + [[ "${lines[1]}" == *"priority: 0" ]] + [[ "${lines[2]}" == *"runtime/deadline/period parameters: 42000/1000000/1000000" ]] +} + +@test "scheduler vs cpus" { + update_config ' .linux.resources.cpu.cpus = "0" + | .process.scheduler = {"policy": "SCHED_DEADLINE", "nice": 19, "runtime": 42000, "deadline": 1000000, "period": 1000000, }' + + runc run -d --console-socket "$CONSOLE_SOCKET" test_scheduler + [ "$status" -eq 1 ] +} diff --git a/utils_linux.go b/utils_linux.go index 0f787cb3387..b5c855cdbb9 100644 --- a/utils_linux.go +++ b/utils_linux.go @@ -61,6 +61,11 @@ func newProcess(p specs.Process) (*libcontainer.Process, error) { lp.ConsoleHeight = uint16(p.ConsoleSize.Height) } + if p.Scheduler != nil { + s := *p.Scheduler + lp.Scheduler = &s + } + if p.Capabilities != nil { lp.Capabilities = &configs.Capabilities{} lp.Capabilities.Bounding = p.Capabilities.Bounding From 730bc844189c4374152651bc4ee7b427fa081898 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 4 Oct 2023 10:53:23 -0700 Subject: [PATCH 0401/1176] Fix directory perms vs umask for tmpcopyup MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bump fileutils to v0.5.1, which fixes permissions of newly created directories to not depend on the value of umask. Add a test case which fails like this before the fix: mounts.bats ✗ runc run [tmpcopyup] (in test file tests/integration/mounts.bats, line 28) `[[ "${lines[0]}" == *'drwxrwxrwx'* ]]' failed runc spec (status=0): runc run test_busybox (status=0): drwxr-xr-x 2 root root 40 Oct 4 22:35 /dir1/dir2 Fixes 3991. Signed-off-by: Kir Kolyshkin --- go.mod | 2 +- go.sum | 4 ++-- tests/integration/mounts.bats | 18 ++++++++++++++++++ .../github.com/mrunalp/fileutils/fileutils.go | 11 +++++++---- vendor/github.com/mrunalp/fileutils/idtools.go | 3 +++ vendor/modules.txt | 2 +- 6 files changed, 32 insertions(+), 8 deletions(-) diff --git a/go.mod b/go.mod index 235f6b3f4c1..b9e01c16309 100644 --- a/go.mod +++ b/go.mod @@ -12,7 +12,7 @@ require ( github.com/godbus/dbus/v5 v5.1.0 github.com/moby/sys/mountinfo v0.6.2 github.com/moby/sys/user v0.1.0 - github.com/mrunalp/fileutils v0.5.0 + github.com/mrunalp/fileutils v0.5.1 github.com/opencontainers/runtime-spec v1.1.1-0.20230823135140-4fec88fd00a4 github.com/opencontainers/selinux v1.11.0 github.com/seccomp/libseccomp-golang v0.10.0 diff --git a/go.sum b/go.sum index ff43962d6f1..38fef9a3970 100644 --- a/go.sum +++ b/go.sum @@ -30,8 +30,8 @@ github.com/moby/sys/mountinfo v0.6.2 h1:BzJjoreD5BMFNmD9Rus6gdd1pLuecOFPt8wC+Vyg github.com/moby/sys/mountinfo v0.6.2/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI= github.com/moby/sys/user v0.1.0 h1:WmZ93f5Ux6het5iituh9x2zAG7NFY9Aqi49jjE1PaQg= github.com/moby/sys/user v0.1.0/go.mod h1:fKJhFOnsCN6xZ5gSfbM6zaHGgDJMrqt9/reuj4T7MmU= -github.com/mrunalp/fileutils v0.5.0 h1:NKzVxiH7eSk+OQ4M+ZYW1K6h27RUV3MI6NUTsHhU6Z4= -github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ= +github.com/mrunalp/fileutils v0.5.1 h1:F+S7ZlNKnrwHfSwdlgNSkKo67ReVf8o9fel6C3dkm/Q= +github.com/mrunalp/fileutils v0.5.1/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ= github.com/opencontainers/runtime-spec v1.1.1-0.20230823135140-4fec88fd00a4 h1:EctkgBjZ1y4q+sibyuuIgiKpa0QSd2elFtSSdNvBVow= github.com/opencontainers/runtime-spec v1.1.1-0.20230823135140-4fec88fd00a4/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/selinux v1.11.0 h1:+5Zbo97w3Lbmb3PeqQtpmTkMwsW5nRI3YaLpt7tQ7oU= diff --git a/tests/integration/mounts.bats b/tests/integration/mounts.bats index d94b412e9aa..3cd01da840f 100644 --- a/tests/integration/mounts.bats +++ b/tests/integration/mounts.bats @@ -10,6 +10,24 @@ function teardown() { teardown_bundle } +# https://github.com/opencontainers/runc/issues/3991 +@test "runc run [tmpcopyup]" { + mkdir -p rootfs/dir1/dir2 + chmod 777 rootfs/dir1/dir2 + update_config ' .mounts += [{ + source: "tmpfs", + destination: "/dir1", + type: "tmpfs", + options: ["tmpcopyup"] + }] + | .process.args |= ["ls", "-ld", "/dir1/dir2"]' + + umask 022 + runc run test_busybox + [ "$status" -eq 0 ] + [[ "${lines[0]}" == *'drwxrwxrwx'* ]] +} + @test "runc run [bind mount]" { update_config ' .mounts += [{ source: ".", diff --git a/vendor/github.com/mrunalp/fileutils/fileutils.go b/vendor/github.com/mrunalp/fileutils/fileutils.go index 7421e6207f6..81851c81943 100644 --- a/vendor/github.com/mrunalp/fileutils/fileutils.go +++ b/vendor/github.com/mrunalp/fileutils/fileutils.go @@ -125,6 +125,7 @@ func CopyDirectory(source string, dest string) error { if err != nil { return nil } + destPath := filepath.Join(dest, relPath) if info.IsDir() { // Skip the source directory. @@ -138,18 +139,20 @@ func CopyDirectory(source string, dest string) error { uid := int(st.Uid) gid := int(st.Gid) - if err := os.Mkdir(filepath.Join(dest, relPath), info.Mode()); err != nil { + if err := os.Mkdir(destPath, info.Mode()); err != nil { return err } - - if err := os.Lchown(filepath.Join(dest, relPath), uid, gid); err != nil { + if err := os.Lchown(destPath, uid, gid); err != nil { + return err + } + if err := os.Chmod(destPath, info.Mode()); err != nil { return err } } return nil } - return CopyFile(path, filepath.Join(dest, relPath)) + return CopyFile(path, destPath) }) } diff --git a/vendor/github.com/mrunalp/fileutils/idtools.go b/vendor/github.com/mrunalp/fileutils/idtools.go index bad6539df53..0ae2dfb29f4 100644 --- a/vendor/github.com/mrunalp/fileutils/idtools.go +++ b/vendor/github.com/mrunalp/fileutils/idtools.go @@ -49,6 +49,9 @@ func MkdirAllNewAs(path string, mode os.FileMode, ownerUID, ownerGID int) error if err := os.Chown(pathComponent, ownerUID, ownerGID); err != nil { return err } + if err := os.Chmod(pathComponent, mode); err != nil { + return err + } } return nil } diff --git a/vendor/modules.txt b/vendor/modules.txt index cee8a9ba81c..c1d85e8aeb4 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -38,7 +38,7 @@ github.com/moby/sys/mountinfo # github.com/moby/sys/user v0.1.0 ## explicit; go 1.17 github.com/moby/sys/user -# github.com/mrunalp/fileutils v0.5.0 +# github.com/mrunalp/fileutils v0.5.1 ## explicit; go 1.13 github.com/mrunalp/fileutils # github.com/opencontainers/runtime-spec v1.1.1-0.20230823135140-4fec88fd00a4 From 0ab58aa20837b99d8bd70648406bc11840e8503e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 6 Oct 2023 04:21:54 +0000 Subject: [PATCH 0402/1176] build(deps): bump golang.org/x/sys from 0.12.0 to 0.13.0 Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.12.0 to 0.13.0. - [Commits](https://github.com/golang/sys/compare/v0.12.0...v0.13.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 +- .../sys/internal/unsafeheader/unsafeheader.go | 30 -- vendor/golang.org/x/sys/unix/ptrace_darwin.go | 6 - vendor/golang.org/x/sys/unix/ptrace_ios.go | 6 - vendor/golang.org/x/sys/unix/syscall_aix.go | 2 - .../golang.org/x/sys/unix/syscall_darwin.go | 186 ------------- .../x/sys/unix/syscall_darwin_amd64.go | 1 - .../x/sys/unix/syscall_darwin_arm64.go | 1 - .../x/sys/unix/syscall_dragonfly.go | 198 ------------- .../golang.org/x/sys/unix/syscall_freebsd.go | 192 ------------- vendor/golang.org/x/sys/unix/syscall_linux.go | 115 +------- .../golang.org/x/sys/unix/syscall_netbsd.go | 261 ------------------ .../golang.org/x/sys/unix/syscall_openbsd.go | 74 ----- .../golang.org/x/sys/unix/syscall_solaris.go | 18 -- .../x/sys/unix/syscall_zos_s390x.go | 1 - vendor/golang.org/x/sys/unix/zerrors_linux.go | 9 + .../x/sys/unix/zerrors_linux_386.go | 2 + .../x/sys/unix/zerrors_linux_amd64.go | 2 + .../x/sys/unix/zerrors_linux_arm.go | 2 + .../x/sys/unix/zerrors_linux_arm64.go | 2 + .../x/sys/unix/zerrors_linux_loong64.go | 4 + .../x/sys/unix/zerrors_linux_mips.go | 2 + .../x/sys/unix/zerrors_linux_mips64.go | 2 + .../x/sys/unix/zerrors_linux_mips64le.go | 2 + .../x/sys/unix/zerrors_linux_mipsle.go | 2 + .../x/sys/unix/zerrors_linux_ppc.go | 2 + .../x/sys/unix/zerrors_linux_ppc64.go | 2 + .../x/sys/unix/zerrors_linux_ppc64le.go | 2 + .../x/sys/unix/zerrors_linux_riscv64.go | 2 + .../x/sys/unix/zerrors_linux_s390x.go | 2 + .../x/sys/unix/zerrors_linux_sparc64.go | 2 + .../golang.org/x/sys/unix/zsyscall_aix_ppc.go | 22 -- .../x/sys/unix/zsyscall_aix_ppc64.go | 22 -- .../x/sys/unix/zsyscall_darwin_amd64.go | 40 +-- .../x/sys/unix/zsyscall_darwin_amd64.s | 149 ---------- .../x/sys/unix/zsyscall_darwin_arm64.go | 40 +-- .../x/sys/unix/zsyscall_darwin_arm64.s | 149 ---------- .../x/sys/unix/zsyscall_dragonfly_amd64.go | 22 -- .../x/sys/unix/zsyscall_freebsd_386.go | 22 -- .../x/sys/unix/zsyscall_freebsd_amd64.go | 22 -- .../x/sys/unix/zsyscall_freebsd_arm.go | 22 -- .../x/sys/unix/zsyscall_freebsd_arm64.go | 22 -- .../x/sys/unix/zsyscall_freebsd_riscv64.go | 22 -- .../x/sys/unix/zsyscall_illumos_amd64.go | 10 +- .../golang.org/x/sys/unix/zsyscall_linux.go | 22 -- .../x/sys/unix/zsyscall_netbsd_386.go | 22 -- .../x/sys/unix/zsyscall_netbsd_amd64.go | 22 -- .../x/sys/unix/zsyscall_netbsd_arm.go | 22 -- .../x/sys/unix/zsyscall_netbsd_arm64.go | 22 -- .../x/sys/unix/zsyscall_openbsd_386.go | 32 +-- .../x/sys/unix/zsyscall_openbsd_amd64.go | 22 -- .../x/sys/unix/zsyscall_openbsd_arm.go | 32 +-- .../x/sys/unix/zsyscall_openbsd_arm64.go | 32 +-- .../x/sys/unix/zsyscall_openbsd_mips64.go | 32 +-- .../x/sys/unix/zsyscall_openbsd_ppc64.go | 32 +-- .../x/sys/unix/zsyscall_openbsd_riscv64.go | 32 +-- .../x/sys/unix/zsyscall_solaris_amd64.go | 256 ++++++++--------- .../x/sys/unix/zsyscall_zos_s390x.go | 11 - .../x/sys/unix/zsysnum_linux_386.go | 1 + .../x/sys/unix/zsysnum_linux_amd64.go | 1 + .../x/sys/unix/zsysnum_linux_arm.go | 1 + .../x/sys/unix/zsysnum_linux_arm64.go | 1 + .../x/sys/unix/zsysnum_linux_loong64.go | 1 + .../x/sys/unix/zsysnum_linux_mips.go | 1 + .../x/sys/unix/zsysnum_linux_mips64.go | 1 + .../x/sys/unix/zsysnum_linux_mips64le.go | 1 + .../x/sys/unix/zsysnum_linux_mipsle.go | 1 + .../x/sys/unix/zsysnum_linux_ppc.go | 1 + .../x/sys/unix/zsysnum_linux_ppc64.go | 1 + .../x/sys/unix/zsysnum_linux_ppc64le.go | 1 + .../x/sys/unix/zsysnum_linux_riscv64.go | 1 + .../x/sys/unix/zsysnum_linux_s390x.go | 1 + .../x/sys/unix/zsysnum_linux_sparc64.go | 1 + vendor/golang.org/x/sys/unix/ztypes_linux.go | 8 +- .../x/sys/unix/ztypes_linux_riscv64.go | 4 + .../golang.org/x/sys/windows/exec_windows.go | 89 +++++- .../x/sys/windows/security_windows.go | 21 +- .../x/sys/windows/syscall_windows.go | 42 +-- .../golang.org/x/sys/windows/types_windows.go | 7 + .../x/sys/windows/zsyscall_windows.go | 28 +- vendor/modules.txt | 3 +- 82 files changed, 392 insertions(+), 2118 deletions(-) delete mode 100644 vendor/golang.org/x/sys/internal/unsafeheader/unsafeheader.go diff --git a/go.mod b/go.mod index b9e01c16309..c8f56fbef10 100644 --- a/go.mod +++ b/go.mod @@ -21,7 +21,7 @@ require ( github.com/urfave/cli v1.22.12 github.com/vishvananda/netlink v1.1.0 golang.org/x/net v0.15.0 - golang.org/x/sys v0.12.0 + golang.org/x/sys v0.13.0 google.golang.org/protobuf v1.31.0 ) diff --git a/go.sum b/go.sum index 38fef9a3970..234c7a35a99 100644 --- a/go.sum +++ b/go.sum @@ -71,8 +71,8 @@ golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.12.0 h1:CM0HF96J0hcLAwsHPJZjfdNzs0gftsLfgKt57wWHJ0o= -golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE= +golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= diff --git a/vendor/golang.org/x/sys/internal/unsafeheader/unsafeheader.go b/vendor/golang.org/x/sys/internal/unsafeheader/unsafeheader.go deleted file mode 100644 index e07899b909b..00000000000 --- a/vendor/golang.org/x/sys/internal/unsafeheader/unsafeheader.go +++ /dev/null @@ -1,30 +0,0 @@ -// Copyright 2020 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// Package unsafeheader contains header declarations for the Go runtime's -// slice and string implementations. -// -// This package allows x/sys to use types equivalent to -// reflect.SliceHeader and reflect.StringHeader without introducing -// a dependency on the (relatively heavy) "reflect" package. -package unsafeheader - -import ( - "unsafe" -) - -// Slice is the runtime representation of a slice. -// It cannot be used safely or portably and its representation may change in a later release. -type Slice struct { - Data unsafe.Pointer - Len int - Cap int -} - -// String is the runtime representation of a string. -// It cannot be used safely or portably and its representation may change in a later release. -type String struct { - Data unsafe.Pointer - Len int -} diff --git a/vendor/golang.org/x/sys/unix/ptrace_darwin.go b/vendor/golang.org/x/sys/unix/ptrace_darwin.go index 39dba6ca6a3..463c3eff7fd 100644 --- a/vendor/golang.org/x/sys/unix/ptrace_darwin.go +++ b/vendor/golang.org/x/sys/unix/ptrace_darwin.go @@ -7,12 +7,6 @@ package unix -import "unsafe" - func ptrace(request int, pid int, addr uintptr, data uintptr) error { return ptrace1(request, pid, addr, data) } - -func ptracePtr(request int, pid int, addr uintptr, data unsafe.Pointer) error { - return ptrace1Ptr(request, pid, addr, data) -} diff --git a/vendor/golang.org/x/sys/unix/ptrace_ios.go b/vendor/golang.org/x/sys/unix/ptrace_ios.go index 9ea66330a96..ed0509a0117 100644 --- a/vendor/golang.org/x/sys/unix/ptrace_ios.go +++ b/vendor/golang.org/x/sys/unix/ptrace_ios.go @@ -7,12 +7,6 @@ package unix -import "unsafe" - func ptrace(request int, pid int, addr uintptr, data uintptr) (err error) { return ENOTSUP } - -func ptracePtr(request int, pid int, addr uintptr, data unsafe.Pointer) (err error) { - return ENOTSUP -} diff --git a/vendor/golang.org/x/sys/unix/syscall_aix.go b/vendor/golang.org/x/sys/unix/syscall_aix.go index 9a6e5acacbf..e94e6cdac88 100644 --- a/vendor/golang.org/x/sys/unix/syscall_aix.go +++ b/vendor/golang.org/x/sys/unix/syscall_aix.go @@ -487,8 +487,6 @@ func Fsync(fd int) error { //sys Unlinkat(dirfd int, path string, flags int) (err error) //sys Ustat(dev int, ubuf *Ustat_t) (err error) //sys write(fd int, p []byte) (n int, err error) -//sys readlen(fd int, p *byte, np int) (n int, err error) = read -//sys writelen(fd int, p *byte, np int) (n int, err error) = write //sys Dup2(oldfd int, newfd int) (err error) //sys Fadvise(fd int, offset int64, length int64, advice int) (err error) = posix_fadvise64 diff --git a/vendor/golang.org/x/sys/unix/syscall_darwin.go b/vendor/golang.org/x/sys/unix/syscall_darwin.go index 135cc3cd75b..59542a897d2 100644 --- a/vendor/golang.org/x/sys/unix/syscall_darwin.go +++ b/vendor/golang.org/x/sys/unix/syscall_darwin.go @@ -644,189 +644,3 @@ func SysctlKinfoProcSlice(name string, args ...int) ([]KinfoProc, error) { //sys write(fd int, p []byte) (n int, err error) //sys mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error) //sys munmap(addr uintptr, length uintptr) (err error) -//sys readlen(fd int, buf *byte, nbuf int) (n int, err error) = SYS_READ -//sys writelen(fd int, buf *byte, nbuf int) (n int, err error) = SYS_WRITE - -/* - * Unimplemented - */ -// Profil -// Sigaction -// Sigprocmask -// Getlogin -// Sigpending -// Sigaltstack -// Ioctl -// Reboot -// Execve -// Vfork -// Sbrk -// Sstk -// Ovadvise -// Mincore -// Setitimer -// Swapon -// Select -// Sigsuspend -// Readv -// Writev -// Nfssvc -// Getfh -// Quotactl -// Csops -// Waitid -// Add_profil -// Kdebug_trace -// Sigreturn -// Atsocket -// Kqueue_from_portset_np -// Kqueue_portset -// Getattrlist -// Getdirentriesattr -// Searchfs -// Delete -// Copyfile -// Watchevent -// Waitevent -// Modwatch -// Fsctl -// Initgroups -// Posix_spawn -// Nfsclnt -// Fhopen -// Minherit -// Semsys -// Msgsys -// Shmsys -// Semctl -// Semget -// Semop -// Msgctl -// Msgget -// Msgsnd -// Msgrcv -// Shm_open -// Shm_unlink -// Sem_open -// Sem_close -// Sem_unlink -// Sem_wait -// Sem_trywait -// Sem_post -// Sem_getvalue -// Sem_init -// Sem_destroy -// Open_extended -// Umask_extended -// Stat_extended -// Lstat_extended -// Fstat_extended -// Chmod_extended -// Fchmod_extended -// Access_extended -// Settid -// Gettid -// Setsgroups -// Getsgroups -// Setwgroups -// Getwgroups -// Mkfifo_extended -// Mkdir_extended -// Identitysvc -// Shared_region_check_np -// Shared_region_map_np -// __pthread_mutex_destroy -// __pthread_mutex_init -// __pthread_mutex_lock -// __pthread_mutex_trylock -// __pthread_mutex_unlock -// __pthread_cond_init -// __pthread_cond_destroy -// __pthread_cond_broadcast -// __pthread_cond_signal -// Setsid_with_pid -// __pthread_cond_timedwait -// Aio_fsync -// Aio_return -// Aio_suspend -// Aio_cancel -// Aio_error -// Aio_read -// Aio_write -// Lio_listio -// __pthread_cond_wait -// Iopolicysys -// __pthread_kill -// __pthread_sigmask -// __sigwait -// __disable_threadsignal -// __pthread_markcancel -// __pthread_canceled -// __semwait_signal -// Proc_info -// sendfile -// Stat64_extended -// Lstat64_extended -// Fstat64_extended -// __pthread_chdir -// __pthread_fchdir -// Audit -// Auditon -// Getauid -// Setauid -// Getaudit -// Setaudit -// Getaudit_addr -// Setaudit_addr -// Auditctl -// Bsdthread_create -// Bsdthread_terminate -// Stack_snapshot -// Bsdthread_register -// Workq_open -// Workq_ops -// __mac_execve -// __mac_syscall -// __mac_get_file -// __mac_set_file -// __mac_get_link -// __mac_set_link -// __mac_get_proc -// __mac_set_proc -// __mac_get_fd -// __mac_set_fd -// __mac_get_pid -// __mac_get_lcid -// __mac_get_lctx -// __mac_set_lctx -// Setlcid -// Read_nocancel -// Write_nocancel -// Open_nocancel -// Close_nocancel -// Wait4_nocancel -// Recvmsg_nocancel -// Sendmsg_nocancel -// Recvfrom_nocancel -// Accept_nocancel -// Fcntl_nocancel -// Select_nocancel -// Fsync_nocancel -// Connect_nocancel -// Sigsuspend_nocancel -// Readv_nocancel -// Writev_nocancel -// Sendto_nocancel -// Pread_nocancel -// Pwrite_nocancel -// Waitid_nocancel -// Poll_nocancel -// Msgsnd_nocancel -// Msgrcv_nocancel -// Sem_wait_nocancel -// Aio_suspend_nocancel -// __sigwait_nocancel -// __semwait_signal_nocancel -// __mac_mount -// __mac_get_mount -// __mac_getfsstat diff --git a/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go b/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go index 9fa879806bc..b37310ce9b4 100644 --- a/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go +++ b/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go @@ -47,6 +47,5 @@ func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, //sys getfsstat(buf unsafe.Pointer, size uintptr, flags int) (n int, err error) = SYS_GETFSSTAT64 //sys Lstat(path string, stat *Stat_t) (err error) = SYS_LSTAT64 //sys ptrace1(request int, pid int, addr uintptr, data uintptr) (err error) = SYS_ptrace -//sys ptrace1Ptr(request int, pid int, addr unsafe.Pointer, data uintptr) (err error) = SYS_ptrace //sys Stat(path string, stat *Stat_t) (err error) = SYS_STAT64 //sys Statfs(path string, stat *Statfs_t) (err error) = SYS_STATFS64 diff --git a/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go b/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go index f17b8c526a5..d51ec996304 100644 --- a/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go +++ b/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go @@ -47,6 +47,5 @@ func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, //sys getfsstat(buf unsafe.Pointer, size uintptr, flags int) (n int, err error) = SYS_GETFSSTAT //sys Lstat(path string, stat *Stat_t) (err error) //sys ptrace1(request int, pid int, addr uintptr, data uintptr) (err error) = SYS_ptrace -//sys ptrace1Ptr(request int, pid int, addr unsafe.Pointer, data uintptr) (err error) = SYS_ptrace //sys Stat(path string, stat *Stat_t) (err error) //sys Statfs(path string, stat *Statfs_t) (err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_dragonfly.go b/vendor/golang.org/x/sys/unix/syscall_dragonfly.go index d4ce988e72f..97cb916f2c9 100644 --- a/vendor/golang.org/x/sys/unix/syscall_dragonfly.go +++ b/vendor/golang.org/x/sys/unix/syscall_dragonfly.go @@ -343,203 +343,5 @@ func Sendfile(outfd int, infd int, offset *int64, count int) (written int, err e //sys write(fd int, p []byte) (n int, err error) //sys mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error) //sys munmap(addr uintptr, length uintptr) (err error) -//sys readlen(fd int, buf *byte, nbuf int) (n int, err error) = SYS_READ -//sys writelen(fd int, buf *byte, nbuf int) (n int, err error) = SYS_WRITE //sys accept4(fd int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (nfd int, err error) //sys utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) - -/* - * Unimplemented - * TODO(jsing): Update this list for DragonFly. - */ -// Profil -// Sigaction -// Sigprocmask -// Getlogin -// Sigpending -// Sigaltstack -// Reboot -// Execve -// Vfork -// Sbrk -// Sstk -// Ovadvise -// Mincore -// Setitimer -// Swapon -// Select -// Sigsuspend -// Readv -// Writev -// Nfssvc -// Getfh -// Quotactl -// Mount -// Csops -// Waitid -// Add_profil -// Kdebug_trace -// Sigreturn -// Atsocket -// Kqueue_from_portset_np -// Kqueue_portset -// Getattrlist -// Setattrlist -// Getdirentriesattr -// Searchfs -// Delete -// Copyfile -// Watchevent -// Waitevent -// Modwatch -// Getxattr -// Fgetxattr -// Setxattr -// Fsetxattr -// Removexattr -// Fremovexattr -// Listxattr -// Flistxattr -// Fsctl -// Initgroups -// Posix_spawn -// Nfsclnt -// Fhopen -// Minherit -// Semsys -// Msgsys -// Shmsys -// Semctl -// Semget -// Semop -// Msgctl -// Msgget -// Msgsnd -// Msgrcv -// Shmat -// Shmctl -// Shmdt -// Shmget -// Shm_open -// Shm_unlink -// Sem_open -// Sem_close -// Sem_unlink -// Sem_wait -// Sem_trywait -// Sem_post -// Sem_getvalue -// Sem_init -// Sem_destroy -// Open_extended -// Umask_extended -// Stat_extended -// Lstat_extended -// Fstat_extended -// Chmod_extended -// Fchmod_extended -// Access_extended -// Settid -// Gettid -// Setsgroups -// Getsgroups -// Setwgroups -// Getwgroups -// Mkfifo_extended -// Mkdir_extended -// Identitysvc -// Shared_region_check_np -// Shared_region_map_np -// __pthread_mutex_destroy -// __pthread_mutex_init -// __pthread_mutex_lock -// __pthread_mutex_trylock -// __pthread_mutex_unlock -// __pthread_cond_init -// __pthread_cond_destroy -// __pthread_cond_broadcast -// __pthread_cond_signal -// Setsid_with_pid -// __pthread_cond_timedwait -// Aio_fsync -// Aio_return -// Aio_suspend -// Aio_cancel -// Aio_error -// Aio_read -// Aio_write -// Lio_listio -// __pthread_cond_wait -// Iopolicysys -// __pthread_kill -// __pthread_sigmask -// __sigwait -// __disable_threadsignal -// __pthread_markcancel -// __pthread_canceled -// __semwait_signal -// Proc_info -// Stat64_extended -// Lstat64_extended -// Fstat64_extended -// __pthread_chdir -// __pthread_fchdir -// Audit -// Auditon -// Getauid -// Setauid -// Getaudit -// Setaudit -// Getaudit_addr -// Setaudit_addr -// Auditctl -// Bsdthread_create -// Bsdthread_terminate -// Stack_snapshot -// Bsdthread_register -// Workq_open -// Workq_ops -// __mac_execve -// __mac_syscall -// __mac_get_file -// __mac_set_file -// __mac_get_link -// __mac_set_link -// __mac_get_proc -// __mac_set_proc -// __mac_get_fd -// __mac_set_fd -// __mac_get_pid -// __mac_get_lcid -// __mac_get_lctx -// __mac_set_lctx -// Setlcid -// Read_nocancel -// Write_nocancel -// Open_nocancel -// Close_nocancel -// Wait4_nocancel -// Recvmsg_nocancel -// Sendmsg_nocancel -// Recvfrom_nocancel -// Accept_nocancel -// Fcntl_nocancel -// Select_nocancel -// Fsync_nocancel -// Connect_nocancel -// Sigsuspend_nocancel -// Readv_nocancel -// Writev_nocancel -// Sendto_nocancel -// Pread_nocancel -// Pwrite_nocancel -// Waitid_nocancel -// Msgsnd_nocancel -// Msgrcv_nocancel -// Sem_wait_nocancel -// Aio_suspend_nocancel -// __sigwait_nocancel -// __semwait_signal_nocancel -// __mac_mount -// __mac_get_mount -// __mac_getfsstat diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd.go b/vendor/golang.org/x/sys/unix/syscall_freebsd.go index afb10106f6e..64d1bb4dba5 100644 --- a/vendor/golang.org/x/sys/unix/syscall_freebsd.go +++ b/vendor/golang.org/x/sys/unix/syscall_freebsd.go @@ -449,197 +449,5 @@ func Dup3(oldfd, newfd, flags int) error { //sys write(fd int, p []byte) (n int, err error) //sys mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error) //sys munmap(addr uintptr, length uintptr) (err error) -//sys readlen(fd int, buf *byte, nbuf int) (n int, err error) = SYS_READ -//sys writelen(fd int, buf *byte, nbuf int) (n int, err error) = SYS_WRITE //sys accept4(fd int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (nfd int, err error) //sys utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) - -/* - * Unimplemented - */ -// Profil -// Sigaction -// Sigprocmask -// Getlogin -// Sigpending -// Sigaltstack -// Ioctl -// Reboot -// Execve -// Vfork -// Sbrk -// Sstk -// Ovadvise -// Mincore -// Setitimer -// Swapon -// Select -// Sigsuspend -// Readv -// Writev -// Nfssvc -// Getfh -// Quotactl -// Mount -// Csops -// Waitid -// Add_profil -// Kdebug_trace -// Sigreturn -// Atsocket -// Kqueue_from_portset_np -// Kqueue_portset -// Getattrlist -// Setattrlist -// Getdents -// Getdirentriesattr -// Searchfs -// Delete -// Copyfile -// Watchevent -// Waitevent -// Modwatch -// Fsctl -// Initgroups -// Posix_spawn -// Nfsclnt -// Fhopen -// Minherit -// Semsys -// Msgsys -// Shmsys -// Semctl -// Semget -// Semop -// Msgctl -// Msgget -// Msgsnd -// Msgrcv -// Shmat -// Shmctl -// Shmdt -// Shmget -// Shm_open -// Shm_unlink -// Sem_open -// Sem_close -// Sem_unlink -// Sem_wait -// Sem_trywait -// Sem_post -// Sem_getvalue -// Sem_init -// Sem_destroy -// Open_extended -// Umask_extended -// Stat_extended -// Lstat_extended -// Fstat_extended -// Chmod_extended -// Fchmod_extended -// Access_extended -// Settid -// Gettid -// Setsgroups -// Getsgroups -// Setwgroups -// Getwgroups -// Mkfifo_extended -// Mkdir_extended -// Identitysvc -// Shared_region_check_np -// Shared_region_map_np -// __pthread_mutex_destroy -// __pthread_mutex_init -// __pthread_mutex_lock -// __pthread_mutex_trylock -// __pthread_mutex_unlock -// __pthread_cond_init -// __pthread_cond_destroy -// __pthread_cond_broadcast -// __pthread_cond_signal -// Setsid_with_pid -// __pthread_cond_timedwait -// Aio_fsync -// Aio_return -// Aio_suspend -// Aio_cancel -// Aio_error -// Aio_read -// Aio_write -// Lio_listio -// __pthread_cond_wait -// Iopolicysys -// __pthread_kill -// __pthread_sigmask -// __sigwait -// __disable_threadsignal -// __pthread_markcancel -// __pthread_canceled -// __semwait_signal -// Proc_info -// Stat64_extended -// Lstat64_extended -// Fstat64_extended -// __pthread_chdir -// __pthread_fchdir -// Audit -// Auditon -// Getauid -// Setauid -// Getaudit -// Setaudit -// Getaudit_addr -// Setaudit_addr -// Auditctl -// Bsdthread_create -// Bsdthread_terminate -// Stack_snapshot -// Bsdthread_register -// Workq_open -// Workq_ops -// __mac_execve -// __mac_syscall -// __mac_get_file -// __mac_set_file -// __mac_get_link -// __mac_set_link -// __mac_get_proc -// __mac_set_proc -// __mac_get_fd -// __mac_set_fd -// __mac_get_pid -// __mac_get_lcid -// __mac_get_lctx -// __mac_set_lctx -// Setlcid -// Read_nocancel -// Write_nocancel -// Open_nocancel -// Close_nocancel -// Wait4_nocancel -// Recvmsg_nocancel -// Sendmsg_nocancel -// Recvfrom_nocancel -// Accept_nocancel -// Fcntl_nocancel -// Select_nocancel -// Fsync_nocancel -// Connect_nocancel -// Sigsuspend_nocancel -// Readv_nocancel -// Writev_nocancel -// Sendto_nocancel -// Pread_nocancel -// Pwrite_nocancel -// Waitid_nocancel -// Poll_nocancel -// Msgsnd_nocancel -// Msgrcv_nocancel -// Sem_wait_nocancel -// Aio_suspend_nocancel -// __sigwait_nocancel -// __semwait_signal_nocancel -// __mac_mount -// __mac_get_mount -// __mac_getfsstat diff --git a/vendor/golang.org/x/sys/unix/syscall_linux.go b/vendor/golang.org/x/sys/unix/syscall_linux.go index 0ba030197f2..fb4e50224c9 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux.go @@ -693,10 +693,10 @@ type SockaddrALG struct { func (sa *SockaddrALG) sockaddr() (unsafe.Pointer, _Socklen, error) { // Leave room for NUL byte terminator. - if len(sa.Type) > 13 { + if len(sa.Type) > len(sa.raw.Type)-1 { return nil, 0, EINVAL } - if len(sa.Name) > 63 { + if len(sa.Name) > len(sa.raw.Name)-1 { return nil, 0, EINVAL } @@ -704,17 +704,8 @@ func (sa *SockaddrALG) sockaddr() (unsafe.Pointer, _Socklen, error) { sa.raw.Feat = sa.Feature sa.raw.Mask = sa.Mask - typ, err := ByteSliceFromString(sa.Type) - if err != nil { - return nil, 0, err - } - name, err := ByteSliceFromString(sa.Name) - if err != nil { - return nil, 0, err - } - - copy(sa.raw.Type[:], typ) - copy(sa.raw.Name[:], name) + copy(sa.raw.Type[:], sa.Type) + copy(sa.raw.Name[:], sa.Name) return unsafe.Pointer(&sa.raw), SizeofSockaddrALG, nil } @@ -1988,8 +1979,6 @@ func Signalfd(fd int, sigmask *Sigset_t, flags int) (newfd int, err error) { //sys Unshare(flags int) (err error) //sys write(fd int, p []byte) (n int, err error) //sys exitThread(code int) (err error) = SYS_EXIT -//sys readlen(fd int, p *byte, np int) (n int, err error) = SYS_READ -//sys writelen(fd int, p *byte, np int) (n int, err error) = SYS_WRITE //sys readv(fd int, iovs []Iovec) (n int, err error) = SYS_READV //sys writev(fd int, iovs []Iovec) (n int, err error) = SYS_WRITEV //sys preadv(fd int, iovs []Iovec, offs_l uintptr, offs_h uintptr) (n int, err error) = SYS_PREADV @@ -2493,99 +2482,3 @@ func SchedGetAttr(pid int, flags uint) (*SchedAttr, error) { } return attr, nil } - -/* - * Unimplemented - */ -// AfsSyscall -// ArchPrctl -// Brk -// ClockNanosleep -// ClockSettime -// Clone -// EpollCtlOld -// EpollPwait -// EpollWaitOld -// Execve -// Fork -// Futex -// GetKernelSyms -// GetMempolicy -// GetRobustList -// GetThreadArea -// Getpmsg -// IoCancel -// IoDestroy -// IoGetevents -// IoSetup -// IoSubmit -// IoprioGet -// IoprioSet -// KexecLoad -// LookupDcookie -// Mbind -// MigratePages -// Mincore -// ModifyLdt -// Mount -// MovePages -// MqGetsetattr -// MqNotify -// MqOpen -// MqTimedreceive -// MqTimedsend -// MqUnlink -// Msgctl -// Msgget -// Msgrcv -// Msgsnd -// Nfsservctl -// Personality -// Pselect6 -// Ptrace -// Putpmsg -// Quotactl -// Readahead -// Readv -// RemapFilePages -// RestartSyscall -// RtSigaction -// RtSigpending -// RtSigqueueinfo -// RtSigreturn -// RtSigsuspend -// RtSigtimedwait -// SchedGetPriorityMax -// SchedGetPriorityMin -// SchedGetparam -// SchedGetscheduler -// SchedRrGetInterval -// SchedSetparam -// SchedYield -// Security -// Semctl -// Semget -// Semop -// Semtimedop -// SetMempolicy -// SetRobustList -// SetThreadArea -// SetTidAddress -// Sigaltstack -// Swapoff -// Swapon -// Sysfs -// TimerCreate -// TimerDelete -// TimerGetoverrun -// TimerGettime -// TimerSettime -// Tkill (obsolete) -// Tuxcall -// Umount2 -// Uselib -// Utimensat -// Vfork -// Vhangup -// Vserver -// _Sysctl diff --git a/vendor/golang.org/x/sys/unix/syscall_netbsd.go b/vendor/golang.org/x/sys/unix/syscall_netbsd.go index ddd1ac85341..88162099af5 100644 --- a/vendor/golang.org/x/sys/unix/syscall_netbsd.go +++ b/vendor/golang.org/x/sys/unix/syscall_netbsd.go @@ -356,8 +356,6 @@ func Statvfs(path string, buf *Statvfs_t) (err error) { //sys write(fd int, p []byte) (n int, err error) //sys mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error) //sys munmap(addr uintptr, length uintptr) (err error) -//sys readlen(fd int, buf *byte, nbuf int) (n int, err error) = SYS_READ -//sys writelen(fd int, buf *byte, nbuf int) (n int, err error) = SYS_WRITE //sys utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) const ( @@ -371,262 +369,3 @@ const ( func mremap(oldaddr uintptr, oldlength uintptr, newlength uintptr, flags int, newaddr uintptr) (uintptr, error) { return mremapNetBSD(oldaddr, oldlength, newaddr, newlength, flags) } - -/* - * Unimplemented - */ -// ____semctl13 -// __clone -// __fhopen40 -// __fhstat40 -// __fhstatvfs140 -// __fstat30 -// __getcwd -// __getfh30 -// __getlogin -// __lstat30 -// __mount50 -// __msgctl13 -// __msync13 -// __ntp_gettime30 -// __posix_chown -// __posix_fchown -// __posix_lchown -// __posix_rename -// __setlogin -// __shmctl13 -// __sigaction_sigtramp -// __sigaltstack14 -// __sigpending14 -// __sigprocmask14 -// __sigsuspend14 -// __sigtimedwait -// __stat30 -// __syscall -// __vfork14 -// _ksem_close -// _ksem_destroy -// _ksem_getvalue -// _ksem_init -// _ksem_open -// _ksem_post -// _ksem_trywait -// _ksem_unlink -// _ksem_wait -// _lwp_continue -// _lwp_create -// _lwp_ctl -// _lwp_detach -// _lwp_exit -// _lwp_getname -// _lwp_getprivate -// _lwp_kill -// _lwp_park -// _lwp_self -// _lwp_setname -// _lwp_setprivate -// _lwp_suspend -// _lwp_unpark -// _lwp_unpark_all -// _lwp_wait -// _lwp_wakeup -// _pset_bind -// _sched_getaffinity -// _sched_getparam -// _sched_setaffinity -// _sched_setparam -// acct -// aio_cancel -// aio_error -// aio_fsync -// aio_read -// aio_return -// aio_suspend -// aio_write -// break -// clock_getres -// clock_gettime -// clock_settime -// compat_09_ogetdomainname -// compat_09_osetdomainname -// compat_09_ouname -// compat_10_omsgsys -// compat_10_osemsys -// compat_10_oshmsys -// compat_12_fstat12 -// compat_12_getdirentries -// compat_12_lstat12 -// compat_12_msync -// compat_12_oreboot -// compat_12_oswapon -// compat_12_stat12 -// compat_13_sigaction13 -// compat_13_sigaltstack13 -// compat_13_sigpending13 -// compat_13_sigprocmask13 -// compat_13_sigreturn13 -// compat_13_sigsuspend13 -// compat_14___semctl -// compat_14_msgctl -// compat_14_shmctl -// compat_16___sigaction14 -// compat_16___sigreturn14 -// compat_20_fhstatfs -// compat_20_fstatfs -// compat_20_getfsstat -// compat_20_statfs -// compat_30___fhstat30 -// compat_30___fstat13 -// compat_30___lstat13 -// compat_30___stat13 -// compat_30_fhopen -// compat_30_fhstat -// compat_30_fhstatvfs1 -// compat_30_getdents -// compat_30_getfh -// compat_30_ntp_gettime -// compat_30_socket -// compat_40_mount -// compat_43_fstat43 -// compat_43_lstat43 -// compat_43_oaccept -// compat_43_ocreat -// compat_43_oftruncate -// compat_43_ogetdirentries -// compat_43_ogetdtablesize -// compat_43_ogethostid -// compat_43_ogethostname -// compat_43_ogetkerninfo -// compat_43_ogetpagesize -// compat_43_ogetpeername -// compat_43_ogetrlimit -// compat_43_ogetsockname -// compat_43_okillpg -// compat_43_olseek -// compat_43_ommap -// compat_43_oquota -// compat_43_orecv -// compat_43_orecvfrom -// compat_43_orecvmsg -// compat_43_osend -// compat_43_osendmsg -// compat_43_osethostid -// compat_43_osethostname -// compat_43_osigblock -// compat_43_osigsetmask -// compat_43_osigstack -// compat_43_osigvec -// compat_43_otruncate -// compat_43_owait -// compat_43_stat43 -// execve -// extattr_delete_fd -// extattr_delete_file -// extattr_delete_link -// extattr_get_fd -// extattr_get_file -// extattr_get_link -// extattr_list_fd -// extattr_list_file -// extattr_list_link -// extattr_set_fd -// extattr_set_file -// extattr_set_link -// extattrctl -// fchroot -// fdatasync -// fgetxattr -// fktrace -// flistxattr -// fork -// fremovexattr -// fsetxattr -// fstatvfs1 -// fsync_range -// getcontext -// getitimer -// getvfsstat -// getxattr -// ktrace -// lchflags -// lchmod -// lfs_bmapv -// lfs_markv -// lfs_segclean -// lfs_segwait -// lgetxattr -// lio_listio -// listxattr -// llistxattr -// lremovexattr -// lseek -// lsetxattr -// lutimes -// madvise -// mincore -// minherit -// modctl -// mq_close -// mq_getattr -// mq_notify -// mq_open -// mq_receive -// mq_send -// mq_setattr -// mq_timedreceive -// mq_timedsend -// mq_unlink -// msgget -// msgrcv -// msgsnd -// nfssvc -// ntp_adjtime -// pmc_control -// pmc_get_info -// pollts -// preadv -// profil -// pselect -// pset_assign -// pset_create -// pset_destroy -// ptrace -// pwritev -// quotactl -// rasctl -// readv -// reboot -// removexattr -// sa_enable -// sa_preempt -// sa_register -// sa_setconcurrency -// sa_stacks -// sa_yield -// sbrk -// sched_yield -// semconfig -// semget -// semop -// setcontext -// setitimer -// setxattr -// shmat -// shmdt -// shmget -// sstk -// statvfs1 -// swapctl -// sysarch -// syscall -// timer_create -// timer_delete -// timer_getoverrun -// timer_gettime -// timer_settime -// undelete -// utrace -// uuidgen -// vadvise -// vfork -// writev diff --git a/vendor/golang.org/x/sys/unix/syscall_openbsd.go b/vendor/golang.org/x/sys/unix/syscall_openbsd.go index c5f166a1152..6f34479b597 100644 --- a/vendor/golang.org/x/sys/unix/syscall_openbsd.go +++ b/vendor/golang.org/x/sys/unix/syscall_openbsd.go @@ -326,78 +326,4 @@ func Uname(uname *Utsname) error { //sys write(fd int, p []byte) (n int, err error) //sys mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error) //sys munmap(addr uintptr, length uintptr) (err error) -//sys readlen(fd int, buf *byte, nbuf int) (n int, err error) = SYS_READ -//sys writelen(fd int, buf *byte, nbuf int) (n int, err error) = SYS_WRITE //sys utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) - -/* - * Unimplemented - */ -// __getcwd -// __semctl -// __syscall -// __sysctl -// adjfreq -// break -// clock_getres -// clock_gettime -// clock_settime -// closefrom -// execve -// fhopen -// fhstat -// fhstatfs -// fork -// futimens -// getfh -// getgid -// getitimer -// getlogin -// getthrid -// ktrace -// lfs_bmapv -// lfs_markv -// lfs_segclean -// lfs_segwait -// mincore -// minherit -// mount -// mquery -// msgctl -// msgget -// msgrcv -// msgsnd -// nfssvc -// nnpfspioctl -// preadv -// profil -// pwritev -// quotactl -// readv -// reboot -// renameat -// rfork -// sched_yield -// semget -// semop -// setgroups -// setitimer -// setsockopt -// shmat -// shmctl -// shmdt -// shmget -// sigaction -// sigaltstack -// sigpending -// sigprocmask -// sigreturn -// sigsuspend -// sysarch -// syscall -// threxit -// thrsigdivert -// thrsleep -// thrwakeup -// vfork -// writev diff --git a/vendor/golang.org/x/sys/unix/syscall_solaris.go b/vendor/golang.org/x/sys/unix/syscall_solaris.go index 72d23575fa4..b99cfa1342f 100644 --- a/vendor/golang.org/x/sys/unix/syscall_solaris.go +++ b/vendor/golang.org/x/sys/unix/syscall_solaris.go @@ -698,24 +698,6 @@ func Sendfile(outfd int, infd int, offset *int64, count int) (written int, err e //sys setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) = libsocket.setsockopt //sys recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) = libsocket.recvfrom -func readlen(fd int, buf *byte, nbuf int) (n int, err error) { - r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procread)), 3, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf), 0, 0, 0) - n = int(r0) - if e1 != 0 { - err = e1 - } - return -} - -func writelen(fd int, buf *byte, nbuf int) (n int, err error) { - r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procwrite)), 3, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf), 0, 0, 0) - n = int(r0) - if e1 != 0 { - err = e1 - } - return -} - // Event Ports type fileObjCookie struct { diff --git a/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go b/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go index 44e72edb42d..4596d041ce3 100644 --- a/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go +++ b/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go @@ -192,7 +192,6 @@ func (cmsg *Cmsghdr) SetLen(length int) { //sys fcntl(fd int, cmd int, arg int) (val int, err error) //sys read(fd int, p []byte) (n int, err error) -//sys readlen(fd int, buf *byte, nbuf int) (n int, err error) = SYS_READ //sys write(fd int, p []byte) (n int, err error) //sys accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) = SYS___ACCEPT_A diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux.go b/vendor/golang.org/x/sys/unix/zerrors_linux.go index 0787a043be1..f9c7f479b03 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux.go @@ -2421,6 +2421,15 @@ const ( PR_PAC_GET_ENABLED_KEYS = 0x3d PR_PAC_RESET_KEYS = 0x36 PR_PAC_SET_ENABLED_KEYS = 0x3c + PR_RISCV_V_GET_CONTROL = 0x46 + PR_RISCV_V_SET_CONTROL = 0x45 + PR_RISCV_V_VSTATE_CTRL_CUR_MASK = 0x3 + PR_RISCV_V_VSTATE_CTRL_DEFAULT = 0x0 + PR_RISCV_V_VSTATE_CTRL_INHERIT = 0x10 + PR_RISCV_V_VSTATE_CTRL_MASK = 0x1f + PR_RISCV_V_VSTATE_CTRL_NEXT_MASK = 0xc + PR_RISCV_V_VSTATE_CTRL_OFF = 0x1 + PR_RISCV_V_VSTATE_CTRL_ON = 0x2 PR_SCHED_CORE = 0x3e PR_SCHED_CORE_CREATE = 0x1 PR_SCHED_CORE_GET = 0x0 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go index cfb14300186..30aee00a537 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go @@ -326,10 +326,12 @@ const ( SO_NOFCS = 0x2b SO_OOBINLINE = 0xa SO_PASSCRED = 0x10 + SO_PASSPIDFD = 0x4c SO_PASSSEC = 0x22 SO_PEEK_OFF = 0x2a SO_PEERCRED = 0x11 SO_PEERGROUPS = 0x3b + SO_PEERPIDFD = 0x4d SO_PEERSEC = 0x1f SO_PREFER_BUSY_POLL = 0x45 SO_PROTOCOL = 0x26 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go index df64f2d590a..8ebfa512785 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go @@ -327,10 +327,12 @@ const ( SO_NOFCS = 0x2b SO_OOBINLINE = 0xa SO_PASSCRED = 0x10 + SO_PASSPIDFD = 0x4c SO_PASSSEC = 0x22 SO_PEEK_OFF = 0x2a SO_PEERCRED = 0x11 SO_PEERGROUPS = 0x3b + SO_PEERPIDFD = 0x4d SO_PEERSEC = 0x1f SO_PREFER_BUSY_POLL = 0x45 SO_PROTOCOL = 0x26 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go index 3025cd5b2d9..271a21cdc7e 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go @@ -333,10 +333,12 @@ const ( SO_NOFCS = 0x2b SO_OOBINLINE = 0xa SO_PASSCRED = 0x10 + SO_PASSPIDFD = 0x4c SO_PASSSEC = 0x22 SO_PEEK_OFF = 0x2a SO_PEERCRED = 0x11 SO_PEERGROUPS = 0x3b + SO_PEERPIDFD = 0x4d SO_PEERSEC = 0x1f SO_PREFER_BUSY_POLL = 0x45 SO_PROTOCOL = 0x26 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go index 09e1ffbef90..910c330a39c 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go @@ -323,10 +323,12 @@ const ( SO_NOFCS = 0x2b SO_OOBINLINE = 0xa SO_PASSCRED = 0x10 + SO_PASSPIDFD = 0x4c SO_PASSSEC = 0x22 SO_PEEK_OFF = 0x2a SO_PEERCRED = 0x11 SO_PEERGROUPS = 0x3b + SO_PEERPIDFD = 0x4d SO_PEERSEC = 0x1f SO_PREFER_BUSY_POLL = 0x45 SO_PROTOCOL = 0x26 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go index a4572354079..a640798c933 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go @@ -118,6 +118,8 @@ const ( IUCLC = 0x200 IXOFF = 0x1000 IXON = 0x400 + LASX_CTX_MAGIC = 0x41535801 + LSX_CTX_MAGIC = 0x53580001 MAP_ANON = 0x20 MAP_ANONYMOUS = 0x20 MAP_DENYWRITE = 0x800 @@ -317,10 +319,12 @@ const ( SO_NOFCS = 0x2b SO_OOBINLINE = 0xa SO_PASSCRED = 0x10 + SO_PASSPIDFD = 0x4c SO_PASSSEC = 0x22 SO_PEEK_OFF = 0x2a SO_PEERCRED = 0x11 SO_PEERGROUPS = 0x3b + SO_PEERPIDFD = 0x4d SO_PEERSEC = 0x1f SO_PREFER_BUSY_POLL = 0x45 SO_PROTOCOL = 0x26 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go index fee7dfb819d..0d5925d3407 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go @@ -326,10 +326,12 @@ const ( SO_NOFCS = 0x2b SO_OOBINLINE = 0x100 SO_PASSCRED = 0x11 + SO_PASSPIDFD = 0x4c SO_PASSSEC = 0x22 SO_PEEK_OFF = 0x2a SO_PEERCRED = 0x12 SO_PEERGROUPS = 0x3b + SO_PEERPIDFD = 0x4d SO_PEERSEC = 0x1e SO_PREFER_BUSY_POLL = 0x45 SO_PROTOCOL = 0x1028 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go index a5b2373aea0..d72a00e0b63 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go @@ -326,10 +326,12 @@ const ( SO_NOFCS = 0x2b SO_OOBINLINE = 0x100 SO_PASSCRED = 0x11 + SO_PASSPIDFD = 0x4c SO_PASSSEC = 0x22 SO_PEEK_OFF = 0x2a SO_PEERCRED = 0x12 SO_PEERGROUPS = 0x3b + SO_PEERPIDFD = 0x4d SO_PEERSEC = 0x1e SO_PREFER_BUSY_POLL = 0x45 SO_PROTOCOL = 0x1028 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go index 5dde82c98ab..02ba129f857 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go @@ -326,10 +326,12 @@ const ( SO_NOFCS = 0x2b SO_OOBINLINE = 0x100 SO_PASSCRED = 0x11 + SO_PASSPIDFD = 0x4c SO_PASSSEC = 0x22 SO_PEEK_OFF = 0x2a SO_PEERCRED = 0x12 SO_PEERGROUPS = 0x3b + SO_PEERPIDFD = 0x4d SO_PEERSEC = 0x1e SO_PREFER_BUSY_POLL = 0x45 SO_PROTOCOL = 0x1028 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go index 2e80ea6b33f..8daa6dd9688 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go @@ -326,10 +326,12 @@ const ( SO_NOFCS = 0x2b SO_OOBINLINE = 0x100 SO_PASSCRED = 0x11 + SO_PASSPIDFD = 0x4c SO_PASSSEC = 0x22 SO_PEEK_OFF = 0x2a SO_PEERCRED = 0x12 SO_PEERGROUPS = 0x3b + SO_PEERPIDFD = 0x4d SO_PEERSEC = 0x1e SO_PREFER_BUSY_POLL = 0x45 SO_PROTOCOL = 0x1028 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go index a65dcd7cbe3..63c8fa2f7f0 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go @@ -381,10 +381,12 @@ const ( SO_NOFCS = 0x2b SO_OOBINLINE = 0xa SO_PASSCRED = 0x14 + SO_PASSPIDFD = 0x4c SO_PASSSEC = 0x22 SO_PEEK_OFF = 0x2a SO_PEERCRED = 0x15 SO_PEERGROUPS = 0x3b + SO_PEERPIDFD = 0x4d SO_PEERSEC = 0x1f SO_PREFER_BUSY_POLL = 0x45 SO_PROTOCOL = 0x26 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go index cbd34e3d89a..930799ec1b3 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go @@ -385,10 +385,12 @@ const ( SO_NOFCS = 0x2b SO_OOBINLINE = 0xa SO_PASSCRED = 0x14 + SO_PASSPIDFD = 0x4c SO_PASSSEC = 0x22 SO_PEEK_OFF = 0x2a SO_PEERCRED = 0x15 SO_PEERGROUPS = 0x3b + SO_PEERPIDFD = 0x4d SO_PEERSEC = 0x1f SO_PREFER_BUSY_POLL = 0x45 SO_PROTOCOL = 0x26 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go index e4afa7a3178..8605a7dd7ef 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go @@ -385,10 +385,12 @@ const ( SO_NOFCS = 0x2b SO_OOBINLINE = 0xa SO_PASSCRED = 0x14 + SO_PASSPIDFD = 0x4c SO_PASSSEC = 0x22 SO_PEEK_OFF = 0x2a SO_PEERCRED = 0x15 SO_PEERGROUPS = 0x3b + SO_PEERPIDFD = 0x4d SO_PEERSEC = 0x1f SO_PREFER_BUSY_POLL = 0x45 SO_PROTOCOL = 0x26 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go index 44f45a039d9..95a016f1c01 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go @@ -314,10 +314,12 @@ const ( SO_NOFCS = 0x2b SO_OOBINLINE = 0xa SO_PASSCRED = 0x10 + SO_PASSPIDFD = 0x4c SO_PASSSEC = 0x22 SO_PEEK_OFF = 0x2a SO_PEERCRED = 0x11 SO_PEERGROUPS = 0x3b + SO_PEERPIDFD = 0x4d SO_PEERSEC = 0x1f SO_PREFER_BUSY_POLL = 0x45 SO_PROTOCOL = 0x26 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go index 74733e260f7..1ae0108f576 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go @@ -389,10 +389,12 @@ const ( SO_NOFCS = 0x2b SO_OOBINLINE = 0xa SO_PASSCRED = 0x10 + SO_PASSPIDFD = 0x4c SO_PASSSEC = 0x22 SO_PEEK_OFF = 0x2a SO_PEERCRED = 0x11 SO_PEERGROUPS = 0x3b + SO_PEERPIDFD = 0x4d SO_PEERSEC = 0x1f SO_PREFER_BUSY_POLL = 0x45 SO_PROTOCOL = 0x26 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go index f5f3934b1a9..1bb7c6333b4 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go @@ -428,10 +428,12 @@ const ( SO_NOFCS = 0x27 SO_OOBINLINE = 0x100 SO_PASSCRED = 0x2 + SO_PASSPIDFD = 0x55 SO_PASSSEC = 0x1f SO_PEEK_OFF = 0x26 SO_PEERCRED = 0x40 SO_PEERGROUPS = 0x3d + SO_PEERPIDFD = 0x56 SO_PEERSEC = 0x1e SO_PREFER_BUSY_POLL = 0x48 SO_PROTOCOL = 0x1028 diff --git a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go index 9a257219d70..d1d1d23311d 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go @@ -817,28 +817,6 @@ func write(fd int, p []byte) (n int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func readlen(fd int, p *byte, np int) (n int, err error) { - r0, er := C.read(C.int(fd), C.uintptr_t(uintptr(unsafe.Pointer(p))), C.size_t(np)) - n = int(r0) - if r0 == -1 && er != nil { - err = er - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func writelen(fd int, p *byte, np int) (n int, err error) { - r0, er := C.write(C.int(fd), C.uintptr_t(uintptr(unsafe.Pointer(p))), C.size_t(np)) - n = int(r0) - if r0 == -1 && er != nil { - err = er - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Dup2(oldfd int, newfd int) (err error) { r0, er := C.dup2(C.int(oldfd), C.int(newfd)) if r0 == -1 && er != nil { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go index 6de80c20cf2..f99a18adc33 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go @@ -762,28 +762,6 @@ func write(fd int, p []byte) (n int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func readlen(fd int, p *byte, np int) (n int, err error) { - r0, e1 := callread(fd, uintptr(unsafe.Pointer(p)), np) - n = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func writelen(fd int, p *byte, np int) (n int, err error) { - r0, e1 := callwrite(fd, uintptr(unsafe.Pointer(p)), np) - n = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Dup2(oldfd int, newfd int) (err error) { _, e1 := calldup2(oldfd, newfd) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go index 4037ccf7a94..1cad561e983 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go @@ -725,6 +725,12 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { return } +var libc_ioctl_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_ioctl ioctl "/usr/lib/libSystem.B.dylib" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg)) if e1 != 0 { @@ -733,10 +739,6 @@ func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { return } -var libc_ioctl_trampoline_addr uintptr - -//go:cgo_import_dynamic libc_ioctl ioctl "/usr/lib/libSystem.B.dylib" - // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { @@ -2410,28 +2412,6 @@ var libc_munmap_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func readlen(fd int, buf *byte, nbuf int) (n int, err error) { - r0, _, e1 := syscall_syscall(libc_read_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf)) - n = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func writelen(fd int, buf *byte, nbuf int) (n int, err error) { - r0, _, e1 := syscall_syscall(libc_write_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf)) - n = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Fstat(fd int, stat *Stat_t) (err error) { _, _, e1 := syscall_syscall(libc_fstat64_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0) if e1 != 0 { @@ -2521,14 +2501,6 @@ func ptrace1(request int, pid int, addr uintptr, data uintptr) (err error) { return } -func ptrace1Ptr(request int, pid int, addr uintptr, data unsafe.Pointer) (err error) { - _, _, e1 := syscall_syscall6(libc_ptrace_trampoline_addr, uintptr(request), uintptr(pid), addr, uintptr(data), 0, 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - var libc_ptrace_trampoline_addr uintptr //go:cgo_import_dynamic libc_ptrace ptrace "/usr/lib/libSystem.B.dylib" diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s index 4baaed0bc12..8b8bb284028 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s +++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s @@ -5,703 +5,586 @@ TEXT libc_fdopendir_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fdopendir(SB) - GLOBL ·libc_fdopendir_trampoline_addr(SB), RODATA, $8 DATA ·libc_fdopendir_trampoline_addr(SB)/8, $libc_fdopendir_trampoline<>(SB) TEXT libc_getgroups_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getgroups(SB) - GLOBL ·libc_getgroups_trampoline_addr(SB), RODATA, $8 DATA ·libc_getgroups_trampoline_addr(SB)/8, $libc_getgroups_trampoline<>(SB) TEXT libc_setgroups_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setgroups(SB) - GLOBL ·libc_setgroups_trampoline_addr(SB), RODATA, $8 DATA ·libc_setgroups_trampoline_addr(SB)/8, $libc_setgroups_trampoline<>(SB) TEXT libc_wait4_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_wait4(SB) - GLOBL ·libc_wait4_trampoline_addr(SB), RODATA, $8 DATA ·libc_wait4_trampoline_addr(SB)/8, $libc_wait4_trampoline<>(SB) TEXT libc_accept_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_accept(SB) - GLOBL ·libc_accept_trampoline_addr(SB), RODATA, $8 DATA ·libc_accept_trampoline_addr(SB)/8, $libc_accept_trampoline<>(SB) TEXT libc_bind_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_bind(SB) - GLOBL ·libc_bind_trampoline_addr(SB), RODATA, $8 DATA ·libc_bind_trampoline_addr(SB)/8, $libc_bind_trampoline<>(SB) TEXT libc_connect_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_connect(SB) - GLOBL ·libc_connect_trampoline_addr(SB), RODATA, $8 DATA ·libc_connect_trampoline_addr(SB)/8, $libc_connect_trampoline<>(SB) TEXT libc_socket_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_socket(SB) - GLOBL ·libc_socket_trampoline_addr(SB), RODATA, $8 DATA ·libc_socket_trampoline_addr(SB)/8, $libc_socket_trampoline<>(SB) TEXT libc_getsockopt_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getsockopt(SB) - GLOBL ·libc_getsockopt_trampoline_addr(SB), RODATA, $8 DATA ·libc_getsockopt_trampoline_addr(SB)/8, $libc_getsockopt_trampoline<>(SB) TEXT libc_setsockopt_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setsockopt(SB) - GLOBL ·libc_setsockopt_trampoline_addr(SB), RODATA, $8 DATA ·libc_setsockopt_trampoline_addr(SB)/8, $libc_setsockopt_trampoline<>(SB) TEXT libc_getpeername_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getpeername(SB) - GLOBL ·libc_getpeername_trampoline_addr(SB), RODATA, $8 DATA ·libc_getpeername_trampoline_addr(SB)/8, $libc_getpeername_trampoline<>(SB) TEXT libc_getsockname_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getsockname(SB) - GLOBL ·libc_getsockname_trampoline_addr(SB), RODATA, $8 DATA ·libc_getsockname_trampoline_addr(SB)/8, $libc_getsockname_trampoline<>(SB) TEXT libc_shutdown_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_shutdown(SB) - GLOBL ·libc_shutdown_trampoline_addr(SB), RODATA, $8 DATA ·libc_shutdown_trampoline_addr(SB)/8, $libc_shutdown_trampoline<>(SB) TEXT libc_socketpair_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_socketpair(SB) - GLOBL ·libc_socketpair_trampoline_addr(SB), RODATA, $8 DATA ·libc_socketpair_trampoline_addr(SB)/8, $libc_socketpair_trampoline<>(SB) TEXT libc_recvfrom_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_recvfrom(SB) - GLOBL ·libc_recvfrom_trampoline_addr(SB), RODATA, $8 DATA ·libc_recvfrom_trampoline_addr(SB)/8, $libc_recvfrom_trampoline<>(SB) TEXT libc_sendto_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_sendto(SB) - GLOBL ·libc_sendto_trampoline_addr(SB), RODATA, $8 DATA ·libc_sendto_trampoline_addr(SB)/8, $libc_sendto_trampoline<>(SB) TEXT libc_recvmsg_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_recvmsg(SB) - GLOBL ·libc_recvmsg_trampoline_addr(SB), RODATA, $8 DATA ·libc_recvmsg_trampoline_addr(SB)/8, $libc_recvmsg_trampoline<>(SB) TEXT libc_sendmsg_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_sendmsg(SB) - GLOBL ·libc_sendmsg_trampoline_addr(SB), RODATA, $8 DATA ·libc_sendmsg_trampoline_addr(SB)/8, $libc_sendmsg_trampoline<>(SB) TEXT libc_kevent_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_kevent(SB) - GLOBL ·libc_kevent_trampoline_addr(SB), RODATA, $8 DATA ·libc_kevent_trampoline_addr(SB)/8, $libc_kevent_trampoline<>(SB) TEXT libc_utimes_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_utimes(SB) - GLOBL ·libc_utimes_trampoline_addr(SB), RODATA, $8 DATA ·libc_utimes_trampoline_addr(SB)/8, $libc_utimes_trampoline<>(SB) TEXT libc_futimes_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_futimes(SB) - GLOBL ·libc_futimes_trampoline_addr(SB), RODATA, $8 DATA ·libc_futimes_trampoline_addr(SB)/8, $libc_futimes_trampoline<>(SB) TEXT libc_poll_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_poll(SB) - GLOBL ·libc_poll_trampoline_addr(SB), RODATA, $8 DATA ·libc_poll_trampoline_addr(SB)/8, $libc_poll_trampoline<>(SB) TEXT libc_madvise_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_madvise(SB) - GLOBL ·libc_madvise_trampoline_addr(SB), RODATA, $8 DATA ·libc_madvise_trampoline_addr(SB)/8, $libc_madvise_trampoline<>(SB) TEXT libc_mlock_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_mlock(SB) - GLOBL ·libc_mlock_trampoline_addr(SB), RODATA, $8 DATA ·libc_mlock_trampoline_addr(SB)/8, $libc_mlock_trampoline<>(SB) TEXT libc_mlockall_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_mlockall(SB) - GLOBL ·libc_mlockall_trampoline_addr(SB), RODATA, $8 DATA ·libc_mlockall_trampoline_addr(SB)/8, $libc_mlockall_trampoline<>(SB) TEXT libc_mprotect_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_mprotect(SB) - GLOBL ·libc_mprotect_trampoline_addr(SB), RODATA, $8 DATA ·libc_mprotect_trampoline_addr(SB)/8, $libc_mprotect_trampoline<>(SB) TEXT libc_msync_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_msync(SB) - GLOBL ·libc_msync_trampoline_addr(SB), RODATA, $8 DATA ·libc_msync_trampoline_addr(SB)/8, $libc_msync_trampoline<>(SB) TEXT libc_munlock_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_munlock(SB) - GLOBL ·libc_munlock_trampoline_addr(SB), RODATA, $8 DATA ·libc_munlock_trampoline_addr(SB)/8, $libc_munlock_trampoline<>(SB) TEXT libc_munlockall_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_munlockall(SB) - GLOBL ·libc_munlockall_trampoline_addr(SB), RODATA, $8 DATA ·libc_munlockall_trampoline_addr(SB)/8, $libc_munlockall_trampoline<>(SB) TEXT libc_closedir_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_closedir(SB) - GLOBL ·libc_closedir_trampoline_addr(SB), RODATA, $8 DATA ·libc_closedir_trampoline_addr(SB)/8, $libc_closedir_trampoline<>(SB) TEXT libc_readdir_r_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_readdir_r(SB) - GLOBL ·libc_readdir_r_trampoline_addr(SB), RODATA, $8 DATA ·libc_readdir_r_trampoline_addr(SB)/8, $libc_readdir_r_trampoline<>(SB) TEXT libc_pipe_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_pipe(SB) - GLOBL ·libc_pipe_trampoline_addr(SB), RODATA, $8 DATA ·libc_pipe_trampoline_addr(SB)/8, $libc_pipe_trampoline<>(SB) TEXT libc_getxattr_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getxattr(SB) - GLOBL ·libc_getxattr_trampoline_addr(SB), RODATA, $8 DATA ·libc_getxattr_trampoline_addr(SB)/8, $libc_getxattr_trampoline<>(SB) TEXT libc_fgetxattr_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fgetxattr(SB) - GLOBL ·libc_fgetxattr_trampoline_addr(SB), RODATA, $8 DATA ·libc_fgetxattr_trampoline_addr(SB)/8, $libc_fgetxattr_trampoline<>(SB) TEXT libc_setxattr_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setxattr(SB) - GLOBL ·libc_setxattr_trampoline_addr(SB), RODATA, $8 DATA ·libc_setxattr_trampoline_addr(SB)/8, $libc_setxattr_trampoline<>(SB) TEXT libc_fsetxattr_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fsetxattr(SB) - GLOBL ·libc_fsetxattr_trampoline_addr(SB), RODATA, $8 DATA ·libc_fsetxattr_trampoline_addr(SB)/8, $libc_fsetxattr_trampoline<>(SB) TEXT libc_removexattr_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_removexattr(SB) - GLOBL ·libc_removexattr_trampoline_addr(SB), RODATA, $8 DATA ·libc_removexattr_trampoline_addr(SB)/8, $libc_removexattr_trampoline<>(SB) TEXT libc_fremovexattr_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fremovexattr(SB) - GLOBL ·libc_fremovexattr_trampoline_addr(SB), RODATA, $8 DATA ·libc_fremovexattr_trampoline_addr(SB)/8, $libc_fremovexattr_trampoline<>(SB) TEXT libc_listxattr_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_listxattr(SB) - GLOBL ·libc_listxattr_trampoline_addr(SB), RODATA, $8 DATA ·libc_listxattr_trampoline_addr(SB)/8, $libc_listxattr_trampoline<>(SB) TEXT libc_flistxattr_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_flistxattr(SB) - GLOBL ·libc_flistxattr_trampoline_addr(SB), RODATA, $8 DATA ·libc_flistxattr_trampoline_addr(SB)/8, $libc_flistxattr_trampoline<>(SB) TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_utimensat(SB) - GLOBL ·libc_utimensat_trampoline_addr(SB), RODATA, $8 DATA ·libc_utimensat_trampoline_addr(SB)/8, $libc_utimensat_trampoline<>(SB) TEXT libc_fcntl_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fcntl(SB) - GLOBL ·libc_fcntl_trampoline_addr(SB), RODATA, $8 DATA ·libc_fcntl_trampoline_addr(SB)/8, $libc_fcntl_trampoline<>(SB) TEXT libc_kill_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_kill(SB) - GLOBL ·libc_kill_trampoline_addr(SB), RODATA, $8 DATA ·libc_kill_trampoline_addr(SB)/8, $libc_kill_trampoline<>(SB) TEXT libc_ioctl_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_ioctl(SB) - GLOBL ·libc_ioctl_trampoline_addr(SB), RODATA, $8 DATA ·libc_ioctl_trampoline_addr(SB)/8, $libc_ioctl_trampoline<>(SB) TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_sysctl(SB) - GLOBL ·libc_sysctl_trampoline_addr(SB), RODATA, $8 DATA ·libc_sysctl_trampoline_addr(SB)/8, $libc_sysctl_trampoline<>(SB) TEXT libc_sendfile_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_sendfile(SB) - GLOBL ·libc_sendfile_trampoline_addr(SB), RODATA, $8 DATA ·libc_sendfile_trampoline_addr(SB)/8, $libc_sendfile_trampoline<>(SB) TEXT libc_shmat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_shmat(SB) - GLOBL ·libc_shmat_trampoline_addr(SB), RODATA, $8 DATA ·libc_shmat_trampoline_addr(SB)/8, $libc_shmat_trampoline<>(SB) TEXT libc_shmctl_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_shmctl(SB) - GLOBL ·libc_shmctl_trampoline_addr(SB), RODATA, $8 DATA ·libc_shmctl_trampoline_addr(SB)/8, $libc_shmctl_trampoline<>(SB) TEXT libc_shmdt_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_shmdt(SB) - GLOBL ·libc_shmdt_trampoline_addr(SB), RODATA, $8 DATA ·libc_shmdt_trampoline_addr(SB)/8, $libc_shmdt_trampoline<>(SB) TEXT libc_shmget_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_shmget(SB) - GLOBL ·libc_shmget_trampoline_addr(SB), RODATA, $8 DATA ·libc_shmget_trampoline_addr(SB)/8, $libc_shmget_trampoline<>(SB) TEXT libc_access_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_access(SB) - GLOBL ·libc_access_trampoline_addr(SB), RODATA, $8 DATA ·libc_access_trampoline_addr(SB)/8, $libc_access_trampoline<>(SB) TEXT libc_adjtime_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_adjtime(SB) - GLOBL ·libc_adjtime_trampoline_addr(SB), RODATA, $8 DATA ·libc_adjtime_trampoline_addr(SB)/8, $libc_adjtime_trampoline<>(SB) TEXT libc_chdir_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_chdir(SB) - GLOBL ·libc_chdir_trampoline_addr(SB), RODATA, $8 DATA ·libc_chdir_trampoline_addr(SB)/8, $libc_chdir_trampoline<>(SB) TEXT libc_chflags_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_chflags(SB) - GLOBL ·libc_chflags_trampoline_addr(SB), RODATA, $8 DATA ·libc_chflags_trampoline_addr(SB)/8, $libc_chflags_trampoline<>(SB) TEXT libc_chmod_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_chmod(SB) - GLOBL ·libc_chmod_trampoline_addr(SB), RODATA, $8 DATA ·libc_chmod_trampoline_addr(SB)/8, $libc_chmod_trampoline<>(SB) TEXT libc_chown_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_chown(SB) - GLOBL ·libc_chown_trampoline_addr(SB), RODATA, $8 DATA ·libc_chown_trampoline_addr(SB)/8, $libc_chown_trampoline<>(SB) TEXT libc_chroot_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_chroot(SB) - GLOBL ·libc_chroot_trampoline_addr(SB), RODATA, $8 DATA ·libc_chroot_trampoline_addr(SB)/8, $libc_chroot_trampoline<>(SB) TEXT libc_clock_gettime_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_clock_gettime(SB) - GLOBL ·libc_clock_gettime_trampoline_addr(SB), RODATA, $8 DATA ·libc_clock_gettime_trampoline_addr(SB)/8, $libc_clock_gettime_trampoline<>(SB) TEXT libc_close_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_close(SB) - GLOBL ·libc_close_trampoline_addr(SB), RODATA, $8 DATA ·libc_close_trampoline_addr(SB)/8, $libc_close_trampoline<>(SB) TEXT libc_clonefile_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_clonefile(SB) - GLOBL ·libc_clonefile_trampoline_addr(SB), RODATA, $8 DATA ·libc_clonefile_trampoline_addr(SB)/8, $libc_clonefile_trampoline<>(SB) TEXT libc_clonefileat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_clonefileat(SB) - GLOBL ·libc_clonefileat_trampoline_addr(SB), RODATA, $8 DATA ·libc_clonefileat_trampoline_addr(SB)/8, $libc_clonefileat_trampoline<>(SB) TEXT libc_dup_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_dup(SB) - GLOBL ·libc_dup_trampoline_addr(SB), RODATA, $8 DATA ·libc_dup_trampoline_addr(SB)/8, $libc_dup_trampoline<>(SB) TEXT libc_dup2_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_dup2(SB) - GLOBL ·libc_dup2_trampoline_addr(SB), RODATA, $8 DATA ·libc_dup2_trampoline_addr(SB)/8, $libc_dup2_trampoline<>(SB) TEXT libc_exchangedata_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_exchangedata(SB) - GLOBL ·libc_exchangedata_trampoline_addr(SB), RODATA, $8 DATA ·libc_exchangedata_trampoline_addr(SB)/8, $libc_exchangedata_trampoline<>(SB) TEXT libc_exit_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_exit(SB) - GLOBL ·libc_exit_trampoline_addr(SB), RODATA, $8 DATA ·libc_exit_trampoline_addr(SB)/8, $libc_exit_trampoline<>(SB) TEXT libc_faccessat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_faccessat(SB) - GLOBL ·libc_faccessat_trampoline_addr(SB), RODATA, $8 DATA ·libc_faccessat_trampoline_addr(SB)/8, $libc_faccessat_trampoline<>(SB) TEXT libc_fchdir_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fchdir(SB) - GLOBL ·libc_fchdir_trampoline_addr(SB), RODATA, $8 DATA ·libc_fchdir_trampoline_addr(SB)/8, $libc_fchdir_trampoline<>(SB) TEXT libc_fchflags_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fchflags(SB) - GLOBL ·libc_fchflags_trampoline_addr(SB), RODATA, $8 DATA ·libc_fchflags_trampoline_addr(SB)/8, $libc_fchflags_trampoline<>(SB) TEXT libc_fchmod_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fchmod(SB) - GLOBL ·libc_fchmod_trampoline_addr(SB), RODATA, $8 DATA ·libc_fchmod_trampoline_addr(SB)/8, $libc_fchmod_trampoline<>(SB) TEXT libc_fchmodat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fchmodat(SB) - GLOBL ·libc_fchmodat_trampoline_addr(SB), RODATA, $8 DATA ·libc_fchmodat_trampoline_addr(SB)/8, $libc_fchmodat_trampoline<>(SB) TEXT libc_fchown_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fchown(SB) - GLOBL ·libc_fchown_trampoline_addr(SB), RODATA, $8 DATA ·libc_fchown_trampoline_addr(SB)/8, $libc_fchown_trampoline<>(SB) TEXT libc_fchownat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fchownat(SB) - GLOBL ·libc_fchownat_trampoline_addr(SB), RODATA, $8 DATA ·libc_fchownat_trampoline_addr(SB)/8, $libc_fchownat_trampoline<>(SB) TEXT libc_fclonefileat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fclonefileat(SB) - GLOBL ·libc_fclonefileat_trampoline_addr(SB), RODATA, $8 DATA ·libc_fclonefileat_trampoline_addr(SB)/8, $libc_fclonefileat_trampoline<>(SB) TEXT libc_flock_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_flock(SB) - GLOBL ·libc_flock_trampoline_addr(SB), RODATA, $8 DATA ·libc_flock_trampoline_addr(SB)/8, $libc_flock_trampoline<>(SB) TEXT libc_fpathconf_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fpathconf(SB) - GLOBL ·libc_fpathconf_trampoline_addr(SB), RODATA, $8 DATA ·libc_fpathconf_trampoline_addr(SB)/8, $libc_fpathconf_trampoline<>(SB) TEXT libc_fsync_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fsync(SB) - GLOBL ·libc_fsync_trampoline_addr(SB), RODATA, $8 DATA ·libc_fsync_trampoline_addr(SB)/8, $libc_fsync_trampoline<>(SB) TEXT libc_ftruncate_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_ftruncate(SB) - GLOBL ·libc_ftruncate_trampoline_addr(SB), RODATA, $8 DATA ·libc_ftruncate_trampoline_addr(SB)/8, $libc_ftruncate_trampoline<>(SB) TEXT libc_getcwd_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getcwd(SB) - GLOBL ·libc_getcwd_trampoline_addr(SB), RODATA, $8 DATA ·libc_getcwd_trampoline_addr(SB)/8, $libc_getcwd_trampoline<>(SB) TEXT libc_getdtablesize_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getdtablesize(SB) - GLOBL ·libc_getdtablesize_trampoline_addr(SB), RODATA, $8 DATA ·libc_getdtablesize_trampoline_addr(SB)/8, $libc_getdtablesize_trampoline<>(SB) TEXT libc_getegid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getegid(SB) - GLOBL ·libc_getegid_trampoline_addr(SB), RODATA, $8 DATA ·libc_getegid_trampoline_addr(SB)/8, $libc_getegid_trampoline<>(SB) TEXT libc_geteuid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_geteuid(SB) - GLOBL ·libc_geteuid_trampoline_addr(SB), RODATA, $8 DATA ·libc_geteuid_trampoline_addr(SB)/8, $libc_geteuid_trampoline<>(SB) TEXT libc_getgid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getgid(SB) - GLOBL ·libc_getgid_trampoline_addr(SB), RODATA, $8 DATA ·libc_getgid_trampoline_addr(SB)/8, $libc_getgid_trampoline<>(SB) TEXT libc_getpgid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getpgid(SB) - GLOBL ·libc_getpgid_trampoline_addr(SB), RODATA, $8 DATA ·libc_getpgid_trampoline_addr(SB)/8, $libc_getpgid_trampoline<>(SB) TEXT libc_getpgrp_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getpgrp(SB) - GLOBL ·libc_getpgrp_trampoline_addr(SB), RODATA, $8 DATA ·libc_getpgrp_trampoline_addr(SB)/8, $libc_getpgrp_trampoline<>(SB) TEXT libc_getpid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getpid(SB) - GLOBL ·libc_getpid_trampoline_addr(SB), RODATA, $8 DATA ·libc_getpid_trampoline_addr(SB)/8, $libc_getpid_trampoline<>(SB) TEXT libc_getppid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getppid(SB) - GLOBL ·libc_getppid_trampoline_addr(SB), RODATA, $8 DATA ·libc_getppid_trampoline_addr(SB)/8, $libc_getppid_trampoline<>(SB) TEXT libc_getpriority_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getpriority(SB) - GLOBL ·libc_getpriority_trampoline_addr(SB), RODATA, $8 DATA ·libc_getpriority_trampoline_addr(SB)/8, $libc_getpriority_trampoline<>(SB) TEXT libc_getrlimit_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getrlimit(SB) - GLOBL ·libc_getrlimit_trampoline_addr(SB), RODATA, $8 DATA ·libc_getrlimit_trampoline_addr(SB)/8, $libc_getrlimit_trampoline<>(SB) TEXT libc_getrusage_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getrusage(SB) - GLOBL ·libc_getrusage_trampoline_addr(SB), RODATA, $8 DATA ·libc_getrusage_trampoline_addr(SB)/8, $libc_getrusage_trampoline<>(SB) TEXT libc_getsid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getsid(SB) - GLOBL ·libc_getsid_trampoline_addr(SB), RODATA, $8 DATA ·libc_getsid_trampoline_addr(SB)/8, $libc_getsid_trampoline<>(SB) TEXT libc_gettimeofday_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_gettimeofday(SB) - GLOBL ·libc_gettimeofday_trampoline_addr(SB), RODATA, $8 DATA ·libc_gettimeofday_trampoline_addr(SB)/8, $libc_gettimeofday_trampoline<>(SB) TEXT libc_getuid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getuid(SB) - GLOBL ·libc_getuid_trampoline_addr(SB), RODATA, $8 DATA ·libc_getuid_trampoline_addr(SB)/8, $libc_getuid_trampoline<>(SB) TEXT libc_issetugid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_issetugid(SB) - GLOBL ·libc_issetugid_trampoline_addr(SB), RODATA, $8 DATA ·libc_issetugid_trampoline_addr(SB)/8, $libc_issetugid_trampoline<>(SB) TEXT libc_kqueue_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_kqueue(SB) - GLOBL ·libc_kqueue_trampoline_addr(SB), RODATA, $8 DATA ·libc_kqueue_trampoline_addr(SB)/8, $libc_kqueue_trampoline<>(SB) TEXT libc_lchown_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_lchown(SB) - GLOBL ·libc_lchown_trampoline_addr(SB), RODATA, $8 DATA ·libc_lchown_trampoline_addr(SB)/8, $libc_lchown_trampoline<>(SB) TEXT libc_link_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_link(SB) - GLOBL ·libc_link_trampoline_addr(SB), RODATA, $8 DATA ·libc_link_trampoline_addr(SB)/8, $libc_link_trampoline<>(SB) TEXT libc_linkat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_linkat(SB) - GLOBL ·libc_linkat_trampoline_addr(SB), RODATA, $8 DATA ·libc_linkat_trampoline_addr(SB)/8, $libc_linkat_trampoline<>(SB) TEXT libc_listen_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_listen(SB) - GLOBL ·libc_listen_trampoline_addr(SB), RODATA, $8 DATA ·libc_listen_trampoline_addr(SB)/8, $libc_listen_trampoline<>(SB) TEXT libc_mkdir_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_mkdir(SB) - GLOBL ·libc_mkdir_trampoline_addr(SB), RODATA, $8 DATA ·libc_mkdir_trampoline_addr(SB)/8, $libc_mkdir_trampoline<>(SB) TEXT libc_mkdirat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_mkdirat(SB) - GLOBL ·libc_mkdirat_trampoline_addr(SB), RODATA, $8 DATA ·libc_mkdirat_trampoline_addr(SB)/8, $libc_mkdirat_trampoline<>(SB) TEXT libc_mkfifo_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_mkfifo(SB) - GLOBL ·libc_mkfifo_trampoline_addr(SB), RODATA, $8 DATA ·libc_mkfifo_trampoline_addr(SB)/8, $libc_mkfifo_trampoline<>(SB) TEXT libc_mknod_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_mknod(SB) - GLOBL ·libc_mknod_trampoline_addr(SB), RODATA, $8 DATA ·libc_mknod_trampoline_addr(SB)/8, $libc_mknod_trampoline<>(SB) TEXT libc_mount_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_mount(SB) - GLOBL ·libc_mount_trampoline_addr(SB), RODATA, $8 DATA ·libc_mount_trampoline_addr(SB)/8, $libc_mount_trampoline<>(SB) TEXT libc_open_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_open(SB) - GLOBL ·libc_open_trampoline_addr(SB), RODATA, $8 DATA ·libc_open_trampoline_addr(SB)/8, $libc_open_trampoline<>(SB) TEXT libc_openat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_openat(SB) - GLOBL ·libc_openat_trampoline_addr(SB), RODATA, $8 DATA ·libc_openat_trampoline_addr(SB)/8, $libc_openat_trampoline<>(SB) TEXT libc_pathconf_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_pathconf(SB) - GLOBL ·libc_pathconf_trampoline_addr(SB), RODATA, $8 DATA ·libc_pathconf_trampoline_addr(SB)/8, $libc_pathconf_trampoline<>(SB) TEXT libc_pread_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_pread(SB) - GLOBL ·libc_pread_trampoline_addr(SB), RODATA, $8 DATA ·libc_pread_trampoline_addr(SB)/8, $libc_pread_trampoline<>(SB) TEXT libc_pwrite_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_pwrite(SB) - GLOBL ·libc_pwrite_trampoline_addr(SB), RODATA, $8 DATA ·libc_pwrite_trampoline_addr(SB)/8, $libc_pwrite_trampoline<>(SB) TEXT libc_read_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_read(SB) - GLOBL ·libc_read_trampoline_addr(SB), RODATA, $8 DATA ·libc_read_trampoline_addr(SB)/8, $libc_read_trampoline<>(SB) TEXT libc_readlink_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_readlink(SB) - GLOBL ·libc_readlink_trampoline_addr(SB), RODATA, $8 DATA ·libc_readlink_trampoline_addr(SB)/8, $libc_readlink_trampoline<>(SB) TEXT libc_readlinkat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_readlinkat(SB) - GLOBL ·libc_readlinkat_trampoline_addr(SB), RODATA, $8 DATA ·libc_readlinkat_trampoline_addr(SB)/8, $libc_readlinkat_trampoline<>(SB) TEXT libc_rename_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_rename(SB) - GLOBL ·libc_rename_trampoline_addr(SB), RODATA, $8 DATA ·libc_rename_trampoline_addr(SB)/8, $libc_rename_trampoline<>(SB) TEXT libc_renameat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_renameat(SB) - GLOBL ·libc_renameat_trampoline_addr(SB), RODATA, $8 DATA ·libc_renameat_trampoline_addr(SB)/8, $libc_renameat_trampoline<>(SB) TEXT libc_revoke_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_revoke(SB) - GLOBL ·libc_revoke_trampoline_addr(SB), RODATA, $8 DATA ·libc_revoke_trampoline_addr(SB)/8, $libc_revoke_trampoline<>(SB) TEXT libc_rmdir_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_rmdir(SB) - GLOBL ·libc_rmdir_trampoline_addr(SB), RODATA, $8 DATA ·libc_rmdir_trampoline_addr(SB)/8, $libc_rmdir_trampoline<>(SB) TEXT libc_lseek_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_lseek(SB) - GLOBL ·libc_lseek_trampoline_addr(SB), RODATA, $8 DATA ·libc_lseek_trampoline_addr(SB)/8, $libc_lseek_trampoline<>(SB) TEXT libc_select_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_select(SB) - GLOBL ·libc_select_trampoline_addr(SB), RODATA, $8 DATA ·libc_select_trampoline_addr(SB)/8, $libc_select_trampoline<>(SB) @@ -712,192 +595,160 @@ DATA ·libc_setattrlist_trampoline_addr(SB)/8, $libc_setattrlist_trampoline<>(SB TEXT libc_setegid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setegid(SB) - GLOBL ·libc_setegid_trampoline_addr(SB), RODATA, $8 DATA ·libc_setegid_trampoline_addr(SB)/8, $libc_setegid_trampoline<>(SB) TEXT libc_seteuid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_seteuid(SB) - GLOBL ·libc_seteuid_trampoline_addr(SB), RODATA, $8 DATA ·libc_seteuid_trampoline_addr(SB)/8, $libc_seteuid_trampoline<>(SB) TEXT libc_setgid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setgid(SB) - GLOBL ·libc_setgid_trampoline_addr(SB), RODATA, $8 DATA ·libc_setgid_trampoline_addr(SB)/8, $libc_setgid_trampoline<>(SB) TEXT libc_setlogin_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setlogin(SB) - GLOBL ·libc_setlogin_trampoline_addr(SB), RODATA, $8 DATA ·libc_setlogin_trampoline_addr(SB)/8, $libc_setlogin_trampoline<>(SB) TEXT libc_setpgid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setpgid(SB) - GLOBL ·libc_setpgid_trampoline_addr(SB), RODATA, $8 DATA ·libc_setpgid_trampoline_addr(SB)/8, $libc_setpgid_trampoline<>(SB) TEXT libc_setpriority_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setpriority(SB) - GLOBL ·libc_setpriority_trampoline_addr(SB), RODATA, $8 DATA ·libc_setpriority_trampoline_addr(SB)/8, $libc_setpriority_trampoline<>(SB) TEXT libc_setprivexec_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setprivexec(SB) - GLOBL ·libc_setprivexec_trampoline_addr(SB), RODATA, $8 DATA ·libc_setprivexec_trampoline_addr(SB)/8, $libc_setprivexec_trampoline<>(SB) TEXT libc_setregid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setregid(SB) - GLOBL ·libc_setregid_trampoline_addr(SB), RODATA, $8 DATA ·libc_setregid_trampoline_addr(SB)/8, $libc_setregid_trampoline<>(SB) TEXT libc_setreuid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setreuid(SB) - GLOBL ·libc_setreuid_trampoline_addr(SB), RODATA, $8 DATA ·libc_setreuid_trampoline_addr(SB)/8, $libc_setreuid_trampoline<>(SB) TEXT libc_setsid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setsid(SB) - GLOBL ·libc_setsid_trampoline_addr(SB), RODATA, $8 DATA ·libc_setsid_trampoline_addr(SB)/8, $libc_setsid_trampoline<>(SB) TEXT libc_settimeofday_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_settimeofday(SB) - GLOBL ·libc_settimeofday_trampoline_addr(SB), RODATA, $8 DATA ·libc_settimeofday_trampoline_addr(SB)/8, $libc_settimeofday_trampoline<>(SB) TEXT libc_setuid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setuid(SB) - GLOBL ·libc_setuid_trampoline_addr(SB), RODATA, $8 DATA ·libc_setuid_trampoline_addr(SB)/8, $libc_setuid_trampoline<>(SB) TEXT libc_symlink_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_symlink(SB) - GLOBL ·libc_symlink_trampoline_addr(SB), RODATA, $8 DATA ·libc_symlink_trampoline_addr(SB)/8, $libc_symlink_trampoline<>(SB) TEXT libc_symlinkat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_symlinkat(SB) - GLOBL ·libc_symlinkat_trampoline_addr(SB), RODATA, $8 DATA ·libc_symlinkat_trampoline_addr(SB)/8, $libc_symlinkat_trampoline<>(SB) TEXT libc_sync_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_sync(SB) - GLOBL ·libc_sync_trampoline_addr(SB), RODATA, $8 DATA ·libc_sync_trampoline_addr(SB)/8, $libc_sync_trampoline<>(SB) TEXT libc_truncate_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_truncate(SB) - GLOBL ·libc_truncate_trampoline_addr(SB), RODATA, $8 DATA ·libc_truncate_trampoline_addr(SB)/8, $libc_truncate_trampoline<>(SB) TEXT libc_umask_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_umask(SB) - GLOBL ·libc_umask_trampoline_addr(SB), RODATA, $8 DATA ·libc_umask_trampoline_addr(SB)/8, $libc_umask_trampoline<>(SB) TEXT libc_undelete_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_undelete(SB) - GLOBL ·libc_undelete_trampoline_addr(SB), RODATA, $8 DATA ·libc_undelete_trampoline_addr(SB)/8, $libc_undelete_trampoline<>(SB) TEXT libc_unlink_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_unlink(SB) - GLOBL ·libc_unlink_trampoline_addr(SB), RODATA, $8 DATA ·libc_unlink_trampoline_addr(SB)/8, $libc_unlink_trampoline<>(SB) TEXT libc_unlinkat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_unlinkat(SB) - GLOBL ·libc_unlinkat_trampoline_addr(SB), RODATA, $8 DATA ·libc_unlinkat_trampoline_addr(SB)/8, $libc_unlinkat_trampoline<>(SB) TEXT libc_unmount_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_unmount(SB) - GLOBL ·libc_unmount_trampoline_addr(SB), RODATA, $8 DATA ·libc_unmount_trampoline_addr(SB)/8, $libc_unmount_trampoline<>(SB) TEXT libc_write_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_write(SB) - GLOBL ·libc_write_trampoline_addr(SB), RODATA, $8 DATA ·libc_write_trampoline_addr(SB)/8, $libc_write_trampoline<>(SB) TEXT libc_mmap_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_mmap(SB) - GLOBL ·libc_mmap_trampoline_addr(SB), RODATA, $8 DATA ·libc_mmap_trampoline_addr(SB)/8, $libc_mmap_trampoline<>(SB) TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_munmap(SB) - GLOBL ·libc_munmap_trampoline_addr(SB), RODATA, $8 DATA ·libc_munmap_trampoline_addr(SB)/8, $libc_munmap_trampoline<>(SB) TEXT libc_fstat64_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fstat64(SB) - GLOBL ·libc_fstat64_trampoline_addr(SB), RODATA, $8 DATA ·libc_fstat64_trampoline_addr(SB)/8, $libc_fstat64_trampoline<>(SB) TEXT libc_fstatat64_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fstatat64(SB) - GLOBL ·libc_fstatat64_trampoline_addr(SB), RODATA, $8 DATA ·libc_fstatat64_trampoline_addr(SB)/8, $libc_fstatat64_trampoline<>(SB) TEXT libc_fstatfs64_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fstatfs64(SB) - GLOBL ·libc_fstatfs64_trampoline_addr(SB), RODATA, $8 DATA ·libc_fstatfs64_trampoline_addr(SB)/8, $libc_fstatfs64_trampoline<>(SB) TEXT libc_getfsstat64_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getfsstat64(SB) - GLOBL ·libc_getfsstat64_trampoline_addr(SB), RODATA, $8 DATA ·libc_getfsstat64_trampoline_addr(SB)/8, $libc_getfsstat64_trampoline<>(SB) TEXT libc_lstat64_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_lstat64(SB) - GLOBL ·libc_lstat64_trampoline_addr(SB), RODATA, $8 DATA ·libc_lstat64_trampoline_addr(SB)/8, $libc_lstat64_trampoline<>(SB) TEXT libc_ptrace_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_ptrace(SB) - GLOBL ·libc_ptrace_trampoline_addr(SB), RODATA, $8 DATA ·libc_ptrace_trampoline_addr(SB)/8, $libc_ptrace_trampoline<>(SB) TEXT libc_stat64_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_stat64(SB) - GLOBL ·libc_stat64_trampoline_addr(SB), RODATA, $8 DATA ·libc_stat64_trampoline_addr(SB)/8, $libc_stat64_trampoline<>(SB) TEXT libc_statfs64_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_statfs64(SB) - GLOBL ·libc_statfs64_trampoline_addr(SB), RODATA, $8 DATA ·libc_statfs64_trampoline_addr(SB)/8, $libc_statfs64_trampoline<>(SB) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go index 51d6f3fb256..b18edbd0e31 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go @@ -725,6 +725,12 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { return } +var libc_ioctl_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_ioctl ioctl "/usr/lib/libSystem.B.dylib" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg)) if e1 != 0 { @@ -733,10 +739,6 @@ func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { return } -var libc_ioctl_trampoline_addr uintptr - -//go:cgo_import_dynamic libc_ioctl ioctl "/usr/lib/libSystem.B.dylib" - // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { @@ -2410,28 +2412,6 @@ var libc_munmap_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func readlen(fd int, buf *byte, nbuf int) (n int, err error) { - r0, _, e1 := syscall_syscall(libc_read_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf)) - n = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func writelen(fd int, buf *byte, nbuf int) (n int, err error) { - r0, _, e1 := syscall_syscall(libc_write_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf)) - n = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Fstat(fd int, stat *Stat_t) (err error) { _, _, e1 := syscall_syscall(libc_fstat_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0) if e1 != 0 { @@ -2521,14 +2501,6 @@ func ptrace1(request int, pid int, addr uintptr, data uintptr) (err error) { return } -func ptrace1Ptr(request int, pid int, addr uintptr, data unsafe.Pointer) (err error) { - _, _, e1 := syscall_syscall6(libc_ptrace_trampoline_addr, uintptr(request), uintptr(pid), addr, uintptr(data), 0, 0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - var libc_ptrace_trampoline_addr uintptr //go:cgo_import_dynamic libc_ptrace ptrace "/usr/lib/libSystem.B.dylib" diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s index c3b82c03793..08362c1ab74 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s +++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s @@ -5,703 +5,586 @@ TEXT libc_fdopendir_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fdopendir(SB) - GLOBL ·libc_fdopendir_trampoline_addr(SB), RODATA, $8 DATA ·libc_fdopendir_trampoline_addr(SB)/8, $libc_fdopendir_trampoline<>(SB) TEXT libc_getgroups_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getgroups(SB) - GLOBL ·libc_getgroups_trampoline_addr(SB), RODATA, $8 DATA ·libc_getgroups_trampoline_addr(SB)/8, $libc_getgroups_trampoline<>(SB) TEXT libc_setgroups_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setgroups(SB) - GLOBL ·libc_setgroups_trampoline_addr(SB), RODATA, $8 DATA ·libc_setgroups_trampoline_addr(SB)/8, $libc_setgroups_trampoline<>(SB) TEXT libc_wait4_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_wait4(SB) - GLOBL ·libc_wait4_trampoline_addr(SB), RODATA, $8 DATA ·libc_wait4_trampoline_addr(SB)/8, $libc_wait4_trampoline<>(SB) TEXT libc_accept_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_accept(SB) - GLOBL ·libc_accept_trampoline_addr(SB), RODATA, $8 DATA ·libc_accept_trampoline_addr(SB)/8, $libc_accept_trampoline<>(SB) TEXT libc_bind_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_bind(SB) - GLOBL ·libc_bind_trampoline_addr(SB), RODATA, $8 DATA ·libc_bind_trampoline_addr(SB)/8, $libc_bind_trampoline<>(SB) TEXT libc_connect_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_connect(SB) - GLOBL ·libc_connect_trampoline_addr(SB), RODATA, $8 DATA ·libc_connect_trampoline_addr(SB)/8, $libc_connect_trampoline<>(SB) TEXT libc_socket_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_socket(SB) - GLOBL ·libc_socket_trampoline_addr(SB), RODATA, $8 DATA ·libc_socket_trampoline_addr(SB)/8, $libc_socket_trampoline<>(SB) TEXT libc_getsockopt_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getsockopt(SB) - GLOBL ·libc_getsockopt_trampoline_addr(SB), RODATA, $8 DATA ·libc_getsockopt_trampoline_addr(SB)/8, $libc_getsockopt_trampoline<>(SB) TEXT libc_setsockopt_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setsockopt(SB) - GLOBL ·libc_setsockopt_trampoline_addr(SB), RODATA, $8 DATA ·libc_setsockopt_trampoline_addr(SB)/8, $libc_setsockopt_trampoline<>(SB) TEXT libc_getpeername_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getpeername(SB) - GLOBL ·libc_getpeername_trampoline_addr(SB), RODATA, $8 DATA ·libc_getpeername_trampoline_addr(SB)/8, $libc_getpeername_trampoline<>(SB) TEXT libc_getsockname_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getsockname(SB) - GLOBL ·libc_getsockname_trampoline_addr(SB), RODATA, $8 DATA ·libc_getsockname_trampoline_addr(SB)/8, $libc_getsockname_trampoline<>(SB) TEXT libc_shutdown_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_shutdown(SB) - GLOBL ·libc_shutdown_trampoline_addr(SB), RODATA, $8 DATA ·libc_shutdown_trampoline_addr(SB)/8, $libc_shutdown_trampoline<>(SB) TEXT libc_socketpair_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_socketpair(SB) - GLOBL ·libc_socketpair_trampoline_addr(SB), RODATA, $8 DATA ·libc_socketpair_trampoline_addr(SB)/8, $libc_socketpair_trampoline<>(SB) TEXT libc_recvfrom_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_recvfrom(SB) - GLOBL ·libc_recvfrom_trampoline_addr(SB), RODATA, $8 DATA ·libc_recvfrom_trampoline_addr(SB)/8, $libc_recvfrom_trampoline<>(SB) TEXT libc_sendto_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_sendto(SB) - GLOBL ·libc_sendto_trampoline_addr(SB), RODATA, $8 DATA ·libc_sendto_trampoline_addr(SB)/8, $libc_sendto_trampoline<>(SB) TEXT libc_recvmsg_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_recvmsg(SB) - GLOBL ·libc_recvmsg_trampoline_addr(SB), RODATA, $8 DATA ·libc_recvmsg_trampoline_addr(SB)/8, $libc_recvmsg_trampoline<>(SB) TEXT libc_sendmsg_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_sendmsg(SB) - GLOBL ·libc_sendmsg_trampoline_addr(SB), RODATA, $8 DATA ·libc_sendmsg_trampoline_addr(SB)/8, $libc_sendmsg_trampoline<>(SB) TEXT libc_kevent_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_kevent(SB) - GLOBL ·libc_kevent_trampoline_addr(SB), RODATA, $8 DATA ·libc_kevent_trampoline_addr(SB)/8, $libc_kevent_trampoline<>(SB) TEXT libc_utimes_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_utimes(SB) - GLOBL ·libc_utimes_trampoline_addr(SB), RODATA, $8 DATA ·libc_utimes_trampoline_addr(SB)/8, $libc_utimes_trampoline<>(SB) TEXT libc_futimes_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_futimes(SB) - GLOBL ·libc_futimes_trampoline_addr(SB), RODATA, $8 DATA ·libc_futimes_trampoline_addr(SB)/8, $libc_futimes_trampoline<>(SB) TEXT libc_poll_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_poll(SB) - GLOBL ·libc_poll_trampoline_addr(SB), RODATA, $8 DATA ·libc_poll_trampoline_addr(SB)/8, $libc_poll_trampoline<>(SB) TEXT libc_madvise_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_madvise(SB) - GLOBL ·libc_madvise_trampoline_addr(SB), RODATA, $8 DATA ·libc_madvise_trampoline_addr(SB)/8, $libc_madvise_trampoline<>(SB) TEXT libc_mlock_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_mlock(SB) - GLOBL ·libc_mlock_trampoline_addr(SB), RODATA, $8 DATA ·libc_mlock_trampoline_addr(SB)/8, $libc_mlock_trampoline<>(SB) TEXT libc_mlockall_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_mlockall(SB) - GLOBL ·libc_mlockall_trampoline_addr(SB), RODATA, $8 DATA ·libc_mlockall_trampoline_addr(SB)/8, $libc_mlockall_trampoline<>(SB) TEXT libc_mprotect_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_mprotect(SB) - GLOBL ·libc_mprotect_trampoline_addr(SB), RODATA, $8 DATA ·libc_mprotect_trampoline_addr(SB)/8, $libc_mprotect_trampoline<>(SB) TEXT libc_msync_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_msync(SB) - GLOBL ·libc_msync_trampoline_addr(SB), RODATA, $8 DATA ·libc_msync_trampoline_addr(SB)/8, $libc_msync_trampoline<>(SB) TEXT libc_munlock_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_munlock(SB) - GLOBL ·libc_munlock_trampoline_addr(SB), RODATA, $8 DATA ·libc_munlock_trampoline_addr(SB)/8, $libc_munlock_trampoline<>(SB) TEXT libc_munlockall_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_munlockall(SB) - GLOBL ·libc_munlockall_trampoline_addr(SB), RODATA, $8 DATA ·libc_munlockall_trampoline_addr(SB)/8, $libc_munlockall_trampoline<>(SB) TEXT libc_closedir_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_closedir(SB) - GLOBL ·libc_closedir_trampoline_addr(SB), RODATA, $8 DATA ·libc_closedir_trampoline_addr(SB)/8, $libc_closedir_trampoline<>(SB) TEXT libc_readdir_r_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_readdir_r(SB) - GLOBL ·libc_readdir_r_trampoline_addr(SB), RODATA, $8 DATA ·libc_readdir_r_trampoline_addr(SB)/8, $libc_readdir_r_trampoline<>(SB) TEXT libc_pipe_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_pipe(SB) - GLOBL ·libc_pipe_trampoline_addr(SB), RODATA, $8 DATA ·libc_pipe_trampoline_addr(SB)/8, $libc_pipe_trampoline<>(SB) TEXT libc_getxattr_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getxattr(SB) - GLOBL ·libc_getxattr_trampoline_addr(SB), RODATA, $8 DATA ·libc_getxattr_trampoline_addr(SB)/8, $libc_getxattr_trampoline<>(SB) TEXT libc_fgetxattr_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fgetxattr(SB) - GLOBL ·libc_fgetxattr_trampoline_addr(SB), RODATA, $8 DATA ·libc_fgetxattr_trampoline_addr(SB)/8, $libc_fgetxattr_trampoline<>(SB) TEXT libc_setxattr_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setxattr(SB) - GLOBL ·libc_setxattr_trampoline_addr(SB), RODATA, $8 DATA ·libc_setxattr_trampoline_addr(SB)/8, $libc_setxattr_trampoline<>(SB) TEXT libc_fsetxattr_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fsetxattr(SB) - GLOBL ·libc_fsetxattr_trampoline_addr(SB), RODATA, $8 DATA ·libc_fsetxattr_trampoline_addr(SB)/8, $libc_fsetxattr_trampoline<>(SB) TEXT libc_removexattr_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_removexattr(SB) - GLOBL ·libc_removexattr_trampoline_addr(SB), RODATA, $8 DATA ·libc_removexattr_trampoline_addr(SB)/8, $libc_removexattr_trampoline<>(SB) TEXT libc_fremovexattr_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fremovexattr(SB) - GLOBL ·libc_fremovexattr_trampoline_addr(SB), RODATA, $8 DATA ·libc_fremovexattr_trampoline_addr(SB)/8, $libc_fremovexattr_trampoline<>(SB) TEXT libc_listxattr_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_listxattr(SB) - GLOBL ·libc_listxattr_trampoline_addr(SB), RODATA, $8 DATA ·libc_listxattr_trampoline_addr(SB)/8, $libc_listxattr_trampoline<>(SB) TEXT libc_flistxattr_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_flistxattr(SB) - GLOBL ·libc_flistxattr_trampoline_addr(SB), RODATA, $8 DATA ·libc_flistxattr_trampoline_addr(SB)/8, $libc_flistxattr_trampoline<>(SB) TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_utimensat(SB) - GLOBL ·libc_utimensat_trampoline_addr(SB), RODATA, $8 DATA ·libc_utimensat_trampoline_addr(SB)/8, $libc_utimensat_trampoline<>(SB) TEXT libc_fcntl_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fcntl(SB) - GLOBL ·libc_fcntl_trampoline_addr(SB), RODATA, $8 DATA ·libc_fcntl_trampoline_addr(SB)/8, $libc_fcntl_trampoline<>(SB) TEXT libc_kill_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_kill(SB) - GLOBL ·libc_kill_trampoline_addr(SB), RODATA, $8 DATA ·libc_kill_trampoline_addr(SB)/8, $libc_kill_trampoline<>(SB) TEXT libc_ioctl_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_ioctl(SB) - GLOBL ·libc_ioctl_trampoline_addr(SB), RODATA, $8 DATA ·libc_ioctl_trampoline_addr(SB)/8, $libc_ioctl_trampoline<>(SB) TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_sysctl(SB) - GLOBL ·libc_sysctl_trampoline_addr(SB), RODATA, $8 DATA ·libc_sysctl_trampoline_addr(SB)/8, $libc_sysctl_trampoline<>(SB) TEXT libc_sendfile_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_sendfile(SB) - GLOBL ·libc_sendfile_trampoline_addr(SB), RODATA, $8 DATA ·libc_sendfile_trampoline_addr(SB)/8, $libc_sendfile_trampoline<>(SB) TEXT libc_shmat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_shmat(SB) - GLOBL ·libc_shmat_trampoline_addr(SB), RODATA, $8 DATA ·libc_shmat_trampoline_addr(SB)/8, $libc_shmat_trampoline<>(SB) TEXT libc_shmctl_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_shmctl(SB) - GLOBL ·libc_shmctl_trampoline_addr(SB), RODATA, $8 DATA ·libc_shmctl_trampoline_addr(SB)/8, $libc_shmctl_trampoline<>(SB) TEXT libc_shmdt_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_shmdt(SB) - GLOBL ·libc_shmdt_trampoline_addr(SB), RODATA, $8 DATA ·libc_shmdt_trampoline_addr(SB)/8, $libc_shmdt_trampoline<>(SB) TEXT libc_shmget_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_shmget(SB) - GLOBL ·libc_shmget_trampoline_addr(SB), RODATA, $8 DATA ·libc_shmget_trampoline_addr(SB)/8, $libc_shmget_trampoline<>(SB) TEXT libc_access_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_access(SB) - GLOBL ·libc_access_trampoline_addr(SB), RODATA, $8 DATA ·libc_access_trampoline_addr(SB)/8, $libc_access_trampoline<>(SB) TEXT libc_adjtime_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_adjtime(SB) - GLOBL ·libc_adjtime_trampoline_addr(SB), RODATA, $8 DATA ·libc_adjtime_trampoline_addr(SB)/8, $libc_adjtime_trampoline<>(SB) TEXT libc_chdir_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_chdir(SB) - GLOBL ·libc_chdir_trampoline_addr(SB), RODATA, $8 DATA ·libc_chdir_trampoline_addr(SB)/8, $libc_chdir_trampoline<>(SB) TEXT libc_chflags_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_chflags(SB) - GLOBL ·libc_chflags_trampoline_addr(SB), RODATA, $8 DATA ·libc_chflags_trampoline_addr(SB)/8, $libc_chflags_trampoline<>(SB) TEXT libc_chmod_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_chmod(SB) - GLOBL ·libc_chmod_trampoline_addr(SB), RODATA, $8 DATA ·libc_chmod_trampoline_addr(SB)/8, $libc_chmod_trampoline<>(SB) TEXT libc_chown_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_chown(SB) - GLOBL ·libc_chown_trampoline_addr(SB), RODATA, $8 DATA ·libc_chown_trampoline_addr(SB)/8, $libc_chown_trampoline<>(SB) TEXT libc_chroot_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_chroot(SB) - GLOBL ·libc_chroot_trampoline_addr(SB), RODATA, $8 DATA ·libc_chroot_trampoline_addr(SB)/8, $libc_chroot_trampoline<>(SB) TEXT libc_clock_gettime_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_clock_gettime(SB) - GLOBL ·libc_clock_gettime_trampoline_addr(SB), RODATA, $8 DATA ·libc_clock_gettime_trampoline_addr(SB)/8, $libc_clock_gettime_trampoline<>(SB) TEXT libc_close_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_close(SB) - GLOBL ·libc_close_trampoline_addr(SB), RODATA, $8 DATA ·libc_close_trampoline_addr(SB)/8, $libc_close_trampoline<>(SB) TEXT libc_clonefile_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_clonefile(SB) - GLOBL ·libc_clonefile_trampoline_addr(SB), RODATA, $8 DATA ·libc_clonefile_trampoline_addr(SB)/8, $libc_clonefile_trampoline<>(SB) TEXT libc_clonefileat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_clonefileat(SB) - GLOBL ·libc_clonefileat_trampoline_addr(SB), RODATA, $8 DATA ·libc_clonefileat_trampoline_addr(SB)/8, $libc_clonefileat_trampoline<>(SB) TEXT libc_dup_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_dup(SB) - GLOBL ·libc_dup_trampoline_addr(SB), RODATA, $8 DATA ·libc_dup_trampoline_addr(SB)/8, $libc_dup_trampoline<>(SB) TEXT libc_dup2_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_dup2(SB) - GLOBL ·libc_dup2_trampoline_addr(SB), RODATA, $8 DATA ·libc_dup2_trampoline_addr(SB)/8, $libc_dup2_trampoline<>(SB) TEXT libc_exchangedata_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_exchangedata(SB) - GLOBL ·libc_exchangedata_trampoline_addr(SB), RODATA, $8 DATA ·libc_exchangedata_trampoline_addr(SB)/8, $libc_exchangedata_trampoline<>(SB) TEXT libc_exit_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_exit(SB) - GLOBL ·libc_exit_trampoline_addr(SB), RODATA, $8 DATA ·libc_exit_trampoline_addr(SB)/8, $libc_exit_trampoline<>(SB) TEXT libc_faccessat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_faccessat(SB) - GLOBL ·libc_faccessat_trampoline_addr(SB), RODATA, $8 DATA ·libc_faccessat_trampoline_addr(SB)/8, $libc_faccessat_trampoline<>(SB) TEXT libc_fchdir_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fchdir(SB) - GLOBL ·libc_fchdir_trampoline_addr(SB), RODATA, $8 DATA ·libc_fchdir_trampoline_addr(SB)/8, $libc_fchdir_trampoline<>(SB) TEXT libc_fchflags_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fchflags(SB) - GLOBL ·libc_fchflags_trampoline_addr(SB), RODATA, $8 DATA ·libc_fchflags_trampoline_addr(SB)/8, $libc_fchflags_trampoline<>(SB) TEXT libc_fchmod_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fchmod(SB) - GLOBL ·libc_fchmod_trampoline_addr(SB), RODATA, $8 DATA ·libc_fchmod_trampoline_addr(SB)/8, $libc_fchmod_trampoline<>(SB) TEXT libc_fchmodat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fchmodat(SB) - GLOBL ·libc_fchmodat_trampoline_addr(SB), RODATA, $8 DATA ·libc_fchmodat_trampoline_addr(SB)/8, $libc_fchmodat_trampoline<>(SB) TEXT libc_fchown_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fchown(SB) - GLOBL ·libc_fchown_trampoline_addr(SB), RODATA, $8 DATA ·libc_fchown_trampoline_addr(SB)/8, $libc_fchown_trampoline<>(SB) TEXT libc_fchownat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fchownat(SB) - GLOBL ·libc_fchownat_trampoline_addr(SB), RODATA, $8 DATA ·libc_fchownat_trampoline_addr(SB)/8, $libc_fchownat_trampoline<>(SB) TEXT libc_fclonefileat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fclonefileat(SB) - GLOBL ·libc_fclonefileat_trampoline_addr(SB), RODATA, $8 DATA ·libc_fclonefileat_trampoline_addr(SB)/8, $libc_fclonefileat_trampoline<>(SB) TEXT libc_flock_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_flock(SB) - GLOBL ·libc_flock_trampoline_addr(SB), RODATA, $8 DATA ·libc_flock_trampoline_addr(SB)/8, $libc_flock_trampoline<>(SB) TEXT libc_fpathconf_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fpathconf(SB) - GLOBL ·libc_fpathconf_trampoline_addr(SB), RODATA, $8 DATA ·libc_fpathconf_trampoline_addr(SB)/8, $libc_fpathconf_trampoline<>(SB) TEXT libc_fsync_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fsync(SB) - GLOBL ·libc_fsync_trampoline_addr(SB), RODATA, $8 DATA ·libc_fsync_trampoline_addr(SB)/8, $libc_fsync_trampoline<>(SB) TEXT libc_ftruncate_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_ftruncate(SB) - GLOBL ·libc_ftruncate_trampoline_addr(SB), RODATA, $8 DATA ·libc_ftruncate_trampoline_addr(SB)/8, $libc_ftruncate_trampoline<>(SB) TEXT libc_getcwd_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getcwd(SB) - GLOBL ·libc_getcwd_trampoline_addr(SB), RODATA, $8 DATA ·libc_getcwd_trampoline_addr(SB)/8, $libc_getcwd_trampoline<>(SB) TEXT libc_getdtablesize_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getdtablesize(SB) - GLOBL ·libc_getdtablesize_trampoline_addr(SB), RODATA, $8 DATA ·libc_getdtablesize_trampoline_addr(SB)/8, $libc_getdtablesize_trampoline<>(SB) TEXT libc_getegid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getegid(SB) - GLOBL ·libc_getegid_trampoline_addr(SB), RODATA, $8 DATA ·libc_getegid_trampoline_addr(SB)/8, $libc_getegid_trampoline<>(SB) TEXT libc_geteuid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_geteuid(SB) - GLOBL ·libc_geteuid_trampoline_addr(SB), RODATA, $8 DATA ·libc_geteuid_trampoline_addr(SB)/8, $libc_geteuid_trampoline<>(SB) TEXT libc_getgid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getgid(SB) - GLOBL ·libc_getgid_trampoline_addr(SB), RODATA, $8 DATA ·libc_getgid_trampoline_addr(SB)/8, $libc_getgid_trampoline<>(SB) TEXT libc_getpgid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getpgid(SB) - GLOBL ·libc_getpgid_trampoline_addr(SB), RODATA, $8 DATA ·libc_getpgid_trampoline_addr(SB)/8, $libc_getpgid_trampoline<>(SB) TEXT libc_getpgrp_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getpgrp(SB) - GLOBL ·libc_getpgrp_trampoline_addr(SB), RODATA, $8 DATA ·libc_getpgrp_trampoline_addr(SB)/8, $libc_getpgrp_trampoline<>(SB) TEXT libc_getpid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getpid(SB) - GLOBL ·libc_getpid_trampoline_addr(SB), RODATA, $8 DATA ·libc_getpid_trampoline_addr(SB)/8, $libc_getpid_trampoline<>(SB) TEXT libc_getppid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getppid(SB) - GLOBL ·libc_getppid_trampoline_addr(SB), RODATA, $8 DATA ·libc_getppid_trampoline_addr(SB)/8, $libc_getppid_trampoline<>(SB) TEXT libc_getpriority_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getpriority(SB) - GLOBL ·libc_getpriority_trampoline_addr(SB), RODATA, $8 DATA ·libc_getpriority_trampoline_addr(SB)/8, $libc_getpriority_trampoline<>(SB) TEXT libc_getrlimit_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getrlimit(SB) - GLOBL ·libc_getrlimit_trampoline_addr(SB), RODATA, $8 DATA ·libc_getrlimit_trampoline_addr(SB)/8, $libc_getrlimit_trampoline<>(SB) TEXT libc_getrusage_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getrusage(SB) - GLOBL ·libc_getrusage_trampoline_addr(SB), RODATA, $8 DATA ·libc_getrusage_trampoline_addr(SB)/8, $libc_getrusage_trampoline<>(SB) TEXT libc_getsid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getsid(SB) - GLOBL ·libc_getsid_trampoline_addr(SB), RODATA, $8 DATA ·libc_getsid_trampoline_addr(SB)/8, $libc_getsid_trampoline<>(SB) TEXT libc_gettimeofday_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_gettimeofday(SB) - GLOBL ·libc_gettimeofday_trampoline_addr(SB), RODATA, $8 DATA ·libc_gettimeofday_trampoline_addr(SB)/8, $libc_gettimeofday_trampoline<>(SB) TEXT libc_getuid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getuid(SB) - GLOBL ·libc_getuid_trampoline_addr(SB), RODATA, $8 DATA ·libc_getuid_trampoline_addr(SB)/8, $libc_getuid_trampoline<>(SB) TEXT libc_issetugid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_issetugid(SB) - GLOBL ·libc_issetugid_trampoline_addr(SB), RODATA, $8 DATA ·libc_issetugid_trampoline_addr(SB)/8, $libc_issetugid_trampoline<>(SB) TEXT libc_kqueue_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_kqueue(SB) - GLOBL ·libc_kqueue_trampoline_addr(SB), RODATA, $8 DATA ·libc_kqueue_trampoline_addr(SB)/8, $libc_kqueue_trampoline<>(SB) TEXT libc_lchown_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_lchown(SB) - GLOBL ·libc_lchown_trampoline_addr(SB), RODATA, $8 DATA ·libc_lchown_trampoline_addr(SB)/8, $libc_lchown_trampoline<>(SB) TEXT libc_link_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_link(SB) - GLOBL ·libc_link_trampoline_addr(SB), RODATA, $8 DATA ·libc_link_trampoline_addr(SB)/8, $libc_link_trampoline<>(SB) TEXT libc_linkat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_linkat(SB) - GLOBL ·libc_linkat_trampoline_addr(SB), RODATA, $8 DATA ·libc_linkat_trampoline_addr(SB)/8, $libc_linkat_trampoline<>(SB) TEXT libc_listen_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_listen(SB) - GLOBL ·libc_listen_trampoline_addr(SB), RODATA, $8 DATA ·libc_listen_trampoline_addr(SB)/8, $libc_listen_trampoline<>(SB) TEXT libc_mkdir_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_mkdir(SB) - GLOBL ·libc_mkdir_trampoline_addr(SB), RODATA, $8 DATA ·libc_mkdir_trampoline_addr(SB)/8, $libc_mkdir_trampoline<>(SB) TEXT libc_mkdirat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_mkdirat(SB) - GLOBL ·libc_mkdirat_trampoline_addr(SB), RODATA, $8 DATA ·libc_mkdirat_trampoline_addr(SB)/8, $libc_mkdirat_trampoline<>(SB) TEXT libc_mkfifo_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_mkfifo(SB) - GLOBL ·libc_mkfifo_trampoline_addr(SB), RODATA, $8 DATA ·libc_mkfifo_trampoline_addr(SB)/8, $libc_mkfifo_trampoline<>(SB) TEXT libc_mknod_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_mknod(SB) - GLOBL ·libc_mknod_trampoline_addr(SB), RODATA, $8 DATA ·libc_mknod_trampoline_addr(SB)/8, $libc_mknod_trampoline<>(SB) TEXT libc_mount_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_mount(SB) - GLOBL ·libc_mount_trampoline_addr(SB), RODATA, $8 DATA ·libc_mount_trampoline_addr(SB)/8, $libc_mount_trampoline<>(SB) TEXT libc_open_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_open(SB) - GLOBL ·libc_open_trampoline_addr(SB), RODATA, $8 DATA ·libc_open_trampoline_addr(SB)/8, $libc_open_trampoline<>(SB) TEXT libc_openat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_openat(SB) - GLOBL ·libc_openat_trampoline_addr(SB), RODATA, $8 DATA ·libc_openat_trampoline_addr(SB)/8, $libc_openat_trampoline<>(SB) TEXT libc_pathconf_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_pathconf(SB) - GLOBL ·libc_pathconf_trampoline_addr(SB), RODATA, $8 DATA ·libc_pathconf_trampoline_addr(SB)/8, $libc_pathconf_trampoline<>(SB) TEXT libc_pread_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_pread(SB) - GLOBL ·libc_pread_trampoline_addr(SB), RODATA, $8 DATA ·libc_pread_trampoline_addr(SB)/8, $libc_pread_trampoline<>(SB) TEXT libc_pwrite_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_pwrite(SB) - GLOBL ·libc_pwrite_trampoline_addr(SB), RODATA, $8 DATA ·libc_pwrite_trampoline_addr(SB)/8, $libc_pwrite_trampoline<>(SB) TEXT libc_read_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_read(SB) - GLOBL ·libc_read_trampoline_addr(SB), RODATA, $8 DATA ·libc_read_trampoline_addr(SB)/8, $libc_read_trampoline<>(SB) TEXT libc_readlink_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_readlink(SB) - GLOBL ·libc_readlink_trampoline_addr(SB), RODATA, $8 DATA ·libc_readlink_trampoline_addr(SB)/8, $libc_readlink_trampoline<>(SB) TEXT libc_readlinkat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_readlinkat(SB) - GLOBL ·libc_readlinkat_trampoline_addr(SB), RODATA, $8 DATA ·libc_readlinkat_trampoline_addr(SB)/8, $libc_readlinkat_trampoline<>(SB) TEXT libc_rename_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_rename(SB) - GLOBL ·libc_rename_trampoline_addr(SB), RODATA, $8 DATA ·libc_rename_trampoline_addr(SB)/8, $libc_rename_trampoline<>(SB) TEXT libc_renameat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_renameat(SB) - GLOBL ·libc_renameat_trampoline_addr(SB), RODATA, $8 DATA ·libc_renameat_trampoline_addr(SB)/8, $libc_renameat_trampoline<>(SB) TEXT libc_revoke_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_revoke(SB) - GLOBL ·libc_revoke_trampoline_addr(SB), RODATA, $8 DATA ·libc_revoke_trampoline_addr(SB)/8, $libc_revoke_trampoline<>(SB) TEXT libc_rmdir_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_rmdir(SB) - GLOBL ·libc_rmdir_trampoline_addr(SB), RODATA, $8 DATA ·libc_rmdir_trampoline_addr(SB)/8, $libc_rmdir_trampoline<>(SB) TEXT libc_lseek_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_lseek(SB) - GLOBL ·libc_lseek_trampoline_addr(SB), RODATA, $8 DATA ·libc_lseek_trampoline_addr(SB)/8, $libc_lseek_trampoline<>(SB) TEXT libc_select_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_select(SB) - GLOBL ·libc_select_trampoline_addr(SB), RODATA, $8 DATA ·libc_select_trampoline_addr(SB)/8, $libc_select_trampoline<>(SB) @@ -712,192 +595,160 @@ DATA ·libc_setattrlist_trampoline_addr(SB)/8, $libc_setattrlist_trampoline<>(SB TEXT libc_setegid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setegid(SB) - GLOBL ·libc_setegid_trampoline_addr(SB), RODATA, $8 DATA ·libc_setegid_trampoline_addr(SB)/8, $libc_setegid_trampoline<>(SB) TEXT libc_seteuid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_seteuid(SB) - GLOBL ·libc_seteuid_trampoline_addr(SB), RODATA, $8 DATA ·libc_seteuid_trampoline_addr(SB)/8, $libc_seteuid_trampoline<>(SB) TEXT libc_setgid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setgid(SB) - GLOBL ·libc_setgid_trampoline_addr(SB), RODATA, $8 DATA ·libc_setgid_trampoline_addr(SB)/8, $libc_setgid_trampoline<>(SB) TEXT libc_setlogin_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setlogin(SB) - GLOBL ·libc_setlogin_trampoline_addr(SB), RODATA, $8 DATA ·libc_setlogin_trampoline_addr(SB)/8, $libc_setlogin_trampoline<>(SB) TEXT libc_setpgid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setpgid(SB) - GLOBL ·libc_setpgid_trampoline_addr(SB), RODATA, $8 DATA ·libc_setpgid_trampoline_addr(SB)/8, $libc_setpgid_trampoline<>(SB) TEXT libc_setpriority_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setpriority(SB) - GLOBL ·libc_setpriority_trampoline_addr(SB), RODATA, $8 DATA ·libc_setpriority_trampoline_addr(SB)/8, $libc_setpriority_trampoline<>(SB) TEXT libc_setprivexec_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setprivexec(SB) - GLOBL ·libc_setprivexec_trampoline_addr(SB), RODATA, $8 DATA ·libc_setprivexec_trampoline_addr(SB)/8, $libc_setprivexec_trampoline<>(SB) TEXT libc_setregid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setregid(SB) - GLOBL ·libc_setregid_trampoline_addr(SB), RODATA, $8 DATA ·libc_setregid_trampoline_addr(SB)/8, $libc_setregid_trampoline<>(SB) TEXT libc_setreuid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setreuid(SB) - GLOBL ·libc_setreuid_trampoline_addr(SB), RODATA, $8 DATA ·libc_setreuid_trampoline_addr(SB)/8, $libc_setreuid_trampoline<>(SB) TEXT libc_setsid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setsid(SB) - GLOBL ·libc_setsid_trampoline_addr(SB), RODATA, $8 DATA ·libc_setsid_trampoline_addr(SB)/8, $libc_setsid_trampoline<>(SB) TEXT libc_settimeofday_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_settimeofday(SB) - GLOBL ·libc_settimeofday_trampoline_addr(SB), RODATA, $8 DATA ·libc_settimeofday_trampoline_addr(SB)/8, $libc_settimeofday_trampoline<>(SB) TEXT libc_setuid_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_setuid(SB) - GLOBL ·libc_setuid_trampoline_addr(SB), RODATA, $8 DATA ·libc_setuid_trampoline_addr(SB)/8, $libc_setuid_trampoline<>(SB) TEXT libc_symlink_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_symlink(SB) - GLOBL ·libc_symlink_trampoline_addr(SB), RODATA, $8 DATA ·libc_symlink_trampoline_addr(SB)/8, $libc_symlink_trampoline<>(SB) TEXT libc_symlinkat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_symlinkat(SB) - GLOBL ·libc_symlinkat_trampoline_addr(SB), RODATA, $8 DATA ·libc_symlinkat_trampoline_addr(SB)/8, $libc_symlinkat_trampoline<>(SB) TEXT libc_sync_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_sync(SB) - GLOBL ·libc_sync_trampoline_addr(SB), RODATA, $8 DATA ·libc_sync_trampoline_addr(SB)/8, $libc_sync_trampoline<>(SB) TEXT libc_truncate_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_truncate(SB) - GLOBL ·libc_truncate_trampoline_addr(SB), RODATA, $8 DATA ·libc_truncate_trampoline_addr(SB)/8, $libc_truncate_trampoline<>(SB) TEXT libc_umask_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_umask(SB) - GLOBL ·libc_umask_trampoline_addr(SB), RODATA, $8 DATA ·libc_umask_trampoline_addr(SB)/8, $libc_umask_trampoline<>(SB) TEXT libc_undelete_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_undelete(SB) - GLOBL ·libc_undelete_trampoline_addr(SB), RODATA, $8 DATA ·libc_undelete_trampoline_addr(SB)/8, $libc_undelete_trampoline<>(SB) TEXT libc_unlink_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_unlink(SB) - GLOBL ·libc_unlink_trampoline_addr(SB), RODATA, $8 DATA ·libc_unlink_trampoline_addr(SB)/8, $libc_unlink_trampoline<>(SB) TEXT libc_unlinkat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_unlinkat(SB) - GLOBL ·libc_unlinkat_trampoline_addr(SB), RODATA, $8 DATA ·libc_unlinkat_trampoline_addr(SB)/8, $libc_unlinkat_trampoline<>(SB) TEXT libc_unmount_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_unmount(SB) - GLOBL ·libc_unmount_trampoline_addr(SB), RODATA, $8 DATA ·libc_unmount_trampoline_addr(SB)/8, $libc_unmount_trampoline<>(SB) TEXT libc_write_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_write(SB) - GLOBL ·libc_write_trampoline_addr(SB), RODATA, $8 DATA ·libc_write_trampoline_addr(SB)/8, $libc_write_trampoline<>(SB) TEXT libc_mmap_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_mmap(SB) - GLOBL ·libc_mmap_trampoline_addr(SB), RODATA, $8 DATA ·libc_mmap_trampoline_addr(SB)/8, $libc_mmap_trampoline<>(SB) TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_munmap(SB) - GLOBL ·libc_munmap_trampoline_addr(SB), RODATA, $8 DATA ·libc_munmap_trampoline_addr(SB)/8, $libc_munmap_trampoline<>(SB) TEXT libc_fstat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fstat(SB) - GLOBL ·libc_fstat_trampoline_addr(SB), RODATA, $8 DATA ·libc_fstat_trampoline_addr(SB)/8, $libc_fstat_trampoline<>(SB) TEXT libc_fstatat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fstatat(SB) - GLOBL ·libc_fstatat_trampoline_addr(SB), RODATA, $8 DATA ·libc_fstatat_trampoline_addr(SB)/8, $libc_fstatat_trampoline<>(SB) TEXT libc_fstatfs_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fstatfs(SB) - GLOBL ·libc_fstatfs_trampoline_addr(SB), RODATA, $8 DATA ·libc_fstatfs_trampoline_addr(SB)/8, $libc_fstatfs_trampoline<>(SB) TEXT libc_getfsstat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_getfsstat(SB) - GLOBL ·libc_getfsstat_trampoline_addr(SB), RODATA, $8 DATA ·libc_getfsstat_trampoline_addr(SB)/8, $libc_getfsstat_trampoline<>(SB) TEXT libc_lstat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_lstat(SB) - GLOBL ·libc_lstat_trampoline_addr(SB), RODATA, $8 DATA ·libc_lstat_trampoline_addr(SB)/8, $libc_lstat_trampoline<>(SB) TEXT libc_ptrace_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_ptrace(SB) - GLOBL ·libc_ptrace_trampoline_addr(SB), RODATA, $8 DATA ·libc_ptrace_trampoline_addr(SB)/8, $libc_ptrace_trampoline<>(SB) TEXT libc_stat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_stat(SB) - GLOBL ·libc_stat_trampoline_addr(SB), RODATA, $8 DATA ·libc_stat_trampoline_addr(SB)/8, $libc_stat_trampoline<>(SB) TEXT libc_statfs_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_statfs(SB) - GLOBL ·libc_statfs_trampoline_addr(SB), RODATA, $8 DATA ·libc_statfs_trampoline_addr(SB)/8, $libc_statfs_trampoline<>(SB) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go index 0eabac7ade2..0c67df64a50 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go @@ -1642,28 +1642,6 @@ func munmap(addr uintptr, length uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func readlen(fd int, buf *byte, nbuf int) (n int, err error) { - r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf)) - n = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func writelen(fd int, buf *byte, nbuf int) (n int, err error) { - r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf)) - n = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func accept4(fd int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (nfd int, err error) { r0, _, e1 := Syscall6(SYS_ACCEPT4, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0) nfd = int(r0) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go index ee313eb0073..e6e05d145bf 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go @@ -1862,28 +1862,6 @@ func munmap(addr uintptr, length uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func readlen(fd int, buf *byte, nbuf int) (n int, err error) { - r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf)) - n = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func writelen(fd int, buf *byte, nbuf int) (n int, err error) { - r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf)) - n = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func accept4(fd int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (nfd int, err error) { r0, _, e1 := Syscall6(SYS_ACCEPT4, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0) nfd = int(r0) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go index 4c986e448ee..7508accac92 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go @@ -1862,28 +1862,6 @@ func munmap(addr uintptr, length uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func readlen(fd int, buf *byte, nbuf int) (n int, err error) { - r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf)) - n = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func writelen(fd int, buf *byte, nbuf int) (n int, err error) { - r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf)) - n = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func accept4(fd int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (nfd int, err error) { r0, _, e1 := Syscall6(SYS_ACCEPT4, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0) nfd = int(r0) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go index 555216944a0..7b56aead469 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go @@ -1862,28 +1862,6 @@ func munmap(addr uintptr, length uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func readlen(fd int, buf *byte, nbuf int) (n int, err error) { - r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf)) - n = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func writelen(fd int, buf *byte, nbuf int) (n int, err error) { - r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf)) - n = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func accept4(fd int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (nfd int, err error) { r0, _, e1 := Syscall6(SYS_ACCEPT4, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0) nfd = int(r0) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go index 67a226fbf5e..cc623dcaae5 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go @@ -1862,28 +1862,6 @@ func munmap(addr uintptr, length uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func readlen(fd int, buf *byte, nbuf int) (n int, err error) { - r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf)) - n = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func writelen(fd int, buf *byte, nbuf int) (n int, err error) { - r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf)) - n = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func accept4(fd int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (nfd int, err error) { r0, _, e1 := Syscall6(SYS_ACCEPT4, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0) nfd = int(r0) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go index f0b9ddaaa26..58184919740 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go @@ -1862,28 +1862,6 @@ func munmap(addr uintptr, length uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func readlen(fd int, buf *byte, nbuf int) (n int, err error) { - r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf)) - n = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func writelen(fd int, buf *byte, nbuf int) (n int, err error) { - r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf)) - n = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func accept4(fd int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (nfd int, err error) { r0, _, e1 := Syscall6(SYS_ACCEPT4, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0) nfd = int(r0) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_illumos_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_illumos_amd64.go index b57c7050d7a..6be25cd1901 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_illumos_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_illumos_amd64.go @@ -40,7 +40,7 @@ func readv(fd int, iovs []Iovec) (n int, err error) { r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procreadv)), 3, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(len(iovs)), 0, 0, 0) n = int(r0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -55,7 +55,7 @@ func preadv(fd int, iovs []Iovec, off int64) (n int, err error) { r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procpreadv)), 4, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(len(iovs)), uintptr(off), 0, 0) n = int(r0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -70,7 +70,7 @@ func writev(fd int, iovs []Iovec) (n int, err error) { r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procwritev)), 3, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(len(iovs)), 0, 0, 0) n = int(r0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -85,7 +85,7 @@ func pwritev(fd int, iovs []Iovec, off int64) (n int, err error) { r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procpwritev)), 4, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(len(iovs)), uintptr(off), 0, 0) n = int(r0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -96,7 +96,7 @@ func accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procaccept4)), 4, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0) fd = int(r0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux.go b/vendor/golang.org/x/sys/unix/zsyscall_linux.go index 14ab34a5651..1ff3aec74c5 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux.go @@ -1734,28 +1734,6 @@ func exitThread(code int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func readlen(fd int, p *byte, np int) (n int, err error) { - r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(unsafe.Pointer(p)), uintptr(np)) - n = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func writelen(fd int, p *byte, np int) (n int, err error) { - r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(unsafe.Pointer(p)), uintptr(np)) - n = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func readv(fd int, iovs []Iovec) (n int, err error) { var _p0 unsafe.Pointer if len(iovs) > 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go index 35f499b32a3..2df3c5bac6d 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go @@ -1824,28 +1824,6 @@ func munmap(addr uintptr, length uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func readlen(fd int, buf *byte, nbuf int) (n int, err error) { - r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf)) - n = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func writelen(fd int, buf *byte, nbuf int) (n int, err error) { - r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf)) - n = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go index 3cda65b0da3..a60556babbf 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go @@ -1824,28 +1824,6 @@ func munmap(addr uintptr, length uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func readlen(fd int, buf *byte, nbuf int) (n int, err error) { - r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf)) - n = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func writelen(fd int, buf *byte, nbuf int) (n int, err error) { - r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf)) - n = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go index 1e1fea902be..9f788917a44 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go @@ -1824,28 +1824,6 @@ func munmap(addr uintptr, length uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func readlen(fd int, buf *byte, nbuf int) (n int, err error) { - r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf)) - n = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func writelen(fd int, buf *byte, nbuf int) (n int, err error) { - r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf)) - n = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go index 3b77da11079..82a4cb2dc43 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go @@ -1824,28 +1824,6 @@ func munmap(addr uintptr, length uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func readlen(fd int, buf *byte, nbuf int) (n int, err error) { - r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf)) - n = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func writelen(fd int, buf *byte, nbuf int) (n int, err error) { - r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf)) - n = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go index 9ab9abf7215..66b3b645633 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go @@ -549,6 +549,12 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { return } +var libc_ioctl_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_ioctl ioctl "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg)) if e1 != 0 { @@ -557,10 +563,6 @@ func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { return } -var libc_ioctl_trampoline_addr uintptr - -//go:cgo_import_dynamic libc_ioctl ioctl "libc.so" - // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { @@ -2211,28 +2213,6 @@ var libc_munmap_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func readlen(fd int, buf *byte, nbuf int) (n int, err error) { - r0, _, e1 := syscall_syscall(libc_read_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf)) - n = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func writelen(fd int, buf *byte, nbuf int) (n int, err error) { - r0, _, e1 := syscall_syscall(libc_write_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf)) - n = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go index 915761eab77..c5c4cc112ed 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go @@ -2213,28 +2213,6 @@ var libc_munmap_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func readlen(fd int, buf *byte, nbuf int) (n int, err error) { - r0, _, e1 := syscall_syscall(libc_read_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf)) - n = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func writelen(fd int, buf *byte, nbuf int) (n int, err error) { - r0, _, e1 := syscall_syscall(libc_write_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf)) - n = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go index 8e87fdf153f..93bfbb32874 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go @@ -549,6 +549,12 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { return } +var libc_ioctl_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_ioctl ioctl "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg)) if e1 != 0 { @@ -557,10 +563,6 @@ func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { return } -var libc_ioctl_trampoline_addr uintptr - -//go:cgo_import_dynamic libc_ioctl ioctl "libc.so" - // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { @@ -2211,28 +2213,6 @@ var libc_munmap_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func readlen(fd int, buf *byte, nbuf int) (n int, err error) { - r0, _, e1 := syscall_syscall(libc_read_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf)) - n = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func writelen(fd int, buf *byte, nbuf int) (n int, err error) { - r0, _, e1 := syscall_syscall(libc_write_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf)) - n = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go index 12a7a2160e0..a107b8fda5f 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go @@ -549,6 +549,12 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { return } +var libc_ioctl_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_ioctl ioctl "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg)) if e1 != 0 { @@ -557,10 +563,6 @@ func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { return } -var libc_ioctl_trampoline_addr uintptr - -//go:cgo_import_dynamic libc_ioctl ioctl "libc.so" - // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { @@ -2211,28 +2213,6 @@ var libc_munmap_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func readlen(fd int, buf *byte, nbuf int) (n int, err error) { - r0, _, e1 := syscall_syscall(libc_read_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf)) - n = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func writelen(fd int, buf *byte, nbuf int) (n int, err error) { - r0, _, e1 := syscall_syscall(libc_write_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf)) - n = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go index b19e8aa031d..c427de509e3 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go @@ -549,6 +549,12 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { return } +var libc_ioctl_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_ioctl ioctl "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg)) if e1 != 0 { @@ -557,10 +563,6 @@ func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { return } -var libc_ioctl_trampoline_addr uintptr - -//go:cgo_import_dynamic libc_ioctl ioctl "libc.so" - // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { @@ -2211,28 +2213,6 @@ var libc_munmap_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func readlen(fd int, buf *byte, nbuf int) (n int, err error) { - r0, _, e1 := syscall_syscall(libc_read_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf)) - n = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func writelen(fd int, buf *byte, nbuf int) (n int, err error) { - r0, _, e1 := syscall_syscall(libc_write_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf)) - n = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go index fb99594c937..60c1a99ae49 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go @@ -549,6 +549,12 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { return } +var libc_ioctl_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_ioctl ioctl "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg)) if e1 != 0 { @@ -557,10 +563,6 @@ func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { return } -var libc_ioctl_trampoline_addr uintptr - -//go:cgo_import_dynamic libc_ioctl ioctl "libc.so" - // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { @@ -2211,28 +2213,6 @@ var libc_munmap_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func readlen(fd int, buf *byte, nbuf int) (n int, err error) { - r0, _, e1 := syscall_syscall(libc_read_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf)) - n = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func writelen(fd int, buf *byte, nbuf int) (n int, err error) { - r0, _, e1 := syscall_syscall(libc_write_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf)) - n = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go index 32cbbbc52b5..52eba360f81 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go @@ -549,6 +549,12 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { return } +var libc_ioctl_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_ioctl ioctl "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg)) if e1 != 0 { @@ -557,10 +563,6 @@ func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { return } -var libc_ioctl_trampoline_addr uintptr - -//go:cgo_import_dynamic libc_ioctl ioctl "libc.so" - // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { @@ -2211,28 +2213,6 @@ var libc_munmap_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func readlen(fd int, buf *byte, nbuf int) (n int, err error) { - r0, _, e1 := syscall_syscall(libc_read_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf)) - n = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func writelen(fd int, buf *byte, nbuf int) (n int, err error) { - r0, _, e1 := syscall_syscall(libc_write_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf)) - n = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go index 609d1c598a8..b401894644f 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go @@ -436,7 +436,7 @@ func pipe(p *[2]_C_int) (n int, err error) { r0, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procpipe)), 1, uintptr(unsafe.Pointer(p)), 0, 0, 0, 0, 0) n = int(r0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -446,7 +446,7 @@ func pipe(p *[2]_C_int) (n int, err error) { func pipe2(p *[2]_C_int, flags int) (err error) { _, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procpipe2)), 2, uintptr(unsafe.Pointer(p)), uintptr(flags), 0, 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -456,7 +456,7 @@ func pipe2(p *[2]_C_int, flags int) (err error) { func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) { _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procgetsockname)), 3, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -471,7 +471,7 @@ func Getcwd(buf []byte) (n int, err error) { r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procGetcwd)), 2, uintptr(unsafe.Pointer(_p0)), uintptr(len(buf)), 0, 0, 0, 0) n = int(r0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -482,7 +482,7 @@ func getgroups(ngid int, gid *_Gid_t) (n int, err error) { r0, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procgetgroups)), 2, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0, 0, 0, 0) n = int(r0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -492,7 +492,7 @@ func getgroups(ngid int, gid *_Gid_t) (n int, err error) { func setgroups(ngid int, gid *_Gid_t) (err error) { _, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procsetgroups)), 2, uintptr(ngid), uintptr(unsafe.Pointer(gid)), 0, 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -503,7 +503,7 @@ func wait4(pid int32, statusp *_C_int, options int, rusage *Rusage) (wpid int32, r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procwait4)), 4, uintptr(pid), uintptr(unsafe.Pointer(statusp)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0, 0) wpid = int32(r0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -518,7 +518,7 @@ func gethostname(buf []byte) (n int, err error) { r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procgethostname)), 2, uintptr(unsafe.Pointer(_p0)), uintptr(len(buf)), 0, 0, 0, 0) n = int(r0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -533,7 +533,7 @@ func utimes(path string, times *[2]Timeval) (err error) { } _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procutimes)), 2, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), 0, 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -548,7 +548,7 @@ func utimensat(fd int, path string, times *[2]Timespec, flag int) (err error) { } _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procutimensat)), 4, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), uintptr(flag), 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -559,7 +559,7 @@ func fcntl(fd int, cmd int, arg int) (val int, err error) { r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procfcntl)), 3, uintptr(fd), uintptr(cmd), uintptr(arg), 0, 0, 0) val = int(r0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -569,7 +569,7 @@ func fcntl(fd int, cmd int, arg int) (val int, err error) { func futimesat(fildes int, path *byte, times *[2]Timeval) (err error) { _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procfutimesat)), 3, uintptr(fildes), uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(times)), 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -580,7 +580,7 @@ func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) { r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procaccept)), 3, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), 0, 0, 0) fd = int(r0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -591,7 +591,7 @@ func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) { r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&proc__xnet_recvmsg)), 3, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags), 0, 0, 0) n = int(r0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -602,7 +602,7 @@ func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) { r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&proc__xnet_sendmsg)), 3, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags), 0, 0, 0) n = int(r0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -612,7 +612,7 @@ func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) { func acct(path *byte) (err error) { _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procacct)), 1, uintptr(unsafe.Pointer(path)), 0, 0, 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -647,7 +647,7 @@ func ioctlRet(fd int, req int, arg uintptr) (ret int, err error) { r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procioctl)), 3, uintptr(fd), uintptr(req), uintptr(arg), 0, 0, 0) ret = int(r0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -658,7 +658,7 @@ func ioctlPtrRet(fd int, req int, arg unsafe.Pointer) (ret int, err error) { r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procioctl)), 3, uintptr(fd), uintptr(req), uintptr(arg), 0, 0, 0) ret = int(r0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -669,7 +669,7 @@ func poll(fds *PollFd, nfds int, timeout int) (n int, err error) { r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procpoll)), 3, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout), 0, 0, 0) n = int(r0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -684,7 +684,7 @@ func Access(path string, mode uint32) (err error) { } _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procAccess)), 2, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0, 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -694,7 +694,7 @@ func Access(path string, mode uint32) (err error) { func Adjtime(delta *Timeval, olddelta *Timeval) (err error) { _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procAdjtime)), 2, uintptr(unsafe.Pointer(delta)), uintptr(unsafe.Pointer(olddelta)), 0, 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -709,7 +709,7 @@ func Chdir(path string) (err error) { } _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procChdir)), 1, uintptr(unsafe.Pointer(_p0)), 0, 0, 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -724,7 +724,7 @@ func Chmod(path string, mode uint32) (err error) { } _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procChmod)), 2, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0, 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -739,7 +739,7 @@ func Chown(path string, uid int, gid int) (err error) { } _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procChown)), 3, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -754,7 +754,7 @@ func Chroot(path string) (err error) { } _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procChroot)), 1, uintptr(unsafe.Pointer(_p0)), 0, 0, 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -764,7 +764,7 @@ func Chroot(path string) (err error) { func ClockGettime(clockid int32, time *Timespec) (err error) { _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procClockGettime)), 2, uintptr(clockid), uintptr(unsafe.Pointer(time)), 0, 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -774,7 +774,7 @@ func ClockGettime(clockid int32, time *Timespec) (err error) { func Close(fd int) (err error) { _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procClose)), 1, uintptr(fd), 0, 0, 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -790,7 +790,7 @@ func Creat(path string, mode uint32) (fd int, err error) { r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procCreat)), 2, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0, 0, 0, 0) fd = int(r0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -801,7 +801,7 @@ func Dup(fd int) (nfd int, err error) { r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procDup)), 1, uintptr(fd), 0, 0, 0, 0, 0) nfd = int(r0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -811,7 +811,7 @@ func Dup(fd int) (nfd int, err error) { func Dup2(oldfd int, newfd int) (err error) { _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procDup2)), 2, uintptr(oldfd), uintptr(newfd), 0, 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -833,7 +833,7 @@ func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) { } _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procFaccessat)), 4, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -843,7 +843,7 @@ func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) { func Fchdir(fd int) (err error) { _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procFchdir)), 1, uintptr(fd), 0, 0, 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -853,7 +853,7 @@ func Fchdir(fd int) (err error) { func Fchmod(fd int, mode uint32) (err error) { _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procFchmod)), 2, uintptr(fd), uintptr(mode), 0, 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -868,7 +868,7 @@ func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) { } _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procFchmodat)), 4, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -878,7 +878,7 @@ func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) { func Fchown(fd int, uid int, gid int) (err error) { _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procFchown)), 3, uintptr(fd), uintptr(uid), uintptr(gid), 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -893,7 +893,7 @@ func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) { } _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procFchownat)), 5, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -903,7 +903,7 @@ func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) { func Fdatasync(fd int) (err error) { _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procFdatasync)), 1, uintptr(fd), 0, 0, 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -913,7 +913,7 @@ func Fdatasync(fd int) (err error) { func Flock(fd int, how int) (err error) { _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procFlock)), 2, uintptr(fd), uintptr(how), 0, 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -924,7 +924,7 @@ func Fpathconf(fd int, name int) (val int, err error) { r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procFpathconf)), 2, uintptr(fd), uintptr(name), 0, 0, 0, 0) val = int(r0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -934,7 +934,7 @@ func Fpathconf(fd int, name int) (val int, err error) { func Fstat(fd int, stat *Stat_t) (err error) { _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procFstat)), 2, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0, 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -949,7 +949,7 @@ func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) { } _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procFstatat)), 4, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -959,7 +959,7 @@ func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) { func Fstatvfs(fd int, vfsstat *Statvfs_t) (err error) { _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procFstatvfs)), 2, uintptr(fd), uintptr(unsafe.Pointer(vfsstat)), 0, 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -974,7 +974,7 @@ func Getdents(fd int, buf []byte, basep *uintptr) (n int, err error) { r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procGetdents)), 4, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(len(buf)), uintptr(unsafe.Pointer(basep)), 0, 0) n = int(r0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1001,7 +1001,7 @@ func Getpgid(pid int) (pgid int, err error) { r0, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procGetpgid)), 1, uintptr(pid), 0, 0, 0, 0, 0) pgid = int(r0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1012,7 +1012,7 @@ func Getpgrp() (pgid int, err error) { r0, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procGetpgrp)), 0, 0, 0, 0, 0, 0, 0) pgid = int(r0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1047,7 +1047,7 @@ func Getpriority(which int, who int) (n int, err error) { r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procGetpriority)), 2, uintptr(which), uintptr(who), 0, 0, 0, 0) n = int(r0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1057,7 +1057,7 @@ func Getpriority(which int, who int) (n int, err error) { func Getrlimit(which int, lim *Rlimit) (err error) { _, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procGetrlimit)), 2, uintptr(which), uintptr(unsafe.Pointer(lim)), 0, 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1067,7 +1067,7 @@ func Getrlimit(which int, lim *Rlimit) (err error) { func Getrusage(who int, rusage *Rusage) (err error) { _, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procGetrusage)), 2, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0, 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1078,7 +1078,7 @@ func Getsid(pid int) (sid int, err error) { r0, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procGetsid)), 1, uintptr(pid), 0, 0, 0, 0, 0) sid = int(r0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1088,7 +1088,7 @@ func Getsid(pid int) (sid int, err error) { func Gettimeofday(tv *Timeval) (err error) { _, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procGettimeofday)), 1, uintptr(unsafe.Pointer(tv)), 0, 0, 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1106,7 +1106,7 @@ func Getuid() (uid int) { func Kill(pid int, signum syscall.Signal) (err error) { _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procKill)), 2, uintptr(pid), uintptr(signum), 0, 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1121,7 +1121,7 @@ func Lchown(path string, uid int, gid int) (err error) { } _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procLchown)), 3, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1141,7 +1141,7 @@ func Link(path string, link string) (err error) { } _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procLink)), 2, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0, 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1151,7 +1151,7 @@ func Link(path string, link string) (err error) { func Listen(s int, backlog int) (err error) { _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&proc__xnet_llisten)), 2, uintptr(s), uintptr(backlog), 0, 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1166,7 +1166,7 @@ func Lstat(path string, stat *Stat_t) (err error) { } _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procLstat)), 2, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0, 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1180,7 +1180,7 @@ func Madvise(b []byte, advice int) (err error) { } _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procMadvise)), 3, uintptr(unsafe.Pointer(_p0)), uintptr(len(b)), uintptr(advice), 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1195,7 +1195,7 @@ func Mkdir(path string, mode uint32) (err error) { } _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procMkdir)), 2, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0, 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1210,7 +1210,7 @@ func Mkdirat(dirfd int, path string, mode uint32) (err error) { } _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procMkdirat)), 3, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1225,7 +1225,7 @@ func Mkfifo(path string, mode uint32) (err error) { } _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procMkfifo)), 2, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0, 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1240,7 +1240,7 @@ func Mkfifoat(dirfd int, path string, mode uint32) (err error) { } _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procMkfifoat)), 3, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1255,7 +1255,7 @@ func Mknod(path string, mode uint32, dev int) (err error) { } _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procMknod)), 3, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1270,7 +1270,7 @@ func Mknodat(dirfd int, path string, mode uint32, dev int) (err error) { } _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procMknodat)), 4, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1284,7 +1284,7 @@ func Mlock(b []byte) (err error) { } _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procMlock)), 2, uintptr(unsafe.Pointer(_p0)), uintptr(len(b)), 0, 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1294,7 +1294,7 @@ func Mlock(b []byte) (err error) { func Mlockall(flags int) (err error) { _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procMlockall)), 1, uintptr(flags), 0, 0, 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1308,7 +1308,7 @@ func Mprotect(b []byte, prot int) (err error) { } _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procMprotect)), 3, uintptr(unsafe.Pointer(_p0)), uintptr(len(b)), uintptr(prot), 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1322,7 +1322,7 @@ func Msync(b []byte, flags int) (err error) { } _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procMsync)), 3, uintptr(unsafe.Pointer(_p0)), uintptr(len(b)), uintptr(flags), 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1336,7 +1336,7 @@ func Munlock(b []byte) (err error) { } _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procMunlock)), 2, uintptr(unsafe.Pointer(_p0)), uintptr(len(b)), 0, 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1346,7 +1346,7 @@ func Munlock(b []byte) (err error) { func Munlockall() (err error) { _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procMunlockall)), 0, 0, 0, 0, 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1356,7 +1356,7 @@ func Munlockall() (err error) { func Nanosleep(time *Timespec, leftover *Timespec) (err error) { _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procNanosleep)), 2, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0, 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1372,7 +1372,7 @@ func Open(path string, mode int, perm uint32) (fd int, err error) { r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procOpen)), 3, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm), 0, 0, 0) fd = int(r0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1388,7 +1388,7 @@ func Openat(dirfd int, path string, flags int, mode uint32) (fd int, err error) r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procOpenat)), 4, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags), uintptr(mode), 0, 0) fd = int(r0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1404,7 +1404,7 @@ func Pathconf(path string, name int) (val int, err error) { r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procPathconf)), 2, uintptr(unsafe.Pointer(_p0)), uintptr(name), 0, 0, 0, 0) val = int(r0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1414,7 +1414,7 @@ func Pathconf(path string, name int) (val int, err error) { func Pause() (err error) { _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procPause)), 0, 0, 0, 0, 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1429,7 +1429,7 @@ func pread(fd int, p []byte, offset int64) (n int, err error) { r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procpread)), 4, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(len(p)), uintptr(offset), 0, 0) n = int(r0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1444,7 +1444,7 @@ func pwrite(fd int, p []byte, offset int64) (n int, err error) { r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procpwrite)), 4, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(len(p)), uintptr(offset), 0, 0) n = int(r0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1459,7 +1459,7 @@ func read(fd int, p []byte) (n int, err error) { r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procread)), 3, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(len(p)), 0, 0, 0) n = int(r0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1479,7 +1479,7 @@ func Readlink(path string, buf []byte) (n int, err error) { r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procReadlink)), 3, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(len(buf)), 0, 0, 0) n = int(r0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1499,7 +1499,7 @@ func Rename(from string, to string) (err error) { } _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procRename)), 2, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0, 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1519,7 +1519,7 @@ func Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err e } _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procRenameat)), 4, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)), 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1534,7 +1534,7 @@ func Rmdir(path string) (err error) { } _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procRmdir)), 1, uintptr(unsafe.Pointer(_p0)), 0, 0, 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1545,7 +1545,7 @@ func Seek(fd int, offset int64, whence int) (newoffset int64, err error) { r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&proclseek)), 3, uintptr(fd), uintptr(offset), uintptr(whence), 0, 0, 0) newoffset = int64(r0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1556,7 +1556,7 @@ func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procSelect)), 5, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0) n = int(r0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1566,7 +1566,7 @@ func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err func Setegid(egid int) (err error) { _, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procSetegid)), 1, uintptr(egid), 0, 0, 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1576,7 +1576,7 @@ func Setegid(egid int) (err error) { func Seteuid(euid int) (err error) { _, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procSeteuid)), 1, uintptr(euid), 0, 0, 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1586,7 +1586,7 @@ func Seteuid(euid int) (err error) { func Setgid(gid int) (err error) { _, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procSetgid)), 1, uintptr(gid), 0, 0, 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1600,7 +1600,7 @@ func Sethostname(p []byte) (err error) { } _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procSethostname)), 2, uintptr(unsafe.Pointer(_p0)), uintptr(len(p)), 0, 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1610,7 +1610,7 @@ func Sethostname(p []byte) (err error) { func Setpgid(pid int, pgid int) (err error) { _, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procSetpgid)), 2, uintptr(pid), uintptr(pgid), 0, 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1620,7 +1620,7 @@ func Setpgid(pid int, pgid int) (err error) { func Setpriority(which int, who int, prio int) (err error) { _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procSetpriority)), 3, uintptr(which), uintptr(who), uintptr(prio), 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1630,7 +1630,7 @@ func Setpriority(which int, who int, prio int) (err error) { func Setregid(rgid int, egid int) (err error) { _, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procSetregid)), 2, uintptr(rgid), uintptr(egid), 0, 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1640,7 +1640,7 @@ func Setregid(rgid int, egid int) (err error) { func Setreuid(ruid int, euid int) (err error) { _, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procSetreuid)), 2, uintptr(ruid), uintptr(euid), 0, 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1651,7 +1651,7 @@ func Setsid() (pid int, err error) { r0, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procSetsid)), 0, 0, 0, 0, 0, 0, 0) pid = int(r0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1661,7 +1661,7 @@ func Setsid() (pid int, err error) { func Setuid(uid int) (err error) { _, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procSetuid)), 1, uintptr(uid), 0, 0, 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1671,7 +1671,7 @@ func Setuid(uid int) (err error) { func Shutdown(s int, how int) (err error) { _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procshutdown)), 2, uintptr(s), uintptr(how), 0, 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1686,7 +1686,7 @@ func Stat(path string, stat *Stat_t) (err error) { } _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procStat)), 2, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0, 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1701,7 +1701,7 @@ func Statvfs(path string, vfsstat *Statvfs_t) (err error) { } _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procStatvfs)), 2, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(vfsstat)), 0, 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1721,7 +1721,7 @@ func Symlink(path string, link string) (err error) { } _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procSymlink)), 2, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0, 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1731,7 +1731,7 @@ func Symlink(path string, link string) (err error) { func Sync() (err error) { _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procSync)), 0, 0, 0, 0, 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1742,7 +1742,7 @@ func Sysconf(which int) (n int64, err error) { r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procSysconf)), 1, uintptr(which), 0, 0, 0, 0, 0) n = int64(r0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1753,7 +1753,7 @@ func Times(tms *Tms) (ticks uintptr, err error) { r0, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procTimes)), 1, uintptr(unsafe.Pointer(tms)), 0, 0, 0, 0, 0) ticks = uintptr(r0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1768,7 +1768,7 @@ func Truncate(path string, length int64) (err error) { } _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procTruncate)), 2, uintptr(unsafe.Pointer(_p0)), uintptr(length), 0, 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1778,7 +1778,7 @@ func Truncate(path string, length int64) (err error) { func Fsync(fd int) (err error) { _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procFsync)), 1, uintptr(fd), 0, 0, 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1788,7 +1788,7 @@ func Fsync(fd int) (err error) { func Ftruncate(fd int, length int64) (err error) { _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procFtruncate)), 2, uintptr(fd), uintptr(length), 0, 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1806,7 +1806,7 @@ func Umask(mask int) (oldmask int) { func Uname(buf *Utsname) (err error) { _, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procUname)), 1, uintptr(unsafe.Pointer(buf)), 0, 0, 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1821,7 +1821,7 @@ func Unmount(target string, flags int) (err error) { } _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procumount)), 2, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0, 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1836,7 +1836,7 @@ func Unlink(path string) (err error) { } _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procUnlink)), 1, uintptr(unsafe.Pointer(_p0)), 0, 0, 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1851,7 +1851,7 @@ func Unlinkat(dirfd int, path string, flags int) (err error) { } _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procUnlinkat)), 3, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1861,7 +1861,7 @@ func Unlinkat(dirfd int, path string, flags int) (err error) { func Ustat(dev int, ubuf *Ustat_t) (err error) { _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procUstat)), 2, uintptr(dev), uintptr(unsafe.Pointer(ubuf)), 0, 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1876,7 +1876,7 @@ func Utime(path string, buf *Utimbuf) (err error) { } _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procUtime)), 2, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(buf)), 0, 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1886,7 +1886,7 @@ func Utime(path string, buf *Utimbuf) (err error) { func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) { _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&proc__xnet_bind)), 3, uintptr(s), uintptr(addr), uintptr(addrlen), 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1896,7 +1896,7 @@ func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) { func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) { _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&proc__xnet_connect)), 3, uintptr(s), uintptr(addr), uintptr(addrlen), 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1907,7 +1907,7 @@ func mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) ( r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procmmap)), 6, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flag), uintptr(fd), uintptr(pos)) ret = uintptr(r0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1917,7 +1917,7 @@ func mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) ( func munmap(addr uintptr, length uintptr) (err error) { _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procmunmap)), 2, uintptr(addr), uintptr(length), 0, 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1928,7 +1928,7 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procsendfile)), 4, uintptr(outfd), uintptr(infd), uintptr(unsafe.Pointer(offset)), uintptr(count), 0, 0) written = int(r0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1942,7 +1942,7 @@ func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) ( } _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&proc__xnet_sendto)), 6, uintptr(s), uintptr(unsafe.Pointer(_p0)), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen)) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1953,7 +1953,7 @@ func socket(domain int, typ int, proto int) (fd int, err error) { r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&proc__xnet_socket)), 3, uintptr(domain), uintptr(typ), uintptr(proto), 0, 0, 0) fd = int(r0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1963,7 +1963,7 @@ func socket(domain int, typ int, proto int) (fd int, err error) { func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) { _, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&proc__xnet_socketpair)), 4, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1978,7 +1978,7 @@ func write(fd int, p []byte) (n int, err error) { r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procwrite)), 3, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(len(p)), 0, 0, 0) n = int(r0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1988,7 +1988,7 @@ func write(fd int, p []byte) (n int, err error) { func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) { _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&proc__xnet_getsockopt)), 5, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -1998,7 +1998,7 @@ func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) { _, _, e1 := rawSysvicall6(uintptr(unsafe.Pointer(&procgetpeername)), 3, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), 0, 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -2008,7 +2008,7 @@ func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) { func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) { _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procsetsockopt)), 5, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -2023,7 +2023,7 @@ func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Sockl r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procrecvfrom)), 6, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen))) n = int(r0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -2034,7 +2034,7 @@ func port_create() (n int, err error) { r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procport_create)), 0, 0, 0, 0, 0, 0, 0) n = int(r0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -2045,7 +2045,7 @@ func port_associate(port int, source int, object uintptr, events int, user *byte r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procport_associate)), 5, uintptr(port), uintptr(source), uintptr(object), uintptr(events), uintptr(unsafe.Pointer(user)), 0) n = int(r0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -2056,7 +2056,7 @@ func port_dissociate(port int, source int, object uintptr) (n int, err error) { r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procport_dissociate)), 3, uintptr(port), uintptr(source), uintptr(object), 0, 0, 0) n = int(r0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -2067,7 +2067,7 @@ func port_get(port int, pe *portEvent, timeout *Timespec) (n int, err error) { r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procport_get)), 3, uintptr(port), uintptr(unsafe.Pointer(pe)), uintptr(unsafe.Pointer(timeout)), 0, 0, 0) n = int(r0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -2078,7 +2078,7 @@ func port_getn(port int, pe *portEvent, max uint32, nget *uint32, timeout *Times r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procport_getn)), 5, uintptr(port), uintptr(unsafe.Pointer(pe)), uintptr(max), uintptr(unsafe.Pointer(nget)), uintptr(unsafe.Pointer(timeout)), 0) n = int(r0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -2088,7 +2088,7 @@ func port_getn(port int, pe *portEvent, max uint32, nget *uint32, timeout *Times func putmsg(fd int, clptr *strbuf, dataptr *strbuf, flags int) (err error) { _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procputmsg)), 4, uintptr(fd), uintptr(unsafe.Pointer(clptr)), uintptr(unsafe.Pointer(dataptr)), uintptr(flags), 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } @@ -2098,7 +2098,7 @@ func putmsg(fd int, clptr *strbuf, dataptr *strbuf, flags int) (err error) { func getmsg(fd int, clptr *strbuf, dataptr *strbuf, flags *int) (err error) { _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procgetmsg)), 4, uintptr(fd), uintptr(unsafe.Pointer(clptr)), uintptr(unsafe.Pointer(dataptr)), uintptr(unsafe.Pointer(flags)), 0, 0) if e1 != 0 { - err = e1 + err = errnoErr(e1) } return } diff --git a/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go b/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go index c31681743c7..1d8fe1d4b21 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go @@ -40,17 +40,6 @@ func read(fd int, p []byte) (n int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func readlen(fd int, buf *byte, nbuf int) (n int, err error) { - r0, _, e1 := syscall_syscall(SYS_READ, uintptr(fd), uintptr(unsafe.Pointer(buf)), uintptr(nbuf)) - n = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func write(fd int, p []byte) (n int, err error) { var _p0 unsafe.Pointer if len(p) > 0 { diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go index c9c4ad0314f..9862853d341 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go @@ -447,4 +447,5 @@ const ( SYS_PROCESS_MRELEASE = 448 SYS_FUTEX_WAITV = 449 SYS_SET_MEMPOLICY_HOME_NODE = 450 + SYS_CACHESTAT = 451 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go index 12ff3417c5f..8901f0f4e51 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go @@ -369,4 +369,5 @@ const ( SYS_PROCESS_MRELEASE = 448 SYS_FUTEX_WAITV = 449 SYS_SET_MEMPOLICY_HOME_NODE = 450 + SYS_CACHESTAT = 451 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go index c3fb5e77ab4..6902c37eed7 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go @@ -411,4 +411,5 @@ const ( SYS_PROCESS_MRELEASE = 448 SYS_FUTEX_WAITV = 449 SYS_SET_MEMPOLICY_HOME_NODE = 450 + SYS_CACHESTAT = 451 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go index 358c847a40c..a6d3dff811f 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go @@ -314,4 +314,5 @@ const ( SYS_PROCESS_MRELEASE = 448 SYS_FUTEX_WAITV = 449 SYS_SET_MEMPOLICY_HOME_NODE = 450 + SYS_CACHESTAT = 451 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go index 81c4849b161..b18f3f71079 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go @@ -308,4 +308,5 @@ const ( SYS_PROCESS_MRELEASE = 448 SYS_FUTEX_WAITV = 449 SYS_SET_MEMPOLICY_HOME_NODE = 450 + SYS_CACHESTAT = 451 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go index 202a57e9008..0302e5e3de1 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go @@ -431,4 +431,5 @@ const ( SYS_PROCESS_MRELEASE = 4448 SYS_FUTEX_WAITV = 4449 SYS_SET_MEMPOLICY_HOME_NODE = 4450 + SYS_CACHESTAT = 4451 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go index 1fbceb52d7c..6693ba4a0f8 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go @@ -361,4 +361,5 @@ const ( SYS_PROCESS_MRELEASE = 5448 SYS_FUTEX_WAITV = 5449 SYS_SET_MEMPOLICY_HOME_NODE = 5450 + SYS_CACHESTAT = 5451 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go index b4ffb7a207d..fd93f4987c9 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go @@ -361,4 +361,5 @@ const ( SYS_PROCESS_MRELEASE = 5448 SYS_FUTEX_WAITV = 5449 SYS_SET_MEMPOLICY_HOME_NODE = 5450 + SYS_CACHESTAT = 5451 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go index 867985f9b44..760ddcadc2a 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go @@ -431,4 +431,5 @@ const ( SYS_PROCESS_MRELEASE = 4448 SYS_FUTEX_WAITV = 4449 SYS_SET_MEMPOLICY_HOME_NODE = 4450 + SYS_CACHESTAT = 4451 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go index a8cce69ede2..cff2b2555b7 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go @@ -438,4 +438,5 @@ const ( SYS_PROCESS_MRELEASE = 448 SYS_FUTEX_WAITV = 449 SYS_SET_MEMPOLICY_HOME_NODE = 450 + SYS_CACHESTAT = 451 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go index d44c5b39d79..a4b2405d09d 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go @@ -410,4 +410,5 @@ const ( SYS_PROCESS_MRELEASE = 448 SYS_FUTEX_WAITV = 449 SYS_SET_MEMPOLICY_HOME_NODE = 450 + SYS_CACHESTAT = 451 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go index 4214dd9c03a..aca54b4e3a1 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go @@ -410,4 +410,5 @@ const ( SYS_PROCESS_MRELEASE = 448 SYS_FUTEX_WAITV = 449 SYS_SET_MEMPOLICY_HOME_NODE = 450 + SYS_CACHESTAT = 451 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go index ef285c567b6..9d1738d641f 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go @@ -315,4 +315,5 @@ const ( SYS_PROCESS_MRELEASE = 448 SYS_FUTEX_WAITV = 449 SYS_SET_MEMPOLICY_HOME_NODE = 450 + SYS_CACHESTAT = 451 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go index e6ed7d637d0..022878dc8df 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go @@ -376,4 +376,5 @@ const ( SYS_PROCESS_MRELEASE = 448 SYS_FUTEX_WAITV = 449 SYS_SET_MEMPOLICY_HOME_NODE = 450 + SYS_CACHESTAT = 451 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go index 92f628ef4f2..4100a761c20 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go @@ -389,4 +389,5 @@ const ( SYS_PROCESS_MRELEASE = 448 SYS_FUTEX_WAITV = 449 SYS_SET_MEMPOLICY_HOME_NODE = 450 + SYS_CACHESTAT = 451 ) diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux.go b/vendor/golang.org/x/sys/unix/ztypes_linux.go index 494493c78c9..18aa70b4262 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux.go @@ -1977,7 +1977,7 @@ const ( NFT_MSG_GETFLOWTABLE = 0x17 NFT_MSG_DELFLOWTABLE = 0x18 NFT_MSG_GETRULE_RESET = 0x19 - NFT_MSG_MAX = 0x21 + NFT_MSG_MAX = 0x22 NFTA_LIST_UNSPEC = 0x0 NFTA_LIST_ELEM = 0x1 NFTA_HOOK_UNSPEC = 0x0 @@ -4499,7 +4499,7 @@ const ( NL80211_ATTR_MAC_HINT = 0xc8 NL80211_ATTR_MAC_MASK = 0xd7 NL80211_ATTR_MAX_AP_ASSOC_STA = 0xca - NL80211_ATTR_MAX = 0x145 + NL80211_ATTR_MAX = 0x146 NL80211_ATTR_MAX_CRIT_PROT_DURATION = 0xb4 NL80211_ATTR_MAX_CSA_COUNTERS = 0xce NL80211_ATTR_MAX_MATCH_SETS = 0x85 @@ -4869,7 +4869,7 @@ const ( NL80211_CMD_LEAVE_IBSS = 0x2c NL80211_CMD_LEAVE_MESH = 0x45 NL80211_CMD_LEAVE_OCB = 0x6d - NL80211_CMD_MAX = 0x99 + NL80211_CMD_MAX = 0x9a NL80211_CMD_MICHAEL_MIC_FAILURE = 0x29 NL80211_CMD_MODIFY_LINK_STA = 0x97 NL80211_CMD_NAN_MATCH = 0x78 @@ -5503,7 +5503,7 @@ const ( NL80211_RATE_INFO_HE_RU_ALLOC_52 = 0x1 NL80211_RATE_INFO_HE_RU_ALLOC_996 = 0x5 NL80211_RATE_INFO_HE_RU_ALLOC = 0x11 - NL80211_RATE_INFO_MAX = 0x16 + NL80211_RATE_INFO_MAX = 0x1d NL80211_RATE_INFO_MCS = 0x2 NL80211_RATE_INFO_SHORT_GI = 0x4 NL80211_RATE_INFO_VHT_MCS = 0x6 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go index 83c69c119fa..1b4c97c32a6 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go @@ -733,6 +733,10 @@ const ( RISCV_HWPROBE_KEY_IMA_EXT_0 = 0x4 RISCV_HWPROBE_IMA_FD = 0x1 RISCV_HWPROBE_IMA_C = 0x2 + RISCV_HWPROBE_IMA_V = 0x4 + RISCV_HWPROBE_EXT_ZBA = 0x8 + RISCV_HWPROBE_EXT_ZBB = 0x10 + RISCV_HWPROBE_EXT_ZBS = 0x20 RISCV_HWPROBE_KEY_CPUPERF_0 = 0x5 RISCV_HWPROBE_MISALIGNED_UNKNOWN = 0x0 RISCV_HWPROBE_MISALIGNED_EMULATED = 0x1 diff --git a/vendor/golang.org/x/sys/windows/exec_windows.go b/vendor/golang.org/x/sys/windows/exec_windows.go index a52e0331d8b..9cabbb69419 100644 --- a/vendor/golang.org/x/sys/windows/exec_windows.go +++ b/vendor/golang.org/x/sys/windows/exec_windows.go @@ -22,7 +22,7 @@ import ( // but only if there is space or tab inside s. func EscapeArg(s string) string { if len(s) == 0 { - return "\"\"" + return `""` } n := len(s) hasSpace := false @@ -35,7 +35,7 @@ func EscapeArg(s string) string { } } if hasSpace { - n += 2 + n += 2 // Reserve space for quotes. } if n == len(s) { return s @@ -82,20 +82,68 @@ func EscapeArg(s string) string { // in CreateProcess's CommandLine argument, CreateService/ChangeServiceConfig's BinaryPathName argument, // or any program that uses CommandLineToArgv. func ComposeCommandLine(args []string) string { - var commandLine string - for i := range args { - if i > 0 { - commandLine += " " + if len(args) == 0 { + return "" + } + + // Per https://learn.microsoft.com/en-us/windows/win32/api/shellapi/nf-shellapi-commandlinetoargvw: + // “This function accepts command lines that contain a program name; the + // program name can be enclosed in quotation marks or not.†+ // + // Unfortunately, it provides no means of escaping interior quotation marks + // within that program name, and we have no way to report them here. + prog := args[0] + mustQuote := len(prog) == 0 + for i := 0; i < len(prog); i++ { + c := prog[i] + if c <= ' ' || (c == '"' && i == 0) { + // Force quotes for not only the ASCII space and tab as described in the + // MSDN article, but also ASCII control characters. + // The documentation for CommandLineToArgvW doesn't say what happens when + // the first argument is not a valid program name, but it empirically + // seems to drop unquoted control characters. + mustQuote = true + break + } + } + var commandLine []byte + if mustQuote { + commandLine = make([]byte, 0, len(prog)+2) + commandLine = append(commandLine, '"') + for i := 0; i < len(prog); i++ { + c := prog[i] + if c == '"' { + // This quote would interfere with our surrounding quotes. + // We have no way to report an error, so just strip out + // the offending character instead. + continue + } + commandLine = append(commandLine, c) } - commandLine += EscapeArg(args[i]) + commandLine = append(commandLine, '"') + } else { + if len(args) == 1 { + // args[0] is a valid command line representing itself. + // No need to allocate a new slice or string for it. + return prog + } + commandLine = []byte(prog) } - return commandLine + + for _, arg := range args[1:] { + commandLine = append(commandLine, ' ') + // TODO(bcmills): since we're already appending to a slice, it would be nice + // to avoid the intermediate allocations of EscapeArg. + // Perhaps we can factor out an appendEscapedArg function. + commandLine = append(commandLine, EscapeArg(arg)...) + } + return string(commandLine) } // DecomposeCommandLine breaks apart its argument command line into unescaped parts using CommandLineToArgv, // as gathered from GetCommandLine, QUERY_SERVICE_CONFIG's BinaryPathName argument, or elsewhere that // command lines are passed around. -// DecomposeCommandLine returns error if commandLine contains NUL. +// DecomposeCommandLine returns an error if commandLine contains NUL. func DecomposeCommandLine(commandLine string) ([]string, error) { if len(commandLine) == 0 { return []string{}, nil @@ -105,18 +153,35 @@ func DecomposeCommandLine(commandLine string) ([]string, error) { return nil, errorspkg.New("string with NUL passed to DecomposeCommandLine") } var argc int32 - argv, err := CommandLineToArgv(&utf16CommandLine[0], &argc) + argv, err := commandLineToArgv(&utf16CommandLine[0], &argc) if err != nil { return nil, err } defer LocalFree(Handle(unsafe.Pointer(argv))) + var args []string - for _, v := range (*argv)[:argc] { - args = append(args, UTF16ToString((*v)[:])) + for _, p := range unsafe.Slice(argv, argc) { + args = append(args, UTF16PtrToString(p)) } return args, nil } +// CommandLineToArgv parses a Unicode command line string and sets +// argc to the number of parsed arguments. +// +// The returned memory should be freed using a single call to LocalFree. +// +// Note that although the return type of CommandLineToArgv indicates 8192 +// entries of up to 8192 characters each, the actual count of parsed arguments +// may exceed 8192, and the documentation for CommandLineToArgvW does not mention +// any bound on the lengths of the individual argument strings. +// (See https://go.dev/issue/63236.) +func CommandLineToArgv(cmd *uint16, argc *int32) (argv *[8192]*[8192]uint16, err error) { + argp, err := commandLineToArgv(cmd, argc) + argv = (*[8192]*[8192]uint16)(unsafe.Pointer(argp)) + return argv, err +} + func CloseOnExec(fd Handle) { SetHandleInformation(Handle(fd), HANDLE_FLAG_INHERIT, 0) } diff --git a/vendor/golang.org/x/sys/windows/security_windows.go b/vendor/golang.org/x/sys/windows/security_windows.go index d414ef13bef..26be94a8a7b 100644 --- a/vendor/golang.org/x/sys/windows/security_windows.go +++ b/vendor/golang.org/x/sys/windows/security_windows.go @@ -7,8 +7,6 @@ package windows import ( "syscall" "unsafe" - - "golang.org/x/sys/internal/unsafeheader" ) const ( @@ -1341,21 +1339,14 @@ func (selfRelativeSD *SECURITY_DESCRIPTOR) copySelfRelativeSecurityDescriptor() sdLen = min } - var src []byte - h := (*unsafeheader.Slice)(unsafe.Pointer(&src)) - h.Data = unsafe.Pointer(selfRelativeSD) - h.Len = sdLen - h.Cap = sdLen - + src := unsafe.Slice((*byte)(unsafe.Pointer(selfRelativeSD)), sdLen) + // SECURITY_DESCRIPTOR has pointers in it, which means checkptr expects for it to + // be aligned properly. When we're copying a Windows-allocated struct to a + // Go-allocated one, make sure that the Go allocation is aligned to the + // pointer size. const psize = int(unsafe.Sizeof(uintptr(0))) - - var dst []byte - h = (*unsafeheader.Slice)(unsafe.Pointer(&dst)) alloc := make([]uintptr, (sdLen+psize-1)/psize) - h.Data = (*unsafeheader.Slice)(unsafe.Pointer(&alloc)).Data - h.Len = sdLen - h.Cap = sdLen - + dst := unsafe.Slice((*byte)(unsafe.Pointer(&alloc[0])), sdLen) copy(dst, src) return (*SECURITY_DESCRIPTOR)(unsafe.Pointer(&dst[0])) } diff --git a/vendor/golang.org/x/sys/windows/syscall_windows.go b/vendor/golang.org/x/sys/windows/syscall_windows.go index 67bad0926ae..35cfc57ca89 100644 --- a/vendor/golang.org/x/sys/windows/syscall_windows.go +++ b/vendor/golang.org/x/sys/windows/syscall_windows.go @@ -15,8 +15,6 @@ import ( "time" "unicode/utf16" "unsafe" - - "golang.org/x/sys/internal/unsafeheader" ) type Handle uintptr @@ -240,7 +238,7 @@ func NewCallbackCDecl(fn interface{}) uintptr { //sys SetFileAttributes(name *uint16, attrs uint32) (err error) = kernel32.SetFileAttributesW //sys GetFileAttributesEx(name *uint16, level uint32, info *byte) (err error) = kernel32.GetFileAttributesExW //sys GetCommandLine() (cmd *uint16) = kernel32.GetCommandLineW -//sys CommandLineToArgv(cmd *uint16, argc *int32) (argv *[8192]*[8192]uint16, err error) [failretval==nil] = shell32.CommandLineToArgvW +//sys commandLineToArgv(cmd *uint16, argc *int32) (argv **uint16, err error) [failretval==nil] = shell32.CommandLineToArgvW //sys LocalFree(hmem Handle) (handle Handle, err error) [failretval!=0] //sys LocalAlloc(flags uint32, length uint32) (ptr uintptr, err error) //sys SetHandleInformation(handle Handle, mask uint32, flags uint32) (err error) @@ -299,12 +297,15 @@ func NewCallbackCDecl(fn interface{}) uintptr { //sys RegNotifyChangeKeyValue(key Handle, watchSubtree bool, notifyFilter uint32, event Handle, asynchronous bool) (regerrno error) = advapi32.RegNotifyChangeKeyValue //sys GetCurrentProcessId() (pid uint32) = kernel32.GetCurrentProcessId //sys ProcessIdToSessionId(pid uint32, sessionid *uint32) (err error) = kernel32.ProcessIdToSessionId +//sys ClosePseudoConsole(console Handle) = kernel32.ClosePseudoConsole +//sys createPseudoConsole(size uint32, in Handle, out Handle, flags uint32, pconsole *Handle) (hr error) = kernel32.CreatePseudoConsole //sys GetConsoleMode(console Handle, mode *uint32) (err error) = kernel32.GetConsoleMode //sys SetConsoleMode(console Handle, mode uint32) (err error) = kernel32.SetConsoleMode //sys GetConsoleScreenBufferInfo(console Handle, info *ConsoleScreenBufferInfo) (err error) = kernel32.GetConsoleScreenBufferInfo //sys setConsoleCursorPosition(console Handle, position uint32) (err error) = kernel32.SetConsoleCursorPosition //sys WriteConsole(console Handle, buf *uint16, towrite uint32, written *uint32, reserved *byte) (err error) = kernel32.WriteConsoleW //sys ReadConsole(console Handle, buf *uint16, toread uint32, read *uint32, inputControl *byte) (err error) = kernel32.ReadConsoleW +//sys resizePseudoConsole(pconsole Handle, size uint32) (hr error) = kernel32.ResizePseudoConsole //sys CreateToolhelp32Snapshot(flags uint32, processId uint32) (handle Handle, err error) [failretval==InvalidHandle] = kernel32.CreateToolhelp32Snapshot //sys Module32First(snapshot Handle, moduleEntry *ModuleEntry32) (err error) = kernel32.Module32FirstW //sys Module32Next(snapshot Handle, moduleEntry *ModuleEntry32) (err error) = kernel32.Module32NextW @@ -1667,12 +1668,8 @@ func NewNTUnicodeString(s string) (*NTUnicodeString, error) { // Slice returns a uint16 slice that aliases the data in the NTUnicodeString. func (s *NTUnicodeString) Slice() []uint16 { - var slice []uint16 - hdr := (*unsafeheader.Slice)(unsafe.Pointer(&slice)) - hdr.Data = unsafe.Pointer(s.Buffer) - hdr.Len = int(s.Length) - hdr.Cap = int(s.MaximumLength) - return slice + slice := unsafe.Slice(s.Buffer, s.MaximumLength) + return slice[:s.Length] } func (s *NTUnicodeString) String() string { @@ -1695,12 +1692,8 @@ func NewNTString(s string) (*NTString, error) { // Slice returns a byte slice that aliases the data in the NTString. func (s *NTString) Slice() []byte { - var slice []byte - hdr := (*unsafeheader.Slice)(unsafe.Pointer(&slice)) - hdr.Data = unsafe.Pointer(s.Buffer) - hdr.Len = int(s.Length) - hdr.Cap = int(s.MaximumLength) - return slice + slice := unsafe.Slice(s.Buffer, s.MaximumLength) + return slice[:s.Length] } func (s *NTString) String() string { @@ -1752,10 +1745,7 @@ func LoadResourceData(module, resInfo Handle) (data []byte, err error) { if err != nil { return } - h := (*unsafeheader.Slice)(unsafe.Pointer(&data)) - h.Data = unsafe.Pointer(ptr) - h.Len = int(size) - h.Cap = int(size) + data = unsafe.Slice((*byte)(unsafe.Pointer(ptr)), size) return } @@ -1826,3 +1816,17 @@ type PSAPI_WORKING_SET_EX_INFORMATION struct { // A PSAPI_WORKING_SET_EX_BLOCK union that indicates the attributes of the page at VirtualAddress. VirtualAttributes PSAPI_WORKING_SET_EX_BLOCK } + +// CreatePseudoConsole creates a windows pseudo console. +func CreatePseudoConsole(size Coord, in Handle, out Handle, flags uint32, pconsole *Handle) error { + // We need this wrapper to manually cast Coord to uint32. The autogenerated wrappers only + // accept arguments that can be casted to uintptr, and Coord can't. + return createPseudoConsole(*((*uint32)(unsafe.Pointer(&size))), in, out, flags, pconsole) +} + +// ResizePseudoConsole resizes the internal buffers of the pseudo console to the width and height specified in `size`. +func ResizePseudoConsole(pconsole Handle, size Coord) error { + // We need this wrapper to manually cast Coord to uint32. The autogenerated wrappers only + // accept arguments that can be casted to uintptr, and Coord can't. + return resizePseudoConsole(pconsole, *((*uint32)(unsafe.Pointer(&size)))) +} diff --git a/vendor/golang.org/x/sys/windows/types_windows.go b/vendor/golang.org/x/sys/windows/types_windows.go index 88e62a63851..b88dc7c85e4 100644 --- a/vendor/golang.org/x/sys/windows/types_windows.go +++ b/vendor/golang.org/x/sys/windows/types_windows.go @@ -247,6 +247,7 @@ const ( PROC_THREAD_ATTRIBUTE_MITIGATION_POLICY = 0x00020007 PROC_THREAD_ATTRIBUTE_UMS_THREAD = 0x00030006 PROC_THREAD_ATTRIBUTE_PROTECTION_LEVEL = 0x0002000b + PROC_THREAD_ATTRIBUTE_PSEUDOCONSOLE = 0x00020016 ) const ( @@ -2139,6 +2140,12 @@ const ( ENABLE_LVB_GRID_WORLDWIDE = 0x10 ) +// Pseudo console related constants used for the flags parameter to +// CreatePseudoConsole. See: https://learn.microsoft.com/en-us/windows/console/createpseudoconsole +const ( + PSEUDOCONSOLE_INHERIT_CURSOR = 0x1 +) + type Coord struct { X int16 Y int16 diff --git a/vendor/golang.org/x/sys/windows/zsyscall_windows.go b/vendor/golang.org/x/sys/windows/zsyscall_windows.go index 5c385580f68..8b1688de4cd 100644 --- a/vendor/golang.org/x/sys/windows/zsyscall_windows.go +++ b/vendor/golang.org/x/sys/windows/zsyscall_windows.go @@ -188,6 +188,7 @@ var ( procCancelIo = modkernel32.NewProc("CancelIo") procCancelIoEx = modkernel32.NewProc("CancelIoEx") procCloseHandle = modkernel32.NewProc("CloseHandle") + procClosePseudoConsole = modkernel32.NewProc("ClosePseudoConsole") procConnectNamedPipe = modkernel32.NewProc("ConnectNamedPipe") procCreateDirectoryW = modkernel32.NewProc("CreateDirectoryW") procCreateEventExW = modkernel32.NewProc("CreateEventExW") @@ -202,6 +203,7 @@ var ( procCreateNamedPipeW = modkernel32.NewProc("CreateNamedPipeW") procCreatePipe = modkernel32.NewProc("CreatePipe") procCreateProcessW = modkernel32.NewProc("CreateProcessW") + procCreatePseudoConsole = modkernel32.NewProc("CreatePseudoConsole") procCreateSymbolicLinkW = modkernel32.NewProc("CreateSymbolicLinkW") procCreateToolhelp32Snapshot = modkernel32.NewProc("CreateToolhelp32Snapshot") procDefineDosDeviceW = modkernel32.NewProc("DefineDosDeviceW") @@ -328,6 +330,7 @@ var ( procReleaseMutex = modkernel32.NewProc("ReleaseMutex") procRemoveDirectoryW = modkernel32.NewProc("RemoveDirectoryW") procResetEvent = modkernel32.NewProc("ResetEvent") + procResizePseudoConsole = modkernel32.NewProc("ResizePseudoConsole") procResumeThread = modkernel32.NewProc("ResumeThread") procSetCommTimeouts = modkernel32.NewProc("SetCommTimeouts") procSetConsoleCursorPosition = modkernel32.NewProc("SetConsoleCursorPosition") @@ -1633,6 +1636,11 @@ func CloseHandle(handle Handle) (err error) { return } +func ClosePseudoConsole(console Handle) { + syscall.Syscall(procClosePseudoConsole.Addr(), 1, uintptr(console), 0, 0) + return +} + func ConnectNamedPipe(pipe Handle, overlapped *Overlapped) (err error) { r1, _, e1 := syscall.Syscall(procConnectNamedPipe.Addr(), 2, uintptr(pipe), uintptr(unsafe.Pointer(overlapped)), 0) if r1 == 0 { @@ -1762,6 +1770,14 @@ func CreateProcess(appName *uint16, commandLine *uint16, procSecurity *SecurityA return } +func createPseudoConsole(size uint32, in Handle, out Handle, flags uint32, pconsole *Handle) (hr error) { + r0, _, _ := syscall.Syscall6(procCreatePseudoConsole.Addr(), 5, uintptr(size), uintptr(in), uintptr(out), uintptr(flags), uintptr(unsafe.Pointer(pconsole)), 0) + if r0 != 0 { + hr = syscall.Errno(r0) + } + return +} + func CreateSymbolicLink(symlinkfilename *uint16, targetfilename *uint16, flags uint32) (err error) { r1, _, e1 := syscall.Syscall(procCreateSymbolicLinkW.Addr(), 3, uintptr(unsafe.Pointer(symlinkfilename)), uintptr(unsafe.Pointer(targetfilename)), uintptr(flags)) if r1&0xff == 0 { @@ -2862,6 +2878,14 @@ func ResetEvent(event Handle) (err error) { return } +func resizePseudoConsole(pconsole Handle, size uint32) (hr error) { + r0, _, _ := syscall.Syscall(procResizePseudoConsole.Addr(), 2, uintptr(pconsole), uintptr(size), 0) + if r0 != 0 { + hr = syscall.Errno(r0) + } + return +} + func ResumeThread(thread Handle) (ret uint32, err error) { r0, _, e1 := syscall.Syscall(procResumeThread.Addr(), 1, uintptr(thread), 0, 0) ret = uint32(r0) @@ -3820,9 +3844,9 @@ func setupUninstallOEMInf(infFileName *uint16, flags SUOI, reserved uintptr) (er return } -func CommandLineToArgv(cmd *uint16, argc *int32) (argv *[8192]*[8192]uint16, err error) { +func commandLineToArgv(cmd *uint16, argc *int32) (argv **uint16, err error) { r0, _, e1 := syscall.Syscall(procCommandLineToArgvW.Addr(), 2, uintptr(unsafe.Pointer(cmd)), uintptr(unsafe.Pointer(argc)), 0) - argv = (*[8192]*[8192]uint16)(unsafe.Pointer(r0)) + argv = (**uint16)(unsafe.Pointer(r0)) if argv == nil { err = errnoErr(e1) } diff --git a/vendor/modules.txt b/vendor/modules.txt index c1d85e8aeb4..07a9cbcab57 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -81,10 +81,9 @@ golang.org/x/exp/slices # golang.org/x/net v0.15.0 ## explicit; go 1.17 golang.org/x/net/bpf -# golang.org/x/sys v0.12.0 +# golang.org/x/sys v0.13.0 ## explicit; go 1.17 golang.org/x/sys/execabs -golang.org/x/sys/internal/unsafeheader golang.org/x/sys/unix golang.org/x/sys/windows # google.golang.org/protobuf v1.31.0 From 927a5836f913074471e92d4de9d53eebc6bd0bb3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 6 Oct 2023 20:05:17 +0000 Subject: [PATCH 0403/1176] build(deps): bump golang.org/x/net from 0.15.0 to 0.16.0 Bumps [golang.org/x/net](https://github.com/golang/net) from 0.15.0 to 0.16.0. - [Commits](https://github.com/golang/net/compare/v0.15.0...v0.16.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- vendor/modules.txt | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index c8f56fbef10..cfd22a9fe43 100644 --- a/go.mod +++ b/go.mod @@ -20,7 +20,7 @@ require ( github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 github.com/urfave/cli v1.22.12 github.com/vishvananda/netlink v1.1.0 - golang.org/x/net v0.15.0 + golang.org/x/net v0.16.0 golang.org/x/sys v0.13.0 google.golang.org/protobuf v1.31.0 ) diff --git a/go.sum b/go.sum index 234c7a35a99..d1a7944e0f1 100644 --- a/go.sum +++ b/go.sum @@ -65,8 +65,8 @@ github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df h1:OviZH7qLw/7Zo github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU= golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2 h1:Jvc7gsqn21cJHCmAWx0LiimpP18LZmUxkT5Mp7EZ1mI= golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= -golang.org/x/net v0.15.0 h1:ugBLEUaxABaB5AJqW9enI0ACdci2RUd4eP51NTBvuJ8= -golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= +golang.org/x/net v0.16.0 h1:7eBu7KsSvFDtSXUIDbh3aqlK4DPsZ1rByC8PFfBThos= +golang.org/x/net v0.16.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= diff --git a/vendor/modules.txt b/vendor/modules.txt index 07a9cbcab57..c8f3a13d7a2 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -78,7 +78,7 @@ github.com/vishvananda/netns golang.org/x/exp/constraints golang.org/x/exp/maps golang.org/x/exp/slices -# golang.org/x/net v0.15.0 +# golang.org/x/net v0.16.0 ## explicit; go 1.17 golang.org/x/net/bpf # golang.org/x/sys v0.13.0 From fa8f38171cea44d23c4edf4d775593b74976fe5f Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 6 Oct 2023 13:09:55 -0700 Subject: [PATCH 0404/1176] ci: skip TestPodSkipDevicesUpdate on CentOS 7 This test is as flaky as TestSkipDevices*, let's also t skip it on CentOS 7. Signed-off-by: Kir Kolyshkin --- libcontainer/cgroups/devices/systemd_test.go | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/libcontainer/cgroups/devices/systemd_test.go b/libcontainer/cgroups/devices/systemd_test.go index b6e81dcd827..2c39bbd1254 100644 --- a/libcontainer/cgroups/devices/systemd_test.go +++ b/libcontainer/cgroups/devices/systemd_test.go @@ -26,6 +26,7 @@ func TestPodSkipDevicesUpdate(t *testing.T) { if os.Geteuid() != 0 { t.Skip("Test requires root.") } + skipOnCentOS7(t) podName := "system-runc_test_pod" + t.Name() + ".slice" podConfig := &configs.Cgroup{ @@ -116,6 +117,15 @@ func TestPodSkipDevicesUpdate(t *testing.T) { } } +func skipOnCentOS7(t *testing.T) { + t.Helper() + // https://github.com/opencontainers/runc/issues/3743 + centosVer, _ := exec.Command("rpm", "-q", "--qf", "%{version}", "centos-release").CombinedOutput() + if string(centosVer) == "7" { + t.Skip("Flaky on CentOS 7") + } +} + func testSkipDevices(t *testing.T, skipDevices bool, expected []string) { if !systemd.IsRunningSystemd() { t.Skip("Test requires systemd.") @@ -123,11 +133,7 @@ func testSkipDevices(t *testing.T, skipDevices bool, expected []string) { if os.Geteuid() != 0 { t.Skip("Test requires root.") } - // https://github.com/opencontainers/runc/issues/3743 - centosVer, _ := exec.Command("rpm", "-q", "--qf", "%{version}", "centos-release").CombinedOutput() - if string(centosVer) == "7" { - t.Skip("Flaky on CentOS 7") - } + skipOnCentOS7(t) podConfig := &configs.Cgroup{ Parent: "system.slice", From 961d0f124baede68bf023683f89db813d709b486 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 5 Oct 2023 12:51:43 -0700 Subject: [PATCH 0405/1176] Makefile: make verify-dmz-arch less talkative Every `make` now produces something like this: make[1]: Entering directory '/home/kir/go/src/github.com/opencontainers/runc' readelf -h runc Machine: Advanced Micro Devices X86-64 Flags: 0x0 readelf -h libcontainer/dmz/runc-dmz Machine: Advanced Micro Devices X86-64 Flags: 0x0 runc-dmz architecture matches runc binary. make[1]: Leaving directory '/home/kir/go/src/github.com/opencontainers/runc' That is a bit too much. Let's make it less verbose. Signed-off-by: Kir Kolyshkin --- Makefile | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/Makefile b/Makefile index d3c1c11cb86..9cb16425942 100644 --- a/Makefile +++ b/Makefile @@ -202,18 +202,15 @@ verify-dependencies: vendor @test -z "$$(git status --porcelain -- go.mod go.sum vendor/)" \ || (echo -e "git status:\n $$(git status -- go.mod go.sum vendor/)\nerror: vendor/, go.mod and/or go.sum not up to date. Run \"make vendor\" to update"; exit 1) \ && echo "all vendor files are up to date." + verify-dmz-arch: - @test -s libcontainer/dmz/runc-dmz || exit 0; \ + @if test -s libcontainer/dmz/runc-dmz; then \ set -Eeuo pipefail; \ export LC_ALL=C; \ - echo "readelf -h runc"; \ - readelf -h runc | grep -E "(Machine|Flags):"; \ - echo "readelf -h libcontainer/dmz/runc-dmz"; \ - readelf -h libcontainer/dmz/runc-dmz | grep -E "(Machine|Flags):"; \ diff -u \ <(readelf -h runc | grep -E "(Machine|Flags):") \ - <(readelf -h libcontainer/dmz/runc-dmz | grep -E "(Machine|Flags):") \ - && echo "runc-dmz architecture matches runc binary." + <(readelf -h libcontainer/dmz/runc-dmz | grep -E "(Machine|Flags):"); \ + fi validate-keyring: script/keyring_validate.sh From 46bfcac814b51e635870f7ac0ffee94ced664e7d Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 5 Oct 2023 13:00:49 -0700 Subject: [PATCH 0406/1176] Makefile: avoid calling sub-make Instead, rewrite the rules so that the targets are executed in the needed order. Signed-off-by: Kir Kolyshkin --- Makefile | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/Makefile b/Makefile index 9cb16425942..0c458db4c2b 100644 --- a/Makefile +++ b/Makefile @@ -63,18 +63,20 @@ endif .DEFAULT: runc -runc: runc-dmz +runc: runc-bin verify-dmz-arch + +runc-bin: runc-dmz $(GO_BUILD) -o runc . - make verify-dmz-arch all: runc recvtty sd-helper seccompagent fs-idmap memfd-bind recvtty sd-helper seccompagent fs-idmap memfd-bind: $(GO_BUILD) -o contrib/cmd/$@/$@ ./contrib/cmd/$@ -static: runc-dmz +static: static-bin verify-dmz-arch + +static-bin: runc-dmz $(GO_BUILD_STATIC) -o runc . - make verify-dmz-arch .PHONY: runc-dmz runc-dmz: @@ -215,8 +217,8 @@ verify-dmz-arch: validate-keyring: script/keyring_validate.sh -.PHONY: runc all recvtty sd-helper seccompagent fs-idmap static releaseall release \ - localrelease dbuild lint man runcimage \ +.PHONY: runc runc-bin all recvtty sd-helper seccompagent fs-idmap static static-bin \ + releaseall release localrelease dbuild lint man runcimage \ test localtest unittest localunittest integration localintegration \ rootlessintegration localrootlessintegration shell install install-bash \ install-man clean cfmt shfmt localshfmt shellcheck \ From bdf78b446bf913f621b7643502c42d2c1860dc79 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 10 Oct 2023 13:27:22 -0700 Subject: [PATCH 0407/1176] libct/cg/dev: add sync.Once to test case Signed-off-by: Kir Kolyshkin --- libcontainer/cgroups/devices/systemd_test.go | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/libcontainer/cgroups/devices/systemd_test.go b/libcontainer/cgroups/devices/systemd_test.go index 2c39bbd1254..fc3b635f24f 100644 --- a/libcontainer/cgroups/devices/systemd_test.go +++ b/libcontainer/cgroups/devices/systemd_test.go @@ -6,6 +6,7 @@ import ( "os" "os/exec" "strings" + "sync" "testing" "github.com/opencontainers/runc/libcontainer/cgroups" @@ -117,11 +118,23 @@ func TestPodSkipDevicesUpdate(t *testing.T) { } } +var ( + centosVer string + centosVerOnce sync.Once +) + +func centosVersion() string { + centosVerOnce.Do(func() { + ver, _ := exec.Command("rpm", "-q", "--qf", "%{version}", "centos-release").CombinedOutput() + centosVer = string(ver) + }) + return centosVer +} + func skipOnCentOS7(t *testing.T) { t.Helper() // https://github.com/opencontainers/runc/issues/3743 - centosVer, _ := exec.Command("rpm", "-q", "--qf", "%{version}", "centos-release").CombinedOutput() - if string(centosVer) == "7" { + if centosVersion() == "7" { t.Skip("Flaky on CentOS 7") } } From b8f75f395504bef88c45111c2a69132c594bed79 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 5 Oct 2023 13:28:53 -0700 Subject: [PATCH 0408/1176] Makefile: move .PHONY to before each target All the targets in the Makefile we have are phony (as we mostly rely on go to figure out dependencies and whether to rebuild something), and they have to be marked as such. We do that at the end of the file, and the list is pretty long. Instead, let's just add .PHONY before each target. That way it is easier to spot any omissions. Alternative solutions: - add ".PHONY: %"; it won't work as wildcards are not recongized in this context; - add "MAKEFLAGS += --always-make". Signed-off-by: Kir Kolyshkin --- Makefile | 42 +++++++++++++++++++++++++++++++++++------- 1 file changed, 35 insertions(+), 7 deletions(-) diff --git a/Makefile b/Makefile index 0c458db4c2b..f81879cbc5c 100644 --- a/Makefile +++ b/Makefile @@ -63,18 +63,24 @@ endif .DEFAULT: runc +.PHONY: runc runc: runc-bin verify-dmz-arch +.PHONY: runc-bin runc-bin: runc-dmz $(GO_BUILD) -o runc . +.PHONY: all all: runc recvtty sd-helper seccompagent fs-idmap memfd-bind +.PHONY: recvtty sd-helper seccompagent fs-idmap memfd-bind recvtty sd-helper seccompagent fs-idmap memfd-bind: $(GO_BUILD) -o contrib/cmd/$@/$@ ./contrib/cmd/$@ +.PHONY: static static: static-bin verify-dmz-arch +.PHONY: static-bin static-bin: runc-dmz $(GO_BUILD_STATIC) -o runc . @@ -83,9 +89,11 @@ runc-dmz: rm -f libcontainer/dmz/runc-dmz $(GO) generate -tags "$(BUILDTAGS)" ./libcontainer/dmz +.PHONY: releaseall releaseall: RELEASE_ARGS := "-a 386 -a amd64 -a arm64 -a armel -a armhf -a ppc64le -a riscv64 -a s390x" releaseall: release +.PHONY: release release: runcimage $(CONTAINER_ENGINE) run $(CONTAINER_ENGINE_RUN_FLAGS) \ --rm -v $(CURDIR):/go/src/$(PROJECT) \ @@ -93,28 +101,36 @@ release: runcimage $(RUNC_IMAGE) make localrelease script/release_sign.sh -S $(GPG_KEYID) -r release/$(VERSION) -v $(VERSION) +.PHONY: localrelease localrelease: verify-changelog script/release_build.sh -r release/$(VERSION) -v $(VERSION) $(RELEASE_ARGS) +.PHONY: dbuild dbuild: runcimage $(CONTAINER_ENGINE) run $(CONTAINER_ENGINE_RUN_FLAGS) \ --privileged --rm \ -v $(CURDIR):/go/src/$(PROJECT) \ $(RUNC_IMAGE) make clean all +.PHONY: lint lint: golangci-lint run ./... +.PHONY: man man: man/md2man-all.sh +.PHONY: runcimage runcimage: $(CONTAINER_ENGINE) build $(CONTAINER_ENGINE_BUILD_FLAGS) -t $(RUNC_IMAGE) . +.PHONY: test test: unittest integration rootlessintegration +.PHONY: localtest localtest: localunittest localintegration localrootlessintegration +.PHONY: unittest unittest: runcimage $(CONTAINER_ENGINE) run $(CONTAINER_ENGINE_RUN_FLAGS) \ -t --privileged --rm \ @@ -122,9 +138,11 @@ unittest: runcimage -v $(CURDIR):/go/src/$(PROJECT) \ $(RUNC_IMAGE) make localunittest TESTFLAGS="$(TESTFLAGS)" +.PHONY: localunittest localunittest: all $(GO) test -timeout 3m -tags "$(BUILDTAGS)" $(TESTFLAGS) -v ./... +.PHONY: integration integration: runcimage $(CONTAINER_ENGINE) run $(CONTAINER_ENGINE_RUN_FLAGS) \ -t --privileged --rm \ @@ -132,9 +150,11 @@ integration: runcimage -v $(CURDIR):/go/src/$(PROJECT) \ $(RUNC_IMAGE) make localintegration TESTPATH="$(TESTPATH)" +.PHONY: localintegration localintegration: all bats -t tests/integration$(TESTPATH) +.PHONY: rootlessintegration rootlessintegration: runcimage $(CONTAINER_ENGINE) run $(CONTAINER_ENGINE_RUN_FLAGS) \ -t --privileged --rm \ @@ -142,25 +162,31 @@ rootlessintegration: runcimage -e ROOTLESS_TESTPATH \ $(RUNC_IMAGE) make localrootlessintegration +.PHONY: localrootlessintegration localrootlessintegration: all tests/rootless.sh +.PHONY: shell shell: runcimage $(CONTAINER_ENGINE) run $(CONTAINER_ENGINE_RUN_FLAGS) \ -ti --privileged --rm \ -v $(CURDIR):/go/src/$(PROJECT) \ $(RUNC_IMAGE) bash +.PHONY: install install: install -D -m0755 runc $(DESTDIR)$(BINDIR)/runc +.PHONY: install-bash install-bash: install -D -m0644 contrib/completions/bash/runc $(DESTDIR)$(PREFIX)/share/bash-completion/completions/runc +.PHONY: install-man install-man: man install -d -m 755 $(DESTDIR)$(MANDIR)/man8 install -D -m 644 man/man8/*.8 $(DESTDIR)$(MANDIR)/man8 +.PHONY: clean clean: rm -f runc runc-* libcontainer/dmz/runc-dmz rm -f contrib/cmd/fs-idmap/fs-idmap @@ -171,40 +197,48 @@ clean: sudo rm -rf release rm -rf man/man8 +.PHONY: cfmt cfmt: C_SRC=$(shell git ls-files '*.c' | grep -v '^vendor/') cfmt: indent -linux -l120 -il0 -ppi2 -cp1 -T size_t -T jmp_buf $(C_SRC) +.PHONY: shellcheck shellcheck: shellcheck tests/integration/*.bats tests/integration/*.sh \ tests/integration/*.bash tests/*.sh \ man/*.sh script/* # TODO: add shellcheck for more sh files (contrib/completions/bash/runc). +.PHONY: shfmt shfmt: $(CONTAINER_ENGINE) run $(CONTAINER_ENGINE_RUN_FLAGS) \ --rm -v $(CURDIR):/src -w /src \ mvdan/shfmt:v3.5.1 -d -w . +.PHONY: localshfmt localshfmt: shfmt -d -w . +.PHONY: venodr vendor: $(GO) mod tidy $(GO) mod vendor $(GO) mod verify +.PHONY: verify-changelog verify-changelog: # No space at EOL. ! grep -n '\s$$' CHANGELOG.md # Period before issue/PR references. ! grep -n '[0-9a-zA-Z][^.] (#[1-9][0-9, #]*)$$' CHANGELOG.md +.PHONY: verify-dependencies verify-dependencies: vendor @test -z "$$(git status --porcelain -- go.mod go.sum vendor/)" \ || (echo -e "git status:\n $$(git status -- go.mod go.sum vendor/)\nerror: vendor/, go.mod and/or go.sum not up to date. Run \"make vendor\" to update"; exit 1) \ && echo "all vendor files are up to date." +.PHONY: verify-dmz-arch verify-dmz-arch: @if test -s libcontainer/dmz/runc-dmz; then \ set -Eeuo pipefail; \ @@ -214,12 +248,6 @@ verify-dmz-arch: <(readelf -h libcontainer/dmz/runc-dmz | grep -E "(Machine|Flags):"); \ fi +.PHONY: validate-keyring validate-keyring: script/keyring_validate.sh - -.PHONY: runc runc-bin all recvtty sd-helper seccompagent fs-idmap static static-bin \ - releaseall release localrelease dbuild lint man runcimage \ - test localtest unittest localunittest integration localintegration \ - rootlessintegration localrootlessintegration shell install install-bash \ - install-man clean cfmt shfmt localshfmt shellcheck \ - vendor verify-changelog verify-dependencies verify-dmz-arch validate-keyring From 2860708d7340db173ef2639d9f2805b5a71ed88e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 11 Oct 2023 04:07:02 +0000 Subject: [PATCH 0409/1176] build(deps): bump golang.org/x/net from 0.16.0 to 0.17.0 Bumps [golang.org/x/net](https://github.com/golang/net) from 0.16.0 to 0.17.0. - [Commits](https://github.com/golang/net/compare/v0.16.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- vendor/modules.txt | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index cfd22a9fe43..8dc5babd0fb 100644 --- a/go.mod +++ b/go.mod @@ -20,7 +20,7 @@ require ( github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 github.com/urfave/cli v1.22.12 github.com/vishvananda/netlink v1.1.0 - golang.org/x/net v0.16.0 + golang.org/x/net v0.17.0 golang.org/x/sys v0.13.0 google.golang.org/protobuf v1.31.0 ) diff --git a/go.sum b/go.sum index d1a7944e0f1..b563abb9755 100644 --- a/go.sum +++ b/go.sum @@ -65,8 +65,8 @@ github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df h1:OviZH7qLw/7Zo github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU= golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2 h1:Jvc7gsqn21cJHCmAWx0LiimpP18LZmUxkT5Mp7EZ1mI= golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= -golang.org/x/net v0.16.0 h1:7eBu7KsSvFDtSXUIDbh3aqlK4DPsZ1rByC8PFfBThos= -golang.org/x/net v0.16.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= +golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= +golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= diff --git a/vendor/modules.txt b/vendor/modules.txt index c8f3a13d7a2..78a00607c38 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -78,7 +78,7 @@ github.com/vishvananda/netns golang.org/x/exp/constraints golang.org/x/exp/maps golang.org/x/exp/slices -# golang.org/x/net v0.16.0 +# golang.org/x/net v0.17.0 ## explicit; go 1.17 golang.org/x/net/bpf # golang.org/x/sys v0.13.0 From 6f7266c3f7848a3a86886451bec141442f825858 Mon Sep 17 00:00:00 2001 From: Bjorn Neergaard Date: Wed, 11 Oct 2023 10:16:04 -0600 Subject: [PATCH 0410/1176] libcontainer: drop system.Setxid Since Go 1.16, [Go issue 1435][1] is solved, and the stdlib syscall implementations work on Linux. While they are a bit more flexible/heavier-weight than the implementations that were copied to libcontainer/system (working across all threads), we compile with Cgo, and using the libc wrappers should be just as suitable. [1]: https://github.com/golang/go/issues/1435 Signed-off-by: Bjorn Neergaard --- libcontainer/init_linux.go | 4 ++-- libcontainer/system/syscall_linux_32.go | 27 ------------------------- libcontainer/system/syscall_linux_64.go | 27 ------------------------- 3 files changed, 2 insertions(+), 56 deletions(-) delete mode 100644 libcontainer/system/syscall_linux_32.go delete mode 100644 libcontainer/system/syscall_linux_64.go diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go index 0abbccf569f..d76166aafef 100644 --- a/libcontainer/init_linux.go +++ b/libcontainer/init_linux.go @@ -525,10 +525,10 @@ func setupUser(config *initConfig) error { } } - if err := system.Setgid(execUser.Gid); err != nil { + if err := unix.Setgid(execUser.Gid); err != nil { return err } - if err := system.Setuid(execUser.Uid); err != nil { + if err := unix.Setuid(execUser.Uid); err != nil { return err } diff --git a/libcontainer/system/syscall_linux_32.go b/libcontainer/system/syscall_linux_32.go deleted file mode 100644 index 1acc5cb03d0..00000000000 --- a/libcontainer/system/syscall_linux_32.go +++ /dev/null @@ -1,27 +0,0 @@ -//go:build linux && (386 || arm) -// +build linux -// +build 386 arm - -package system - -import ( - "golang.org/x/sys/unix" -) - -// Setuid sets the uid of the calling thread to the specified uid. -func Setuid(uid int) (err error) { - _, _, e1 := unix.RawSyscall(unix.SYS_SETUID32, uintptr(uid), 0, 0) - if e1 != 0 { - err = e1 - } - return -} - -// Setgid sets the gid of the calling thread to the specified gid. -func Setgid(gid int) (err error) { - _, _, e1 := unix.RawSyscall(unix.SYS_SETGID32, uintptr(gid), 0, 0) - if e1 != 0 { - err = e1 - } - return -} diff --git a/libcontainer/system/syscall_linux_64.go b/libcontainer/system/syscall_linux_64.go deleted file mode 100644 index 1ed0dba1709..00000000000 --- a/libcontainer/system/syscall_linux_64.go +++ /dev/null @@ -1,27 +0,0 @@ -//go:build linux && (arm64 || amd64 || mips || mipsle || mips64 || mips64le || ppc || ppc64 || ppc64le || riscv64 || s390x) -// +build linux -// +build arm64 amd64 mips mipsle mips64 mips64le ppc ppc64 ppc64le riscv64 s390x - -package system - -import ( - "golang.org/x/sys/unix" -) - -// Setuid sets the uid of the calling thread to the specified uid. -func Setuid(uid int) (err error) { - _, _, e1 := unix.RawSyscall(unix.SYS_SETUID, uintptr(uid), 0, 0) - if e1 != 0 { - err = e1 - } - return -} - -// Setgid sets the gid of the calling thread to the specified gid. -func Setgid(gid int) (err error) { - _, _, e1 := unix.RawSyscall(unix.SYS_SETGID, uintptr(gid), 0, 0) - if e1 != 0 { - err = e1 - } - return -} From aec0dc7dcd7ab16d5d2a5d0a4b8073aa065557b6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 12 Oct 2023 04:42:12 +0000 Subject: [PATCH 0411/1176] build(deps): bump github.com/cilium/ebpf from 0.11.0 to 0.12.0 Bumps [github.com/cilium/ebpf](https://github.com/cilium/ebpf) from 0.11.0 to 0.12.0. - [Release notes](https://github.com/cilium/ebpf/releases) - [Commits](https://github.com/cilium/ebpf/compare/v0.11.0...v0.12.0) --- updated-dependencies: - dependency-name: github.com/cilium/ebpf dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 +- vendor/github.com/cilium/ebpf/.clang-format | 6 + vendor/github.com/cilium/ebpf/.golangci.yaml | 13 - vendor/github.com/cilium/ebpf/Makefile | 41 ++- vendor/github.com/cilium/ebpf/README.md | 2 +- vendor/github.com/cilium/ebpf/asm/alu.go | 4 +- vendor/github.com/cilium/ebpf/asm/func.go | 2 +- vendor/github.com/cilium/ebpf/asm/jump.go | 2 +- .../github.com/cilium/ebpf/asm/load_store.go | 2 +- vendor/github.com/cilium/ebpf/asm/opcode.go | 2 +- vendor/github.com/cilium/ebpf/btf/btf.go | 170 +---------- .../github.com/cilium/ebpf/btf/btf_types.go | 62 +++- vendor/github.com/cilium/ebpf/btf/ext_info.go | 141 ++++++--- vendor/github.com/cilium/ebpf/btf/feature.go | 123 ++++++++ vendor/github.com/cilium/ebpf/btf/format.go | 8 +- vendor/github.com/cilium/ebpf/btf/marshal.go | 87 ++++-- vendor/github.com/cilium/ebpf/btf/strings.go | 25 +- vendor/github.com/cilium/ebpf/btf/types.go | 15 - vendor/github.com/cilium/ebpf/collection.go | 70 +++-- vendor/github.com/cilium/ebpf/elf_reader.go | 17 +- vendor/github.com/cilium/ebpf/info.go | 88 +++++- .../cilium/ebpf/internal/endian_be.go | 2 +- .../cilium/ebpf/internal/endian_le.go | 2 +- .../cilium/ebpf/internal/sys/syscall.go | 4 +- .../cilium/ebpf/internal/sys/types.go | 44 ++- .../cilium/ebpf/internal/sysenc/buffer.go | 77 +++++ .../cilium/ebpf/internal/sysenc/doc.go | 3 + .../cilium/ebpf/internal/sysenc/layout.go | 41 +++ .../cilium/ebpf/internal/sysenc/marshal.go | 163 +++++++++++ .../cilium/ebpf/internal/tracefs/kprobe.go | 2 +- .../cilium/ebpf/internal/unix/types_linux.go | 2 + .../cilium/ebpf/internal/unix/types_other.go | 2 + vendor/github.com/cilium/ebpf/link/iter.go | 7 +- .../cilium/ebpf/link/kprobe_multi.go | 8 +- vendor/github.com/cilium/ebpf/link/program.go | 15 +- .../github.com/cilium/ebpf/link/syscalls.go | 11 +- vendor/github.com/cilium/ebpf/link/uprobe.go | 5 +- vendor/github.com/cilium/ebpf/linker.go | 28 +- vendor/github.com/cilium/ebpf/map.go | 276 +++++++++--------- vendor/github.com/cilium/ebpf/marshalers.go | 162 ++-------- vendor/github.com/cilium/ebpf/netlify.toml | 4 + vendor/github.com/cilium/ebpf/prog.go | 22 +- vendor/github.com/cilium/ebpf/run-tests.sh | 44 ++- vendor/github.com/cilium/ebpf/syscalls.go | 11 +- vendor/github.com/cilium/ebpf/types.go | 12 +- vendor/modules.txt | 5 +- 47 files changed, 1131 insertions(+), 707 deletions(-) create mode 100644 vendor/github.com/cilium/ebpf/btf/feature.go create mode 100644 vendor/github.com/cilium/ebpf/internal/sysenc/buffer.go create mode 100644 vendor/github.com/cilium/ebpf/internal/sysenc/doc.go create mode 100644 vendor/github.com/cilium/ebpf/internal/sysenc/layout.go create mode 100644 vendor/github.com/cilium/ebpf/internal/sysenc/marshal.go create mode 100644 vendor/github.com/cilium/ebpf/netlify.toml diff --git a/go.mod b/go.mod index 8dc5babd0fb..7171d711f30 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.20 require ( github.com/checkpoint-restore/go-criu/v6 v6.3.0 - github.com/cilium/ebpf v0.11.0 + github.com/cilium/ebpf v0.12.0 github.com/containerd/console v1.0.3 github.com/coreos/go-systemd/v22 v22.5.0 github.com/cyphar/filepath-securejoin v0.2.4 diff --git a/go.sum b/go.sum index b563abb9755..d6d68c573ef 100644 --- a/go.sum +++ b/go.sum @@ -1,8 +1,8 @@ github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/checkpoint-restore/go-criu/v6 v6.3.0 h1:mIdrSO2cPNWQY1truPg6uHLXyKHk3Z5Odx4wjKOASzA= github.com/checkpoint-restore/go-criu/v6 v6.3.0/go.mod h1:rrRTN/uSwY2X+BPRl/gkulo9gsKOSAeVp9/K2tv7xZI= -github.com/cilium/ebpf v0.11.0 h1:V8gS/bTCCjX9uUnkUFUpPsksM8n1lXBAvHcpiFk1X2Y= -github.com/cilium/ebpf v0.11.0/go.mod h1:WE7CZAnqOL2RouJ4f1uyNhqr2P4CCvXFIqdRDUgWsVs= +github.com/cilium/ebpf v0.12.0 h1:oQEuIQIXgYhe1v7sYUG0P9vtJTYZLLdA6tiQmrOB1mo= +github.com/cilium/ebpf v0.12.0/go.mod h1:u9H29/Iq+8cy70YqI6p5pfADkFl3vdnV2qXDg5JL0Zo= github.com/containerd/console v1.0.3 h1:lIr7SlA5PxZyMV30bDW0MGbiOPXwc63yRuCP0ARubLw= github.com/containerd/console v1.0.3/go.mod h1:7LqA/THxQ86k76b8c/EMSiaJ3h1eZkMkXar0TQ1gf3U= github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs= diff --git a/vendor/github.com/cilium/ebpf/.clang-format b/vendor/github.com/cilium/ebpf/.clang-format index 3f74dc02366..0ff4257606f 100644 --- a/vendor/github.com/cilium/ebpf/.clang-format +++ b/vendor/github.com/cilium/ebpf/.clang-format @@ -4,6 +4,9 @@ BasedOnStyle: LLVM AlignAfterOpenBracket: DontAlign AlignConsecutiveAssignments: true AlignEscapedNewlines: DontAlign +# mkdocs annotations in source code are written as trailing comments +# and alignment pushes these really far away from the content. +AlignTrailingComments: false AlwaysBreakBeforeMultilineStrings: true AlwaysBreakTemplateDeclarations: false AllowAllParametersOfDeclarationOnNextLine: false @@ -16,4 +19,7 @@ UseTab: ForContinuationAndIndentation ColumnLimit: 1000 # Go compiler comments need to stay unindented. CommentPragmas: '^go:.*' +# linux/bpf.h needs to be included before bpf/bpf_helpers.h for types like __u64 +# and sorting makes this impossible. +SortIncludes: false ... diff --git a/vendor/github.com/cilium/ebpf/.golangci.yaml b/vendor/github.com/cilium/ebpf/.golangci.yaml index 06743dfc91b..65f91b910bf 100644 --- a/vendor/github.com/cilium/ebpf/.golangci.yaml +++ b/vendor/github.com/cilium/ebpf/.golangci.yaml @@ -1,15 +1,7 @@ --- -issues: - exclude-rules: - # syscall param structs will have unused fields in Go code. - - path: syscall.*.go - linters: - - structcheck - linters: disable-all: true enable: - - errcheck - goimports - gosimple - govet @@ -19,8 +11,3 @@ linters: - typecheck - unused - gofmt - - # Could be enabled later: - # - gocyclo - # - maligned - # - gosec diff --git a/vendor/github.com/cilium/ebpf/Makefile b/vendor/github.com/cilium/ebpf/Makefile index abcd6c1a47c..0fa8cdc521c 100644 --- a/vendor/github.com/cilium/ebpf/Makefile +++ b/vendor/github.com/cilium/ebpf/Makefile @@ -1,9 +1,9 @@ # The development version of clang is distributed as the 'clang' binary, # while stable/released versions have a version number attached. # Pin the default clang to a stable version. -CLANG ?= clang-14 -STRIP ?= llvm-strip-14 -OBJCOPY ?= llvm-objcopy-14 +CLANG ?= clang-17 +STRIP ?= llvm-strip-17 +OBJCOPY ?= llvm-objcopy-17 CFLAGS := -O2 -g -Wall -Werror $(CFLAGS) CI_KERNEL_URL ?= https://github.com/cilium/ci-kernels/raw/master/ @@ -21,12 +21,9 @@ CONTAINER_RUN_ARGS ?= $(if $(filter ${CONTAINER_ENGINE}, podman), --log-driver=n IMAGE := $(shell cat ${REPODIR}/testdata/docker/IMAGE) VERSION := $(shell cat ${REPODIR}/testdata/docker/VERSION) - -# clang <8 doesn't tag relocs properly (STT_NOTYPE) -# clang 9 is the first version emitting BTF TARGETS := \ - testdata/loader-clang-7 \ - testdata/loader-clang-9 \ + testdata/loader-clang-11 \ + testdata/loader-clang-14 \ testdata/loader-$(CLANG) \ testdata/manyprogs \ testdata/btf_map_init \ @@ -36,6 +33,7 @@ TARGETS := \ testdata/invalid_btf_map_init \ testdata/strings \ testdata/freplace \ + testdata/fentry_fexit \ testdata/iproute2_map_compat \ testdata/map_spin_lock \ testdata/subprog_reloc \ @@ -45,6 +43,7 @@ TARGETS := \ testdata/kfunc \ testdata/invalid-kfunc \ testdata/kfunc-kmod \ + testdata/constants \ btf/testdata/relocs \ btf/testdata/relocs_read \ btf/testdata/relocs_read_tgt \ @@ -56,22 +55,26 @@ TARGETS := \ # Build all ELF binaries using a containerized LLVM toolchain. container-all: - +${CONTAINER_ENGINE} run --rm -ti ${CONTAINER_RUN_ARGS} \ + +${CONTAINER_ENGINE} run --rm -t ${CONTAINER_RUN_ARGS} \ -v "${REPODIR}":/ebpf -w /ebpf --env MAKEFLAGS \ - --env CFLAGS="-fdebug-prefix-map=/ebpf=." \ --env HOME="/tmp" \ + --env BPF2GO_CC="$(CLANG)" \ + --env BPF2GO_FLAGS="-fdebug-prefix-map=/ebpf=. $(CFLAGS)" \ "${IMAGE}:${VERSION}" \ make all # (debug) Drop the user into a shell inside the container as root. +# Set BPF2GO_ envs to make 'make generate' just work. container-shell: ${CONTAINER_ENGINE} run --rm -ti \ -v "${REPODIR}":/ebpf -w /ebpf \ + --env BPF2GO_CC="$(CLANG)" \ + --env BPF2GO_FLAGS="-fdebug-prefix-map=/ebpf=. $(CFLAGS)" \ "${IMAGE}:${VERSION}" clean: - -$(RM) testdata/*.elf - -$(RM) btf/testdata/*.elf + find "$(CURDIR)" -name "*.elf" -delete + find "$(CURDIR)" -name "*.o" -delete format: find . -type f -name "*.c" | xargs clang-format -i @@ -80,9 +83,6 @@ all: format $(addsuffix -el.elf,$(TARGETS)) $(addsuffix -eb.elf,$(TARGETS)) gene ln -srf testdata/loader-$(CLANG)-el.elf testdata/loader-el.elf ln -srf testdata/loader-$(CLANG)-eb.elf testdata/loader-eb.elf -# $BPF_CLANG is used in go:generate invocations. -generate: export BPF_CLANG := $(CLANG) -generate: export BPF_CFLAGS := $(CFLAGS) generate: go generate ./... @@ -103,13 +103,12 @@ testdata/loader-%-eb.elf: testdata/loader.c $(STRIP) -g $@ .PHONY: generate-btf -generate-btf: KERNEL_VERSION?=5.19 +generate-btf: KERNEL_VERSION?=6.1.29 generate-btf: $(eval TMP := $(shell mktemp -d)) - curl -fL "$(CI_KERNEL_URL)/linux-$(KERNEL_VERSION).bz" -o "$(TMP)/bzImage" - /lib/modules/$(uname -r)/build/scripts/extract-vmlinux "$(TMP)/bzImage" > "$(TMP)/vmlinux" + curl -fL "$(CI_KERNEL_URL)/linux-$(KERNEL_VERSION)-amd64.tgz" -o "$(TMP)/linux.tgz" + tar xvf "$(TMP)/linux.tgz" -C "$(TMP)" --strip-components=2 ./boot/vmlinuz ./lib/modules + /lib/modules/$(shell uname -r)/build/scripts/extract-vmlinux "$(TMP)/vmlinuz" > "$(TMP)/vmlinux" $(OBJCOPY) --dump-section .BTF=/dev/stdout "$(TMP)/vmlinux" /dev/null | gzip > "btf/testdata/vmlinux.btf.gz" - curl -fL "$(CI_KERNEL_URL)/linux-$(KERNEL_VERSION)-selftests-bpf.tgz" -o "$(TMP)/selftests.tgz" - tar -xf "$(TMP)/selftests.tgz" --to-stdout tools/testing/selftests/bpf/bpf_testmod/bpf_testmod.ko | \ - $(OBJCOPY) --dump-section .BTF="btf/testdata/btf_testmod.btf" - /dev/null + find "$(TMP)/modules" -type f -name bpf_testmod.ko -exec $(OBJCOPY) --dump-section .BTF="btf/testdata/btf_testmod.btf" {} /dev/null \; $(RM) -r "$(TMP)" diff --git a/vendor/github.com/cilium/ebpf/README.md b/vendor/github.com/cilium/ebpf/README.md index eff08d8df69..81235a69dd3 100644 --- a/vendor/github.com/cilium/ebpf/README.md +++ b/vendor/github.com/cilium/ebpf/README.md @@ -2,7 +2,7 @@ [![PkgGoDev](https://pkg.go.dev/badge/github.com/cilium/ebpf)](https://pkg.go.dev/github.com/cilium/ebpf) -![HoneyGopher](.github/images/cilium-ebpf.png) +![HoneyGopher](docs/ebpf/ebpf-go.png) ebpf-go is a pure Go library that provides utilities for loading, compiling, and debugging eBPF programs. It has minimal external dependencies and is intended to diff --git a/vendor/github.com/cilium/ebpf/asm/alu.go b/vendor/github.com/cilium/ebpf/asm/alu.go index 3f60245f2b6..7dc56204bcb 100644 --- a/vendor/github.com/cilium/ebpf/asm/alu.go +++ b/vendor/github.com/cilium/ebpf/asm/alu.go @@ -1,6 +1,6 @@ package asm -//go:generate stringer -output alu_string.go -type=Source,Endianness,ALUOp +//go:generate go run golang.org/x/tools/cmd/stringer@latest -output alu_string.go -type=Source,Endianness,ALUOp // Source of ALU / ALU64 / Branch operations // @@ -75,7 +75,7 @@ const ( Xor ALUOp = 0xa0 // Mov - move value from one place to another Mov ALUOp = 0xb0 - // ArSh - arithmatic shift + // ArSh - arithmetic shift ArSh ALUOp = 0xc0 // Swap - endian conversions Swap ALUOp = 0xd0 diff --git a/vendor/github.com/cilium/ebpf/asm/func.go b/vendor/github.com/cilium/ebpf/asm/func.go index 18f6a75db58..84a40b2277f 100644 --- a/vendor/github.com/cilium/ebpf/asm/func.go +++ b/vendor/github.com/cilium/ebpf/asm/func.go @@ -1,6 +1,6 @@ package asm -//go:generate stringer -output func_string.go -type=BuiltinFunc +//go:generate go run golang.org/x/tools/cmd/stringer@latest -output func_string.go -type=BuiltinFunc // BuiltinFunc is a built-in eBPF function. type BuiltinFunc int32 diff --git a/vendor/github.com/cilium/ebpf/asm/jump.go b/vendor/github.com/cilium/ebpf/asm/jump.go index 2c8a3dbb7a3..9a525b21a59 100644 --- a/vendor/github.com/cilium/ebpf/asm/jump.go +++ b/vendor/github.com/cilium/ebpf/asm/jump.go @@ -1,6 +1,6 @@ package asm -//go:generate stringer -output jump_string.go -type=JumpOp +//go:generate go run golang.org/x/tools/cmd/stringer@latest -output jump_string.go -type=JumpOp // JumpOp affect control flow. // diff --git a/vendor/github.com/cilium/ebpf/asm/load_store.go b/vendor/github.com/cilium/ebpf/asm/load_store.go index f109497aebc..574ee377c9b 100644 --- a/vendor/github.com/cilium/ebpf/asm/load_store.go +++ b/vendor/github.com/cilium/ebpf/asm/load_store.go @@ -1,6 +1,6 @@ package asm -//go:generate stringer -output load_store_string.go -type=Mode,Size +//go:generate go run golang.org/x/tools/cmd/stringer@latest -output load_store_string.go -type=Mode,Size // Mode for load and store operations // diff --git a/vendor/github.com/cilium/ebpf/asm/opcode.go b/vendor/github.com/cilium/ebpf/asm/opcode.go index 9e3c30b0b3a..845c5521f87 100644 --- a/vendor/github.com/cilium/ebpf/asm/opcode.go +++ b/vendor/github.com/cilium/ebpf/asm/opcode.go @@ -5,7 +5,7 @@ import ( "strings" ) -//go:generate stringer -output opcode_string.go -type=Class +//go:generate go run golang.org/x/tools/cmd/stringer@latest -output opcode_string.go -type=Class // Class of operations // diff --git a/vendor/github.com/cilium/ebpf/btf/btf.go b/vendor/github.com/cilium/ebpf/btf/btf.go index 86eb7d6819d..a2ee2d13064 100644 --- a/vendor/github.com/cilium/ebpf/btf/btf.go +++ b/vendor/github.com/cilium/ebpf/btf/btf.go @@ -14,7 +14,6 @@ import ( "github.com/cilium/ebpf/internal" "github.com/cilium/ebpf/internal/sys" - "github.com/cilium/ebpf/internal/unix" ) const btfMagic = 0xeB9F @@ -47,51 +46,13 @@ type Spec struct { // Includes all struct flavors and types with the same name. namedTypes map[essentialName][]Type - // String table from ELF, may be nil. + // String table from ELF. strings *stringTable // Byte order of the ELF we decoded the spec from, may be nil. byteOrder binary.ByteOrder } -var btfHeaderLen = binary.Size(&btfHeader{}) - -type btfHeader struct { - Magic uint16 - Version uint8 - Flags uint8 - HdrLen uint32 - - TypeOff uint32 - TypeLen uint32 - StringOff uint32 - StringLen uint32 -} - -// typeStart returns the offset from the beginning of the .BTF section -// to the start of its type entries. -func (h *btfHeader) typeStart() int64 { - return int64(h.HdrLen + h.TypeOff) -} - -// stringStart returns the offset from the beginning of the .BTF section -// to the start of its string table. -func (h *btfHeader) stringStart() int64 { - return int64(h.HdrLen + h.StringOff) -} - -// newSpec creates a Spec containing only Void. -func newSpec() *Spec { - return &Spec{ - []Type{(*Void)(nil)}, - map[Type]TypeID{(*Void)(nil): 0}, - 0, - make(map[essentialName][]Type), - nil, - nil, - } -} - // LoadSpec opens file and calls LoadSpecFromReader on it. func LoadSpec(file string) (*Spec, error) { fh, err := os.Open(file) @@ -240,10 +201,6 @@ func loadRawSpec(btf io.ReaderAt, bo binary.ByteOrder, base *Spec) (*Spec, error return nil, fmt.Errorf("can't use split BTF as base") } - if base.strings == nil { - return nil, fmt.Errorf("parse split BTF: base must be loaded from an ELF") - } - baseStrings = base.strings firstTypeID, err = base.nextTypeID() @@ -399,37 +356,6 @@ func findVMLinux() (*internal.SafeELFFile, error) { return nil, fmt.Errorf("no BTF found for kernel version %s: %w", release, internal.ErrNotSupported) } -// parseBTFHeader parses the header of the .BTF section. -func parseBTFHeader(r io.Reader, bo binary.ByteOrder) (*btfHeader, error) { - var header btfHeader - if err := binary.Read(r, bo, &header); err != nil { - return nil, fmt.Errorf("can't read header: %v", err) - } - - if header.Magic != btfMagic { - return nil, fmt.Errorf("incorrect magic value %v", header.Magic) - } - - if header.Version != 1 { - return nil, fmt.Errorf("unexpected version %v", header.Version) - } - - if header.Flags != 0 { - return nil, fmt.Errorf("unsupported flags %v", header.Flags) - } - - remainder := int64(header.HdrLen) - int64(binary.Size(&header)) - if remainder < 0 { - return nil, errors.New("header length shorter than btfHeader size") - } - - if _, err := io.CopyN(internal.DiscardZeroes{}, r, remainder); err != nil { - return nil, fmt.Errorf("header padding: %v", err) - } - - return &header, nil -} - func guessRawBTFByteOrder(r io.ReaderAt) binary.ByteOrder { buf := new(bufio.Reader) for _, bo := range []binary.ByteOrder{ @@ -773,97 +699,3 @@ func (iter *TypesIterator) Next() bool { iter.index++ return true } - -// haveBTF attempts to load a BTF blob containing an Int. It should pass on any -// kernel that supports BPF_BTF_LOAD. -var haveBTF = internal.NewFeatureTest("BTF", "4.18", func() error { - // 0-length anonymous integer - err := probeBTF(&Int{}) - if errors.Is(err, unix.EINVAL) || errors.Is(err, unix.EPERM) { - return internal.ErrNotSupported - } - return err -}) - -// haveMapBTF attempts to load a minimal BTF blob containing a Var. It is -// used as a proxy for .bss, .data and .rodata map support, which generally -// come with a Var and Datasec. These were introduced in Linux 5.2. -var haveMapBTF = internal.NewFeatureTest("Map BTF (Var/Datasec)", "5.2", func() error { - if err := haveBTF(); err != nil { - return err - } - - v := &Var{ - Name: "a", - Type: &Pointer{(*Void)(nil)}, - } - - err := probeBTF(v) - if errors.Is(err, unix.EINVAL) || errors.Is(err, unix.EPERM) { - // Treat both EINVAL and EPERM as not supported: creating the map may still - // succeed without Btf* attrs. - return internal.ErrNotSupported - } - return err -}) - -// haveProgBTF attempts to load a BTF blob containing a Func and FuncProto. It -// is used as a proxy for ext_info (func_info) support, which depends on -// Func(Proto) by definition. -var haveProgBTF = internal.NewFeatureTest("Program BTF (func/line_info)", "5.0", func() error { - if err := haveBTF(); err != nil { - return err - } - - fn := &Func{ - Name: "a", - Type: &FuncProto{Return: (*Void)(nil)}, - } - - err := probeBTF(fn) - if errors.Is(err, unix.EINVAL) || errors.Is(err, unix.EPERM) { - return internal.ErrNotSupported - } - return err -}) - -var haveFuncLinkage = internal.NewFeatureTest("BTF func linkage", "5.6", func() error { - if err := haveProgBTF(); err != nil { - return err - } - - fn := &Func{ - Name: "a", - Type: &FuncProto{Return: (*Void)(nil)}, - Linkage: GlobalFunc, - } - - err := probeBTF(fn) - if errors.Is(err, unix.EINVAL) { - return internal.ErrNotSupported - } - return err -}) - -func probeBTF(typ Type) error { - b, err := NewBuilder([]Type{typ}) - if err != nil { - return err - } - - buf, err := b.Marshal(nil, nil) - if err != nil { - return err - } - - fd, err := sys.BtfLoad(&sys.BtfLoadAttr{ - Btf: sys.NewSlicePointer(buf), - BtfSize: uint32(len(buf)), - }) - - if err == nil { - fd.Close() - } - - return err -} diff --git a/vendor/github.com/cilium/ebpf/btf/btf_types.go b/vendor/github.com/cilium/ebpf/btf/btf_types.go index a253b7c9b9e..c9984b2d443 100644 --- a/vendor/github.com/cilium/ebpf/btf/btf_types.go +++ b/vendor/github.com/cilium/ebpf/btf/btf_types.go @@ -2,12 +2,15 @@ package btf import ( "encoding/binary" + "errors" "fmt" "io" "unsafe" + + "github.com/cilium/ebpf/internal" ) -//go:generate stringer -linecomment -output=btf_types_string.go -type=FuncLinkage,VarLinkage,btfKind +//go:generate go run golang.org/x/tools/cmd/stringer@latest -linecomment -output=btf_types_string.go -type=FuncLinkage,VarLinkage,btfKind // btfKind describes a Type. type btfKind uint8 @@ -69,6 +72,63 @@ const ( btfTypeKindFlagMask = 1 ) +var btfHeaderLen = binary.Size(&btfHeader{}) + +type btfHeader struct { + Magic uint16 + Version uint8 + Flags uint8 + HdrLen uint32 + + TypeOff uint32 + TypeLen uint32 + StringOff uint32 + StringLen uint32 +} + +// typeStart returns the offset from the beginning of the .BTF section +// to the start of its type entries. +func (h *btfHeader) typeStart() int64 { + return int64(h.HdrLen + h.TypeOff) +} + +// stringStart returns the offset from the beginning of the .BTF section +// to the start of its string table. +func (h *btfHeader) stringStart() int64 { + return int64(h.HdrLen + h.StringOff) +} + +// parseBTFHeader parses the header of the .BTF section. +func parseBTFHeader(r io.Reader, bo binary.ByteOrder) (*btfHeader, error) { + var header btfHeader + if err := binary.Read(r, bo, &header); err != nil { + return nil, fmt.Errorf("can't read header: %v", err) + } + + if header.Magic != btfMagic { + return nil, fmt.Errorf("incorrect magic value %v", header.Magic) + } + + if header.Version != 1 { + return nil, fmt.Errorf("unexpected version %v", header.Version) + } + + if header.Flags != 0 { + return nil, fmt.Errorf("unsupported flags %v", header.Flags) + } + + remainder := int64(header.HdrLen) - int64(binary.Size(&header)) + if remainder < 0 { + return nil, errors.New("header length shorter than btfHeader size") + } + + if _, err := io.CopyN(internal.DiscardZeroes{}, r, remainder); err != nil { + return nil, fmt.Errorf("header padding: %v", err) + } + + return &header, nil +} + var btfTypeLen = binary.Size(btfType{}) // btfType is equivalent to struct btf_type in Documentation/bpf/btf.rst. diff --git a/vendor/github.com/cilium/ebpf/btf/ext_info.go b/vendor/github.com/cilium/ebpf/btf/ext_info.go index b764fb7bcc1..36803504be6 100644 --- a/vendor/github.com/cilium/ebpf/btf/ext_info.go +++ b/vendor/github.com/cilium/ebpf/btf/ext_info.go @@ -16,9 +16,9 @@ import ( // ExtInfos contains ELF section metadata. type ExtInfos struct { // The slices are sorted by offset in ascending order. - funcInfos map[string][]funcInfo - lineInfos map[string][]lineInfo - relocationInfos map[string][]coreRelocationInfo + funcInfos map[string]FuncInfos + lineInfos map[string]LineInfos + relocationInfos map[string]CORERelocationInfos } // loadExtInfosFromELF parses ext infos from the .BTF.ext section in an ELF. @@ -34,11 +34,11 @@ func loadExtInfosFromELF(file *internal.SafeELFFile, spec *Spec) (*ExtInfos, err return nil, fmt.Errorf("compressed ext_info is not supported") } - return loadExtInfos(section.ReaderAt, file.ByteOrder, spec, spec.strings) + return loadExtInfos(section.ReaderAt, file.ByteOrder, spec) } // loadExtInfos parses bare ext infos. -func loadExtInfos(r io.ReaderAt, bo binary.ByteOrder, spec *Spec, strings *stringTable) (*ExtInfos, error) { +func loadExtInfos(r io.ReaderAt, bo binary.ByteOrder, spec *Spec) (*ExtInfos, error) { // Open unbuffered section reader. binary.Read() calls io.ReadFull on // the header structs, resulting in one syscall per header. headerRd := io.NewSectionReader(r, 0, math.MaxInt64) @@ -53,12 +53,12 @@ func loadExtInfos(r io.ReaderAt, bo binary.ByteOrder, spec *Spec, strings *strin } buf := internal.NewBufferedSectionReader(r, extHeader.funcInfoStart(), int64(extHeader.FuncInfoLen)) - btfFuncInfos, err := parseFuncInfos(buf, bo, strings) + btfFuncInfos, err := parseFuncInfos(buf, bo, spec.strings) if err != nil { return nil, fmt.Errorf("parsing BTF function info: %w", err) } - funcInfos := make(map[string][]funcInfo, len(btfFuncInfos)) + funcInfos := make(map[string]FuncInfos, len(btfFuncInfos)) for section, bfis := range btfFuncInfos { funcInfos[section], err = newFuncInfos(bfis, spec) if err != nil { @@ -67,14 +67,14 @@ func loadExtInfos(r io.ReaderAt, bo binary.ByteOrder, spec *Spec, strings *strin } buf = internal.NewBufferedSectionReader(r, extHeader.lineInfoStart(), int64(extHeader.LineInfoLen)) - btfLineInfos, err := parseLineInfos(buf, bo, strings) + btfLineInfos, err := parseLineInfos(buf, bo, spec.strings) if err != nil { return nil, fmt.Errorf("parsing BTF line info: %w", err) } - lineInfos := make(map[string][]lineInfo, len(btfLineInfos)) + lineInfos := make(map[string]LineInfos, len(btfLineInfos)) for section, blis := range btfLineInfos { - lineInfos[section], err = newLineInfos(blis, strings) + lineInfos[section], err = newLineInfos(blis, spec.strings) if err != nil { return nil, fmt.Errorf("section %s: line infos: %w", section, err) } @@ -86,14 +86,14 @@ func loadExtInfos(r io.ReaderAt, bo binary.ByteOrder, spec *Spec, strings *strin var btfCORERelos map[string][]bpfCORERelo buf = internal.NewBufferedSectionReader(r, extHeader.coreReloStart(coreHeader), int64(coreHeader.COREReloLen)) - btfCORERelos, err = parseCORERelos(buf, bo, strings) + btfCORERelos, err = parseCORERelos(buf, bo, spec.strings) if err != nil { return nil, fmt.Errorf("parsing CO-RE relocation info: %w", err) } - coreRelos := make(map[string][]coreRelocationInfo, len(btfCORERelos)) + coreRelos := make(map[string]CORERelocationInfos, len(btfCORERelos)) for section, brs := range btfCORERelos { - coreRelos[section], err = newRelocationInfos(brs, spec, strings) + coreRelos[section], err = newRelocationInfos(brs, spec, spec.strings) if err != nil { return nil, fmt.Errorf("section %s: CO-RE relocations: %w", section, err) } @@ -111,21 +111,31 @@ func (ei *ExtInfos) Assign(insns asm.Instructions, section string) { lineInfos := ei.lineInfos[section] reloInfos := ei.relocationInfos[section] + AssignMetadataToInstructions(insns, funcInfos, lineInfos, reloInfos) +} + +// Assign per-instruction metadata to the instructions in insns. +func AssignMetadataToInstructions( + insns asm.Instructions, + funcInfos FuncInfos, + lineInfos LineInfos, + reloInfos CORERelocationInfos, +) { iter := insns.Iterate() for iter.Next() { - if len(funcInfos) > 0 && funcInfos[0].offset == iter.Offset { - *iter.Ins = WithFuncMetadata(*iter.Ins, funcInfos[0].fn) - funcInfos = funcInfos[1:] + if len(funcInfos.infos) > 0 && funcInfos.infos[0].offset == iter.Offset { + *iter.Ins = WithFuncMetadata(*iter.Ins, funcInfos.infos[0].fn) + funcInfos.infos = funcInfos.infos[1:] } - if len(lineInfos) > 0 && lineInfos[0].offset == iter.Offset { - *iter.Ins = iter.Ins.WithSource(lineInfos[0].line) - lineInfos = lineInfos[1:] + if len(lineInfos.infos) > 0 && lineInfos.infos[0].offset == iter.Offset { + *iter.Ins = iter.Ins.WithSource(lineInfos.infos[0].line) + lineInfos.infos = lineInfos.infos[1:] } - if len(reloInfos) > 0 && reloInfos[0].offset == iter.Offset { - iter.Ins.Metadata.Set(coreRelocationMeta{}, reloInfos[0].relo) - reloInfos = reloInfos[1:] + if len(reloInfos.infos) > 0 && reloInfos.infos[0].offset == iter.Offset { + iter.Ins.Metadata.Set(coreRelocationMeta{}, reloInfos.infos[0].relo) + reloInfos.infos = reloInfos.infos[1:] } } } @@ -323,6 +333,11 @@ func parseExtInfoRecordSize(r io.Reader, bo binary.ByteOrder) (uint32, error) { return recordSize, nil } +// FuncInfos contains a sorted list of func infos. +type FuncInfos struct { + infos []funcInfo +} + // The size of a FuncInfo in BTF wire format. var FuncInfoSize = uint32(binary.Size(bpfFuncInfo{})) @@ -359,21 +374,38 @@ func newFuncInfo(fi bpfFuncInfo, spec *Spec) (*funcInfo, error) { }, nil } -func newFuncInfos(bfis []bpfFuncInfo, spec *Spec) ([]funcInfo, error) { - fis := make([]funcInfo, 0, len(bfis)) +func newFuncInfos(bfis []bpfFuncInfo, spec *Spec) (FuncInfos, error) { + fis := FuncInfos{ + infos: make([]funcInfo, 0, len(bfis)), + } for _, bfi := range bfis { fi, err := newFuncInfo(bfi, spec) if err != nil { - return nil, fmt.Errorf("offset %d: %w", bfi.InsnOff, err) + return FuncInfos{}, fmt.Errorf("offset %d: %w", bfi.InsnOff, err) } - fis = append(fis, *fi) + fis.infos = append(fis.infos, *fi) } - sort.Slice(fis, func(i, j int) bool { - return fis[i].offset <= fis[j].offset + sort.Slice(fis.infos, func(i, j int) bool { + return fis.infos[i].offset <= fis.infos[j].offset }) return fis, nil } +// LoadFuncInfos parses btf func info in wire format. +func LoadFuncInfos(reader io.Reader, bo binary.ByteOrder, recordNum uint32, spec *Spec) (FuncInfos, error) { + fis, err := parseFuncInfoRecords( + reader, + bo, + FuncInfoSize, + recordNum, + ) + if err != nil { + return FuncInfos{}, fmt.Errorf("parsing BTF func info: %w", err) + } + + return newFuncInfos(fis, spec) +} + // marshal into the BTF wire format. func (fi *funcInfo) marshal(w *bytes.Buffer, b *Builder) error { id, err := b.Add(fi.fn) @@ -480,6 +512,11 @@ func (li *Line) String() string { return li.line } +// LineInfos contains a sorted list of line infos. +type LineInfos struct { + infos []lineInfo +} + type lineInfo struct { line *Line offset asm.RawInstructionOffset @@ -500,6 +537,21 @@ type bpfLineInfo struct { LineCol uint32 } +// LoadLineInfos parses btf line info in wire format. +func LoadLineInfos(reader io.Reader, bo binary.ByteOrder, recordNum uint32, spec *Spec) (LineInfos, error) { + lis, err := parseLineInfoRecords( + reader, + bo, + LineInfoSize, + recordNum, + ) + if err != nil { + return LineInfos{}, fmt.Errorf("parsing BTF line info: %w", err) + } + + return newLineInfos(lis, spec.strings) +} + func newLineInfo(li bpfLineInfo, strings *stringTable) (*lineInfo, error) { line, err := strings.Lookup(li.LineOff) if err != nil { @@ -525,17 +577,19 @@ func newLineInfo(li bpfLineInfo, strings *stringTable) (*lineInfo, error) { }, nil } -func newLineInfos(blis []bpfLineInfo, strings *stringTable) ([]lineInfo, error) { - lis := make([]lineInfo, 0, len(blis)) +func newLineInfos(blis []bpfLineInfo, strings *stringTable) (LineInfos, error) { + lis := LineInfos{ + infos: make([]lineInfo, 0, len(blis)), + } for _, bli := range blis { li, err := newLineInfo(bli, strings) if err != nil { - return nil, fmt.Errorf("offset %d: %w", bli.InsnOff, err) + return LineInfos{}, fmt.Errorf("offset %d: %w", bli.InsnOff, err) } - lis = append(lis, *li) + lis.infos = append(lis.infos, *li) } - sort.Slice(lis, func(i, j int) bool { - return lis[i].offset <= lis[j].offset + sort.Slice(lis.infos, func(i, j int) bool { + return lis.infos[i].offset <= lis.infos[j].offset }) return lis, nil } @@ -661,6 +715,11 @@ func CORERelocationMetadata(ins *asm.Instruction) *CORERelocation { return relo } +// CORERelocationInfos contains a sorted list of co:re relocation infos. +type CORERelocationInfos struct { + infos []coreRelocationInfo +} + type coreRelocationInfo struct { relo *CORERelocation offset asm.RawInstructionOffset @@ -693,17 +752,19 @@ func newRelocationInfo(relo bpfCORERelo, spec *Spec, strings *stringTable) (*cor }, nil } -func newRelocationInfos(brs []bpfCORERelo, spec *Spec, strings *stringTable) ([]coreRelocationInfo, error) { - rs := make([]coreRelocationInfo, 0, len(brs)) +func newRelocationInfos(brs []bpfCORERelo, spec *Spec, strings *stringTable) (CORERelocationInfos, error) { + rs := CORERelocationInfos{ + infos: make([]coreRelocationInfo, 0, len(brs)), + } for _, br := range brs { relo, err := newRelocationInfo(br, spec, strings) if err != nil { - return nil, fmt.Errorf("offset %d: %w", br.InsnOff, err) + return CORERelocationInfos{}, fmt.Errorf("offset %d: %w", br.InsnOff, err) } - rs = append(rs, *relo) + rs.infos = append(rs.infos, *relo) } - sort.Slice(rs, func(i, j int) bool { - return rs[i].offset < rs[j].offset + sort.Slice(rs.infos, func(i, j int) bool { + return rs.infos[i].offset < rs.infos[j].offset }) return rs, nil } diff --git a/vendor/github.com/cilium/ebpf/btf/feature.go b/vendor/github.com/cilium/ebpf/btf/feature.go new file mode 100644 index 00000000000..6feb08dfbb0 --- /dev/null +++ b/vendor/github.com/cilium/ebpf/btf/feature.go @@ -0,0 +1,123 @@ +package btf + +import ( + "errors" + "math" + + "github.com/cilium/ebpf/internal" + "github.com/cilium/ebpf/internal/sys" + "github.com/cilium/ebpf/internal/unix" +) + +// haveBTF attempts to load a BTF blob containing an Int. It should pass on any +// kernel that supports BPF_BTF_LOAD. +var haveBTF = internal.NewFeatureTest("BTF", "4.18", func() error { + // 0-length anonymous integer + err := probeBTF(&Int{}) + if errors.Is(err, unix.EINVAL) || errors.Is(err, unix.EPERM) { + return internal.ErrNotSupported + } + return err +}) + +// haveMapBTF attempts to load a minimal BTF blob containing a Var. It is +// used as a proxy for .bss, .data and .rodata map support, which generally +// come with a Var and Datasec. These were introduced in Linux 5.2. +var haveMapBTF = internal.NewFeatureTest("Map BTF (Var/Datasec)", "5.2", func() error { + if err := haveBTF(); err != nil { + return err + } + + v := &Var{ + Name: "a", + Type: &Pointer{(*Void)(nil)}, + } + + err := probeBTF(v) + if errors.Is(err, unix.EINVAL) || errors.Is(err, unix.EPERM) { + // Treat both EINVAL and EPERM as not supported: creating the map may still + // succeed without Btf* attrs. + return internal.ErrNotSupported + } + return err +}) + +// haveProgBTF attempts to load a BTF blob containing a Func and FuncProto. It +// is used as a proxy for ext_info (func_info) support, which depends on +// Func(Proto) by definition. +var haveProgBTF = internal.NewFeatureTest("Program BTF (func/line_info)", "5.0", func() error { + if err := haveBTF(); err != nil { + return err + } + + fn := &Func{ + Name: "a", + Type: &FuncProto{Return: (*Void)(nil)}, + } + + err := probeBTF(fn) + if errors.Is(err, unix.EINVAL) || errors.Is(err, unix.EPERM) { + return internal.ErrNotSupported + } + return err +}) + +var haveFuncLinkage = internal.NewFeatureTest("BTF func linkage", "5.6", func() error { + if err := haveProgBTF(); err != nil { + return err + } + + fn := &Func{ + Name: "a", + Type: &FuncProto{Return: (*Void)(nil)}, + Linkage: GlobalFunc, + } + + err := probeBTF(fn) + if errors.Is(err, unix.EINVAL) { + return internal.ErrNotSupported + } + return err +}) + +var haveEnum64 = internal.NewFeatureTest("ENUM64", "6.0", func() error { + if err := haveBTF(); err != nil { + return err + } + + enum := &Enum{ + Size: 8, + Values: []EnumValue{ + {"TEST", math.MaxUint32 + 1}, + }, + } + + err := probeBTF(enum) + if errors.Is(err, unix.EINVAL) { + return internal.ErrNotSupported + } + return err +}) + +func probeBTF(typ Type) error { + b, err := NewBuilder([]Type{typ}) + if err != nil { + return err + } + + buf, err := b.Marshal(nil, nil) + if err != nil { + return err + } + + fd, err := sys.BtfLoad(&sys.BtfLoadAttr{ + Btf: sys.NewSlicePointer(buf), + BtfSize: uint32(len(buf)), + }) + + if err == nil { + fd.Close() + } + + return err +} diff --git a/vendor/github.com/cilium/ebpf/btf/format.go b/vendor/github.com/cilium/ebpf/btf/format.go index e85220259e7..acb489cd0c8 100644 --- a/vendor/github.com/cilium/ebpf/btf/format.go +++ b/vendor/github.com/cilium/ebpf/btf/format.go @@ -77,7 +77,13 @@ func (gf *GoFormatter) writeTypeDecl(name string, typ Type) error { gf.w.WriteString("; const ( ") for _, ev := range e.Values { id := gf.enumIdentifier(name, ev.Name) - fmt.Fprintf(&gf.w, "%s %s = %d; ", id, name, ev.Value) + var value any + if e.Signed { + value = int64(ev.Value) + } else { + value = ev.Value + } + fmt.Fprintf(&gf.w, "%s %s = %d; ", id, name, value) } gf.w.WriteString(")") diff --git a/vendor/github.com/cilium/ebpf/btf/marshal.go b/vendor/github.com/cilium/ebpf/btf/marshal.go index bfe53b41072..0d093c66564 100644 --- a/vendor/github.com/cilium/ebpf/btf/marshal.go +++ b/vendor/github.com/cilium/ebpf/btf/marshal.go @@ -18,6 +18,8 @@ type MarshalOptions struct { Order binary.ByteOrder // Remove function linkage information for compatibility with <5.6 kernels. StripFuncLinkage bool + // Replace Enum64 with a placeholder for compatibility with <6.0 kernels. + ReplaceEnum64 bool } // KernelMarshalOptions will generate BTF suitable for the current kernel. @@ -25,6 +27,7 @@ func KernelMarshalOptions() *MarshalOptions { return &MarshalOptions{ Order: internal.NativeEndian, StripFuncLinkage: haveFuncLinkage() != nil, + ReplaceEnum64: haveEnum64() != nil, } } @@ -328,21 +331,13 @@ func (e *encoder) deflateType(typ Type) (err error) { raw.data, err = e.convertMembers(&raw.btfType, v.Members) case *Union: - raw.SetKind(kindUnion) - raw.SetSize(v.Size) - raw.data, err = e.convertMembers(&raw.btfType, v.Members) + err = e.deflateUnion(&raw, v) case *Enum: - raw.SetSize(v.size()) - raw.SetVlen(len(v.Values)) - raw.SetSigned(v.Signed) - - if v.has64BitValues() { - raw.SetKind(kindEnum64) - raw.data, err = e.deflateEnum64Values(v.Values) + if v.Size == 8 { + err = e.deflateEnum64(&raw, v) } else { - raw.SetKind(kindEnum) - raw.data, err = e.deflateEnumValues(v.Values) + err = e.deflateEnum(&raw, v) } case *Fwd: @@ -415,6 +410,13 @@ func (e *encoder) deflateType(typ Type) (err error) { return raw.Marshal(e.buf, e.Order) } +func (e *encoder) deflateUnion(raw *rawType, union *Union) (err error) { + raw.SetKind(kindUnion) + raw.SetSize(union.Size) + raw.data, err = e.convertMembers(&raw.btfType, union.Members) + return +} + func (e *encoder) convertMembers(header *btfType, members []Member) ([]btfMember, error) { bms := make([]btfMember, 0, len(members)) isBitfield := false @@ -443,16 +445,32 @@ func (e *encoder) convertMembers(header *btfType, members []Member) ([]btfMember return bms, nil } -func (e *encoder) deflateEnumValues(values []EnumValue) ([]btfEnum, error) { - bes := make([]btfEnum, 0, len(values)) - for _, value := range values { +func (e *encoder) deflateEnum(raw *rawType, enum *Enum) (err error) { + raw.SetKind(kindEnum) + raw.SetSize(enum.Size) + raw.SetVlen(len(enum.Values)) + // Signedness appeared together with ENUM64 support. + raw.SetSigned(enum.Signed && !e.ReplaceEnum64) + raw.data, err = e.deflateEnumValues(enum) + return +} + +func (e *encoder) deflateEnumValues(enum *Enum) ([]btfEnum, error) { + bes := make([]btfEnum, 0, len(enum.Values)) + for _, value := range enum.Values { nameOff, err := e.strings.Add(value.Name) if err != nil { return nil, err } - if value.Value > math.MaxUint32 { - return nil, fmt.Errorf("value of enum %q exceeds 32 bits", value.Name) + if enum.Signed { + if signedValue := int64(value.Value); signedValue < math.MinInt32 || signedValue > math.MaxInt32 { + return nil, fmt.Errorf("value %d of enum %q exceeds 32 bits", signedValue, value.Name) + } + } else { + if value.Value > math.MaxUint32 { + return nil, fmt.Errorf("value %d of enum %q exceeds 32 bits", value.Value, value.Name) + } } bes = append(bes, btfEnum{ @@ -464,6 +482,41 @@ func (e *encoder) deflateEnumValues(values []EnumValue) ([]btfEnum, error) { return bes, nil } +func (e *encoder) deflateEnum64(raw *rawType, enum *Enum) (err error) { + if e.ReplaceEnum64 { + // Replace the ENUM64 with a union of fields with the correct size. + // This matches libbpf behaviour on purpose. + placeholder := &Int{ + "enum64_placeholder", + enum.Size, + Unsigned, + } + if enum.Signed { + placeholder.Encoding = Signed + } + if err := e.allocateID(placeholder); err != nil { + return fmt.Errorf("add enum64 placeholder: %w", err) + } + + members := make([]Member, 0, len(enum.Values)) + for _, v := range enum.Values { + members = append(members, Member{ + Name: v.Name, + Type: placeholder, + }) + } + + return e.deflateUnion(raw, &Union{enum.Name, enum.Size, members}) + } + + raw.SetKind(kindEnum64) + raw.SetSize(enum.Size) + raw.SetVlen(len(enum.Values)) + raw.SetSigned(enum.Signed) + raw.data, err = e.deflateEnum64Values(enum.Values) + return +} + func (e *encoder) deflateEnum64Values(values []EnumValue) ([]btfEnum64, error) { bes := make([]btfEnum64, 0, len(values)) for _, value := range values { diff --git a/vendor/github.com/cilium/ebpf/btf/strings.go b/vendor/github.com/cilium/ebpf/btf/strings.go index bc6aff28142..0ddf1d24fb2 100644 --- a/vendor/github.com/cilium/ebpf/btf/strings.go +++ b/vendor/github.com/cilium/ebpf/btf/strings.go @@ -9,6 +9,7 @@ import ( "strings" "golang.org/x/exp/maps" + "golang.org/x/exp/slices" ) type stringTable struct { @@ -83,8 +84,8 @@ func (st *stringTable) Lookup(offset uint32) (string, error) { } func (st *stringTable) lookup(offset uint32) (string, error) { - i := search(st.offsets, offset) - if i == len(st.offsets) || st.offsets[i] != offset { + i, found := slices.BinarySearch(st.offsets, offset) + if !found { return "", fmt.Errorf("offset %d isn't start of a string", offset) } @@ -110,26 +111,6 @@ func (st *stringTable) Num() int { return len(st.strings) } -// search is a copy of sort.Search specialised for uint32. -// -// Licensed under https://go.dev/LICENSE -func search(ints []uint32, needle uint32) int { - // Define f(-1) == false and f(n) == true. - // Invariant: f(i-1) == false, f(j) == true. - i, j := 0, len(ints) - for i < j { - h := int(uint(i+j) >> 1) // avoid overflow when computing h - // i ≤ h < j - if !(ints[h] >= needle) { - i = h + 1 // preserves f(i-1) == false - } else { - j = h // preserves f(j) == true - } - } - // i == j, f(i-1) == false, and f(j) (= f(i)) == true => answer is i. - return i -} - // stringTableBuilder builds BTF string tables. type stringTableBuilder struct { length uint32 diff --git a/vendor/github.com/cilium/ebpf/btf/types.go b/vendor/github.com/cilium/ebpf/btf/types.go index 68d4a175716..5aedd72d8c3 100644 --- a/vendor/github.com/cilium/ebpf/btf/types.go +++ b/vendor/github.com/cilium/ebpf/btf/types.go @@ -278,21 +278,6 @@ func (e *Enum) copy() Type { return &cpy } -// has64BitValues returns true if the Enum contains a value larger than 32 bits. -// Kernels before 6.0 have enum values that overrun u32 replaced with zeroes. -// -// 64-bit enums have their Enum.Size attributes correctly set to 8, but if we -// use the size attribute as a heuristic during BTF marshaling, we'll emit -// ENUM64s to kernels that don't support them. -func (e *Enum) has64BitValues() bool { - for _, v := range e.Values { - if v.Value > math.MaxUint32 { - return true - } - } - return false -} - // FwdKind is the type of forward declaration. type FwdKind int diff --git a/vendor/github.com/cilium/ebpf/collection.go b/vendor/github.com/cilium/ebpf/collection.go index fb720bebdb7..a581ecf44fa 100644 --- a/vendor/github.com/cilium/ebpf/collection.go +++ b/vendor/github.com/cilium/ebpf/collection.go @@ -11,6 +11,7 @@ import ( "github.com/cilium/ebpf/btf" "github.com/cilium/ebpf/internal" "github.com/cilium/ebpf/internal/kconfig" + "github.com/cilium/ebpf/internal/sysenc" ) // CollectionOptions control loading a collection into the kernel. @@ -175,12 +176,12 @@ func (cs *CollectionSpec) RewriteConstants(consts map[string]interface{}) error return fmt.Errorf("section %s: offset %d(+%d) for variable %s is out of bounds", name, v.Offset, v.Size, vname) } - b, err := marshalBytes(replacement, int(v.Size)) + b, err := sysenc.Marshal(replacement, int(v.Size)) if err != nil { return fmt.Errorf("marshaling constant replacement %s: %w", vname, err) } - copy(cpy[v.Offset:v.Offset+v.Size], b) + b.CopyTo(cpy[v.Offset : v.Offset+v.Size]) replaced[vname] = true } @@ -308,7 +309,7 @@ func (cs *CollectionSpec) LoadAndAssign(to interface{}, opts *CollectionOptions) } // Populate the requested maps. Has a chance of lazy-loading other dependent maps. - if err := loader.populateMaps(); err != nil { + if err := loader.populateDeferredMaps(); err != nil { return err } @@ -388,7 +389,7 @@ func NewCollectionWithOptions(spec *CollectionSpec, opts CollectionOptions) (*Co // Maps can contain Program and Map stubs, so populate them after // all Maps and Programs have been successfully loaded. - if err := loader.populateMaps(); err != nil { + if err := loader.populateDeferredMaps(); err != nil { return nil, err } @@ -470,6 +471,15 @@ func (cl *collectionLoader) loadMap(mapName string) (*Map, error) { return nil, fmt.Errorf("map %s: %w", mapName, err) } + // Finalize 'scalar' maps that don't refer to any other eBPF resources + // potentially pending creation. This is needed for frozen maps like .rodata + // that need to be finalized before invoking the verifier. + if !mapSpec.Type.canStoreMapOrProgram() { + if err := m.finalize(mapSpec); err != nil { + return nil, fmt.Errorf("finalizing map %s: %w", mapName, err) + } + } + cl.maps[mapName] = m return m, nil } @@ -527,44 +537,50 @@ func (cl *collectionLoader) loadProgram(progName string) (*Program, error) { return prog, nil } -func (cl *collectionLoader) populateMaps() error { +// populateDeferredMaps iterates maps holding programs or other maps and loads +// any dependencies. Populates all maps in cl and freezes them if specified. +func (cl *collectionLoader) populateDeferredMaps() error { for mapName, m := range cl.maps { mapSpec, ok := cl.coll.Maps[mapName] if !ok { return fmt.Errorf("missing map spec %s", mapName) } + // Scalar maps without Map or Program references are finalized during + // creation. Don't finalize them again. + if !mapSpec.Type.canStoreMapOrProgram() { + continue + } + + mapSpec = mapSpec.Copy() + // MapSpecs that refer to inner maps or programs within the same // CollectionSpec do so using strings. These strings are used as the key // to look up the respective object in the Maps or Programs fields. // Resolve those references to actual Map or Program resources that // have been loaded into the kernel. - if mapSpec.Type.canStoreMap() || mapSpec.Type.canStoreProgram() { - mapSpec = mapSpec.Copy() + for i, kv := range mapSpec.Contents { + objName, ok := kv.Value.(string) + if !ok { + continue + } - for i, kv := range mapSpec.Contents { - objName, ok := kv.Value.(string) - if !ok { - continue + switch t := mapSpec.Type; { + case t.canStoreProgram(): + // loadProgram is idempotent and could return an existing Program. + prog, err := cl.loadProgram(objName) + if err != nil { + return fmt.Errorf("loading program %s, for map %s: %w", objName, mapName, err) } + mapSpec.Contents[i] = MapKV{kv.Key, prog} - switch t := mapSpec.Type; { - case t.canStoreProgram(): - // loadProgram is idempotent and could return an existing Program. - prog, err := cl.loadProgram(objName) - if err != nil { - return fmt.Errorf("loading program %s, for map %s: %w", objName, mapName, err) - } - mapSpec.Contents[i] = MapKV{kv.Key, prog} - - case t.canStoreMap(): - // loadMap is idempotent and could return an existing Map. - innerMap, err := cl.loadMap(objName) - if err != nil { - return fmt.Errorf("loading inner map %s, for map %s: %w", objName, mapName, err) - } - mapSpec.Contents[i] = MapKV{kv.Key, innerMap} + case t.canStoreMap(): + // loadMap is idempotent and could return an existing Map. + innerMap, err := cl.loadMap(objName) + if err != nil { + return fmt.Errorf("loading inner map %s, for map %s: %w", objName, mapName, err) } + mapSpec.Contents[i] = MapKV{kv.Key, innerMap} } } diff --git a/vendor/github.com/cilium/ebpf/elf_reader.go b/vendor/github.com/cilium/ebpf/elf_reader.go index 8d92672eb14..5e0bb98ea14 100644 --- a/vendor/github.com/cilium/ebpf/elf_reader.go +++ b/vendor/github.com/cilium/ebpf/elf_reader.go @@ -81,6 +81,8 @@ func LoadCollectionSpecFromReader(rd io.ReaderAt) (*CollectionSpec, error) { // Collect all the sections we're interested in. This includes relocations // which we parse later. + // + // Keep the documentation at docs/ebpf/loading/elf-sections.md up-to-date. for i, sec := range f.Sections { idx := elf.SectionIndex(i) @@ -694,10 +696,6 @@ func (ec *elfCode) loadMaps() error { spec.Extra = bytes.NewReader(extra) } - if err := spec.clampPerfEventArraySize(); err != nil { - return fmt.Errorf("map %s: %w", mapName, err) - } - ec.maps[mapName] = &spec } } @@ -752,7 +750,7 @@ func (ec *elfCode) loadBTFMaps() error { } // Each Var representing a BTF map definition contains a Struct. - mapStruct, ok := v.Type.(*btf.Struct) + mapStruct, ok := btf.UnderlyingType(v.Type).(*btf.Struct) if !ok { return fmt.Errorf("expected struct, got %s", v.Type) } @@ -762,10 +760,6 @@ func (ec *elfCode) loadBTFMaps() error { return fmt.Errorf("map %v: %w", name, err) } - if err := mapSpec.clampPerfEventArraySize(); err != nil { - return fmt.Errorf("map %v: %w", name, err) - } - ec.maps[name] = mapSpec } @@ -785,7 +779,7 @@ func (ec *elfCode) loadBTFMaps() error { // mapSpecFromBTF produces a MapSpec based on a btf.Struct def representing // a BTF map definition. The name and spec arguments will be copied to the -// resulting MapSpec, and inner must be true on any resursive invocations. +// resulting MapSpec, and inner must be true on any recursive invocations. func mapSpecFromBTF(es *elfSection, vs *btf.VarSecinfo, def *btf.Struct, spec *btf.Spec, name string, inner bool) (*MapSpec, error) { var ( key, value btf.Type @@ -1150,7 +1144,7 @@ func (ec *elfCode) loadKconfigSection() error { KeySize: uint32(4), ValueSize: ds.Size, MaxEntries: 1, - Flags: unix.BPF_F_RDONLY_PROG | unix.BPF_F_MMAPABLE, + Flags: unix.BPF_F_RDONLY_PROG, Freeze: true, Key: &btf.Int{Size: 4}, Value: ds, @@ -1268,6 +1262,7 @@ func getProgType(sectionName string) (ProgramType, AttachType, uint32, string) { {"seccomp", SocketFilter, AttachNone, 0}, {"kprobe.multi", Kprobe, AttachTraceKprobeMulti, 0}, {"kretprobe.multi", Kprobe, AttachTraceKprobeMulti, 0}, + // Document all prefixes in docs/ebpf/concepts/elf-sections.md. } for _, t := range types { diff --git a/vendor/github.com/cilium/ebpf/info.go b/vendor/github.com/cilium/ebpf/info.go index a02e8a41618..79b11c951f4 100644 --- a/vendor/github.com/cilium/ebpf/info.go +++ b/vendor/github.com/cilium/ebpf/info.go @@ -101,6 +101,11 @@ type ProgramInfo struct { maps []MapID insns []byte + + lineInfos []byte + numLineInfos uint32 + funcInfos []byte + numFuncInfos uint32 } func newProgramInfoFromFd(fd *sys.FD) (*ProgramInfo, error) { @@ -128,10 +133,13 @@ func newProgramInfoFromFd(fd *sys.FD) (*ProgramInfo, error) { // Start with a clean struct for the second call, otherwise we may get EFAULT. var info2 sys.ProgInfo + makeSecondCall := false + if info.NrMapIds > 0 { pi.maps = make([]MapID, info.NrMapIds) info2.NrMapIds = info.NrMapIds info2.MapIds = sys.NewPointer(unsafe.Pointer(&pi.maps[0])) + makeSecondCall = true } else if haveProgramInfoMapIDs() == nil { // This program really has no associated maps. pi.maps = make([]MapID, 0) @@ -150,9 +158,28 @@ func newProgramInfoFromFd(fd *sys.FD) (*ProgramInfo, error) { pi.insns = make([]byte, info.XlatedProgLen) info2.XlatedProgLen = info.XlatedProgLen info2.XlatedProgInsns = sys.NewSlicePointer(pi.insns) + makeSecondCall = true + } + + if info.NrLineInfo > 0 { + pi.lineInfos = make([]byte, btf.LineInfoSize*info.NrLineInfo) + info2.LineInfo = sys.NewSlicePointer(pi.lineInfos) + info2.LineInfoRecSize = btf.LineInfoSize + info2.NrLineInfo = info.NrLineInfo + pi.numLineInfos = info.NrLineInfo + makeSecondCall = true } - if info.NrMapIds > 0 || info.XlatedProgLen > 0 { + if info.NrFuncInfo > 0 { + pi.funcInfos = make([]byte, btf.FuncInfoSize*info.NrFuncInfo) + info2.FuncInfo = sys.NewSlicePointer(pi.funcInfos) + info2.FuncInfoRecSize = btf.FuncInfoSize + info2.NrFuncInfo = info.NrFuncInfo + pi.numFuncInfos = info.NrFuncInfo + makeSecondCall = true + } + + if makeSecondCall { if err := sys.ObjInfo(fd, &info2); err != nil { return nil, err } @@ -245,7 +272,13 @@ func (pi *ProgramInfo) Runtime() (time.Duration, bool) { // // The first instruction is marked as a symbol using the Program's name. // -// Available from 4.13. Requires CAP_BPF or equivalent. +// If available, the instructions will be annotated with metadata from the +// BTF. This includes line information and function information. Reading +// this metadata requires CAP_SYS_ADMIN or equivalent. If capability is +// unavailable, the instructions will be returned without metadata. +// +// Available from 4.13. Requires CAP_BPF or equivalent for plain instructions. +// Requires CAP_SYS_ADMIN for instructions with metadata. func (pi *ProgramInfo) Instructions() (asm.Instructions, error) { // If the calling process is not BPF-capable or if the kernel doesn't // support getting xlated instructions, the field will be zero. @@ -259,8 +292,55 @@ func (pi *ProgramInfo) Instructions() (asm.Instructions, error) { return nil, fmt.Errorf("unmarshaling instructions: %w", err) } - // Tag the first instruction with the name of the program, if available. - insns[0] = insns[0].WithSymbol(pi.Name) + if pi.btf != 0 { + btfh, err := btf.NewHandleFromID(pi.btf) + if err != nil { + // Getting a BTF handle requires CAP_SYS_ADMIN, if not available we get an -EPERM. + // Ignore it and fall back to instructions without metadata. + if !errors.Is(err, unix.EPERM) { + return nil, fmt.Errorf("unable to get BTF handle: %w", err) + } + } + + // If we have a BTF handle, we can use it to assign metadata to the instructions. + if btfh != nil { + defer btfh.Close() + + spec, err := btfh.Spec(nil) + if err != nil { + return nil, fmt.Errorf("unable to get BTF spec: %w", err) + } + + lineInfos, err := btf.LoadLineInfos( + bytes.NewReader(pi.lineInfos), + internal.NativeEndian, + pi.numLineInfos, + spec, + ) + if err != nil { + return nil, fmt.Errorf("parse line info: %w", err) + } + + funcInfos, err := btf.LoadFuncInfos( + bytes.NewReader(pi.funcInfos), + internal.NativeEndian, + pi.numFuncInfos, + spec, + ) + if err != nil { + return nil, fmt.Errorf("parse func info: %w", err) + } + + btf.AssignMetadataToInstructions(insns, funcInfos, lineInfos, btf.CORERelocationInfos{}) + } + } + + fn := btf.FuncMetadata(&insns[0]) + name := pi.Name + if fn != nil { + name = fn.Name + } + insns[0] = insns[0].WithSymbol(name) return insns, nil } diff --git a/vendor/github.com/cilium/ebpf/internal/endian_be.go b/vendor/github.com/cilium/ebpf/internal/endian_be.go index 96a2ac0de22..39f49ba3a01 100644 --- a/vendor/github.com/cilium/ebpf/internal/endian_be.go +++ b/vendor/github.com/cilium/ebpf/internal/endian_be.go @@ -6,7 +6,7 @@ import "encoding/binary" // NativeEndian is set to either binary.BigEndian or binary.LittleEndian, // depending on the host's endianness. -var NativeEndian binary.ByteOrder = binary.BigEndian +var NativeEndian = binary.BigEndian // ClangEndian is set to either "el" or "eb" depending on the host's endianness. const ClangEndian = "eb" diff --git a/vendor/github.com/cilium/ebpf/internal/endian_le.go b/vendor/github.com/cilium/ebpf/internal/endian_le.go index fde4c55a6f5..9488e301bfe 100644 --- a/vendor/github.com/cilium/ebpf/internal/endian_le.go +++ b/vendor/github.com/cilium/ebpf/internal/endian_le.go @@ -6,7 +6,7 @@ import "encoding/binary" // NativeEndian is set to either binary.BigEndian or binary.LittleEndian, // depending on the host's endianness. -var NativeEndian binary.ByteOrder = binary.LittleEndian +var NativeEndian = binary.LittleEndian // ClangEndian is set to either "el" or "eb" depending on the host's endianness. const ClangEndian = "el" diff --git a/vendor/github.com/cilium/ebpf/internal/sys/syscall.go b/vendor/github.com/cilium/ebpf/internal/sys/syscall.go index 4fae04db5d8..088e82eea2a 100644 --- a/vendor/github.com/cilium/ebpf/internal/sys/syscall.go +++ b/vendor/github.com/cilium/ebpf/internal/sys/syscall.go @@ -11,7 +11,7 @@ import ( // ENOTSUPP is a Linux internal error code that has leaked into UAPI. // // It is not the same as ENOTSUP or EOPNOTSUPP. -var ENOTSUPP = syscall.Errno(524) +const ENOTSUPP = syscall.Errno(524) // BPF wraps SYS_BPF. // @@ -123,7 +123,7 @@ type TypeID uint32 // MapFlags control map behaviour. type MapFlags uint32 -//go:generate stringer -type MapFlags +//go:generate go run golang.org/x/tools/cmd/stringer@latest -type MapFlags const ( BPF_F_NO_PREALLOC MapFlags = 1 << iota diff --git a/vendor/github.com/cilium/ebpf/internal/sys/types.go b/vendor/github.com/cilium/ebpf/internal/sys/types.go index 2af7759e5a3..b7e3244adf6 100644 --- a/vendor/github.com/cilium/ebpf/internal/sys/types.go +++ b/vendor/github.com/cilium/ebpf/internal/sys/types.go @@ -59,7 +59,8 @@ const ( BPF_SK_REUSEPORT_SELECT_OR_MIGRATE AttachType = 40 BPF_PERF_EVENT AttachType = 41 BPF_TRACE_KPROBE_MULTI AttachType = 42 - __MAX_BPF_ATTACH_TYPE AttachType = 43 + BPF_LSM_CGROUP AttachType = 43 + __MAX_BPF_ATTACH_TYPE AttachType = 44 ) type Cmd uint32 @@ -311,7 +312,13 @@ const ( BPF_FUNC_dynptr_read FunctionId = 201 BPF_FUNC_dynptr_write FunctionId = 202 BPF_FUNC_dynptr_data FunctionId = 203 - __BPF_FUNC_MAX_ID FunctionId = 204 + BPF_FUNC_tcp_raw_gen_syncookie_ipv4 FunctionId = 204 + BPF_FUNC_tcp_raw_gen_syncookie_ipv6 FunctionId = 205 + BPF_FUNC_tcp_raw_check_syncookie_ipv4 FunctionId = 206 + BPF_FUNC_tcp_raw_check_syncookie_ipv6 FunctionId = 207 + BPF_FUNC_ktime_get_tai_ns FunctionId = 208 + BPF_FUNC_user_ringbuf_drain FunctionId = 209 + __BPF_FUNC_MAX_ID FunctionId = 210 ) type HdrStartOff uint32 @@ -371,6 +378,7 @@ const ( BPF_MAP_TYPE_INODE_STORAGE MapType = 28 BPF_MAP_TYPE_TASK_STORAGE MapType = 29 BPF_MAP_TYPE_BLOOM_FILTER MapType = 30 + BPF_MAP_TYPE_USER_RINGBUF MapType = 31 ) type ProgType uint32 @@ -413,10 +421,11 @@ const ( type RetCode uint32 const ( - BPF_OK RetCode = 0 - BPF_DROP RetCode = 2 - BPF_REDIRECT RetCode = 7 - BPF_LWT_REROUTE RetCode = 128 + BPF_OK RetCode = 0 + BPF_DROP RetCode = 2 + BPF_REDIRECT RetCode = 7 + BPF_LWT_REROUTE RetCode = 128 + BPF_FLOW_DISSECTOR_CONTINUE RetCode = 129 ) type SkAction uint32 @@ -476,7 +485,7 @@ type LinkInfo struct { Id LinkID ProgId uint32 _ [4]byte - Extra [16]uint8 + Extra [32]uint8 } type MapInfo struct { @@ -521,10 +530,10 @@ type ProgInfo struct { JitedFuncLens uint64 BtfId BTFID FuncInfoRecSize uint32 - FuncInfo uint64 + FuncInfo Pointer NrFuncInfo uint32 NrLineInfo uint32 - LineInfo uint64 + LineInfo Pointer JitedLineInfo uint64 NrJitedLineInfo uint32 LineInfoRecSize uint32 @@ -535,6 +544,8 @@ type ProgInfo struct { RunCnt uint64 RecursionMisses uint64 VerifiedInsns uint32 + AttachBtfObjId BTFID + AttachBtfId TypeID _ [4]byte } @@ -1034,13 +1045,14 @@ func ProgLoad(attr *ProgLoadAttr) (*FD, error) { } type ProgQueryAttr struct { - TargetFd uint32 - AttachType AttachType - QueryFlags uint32 - AttachFlags uint32 - ProgIds Pointer - ProgCount uint32 - _ [4]byte + TargetFd uint32 + AttachType AttachType + QueryFlags uint32 + AttachFlags uint32 + ProgIds Pointer + ProgCount uint32 + _ [4]byte + ProgAttachFlags uint64 } func ProgQuery(attr *ProgQueryAttr) error { diff --git a/vendor/github.com/cilium/ebpf/internal/sysenc/buffer.go b/vendor/github.com/cilium/ebpf/internal/sysenc/buffer.go new file mode 100644 index 00000000000..c6959d9cc97 --- /dev/null +++ b/vendor/github.com/cilium/ebpf/internal/sysenc/buffer.go @@ -0,0 +1,77 @@ +package sysenc + +import ( + "unsafe" + + "github.com/cilium/ebpf/internal/sys" +) + +type Buffer struct { + ptr unsafe.Pointer + // Size of the buffer. syscallPointerOnly if created from UnsafeBuffer or when using + // zero-copy unmarshaling. + size int +} + +const syscallPointerOnly = -1 + +func newBuffer(buf []byte) Buffer { + if len(buf) == 0 { + return Buffer{} + } + return Buffer{unsafe.Pointer(&buf[0]), len(buf)} +} + +// UnsafeBuffer constructs a Buffer for zero-copy unmarshaling. +// +// [Pointer] is the only valid method to call on such a Buffer. +// Use [SyscallBuffer] instead if possible. +func UnsafeBuffer(ptr unsafe.Pointer) Buffer { + return Buffer{ptr, syscallPointerOnly} +} + +// SyscallOutput prepares a Buffer for a syscall to write into. +// +// The buffer may point at the underlying memory of dst, in which case [Unmarshal] +// becomes a no-op. +// +// The contents of the buffer are undefined and may be non-zero. +func SyscallOutput(dst any, size int) Buffer { + if dstBuf := unsafeBackingMemory(dst); len(dstBuf) == size { + buf := newBuffer(dstBuf) + buf.size = syscallPointerOnly + return buf + } + + return newBuffer(make([]byte, size)) +} + +// CopyTo copies the buffer into dst. +// +// Returns the number of copied bytes. +func (b Buffer) CopyTo(dst []byte) int { + return copy(dst, b.unsafeBytes()) +} + +// Pointer returns the location where a syscall should write. +func (b Buffer) Pointer() sys.Pointer { + // NB: This deliberately ignores b.length to support zero-copy + // marshaling / unmarshaling using unsafe.Pointer. + return sys.NewPointer(b.ptr) +} + +// Unmarshal the buffer into the provided value. +func (b Buffer) Unmarshal(data any) error { + if b.size == syscallPointerOnly { + return nil + } + + return Unmarshal(data, b.unsafeBytes()) +} + +func (b Buffer) unsafeBytes() []byte { + if b.size == syscallPointerOnly { + return nil + } + return unsafe.Slice((*byte)(b.ptr), b.size) +} diff --git a/vendor/github.com/cilium/ebpf/internal/sysenc/doc.go b/vendor/github.com/cilium/ebpf/internal/sysenc/doc.go new file mode 100644 index 00000000000..676ad98ba1b --- /dev/null +++ b/vendor/github.com/cilium/ebpf/internal/sysenc/doc.go @@ -0,0 +1,3 @@ +// Package sysenc provides efficient conversion of Go values to system +// call interfaces. +package sysenc diff --git a/vendor/github.com/cilium/ebpf/internal/sysenc/layout.go b/vendor/github.com/cilium/ebpf/internal/sysenc/layout.go new file mode 100644 index 00000000000..52d111e7aff --- /dev/null +++ b/vendor/github.com/cilium/ebpf/internal/sysenc/layout.go @@ -0,0 +1,41 @@ +// Copyright 2009 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found at https://go.dev/LICENSE. + +package sysenc + +import ( + "reflect" + "sync" +) + +var hasUnexportedFieldsCache sync.Map // map[reflect.Type]bool + +func hasUnexportedFields(typ reflect.Type) bool { + switch typ.Kind() { + case reflect.Slice, reflect.Array, reflect.Pointer: + return hasUnexportedFields(typ.Elem()) + + case reflect.Struct: + if unexported, ok := hasUnexportedFieldsCache.Load(typ); ok { + return unexported.(bool) + } + + unexported := false + for i, n := 0, typ.NumField(); i < n; i++ { + field := typ.Field(i) + // Package binary allows _ fields but always writes zeroes into them. + if (!field.IsExported() && field.Name != "_") || hasUnexportedFields(field.Type) { + unexported = true + break + } + } + + hasUnexportedFieldsCache.Store(typ, unexported) + return unexported + + default: + // NB: It's not clear what this means for Chan and so on. + return false + } +} diff --git a/vendor/github.com/cilium/ebpf/internal/sysenc/marshal.go b/vendor/github.com/cilium/ebpf/internal/sysenc/marshal.go new file mode 100644 index 00000000000..235a1df2640 --- /dev/null +++ b/vendor/github.com/cilium/ebpf/internal/sysenc/marshal.go @@ -0,0 +1,163 @@ +package sysenc + +import ( + "bytes" + "encoding" + "encoding/binary" + "errors" + "fmt" + "reflect" + "sync" + "unsafe" + + "github.com/cilium/ebpf/internal" +) + +// Marshal turns data into a byte slice using the system's native endianness. +// +// If possible, avoids allocations by directly using the backing memory +// of data. This means that the variable must not be modified for the lifetime +// of the returned [Buffer]. +// +// Returns an error if the data can't be turned into a byte slice according to +// the behaviour of [binary.Write]. +func Marshal(data any, size int) (Buffer, error) { + if data == nil { + return Buffer{}, errors.New("can't marshal a nil value") + } + + var buf []byte + var err error + switch value := data.(type) { + case encoding.BinaryMarshaler: + buf, err = value.MarshalBinary() + case string: + buf = unsafe.Slice(unsafe.StringData(value), len(value)) + case []byte: + buf = value + case int16: + buf = internal.NativeEndian.AppendUint16(make([]byte, 0, 2), uint16(value)) + case uint16: + buf = internal.NativeEndian.AppendUint16(make([]byte, 0, 2), value) + case int32: + buf = internal.NativeEndian.AppendUint32(make([]byte, 0, 4), uint32(value)) + case uint32: + buf = internal.NativeEndian.AppendUint32(make([]byte, 0, 4), value) + case int64: + buf = internal.NativeEndian.AppendUint64(make([]byte, 0, 8), uint64(value)) + case uint64: + buf = internal.NativeEndian.AppendUint64(make([]byte, 0, 8), value) + default: + if buf := unsafeBackingMemory(data); len(buf) == size { + return newBuffer(buf), nil + } + + wr := internal.NewBuffer(make([]byte, 0, size)) + defer internal.PutBuffer(wr) + + err = binary.Write(wr, internal.NativeEndian, value) + buf = wr.Bytes() + } + if err != nil { + return Buffer{}, err + } + + if len(buf) != size { + return Buffer{}, fmt.Errorf("%T doesn't marshal to %d bytes", data, size) + } + + return newBuffer(buf), nil +} + +var bytesReaderPool = sync.Pool{ + New: func() interface{} { + return new(bytes.Reader) + }, +} + +// Unmarshal a byte slice in the system's native endianness into data. +// +// Returns an error if buf can't be unmarshalled according to the behaviour +// of [binary.Read]. +func Unmarshal(data interface{}, buf []byte) error { + switch value := data.(type) { + case encoding.BinaryUnmarshaler: + return value.UnmarshalBinary(buf) + + case *string: + *value = string(buf) + return nil + + default: + if dataBuf := unsafeBackingMemory(data); len(dataBuf) == len(buf) { + copy(dataBuf, buf) + return nil + } + + rd := bytesReaderPool.Get().(*bytes.Reader) + defer bytesReaderPool.Put(rd) + + rd.Reset(buf) + + return binary.Read(rd, internal.NativeEndian, value) + } +} + +// unsafeBackingMemory returns the backing memory of data if it can be used +// instead of calling into package binary. +// +// Returns nil if the value is not a pointer or a slice, or if it contains +// padding or unexported fields. +func unsafeBackingMemory(data any) []byte { + if data == nil { + return nil + } + + value := reflect.ValueOf(data) + var valueSize int + switch value.Kind() { + case reflect.Pointer: + if value.IsNil() { + return nil + } + + if elemType := value.Type().Elem(); elemType.Kind() != reflect.Slice { + valueSize = int(elemType.Size()) + break + } + + // We're dealing with a pointer to a slice. Dereference and + // handle it like a regular slice. + value = value.Elem() + fallthrough + + case reflect.Slice: + valueSize = int(value.Type().Elem().Size()) * value.Len() + + default: + // Prevent Value.UnsafePointer from panicking. + return nil + } + + // Some nil pointer types currently crash binary.Size. Call it after our own + // code so that the panic isn't reachable. + // See https://github.com/golang/go/issues/60892 + if size := binary.Size(data); size == -1 || size != valueSize { + // The type contains padding or unsupported types. + return nil + } + + if hasUnexportedFields(reflect.TypeOf(data)) { + return nil + } + + // Reinterpret the pointer as a byte slice. This violates the unsafe.Pointer + // rules because it's very unlikely that the source data has "an equivalent + // memory layout". However, we can make it safe-ish because of the + // following reasons: + // - There is no alignment mismatch since we cast to a type with an + // alignment of 1. + // - There are no pointers in the source type so we don't upset the GC. + // - The length is verified at runtime. + return unsafe.Slice((*byte)(value.UnsafePointer()), valueSize) +} diff --git a/vendor/github.com/cilium/ebpf/internal/tracefs/kprobe.go b/vendor/github.com/cilium/ebpf/internal/tracefs/kprobe.go index 4059a099b08..1b45a9a7427 100644 --- a/vendor/github.com/cilium/ebpf/internal/tracefs/kprobe.go +++ b/vendor/github.com/cilium/ebpf/internal/tracefs/kprobe.go @@ -20,7 +20,7 @@ var ( ErrInvalidMaxActive = errors.New("can only set maxactive on kretprobes") ) -//go:generate stringer -type=ProbeType -linecomment +//go:generate go run golang.org/x/tools/cmd/stringer@latest -type=ProbeType -linecomment type ProbeType uint8 diff --git a/vendor/github.com/cilium/ebpf/internal/unix/types_linux.go b/vendor/github.com/cilium/ebpf/internal/unix/types_linux.go index 7c9705919a3..51ed7d0597e 100644 --- a/vendor/github.com/cilium/ebpf/internal/unix/types_linux.go +++ b/vendor/github.com/cilium/ebpf/internal/unix/types_linux.go @@ -85,6 +85,8 @@ const ( BPF_FS_MAGIC = linux.BPF_FS_MAGIC TRACEFS_MAGIC = linux.TRACEFS_MAGIC DEBUGFS_MAGIC = linux.DEBUGFS_MAGIC + BPF_RB_NO_WAKEUP = linux.BPF_RB_NO_WAKEUP + BPF_RB_FORCE_WAKEUP = linux.BPF_RB_FORCE_WAKEUP ) type Statfs_t = linux.Statfs_t diff --git a/vendor/github.com/cilium/ebpf/internal/unix/types_other.go b/vendor/github.com/cilium/ebpf/internal/unix/types_other.go index 5e86b5052a1..1760e9e796b 100644 --- a/vendor/github.com/cilium/ebpf/internal/unix/types_other.go +++ b/vendor/github.com/cilium/ebpf/internal/unix/types_other.go @@ -89,6 +89,8 @@ const ( BPF_FS_MAGIC TRACEFS_MAGIC DEBUGFS_MAGIC + BPF_RB_NO_WAKEUP + BPF_RB_FORCE_WAKEUP ) type Statfs_t struct { diff --git a/vendor/github.com/cilium/ebpf/link/iter.go b/vendor/github.com/cilium/ebpf/link/iter.go index d2b32ef331c..0a39faef883 100644 --- a/vendor/github.com/cilium/ebpf/link/iter.go +++ b/vendor/github.com/cilium/ebpf/link/iter.go @@ -25,10 +25,6 @@ type IterOptions struct { // AttachIter attaches a BPF seq_file iterator. func AttachIter(opts IterOptions) (*Iter, error) { - if err := haveBPFLink(); err != nil { - return nil, err - } - progFd := opts.Program.FD() if progFd < 0 { return nil, fmt.Errorf("invalid program: %s", sys.ErrClosedFd) @@ -52,6 +48,9 @@ func AttachIter(opts IterOptions) (*Iter, error) { fd, err := sys.LinkCreateIter(&attr) if err != nil { + if haveFeatErr := haveBPFLink(); haveFeatErr != nil { + return nil, haveFeatErr + } return nil, fmt.Errorf("can't link iterator: %w", err) } diff --git a/vendor/github.com/cilium/ebpf/link/kprobe_multi.go b/vendor/github.com/cilium/ebpf/link/kprobe_multi.go index 697c6d7362a..4d364d80ebc 100644 --- a/vendor/github.com/cilium/ebpf/link/kprobe_multi.go +++ b/vendor/github.com/cilium/ebpf/link/kprobe_multi.go @@ -82,10 +82,6 @@ func kprobeMulti(prog *ebpf.Program, opts KprobeMultiOptions, flags uint32) (Lin return nil, fmt.Errorf("Cookies must be exactly Symbols or Addresses in length: %w", errInvalidInput) } - if err := haveBPFLinkKprobeMulti(); err != nil { - return nil, err - } - attr := &sys.LinkCreateKprobeMultiAttr{ ProgFd: uint32(prog.FD()), AttachType: sys.BPF_TRACE_KPROBE_MULTI, @@ -113,7 +109,11 @@ func kprobeMulti(prog *ebpf.Program, opts KprobeMultiOptions, flags uint32) (Lin if errors.Is(err, unix.EINVAL) { return nil, fmt.Errorf("%w (missing kernel symbol or prog's AttachType not AttachTraceKprobeMulti?)", err) } + if err != nil { + if haveFeatErr := haveBPFLinkKprobeMulti(); haveFeatErr != nil { + return nil, haveFeatErr + } return nil, err } diff --git a/vendor/github.com/cilium/ebpf/link/program.go b/vendor/github.com/cilium/ebpf/link/program.go index ea31817377f..053735a6773 100644 --- a/vendor/github.com/cilium/ebpf/link/program.go +++ b/vendor/github.com/cilium/ebpf/link/program.go @@ -25,10 +25,6 @@ type RawAttachProgramOptions struct { // You should use one of the higher level abstractions available in this // package if possible. func RawAttachProgram(opts RawAttachProgramOptions) error { - if err := haveProgAttach(); err != nil { - return err - } - var replaceFd uint32 if opts.Replace != nil { replaceFd = uint32(opts.Replace.FD()) @@ -43,8 +39,12 @@ func RawAttachProgram(opts RawAttachProgramOptions) error { } if err := sys.ProgAttach(&attr); err != nil { + if haveFeatErr := haveProgAttach(); haveFeatErr != nil { + return haveFeatErr + } return fmt.Errorf("can't attach program: %w", err) } + return nil } @@ -59,16 +59,15 @@ type RawDetachProgramOptions struct { // You should use one of the higher level abstractions available in this // package if possible. func RawDetachProgram(opts RawDetachProgramOptions) error { - if err := haveProgAttach(); err != nil { - return err - } - attr := sys.ProgDetachAttr{ TargetFd: uint32(opts.Target), AttachBpfFd: uint32(opts.Program.FD()), AttachType: uint32(opts.Attach), } if err := sys.ProgDetach(&attr); err != nil { + if haveFeatErr := haveProgAttach(); haveFeatErr != nil { + return haveFeatErr + } return fmt.Errorf("can't detach program: %w", err) } diff --git a/vendor/github.com/cilium/ebpf/link/syscalls.go b/vendor/github.com/cilium/ebpf/link/syscalls.go index c9c998c2014..012970ec78e 100644 --- a/vendor/github.com/cilium/ebpf/link/syscalls.go +++ b/vendor/github.com/cilium/ebpf/link/syscalls.go @@ -60,9 +60,11 @@ var haveProgAttachReplace = internal.NewFeatureTest("BPF_PROG_ATTACH atomic repl asm.Return(), }, }) + if err != nil { return internal.ErrNotSupported } + defer prog.Close() // We know that we have BPF_PROG_ATTACH since we can load CGroupSKB programs. @@ -113,11 +115,12 @@ var haveProgQuery = internal.NewFeatureTest("BPF_PROG_QUERY", "4.15", func() err } err := sys.ProgQuery(&attr) - if errors.Is(err, unix.EINVAL) { - return internal.ErrNotSupported - } + if errors.Is(err, unix.EBADF) { return nil } - return err + if err != nil { + return ErrNotSupported + } + return errors.New("syscall succeeded unexpectedly") }) diff --git a/vendor/github.com/cilium/ebpf/link/uprobe.go b/vendor/github.com/cilium/ebpf/link/uprobe.go index 272bac4151d..83977e0e54d 100644 --- a/vendor/github.com/cilium/ebpf/link/uprobe.go +++ b/vendor/github.com/cilium/ebpf/link/uprobe.go @@ -18,9 +18,12 @@ var ( uprobeRefCtrOffsetShift = 32 haveRefCtrOffsetPMU = internal.NewFeatureTest("RefCtrOffsetPMU", "4.20", func() error { _, err := os.Stat(uprobeRefCtrOffsetPMUPath) - if err != nil { + if errors.Is(err, os.ErrNotExist) { return internal.ErrNotSupported } + if err != nil { + return err + } return nil }) diff --git a/vendor/github.com/cilium/ebpf/linker.go b/vendor/github.com/cilium/ebpf/linker.go index e0dbfcffd37..b653b805e6b 100644 --- a/vendor/github.com/cilium/ebpf/linker.go +++ b/vendor/github.com/cilium/ebpf/linker.go @@ -40,10 +40,12 @@ func (hs handles) fdArray() []int32 { return fda } -func (hs handles) close() { - for _, h := range hs { - h.Close() +func (hs *handles) Close() error { + var errs []error + for _, h := range *hs { + errs = append(errs, h.Close()) } + return errors.Join(errs...) } // splitSymbols splits insns into subsections delimited by Symbol Instructions. @@ -231,7 +233,13 @@ func fixupAndValidate(insns asm.Instructions) error { // fixupKfuncs loops over all instructions in search for kfunc calls. // If at least one is found, the current kernels BTF and module BTFis are searched to set Instruction.Constant // and Instruction.Offset to the correct values. -func fixupKfuncs(insns asm.Instructions) (handles, error) { +func fixupKfuncs(insns asm.Instructions) (_ handles, err error) { + closeOnError := func(c io.Closer) { + if err != nil { + c.Close() + } + } + iter := insns.Iterate() for iter.Next() { ins := iter.Ins @@ -250,6 +258,8 @@ fixups: } fdArray := make(handles, 0) + defer closeOnError(&fdArray) + for { ins := iter.Ins @@ -276,6 +286,11 @@ fixups: return nil, err } + idx, err := fdArray.add(module) + if err != nil { + return nil, err + } + if err := btf.CheckTypeCompatibility(kfm.Type, target.(*btf.Func).Type); err != nil { return nil, &incompatibleKfuncError{kfm.Name, err} } @@ -285,11 +300,6 @@ fixups: return nil, err } - idx, err := fdArray.add(module) - if err != nil { - return nil, err - } - ins.Constant = int64(id) ins.Offset = int16(idx) diff --git a/vendor/github.com/cilium/ebpf/map.go b/vendor/github.com/cilium/ebpf/map.go index a11664cc72d..be732a24fa6 100644 --- a/vendor/github.com/cilium/ebpf/map.go +++ b/vendor/github.com/cilium/ebpf/map.go @@ -15,6 +15,7 @@ import ( "github.com/cilium/ebpf/btf" "github.com/cilium/ebpf/internal" "github.com/cilium/ebpf/internal/sys" + "github.com/cilium/ebpf/internal/sysenc" "github.com/cilium/ebpf/internal/unix" ) @@ -102,26 +103,55 @@ func (ms *MapSpec) Copy() *MapSpec { return &cpy } -func (ms *MapSpec) clampPerfEventArraySize() error { - if ms.Type != PerfEventArray { - return nil - } +// fixupMagicFields fills fields of MapSpec which are usually +// left empty in ELF or which depend on runtime information. +// +// The method doesn't modify Spec, instead returning a copy. +// The copy is only performed if fixups are necessary, so callers mustn't mutate +// the returned spec. +func (spec *MapSpec) fixupMagicFields() (*MapSpec, error) { + switch spec.Type { + case ArrayOfMaps, HashOfMaps: + if spec.ValueSize != 0 && spec.ValueSize != 4 { + return nil, errors.New("ValueSize must be zero or four for map of map") + } - n, err := internal.PossibleCPUs() - if err != nil { - return fmt.Errorf("perf event array: %w", err) - } + spec = spec.Copy() + spec.ValueSize = 4 - if n := uint32(n); ms.MaxEntries > n { - ms.MaxEntries = n + case PerfEventArray: + if spec.KeySize != 0 && spec.KeySize != 4 { + return nil, errors.New("KeySize must be zero or four for perf event array") + } + + if spec.ValueSize != 0 && spec.ValueSize != 4 { + return nil, errors.New("ValueSize must be zero or four for perf event array") + } + + spec = spec.Copy() + spec.KeySize = 4 + spec.ValueSize = 4 + + n, err := internal.PossibleCPUs() + if err != nil { + return nil, fmt.Errorf("fixup perf event array: %w", err) + } + + if n := uint32(n); spec.MaxEntries == 0 || spec.MaxEntries > n { + // MaxEntries should be zero most of the time, but there is code + // out there which hardcodes large constants. Clamp the number + // of entries to the number of CPUs at most. Allow creating maps with + // less than n items since some kernel selftests relied on this + // behaviour in the past. + spec.MaxEntries = n + } } - return nil + return spec, nil } // dataSection returns the contents and BTF Datasec descriptor of the spec. func (ms *MapSpec) dataSection() ([]byte, *btf.Datasec, error) { - if ms.Value == nil { return nil, nil, errMapNoBTFValue } @@ -155,6 +185,11 @@ type MapKV struct { // // Returns an error wrapping [ErrMapIncompatible] otherwise. func (ms *MapSpec) Compatible(m *Map) error { + ms, err := ms.fixupMagicFields() + if err != nil { + return err + } + switch { case m.typ != ms.Type: return fmt.Errorf("expected type %v, got %v: %w", ms.Type, m.typ, ErrMapIncompatible) @@ -165,8 +200,7 @@ func (ms *MapSpec) Compatible(m *Map) error { case m.valueSize != ms.ValueSize: return fmt.Errorf("expected value size %v, got %v: %w", ms.ValueSize, m.valueSize, ErrMapIncompatible) - case !(ms.Type == PerfEventArray && ms.MaxEntries == 0) && - m.maxEntries != ms.MaxEntries: + case m.maxEntries != ms.MaxEntries: return fmt.Errorf("expected max entries %v, got %v: %w", ms.MaxEntries, m.maxEntries, ErrMapIncompatible) // BPF_F_RDONLY_PROG is set unconditionally for devmaps. Explicitly allow @@ -350,60 +384,9 @@ func (spec *MapSpec) createMap(inner *sys.FD, opts MapOptions) (_ *Map, err erro } } - switch spec.Type { - case ArrayOfMaps, HashOfMaps: - if err := haveNestedMaps(); err != nil { - return nil, err - } - - if spec.ValueSize != 0 && spec.ValueSize != 4 { - return nil, errors.New("ValueSize must be zero or four for map of map") - } - - spec = spec.Copy() - spec.ValueSize = 4 - - case PerfEventArray: - if spec.KeySize != 0 && spec.KeySize != 4 { - return nil, errors.New("KeySize must be zero or four for perf event array") - } - - if spec.ValueSize != 0 && spec.ValueSize != 4 { - return nil, errors.New("ValueSize must be zero or four for perf event array") - } - - spec = spec.Copy() - spec.KeySize = 4 - spec.ValueSize = 4 - - if spec.MaxEntries == 0 { - n, err := internal.PossibleCPUs() - if err != nil { - return nil, fmt.Errorf("perf event array: %w", err) - } - spec.MaxEntries = uint32(n) - } - } - - if spec.Flags&(unix.BPF_F_RDONLY_PROG|unix.BPF_F_WRONLY_PROG) > 0 || spec.Freeze { - if err := haveMapMutabilityModifiers(); err != nil { - return nil, fmt.Errorf("map create: %w", err) - } - } - if spec.Flags&unix.BPF_F_MMAPABLE > 0 { - if err := haveMmapableMaps(); err != nil { - return nil, fmt.Errorf("map create: %w", err) - } - } - if spec.Flags&unix.BPF_F_INNER_MAP > 0 { - if err := haveInnerMaps(); err != nil { - return nil, fmt.Errorf("map create: %w", err) - } - } - if spec.Flags&unix.BPF_F_NO_PREALLOC > 0 { - if err := haveNoPreallocMaps(); err != nil { - return nil, fmt.Errorf("map create: %w", err) - } + spec, err = spec.fixupMagicFields() + if err != nil { + return nil, err } attr := sys.MapCreateAttr{ @@ -440,36 +423,70 @@ func (spec *MapSpec) createMap(inner *sys.FD, opts MapOptions) (_ *Map, err erro } fd, err := sys.MapCreate(&attr) + // Some map types don't support BTF k/v in earlier kernel versions. // Remove BTF metadata and retry map creation. if (errors.Is(err, sys.ENOTSUPP) || errors.Is(err, unix.EINVAL)) && attr.BtfFd != 0 { attr.BtfFd, attr.BtfKeyTypeId, attr.BtfValueTypeId = 0, 0, 0 fd, err = sys.MapCreate(&attr) } + if err != nil { + return nil, handleMapCreateError(attr, spec, err) + } + defer closeOnError(fd) + m, err := newMap(fd, spec.Name, spec.Type, spec.KeySize, spec.ValueSize, spec.MaxEntries, spec.Flags) if err != nil { - if errors.Is(err, unix.EPERM) { - return nil, fmt.Errorf("map create: %w (MEMLOCK may be too low, consider rlimit.RemoveMemlock)", err) + return nil, fmt.Errorf("map create: %w", err) + } + return m, nil +} + +func handleMapCreateError(attr sys.MapCreateAttr, spec *MapSpec, err error) error { + if errors.Is(err, unix.EPERM) { + return fmt.Errorf("map create: %w (MEMLOCK may be too low, consider rlimit.RemoveMemlock)", err) + } + if errors.Is(err, unix.EINVAL) && spec.MaxEntries == 0 { + return fmt.Errorf("map create: %w (MaxEntries may be incorrectly set to zero)", err) + } + if errors.Is(err, unix.EINVAL) && spec.Type == UnspecifiedMap { + return fmt.Errorf("map create: cannot use type %s", UnspecifiedMap) + } + if errors.Is(err, unix.EINVAL) && spec.Flags&unix.BPF_F_NO_PREALLOC > 0 { + return fmt.Errorf("map create: %w (noPrealloc flag may be incompatible with map type %s)", err, spec.Type) + } + + switch spec.Type { + case ArrayOfMaps, HashOfMaps: + if haveFeatErr := haveNestedMaps(); haveFeatErr != nil { + return fmt.Errorf("map create: %w", haveFeatErr) } - if errors.Is(err, unix.EINVAL) && attr.MaxEntries == 0 { - return nil, fmt.Errorf("map create: %w (MaxEntries may be incorrectly set to zero)", err) + } + if spec.Flags&(unix.BPF_F_RDONLY_PROG|unix.BPF_F_WRONLY_PROG) > 0 || spec.Freeze { + if haveFeatErr := haveMapMutabilityModifiers(); haveFeatErr != nil { + return fmt.Errorf("map create: %w", haveFeatErr) } - if errors.Is(err, unix.EINVAL) && spec.Type == UnspecifiedMap { - return nil, fmt.Errorf("map create: cannot use type %s", UnspecifiedMap) + } + if spec.Flags&unix.BPF_F_MMAPABLE > 0 { + if haveFeatErr := haveMmapableMaps(); haveFeatErr != nil { + return fmt.Errorf("map create: %w", haveFeatErr) } - if attr.BtfFd == 0 { - return nil, fmt.Errorf("map create: %w (without BTF k/v)", err) + } + if spec.Flags&unix.BPF_F_INNER_MAP > 0 { + if haveFeatErr := haveInnerMaps(); haveFeatErr != nil { + return fmt.Errorf("map create: %w", haveFeatErr) } - return nil, fmt.Errorf("map create: %w", err) } - defer closeOnError(fd) - - m, err := newMap(fd, spec.Name, spec.Type, spec.KeySize, spec.ValueSize, spec.MaxEntries, spec.Flags) - if err != nil { - return nil, fmt.Errorf("map create: %w", err) + if spec.Flags&unix.BPF_F_NO_PREALLOC > 0 { + if haveFeatErr := haveNoPreallocMaps(); haveFeatErr != nil { + return fmt.Errorf("map create: %w", haveFeatErr) + } + } + if attr.BtfFd == 0 { + return fmt.Errorf("map create: %w (without BTF k/v)", err) } - return m, nil + return fmt.Errorf("map create: %w", err) } // newMap allocates and returns a new Map structure. @@ -568,8 +585,8 @@ func (m *Map) LookupWithFlags(key, valueOut interface{}, flags MapLookupFlags) e return m.lookupPerCPU(key, valueOut, flags) } - valuePtr, valueBytes := makeBuffer(valueOut, m.fullValueSize) - if err := m.lookup(key, valuePtr, flags); err != nil { + valueBytes := makeMapSyscallOutput(valueOut, m.fullValueSize) + if err := m.lookup(key, valueBytes.Pointer(), flags); err != nil { return err } @@ -595,8 +612,8 @@ func (m *Map) LookupAndDeleteWithFlags(key, valueOut interface{}, flags MapLooku return m.lookupAndDeletePerCPU(key, valueOut, flags) } - valuePtr, valueBytes := makeBuffer(valueOut, m.fullValueSize) - if err := m.lookupAndDelete(key, valuePtr, flags); err != nil { + valueBytes := makeMapSyscallOutput(valueOut, m.fullValueSize) + if err := m.lookupAndDelete(key, valueBytes.Pointer(), flags); err != nil { return err } return m.unmarshalValue(valueOut, valueBytes) @@ -764,13 +781,13 @@ func (m *Map) Delete(key interface{}) error { // // Returns ErrKeyNotExist if there is no next key. func (m *Map) NextKey(key, nextKeyOut interface{}) error { - nextKeyPtr, nextKeyBytes := makeBuffer(nextKeyOut, int(m.keySize)) + nextKeyBytes := makeMapSyscallOutput(nextKeyOut, int(m.keySize)) - if err := m.nextKey(key, nextKeyPtr); err != nil { + if err := m.nextKey(key, nextKeyBytes.Pointer()); err != nil { return err } - if err := m.unmarshalKey(nextKeyOut, nextKeyBytes); err != nil { + if err := nextKeyBytes.Unmarshal(nextKeyOut); err != nil { return fmt.Errorf("can't unmarshal next key: %w", err) } return nil @@ -941,14 +958,14 @@ func (m *Map) batchLookup(cmd sys.Cmd, startKey, nextKeyOut, keysOut, valuesOut keyPtr := sys.NewSlicePointer(keyBuf) valueBuf := make([]byte, count*int(m.fullValueSize)) valuePtr := sys.NewSlicePointer(valueBuf) - nextPtr, nextBuf := makeBuffer(nextKeyOut, int(m.keySize)) + nextBuf := makeMapSyscallOutput(nextKeyOut, int(m.keySize)) attr := sys.MapLookupBatchAttr{ MapFd: m.fd.Uint(), Keys: keyPtr, Values: valuePtr, Count: uint32(count), - OutBatch: nextPtr, + OutBatch: nextBuf.Pointer(), } if opts != nil { @@ -958,7 +975,7 @@ func (m *Map) batchLookup(cmd sys.Cmd, startKey, nextKeyOut, keysOut, valuesOut var err error if startKey != nil { - attr.InBatch, err = marshalPtr(startKey, int(m.keySize)) + attr.InBatch, err = marshalMapSyscallInput(startKey, int(m.keySize)) if err != nil { return 0, err } @@ -970,15 +987,15 @@ func (m *Map) batchLookup(cmd sys.Cmd, startKey, nextKeyOut, keysOut, valuesOut return 0, sysErr } - err = m.unmarshalKey(nextKeyOut, nextBuf) + err = nextBuf.Unmarshal(nextKeyOut) if err != nil { return 0, err } - err = unmarshalBytes(keysOut, keyBuf) + err = sysenc.Unmarshal(keysOut, keyBuf) if err != nil { return 0, err } - err = unmarshalBytes(valuesOut, valueBuf) + err = sysenc.Unmarshal(valuesOut, valueBuf) if err != nil { return 0, err } @@ -991,9 +1008,6 @@ func (m *Map) batchLookup(cmd sys.Cmd, startKey, nextKeyOut, keysOut, valuesOut // "keys" and "values" must be of type slice, a pointer // to a slice or buffer will not work. func (m *Map) BatchUpdate(keys, values interface{}, opts *BatchOptions) (int, error) { - if err := haveBatchAPI(); err != nil { - return 0, err - } if m.typ.hasPerCPUValue() { return 0, ErrNotSupported } @@ -1013,11 +1027,11 @@ func (m *Map) BatchUpdate(keys, values interface{}, opts *BatchOptions) (int, er if count != valuesValue.Len() { return 0, fmt.Errorf("keys and values must be the same length") } - keyPtr, err := marshalPtr(keys, count*int(m.keySize)) + keyPtr, err := marshalMapSyscallInput(keys, count*int(m.keySize)) if err != nil { return 0, err } - valuePtr, err = marshalPtr(values, count*int(m.valueSize)) + valuePtr, err = marshalMapSyscallInput(values, count*int(m.valueSize)) if err != nil { return 0, err } @@ -1035,6 +1049,9 @@ func (m *Map) BatchUpdate(keys, values interface{}, opts *BatchOptions) (int, er err = sys.MapUpdateBatch(&attr) if err != nil { + if haveFeatErr := haveBatchAPI(); haveFeatErr != nil { + return 0, haveFeatErr + } return int(attr.Count), fmt.Errorf("batch update: %w", wrapMapError(err)) } @@ -1044,9 +1061,6 @@ func (m *Map) BatchUpdate(keys, values interface{}, opts *BatchOptions) (int, er // BatchDelete batch deletes entries in the map by keys. // "keys" must be of type slice, a pointer to a slice or buffer will not work. func (m *Map) BatchDelete(keys interface{}, opts *BatchOptions) (int, error) { - if err := haveBatchAPI(); err != nil { - return 0, err - } if m.typ.hasPerCPUValue() { return 0, ErrNotSupported } @@ -1055,7 +1069,7 @@ func (m *Map) BatchDelete(keys interface{}, opts *BatchOptions) (int, error) { return 0, fmt.Errorf("keys must be a slice") } count := keysValue.Len() - keyPtr, err := marshalPtr(keys, count*int(m.keySize)) + keyPtr, err := marshalMapSyscallInput(keys, count*int(m.keySize)) if err != nil { return 0, fmt.Errorf("cannot marshal keys: %v", err) } @@ -1072,6 +1086,9 @@ func (m *Map) BatchDelete(keys interface{}, opts *BatchOptions) (int, error) { } if err = sys.MapDeleteBatch(&attr); err != nil { + if haveFeatErr := haveBatchAPI(); haveFeatErr != nil { + return 0, haveFeatErr + } return int(attr.Count), fmt.Errorf("batch delete: %w", wrapMapError(err)) } @@ -1176,15 +1193,14 @@ func (m *Map) IsPinned() bool { // // It makes no changes to kernel-side restrictions. func (m *Map) Freeze() error { - if err := haveMapMutabilityModifiers(); err != nil { - return fmt.Errorf("can't freeze map: %w", err) - } - attr := sys.MapFreezeAttr{ MapFd: m.fd.Uint(), } if err := sys.MapFreeze(&attr); err != nil { + if haveFeatErr := haveMapMutabilityModifiers(); haveFeatErr != nil { + return fmt.Errorf("can't freeze map: %w", haveFeatErr) + } return fmt.Errorf("can't freeze map: %w", err) } return nil @@ -1217,16 +1233,7 @@ func (m *Map) marshalKey(data interface{}) (sys.Pointer, error) { return sys.Pointer{}, errors.New("can't use nil as key of map") } - return marshalPtr(data, int(m.keySize)) -} - -func (m *Map) unmarshalKey(data interface{}, buf []byte) error { - if buf == nil { - // This is from a makeBuffer call, nothing do do here. - return nil - } - - return unmarshalBytes(data, buf) + return marshalMapSyscallInput(data, int(m.keySize)) } func (m *Map) marshalValue(data interface{}) (sys.Pointer, error) { @@ -1249,7 +1256,7 @@ func (m *Map) marshalValue(data interface{}) (sys.Pointer, error) { buf, err = marshalProgram(value, int(m.valueSize)) default: - return marshalPtr(data, int(m.valueSize)) + return marshalMapSyscallInput(data, int(m.valueSize)) } if err != nil { @@ -1259,16 +1266,7 @@ func (m *Map) marshalValue(data interface{}) (sys.Pointer, error) { return sys.NewSlicePointer(buf), nil } -func (m *Map) unmarshalValue(value interface{}, buf []byte) error { - if buf == nil { - // This is from a makeBuffer call, nothing do do here. - return nil - } - - if m.typ.hasPerCPUValue() { - return unmarshalPerCPUValue(value, int(m.valueSize), buf) - } - +func (m *Map) unmarshalValue(value any, buf sysenc.Buffer) error { switch value := value.(type) { case **Map: if !m.typ.canStoreMap() { @@ -1315,7 +1313,7 @@ func (m *Map) unmarshalValue(value interface{}, buf []byte) error { return errors.New("require pointer to *Program") } - return unmarshalBytes(value, buf) + return buf.Unmarshal(value) } // LoadPinnedMap loads a Map from a BPF file. @@ -1337,12 +1335,11 @@ func LoadPinnedMap(fileName string, opts *LoadPinOptions) (*Map, error) { } // unmarshalMap creates a map from a map ID encoded in host endianness. -func unmarshalMap(buf []byte) (*Map, error) { - if len(buf) != 4 { - return nil, errors.New("map id requires 4 byte value") +func unmarshalMap(buf sysenc.Buffer) (*Map, error) { + var id uint32 + if err := buf.Unmarshal(&id); err != nil { + return nil, err } - - id := internal.NativeEndian.Uint32(buf) return NewMapFromID(MapID(id)) } @@ -1438,7 +1435,12 @@ func (mi *MapIterator) Next(keyOut, valueOut interface{}) bool { return false } - mi.err = mi.target.unmarshalKey(keyOut, nextKey) + if ptr, ok := keyOut.(unsafe.Pointer); ok { + copy(unsafe.Slice((*byte)(ptr), len(nextKey)), nextKey) + } else { + mi.err = sysenc.Unmarshal(keyOut, nextKey) + } + return mi.err == nil } diff --git a/vendor/github.com/cilium/ebpf/marshalers.go b/vendor/github.com/cilium/ebpf/marshalers.go index a568bff9207..e89a12f0fb1 100644 --- a/vendor/github.com/cilium/ebpf/marshalers.go +++ b/vendor/github.com/cilium/ebpf/marshalers.go @@ -1,166 +1,53 @@ package ebpf import ( - "bytes" "encoding" - "encoding/binary" "errors" "fmt" "reflect" - "runtime" - "sync" "unsafe" "github.com/cilium/ebpf/internal" "github.com/cilium/ebpf/internal/sys" + "github.com/cilium/ebpf/internal/sysenc" ) -// marshalPtr converts an arbitrary value into a pointer suitable +// marshalMapSyscallInput converts an arbitrary value into a pointer suitable // to be passed to the kernel. // // As an optimization, it returns the original value if it is an // unsafe.Pointer. -func marshalPtr(data interface{}, length int) (sys.Pointer, error) { +func marshalMapSyscallInput(data any, length int) (sys.Pointer, error) { if ptr, ok := data.(unsafe.Pointer); ok { return sys.NewPointer(ptr), nil } - buf, err := marshalBytes(data, length) + buf, err := sysenc.Marshal(data, length) if err != nil { return sys.Pointer{}, err } - return sys.NewSlicePointer(buf), nil + return buf.Pointer(), nil } -// marshalBytes converts an arbitrary value into a byte buffer. -// -// Prefer using Map.marshalKey and Map.marshalValue if possible, since -// those have special cases that allow more types to be encoded. -// -// Returns an error if the given value isn't representable in exactly -// length bytes. -func marshalBytes(data interface{}, length int) (buf []byte, err error) { - if data == nil { - return nil, errors.New("can't marshal a nil value") - } - - switch value := data.(type) { - case encoding.BinaryMarshaler: - buf, err = value.MarshalBinary() - case string: - buf = []byte(value) - case []byte: - buf = value - case unsafe.Pointer: - err = errors.New("can't marshal from unsafe.Pointer") - case Map, *Map, Program, *Program: - err = fmt.Errorf("can't marshal %T", value) - default: - wr := internal.NewBuffer(make([]byte, 0, length)) - defer internal.PutBuffer(wr) - - err = binary.Write(wr, internal.NativeEndian, value) - if err != nil { - err = fmt.Errorf("encoding %T: %v", value, err) - } - buf = wr.Bytes() - } - if err != nil { - return nil, err - } - - if len(buf) != length { - return nil, fmt.Errorf("%T doesn't marshal to %d bytes", data, length) - } - return buf, nil -} - -func makeBuffer(dst interface{}, length int) (sys.Pointer, []byte) { +func makeMapSyscallOutput(dst any, length int) sysenc.Buffer { if ptr, ok := dst.(unsafe.Pointer); ok { - return sys.NewPointer(ptr), nil + return sysenc.UnsafeBuffer(ptr) } - buf := make([]byte, length) - return sys.NewSlicePointer(buf), buf -} - -var bytesReaderPool = sync.Pool{ - New: func() interface{} { - return new(bytes.Reader) - }, -} - -// unmarshalBytes converts a byte buffer into an arbitrary value. -// -// Prefer using Map.unmarshalKey and Map.unmarshalValue if possible, since -// those have special cases that allow more types to be encoded. -// -// The common int32 and int64 types are directly handled to avoid -// unnecessary heap allocations as happening in the default case. -func unmarshalBytes(data interface{}, buf []byte) error { - switch value := data.(type) { - case unsafe.Pointer: - dst := unsafe.Slice((*byte)(value), len(buf)) - copy(dst, buf) - runtime.KeepAlive(value) - return nil - case Map, *Map, Program, *Program: - return fmt.Errorf("can't unmarshal into %T", value) - case encoding.BinaryUnmarshaler: - return value.UnmarshalBinary(buf) - case *string: - *value = string(buf) - return nil - case *[]byte: - *value = buf - return nil - case *int32: - if len(buf) < 4 { - return errors.New("int32 requires 4 bytes") - } - *value = int32(internal.NativeEndian.Uint32(buf)) - return nil - case *uint32: - if len(buf) < 4 { - return errors.New("uint32 requires 4 bytes") - } - *value = internal.NativeEndian.Uint32(buf) - return nil - case *int64: - if len(buf) < 8 { - return errors.New("int64 requires 8 bytes") - } - *value = int64(internal.NativeEndian.Uint64(buf)) - return nil - case *uint64: - if len(buf) < 8 { - return errors.New("uint64 requires 8 bytes") - } - *value = internal.NativeEndian.Uint64(buf) - return nil - case string: - return errors.New("require pointer to string") - case []byte: - return errors.New("require pointer to []byte") - default: - rd := bytesReaderPool.Get().(*bytes.Reader) - rd.Reset(buf) - defer bytesReaderPool.Put(rd) - if err := binary.Read(rd, internal.NativeEndian, value); err != nil { - return fmt.Errorf("decoding %T: %v", value, err) - } - return nil + _, ok := dst.(encoding.BinaryUnmarshaler) + if ok { + return sysenc.SyscallOutput(nil, length) } + + return sysenc.SyscallOutput(dst, length) } // marshalPerCPUValue encodes a slice containing one value per // possible CPU into a buffer of bytes. // // Values are initialized to zero if the slice has less elements than CPUs. -// -// slice must have a type like []elementType. -func marshalPerCPUValue(slice interface{}, elemLength int) (sys.Pointer, error) { +func marshalPerCPUValue(slice any, elemLength int) (sys.Pointer, error) { sliceType := reflect.TypeOf(slice) if sliceType.Kind() != reflect.Slice { return sys.Pointer{}, errors.New("per-CPU value requires slice") @@ -182,13 +69,13 @@ func marshalPerCPUValue(slice interface{}, elemLength int) (sys.Pointer, error) for i := 0; i < sliceLen; i++ { elem := sliceValue.Index(i).Interface() - elemBytes, err := marshalBytes(elem, elemLength) + elemBytes, err := sysenc.Marshal(elem, elemLength) if err != nil { return sys.Pointer{}, err } offset := i * alignedElemLength - copy(buf[offset:offset+elemLength], elemBytes) + elemBytes.CopyTo(buf[offset : offset+elemLength]) } return sys.NewSlicePointer(buf), nil @@ -197,8 +84,8 @@ func marshalPerCPUValue(slice interface{}, elemLength int) (sys.Pointer, error) // unmarshalPerCPUValue decodes a buffer into a slice containing one value per // possible CPU. // -// valueOut must have a type like *[]elementType -func unmarshalPerCPUValue(slicePtr interface{}, elemLength int, buf []byte) error { +// slicePtr must be a pointer to a slice. +func unmarshalPerCPUValue(slicePtr any, elemLength int, buf []byte) error { slicePtrType := reflect.TypeOf(slicePtr) if slicePtrType.Kind() != reflect.Ptr || slicePtrType.Elem().Kind() != reflect.Slice { return fmt.Errorf("per-cpu value requires pointer to slice") @@ -218,12 +105,9 @@ func unmarshalPerCPUValue(slicePtr interface{}, elemLength int, buf []byte) erro sliceElemType = sliceElemType.Elem() } - step := len(buf) / possibleCPUs - if step < elemLength { - return fmt.Errorf("per-cpu element length is larger than available data") - } + stride := internal.Align(elemLength, 8) for i := 0; i < possibleCPUs; i++ { - var elem interface{} + var elem any if sliceElemIsPointer { newElem := reflect.New(sliceElemType) slice.Index(i).Set(newElem) @@ -232,16 +116,12 @@ func unmarshalPerCPUValue(slicePtr interface{}, elemLength int, buf []byte) erro elem = slice.Index(i).Addr().Interface() } - // Make a copy, since unmarshal can hold on to itemBytes - elemBytes := make([]byte, elemLength) - copy(elemBytes, buf[:elemLength]) - - err := unmarshalBytes(elem, elemBytes) + err := sysenc.Unmarshal(elem, buf[:elemLength]) if err != nil { return fmt.Errorf("cpu %d: %w", i, err) } - buf = buf[step:] + buf = buf[stride:] } reflect.ValueOf(slicePtr).Elem().Set(slice) diff --git a/vendor/github.com/cilium/ebpf/netlify.toml b/vendor/github.com/cilium/ebpf/netlify.toml new file mode 100644 index 00000000000..67c83f3b307 --- /dev/null +++ b/vendor/github.com/cilium/ebpf/netlify.toml @@ -0,0 +1,4 @@ +[build] + base = "docs/" + publish = "site/" + command = "mkdocs build" diff --git a/vendor/github.com/cilium/ebpf/prog.go b/vendor/github.com/cilium/ebpf/prog.go index 70aaef55327..6d46a0422b9 100644 --- a/vendor/github.com/cilium/ebpf/prog.go +++ b/vendor/github.com/cilium/ebpf/prog.go @@ -16,6 +16,7 @@ import ( "github.com/cilium/ebpf/btf" "github.com/cilium/ebpf/internal" "github.com/cilium/ebpf/internal/sys" + "github.com/cilium/ebpf/internal/sysenc" "github.com/cilium/ebpf/internal/unix" ) @@ -277,7 +278,7 @@ func newProgramWithOptions(spec *ProgramSpec, opts ProgramOptions) (*Program, er if err != nil { return nil, fmt.Errorf("fixing up kfuncs: %w", err) } - defer handles.close() + defer handles.Close() if len(handles) > 0 { fdArray := handles.fdArray() @@ -763,14 +764,14 @@ retry: return attr.Retval, total, nil } -func unmarshalProgram(buf []byte) (*Program, error) { - if len(buf) != 4 { - return nil, errors.New("program id requires 4 byte value") +func unmarshalProgram(buf sysenc.Buffer) (*Program, error) { + var id uint32 + if err := buf.Unmarshal(&id); err != nil { + return nil, err } // Looking up an entry in a nested map or prog array returns an id, // not an fd. - id := internal.NativeEndian.Uint32(buf) return NewProgramFromID(ProgramID(id)) } @@ -921,7 +922,12 @@ func findProgramTargetInKernel(name string, progType ProgramType, attachType Att } id, err := spec.TypeID(target) - return module, id, err + if err != nil { + module.Close() + return nil, 0, err + } + + return module, id, nil } // findTargetInKernel attempts to find a named type in the current kernel. @@ -999,7 +1005,9 @@ func findTargetInProgram(prog *Program, name string, progType ProgramType, attac var typeName string switch (match{progType, attachType}) { - case match{Extension, AttachNone}: + case match{Extension, AttachNone}, + match{Tracing, AttachTraceFEntry}, + match{Tracing, AttachTraceFExit}: typeName = name default: return 0, errUnrecognizedAttachType diff --git a/vendor/github.com/cilium/ebpf/run-tests.sh b/vendor/github.com/cilium/ebpf/run-tests.sh index 1d1490ad1d9..629a069dd14 100644 --- a/vendor/github.com/cilium/ebpf/run-tests.sh +++ b/vendor/github.com/cilium/ebpf/run-tests.sh @@ -14,6 +14,21 @@ set -euo pipefail script="$(realpath "$0")" readonly script +quote_env() { + for var in "$@"; do + if [ -v "$var" ]; then + printf "%s=%q " "$var" "${!var}" + fi + done +} + +declare -a preserved_env=( + PATH + CI_MAX_KERNEL_VERSION + TEST_SEED + KERNEL_VERSION +) + # This script is a bit like a Matryoshka doll since it keeps re-executing itself # in various different contexts: # @@ -51,11 +66,11 @@ if [[ "${1:-}" = "--exec-vm" ]]; then fi for ((i = 0; i < 3; i++)); do - if ! $sudo virtme-run --kimg "${input}/bzImage" --memory 768M --pwd \ + if ! $sudo virtme-run --kimg "${input}/boot/vmlinuz" --memory 768M --pwd \ --rwdir="${testdir}=${testdir}" \ --rodir=/run/input="${input}" \ --rwdir=/run/output="${output}" \ - --script-sh "PATH=\"$PATH\" CI_MAX_KERNEL_VERSION="${CI_MAX_KERNEL_VERSION:-}" \"$script\" --exec-test $cmd" \ + --script-sh "$(quote_env "${preserved_env[@]}") \"$script\" --exec-test $cmd" \ --kopt possible_cpus=2; then # need at least two CPUs for some tests exit 23 fi @@ -85,8 +100,8 @@ elif [[ "${1:-}" = "--exec-test" ]]; then export KERNEL_SELFTESTS="/run/input/bpf" fi - if [[ -f "/run/input/bpf/bpf_testmod/bpf_testmod.ko" ]]; then - insmod "/run/input/bpf/bpf_testmod/bpf_testmod.ko" + if [[ -d "/run/input/lib/modules" ]]; then + find /run/input/lib/modules -type f -name bpf_testmod.ko -exec insmod {} \; fi dmesg --clear @@ -114,6 +129,9 @@ fetch() { return $ret } +machine="$(uname -m)" +readonly machine + if [[ -f "${1}" ]]; then readonly kernel="${1}" cp "${1}" "${input}/bzImage" @@ -121,16 +139,24 @@ else # LINUX_VERSION_CODE test compares this to discovered value. export KERNEL_VERSION="${1}" - readonly kernel="linux-${1}.bz" - readonly selftests="linux-${1}-selftests-bpf.tgz" + if [ "${machine}" = "x86_64" ]; then + readonly kernel="linux-${1}-amd64.tgz" + readonly selftests="linux-${1}-amd64-selftests-bpf.tgz" + elif [ "${machine}" = "aarch64" ]; then + readonly kernel="linux-${1}-arm64.tgz" + readonly selftests="" + else + echo "Arch ${machine} is not supported" + exit 1 + fi fetch "${kernel}" - cp "${tmp_dir}/${kernel}" "${input}/bzImage" + tar xf "${tmp_dir}/${kernel}" -C "${input}" - if fetch "${selftests}"; then + if [ -n "${selftests}" ] && fetch "${selftests}"; then echo "Decompressing selftests" mkdir "${input}/bpf" - tar --strip-components=4 -xf "${tmp_dir}/${selftests}" -C "${input}/bpf" + tar --strip-components=5 -xf "${tmp_dir}/${selftests}" -C "${input}/bpf" else echo "No selftests found, disabling" fi diff --git a/vendor/github.com/cilium/ebpf/syscalls.go b/vendor/github.com/cilium/ebpf/syscalls.go index fd21dea24ff..cdf1fcf2ef5 100644 --- a/vendor/github.com/cilium/ebpf/syscalls.go +++ b/vendor/github.com/cilium/ebpf/syscalls.go @@ -119,6 +119,7 @@ var haveInnerMaps = internal.NewFeatureTest("inner maps", "5.10", func() error { MaxEntries: 1, MapFlags: unix.BPF_F_INNER_MAP, }) + if err != nil { return internal.ErrNotSupported } @@ -135,6 +136,7 @@ var haveNoPreallocMaps = internal.NewFeatureTest("prealloc maps", "4.6", func() MaxEntries: 1, MapFlags: unix.BPF_F_NO_PREALLOC, }) + if err != nil { return internal.ErrNotSupported } @@ -223,8 +225,8 @@ var haveBatchAPI = internal.NewFeatureTest("map batch api", "5.6", func() error keys := []uint32{1, 2} values := []uint32{3, 4} - kp, _ := marshalPtr(keys, 8) - vp, _ := marshalPtr(values, 8) + kp, _ := marshalMapSyscallInput(keys, 8) + vp, _ := marshalMapSyscallInput(values, 8) err = sys.MapUpdateBatch(&sys.MapUpdateBatchAttr{ MapFd: fd.Uint(), @@ -265,11 +267,8 @@ var haveBPFToBPFCalls = internal.NewFeatureTest("bpf2bpf calls", "4.16", func() } fd, err := progLoad(insns, SocketFilter, "MIT") - if errors.Is(err, unix.EINVAL) { - return internal.ErrNotSupported - } if err != nil { - return err + return internal.ErrNotSupported } _ = fd.Close() return nil diff --git a/vendor/github.com/cilium/ebpf/types.go b/vendor/github.com/cilium/ebpf/types.go index 35927e2ab80..af36519994b 100644 --- a/vendor/github.com/cilium/ebpf/types.go +++ b/vendor/github.com/cilium/ebpf/types.go @@ -5,7 +5,7 @@ import ( "github.com/cilium/ebpf/internal/unix" ) -//go:generate stringer -output types_string.go -type=MapType,ProgramType,PinType +//go:generate go run golang.org/x/tools/cmd/stringer@latest -output types_string.go -type=MapType,ProgramType,PinType // MapType indicates the type map structure // that will be initialized in the kernel. @@ -44,7 +44,7 @@ const ( // if an skb is from a socket belonging to a specific cgroup CGroupArray // LRUHash - This allows you to create a small hash structure that will purge the - // least recently used items rather than thow an error when you run out of memory + // least recently used items rather than throw an error when you run out of memory LRUHash // LRUCPUHash - This is NOT like PerCPUHash, this structure is shared among the CPUs, // it has more to do with including the CPU id with the LRU calculation so that if a @@ -102,6 +102,12 @@ func (mt MapType) hasPerCPUValue() bool { return mt == PerCPUHash || mt == PerCPUArray || mt == LRUCPUHash || mt == PerCPUCGroupStorage } +// canStoreMapOrProgram returns true if the Map stores references to another Map +// or Program. +func (mt MapType) canStoreMapOrProgram() bool { + return mt.canStoreMap() || mt.canStoreProgram() +} + // canStoreMap returns true if the map type accepts a map fd // for update and returns a map id for lookup. func (mt MapType) canStoreMap() bool { @@ -158,7 +164,7 @@ const ( // Will cause invalid argument (EINVAL) at program load time if set incorrectly. type AttachType uint32 -//go:generate stringer -type AttachType -trimprefix Attach +//go:generate go run golang.org/x/tools/cmd/stringer@latest -type AttachType -trimprefix Attach // AttachNone is an alias for AttachCGroupInetIngress for readability reasons. const AttachNone AttachType = 0 diff --git a/vendor/modules.txt b/vendor/modules.txt index 78a00607c38..f17ebc5d5a0 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -2,14 +2,15 @@ ## explicit; go 1.16 github.com/checkpoint-restore/go-criu/v6 github.com/checkpoint-restore/go-criu/v6/rpc -# github.com/cilium/ebpf v0.11.0 -## explicit; go 1.19 +# github.com/cilium/ebpf v0.12.0 +## explicit; go 1.20 github.com/cilium/ebpf github.com/cilium/ebpf/asm github.com/cilium/ebpf/btf github.com/cilium/ebpf/internal github.com/cilium/ebpf/internal/kconfig github.com/cilium/ebpf/internal/sys +github.com/cilium/ebpf/internal/sysenc github.com/cilium/ebpf/internal/tracefs github.com/cilium/ebpf/internal/unix github.com/cilium/ebpf/link From 4a7d3ae5cd7ebb8b0fc7b0a74ba94cdf739361f2 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 21 Mar 2023 13:03:52 -0700 Subject: [PATCH 0412/1176] libct/cg: support hugetlb rsvd This adds support for hugetlb..rsvd limiting and accounting. The previous non-rsvd max/limit_in_bytes does not account for reserved huge page memory, making it possible for a processes to reserve all the huge page memory, without being able to allocate it (due to cgroup restrictions). In practice this makes it possible to successfully mmap more huge page memory than allowed via the cgroup settings, but when using the memory the process will get a SIGBUS and crash. This is bad for applications trying to mmap at startup (and it succeeds), but the program crashes when starting to use the memory. eg. postgres is doing this by default. This also keeps writing to the old max/limit_in_bytes, for backward compatibility. More info can be found here: https://lkml.org/lkml/2020/2/3/1153 (commit message mostly written by Odin Ugedal) Co-authored-by: Odin Ugedal Signed-off-by: Kir Kolyshkin --- libcontainer/cgroups/fs/hugetlb.go | 36 +++++++++++--- libcontainer/cgroups/fs/hugetlb_test.go | 43 ++++++++++++++--- libcontainer/cgroups/fs2/hugetlb.go | 30 ++++++++++-- tests/integration/cgroups.bats | 64 +++++++++++++++++++++++++ 4 files changed, 155 insertions(+), 18 deletions(-) diff --git a/libcontainer/cgroups/fs/hugetlb.go b/libcontainer/cgroups/fs/hugetlb.go index 8ddd6fdd837..50f8f30cd39 100644 --- a/libcontainer/cgroups/fs/hugetlb.go +++ b/libcontainer/cgroups/fs/hugetlb.go @@ -1,6 +1,8 @@ package fs import ( + "errors" + "os" "strconv" "github.com/opencontainers/runc/libcontainer/cgroups" @@ -19,8 +21,23 @@ func (s *HugetlbGroup) Apply(path string, _ *configs.Resources, pid int) error { } func (s *HugetlbGroup) Set(path string, r *configs.Resources) error { + const suffix = ".limit_in_bytes" + skipRsvd := false + for _, hugetlb := range r.HugetlbLimit { - if err := cgroups.WriteFile(path, "hugetlb."+hugetlb.Pagesize+".limit_in_bytes", strconv.FormatUint(hugetlb.Limit, 10)); err != nil { + prefix := "hugetlb." + hugetlb.Pagesize + val := strconv.FormatUint(hugetlb.Limit, 10) + if err := cgroups.WriteFile(path, prefix+suffix, val); err != nil { + return err + } + if skipRsvd { + continue + } + if err := cgroups.WriteFile(path, prefix+".rsvd"+suffix, val); err != nil { + if errors.Is(err, os.ErrNotExist) { + skipRsvd = true + continue + } return err } } @@ -32,24 +49,29 @@ func (s *HugetlbGroup) GetStats(path string, stats *cgroups.Stats) error { if !cgroups.PathExists(path) { return nil } + rsvd := ".rsvd" hugetlbStats := cgroups.HugetlbStats{} for _, pageSize := range cgroups.HugePageSizes() { - usage := "hugetlb." + pageSize + ".usage_in_bytes" - value, err := fscommon.GetCgroupParamUint(path, usage) + again: + prefix := "hugetlb." + pageSize + rsvd + + value, err := fscommon.GetCgroupParamUint(path, prefix+".usage_in_bytes") if err != nil { + if rsvd != "" && errors.Is(err, os.ErrNotExist) { + rsvd = "" + goto again + } return err } hugetlbStats.Usage = value - maxUsage := "hugetlb." + pageSize + ".max_usage_in_bytes" - value, err = fscommon.GetCgroupParamUint(path, maxUsage) + value, err = fscommon.GetCgroupParamUint(path, prefix+".max_usage_in_bytes") if err != nil { return err } hugetlbStats.MaxUsage = value - failcnt := "hugetlb." + pageSize + ".failcnt" - value, err = fscommon.GetCgroupParamUint(path, failcnt) + value, err = fscommon.GetCgroupParamUint(path, prefix+".failcnt") if err != nil { return err } diff --git a/libcontainer/cgroups/fs/hugetlb_test.go b/libcontainer/cgroups/fs/hugetlb_test.go index f4aea7eb552..17b4945a167 100644 --- a/libcontainer/cgroups/fs/hugetlb_test.go +++ b/libcontainer/cgroups/fs/hugetlb_test.go @@ -21,6 +21,11 @@ const ( limit = "hugetlb.%s.limit_in_bytes" maxUsage = "hugetlb.%s.max_usage_in_bytes" failcnt = "hugetlb.%s.failcnt" + + rsvdUsage = "hugetlb.%s.rsvd.usage_in_bytes" + rsvdLimit = "hugetlb.%s.rsvd.limit_in_bytes" + rsvdMaxUsage = "hugetlb.%s.rsvd.max_usage_in_bytes" + rsvdFailcnt = "hugetlb.%s.rsvd.failcnt" ) func TestHugetlbSetHugetlb(t *testing.T) { @@ -52,13 +57,15 @@ func TestHugetlbSetHugetlb(t *testing.T) { } for _, pageSize := range cgroups.HugePageSizes() { - limit := fmt.Sprintf(limit, pageSize) - value, err := fscommon.GetCgroupParamUint(path, limit) - if err != nil { - t.Fatal(err) - } - if value != hugetlbAfter { - t.Fatalf("Set hugetlb.limit_in_bytes failed. Expected: %v, Got: %v", hugetlbAfter, value) + for _, f := range []string{limit, rsvdLimit} { + limit := fmt.Sprintf(f, pageSize) + value, err := fscommon.GetCgroupParamUint(path, limit) + if err != nil { + t.Fatal(err) + } + if value != hugetlbAfter { + t.Fatalf("Set %s failed. Expected: %v, Got: %v", limit, hugetlbAfter, value) + } } } } @@ -85,6 +92,28 @@ func TestHugetlbStats(t *testing.T) { } } +func TestHugetlbRStatsRsvd(t *testing.T) { + path := tempDir(t, "hugetlb") + for _, pageSize := range cgroups.HugePageSizes() { + writeFileContents(t, path, map[string]string{ + fmt.Sprintf(rsvdUsage, pageSize): hugetlbUsageContents, + fmt.Sprintf(rsvdMaxUsage, pageSize): hugetlbMaxUsageContents, + fmt.Sprintf(rsvdFailcnt, pageSize): hugetlbFailcnt, + }) + } + + hugetlb := &HugetlbGroup{} + actualStats := *cgroups.NewStats() + err := hugetlb.GetStats(path, &actualStats) + if err != nil { + t.Fatal(err) + } + expectedStats := cgroups.HugetlbStats{Usage: 128, MaxUsage: 256, Failcnt: 100} + for _, pageSize := range cgroups.HugePageSizes() { + expectHugetlbStatEquals(t, expectedStats, actualStats.HugetlbStats[pageSize]) + } +} + func TestHugetlbStatsNoUsageFile(t *testing.T) { path := tempDir(t, "hugetlb") writeFileContents(t, path, map[string]string{ diff --git a/libcontainer/cgroups/fs2/hugetlb.go b/libcontainer/cgroups/fs2/hugetlb.go index c92a7e64af0..2ce2631e187 100644 --- a/libcontainer/cgroups/fs2/hugetlb.go +++ b/libcontainer/cgroups/fs2/hugetlb.go @@ -1,6 +1,8 @@ package fs2 import ( + "errors" + "os" "strconv" "github.com/opencontainers/runc/libcontainer/cgroups" @@ -16,8 +18,22 @@ func setHugeTlb(dirPath string, r *configs.Resources) error { if !isHugeTlbSet(r) { return nil } + const suffix = ".max" + skipRsvd := false for _, hugetlb := range r.HugetlbLimit { - if err := cgroups.WriteFile(dirPath, "hugetlb."+hugetlb.Pagesize+".max", strconv.FormatUint(hugetlb.Limit, 10)); err != nil { + prefix := "hugetlb." + hugetlb.Pagesize + val := strconv.FormatUint(hugetlb.Limit, 10) + if err := cgroups.WriteFile(dirPath, prefix+suffix, val); err != nil { + return err + } + if skipRsvd { + continue + } + if err := cgroups.WriteFile(dirPath, prefix+".rsvd"+suffix, val); err != nil { + if errors.Is(err, os.ErrNotExist) { + skipRsvd = true + continue + } return err } } @@ -27,15 +43,21 @@ func setHugeTlb(dirPath string, r *configs.Resources) error { func statHugeTlb(dirPath string, stats *cgroups.Stats) error { hugetlbStats := cgroups.HugetlbStats{} + rsvd := ".rsvd" for _, pagesize := range cgroups.HugePageSizes() { - value, err := fscommon.GetCgroupParamUint(dirPath, "hugetlb."+pagesize+".current") + again: + prefix := "hugetlb." + pagesize + rsvd + value, err := fscommon.GetCgroupParamUint(dirPath, prefix+".current") if err != nil { + if rsvd != "" && errors.Is(err, os.ErrNotExist) { + rsvd = "" + goto again + } return err } hugetlbStats.Usage = value - fileName := "hugetlb." + pagesize + ".events" - value, err = fscommon.GetValueByKey(dirPath, fileName, "max") + value, err = fscommon.GetValueByKey(dirPath, prefix+".events", "max") if err != nil { return err } diff --git a/tests/integration/cgroups.bats b/tests/integration/cgroups.bats index ed2da3303c9..8daf7420d0f 100644 --- a/tests/integration/cgroups.bats +++ b/tests/integration/cgroups.bats @@ -199,6 +199,70 @@ function setup() { check_cgroup_value "cpu.idle" "1" } +# Convert size in KB to hugetlb size suffix. +convert_hugetlb_size() { + local size=$1 + local units=("KB" "MB" "GB") + local idx=0 + + while ((size >= 1024)); do + ((size /= 1024)) + ((idx++)) + done + + echo "$size${units[$idx]}" +} + +@test "runc run (hugetlb limits)" { + requires cgroups_hugetlb + [ $EUID -ne 0 ] && requires rootless_cgroup + # shellcheck disable=SC2012 # ls is fine here. + mapfile -t sizes_kb < <(ls /sys/kernel/mm/hugepages/ | sed -e 's/.*hugepages-//' -e 's/kB$//') # + if [ "${#sizes_kb[@]}" -lt 1 ]; then + skip "requires hugetlb" + fi + + # Create two arrays: + # - sizes: hugetlb cgroup file suffixes; + # - limits: limits for each size. + for size in "${sizes_kb[@]}"; do + sizes+=("$(convert_hugetlb_size "$size")") + # Limit to 1 page. + limits+=("$((size * 1024))") + done + + # Set per-size limits. + for ((i = 0; i < ${#sizes[@]}; i++)); do + size="${sizes[$i]}" + limit="${limits[$i]}" + update_config '.linux.resources.hugepageLimits += [{ pagesize: "'"$size"'", limit: '"$limit"' }]' + done + + set_cgroups_path + runc run -d --console-socket "$CONSOLE_SOCKET" test_hugetlb + [ "$status" -eq 0 ] + + lim="max" + [ -v CGROUP_V1 ] && lim=".limit_in_bytes" + + optional=("") + # Add rsvd, if available. + if test -f "$(get_cgroup_path hugetlb)/hugetlb.${sizes[0]}.rsvd.$lim"; then + optional+=(".rsvd") + fi + + # Check if the limits are as expected. + for ((i = 0; i < ${#sizes[@]}; i++)); do + size="${sizes[$i]}" + limit="${limits[$i]}" + for rsvd in "${optional[@]}"; do + param="hugetlb.${size}${rsvd}.$lim" + echo "checking $param" + check_cgroup_value "$param" "$limit" + done + done +} + @test "runc run (cgroup v2 resources.unified only)" { requires root cgroups_v2 From b6a0c483b7383fc42bf9a840adbbf987867043d2 Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Wed, 18 Oct 2023 14:42:16 +0200 Subject: [PATCH 0413/1176] libct/dmz: Support compiling on all arches When we added nolibc, we started using it unconditionally. But runc is currently being compiled on more arches than supported by nolibc, like MIPS. Let's compile using stdlib if the arch we are compiling on is not supported by nolibc. If compilation is broken in some arch, just removing it from the NOLIBC_GOARCHES variable should fix the compilation, as it will fallback to use the C stdlib. Signed-off-by: Rodrigo Campos --- libcontainer/dmz/Makefile | 18 +++++++++++++++--- libcontainer/dmz/README.md | 2 ++ libcontainer/dmz/_dmz.c | 8 ++++++-- 3 files changed, 23 insertions(+), 5 deletions(-) diff --git a/libcontainer/dmz/Makefile b/libcontainer/dmz/Makefile index 57ff782bd50..3c30db243d9 100644 --- a/libcontainer/dmz/Makefile +++ b/libcontainer/dmz/Makefile @@ -1,7 +1,19 @@ -# Get CC values for cross-compilation. +# Get GO, GOARCH and CC values for cross-compilation. include ../../cc_platform.mk -# We use the flags suggested in nolibc/nolibc.h, it makes the binary very small. +# List of GOARCH that nolibc supports, from: +# https://go.dev/doc/install/source#environment (with GOOS=linux) +# +# See nolibc supported arches in ./nolibc/arch-*.h +NOLIBC_GOARCHES := 386 amd64 arm arm64 loong64 ppc64le riscv64 s390x + +ifneq (,$(filter $(GOARCH), $(NOLIBC_GOARCHES))) + # We use the flags suggested in nolibc/nolibc.h, it makes the binary very small. + CFLAGS += -fno-asynchronous-unwind-tables -fno-ident -s -Os -nostdlib -lgcc +else + CFLAGS += -DRUNC_USE_STDLIB +endif + runc-dmz: _dmz.c - $(CC) $(CFLAGS) -fno-asynchronous-unwind-tables -fno-ident -s -Os -nostdlib -lgcc -static -o $@ $^ + $(CC) $(CFLAGS) -static -o $@ $^ $(STRIP) -gs $@ diff --git a/libcontainer/dmz/README.md b/libcontainer/dmz/README.md index 72d577019c1..3cfa913ff68 100644 --- a/libcontainer/dmz/README.md +++ b/libcontainer/dmz/README.md @@ -13,4 +13,6 @@ The current version in that folder is from Linux 6.6-rc3 tag (556fb7131e03b02836 It also support all the architectures we support in runc. +If the GOARCH we use for compiling doesn't support nolibc, it fallbacks to using the C stdlib. + [nolibc-upstream]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/tools/include/nolibc?h=v6.6-rc3 diff --git a/libcontainer/dmz/_dmz.c b/libcontainer/dmz/_dmz.c index 73ecf25412a..2855e60d5cd 100644 --- a/libcontainer/dmz/_dmz.c +++ b/libcontainer/dmz/_dmz.c @@ -1,5 +1,9 @@ -#include "xstat.h" -#include "nolibc/nolibc.h" +#ifdef RUNC_USE_STDLIB +# include +#else +# include "xstat.h" +# include "nolibc/nolibc.h" +#endif extern char **environ; From f944d7b653e53e76dab006ca994499dbb31a93f3 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 19 Oct 2023 16:06:31 -0700 Subject: [PATCH 0414/1176] ci/gha: fix downloading Release.key Since today, the URL from download.opensuse.org started returning a HTTP 302 redirect, so -L option for curl is needed to follow it. While at it, remove apt-key as per its man page recommendation: > Note: Instead of using this command a keyring should be placed > directly in the /etc/apt/trusted.gpg.d/ directory with a descriptive > name and either "gpg" or "asc" as file extension. Signed-off-by: Kir Kolyshkin --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 5a53f1de1eb..ca7d6e21356 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -54,7 +54,7 @@ jobs: run: | # criu repo REPO=${PREFIX}_$(echo ${{ matrix.os }} | sed 's/.*-//') - curl -fSsl $REPO/Release.key | sudo apt-key add - + curl -fSsLl $REPO/Release.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/devel_tools_criu.gpg > /dev/null echo "deb $REPO/ /" | sudo tee /etc/apt/sources.list.d/criu.list sudo apt update sudo apt install libseccomp-dev criu sshfs From 54d38c6143af8e0526a63059ee126f8f1cf2c44f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 20 Oct 2023 04:21:02 +0000 Subject: [PATCH 0415/1176] build(deps): bump github.com/cilium/ebpf from 0.12.0 to 0.12.1 Bumps [github.com/cilium/ebpf](https://github.com/cilium/ebpf) from 0.12.0 to 0.12.1. - [Release notes](https://github.com/cilium/ebpf/releases) - [Commits](https://github.com/cilium/ebpf/compare/v0.12.0...v0.12.1) --- updated-dependencies: - dependency-name: github.com/cilium/ebpf dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 +- vendor/github.com/cilium/ebpf/btf/core.go | 4 +- vendor/github.com/cilium/ebpf/btf/ext_info.go | 42 ++++++++------ vendor/github.com/cilium/ebpf/btf/format.go | 6 +- vendor/github.com/cilium/ebpf/btf/types.go | 55 ++++++------------- .../github.com/cilium/ebpf/internal/vdso.go | 44 ++++++++++++--- vendor/modules.txt | 2 +- 8 files changed, 85 insertions(+), 74 deletions(-) diff --git a/go.mod b/go.mod index 7171d711f30..47f282633f8 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.20 require ( github.com/checkpoint-restore/go-criu/v6 v6.3.0 - github.com/cilium/ebpf v0.12.0 + github.com/cilium/ebpf v0.12.1 github.com/containerd/console v1.0.3 github.com/coreos/go-systemd/v22 v22.5.0 github.com/cyphar/filepath-securejoin v0.2.4 diff --git a/go.sum b/go.sum index d6d68c573ef..4d23ee67114 100644 --- a/go.sum +++ b/go.sum @@ -1,8 +1,8 @@ github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/checkpoint-restore/go-criu/v6 v6.3.0 h1:mIdrSO2cPNWQY1truPg6uHLXyKHk3Z5Odx4wjKOASzA= github.com/checkpoint-restore/go-criu/v6 v6.3.0/go.mod h1:rrRTN/uSwY2X+BPRl/gkulo9gsKOSAeVp9/K2tv7xZI= -github.com/cilium/ebpf v0.12.0 h1:oQEuIQIXgYhe1v7sYUG0P9vtJTYZLLdA6tiQmrOB1mo= -github.com/cilium/ebpf v0.12.0/go.mod h1:u9H29/Iq+8cy70YqI6p5pfADkFl3vdnV2qXDg5JL0Zo= +github.com/cilium/ebpf v0.12.1 h1:0zxmBZrItv5dgJrSVYHo36yVfJAacE7Sd1xPC3fMl4M= +github.com/cilium/ebpf v0.12.1/go.mod h1:u9H29/Iq+8cy70YqI6p5pfADkFl3vdnV2qXDg5JL0Zo= github.com/containerd/console v1.0.3 h1:lIr7SlA5PxZyMV30bDW0MGbiOPXwc63yRuCP0ARubLw= github.com/containerd/console v1.0.3/go.mod h1:7LqA/THxQ86k76b8c/EMSiaJ3h1eZkMkXar0TQ1gf3U= github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs= diff --git a/vendor/github.com/cilium/ebpf/btf/core.go b/vendor/github.com/cilium/ebpf/btf/core.go index a5c40d36af4..dec2cc76069 100644 --- a/vendor/github.com/cilium/ebpf/btf/core.go +++ b/vendor/github.com/cilium/ebpf/btf/core.go @@ -799,7 +799,7 @@ func coreFindMember(typ composite, name string) (Member, bool, error) { if visited[target] { continue } - if len(visited) >= maxTypeDepth { + if len(visited) >= maxResolveDepth { // This check is different than libbpf, which restricts the entire // path to BPF_CORE_SPEC_MAX_LEN items. return Member{}, false, fmt.Errorf("type is nested too deep") @@ -895,7 +895,7 @@ func coreAreTypesCompatible(localType Type, targetType Type) error { ) for ; l != nil && t != nil; l, t = localTs.Shift(), targetTs.Shift() { - if depth >= maxTypeDepth { + if depth >= maxResolveDepth { return errors.New("types are nested too deep") } diff --git a/vendor/github.com/cilium/ebpf/btf/ext_info.go b/vendor/github.com/cilium/ebpf/btf/ext_info.go index 36803504be6..3eae08b28ee 100644 --- a/vendor/github.com/cilium/ebpf/btf/ext_info.go +++ b/vendor/github.com/cilium/ebpf/btf/ext_info.go @@ -391,13 +391,14 @@ func newFuncInfos(bfis []bpfFuncInfo, spec *Spec) (FuncInfos, error) { return fis, nil } -// LoadFuncInfos parses btf func info in wire format. +// LoadFuncInfos parses BTF func info in kernel wire format. func LoadFuncInfos(reader io.Reader, bo binary.ByteOrder, recordNum uint32, spec *Spec) (FuncInfos, error) { fis, err := parseFuncInfoRecords( reader, bo, FuncInfoSize, recordNum, + false, ) if err != nil { return FuncInfos{}, fmt.Errorf("parsing BTF func info: %w", err) @@ -441,7 +442,7 @@ func parseFuncInfos(r io.Reader, bo binary.ByteOrder, strings *stringTable) (map return nil, err } - records, err := parseFuncInfoRecords(r, bo, recordSize, infoHeader.NumInfo) + records, err := parseFuncInfoRecords(r, bo, recordSize, infoHeader.NumInfo, true) if err != nil { return nil, fmt.Errorf("section %v: %w", secName, err) } @@ -453,7 +454,7 @@ func parseFuncInfos(r io.Reader, bo binary.ByteOrder, strings *stringTable) (map // parseFuncInfoRecords parses a stream of func_infos into a funcInfos. // These records appear after a btf_ext_info_sec header in the func_info // sub-section of .BTF.ext. -func parseFuncInfoRecords(r io.Reader, bo binary.ByteOrder, recordSize uint32, recordNum uint32) ([]bpfFuncInfo, error) { +func parseFuncInfoRecords(r io.Reader, bo binary.ByteOrder, recordSize uint32, recordNum uint32, offsetInBytes bool) ([]bpfFuncInfo, error) { var out []bpfFuncInfo var fi bpfFuncInfo @@ -467,13 +468,15 @@ func parseFuncInfoRecords(r io.Reader, bo binary.ByteOrder, recordSize uint32, r return nil, fmt.Errorf("can't read function info: %v", err) } - if fi.InsnOff%asm.InstructionSize != 0 { - return nil, fmt.Errorf("offset %v is not aligned with instruction size", fi.InsnOff) - } + if offsetInBytes { + if fi.InsnOff%asm.InstructionSize != 0 { + return nil, fmt.Errorf("offset %v is not aligned with instruction size", fi.InsnOff) + } - // ELF tracks offset in bytes, the kernel expects raw BPF instructions. - // Convert as early as possible. - fi.InsnOff /= asm.InstructionSize + // ELF tracks offset in bytes, the kernel expects raw BPF instructions. + // Convert as early as possible. + fi.InsnOff /= asm.InstructionSize + } out = append(out, fi) } @@ -537,13 +540,14 @@ type bpfLineInfo struct { LineCol uint32 } -// LoadLineInfos parses btf line info in wire format. +// LoadLineInfos parses BTF line info in kernel wire format. func LoadLineInfos(reader io.Reader, bo binary.ByteOrder, recordNum uint32, spec *Spec) (LineInfos, error) { lis, err := parseLineInfoRecords( reader, bo, LineInfoSize, recordNum, + false, ) if err != nil { return LineInfos{}, fmt.Errorf("parsing BTF line info: %w", err) @@ -649,7 +653,7 @@ func parseLineInfos(r io.Reader, bo binary.ByteOrder, strings *stringTable) (map return nil, err } - records, err := parseLineInfoRecords(r, bo, recordSize, infoHeader.NumInfo) + records, err := parseLineInfoRecords(r, bo, recordSize, infoHeader.NumInfo, true) if err != nil { return nil, fmt.Errorf("section %v: %w", secName, err) } @@ -661,7 +665,7 @@ func parseLineInfos(r io.Reader, bo binary.ByteOrder, strings *stringTable) (map // parseLineInfoRecords parses a stream of line_infos into a lineInfos. // These records appear after a btf_ext_info_sec header in the line_info // sub-section of .BTF.ext. -func parseLineInfoRecords(r io.Reader, bo binary.ByteOrder, recordSize uint32, recordNum uint32) ([]bpfLineInfo, error) { +func parseLineInfoRecords(r io.Reader, bo binary.ByteOrder, recordSize uint32, recordNum uint32, offsetInBytes bool) ([]bpfLineInfo, error) { var out []bpfLineInfo var li bpfLineInfo @@ -675,13 +679,15 @@ func parseLineInfoRecords(r io.Reader, bo binary.ByteOrder, recordSize uint32, r return nil, fmt.Errorf("can't read line info: %v", err) } - if li.InsnOff%asm.InstructionSize != 0 { - return nil, fmt.Errorf("offset %v is not aligned with instruction size", li.InsnOff) - } + if offsetInBytes { + if li.InsnOff%asm.InstructionSize != 0 { + return nil, fmt.Errorf("offset %v is not aligned with instruction size", li.InsnOff) + } - // ELF tracks offset in bytes, the kernel expects raw BPF instructions. - // Convert as early as possible. - li.InsnOff /= asm.InstructionSize + // ELF tracks offset in bytes, the kernel expects raw BPF instructions. + // Convert as early as possible. + li.InsnOff /= asm.InstructionSize + } out = append(out, li) } diff --git a/vendor/github.com/cilium/ebpf/btf/format.go b/vendor/github.com/cilium/ebpf/btf/format.go index acb489cd0c8..5e581b4a851 100644 --- a/vendor/github.com/cilium/ebpf/btf/format.go +++ b/vendor/github.com/cilium/ebpf/btf/format.go @@ -118,7 +118,7 @@ func (gf *GoFormatter) writeType(typ Type, depth int) error { // uint32 func (gf *GoFormatter) writeTypeLit(typ Type, depth int) error { depth++ - if depth > maxTypeDepth { + if depth > maxResolveDepth { return errNestedTooDeep } @@ -265,7 +265,7 @@ func (gf *GoFormatter) writeStructField(m Member, depth int) error { } depth++ - if depth > maxTypeDepth { + if depth > maxResolveDepth { return errNestedTooDeep } @@ -338,7 +338,7 @@ func (gf *GoFormatter) writePadding(bytes uint32) { func skipQualifiers(typ Type) Type { result := typ - for depth := 0; depth <= maxTypeDepth; depth++ { + for depth := 0; depth <= maxResolveDepth; depth++ { switch v := (result).(type) { case qualifier: result = v.qualify() diff --git a/vendor/github.com/cilium/ebpf/btf/types.go b/vendor/github.com/cilium/ebpf/btf/types.go index 5aedd72d8c3..8fe329aa4e4 100644 --- a/vendor/github.com/cilium/ebpf/btf/types.go +++ b/vendor/github.com/cilium/ebpf/btf/types.go @@ -5,7 +5,6 @@ import ( "fmt" "io" "math" - "reflect" "strings" "github.com/cilium/ebpf/asm" @@ -13,7 +12,9 @@ import ( "github.com/cilium/ebpf/internal/sys" ) -const maxTypeDepth = 32 +// Mirrors MAX_RESOLVE_DEPTH in libbpf. +// https://github.com/libbpf/libbpf/blob/e26b84dc330c9644c07428c271ab491b0f01f4e1/src/btf.c#L761 +const maxResolveDepth = 32 // TypeID identifies a type in a BTF section. type TypeID = sys.TypeID @@ -590,7 +591,7 @@ func Sizeof(typ Type) (int, error) { elem int64 ) - for i := 0; i < maxTypeDepth; i++ { + for i := 0; i < maxResolveDepth; i++ { switch v := typ.(type) { case *Array: if n > 0 && int64(v.Nelems) > math.MaxInt64/n { @@ -758,11 +759,11 @@ func inflateRawTypes(rawTypes []rawType, rawStrings *stringTable, base *Spec) ([ } var fixups []fixupDef - fixup := func(id TypeID, typ *Type) bool { + fixup := func(id TypeID, typ *Type) { if id < firstTypeID { if baseType, err := base.TypeByID(id); err == nil { *typ = baseType - return true + return } } @@ -770,31 +771,10 @@ func inflateRawTypes(rawTypes []rawType, rawStrings *stringTable, base *Spec) ([ if idx < len(types) { // We've already inflated this type, fix it up immediately. *typ = types[idx] - return true + return } fixups = append(fixups, fixupDef{id, typ}) - return false - } - - type assertion struct { - id TypeID - typ *Type - want reflect.Type - } - - var assertions []assertion - fixupAndAssert := func(id TypeID, typ *Type, want reflect.Type) error { - if !fixup(id, typ) { - assertions = append(assertions, assertion{id, typ, want}) - return nil - } - - // The type has already been fixed up, check the type immediately. - if reflect.TypeOf(*typ) != want { - return fmt.Errorf("type ID %d: expected %s, got %T", id, want, *typ) - } - return nil } type bitfieldFixupDef struct { @@ -955,9 +935,7 @@ func inflateRawTypes(rawTypes []rawType, rawStrings *stringTable, base *Spec) ([ case kindFunc: fn := &Func{name, nil, raw.Linkage()} - if err := fixupAndAssert(raw.Type(), &fn.Type, reflect.TypeOf((*FuncProto)(nil))); err != nil { - return nil, err - } + fixup(raw.Type(), &fn.Type) typ = fn case kindFuncProto: @@ -1066,12 +1044,6 @@ func inflateRawTypes(rawTypes []rawType, rawStrings *stringTable, base *Spec) ([ } } - for _, assertion := range assertions { - if reflect.TypeOf(*assertion.typ) != assertion.want { - return nil, fmt.Errorf("type ID %d: expected %s, got %T", assertion.id, assertion.want, *assertion.typ) - } - } - for _, dt := range declTags { switch t := dt.Type.(type) { case *Var, *Typedef: @@ -1085,7 +1057,12 @@ func inflateRawTypes(rawTypes []rawType, rawStrings *stringTable, base *Spec) ([ } case *Func: - if dt.Index >= len(t.Type.(*FuncProto).Params) { + fp, ok := t.Type.(*FuncProto) + if !ok { + return nil, fmt.Errorf("type %s: %s is not a FuncProto", dt, t.Type) + } + + if dt.Index >= len(fp.Params) { return nil, fmt.Errorf("type %s: index %d exceeds params of %s", dt, dt.Index, t) } @@ -1121,7 +1098,7 @@ func newEssentialName(name string) essentialName { // UnderlyingType skips qualifiers and Typedefs. func UnderlyingType(typ Type) Type { result := typ - for depth := 0; depth <= maxTypeDepth; depth++ { + for depth := 0; depth <= maxResolveDepth; depth++ { switch v := (result).(type) { case qualifier: result = v.qualify() @@ -1140,7 +1117,7 @@ func UnderlyingType(typ Type) Type { // Returns the zero value and false if there is no T or if the type is nested // too deeply. func as[T Type](typ Type) (T, bool) { - for depth := 0; depth <= maxTypeDepth; depth++ { + for depth := 0; depth <= maxResolveDepth; depth++ { switch v := (typ).(type) { case T: return v, true diff --git a/vendor/github.com/cilium/ebpf/internal/vdso.go b/vendor/github.com/cilium/ebpf/internal/vdso.go index 10e639bf06e..c444a41c4b1 100644 --- a/vendor/github.com/cilium/ebpf/internal/vdso.go +++ b/vendor/github.com/cilium/ebpf/internal/vdso.go @@ -8,6 +8,7 @@ import ( "io" "math" "os" + "unsafe" "github.com/cilium/ebpf/internal/unix" ) @@ -19,6 +20,8 @@ var ( // vdsoVersion returns the LINUX_VERSION_CODE embedded in the vDSO library // linked into the current process image. func vdsoVersion() (uint32, error) { + const uintptrIs32bits = unsafe.Sizeof((uintptr)(0)) == 4 + // Read data from the auxiliary vector, which is normally passed directly // to the process. Go does not expose that data, so we must read it from procfs. // https://man7.org/linux/man-pages/man3/getauxval.3.html @@ -31,7 +34,7 @@ func vdsoVersion() (uint32, error) { } defer av.Close() - vdsoAddr, err := vdsoMemoryAddress(av) + vdsoAddr, err := vdsoMemoryAddress(av, NativeEndian, uintptrIs32bits) if err != nil { return 0, fmt.Errorf("finding vDSO memory address: %w", err) } @@ -52,9 +55,34 @@ func vdsoVersion() (uint32, error) { return c, nil } +type auxvPair32 struct { + Tag, Value uint32 +} + +type auxvPair64 struct { + Tag, Value uint64 +} + +func readAuxvPair(r io.Reader, order binary.ByteOrder, uintptrIs32bits bool) (tag, value uint64, _ error) { + if uintptrIs32bits { + var aux auxvPair32 + if err := binary.Read(r, order, &aux); err != nil { + return 0, 0, fmt.Errorf("reading auxv entry: %w", err) + } + return uint64(aux.Tag), uint64(aux.Value), nil + } + + var aux auxvPair64 + if err := binary.Read(r, order, &aux); err != nil { + return 0, 0, fmt.Errorf("reading auxv entry: %w", err) + } + return aux.Tag, aux.Value, nil +} + // vdsoMemoryAddress returns the memory address of the vDSO library // linked into the current process image. r is an io.Reader into an auxv blob. -func vdsoMemoryAddress(r io.Reader) (uint64, error) { +func vdsoMemoryAddress(r io.Reader, order binary.ByteOrder, uintptrIs32bits bool) (uintptr, error) { + // See https://elixir.bootlin.com/linux/v6.5.5/source/include/uapi/linux/auxvec.h const ( _AT_NULL = 0 // End of vector _AT_SYSINFO_EHDR = 33 // Offset to vDSO blob in process image @@ -62,16 +90,16 @@ func vdsoMemoryAddress(r io.Reader) (uint64, error) { // Loop through all tag/value pairs in auxv until we find `AT_SYSINFO_EHDR`, // the address of a page containing the virtual Dynamic Shared Object (vDSO). - aux := struct{ Tag, Val uint64 }{} for { - if err := binary.Read(r, NativeEndian, &aux); err != nil { - return 0, fmt.Errorf("reading auxv entry: %w", err) + tag, value, err := readAuxvPair(r, order, uintptrIs32bits) + if err != nil { + return 0, err } - switch aux.Tag { + switch tag { case _AT_SYSINFO_EHDR: - if aux.Val != 0 { - return aux.Val, nil + if value != 0 { + return uintptr(value), nil } return 0, fmt.Errorf("invalid vDSO address in auxv") // _AT_NULL is always the last tag/val pair in the aux vector diff --git a/vendor/modules.txt b/vendor/modules.txt index f17ebc5d5a0..5f597f7a567 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -2,7 +2,7 @@ ## explicit; go 1.16 github.com/checkpoint-restore/go-criu/v6 github.com/checkpoint-restore/go-criu/v6/rpc -# github.com/cilium/ebpf v0.12.0 +# github.com/cilium/ebpf v0.12.1 ## explicit; go 1.20 github.com/cilium/ebpf github.com/cilium/ebpf/asm From 9cd5d6cddf53d75cd8c3cd7d2e7d81e8de93c3b1 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 20 Oct 2023 09:54:55 -0700 Subject: [PATCH 0416/1176] libct/cg: remove retry on EINTR in Commit f34eb2c00 introduced a workaround to retry on EINTR due to changes in Go 1.14. It was fixed in Go 1.15 [1], meaning a custom retry loop is no longer necessary. Keep the test case to avoid future regressions. [1] https://github.com/golang/go/issues/38033 Signed-off-by: Kir Kolyshkin --- libcontainer/cgroups/file.go | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) diff --git a/libcontainer/cgroups/file.go b/libcontainer/cgroups/file.go index 048a0ca4bef..1a463b4a781 100644 --- a/libcontainer/cgroups/file.go +++ b/libcontainer/cgroups/file.go @@ -49,24 +49,13 @@ func WriteFile(dir, file, data string) error { return err } defer fd.Close() - if err := retryingWriteFile(fd, data); err != nil { + if _, err := fd.WriteString(data); err != nil { // Having data in the error message helps in debugging. return fmt.Errorf("failed to write %q: %w", data, err) } return nil } -func retryingWriteFile(fd *os.File, data string) error { - for { - _, err := fd.Write([]byte(data)) - if errors.Is(err, unix.EINTR) { - logrus.Infof("interrupted while writing %s to %s", data, fd.Name()) - continue - } - return err - } -} - const ( cgroupfsDir = "/sys/fs/cgroup" cgroupfsPrefix = cgroupfsDir + "/" From d60d17a6ec7bdc07572b44bb05e9b63ca1eca1db Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Oct 2023 04:08:30 +0000 Subject: [PATCH 0417/1176] build(deps): bump github.com/cilium/ebpf from 0.12.1 to 0.12.2 Bumps [github.com/cilium/ebpf](https://github.com/cilium/ebpf) from 0.12.1 to 0.12.2. - [Release notes](https://github.com/cilium/ebpf/releases) - [Commits](https://github.com/cilium/ebpf/compare/v0.12.1...v0.12.2) --- updated-dependencies: - dependency-name: github.com/cilium/ebpf dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- .../cilium/ebpf/internal/sysenc/marshal.go | 17 ++++++++++++++++- vendor/github.com/cilium/ebpf/map.go | 6 +----- vendor/github.com/cilium/ebpf/types.go | 2 +- vendor/github.com/cilium/ebpf/types_string.go | 2 +- vendor/modules.txt | 2 +- 7 files changed, 23 insertions(+), 12 deletions(-) diff --git a/go.mod b/go.mod index 47f282633f8..ca73baf787e 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.20 require ( github.com/checkpoint-restore/go-criu/v6 v6.3.0 - github.com/cilium/ebpf v0.12.1 + github.com/cilium/ebpf v0.12.2 github.com/containerd/console v1.0.3 github.com/coreos/go-systemd/v22 v22.5.0 github.com/cyphar/filepath-securejoin v0.2.4 diff --git a/go.sum b/go.sum index 4d23ee67114..5a7d5b70f5a 100644 --- a/go.sum +++ b/go.sum @@ -1,8 +1,8 @@ github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/checkpoint-restore/go-criu/v6 v6.3.0 h1:mIdrSO2cPNWQY1truPg6uHLXyKHk3Z5Odx4wjKOASzA= github.com/checkpoint-restore/go-criu/v6 v6.3.0/go.mod h1:rrRTN/uSwY2X+BPRl/gkulo9gsKOSAeVp9/K2tv7xZI= -github.com/cilium/ebpf v0.12.1 h1:0zxmBZrItv5dgJrSVYHo36yVfJAacE7Sd1xPC3fMl4M= -github.com/cilium/ebpf v0.12.1/go.mod h1:u9H29/Iq+8cy70YqI6p5pfADkFl3vdnV2qXDg5JL0Zo= +github.com/cilium/ebpf v0.12.2 h1:cP3qL4kkl19kr/F+hKqUo9F9pPMVz1oms8C7Qj0AwWk= +github.com/cilium/ebpf v0.12.2/go.mod h1:u9H29/Iq+8cy70YqI6p5pfADkFl3vdnV2qXDg5JL0Zo= github.com/containerd/console v1.0.3 h1:lIr7SlA5PxZyMV30bDW0MGbiOPXwc63yRuCP0ARubLw= github.com/containerd/console v1.0.3/go.mod h1:7LqA/THxQ86k76b8c/EMSiaJ3h1eZkMkXar0TQ1gf3U= github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs= diff --git a/vendor/github.com/cilium/ebpf/internal/sysenc/marshal.go b/vendor/github.com/cilium/ebpf/internal/sysenc/marshal.go index 235a1df2640..52339456aaf 100644 --- a/vendor/github.com/cilium/ebpf/internal/sysenc/marshal.go +++ b/vendor/github.com/cilium/ebpf/internal/sysenc/marshal.go @@ -11,6 +11,8 @@ import ( "unsafe" "github.com/cilium/ebpf/internal" + + "golang.org/x/exp/slices" ) // Marshal turns data into a byte slice using the system's native endianness. @@ -88,6 +90,11 @@ func Unmarshal(data interface{}, buf []byte) error { *value = string(buf) return nil + case *[]byte: + // Backwards compat: unmarshaling into a slice replaces the whole slice. + *value = slices.Clone(buf) + return nil + default: if dataBuf := unsafeBackingMemory(data); len(dataBuf) == len(buf) { copy(dataBuf, buf) @@ -99,7 +106,15 @@ func Unmarshal(data interface{}, buf []byte) error { rd.Reset(buf) - return binary.Read(rd, internal.NativeEndian, value) + if err := binary.Read(rd, internal.NativeEndian, value); err != nil { + return err + } + + if rd.Len() != 0 { + return fmt.Errorf("unmarshaling %T doesn't consume all data", data) + } + + return nil } } diff --git a/vendor/github.com/cilium/ebpf/map.go b/vendor/github.com/cilium/ebpf/map.go index be732a24fa6..7f6184850ba 100644 --- a/vendor/github.com/cilium/ebpf/map.go +++ b/vendor/github.com/cilium/ebpf/map.go @@ -1411,11 +1411,7 @@ func (mi *MapIterator) Next(keyOut, valueOut interface{}) bool { return false } - // The user can get access to nextKey since unmarshalBytes - // does not copy when unmarshaling into a []byte. - // Make a copy to prevent accidental corruption of - // iterator state. - copy(mi.curKey, nextKey) + mi.curKey = nextKey mi.count++ mi.err = mi.target.Lookup(nextKey, valueOut) diff --git a/vendor/github.com/cilium/ebpf/types.go b/vendor/github.com/cilium/ebpf/types.go index af36519994b..e9215519a2f 100644 --- a/vendor/github.com/cilium/ebpf/types.go +++ b/vendor/github.com/cilium/ebpf/types.go @@ -219,7 +219,7 @@ const ( type AttachFlags uint32 // PinType determines whether a map is pinned into a BPFFS. -type PinType int +type PinType uint32 // Valid pin types. // diff --git a/vendor/github.com/cilium/ebpf/types_string.go b/vendor/github.com/cilium/ebpf/types_string.go index 5679f225430..e20c37aa4e4 100644 --- a/vendor/github.com/cilium/ebpf/types_string.go +++ b/vendor/github.com/cilium/ebpf/types_string.go @@ -111,7 +111,7 @@ const _PinType_name = "PinNonePinByName" var _PinType_index = [...]uint8{0, 7, 16} func (i PinType) String() string { - if i < 0 || i >= PinType(len(_PinType_index)-1) { + if i >= PinType(len(_PinType_index)-1) { return "PinType(" + strconv.FormatInt(int64(i), 10) + ")" } return _PinType_name[_PinType_index[i]:_PinType_index[i+1]] diff --git a/vendor/modules.txt b/vendor/modules.txt index 5f597f7a567..2d660aa8a7b 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -2,7 +2,7 @@ ## explicit; go 1.16 github.com/checkpoint-restore/go-criu/v6 github.com/checkpoint-restore/go-criu/v6/rpc -# github.com/cilium/ebpf v0.12.1 +# github.com/cilium/ebpf v0.12.2 ## explicit; go 1.20 github.com/cilium/ebpf github.com/cilium/ebpf/asm From bbf8eff818fc03f45d96e30a86a0b3f40ec3335f Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 20 Oct 2023 12:47:28 -0700 Subject: [PATCH 0418/1176] tests/int: fix "runc run (hugetlb limits)" Recent commit 4a7d3ae5cd had a bug (extra period). Fixes: 4a7d3ae5cd Signed-off-by: Kir Kolyshkin --- tests/integration/cgroups.bats | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/integration/cgroups.bats b/tests/integration/cgroups.bats index 8daf7420d0f..790108ba0b4 100644 --- a/tests/integration/cgroups.bats +++ b/tests/integration/cgroups.bats @@ -243,7 +243,7 @@ convert_hugetlb_size() { [ "$status" -eq 0 ] lim="max" - [ -v CGROUP_V1 ] && lim=".limit_in_bytes" + [ -v CGROUP_V1 ] && lim="limit_in_bytes" optional=("") # Add rsvd, if available. From 5ea7c60f334e4a714ef7a3a5d952f03935d469d6 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 20 Oct 2023 12:33:20 -0700 Subject: [PATCH 0419/1176] tests/int: fix cgroup tests Commit e1584831b6835d did two modifications to check_cgroup_value(): 1. It now skips the test if the file is not found. 2. If the comparison failed, a second comparison, with value divided by 1000, is performed. These modifications were only needed for cpu.burst, but instead were done in a generic function used from many cgroup tests. As a result, we can no longer be sure about the test coverage (item 1) and the check being correct (item 2) anymore. In fact, part of "update cgroup cpu limits" test is currently skipped on CentOS 7 and 8 because of item 1. To fix: - replace item 1 with a new "cgroups_cpu_burst" argument for "requires", and move the test to a separate case; - replace item 2 with a local change in check_cpu_burst. Fixes: e1584831b6835d Signed-off-by: Kir Kolyshkin --- tests/integration/helpers.bash | 22 ++++++++++++++++------ tests/integration/update.bats | 23 +++++++++++++++++------ 2 files changed, 33 insertions(+), 12 deletions(-) diff --git a/tests/integration/helpers.bash b/tests/integration/helpers.bash index 7e6399a47b8..811f817ab44 100755 --- a/tests/integration/helpers.bash +++ b/tests/integration/helpers.bash @@ -260,16 +260,11 @@ function get_cgroup_value() { # Helper to check a if value in a cgroup file matches the expected one. function check_cgroup_value() { local current - local cgroup - cgroup="$(get_cgroup_path "$1")" - if [ ! -f "$cgroup/$1" ]; then - skip "$cgroup/$1 does not exist" - fi current="$(get_cgroup_value "$1")" local expected=$2 echo "current $current !? $expected" - [ "$current" = "$expected" ] || [ "$current" = "$((expected / 1000))" ] + [ "$current" = "$expected" ] } # Helper to check a value in systemd. @@ -318,6 +313,7 @@ function check_cpu_quota() { function check_cpu_burst() { local burst=$1 if [ -v CGROUP_V2 ]; then + burst=$((burst / 1000)) check_cgroup_value "cpu.max.burst" "$burst" else check_cgroup_value "cpu.cfs_burst_us" "$burst" @@ -438,6 +434,20 @@ function requires() { skip_me=1 fi ;; + cgroups_cpu_burst) + local p f + init_cgroup_paths + if [ -v CGROUP_V1 ]; then + p="$CGROUP_CPU_BASE_PATH" + f="cpu.cfs_burst_us" + elif [ -v CGROUP_V2 ]; then + p="$CGROUP_BASE_PATH" + f="cpu.max.burst" + fi + if [ -z "$(find "$p" -name "$f" -print -quit)" ]; then + skip_me=1 + fi + ;; cgroupns) if [ ! -e "/proc/self/ns/cgroup" ]; then skip_me=1 diff --git a/tests/integration/update.bats b/tests/integration/update.bats index 616fe809b9c..5a3dc7f0563 100644 --- a/tests/integration/update.bats +++ b/tests/integration/update.bats @@ -288,12 +288,6 @@ EOF runc update test_update --cpu-share 200 [ "$status" -eq 0 ] check_cpu_shares 200 - runc update test_update --cpu-period 900000 --cpu-burst 500000 - [ "$status" -eq 0 ] - check_cpu_burst 500000 - runc update test_update --cpu-period 900000 --cpu-burst 0 - [ "$status" -eq 0 ] - check_cpu_burst 0 # Revert to the test initial value via json on stding runc update -r - test_update < Date: Fri, 20 Oct 2023 16:17:46 -0700 Subject: [PATCH 0420/1176] libct/cg/fs.Set: fix error message There is no point in showing the underlying error when path == "", because it is ENOENT. Revert the change done in commit e1584831b6835d. Fixes: e1584831b6835d3e8b9a239cb10503bcf6b9b9e8 Signed-off-by: Kir Kolyshkin --- libcontainer/cgroups/fs/fs.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libcontainer/cgroups/fs/fs.go b/libcontainer/cgroups/fs/fs.go index e2c425d0cd0..d2decb127ca 100644 --- a/libcontainer/cgroups/fs/fs.go +++ b/libcontainer/cgroups/fs/fs.go @@ -191,7 +191,7 @@ func (m *Manager) Set(r *configs.Resources) error { if path == "" { // We never created a path for this cgroup, so we cannot set // limits for it (though we have already tried at this point). - return fmt.Errorf("cannot set %s limit: container could not join or create cgroup, and the error is %w", sys.Name(), err) + return fmt.Errorf("cannot set %s limit: container could not join or create cgroup", sys.Name()) } return err } From 153865d0fed0d53304543702624b4e8b64895e88 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 8 Aug 2023 17:39:44 -0700 Subject: [PATCH 0421/1176] tests/int: fix teardown in mounts_sshfs.bats Function teardown assumes that every test case will call setup_sshfs. Currently, this assumption is true, but once a test case that won't call setup_sshfs is added (say because it has some extra "requires" or "skip"), it will break bats, so any bats invocation involving such a test case will end up hanging after the last test case is run. The reason is, we have set -u in helpers.bash to help catching the use of undefined variables. In the above scenario, such a variable is DIR, which is referenced in teardown but is only defined after a call to setup_sshfs. As a result, bash that is running the teardown function will exit upon seeing the first $DIR, and thus teardown_bundle won't be run. This, in turn, results in a stale recvtty process, which inherits bats' fd 3. Until that fd is closed, bats waits for test logs. Long story short, the fix is to - check if DIR is set before referencing it; - unset it after unmount. PS it is still not clear why there is no diagnostics about the failed teardown. Signed-off-by: Kir Kolyshkin Signed-off-by: Aleksa Sarai --- tests/integration/mounts_sshfs.bats | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/tests/integration/mounts_sshfs.bats b/tests/integration/mounts_sshfs.bats index 540403e4051..ce5e2b2e7e1 100644 --- a/tests/integration/mounts_sshfs.bats +++ b/tests/integration/mounts_sshfs.bats @@ -8,9 +8,12 @@ function setup() { } function teardown() { - # Some distros do not have fusermount installed - # as a dependency of fuse-sshfs, and good ol' umount works. - fusermount -u "$DIR" || umount "$DIR" + if [ -v DIR ]; then + # Some distros do not have fusermount installed + # as a dependency of fuse-sshfs, and good ol' umount works. + fusermount -u "$DIR" || umount "$DIR" + unset DIR + fi teardown_bundle } From 7c71a22705473da97b9c426bfd4be94bedf6aac7 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Sun, 6 Aug 2023 13:21:05 +1000 Subject: [PATCH 0422/1176] rootfs: remove --no-mount-fallback and finally fix MS_REMOUNT The original reasoning for this option was to avoid having mount options be overwritten by runc. However, adding command-line arguments has historically been a bad idea because it forces strict-runc-compatible OCI runtimes to copy out-of-spec features directly from runc and these flags are usually quite difficult to enable by users when using runc through several layers of engines and orchestrators. A far more preferable solution is to have a heuristic which detects whether copying the original mount's mount options would override an explicit mount option specified by the user. In this case, we should return an error. You only end up in this path in the userns case, if you have a bind-mount source with locked flags. During the course of writing this patch, I discovered that several aspects of our handling of flags for bind-mounts left much to be desired. We have completely botched the handling of explicitly cleared flags since commit 97f5ee4e6acd ("Only remount if requested flags differ from current"), with our behaviour only becoming increasingly more weird with 50105de1d87e ("Fix failure with rw bind mount of a ro fuse") and da780e4d2754 ("Fix bind mounts of filesystems with certain options set"). In short, we would only clear flags explicitly request by the user purely by chance, in ways that it really should've been reported to us by now. The most egregious is that mounts explicitly marked "rw" were actually mounted "ro" if the bind-mount source was "ro" and no other special flags were included. In addition, our handling of atime was completely broken -- mostly due to how subtle the semantics of atime are on Linux. Unfortunately, while the runtime-spec requires us to implement mount(8)'s behaviour, several aspects of the util-linux mount(8)'s behaviour are broken and thus copying them makes little sense. Since the runtime-spec behaviour for this case (should mount options for a "bind" mount use the "mount --bind -o ..." or "mount --bind -o remount,..." semantics? Is the fallback code we have for userns actually spec-compliant?) and the mount(8) behaviour (see [1]) are not well-defined, this commit simply fixes the most obvious aspects of the behaviour that are broken while keeping the current spirit of the implementation. NOTE: The handling of atime in the base case is left for a future PR to deal with. This means that the atime of the source mount will be silently left alone unless the fallback path needs to be taken, and any flags not explicitly set will be cleared in the base case. Whether we should always be operating as "mount --bind -o remount,..." (where we default to the original mount source flags) is a topic for a separate PR and (probably) associated runtime-spec PR. So, to resolve this: * We store which flags were explicitly requested to be cleared by the user, so that we can detect whether the userns fallback path would end up setting a flag the user explicitly wished to clear. If so, we return an error because we couldn't fulfil the configuration settings. * Revert 97f5ee4e6acd ("Only remount if requested flags differ from current"), as missing flags do not mean we can skip MS_REMOUNT (in fact, missing flags are how you indicate a flag needs to be cleared with mount(2)). The original purpose of the patch was to fix the userns issue, but as mentioned above the correct mechanism is to do a fallback mount that copies the lockable flags from statfs(2). * Improve handling of atime in the fallback case by: - Correctly handling the returned flags in statfs(2). - Implement the MNT_LOCK_ATIME checks in our code to ensure we produce errors rather than silently producing incorrect atime mounts. * Improve the tests so we correctly detect all of these contingencies, including a general "bind-mount atime handling" test to ensure that the behaviour described here is accurate. This change also inlines the remount() function -- it was only ever used for the bind-mount remount case, and its behaviour is very bind-mount specific. [1]: https://github.com/util-linux/util-linux/issues/2433 Reverts: 97f5ee4e6acd ("Only remount if requested flags differ from current") Fixes: 50105de1d87e ("Fix failure with rw bind mount of a ro fuse") Fixes: da780e4d2754 ("Fix bind mounts of filesystems with certain options set") Signed-off-by: Aleksa Sarai --- contrib/completions/bash/runc | 3 - create.go | 4 - libcontainer/configs/config.go | 4 - libcontainer/configs/mount_linux.go | 4 + libcontainer/rootfs_linux.go | 174 ++++++++--- libcontainer/specconv/spec_linux.go | 7 +- restore.go | 4 - run.go | 4 - tests/integration/mounts_sshfs.bats | 466 ++++++++++++++++++++++++---- utils_linux.go | 1 - 10 files changed, 542 insertions(+), 129 deletions(-) diff --git a/contrib/completions/bash/runc b/contrib/completions/bash/runc index 782234e86d4..353c8ffdbbd 100644 --- a/contrib/completions/bash/runc +++ b/contrib/completions/bash/runc @@ -461,7 +461,6 @@ _runc_run() { --no-subreaper --no-pivot --no-new-keyring - --no-mount-fallback " local options_with_args=" @@ -568,7 +567,6 @@ _runc_create() { --help --no-pivot --no-new-keyring - --no-mount-fallback " local options_with_args=" @@ -629,7 +627,6 @@ _runc_restore() { --no-pivot --auto-dedup --lazy-pages - --no-mount-fallback " local options_with_args=" diff --git a/create.go b/create.go index 3788a532fce..97854b846cb 100644 --- a/create.go +++ b/create.go @@ -51,10 +51,6 @@ command(s) that get executed on start, edit the args parameter of the spec. See Name: "preserve-fds", Usage: "Pass N additional file descriptors to the container (stdio + $LISTEN_FDS + N in total)", }, - cli.BoolFlag{ - Name: "no-mount-fallback", - Usage: "Do not fallback when the specific configuration is not applicable (e.g., do not try to remount a bind mount again after the first attempt failed on source filesystems that have nodev, noexec, nosuid, noatime, relatime, strictatime, nodiratime set)", - }, }, Action: func(context *cli.Context) error { if err := checkArgs(context, 1, exactArgs); err != nil { diff --git a/libcontainer/configs/config.go b/libcontainer/configs/config.go index 1ece49c3732..68d2f8f2678 100644 --- a/libcontainer/configs/config.go +++ b/libcontainer/configs/config.go @@ -214,10 +214,6 @@ type Config struct { // When RootlessCgroups is set, cgroups errors are ignored. RootlessCgroups bool `json:"rootless_cgroups,omitempty"` - // Do not try to remount a bind mount again after the first attempt failed on source - // filesystems that have nodev, noexec, nosuid, noatime, relatime, strictatime, nodiratime set - NoMountFallback bool `json:"no_mount_fallback,omitempty"` - // TimeOffsets specifies the offset for supporting time namespaces. TimeOffsets map[string]specs.LinuxTimeOffset `json:"time_offsets,omitempty"` diff --git a/libcontainer/configs/mount_linux.go b/libcontainer/configs/mount_linux.go index 6d4106de0c6..3f489295d97 100644 --- a/libcontainer/configs/mount_linux.go +++ b/libcontainer/configs/mount_linux.go @@ -15,6 +15,10 @@ type Mount struct { // Mount flags. Flags int `json:"flags"` + // Mount flags that were explicitly cleared in the configuration (meaning + // the user explicitly requested that these flags *not* be set). + ClearedFlags int `json:"cleared_flags"` + // Propagation Flags PropagationFlags []int `json:"propagation_flags"` diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index eafd6c82d05..a2e41ea5638 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -34,7 +34,6 @@ type mountConfig struct { cgroup2Path string rootlessCgroups bool cgroupns bool - noMountFallback bool } // mountEntry contains mount data specific to a mount point. @@ -83,7 +82,6 @@ func prepareRootfs(pipe *syncSocket, iConfig *initConfig, mountFds mountFds) (er cgroup2Path: iConfig.Cgroup2Path, rootlessCgroups: iConfig.RootlessCgroups, cgroupns: config.Namespaces.Contains(configs.NEWCGROUP), - noMountFallback: config.NoMountFallback, } for i, m := range config.Mounts { entry := mountEntry{Mount: m} @@ -409,6 +407,51 @@ func doTmpfsCopyUp(m mountEntry, rootfs, mountLabel string) (Err error) { }) } +const ( + // The atime "enum" flags (which are mutually exclusive). + mntAtimeEnumFlags = unix.MS_NOATIME | unix.MS_RELATIME | unix.MS_STRICTATIME + // All atime-related flags. + mntAtimeFlags = mntAtimeEnumFlags | unix.MS_NODIRATIME + // Flags which can be locked when inheriting mounts in a different userns. + // In the kernel, these are the mounts that are locked using MNT_LOCK_*. + mntLockFlags = unix.MS_RDONLY | unix.MS_NODEV | unix.MS_NOEXEC | + unix.MS_NOSUID | mntAtimeFlags +) + +func statfsToMountFlags(st unix.Statfs_t) int { + // From . + const ST_NOSYMFOLLOW = 0x2000 //nolint:revive + + var flags int + for _, f := range []struct { + st, ms int + }{ + // See calculate_f_flags() in fs/statfs.c. + {unix.ST_RDONLY, unix.MS_RDONLY}, + {unix.ST_NOSUID, unix.MS_NOSUID}, + {unix.ST_NODEV, unix.MS_NODEV}, + {unix.ST_NOEXEC, unix.MS_NOEXEC}, + {unix.ST_MANDLOCK, unix.MS_MANDLOCK}, + {unix.ST_SYNCHRONOUS, unix.MS_SYNCHRONOUS}, + {unix.ST_NOATIME, unix.MS_NOATIME}, + {unix.ST_NODIRATIME, unix.MS_NODIRATIME}, + {unix.ST_RELATIME, unix.MS_RELATIME}, + {ST_NOSYMFOLLOW, unix.MS_NOSYMFOLLOW}, + // There is no ST_STRICTATIME -- see below. + } { + if int(st.Flags)&f.st == f.st { + flags |= f.ms + } + } + // MS_STRICTATIME is a "fake" MS_* flag. It isn't stored in mnt->mnt_flags, + // and so it doesn't show up in statfs(2). If none of the other flags in + // atime enum are present, the mount is MS_STRICTATIME. + if flags&mntAtimeEnumFlags == 0 { + flags |= unix.MS_STRICTATIME + } + return flags +} + func mountToRootfs(c *mountConfig, m mountEntry) error { rootfs := c.root @@ -509,11 +552,97 @@ func mountToRootfs(c *mountConfig, m mountEntry) error { return err } } - // bind mount won't change mount options, we need remount to make mount options effective. - // first check that we have non-default options required before attempting a remount - if m.Flags&^(unix.MS_REC|unix.MS_REMOUNT|unix.MS_BIND) != 0 { - // only remount if unique mount options are set - if err := remount(m, rootfs, c.noMountFallback); err != nil { + + // The initial MS_BIND won't change the mount options, we need to do a + // separate MS_BIND|MS_REMOUNT to apply the mount options. We skip + // doing this if the user has not specified any mount flags at all + // (including cleared flags) -- in which case we just keep the original + // mount flags. + // + // Note that the fact we check whether any clearing flags are set is in + // contrast to mount(8)'s current behaviour, but is what users probably + // expect. See . + if m.Flags & ^(unix.MS_BIND|unix.MS_REC|unix.MS_REMOUNT) != 0 || m.ClearedFlags != 0 { + if err := utils.WithProcfd(rootfs, m.Destination, func(dstFD string) error { + flags := m.Flags | unix.MS_BIND | unix.MS_REMOUNT + // The runtime-spec says we SHOULD map to the relevant mount(8) + // behaviour. However, it's not clear whether we want the + // "mount --bind -o ..." or "mount --bind -o remount,..." + // behaviour here -- both of which are somewhat broken[1]. + // + // So, if the user has passed "remount" as a mount option, we + // implement the "mount --bind -o remount" behaviour, otherwise + // we implement the spiritual intent of the "mount --bind -o" + // behaviour, which should match what users expect. Maybe + // mount(8) will eventually implement this behaviour too.. + // + // [1]: https://github.com/util-linux/util-linux/issues/2433 + + // Initially, we emulate "mount --bind -o ..." where we set + // only the requested flags (clearing any existing flags). The + // only difference from mount(8) is that we do this + // unconditionally, regardless of whether any set-me mount + // options have been requested. + // + // TODO: We are not doing any special handling of the atime + // flags here, which means that the mount will inherit the old + // atime flags if the user didn't explicitly request a + // different set of flags. This also has the mount(8) bug where + // "nodiratime,norelatime" will result in a + // "nodiratime,relatime" mount. + mountErr := mountViaFDs("", nil, m.Destination, dstFD, "", uintptr(flags), "") + if mountErr == nil { + return nil + } + + // If the mount failed, the mount may contain locked mount + // flags. In that case, we emulate "mount --bind -o + // remount,...", where we take the existing mount flags of the + // mount and apply the request flags (including clearing flags) + // on top. The main divergence we have from mount(8) here is + // that we handle atimes correctly to make sure we error out if + // we cannot fulfil the requested mount flags. + + var st unix.Statfs_t + if err := unix.Statfs(m.src(), &st); err != nil { + return &os.PathError{Op: "statfs", Path: m.src(), Err: err} + } + srcFlags := statfsToMountFlags(st) + // If the user explicitly request one of the locked flags *not* + // be set, we need to return an error to avoid producing mounts + // that don't match the user's request. + if srcFlags&m.ClearedFlags&mntLockFlags != 0 { + return mountErr + } + + // If an MS_*ATIME flag was requested, it must match the + // existing one. This handles two separate kernel bugs, and + // matches the logic of can_change_locked_flags() but without + // these bugs: + // + // * (2.6.30+) Since commit 613cbe3d4870 ("Don't set relatime + // when noatime is specified"), MS_RELATIME is ignored when + // MS_NOATIME is set. This means that us inheriting MS_NOATIME + // from a mount while requesting MS_RELATIME would *silently* + // produce an MS_NOATIME mount. + // + // * (2.6.30+) Since its introduction in commit d0adde574b84 + // ("Add a strictatime mount option"), MS_STRICTATIME has + // caused any passed MS_RELATIME and MS_NOATIME flags to be + // ignored which results in us *silently* producing + // MS_STRICTATIME mounts even if the user requested MS_RELATIME + // or MS_NOATIME. + if m.Flags&mntAtimeFlags != 0 && m.Flags&mntAtimeFlags != srcFlags&mntAtimeFlags { + return mountErr + } + + // Retry the mount with the existing lockable mount flags + // applied. + flags |= srcFlags & mntLockFlags + mountErr = mountViaFDs("", nil, m.Destination, dstFD, "", uintptr(flags), "") + logrus.Debugf("remount retry: srcFlags=0x%x flagsSet=0x%x flagsClr=0x%x: %v", srcFlags, m.Flags, m.ClearedFlags, mountErr) + return mountErr + }); err != nil { return err } } @@ -1103,37 +1232,6 @@ func writeSystemProperty(key, value string) error { return os.WriteFile(path.Join("/proc/sys", keyPath), []byte(value), 0o644) } -func remount(m mountEntry, rootfs string, noMountFallback bool) error { - return utils.WithProcfd(rootfs, m.Destination, func(dstFD string) error { - flags := uintptr(m.Flags | unix.MS_REMOUNT) - err := mountViaFDs("", nil, m.Destination, dstFD, m.Device, flags, "") - if err == nil { - return nil - } - // Check if the source has flags set according to noMountFallback - src := m.src() - var s unix.Statfs_t - if err := unix.Statfs(src, &s); err != nil { - return &os.PathError{Op: "statfs", Path: src, Err: err} - } - var checkflags int - if noMountFallback { - // Check for ro only - checkflags = unix.MS_RDONLY - } else { - // Check for ro, nodev, noexec, nosuid, noatime, relatime, strictatime, - // nodiratime - checkflags = unix.MS_RDONLY | unix.MS_NODEV | unix.MS_NOEXEC | unix.MS_NOSUID | unix.MS_NOATIME | unix.MS_RELATIME | unix.MS_STRICTATIME | unix.MS_NODIRATIME - } - if int(s.Flags)&checkflags == 0 { - return err - } - // ... and retry the mount with flags found above. - flags |= uintptr(int(s.Flags) & checkflags) - return mountViaFDs("", nil, m.Destination, dstFD, m.Device, flags, "") - }) -} - // Do the mount operation followed by additional mounts required to take care // of propagation flags. This will always be scoped inside the container rootfs. func mountPropagate(m mountEntry, rootfs string, mountLabel string) error { diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go index c5553832776..45d8313f627 100644 --- a/libcontainer/specconv/spec_linux.go +++ b/libcontainer/specconv/spec_linux.go @@ -313,7 +313,6 @@ type CreateOpts struct { Spec *specs.Spec RootlessEUID bool RootlessCgroups bool - NoMountFallback bool } // getwd is a wrapper similar to os.Getwd, except it always gets @@ -359,7 +358,6 @@ func CreateLibcontainerConfig(opts *CreateOpts) (*configs.Config, error) { NoNewKeyring: opts.NoNewKeyring, RootlessEUID: opts.RootlessEUID, RootlessCgroups: opts.RootlessCgroups, - NoMountFallback: opts.NoMountFallback, } for _, m := range spec.Mounts { @@ -977,10 +975,15 @@ func parseMountOptions(options []string) *configs.Mount { // or the flag is not supported on the platform, // then it is a data value for a specific fs type. if f, exists := mountFlags[o]; exists && f.flag != 0 { + // FIXME: The *atime flags are special (they are more of an enum + // with quite hairy semantics) and thus arguably setting some of + // them should clear unrelated flags. if f.clear { m.Flags &= ^f.flag + m.ClearedFlags |= f.flag } else { m.Flags |= f.flag + m.ClearedFlags &= ^f.flag } } else if f, exists := mountPropagationMapping[o]; exists && f != 0 { m.PropagationFlags = append(m.PropagationFlags, f) diff --git a/restore.go b/restore.go index de5b48d54c2..d65afcfc788 100644 --- a/restore.go +++ b/restore.go @@ -98,10 +98,6 @@ using the runc checkpoint command.`, Value: "", Usage: "Specify an LSM mount context to be used during restore.", }, - cli.BoolFlag{ - Name: "no-mount-fallback", - Usage: "Do not fallback when the specific configuration is not applicable (e.g., do not try to remount a bind mount again after the first attempt failed on source filesystems that have nodev, noexec, nosuid, noatime, relatime, strictatime, nodiratime set)", - }, }, Action: func(context *cli.Context) error { if err := checkArgs(context, 1, exactArgs); err != nil { diff --git a/run.go b/run.go index 8b4f4d1fb23..82781669d10 100644 --- a/run.go +++ b/run.go @@ -64,10 +64,6 @@ command(s) that get executed on start, edit the args parameter of the spec. See Name: "preserve-fds", Usage: "Pass N additional file descriptors to the container (stdio + $LISTEN_FDS + N in total)", }, - cli.BoolFlag{ - Name: "no-mount-fallback", - Usage: "Do not fallback when the specific configuration is not applicable (e.g., do not try to remount a bind mount again after the first attempt failed on source filesystems that have nodev, noexec, nosuid, noatime, relatime, strictatime, nodiratime set)", - }, }, Action: func(context *cli.Context) error { if err := checkArgs(context, 1, exactArgs); err != nil { diff --git a/tests/integration/mounts_sshfs.bats b/tests/integration/mounts_sshfs.bats index ce5e2b2e7e1..0bef01784f3 100644 --- a/tests/integration/mounts_sshfs.bats +++ b/tests/integration/mounts_sshfs.bats @@ -4,7 +4,6 @@ load helpers function setup() { setup_busybox - update_config '.process.args = ["/bin/echo", "Hello World"]' } function teardown() { @@ -18,96 +17,425 @@ function teardown() { teardown_bundle } +function sshfs_has_flag() { + if [ -v DIR ]; then + awk '$2 == "'"$DIR"'" { print $4 }' &2 + awk '$2 == "'"$DIR"'"' &2 } -@test "runc run [rw bind mount of a ro fuse sshfs mount]" { - setup_sshfs "ro" - update_config ' .mounts += [{ - type: "bind", - source: "'"$DIR"'", - destination: "/mnt", - options: ["rw", "rprivate", "nosuid", "nodev", "rbind"] - }]' +function setup_sshfs_bind_flags() { + host_flags="$1" # ro,nodev,nosuid + bind_flags="$2" # ro,nosuid,bind - runc run --no-mount-fallback test_busybox - [ "$status" -eq 0 ] -} + setup_sshfs "$host_flags" -@test "runc run [dev,exec,suid,atime bind mount of a nodev,nosuid,noexec,noatime fuse sshfs mount]" { - setup_sshfs "nodev,nosuid,noexec,noatime" - # The "sync" option is used to trigger a remount with the below options. - # It serves no further purpose. Otherwise only a bind mount without - # applying the below options will be done. - update_config ' .mounts += [{ - type: "bind", - source: "'"$DIR"'", - destination: "/mnt", - options: ["dev", "suid", "exec", "atime", "rprivate", "rbind", "sync"] - }]' + cat >"rootfs/find-tmp.awk" <<-'EOF' + #!/bin/awk -f + $2 == "/mnt" { print $4 } + EOF + chmod +x "rootfs/find-tmp.awk" - runc run test_busybox - [ "$status" -eq 0 ] + update_config '.process.args = ["sh", "-c", "/find-tmp.awk . +@test "runc run [mount(8)-unlike behaviour: --bind with clearing flag]" { + requires root + + pass_sshfs_bind_flags "ro,noexec,nosymfollow,nodiratime" "bind,dev" + # Unspecified flags must be cleared as well. + run ! grep -wq ro <<<"$mnt_flags" + run -0 grep -wq rw <<<"$mnt_flags" + run ! grep -wq noexec <<<"$mnt_flags" + run ! grep -wq nosymfollow <<<"$mnt_flags" + # FIXME FIXME: As with mount(8), trying to clear an atime flag the "naive" + # way will be ignored! + run -0 grep -wq nodiratime <<<"$mnt_flags" + + # Now try with a user namespace. + update_config ' .linux.namespaces += [{"type": "user"}] + | .linux.uidMappings += [{"hostID": 100000, "containerID": 0, "size": 65534}] + | .linux.gidMappings += [{"hostID": 100000, "containerID": 0, "size": 65534}] ' + + pass_sshfs_bind_flags "ro,noexec,nosymfollow,nodiratime" "bind,dev" + # Lockable flags must be kept, because we didn't request them explicitly. + run -0 grep -wq ro <<<"$mnt_flags" + run ! grep -wq rw <<<"$mnt_flags" + run -0 grep -wq noexec <<<"$mnt_flags" + run -0 grep -wq nodiratime <<<"$mnt_flags" + # nosymfollow is not lockable, so it must be cleared. + run ! grep -wq nosymfollow <<<"$mnt_flags" +} + +@test "runc run [implied-rw bind mount of a ro fuse sshfs mount]" { + requires root + + pass_sshfs_bind_flags "ro" "bind,nosuid,nodev,rprivate" + # Unspecified flags must be cleared (rw default). + run ! grep -wq ro <<<"$mnt_flags" + run -0 grep -wq rw <<<"$mnt_flags" + # The new flags must be applied. + run -0 grep -wq nosuid <<<"$mnt_flags" + run -0 grep -wq nodev <<<"$mnt_flags" + + # Now try with a user namespace. The results should be the same as above. + update_config ' .linux.namespaces += [{"type": "user"}] + | .linux.uidMappings += [{"hostID": 100000, "containerID": 0, "size": 65534}] + | .linux.gidMappings += [{"hostID": 100000, "containerID": 0, "size": 65534}] ' + + pass_sshfs_bind_flags "ro" "bind,nosuid,nodev,rprivate" + # "ro" must still be set (inherited). + run -0 grep -wq ro <<<"$mnt_flags" + # The new flags must be applied. + run -0 grep -wq nosuid <<<"$mnt_flags" + run -0 grep -wq nodev <<<"$mnt_flags" +} + +@test "runc run [explicit-rw bind mount of a ro fuse sshfs mount]" { + requires root + + # Try to overwrite MS_RDONLY. As we are running in a userns-less container, + # we can overwrite MNT_LOCKED flags. + pass_sshfs_bind_flags "ro" "bind,rw,nosuid,nodev,rprivate" + # "ro" must be cleared and replaced with "rw". + run ! grep -wq ro <<<"$mnt_flags" + run -0 grep -wq rw <<<"$mnt_flags" + # The new flags must be applied. + run -0 grep -wq nosuid <<<"$mnt_flags" + run -0 grep -wq nodev <<<"$mnt_flags" + + # Now try with a user namespace. + update_config ' .linux.namespaces += [{"type": "user"}] + | .linux.uidMappings += [{"hostID": 100000, "containerID": 0, "size": 65534}] + | .linux.gidMappings += [{"hostID": 100000, "containerID": 0, "size": 65534}] ' + + # This must fail because we explicitly requested a mount with a MNT_LOCKED + # mount option cleared (when the source mount has those mounts enabled), + # namely MS_RDONLY. + fail_sshfs_bind_flags "ro" "bind,rw,nosuid,nodev,rprivate" +} + +@test "runc run [dev,exec,suid,atime bind mount of a nodev,nosuid,noexec,noatime fuse sshfs mount]" { + requires root + + # When running without userns, overwriting host flags should work. + pass_sshfs_bind_flags "nosuid,nodev,noexec,noatime" "bind,dev,suid,exec,atime" + # Unspecified flags must be cleared (rw default). + run ! grep -wq ro <<<"$mnt_flags" + run -0 grep -wq rw <<<"$mnt_flags" + # Check that the flags were actually cleared by the mount. + run ! grep -wq nosuid <<<"$mnt_flags" + run ! grep -wq nodev <<<"$mnt_flags" + run ! grep -wq noexec <<<"$mnt_flags" + # FIXME FIXME: As with mount(8), trying to clear an atime flag the "naive" + # way will be ignored! + run -0 grep -wq noatime <<<"$mnt_flags" + + # Now try with a user namespace. + update_config ' .linux.namespaces += [{"type": "user"}] + | .linux.uidMappings += [{"hostID": 100000, "containerID": 0, "size": 65534}] + | .linux.gidMappings += [{"hostID": 100000, "containerID": 0, "size": 65534}] ' + + # This must fail because we explicitly requested a mount with MNT_LOCKED + # mount options cleared (when the source mount has those mounts enabled). + fail_sshfs_bind_flags "nodev,nosuid,nosuid,noatime" "bind,dev,suid,exec,atime" +} + +# Test to ensure we don't regress bind-mounting /etc/resolv.conf with +# containerd . +@test "runc run [ro bind mount of a nodev,nosuid,noexec fuse sshfs mount]" { + requires root + + # Setting flags that are not locked should work. + pass_sshfs_bind_flags "rw,nodev,nosuid,nodev,noexec,noatime" "bind,ro" + # The flagset should be the union of the two. + run -0 grep -wq ro <<<"$mnt_flags" + # Unspecified flags must be cleared. + run ! grep -wq nosuid <<<"$mnt_flags" + run ! grep -wq nodev <<<"$mnt_flags" + run ! grep -wq noexec <<<"$mnt_flags" + + # Now try with a user namespace. + update_config ' .linux.namespaces += [{"type": "user"}] + | .linux.uidMappings += [{"hostID": 100000, "containerID": 0, "size": 65534}] + | .linux.gidMappings += [{"hostID": 100000, "containerID": 0, "size": 65534}] ' + + # Setting flags that are not locked should work. + pass_sshfs_bind_flags "rw,nodev,nosuid,nodev,noexec,noatime" "bind,ro" + # The flagset should be the union of the two. + run -0 grep -wq ro <<<"$mnt_flags" + # (Unspecified MNT_LOCKED flags are inherited.) + run -0 grep -wq nosuid <<<"$mnt_flags" + run -0 grep -wq nodev <<<"$mnt_flags" + run -0 grep -wq noexec <<<"$mnt_flags" +} + +@test "runc run [ro,symfollow bind mount of a rw,nodev,nosymfollow fuse sshfs mount]" { + requires root + + pass_sshfs_bind_flags "rw,nodev,nosymfollow" "bind,ro,symfollow" + # Must switch to ro. + run -0 grep -wq ro <<<"$mnt_flags" + run ! grep -wq rw <<<"$mnt_flags" + # Unspecified flags must be cleared. + run ! grep -wq nodev <<<"$mnt_flags" + # nosymfollow must also be cleared. + run ! grep -wq nosymfollow <<<"$mnt_flags" + + # Now try with a user namespace. + update_config ' .linux.namespaces += [{"type": "user"}] + | .linux.uidMappings += [{"hostID": 100000, "containerID": 0, "size": 65534}] + | .linux.gidMappings += [{"hostID": 100000, "containerID": 0, "size": 65534}] ' + + # Unsetting flags that are not lockable should work. + pass_sshfs_bind_flags "rw,nodev,nosymfollow" "bind,ro,symfollow" + # The flagset should be the union of the two. + run -0 grep -wq ro <<<"$mnt_flags" + run -0 grep -wq nodev <<<"$mnt_flags" + # nosymfollow is not lockable, so it must be cleared. + run ! grep -wq nosymfollow <<<"$mnt_flags" + + # Implied unsetting of non-lockable flags should also work. + pass_sshfs_bind_flags "rw,nodev,nosymfollow" "bind,rw" + # The flagset should be the union of the two. + run -0 grep -wq rw <<<"$mnt_flags" + run -0 grep -wq nodev <<<"$mnt_flags" + # nosymfollow is not lockable, so it must be cleared. + run ! grep -wq nosymfollow <<<"$mnt_flags" +} + +@test "runc run [ro,noexec bind mount of a nosuid,noatime fuse sshfs mount]" { + requires root + + # Setting flags that are not locked should work. + pass_sshfs_bind_flags "nodev,nosuid,noatime" "bind,ro,exec" + # The flagset must match the requested set. + run -0 grep -wq ro <<<"$mnt_flags" + run ! grep -wq noexec <<<"$mnt_flags" + # Unspecified flags must be cleared. + run ! grep -wq nosuid <<<"$mnt_flags" + run ! grep -wq nodev <<<"$mnt_flags" + # FIXME: As with mount(8), runc keeps the old atime setting by default. + run -0 grep -wq noatime <<<"$mnt_flags" + + # Now try with a user namespace. + update_config ' .linux.namespaces += [{"type": "user"}] + | .linux.uidMappings += [{"hostID": 100000, "containerID": 0, "size": 65534}] + | .linux.gidMappings += [{"hostID": 100000, "containerID": 0, "size": 65534}] ' + + # Setting flags that are not locked should work. + pass_sshfs_bind_flags "nodev,nosuid,noatime" "bind,ro,exec" + # The flagset should be the union of the two. + run -0 grep -wq ro <<<"$mnt_flags" + run ! grep -wq noexec <<<"$mnt_flags" + # (Unspecified MNT_LOCKED flags are inherited.) + run -0 grep -wq nosuid <<<"$mnt_flags" + run -0 grep -wq nodev <<<"$mnt_flags" + run -0 grep -wq noatime <<<"$mnt_flags" +} + +@test "runc run [bind mount {no,rel,strict}atime semantics]" { + requires root + + function is_strictatime() { + # There is no "strictatime" in /proc/self/mounts. + run ! grep -wq noatime <<<"${1:-$mnt_flags}" + run ! grep -wq relatime <<<"${1:-$mnt_flags}" + run ! grep -wq nodiratime <<<"${1:-$mnt_flags}" + } + + # FIXME: As with mount(8), runc keeps the old atime setting by default. + pass_sshfs_bind_flags "noatime" "bind" + run -0 grep -wq noatime <<<"$mnt_flags" + run ! grep -wq relatime <<<"$mnt_flags" + + # FIXME: As with mount(8), runc keeps the old atime setting by default. + pass_sshfs_bind_flags "noatime" "bind,norelatime" + run -0 grep -wq noatime <<<"$mnt_flags" + run ! grep -wq relatime <<<"$mnt_flags" + + # FIXME FIXME: As with mount(8), trying to clear an atime flag the "naive" + # way will be ignored! + pass_sshfs_bind_flags "noatime" "bind,atime" + run -0 grep -wq noatime <<<"$mnt_flags" + run ! grep -wq relatime <<<"$mnt_flags" + + # ... but explicitly setting a different flag works. + pass_sshfs_bind_flags "noatime" "bind,relatime" + run ! grep -wq noatime <<<"$mnt_flags" + run -0 grep -wq relatime <<<"$mnt_flags" + + # Setting a flag that mount(8) would combine should result in only the + # requested flag being set. + pass_sshfs_bind_flags "noatime" "bind,nodiratime" + run ! grep -wq noatime <<<"$mnt_flags" + run -0 grep -wq nodiratime <<<"$mnt_flags" + # MS_DIRATIME implies MS_RELATIME by default. + run -0 grep -wq relatime <<<"$mnt_flags" + + # Clearing flags that mount(8) would not clear works. + pass_sshfs_bind_flags "nodiratime" "bind,strictatime" + is_strictatime "$mnt_flags" + + # nodiratime is a little weird -- it implies relatime unless you set + # another option (noatime or strictatime). But, runc also has norelatime -- + # so nodiratime,norelatime should _probably_ result in the same thing as + # nodiratime,strictatime. + pass_sshfs_bind_flags "noatime" "bind,nodiratime,strictatime" + run ! grep -wq noatime <<<"$mnt_flags" + run -0 grep -wq nodiratime <<<"$mnt_flags" + run ! grep -wq relatime <<<"$mnt_flags" + # FIXME FIXME: relatime should not be set in this case. + pass_sshfs_bind_flags "noatime" "bind,nodiratime,norelatime" + run ! grep -wq noatime <<<"$mnt_flags" + run -0 grep -wq nodiratime <<<"$mnt_flags" + run -0 grep -wq relatime <<<"$mnt_flags" + + # Now try with a user namespace. + update_config ' .linux.namespaces += [{"type": "user"}] + | .linux.uidMappings += [{"hostID": 100000, "containerID": 0, "size": 65534}] + | .linux.gidMappings += [{"hostID": 100000, "containerID": 0, "size": 65534}] ' + + # Requesting a mount without specifying any preference for atime works, and + # inherits the original flags. + + pass_sshfs_bind_flags "strictatime" "bind" + is_strictatime "$mnt_flags" + + pass_sshfs_bind_flags "relatime" "bind" + run -0 grep -wq relatime <<<"$mnt_flags" + + pass_sshfs_bind_flags "nodiratime" "bind" + run -0 grep -wq nodiratime <<<"$mnt_flags" + # MS_DIRATIME implies MS_RELATIME by default. + run -0 grep -wq relatime <<<"$mnt_flags" + + pass_sshfs_bind_flags "noatime,nodiratime" "bind" + run -0 grep -wq noatime <<<"$mnt_flags" + run -0 grep -wq nodiratime <<<"$mnt_flags" + + # An unrelated clear flag has no effect. + pass_sshfs_bind_flags "noatime,nodiratime" "bind,norelatime" + run -0 grep -wq noatime <<<"$mnt_flags" + run -0 grep -wq nodiratime <<<"$mnt_flags" + + # Attempting to change most *atime flags will fail with user namespaces + # because *atime flags are all MNT_LOCKED. + fail_sshfs_bind_flags "nodiratime" "bind,strictatime" + fail_sshfs_bind_flags "relatime" "bind,strictatime" + fail_sshfs_bind_flags "noatime" "bind,strictatime" + fail_sshfs_bind_flags "nodiratime" "bind,noatime" + fail_sshfs_bind_flags "relatime" "bind,noatime" + fail_sshfs_bind_flags "relatime" "bind,nodiratime" + # Make sure strictatime sources are correctly handled by runc (the kernel + # ignores some other mount flags when passing MS_STRICTATIME). See + # remount() in rootfs_linux.go for details. + fail_sshfs_bind_flags "strictatime" "bind,relatime" + fail_sshfs_bind_flags "strictatime" "bind,noatime" + fail_sshfs_bind_flags "strictatime" "bind,nodiratime" + # Make sure that runc correctly handles the MS_NOATIME|MS_RELATIME kernel + # bug. See remount() in rootfs_linux.go for more details. + fail_sshfs_bind_flags "noatime" "bind,relatime" + + # Attempting to bind-mount a mount with a request to clear the atime + # setting that would normally inherited must not work. + # FIXME FIXME: All of these cases should fail. + pass_sshfs_bind_flags "strictatime" "bind,nostrictatime" + is_strictatime "$mnt_flags" + pass_sshfs_bind_flags "nodiratime" "bind,diratime" + run -0 grep -wq nodiratime <<<"$mnt_flags" + pass_sshfs_bind_flags "nodiratime" "bind,norelatime" # MS_DIRATIME implies MS_RELATIME + run -0 grep -wq nodiratime <<<"$mnt_flags" + pass_sshfs_bind_flags "relatime" "bind,norelatime" + run -0 grep -wq relatime <<<"$mnt_flags" + pass_sshfs_bind_flags "noatime" "bind,atime" + run -0 grep -wq noatime <<<"$mnt_flags" + pass_sshfs_bind_flags "noatime,nodiratime" "bind,atime" + run -0 grep -wq noatime <<<"$mnt_flags" + run -0 grep -wq nodiratime <<<"$mnt_flags" } diff --git a/utils_linux.go b/utils_linux.go index b5c855cdbb9..b88e886ffa0 100644 --- a/utils_linux.go +++ b/utils_linux.go @@ -180,7 +180,6 @@ func createContainer(context *cli.Context, id string, spec *specs.Spec) (*libcon Spec: spec, RootlessEUID: os.Geteuid() != 0, RootlessCgroups: rootlessCg, - NoMountFallback: context.Bool("no-mount-fallback"), }) if err != nil { return nil, err From 104b8dc951ee88628f9fbf3222961bb2de8b0294 Mon Sep 17 00:00:00 2001 From: Heran Yang Date: Sat, 9 Sep 2023 15:40:39 +0800 Subject: [PATCH 0423/1176] libct/cg: add swapOnlyUsage in MemoryStats This field reports swap-only usage. For cgroupv1, `Usage` and `Failcnt` are set by subtracting memory usage from memory+swap usage. For cgroupv2, `Usage`, `Limit`, and `MaxUsage` are set. This commit also export `MaxUsage` of memory under cgroupv2 mode, using `memory.peak` introduced in kernel 5.19. Signed-off-by: Heran Yang --- CHANGELOG.md | 4 ++++ libcontainer/cgroups/fs/memory.go | 4 ++++ libcontainer/cgroups/fs/memory_test.go | 13 +++++++------ libcontainer/cgroups/fs2/memory.go | 18 ++++++++++++++++-- libcontainer/cgroups/fs2/memory_test.go | 16 ++++++++++++++++ libcontainer/cgroups/stats.go | 2 ++ 6 files changed, 49 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index adcf084d0b6..ffdc9ae2fb5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -31,6 +31,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 This aligns cgroupv2 root usage more closely with cgroupv1 reporting. Additionally, report root swap usage as sum of swap and memory usage, aligned with v1 and existing non-root v2 reporting. (#3933) + * Add `swapOnlyUsage` in `MemoryStats`. This field reports swap-only usage. + For cgroupv1, `Usage` and `Failcnt` are set by subtracting memory usage + from memory+swap usage. For cgroupv2, `Usage`, `Limit`, and `MaxUsage` + are set. (#4010) ### Fixed diff --git a/libcontainer/cgroups/fs/memory.go b/libcontainer/cgroups/fs/memory.go index a0e78074980..783566d68f0 100644 --- a/libcontainer/cgroups/fs/memory.go +++ b/libcontainer/cgroups/fs/memory.go @@ -170,6 +170,10 @@ func (s *MemoryGroup) GetStats(path string, stats *cgroups.Stats) error { return err } stats.MemoryStats.SwapUsage = swapUsage + stats.MemoryStats.SwapOnlyUsage = cgroups.MemoryData{ + Usage: swapUsage.Usage - memoryUsage.Usage, + Failcnt: swapUsage.Failcnt - memoryUsage.Failcnt, + } kernelUsage, err := getMemoryData(path, "kmem") if err != nil { return err diff --git a/libcontainer/cgroups/fs/memory_test.go b/libcontainer/cgroups/fs/memory_test.go index d305a62a393..95e9d3cbaa4 100644 --- a/libcontainer/cgroups/fs/memory_test.go +++ b/libcontainer/cgroups/fs/memory_test.go @@ -249,12 +249,13 @@ func TestMemoryStats(t *testing.T) { t.Fatal(err) } expectedStats := cgroups.MemoryStats{ - Cache: 512, - Usage: cgroups.MemoryData{Usage: 2048, MaxUsage: 4096, Failcnt: 100, Limit: 8192}, - SwapUsage: cgroups.MemoryData{Usage: 2048, MaxUsage: 4096, Failcnt: 100, Limit: 8192}, - KernelUsage: cgroups.MemoryData{Usage: 2048, MaxUsage: 4096, Failcnt: 100, Limit: 8192}, - Stats: map[string]uint64{"cache": 512, "rss": 1024}, - UseHierarchy: true, + Cache: 512, + Usage: cgroups.MemoryData{Usage: 2048, MaxUsage: 4096, Failcnt: 100, Limit: 8192}, + SwapUsage: cgroups.MemoryData{Usage: 2048, MaxUsage: 4096, Failcnt: 100, Limit: 8192}, + SwapOnlyUsage: cgroups.MemoryData{Usage: 0, MaxUsage: 0, Failcnt: 0, Limit: 0}, + KernelUsage: cgroups.MemoryData{Usage: 2048, MaxUsage: 4096, Failcnt: 100, Limit: 8192}, + Stats: map[string]uint64{"cache": 512, "rss": 1024}, + UseHierarchy: true, PageUsageByNUMA: cgroups.PageUsageByNUMA{ PageUsageByNUMAInner: cgroups.PageUsageByNUMAInner{ Total: cgroups.PageStats{Total: 44611, Nodes: map[uint8]uint64{0: 32631, 1: 7501, 2: 1982, 3: 2497}}, diff --git a/libcontainer/cgroups/fs2/memory.go b/libcontainer/cgroups/fs2/memory.go index 85e96b1ce98..29656597423 100644 --- a/libcontainer/cgroups/fs2/memory.go +++ b/libcontainer/cgroups/fs2/memory.go @@ -105,7 +105,7 @@ func statMemory(dirPath string, stats *cgroups.Stats) error { memoryUsage, err := getMemoryDataV2(dirPath, "") if err != nil { if errors.Is(err, unix.ENOENT) && dirPath == UnifiedMountpoint { - // The root cgroup does not have memory.{current,max} + // The root cgroup does not have memory.{current,max,peak} // so emulate those using data from /proc/meminfo and // /sys/fs/cgroup/memory.stat return rootStatsFromMeminfo(stats) @@ -113,10 +113,12 @@ func statMemory(dirPath string, stats *cgroups.Stats) error { return err } stats.MemoryStats.Usage = memoryUsage - swapUsage, err := getMemoryDataV2(dirPath, "swap") + swapOnlyUsage, err := getMemoryDataV2(dirPath, "swap") if err != nil { return err } + stats.MemoryStats.SwapOnlyUsage = swapOnlyUsage + swapUsage := swapOnlyUsage // As cgroup v1 reports SwapUsage values as mem+swap combined, // while in cgroup v2 swap values do not include memory, // report combined mem+swap for v1 compatibility. @@ -124,6 +126,9 @@ func statMemory(dirPath string, stats *cgroups.Stats) error { if swapUsage.Limit != math.MaxUint64 { swapUsage.Limit += memoryUsage.Limit } + // The `MaxUsage` of mem+swap cannot simply combine mem with + // swap. So set it to 0 for v1 compatibility. + swapUsage.MaxUsage = 0 stats.MemoryStats.SwapUsage = swapUsage return nil @@ -138,6 +143,7 @@ func getMemoryDataV2(path, name string) (cgroups.MemoryData, error) { } usage := moduleName + ".current" limit := moduleName + ".max" + maxUsage := moduleName + ".peak" value, err := fscommon.GetCgroupParamUint(path, usage) if err != nil { @@ -157,6 +163,14 @@ func getMemoryDataV2(path, name string) (cgroups.MemoryData, error) { } memoryData.Limit = value + // `memory.peak` since kernel 5.19 + // `memory.swap.peak` since kernel 6.5 + value, err = fscommon.GetCgroupParamUint(path, maxUsage) + if err != nil && !os.IsNotExist(err) { + return cgroups.MemoryData{}, err + } + memoryData.MaxUsage = value + return memoryData, nil } diff --git a/libcontainer/cgroups/fs2/memory_test.go b/libcontainer/cgroups/fs2/memory_test.go index 2e2713c29ae..89c999d0cee 100644 --- a/libcontainer/cgroups/fs2/memory_test.go +++ b/libcontainer/cgroups/fs2/memory_test.go @@ -94,6 +94,10 @@ func TestStatMemoryPodCgroup(t *testing.T) { t.Fatal(err) } + if err := os.WriteFile(filepath.Join(fakeCgroupDir, "memory.peak"), []byte("987654321"), 0o644); err != nil { + t.Fatal(err) + } + gotStats := cgroups.NewStats() // use a fake root path to trigger the pod cgroup lookup. @@ -107,6 +111,18 @@ func TestStatMemoryPodCgroup(t *testing.T) { if gotStats.MemoryStats.Usage.Usage != expectedUsageBytes { t.Errorf("parsed cgroupv2 memory.stat doesn't match expected result: \ngot %#v\nexpected %#v\n", gotStats.MemoryStats.Usage.Usage, expectedUsageBytes) } + + // result should be "memory.max" + var expectedLimitBytes uint64 = 999999999 + if gotStats.MemoryStats.Usage.Limit != expectedLimitBytes { + t.Errorf("parsed cgroupv2 memory.stat doesn't match expected result: \ngot %#v\nexpected %#v\n", gotStats.MemoryStats.Usage.Limit, expectedLimitBytes) + } + + // result should be "memory.peak" + var expectedMaxUsageBytes uint64 = 987654321 + if gotStats.MemoryStats.Usage.MaxUsage != expectedMaxUsageBytes { + t.Errorf("parsed cgroupv2 memory.stat doesn't match expected result: \ngot %#v\nexpected %#v\n", gotStats.MemoryStats.Usage.MaxUsage, expectedMaxUsageBytes) + } } func TestRootStatsFromMeminfo(t *testing.T) { diff --git a/libcontainer/cgroups/stats.go b/libcontainer/cgroups/stats.go index 8ff1fbb52bb..363017f1876 100644 --- a/libcontainer/cgroups/stats.go +++ b/libcontainer/cgroups/stats.go @@ -91,6 +91,8 @@ type MemoryStats struct { Usage MemoryData `json:"usage,omitempty"` // usage of memory + swap SwapUsage MemoryData `json:"swap_usage,omitempty"` + // usage of swap only + SwapOnlyUsage MemoryData `json:"swap_only_usage,omitempty"` // usage of kernel memory KernelUsage MemoryData `json:"kernel_usage,omitempty"` // usage of kernel TCP memory From 6d27922005cb1b6d3bae325d28dd6a877b6375d4 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 25 Oct 2023 18:56:53 -0700 Subject: [PATCH 0424/1176] tests/int: fix flaky "runc run with tmpfs perm" Apparently, sometimes a short-lived "runc run" produces result with \r and sometimes without. As a result, we have an occasional failure of "runc run with tmpfs perms" test. The solution (to the flaky test) is to use the first line of the output (like many other tests do). Signed-off-by: Kir Kolyshkin --- tests/integration/run.bats | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/integration/run.bats b/tests/integration/run.bats index baf91fb00cd..e2eda270c0a 100644 --- a/tests/integration/run.bats +++ b/tests/integration/run.bats @@ -90,7 +90,7 @@ function teardown() { runc run test_tmpfs [ "$status" -eq 0 ] - [ "$output" = "$mode" ] + [ "${lines[0]}" = "$mode" ] } @test "runc run with tmpfs perms" { @@ -101,13 +101,13 @@ function teardown() { # Directory is to be created by runc. runc run test_tmpfs [ "$status" -eq 0 ] - [ "$output" = "444" ] + [ "${lines[0]}" = "444" ] # Run a 2nd time with the pre-existing directory. # Ref: https://github.com/opencontainers/runc/issues/3911 runc run test_tmpfs [ "$status" -eq 0 ] - [ "$output" = "444" ] + [ "${lines[0]}" = "444" ] # Existing directory, custom perms, no mode on the mount, # so it should use the directory's perms. @@ -116,7 +116,7 @@ function teardown() { # shellcheck disable=SC2016 runc run test_tmpfs [ "$status" -eq 0 ] - [ "$output" = "710" ] + [ "${lines[0]}" = "710" ] # Add back the mode on the mount, and it should use that instead. # Just for fun, use different perms than was used earlier. @@ -124,7 +124,7 @@ function teardown() { update_config '.mounts[-1].options = ["mode=0410"]' runc run test_tmpfs [ "$status" -eq 0 ] - [ "$output" = "410" ] + [ "${lines[0]}" = "410" ] } @test "runc run [runc-dmz]" { From 98511bb40e9042d309e55a198881a3d6507ee7a4 Mon Sep 17 00:00:00 2001 From: "Zheao.Li" Date: Fri, 20 Oct 2023 20:25:10 +0800 Subject: [PATCH 0425/1176] linux: Support setting execution domain via linux personality carry #3126 Co-authored-by: Aditya R Signed-off-by: Zheao.Li --- docs/spec-conformance.md | 1 - libcontainer/configs/config.go | 3 ++ libcontainer/configs/config_linux.go | 13 ++++++ libcontainer/init_linux.go | 4 ++ libcontainer/setns_init_linux.go | 5 +++ libcontainer/specconv/spec_linux.go | 22 ++++++++++ libcontainer/standard_init_linux.go | 8 ++++ libcontainer/system/linux.go | 10 +++++ tests/integration/personality.bats | 64 ++++++++++++++++++++++++++++ 9 files changed, 129 insertions(+), 1 deletion(-) create mode 100644 tests/integration/personality.bats diff --git a/docs/spec-conformance.md b/docs/spec-conformance.md index a278d76a740..c3ed8084b5e 100644 --- a/docs/spec-conformance.md +++ b/docs/spec-conformance.md @@ -7,7 +7,6 @@ The following features are not implemented yet: Spec version | Feature | PR -------------|------------------------------------------|---------------------------------------------------------- -v1.0.2 | `.linux.personality` | [#3126](https://github.com/opencontainers/runc/pull/3126) v1.1.0 | `SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV` | [#3862](https://github.com/opencontainers/runc/pull/3862) v1.1.0 | rsvd hugetlb cgroup | TODO ([#3859](https://github.com/opencontainers/runc/issues/3859)) v1.1.0 | `.process.ioPriority` | [#3783](https://github.com/opencontainers/runc/pull/3783) diff --git a/libcontainer/configs/config.go b/libcontainer/configs/config.go index 68d2f8f2678..722e1dcad61 100644 --- a/libcontainer/configs/config.go +++ b/libcontainer/configs/config.go @@ -219,6 +219,9 @@ type Config struct { // Scheduler represents the scheduling attributes for a process. Scheduler *Scheduler `json:"scheduler,omitempty"` + + // Personality contains configuration for the Linux personality syscall. + Personality *LinuxPersonality `json:"personality,omitempty"` } // Scheduler is based on the Linux sched_setattr(2) syscall. diff --git a/libcontainer/configs/config_linux.go b/libcontainer/configs/config_linux.go index 4e58bb39630..1900fc978f4 100644 --- a/libcontainer/configs/config_linux.go +++ b/libcontainer/configs/config_linux.go @@ -9,6 +9,19 @@ var ( errNoGroupMap = errors.New("User namespaces enabled, but no group mapping found.") ) +// Please check https://man7.org/linux/man-pages/man2/personality.2.html for const details. +// https://raw.githubusercontent.com/torvalds/linux/master/include/uapi/linux/personality.h +const ( + PerLinux = 0x0000 + PerLinux32 = 0x0008 +) + +type LinuxPersonality struct { + // Domain for the personality + // can only contain values "LINUX" and "LINUX32" + Domain int `json:"domain"` +} + // HostUID gets the translated uid for the process on host which could be // different when user namespaces are enabled. func (c Config) HostUID(containerId int) (int, error) { diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go index b9affb91c4b..624e0199e9a 100644 --- a/libcontainer/init_linux.go +++ b/libcontainer/init_linux.go @@ -654,6 +654,10 @@ func setupScheduler(config *configs.Config) error { return nil } +func setupPersonality(config *configs.Config) error { + return system.SetLinuxPersonality(config.Personality.Domain) +} + // signalAllProcesses freezes then iterates over all the processes inside the // manager's cgroups sending the signal s to them. func signalAllProcesses(m cgroups.Manager, s unix.Signal) error { diff --git a/libcontainer/setns_init_linux.go b/libcontainer/setns_init_linux.go index f3edb7100c8..171bc3b5908 100644 --- a/libcontainer/setns_init_linux.go +++ b/libcontainer/setns_init_linux.go @@ -93,6 +93,11 @@ func (l *linuxSetnsInit) Init() error { if err := apparmor.ApplyProfile(l.config.AppArmorProfile); err != nil { return err } + if l.config.Config.Personality != nil { + if err := setupPersonality(l.config.Config); err != nil { + return err + } + } // Check for the arg early to make sure it exists. name, err := exec.LookPath(l.config.Args[0]) if err != nil { diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go index 45d8313f627..c1632ac12ad 100644 --- a/libcontainer/specconv/spec_linux.go +++ b/libcontainer/specconv/spec_linux.go @@ -434,6 +434,18 @@ func CreateLibcontainerConfig(opts *CreateOpts) (*configs.Config, error) { MemBwSchema: spec.Linux.IntelRdt.MemBwSchema, } } + if spec.Linux.Personality != nil { + if len(spec.Linux.Personality.Flags) > 0 { + logrus.Warnf("ignoring unsupported personality flags: %+v because personality flag has not supported at this time", spec.Linux.Personality.Flags) + } + domain, err := getLinuxPersonalityFromStr(string(spec.Linux.Personality.Domain)) + if err != nil { + return nil, err + } + config.Personality = &configs.LinuxPersonality{ + Domain: domain, + } + } } // Set the host UID that should own the container's cgroup. @@ -571,6 +583,16 @@ func checkPropertyName(s string) error { return nil } +// getLinuxPersonalityFromStr converts the string domain received from spec to equivalent integer. +func getLinuxPersonalityFromStr(domain string) (int, error) { + if domain == string(specs.PerLinux32) { + return configs.PerLinux32, nil + } else if domain == string(specs.PerLinux) { + return configs.PerLinux, nil + } + return -1, fmt.Errorf("invalid personality domain %s", domain) +} + // Some systemd properties are documented as having "Sec" suffix // (e.g. TimeoutStopSec) but are expected to have "USec" suffix // here, so let's provide conversion to improve compatibility. diff --git a/libcontainer/standard_init_linux.go b/libcontainer/standard_init_linux.go index 4fab50c0581..d0e01545ef9 100644 --- a/libcontainer/standard_init_linux.go +++ b/libcontainer/standard_init_linux.go @@ -233,6 +233,14 @@ func (l *linuxStandardInit) Init() error { return err } } + + // Set personality if specified. + if l.config.Config.Personality != nil { + if err := setupPersonality(l.config.Config); err != nil { + return err + } + } + // Close the pipe to signal that we have completed our init. logrus.Debugf("init: closing the pipe to signal completion") _ = l.pipe.Close() diff --git a/libcontainer/system/linux.go b/libcontainer/system/linux.go index 318b6edfe81..0b3b4da33d7 100644 --- a/libcontainer/system/linux.go +++ b/libcontainer/system/linux.go @@ -214,3 +214,13 @@ func Copy(dst io.Writer, src io.Reader) (copied int64, err error) { fallback: return io.Copy(dst, src) } + +// SetLinuxPersonality sets the Linux execution personality. For more information see the personality syscall documentation. +// checkout getLinuxPersonalityFromStr() from libcontainer/specconv/spec_linux.go for type conversion. +func SetLinuxPersonality(personality int) error { + _, _, errno := unix.Syscall(unix.SYS_PERSONALITY, uintptr(personality), 0, 0) + if errno != 0 { + return &os.SyscallError{Syscall: "set_personality", Err: errno} + } + return nil +} diff --git a/tests/integration/personality.bats b/tests/integration/personality.bats new file mode 100644 index 00000000000..37aa8e86fda --- /dev/null +++ b/tests/integration/personality.bats @@ -0,0 +1,64 @@ +#!/usr/bin/env bats + +load helpers + +function setup() { + requires arch_x86_64 + setup_busybox +} + +function teardown() { + teardown_bundle +} + +@test "runc run personality for i686" { + update_config ' + .process.args = ["/bin/sh", "-c", "uname -a"] + | .linux.personality = { + "domain": "LINUX32", + "flags": [] + }' + + runc run test_busybox + [ "$status" -eq 0 ] + [[ "$output" == *"i686"* ]] +} + +@test "runc run personality with exec for i686" { + update_config ' + .linux.personality = { + "domain": "LINUX32", + }' + + runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox + [ "$status" -eq 0 ] + runc exec test_busybox /bin/sh -c "uname -a" + [ "$status" -eq 0 ] + [[ "$output" == *"i686"* ]] +} + +@test "runc run personality for x86_64" { + update_config ' + .process.args = ["/bin/sh", "-c", "uname -a"] + | .linux.personality = { + "domain": "LINUX", + "flags": [] + }' + + runc run test_busybox + [ "$status" -eq 0 ] + [[ "$output" == *"x86_64"* ]] +} + +@test "runc run personality with exec for x86_64" { + update_config ' + .linux.personality = { + "domain": "LINUX", + }' + + runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox + [ "$status" -eq 0 ] + runc exec test_busybox /bin/sh -c "uname -a" + [ "$status" -eq 0 ] + [[ "$output" == *"x86_64"* ]] +} From 2c9598c88638b529b032eac4bd480b7600c13785 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 25 Oct 2023 15:02:10 -0700 Subject: [PATCH 0426/1176] libct/cgroups.OpenFile: clean "file" argument This prevents potential exploit of using "../" in cgroups.OpenFile (as well as other methods that use OpenFile) to read or write to other cgroups. Signed-off-by: Kir Kolyshkin --- libcontainer/cgroups/file.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libcontainer/cgroups/file.go b/libcontainer/cgroups/file.go index 1a463b4a781..b0d6e33beb0 100644 --- a/libcontainer/cgroups/file.go +++ b/libcontainer/cgroups/file.go @@ -10,6 +10,7 @@ import ( "strings" "sync" + "github.com/opencontainers/runc/libcontainer/utils" "github.com/sirupsen/logrus" "golang.org/x/sys/unix" ) @@ -111,7 +112,7 @@ func openFile(dir, file string, flags int) (*os.File, error) { flags |= os.O_TRUNC | os.O_CREATE mode = 0o600 } - path := path.Join(dir, file) + path := path.Join(dir, utils.CleanPath(file)) if prepareOpenat2() != nil { return openFallback(path, flags, mode) } From a2f7c6add8e875263b9cb1ff66ef7a3d005b6c97 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 23 Oct 2023 11:55:12 -0700 Subject: [PATCH 0427/1176] internal/testutil: create, add SkipOnCentOS CentOS 7 is showing its age and we'd rather skip some tests on it than find out why they are flaky. Add internal/testutil package, and move the generalized version of SkipOnCentOS7 from libcontainer/cgroups/devices to there. Signed-off-by: Kir Kolyshkin --- internal/testutil/testutil.go | 30 ++++++++++++++++++++ libcontainer/cgroups/devices/systemd_test.go | 29 ++++--------------- 2 files changed, 35 insertions(+), 24 deletions(-) create mode 100644 internal/testutil/testutil.go diff --git a/internal/testutil/testutil.go b/internal/testutil/testutil.go new file mode 100644 index 00000000000..9df3ed1f68e --- /dev/null +++ b/internal/testutil/testutil.go @@ -0,0 +1,30 @@ +package testutil + +import ( + "os/exec" + "strconv" + "sync" + "testing" +) + +var ( + centosVer string + centosVerOnce sync.Once +) + +func centosVersion() string { + centosVerOnce.Do(func() { + ver, _ := exec.Command("rpm", "-q", "--qf", "%{version}", "centos-release").CombinedOutput() + centosVer = string(ver) + }) + return centosVer +} + +func SkipOnCentOS(t *testing.T, reason string, versions ...int) { + t.Helper() + for _, v := range versions { + if vstr := strconv.Itoa(v); centosVersion() == vstr { + t.Skip(reason + " on CentOS " + vstr) + } + } +} diff --git a/libcontainer/cgroups/devices/systemd_test.go b/libcontainer/cgroups/devices/systemd_test.go index fc3b635f24f..7bae2f7406a 100644 --- a/libcontainer/cgroups/devices/systemd_test.go +++ b/libcontainer/cgroups/devices/systemd_test.go @@ -6,9 +6,9 @@ import ( "os" "os/exec" "strings" - "sync" "testing" + "github.com/opencontainers/runc/internal/testutil" "github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/cgroups/systemd" "github.com/opencontainers/runc/libcontainer/configs" @@ -27,7 +27,8 @@ func TestPodSkipDevicesUpdate(t *testing.T) { if os.Geteuid() != 0 { t.Skip("Test requires root.") } - skipOnCentOS7(t) + // https://github.com/opencontainers/runc/issues/3743. + testutil.SkipOnCentOS(t, "Flaky (#3743)", 7) podName := "system-runc_test_pod" + t.Name() + ".slice" podConfig := &configs.Cgroup{ @@ -118,27 +119,6 @@ func TestPodSkipDevicesUpdate(t *testing.T) { } } -var ( - centosVer string - centosVerOnce sync.Once -) - -func centosVersion() string { - centosVerOnce.Do(func() { - ver, _ := exec.Command("rpm", "-q", "--qf", "%{version}", "centos-release").CombinedOutput() - centosVer = string(ver) - }) - return centosVer -} - -func skipOnCentOS7(t *testing.T) { - t.Helper() - // https://github.com/opencontainers/runc/issues/3743 - if centosVersion() == "7" { - t.Skip("Flaky on CentOS 7") - } -} - func testSkipDevices(t *testing.T, skipDevices bool, expected []string) { if !systemd.IsRunningSystemd() { t.Skip("Test requires systemd.") @@ -146,7 +126,8 @@ func testSkipDevices(t *testing.T, skipDevices bool, expected []string) { if os.Geteuid() != 0 { t.Skip("Test requires root.") } - skipOnCentOS7(t) + // https://github.com/opencontainers/runc/issues/3743. + testutil.SkipOnCentOS(t, "Flaky (#3743)", 7) podConfig := &configs.Cgroup{ Parent: "system.slice", From b2539a7dc3411f68e1bfa418ee6d9ae073729c2e Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 27 Oct 2023 13:31:47 -0700 Subject: [PATCH 0428/1176] libct/cg: skip TestWriteCgroupFileHandlesInterrupt on CentOS 7 It's flaky (kernel bug?) and there's probably nothing we can do about it. Fixes #3418. Signed-off-by: Kir Kolyshkin --- libcontainer/cgroups/file_test.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libcontainer/cgroups/file_test.go b/libcontainer/cgroups/file_test.go index 94f1a99bff0..6236bb9ec1e 100644 --- a/libcontainer/cgroups/file_test.go +++ b/libcontainer/cgroups/file_test.go @@ -8,9 +8,13 @@ import ( "strconv" "testing" "time" + + "github.com/opencontainers/runc/internal/testutil" ) func TestWriteCgroupFileHandlesInterrupt(t *testing.T) { + testutil.SkipOnCentOS(t, "Flaky (see #3418)", 7) + const ( memoryCgroupMount = "/sys/fs/cgroup/memory" memoryLimit = "memory.limit_in_bytes" From b39781b0673f3c00ec8cf029a3f3a9755316cffc Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 3 Oct 2023 17:44:39 -0700 Subject: [PATCH 0429/1176] tests/int: add selinux test case This is a test case to demonstrate the selinux vs dmz issue. The issue is, runc calls selinux.SetExecLabel and then execs the runc-dmz binary, but the execve is denied by selinux: > type=PROCTITLE msg=audit(10/05/2023 22:54:07.911:10904) : proctitle=/tmp/bats-run-sGk2sn/runc.Ql243q/bundle/runc init > type=SYSCALL msg=audit(10/05/2023 22:54:07.911:10904) : arch=x86_64 syscall=execveat success=no exit=EACCES(Permission denied) a0=0x6 a1=0xc0000b90fa a2=0xc0000a26a0 a3=0xc000024660 items=0 ppid=105316 pid=105327 auid=root uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=pts0 ses=8 comm=runc:[2:INIT] exe=/tmp/bats-run-sGk2sn/runc.Ql243q/bundle/runc subj=unconfined_u:unconfined_r:container_runtime_t:s0-s0:c0.c1023 key=(null) > type=AVC msg=audit(10/05/2023 22:54:07.911:10904) : avc: denied { entrypoint } for pid=105327 comm=runc:[2:INIT] path=/memfd:runc_cloned:runc-dmz (deleted) dev="tmpfs" ino=2341 scontext=system_u:system_r:container_t:s0:c4,c5 tcontext=unconfined_u:object_r:container_runtime_tmpfs_t:s0 tclass=file permissive=0 Once that error is fixed (by adding a selinux rule that enables it), we see one more error, also related to executing a file on tmpfs. Signed-off-by: Kir Kolyshkin --- .cirrus.yml | 6 ++-- Vagrantfile.fedora | 5 +++- tests/integration/selinux.bats | 55 ++++++++++++++++++++++++++++++++++ 3 files changed, 63 insertions(+), 3 deletions(-) create mode 100644 tests/integration/selinux.bats diff --git a/.cirrus.yml b/.cirrus.yml index cfd238f154e..0b24e5c5075 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -57,7 +57,7 @@ task: mkdir -p -m 0700 /root/.ssh vagrant ssh-config >> /root/.ssh/config guest_info_script: | - ssh default 'sh -exc "uname -a && systemctl --version && df -T && cat /etc/os-release && go version"' + ssh default 'sh -exc "uname -a && systemctl --version && df -T && cat /etc/os-release && go version && sestatus"' check_config_script: | ssh default /vagrant/script/check-config.sh unit_tests_script: | @@ -79,7 +79,7 @@ task: CIRRUS_WORKING_DIR: /home/runc GO_VERSION: "1.20" BATS_VERSION: "v1.9.0" - RPMS: gcc git iptables jq glibc-static libseccomp-devel make criu fuse-sshfs + RPMS: gcc git iptables jq glibc-static libseccomp-devel make criu fuse-sshfs container-selinux # yamllint disable rule:key-duplicates matrix: DISTRO: centos-7 @@ -170,6 +170,8 @@ task: # ----- df -T # ----- + sestatus + # ----- cat /proc/cpuinfo check_config_script: | /home/runc/script/check-config.sh diff --git a/Vagrantfile.fedora b/Vagrantfile.fedora index 4e9bd87c2ad..9b4f6d72687 100644 --- a/Vagrantfile.fedora +++ b/Vagrantfile.fedora @@ -23,12 +23,15 @@ Vagrant.configure("2") do |config| cat << EOF | dnf -y --exclude=kernel,kernel-core shell && break config install_weak_deps false update -install iptables gcc golang-go make glibc-static libseccomp-devel bats jq git-core criu fuse-sshfs +install iptables gcc golang-go make glibc-static libseccomp-devel bats jq git-core criu fuse-sshfs container-selinux ts run EOF done dnf clean all + # To avoid "avc: denied { nosuid_transition }" from SELinux as we run tests on /tmp. + mount -o remount,suid /tmp + # Prevent the "fatal: unsafe repository" git complain during build. git config --global --add safe.directory /vagrant diff --git a/tests/integration/selinux.bats b/tests/integration/selinux.bats new file mode 100644 index 00000000000..6265bd461d9 --- /dev/null +++ b/tests/integration/selinux.bats @@ -0,0 +1,55 @@ +#!/usr/bin/env bats + +load helpers + +function setup() { + requires root # for chcon + if ! selinuxenabled; then + skip "requires SELinux enabled and in enforcing mode" + fi + + setup_busybox + + # Use a copy of runc binary with proper selinux label set. + cp "$RUNC" . + export RUNC="$PWD/runc" + chcon -u system_u -r object_r -t container_runtime_exec_t "$RUNC" + + # Label container fs. + chcon -u system_u -r object_r -t container_file_t -R rootfs + + # Save the start date and time for ausearch. + AU_DD="$(date +%x)" + AU_TT="$(date +%H:%M:%S)" +} + +function teardown() { + teardown_bundle + # Show any avc denials. + if [[ -v AU_DD && -v AU_TT ]] && command -v ausearch &>/dev/null; then + ausearch -ts "$AU_DD" "$AU_TT" -i -m avc || true + fi +} + +# Baseline test, to check that runc works with selinux enabled. +@test "runc run (no selinux label)" { + update_config ' .process.args = ["/bin/true"]' + runc run tst + [ "$status" -eq 0 ] +} + +# https://github.com/opencontainers/runc/issues/4057 +@test "runc run (custom selinux label)" { + update_config ' .process.selinuxLabel |= "system_u:system_r:container_t:s0:c4,c5" + | .process.args = ["/bin/true"]' + runc run tst + [ "$status" -eq 0 ] +} + +@test "runc run (custom selinux label, RUNC_DMZ=legacy)" { + export RUNC_DMZ=legacy + update_config ' .process.selinuxLabel |= "system_u:system_r:container_t:s0:c4,c5" + | .process.args = ["/bin/true"]' + runc run tst + [ "$status" -eq 0 ] +} From 393c7a81c9bb9a35e84aebd87a0ffe044d19666e Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 18 Oct 2023 19:21:20 -0700 Subject: [PATCH 0430/1176] README: fix reference to memfd-bind Signed-off-by: Kir Kolyshkin --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 827f837e06f..f36eea6b6ef 100644 --- a/README.md +++ b/README.md @@ -75,7 +75,7 @@ The following build tags were used earlier, but are now obsoleted: - **apparmor** (since runc v1.0.0-rc93 the feature is always enabled) - **selinux** (since runc v1.0.0-rc93 the feature is always enabled) - [contrib-memfd-bind]: /contrib/memfd-bind/README.md + [contrib-memfd-bind]: /contrib/cmd/memfd-bind/README.md ### Running the test suite From 87bd784614a1246bfe706dbe5d159c4f242daec6 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 18 Oct 2023 20:15:07 -0700 Subject: [PATCH 0431/1176] Add dmz-vs-selinux kludge and a way to disable it Add a workaround for a problem of older container-selinux not allowing runc to use dmz feature. If runc sees that SELinux is in enforced mode and the container's SELinux label is set, it disables dmz. Add a build tag, runc_dmz_selinux_nocompat, which disables the workaround. Newer distros that ship container-selinux >= 2.224.0 (currently CentOS Stream 8 and 9, RHEL 8 and 9, and Fedora 38+) may build runc with this build tag set to benefit from dmz working with SELinux. Document the build tag in the top-level and libct/dmz READMEs. Use the build tag in our CI builds for CentOS Stream 9 and Fedora 38, as they already has container-selinux 2.224.0 available in updates. Add a TODO to use the build tag for CentOS Stream 8 once it has container-selinux updated. Signed-off-by: Kir Kolyshkin --- .cirrus.yml | 13 ++++++++++++- README.md | 2 ++ Vagrantfile.fedora | 3 +++ libcontainer/container_linux.go | 4 ++++ libcontainer/dmz/README.md | 12 ++++++++++++ libcontainer/dmz/selinux.go | 10 ++++++++++ libcontainer/dmz/selinux_compat.go | 28 ++++++++++++++++++++++++++++ 7 files changed, 71 insertions(+), 1 deletion(-) create mode 100644 libcontainer/dmz/selinux.go create mode 100644 libcontainer/dmz/selinux_compat.go diff --git a/.cirrus.yml b/.cirrus.yml index 0b24e5c5075..a3ee5b5b156 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -57,7 +57,7 @@ task: mkdir -p -m 0700 /root/.ssh vagrant ssh-config >> /root/.ssh/config guest_info_script: | - ssh default 'sh -exc "uname -a && systemctl --version && df -T && cat /etc/os-release && go version && sestatus"' + ssh default 'sh -exc "uname -a && systemctl --version && df -T && cat /etc/os-release && go version && sestatus && rpm -q container-selinux"' check_config_script: | ssh default /vagrant/script/check-config.sh unit_tests_script: | @@ -159,6 +159,17 @@ task: echo -e "Host localhost\n\tStrictHostKeyChecking no\t\nIdentityFile /root/.ssh/id_ed25519\n" >> /root/.ssh/config sed -e "s,PermitRootLogin.*,PermitRootLogin prohibit-password,g" -i /etc/ssh/sshd_config systemctl restart sshd + + # Disable the dmz-vs-selinux workaround for distros that have container-selinux >= 2.224.0. + case $DISTRO in + # TODO: remove centos-stream-8. + centos-7|centos-stream-8) + # Do nothing. + ;; + *) + echo 'export EXTRA_BUILDTAGS=runc_dmz_selinux_nocompat' >> /root/.bashrc + ;; + esac host_info_script: | uname -a # ----- diff --git a/README.md b/README.md index f36eea6b6ef..7e40776bbb7 100644 --- a/README.md +++ b/README.md @@ -69,6 +69,7 @@ make BUILDTAGS="" |---------------|---------------------------------------|--------------------|---------------------| | `seccomp` | Syscall filtering using `libseccomp`. | yes | `libseccomp` | | `!runc_nodmz` | Reduce memory usage for CVE-2019-5736 protection by using a small C binary, [see `memfd-bind` for more details][contrib-memfd-bind]. `runc_nodmz` disables this feature and causes runc to use a different protection mechanism which will further increases memory usage temporarily during container startup. This feature can also be disabled at runtime by setting the `RUNC_DMZ=legacy` environment variable. | yes || +| `runc_dmz_selinux_nocompat` | Disables a SELinux DMZ workaround (new distros should set this). See [dmz README] for details. | no || The following build tags were used earlier, but are now obsoleted: - **nokmem** (since runc v1.0.0-rc94 kernel memory settings are ignored) @@ -76,6 +77,7 @@ The following build tags were used earlier, but are now obsoleted: - **selinux** (since runc v1.0.0-rc93 the feature is always enabled) [contrib-memfd-bind]: /contrib/cmd/memfd-bind/README.md + [dmz README]: /libcontainer/dmz/README.md ### Running the test suite diff --git a/Vagrantfile.fedora b/Vagrantfile.fedora index 9b4f6d72687..b1e3d628894 100644 --- a/Vagrantfile.fedora +++ b/Vagrantfile.fedora @@ -32,6 +32,9 @@ EOF # To avoid "avc: denied { nosuid_transition }" from SELinux as we run tests on /tmp. mount -o remount,suid /tmp + # Disable selinux-vs-dmz workaround as Fedora doesn't need it. + echo 'export EXTRA_BUILDTAGS=runc_dmz_selinux_nocompat' >> /root/.bashrc + # Prevent the "fatal: unsafe repository" git complain during build. git config --global --add safe.directory /vagrant diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index 35f4f5df390..f5d55a1649e 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -457,6 +457,10 @@ func slicesContains[S ~[]E, E comparable](slice S, needle E) bool { } func isDmzBinarySafe(c *configs.Config) bool { + if !dmz.WorksWithSELinux(c) { + return false + } + // Because we set the dumpable flag in nsexec, the only time when it is // unsafe to use runc-dmz is when the container process would be able to // race against "runc init" and bypass the ptrace_may_access() checks. diff --git a/libcontainer/dmz/README.md b/libcontainer/dmz/README.md index 3cfa913ff68..b415f9e3988 100644 --- a/libcontainer/dmz/README.md +++ b/libcontainer/dmz/README.md @@ -15,4 +15,16 @@ It also support all the architectures we support in runc. If the GOARCH we use for compiling doesn't support nolibc, it fallbacks to using the C stdlib. +## SELinux compatibility issue and a workaround + +Older SELinux policy can prevent runc to execute the dmz binary. The issue is +fixed in [container-selinux v2.224.0]. Yet, some older distributions may not +have the fix, so runc has a runtime workaround of disabling dmz if it finds +that SELinux is in enforced mode and the container SELinux label is set. + +Distributions that have a sufficiently new container-selinux can disable the +workaround by building runc with the `runc_dmz_selinux_nocompat` build flag, +essentially allowing dmz to be used together with SELinux. + [nolibc-upstream]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/tools/include/nolibc?h=v6.6-rc3 +[container-selinux v2.224.0]: https://github.com/containers/container-selinux/releases/tag/v2.224.0 diff --git a/libcontainer/dmz/selinux.go b/libcontainer/dmz/selinux.go new file mode 100644 index 00000000000..49a76ec1741 --- /dev/null +++ b/libcontainer/dmz/selinux.go @@ -0,0 +1,10 @@ +//go:build runc_dmz_selinux_nocompat || !linux + +package dmz + +import "github.com/opencontainers/runc/libcontainer/configs" + +// WorksWithSELinux tells whether runc-dmz can work with SELinux. +func WorksWithSELinux(*configs.Config) bool { + return true +} diff --git a/libcontainer/dmz/selinux_compat.go b/libcontainer/dmz/selinux_compat.go new file mode 100644 index 00000000000..027a5e76243 --- /dev/null +++ b/libcontainer/dmz/selinux_compat.go @@ -0,0 +1,28 @@ +//go:build linux && !runc_dmz_selinux_nocompat + +package dmz + +import ( + "github.com/opencontainers/runc/libcontainer/configs" + "github.com/opencontainers/selinux/go-selinux" +) + +// WorksWithSELinux tells whether runc-dmz can work with SELinux. +// +// Older SELinux policy can prevent runc to execute the dmz binary. The issue is +// fixed in container-selinux >= 2.224.0: +// +// - https://github.com/containers/container-selinux/issues/274 +// - https://github.com/containers/container-selinux/pull/280 +// +// Alas, there is is no easy way to do a runtime check if dmz works with +// SELinux, so the below workaround is enabled by default. It results in +// disabling dmz in case container SELinux label is set and the selinux is in +// enforced mode. +// +// Newer distributions that have the sufficiently new container-selinux version +// can build runc with runc_dmz_selinux_nocompat build flag to disable this +// workaround (essentially allowing dmz to be used together with SELinux). +func WorksWithSELinux(c *configs.Config) bool { + return c.ProcessLabel == "" || selinux.EnforceMode() != selinux.Enforcing +} From 4bf8b55594c084d47f2a39300a205316c721b52e Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Tue, 31 Oct 2023 17:38:54 +0100 Subject: [PATCH 0432/1176] libct: Remove old comment We changed it in PR: https://github.com/opencontainers/runtime-spec/pull/1225 But we missed to remove this comment. Signed-off-by: Rodrigo Campos --- libcontainer/configs/validate/validator_test.go | 2 -- 1 file changed, 2 deletions(-) diff --git a/libcontainer/configs/validate/validator_test.go b/libcontainer/configs/validate/validator_test.go index 176527ecc60..7de9b0f9061 100644 --- a/libcontainer/configs/validate/validator_test.go +++ b/libcontainer/configs/validate/validator_test.go @@ -395,12 +395,10 @@ func TestValidateMounts(t *testing.T) { isErr bool dest string }{ - // TODO (runc v1.x.x): make these relative paths an error. See https://github.com/opencontainers/runc/pull/3004 {isErr: false, dest: "not/an/abs/path"}, {isErr: false, dest: "./rel/path"}, {isErr: false, dest: "./rel/path"}, {isErr: false, dest: "../../path"}, - {isErr: false, dest: "/abs/path"}, {isErr: false, dest: "/abs/but/../unclean"}, } From 669f4dbef8cabef5fe2c277af476d8e6ed4feb1b Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Wed, 23 Aug 2023 02:28:32 +1000 Subject: [PATCH 0433/1176] configs: validate: add validation for bind-mount fsflags Bind-mounts cannot have any filesystem-specific "data" arguments, because the kernel ignores the data argument for MS_BIND and MS_BIND|MS_REMOUNT and we cannot safely try to override the flags because those would affect mounts on the host (these flags affect the superblock). It should be noted that there are cases where the filesystem-specified flags will also be ignored for non-bind-mounts but those are kernel quirks and there's no real way for us to work around them. And users wouldn't get any real benefit from us adding guardrails to existing kernel behaviour. Signed-off-by: Aleksa Sarai --- libcontainer/configs/validate/validator.go | 23 ++++++++++ .../configs/validate/validator_test.go | 43 +++++++++++++++++++ 2 files changed, 66 insertions(+) diff --git a/libcontainer/configs/validate/validator.go b/libcontainer/configs/validate/validator.go index a6736f26584..0df7242b38d 100644 --- a/libcontainer/configs/validate/validator.go +++ b/libcontainer/configs/validate/validator.go @@ -275,6 +275,26 @@ func cgroupsCheck(config *configs.Config) error { return nil } +func checkBindOptions(m *configs.Mount) error { + if !m.IsBind() { + return nil + } + // We must reject bind-mounts that also have filesystem-specific mount + // options, because the kernel will completely ignore these flags and we + // cannot set them per-mountpoint. + // + // It should be noted that (due to how the kernel caches superblocks), data + // options could also silently ignored for other filesystems even when + // doing a fresh mount, but there is no real way to avoid this (and it + // matches how everything else works). There have been proposals to make it + // possible for userspace to detect this caching, but this wouldn't help + // runc because the behaviour wouldn't even be desirable for most users. + if m.Data != "" { + return errors.New("bind mounts cannot have any filesystem-specific options applied") + } + return nil +} + func checkIDMapMounts(config *configs.Config, m *configs.Mount) error { if !m.IsIDMapped() { return nil @@ -313,6 +333,9 @@ func mountsWarn(config *configs.Config) error { func mountsStrict(config *configs.Config) error { for _, m := range config.Mounts { + if err := checkBindOptions(m); err != nil { + return fmt.Errorf("invalid mount %+v: %w", m, err) + } if err := checkIDMapMounts(config, m); err != nil { return fmt.Errorf("invalid mount %+v: %w", m, err) } diff --git a/libcontainer/configs/validate/validator_test.go b/libcontainer/configs/validate/validator_test.go index 7de9b0f9061..a882fa64cce 100644 --- a/libcontainer/configs/validate/validator_test.go +++ b/libcontainer/configs/validate/validator_test.go @@ -421,6 +421,49 @@ func TestValidateMounts(t *testing.T) { } } +func TestValidateBindMounts(t *testing.T) { + testCases := []struct { + isErr bool + flags int + data string + }{ + {isErr: false, flags: 0, data: ""}, + {isErr: false, flags: unix.MS_RDONLY | unix.MS_NOSYMFOLLOW, data: ""}, + + {isErr: true, flags: 0, data: "idmap"}, + {isErr: true, flags: unix.MS_RDONLY, data: "custom_ext4_flag"}, + {isErr: true, flags: unix.MS_NOATIME, data: "rw=foobar"}, + } + + for _, tc := range testCases { + for _, bind := range []string{"bind", "rbind"} { + bindFlag := map[string]int{ + "bind": unix.MS_BIND, + "rbind": unix.MS_BIND | unix.MS_REC, + }[bind] + + config := &configs.Config{ + Rootfs: "/var", + Mounts: []*configs.Mount{ + { + Destination: "/", + Flags: tc.flags | bindFlag, + Data: tc.data, + }, + }, + } + + err := Validate(config) + if tc.isErr && err == nil { + t.Errorf("%s mount flags:0x%x data:%v, expected error, got nil", bind, tc.flags, tc.data) + } + if !tc.isErr && err != nil { + t.Errorf("%s mount flags:0x%x data:%v, expected nil, got error %v", bind, tc.flags, tc.data, err) + } + } + } +} + func TestValidateIDMapMounts(t *testing.T) { mapping := []configs.IDMap{ { From 9d8fa6d695cfe172c5e16fbe245d1205611706b7 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Mon, 30 Oct 2023 19:26:39 +1100 Subject: [PATCH 0434/1176] libcontainer: dmz: fix "go get" builds Because runc-dmz is not checked into Git, go get will end up creating a copy of libcontainer/dmz with no runc-dmz binary, which causes external libcontainer users to have compilation errors. Unfortunately, we cannot get go:embed to just ignore that there are no files matching the provided pattern, so instead we need to create a dummy file that matches the go:embed (which we check into Git and so go get _will_ copy) and switch to embed.FS. This is a little bit uglier, but at least it will fix external libcontainer users. Signed-off-by: Aleksa Sarai --- libcontainer/dmz/Makefile | 2 +- libcontainer/dmz/{ => binary}/.gitignore | 0 libcontainer/dmz/binary/dummy-file.txt | 0 libcontainer/dmz/dmz_linux.go | 51 ++++++++++++++++-------- 4 files changed, 36 insertions(+), 17 deletions(-) rename libcontainer/dmz/{ => binary}/.gitignore (100%) create mode 100644 libcontainer/dmz/binary/dummy-file.txt diff --git a/libcontainer/dmz/Makefile b/libcontainer/dmz/Makefile index 3c30db243d9..959529c5fd9 100644 --- a/libcontainer/dmz/Makefile +++ b/libcontainer/dmz/Makefile @@ -14,6 +14,6 @@ else CFLAGS += -DRUNC_USE_STDLIB endif -runc-dmz: _dmz.c +binary/runc-dmz: _dmz.c $(CC) $(CFLAGS) -static -o $@ $^ $(STRIP) -gs $@ diff --git a/libcontainer/dmz/.gitignore b/libcontainer/dmz/binary/.gitignore similarity index 100% rename from libcontainer/dmz/.gitignore rename to libcontainer/dmz/binary/.gitignore diff --git a/libcontainer/dmz/binary/dummy-file.txt b/libcontainer/dmz/binary/dummy-file.txt new file mode 100644 index 00000000000..e69de29bb2d diff --git a/libcontainer/dmz/dmz_linux.go b/libcontainer/dmz/dmz_linux.go index 12f9709a269..0985677ea5b 100644 --- a/libcontainer/dmz/dmz_linux.go +++ b/libcontainer/dmz/dmz_linux.go @@ -6,20 +6,32 @@ package dmz import ( "bytes" "debug/elf" - _ "embed" + "embed" "os" + "sync" "github.com/sirupsen/logrus" ) -// Try to build the runc-dmz binary. If it fails, replace it with an empty file -// (this will trigger us to fall back to a clone of /proc/self/exe). Yeah, this -// is a bit ugly but it makes sure that weird cross-compilation setups don't -// break because of runc-dmz. +// Try to build the runc-dmz binary on "go generate". If it fails (or +// libcontainer is being imported as a library), the embed.FS will not contain +// the file, which will then cause us to fall back to a clone of +// /proc/self/exe. // -//go:generate sh -c "make -B runc-dmz || echo -n >runc-dmz" -//go:embed runc-dmz -var runcDmzBinary []byte +// There is an empty file called dummy-file.txt in libcontainer/dmz/binary in +// order to work around the restriction that go:embed requires at least one +// file to match the pattern. +// +//go:generate make -B binary/runc-dmz +//go:embed binary +var runcDmzFs embed.FS + +// A cached copy of the contents of runc-dmz. +var ( + runcDmzBinaryOnce sync.Once + runcDmzBinaryIsValid bool + runcDmzBinary []byte +) // Binary returns a cloned copy (see CloneBinary) of a very minimal C program // that just does an execve() of its arguments. This is used in the final @@ -31,18 +43,25 @@ var runcDmzBinary []byte // If the runc-dmz binary is not embedded into the runc binary, Binary will // return ErrNoDmzBinary as the error. func Binary(tmpDir string) (*os.File, error) { - rdr := bytes.NewBuffer(runcDmzBinary) - // Verify that our embedded binary has a standard ELF header. - if !bytes.HasPrefix(rdr.Bytes(), []byte(elf.ELFMAG)) { - if rdr.Len() != 0 { - logrus.Infof("misconfigured build: embedded runc-dmz binary is non-empty but is missing a proper ELF header") - } - return nil, ErrNoDmzBinary - } // Setting RUNC_DMZ=legacy disables this dmz method. if os.Getenv("RUNC_DMZ") == "legacy" { logrus.Debugf("RUNC_DMZ=legacy set -- switching back to classic /proc/self/exe cloning") return nil, ErrNoDmzBinary } + runcDmzBinaryOnce.Do(func() { + runcDmzBinary, _ = runcDmzFs.ReadFile("binary/runc-dmz") + // Verify that our embedded binary has a standard ELF header. + if !bytes.HasPrefix(runcDmzBinary, []byte(elf.ELFMAG)) { + if len(runcDmzBinary) != 0 { + logrus.Infof("misconfigured build: embedded runc-dmz binary is non-empty but is missing a proper ELF header") + } + } else { + runcDmzBinaryIsValid = true + } + }) + if !runcDmzBinaryIsValid { + return nil, ErrNoDmzBinary + } + rdr := bytes.NewBuffer(runcDmzBinary) return CloneBinary(rdr, int64(rdr.Len()), "runc-dmz", tmpDir) } From 823636c3ddd07241e586e44ea5e6fa9c0546b34b Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 3 Nov 2023 16:27:13 -0700 Subject: [PATCH 0435/1176] ci/cirrus: disable selinux-dmz kludge for centos-stream-8 It now comes with container-selinux 2:2.224.0-1.module_el8+712+4cd1bd69, so we only need the kludge for CentOS 7 (which, I guess, is the sole reason why we have this kludge at all). Signed-off-by: Kir Kolyshkin --- .cirrus.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.cirrus.yml b/.cirrus.yml index a3ee5b5b156..d23d36c7052 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -160,10 +160,10 @@ task: sed -e "s,PermitRootLogin.*,PermitRootLogin prohibit-password,g" -i /etc/ssh/sshd_config systemctl restart sshd - # Disable the dmz-vs-selinux workaround for distros that have container-selinux >= 2.224.0. + # Disable the dmz-vs-selinux workaround for distros that have + # container-selinux >= 2.224.0 (CentOS 7 does not have it). case $DISTRO in - # TODO: remove centos-stream-8. - centos-7|centos-stream-8) + centos-7) # Do nothing. ;; *) From b2f7614afc713477b159bd68f0d1162afee54ee1 Mon Sep 17 00:00:00 2001 From: lfbzhm Date: Fri, 10 Nov 2023 13:48:36 +0000 Subject: [PATCH 0436/1176] bump github.com/cilium/ebpf from 0.12.2 to 0.12.3 Signed-off-by: lfbzhm --- go.mod | 4 +- go.sum | 8 +- vendor/github.com/cilium/ebpf/asm/alu.go | 91 ++++--- .../github.com/cilium/ebpf/asm/alu_string.go | 48 ++-- .../github.com/cilium/ebpf/asm/instruction.go | 91 ++++++- vendor/github.com/cilium/ebpf/asm/jump.go | 12 +- .../github.com/cilium/ebpf/asm/load_store.go | 21 ++ .../cilium/ebpf/asm/load_store_string.go | 12 +- vendor/github.com/cilium/ebpf/asm/opcode.go | 60 +++-- vendor/github.com/cilium/ebpf/btf/btf.go | 21 +- .../github.com/cilium/ebpf/btf/btf_types.go | 206 +++++++++++----- vendor/github.com/cilium/ebpf/btf/core.go | 38 +-- vendor/github.com/cilium/ebpf/btf/ext_info.go | 12 +- vendor/github.com/cilium/ebpf/btf/strings.go | 34 +-- vendor/github.com/cilium/ebpf/btf/types.go | 229 +++++++++++++----- vendor/github.com/cilium/ebpf/collection.go | 76 +++++- vendor/github.com/cilium/ebpf/elf_reader.go | 8 +- .../cilium/ebpf/internal/kconfig/kconfig.go | 17 +- .../cilium/ebpf/internal/sys/types.go | 127 ++++++---- vendor/github.com/cilium/ebpf/linker.go | 32 ++- vendor/github.com/cilium/ebpf/map.go | 41 ++-- .../golang.org/x/sys/execabs/execabs_go118.go | 1 - .../golang.org/x/sys/execabs/execabs_go119.go | 1 - vendor/golang.org/x/sys/unix/aliases.go | 2 - vendor/golang.org/x/sys/unix/asm_aix_ppc64.s | 1 - vendor/golang.org/x/sys/unix/asm_bsd_386.s | 2 - vendor/golang.org/x/sys/unix/asm_bsd_amd64.s | 2 - vendor/golang.org/x/sys/unix/asm_bsd_arm.s | 2 - vendor/golang.org/x/sys/unix/asm_bsd_arm64.s | 2 - vendor/golang.org/x/sys/unix/asm_bsd_ppc64.s | 2 - .../golang.org/x/sys/unix/asm_bsd_riscv64.s | 2 - vendor/golang.org/x/sys/unix/asm_linux_386.s | 1 - .../golang.org/x/sys/unix/asm_linux_amd64.s | 1 - vendor/golang.org/x/sys/unix/asm_linux_arm.s | 1 - .../golang.org/x/sys/unix/asm_linux_arm64.s | 3 - .../golang.org/x/sys/unix/asm_linux_loong64.s | 3 - .../golang.org/x/sys/unix/asm_linux_mips64x.s | 3 - .../golang.org/x/sys/unix/asm_linux_mipsx.s | 3 - .../golang.org/x/sys/unix/asm_linux_ppc64x.s | 3 - .../golang.org/x/sys/unix/asm_linux_riscv64.s | 2 - .../golang.org/x/sys/unix/asm_linux_s390x.s | 3 - .../x/sys/unix/asm_openbsd_mips64.s | 1 - .../golang.org/x/sys/unix/asm_solaris_amd64.s | 1 - vendor/golang.org/x/sys/unix/asm_zos_s390x.s | 3 - vendor/golang.org/x/sys/unix/cap_freebsd.go | 1 - vendor/golang.org/x/sys/unix/constants.go | 1 - vendor/golang.org/x/sys/unix/dev_aix_ppc.go | 1 - vendor/golang.org/x/sys/unix/dev_aix_ppc64.go | 1 - vendor/golang.org/x/sys/unix/dev_zos.go | 1 - vendor/golang.org/x/sys/unix/dirent.go | 1 - vendor/golang.org/x/sys/unix/endian_big.go | 1 - vendor/golang.org/x/sys/unix/endian_little.go | 1 - vendor/golang.org/x/sys/unix/env_unix.go | 1 - vendor/golang.org/x/sys/unix/epoll_zos.go | 1 - vendor/golang.org/x/sys/unix/fcntl.go | 3 +- .../x/sys/unix/fcntl_linux_32bit.go | 1 - vendor/golang.org/x/sys/unix/fdset.go | 1 - vendor/golang.org/x/sys/unix/fstatfs_zos.go | 1 - vendor/golang.org/x/sys/unix/gccgo.go | 1 - vendor/golang.org/x/sys/unix/gccgo_c.c | 1 - .../x/sys/unix/gccgo_linux_amd64.go | 1 - vendor/golang.org/x/sys/unix/ifreq_linux.go | 1 - vendor/golang.org/x/sys/unix/ioctl_signed.go | 1 - .../golang.org/x/sys/unix/ioctl_unsigned.go | 1 - vendor/golang.org/x/sys/unix/ioctl_zos.go | 1 - vendor/golang.org/x/sys/unix/mkerrors.sh | 3 +- vendor/golang.org/x/sys/unix/mmap_nomremap.go | 1 - vendor/golang.org/x/sys/unix/mremap.go | 1 - vendor/golang.org/x/sys/unix/pagesize_unix.go | 1 - .../golang.org/x/sys/unix/pledge_openbsd.go | 92 ++----- vendor/golang.org/x/sys/unix/ptrace_darwin.go | 1 - vendor/golang.org/x/sys/unix/ptrace_ios.go | 1 - vendor/golang.org/x/sys/unix/race.go | 1 - vendor/golang.org/x/sys/unix/race0.go | 1 - .../x/sys/unix/readdirent_getdents.go | 1 - .../x/sys/unix/readdirent_getdirentries.go | 1 - vendor/golang.org/x/sys/unix/sockcmsg_unix.go | 1 - .../x/sys/unix/sockcmsg_unix_other.go | 1 - vendor/golang.org/x/sys/unix/syscall.go | 1 - vendor/golang.org/x/sys/unix/syscall_aix.go | 4 +- .../golang.org/x/sys/unix/syscall_aix_ppc.go | 1 - .../x/sys/unix/syscall_aix_ppc64.go | 1 - vendor/golang.org/x/sys/unix/syscall_bsd.go | 3 +- .../x/sys/unix/syscall_darwin_amd64.go | 1 - .../x/sys/unix/syscall_darwin_arm64.go | 1 - .../x/sys/unix/syscall_darwin_libSystem.go | 1 - .../x/sys/unix/syscall_dragonfly_amd64.go | 1 - .../x/sys/unix/syscall_freebsd_386.go | 1 - .../x/sys/unix/syscall_freebsd_amd64.go | 1 - .../x/sys/unix/syscall_freebsd_arm.go | 1 - .../x/sys/unix/syscall_freebsd_arm64.go | 1 - .../x/sys/unix/syscall_freebsd_riscv64.go | 1 - vendor/golang.org/x/sys/unix/syscall_hurd.go | 1 - .../golang.org/x/sys/unix/syscall_hurd_386.go | 1 - .../golang.org/x/sys/unix/syscall_illumos.go | 1 - vendor/golang.org/x/sys/unix/syscall_linux.go | 33 ++- .../x/sys/unix/syscall_linux_386.go | 1 - .../x/sys/unix/syscall_linux_alarm.go | 2 - .../x/sys/unix/syscall_linux_amd64.go | 1 - .../x/sys/unix/syscall_linux_amd64_gc.go | 1 - .../x/sys/unix/syscall_linux_arm.go | 1 - .../x/sys/unix/syscall_linux_arm64.go | 1 - .../golang.org/x/sys/unix/syscall_linux_gc.go | 1 - .../x/sys/unix/syscall_linux_gc_386.go | 1 - .../x/sys/unix/syscall_linux_gc_arm.go | 1 - .../x/sys/unix/syscall_linux_gccgo_386.go | 1 - .../x/sys/unix/syscall_linux_gccgo_arm.go | 1 - .../x/sys/unix/syscall_linux_loong64.go | 1 - .../x/sys/unix/syscall_linux_mips64x.go | 2 - .../x/sys/unix/syscall_linux_mipsx.go | 2 - .../x/sys/unix/syscall_linux_ppc.go | 1 - .../x/sys/unix/syscall_linux_ppc64x.go | 2 - .../x/sys/unix/syscall_linux_riscv64.go | 1 - .../x/sys/unix/syscall_linux_s390x.go | 1 - .../x/sys/unix/syscall_linux_sparc64.go | 1 - .../x/sys/unix/syscall_netbsd_386.go | 1 - .../x/sys/unix/syscall_netbsd_amd64.go | 1 - .../x/sys/unix/syscall_netbsd_arm.go | 1 - .../x/sys/unix/syscall_netbsd_arm64.go | 1 - .../golang.org/x/sys/unix/syscall_openbsd.go | 28 ++- .../x/sys/unix/syscall_openbsd_386.go | 1 - .../x/sys/unix/syscall_openbsd_amd64.go | 1 - .../x/sys/unix/syscall_openbsd_arm.go | 1 - .../x/sys/unix/syscall_openbsd_arm64.go | 1 - .../x/sys/unix/syscall_openbsd_libc.go | 1 - .../x/sys/unix/syscall_openbsd_ppc64.go | 1 - .../x/sys/unix/syscall_openbsd_riscv64.go | 1 - .../golang.org/x/sys/unix/syscall_solaris.go | 5 +- .../x/sys/unix/syscall_solaris_amd64.go | 1 - vendor/golang.org/x/sys/unix/syscall_unix.go | 1 - .../golang.org/x/sys/unix/syscall_unix_gc.go | 2 - .../x/sys/unix/syscall_unix_gc_ppc64x.go | 3 - .../x/sys/unix/syscall_zos_s390x.go | 3 +- vendor/golang.org/x/sys/unix/sysvshm_linux.go | 1 - vendor/golang.org/x/sys/unix/sysvshm_unix.go | 1 - .../x/sys/unix/sysvshm_unix_other.go | 1 - vendor/golang.org/x/sys/unix/timestruct.go | 1 - .../golang.org/x/sys/unix/unveil_openbsd.go | 41 ++-- vendor/golang.org/x/sys/unix/xattr_bsd.go | 1 - .../golang.org/x/sys/unix/zerrors_aix_ppc.go | 1 - .../x/sys/unix/zerrors_aix_ppc64.go | 1 - .../x/sys/unix/zerrors_darwin_amd64.go | 1 - .../x/sys/unix/zerrors_darwin_arm64.go | 1 - .../x/sys/unix/zerrors_dragonfly_amd64.go | 1 - .../x/sys/unix/zerrors_freebsd_386.go | 1 - .../x/sys/unix/zerrors_freebsd_amd64.go | 1 - .../x/sys/unix/zerrors_freebsd_arm.go | 1 - .../x/sys/unix/zerrors_freebsd_arm64.go | 1 - .../x/sys/unix/zerrors_freebsd_riscv64.go | 1 - vendor/golang.org/x/sys/unix/zerrors_linux.go | 13 +- .../x/sys/unix/zerrors_linux_386.go | 1 - .../x/sys/unix/zerrors_linux_amd64.go | 1 - .../x/sys/unix/zerrors_linux_arm.go | 1 - .../x/sys/unix/zerrors_linux_arm64.go | 1 - .../x/sys/unix/zerrors_linux_loong64.go | 2 +- .../x/sys/unix/zerrors_linux_mips.go | 1 - .../x/sys/unix/zerrors_linux_mips64.go | 1 - .../x/sys/unix/zerrors_linux_mips64le.go | 1 - .../x/sys/unix/zerrors_linux_mipsle.go | 1 - .../x/sys/unix/zerrors_linux_ppc.go | 1 - .../x/sys/unix/zerrors_linux_ppc64.go | 1 - .../x/sys/unix/zerrors_linux_ppc64le.go | 1 - .../x/sys/unix/zerrors_linux_riscv64.go | 4 +- .../x/sys/unix/zerrors_linux_s390x.go | 1 - .../x/sys/unix/zerrors_linux_sparc64.go | 1 - .../x/sys/unix/zerrors_netbsd_386.go | 1 - .../x/sys/unix/zerrors_netbsd_amd64.go | 1 - .../x/sys/unix/zerrors_netbsd_arm.go | 1 - .../x/sys/unix/zerrors_netbsd_arm64.go | 1 - .../x/sys/unix/zerrors_openbsd_386.go | 1 - .../x/sys/unix/zerrors_openbsd_amd64.go | 1 - .../x/sys/unix/zerrors_openbsd_arm.go | 1 - .../x/sys/unix/zerrors_openbsd_arm64.go | 1 - .../x/sys/unix/zerrors_openbsd_mips64.go | 1 - .../x/sys/unix/zerrors_openbsd_ppc64.go | 1 - .../x/sys/unix/zerrors_openbsd_riscv64.go | 1 - .../x/sys/unix/zerrors_solaris_amd64.go | 1 - .../x/sys/unix/zerrors_zos_s390x.go | 1 - .../x/sys/unix/zptrace_armnn_linux.go | 2 - .../x/sys/unix/zptrace_mipsnn_linux.go | 2 - .../x/sys/unix/zptrace_mipsnnle_linux.go | 2 - .../x/sys/unix/zptrace_x86_linux.go | 2 - .../golang.org/x/sys/unix/zsyscall_aix_ppc.go | 1 - .../x/sys/unix/zsyscall_aix_ppc64.go | 1 - .../x/sys/unix/zsyscall_aix_ppc64_gc.go | 1 - .../x/sys/unix/zsyscall_aix_ppc64_gccgo.go | 1 - .../x/sys/unix/zsyscall_darwin_amd64.go | 1 - .../x/sys/unix/zsyscall_darwin_arm64.go | 1 - .../x/sys/unix/zsyscall_dragonfly_amd64.go | 1 - .../x/sys/unix/zsyscall_freebsd_386.go | 1 - .../x/sys/unix/zsyscall_freebsd_amd64.go | 1 - .../x/sys/unix/zsyscall_freebsd_arm.go | 1 - .../x/sys/unix/zsyscall_freebsd_arm64.go | 1 - .../x/sys/unix/zsyscall_freebsd_riscv64.go | 1 - .../x/sys/unix/zsyscall_illumos_amd64.go | 1 - .../golang.org/x/sys/unix/zsyscall_linux.go | 26 +- .../x/sys/unix/zsyscall_linux_386.go | 1 - .../x/sys/unix/zsyscall_linux_amd64.go | 1 - .../x/sys/unix/zsyscall_linux_arm.go | 1 - .../x/sys/unix/zsyscall_linux_arm64.go | 1 - .../x/sys/unix/zsyscall_linux_loong64.go | 1 - .../x/sys/unix/zsyscall_linux_mips.go | 1 - .../x/sys/unix/zsyscall_linux_mips64.go | 1 - .../x/sys/unix/zsyscall_linux_mips64le.go | 1 - .../x/sys/unix/zsyscall_linux_mipsle.go | 1 - .../x/sys/unix/zsyscall_linux_ppc.go | 1 - .../x/sys/unix/zsyscall_linux_ppc64.go | 1 - .../x/sys/unix/zsyscall_linux_ppc64le.go | 1 - .../x/sys/unix/zsyscall_linux_riscv64.go | 1 - .../x/sys/unix/zsyscall_linux_s390x.go | 1 - .../x/sys/unix/zsyscall_linux_sparc64.go | 1 - .../x/sys/unix/zsyscall_netbsd_386.go | 1 - .../x/sys/unix/zsyscall_netbsd_amd64.go | 1 - .../x/sys/unix/zsyscall_netbsd_arm.go | 1 - .../x/sys/unix/zsyscall_netbsd_arm64.go | 1 - .../x/sys/unix/zsyscall_openbsd_386.go | 72 +++++- .../x/sys/unix/zsyscall_openbsd_386.s | 20 ++ .../x/sys/unix/zsyscall_openbsd_amd64.go | 72 +++++- .../x/sys/unix/zsyscall_openbsd_amd64.s | 20 ++ .../x/sys/unix/zsyscall_openbsd_arm.go | 72 +++++- .../x/sys/unix/zsyscall_openbsd_arm.s | 20 ++ .../x/sys/unix/zsyscall_openbsd_arm64.go | 72 +++++- .../x/sys/unix/zsyscall_openbsd_arm64.s | 20 ++ .../x/sys/unix/zsyscall_openbsd_mips64.go | 72 +++++- .../x/sys/unix/zsyscall_openbsd_mips64.s | 20 ++ .../x/sys/unix/zsyscall_openbsd_ppc64.go | 72 +++++- .../x/sys/unix/zsyscall_openbsd_ppc64.s | 24 ++ .../x/sys/unix/zsyscall_openbsd_riscv64.go | 72 +++++- .../x/sys/unix/zsyscall_openbsd_riscv64.s | 20 ++ .../x/sys/unix/zsyscall_solaris_amd64.go | 1 - .../x/sys/unix/zsyscall_zos_s390x.go | 1 - .../x/sys/unix/zsysctl_openbsd_386.go | 1 - .../x/sys/unix/zsysctl_openbsd_amd64.go | 1 - .../x/sys/unix/zsysctl_openbsd_arm.go | 1 - .../x/sys/unix/zsysctl_openbsd_arm64.go | 1 - .../x/sys/unix/zsysctl_openbsd_mips64.go | 1 - .../x/sys/unix/zsysctl_openbsd_ppc64.go | 1 - .../x/sys/unix/zsysctl_openbsd_riscv64.go | 1 - .../x/sys/unix/zsysnum_darwin_amd64.go | 1 - .../x/sys/unix/zsysnum_darwin_arm64.go | 1 - .../x/sys/unix/zsysnum_dragonfly_amd64.go | 1 - .../x/sys/unix/zsysnum_freebsd_386.go | 1 - .../x/sys/unix/zsysnum_freebsd_amd64.go | 1 - .../x/sys/unix/zsysnum_freebsd_arm.go | 1 - .../x/sys/unix/zsysnum_freebsd_arm64.go | 1 - .../x/sys/unix/zsysnum_freebsd_riscv64.go | 1 - .../x/sys/unix/zsysnum_linux_386.go | 2 +- .../x/sys/unix/zsysnum_linux_amd64.go | 3 +- .../x/sys/unix/zsysnum_linux_arm.go | 2 +- .../x/sys/unix/zsysnum_linux_arm64.go | 2 +- .../x/sys/unix/zsysnum_linux_loong64.go | 2 +- .../x/sys/unix/zsysnum_linux_mips.go | 2 +- .../x/sys/unix/zsysnum_linux_mips64.go | 2 +- .../x/sys/unix/zsysnum_linux_mips64le.go | 2 +- .../x/sys/unix/zsysnum_linux_mipsle.go | 2 +- .../x/sys/unix/zsysnum_linux_ppc.go | 2 +- .../x/sys/unix/zsysnum_linux_ppc64.go | 2 +- .../x/sys/unix/zsysnum_linux_ppc64le.go | 2 +- .../x/sys/unix/zsysnum_linux_riscv64.go | 2 +- .../x/sys/unix/zsysnum_linux_s390x.go | 2 +- .../x/sys/unix/zsysnum_linux_sparc64.go | 2 +- .../x/sys/unix/zsysnum_netbsd_386.go | 1 - .../x/sys/unix/zsysnum_netbsd_amd64.go | 1 - .../x/sys/unix/zsysnum_netbsd_arm.go | 1 - .../x/sys/unix/zsysnum_netbsd_arm64.go | 1 - .../x/sys/unix/zsysnum_openbsd_386.go | 1 - .../x/sys/unix/zsysnum_openbsd_amd64.go | 1 - .../x/sys/unix/zsysnum_openbsd_arm.go | 1 - .../x/sys/unix/zsysnum_openbsd_arm64.go | 1 - .../x/sys/unix/zsysnum_openbsd_mips64.go | 1 - .../x/sys/unix/zsysnum_openbsd_ppc64.go | 1 - .../x/sys/unix/zsysnum_openbsd_riscv64.go | 1 - .../x/sys/unix/zsysnum_zos_s390x.go | 1 - .../golang.org/x/sys/unix/ztypes_aix_ppc.go | 1 - .../golang.org/x/sys/unix/ztypes_aix_ppc64.go | 1 - .../x/sys/unix/ztypes_darwin_amd64.go | 1 - .../x/sys/unix/ztypes_darwin_arm64.go | 1 - .../x/sys/unix/ztypes_dragonfly_amd64.go | 1 - .../x/sys/unix/ztypes_freebsd_386.go | 1 - .../x/sys/unix/ztypes_freebsd_amd64.go | 1 - .../x/sys/unix/ztypes_freebsd_arm.go | 1 - .../x/sys/unix/ztypes_freebsd_arm64.go | 1 - .../x/sys/unix/ztypes_freebsd_riscv64.go | 1 - vendor/golang.org/x/sys/unix/ztypes_linux.go | 39 ++- .../golang.org/x/sys/unix/ztypes_linux_386.go | 1 - .../x/sys/unix/ztypes_linux_amd64.go | 1 - .../golang.org/x/sys/unix/ztypes_linux_arm.go | 1 - .../x/sys/unix/ztypes_linux_arm64.go | 1 - .../x/sys/unix/ztypes_linux_loong64.go | 1 - .../x/sys/unix/ztypes_linux_mips.go | 1 - .../x/sys/unix/ztypes_linux_mips64.go | 1 - .../x/sys/unix/ztypes_linux_mips64le.go | 1 - .../x/sys/unix/ztypes_linux_mipsle.go | 1 - .../golang.org/x/sys/unix/ztypes_linux_ppc.go | 1 - .../x/sys/unix/ztypes_linux_ppc64.go | 1 - .../x/sys/unix/ztypes_linux_ppc64le.go | 1 - .../x/sys/unix/ztypes_linux_riscv64.go | 1 - .../x/sys/unix/ztypes_linux_s390x.go | 1 - .../x/sys/unix/ztypes_linux_sparc64.go | 1 - .../x/sys/unix/ztypes_netbsd_386.go | 1 - .../x/sys/unix/ztypes_netbsd_amd64.go | 1 - .../x/sys/unix/ztypes_netbsd_arm.go | 1 - .../x/sys/unix/ztypes_netbsd_arm64.go | 1 - .../x/sys/unix/ztypes_openbsd_386.go | 1 - .../x/sys/unix/ztypes_openbsd_amd64.go | 1 - .../x/sys/unix/ztypes_openbsd_arm.go | 1 - .../x/sys/unix/ztypes_openbsd_arm64.go | 1 - .../x/sys/unix/ztypes_openbsd_mips64.go | 1 - .../x/sys/unix/ztypes_openbsd_ppc64.go | 1 - .../x/sys/unix/ztypes_openbsd_riscv64.go | 1 - .../x/sys/unix/ztypes_solaris_amd64.go | 1 - .../golang.org/x/sys/unix/ztypes_zos_s390x.go | 1 - vendor/golang.org/x/sys/windows/aliases.go | 1 - vendor/golang.org/x/sys/windows/empty.s | 1 - vendor/golang.org/x/sys/windows/eventlog.go | 1 - vendor/golang.org/x/sys/windows/mksyscall.go | 1 - vendor/golang.org/x/sys/windows/race.go | 1 - vendor/golang.org/x/sys/windows/race0.go | 1 - vendor/golang.org/x/sys/windows/service.go | 1 - vendor/golang.org/x/sys/windows/str.go | 1 - vendor/golang.org/x/sys/windows/syscall.go | 1 - .../x/sys/windows/syscall_windows.go | 4 +- .../golang.org/x/sys/windows/types_windows.go | 28 ++- .../x/sys/windows/zsyscall_windows.go | 9 + vendor/modules.txt | 6 +- 325 files changed, 1724 insertions(+), 778 deletions(-) diff --git a/go.mod b/go.mod index ca73baf787e..0961ca666c8 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.20 require ( github.com/checkpoint-restore/go-criu/v6 v6.3.0 - github.com/cilium/ebpf v0.12.2 + github.com/cilium/ebpf v0.12.3 github.com/containerd/console v1.0.3 github.com/coreos/go-systemd/v22 v22.5.0 github.com/cyphar/filepath-securejoin v0.2.4 @@ -21,7 +21,7 @@ require ( github.com/urfave/cli v1.22.12 github.com/vishvananda/netlink v1.1.0 golang.org/x/net v0.17.0 - golang.org/x/sys v0.13.0 + golang.org/x/sys v0.14.1-0.20231108175955-e4099bfacb8c google.golang.org/protobuf v1.31.0 ) diff --git a/go.sum b/go.sum index 5a7d5b70f5a..76b7d2c355e 100644 --- a/go.sum +++ b/go.sum @@ -1,8 +1,8 @@ github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/checkpoint-restore/go-criu/v6 v6.3.0 h1:mIdrSO2cPNWQY1truPg6uHLXyKHk3Z5Odx4wjKOASzA= github.com/checkpoint-restore/go-criu/v6 v6.3.0/go.mod h1:rrRTN/uSwY2X+BPRl/gkulo9gsKOSAeVp9/K2tv7xZI= -github.com/cilium/ebpf v0.12.2 h1:cP3qL4kkl19kr/F+hKqUo9F9pPMVz1oms8C7Qj0AwWk= -github.com/cilium/ebpf v0.12.2/go.mod h1:u9H29/Iq+8cy70YqI6p5pfADkFl3vdnV2qXDg5JL0Zo= +github.com/cilium/ebpf v0.12.3 h1:8ht6F9MquybnY97at+VDZb3eQQr8ev79RueWeVaEcG4= +github.com/cilium/ebpf v0.12.3/go.mod h1:TctK1ivibvI3znr66ljgi4hqOT8EYQjz1KWBfb1UVgM= github.com/containerd/console v1.0.3 h1:lIr7SlA5PxZyMV30bDW0MGbiOPXwc63yRuCP0ARubLw= github.com/containerd/console v1.0.3/go.mod h1:7LqA/THxQ86k76b8c/EMSiaJ3h1eZkMkXar0TQ1gf3U= github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs= @@ -71,8 +71,8 @@ golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE= -golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.14.1-0.20231108175955-e4099bfacb8c h1:3kC/TjQ+xzIblQv39bCOyRk8fbEeJcDHwbyxPUU2BpA= +golang.org/x/sys v0.14.1-0.20231108175955-e4099bfacb8c/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= diff --git a/vendor/github.com/cilium/ebpf/asm/alu.go b/vendor/github.com/cilium/ebpf/asm/alu.go index 7dc56204bcb..282233d327f 100644 --- a/vendor/github.com/cilium/ebpf/asm/alu.go +++ b/vendor/github.com/cilium/ebpf/asm/alu.go @@ -4,23 +4,23 @@ package asm // Source of ALU / ALU64 / Branch operations // -// msb lsb -// +----+-+---+ -// |op |S|cls| -// +----+-+---+ -type Source uint8 +// msb lsb +// +------------+-+---+ +// | op |S|cls| +// +------------+-+---+ +type Source uint16 -const sourceMask OpCode = 0x08 +const sourceMask OpCode = 0x0008 // Source bitmask const ( // InvalidSource is returned by getters when invoked // on non ALU / branch OpCodes. - InvalidSource Source = 0xff + InvalidSource Source = 0xffff // ImmSource src is from constant - ImmSource Source = 0x00 + ImmSource Source = 0x0000 // RegSource src is from register - RegSource Source = 0x08 + RegSource Source = 0x0008 ) // The Endianness of a byte swap instruction. @@ -39,46 +39,56 @@ const ( // ALUOp are ALU / ALU64 operations // -// msb lsb -// +----+-+---+ -// |OP |s|cls| -// +----+-+---+ -type ALUOp uint8 +// msb lsb +// +-------+----+-+---+ +// | EXT | OP |s|cls| +// +-------+----+-+---+ +type ALUOp uint16 -const aluMask OpCode = 0xf0 +const aluMask OpCode = 0x3ff0 const ( // InvalidALUOp is returned by getters when invoked // on non ALU OpCodes - InvalidALUOp ALUOp = 0xff + InvalidALUOp ALUOp = 0xffff // Add - addition - Add ALUOp = 0x00 + Add ALUOp = 0x0000 // Sub - subtraction - Sub ALUOp = 0x10 + Sub ALUOp = 0x0010 // Mul - multiplication - Mul ALUOp = 0x20 + Mul ALUOp = 0x0020 // Div - division - Div ALUOp = 0x30 + Div ALUOp = 0x0030 + // SDiv - signed division + SDiv ALUOp = Div + 0x0100 // Or - bitwise or - Or ALUOp = 0x40 + Or ALUOp = 0x0040 // And - bitwise and - And ALUOp = 0x50 + And ALUOp = 0x0050 // LSh - bitwise shift left - LSh ALUOp = 0x60 + LSh ALUOp = 0x0060 // RSh - bitwise shift right - RSh ALUOp = 0x70 + RSh ALUOp = 0x0070 // Neg - sign/unsign signing bit - Neg ALUOp = 0x80 + Neg ALUOp = 0x0080 // Mod - modulo - Mod ALUOp = 0x90 + Mod ALUOp = 0x0090 + // SMod - signed modulo + SMod ALUOp = Mod + 0x0100 // Xor - bitwise xor - Xor ALUOp = 0xa0 + Xor ALUOp = 0x00a0 // Mov - move value from one place to another - Mov ALUOp = 0xb0 + Mov ALUOp = 0x00b0 + // MovSX8 - move lower 8 bits, sign extended upper bits of target + MovSX8 ALUOp = Mov + 0x0100 + // MovSX16 - move lower 16 bits, sign extended upper bits of target + MovSX16 ALUOp = Mov + 0x0200 + // MovSX32 - move lower 32 bits, sign extended upper bits of target + MovSX32 ALUOp = Mov + 0x0300 // ArSh - arithmetic shift - ArSh ALUOp = 0xc0 + ArSh ALUOp = 0x00c0 // Swap - endian conversions - Swap ALUOp = 0xd0 + Swap ALUOp = 0x00d0 ) // HostTo converts from host to another endianness. @@ -102,6 +112,27 @@ func HostTo(endian Endianness, dst Register, size Size) Instruction { } } +// BSwap unconditionally reverses the order of bytes in a register. +func BSwap(dst Register, size Size) Instruction { + var imm int64 + switch size { + case Half: + imm = 16 + case Word: + imm = 32 + case DWord: + imm = 64 + default: + return Instruction{OpCode: InvalidOpCode} + } + + return Instruction{ + OpCode: OpCode(ALU64Class).SetALUOp(Swap), + Dst: dst, + Constant: imm, + } +} + // Op returns the OpCode for an ALU operation with a given source. func (op ALUOp) Op(source Source) OpCode { return OpCode(ALU64Class).SetALUOp(op).SetSource(source) diff --git a/vendor/github.com/cilium/ebpf/asm/alu_string.go b/vendor/github.com/cilium/ebpf/asm/alu_string.go index 72d3fe6292e..35b406bf3f7 100644 --- a/vendor/github.com/cilium/ebpf/asm/alu_string.go +++ b/vendor/github.com/cilium/ebpf/asm/alu_string.go @@ -8,7 +8,7 @@ func _() { // An "invalid array index" compiler error signifies that the constant values have changed. // Re-run the stringer command to generate them again. var x [1]struct{} - _ = x[InvalidSource-255] + _ = x[InvalidSource-65535] _ = x[ImmSource-0] _ = x[RegSource-8] } @@ -25,7 +25,7 @@ func (i Source) String() string { return _Source_name_0 case i == 8: return _Source_name_1 - case i == 255: + case i == 65535: return _Source_name_2 default: return "Source(" + strconv.FormatInt(int64(i), 10) + ")" @@ -62,41 +62,51 @@ func _() { // An "invalid array index" compiler error signifies that the constant values have changed. // Re-run the stringer command to generate them again. var x [1]struct{} - _ = x[InvalidALUOp-255] + _ = x[InvalidALUOp-65535] _ = x[Add-0] _ = x[Sub-16] _ = x[Mul-32] _ = x[Div-48] + _ = x[SDiv-304] _ = x[Or-64] _ = x[And-80] _ = x[LSh-96] _ = x[RSh-112] _ = x[Neg-128] _ = x[Mod-144] + _ = x[SMod-400] _ = x[Xor-160] _ = x[Mov-176] + _ = x[MovSX8-432] + _ = x[MovSX16-688] + _ = x[MovSX32-944] _ = x[ArSh-192] _ = x[Swap-208] } -const _ALUOp_name = "AddSubMulDivOrAndLShRShNegModXorMovArShSwapInvalidALUOp" +const _ALUOp_name = "AddSubMulDivOrAndLShRShNegModXorMovArShSwapSDivSModMovSX8MovSX16MovSX32InvalidALUOp" var _ALUOp_map = map[ALUOp]string{ - 0: _ALUOp_name[0:3], - 16: _ALUOp_name[3:6], - 32: _ALUOp_name[6:9], - 48: _ALUOp_name[9:12], - 64: _ALUOp_name[12:14], - 80: _ALUOp_name[14:17], - 96: _ALUOp_name[17:20], - 112: _ALUOp_name[20:23], - 128: _ALUOp_name[23:26], - 144: _ALUOp_name[26:29], - 160: _ALUOp_name[29:32], - 176: _ALUOp_name[32:35], - 192: _ALUOp_name[35:39], - 208: _ALUOp_name[39:43], - 255: _ALUOp_name[43:55], + 0: _ALUOp_name[0:3], + 16: _ALUOp_name[3:6], + 32: _ALUOp_name[6:9], + 48: _ALUOp_name[9:12], + 64: _ALUOp_name[12:14], + 80: _ALUOp_name[14:17], + 96: _ALUOp_name[17:20], + 112: _ALUOp_name[20:23], + 128: _ALUOp_name[23:26], + 144: _ALUOp_name[26:29], + 160: _ALUOp_name[29:32], + 176: _ALUOp_name[32:35], + 192: _ALUOp_name[35:39], + 208: _ALUOp_name[39:43], + 304: _ALUOp_name[43:47], + 400: _ALUOp_name[47:51], + 432: _ALUOp_name[51:57], + 688: _ALUOp_name[57:64], + 944: _ALUOp_name[64:71], + 65535: _ALUOp_name[71:83], } func (i ALUOp) String() string { diff --git a/vendor/github.com/cilium/ebpf/asm/instruction.go b/vendor/github.com/cilium/ebpf/asm/instruction.go index ef01eaa35ae..67cd39d6f67 100644 --- a/vendor/github.com/cilium/ebpf/asm/instruction.go +++ b/vendor/github.com/cilium/ebpf/asm/instruction.go @@ -60,6 +60,34 @@ func (ins *Instruction) Unmarshal(r io.Reader, bo binary.ByteOrder) (uint64, err } ins.Offset = int16(bo.Uint16(data[2:4])) + + if ins.OpCode.Class().IsALU() { + switch ins.OpCode.ALUOp() { + case Div: + if ins.Offset == 1 { + ins.OpCode = ins.OpCode.SetALUOp(SDiv) + ins.Offset = 0 + } + case Mod: + if ins.Offset == 1 { + ins.OpCode = ins.OpCode.SetALUOp(SMod) + ins.Offset = 0 + } + case Mov: + switch ins.Offset { + case 8: + ins.OpCode = ins.OpCode.SetALUOp(MovSX8) + ins.Offset = 0 + case 16: + ins.OpCode = ins.OpCode.SetALUOp(MovSX16) + ins.Offset = 0 + case 32: + ins.OpCode = ins.OpCode.SetALUOp(MovSX32) + ins.Offset = 0 + } + } + } + // Convert to int32 before widening to int64 // to ensure the signed bit is carried over. ins.Constant = int64(int32(bo.Uint32(data[4:8]))) @@ -106,8 +134,38 @@ func (ins Instruction) Marshal(w io.Writer, bo binary.ByteOrder) (uint64, error) return 0, fmt.Errorf("can't marshal registers: %s", err) } + if ins.OpCode.Class().IsALU() { + newOffset := int16(0) + switch ins.OpCode.ALUOp() { + case SDiv: + ins.OpCode = ins.OpCode.SetALUOp(Div) + newOffset = 1 + case SMod: + ins.OpCode = ins.OpCode.SetALUOp(Mod) + newOffset = 1 + case MovSX8: + ins.OpCode = ins.OpCode.SetALUOp(Mov) + newOffset = 8 + case MovSX16: + ins.OpCode = ins.OpCode.SetALUOp(Mov) + newOffset = 16 + case MovSX32: + ins.OpCode = ins.OpCode.SetALUOp(Mov) + newOffset = 32 + } + if newOffset != 0 && ins.Offset != 0 { + return 0, fmt.Errorf("extended ALU opcodes should have an .Offset of 0: %s", ins) + } + ins.Offset = newOffset + } + + op, err := ins.OpCode.bpfOpCode() + if err != nil { + return 0, err + } + data := make([]byte, InstructionSize) - data[0] = byte(ins.OpCode) + data[0] = op data[1] = byte(regs) bo.PutUint16(data[2:4], uint16(ins.Offset)) bo.PutUint32(data[4:8], uint32(cons)) @@ -298,9 +356,9 @@ func (ins Instruction) Format(f fmt.State, c rune) { goto ref } - fmt.Fprintf(f, "%v ", op) switch cls := op.Class(); { case cls.isLoadOrStore(): + fmt.Fprintf(f, "%v ", op) switch op.Mode() { case ImmMode: fmt.Fprintf(f, "dst: %s imm: %d", ins.Dst, ins.Constant) @@ -308,21 +366,30 @@ func (ins Instruction) Format(f fmt.State, c rune) { fmt.Fprintf(f, "imm: %d", ins.Constant) case IndMode: fmt.Fprintf(f, "dst: %s src: %s imm: %d", ins.Dst, ins.Src, ins.Constant) - case MemMode: + case MemMode, MemSXMode: fmt.Fprintf(f, "dst: %s src: %s off: %d imm: %d", ins.Dst, ins.Src, ins.Offset, ins.Constant) case XAddMode: fmt.Fprintf(f, "dst: %s src: %s", ins.Dst, ins.Src) } case cls.IsALU(): - fmt.Fprintf(f, "dst: %s ", ins.Dst) - if op.ALUOp() == Swap || op.Source() == ImmSource { + fmt.Fprintf(f, "%v", op) + if op == Swap.Op(ImmSource) { + fmt.Fprintf(f, "%d", ins.Constant) + } + + fmt.Fprintf(f, " dst: %s ", ins.Dst) + switch { + case op.ALUOp() == Swap: + break + case op.Source() == ImmSource: fmt.Fprintf(f, "imm: %d", ins.Constant) - } else { + default: fmt.Fprintf(f, "src: %s", ins.Src) } case cls.IsJump(): + fmt.Fprintf(f, "%v ", op) switch jop := op.JumpOp(); jop { case Call: switch ins.Src { @@ -336,6 +403,13 @@ func (ins Instruction) Format(f fmt.State, c rune) { fmt.Fprint(f, BuiltinFunc(ins.Constant)) } + case Ja: + if ins.OpCode.Class() == Jump32Class { + fmt.Fprintf(f, "imm: %d", ins.Constant) + } else { + fmt.Fprintf(f, "off: %d", ins.Offset) + } + default: fmt.Fprintf(f, "dst: %s off: %d ", ins.Dst, ins.Offset) if op.Source() == ImmSource { @@ -344,6 +418,8 @@ func (ins Instruction) Format(f fmt.State, c rune) { fmt.Fprintf(f, "src: %s", ins.Src) } } + default: + fmt.Fprintf(f, "%v ", op) } ref: @@ -772,7 +848,8 @@ func (insns Instructions) encodeFunctionReferences() error { } switch { - case ins.IsFunctionReference() && ins.Constant == -1: + case ins.IsFunctionReference() && ins.Constant == -1, + ins.OpCode == Ja.opCode(Jump32Class, ImmSource) && ins.Constant == -1: symOffset, ok := symbolOffsets[ins.Reference()] if !ok { return fmt.Errorf("%s at insn %d: symbol %q: %w", ins.OpCode, i, ins.Reference(), ErrUnsatisfiedProgramReference) diff --git a/vendor/github.com/cilium/ebpf/asm/jump.go b/vendor/github.com/cilium/ebpf/asm/jump.go index 9a525b21a59..2738d736b2d 100644 --- a/vendor/github.com/cilium/ebpf/asm/jump.go +++ b/vendor/github.com/cilium/ebpf/asm/jump.go @@ -10,7 +10,7 @@ package asm // +----+-+---+ type JumpOp uint8 -const jumpMask OpCode = aluMask +const jumpMask OpCode = 0xf0 const ( // InvalidJumpOp is returned by getters when invoked @@ -103,13 +103,21 @@ func (op JumpOp) Reg32(dst, src Register, label string) Instruction { } func (op JumpOp) opCode(class Class, source Source) OpCode { - if op == Exit || op == Call || op == Ja { + if op == Exit || op == Call { return InvalidOpCode } return OpCode(class).SetJumpOp(op).SetSource(source) } +// LongJump returns a jump always instruction with a range of [-2^31, 2^31 - 1]. +func LongJump(label string) Instruction { + return Instruction{ + OpCode: Ja.opCode(Jump32Class, ImmSource), + Constant: -1, + }.WithReference(label) +} + // Label adjusts PC to the address of the label. func (op JumpOp) Label(label string) Instruction { if op == Call { diff --git a/vendor/github.com/cilium/ebpf/asm/load_store.go b/vendor/github.com/cilium/ebpf/asm/load_store.go index 574ee377c9b..cdb5c5cfa43 100644 --- a/vendor/github.com/cilium/ebpf/asm/load_store.go +++ b/vendor/github.com/cilium/ebpf/asm/load_store.go @@ -24,6 +24,8 @@ const ( IndMode Mode = 0x40 // MemMode - load from memory MemMode Mode = 0x60 + // MemSXMode - load from memory, sign extension + MemSXMode Mode = 0x80 // XAddMode - add atomically across processors. XAddMode Mode = 0xc0 ) @@ -73,6 +75,11 @@ func LoadMemOp(size Size) OpCode { return OpCode(LdXClass).SetMode(MemMode).SetSize(size) } +// LoadMemSXOp returns the OpCode to load a value of given size from memory sign extended. +func LoadMemSXOp(size Size) OpCode { + return OpCode(LdXClass).SetMode(MemSXMode).SetSize(size) +} + // LoadMem emits `dst = *(size *)(src + offset)`. func LoadMem(dst, src Register, offset int16, size Size) Instruction { return Instruction{ @@ -83,6 +90,20 @@ func LoadMem(dst, src Register, offset int16, size Size) Instruction { } } +// LoadMemSX emits `dst = *(size *)(src + offset)` but sign extends dst. +func LoadMemSX(dst, src Register, offset int16, size Size) Instruction { + if size == DWord { + return Instruction{OpCode: InvalidOpCode} + } + + return Instruction{ + OpCode: LoadMemSXOp(size), + Dst: dst, + Src: src, + Offset: offset, + } +} + // LoadImmOp returns the OpCode to load an immediate of given size. // // As of kernel 4.20, only DWord size is accepted. diff --git a/vendor/github.com/cilium/ebpf/asm/load_store_string.go b/vendor/github.com/cilium/ebpf/asm/load_store_string.go index 76d29a0756c..c48080327c0 100644 --- a/vendor/github.com/cilium/ebpf/asm/load_store_string.go +++ b/vendor/github.com/cilium/ebpf/asm/load_store_string.go @@ -13,6 +13,7 @@ func _() { _ = x[AbsMode-32] _ = x[IndMode-64] _ = x[MemMode-96] + _ = x[MemSXMode-128] _ = x[XAddMode-192] } @@ -21,8 +22,9 @@ const ( _Mode_name_1 = "AbsMode" _Mode_name_2 = "IndMode" _Mode_name_3 = "MemMode" - _Mode_name_4 = "XAddMode" - _Mode_name_5 = "InvalidMode" + _Mode_name_4 = "MemSXMode" + _Mode_name_5 = "XAddMode" + _Mode_name_6 = "InvalidMode" ) func (i Mode) String() string { @@ -35,10 +37,12 @@ func (i Mode) String() string { return _Mode_name_2 case i == 96: return _Mode_name_3 - case i == 192: + case i == 128: return _Mode_name_4 - case i == 255: + case i == 192: return _Mode_name_5 + case i == 255: + return _Mode_name_6 default: return "Mode(" + strconv.FormatInt(int64(i), 10) + ")" } diff --git a/vendor/github.com/cilium/ebpf/asm/opcode.go b/vendor/github.com/cilium/ebpf/asm/opcode.go index 845c5521f87..1dfd0b171a4 100644 --- a/vendor/github.com/cilium/ebpf/asm/opcode.go +++ b/vendor/github.com/cilium/ebpf/asm/opcode.go @@ -66,18 +66,43 @@ func (cls Class) isJumpOrALU() bool { return cls.IsJump() || cls.IsALU() } -// OpCode is a packed eBPF opcode. +// OpCode represents a single operation. +// It is not a 1:1 mapping to real eBPF opcodes. // -// Its encoding is defined by a Class value: +// The encoding varies based on a 3-bit Class: // -// msb lsb -// +----+-+---+ -// | ???? |CLS| -// +----+-+---+ -type OpCode uint8 +// 7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0 +// ??? | CLS +// +// For ALUClass and ALUCLass32: +// +// 7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0 +// OPC |S| CLS +// +// For LdClass, LdXclass, StClass and StXClass: +// +// 7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0 +// 0 | MDE |SIZ| CLS +// +// For JumpClass, Jump32Class: +// +// 7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0 +// 0 | OPC |S| CLS +type OpCode uint16 // InvalidOpCode is returned by setters on OpCode -const InvalidOpCode OpCode = 0xff +const InvalidOpCode OpCode = 0xffff + +// bpfOpCode returns the actual BPF opcode. +func (op OpCode) bpfOpCode() (byte, error) { + const opCodeMask = 0xff + + if !valid(op, opCodeMask) { + return 0, fmt.Errorf("invalid opcode %x", op) + } + + return byte(op & opCodeMask), nil +} // rawInstructions returns the number of BPF instructions required // to encode this opcode. @@ -147,7 +172,7 @@ func (op OpCode) JumpOp() JumpOp { jumpOp := JumpOp(op & jumpMask) // Some JumpOps are only supported by JumpClass, not Jump32Class. - if op.Class() == Jump32Class && (jumpOp == Exit || jumpOp == Call || jumpOp == Ja) { + if op.Class() == Jump32Class && (jumpOp == Exit || jumpOp == Call) { return InvalidJumpOp } @@ -234,17 +259,24 @@ func (op OpCode) String() string { } case class.IsALU(): + if op.ALUOp() == Swap && op.Class() == ALU64Class { + // B to make BSwap, uncontitional byte swap + f.WriteString("B") + } + f.WriteString(op.ALUOp().String()) if op.ALUOp() == Swap { - // Width for Endian is controlled by Constant - f.WriteString(op.Endianness().String()) + if op.Class() == ALUClass { + // Width for Endian is controlled by Constant + f.WriteString(op.Endianness().String()) + } } else { + f.WriteString(strings.TrimSuffix(op.Source().String(), "Source")) + if class == ALUClass { f.WriteString("32") } - - f.WriteString(strings.TrimSuffix(op.Source().String(), "Source")) } case class.IsJump(): @@ -254,7 +286,7 @@ func (op OpCode) String() string { f.WriteString("32") } - if jop := op.JumpOp(); jop != Exit && jop != Call { + if jop := op.JumpOp(); jop != Exit && jop != Call && jop != Ja { f.WriteString(strings.TrimSuffix(op.Source().String(), "Source")) } diff --git a/vendor/github.com/cilium/ebpf/btf/btf.go b/vendor/github.com/cilium/ebpf/btf/btf.go index a2ee2d13064..80f64d78aee 100644 --- a/vendor/github.com/cilium/ebpf/btf/btf.go +++ b/vendor/github.com/cilium/ebpf/btf/btf.go @@ -209,12 +209,7 @@ func loadRawSpec(btf io.ReaderAt, bo binary.ByteOrder, base *Spec) (*Spec, error } } - rawTypes, rawStrings, err := parseBTF(btf, bo, baseStrings) - if err != nil { - return nil, err - } - - types, err := inflateRawTypes(rawTypes, rawStrings, base) + types, rawStrings, err := parseBTF(btf, bo, baseStrings, base) if err != nil { return nil, err } @@ -322,12 +317,12 @@ func loadKernelSpec() (_ *Spec, fallback bool, _ error) { } defer file.Close() - spec, err := loadSpecFromELF(file) + spec, err := LoadSpecFromReader(file) return spec, true, err } // findVMLinux scans multiple well-known paths for vmlinux kernel images. -func findVMLinux() (*internal.SafeELFFile, error) { +func findVMLinux() (*os.File, error) { release, err := internal.KernelRelease() if err != nil { return nil, err @@ -346,7 +341,7 @@ func findVMLinux() (*internal.SafeELFFile, error) { } for _, loc := range locations { - file, err := internal.OpenSafeELFFile(fmt.Sprintf(loc, release)) + file, err := os.Open(fmt.Sprintf(loc, release)) if errors.Is(err, os.ErrNotExist) { continue } @@ -373,7 +368,7 @@ func guessRawBTFByteOrder(r io.ReaderAt) binary.ByteOrder { // parseBTF reads a .BTF section into memory and parses it into a list of // raw types and a string table. -func parseBTF(btf io.ReaderAt, bo binary.ByteOrder, baseStrings *stringTable) ([]rawType, *stringTable, error) { +func parseBTF(btf io.ReaderAt, bo binary.ByteOrder, baseStrings *stringTable, base *Spec) ([]Type, *stringTable, error) { buf := internal.NewBufferedSectionReader(btf, 0, math.MaxInt64) header, err := parseBTFHeader(buf, bo) if err != nil { @@ -387,12 +382,12 @@ func parseBTF(btf io.ReaderAt, bo binary.ByteOrder, baseStrings *stringTable) ([ } buf.Reset(io.NewSectionReader(btf, header.typeStart(), int64(header.TypeLen))) - rawTypes, err := readTypes(buf, bo, header.TypeLen) + types, err := readAndInflateTypes(buf, bo, header.TypeLen, rawStrings, base) if err != nil { - return nil, nil, fmt.Errorf("can't read types: %w", err) + return nil, nil, err } - return rawTypes, rawStrings, nil + return types, rawStrings, nil } type symbol struct { diff --git a/vendor/github.com/cilium/ebpf/btf/btf_types.go b/vendor/github.com/cilium/ebpf/btf/btf_types.go index c9984b2d443..f0e327abc0e 100644 --- a/vendor/github.com/cilium/ebpf/btf/btf_types.go +++ b/vendor/github.com/cilium/ebpf/btf/btf_types.go @@ -153,6 +153,19 @@ type btfType struct { SizeType uint32 } +var btfTypeSize = int(unsafe.Sizeof(btfType{})) + +func unmarshalBtfType(bt *btfType, b []byte, bo binary.ByteOrder) (int, error) { + if len(b) < btfTypeSize { + return 0, fmt.Errorf("not enough bytes to unmarshal btfType") + } + + bt.NameOff = bo.Uint32(b[0:]) + bt.Info = bo.Uint32(b[4:]) + bt.SizeType = bo.Uint32(b[8:]) + return btfTypeSize, nil +} + func mask(len uint32) uint32 { return (1 << len) - 1 } @@ -300,6 +313,17 @@ const ( btfIntBitsShift = 0 ) +var btfIntLen = int(unsafe.Sizeof(btfInt{})) + +func unmarshalBtfInt(bi *btfInt, b []byte, bo binary.ByteOrder) (int, error) { + if len(b) < btfIntLen { + return 0, fmt.Errorf("not enough bytes to unmarshal btfInt") + } + + bi.Raw = bo.Uint32(b[0:]) + return btfIntLen, nil +} + func (bi btfInt) Encoding() IntEncoding { return IntEncoding(readBits(bi.Raw, btfIntEncodingLen, btfIntEncodingShift)) } @@ -330,102 +354,166 @@ type btfArray struct { Nelems uint32 } +var btfArrayLen = int(unsafe.Sizeof(btfArray{})) + +func unmarshalBtfArray(ba *btfArray, b []byte, bo binary.ByteOrder) (int, error) { + if len(b) < btfArrayLen { + return 0, fmt.Errorf("not enough bytes to unmarshal btfArray") + } + + ba.Type = TypeID(bo.Uint32(b[0:])) + ba.IndexType = TypeID(bo.Uint32(b[4:])) + ba.Nelems = bo.Uint32(b[8:]) + return btfArrayLen, nil +} + type btfMember struct { NameOff uint32 Type TypeID Offset uint32 } +var btfMemberLen = int(unsafe.Sizeof(btfMember{})) + +func unmarshalBtfMembers(members []btfMember, b []byte, bo binary.ByteOrder) (int, error) { + off := 0 + for i := range members { + if off+btfMemberLen > len(b) { + return 0, fmt.Errorf("not enough bytes to unmarshal btfMember %d", i) + } + + members[i].NameOff = bo.Uint32(b[off+0:]) + members[i].Type = TypeID(bo.Uint32(b[off+4:])) + members[i].Offset = bo.Uint32(b[off+8:]) + + off += btfMemberLen + } + + return off, nil +} + type btfVarSecinfo struct { Type TypeID Offset uint32 Size uint32 } +var btfVarSecinfoLen = int(unsafe.Sizeof(btfVarSecinfo{})) + +func unmarshalBtfVarSecInfos(secinfos []btfVarSecinfo, b []byte, bo binary.ByteOrder) (int, error) { + off := 0 + for i := range secinfos { + if off+btfVarSecinfoLen > len(b) { + return 0, fmt.Errorf("not enough bytes to unmarshal btfVarSecinfo %d", i) + } + + secinfos[i].Type = TypeID(bo.Uint32(b[off+0:])) + secinfos[i].Offset = bo.Uint32(b[off+4:]) + secinfos[i].Size = bo.Uint32(b[off+8:]) + + off += btfVarSecinfoLen + } + + return off, nil +} + type btfVariable struct { Linkage uint32 } +var btfVariableLen = int(unsafe.Sizeof(btfVariable{})) + +func unmarshalBtfVariable(bv *btfVariable, b []byte, bo binary.ByteOrder) (int, error) { + if len(b) < btfVariableLen { + return 0, fmt.Errorf("not enough bytes to unmarshal btfVariable") + } + + bv.Linkage = bo.Uint32(b[0:]) + return btfVariableLen, nil +} + type btfEnum struct { NameOff uint32 Val uint32 } +var btfEnumLen = int(unsafe.Sizeof(btfEnum{})) + +func unmarshalBtfEnums(enums []btfEnum, b []byte, bo binary.ByteOrder) (int, error) { + off := 0 + for i := range enums { + if off+btfEnumLen > len(b) { + return 0, fmt.Errorf("not enough bytes to unmarshal btfEnum %d", i) + } + + enums[i].NameOff = bo.Uint32(b[off+0:]) + enums[i].Val = bo.Uint32(b[off+4:]) + + off += btfEnumLen + } + + return off, nil +} + type btfEnum64 struct { NameOff uint32 ValLo32 uint32 ValHi32 uint32 } +var btfEnum64Len = int(unsafe.Sizeof(btfEnum64{})) + +func unmarshalBtfEnums64(enums []btfEnum64, b []byte, bo binary.ByteOrder) (int, error) { + off := 0 + for i := range enums { + if off+btfEnum64Len > len(b) { + return 0, fmt.Errorf("not enough bytes to unmarshal btfEnum64 %d", i) + } + + enums[i].NameOff = bo.Uint32(b[off+0:]) + enums[i].ValLo32 = bo.Uint32(b[off+4:]) + enums[i].ValHi32 = bo.Uint32(b[off+8:]) + + off += btfEnum64Len + } + + return off, nil +} + type btfParam struct { NameOff uint32 Type TypeID } -type btfDeclTag struct { - ComponentIdx uint32 -} +var btfParamLen = int(unsafe.Sizeof(btfParam{})) -func readTypes(r io.Reader, bo binary.ByteOrder, typeLen uint32) ([]rawType, error) { - var header btfType - // because of the interleaving between types and struct members it is difficult to - // precompute the numbers of raw types this will parse - // this "guess" is a good first estimation - sizeOfbtfType := uintptr(btfTypeLen) - tyMaxCount := uintptr(typeLen) / sizeOfbtfType / 2 - types := make([]rawType, 0, tyMaxCount) - - for id := TypeID(1); ; id++ { - if err := binary.Read(r, bo, &header); err == io.EOF { - return types, nil - } else if err != nil { - return nil, fmt.Errorf("can't read type info for id %v: %v", id, err) +func unmarshalBtfParams(params []btfParam, b []byte, bo binary.ByteOrder) (int, error) { + off := 0 + for i := range params { + if off+btfParamLen > len(b) { + return 0, fmt.Errorf("not enough bytes to unmarshal btfParam %d", i) } - var data interface{} - switch header.Kind() { - case kindInt: - data = new(btfInt) - case kindPointer: - case kindArray: - data = new(btfArray) - case kindStruct: - fallthrough - case kindUnion: - data = make([]btfMember, header.Vlen()) - case kindEnum: - data = make([]btfEnum, header.Vlen()) - case kindForward: - case kindTypedef: - case kindVolatile: - case kindConst: - case kindRestrict: - case kindFunc: - case kindFuncProto: - data = make([]btfParam, header.Vlen()) - case kindVar: - data = new(btfVariable) - case kindDatasec: - data = make([]btfVarSecinfo, header.Vlen()) - case kindFloat: - case kindDeclTag: - data = new(btfDeclTag) - case kindTypeTag: - case kindEnum64: - data = make([]btfEnum64, header.Vlen()) - default: - return nil, fmt.Errorf("type id %v: unknown kind: %v", id, header.Kind()) - } + params[i].NameOff = bo.Uint32(b[off+0:]) + params[i].Type = TypeID(bo.Uint32(b[off+4:])) - if data == nil { - types = append(types, rawType{header, nil}) - continue - } + off += btfParamLen + } - if err := binary.Read(r, bo, data); err != nil { - return nil, fmt.Errorf("type id %d: kind %v: can't read %T: %v", id, header.Kind(), data, err) - } + return off, nil +} + +type btfDeclTag struct { + ComponentIdx uint32 +} - types = append(types, rawType{header, data}) +var btfDeclTagLen = int(unsafe.Sizeof(btfDeclTag{})) + +func unmarshalBtfDeclTag(bdt *btfDeclTag, b []byte, bo binary.ByteOrder) (int, error) { + if len(b) < btfDeclTagLen { + return 0, fmt.Errorf("not enough bytes to unmarshal btfDeclTag") } + + bdt.ComponentIdx = bo.Uint32(b[0:]) + return btfDeclTagLen, nil } diff --git a/vendor/github.com/cilium/ebpf/btf/core.go b/vendor/github.com/cilium/ebpf/btf/core.go index dec2cc76069..ded7d43d482 100644 --- a/vendor/github.com/cilium/ebpf/btf/core.go +++ b/vendor/github.com/cilium/ebpf/btf/core.go @@ -18,8 +18,8 @@ import ( // COREFixup is the result of computing a CO-RE relocation for a target. type COREFixup struct { kind coreKind - local uint32 - target uint32 + local uint64 + target uint64 // True if there is no valid fixup. The instruction is replaced with an // invalid dummy. poison bool @@ -196,12 +196,12 @@ func CORERelocate(relos []*CORERelocation, target *Spec, bo binary.ByteOrder) ([ result[i] = COREFixup{ kind: relo.kind, - local: uint32(relo.id), + local: uint64(relo.id), // NB: Using relo.id as the target here is incorrect, since // it doesn't match the BTF we generate on the fly. This isn't // too bad for now since there are no uses of the local type ID // in the kernel, yet. - target: uint32(relo.id), + target: uint64(relo.id), } continue } @@ -311,10 +311,10 @@ var errNoSignedness = errors.New("no signedness") // coreCalculateFixup calculates the fixup for a single local type, target type // and relocation. func coreCalculateFixup(relo *CORERelocation, target Type, targetID TypeID, bo binary.ByteOrder) (COREFixup, error) { - fixup := func(local, target uint32) (COREFixup, error) { + fixup := func(local, target uint64) (COREFixup, error) { return COREFixup{kind: relo.kind, local: local, target: target}, nil } - fixupWithoutValidation := func(local, target uint32) (COREFixup, error) { + fixupWithoutValidation := func(local, target uint64) (COREFixup, error) { return COREFixup{kind: relo.kind, local: local, target: target, skipLocalValidation: true}, nil } poison := func() (COREFixup, error) { @@ -346,7 +346,7 @@ func coreCalculateFixup(relo *CORERelocation, target Type, targetID TypeID, bo b return fixup(1, 1) case reloTypeIDTarget: - return fixup(uint32(relo.id), uint32(targetID)) + return fixup(uint64(relo.id), uint64(targetID)) case reloTypeSize: localSize, err := Sizeof(local) @@ -359,7 +359,7 @@ func coreCalculateFixup(relo *CORERelocation, target Type, targetID TypeID, bo b return zero, err } - return fixup(uint32(localSize), uint32(targetSize)) + return fixup(uint64(localSize), uint64(targetSize)) } case reloEnumvalValue, reloEnumvalExists: @@ -376,7 +376,7 @@ func coreCalculateFixup(relo *CORERelocation, target Type, targetID TypeID, bo b return fixup(1, 1) case reloEnumvalValue: - return fixup(uint32(localValue.Value), uint32(targetValue.Value)) + return fixup(localValue.Value, targetValue.Value) } case reloFieldByteOffset, reloFieldByteSize, reloFieldExists, reloFieldLShiftU64, reloFieldRShiftU64, reloFieldSigned: @@ -405,7 +405,7 @@ func coreCalculateFixup(relo *CORERelocation, target Type, targetID TypeID, bo b return fixup(1, 1) case reloFieldByteOffset: - return maybeSkipValidation(fixup(localField.offset, targetField.offset)) + return maybeSkipValidation(fixup(uint64(localField.offset), uint64(targetField.offset))) case reloFieldByteSize: localSize, err := Sizeof(localField.Type) @@ -417,24 +417,24 @@ func coreCalculateFixup(relo *CORERelocation, target Type, targetID TypeID, bo b if err != nil { return zero, err } - return maybeSkipValidation(fixup(uint32(localSize), uint32(targetSize))) + return maybeSkipValidation(fixup(uint64(localSize), uint64(targetSize))) case reloFieldLShiftU64: - var target uint32 + var target uint64 if bo == binary.LittleEndian { targetSize, err := targetField.sizeBits() if err != nil { return zero, err } - target = uint32(64 - targetField.bitfieldOffset - targetSize) + target = uint64(64 - targetField.bitfieldOffset - targetSize) } else { loadWidth, err := Sizeof(targetField.Type) if err != nil { return zero, err } - target = uint32(64 - Bits(loadWidth*8) + targetField.bitfieldOffset) + target = uint64(64 - Bits(loadWidth*8) + targetField.bitfieldOffset) } return fixupWithoutValidation(0, target) @@ -444,7 +444,7 @@ func coreCalculateFixup(relo *CORERelocation, target Type, targetID TypeID, bo b return zero, err } - return fixupWithoutValidation(0, uint32(64-targetSize)) + return fixupWithoutValidation(0, uint64(64-targetSize)) case reloFieldSigned: switch local := UnderlyingType(localField.Type).(type) { @@ -454,7 +454,7 @@ func coreCalculateFixup(relo *CORERelocation, target Type, targetID TypeID, bo b return zero, fmt.Errorf("target isn't *Enum but %T", targetField.Type) } - return fixup(boolToUint32(local.Signed), boolToUint32(target.Signed)) + return fixup(boolToUint64(local.Signed), boolToUint64(target.Signed)) case *Int: target, ok := as[*Int](targetField.Type) if !ok { @@ -462,8 +462,8 @@ func coreCalculateFixup(relo *CORERelocation, target Type, targetID TypeID, bo b } return fixup( - uint32(local.Encoding&Signed), - uint32(target.Encoding&Signed), + uint64(local.Encoding&Signed), + uint64(target.Encoding&Signed), ) default: return zero, fmt.Errorf("type %T: %w", local, errNoSignedness) @@ -474,7 +474,7 @@ func coreCalculateFixup(relo *CORERelocation, target Type, targetID TypeID, bo b return zero, ErrNotSupported } -func boolToUint32(val bool) uint32 { +func boolToUint64(val bool) uint64 { if val { return 1 } diff --git a/vendor/github.com/cilium/ebpf/btf/ext_info.go b/vendor/github.com/cilium/ebpf/btf/ext_info.go index 3eae08b28ee..d85f45ae9d8 100644 --- a/vendor/github.com/cilium/ebpf/btf/ext_info.go +++ b/vendor/github.com/cilium/ebpf/btf/ext_info.go @@ -556,21 +556,21 @@ func LoadLineInfos(reader io.Reader, bo binary.ByteOrder, recordNum uint32, spec return newLineInfos(lis, spec.strings) } -func newLineInfo(li bpfLineInfo, strings *stringTable) (*lineInfo, error) { +func newLineInfo(li bpfLineInfo, strings *stringTable) (lineInfo, error) { line, err := strings.Lookup(li.LineOff) if err != nil { - return nil, fmt.Errorf("lookup of line: %w", err) + return lineInfo{}, fmt.Errorf("lookup of line: %w", err) } fileName, err := strings.Lookup(li.FileNameOff) if err != nil { - return nil, fmt.Errorf("lookup of filename: %w", err) + return lineInfo{}, fmt.Errorf("lookup of filename: %w", err) } lineNumber := li.LineCol >> bpfLineShift lineColumn := li.LineCol & bpfColumnMax - return &lineInfo{ + return lineInfo{ &Line{ fileName, line, @@ -590,7 +590,7 @@ func newLineInfos(blis []bpfLineInfo, strings *stringTable) (LineInfos, error) { if err != nil { return LineInfos{}, fmt.Errorf("offset %d: %w", bli.InsnOff, err) } - lis.infos = append(lis.infos, *li) + lis.infos = append(lis.infos, li) } sort.Slice(lis.infos, func(i, j int) bool { return lis.infos[i].offset <= lis.infos[j].offset @@ -666,7 +666,6 @@ func parseLineInfos(r io.Reader, bo binary.ByteOrder, strings *stringTable) (map // These records appear after a btf_ext_info_sec header in the line_info // sub-section of .BTF.ext. func parseLineInfoRecords(r io.Reader, bo binary.ByteOrder, recordSize uint32, recordNum uint32, offsetInBytes bool) ([]bpfLineInfo, error) { - var out []bpfLineInfo var li bpfLineInfo if exp, got := uint32(binary.Size(li)), recordSize; exp != got { @@ -674,6 +673,7 @@ func parseLineInfoRecords(r io.Reader, bo binary.ByteOrder, recordSize uint32, r return nil, fmt.Errorf("expected LineInfo record size %d, but BTF blob contains %d", exp, got) } + out := make([]bpfLineInfo, 0, recordNum) for i := uint32(0); i < recordNum; i++ { if err := binary.Read(r, bo, &li); err != nil { return nil, fmt.Errorf("can't read line info: %v", err) diff --git a/vendor/github.com/cilium/ebpf/btf/strings.go b/vendor/github.com/cilium/ebpf/btf/strings.go index 0ddf1d24fb2..114d250018b 100644 --- a/vendor/github.com/cilium/ebpf/btf/strings.go +++ b/vendor/github.com/cilium/ebpf/btf/strings.go @@ -15,6 +15,7 @@ import ( type stringTable struct { base *stringTable offsets []uint32 + prevIdx int strings []string } @@ -61,7 +62,7 @@ func readStringTable(r sizedReader, base *stringTable) (*stringTable, error) { return nil, errors.New("first item in string table is non-empty") } - return &stringTable{base, offsets, strings}, nil + return &stringTable{base, offsets, 0, strings}, nil } func splitNull(data []byte, atEOF bool) (advance int, token []byte, err error) { @@ -84,26 +85,29 @@ func (st *stringTable) Lookup(offset uint32) (string, error) { } func (st *stringTable) lookup(offset uint32) (string, error) { + // Fast path: zero offset is the empty string, looked up frequently. + if offset == 0 && st.base == nil { + return "", nil + } + + // Accesses tend to be globally increasing, so check if the next string is + // the one we want. This skips the binary search in about 50% of cases. + if st.prevIdx+1 < len(st.offsets) && st.offsets[st.prevIdx+1] == offset { + st.prevIdx++ + return st.strings[st.prevIdx], nil + } + i, found := slices.BinarySearch(st.offsets, offset) if !found { return "", fmt.Errorf("offset %d isn't start of a string", offset) } - return st.strings[i], nil -} - -func (st *stringTable) Marshal(w io.Writer) error { - for _, str := range st.strings { - _, err := io.WriteString(w, str) - if err != nil { - return err - } - _, err = w.Write([]byte{0}) - if err != nil { - return err - } + // Set the new increment index, but only if its greater than the current. + if i > st.prevIdx+1 { + st.prevIdx = i } - return nil + + return st.strings[i], nil } // Num returns the number of strings in the table. diff --git a/vendor/github.com/cilium/ebpf/btf/types.go b/vendor/github.com/cilium/ebpf/btf/types.go index 8fe329aa4e4..8bd7fc77fc6 100644 --- a/vendor/github.com/cilium/ebpf/btf/types.go +++ b/vendor/github.com/cilium/ebpf/btf/types.go @@ -1,6 +1,7 @@ package btf import ( + "encoding/binary" "errors" "fmt" "io" @@ -10,6 +11,7 @@ import ( "github.com/cilium/ebpf/asm" "github.com/cilium/ebpf/internal" "github.com/cilium/ebpf/internal/sys" + "golang.org/x/exp/slices" ) // Mirrors MAX_RESOLVE_DEPTH in libbpf. @@ -117,7 +119,7 @@ type Int struct { } func (i *Int) Format(fs fmt.State, verb rune) { - formatType(fs, verb, i, i.Encoding, "size=", i.Size*8) + formatType(fs, verb, i, i.Encoding, "size=", i.Size) } func (i *Int) TypeName() string { return i.Name } @@ -726,17 +728,22 @@ func (c *copier) copy(typ *Type, transform Transformer) { type typeDeque = internal.Deque[*Type] -// inflateRawTypes takes a list of raw btf types linked via type IDs, and turns -// it into a graph of Types connected via pointers. +// readAndInflateTypes reads the raw btf type info and turns it into a graph +// of Types connected via pointers. // -// If base is provided, then the raw types are considered to be of a split BTF +// If base is provided, then the types are considered to be of a split BTF // (e.g., a kernel module). // // Returns a slice of types indexed by TypeID. Since BTF ignores compilation // units, multiple types may share the same name. A Type may form a cyclic graph // by pointing at itself. -func inflateRawTypes(rawTypes []rawType, rawStrings *stringTable, base *Spec) ([]Type, error) { - types := make([]Type, 0, len(rawTypes)+1) // +1 for Void added to base types +func readAndInflateTypes(r io.Reader, bo binary.ByteOrder, typeLen uint32, rawStrings *stringTable, base *Spec) ([]Type, error) { + // because of the interleaving between types and struct members it is difficult to + // precompute the numbers of raw types this will parse + // this "guess" is a good first estimation + sizeOfbtfType := uintptr(btfTypeLen) + tyMaxCount := uintptr(typeLen) / sizeOfbtfType / 2 + types := make([]Type, 0, tyMaxCount) // Void is defined to always be type ID 0, and is thus omitted from BTF. types = append(types, (*Void)(nil)) @@ -841,62 +848,128 @@ func inflateRawTypes(rawTypes []rawType, rawStrings *stringTable, base *Spec) ([ return members, nil } + var ( + buf = make([]byte, 1024) + header btfType + bInt btfInt + bArr btfArray + bMembers []btfMember + bEnums []btfEnum + bParams []btfParam + bVariable btfVariable + bSecInfos []btfVarSecinfo + bDeclTag btfDeclTag + bEnums64 []btfEnum64 + ) + var declTags []*declTag - for _, raw := range rawTypes { + for { var ( id = firstTypeID + TypeID(len(types)) typ Type ) + if _, err := io.ReadFull(r, buf[:btfTypeLen]); err == io.EOF { + break + } else if err != nil { + return nil, fmt.Errorf("can't read type info for id %v: %v", id, err) + } + + if _, err := unmarshalBtfType(&header, buf[:btfTypeLen], bo); err != nil { + return nil, fmt.Errorf("can't unmarshal type info for id %v: %v", id, err) + } + if id < firstTypeID { return nil, fmt.Errorf("no more type IDs") } - name, err := rawStrings.Lookup(raw.NameOff) + name, err := rawStrings.Lookup(header.NameOff) if err != nil { return nil, fmt.Errorf("get name for type id %d: %w", id, err) } - switch raw.Kind() { + switch header.Kind() { case kindInt: - size := raw.Size() - bi := raw.data.(*btfInt) - if bi.Offset() > 0 || bi.Bits().Bytes() != size { - legacyBitfields[id] = [2]Bits{bi.Offset(), bi.Bits()} + size := header.Size() + buf = buf[:btfIntLen] + if _, err := io.ReadFull(r, buf); err != nil { + return nil, fmt.Errorf("can't read btfInt, id: %d: %w", id, err) + } + if _, err := unmarshalBtfInt(&bInt, buf, bo); err != nil { + return nil, fmt.Errorf("can't unmarshal btfInt, id: %d: %w", id, err) + } + if bInt.Offset() > 0 || bInt.Bits().Bytes() != size { + legacyBitfields[id] = [2]Bits{bInt.Offset(), bInt.Bits()} } - typ = &Int{name, raw.Size(), bi.Encoding()} + typ = &Int{name, header.Size(), bInt.Encoding()} case kindPointer: ptr := &Pointer{nil} - fixup(raw.Type(), &ptr.Target) + fixup(header.Type(), &ptr.Target) typ = ptr case kindArray: - btfArr := raw.data.(*btfArray) - arr := &Array{nil, nil, btfArr.Nelems} - fixup(btfArr.IndexType, &arr.Index) - fixup(btfArr.Type, &arr.Type) + buf = buf[:btfArrayLen] + if _, err := io.ReadFull(r, buf); err != nil { + return nil, fmt.Errorf("can't read btfArray, id: %d: %w", id, err) + } + if _, err := unmarshalBtfArray(&bArr, buf, bo); err != nil { + return nil, fmt.Errorf("can't unmarshal btfArray, id: %d: %w", id, err) + } + + arr := &Array{nil, nil, bArr.Nelems} + fixup(bArr.IndexType, &arr.Index) + fixup(bArr.Type, &arr.Type) typ = arr case kindStruct: - members, err := convertMembers(raw.data.([]btfMember), raw.Bitfield()) + vlen := header.Vlen() + bMembers = slices.Grow(bMembers[:0], vlen)[:vlen] + buf = slices.Grow(buf[:0], vlen*btfMemberLen)[:vlen*btfMemberLen] + if _, err := io.ReadFull(r, buf); err != nil { + return nil, fmt.Errorf("can't read btfMembers, id: %d: %w", id, err) + } + if _, err := unmarshalBtfMembers(bMembers, buf, bo); err != nil { + return nil, fmt.Errorf("can't unmarshal btfMembers, id: %d: %w", id, err) + } + + members, err := convertMembers(bMembers, header.Bitfield()) if err != nil { return nil, fmt.Errorf("struct %s (id %d): %w", name, id, err) } - typ = &Struct{name, raw.Size(), members} + typ = &Struct{name, header.Size(), members} case kindUnion: - members, err := convertMembers(raw.data.([]btfMember), raw.Bitfield()) + vlen := header.Vlen() + bMembers = slices.Grow(bMembers[:0], vlen)[:vlen] + buf = slices.Grow(buf[:0], vlen*btfMemberLen)[:vlen*btfMemberLen] + if _, err := io.ReadFull(r, buf); err != nil { + return nil, fmt.Errorf("can't read btfMembers, id: %d: %w", id, err) + } + if _, err := unmarshalBtfMembers(bMembers, buf, bo); err != nil { + return nil, fmt.Errorf("can't unmarshal btfMembers, id: %d: %w", id, err) + } + + members, err := convertMembers(bMembers, header.Bitfield()) if err != nil { return nil, fmt.Errorf("union %s (id %d): %w", name, id, err) } - typ = &Union{name, raw.Size(), members} + typ = &Union{name, header.Size(), members} case kindEnum: - rawvals := raw.data.([]btfEnum) - vals := make([]EnumValue, 0, len(rawvals)) - signed := raw.Signed() - for i, btfVal := range rawvals { + vlen := header.Vlen() + bEnums = slices.Grow(bEnums[:0], vlen)[:vlen] + buf = slices.Grow(buf[:0], vlen*btfEnumLen)[:vlen*btfEnumLen] + if _, err := io.ReadFull(r, buf); err != nil { + return nil, fmt.Errorf("can't read btfEnums, id: %d: %w", id, err) + } + if _, err := unmarshalBtfEnums(bEnums, buf, bo); err != nil { + return nil, fmt.Errorf("can't unmarshal btfEnums, id: %d: %w", id, err) + } + + vals := make([]EnumValue, 0, vlen) + signed := header.Signed() + for i, btfVal := range bEnums { name, err := rawStrings.Lookup(btfVal.NameOff) if err != nil { return nil, fmt.Errorf("get name for enum value %d: %s", i, err) @@ -908,40 +981,49 @@ func inflateRawTypes(rawTypes []rawType, rawStrings *stringTable, base *Spec) ([ } vals = append(vals, EnumValue{name, value}) } - typ = &Enum{name, raw.Size(), signed, vals} + typ = &Enum{name, header.Size(), signed, vals} case kindForward: - typ = &Fwd{name, raw.FwdKind()} + typ = &Fwd{name, header.FwdKind()} case kindTypedef: typedef := &Typedef{name, nil} - fixup(raw.Type(), &typedef.Type) + fixup(header.Type(), &typedef.Type) typ = typedef case kindVolatile: volatile := &Volatile{nil} - fixup(raw.Type(), &volatile.Type) + fixup(header.Type(), &volatile.Type) typ = volatile case kindConst: cnst := &Const{nil} - fixup(raw.Type(), &cnst.Type) + fixup(header.Type(), &cnst.Type) typ = cnst case kindRestrict: restrict := &Restrict{nil} - fixup(raw.Type(), &restrict.Type) + fixup(header.Type(), &restrict.Type) typ = restrict case kindFunc: - fn := &Func{name, nil, raw.Linkage()} - fixup(raw.Type(), &fn.Type) + fn := &Func{name, nil, header.Linkage()} + fixup(header.Type(), &fn.Type) typ = fn case kindFuncProto: - rawparams := raw.data.([]btfParam) - params := make([]FuncParam, 0, len(rawparams)) - for i, param := range rawparams { + vlen := header.Vlen() + bParams = slices.Grow(bParams[:0], vlen)[:vlen] + buf = slices.Grow(buf[:0], vlen*btfParamLen)[:vlen*btfParamLen] + if _, err := io.ReadFull(r, buf); err != nil { + return nil, fmt.Errorf("can't read btfParams, id: %d: %w", id, err) + } + if _, err := unmarshalBtfParams(bParams, buf, bo); err != nil { + return nil, fmt.Errorf("can't unmarshal btfParams, id: %d: %w", id, err) + } + + params := make([]FuncParam, 0, vlen) + for i, param := range bParams { name, err := rawStrings.Lookup(param.NameOff) if err != nil { return nil, fmt.Errorf("get name for func proto parameter %d: %s", i, err) @@ -951,57 +1033,90 @@ func inflateRawTypes(rawTypes []rawType, rawStrings *stringTable, base *Spec) ([ }) } for i := range params { - fixup(rawparams[i].Type, ¶ms[i].Type) + fixup(bParams[i].Type, ¶ms[i].Type) } fp := &FuncProto{nil, params} - fixup(raw.Type(), &fp.Return) + fixup(header.Type(), &fp.Return) typ = fp case kindVar: - variable := raw.data.(*btfVariable) - v := &Var{name, nil, VarLinkage(variable.Linkage)} - fixup(raw.Type(), &v.Type) + buf = buf[:btfVariableLen] + if _, err := io.ReadFull(r, buf); err != nil { + return nil, fmt.Errorf("can't read btfVariable, id: %d: %w", id, err) + } + if _, err := unmarshalBtfVariable(&bVariable, buf, bo); err != nil { + return nil, fmt.Errorf("can't read btfVariable, id: %d: %w", id, err) + } + + v := &Var{name, nil, VarLinkage(bVariable.Linkage)} + fixup(header.Type(), &v.Type) typ = v case kindDatasec: - btfVars := raw.data.([]btfVarSecinfo) - vars := make([]VarSecinfo, 0, len(btfVars)) - for _, btfVar := range btfVars { + vlen := header.Vlen() + bSecInfos = slices.Grow(bSecInfos[:0], vlen)[:vlen] + buf = slices.Grow(buf[:0], vlen*btfVarSecinfoLen)[:vlen*btfVarSecinfoLen] + if _, err := io.ReadFull(r, buf); err != nil { + return nil, fmt.Errorf("can't read btfVarSecInfos, id: %d: %w", id, err) + } + if _, err := unmarshalBtfVarSecInfos(bSecInfos, buf, bo); err != nil { + return nil, fmt.Errorf("can't unmarshal btfVarSecInfos, id: %d: %w", id, err) + } + + vars := make([]VarSecinfo, 0, vlen) + for _, btfVar := range bSecInfos { vars = append(vars, VarSecinfo{ Offset: btfVar.Offset, Size: btfVar.Size, }) } for i := range vars { - fixup(btfVars[i].Type, &vars[i].Type) + fixup(bSecInfos[i].Type, &vars[i].Type) } - typ = &Datasec{name, raw.Size(), vars} + typ = &Datasec{name, header.Size(), vars} case kindFloat: - typ = &Float{name, raw.Size()} + typ = &Float{name, header.Size()} case kindDeclTag: - btfIndex := raw.data.(*btfDeclTag).ComponentIdx + buf = buf[:btfDeclTagLen] + if _, err := io.ReadFull(r, buf); err != nil { + return nil, fmt.Errorf("can't read btfDeclTag, id: %d: %w", id, err) + } + if _, err := unmarshalBtfDeclTag(&bDeclTag, buf, bo); err != nil { + return nil, fmt.Errorf("can't read btfDeclTag, id: %d: %w", id, err) + } + + btfIndex := bDeclTag.ComponentIdx if uint64(btfIndex) > math.MaxInt { return nil, fmt.Errorf("type id %d: index exceeds int", id) } dt := &declTag{nil, name, int(int32(btfIndex))} - fixup(raw.Type(), &dt.Type) + fixup(header.Type(), &dt.Type) typ = dt declTags = append(declTags, dt) case kindTypeTag: tt := &typeTag{nil, name} - fixup(raw.Type(), &tt.Type) + fixup(header.Type(), &tt.Type) typ = tt case kindEnum64: - rawvals := raw.data.([]btfEnum64) - vals := make([]EnumValue, 0, len(rawvals)) - for i, btfVal := range rawvals { + vlen := header.Vlen() + bEnums64 = slices.Grow(bEnums64[:0], vlen)[:vlen] + buf = slices.Grow(buf[:0], vlen*btfEnum64Len)[:vlen*btfEnum64Len] + if _, err := io.ReadFull(r, buf); err != nil { + return nil, fmt.Errorf("can't read btfEnum64s, id: %d: %w", id, err) + } + if _, err := unmarshalBtfEnums64(bEnums64, buf, bo); err != nil { + return nil, fmt.Errorf("can't unmarshal btfEnum64s, id: %d: %w", id, err) + } + + vals := make([]EnumValue, 0, vlen) + for i, btfVal := range bEnums64 { name, err := rawStrings.Lookup(btfVal.NameOff) if err != nil { return nil, fmt.Errorf("get name for enum64 value %d: %s", i, err) @@ -1009,10 +1124,10 @@ func inflateRawTypes(rawTypes []rawType, rawStrings *stringTable, base *Spec) ([ value := (uint64(btfVal.ValHi32) << 32) | uint64(btfVal.ValLo32) vals = append(vals, EnumValue{name, value}) } - typ = &Enum{name, raw.Size(), raw.Signed(), vals} + typ = &Enum{name, header.Size(), header.Signed(), vals} default: - return nil, fmt.Errorf("type id %d: unknown kind: %v", id, raw.Kind()) + return nil, fmt.Errorf("type id %d: unknown kind: %v", id, header.Kind()) } types = append(types, typ) diff --git a/vendor/github.com/cilium/ebpf/collection.go b/vendor/github.com/cilium/ebpf/collection.go index a581ecf44fa..a5532220fd0 100644 --- a/vendor/github.com/cilium/ebpf/collection.go +++ b/vendor/github.com/cilium/ebpf/collection.go @@ -626,17 +626,20 @@ func resolveKconfig(m *MapSpec) error { internal.NativeEndian.PutUint32(data[vsi.Offset:], kv.Kernel()) case "LINUX_HAS_SYSCALL_WRAPPER": - if integer, ok := v.Type.(*btf.Int); !ok || integer.Size != 4 { - return fmt.Errorf("variable %s must be a 32 bits integer, got %s", n, v.Type) + integer, ok := v.Type.(*btf.Int) + if !ok { + return fmt.Errorf("variable %s must be an integer, got %s", n, v.Type) } - var value uint32 = 1 + var value uint64 = 1 if err := haveSyscallWrapper(); errors.Is(err, ErrNotSupported) { value = 0 } else if err != nil { return fmt.Errorf("unable to derive a value for LINUX_HAS_SYSCALL_WRAPPER: %w", err) } - internal.NativeEndian.PutUint32(data[vsi.Offset:], value) + if err := kconfig.PutInteger(data[vsi.Offset:], integer, value); err != nil { + return fmt.Errorf("set LINUX_HAS_SYSCALL_WRAPPER: %w", err) + } default: // Catch CONFIG_*. configs[n] = configInfo{ @@ -695,6 +698,71 @@ func LoadCollection(file string) (*Collection, error) { return NewCollection(spec) } +// Assign the contents of a Collection to a struct. +// +// This function bridges functionality between bpf2go generated +// code and any functionality better implemented in Collection. +// +// 'to' must be a pointer to a struct. A field of the +// struct is updated with values from Programs or Maps if it +// has an `ebpf` tag and its type is *Program or *Map. +// The tag's value specifies the name of the program or map as +// found in the CollectionSpec. +// +// struct { +// Foo *ebpf.Program `ebpf:"xdp_foo"` +// Bar *ebpf.Map `ebpf:"bar_map"` +// Ignored int +// } +// +// Returns an error if any of the eBPF objects can't be found, or +// if the same Map or Program is assigned multiple times. +// +// Ownership and Close()ing responsibility is transferred to `to` +// for any successful assigns. On error `to` is left in an undefined state. +func (coll *Collection) Assign(to interface{}) error { + assignedMaps := make(map[string]bool) + assignedProgs := make(map[string]bool) + + // Assign() only transfers already-loaded Maps and Programs. No extra + // loading is done. + getValue := func(typ reflect.Type, name string) (interface{}, error) { + switch typ { + + case reflect.TypeOf((*Program)(nil)): + if p := coll.Programs[name]; p != nil { + assignedProgs[name] = true + return p, nil + } + return nil, fmt.Errorf("missing program %q", name) + + case reflect.TypeOf((*Map)(nil)): + if m := coll.Maps[name]; m != nil { + assignedMaps[name] = true + return m, nil + } + return nil, fmt.Errorf("missing map %q", name) + + default: + return nil, fmt.Errorf("unsupported type %s", typ) + } + } + + if err := assignValues(to, getValue); err != nil { + return err + } + + // Finalize ownership transfer + for p := range assignedProgs { + delete(coll.Programs, p) + } + for m := range assignedMaps { + delete(coll.Maps, m) + } + + return nil +} + // Close frees all maps and programs associated with the collection. // // The collection mustn't be used afterwards. diff --git a/vendor/github.com/cilium/ebpf/elf_reader.go b/vendor/github.com/cilium/ebpf/elf_reader.go index 5e0bb98ea14..5a85cbc24ff 100644 --- a/vendor/github.com/cilium/ebpf/elf_reader.go +++ b/vendor/github.com/cilium/ebpf/elf_reader.go @@ -373,7 +373,7 @@ func (ec *elfCode) loadFunctions(section *elfSection) (map[string]asm.Instructio r := bufio.NewReader(section.Open()) // Decode the section's instruction stream. - var insns asm.Instructions + insns := make(asm.Instructions, 0, section.Size/asm.InstructionSize) if err := insns.Unmarshal(r, ec.ByteOrder); err != nil { return nil, fmt.Errorf("decoding instructions for section %s: %w", section.Name, err) } @@ -467,10 +467,14 @@ func (ec *elfCode) relocateInstruction(ins *asm.Instruction, rel elf.Symbol) err switch target.kind { case mapSection, btfMapSection: - if bind != elf.STB_GLOBAL { + if bind == elf.STB_LOCAL { return fmt.Errorf("possible erroneous static qualifier on map definition: found reference to %q", name) } + if bind != elf.STB_GLOBAL { + return fmt.Errorf("map %q: unsupported relocation %s", name, bind) + } + if typ != elf.STT_OBJECT && typ != elf.STT_NOTYPE { // STT_NOTYPE is generated on clang < 8 which doesn't tag // relocations appropriately. diff --git a/vendor/github.com/cilium/ebpf/internal/kconfig/kconfig.go b/vendor/github.com/cilium/ebpf/internal/kconfig/kconfig.go index d95e7eb0e5d..fa530857824 100644 --- a/vendor/github.com/cilium/ebpf/internal/kconfig/kconfig.go +++ b/vendor/github.com/cilium/ebpf/internal/kconfig/kconfig.go @@ -250,7 +250,20 @@ func putValueNumber(data []byte, typ btf.Type, value string) error { return fmt.Errorf("cannot parse value: %w", err) } - switch size { + return PutInteger(data, integer, n) +} + +// PutInteger writes n into data. +// +// integer determines how much is written into data and what the valid values +// are. +func PutInteger(data []byte, integer *btf.Int, n uint64) error { + // This function should match set_kcfg_value_num in libbpf. + if integer.Encoding == btf.Bool && n > 1 { + return fmt.Errorf("invalid boolean value: %d", n) + } + + switch integer.Size { case 1: data[0] = byte(n) case 2: @@ -260,7 +273,7 @@ func putValueNumber(data []byte, typ btf.Type, value string) error { case 8: internal.NativeEndian.PutUint64(data, uint64(n)) default: - return fmt.Errorf("size (%d) is not valid, expected: 1, 2, 4 or 8", size) + return fmt.Errorf("size (%d) is not valid, expected: 1, 2, 4 or 8", integer.Size) } return nil diff --git a/vendor/github.com/cilium/ebpf/internal/sys/types.go b/vendor/github.com/cilium/ebpf/internal/sys/types.go index b7e3244adf6..51698e06b47 100644 --- a/vendor/github.com/cilium/ebpf/internal/sys/types.go +++ b/vendor/github.com/cilium/ebpf/internal/sys/types.go @@ -60,7 +60,12 @@ const ( BPF_PERF_EVENT AttachType = 41 BPF_TRACE_KPROBE_MULTI AttachType = 42 BPF_LSM_CGROUP AttachType = 43 - __MAX_BPF_ATTACH_TYPE AttachType = 44 + BPF_STRUCT_OPS AttachType = 44 + BPF_NETFILTER AttachType = 45 + BPF_TCX_INGRESS AttachType = 46 + BPF_TCX_EGRESS AttachType = 47 + BPF_TRACE_UPROBE_MULTI AttachType = 48 + __MAX_BPF_ATTACH_TYPE AttachType = 49 ) type Cmd uint32 @@ -318,7 +323,9 @@ const ( BPF_FUNC_tcp_raw_check_syncookie_ipv6 FunctionId = 207 BPF_FUNC_ktime_get_tai_ns FunctionId = 208 BPF_FUNC_user_ringbuf_drain FunctionId = 209 - __BPF_FUNC_MAX_ID FunctionId = 210 + BPF_FUNC_cgrp_storage_get FunctionId = 210 + BPF_FUNC_cgrp_storage_delete FunctionId = 211 + __BPF_FUNC_MAX_ID FunctionId = 212 ) type HdrStartOff uint32 @@ -341,44 +348,49 @@ const ( BPF_LINK_TYPE_PERF_EVENT LinkType = 7 BPF_LINK_TYPE_KPROBE_MULTI LinkType = 8 BPF_LINK_TYPE_STRUCT_OPS LinkType = 9 - MAX_BPF_LINK_TYPE LinkType = 10 + BPF_LINK_TYPE_NETFILTER LinkType = 10 + BPF_LINK_TYPE_TCX LinkType = 11 + BPF_LINK_TYPE_UPROBE_MULTI LinkType = 12 + MAX_BPF_LINK_TYPE LinkType = 13 ) type MapType uint32 const ( - BPF_MAP_TYPE_UNSPEC MapType = 0 - BPF_MAP_TYPE_HASH MapType = 1 - BPF_MAP_TYPE_ARRAY MapType = 2 - BPF_MAP_TYPE_PROG_ARRAY MapType = 3 - BPF_MAP_TYPE_PERF_EVENT_ARRAY MapType = 4 - BPF_MAP_TYPE_PERCPU_HASH MapType = 5 - BPF_MAP_TYPE_PERCPU_ARRAY MapType = 6 - BPF_MAP_TYPE_STACK_TRACE MapType = 7 - BPF_MAP_TYPE_CGROUP_ARRAY MapType = 8 - BPF_MAP_TYPE_LRU_HASH MapType = 9 - BPF_MAP_TYPE_LRU_PERCPU_HASH MapType = 10 - BPF_MAP_TYPE_LPM_TRIE MapType = 11 - BPF_MAP_TYPE_ARRAY_OF_MAPS MapType = 12 - BPF_MAP_TYPE_HASH_OF_MAPS MapType = 13 - BPF_MAP_TYPE_DEVMAP MapType = 14 - BPF_MAP_TYPE_SOCKMAP MapType = 15 - BPF_MAP_TYPE_CPUMAP MapType = 16 - BPF_MAP_TYPE_XSKMAP MapType = 17 - BPF_MAP_TYPE_SOCKHASH MapType = 18 - BPF_MAP_TYPE_CGROUP_STORAGE MapType = 19 - BPF_MAP_TYPE_REUSEPORT_SOCKARRAY MapType = 20 - BPF_MAP_TYPE_PERCPU_CGROUP_STORAGE MapType = 21 - BPF_MAP_TYPE_QUEUE MapType = 22 - BPF_MAP_TYPE_STACK MapType = 23 - BPF_MAP_TYPE_SK_STORAGE MapType = 24 - BPF_MAP_TYPE_DEVMAP_HASH MapType = 25 - BPF_MAP_TYPE_STRUCT_OPS MapType = 26 - BPF_MAP_TYPE_RINGBUF MapType = 27 - BPF_MAP_TYPE_INODE_STORAGE MapType = 28 - BPF_MAP_TYPE_TASK_STORAGE MapType = 29 - BPF_MAP_TYPE_BLOOM_FILTER MapType = 30 - BPF_MAP_TYPE_USER_RINGBUF MapType = 31 + BPF_MAP_TYPE_UNSPEC MapType = 0 + BPF_MAP_TYPE_HASH MapType = 1 + BPF_MAP_TYPE_ARRAY MapType = 2 + BPF_MAP_TYPE_PROG_ARRAY MapType = 3 + BPF_MAP_TYPE_PERF_EVENT_ARRAY MapType = 4 + BPF_MAP_TYPE_PERCPU_HASH MapType = 5 + BPF_MAP_TYPE_PERCPU_ARRAY MapType = 6 + BPF_MAP_TYPE_STACK_TRACE MapType = 7 + BPF_MAP_TYPE_CGROUP_ARRAY MapType = 8 + BPF_MAP_TYPE_LRU_HASH MapType = 9 + BPF_MAP_TYPE_LRU_PERCPU_HASH MapType = 10 + BPF_MAP_TYPE_LPM_TRIE MapType = 11 + BPF_MAP_TYPE_ARRAY_OF_MAPS MapType = 12 + BPF_MAP_TYPE_HASH_OF_MAPS MapType = 13 + BPF_MAP_TYPE_DEVMAP MapType = 14 + BPF_MAP_TYPE_SOCKMAP MapType = 15 + BPF_MAP_TYPE_CPUMAP MapType = 16 + BPF_MAP_TYPE_XSKMAP MapType = 17 + BPF_MAP_TYPE_SOCKHASH MapType = 18 + BPF_MAP_TYPE_CGROUP_STORAGE_DEPRECATED MapType = 19 + BPF_MAP_TYPE_CGROUP_STORAGE MapType = 19 + BPF_MAP_TYPE_REUSEPORT_SOCKARRAY MapType = 20 + BPF_MAP_TYPE_PERCPU_CGROUP_STORAGE MapType = 21 + BPF_MAP_TYPE_QUEUE MapType = 22 + BPF_MAP_TYPE_STACK MapType = 23 + BPF_MAP_TYPE_SK_STORAGE MapType = 24 + BPF_MAP_TYPE_DEVMAP_HASH MapType = 25 + BPF_MAP_TYPE_STRUCT_OPS MapType = 26 + BPF_MAP_TYPE_RINGBUF MapType = 27 + BPF_MAP_TYPE_INODE_STORAGE MapType = 28 + BPF_MAP_TYPE_TASK_STORAGE MapType = 29 + BPF_MAP_TYPE_BLOOM_FILTER MapType = 30 + BPF_MAP_TYPE_USER_RINGBUF MapType = 31 + BPF_MAP_TYPE_CGRP_STORAGE MapType = 32 ) type ProgType uint32 @@ -416,6 +428,7 @@ const ( BPF_PROG_TYPE_LSM ProgType = 29 BPF_PROG_TYPE_SK_LOOKUP ProgType = 30 BPF_PROG_TYPE_SYSCALL ProgType = 31 + BPF_PROG_TYPE_NETFILTER ProgType = 32 ) type RetCode uint32 @@ -594,12 +607,12 @@ func BtfGetNextId(attr *BtfGetNextIdAttr) error { } type BtfLoadAttr struct { - Btf Pointer - BtfLogBuf Pointer - BtfSize uint32 - BtfLogSize uint32 - BtfLogLevel uint32 - _ [4]byte + Btf Pointer + BtfLogBuf Pointer + BtfSize uint32 + BtfLogSize uint32 + BtfLogLevel uint32 + BtfLogTrueSize uint32 } func BtfLoad(attr *BtfLoadAttr) (*FD, error) { @@ -639,7 +652,7 @@ type LinkCreateAttr struct { AttachType AttachType Flags uint32 TargetBtfId TypeID - _ [28]byte + _ [44]byte } func LinkCreate(attr *LinkCreateAttr) (*FD, error) { @@ -657,7 +670,7 @@ type LinkCreateIterAttr struct { Flags uint32 IterInfo Pointer IterInfoLen uint32 - _ [20]byte + _ [36]byte } func LinkCreateIter(attr *LinkCreateIterAttr) (*FD, error) { @@ -678,6 +691,7 @@ type LinkCreateKprobeMultiAttr struct { Syms Pointer Addrs Pointer Cookies Pointer + _ [16]byte } func LinkCreateKprobeMulti(attr *LinkCreateKprobeMultiAttr) (*FD, error) { @@ -694,7 +708,7 @@ type LinkCreatePerfEventAttr struct { AttachType AttachType Flags uint32 BpfCookie uint64 - _ [24]byte + _ [40]byte } func LinkCreatePerfEvent(attr *LinkCreatePerfEventAttr) (*FD, error) { @@ -713,7 +727,7 @@ type LinkCreateTracingAttr struct { TargetBtfId BTFID _ [4]byte Cookie uint64 - _ [16]byte + _ [32]byte } func LinkCreateTracing(attr *LinkCreateTracingAttr) (*FD, error) { @@ -920,6 +934,8 @@ type ObjGetAttr struct { Pathname Pointer BpfFd uint32 FileFlags uint32 + PathFd int32 + _ [4]byte } func ObjGet(attr *ObjGetAttr) (*FD, error) { @@ -945,6 +961,8 @@ type ObjPinAttr struct { Pathname Pointer BpfFd uint32 FileFlags uint32 + PathFd int32 + _ [4]byte } func ObjPin(attr *ObjPinAttr) error { @@ -953,11 +971,13 @@ func ObjPin(attr *ObjPinAttr) error { } type ProgAttachAttr struct { - TargetFd uint32 - AttachBpfFd uint32 - AttachType uint32 - AttachFlags uint32 - ReplaceBpfFd uint32 + TargetFd uint32 + AttachBpfFd uint32 + AttachType uint32 + AttachFlags uint32 + ReplaceBpfFd uint32 + RelativeFd uint32 + ExpectedRevision uint64 } func ProgAttach(attr *ProgAttachAttr) error { @@ -1033,7 +1053,7 @@ type ProgLoadAttr struct { FdArray Pointer CoreRelos Pointer CoreReloRecSize uint32 - _ [4]byte + LogTrueSize uint32 } func ProgLoad(attr *ProgLoadAttr) (*FD, error) { @@ -1052,7 +1072,10 @@ type ProgQueryAttr struct { ProgIds Pointer ProgCount uint32 _ [4]byte - ProgAttachFlags uint64 + ProgAttachFlags Pointer + LinkIds Pointer + LinkAttachFlags Pointer + Revision uint64 } func ProgQuery(attr *ProgQueryAttr) error { diff --git a/vendor/github.com/cilium/ebpf/linker.go b/vendor/github.com/cilium/ebpf/linker.go index b653b805e6b..cf5b02ddf58 100644 --- a/vendor/github.com/cilium/ebpf/linker.go +++ b/vendor/github.com/cilium/ebpf/linker.go @@ -7,6 +7,8 @@ import ( "io" "math" + "golang.org/x/exp/slices" + "github.com/cilium/ebpf/asm" "github.com/cilium/ebpf/btf" "github.com/cilium/ebpf/internal" @@ -57,21 +59,33 @@ func splitSymbols(insns asm.Instructions) (map[string]asm.Instructions, error) { return nil, errors.New("insns is empty") } - if insns[0].Symbol() == "" { + currentSym := insns[0].Symbol() + if currentSym == "" { return nil, errors.New("insns must start with a Symbol") } - var name string + start := 0 progs := make(map[string]asm.Instructions) - for _, ins := range insns { - if sym := ins.Symbol(); sym != "" { - if progs[sym] != nil { - return nil, fmt.Errorf("insns contains duplicate Symbol %s", sym) - } - name = sym + for i, ins := range insns[1:] { + i := i + 1 + + sym := ins.Symbol() + if sym == "" { + continue } - progs[name] = append(progs[name], ins) + // New symbol, flush the old one out. + progs[currentSym] = slices.Clone(insns[start:i]) + + if progs[sym] != nil { + return nil, fmt.Errorf("insns contains duplicate Symbol %s", sym) + } + currentSym = sym + start = i + } + + if tail := insns[start:]; len(tail) > 0 { + progs[currentSym] = slices.Clone(tail) } return progs, nil diff --git a/vendor/github.com/cilium/ebpf/map.go b/vendor/github.com/cilium/ebpf/map.go index 7f6184850ba..ce945ace083 100644 --- a/vendor/github.com/cilium/ebpf/map.go +++ b/vendor/github.com/cilium/ebpf/map.go @@ -9,6 +9,7 @@ import ( "os" "path/filepath" "reflect" + "strings" "time" "unsafe" @@ -190,26 +191,32 @@ func (ms *MapSpec) Compatible(m *Map) error { return err } - switch { - case m.typ != ms.Type: - return fmt.Errorf("expected type %v, got %v: %w", ms.Type, m.typ, ErrMapIncompatible) - - case m.keySize != ms.KeySize: - return fmt.Errorf("expected key size %v, got %v: %w", ms.KeySize, m.keySize, ErrMapIncompatible) - - case m.valueSize != ms.ValueSize: - return fmt.Errorf("expected value size %v, got %v: %w", ms.ValueSize, m.valueSize, ErrMapIncompatible) + diffs := []string{} + if m.typ != ms.Type { + diffs = append(diffs, fmt.Sprintf("Type: %s changed to %s", m.typ, ms.Type)) + } + if m.keySize != ms.KeySize { + diffs = append(diffs, fmt.Sprintf("KeySize: %d changed to %d", m.keySize, ms.KeySize)) + } + if m.valueSize != ms.ValueSize { + diffs = append(diffs, fmt.Sprintf("ValueSize: %d changed to %d", m.valueSize, ms.ValueSize)) + } + if m.maxEntries != ms.MaxEntries { + diffs = append(diffs, fmt.Sprintf("MaxEntries: %d changed to %d", m.maxEntries, ms.MaxEntries)) + } - case m.maxEntries != ms.MaxEntries: - return fmt.Errorf("expected max entries %v, got %v: %w", ms.MaxEntries, m.maxEntries, ErrMapIncompatible) + // BPF_F_RDONLY_PROG is set unconditionally for devmaps. Explicitly allow this + // mismatch. + if !((ms.Type == DevMap || ms.Type == DevMapHash) && m.flags^ms.Flags == unix.BPF_F_RDONLY_PROG) && + m.flags != ms.Flags { + diffs = append(diffs, fmt.Sprintf("Flags: %d changed to %d", m.flags, ms.Flags)) + } - // BPF_F_RDONLY_PROG is set unconditionally for devmaps. Explicitly allow - // this mismatch. - case !((ms.Type == DevMap || ms.Type == DevMapHash) && m.flags^ms.Flags == unix.BPF_F_RDONLY_PROG) && - m.flags != ms.Flags: - return fmt.Errorf("expected flags %v, got %v: %w", ms.Flags, m.flags, ErrMapIncompatible) + if len(diffs) == 0 { + return nil } - return nil + + return fmt.Errorf("%s: %w", strings.Join(diffs, ", "), ErrMapIncompatible) } // Map represents a Map file descriptor. diff --git a/vendor/golang.org/x/sys/execabs/execabs_go118.go b/vendor/golang.org/x/sys/execabs/execabs_go118.go index 2000064a812..5627d70e398 100644 --- a/vendor/golang.org/x/sys/execabs/execabs_go118.go +++ b/vendor/golang.org/x/sys/execabs/execabs_go118.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build !go1.19 -// +build !go1.19 package execabs diff --git a/vendor/golang.org/x/sys/execabs/execabs_go119.go b/vendor/golang.org/x/sys/execabs/execabs_go119.go index f364b341892..d60ab1b4195 100644 --- a/vendor/golang.org/x/sys/execabs/execabs_go119.go +++ b/vendor/golang.org/x/sys/execabs/execabs_go119.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build go1.19 -// +build go1.19 package execabs diff --git a/vendor/golang.org/x/sys/unix/aliases.go b/vendor/golang.org/x/sys/unix/aliases.go index abc89c104a8..e7d3df4bd36 100644 --- a/vendor/golang.org/x/sys/unix/aliases.go +++ b/vendor/golang.org/x/sys/unix/aliases.go @@ -3,8 +3,6 @@ // license that can be found in the LICENSE file. //go:build (aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos) && go1.9 -// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos -// +build go1.9 package unix diff --git a/vendor/golang.org/x/sys/unix/asm_aix_ppc64.s b/vendor/golang.org/x/sys/unix/asm_aix_ppc64.s index db9171c2e49..269e173ca46 100644 --- a/vendor/golang.org/x/sys/unix/asm_aix_ppc64.s +++ b/vendor/golang.org/x/sys/unix/asm_aix_ppc64.s @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build gc -// +build gc #include "textflag.h" diff --git a/vendor/golang.org/x/sys/unix/asm_bsd_386.s b/vendor/golang.org/x/sys/unix/asm_bsd_386.s index e0fcd9b3dee..a4fcef0e0d7 100644 --- a/vendor/golang.org/x/sys/unix/asm_bsd_386.s +++ b/vendor/golang.org/x/sys/unix/asm_bsd_386.s @@ -3,8 +3,6 @@ // license that can be found in the LICENSE file. //go:build (freebsd || netbsd || openbsd) && gc -// +build freebsd netbsd openbsd -// +build gc #include "textflag.h" diff --git a/vendor/golang.org/x/sys/unix/asm_bsd_amd64.s b/vendor/golang.org/x/sys/unix/asm_bsd_amd64.s index 2b99c349a2d..1e63615c570 100644 --- a/vendor/golang.org/x/sys/unix/asm_bsd_amd64.s +++ b/vendor/golang.org/x/sys/unix/asm_bsd_amd64.s @@ -3,8 +3,6 @@ // license that can be found in the LICENSE file. //go:build (darwin || dragonfly || freebsd || netbsd || openbsd) && gc -// +build darwin dragonfly freebsd netbsd openbsd -// +build gc #include "textflag.h" diff --git a/vendor/golang.org/x/sys/unix/asm_bsd_arm.s b/vendor/golang.org/x/sys/unix/asm_bsd_arm.s index d702d4adc77..6496c310087 100644 --- a/vendor/golang.org/x/sys/unix/asm_bsd_arm.s +++ b/vendor/golang.org/x/sys/unix/asm_bsd_arm.s @@ -3,8 +3,6 @@ // license that can be found in the LICENSE file. //go:build (freebsd || netbsd || openbsd) && gc -// +build freebsd netbsd openbsd -// +build gc #include "textflag.h" diff --git a/vendor/golang.org/x/sys/unix/asm_bsd_arm64.s b/vendor/golang.org/x/sys/unix/asm_bsd_arm64.s index fe36a7391a6..4fd1f54daaa 100644 --- a/vendor/golang.org/x/sys/unix/asm_bsd_arm64.s +++ b/vendor/golang.org/x/sys/unix/asm_bsd_arm64.s @@ -3,8 +3,6 @@ // license that can be found in the LICENSE file. //go:build (darwin || freebsd || netbsd || openbsd) && gc -// +build darwin freebsd netbsd openbsd -// +build gc #include "textflag.h" diff --git a/vendor/golang.org/x/sys/unix/asm_bsd_ppc64.s b/vendor/golang.org/x/sys/unix/asm_bsd_ppc64.s index e5b9a84899a..42f7eb9e474 100644 --- a/vendor/golang.org/x/sys/unix/asm_bsd_ppc64.s +++ b/vendor/golang.org/x/sys/unix/asm_bsd_ppc64.s @@ -3,8 +3,6 @@ // license that can be found in the LICENSE file. //go:build (darwin || freebsd || netbsd || openbsd) && gc -// +build darwin freebsd netbsd openbsd -// +build gc #include "textflag.h" diff --git a/vendor/golang.org/x/sys/unix/asm_bsd_riscv64.s b/vendor/golang.org/x/sys/unix/asm_bsd_riscv64.s index d560019ea29..f8902667e97 100644 --- a/vendor/golang.org/x/sys/unix/asm_bsd_riscv64.s +++ b/vendor/golang.org/x/sys/unix/asm_bsd_riscv64.s @@ -3,8 +3,6 @@ // license that can be found in the LICENSE file. //go:build (darwin || freebsd || netbsd || openbsd) && gc -// +build darwin freebsd netbsd openbsd -// +build gc #include "textflag.h" diff --git a/vendor/golang.org/x/sys/unix/asm_linux_386.s b/vendor/golang.org/x/sys/unix/asm_linux_386.s index 8fd101d0716..3b4734870d9 100644 --- a/vendor/golang.org/x/sys/unix/asm_linux_386.s +++ b/vendor/golang.org/x/sys/unix/asm_linux_386.s @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build gc -// +build gc #include "textflag.h" diff --git a/vendor/golang.org/x/sys/unix/asm_linux_amd64.s b/vendor/golang.org/x/sys/unix/asm_linux_amd64.s index 7ed38e43c67..67e29f3178b 100644 --- a/vendor/golang.org/x/sys/unix/asm_linux_amd64.s +++ b/vendor/golang.org/x/sys/unix/asm_linux_amd64.s @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build gc -// +build gc #include "textflag.h" diff --git a/vendor/golang.org/x/sys/unix/asm_linux_arm.s b/vendor/golang.org/x/sys/unix/asm_linux_arm.s index 8ef1d51402a..d6ae269ce16 100644 --- a/vendor/golang.org/x/sys/unix/asm_linux_arm.s +++ b/vendor/golang.org/x/sys/unix/asm_linux_arm.s @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build gc -// +build gc #include "textflag.h" diff --git a/vendor/golang.org/x/sys/unix/asm_linux_arm64.s b/vendor/golang.org/x/sys/unix/asm_linux_arm64.s index 98ae02760da..01e5e253c68 100644 --- a/vendor/golang.org/x/sys/unix/asm_linux_arm64.s +++ b/vendor/golang.org/x/sys/unix/asm_linux_arm64.s @@ -3,9 +3,6 @@ // license that can be found in the LICENSE file. //go:build linux && arm64 && gc -// +build linux -// +build arm64 -// +build gc #include "textflag.h" diff --git a/vendor/golang.org/x/sys/unix/asm_linux_loong64.s b/vendor/golang.org/x/sys/unix/asm_linux_loong64.s index 565357288a8..2abf12f6e87 100644 --- a/vendor/golang.org/x/sys/unix/asm_linux_loong64.s +++ b/vendor/golang.org/x/sys/unix/asm_linux_loong64.s @@ -3,9 +3,6 @@ // license that can be found in the LICENSE file. //go:build linux && loong64 && gc -// +build linux -// +build loong64 -// +build gc #include "textflag.h" diff --git a/vendor/golang.org/x/sys/unix/asm_linux_mips64x.s b/vendor/golang.org/x/sys/unix/asm_linux_mips64x.s index 21231d2ce13..f84bae7120e 100644 --- a/vendor/golang.org/x/sys/unix/asm_linux_mips64x.s +++ b/vendor/golang.org/x/sys/unix/asm_linux_mips64x.s @@ -3,9 +3,6 @@ // license that can be found in the LICENSE file. //go:build linux && (mips64 || mips64le) && gc -// +build linux -// +build mips64 mips64le -// +build gc #include "textflag.h" diff --git a/vendor/golang.org/x/sys/unix/asm_linux_mipsx.s b/vendor/golang.org/x/sys/unix/asm_linux_mipsx.s index 6783b26c606..f08f6280772 100644 --- a/vendor/golang.org/x/sys/unix/asm_linux_mipsx.s +++ b/vendor/golang.org/x/sys/unix/asm_linux_mipsx.s @@ -3,9 +3,6 @@ // license that can be found in the LICENSE file. //go:build linux && (mips || mipsle) && gc -// +build linux -// +build mips mipsle -// +build gc #include "textflag.h" diff --git a/vendor/golang.org/x/sys/unix/asm_linux_ppc64x.s b/vendor/golang.org/x/sys/unix/asm_linux_ppc64x.s index 19d4989344d..bdfc024d2d3 100644 --- a/vendor/golang.org/x/sys/unix/asm_linux_ppc64x.s +++ b/vendor/golang.org/x/sys/unix/asm_linux_ppc64x.s @@ -3,9 +3,6 @@ // license that can be found in the LICENSE file. //go:build linux && (ppc64 || ppc64le) && gc -// +build linux -// +build ppc64 ppc64le -// +build gc #include "textflag.h" diff --git a/vendor/golang.org/x/sys/unix/asm_linux_riscv64.s b/vendor/golang.org/x/sys/unix/asm_linux_riscv64.s index e42eb81d583..2e8c9961203 100644 --- a/vendor/golang.org/x/sys/unix/asm_linux_riscv64.s +++ b/vendor/golang.org/x/sys/unix/asm_linux_riscv64.s @@ -3,8 +3,6 @@ // license that can be found in the LICENSE file. //go:build riscv64 && gc -// +build riscv64 -// +build gc #include "textflag.h" diff --git a/vendor/golang.org/x/sys/unix/asm_linux_s390x.s b/vendor/golang.org/x/sys/unix/asm_linux_s390x.s index c46aab33959..2c394b11ebd 100644 --- a/vendor/golang.org/x/sys/unix/asm_linux_s390x.s +++ b/vendor/golang.org/x/sys/unix/asm_linux_s390x.s @@ -3,9 +3,6 @@ // license that can be found in the LICENSE file. //go:build linux && s390x && gc -// +build linux -// +build s390x -// +build gc #include "textflag.h" diff --git a/vendor/golang.org/x/sys/unix/asm_openbsd_mips64.s b/vendor/golang.org/x/sys/unix/asm_openbsd_mips64.s index 5e7a1169c05..fab586a2c41 100644 --- a/vendor/golang.org/x/sys/unix/asm_openbsd_mips64.s +++ b/vendor/golang.org/x/sys/unix/asm_openbsd_mips64.s @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build gc -// +build gc #include "textflag.h" diff --git a/vendor/golang.org/x/sys/unix/asm_solaris_amd64.s b/vendor/golang.org/x/sys/unix/asm_solaris_amd64.s index f8c5394c1a7..f949ec5476d 100644 --- a/vendor/golang.org/x/sys/unix/asm_solaris_amd64.s +++ b/vendor/golang.org/x/sys/unix/asm_solaris_amd64.s @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build gc -// +build gc #include "textflag.h" diff --git a/vendor/golang.org/x/sys/unix/asm_zos_s390x.s b/vendor/golang.org/x/sys/unix/asm_zos_s390x.s index 3b54e185813..2f67ba86d57 100644 --- a/vendor/golang.org/x/sys/unix/asm_zos_s390x.s +++ b/vendor/golang.org/x/sys/unix/asm_zos_s390x.s @@ -3,9 +3,6 @@ // license that can be found in the LICENSE file. //go:build zos && s390x && gc -// +build zos -// +build s390x -// +build gc #include "textflag.h" diff --git a/vendor/golang.org/x/sys/unix/cap_freebsd.go b/vendor/golang.org/x/sys/unix/cap_freebsd.go index 0b7c6adb866..a08657890f3 100644 --- a/vendor/golang.org/x/sys/unix/cap_freebsd.go +++ b/vendor/golang.org/x/sys/unix/cap_freebsd.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build freebsd -// +build freebsd package unix diff --git a/vendor/golang.org/x/sys/unix/constants.go b/vendor/golang.org/x/sys/unix/constants.go index 394a3965b68..6fb7cb77d0a 100644 --- a/vendor/golang.org/x/sys/unix/constants.go +++ b/vendor/golang.org/x/sys/unix/constants.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos -// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos package unix diff --git a/vendor/golang.org/x/sys/unix/dev_aix_ppc.go b/vendor/golang.org/x/sys/unix/dev_aix_ppc.go index 65a998508db..d7851346177 100644 --- a/vendor/golang.org/x/sys/unix/dev_aix_ppc.go +++ b/vendor/golang.org/x/sys/unix/dev_aix_ppc.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build aix && ppc -// +build aix,ppc // Functions to access/create device major and minor numbers matching the // encoding used by AIX. diff --git a/vendor/golang.org/x/sys/unix/dev_aix_ppc64.go b/vendor/golang.org/x/sys/unix/dev_aix_ppc64.go index 8fc08ad0aae..623a5e6973a 100644 --- a/vendor/golang.org/x/sys/unix/dev_aix_ppc64.go +++ b/vendor/golang.org/x/sys/unix/dev_aix_ppc64.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build aix && ppc64 -// +build aix,ppc64 // Functions to access/create device major and minor numbers matching the // encoding used AIX. diff --git a/vendor/golang.org/x/sys/unix/dev_zos.go b/vendor/golang.org/x/sys/unix/dev_zos.go index a388e59a0e0..bb6a64fe92d 100644 --- a/vendor/golang.org/x/sys/unix/dev_zos.go +++ b/vendor/golang.org/x/sys/unix/dev_zos.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build zos && s390x -// +build zos,s390x // Functions to access/create device major and minor numbers matching the // encoding used by z/OS. diff --git a/vendor/golang.org/x/sys/unix/dirent.go b/vendor/golang.org/x/sys/unix/dirent.go index 2499f977b07..1ebf1178269 100644 --- a/vendor/golang.org/x/sys/unix/dirent.go +++ b/vendor/golang.org/x/sys/unix/dirent.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos -// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos package unix diff --git a/vendor/golang.org/x/sys/unix/endian_big.go b/vendor/golang.org/x/sys/unix/endian_big.go index a5202655768..1095fd31d68 100644 --- a/vendor/golang.org/x/sys/unix/endian_big.go +++ b/vendor/golang.org/x/sys/unix/endian_big.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. // //go:build armbe || arm64be || m68k || mips || mips64 || mips64p32 || ppc || ppc64 || s390 || s390x || shbe || sparc || sparc64 -// +build armbe arm64be m68k mips mips64 mips64p32 ppc ppc64 s390 s390x shbe sparc sparc64 package unix diff --git a/vendor/golang.org/x/sys/unix/endian_little.go b/vendor/golang.org/x/sys/unix/endian_little.go index b0f2bc4ae3b..b9f0e277b14 100644 --- a/vendor/golang.org/x/sys/unix/endian_little.go +++ b/vendor/golang.org/x/sys/unix/endian_little.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. // //go:build 386 || amd64 || amd64p32 || alpha || arm || arm64 || loong64 || mipsle || mips64le || mips64p32le || nios2 || ppc64le || riscv || riscv64 || sh -// +build 386 amd64 amd64p32 alpha arm arm64 loong64 mipsle mips64le mips64p32le nios2 ppc64le riscv riscv64 sh package unix diff --git a/vendor/golang.org/x/sys/unix/env_unix.go b/vendor/golang.org/x/sys/unix/env_unix.go index 29ccc4d1334..a96da71f473 100644 --- a/vendor/golang.org/x/sys/unix/env_unix.go +++ b/vendor/golang.org/x/sys/unix/env_unix.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos -// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos // Unix environment variables. diff --git a/vendor/golang.org/x/sys/unix/epoll_zos.go b/vendor/golang.org/x/sys/unix/epoll_zos.go index cedaf7e024b..7753fddea81 100644 --- a/vendor/golang.org/x/sys/unix/epoll_zos.go +++ b/vendor/golang.org/x/sys/unix/epoll_zos.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build zos && s390x -// +build zos,s390x package unix diff --git a/vendor/golang.org/x/sys/unix/fcntl.go b/vendor/golang.org/x/sys/unix/fcntl.go index e9b991258c1..6200876fb28 100644 --- a/vendor/golang.org/x/sys/unix/fcntl.go +++ b/vendor/golang.org/x/sys/unix/fcntl.go @@ -2,8 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build dragonfly || freebsd || linux || netbsd || openbsd -// +build dragonfly freebsd linux netbsd openbsd +//go:build dragonfly || freebsd || linux || netbsd package unix diff --git a/vendor/golang.org/x/sys/unix/fcntl_linux_32bit.go b/vendor/golang.org/x/sys/unix/fcntl_linux_32bit.go index 29d44808b1d..13b4acd5c69 100644 --- a/vendor/golang.org/x/sys/unix/fcntl_linux_32bit.go +++ b/vendor/golang.org/x/sys/unix/fcntl_linux_32bit.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build (linux && 386) || (linux && arm) || (linux && mips) || (linux && mipsle) || (linux && ppc) -// +build linux,386 linux,arm linux,mips linux,mipsle linux,ppc package unix diff --git a/vendor/golang.org/x/sys/unix/fdset.go b/vendor/golang.org/x/sys/unix/fdset.go index a8068f94f29..9e83d18cd04 100644 --- a/vendor/golang.org/x/sys/unix/fdset.go +++ b/vendor/golang.org/x/sys/unix/fdset.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos -// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos package unix diff --git a/vendor/golang.org/x/sys/unix/fstatfs_zos.go b/vendor/golang.org/x/sys/unix/fstatfs_zos.go index e377cc9f49c..c8bde601e77 100644 --- a/vendor/golang.org/x/sys/unix/fstatfs_zos.go +++ b/vendor/golang.org/x/sys/unix/fstatfs_zos.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build zos && s390x -// +build zos,s390x package unix diff --git a/vendor/golang.org/x/sys/unix/gccgo.go b/vendor/golang.org/x/sys/unix/gccgo.go index b06f52d748f..aca5721ddcc 100644 --- a/vendor/golang.org/x/sys/unix/gccgo.go +++ b/vendor/golang.org/x/sys/unix/gccgo.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build gccgo && !aix && !hurd -// +build gccgo,!aix,!hurd package unix diff --git a/vendor/golang.org/x/sys/unix/gccgo_c.c b/vendor/golang.org/x/sys/unix/gccgo_c.c index f98a1c542f0..d468b7b47f1 100644 --- a/vendor/golang.org/x/sys/unix/gccgo_c.c +++ b/vendor/golang.org/x/sys/unix/gccgo_c.c @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build gccgo && !aix && !hurd -// +build gccgo,!aix,!hurd #include #include diff --git a/vendor/golang.org/x/sys/unix/gccgo_linux_amd64.go b/vendor/golang.org/x/sys/unix/gccgo_linux_amd64.go index e60e49a3d9c..972d61bd754 100644 --- a/vendor/golang.org/x/sys/unix/gccgo_linux_amd64.go +++ b/vendor/golang.org/x/sys/unix/gccgo_linux_amd64.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build gccgo && linux && amd64 -// +build gccgo,linux,amd64 package unix diff --git a/vendor/golang.org/x/sys/unix/ifreq_linux.go b/vendor/golang.org/x/sys/unix/ifreq_linux.go index 15721a5104e..848840ae4c7 100644 --- a/vendor/golang.org/x/sys/unix/ifreq_linux.go +++ b/vendor/golang.org/x/sys/unix/ifreq_linux.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build linux -// +build linux package unix diff --git a/vendor/golang.org/x/sys/unix/ioctl_signed.go b/vendor/golang.org/x/sys/unix/ioctl_signed.go index 7def9580e6f..5b0759bd865 100644 --- a/vendor/golang.org/x/sys/unix/ioctl_signed.go +++ b/vendor/golang.org/x/sys/unix/ioctl_signed.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build aix || solaris -// +build aix solaris package unix diff --git a/vendor/golang.org/x/sys/unix/ioctl_unsigned.go b/vendor/golang.org/x/sys/unix/ioctl_unsigned.go index 649913d1ea7..20f470b9d09 100644 --- a/vendor/golang.org/x/sys/unix/ioctl_unsigned.go +++ b/vendor/golang.org/x/sys/unix/ioctl_unsigned.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build darwin || dragonfly || freebsd || hurd || linux || netbsd || openbsd -// +build darwin dragonfly freebsd hurd linux netbsd openbsd package unix diff --git a/vendor/golang.org/x/sys/unix/ioctl_zos.go b/vendor/golang.org/x/sys/unix/ioctl_zos.go index cdc21bf76dc..c8b2a750f8c 100644 --- a/vendor/golang.org/x/sys/unix/ioctl_zos.go +++ b/vendor/golang.org/x/sys/unix/ioctl_zos.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build zos && s390x -// +build zos,s390x package unix diff --git a/vendor/golang.org/x/sys/unix/mkerrors.sh b/vendor/golang.org/x/sys/unix/mkerrors.sh index 47fa6a7ebd4..5dda44503ea 100644 --- a/vendor/golang.org/x/sys/unix/mkerrors.sh +++ b/vendor/golang.org/x/sys/unix/mkerrors.sh @@ -560,7 +560,7 @@ ccflags="$@" $2 ~ /^RLIMIT_(AS|CORE|CPU|DATA|FSIZE|LOCKS|MEMLOCK|MSGQUEUE|NICE|NOFILE|NPROC|RSS|RTPRIO|RTTIME|SIGPENDING|STACK)|RLIM_INFINITY/ || $2 ~ /^PRIO_(PROCESS|PGRP|USER)/ || $2 ~ /^CLONE_[A-Z_]+/ || - $2 !~ /^(BPF_TIMEVAL|BPF_FIB_LOOKUP_[A-Z]+)$/ && + $2 !~ /^(BPF_TIMEVAL|BPF_FIB_LOOKUP_[A-Z]+|BPF_F_LINK)$/ && $2 ~ /^(BPF|DLT)_/ || $2 ~ /^AUDIT_/ || $2 ~ /^(CLOCK|TIMER)_/ || @@ -663,7 +663,6 @@ echo '// mkerrors.sh' "$@" echo '// Code generated by the command above; see README.md. DO NOT EDIT.' echo echo "//go:build ${GOARCH} && ${GOOS}" -echo "// +build ${GOARCH},${GOOS}" echo go tool cgo -godefs -- "$@" _const.go >_error.out cat _error.out | grep -vf _error.grep | grep -vf _signal.grep diff --git a/vendor/golang.org/x/sys/unix/mmap_nomremap.go b/vendor/golang.org/x/sys/unix/mmap_nomremap.go index ca0513632ee..4b68e59780a 100644 --- a/vendor/golang.org/x/sys/unix/mmap_nomremap.go +++ b/vendor/golang.org/x/sys/unix/mmap_nomremap.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build aix || darwin || dragonfly || freebsd || openbsd || solaris -// +build aix darwin dragonfly freebsd openbsd solaris package unix diff --git a/vendor/golang.org/x/sys/unix/mremap.go b/vendor/golang.org/x/sys/unix/mremap.go index fa93d0aa904..fd45fe529da 100644 --- a/vendor/golang.org/x/sys/unix/mremap.go +++ b/vendor/golang.org/x/sys/unix/mremap.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build linux || netbsd -// +build linux netbsd package unix diff --git a/vendor/golang.org/x/sys/unix/pagesize_unix.go b/vendor/golang.org/x/sys/unix/pagesize_unix.go index 53f1b4c5b81..4d0a3430edc 100644 --- a/vendor/golang.org/x/sys/unix/pagesize_unix.go +++ b/vendor/golang.org/x/sys/unix/pagesize_unix.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris -// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris // For Unix, get the pagesize from the runtime. diff --git a/vendor/golang.org/x/sys/unix/pledge_openbsd.go b/vendor/golang.org/x/sys/unix/pledge_openbsd.go index eb48294b274..6a09af53e6b 100644 --- a/vendor/golang.org/x/sys/unix/pledge_openbsd.go +++ b/vendor/golang.org/x/sys/unix/pledge_openbsd.go @@ -8,54 +8,31 @@ import ( "errors" "fmt" "strconv" - "syscall" - "unsafe" ) // Pledge implements the pledge syscall. // -// The pledge syscall does not accept execpromises on OpenBSD releases -// before 6.3. -// -// execpromises must be empty when Pledge is called on OpenBSD -// releases predating 6.3, otherwise an error will be returned. +// This changes both the promises and execpromises; use PledgePromises or +// PledgeExecpromises to only change the promises or execpromises +// respectively. // // For more information see pledge(2). func Pledge(promises, execpromises string) error { - maj, min, err := majmin() - if err != nil { + if err := pledgeAvailable(); err != nil { return err } - err = pledgeAvailable(maj, min, execpromises) + pptr, err := BytePtrFromString(promises) if err != nil { return err } - pptr, err := syscall.BytePtrFromString(promises) + exptr, err := BytePtrFromString(execpromises) if err != nil { return err } - // This variable will hold either a nil unsafe.Pointer or - // an unsafe.Pointer to a string (execpromises). - var expr unsafe.Pointer - - // If we're running on OpenBSD > 6.2, pass execpromises to the syscall. - if maj > 6 || (maj == 6 && min > 2) { - exptr, err := syscall.BytePtrFromString(execpromises) - if err != nil { - return err - } - expr = unsafe.Pointer(exptr) - } - - _, _, e := syscall.Syscall(SYS_PLEDGE, uintptr(unsafe.Pointer(pptr)), uintptr(expr), 0) - if e != 0 { - return e - } - - return nil + return pledge(pptr, exptr) } // PledgePromises implements the pledge syscall. @@ -64,30 +41,16 @@ func Pledge(promises, execpromises string) error { // // For more information see pledge(2). func PledgePromises(promises string) error { - maj, min, err := majmin() - if err != nil { - return err - } - - err = pledgeAvailable(maj, min, "") - if err != nil { + if err := pledgeAvailable(); err != nil { return err } - // This variable holds the execpromises and is always nil. - var expr unsafe.Pointer - - pptr, err := syscall.BytePtrFromString(promises) + pptr, err := BytePtrFromString(promises) if err != nil { return err } - _, _, e := syscall.Syscall(SYS_PLEDGE, uintptr(unsafe.Pointer(pptr)), uintptr(expr), 0) - if e != 0 { - return e - } - - return nil + return pledge(pptr, nil) } // PledgeExecpromises implements the pledge syscall. @@ -96,30 +59,16 @@ func PledgePromises(promises string) error { // // For more information see pledge(2). func PledgeExecpromises(execpromises string) error { - maj, min, err := majmin() - if err != nil { + if err := pledgeAvailable(); err != nil { return err } - err = pledgeAvailable(maj, min, execpromises) + exptr, err := BytePtrFromString(execpromises) if err != nil { return err } - // This variable holds the promises and is always nil. - var pptr unsafe.Pointer - - exptr, err := syscall.BytePtrFromString(execpromises) - if err != nil { - return err - } - - _, _, e := syscall.Syscall(SYS_PLEDGE, uintptr(pptr), uintptr(unsafe.Pointer(exptr)), 0) - if e != 0 { - return e - } - - return nil + return pledge(nil, exptr) } // majmin returns major and minor version number for an OpenBSD system. @@ -147,16 +96,15 @@ func majmin() (major int, minor int, err error) { // pledgeAvailable checks for availability of the pledge(2) syscall // based on the running OpenBSD version. -func pledgeAvailable(maj, min int, execpromises string) error { - // If OpenBSD <= 5.9, pledge is not available. - if (maj == 5 && min != 9) || maj < 5 { - return fmt.Errorf("pledge syscall is not available on OpenBSD %d.%d", maj, min) +func pledgeAvailable() error { + maj, min, err := majmin() + if err != nil { + return err } - // If OpenBSD <= 6.2 and execpromises is not empty, - // return an error - execpromises is not available before 6.3 - if (maj < 6 || (maj == 6 && min <= 2)) && execpromises != "" { - return fmt.Errorf("cannot use execpromises on OpenBSD %d.%d", maj, min) + // Require OpenBSD 6.4 as a minimum. + if maj < 6 || (maj == 6 && min <= 3) { + return fmt.Errorf("cannot call Pledge on OpenBSD %d.%d", maj, min) } return nil diff --git a/vendor/golang.org/x/sys/unix/ptrace_darwin.go b/vendor/golang.org/x/sys/unix/ptrace_darwin.go index 463c3eff7fd..3f0975f3de7 100644 --- a/vendor/golang.org/x/sys/unix/ptrace_darwin.go +++ b/vendor/golang.org/x/sys/unix/ptrace_darwin.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build darwin && !ios -// +build darwin,!ios package unix diff --git a/vendor/golang.org/x/sys/unix/ptrace_ios.go b/vendor/golang.org/x/sys/unix/ptrace_ios.go index ed0509a0117..a4d35db5dc2 100644 --- a/vendor/golang.org/x/sys/unix/ptrace_ios.go +++ b/vendor/golang.org/x/sys/unix/ptrace_ios.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build ios -// +build ios package unix diff --git a/vendor/golang.org/x/sys/unix/race.go b/vendor/golang.org/x/sys/unix/race.go index 6f6c5fec5ae..714d2aae7c0 100644 --- a/vendor/golang.org/x/sys/unix/race.go +++ b/vendor/golang.org/x/sys/unix/race.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build (darwin && race) || (linux && race) || (freebsd && race) -// +build darwin,race linux,race freebsd,race package unix diff --git a/vendor/golang.org/x/sys/unix/race0.go b/vendor/golang.org/x/sys/unix/race0.go index 706e1322ae4..4a9f6634c98 100644 --- a/vendor/golang.org/x/sys/unix/race0.go +++ b/vendor/golang.org/x/sys/unix/race0.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build aix || (darwin && !race) || (linux && !race) || (freebsd && !race) || netbsd || openbsd || solaris || dragonfly || zos -// +build aix darwin,!race linux,!race freebsd,!race netbsd openbsd solaris dragonfly zos package unix diff --git a/vendor/golang.org/x/sys/unix/readdirent_getdents.go b/vendor/golang.org/x/sys/unix/readdirent_getdents.go index 4d6257569ea..dbd2b6ccb1b 100644 --- a/vendor/golang.org/x/sys/unix/readdirent_getdents.go +++ b/vendor/golang.org/x/sys/unix/readdirent_getdents.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build aix || dragonfly || freebsd || linux || netbsd || openbsd -// +build aix dragonfly freebsd linux netbsd openbsd package unix diff --git a/vendor/golang.org/x/sys/unix/readdirent_getdirentries.go b/vendor/golang.org/x/sys/unix/readdirent_getdirentries.go index 2a4ba47c45b..130398b6b76 100644 --- a/vendor/golang.org/x/sys/unix/readdirent_getdirentries.go +++ b/vendor/golang.org/x/sys/unix/readdirent_getdirentries.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build darwin -// +build darwin package unix diff --git a/vendor/golang.org/x/sys/unix/sockcmsg_unix.go b/vendor/golang.org/x/sys/unix/sockcmsg_unix.go index 3865943f6e2..c3a62dbb1b6 100644 --- a/vendor/golang.org/x/sys/unix/sockcmsg_unix.go +++ b/vendor/golang.org/x/sys/unix/sockcmsg_unix.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos -// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos // Socket control messages diff --git a/vendor/golang.org/x/sys/unix/sockcmsg_unix_other.go b/vendor/golang.org/x/sys/unix/sockcmsg_unix_other.go index 0840fe4a574..4a1eab37ec0 100644 --- a/vendor/golang.org/x/sys/unix/sockcmsg_unix_other.go +++ b/vendor/golang.org/x/sys/unix/sockcmsg_unix_other.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build aix || darwin || freebsd || linux || netbsd || openbsd || solaris || zos -// +build aix darwin freebsd linux netbsd openbsd solaris zos package unix diff --git a/vendor/golang.org/x/sys/unix/syscall.go b/vendor/golang.org/x/sys/unix/syscall.go index 63e8c838317..5ea74da9820 100644 --- a/vendor/golang.org/x/sys/unix/syscall.go +++ b/vendor/golang.org/x/sys/unix/syscall.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos -// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos // Package unix contains an interface to the low-level operating system // primitives. OS details vary depending on the underlying system, and diff --git a/vendor/golang.org/x/sys/unix/syscall_aix.go b/vendor/golang.org/x/sys/unix/syscall_aix.go index e94e6cdac88..67ce6cef2d5 100644 --- a/vendor/golang.org/x/sys/unix/syscall_aix.go +++ b/vendor/golang.org/x/sys/unix/syscall_aix.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build aix -// +build aix // Aix system calls. // This file is compiled as ordinary Go code, @@ -107,7 +106,8 @@ func (sa *SockaddrUnix) sockaddr() (unsafe.Pointer, _Socklen, error) { if n > 0 { sl += _Socklen(n) + 1 } - if sa.raw.Path[0] == '@' { + if sa.raw.Path[0] == '@' || (sa.raw.Path[0] == 0 && sl > 3) { + // Check sl > 3 so we don't change unnamed socket behavior. sa.raw.Path[0] = 0 // Don't count trailing NUL for abstract address. sl-- diff --git a/vendor/golang.org/x/sys/unix/syscall_aix_ppc.go b/vendor/golang.org/x/sys/unix/syscall_aix_ppc.go index f2871fa9535..1fdaa476005 100644 --- a/vendor/golang.org/x/sys/unix/syscall_aix_ppc.go +++ b/vendor/golang.org/x/sys/unix/syscall_aix_ppc.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build aix && ppc -// +build aix,ppc package unix diff --git a/vendor/golang.org/x/sys/unix/syscall_aix_ppc64.go b/vendor/golang.org/x/sys/unix/syscall_aix_ppc64.go index 75718ec0f19..c87f9a9f456 100644 --- a/vendor/golang.org/x/sys/unix/syscall_aix_ppc64.go +++ b/vendor/golang.org/x/sys/unix/syscall_aix_ppc64.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build aix && ppc64 -// +build aix,ppc64 package unix diff --git a/vendor/golang.org/x/sys/unix/syscall_bsd.go b/vendor/golang.org/x/sys/unix/syscall_bsd.go index 4217de518bc..a00c3e5450b 100644 --- a/vendor/golang.org/x/sys/unix/syscall_bsd.go +++ b/vendor/golang.org/x/sys/unix/syscall_bsd.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build darwin || dragonfly || freebsd || netbsd || openbsd -// +build darwin dragonfly freebsd netbsd openbsd // BSD system call wrappers shared by *BSD based systems // including OS X (Darwin) and FreeBSD. Like the other @@ -317,7 +316,7 @@ func GetsockoptString(fd, level, opt int) (string, error) { if err != nil { return "", err } - return string(buf[:vallen-1]), nil + return ByteSliceToString(buf[:vallen]), nil } //sys recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go b/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go index b37310ce9b4..0eaecf5fc32 100644 --- a/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go +++ b/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build amd64 && darwin -// +build amd64,darwin package unix diff --git a/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go b/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go index d51ec996304..f36c6707cfb 100644 --- a/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go +++ b/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build arm64 && darwin -// +build arm64,darwin package unix diff --git a/vendor/golang.org/x/sys/unix/syscall_darwin_libSystem.go b/vendor/golang.org/x/sys/unix/syscall_darwin_libSystem.go index 53c96641f81..16dc6993799 100644 --- a/vendor/golang.org/x/sys/unix/syscall_darwin_libSystem.go +++ b/vendor/golang.org/x/sys/unix/syscall_darwin_libSystem.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build darwin && go1.12 -// +build darwin,go1.12 package unix diff --git a/vendor/golang.org/x/sys/unix/syscall_dragonfly_amd64.go b/vendor/golang.org/x/sys/unix/syscall_dragonfly_amd64.go index 4e2d32120a8..14bab6b2de5 100644 --- a/vendor/golang.org/x/sys/unix/syscall_dragonfly_amd64.go +++ b/vendor/golang.org/x/sys/unix/syscall_dragonfly_amd64.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build amd64 && dragonfly -// +build amd64,dragonfly package unix diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go index b8da510043c..3967bca772d 100644 --- a/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go +++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build 386 && freebsd -// +build 386,freebsd package unix diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go index 47155c48390..eff19ada235 100644 --- a/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go +++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build amd64 && freebsd -// +build amd64,freebsd package unix diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go index 08932093fa2..4f24b517a67 100644 --- a/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go +++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build arm && freebsd -// +build arm,freebsd package unix diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go index d151a0d0e53..ac30759ece1 100644 --- a/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go +++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build arm64 && freebsd -// +build arm64,freebsd package unix diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go index d5cd64b3787..aab725ca77f 100644 --- a/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go +++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build riscv64 && freebsd -// +build riscv64,freebsd package unix diff --git a/vendor/golang.org/x/sys/unix/syscall_hurd.go b/vendor/golang.org/x/sys/unix/syscall_hurd.go index 381fd4673be..ba46651f8e3 100644 --- a/vendor/golang.org/x/sys/unix/syscall_hurd.go +++ b/vendor/golang.org/x/sys/unix/syscall_hurd.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build hurd -// +build hurd package unix diff --git a/vendor/golang.org/x/sys/unix/syscall_hurd_386.go b/vendor/golang.org/x/sys/unix/syscall_hurd_386.go index 7cf54a3e4f1..df89f9e6b47 100644 --- a/vendor/golang.org/x/sys/unix/syscall_hurd_386.go +++ b/vendor/golang.org/x/sys/unix/syscall_hurd_386.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build 386 && hurd -// +build 386,hurd package unix diff --git a/vendor/golang.org/x/sys/unix/syscall_illumos.go b/vendor/golang.org/x/sys/unix/syscall_illumos.go index 87db5a6a8cc..a863f7052c7 100644 --- a/vendor/golang.org/x/sys/unix/syscall_illumos.go +++ b/vendor/golang.org/x/sys/unix/syscall_illumos.go @@ -5,7 +5,6 @@ // illumos system calls not present on Solaris. //go:build amd64 && illumos -// +build amd64,illumos package unix diff --git a/vendor/golang.org/x/sys/unix/syscall_linux.go b/vendor/golang.org/x/sys/unix/syscall_linux.go index fb4e50224c9..0f85e29e621 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux.go @@ -61,15 +61,23 @@ func FanotifyMark(fd int, flags uint, mask uint64, dirFd int, pathname string) ( } //sys fchmodat(dirfd int, path string, mode uint32) (err error) - -func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) { - // Linux fchmodat doesn't support the flags parameter. Mimick glibc's behavior - // and check the flags. Otherwise the mode would be applied to the symlink - // destination which is not what the user expects. - if flags&^AT_SYMLINK_NOFOLLOW != 0 { - return EINVAL - } else if flags&AT_SYMLINK_NOFOLLOW != 0 { - return EOPNOTSUPP +//sys fchmodat2(dirfd int, path string, mode uint32, flags int) (err error) + +func Fchmodat(dirfd int, path string, mode uint32, flags int) error { + // Linux fchmodat doesn't support the flags parameter, but fchmodat2 does. + // Try fchmodat2 if flags are specified. + if flags != 0 { + err := fchmodat2(dirfd, path, mode, flags) + if err == ENOSYS { + // fchmodat2 isn't available. If the flags are known to be valid, + // return EOPNOTSUPP to indicate that fchmodat doesn't support them. + if flags&^(AT_SYMLINK_NOFOLLOW|AT_EMPTY_PATH) != 0 { + return EINVAL + } else if flags&(AT_SYMLINK_NOFOLLOW|AT_EMPTY_PATH) != 0 { + return EOPNOTSUPP + } + } + return err } return fchmodat(dirfd, path, mode) } @@ -417,7 +425,8 @@ func (sa *SockaddrUnix) sockaddr() (unsafe.Pointer, _Socklen, error) { if n > 0 { sl += _Socklen(n) + 1 } - if sa.raw.Path[0] == '@' { + if sa.raw.Path[0] == '@' || (sa.raw.Path[0] == 0 && sl > 3) { + // Check sl > 3 so we don't change unnamed socket behavior. sa.raw.Path[0] = 0 // Don't count trailing NUL for abstract address. sl-- @@ -1301,7 +1310,7 @@ func GetsockoptString(fd, level, opt int) (string, error) { return "", err } } - return string(buf[:vallen-1]), nil + return ByteSliceToString(buf[:vallen]), nil } func GetsockoptTpacketStats(fd, level, opt int) (*TpacketStats, error) { @@ -2482,3 +2491,5 @@ func SchedGetAttr(pid int, flags uint) (*SchedAttr, error) { } return attr, nil } + +//sys Cachestat(fd uint, crange *CachestatRange, cstat *Cachestat_t, flags uint) (err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_386.go b/vendor/golang.org/x/sys/unix/syscall_linux_386.go index c7d9945ea19..506dafa7b4c 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_386.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_386.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build 386 && linux -// +build 386,linux package unix diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_alarm.go b/vendor/golang.org/x/sys/unix/syscall_linux_alarm.go index 08086ac6a4c..38d55641b52 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_alarm.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_alarm.go @@ -3,8 +3,6 @@ // license that can be found in the LICENSE file. //go:build linux && (386 || amd64 || mips || mipsle || mips64 || mipsle || ppc64 || ppc64le || ppc || s390x || sparc64) -// +build linux -// +build 386 amd64 mips mipsle mips64 mipsle ppc64 ppc64le ppc s390x sparc64 package unix diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go b/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go index 70601ce3692..d557cf8de3f 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build amd64 && linux -// +build amd64,linux package unix diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_amd64_gc.go b/vendor/golang.org/x/sys/unix/syscall_linux_amd64_gc.go index 8b0f0f3aa56..facdb83b23b 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_amd64_gc.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_amd64_gc.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build amd64 && linux && gc -// +build amd64,linux,gc package unix diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_arm.go b/vendor/golang.org/x/sys/unix/syscall_linux_arm.go index da2986415ae..cd2dd797fd6 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_arm.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_arm.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build arm && linux -// +build arm,linux package unix diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go b/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go index f5266689af0..cf2ee6c75ef 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build arm64 && linux -// +build arm64,linux package unix diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_gc.go b/vendor/golang.org/x/sys/unix/syscall_linux_gc.go index 2b1168d7d19..ffc4c2b635d 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_gc.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_gc.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build linux && gc -// +build linux,gc package unix diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_gc_386.go b/vendor/golang.org/x/sys/unix/syscall_linux_gc_386.go index 9843fb48960..9ebfdcf4478 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_gc_386.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_gc_386.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build linux && gc && 386 -// +build linux,gc,386 package unix diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_gc_arm.go b/vendor/golang.org/x/sys/unix/syscall_linux_gc_arm.go index a6008fccd59..5f2b57c4c27 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_gc_arm.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_gc_arm.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build arm && gc && linux -// +build arm,gc,linux package unix diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_386.go b/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_386.go index 7740af2428b..d1a3ad82633 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_386.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_386.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build linux && gccgo && 386 -// +build linux,gccgo,386 package unix diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_arm.go b/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_arm.go index e16a12299ae..f2f67423e98 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_arm.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_arm.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build linux && gccgo && arm -// +build linux,gccgo,arm package unix diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go b/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go index f6ab02ec150..3d0e98451f8 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build loong64 && linux -// +build loong64,linux package unix diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go b/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go index 93fe59d25d9..70963a95abf 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go @@ -3,8 +3,6 @@ // license that can be found in the LICENSE file. //go:build linux && (mips64 || mips64le) -// +build linux -// +build mips64 mips64le package unix diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go b/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go index aae7f0ffd3f..c218ebd2801 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go @@ -3,8 +3,6 @@ // license that can be found in the LICENSE file. //go:build linux && (mips || mipsle) -// +build linux -// +build mips mipsle package unix diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go b/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go index 66eff19a320..e6c48500ca9 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build linux && ppc -// +build linux,ppc package unix diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go b/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go index 806aa2574d8..7286a9aa882 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go @@ -3,8 +3,6 @@ // license that can be found in the LICENSE file. //go:build linux && (ppc64 || ppc64le) -// +build linux -// +build ppc64 ppc64le package unix diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go b/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go index 5e6ceee129f..6f5a288944d 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build riscv64 && linux -// +build riscv64,linux package unix diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go b/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go index 2f89e8f5def..66f31210d08 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build s390x && linux -// +build s390x,linux package unix diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go b/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go index 7ca064ae764..11d1f169866 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build sparc64 && linux -// +build sparc64,linux package unix diff --git a/vendor/golang.org/x/sys/unix/syscall_netbsd_386.go b/vendor/golang.org/x/sys/unix/syscall_netbsd_386.go index 5199d282fd0..7a5eb57432f 100644 --- a/vendor/golang.org/x/sys/unix/syscall_netbsd_386.go +++ b/vendor/golang.org/x/sys/unix/syscall_netbsd_386.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build 386 && netbsd -// +build 386,netbsd package unix diff --git a/vendor/golang.org/x/sys/unix/syscall_netbsd_amd64.go b/vendor/golang.org/x/sys/unix/syscall_netbsd_amd64.go index 70a9c52e980..62d8957ae6e 100644 --- a/vendor/golang.org/x/sys/unix/syscall_netbsd_amd64.go +++ b/vendor/golang.org/x/sys/unix/syscall_netbsd_amd64.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build amd64 && netbsd -// +build amd64,netbsd package unix diff --git a/vendor/golang.org/x/sys/unix/syscall_netbsd_arm.go b/vendor/golang.org/x/sys/unix/syscall_netbsd_arm.go index 3eb5942f93f..ce6a0688512 100644 --- a/vendor/golang.org/x/sys/unix/syscall_netbsd_arm.go +++ b/vendor/golang.org/x/sys/unix/syscall_netbsd_arm.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build arm && netbsd -// +build arm,netbsd package unix diff --git a/vendor/golang.org/x/sys/unix/syscall_netbsd_arm64.go b/vendor/golang.org/x/sys/unix/syscall_netbsd_arm64.go index fc6ccfd810d..d46d689d1b6 100644 --- a/vendor/golang.org/x/sys/unix/syscall_netbsd_arm64.go +++ b/vendor/golang.org/x/sys/unix/syscall_netbsd_arm64.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build arm64 && netbsd -// +build arm64,netbsd package unix diff --git a/vendor/golang.org/x/sys/unix/syscall_openbsd.go b/vendor/golang.org/x/sys/unix/syscall_openbsd.go index 6f34479b597..b25343c71a4 100644 --- a/vendor/golang.org/x/sys/unix/syscall_openbsd.go +++ b/vendor/golang.org/x/sys/unix/syscall_openbsd.go @@ -137,18 +137,13 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e } func Getfsstat(buf []Statfs_t, flags int) (n int, err error) { - var _p0 unsafe.Pointer + var bufptr *Statfs_t var bufsize uintptr if len(buf) > 0 { - _p0 = unsafe.Pointer(&buf[0]) + bufptr = &buf[0] bufsize = unsafe.Sizeof(Statfs_t{}) * uintptr(len(buf)) } - r0, _, e1 := Syscall(SYS_GETFSSTAT, uintptr(_p0), bufsize, uintptr(flags)) - n = int(r0) - if e1 != 0 { - err = e1 - } - return + return getfsstat(bufptr, bufsize, flags) } //sysnb getresuid(ruid *_C_int, euid *_C_int, suid *_C_int) @@ -171,6 +166,20 @@ func Getresgid() (rgid, egid, sgid int) { //sys sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) = SYS___SYSCTL +//sys fcntl(fd int, cmd int, arg int) (n int, err error) +//sys fcntlPtr(fd int, cmd int, arg unsafe.Pointer) (n int, err error) = SYS_FCNTL + +// FcntlInt performs a fcntl syscall on fd with the provided command and argument. +func FcntlInt(fd uintptr, cmd, arg int) (int, error) { + return fcntl(int(fd), cmd, arg) +} + +// FcntlFlock performs a fcntl syscall for the F_GETLK, F_SETLK or F_SETLKW command. +func FcntlFlock(fd uintptr, cmd int, lk *Flock_t) error { + _, err := fcntlPtr(int(fd), cmd, unsafe.Pointer(lk)) + return err +} + //sys ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) func Ppoll(fds []PollFd, timeout *Timespec, sigmask *Sigset_t) (n int, err error) { @@ -326,4 +335,7 @@ func Uname(uname *Utsname) error { //sys write(fd int, p []byte) (n int, err error) //sys mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error) //sys munmap(addr uintptr, length uintptr) (err error) +//sys getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error) //sys utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) +//sys pledge(promises *byte, execpromises *byte) (err error) +//sys unveil(path *byte, flags *byte) (err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_openbsd_386.go b/vendor/golang.org/x/sys/unix/syscall_openbsd_386.go index 6baabcdcb06..9ddc89f4fcd 100644 --- a/vendor/golang.org/x/sys/unix/syscall_openbsd_386.go +++ b/vendor/golang.org/x/sys/unix/syscall_openbsd_386.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build 386 && openbsd -// +build 386,openbsd package unix diff --git a/vendor/golang.org/x/sys/unix/syscall_openbsd_amd64.go b/vendor/golang.org/x/sys/unix/syscall_openbsd_amd64.go index bab25360eae..70a3c96eea1 100644 --- a/vendor/golang.org/x/sys/unix/syscall_openbsd_amd64.go +++ b/vendor/golang.org/x/sys/unix/syscall_openbsd_amd64.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build amd64 && openbsd -// +build amd64,openbsd package unix diff --git a/vendor/golang.org/x/sys/unix/syscall_openbsd_arm.go b/vendor/golang.org/x/sys/unix/syscall_openbsd_arm.go index 8eed3c4d4e7..265caa87f76 100644 --- a/vendor/golang.org/x/sys/unix/syscall_openbsd_arm.go +++ b/vendor/golang.org/x/sys/unix/syscall_openbsd_arm.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build arm && openbsd -// +build arm,openbsd package unix diff --git a/vendor/golang.org/x/sys/unix/syscall_openbsd_arm64.go b/vendor/golang.org/x/sys/unix/syscall_openbsd_arm64.go index 483dde99d4c..ac4fda1715a 100644 --- a/vendor/golang.org/x/sys/unix/syscall_openbsd_arm64.go +++ b/vendor/golang.org/x/sys/unix/syscall_openbsd_arm64.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build arm64 && openbsd -// +build arm64,openbsd package unix diff --git a/vendor/golang.org/x/sys/unix/syscall_openbsd_libc.go b/vendor/golang.org/x/sys/unix/syscall_openbsd_libc.go index 04aa43f41b2..0a451e6dd40 100644 --- a/vendor/golang.org/x/sys/unix/syscall_openbsd_libc.go +++ b/vendor/golang.org/x/sys/unix/syscall_openbsd_libc.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build openbsd -// +build openbsd package unix diff --git a/vendor/golang.org/x/sys/unix/syscall_openbsd_ppc64.go b/vendor/golang.org/x/sys/unix/syscall_openbsd_ppc64.go index c2796139c01..30a308cbb4b 100644 --- a/vendor/golang.org/x/sys/unix/syscall_openbsd_ppc64.go +++ b/vendor/golang.org/x/sys/unix/syscall_openbsd_ppc64.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build ppc64 && openbsd -// +build ppc64,openbsd package unix diff --git a/vendor/golang.org/x/sys/unix/syscall_openbsd_riscv64.go b/vendor/golang.org/x/sys/unix/syscall_openbsd_riscv64.go index 23199a7ff62..ea954330fac 100644 --- a/vendor/golang.org/x/sys/unix/syscall_openbsd_riscv64.go +++ b/vendor/golang.org/x/sys/unix/syscall_openbsd_riscv64.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build riscv64 && openbsd -// +build riscv64,openbsd package unix diff --git a/vendor/golang.org/x/sys/unix/syscall_solaris.go b/vendor/golang.org/x/sys/unix/syscall_solaris.go index b99cfa1342f..21974af064d 100644 --- a/vendor/golang.org/x/sys/unix/syscall_solaris.go +++ b/vendor/golang.org/x/sys/unix/syscall_solaris.go @@ -128,7 +128,8 @@ func (sa *SockaddrUnix) sockaddr() (unsafe.Pointer, _Socklen, error) { if n > 0 { sl += _Socklen(n) + 1 } - if sa.raw.Path[0] == '@' { + if sa.raw.Path[0] == '@' || (sa.raw.Path[0] == 0 && sl > 3) { + // Check sl > 3 so we don't change unnamed socket behavior. sa.raw.Path[0] = 0 // Don't count trailing NUL for abstract address. sl-- @@ -157,7 +158,7 @@ func GetsockoptString(fd, level, opt int) (string, error) { if err != nil { return "", err } - return string(buf[:vallen-1]), nil + return ByteSliceToString(buf[:vallen]), nil } const ImplementsGetwd = true diff --git a/vendor/golang.org/x/sys/unix/syscall_solaris_amd64.go b/vendor/golang.org/x/sys/unix/syscall_solaris_amd64.go index 0bd25ef81f2..e02d8ceae37 100644 --- a/vendor/golang.org/x/sys/unix/syscall_solaris_amd64.go +++ b/vendor/golang.org/x/sys/unix/syscall_solaris_amd64.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build amd64 && solaris -// +build amd64,solaris package unix diff --git a/vendor/golang.org/x/sys/unix/syscall_unix.go b/vendor/golang.org/x/sys/unix/syscall_unix.go index f6eda27050d..77081de8c7d 100644 --- a/vendor/golang.org/x/sys/unix/syscall_unix.go +++ b/vendor/golang.org/x/sys/unix/syscall_unix.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris -// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris package unix diff --git a/vendor/golang.org/x/sys/unix/syscall_unix_gc.go b/vendor/golang.org/x/sys/unix/syscall_unix_gc.go index b6919ca580e..05c95bccfab 100644 --- a/vendor/golang.org/x/sys/unix/syscall_unix_gc.go +++ b/vendor/golang.org/x/sys/unix/syscall_unix_gc.go @@ -3,8 +3,6 @@ // license that can be found in the LICENSE file. //go:build (darwin || dragonfly || freebsd || (linux && !ppc64 && !ppc64le) || netbsd || openbsd || solaris) && gc -// +build darwin dragonfly freebsd linux,!ppc64,!ppc64le netbsd openbsd solaris -// +build gc package unix diff --git a/vendor/golang.org/x/sys/unix/syscall_unix_gc_ppc64x.go b/vendor/golang.org/x/sys/unix/syscall_unix_gc_ppc64x.go index f6f707acf2c..23f39b7af7e 100644 --- a/vendor/golang.org/x/sys/unix/syscall_unix_gc_ppc64x.go +++ b/vendor/golang.org/x/sys/unix/syscall_unix_gc_ppc64x.go @@ -3,9 +3,6 @@ // license that can be found in the LICENSE file. //go:build linux && (ppc64le || ppc64) && gc -// +build linux -// +build ppc64le ppc64 -// +build gc package unix diff --git a/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go b/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go index 4596d041ce3..b473038c615 100644 --- a/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go +++ b/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build zos && s390x -// +build zos,s390x package unix @@ -1105,7 +1104,7 @@ func GetsockoptString(fd, level, opt int) (string, error) { return "", err } - return string(buf[:vallen-1]), nil + return ByteSliceToString(buf[:vallen]), nil } func Recvmsg(fd int, p, oob []byte, flags int) (n, oobn int, recvflags int, from Sockaddr, err error) { diff --git a/vendor/golang.org/x/sys/unix/sysvshm_linux.go b/vendor/golang.org/x/sys/unix/sysvshm_linux.go index 2c3a4437f0f..4fcd38de276 100644 --- a/vendor/golang.org/x/sys/unix/sysvshm_linux.go +++ b/vendor/golang.org/x/sys/unix/sysvshm_linux.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build linux -// +build linux package unix diff --git a/vendor/golang.org/x/sys/unix/sysvshm_unix.go b/vendor/golang.org/x/sys/unix/sysvshm_unix.go index 5bb41d17bc4..79a84f18b46 100644 --- a/vendor/golang.org/x/sys/unix/sysvshm_unix.go +++ b/vendor/golang.org/x/sys/unix/sysvshm_unix.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build (darwin && !ios) || linux -// +build darwin,!ios linux package unix diff --git a/vendor/golang.org/x/sys/unix/sysvshm_unix_other.go b/vendor/golang.org/x/sys/unix/sysvshm_unix_other.go index 71bddefdb87..9eb0db664cb 100644 --- a/vendor/golang.org/x/sys/unix/sysvshm_unix_other.go +++ b/vendor/golang.org/x/sys/unix/sysvshm_unix_other.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build darwin && !ios -// +build darwin,!ios package unix diff --git a/vendor/golang.org/x/sys/unix/timestruct.go b/vendor/golang.org/x/sys/unix/timestruct.go index 616b1b28485..7997b190226 100644 --- a/vendor/golang.org/x/sys/unix/timestruct.go +++ b/vendor/golang.org/x/sys/unix/timestruct.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos -// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos package unix diff --git a/vendor/golang.org/x/sys/unix/unveil_openbsd.go b/vendor/golang.org/x/sys/unix/unveil_openbsd.go index 168d5ae7791..cb7e598cef9 100644 --- a/vendor/golang.org/x/sys/unix/unveil_openbsd.go +++ b/vendor/golang.org/x/sys/unix/unveil_openbsd.go @@ -4,39 +4,48 @@ package unix -import ( - "syscall" - "unsafe" -) +import "fmt" // Unveil implements the unveil syscall. // For more information see unveil(2). // Note that the special case of blocking further // unveil calls is handled by UnveilBlock. func Unveil(path string, flags string) error { - pathPtr, err := syscall.BytePtrFromString(path) - if err != nil { + if err := supportsUnveil(); err != nil { return err } - flagsPtr, err := syscall.BytePtrFromString(flags) + pathPtr, err := BytePtrFromString(path) if err != nil { return err } - _, _, e := syscall.Syscall(SYS_UNVEIL, uintptr(unsafe.Pointer(pathPtr)), uintptr(unsafe.Pointer(flagsPtr)), 0) - if e != 0 { - return e + flagsPtr, err := BytePtrFromString(flags) + if err != nil { + return err } - return nil + return unveil(pathPtr, flagsPtr) } // UnveilBlock blocks future unveil calls. // For more information see unveil(2). func UnveilBlock() error { - // Both pointers must be nil. - var pathUnsafe, flagsUnsafe unsafe.Pointer - _, _, e := syscall.Syscall(SYS_UNVEIL, uintptr(pathUnsafe), uintptr(flagsUnsafe), 0) - if e != 0 { - return e + if err := supportsUnveil(); err != nil { + return err } + return unveil(nil, nil) +} + +// supportsUnveil checks for availability of the unveil(2) system call based +// on the running OpenBSD version. +func supportsUnveil() error { + maj, min, err := majmin() + if err != nil { + return err + } + + // unveil is not available before 6.4 + if maj < 6 || (maj == 6 && min <= 3) { + return fmt.Errorf("cannot call Unveil on OpenBSD %d.%d", maj, min) + } + return nil } diff --git a/vendor/golang.org/x/sys/unix/xattr_bsd.go b/vendor/golang.org/x/sys/unix/xattr_bsd.go index f5f8e9f3665..e1687939618 100644 --- a/vendor/golang.org/x/sys/unix/xattr_bsd.go +++ b/vendor/golang.org/x/sys/unix/xattr_bsd.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build freebsd || netbsd -// +build freebsd netbsd package unix diff --git a/vendor/golang.org/x/sys/unix/zerrors_aix_ppc.go b/vendor/golang.org/x/sys/unix/zerrors_aix_ppc.go index ca9799b79ef..2fb219d7876 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_aix_ppc.go +++ b/vendor/golang.org/x/sys/unix/zerrors_aix_ppc.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build ppc && aix -// +build ppc,aix // Created by cgo -godefs - DO NOT EDIT // cgo -godefs -- -maix32 _const.go diff --git a/vendor/golang.org/x/sys/unix/zerrors_aix_ppc64.go b/vendor/golang.org/x/sys/unix/zerrors_aix_ppc64.go index 200c8c26fe6..b0e6f5c85c7 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_aix_ppc64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_aix_ppc64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build ppc64 && aix -// +build ppc64,aix // Code generated by cmd/cgo -godefs; DO NOT EDIT. // cgo -godefs -- -maix64 _const.go diff --git a/vendor/golang.org/x/sys/unix/zerrors_darwin_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_darwin_amd64.go index 14300762715..e40fa85245f 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_darwin_amd64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_darwin_amd64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build amd64 && darwin -// +build amd64,darwin // Code generated by cmd/cgo -godefs; DO NOT EDIT. // cgo -godefs -- -m64 _const.go diff --git a/vendor/golang.org/x/sys/unix/zerrors_darwin_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_darwin_arm64.go index ab044a74274..bb02aa6c056 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_darwin_arm64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_darwin_arm64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build arm64 && darwin -// +build arm64,darwin // Code generated by cmd/cgo -godefs; DO NOT EDIT. // cgo -godefs -- -m64 _const.go diff --git a/vendor/golang.org/x/sys/unix/zerrors_dragonfly_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_dragonfly_amd64.go index 17bba0e44f9..c0e0f8694c1 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_dragonfly_amd64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_dragonfly_amd64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build amd64 && dragonfly -// +build amd64,dragonfly // Code generated by cmd/cgo -godefs; DO NOT EDIT. // cgo -godefs -- -m64 _const.go diff --git a/vendor/golang.org/x/sys/unix/zerrors_freebsd_386.go b/vendor/golang.org/x/sys/unix/zerrors_freebsd_386.go index f8c2c513874..6c6923906f4 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_freebsd_386.go +++ b/vendor/golang.org/x/sys/unix/zerrors_freebsd_386.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build 386 && freebsd -// +build 386,freebsd // Code generated by cmd/cgo -godefs; DO NOT EDIT. // cgo -godefs -- -m32 _const.go diff --git a/vendor/golang.org/x/sys/unix/zerrors_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_freebsd_amd64.go index 96310c3be1b..dd9163f8e88 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_freebsd_amd64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_freebsd_amd64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build amd64 && freebsd -// +build amd64,freebsd // Code generated by cmd/cgo -godefs; DO NOT EDIT. // cgo -godefs -- -m64 _const.go diff --git a/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm.go b/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm.go index 777b69defa0..493a2a793c0 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm.go +++ b/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build arm && freebsd -// +build arm,freebsd // Code generated by cmd/cgo -godefs; DO NOT EDIT. // cgo -godefs -- _const.go diff --git a/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm64.go index c557ac2db31..8b437b307d5 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build arm64 && freebsd -// +build arm64,freebsd // Code generated by cmd/cgo -godefs; DO NOT EDIT. // cgo -godefs -- -m64 _const.go diff --git a/vendor/golang.org/x/sys/unix/zerrors_freebsd_riscv64.go b/vendor/golang.org/x/sys/unix/zerrors_freebsd_riscv64.go index 341b4d96265..67c02dd5795 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_freebsd_riscv64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_freebsd_riscv64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build riscv64 && freebsd -// +build riscv64,freebsd // Code generated by cmd/cgo -godefs; DO NOT EDIT. // cgo -godefs -- -m64 _const.go diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux.go b/vendor/golang.org/x/sys/unix/zerrors_linux.go index f9c7f479b03..1781cfca393 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux.go @@ -1,7 +1,6 @@ // Code generated by mkmerge; DO NOT EDIT. //go:build linux -// +build linux package unix @@ -481,10 +480,13 @@ const ( BPF_FROM_BE = 0x8 BPF_FROM_LE = 0x0 BPF_FS_MAGIC = 0xcafe4a11 + BPF_F_AFTER = 0x10 BPF_F_ALLOW_MULTI = 0x2 BPF_F_ALLOW_OVERRIDE = 0x1 BPF_F_ANY_ALIGNMENT = 0x2 - BPF_F_KPROBE_MULTI_RETURN = 0x1 + BPF_F_BEFORE = 0x8 + BPF_F_ID = 0x20 + BPF_F_NETFILTER_IP_DEFRAG = 0x1 BPF_F_QUERY_EFFECTIVE = 0x1 BPF_F_REPLACE = 0x4 BPF_F_SLEEPABLE = 0x10 @@ -521,6 +523,7 @@ const ( BPF_MAJOR_VERSION = 0x1 BPF_MAXINSNS = 0x1000 BPF_MEM = 0x60 + BPF_MEMSX = 0x80 BPF_MEMWORDS = 0x10 BPF_MINOR_VERSION = 0x1 BPF_MISC = 0x7 @@ -776,6 +779,8 @@ const ( DEVLINK_GENL_MCGRP_CONFIG_NAME = "config" DEVLINK_GENL_NAME = "devlink" DEVLINK_GENL_VERSION = 0x1 + DEVLINK_PORT_FN_CAP_IPSEC_CRYPTO = 0x4 + DEVLINK_PORT_FN_CAP_IPSEC_PACKET = 0x8 DEVLINK_PORT_FN_CAP_MIGRATABLE = 0x2 DEVLINK_PORT_FN_CAP_ROCE = 0x1 DEVLINK_SB_THRESHOLD_TO_ALPHA_MAX = 0x14 @@ -1698,6 +1703,7 @@ const ( KEXEC_ON_CRASH = 0x1 KEXEC_PRESERVE_CONTEXT = 0x2 KEXEC_SEGMENT_MAX = 0x10 + KEXEC_UPDATE_ELFCOREHDR = 0x4 KEYCTL_ASSUME_AUTHORITY = 0x10 KEYCTL_CAPABILITIES = 0x1f KEYCTL_CAPS0_BIG_KEY = 0x10 @@ -2275,6 +2281,7 @@ const ( PERF_MEM_LVLNUM_PMEM = 0xe PERF_MEM_LVLNUM_RAM = 0xd PERF_MEM_LVLNUM_SHIFT = 0x21 + PERF_MEM_LVLNUM_UNC = 0x8 PERF_MEM_LVL_HIT = 0x2 PERF_MEM_LVL_IO = 0x1000 PERF_MEM_LVL_L1 = 0x8 @@ -3461,6 +3468,7 @@ const ( XDP_PACKET_HEADROOM = 0x100 XDP_PGOFF_RX_RING = 0x0 XDP_PGOFF_TX_RING = 0x80000000 + XDP_PKT_CONTD = 0x1 XDP_RING_NEED_WAKEUP = 0x1 XDP_RX_RING = 0x2 XDP_SHARED_UMEM = 0x1 @@ -3473,6 +3481,7 @@ const ( XDP_UMEM_REG = 0x4 XDP_UMEM_UNALIGNED_CHUNK_FLAG = 0x1 XDP_USE_NEED_WAKEUP = 0x8 + XDP_USE_SG = 0x10 XDP_ZEROCOPY = 0x4 XENFS_SUPER_MAGIC = 0xabba1974 XFS_SUPER_MAGIC = 0x58465342 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go index 30aee00a537..4920821cf3b 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build 386 && linux -// +build 386,linux // Code generated by cmd/cgo -godefs; DO NOT EDIT. // cgo -godefs -- -Wall -Werror -static -I/tmp/386/include -m32 _const.go diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go index 8ebfa512785..a0c1e411275 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build amd64 && linux -// +build amd64,linux // Code generated by cmd/cgo -godefs; DO NOT EDIT. // cgo -godefs -- -Wall -Werror -static -I/tmp/amd64/include -m64 _const.go diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go index 271a21cdc7e..c63985560f6 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build arm && linux -// +build arm,linux // Code generated by cmd/cgo -godefs; DO NOT EDIT. // cgo -godefs -- -Wall -Werror -static -I/tmp/arm/include _const.go diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go index 910c330a39c..47cc62e25c1 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build arm64 && linux -// +build arm64,linux // Code generated by cmd/cgo -godefs; DO NOT EDIT. // cgo -godefs -- -Wall -Werror -static -I/tmp/arm64/include -fsigned-char _const.go diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go index a640798c933..27ac4a09e22 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build loong64 && linux -// +build loong64,linux // Code generated by cmd/cgo -godefs; DO NOT EDIT. // cgo -godefs -- -Wall -Werror -static -I/tmp/loong64/include _const.go @@ -119,6 +118,7 @@ const ( IXOFF = 0x1000 IXON = 0x400 LASX_CTX_MAGIC = 0x41535801 + LBT_CTX_MAGIC = 0x42540001 LSX_CTX_MAGIC = 0x53580001 MAP_ANON = 0x20 MAP_ANONYMOUS = 0x20 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go index 0d5925d3407..54694642a5d 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build mips && linux -// +build mips,linux // Code generated by cmd/cgo -godefs; DO NOT EDIT. // cgo -godefs -- -Wall -Werror -static -I/tmp/mips/include _const.go diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go index d72a00e0b63..3adb81d7582 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build mips64 && linux -// +build mips64,linux // Code generated by cmd/cgo -godefs; DO NOT EDIT. // cgo -godefs -- -Wall -Werror -static -I/tmp/mips64/include _const.go diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go index 02ba129f857..2dfe98f0d1b 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build mips64le && linux -// +build mips64le,linux // Code generated by cmd/cgo -godefs; DO NOT EDIT. // cgo -godefs -- -Wall -Werror -static -I/tmp/mips64le/include _const.go diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go index 8daa6dd9688..f5398f84f04 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build mipsle && linux -// +build mipsle,linux // Code generated by cmd/cgo -godefs; DO NOT EDIT. // cgo -godefs -- -Wall -Werror -static -I/tmp/mipsle/include _const.go diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go index 63c8fa2f7f0..c54f152d68f 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build ppc && linux -// +build ppc,linux // Code generated by cmd/cgo -godefs; DO NOT EDIT. // cgo -godefs -- -Wall -Werror -static -I/tmp/ppc/include _const.go diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go index 930799ec1b3..76057dc72fb 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build ppc64 && linux -// +build ppc64,linux // Code generated by cmd/cgo -godefs; DO NOT EDIT. // cgo -godefs -- -Wall -Werror -static -I/tmp/ppc64/include _const.go diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go index 8605a7dd7ef..e0c3725e2b8 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build ppc64le && linux -// +build ppc64le,linux // Code generated by cmd/cgo -godefs; DO NOT EDIT. // cgo -godefs -- -Wall -Werror -static -I/tmp/ppc64le/include _const.go diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go index 95a016f1c01..18f2813ed54 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build riscv64 && linux -// +build riscv64,linux // Code generated by cmd/cgo -godefs; DO NOT EDIT. // cgo -godefs -- -Wall -Werror -static -I/tmp/riscv64/include _const.go @@ -228,6 +227,9 @@ const ( PPPIOCUNBRIDGECHAN = 0x7434 PPPIOCXFERUNIT = 0x744e PR_SET_PTRACER_ANY = 0xffffffffffffffff + PTRACE_GETFDPIC = 0x21 + PTRACE_GETFDPIC_EXEC = 0x0 + PTRACE_GETFDPIC_INTERP = 0x1 RLIMIT_AS = 0x9 RLIMIT_MEMLOCK = 0x8 RLIMIT_NOFILE = 0x7 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go index 1ae0108f576..11619d4ec88 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build s390x && linux -// +build s390x,linux // Code generated by cmd/cgo -godefs; DO NOT EDIT. // cgo -godefs -- -Wall -Werror -static -I/tmp/s390x/include -fsigned-char _const.go diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go index 1bb7c6333b4..396d994da79 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build sparc64 && linux -// +build sparc64,linux // Code generated by cmd/cgo -godefs; DO NOT EDIT. // cgo -godefs -- -Wall -Werror -static -I/tmp/sparc64/include _const.go diff --git a/vendor/golang.org/x/sys/unix/zerrors_netbsd_386.go b/vendor/golang.org/x/sys/unix/zerrors_netbsd_386.go index 72f7420d20a..130085df407 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_netbsd_386.go +++ b/vendor/golang.org/x/sys/unix/zerrors_netbsd_386.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build 386 && netbsd -// +build 386,netbsd // Code generated by cmd/cgo -godefs; DO NOT EDIT. // cgo -godefs -- -m32 _const.go diff --git a/vendor/golang.org/x/sys/unix/zerrors_netbsd_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_netbsd_amd64.go index 8d4eb0c0804..84769a1a386 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_netbsd_amd64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_netbsd_amd64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build amd64 && netbsd -// +build amd64,netbsd // Code generated by cmd/cgo -godefs; DO NOT EDIT. // cgo -godefs -- -m64 _const.go diff --git a/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm.go b/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm.go index 9eef9749f6a..602ded00333 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm.go +++ b/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build arm && netbsd -// +build arm,netbsd // Code generated by cmd/cgo -godefs; DO NOT EDIT. // cgo -godefs -- -marm _const.go diff --git a/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm64.go index 3b62ba192c3..efc0406ee1d 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build arm64 && netbsd -// +build arm64,netbsd // Code generated by cmd/cgo -godefs; DO NOT EDIT. // cgo -godefs -- -m64 _const.go diff --git a/vendor/golang.org/x/sys/unix/zerrors_openbsd_386.go b/vendor/golang.org/x/sys/unix/zerrors_openbsd_386.go index af20e474b38..5a6500f8377 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_openbsd_386.go +++ b/vendor/golang.org/x/sys/unix/zerrors_openbsd_386.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build 386 && openbsd -// +build 386,openbsd // Code generated by cmd/cgo -godefs; DO NOT EDIT. // cgo -godefs -- -m32 _const.go diff --git a/vendor/golang.org/x/sys/unix/zerrors_openbsd_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_openbsd_amd64.go index 6015fcb2bf6..a5aeeb979de 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_openbsd_amd64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_openbsd_amd64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build amd64 && openbsd -// +build amd64,openbsd // Code generated by cmd/cgo -godefs; DO NOT EDIT. // cgo -godefs -- -m64 _const.go diff --git a/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm.go b/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm.go index 8d44955e44d..0e9748a7229 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm.go +++ b/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build arm && openbsd -// +build arm,openbsd // Code generated by cmd/cgo -godefs; DO NOT EDIT. // cgo -godefs -- _const.go diff --git a/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm64.go index ae16fe7542a..4f4449abc17 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build arm64 && openbsd -// +build arm64,openbsd // Code generated by cmd/cgo -godefs; DO NOT EDIT. // cgo -godefs -- -m64 _const.go diff --git a/vendor/golang.org/x/sys/unix/zerrors_openbsd_mips64.go b/vendor/golang.org/x/sys/unix/zerrors_openbsd_mips64.go index 03d90fe3550..76a363f0fe0 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_openbsd_mips64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_openbsd_mips64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build mips64 && openbsd -// +build mips64,openbsd // Code generated by cmd/cgo -godefs; DO NOT EDIT. // cgo -godefs -- -m64 _const.go diff --git a/vendor/golang.org/x/sys/unix/zerrors_openbsd_ppc64.go b/vendor/golang.org/x/sys/unix/zerrors_openbsd_ppc64.go index 8e2c51b1eec..43ca0cdfdcf 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_openbsd_ppc64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_openbsd_ppc64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build ppc64 && openbsd -// +build ppc64,openbsd // Code generated by cmd/cgo -godefs; DO NOT EDIT. // cgo -godefs -- -m64 _const.go diff --git a/vendor/golang.org/x/sys/unix/zerrors_openbsd_riscv64.go b/vendor/golang.org/x/sys/unix/zerrors_openbsd_riscv64.go index 13d403031ed..b1b8bb2005c 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_openbsd_riscv64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_openbsd_riscv64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build riscv64 && openbsd -// +build riscv64,openbsd // Code generated by cmd/cgo -godefs; DO NOT EDIT. // cgo -godefs -- -m64 _const.go diff --git a/vendor/golang.org/x/sys/unix/zerrors_solaris_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_solaris_amd64.go index 1afee6a0890..d2ddd3176e3 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_solaris_amd64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_solaris_amd64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build amd64 && solaris -// +build amd64,solaris // Code generated by cmd/cgo -godefs; DO NOT EDIT. // cgo -godefs -- -m64 _const.go diff --git a/vendor/golang.org/x/sys/unix/zerrors_zos_s390x.go b/vendor/golang.org/x/sys/unix/zerrors_zos_s390x.go index fc7d0506f6c..4dfd2e051d3 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_zos_s390x.go +++ b/vendor/golang.org/x/sys/unix/zerrors_zos_s390x.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build zos && s390x -// +build zos,s390x // Hand edited based on zerrors_linux_s390x.go // TODO: auto-generate. diff --git a/vendor/golang.org/x/sys/unix/zptrace_armnn_linux.go b/vendor/golang.org/x/sys/unix/zptrace_armnn_linux.go index 97f20ca282f..586317c78e7 100644 --- a/vendor/golang.org/x/sys/unix/zptrace_armnn_linux.go +++ b/vendor/golang.org/x/sys/unix/zptrace_armnn_linux.go @@ -1,8 +1,6 @@ // Code generated by linux/mkall.go generatePtracePair("arm", "arm64"). DO NOT EDIT. //go:build linux && (arm || arm64) -// +build linux -// +build arm arm64 package unix diff --git a/vendor/golang.org/x/sys/unix/zptrace_mipsnn_linux.go b/vendor/golang.org/x/sys/unix/zptrace_mipsnn_linux.go index 0b5f7943054..d7c881be77d 100644 --- a/vendor/golang.org/x/sys/unix/zptrace_mipsnn_linux.go +++ b/vendor/golang.org/x/sys/unix/zptrace_mipsnn_linux.go @@ -1,8 +1,6 @@ // Code generated by linux/mkall.go generatePtracePair("mips", "mips64"). DO NOT EDIT. //go:build linux && (mips || mips64) -// +build linux -// +build mips mips64 package unix diff --git a/vendor/golang.org/x/sys/unix/zptrace_mipsnnle_linux.go b/vendor/golang.org/x/sys/unix/zptrace_mipsnnle_linux.go index 2807f7e6460..2d2de5d2922 100644 --- a/vendor/golang.org/x/sys/unix/zptrace_mipsnnle_linux.go +++ b/vendor/golang.org/x/sys/unix/zptrace_mipsnnle_linux.go @@ -1,8 +1,6 @@ // Code generated by linux/mkall.go generatePtracePair("mipsle", "mips64le"). DO NOT EDIT. //go:build linux && (mipsle || mips64le) -// +build linux -// +build mipsle mips64le package unix diff --git a/vendor/golang.org/x/sys/unix/zptrace_x86_linux.go b/vendor/golang.org/x/sys/unix/zptrace_x86_linux.go index 281ea64e34a..5adc79fb5ea 100644 --- a/vendor/golang.org/x/sys/unix/zptrace_x86_linux.go +++ b/vendor/golang.org/x/sys/unix/zptrace_x86_linux.go @@ -1,8 +1,6 @@ // Code generated by linux/mkall.go generatePtracePair("386", "amd64"). DO NOT EDIT. //go:build linux && (386 || amd64) -// +build linux -// +build 386 amd64 package unix diff --git a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go index d1d1d23311d..6ea64a3c0c3 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build aix && ppc -// +build aix,ppc package unix diff --git a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go index f99a18adc33..99ee4399a3a 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build aix && ppc64 -// +build aix,ppc64 package unix diff --git a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go index c4d50ae5005..b68a78362b2 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build aix && ppc64 && gc -// +build aix,ppc64,gc package unix diff --git a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go index 6903d3b09e3..0a87450bf8e 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build aix && ppc64 && gccgo -// +build aix,ppc64,gccgo package unix diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go index 1cad561e983..ccb02f240a4 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build darwin && amd64 -// +build darwin,amd64 package unix diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go index b18edbd0e31..1b40b997b52 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build darwin && arm64 -// +build darwin,arm64 package unix diff --git a/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go index 0c67df64a50..aad65fc7932 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build dragonfly && amd64 -// +build dragonfly,amd64 package unix diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go index e6e05d145bf..c0096391af9 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build freebsd && 386 -// +build freebsd,386 package unix diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go index 7508accac92..7664df74960 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build freebsd && amd64 -// +build freebsd,amd64 package unix diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go index 7b56aead469..ae099182c9f 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build freebsd && arm -// +build freebsd,arm package unix diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go index cc623dcaae5..11fd5d45bbb 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build freebsd && arm64 -// +build freebsd,arm64 package unix diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go index 58184919740..c3d2d653072 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build freebsd && riscv64 -// +build freebsd,riscv64 package unix diff --git a/vendor/golang.org/x/sys/unix/zsyscall_illumos_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_illumos_amd64.go index 6be25cd1901..c698cbc01a5 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_illumos_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_illumos_amd64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build illumos && amd64 -// +build illumos,amd64 package unix diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux.go b/vendor/golang.org/x/sys/unix/zsyscall_linux.go index 1ff3aec74c5..1488d27128c 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux.go @@ -1,7 +1,6 @@ // Code generated by mkmerge; DO NOT EDIT. //go:build linux -// +build linux package unix @@ -38,6 +37,21 @@ func fchmodat(dirfd int, path string, mode uint32) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func fchmodat2(dirfd int, path string, mode uint32, flags int) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := Syscall6(SYS_FCHMODAT2, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func ioctl(fd int, req uint, arg uintptr) (err error) { _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) if e1 != 0 { @@ -2195,3 +2209,13 @@ func schedGetattr(pid int, attr *SchedAttr, size uint, flags uint) (err error) { } return } + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Cachestat(fd uint, crange *CachestatRange, cstat *Cachestat_t, flags uint) (err error) { + _, _, e1 := Syscall6(SYS_CACHESTAT, uintptr(fd), uintptr(unsafe.Pointer(crange)), uintptr(unsafe.Pointer(cstat)), uintptr(flags), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go index 07b549cc25e..4def3e9fcb0 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build linux && 386 -// +build linux,386 package unix diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go index 5f481bf83f4..fef2bc8ba9c 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build linux && amd64 -// +build linux,amd64 package unix diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go index 824cd52c7fa..a9fd76a8841 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build linux && arm -// +build linux,arm package unix diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go index e77aecfe985..4600650280a 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build linux && arm64 -// +build linux,arm64 package unix diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_loong64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_loong64.go index 806ffd1e125..c8987d26465 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_loong64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_loong64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build linux && loong64 -// +build linux,loong64 package unix diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go index 961a3afb7b7..921f4306110 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build linux && mips -// +build linux,mips package unix diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go index ed05005e91b..44f067829c4 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build linux && mips64 -// +build linux,mips64 package unix diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go index d365b718f30..e7fa0abf0d1 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build linux && mips64le -// +build linux,mips64le package unix diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go index c3f1b8bbde0..8c5125675e8 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build linux && mipsle -// +build linux,mipsle package unix diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go index a6574cf98b1..7392fd45e43 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build linux && ppc -// +build linux,ppc package unix diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go index f40990264f4..41180434e60 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build linux && ppc64 -// +build linux,ppc64 package unix diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go index 9dfcc29974f..40c6ce7ae54 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build linux && ppc64le -// +build linux,ppc64le package unix diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go index 0ab4f2ed720..2cfe34adb12 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build linux && riscv64 -// +build linux,riscv64 package unix diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go index 6cde32237dc..61e6f070971 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build linux && s390x -// +build linux,s390x package unix diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go index 5253d65bf1b..834b8420428 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build linux && sparc64 -// +build linux,sparc64 package unix diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go index 2df3c5bac6d..e91ebc14a19 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build netbsd && 386 -// +build netbsd,386 package unix diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go index a60556babbf..be28babbcd6 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build netbsd && amd64 -// +build netbsd,amd64 package unix diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go index 9f788917a44..fb587e8261f 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build netbsd && arm -// +build netbsd,arm package unix diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go index 82a4cb2dc43..d576438bb08 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build netbsd && arm64 -// +build netbsd,arm64 package unix diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go index 66b3b645633..a1d061597cc 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build openbsd && 386 -// +build openbsd,386 package unix @@ -585,6 +584,32 @@ var libc_sysctl_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func fcntl(fd int, cmd int, arg int) (n int, err error) { + r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg)) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_fcntl_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fcntl fcntl "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func fcntlPtr(fd int, cmd int, arg unsafe.Pointer) (n int, err error) { + r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg)) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) { r0, _, e1 := syscall_syscall6(libc_ppoll_trampoline_addr, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0) n = int(r0) @@ -2213,6 +2238,21 @@ var libc_munmap_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error) { + r0, _, e1 := syscall_syscall(libc_getfsstat_trampoline_addr, uintptr(unsafe.Pointer(stat)), uintptr(bufsize), uintptr(flags)) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_getfsstat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getfsstat getfsstat "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) @@ -2229,3 +2269,33 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error var libc_utimensat_trampoline_addr uintptr //go:cgo_import_dynamic libc_utimensat utimensat "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func pledge(promises *byte, execpromises *byte) (err error) { + _, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_pledge_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_pledge pledge "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func unveil(path *byte, flags *byte) (err error) { + _, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_unveil_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_unveil unveil "libc.so" + + diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s index 3dcacd30d7e..41b5617316c 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s @@ -178,6 +178,11 @@ TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0 GLOBL ·libc_sysctl_trampoline_addr(SB), RODATA, $4 DATA ·libc_sysctl_trampoline_addr(SB)/4, $libc_sysctl_trampoline<>(SB) +TEXT libc_fcntl_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fcntl(SB) +GLOBL ·libc_fcntl_trampoline_addr(SB), RODATA, $4 +DATA ·libc_fcntl_trampoline_addr(SB)/4, $libc_fcntl_trampoline<>(SB) + TEXT libc_ppoll_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_ppoll(SB) GLOBL ·libc_ppoll_trampoline_addr(SB), RODATA, $4 @@ -668,7 +673,22 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0 GLOBL ·libc_munmap_trampoline_addr(SB), RODATA, $4 DATA ·libc_munmap_trampoline_addr(SB)/4, $libc_munmap_trampoline<>(SB) +TEXT libc_getfsstat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getfsstat(SB) +GLOBL ·libc_getfsstat_trampoline_addr(SB), RODATA, $4 +DATA ·libc_getfsstat_trampoline_addr(SB)/4, $libc_getfsstat_trampoline<>(SB) + TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_utimensat(SB) GLOBL ·libc_utimensat_trampoline_addr(SB), RODATA, $4 DATA ·libc_utimensat_trampoline_addr(SB)/4, $libc_utimensat_trampoline<>(SB) + +TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_pledge(SB) +GLOBL ·libc_pledge_trampoline_addr(SB), RODATA, $4 +DATA ·libc_pledge_trampoline_addr(SB)/4, $libc_pledge_trampoline<>(SB) + +TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_unveil(SB) +GLOBL ·libc_unveil_trampoline_addr(SB), RODATA, $4 +DATA ·libc_unveil_trampoline_addr(SB)/4, $libc_unveil_trampoline<>(SB) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go index c5c4cc112ed..5b2a7409778 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build openbsd && amd64 -// +build openbsd,amd64 package unix @@ -585,6 +584,32 @@ var libc_sysctl_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func fcntl(fd int, cmd int, arg int) (n int, err error) { + r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg)) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_fcntl_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fcntl fcntl "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func fcntlPtr(fd int, cmd int, arg unsafe.Pointer) (n int, err error) { + r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg)) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) { r0, _, e1 := syscall_syscall6(libc_ppoll_trampoline_addr, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0) n = int(r0) @@ -2213,6 +2238,21 @@ var libc_munmap_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error) { + r0, _, e1 := syscall_syscall(libc_getfsstat_trampoline_addr, uintptr(unsafe.Pointer(stat)), uintptr(bufsize), uintptr(flags)) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_getfsstat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getfsstat getfsstat "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) @@ -2229,3 +2269,33 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error var libc_utimensat_trampoline_addr uintptr //go:cgo_import_dynamic libc_utimensat utimensat "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func pledge(promises *byte, execpromises *byte) (err error) { + _, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_pledge_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_pledge pledge "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func unveil(path *byte, flags *byte) (err error) { + _, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_unveil_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_unveil unveil "libc.so" + + diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s index 2763620b01a..4019a656f6d 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s @@ -178,6 +178,11 @@ TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0 GLOBL ·libc_sysctl_trampoline_addr(SB), RODATA, $8 DATA ·libc_sysctl_trampoline_addr(SB)/8, $libc_sysctl_trampoline<>(SB) +TEXT libc_fcntl_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fcntl(SB) +GLOBL ·libc_fcntl_trampoline_addr(SB), RODATA, $8 +DATA ·libc_fcntl_trampoline_addr(SB)/8, $libc_fcntl_trampoline<>(SB) + TEXT libc_ppoll_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_ppoll(SB) GLOBL ·libc_ppoll_trampoline_addr(SB), RODATA, $8 @@ -668,7 +673,22 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0 GLOBL ·libc_munmap_trampoline_addr(SB), RODATA, $8 DATA ·libc_munmap_trampoline_addr(SB)/8, $libc_munmap_trampoline<>(SB) +TEXT libc_getfsstat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getfsstat(SB) +GLOBL ·libc_getfsstat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getfsstat_trampoline_addr(SB)/8, $libc_getfsstat_trampoline<>(SB) + TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_utimensat(SB) GLOBL ·libc_utimensat_trampoline_addr(SB), RODATA, $8 DATA ·libc_utimensat_trampoline_addr(SB)/8, $libc_utimensat_trampoline<>(SB) + +TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_pledge(SB) +GLOBL ·libc_pledge_trampoline_addr(SB), RODATA, $8 +DATA ·libc_pledge_trampoline_addr(SB)/8, $libc_pledge_trampoline<>(SB) + +TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_unveil(SB) +GLOBL ·libc_unveil_trampoline_addr(SB), RODATA, $8 +DATA ·libc_unveil_trampoline_addr(SB)/8, $libc_unveil_trampoline<>(SB) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go index 93bfbb32874..f6eda1344a8 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build openbsd && arm -// +build openbsd,arm package unix @@ -585,6 +584,32 @@ var libc_sysctl_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func fcntl(fd int, cmd int, arg int) (n int, err error) { + r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg)) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_fcntl_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fcntl fcntl "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func fcntlPtr(fd int, cmd int, arg unsafe.Pointer) (n int, err error) { + r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg)) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) { r0, _, e1 := syscall_syscall6(libc_ppoll_trampoline_addr, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0) n = int(r0) @@ -2213,6 +2238,21 @@ var libc_munmap_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error) { + r0, _, e1 := syscall_syscall(libc_getfsstat_trampoline_addr, uintptr(unsafe.Pointer(stat)), uintptr(bufsize), uintptr(flags)) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_getfsstat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getfsstat getfsstat "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) @@ -2229,3 +2269,33 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error var libc_utimensat_trampoline_addr uintptr //go:cgo_import_dynamic libc_utimensat utimensat "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func pledge(promises *byte, execpromises *byte) (err error) { + _, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_pledge_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_pledge pledge "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func unveil(path *byte, flags *byte) (err error) { + _, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_unveil_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_unveil unveil "libc.so" + + diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s index c922314048f..ac4af24f908 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s @@ -178,6 +178,11 @@ TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0 GLOBL ·libc_sysctl_trampoline_addr(SB), RODATA, $4 DATA ·libc_sysctl_trampoline_addr(SB)/4, $libc_sysctl_trampoline<>(SB) +TEXT libc_fcntl_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fcntl(SB) +GLOBL ·libc_fcntl_trampoline_addr(SB), RODATA, $4 +DATA ·libc_fcntl_trampoline_addr(SB)/4, $libc_fcntl_trampoline<>(SB) + TEXT libc_ppoll_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_ppoll(SB) GLOBL ·libc_ppoll_trampoline_addr(SB), RODATA, $4 @@ -668,7 +673,22 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0 GLOBL ·libc_munmap_trampoline_addr(SB), RODATA, $4 DATA ·libc_munmap_trampoline_addr(SB)/4, $libc_munmap_trampoline<>(SB) +TEXT libc_getfsstat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getfsstat(SB) +GLOBL ·libc_getfsstat_trampoline_addr(SB), RODATA, $4 +DATA ·libc_getfsstat_trampoline_addr(SB)/4, $libc_getfsstat_trampoline<>(SB) + TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_utimensat(SB) GLOBL ·libc_utimensat_trampoline_addr(SB), RODATA, $4 DATA ·libc_utimensat_trampoline_addr(SB)/4, $libc_utimensat_trampoline<>(SB) + +TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_pledge(SB) +GLOBL ·libc_pledge_trampoline_addr(SB), RODATA, $4 +DATA ·libc_pledge_trampoline_addr(SB)/4, $libc_pledge_trampoline<>(SB) + +TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_unveil(SB) +GLOBL ·libc_unveil_trampoline_addr(SB), RODATA, $4 +DATA ·libc_unveil_trampoline_addr(SB)/4, $libc_unveil_trampoline<>(SB) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go index a107b8fda5f..55df20ae9d8 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build openbsd && arm64 -// +build openbsd,arm64 package unix @@ -585,6 +584,32 @@ var libc_sysctl_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func fcntl(fd int, cmd int, arg int) (n int, err error) { + r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg)) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_fcntl_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fcntl fcntl "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func fcntlPtr(fd int, cmd int, arg unsafe.Pointer) (n int, err error) { + r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg)) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) { r0, _, e1 := syscall_syscall6(libc_ppoll_trampoline_addr, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0) n = int(r0) @@ -2213,6 +2238,21 @@ var libc_munmap_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error) { + r0, _, e1 := syscall_syscall(libc_getfsstat_trampoline_addr, uintptr(unsafe.Pointer(stat)), uintptr(bufsize), uintptr(flags)) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_getfsstat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getfsstat getfsstat "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) @@ -2229,3 +2269,33 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error var libc_utimensat_trampoline_addr uintptr //go:cgo_import_dynamic libc_utimensat utimensat "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func pledge(promises *byte, execpromises *byte) (err error) { + _, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_pledge_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_pledge pledge "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func unveil(path *byte, flags *byte) (err error) { + _, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_unveil_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_unveil unveil "libc.so" + + diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s index a6bc32c9220..f77d532121b 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s @@ -178,6 +178,11 @@ TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0 GLOBL ·libc_sysctl_trampoline_addr(SB), RODATA, $8 DATA ·libc_sysctl_trampoline_addr(SB)/8, $libc_sysctl_trampoline<>(SB) +TEXT libc_fcntl_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fcntl(SB) +GLOBL ·libc_fcntl_trampoline_addr(SB), RODATA, $8 +DATA ·libc_fcntl_trampoline_addr(SB)/8, $libc_fcntl_trampoline<>(SB) + TEXT libc_ppoll_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_ppoll(SB) GLOBL ·libc_ppoll_trampoline_addr(SB), RODATA, $8 @@ -668,7 +673,22 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0 GLOBL ·libc_munmap_trampoline_addr(SB), RODATA, $8 DATA ·libc_munmap_trampoline_addr(SB)/8, $libc_munmap_trampoline<>(SB) +TEXT libc_getfsstat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getfsstat(SB) +GLOBL ·libc_getfsstat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getfsstat_trampoline_addr(SB)/8, $libc_getfsstat_trampoline<>(SB) + TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_utimensat(SB) GLOBL ·libc_utimensat_trampoline_addr(SB), RODATA, $8 DATA ·libc_utimensat_trampoline_addr(SB)/8, $libc_utimensat_trampoline<>(SB) + +TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_pledge(SB) +GLOBL ·libc_pledge_trampoline_addr(SB), RODATA, $8 +DATA ·libc_pledge_trampoline_addr(SB)/8, $libc_pledge_trampoline<>(SB) + +TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_unveil(SB) +GLOBL ·libc_unveil_trampoline_addr(SB), RODATA, $8 +DATA ·libc_unveil_trampoline_addr(SB)/8, $libc_unveil_trampoline<>(SB) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go index c427de509e3..8c1155cbc08 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build openbsd && mips64 -// +build openbsd,mips64 package unix @@ -585,6 +584,32 @@ var libc_sysctl_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func fcntl(fd int, cmd int, arg int) (n int, err error) { + r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg)) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_fcntl_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fcntl fcntl "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func fcntlPtr(fd int, cmd int, arg unsafe.Pointer) (n int, err error) { + r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg)) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) { r0, _, e1 := syscall_syscall6(libc_ppoll_trampoline_addr, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0) n = int(r0) @@ -2213,6 +2238,21 @@ var libc_munmap_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error) { + r0, _, e1 := syscall_syscall(libc_getfsstat_trampoline_addr, uintptr(unsafe.Pointer(stat)), uintptr(bufsize), uintptr(flags)) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_getfsstat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getfsstat getfsstat "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) @@ -2229,3 +2269,33 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error var libc_utimensat_trampoline_addr uintptr //go:cgo_import_dynamic libc_utimensat utimensat "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func pledge(promises *byte, execpromises *byte) (err error) { + _, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_pledge_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_pledge pledge "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func unveil(path *byte, flags *byte) (err error) { + _, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_unveil_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_unveil unveil "libc.so" + + diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.s index b4e7bceabf3..fae140b62c9 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.s +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.s @@ -178,6 +178,11 @@ TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0 GLOBL ·libc_sysctl_trampoline_addr(SB), RODATA, $8 DATA ·libc_sysctl_trampoline_addr(SB)/8, $libc_sysctl_trampoline<>(SB) +TEXT libc_fcntl_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fcntl(SB) +GLOBL ·libc_fcntl_trampoline_addr(SB), RODATA, $8 +DATA ·libc_fcntl_trampoline_addr(SB)/8, $libc_fcntl_trampoline<>(SB) + TEXT libc_ppoll_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_ppoll(SB) GLOBL ·libc_ppoll_trampoline_addr(SB), RODATA, $8 @@ -668,7 +673,22 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0 GLOBL ·libc_munmap_trampoline_addr(SB), RODATA, $8 DATA ·libc_munmap_trampoline_addr(SB)/8, $libc_munmap_trampoline<>(SB) +TEXT libc_getfsstat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getfsstat(SB) +GLOBL ·libc_getfsstat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getfsstat_trampoline_addr(SB)/8, $libc_getfsstat_trampoline<>(SB) + TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_utimensat(SB) GLOBL ·libc_utimensat_trampoline_addr(SB), RODATA, $8 DATA ·libc_utimensat_trampoline_addr(SB)/8, $libc_utimensat_trampoline<>(SB) + +TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_pledge(SB) +GLOBL ·libc_pledge_trampoline_addr(SB), RODATA, $8 +DATA ·libc_pledge_trampoline_addr(SB)/8, $libc_pledge_trampoline<>(SB) + +TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_unveil(SB) +GLOBL ·libc_unveil_trampoline_addr(SB), RODATA, $8 +DATA ·libc_unveil_trampoline_addr(SB)/8, $libc_unveil_trampoline<>(SB) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go index 60c1a99ae49..7cc80c58d98 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build openbsd && ppc64 -// +build openbsd,ppc64 package unix @@ -585,6 +584,32 @@ var libc_sysctl_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func fcntl(fd int, cmd int, arg int) (n int, err error) { + r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg)) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_fcntl_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fcntl fcntl "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func fcntlPtr(fd int, cmd int, arg unsafe.Pointer) (n int, err error) { + r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg)) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) { r0, _, e1 := syscall_syscall6(libc_ppoll_trampoline_addr, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0) n = int(r0) @@ -2213,6 +2238,21 @@ var libc_munmap_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error) { + r0, _, e1 := syscall_syscall(libc_getfsstat_trampoline_addr, uintptr(unsafe.Pointer(stat)), uintptr(bufsize), uintptr(flags)) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_getfsstat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getfsstat getfsstat "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) @@ -2229,3 +2269,33 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error var libc_utimensat_trampoline_addr uintptr //go:cgo_import_dynamic libc_utimensat utimensat "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func pledge(promises *byte, execpromises *byte) (err error) { + _, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_pledge_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_pledge pledge "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func unveil(path *byte, flags *byte) (err error) { + _, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_unveil_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_unveil unveil "libc.so" + + diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s index ca3f766009c..9d1e0ff06d0 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s @@ -213,6 +213,12 @@ TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0 GLOBL ·libc_sysctl_trampoline_addr(SB), RODATA, $8 DATA ·libc_sysctl_trampoline_addr(SB)/8, $libc_sysctl_trampoline<>(SB) +TEXT libc_fcntl_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_fcntl(SB) + RET +GLOBL ·libc_fcntl_trampoline_addr(SB), RODATA, $8 +DATA ·libc_fcntl_trampoline_addr(SB)/8, $libc_fcntl_trampoline<>(SB) + TEXT libc_ppoll_trampoline<>(SB),NOSPLIT,$0-0 CALL libc_ppoll(SB) RET @@ -801,8 +807,26 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0 GLOBL ·libc_munmap_trampoline_addr(SB), RODATA, $8 DATA ·libc_munmap_trampoline_addr(SB)/8, $libc_munmap_trampoline<>(SB) +TEXT libc_getfsstat_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_getfsstat(SB) + RET +GLOBL ·libc_getfsstat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getfsstat_trampoline_addr(SB)/8, $libc_getfsstat_trampoline<>(SB) + TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0 CALL libc_utimensat(SB) RET GLOBL ·libc_utimensat_trampoline_addr(SB), RODATA, $8 DATA ·libc_utimensat_trampoline_addr(SB)/8, $libc_utimensat_trampoline<>(SB) + +TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_pledge(SB) + RET +GLOBL ·libc_pledge_trampoline_addr(SB), RODATA, $8 +DATA ·libc_pledge_trampoline_addr(SB)/8, $libc_pledge_trampoline<>(SB) + +TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_unveil(SB) + RET +GLOBL ·libc_unveil_trampoline_addr(SB), RODATA, $8 +DATA ·libc_unveil_trampoline_addr(SB)/8, $libc_unveil_trampoline<>(SB) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go index 52eba360f81..0688737f494 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build openbsd && riscv64 -// +build openbsd,riscv64 package unix @@ -585,6 +584,32 @@ var libc_sysctl_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func fcntl(fd int, cmd int, arg int) (n int, err error) { + r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg)) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_fcntl_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_fcntl fcntl "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func fcntlPtr(fd int, cmd int, arg unsafe.Pointer) (n int, err error) { + r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg)) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) { r0, _, e1 := syscall_syscall6(libc_ppoll_trampoline_addr, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0) n = int(r0) @@ -2213,6 +2238,21 @@ var libc_munmap_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error) { + r0, _, e1 := syscall_syscall(libc_getfsstat_trampoline_addr, uintptr(unsafe.Pointer(stat)), uintptr(bufsize), uintptr(flags)) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_getfsstat_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_getfsstat getfsstat "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) @@ -2229,3 +2269,33 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error var libc_utimensat_trampoline_addr uintptr //go:cgo_import_dynamic libc_utimensat utimensat "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func pledge(promises *byte, execpromises *byte) (err error) { + _, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_pledge_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_pledge pledge "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func unveil(path *byte, flags *byte) (err error) { + _, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_unveil_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_unveil unveil "libc.so" + + diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s index 477a7d5b21e..da115f9a4b6 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s @@ -178,6 +178,11 @@ TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0 GLOBL ·libc_sysctl_trampoline_addr(SB), RODATA, $8 DATA ·libc_sysctl_trampoline_addr(SB)/8, $libc_sysctl_trampoline<>(SB) +TEXT libc_fcntl_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_fcntl(SB) +GLOBL ·libc_fcntl_trampoline_addr(SB), RODATA, $8 +DATA ·libc_fcntl_trampoline_addr(SB)/8, $libc_fcntl_trampoline<>(SB) + TEXT libc_ppoll_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_ppoll(SB) GLOBL ·libc_ppoll_trampoline_addr(SB), RODATA, $8 @@ -668,7 +673,22 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0 GLOBL ·libc_munmap_trampoline_addr(SB), RODATA, $8 DATA ·libc_munmap_trampoline_addr(SB)/8, $libc_munmap_trampoline<>(SB) +TEXT libc_getfsstat_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_getfsstat(SB) +GLOBL ·libc_getfsstat_trampoline_addr(SB), RODATA, $8 +DATA ·libc_getfsstat_trampoline_addr(SB)/8, $libc_getfsstat_trampoline<>(SB) + TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_utimensat(SB) GLOBL ·libc_utimensat_trampoline_addr(SB), RODATA, $8 DATA ·libc_utimensat_trampoline_addr(SB)/8, $libc_utimensat_trampoline<>(SB) + +TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_pledge(SB) +GLOBL ·libc_pledge_trampoline_addr(SB), RODATA, $8 +DATA ·libc_pledge_trampoline_addr(SB)/8, $libc_pledge_trampoline<>(SB) + +TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_unveil(SB) +GLOBL ·libc_unveil_trampoline_addr(SB), RODATA, $8 +DATA ·libc_unveil_trampoline_addr(SB)/8, $libc_unveil_trampoline<>(SB) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go index b401894644f..829b87feb8d 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build solaris && amd64 -// +build solaris,amd64 package unix diff --git a/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go b/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go index 1d8fe1d4b21..94f01123831 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build zos && s390x -// +build zos,s390x package unix diff --git a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_386.go b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_386.go index 55e0484719c..3a58ae819ad 100644 --- a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_386.go +++ b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_386.go @@ -2,7 +2,6 @@ // Code generated by the command above; DO NOT EDIT. //go:build 386 && openbsd -// +build 386,openbsd package unix diff --git a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_amd64.go b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_amd64.go index d2243cf83f5..dcb7a0eb729 100644 --- a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_amd64.go @@ -2,7 +2,6 @@ // Code generated by the command above; DO NOT EDIT. //go:build amd64 && openbsd -// +build amd64,openbsd package unix diff --git a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm.go b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm.go index 82dc51bd8b5..db5a7bf13c6 100644 --- a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm.go +++ b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm.go @@ -2,7 +2,6 @@ // Code generated by the command above; DO NOT EDIT. //go:build arm && openbsd -// +build arm,openbsd package unix diff --git a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm64.go b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm64.go index cbdda1a4ae2..7be575a7770 100644 --- a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm64.go +++ b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm64.go @@ -2,7 +2,6 @@ // Code generated by the command above; DO NOT EDIT. //go:build arm64 && openbsd -// +build arm64,openbsd package unix diff --git a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_mips64.go b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_mips64.go index f55eae1a821..d6e3174c696 100644 --- a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_mips64.go +++ b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_mips64.go @@ -2,7 +2,6 @@ // Code generated by the command above; DO NOT EDIT. //go:build mips64 && openbsd -// +build mips64,openbsd package unix diff --git a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_ppc64.go b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_ppc64.go index e44054470b7..ee97157d013 100644 --- a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_ppc64.go +++ b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_ppc64.go @@ -2,7 +2,6 @@ // Code generated by the command above; DO NOT EDIT. //go:build ppc64 && openbsd -// +build ppc64,openbsd package unix diff --git a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_riscv64.go b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_riscv64.go index a0db82fce20..35c3b91d0f4 100644 --- a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_riscv64.go +++ b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_riscv64.go @@ -2,7 +2,6 @@ // Code generated by the command above; DO NOT EDIT. //go:build riscv64 && openbsd -// +build riscv64,openbsd package unix diff --git a/vendor/golang.org/x/sys/unix/zsysnum_darwin_amd64.go b/vendor/golang.org/x/sys/unix/zsysnum_darwin_amd64.go index f8298ff9b58..5edda76870b 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_darwin_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_darwin_amd64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build amd64 && darwin -// +build amd64,darwin package unix diff --git a/vendor/golang.org/x/sys/unix/zsysnum_darwin_arm64.go b/vendor/golang.org/x/sys/unix/zsysnum_darwin_arm64.go index 5eb433bbf01..0dc9e8b4d95 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_darwin_arm64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_darwin_arm64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build arm64 && darwin -// +build arm64,darwin package unix diff --git a/vendor/golang.org/x/sys/unix/zsysnum_dragonfly_amd64.go b/vendor/golang.org/x/sys/unix/zsysnum_dragonfly_amd64.go index 703675c0c4a..308ddf3a1f4 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_dragonfly_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_dragonfly_amd64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build amd64 && dragonfly -// +build amd64,dragonfly package unix diff --git a/vendor/golang.org/x/sys/unix/zsysnum_freebsd_386.go b/vendor/golang.org/x/sys/unix/zsysnum_freebsd_386.go index 4e0d96107b9..418664e3dc2 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_freebsd_386.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_freebsd_386.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build 386 && freebsd -// +build 386,freebsd package unix diff --git a/vendor/golang.org/x/sys/unix/zsysnum_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/zsysnum_freebsd_amd64.go index 01636b838d3..34d0b86d7cc 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_freebsd_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_freebsd_amd64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build amd64 && freebsd -// +build amd64,freebsd package unix diff --git a/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm.go b/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm.go index ad99bc106a8..b71cf45e2ea 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build arm && freebsd -// +build arm,freebsd package unix diff --git a/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm64.go b/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm64.go index 89dcc427476..e32df1c1ee3 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build arm64 && freebsd -// +build arm64,freebsd package unix diff --git a/vendor/golang.org/x/sys/unix/zsysnum_freebsd_riscv64.go b/vendor/golang.org/x/sys/unix/zsysnum_freebsd_riscv64.go index ee37aaa0c90..15ad6111f35 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_freebsd_riscv64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_freebsd_riscv64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build riscv64 && freebsd -// +build riscv64,freebsd package unix diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go index 9862853d341..fcf3ecbddee 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build 386 && linux -// +build 386,linux package unix @@ -448,4 +447,5 @@ const ( SYS_FUTEX_WAITV = 449 SYS_SET_MEMPOLICY_HOME_NODE = 450 SYS_CACHESTAT = 451 + SYS_FCHMODAT2 = 452 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go index 8901f0f4e51..f56dc2504ae 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build amd64 && linux -// +build amd64,linux package unix @@ -370,4 +369,6 @@ const ( SYS_FUTEX_WAITV = 449 SYS_SET_MEMPOLICY_HOME_NODE = 450 SYS_CACHESTAT = 451 + SYS_FCHMODAT2 = 452 + SYS_MAP_SHADOW_STACK = 453 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go index 6902c37eed7..974bf246767 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build arm && linux -// +build arm,linux package unix @@ -412,4 +411,5 @@ const ( SYS_FUTEX_WAITV = 449 SYS_SET_MEMPOLICY_HOME_NODE = 450 SYS_CACHESTAT = 451 + SYS_FCHMODAT2 = 452 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go index a6d3dff811f..39a2739e231 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build arm64 && linux -// +build arm64,linux package unix @@ -315,4 +314,5 @@ const ( SYS_FUTEX_WAITV = 449 SYS_SET_MEMPOLICY_HOME_NODE = 450 SYS_CACHESTAT = 451 + SYS_FCHMODAT2 = 452 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go index b18f3f71079..cf9c9d77e10 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build loong64 && linux -// +build loong64,linux package unix @@ -309,4 +308,5 @@ const ( SYS_FUTEX_WAITV = 449 SYS_SET_MEMPOLICY_HOME_NODE = 450 SYS_CACHESTAT = 451 + SYS_FCHMODAT2 = 452 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go index 0302e5e3de1..10b7362ef44 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build mips && linux -// +build mips,linux package unix @@ -432,4 +431,5 @@ const ( SYS_FUTEX_WAITV = 4449 SYS_SET_MEMPOLICY_HOME_NODE = 4450 SYS_CACHESTAT = 4451 + SYS_FCHMODAT2 = 4452 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go index 6693ba4a0f8..cd4d8b4fd35 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build mips64 && linux -// +build mips64,linux package unix @@ -362,4 +361,5 @@ const ( SYS_FUTEX_WAITV = 5449 SYS_SET_MEMPOLICY_HOME_NODE = 5450 SYS_CACHESTAT = 5451 + SYS_FCHMODAT2 = 5452 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go index fd93f4987c9..2c0efca818b 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build mips64le && linux -// +build mips64le,linux package unix @@ -362,4 +361,5 @@ const ( SYS_FUTEX_WAITV = 5449 SYS_SET_MEMPOLICY_HOME_NODE = 5450 SYS_CACHESTAT = 5451 + SYS_FCHMODAT2 = 5452 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go index 760ddcadc2a..a72e31d391d 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build mipsle && linux -// +build mipsle,linux package unix @@ -432,4 +431,5 @@ const ( SYS_FUTEX_WAITV = 4449 SYS_SET_MEMPOLICY_HOME_NODE = 4450 SYS_CACHESTAT = 4451 + SYS_FCHMODAT2 = 4452 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go index cff2b2555b7..c7d1e374713 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build ppc && linux -// +build ppc,linux package unix @@ -439,4 +438,5 @@ const ( SYS_FUTEX_WAITV = 449 SYS_SET_MEMPOLICY_HOME_NODE = 450 SYS_CACHESTAT = 451 + SYS_FCHMODAT2 = 452 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go index a4b2405d09d..f4d4838c870 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build ppc64 && linux -// +build ppc64,linux package unix @@ -411,4 +410,5 @@ const ( SYS_FUTEX_WAITV = 449 SYS_SET_MEMPOLICY_HOME_NODE = 450 SYS_CACHESTAT = 451 + SYS_FCHMODAT2 = 452 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go index aca54b4e3a1..b64f0e59114 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build ppc64le && linux -// +build ppc64le,linux package unix @@ -411,4 +410,5 @@ const ( SYS_FUTEX_WAITV = 449 SYS_SET_MEMPOLICY_HOME_NODE = 450 SYS_CACHESTAT = 451 + SYS_FCHMODAT2 = 452 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go index 9d1738d641f..95711195a06 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build riscv64 && linux -// +build riscv64,linux package unix @@ -316,4 +315,5 @@ const ( SYS_FUTEX_WAITV = 449 SYS_SET_MEMPOLICY_HOME_NODE = 450 SYS_CACHESTAT = 451 + SYS_FCHMODAT2 = 452 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go index 022878dc8df..f94e943bc4f 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build s390x && linux -// +build s390x,linux package unix @@ -377,4 +376,5 @@ const ( SYS_FUTEX_WAITV = 449 SYS_SET_MEMPOLICY_HOME_NODE = 450 SYS_CACHESTAT = 451 + SYS_FCHMODAT2 = 452 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go index 4100a761c20..ba0c2bc5154 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build sparc64 && linux -// +build sparc64,linux package unix @@ -390,4 +389,5 @@ const ( SYS_FUTEX_WAITV = 449 SYS_SET_MEMPOLICY_HOME_NODE = 450 SYS_CACHESTAT = 451 + SYS_FCHMODAT2 = 452 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_netbsd_386.go b/vendor/golang.org/x/sys/unix/zsysnum_netbsd_386.go index 3a6699eba98..b2aa8cd495e 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_netbsd_386.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_netbsd_386.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build 386 && netbsd -// +build 386,netbsd package unix diff --git a/vendor/golang.org/x/sys/unix/zsysnum_netbsd_amd64.go b/vendor/golang.org/x/sys/unix/zsysnum_netbsd_amd64.go index 5677cd4f158..524a1b1c9a7 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_netbsd_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_netbsd_amd64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build amd64 && netbsd -// +build amd64,netbsd package unix diff --git a/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm.go b/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm.go index e784cb6db1c..d59b943ac22 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build arm && netbsd -// +build arm,netbsd package unix diff --git a/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm64.go b/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm64.go index bd4952efa5b..31e771d53e6 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm64.go @@ -2,7 +2,6 @@ // Code generated by the command above; DO NOT EDIT. //go:build arm64 && netbsd -// +build arm64,netbsd package unix diff --git a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_386.go b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_386.go index 597733813e3..9fd77c6cb46 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_386.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_386.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build 386 && openbsd -// +build 386,openbsd package unix diff --git a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_amd64.go b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_amd64.go index 16af2918994..af10af28cbe 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_amd64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build amd64 && openbsd -// +build amd64,openbsd package unix diff --git a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm.go b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm.go index f59b18a9779..cc2028af4ba 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build arm && openbsd -// +build arm,openbsd package unix diff --git a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm64.go b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm64.go index 721ef591032..c06dd4415a3 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build arm64 && openbsd -// +build arm64,openbsd package unix diff --git a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_mips64.go b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_mips64.go index 01c43a01fda..9ddbf3e08fd 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_mips64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_mips64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build mips64 && openbsd -// +build mips64,openbsd package unix diff --git a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_ppc64.go b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_ppc64.go index f258cfa24ed..19a6ee41340 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_ppc64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_ppc64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build ppc64 && openbsd -// +build ppc64,openbsd package unix diff --git a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_riscv64.go b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_riscv64.go index 07919e0eccd..05192a782d8 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_riscv64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_riscv64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build riscv64 && openbsd -// +build riscv64,openbsd package unix diff --git a/vendor/golang.org/x/sys/unix/zsysnum_zos_s390x.go b/vendor/golang.org/x/sys/unix/zsysnum_zos_s390x.go index 073daad43b7..b2e30858199 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_zos_s390x.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_zos_s390x.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build zos && s390x -// +build zos,s390x package unix diff --git a/vendor/golang.org/x/sys/unix/ztypes_aix_ppc.go b/vendor/golang.org/x/sys/unix/ztypes_aix_ppc.go index 7a8161c1d1c..3e6d57cae7f 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_aix_ppc.go +++ b/vendor/golang.org/x/sys/unix/ztypes_aix_ppc.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build ppc && aix -// +build ppc,aix package unix diff --git a/vendor/golang.org/x/sys/unix/ztypes_aix_ppc64.go b/vendor/golang.org/x/sys/unix/ztypes_aix_ppc64.go index 07ed733c51b..3a219bdce7e 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_aix_ppc64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_aix_ppc64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build ppc64 && aix -// +build ppc64,aix package unix diff --git a/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go index 690cefc3d06..091d107f3a5 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build amd64 && darwin -// +build amd64,darwin package unix diff --git a/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go b/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go index 5bffc10eac0..28ff4ef74d0 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build arm64 && darwin -// +build arm64,darwin package unix diff --git a/vendor/golang.org/x/sys/unix/ztypes_dragonfly_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_dragonfly_amd64.go index d0ba8e9b86a..30e405bb4cd 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_dragonfly_amd64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_dragonfly_amd64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build amd64 && dragonfly -// +build amd64,dragonfly package unix diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go index 29dc483378a..6cbd094a3aa 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go +++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build 386 && freebsd -// +build 386,freebsd package unix diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go index 0a89b28906a..7c03b6ee77f 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build amd64 && freebsd -// +build amd64,freebsd package unix diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go index c8666bb1528..422107ee8b1 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go +++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build arm && freebsd -// +build arm,freebsd package unix diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go index 88fb48a887b..505a12acfd9 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build arm64 && freebsd -// +build arm64,freebsd package unix diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go index 698dc975e92..cc986c79006 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build riscv64 && freebsd -// +build riscv64,freebsd package unix diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux.go b/vendor/golang.org/x/sys/unix/ztypes_linux.go index 18aa70b4262..b07276a1b5f 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux.go @@ -1,7 +1,6 @@ // Code generated by mkmerge; DO NOT EDIT. //go:build linux -// +build linux package unix @@ -2672,6 +2671,7 @@ const ( BPF_PROG_TYPE_LSM = 0x1d BPF_PROG_TYPE_SK_LOOKUP = 0x1e BPF_PROG_TYPE_SYSCALL = 0x1f + BPF_PROG_TYPE_NETFILTER = 0x20 BPF_CGROUP_INET_INGRESS = 0x0 BPF_CGROUP_INET_EGRESS = 0x1 BPF_CGROUP_INET_SOCK_CREATE = 0x2 @@ -2716,6 +2716,11 @@ const ( BPF_PERF_EVENT = 0x29 BPF_TRACE_KPROBE_MULTI = 0x2a BPF_LSM_CGROUP = 0x2b + BPF_STRUCT_OPS = 0x2c + BPF_NETFILTER = 0x2d + BPF_TCX_INGRESS = 0x2e + BPF_TCX_EGRESS = 0x2f + BPF_TRACE_UPROBE_MULTI = 0x30 BPF_LINK_TYPE_UNSPEC = 0x0 BPF_LINK_TYPE_RAW_TRACEPOINT = 0x1 BPF_LINK_TYPE_TRACING = 0x2 @@ -2726,6 +2731,18 @@ const ( BPF_LINK_TYPE_PERF_EVENT = 0x7 BPF_LINK_TYPE_KPROBE_MULTI = 0x8 BPF_LINK_TYPE_STRUCT_OPS = 0x9 + BPF_LINK_TYPE_NETFILTER = 0xa + BPF_LINK_TYPE_TCX = 0xb + BPF_LINK_TYPE_UPROBE_MULTI = 0xc + BPF_PERF_EVENT_UNSPEC = 0x0 + BPF_PERF_EVENT_UPROBE = 0x1 + BPF_PERF_EVENT_URETPROBE = 0x2 + BPF_PERF_EVENT_KPROBE = 0x3 + BPF_PERF_EVENT_KRETPROBE = 0x4 + BPF_PERF_EVENT_TRACEPOINT = 0x5 + BPF_PERF_EVENT_EVENT = 0x6 + BPF_F_KPROBE_MULTI_RETURN = 0x1 + BPF_F_UPROBE_MULTI_RETURN = 0x1 BPF_ANY = 0x0 BPF_NOEXIST = 0x1 BPF_EXIST = 0x2 @@ -2743,6 +2760,8 @@ const ( BPF_F_MMAPABLE = 0x400 BPF_F_PRESERVE_ELEMS = 0x800 BPF_F_INNER_MAP = 0x1000 + BPF_F_LINK = 0x2000 + BPF_F_PATH_FD = 0x4000 BPF_STATS_RUN_TIME = 0x0 BPF_STACK_BUILD_ID_EMPTY = 0x0 BPF_STACK_BUILD_ID_VALID = 0x1 @@ -2763,6 +2782,7 @@ const ( BPF_F_ZERO_CSUM_TX = 0x2 BPF_F_DONT_FRAGMENT = 0x4 BPF_F_SEQ_NUMBER = 0x8 + BPF_F_NO_TUNNEL_KEY = 0x10 BPF_F_TUNINFO_FLAGS = 0x10 BPF_F_INDEX_MASK = 0xffffffff BPF_F_CURRENT_CPU = 0xffffffff @@ -2779,6 +2799,8 @@ const ( BPF_F_ADJ_ROOM_ENCAP_L4_UDP = 0x10 BPF_F_ADJ_ROOM_NO_CSUM_RESET = 0x20 BPF_F_ADJ_ROOM_ENCAP_L2_ETH = 0x40 + BPF_F_ADJ_ROOM_DECAP_L3_IPV4 = 0x80 + BPF_F_ADJ_ROOM_DECAP_L3_IPV6 = 0x100 BPF_ADJ_ROOM_ENCAP_L2_MASK = 0xff BPF_ADJ_ROOM_ENCAP_L2_SHIFT = 0x38 BPF_F_SYSCTL_BASE_NAME = 0x1 @@ -2867,6 +2889,8 @@ const ( BPF_DEVCG_DEV_CHAR = 0x2 BPF_FIB_LOOKUP_DIRECT = 0x1 BPF_FIB_LOOKUP_OUTPUT = 0x2 + BPF_FIB_LOOKUP_SKIP_NEIGH = 0x4 + BPF_FIB_LOOKUP_TBID = 0x8 BPF_FIB_LKUP_RET_SUCCESS = 0x0 BPF_FIB_LKUP_RET_BLACKHOLE = 0x1 BPF_FIB_LKUP_RET_UNREACHABLE = 0x2 @@ -2902,6 +2926,7 @@ const ( BPF_CORE_ENUMVAL_EXISTS = 0xa BPF_CORE_ENUMVAL_VALUE = 0xb BPF_CORE_TYPE_MATCHES = 0xc + BPF_F_TIMER_ABS = 0x1 ) const ( @@ -5883,3 +5908,15 @@ type SchedAttr struct { } const SizeofSchedAttr = 0x38 + +type Cachestat_t struct { + Cache uint64 + Dirty uint64 + Writeback uint64 + Evicted uint64 + Recently_evicted uint64 +} +type CachestatRange struct { + Off uint64 + Len uint64 +} diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_386.go b/vendor/golang.org/x/sys/unix/ztypes_linux_386.go index 6d8acbcc570..438a30affad 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_386.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_386.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build 386 && linux -// +build 386,linux package unix diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go index 59293c68841..adceca3553b 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build amd64 && linux -// +build amd64,linux package unix diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go b/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go index 40cfa38c29f..eeaa00a37d6 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build arm && linux -// +build arm,linux package unix diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go index 055bc4216d4..6739aa91d4e 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build arm64 && linux -// +build arm64,linux package unix diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go index f28affbc607..9920ef6317d 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build loong64 && linux -// +build loong64,linux package unix diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go index 9d71e7ccd8b..2923b799a48 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build mips && linux -// +build mips,linux package unix diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go index fd5ccd332a1..ce2750ee415 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build mips64 && linux -// +build mips64,linux package unix diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go index 7704de77a2f..3038811d70b 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build mips64le && linux -// +build mips64le,linux package unix diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go index df00b87571a..efc6fed18c1 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build mipsle && linux -// +build mipsle,linux package unix diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go index 0942840db6e..9a654b75a90 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build ppc && linux -// +build ppc,linux package unix diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go index 03487439508..40d358e33e3 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build ppc64 && linux -// +build ppc64,linux package unix diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go index bad06704757..148c6ceb869 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build ppc64le && linux -// +build ppc64le,linux package unix diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go index 1b4c97c32a6..72ba81543ef 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build riscv64 && linux -// +build riscv64,linux package unix diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go b/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go index aa268d025cf..71e765508e2 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build s390x && linux -// +build s390x,linux package unix diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go index 444045b6c58..4abbdb9de93 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build sparc64 && linux -// +build sparc64,linux package unix diff --git a/vendor/golang.org/x/sys/unix/ztypes_netbsd_386.go b/vendor/golang.org/x/sys/unix/ztypes_netbsd_386.go index 9bc4c8f9d88..f22e7947d94 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_netbsd_386.go +++ b/vendor/golang.org/x/sys/unix/ztypes_netbsd_386.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build 386 && netbsd -// +build 386,netbsd package unix diff --git a/vendor/golang.org/x/sys/unix/ztypes_netbsd_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_netbsd_amd64.go index bb05f655d22..066a7d83d29 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_netbsd_amd64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_netbsd_amd64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build amd64 && netbsd -// +build amd64,netbsd package unix diff --git a/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go b/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go index db40e3a19c6..439548ec9ad 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go +++ b/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build arm && netbsd -// +build arm,netbsd package unix diff --git a/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm64.go b/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm64.go index 11121151ccf..16085d3bbcc 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build arm64 && netbsd -// +build arm64,netbsd package unix diff --git a/vendor/golang.org/x/sys/unix/ztypes_openbsd_386.go b/vendor/golang.org/x/sys/unix/ztypes_openbsd_386.go index 26eba23b729..afd13a3af7b 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_openbsd_386.go +++ b/vendor/golang.org/x/sys/unix/ztypes_openbsd_386.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build 386 && openbsd -// +build 386,openbsd package unix diff --git a/vendor/golang.org/x/sys/unix/ztypes_openbsd_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_openbsd_amd64.go index 5a547988698..5d97f1f9b65 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_openbsd_amd64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_openbsd_amd64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build amd64 && openbsd -// +build amd64,openbsd package unix diff --git a/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm.go b/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm.go index be58c4e1ff8..34871cdc159 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm.go +++ b/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build arm && openbsd -// +build arm,openbsd package unix diff --git a/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm64.go b/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm64.go index 52338266cb3..5911bceb319 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build arm64 && openbsd -// +build arm64,openbsd package unix diff --git a/vendor/golang.org/x/sys/unix/ztypes_openbsd_mips64.go b/vendor/golang.org/x/sys/unix/ztypes_openbsd_mips64.go index 605cfdb12b1..e4f24f3bc9a 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_openbsd_mips64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_openbsd_mips64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build mips64 && openbsd -// +build mips64,openbsd package unix diff --git a/vendor/golang.org/x/sys/unix/ztypes_openbsd_ppc64.go b/vendor/golang.org/x/sys/unix/ztypes_openbsd_ppc64.go index d6724c0102c..ca50a793035 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_openbsd_ppc64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_openbsd_ppc64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build ppc64 && openbsd -// +build ppc64,openbsd package unix diff --git a/vendor/golang.org/x/sys/unix/ztypes_openbsd_riscv64.go b/vendor/golang.org/x/sys/unix/ztypes_openbsd_riscv64.go index ddfd27a434a..d7d7f79023f 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_openbsd_riscv64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_openbsd_riscv64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build riscv64 && openbsd -// +build riscv64,openbsd package unix diff --git a/vendor/golang.org/x/sys/unix/ztypes_solaris_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_solaris_amd64.go index 0400747c67d..14160576d28 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_solaris_amd64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_solaris_amd64.go @@ -2,7 +2,6 @@ // Code generated by the command above; see README.md. DO NOT EDIT. //go:build amd64 && solaris -// +build amd64,solaris package unix diff --git a/vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go b/vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go index aec1efcb306..54f31be6373 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go +++ b/vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build zos && s390x -// +build zos,s390x // Hand edited based on ztypes_linux_s390x.go // TODO: auto-generate. diff --git a/vendor/golang.org/x/sys/windows/aliases.go b/vendor/golang.org/x/sys/windows/aliases.go index a20ebea6331..ce2d713d62e 100644 --- a/vendor/golang.org/x/sys/windows/aliases.go +++ b/vendor/golang.org/x/sys/windows/aliases.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build windows && go1.9 -// +build windows,go1.9 package windows diff --git a/vendor/golang.org/x/sys/windows/empty.s b/vendor/golang.org/x/sys/windows/empty.s index fdbbbcd3171..ba64caca5d3 100644 --- a/vendor/golang.org/x/sys/windows/empty.s +++ b/vendor/golang.org/x/sys/windows/empty.s @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build !go1.12 -// +build !go1.12 // This file is here to allow bodyless functions with go:linkname for Go 1.11 // and earlier (see https://golang.org/issue/23311). diff --git a/vendor/golang.org/x/sys/windows/eventlog.go b/vendor/golang.org/x/sys/windows/eventlog.go index 2cd60645ee7..6c366955d97 100644 --- a/vendor/golang.org/x/sys/windows/eventlog.go +++ b/vendor/golang.org/x/sys/windows/eventlog.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build windows -// +build windows package windows diff --git a/vendor/golang.org/x/sys/windows/mksyscall.go b/vendor/golang.org/x/sys/windows/mksyscall.go index 8563f79c57f..dbcdb090c0c 100644 --- a/vendor/golang.org/x/sys/windows/mksyscall.go +++ b/vendor/golang.org/x/sys/windows/mksyscall.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build generate -// +build generate package windows diff --git a/vendor/golang.org/x/sys/windows/race.go b/vendor/golang.org/x/sys/windows/race.go index 9196b089ca1..0f1bdc3860f 100644 --- a/vendor/golang.org/x/sys/windows/race.go +++ b/vendor/golang.org/x/sys/windows/race.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build windows && race -// +build windows,race package windows diff --git a/vendor/golang.org/x/sys/windows/race0.go b/vendor/golang.org/x/sys/windows/race0.go index 7bae4817a06..0c78da78b13 100644 --- a/vendor/golang.org/x/sys/windows/race0.go +++ b/vendor/golang.org/x/sys/windows/race0.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build windows && !race -// +build windows,!race package windows diff --git a/vendor/golang.org/x/sys/windows/service.go b/vendor/golang.org/x/sys/windows/service.go index c44a1b96360..a9dc6308d68 100644 --- a/vendor/golang.org/x/sys/windows/service.go +++ b/vendor/golang.org/x/sys/windows/service.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build windows -// +build windows package windows diff --git a/vendor/golang.org/x/sys/windows/str.go b/vendor/golang.org/x/sys/windows/str.go index 4fc01434e4a..6a4f9ce6aa0 100644 --- a/vendor/golang.org/x/sys/windows/str.go +++ b/vendor/golang.org/x/sys/windows/str.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build windows -// +build windows package windows diff --git a/vendor/golang.org/x/sys/windows/syscall.go b/vendor/golang.org/x/sys/windows/syscall.go index 8732cdb957f..e85ed6b9c84 100644 --- a/vendor/golang.org/x/sys/windows/syscall.go +++ b/vendor/golang.org/x/sys/windows/syscall.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build windows -// +build windows // Package windows contains an interface to the low-level operating system // primitives. OS details vary depending on the underlying system, and diff --git a/vendor/golang.org/x/sys/windows/syscall_windows.go b/vendor/golang.org/x/sys/windows/syscall_windows.go index 35cfc57ca89..fb6cfd0462b 100644 --- a/vendor/golang.org/x/sys/windows/syscall_windows.go +++ b/vendor/golang.org/x/sys/windows/syscall_windows.go @@ -233,6 +233,7 @@ func NewCallbackCDecl(fn interface{}) uintptr { //sys CreateEnvironmentBlock(block **uint16, token Token, inheritExisting bool) (err error) = userenv.CreateEnvironmentBlock //sys DestroyEnvironmentBlock(block *uint16) (err error) = userenv.DestroyEnvironmentBlock //sys getTickCount64() (ms uint64) = kernel32.GetTickCount64 +//sys GetFileTime(handle Handle, ctime *Filetime, atime *Filetime, wtime *Filetime) (err error) //sys SetFileTime(handle Handle, ctime *Filetime, atime *Filetime, wtime *Filetime) (err error) //sys GetFileAttributes(name *uint16) (attrs uint32, err error) [failretval==INVALID_FILE_ATTRIBUTES] = kernel32.GetFileAttributesW //sys SetFileAttributes(name *uint16, attrs uint32) (err error) = kernel32.SetFileAttributesW @@ -969,7 +970,8 @@ func (sa *SockaddrUnix) sockaddr() (unsafe.Pointer, int32, error) { if n > 0 { sl += int32(n) + 1 } - if sa.raw.Path[0] == '@' { + if sa.raw.Path[0] == '@' || (sa.raw.Path[0] == 0 && sl > 3) { + // Check sl > 3 so we don't change unnamed socket behavior. sa.raw.Path[0] = 0 // Don't count trailing NUL for abstract address. sl-- diff --git a/vendor/golang.org/x/sys/windows/types_windows.go b/vendor/golang.org/x/sys/windows/types_windows.go index b88dc7c85e4..359780f6ace 100644 --- a/vendor/golang.org/x/sys/windows/types_windows.go +++ b/vendor/golang.org/x/sys/windows/types_windows.go @@ -1094,7 +1094,33 @@ const ( SOMAXCONN = 0x7fffffff - TCP_NODELAY = 1 + TCP_NODELAY = 1 + TCP_EXPEDITED_1122 = 2 + TCP_KEEPALIVE = 3 + TCP_MAXSEG = 4 + TCP_MAXRT = 5 + TCP_STDURG = 6 + TCP_NOURG = 7 + TCP_ATMARK = 8 + TCP_NOSYNRETRIES = 9 + TCP_TIMESTAMPS = 10 + TCP_OFFLOAD_PREFERENCE = 11 + TCP_CONGESTION_ALGORITHM = 12 + TCP_DELAY_FIN_ACK = 13 + TCP_MAXRTMS = 14 + TCP_FASTOPEN = 15 + TCP_KEEPCNT = 16 + TCP_KEEPIDLE = TCP_KEEPALIVE + TCP_KEEPINTVL = 17 + TCP_FAIL_CONNECT_ON_ICMP_ERROR = 18 + TCP_ICMP_ERROR_INFO = 19 + + UDP_NOCHECKSUM = 1 + UDP_SEND_MSG_SIZE = 2 + UDP_RECV_MAX_COALESCED_SIZE = 3 + UDP_CHECKSUM_COVERAGE = 20 + + UDP_COALESCED_INFO = 3 SHUT_RD = 0 SHUT_WR = 1 diff --git a/vendor/golang.org/x/sys/windows/zsyscall_windows.go b/vendor/golang.org/x/sys/windows/zsyscall_windows.go index 8b1688de4cd..db6282e00a5 100644 --- a/vendor/golang.org/x/sys/windows/zsyscall_windows.go +++ b/vendor/golang.org/x/sys/windows/zsyscall_windows.go @@ -253,6 +253,7 @@ var ( procGetFileAttributesW = modkernel32.NewProc("GetFileAttributesW") procGetFileInformationByHandle = modkernel32.NewProc("GetFileInformationByHandle") procGetFileInformationByHandleEx = modkernel32.NewProc("GetFileInformationByHandleEx") + procGetFileTime = modkernel32.NewProc("GetFileTime") procGetFileType = modkernel32.NewProc("GetFileType") procGetFinalPathNameByHandleW = modkernel32.NewProc("GetFinalPathNameByHandleW") procGetFullPathNameW = modkernel32.NewProc("GetFullPathNameW") @@ -2185,6 +2186,14 @@ func GetFileInformationByHandleEx(handle Handle, class uint32, outBuffer *byte, return } +func GetFileTime(handle Handle, ctime *Filetime, atime *Filetime, wtime *Filetime) (err error) { + r1, _, e1 := syscall.Syscall6(procGetFileTime.Addr(), 4, uintptr(handle), uintptr(unsafe.Pointer(ctime)), uintptr(unsafe.Pointer(atime)), uintptr(unsafe.Pointer(wtime)), 0, 0) + if r1 == 0 { + err = errnoErr(e1) + } + return +} + func GetFileType(filehandle Handle) (n uint32, err error) { r0, _, e1 := syscall.Syscall(procGetFileType.Addr(), 1, uintptr(filehandle), 0, 0) n = uint32(r0) diff --git a/vendor/modules.txt b/vendor/modules.txt index 2d660aa8a7b..018188fe0f7 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -2,7 +2,7 @@ ## explicit; go 1.16 github.com/checkpoint-restore/go-criu/v6 github.com/checkpoint-restore/go-criu/v6/rpc -# github.com/cilium/ebpf v0.12.2 +# github.com/cilium/ebpf v0.12.3 ## explicit; go 1.20 github.com/cilium/ebpf github.com/cilium/ebpf/asm @@ -82,8 +82,8 @@ golang.org/x/exp/slices # golang.org/x/net v0.17.0 ## explicit; go 1.17 golang.org/x/net/bpf -# golang.org/x/sys v0.13.0 -## explicit; go 1.17 +# golang.org/x/sys v0.14.1-0.20231108175955-e4099bfacb8c +## explicit; go 1.18 golang.org/x/sys/execabs golang.org/x/sys/unix golang.org/x/sys/windows From 3bde5111b452b2a6849d5140321d40a6cf3ce5f3 Mon Sep 17 00:00:00 2001 From: lfbzhm Date: Fri, 10 Nov 2023 13:56:34 +0000 Subject: [PATCH 0437/1176] fix some unit test error after bump ebpf to 0.12.3 Signed-off-by: lfbzhm --- .../cgroups/devices/devicefilter_test.go | 62 +++++++++---------- 1 file changed, 31 insertions(+), 31 deletions(-) diff --git a/libcontainer/cgroups/devices/devicefilter_test.go b/libcontainer/cgroups/devices/devicefilter_test.go index 7b6424d332f..3a415a71eed 100644 --- a/libcontainer/cgroups/devices/devicefilter_test.go +++ b/libcontainer/cgroups/devices/devicefilter_test.go @@ -39,14 +39,14 @@ func TestDeviceFilter_Nil(t *testing.T) { expected := ` // load parameters into registers 0: LdXMemW dst: r2 src: r1 off: 0 imm: 0 - 1: And32Imm dst: r2 imm: 65535 + 1: AndImm32 dst: r2 imm: 65535 2: LdXMemW dst: r3 src: r1 off: 0 imm: 0 - 3: RSh32Imm dst: r3 imm: 16 + 3: RShImm32 dst: r3 imm: 16 4: LdXMemW dst: r4 src: r1 off: 4 imm: 0 5: LdXMemW dst: r5 src: r1 off: 8 imm: 0 block-0: // return 0 (reject) - 6: Mov32Imm dst: r0 imm: 0 + 6: MovImm32 dst: r0 imm: 0 7: Exit ` testDeviceFilter(t, nil, expected) @@ -56,77 +56,77 @@ func TestDeviceFilter_BuiltInAllowList(t *testing.T) { expected := ` // load parameters into registers 0: LdXMemW dst: r2 src: r1 off: 0 imm: 0 - 1: And32Imm dst: r2 imm: 65535 + 1: AndImm32 dst: r2 imm: 65535 2: LdXMemW dst: r3 src: r1 off: 0 imm: 0 - 3: RSh32Imm dst: r3 imm: 16 + 3: RShImm32 dst: r3 imm: 16 4: LdXMemW dst: r4 src: r1 off: 4 imm: 0 5: LdXMemW dst: r5 src: r1 off: 8 imm: 0 block-0: // (b, wildcard, wildcard, m, true) 6: JNEImm dst: r2 off: -1 imm: 1 - 7: Mov32Reg dst: r1 src: r3 - 8: And32Imm dst: r1 imm: 1 + 7: MovReg32 dst: r1 src: r3 + 8: AndImm32 dst: r1 imm: 1 9: JNEReg dst: r1 off: -1 src: r3 - 10: Mov32Imm dst: r0 imm: 1 + 10: MovImm32 dst: r0 imm: 1 11: Exit block-1: // (c, wildcard, wildcard, m, true) 12: JNEImm dst: r2 off: -1 imm: 2 - 13: Mov32Reg dst: r1 src: r3 - 14: And32Imm dst: r1 imm: 1 + 13: MovReg32 dst: r1 src: r3 + 14: AndImm32 dst: r1 imm: 1 15: JNEReg dst: r1 off: -1 src: r3 - 16: Mov32Imm dst: r0 imm: 1 + 16: MovImm32 dst: r0 imm: 1 17: Exit block-2: 18: JNEImm dst: r2 off: -1 imm: 2 19: JNEImm dst: r4 off: -1 imm: 1 20: JNEImm dst: r5 off: -1 imm: 3 - 21: Mov32Imm dst: r0 imm: 1 + 21: MovImm32 dst: r0 imm: 1 22: Exit block-3: 23: JNEImm dst: r2 off: -1 imm: 2 24: JNEImm dst: r4 off: -1 imm: 1 25: JNEImm dst: r5 off: -1 imm: 5 - 26: Mov32Imm dst: r0 imm: 1 + 26: MovImm32 dst: r0 imm: 1 27: Exit block-4: 28: JNEImm dst: r2 off: -1 imm: 2 29: JNEImm dst: r4 off: -1 imm: 1 30: JNEImm dst: r5 off: -1 imm: 7 - 31: Mov32Imm dst: r0 imm: 1 + 31: MovImm32 dst: r0 imm: 1 32: Exit block-5: 33: JNEImm dst: r2 off: -1 imm: 2 34: JNEImm dst: r4 off: -1 imm: 1 35: JNEImm dst: r5 off: -1 imm: 8 - 36: Mov32Imm dst: r0 imm: 1 + 36: MovImm32 dst: r0 imm: 1 37: Exit block-6: 38: JNEImm dst: r2 off: -1 imm: 2 39: JNEImm dst: r4 off: -1 imm: 1 40: JNEImm dst: r5 off: -1 imm: 9 - 41: Mov32Imm dst: r0 imm: 1 + 41: MovImm32 dst: r0 imm: 1 42: Exit block-7: 43: JNEImm dst: r2 off: -1 imm: 2 44: JNEImm dst: r4 off: -1 imm: 5 45: JNEImm dst: r5 off: -1 imm: 0 - 46: Mov32Imm dst: r0 imm: 1 + 46: MovImm32 dst: r0 imm: 1 47: Exit block-8: 48: JNEImm dst: r2 off: -1 imm: 2 49: JNEImm dst: r4 off: -1 imm: 5 50: JNEImm dst: r5 off: -1 imm: 2 - 51: Mov32Imm dst: r0 imm: 1 + 51: MovImm32 dst: r0 imm: 1 52: Exit block-9: // /dev/pts (c, 136, wildcard, rwm, true) 53: JNEImm dst: r2 off: -1 imm: 2 54: JNEImm dst: r4 off: -1 imm: 136 - 55: Mov32Imm dst: r0 imm: 1 + 55: MovImm32 dst: r0 imm: 1 56: Exit block-10: - 57: Mov32Imm dst: r0 imm: 0 + 57: MovImm32 dst: r0 imm: 0 58: Exit ` var devices []*devices.Rule @@ -149,14 +149,14 @@ func TestDeviceFilter_Privileged(t *testing.T) { expected := ` // load parameters into registers 0: LdXMemW dst: r2 src: r1 off: 0 imm: 0 - 1: And32Imm dst: r2 imm: 65535 + 1: AndImm32 dst: r2 imm: 65535 2: LdXMemW dst: r3 src: r1 off: 0 imm: 0 - 3: RSh32Imm dst: r3 imm: 16 + 3: RShImm32 dst: r3 imm: 16 4: LdXMemW dst: r4 src: r1 off: 4 imm: 0 5: LdXMemW dst: r5 src: r1 off: 8 imm: 0 block-0: // return 1 (accept) - 6: Mov32Imm dst: r0 imm: 1 + 6: MovImm32 dst: r0 imm: 1 7: Exit ` testDeviceFilter(t, devices, expected) @@ -182,9 +182,9 @@ func TestDeviceFilter_PrivilegedExceptSingleDevice(t *testing.T) { expected := ` // load parameters into registers 0: LdXMemW dst: r2 src: r1 off: 0 imm: 0 - 1: And32Imm dst: r2 imm: 65535 + 1: AndImm32 dst: r2 imm: 65535 2: LdXMemW dst: r3 src: r1 off: 0 imm: 0 - 3: RSh32Imm dst: r3 imm: 16 + 3: RShImm32 dst: r3 imm: 16 4: LdXMemW dst: r4 src: r1 off: 4 imm: 0 5: LdXMemW dst: r5 src: r1 off: 8 imm: 0 block-0: @@ -192,11 +192,11 @@ block-0: 6: JNEImm dst: r2 off: -1 imm: 1 7: JNEImm dst: r4 off: -1 imm: 8 8: JNEImm dst: r5 off: -1 imm: 0 - 9: Mov32Imm dst: r0 imm: 0 + 9: MovImm32 dst: r0 imm: 0 10: Exit block-1: // return 1 (accept) - 11: Mov32Imm dst: r0 imm: 1 + 11: MovImm32 dst: r0 imm: 1 12: Exit ` testDeviceFilter(t, devices, expected) @@ -231,9 +231,9 @@ func TestDeviceFilter_Weird(t *testing.T) { expected := ` // load parameters into registers 0: LdXMemW dst: r2 src: r1 off: 0 imm: 0 - 1: And32Imm dst: r2 imm: 65535 + 1: AndImm32 dst: r2 imm: 65535 2: LdXMemW dst: r3 src: r1 off: 0 imm: 0 - 3: RSh32Imm dst: r3 imm: 16 + 3: RShImm32 dst: r3 imm: 16 4: LdXMemW dst: r4 src: r1 off: 4 imm: 0 5: LdXMemW dst: r5 src: r1 off: 8 imm: 0 block-0: @@ -241,11 +241,11 @@ block-0: 6: JNEImm dst: r2 off: -1 imm: 1 7: JNEImm dst: r4 off: -1 imm: 8 8: JNEImm dst: r5 off: -1 imm: 2 - 9: Mov32Imm dst: r0 imm: 0 + 9: MovImm32 dst: r0 imm: 0 10: Exit block-1: // return 1 (accept) - 11: Mov32Imm dst: r0 imm: 1 + 11: MovImm32 dst: r0 imm: 1 12: Exit ` testDeviceFilter(t, devices, expected) From 94505a046ad365eaeb28654a36c273b1356e050c Mon Sep 17 00:00:00 2001 From: Wei Fu Date: Sun, 1 Oct 2023 11:09:49 +0800 Subject: [PATCH 0438/1176] *: introduce pidfd-socket flag The container manager like containerd-shim can't use cgroup.kill feature or freeze all the processes in cgroup to terminate the exec init process. It's unsafe to call kill(2) since the pid can be recycled. It's good to provide the pidfd of init process through the pidfd-socket. It's similar to the console-socket. With the pidfd, the container manager like containerd-shim can send the signal to target process safely. And for the standard init process, we can have polling support to get exit event instead of blocking on wait4. Signed-off-by: Wei Fu --- .gitignore | 1 + Makefile | 7 +- contrib/cmd/pidfd-kill/pidfd-kill.go | 114 +++++++++++++++++++++++++++ create.go | 4 + exec.go | 5 ++ libcontainer/container_linux.go | 7 ++ libcontainer/init_linux.go | 33 +++++++- libcontainer/process.go | 3 + libcontainer/setns_init_linux.go | 6 ++ libcontainer/standard_init_linux.go | 7 ++ run.go | 4 + tests/integration/helpers.bash | 42 ++++++++++ tests/integration/pidfd-socket.bats | 99 +++++++++++++++++++++++ utils_linux.go | 44 +++++++++++ 14 files changed, 371 insertions(+), 5 deletions(-) create mode 100644 contrib/cmd/pidfd-kill/pidfd-kill.go create mode 100644 tests/integration/pidfd-socket.bats diff --git a/.gitignore b/.gitignore index f022ed275cd..52dac0bf421 100644 --- a/.gitignore +++ b/.gitignore @@ -6,6 +6,7 @@ vendor/pkg /contrib/cmd/seccompagent/seccompagent /contrib/cmd/fs-idmap/fs-idmap /contrib/cmd/memfd-bind/memfd-bind +/contrib/cmd/pidfd-kill/pidfd-kill man/man8 release Vagrantfile diff --git a/Makefile b/Makefile index f81879cbc5c..df935e41929 100644 --- a/Makefile +++ b/Makefile @@ -71,10 +71,10 @@ runc-bin: runc-dmz $(GO_BUILD) -o runc . .PHONY: all -all: runc recvtty sd-helper seccompagent fs-idmap memfd-bind +all: runc recvtty sd-helper seccompagent fs-idmap memfd-bind pidfd-kill -.PHONY: recvtty sd-helper seccompagent fs-idmap memfd-bind -recvtty sd-helper seccompagent fs-idmap memfd-bind: +.PHONY: recvtty sd-helper seccompagent fs-idmap memfd-bind pidfd-kill +recvtty sd-helper seccompagent fs-idmap memfd-bind pidfd-kill: $(GO_BUILD) -o contrib/cmd/$@/$@ ./contrib/cmd/$@ .PHONY: static @@ -194,6 +194,7 @@ clean: rm -f contrib/cmd/sd-helper/sd-helper rm -f contrib/cmd/seccompagent/seccompagent rm -f contrib/cmd/memfd-bind/memfd-bind + rm -f contrib/cmd/pidfd-kill/pidfd-kill sudo rm -rf release rm -rf man/man8 diff --git a/contrib/cmd/pidfd-kill/pidfd-kill.go b/contrib/cmd/pidfd-kill/pidfd-kill.go new file mode 100644 index 00000000000..b5caa4f208d --- /dev/null +++ b/contrib/cmd/pidfd-kill/pidfd-kill.go @@ -0,0 +1,114 @@ +package main + +import ( + "errors" + "fmt" + "net" + "os" + "os/signal" + + "github.com/urfave/cli" + "golang.org/x/sys/unix" + + "github.com/opencontainers/runc/libcontainer/utils" +) + +const ( + usage = `Open Container Initiative contrib/cmd/pidfd-kill + +pidfd-kill is an implementation of a consumer of runC's --pidfd-socket API. +After received SIGTERM, pidfd-kill sends the given signal to init process by +pidfd received from --pidfd-socket. + +To use pidfd-kill, just specify a socket path at which you want to receive +pidfd: + + $ pidfd-kill [--signal KILL] socket.sock +` +) + +func main() { + app := cli.NewApp() + app.Name = "pidfd-kill" + app.Usage = usage + + app.Flags = []cli.Flag{ + cli.StringFlag{ + Name: "signal", + Value: "SIGKILL", + Usage: "Signal to send to the init process", + }, + cli.StringFlag{ + Name: "pid-file", + Value: "", + Usage: "Path to write the pidfd-kill process ID to", + }, + } + + app.Action = func(ctx *cli.Context) error { + args := ctx.Args() + if len(args) != 1 { + return errors.New("required a single socket path") + } + + socketFile := ctx.Args()[0] + + pidFile := ctx.String("pid-file") + if pidFile != "" { + pid := fmt.Sprintf("%d\n", os.Getpid()) + if err := os.WriteFile(pidFile, []byte(pid), 0o644); err != nil { + return err + } + defer os.Remove(pidFile) + } + + sigStr := ctx.String("signal") + if sigStr == "" { + sigStr = "SIGKILL" + } + sig := unix.SignalNum(sigStr) + + pidfdFile, err := recvPidfd(socketFile) + if err != nil { + return err + } + defer pidfdFile.Close() + + signalCh := make(chan os.Signal, 16) + signal.Notify(signalCh, unix.SIGTERM) + <-signalCh + + return unix.PidfdSendSignal(int(pidfdFile.Fd()), sig, nil, 0) + } + if err := app.Run(os.Args); err != nil { + fmt.Fprintln(os.Stderr, "fatal error:", err) + os.Exit(1) + } +} + +func recvPidfd(socketFile string) (*os.File, error) { + ln, err := net.Listen("unix", socketFile) + if err != nil { + return nil, err + } + defer ln.Close() + + conn, err := ln.Accept() + if err != nil { + return nil, err + } + defer conn.Close() + + unixconn, ok := conn.(*net.UnixConn) + if !ok { + return nil, errors.New("failed to cast to unixconn") + } + + socket, err := unixconn.File() + if err != nil { + return nil, err + } + defer socket.Close() + + return utils.RecvFile(socket) +} diff --git a/create.go b/create.go index 3788a532fce..83b5ba5cf4d 100644 --- a/create.go +++ b/create.go @@ -34,6 +34,10 @@ command(s) that get executed on start, edit the args parameter of the spec. See Value: "", Usage: "path to an AF_UNIX socket which will receive a file descriptor referencing the master end of the console's pseudoterminal", }, + cli.StringFlag{ + Name: "pidfd-socket", + Usage: "path to an AF_UNIX socket which will receive a file descriptor referencing the init process", + }, cli.StringFlag{ Name: "pid-file", Value: "", diff --git a/exec.go b/exec.go index 982520f72b8..675f12fb905 100644 --- a/exec.go +++ b/exec.go @@ -33,6 +33,10 @@ following will output a list of processes running in the container: Name: "console-socket", Usage: "path to an AF_UNIX socket which will receive a file descriptor referencing the master end of the console's pseudoterminal", }, + cli.StringFlag{ + Name: "pidfd-socket", + Usage: "path to an AF_UNIX socket which will receive a file descriptor referencing the exec process", + }, cli.StringFlag{ Name: "cwd", Usage: "current working directory in the container", @@ -181,6 +185,7 @@ func execProcess(context *cli.Context) (int, error) { shouldDestroy: false, container: container, consoleSocket: context.String("console-socket"), + pidfdSocket: context.String("pidfd-socket"), detach: context.Bool("detach"), pidFile: context.String("pid-file"), action: CT_ACT_RUN, diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index 35f4f5df390..64e53e50e33 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -586,6 +586,13 @@ func (c *Container) newParentProcess(p *Process) (parentProcess, error) { cmd.Env = append(cmd.Env, "_LIBCONTAINER_LOGLEVEL="+p.LogLevel) } + if p.PidfdSocket != nil { + cmd.ExtraFiles = append(cmd.ExtraFiles, p.PidfdSocket) + cmd.Env = append(cmd.Env, + "_LIBCONTAINER_PIDFD_SOCK="+strconv.Itoa(stdioFdCount+len(cmd.ExtraFiles)-1), + ) + } + if safeExe != nil { // Due to a Go stdlib bug, we need to add safeExe to the set of // ExtraFiles otherwise it is possible for the stdlib to clobber the fd diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go index b9affb91c4b..7ffaae32453 100644 --- a/libcontainer/init_linux.go +++ b/libcontainer/init_linux.go @@ -179,6 +179,16 @@ func startInitialization() (retErr error) { defer consoleSocket.Close() } + var pidfdSocket *os.File + if envSockFd := os.Getenv("_LIBCONTAINER_PIDFD_SOCK"); envSockFd != "" { + sockFd, err := strconv.Atoi(envSockFd) + if err != nil { + return fmt.Errorf("unable to convert _LIBCONTAINER_PIDFD_SOCK: %w", err) + } + pidfdSocket = os.NewFile(uintptr(sockFd), "pidfd-socket") + defer pidfdSocket.Close() + } + // Get mount files (O_PATH). mountSrcFds, err := parseFdsFromEnv("_LIBCONTAINER_MOUNT_FDS") if err != nil { @@ -222,10 +232,10 @@ func startInitialization() (retErr error) { } // If init succeeds, it will not return, hence none of the defers will be called. - return containerInit(it, &config, syncPipe, consoleSocket, fifofd, logFD, dmzExe, mountFds{sourceFds: mountSrcFds, idmapFds: idmapFds}) + return containerInit(it, &config, syncPipe, consoleSocket, pidfdSocket, fifofd, logFD, dmzExe, mountFds{sourceFds: mountSrcFds, idmapFds: idmapFds}) } -func containerInit(t initType, config *initConfig, pipe *syncSocket, consoleSocket *os.File, fifoFd, logFd int, dmzExe *os.File, mountFds mountFds) error { +func containerInit(t initType, config *initConfig, pipe *syncSocket, consoleSocket, pidfdSocket *os.File, fifoFd, logFd int, dmzExe *os.File, mountFds mountFds) error { if err := populateProcessEnvironment(config.Env); err != nil { return err } @@ -240,6 +250,7 @@ func containerInit(t initType, config *initConfig, pipe *syncSocket, consoleSock i := &linuxSetnsInit{ pipe: pipe, consoleSocket: consoleSocket, + pidfdSocket: pidfdSocket, config: config, logFd: logFd, dmzExe: dmzExe, @@ -249,6 +260,7 @@ func containerInit(t initType, config *initConfig, pipe *syncSocket, consoleSock i := &linuxStandardInit{ pipe: pipe, consoleSocket: consoleSocket, + pidfdSocket: pidfdSocket, parentPid: unix.Getppid(), config: config, fifoFd: fifoFd, @@ -690,3 +702,20 @@ func signalAllProcesses(m cgroups.Manager, s unix.Signal) error { return nil } + +// setupPidfd opens a process file descriptor of init process, and sends the +// file descriptor back to the socket. +func setupPidfd(socket *os.File, initType string) error { + defer socket.Close() + + pidFd, err := unix.PidfdOpen(os.Getpid(), 0) + if err != nil { + return fmt.Errorf("failed to pidfd_open: %w", err) + } + + if err := utils.SendRawFd(socket, initType, uintptr(pidFd)); err != nil { + unix.Close(pidFd) + return fmt.Errorf("failed to send pidfd on socket: %w", err) + } + return unix.Close(pidFd) +} diff --git a/libcontainer/process.go b/libcontainer/process.go index 08c2396fe02..8181062ae64 100644 --- a/libcontainer/process.go +++ b/libcontainer/process.go @@ -77,6 +77,9 @@ type Process struct { // ConsoleSocket provides the masterfd console. ConsoleSocket *os.File + // PidfdSocket provides process file descriptor of it own. + PidfdSocket *os.File + // Init specifies whether the process is the first process in the container. Init bool diff --git a/libcontainer/setns_init_linux.go b/libcontainer/setns_init_linux.go index f3edb7100c8..46b07620933 100644 --- a/libcontainer/setns_init_linux.go +++ b/libcontainer/setns_init_linux.go @@ -22,6 +22,7 @@ import ( type linuxSetnsInit struct { pipe *syncSocket consoleSocket *os.File + pidfdSocket *os.File config *initConfig logFd int dmzExe *os.File @@ -56,6 +57,11 @@ func (l *linuxSetnsInit) Init() error { return err } } + if l.pidfdSocket != nil { + if err := setupPidfd(l.pidfdSocket, "setns"); err != nil { + return fmt.Errorf("failed to setup pidfd: %w", err) + } + } if l.config.NoNewPrivileges { if err := unix.Prctl(unix.PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0); err != nil { return err diff --git a/libcontainer/standard_init_linux.go b/libcontainer/standard_init_linux.go index 4fab50c0581..c01c7ed72a8 100644 --- a/libcontainer/standard_init_linux.go +++ b/libcontainer/standard_init_linux.go @@ -22,6 +22,7 @@ import ( type linuxStandardInit struct { pipe *syncSocket consoleSocket *os.File + pidfdSocket *os.File parentPid int fifoFd int logFd int @@ -114,6 +115,12 @@ func (l *linuxStandardInit) Init() error { } } + if l.pidfdSocket != nil { + if err := setupPidfd(l.pidfdSocket, "standard"); err != nil { + return fmt.Errorf("failed to setup pidfd: %w", err) + } + } + // Finish the rootfs setup. if l.config.Config.Namespaces.Contains(configs.NEWNS) { if err := finalizeRootfs(l.config.Config); err != nil { diff --git a/run.go b/run.go index 8b4f4d1fb23..3ee1060a83d 100644 --- a/run.go +++ b/run.go @@ -35,6 +35,10 @@ command(s) that get executed on start, edit the args parameter of the spec. See Value: "", Usage: "path to an AF_UNIX socket which will receive a file descriptor referencing the master end of the console's pseudoterminal", }, + cli.StringFlag{ + Name: "pidfd-socket", + Usage: "path to an AF_UNIX socket which will receive a file descriptor referencing the init process", + }, cli.BoolFlag{ Name: "detach, d", Usage: "detach from the container's process", diff --git a/tests/integration/helpers.bash b/tests/integration/helpers.bash index 7e6399a47b8..1e601541d9b 100755 --- a/tests/integration/helpers.bash +++ b/tests/integration/helpers.bash @@ -17,6 +17,7 @@ RECVTTY="${INTEGRATION_ROOT}/../../contrib/cmd/recvtty/recvtty" SD_HELPER="${INTEGRATION_ROOT}/../../contrib/cmd/sd-helper/sd-helper" SECCOMP_AGENT="${INTEGRATION_ROOT}/../../contrib/cmd/seccompagent/seccompagent" FS_IDMAP="${INTEGRATION_ROOT}/../../contrib/cmd/fs-idmap/fs-idmap" +PIDFD_KILL="${INTEGRATION_ROOT}/../../contrib/cmd/pidfd-kill/pidfd-kill" # Some variables may not always be set. Set those to empty value, # if unset, to avoid "unbound variable" error. @@ -697,3 +698,44 @@ function requires_idmap_fs() { esac # If we have another error, the integration test will fail and report it. } + +# setup_pidfd_kill runs pidfd-kill process in background and receives the +# SIGTERM as signal to send the given signal to init process. +function setup_pidfd_kill() { + local signal=$1 + + [ ! -v ROOT ] && return 1 + local dir="${ROOT}/pidfd" + + mkdir "${dir}" + export PIDFD_SOCKET="${dir}/sock" + + ("${PIDFD_KILL}" --pid-file "${dir}/pid" --signal "${signal}" "${PIDFD_SOCKET}" &) & + + # ensure socket is ready + retry 10 1 stat "${PIDFD_SOCKET}" +} + +# teardown_pidfd_kill cleanups all the resources related to pidfd-kill. +function teardown_pidfd_kill() { + [ ! -v ROOT ] && return 0 + + local dir="${ROOT}/pidfd" + + if [ -f "${dir}/pid" ]; then + kill -9 "$(cat "${dir}/pid")" + fi + + rm -rf "${dir}" +} + +# pidfd_kill sends the signal to init process. +function pidfd_kill() { + [ ! -v ROOT ] && return 0 + + local dir="${ROOT}/pidfd" + + if [ -f "${dir}/pid" ]; then + kill "$(cat "${dir}/pid")" + fi +} diff --git a/tests/integration/pidfd-socket.bats b/tests/integration/pidfd-socket.bats new file mode 100644 index 00000000000..9c10f26e1df --- /dev/null +++ b/tests/integration/pidfd-socket.bats @@ -0,0 +1,99 @@ +#!/usr/bin/env bats + +load helpers + +function setup() { + requires root + requires_kernel 5.3 + setup_busybox + update_config '.process.args = ["/bin/sleep", "1d"]' +} + +function teardown() { + teardown_pidfd_kill + teardown_bundle +} + +@test "runc create [ --pidfd-socket ] " { + setup_pidfd_kill "SIGTERM" + + runc create --console-socket "$CONSOLE_SOCKET" --pidfd-socket "${PIDFD_SOCKET}" test_pidfd + [ "$status" -eq 0 ] + testcontainer test_pidfd created + + pidfd_kill + wait_for_container 10 1 test_pidfd stopped +} + +@test "runc run [ --pidfd-socket ] " { + setup_pidfd_kill "SIGKILL" + + runc run -d --console-socket "$CONSOLE_SOCKET" --pidfd-socket "${PIDFD_SOCKET}" test_pidfd + [ "$status" -eq 0 ] + testcontainer test_pidfd running + + pidfd_kill + wait_for_container 10 1 test_pidfd stopped +} + +@test "runc exec [ --pidfd-socket ] [cgroups_v1] " { + requires cgroups_v1 + + set_cgroups_path + + runc run -d --console-socket "$CONSOLE_SOCKET" test_pidfd + [ "$status" -eq 0 ] + testcontainer test_pidfd running + + # Use sub-cgroup to ensure that exec process has been killed + test_pidfd_cgroup_path=$(get_cgroup_path "pids") + mkdir "${test_pidfd_cgroup_path}/exec_pidfd" + [ "$status" -eq 0 ] + + setup_pidfd_kill "SIGKILL" + + __runc exec -d --cgroup "pids:exec_pidfd" --pid-file "exec_pid.txt" --pidfd-socket "${PIDFD_SOCKET}" test_pidfd sleep 1d + [ "$status" -eq 0 ] + + exec_pid=$(cat exec_pid.txt) + exec_pid_in_cgroup=$(cat "${test_pidfd_cgroup_path}/exec_pidfd/cgroup.procs") + [ "${exec_pid}" -eq "${exec_pid_in_cgroup}" ] + + pidfd_kill + + # ensure exec process has been reaped + retry 10 1 rmdir "${test_pidfd_cgroup_path}/exec_pidfd" + + testcontainer test_pidfd running +} + +@test "runc exec [ --pidfd-socket ] [cgroups_v2] " { + requires cgroups_v2 + + set_cgroups_path + + runc run -d --console-socket "$CONSOLE_SOCKET" test_pidfd + [ "$status" -eq 0 ] + testcontainer test_pidfd running + + # Use sub-cgroup to ensure that exec process has been killed + test_pidfd_cgroup_path=$(get_cgroup_path "pids") + mkdir "${test_pidfd_cgroup_path}/exec_pidfd" + [ "$status" -eq 0 ] + + setup_pidfd_kill "SIGKILL" + + __runc exec -d --cgroup "exec_pidfd" --pid-file "exec_pid.txt" --pidfd-socket "${PIDFD_SOCKET}" test_pidfd sleep 1d + [ "$status" -eq 0 ] + + exec_pid=$(cat exec_pid.txt) + exec_pid_in_cgroup=$(cat "${test_pidfd_cgroup_path}/exec_pidfd/cgroup.procs") + [ "${exec_pid}" -eq "${exec_pid_in_cgroup}" ] + + pidfd_kill + + # ensure exec process has been reaped + retry 10 1 rmdir "${test_pidfd_cgroup_path}/exec_pidfd" + + testcontainer test_pidfd running +} diff --git a/utils_linux.go b/utils_linux.go index b5c855cdbb9..c7d9794c86e 100644 --- a/utils_linux.go +++ b/utils_linux.go @@ -18,6 +18,7 @@ import ( "github.com/opencontainers/runc/libcontainer" "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/specconv" + "github.com/opencontainers/runc/libcontainer/system/kernelversion" "github.com/opencontainers/runc/libcontainer/utils" ) @@ -199,6 +200,7 @@ type runner struct { preserveFDs int pidFile string consoleSocket string + pidfdSocket string container *libcontainer.Container action CtAct notifySocket *notifySocket @@ -255,6 +257,14 @@ func (r *runner) run(config *specs.Process) (int, error) { } defer tty.Close() + if r.pidfdSocket != "" { + connClose, err := setupPidfdSocket(process, r.pidfdSocket) + if err != nil { + return -1, err + } + defer connClose() + } + switch r.action { case CT_ACT_CREATE: err = r.container.Start(process) @@ -390,6 +400,7 @@ func startContainer(context *cli.Context, action CtAct, criuOpts *libcontainer.C listenFDs: listenFDs, notifySocket: notifySocket, consoleSocket: context.String("console-socket"), + pidfdSocket: context.String("pidfd-socket"), detach: context.Bool("detach"), pidFile: context.String("pid-file"), preserveFDs: context.Int("preserve-fds"), @@ -399,3 +410,36 @@ func startContainer(context *cli.Context, action CtAct, criuOpts *libcontainer.C } return r.run(spec.Process) } + +func setupPidfdSocket(process *libcontainer.Process, sockpath string) (_clean func(), _ error) { + linux530 := kernelversion.KernelVersion{Kernel: 5, Major: 3} + ok, err := kernelversion.GreaterEqualThan(linux530) + if err != nil { + return nil, err + } + if !ok { + return nil, fmt.Errorf("--pidfd-socket requires >= v5.3 kernel") + } + + conn, err := net.Dial("unix", sockpath) + if err != nil { + return nil, fmt.Errorf("failed to dail %s: %w", sockpath, err) + } + + uc, ok := conn.(*net.UnixConn) + if !ok { + conn.Close() + return nil, errors.New("failed to cast to UnixConn") + } + + socket, err := uc.File() + if err != nil { + conn.Close() + return nil, fmt.Errorf("failed to dup socket: %w", err) + } + + process.PidfdSocket = socket + return func() { + conn.Close() + }, nil +} From d9f2a24a5ba6164404b943dee34501821367c271 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 2 Oct 2023 16:39:50 -0700 Subject: [PATCH 0439/1176] libct: replace runType with hasInit The semantics of runType is slightly complicated, and the only place where we need to distinguish between Created and Running is refreshState. Replace runType with simpler hasInit, simplifying its users (except the refreshState, which now figures out on its own whether the container is Created or Running). Signed-off-by: Kir Kolyshkin --- libcontainer/container_linux.go | 31 ++++++++++++++----------------- libcontainer/state_linux.go | 17 ++++++++--------- 2 files changed, 22 insertions(+), 26 deletions(-) diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index 616cd1ede9f..d0faaa47ea7 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -115,7 +115,7 @@ func (c *Container) ignoreCgroupError(err error) error { if err == nil { return nil } - if errors.Is(err, os.ErrNotExist) && c.runType() == Stopped && !c.cgroupManager.Exists() { + if errors.Is(err, os.ErrNotExist) && !c.hasInit() && !c.cgroupManager.Exists() { return nil } return err @@ -1006,34 +1006,31 @@ func (c *Container) refreshState() error { if paused { return c.state.transition(&pausedState{c: c}) } - t := c.runType() - switch t { - case Created: + if !c.hasInit() { + return c.state.transition(&stoppedState{c: c}) + } + // The presence of exec fifo helps to distinguish between + // the created and the running states. + if _, err := os.Stat(filepath.Join(c.stateDir, execFifoFilename)); err == nil { return c.state.transition(&createdState{c: c}) - case Running: - return c.state.transition(&runningState{c: c}) } - return c.state.transition(&stoppedState{c: c}) + return c.state.transition(&runningState{c: c}) } -func (c *Container) runType() Status { +// hasInit tells whether the container init process exists. +func (c *Container) hasInit() bool { if c.initProcess == nil { - return Stopped + return false } pid := c.initProcess.pid() stat, err := system.Stat(pid) if err != nil { - return Stopped + return false } if stat.StartTime != c.initProcessStartTime || stat.State == system.Zombie || stat.State == system.Dead { - return Stopped - } - // We'll create exec fifo and blocking on it after container is created, - // and delete it after start container. - if _, err := os.Stat(filepath.Join(c.stateDir, execFifoFilename)); err == nil { - return Created + return false } - return Running + return true } func (c *Container) isPaused() (bool, error) { diff --git a/libcontainer/state_linux.go b/libcontainer/state_linux.go index c6967e5f4f5..0f629922b56 100644 --- a/libcontainer/state_linux.go +++ b/libcontainer/state_linux.go @@ -103,7 +103,7 @@ func (r *runningState) status() Status { func (r *runningState) transition(s containerState) error { switch s.(type) { case *stoppedState: - if r.c.runType() == Running { + if r.c.hasInit() { return ErrRunning } r.c.state = s @@ -118,7 +118,7 @@ func (r *runningState) transition(s containerState) error { } func (r *runningState) destroy() error { - if r.c.runType() == Running { + if r.c.hasInit() { return ErrRunning } return destroy(r.c) @@ -170,14 +170,13 @@ func (p *pausedState) transition(s containerState) error { } func (p *pausedState) destroy() error { - t := p.c.runType() - if t != Running && t != Created { - if err := p.c.cgroupManager.Freeze(configs.Thawed); err != nil { - return err - } - return destroy(p.c) + if p.c.hasInit() { + return ErrPaused + } + if err := p.c.cgroupManager.Freeze(configs.Thawed); err != nil { + return err } - return ErrPaused + return destroy(p.c) } // restoredState is the same as the running state but also has associated checkpoint From 542cce01220a0896b56b6bbf40401acde3b368e4 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 30 Oct 2023 18:00:11 -0700 Subject: [PATCH 0440/1176] libct: Signal: slight refactor Let's use c.hasInit and c.isPaused where needed instead of c.curentStatus for simplicity. Signed-off-by: Kir Kolyshkin --- libcontainer/container_linux.go | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index d0faaa47ea7..d40eb2614fb 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -364,14 +364,8 @@ func (c *Container) start(process *Process) (retErr error) { func (c *Container) Signal(s os.Signal) error { c.m.Lock() defer c.m.Unlock() - status, err := c.currentStatus() - if err != nil { - return err - } // To avoid a PID reuse attack, don't kill non-running container. - switch status { - case Running, Created, Paused: - default: + if !c.hasInit() { return ErrNotRunning } @@ -382,6 +376,7 @@ func (c *Container) Signal(s os.Signal) error { // // OTOH, if PID namespace is shared, we should kill all pids to avoid // leftover processes. + var err error if s == unix.SIGKILL && !c.config.Namespaces.IsPrivate(configs.NEWPID) { err = signalAllProcesses(c.cgroupManager, unix.SIGKILL) } else { @@ -390,11 +385,13 @@ func (c *Container) Signal(s os.Signal) error { if err != nil { return fmt.Errorf("unable to signal init: %w", err) } - if status == Paused && s == unix.SIGKILL { + if s == unix.SIGKILL { // For cgroup v1, killing a process in a frozen cgroup // does nothing until it's thawed. Only thaw the cgroup // for SIGKILL. - _ = c.cgroupManager.Freeze(configs.Thawed) + if paused, _ := c.isPaused(); paused { + _ = c.cgroupManager.Freeze(configs.Thawed) + } } return nil } From dcf1b731f5aaa810ba67978685d712dc1ac0b248 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 30 Oct 2023 18:09:07 -0700 Subject: [PATCH 0441/1176] runc kill: fix sending KILL to non-pidns container Commit f8ad20f made it impossible to kill leftover processes in a stopped container that does not have its own PID namespace. In other words, if a container init is gone, it is no longer possible to use `runc kill` to kill the leftover processes. Fix this by moving the check if container init exists to after the special case of handling the container without own PID namespace. While at it, fix the minor issue introduced by commit 9583b3d: if signalAllProcesses is used, there is no need to thaw the container (as freeze/thaw is either done in signalAllProcesses already, or not needed at all). Also, make signalAllProcesses return an error early if the container cgroup does not exist (as it relies on it to do its job). This way, the error message returned is more generic and easier to understand ("container not running" instead of "can't open file"). Finally, add a test case. Fixes: f8ad20f Fixes: 9583b3d Co-authored-by: lifubang Signed-off-by: Kir Kolyshkin --- libcontainer/container_linux.go | 21 ++++++----- libcontainer/init_linux.go | 3 ++ tests/integration/kill.bats | 66 +++++++++++++++++++++++++++------ 3 files changed, 68 insertions(+), 22 deletions(-) diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index d40eb2614fb..515755276ad 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -364,10 +364,6 @@ func (c *Container) start(process *Process) (retErr error) { func (c *Container) Signal(s os.Signal) error { c.m.Lock() defer c.m.Unlock() - // To avoid a PID reuse attack, don't kill non-running container. - if !c.hasInit() { - return ErrNotRunning - } // When a container has its own PID namespace, inside it the init PID // is 1, and thus it is handled specially by the kernel. In particular, @@ -375,14 +371,19 @@ func (c *Container) Signal(s os.Signal) error { // all other processes in that PID namespace (see pid_namespaces(7)). // // OTOH, if PID namespace is shared, we should kill all pids to avoid - // leftover processes. - var err error + // leftover processes. Handle this special case here. if s == unix.SIGKILL && !c.config.Namespaces.IsPrivate(configs.NEWPID) { - err = signalAllProcesses(c.cgroupManager, unix.SIGKILL) - } else { - err = c.initProcess.signal(s) + if err := signalAllProcesses(c.cgroupManager, unix.SIGKILL); err != nil { + return fmt.Errorf("unable to kill all processes: %w", err) + } + return nil } - if err != nil { + + // To avoid a PID reuse attack, don't kill non-running container. + if !c.hasInit() { + return ErrNotRunning + } + if err := c.initProcess.signal(s); err != nil { return fmt.Errorf("unable to signal init: %w", err) } if s == unix.SIGKILL { diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go index ec0f002a5fc..6ab0698eed8 100644 --- a/libcontainer/init_linux.go +++ b/libcontainer/init_linux.go @@ -673,6 +673,9 @@ func setupPersonality(config *configs.Config) error { // signalAllProcesses freezes then iterates over all the processes inside the // manager's cgroups sending the signal s to them. func signalAllProcesses(m cgroups.Manager, s unix.Signal) error { + if !m.Exists() { + return ErrNotRunning + } // Use cgroup.kill, if available. if s == unix.SIGKILL { if p := m.Path(""); p != "" { // Either cgroup v2 or hybrid. diff --git a/tests/integration/kill.bats b/tests/integration/kill.bats index 8f2f4a7b4e8..ad116df0d6f 100644 --- a/tests/integration/kill.bats +++ b/tests/integration/kill.bats @@ -10,6 +10,7 @@ function teardown() { teardown_bundle } +# shellcheck disable=SC2030 @test "kill detached busybox" { # run busybox detached runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox @@ -35,16 +36,15 @@ function teardown() { [ "$status" -eq 0 ] } -# This is roughly the same as TestPIDHostInitProcessWait in libcontainer/integration. -@test "kill KILL [host pidns]" { - # kill -a currently requires cgroup freezer. +test_host_pidns_kill() { requires cgroups_freezer update_config ' .linux.namespaces -= [{"type": "pid"}]' set_cgroups_path if [ $EUID -ne 0 ]; then - # kill --all requires working cgroups. requires rootless_cgroup + # Can't mount real /proc when rootless + no pidns, + # so change it to a bind-mounted one from the host. update_config ' .mounts |= map((select(.type == "proc") | .type = "none" | .source = "/proc" @@ -53,17 +53,28 @@ function teardown() { fi runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox + # shellcheck disable=SC2031 [ "$status" -eq 0 ] + cgpath=$(get_cgroup_path "pids") + init_pid=$(cat "$cgpath"/cgroup.procs) # Start a few more processes. for _ in 1 2 3 4 5; do __runc exec -d test_busybox sleep 1h - [ "$status" -eq 0 ] done + if [ -v KILL_INIT ]; then + # Now kill the container's init process. Since the container do + # not have own PID ns, its init is no special and the container + # will still be up and running (except for rootless container + # AND systemd cgroup driver AND systemd > v245, when systemd + # kills the container; see "kill KILL [host pidns + init gone]" + # below). + kill -9 "$init_pid" + fi + # Get the list of all container processes. - path=$(get_cgroup_path "pids") - pids=$(cat "$path"/cgroup.procs) + pids=$(cat "$cgpath"/cgroup.procs) echo "pids: $pids" # Sanity check -- make sure all processes exist. for p in $pids; do @@ -71,14 +82,45 @@ function teardown() { done runc kill test_busybox KILL + # shellcheck disable=SC2031 [ "$status" -eq 0 ] wait_for_container 10 1 test_busybox stopped # Make sure all processes are gone. - pids=$(cat "$path"/cgroup.procs) || true # OK if cgroup is gone + pids=$(cat "$cgpath"/cgroup.procs) || true # OK if cgroup is gone echo "pids: $pids" - for p in $pids; do - run ! kill -0 "$p" - [[ "$output" = *"No such process" ]] - done + [ -z "$pids" ] +} + +# This is roughly the same as TestPIDHostInitProcessWait in libcontainer/integration. +# The differences are: +# +# 1. Here we use separate processes to create and to kill a container, so the +# processes inside a container are not children of "runc kill". +# +# 2. We hit different codepaths (nonChildProcess.signal rather than initProcess.signal). +@test "kill KILL [host pidns]" { + unset KILL_INIT + test_host_pidns_kill +} + +# Same as above plus: +# +# 3. Test runc kill on a container whose init process is gone. +# +# Issue 4047, case "runc kill". +@test "kill KILL [host pidns + init gone]" { + # Apparently, for rootless test, when using systemd cgroup manager, + # newer versions of systemd clean up the container as soon as its init + # process is gone. This is all fine and dandy, except it prevents us to + # test this case, thus we skip the test. + # + # It is not entirely clear which systemd version got this feature: + # v245 works fine, and v249 does not. + if [ $EUID -ne 0 ] && [ -v RUNC_USE_SYSTEMD ] && [ "$(systemd_version)" -gt 245 ]; then + skip "rootless+systemd conflicts with systemd > 245" + fi + KILL_INIT=1 + test_host_pidns_kill + unset KILL_INIT } From 29283bb7db788fcafbc6cf413d06069b2d6b6bff Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 3 Nov 2023 18:41:53 -0700 Subject: [PATCH 0442/1176] runc delete -f: fix for no pidns + no init case Commit f8ad20f moved the kill logic from container destroy to container kill (which is the right thing to do). Alas, it broke the use case of doing "runc delete -f" for a container which does not have its own private PID namespace, when its init process is gone. In this case, some processes may still be running, and runc delete -f should kill them (the same way as "runc kill" does). It does not do that because the container status is "stopped" (as runc considers the container with no init process as stopped), and so we only call "destroy" (which was doing the killing before). The fix is easy: if --force is set, call killContainer no matter what. Add a test case, similar to the one in the previous commit. Signed-off-by: Kir Kolyshkin --- delete.go | 11 ++++-- tests/integration/delete.bats | 63 +++++++++++++++++++++++++++++++++++ tests/integration/kill.bats | 1 + 3 files changed, 72 insertions(+), 3 deletions(-) diff --git a/delete.go b/delete.go index 682101ccad8..e8b92ae5a92 100644 --- a/delete.go +++ b/delete.go @@ -66,6 +66,14 @@ status of "ubuntu01" as "stopped" the following will delete resources held for } return err } + // When --force is given, we kill all container processes and + // then destroy the container. This is done even for a stopped + // container, because (in case it does not have its own PID + // namespace) there may be some leftover processes in the + // container's cgroup. + if force { + return killContainer(container) + } s, err := container.Status() if err != nil { return err @@ -76,9 +84,6 @@ status of "ubuntu01" as "stopped" the following will delete resources held for case libcontainer.Created: return killContainer(container) default: - if force { - return killContainer(container) - } return fmt.Errorf("cannot delete container %s that is not stopped: %s", id, s) } diff --git a/tests/integration/delete.bats b/tests/integration/delete.bats index e9b80b64d06..8cc53c19e01 100644 --- a/tests/integration/delete.bats +++ b/tests/integration/delete.bats @@ -62,6 +62,69 @@ function teardown() { [ "$status" -eq 0 ] } +# Issue 4047, case "runc delete -f". +# See also: "kill KILL [host pidns + init gone]" test in kill.bats. +@test "runc delete --force [host pidns + init gone]" { + requires cgroups_freezer + + update_config ' .linux.namespaces -= [{"type": "pid"}]' + set_cgroups_path + if [ $EUID -ne 0 ]; then + requires rootless_cgroup + # Apparently, for rootless test, when using systemd cgroup manager, + # newer versions of systemd clean up the container as soon as its init + # process is gone. This is all fine and dandy, except it prevents us to + # test this case, thus we skip the test. + # + # It is not entirely clear which systemd version got this feature: + # v245 works fine, and v249 does not. + if [ -v RUNC_USE_SYSTEMD ] && [ "$(systemd_version)" -gt 245 ]; then + skip "rootless+systemd conflicts with systemd > 245" + fi + # Can't mount real /proc when rootless + no pidns, + # so change it to a bind-mounted one from the host. + update_config ' .mounts |= map((select(.type == "proc") + | .type = "none" + | .source = "/proc" + | .options = ["rbind", "nosuid", "nodev", "noexec"] + ) // .)' + fi + + runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox + [ "$status" -eq 0 ] + cgpath=$(get_cgroup_path "pids") + init_pid=$(cat "$cgpath"/cgroup.procs) + + # Start a few more processes. + for _ in 1 2 3 4 5; do + __runc exec -d test_busybox sleep 1h + done + + # Now kill the container's init process. Since the container do + # not have own PID ns, its init is no special and the container + # will still be up and running. + kill -9 "$init_pid" + + # Get the list of all container processes. + pids=$(cat "$cgpath"/cgroup.procs) + echo "pids: $pids" + # Sanity check -- make sure all processes exist. + for p in $pids; do + kill -0 "$p" + done + + runc delete -f test_busybox + [ "$status" -eq 0 ] + + runc state test_busybox + [ "$status" -ne 0 ] # "Container does not exist" + + # Make sure all processes are gone. + pids=$(cat "$cgpath"/cgroup.procs) || true # OK if cgroup is gone + echo "pids: $pids" + [ -z "$pids" ] +} + @test "runc delete --force [paused container]" { runc run -d --console-socket "$CONSOLE_SOCKET" ct1 [ "$status" -eq 0 ] diff --git a/tests/integration/kill.bats b/tests/integration/kill.bats index ad116df0d6f..3124bb0e572 100644 --- a/tests/integration/kill.bats +++ b/tests/integration/kill.bats @@ -109,6 +109,7 @@ test_host_pidns_kill() { # 3. Test runc kill on a container whose init process is gone. # # Issue 4047, case "runc kill". +# See also: "runc delete --force [host pidns + init gone]" test in delete.bats. @test "kill KILL [host pidns + init gone]" { # Apparently, for rootless test, when using systemd cgroup manager, # newer versions of systemd clean up the container as soon as its init From d3d7f7d85abfe7bd6f4ddbe45ad6b1c188dcf194 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 9 Nov 2023 12:08:01 -0800 Subject: [PATCH 0443/1176] libct/cg: improve cgroup removal logic The current code is only doing retries in RemovePaths, which is only used for cgroup v1 (cgroup v2 uses RemovePath, which makes no retries). Let's remove all retry logic and logging from RemovePaths, together with: - os.Stat check from RemovePaths (its usage probably made sense before commit 19be8e5ba56df7a91c7 but not after); - error/warning logging from RemovePaths (this was added by commit 19be8e5ba56df7a91c7 in 2020 and so far we've seen no errors other than EBUSY, so reporting the actual error proved to be useless). Add the retry logic to rmdir, and the second retry bool argument. Decrease the initial delay and increase the number of retries from the old implementation so it can take up to ~1 sec before returning EBUSY (was about 0.3 sec). Hopefully, as a result, we'll have less "failed to remove cgroup paths" errors. Signed-off-by: Kir Kolyshkin --- libcontainer/cgroups/utils.go | 74 +++++++++++++++-------------------- 1 file changed, 32 insertions(+), 42 deletions(-) diff --git a/libcontainer/cgroups/utils.go b/libcontainer/cgroups/utils.go index 965c607c682..186cbc6413f 100644 --- a/libcontainer/cgroups/utils.go +++ b/libcontainer/cgroups/utils.go @@ -217,10 +217,26 @@ func PathExists(path string) bool { return true } -func rmdir(path string) error { +// rmdir tries to remove a directory, optionally retrying on EBUSY. +func rmdir(path string, retry bool) error { + delay := time.Millisecond + tries := 10 + +again: err := unix.Rmdir(path) - if err == nil || err == unix.ENOENT { + switch err { // nolint:errorlint // unix errors are bare + case nil, unix.ENOENT: return nil + case unix.EINTR: + goto again + case unix.EBUSY: + if retry && tries > 0 { + time.Sleep(delay) + delay *= 2 + tries-- + goto again + + } } return &os.PathError{Op: "rmdir", Path: path, Err: err} } @@ -228,68 +244,42 @@ func rmdir(path string) error { // RemovePath aims to remove cgroup path. It does so recursively, // by removing any subdirectories (sub-cgroups) first. func RemovePath(path string) error { - // try the fast path first - if err := rmdir(path); err == nil { + // Try the fast path first. + if err := rmdir(path, false); err == nil { return nil } infos, err := os.ReadDir(path) - if err != nil { - if os.IsNotExist(err) { - err = nil - } + if err != nil && !os.IsNotExist(err) { return err } for _, info := range infos { if info.IsDir() { - // We should remove subcgroups dir first + // We should remove subcgroup first. if err = RemovePath(filepath.Join(path, info.Name())); err != nil { break } } } if err == nil { - err = rmdir(path) + err = rmdir(path, true) } return err } // RemovePaths iterates over the provided paths removing them. -// We trying to remove all paths five times with increasing delay between tries. -// If after all there are not removed cgroups - appropriate error will be -// returned. func RemovePaths(paths map[string]string) (err error) { - const retries = 5 - delay := 10 * time.Millisecond - for i := 0; i < retries; i++ { - if i != 0 { - time.Sleep(delay) - delay *= 2 - } - for s, p := range paths { - if err := RemovePath(p); err != nil { - // do not log intermediate iterations - switch i { - case 0: - logrus.WithError(err).Warnf("Failed to remove cgroup (will retry)") - case retries - 1: - logrus.WithError(err).Error("Failed to remove cgroup") - } - } - _, err := os.Stat(p) - // We need this strange way of checking cgroups existence because - // RemoveAll almost always returns error, even on already removed - // cgroups - if os.IsNotExist(err) { - delete(paths, s) - } - } - if len(paths) == 0 { - //nolint:ineffassign,staticcheck // done to help garbage collecting: opencontainers/runc#2506 - paths = make(map[string]string) - return nil + for s, p := range paths { + if err := RemovePath(p); err == nil { + delete(paths, s) } } + if len(paths) == 0 { + //nolint:ineffassign,staticcheck // done to help garbage collecting: opencontainers/runc#2506 + // TODO: switch to clear once Go < 1.21 is not supported. + paths = make(map[string]string) + return nil + } return fmt.Errorf("Failed to remove paths: %v", paths) } From 7396ca90fa47d0458da4188061b24ca1bff465bf Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 6 Nov 2023 15:38:11 -0800 Subject: [PATCH 0444/1176] runc delete: do not ignore error from destroy If container.Destroy() has failed, runc destroy still return 0, which is wrong and can result in other issues down the line. Let's always return error from destroy in runc delete. For runc checkpoint and runc run, we still treat it as a warning. Co-authored-by: Zhang Tianyang Signed-off-by: Kir Kolyshkin --- checkpoint.go | 4 +++- delete.go | 7 ++----- libcontainer/container_linux.go | 5 ++++- utils_linux.go | 10 +++------- 4 files changed, 12 insertions(+), 14 deletions(-) diff --git a/checkpoint.go b/checkpoint.go index a8a27f248bc..1f5f5e73975 100644 --- a/checkpoint.go +++ b/checkpoint.go @@ -70,7 +70,9 @@ checkpointed.`, err = container.Checkpoint(options) if err == nil && !(options.LeaveRunning || options.PreDump) { // Destroy the container unless we tell CRIU to keep it. - destroy(container) + if err := container.Destroy(); err != nil { + logrus.Warn(err) + } } return err }, diff --git a/delete.go b/delete.go index e8b92ae5a92..fc8133438ea 100644 --- a/delete.go +++ b/delete.go @@ -18,8 +18,7 @@ func killContainer(container *libcontainer.Container) error { for i := 0; i < 100; i++ { time.Sleep(100 * time.Millisecond) if err := container.Signal(unix.Signal(0)); err != nil { - destroy(container) - return nil + return container.Destroy() } } return errors.New("container init still running") @@ -80,13 +79,11 @@ status of "ubuntu01" as "stopped" the following will delete resources held for } switch s { case libcontainer.Stopped: - destroy(container) + return container.Destroy() case libcontainer.Created: return killContainer(container) default: return fmt.Errorf("cannot delete container %s that is not stopped: %s", id, s) } - - return nil }, } diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index 515755276ad..f36abaf1032 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -874,7 +874,10 @@ func (c *Container) newInitConfig(process *Process) *initConfig { func (c *Container) Destroy() error { c.m.Lock() defer c.m.Unlock() - return c.state.destroy() + if err := c.state.destroy(); err != nil { + return fmt.Errorf("unable to destroy container: %w", err) + } + return nil } // Pause pauses the container, if its state is RUNNING or CREATED, changing diff --git a/utils_linux.go b/utils_linux.go index 633d6d68ca6..5de00628493 100644 --- a/utils_linux.go +++ b/utils_linux.go @@ -88,12 +88,6 @@ func newProcess(p specs.Process) (*libcontainer.Process, error) { return lp, nil } -func destroy(container *libcontainer.Container) { - if err := container.Destroy(); err != nil { - logrus.Error(err) - } -} - // setupIO modifies the given process config according to the options. func setupIO(process *libcontainer.Process, rootuid, rootgid int, createTTY, detach bool, sockpath string) (*tty, error) { if createTTY { @@ -303,7 +297,9 @@ func (r *runner) run(config *specs.Process) (int, error) { func (r *runner) destroy() { if r.shouldDestroy { - destroy(r.container) + if err := r.container.Destroy(); err != nil { + logrus.Warn(err) + } } } From ab3cd8d73e61847e16fbc2fd1ce054301dc240d4 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 6 Nov 2023 15:54:37 -0800 Subject: [PATCH 0445/1176] runc delete, container.Destroy: kill all processes (For a container with no private PID namespace, that is). When runc delete (or container.Destroy) is called on a stopped container without private PID namespace and there are processes in its cgroup, kill those. Add a test case. Signed-off-by: Kir Kolyshkin --- libcontainer/state_linux.go | 11 +++++++++++ tests/integration/delete.bats | 21 ++++++++++++++++++--- 2 files changed, 29 insertions(+), 3 deletions(-) diff --git a/libcontainer/state_linux.go b/libcontainer/state_linux.go index 0f629922b56..a725feafb33 100644 --- a/libcontainer/state_linux.go +++ b/libcontainer/state_linux.go @@ -35,6 +35,17 @@ type containerState interface { } func destroy(c *Container) error { + // Usually, when a container init is gone, all other processes in its + // cgroup are killed by the kernel. This is not the case for a shared + // PID namespace container, which may have some processes left after + // its init is killed or exited. + // + // As the container without init process running is considered stopped, + // and destroy is supposed to remove all the container resources, we need + // to kill those processes here. + if !c.config.Namespaces.IsPrivate(configs.NEWPID) { + _ = signalAllProcesses(c.cgroupManager, unix.SIGKILL) + } err := c.cgroupManager.Destroy() if c.intelRdtManager != nil { if ierr := c.intelRdtManager.Destroy(); err == nil { diff --git a/tests/integration/delete.bats b/tests/integration/delete.bats index 8cc53c19e01..a1a21748536 100644 --- a/tests/integration/delete.bats +++ b/tests/integration/delete.bats @@ -62,9 +62,19 @@ function teardown() { [ "$status" -eq 0 ] } -# Issue 4047, case "runc delete -f". -# See also: "kill KILL [host pidns + init gone]" test in kill.bats. +# Issue 4047, case "runc delete". +@test "runc delete [host pidns + init gone]" { + test_runc_delete_host_pidns +} + +# Issue 4047, case "runc delete --force" (different code path). +# shellcheck disable=SC2030 @test "runc delete --force [host pidns + init gone]" { + test_runc_delete_host_pidns --force +} + +# See also: "kill KILL [host pidns + init gone]" test in kill.bats. +function test_runc_delete_host_pidns() { requires cgroups_freezer update_config ' .linux.namespaces -= [{"type": "pid"}]' @@ -91,6 +101,7 @@ function teardown() { fi runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox + # shellcheck disable=SC2031 [ "$status" -eq 0 ] cgpath=$(get_cgroup_path "pids") init_pid=$(cat "$cgpath"/cgroup.procs) @@ -113,10 +124,14 @@ function teardown() { kill -0 "$p" done - runc delete -f test_busybox + # Must kill those processes and remove container. + # shellcheck disable=SC2031 + runc delete "$@" test_busybox + # shellcheck disable=SC2031 [ "$status" -eq 0 ] runc state test_busybox + # shellcheck disable=SC2031 [ "$status" -ne 0 ] # "Container does not exist" # Make sure all processes are gone. From a6f4081766a0f405bb9b5e798a4930c1f434c6b1 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 13 Nov 2023 15:39:21 -0800 Subject: [PATCH 0446/1176] libct: Destroy: don't proceed in case of errors For some reason, container destroy operation removes container's state directory even if cgroup removal fails (and then still returns an error). It has been that way since commit 5c246d038fc47b, which added cgroup removal. This is problematic because once the container state dir is removed, we no longer know container's cgroup and thus can't remove it. Let's return the error early and fail if cgroup can't be removed. Same for other operations: do not proceed if we fail. Signed-off-by: Kir Kolyshkin --- libcontainer/state_linux.go | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/libcontainer/state_linux.go b/libcontainer/state_linux.go index a725feafb33..0b1b8716a76 100644 --- a/libcontainer/state_linux.go +++ b/libcontainer/state_linux.go @@ -46,19 +46,19 @@ func destroy(c *Container) error { if !c.config.Namespaces.IsPrivate(configs.NEWPID) { _ = signalAllProcesses(c.cgroupManager, unix.SIGKILL) } - err := c.cgroupManager.Destroy() + if err := c.cgroupManager.Destroy(); err != nil { + return fmt.Errorf("unable to remove container's cgroup: %w", err) + } if c.intelRdtManager != nil { - if ierr := c.intelRdtManager.Destroy(); err == nil { - err = ierr + if err := c.intelRdtManager.Destroy(); err != nil { + return fmt.Errorf("unable to remove container's IntelRDT group: %w", err) } } - if rerr := os.RemoveAll(c.stateDir); err == nil { - err = rerr + if err := os.RemoveAll(c.stateDir); err != nil { + return fmt.Errorf("unable to remove container state dir: %w", err) } c.initProcess = nil - if herr := runPoststopHooks(c); err == nil { - err = herr - } + err := runPoststopHooks(c) c.state = &stoppedState{c: c} return err } From b27829651360815f2d4ecf4d1bba1c93c617d12f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 28 Nov 2023 04:47:32 +0000 Subject: [PATCH 0447/1176] build(deps): bump golang.org/x/sys Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.14.1-0.20231108175955-e4099bfacb8c to 0.15.0. - [Commits](https://github.com/golang/sys/commits/v0.15.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- vendor/golang.org/x/sys/unix/ioctl_linux.go | 5 +++++ vendor/golang.org/x/sys/unix/mkerrors.sh | 1 + vendor/golang.org/x/sys/unix/zerrors_linux.go | 1 + vendor/golang.org/x/sys/unix/ztypes_linux.go | 6 ++++++ .../x/sys/windows/syscall_windows.go | 2 ++ .../x/sys/windows/zsyscall_windows.go | 19 +++++++++++++++++++ vendor/modules.txt | 2 +- 9 files changed, 38 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index 0961ca666c8..f33e166ddae 100644 --- a/go.mod +++ b/go.mod @@ -21,7 +21,7 @@ require ( github.com/urfave/cli v1.22.12 github.com/vishvananda/netlink v1.1.0 golang.org/x/net v0.17.0 - golang.org/x/sys v0.14.1-0.20231108175955-e4099bfacb8c + golang.org/x/sys v0.15.0 google.golang.org/protobuf v1.31.0 ) diff --git a/go.sum b/go.sum index 76b7d2c355e..b915dc15a1d 100644 --- a/go.sum +++ b/go.sum @@ -71,8 +71,8 @@ golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.14.1-0.20231108175955-e4099bfacb8c h1:3kC/TjQ+xzIblQv39bCOyRk8fbEeJcDHwbyxPUU2BpA= -golang.org/x/sys v0.14.1-0.20231108175955-e4099bfacb8c/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc= +golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= diff --git a/vendor/golang.org/x/sys/unix/ioctl_linux.go b/vendor/golang.org/x/sys/unix/ioctl_linux.go index 0d12c0851ad..dbe680eab88 100644 --- a/vendor/golang.org/x/sys/unix/ioctl_linux.go +++ b/vendor/golang.org/x/sys/unix/ioctl_linux.go @@ -231,3 +231,8 @@ func IoctlLoopGetStatus64(fd int) (*LoopInfo64, error) { func IoctlLoopSetStatus64(fd int, value *LoopInfo64) error { return ioctlPtr(fd, LOOP_SET_STATUS64, unsafe.Pointer(value)) } + +// IoctlLoopConfigure configures all loop device parameters in a single step +func IoctlLoopConfigure(fd int, value *LoopConfig) error { + return ioctlPtr(fd, LOOP_CONFIGURE, unsafe.Pointer(value)) +} diff --git a/vendor/golang.org/x/sys/unix/mkerrors.sh b/vendor/golang.org/x/sys/unix/mkerrors.sh index 5dda44503ea..6202638bae8 100644 --- a/vendor/golang.org/x/sys/unix/mkerrors.sh +++ b/vendor/golang.org/x/sys/unix/mkerrors.sh @@ -519,6 +519,7 @@ ccflags="$@" $2 ~ /^LOCK_(SH|EX|NB|UN)$/ || $2 ~ /^LO_(KEY|NAME)_SIZE$/ || $2 ~ /^LOOP_(CLR|CTL|GET|SET)_/ || + $2 == "LOOP_CONFIGURE" || $2 ~ /^(AF|SOCK|SO|SOL|IPPROTO|IP|IPV6|TCP|MCAST|EVFILT|NOTE|SHUT|PROT|MAP|MREMAP|MFD|T?PACKET|MSG|SCM|MCL|DT|MADV|PR|LOCAL|TCPOPT|UDP)_/ || $2 ~ /^NFC_(GENL|PROTO|COMM|RF|SE|DIRECTION|LLCP|SOCKPROTO)_/ || $2 ~ /^NFC_.*_(MAX)?SIZE$/ || diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux.go b/vendor/golang.org/x/sys/unix/zerrors_linux.go index 1781cfca393..c73cfe2f10b 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux.go @@ -1801,6 +1801,7 @@ const ( LOCK_SH = 0x1 LOCK_UN = 0x8 LOOP_CLR_FD = 0x4c01 + LOOP_CONFIGURE = 0x4c0a LOOP_CTL_ADD = 0x4c80 LOOP_CTL_GET_FREE = 0x4c82 LOOP_CTL_REMOVE = 0x4c81 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux.go b/vendor/golang.org/x/sys/unix/ztypes_linux.go index b07276a1b5f..bbf8399ff58 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux.go @@ -3005,6 +3005,12 @@ type LoopInfo64 struct { Encrypt_key [32]uint8 Init [2]uint64 } +type LoopConfig struct { + Fd uint32 + Size uint32 + Info LoopInfo64 + _ [8]uint64 +} type TIPCSocketAddr struct { Ref uint32 diff --git a/vendor/golang.org/x/sys/windows/syscall_windows.go b/vendor/golang.org/x/sys/windows/syscall_windows.go index fb6cfd0462b..47dc5796769 100644 --- a/vendor/golang.org/x/sys/windows/syscall_windows.go +++ b/vendor/golang.org/x/sys/windows/syscall_windows.go @@ -155,6 +155,8 @@ func NewCallbackCDecl(fn interface{}) uintptr { //sys GetModuleFileName(module Handle, filename *uint16, size uint32) (n uint32, err error) = kernel32.GetModuleFileNameW //sys GetModuleHandleEx(flags uint32, moduleName *uint16, module *Handle) (err error) = kernel32.GetModuleHandleExW //sys SetDefaultDllDirectories(directoryFlags uint32) (err error) +//sys AddDllDirectory(path *uint16) (cookie uintptr, err error) = kernel32.AddDllDirectory +//sys RemoveDllDirectory(cookie uintptr) (err error) = kernel32.RemoveDllDirectory //sys SetDllDirectory(path string) (err error) = kernel32.SetDllDirectoryW //sys GetVersion() (ver uint32, err error) //sys FormatMessage(flags uint32, msgsrc uintptr, msgid uint32, langid uint32, buf []uint16, args *byte) (n uint32, err error) = FormatMessageW diff --git a/vendor/golang.org/x/sys/windows/zsyscall_windows.go b/vendor/golang.org/x/sys/windows/zsyscall_windows.go index db6282e00a5..146a1f0196f 100644 --- a/vendor/golang.org/x/sys/windows/zsyscall_windows.go +++ b/vendor/golang.org/x/sys/windows/zsyscall_windows.go @@ -184,6 +184,7 @@ var ( procGetAdaptersInfo = modiphlpapi.NewProc("GetAdaptersInfo") procGetBestInterfaceEx = modiphlpapi.NewProc("GetBestInterfaceEx") procGetIfEntry = modiphlpapi.NewProc("GetIfEntry") + procAddDllDirectory = modkernel32.NewProc("AddDllDirectory") procAssignProcessToJobObject = modkernel32.NewProc("AssignProcessToJobObject") procCancelIo = modkernel32.NewProc("CancelIo") procCancelIoEx = modkernel32.NewProc("CancelIoEx") @@ -330,6 +331,7 @@ var ( procReadProcessMemory = modkernel32.NewProc("ReadProcessMemory") procReleaseMutex = modkernel32.NewProc("ReleaseMutex") procRemoveDirectoryW = modkernel32.NewProc("RemoveDirectoryW") + procRemoveDllDirectory = modkernel32.NewProc("RemoveDllDirectory") procResetEvent = modkernel32.NewProc("ResetEvent") procResizePseudoConsole = modkernel32.NewProc("ResizePseudoConsole") procResumeThread = modkernel32.NewProc("ResumeThread") @@ -1605,6 +1607,15 @@ func GetIfEntry(pIfRow *MibIfRow) (errcode error) { return } +func AddDllDirectory(path *uint16) (cookie uintptr, err error) { + r0, _, e1 := syscall.Syscall(procAddDllDirectory.Addr(), 1, uintptr(unsafe.Pointer(path)), 0, 0) + cookie = uintptr(r0) + if cookie == 0 { + err = errnoErr(e1) + } + return +} + func AssignProcessToJobObject(job Handle, process Handle) (err error) { r1, _, e1 := syscall.Syscall(procAssignProcessToJobObject.Addr(), 2, uintptr(job), uintptr(process), 0) if r1 == 0 { @@ -2879,6 +2890,14 @@ func RemoveDirectory(path *uint16) (err error) { return } +func RemoveDllDirectory(cookie uintptr) (err error) { + r1, _, e1 := syscall.Syscall(procRemoveDllDirectory.Addr(), 1, uintptr(cookie), 0, 0) + if r1 == 0 { + err = errnoErr(e1) + } + return +} + func ResetEvent(event Handle) (err error) { r1, _, e1 := syscall.Syscall(procResetEvent.Addr(), 1, uintptr(event), 0, 0) if r1 == 0 { diff --git a/vendor/modules.txt b/vendor/modules.txt index 018188fe0f7..ab94b4d6a27 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -82,7 +82,7 @@ golang.org/x/exp/slices # golang.org/x/net v0.17.0 ## explicit; go 1.17 golang.org/x/net/bpf -# golang.org/x/sys v0.14.1-0.20231108175955-e4099bfacb8c +# golang.org/x/sys v0.15.0 ## explicit; go 1.18 golang.org/x/sys/execabs golang.org/x/sys/unix From c25493fce4e2ef566ad868fdd947375632d3dbe5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 28 Nov 2023 06:40:44 +0000 Subject: [PATCH 0448/1176] build(deps): bump golang.org/x/net from 0.17.0 to 0.19.0 Bumps [golang.org/x/net](https://github.com/golang/net) from 0.17.0 to 0.19.0. - [Commits](https://github.com/golang/net/compare/v0.17.0...v0.19.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- vendor/modules.txt | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/go.mod b/go.mod index f33e166ddae..dcbb0ae3c16 100644 --- a/go.mod +++ b/go.mod @@ -20,7 +20,7 @@ require ( github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 github.com/urfave/cli v1.22.12 github.com/vishvananda/netlink v1.1.0 - golang.org/x/net v0.17.0 + golang.org/x/net v0.19.0 golang.org/x/sys v0.15.0 google.golang.org/protobuf v1.31.0 ) diff --git a/go.sum b/go.sum index b915dc15a1d..3b347e30a91 100644 --- a/go.sum +++ b/go.sum @@ -65,8 +65,8 @@ github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df h1:OviZH7qLw/7Zo github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU= golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2 h1:Jvc7gsqn21cJHCmAWx0LiimpP18LZmUxkT5Mp7EZ1mI= golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= -golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= -golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= +golang.org/x/net v0.19.0 h1:zTwKpTd2XuCqf8huc7Fo2iSy+4RHPd10s4KzeTnVr1c= +golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= diff --git a/vendor/modules.txt b/vendor/modules.txt index ab94b4d6a27..1863d3de21f 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -79,8 +79,8 @@ github.com/vishvananda/netns golang.org/x/exp/constraints golang.org/x/exp/maps golang.org/x/exp/slices -# golang.org/x/net v0.17.0 -## explicit; go 1.17 +# golang.org/x/net v0.19.0 +## explicit; go 1.18 golang.org/x/net/bpf # golang.org/x/sys v0.15.0 ## explicit; go 1.18 From 884117471c97efa1d2ef9fd6ffd1d4e12de3b581 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Sun, 3 Dec 2023 16:36:33 +1100 Subject: [PATCH 0449/1176] tests: integration: fix spurious SC203[01] shellcheck errors We had ignore lines for these warnings, but it turns out this is most likely a bug in shellcheck and we can work around it by moving the helper function definition before any of the functions that use the helper function. Hopefully it'll be fixed soon. Ref: https://github.com/koalaman/shellcheck/issues/2873 Signed-off-by: Aleksa Sarai --- tests/integration/delete.bats | 133 +++++++++++++++++----------------- tests/integration/events.bats | 69 +++++++++--------- tests/integration/kill.bats | 55 +++++++------- tests/integration/mounts.bats | 27 +++---- 4 files changed, 140 insertions(+), 144 deletions(-) diff --git a/tests/integration/delete.bats b/tests/integration/delete.bats index a1a21748536..a7ade1082ed 100644 --- a/tests/integration/delete.bats +++ b/tests/integration/delete.bats @@ -10,70 +10,10 @@ function teardown() { teardown_bundle } -@test "runc delete" { - # Need a permission to create a cgroup. - # XXX(@kolyshkin): currently this test does not handle rootless when - # fs cgroup driver is used, because in this case cgroup (with a - # predefined name) is created by tests/rootless.sh, not by runc. - [ $EUID -ne 0 ] && requires systemd - set_resources_limit - - runc run -d --console-socket "$CONSOLE_SOCKET" testbusyboxdelete - [ "$status" -eq 0 ] - - testcontainer testbusyboxdelete running - # Ensure the find statement used later is correct. - output=$(find /sys/fs/cgroup -name testbusyboxdelete -o -name \*-testbusyboxdelete.scope 2>/dev/null || true) - if [ -z "$output" ]; then - fail "expected cgroup not found" - fi - - runc kill testbusyboxdelete KILL - [ "$status" -eq 0 ] - wait_for_container 10 1 testbusyboxdelete stopped - - runc delete testbusyboxdelete - [ "$status" -eq 0 ] - - runc state testbusyboxdelete - [ "$status" -ne 0 ] - - output=$(find /sys/fs/cgroup -name testbusyboxdelete -o -name \*-testbusyboxdelete.scope 2>/dev/null || true) - [ "$output" = "" ] || fail "cgroup not cleaned up correctly: $output" -} - -@test "runc delete --force" { - # run busybox detached - runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox - [ "$status" -eq 0 ] - - # check state - testcontainer test_busybox running - - # force delete test_busybox - runc delete --force test_busybox - - runc state test_busybox - [ "$status" -ne 0 ] -} - -@test "runc delete --force ignore not exist" { - runc delete --force notexists - [ "$status" -eq 0 ] -} - -# Issue 4047, case "runc delete". -@test "runc delete [host pidns + init gone]" { - test_runc_delete_host_pidns -} - -# Issue 4047, case "runc delete --force" (different code path). -# shellcheck disable=SC2030 -@test "runc delete --force [host pidns + init gone]" { - test_runc_delete_host_pidns --force -} - # See also: "kill KILL [host pidns + init gone]" test in kill.bats. +# +# This needs to be placed at the top of the bats file to work around +# a shellcheck bug. See . function test_runc_delete_host_pidns() { requires cgroups_freezer @@ -101,7 +41,6 @@ function test_runc_delete_host_pidns() { fi runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox - # shellcheck disable=SC2031 [ "$status" -eq 0 ] cgpath=$(get_cgroup_path "pids") init_pid=$(cat "$cgpath"/cgroup.procs) @@ -125,13 +64,10 @@ function test_runc_delete_host_pidns() { done # Must kill those processes and remove container. - # shellcheck disable=SC2031 runc delete "$@" test_busybox - # shellcheck disable=SC2031 [ "$status" -eq 0 ] runc state test_busybox - # shellcheck disable=SC2031 [ "$status" -ne 0 ] # "Container does not exist" # Make sure all processes are gone. @@ -140,6 +76,68 @@ function test_runc_delete_host_pidns() { [ -z "$pids" ] } +@test "runc delete" { + # Need a permission to create a cgroup. + # XXX(@kolyshkin): currently this test does not handle rootless when + # fs cgroup driver is used, because in this case cgroup (with a + # predefined name) is created by tests/rootless.sh, not by runc. + [ $EUID -ne 0 ] && requires systemd + set_resources_limit + + runc run -d --console-socket "$CONSOLE_SOCKET" testbusyboxdelete + [ "$status" -eq 0 ] + + testcontainer testbusyboxdelete running + # Ensure the find statement used later is correct. + output=$(find /sys/fs/cgroup -name testbusyboxdelete -o -name \*-testbusyboxdelete.scope 2>/dev/null || true) + if [ -z "$output" ]; then + fail "expected cgroup not found" + fi + + runc kill testbusyboxdelete KILL + [ "$status" -eq 0 ] + wait_for_container 10 1 testbusyboxdelete stopped + + runc delete testbusyboxdelete + [ "$status" -eq 0 ] + + runc state testbusyboxdelete + [ "$status" -ne 0 ] + + output=$(find /sys/fs/cgroup -name testbusyboxdelete -o -name \*-testbusyboxdelete.scope 2>/dev/null || true) + [ "$output" = "" ] || fail "cgroup not cleaned up correctly: $output" +} + +@test "runc delete --force" { + # run busybox detached + runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox + [ "$status" -eq 0 ] + + # check state + testcontainer test_busybox running + + # force delete test_busybox + runc delete --force test_busybox + + runc state test_busybox + [ "$status" -ne 0 ] +} + +@test "runc delete --force ignore not exist" { + runc delete --force notexists + [ "$status" -eq 0 ] +} + +# Issue 4047, case "runc delete". +@test "runc delete [host pidns + init gone]" { + test_runc_delete_host_pidns +} + +# Issue 4047, case "runc delete --force" (different code path). +@test "runc delete --force [host pidns + init gone]" { + test_runc_delete_host_pidns --force +} + @test "runc delete --force [paused container]" { runc run -d --console-socket "$CONSOLE_SOCKET" ct1 [ "$status" -eq 0 ] @@ -251,7 +249,6 @@ EOF requires systemd_v244 # Older systemd lacks RuntimeMaxSec support. set_cgroups_path - # shellcheck disable=SC2016 update_config ' .annotations += { "org.systemd.property.RuntimeMaxSec": "2", "org.systemd.property.TimeoutStopSec": "1" diff --git a/tests/integration/events.bats b/tests/integration/events.bats index 707fe4e73fc..cf42eaf55cd 100644 --- a/tests/integration/events.bats +++ b/tests/integration/events.bats @@ -10,7 +10,40 @@ function teardown() { teardown_bundle } -# shellcheck disable=SC2030 +# This needs to be placed at the top of the bats file to work around +# a shellcheck bug. See . +function test_events() { + # XXX: currently cgroups require root containers. + requires root + init_cgroup_paths + + local status interval retry_every=1 + if [ $# -eq 2 ]; then + interval="$1" + retry_every="$2" + fi + + runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox + [ "$status" -eq 0 ] + + # Spawn two subshels: + # 1. Event logger that sends stats events to events.log. + (__runc events ${interval:+ --interval "$interval"} test_busybox >events.log) & + # 2. Waits for an event that includes test_busybox then kills the + # test_busybox container which causes the event logger to exit. + ( + retry 10 "$retry_every" grep -q test_busybox events.log + __runc delete -f test_busybox + ) & + wait # for both subshells to finish + + [ -e events.log ] + + output=$(head -1 events.log) + [[ "$output" == [\{]"\"type\""[:]"\"stats\""[,]"\"id\""[:]"\"test_busybox\""[,]* ]] + [[ "$output" == *"data"* ]] +} + @test "events --stats" { # XXX: currently cgroups require root containers. requires root @@ -27,7 +60,6 @@ function teardown() { [[ "${lines[0]}" == *"data"* ]] } -# shellcheck disable=SC2030 @test "events --stats with psi data" { requires root cgroups_v2 psi init_cgroup_paths @@ -56,39 +88,6 @@ function teardown() { done } -function test_events() { - # XXX: currently cgroups require root containers. - requires root - init_cgroup_paths - - local status interval retry_every=1 - if [ $# -eq 2 ]; then - interval="$1" - retry_every="$2" - fi - - runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox - # shellcheck disable=SC2031 - [ "$status" -eq 0 ] - - # Spawn two subshels: - # 1. Event logger that sends stats events to events.log. - (__runc events ${interval:+ --interval "$interval"} test_busybox >events.log) & - # 2. Waits for an event that includes test_busybox then kills the - # test_busybox container which causes the event logger to exit. - ( - retry 10 "$retry_every" grep -q test_busybox events.log - __runc delete -f test_busybox - ) & - wait # for both subshells to finish - - [ -e events.log ] - - output=$(head -1 events.log) - [[ "$output" == [\{]"\"type\""[:]"\"stats\""[,]"\"id\""[:]"\"test_busybox\""[,]* ]] - [[ "$output" == *"data"* ]] -} - @test "events --interval default" { test_events } diff --git a/tests/integration/kill.bats b/tests/integration/kill.bats index 3124bb0e572..d1e0de19dca 100644 --- a/tests/integration/kill.bats +++ b/tests/integration/kill.bats @@ -10,32 +10,8 @@ function teardown() { teardown_bundle } -# shellcheck disable=SC2030 -@test "kill detached busybox" { - # run busybox detached - runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox - [ "$status" -eq 0 ] - - # check state - testcontainer test_busybox running - - runc kill test_busybox KILL - [ "$status" -eq 0 ] - wait_for_container 10 1 test_busybox stopped - - # Check that kill errors on a stopped container. - runc kill test_busybox 0 - [ "$status" -ne 0 ] - [[ "$output" == *"container not running"* ]] - - # Check that -a (now obsoleted) makes kill return no error for a stopped container. - runc kill -a test_busybox 0 - [ "$status" -eq 0 ] - - runc delete test_busybox - [ "$status" -eq 0 ] -} - +# This needs to be placed at the top of the bats file to work around +# a shellcheck bug. See . test_host_pidns_kill() { requires cgroups_freezer @@ -53,7 +29,6 @@ test_host_pidns_kill() { fi runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox - # shellcheck disable=SC2031 [ "$status" -eq 0 ] cgpath=$(get_cgroup_path "pids") init_pid=$(cat "$cgpath"/cgroup.procs) @@ -82,7 +57,6 @@ test_host_pidns_kill() { done runc kill test_busybox KILL - # shellcheck disable=SC2031 [ "$status" -eq 0 ] wait_for_container 10 1 test_busybox stopped @@ -92,6 +66,31 @@ test_host_pidns_kill() { [ -z "$pids" ] } +@test "kill detached busybox" { + # run busybox detached + runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox + [ "$status" -eq 0 ] + + # check state + testcontainer test_busybox running + + runc kill test_busybox KILL + [ "$status" -eq 0 ] + wait_for_container 10 1 test_busybox stopped + + # Check that kill errors on a stopped container. + runc kill test_busybox 0 + [ "$status" -ne 0 ] + [[ "$output" == *"container not running"* ]] + + # Check that -a (now obsoleted) makes kill return no error for a stopped container. + runc kill -a test_busybox 0 + [ "$status" -eq 0 ] + + runc delete test_busybox + [ "$status" -eq 0 ] +} + # This is roughly the same as TestPIDHostInitProcessWait in libcontainer/integration. # The differences are: # diff --git a/tests/integration/mounts.bats b/tests/integration/mounts.bats index 3cd01da840f..a4d997ca765 100644 --- a/tests/integration/mounts.bats +++ b/tests/integration/mounts.bats @@ -10,6 +10,20 @@ function teardown() { teardown_bundle } +# https://github.com/opencontainers/runc/security/advisories/GHSA-m8cg-xc2p-r3fc +# +# This needs to be placed at the top of the bats file to work around +# a shellcheck bug. See . +function test_ro_cgroup_mount() { + local lines status + # shellcheck disable=SC2016 + update_config '.process.args |= ["sh", "-euc", "for f in `grep /sys/fs/cgroup /proc/mounts | awk \"{print \\\\$2}\"| uniq`; do test -e $f && grep -w $f /proc/mounts | tail -n1; done"]' + runc run test_busybox + [ "$status" -eq 0 ] + [ "${#lines[@]}" -ne 0 ] + for line in "${lines[@]}"; do [[ "${line}" == *'ro,'* ]]; done +} + # https://github.com/opencontainers/runc/issues/3991 @test "runc run [tmpcopyup]" { mkdir -p rootfs/dir1/dir2 @@ -88,22 +102,9 @@ function teardown() { test_ro_cgroup_mount } -# shellcheck disable=SC2030 @test "runc run [ro /sys/fs/cgroup mounts + cgroupns]" { requires cgroupns # With cgroup namespace. update_config '.linux.namespaces |= if index({"type": "cgroup"}) then . else . + [{"type": "cgroup"}] end' test_ro_cgroup_mount } - -# https://github.com/opencontainers/runc/security/advisories/GHSA-m8cg-xc2p-r3fc -# shellcheck disable=SC2031 -function test_ro_cgroup_mount() { - local lines status - # shellcheck disable=SC2016 - update_config '.process.args |= ["sh", "-euc", "for f in `grep /sys/fs/cgroup /proc/mounts | awk \"{print \\\\$2}\"| uniq`; do test -e $f && grep -w $f /proc/mounts | tail -n1; done"]' - runc run test_busybox - [ "$status" -eq 0 ] - [ "${#lines[@]}" -ne 0 ] - for line in "${lines[@]}"; do [[ "${line}" == *'ro,'* ]]; done -} From 1912d5988bbb379189ea9ceb2e03945738c513dc Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Tue, 21 Nov 2023 00:36:28 +1100 Subject: [PATCH 0450/1176] *: actually support joining a userns with a new container Our handling for name space paths with user namespaces has been broken for a long time. In particular, the need to parse /proc/self/*id_map in quite a few places meant that we would treat userns configurations that had a namespace path as if they were a userns configuration without mappings, resulting in errors. The primary issue was down to the id translation helper functions, which could only handle configurations that had explicit mappings. Obviously, when joining a user namespace we need to map the ids but figuring out the correct mapping is non-trivial in comparison. In order to get the mapping, you need to read /proc//*id_map of a process inside the userns -- while most userns paths will be of the form /proc//ns/user (and we have a fast-path for this case), this is not guaranteed and thus it is necessary to spawn a process inside the container and read its /proc//*id_map files in the general case. As Go does not allow us spawn a subprocess into a target userns, we have to use CGo to fork a sub-process which does the setns(2). To be honest, this is a little dodgy in regards to POSIX signal-safety(7) but since we do no allocations and we are executing in the forked context from a Go program (not a C program), it should be okay. The other alternative would be to do an expensive re-exec (a-la nsexec which would make several other bits of runc more complicated), or to use nsenter(1) which might not exist on the system and is less than ideal. Because we need to logically remap users quite a few times in runc (including in "runc init", where joining the namespace is not feasable), we cache the mapping inside the libcontainer config struct. A future patch will make sure that we stop allow invalid user configurations where a mapping is specified as well as a userns path to join. Finally, add an integration test to make sure we don't regress this again. Signed-off-by: Aleksa Sarai --- libcontainer/configs/validate/rootless.go | 32 ++-- libcontainer/specconv/spec_linux.go | 16 ++ libcontainer/userns/userns_maps.c | 79 ++++++++++ libcontainer/userns/userns_maps_linux.go | 171 ++++++++++++++++++++++ tests/integration/userns.bats | 83 ++++++++++- 5 files changed, 361 insertions(+), 20 deletions(-) create mode 100644 libcontainer/userns/userns_maps.c create mode 100644 libcontainer/userns/userns_maps_linux.go diff --git a/libcontainer/configs/validate/rootless.go b/libcontainer/configs/validate/rootless.go index 6d32704a32a..faceea04c09 100644 --- a/libcontainer/configs/validate/rootless.go +++ b/libcontainer/configs/validate/rootless.go @@ -2,6 +2,7 @@ package validate import ( "errors" + "fmt" "strconv" "strings" @@ -28,25 +29,18 @@ func rootlessEUIDCheck(config *configs.Config) error { return nil } -func hasIDMapping(id int, mappings []configs.IDMap) bool { - for _, m := range mappings { - if id >= m.ContainerID && id < m.ContainerID+m.Size { - return true - } - } - return false -} - func rootlessEUIDMappings(config *configs.Config) error { if !config.Namespaces.Contains(configs.NEWUSER) { return errors.New("rootless container requires user namespaces") } - - if len(config.UIDMappings) == 0 { - return errors.New("rootless containers requires at least one UID mapping") - } - if len(config.GIDMappings) == 0 { - return errors.New("rootless containers requires at least one GID mapping") + // We only require mappings if we are not joining another userns. + if path := config.Namespaces.PathOf(configs.NEWUSER); path == "" { + if len(config.UIDMappings) == 0 { + return errors.New("rootless containers requires at least one UID mapping") + } + if len(config.GIDMappings) == 0 { + return errors.New("rootless containers requires at least one GID mapping") + } } return nil } @@ -68,8 +62,8 @@ func rootlessEUIDMount(config *configs.Config) error { // Ignore unknown mount options. continue } - if !hasIDMapping(uid, config.UIDMappings) { - return errors.New("cannot specify uid= mount options for unmapped uid in rootless containers") + if _, err := config.HostUID(uid); err != nil { + return fmt.Errorf("cannot specify uid=%d mount option for rootless container: %w", uid, err) } } @@ -79,8 +73,8 @@ func rootlessEUIDMount(config *configs.Config) error { // Ignore unknown mount options. continue } - if !hasIDMapping(gid, config.GIDMappings) { - return errors.New("cannot specify gid= mount options for unmapped gid in rootless containers") + if _, err := config.HostGID(gid); err != nil { + return fmt.Errorf("cannot specify gid=%d mount option for rootless container: %w", gid, err) } } } diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go index c1632ac12ad..2529e1e7e29 100644 --- a/libcontainer/specconv/spec_linux.go +++ b/libcontainer/specconv/spec_linux.go @@ -18,6 +18,7 @@ import ( "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/devices" "github.com/opencontainers/runc/libcontainer/seccomp" + "github.com/opencontainers/runc/libcontainer/userns" libcontainerUtils "github.com/opencontainers/runc/libcontainer/utils" "github.com/opencontainers/runtime-spec/specs-go" "github.com/sirupsen/logrus" @@ -968,6 +969,21 @@ func setupUserNamespace(spec *specs.Spec, config *configs.Config) error { config.UIDMappings = toConfigIDMap(spec.Linux.UIDMappings) config.GIDMappings = toConfigIDMap(spec.Linux.GIDMappings) } + if path := config.Namespaces.PathOf(configs.NEWUSER); path != "" { + // Cache the current userns mappings in our configuration, so that we + // can calculate uid and gid mappings within runc. These mappings are + // never used for configuring the container if the path is set. + uidMap, gidMap, err := userns.GetUserNamespaceMappings(path) + if err != nil { + return fmt.Errorf("failed to cache mappings for userns: %w", err) + } + config.UIDMappings = uidMap + config.GIDMappings = gidMap + logrus.WithFields(logrus.Fields{ + "uid_map": uidMap, + "gid_map": gidMap, + }).Debugf("config uses path-based userns configuration -- current uid and gid mappings cached") + } rootUID, err := config.HostRootUID() if err != nil { return err diff --git a/libcontainer/userns/userns_maps.c b/libcontainer/userns/userns_maps.c new file mode 100644 index 00000000000..84f2c6188c3 --- /dev/null +++ b/libcontainer/userns/userns_maps.c @@ -0,0 +1,79 @@ +#define _GNU_SOURCE +#include +#include +#include +#include +#include +#include + +/* + * All of the code here is run inside an aync-signal-safe context, so we need + * to be careful to not call any functions that could cause issues. In theory, + * since we are a Go program, there are fewer restrictions in practice, it's + * better to be safe than sorry. + * + * The only exception is exit, which we need to call to make sure we don't + * return into runc. + */ + +void bail(int pipefd, const char *fmt, ...) +{ + va_list args; + + va_start(args, fmt); + vdprintf(pipefd, fmt, args); + va_end(args); + + exit(1); +} + +int spawn_userns_cat(char *userns_path, char *path, int outfd, int errfd) +{ + char buffer[4096] = { 0 }; + + pid_t child = fork(); + if (child != 0) + return child; + /* in child */ + + /* Join the target userns. */ + int nsfd = open(userns_path, O_RDONLY); + if (nsfd < 0) + bail(errfd, "open userns path %s failed: %m", userns_path); + + int err = setns(nsfd, CLONE_NEWUSER); + if (err < 0) + bail(errfd, "setns %s failed: %m", userns_path); + + close(nsfd); + + /* Pipe the requested file contents. */ + int fd = open(path, O_RDONLY); + if (fd < 0) + bail(errfd, "open %s in userns %s failed: %m", path, userns_path); + + int nread, ntotal = 0; + while ((nread = read(fd, buffer, sizeof(buffer))) != 0) { + if (nread < 0) + bail(errfd, "read bytes from %s failed (after %d total bytes read): %m", path, ntotal); + ntotal += nread; + + int nwritten = 0; + while (nwritten < nread) { + int n = write(outfd, buffer, nread - nwritten); + if (n < 0) + bail(errfd, "write %d bytes from %s failed (after %d bytes written): %m", + nread - nwritten, path, nwritten); + nwritten += n; + } + if (nread != nwritten) + bail(errfd, "mismatch for bytes read and written: %d read != %d written", nread, nwritten); + } + + close(fd); + close(outfd); + close(errfd); + + /* We must exit here, otherwise we would return into a forked runc. */ + exit(0); +} diff --git a/libcontainer/userns/userns_maps_linux.go b/libcontainer/userns/userns_maps_linux.go new file mode 100644 index 00000000000..d81290de2cb --- /dev/null +++ b/libcontainer/userns/userns_maps_linux.go @@ -0,0 +1,171 @@ +//go:build linux + +package userns + +import ( + "bufio" + "bytes" + "fmt" + "io" + "os" + "unsafe" + + "github.com/opencontainers/runc/libcontainer/configs" + "github.com/sirupsen/logrus" +) + +/* +#include +extern int spawn_userns_cat(char *userns_path, char *path, int outfd, int errfd); +*/ +import "C" + +func parseIdmapData(data []byte) (ms []configs.IDMap, err error) { + scanner := bufio.NewScanner(bytes.NewReader(data)) + for scanner.Scan() { + var m configs.IDMap + line := scanner.Text() + if _, err := fmt.Sscanf(line, "%d %d %d", &m.ContainerID, &m.HostID, &m.Size); err != nil { + return nil, fmt.Errorf("parsing id map failed: invalid format in line %q: %w", line, err) + } + ms = append(ms, m) + } + if err := scanner.Err(); err != nil { + return nil, fmt.Errorf("parsing id map failed: %w", err) + } + return ms, nil +} + +// Do something equivalent to nsenter --user= cat , but more +// efficiently. Returns the contents of the requested file from within the user +// namespace. +func spawnUserNamespaceCat(nsPath string, path string) ([]byte, error) { + rdr, wtr, err := os.Pipe() + if err != nil { + return nil, fmt.Errorf("create pipe for userns spawn failed: %w", err) + } + defer rdr.Close() + defer wtr.Close() + + errRdr, errWtr, err := os.Pipe() + if err != nil { + return nil, fmt.Errorf("create error pipe for userns spawn failed: %w", err) + } + defer errRdr.Close() + defer errWtr.Close() + + cNsPath := C.CString(nsPath) + defer C.free(unsafe.Pointer(cNsPath)) + cPath := C.CString(path) + defer C.free(unsafe.Pointer(cPath)) + + childPid := C.spawn_userns_cat(cNsPath, cPath, C.int(wtr.Fd()), C.int(errWtr.Fd())) + + if childPid < 0 { + return nil, fmt.Errorf("failed to spawn fork for userns") + } else if childPid == 0 { + // this should never happen + panic("runc executing inside fork child -- unsafe state!") + } + + // We are in the parent -- close the write end of the pipe before reading. + wtr.Close() + output, err := io.ReadAll(rdr) + rdr.Close() + if err != nil { + return nil, fmt.Errorf("reading from userns spawn failed: %w", err) + } + + // Ditto for the error pipe. + errWtr.Close() + errOutput, err := io.ReadAll(errRdr) + errRdr.Close() + if err != nil { + return nil, fmt.Errorf("reading from userns spawn error pipe failed: %w", err) + } + errOutput = bytes.TrimSpace(errOutput) + + // Clean up the child. + child, err := os.FindProcess(int(childPid)) + if err != nil { + return nil, fmt.Errorf("could not find userns spawn process: %w", err) + } + state, err := child.Wait() + if err != nil { + return nil, fmt.Errorf("failed to wait for userns spawn process: %w", err) + } + if !state.Success() { + errStr := string(errOutput) + if errStr == "" { + errStr = fmt.Sprintf("unknown error (status code %d)", state.ExitCode()) + } + return nil, fmt.Errorf("userns spawn: %s", errStr) + } else if len(errOutput) > 0 { + // We can just ignore weird output in the error pipe if the process + // didn't bail(), but for completeness output for debugging. + logrus.Debugf("userns spawn succeeded but unexpected error message found: %s", string(errOutput)) + } + // The subprocess succeeded, return whatever it wrote to the pipe. + return output, nil +} + +func GetUserNamespaceMappings(nsPath string) (uidMap, gidMap []configs.IDMap, err error) { + var ( + pid int + extra rune + tryFastPath bool + ) + + // nsPath is usually of the form /proc//ns/user, which means that we + // already have a pid that is part of the user namespace and thus we can + // just use the pid to read from /proc//*id_map. + // + // Note that Sscanf doesn't consume the whole input, so we check for any + // trailing data with %c. That way, we can be sure the pattern matched + // /proc/$pid/ns/user _exactly_ iff n === 1. + if n, _ := fmt.Sscanf(nsPath, "/proc/%d/ns/user%c", &pid, &extra); n == 1 { + tryFastPath = pid > 0 + } + + for _, mapType := range []struct { + name string + idMap *[]configs.IDMap + }{ + {"uid_map", &uidMap}, + {"gid_map", &gidMap}, + } { + var mapData []byte + + if tryFastPath { + path := fmt.Sprintf("/proc/%d/%s", pid, mapType.name) + data, err := os.ReadFile(path) + if err != nil { + // Do not error out here -- we need to try the slow path if the + // fast path failed. + logrus.Debugf("failed to use fast path to read %s from userns %s (error: %s), falling back to slow userns-join path", mapType.name, nsPath, err) + } else { + mapData = data + } + } else { + logrus.Debugf("cannot use fast path to read %s from userns %s, falling back to slow userns-join path", mapType.name, nsPath) + } + + if mapData == nil { + // We have to actually join the namespace if we cannot take the + // fast path. The path is resolved with respect to the child + // process, so just use /proc/self. + data, err := spawnUserNamespaceCat(nsPath, "/proc/self/"+mapType.name) + if err != nil { + return nil, nil, err + } + mapData = data + } + idMap, err := parseIdmapData(mapData) + if err != nil { + return nil, nil, fmt.Errorf("failed to parse %s of userns %s: %w", mapType.name, nsPath, err) + } + *mapType.idMap = idMap + } + + return uidMap, gidMap, nil +} diff --git a/tests/integration/userns.bats b/tests/integration/userns.bats index d52444cacc5..947681c9b7c 100644 --- a/tests/integration/userns.bats +++ b/tests/integration/userns.bats @@ -15,15 +15,25 @@ function setup() { mkdir -p rootfs/{proc,sys,tmp} mkdir -p rootfs/tmp/mount-{1,2} + to_umount_list="$(mktemp "$BATS_RUN_TMPDIR/userns-mounts.XXXXXX")" if [ $EUID -eq 0 ]; then update_config ' .linux.namespaces += [{"type": "user"}] | .linux.uidMappings += [{"hostID": 100000, "containerID": 0, "size": 65534}] - | .linux.gidMappings += [{"hostID": 100000, "containerID": 0, "size": 65534}] ' + | .linux.gidMappings += [{"hostID": 200000, "containerID": 0, "size": 65534}] ' fi } function teardown() { teardown_bundle + + if [ -v to_umount_list ]; then + while read -r mount_path; do + umount -l "$mount_path" || : + rm -f "$mount_path" + done <"$to_umount_list" + rm -f "$to_umount_list" + unset to_umount_list + fi } @test "userns with simple mount" { @@ -83,3 +93,74 @@ function teardown() { runc exec test_busybox cat /sys/fs/cgroup/{pids,memory}/tasks [ "$status" -eq 0 ] } + +@test "userns join other container userns" { + # Create a detached container with the id-mapping we want. + update_config '.process.args = ["sleep", "infinity"]' + runc run -d --console-socket "$CONSOLE_SOCKET" target_userns + [ "$status" -eq 0 ] + + # Configure our container to attach to the first container's userns. + target_pid="$(__runc state target_userns | jq .pid)" + update_config '.linux.namespaces |= map(if .type == "user" then (.path = "/proc/'"$target_pid"'/ns/" + .type) else . end) + | del(.linux.uidMappings) + | del(.linux.gidMappings)' + runc run -d --console-socket "$CONSOLE_SOCKET" in_userns + [ "$status" -eq 0 ] + + runc exec in_userns cat /proc/self/uid_map + [ "$status" -eq 0 ] + if [ $EUID -eq 0 ]; then + grep -E '^\s+0\s+100000\s+65534$' <<<"$output" + else + grep -E '^\s+0\s+'$EUID'\s+1$' <<<"$output" + fi + + runc exec in_userns cat /proc/self/gid_map + [ "$status" -eq 0 ] + if [ $EUID -eq 0 ]; then + grep -E '^\s+0\s+200000\s+65534$' <<<"$output" + else + grep -E '^\s+0\s+'$EUID'\s+1$' <<<"$output" + fi +} + +@test "userns join other container userns [bind-mounted nsfd]" { + requires root + + # Create a detached container with the id-mapping we want. + update_config '.process.args = ["sleep", "infinity"]' + runc run -d --console-socket "$CONSOLE_SOCKET" target_userns + [ "$status" -eq 0 ] + + # Bind-mount the first containers userns nsfd to a different path, to + # exercise the non-fast-path (where runc has to join the userns to get the + # mappings). + target_pid="$(__runc state target_userns | jq .pid)" + userns_path=$(mktemp "$BATS_RUN_TMPDIR/userns.XXXXXX") + mount --bind "/proc/$target_pid/ns/user" "$userns_path" + echo "$userns_path" >>"$to_umount_list" + + # Configure our container to attach to the first container's userns. + update_config '.linux.namespaces |= map(if .type == "user" then (.path = "'"$userns_path"'") else . end) + | del(.linux.uidMappings) + | del(.linux.gidMappings)' + runc run -d --console-socket "$CONSOLE_SOCKET" in_userns + [ "$status" -eq 0 ] + + runc exec in_userns cat /proc/self/uid_map + [ "$status" -eq 0 ] + if [ $EUID -eq 0 ]; then + grep -E '^\s+0\s+100000\s+65534$' <<<"$output" + else + grep -E '^\s+0\s+'$EUID'\s+1$' <<<"$output" + fi + + runc exec in_userns cat /proc/self/gid_map + [ "$status" -eq 0 ] + if [ $EUID -eq 0 ]; then + grep -E '^\s+0\s+200000\s+65534$' <<<"$output" + else + grep -E '^\s+0\s+'$EUID'\s+1$' <<<"$output" + fi +} From 9387eac3a5868d16e48546dfccc43b77cede3baa Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Sat, 2 Dec 2023 02:19:00 +1100 Subject: [PATCH 0451/1176] init: don't pre-flight-check the set[ug]id arguments While we do cache the mappings when using userns paths, there's no need to do this in this particular case, since we are in the namespace and set[ug]id() give unambiguous EINVAL error codes if the id is unmapped. This appears to also be the only code which does Host[UG]ID calculations from inside "runc init". Ref: 1a5fdc1c5feb ("init: support setting -u with rootless containers") Signed-off-by: Aleksa Sarai --- libcontainer/init_linux.go | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go index 6ab0698eed8..c02538d6847 100644 --- a/libcontainer/init_linux.go +++ b/libcontainer/init_linux.go @@ -494,15 +494,6 @@ func setupUser(config *initConfig) error { } } - // Rather than just erroring out later in setuid(2) and setgid(2), check - // that the user is mapped here. - if _, err := config.Config.HostUID(execUser.Uid); err != nil { - return errors.New("cannot set uid to unmapped user in user namespace") - } - if _, err := config.Config.HostGID(execUser.Gid); err != nil { - return errors.New("cannot set gid to unmapped user in user namespace") - } - if config.RootlessEUID { // We cannot set any additional groups in a rootless container and thus // we bail if the user asked us to do so. TODO: We currently can't do @@ -538,9 +529,15 @@ func setupUser(config *initConfig) error { } if err := unix.Setgid(execUser.Gid); err != nil { + if err == unix.EINVAL { + return fmt.Errorf("cannot setgid to unmapped gid %d in user namespace", execUser.Gid) + } return err } if err := unix.Setuid(execUser.Uid); err != nil { + if err == unix.EINVAL { + return fmt.Errorf("cannot setuid to unmapped uid %d in user namespace", execUser.Uid) + } return err } From 3bab7e92233a1765ca82308e3a28c33483968b4b Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Sat, 2 Dec 2023 02:17:11 +1100 Subject: [PATCH 0452/1176] configs: clean up error messages for Host[UG]ID If a user has misconfigured their userns mappings, they need to know which id specifically is not mapped. There's no need to be vague. Signed-off-by: Aleksa Sarai --- libcontainer/configs/config_linux.go | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/libcontainer/configs/config_linux.go b/libcontainer/configs/config_linux.go index 1900fc978f4..3c0e71e4b2d 100644 --- a/libcontainer/configs/config_linux.go +++ b/libcontainer/configs/config_linux.go @@ -1,12 +1,13 @@ package configs -import "errors" +import ( + "errors" + "fmt" +) var ( - errNoUIDMap = errors.New("User namespaces enabled, but no uid mappings found.") - errNoUserMap = errors.New("User namespaces enabled, but no user mapping found.") - errNoGIDMap = errors.New("User namespaces enabled, but no gid mappings found.") - errNoGroupMap = errors.New("User namespaces enabled, but no group mapping found.") + errNoUIDMap = errors.New("user namespaces enabled, but no uid mappings found") + errNoGIDMap = errors.New("user namespaces enabled, but no gid mappings found") ) // Please check https://man7.org/linux/man-pages/man2/personality.2.html for const details. @@ -31,7 +32,7 @@ func (c Config) HostUID(containerId int) (int, error) { } id, found := c.hostIDFromMapping(containerId, c.UIDMappings) if !found { - return -1, errNoUserMap + return -1, fmt.Errorf("user namespaces enabled, but no mapping found for uid %d", containerId) } return id, nil } @@ -54,7 +55,7 @@ func (c Config) HostGID(containerId int) (int, error) { } id, found := c.hostIDFromMapping(containerId, c.GIDMappings) if !found { - return -1, errNoGroupMap + return -1, fmt.Errorf("user namespaces enabled, but no mapping found for gid %d", containerId) } return id, nil } From 09822c3da8ad8fa91b8796c5abf27ef06814a0c3 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Tue, 21 Nov 2023 17:20:36 +1100 Subject: [PATCH 0453/1176] configs: disallow ambiguous userns and timens configurations For userns and timens, the mappings (and offsets, respectively) cannot be changed after the namespace is first configured. Thus, configuring a container with a namespace path to join means that you cannot also provide configuration for said namespace. Previously we would silently ignore the configuration (and just join the provided path), but we really should be returning an error (especially when you consider that the configuration userns mappings are used quite a bit in runc with the assumption that they are the correct mapping for the userns -- but in this case they are not). In the case of userns, the mappings are also required if you _do not_ specify a path, while in the case of the time namespace you can have a container with a timens but no mappings specified. It should be noted that the case checking that the user has not specified a userns path and a userns mapping needs to be handled in specconv (as opposed to the configuration validator) because with this patchset we now cache the mappings of path-based userns configurations and thus the validator can't be sure whether the mapping is a cached mapping or a user-specified one. So we do the validation in specconv, and thus the test for this needs to be an integration test. Signed-off-by: Aleksa Sarai --- libcontainer/configs/validate/validator.go | 17 ++++++++-- .../configs/validate/validator_test.go | 33 +++++++++++++++--- libcontainer/integration/exec_test.go | 6 ++++ libcontainer/specconv/spec_linux.go | 8 +++++ libcontainer/specconv/spec_linux_test.go | 34 +++++++++++++++++++ 5 files changed, 92 insertions(+), 6 deletions(-) diff --git a/libcontainer/configs/validate/validator.go b/libcontainer/configs/validate/validator.go index 0df7242b38d..2594d05c723 100644 --- a/libcontainer/configs/validate/validator.go +++ b/libcontainer/configs/validate/validator.go @@ -104,11 +104,19 @@ func security(config *configs.Config) error { func namespaces(config *configs.Config) error { if config.Namespaces.Contains(configs.NEWUSER) { if _, err := os.Stat("/proc/self/ns/user"); os.IsNotExist(err) { - return errors.New("USER namespaces aren't enabled in the kernel") + return errors.New("user namespaces aren't enabled in the kernel") } + hasPath := config.Namespaces.PathOf(configs.NEWUSER) != "" + hasMappings := config.UIDMappings != nil || config.GIDMappings != nil + if !hasPath && !hasMappings { + return errors.New("user namespaces enabled, but no namespace path to join nor mappings to apply specified") + } + // The hasPath && hasMappings validation case is handled in specconv -- + // we cache the mappings in Config during specconv in the hasPath case, + // so we cannot do that validation here. } else { if config.UIDMappings != nil || config.GIDMappings != nil { - return errors.New("User namespace mappings specified, but USER namespace isn't enabled in the config") + return errors.New("user namespace mappings specified, but user namespace isn't enabled in the config") } } @@ -122,6 +130,11 @@ func namespaces(config *configs.Config) error { if _, err := os.Stat("/proc/self/timens_offsets"); os.IsNotExist(err) { return errors.New("time namespaces aren't enabled in the kernel") } + hasPath := config.Namespaces.PathOf(configs.NEWTIME) != "" + hasOffsets := config.TimeOffsets != nil + if hasPath && hasOffsets { + return errors.New("time namespace enabled, but both namespace path and time offsets specified -- you may only provide one") + } } else { if config.TimeOffsets != nil { return errors.New("time namespace offsets specified, but time namespace isn't enabled in the config") diff --git a/libcontainer/configs/validate/validator_test.go b/libcontainer/configs/validate/validator_test.go index a882fa64cce..755d2a07be8 100644 --- a/libcontainer/configs/validate/validator_test.go +++ b/libcontainer/configs/validate/validator_test.go @@ -170,7 +170,7 @@ func TestValidateSecurityWithoutNEWNS(t *testing.T) { } } -func TestValidateUsernamespace(t *testing.T) { +func TestValidateUserNamespace(t *testing.T) { if _, err := os.Stat("/proc/self/ns/user"); os.IsNotExist(err) { t.Skip("Test requires userns.") } @@ -181,6 +181,8 @@ func TestValidateUsernamespace(t *testing.T) { {Type: configs.NEWUSER}, }, ), + UIDMappings: []configs.IDMap{{HostID: 0, ContainerID: 123, Size: 100}}, + GIDMappings: []configs.IDMap{{HostID: 0, ContainerID: 123, Size: 100}}, } err := Validate(config) @@ -189,11 +191,11 @@ func TestValidateUsernamespace(t *testing.T) { } } -func TestValidateUsernamespaceWithoutUserNS(t *testing.T) { - uidMap := configs.IDMap{ContainerID: 123} +func TestValidateUsernsMappingWithoutNamespace(t *testing.T) { config := &configs.Config{ Rootfs: "/var", - UIDMappings: []configs.IDMap{uidMap}, + UIDMappings: []configs.IDMap{{HostID: 0, ContainerID: 123, Size: 100}}, + GIDMappings: []configs.IDMap{{HostID: 0, ContainerID: 123, Size: 100}}, } err := Validate(config) @@ -221,6 +223,29 @@ func TestValidateTimeNamespace(t *testing.T) { } } +func TestValidateTimeNamespaceWithBothPathAndTimeOffset(t *testing.T) { + if _, err := os.Stat("/proc/self/ns/time"); os.IsNotExist(err) { + t.Skip("Test requires timens.") + } + config := &configs.Config{ + Rootfs: "/var", + Namespaces: configs.Namespaces( + []configs.Namespace{ + {Type: configs.NEWTIME, Path: "/proc/1/ns/time"}, + }, + ), + TimeOffsets: map[string]specs.LinuxTimeOffset{ + "boottime": {Secs: 150, Nanosecs: 314159}, + "monotonic": {Secs: 512, Nanosecs: 271818}, + }, + } + + err := Validate(config) + if err == nil { + t.Error("Expected error to occur but it was nil") + } +} + func TestValidateTimeOffsetsWithoutTimeNamespace(t *testing.T) { config := &configs.Config{ Rootfs: "/var", diff --git a/libcontainer/integration/exec_test.go b/libcontainer/integration/exec_test.go index 9795964caf2..1bc840116c2 100644 --- a/libcontainer/integration/exec_test.go +++ b/libcontainer/integration/exec_test.go @@ -18,6 +18,7 @@ import ( "github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/cgroups/systemd" "github.com/opencontainers/runc/libcontainer/configs" + "github.com/opencontainers/runc/libcontainer/userns" "github.com/opencontainers/runtime-spec/specs-go" "golang.org/x/sys/unix" @@ -1550,6 +1551,11 @@ func TestInitJoinNetworkAndUser(t *testing.T) { config2 := newTemplateConfig(t, &tParam{userns: true}) config2.Namespaces.Add(configs.NEWNET, netns1) config2.Namespaces.Add(configs.NEWUSER, userns1) + // Emulate specconv.setupUserNamespace(). + uidMap, gidMap, err := userns.GetUserNamespaceMappings(userns1) + ok(t, err) + config2.UIDMappings = uidMap + config2.GIDMappings = gidMap config2.Cgroups.Path = "integration/test2" container2, err := newContainer(t, config2) ok(t, err) diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go index 2529e1e7e29..90275043eca 100644 --- a/libcontainer/specconv/spec_linux.go +++ b/libcontainer/specconv/spec_linux.go @@ -516,6 +516,9 @@ func CreateLibcontainerConfig(opts *CreateOpts) (*configs.Config, error) { } func toConfigIDMap(specMaps []specs.LinuxIDMapping) []configs.IDMap { + if specMaps == nil { + return nil + } idmaps := make([]configs.IDMap, len(specMaps)) for i, id := range specMaps { idmaps[i] = configs.IDMap{ @@ -970,6 +973,11 @@ func setupUserNamespace(spec *specs.Spec, config *configs.Config) error { config.GIDMappings = toConfigIDMap(spec.Linux.GIDMappings) } if path := config.Namespaces.PathOf(configs.NEWUSER); path != "" { + // We cannot allow uid or gid mappings to be set if we are also asked + // to join a userns. + if config.UIDMappings != nil || config.GIDMappings != nil { + return errors.New("user namespaces enabled, but both namespace path and mapping specified -- you may only provide one") + } // Cache the current userns mappings in our configuration, so that we // can calculate uid and gid mappings within runc. These mappings are // never used for configuring the container if the path is set. diff --git a/libcontainer/specconv/spec_linux_test.go b/libcontainer/specconv/spec_linux_test.go index d84853bc75c..9fd64de7698 100644 --- a/libcontainer/specconv/spec_linux_test.go +++ b/libcontainer/specconv/spec_linux_test.go @@ -608,6 +608,40 @@ func TestDupNamespaces(t *testing.T) { } } +func TestUserNamespaceMappingAndPath(t *testing.T) { + if _, err := os.Stat("/proc/self/ns/user"); os.IsNotExist(err) { + t.Skip("Test requires userns.") + } + + spec := &specs.Spec{ + Root: &specs.Root{ + Path: "rootfs", + }, + Linux: &specs.Linux{ + UIDMappings: []specs.LinuxIDMapping{ + {ContainerID: 0, HostID: 1000, Size: 1000}, + }, + GIDMappings: []specs.LinuxIDMapping{ + {ContainerID: 0, HostID: 2000, Size: 1000}, + }, + Namespaces: []specs.LinuxNamespace{ + { + Type: "user", + Path: "/proc/1/ns/user", + }, + }, + }, + } + + _, err := CreateLibcontainerConfig(&CreateOpts{ + Spec: spec, + }) + + if !strings.Contains(err.Error(), "user namespaces enabled, but both namespace path and mapping specified") { + t.Errorf("user namespace with mapping and namespace path should be forbidden") + } +} + func TestNonZeroEUIDCompatibleSpecconvValidate(t *testing.T) { if _, err := os.Stat("/proc/self/ns/user"); os.IsNotExist(err) { t.Skip("Test requires userns.") From e6fb7fe51525f73ce848ef2c3d1612a531403b16 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Thu, 23 Nov 2023 12:36:22 +1100 Subject: [PATCH 0454/1176] nsexec: allow timens to work with non-rootless userns The owner of /proc/self/timens_offsets doesn't change after creating a userns, meaning that we need to request stage-0 to write our timens mappings for us. Before this patch, attempting to use timens with a proper userns resulted in: FATA[0000] nsexec-1[18564]: failed to update /proc/self/timens_offsets: Permission denied FATA[0000] nsexec-0[18562]: failed to sync with stage-1: next state: Success ERRO[0000] runc run failed: unable to start container process: can't get final child's PID from pipe: EOF Fixes: ebc2e7c43523 ("Support time namespace") Signed-off-by: Aleksa Sarai --- libcontainer/nsenter/nsexec.c | 33 ++++++++++++++++++++++++++++----- tests/integration/timens.bats | 23 +++++++++++++++++++++++ 2 files changed, 51 insertions(+), 5 deletions(-) diff --git a/libcontainer/nsenter/nsexec.c b/libcontainer/nsenter/nsexec.c index 9b10b232528..f64cc41eb4a 100644 --- a/libcontainer/nsenter/nsexec.c +++ b/libcontainer/nsenter/nsexec.c @@ -48,6 +48,8 @@ enum sync_t { SYNC_MOUNTSOURCES_ACK = 0x47, /* All mount sources have been sent. */ SYNC_MOUNT_IDMAP_PLS = 0x48, /* Tell parent to mount idmap sources. */ SYNC_MOUNT_IDMAP_ACK = 0x49, /* All idmap mounts have been done. */ + SYNC_TIMEOFFSETS_PLS = 0x50, /* Request parent to write timens offsets. */ + SYNC_TIMEOFFSETS_ACK = 0x51, /* Timens offsets were written. */ }; #define STAGE_SETUP -1 @@ -755,13 +757,13 @@ void receive_idmapsources(int sockfd) receive_fd_sources(sockfd, "_LIBCONTAINER_IDMAP_FDS"); } -static void update_timens_offsets(char *map, size_t map_len) +static void update_timens_offsets(pid_t pid, char *map, size_t map_len) { if (map == NULL || map_len == 0) return; - write_log(DEBUG, "update /proc/self/timens_offsets to '%s'", map); - if (write_file(map, map_len, "/proc/self/timens_offsets") < 0) - bail("failed to update /proc/self/timens_offsets"); + write_log(DEBUG, "update /proc/%d/timens_offsets to '%s'", pid, map); + if (write_file(map, map_len, "/proc/%d/timens_offsets", pid) < 0) + bail("failed to update /proc/%d/timens_offsets", pid); } void nsexec(void) @@ -1008,6 +1010,15 @@ void nsexec(void) bail("failed to sync with child: write(SYNC_MOUNT_IDMAP_ACK)"); } + break; + case SYNC_TIMEOFFSETS_PLS: + write_log(DEBUG, "stage-1 requested timens offsets to be configured"); + update_timens_offsets(stage1_pid, config.timensoffset, config.timensoffset_len); + s = SYNC_TIMEOFFSETS_ACK; + if (write(syncfd, &s, sizeof(s)) != sizeof(s)) { + sane_kill(stage1_pid, SIGKILL); + bail("failed to sync with child: write(SYNC_TIMEOFFSETS_ACK)"); + } break; case SYNC_CHILD_FINISH: write_log(DEBUG, "stage-1 complete"); @@ -1161,7 +1172,19 @@ void nsexec(void) * was broken, so we'll just do it the long way anyway. */ try_unshare(config.cloneflags, "remaining namespaces"); - update_timens_offsets(config.timensoffset, config.timensoffset_len); + + if (config.timensoffset) { + write_log(DEBUG, "request stage-0 to write timens offsets"); + + s = SYNC_TIMEOFFSETS_PLS; + if (write(syncfd, &s, sizeof(s)) != sizeof(s)) + bail("failed to sync with parent: write(SYNC_TIMEOFFSETS_PLS)"); + + if (read(syncfd, &s, sizeof(s)) != sizeof(s)) + bail("failed to sync with parent: read(SYNC_TIMEOFFSETS_ACK)"); + if (s != SYNC_TIMEOFFSETS_ACK) + bail("failed to sync with parent: SYNC_TIMEOFFSETS_ACK: got %u", s); + } /* Ask our parent to send the mount sources fds. */ if (config.mountsources) { diff --git a/tests/integration/timens.bats b/tests/integration/timens.bats index e0d21d5510f..6b55a73e646 100644 --- a/tests/integration/timens.bats +++ b/tests/integration/timens.bats @@ -4,6 +4,8 @@ load helpers function setup() { setup_busybox + + mkdir -p rootfs/{proc,sys,tmp} } function teardown() { @@ -53,3 +55,24 @@ function teardown() { grep -E '^monotonic\s+7881\s+2718281$' <<<"$output" grep -E '^boottime\s+1337\s+3141519$' <<<"$output" } + +@test "runc run [simple timens + userns]" { + requires root + requires timens + + update_config ' .linux.namespaces += [{"type": "user"}] + | .linux.uidMappings += [{"hostID": 100000, "containerID": 0, "size": 65534}] + | .linux.gidMappings += [{"hostID": 200000, "containerID": 0, "size": 65534}] ' + + update_config '.process.args = ["cat", "/proc/self/timens_offsets"]' + update_config '.linux.namespaces += [{"type": "time"}] + | .linux.timeOffsets = { + "monotonic": { "secs": 7881, "nanosecs": 2718281 }, + "boottime": { "secs": 1337, "nanosecs": 3141519 } + }' + + runc run test_busybox + [ "$status" -eq 0 ] + grep -E '^monotonic\s+7881\s+2718281$' <<<"$output" + grep -E '^boottime\s+1337\s+3141519$' <<<"$output" +} From 6fa8d068438ed47e8318448c34fc4587612a0740 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Thu, 23 Nov 2023 12:40:07 +1100 Subject: [PATCH 0455/1176] integration: add mega-test for joining namespaces Given we've had several bugs in this behaviour that have now been fixed, add an integration test that makes sure that you can start a container that joins all of the namespaces of a second container. The only namespace we do not join is the mount namespace, because joining a namespace that has been pivot_root'd leads to a bunch of errors. In principle, removing everything from config.json that requires a mount _should_ work, but the root.path configuration is mandatory and we cannot just ignore setting up the rootfs in the namespace joining scenario (if the user has configured a different rootfs, we need to use it or error out, and there's no reasonable way of checking if if the rootfs paths are the same that doesn't result in spaghetti logic). Signed-off-by: Aleksa Sarai --- tests/integration/run.bats | 70 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 70 insertions(+) diff --git a/tests/integration/run.bats b/tests/integration/run.bats index e2eda270c0a..705868eb071 100644 --- a/tests/integration/run.bats +++ b/tests/integration/run.bats @@ -160,3 +160,73 @@ function teardown() { [[ "$output" = *"Hello World"* ]] [[ "$output" = *"runc-dmz: using /proc/self/exe clone"* ]] } + +@test "runc run [joining existing container namespaces]" { + requires timens + + # Create a detached container with the namespaces we want. We notably want + # to include both userns and timens, which require config-related + # configuration. + if [ $EUID -eq 0 ]; then + update_config '.linux.namespaces += [{"type": "user"}] + | .linux.uidMappings += [{"containerID": 0, "hostID": 100000, "size": 100}] + | .linux.gidMappings += [{"containerID": 0, "hostID": 200000, "size": 200}]' + mkdir -p rootfs/{proc,sys,tmp} + fi + update_config '.linux.namespaces += [{"type": "time"}] + | .linux.timeOffsets = { + "monotonic": { "secs": 7881, "nanosecs": 2718281 }, + "boottime": { "secs": 1337, "nanosecs": 3141519 } + }' + update_config '.process.args = ["sleep", "infinity"]' + + runc run -d --console-socket "$CONSOLE_SOCKET" target_ctr + [ "$status" -eq 0 ] + + # Modify our container's configuration such that it is just going to + # inherit all of the namespaces of the target container. + # + # NOTE: We cannot join the mount namespace of another container because of + # some quirks of the runtime-spec. In particular, we MUST pivot_root into + # root.path and root.path MUST be set in the config, so runc cannot just + # ignore root.path when joining namespaces (and root.path doesn't exist + # inside root.path, for obvious reasons). + # + # We could hack around this (create a copy of the rootfs inside the rootfs, + # or use a simpler mount namespace target), but those wouldn't be similar + # tests to the other namespace joining tests. + target_pid="$(__runc state target_ctr | jq .pid)" + update_config '.linux.namespaces |= map_values(.path = if .type == "mount" then "" else "/proc/'"$target_pid"'/ns/" + ({"network": "net", "mount": "mnt"}[.type] // .type) end)' + # Remove the userns and timens configuration (they cannot be changed). + update_config '.linux |= (del(.uidMappings) | del(.gidMappings) | del(.timeOffsets))' + + runc run -d --console-socket "$CONSOLE_SOCKET" attached_ctr + [ "$status" -eq 0 ] + + # Make sure there are two sleep processes in our container. + runc exec attached_ctr ps aux + [ "$status" -eq 0 ] + run -0 grep "sleep infinity" <<<"$output" + [ "${#lines[@]}" -eq 2 ] + + # ... that the userns mappings are the same... + runc exec attached_ctr cat /proc/self/uid_map + [ "$status" -eq 0 ] + if [ $EUID -eq 0 ]; then + grep -E '^\s+0\s+100000\s+100$' <<<"$output" + else + grep -E '^\s+0\s+'$EUID'\s+1$' <<<"$output" + fi + runc exec attached_ctr cat /proc/self/gid_map + [ "$status" -eq 0 ] + if [ $EUID -eq 0 ]; then + grep -E '^\s+0\s+200000\s+200$' <<<"$output" + else + grep -E '^\s+0\s+'$EUID'\s+1$' <<<"$output" + fi + + # ... as well as the timens offsets. + runc exec attached_ctr cat /proc/self/timens_offsets + grep -E '^monotonic\s+7881\s+2718281$' <<<"$output" + grep -E '^boottime\s+1337\s+3141519$' <<<"$output" +} From c045886f716d196bcf290052c73d7dbdc7358c6d Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Thu, 23 Nov 2023 14:20:53 +1100 Subject: [PATCH 0456/1176] tests: remap rootfs for userns tests Previously, all of our userns tests worked around the remapping issue by creating the paths that runc would attempt to create (like /proc). However, this isn't really accurate to how real userns containers are created, so it's much better to actually remap the rootfs. Signed-off-by: Aleksa Sarai --- .gitignore | 1 + Makefile | 6 +- contrib/cmd/remap-rootfs/remap-rootfs.go | 143 +++++++++++++++++++++++ tests/integration/helpers.bash | 7 ++ tests/integration/idmap.bats | 3 +- tests/integration/run.bats | 2 +- tests/integration/timens.bats | 3 +- tests/integration/userns.bats | 2 +- 8 files changed, 159 insertions(+), 8 deletions(-) create mode 100644 contrib/cmd/remap-rootfs/remap-rootfs.go diff --git a/.gitignore b/.gitignore index 52dac0bf421..1fcbcfbd379 100644 --- a/.gitignore +++ b/.gitignore @@ -7,6 +7,7 @@ vendor/pkg /contrib/cmd/fs-idmap/fs-idmap /contrib/cmd/memfd-bind/memfd-bind /contrib/cmd/pidfd-kill/pidfd-kill +/contrib/cmd/remap-rootfs/remap-rootfs man/man8 release Vagrantfile diff --git a/Makefile b/Makefile index df935e41929..caa4441789c 100644 --- a/Makefile +++ b/Makefile @@ -71,10 +71,10 @@ runc-bin: runc-dmz $(GO_BUILD) -o runc . .PHONY: all -all: runc recvtty sd-helper seccompagent fs-idmap memfd-bind pidfd-kill +all: runc recvtty sd-helper seccompagent fs-idmap memfd-bind pidfd-kill remap-rootfs -.PHONY: recvtty sd-helper seccompagent fs-idmap memfd-bind pidfd-kill -recvtty sd-helper seccompagent fs-idmap memfd-bind pidfd-kill: +.PHONY: recvtty sd-helper seccompagent fs-idmap memfd-bind pidfd-kill remap-rootfs +recvtty sd-helper seccompagent fs-idmap memfd-bind pidfd-kill remap-rootfs: $(GO_BUILD) -o contrib/cmd/$@/$@ ./contrib/cmd/$@ .PHONY: static diff --git a/contrib/cmd/remap-rootfs/remap-rootfs.go b/contrib/cmd/remap-rootfs/remap-rootfs.go new file mode 100644 index 00000000000..b9739ba89c7 --- /dev/null +++ b/contrib/cmd/remap-rootfs/remap-rootfs.go @@ -0,0 +1,143 @@ +package main + +import ( + "encoding/json" + "errors" + "fmt" + "os" + "path/filepath" + "syscall" + + "github.com/urfave/cli" + + "github.com/opencontainers/runtime-spec/specs-go" +) + +const usage = `contrib/cmd/remap-rootfs + +remap-rootfs is a helper tool to remap the root filesystem of a Open Container +Initiative bundle using user namespaces such that the file owners are remapped +from "host" mappings to the user namespace's mappings. + +Effectively, this is a slightly more complicated 'chown -R', and is primarily +used within runc's integration tests to remap the test filesystem to match the +test user namespace. Note that calling remap-rootfs multiple times, or changing +the mapping and then calling remap-rootfs will likely produce incorrect results +because we do not "un-map" any pre-applied mappings from previous remap-rootfs +calls. + +Note that the bundle is assumed to be produced by a trusted source, and thus +malicious configuration files will likely not be handled safely. + +To use remap-rootfs, simply pass it the path to an OCI bundle (a directory +containing a config.json): + + $ sudo remap-rootfs ./bundle +` + +func toHostID(mappings []specs.LinuxIDMapping, id uint32) (int, bool) { + for _, m := range mappings { + if m.ContainerID <= id && id < m.ContainerID+m.Size { + return int(m.HostID + id), true + } + } + return -1, false +} + +type inodeID struct { + Dev, Ino uint64 +} + +func toInodeID(st *syscall.Stat_t) inodeID { + return inodeID{Dev: st.Dev, Ino: st.Ino} +} + +func remapRootfs(root string, uidMap, gidMap []specs.LinuxIDMapping) error { + seenInodes := make(map[inodeID]struct{}) + return filepath.Walk(root, func(path string, info os.FileInfo, err error) error { + if err != nil { + return err + } + + mode := info.Mode() + st := info.Sys().(*syscall.Stat_t) + + // Skip symlinks. + if mode.Type() == os.ModeSymlink { + return nil + } + // Skip hard-links to files we've already remapped. + id := toInodeID(st) + if _, seen := seenInodes[id]; seen { + return nil + } + seenInodes[id] = struct{}{} + + // Calculate the new uid:gid. + uid := st.Uid + newUID, ok1 := toHostID(uidMap, uid) + gid := st.Gid + newGID, ok2 := toHostID(gidMap, gid) + + // Skip files that cannot be mapped. + if !ok1 || !ok2 { + niceName := path + if relName, err := filepath.Rel(root, path); err == nil { + niceName = "/" + relName + } + fmt.Printf("skipping file %s: cannot remap user %d:%d -> %d:%d\n", niceName, uid, gid, newUID, newGID) + return nil + } + if err := os.Lchown(path, newUID, newGID); err != nil { + return err + } + // Re-apply any setid bits that would be cleared due to chown(2). + return os.Chmod(path, mode) + }) +} + +func main() { + app := cli.NewApp() + app.Name = "remap-rootfs" + app.Usage = usage + + app.Action = func(ctx *cli.Context) error { + args := ctx.Args() + if len(args) != 1 { + return errors.New("exactly one bundle argument must be provided") + } + bundle := args[0] + + configFile, err := os.Open(filepath.Join(bundle, "config.json")) + if err != nil { + return err + } + defer configFile.Close() + + var spec specs.Spec + if err := json.NewDecoder(configFile).Decode(&spec); err != nil { + return fmt.Errorf("parsing config.json: %w", err) + } + + if spec.Root == nil { + return errors.New("invalid config.json: root section is null") + } + rootfs := filepath.Join(bundle, spec.Root.Path) + + if spec.Linux == nil { + return errors.New("invalid config.json: linux section is null") + } + uidMap := spec.Linux.UIDMappings + gidMap := spec.Linux.GIDMappings + if len(uidMap) == 0 && len(gidMap) == 0 { + fmt.Println("skipping remapping -- no userns mappings specified") + return nil + } + + return remapRootfs(rootfs, uidMap, gidMap) + } + if err := app.Run(os.Args); err != nil { + fmt.Fprintln(os.Stderr, "error:", err) + os.Exit(1) + } +} diff --git a/tests/integration/helpers.bash b/tests/integration/helpers.bash index 44af05d96cb..42f862511c3 100755 --- a/tests/integration/helpers.bash +++ b/tests/integration/helpers.bash @@ -18,6 +18,7 @@ SD_HELPER="${INTEGRATION_ROOT}/../../contrib/cmd/sd-helper/sd-helper" SECCOMP_AGENT="${INTEGRATION_ROOT}/../../contrib/cmd/seccompagent/seccompagent" FS_IDMAP="${INTEGRATION_ROOT}/../../contrib/cmd/fs-idmap/fs-idmap" PIDFD_KILL="${INTEGRATION_ROOT}/../../contrib/cmd/pidfd-kill/pidfd-kill" +REMAP_ROOTFS="${INTEGRATION_ROOT}/../../contrib/cmd/remap-rootfs/remap-rootfs" # Some variables may not always be set. Set those to empty value, # if unset, to avoid "unbound variable" error. @@ -657,6 +658,12 @@ function teardown_bundle() { remove_parent } +function remap_rootfs() { + [ ! -v ROOT ] && return 0 # nothing to remap + + "$REMAP_ROOTFS" "$ROOT/bundle" +} + function is_kernel_gte() { local major_required minor_required major_required=$(echo "$1" | cut -d. -f1) diff --git a/tests/integration/idmap.bats b/tests/integration/idmap.bats index 5bd554ca322..53784b55672 100644 --- a/tests/integration/idmap.bats +++ b/tests/integration/idmap.bats @@ -16,7 +16,6 @@ function setup() { # Use other owner for source-2 chown 1:1 source-2/foo.txt - mkdir -p rootfs/{proc,sys,tmp} mkdir -p rootfs/tmp/mount-{1,2} mkdir -p rootfs/mnt/bind-mount-{1,2} @@ -43,6 +42,8 @@ function setup() { ] } ] ' + + remap_rootfs } function teardown() { diff --git a/tests/integration/run.bats b/tests/integration/run.bats index 705868eb071..f6bd3c86500 100644 --- a/tests/integration/run.bats +++ b/tests/integration/run.bats @@ -171,7 +171,7 @@ function teardown() { update_config '.linux.namespaces += [{"type": "user"}] | .linux.uidMappings += [{"containerID": 0, "hostID": 100000, "size": 100}] | .linux.gidMappings += [{"containerID": 0, "hostID": 200000, "size": 200}]' - mkdir -p rootfs/{proc,sys,tmp} + remap_rootfs fi update_config '.linux.namespaces += [{"type": "time"}] | .linux.timeOffsets = { diff --git a/tests/integration/timens.bats b/tests/integration/timens.bats index 6b55a73e646..fb33e2b2783 100644 --- a/tests/integration/timens.bats +++ b/tests/integration/timens.bats @@ -4,8 +4,6 @@ load helpers function setup() { setup_busybox - - mkdir -p rootfs/{proc,sys,tmp} } function teardown() { @@ -63,6 +61,7 @@ function teardown() { update_config ' .linux.namespaces += [{"type": "user"}] | .linux.uidMappings += [{"hostID": 100000, "containerID": 0, "size": 65534}] | .linux.gidMappings += [{"hostID": 200000, "containerID": 0, "size": 65534}] ' + remap_rootfs update_config '.process.args = ["cat", "/proc/self/timens_offsets"]' update_config '.linux.namespaces += [{"type": "time"}] diff --git a/tests/integration/userns.bats b/tests/integration/userns.bats index 947681c9b7c..2094cbf1448 100644 --- a/tests/integration/userns.bats +++ b/tests/integration/userns.bats @@ -12,7 +12,6 @@ function setup() { # Permissions only to the owner, it is inaccessible to group/others chmod 700 source-inaccessible-{1,2} - mkdir -p rootfs/{proc,sys,tmp} mkdir -p rootfs/tmp/mount-{1,2} to_umount_list="$(mktemp "$BATS_RUN_TMPDIR/userns-mounts.XXXXXX")" @@ -20,6 +19,7 @@ function setup() { update_config ' .linux.namespaces += [{"type": "user"}] | .linux.uidMappings += [{"hostID": 100000, "containerID": 0, "size": 65534}] | .linux.gidMappings += [{"hostID": 200000, "containerID": 0, "size": 65534}] ' + remap_rootfs fi } From e66ba70f509e936fdfe2aa26e283c309cd22313e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 7 Dec 2023 04:18:24 +0000 Subject: [PATCH 0457/1176] build(deps): bump actions/setup-go from 4 to 5 Bumps [actions/setup-go](https://github.com/actions/setup-go) from 4 to 5. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/test.yml | 4 ++-- .github/workflows/validate.yml | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index ca7d6e21356..e0d24f8f24e 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -71,7 +71,7 @@ jobs: rm -rf ~/criu - name: install go ${{ matrix.go-version }} - uses: actions/setup-go@v4 + uses: actions/setup-go@v5 with: go-version: ${{ matrix.go-version }} @@ -144,7 +144,7 @@ jobs: sudo apt -q install libseccomp-dev libseccomp-dev:i386 gcc-multilib libgcc-s1:i386 criu - name: install go - uses: actions/setup-go@v4 + uses: actions/setup-go@v5 with: go-version: 1.x # Latest stable diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 5ee06770ed4..8d7e862fad2 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -30,7 +30,7 @@ jobs: - uses: actions/checkout@v4 with: fetch-depth: 2 - - uses: actions/setup-go@v4 + - uses: actions/setup-go@v5 with: go-version: "${{ env.GO_VERSION }}" cache: false # golangci-lint-action does its own caching @@ -55,7 +55,7 @@ jobs: steps: - uses: actions/checkout@v4 - name: install go - uses: actions/setup-go@v4 + uses: actions/setup-go@v5 with: go-version: "${{ env.GO_VERSION }}" - name: compile with no build tags @@ -114,7 +114,7 @@ jobs: steps: - uses: actions/checkout@v4 - name: install go - uses: actions/setup-go@v4 + uses: actions/setup-go@v5 with: go-version: "${{ env.GO_VERSION }}" - name: verify deps From ebcef3e651e61aeee96546301d8db9e92b505ce6 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Wed, 6 Dec 2023 22:54:53 +1100 Subject: [PATCH 0458/1176] specconv: temporarily allow userns path and mapping if they match It turns out that the error added in commit 09822c3da8ad ("configs: disallow ambiguous userns and timens configurations") causes issues with containerd and CRIO because they pass both userns mappings and a userns path. These configurations are broken, but to avoid the regression in this one case, output a warning to tell the user that the configuration is incorrect but we will continue to use it if and only if the configured mappings are identical to the mappings of the provided namespace. Fixes: 09822c3da8ad ("configs: disallow ambiguous userns and timens configurations") Signed-off-by: Aleksa Sarai --- libcontainer/specconv/spec_linux.go | 24 +++++++++++++++++++----- libcontainer/specconv/spec_linux_test.go | 4 ++-- libcontainer/userns/userns_maps_linux.go | 15 +++++++++++++++ 3 files changed, 36 insertions(+), 7 deletions(-) diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go index 90275043eca..d595aa14770 100644 --- a/libcontainer/specconv/spec_linux.go +++ b/libcontainer/specconv/spec_linux.go @@ -973,11 +973,6 @@ func setupUserNamespace(spec *specs.Spec, config *configs.Config) error { config.GIDMappings = toConfigIDMap(spec.Linux.GIDMappings) } if path := config.Namespaces.PathOf(configs.NEWUSER); path != "" { - // We cannot allow uid or gid mappings to be set if we are also asked - // to join a userns. - if config.UIDMappings != nil || config.GIDMappings != nil { - return errors.New("user namespaces enabled, but both namespace path and mapping specified -- you may only provide one") - } // Cache the current userns mappings in our configuration, so that we // can calculate uid and gid mappings within runc. These mappings are // never used for configuring the container if the path is set. @@ -985,6 +980,25 @@ func setupUserNamespace(spec *specs.Spec, config *configs.Config) error { if err != nil { return fmt.Errorf("failed to cache mappings for userns: %w", err) } + // We cannot allow uid or gid mappings to be set if we are also asked + // to join a userns. + if config.UIDMappings != nil || config.GIDMappings != nil { + // FIXME: It turns out that containerd and CRIO pass both a userns + // path and the mappings of the namespace in the same config.json. + // Such a configuration is technically not valid, but we used to + // require mappings be specified, and thus users worked around our + // bug -- so we can't regress it at the moment. But we also don't + // want to produce broken behaviour if the mapping doesn't match + // the userns. So (for now) we output a warning if the actual + // userns mappings match the configuration, otherwise we return an + // error. + if !userns.IsSameMapping(uidMap, config.UIDMappings) || + !userns.IsSameMapping(gidMap, config.GIDMappings) { + return errors.New("user namespaces enabled, but both namespace path and non-matching mapping specified -- you may only provide one") + } + logrus.Warnf("config.json has both a userns path to join and a matching userns mapping specified -- you may only provide one. Future versions of runc may return an error with this configuration, please report a bug on if you see this warning and cannot update your configuration.") + } + config.UIDMappings = uidMap config.GIDMappings = gidMap logrus.WithFields(logrus.Fields{ diff --git a/libcontainer/specconv/spec_linux_test.go b/libcontainer/specconv/spec_linux_test.go index 9fd64de7698..8c7fb774f97 100644 --- a/libcontainer/specconv/spec_linux_test.go +++ b/libcontainer/specconv/spec_linux_test.go @@ -637,8 +637,8 @@ func TestUserNamespaceMappingAndPath(t *testing.T) { Spec: spec, }) - if !strings.Contains(err.Error(), "user namespaces enabled, but both namespace path and mapping specified") { - t.Errorf("user namespace with mapping and namespace path should be forbidden") + if !strings.Contains(err.Error(), "both namespace path and non-matching mapping specified") { + t.Errorf("user namespace with path and non-matching mapping should be forbidden, got error %v", err) } } diff --git a/libcontainer/userns/userns_maps_linux.go b/libcontainer/userns/userns_maps_linux.go index d81290de2cb..7a8c2b023b3 100644 --- a/libcontainer/userns/userns_maps_linux.go +++ b/libcontainer/userns/userns_maps_linux.go @@ -169,3 +169,18 @@ func GetUserNamespaceMappings(nsPath string) (uidMap, gidMap []configs.IDMap, er return uidMap, gidMap, nil } + +// IsSameMapping returns whether or not the two id mappings are the same. Note +// that if the order of the mappings is different, or a mapping has been split, +// the mappings will be considered different. +func IsSameMapping(a, b []configs.IDMap) bool { + if len(a) != len(b) { + return false + } + for idx := range a { + if a[idx] != b[idx] { + return false + } + } + return true +} From ba0b5e26989f39d0bdadeeff38182902df781df6 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Tue, 1 Aug 2023 20:07:49 +1000 Subject: [PATCH 0459/1176] libcontainer: remove all mount logic from nsexec With open_tree(OPEN_TREE_CLONE), it is possible to implement both the id-mapped mounts and bind-mount source file descriptor logic entirely in Go without requiring any complicated handling from nsexec. However, implementing it the naive way (do the OPEN_TREE_CLONE in the host namespace before the rootfs is set up -- which is what the existing implementation did) exposes issues in how mount ordering (in particular when handling mount sources from inside the container rootfs, but also in relation to mount propagation) was handled for idmapped mounts and bind-mount sources. In order to solve this problem completely, it is necessary to spawn a thread which joins the container mount namespace and provides mountfds when requested by the rootfs setup code (ensuring that the mount order and mount propagation of the source of the bind-mount are handled correctly). While the need to join the mount namespace leads to other complicated (such as with the usage of /proc/self -- fixed in a later patch) the resulting code is still reasonable and is the only real way to solve the issue. This allows us to reduce the amount of C code we have in nsexec, as well as simplifying a whole host of places that were made more complicated with the addition of id-mapped mounts and the bind sourcefd logic. Because we join the container namespace, we can continue to use regular O_PATH file descriptors for non-id-mapped bind-mount sources (which means we don't have to raise the kernel requirement for that case). In addition, we can easily add support for id-mappings that don't match the container's user namespace. The approach taken here is to use Go's officially supported mechanism for spawning a process in a user namespace, but (ab)use PTRACE_TRACEME to avoid actually having to exec a different process. The most efficient way to implement this would be to do clone() in cgo directly to run a function that just does kill(getpid(), SIGSTOP) -- we can always switch to that if it turns out this approach is too slow. It should be noted that the included micro-benchmark seems to indicate this is Fast Enough(TM): goos: linux goarch: amd64 pkg: github.com/opencontainers/runc/libcontainer/userns cpu: Intel(R) Core(TM) i5-10210U CPU @ 1.60GHz BenchmarkSpawnProc BenchmarkSpawnProc-8 1670 770065 ns/op Fixes: fda12ab1014e ("Support idmap mounts on volumes") Fixes: 9c444070ec7b ("Open bind mount sources from the host userns") Signed-off-by: Aleksa Sarai --- libcontainer/container_linux.go | 161 +----------- libcontainer/criu_linux.go | 4 +- libcontainer/factory_linux.go | 15 -- libcontainer/init_linux.go | 34 +-- libcontainer/message_linux.go | 4 +- libcontainer/mount_linux.go | 198 ++++++++++++--- libcontainer/nsenter/idmap.h | 76 ------ libcontainer/nsenter/nsexec.c | 277 +-------------------- libcontainer/process_linux.go | 162 +++++++++++- libcontainer/rootfs_linux.go | 148 ++++++----- libcontainer/standard_init_linux.go | 13 +- libcontainer/sync.go | 7 + libcontainer/userns/usernsfd_linux.go | 153 ++++++++++++ libcontainer/userns/usernsfd_linux_test.go | 52 ++++ 14 files changed, 617 insertions(+), 687 deletions(-) delete mode 100644 libcontainer/nsenter/idmap.h create mode 100644 libcontainer/userns/usernsfd_linux.go create mode 100644 libcontainer/userns/usernsfd_linux_test.go diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index f36abaf1032..c9aacf57f97 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -2,7 +2,6 @@ package libcontainer import ( "bytes" - "encoding/json" "errors" "fmt" "io" @@ -629,112 +628,6 @@ func (c *Container) newParentProcess(p *Process) (parentProcess, error) { return c.newSetnsProcess(p, cmd, comm) } -// shouldSendMountSources says whether the child process must setup bind mounts with -// the source pre-opened (O_PATH) in the host user namespace. -// See https://github.com/opencontainers/runc/issues/2484 -func (c *Container) shouldSendMountSources() bool { - // Passing the mount sources via SCM_RIGHTS is only necessary when - // both userns and mntns are active. - if !c.config.Namespaces.Contains(configs.NEWUSER) || - !c.config.Namespaces.Contains(configs.NEWNS) { - return false - } - - // nsexec.c send_mountsources() requires setns(mntns) capabilities - // CAP_SYS_CHROOT and CAP_SYS_ADMIN. - if c.config.RootlessEUID { - return false - } - - // We need to send sources if there are non-idmap bind-mounts. - for _, m := range c.config.Mounts { - if m.IsBind() && !m.IsIDMapped() { - return true - } - } - - return false -} - -// shouldSendIdmapSources says whether the child process must setup idmap mounts with -// the mount_setattr already done in the host user namespace. -func (c *Container) shouldSendIdmapSources() bool { - // nsexec.c mount_setattr() requires CAP_SYS_ADMIN in: - // * the user namespace the filesystem was mounted in; - // * the user namespace we're trying to idmap the mount to; - // * the owning user namespace of the mount namespace you're currently located in. - // - // See the comment from Christian Brauner: - // https://github.com/opencontainers/runc/pull/3717#discussion_r1103607972 - // - // Let's just rule out rootless, we don't have those permission in the - // rootless case. - if c.config.RootlessEUID { - return false - } - - // For the time being we require userns to be in use. - if !c.config.Namespaces.Contains(configs.NEWUSER) { - return false - } - - // We need to send sources if there are idmap bind-mounts. - for _, m := range c.config.Mounts { - if m.IsBind() && m.IsIDMapped() { - return true - } - } - - return false -} - -func (c *Container) sendMountSources(cmd *exec.Cmd, comm *processComm) error { - if !c.shouldSendMountSources() { - return nil - } - - return c.sendFdsSources(cmd, comm, "_LIBCONTAINER_MOUNT_FDS", func(m *configs.Mount) bool { - return m.IsBind() && !m.IsIDMapped() - }) -} - -func (c *Container) sendIdmapSources(cmd *exec.Cmd, comm *processComm) error { - if !c.shouldSendIdmapSources() { - return nil - } - - return c.sendFdsSources(cmd, comm, "_LIBCONTAINER_IDMAP_FDS", func(m *configs.Mount) bool { - return m.IsBind() && m.IsIDMapped() - }) -} - -func (c *Container) sendFdsSources(cmd *exec.Cmd, comm *processComm, envVar string, condition func(*configs.Mount) bool) error { - // Elements on these slices will be paired with mounts (see StartInitialization() and - // prepareRootfs()). These slices MUST have the same size as c.config.Mounts. - fds := make([]int, len(c.config.Mounts)) - for i, m := range c.config.Mounts { - if !condition(m) { - // The -1 fd is ignored later. - fds[i] = -1 - continue - } - - // The fd passed here will not be used: nsexec.c will overwrite it with - // dup3(). We just need to allocate a fd so that we know the number to - // pass in the environment variable. The fd must not be closed before - // cmd.Start(), so we reuse initSockChild because the lifecycle of that - // fd is already taken care of. - cmd.ExtraFiles = append(cmd.ExtraFiles, comm.initSockChild) - fds[i] = stdioFdCount + len(cmd.ExtraFiles) - 1 - } - fdsJSON, err := json.Marshal(fds) - if err != nil { - return fmt.Errorf("Error creating %v: %w", envVar, err) - } - cmd.Env = append(cmd.Env, envVar+"="+string(fdsJSON)) - return nil -} - func (c *Container) newInitProcess(p *Process, cmd *exec.Cmd, comm *processComm) (*initProcess, error) { cmd.Env = append(cmd.Env, "_LIBCONTAINER_INITTYPE="+string(initStandard)) nsMaps := make(map[configs.NamespaceType]string) @@ -743,16 +636,10 @@ func (c *Container) newInitProcess(p *Process, cmd *exec.Cmd, comm *processComm) nsMaps[ns.Type] = ns.Path } } - data, err := c.bootstrapData(c.config.Namespaces.CloneFlags(), nsMaps, initStandard) + data, err := c.bootstrapData(c.config.Namespaces.CloneFlags(), nsMaps) if err != nil { return nil, err } - if err := c.sendMountSources(cmd, comm); err != nil { - return nil, err - } - if err := c.sendIdmapSources(cmd, comm); err != nil { - return nil, err - } init := &initProcess{ cmd: cmd, @@ -776,7 +663,7 @@ func (c *Container) newSetnsProcess(p *Process, cmd *exec.Cmd, comm *processComm } // for setns process, we don't have to set cloneflags as the process namespaces // will only be set via setns syscall - data, err := c.bootstrapData(0, state.NamespacePaths, initSetns) + data, err := c.bootstrapData(0, state.NamespacePaths) if err != nil { return nil, err } @@ -1165,7 +1052,7 @@ type netlinkError struct{ error } // such as one that uses nsenter package to bootstrap the container's // init process correctly, i.e. with correct namespaces, uid/gid // mapping etc. -func (c *Container) bootstrapData(cloneFlags uintptr, nsMaps map[configs.NamespaceType]string, it initType) (_ io.Reader, Err error) { +func (c *Container) bootstrapData(cloneFlags uintptr, nsMaps map[configs.NamespaceType]string) (_ io.Reader, Err error) { // create the netlink message r := nl.NewNetlinkRequest(int(InitMsg), 0) @@ -1267,48 +1154,6 @@ func (c *Container) bootstrapData(cloneFlags uintptr, nsMaps map[configs.Namespa Value: c.config.RootlessEUID, }) - // Bind mount source to open. - if it == initStandard && c.shouldSendMountSources() { - var mounts []byte - for _, m := range c.config.Mounts { - if m.IsBind() && !m.IsIDMapped() { - if strings.IndexByte(m.Source, 0) >= 0 { - return nil, fmt.Errorf("mount source string contains null byte: %q", m.Source) - } - mounts = append(mounts, []byte(m.Source)...) - } - mounts = append(mounts, byte(0)) - } - - r.AddData(&Bytemsg{ - Type: MountSourcesAttr, - Value: mounts, - }) - } - - // Idmap mount sources to open. - if it == initStandard && c.shouldSendIdmapSources() { - var mounts []byte - for _, m := range c.config.Mounts { - if m.IsBind() && m.IsIDMapped() { - // While other parts of the code check this too (like - // libcontainer/specconv/spec_linux.go) we do it here also because some libcontainer - // users don't use those functions. - if strings.IndexByte(m.Source, 0) >= 0 { - return nil, fmt.Errorf("mount source string contains null byte: %q", m.Source) - } - - mounts = append(mounts, []byte(m.Source)...) - } - mounts = append(mounts, byte(0)) - } - - r.AddData(&Bytemsg{ - Type: IdmapSourcesAttr, - Value: mounts, - }) - } - // write boottime and monotonic time ns offsets. if c.config.TimeOffsets != nil { var offsetSpec bytes.Buffer diff --git a/libcontainer/criu_linux.go b/libcontainer/criu_linux.go index 360639e7fcd..5cb8c674f41 100644 --- a/libcontainer/criu_linux.go +++ b/libcontainer/criu_linux.go @@ -618,8 +618,8 @@ func (c *Container) prepareCriuRestoreMounts(mounts []*configs.Mount) error { // because during initial container creation mounts are // set up in the order they are configured. if m.Device == "bind" { - if err := utils.WithProcfd(c.config.Rootfs, m.Destination, func(dstFD string) error { - return mountViaFDs(m.Source, nil, m.Destination, dstFD, "", unix.MS_BIND|unix.MS_REC, "") + if err := utils.WithProcfd(c.config.Rootfs, m.Destination, func(dstFd string) error { + return mountViaFds(m.Source, nil, m.Destination, dstFd, "", unix.MS_BIND|unix.MS_REC, "") }); err != nil { return err } diff --git a/libcontainer/factory_linux.go b/libcontainer/factory_linux.go index b0bf6142109..bc682f23ed8 100644 --- a/libcontainer/factory_linux.go +++ b/libcontainer/factory_linux.go @@ -214,18 +214,3 @@ func validateID(id string) error { return nil } - -func parseFdsFromEnv(envVar string) ([]int, error) { - fdsJSON := os.Getenv(envVar) - if fdsJSON == "" { - // Always return the nil slice if no fd is present. - return nil, nil - } - - var fds []int - if err := json.Unmarshal([]byte(fdsJSON), &fds); err != nil { - return nil, fmt.Errorf("Error unmarshalling %v: %w", envVar, err) - } - - return fds, nil -} diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go index c02538d6847..019868c1403 100644 --- a/libcontainer/init_linux.go +++ b/libcontainer/init_linux.go @@ -47,18 +47,6 @@ type network struct { TempVethPeerName string `json:"temp_veth_peer_name"` } -type mountFds struct { - // sourceFds are the fds to use as source when mounting. - // The slice size should be the same as container mounts, as it will be - // paired with them. - // The value -1 is used when no fd is needed for the mount. - // Can't have a valid fd in the same position that other slices in this struct. - // We need to use only one of these fds on any single mount. - sourceFds []int - // Idem sourceFds, but fds of already created idmap mounts, to use with unix.MoveMount(). - idmapFds []int -} - // initConfig is used for transferring parameters from Exec() to Init() type initConfig struct { Args []string `json:"args"` @@ -189,18 +177,6 @@ func startInitialization() (retErr error) { defer pidfdSocket.Close() } - // Get mount files (O_PATH). - mountSrcFds, err := parseFdsFromEnv("_LIBCONTAINER_MOUNT_FDS") - if err != nil { - return err - } - - // Get idmap fds. - idmapFds, err := parseFdsFromEnv("_LIBCONTAINER_IDMAP_FDS") - if err != nil { - return err - } - // Get runc-dmz fds. var dmzExe *os.File if dmzFdStr := os.Getenv("_LIBCONTAINER_DMZEXEFD"); dmzFdStr != "" { @@ -232,21 +208,16 @@ func startInitialization() (retErr error) { } // If init succeeds, it will not return, hence none of the defers will be called. - return containerInit(it, &config, syncPipe, consoleSocket, pidfdSocket, fifofd, logFD, dmzExe, mountFds{sourceFds: mountSrcFds, idmapFds: idmapFds}) + return containerInit(it, &config, syncPipe, consoleSocket, pidfdSocket, fifofd, logFD, dmzExe) } -func containerInit(t initType, config *initConfig, pipe *syncSocket, consoleSocket, pidfdSocket *os.File, fifoFd, logFd int, dmzExe *os.File, mountFds mountFds) error { +func containerInit(t initType, config *initConfig, pipe *syncSocket, consoleSocket, pidfdSocket *os.File, fifoFd, logFd int, dmzExe *os.File) error { if err := populateProcessEnvironment(config.Env); err != nil { return err } switch t { case initSetns: - // mount and idmap fds must be nil in this case. We don't mount while doing runc exec. - if mountFds.sourceFds != nil || mountFds.idmapFds != nil { - return errors.New("mount and idmap fds must be nil; can't mount from exec") - } - i := &linuxSetnsInit{ pipe: pipe, consoleSocket: consoleSocket, @@ -266,7 +237,6 @@ func containerInit(t initType, config *initConfig, pipe *syncSocket, consoleSock fifoFd: fifoFd, logFd: logFd, dmzExe: dmzExe, - mountFds: mountFds, } return i.Init() } diff --git a/libcontainer/message_linux.go b/libcontainer/message_linux.go index 4e48826cdb5..2790f018d06 100644 --- a/libcontainer/message_linux.go +++ b/libcontainer/message_linux.go @@ -21,9 +21,7 @@ const ( RootlessEUIDAttr uint16 = 27287 UidmapPathAttr uint16 = 27288 GidmapPathAttr uint16 = 27289 - MountSourcesAttr uint16 = 27290 - IdmapSourcesAttr uint16 = 27291 - TimeOffsetsAttr uint16 = 27292 + TimeOffsetsAttr uint16 = 27290 ) type Int32msg struct { diff --git a/libcontainer/mount_linux.go b/libcontainer/mount_linux.go index da11da68ea0..59861a4f435 100644 --- a/libcontainer/mount_linux.go +++ b/libcontainer/mount_linux.go @@ -1,22 +1,47 @@ package libcontainer import ( + "errors" + "fmt" "io/fs" + "os" "strconv" + "github.com/sirupsen/logrus" "golang.org/x/sys/unix" + + "github.com/opencontainers/runc/libcontainer/configs" + "github.com/opencontainers/runc/libcontainer/userns" ) +// mountSourceType indicates what type of file descriptor is being returned. It +// is used to tell rootfs_linux.go whether or not to use move_mount(2) to +// install the mount. +type mountSourceType string + +const ( + // An open_tree(2)-style file descriptor that needs to be installed using + // move_mount(2) to install. + mountSourceOpenTree mountSourceType = "open_tree" + // A plain file descriptor that can be mounted through /proc/self/fd. + mountSourcePlain mountSourceType = "plain-open" +) + +type mountSource struct { + Type mountSourceType `json:"type"` + file *os.File `json:"-"` +} + // mountError holds an error from a failed mount or unmount operation. type mountError struct { - op string - source string - srcFD *int - target string - dstFD string - flags uintptr - data string - err error + op string + source string + srcFile *mountSource + target string + dstFd string + flags uintptr + data string + err error } // Error provides a string error representation. @@ -25,13 +50,14 @@ func (e *mountError) Error() string { if e.source != "" { out += "src=" + e.source + ", " - if e.srcFD != nil { - out += "srcFD=" + strconv.Itoa(*e.srcFD) + ", " + if e.srcFile != nil { + out += "srcType=" + string(e.srcFile.Type) + ", " + out += "srcFd=" + strconv.Itoa(int(e.srcFile.file.Fd())) + ", " } } out += "dst=" + e.target - if e.dstFD != "" { - out += ", dstFD=" + e.dstFD + if e.dstFd != "" { + out += ", dstFd=" + e.dstFd } if e.flags != uintptr(0) { @@ -54,38 +80,58 @@ func (e *mountError) Unwrap() error { // mount is a simple unix.Mount wrapper, returning an error with more context // in case it failed. func mount(source, target, fstype string, flags uintptr, data string) error { - return mountViaFDs(source, nil, target, "", fstype, flags, data) + return mountViaFds(source, nil, target, "", fstype, flags, data) } -// mountViaFDs is a unix.Mount wrapper which uses srcFD instead of source, -// and dstFD instead of target, unless those are empty. -// If srcFD is different than nil, its path (i.e. "/proc/self/fd/NN") will be -// constructed by this function. -// dstFD argument, if non-empty, is expected to be in the form of a path to an -// opened file descriptor on procfs (i.e. "/proc/self/fd/NN"). +// mountViaFds is a unix.Mount wrapper which uses srcFile instead of source, +// and dstFd instead of target, unless those are empty. // -// If case an FD is used instead of a source or a target path, the -// corresponding path is only used to add context to an error in case -// the mount operation has failed. -func mountViaFDs(source string, srcFD *int, target, dstFD, fstype string, flags uintptr, data string) error { - src := source - if srcFD != nil { - src = "/proc/self/fd/" + strconv.Itoa(*srcFD) +// If srcFile is non-nil and flags does not contain MS_REMOUNT, mountViaFds +// will mount it according to the mountSourceType of the file descriptor. +// +// The dstFd argument, if non-empty, is expected to be in the form of a path to +// an opened file descriptor on procfs (i.e. "/proc/self/fd/NN"). +// +// If a file descriptor is used instead of a source or a target path, the +// corresponding path is only used to add context to an error in case the mount +// operation has failed. +func mountViaFds(source string, srcFile *mountSource, target, dstFd, fstype string, flags uintptr, data string) error { + // MS_REMOUNT and srcFile don't make sense together. + if srcFile != nil && flags&unix.MS_REMOUNT != 0 { + logrus.Debugf("mount source passed along with MS_REMOUNT -- ignoring srcFile") + srcFile = nil } + dst := target - if dstFD != "" { - dst = dstFD + if dstFd != "" { + dst = dstFd + } + src := source + if srcFile != nil { + src = "/proc/self/fd/" + strconv.Itoa(int(srcFile.file.Fd())) + } + + var op string + var err error + if srcFile != nil && srcFile.Type == mountSourceOpenTree { + op = "move_mount" + err = unix.MoveMount(int(srcFile.file.Fd()), "", + unix.AT_FDCWD, dstFd, + unix.MOVE_MOUNT_F_EMPTY_PATH|unix.MOVE_MOUNT_T_SYMLINKS) + } else { + op = "mount" + err = unix.Mount(src, dst, fstype, flags, data) } - if err := unix.Mount(src, dst, fstype, flags, data); err != nil { + if err != nil { return &mountError{ - op: "mount", - source: source, - srcFD: srcFD, - target: target, - dstFD: dstFD, - flags: flags, - data: data, - err: err, + op: op, + source: source, + srcFile: srcFile, + target: target, + dstFd: dstFd, + flags: flags, + data: data, + err: err, } } return nil @@ -121,3 +167,81 @@ func syscallMode(i fs.FileMode) (o uint32) { // No mapping for Go's ModeTemporary (plan9 only). return } + +// mountFd creates a "mount source fd" (either through open_tree(2) or just +// open(O_PATH)) based on the provided configuration. This function must be +// called from within the container's mount namespace. +// +// In the case of idmapped mount configurations, the returned mount source will +// be an open_tree(2) file with MOUNT_ATTR_IDMAP applied. For other +// bind-mounts, it will be an O_PATH. If the type of mount cannot be handled, +// the returned mountSource will be nil, indicating that the container init +// process will need to do an old-fashioned mount(2) themselves. +// +// This helper is only intended to be used by goCreateMountSources. +func mountFd(nsHandles *userns.Handles, m *configs.Mount) (*mountSource, error) { + if !m.IsBind() { + return nil, errors.New("new mount api: only bind-mounts are supported") + } + if nsHandles == nil { + nsHandles = new(userns.Handles) + defer nsHandles.Release() + } + + var mountFile *os.File + var sourceType mountSourceType + + // Ideally, we would use OPEN_TREE_CLONE for everything, because we can + // be sure that the file descriptor cannot be used to escape outside of + // the mount root. Unfortunately, OPEN_TREE_CLONE is far more expensive + // than open(2) because it requires doing mounts inside a new anonymous + // mount namespace. So we use open(2) for standard bind-mounts, and + // OPEN_TREE_CLONE when we need to set mount attributes here. + // + // While passing open(2)'d paths from the host rootfs isn't exactly the + // safest thing in the world, the files will not survive across + // execve(2) and "runc init" is non-dumpable so it should not be + // possible for a malicious container process to gain access to the + // file descriptors. We also don't do any of this for "runc exec", + // lessening the risk even further. + if m.IsIDMapped() { + flags := uint(unix.OPEN_TREE_CLONE | unix.OPEN_TREE_CLOEXEC) + if m.Flags&unix.MS_REC == unix.MS_REC { + flags |= unix.AT_RECURSIVE + } + fd, err := unix.OpenTree(unix.AT_FDCWD, m.Source, flags) + if err != nil { + return nil, &os.PathError{Op: "open_tree(OPEN_TREE_CLONE)", Path: m.Source, Err: err} + } + mountFile = os.NewFile(uintptr(fd), m.Source) + sourceType = mountSourceOpenTree + + // Configure the id mapping. + usernsFile, err := nsHandles.Get(userns.Mapping{ + UIDMappings: m.UIDMappings, + GIDMappings: m.GIDMappings, + }) + if err != nil { + return nil, fmt.Errorf("failed to create userns for %s id-mapping: %w", m.Source, err) + } + defer usernsFile.Close() + + if err := unix.MountSetattr(int(mountFile.Fd()), "", unix.AT_EMPTY_PATH, &unix.MountAttr{ + Attr_set: unix.MOUNT_ATTR_IDMAP, + Userns_fd: uint64(usernsFile.Fd()), + }); err != nil { + return nil, fmt.Errorf("failed to set MOUNT_ATTR_IDMAP on %s: %w", m.Source, err) + } + } else { + var err error + mountFile, err = os.OpenFile(m.Source, unix.O_PATH|unix.O_CLOEXEC, 0) + if err != nil { + return nil, err + } + sourceType = mountSourcePlain + } + return &mountSource{ + Type: sourceType, + file: mountFile, + }, nil +} diff --git a/libcontainer/nsenter/idmap.h b/libcontainer/nsenter/idmap.h deleted file mode 100644 index fa25a3bfb2f..00000000000 --- a/libcontainer/nsenter/idmap.h +++ /dev/null @@ -1,76 +0,0 @@ -#ifndef IDMAP_H -#define IDMAP_H - -#include -// Centos-7 doesn't have this file nor the __has_include() directive, so let's -// just leave this commented out and we can uncomment when it hits EOL (2024-06-30). -//#include -#include -#include - -/* mount_setattr() */ -#ifndef MOUNT_ATTR_IDMAP -#define MOUNT_ATTR_IDMAP 0x00100000 -#endif - -#ifndef __NR_mount_setattr - #if defined _MIPS_SIM - #if _MIPS_SIM == _MIPS_SIM_ABI32 /* o32 */ - #define __NR_mount_setattr (442 + 4000) - #endif - #if _MIPS_SIM == _MIPS_SIM_NABI32 /* n32 */ - #define __NR_mount_setattr (442 + 6000) - #endif - #if _MIPS_SIM == _MIPS_SIM_ABI64 /* n64 */ - #define __NR_mount_setattr (442 + 5000) - #endif - #else - #define __NR_mount_setattr 442 - #endif -#endif -#ifndef MOUNT_ATTR_SIZE_VER0 -struct mount_attr { - __u64 attr_set; - __u64 attr_clr; - __u64 propagation; - __u64 userns_fd; -}; -#endif - -/* open_tree() */ -#ifndef OPEN_TREE_CLONE -#define OPEN_TREE_CLONE 1 -#endif - -#ifndef OPEN_TREE_CLOEXEC -#define OPEN_TREE_CLOEXEC O_CLOEXEC -#endif - -#ifndef __NR_open_tree - #if defined _MIPS_SIM - #if _MIPS_SIM == _MIPS_SIM_ABI32 /* o32 */ - #define __NR_open_tree 4428 - #endif - #if _MIPS_SIM == _MIPS_SIM_NABI32 /* n32 */ - #define __NR_open_tree 6428 - #endif - #if _MIPS_SIM == _MIPS_SIM_ABI64 /* n64 */ - #define __NR_open_tree 5428 - #endif - #else - #define __NR_open_tree 428 - #endif -#endif - -static inline int sys_mount_setattr(int dfd, const char *path, unsigned int flags, struct mount_attr *attr, size_t size) -{ - return syscall(__NR_mount_setattr, dfd, path, flags, attr, size); -} - -static inline int sys_open_tree(int dfd, const char *filename, unsigned int flags) -{ - return syscall(__NR_open_tree, dfd, filename, flags); -} - - -#endif /* IDMAP_H */ diff --git a/libcontainer/nsenter/nsexec.c b/libcontainer/nsenter/nsexec.c index f64cc41eb4a..bfc6a79a8e1 100644 --- a/libcontainer/nsenter/nsexec.c +++ b/libcontainer/nsenter/nsexec.c @@ -33,9 +33,6 @@ /* Get all of the CLONE_NEW* flags. */ #include "namespace.h" -/* Get definitions for idmap sources */ -#include "idmap.h" - /* Synchronisation values. */ enum sync_t { SYNC_USERMAP_PLS = 0x40, /* Request parent to map our users. */ @@ -44,12 +41,8 @@ enum sync_t { SYNC_RECVPID_ACK = 0x43, /* PID was correctly received by parent. */ SYNC_GRANDCHILD = 0x44, /* The grandchild is ready to run. */ SYNC_CHILD_FINISH = 0x45, /* The child or grandchild has finished. */ - SYNC_MOUNTSOURCES_PLS = 0x46, /* Tell parent to send mount sources by SCM_RIGHTS. */ - SYNC_MOUNTSOURCES_ACK = 0x47, /* All mount sources have been sent. */ - SYNC_MOUNT_IDMAP_PLS = 0x48, /* Tell parent to mount idmap sources. */ - SYNC_MOUNT_IDMAP_ACK = 0x49, /* All idmap mounts have been done. */ - SYNC_TIMEOFFSETS_PLS = 0x50, /* Request parent to write timens offsets. */ - SYNC_TIMEOFFSETS_ACK = 0x51, /* Timens offsets were written. */ + SYNC_TIMEOFFSETS_PLS = 0x46, /* Request parent to write timens offsets. */ + SYNC_TIMEOFFSETS_ACK = 0x47, /* Timens offsets were written. */ }; #define STAGE_SETUP -1 @@ -99,14 +92,6 @@ struct nlconfig_t { char *gidmappath; size_t gidmappath_len; - /* Mount sources opened outside the container userns. */ - char *mountsources; - size_t mountsources_len; - - /* Idmap sources opened outside the container userns which will be id mapped. */ - char *idmapsources; - size_t idmapsources_len; - /* Time NS offsets. */ char *timensoffset; size_t timensoffset_len; @@ -126,9 +111,7 @@ struct nlconfig_t { #define ROOTLESS_EUID_ATTR 27287 #define UIDMAPPATH_ATTR 27288 #define GIDMAPPATH_ATTR 27289 -#define MOUNT_SOURCES_ATTR 27290 -#define IDMAP_SOURCES_ATTR 27291 -#define TIMENSOFFSET_ATTR 27292 +#define TIMENSOFFSET_ATTR 27290 /* * Use the raw syscall for versions of glibc which don't include a function for @@ -446,14 +429,6 @@ static void nl_parse(int fd, struct nlconfig_t *config) case SETGROUP_ATTR: config->is_setgroup = readint8(current); break; - case MOUNT_SOURCES_ATTR: - config->mountsources = current; - config->mountsources_len = payload_len; - break; - case IDMAP_SOURCES_ATTR: - config->idmapsources = current; - config->idmapsources_len = payload_len; - break; case TIMENSOFFSET_ATTR: config->timensoffset = current; config->timensoffset_len = payload_len; @@ -546,115 +521,6 @@ static inline int sane_kill(pid_t pid, int signum) return 0; } -/* receive_fd_sources parses env_var as an array of fd numbers and, for each element that is - * not -1, it receives an fd via SCM_RIGHTS and dup3 it to the fd requested in - * the element of the env var. - */ -void receive_fd_sources(int sockfd, const char *env_var) -{ - char *fds, *endp; - long new_fd; - - // This env var must be a json array of ints. - fds = getenv(env_var); - - if (fds[0] != '[') { - bail("malformed %s env var: missing '['", env_var); - } - fds++; - - for (endp = fds; *endp != ']'; fds = endp + 1) { - new_fd = strtol(fds, &endp, 10); - if (endp == fds) { - bail("malformed %s env var: not a number", env_var); - } - if (*endp == '\0') { - bail("malformed %s env var: missing ]", env_var); - } - // The list contains -1 when no fd is needed. Ignore them. - if (new_fd == -1) { - continue; - } - - if (new_fd == LONG_MAX || new_fd < 0 || new_fd > INT_MAX) { - bail("malformed %s env var: fds out of range", env_var); - } - - int recv_fd = receive_fd(sockfd); - if (dup3(recv_fd, new_fd, O_CLOEXEC) < 0) { - bail("cannot dup3 fd %d to %ld", recv_fd, new_fd); - } - if (close(recv_fd) < 0) { - bail("cannot close fd %d", recv_fd); - } - } -} - -void receive_mountsources(int sockfd) -{ - receive_fd_sources(sockfd, "_LIBCONTAINER_MOUNT_FDS"); -} - -void send_mountsources(int sockfd, pid_t child, char *mountsources, size_t mountsources_len) -{ - char proc_path[PATH_MAX]; - int host_mntns_fd; - int container_mntns_fd; - int fd; - int ret; - - // container_linux.go shouldSendMountSources() decides if mount sources - // should be pre-opened (O_PATH) and passed via SCM_RIGHTS - if (mountsources == NULL) - return; - - host_mntns_fd = open("/proc/self/ns/mnt", O_RDONLY | O_CLOEXEC); - if (host_mntns_fd == -1) - bail("failed to get current mount namespace"); - - if (snprintf(proc_path, PATH_MAX, "/proc/%d/ns/mnt", child) < 0) - bail("failed to get mount namespace path"); - - container_mntns_fd = open(proc_path, O_RDONLY | O_CLOEXEC); - if (container_mntns_fd == -1) - bail("failed to get container mount namespace"); - - if (setns(container_mntns_fd, CLONE_NEWNS) < 0) - bail("failed to setns to container mntns"); - - char *mountsources_end = mountsources + mountsources_len; - while (mountsources < mountsources_end) { - if (mountsources[0] == '\0') { - mountsources++; - continue; - } - - fd = open(mountsources, O_PATH | O_CLOEXEC); - if (fd < 0) - bail("failed to open mount source %s", mountsources); - - write_log(DEBUG, "~> sending fd for: %s", mountsources); - if (send_fd(sockfd, fd) < 0) - bail("failed to send fd %d via unix socket %d", fd, sockfd); - - ret = close(fd); - if (ret != 0) - bail("failed to close mount source fd %d", fd); - - mountsources += strlen(mountsources) + 1; - } - - if (setns(host_mntns_fd, CLONE_NEWNS) < 0) - bail("failed to setns to host mntns"); - - ret = close(host_mntns_fd); - if (ret != 0) - bail("failed to close host mount namespace fd %d", host_mntns_fd); - ret = close(container_mntns_fd); - if (ret != 0) - bail("failed to close container mount namespace fd %d", container_mntns_fd); -} - void try_unshare(int flags, const char *msg) { write_log(DEBUG, "unshare %s", msg); @@ -674,89 +540,6 @@ void try_unshare(int flags, const char *msg) bail("failed to unshare %s", msg); } -void send_idmapsources(int sockfd, pid_t pid, char *idmap_src, int idmap_src_len) -{ - char proc_user_path[PATH_MAX]; - - /* Open the userns fd only once. - * Currently we only support idmap mounts that use the same mapping than - * the userns. This is validated in libcontainer/configs/validate/validator.go, - * so if we reached here, we know the mapping for the idmap is the same - * as the userns. This is why we just open the userns_fd once from the - * PID of the child process that has the userns already applied. - */ - int ret = snprintf(proc_user_path, sizeof(proc_user_path), "/proc/%d/ns/user", pid); - if (ret < 0 || (size_t)ret >= sizeof(proc_user_path)) { - sane_kill(pid, SIGKILL); - bail("failed to create userns path string"); - } - - int userns_fd = open(proc_user_path, O_RDONLY | O_CLOEXEC | O_NOCTTY); - if (userns_fd < 0) { - sane_kill(pid, SIGKILL); - bail("failed to get user namespace fd"); - } - - char *idmap_end = idmap_src + idmap_src_len; - while (idmap_src < idmap_end) { - if (idmap_src[0] == '\0') { - idmap_src++; - continue; - } - - int fd_tree = sys_open_tree(-EBADF, idmap_src, - OPEN_TREE_CLONE | OPEN_TREE_CLOEXEC | - AT_SYMLINK_NOFOLLOW | AT_NO_AUTOMOUNT); - if (fd_tree < 0) { - sane_kill(pid, SIGKILL); - if (errno == ENOSYS) { - bail("open_tree(2) failed, the kernel doesn't support ID-mapped mounts"); - } else if (errno == EINVAL) { - bail("open_tree(2) failed with path: %s, the kernel doesn't support ID-mapped mounts", - idmap_src); - } else { - bail("open_tree(2) failed with path: %s", idmap_src); - } - } - - struct mount_attr attr = { - .attr_set = MOUNT_ATTR_IDMAP, - .userns_fd = userns_fd, - }; - - ret = sys_mount_setattr(fd_tree, "", AT_EMPTY_PATH, &attr, sizeof(attr)); - if (ret < 0) { - sane_kill(pid, SIGKILL); - if (errno == ENOSYS) - bail("mount_setattr(2) failed, the kernel doesn't support ID-mapped mounts"); - else if (errno == EINVAL) - bail("mount_setattr(2) failed with path: %s, maybe the filesystem doesn't support ID-mapped mounts", idmap_src); - else - bail("mount_setattr(2) failed with path: %s", idmap_src); - } - - write_log(DEBUG, "~> sending idmap source: %s with mapping from: %s", idmap_src, proc_user_path); - send_fd(sockfd, fd_tree); - - if (close(fd_tree) < 0) { - sane_kill(pid, SIGKILL); - bail("error closing fd_tree"); - } - - idmap_src += strlen(idmap_src) + 1; - } - - if (close(userns_fd) < 0) { - sane_kill(pid, SIGKILL); - bail("error closing userns fd"); - } -} - -void receive_idmapsources(int sockfd) -{ - receive_fd_sources(sockfd, "_LIBCONTAINER_IDMAP_FDS"); -} - static void update_timens_offsets(pid_t pid, char *map, size_t map_len) { if (map == NULL || map_len == 0) @@ -988,28 +771,6 @@ void nsexec(void) sane_kill(stage2_pid, SIGKILL); bail("failed to sync with runc: write(pid-JSON)"); } - break; - case SYNC_MOUNTSOURCES_PLS: - write_log(DEBUG, "stage-1 requested to open mount sources"); - send_mountsources(syncfd, stage1_pid, config.mountsources, - config.mountsources_len); - - s = SYNC_MOUNTSOURCES_ACK; - if (write(syncfd, &s, sizeof(s)) != sizeof(s)) { - sane_kill(stage1_pid, SIGKILL); - bail("failed to sync with child: write(SYNC_MOUNTSOURCES_ACK)"); - } - break; - case SYNC_MOUNT_IDMAP_PLS: - write_log(DEBUG, "stage-1 requested to open idmap sources"); - send_idmapsources(syncfd, stage1_pid, config.idmapsources, - config.idmapsources_len); - s = SYNC_MOUNT_IDMAP_ACK; - if (write(syncfd, &s, sizeof(s)) != sizeof(s)) { - sane_kill(stage1_pid, SIGKILL); - bail("failed to sync with child: write(SYNC_MOUNT_IDMAP_ACK)"); - } - break; case SYNC_TIMEOFFSETS_PLS: write_log(DEBUG, "stage-1 requested timens offsets to be configured"); @@ -1186,38 +947,6 @@ void nsexec(void) bail("failed to sync with parent: SYNC_TIMEOFFSETS_ACK: got %u", s); } - /* Ask our parent to send the mount sources fds. */ - if (config.mountsources) { - write_log(DEBUG, "request stage-0 to send mount sources"); - s = SYNC_MOUNTSOURCES_PLS; - if (write(syncfd, &s, sizeof(s)) != sizeof(s)) - bail("failed to sync with parent: write(SYNC_MOUNTSOURCES_PLS)"); - - /* Receive and install all mount sources fds. */ - receive_mountsources(syncfd); - - /* Parent finished to send the mount sources fds. */ - if (read(syncfd, &s, sizeof(s)) != sizeof(s)) - bail("failed to sync with parent: read(SYNC_MOUNTSOURCES_ACK)"); - if (s != SYNC_MOUNTSOURCES_ACK) - bail("failed to sync with parent: SYNC_MOUNTSOURCES_ACK: got %u", s); - } - - if (config.idmapsources) { - write_log(DEBUG, "request stage-0 to send idmap sources"); - s = SYNC_MOUNT_IDMAP_PLS; - if (write(syncfd, &s, sizeof(s)) != sizeof(s)) - bail("failed to sync with parent: write(SYNC_MOUNT_IDMAP_PLS)"); - - /* Receive and install all idmap fds. */ - receive_idmapsources(syncfd); - - if (read(syncfd, &s, sizeof(s)) != sizeof(s)) - bail("failed to sync with parent: read(SYNC_MOUNT_IDMAP_ACK)"); - if (s != SYNC_MOUNT_IDMAP_ACK) - bail("failed to sync with parent: SYNC_MOUNT_IDMAP_ACK: got %u", s); - } - /* * TODO: What about non-namespace clone flags that we're dropping here? * diff --git a/libcontainer/process_linux.go b/libcontainer/process_linux.go index c1b60c49884..ba916571489 100644 --- a/libcontainer/process_linux.go +++ b/libcontainer/process_linux.go @@ -1,6 +1,7 @@ package libcontainer import ( + "context" "encoding/json" "errors" "fmt" @@ -11,18 +12,21 @@ import ( "path/filepath" "runtime" "strconv" + "sync" "time" + "github.com/opencontainers/runtime-spec/specs-go" + "github.com/sirupsen/logrus" + "golang.org/x/sys/unix" + "github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/cgroups/fs2" "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/intelrdt" "github.com/opencontainers/runc/libcontainer/logs" "github.com/opencontainers/runc/libcontainer/system" + "github.com/opencontainers/runc/libcontainer/userns" "github.com/opencontainers/runc/libcontainer/utils" - "github.com/opencontainers/runtime-spec/specs-go" - "github.com/sirupsen/logrus" - "golang.org/x/sys/unix" ) type parentProcess interface { @@ -208,6 +212,9 @@ func (p *setnsProcess) start() (retErr error) { case procHooks: // This shouldn't happen. panic("unexpected procHooks in setns") + case procMountPlease: + // This shouldn't happen. + panic("unexpected procMountPlease in setns") case procSeccomp: if p.config.Config.Seccomp.ListenerPath == "" { return errors.New("seccomp listenerPath is not set") @@ -398,6 +405,110 @@ func (p *initProcess) waitForChildExit(childPid int) error { return nil } +type mountSourceRequestFn func(*configs.Mount) (*mountSource, error) + +// goCreateMountSources spawns a goroutine which creates open_tree(2)-style +// mountfds based on the requested configs.Mount configuration. The returned +// requestFn and cancelFn are used to interact with the goroutine. +// +// The caller of the returned mountSourceRequestFn is responsible for closing +// the returned file. +func (p *initProcess) goCreateMountSources(ctx context.Context) (mountSourceRequestFn, context.CancelFunc, error) { + type response struct { + src *mountSource + err error + } + + errCh := make(chan error, 1) + requestCh := make(chan *configs.Mount) + responseCh := make(chan response) + + ctx, cancelFn := context.WithTimeout(ctx, 1*time.Minute) + go func() { + // We lock this thread because we need to setns(2) here. There is no + // UnlockOSThread() here, to ensure that the Go runtime will kill this + // thread once this goroutine returns (ensuring no other goroutines run + // in this context). + runtime.LockOSThread() + + // Detach from the shared fs of the rest of the Go process in order to + // be able to CLONE_NEWNS. + if err := unix.Unshare(unix.CLONE_FS); err != nil { + err = os.NewSyscallError("unshare(CLONE_FS)", err) + errCh <- fmt.Errorf("mount source thread: %w", err) + return + } + + // Attach to the container's mount namespace. + nsFd, err := os.Open(fmt.Sprintf("/proc/%d/ns/mnt", p.pid())) + if err != nil { + errCh <- fmt.Errorf("mount source thread: open container mntns: %w", err) + return + } + defer nsFd.Close() + if err := unix.Setns(int(nsFd.Fd()), unix.CLONE_NEWNS); err != nil { + err = os.NewSyscallError("setns", err) + errCh <- fmt.Errorf("mount source thread: join container mntns: %w", err) + return + } + + // No errors during setup! + close(errCh) + logrus.Debugf("mount source thread: successfully running in container mntns") + + nsHandles := new(userns.Handles) + defer nsHandles.Release() + loop: + for { + select { + case m, ok := <-requestCh: + if !ok { + break loop + } + src, err := mountFd(nsHandles, m) + logrus.Debugf("mount source thread: handling request for %q: %v %v", m.Source, src, err) + responseCh <- response{ + src: src, + err: err, + } + case <-ctx.Done(): + break loop + } + } + logrus.Debugf("mount source thread: closing thread: %v", ctx.Err()) + close(responseCh) + }() + + // Check for setup errors. + err := <-errCh + if err != nil { + cancelFn() + return nil, nil, err + } + + // TODO: Switch to context.AfterFunc when we switch to Go 1.21. + var requestChCloseOnce sync.Once + requestFn := func(m *configs.Mount) (*mountSource, error) { + var err error + select { + case requestCh <- m: + select { + case resp, ok := <-responseCh: + if ok { + return resp.src, resp.err + } + case <-ctx.Done(): + err = fmt.Errorf("receive mount source context cancelled: %w", ctx.Err()) + } + case <-ctx.Done(): + err = fmt.Errorf("send mount request cancelled: %w", ctx.Err()) + } + requestChCloseOnce.Do(func() { close(requestCh) }) + return nil, err + } + return requestFn, cancelFn, nil +} + func (p *initProcess) start() (retErr error) { defer p.comm.closeParent() err := p.cmd.Start() @@ -487,6 +598,22 @@ func (p *initProcess) start() (retErr error) { return fmt.Errorf("error waiting for our first child to exit: %w", err) } + // Spin up a goroutine to handle remapping mount requests by runc init. + // There is no point doing this for rootless containers because they cannot + // configure MOUNT_ATTR_IDMAP, nor do OPEN_TREE_CLONE. We could just + // service plain-open requests for plain bind-mounts but there's no need + // (rootless containers will never have permission issues on a source mount + // that the parent process can help with -- they are the same user). + var mountRequest mountSourceRequestFn + if !p.container.config.RootlessEUID { + request, cancel, err := p.goCreateMountSources(context.Background()) + if err != nil { + return fmt.Errorf("error spawning mount remapping thread: %w", err) + } + defer cancel() + mountRequest = request + } + if err := p.createNetworkInterfaces(); err != nil { return fmt.Errorf("error creating network interfaces: %w", err) } @@ -500,6 +627,35 @@ func (p *initProcess) start() (retErr error) { var seenProcReady bool ierr := parseSync(p.comm.syncSockParent, func(sync *syncT) error { switch sync.Type { + case procMountPlease: + if mountRequest == nil { + return fmt.Errorf("cannot fulfil mount requests as a rootless user") + } + var m *configs.Mount + if sync.Arg == nil { + return fmt.Errorf("sync %q is missing an argument", sync.Type) + } + if err := json.Unmarshal(*sync.Arg, &m); err != nil { + return fmt.Errorf("sync %q passed invalid mount arg: %w", sync.Type, err) + } + mnt, err := mountRequest(m) + if err != nil { + return fmt.Errorf("failed to fulfil mount request: %w", err) + } + defer mnt.file.Close() + + arg, err := json.Marshal(mnt) + if err != nil { + return fmt.Errorf("sync %q failed to marshal mountSource: %w", sync.Type, err) + } + argMsg := json.RawMessage(arg) + if err := doWriteSync(p.comm.syncSockParent, syncT{ + Type: procMountFd, + Arg: &argMsg, + File: mnt.file, + }); err != nil { + return err + } case procSeccomp: if p.config.Config.Seccomp.ListenerPath == "" { return errors.New("seccomp listenerPath is not set") diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index a2e41ea5638..7f98e15c4cc 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -1,6 +1,7 @@ package libcontainer import ( + "encoding/json" "errors" "fmt" "os" @@ -13,16 +14,17 @@ import ( securejoin "github.com/cyphar/filepath-securejoin" "github.com/moby/sys/mountinfo" "github.com/mrunalp/fileutils" + "github.com/opencontainers/runtime-spec/specs-go" + "github.com/opencontainers/selinux/go-selinux/label" + "github.com/sirupsen/logrus" + "golang.org/x/sys/unix" + "github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/cgroups/fs2" "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/devices" "github.com/opencontainers/runc/libcontainer/userns" "github.com/opencontainers/runc/libcontainer/utils" - "github.com/opencontainers/runtime-spec/specs-go" - "github.com/opencontainers/selinux/go-selinux/label" - "github.com/sirupsen/logrus" - "golang.org/x/sys/unix" ) const defaultMountFlags = unix.MS_NOEXEC | unix.MS_NOSUID | unix.MS_NODEV @@ -39,12 +41,12 @@ type mountConfig struct { // mountEntry contains mount data specific to a mount point. type mountEntry struct { *configs.Mount - srcFD *int + srcFile *mountSource } func (m *mountEntry) src() string { - if m.srcFD != nil { - return "/proc/self/fd/" + strconv.Itoa(*m.srcFD) + if m.srcFile != nil { + return "/proc/self/fd/" + strconv.Itoa(int(m.srcFile.file.Fd())) } return m.Source } @@ -62,20 +64,12 @@ func needsSetupDev(config *configs.Config) bool { // prepareRootfs sets up the devices, mount points, and filesystems for use // inside a new mount namespace. It doesn't set anything as ro. You must call // finalizeRootfs after this function to finish setting up the rootfs. -func prepareRootfs(pipe *syncSocket, iConfig *initConfig, mountFds mountFds) (err error) { +func prepareRootfs(pipe *syncSocket, iConfig *initConfig) (err error) { config := iConfig.Config if err := prepareRoot(config); err != nil { return fmt.Errorf("error preparing rootfs: %w", err) } - if mountFds.sourceFds != nil && len(mountFds.sourceFds) != len(config.Mounts) { - return fmt.Errorf("malformed mountFds slice. Expected size: %v, got: %v", len(config.Mounts), len(mountFds.sourceFds)) - } - - if mountFds.idmapFds != nil && len(mountFds.idmapFds) != len(config.Mounts) { - return fmt.Errorf("malformed idmapFds slice: expected size: %v, got: %v", len(config.Mounts), len(mountFds.idmapFds)) - } - mountConfig := &mountConfig{ root: config.Rootfs, label: config.MountLabel, @@ -83,22 +77,53 @@ func prepareRootfs(pipe *syncSocket, iConfig *initConfig, mountFds mountFds) (er rootlessCgroups: iConfig.RootlessCgroups, cgroupns: config.Namespaces.Contains(configs.NEWCGROUP), } - for i, m := range config.Mounts { + for _, m := range config.Mounts { entry := mountEntry{Mount: m} - // Just before the loop we checked that if not empty, len(mountFds.sourceFds) == len(config.Mounts). - // Therefore, we can access mountFds.sourceFds[i] without any concerns. - if mountFds.sourceFds != nil && mountFds.sourceFds[i] != -1 { - entry.srcFD = &mountFds.sourceFds[i] + // Figure out whether we need to request runc to give us an + // open_tree(2)-style mountfd. For idmapped mounts, this is always + // necessary. For bind-mounts, this is only necessary if we cannot + // resolve the parent mount (this is only hit if you are running in a + // userns -- but for rootless the host-side thread can't help). + wantSourceFile := m.IsIDMapped() + if m.IsBind() && !config.RootlessEUID { + if _, err := os.Stat(m.Source); err != nil { + wantSourceFile = true + } } - - // We validated before we can access mountFds.idmapFds[i]. - if mountFds.idmapFds != nil && mountFds.idmapFds[i] != -1 { - if entry.srcFD != nil { - return fmt.Errorf("malformed mountFds and idmapFds slice, entry: %v has fds in both slices", i) + if wantSourceFile { + // Request a source file from the host. + if err := writeSyncArg(pipe, procMountPlease, m); err != nil { + return fmt.Errorf("failed to request mountfd for %q: %w", m.Source, err) + } + sync, err := readSyncFull(pipe, procMountFd) + if err != nil { + return fmt.Errorf("mountfd request for %q failed: %w", m.Source, err) } - entry.srcFD = &mountFds.idmapFds[i] + if sync.File == nil { + return fmt.Errorf("mountfd request for %q: response missing attached fd", m.Source) + } + defer sync.File.Close() + // Sanity-check to make sure we didn't get the wrong fd back. Note + // that while m.Source might contain symlinks, the (*os.File).Name + // is based on the path provided to os.OpenFile, not what it + // resolves to. So this should never happen. + if sync.File.Name() != m.Source { + return fmt.Errorf("returned mountfd for %q doesn't match requested mount configuration: mountfd path is %q", m.Source, sync.File.Name()) + } + // Unmarshal the procMountFd argument (the file is sync.File). + var src *mountSource + if sync.Arg == nil { + return fmt.Errorf("sync %q is missing an argument", sync.Type) + } + if err := json.Unmarshal(*sync.Arg, &src); err != nil { + return fmt.Errorf("invalid mount fd response argument %q: %w", string(*sync.Arg), err) + } + if src == nil { + return fmt.Errorf("mountfd request for %q: no mount source info received", m.Source) + } + src.file = sync.File + entry.srcFile = src } - if err := mountToRootfs(mountConfig, entry); err != nil { return fmt.Errorf("error mounting %q to rootfs at %q: %w", m.Source, m.Destination, err) } @@ -281,7 +306,7 @@ func mountCgroupV1(m *configs.Mount, c *mountConfig) error { if err := os.MkdirAll(subsystemPath, 0o755); err != nil { return err } - if err := utils.WithProcfd(c.root, b.Destination, func(dstFD string) error { + if err := utils.WithProcfd(c.root, b.Destination, func(dstFd string) error { flags := defaultMountFlags if m.Flags&unix.MS_RDONLY != 0 { flags = flags | unix.MS_RDONLY @@ -294,7 +319,7 @@ func mountCgroupV1(m *configs.Mount, c *mountConfig) error { data = cgroups.CgroupNamePrefix + data source = "systemd" } - return mountViaFDs(source, nil, b.Destination, dstFD, "cgroup", uintptr(flags), data) + return mountViaFds(source, nil, b.Destination, dstFd, "cgroup", uintptr(flags), data) }); err != nil { return err } @@ -325,8 +350,8 @@ func mountCgroupV2(m *configs.Mount, c *mountConfig) error { if err := os.MkdirAll(dest, 0o755); err != nil { return err } - err = utils.WithProcfd(c.root, m.Destination, func(dstFD string) error { - return mountViaFDs(m.Source, nil, m.Destination, dstFD, "cgroup2", uintptr(m.Flags), m.Data) + err = utils.WithProcfd(c.root, m.Destination, func(dstFd string) error { + return mountViaFds(m.Source, nil, m.Destination, dstFd, "cgroup2", uintptr(m.Flags), m.Data) }) if err == nil || !(errors.Is(err, unix.EPERM) || errors.Is(err, unix.EBUSY)) { return err @@ -347,7 +372,6 @@ func mountCgroupV2(m *configs.Mount, c *mountConfig) error { bindM.Source = c.cgroup2Path } // mountToRootfs() handles remounting for MS_RDONLY. - // No need to set mountEntry.srcFD here, because mountToRootfs() calls utils.WithProcfd() by itself in mountPropagate(). err = mountToRootfs(c, mountEntry{Mount: bindM}) if c.rootlessCgroups && errors.Is(err, unix.ENOENT) { // ENOENT (for `src = c.cgroup2Path`) happens when rootless runc is being executed @@ -392,15 +416,15 @@ func doTmpfsCopyUp(m mountEntry, rootfs, mountLabel string) (Err error) { } }() - return utils.WithProcfd(rootfs, m.Destination, func(dstFD string) (Err error) { + return utils.WithProcfd(rootfs, m.Destination, func(dstFd string) (Err error) { // Copy the container data to the host tmpdir. We append "/" to force // CopyDirectory to resolve the symlink rather than trying to copy the // symlink itself. - if err := fileutils.CopyDirectory(dstFD+"/", tmpDir); err != nil { - return fmt.Errorf("tmpcopyup: failed to copy %s to %s (%s): %w", m.Destination, dstFD, tmpDir, err) + if err := fileutils.CopyDirectory(dstFd+"/", tmpDir); err != nil { + return fmt.Errorf("tmpcopyup: failed to copy %s to %s (%s): %w", m.Destination, dstFd, tmpDir, err) } // Now move the mount into the container. - if err := mountViaFDs(tmpDir, nil, m.Destination, dstFD, "", unix.MS_MOVE, ""); err != nil { + if err := mountViaFds(tmpDir, nil, m.Destination, dstFd, "", unix.MS_MOVE, ""); err != nil { return fmt.Errorf("tmpcopyup: failed to move mount: %w", err) } return nil @@ -522,35 +546,9 @@ func mountToRootfs(c *mountConfig, m mountEntry) error { if err := prepareBindMount(m, rootfs); err != nil { return err } - - if m.IsBind() && m.IsIDMapped() { - if m.srcFD == nil { - return fmt.Errorf("error creating mount %+v: idmapFD is invalid, should point to a valid fd", m) - } - if err := unix.MoveMount(*m.srcFD, "", unix.AT_FDCWD, dest, unix.MOVE_MOUNT_F_EMPTY_PATH); err != nil { - return fmt.Errorf("error on unix.MoveMount %+v: %w", m, err) - } - - // In nsexec.c, we did not set the propagation field of mount_attr struct. - // So, let's deal with these flags right now! - if err := utils.WithProcfd(rootfs, dest, func(dstFD string) error { - for _, pflag := range m.PropagationFlags { - // When using mount for setting propagations flags, the source, file - // system type and data arguments are ignored: - // https://man7.org/linux/man-pages/man2/mount.2.html - // We also ignore procfd because we want to act on dest. - if err := mountViaFDs("", nil, dest, dstFD, "", uintptr(pflag), ""); err != nil { - return err - } - } - return nil - }); err != nil { - return fmt.Errorf("change mount propagation through procfd: %w", err) - } - } else { - if err := mountPropagate(m, rootfs, mountLabel); err != nil { - return err - } + // open_tree()-related shenanigans are all handled in mountViaFds. + if err := mountPropagate(m, rootfs, mountLabel); err != nil { + return err } // The initial MS_BIND won't change the mount options, we need to do a @@ -563,7 +561,7 @@ func mountToRootfs(c *mountConfig, m mountEntry) error { // contrast to mount(8)'s current behaviour, but is what users probably // expect. See . if m.Flags & ^(unix.MS_BIND|unix.MS_REC|unix.MS_REMOUNT) != 0 || m.ClearedFlags != 0 { - if err := utils.WithProcfd(rootfs, m.Destination, func(dstFD string) error { + if err := utils.WithProcfd(rootfs, m.Destination, func(dstFd string) error { flags := m.Flags | unix.MS_BIND | unix.MS_REMOUNT // The runtime-spec says we SHOULD map to the relevant mount(8) // behaviour. However, it's not clear whether we want the @@ -590,7 +588,7 @@ func mountToRootfs(c *mountConfig, m mountEntry) error { // different set of flags. This also has the mount(8) bug where // "nodiratime,norelatime" will result in a // "nodiratime,relatime" mount. - mountErr := mountViaFDs("", nil, m.Destination, dstFD, "", uintptr(flags), "") + mountErr := mountViaFds("", nil, m.Destination, dstFd, "", uintptr(flags), "") if mountErr == nil { return nil } @@ -639,7 +637,7 @@ func mountToRootfs(c *mountConfig, m mountEntry) error { // Retry the mount with the existing lockable mount flags // applied. flags |= srcFlags & mntLockFlags - mountErr = mountViaFDs("", nil, m.Destination, dstFD, "", uintptr(flags), "") + mountErr = mountViaFds("", nil, m.Destination, dstFd, "", uintptr(flags), "") logrus.Debugf("remount retry: srcFlags=0x%x flagsSet=0x%x flagsClr=0x%x: %v", srcFlags, m.Flags, m.ClearedFlags, mountErr) return mountErr }); err != nil { @@ -857,8 +855,8 @@ func bindMountDeviceNode(rootfs, dest string, node *devices.Device) error { if f != nil { _ = f.Close() } - return utils.WithProcfd(rootfs, dest, func(dstFD string) error { - return mountViaFDs(node.Path, nil, dest, dstFD, "bind", unix.MS_BIND, "") + return utils.WithProcfd(rootfs, dest, func(dstFd string) error { + return mountViaFds(node.Path, nil, dest, dstFd, "bind", unix.MS_BIND, "") }) } @@ -1251,17 +1249,17 @@ func mountPropagate(m mountEntry, rootfs string, mountLabel string) error { // mutating underneath us, we verify that we are actually going to mount // inside the container with WithProcfd() -- mounting through a procfd // mounts on the target. - if err := utils.WithProcfd(rootfs, m.Destination, func(dstFD string) error { - return mountViaFDs(m.Source, m.srcFD, m.Destination, dstFD, m.Device, uintptr(flags), data) + if err := utils.WithProcfd(rootfs, m.Destination, func(dstFd string) error { + return mountViaFds(m.Source, m.srcFile, m.Destination, dstFd, m.Device, uintptr(flags), data) }); err != nil { return err } // We have to apply mount propagation flags in a separate WithProcfd() call // because the previous call invalidates the passed procfd -- the mount // target needs to be re-opened. - if err := utils.WithProcfd(rootfs, m.Destination, func(dstFD string) error { + if err := utils.WithProcfd(rootfs, m.Destination, func(dstFd string) error { for _, pflag := range m.PropagationFlags { - if err := mountViaFDs("", nil, m.Destination, dstFD, "", uintptr(pflag), ""); err != nil { + if err := mountViaFds("", nil, m.Destination, dstFd, "", uintptr(pflag), ""); err != nil { return err } } diff --git a/libcontainer/standard_init_linux.go b/libcontainer/standard_init_linux.go index 0f80cb33373..b27732778c4 100644 --- a/libcontainer/standard_init_linux.go +++ b/libcontainer/standard_init_linux.go @@ -27,7 +27,6 @@ type linuxStandardInit struct { fifoFd int logFd int dmzExe *os.File - mountFds mountFds config *initConfig } @@ -88,17 +87,7 @@ func (l *linuxStandardInit) Init() error { // initialises the labeling system selinux.GetEnabled() - // We don't need the mount nor idmap fds after prepareRootfs() nor if it fails. - err := prepareRootfs(l.pipe, l.config, l.mountFds) - for _, m := range append(l.mountFds.sourceFds, l.mountFds.idmapFds...) { - if m == -1 { - continue - } - if err := unix.Close(m); err != nil { - return fmt.Errorf("unable to close mountFds fds: %w", err) - } - } - + err := prepareRootfs(l.pipe, l.config) if err != nil { return err } diff --git a/libcontainer/sync.go b/libcontainer/sync.go index 1894e870e53..0a54a4b81e0 100644 --- a/libcontainer/sync.go +++ b/libcontainer/sync.go @@ -21,6 +21,11 @@ type syncType string // // [ child ] <-> [ parent ] // +// procMountPlease --> [open(2) or open_tree(2) and configure mount] +// Arg: configs.Mount +// <-- procMountFd +// file: mountfd +// // procSeccomp --> [forward fd to listenerPath] // file: seccomp fd // --- no return synchronisation @@ -39,6 +44,8 @@ const ( procRun syncType = "procRun" procHooks syncType = "procHooks" procHooksDone syncType = "procHooksDone" + procMountPlease syncType = "procMountPlease" + procMountFd syncType = "procMountFd" procSeccomp syncType = "procSeccomp" procSeccompDone syncType = "procSeccompDone" ) diff --git a/libcontainer/userns/usernsfd_linux.go b/libcontainer/userns/usernsfd_linux.go new file mode 100644 index 00000000000..64446815581 --- /dev/null +++ b/libcontainer/userns/usernsfd_linux.go @@ -0,0 +1,153 @@ +package userns + +import ( + "fmt" + "os" + "sort" + "strings" + "sync" + "syscall" + + "github.com/sirupsen/logrus" + "golang.org/x/sys/unix" + + "github.com/opencontainers/runc/libcontainer/configs" +) + +type Mapping struct { + UIDMappings []configs.IDMap + GIDMappings []configs.IDMap +} + +func (m Mapping) toSys() (uids, gids []syscall.SysProcIDMap) { + for _, uid := range m.UIDMappings { + uids = append(uids, syscall.SysProcIDMap{ + ContainerID: uid.ContainerID, + HostID: uid.HostID, + Size: uid.Size, + }) + } + for _, gid := range m.GIDMappings { + gids = append(gids, syscall.SysProcIDMap{ + ContainerID: gid.ContainerID, + HostID: gid.HostID, + Size: gid.Size, + }) + } + return +} + +// id returns a unique identifier for this mapping, agnostic of the order of +// the uid and gid mappings (because the order doesn't matter to the kernel). +// The set of userns handles is indexed using this ID. +func (m Mapping) id() string { + var uids, gids []string + for _, idmap := range m.UIDMappings { + uids = append(uids, fmt.Sprintf("%d:%d:%d", idmap.ContainerID, idmap.HostID, idmap.Size)) + } + for _, idmap := range m.GIDMappings { + gids = append(gids, fmt.Sprintf("%d:%d:%d", idmap.ContainerID, idmap.HostID, idmap.Size)) + } + // We don't care about the sort order -- just sort them. + sort.Strings(uids) + sort.Strings(gids) + return "uid=" + strings.Join(uids, ",") + ";gid=" + strings.Join(gids, ",") +} + +type Handles struct { + m sync.Mutex + maps map[string]*os.File +} + +// Release all resources associated with this Handle. All existing files +// returned from Get() will continue to work even after calling Release(). The +// same Handles can be re-used after calling Release(). +func (hs *Handles) Release() { + hs.m.Lock() + defer hs.m.Unlock() + + // Close the files for good measure, though GC will do that for us anyway. + for _, file := range hs.maps { + _ = file.Close() + } + hs.maps = nil +} + +func spawnProc(req Mapping) (*os.Process, error) { + // We need to spawn a subprocess with the requested mappings, which is + // unfortunately quite expensive. The "safe" way of doing this is natively + // with Go (and then spawning something like "sleep infinity"), but + // execve() is a waste of cycles because we just need some process to have + // the right mapping, we don't care what it's executing. The "unsafe" + // option of doing a clone() behind the back of Go is probably okay in + // theory as long as we just do kill(getpid(), SIGSTOP). However, if we + // tell Go to put the new process into PTRACE_TRACEME mode, we can avoid + // the exec and not have to faff around with the mappings. + // + // Note that Go's stdlib does not support newuidmap, but in the case of + // id-mapped mounts, it seems incredibly unlikely that the user will be + // requesting us to do a remapping as an unprivileged user with mappings + // they have privileges over. + logrus.Debugf("spawning dummy process for id-mapping %s", req.id()) + uidMappings, gidMappings := req.toSys() + return os.StartProcess("/proc/self/exe", []string{"runc", "--help"}, &os.ProcAttr{ + Sys: &syscall.SysProcAttr{ + Cloneflags: unix.CLONE_NEWUSER, + UidMappings: uidMappings, + GidMappings: gidMappings, + GidMappingsEnableSetgroups: false, + // Put the process into PTRACE_TRACEME mode to allow us to get the + // userns without having a proper execve() target. + Ptrace: true, + }, + }) +} + +func dupFile(f *os.File) (*os.File, error) { + newFd, err := unix.FcntlInt(f.Fd(), unix.F_DUPFD_CLOEXEC, 0) + if err != nil { + return nil, os.NewSyscallError("fcntl(F_DUPFD_CLOEXEC)", err) + } + return os.NewFile(uintptr(newFd), f.Name()), nil +} + +// Get returns a handle to a /proc/$pid/ns/user nsfs file with the requested +// mapping. The processes spawned to produce userns nsfds are cached, so if +// equivalent user namespace mappings are requested, the same user namespace +// will be returned. The caller is responsible for closing the returned file +// descriptor. +func (hs *Handles) Get(req Mapping) (file *os.File, err error) { + hs.m.Lock() + defer hs.m.Unlock() + + if hs.maps == nil { + hs.maps = make(map[string]*os.File) + } + + file, ok := hs.maps[req.id()] + if !ok { + proc, err := spawnProc(req) + if err != nil { + return nil, fmt.Errorf("failed to spawn dummy process for map %s: %w", req.id(), err) + } + // Make sure we kill the helper process. We ignore errors because + // there's not much we can do about them anyway, and ultimately + defer func() { + _ = proc.Kill() + _, _ = proc.Wait() + }() + + // Stash away a handle to the userns file. This is neater than keeping + // the process alive, because Go's GC can handle files much better than + // leaked processes, and having long-living useless processes seems + // less than ideal. + file, err = os.Open(fmt.Sprintf("/proc/%d/ns/user", proc.Pid)) + if err != nil { + return nil, err + } + hs.maps[req.id()] = file + } + // Duplicate the file, to make sure the lifecycle of each *os.File we + // return is independent. + return dupFile(file) +} diff --git a/libcontainer/userns/usernsfd_linux_test.go b/libcontainer/userns/usernsfd_linux_test.go new file mode 100644 index 00000000000..23a3419fcae --- /dev/null +++ b/libcontainer/userns/usernsfd_linux_test.go @@ -0,0 +1,52 @@ +package userns + +import ( + "os" + "testing" + + "github.com/opencontainers/runc/libcontainer/configs" +) + +func BenchmarkSpawnProc(b *testing.B) { + if os.Geteuid() != 0 { + b.Skip("spawning user namespaced processes requires root") + } + + // We can reuse the mapping as we call spawnProc() directly. + mapping := Mapping{ + UIDMappings: []configs.IDMap{ + {ContainerID: 0, HostID: 1337, Size: 142}, + {ContainerID: 150, HostID: 0, Size: 1}, + {ContainerID: 442, HostID: 1111, Size: 12}, + {ContainerID: 1000, HostID: 9999, Size: 92}, + {ContainerID: 9999, HostID: 1000000, Size: 4}, + // Newer kernels support more than 5 entries, but stick to 5 here. + }, + GIDMappings: []configs.IDMap{ + {ContainerID: 1, HostID: 2337, Size: 142}, + {ContainerID: 145, HostID: 6, Size: 1}, + {ContainerID: 200, HostID: 1000, Size: 12}, + {ContainerID: 1000, HostID: 9888, Size: 92}, + {ContainerID: 8999, HostID: 1000000, Size: 4}, + // Newer kernels support more than 5 entries, but stick to 5 here. + }, + } + + procs := make([]*os.Process, 0, b.N) + b.Cleanup(func() { + for _, proc := range procs { + if proc != nil { + _ = proc.Kill() + _, _ = proc.Wait() + } + } + }) + + for i := 0; i < b.N; i++ { + proc, err := spawnProc(mapping) + if err != nil { + b.Error(err) + } + procs = append(procs, proc) + } +} From 5ae88daf06daa8d2439a98c6b86885d22e3064c4 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Sat, 5 Aug 2023 18:04:50 +1000 Subject: [PATCH 0460/1176] idmap: allow arbitrary idmap mounts regardless of userns configuration With the rework of nsexec.c to handle MOUNT_ATTR_IDMAP in our Go code we can now handle arbitrary mappings without issue, so remove the primary artificial limit of mappings (must use the same mapping as the container's userns) and add some tests. We still only support idmap mounts for bind-mounts because configuring mappings for other filesystems would require switching our entire mount machinery to the new mount API. The current design would easily allow for this but we would need to convert new mount options entirely to the fsopen/fsconfig/fsmount API. This can be done in the future. Signed-off-by: Aleksa Sarai --- libcontainer/configs/validate/validator.go | 39 +- .../configs/validate/validator_test.go | 72 ++-- tests/integration/idmap.bats | 378 +++++++++++++----- 3 files changed, 312 insertions(+), 177 deletions(-) diff --git a/libcontainer/configs/validate/validator.go b/libcontainer/configs/validate/validator.go index 2594d05c723..33f9cc3f5fe 100644 --- a/libcontainer/configs/validate/validator.go +++ b/libcontainer/configs/validate/validator.go @@ -312,26 +312,12 @@ func checkIDMapMounts(config *configs.Config, m *configs.Mount) error { if !m.IsIDMapped() { return nil } - if !m.IsBind() { - return fmt.Errorf("gidMappings/uidMappings is supported only for mounts with the option 'bind'") + return errors.New("id-mapped mounts are only supported for bind-mounts") } if config.RootlessEUID { - return fmt.Errorf("gidMappings/uidMappings is not supported when runc is being launched with EUID != 0, needs CAP_SYS_ADMIN on the runc parent's user namespace") - } - if len(config.UIDMappings) == 0 || len(config.GIDMappings) == 0 { - return fmt.Errorf("not yet supported to use gidMappings/uidMappings in a mount without also using a user namespace") - } - if !sameMapping(config.UIDMappings, m.UIDMappings) { - return fmt.Errorf("not yet supported for the mount uidMappings to be different than user namespace uidMapping") - } - if !sameMapping(config.GIDMappings, m.GIDMappings) { - return fmt.Errorf("not yet supported for the mount gidMappings to be different than user namespace gidMapping") + return errors.New("id-mapped mounts are not supported for rootless containers") } - if !filepath.IsAbs(m.Source) { - return fmt.Errorf("mount source not absolute") - } - return nil } @@ -356,27 +342,6 @@ func mountsStrict(config *configs.Config) error { return nil } -// sameMapping checks if the mappings are the same. If the mappings are the same -// but in different order, it returns false. -func sameMapping(a, b []configs.IDMap) bool { - if len(a) != len(b) { - return false - } - - for i := range a { - if a[i].ContainerID != b[i].ContainerID { - return false - } - if a[i].HostID != b[i].HostID { - return false - } - if a[i].Size != b[i].Size { - return false - } - } - return true -} - func isHostNetNS(path string) (bool, error) { const currentProcessNetns = "/proc/self/ns/net" diff --git a/libcontainer/configs/validate/validator_test.go b/libcontainer/configs/validate/validator_test.go index 755d2a07be8..9d3f50c7c70 100644 --- a/libcontainer/configs/validate/validator_test.go +++ b/libcontainer/configs/validate/validator_test.go @@ -538,12 +538,13 @@ func TestValidateIDMapMounts(t *testing.T) { }, }, { - name: "idmap mount without userns mappings", - isErr: true, + name: "idmap mounts without abs source path", config: &configs.Config{ + UIDMappings: mapping, + GIDMappings: mapping, Mounts: []*configs.Mount{ { - Source: "/abs/path/", + Source: "./rel/path/", Destination: "/abs/path/", Flags: unix.MS_BIND, UIDMappings: mapping, @@ -553,62 +554,47 @@ func TestValidateIDMapMounts(t *testing.T) { }, }, { - name: "idmap mounts with different userns and mount mappings", - isErr: true, + name: "idmap mounts without abs dest path", config: &configs.Config{ UIDMappings: mapping, GIDMappings: mapping, Mounts: []*configs.Mount{ { Source: "/abs/path/", - Destination: "/abs/path/", + Destination: "./rel/path/", Flags: unix.MS_BIND, - UIDMappings: []configs.IDMap{ - { - ContainerID: 10, - HostID: 10, - Size: 1, - }, - }, + UIDMappings: mapping, GIDMappings: mapping, }, }, }, }, { - name: "idmap mounts with different userns and mount mappings", - isErr: true, + name: "simple idmap mount", config: &configs.Config{ UIDMappings: mapping, GIDMappings: mapping, Mounts: []*configs.Mount{ { - Source: "/abs/path/", + Source: "/another-abs/path/", Destination: "/abs/path/", Flags: unix.MS_BIND, UIDMappings: mapping, - GIDMappings: []configs.IDMap{ - { - ContainerID: 10, - HostID: 10, - Size: 1, - }, - }, + GIDMappings: mapping, }, }, }, }, { - name: "idmap mounts without abs source path", - isErr: true, + name: "idmap mount with more flags", config: &configs.Config{ UIDMappings: mapping, GIDMappings: mapping, Mounts: []*configs.Mount{ { - Source: "./rel/path/", + Source: "/another-abs/path/", Destination: "/abs/path/", - Flags: unix.MS_BIND, + Flags: unix.MS_BIND | unix.MS_RDONLY, UIDMappings: mapping, GIDMappings: mapping, }, @@ -616,14 +602,12 @@ func TestValidateIDMapMounts(t *testing.T) { }, }, { - name: "idmap mounts without abs dest path", + name: "idmap mount without userns mappings", config: &configs.Config{ - UIDMappings: mapping, - GIDMappings: mapping, Mounts: []*configs.Mount{ { Source: "/abs/path/", - Destination: "./rel/path/", + Destination: "/abs/path/", Flags: unix.MS_BIND, UIDMappings: mapping, GIDMappings: mapping, @@ -632,33 +616,45 @@ func TestValidateIDMapMounts(t *testing.T) { }, }, { - name: "simple idmap mount", + name: "idmap mounts with different userns and mount mappings", config: &configs.Config{ UIDMappings: mapping, GIDMappings: mapping, Mounts: []*configs.Mount{ { - Source: "/another-abs/path/", + Source: "/abs/path/", Destination: "/abs/path/", Flags: unix.MS_BIND, - UIDMappings: mapping, + UIDMappings: []configs.IDMap{ + { + ContainerID: 10, + HostID: 10, + Size: 1, + }, + }, GIDMappings: mapping, }, }, }, }, { - name: "idmap mount with more flags", + name: "idmap mounts with different userns and mount mappings", config: &configs.Config{ UIDMappings: mapping, GIDMappings: mapping, Mounts: []*configs.Mount{ { - Source: "/another-abs/path/", + Source: "/abs/path/", Destination: "/abs/path/", - Flags: unix.MS_BIND | unix.MS_RDONLY, + Flags: unix.MS_BIND, UIDMappings: mapping, - GIDMappings: mapping, + GIDMappings: []configs.IDMap{ + { + ContainerID: 10, + HostID: 10, + Size: 1, + }, + }, }, }, }, diff --git a/tests/integration/idmap.bats b/tests/integration/idmap.bats index 53784b55672..89fe4d82356 100644 --- a/tests/integration/idmap.bats +++ b/tests/integration/idmap.bats @@ -3,167 +3,341 @@ load helpers function setup() { + OVERFLOW_UID="$(cat /proc/sys/kernel/overflowuid)" + OVERFLOW_GID="$(cat /proc/sys/kernel/overflowgid)" + requires root requires_kernel 5.12 - requires_idmap_fs /tmp setup_debian + requires_idmap_fs . - # Prepare source folders for bind mount - mkdir -p source-{1,2}/ - touch source-{1,2}/foo.txt + # Prepare source folders for mounts. + mkdir -p source-{1,2,multi{1,2,3}}/ + touch source-{1,2,multi{1,2,3}}/foo.txt + touch source-multi{1,2,3}/{bar,baz}.txt - # Use other owner for source-2 + # Change the owners for everything other than source-1. chown 1:1 source-2/foo.txt - mkdir -p rootfs/tmp/mount-{1,2} - mkdir -p rootfs/mnt/bind-mount-{1,2} - - update_config ' .linux.namespaces += [{"type": "user"}] - | .linux.uidMappings += [{"hostID": 100000, "containerID": 0, "size": 65536}] - | .linux.gidMappings += [{"hostID": 100000, "containerID": 0, "size": 65536}] - | .process.args += ["-c", "stat -c =%u=%g= /tmp/mount-1/foo.txt"] - | .mounts += [ - { - "source": "source-1/", - "destination": "/tmp/mount-1", - "options": ["bind"], - "uidMappings": [ { - "containerID": 0, - "hostID": 100000, - "size": 65536 - } - ], - "gidMappings": [ { - "containerID": 0, - "hostID": 100000, - "size": 65536 - } - ] - } - ] ' + # A source with multiple users owning files. + chown 100:211 source-multi1/foo.txt + chown 101:222 source-multi1/bar.txt + chown 102:233 source-multi1/baz.txt - remap_rootfs + # Same gids as multi1, different uids. + chown 200:211 source-multi2/foo.txt + chown 201:222 source-multi2/bar.txt + chown 202:233 source-multi2/baz.txt + + # Even more users -- 1000 uids, 500 gids. + chown 5000528:6000491 source-multi3/foo.txt + chown 5000133:6000337 source-multi3/bar.txt + chown 5000999:6000444 source-multi3/baz.txt + + # Add a symlink-containing source. + ln -s source-multi1 source-multi1-symlink } function teardown() { teardown_bundle } -@test "simple idmap mount" { +function setup_idmap_userns() { + update_config '.linux.namespaces += [{"type": "user"}] + | .linux.uidMappings += [{"containerID": 0, "hostID": 100000, "size": 65536}] + | .linux.gidMappings += [{"containerID": 0, "hostID": 100000, "size": 65536}]' + remap_rootfs +} + +function setup_bind_mount() { + mountname="${1:-1}" + update_config '.mounts += [ + { + "source": "source-'"$mountname"'/", + "destination": "/tmp/bind-mount-'"$mountname"'", + "options": ["bind"] + } + ]' +} + +function setup_idmap_single_mount() { + uidmap="$1" # ctr:host:size + gidmap="$2" # ctr:host:size + mountname="$3" + destname="${4:-$mountname}" + + read -r uid_containerID uid_hostID uid_size <<<"$(tr : ' ' <<<"$uidmap")" + read -r gid_containerID gid_hostID gid_size <<<"$(tr : ' ' <<<"$gidmap")" + + update_config '.mounts += [ + { + "source": "source-'"$mountname"'/", + "destination": "/tmp/mount-'"$destname"'", + "options": ["bind"], + "uidMappings": [{"containerID": '"$uid_containerID"', "hostID": '"$uid_hostID"', "size": '"$uid_size"'}], + "gidMappings": [{"containerID": '"$gid_containerID"', "hostID": '"$gid_hostID"', "size": '"$gid_size"'}] + } + ]' +} + +function setup_idmap_basic_mount() { + mountname="${1:-1}" + setup_idmap_single_mount 0:100000:65536 0:100000:65536 "$mountname" +} + +@test "simple idmap mount [userns]" { + setup_idmap_userns + setup_idmap_basic_mount + + update_config '.process.args = ["sh", "-c", "stat -c =%u=%g= /tmp/mount-1/foo.txt"]' + runc run test_debian [ "$status" -eq 0 ] [[ "$output" == *"=0=0="* ]] } -@test "write to an idmap mount" { - update_config ' .process.args = ["sh", "-c", "touch /tmp/mount-1/bar && stat -c =%u=%g= /tmp/mount-1/bar"]' +@test "simple idmap mount [no userns]" { + setup_idmap_basic_mount + + update_config '.process.args = ["sh", "-c", "stat -c =%u=%g= /tmp/mount-1/foo.txt"]' + + runc run test_debian + [ "$status" -eq 0 ] + [[ "$output" == *"=100000=100000="* ]] +} + +@test "write to an idmap mount [userns]" { + setup_idmap_userns + setup_idmap_basic_mount + + update_config '.process.args = ["sh", "-c", "touch /tmp/mount-1/bar && stat -c =%u=%g= /tmp/mount-1/bar"]' + runc run test_debian [ "$status" -eq 0 ] [[ "$output" == *"=0=0="* ]] } -@test "idmap mount with propagation flag" { - update_config ' .process.args = ["sh", "-c", "findmnt -o PROPAGATION /tmp/mount-1"]' - # Add the shared option to the idmap mount - update_config ' .mounts |= map((select(.source == "source-1/") | .options += ["shared"]) // .)' +@test "write to an idmap mount [no userns]" { + setup_idmap_basic_mount + + update_config '.process.args = ["sh", "-c", "touch /tmp/mount-1/bar && stat -c =%u=%g= /tmp/mount-1/bar"]' + + runc run test_debian + # The write must fail because the user is unmapped. + [ "$status" -ne 0 ] + [[ "$output" == *"Value too large for defined data type"* ]] # ERANGE +} + +@test "idmap mount with propagation flag [userns]" { + setup_idmap_userns + setup_idmap_basic_mount + + update_config '.process.args = ["sh", "-c", "findmnt -o PROPAGATION /tmp/mount-1"]' + # Add the shared option to the idmap mount. + update_config '.mounts |= map((select(.source == "source-1/") | .options += ["shared"]) // .)' runc run test_debian [ "$status" -eq 0 ] [[ "$output" == *"shared"* ]] } -@test "idmap mount with relative path" { - update_config ' .mounts |= map((select(.source == "source-1/") | .destination = "tmp/mount-1") // .)' +@test "idmap mount with relative path [userns]" { + setup_idmap_userns + setup_idmap_basic_mount + + update_config '.process.args = ["sh", "-c", "stat -c =%u=%g= /tmp/mount-1/foo.txt"]' + # Switch the mount to have a relative mount destination. + update_config '.mounts |= map((select(.source == "source-1/") | .destination = "tmp/mount-1") // .)' runc run test_debian [ "$status" -eq 0 ] [[ "$output" == *"=0=0="* ]] } -@test "idmap mount with bind mount" { - update_config ' .mounts += [ - { - "source": "source-2/", - "destination": "/tmp/mount-2", - "options": ["bind"] - } - ] ' +@test "idmap mount with bind mount [userns]" { + setup_idmap_userns + setup_idmap_basic_mount + setup_bind_mount + + update_config '.process.args = ["bash", "-c", "stat -c =%n:%u=%g= /tmp/{,bind-}mount-1/foo.txt"]' runc run test_debian [ "$status" -eq 0 ] - [[ "$output" == *"=0=0="* ]] + [[ "$output" == *"=/tmp/mount-1/foo.txt:0=0="* ]] + [[ "$output" == *"=/tmp/bind-mount-1/foo.txt:$OVERFLOW_UID=$OVERFLOW_GID="* ]] } -@test "two idmap mounts with two bind mounts" { - update_config ' .process.args = ["sh", "-c", "stat -c =%u=%g= /tmp/mount-1/foo.txt /tmp/mount-2/foo.txt"] - | .mounts += [ - { - "source": "source-1/", - "destination": "/mnt/bind-mount-1", - "options": ["bind"] - }, - { - "source": "source-2/", - "destination": "/mnt/bind-mount-2", - "options": ["bind"] - }, - { - "source": "source-2/", - "destination": "/tmp/mount-2", - "options": ["bind"], - "uidMappings": [ { - "containerID": 0, - "hostID": 100000, - "size": 65536 - } - ], - "gidMappings": [ { - "containerID": 0, - "hostID": 100000, - "size": 65536 - } - ] - } - ] ' +@test "idmap mount with bind mount [no userns]" { + setup_idmap_basic_mount + setup_bind_mount + + update_config '.process.args = ["bash", "-c", "stat -c =%n:%u=%g= /tmp/{,bind-}mount-1/foo.txt"]' runc run test_debian [ "$status" -eq 0 ] - [[ "$output" == *"=0=0="* ]] - # source-2/ is owned by 1:1, so we expect this with the idmap mount too. - [[ "$output" == *"=1=1="* ]] + [[ "$output" == *"=/tmp/mount-1/foo.txt:100000=100000="* ]] + [[ "$output" == *"=/tmp/bind-mount-1/foo.txt:0=0="* ]] +} + +@test "two idmap mounts (same mapping) with two bind mounts [userns]" { + setup_idmap_userns + + setup_idmap_basic_mount 1 + setup_bind_mount 1 + setup_bind_mount 2 + setup_idmap_basic_mount 2 + + update_config '.process.args = ["bash", "-c", "stat -c =%n:%u=%g= /tmp/mount-[12]/foo.txt"]' + + runc run test_debian + [ "$status" -eq 0 ] + [[ "$output" == *"=/tmp/mount-1/foo.txt:0=0="* ]] + [[ "$output" == *"=/tmp/mount-2/foo.txt:1=1="* ]] +} + +@test "same idmap mount (different mappings) [userns]" { + setup_idmap_userns + + # Mount the same directory with different mappings. Make sure we also use + # different mappings for uids and gids. + setup_idmap_single_mount 100:100000:100 200:100000:100 multi1 + setup_idmap_single_mount 100:101000:100 200:102000:100 multi1 multi1-alt + setup_idmap_single_mount 100:102000:100 200:103000:100 multi1-symlink multi1-alt-sym + + update_config '.process.args = ["bash", "-c", "stat -c =%n:%u=%g= /tmp/mount-multi1{,-alt{,-sym}}/{foo,bar,baz}.txt"]' + + runc run test_debian + [ "$status" -eq 0 ] + [[ "$output" == *"=/tmp/mount-multi1/foo.txt:0=11="* ]] + [[ "$output" == *"=/tmp/mount-multi1/bar.txt:1=22="* ]] + [[ "$output" == *"=/tmp/mount-multi1/baz.txt:2=33="* ]] + [[ "$output" == *"=/tmp/mount-multi1-alt/foo.txt:1000=2011="* ]] + [[ "$output" == *"=/tmp/mount-multi1-alt/bar.txt:1001=2022="* ]] + [[ "$output" == *"=/tmp/mount-multi1-alt/baz.txt:1002=2033="* ]] + [[ "$output" == *"=/tmp/mount-multi1-alt-sym/foo.txt:2000=3011="* ]] + [[ "$output" == *"=/tmp/mount-multi1-alt-sym/bar.txt:2001=3022="* ]] + [[ "$output" == *"=/tmp/mount-multi1-alt-sym/baz.txt:2002=3033="* ]] +} + +@test "same idmap mount (different mappings) [no userns]" { + # Mount the same directory with different mappings. Make sure we also use + # different mappings for uids and gids. + setup_idmap_single_mount 100:100000:100 200:100000:100 multi1 + setup_idmap_single_mount 100:101000:100 200:102000:100 multi1 multi1-alt + setup_idmap_single_mount 100:102000:100 200:103000:100 multi1-symlink multi1-alt-sym + + update_config '.process.args = ["bash", "-c", "stat -c =%n:%u=%g= /tmp/mount-multi1{,-alt{,-sym}}/{foo,bar,baz}.txt"]' + + runc run test_debian + [ "$status" -eq 0 ] + [[ "$output" == *"=/tmp/mount-multi1/foo.txt:100000=100011="* ]] + [[ "$output" == *"=/tmp/mount-multi1/bar.txt:100001=100022="* ]] + [[ "$output" == *"=/tmp/mount-multi1/baz.txt:100002=100033="* ]] + [[ "$output" == *"=/tmp/mount-multi1-alt/foo.txt:101000=102011="* ]] + [[ "$output" == *"=/tmp/mount-multi1-alt/bar.txt:101001=102022="* ]] + [[ "$output" == *"=/tmp/mount-multi1-alt/baz.txt:101002=102033="* ]] + [[ "$output" == *"=/tmp/mount-multi1-alt-sym/foo.txt:102000=103011="* ]] + [[ "$output" == *"=/tmp/mount-multi1-alt-sym/bar.txt:102001=103022="* ]] + [[ "$output" == *"=/tmp/mount-multi1-alt-sym/baz.txt:102002=103033="* ]] } -@test "idmap mount without gidMappings fails" { - update_config ' .mounts |= map((select(.source == "source-1/") | del(.gidMappings) ) // .)' +@test "multiple idmap mounts (different mappings) [userns]" { + setup_idmap_userns + + # Make sure we use different mappings for uids and gids. + setup_idmap_single_mount 100:101100:3 200:101900:50 multi1 + setup_idmap_single_mount 200:102200:3 200:102900:100 multi2 + setup_idmap_single_mount 5000000:103000:1000 6000000:103000:500 multi3 + + update_config '.process.args = ["bash", "-c", "stat -c =%n:%u=%g= /tmp/mount-multi[123]/{foo,bar,baz}.txt"]' runc run test_debian - [ "$status" -eq 1 ] - [[ "${output}" == *"invalid mount"* ]] + [ "$status" -eq 0 ] + [[ "$output" == *"=/tmp/mount-multi1/foo.txt:1100=1911="* ]] + [[ "$output" == *"=/tmp/mount-multi1/bar.txt:1101=1922="* ]] + [[ "$output" == *"=/tmp/mount-multi1/baz.txt:1102=1933="* ]] + [[ "$output" == *"=/tmp/mount-multi2/foo.txt:2200=2911="* ]] + [[ "$output" == *"=/tmp/mount-multi2/bar.txt:2201=2922="* ]] + [[ "$output" == *"=/tmp/mount-multi2/baz.txt:2202=2933="* ]] + [[ "$output" == *"=/tmp/mount-multi3/foo.txt:3528=3491="* ]] + [[ "$output" == *"=/tmp/mount-multi3/bar.txt:3133=3337="* ]] + [[ "$output" == *"=/tmp/mount-multi3/baz.txt:3999=3444="* ]] } -@test "idmap mount without uidMappings fails" { - update_config ' .mounts |= map((select(.source == "source-1/") | del(.uidMappings) ) // .)' +@test "multiple idmap mounts (different mappings) [no userns]" { + # Make sure we use different mappings for uids and gids. + setup_idmap_single_mount 100:1100:3 200:1900:50 multi1 + setup_idmap_single_mount 200:2200:3 200:2900:100 multi2 + setup_idmap_single_mount 5000000:3000:1000 6000000:3000:500 multi3 + + update_config '.process.args = ["bash", "-c", "stat -c =%n:%u=%g= /tmp/mount-multi[123]/{foo,bar,baz}.txt"]' runc run test_debian - [ "$status" -eq 1 ] - [[ "${output}" == *"invalid mount"* ]] + [ "$status" -eq 0 ] + [[ "$output" == *"=/tmp/mount-multi1/foo.txt:1100=1911="* ]] + [[ "$output" == *"=/tmp/mount-multi1/bar.txt:1101=1922="* ]] + [[ "$output" == *"=/tmp/mount-multi1/baz.txt:1102=1933="* ]] + [[ "$output" == *"=/tmp/mount-multi2/foo.txt:2200=2911="* ]] + [[ "$output" == *"=/tmp/mount-multi2/bar.txt:2201=2922="* ]] + [[ "$output" == *"=/tmp/mount-multi2/baz.txt:2202=2933="* ]] + [[ "$output" == *"=/tmp/mount-multi3/foo.txt:3528=3491="* ]] + [[ "$output" == *"=/tmp/mount-multi3/bar.txt:3133=3337="* ]] + [[ "$output" == *"=/tmp/mount-multi3/baz.txt:3999=3444="* ]] } -@test "idmap mount without bind fails" { - update_config ' .mounts |= map((select(.source == "source-1/") | .options = [""]) // .)' +@test "idmap mount (complicated mapping) [userns]" { + setup_idmap_userns + + update_config '.mounts += [ + { + "source": "source-multi1/", + "destination": "/tmp/mount-multi1", + "options": ["bind"], + "uidMappings": [ + {"containerID": 100, "hostID": 101000, "size": 1}, + {"containerID": 101, "hostID": 102000, "size": 1}, + {"containerID": 102, "hostID": 103000, "size": 1} + ], + "gidMappings": [ + {"containerID": 210, "hostID": 101100, "size": 10}, + {"containerID": 220, "hostID": 102200, "size": 10}, + {"containerID": 230, "hostID": 103300, "size": 10} + ] + } + ]' + update_config '.process.args = ["bash", "-c", "stat -c =%n:%u=%g= /tmp/mount-multi1/{foo,bar,baz}.txt"]' runc run test_debian - [ "$status" -eq 1 ] - [[ "${output}" == *"invalid mount"* ]] + [ "$status" -eq 0 ] + [[ "$output" == *"=/tmp/mount-multi1/foo.txt:1000=1101="* ]] + [[ "$output" == *"=/tmp/mount-multi1/bar.txt:2000=2202="* ]] + [[ "$output" == *"=/tmp/mount-multi1/baz.txt:3000=3303="* ]] } -@test "idmap mount with different mapping than userns fails" { - # Let's modify the containerID to be 1, instead of 0 as it is in the - # userns config. - update_config ' .mounts |= map((select(.source == "source-1/") | .uidMappings[0]["containerID"] = 1 ) // .)' +@test "idmap mount (complicated mapping) [no userns]" { + update_config '.mounts += [ + { + "source": "source-multi1/", + "destination": "/tmp/mount-multi1", + "options": ["bind"], + "uidMappings": [ + {"containerID": 100, "hostID": 1000, "size": 1}, + {"containerID": 101, "hostID": 2000, "size": 1}, + {"containerID": 102, "hostID": 3000, "size": 1} + ], + "gidMappings": [ + {"containerID": 210, "hostID": 1100, "size": 10}, + {"containerID": 220, "hostID": 2200, "size": 10}, + {"containerID": 230, "hostID": 3300, "size": 10} + ] + } + ]' + update_config '.process.args = ["bash", "-c", "stat -c =%n:%u=%g= /tmp/mount-multi1/{foo,bar,baz}.txt"]' runc run test_debian - [ "$status" -eq 1 ] - [[ "${output}" == *"invalid mount"* ]] + [ "$status" -eq 0 ] + [[ "$output" == *"=/tmp/mount-multi1/foo.txt:1000=1101="* ]] + [[ "$output" == *"=/tmp/mount-multi1/bar.txt:2000=2202="* ]] + [[ "$output" == *"=/tmp/mount-multi1/baz.txt:3000=3303="* ]] } From a04d88ec735de6b0e6c2dcdd62da9fac966a2efa Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Tue, 7 Nov 2023 12:55:04 +1100 Subject: [PATCH 0461/1176] vendor: update to github.com/moby/sys/mountinfo@v0.7.1 The primary change is a switch to using /proc/thread-self, which is needed for when we add a CLONE_FS thread to runc. Signed-off-by: Aleksa Sarai --- go.mod | 2 +- go.sum | 4 +- .../moby/sys/mountinfo/mountinfo_linux.go | 50 ++++++++++++++++--- vendor/modules.txt | 2 +- 4 files changed, 47 insertions(+), 11 deletions(-) diff --git a/go.mod b/go.mod index dcbb0ae3c16..4b2adfc2e80 100644 --- a/go.mod +++ b/go.mod @@ -10,7 +10,7 @@ require ( github.com/cyphar/filepath-securejoin v0.2.4 github.com/docker/go-units v0.5.0 github.com/godbus/dbus/v5 v5.1.0 - github.com/moby/sys/mountinfo v0.6.2 + github.com/moby/sys/mountinfo v0.7.1 github.com/moby/sys/user v0.1.0 github.com/mrunalp/fileutils v0.5.1 github.com/opencontainers/runtime-spec v1.1.1-0.20230823135140-4fec88fd00a4 diff --git a/go.sum b/go.sum index 3b347e30a91..fbeb4d83575 100644 --- a/go.sum +++ b/go.sum @@ -26,8 +26,8 @@ github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= -github.com/moby/sys/mountinfo v0.6.2 h1:BzJjoreD5BMFNmD9Rus6gdd1pLuecOFPt8wC+Vygl78= -github.com/moby/sys/mountinfo v0.6.2/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI= +github.com/moby/sys/mountinfo v0.7.1 h1:/tTvQaSJRr2FshkhXiIpux6fQ2Zvc4j7tAhMTStAG2g= +github.com/moby/sys/mountinfo v0.7.1/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI= github.com/moby/sys/user v0.1.0 h1:WmZ93f5Ux6het5iituh9x2zAG7NFY9Aqi49jjE1PaQg= github.com/moby/sys/user v0.1.0/go.mod h1:fKJhFOnsCN6xZ5gSfbM6zaHGgDJMrqt9/reuj4T7MmU= github.com/mrunalp/fileutils v0.5.1 h1:F+S7ZlNKnrwHfSwdlgNSkKo67ReVf8o9fel6C3dkm/Q= diff --git a/vendor/github.com/moby/sys/mountinfo/mountinfo_linux.go b/vendor/github.com/moby/sys/mountinfo/mountinfo_linux.go index 59332b07bf4..b32b5c9b150 100644 --- a/vendor/github.com/moby/sys/mountinfo/mountinfo_linux.go +++ b/vendor/github.com/moby/sys/mountinfo/mountinfo_linux.go @@ -5,15 +5,19 @@ import ( "fmt" "io" "os" + "runtime" "strconv" "strings" + "sync" + + "golang.org/x/sys/unix" ) // GetMountsFromReader retrieves a list of mounts from the // reader provided, with an optional filter applied (use nil // for no filter). This can be useful in tests or benchmarks // that provide fake mountinfo data, or when a source other -// than /proc/self/mountinfo needs to be read from. +// than /proc/thread-self/mountinfo needs to be read from. // // This function is Linux-specific. func GetMountsFromReader(r io.Reader, filter FilterFunc) ([]*Info, error) { @@ -127,8 +131,40 @@ func GetMountsFromReader(r io.Reader, filter FilterFunc) ([]*Info, error) { return out, nil } -func parseMountTable(filter FilterFunc) ([]*Info, error) { - f, err := os.Open("/proc/self/mountinfo") +var ( + haveProcThreadSelf bool + haveProcThreadSelfOnce sync.Once +) + +func parseMountTable(filter FilterFunc) (_ []*Info, err error) { + haveProcThreadSelfOnce.Do(func() { + _, err := os.Stat("/proc/thread-self/mountinfo") + haveProcThreadSelf = err == nil + }) + + // We need to lock ourselves to the current OS thread in order to make sure + // that the thread referenced by /proc/thread-self stays alive until we + // finish parsing the file. + runtime.LockOSThread() + defer runtime.UnlockOSThread() + + var f *os.File + if haveProcThreadSelf { + f, err = os.Open("/proc/thread-self/mountinfo") + } else { + // On pre-3.17 kernels (such as CentOS 7), we don't have + // /proc/thread-self/ so we need to manually construct + // /proc/self/task// as a fallback. + f, err = os.Open("/proc/self/task/" + strconv.Itoa(unix.Gettid()) + "/mountinfo") + if os.IsNotExist(err) { + // If /proc/self/task/... failed, it means that our active pid + // namespace doesn't match the pid namespace of the /proc mount. In + // this case we just have to make do with /proc/self, since there + // is no other way of figuring out our tid in a parent pid + // namespace on pre-3.17 kernels. + f, err = os.Open("/proc/self/mountinfo") + } + } if err != nil { return nil, err } @@ -158,10 +194,10 @@ func PidMountInfo(pid int) ([]*Info, error) { // A few specific characters in mountinfo path entries (root and mountpoint) // are escaped using a backslash followed by a character's ascii code in octal. // -// space -- as \040 -// tab (aka \t) -- as \011 -// newline (aka \n) -- as \012 -// backslash (aka \\) -- as \134 +// space -- as \040 +// tab (aka \t) -- as \011 +// newline (aka \n) -- as \012 +// backslash (aka \\) -- as \134 // // This function converts path from mountinfo back, i.e. it unescapes the above sequences. func unescape(path string) (string, error) { diff --git a/vendor/modules.txt b/vendor/modules.txt index 1863d3de21f..23438cb8215 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -33,7 +33,7 @@ github.com/docker/go-units # github.com/godbus/dbus/v5 v5.1.0 ## explicit; go 1.12 github.com/godbus/dbus/v5 -# github.com/moby/sys/mountinfo v0.6.2 +# github.com/moby/sys/mountinfo v0.7.1 ## explicit; go 1.16 github.com/moby/sys/mountinfo # github.com/moby/sys/user v0.1.0 From 8e8b136c4923ac33567c4cb775c6c8a17749fd02 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Thu, 24 Aug 2023 12:53:53 +1000 Subject: [PATCH 0462/1176] tree-wide: use /proc/thread-self for thread-local state With the idmap work, we will have a tainted Go thread in our thread-group that has a different mount namespace to the other threads. It seems that (due to some bad luck) the Go scheduler tends to make this thread the thread-group leader in our tests, which results in very baffling failures where /proc/self/mountinfo produces gibberish results. In order to avoid this, switch to using /proc/thread-self for everything that is thread-local. This primarily includes switching all file descriptor paths (CLONE_FS), all of the places that check the current cgroup (technically we never will run a single runc thread in a separate cgroup, but better to be safe than sorry), and the aforementioned mountinfo code. We don't need to do anything for the following because the results we need aren't thread-local: * Checks that certain namespaces are supported by stat(2)ing /proc/self/ns/... * /proc/self/exe and /proc/self/cmdline are not thread-local. * While threads can be in different cgroups, we do not do this for the runc binary (or libcontainer) and thus we do not need to switch to the thread-local version of /proc/self/cgroups. * All of the CLONE_NEWUSER files are not thread-local because you cannot set the usernamespace of a single thread (setns(CLONE_NEWUSER) is blocked for multi-threaded programs). Note that we have to use runtime.LockOSThread when we have an open handle to a tid-specific procfs file that we are operating on multiple times. Go can reschedule us such that we are running on a different thread and then kill the original thread (causing -ENOENT or similarly confusing errors). This is not strictly necessary for most usages of /proc/thread-self (such as using /proc/thread-self/fd/$n directly) since only operating on the actual inodes associated with the tid requires this locking, but because of the pre-3.17 fallback for CentOS, we have to do this in most cases. In addition, CentOS's kernel is too old for /proc/thread-self, which requires us to emulate it -- however in rootfs_linux.go, we are in the container pid namespace but /proc is the host's procfs. This leads to the incredibly frustrating situation where there is no way (on pre-4.1 Linux) to figure out which /proc/self/task/... entry refers to the current tid. We can just use /proc/self in this case. Yes this is all pretty ugly. I also wish it wasn't necessary. Signed-off-by: Aleksa Sarai --- libcontainer/apparmor/apparmor_linux.go | 15 ++-- libcontainer/cgroups/cgroups_test.go | 3 + libcontainer/cgroups/file.go | 9 +- libcontainer/cgroups/fs2/defaultpath.go | 3 + libcontainer/cgroups/v1_utils.go | 10 ++- libcontainer/configs/namespaces_linux.go | 3 + libcontainer/container_linux.go | 10 ++- libcontainer/criu_linux.go | 5 +- libcontainer/init_linux.go | 3 + libcontainer/integration/exec_test.go | 36 +++++--- libcontainer/mount_linux.go | 22 +++-- libcontainer/rootfs_linux.go | 85 +++++++++++------- libcontainer/rootfs_linux_test.go | 75 +++++++++++++--- libcontainer/standard_init_linux.go | 5 +- libcontainer/userns/usernsfd_linux.go | 3 + libcontainer/utils/utils.go | 36 -------- libcontainer/utils/utils_unix.go | 106 ++++++++++++++++++++++- utils_linux.go | 4 +- 18 files changed, 319 insertions(+), 114 deletions(-) diff --git a/libcontainer/apparmor/apparmor_linux.go b/libcontainer/apparmor/apparmor_linux.go index 8b1483c7de7..17d36ed15a3 100644 --- a/libcontainer/apparmor/apparmor_linux.go +++ b/libcontainer/apparmor/apparmor_linux.go @@ -26,14 +26,19 @@ func isEnabled() bool { } func setProcAttr(attr, value string) error { - // Under AppArmor you can only change your own attr, so use /proc/self/ - // instead of /proc// like libapparmor does - attrPath := "/proc/self/attr/apparmor/" + attr - if _, err := os.Stat(attrPath); errors.Is(err, os.ErrNotExist) { + attr = utils.CleanPath(attr) + attrSubPath := "attr/apparmor/" + attr + if _, err := os.Stat("/proc/self/" + attrSubPath); errors.Is(err, os.ErrNotExist) { // fall back to the old convention - attrPath = "/proc/self/attr/" + attr + attrSubPath = "attr/" + attr } + // Under AppArmor you can only change your own attr, so there's no reason + // to not use /proc/thread-self/ (instead of /proc//, like libapparmor + // does). + attrPath, closer := utils.ProcThreadSelf(attrSubPath) + defer closer() + f, err := os.OpenFile(attrPath, os.O_WRONLY, 0) if err != nil { return err diff --git a/libcontainer/cgroups/cgroups_test.go b/libcontainer/cgroups/cgroups_test.go index b31412f5a04..b7ca7b1837a 100644 --- a/libcontainer/cgroups/cgroups_test.go +++ b/libcontainer/cgroups/cgroups_test.go @@ -5,6 +5,9 @@ import ( ) func TestParseCgroups(t *testing.T) { + // We don't need to use /proc/thread-self here because runc always runs + // with every thread in the same cgroup. This lets us avoid having to do + // runtime.LockOSThread. cgroups, err := ParseCgroupFile("/proc/self/cgroup") if err != nil { t.Fatal(err) diff --git a/libcontainer/cgroups/file.go b/libcontainer/cgroups/file.go index b0d6e33beb0..6c93ce4502d 100644 --- a/libcontainer/cgroups/file.go +++ b/libcontainer/cgroups/file.go @@ -136,13 +136,14 @@ func openFile(dir, file string, flags int) (*os.File, error) { // // TODO: if such usage will ever be common, amend this // to reopen cgroupFd and retry openat2. - fdStr := strconv.Itoa(cgroupFd) - fdDest, _ := os.Readlink("/proc/self/fd/" + fdStr) + fdPath, closer := utils.ProcThreadSelf("fd/" + strconv.Itoa(cgroupFd)) + defer closer() + fdDest, _ := os.Readlink(fdPath) if fdDest != cgroupfsDir { // Wrap the error so it is clear that cgroupFd // is opened to an unexpected/wrong directory. - err = fmt.Errorf("cgroupFd %s unexpectedly opened to %s != %s: %w", - fdStr, fdDest, cgroupfsDir, err) + err = fmt.Errorf("cgroupFd %d unexpectedly opened to %s != %s: %w", + cgroupFd, fdDest, cgroupfsDir, err) } return nil, err } diff --git a/libcontainer/cgroups/fs2/defaultpath.go b/libcontainer/cgroups/fs2/defaultpath.go index 9c949c91f08..8ac8312017b 100644 --- a/libcontainer/cgroups/fs2/defaultpath.go +++ b/libcontainer/cgroups/fs2/defaultpath.go @@ -55,6 +55,9 @@ func _defaultDirPath(root, cgPath, cgParent, cgName string) (string, error) { return filepath.Join(root, innerPath), nil } + // we don't need to use /proc/thread-self here because runc always runs + // with every thread in the same cgroup. This lets us avoid having to do + // runtime.LockOSThread. ownCgroup, err := parseCgroupFile("/proc/self/cgroup") if err != nil { return "", err diff --git a/libcontainer/cgroups/v1_utils.go b/libcontainer/cgroups/v1_utils.go index 8524c468434..81193e20983 100644 --- a/libcontainer/cgroups/v1_utils.go +++ b/libcontainer/cgroups/v1_utils.go @@ -99,11 +99,12 @@ func tryDefaultPath(cgroupPath, subsystem string) string { // expensive), so it is assumed that cgroup mounts are not being changed. func readCgroupMountinfo() ([]*mountinfo.Info, error) { readMountinfoOnce.Do(func() { + // mountinfo.GetMounts uses /proc/thread-self, so we can use it without + // issues. cgroupMountinfo, readMountinfoErr = mountinfo.GetMounts( mountinfo.FSTypeFilter("cgroup"), ) }) - return cgroupMountinfo, readMountinfoErr } @@ -196,6 +197,9 @@ func getCgroupMountsV1(all bool) ([]Mount, error) { return nil, err } + // We don't need to use /proc/thread-self here because runc always runs + // with every thread in the same cgroup. This lets us avoid having to do + // runtime.LockOSThread. allSubsystems, err := ParseCgroupFile("/proc/self/cgroup") if err != nil { return nil, err @@ -214,6 +218,10 @@ func GetOwnCgroup(subsystem string) (string, error) { if IsCgroup2UnifiedMode() { return "", errUnified } + + // We don't need to use /proc/thread-self here because runc always runs + // with every thread in the same cgroup. This lets us avoid having to do + // runtime.LockOSThread. cgroups, err := ParseCgroupFile("/proc/self/cgroup") if err != nil { return "", err diff --git a/libcontainer/configs/namespaces_linux.go b/libcontainer/configs/namespaces_linux.go index 5062432f8c3..898f96fd0f5 100644 --- a/libcontainer/configs/namespaces_linux.go +++ b/libcontainer/configs/namespaces_linux.go @@ -59,6 +59,9 @@ func IsNamespaceSupported(ns NamespaceType) bool { if nsFile == "" { return false } + // We don't need to use /proc/thread-self here because the list of + // namespace types is unrelated to the thread. This lets us avoid having to + // do runtime.LockOSThread. _, err := os.Stat("/proc/self/ns/" + nsFile) // a namespace is supported if it exists and we have permissions to read it supported = err == nil diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index c9aacf57f97..c79988e5ff0 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -509,14 +509,20 @@ func (c *Container) newParentProcess(p *Process) (parentProcess, error) { if dmz.IsSelfExeCloned() { // /proc/self/exe is already a cloned binary -- no need to do anything logrus.Debug("skipping binary cloning -- /proc/self/exe is already cloned!") + // We don't need to use /proc/thread-self here because the exe mm of a + // thread-group is guaranteed to be the same for all threads by + // definition. This lets us avoid having to do runtime.LockOSThread. exePath = "/proc/self/exe" } else { var err error if isDmzBinarySafe(c.config) { dmzExe, err = dmz.Binary(c.stateDir) if err == nil { - // We can use our own executable without cloning if we are using - // runc-dmz. + // We can use our own executable without cloning if we are + // using runc-dmz. We don't need to use /proc/thread-self here + // because the exe mm of a thread-group is guaranteed to be the + // same for all threads by definition. This lets us avoid + // having to do runtime.LockOSThread. exePath = "/proc/self/exe" p.clonedExes = append(p.clonedExes, dmzExe) logrus.Debug("runc-dmz: using runc-dmz") // used for tests diff --git a/libcontainer/criu_linux.go b/libcontainer/criu_linux.go index 5cb8c674f41..edcd305f20a 100644 --- a/libcontainer/criu_linux.go +++ b/libcontainer/criu_linux.go @@ -526,6 +526,7 @@ func (c *Container) restoreNetwork(req *criurpc.CriuReq, criuOpts *CriuOpts) { // restore using CRIU. This function is inspired from the code in // rootfs_linux.go. func (c *Container) makeCriuRestoreMountpoints(m *configs.Mount) error { + me := mountEntry{Mount: m} switch m.Device { case "cgroup": // No mount point(s) need to be created: @@ -540,7 +541,7 @@ func (c *Container) makeCriuRestoreMountpoints(m *configs.Mount) error { // The prepareBindMount() function checks if source // exists. So it cannot be used for other filesystem types. // TODO: pass srcFD? Not sure if criu is impacted by issue #2484. - if err := prepareBindMount(mountEntry{Mount: m}, c.config.Rootfs); err != nil { + if err := prepareBindMount(me, c.config.Rootfs); err != nil { return err } default: @@ -549,7 +550,7 @@ func (c *Container) makeCriuRestoreMountpoints(m *configs.Mount) error { if err != nil { return err } - if err := checkProcMount(c.config.Rootfs, dest, ""); err != nil { + if err := checkProcMount(c.config.Rootfs, dest, me); err != nil { return err } if err := os.MkdirAll(dest, 0o755); err != nil { diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go index 019868c1403..0117ace5990 100644 --- a/libcontainer/init_linux.go +++ b/libcontainer/init_linux.go @@ -480,6 +480,9 @@ func setupUser(config *initConfig) error { return err } + // We don't need to use /proc/thread-self here because setgroups is a + // per-userns file and thus is global to all threads in a thread-group. + // This lets us avoid having to do runtime.LockOSThread. setgroups, err := os.ReadFile("/proc/self/setgroups") if err != nil && !os.IsNotExist(err) { return err diff --git a/libcontainer/integration/exec_test.go b/libcontainer/integration/exec_test.go index 1bc840116c2..9dd056ad502 100644 --- a/libcontainer/integration/exec_test.go +++ b/libcontainer/integration/exec_test.go @@ -19,6 +19,7 @@ import ( "github.com/opencontainers/runc/libcontainer/cgroups/systemd" "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/userns" + "github.com/opencontainers/runc/libcontainer/utils" "github.com/opencontainers/runtime-spec/specs-go" "golang.org/x/sys/unix" @@ -1691,6 +1692,20 @@ func TestFdLeaksSystemd(t *testing.T) { testFdLeaks(t, true) } +func fdList(t *testing.T) []string { + procSelfFd, closer := utils.ProcThreadSelf("fd") + defer closer() + + fdDir, err := os.Open(procSelfFd) + ok(t, err) + defer fdDir.Close() + + fds, err := fdDir.Readdirnames(-1) + ok(t, err) + + return fds +} + func testFdLeaks(t *testing.T, systemd bool) { if testing.Short() { return @@ -1705,21 +1720,12 @@ func testFdLeaks(t *testing.T, systemd bool) { // - /sys/fs/cgroup dirfd opened by prepareOpenat2 in libct/cgroups; // - dbus connection opened by getConnection in libct/cgroups/systemd. _ = runContainerOk(t, config, "true") - - pfd, err := os.Open("/proc/self/fd") - ok(t, err) - defer pfd.Close() - fds0, err := pfd.Readdirnames(0) - ok(t, err) - _, err = pfd.Seek(0, 0) - ok(t, err) + fds0 := fdList(t) _ = runContainerOk(t, config, "true") + fds1 := fdList(t) - fds1, err := pfd.Readdirnames(0) - ok(t, err) - - if len(fds1) == len(fds0) { + if reflect.DeepEqual(fds0, fds1) { return } // Show the extra opened files. @@ -1729,6 +1735,10 @@ func testFdLeaks(t *testing.T, systemd bool) { } count := 0 + + procSelfFd, closer := utils.ProcThreadSelf("fd/") + defer closer() + next_fd: for _, fd1 := range fds1 { for _, fd0 := range fds0 { @@ -1736,7 +1746,7 @@ next_fd: continue next_fd } } - dst, _ := os.Readlink("/proc/self/fd/" + fd1) + dst, _ := os.Readlink(filepath.Join(procSelfFd, fd1)) for _, ex := range excludedPaths { if ex == dst { continue next_fd diff --git a/libcontainer/mount_linux.go b/libcontainer/mount_linux.go index 59861a4f435..73cd04c086d 100644 --- a/libcontainer/mount_linux.go +++ b/libcontainer/mount_linux.go @@ -12,6 +12,7 @@ import ( "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/userns" + "github.com/opencontainers/runc/libcontainer/utils" ) // mountSourceType indicates what type of file descriptor is being returned. It @@ -23,7 +24,7 @@ const ( // An open_tree(2)-style file descriptor that needs to be installed using // move_mount(2) to install. mountSourceOpenTree mountSourceType = "open_tree" - // A plain file descriptor that can be mounted through /proc/self/fd. + // A plain file descriptor that can be mounted through /proc/thread-self/fd. mountSourcePlain mountSourceType = "plain-open" ) @@ -90,7 +91,7 @@ func mount(source, target, fstype string, flags uintptr, data string) error { // will mount it according to the mountSourceType of the file descriptor. // // The dstFd argument, if non-empty, is expected to be in the form of a path to -// an opened file descriptor on procfs (i.e. "/proc/self/fd/NN"). +// an opened file descriptor on procfs (i.e. "/proc/thread-self/fd/NN"). // // If a file descriptor is used instead of a source or a target path, the // corresponding path is only used to add context to an error in case the mount @@ -101,19 +102,30 @@ func mountViaFds(source string, srcFile *mountSource, target, dstFd, fstype stri logrus.Debugf("mount source passed along with MS_REMOUNT -- ignoring srcFile") srcFile = nil } - dst := target if dstFd != "" { dst = dstFd } src := source + isMoveMount := srcFile != nil && srcFile.Type == mountSourceOpenTree if srcFile != nil { - src = "/proc/self/fd/" + strconv.Itoa(int(srcFile.file.Fd())) + // If we're going to use the /proc/thread-self/... path for classic + // mount(2), we need to get a safe handle to /proc/thread-self. This + // isn't needed for move_mount(2) because in that case the path is just + // a dummy string used for error info. + fdStr := strconv.Itoa(int(srcFile.file.Fd())) + if isMoveMount { + src = "/proc/self/fd/" + fdStr + } else { + var closer utils.ProcThreadSelfCloser + src, closer = utils.ProcThreadSelf("fd/" + fdStr) + defer closer() + } } var op string var err error - if srcFile != nil && srcFile.Type == mountSourceOpenTree { + if isMoveMount { op = "move_mount" err = unix.MoveMount(int(srcFile.file.Fd()), "", unix.AT_FDCWD, dstFd, diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index 7f98e15c4cc..cc986bd5100 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -9,6 +9,7 @@ import ( "path/filepath" "strconv" "strings" + "syscall" "time" securejoin "github.com/cyphar/filepath-securejoin" @@ -44,13 +45,44 @@ type mountEntry struct { srcFile *mountSource } -func (m *mountEntry) src() string { +// srcName is only meant for error messages, it returns a "friendly" name. +func (m mountEntry) srcName() string { if m.srcFile != nil { - return "/proc/self/fd/" + strconv.Itoa(int(m.srcFile.file.Fd())) + return m.srcFile.file.Name() } return m.Source } +func (m mountEntry) srcStat() (os.FileInfo, *syscall.Stat_t, error) { + var ( + st os.FileInfo + err error + ) + if m.srcFile != nil { + st, err = m.srcFile.file.Stat() + } else { + st, err = os.Stat(m.Source) + } + if err != nil { + return nil, nil, err + } + return st, st.Sys().(*syscall.Stat_t), nil +} + +func (m mountEntry) srcStatfs() (*unix.Statfs_t, error) { + var st unix.Statfs_t + if m.srcFile != nil { + if err := unix.Fstatfs(int(m.srcFile.file.Fd()), &st); err != nil { + return nil, os.NewSyscallError("fstatfs", err) + } + } else { + if err := unix.Statfs(m.Source, &st); err != nil { + return nil, &os.PathError{Op: "statfs", Path: m.Source, Err: err} + } + } + return &st, nil +} + // needsSetupDev returns true if /dev needs to be set up. func needsSetupDev(config *configs.Config) bool { for _, m := range config.Mounts { @@ -250,8 +282,7 @@ func cleanupTmp(tmpdir string) { } func prepareBindMount(m mountEntry, rootfs string) error { - source := m.src() - stat, err := os.Stat(source) + fi, _, err := m.srcStat() if err != nil { // error out if the source of a bind mount does not exist as we will be // unable to bind anything to it. @@ -265,14 +296,10 @@ func prepareBindMount(m mountEntry, rootfs string) error { if dest, err = securejoin.SecureJoin(rootfs, m.Destination); err != nil { return err } - if err := checkProcMount(rootfs, dest, source); err != nil { - return err - } - if err := createIfNotExists(dest, stat.IsDir()); err != nil { + if err := checkProcMount(rootfs, dest, m); err != nil { return err } - - return nil + return createIfNotExists(dest, fi.IsDir()) } func mountCgroupV1(m *configs.Mount, c *mountConfig) error { @@ -601,11 +628,11 @@ func mountToRootfs(c *mountConfig, m mountEntry) error { // that we handle atimes correctly to make sure we error out if // we cannot fulfil the requested mount flags. - var st unix.Statfs_t - if err := unix.Statfs(m.src(), &st); err != nil { - return &os.PathError{Op: "statfs", Path: m.src(), Err: err} + st, err := m.srcStatfs() + if err != nil { + return err } - srcFlags := statfsToMountFlags(st) + srcFlags := statfsToMountFlags(*st) // If the user explicitly request one of the locked flags *not* // be set, we need to return an error to avoid producing mounts // that don't match the user's request. @@ -661,7 +688,7 @@ func mountToRootfs(c *mountConfig, m mountEntry) error { } return mountCgroupV1(m.Mount, c) default: - if err := checkProcMount(rootfs, dest, m.Source); err != nil { + if err := checkProcMount(rootfs, dest, m); err != nil { return err } if err := os.MkdirAll(dest, 0o755); err != nil { @@ -677,6 +704,9 @@ func getCgroupMounts(m *configs.Mount) ([]*configs.Mount, error) { return nil, err } + // We don't need to use /proc/thread-self here because runc always runs + // with every thread in the same cgroup. This lets us avoid having to do + // runtime.LockOSThread. cgroupPaths, err := cgroups.ParseCgroupFile("/proc/self/cgroup") if err != nil { return nil, err @@ -708,8 +738,8 @@ func getCgroupMounts(m *configs.Mount) ([]*configs.Mount, error) { // checkProcMount checks to ensure that the mount destination is not over the top of /proc. // dest is required to be an abs path and have any symlinks resolved before calling this function. // -// if source is nil, don't stat the filesystem. This is used for restore of a checkpoint. -func checkProcMount(rootfs, dest, source string) error { +// If m is nil, don't stat the filesystem. This is used for restore of a checkpoint. +func checkProcMount(rootfs, dest string, m mountEntry) error { const procPath = "/proc" path, err := filepath.Rel(filepath.Join(rootfs, procPath), dest) if err != nil { @@ -720,18 +750,12 @@ func checkProcMount(rootfs, dest, source string) error { return nil } if path == "." { - // an empty source is pasted on restore - if source == "" { - return nil - } // only allow a mount on-top of proc if it's source is "proc" - isproc, err := isProc(source) + st, err := m.srcStatfs() if err != nil { return err } - // pass if the mount is happening on top of /proc and the source of - // the mount is a proc filesystem - if isproc { + if st.Type == unix.PROC_SUPER_MAGIC { return nil } return fmt.Errorf("%q cannot be mounted because it is not of type proc", dest) @@ -764,15 +788,10 @@ func checkProcMount(rootfs, dest, source string) error { return fmt.Errorf("%q cannot be mounted because it is inside /proc", dest) } -func isProc(path string) (bool, error) { - var s unix.Statfs_t - if err := unix.Statfs(path, &s); err != nil { - return false, &os.PathError{Op: "statfs", Path: path, Err: err} - } - return s.Type == unix.PROC_SUPER_MAGIC, nil -} - func setupDevSymlinks(rootfs string) error { + // In theory, these should be links to /proc/thread-self, but systems + // expect these to be /proc/self and this matches how most distributions + // work. links := [][2]string{ {"/proc/self/fd", "/dev/fd"}, {"/proc/self/fd/0", "/dev/stdin"}, diff --git a/libcontainer/rootfs_linux_test.go b/libcontainer/rootfs_linux_test.go index 8709a5e47f7..796ef7f684d 100644 --- a/libcontainer/rootfs_linux_test.go +++ b/libcontainer/rootfs_linux_test.go @@ -4,45 +4,100 @@ import ( "testing" "github.com/opencontainers/runc/libcontainer/configs" + + "golang.org/x/sys/unix" ) -func TestCheckMountDestOnProc(t *testing.T) { +func TestCheckMountDestInProc(t *testing.T) { + m := mountEntry{ + Mount: &configs.Mount{ + Destination: "/proc/sys", + Source: "/proc/sys", + Device: "bind", + Flags: unix.MS_BIND, + }, + } dest := "/rootfs/proc/sys" - err := checkProcMount("/rootfs", dest, "") + err := checkProcMount("/rootfs", dest, m) if err == nil { t.Fatal("destination inside proc should return an error") } } -func TestCheckMountDestOnProcChroot(t *testing.T) { +func TestCheckProcMountOnProc(t *testing.T) { + m := mountEntry{ + Mount: &configs.Mount{ + Destination: "/proc", + Source: "foo", + Device: "proc", + }, + } + dest := "/rootfs/proc/" + err := checkProcMount("/rootfs", dest, m) + if err != nil { + // TODO: This test failure is fixed in a later commit in this series. + t.Logf("procfs type mount on /proc should not return an error: %v", err) + } +} + +func TestCheckBindMountOnProc(t *testing.T) { + m := mountEntry{ + Mount: &configs.Mount{ + Destination: "/proc", + Source: "/proc/self", + Device: "bind", + Flags: unix.MS_BIND, + }, + } dest := "/rootfs/proc/" - err := checkProcMount("/rootfs", dest, "/proc") + err := checkProcMount("/rootfs", dest, m) if err != nil { - t.Fatal("destination inside proc when using chroot should not return an error") + t.Fatalf("bind-mount of procfs on top of /proc should not return an error: %v", err) } } func TestCheckMountDestInSys(t *testing.T) { + m := mountEntry{ + Mount: &configs.Mount{ + Destination: "/sys/fs/cgroup", + Source: "tmpfs", + Device: "tmpfs", + }, + } dest := "/rootfs//sys/fs/cgroup" - err := checkProcMount("/rootfs", dest, "") + err := checkProcMount("/rootfs", dest, m) if err != nil { - t.Fatal("destination inside /sys should not return an error") + t.Fatalf("destination inside /sys should not return an error: %v", err) } } func TestCheckMountDestFalsePositive(t *testing.T) { + m := mountEntry{ + Mount: &configs.Mount{ + Destination: "/sysfiles/fs/cgroup", + Source: "tmpfs", + Device: "tmpfs", + }, + } dest := "/rootfs/sysfiles/fs/cgroup" - err := checkProcMount("/rootfs", dest, "") + err := checkProcMount("/rootfs", dest, m) if err != nil { t.Fatal(err) } } func TestCheckMountDestNsLastPid(t *testing.T) { + m := mountEntry{ + Mount: &configs.Mount{ + Destination: "/proc/sys/kernel/ns_last_pid", + Source: "lxcfs", + Device: "fuse.lxcfs", + }, + } dest := "/rootfs/proc/sys/kernel/ns_last_pid" - err := checkProcMount("/rootfs", dest, "/proc") + err := checkProcMount("/rootfs", dest, m) if err != nil { - t.Fatal("/proc/sys/kernel/ns_last_pid should not return an error") + t.Fatalf("/proc/sys/kernel/ns_last_pid should not return an error: %v", err) } } diff --git a/libcontainer/standard_init_linux.go b/libcontainer/standard_init_linux.go index b27732778c4..3096d0d81ee 100644 --- a/libcontainer/standard_init_linux.go +++ b/libcontainer/standard_init_linux.go @@ -17,6 +17,7 @@ import ( "github.com/opencontainers/runc/libcontainer/keys" "github.com/opencontainers/runc/libcontainer/seccomp" "github.com/opencontainers/runc/libcontainer/system" + "github.com/opencontainers/runc/libcontainer/utils" ) type linuxStandardInit struct { @@ -247,11 +248,13 @@ func (l *linuxStandardInit) Init() error { return &os.PathError{Op: "close log pipe", Path: "fd " + strconv.Itoa(l.logFd), Err: err} } + fifoPath, closer := utils.ProcThreadSelf("fd/" + strconv.Itoa(l.fifoFd)) + defer closer() + // Wait for the FIFO to be opened on the other side before exec-ing the // user process. We open it through /proc/self/fd/$fd, because the fd that // was given to us was an O_PATH fd to the fifo itself. Linux allows us to // re-open an O_PATH fd through /proc. - fifoPath := "/proc/self/fd/" + strconv.Itoa(l.fifoFd) fd, err := unix.Open(fifoPath, unix.O_WRONLY|unix.O_CLOEXEC, 0) if err != nil { return &os.PathError{Op: "open exec fifo", Path: fifoPath, Err: err} diff --git a/libcontainer/userns/usernsfd_linux.go b/libcontainer/userns/usernsfd_linux.go index 64446815581..721215619b4 100644 --- a/libcontainer/userns/usernsfd_linux.go +++ b/libcontainer/userns/usernsfd_linux.go @@ -90,6 +90,9 @@ func spawnProc(req Mapping) (*os.Process, error) { // they have privileges over. logrus.Debugf("spawning dummy process for id-mapping %s", req.id()) uidMappings, gidMappings := req.toSys() + // We don't need to use /proc/thread-self here because the exe mm of a + // thread-group is guaranteed to be the same for all threads by definition. + // This lets us avoid having to do runtime.LockOSThread. return os.StartProcess("/proc/self/exe", []string{"runc", "--help"}, &os.ProcAttr{ Sys: &syscall.SysProcAttr{ Cloneflags: unix.CLONE_NEWUSER, diff --git a/libcontainer/utils/utils.go b/libcontainer/utils/utils.go index 74d9d20c7f1..1b523d8ac54 100644 --- a/libcontainer/utils/utils.go +++ b/libcontainer/utils/utils.go @@ -3,15 +3,12 @@ package utils import ( "encoding/binary" "encoding/json" - "fmt" "io" "os" "path/filepath" - "strconv" "strings" "unsafe" - securejoin "github.com/cyphar/filepath-securejoin" "golang.org/x/sys/unix" ) @@ -102,39 +99,6 @@ func stripRoot(root, path string) string { return CleanPath("/" + path) } -// WithProcfd runs the passed closure with a procfd path (/proc/self/fd/...) -// corresponding to the unsafePath resolved within the root. Before passing the -// fd, this path is verified to have been inside the root -- so operating on it -// through the passed fdpath should be safe. Do not access this path through -// the original path strings, and do not attempt to use the pathname outside of -// the passed closure (the file handle will be freed once the closure returns). -func WithProcfd(root, unsafePath string, fn func(procfd string) error) error { - // Remove the root then forcefully resolve inside the root. - unsafePath = stripRoot(root, unsafePath) - path, err := securejoin.SecureJoin(root, unsafePath) - if err != nil { - return fmt.Errorf("resolving path inside rootfs failed: %w", err) - } - - // Open the target path. - fh, err := os.OpenFile(path, unix.O_PATH|unix.O_CLOEXEC, 0) - if err != nil { - return fmt.Errorf("open o_path procfd: %w", err) - } - defer fh.Close() - - // Double-check the path is the one we expected. - procfd := "/proc/self/fd/" + strconv.Itoa(int(fh.Fd())) - if realpath, err := os.Readlink(procfd); err != nil { - return fmt.Errorf("procfd verification failed: %w", err) - } else if realpath != path { - return fmt.Errorf("possibly malicious path detected -- refusing to operate on %s", realpath) - } - - // Run the closure. - return fn(procfd) -} - // SearchLabels searches through a list of key=value pairs for a given key, // returning its value, and the binary flag telling whether the key exist. func SearchLabels(labels []string, key string) (string, bool) { diff --git a/libcontainer/utils/utils_unix.go b/libcontainer/utils/utils_unix.go index e5f11523d1d..a48221b000a 100644 --- a/libcontainer/utils/utils_unix.go +++ b/libcontainer/utils/utils_unix.go @@ -7,9 +7,13 @@ import ( "fmt" "math" "os" + "path/filepath" + "runtime" "strconv" "sync" + securejoin "github.com/cyphar/filepath-securejoin" + "github.com/sirupsen/logrus" "golang.org/x/sys/unix" ) @@ -57,7 +61,10 @@ func CloseExecFrom(minFd int) error { return os.NewSyscallError("close_range", err) } - fdDir, err := os.Open("/proc/self/fd") + procSelfFd, closer := ProcThreadSelf("fd") + defer closer() + + fdDir, err := os.Open(procSelfFd) if err != nil { return err } @@ -98,3 +105,100 @@ func NewSockPair(name string) (parent, child *os.File, err error) { } return os.NewFile(uintptr(fds[1]), name+"-p"), os.NewFile(uintptr(fds[0]), name+"-c"), nil } + +// WithProcfd runs the passed closure with a procfd path (/proc/self/fd/...) +// corresponding to the unsafePath resolved within the root. Before passing the +// fd, this path is verified to have been inside the root -- so operating on it +// through the passed fdpath should be safe. Do not access this path through +// the original path strings, and do not attempt to use the pathname outside of +// the passed closure (the file handle will be freed once the closure returns). +func WithProcfd(root, unsafePath string, fn func(procfd string) error) error { + // Remove the root then forcefully resolve inside the root. + unsafePath = stripRoot(root, unsafePath) + path, err := securejoin.SecureJoin(root, unsafePath) + if err != nil { + return fmt.Errorf("resolving path inside rootfs failed: %w", err) + } + + procSelfFd, closer := ProcThreadSelf("fd/") + defer closer() + + // Open the target path. + fh, err := os.OpenFile(path, unix.O_PATH|unix.O_CLOEXEC, 0) + if err != nil { + return fmt.Errorf("open o_path procfd: %w", err) + } + defer fh.Close() + + procfd := filepath.Join(procSelfFd, strconv.Itoa(int(fh.Fd()))) + // Double-check the path is the one we expected. + if realpath, err := os.Readlink(procfd); err != nil { + return fmt.Errorf("procfd verification failed: %w", err) + } else if realpath != path { + return fmt.Errorf("possibly malicious path detected -- refusing to operate on %s", realpath) + } + + return fn(procfd) +} + +type ProcThreadSelfCloser func() + +var ( + haveProcThreadSelf bool + haveProcThreadSelfOnce sync.Once +) + +// ProcThreadSelf returns a string that is equivalent to +// /proc/thread-self/, with a graceful fallback on older kernels where +// /proc/thread-self doesn't exist. This method DOES NOT use SecureJoin, +// meaning that the passed string needs to be trusted. The caller _must_ call +// the returned procThreadSelfCloser function (which is runtime.UnlockOSThread) +// *only once* after it has finished using the returned path string. +func ProcThreadSelf(subpath string) (string, ProcThreadSelfCloser) { + haveProcThreadSelfOnce.Do(func() { + if _, err := os.Stat("/proc/thread-self/"); err == nil { + haveProcThreadSelf = true + } else { + logrus.Debugf("cannot stat /proc/thread-self (%v), falling back to /proc/self/task/", err) + } + }) + + // We need to lock our thread until the caller is done with the path string + // because any non-atomic operation on the path (such as opening a file, + // then reading it) could be interrupted by the Go runtime where the + // underlying thread is swapped out and the original thread is killed, + // resulting in pull-your-hair-out-hard-to-debug issues in the caller. In + // addition, the pre-3.17 fallback makes everything non-atomic because the + // same thing could happen between unix.Gettid() and the path operations. + // + // In theory, we don't need to lock in the atomic user case when using + // /proc/thread-self/, but it's better to be safe than sorry (and there are + // only one or two truly atomic users of /proc/thread-self/). + runtime.LockOSThread() + + threadSelf := "/proc/thread-self/" + if !haveProcThreadSelf { + // Pre-3.17 kernels did not have /proc/thread-self, so do it manually. + threadSelf = "/proc/self/task/" + strconv.Itoa(unix.Gettid()) + "/" + if _, err := os.Stat(threadSelf); err != nil { + // Unfortunately, this code is called from rootfs_linux.go where we + // are running inside the pid namespace of the container but /proc + // is the host's procfs. Unfortunately there is no real way to get + // the correct tid to use here (the kernel age means we cannot do + // things like set up a private fsopen("proc") -- even scanning + // NSpid in all of the tasks in /proc/self/task/*/status requires + // Linux 4.1). + // + // So, we just have to assume that /proc/self is acceptable in this + // one specific case. + if os.Getpid() == 1 { + logrus.Debugf("/proc/thread-self (tid=%d) cannot be emulated inside the initial container setup -- using /proc/self instead: %v", unix.Gettid(), err) + } else { + // This should never happen, but the fallback should work in most cases... + logrus.Warnf("/proc/thread-self could not be emulated for pid=%d (tid=%d) -- using more buggy /proc/self fallback instead: %v", os.Getpid(), unix.Gettid(), err) + } + threadSelf = "/proc/self/" + } + } + return threadSelf + subpath, runtime.UnlockOSThread +} diff --git a/utils_linux.go b/utils_linux.go index 5de00628493..e7b362cdb2e 100644 --- a/utils_linux.go +++ b/utils_linux.go @@ -224,8 +224,10 @@ func (r *runner) run(config *specs.Process) (int, error) { process.ExtraFiles = append(process.ExtraFiles, r.listenFDs...) } baseFd := 3 + len(process.ExtraFiles) + procSelfFd, closer := utils.ProcThreadSelf("fd/") + defer closer() for i := baseFd; i < baseFd+r.preserveFDs; i++ { - _, err = os.Stat("/proc/self/fd/" + strconv.Itoa(i)) + _, err = os.Stat(filepath.Join(procSelfFd, strconv.Itoa(i))) if err != nil { return -1, fmt.Errorf("unable to stat preserved-fd %d (of %d): %w", i-baseFd, r.preserveFDs, err) } From cdff09ab875159d004035990c0d45e8bdf20ed35 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Thu, 7 Dec 2023 16:23:24 +1100 Subject: [PATCH 0463/1176] rootfs: fix 'can we mount on top of /proc' check Our previous test for whether we can mount on top of /proc incorrectly assumed that it would only be called with bind-mount sources. This meant that having a non bind-mount entry for a pseudo-filesystem (like overlayfs) with a dummy source set to /proc on the host would let you bypass the check, which could easily lead to security issues. In addition, the check should be applied more uniformly to all mount types, so fix that as well. And add some tests for some of the tricky cases to make sure we protect against them properly. Fixes: 331692baa7af ("Only allow proc mount if it is procfs") Signed-off-by: Aleksa Sarai --- libcontainer/criu_linux.go | 26 ++++++----- libcontainer/rootfs_linux.go | 71 +++++++++++++++++-------------- libcontainer/rootfs_linux_test.go | 39 +++++++++++++++-- 3 files changed, 92 insertions(+), 44 deletions(-) diff --git a/libcontainer/criu_linux.go b/libcontainer/criu_linux.go index edcd305f20a..0567152403f 100644 --- a/libcontainer/criu_linux.go +++ b/libcontainer/criu_linux.go @@ -527,6 +527,14 @@ func (c *Container) restoreNetwork(req *criurpc.CriuReq, criuOpts *CriuOpts) { // rootfs_linux.go. func (c *Container) makeCriuRestoreMountpoints(m *configs.Mount) error { me := mountEntry{Mount: m} + dest, err := securejoin.SecureJoin(c.config.Rootfs, m.Destination) + if err != nil { + return err + } + // TODO: pass srcFD? Not sure if criu is impacted by issue #2484. + if err := checkProcMount(c.config.Rootfs, dest, me); err != nil { + return err + } switch m.Device { case "cgroup": // No mount point(s) need to be created: @@ -538,21 +546,19 @@ func (c *Container) makeCriuRestoreMountpoints(m *configs.Mount) error { // the mountpoint appears as soon as /sys is mounted return nil case "bind": - // The prepareBindMount() function checks if source - // exists. So it cannot be used for other filesystem types. - // TODO: pass srcFD? Not sure if criu is impacted by issue #2484. - if err := prepareBindMount(me, c.config.Rootfs); err != nil { - return err - } - default: - // for all other filesystems just create the mountpoints - dest, err := securejoin.SecureJoin(c.config.Rootfs, m.Destination) + // For bind-mounts (unlike other filesystem types), we need to check if + // the source exists. + fi, _, err := me.srcStat() if err != nil { + // error out if the source of a bind mount does not exist as we + // will be unable to bind anything to it. return err } - if err := checkProcMount(c.config.Rootfs, dest, me); err != nil { + if err := createIfNotExists(dest, fi.IsDir()); err != nil { return err } + default: + // for all other filesystems just create the mountpoints if err := os.MkdirAll(dest, 0o755); err != nil { return err } diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index cc986bd5100..89faea085a5 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -281,27 +281,6 @@ func cleanupTmp(tmpdir string) { _ = os.RemoveAll(tmpdir) } -func prepareBindMount(m mountEntry, rootfs string) error { - fi, _, err := m.srcStat() - if err != nil { - // error out if the source of a bind mount does not exist as we will be - // unable to bind anything to it. - return err - } - // ensure that the destination of the bind mount is resolved of symlinks at mount time because - // any previous mounts can invalidate the next mount's destination. - // this can happen when a user specifies mounts within other mounts to cause breakouts or other - // evil stuff to try to escape the container's rootfs. - var dest string - if dest, err = securejoin.SecureJoin(rootfs, m.Destination); err != nil { - return err - } - if err := checkProcMount(rootfs, dest, m); err != nil { - return err - } - return createIfNotExists(dest, fi.IsDir()) -} - func mountCgroupV1(m *configs.Mount, c *mountConfig) error { binds, err := getCgroupMounts(m) if err != nil { @@ -520,6 +499,9 @@ func mountToRootfs(c *mountConfig, m mountEntry) error { // Do not use securejoin as it resolves symlinks. dest = filepath.Join(rootfs, dest) } + if err := checkProcMount(rootfs, dest, m); err != nil { + return err + } if fi, err := os.Lstat(dest); err != nil { if !os.IsNotExist(err) { return err @@ -539,6 +521,9 @@ func mountToRootfs(c *mountConfig, m mountEntry) error { if err != nil { return err } + if err := checkProcMount(rootfs, dest, m); err != nil { + return err + } switch m.Device { case "mqueue": @@ -570,7 +555,13 @@ func mountToRootfs(c *mountConfig, m mountEntry) error { return err case "bind": - if err := prepareBindMount(m, rootfs); err != nil { + fi, _, err := m.srcStat() + if err != nil { + // error out if the source of a bind mount does not exist as we will be + // unable to bind anything to it. + return err + } + if err := createIfNotExists(dest, fi.IsDir()); err != nil { return err } // open_tree()-related shenanigans are all handled in mountViaFds. @@ -688,9 +679,6 @@ func mountToRootfs(c *mountConfig, m mountEntry) error { } return mountCgroupV1(m.Mount, c) default: - if err := checkProcMount(rootfs, dest, m); err != nil { - return err - } if err := os.MkdirAll(dest, 0o755); err != nil { return err } @@ -735,6 +723,11 @@ func getCgroupMounts(m *configs.Mount) ([]*configs.Mount, error) { return binds, nil } +// Taken from . If a file is on a filesystem of type +// PROC_SUPER_MAGIC, we're guaranteed that only the root of the superblock will +// have this inode number. +const procRootIno = 1 + // checkProcMount checks to ensure that the mount destination is not over the top of /proc. // dest is required to be an abs path and have any symlinks resolved before calling this function. // @@ -750,12 +743,28 @@ func checkProcMount(rootfs, dest string, m mountEntry) error { return nil } if path == "." { - // only allow a mount on-top of proc if it's source is "proc" - st, err := m.srcStatfs() - if err != nil { - return err - } - if st.Type == unix.PROC_SUPER_MAGIC { + // Only allow bind-mounts on top of /proc, and only if the source is a + // procfs mount. + if m.IsBind() { + fsSt, err := m.srcStatfs() + if err != nil { + return err + } + if fsSt.Type == unix.PROC_SUPER_MAGIC { + if _, uSt, err := m.srcStat(); err != nil { + return err + } else if uSt.Ino != procRootIno { + // We cannot error out in this case, because we've + // supported these kinds of mounts for a long time. + // However, we would expect users to bind-mount the root of + // a real procfs on top of /proc in the container. We might + // want to block this in the future. + logrus.Warnf("bind-mount %v (source %v) is of type procfs but is not the root of a procfs (inode %d). Future versions of runc might block this configuration -- please report an issue to if you see this warning.", dest, m.srcName(), uSt.Ino) + } + return nil + } + } else if m.Device == "proc" { + // Fresh procfs-type mounts are always safe to mount on top of /proc. return nil } return fmt.Errorf("%q cannot be mounted because it is not of type proc", dest) diff --git a/libcontainer/rootfs_linux_test.go b/libcontainer/rootfs_linux_test.go index 796ef7f684d..6ce099d256d 100644 --- a/libcontainer/rootfs_linux_test.go +++ b/libcontainer/rootfs_linux_test.go @@ -35,8 +35,7 @@ func TestCheckProcMountOnProc(t *testing.T) { dest := "/rootfs/proc/" err := checkProcMount("/rootfs", dest, m) if err != nil { - // TODO: This test failure is fixed in a later commit in this series. - t.Logf("procfs type mount on /proc should not return an error: %v", err) + t.Fatalf("procfs type mount on /proc should not return an error: %v", err) } } @@ -52,7 +51,41 @@ func TestCheckBindMountOnProc(t *testing.T) { dest := "/rootfs/proc/" err := checkProcMount("/rootfs", dest, m) if err != nil { - t.Fatalf("bind-mount of procfs on top of /proc should not return an error: %v", err) + t.Fatalf("bind-mount of procfs on top of /proc should not return an error (for now): %v", err) + } +} + +func TestCheckTrickyMountOnProc(t *testing.T) { + // Make a non-bind mount that looks like a bit like a bind-mount. + m := mountEntry{ + Mount: &configs.Mount{ + Destination: "/proc", + Source: "/proc", + Device: "overlay", + Data: "lowerdir=/tmp/fakeproc,upperdir=/tmp/fakeproc2,workdir=/tmp/work", + }, + } + dest := "/rootfs/proc/" + err := checkProcMount("/rootfs", dest, m) + if err == nil { + t.Fatalf("dodgy overlayfs mount on top of /proc should return an error") + } +} + +func TestCheckTrickyBindMountOnProc(t *testing.T) { + // Make a bind mount that looks like it might be a procfs mount. + m := mountEntry{ + Mount: &configs.Mount{ + Destination: "/proc", + Source: "/sys", + Device: "proc", + Flags: unix.MS_BIND, + }, + } + dest := "/rootfs/proc/" + err := checkProcMount("/rootfs", dest, m) + if err == nil { + t.Fatalf("dodgy bind-mount on top of /proc should return an error") } } From 7795ca46684518143af3df8d8eb69457753db932 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Thu, 16 Nov 2023 17:27:27 +1100 Subject: [PATCH 0464/1176] specconv: handle recursive attribute clearing more consistently If a user specifies a configuration like "rro, rrw", we should have similar behaviour to "ro, rw" where we clear the previous flags so that the last specified flag takes precendence. Fixes: 382eba4354d7 ("Support recursive mount attrs ("rro", "rnosuid", "rnodev", ...)") Signed-off-by: Aleksa Sarai --- libcontainer/specconv/spec_linux.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go index 90275043eca..5dc6ec79f32 100644 --- a/libcontainer/specconv/spec_linux.go +++ b/libcontainer/specconv/spec_linux.go @@ -1036,8 +1036,10 @@ func parseMountOptions(options []string) *configs.Mount { } else if f, exists := recAttrFlags[o]; exists { if f.clear { recAttrClr |= f.flag + recAttrSet &= ^f.flag } else { recAttrSet |= f.flag + recAttrClr &= ^f.flag if f.flag&unix.MOUNT_ATTR__ATIME == f.flag { // https://man7.org/linux/man-pages/man2/mount_setattr.2.html // "cannot simply specify the access-time setting in attr_set, but must also include MOUNT_ATTR__ATIME in the attr_clr field." From 3b57e45cbfae2a4f72ede6816b5a84ecd47028ce Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Thu, 16 Nov 2023 17:28:53 +1100 Subject: [PATCH 0465/1176] mount: add support for ridmap and idmap ridmap indicates that the id mapping should be applied recursively (only really relevant for rbind mount entries), and idmap indicates that it should not be applied recursively (the default). If no mappings are specified for the mount, we use the userns configuration of the container. This matches the behaviour in the currently-unreleased runtime-spec. This includes a minor change to the state.json serialisation format, but because there has been no released version of runc with commit fbf183c6f8c4 ("Add uid and gid mappings to mounts"), we can safely make this change without affecting running containers. Doing it this way makes it much easier to handle m.IsIDMapped() and indicating that a mapping has been specified. Signed-off-by: Aleksa Sarai --- libcontainer/configs/mount.go | 2 +- libcontainer/configs/mount_linux.go | 34 +- libcontainer/configs/validate/validator.go | 17 + .../configs/validate/validator_test.go | 165 ++++++-- libcontainer/mount_linux.go | 30 +- libcontainer/specconv/spec_linux.go | 41 +- tests/integration/idmap.bats | 351 +++++++++++++++++- 7 files changed, 588 insertions(+), 52 deletions(-) diff --git a/libcontainer/configs/mount.go b/libcontainer/configs/mount.go index e39440fc08d..bfd356e497f 100644 --- a/libcontainer/configs/mount.go +++ b/libcontainer/configs/mount.go @@ -3,5 +3,5 @@ package configs const ( // EXT_COPYUP is a directive to copy up the contents of a directory when // a tmpfs is mounted over it. - EXT_COPYUP = 1 << iota //nolint:golint // ignore "don't use ALL_CAPS" warning + EXT_COPYUP = 1 << iota //nolint:golint,revive // ignore "don't use ALL_CAPS" warning ) diff --git a/libcontainer/configs/mount_linux.go b/libcontainer/configs/mount_linux.go index 3f489295d97..b69e9ab238e 100644 --- a/libcontainer/configs/mount_linux.go +++ b/libcontainer/configs/mount_linux.go @@ -2,6 +2,24 @@ package configs import "golang.org/x/sys/unix" +type MountIDMapping struct { + // Recursive indicates if the mapping needs to be recursive. + Recursive bool `json:"recursive"` + + // UserNSPath is a path to a user namespace that indicates the necessary + // id-mappings for MOUNT_ATTR_IDMAP. If set to non-"", UIDMappings and + // GIDMappings must be set to nil. + UserNSPath string `json:"userns_path,omitempty"` + + // UIDMappings is the uid mapping set for this mount, to be used with + // MOUNT_ATTR_IDMAP. + UIDMappings []IDMap `json:"uid_mappings,omitempty"` + + // GIDMappings is the gid mapping set for this mount, to be used with + // MOUNT_ATTR_IDMAP. + GIDMappings []IDMap `json:"gid_mappings,omitempty"` +} + type Mount struct { // Source path for the mount. Source string `json:"source"` @@ -34,17 +52,9 @@ type Mount struct { // Extensions are additional flags that are specific to runc. Extensions int `json:"extensions"` - // UIDMappings is used to changing file user owners w/o calling chown. - // Note that, the underlying filesystem should support this feature to be - // used. - // Every mount point could have its own mapping. - UIDMappings []IDMap `json:"uid_mappings,omitempty"` - - // GIDMappings is used to changing file group owners w/o calling chown. - // Note that, the underlying filesystem should support this feature to be - // used. - // Every mount point could have its own mapping. - GIDMappings []IDMap `json:"gid_mappings,omitempty"` + // Mapping is the MOUNT_ATTR_IDMAP configuration for the mount. If non-nil, + // the mount is configured to use MOUNT_ATTR_IDMAP-style id mappings. + IDMapping *MountIDMapping `json:"id_mapping,omitempty"` } func (m *Mount) IsBind() bool { @@ -52,5 +62,5 @@ func (m *Mount) IsBind() bool { } func (m *Mount) IsIDMapped() bool { - return len(m.UIDMappings) > 0 || len(m.GIDMappings) > 0 + return m.IDMapping != nil } diff --git a/libcontainer/configs/validate/validator.go b/libcontainer/configs/validate/validator.go index 33f9cc3f5fe..4708e1b773f 100644 --- a/libcontainer/configs/validate/validator.go +++ b/libcontainer/configs/validate/validator.go @@ -309,6 +309,13 @@ func checkBindOptions(m *configs.Mount) error { } func checkIDMapMounts(config *configs.Config, m *configs.Mount) error { + // Make sure MOUNT_ATTR_IDMAP is not set on any of our mounts. This + // attribute is handled differently to all other attributes (through + // m.IDMapping), so make sure we never store it in the actual config. This + // really shouldn't ever happen. + if m.RecAttr != nil && (m.RecAttr.Attr_set|m.RecAttr.Attr_clr)&unix.MOUNT_ATTR_IDMAP != 0 { + return errors.New("mount configuration cannot contain recAttr for MOUNT_ATTR_IDMAP") + } if !m.IsIDMapped() { return nil } @@ -318,6 +325,16 @@ func checkIDMapMounts(config *configs.Config, m *configs.Mount) error { if config.RootlessEUID { return errors.New("id-mapped mounts are not supported for rootless containers") } + if m.IDMapping.UserNSPath == "" { + if len(m.IDMapping.UIDMappings) == 0 || len(m.IDMapping.GIDMappings) == 0 { + return errors.New("id-mapped mounts must have both uid and gid mappings specified") + } + } else { + if m.IDMapping.UIDMappings != nil || m.IDMapping.GIDMappings != nil { + // should never happen + return errors.New("[internal error] id-mapped mounts cannot have both userns_path and uid and gid mappings specified") + } + } return nil } diff --git a/libcontainer/configs/validate/validator_test.go b/libcontainer/configs/validate/validator_test.go index 9d3f50c7c70..5c12e08a1db 100644 --- a/libcontainer/configs/validate/validator_test.go +++ b/libcontainer/configs/validate/validator_test.go @@ -504,17 +504,82 @@ func TestValidateIDMapMounts(t *testing.T) { config *configs.Config }{ { - name: "idmap mount without bind opt specified", + name: "idmap non-bind mount", isErr: true, config: &configs.Config{ UIDMappings: mapping, GIDMappings: mapping, + Mounts: []*configs.Mount{ + { + Source: "/dev/sda1", + Destination: "/abs/path/", + Device: "ext4", + IDMapping: &configs.MountIDMapping{ + UIDMappings: mapping, + GIDMappings: mapping, + }, + }, + }, + }, + }, + { + name: "idmap option non-bind mount", + isErr: true, + config: &configs.Config{ + Mounts: []*configs.Mount{ + { + Source: "/dev/sda1", + Destination: "/abs/path/", + Device: "ext4", + IDMapping: &configs.MountIDMapping{}, + }, + }, + }, + }, + { + name: "ridmap option non-bind mount", + isErr: true, + config: &configs.Config{ + Mounts: []*configs.Mount{ + { + Source: "/dev/sda1", + Destination: "/abs/path/", + Device: "ext4", + IDMapping: &configs.MountIDMapping{ + Recursive: true, + }, + }, + }, + }, + }, + { + name: "idmap mount no uid mapping", + isErr: true, + config: &configs.Config{ + Mounts: []*configs.Mount{ + { + Source: "/abs/path/", + Destination: "/abs/path/", + Flags: unix.MS_BIND, + IDMapping: &configs.MountIDMapping{ + GIDMappings: mapping, + }, + }, + }, + }, + }, + { + name: "idmap mount no gid mapping", + isErr: true, + config: &configs.Config{ Mounts: []*configs.Mount{ { Source: "/abs/path/", Destination: "/abs/path/", - UIDMappings: mapping, - GIDMappings: mapping, + Flags: unix.MS_BIND, + IDMapping: &configs.MountIDMapping{ + UIDMappings: mapping, + }, }, }, }, @@ -531,8 +596,10 @@ func TestValidateIDMapMounts(t *testing.T) { Source: "/abs/path/", Destination: "/abs/path/", Flags: unix.MS_BIND, - UIDMappings: mapping, - GIDMappings: mapping, + IDMapping: &configs.MountIDMapping{ + UIDMappings: mapping, + GIDMappings: mapping, + }, }, }, }, @@ -547,8 +614,10 @@ func TestValidateIDMapMounts(t *testing.T) { Source: "./rel/path/", Destination: "/abs/path/", Flags: unix.MS_BIND, - UIDMappings: mapping, - GIDMappings: mapping, + IDMapping: &configs.MountIDMapping{ + UIDMappings: mapping, + GIDMappings: mapping, + }, }, }, }, @@ -563,8 +632,10 @@ func TestValidateIDMapMounts(t *testing.T) { Source: "/abs/path/", Destination: "./rel/path/", Flags: unix.MS_BIND, - UIDMappings: mapping, - GIDMappings: mapping, + IDMapping: &configs.MountIDMapping{ + UIDMappings: mapping, + GIDMappings: mapping, + }, }, }, }, @@ -579,8 +650,10 @@ func TestValidateIDMapMounts(t *testing.T) { Source: "/another-abs/path/", Destination: "/abs/path/", Flags: unix.MS_BIND, - UIDMappings: mapping, - GIDMappings: mapping, + IDMapping: &configs.MountIDMapping{ + UIDMappings: mapping, + GIDMappings: mapping, + }, }, }, }, @@ -595,8 +668,10 @@ func TestValidateIDMapMounts(t *testing.T) { Source: "/another-abs/path/", Destination: "/abs/path/", Flags: unix.MS_BIND | unix.MS_RDONLY, - UIDMappings: mapping, - GIDMappings: mapping, + IDMapping: &configs.MountIDMapping{ + UIDMappings: mapping, + GIDMappings: mapping, + }, }, }, }, @@ -609,8 +684,10 @@ func TestValidateIDMapMounts(t *testing.T) { Source: "/abs/path/", Destination: "/abs/path/", Flags: unix.MS_BIND, - UIDMappings: mapping, - GIDMappings: mapping, + IDMapping: &configs.MountIDMapping{ + UIDMappings: mapping, + GIDMappings: mapping, + }, }, }, }, @@ -625,14 +702,16 @@ func TestValidateIDMapMounts(t *testing.T) { Source: "/abs/path/", Destination: "/abs/path/", Flags: unix.MS_BIND, - UIDMappings: []configs.IDMap{ - { - ContainerID: 10, - HostID: 10, - Size: 1, + IDMapping: &configs.MountIDMapping{ + UIDMappings: []configs.IDMap{ + { + ContainerID: 10, + HostID: 10, + Size: 1, + }, }, + GIDMappings: mapping, }, - GIDMappings: mapping, }, }, }, @@ -647,18 +726,50 @@ func TestValidateIDMapMounts(t *testing.T) { Source: "/abs/path/", Destination: "/abs/path/", Flags: unix.MS_BIND, - UIDMappings: mapping, - GIDMappings: []configs.IDMap{ - { - ContainerID: 10, - HostID: 10, - Size: 1, + IDMapping: &configs.MountIDMapping{ + UIDMappings: mapping, + GIDMappings: []configs.IDMap{ + { + ContainerID: 10, + HostID: 10, + Size: 1, + }, }, }, }, }, }, }, + { + name: "mount with 'idmap' option but no mappings", + isErr: true, + config: &configs.Config{ + Mounts: []*configs.Mount{ + { + Source: "/abs/path/", + Destination: "/abs/path/", + Flags: unix.MS_BIND, + IDMapping: &configs.MountIDMapping{}, + }, + }, + }, + }, + { + name: "mount with 'ridmap' option but no mappings", + isErr: true, + config: &configs.Config{ + Mounts: []*configs.Mount{ + { + Source: "/abs/path/", + Destination: "/abs/path/", + Flags: unix.MS_BIND, + IDMapping: &configs.MountIDMapping{ + Recursive: true, + }, + }, + }, + }, + }, } for _, tc := range testCases { diff --git a/libcontainer/mount_linux.go b/libcontainer/mount_linux.go index 73cd04c086d..6b5edbb0c14 100644 --- a/libcontainer/mount_linux.go +++ b/libcontainer/mount_linux.go @@ -229,16 +229,32 @@ func mountFd(nsHandles *userns.Handles, m *configs.Mount) (*mountSource, error) sourceType = mountSourceOpenTree // Configure the id mapping. - usernsFile, err := nsHandles.Get(userns.Mapping{ - UIDMappings: m.UIDMappings, - GIDMappings: m.GIDMappings, - }) - if err != nil { - return nil, fmt.Errorf("failed to create userns for %s id-mapping: %w", m.Source, err) + var usernsFile *os.File + if m.IDMapping.UserNSPath == "" { + usernsFile, err = nsHandles.Get(userns.Mapping{ + UIDMappings: m.IDMapping.UIDMappings, + GIDMappings: m.IDMapping.GIDMappings, + }) + if err != nil { + return nil, fmt.Errorf("failed to create userns for %s id-mapping: %w", m.Source, err) + } + } else { + usernsFile, err = os.Open(m.IDMapping.UserNSPath) + if err != nil { + return nil, fmt.Errorf("failed to open existing userns for %s id-mapping: %w", m.Source, err) + } } defer usernsFile.Close() - if err := unix.MountSetattr(int(mountFile.Fd()), "", unix.AT_EMPTY_PATH, &unix.MountAttr{ + setAttrFlags := uint(unix.AT_EMPTY_PATH) + // If the mount has "ridmap" set, we apply the configuration + // recursively. This allows you to create "rbind" mounts where only + // the top-level mount has an idmapping. I'm not sure why you'd + // want that, but still... + if m.IDMapping.Recursive { + setAttrFlags |= unix.AT_RECURSIVE + } + if err := unix.MountSetattr(int(mountFile.Fd()), "", setAttrFlags, &unix.MountAttr{ Attr_set: unix.MOUNT_ATTR_IDMAP, Userns_fd: uint64(usernsFile.Fd()), }); err != nil { diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go index 5dc6ec79f32..6f9f58ad1d0 100644 --- a/libcontainer/specconv/spec_linux.go +++ b/libcontainer/specconv/spec_linux.go @@ -38,6 +38,7 @@ var ( clear bool flag int } + complexFlags map[string]func(*configs.Mount) ) func initMaps() { @@ -126,7 +127,6 @@ func initMaps() { "rnostrictatime": {true, unix.MOUNT_ATTR_STRICTATIME}, "rnosymfollow": {false, unix.MOUNT_ATTR_NOSYMFOLLOW}, // since kernel 5.14 "rsymfollow": {true, unix.MOUNT_ATTR_NOSYMFOLLOW}, // since kernel 5.14 - // No support for MOUNT_ATTR_IDMAP yet (needs UserNS FD) } extensionFlags = map[string]struct { @@ -135,6 +135,17 @@ func initMaps() { }{ "tmpcopyup": {false, configs.EXT_COPYUP}, } + + complexFlags = map[string]func(*configs.Mount){ + "idmap": func(m *configs.Mount) { + m.IDMapping = new(configs.MountIDMapping) + m.IDMapping.Recursive = false // noop + }, + "ridmap": func(m *configs.Mount) { + m.IDMapping = new(configs.MountIDMapping) + m.IDMapping.Recursive = true + }, + } }) } @@ -415,6 +426,19 @@ func CreateLibcontainerConfig(opts *CreateOpts) (*configs.Config, error) { if err := setupUserNamespace(spec, config); err != nil { return nil, err } + // For idmap and ridmap mounts without explicit mappings, use the + // ones from the container's userns. If we are joining another + // userns, stash the path. + for _, m := range config.Mounts { + if m.IDMapping != nil && m.IDMapping.UIDMappings == nil && m.IDMapping.GIDMappings == nil { + if path := config.Namespaces.PathOf(configs.NEWUSER); path != "" { + m.IDMapping.UserNSPath = path + } else { + m.IDMapping.UIDMappings = config.UIDMappings + m.IDMapping.GIDMappings = config.GIDMappings + } + } + } } config.MaskPaths = spec.Linux.MaskedPaths config.ReadonlyPaths = spec.Linux.ReadonlyPaths @@ -447,6 +471,7 @@ func CreateLibcontainerConfig(opts *CreateOpts) (*configs.Config, error) { Domain: domain, } } + } // Set the host UID that should own the container's cgroup. @@ -552,8 +577,14 @@ func createLibcontainerMount(cwd string, m specs.Mount) (*configs.Mount, error) } } - mnt.UIDMappings = toConfigIDMap(m.UIDMappings) - mnt.GIDMappings = toConfigIDMap(m.GIDMappings) + if m.UIDMappings != nil || m.GIDMappings != nil { + if mnt.IDMapping == nil { + // Neither "idmap" nor "ridmap" were specified. + mnt.IDMapping = new(configs.MountIDMapping) + } + mnt.IDMapping.UIDMappings = toConfigIDMap(m.UIDMappings) + mnt.IDMapping.GIDMappings = toConfigIDMap(m.GIDMappings) + } // None of the mount arguments can contain a null byte. Normally such // strings would either cause some other failure or would just be truncated @@ -1046,12 +1077,14 @@ func parseMountOptions(options []string) *configs.Mount { recAttrClr |= unix.MOUNT_ATTR__ATIME } } - } else if f, exists := extensionFlags[o]; exists && f.flag != 0 { + } else if f, exists := extensionFlags[o]; exists { if f.clear { m.Extensions &= ^f.flag } else { m.Extensions |= f.flag } + } else if fn, exists := complexFlags[o]; exists { + fn(&m) } else { data = append(data, o) } diff --git a/tests/integration/idmap.bats b/tests/integration/idmap.bats index 89fe4d82356..a816fe96863 100644 --- a/tests/integration/idmap.bats +++ b/tests/integration/idmap.bats @@ -5,7 +5,6 @@ load helpers function setup() { OVERFLOW_UID="$(cat /proc/sys/kernel/overflowuid)" OVERFLOW_GID="$(cat /proc/sys/kernel/overflowgid)" - requires root requires_kernel 5.12 @@ -37,12 +36,34 @@ function setup() { # Add a symlink-containing source. ln -s source-multi1 source-multi1-symlink + + # Add some top-level files in the mount tree. + mkdir -p mnt-subtree/multi{1,2} + touch mnt-subtree/{foo,bar,baz}.txt + chown 100:211 mnt-subtree/foo.txt + chown 200:222 mnt-subtree/bar.txt + chown 300:233 mnt-subtree/baz.txt + + mounts_file="$PWD/.all-mounts" + echo -n >"$mounts_file" } function teardown() { + if [ -v mounts_file ]; then + xargs -n 1 -a "$mounts_file" -- umount -l + rm -f "$mounts_file" + fi teardown_bundle } +function setup_host_bind_mount() { + src="$1" + dst="$2" + + mount --bind "$src" "$dst" + echo "$dst" >>"$mounts_file" +} + function setup_idmap_userns() { update_config '.linux.namespaces += [{"type": "user"}] | .linux.uidMappings += [{"containerID": 0, "hostID": 100000, "size": 65536}] @@ -341,3 +362,331 @@ function setup_idmap_basic_mount() { [[ "$output" == *"=/tmp/mount-multi1/bar.txt:2000=2202="* ]] [[ "$output" == *"=/tmp/mount-multi1/baz.txt:3000=3303="* ]] } + +@test "idmap mount (non-recursive idmap) [userns]" { + setup_idmap_userns + + setup_host_bind_mount "source-multi1/" "mnt-subtree/multi1" + setup_host_bind_mount "source-multi2/" "mnt-subtree/multi2" + + update_config '.mounts += [ + { + "source": "mnt-subtree/", + "destination": "/tmp/mount-tree", + "options": ["rbind"], + "uidMappings": [ + {"containerID": 100, "hostID": 101000, "size": 3}, + {"containerID": 200, "hostID": 102000, "size": 3}, + {"containerID": 300, "hostID": 103000, "size": 3} + ], + "gidMappings": [ + {"containerID": 210, "hostID": 101100, "size": 10}, + {"containerID": 220, "hostID": 102200, "size": 10}, + {"containerID": 230, "hostID": 103300, "size": 10} + ] + } + ]' + + update_config '.process.args = ["bash", "-c", "stat -c =%n:%u=%g= /tmp/mount-tree{,/multi1,/multi2}/{foo,bar,baz}.txt"]' + runc run test_debian + [ "$status" -eq 0 ] + [[ "$output" == *"=/tmp/mount-tree/foo.txt:1000=1101="* ]] + [[ "$output" == *"=/tmp/mount-tree/bar.txt:2000=2202="* ]] + [[ "$output" == *"=/tmp/mount-tree/baz.txt:3000=3303="* ]] + # Because we used "idmap", the child mounts were not remapped recursively. + [[ "$output" == *"=/tmp/mount-tree/multi1/foo.txt:$OVERFLOW_UID=$OVERFLOW_GID="* ]] + [[ "$output" == *"=/tmp/mount-tree/multi1/bar.txt:$OVERFLOW_UID=$OVERFLOW_GID="* ]] + [[ "$output" == *"=/tmp/mount-tree/multi1/baz.txt:$OVERFLOW_UID=$OVERFLOW_GID="* ]] + [[ "$output" == *"=/tmp/mount-tree/multi2/foo.txt:$OVERFLOW_UID=$OVERFLOW_GID="* ]] + [[ "$output" == *"=/tmp/mount-tree/multi2/bar.txt:$OVERFLOW_UID=$OVERFLOW_GID="* ]] + [[ "$output" == *"=/tmp/mount-tree/multi2/baz.txt:$OVERFLOW_UID=$OVERFLOW_GID="* ]] +} + +@test "idmap mount (non-recursive idmap) [no userns]" { + setup_host_bind_mount "source-multi1/" "mnt-subtree/multi1" + setup_host_bind_mount "source-multi2/" "mnt-subtree/multi2" + + update_config '.mounts += [ + { + "source": "mnt-subtree/", + "destination": "/tmp/mount-tree", + "options": ["rbind"], + "uidMappings": [ + {"containerID": 100, "hostID": 101000, "size": 3}, + {"containerID": 200, "hostID": 102000, "size": 3}, + {"containerID": 300, "hostID": 103000, "size": 3} + ], + "gidMappings": [ + {"containerID": 210, "hostID": 101100, "size": 10}, + {"containerID": 220, "hostID": 102200, "size": 10}, + {"containerID": 230, "hostID": 103300, "size": 10} + ] + } + ]' + + update_config '.process.args = ["bash", "-c", "stat -c =%n:%u=%g= /tmp/mount-tree{,/multi1,/multi2}/{foo,bar,baz}.txt"]' + runc run test_debian + [ "$status" -eq 0 ] + [[ "$output" == *"=/tmp/mount-tree/foo.txt:101000=101101="* ]] + [[ "$output" == *"=/tmp/mount-tree/bar.txt:102000=102202="* ]] + [[ "$output" == *"=/tmp/mount-tree/baz.txt:103000=103303="* ]] + # Because we used "idmap", the child mounts were not remapped recursively. + [[ "$output" == *"=/tmp/mount-tree/multi1/foo.txt:100=211="* ]] + [[ "$output" == *"=/tmp/mount-tree/multi1/bar.txt:101=222="* ]] + [[ "$output" == *"=/tmp/mount-tree/multi1/baz.txt:102=233="* ]] + [[ "$output" == *"=/tmp/mount-tree/multi2/foo.txt:200=211="* ]] + [[ "$output" == *"=/tmp/mount-tree/multi2/bar.txt:201=222="* ]] + [[ "$output" == *"=/tmp/mount-tree/multi2/baz.txt:202=233="* ]] +} + +@test "idmap mount (idmap flag) [userns]" { + setup_idmap_userns + + setup_host_bind_mount "source-multi1/" "mnt-subtree/multi1" + setup_host_bind_mount "source-multi2/" "mnt-subtree/multi2" + + update_config '.mounts += [ + { + "source": "mnt-subtree/", + "destination": "/tmp/mount-tree", + "options": ["rbind", "idmap"], + "uidMappings": [ + {"containerID": 100, "hostID": 101000, "size": 3}, + {"containerID": 200, "hostID": 102000, "size": 3}, + {"containerID": 300, "hostID": 103000, "size": 3} + ], + "gidMappings": [ + {"containerID": 210, "hostID": 101100, "size": 10}, + {"containerID": 220, "hostID": 102200, "size": 10}, + {"containerID": 230, "hostID": 103300, "size": 10} + ] + } + ]' + + update_config '.process.args = ["bash", "-c", "stat -c =%n:%u=%g= /tmp/mount-tree{,/multi1,/multi2}/{foo,bar,baz}.txt"]' + runc run test_debian + [ "$status" -eq 0 ] + [[ "$output" == *"=/tmp/mount-tree/foo.txt:1000=1101="* ]] + [[ "$output" == *"=/tmp/mount-tree/bar.txt:2000=2202="* ]] + [[ "$output" == *"=/tmp/mount-tree/baz.txt:3000=3303="* ]] + # Because we used "idmap", the child mounts were not remapped recursively. + [[ "$output" == *"=/tmp/mount-tree/multi1/foo.txt:$OVERFLOW_UID=$OVERFLOW_GID="* ]] + [[ "$output" == *"=/tmp/mount-tree/multi1/bar.txt:$OVERFLOW_UID=$OVERFLOW_GID="* ]] + [[ "$output" == *"=/tmp/mount-tree/multi1/baz.txt:$OVERFLOW_UID=$OVERFLOW_GID="* ]] + [[ "$output" == *"=/tmp/mount-tree/multi2/foo.txt:$OVERFLOW_UID=$OVERFLOW_GID="* ]] + [[ "$output" == *"=/tmp/mount-tree/multi2/bar.txt:$OVERFLOW_UID=$OVERFLOW_GID="* ]] + [[ "$output" == *"=/tmp/mount-tree/multi2/baz.txt:$OVERFLOW_UID=$OVERFLOW_GID="* ]] +} + +@test "idmap mount (idmap flag) [no userns]" { + setup_host_bind_mount "source-multi1/" "mnt-subtree/multi1" + setup_host_bind_mount "source-multi2/" "mnt-subtree/multi2" + + update_config '.mounts += [ + { + "source": "mnt-subtree/", + "destination": "/tmp/mount-tree", + "options": ["rbind", "idmap"], + "uidMappings": [ + {"containerID": 100, "hostID": 101000, "size": 3}, + {"containerID": 200, "hostID": 102000, "size": 3}, + {"containerID": 300, "hostID": 103000, "size": 3} + ], + "gidMappings": [ + {"containerID": 210, "hostID": 101100, "size": 10}, + {"containerID": 220, "hostID": 102200, "size": 10}, + {"containerID": 230, "hostID": 103300, "size": 10} + ] + } + ]' + + update_config '.process.args = ["bash", "-c", "stat -c =%n:%u=%g= /tmp/mount-tree{,/multi1,/multi2}/{foo,bar,baz}.txt"]' + runc run test_debian + [ "$status" -eq 0 ] + [[ "$output" == *"=/tmp/mount-tree/foo.txt:101000=101101="* ]] + [[ "$output" == *"=/tmp/mount-tree/bar.txt:102000=102202="* ]] + [[ "$output" == *"=/tmp/mount-tree/baz.txt:103000=103303="* ]] + # Because we used "idmap", the child mounts were not remapped recursively. + [[ "$output" == *"=/tmp/mount-tree/multi1/foo.txt:100=211="* ]] + [[ "$output" == *"=/tmp/mount-tree/multi1/bar.txt:101=222="* ]] + [[ "$output" == *"=/tmp/mount-tree/multi1/baz.txt:102=233="* ]] + [[ "$output" == *"=/tmp/mount-tree/multi2/foo.txt:200=211="* ]] + [[ "$output" == *"=/tmp/mount-tree/multi2/bar.txt:201=222="* ]] + [[ "$output" == *"=/tmp/mount-tree/multi2/baz.txt:202=233="* ]] +} + +@test "idmap mount (ridmap flag) [userns]" { + setup_idmap_userns + + setup_host_bind_mount "source-multi1/" "mnt-subtree/multi1" + setup_host_bind_mount "source-multi2/" "mnt-subtree/multi2" + + update_config '.mounts += [ + { + "source": "mnt-subtree/", + "destination": "/tmp/mount-tree", + "options": ["rbind", "ridmap"], + "uidMappings": [ + {"containerID": 100, "hostID": 101000, "size": 3}, + {"containerID": 200, "hostID": 102000, "size": 3}, + {"containerID": 300, "hostID": 103000, "size": 3} + ], + "gidMappings": [ + {"containerID": 210, "hostID": 101100, "size": 10}, + {"containerID": 220, "hostID": 102200, "size": 10}, + {"containerID": 230, "hostID": 103300, "size": 10} + ] + } + ]' + + update_config '.process.args = ["bash", "-c", "stat -c =%n:%u=%g= /tmp/mount-tree{,/multi1,/multi2}/{foo,bar,baz}.txt"]' + runc run test_debian + [ "$status" -eq 0 ] + [[ "$output" == *"=/tmp/mount-tree/foo.txt:1000=1101="* ]] + [[ "$output" == *"=/tmp/mount-tree/bar.txt:2000=2202="* ]] + [[ "$output" == *"=/tmp/mount-tree/baz.txt:3000=3303="* ]] + # The child mounts have the same mapping applied. + [[ "$output" == *"=/tmp/mount-tree/multi1/foo.txt:1000=1101="* ]] + [[ "$output" == *"=/tmp/mount-tree/multi1/bar.txt:1001=2202="* ]] + [[ "$output" == *"=/tmp/mount-tree/multi1/baz.txt:1002=3303="* ]] + [[ "$output" == *"=/tmp/mount-tree/multi2/foo.txt:2000=1101="* ]] + [[ "$output" == *"=/tmp/mount-tree/multi2/bar.txt:2001=2202="* ]] + [[ "$output" == *"=/tmp/mount-tree/multi2/baz.txt:2002=3303="* ]] +} + +@test "idmap mount (ridmap flag) [no userns]" { + setup_host_bind_mount "source-multi1/" "mnt-subtree/multi1" + setup_host_bind_mount "source-multi2/" "mnt-subtree/multi2" + + update_config '.mounts += [ + { + "source": "mnt-subtree/", + "destination": "/tmp/mount-tree", + "options": ["rbind", "ridmap"], + "uidMappings": [ + {"containerID": 100, "hostID": 101000, "size": 3}, + {"containerID": 200, "hostID": 102000, "size": 3}, + {"containerID": 300, "hostID": 103000, "size": 3} + ], + "gidMappings": [ + {"containerID": 210, "hostID": 101100, "size": 10}, + {"containerID": 220, "hostID": 102200, "size": 10}, + {"containerID": 230, "hostID": 103300, "size": 10} + ] + } + ]' + + update_config '.process.args = ["bash", "-c", "stat -c =%n:%u=%g= /tmp/mount-tree{,/multi1,/multi2}/{foo,bar,baz}.txt"]' + runc run test_debian + [ "$status" -eq 0 ] + [[ "$output" == *"=/tmp/mount-tree/foo.txt:101000=101101="* ]] + [[ "$output" == *"=/tmp/mount-tree/bar.txt:102000=102202="* ]] + [[ "$output" == *"=/tmp/mount-tree/baz.txt:103000=103303="* ]] + # The child mounts have the same mapping applied. + [[ "$output" == *"=/tmp/mount-tree/multi1/foo.txt:101000=101101="* ]] + [[ "$output" == *"=/tmp/mount-tree/multi1/bar.txt:101001=102202="* ]] + [[ "$output" == *"=/tmp/mount-tree/multi1/baz.txt:101002=103303="* ]] + [[ "$output" == *"=/tmp/mount-tree/multi2/foo.txt:102000=101101="* ]] + [[ "$output" == *"=/tmp/mount-tree/multi2/bar.txt:102001=102202="* ]] + [[ "$output" == *"=/tmp/mount-tree/multi2/baz.txt:102002=103303="* ]] +} + +@test "idmap mount (idmap flag, implied mapping) [userns]" { + setup_idmap_userns + + setup_host_bind_mount "source-multi1/" "mnt-subtree/multi1" + setup_host_bind_mount "source-multi2/" "mnt-subtree/multi2" + + update_config '.mounts += [ + { + "source": "mnt-subtree/", + "destination": "/tmp/mount-tree", + "options": ["rbind", "idmap"], + } + ]' + + update_config '.process.args = ["bash", "-c", "stat -c =%n:%u=%g= /tmp/mount-tree{,/multi1,/multi2}/{foo,bar,baz}.txt"]' + runc run test_debian + [ "$status" -eq 0 ] + [[ "$output" == *"=/tmp/mount-tree/foo.txt:100=211="* ]] + [[ "$output" == *"=/tmp/mount-tree/bar.txt:200=222="* ]] + [[ "$output" == *"=/tmp/mount-tree/baz.txt:300=233="* ]] + # Because we used "idmap", the child mounts were not remapped recursively. + [[ "$output" == *"=/tmp/mount-tree/multi1/foo.txt:$OVERFLOW_UID=$OVERFLOW_GID="* ]] + [[ "$output" == *"=/tmp/mount-tree/multi1/bar.txt:$OVERFLOW_UID=$OVERFLOW_GID="* ]] + [[ "$output" == *"=/tmp/mount-tree/multi1/baz.txt:$OVERFLOW_UID=$OVERFLOW_GID="* ]] + [[ "$output" == *"=/tmp/mount-tree/multi2/foo.txt:$OVERFLOW_UID=$OVERFLOW_GID="* ]] + [[ "$output" == *"=/tmp/mount-tree/multi2/bar.txt:$OVERFLOW_UID=$OVERFLOW_GID="* ]] + [[ "$output" == *"=/tmp/mount-tree/multi2/baz.txt:$OVERFLOW_UID=$OVERFLOW_GID="* ]] +} + +@test "idmap mount (ridmap flag, implied mapping) [userns]" { + setup_idmap_userns + + setup_host_bind_mount "source-multi1/" "mnt-subtree/multi1" + setup_host_bind_mount "source-multi2/" "mnt-subtree/multi2" + + update_config '.mounts += [ + { + "source": "mnt-subtree/", + "destination": "/tmp/mount-tree", + "options": ["rbind", "ridmap"], + } + ]' + + update_config '.process.args = ["bash", "-c", "stat -c =%n:%u=%g= /tmp/mount-tree{,/multi1,/multi2}/{foo,bar,baz}.txt"]' + runc run test_debian + [ "$status" -eq 0 ] + [[ "$output" == *"=/tmp/mount-tree/foo.txt:100=211="* ]] + [[ "$output" == *"=/tmp/mount-tree/bar.txt:200=222="* ]] + [[ "$output" == *"=/tmp/mount-tree/baz.txt:300=233="* ]] + # The child mounts have the same mapping applied. + [[ "$output" == *"=/tmp/mount-tree/multi1/foo.txt:100=211="* ]] + [[ "$output" == *"=/tmp/mount-tree/multi1/bar.txt:101=222="* ]] + [[ "$output" == *"=/tmp/mount-tree/multi1/baz.txt:102=233="* ]] + [[ "$output" == *"=/tmp/mount-tree/multi2/foo.txt:200=211="* ]] + [[ "$output" == *"=/tmp/mount-tree/multi2/bar.txt:201=222="* ]] + [[ "$output" == *"=/tmp/mount-tree/multi2/baz.txt:202=233="* ]] +} + +@test "idmap mount (idmap flag, implied mapping, userns join) [userns]" { + # Create a detached container with the id-mapping we want. + cp config.json config.json.bak + update_config '.linux.namespaces += [{"type": "user"}] + | .linux.uidMappings += [{"containerID": 0, "hostID": 100000, "size": 65536}] + | .linux.gidMappings += [{"containerID": 0, "hostID": 100000, "size": 65536}]' + update_config '.process.args = ["sleep", "infinity"]' + + runc run -d --console-socket "$CONSOLE_SOCKET" target_userns + [ "$status" -eq 0 ] + + # Configure our container to attach to the first container's userns. + target_pid="$(__runc state target_userns | jq .pid)" + update_config '.linux.namespaces |= map(if .type == "user" then (.path = "/proc/'"$target_pid"'/ns/" + .type) else . end)' + update_config 'del(.linux.uidMappings) | del(.linux.gidMappings)' + + setup_host_bind_mount "source-multi1/" "mnt-subtree/multi1" + setup_host_bind_mount "source-multi2/" "mnt-subtree/multi2" + + update_config '.mounts += [ + { + "source": "mnt-subtree/", + "destination": "/tmp/mount-tree", + "options": ["rbind", "idmap"], + } + ]' + + update_config '.process.args = ["bash", "-c", "stat -c =%n:%u=%g= /tmp/mount-tree{,/multi1,/multi2}/{foo,bar,baz}.txt"]' + runc run test_debian + [ "$status" -eq 0 ] + [[ "$output" == *"=/tmp/mount-tree/foo.txt:100=211="* ]] + [[ "$output" == *"=/tmp/mount-tree/bar.txt:200=222="* ]] + [[ "$output" == *"=/tmp/mount-tree/baz.txt:300=233="* ]] + # Because we used "idmap", the child mounts were not remapped recursively. + [[ "$output" == *"=/tmp/mount-tree/multi1/foo.txt:$OVERFLOW_UID=$OVERFLOW_GID="* ]] + [[ "$output" == *"=/tmp/mount-tree/multi1/bar.txt:$OVERFLOW_UID=$OVERFLOW_GID="* ]] + [[ "$output" == *"=/tmp/mount-tree/multi1/baz.txt:$OVERFLOW_UID=$OVERFLOW_GID="* ]] + [[ "$output" == *"=/tmp/mount-tree/multi2/foo.txt:$OVERFLOW_UID=$OVERFLOW_GID="* ]] + [[ "$output" == *"=/tmp/mount-tree/multi2/bar.txt:$OVERFLOW_UID=$OVERFLOW_GID="* ]] + [[ "$output" == *"=/tmp/mount-tree/multi2/baz.txt:$OVERFLOW_UID=$OVERFLOW_GID="* ]] +} From fa93c8b05b323187d0c5e3bdb3622c23c3abcfff Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Fri, 1 Dec 2023 17:08:38 +1100 Subject: [PATCH 0466/1176] tests: mounts: add some tests to check mount ordering Our previous implementation of idmapped mounts and bind-mount sources would open all of the source paths before we did any mounts, meaning that mounts using sources from inside the container rootfs would not be correct. This has been fixed with the new on-demand system, and so add some regression tests. Signed-off-by: Aleksa Sarai --- tests/integration/mounts.bats | 119 ++++++++++++++++++++++++++++++++++ 1 file changed, 119 insertions(+) diff --git a/tests/integration/mounts.bats b/tests/integration/mounts.bats index a4d997ca765..5dafb655c92 100644 --- a/tests/integration/mounts.bats +++ b/tests/integration/mounts.bats @@ -24,6 +24,109 @@ function test_ro_cgroup_mount() { for line in "${lines[@]}"; do [[ "${line}" == *'ro,'* ]]; done } +# Parse an "optstring" of the form foo,bar into $is_foo and $is_bar variables. +# Usage: parse_optstring foo,bar foo bar baz +function parse_optstring() { + optstring="$1" + shift + + for flag in "$@"; do + is_set= + if grep -wq "$flag" <<<"$optstring"; then + is_set=1 + fi + eval "is_$flag=$is_set" + done +} + +function config_add_bind_mount() { + src="$1" + dst="$2" + parse_optstring "${3:-}" rbind idmap + + bindtype=bind + if [ -n "$is_rbind" ]; then + bindtype=rbind + fi + + mappings="" + if [ -n "$is_idmap" ]; then + mappings=' + "uidMappings": [{"containerID": 0, "hostID": 100000, "size": 65536}], + "gidMappings": [{"containerID": 0, "hostID": 100000, "size": 65536}], + ' + fi + + update_config '.mounts += [{ + "source": "'"$src"'", + "destination": "'"$dst"'", + "type": "bind", + '"$mappings"' + "options": [ "'"$bindtype"'", "rprivate" ] + }]' +} + +# This needs to be placed at the top of the bats file to work around +# a shellcheck bug. See . +function test_mount_order() { + parse_optstring "${1:-}" userns idmap + + if [ -n "$is_userns" ]; then + requires root + + update_config '.linux.namespaces += [{"type": "user"}] + | .linux.uidMappings += [{"containerID": 0, "hostID": 100000, "size": 65536}] + | .linux.gidMappings += [{"containerID": 0, "hostID": 100000, "size": 65536}]' + remap_rootfs + fi + + ctr_src_opts="rbind" + if [ -n "$is_idmap" ]; then + requires root + requires_kernel 5.12 + requires_idmap_fs . + + ctr_src_opts+=",idmap" + fi + + mkdir -p rootfs/{mnt,final} + # Create a set of directories we can create a mount tree with. + for subdir in a/x b/y c/z; do + dir="bind-src/$subdir" + mkdir -p "$dir" + echo "$subdir" >"$dir/file" + # Add a symlink to make sure + topdir="$(dirname "$subdir")" + ln -s "$topdir" "bind-src/sym-$topdir" + done + # In userns tests, make sure that the source directory cannot be accessed, + # to make sure we're exercising the bind-mount source fd logic. + chmod o-rwx bind-src + + rootfs="$(pwd)/rootfs" + rm -rf rootfs/mnt + mkdir rootfs/mnt + + # Create a bind-mount tree. + config_add_bind_mount "$PWD/bind-src/a" "/mnt" + config_add_bind_mount "$PWD/bind-src/sym-b" "/mnt/x" + config_add_bind_mount "$PWD/bind-src/c" "/mnt/x/y" + config_add_bind_mount "$PWD/bind-src/sym-a" "/mnt/x/y/z" + # Create a recursive bind-mount that uses part of the current tree in the + # container. + config_add_bind_mount "$rootfs/mnt/x" "$rootfs/mnt/x/y/z/x" "$ctr_src_opts" + config_add_bind_mount "$rootfs/mnt/x/y" "$rootfs/mnt/x/y/z" "$ctr_src_opts" + # Finally, bind-mount the whole thing on top of /final. + config_add_bind_mount "$rootfs/mnt" "$rootfs/final" "$ctr_src_opts" + + # Check that the entire tree was copied and the mounts were done in the + # expected order. + update_config '.process.args = ["cat", "/final/x/y/z/z/x/y/z/x/file"]' + runc run test_busybox + [ "$status" -eq 0 ] + [[ "$output" == *"a/x"* ]] # the final "file" was from a/x. +} + # https://github.com/opencontainers/runc/issues/3991 @test "runc run [tmpcopyup]" { mkdir -p rootfs/dir1/dir2 @@ -108,3 +211,19 @@ function test_ro_cgroup_mount() { update_config '.linux.namespaces |= if index({"type": "cgroup"}) then . else . + [{"type": "cgroup"}] end' test_ro_cgroup_mount } + +@test "runc run [mount order, container bind-mount source]" { + test_mount_order +} + +@test "runc run [mount order, container bind-mount source] (userns)" { + test_mount_order userns +} + +@test "runc run [mount order, container idmap source]" { + test_mount_order idmap +} + +@test "runc run [mount order, container idmap source] (userns)" { + test_mount_order userns,idmap +} From 482e56379a1c2f8b2573f07c06013510e59f9eb8 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Fri, 8 Dec 2023 11:07:51 +1100 Subject: [PATCH 0467/1176] configs: make id mappings int64 to better handle 32-bit Using ints for all of our mapping structures means that a 32-bit binary errors out when trying to parse /proc/self/*id_map: failed to cache mappings for userns: failed to parse uid_map of userns /proc/1/ns/user: parsing id map failed: invalid format in line " 0 0 4294967295": integer overflow on token 4294967295 This issue was unearthed by commit 1912d5988bbb ("*: actually support joining a userns with a new container") but the underlying issue has been present since the docker/libcontainer days. In theory, switching to uint32 (to match the spec) instead of int64 would also work, but keeping everything signed seems much less error-prone. It's also important to note that a mapping might be too large for an int on 32-bit, so we detect this during the mapping. Signed-off-by: Aleksa Sarai --- libcontainer/configs/config.go | 6 +++--- libcontainer/configs/config_linux.go | 25 ++++++++++++++++++++----- libcontainer/container_linux.go | 2 +- libcontainer/specconv/spec_linux.go | 6 +++--- 4 files changed, 27 insertions(+), 12 deletions(-) diff --git a/libcontainer/configs/config.go b/libcontainer/configs/config.go index 722e1dcad61..a0a79d19d53 100644 --- a/libcontainer/configs/config.go +++ b/libcontainer/configs/config.go @@ -22,9 +22,9 @@ type Rlimit struct { // IDMap represents UID/GID Mappings for User Namespaces. type IDMap struct { - ContainerID int `json:"container_id"` - HostID int `json:"host_id"` - Size int `json:"size"` + ContainerID int64 `json:"container_id"` + HostID int64 `json:"host_id"` + Size int64 `json:"size"` } // Seccomp represents syscall restrictions diff --git a/libcontainer/configs/config_linux.go b/libcontainer/configs/config_linux.go index 3c0e71e4b2d..e401f5331b4 100644 --- a/libcontainer/configs/config_linux.go +++ b/libcontainer/configs/config_linux.go @@ -3,6 +3,7 @@ package configs import ( "errors" "fmt" + "math" ) var ( @@ -30,11 +31,18 @@ func (c Config) HostUID(containerId int) (int, error) { if len(c.UIDMappings) == 0 { return -1, errNoUIDMap } - id, found := c.hostIDFromMapping(containerId, c.UIDMappings) + id, found := c.hostIDFromMapping(int64(containerId), c.UIDMappings) if !found { return -1, fmt.Errorf("user namespaces enabled, but no mapping found for uid %d", containerId) } - return id, nil + // If we are a 32-bit binary running on a 64-bit system, it's possible + // the mapped user is too large to store in an int, which means we + // cannot do the mapping. We can't just return an int64, because + // os.Setuid() takes an int. + if id > math.MaxInt { + return -1, fmt.Errorf("mapping for uid %d (host id %d) is larger than native integer size (%d)", containerId, id, math.MaxInt) + } + return int(id), nil } // Return unchanged id. return containerId, nil @@ -53,11 +61,18 @@ func (c Config) HostGID(containerId int) (int, error) { if len(c.GIDMappings) == 0 { return -1, errNoGIDMap } - id, found := c.hostIDFromMapping(containerId, c.GIDMappings) + id, found := c.hostIDFromMapping(int64(containerId), c.GIDMappings) if !found { return -1, fmt.Errorf("user namespaces enabled, but no mapping found for gid %d", containerId) } - return id, nil + // If we are a 32-bit binary running on a 64-bit system, it's possible + // the mapped user is too large to store in an int, which means we + // cannot do the mapping. We can't just return an int64, because + // os.Setgid() takes an int. + if id > math.MaxInt { + return -1, fmt.Errorf("mapping for gid %d (host id %d) is larger than native integer size (%d)", containerId, id, math.MaxInt) + } + return int(id), nil } // Return unchanged id. return containerId, nil @@ -71,7 +86,7 @@ func (c Config) HostRootGID() (int, error) { // Utility function that gets a host ID for a container ID from user namespace map // if that ID is present in the map. -func (c Config) hostIDFromMapping(containerID int, uMap []IDMap) (int, bool) { +func (c Config) hostIDFromMapping(containerID int64, uMap []IDMap) (int64, bool) { for _, m := range uMap { if (containerID >= m.ContainerID) && (containerID <= (m.ContainerID + m.Size - 1)) { hostID := m.HostID + (containerID - m.ContainerID) diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index f36abaf1032..85b48f83981 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -1351,7 +1351,7 @@ func ignoreTerminateErrors(err error) error { func requiresRootOrMappingTool(c *configs.Config) bool { gidMap := []configs.IDMap{ - {ContainerID: 0, HostID: os.Getegid(), Size: 1}, + {ContainerID: 0, HostID: int64(os.Getegid()), Size: 1}, } return !reflect.DeepEqual(c.GIDMappings, gidMap) } diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go index d595aa14770..0ad03c1bef3 100644 --- a/libcontainer/specconv/spec_linux.go +++ b/libcontainer/specconv/spec_linux.go @@ -522,9 +522,9 @@ func toConfigIDMap(specMaps []specs.LinuxIDMapping) []configs.IDMap { idmaps := make([]configs.IDMap, len(specMaps)) for i, id := range specMaps { idmaps[i] = configs.IDMap{ - ContainerID: int(id.ContainerID), - HostID: int(id.HostID), - Size: int(id.Size), + ContainerID: int64(id.ContainerID), + HostID: int64(id.HostID), + Size: int64(id.Size), } } return idmaps From 7b655782bf5ca1069261a3225161bf322fd1d13e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 15 Dec 2023 04:57:18 +0000 Subject: [PATCH 0468/1176] build(deps): bump actions/upload-artifact from 3 to 4 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3 to 4. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/validate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 8d7e862fad2..53ad8d4c7d6 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -185,7 +185,7 @@ jobs: - name: make releaseall run: make releaseall - name: upload artifacts - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: release-${{ github.run_id }} path: release/* From d08ba9ca89b3f5208539164e8c68fab7ba8acf31 Mon Sep 17 00:00:00 2001 From: lfbzhm Date: Mon, 18 Dec 2023 05:34:19 +0000 Subject: [PATCH 0469/1176] fix a (u|g)IDMappings type value convertion error Signed-off-by: lfbzhm --- libcontainer/userns/usernsfd_linux.go | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/libcontainer/userns/usernsfd_linux.go b/libcontainer/userns/usernsfd_linux.go index 721215619b4..2eb64cf76ca 100644 --- a/libcontainer/userns/usernsfd_linux.go +++ b/libcontainer/userns/usernsfd_linux.go @@ -22,16 +22,16 @@ type Mapping struct { func (m Mapping) toSys() (uids, gids []syscall.SysProcIDMap) { for _, uid := range m.UIDMappings { uids = append(uids, syscall.SysProcIDMap{ - ContainerID: uid.ContainerID, - HostID: uid.HostID, - Size: uid.Size, + ContainerID: int(uid.ContainerID), + HostID: int(uid.HostID), + Size: int(uid.Size), }) } for _, gid := range m.GIDMappings { gids = append(gids, syscall.SysProcIDMap{ - ContainerID: gid.ContainerID, - HostID: gid.HostID, - Size: gid.Size, + ContainerID: int(gid.ContainerID), + HostID: int(gid.HostID), + Size: int(gid.Size), }) } return From 0bbb7e9fcfea8b9b9191dea7b68d684e09c78ea5 Mon Sep 17 00:00:00 2001 From: lfbzhm Date: Wed, 13 Dec 2023 14:26:42 +0000 Subject: [PATCH 0470/1176] move the target 'clean' next to 'all' Signed-off-by: lfbzhm --- Makefile | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/Makefile b/Makefile index caa4441789c..0e753b98576 100644 --- a/Makefile +++ b/Makefile @@ -77,6 +77,18 @@ all: runc recvtty sd-helper seccompagent fs-idmap memfd-bind pidfd-kill remap-ro recvtty sd-helper seccompagent fs-idmap memfd-bind pidfd-kill remap-rootfs: $(GO_BUILD) -o contrib/cmd/$@/$@ ./contrib/cmd/$@ +.PHONY: clean +clean: + rm -f runc runc-* libcontainer/dmz/runc-dmz + rm -f contrib/cmd/recvtty/recvtty + rm -f contrib/cmd/sd-helper/sd-helper + rm -f contrib/cmd/seccompagent/seccompagent + rm -f contrib/cmd/fs-idmap/fs-idmap + rm -f contrib/cmd/memfd-bind/memfd-bind + rm -f contrib/cmd/pidfd-kill/pidfd-kill + sudo rm -rf release + rm -rf man/man8 + .PHONY: static static: static-bin verify-dmz-arch @@ -186,18 +198,6 @@ install-man: man install -d -m 755 $(DESTDIR)$(MANDIR)/man8 install -D -m 644 man/man8/*.8 $(DESTDIR)$(MANDIR)/man8 -.PHONY: clean -clean: - rm -f runc runc-* libcontainer/dmz/runc-dmz - rm -f contrib/cmd/fs-idmap/fs-idmap - rm -f contrib/cmd/recvtty/recvtty - rm -f contrib/cmd/sd-helper/sd-helper - rm -f contrib/cmd/seccompagent/seccompagent - rm -f contrib/cmd/memfd-bind/memfd-bind - rm -f contrib/cmd/pidfd-kill/pidfd-kill - sudo rm -rf release - rm -rf man/man8 - .PHONY: cfmt cfmt: C_SRC=$(shell git ls-files '*.c' | grep -v '^vendor/') cfmt: From c811308582b99a8b07bf2d7f4a7e15ffaddbb1f1 Mon Sep 17 00:00:00 2001 From: lfbzhm Date: Wed, 13 Dec 2023 14:28:23 +0000 Subject: [PATCH 0471/1176] remove remap-rootfs bin when running make clean Signed-off-by: lfbzhm --- Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/Makefile b/Makefile index 0e753b98576..d9e41aa47bf 100644 --- a/Makefile +++ b/Makefile @@ -86,6 +86,7 @@ clean: rm -f contrib/cmd/fs-idmap/fs-idmap rm -f contrib/cmd/memfd-bind/memfd-bind rm -f contrib/cmd/pidfd-kill/pidfd-kill + rm -f contrib/cmd/remap-rootfs/remap-rootfs sudo rm -rf release rm -rf man/man8 From 3f4a73d632bcf4d9da0332a6b26b2c6337423387 Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Fri, 15 Dec 2023 10:40:24 +0900 Subject: [PATCH 0472/1176] TestCheckpoint: skip on ErrCriuMissingFeatures Signed-off-by: Akihiro Suda --- libcontainer/criu_linux.go | 12 +++++++----- libcontainer/integration/checkpoint_test.go | 4 ++++ 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/libcontainer/criu_linux.go b/libcontainer/criu_linux.go index 0567152403f..66178fc16f6 100644 --- a/libcontainer/criu_linux.go +++ b/libcontainer/criu_linux.go @@ -28,6 +28,8 @@ import ( var criuFeatures *criurpc.CriuFeatures +var ErrCriuMissingFeatures = errors.New("criu is missing features") + func (c *Container) checkCriuFeatures(criuOpts *CriuOpts, rpcOpts *criurpc.CriuOpts, criuFeat *criurpc.CriuFeatures) error { t := criurpc.CriuReqType_FEATURE_CHECK @@ -50,14 +52,14 @@ func (c *Container) checkCriuFeatures(criuOpts *CriuOpts, rpcOpts *criurpc.CriuO return errors.New("CRIU feature check failed") } - missingFeatures := false + var missingFeatures []string // The outer if checks if the fields actually exist if (criuFeat.MemTrack != nil) && (criuFeatures.MemTrack != nil) { // The inner if checks if they are set to true if *criuFeat.MemTrack && !*criuFeatures.MemTrack { - missingFeatures = true + missingFeatures = append(missingFeatures, "MemTrack") logrus.Debugf("CRIU does not support MemTrack") } } @@ -67,13 +69,13 @@ func (c *Container) checkCriuFeatures(criuOpts *CriuOpts, rpcOpts *criurpc.CriuO if (criuFeat.LazyPages != nil) && (criuFeatures.LazyPages != nil) { if *criuFeat.LazyPages && !*criuFeatures.LazyPages { - missingFeatures = true + missingFeatures = append(missingFeatures, "LazyPages") logrus.Debugf("CRIU does not support LazyPages") } } - if missingFeatures { - return errors.New("CRIU is missing features") + if len(missingFeatures) != 0 { + return fmt.Errorf("%w: %v", ErrCriuMissingFeatures, missingFeatures) } return nil diff --git a/libcontainer/integration/checkpoint_test.go b/libcontainer/integration/checkpoint_test.go index 4783feed0fd..c5426af1983 100644 --- a/libcontainer/integration/checkpoint_test.go +++ b/libcontainer/integration/checkpoint_test.go @@ -3,6 +3,7 @@ package integration import ( "bufio" "bytes" + "errors" "os" "os/exec" "path/filepath" @@ -112,6 +113,9 @@ func testCheckpoint(t *testing.T, userns bool) { if err := container.Checkpoint(preDumpOpts); err != nil { showFile(t, preDumpLog) + if errors.Is(err, libcontainer.ErrCriuMissingFeatures) { + t.Skip(err) + } t.Fatal(err) } From b94b559058929fecb347bc78a86143ed670891d5 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 19 Dec 2023 17:21:01 -0800 Subject: [PATCH 0473/1176] scripts/check-config: don't check MEMCG_SWAP on newer kernels Kernel commit e55b9f96860f (which made its way into Linux v6.1-rc1) removes CONFIG_MEMCG_SWAP entirely, so there's no sense to check for in on newer kernels. Make the check conditional. Signed-off-by: Kir Kolyshkin --- script/check-config.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/script/check-config.sh b/script/check-config.sh index acc5547cfb2..2de94d2921c 100755 --- a/script/check-config.sh +++ b/script/check-config.sh @@ -255,8 +255,9 @@ echo 'Optional Features:' check_flags SECCOMP_FILTER check_flags CGROUP_PIDS - check_flags MEMCG_SWAP - + if kernel_lt 6 1; then + check_flags MEMCG_SWAP + fi if kernel_lt 5 8; then check_flags MEMCG_SWAP_ENABLED if is_set MEMCG_SWAP && ! is_set MEMCG_SWAP_ENABLED; then From 6aa4c1a13ee173b689654b528cf3c83820ceb1d5 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 19 Dec 2023 17:26:35 -0800 Subject: [PATCH 0474/1176] script/check-config: disable colors ...when the stdout is not a terminal, and also when NO_COLOR environment variable is set to any non-empty value (as per no-color.org). Co-authored-by: Akihiro Suda Signed-off-by: Kir Kolyshkin --- script/check-config.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/script/check-config.sh b/script/check-config.sh index 2de94d2921c..9c26152ea78 100755 --- a/script/check-config.sh +++ b/script/check-config.sh @@ -1,6 +1,8 @@ #!/usr/bin/env bash set -e -u +[ -t 1 ] || NO_COLOR=1 + # bits of this were adapted from check_config.sh in docker # see also https://github.com/docker/docker/blob/master/contrib/check-config.sh @@ -43,6 +45,8 @@ is_set_as_module() { } color() { + [ -n "${NO_COLOR:-}" ] && return + local codes=() if [ "$1" = 'bold' ]; then codes=("${codes[@]-}" '1') From 7f65cc75c7ffa5d6cd5f94b2a046a807c246578e Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Fri, 15 Dec 2023 11:33:17 +0900 Subject: [PATCH 0475/1176] script/check-config.sh: check CONFIG_CHECKPOINT_RESTORE Signed-off-by: Akihiro Suda --- script/check-config.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/script/check-config.sh b/script/check-config.sh index 9c26152ea78..642ff33a123 100755 --- a/script/check-config.sh +++ b/script/check-config.sh @@ -302,5 +302,6 @@ flags=( IP_VS_RR SECURITY_SELINUX SECURITY_APPARMOR + CHECKPOINT_RESTORE ) check_flags "${flags[@]}" From d87366f0195e72616fe2e5323ca89862b9714ca6 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 19 Dec 2023 19:24:09 -0800 Subject: [PATCH 0476/1176] scripts/check-config: fix kernel version checks Looking at the code, I found out that kernel_lt function was actually doing le ("less than or equal") rather than lt ("less than") operation. Let's fix this and do exactly what the name says. A bigger issue is, the function use was not consistent (some uses implied "less than or equal"). To fix the usage, find out all relevant kernel commits and kernel versions that have them (the latter is done using "git describe --contains $sha"), and fix the wrong cases. While at it, add references to all these kernel commits for the future generations of check-config.sh hackers. Also, add kernel_ge function which is the opposite of kernel_lt, and document both. Signed-off-by: Kir Kolyshkin --- script/check-config.sh | 31 ++++++++++++++++++++++++------- 1 file changed, 24 insertions(+), 7 deletions(-) diff --git a/script/check-config.sh b/script/check-config.sh index 642ff33a123..c749c60159e 100755 --- a/script/check-config.sh +++ b/script/check-config.sh @@ -29,9 +29,19 @@ kernelMajor="${kernelVersion%%.*}" kernelMinor="${kernelVersion#"$kernelMajor".}" kernelMinor="${kernelMinor%%.*}" +# Usage: to check if kernel version is < 4.8, use +# kernel_lt 4 8 +# (here "lt" stands for "less than"). kernel_lt() { [ "$kernelMajor" -lt "$1" ] && return - [ "$kernelMajor" -eq "$1" ] && [ "$kernelMinor" -le "$2" ] + [ "$kernelMajor" -eq "$1" ] && [ "$kernelMinor" -lt "$2" ] +} + +# Usage: to check if kernel version is >= 6.1, use +# kernel_ge 6 1 +# (here "ge" stands for "greater or equal"). +kernel_ge() { + ! kernel_lt "$1" "$2" } is_set() { @@ -234,16 +244,17 @@ flags=( ) check_flags "${flags[@]}" -if ! kernel_lt 4 14; then - if [ $cgroup = "v2" ]; then - check_flags CGROUP_BPF - fi +# Linux kernel commit 3007098494be. +if kernel_ge 4 10 && [ $cgroup = "v2" ]; then + check_flags CGROUP_BPF fi +# Linux kernel commit 3bf195ae6037. if kernel_lt 5 1; then check_flags NF_NAT_IPV4 fi +# Linux kernel commit 4806e975729f99c7. if kernel_lt 5 2; then check_flags NF_NAT_NEEDED fi @@ -259,9 +270,11 @@ echo 'Optional Features:' check_flags SECCOMP_FILTER check_flags CGROUP_PIDS + # Linux kernel commit e55b9f96860f. if kernel_lt 6 1; then check_flags MEMCG_SWAP fi + # Linux kernel commit 2d1c498072de. if kernel_lt 5 8; then check_flags MEMCG_SWAP_ENABLED if is_set MEMCG_SWAP && ! is_set MEMCG_SWAP_ENABLED; then @@ -270,20 +283,24 @@ echo 'Optional Features:' fi } +# Linux kernel commit d886f4e483ce. if kernel_lt 4 5; then check_flags MEMCG_KMEM fi -if kernel_lt 3 18; then +# Linux kernel commit 5b1efc027c0b. +if kernel_lt 3 19; then check_flags RESOURCE_COUNTERS fi -if kernel_lt 3 13; then +# Linux kernel commit 86f8515f9721. +if kernel_lt 3 14; then netprio=NETPRIO_CGROUP else netprio=CGROUP_NET_PRIO fi +# Linux kernel commit f382fb0bcef4. if kernel_lt 5 0; then check_flags IOSCHED_CFQ CFQ_GROUP_IOSCHED fi From 5a4f52178d80bcb0c4f240a4377755a2e667bcf1 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 15 Dec 2023 12:37:33 +0900 Subject: [PATCH 0477/1176] script/check-config.sh: check CONFIG_BLK_CGROUP_IOCOST For `io.weight` Co-authored-by: Akihiro Suda Signed-off-by: Kir Kolyshkin --- script/check-config.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/script/check-config.sh b/script/check-config.sh index c749c60159e..d54055023e9 100755 --- a/script/check-config.sh +++ b/script/check-config.sh @@ -305,6 +305,11 @@ if kernel_lt 5 0; then check_flags IOSCHED_CFQ CFQ_GROUP_IOSCHED fi +# Linux kernel commit 7caa47151ab2. +if kernel_ge 5 4; then + check_flags BLK_CGROUP_IOCOST +fi + flags=( BLK_CGROUP BLK_DEV_THROTTLING CGROUP_PERF From 43306be3f0c8b6dc3baec948785e56e14d7deb90 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 25 Dec 2023 04:35:41 +0000 Subject: [PATCH 0478/1176] build(deps): bump google.golang.org/protobuf from 1.31.0 to 1.32.0 Bumps google.golang.org/protobuf from 1.31.0 to 1.32.0. --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 +- .../protobuf/encoding/prototext/decode.go | 8 +- .../protobuf/encoding/prototext/encode.go | 4 +- .../protobuf/encoding/protowire/wire.go | 28 +-- .../protobuf/internal/descfmt/stringer.go | 183 +++++++++++---- .../protobuf/internal/filedesc/desc.go | 47 +++- .../protobuf/internal/genid/descriptor_gen.go | 212 ++++++++++++++++-- .../protobuf/internal/impl/codec_gen.go | 113 ++++++++-- .../protobuf/internal/impl/legacy_message.go | 19 +- .../protobuf/internal/impl/message.go | 17 +- .../protobuf/internal/impl/pointer_reflect.go | 36 +++ .../protobuf/internal/impl/pointer_unsafe.go | 40 ++++ ...ings_unsafe.go => strings_unsafe_go120.go} | 4 +- .../internal/strs/strings_unsafe_go121.go | 74 ++++++ .../protobuf/internal/version/version.go | 2 +- .../protobuf/proto/decode.go | 2 +- .../google.golang.org/protobuf/proto/doc.go | 58 ++--- .../protobuf/proto/encode.go | 2 +- .../protobuf/proto/extension.go | 2 +- .../google.golang.org/protobuf/proto/merge.go | 2 +- .../google.golang.org/protobuf/proto/proto.go | 18 +- .../protobuf/reflect/protoreflect/proto.go | 83 +++---- .../reflect/protoreflect/source_gen.go | 62 ++++- .../protobuf/reflect/protoreflect/type.go | 44 ++-- .../protobuf/reflect/protoreflect/value.go | 24 +- .../reflect/protoreflect/value_equal.go | 8 +- .../reflect/protoreflect/value_union.go | 44 ++-- ...{value_unsafe.go => value_unsafe_go120.go} | 4 +- .../protoreflect/value_unsafe_go121.go | 87 +++++++ .../reflect/protoregistry/registry.go | 24 +- vendor/modules.txt | 4 +- 32 files changed, 981 insertions(+), 280 deletions(-) rename vendor/google.golang.org/protobuf/internal/strs/{strings_unsafe.go => strings_unsafe_go120.go} (96%) create mode 100644 vendor/google.golang.org/protobuf/internal/strs/strings_unsafe_go121.go rename vendor/google.golang.org/protobuf/reflect/protoreflect/{value_unsafe.go => value_unsafe_go120.go} (97%) create mode 100644 vendor/google.golang.org/protobuf/reflect/protoreflect/value_unsafe_go121.go diff --git a/go.mod b/go.mod index 4b2adfc2e80..91b1a13a0b3 100644 --- a/go.mod +++ b/go.mod @@ -22,7 +22,7 @@ require ( github.com/vishvananda/netlink v1.1.0 golang.org/x/net v0.19.0 golang.org/x/sys v0.15.0 - google.golang.org/protobuf v1.31.0 + google.golang.org/protobuf v1.32.0 ) require ( diff --git a/go.sum b/go.sum index fbeb4d83575..ff17238b39a 100644 --- a/go.sum +++ b/go.sum @@ -76,8 +76,8 @@ golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8= -google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.32.0 h1:pPC6BG5ex8PDFnkbrGU3EixyhKcQ2aDuBS36lqK/C7I= +google.golang.org/protobuf v1.32.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/vendor/google.golang.org/protobuf/encoding/prototext/decode.go b/vendor/google.golang.org/protobuf/encoding/prototext/decode.go index 4921b2d4a76..a45f112bce3 100644 --- a/vendor/google.golang.org/protobuf/encoding/prototext/decode.go +++ b/vendor/google.golang.org/protobuf/encoding/prototext/decode.go @@ -21,7 +21,7 @@ import ( "google.golang.org/protobuf/reflect/protoregistry" ) -// Unmarshal reads the given []byte into the given proto.Message. +// Unmarshal reads the given []byte into the given [proto.Message]. // The provided message must be mutable (e.g., a non-nil pointer to a message). func Unmarshal(b []byte, m proto.Message) error { return UnmarshalOptions{}.Unmarshal(b, m) @@ -51,7 +51,7 @@ type UnmarshalOptions struct { } } -// Unmarshal reads the given []byte and populates the given proto.Message +// Unmarshal reads the given []byte and populates the given [proto.Message] // using options in the UnmarshalOptions object. // The provided message must be mutable (e.g., a non-nil pointer to a message). func (o UnmarshalOptions) Unmarshal(b []byte, m proto.Message) error { @@ -739,7 +739,9 @@ func (d decoder) skipValue() error { case text.ListClose: return nil case text.MessageOpen: - return d.skipMessageValue() + if err := d.skipMessageValue(); err != nil { + return err + } default: // Skip items. This will not validate whether skipped values are // of the same type or not, same behavior as C++ diff --git a/vendor/google.golang.org/protobuf/encoding/prototext/encode.go b/vendor/google.golang.org/protobuf/encoding/prototext/encode.go index 722a7b41df3..95967e8112a 100644 --- a/vendor/google.golang.org/protobuf/encoding/prototext/encode.go +++ b/vendor/google.golang.org/protobuf/encoding/prototext/encode.go @@ -33,7 +33,7 @@ func Format(m proto.Message) string { return MarshalOptions{Multiline: true}.Format(m) } -// Marshal writes the given proto.Message in textproto format using default +// Marshal writes the given [proto.Message] in textproto format using default // options. Do not depend on the output being stable. It may change over time // across different versions of the program. func Marshal(m proto.Message) ([]byte, error) { @@ -97,7 +97,7 @@ func (o MarshalOptions) Format(m proto.Message) string { return string(b) } -// Marshal writes the given proto.Message in textproto format using options in +// Marshal writes the given [proto.Message] in textproto format using options in // MarshalOptions object. Do not depend on the output being stable. It may // change over time across different versions of the program. func (o MarshalOptions) Marshal(m proto.Message) ([]byte, error) { diff --git a/vendor/google.golang.org/protobuf/encoding/protowire/wire.go b/vendor/google.golang.org/protobuf/encoding/protowire/wire.go index f4b4686cf9d..e942bc983ee 100644 --- a/vendor/google.golang.org/protobuf/encoding/protowire/wire.go +++ b/vendor/google.golang.org/protobuf/encoding/protowire/wire.go @@ -6,7 +6,7 @@ // See https://protobuf.dev/programming-guides/encoding. // // For marshaling and unmarshaling entire protobuf messages, -// use the "google.golang.org/protobuf/proto" package instead. +// use the [google.golang.org/protobuf/proto] package instead. package protowire import ( @@ -87,7 +87,7 @@ func ParseError(n int) error { // ConsumeField parses an entire field record (both tag and value) and returns // the field number, the wire type, and the total length. -// This returns a negative length upon an error (see ParseError). +// This returns a negative length upon an error (see [ParseError]). // // The total length includes the tag header and the end group marker (if the // field is a group). @@ -104,8 +104,8 @@ func ConsumeField(b []byte) (Number, Type, int) { } // ConsumeFieldValue parses a field value and returns its length. -// This assumes that the field Number and wire Type have already been parsed. -// This returns a negative length upon an error (see ParseError). +// This assumes that the field [Number] and wire [Type] have already been parsed. +// This returns a negative length upon an error (see [ParseError]). // // When parsing a group, the length includes the end group marker and // the end group is verified to match the starting field number. @@ -164,7 +164,7 @@ func AppendTag(b []byte, num Number, typ Type) []byte { } // ConsumeTag parses b as a varint-encoded tag, reporting its length. -// This returns a negative length upon an error (see ParseError). +// This returns a negative length upon an error (see [ParseError]). func ConsumeTag(b []byte) (Number, Type, int) { v, n := ConsumeVarint(b) if n < 0 { @@ -263,7 +263,7 @@ func AppendVarint(b []byte, v uint64) []byte { } // ConsumeVarint parses b as a varint-encoded uint64, reporting its length. -// This returns a negative length upon an error (see ParseError). +// This returns a negative length upon an error (see [ParseError]). func ConsumeVarint(b []byte) (v uint64, n int) { var y uint64 if len(b) <= 0 { @@ -384,7 +384,7 @@ func AppendFixed32(b []byte, v uint32) []byte { } // ConsumeFixed32 parses b as a little-endian uint32, reporting its length. -// This returns a negative length upon an error (see ParseError). +// This returns a negative length upon an error (see [ParseError]). func ConsumeFixed32(b []byte) (v uint32, n int) { if len(b) < 4 { return 0, errCodeTruncated @@ -412,7 +412,7 @@ func AppendFixed64(b []byte, v uint64) []byte { } // ConsumeFixed64 parses b as a little-endian uint64, reporting its length. -// This returns a negative length upon an error (see ParseError). +// This returns a negative length upon an error (see [ParseError]). func ConsumeFixed64(b []byte) (v uint64, n int) { if len(b) < 8 { return 0, errCodeTruncated @@ -432,7 +432,7 @@ func AppendBytes(b []byte, v []byte) []byte { } // ConsumeBytes parses b as a length-prefixed bytes value, reporting its length. -// This returns a negative length upon an error (see ParseError). +// This returns a negative length upon an error (see [ParseError]). func ConsumeBytes(b []byte) (v []byte, n int) { m, n := ConsumeVarint(b) if n < 0 { @@ -456,7 +456,7 @@ func AppendString(b []byte, v string) []byte { } // ConsumeString parses b as a length-prefixed bytes value, reporting its length. -// This returns a negative length upon an error (see ParseError). +// This returns a negative length upon an error (see [ParseError]). func ConsumeString(b []byte) (v string, n int) { bb, n := ConsumeBytes(b) return string(bb), n @@ -471,7 +471,7 @@ func AppendGroup(b []byte, num Number, v []byte) []byte { // ConsumeGroup parses b as a group value until the trailing end group marker, // and verifies that the end marker matches the provided num. The value v // does not contain the end marker, while the length does contain the end marker. -// This returns a negative length upon an error (see ParseError). +// This returns a negative length upon an error (see [ParseError]). func ConsumeGroup(num Number, b []byte) (v []byte, n int) { n = ConsumeFieldValue(num, StartGroupType, b) if n < 0 { @@ -495,8 +495,8 @@ func SizeGroup(num Number, n int) int { return n + SizeTag(num) } -// DecodeTag decodes the field Number and wire Type from its unified form. -// The Number is -1 if the decoded field number overflows int32. +// DecodeTag decodes the field [Number] and wire [Type] from its unified form. +// The [Number] is -1 if the decoded field number overflows int32. // Other than overflow, this does not check for field number validity. func DecodeTag(x uint64) (Number, Type) { // NOTE: MessageSet allows for larger field numbers than normal. @@ -506,7 +506,7 @@ func DecodeTag(x uint64) (Number, Type) { return Number(x >> 3), Type(x & 7) } -// EncodeTag encodes the field Number and wire Type into its unified form. +// EncodeTag encodes the field [Number] and wire [Type] into its unified form. func EncodeTag(num Number, typ Type) uint64 { return uint64(num)<<3 | uint64(typ&7) } diff --git a/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go b/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go index db5248e1b51..a45625c8d1f 100644 --- a/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go +++ b/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go @@ -83,7 +83,13 @@ func formatListOpt(vs list, isRoot, allowMulti bool) string { case protoreflect.FileImports: for i := 0; i < vs.Len(); i++ { var rs records - rs.Append(reflect.ValueOf(vs.Get(i)), "Path", "Package", "IsPublic", "IsWeak") + rv := reflect.ValueOf(vs.Get(i)) + rs.Append(rv, []methodAndName{ + {rv.MethodByName("Path"), "Path"}, + {rv.MethodByName("Package"), "Package"}, + {rv.MethodByName("IsPublic"), "IsPublic"}, + {rv.MethodByName("IsWeak"), "IsWeak"}, + }...) ss = append(ss, "{"+rs.Join()+"}") } return start + joinStrings(ss, allowMulti) + end @@ -92,34 +98,26 @@ func formatListOpt(vs list, isRoot, allowMulti bool) string { for i := 0; i < vs.Len(); i++ { m := reflect.ValueOf(vs).MethodByName("Get") v := m.Call([]reflect.Value{reflect.ValueOf(i)})[0].Interface() - ss = append(ss, formatDescOpt(v.(protoreflect.Descriptor), false, allowMulti && !isEnumValue)) + ss = append(ss, formatDescOpt(v.(protoreflect.Descriptor), false, allowMulti && !isEnumValue, nil)) } return start + joinStrings(ss, allowMulti && isEnumValue) + end } } -// descriptorAccessors is a list of accessors to print for each descriptor. -// -// Do not print all accessors since some contain redundant information, -// while others are pointers that we do not want to follow since the descriptor -// is actually a cyclic graph. -// -// Using a list allows us to print the accessors in a sensible order. -var descriptorAccessors = map[reflect.Type][]string{ - reflect.TypeOf((*protoreflect.FileDescriptor)(nil)).Elem(): {"Path", "Package", "Imports", "Messages", "Enums", "Extensions", "Services"}, - reflect.TypeOf((*protoreflect.MessageDescriptor)(nil)).Elem(): {"IsMapEntry", "Fields", "Oneofs", "ReservedNames", "ReservedRanges", "RequiredNumbers", "ExtensionRanges", "Messages", "Enums", "Extensions"}, - reflect.TypeOf((*protoreflect.FieldDescriptor)(nil)).Elem(): {"Number", "Cardinality", "Kind", "HasJSONName", "JSONName", "HasPresence", "IsExtension", "IsPacked", "IsWeak", "IsList", "IsMap", "MapKey", "MapValue", "HasDefault", "Default", "ContainingOneof", "ContainingMessage", "Message", "Enum"}, - reflect.TypeOf((*protoreflect.OneofDescriptor)(nil)).Elem(): {"Fields"}, // not directly used; must keep in sync with formatDescOpt - reflect.TypeOf((*protoreflect.EnumDescriptor)(nil)).Elem(): {"Values", "ReservedNames", "ReservedRanges"}, - reflect.TypeOf((*protoreflect.EnumValueDescriptor)(nil)).Elem(): {"Number"}, - reflect.TypeOf((*protoreflect.ServiceDescriptor)(nil)).Elem(): {"Methods"}, - reflect.TypeOf((*protoreflect.MethodDescriptor)(nil)).Elem(): {"Input", "Output", "IsStreamingClient", "IsStreamingServer"}, +type methodAndName struct { + method reflect.Value + name string } func FormatDesc(s fmt.State, r rune, t protoreflect.Descriptor) { - io.WriteString(s, formatDescOpt(t, true, r == 'v' && (s.Flag('+') || s.Flag('#')))) + io.WriteString(s, formatDescOpt(t, true, r == 'v' && (s.Flag('+') || s.Flag('#')), nil)) } -func formatDescOpt(t protoreflect.Descriptor, isRoot, allowMulti bool) string { + +func InternalFormatDescOptForTesting(t protoreflect.Descriptor, isRoot, allowMulti bool, record func(string)) string { + return formatDescOpt(t, isRoot, allowMulti, record) +} + +func formatDescOpt(t protoreflect.Descriptor, isRoot, allowMulti bool, record func(string)) string { rv := reflect.ValueOf(t) rt := rv.MethodByName("ProtoType").Type().In(0) @@ -129,26 +127,60 @@ func formatDescOpt(t protoreflect.Descriptor, isRoot, allowMulti bool) string { } _, isFile := t.(protoreflect.FileDescriptor) - rs := records{allowMulti: allowMulti} + rs := records{ + allowMulti: allowMulti, + record: record, + } if t.IsPlaceholder() { if isFile { - rs.Append(rv, "Path", "Package", "IsPlaceholder") + rs.Append(rv, []methodAndName{ + {rv.MethodByName("Path"), "Path"}, + {rv.MethodByName("Package"), "Package"}, + {rv.MethodByName("IsPlaceholder"), "IsPlaceholder"}, + }...) } else { - rs.Append(rv, "FullName", "IsPlaceholder") + rs.Append(rv, []methodAndName{ + {rv.MethodByName("FullName"), "FullName"}, + {rv.MethodByName("IsPlaceholder"), "IsPlaceholder"}, + }...) } } else { switch { case isFile: - rs.Append(rv, "Syntax") + rs.Append(rv, methodAndName{rv.MethodByName("Syntax"), "Syntax"}) case isRoot: - rs.Append(rv, "Syntax", "FullName") + rs.Append(rv, []methodAndName{ + {rv.MethodByName("Syntax"), "Syntax"}, + {rv.MethodByName("FullName"), "FullName"}, + }...) default: - rs.Append(rv, "Name") + rs.Append(rv, methodAndName{rv.MethodByName("Name"), "Name"}) } switch t := t.(type) { case protoreflect.FieldDescriptor: - for _, s := range descriptorAccessors[rt] { - switch s { + accessors := []methodAndName{ + {rv.MethodByName("Number"), "Number"}, + {rv.MethodByName("Cardinality"), "Cardinality"}, + {rv.MethodByName("Kind"), "Kind"}, + {rv.MethodByName("HasJSONName"), "HasJSONName"}, + {rv.MethodByName("JSONName"), "JSONName"}, + {rv.MethodByName("HasPresence"), "HasPresence"}, + {rv.MethodByName("IsExtension"), "IsExtension"}, + {rv.MethodByName("IsPacked"), "IsPacked"}, + {rv.MethodByName("IsWeak"), "IsWeak"}, + {rv.MethodByName("IsList"), "IsList"}, + {rv.MethodByName("IsMap"), "IsMap"}, + {rv.MethodByName("MapKey"), "MapKey"}, + {rv.MethodByName("MapValue"), "MapValue"}, + {rv.MethodByName("HasDefault"), "HasDefault"}, + {rv.MethodByName("Default"), "Default"}, + {rv.MethodByName("ContainingOneof"), "ContainingOneof"}, + {rv.MethodByName("ContainingMessage"), "ContainingMessage"}, + {rv.MethodByName("Message"), "Message"}, + {rv.MethodByName("Enum"), "Enum"}, + } + for _, s := range accessors { + switch s.name { case "MapKey": if k := t.MapKey(); k != nil { rs.recs = append(rs.recs, [2]string{"MapKey", k.Kind().String()}) @@ -157,20 +189,20 @@ func formatDescOpt(t protoreflect.Descriptor, isRoot, allowMulti bool) string { if v := t.MapValue(); v != nil { switch v.Kind() { case protoreflect.EnumKind: - rs.recs = append(rs.recs, [2]string{"MapValue", string(v.Enum().FullName())}) + rs.AppendRecs("MapValue", [2]string{"MapValue", string(v.Enum().FullName())}) case protoreflect.MessageKind, protoreflect.GroupKind: - rs.recs = append(rs.recs, [2]string{"MapValue", string(v.Message().FullName())}) + rs.AppendRecs("MapValue", [2]string{"MapValue", string(v.Message().FullName())}) default: - rs.recs = append(rs.recs, [2]string{"MapValue", v.Kind().String()}) + rs.AppendRecs("MapValue", [2]string{"MapValue", v.Kind().String()}) } } case "ContainingOneof": if od := t.ContainingOneof(); od != nil { - rs.recs = append(rs.recs, [2]string{"Oneof", string(od.Name())}) + rs.AppendRecs("ContainingOneof", [2]string{"Oneof", string(od.Name())}) } case "ContainingMessage": if t.IsExtension() { - rs.recs = append(rs.recs, [2]string{"Extendee", string(t.ContainingMessage().FullName())}) + rs.AppendRecs("ContainingMessage", [2]string{"Extendee", string(t.ContainingMessage().FullName())}) } case "Message": if !t.IsMap() { @@ -187,13 +219,61 @@ func formatDescOpt(t protoreflect.Descriptor, isRoot, allowMulti bool) string { ss = append(ss, string(fs.Get(i).Name())) } if len(ss) > 0 { - rs.recs = append(rs.recs, [2]string{"Fields", "[" + joinStrings(ss, false) + "]"}) + rs.AppendRecs("Fields", [2]string{"Fields", "[" + joinStrings(ss, false) + "]"}) } - default: - rs.Append(rv, descriptorAccessors[rt]...) + + case protoreflect.FileDescriptor: + rs.Append(rv, []methodAndName{ + {rv.MethodByName("Path"), "Path"}, + {rv.MethodByName("Package"), "Package"}, + {rv.MethodByName("Imports"), "Imports"}, + {rv.MethodByName("Messages"), "Messages"}, + {rv.MethodByName("Enums"), "Enums"}, + {rv.MethodByName("Extensions"), "Extensions"}, + {rv.MethodByName("Services"), "Services"}, + }...) + + case protoreflect.MessageDescriptor: + rs.Append(rv, []methodAndName{ + {rv.MethodByName("IsMapEntry"), "IsMapEntry"}, + {rv.MethodByName("Fields"), "Fields"}, + {rv.MethodByName("Oneofs"), "Oneofs"}, + {rv.MethodByName("ReservedNames"), "ReservedNames"}, + {rv.MethodByName("ReservedRanges"), "ReservedRanges"}, + {rv.MethodByName("RequiredNumbers"), "RequiredNumbers"}, + {rv.MethodByName("ExtensionRanges"), "ExtensionRanges"}, + {rv.MethodByName("Messages"), "Messages"}, + {rv.MethodByName("Enums"), "Enums"}, + {rv.MethodByName("Extensions"), "Extensions"}, + }...) + + case protoreflect.EnumDescriptor: + rs.Append(rv, []methodAndName{ + {rv.MethodByName("Values"), "Values"}, + {rv.MethodByName("ReservedNames"), "ReservedNames"}, + {rv.MethodByName("ReservedRanges"), "ReservedRanges"}, + }...) + + case protoreflect.EnumValueDescriptor: + rs.Append(rv, []methodAndName{ + {rv.MethodByName("Number"), "Number"}, + }...) + + case protoreflect.ServiceDescriptor: + rs.Append(rv, []methodAndName{ + {rv.MethodByName("Methods"), "Methods"}, + }...) + + case protoreflect.MethodDescriptor: + rs.Append(rv, []methodAndName{ + {rv.MethodByName("Input"), "Input"}, + {rv.MethodByName("Output"), "Output"}, + {rv.MethodByName("IsStreamingClient"), "IsStreamingClient"}, + {rv.MethodByName("IsStreamingServer"), "IsStreamingServer"}, + }...) } - if rv.MethodByName("GoType").IsValid() { - rs.Append(rv, "GoType") + if m := rv.MethodByName("GoType"); m.IsValid() { + rs.Append(rv, methodAndName{m, "GoType"}) } } return start + rs.Join() + end @@ -202,19 +282,34 @@ func formatDescOpt(t protoreflect.Descriptor, isRoot, allowMulti bool) string { type records struct { recs [][2]string allowMulti bool + + // record is a function that will be called for every Append() or + // AppendRecs() call, to be used for testing with the + // InternalFormatDescOptForTesting function. + record func(string) } -func (rs *records) Append(v reflect.Value, accessors ...string) { +func (rs *records) AppendRecs(fieldName string, newRecs [2]string) { + if rs.record != nil { + rs.record(fieldName) + } + rs.recs = append(rs.recs, newRecs) +} + +func (rs *records) Append(v reflect.Value, accessors ...methodAndName) { for _, a := range accessors { + if rs.record != nil { + rs.record(a.name) + } var rv reflect.Value - if m := v.MethodByName(a); m.IsValid() { - rv = m.Call(nil)[0] + if a.method.IsValid() { + rv = a.method.Call(nil)[0] } if v.Kind() == reflect.Struct && !rv.IsValid() { - rv = v.FieldByName(a) + rv = v.FieldByName(a.name) } if !rv.IsValid() { - panic(fmt.Sprintf("unknown accessor: %v.%s", v.Type(), a)) + panic(fmt.Sprintf("unknown accessor: %v.%s", v.Type(), a.name)) } if _, ok := rv.Interface().(protoreflect.Value); ok { rv = rv.MethodByName("Interface").Call(nil)[0] @@ -261,7 +356,7 @@ func (rs *records) Append(v reflect.Value, accessors ...string) { default: s = fmt.Sprint(v) } - rs.recs = append(rs.recs, [2]string{a, s}) + rs.recs = append(rs.recs, [2]string{a.name, s}) } } diff --git a/vendor/google.golang.org/protobuf/internal/filedesc/desc.go b/vendor/google.golang.org/protobuf/internal/filedesc/desc.go index 7c3689baee8..193c68e8f91 100644 --- a/vendor/google.golang.org/protobuf/internal/filedesc/desc.go +++ b/vendor/google.golang.org/protobuf/internal/filedesc/desc.go @@ -21,11 +21,26 @@ import ( "google.golang.org/protobuf/reflect/protoregistry" ) +// Edition is an Enum for proto2.Edition +type Edition int32 + +// These values align with the value of Enum in descriptor.proto which allows +// direct conversion between the proto enum and this enum. +const ( + EditionUnknown Edition = 0 + EditionProto2 Edition = 998 + EditionProto3 Edition = 999 + Edition2023 Edition = 1000 + EditionUnsupported Edition = 100000 +) + // The types in this file may have a suffix: // • L0: Contains fields common to all descriptors (except File) and // must be initialized up front. // • L1: Contains fields specific to a descriptor and -// must be initialized up front. +// must be initialized up front. If the associated proto uses Editions, the +// Editions features must always be resolved. If not explicitly set, the +// appropriate default must be resolved and set. // • L2: Contains fields that are lazily initialized when constructing // from the raw file descriptor. When constructing as a literal, the L2 // fields must be initialized up front. @@ -44,6 +59,7 @@ type ( } FileL1 struct { Syntax protoreflect.Syntax + Edition Edition // Only used if Syntax == Editions Path string Package protoreflect.FullName @@ -51,12 +67,35 @@ type ( Messages Messages Extensions Extensions Services Services + + EditionFeatures FileEditionFeatures } FileL2 struct { Options func() protoreflect.ProtoMessage Imports FileImports Locations SourceLocations } + + FileEditionFeatures struct { + // IsFieldPresence is true if field_presence is EXPLICIT + // https://protobuf.dev/editions/features/#field_presence + IsFieldPresence bool + // IsOpenEnum is true if enum_type is OPEN + // https://protobuf.dev/editions/features/#enum_type + IsOpenEnum bool + // IsPacked is true if repeated_field_encoding is PACKED + // https://protobuf.dev/editions/features/#repeated_field_encoding + IsPacked bool + // IsUTF8Validated is true if utf_validation is VERIFY + // https://protobuf.dev/editions/features/#utf8_validation + IsUTF8Validated bool + // IsDelimitedEncoded is true if message_encoding is DELIMITED + // https://protobuf.dev/editions/features/#message_encoding + IsDelimitedEncoded bool + // IsJSONCompliant is true if json_format is ALLOW + // https://protobuf.dev/editions/features/#json_format + IsJSONCompliant bool + } ) func (fd *File) ParentFile() protoreflect.FileDescriptor { return fd } @@ -210,6 +249,9 @@ type ( ContainingOneof protoreflect.OneofDescriptor // must be consistent with Message.Oneofs.Fields Enum protoreflect.EnumDescriptor Message protoreflect.MessageDescriptor + + // Edition features. + Presence bool } Oneof struct { @@ -273,6 +315,9 @@ func (fd *Field) HasJSONName() bool { return fd.L1.StringNam func (fd *Field) JSONName() string { return fd.L1.StringName.getJSON(fd) } func (fd *Field) TextName() string { return fd.L1.StringName.getText(fd) } func (fd *Field) HasPresence() bool { + if fd.L0.ParentFile.L1.Syntax == protoreflect.Editions { + return fd.L1.Presence || fd.L1.Message != nil || fd.L1.ContainingOneof != nil + } return fd.L1.Cardinality != protoreflect.Repeated && (fd.L0.ParentFile.L1.Syntax == protoreflect.Proto2 || fd.L1.Message != nil || fd.L1.ContainingOneof != nil) } func (fd *Field) HasOptionalKeyword() bool { diff --git a/vendor/google.golang.org/protobuf/internal/genid/descriptor_gen.go b/vendor/google.golang.org/protobuf/internal/genid/descriptor_gen.go index 136f1b21573..8f94230ea1c 100644 --- a/vendor/google.golang.org/protobuf/internal/genid/descriptor_gen.go +++ b/vendor/google.golang.org/protobuf/internal/genid/descriptor_gen.go @@ -12,6 +12,12 @@ import ( const File_google_protobuf_descriptor_proto = "google/protobuf/descriptor.proto" +// Full and short names for google.protobuf.Edition. +const ( + Edition_enum_fullname = "google.protobuf.Edition" + Edition_enum_name = "Edition" +) + // Names for google.protobuf.FileDescriptorSet. const ( FileDescriptorSet_message_name protoreflect.Name = "FileDescriptorSet" @@ -81,7 +87,7 @@ const ( FileDescriptorProto_Options_field_number protoreflect.FieldNumber = 8 FileDescriptorProto_SourceCodeInfo_field_number protoreflect.FieldNumber = 9 FileDescriptorProto_Syntax_field_number protoreflect.FieldNumber = 12 - FileDescriptorProto_Edition_field_number protoreflect.FieldNumber = 13 + FileDescriptorProto_Edition_field_number protoreflect.FieldNumber = 14 ) // Names for google.protobuf.DescriptorProto. @@ -184,10 +190,12 @@ const ( const ( ExtensionRangeOptions_UninterpretedOption_field_name protoreflect.Name = "uninterpreted_option" ExtensionRangeOptions_Declaration_field_name protoreflect.Name = "declaration" + ExtensionRangeOptions_Features_field_name protoreflect.Name = "features" ExtensionRangeOptions_Verification_field_name protoreflect.Name = "verification" ExtensionRangeOptions_UninterpretedOption_field_fullname protoreflect.FullName = "google.protobuf.ExtensionRangeOptions.uninterpreted_option" ExtensionRangeOptions_Declaration_field_fullname protoreflect.FullName = "google.protobuf.ExtensionRangeOptions.declaration" + ExtensionRangeOptions_Features_field_fullname protoreflect.FullName = "google.protobuf.ExtensionRangeOptions.features" ExtensionRangeOptions_Verification_field_fullname protoreflect.FullName = "google.protobuf.ExtensionRangeOptions.verification" ) @@ -195,6 +203,7 @@ const ( const ( ExtensionRangeOptions_UninterpretedOption_field_number protoreflect.FieldNumber = 999 ExtensionRangeOptions_Declaration_field_number protoreflect.FieldNumber = 2 + ExtensionRangeOptions_Features_field_number protoreflect.FieldNumber = 50 ExtensionRangeOptions_Verification_field_number protoreflect.FieldNumber = 3 ) @@ -212,29 +221,26 @@ const ( // Field names for google.protobuf.ExtensionRangeOptions.Declaration. const ( - ExtensionRangeOptions_Declaration_Number_field_name protoreflect.Name = "number" - ExtensionRangeOptions_Declaration_FullName_field_name protoreflect.Name = "full_name" - ExtensionRangeOptions_Declaration_Type_field_name protoreflect.Name = "type" - ExtensionRangeOptions_Declaration_IsRepeated_field_name protoreflect.Name = "is_repeated" - ExtensionRangeOptions_Declaration_Reserved_field_name protoreflect.Name = "reserved" - ExtensionRangeOptions_Declaration_Repeated_field_name protoreflect.Name = "repeated" + ExtensionRangeOptions_Declaration_Number_field_name protoreflect.Name = "number" + ExtensionRangeOptions_Declaration_FullName_field_name protoreflect.Name = "full_name" + ExtensionRangeOptions_Declaration_Type_field_name protoreflect.Name = "type" + ExtensionRangeOptions_Declaration_Reserved_field_name protoreflect.Name = "reserved" + ExtensionRangeOptions_Declaration_Repeated_field_name protoreflect.Name = "repeated" - ExtensionRangeOptions_Declaration_Number_field_fullname protoreflect.FullName = "google.protobuf.ExtensionRangeOptions.Declaration.number" - ExtensionRangeOptions_Declaration_FullName_field_fullname protoreflect.FullName = "google.protobuf.ExtensionRangeOptions.Declaration.full_name" - ExtensionRangeOptions_Declaration_Type_field_fullname protoreflect.FullName = "google.protobuf.ExtensionRangeOptions.Declaration.type" - ExtensionRangeOptions_Declaration_IsRepeated_field_fullname protoreflect.FullName = "google.protobuf.ExtensionRangeOptions.Declaration.is_repeated" - ExtensionRangeOptions_Declaration_Reserved_field_fullname protoreflect.FullName = "google.protobuf.ExtensionRangeOptions.Declaration.reserved" - ExtensionRangeOptions_Declaration_Repeated_field_fullname protoreflect.FullName = "google.protobuf.ExtensionRangeOptions.Declaration.repeated" + ExtensionRangeOptions_Declaration_Number_field_fullname protoreflect.FullName = "google.protobuf.ExtensionRangeOptions.Declaration.number" + ExtensionRangeOptions_Declaration_FullName_field_fullname protoreflect.FullName = "google.protobuf.ExtensionRangeOptions.Declaration.full_name" + ExtensionRangeOptions_Declaration_Type_field_fullname protoreflect.FullName = "google.protobuf.ExtensionRangeOptions.Declaration.type" + ExtensionRangeOptions_Declaration_Reserved_field_fullname protoreflect.FullName = "google.protobuf.ExtensionRangeOptions.Declaration.reserved" + ExtensionRangeOptions_Declaration_Repeated_field_fullname protoreflect.FullName = "google.protobuf.ExtensionRangeOptions.Declaration.repeated" ) // Field numbers for google.protobuf.ExtensionRangeOptions.Declaration. const ( - ExtensionRangeOptions_Declaration_Number_field_number protoreflect.FieldNumber = 1 - ExtensionRangeOptions_Declaration_FullName_field_number protoreflect.FieldNumber = 2 - ExtensionRangeOptions_Declaration_Type_field_number protoreflect.FieldNumber = 3 - ExtensionRangeOptions_Declaration_IsRepeated_field_number protoreflect.FieldNumber = 4 - ExtensionRangeOptions_Declaration_Reserved_field_number protoreflect.FieldNumber = 5 - ExtensionRangeOptions_Declaration_Repeated_field_number protoreflect.FieldNumber = 6 + ExtensionRangeOptions_Declaration_Number_field_number protoreflect.FieldNumber = 1 + ExtensionRangeOptions_Declaration_FullName_field_number protoreflect.FieldNumber = 2 + ExtensionRangeOptions_Declaration_Type_field_number protoreflect.FieldNumber = 3 + ExtensionRangeOptions_Declaration_Reserved_field_number protoreflect.FieldNumber = 5 + ExtensionRangeOptions_Declaration_Repeated_field_number protoreflect.FieldNumber = 6 ) // Names for google.protobuf.FieldDescriptorProto. @@ -478,6 +484,7 @@ const ( FileOptions_PhpNamespace_field_name protoreflect.Name = "php_namespace" FileOptions_PhpMetadataNamespace_field_name protoreflect.Name = "php_metadata_namespace" FileOptions_RubyPackage_field_name protoreflect.Name = "ruby_package" + FileOptions_Features_field_name protoreflect.Name = "features" FileOptions_UninterpretedOption_field_name protoreflect.Name = "uninterpreted_option" FileOptions_JavaPackage_field_fullname protoreflect.FullName = "google.protobuf.FileOptions.java_package" @@ -500,6 +507,7 @@ const ( FileOptions_PhpNamespace_field_fullname protoreflect.FullName = "google.protobuf.FileOptions.php_namespace" FileOptions_PhpMetadataNamespace_field_fullname protoreflect.FullName = "google.protobuf.FileOptions.php_metadata_namespace" FileOptions_RubyPackage_field_fullname protoreflect.FullName = "google.protobuf.FileOptions.ruby_package" + FileOptions_Features_field_fullname protoreflect.FullName = "google.protobuf.FileOptions.features" FileOptions_UninterpretedOption_field_fullname protoreflect.FullName = "google.protobuf.FileOptions.uninterpreted_option" ) @@ -525,6 +533,7 @@ const ( FileOptions_PhpNamespace_field_number protoreflect.FieldNumber = 41 FileOptions_PhpMetadataNamespace_field_number protoreflect.FieldNumber = 44 FileOptions_RubyPackage_field_number protoreflect.FieldNumber = 45 + FileOptions_Features_field_number protoreflect.FieldNumber = 50 FileOptions_UninterpretedOption_field_number protoreflect.FieldNumber = 999 ) @@ -547,6 +556,7 @@ const ( MessageOptions_Deprecated_field_name protoreflect.Name = "deprecated" MessageOptions_MapEntry_field_name protoreflect.Name = "map_entry" MessageOptions_DeprecatedLegacyJsonFieldConflicts_field_name protoreflect.Name = "deprecated_legacy_json_field_conflicts" + MessageOptions_Features_field_name protoreflect.Name = "features" MessageOptions_UninterpretedOption_field_name protoreflect.Name = "uninterpreted_option" MessageOptions_MessageSetWireFormat_field_fullname protoreflect.FullName = "google.protobuf.MessageOptions.message_set_wire_format" @@ -554,6 +564,7 @@ const ( MessageOptions_Deprecated_field_fullname protoreflect.FullName = "google.protobuf.MessageOptions.deprecated" MessageOptions_MapEntry_field_fullname protoreflect.FullName = "google.protobuf.MessageOptions.map_entry" MessageOptions_DeprecatedLegacyJsonFieldConflicts_field_fullname protoreflect.FullName = "google.protobuf.MessageOptions.deprecated_legacy_json_field_conflicts" + MessageOptions_Features_field_fullname protoreflect.FullName = "google.protobuf.MessageOptions.features" MessageOptions_UninterpretedOption_field_fullname protoreflect.FullName = "google.protobuf.MessageOptions.uninterpreted_option" ) @@ -564,6 +575,7 @@ const ( MessageOptions_Deprecated_field_number protoreflect.FieldNumber = 3 MessageOptions_MapEntry_field_number protoreflect.FieldNumber = 7 MessageOptions_DeprecatedLegacyJsonFieldConflicts_field_number protoreflect.FieldNumber = 11 + MessageOptions_Features_field_number protoreflect.FieldNumber = 12 MessageOptions_UninterpretedOption_field_number protoreflect.FieldNumber = 999 ) @@ -584,8 +596,9 @@ const ( FieldOptions_Weak_field_name protoreflect.Name = "weak" FieldOptions_DebugRedact_field_name protoreflect.Name = "debug_redact" FieldOptions_Retention_field_name protoreflect.Name = "retention" - FieldOptions_Target_field_name protoreflect.Name = "target" FieldOptions_Targets_field_name protoreflect.Name = "targets" + FieldOptions_EditionDefaults_field_name protoreflect.Name = "edition_defaults" + FieldOptions_Features_field_name protoreflect.Name = "features" FieldOptions_UninterpretedOption_field_name protoreflect.Name = "uninterpreted_option" FieldOptions_Ctype_field_fullname protoreflect.FullName = "google.protobuf.FieldOptions.ctype" @@ -597,8 +610,9 @@ const ( FieldOptions_Weak_field_fullname protoreflect.FullName = "google.protobuf.FieldOptions.weak" FieldOptions_DebugRedact_field_fullname protoreflect.FullName = "google.protobuf.FieldOptions.debug_redact" FieldOptions_Retention_field_fullname protoreflect.FullName = "google.protobuf.FieldOptions.retention" - FieldOptions_Target_field_fullname protoreflect.FullName = "google.protobuf.FieldOptions.target" FieldOptions_Targets_field_fullname protoreflect.FullName = "google.protobuf.FieldOptions.targets" + FieldOptions_EditionDefaults_field_fullname protoreflect.FullName = "google.protobuf.FieldOptions.edition_defaults" + FieldOptions_Features_field_fullname protoreflect.FullName = "google.protobuf.FieldOptions.features" FieldOptions_UninterpretedOption_field_fullname protoreflect.FullName = "google.protobuf.FieldOptions.uninterpreted_option" ) @@ -613,8 +627,9 @@ const ( FieldOptions_Weak_field_number protoreflect.FieldNumber = 10 FieldOptions_DebugRedact_field_number protoreflect.FieldNumber = 16 FieldOptions_Retention_field_number protoreflect.FieldNumber = 17 - FieldOptions_Target_field_number protoreflect.FieldNumber = 18 FieldOptions_Targets_field_number protoreflect.FieldNumber = 19 + FieldOptions_EditionDefaults_field_number protoreflect.FieldNumber = 20 + FieldOptions_Features_field_number protoreflect.FieldNumber = 21 FieldOptions_UninterpretedOption_field_number protoreflect.FieldNumber = 999 ) @@ -642,6 +657,27 @@ const ( FieldOptions_OptionTargetType_enum_name = "OptionTargetType" ) +// Names for google.protobuf.FieldOptions.EditionDefault. +const ( + FieldOptions_EditionDefault_message_name protoreflect.Name = "EditionDefault" + FieldOptions_EditionDefault_message_fullname protoreflect.FullName = "google.protobuf.FieldOptions.EditionDefault" +) + +// Field names for google.protobuf.FieldOptions.EditionDefault. +const ( + FieldOptions_EditionDefault_Edition_field_name protoreflect.Name = "edition" + FieldOptions_EditionDefault_Value_field_name protoreflect.Name = "value" + + FieldOptions_EditionDefault_Edition_field_fullname protoreflect.FullName = "google.protobuf.FieldOptions.EditionDefault.edition" + FieldOptions_EditionDefault_Value_field_fullname protoreflect.FullName = "google.protobuf.FieldOptions.EditionDefault.value" +) + +// Field numbers for google.protobuf.FieldOptions.EditionDefault. +const ( + FieldOptions_EditionDefault_Edition_field_number protoreflect.FieldNumber = 3 + FieldOptions_EditionDefault_Value_field_number protoreflect.FieldNumber = 2 +) + // Names for google.protobuf.OneofOptions. const ( OneofOptions_message_name protoreflect.Name = "OneofOptions" @@ -650,13 +686,16 @@ const ( // Field names for google.protobuf.OneofOptions. const ( + OneofOptions_Features_field_name protoreflect.Name = "features" OneofOptions_UninterpretedOption_field_name protoreflect.Name = "uninterpreted_option" + OneofOptions_Features_field_fullname protoreflect.FullName = "google.protobuf.OneofOptions.features" OneofOptions_UninterpretedOption_field_fullname protoreflect.FullName = "google.protobuf.OneofOptions.uninterpreted_option" ) // Field numbers for google.protobuf.OneofOptions. const ( + OneofOptions_Features_field_number protoreflect.FieldNumber = 1 OneofOptions_UninterpretedOption_field_number protoreflect.FieldNumber = 999 ) @@ -671,11 +710,13 @@ const ( EnumOptions_AllowAlias_field_name protoreflect.Name = "allow_alias" EnumOptions_Deprecated_field_name protoreflect.Name = "deprecated" EnumOptions_DeprecatedLegacyJsonFieldConflicts_field_name protoreflect.Name = "deprecated_legacy_json_field_conflicts" + EnumOptions_Features_field_name protoreflect.Name = "features" EnumOptions_UninterpretedOption_field_name protoreflect.Name = "uninterpreted_option" EnumOptions_AllowAlias_field_fullname protoreflect.FullName = "google.protobuf.EnumOptions.allow_alias" EnumOptions_Deprecated_field_fullname protoreflect.FullName = "google.protobuf.EnumOptions.deprecated" EnumOptions_DeprecatedLegacyJsonFieldConflicts_field_fullname protoreflect.FullName = "google.protobuf.EnumOptions.deprecated_legacy_json_field_conflicts" + EnumOptions_Features_field_fullname protoreflect.FullName = "google.protobuf.EnumOptions.features" EnumOptions_UninterpretedOption_field_fullname protoreflect.FullName = "google.protobuf.EnumOptions.uninterpreted_option" ) @@ -684,6 +725,7 @@ const ( EnumOptions_AllowAlias_field_number protoreflect.FieldNumber = 2 EnumOptions_Deprecated_field_number protoreflect.FieldNumber = 3 EnumOptions_DeprecatedLegacyJsonFieldConflicts_field_number protoreflect.FieldNumber = 6 + EnumOptions_Features_field_number protoreflect.FieldNumber = 7 EnumOptions_UninterpretedOption_field_number protoreflect.FieldNumber = 999 ) @@ -696,15 +738,21 @@ const ( // Field names for google.protobuf.EnumValueOptions. const ( EnumValueOptions_Deprecated_field_name protoreflect.Name = "deprecated" + EnumValueOptions_Features_field_name protoreflect.Name = "features" + EnumValueOptions_DebugRedact_field_name protoreflect.Name = "debug_redact" EnumValueOptions_UninterpretedOption_field_name protoreflect.Name = "uninterpreted_option" EnumValueOptions_Deprecated_field_fullname protoreflect.FullName = "google.protobuf.EnumValueOptions.deprecated" + EnumValueOptions_Features_field_fullname protoreflect.FullName = "google.protobuf.EnumValueOptions.features" + EnumValueOptions_DebugRedact_field_fullname protoreflect.FullName = "google.protobuf.EnumValueOptions.debug_redact" EnumValueOptions_UninterpretedOption_field_fullname protoreflect.FullName = "google.protobuf.EnumValueOptions.uninterpreted_option" ) // Field numbers for google.protobuf.EnumValueOptions. const ( EnumValueOptions_Deprecated_field_number protoreflect.FieldNumber = 1 + EnumValueOptions_Features_field_number protoreflect.FieldNumber = 2 + EnumValueOptions_DebugRedact_field_number protoreflect.FieldNumber = 3 EnumValueOptions_UninterpretedOption_field_number protoreflect.FieldNumber = 999 ) @@ -716,15 +764,18 @@ const ( // Field names for google.protobuf.ServiceOptions. const ( + ServiceOptions_Features_field_name protoreflect.Name = "features" ServiceOptions_Deprecated_field_name protoreflect.Name = "deprecated" ServiceOptions_UninterpretedOption_field_name protoreflect.Name = "uninterpreted_option" + ServiceOptions_Features_field_fullname protoreflect.FullName = "google.protobuf.ServiceOptions.features" ServiceOptions_Deprecated_field_fullname protoreflect.FullName = "google.protobuf.ServiceOptions.deprecated" ServiceOptions_UninterpretedOption_field_fullname protoreflect.FullName = "google.protobuf.ServiceOptions.uninterpreted_option" ) // Field numbers for google.protobuf.ServiceOptions. const ( + ServiceOptions_Features_field_number protoreflect.FieldNumber = 34 ServiceOptions_Deprecated_field_number protoreflect.FieldNumber = 33 ServiceOptions_UninterpretedOption_field_number protoreflect.FieldNumber = 999 ) @@ -739,10 +790,12 @@ const ( const ( MethodOptions_Deprecated_field_name protoreflect.Name = "deprecated" MethodOptions_IdempotencyLevel_field_name protoreflect.Name = "idempotency_level" + MethodOptions_Features_field_name protoreflect.Name = "features" MethodOptions_UninterpretedOption_field_name protoreflect.Name = "uninterpreted_option" MethodOptions_Deprecated_field_fullname protoreflect.FullName = "google.protobuf.MethodOptions.deprecated" MethodOptions_IdempotencyLevel_field_fullname protoreflect.FullName = "google.protobuf.MethodOptions.idempotency_level" + MethodOptions_Features_field_fullname protoreflect.FullName = "google.protobuf.MethodOptions.features" MethodOptions_UninterpretedOption_field_fullname protoreflect.FullName = "google.protobuf.MethodOptions.uninterpreted_option" ) @@ -750,6 +803,7 @@ const ( const ( MethodOptions_Deprecated_field_number protoreflect.FieldNumber = 33 MethodOptions_IdempotencyLevel_field_number protoreflect.FieldNumber = 34 + MethodOptions_Features_field_number protoreflect.FieldNumber = 35 MethodOptions_UninterpretedOption_field_number protoreflect.FieldNumber = 999 ) @@ -816,6 +870,120 @@ const ( UninterpretedOption_NamePart_IsExtension_field_number protoreflect.FieldNumber = 2 ) +// Names for google.protobuf.FeatureSet. +const ( + FeatureSet_message_name protoreflect.Name = "FeatureSet" + FeatureSet_message_fullname protoreflect.FullName = "google.protobuf.FeatureSet" +) + +// Field names for google.protobuf.FeatureSet. +const ( + FeatureSet_FieldPresence_field_name protoreflect.Name = "field_presence" + FeatureSet_EnumType_field_name protoreflect.Name = "enum_type" + FeatureSet_RepeatedFieldEncoding_field_name protoreflect.Name = "repeated_field_encoding" + FeatureSet_Utf8Validation_field_name protoreflect.Name = "utf8_validation" + FeatureSet_MessageEncoding_field_name protoreflect.Name = "message_encoding" + FeatureSet_JsonFormat_field_name protoreflect.Name = "json_format" + + FeatureSet_FieldPresence_field_fullname protoreflect.FullName = "google.protobuf.FeatureSet.field_presence" + FeatureSet_EnumType_field_fullname protoreflect.FullName = "google.protobuf.FeatureSet.enum_type" + FeatureSet_RepeatedFieldEncoding_field_fullname protoreflect.FullName = "google.protobuf.FeatureSet.repeated_field_encoding" + FeatureSet_Utf8Validation_field_fullname protoreflect.FullName = "google.protobuf.FeatureSet.utf8_validation" + FeatureSet_MessageEncoding_field_fullname protoreflect.FullName = "google.protobuf.FeatureSet.message_encoding" + FeatureSet_JsonFormat_field_fullname protoreflect.FullName = "google.protobuf.FeatureSet.json_format" +) + +// Field numbers for google.protobuf.FeatureSet. +const ( + FeatureSet_FieldPresence_field_number protoreflect.FieldNumber = 1 + FeatureSet_EnumType_field_number protoreflect.FieldNumber = 2 + FeatureSet_RepeatedFieldEncoding_field_number protoreflect.FieldNumber = 3 + FeatureSet_Utf8Validation_field_number protoreflect.FieldNumber = 4 + FeatureSet_MessageEncoding_field_number protoreflect.FieldNumber = 5 + FeatureSet_JsonFormat_field_number protoreflect.FieldNumber = 6 +) + +// Full and short names for google.protobuf.FeatureSet.FieldPresence. +const ( + FeatureSet_FieldPresence_enum_fullname = "google.protobuf.FeatureSet.FieldPresence" + FeatureSet_FieldPresence_enum_name = "FieldPresence" +) + +// Full and short names for google.protobuf.FeatureSet.EnumType. +const ( + FeatureSet_EnumType_enum_fullname = "google.protobuf.FeatureSet.EnumType" + FeatureSet_EnumType_enum_name = "EnumType" +) + +// Full and short names for google.protobuf.FeatureSet.RepeatedFieldEncoding. +const ( + FeatureSet_RepeatedFieldEncoding_enum_fullname = "google.protobuf.FeatureSet.RepeatedFieldEncoding" + FeatureSet_RepeatedFieldEncoding_enum_name = "RepeatedFieldEncoding" +) + +// Full and short names for google.protobuf.FeatureSet.Utf8Validation. +const ( + FeatureSet_Utf8Validation_enum_fullname = "google.protobuf.FeatureSet.Utf8Validation" + FeatureSet_Utf8Validation_enum_name = "Utf8Validation" +) + +// Full and short names for google.protobuf.FeatureSet.MessageEncoding. +const ( + FeatureSet_MessageEncoding_enum_fullname = "google.protobuf.FeatureSet.MessageEncoding" + FeatureSet_MessageEncoding_enum_name = "MessageEncoding" +) + +// Full and short names for google.protobuf.FeatureSet.JsonFormat. +const ( + FeatureSet_JsonFormat_enum_fullname = "google.protobuf.FeatureSet.JsonFormat" + FeatureSet_JsonFormat_enum_name = "JsonFormat" +) + +// Names for google.protobuf.FeatureSetDefaults. +const ( + FeatureSetDefaults_message_name protoreflect.Name = "FeatureSetDefaults" + FeatureSetDefaults_message_fullname protoreflect.FullName = "google.protobuf.FeatureSetDefaults" +) + +// Field names for google.protobuf.FeatureSetDefaults. +const ( + FeatureSetDefaults_Defaults_field_name protoreflect.Name = "defaults" + FeatureSetDefaults_MinimumEdition_field_name protoreflect.Name = "minimum_edition" + FeatureSetDefaults_MaximumEdition_field_name protoreflect.Name = "maximum_edition" + + FeatureSetDefaults_Defaults_field_fullname protoreflect.FullName = "google.protobuf.FeatureSetDefaults.defaults" + FeatureSetDefaults_MinimumEdition_field_fullname protoreflect.FullName = "google.protobuf.FeatureSetDefaults.minimum_edition" + FeatureSetDefaults_MaximumEdition_field_fullname protoreflect.FullName = "google.protobuf.FeatureSetDefaults.maximum_edition" +) + +// Field numbers for google.protobuf.FeatureSetDefaults. +const ( + FeatureSetDefaults_Defaults_field_number protoreflect.FieldNumber = 1 + FeatureSetDefaults_MinimumEdition_field_number protoreflect.FieldNumber = 4 + FeatureSetDefaults_MaximumEdition_field_number protoreflect.FieldNumber = 5 +) + +// Names for google.protobuf.FeatureSetDefaults.FeatureSetEditionDefault. +const ( + FeatureSetDefaults_FeatureSetEditionDefault_message_name protoreflect.Name = "FeatureSetEditionDefault" + FeatureSetDefaults_FeatureSetEditionDefault_message_fullname protoreflect.FullName = "google.protobuf.FeatureSetDefaults.FeatureSetEditionDefault" +) + +// Field names for google.protobuf.FeatureSetDefaults.FeatureSetEditionDefault. +const ( + FeatureSetDefaults_FeatureSetEditionDefault_Edition_field_name protoreflect.Name = "edition" + FeatureSetDefaults_FeatureSetEditionDefault_Features_field_name protoreflect.Name = "features" + + FeatureSetDefaults_FeatureSetEditionDefault_Edition_field_fullname protoreflect.FullName = "google.protobuf.FeatureSetDefaults.FeatureSetEditionDefault.edition" + FeatureSetDefaults_FeatureSetEditionDefault_Features_field_fullname protoreflect.FullName = "google.protobuf.FeatureSetDefaults.FeatureSetEditionDefault.features" +) + +// Field numbers for google.protobuf.FeatureSetDefaults.FeatureSetEditionDefault. +const ( + FeatureSetDefaults_FeatureSetEditionDefault_Edition_field_number protoreflect.FieldNumber = 3 + FeatureSetDefaults_FeatureSetEditionDefault_Features_field_number protoreflect.FieldNumber = 2 +) + // Names for google.protobuf.SourceCodeInfo. const ( SourceCodeInfo_message_name protoreflect.Name = "SourceCodeInfo" diff --git a/vendor/google.golang.org/protobuf/internal/impl/codec_gen.go b/vendor/google.golang.org/protobuf/internal/impl/codec_gen.go index 1a509b63ebc..f55dc01e3a9 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/codec_gen.go +++ b/vendor/google.golang.org/protobuf/internal/impl/codec_gen.go @@ -162,11 +162,20 @@ func appendBoolSlice(b []byte, p pointer, f *coderFieldInfo, opts marshalOptions func consumeBoolSlice(b []byte, p pointer, wtyp protowire.Type, f *coderFieldInfo, opts unmarshalOptions) (out unmarshalOutput, err error) { sp := p.BoolSlice() if wtyp == protowire.BytesType { - s := *sp b, n := protowire.ConsumeBytes(b) if n < 0 { return out, errDecode } + count := 0 + for _, v := range b { + if v < 0x80 { + count++ + } + } + if count > 0 { + p.growBoolSlice(count) + } + s := *sp for len(b) > 0 { var v uint64 var n int @@ -732,11 +741,20 @@ func appendInt32Slice(b []byte, p pointer, f *coderFieldInfo, opts marshalOption func consumeInt32Slice(b []byte, p pointer, wtyp protowire.Type, f *coderFieldInfo, opts unmarshalOptions) (out unmarshalOutput, err error) { sp := p.Int32Slice() if wtyp == protowire.BytesType { - s := *sp b, n := protowire.ConsumeBytes(b) if n < 0 { return out, errDecode } + count := 0 + for _, v := range b { + if v < 0x80 { + count++ + } + } + if count > 0 { + p.growInt32Slice(count) + } + s := *sp for len(b) > 0 { var v uint64 var n int @@ -1138,11 +1156,20 @@ func appendSint32Slice(b []byte, p pointer, f *coderFieldInfo, opts marshalOptio func consumeSint32Slice(b []byte, p pointer, wtyp protowire.Type, f *coderFieldInfo, opts unmarshalOptions) (out unmarshalOutput, err error) { sp := p.Int32Slice() if wtyp == protowire.BytesType { - s := *sp b, n := protowire.ConsumeBytes(b) if n < 0 { return out, errDecode } + count := 0 + for _, v := range b { + if v < 0x80 { + count++ + } + } + if count > 0 { + p.growInt32Slice(count) + } + s := *sp for len(b) > 0 { var v uint64 var n int @@ -1544,11 +1571,20 @@ func appendUint32Slice(b []byte, p pointer, f *coderFieldInfo, opts marshalOptio func consumeUint32Slice(b []byte, p pointer, wtyp protowire.Type, f *coderFieldInfo, opts unmarshalOptions) (out unmarshalOutput, err error) { sp := p.Uint32Slice() if wtyp == protowire.BytesType { - s := *sp b, n := protowire.ConsumeBytes(b) if n < 0 { return out, errDecode } + count := 0 + for _, v := range b { + if v < 0x80 { + count++ + } + } + if count > 0 { + p.growUint32Slice(count) + } + s := *sp for len(b) > 0 { var v uint64 var n int @@ -1950,11 +1986,20 @@ func appendInt64Slice(b []byte, p pointer, f *coderFieldInfo, opts marshalOption func consumeInt64Slice(b []byte, p pointer, wtyp protowire.Type, f *coderFieldInfo, opts unmarshalOptions) (out unmarshalOutput, err error) { sp := p.Int64Slice() if wtyp == protowire.BytesType { - s := *sp b, n := protowire.ConsumeBytes(b) if n < 0 { return out, errDecode } + count := 0 + for _, v := range b { + if v < 0x80 { + count++ + } + } + if count > 0 { + p.growInt64Slice(count) + } + s := *sp for len(b) > 0 { var v uint64 var n int @@ -2356,11 +2401,20 @@ func appendSint64Slice(b []byte, p pointer, f *coderFieldInfo, opts marshalOptio func consumeSint64Slice(b []byte, p pointer, wtyp protowire.Type, f *coderFieldInfo, opts unmarshalOptions) (out unmarshalOutput, err error) { sp := p.Int64Slice() if wtyp == protowire.BytesType { - s := *sp b, n := protowire.ConsumeBytes(b) if n < 0 { return out, errDecode } + count := 0 + for _, v := range b { + if v < 0x80 { + count++ + } + } + if count > 0 { + p.growInt64Slice(count) + } + s := *sp for len(b) > 0 { var v uint64 var n int @@ -2762,11 +2816,20 @@ func appendUint64Slice(b []byte, p pointer, f *coderFieldInfo, opts marshalOptio func consumeUint64Slice(b []byte, p pointer, wtyp protowire.Type, f *coderFieldInfo, opts unmarshalOptions) (out unmarshalOutput, err error) { sp := p.Uint64Slice() if wtyp == protowire.BytesType { - s := *sp b, n := protowire.ConsumeBytes(b) if n < 0 { return out, errDecode } + count := 0 + for _, v := range b { + if v < 0x80 { + count++ + } + } + if count > 0 { + p.growUint64Slice(count) + } + s := *sp for len(b) > 0 { var v uint64 var n int @@ -3145,11 +3208,15 @@ func appendSfixed32Slice(b []byte, p pointer, f *coderFieldInfo, opts marshalOpt func consumeSfixed32Slice(b []byte, p pointer, wtyp protowire.Type, f *coderFieldInfo, opts unmarshalOptions) (out unmarshalOutput, err error) { sp := p.Int32Slice() if wtyp == protowire.BytesType { - s := *sp b, n := protowire.ConsumeBytes(b) if n < 0 { return out, errDecode } + count := len(b) / protowire.SizeFixed32() + if count > 0 { + p.growInt32Slice(count) + } + s := *sp for len(b) > 0 { v, n := protowire.ConsumeFixed32(b) if n < 0 { @@ -3461,11 +3528,15 @@ func appendFixed32Slice(b []byte, p pointer, f *coderFieldInfo, opts marshalOpti func consumeFixed32Slice(b []byte, p pointer, wtyp protowire.Type, f *coderFieldInfo, opts unmarshalOptions) (out unmarshalOutput, err error) { sp := p.Uint32Slice() if wtyp == protowire.BytesType { - s := *sp b, n := protowire.ConsumeBytes(b) if n < 0 { return out, errDecode } + count := len(b) / protowire.SizeFixed32() + if count > 0 { + p.growUint32Slice(count) + } + s := *sp for len(b) > 0 { v, n := protowire.ConsumeFixed32(b) if n < 0 { @@ -3777,11 +3848,15 @@ func appendFloatSlice(b []byte, p pointer, f *coderFieldInfo, opts marshalOption func consumeFloatSlice(b []byte, p pointer, wtyp protowire.Type, f *coderFieldInfo, opts unmarshalOptions) (out unmarshalOutput, err error) { sp := p.Float32Slice() if wtyp == protowire.BytesType { - s := *sp b, n := protowire.ConsumeBytes(b) if n < 0 { return out, errDecode } + count := len(b) / protowire.SizeFixed32() + if count > 0 { + p.growFloat32Slice(count) + } + s := *sp for len(b) > 0 { v, n := protowire.ConsumeFixed32(b) if n < 0 { @@ -4093,11 +4168,15 @@ func appendSfixed64Slice(b []byte, p pointer, f *coderFieldInfo, opts marshalOpt func consumeSfixed64Slice(b []byte, p pointer, wtyp protowire.Type, f *coderFieldInfo, opts unmarshalOptions) (out unmarshalOutput, err error) { sp := p.Int64Slice() if wtyp == protowire.BytesType { - s := *sp b, n := protowire.ConsumeBytes(b) if n < 0 { return out, errDecode } + count := len(b) / protowire.SizeFixed64() + if count > 0 { + p.growInt64Slice(count) + } + s := *sp for len(b) > 0 { v, n := protowire.ConsumeFixed64(b) if n < 0 { @@ -4409,11 +4488,15 @@ func appendFixed64Slice(b []byte, p pointer, f *coderFieldInfo, opts marshalOpti func consumeFixed64Slice(b []byte, p pointer, wtyp protowire.Type, f *coderFieldInfo, opts unmarshalOptions) (out unmarshalOutput, err error) { sp := p.Uint64Slice() if wtyp == protowire.BytesType { - s := *sp b, n := protowire.ConsumeBytes(b) if n < 0 { return out, errDecode } + count := len(b) / protowire.SizeFixed64() + if count > 0 { + p.growUint64Slice(count) + } + s := *sp for len(b) > 0 { v, n := protowire.ConsumeFixed64(b) if n < 0 { @@ -4725,11 +4808,15 @@ func appendDoubleSlice(b []byte, p pointer, f *coderFieldInfo, opts marshalOptio func consumeDoubleSlice(b []byte, p pointer, wtyp protowire.Type, f *coderFieldInfo, opts unmarshalOptions) (out unmarshalOutput, err error) { sp := p.Float64Slice() if wtyp == protowire.BytesType { - s := *sp b, n := protowire.ConsumeBytes(b) if n < 0 { return out, errDecode } + count := len(b) / protowire.SizeFixed64() + if count > 0 { + p.growFloat64Slice(count) + } + s := *sp for len(b) > 0 { v, n := protowire.ConsumeFixed64(b) if n < 0 { diff --git a/vendor/google.golang.org/protobuf/internal/impl/legacy_message.go b/vendor/google.golang.org/protobuf/internal/impl/legacy_message.go index 61c483fac06..2ab2c629784 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/legacy_message.go +++ b/vendor/google.golang.org/protobuf/internal/impl/legacy_message.go @@ -206,13 +206,18 @@ func aberrantLoadMessageDescReentrant(t reflect.Type, name protoreflect.FullName // Obtain a list of oneof wrapper types. var oneofWrappers []reflect.Type - for _, method := range []string{"XXX_OneofFuncs", "XXX_OneofWrappers"} { - if fn, ok := t.MethodByName(method); ok { - for _, v := range fn.Func.Call([]reflect.Value{reflect.Zero(fn.Type.In(0))}) { - if vs, ok := v.Interface().([]interface{}); ok { - for _, v := range vs { - oneofWrappers = append(oneofWrappers, reflect.TypeOf(v)) - } + methods := make([]reflect.Method, 0, 2) + if m, ok := t.MethodByName("XXX_OneofFuncs"); ok { + methods = append(methods, m) + } + if m, ok := t.MethodByName("XXX_OneofWrappers"); ok { + methods = append(methods, m) + } + for _, fn := range methods { + for _, v := range fn.Func.Call([]reflect.Value{reflect.Zero(fn.Type.In(0))}) { + if vs, ok := v.Interface().([]interface{}); ok { + for _, v := range vs { + oneofWrappers = append(oneofWrappers, reflect.TypeOf(v)) } } } diff --git a/vendor/google.golang.org/protobuf/internal/impl/message.go b/vendor/google.golang.org/protobuf/internal/impl/message.go index 4f5fb67a0dd..629bacdcedd 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/message.go +++ b/vendor/google.golang.org/protobuf/internal/impl/message.go @@ -192,12 +192,17 @@ fieldLoop: // Derive a mapping of oneof wrappers to fields. oneofWrappers := mi.OneofWrappers - for _, method := range []string{"XXX_OneofFuncs", "XXX_OneofWrappers"} { - if fn, ok := reflect.PtrTo(t).MethodByName(method); ok { - for _, v := range fn.Func.Call([]reflect.Value{reflect.Zero(fn.Type.In(0))}) { - if vs, ok := v.Interface().([]interface{}); ok { - oneofWrappers = vs - } + methods := make([]reflect.Method, 0, 2) + if m, ok := reflect.PtrTo(t).MethodByName("XXX_OneofFuncs"); ok { + methods = append(methods, m) + } + if m, ok := reflect.PtrTo(t).MethodByName("XXX_OneofWrappers"); ok { + methods = append(methods, m) + } + for _, fn := range methods { + for _, v := range fn.Func.Call([]reflect.Value{reflect.Zero(fn.Type.In(0))}) { + if vs, ok := v.Interface().([]interface{}); ok { + oneofWrappers = vs } } } diff --git a/vendor/google.golang.org/protobuf/internal/impl/pointer_reflect.go b/vendor/google.golang.org/protobuf/internal/impl/pointer_reflect.go index 4c491bdf482..517e94434c7 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/pointer_reflect.go +++ b/vendor/google.golang.org/protobuf/internal/impl/pointer_reflect.go @@ -159,6 +159,42 @@ func (p pointer) SetPointer(v pointer) { p.v.Elem().Set(v.v) } +func growSlice(p pointer, addCap int) { + // TODO: Once we only support Go 1.20 and newer, use reflect.Grow. + in := p.v.Elem() + out := reflect.MakeSlice(in.Type(), in.Len(), in.Len()+addCap) + reflect.Copy(out, in) + p.v.Elem().Set(out) +} + +func (p pointer) growBoolSlice(addCap int) { + growSlice(p, addCap) +} + +func (p pointer) growInt32Slice(addCap int) { + growSlice(p, addCap) +} + +func (p pointer) growUint32Slice(addCap int) { + growSlice(p, addCap) +} + +func (p pointer) growInt64Slice(addCap int) { + growSlice(p, addCap) +} + +func (p pointer) growUint64Slice(addCap int) { + growSlice(p, addCap) +} + +func (p pointer) growFloat64Slice(addCap int) { + growSlice(p, addCap) +} + +func (p pointer) growFloat32Slice(addCap int) { + growSlice(p, addCap) +} + func (Export) MessageStateOf(p Pointer) *messageState { panic("not supported") } func (ms *messageState) pointer() pointer { panic("not supported") } func (ms *messageState) messageInfo() *MessageInfo { panic("not supported") } diff --git a/vendor/google.golang.org/protobuf/internal/impl/pointer_unsafe.go b/vendor/google.golang.org/protobuf/internal/impl/pointer_unsafe.go index ee0e0573e39..4b020e31164 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/pointer_unsafe.go +++ b/vendor/google.golang.org/protobuf/internal/impl/pointer_unsafe.go @@ -138,6 +138,46 @@ func (p pointer) SetPointer(v pointer) { *(*unsafe.Pointer)(p.p) = (unsafe.Pointer)(v.p) } +func (p pointer) growBoolSlice(addCap int) { + sp := p.BoolSlice() + s := make([]bool, 0, addCap+len(*sp)) + s = s[:len(*sp)] + copy(s, *sp) + *sp = s +} + +func (p pointer) growInt32Slice(addCap int) { + sp := p.Int32Slice() + s := make([]int32, 0, addCap+len(*sp)) + s = s[:len(*sp)] + copy(s, *sp) + *sp = s +} + +func (p pointer) growUint32Slice(addCap int) { + p.growInt32Slice(addCap) +} + +func (p pointer) growFloat32Slice(addCap int) { + p.growInt32Slice(addCap) +} + +func (p pointer) growInt64Slice(addCap int) { + sp := p.Int64Slice() + s := make([]int64, 0, addCap+len(*sp)) + s = s[:len(*sp)] + copy(s, *sp) + *sp = s +} + +func (p pointer) growUint64Slice(addCap int) { + p.growInt64Slice(addCap) +} + +func (p pointer) growFloat64Slice(addCap int) { + p.growInt64Slice(addCap) +} + // Static check that MessageState does not exceed the size of a pointer. const _ = uint(unsafe.Sizeof(unsafe.Pointer(nil)) - unsafe.Sizeof(MessageState{})) diff --git a/vendor/google.golang.org/protobuf/internal/strs/strings_unsafe.go b/vendor/google.golang.org/protobuf/internal/strs/strings_unsafe_go120.go similarity index 96% rename from vendor/google.golang.org/protobuf/internal/strs/strings_unsafe.go rename to vendor/google.golang.org/protobuf/internal/strs/strings_unsafe_go120.go index 61a84d34185..a008acd0908 100644 --- a/vendor/google.golang.org/protobuf/internal/strs/strings_unsafe.go +++ b/vendor/google.golang.org/protobuf/internal/strs/strings_unsafe_go120.go @@ -2,8 +2,8 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build !purego && !appengine -// +build !purego,!appengine +//go:build !purego && !appengine && !go1.21 +// +build !purego,!appengine,!go1.21 package strs diff --git a/vendor/google.golang.org/protobuf/internal/strs/strings_unsafe_go121.go b/vendor/google.golang.org/protobuf/internal/strs/strings_unsafe_go121.go new file mode 100644 index 00000000000..60166f2ba3c --- /dev/null +++ b/vendor/google.golang.org/protobuf/internal/strs/strings_unsafe_go121.go @@ -0,0 +1,74 @@ +// Copyright 2018 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build !purego && !appengine && go1.21 +// +build !purego,!appengine,go1.21 + +package strs + +import ( + "unsafe" + + "google.golang.org/protobuf/reflect/protoreflect" +) + +// UnsafeString returns an unsafe string reference of b. +// The caller must treat the input slice as immutable. +// +// WARNING: Use carefully. The returned result must not leak to the end user +// unless the input slice is provably immutable. +func UnsafeString(b []byte) string { + return unsafe.String(unsafe.SliceData(b), len(b)) +} + +// UnsafeBytes returns an unsafe bytes slice reference of s. +// The caller must treat returned slice as immutable. +// +// WARNING: Use carefully. The returned result must not leak to the end user. +func UnsafeBytes(s string) []byte { + return unsafe.Slice(unsafe.StringData(s), len(s)) +} + +// Builder builds a set of strings with shared lifetime. +// This differs from strings.Builder, which is for building a single string. +type Builder struct { + buf []byte +} + +// AppendFullName is equivalent to protoreflect.FullName.Append, +// but optimized for large batches where each name has a shared lifetime. +func (sb *Builder) AppendFullName(prefix protoreflect.FullName, name protoreflect.Name) protoreflect.FullName { + n := len(prefix) + len(".") + len(name) + if len(prefix) == 0 { + n -= len(".") + } + sb.grow(n) + sb.buf = append(sb.buf, prefix...) + sb.buf = append(sb.buf, '.') + sb.buf = append(sb.buf, name...) + return protoreflect.FullName(sb.last(n)) +} + +// MakeString is equivalent to string(b), but optimized for large batches +// with a shared lifetime. +func (sb *Builder) MakeString(b []byte) string { + sb.grow(len(b)) + sb.buf = append(sb.buf, b...) + return sb.last(len(b)) +} + +func (sb *Builder) grow(n int) { + if cap(sb.buf)-len(sb.buf) >= n { + return + } + + // Unlike strings.Builder, we do not need to copy over the contents + // of the old buffer since our builder provides no API for + // retrieving previously created strings. + sb.buf = make([]byte, 0, 2*(cap(sb.buf)+n)) +} + +func (sb *Builder) last(n int) string { + return UnsafeString(sb.buf[len(sb.buf)-n:]) +} diff --git a/vendor/google.golang.org/protobuf/internal/version/version.go b/vendor/google.golang.org/protobuf/internal/version/version.go index 0999f29d501..d8f48faffac 100644 --- a/vendor/google.golang.org/protobuf/internal/version/version.go +++ b/vendor/google.golang.org/protobuf/internal/version/version.go @@ -51,7 +51,7 @@ import ( // 10. Send out the CL for review and submit it. const ( Major = 1 - Minor = 31 + Minor = 32 Patch = 0 PreRelease = "" ) diff --git a/vendor/google.golang.org/protobuf/proto/decode.go b/vendor/google.golang.org/protobuf/proto/decode.go index 48d47946bb1..e5b03b56771 100644 --- a/vendor/google.golang.org/protobuf/proto/decode.go +++ b/vendor/google.golang.org/protobuf/proto/decode.go @@ -69,7 +69,7 @@ func (o UnmarshalOptions) Unmarshal(b []byte, m Message) error { // UnmarshalState parses a wire-format message and places the result in m. // // This method permits fine-grained control over the unmarshaler. -// Most users should use Unmarshal instead. +// Most users should use [Unmarshal] instead. func (o UnmarshalOptions) UnmarshalState(in protoiface.UnmarshalInput) (protoiface.UnmarshalOutput, error) { if o.RecursionLimit == 0 { o.RecursionLimit = protowire.DefaultRecursionLimit diff --git a/vendor/google.golang.org/protobuf/proto/doc.go b/vendor/google.golang.org/protobuf/proto/doc.go index ec71e717fe7..80ed16a0c29 100644 --- a/vendor/google.golang.org/protobuf/proto/doc.go +++ b/vendor/google.golang.org/protobuf/proto/doc.go @@ -18,27 +18,27 @@ // This package contains functions to convert to and from the wire format, // an efficient binary serialization of protocol buffers. // -// • Size reports the size of a message in the wire format. +// - [Size] reports the size of a message in the wire format. // -// • Marshal converts a message to the wire format. -// The MarshalOptions type provides more control over wire marshaling. +// - [Marshal] converts a message to the wire format. +// The [MarshalOptions] type provides more control over wire marshaling. // -// • Unmarshal converts a message from the wire format. -// The UnmarshalOptions type provides more control over wire unmarshaling. +// - [Unmarshal] converts a message from the wire format. +// The [UnmarshalOptions] type provides more control over wire unmarshaling. // // # Basic message operations // -// • Clone makes a deep copy of a message. +// - [Clone] makes a deep copy of a message. // -// • Merge merges the content of a message into another. +// - [Merge] merges the content of a message into another. // -// • Equal compares two messages. For more control over comparisons -// and detailed reporting of differences, see package -// "google.golang.org/protobuf/testing/protocmp". +// - [Equal] compares two messages. For more control over comparisons +// and detailed reporting of differences, see package +// [google.golang.org/protobuf/testing/protocmp]. // -// • Reset clears the content of a message. +// - [Reset] clears the content of a message. // -// • CheckInitialized reports whether all required fields in a message are set. +// - [CheckInitialized] reports whether all required fields in a message are set. // // # Optional scalar constructors // @@ -46,9 +46,9 @@ // as pointers to a value. For example, an optional string field has the // Go type *string. // -// • Bool, Int32, Int64, Uint32, Uint64, Float32, Float64, and String -// take a value and return a pointer to a new instance of it, -// to simplify construction of optional field values. +// - [Bool], [Int32], [Int64], [Uint32], [Uint64], [Float32], [Float64], and [String] +// take a value and return a pointer to a new instance of it, +// to simplify construction of optional field values. // // Generated enum types usually have an Enum method which performs the // same operation. @@ -57,29 +57,29 @@ // // # Extension accessors // -// • HasExtension, GetExtension, SetExtension, and ClearExtension -// access extension field values in a protocol buffer message. +// - [HasExtension], [GetExtension], [SetExtension], and [ClearExtension] +// access extension field values in a protocol buffer message. // // Extension fields are only supported in proto2. // // # Related packages // -// • Package "google.golang.org/protobuf/encoding/protojson" converts messages to -// and from JSON. +// - Package [google.golang.org/protobuf/encoding/protojson] converts messages to +// and from JSON. // -// • Package "google.golang.org/protobuf/encoding/prototext" converts messages to -// and from the text format. +// - Package [google.golang.org/protobuf/encoding/prototext] converts messages to +// and from the text format. // -// • Package "google.golang.org/protobuf/reflect/protoreflect" provides a -// reflection interface for protocol buffer data types. +// - Package [google.golang.org/protobuf/reflect/protoreflect] provides a +// reflection interface for protocol buffer data types. // -// • Package "google.golang.org/protobuf/testing/protocmp" provides features -// to compare protocol buffer messages with the "github.com/google/go-cmp/cmp" -// package. +// - Package [google.golang.org/protobuf/testing/protocmp] provides features +// to compare protocol buffer messages with the [github.com/google/go-cmp/cmp] +// package. // -// • Package "google.golang.org/protobuf/types/dynamicpb" provides a dynamic -// message type, suitable for working with messages where the protocol buffer -// type is only known at runtime. +// - Package [google.golang.org/protobuf/types/dynamicpb] provides a dynamic +// message type, suitable for working with messages where the protocol buffer +// type is only known at runtime. // // This module contains additional packages for more specialized use cases. // Consult the individual package documentation for details. diff --git a/vendor/google.golang.org/protobuf/proto/encode.go b/vendor/google.golang.org/protobuf/proto/encode.go index bf7f816d0e8..4fed202f9fc 100644 --- a/vendor/google.golang.org/protobuf/proto/encode.go +++ b/vendor/google.golang.org/protobuf/proto/encode.go @@ -129,7 +129,7 @@ func (o MarshalOptions) MarshalAppend(b []byte, m Message) ([]byte, error) { // MarshalState returns the wire-format encoding of a message. // // This method permits fine-grained control over the marshaler. -// Most users should use Marshal instead. +// Most users should use [Marshal] instead. func (o MarshalOptions) MarshalState(in protoiface.MarshalInput) (protoiface.MarshalOutput, error) { return o.marshal(in.Buf, in.Message) } diff --git a/vendor/google.golang.org/protobuf/proto/extension.go b/vendor/google.golang.org/protobuf/proto/extension.go index 5f293cda869..17899a3a767 100644 --- a/vendor/google.golang.org/protobuf/proto/extension.go +++ b/vendor/google.golang.org/protobuf/proto/extension.go @@ -26,7 +26,7 @@ func HasExtension(m Message, xt protoreflect.ExtensionType) bool { } // ClearExtension clears an extension field such that subsequent -// HasExtension calls return false. +// [HasExtension] calls return false. // It panics if m is invalid or if xt does not extend m. func ClearExtension(m Message, xt protoreflect.ExtensionType) { m.ProtoReflect().Clear(xt.TypeDescriptor()) diff --git a/vendor/google.golang.org/protobuf/proto/merge.go b/vendor/google.golang.org/protobuf/proto/merge.go index d761ab331d1..3c6fe57807b 100644 --- a/vendor/google.golang.org/protobuf/proto/merge.go +++ b/vendor/google.golang.org/protobuf/proto/merge.go @@ -21,7 +21,7 @@ import ( // The unknown fields of src are appended to the unknown fields of dst. // // It is semantically equivalent to unmarshaling the encoded form of src -// into dst with the UnmarshalOptions.Merge option specified. +// into dst with the [UnmarshalOptions.Merge] option specified. func Merge(dst, src Message) { // TODO: Should nil src be treated as semantically equivalent to a // untyped, read-only, empty message? What about a nil dst? diff --git a/vendor/google.golang.org/protobuf/proto/proto.go b/vendor/google.golang.org/protobuf/proto/proto.go index 1f0d183b102..7543ee6b255 100644 --- a/vendor/google.golang.org/protobuf/proto/proto.go +++ b/vendor/google.golang.org/protobuf/proto/proto.go @@ -15,18 +15,20 @@ import ( // protobuf module that accept a Message, except where otherwise specified. // // This is the v2 interface definition for protobuf messages. -// The v1 interface definition is "github.com/golang/protobuf/proto".Message. +// The v1 interface definition is [github.com/golang/protobuf/proto.Message]. // -// To convert a v1 message to a v2 message, -// use "github.com/golang/protobuf/proto".MessageV2. -// To convert a v2 message to a v1 message, -// use "github.com/golang/protobuf/proto".MessageV1. +// - To convert a v1 message to a v2 message, +// use [google.golang.org/protobuf/protoadapt.MessageV2Of]. +// - To convert a v2 message to a v1 message, +// use [google.golang.org/protobuf/protoadapt.MessageV1Of]. type Message = protoreflect.ProtoMessage -// Error matches all errors produced by packages in the protobuf module. +// Error matches all errors produced by packages in the protobuf module +// according to [errors.Is]. // -// That is, errors.Is(err, Error) reports whether an error is produced -// by this module. +// Example usage: +// +// if errors.Is(err, proto.Error) { ... } var Error error func init() { diff --git a/vendor/google.golang.org/protobuf/reflect/protoreflect/proto.go b/vendor/google.golang.org/protobuf/reflect/protoreflect/proto.go index 55aa14922b0..ec6572dfda9 100644 --- a/vendor/google.golang.org/protobuf/reflect/protoreflect/proto.go +++ b/vendor/google.golang.org/protobuf/reflect/protoreflect/proto.go @@ -10,46 +10,46 @@ // // # Protocol Buffer Descriptors // -// Protobuf descriptors (e.g., EnumDescriptor or MessageDescriptor) +// Protobuf descriptors (e.g., [EnumDescriptor] or [MessageDescriptor]) // are immutable objects that represent protobuf type information. // They are wrappers around the messages declared in descriptor.proto. // Protobuf descriptors alone lack any information regarding Go types. // -// Enums and messages generated by this module implement Enum and ProtoMessage, +// Enums and messages generated by this module implement [Enum] and [ProtoMessage], // where the Descriptor and ProtoReflect.Descriptor accessors respectively // return the protobuf descriptor for the values. // // The protobuf descriptor interfaces are not meant to be implemented by // user code since they might need to be extended in the future to support // additions to the protobuf language. -// The "google.golang.org/protobuf/reflect/protodesc" package converts between +// The [google.golang.org/protobuf/reflect/protodesc] package converts between // google.protobuf.DescriptorProto messages and protobuf descriptors. // // # Go Type Descriptors // -// A type descriptor (e.g., EnumType or MessageType) is a constructor for +// A type descriptor (e.g., [EnumType] or [MessageType]) is a constructor for // a concrete Go type that represents the associated protobuf descriptor. // There is commonly a one-to-one relationship between protobuf descriptors and // Go type descriptors, but it can potentially be a one-to-many relationship. // -// Enums and messages generated by this module implement Enum and ProtoMessage, +// Enums and messages generated by this module implement [Enum] and [ProtoMessage], // where the Type and ProtoReflect.Type accessors respectively // return the protobuf descriptor for the values. // -// The "google.golang.org/protobuf/types/dynamicpb" package can be used to +// The [google.golang.org/protobuf/types/dynamicpb] package can be used to // create Go type descriptors from protobuf descriptors. // // # Value Interfaces // -// The Enum and Message interfaces provide a reflective view over an +// The [Enum] and [Message] interfaces provide a reflective view over an // enum or message instance. For enums, it provides the ability to retrieve // the enum value number for any concrete enum type. For messages, it provides // the ability to access or manipulate fields of the message. // -// To convert a proto.Message to a protoreflect.Message, use the +// To convert a [google.golang.org/protobuf/proto.Message] to a [protoreflect.Message], use the // former's ProtoReflect method. Since the ProtoReflect method is new to the // v2 message interface, it may not be present on older message implementations. -// The "github.com/golang/protobuf/proto".MessageReflect function can be used +// The [github.com/golang/protobuf/proto.MessageReflect] function can be used // to obtain a reflective view on older messages. // // # Relationships @@ -71,12 +71,12 @@ // │ │ // └────────────────── Type() ───────┘ // -// • An EnumType describes a concrete Go enum type. +// • An [EnumType] describes a concrete Go enum type. // It has an EnumDescriptor and can construct an Enum instance. // -// • An EnumDescriptor describes an abstract protobuf enum type. +// • An [EnumDescriptor] describes an abstract protobuf enum type. // -// • An Enum is a concrete enum instance. Generated enums implement Enum. +// • An [Enum] is a concrete enum instance. Generated enums implement Enum. // // ┌──────────────── New() ─────────────────┠// │ │ @@ -90,24 +90,26 @@ // │ │ // └─────────────────── Type() ─────────┘ // -// • A MessageType describes a concrete Go message type. -// It has a MessageDescriptor and can construct a Message instance. -// Just as how Go's reflect.Type is a reflective description of a Go type, -// a MessageType is a reflective description of a Go type for a protobuf message. +// • A [MessageType] describes a concrete Go message type. +// It has a [MessageDescriptor] and can construct a [Message] instance. +// Just as how Go's [reflect.Type] is a reflective description of a Go type, +// a [MessageType] is a reflective description of a Go type for a protobuf message. // -// • A MessageDescriptor describes an abstract protobuf message type. -// It has no understanding of Go types. In order to construct a MessageType -// from just a MessageDescriptor, you can consider looking up the message type -// in the global registry using protoregistry.GlobalTypes.FindMessageByName -// or constructing a dynamic MessageType using dynamicpb.NewMessageType. +// • A [MessageDescriptor] describes an abstract protobuf message type. +// It has no understanding of Go types. In order to construct a [MessageType] +// from just a [MessageDescriptor], you can consider looking up the message type +// in the global registry using the FindMessageByName method on +// [google.golang.org/protobuf/reflect/protoregistry.GlobalTypes] +// or constructing a dynamic [MessageType] using +// [google.golang.org/protobuf/types/dynamicpb.NewMessageType]. // -// • A Message is a reflective view over a concrete message instance. -// Generated messages implement ProtoMessage, which can convert to a Message. -// Just as how Go's reflect.Value is a reflective view over a Go value, -// a Message is a reflective view over a concrete protobuf message instance. -// Using Go reflection as an analogy, the ProtoReflect method is similar to -// calling reflect.ValueOf, and the Message.Interface method is similar to -// calling reflect.Value.Interface. +// • A [Message] is a reflective view over a concrete message instance. +// Generated messages implement [ProtoMessage], which can convert to a [Message]. +// Just as how Go's [reflect.Value] is a reflective view over a Go value, +// a [Message] is a reflective view over a concrete protobuf message instance. +// Using Go reflection as an analogy, the [ProtoMessage.ProtoReflect] method is similar to +// calling [reflect.ValueOf], and the [Message.Interface] method is similar to +// calling [reflect.Value.Interface]. // // ┌── TypeDescriptor() ──┠┌───── Descriptor() ─────┠// │ V │ V @@ -119,15 +121,15 @@ // │ │ // └────── implements ────────┘ // -// • An ExtensionType describes a concrete Go implementation of an extension. -// It has an ExtensionTypeDescriptor and can convert to/from -// abstract Values and Go values. +// • An [ExtensionType] describes a concrete Go implementation of an extension. +// It has an [ExtensionTypeDescriptor] and can convert to/from +// an abstract [Value] and a Go value. // -// • An ExtensionTypeDescriptor is an ExtensionDescriptor -// which also has an ExtensionType. +// • An [ExtensionTypeDescriptor] is an [ExtensionDescriptor] +// which also has an [ExtensionType]. // -// • An ExtensionDescriptor describes an abstract protobuf extension field and -// may not always be an ExtensionTypeDescriptor. +// • An [ExtensionDescriptor] describes an abstract protobuf extension field and +// may not always be an [ExtensionTypeDescriptor]. package protoreflect import ( @@ -142,7 +144,7 @@ type doNotImplement pragma.DoNotImplement // ProtoMessage is the top-level interface that all proto messages implement. // This is declared in the protoreflect package to avoid a cyclic dependency; -// use the proto.Message type instead, which aliases this type. +// use the [google.golang.org/protobuf/proto.Message] type instead, which aliases this type. type ProtoMessage interface{ ProtoReflect() Message } // Syntax is the language version of the proto file. @@ -151,8 +153,9 @@ type Syntax syntax type syntax int8 // keep exact type opaque as the int type may change const ( - Proto2 Syntax = 2 - Proto3 Syntax = 3 + Proto2 Syntax = 2 + Proto3 Syntax = 3 + Editions Syntax = 4 ) // IsValid reports whether the syntax is valid. @@ -436,7 +439,7 @@ type Names interface { // FullName is a qualified name that uniquely identifies a proto declaration. // A qualified name is the concatenation of the proto package along with the // fully-declared name (i.e., name of parent preceding the name of the child), -// with a '.' delimiter placed between each Name. +// with a '.' delimiter placed between each [Name]. // // This should not have any leading or trailing dots. type FullName string // e.g., "google.protobuf.Field.Kind" @@ -480,7 +483,7 @@ func isLetterDigit(c byte) bool { } // Name returns the short name, which is the last identifier segment. -// A single segment FullName is the Name itself. +// A single segment FullName is the [Name] itself. func (n FullName) Name() Name { if i := strings.LastIndexByte(string(n), '.'); i >= 0 { return Name(n[i+1:]) diff --git a/vendor/google.golang.org/protobuf/reflect/protoreflect/source_gen.go b/vendor/google.golang.org/protobuf/reflect/protoreflect/source_gen.go index 717b106f3da..0c045db6ab6 100644 --- a/vendor/google.golang.org/protobuf/reflect/protoreflect/source_gen.go +++ b/vendor/google.golang.org/protobuf/reflect/protoreflect/source_gen.go @@ -35,7 +35,7 @@ func (p *SourcePath) appendFileDescriptorProto(b []byte) []byte { b = p.appendSingularField(b, "source_code_info", (*SourcePath).appendSourceCodeInfo) case 12: b = p.appendSingularField(b, "syntax", nil) - case 13: + case 14: b = p.appendSingularField(b, "edition", nil) } return b @@ -180,6 +180,8 @@ func (p *SourcePath) appendFileOptions(b []byte) []byte { b = p.appendSingularField(b, "php_metadata_namespace", nil) case 45: b = p.appendSingularField(b, "ruby_package", nil) + case 50: + b = p.appendSingularField(b, "features", (*SourcePath).appendFeatureSet) case 999: b = p.appendRepeatedField(b, "uninterpreted_option", (*SourcePath).appendUninterpretedOption) } @@ -240,6 +242,8 @@ func (p *SourcePath) appendMessageOptions(b []byte) []byte { b = p.appendSingularField(b, "map_entry", nil) case 11: b = p.appendSingularField(b, "deprecated_legacy_json_field_conflicts", nil) + case 12: + b = p.appendSingularField(b, "features", (*SourcePath).appendFeatureSet) case 999: b = p.appendRepeatedField(b, "uninterpreted_option", (*SourcePath).appendUninterpretedOption) } @@ -285,6 +289,8 @@ func (p *SourcePath) appendEnumOptions(b []byte) []byte { b = p.appendSingularField(b, "deprecated", nil) case 6: b = p.appendSingularField(b, "deprecated_legacy_json_field_conflicts", nil) + case 7: + b = p.appendSingularField(b, "features", (*SourcePath).appendFeatureSet) case 999: b = p.appendRepeatedField(b, "uninterpreted_option", (*SourcePath).appendUninterpretedOption) } @@ -330,6 +336,8 @@ func (p *SourcePath) appendServiceOptions(b []byte) []byte { return b } switch (*p)[0] { + case 34: + b = p.appendSingularField(b, "features", (*SourcePath).appendFeatureSet) case 33: b = p.appendSingularField(b, "deprecated", nil) case 999: @@ -361,16 +369,39 @@ func (p *SourcePath) appendFieldOptions(b []byte) []byte { b = p.appendSingularField(b, "debug_redact", nil) case 17: b = p.appendSingularField(b, "retention", nil) - case 18: - b = p.appendSingularField(b, "target", nil) case 19: b = p.appendRepeatedField(b, "targets", nil) + case 20: + b = p.appendRepeatedField(b, "edition_defaults", (*SourcePath).appendFieldOptions_EditionDefault) + case 21: + b = p.appendSingularField(b, "features", (*SourcePath).appendFeatureSet) case 999: b = p.appendRepeatedField(b, "uninterpreted_option", (*SourcePath).appendUninterpretedOption) } return b } +func (p *SourcePath) appendFeatureSet(b []byte) []byte { + if len(*p) == 0 { + return b + } + switch (*p)[0] { + case 1: + b = p.appendSingularField(b, "field_presence", nil) + case 2: + b = p.appendSingularField(b, "enum_type", nil) + case 3: + b = p.appendSingularField(b, "repeated_field_encoding", nil) + case 4: + b = p.appendSingularField(b, "utf8_validation", nil) + case 5: + b = p.appendSingularField(b, "message_encoding", nil) + case 6: + b = p.appendSingularField(b, "json_format", nil) + } + return b +} + func (p *SourcePath) appendUninterpretedOption(b []byte) []byte { if len(*p) == 0 { return b @@ -422,6 +453,8 @@ func (p *SourcePath) appendExtensionRangeOptions(b []byte) []byte { b = p.appendRepeatedField(b, "uninterpreted_option", (*SourcePath).appendUninterpretedOption) case 2: b = p.appendRepeatedField(b, "declaration", (*SourcePath).appendExtensionRangeOptions_Declaration) + case 50: + b = p.appendSingularField(b, "features", (*SourcePath).appendFeatureSet) case 3: b = p.appendSingularField(b, "verification", nil) } @@ -433,6 +466,8 @@ func (p *SourcePath) appendOneofOptions(b []byte) []byte { return b } switch (*p)[0] { + case 1: + b = p.appendSingularField(b, "features", (*SourcePath).appendFeatureSet) case 999: b = p.appendRepeatedField(b, "uninterpreted_option", (*SourcePath).appendUninterpretedOption) } @@ -446,6 +481,10 @@ func (p *SourcePath) appendEnumValueOptions(b []byte) []byte { switch (*p)[0] { case 1: b = p.appendSingularField(b, "deprecated", nil) + case 2: + b = p.appendSingularField(b, "features", (*SourcePath).appendFeatureSet) + case 3: + b = p.appendSingularField(b, "debug_redact", nil) case 999: b = p.appendRepeatedField(b, "uninterpreted_option", (*SourcePath).appendUninterpretedOption) } @@ -461,12 +500,27 @@ func (p *SourcePath) appendMethodOptions(b []byte) []byte { b = p.appendSingularField(b, "deprecated", nil) case 34: b = p.appendSingularField(b, "idempotency_level", nil) + case 35: + b = p.appendSingularField(b, "features", (*SourcePath).appendFeatureSet) case 999: b = p.appendRepeatedField(b, "uninterpreted_option", (*SourcePath).appendUninterpretedOption) } return b } +func (p *SourcePath) appendFieldOptions_EditionDefault(b []byte) []byte { + if len(*p) == 0 { + return b + } + switch (*p)[0] { + case 3: + b = p.appendSingularField(b, "edition", nil) + case 2: + b = p.appendSingularField(b, "value", nil) + } + return b +} + func (p *SourcePath) appendUninterpretedOption_NamePart(b []byte) []byte { if len(*p) == 0 { return b @@ -491,8 +545,6 @@ func (p *SourcePath) appendExtensionRangeOptions_Declaration(b []byte) []byte { b = p.appendSingularField(b, "full_name", nil) case 3: b = p.appendSingularField(b, "type", nil) - case 4: - b = p.appendSingularField(b, "is_repeated", nil) case 5: b = p.appendSingularField(b, "reserved", nil) case 6: diff --git a/vendor/google.golang.org/protobuf/reflect/protoreflect/type.go b/vendor/google.golang.org/protobuf/reflect/protoreflect/type.go index 3867470d30a..60ff62b4c85 100644 --- a/vendor/google.golang.org/protobuf/reflect/protoreflect/type.go +++ b/vendor/google.golang.org/protobuf/reflect/protoreflect/type.go @@ -12,7 +12,7 @@ package protoreflect // exactly identical. However, it is possible for the same semantically // identical proto type to be represented by multiple type descriptors. // -// For example, suppose we have t1 and t2 which are both MessageDescriptors. +// For example, suppose we have t1 and t2 which are both an [MessageDescriptor]. // If t1 == t2, then the types are definitely equal and all accessors return // the same information. However, if t1 != t2, then it is still possible that // they still represent the same proto type (e.g., t1.FullName == t2.FullName). @@ -115,7 +115,7 @@ type Descriptor interface { // corresponds with the google.protobuf.FileDescriptorProto message. // // Top-level declarations: -// EnumDescriptor, MessageDescriptor, FieldDescriptor, and/or ServiceDescriptor. +// [EnumDescriptor], [MessageDescriptor], [FieldDescriptor], and/or [ServiceDescriptor]. type FileDescriptor interface { Descriptor // Descriptor.FullName is identical to Package @@ -180,8 +180,8 @@ type FileImport struct { // corresponds with the google.protobuf.DescriptorProto message. // // Nested declarations: -// FieldDescriptor, OneofDescriptor, FieldDescriptor, EnumDescriptor, -// and/or MessageDescriptor. +// [FieldDescriptor], [OneofDescriptor], [FieldDescriptor], [EnumDescriptor], +// and/or [MessageDescriptor]. type MessageDescriptor interface { Descriptor @@ -214,7 +214,7 @@ type MessageDescriptor interface { ExtensionRanges() FieldRanges // ExtensionRangeOptions returns the ith extension range options. // - // To avoid a dependency cycle, this method returns a proto.Message value, + // To avoid a dependency cycle, this method returns a proto.Message] value, // which always contains a google.protobuf.ExtensionRangeOptions message. // This method returns a typed nil-pointer if no options are present. // The caller must import the descriptorpb package to use this. @@ -231,9 +231,9 @@ type MessageDescriptor interface { } type isMessageDescriptor interface{ ProtoType(MessageDescriptor) } -// MessageType encapsulates a MessageDescriptor with a concrete Go implementation. +// MessageType encapsulates a [MessageDescriptor] with a concrete Go implementation. // It is recommended that implementations of this interface also implement the -// MessageFieldTypes interface. +// [MessageFieldTypes] interface. type MessageType interface { // New returns a newly allocated empty message. // It may return nil for synthetic messages representing a map entry. @@ -249,19 +249,19 @@ type MessageType interface { Descriptor() MessageDescriptor } -// MessageFieldTypes extends a MessageType by providing type information +// MessageFieldTypes extends a [MessageType] by providing type information // regarding enums and messages referenced by the message fields. type MessageFieldTypes interface { MessageType - // Enum returns the EnumType for the ith field in Descriptor.Fields. + // Enum returns the EnumType for the ith field in MessageDescriptor.Fields. // It returns nil if the ith field is not an enum kind. // It panics if out of bounds. // // Invariant: mt.Enum(i).Descriptor() == mt.Descriptor().Fields(i).Enum() Enum(i int) EnumType - // Message returns the MessageType for the ith field in Descriptor.Fields. + // Message returns the MessageType for the ith field in MessageDescriptor.Fields. // It returns nil if the ith field is not a message or group kind. // It panics if out of bounds. // @@ -286,8 +286,8 @@ type MessageDescriptors interface { // corresponds with the google.protobuf.FieldDescriptorProto message. // // It is used for both normal fields defined within the parent message -// (e.g., MessageDescriptor.Fields) and fields that extend some remote message -// (e.g., FileDescriptor.Extensions or MessageDescriptor.Extensions). +// (e.g., [MessageDescriptor.Fields]) and fields that extend some remote message +// (e.g., [FileDescriptor.Extensions] or [MessageDescriptor.Extensions]). type FieldDescriptor interface { Descriptor @@ -344,7 +344,7 @@ type FieldDescriptor interface { // IsMap reports whether this field represents a map, // where the value type for the associated field is a Map. // It is equivalent to checking whether Cardinality is Repeated, - // that the Kind is MessageKind, and that Message.IsMapEntry reports true. + // that the Kind is MessageKind, and that MessageDescriptor.IsMapEntry reports true. IsMap() bool // MapKey returns the field descriptor for the key in the map entry. @@ -419,7 +419,7 @@ type OneofDescriptor interface { // IsSynthetic reports whether this is a synthetic oneof created to support // proto3 optional semantics. If true, Fields contains exactly one field - // with HasOptionalKeyword specified. + // with FieldDescriptor.HasOptionalKeyword specified. IsSynthetic() bool // Fields is a list of fields belonging to this oneof. @@ -442,10 +442,10 @@ type OneofDescriptors interface { doNotImplement } -// ExtensionDescriptor is an alias of FieldDescriptor for documentation. +// ExtensionDescriptor is an alias of [FieldDescriptor] for documentation. type ExtensionDescriptor = FieldDescriptor -// ExtensionTypeDescriptor is an ExtensionDescriptor with an associated ExtensionType. +// ExtensionTypeDescriptor is an [ExtensionDescriptor] with an associated [ExtensionType]. type ExtensionTypeDescriptor interface { ExtensionDescriptor @@ -470,12 +470,12 @@ type ExtensionDescriptors interface { doNotImplement } -// ExtensionType encapsulates an ExtensionDescriptor with a concrete +// ExtensionType encapsulates an [ExtensionDescriptor] with a concrete // Go implementation. The nested field descriptor must be for a extension field. // // While a normal field is a member of the parent message that it is declared -// within (see Descriptor.Parent), an extension field is a member of some other -// target message (see ExtensionDescriptor.Extendee) and may have no +// within (see [Descriptor.Parent]), an extension field is a member of some other +// target message (see [FieldDescriptor.ContainingMessage]) and may have no // relationship with the parent. However, the full name of an extension field is // relative to the parent that it is declared within. // @@ -532,7 +532,7 @@ type ExtensionType interface { // corresponds with the google.protobuf.EnumDescriptorProto message. // // Nested declarations: -// EnumValueDescriptor. +// [EnumValueDescriptor]. type EnumDescriptor interface { Descriptor @@ -548,7 +548,7 @@ type EnumDescriptor interface { } type isEnumDescriptor interface{ ProtoType(EnumDescriptor) } -// EnumType encapsulates an EnumDescriptor with a concrete Go implementation. +// EnumType encapsulates an [EnumDescriptor] with a concrete Go implementation. type EnumType interface { // New returns an instance of this enum type with its value set to n. New(n EnumNumber) Enum @@ -610,7 +610,7 @@ type EnumValueDescriptors interface { // ServiceDescriptor describes a service and // corresponds with the google.protobuf.ServiceDescriptorProto message. // -// Nested declarations: MethodDescriptor. +// Nested declarations: [MethodDescriptor]. type ServiceDescriptor interface { Descriptor diff --git a/vendor/google.golang.org/protobuf/reflect/protoreflect/value.go b/vendor/google.golang.org/protobuf/reflect/protoreflect/value.go index 37601b78199..a7b0d06ff32 100644 --- a/vendor/google.golang.org/protobuf/reflect/protoreflect/value.go +++ b/vendor/google.golang.org/protobuf/reflect/protoreflect/value.go @@ -27,16 +27,16 @@ type Enum interface { // Message is a reflective interface for a concrete message value, // encapsulating both type and value information for the message. // -// Accessor/mutators for individual fields are keyed by FieldDescriptor. +// Accessor/mutators for individual fields are keyed by [FieldDescriptor]. // For non-extension fields, the descriptor must exactly match the // field known by the parent message. -// For extension fields, the descriptor must implement ExtensionTypeDescriptor, -// extend the parent message (i.e., have the same message FullName), and +// For extension fields, the descriptor must implement [ExtensionTypeDescriptor], +// extend the parent message (i.e., have the same message [FullName]), and // be within the parent's extension range. // -// Each field Value can be a scalar or a composite type (Message, List, or Map). -// See Value for the Go types associated with a FieldDescriptor. -// Providing a Value that is invalid or of an incorrect type panics. +// Each field [Value] can be a scalar or a composite type ([Message], [List], or [Map]). +// See [Value] for the Go types associated with a [FieldDescriptor]. +// Providing a [Value] that is invalid or of an incorrect type panics. type Message interface { // Descriptor returns message descriptor, which contains only the protobuf // type information for the message. @@ -152,7 +152,7 @@ type Message interface { // This method may return nil. // // The returned methods type is identical to - // "google.golang.org/protobuf/runtime/protoiface".Methods. + // google.golang.org/protobuf/runtime/protoiface.Methods. // Consult the protoiface package documentation for details. ProtoMethods() *methods } @@ -175,8 +175,8 @@ func (b RawFields) IsValid() bool { } // List is a zero-indexed, ordered list. -// The element Value type is determined by FieldDescriptor.Kind. -// Providing a Value that is invalid or of an incorrect type panics. +// The element [Value] type is determined by [FieldDescriptor.Kind]. +// Providing a [Value] that is invalid or of an incorrect type panics. type List interface { // Len reports the number of entries in the List. // Get, Set, and Truncate panic with out of bound indexes. @@ -226,9 +226,9 @@ type List interface { } // Map is an unordered, associative map. -// The entry MapKey type is determined by FieldDescriptor.MapKey.Kind. -// The entry Value type is determined by FieldDescriptor.MapValue.Kind. -// Providing a MapKey or Value that is invalid or of an incorrect type panics. +// The entry [MapKey] type is determined by [FieldDescriptor.MapKey].Kind. +// The entry [Value] type is determined by [FieldDescriptor.MapValue].Kind. +// Providing a [MapKey] or [Value] that is invalid or of an incorrect type panics. type Map interface { // Len reports the number of elements in the map. Len() int diff --git a/vendor/google.golang.org/protobuf/reflect/protoreflect/value_equal.go b/vendor/google.golang.org/protobuf/reflect/protoreflect/value_equal.go index 591652541f2..654599d4493 100644 --- a/vendor/google.golang.org/protobuf/reflect/protoreflect/value_equal.go +++ b/vendor/google.golang.org/protobuf/reflect/protoreflect/value_equal.go @@ -24,19 +24,19 @@ import ( // Unlike the == operator, a NaN is equal to another NaN. // // - Enums are equal if they contain the same number. -// Since Value does not contain an enum descriptor, +// Since [Value] does not contain an enum descriptor, // enum values do not consider the type of the enum. // // - Other scalar values are equal if they contain the same value. // -// - Message values are equal if they belong to the same message descriptor, +// - [Message] values are equal if they belong to the same message descriptor, // have the same set of populated known and extension field values, // and the same set of unknown fields values. // -// - Lists are equal if they are the same length and +// - [List] values are equal if they are the same length and // each corresponding element is equal. // -// - Maps are equal if they have the same set of keys and +// - [Map] values are equal if they have the same set of keys and // the corresponding value for each key is equal. func (v1 Value) Equal(v2 Value) bool { return equalValue(v1, v2) diff --git a/vendor/google.golang.org/protobuf/reflect/protoreflect/value_union.go b/vendor/google.golang.org/protobuf/reflect/protoreflect/value_union.go index 08e5ef73fc0..1603097311e 100644 --- a/vendor/google.golang.org/protobuf/reflect/protoreflect/value_union.go +++ b/vendor/google.golang.org/protobuf/reflect/protoreflect/value_union.go @@ -11,7 +11,7 @@ import ( // Value is a union where only one Go type may be set at a time. // The Value is used to represent all possible values a field may take. -// The following shows which Go type is used to represent each proto Kind: +// The following shows which Go type is used to represent each proto [Kind]: // // â•”â•â•â•â•â•â•â•â•â•â•â•â•â•¤â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•— // â•‘ Go type │ Protobuf kind â•‘ @@ -31,22 +31,22 @@ import ( // // Multiple protobuf Kinds may be represented by a single Go type if the type // can losslessly represent the information for the proto kind. For example, -// Int64Kind, Sint64Kind, and Sfixed64Kind are all represented by int64, +// [Int64Kind], [Sint64Kind], and [Sfixed64Kind] are all represented by int64, // but use different integer encoding methods. // -// The List or Map types are used if the field cardinality is repeated. -// A field is a List if FieldDescriptor.IsList reports true. -// A field is a Map if FieldDescriptor.IsMap reports true. +// The [List] or [Map] types are used if the field cardinality is repeated. +// A field is a [List] if [FieldDescriptor.IsList] reports true. +// A field is a [Map] if [FieldDescriptor.IsMap] reports true. // // Converting to/from a Value and a concrete Go value panics on type mismatch. -// For example, ValueOf("hello").Int() panics because this attempts to +// For example, [ValueOf]("hello").Int() panics because this attempts to // retrieve an int64 from a string. // -// List, Map, and Message Values are called "composite" values. +// [List], [Map], and [Message] Values are called "composite" values. // // A composite Value may alias (reference) memory at some location, // such that changes to the Value updates the that location. -// A composite value acquired with a Mutable method, such as Message.Mutable, +// A composite value acquired with a Mutable method, such as [Message.Mutable], // always references the source object. // // For example: @@ -65,7 +65,7 @@ import ( // // appending to the List here may or may not modify the message. // list.Append(protoreflect.ValueOfInt32(0)) // -// Some operations, such as Message.Get, may return an "empty, read-only" +// Some operations, such as [Message.Get], may return an "empty, read-only" // composite Value. Modifying an empty, read-only value panics. type Value value @@ -306,7 +306,7 @@ func (v Value) Float() float64 { } } -// String returns v as a string. Since this method implements fmt.Stringer, +// String returns v as a string. Since this method implements [fmt.Stringer], // this returns the formatted string value for any non-string type. func (v Value) String() string { switch v.typ { @@ -327,7 +327,7 @@ func (v Value) Bytes() []byte { } } -// Enum returns v as a EnumNumber and panics if the type is not a EnumNumber. +// Enum returns v as a [EnumNumber] and panics if the type is not a [EnumNumber]. func (v Value) Enum() EnumNumber { switch v.typ { case enumType: @@ -337,7 +337,7 @@ func (v Value) Enum() EnumNumber { } } -// Message returns v as a Message and panics if the type is not a Message. +// Message returns v as a [Message] and panics if the type is not a [Message]. func (v Value) Message() Message { switch vi := v.getIface().(type) { case Message: @@ -347,7 +347,7 @@ func (v Value) Message() Message { } } -// List returns v as a List and panics if the type is not a List. +// List returns v as a [List] and panics if the type is not a [List]. func (v Value) List() List { switch vi := v.getIface().(type) { case List: @@ -357,7 +357,7 @@ func (v Value) List() List { } } -// Map returns v as a Map and panics if the type is not a Map. +// Map returns v as a [Map] and panics if the type is not a [Map]. func (v Value) Map() Map { switch vi := v.getIface().(type) { case Map: @@ -367,7 +367,7 @@ func (v Value) Map() Map { } } -// MapKey returns v as a MapKey and panics for invalid MapKey types. +// MapKey returns v as a [MapKey] and panics for invalid [MapKey] types. func (v Value) MapKey() MapKey { switch v.typ { case boolType, int32Type, int64Type, uint32Type, uint64Type, stringType: @@ -378,8 +378,8 @@ func (v Value) MapKey() MapKey { } // MapKey is used to index maps, where the Go type of the MapKey must match -// the specified key Kind (see MessageDescriptor.IsMapEntry). -// The following shows what Go type is used to represent each proto Kind: +// the specified key [Kind] (see [MessageDescriptor.IsMapEntry]). +// The following shows what Go type is used to represent each proto [Kind]: // // â•”â•â•â•â•â•â•â•â•â•â•¤â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•— // â•‘ Go type │ Protobuf kind â•‘ @@ -392,13 +392,13 @@ func (v Value) MapKey() MapKey { // â•‘ string │ StringKind â•‘ // â•â•â•â•â•â•â•â•â•â•â•§â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â• // -// A MapKey is constructed and accessed through a Value: +// A MapKey is constructed and accessed through a [Value]: // // k := ValueOf("hash").MapKey() // convert string to MapKey // s := k.String() // convert MapKey to string // -// The MapKey is a strict subset of valid types used in Value; -// converting a Value to a MapKey with an invalid type panics. +// The MapKey is a strict subset of valid types used in [Value]; +// converting a [Value] to a MapKey with an invalid type panics. type MapKey value // IsValid reports whether k is populated with a value. @@ -426,13 +426,13 @@ func (k MapKey) Uint() uint64 { return Value(k).Uint() } -// String returns k as a string. Since this method implements fmt.Stringer, +// String returns k as a string. Since this method implements [fmt.Stringer], // this returns the formatted string value for any non-string type. func (k MapKey) String() string { return Value(k).String() } -// Value returns k as a Value. +// Value returns k as a [Value]. func (k MapKey) Value() Value { return Value(k) } diff --git a/vendor/google.golang.org/protobuf/reflect/protoreflect/value_unsafe.go b/vendor/google.golang.org/protobuf/reflect/protoreflect/value_unsafe_go120.go similarity index 97% rename from vendor/google.golang.org/protobuf/reflect/protoreflect/value_unsafe.go rename to vendor/google.golang.org/protobuf/reflect/protoreflect/value_unsafe_go120.go index 702ddf22a27..b1fdbe3e8e1 100644 --- a/vendor/google.golang.org/protobuf/reflect/protoreflect/value_unsafe.go +++ b/vendor/google.golang.org/protobuf/reflect/protoreflect/value_unsafe_go120.go @@ -2,8 +2,8 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build !purego && !appengine -// +build !purego,!appengine +//go:build !purego && !appengine && !go1.21 +// +build !purego,!appengine,!go1.21 package protoreflect diff --git a/vendor/google.golang.org/protobuf/reflect/protoreflect/value_unsafe_go121.go b/vendor/google.golang.org/protobuf/reflect/protoreflect/value_unsafe_go121.go new file mode 100644 index 00000000000..43547011173 --- /dev/null +++ b/vendor/google.golang.org/protobuf/reflect/protoreflect/value_unsafe_go121.go @@ -0,0 +1,87 @@ +// Copyright 2018 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build !purego && !appengine && go1.21 +// +build !purego,!appengine,go1.21 + +package protoreflect + +import ( + "unsafe" + + "google.golang.org/protobuf/internal/pragma" +) + +type ( + ifaceHeader struct { + _ [0]interface{} // if interfaces have greater alignment than unsafe.Pointer, this will enforce it. + Type unsafe.Pointer + Data unsafe.Pointer + } +) + +var ( + nilType = typeOf(nil) + boolType = typeOf(*new(bool)) + int32Type = typeOf(*new(int32)) + int64Type = typeOf(*new(int64)) + uint32Type = typeOf(*new(uint32)) + uint64Type = typeOf(*new(uint64)) + float32Type = typeOf(*new(float32)) + float64Type = typeOf(*new(float64)) + stringType = typeOf(*new(string)) + bytesType = typeOf(*new([]byte)) + enumType = typeOf(*new(EnumNumber)) +) + +// typeOf returns a pointer to the Go type information. +// The pointer is comparable and equal if and only if the types are identical. +func typeOf(t interface{}) unsafe.Pointer { + return (*ifaceHeader)(unsafe.Pointer(&t)).Type +} + +// value is a union where only one type can be represented at a time. +// The struct is 24B large on 64-bit systems and requires the minimum storage +// necessary to represent each possible type. +// +// The Go GC needs to be able to scan variables containing pointers. +// As such, pointers and non-pointers cannot be intermixed. +type value struct { + pragma.DoNotCompare // 0B + + // typ stores the type of the value as a pointer to the Go type. + typ unsafe.Pointer // 8B + + // ptr stores the data pointer for a String, Bytes, or interface value. + ptr unsafe.Pointer // 8B + + // num stores a Bool, Int32, Int64, Uint32, Uint64, Float32, Float64, or + // Enum value as a raw uint64. + // + // It is also used to store the length of a String or Bytes value; + // the capacity is ignored. + num uint64 // 8B +} + +func valueOfString(v string) Value { + return Value{typ: stringType, ptr: unsafe.Pointer(unsafe.StringData(v)), num: uint64(len(v))} +} +func valueOfBytes(v []byte) Value { + return Value{typ: bytesType, ptr: unsafe.Pointer(unsafe.SliceData(v)), num: uint64(len(v))} +} +func valueOfIface(v interface{}) Value { + p := (*ifaceHeader)(unsafe.Pointer(&v)) + return Value{typ: p.Type, ptr: p.Data} +} + +func (v Value) getString() string { + return unsafe.String((*byte)(v.ptr), v.num) +} +func (v Value) getBytes() []byte { + return unsafe.Slice((*byte)(v.ptr), v.num) +} +func (v Value) getIface() (x interface{}) { + *(*ifaceHeader)(unsafe.Pointer(&x)) = ifaceHeader{Type: v.typ, Data: v.ptr} + return x +} diff --git a/vendor/google.golang.org/protobuf/reflect/protoregistry/registry.go b/vendor/google.golang.org/protobuf/reflect/protoregistry/registry.go index aeb55977446..6267dc52a67 100644 --- a/vendor/google.golang.org/protobuf/reflect/protoregistry/registry.go +++ b/vendor/google.golang.org/protobuf/reflect/protoregistry/registry.go @@ -5,12 +5,12 @@ // Package protoregistry provides data structures to register and lookup // protobuf descriptor types. // -// The Files registry contains file descriptors and provides the ability +// The [Files] registry contains file descriptors and provides the ability // to iterate over the files or lookup a specific descriptor within the files. -// Files only contains protobuf descriptors and has no understanding of Go +// [Files] only contains protobuf descriptors and has no understanding of Go // type information that may be associated with each descriptor. // -// The Types registry contains descriptor types for which there is a known +// The [Types] registry contains descriptor types for which there is a known // Go type associated with that descriptor. It provides the ability to iterate // over the registered types or lookup a type by name. package protoregistry @@ -218,7 +218,7 @@ func (r *Files) checkGenProtoConflict(path string) { // FindDescriptorByName looks up a descriptor by the full name. // -// This returns (nil, NotFound) if not found. +// This returns (nil, [NotFound]) if not found. func (r *Files) FindDescriptorByName(name protoreflect.FullName) (protoreflect.Descriptor, error) { if r == nil { return nil, NotFound @@ -310,7 +310,7 @@ func (s *nameSuffix) Pop() (name protoreflect.Name) { // FindFileByPath looks up a file by the path. // -// This returns (nil, NotFound) if not found. +// This returns (nil, [NotFound]) if not found. // This returns an error if multiple files have the same path. func (r *Files) FindFileByPath(path string) (protoreflect.FileDescriptor, error) { if r == nil { @@ -431,7 +431,7 @@ func rangeTopLevelDescriptors(fd protoreflect.FileDescriptor, f func(protoreflec // A compliant implementation must deterministically return the same type // if no error is encountered. // -// The Types type implements this interface. +// The [Types] type implements this interface. type MessageTypeResolver interface { // FindMessageByName looks up a message by its full name. // E.g., "google.protobuf.Any" @@ -451,7 +451,7 @@ type MessageTypeResolver interface { // A compliant implementation must deterministically return the same type // if no error is encountered. // -// The Types type implements this interface. +// The [Types] type implements this interface. type ExtensionTypeResolver interface { // FindExtensionByName looks up a extension field by the field's full name. // Note that this is the full name of the field as determined by @@ -590,7 +590,7 @@ func (r *Types) register(kind string, desc protoreflect.Descriptor, typ interfac // FindEnumByName looks up an enum by its full name. // E.g., "google.protobuf.Field.Kind". // -// This returns (nil, NotFound) if not found. +// This returns (nil, [NotFound]) if not found. func (r *Types) FindEnumByName(enum protoreflect.FullName) (protoreflect.EnumType, error) { if r == nil { return nil, NotFound @@ -611,7 +611,7 @@ func (r *Types) FindEnumByName(enum protoreflect.FullName) (protoreflect.EnumTyp // FindMessageByName looks up a message by its full name, // e.g. "google.protobuf.Any". // -// This returns (nil, NotFound) if not found. +// This returns (nil, [NotFound]) if not found. func (r *Types) FindMessageByName(message protoreflect.FullName) (protoreflect.MessageType, error) { if r == nil { return nil, NotFound @@ -632,7 +632,7 @@ func (r *Types) FindMessageByName(message protoreflect.FullName) (protoreflect.M // FindMessageByURL looks up a message by a URL identifier. // See documentation on google.protobuf.Any.type_url for the URL format. // -// This returns (nil, NotFound) if not found. +// This returns (nil, [NotFound]) if not found. func (r *Types) FindMessageByURL(url string) (protoreflect.MessageType, error) { // This function is similar to FindMessageByName but // truncates anything before and including '/' in the URL. @@ -662,7 +662,7 @@ func (r *Types) FindMessageByURL(url string) (protoreflect.MessageType, error) { // where the extension is declared and is unrelated to the full name of the // message being extended. // -// This returns (nil, NotFound) if not found. +// This returns (nil, [NotFound]) if not found. func (r *Types) FindExtensionByName(field protoreflect.FullName) (protoreflect.ExtensionType, error) { if r == nil { return nil, NotFound @@ -703,7 +703,7 @@ func (r *Types) FindExtensionByName(field protoreflect.FullName) (protoreflect.E // FindExtensionByNumber looks up a extension field by the field number // within some parent message, identified by full name. // -// This returns (nil, NotFound) if not found. +// This returns (nil, [NotFound]) if not found. func (r *Types) FindExtensionByNumber(message protoreflect.FullName, field protoreflect.FieldNumber) (protoreflect.ExtensionType, error) { if r == nil { return nil, NotFound diff --git a/vendor/modules.txt b/vendor/modules.txt index 23438cb8215..47ef1fcdb00 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -87,8 +87,8 @@ golang.org/x/net/bpf golang.org/x/sys/execabs golang.org/x/sys/unix golang.org/x/sys/windows -# google.golang.org/protobuf v1.31.0 -## explicit; go 1.11 +# google.golang.org/protobuf v1.32.0 +## explicit; go 1.17 google.golang.org/protobuf/encoding/prototext google.golang.org/protobuf/encoding/protowire google.golang.org/protobuf/internal/descfmt From a7c3e07c8f270f9e9bea5e5c9597e8c00f6b6eb9 Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Wed, 27 Dec 2023 16:50:48 +0100 Subject: [PATCH 0479/1176] libct: Improve error msg when idmap is not supported This gives a more clear error message when idmap mounts are not supported on the source filesystem. For example, a k8s user will see this now in kubectl describe pod: Warning Failed 2s (x2 over 4s) kubelet, 127.0.0.1 Error: failed to create containerd task: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: failed to fulfil mount request: failed to set MOUNT_ATTR_IDMAP on /var/lib/kubelet/pods/f037a704-742c-40fe-8dbf-17ed9225c4df/volumes/kubernetes.io~empty-dir/hugepage: invalid argument (maybe the source filesystem doesn't support idmap mounts on this kernel?): unknown This gives a hint on where to look at. Signed-off-by: Rodrigo Campos --- libcontainer/mount_linux.go | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/libcontainer/mount_linux.go b/libcontainer/mount_linux.go index 6b5edbb0c14..285e03fa491 100644 --- a/libcontainer/mount_linux.go +++ b/libcontainer/mount_linux.go @@ -258,7 +258,12 @@ func mountFd(nsHandles *userns.Handles, m *configs.Mount) (*mountSource, error) Attr_set: unix.MOUNT_ATTR_IDMAP, Userns_fd: uint64(usernsFile.Fd()), }); err != nil { - return nil, fmt.Errorf("failed to set MOUNT_ATTR_IDMAP on %s: %w", m.Source, err) + extraMsg := "" + if err == unix.EINVAL { + extraMsg = " (maybe the filesystem used doesn't support idmap mounts on this kernel?)" + } + + return nil, fmt.Errorf("failed to set MOUNT_ATTR_IDMAP on %s: %w%s", m.Source, err, extraMsg) } } else { var err error From e90d8cb8fe01ebcf2b643c1a0fd77b29d6dd52b9 Mon Sep 17 00:00:00 2001 From: lfbzhm Date: Mon, 1 Jan 2024 14:52:38 +0000 Subject: [PATCH 0480/1176] we have supported rsvd hugetlb cgroup Signed-off-by: lfbzhm --- docs/spec-conformance.md | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/spec-conformance.md b/docs/spec-conformance.md index c3ed8084b5e..cd6027ac07d 100644 --- a/docs/spec-conformance.md +++ b/docs/spec-conformance.md @@ -8,7 +8,6 @@ The following features are not implemented yet: Spec version | Feature | PR -------------|------------------------------------------|---------------------------------------------------------- v1.1.0 | `SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV` | [#3862](https://github.com/opencontainers/runc/pull/3862) -v1.1.0 | rsvd hugetlb cgroup | TODO ([#3859](https://github.com/opencontainers/runc/issues/3859)) v1.1.0 | `.process.ioPriority` | [#3783](https://github.com/opencontainers/runc/pull/3783) From 55c9d6bf01fe29d40af92744919307e8bce361cf Mon Sep 17 00:00:00 2001 From: lfbzhm Date: Thu, 4 Jan 2024 11:20:15 +0000 Subject: [PATCH 0481/1176] we have implemented idmapped-mounts with no limitations Signed-off-by: lfbzhm --- docs/spec-conformance.md | 7 ------- 1 file changed, 7 deletions(-) diff --git a/docs/spec-conformance.md b/docs/spec-conformance.md index cd6027ac07d..7ef21d6f948 100644 --- a/docs/spec-conformance.md +++ b/docs/spec-conformance.md @@ -10,13 +10,6 @@ Spec version | Feature | PR v1.1.0 | `SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV` | [#3862](https://github.com/opencontainers/runc/pull/3862) v1.1.0 | `.process.ioPriority` | [#3783](https://github.com/opencontainers/runc/pull/3783) - -The following features are implemented with some limitations: -Spec version | Feature | Limitation --------------|------------------------------------------|---------------------------------------------------------- -v1.1.0 | `.[]mounts.uidMappings` | Requires using UserNS with identical uidMappings -v1.1.0 | `.[]mounts.gidMappings` | Requires using UserNS with identical gidMappings - ## Architectures The following architectures are supported: From 68438ba272bc3ed44c70cd09c4b9ac7f8c81fb4f Mon Sep 17 00:00:00 2001 From: lengrongfu Date: Wed, 20 Dec 2023 11:29:51 +0800 Subject: [PATCH 0482/1176] fix scheduler validate Signed-off-by: lengrongfu --- libcontainer/configs/validate/validator.go | 6 ++++-- libcontainer/configs/validate/validator_test.go | 3 +++ 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/libcontainer/configs/validate/validator.go b/libcontainer/configs/validate/validator.go index 4708e1b773f..ed63e950e43 100644 --- a/libcontainer/configs/validate/validator.go +++ b/libcontainer/configs/validate/validator.go @@ -383,8 +383,10 @@ func scheduler(config *configs.Config) error { if s.Policy == "" { return errors.New("scheduler policy is required") } - if s.Nice < -20 || s.Nice > 19 { - return fmt.Errorf("invalid scheduler.nice: %d", s.Nice) + if s.Policy == specs.SchedOther || s.Policy == specs.SchedBatch { + if s.Nice < -20 || s.Nice > 19 { + return fmt.Errorf("invalid scheduler.nice: %d when scheduler.policy is %s", s.Nice, string(s.Policy)) + } } if s.Priority != 0 && (s.Policy != specs.SchedFIFO && s.Policy != specs.SchedRR) { return errors.New("scheduler.priority can only be specified for SchedFIFO or SchedRR policy") diff --git a/libcontainer/configs/validate/validator_test.go b/libcontainer/configs/validate/validator_test.go index 5c12e08a1db..85b5e5eeade 100644 --- a/libcontainer/configs/validate/validator_test.go +++ b/libcontainer/configs/validate/validator_test.go @@ -814,6 +814,9 @@ func TestValidateScheduler(t *testing.T) { {isErr: false, policy: "SCHED_DEADLINE", runtime: 200}, {isErr: false, policy: "SCHED_DEADLINE", deadline: 300}, {isErr: false, policy: "SCHED_DEADLINE", period: 400}, + {isErr: true, policy: "SCHED_OTHER", niceValue: 20}, + {isErr: true, policy: "SCHED_OTHER", niceValue: -21}, + {isErr: false, policy: "SCHED_FIFO", priority: 100, niceValue: 100}, } for _, tc := range testCases { From e1e3ca02d95141a9fadcab4e7084bb7cf2b94c5f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 5 Jan 2024 04:27:10 +0000 Subject: [PATCH 0483/1176] build(deps): bump golang.org/x/sys from 0.15.0 to 0.16.0 Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.15.0 to 0.16.0. - [Commits](https://github.com/golang/sys/compare/v0.15.0...v0.16.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 +- vendor/golang.org/x/sys/unix/mkerrors.sh | 37 +++++++------ vendor/golang.org/x/sys/unix/zerrors_linux.go | 54 +++++++++++++++++++ .../x/sys/unix/zsyscall_openbsd_386.go | 2 - .../x/sys/unix/zsyscall_openbsd_amd64.go | 2 - .../x/sys/unix/zsyscall_openbsd_arm.go | 2 - .../x/sys/unix/zsyscall_openbsd_arm64.go | 2 - .../x/sys/unix/zsyscall_openbsd_mips64.go | 2 - .../x/sys/unix/zsyscall_openbsd_ppc64.go | 2 - .../x/sys/unix/zsyscall_openbsd_riscv64.go | 2 - .../x/sys/windows/syscall_windows.go | 1 + .../x/sys/windows/zsyscall_windows.go | 9 ++++ vendor/modules.txt | 2 +- 14 files changed, 89 insertions(+), 34 deletions(-) diff --git a/go.mod b/go.mod index 91b1a13a0b3..d71cabdc8b1 100644 --- a/go.mod +++ b/go.mod @@ -21,7 +21,7 @@ require ( github.com/urfave/cli v1.22.12 github.com/vishvananda/netlink v1.1.0 golang.org/x/net v0.19.0 - golang.org/x/sys v0.15.0 + golang.org/x/sys v0.16.0 google.golang.org/protobuf v1.32.0 ) diff --git a/go.sum b/go.sum index ff17238b39a..27002e30d09 100644 --- a/go.sum +++ b/go.sum @@ -71,8 +71,8 @@ golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc= -golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU= +golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= diff --git a/vendor/golang.org/x/sys/unix/mkerrors.sh b/vendor/golang.org/x/sys/unix/mkerrors.sh index 6202638bae8..c6492020ec7 100644 --- a/vendor/golang.org/x/sys/unix/mkerrors.sh +++ b/vendor/golang.org/x/sys/unix/mkerrors.sh @@ -248,6 +248,7 @@ struct ltchars { #include #include #include +#include #include #include #include @@ -283,10 +284,6 @@ struct ltchars { #include #endif -#ifndef MSG_FASTOPEN -#define MSG_FASTOPEN 0x20000000 -#endif - #ifndef PTRACE_GETREGS #define PTRACE_GETREGS 0xc #endif @@ -295,14 +292,6 @@ struct ltchars { #define PTRACE_SETREGS 0xd #endif -#ifndef SOL_NETLINK -#define SOL_NETLINK 270 -#endif - -#ifndef SOL_SMC -#define SOL_SMC 286 -#endif - #ifdef SOL_BLUETOOTH // SPARC includes this in /usr/include/sparc64-linux-gnu/bits/socket.h // but it is already in bluetooth_linux.go @@ -319,10 +308,23 @@ struct ltchars { #undef TIPC_WAIT_FOREVER #define TIPC_WAIT_FOREVER 0xffffffff -// Copied from linux/l2tp.h -// Including linux/l2tp.h here causes conflicts between linux/in.h -// and netinet/in.h included via net/route.h above. -#define IPPROTO_L2TP 115 +// Copied from linux/netfilter/nf_nat.h +// Including linux/netfilter/nf_nat.h here causes conflicts between linux/in.h +// and netinet/in.h. +#define NF_NAT_RANGE_MAP_IPS (1 << 0) +#define NF_NAT_RANGE_PROTO_SPECIFIED (1 << 1) +#define NF_NAT_RANGE_PROTO_RANDOM (1 << 2) +#define NF_NAT_RANGE_PERSISTENT (1 << 3) +#define NF_NAT_RANGE_PROTO_RANDOM_FULLY (1 << 4) +#define NF_NAT_RANGE_PROTO_OFFSET (1 << 5) +#define NF_NAT_RANGE_NETMAP (1 << 6) +#define NF_NAT_RANGE_PROTO_RANDOM_ALL \ + (NF_NAT_RANGE_PROTO_RANDOM | NF_NAT_RANGE_PROTO_RANDOM_FULLY) +#define NF_NAT_RANGE_MASK \ + (NF_NAT_RANGE_MAP_IPS | NF_NAT_RANGE_PROTO_SPECIFIED | \ + NF_NAT_RANGE_PROTO_RANDOM | NF_NAT_RANGE_PERSISTENT | \ + NF_NAT_RANGE_PROTO_RANDOM_FULLY | NF_NAT_RANGE_PROTO_OFFSET | \ + NF_NAT_RANGE_NETMAP) // Copied from linux/hid.h. // Keep in sync with the size of the referenced fields. @@ -603,6 +605,9 @@ ccflags="$@" $2 ~ /^FSOPT_/ || $2 ~ /^WDIO[CFS]_/ || $2 ~ /^NFN/ || + $2 !~ /^NFT_META_IIFTYPE/ && + $2 ~ /^NFT_/ || + $2 ~ /^NF_NAT_/ || $2 ~ /^XDP_/ || $2 ~ /^RWF_/ || $2 ~ /^(HDIO|WIN|SMART)_/ || diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux.go b/vendor/golang.org/x/sys/unix/zerrors_linux.go index c73cfe2f10b..a5d3ff8df95 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux.go @@ -2127,6 +2127,60 @@ const ( NFNL_SUBSYS_QUEUE = 0x3 NFNL_SUBSYS_ULOG = 0x4 NFS_SUPER_MAGIC = 0x6969 + NFT_CHAIN_FLAGS = 0x7 + NFT_CHAIN_MAXNAMELEN = 0x100 + NFT_CT_MAX = 0x17 + NFT_DATA_RESERVED_MASK = 0xffffff00 + NFT_DATA_VALUE_MAXLEN = 0x40 + NFT_EXTHDR_OP_MAX = 0x4 + NFT_FIB_RESULT_MAX = 0x3 + NFT_INNER_MASK = 0xf + NFT_LOGLEVEL_MAX = 0x8 + NFT_NAME_MAXLEN = 0x100 + NFT_NG_MAX = 0x1 + NFT_OBJECT_CONNLIMIT = 0x5 + NFT_OBJECT_COUNTER = 0x1 + NFT_OBJECT_CT_EXPECT = 0x9 + NFT_OBJECT_CT_HELPER = 0x3 + NFT_OBJECT_CT_TIMEOUT = 0x7 + NFT_OBJECT_LIMIT = 0x4 + NFT_OBJECT_MAX = 0xa + NFT_OBJECT_QUOTA = 0x2 + NFT_OBJECT_SECMARK = 0x8 + NFT_OBJECT_SYNPROXY = 0xa + NFT_OBJECT_TUNNEL = 0x6 + NFT_OBJECT_UNSPEC = 0x0 + NFT_OBJ_MAXNAMELEN = 0x100 + NFT_OSF_MAXGENRELEN = 0x10 + NFT_QUEUE_FLAG_BYPASS = 0x1 + NFT_QUEUE_FLAG_CPU_FANOUT = 0x2 + NFT_QUEUE_FLAG_MASK = 0x3 + NFT_REG32_COUNT = 0x10 + NFT_REG32_SIZE = 0x4 + NFT_REG_MAX = 0x4 + NFT_REG_SIZE = 0x10 + NFT_REJECT_ICMPX_MAX = 0x3 + NFT_RT_MAX = 0x4 + NFT_SECMARK_CTX_MAXLEN = 0x100 + NFT_SET_MAXNAMELEN = 0x100 + NFT_SOCKET_MAX = 0x3 + NFT_TABLE_F_MASK = 0x3 + NFT_TABLE_MAXNAMELEN = 0x100 + NFT_TRACETYPE_MAX = 0x3 + NFT_TUNNEL_F_MASK = 0x7 + NFT_TUNNEL_MAX = 0x1 + NFT_TUNNEL_MODE_MAX = 0x2 + NFT_USERDATA_MAXLEN = 0x100 + NFT_XFRM_KEY_MAX = 0x6 + NF_NAT_RANGE_MAP_IPS = 0x1 + NF_NAT_RANGE_MASK = 0x7f + NF_NAT_RANGE_NETMAP = 0x40 + NF_NAT_RANGE_PERSISTENT = 0x8 + NF_NAT_RANGE_PROTO_OFFSET = 0x20 + NF_NAT_RANGE_PROTO_RANDOM = 0x4 + NF_NAT_RANGE_PROTO_RANDOM_ALL = 0x14 + NF_NAT_RANGE_PROTO_RANDOM_FULLY = 0x10 + NF_NAT_RANGE_PROTO_SPECIFIED = 0x2 NILFS_SUPER_MAGIC = 0x3434 NL0 = 0x0 NL1 = 0x100 diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go index a1d061597cc..9dc42410b78 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go @@ -2297,5 +2297,3 @@ func unveil(path *byte, flags *byte) (err error) { var libc_unveil_trampoline_addr uintptr //go:cgo_import_dynamic libc_unveil unveil "libc.so" - - diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go index 5b2a7409778..0d3a0751cd4 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go @@ -2297,5 +2297,3 @@ func unveil(path *byte, flags *byte) (err error) { var libc_unveil_trampoline_addr uintptr //go:cgo_import_dynamic libc_unveil unveil "libc.so" - - diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go index f6eda1344a8..c39f7776db3 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go @@ -2297,5 +2297,3 @@ func unveil(path *byte, flags *byte) (err error) { var libc_unveil_trampoline_addr uintptr //go:cgo_import_dynamic libc_unveil unveil "libc.so" - - diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go index 55df20ae9d8..57571d072fe 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go @@ -2297,5 +2297,3 @@ func unveil(path *byte, flags *byte) (err error) { var libc_unveil_trampoline_addr uintptr //go:cgo_import_dynamic libc_unveil unveil "libc.so" - - diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go index 8c1155cbc08..e62963e67e2 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go @@ -2297,5 +2297,3 @@ func unveil(path *byte, flags *byte) (err error) { var libc_unveil_trampoline_addr uintptr //go:cgo_import_dynamic libc_unveil unveil "libc.so" - - diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go index 7cc80c58d98..00831354c82 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go @@ -2297,5 +2297,3 @@ func unveil(path *byte, flags *byte) (err error) { var libc_unveil_trampoline_addr uintptr //go:cgo_import_dynamic libc_unveil unveil "libc.so" - - diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go index 0688737f494..79029ed5848 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go @@ -2297,5 +2297,3 @@ func unveil(path *byte, flags *byte) (err error) { var libc_unveil_trampoline_addr uintptr //go:cgo_import_dynamic libc_unveil unveil "libc.so" - - diff --git a/vendor/golang.org/x/sys/windows/syscall_windows.go b/vendor/golang.org/x/sys/windows/syscall_windows.go index 47dc5796769..ffb8708ccf8 100644 --- a/vendor/golang.org/x/sys/windows/syscall_windows.go +++ b/vendor/golang.org/x/sys/windows/syscall_windows.go @@ -194,6 +194,7 @@ func NewCallbackCDecl(fn interface{}) uintptr { //sys GetComputerName(buf *uint16, n *uint32) (err error) = GetComputerNameW //sys GetComputerNameEx(nametype uint32, buf *uint16, n *uint32) (err error) = GetComputerNameExW //sys SetEndOfFile(handle Handle) (err error) +//sys SetFileValidData(handle Handle, validDataLength int64) (err error) //sys GetSystemTimeAsFileTime(time *Filetime) //sys GetSystemTimePreciseAsFileTime(time *Filetime) //sys GetTimeZoneInformation(tzi *Timezoneinformation) (rc uint32, err error) [failretval==0xffffffff] diff --git a/vendor/golang.org/x/sys/windows/zsyscall_windows.go b/vendor/golang.org/x/sys/windows/zsyscall_windows.go index 146a1f0196f..e8791c82c30 100644 --- a/vendor/golang.org/x/sys/windows/zsyscall_windows.go +++ b/vendor/golang.org/x/sys/windows/zsyscall_windows.go @@ -342,6 +342,7 @@ var ( procSetDefaultDllDirectories = modkernel32.NewProc("SetDefaultDllDirectories") procSetDllDirectoryW = modkernel32.NewProc("SetDllDirectoryW") procSetEndOfFile = modkernel32.NewProc("SetEndOfFile") + procSetFileValidData = modkernel32.NewProc("SetFileValidData") procSetEnvironmentVariableW = modkernel32.NewProc("SetEnvironmentVariableW") procSetErrorMode = modkernel32.NewProc("SetErrorMode") procSetEvent = modkernel32.NewProc("SetEvent") @@ -2988,6 +2989,14 @@ func SetEndOfFile(handle Handle) (err error) { return } +func SetFileValidData(handle Handle, validDataLength int64) (err error) { + r1, _, e1 := syscall.Syscall(procSetFileValidData.Addr(), 2, uintptr(handle), uintptr(validDataLength), 0) + if r1 == 0 { + err = errnoErr(e1) + } + return +} + func SetEnvironmentVariable(name *uint16, value *uint16) (err error) { r1, _, e1 := syscall.Syscall(procSetEnvironmentVariableW.Addr(), 2, uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(value)), 0) if r1 == 0 { diff --git a/vendor/modules.txt b/vendor/modules.txt index 47ef1fcdb00..3c039ca8b57 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -82,7 +82,7 @@ golang.org/x/exp/slices # golang.org/x/net v0.19.0 ## explicit; go 1.18 golang.org/x/net/bpf -# golang.org/x/sys v0.15.0 +# golang.org/x/sys v0.16.0 ## explicit; go 1.18 golang.org/x/sys/execabs golang.org/x/sys/unix From 2a473a76309735c0d140760d4344cbbf9c5e2edd Mon Sep 17 00:00:00 2001 From: Christian Happ Date: Mon, 27 Nov 2023 10:51:02 +0100 Subject: [PATCH 0484/1176] Add CONFIG_NETFILTER_XT_MATCH_COMMENT to check It seems that newer podman versions need the kernel comment flag too. By podman run, iptables using -m comment in the iptables-command to add the corresponding network rules. Signed-off-by: Christian Happ --- script/check-config.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/script/check-config.sh b/script/check-config.sh index d54055023e9..c71ee72f2a7 100755 --- a/script/check-config.sh +++ b/script/check-config.sh @@ -236,7 +236,7 @@ flags=( KEYS VETH BRIDGE BRIDGE_NETFILTER IP_NF_FILTER IP_NF_TARGET_MASQUERADE - NETFILTER_XT_MATCH_{ADDRTYPE,CONNTRACK,IPVS} + NETFILTER_XT_MATCH_{ADDRTYPE,COMMENT,CONNTRACK,IPVS} IP_NF_NAT NF_NAT # required for bind-mounting /dev/mqueue into containers From b1e3c3c75c68688848a0f09b1e8fdd093e2abb7c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 9 Jan 2024 04:20:08 +0000 Subject: [PATCH 0485/1176] build(deps): bump golang.org/x/net from 0.19.0 to 0.20.0 Bumps [golang.org/x/net](https://github.com/golang/net) from 0.19.0 to 0.20.0. - [Commits](https://github.com/golang/net/compare/v0.19.0...v0.20.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- vendor/modules.txt | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index d71cabdc8b1..8997861d491 100644 --- a/go.mod +++ b/go.mod @@ -20,7 +20,7 @@ require ( github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 github.com/urfave/cli v1.22.12 github.com/vishvananda/netlink v1.1.0 - golang.org/x/net v0.19.0 + golang.org/x/net v0.20.0 golang.org/x/sys v0.16.0 google.golang.org/protobuf v1.32.0 ) diff --git a/go.sum b/go.sum index 27002e30d09..a29c7da7bc7 100644 --- a/go.sum +++ b/go.sum @@ -65,8 +65,8 @@ github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df h1:OviZH7qLw/7Zo github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU= golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2 h1:Jvc7gsqn21cJHCmAWx0LiimpP18LZmUxkT5Mp7EZ1mI= golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= -golang.org/x/net v0.19.0 h1:zTwKpTd2XuCqf8huc7Fo2iSy+4RHPd10s4KzeTnVr1c= -golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= +golang.org/x/net v0.20.0 h1:aCL9BSgETF1k+blQaYUBx9hJ9LOGP3gAVemcZlf1Kpo= +golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY= golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= diff --git a/vendor/modules.txt b/vendor/modules.txt index 3c039ca8b57..34f5a991561 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -79,7 +79,7 @@ github.com/vishvananda/netns golang.org/x/exp/constraints golang.org/x/exp/maps golang.org/x/exp/slices -# golang.org/x/net v0.19.0 +# golang.org/x/net v0.20.0 ## explicit; go 1.18 golang.org/x/net/bpf # golang.org/x/sys v0.16.0 From 8afeccc82768cdfa148991d0f83e7d9e918b3b16 Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Fri, 12 Jan 2024 12:16:49 +0100 Subject: [PATCH 0486/1176] libct/dmz: Print execve() errors This error code is using functions that are present in nolibc too. When using nolibc, the error is printed like: exec /runc.armel: errno=8 When using libc, as its perror() implementation translates the errno to a message, it is printed like: exec /runc.armel: exec format error Note that when using libc, the error is printed in the same way as before. Signed-off-by: Rodrigo Campos --- libcontainer/dmz/_dmz.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/libcontainer/dmz/_dmz.c b/libcontainer/dmz/_dmz.c index 2855e60d5cd..e4cfcf087e7 100644 --- a/libcontainer/dmz/_dmz.c +++ b/libcontainer/dmz/_dmz.c @@ -1,4 +1,7 @@ #ifdef RUNC_USE_STDLIB +# include +# include +# include # include #else # include "xstat.h" @@ -11,5 +14,14 @@ int main(int argc, char **argv) { if (argc < 1) return 127; - return execve(argv[0], argv, environ); + int ret = execve(argv[0], argv, environ); + if (ret) { + /* NOTE: This error message format MUST match Go's format. */ + char err_msg[5 + PATH_MAX + 1] = "exec "; // "exec " + argv[0] + '\0' + strncat(err_msg, argv[0], PATH_MAX); + err_msg[sizeof(err_msg) - 1] = '\0'; + + perror(err_msg); + } + return ret; } From fe95a2a06a7bfce160f3941930ba2564a62baddc Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Thu, 18 Jan 2024 17:46:43 +0100 Subject: [PATCH 0487/1176] tests/integration: Test exec failures Signed-off-by: Rodrigo Campos --- tests/integration/run.bats | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/tests/integration/run.bats b/tests/integration/run.bats index f6bd3c86500..bf23d22a103 100644 --- a/tests/integration/run.bats +++ b/tests/integration/run.bats @@ -230,3 +230,20 @@ function teardown() { grep -E '^monotonic\s+7881\s+2718281$' <<<"$output" grep -E '^boottime\s+1337\s+3141519$' <<<"$output" } + +@test "runc run [exec error]" { + cat <rootfs/run.sh +#!/mmnnttbb foo bar +sh +EOF + chmod +x rootfs/run.sh + update_config '.process.args = [ "/run.sh" ]' + runc run test_hello + + # Ensure that the output contains the right error message. For runc-dmz, both + # nolibc and libc have the same formatting string (but libc will print the + # errno description rather than just the number), and for runc_nodmz the error + # message from Go starts with the same string. + [ "$status" -ne 0 ] + [[ "$output" = *"exec /run.sh: "* ]] +} From 34eceb21e252ff63f6c8c911328ff6fa2188e0be Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Mon, 22 Jan 2024 15:52:14 +1100 Subject: [PATCH 0488/1176] keyring: update cyphar@cyphar.com key expiry Signed-off-by: Aleksa Sarai --- runc.keyring | 40 ++++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/runc.keyring b/runc.keyring index 84b4ca38a1e..ab0b5a151d5 100644 --- a/runc.keyring +++ b/runc.keyring @@ -72,18 +72,18 @@ KWr9ByCKAwVHsaSgVSJE/dse4f1toqeEHHbWk682U4RqOWZR4bA0 pub ed25519 2019-06-21 [C] C9C370B246B09F6DBCFC744C34401015D1D2D386 uid [ultimate] Aleksa Sarai -sub ed25519 2022-09-30 [S] [expires: 2024-09-29] -sub cv25519 2022-09-30 [E] [expires: 2024-09-29] -sub ed25519 2022-09-30 [A] [expires: 2024-09-29] +sub ed25519 2022-09-30 [S] [expires: 2030-03-25] +sub cv25519 2022-09-30 [E] [expires: 2030-03-25] +sub ed25519 2022-09-30 [A] [expires: 2030-03-25] -----BEGIN PGP PUBLIC KEY BLOCK----- Comment: github=cyphar mDMEXQxvLxYJKwYBBAHaRw8BAQdArRQoZs9YzYtQIiPA1qdvUT8Q0wbPZyRV65Tz QNTIZla0IEFsZWtzYSBTYXJhaSA8Y3lwaGFyQGN5cGhhci5jb20+iJAEExYIADgF -CwkIBwIGFQoJCAsCBBYCAwECHgECF4AWIQTJw3CyRrCfbbz8dEw0QBAV0dLThgUC -XQzCHwIbAQAKCRA0QBAV0dLThvUpAP9SwyOijLqEBz1A9pTqRAB0l/r+ABq+iUmH -UjMHO34LZAD/biRuAadaxIYJtmn7nKA55doyN2fQXhjArqypJ1SQywi4MwRdDMJS +CwkIBwIGFQoJCAsCBBYCAwECHgECF4ACGwEWIQTJw3CyRrCfbbz8dEw0QBAV0dLT +hgUCZa3xwQAKCRA0QBAV0dLThpQyAQDGzjZyyWWmd6Ykg5/lymp2MLIg1f2jG6ew +AiPT4ATkBAD/RgdLDf1IQStEH7pHmQa1qvqyRq1jeEgF23KruXbbdQ64MwRdDMJS FgkrBgEEAdpHDwEBB0B2IGusH7LuDH3hNT6JYM30S7G92FGogA6a9WQzKRlqvIh4 BCgWCgAgFiEEycNwskawn228/HRMNEAQFdHS04YFAmM2ukUCHQEACgkQNEAQFdHS 04ZTQAEAjAT0fXVJHdRL6UMCxDYsgjG+QyH1mr7gKgbPvB8A5LgBAN4QDqCxIY3b @@ -106,20 +106,20 @@ o7lcWozXFlQDOM7eoT4avvWOVcsaD4h4BBgWCAAgFiEEycNwskawn228/HRMNEAQ FdHS04YFAl0Mwo0CGyAACgkQNEAQFdHS04ajxQEAsZf1yDORUVYicREc/7z0U+51 DJzeAexeJTYM+N+x13EA/0Ex+o7qQ7dZLGDn7x4LSbd39C+++suHsEaE4XwlX6cH uDMEYza6SxYJKwYBBAHaRw8BAQdAE3s7dZQFuImQX2tWshIdGjeUKZc7rlMcrZ6+ -q25gaH2I9QQYFgoAJhYhBMnDcLJGsJ9tvPx0TDRAEBXR0tOGBQJjNrpLAhsCBQkD -wmcAAIEJEDRAEBXR0tOGdiAEGRYKAB0WIQS2TklVsp+j1GPyqQYol/rSt+lEbwUC -Yza6SwAKCRAol/rSt+lEb9obAQC8ij4yJTU7ZcAtTx2ZMjj8EoruGb3ku6VpRyx1 -+pyQQgD/QgQ7X1G7xtwuVpY0kHYga1yoKLA2ycT8F8PrVtF7pAMWkgD9EWe1E77C -BVd//i3ib+h9ikCeJ+gaxc6aU24ZBcN2tfUBAJmCmYQ0VEbXyvCqkdJEQ4qk5Y9C -2V4w83dj4a5RYKUGuDgEYza6YBIKKwYBBAGXVQEFAQEHQKECW5Y7nUGCka0/WcCM -OerRY95Pm2DQVL76QzvhXD8tAwEIB4h+BBgWCgAmFiEEycNwskawn228/HRMNEAQ -FdHS04YFAmM2umACGwwFCQPCZwAACgkQNEAQFdHS04bkuwEA7AEL+iSPlA8/YILp -0sFMzmtRqTDMqx2BY8K5wEk9fusA/jAhbeJw57bZYvK4MghfUa9tRocyII84UmOA -cgDbPPIFuDMEYza6bhYJKwYBBAHaRw8BAQdAgHXd0yf6MPXJZCZ3TFz8xLymyPsD -TF2SQwwqM4+nYbeIfgQYFgoAJhYhBMnDcLJGsJ9tvPx0TDRAEBXR0tOGBQJjNrpu -AhsgBQkDwmcAAAoJEDRAEBXR0tOGB8UA/0wf8uECKMmXGQ4DNi+ei2E9Ft6GL8qw -UGjwM/EKH2RoAP9HNRRKBjDxs/AZ3pBx1Q8hnHELLo0kXPc+3BG6Pht5BA== -=KN4V +q25gaH2I9QQYFgoAJgIbAhYhBMnDcLJGsJ9tvPx0TDRAEBXR0tOGBQJlrfJcBQkO +EpjFAIF2IAQZFgoAHRYhBLZOSVWyn6PUY/KpBiiX+tK36URvBQJjNrpLAAoJECiX ++tK36URv2hsBALyKPjIlNTtlwC1PHZkyOPwSiu4ZveS7pWlHLHX6nJBCAP9CBDtf +UbvG3C5WljSQdiBrXKgosDbJxPwXw+tW0XukAwkQNEAQFdHS04bMkQEA9elVwA0A ++ywDw+jnifIc98XqLI+KF3Xl0A9+lMuwthMBAO00DeAEjkryFMGp62GPNHqr/r6p ++6DIeUjWgK4Sh8IMuDgEYza6YBIKKwYBBAGXVQEFAQEHQKECW5Y7nUGCka0/WcCM +OerRY95Pm2DQVL76QzvhXD8tAwEIB4h+BBgWCgAmAhsMFiEEycNwskawn228/HRM +NEAQFdHS04YFAmWt8lwFCQ4SmLAACgkQNEAQFdHS04apHgD+MIRj2kujpxtQt04D +ZB+hofBtHIEMo2tplFBYvhZ6KOMA/1q3aRv6jnWAv8woc50KitP4/+iPmfyzaBA/ +8XA5DdIKuDMEYza6bhYJKwYBBAHaRw8BAQdAgHXd0yf6MPXJZCZ3TFz8xLymyPsD +TF2SQwwqM4+nYbeIfgQYFgoAJgIbIBYhBMnDcLJGsJ9tvPx0TDRAEBXR0tOGBQJl +rfJcBQkOEpiiAAoJEDRAEBXR0tOGAUwA/jbaz04OXnV3PYC/yQUsUJsihCTqz4Ne +lxxclgJYU604APsFzpoLD0oUlfMn5Fh75ftkKPrwiHpTj4rRU6oIQu1/Bg== +=Ab7w -----END PGP PUBLIC KEY BLOCK----- pub rsa2048 2020-04-28 [SC] [expires: 2025-04-18] From 093c83e13ee3f5dedb0a4446565dce925bbb2a3e Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Mon, 22 Jan 2024 16:14:17 +1100 Subject: [PATCH 0489/1176] keyring: update AkihiroSuda key expiry Signed-off-by: Aleksa Sarai --- runc.keyring | 64 ++++++++++++++++++++++++++-------------------------- 1 file changed, 32 insertions(+), 32 deletions(-) diff --git a/runc.keyring b/runc.keyring index ab0b5a151d5..3fb6d283636 100644 --- a/runc.keyring +++ b/runc.keyring @@ -159,11 +159,11 @@ S1NPMeS7+G/gPN9Ze9qFmOF2p57cmEa+8mriZCYY3BcUBOiMOV5HSBKJwqA2M8au =GkpD -----END PGP PUBLIC KEY BLOCK----- -pub rsa3072 2019-07-25 [SC] [expires: 2023-11-02] +pub rsa3072 2019-07-25 [SC] [expires: 2025-07-27] C020EA876CE4E06C7AB95AEF49524C6F9F638F1A uid [ultimate] Akihiro Suda uid [ultimate] Akihiro Suda -sub rsa3072 2019-07-25 [E] [expires: 2023-11-02] +sub rsa3072 2019-07-25 [E] [expires: 2025-07-27] -----BEGIN PGP PUBLIC KEY BLOCK----- Comment: github=AkihiroSuda @@ -178,26 +178,26 @@ dsyq4W565jNRV/HWRUMR+LDIS1KiEalzDoID3aUXRHHLUQG0oqX8jqFJUqp1P9pO 9nezuUDg8SsaBg8O4tyv/CZq/FeF3RMMc2EHTiO8HTERqmRMxUFZv3bkgA4GnjnA 3wsZhLXQq+UaIJUAEQEAAbQsQWtpaGlybyBTdWRhIDxha2loaXJvLnN1ZGEuY3pA aGNvLm50dC5jby5qcD6JAdQEEwEKAD4CGwMFCwkIBwIGFQoJCAsCBBYCAwECHgEC -F4AWIQTAIOqHbOTgbHq5Wu9JUkxvn2OPGgUCYYDT5gUJCAkhxwAKCRBJUkxvn2OP -GiHnC/wOqAvEcRmpKjqx4QUNkE34oGwiPgV5vyDlQElvBzyazQEcIdt9xaIE+4IS -7L7L6Q7WOGxWCvmRZ58E32m4RB1F8L7XQW0l3f6jESYLGPb6XDloux5poJzGxaGK -9gd6ItNmjOCmt08Icv0ZVTvKv20ej71aepllE5UaM9p5AlEwLkzQxPoGpB7E1Sdy -citRg6YEqTY+i5IeZ5xMthWXcushyLRRvm43DwbPsuZHVC1yMfo5VrF9JE65BdE9 -dIsCrZDnde/jUm4pAAwyAKSLLRVgj4xVP0XIdO2nVXDBWp9z4gUt/gMjuutO1a2U -Xw+XhkirUb2C++L0KvVBMbU303Q+xV/iaYjAuFjNy94HZms0iTBTB4qFHT4ClYHi -mNwTgfwRclpywkHzDi8496hsyzoVCeHSsu+ScDE1qAw6zrxASZXevYhhB2aBLr1s -d58WsYA37iXTEO4Hxm5V0Wh110hlCGFwcN8vWNhMCdIj7JN8nWZQNLZyppN7bCDu -FX8cE260I0FraWhpcm8gU3VkYSA8c3VkYS5reW90b0BnbWFpbC5jb20+iQHUBBMB +F4AWIQTAIOqHbOTgbHq5Wu9JUkxvn2OPGgUCZMPL2QUJC0wZugAKCRBJUkxvn2OP +GqTiC/93jTl0ci2zWC8vVBPSyjHDrpOhn+3ukCeC7VxHOdo6hBwbsxqaBUWi0Maf +p9oa4HzmsQjhMM+i3/Q/jHBvijXQ2UO5MaDrLhacoAW8i/YeU2aKn2yIyrQPIdc/ +tlcwjvsRPt534DOisf1N5+w6Y4DRgt2tNl0KOjEBmXsBWN7Fg+QRfLeNWKS9soq7 +QkI68T0e0h752FmI8TK4yy6FrhLVUU2ArLcOV2wjx5zKnWjgX7BbwYjAp8fi9hcC +XdmSvllQ8U9Y2ll8dDq3HBmo+uI4lfz31S4B5EKo4Wn+3bA4Y+VBNoJfoKyLeOgr +0cmo6SRJIsVaSvAJcMZ6oq+jvTDuygfRkxxgoTzCgwre7CPzcvC8gC0sYOB34TN4 +UogwN3pFmCPfi5TjXsx7vgfWKlHgwe3L/5aoQjTm+z6WanTHbIqOK9QkIuGykMpL +7nOJeH9LoRzpzc8aOwIOki2bbo7s9yzL8Gil+zaqe16Q+Y7wVBxSRxbg/3oUTi1K +/uM8N4S0I0FraWhpcm8gU3VkYSA8c3VkYS5reW90b0BnbWFpbC5jb20+iQHUBBMB CgA+AhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAFiEEwCDqh2zk4Gx6uVrvSVJM -b59jjxoFAmGA0+YFCQgJIccACgkQSVJMb59jjxoMJwwAgZxXa8DPoUWeazt5TIVX -omVcsor2J75CqPKlOjvSVXSnCzkBM1kYN2RwVjNivuIEUWPDOohvUvJxllkm7dxd -g+XfLL3/luB4B+R06n78339K0pu4+n5eDIF0UiNbfuGocqFtVBXuC0uj7ZWPJnZe -tdbspisggJ8Q2Im7mQPQRQZ1Q1qBlogxpeeDzyGkrLRusryfd8LwPz7/8I59pkwG -hkNm0+JbaDJ1NtFElX+XvPaOxfCB3ut94CUjac0DdkQNDX+i2ruZNAsIjEuxQbuT -UAc1ouv+R126SBqVdkRLtRw+d0DmAR7PiL37C8KjQa6s+H46jzhLDQ0a3frZdo2w -c1Sony8C60w9q8wpGjJjjelTimsEW8aa7e17xMVgZrawAOAPDuGvbRMGl6fla9T2 -ZYTF6QDzoeqB4VgL441yJm0c2/c6L8gz8ehCNGyqxtfFX+8OO4W3+p4a/mKP8MLz -9l04g71QkuAi3bF7bbrsWmagMXJJJWTHbizDLaytI/6nuQGNBF06GR8BDACxpQ9c +b59jjxoFAmTDy9kFCQtMGboACgkQSVJMb59jjxogzgv/a+4+T5Xoklt0rGujSgtD +ogpQp4guaImEhkPieWMPG7+UfqxwoMLcvLE5kTzqLPe1DdYs8Tm/gtteHttLUfjD +qwY/+BsqIYYMJMRoXFBk2iokn0m/36da7WKpN+5r5ssujsvGj991k4oLQgFV0kEx +f4PSRxWQNlAqp4OfQNI91S7oMDH94dR+V5TIYYHxsPsnCvygD72GVER4G5mUvkCH +Nf8aqeckVxu8uZ/2LiNtYxbh5pwriuj8XbifuawdMdjpTvwAAa2DuKqCtj9cuQIt +hmOF1ux68TRxk//QGPqX49+WT0mwdHBX/I/nZVTOGt9sjjKU5m1o+rUiVHtQ3Yhw +fSLWEbfZiTjWDPWpjLU+r3C2qCiJyPjNpsxYAp4y3v511BXesejcXm24+MHFym5F +ngyAItzwDD9ieTt3uviuC64VZVz7NgnDMUK0LumKh9mrZZ20dTcX9Vw70o41CMQN +yBKloXOSPzQDZp1ZXzR3P/22WXG/e52YuU3Aw1femld+uQGNBF06GR8BDACxpQ9c y72+/WZGon+CToNj+a24PiduyExfFv26E0D77ACS6UAC5jz71mSuLbHiauQ3MHj+ 786z4m4St8+HjDL9YrAe19MobxWsLHAFvBJ8UHfZdkLzBkIKPHz7TUqlhvFR13b6 ZAZVZk975hgCT3LpzA1miHBY2E5WDpVa3pe94xshVHL3iVf9Jv1a4hmM+eu0gxX4 @@ -206,16 +206,16 @@ Qf6sg0b/k6/vkVveopeeH28zb/nnVuhgGSxcbiZUrFC9EfhX4/6NNFRhE300AjeF bP7SoXx3qRhr993BDSP32r44hy+kYLhZP5K5oXivcITJZuGcJh49P4QuYGrnODIL gEhedWeePcJXFcEz09teizlWKGzd+EA3uwYd/bQelflwXkGuCLaoNv4qcH3oJDp1 vYI0zT7hGvnz3thRLg3SOWFq5cBhnfNGXPLsoNZBzWGn2cm5MJYSKjIM470AEQEA -AYkBvAQYAQoAJgIbDBYhBMAg6ods5OBserla70lSTG+fY48aBQJhgNRTBQkICSI0 -AAoJEElSTG+fY48a3YML/3snhGBx/Xd0EcK0pzyvyivZwavlGsQPAF2c1Rj7Lr1i -eUrp6CZ/yW7/oAvlk6Ngc0SoWba/pgnz7bVQEc21JTY86M1bRLLh3fmYCx8YFbsR -43zVr2bxDledzKV3bIuWStWbljHECuNTT91907pc3r4jv+jN4ZaXVUQ9pXj0DrV+ -MTJVCo7nrEXiq6q1WqaUAV9dMQE3rWGFa2u45QCZGLckOu3cuSCU8CVxSScmxgII -bUBu17xDzQnDkdcEQzzkZtDOrwF76dPdlrW69PXtC9oElRJbGCERivqlrpKDagXI -h4eZYfcFb2gc0qZjblvfVHiot65WM9bUsSAUAEfskYqIGLshzV9MrxFYQYvgt3ym -Qs7D8ORJiphjaOvDeqVyGdPm/rN5SVMVGYpJX6EkZkHinV/kRChtuLAD7NQ3YH5O -5l+Ehze9Nm4laEXQC/tme9B1XH0PUBJk1x8NeoVrYCTnypVFfRw37mC9XBu5TF6U -ix7vx45U/EvZrqmkDrEFOQ== -=4+1P +AYkBvAQYAQoAJgIbDBYhBMAg6ods5OBserla70lSTG+fY48aBQJkw8uyBQkLTBmT +AAoJEElSTG+fY48ayhsL+gLvKlfkYgxodyWKR5hOiUMKWE5tqfQY6kqrgssPYw+u +Fn69AamQLt4I2AHRg0AHjoZEsMfR19uXZ24XwwcWwgWU6yRJgMSIK67bLvL+d686 +m2KQ2PpmfDrizUgY4J0sY+tzwNZeWxQiFy/Ni6AdEqJvJQDsrKYJ2GGWm6JMZCPw +y3h5ouueieiEc0pvwEz2kg64uv6p8SUV1me66IXQaGseXb/BcW+Ap2WJO+IZjtNB +qhk+V+1x5ZT6s9RecjiTDmKfZ71zyRWplkfL22+4XVEc3qLS3r0ZSzeIA4JPRf+N +yCGjavdTNgu2bTo8iSgBq2NRT9kNwTaS8j883L0eY/JJktrfWnWE4qAuXBqLzkIl +smspRWy0byLQrrzk9stncF/CDt5XuHPcsXOcRVXVyM+/RXqWKdNAwZO67HD4wJR9 +YR4avhGZZXguH3b0ka2zO8sxTju/09yb07NJ2qfjfWSHCmaj9KuhhE0EO625tckS +58ceqolNBtrydoYZOc2CKw== +=ol6W -----END PGP PUBLIC KEY BLOCK----- From 7094efb192714e37b1ab731ffe5c6c676b18aa87 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Sat, 20 Jan 2024 16:58:28 +1100 Subject: [PATCH 0490/1176] init: use *os.File for passed file descriptors While it doesn't make much of a practical difference, it seems far more reasonable to use os.NewFile to wrap all of our passed file descriptors to make sure they're tracked by the Go runtime and that we don't double-close them. Signed-off-by: Aleksa Sarai --- libcontainer/init_linux.go | 22 ++++++++++++---------- libcontainer/mount_linux.go | 6 +++--- libcontainer/setns_init_linux.go | 7 +++---- libcontainer/standard_init_linux.go | 13 ++++++------- libcontainer/utils/utils_unix.go | 9 +++++++++ 5 files changed, 33 insertions(+), 24 deletions(-) diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go index 0117ace5990..c46cf0ddf7a 100644 --- a/libcontainer/init_linux.go +++ b/libcontainer/init_linux.go @@ -137,24 +137,26 @@ func startInitialization() (retErr error) { logrus.SetLevel(logrus.Level(logLevel)) } - logFD, err := strconv.Atoi(os.Getenv("_LIBCONTAINER_LOGPIPE")) + logFd, err := strconv.Atoi(os.Getenv("_LIBCONTAINER_LOGPIPE")) if err != nil { return fmt.Errorf("unable to convert _LIBCONTAINER_LOGPIPE: %w", err) } + logPipe := os.NewFile(uintptr(logFd), "logpipe") - logrus.SetOutput(os.NewFile(uintptr(logFD), "logpipe")) + logrus.SetOutput(logPipe) logrus.SetFormatter(new(logrus.JSONFormatter)) logrus.Debug("child process in init()") // Only init processes have FIFOFD. - fifofd := -1 + var fifoFile *os.File envInitType := os.Getenv("_LIBCONTAINER_INITTYPE") it := initType(envInitType) if it == initStandard { - envFifoFd := os.Getenv("_LIBCONTAINER_FIFOFD") - if fifofd, err = strconv.Atoi(envFifoFd); err != nil { + fifoFd, err := strconv.Atoi(os.Getenv("_LIBCONTAINER_FIFOFD")) + if err != nil { return fmt.Errorf("unable to convert _LIBCONTAINER_FIFOFD: %w", err) } + fifoFile = os.NewFile(uintptr(fifoFd), "initfifo") } var consoleSocket *os.File @@ -208,10 +210,10 @@ func startInitialization() (retErr error) { } // If init succeeds, it will not return, hence none of the defers will be called. - return containerInit(it, &config, syncPipe, consoleSocket, pidfdSocket, fifofd, logFD, dmzExe) + return containerInit(it, &config, syncPipe, consoleSocket, pidfdSocket, fifoFile, logPipe, dmzExe) } -func containerInit(t initType, config *initConfig, pipe *syncSocket, consoleSocket, pidfdSocket *os.File, fifoFd, logFd int, dmzExe *os.File) error { +func containerInit(t initType, config *initConfig, pipe *syncSocket, consoleSocket, pidfdSocket, fifoFile, logPipe, dmzExe *os.File) error { if err := populateProcessEnvironment(config.Env); err != nil { return err } @@ -223,7 +225,7 @@ func containerInit(t initType, config *initConfig, pipe *syncSocket, consoleSock consoleSocket: consoleSocket, pidfdSocket: pidfdSocket, config: config, - logFd: logFd, + logPipe: logPipe, dmzExe: dmzExe, } return i.Init() @@ -234,8 +236,8 @@ func containerInit(t initType, config *initConfig, pipe *syncSocket, consoleSock pidfdSocket: pidfdSocket, parentPid: unix.Getppid(), config: config, - fifoFd: fifoFd, - logFd: logFd, + fifoFile: fifoFile, + logPipe: logPipe, dmzExe: dmzExe, } return i.Init() diff --git a/libcontainer/mount_linux.go b/libcontainer/mount_linux.go index 285e03fa491..f9b1adf51db 100644 --- a/libcontainer/mount_linux.go +++ b/libcontainer/mount_linux.go @@ -113,12 +113,12 @@ func mountViaFds(source string, srcFile *mountSource, target, dstFd, fstype stri // mount(2), we need to get a safe handle to /proc/thread-self. This // isn't needed for move_mount(2) because in that case the path is just // a dummy string used for error info. - fdStr := strconv.Itoa(int(srcFile.file.Fd())) + srcFileFd := srcFile.file.Fd() if isMoveMount { - src = "/proc/self/fd/" + fdStr + src = "/proc/self/fd/" + strconv.Itoa(int(srcFileFd)) } else { var closer utils.ProcThreadSelfCloser - src, closer = utils.ProcThreadSelf("fd/" + fdStr) + src, closer = utils.ProcThreadSelfFd(srcFileFd) defer closer() } } diff --git a/libcontainer/setns_init_linux.go b/libcontainer/setns_init_linux.go index 0dd72f95e7f..b88c6136e1f 100644 --- a/libcontainer/setns_init_linux.go +++ b/libcontainer/setns_init_linux.go @@ -5,7 +5,6 @@ import ( "fmt" "os" "os/exec" - "strconv" "github.com/opencontainers/selinux/go-selinux" "github.com/sirupsen/logrus" @@ -24,7 +23,7 @@ type linuxSetnsInit struct { consoleSocket *os.File pidfdSocket *os.File config *initConfig - logFd int + logPipe *os.File dmzExe *os.File } @@ -131,8 +130,8 @@ func (l *linuxSetnsInit) Init() error { // Close the log pipe fd so the parent's ForwardLogs can exit. logrus.Debugf("setns_init: about to exec") - if err := unix.Close(l.logFd); err != nil { - return &os.PathError{Op: "close log pipe", Path: "fd " + strconv.Itoa(l.logFd), Err: err} + if err := l.logPipe.Close(); err != nil { + return fmt.Errorf("close log pipe: %w", err) } if l.dmzExe != nil { diff --git a/libcontainer/standard_init_linux.go b/libcontainer/standard_init_linux.go index 3096d0d81ee..dbaf30f02ba 100644 --- a/libcontainer/standard_init_linux.go +++ b/libcontainer/standard_init_linux.go @@ -5,7 +5,6 @@ import ( "fmt" "os" "os/exec" - "strconv" "github.com/opencontainers/runtime-spec/specs-go" "github.com/opencontainers/selinux/go-selinux" @@ -25,8 +24,8 @@ type linuxStandardInit struct { consoleSocket *os.File pidfdSocket *os.File parentPid int - fifoFd int - logFd int + fifoFile *os.File + logPipe *os.File dmzExe *os.File config *initConfig } @@ -244,11 +243,11 @@ func (l *linuxStandardInit) Init() error { // Close the log pipe fd so the parent's ForwardLogs can exit. logrus.Debugf("init: about to wait on exec fifo") - if err := unix.Close(l.logFd); err != nil { - return &os.PathError{Op: "close log pipe", Path: "fd " + strconv.Itoa(l.logFd), Err: err} + if err := l.logPipe.Close(); err != nil { + return fmt.Errorf("close log pipe: %w", err) } - fifoPath, closer := utils.ProcThreadSelf("fd/" + strconv.Itoa(l.fifoFd)) + fifoPath, closer := utils.ProcThreadSelfFd(l.fifoFile.Fd()) defer closer() // Wait for the FIFO to be opened on the other side before exec-ing the @@ -269,7 +268,7 @@ func (l *linuxStandardInit) Init() error { // N.B. the core issue itself (passing dirfds to the host filesystem) has // since been resolved. // https://github.com/torvalds/linux/blob/v4.9/fs/exec.c#L1290-L1318 - _ = unix.Close(l.fifoFd) + _ = l.fifoFile.Close() s := l.config.SpecState s.Pid = unix.Getpid() diff --git a/libcontainer/utils/utils_unix.go b/libcontainer/utils/utils_unix.go index a48221b000a..3e16d1efb57 100644 --- a/libcontainer/utils/utils_unix.go +++ b/libcontainer/utils/utils_unix.go @@ -202,3 +202,12 @@ func ProcThreadSelf(subpath string) (string, ProcThreadSelfCloser) { } return threadSelf + subpath, runtime.UnlockOSThread } + +// ProcThreadSelfFd is small wrapper around ProcThreadSelf to make it easier to +// create a /proc/thread-self handle for given file descriptor. +// +// It is basically equivalent to ProcThreadSelf(fmt.Sprintf("fd/%d", fd)), but +// without using fmt.Sprintf to avoid unneeded overhead. +func ProcThreadSelfFd(fd uintptr) (string, ProcThreadSelfCloser) { + return ProcThreadSelf("fd/" + strconv.FormatUint(uint64(fd), 10)) +} From 8e1cd2f56d518f8d6292b8bb39f0d0932e4b6c2a Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Tue, 26 Dec 2023 23:53:07 +1100 Subject: [PATCH 0491/1176] init: verify after chdir that cwd is inside the container If a file descriptor of a directory in the host's mount namespace is leaked to runc init, a malicious config.json could use /proc/self/fd/... as a working directory to allow for host filesystem access after the container runs. This can also be exploited by a container process if it knows that an administrator will use "runc exec --cwd" and the target --cwd (the attacker can change that cwd to be a symlink pointing to /proc/self/fd/... and wait for the process to exec and then snoop on /proc/$pid/cwd to get access to the host). The former issue can lead to a critical vulnerability in Docker and Kubernetes, while the latter is a container breakout. We can (ab)use the fact that getcwd(2) on Linux detects this exact case, and getcwd(3) and Go's Getwd() return an error as a result. Thus, if we just do os.Getwd() after chdir we can easily detect this case and error out. In runc 1.1, a /sys/fs/cgroup handle happens to be leaked to "runc init", making this exploitable. On runc main it just so happens that the leaked /sys/fs/cgroup gets clobbered and thus this is only consistently exploitable for runc 1.1. Fixes: GHSA-xr7r-f8xq-vfvv CVE-2024-21626 Co-developed-by: lifubang Signed-off-by: lifubang [refactored the implementation and added more comments] Signed-off-by: Aleksa Sarai --- libcontainer/init_linux.go | 31 ++++++++++++++++++++++++ libcontainer/integration/seccomp_test.go | 20 +++++++-------- 2 files changed, 41 insertions(+), 10 deletions(-) diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go index 0117ace5990..b6fae2787c4 100644 --- a/libcontainer/init_linux.go +++ b/libcontainer/init_linux.go @@ -7,6 +7,7 @@ import ( "fmt" "net" "os" + "path/filepath" "runtime" "runtime/debug" "strconv" @@ -268,6 +269,32 @@ func populateProcessEnvironment(env []string) error { return nil } +// verifyCwd ensures that the current directory is actually inside the mount +// namespace root of the current process. +func verifyCwd() error { + // getcwd(2) on Linux detects if cwd is outside of the rootfs of the + // current mount namespace root, and in that case prefixes "(unreachable)" + // to the returned string. glibc's getcwd(3) and Go's Getwd() both detect + // when this happens and return ENOENT rather than returning a non-absolute + // path. In both cases we can therefore easily detect if we have an invalid + // cwd by checking the return value of getcwd(3). See getcwd(3) for more + // details, and CVE-2024-21626 for the security issue that motivated this + // check. + // + // We have to use unix.Getwd() here because os.Getwd() has a workaround for + // $PWD which involves doing stat(.), which can fail if the current + // directory is inaccessible to the container process. + if wd, err := unix.Getwd(); errors.Is(err, unix.ENOENT) { + return errors.New("current working directory is outside of container mount namespace root -- possible container breakout detected") + } else if err != nil { + return fmt.Errorf("failed to verify if current working directory is safe: %w", err) + } else if !filepath.IsAbs(wd) { + // We shouldn't ever hit this, but check just in case. + return fmt.Errorf("current working directory is not absolute -- possible container breakout detected: cwd is %q", wd) + } + return nil +} + // finalizeNamespace drops the caps, sets the correct user // and working dir, and closes any leaked file descriptors // before executing the command inside the namespace @@ -326,6 +353,10 @@ func finalizeNamespace(config *initConfig) error { return fmt.Errorf("chdir to cwd (%q) set in config.json failed: %w", config.Cwd, err) } } + // Make sure our final working directory is inside the container. + if err := verifyCwd(); err != nil { + return err + } if err := system.ClearKeepCaps(); err != nil { return fmt.Errorf("unable to clear keep caps: %w", err) } diff --git a/libcontainer/integration/seccomp_test.go b/libcontainer/integration/seccomp_test.go index 31092a0a5d2..ecdfa7957df 100644 --- a/libcontainer/integration/seccomp_test.go +++ b/libcontainer/integration/seccomp_test.go @@ -13,7 +13,7 @@ import ( libseccomp "github.com/seccomp/libseccomp-golang" ) -func TestSeccompDenyGetcwdWithErrno(t *testing.T) { +func TestSeccompDenySyslogWithErrno(t *testing.T) { if testing.Short() { return } @@ -25,7 +25,7 @@ func TestSeccompDenyGetcwdWithErrno(t *testing.T) { DefaultAction: configs.Allow, Syscalls: []*configs.Syscall{ { - Name: "getcwd", + Name: "syslog", Action: configs.Errno, ErrnoRet: &errnoRet, }, @@ -39,7 +39,7 @@ func TestSeccompDenyGetcwdWithErrno(t *testing.T) { buffers := newStdBuffers() pwd := &libcontainer.Process{ Cwd: "/", - Args: []string{"pwd"}, + Args: []string{"dmesg"}, Env: standardEnvironment, Stdin: buffers.Stdin, Stdout: buffers.Stdout, @@ -65,17 +65,17 @@ func TestSeccompDenyGetcwdWithErrno(t *testing.T) { } if exitCode == 0 { - t.Fatalf("Getcwd should fail with negative exit code, instead got %d!", exitCode) + t.Fatalf("dmesg should fail with negative exit code, instead got %d!", exitCode) } - expected := "pwd: getcwd: No such process" + expected := "dmesg: klogctl: No such process" actual := strings.Trim(buffers.Stderr.String(), "\n") if actual != expected { t.Fatalf("Expected output %s but got %s\n", expected, actual) } } -func TestSeccompDenyGetcwd(t *testing.T) { +func TestSeccompDenySyslog(t *testing.T) { if testing.Short() { return } @@ -85,7 +85,7 @@ func TestSeccompDenyGetcwd(t *testing.T) { DefaultAction: configs.Allow, Syscalls: []*configs.Syscall{ { - Name: "getcwd", + Name: "syslog", Action: configs.Errno, }, }, @@ -98,7 +98,7 @@ func TestSeccompDenyGetcwd(t *testing.T) { buffers := newStdBuffers() pwd := &libcontainer.Process{ Cwd: "/", - Args: []string{"pwd"}, + Args: []string{"dmesg"}, Env: standardEnvironment, Stdin: buffers.Stdin, Stdout: buffers.Stdout, @@ -124,10 +124,10 @@ func TestSeccompDenyGetcwd(t *testing.T) { } if exitCode == 0 { - t.Fatalf("Getcwd should fail with negative exit code, instead got %d!", exitCode) + t.Fatalf("dmesg should fail with negative exit code, instead got %d!", exitCode) } - expected := "pwd: getcwd: Operation not permitted" + expected := "dmesg: klogctl: Operation not permitted" actual := strings.Trim(buffers.Stderr.String(), "\n") if actual != expected { t.Fatalf("Expected output %s but got %s\n", expected, actual) From f2f16213e174fb63e931fe0546bbbad1d9bbed6f Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Tue, 2 Jan 2024 14:58:28 +1100 Subject: [PATCH 0492/1176] init: close internal fds before execve If we leak a file descriptor referencing the host filesystem, an attacker could use a /proc/self/fd magic-link as the source for execve to execute a host binary in the container. This would allow the binary itself (or a process inside the container in the 'runc exec' case) to write to a host binary, leading to a container escape. The simple solution is to make sure we close all file descriptors immediately before the execve(2) step. Doing this earlier can lead to very serious issues in Go (as file descriptors can be reused, any (*os.File) reference could start silently operating on a different file) so we have to do it as late as possible. Unfortunately, there are some Go runtime file descriptors that we must not close (otherwise the Go scheduler panics randomly). The only way of being sure which file descriptors cannot be closed is to sneakily go:linkname the runtime internal "internal/poll.IsPollDescriptor" function. This is almost certainly not recommended but there isn't any other way to be absolutely sure, while also closing any other possible files. In addition, we can keep the logrus forwarding logfd open because you cannot execve a pipe and the contents of the pipe are so restricted (JSON-encoded in a format we pick) that it seems unlikely you could even construct shellcode. Closing the logfd causes issues if there is an error returned from execve. In mainline runc, runc-dmz protects us against this attack because the intermediate execve(2) closes all of the O_CLOEXEC internal runc file descriptors and thus runc-dmz cannot access them to attack the host. Fixes: GHSA-xr7r-f8xq-vfvv CVE-2024-21626 Signed-off-by: Aleksa Sarai --- libcontainer/init_linux.go | 2 +- libcontainer/logs/logs.go | 9 ++++ libcontainer/setns_init_linux.go | 19 +++++++ libcontainer/standard_init_linux.go | 18 +++++++ libcontainer/utils/utils_unix.go | 82 ++++++++++++++++++++++++----- 5 files changed, 117 insertions(+), 13 deletions(-) diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go index b6fae2787c4..7e56f02a19b 100644 --- a/libcontainer/init_linux.go +++ b/libcontainer/init_linux.go @@ -90,7 +90,7 @@ func Init() { } // Normally, StartInitialization() never returns, meaning // if we are here, it had failed. - os.Exit(1) + os.Exit(255) } // Normally, this function does not return. If it returns, with or without an diff --git a/libcontainer/logs/logs.go b/libcontainer/logs/logs.go index 95deb0d6ca7..349a18ed383 100644 --- a/libcontainer/logs/logs.go +++ b/libcontainer/logs/logs.go @@ -4,10 +4,19 @@ import ( "bufio" "encoding/json" "io" + "os" "github.com/sirupsen/logrus" ) +// IsLogrusFd returns whether the provided fd matches the one that logrus is +// currently outputting to. This should only ever be called by UnsafeCloseFrom +// from `runc init`. +func IsLogrusFd(fd uintptr) bool { + file, ok := logrus.StandardLogger().Out.(*os.File) + return ok && file.Fd() == fd +} + func ForwardLogs(logPipe io.ReadCloser) chan error { done := make(chan error, 1) s := bufio.NewScanner(logPipe) diff --git a/libcontainer/setns_init_linux.go b/libcontainer/setns_init_linux.go index 0dd72f95e7f..a4288d241a2 100644 --- a/libcontainer/setns_init_linux.go +++ b/libcontainer/setns_init_linux.go @@ -15,6 +15,7 @@ import ( "github.com/opencontainers/runc/libcontainer/keys" "github.com/opencontainers/runc/libcontainer/seccomp" "github.com/opencontainers/runc/libcontainer/system" + "github.com/opencontainers/runc/libcontainer/utils" ) // linuxSetnsInit performs the container's initialization for running a new process @@ -139,5 +140,23 @@ func (l *linuxSetnsInit) Init() error { l.config.Args[0] = name return system.Fexecve(l.dmzExe.Fd(), l.config.Args, os.Environ()) } + // Close all file descriptors we are not passing to the container. This is + // necessary because the execve target could use internal runc fds as the + // execve path, potentially giving access to binary files from the host + // (which can then be opened by container processes, leading to container + // escapes). Note that because this operation will close any open file + // descriptors that are referenced by (*os.File) handles from underneath + // the Go runtime, we must not do any file operations after this point + // (otherwise the (*os.File) finaliser could close the wrong file). See + // CVE-2024-21626 for more information as to why this protection is + // necessary. + // + // This is not needed for runc-dmz, because the extra execve(2) step means + // that all O_CLOEXEC file descriptors have already been closed and thus + // the second execve(2) from runc-dmz cannot access internal file + // descriptors from runc. + if err := utils.UnsafeCloseFrom(l.config.PassedFilesCount + 3); err != nil { + return err + } return system.Exec(name, l.config.Args, os.Environ()) } diff --git a/libcontainer/standard_init_linux.go b/libcontainer/standard_init_linux.go index 3096d0d81ee..b5652c5a7da 100644 --- a/libcontainer/standard_init_linux.go +++ b/libcontainer/standard_init_linux.go @@ -282,5 +282,23 @@ func (l *linuxStandardInit) Init() error { l.config.Args[0] = name return system.Fexecve(l.dmzExe.Fd(), l.config.Args, os.Environ()) } + // Close all file descriptors we are not passing to the container. This is + // necessary because the execve target could use internal runc fds as the + // execve path, potentially giving access to binary files from the host + // (which can then be opened by container processes, leading to container + // escapes). Note that because this operation will close any open file + // descriptors that are referenced by (*os.File) handles from underneath + // the Go runtime, we must not do any file operations after this point + // (otherwise the (*os.File) finaliser could close the wrong file). See + // CVE-2024-21626 for more information as to why this protection is + // necessary. + // + // This is not needed for runc-dmz, because the extra execve(2) step means + // that all O_CLOEXEC file descriptors have already been closed and thus + // the second execve(2) from runc-dmz cannot access internal file + // descriptors from runc. + if err := utils.UnsafeCloseFrom(l.config.PassedFilesCount + 3); err != nil { + return err + } return system.Exec(name, l.config.Args, os.Environ()) } diff --git a/libcontainer/utils/utils_unix.go b/libcontainer/utils/utils_unix.go index a48221b000a..c90c2b60545 100644 --- a/libcontainer/utils/utils_unix.go +++ b/libcontainer/utils/utils_unix.go @@ -11,10 +11,13 @@ import ( "runtime" "strconv" "sync" + _ "unsafe" // for go:linkname securejoin "github.com/cyphar/filepath-securejoin" "github.com/sirupsen/logrus" "golang.org/x/sys/unix" + + "github.com/opencontainers/runc/libcontainer/logs" ) // EnsureProcHandle returns whether or not the given file handle is on procfs. @@ -53,14 +56,11 @@ func haveCloseRangeCloexec() bool { return haveCloseRangeCloexecBool } -// CloseExecFrom applies O_CLOEXEC to all file descriptors currently open for -// the process (except for those below the given fd value). -func CloseExecFrom(minFd int) error { - if haveCloseRangeCloexec() { - err := unix.CloseRange(uint(minFd), math.MaxUint, unix.CLOSE_RANGE_CLOEXEC) - return os.NewSyscallError("close_range", err) - } +type fdFunc func(fd int) +// fdRangeFrom calls the passed fdFunc for each file descriptor that is open in +// the current process. +func fdRangeFrom(minFd int, fn fdFunc) error { procSelfFd, closer := ProcThreadSelf("fd") defer closer() @@ -88,15 +88,73 @@ func CloseExecFrom(minFd int) error { if fd < minFd { continue } - // Intentionally ignore errors from unix.CloseOnExec -- the cases where - // this might fail are basically file descriptors that have already - // been closed (including and especially the one that was created when - // os.ReadDir did the "opendir" syscall). - unix.CloseOnExec(fd) + // Ignore the file descriptor we used for readdir, as it will be closed + // when we return. + if uintptr(fd) == fdDir.Fd() { + continue + } + // Run the closure. + fn(fd) } return nil } +// CloseExecFrom sets the O_CLOEXEC flag on all file descriptors greater or +// equal to minFd in the current process. +func CloseExecFrom(minFd int) error { + // Use close_range(CLOSE_RANGE_CLOEXEC) if possible. + if haveCloseRangeCloexec() { + err := unix.CloseRange(uint(minFd), math.MaxUint, unix.CLOSE_RANGE_CLOEXEC) + return os.NewSyscallError("close_range", err) + } + // Otherwise, fall back to the standard loop. + return fdRangeFrom(minFd, unix.CloseOnExec) +} + +//go:linkname runtime_IsPollDescriptor internal/poll.IsPollDescriptor + +// In order to make sure we do not close the internal epoll descriptors the Go +// runtime uses, we need to ensure that we skip descriptors that match +// "internal/poll".IsPollDescriptor. Yes, this is a Go runtime internal thing, +// unfortunately there's no other way to be sure we're only keeping the file +// descriptors the Go runtime needs. Hopefully nothing blows up doing this... +func runtime_IsPollDescriptor(fd uintptr) bool //nolint:revive + +// UnsafeCloseFrom closes all file descriptors greater or equal to minFd in the +// current process, except for those critical to Go's runtime (such as the +// netpoll management descriptors). +// +// NOTE: That this function is incredibly dangerous to use in most Go code, as +// closing file descriptors from underneath *os.File handles can lead to very +// bad behaviour (the closed file descriptor can be re-used and then any +// *os.File operations would apply to the wrong file). This function is only +// intended to be called from the last stage of runc init. +func UnsafeCloseFrom(minFd int) error { + // We cannot use close_range(2) even if it is available, because we must + // not close some file descriptors. + return fdRangeFrom(minFd, func(fd int) { + if runtime_IsPollDescriptor(uintptr(fd)) { + // These are the Go runtimes internal netpoll file descriptors. + // These file descriptors are operated on deep in the Go scheduler, + // and closing those files from underneath Go can result in panics. + // There is no issue with keeping them because they are not + // executable and are not useful to an attacker anyway. Also we + // don't have any choice. + return + } + if logs.IsLogrusFd(uintptr(fd)) { + // Do not close the logrus output fd. We cannot exec a pipe, and + // the contents are quite limited (very little attacker control, + // JSON-encoded) making shellcode attacks unlikely. + return + } + // There's nothing we can do about errors from close(2), and the + // only likely error to be seen is EBADF which indicates the fd was + // already closed (in which case, we got what we wanted). + _ = unix.Close(fd) + }) +} + // NewSockPair returns a new SOCK_STREAM unix socket pair. func NewSockPair(name string) (parent, child *os.File, err error) { fds, err := unix.Socketpair(unix.AF_LOCAL, unix.SOCK_STREAM|unix.SOCK_CLOEXEC, 0) From 89c93ddf289437d5c8558b37047c54af6a0edb48 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Tue, 26 Dec 2023 23:36:51 +1100 Subject: [PATCH 0493/1176] cgroup: plug leaks of /sys/fs/cgroup handle We auto-close this file descriptor in the final exec step, but it's probably a good idea to not possibly leak the file descriptor to "runc init" (we've had issues like this in the past) especially since it is a directory handle from the host mount namespace. In practice, on runc 1.1 this does leak to "runc init" but on main the handle has a low enough file descriptor that it gets clobbered by the ForkExec of "runc init". OPEN_TREE_CLONE would let us protect this handle even further, but the performance impact of creating an anonymous mount namespace is probably not worth it. Also, switch to using an *os.File for the handle so if it goes out of scope during setup (i.e. an error occurs during setup) it will get cleaned up by the GC. Fixes: GHSA-xr7r-f8xq-vfvv CVE-2024-21626 Signed-off-by: Aleksa Sarai --- libcontainer/cgroups/file.go | 31 ++++++++++++++++--------------- 1 file changed, 16 insertions(+), 15 deletions(-) diff --git a/libcontainer/cgroups/file.go b/libcontainer/cgroups/file.go index 6c93ce4502d..16aae5a3b7c 100644 --- a/libcontainer/cgroups/file.go +++ b/libcontainer/cgroups/file.go @@ -66,16 +66,16 @@ var ( // TestMode is set to true by unit tests that need "fake" cgroupfs. TestMode bool - cgroupFd int = -1 - prepOnce sync.Once - prepErr error - resolveFlags uint64 + cgroupRootHandle *os.File + prepOnce sync.Once + prepErr error + resolveFlags uint64 ) func prepareOpenat2() error { prepOnce.Do(func() { fd, err := unix.Openat2(-1, cgroupfsDir, &unix.OpenHow{ - Flags: unix.O_DIRECTORY | unix.O_PATH, + Flags: unix.O_DIRECTORY | unix.O_PATH | unix.O_CLOEXEC, }) if err != nil { prepErr = &os.PathError{Op: "openat2", Path: cgroupfsDir, Err: err} @@ -86,15 +86,16 @@ func prepareOpenat2() error { } return } + file := os.NewFile(uintptr(fd), cgroupfsDir) + var st unix.Statfs_t - if err = unix.Fstatfs(fd, &st); err != nil { + if err := unix.Fstatfs(int(file.Fd()), &st); err != nil { prepErr = &os.PathError{Op: "statfs", Path: cgroupfsDir, Err: err} logrus.Warnf("falling back to securejoin: %s", prepErr) return } - cgroupFd = fd - + cgroupRootHandle = file resolveFlags = unix.RESOLVE_BENEATH | unix.RESOLVE_NO_MAGICLINKS if st.Type == unix.CGROUP2_SUPER_MAGIC { // cgroupv2 has a single mountpoint and no "cpu,cpuacct" symlinks @@ -121,7 +122,7 @@ func openFile(dir, file string, flags int) (*os.File, error) { return openFallback(path, flags, mode) } - fd, err := unix.Openat2(cgroupFd, relPath, + fd, err := unix.Openat2(int(cgroupRootHandle.Fd()), relPath, &unix.OpenHow{ Resolve: resolveFlags, Flags: uint64(flags) | unix.O_CLOEXEC, @@ -129,21 +130,21 @@ func openFile(dir, file string, flags int) (*os.File, error) { }) if err != nil { err = &os.PathError{Op: "openat2", Path: path, Err: err} - // Check if cgroupFd is still opened to cgroupfsDir + // Check if cgroupRootHandle is still opened to cgroupfsDir // (happens when this package is incorrectly used // across the chroot/pivot_root/mntns boundary, or // when /sys/fs/cgroup is remounted). // // TODO: if such usage will ever be common, amend this - // to reopen cgroupFd and retry openat2. - fdPath, closer := utils.ProcThreadSelf("fd/" + strconv.Itoa(cgroupFd)) + // to reopen cgroupRootHandle and retry openat2. + fdPath, closer := utils.ProcThreadSelf("fd/" + strconv.Itoa(int(cgroupRootHandle.Fd()))) defer closer() fdDest, _ := os.Readlink(fdPath) if fdDest != cgroupfsDir { - // Wrap the error so it is clear that cgroupFd + // Wrap the error so it is clear that cgroupRootHandle // is opened to an unexpected/wrong directory. - err = fmt.Errorf("cgroupFd %d unexpectedly opened to %s != %s: %w", - cgroupFd, fdDest, cgroupfsDir, err) + err = fmt.Errorf("cgroupRootHandle %d unexpectedly opened to %s != %s: %w", + cgroupRootHandle.Fd(), fdDest, cgroupfsDir, err) } return nil, err } From ee73091a8d28692fa4868bac81aa40a0b05f9780 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Thu, 28 Dec 2023 00:42:23 +1100 Subject: [PATCH 0494/1176] libcontainer: mark all non-stdio fds O_CLOEXEC before spawning init Given the core issue in GHSA-xr7r-f8xq-vfvv was that we were unknowingly leaking file descriptors to "runc init", it seems prudent to make sure we proactively prevent this in the future. The solution is to simply mark all non-stdio file descriptors as O_CLOEXEC before we spawn "runc init". For libcontainer library users, this could result in unrelated files being marked as O_CLOEXEC -- however (for the same reason we are doing this for runc), for security reasons those files should've been marked as O_CLOEXEC anyway. Fixes: GHSA-xr7r-f8xq-vfvv CVE-2024-21626 Signed-off-by: Aleksa Sarai --- libcontainer/container_linux.go | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index 5fdafdbca80..b3075fd34df 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -332,6 +332,15 @@ func (c *Container) start(process *Process) (retErr error) { }() } + // Before starting "runc init", mark all non-stdio open files as O_CLOEXEC + // to make sure we don't leak any files into "runc init". Any files to be + // passed to "runc init" through ExtraFiles will get dup2'd by the Go + // runtime and thus their O_CLOEXEC flag will be cleared. This is some + // additional protection against attacks like CVE-2024-21626, by making + // sure we never leak files to "runc init" we didn't intend to. + if err := utils.CloseExecFrom(3); err != nil { + return fmt.Errorf("unable to mark non-stdio fds as cloexec: %w", err) + } if err := parent.start(); err != nil { return fmt.Errorf("unable to start container process: %w", err) } From d8edada9f252873b88043279a71099db71941dea Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Sat, 20 Jan 2024 16:56:38 +1100 Subject: [PATCH 0495/1176] init: don't special-case logrus fds We close the logfd before execve so there's no need to special case it. In addition, it turns out that (*os.File).Fd() doesn't handle the case where the file was closed and so it seems suspect to use that kind of check. Signed-off-by: Aleksa Sarai --- libcontainer/logs/logs.go | 9 --------- libcontainer/utils/utils_unix.go | 8 -------- 2 files changed, 17 deletions(-) diff --git a/libcontainer/logs/logs.go b/libcontainer/logs/logs.go index 349a18ed383..95deb0d6ca7 100644 --- a/libcontainer/logs/logs.go +++ b/libcontainer/logs/logs.go @@ -4,19 +4,10 @@ import ( "bufio" "encoding/json" "io" - "os" "github.com/sirupsen/logrus" ) -// IsLogrusFd returns whether the provided fd matches the one that logrus is -// currently outputting to. This should only ever be called by UnsafeCloseFrom -// from `runc init`. -func IsLogrusFd(fd uintptr) bool { - file, ok := logrus.StandardLogger().Out.(*os.File) - return ok && file.Fd() == fd -} - func ForwardLogs(logPipe io.ReadCloser) chan error { done := make(chan error, 1) s := bufio.NewScanner(logPipe) diff --git a/libcontainer/utils/utils_unix.go b/libcontainer/utils/utils_unix.go index c90c2b60545..fdaae3e08bb 100644 --- a/libcontainer/utils/utils_unix.go +++ b/libcontainer/utils/utils_unix.go @@ -16,8 +16,6 @@ import ( securejoin "github.com/cyphar/filepath-securejoin" "github.com/sirupsen/logrus" "golang.org/x/sys/unix" - - "github.com/opencontainers/runc/libcontainer/logs" ) // EnsureProcHandle returns whether or not the given file handle is on procfs. @@ -142,12 +140,6 @@ func UnsafeCloseFrom(minFd int) error { // don't have any choice. return } - if logs.IsLogrusFd(uintptr(fd)) { - // Do not close the logrus output fd. We cannot exec a pipe, and - // the contents are quite limited (very little attacker control, - // JSON-encoded) making shellcode attacks unlikely. - return - } // There's nothing we can do about errors from close(2), and the // only likely error to be seen is EBADF which indicates the fd was // already closed (in which case, we got what we wanted). From 35aa63ea874f249d9c1b84250aa3f5aef960b3e7 Mon Sep 17 00:00:00 2001 From: lifubang Date: Sun, 14 Jan 2024 12:54:32 +0800 Subject: [PATCH 0496/1176] never send procError after the socket closed Signed-off-by: lifubang --- libcontainer/init_linux.go | 6 +++++- libcontainer/sync_unix.go | 10 +++++++++- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go index 0117ace5990..85be7cc4122 100644 --- a/libcontainer/init_linux.go +++ b/libcontainer/init_linux.go @@ -107,7 +107,11 @@ func startInitialization() (retErr error) { defer func() { // If this defer is ever called, this means initialization has failed. - // Send the error back to the parent process in the form of an initError. + // Send the error back to the parent process in the form of an initError + // if the sync socket has not been closed. + if syncPipe.isClosed() { + return + } ierr := initError{Message: retErr.Error()} if err := writeSyncArg(syncPipe, procError, ierr); err != nil { fmt.Fprintln(os.Stderr, err) diff --git a/libcontainer/sync_unix.go b/libcontainer/sync_unix.go index f94486cb300..c5d8f55ec95 100644 --- a/libcontainer/sync_unix.go +++ b/libcontainer/sync_unix.go @@ -4,6 +4,7 @@ import ( "fmt" "io" "os" + "sync/atomic" "golang.org/x/sys/unix" ) @@ -14,7 +15,8 @@ import ( // which ends up making things like json.Decoder hang forever if the packet is // bigger than the internal read buffer. type syncSocket struct { - f *os.File + f *os.File + closed atomic.Bool } func newSyncSocket(f *os.File) *syncSocket { @@ -26,9 +28,15 @@ func (s *syncSocket) File() *os.File { } func (s *syncSocket) Close() error { + // Even with errors from Close(), we have to assume the pipe was closed. + s.closed.Store(true) return s.f.Close() } +func (s *syncSocket) isClosed() bool { + return s.closed.Load() +} + func (s *syncSocket) WritePacket(b []byte) (int, error) { return s.f.Write(b) } From 0bc4732c07bae471cb5e7bf17b2ef9cb2426e13e Mon Sep 17 00:00:00 2001 From: lfbzhm Date: Thu, 18 Jan 2024 15:31:57 +0000 Subject: [PATCH 0497/1176] test for execve error without runc-dmz Signed-off-by: lfbzhm --- tests/integration/exec.bats | 18 ++++++++++++++++++ tests/integration/run.bats | 16 ++++++++++++++++ 2 files changed, 34 insertions(+) diff --git a/tests/integration/exec.bats b/tests/integration/exec.bats index 069214cc956..78f922d04b4 100644 --- a/tests/integration/exec.bats +++ b/tests/integration/exec.bats @@ -322,3 +322,21 @@ function check_exec_debug() { runc exec --cgroup second test_busybox grep -w second /proc/self/cgroup [ "$status" -eq 0 ] } + +@test "RUNC_DMZ=legacy runc exec [execve error]" { + cat <rootfs/run.sh +#!/mmnnttbb foo bar +sh +EOF + chmod +x rootfs/run.sh + RUNC_DMZ=legacy runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox + RUNC_DMZ=legacy runc exec -t test_busybox /run.sh + [ "$status" -ne 0 ] + + # After the sync socket closed, we should not send error to parent + # process, or else we will get a unnecessary error log(#4171). + # Although we never close the sync socket when doing exec, + # but we need to keep this test to ensure this behavior is always right. + [ ${#lines[@]} -eq 1 ] + [[ ${lines[0]} = *"exec failed: unable to start container process: exec /run.sh: no such file or directory"* ]] +} diff --git a/tests/integration/run.bats b/tests/integration/run.bats index bf23d22a103..82c58027780 100644 --- a/tests/integration/run.bats +++ b/tests/integration/run.bats @@ -247,3 +247,19 @@ EOF [ "$status" -ne 0 ] [[ "$output" = *"exec /run.sh: "* ]] } + +@test "RUNC_DMZ=legacy runc run [execve error]" { + cat <rootfs/run.sh +#!/mmnnttbb foo bar +sh +EOF + chmod +x rootfs/run.sh + update_config '.process.args = [ "/run.sh" ]' + RUNC_DMZ=legacy runc run test_hello + [ "$status" -ne 0 ] + + # After the sync socket closed, we should not send error to parent + # process, or else we will get a unnecessary error log(#4171). + [ ${#lines[@]} -eq 1 ] + [[ ${lines[0]} = "exec /run.sh: no such file or directory" ]] +} From d0750587170eff849d5f26f55a6409b33ac2fe9a Mon Sep 17 00:00:00 2001 From: lifubang Date: Tue, 6 Feb 2024 16:33:41 +0800 Subject: [PATCH 0498/1176] close the sync pipe explicitly in exec Signed-off-by: lifubang --- libcontainer/setns_init_linux.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libcontainer/setns_init_linux.go b/libcontainer/setns_init_linux.go index 4a458fcbeba..ba48604d988 100644 --- a/libcontainer/setns_init_linux.go +++ b/libcontainer/setns_init_linux.go @@ -129,6 +129,11 @@ func (l *linuxSetnsInit) Init() error { } } + // Close the pipe to signal that we have completed our init. + // Please keep this because we don't want to get a pipe write error if + // there is an error from `execve` after all fds closed. + _ = l.pipe.Close() + // Close the log pipe fd so the parent's ForwardLogs can exit. logrus.Debugf("setns_init: about to exec") if err := l.logPipe.Close(); err != nil { From bc4a869d5a320f3fdb859e1f0fa88052873f1d17 Mon Sep 17 00:00:00 2001 From: lifubang Date: Tue, 6 Feb 2024 16:37:43 +0800 Subject: [PATCH 0499/1176] test: no execve error msg synced to parent process Signed-off-by: lifubang --- tests/integration/exec.bats | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/integration/exec.bats b/tests/integration/exec.bats index 78f922d04b4..2809070486e 100644 --- a/tests/integration/exec.bats +++ b/tests/integration/exec.bats @@ -338,5 +338,5 @@ EOF # Although we never close the sync socket when doing exec, # but we need to keep this test to ensure this behavior is always right. [ ${#lines[@]} -eq 1 ] - [[ ${lines[0]} = *"exec failed: unable to start container process: exec /run.sh: no such file or directory"* ]] + [[ ${lines[0]} = *"exec /run.sh: no such file or directory"* ]] } From a596a0551082ad2b5792a97a8b259a9a68091f84 Mon Sep 17 00:00:00 2001 From: lfbzhm Date: Thu, 8 Feb 2024 04:52:17 +0000 Subject: [PATCH 0500/1176] update go version to 1.21 in cirrus ci Signed-off-by: lfbzhm --- .cirrus.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.cirrus.yml b/.cirrus.yml index d23d36c7052..a3fb3218e53 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -77,7 +77,7 @@ task: env: HOME: /root CIRRUS_WORKING_DIR: /home/runc - GO_VERSION: "1.20" + GO_VERSION: "1.21" BATS_VERSION: "v1.9.0" RPMS: gcc git iptables jq glibc-static libseccomp-devel make criu fuse-sshfs container-selinux # yamllint disable rule:key-duplicates From 174940a7eb3a7aa6abfc6314360449b365989d97 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 8 Feb 2024 22:29:27 +0000 Subject: [PATCH 0501/1176] build(deps): bump golang.org/x/sys from 0.16.0 to 0.17.0 Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.16.0 to 0.17.0. - [Commits](https://github.com/golang/sys/compare/v0.16.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 +- vendor/golang.org/x/sys/unix/mkerrors.sh | 2 +- vendor/golang.org/x/sys/unix/zerrors_linux.go | 36 ++++- .../x/sys/unix/zerrors_linux_386.go | 3 + .../x/sys/unix/zerrors_linux_amd64.go | 3 + .../x/sys/unix/zerrors_linux_arm.go | 3 + .../x/sys/unix/zerrors_linux_arm64.go | 3 + .../x/sys/unix/zerrors_linux_loong64.go | 3 + .../x/sys/unix/zerrors_linux_mips.go | 3 + .../x/sys/unix/zerrors_linux_mips64.go | 3 + .../x/sys/unix/zerrors_linux_mips64le.go | 3 + .../x/sys/unix/zerrors_linux_mipsle.go | 3 + .../x/sys/unix/zerrors_linux_ppc.go | 3 + .../x/sys/unix/zerrors_linux_ppc64.go | 3 + .../x/sys/unix/zerrors_linux_ppc64le.go | 3 + .../x/sys/unix/zerrors_linux_riscv64.go | 3 + .../x/sys/unix/zerrors_linux_s390x.go | 3 + .../x/sys/unix/zerrors_linux_sparc64.go | 3 + .../x/sys/unix/zsysnum_linux_386.go | 4 + .../x/sys/unix/zsysnum_linux_amd64.go | 3 + .../x/sys/unix/zsysnum_linux_arm.go | 4 + .../x/sys/unix/zsysnum_linux_arm64.go | 4 + .../x/sys/unix/zsysnum_linux_loong64.go | 4 + .../x/sys/unix/zsysnum_linux_mips.go | 4 + .../x/sys/unix/zsysnum_linux_mips64.go | 4 + .../x/sys/unix/zsysnum_linux_mips64le.go | 4 + .../x/sys/unix/zsysnum_linux_mipsle.go | 4 + .../x/sys/unix/zsysnum_linux_ppc.go | 4 + .../x/sys/unix/zsysnum_linux_ppc64.go | 4 + .../x/sys/unix/zsysnum_linux_ppc64le.go | 4 + .../x/sys/unix/zsysnum_linux_riscv64.go | 4 + .../x/sys/unix/zsysnum_linux_s390x.go | 4 + .../x/sys/unix/zsysnum_linux_sparc64.go | 4 + vendor/golang.org/x/sys/unix/ztypes_linux.go | 125 +++++++++--------- .../golang.org/x/sys/windows/env_windows.go | 17 ++- .../x/sys/windows/syscall_windows.go | 3 +- vendor/modules.txt | 2 +- 38 files changed, 220 insertions(+), 75 deletions(-) diff --git a/go.mod b/go.mod index 8997861d491..ebad68d6774 100644 --- a/go.mod +++ b/go.mod @@ -21,7 +21,7 @@ require ( github.com/urfave/cli v1.22.12 github.com/vishvananda/netlink v1.1.0 golang.org/x/net v0.20.0 - golang.org/x/sys v0.16.0 + golang.org/x/sys v0.17.0 google.golang.org/protobuf v1.32.0 ) diff --git a/go.sum b/go.sum index a29c7da7bc7..79ba2212fda 100644 --- a/go.sum +++ b/go.sum @@ -71,8 +71,8 @@ golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU= -golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y= +golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= diff --git a/vendor/golang.org/x/sys/unix/mkerrors.sh b/vendor/golang.org/x/sys/unix/mkerrors.sh index c6492020ec7..fdcaa974d23 100644 --- a/vendor/golang.org/x/sys/unix/mkerrors.sh +++ b/vendor/golang.org/x/sys/unix/mkerrors.sh @@ -584,7 +584,7 @@ ccflags="$@" $2 ~ /^KEY_(SPEC|REQKEY_DEFL)_/ || $2 ~ /^KEYCTL_/ || $2 ~ /^PERF_/ || - $2 ~ /^SECCOMP_MODE_/ || + $2 ~ /^SECCOMP_/ || $2 ~ /^SEEK_/ || $2 ~ /^SCHED_/ || $2 ~ /^SPLICE_/ || diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux.go b/vendor/golang.org/x/sys/unix/zerrors_linux.go index a5d3ff8df95..36bf8399f4f 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux.go @@ -1785,6 +1785,8 @@ const ( LANDLOCK_ACCESS_FS_REMOVE_FILE = 0x20 LANDLOCK_ACCESS_FS_TRUNCATE = 0x4000 LANDLOCK_ACCESS_FS_WRITE_FILE = 0x2 + LANDLOCK_ACCESS_NET_BIND_TCP = 0x1 + LANDLOCK_ACCESS_NET_CONNECT_TCP = 0x2 LANDLOCK_CREATE_RULESET_VERSION = 0x1 LINUX_REBOOT_CMD_CAD_OFF = 0x0 LINUX_REBOOT_CMD_CAD_ON = 0x89abcdef @@ -2465,6 +2467,7 @@ const ( PR_MCE_KILL_GET = 0x22 PR_MCE_KILL_LATE = 0x0 PR_MCE_KILL_SET = 0x1 + PR_MDWE_NO_INHERIT = 0x2 PR_MDWE_REFUSE_EXEC_GAIN = 0x1 PR_MPX_DISABLE_MANAGEMENT = 0x2c PR_MPX_ENABLE_MANAGEMENT = 0x2b @@ -2669,8 +2672,9 @@ const ( RTAX_FEATURES = 0xc RTAX_FEATURE_ALLFRAG = 0x8 RTAX_FEATURE_ECN = 0x1 - RTAX_FEATURE_MASK = 0xf + RTAX_FEATURE_MASK = 0x1f RTAX_FEATURE_SACK = 0x2 + RTAX_FEATURE_TCP_USEC_TS = 0x10 RTAX_FEATURE_TIMESTAMP = 0x4 RTAX_HOPLIMIT = 0xa RTAX_INITCWND = 0xb @@ -2913,9 +2917,38 @@ const ( SCM_RIGHTS = 0x1 SCM_TIMESTAMP = 0x1d SC_LOG_FLUSH = 0x100000 + SECCOMP_ADDFD_FLAG_SEND = 0x2 + SECCOMP_ADDFD_FLAG_SETFD = 0x1 + SECCOMP_FILTER_FLAG_LOG = 0x2 + SECCOMP_FILTER_FLAG_NEW_LISTENER = 0x8 + SECCOMP_FILTER_FLAG_SPEC_ALLOW = 0x4 + SECCOMP_FILTER_FLAG_TSYNC = 0x1 + SECCOMP_FILTER_FLAG_TSYNC_ESRCH = 0x10 + SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV = 0x20 + SECCOMP_GET_ACTION_AVAIL = 0x2 + SECCOMP_GET_NOTIF_SIZES = 0x3 + SECCOMP_IOCTL_NOTIF_RECV = 0xc0502100 + SECCOMP_IOCTL_NOTIF_SEND = 0xc0182101 + SECCOMP_IOC_MAGIC = '!' SECCOMP_MODE_DISABLED = 0x0 SECCOMP_MODE_FILTER = 0x2 SECCOMP_MODE_STRICT = 0x1 + SECCOMP_RET_ACTION = 0x7fff0000 + SECCOMP_RET_ACTION_FULL = 0xffff0000 + SECCOMP_RET_ALLOW = 0x7fff0000 + SECCOMP_RET_DATA = 0xffff + SECCOMP_RET_ERRNO = 0x50000 + SECCOMP_RET_KILL = 0x0 + SECCOMP_RET_KILL_PROCESS = 0x80000000 + SECCOMP_RET_KILL_THREAD = 0x0 + SECCOMP_RET_LOG = 0x7ffc0000 + SECCOMP_RET_TRACE = 0x7ff00000 + SECCOMP_RET_TRAP = 0x30000 + SECCOMP_RET_USER_NOTIF = 0x7fc00000 + SECCOMP_SET_MODE_FILTER = 0x1 + SECCOMP_SET_MODE_STRICT = 0x0 + SECCOMP_USER_NOTIF_FD_SYNC_WAKE_UP = 0x1 + SECCOMP_USER_NOTIF_FLAG_CONTINUE = 0x1 SECRETMEM_MAGIC = 0x5345434d SECURITYFS_MAGIC = 0x73636673 SEEK_CUR = 0x1 @@ -3075,6 +3108,7 @@ const ( SOL_TIPC = 0x10f SOL_TLS = 0x11a SOL_UDP = 0x11 + SOL_VSOCK = 0x11f SOL_X25 = 0x106 SOL_XDP = 0x11b SOMAXCONN = 0x1000 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go index 4920821cf3b..42ff8c3c1b0 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go @@ -281,6 +281,9 @@ const ( SCM_TIMESTAMPNS = 0x23 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 + SECCOMP_IOCTL_NOTIF_ADDFD = 0x40182103 + SECCOMP_IOCTL_NOTIF_ID_VALID = 0x40082102 + SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x40082104 SFD_CLOEXEC = 0x80000 SFD_NONBLOCK = 0x800 SIOCATMARK = 0x8905 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go index a0c1e411275..dca436004fa 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go @@ -282,6 +282,9 @@ const ( SCM_TIMESTAMPNS = 0x23 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 + SECCOMP_IOCTL_NOTIF_ADDFD = 0x40182103 + SECCOMP_IOCTL_NOTIF_ID_VALID = 0x40082102 + SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x40082104 SFD_CLOEXEC = 0x80000 SFD_NONBLOCK = 0x800 SIOCATMARK = 0x8905 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go index c63985560f6..5cca668ac30 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go @@ -288,6 +288,9 @@ const ( SCM_TIMESTAMPNS = 0x23 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 + SECCOMP_IOCTL_NOTIF_ADDFD = 0x40182103 + SECCOMP_IOCTL_NOTIF_ID_VALID = 0x40082102 + SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x40082104 SFD_CLOEXEC = 0x80000 SFD_NONBLOCK = 0x800 SIOCATMARK = 0x8905 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go index 47cc62e25c1..d8cae6d1534 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go @@ -278,6 +278,9 @@ const ( SCM_TIMESTAMPNS = 0x23 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 + SECCOMP_IOCTL_NOTIF_ADDFD = 0x40182103 + SECCOMP_IOCTL_NOTIF_ID_VALID = 0x40082102 + SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x40082104 SFD_CLOEXEC = 0x80000 SFD_NONBLOCK = 0x800 SIOCATMARK = 0x8905 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go index 27ac4a09e22..28e39afdcb4 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go @@ -275,6 +275,9 @@ const ( SCM_TIMESTAMPNS = 0x23 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 + SECCOMP_IOCTL_NOTIF_ADDFD = 0x40182103 + SECCOMP_IOCTL_NOTIF_ID_VALID = 0x40082102 + SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x40082104 SFD_CLOEXEC = 0x80000 SFD_NONBLOCK = 0x800 SIOCATMARK = 0x8905 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go index 54694642a5d..cd66e92cb42 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go @@ -281,6 +281,9 @@ const ( SCM_TIMESTAMPNS = 0x23 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 + SECCOMP_IOCTL_NOTIF_ADDFD = 0x80182103 + SECCOMP_IOCTL_NOTIF_ID_VALID = 0x80082102 + SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x80082104 SFD_CLOEXEC = 0x80000 SFD_NONBLOCK = 0x80 SIOCATMARK = 0x40047307 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go index 3adb81d7582..c1595eba78e 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go @@ -281,6 +281,9 @@ const ( SCM_TIMESTAMPNS = 0x23 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 + SECCOMP_IOCTL_NOTIF_ADDFD = 0x80182103 + SECCOMP_IOCTL_NOTIF_ID_VALID = 0x80082102 + SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x80082104 SFD_CLOEXEC = 0x80000 SFD_NONBLOCK = 0x80 SIOCATMARK = 0x40047307 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go index 2dfe98f0d1b..ee9456b0da7 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go @@ -281,6 +281,9 @@ const ( SCM_TIMESTAMPNS = 0x23 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 + SECCOMP_IOCTL_NOTIF_ADDFD = 0x80182103 + SECCOMP_IOCTL_NOTIF_ID_VALID = 0x80082102 + SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x80082104 SFD_CLOEXEC = 0x80000 SFD_NONBLOCK = 0x80 SIOCATMARK = 0x40047307 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go index f5398f84f04..8cfca81e1b5 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go @@ -281,6 +281,9 @@ const ( SCM_TIMESTAMPNS = 0x23 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 + SECCOMP_IOCTL_NOTIF_ADDFD = 0x80182103 + SECCOMP_IOCTL_NOTIF_ID_VALID = 0x80082102 + SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x80082104 SFD_CLOEXEC = 0x80000 SFD_NONBLOCK = 0x80 SIOCATMARK = 0x40047307 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go index c54f152d68f..60b0deb3af7 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go @@ -336,6 +336,9 @@ const ( SCM_TIMESTAMPNS = 0x23 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 + SECCOMP_IOCTL_NOTIF_ADDFD = 0x80182103 + SECCOMP_IOCTL_NOTIF_ID_VALID = 0x80082102 + SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x80082104 SFD_CLOEXEC = 0x80000 SFD_NONBLOCK = 0x800 SIOCATMARK = 0x8905 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go index 76057dc72fb..f90aa7281bf 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go @@ -340,6 +340,9 @@ const ( SCM_TIMESTAMPNS = 0x23 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 + SECCOMP_IOCTL_NOTIF_ADDFD = 0x80182103 + SECCOMP_IOCTL_NOTIF_ID_VALID = 0x80082102 + SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x80082104 SFD_CLOEXEC = 0x80000 SFD_NONBLOCK = 0x800 SIOCATMARK = 0x8905 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go index e0c3725e2b8..ba9e0150338 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go @@ -340,6 +340,9 @@ const ( SCM_TIMESTAMPNS = 0x23 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 + SECCOMP_IOCTL_NOTIF_ADDFD = 0x80182103 + SECCOMP_IOCTL_NOTIF_ID_VALID = 0x80082102 + SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x80082104 SFD_CLOEXEC = 0x80000 SFD_NONBLOCK = 0x800 SIOCATMARK = 0x8905 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go index 18f2813ed54..07cdfd6e9fd 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go @@ -272,6 +272,9 @@ const ( SCM_TIMESTAMPNS = 0x23 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 + SECCOMP_IOCTL_NOTIF_ADDFD = 0x40182103 + SECCOMP_IOCTL_NOTIF_ID_VALID = 0x40082102 + SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x40082104 SFD_CLOEXEC = 0x80000 SFD_NONBLOCK = 0x800 SIOCATMARK = 0x8905 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go index 11619d4ec88..2f1dd214a74 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go @@ -344,6 +344,9 @@ const ( SCM_TIMESTAMPNS = 0x23 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 + SECCOMP_IOCTL_NOTIF_ADDFD = 0x40182103 + SECCOMP_IOCTL_NOTIF_ID_VALID = 0x40082102 + SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x40082104 SFD_CLOEXEC = 0x80000 SFD_NONBLOCK = 0x800 SIOCATMARK = 0x8905 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go index 396d994da79..f40519d9018 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go @@ -335,6 +335,9 @@ const ( SCM_TIMESTAMPNS = 0x21 SCM_TXTIME = 0x3f SCM_WIFI_STATUS = 0x25 + SECCOMP_IOCTL_NOTIF_ADDFD = 0x80182103 + SECCOMP_IOCTL_NOTIF_ID_VALID = 0x80082102 + SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x80082104 SFD_CLOEXEC = 0x400000 SFD_NONBLOCK = 0x4000 SF_FP = 0x38 diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go index fcf3ecbddee..0cc3ce496e2 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go @@ -448,4 +448,8 @@ const ( SYS_SET_MEMPOLICY_HOME_NODE = 450 SYS_CACHESTAT = 451 SYS_FCHMODAT2 = 452 + SYS_MAP_SHADOW_STACK = 453 + SYS_FUTEX_WAKE = 454 + SYS_FUTEX_WAIT = 455 + SYS_FUTEX_REQUEUE = 456 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go index f56dc2504ae..856d92d69ef 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go @@ -371,4 +371,7 @@ const ( SYS_CACHESTAT = 451 SYS_FCHMODAT2 = 452 SYS_MAP_SHADOW_STACK = 453 + SYS_FUTEX_WAKE = 454 + SYS_FUTEX_WAIT = 455 + SYS_FUTEX_REQUEUE = 456 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go index 974bf246767..8d467094cf5 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go @@ -412,4 +412,8 @@ const ( SYS_SET_MEMPOLICY_HOME_NODE = 450 SYS_CACHESTAT = 451 SYS_FCHMODAT2 = 452 + SYS_MAP_SHADOW_STACK = 453 + SYS_FUTEX_WAKE = 454 + SYS_FUTEX_WAIT = 455 + SYS_FUTEX_REQUEUE = 456 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go index 39a2739e231..edc173244d0 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go @@ -315,4 +315,8 @@ const ( SYS_SET_MEMPOLICY_HOME_NODE = 450 SYS_CACHESTAT = 451 SYS_FCHMODAT2 = 452 + SYS_MAP_SHADOW_STACK = 453 + SYS_FUTEX_WAKE = 454 + SYS_FUTEX_WAIT = 455 + SYS_FUTEX_REQUEUE = 456 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go index cf9c9d77e10..445eba20615 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go @@ -309,4 +309,8 @@ const ( SYS_SET_MEMPOLICY_HOME_NODE = 450 SYS_CACHESTAT = 451 SYS_FCHMODAT2 = 452 + SYS_MAP_SHADOW_STACK = 453 + SYS_FUTEX_WAKE = 454 + SYS_FUTEX_WAIT = 455 + SYS_FUTEX_REQUEUE = 456 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go index 10b7362ef44..adba01bca70 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go @@ -432,4 +432,8 @@ const ( SYS_SET_MEMPOLICY_HOME_NODE = 4450 SYS_CACHESTAT = 4451 SYS_FCHMODAT2 = 4452 + SYS_MAP_SHADOW_STACK = 4453 + SYS_FUTEX_WAKE = 4454 + SYS_FUTEX_WAIT = 4455 + SYS_FUTEX_REQUEUE = 4456 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go index cd4d8b4fd35..014c4e9c7a7 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go @@ -362,4 +362,8 @@ const ( SYS_SET_MEMPOLICY_HOME_NODE = 5450 SYS_CACHESTAT = 5451 SYS_FCHMODAT2 = 5452 + SYS_MAP_SHADOW_STACK = 5453 + SYS_FUTEX_WAKE = 5454 + SYS_FUTEX_WAIT = 5455 + SYS_FUTEX_REQUEUE = 5456 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go index 2c0efca818b..ccc97d74d05 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go @@ -362,4 +362,8 @@ const ( SYS_SET_MEMPOLICY_HOME_NODE = 5450 SYS_CACHESTAT = 5451 SYS_FCHMODAT2 = 5452 + SYS_MAP_SHADOW_STACK = 5453 + SYS_FUTEX_WAKE = 5454 + SYS_FUTEX_WAIT = 5455 + SYS_FUTEX_REQUEUE = 5456 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go index a72e31d391d..ec2b64a95d7 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go @@ -432,4 +432,8 @@ const ( SYS_SET_MEMPOLICY_HOME_NODE = 4450 SYS_CACHESTAT = 4451 SYS_FCHMODAT2 = 4452 + SYS_MAP_SHADOW_STACK = 4453 + SYS_FUTEX_WAKE = 4454 + SYS_FUTEX_WAIT = 4455 + SYS_FUTEX_REQUEUE = 4456 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go index c7d1e374713..21a839e338b 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go @@ -439,4 +439,8 @@ const ( SYS_SET_MEMPOLICY_HOME_NODE = 450 SYS_CACHESTAT = 451 SYS_FCHMODAT2 = 452 + SYS_MAP_SHADOW_STACK = 453 + SYS_FUTEX_WAKE = 454 + SYS_FUTEX_WAIT = 455 + SYS_FUTEX_REQUEUE = 456 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go index f4d4838c870..c11121ec3b4 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go @@ -411,4 +411,8 @@ const ( SYS_SET_MEMPOLICY_HOME_NODE = 450 SYS_CACHESTAT = 451 SYS_FCHMODAT2 = 452 + SYS_MAP_SHADOW_STACK = 453 + SYS_FUTEX_WAKE = 454 + SYS_FUTEX_WAIT = 455 + SYS_FUTEX_REQUEUE = 456 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go index b64f0e59114..909b631fcb4 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go @@ -411,4 +411,8 @@ const ( SYS_SET_MEMPOLICY_HOME_NODE = 450 SYS_CACHESTAT = 451 SYS_FCHMODAT2 = 452 + SYS_MAP_SHADOW_STACK = 453 + SYS_FUTEX_WAKE = 454 + SYS_FUTEX_WAIT = 455 + SYS_FUTEX_REQUEUE = 456 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go index 95711195a06..e49bed16ea6 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go @@ -316,4 +316,8 @@ const ( SYS_SET_MEMPOLICY_HOME_NODE = 450 SYS_CACHESTAT = 451 SYS_FCHMODAT2 = 452 + SYS_MAP_SHADOW_STACK = 453 + SYS_FUTEX_WAKE = 454 + SYS_FUTEX_WAIT = 455 + SYS_FUTEX_REQUEUE = 456 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go index f94e943bc4f..66017d2d32b 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go @@ -377,4 +377,8 @@ const ( SYS_SET_MEMPOLICY_HOME_NODE = 450 SYS_CACHESTAT = 451 SYS_FCHMODAT2 = 452 + SYS_MAP_SHADOW_STACK = 453 + SYS_FUTEX_WAKE = 454 + SYS_FUTEX_WAIT = 455 + SYS_FUTEX_REQUEUE = 456 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go index ba0c2bc5154..47bab18dced 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go @@ -390,4 +390,8 @@ const ( SYS_SET_MEMPOLICY_HOME_NODE = 450 SYS_CACHESTAT = 451 SYS_FCHMODAT2 = 452 + SYS_MAP_SHADOW_STACK = 453 + SYS_FUTEX_WAKE = 454 + SYS_FUTEX_WAIT = 455 + SYS_FUTEX_REQUEUE = 456 ) diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux.go b/vendor/golang.org/x/sys/unix/ztypes_linux.go index bbf8399ff58..dc0c955eecd 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux.go @@ -174,7 +174,8 @@ type FscryptPolicyV2 struct { Contents_encryption_mode uint8 Filenames_encryption_mode uint8 Flags uint8 - _ [4]uint8 + Log2_data_unit_size uint8 + _ [3]uint8 Master_key_identifier [16]uint8 } @@ -455,60 +456,63 @@ type Ucred struct { } type TCPInfo struct { - State uint8 - Ca_state uint8 - Retransmits uint8 - Probes uint8 - Backoff uint8 - Options uint8 - Rto uint32 - Ato uint32 - Snd_mss uint32 - Rcv_mss uint32 - Unacked uint32 - Sacked uint32 - Lost uint32 - Retrans uint32 - Fackets uint32 - Last_data_sent uint32 - Last_ack_sent uint32 - Last_data_recv uint32 - Last_ack_recv uint32 - Pmtu uint32 - Rcv_ssthresh uint32 - Rtt uint32 - Rttvar uint32 - Snd_ssthresh uint32 - Snd_cwnd uint32 - Advmss uint32 - Reordering uint32 - Rcv_rtt uint32 - Rcv_space uint32 - Total_retrans uint32 - Pacing_rate uint64 - Max_pacing_rate uint64 - Bytes_acked uint64 - Bytes_received uint64 - Segs_out uint32 - Segs_in uint32 - Notsent_bytes uint32 - Min_rtt uint32 - Data_segs_in uint32 - Data_segs_out uint32 - Delivery_rate uint64 - Busy_time uint64 - Rwnd_limited uint64 - Sndbuf_limited uint64 - Delivered uint32 - Delivered_ce uint32 - Bytes_sent uint64 - Bytes_retrans uint64 - Dsack_dups uint32 - Reord_seen uint32 - Rcv_ooopack uint32 - Snd_wnd uint32 - Rcv_wnd uint32 - Rehash uint32 + State uint8 + Ca_state uint8 + Retransmits uint8 + Probes uint8 + Backoff uint8 + Options uint8 + Rto uint32 + Ato uint32 + Snd_mss uint32 + Rcv_mss uint32 + Unacked uint32 + Sacked uint32 + Lost uint32 + Retrans uint32 + Fackets uint32 + Last_data_sent uint32 + Last_ack_sent uint32 + Last_data_recv uint32 + Last_ack_recv uint32 + Pmtu uint32 + Rcv_ssthresh uint32 + Rtt uint32 + Rttvar uint32 + Snd_ssthresh uint32 + Snd_cwnd uint32 + Advmss uint32 + Reordering uint32 + Rcv_rtt uint32 + Rcv_space uint32 + Total_retrans uint32 + Pacing_rate uint64 + Max_pacing_rate uint64 + Bytes_acked uint64 + Bytes_received uint64 + Segs_out uint32 + Segs_in uint32 + Notsent_bytes uint32 + Min_rtt uint32 + Data_segs_in uint32 + Data_segs_out uint32 + Delivery_rate uint64 + Busy_time uint64 + Rwnd_limited uint64 + Sndbuf_limited uint64 + Delivered uint32 + Delivered_ce uint32 + Bytes_sent uint64 + Bytes_retrans uint64 + Dsack_dups uint32 + Reord_seen uint32 + Rcv_ooopack uint32 + Snd_wnd uint32 + Rcv_wnd uint32 + Rehash uint32 + Total_rto uint16 + Total_rto_recoveries uint16 + Total_rto_time uint32 } type CanFilter struct { @@ -551,7 +555,7 @@ const ( SizeofIPv6MTUInfo = 0x20 SizeofICMPv6Filter = 0x20 SizeofUcred = 0xc - SizeofTCPInfo = 0xf0 + SizeofTCPInfo = 0xf8 SizeofCanFilter = 0x8 SizeofTCPRepairOpt = 0x8 ) @@ -3399,7 +3403,7 @@ const ( DEVLINK_PORT_FN_ATTR_STATE = 0x2 DEVLINK_PORT_FN_ATTR_OPSTATE = 0x3 DEVLINK_PORT_FN_ATTR_CAPS = 0x4 - DEVLINK_PORT_FUNCTION_ATTR_MAX = 0x4 + DEVLINK_PORT_FUNCTION_ATTR_MAX = 0x5 ) type FsverityDigest struct { @@ -4183,7 +4187,8 @@ const ( ) type LandlockRulesetAttr struct { - Access_fs uint64 + Access_fs uint64 + Access_net uint64 } type LandlockPathBeneathAttr struct { @@ -5134,7 +5139,7 @@ const ( NL80211_FREQUENCY_ATTR_GO_CONCURRENT = 0xf NL80211_FREQUENCY_ATTR_INDOOR_ONLY = 0xe NL80211_FREQUENCY_ATTR_IR_CONCURRENT = 0xf - NL80211_FREQUENCY_ATTR_MAX = 0x1b + NL80211_FREQUENCY_ATTR_MAX = 0x1c NL80211_FREQUENCY_ATTR_MAX_TX_POWER = 0x6 NL80211_FREQUENCY_ATTR_NO_10MHZ = 0x11 NL80211_FREQUENCY_ATTR_NO_160MHZ = 0xc @@ -5547,7 +5552,7 @@ const ( NL80211_REGDOM_TYPE_CUSTOM_WORLD = 0x2 NL80211_REGDOM_TYPE_INTERSECTION = 0x3 NL80211_REGDOM_TYPE_WORLD = 0x1 - NL80211_REG_RULE_ATTR_MAX = 0x7 + NL80211_REG_RULE_ATTR_MAX = 0x8 NL80211_REKEY_DATA_AKM = 0x4 NL80211_REKEY_DATA_KCK = 0x2 NL80211_REKEY_DATA_KEK = 0x1 diff --git a/vendor/golang.org/x/sys/windows/env_windows.go b/vendor/golang.org/x/sys/windows/env_windows.go index b8ad1925068..d4577a42388 100644 --- a/vendor/golang.org/x/sys/windows/env_windows.go +++ b/vendor/golang.org/x/sys/windows/env_windows.go @@ -37,14 +37,17 @@ func (token Token) Environ(inheritExisting bool) (env []string, err error) { return nil, err } defer DestroyEnvironmentBlock(block) - blockp := unsafe.Pointer(block) - for { - entry := UTF16PtrToString((*uint16)(blockp)) - if len(entry) == 0 { - break + size := unsafe.Sizeof(*block) + for *block != 0 { + // find NUL terminator + end := unsafe.Pointer(block) + for *(*uint16)(end) != 0 { + end = unsafe.Add(end, size) } - env = append(env, entry) - blockp = unsafe.Add(blockp, 2*(len(entry)+1)) + + entry := unsafe.Slice(block, (uintptr(end)-uintptr(unsafe.Pointer(block)))/size) + env = append(env, UTF16ToString(entry)) + block = (*uint16)(unsafe.Add(end, size)) } return env, nil } diff --git a/vendor/golang.org/x/sys/windows/syscall_windows.go b/vendor/golang.org/x/sys/windows/syscall_windows.go index ffb8708ccf8..6395a031d45 100644 --- a/vendor/golang.org/x/sys/windows/syscall_windows.go +++ b/vendor/golang.org/x/sys/windows/syscall_windows.go @@ -125,8 +125,7 @@ func UTF16PtrToString(p *uint16) string { for ptr := unsafe.Pointer(p); *(*uint16)(ptr) != 0; n++ { ptr = unsafe.Pointer(uintptr(ptr) + unsafe.Sizeof(*p)) } - - return string(utf16.Decode(unsafe.Slice(p, n))) + return UTF16ToString(unsafe.Slice(p, n)) } func Getpagesize() int { return 4096 } diff --git a/vendor/modules.txt b/vendor/modules.txt index 34f5a991561..e756b88d4b5 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -82,7 +82,7 @@ golang.org/x/exp/slices # golang.org/x/net v0.20.0 ## explicit; go 1.18 golang.org/x/net/bpf -# golang.org/x/sys v0.16.0 +# golang.org/x/sys v0.17.0 ## explicit; go 1.18 golang.org/x/sys/execabs golang.org/x/sys/unix From 97632a6d1b3ac177022b7f882c08e3b44672b8ac Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 9 Feb 2024 15:20:19 +0000 Subject: [PATCH 0502/1176] build(deps): bump github.com/containerd/console from 1.0.3 to 1.0.4 Bumps [github.com/containerd/console](https://github.com/containerd/console) from 1.0.3 to 1.0.4. - [Release notes](https://github.com/containerd/console/releases) - [Commits](https://github.com/containerd/console/compare/v1.0.3...v1.0.4) --- updated-dependencies: - dependency-name: github.com/containerd/console dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 5 +- .../containerd/console/.golangci.yml | 14 +- .../github.com/containerd/console/README.md | 6 +- .../github.com/containerd/console/console.go | 9 +- .../containerd/console/console_linux.go | 1 + .../containerd/console/console_other.go | 36 ++++ .../containerd/console/console_unix.go | 3 +- .../containerd/console/console_windows.go | 25 +-- .../containerd/console/console_zos.go | 163 ------------------ .../containerd/console/pty_freebsd_cgo.go | 1 + .../containerd/console/pty_freebsd_nocgo.go | 1 + .../github.com/containerd/console/pty_unix.go | 3 +- .../github.com/containerd/console/pty_zos.go | 43 +++++ .../containerd/console/tc_freebsd_cgo.go | 1 + .../containerd/console/tc_freebsd_nocgo.go | 1 + .../containerd/console/tc_openbsd_cgo.go | 1 + .../containerd/console/tc_openbsd_nocgo.go | 1 + .../containerd/console/tc_solaris_cgo.go | 51 ------ .../containerd/console/tc_solaris_nocgo.go | 47 ----- .../github.com/containerd/console/tc_unix.go | 5 +- .../github.com/containerd/console/tc_zos.go | 13 ++ vendor/modules.txt | 2 +- 23 files changed, 141 insertions(+), 293 deletions(-) create mode 100644 vendor/github.com/containerd/console/console_other.go delete mode 100644 vendor/github.com/containerd/console/console_zos.go create mode 100644 vendor/github.com/containerd/console/pty_zos.go delete mode 100644 vendor/github.com/containerd/console/tc_solaris_cgo.go delete mode 100644 vendor/github.com/containerd/console/tc_solaris_nocgo.go diff --git a/go.mod b/go.mod index ebad68d6774..615d1034027 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.20 require ( github.com/checkpoint-restore/go-criu/v6 v6.3.0 github.com/cilium/ebpf v0.12.3 - github.com/containerd/console v1.0.3 + github.com/containerd/console v1.0.4 github.com/coreos/go-systemd/v22 v22.5.0 github.com/cyphar/filepath-securejoin v0.2.4 github.com/docker/go-units v0.5.0 diff --git a/go.sum b/go.sum index 79ba2212fda..602f576b619 100644 --- a/go.sum +++ b/go.sum @@ -3,8 +3,8 @@ github.com/checkpoint-restore/go-criu/v6 v6.3.0 h1:mIdrSO2cPNWQY1truPg6uHLXyKHk3 github.com/checkpoint-restore/go-criu/v6 v6.3.0/go.mod h1:rrRTN/uSwY2X+BPRl/gkulo9gsKOSAeVp9/K2tv7xZI= github.com/cilium/ebpf v0.12.3 h1:8ht6F9MquybnY97at+VDZb3eQQr8ev79RueWeVaEcG4= github.com/cilium/ebpf v0.12.3/go.mod h1:TctK1ivibvI3znr66ljgi4hqOT8EYQjz1KWBfb1UVgM= -github.com/containerd/console v1.0.3 h1:lIr7SlA5PxZyMV30bDW0MGbiOPXwc63yRuCP0ARubLw= -github.com/containerd/console v1.0.3/go.mod h1:7LqA/THxQ86k76b8c/EMSiaJ3h1eZkMkXar0TQ1gf3U= +github.com/containerd/console v1.0.4 h1:F2g4+oChYvBTsASRTz8NP6iIAi97J3TtSAsLbIFn4ro= +github.com/containerd/console v1.0.4/go.mod h1:YynlIjWYF8myEu6sdkwKIvGQq+cOckRm6So2avqoYAk= github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs= github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w= @@ -71,6 +71,7 @@ golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/vendor/github.com/containerd/console/.golangci.yml b/vendor/github.com/containerd/console/.golangci.yml index fcba5e885f0..abe3d84bb16 100644 --- a/vendor/github.com/containerd/console/.golangci.yml +++ b/vendor/github.com/containerd/console/.golangci.yml @@ -1,16 +1,16 @@ linters: enable: - - structcheck - - varcheck - - staticcheck - - unconvert - gofmt - goimports - - golint - ineffassign - - vet - - unused - misspell + - revive + - staticcheck + - structcheck + - unconvert + - unused + - varcheck + - vet disable: - errcheck diff --git a/vendor/github.com/containerd/console/README.md b/vendor/github.com/containerd/console/README.md index 580b461a73d..a849a728f1e 100644 --- a/vendor/github.com/containerd/console/README.md +++ b/vendor/github.com/containerd/console/README.md @@ -22,8 +22,8 @@ current.Resize(ws) console is a containerd sub-project, licensed under the [Apache 2.0 license](./LICENSE). As a containerd sub-project, you will find the: - * [Project governance](https://github.com/containerd/project/blob/master/GOVERNANCE.md), - * [Maintainers](https://github.com/containerd/project/blob/master/MAINTAINERS), - * and [Contributing guidelines](https://github.com/containerd/project/blob/master/CONTRIBUTING.md) + * [Project governance](https://github.com/containerd/project/blob/main/GOVERNANCE.md), + * [Maintainers](https://github.com/containerd/project/blob/main/MAINTAINERS), + * and [Contributing guidelines](https://github.com/containerd/project/blob/main/CONTRIBUTING.md) information in our [`containerd/project`](https://github.com/containerd/project) repository. diff --git a/vendor/github.com/containerd/console/console.go b/vendor/github.com/containerd/console/console.go index f989d28a41c..dd587d88e07 100644 --- a/vendor/github.com/containerd/console/console.go +++ b/vendor/github.com/containerd/console/console.go @@ -22,7 +22,10 @@ import ( "os" ) -var ErrNotAConsole = errors.New("provided file is not a console") +var ( + ErrNotAConsole = errors.New("provided file is not a console") + ErrNotImplemented = errors.New("not implemented") +) type File interface { io.ReadWriteCloser @@ -45,7 +48,7 @@ type Console interface { SetRaw() error // DisableEcho disables echo on the console DisableEcho() error - // Reset restores the console to its orignal state + // Reset restores the console to its original state Reset() error // Size returns the window size of the console Size() (WinSize, error) @@ -78,7 +81,7 @@ func Current() (c Console) { } // ConsoleFromFile returns a console using the provided file -// nolint:golint +// nolint:revive func ConsoleFromFile(f File) (Console, error) { if err := checkConsole(f); err != nil { return nil, err diff --git a/vendor/github.com/containerd/console/console_linux.go b/vendor/github.com/containerd/console/console_linux.go index c1c839ee3ae..28b77b7a389 100644 --- a/vendor/github.com/containerd/console/console_linux.go +++ b/vendor/github.com/containerd/console/console_linux.go @@ -1,3 +1,4 @@ +//go:build linux // +build linux /* diff --git a/vendor/github.com/containerd/console/console_other.go b/vendor/github.com/containerd/console/console_other.go new file mode 100644 index 00000000000..933dfadddae --- /dev/null +++ b/vendor/github.com/containerd/console/console_other.go @@ -0,0 +1,36 @@ +//go:build !darwin && !freebsd && !linux && !netbsd && !openbsd && !solaris && !windows && !zos +// +build !darwin,!freebsd,!linux,!netbsd,!openbsd,!solaris,!windows,!zos + +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package console + +// NewPty creates a new pty pair +// The master is returned as the first console and a string +// with the path to the pty slave is returned as the second +func NewPty() (Console, string, error) { + return nil, "", ErrNotImplemented +} + +// checkConsole checks if the provided file is a console +func checkConsole(f File) error { + return ErrNotAConsole +} + +func newMaster(f File) (Console, error) { + return nil, ErrNotImplemented +} diff --git a/vendor/github.com/containerd/console/console_unix.go b/vendor/github.com/containerd/console/console_unix.go index a08117695e3..161f5d126cb 100644 --- a/vendor/github.com/containerd/console/console_unix.go +++ b/vendor/github.com/containerd/console/console_unix.go @@ -1,4 +1,5 @@ -// +build darwin freebsd linux netbsd openbsd solaris +//go:build darwin || freebsd || linux || netbsd || openbsd || zos +// +build darwin freebsd linux netbsd openbsd zos /* Copyright The containerd Authors. diff --git a/vendor/github.com/containerd/console/console_windows.go b/vendor/github.com/containerd/console/console_windows.go index 787c11fe56f..6896db1825f 100644 --- a/vendor/github.com/containerd/console/console_windows.go +++ b/vendor/github.com/containerd/console/console_windows.go @@ -24,12 +24,13 @@ import ( "golang.org/x/sys/windows" ) -var ( - vtInputSupported bool - ErrNotImplemented = errors.New("not implemented") -) +var vtInputSupported bool func (m *master) initStdios() { + // Note: We discard console mode warnings, because in/out can be redirected. + // + // TODO: Investigate opening CONOUT$/CONIN$ to handle this correctly + m.in = windows.Handle(os.Stdin.Fd()) if err := windows.GetConsoleMode(m.in, &m.inMode); err == nil { // Validate that windows.ENABLE_VIRTUAL_TERMINAL_INPUT is supported, but do not set it. @@ -39,8 +40,6 @@ func (m *master) initStdios() { // Unconditionally set the console mode back even on failure because SetConsoleMode // remembers invalid bits on input handles. windows.SetConsoleMode(m.in, m.inMode) - } else { - fmt.Printf("failed to get console mode for stdin: %v\n", err) } m.out = windows.Handle(os.Stdout.Fd()) @@ -50,8 +49,6 @@ func (m *master) initStdios() { } else { windows.SetConsoleMode(m.out, m.outMode) } - } else { - fmt.Printf("failed to get console mode for stdout: %v\n", err) } m.err = windows.Handle(os.Stderr.Fd()) @@ -61,8 +58,6 @@ func (m *master) initStdios() { } else { windows.SetConsoleMode(m.err, m.errMode) } - } else { - fmt.Printf("failed to get console mode for stderr: %v\n", err) } } @@ -94,6 +89,8 @@ func (m *master) SetRaw() error { } func (m *master) Reset() error { + var errs []error + for _, s := range []struct { fd windows.Handle mode uint32 @@ -103,10 +100,16 @@ func (m *master) Reset() error { {m.err, m.errMode}, } { if err := windows.SetConsoleMode(s.fd, s.mode); err != nil { - return fmt.Errorf("unable to restore console mode: %w", err) + // we can't just abort on the first error, otherwise we might leave + // the console in an unexpected state. + errs = append(errs, fmt.Errorf("unable to restore console mode: %w", err)) } } + if len(errs) > 0 { + return errs[0] + } + return nil } diff --git a/vendor/github.com/containerd/console/console_zos.go b/vendor/github.com/containerd/console/console_zos.go deleted file mode 100644 index b348a839a03..00000000000 --- a/vendor/github.com/containerd/console/console_zos.go +++ /dev/null @@ -1,163 +0,0 @@ -// +build zos - -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package console - -import ( - "fmt" - "os" - - "golang.org/x/sys/unix" -) - -// NewPty creates a new pty pair -// The master is returned as the first console and a string -// with the path to the pty slave is returned as the second -func NewPty() (Console, string, error) { - var f File - var err error - var slave string - for i := 0;; i++ { - ptyp := fmt.Sprintf("/dev/ptyp%04d", i) - f, err = os.OpenFile(ptyp, os.O_RDWR, 0600) - if err == nil { - slave = fmt.Sprintf("/dev/ttyp%04d", i) - break - } - if os.IsNotExist(err) { - return nil, "", err - } - // else probably Resource Busy - } - m, err := newMaster(f) - if err != nil { - return nil, "", err - } - return m, slave, nil -} - -type master struct { - f File - original *unix.Termios -} - -func (m *master) Read(b []byte) (int, error) { - return m.f.Read(b) -} - -func (m *master) Write(b []byte) (int, error) { - return m.f.Write(b) -} - -func (m *master) Close() error { - return m.f.Close() -} - -func (m *master) Resize(ws WinSize) error { - return tcswinsz(m.f.Fd(), ws) -} - -func (m *master) ResizeFrom(c Console) error { - ws, err := c.Size() - if err != nil { - return err - } - return m.Resize(ws) -} - -func (m *master) Reset() error { - if m.original == nil { - return nil - } - return tcset(m.f.Fd(), m.original) -} - -func (m *master) getCurrent() (unix.Termios, error) { - var termios unix.Termios - if err := tcget(m.f.Fd(), &termios); err != nil { - return unix.Termios{}, err - } - return termios, nil -} - -func (m *master) SetRaw() error { - rawState, err := m.getCurrent() - if err != nil { - return err - } - rawState = cfmakeraw(rawState) - rawState.Oflag = rawState.Oflag | unix.OPOST - return tcset(m.f.Fd(), &rawState) -} - -func (m *master) DisableEcho() error { - rawState, err := m.getCurrent() - if err != nil { - return err - } - rawState.Lflag = rawState.Lflag &^ unix.ECHO - return tcset(m.f.Fd(), &rawState) -} - -func (m *master) Size() (WinSize, error) { - return tcgwinsz(m.f.Fd()) -} - -func (m *master) Fd() uintptr { - return m.f.Fd() -} - -func (m *master) Name() string { - return m.f.Name() -} - -// checkConsole checks if the provided file is a console -func checkConsole(f File) error { - var termios unix.Termios - if tcget(f.Fd(), &termios) != nil { - return ErrNotAConsole - } - return nil -} - -func newMaster(f File) (Console, error) { - m := &master{ - f: f, - } - t, err := m.getCurrent() - if err != nil { - return nil, err - } - m.original = &t - return m, nil -} - -// ClearONLCR sets the necessary tty_ioctl(4)s to ensure that a pty pair -// created by us acts normally. In particular, a not-very-well-known default of -// Linux unix98 ptys is that they have +onlcr by default. While this isn't a -// problem for terminal emulators, because we relay data from the terminal we -// also relay that funky line discipline. -func ClearONLCR(fd uintptr) error { - return setONLCR(fd, false) -} - -// SetONLCR sets the necessary tty_ioctl(4)s to ensure that a pty pair -// created by us acts as intended for a terminal emulator. -func SetONLCR(fd uintptr) error { - return setONLCR(fd, true) -} diff --git a/vendor/github.com/containerd/console/pty_freebsd_cgo.go b/vendor/github.com/containerd/console/pty_freebsd_cgo.go index cbd3cd7ea43..22368623aab 100644 --- a/vendor/github.com/containerd/console/pty_freebsd_cgo.go +++ b/vendor/github.com/containerd/console/pty_freebsd_cgo.go @@ -1,3 +1,4 @@ +//go:build freebsd && cgo // +build freebsd,cgo /* diff --git a/vendor/github.com/containerd/console/pty_freebsd_nocgo.go b/vendor/github.com/containerd/console/pty_freebsd_nocgo.go index b5e43181d4f..ceb90a47b81 100644 --- a/vendor/github.com/containerd/console/pty_freebsd_nocgo.go +++ b/vendor/github.com/containerd/console/pty_freebsd_nocgo.go @@ -1,3 +1,4 @@ +//go:build freebsd && !cgo // +build freebsd,!cgo /* diff --git a/vendor/github.com/containerd/console/pty_unix.go b/vendor/github.com/containerd/console/pty_unix.go index d5a6bd8ca2e..f5a5b8058c6 100644 --- a/vendor/github.com/containerd/console/pty_unix.go +++ b/vendor/github.com/containerd/console/pty_unix.go @@ -1,4 +1,5 @@ -// +build darwin linux netbsd openbsd solaris +//go:build darwin || linux || netbsd || openbsd +// +build darwin linux netbsd openbsd /* Copyright The containerd Authors. diff --git a/vendor/github.com/containerd/console/pty_zos.go b/vendor/github.com/containerd/console/pty_zos.go new file mode 100644 index 00000000000..58f59aba58c --- /dev/null +++ b/vendor/github.com/containerd/console/pty_zos.go @@ -0,0 +1,43 @@ +//go:build zos +// +build zos + +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package console + +import ( + "fmt" + "os" +) + +// openpt allocates a new pseudo-terminal by opening the first available /dev/ptypXX device +func openpt() (*os.File, error) { + var f *os.File + var err error + for i := 0; ; i++ { + ptyp := fmt.Sprintf("/dev/ptyp%04d", i) + f, err = os.OpenFile(ptyp, os.O_RDWR, 0600) + if err == nil { + break + } + if os.IsNotExist(err) { + return nil, err + } + // else probably Resource Busy + } + return f, nil +} diff --git a/vendor/github.com/containerd/console/tc_freebsd_cgo.go b/vendor/github.com/containerd/console/tc_freebsd_cgo.go index 0f3d2727309..33282579411 100644 --- a/vendor/github.com/containerd/console/tc_freebsd_cgo.go +++ b/vendor/github.com/containerd/console/tc_freebsd_cgo.go @@ -1,3 +1,4 @@ +//go:build freebsd && cgo // +build freebsd,cgo /* diff --git a/vendor/github.com/containerd/console/tc_freebsd_nocgo.go b/vendor/github.com/containerd/console/tc_freebsd_nocgo.go index 087fc158a16..18a9b9cbea9 100644 --- a/vendor/github.com/containerd/console/tc_freebsd_nocgo.go +++ b/vendor/github.com/containerd/console/tc_freebsd_nocgo.go @@ -1,3 +1,4 @@ +//go:build freebsd && !cgo // +build freebsd,!cgo /* diff --git a/vendor/github.com/containerd/console/tc_openbsd_cgo.go b/vendor/github.com/containerd/console/tc_openbsd_cgo.go index f0cec06a72d..0e76f6cc3e0 100644 --- a/vendor/github.com/containerd/console/tc_openbsd_cgo.go +++ b/vendor/github.com/containerd/console/tc_openbsd_cgo.go @@ -1,3 +1,4 @@ +//go:build openbsd && cgo // +build openbsd,cgo /* diff --git a/vendor/github.com/containerd/console/tc_openbsd_nocgo.go b/vendor/github.com/containerd/console/tc_openbsd_nocgo.go index daccce20585..dca92418b0e 100644 --- a/vendor/github.com/containerd/console/tc_openbsd_nocgo.go +++ b/vendor/github.com/containerd/console/tc_openbsd_nocgo.go @@ -1,3 +1,4 @@ +//go:build openbsd && !cgo // +build openbsd,!cgo /* diff --git a/vendor/github.com/containerd/console/tc_solaris_cgo.go b/vendor/github.com/containerd/console/tc_solaris_cgo.go deleted file mode 100644 index e36a68edd1e..00000000000 --- a/vendor/github.com/containerd/console/tc_solaris_cgo.go +++ /dev/null @@ -1,51 +0,0 @@ -// +build solaris,cgo - -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package console - -import ( - "os" - - "golang.org/x/sys/unix" -) - -//#include -import "C" - -const ( - cmdTcGet = unix.TCGETS - cmdTcSet = unix.TCSETS -) - -// ptsname retrieves the name of the first available pts for the given master. -func ptsname(f *os.File) (string, error) { - ptspath, err := C.ptsname(C.int(f.Fd())) - if err != nil { - return "", err - } - return C.GoString(ptspath), nil -} - -// unlockpt unlocks the slave pseudoterminal device corresponding to the master pseudoterminal referred to by f. -// unlockpt should be called before opening the slave side of a pty. -func unlockpt(f *os.File) error { - if _, err := C.grantpt(C.int(f.Fd())); err != nil { - return err - } - return nil -} diff --git a/vendor/github.com/containerd/console/tc_solaris_nocgo.go b/vendor/github.com/containerd/console/tc_solaris_nocgo.go deleted file mode 100644 index eb0bd2c36b8..00000000000 --- a/vendor/github.com/containerd/console/tc_solaris_nocgo.go +++ /dev/null @@ -1,47 +0,0 @@ -// +build solaris,!cgo - -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -// -// Implementing the functions below requires cgo support. Non-cgo stubs -// versions are defined below to enable cross-compilation of source code -// that depends on these functions, but the resultant cross-compiled -// binaries cannot actually be used. If the stub function(s) below are -// actually invoked they will display an error message and cause the -// calling process to exit. -// - -package console - -import ( - "os" - - "golang.org/x/sys/unix" -) - -const ( - cmdTcGet = unix.TCGETS - cmdTcSet = unix.TCSETS -) - -func ptsname(f *os.File) (string, error) { - panic("ptsname() support requires cgo.") -} - -func unlockpt(f *os.File) error { - panic("unlockpt() support requires cgo.") -} diff --git a/vendor/github.com/containerd/console/tc_unix.go b/vendor/github.com/containerd/console/tc_unix.go index a6bf01e8d1a..2ecf188fca3 100644 --- a/vendor/github.com/containerd/console/tc_unix.go +++ b/vendor/github.com/containerd/console/tc_unix.go @@ -1,4 +1,5 @@ -// +build darwin freebsd linux netbsd openbsd solaris zos +//go:build darwin || freebsd || linux || netbsd || openbsd || zos +// +build darwin freebsd linux netbsd openbsd zos /* Copyright The containerd Authors. @@ -83,7 +84,7 @@ func cfmakeraw(t unix.Termios) unix.Termios { t.Oflag &^= unix.OPOST t.Lflag &^= (unix.ECHO | unix.ECHONL | unix.ICANON | unix.ISIG | unix.IEXTEN) t.Cflag &^= (unix.CSIZE | unix.PARENB) - t.Cflag &^= unix.CS8 + t.Cflag |= unix.CS8 t.Cc[unix.VMIN] = 1 t.Cc[unix.VTIME] = 0 diff --git a/vendor/github.com/containerd/console/tc_zos.go b/vendor/github.com/containerd/console/tc_zos.go index 4262eaf4cc0..fc90ba5fb86 100644 --- a/vendor/github.com/containerd/console/tc_zos.go +++ b/vendor/github.com/containerd/console/tc_zos.go @@ -17,6 +17,9 @@ package console import ( + "os" + "strings" + "golang.org/x/sys/unix" ) @@ -24,3 +27,13 @@ const ( cmdTcGet = unix.TCGETS cmdTcSet = unix.TCSETS ) + +// unlockpt is a no-op on zos. +func unlockpt(_ *os.File) error { + return nil +} + +// ptsname retrieves the name of the first available pts for the given master. +func ptsname(f *os.File) (string, error) { + return "/dev/ttyp" + strings.TrimPrefix(f.Name(), "/dev/ptyp"), nil +} diff --git a/vendor/modules.txt b/vendor/modules.txt index e756b88d4b5..66f723e4d7c 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -14,7 +14,7 @@ github.com/cilium/ebpf/internal/sysenc github.com/cilium/ebpf/internal/tracefs github.com/cilium/ebpf/internal/unix github.com/cilium/ebpf/link -# github.com/containerd/console v1.0.3 +# github.com/containerd/console v1.0.4 ## explicit; go 1.13 github.com/containerd/console # github.com/coreos/go-systemd/v22 v22.5.0 From afd90f44e8c105732c3dbff33086442c078b74a0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 9 Feb 2024 15:20:19 +0000 Subject: [PATCH 0503/1176] build(deps): bump golang.org/x/net from 0.20.0 to 0.21.0 Bumps [golang.org/x/net](https://github.com/golang/net) from 0.20.0 to 0.21.0. - [Commits](https://github.com/golang/net/compare/v0.20.0...v0.21.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- vendor/modules.txt | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index 615d1034027..b8cba65b5d0 100644 --- a/go.mod +++ b/go.mod @@ -20,7 +20,7 @@ require ( github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 github.com/urfave/cli v1.22.12 github.com/vishvananda/netlink v1.1.0 - golang.org/x/net v0.20.0 + golang.org/x/net v0.21.0 golang.org/x/sys v0.17.0 google.golang.org/protobuf v1.32.0 ) diff --git a/go.sum b/go.sum index 602f576b619..e5f2e175147 100644 --- a/go.sum +++ b/go.sum @@ -65,8 +65,8 @@ github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df h1:OviZH7qLw/7Zo github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU= golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2 h1:Jvc7gsqn21cJHCmAWx0LiimpP18LZmUxkT5Mp7EZ1mI= golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= -golang.org/x/net v0.20.0 h1:aCL9BSgETF1k+blQaYUBx9hJ9LOGP3gAVemcZlf1Kpo= -golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY= +golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4= +golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= diff --git a/vendor/modules.txt b/vendor/modules.txt index 66f723e4d7c..7faabc28a10 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -79,7 +79,7 @@ github.com/vishvananda/netns golang.org/x/exp/constraints golang.org/x/exp/maps golang.org/x/exp/slices -# golang.org/x/net v0.20.0 +# golang.org/x/net v0.21.0 ## explicit; go 1.18 golang.org/x/net/bpf # golang.org/x/sys v0.17.0 From 27cbabd00dfaf4126c2e5d0731e48f8443697dfc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 12 Feb 2024 04:07:38 +0000 Subject: [PATCH 0504/1176] build(deps): bump golangci/golangci-lint-action from 3 to 4 Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 3 to 4. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/v3...v4) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/validate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 53ad8d4c7d6..cd340328b5a 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -38,7 +38,7 @@ jobs: run: | sudo apt -q update sudo apt -q install libseccomp-dev - - uses: golangci/golangci-lint-action@v3 + - uses: golangci/golangci-lint-action@v4 with: version: v1.54 # Extra linters, only checking new code from a pull request. From ea140db712dfed29f4484f6742cc198382a21c3c Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 12 Feb 2024 13:08:12 -0800 Subject: [PATCH 0505/1176] libct/nsenter: rm unused code Commits b999376f and b999376f removed all users of this code. Signed-off-by: Kir Kolyshkin --- libcontainer/nsenter/ipc.c | 84 ----------------------------------- libcontainer/nsenter/ipc.h | 12 ----- libcontainer/nsenter/nsexec.c | 1 - 3 files changed, 97 deletions(-) delete mode 100644 libcontainer/nsenter/ipc.c delete mode 100644 libcontainer/nsenter/ipc.h diff --git a/libcontainer/nsenter/ipc.c b/libcontainer/nsenter/ipc.c deleted file mode 100644 index 01321a718cb..00000000000 --- a/libcontainer/nsenter/ipc.c +++ /dev/null @@ -1,84 +0,0 @@ -#define _GNU_SOURCE -#include -#include -#include -#include -#include "ipc.h" -#include "log.h" - -int receive_fd(int sockfd) -{ - int bytes_read; - struct msghdr msg = { }; - struct cmsghdr *cmsg; - struct iovec iov = { }; - char null_byte = '\0'; - int ret; - int fd_count; - - iov.iov_base = &null_byte; - iov.iov_len = 1; - - msg.msg_iov = &iov; - msg.msg_iovlen = 1; - - msg.msg_controllen = CMSG_SPACE(sizeof(int)); - msg.msg_control = malloc(msg.msg_controllen); - if (msg.msg_control == NULL) { - bail("Can't allocate memory to receive fd."); - } - - memset(msg.msg_control, 0, msg.msg_controllen); - - bytes_read = recvmsg(sockfd, &msg, MSG_CMSG_CLOEXEC); - if (bytes_read != 1) - bail("failed to receive fd from unix socket %d", sockfd); - if (msg.msg_flags & MSG_CTRUNC) - bail("received truncated control message from unix socket %d", sockfd); - - cmsg = CMSG_FIRSTHDR(&msg); - if (!cmsg) - bail("received message from unix socket %d without control message", sockfd); - - if (cmsg->cmsg_level != SOL_SOCKET) - bail("received unknown control message from unix socket %d: cmsg_level=%d", sockfd, cmsg->cmsg_level); - - if (cmsg->cmsg_type != SCM_RIGHTS) - bail("received unknown control message from unix socket %d: cmsg_type=%d", sockfd, cmsg->cmsg_type); - - fd_count = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int); - if (fd_count != 1) - bail("received control message from unix socket %d with too many fds: %d", sockfd, fd_count); - - ret = *(int *)CMSG_DATA(cmsg); - free(msg.msg_control); - return ret; -} - -int send_fd(int sockfd, int fd) -{ - struct msghdr msg = { }; - struct cmsghdr *cmsg; - struct iovec iov[1] = { }; - char null_byte = '\0'; - - iov[0].iov_base = &null_byte; - iov[0].iov_len = 1; - - msg.msg_iov = iov; - msg.msg_iovlen = 1; - - /* We send only one fd as specified by cmsg->cmsg_len below, even - * though msg.msg_controllen might have more space due to alignment. */ - msg.msg_controllen = CMSG_SPACE(sizeof(int)); - msg.msg_control = alloca(msg.msg_controllen); - memset(msg.msg_control, 0, msg.msg_controllen); - - cmsg = CMSG_FIRSTHDR(&msg); - cmsg->cmsg_level = SOL_SOCKET; - cmsg->cmsg_type = SCM_RIGHTS; - cmsg->cmsg_len = CMSG_LEN(sizeof(int)); - memcpy(CMSG_DATA(cmsg), &fd, sizeof(int)); - - return sendmsg(sockfd, &msg, 0); -} diff --git a/libcontainer/nsenter/ipc.h b/libcontainer/nsenter/ipc.h deleted file mode 100644 index 6e5972697d9..00000000000 --- a/libcontainer/nsenter/ipc.h +++ /dev/null @@ -1,12 +0,0 @@ -#ifndef NSENTER_IPC_H -#define NSENTER_IPC_H - -int receive_fd(int sockfd); - -/* - * send_fd passes the open file descriptor fd to another process via the UNIX - * domain socket sockfd. The return value of the sendmsg(2) call is returned. - */ -int send_fd(int sockfd, int fd); - -#endif /* NSENTER_IPC_H */ diff --git a/libcontainer/nsenter/nsexec.c b/libcontainer/nsenter/nsexec.c index bfc6a79a8e1..adfc0d41a96 100644 --- a/libcontainer/nsenter/nsexec.c +++ b/libcontainer/nsenter/nsexec.c @@ -28,7 +28,6 @@ #include #include "getenv.h" -#include "ipc.h" #include "log.h" /* Get all of the CLONE_NEW* flags. */ #include "namespace.h" From 3a9859bdc0e4507cb57fb46fd10b422702cfda62 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 12 Feb 2024 13:17:47 -0800 Subject: [PATCH 0506/1176] libct/nsenter: rm unused include This was added by commit 9c444070 (to use LONG_MAX and INT_MAX) but the code was later removed by commit ba0b5e26. Signed-off-by: Kir Kolyshkin --- libcontainer/nsenter/nsexec.c | 1 - 1 file changed, 1 deletion(-) diff --git a/libcontainer/nsenter/nsexec.c b/libcontainer/nsenter/nsexec.c index adfc0d41a96..c771ac7e116 100644 --- a/libcontainer/nsenter/nsexec.c +++ b/libcontainer/nsenter/nsexec.c @@ -4,7 +4,6 @@ #include #include #include -#include #include #include #include From 302b2e89a6ffac525cf7aff9b8bc92149ae0ba0b Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 2 Feb 2024 14:16:10 -0800 Subject: [PATCH 0507/1176] tests/int: use gawk where needed This expression is specific to GNU awk (gawk), so if someone has other version of awk installed, this won't work and it's not easy to see why. Explicitly requiring gawk here is better. Revert "tests/int/helpers: gawk -> awk" This reverts commit 4e65118d02b19963d49a6e0b12326123dd21c956. Reported-by: lifubang Signed-off-by: Kir Kolyshkin --- tests/integration/helpers.bash | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/integration/helpers.bash b/tests/integration/helpers.bash index 42f862511c3..85e1113c46e 100755 --- a/tests/integration/helpers.bash +++ b/tests/integration/helpers.bash @@ -132,7 +132,8 @@ function init_cgroup_paths() { CGROUP_SUBSYSTEMS=$(awk '!/^#/ {print $1}' /proc/cgroups) local g base_path for g in ${CGROUP_SUBSYSTEMS}; do - base_path=$(awk '$(NF-2) == "cgroup" && $NF ~ /\<'"${g}"'\>/ { print $5; exit }' /proc/self/mountinfo) + # This uses gawk-specific feature (\< ... \>). + base_path=$(gawk '$(NF-2) == "cgroup" && $NF ~ /\<'"${g}"'\>/ { print $5; exit }' /proc/self/mountinfo) test -z "$base_path" && continue eval CGROUP_"${g^^}"_BASE_PATH="${base_path}" done From 93e377233f9b91ab45a73b4e116c8c0bddfd0e79 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 12 Feb 2024 22:14:41 -0800 Subject: [PATCH 0508/1176] ci/golangci-lint: add checks permission This permission is now needed so that the linter can annotate code in a PR (see [1]). [1] https://github.com/golangci/golangci-lint-action/pull/931/commits/bc1904f0c946172fc1821908fc41649db49f0334 Signed-off-by: Kir Kolyshkin --- .github/workflows/validate.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index cd340328b5a..007ec338f28 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -25,6 +25,7 @@ jobs: permissions: contents: read pull-requests: read + checks: write # to allow the action to annotate code in the PR. runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v4 From 82499d428a8bab161f788f7cf7e9c10c5e3b8c65 Mon Sep 17 00:00:00 2001 From: Sjoerd van Leent Date: Thu, 15 Feb 2024 15:56:19 +0100 Subject: [PATCH 0509/1176] Fixed spelling mistake in the Makefile at .PHONY vendor * Simple error correction of a spelling mistake which was introduced at commit b8f75f3 Signed-off-by: Sjoerd van Leent --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index d9e41aa47bf..40e9fc1e0f8 100644 --- a/Makefile +++ b/Makefile @@ -221,7 +221,7 @@ shfmt: localshfmt: shfmt -d -w . -.PHONY: venodr +.PHONY: vendor vendor: $(GO) mod tidy $(GO) mod vendor From 86360598bd9b0ab1485e2f8e3a0bc1eaa9748afd Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 24 Jan 2024 17:20:41 -0800 Subject: [PATCH 0510/1176] tests/int: fix flaky kill tests It takes some time for the kernel to kill the process (and remove its PID from cgroup.procs). To ensure we don't have flakes from reading cgroup.procs right after the kill, check and wait for processes to actually be gone. Fixes: 4163 Reported-by: lifubang@acmcoder.com Signed-off-by: Kir Kolyshkin --- tests/integration/delete.bats | 20 +++++++++++++------- tests/integration/helpers.bash | 30 ++++++++++++++++++++++++++++++ tests/integration/kill.bats | 27 ++++++++++++++++++--------- 3 files changed, 61 insertions(+), 16 deletions(-) diff --git a/tests/integration/delete.bats b/tests/integration/delete.bats index a7ade1082ed..bdb94516b9e 100644 --- a/tests/integration/delete.bats +++ b/tests/integration/delete.bats @@ -54,12 +54,13 @@ function test_runc_delete_host_pidns() { # not have own PID ns, its init is no special and the container # will still be up and running. kill -9 "$init_pid" + wait_pids_gone 10 0.2 "$init_pid" # Get the list of all container processes. - pids=$(cat "$cgpath"/cgroup.procs) - echo "pids: $pids" + mapfile -t pids < <(cat "$cgpath"/cgroup.procs) + echo "pids:" "${pids[@]}" # Sanity check -- make sure all processes exist. - for p in $pids; do + for p in "${pids[@]}"; do kill -0 "$p" done @@ -70,10 +71,15 @@ function test_runc_delete_host_pidns() { runc state test_busybox [ "$status" -ne 0 ] # "Container does not exist" - # Make sure all processes are gone. - pids=$(cat "$cgpath"/cgroup.procs) || true # OK if cgroup is gone - echo "pids: $pids" - [ -z "$pids" ] + # Wait and check that all the processes are gone. + wait_pids_gone 10 0.2 "${pids[@]}" + + # Make sure cgroup.procs is empty. + mapfile -t pids < <(cat "$cgpath"/cgroup.procs || true) + if [ ${#pids[@]} -gt 0 ]; then + echo "expected empty cgroup.procs, got:" "${pids[@]}" 1>&2 + return 1 + fi } @test "runc delete" { diff --git a/tests/integration/helpers.bash b/tests/integration/helpers.bash index 85e1113c46e..52525408484 100755 --- a/tests/integration/helpers.bash +++ b/tests/integration/helpers.bash @@ -581,6 +581,36 @@ function testcontainer() { [[ "${output}" == *"$2"* ]] } +# Check that all the listed processes are gone. Use after kill/stop etc. +function wait_pids_gone() { + if [ $# -lt 3 ]; then + echo "Usage: wait_pids_gone ITERATIONS SLEEP PID [PID ...]" + return 1 + fi + local iter=$1 + shift + local sleep=$1 + shift + local pids=("$@") + + while true; do + for i in "${!pids[@]}"; do + # Check if the pid is there; if not, remove it from the list. + kill -0 "${pids[i]}" 2>/dev/null || unset "pids[i]" + done + [ ${#pids[@]} -eq 0 ] && return 0 + # Rebuild pids array to avoid sparse array issues. + pids=("${pids[@]}") + + ((--iter > 0)) || break + + sleep "$sleep" + done + + echo "Expected all PIDs to be gone, but some are still there:" "${pids[@]}" 1>&2 + return 1 +} + function setup_recvtty() { [ ! -v ROOT ] && return 1 # must not be called without ROOT set local dir="$ROOT/tty" diff --git a/tests/integration/kill.bats b/tests/integration/kill.bats index d1e0de19dca..4d3208be0bc 100644 --- a/tests/integration/kill.bats +++ b/tests/integration/kill.bats @@ -46,24 +46,33 @@ test_host_pidns_kill() { # kills the container; see "kill KILL [host pidns + init gone]" # below). kill -9 "$init_pid" + wait_pids_gone 10 0.2 "$init_pid" fi # Get the list of all container processes. - pids=$(cat "$cgpath"/cgroup.procs) - echo "pids: $pids" + mapfile -t pids < <(cat "$cgpath"/cgroup.procs) + echo "pids:" "${pids[@]}" # Sanity check -- make sure all processes exist. - for p in $pids; do + for p in "${pids[@]}"; do kill -0 "$p" done runc kill test_busybox KILL [ "$status" -eq 0 ] - wait_for_container 10 1 test_busybox stopped - - # Make sure all processes are gone. - pids=$(cat "$cgpath"/cgroup.procs) || true # OK if cgroup is gone - echo "pids: $pids" - [ -z "$pids" ] + # Wait and check that all processes are gone. + wait_pids_gone 10 0.2 "${pids[@]}" + + # Make sure the container is in stopped state. Note if KILL_INIT + # is set, container was already stopped by killing its $init_pid + # and so this check is NOP/redundant. + testcontainer test_busybox stopped + + # Make sure cgroup.procs is empty. + mapfile -t pids < <(cat "$cgpath"/cgroup.procs || true) + if [ ${#pids[@]} -gt 0 ]; then + echo "expected empty cgroup.procs, got:" "${pids[@]}" 1>&2 + return 1 + fi } @test "kill detached busybox" { From 935d586b391969a556cd42159b43c82348e707bf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 27 Feb 2024 04:45:06 +0000 Subject: [PATCH 0511/1176] build(deps): bump tim-actions/get-pr-commits from 1.3.0 to 1.3.1 Bumps [tim-actions/get-pr-commits](https://github.com/tim-actions/get-pr-commits) from 1.3.0 to 1.3.1. - [Release notes](https://github.com/tim-actions/get-pr-commits/releases) - [Commits](https://github.com/tim-actions/get-pr-commits/compare/v1.3.0...v1.3.1) --- updated-dependencies: - dependency-name: tim-actions/get-pr-commits dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/validate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 007ec338f28..c28094cec31 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -132,7 +132,7 @@ jobs: steps: - name: get pr commits id: 'get-pr-commits' - uses: tim-actions/get-pr-commits@v1.3.0 + uses: tim-actions/get-pr-commits@v1.3.1 with: token: ${{ secrets.GITHUB_TOKEN }} From 1dae66f74871e63325ef0293ef3d808bc888610e Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Fri, 26 Jan 2024 17:13:39 +0100 Subject: [PATCH 0512/1176] libct/dmz: Require RUNC_DMZ=true to opt-in If it is compiled, the user needs to opt-in with this env variable to use it. While we are there, remove the RUNC_DMZ=legacy as that is now the default. Signed-off-by: Rodrigo Campos --- README.md | 2 +- libcontainer/dmz/dmz_linux.go | 16 +++++++++++++--- tests/integration/exec.bats | 6 +++--- tests/integration/run.bats | 20 ++++++++++---------- tests/integration/selinux.bats | 7 +++---- 5 files changed, 30 insertions(+), 21 deletions(-) diff --git a/README.md b/README.md index 7e40776bbb7..df5061a37f1 100644 --- a/README.md +++ b/README.md @@ -68,7 +68,7 @@ make BUILDTAGS="" | Build Tag | Feature | Enabled by Default | Dependencies | |---------------|---------------------------------------|--------------------|---------------------| | `seccomp` | Syscall filtering using `libseccomp`. | yes | `libseccomp` | -| `!runc_nodmz` | Reduce memory usage for CVE-2019-5736 protection by using a small C binary, [see `memfd-bind` for more details][contrib-memfd-bind]. `runc_nodmz` disables this feature and causes runc to use a different protection mechanism which will further increases memory usage temporarily during container startup. This feature can also be disabled at runtime by setting the `RUNC_DMZ=legacy` environment variable. | yes || +| `!runc_nodmz` | Reduce memory usage for CVE-2019-5736 protection by using a small C binary, [see `memfd-bind` for more details][contrib-memfd-bind]. `runc_nodmz` disables this **experimental feature** and causes runc to use a different protection mechanism which will further increases memory usage temporarily during container startup. To enable this feature you also need to set the `RUNC_DMZ=true` environment variable. | yes || | `runc_dmz_selinux_nocompat` | Disables a SELinux DMZ workaround (new distros should set this). See [dmz README] for details. | no || The following build tags were used earlier, but are now obsoleted: diff --git a/libcontainer/dmz/dmz_linux.go b/libcontainer/dmz/dmz_linux.go index 0985677ea5b..eddbbc7016f 100644 --- a/libcontainer/dmz/dmz_linux.go +++ b/libcontainer/dmz/dmz_linux.go @@ -7,7 +7,9 @@ import ( "bytes" "debug/elf" "embed" + "fmt" "os" + "strconv" "sync" "github.com/sirupsen/logrus" @@ -43,11 +45,19 @@ var ( // If the runc-dmz binary is not embedded into the runc binary, Binary will // return ErrNoDmzBinary as the error. func Binary(tmpDir string) (*os.File, error) { - // Setting RUNC_DMZ=legacy disables this dmz method. - if os.Getenv("RUNC_DMZ") == "legacy" { - logrus.Debugf("RUNC_DMZ=legacy set -- switching back to classic /proc/self/exe cloning") + // Only RUNC_DMZ=true enables runc_dmz. + runcDmz := os.Getenv("RUNC_DMZ") + if runcDmz == "" { + logrus.Debugf("RUNC_DMZ is not set -- switching back to classic /proc/self/exe cloning") return nil, ErrNoDmzBinary } + if dmzEnabled, err := strconv.ParseBool(runcDmz); err == nil && !dmzEnabled { + logrus.Debugf("RUNC_DMZ is false -- switching back to classic /proc/self/exe cloning") + return nil, ErrNoDmzBinary + } else if err != nil { + return nil, fmt.Errorf("parsing RUNC_DMZ: %w", err) + } + runcDmzBinaryOnce.Do(func() { runcDmzBinary, _ = runcDmzFs.ReadFile("binary/runc-dmz") // Verify that our embedded binary has a standard ELF header. diff --git a/tests/integration/exec.bats b/tests/integration/exec.bats index 2809070486e..a92a237809d 100644 --- a/tests/integration/exec.bats +++ b/tests/integration/exec.bats @@ -323,14 +323,14 @@ function check_exec_debug() { [ "$status" -eq 0 ] } -@test "RUNC_DMZ=legacy runc exec [execve error]" { +@test "runc exec [execve error]" { cat <rootfs/run.sh #!/mmnnttbb foo bar sh EOF chmod +x rootfs/run.sh - RUNC_DMZ=legacy runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox - RUNC_DMZ=legacy runc exec -t test_busybox /run.sh + runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox + runc exec -t test_busybox /run.sh [ "$status" -ne 0 ] # After the sync socket closed, we should not send error to parent diff --git a/tests/integration/run.bats b/tests/integration/run.bats index 82c58027780..b49f3ac4c1a 100644 --- a/tests/integration/run.bats +++ b/tests/integration/run.bats @@ -127,20 +127,20 @@ function teardown() { [ "${lines[0]}" = "410" ] } -@test "runc run [runc-dmz]" { - runc --debug run test_hello +@test "RUNC_DMZ=true runc run [runc-dmz]" { + RUNC_DMZ=true runc --debug run test_hello [ "$status" -eq 0 ] [[ "$output" = *"Hello World"* ]] # We use runc-dmz if we can. [[ "$output" = *"runc-dmz: using runc-dmz"* ]] } -@test "runc run [cap_sys_ptrace -> /proc/self/exe clone]" { +@test "RUNC_DMZ=true runc run [cap_sys_ptrace -> /proc/self/exe clone]" { # Add CAP_SYS_PTRACE to the bounding set, the minimum needed to indicate a # container process _could_ get CAP_SYS_PTRACE. update_config '.process.capabilities.bounding += ["CAP_SYS_PTRACE"]' - runc --debug run test_hello + RUNC_DMZ=true runc --debug run test_hello [ "$status" -eq 0 ] [[ "$output" = *"Hello World"* ]] if [ "$EUID" -ne 0 ] && is_kernel_gte 4.10; then @@ -154,8 +154,8 @@ function teardown() { fi } -@test "RUNC_DMZ=legacy runc run [/proc/self/exe clone]" { - RUNC_DMZ=legacy runc --debug run test_hello +@test "runc run [/proc/self/exe clone]" { + runc --debug run test_hello [ "$status" -eq 0 ] [[ "$output" = *"Hello World"* ]] [[ "$output" = *"runc-dmz: using /proc/self/exe clone"* ]] @@ -231,14 +231,14 @@ function teardown() { grep -E '^boottime\s+1337\s+3141519$' <<<"$output" } -@test "runc run [exec error]" { +@test "RUNC_DMZ=true runc run [exec error]" { cat <rootfs/run.sh #!/mmnnttbb foo bar sh EOF chmod +x rootfs/run.sh update_config '.process.args = [ "/run.sh" ]' - runc run test_hello + RUNC_DMZ=true runc run test_hello # Ensure that the output contains the right error message. For runc-dmz, both # nolibc and libc have the same formatting string (but libc will print the @@ -248,14 +248,14 @@ EOF [[ "$output" = *"exec /run.sh: "* ]] } -@test "RUNC_DMZ=legacy runc run [execve error]" { +@test "runc run [execve error]" { cat <rootfs/run.sh #!/mmnnttbb foo bar sh EOF chmod +x rootfs/run.sh update_config '.process.args = [ "/run.sh" ]' - RUNC_DMZ=legacy runc run test_hello + runc run test_hello [ "$status" -ne 0 ] # After the sync socket closed, we should not send error to parent diff --git a/tests/integration/selinux.bats b/tests/integration/selinux.bats index 6265bd461d9..19bc9d2070e 100644 --- a/tests/integration/selinux.bats +++ b/tests/integration/selinux.bats @@ -39,15 +39,14 @@ function teardown() { } # https://github.com/opencontainers/runc/issues/4057 -@test "runc run (custom selinux label)" { +@test "runc run (custom selinux label, RUNC_DMZ=true)" { update_config ' .process.selinuxLabel |= "system_u:system_r:container_t:s0:c4,c5" | .process.args = ["/bin/true"]' - runc run tst + RUNC_DMZ=true runc run tst [ "$status" -eq 0 ] } -@test "runc run (custom selinux label, RUNC_DMZ=legacy)" { - export RUNC_DMZ=legacy +@test "runc run (custom selinux label)" { update_config ' .process.selinuxLabel |= "system_u:system_r:container_t:s0:c4,c5" | .process.args = ["/bin/true"]' runc run tst From 46b72107f16a9f848f4af48d271e2d4c3e252d59 Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Fri, 26 Jan 2024 17:35:45 +0100 Subject: [PATCH 0513/1176] contrib/cmd/memfd-bind: Mention runc-dmz needs RUNC_DMZ=true Signed-off-by: Rodrigo Campos --- contrib/cmd/memfd-bind/README.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/contrib/cmd/memfd-bind/README.md b/contrib/cmd/memfd-bind/README.md index f2ceae2fa78..8123c897006 100644 --- a/contrib/cmd/memfd-bind/README.md +++ b/contrib/cmd/memfd-bind/README.md @@ -36,12 +36,12 @@ much memory usage they can use: * `runc-dmz` is (depending on which libc it was compiled with) between 10kB and 1MB in size, and a copy is created once per process spawned inside a - container by runc (both the pid1 and every `runc exec`). There are - circumstances where using `runc-dmz` will fail in ways that runc cannot - predict ahead of time (such as restrictive LSMs applied to containers), in - which case users can disable it with the `RUNC_DMZ=legacy` setting. - `runc-dmz` also requires an additional `execve` over the other options, - though since the binary is so small the cost is probably not even noticeable. + container by runc (both the pid1 and every `runc exec`). The `RUNC_DMZ=true` + environment variable needs to be set to opt-in. There are circumstances where + using `runc-dmz` will fail in ways that runc cannot predict ahead of time (such + as restrictive LSMs applied to containers). `runc-dmz` also requires an + additional `execve` over the other options, though since the binary is so small + the cost is probably not even noticeable. * The classic method of making a copy of the entire `runc` binary during container process setup takes up about 10MB per process spawned inside the From fc76b136e181f5b81c471b36608239d0fb5a3ecb Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Wed, 28 Feb 2024 11:40:37 -0300 Subject: [PATCH 0514/1176] Makefile: Fix runc-dmz removal Signed-off-by: Rodrigo Campos --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 40e9fc1e0f8..c858a1ceeee 100644 --- a/Makefile +++ b/Makefile @@ -79,7 +79,7 @@ recvtty sd-helper seccompagent fs-idmap memfd-bind pidfd-kill remap-rootfs: .PHONY: clean clean: - rm -f runc runc-* libcontainer/dmz/runc-dmz + rm -f runc runc-* libcontainer/dmz/binary/runc-dmz rm -f contrib/cmd/recvtty/recvtty rm -f contrib/cmd/sd-helper/sd-helper rm -f contrib/cmd/seccompagent/seccompagent From 6056ed2dd667cb0cbe26935d67ce041e54fdb197 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 5 Mar 2024 04:18:12 +0000 Subject: [PATCH 0515/1176] build(deps): bump golang.org/x/sys from 0.17.0 to 0.18.0 Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.17.0 to 0.18.0. - [Commits](https://github.com/golang/sys/compare/v0.17.0...v0.18.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 +- vendor/golang.org/x/sys/unix/aliases.go | 2 +- .../x/sys/unix/syscall_darwin_libSystem.go | 2 +- .../golang.org/x/sys/unix/syscall_freebsd.go | 12 ++- vendor/golang.org/x/sys/unix/syscall_linux.go | 99 +++++++++++++++++++ .../golang.org/x/sys/unix/zsyscall_linux.go | 10 ++ vendor/golang.org/x/sys/unix/ztypes_linux.go | 60 +++++++++++ vendor/modules.txt | 2 +- 9 files changed, 182 insertions(+), 11 deletions(-) diff --git a/go.mod b/go.mod index b8cba65b5d0..405b72d2435 100644 --- a/go.mod +++ b/go.mod @@ -21,7 +21,7 @@ require ( github.com/urfave/cli v1.22.12 github.com/vishvananda/netlink v1.1.0 golang.org/x/net v0.21.0 - golang.org/x/sys v0.17.0 + golang.org/x/sys v0.18.0 google.golang.org/protobuf v1.32.0 ) diff --git a/go.sum b/go.sum index e5f2e175147..76741702580 100644 --- a/go.sum +++ b/go.sum @@ -72,8 +72,8 @@ golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y= -golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= +golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= diff --git a/vendor/golang.org/x/sys/unix/aliases.go b/vendor/golang.org/x/sys/unix/aliases.go index e7d3df4bd36..b0e41985750 100644 --- a/vendor/golang.org/x/sys/unix/aliases.go +++ b/vendor/golang.org/x/sys/unix/aliases.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build (aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos) && go1.9 +//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos package unix diff --git a/vendor/golang.org/x/sys/unix/syscall_darwin_libSystem.go b/vendor/golang.org/x/sys/unix/syscall_darwin_libSystem.go index 16dc6993799..2f0fa76e4f6 100644 --- a/vendor/golang.org/x/sys/unix/syscall_darwin_libSystem.go +++ b/vendor/golang.org/x/sys/unix/syscall_darwin_libSystem.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build darwin && go1.12 +//go:build darwin package unix diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd.go b/vendor/golang.org/x/sys/unix/syscall_freebsd.go index 64d1bb4dba5..2b57e0f73bb 100644 --- a/vendor/golang.org/x/sys/unix/syscall_freebsd.go +++ b/vendor/golang.org/x/sys/unix/syscall_freebsd.go @@ -13,6 +13,7 @@ package unix import ( + "errors" "sync" "unsafe" ) @@ -169,25 +170,26 @@ func Getfsstat(buf []Statfs_t, flags int) (n int, err error) { func Uname(uname *Utsname) error { mib := []_C_int{CTL_KERN, KERN_OSTYPE} n := unsafe.Sizeof(uname.Sysname) - if err := sysctl(mib, &uname.Sysname[0], &n, nil, 0); err != nil { + // Suppress ENOMEM errors to be compatible with the C library __xuname() implementation. + if err := sysctl(mib, &uname.Sysname[0], &n, nil, 0); err != nil && !errors.Is(err, ENOMEM) { return err } mib = []_C_int{CTL_KERN, KERN_HOSTNAME} n = unsafe.Sizeof(uname.Nodename) - if err := sysctl(mib, &uname.Nodename[0], &n, nil, 0); err != nil { + if err := sysctl(mib, &uname.Nodename[0], &n, nil, 0); err != nil && !errors.Is(err, ENOMEM) { return err } mib = []_C_int{CTL_KERN, KERN_OSRELEASE} n = unsafe.Sizeof(uname.Release) - if err := sysctl(mib, &uname.Release[0], &n, nil, 0); err != nil { + if err := sysctl(mib, &uname.Release[0], &n, nil, 0); err != nil && !errors.Is(err, ENOMEM) { return err } mib = []_C_int{CTL_KERN, KERN_VERSION} n = unsafe.Sizeof(uname.Version) - if err := sysctl(mib, &uname.Version[0], &n, nil, 0); err != nil { + if err := sysctl(mib, &uname.Version[0], &n, nil, 0); err != nil && !errors.Is(err, ENOMEM) { return err } @@ -205,7 +207,7 @@ func Uname(uname *Utsname) error { mib = []_C_int{CTL_HW, HW_MACHINE} n = unsafe.Sizeof(uname.Machine) - if err := sysctl(mib, &uname.Machine[0], &n, nil, 0); err != nil { + if err := sysctl(mib, &uname.Machine[0], &n, nil, 0); err != nil && !errors.Is(err, ENOMEM) { return err } diff --git a/vendor/golang.org/x/sys/unix/syscall_linux.go b/vendor/golang.org/x/sys/unix/syscall_linux.go index 0f85e29e621..5682e2628ad 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux.go @@ -1849,6 +1849,105 @@ func Dup2(oldfd, newfd int) error { //sys Fsmount(fd int, flags int, mountAttrs int) (fsfd int, err error) //sys Fsopen(fsName string, flags int) (fd int, err error) //sys Fspick(dirfd int, pathName string, flags int) (fd int, err error) + +//sys fsconfig(fd int, cmd uint, key *byte, value *byte, aux int) (err error) + +func fsconfigCommon(fd int, cmd uint, key string, value *byte, aux int) (err error) { + var keyp *byte + if keyp, err = BytePtrFromString(key); err != nil { + return + } + return fsconfig(fd, cmd, keyp, value, aux) +} + +// FsconfigSetFlag is equivalent to fsconfig(2) called +// with cmd == FSCONFIG_SET_FLAG. +// +// fd is the filesystem context to act upon. +// key the parameter key to set. +func FsconfigSetFlag(fd int, key string) (err error) { + return fsconfigCommon(fd, FSCONFIG_SET_FLAG, key, nil, 0) +} + +// FsconfigSetString is equivalent to fsconfig(2) called +// with cmd == FSCONFIG_SET_STRING. +// +// fd is the filesystem context to act upon. +// key the parameter key to set. +// value is the parameter value to set. +func FsconfigSetString(fd int, key string, value string) (err error) { + var valuep *byte + if valuep, err = BytePtrFromString(value); err != nil { + return + } + return fsconfigCommon(fd, FSCONFIG_SET_STRING, key, valuep, 0) +} + +// FsconfigSetBinary is equivalent to fsconfig(2) called +// with cmd == FSCONFIG_SET_BINARY. +// +// fd is the filesystem context to act upon. +// key the parameter key to set. +// value is the parameter value to set. +func FsconfigSetBinary(fd int, key string, value []byte) (err error) { + if len(value) == 0 { + return EINVAL + } + return fsconfigCommon(fd, FSCONFIG_SET_BINARY, key, &value[0], len(value)) +} + +// FsconfigSetPath is equivalent to fsconfig(2) called +// with cmd == FSCONFIG_SET_PATH. +// +// fd is the filesystem context to act upon. +// key the parameter key to set. +// path is a non-empty path for specified key. +// atfd is a file descriptor at which to start lookup from or AT_FDCWD. +func FsconfigSetPath(fd int, key string, path string, atfd int) (err error) { + var valuep *byte + if valuep, err = BytePtrFromString(path); err != nil { + return + } + return fsconfigCommon(fd, FSCONFIG_SET_PATH, key, valuep, atfd) +} + +// FsconfigSetPathEmpty is equivalent to fsconfig(2) called +// with cmd == FSCONFIG_SET_PATH_EMPTY. The same as +// FconfigSetPath but with AT_PATH_EMPTY implied. +func FsconfigSetPathEmpty(fd int, key string, path string, atfd int) (err error) { + var valuep *byte + if valuep, err = BytePtrFromString(path); err != nil { + return + } + return fsconfigCommon(fd, FSCONFIG_SET_PATH_EMPTY, key, valuep, atfd) +} + +// FsconfigSetFd is equivalent to fsconfig(2) called +// with cmd == FSCONFIG_SET_FD. +// +// fd is the filesystem context to act upon. +// key the parameter key to set. +// value is a file descriptor to be assigned to specified key. +func FsconfigSetFd(fd int, key string, value int) (err error) { + return fsconfigCommon(fd, FSCONFIG_SET_FD, key, nil, value) +} + +// FsconfigCreate is equivalent to fsconfig(2) called +// with cmd == FSCONFIG_CMD_CREATE. +// +// fd is the filesystem context to act upon. +func FsconfigCreate(fd int) (err error) { + return fsconfig(fd, FSCONFIG_CMD_CREATE, nil, nil, 0) +} + +// FsconfigReconfigure is equivalent to fsconfig(2) called +// with cmd == FSCONFIG_CMD_RECONFIGURE. +// +// fd is the filesystem context to act upon. +func FsconfigReconfigure(fd int) (err error) { + return fsconfig(fd, FSCONFIG_CMD_RECONFIGURE, nil, nil, 0) +} + //sys Getdents(fd int, buf []byte) (n int, err error) = SYS_GETDENTS64 //sysnb Getpgid(pid int) (pgid int, err error) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux.go b/vendor/golang.org/x/sys/unix/zsyscall_linux.go index 1488d27128c..87d8612a1dc 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux.go @@ -906,6 +906,16 @@ func Fspick(dirfd int, pathName string, flags int) (fd int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func fsconfig(fd int, cmd uint, key *byte, value *byte, aux int) (err error) { + _, _, e1 := Syscall6(SYS_FSCONFIG, uintptr(fd), uintptr(cmd), uintptr(unsafe.Pointer(key)), uintptr(unsafe.Pointer(value)), uintptr(aux), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func Getdents(fd int, buf []byte) (n int, err error) { var _p0 unsafe.Pointer if len(buf) > 0 { diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux.go b/vendor/golang.org/x/sys/unix/ztypes_linux.go index dc0c955eecd..eff6bcdef81 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux.go @@ -836,6 +836,15 @@ const ( FSPICK_EMPTY_PATH = 0x8 FSMOUNT_CLOEXEC = 0x1 + + FSCONFIG_SET_FLAG = 0x0 + FSCONFIG_SET_STRING = 0x1 + FSCONFIG_SET_BINARY = 0x2 + FSCONFIG_SET_PATH = 0x3 + FSCONFIG_SET_PATH_EMPTY = 0x4 + FSCONFIG_SET_FD = 0x5 + FSCONFIG_CMD_CREATE = 0x6 + FSCONFIG_CMD_RECONFIGURE = 0x7 ) type OpenHow struct { @@ -1550,6 +1559,7 @@ const ( IFLA_DEVLINK_PORT = 0x3e IFLA_GSO_IPV4_MAX_SIZE = 0x3f IFLA_GRO_IPV4_MAX_SIZE = 0x40 + IFLA_DPLL_PIN = 0x41 IFLA_PROTO_DOWN_REASON_UNSPEC = 0x0 IFLA_PROTO_DOWN_REASON_MASK = 0x1 IFLA_PROTO_DOWN_REASON_VALUE = 0x2 @@ -1565,6 +1575,7 @@ const ( IFLA_INET6_ICMP6STATS = 0x6 IFLA_INET6_TOKEN = 0x7 IFLA_INET6_ADDR_GEN_MODE = 0x8 + IFLA_INET6_RA_MTU = 0x9 IFLA_BR_UNSPEC = 0x0 IFLA_BR_FORWARD_DELAY = 0x1 IFLA_BR_HELLO_TIME = 0x2 @@ -1612,6 +1623,9 @@ const ( IFLA_BR_MCAST_MLD_VERSION = 0x2c IFLA_BR_VLAN_STATS_PER_PORT = 0x2d IFLA_BR_MULTI_BOOLOPT = 0x2e + IFLA_BR_MCAST_QUERIER_STATE = 0x2f + IFLA_BR_FDB_N_LEARNED = 0x30 + IFLA_BR_FDB_MAX_LEARNED = 0x31 IFLA_BRPORT_UNSPEC = 0x0 IFLA_BRPORT_STATE = 0x1 IFLA_BRPORT_PRIORITY = 0x2 @@ -1649,6 +1663,14 @@ const ( IFLA_BRPORT_BACKUP_PORT = 0x22 IFLA_BRPORT_MRP_RING_OPEN = 0x23 IFLA_BRPORT_MRP_IN_OPEN = 0x24 + IFLA_BRPORT_MCAST_EHT_HOSTS_LIMIT = 0x25 + IFLA_BRPORT_MCAST_EHT_HOSTS_CNT = 0x26 + IFLA_BRPORT_LOCKED = 0x27 + IFLA_BRPORT_MAB = 0x28 + IFLA_BRPORT_MCAST_N_GROUPS = 0x29 + IFLA_BRPORT_MCAST_MAX_GROUPS = 0x2a + IFLA_BRPORT_NEIGH_VLAN_SUPPRESS = 0x2b + IFLA_BRPORT_BACKUP_NHID = 0x2c IFLA_INFO_UNSPEC = 0x0 IFLA_INFO_KIND = 0x1 IFLA_INFO_DATA = 0x2 @@ -1670,6 +1692,9 @@ const ( IFLA_MACVLAN_MACADDR = 0x4 IFLA_MACVLAN_MACADDR_DATA = 0x5 IFLA_MACVLAN_MACADDR_COUNT = 0x6 + IFLA_MACVLAN_BC_QUEUE_LEN = 0x7 + IFLA_MACVLAN_BC_QUEUE_LEN_USED = 0x8 + IFLA_MACVLAN_BC_CUTOFF = 0x9 IFLA_VRF_UNSPEC = 0x0 IFLA_VRF_TABLE = 0x1 IFLA_VRF_PORT_UNSPEC = 0x0 @@ -1693,9 +1718,22 @@ const ( IFLA_XFRM_UNSPEC = 0x0 IFLA_XFRM_LINK = 0x1 IFLA_XFRM_IF_ID = 0x2 + IFLA_XFRM_COLLECT_METADATA = 0x3 IFLA_IPVLAN_UNSPEC = 0x0 IFLA_IPVLAN_MODE = 0x1 IFLA_IPVLAN_FLAGS = 0x2 + NETKIT_NEXT = -0x1 + NETKIT_PASS = 0x0 + NETKIT_DROP = 0x2 + NETKIT_REDIRECT = 0x7 + NETKIT_L2 = 0x0 + NETKIT_L3 = 0x1 + IFLA_NETKIT_UNSPEC = 0x0 + IFLA_NETKIT_PEER_INFO = 0x1 + IFLA_NETKIT_PRIMARY = 0x2 + IFLA_NETKIT_POLICY = 0x3 + IFLA_NETKIT_PEER_POLICY = 0x4 + IFLA_NETKIT_MODE = 0x5 IFLA_VXLAN_UNSPEC = 0x0 IFLA_VXLAN_ID = 0x1 IFLA_VXLAN_GROUP = 0x2 @@ -1726,6 +1764,8 @@ const ( IFLA_VXLAN_GPE = 0x1b IFLA_VXLAN_TTL_INHERIT = 0x1c IFLA_VXLAN_DF = 0x1d + IFLA_VXLAN_VNIFILTER = 0x1e + IFLA_VXLAN_LOCALBYPASS = 0x1f IFLA_GENEVE_UNSPEC = 0x0 IFLA_GENEVE_ID = 0x1 IFLA_GENEVE_REMOTE = 0x2 @@ -1740,6 +1780,7 @@ const ( IFLA_GENEVE_LABEL = 0xb IFLA_GENEVE_TTL_INHERIT = 0xc IFLA_GENEVE_DF = 0xd + IFLA_GENEVE_INNER_PROTO_INHERIT = 0xe IFLA_BAREUDP_UNSPEC = 0x0 IFLA_BAREUDP_PORT = 0x1 IFLA_BAREUDP_ETHERTYPE = 0x2 @@ -1752,6 +1793,8 @@ const ( IFLA_GTP_FD1 = 0x2 IFLA_GTP_PDP_HASHSIZE = 0x3 IFLA_GTP_ROLE = 0x4 + IFLA_GTP_CREATE_SOCKETS = 0x5 + IFLA_GTP_RESTART_COUNT = 0x6 IFLA_BOND_UNSPEC = 0x0 IFLA_BOND_MODE = 0x1 IFLA_BOND_ACTIVE_SLAVE = 0x2 @@ -1781,6 +1824,9 @@ const ( IFLA_BOND_AD_ACTOR_SYSTEM = 0x1a IFLA_BOND_TLB_DYNAMIC_LB = 0x1b IFLA_BOND_PEER_NOTIF_DELAY = 0x1c + IFLA_BOND_AD_LACP_ACTIVE = 0x1d + IFLA_BOND_MISSED_MAX = 0x1e + IFLA_BOND_NS_IP6_TARGET = 0x1f IFLA_BOND_AD_INFO_UNSPEC = 0x0 IFLA_BOND_AD_INFO_AGGREGATOR = 0x1 IFLA_BOND_AD_INFO_NUM_PORTS = 0x2 @@ -1796,6 +1842,7 @@ const ( IFLA_BOND_SLAVE_AD_AGGREGATOR_ID = 0x6 IFLA_BOND_SLAVE_AD_ACTOR_OPER_PORT_STATE = 0x7 IFLA_BOND_SLAVE_AD_PARTNER_OPER_PORT_STATE = 0x8 + IFLA_BOND_SLAVE_PRIO = 0x9 IFLA_VF_INFO_UNSPEC = 0x0 IFLA_VF_INFO = 0x1 IFLA_VF_UNSPEC = 0x0 @@ -1854,8 +1901,16 @@ const ( IFLA_STATS_LINK_XSTATS_SLAVE = 0x3 IFLA_STATS_LINK_OFFLOAD_XSTATS = 0x4 IFLA_STATS_AF_SPEC = 0x5 + IFLA_STATS_GETSET_UNSPEC = 0x0 + IFLA_STATS_GET_FILTERS = 0x1 + IFLA_STATS_SET_OFFLOAD_XSTATS_L3_STATS = 0x2 IFLA_OFFLOAD_XSTATS_UNSPEC = 0x0 IFLA_OFFLOAD_XSTATS_CPU_HIT = 0x1 + IFLA_OFFLOAD_XSTATS_HW_S_INFO = 0x2 + IFLA_OFFLOAD_XSTATS_L3_STATS = 0x3 + IFLA_OFFLOAD_XSTATS_HW_S_INFO_UNSPEC = 0x0 + IFLA_OFFLOAD_XSTATS_HW_S_INFO_REQUEST = 0x1 + IFLA_OFFLOAD_XSTATS_HW_S_INFO_USED = 0x2 IFLA_XDP_UNSPEC = 0x0 IFLA_XDP_FD = 0x1 IFLA_XDP_ATTACHED = 0x2 @@ -1885,6 +1940,11 @@ const ( IFLA_RMNET_UNSPEC = 0x0 IFLA_RMNET_MUX_ID = 0x1 IFLA_RMNET_FLAGS = 0x2 + IFLA_MCTP_UNSPEC = 0x0 + IFLA_MCTP_NET = 0x1 + IFLA_DSA_UNSPEC = 0x0 + IFLA_DSA_CONDUIT = 0x1 + IFLA_DSA_MASTER = 0x1 ) const ( diff --git a/vendor/modules.txt b/vendor/modules.txt index 7faabc28a10..9904e14ef6d 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -82,7 +82,7 @@ golang.org/x/exp/slices # golang.org/x/net v0.21.0 ## explicit; go 1.18 golang.org/x/net/bpf -# golang.org/x/sys v0.17.0 +# golang.org/x/sys v0.18.0 ## explicit; go 1.18 golang.org/x/sys/execabs golang.org/x/sys/unix From 7ab66b187ce7be2ac71a6bd823f552a5ed1739e8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 6 Mar 2024 12:59:30 +0000 Subject: [PATCH 0516/1176] build(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0 Bumps google.golang.org/protobuf from 1.32.0 to 1.33.0. --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 +- .../internal/editiondefaults/defaults.go | 12 ++ .../editiondefaults/editions_defaults.binpb | 4 + .../protobuf/internal/filedesc/desc.go | 67 +++++--- .../protobuf/internal/filedesc/desc_init.go | 52 ++++++ .../protobuf/internal/filedesc/desc_lazy.go | 28 ++++ .../protobuf/internal/filedesc/editions.go | 142 ++++++++++++++++ .../protobuf/internal/genid/descriptor_gen.go | 152 +++++++++++++++++- .../internal/genid/go_features_gen.go | 31 ++++ .../protobuf/internal/genid/struct_gen.go | 5 + .../protobuf/internal/genid/type_gen.go | 38 +++++ .../protobuf/internal/impl/codec_extension.go | 22 +-- .../protobuf/internal/impl/codec_tables.go | 2 +- .../internal/impl/message_reflect_field.go | 2 +- .../protobuf/internal/strs/strings.go | 2 +- .../protobuf/internal/version/version.go | 2 +- .../protobuf/reflect/protoreflect/proto.go | 2 + .../reflect/protoreflect/source_gen.go | 2 - vendor/modules.txt | 3 +- 20 files changed, 525 insertions(+), 49 deletions(-) create mode 100644 vendor/google.golang.org/protobuf/internal/editiondefaults/defaults.go create mode 100644 vendor/google.golang.org/protobuf/internal/editiondefaults/editions_defaults.binpb create mode 100644 vendor/google.golang.org/protobuf/internal/filedesc/editions.go create mode 100644 vendor/google.golang.org/protobuf/internal/genid/go_features_gen.go diff --git a/go.mod b/go.mod index 405b72d2435..8bed629a0dd 100644 --- a/go.mod +++ b/go.mod @@ -22,7 +22,7 @@ require ( github.com/vishvananda/netlink v1.1.0 golang.org/x/net v0.21.0 golang.org/x/sys v0.18.0 - google.golang.org/protobuf v1.32.0 + google.golang.org/protobuf v1.33.0 ) require ( diff --git a/go.sum b/go.sum index 76741702580..d1f1c663f5b 100644 --- a/go.sum +++ b/go.sum @@ -77,8 +77,8 @@ golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.32.0 h1:pPC6BG5ex8PDFnkbrGU3EixyhKcQ2aDuBS36lqK/C7I= -google.golang.org/protobuf v1.32.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= +google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= +google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/vendor/google.golang.org/protobuf/internal/editiondefaults/defaults.go b/vendor/google.golang.org/protobuf/internal/editiondefaults/defaults.go new file mode 100644 index 00000000000..14656b65ab1 --- /dev/null +++ b/vendor/google.golang.org/protobuf/internal/editiondefaults/defaults.go @@ -0,0 +1,12 @@ +// Copyright 2024 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Package editiondefaults contains the binary representation of the editions +// defaults. +package editiondefaults + +import _ "embed" + +//go:embed editions_defaults.binpb +var Defaults []byte diff --git a/vendor/google.golang.org/protobuf/internal/editiondefaults/editions_defaults.binpb b/vendor/google.golang.org/protobuf/internal/editiondefaults/editions_defaults.binpb new file mode 100644 index 00000000000..18f07568743 --- /dev/null +++ b/vendor/google.golang.org/protobuf/internal/editiondefaults/editions_defaults.binpb @@ -0,0 +1,4 @@ + +  (0æ +  (0ç +  (0è æ(è \ No newline at end of file diff --git a/vendor/google.golang.org/protobuf/internal/filedesc/desc.go b/vendor/google.golang.org/protobuf/internal/filedesc/desc.go index 193c68e8f91..8826bcf4021 100644 --- a/vendor/google.golang.org/protobuf/internal/filedesc/desc.go +++ b/vendor/google.golang.org/protobuf/internal/filedesc/desc.go @@ -68,7 +68,7 @@ type ( Extensions Extensions Services Services - EditionFeatures FileEditionFeatures + EditionFeatures EditionFeatures } FileL2 struct { Options func() protoreflect.ProtoMessage @@ -76,10 +76,13 @@ type ( Locations SourceLocations } - FileEditionFeatures struct { + EditionFeatures struct { // IsFieldPresence is true if field_presence is EXPLICIT // https://protobuf.dev/editions/features/#field_presence IsFieldPresence bool + // IsFieldPresence is true if field_presence is LEGACY_REQUIRED + // https://protobuf.dev/editions/features/#field_presence + IsLegacyRequired bool // IsOpenEnum is true if enum_type is OPEN // https://protobuf.dev/editions/features/#enum_type IsOpenEnum bool @@ -95,6 +98,9 @@ type ( // IsJSONCompliant is true if json_format is ALLOW // https://protobuf.dev/editions/features/#json_format IsJSONCompliant bool + // GenerateLegacyUnmarshalJSON determines if the plugin generates the + // UnmarshalJSON([]byte) error method for enums. + GenerateLegacyUnmarshalJSON bool } ) @@ -156,6 +162,8 @@ type ( } EnumL1 struct { eagerValues bool // controls whether EnumL2.Values is already populated + + EditionFeatures EditionFeatures } EnumL2 struct { Options func() protoreflect.ProtoMessage @@ -217,6 +225,8 @@ type ( Extensions Extensions IsMapEntry bool // promoted from google.protobuf.MessageOptions IsMessageSet bool // promoted from google.protobuf.MessageOptions + + EditionFeatures EditionFeatures } MessageL2 struct { Options func() protoreflect.ProtoMessage @@ -250,8 +260,7 @@ type ( Enum protoreflect.EnumDescriptor Message protoreflect.MessageDescriptor - // Edition features. - Presence bool + EditionFeatures EditionFeatures } Oneof struct { @@ -261,6 +270,8 @@ type ( OneofL1 struct { Options func() protoreflect.ProtoMessage Fields OneofFields // must be consistent with Message.Fields.ContainingOneof + + EditionFeatures EditionFeatures } ) @@ -310,26 +321,36 @@ func (fd *Field) Options() protoreflect.ProtoMessage { } func (fd *Field) Number() protoreflect.FieldNumber { return fd.L1.Number } func (fd *Field) Cardinality() protoreflect.Cardinality { return fd.L1.Cardinality } -func (fd *Field) Kind() protoreflect.Kind { return fd.L1.Kind } -func (fd *Field) HasJSONName() bool { return fd.L1.StringName.hasJSON } -func (fd *Field) JSONName() string { return fd.L1.StringName.getJSON(fd) } -func (fd *Field) TextName() string { return fd.L1.StringName.getText(fd) } +func (fd *Field) Kind() protoreflect.Kind { + return fd.L1.Kind +} +func (fd *Field) HasJSONName() bool { return fd.L1.StringName.hasJSON } +func (fd *Field) JSONName() string { return fd.L1.StringName.getJSON(fd) } +func (fd *Field) TextName() string { return fd.L1.StringName.getText(fd) } func (fd *Field) HasPresence() bool { - if fd.L0.ParentFile.L1.Syntax == protoreflect.Editions { - return fd.L1.Presence || fd.L1.Message != nil || fd.L1.ContainingOneof != nil + if fd.L1.Cardinality == protoreflect.Repeated { + return false } - return fd.L1.Cardinality != protoreflect.Repeated && (fd.L0.ParentFile.L1.Syntax == protoreflect.Proto2 || fd.L1.Message != nil || fd.L1.ContainingOneof != nil) + explicitFieldPresence := fd.Syntax() == protoreflect.Editions && fd.L1.EditionFeatures.IsFieldPresence + return fd.Syntax() == protoreflect.Proto2 || explicitFieldPresence || fd.L1.Message != nil || fd.L1.ContainingOneof != nil } func (fd *Field) HasOptionalKeyword() bool { return (fd.L0.ParentFile.L1.Syntax == protoreflect.Proto2 && fd.L1.Cardinality == protoreflect.Optional && fd.L1.ContainingOneof == nil) || fd.L1.IsProto3Optional } func (fd *Field) IsPacked() bool { - if !fd.L1.HasPacked && fd.L0.ParentFile.L1.Syntax != protoreflect.Proto2 && fd.L1.Cardinality == protoreflect.Repeated { - switch fd.L1.Kind { - case protoreflect.StringKind, protoreflect.BytesKind, protoreflect.MessageKind, protoreflect.GroupKind: - default: - return true - } + if fd.L1.Cardinality != protoreflect.Repeated { + return false + } + switch fd.L1.Kind { + case protoreflect.StringKind, protoreflect.BytesKind, protoreflect.MessageKind, protoreflect.GroupKind: + return false + } + if fd.L0.ParentFile.L1.Syntax == protoreflect.Editions { + return fd.L1.EditionFeatures.IsPacked + } + if fd.L0.ParentFile.L1.Syntax == protoreflect.Proto3 { + // proto3 repeated fields are packed by default. + return !fd.L1.HasPacked || fd.L1.IsPacked } return fd.L1.IsPacked } @@ -378,6 +399,9 @@ func (fd *Field) ProtoType(protoreflect.FieldDescriptor) {} // WARNING: This method is exempt from the compatibility promise and may be // removed in the future without warning. func (fd *Field) EnforceUTF8() bool { + if fd.L0.ParentFile.L1.Syntax == protoreflect.Editions { + return fd.L1.EditionFeatures.IsUTF8Validated + } if fd.L1.HasEnforceUTF8 { return fd.L1.EnforceUTF8 } @@ -404,10 +428,11 @@ type ( L2 *ExtensionL2 // protected by fileDesc.once } ExtensionL1 struct { - Number protoreflect.FieldNumber - Extendee protoreflect.MessageDescriptor - Cardinality protoreflect.Cardinality - Kind protoreflect.Kind + Number protoreflect.FieldNumber + Extendee protoreflect.MessageDescriptor + Cardinality protoreflect.Cardinality + Kind protoreflect.Kind + EditionFeatures EditionFeatures } ExtensionL2 struct { Options func() protoreflect.ProtoMessage diff --git a/vendor/google.golang.org/protobuf/internal/filedesc/desc_init.go b/vendor/google.golang.org/protobuf/internal/filedesc/desc_init.go index 4a1584c9d29..237e64fd237 100644 --- a/vendor/google.golang.org/protobuf/internal/filedesc/desc_init.go +++ b/vendor/google.golang.org/protobuf/internal/filedesc/desc_init.go @@ -5,6 +5,7 @@ package filedesc import ( + "fmt" "sync" "google.golang.org/protobuf/encoding/protowire" @@ -98,6 +99,7 @@ func (fd *File) unmarshalSeed(b []byte) { var prevField protoreflect.FieldNumber var numEnums, numMessages, numExtensions, numServices int var posEnums, posMessages, posExtensions, posServices int + var options []byte b0 := b for len(b) > 0 { num, typ, n := protowire.ConsumeTag(b) @@ -113,6 +115,8 @@ func (fd *File) unmarshalSeed(b []byte) { fd.L1.Syntax = protoreflect.Proto2 case "proto3": fd.L1.Syntax = protoreflect.Proto3 + case "editions": + fd.L1.Syntax = protoreflect.Editions default: panic("invalid syntax") } @@ -120,6 +124,8 @@ func (fd *File) unmarshalSeed(b []byte) { fd.L1.Path = sb.MakeString(v) case genid.FileDescriptorProto_Package_field_number: fd.L1.Package = protoreflect.FullName(sb.MakeString(v)) + case genid.FileDescriptorProto_Options_field_number: + options = v case genid.FileDescriptorProto_EnumType_field_number: if prevField != genid.FileDescriptorProto_EnumType_field_number { if numEnums > 0 { @@ -154,6 +160,13 @@ func (fd *File) unmarshalSeed(b []byte) { numServices++ } prevField = num + case protowire.VarintType: + v, m := protowire.ConsumeVarint(b) + b = b[m:] + switch num { + case genid.FileDescriptorProto_Edition_field_number: + fd.L1.Edition = Edition(v) + } default: m := protowire.ConsumeFieldValue(num, typ, b) b = b[m:] @@ -166,6 +179,15 @@ func (fd *File) unmarshalSeed(b []byte) { fd.L1.Syntax = protoreflect.Proto2 } + if fd.L1.Syntax == protoreflect.Editions { + fd.L1.EditionFeatures = getFeaturesFor(fd.L1.Edition) + } + + // Parse editions features from options if any + if options != nil { + fd.unmarshalSeedOptions(options) + } + // Must allocate all declarations before parsing each descriptor type // to ensure we handled all descriptors in "flattened ordering". if numEnums > 0 { @@ -219,6 +241,28 @@ func (fd *File) unmarshalSeed(b []byte) { } } +func (fd *File) unmarshalSeedOptions(b []byte) { + for b := b; len(b) > 0; { + num, typ, n := protowire.ConsumeTag(b) + b = b[n:] + switch typ { + case protowire.BytesType: + v, m := protowire.ConsumeBytes(b) + b = b[m:] + switch num { + case genid.FileOptions_Features_field_number: + if fd.Syntax() != protoreflect.Editions { + panic(fmt.Sprintf("invalid descriptor: using edition features in a proto with syntax %s", fd.Syntax())) + } + fd.L1.EditionFeatures = unmarshalFeatureSet(v, fd.L1.EditionFeatures) + } + default: + m := protowire.ConsumeFieldValue(num, typ, b) + b = b[m:] + } + } +} + func (ed *Enum) unmarshalSeed(b []byte, sb *strs.Builder, pf *File, pd protoreflect.Descriptor, i int) { ed.L0.ParentFile = pf ed.L0.Parent = pd @@ -275,6 +319,7 @@ func (md *Message) unmarshalSeed(b []byte, sb *strs.Builder, pf *File, pd protor md.L0.ParentFile = pf md.L0.Parent = pd md.L0.Index = i + md.L1.EditionFeatures = featuresFromParentDesc(md.Parent()) var prevField protoreflect.FieldNumber var numEnums, numMessages, numExtensions int @@ -380,6 +425,13 @@ func (md *Message) unmarshalSeedOptions(b []byte) { case genid.MessageOptions_MessageSetWireFormat_field_number: md.L1.IsMessageSet = protowire.DecodeBool(v) } + case protowire.BytesType: + v, m := protowire.ConsumeBytes(b) + b = b[m:] + switch num { + case genid.MessageOptions_Features_field_number: + md.L1.EditionFeatures = unmarshalFeatureSet(v, md.L1.EditionFeatures) + } default: m := protowire.ConsumeFieldValue(num, typ, b) b = b[m:] diff --git a/vendor/google.golang.org/protobuf/internal/filedesc/desc_lazy.go b/vendor/google.golang.org/protobuf/internal/filedesc/desc_lazy.go index 736a19a75bc..482a61cc10e 100644 --- a/vendor/google.golang.org/protobuf/internal/filedesc/desc_lazy.go +++ b/vendor/google.golang.org/protobuf/internal/filedesc/desc_lazy.go @@ -414,6 +414,7 @@ func (fd *Field) unmarshalFull(b []byte, sb *strs.Builder, pf *File, pd protoref fd.L0.ParentFile = pf fd.L0.Parent = pd fd.L0.Index = i + fd.L1.EditionFeatures = featuresFromParentDesc(fd.Parent()) var rawTypeName []byte var rawOptions []byte @@ -465,6 +466,12 @@ func (fd *Field) unmarshalFull(b []byte, sb *strs.Builder, pf *File, pd protoref b = b[m:] } } + if fd.Syntax() == protoreflect.Editions && fd.L1.Kind == protoreflect.MessageKind && fd.L1.EditionFeatures.IsDelimitedEncoded { + fd.L1.Kind = protoreflect.GroupKind + } + if fd.Syntax() == protoreflect.Editions && fd.L1.EditionFeatures.IsLegacyRequired { + fd.L1.Cardinality = protoreflect.Required + } if rawTypeName != nil { name := makeFullName(sb, rawTypeName) switch fd.L1.Kind { @@ -497,6 +504,13 @@ func (fd *Field) unmarshalOptions(b []byte) { fd.L1.HasEnforceUTF8 = true fd.L1.EnforceUTF8 = protowire.DecodeBool(v) } + case protowire.BytesType: + v, m := protowire.ConsumeBytes(b) + b = b[m:] + switch num { + case genid.FieldOptions_Features_field_number: + fd.L1.EditionFeatures = unmarshalFeatureSet(v, fd.L1.EditionFeatures) + } default: m := protowire.ConsumeFieldValue(num, typ, b) b = b[m:] @@ -534,6 +548,7 @@ func (od *Oneof) unmarshalFull(b []byte, sb *strs.Builder, pf *File, pd protoref func (xd *Extension) unmarshalFull(b []byte, sb *strs.Builder) { var rawTypeName []byte var rawOptions []byte + xd.L1.EditionFeatures = featuresFromParentDesc(xd.L1.Extendee) xd.L2 = new(ExtensionL2) for len(b) > 0 { num, typ, n := protowire.ConsumeTag(b) @@ -565,6 +580,12 @@ func (xd *Extension) unmarshalFull(b []byte, sb *strs.Builder) { b = b[m:] } } + if xd.Syntax() == protoreflect.Editions && xd.L1.Kind == protoreflect.MessageKind && xd.L1.EditionFeatures.IsDelimitedEncoded { + xd.L1.Kind = protoreflect.GroupKind + } + if xd.Syntax() == protoreflect.Editions && xd.L1.EditionFeatures.IsLegacyRequired { + xd.L1.Cardinality = protoreflect.Required + } if rawTypeName != nil { name := makeFullName(sb, rawTypeName) switch xd.L1.Kind { @@ -589,6 +610,13 @@ func (xd *Extension) unmarshalOptions(b []byte) { case genid.FieldOptions_Packed_field_number: xd.L2.IsPacked = protowire.DecodeBool(v) } + case protowire.BytesType: + v, m := protowire.ConsumeBytes(b) + b = b[m:] + switch num { + case genid.FieldOptions_Features_field_number: + xd.L1.EditionFeatures = unmarshalFeatureSet(v, xd.L1.EditionFeatures) + } default: m := protowire.ConsumeFieldValue(num, typ, b) b = b[m:] diff --git a/vendor/google.golang.org/protobuf/internal/filedesc/editions.go b/vendor/google.golang.org/protobuf/internal/filedesc/editions.go new file mode 100644 index 00000000000..0375a49d407 --- /dev/null +++ b/vendor/google.golang.org/protobuf/internal/filedesc/editions.go @@ -0,0 +1,142 @@ +// Copyright 2024 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package filedesc + +import ( + "fmt" + + "google.golang.org/protobuf/encoding/protowire" + "google.golang.org/protobuf/internal/editiondefaults" + "google.golang.org/protobuf/internal/genid" + "google.golang.org/protobuf/reflect/protoreflect" +) + +var defaultsCache = make(map[Edition]EditionFeatures) + +func init() { + unmarshalEditionDefaults(editiondefaults.Defaults) +} + +func unmarshalGoFeature(b []byte, parent EditionFeatures) EditionFeatures { + for len(b) > 0 { + num, _, n := protowire.ConsumeTag(b) + b = b[n:] + switch num { + case genid.GoFeatures_LegacyUnmarshalJsonEnum_field_number: + v, m := protowire.ConsumeVarint(b) + b = b[m:] + parent.GenerateLegacyUnmarshalJSON = protowire.DecodeBool(v) + default: + panic(fmt.Sprintf("unkown field number %d while unmarshalling GoFeatures", num)) + } + } + return parent +} + +func unmarshalFeatureSet(b []byte, parent EditionFeatures) EditionFeatures { + for len(b) > 0 { + num, typ, n := protowire.ConsumeTag(b) + b = b[n:] + switch typ { + case protowire.VarintType: + v, m := protowire.ConsumeVarint(b) + b = b[m:] + switch num { + case genid.FeatureSet_FieldPresence_field_number: + parent.IsFieldPresence = v == genid.FeatureSet_EXPLICIT_enum_value || v == genid.FeatureSet_LEGACY_REQUIRED_enum_value + parent.IsLegacyRequired = v == genid.FeatureSet_LEGACY_REQUIRED_enum_value + case genid.FeatureSet_EnumType_field_number: + parent.IsOpenEnum = v == genid.FeatureSet_OPEN_enum_value + case genid.FeatureSet_RepeatedFieldEncoding_field_number: + parent.IsPacked = v == genid.FeatureSet_PACKED_enum_value + case genid.FeatureSet_Utf8Validation_field_number: + parent.IsUTF8Validated = v == genid.FeatureSet_VERIFY_enum_value + case genid.FeatureSet_MessageEncoding_field_number: + parent.IsDelimitedEncoded = v == genid.FeatureSet_DELIMITED_enum_value + case genid.FeatureSet_JsonFormat_field_number: + parent.IsJSONCompliant = v == genid.FeatureSet_ALLOW_enum_value + default: + panic(fmt.Sprintf("unkown field number %d while unmarshalling FeatureSet", num)) + } + case protowire.BytesType: + v, m := protowire.ConsumeBytes(b) + b = b[m:] + switch num { + case genid.GoFeatures_LegacyUnmarshalJsonEnum_field_number: + parent = unmarshalGoFeature(v, parent) + } + } + } + + return parent +} + +func featuresFromParentDesc(parentDesc protoreflect.Descriptor) EditionFeatures { + var parentFS EditionFeatures + switch p := parentDesc.(type) { + case *File: + parentFS = p.L1.EditionFeatures + case *Message: + parentFS = p.L1.EditionFeatures + default: + panic(fmt.Sprintf("unknown parent type %T", parentDesc)) + } + return parentFS +} + +func unmarshalEditionDefault(b []byte) { + var ed Edition + var fs EditionFeatures + for len(b) > 0 { + num, typ, n := protowire.ConsumeTag(b) + b = b[n:] + switch typ { + case protowire.VarintType: + v, m := protowire.ConsumeVarint(b) + b = b[m:] + switch num { + case genid.FeatureSetDefaults_FeatureSetEditionDefault_Edition_field_number: + ed = Edition(v) + } + case protowire.BytesType: + v, m := protowire.ConsumeBytes(b) + b = b[m:] + switch num { + case genid.FeatureSetDefaults_FeatureSetEditionDefault_Features_field_number: + fs = unmarshalFeatureSet(v, fs) + } + } + } + defaultsCache[ed] = fs +} + +func unmarshalEditionDefaults(b []byte) { + for len(b) > 0 { + num, _, n := protowire.ConsumeTag(b) + b = b[n:] + switch num { + case genid.FeatureSetDefaults_Defaults_field_number: + def, m := protowire.ConsumeBytes(b) + b = b[m:] + unmarshalEditionDefault(def) + case genid.FeatureSetDefaults_MinimumEdition_field_number, + genid.FeatureSetDefaults_MaximumEdition_field_number: + // We don't care about the minimum and maximum editions. If the + // edition we are looking for later on is not in the cache we know + // it is outside of the range between minimum and maximum edition. + _, m := protowire.ConsumeVarint(b) + b = b[m:] + default: + panic(fmt.Sprintf("unkown field number %d while unmarshalling EditionDefault", num)) + } + } +} + +func getFeaturesFor(ed Edition) EditionFeatures { + if def, ok := defaultsCache[ed]; ok { + return def + } + panic(fmt.Sprintf("unsupported edition: %v", ed)) +} diff --git a/vendor/google.golang.org/protobuf/internal/genid/descriptor_gen.go b/vendor/google.golang.org/protobuf/internal/genid/descriptor_gen.go index 8f94230ea1c..40272c893f7 100644 --- a/vendor/google.golang.org/protobuf/internal/genid/descriptor_gen.go +++ b/vendor/google.golang.org/protobuf/internal/genid/descriptor_gen.go @@ -18,6 +18,21 @@ const ( Edition_enum_name = "Edition" ) +// Enum values for google.protobuf.Edition. +const ( + Edition_EDITION_UNKNOWN_enum_value = 0 + Edition_EDITION_PROTO2_enum_value = 998 + Edition_EDITION_PROTO3_enum_value = 999 + Edition_EDITION_2023_enum_value = 1000 + Edition_EDITION_2024_enum_value = 1001 + Edition_EDITION_1_TEST_ONLY_enum_value = 1 + Edition_EDITION_2_TEST_ONLY_enum_value = 2 + Edition_EDITION_99997_TEST_ONLY_enum_value = 99997 + Edition_EDITION_99998_TEST_ONLY_enum_value = 99998 + Edition_EDITION_99999_TEST_ONLY_enum_value = 99999 + Edition_EDITION_MAX_enum_value = 2147483647 +) + // Names for google.protobuf.FileDescriptorSet. const ( FileDescriptorSet_message_name protoreflect.Name = "FileDescriptorSet" @@ -213,6 +228,12 @@ const ( ExtensionRangeOptions_VerificationState_enum_name = "VerificationState" ) +// Enum values for google.protobuf.ExtensionRangeOptions.VerificationState. +const ( + ExtensionRangeOptions_DECLARATION_enum_value = 0 + ExtensionRangeOptions_UNVERIFIED_enum_value = 1 +) + // Names for google.protobuf.ExtensionRangeOptions.Declaration. const ( ExtensionRangeOptions_Declaration_message_name protoreflect.Name = "Declaration" @@ -297,12 +318,41 @@ const ( FieldDescriptorProto_Type_enum_name = "Type" ) +// Enum values for google.protobuf.FieldDescriptorProto.Type. +const ( + FieldDescriptorProto_TYPE_DOUBLE_enum_value = 1 + FieldDescriptorProto_TYPE_FLOAT_enum_value = 2 + FieldDescriptorProto_TYPE_INT64_enum_value = 3 + FieldDescriptorProto_TYPE_UINT64_enum_value = 4 + FieldDescriptorProto_TYPE_INT32_enum_value = 5 + FieldDescriptorProto_TYPE_FIXED64_enum_value = 6 + FieldDescriptorProto_TYPE_FIXED32_enum_value = 7 + FieldDescriptorProto_TYPE_BOOL_enum_value = 8 + FieldDescriptorProto_TYPE_STRING_enum_value = 9 + FieldDescriptorProto_TYPE_GROUP_enum_value = 10 + FieldDescriptorProto_TYPE_MESSAGE_enum_value = 11 + FieldDescriptorProto_TYPE_BYTES_enum_value = 12 + FieldDescriptorProto_TYPE_UINT32_enum_value = 13 + FieldDescriptorProto_TYPE_ENUM_enum_value = 14 + FieldDescriptorProto_TYPE_SFIXED32_enum_value = 15 + FieldDescriptorProto_TYPE_SFIXED64_enum_value = 16 + FieldDescriptorProto_TYPE_SINT32_enum_value = 17 + FieldDescriptorProto_TYPE_SINT64_enum_value = 18 +) + // Full and short names for google.protobuf.FieldDescriptorProto.Label. const ( FieldDescriptorProto_Label_enum_fullname = "google.protobuf.FieldDescriptorProto.Label" FieldDescriptorProto_Label_enum_name = "Label" ) +// Enum values for google.protobuf.FieldDescriptorProto.Label. +const ( + FieldDescriptorProto_LABEL_OPTIONAL_enum_value = 1 + FieldDescriptorProto_LABEL_REPEATED_enum_value = 3 + FieldDescriptorProto_LABEL_REQUIRED_enum_value = 2 +) + // Names for google.protobuf.OneofDescriptorProto. const ( OneofDescriptorProto_message_name protoreflect.Name = "OneofDescriptorProto" @@ -474,7 +524,6 @@ const ( FileOptions_CcGenericServices_field_name protoreflect.Name = "cc_generic_services" FileOptions_JavaGenericServices_field_name protoreflect.Name = "java_generic_services" FileOptions_PyGenericServices_field_name protoreflect.Name = "py_generic_services" - FileOptions_PhpGenericServices_field_name protoreflect.Name = "php_generic_services" FileOptions_Deprecated_field_name protoreflect.Name = "deprecated" FileOptions_CcEnableArenas_field_name protoreflect.Name = "cc_enable_arenas" FileOptions_ObjcClassPrefix_field_name protoreflect.Name = "objc_class_prefix" @@ -497,7 +546,6 @@ const ( FileOptions_CcGenericServices_field_fullname protoreflect.FullName = "google.protobuf.FileOptions.cc_generic_services" FileOptions_JavaGenericServices_field_fullname protoreflect.FullName = "google.protobuf.FileOptions.java_generic_services" FileOptions_PyGenericServices_field_fullname protoreflect.FullName = "google.protobuf.FileOptions.py_generic_services" - FileOptions_PhpGenericServices_field_fullname protoreflect.FullName = "google.protobuf.FileOptions.php_generic_services" FileOptions_Deprecated_field_fullname protoreflect.FullName = "google.protobuf.FileOptions.deprecated" FileOptions_CcEnableArenas_field_fullname protoreflect.FullName = "google.protobuf.FileOptions.cc_enable_arenas" FileOptions_ObjcClassPrefix_field_fullname protoreflect.FullName = "google.protobuf.FileOptions.objc_class_prefix" @@ -523,7 +571,6 @@ const ( FileOptions_CcGenericServices_field_number protoreflect.FieldNumber = 16 FileOptions_JavaGenericServices_field_number protoreflect.FieldNumber = 17 FileOptions_PyGenericServices_field_number protoreflect.FieldNumber = 18 - FileOptions_PhpGenericServices_field_number protoreflect.FieldNumber = 42 FileOptions_Deprecated_field_number protoreflect.FieldNumber = 23 FileOptions_CcEnableArenas_field_number protoreflect.FieldNumber = 31 FileOptions_ObjcClassPrefix_field_number protoreflect.FieldNumber = 36 @@ -543,6 +590,13 @@ const ( FileOptions_OptimizeMode_enum_name = "OptimizeMode" ) +// Enum values for google.protobuf.FileOptions.OptimizeMode. +const ( + FileOptions_SPEED_enum_value = 1 + FileOptions_CODE_SIZE_enum_value = 2 + FileOptions_LITE_RUNTIME_enum_value = 3 +) + // Names for google.protobuf.MessageOptions. const ( MessageOptions_message_name protoreflect.Name = "MessageOptions" @@ -639,24 +693,59 @@ const ( FieldOptions_CType_enum_name = "CType" ) +// Enum values for google.protobuf.FieldOptions.CType. +const ( + FieldOptions_STRING_enum_value = 0 + FieldOptions_CORD_enum_value = 1 + FieldOptions_STRING_PIECE_enum_value = 2 +) + // Full and short names for google.protobuf.FieldOptions.JSType. const ( FieldOptions_JSType_enum_fullname = "google.protobuf.FieldOptions.JSType" FieldOptions_JSType_enum_name = "JSType" ) +// Enum values for google.protobuf.FieldOptions.JSType. +const ( + FieldOptions_JS_NORMAL_enum_value = 0 + FieldOptions_JS_STRING_enum_value = 1 + FieldOptions_JS_NUMBER_enum_value = 2 +) + // Full and short names for google.protobuf.FieldOptions.OptionRetention. const ( FieldOptions_OptionRetention_enum_fullname = "google.protobuf.FieldOptions.OptionRetention" FieldOptions_OptionRetention_enum_name = "OptionRetention" ) +// Enum values for google.protobuf.FieldOptions.OptionRetention. +const ( + FieldOptions_RETENTION_UNKNOWN_enum_value = 0 + FieldOptions_RETENTION_RUNTIME_enum_value = 1 + FieldOptions_RETENTION_SOURCE_enum_value = 2 +) + // Full and short names for google.protobuf.FieldOptions.OptionTargetType. const ( FieldOptions_OptionTargetType_enum_fullname = "google.protobuf.FieldOptions.OptionTargetType" FieldOptions_OptionTargetType_enum_name = "OptionTargetType" ) +// Enum values for google.protobuf.FieldOptions.OptionTargetType. +const ( + FieldOptions_TARGET_TYPE_UNKNOWN_enum_value = 0 + FieldOptions_TARGET_TYPE_FILE_enum_value = 1 + FieldOptions_TARGET_TYPE_EXTENSION_RANGE_enum_value = 2 + FieldOptions_TARGET_TYPE_MESSAGE_enum_value = 3 + FieldOptions_TARGET_TYPE_FIELD_enum_value = 4 + FieldOptions_TARGET_TYPE_ONEOF_enum_value = 5 + FieldOptions_TARGET_TYPE_ENUM_enum_value = 6 + FieldOptions_TARGET_TYPE_ENUM_ENTRY_enum_value = 7 + FieldOptions_TARGET_TYPE_SERVICE_enum_value = 8 + FieldOptions_TARGET_TYPE_METHOD_enum_value = 9 +) + // Names for google.protobuf.FieldOptions.EditionDefault. const ( FieldOptions_EditionDefault_message_name protoreflect.Name = "EditionDefault" @@ -813,6 +902,13 @@ const ( MethodOptions_IdempotencyLevel_enum_name = "IdempotencyLevel" ) +// Enum values for google.protobuf.MethodOptions.IdempotencyLevel. +const ( + MethodOptions_IDEMPOTENCY_UNKNOWN_enum_value = 0 + MethodOptions_NO_SIDE_EFFECTS_enum_value = 1 + MethodOptions_IDEMPOTENT_enum_value = 2 +) + // Names for google.protobuf.UninterpretedOption. const ( UninterpretedOption_message_name protoreflect.Name = "UninterpretedOption" @@ -909,36 +1005,79 @@ const ( FeatureSet_FieldPresence_enum_name = "FieldPresence" ) +// Enum values for google.protobuf.FeatureSet.FieldPresence. +const ( + FeatureSet_FIELD_PRESENCE_UNKNOWN_enum_value = 0 + FeatureSet_EXPLICIT_enum_value = 1 + FeatureSet_IMPLICIT_enum_value = 2 + FeatureSet_LEGACY_REQUIRED_enum_value = 3 +) + // Full and short names for google.protobuf.FeatureSet.EnumType. const ( FeatureSet_EnumType_enum_fullname = "google.protobuf.FeatureSet.EnumType" FeatureSet_EnumType_enum_name = "EnumType" ) +// Enum values for google.protobuf.FeatureSet.EnumType. +const ( + FeatureSet_ENUM_TYPE_UNKNOWN_enum_value = 0 + FeatureSet_OPEN_enum_value = 1 + FeatureSet_CLOSED_enum_value = 2 +) + // Full and short names for google.protobuf.FeatureSet.RepeatedFieldEncoding. const ( FeatureSet_RepeatedFieldEncoding_enum_fullname = "google.protobuf.FeatureSet.RepeatedFieldEncoding" FeatureSet_RepeatedFieldEncoding_enum_name = "RepeatedFieldEncoding" ) +// Enum values for google.protobuf.FeatureSet.RepeatedFieldEncoding. +const ( + FeatureSet_REPEATED_FIELD_ENCODING_UNKNOWN_enum_value = 0 + FeatureSet_PACKED_enum_value = 1 + FeatureSet_EXPANDED_enum_value = 2 +) + // Full and short names for google.protobuf.FeatureSet.Utf8Validation. const ( FeatureSet_Utf8Validation_enum_fullname = "google.protobuf.FeatureSet.Utf8Validation" FeatureSet_Utf8Validation_enum_name = "Utf8Validation" ) +// Enum values for google.protobuf.FeatureSet.Utf8Validation. +const ( + FeatureSet_UTF8_VALIDATION_UNKNOWN_enum_value = 0 + FeatureSet_VERIFY_enum_value = 2 + FeatureSet_NONE_enum_value = 3 +) + // Full and short names for google.protobuf.FeatureSet.MessageEncoding. const ( FeatureSet_MessageEncoding_enum_fullname = "google.protobuf.FeatureSet.MessageEncoding" FeatureSet_MessageEncoding_enum_name = "MessageEncoding" ) +// Enum values for google.protobuf.FeatureSet.MessageEncoding. +const ( + FeatureSet_MESSAGE_ENCODING_UNKNOWN_enum_value = 0 + FeatureSet_LENGTH_PREFIXED_enum_value = 1 + FeatureSet_DELIMITED_enum_value = 2 +) + // Full and short names for google.protobuf.FeatureSet.JsonFormat. const ( FeatureSet_JsonFormat_enum_fullname = "google.protobuf.FeatureSet.JsonFormat" FeatureSet_JsonFormat_enum_name = "JsonFormat" ) +// Enum values for google.protobuf.FeatureSet.JsonFormat. +const ( + FeatureSet_JSON_FORMAT_UNKNOWN_enum_value = 0 + FeatureSet_ALLOW_enum_value = 1 + FeatureSet_LEGACY_BEST_EFFORT_enum_value = 2 +) + // Names for google.protobuf.FeatureSetDefaults. const ( FeatureSetDefaults_message_name protoreflect.Name = "FeatureSetDefaults" @@ -1085,3 +1224,10 @@ const ( GeneratedCodeInfo_Annotation_Semantic_enum_fullname = "google.protobuf.GeneratedCodeInfo.Annotation.Semantic" GeneratedCodeInfo_Annotation_Semantic_enum_name = "Semantic" ) + +// Enum values for google.protobuf.GeneratedCodeInfo.Annotation.Semantic. +const ( + GeneratedCodeInfo_Annotation_NONE_enum_value = 0 + GeneratedCodeInfo_Annotation_SET_enum_value = 1 + GeneratedCodeInfo_Annotation_ALIAS_enum_value = 2 +) diff --git a/vendor/google.golang.org/protobuf/internal/genid/go_features_gen.go b/vendor/google.golang.org/protobuf/internal/genid/go_features_gen.go new file mode 100644 index 00000000000..fd9015e8eee --- /dev/null +++ b/vendor/google.golang.org/protobuf/internal/genid/go_features_gen.go @@ -0,0 +1,31 @@ +// Copyright 2019 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Code generated by generate-protos. DO NOT EDIT. + +package genid + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" +) + +const File_reflect_protodesc_proto_go_features_proto = "reflect/protodesc/proto/go_features.proto" + +// Names for google.protobuf.GoFeatures. +const ( + GoFeatures_message_name protoreflect.Name = "GoFeatures" + GoFeatures_message_fullname protoreflect.FullName = "google.protobuf.GoFeatures" +) + +// Field names for google.protobuf.GoFeatures. +const ( + GoFeatures_LegacyUnmarshalJsonEnum_field_name protoreflect.Name = "legacy_unmarshal_json_enum" + + GoFeatures_LegacyUnmarshalJsonEnum_field_fullname protoreflect.FullName = "google.protobuf.GoFeatures.legacy_unmarshal_json_enum" +) + +// Field numbers for google.protobuf.GoFeatures. +const ( + GoFeatures_LegacyUnmarshalJsonEnum_field_number protoreflect.FieldNumber = 1 +) diff --git a/vendor/google.golang.org/protobuf/internal/genid/struct_gen.go b/vendor/google.golang.org/protobuf/internal/genid/struct_gen.go index 1a38944b26e..ad6f80c460e 100644 --- a/vendor/google.golang.org/protobuf/internal/genid/struct_gen.go +++ b/vendor/google.golang.org/protobuf/internal/genid/struct_gen.go @@ -18,6 +18,11 @@ const ( NullValue_enum_name = "NullValue" ) +// Enum values for google.protobuf.NullValue. +const ( + NullValue_NULL_VALUE_enum_value = 0 +) + // Names for google.protobuf.Struct. const ( Struct_message_name protoreflect.Name = "Struct" diff --git a/vendor/google.golang.org/protobuf/internal/genid/type_gen.go b/vendor/google.golang.org/protobuf/internal/genid/type_gen.go index e0f75fea0a1..49bc73e259d 100644 --- a/vendor/google.golang.org/protobuf/internal/genid/type_gen.go +++ b/vendor/google.golang.org/protobuf/internal/genid/type_gen.go @@ -18,6 +18,13 @@ const ( Syntax_enum_name = "Syntax" ) +// Enum values for google.protobuf.Syntax. +const ( + Syntax_SYNTAX_PROTO2_enum_value = 0 + Syntax_SYNTAX_PROTO3_enum_value = 1 + Syntax_SYNTAX_EDITIONS_enum_value = 2 +) + // Names for google.protobuf.Type. const ( Type_message_name protoreflect.Name = "Type" @@ -105,12 +112,43 @@ const ( Field_Kind_enum_name = "Kind" ) +// Enum values for google.protobuf.Field.Kind. +const ( + Field_TYPE_UNKNOWN_enum_value = 0 + Field_TYPE_DOUBLE_enum_value = 1 + Field_TYPE_FLOAT_enum_value = 2 + Field_TYPE_INT64_enum_value = 3 + Field_TYPE_UINT64_enum_value = 4 + Field_TYPE_INT32_enum_value = 5 + Field_TYPE_FIXED64_enum_value = 6 + Field_TYPE_FIXED32_enum_value = 7 + Field_TYPE_BOOL_enum_value = 8 + Field_TYPE_STRING_enum_value = 9 + Field_TYPE_GROUP_enum_value = 10 + Field_TYPE_MESSAGE_enum_value = 11 + Field_TYPE_BYTES_enum_value = 12 + Field_TYPE_UINT32_enum_value = 13 + Field_TYPE_ENUM_enum_value = 14 + Field_TYPE_SFIXED32_enum_value = 15 + Field_TYPE_SFIXED64_enum_value = 16 + Field_TYPE_SINT32_enum_value = 17 + Field_TYPE_SINT64_enum_value = 18 +) + // Full and short names for google.protobuf.Field.Cardinality. const ( Field_Cardinality_enum_fullname = "google.protobuf.Field.Cardinality" Field_Cardinality_enum_name = "Cardinality" ) +// Enum values for google.protobuf.Field.Cardinality. +const ( + Field_CARDINALITY_UNKNOWN_enum_value = 0 + Field_CARDINALITY_OPTIONAL_enum_value = 1 + Field_CARDINALITY_REQUIRED_enum_value = 2 + Field_CARDINALITY_REPEATED_enum_value = 3 +) + // Names for google.protobuf.Enum. const ( Enum_message_name protoreflect.Name = "Enum" diff --git a/vendor/google.golang.org/protobuf/internal/impl/codec_extension.go b/vendor/google.golang.org/protobuf/internal/impl/codec_extension.go index e74cefdc506..2b8f122c27b 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/codec_extension.go +++ b/vendor/google.golang.org/protobuf/internal/impl/codec_extension.go @@ -21,26 +21,18 @@ type extensionFieldInfo struct { validation validationInfo } -var legacyExtensionFieldInfoCache sync.Map // map[protoreflect.ExtensionType]*extensionFieldInfo - func getExtensionFieldInfo(xt protoreflect.ExtensionType) *extensionFieldInfo { if xi, ok := xt.(*ExtensionInfo); ok { xi.lazyInit() return xi.info } - return legacyLoadExtensionFieldInfo(xt) -} - -// legacyLoadExtensionFieldInfo dynamically loads a *ExtensionInfo for xt. -func legacyLoadExtensionFieldInfo(xt protoreflect.ExtensionType) *extensionFieldInfo { - if xi, ok := legacyExtensionFieldInfoCache.Load(xt); ok { - return xi.(*extensionFieldInfo) - } - e := makeExtensionFieldInfo(xt.TypeDescriptor()) - if e, ok := legacyMessageTypeCache.LoadOrStore(xt, e); ok { - return e.(*extensionFieldInfo) - } - return e + // Ideally we'd cache the resulting *extensionFieldInfo so we don't have to + // recompute this metadata repeatedly. But without support for something like + // weak references, such a cache would pin temporary values (like dynamic + // extension types, constructed for the duration of a user request) to the + // heap forever, causing memory usage of the cache to grow unbounded. + // See discussion in https://github.com/golang/protobuf/issues/1521. + return makeExtensionFieldInfo(xt.TypeDescriptor()) } func makeExtensionFieldInfo(xd protoreflect.ExtensionDescriptor) *extensionFieldInfo { diff --git a/vendor/google.golang.org/protobuf/internal/impl/codec_tables.go b/vendor/google.golang.org/protobuf/internal/impl/codec_tables.go index 576dcf3aac5..13077751e2a 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/codec_tables.go +++ b/vendor/google.golang.org/protobuf/internal/impl/codec_tables.go @@ -197,7 +197,7 @@ func fieldCoder(fd protoreflect.FieldDescriptor, ft reflect.Type) (*MessageInfo, return getMessageInfo(ft), makeMessageFieldCoder(fd, ft) case fd.Kind() == protoreflect.GroupKind: return getMessageInfo(ft), makeGroupFieldCoder(fd, ft) - case fd.Syntax() == protoreflect.Proto3 && fd.ContainingOneof() == nil: + case !fd.HasPresence() && fd.ContainingOneof() == nil: // Populated oneof fields always encode even if set to the zero value, // which normally are not encoded in proto3. switch fd.Kind() { diff --git a/vendor/google.golang.org/protobuf/internal/impl/message_reflect_field.go b/vendor/google.golang.org/protobuf/internal/impl/message_reflect_field.go index 5e736c60efc..986322b195a 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/message_reflect_field.go +++ b/vendor/google.golang.org/protobuf/internal/impl/message_reflect_field.go @@ -538,6 +538,6 @@ func isZero(v reflect.Value) bool { } return true default: - panic(&reflect.ValueError{"reflect.Value.IsZero", v.Kind()}) + panic(&reflect.ValueError{Method: "reflect.Value.IsZero", Kind: v.Kind()}) } } diff --git a/vendor/google.golang.org/protobuf/internal/strs/strings.go b/vendor/google.golang.org/protobuf/internal/strs/strings.go index 0b74e76586b..a6e7df2443d 100644 --- a/vendor/google.golang.org/protobuf/internal/strs/strings.go +++ b/vendor/google.golang.org/protobuf/internal/strs/strings.go @@ -17,7 +17,7 @@ import ( // EnforceUTF8 reports whether to enforce strict UTF-8 validation. func EnforceUTF8(fd protoreflect.FieldDescriptor) bool { - if flags.ProtoLegacy { + if flags.ProtoLegacy || fd.Syntax() == protoreflect.Editions { if fd, ok := fd.(interface{ EnforceUTF8() bool }); ok { return fd.EnforceUTF8() } diff --git a/vendor/google.golang.org/protobuf/internal/version/version.go b/vendor/google.golang.org/protobuf/internal/version/version.go index d8f48faffac..a50fcfb49b7 100644 --- a/vendor/google.golang.org/protobuf/internal/version/version.go +++ b/vendor/google.golang.org/protobuf/internal/version/version.go @@ -51,7 +51,7 @@ import ( // 10. Send out the CL for review and submit it. const ( Major = 1 - Minor = 32 + Minor = 33 Patch = 0 PreRelease = "" ) diff --git a/vendor/google.golang.org/protobuf/reflect/protoreflect/proto.go b/vendor/google.golang.org/protobuf/reflect/protoreflect/proto.go index ec6572dfda9..00b01fbd8c9 100644 --- a/vendor/google.golang.org/protobuf/reflect/protoreflect/proto.go +++ b/vendor/google.golang.org/protobuf/reflect/protoreflect/proto.go @@ -175,6 +175,8 @@ func (s Syntax) String() string { return "proto2" case Proto3: return "proto3" + case Editions: + return "editions" default: return fmt.Sprintf("", s) } diff --git a/vendor/google.golang.org/protobuf/reflect/protoreflect/source_gen.go b/vendor/google.golang.org/protobuf/reflect/protoreflect/source_gen.go index 0c045db6ab6..7dcc2ff09e9 100644 --- a/vendor/google.golang.org/protobuf/reflect/protoreflect/source_gen.go +++ b/vendor/google.golang.org/protobuf/reflect/protoreflect/source_gen.go @@ -160,8 +160,6 @@ func (p *SourcePath) appendFileOptions(b []byte) []byte { b = p.appendSingularField(b, "java_generic_services", nil) case 18: b = p.appendSingularField(b, "py_generic_services", nil) - case 42: - b = p.appendSingularField(b, "php_generic_services", nil) case 23: b = p.appendSingularField(b, "deprecated", nil) case 31: diff --git a/vendor/modules.txt b/vendor/modules.txt index 9904e14ef6d..00751fad047 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -87,13 +87,14 @@ golang.org/x/net/bpf golang.org/x/sys/execabs golang.org/x/sys/unix golang.org/x/sys/windows -# google.golang.org/protobuf v1.32.0 +# google.golang.org/protobuf v1.33.0 ## explicit; go 1.17 google.golang.org/protobuf/encoding/prototext google.golang.org/protobuf/encoding/protowire google.golang.org/protobuf/internal/descfmt google.golang.org/protobuf/internal/descopts google.golang.org/protobuf/internal/detrand +google.golang.org/protobuf/internal/editiondefaults google.golang.org/protobuf/internal/encoding/defval google.golang.org/protobuf/internal/encoding/messageset google.golang.org/protobuf/internal/encoding/tag From bb5673f2652b3a5a79318374d4bcc67962901dcb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 6 Mar 2024 12:59:33 +0000 Subject: [PATCH 0517/1176] build(deps): bump golang.org/x/net from 0.21.0 to 0.22.0 Bumps [golang.org/x/net](https://github.com/golang/net) from 0.21.0 to 0.22.0. - [Commits](https://github.com/golang/net/compare/v0.21.0...v0.22.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- vendor/modules.txt | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index 405b72d2435..f33166c111a 100644 --- a/go.mod +++ b/go.mod @@ -20,7 +20,7 @@ require ( github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 github.com/urfave/cli v1.22.12 github.com/vishvananda/netlink v1.1.0 - golang.org/x/net v0.21.0 + golang.org/x/net v0.22.0 golang.org/x/sys v0.18.0 google.golang.org/protobuf v1.32.0 ) diff --git a/go.sum b/go.sum index 76741702580..4aa572222a3 100644 --- a/go.sum +++ b/go.sum @@ -65,8 +65,8 @@ github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df h1:OviZH7qLw/7Zo github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU= golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2 h1:Jvc7gsqn21cJHCmAWx0LiimpP18LZmUxkT5Mp7EZ1mI= golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= -golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4= -golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= +golang.org/x/net v0.22.0 h1:9sGLhx7iRIHEiX0oAJ3MRZMUCElJgy7Br1nO+AMN3Tc= +golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= diff --git a/vendor/modules.txt b/vendor/modules.txt index 9904e14ef6d..8a6ca460bf2 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -79,7 +79,7 @@ github.com/vishvananda/netns golang.org/x/exp/constraints golang.org/x/exp/maps golang.org/x/exp/slices -# golang.org/x/net v0.21.0 +# golang.org/x/net v0.22.0 ## explicit; go 1.18 golang.org/x/net/bpf # golang.org/x/sys v0.18.0 From 606251ab335482957f6f90fc30d39daad5ce0afb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 14 Feb 2024 04:14:03 +0000 Subject: [PATCH 0518/1176] build(deps): bump github.com/opencontainers/runtime-spec Bumps [github.com/opencontainers/runtime-spec](https://github.com/opencontainers/runtime-spec) from 1.1.1-0.20230823135140-4fec88fd00a4 to 1.2.0. - [Release notes](https://github.com/opencontainers/runtime-spec/releases) - [Changelog](https://github.com/opencontainers/runtime-spec/blob/main/ChangeLog) - [Commits](https://github.com/opencontainers/runtime-spec/commits/v1.2.0) --- updated-dependencies: - dependency-name: github.com/opencontainers/runtime-spec dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: Akihiro Suda --- docs/spec-conformance.md | 11 ++++++----- go.mod | 2 +- go.sum | 4 ++-- libcontainer/specconv/spec_linux.go | 4 ++-- update.go | 4 ++-- .../opencontainers/runtime-spec/specs-go/config.go | 10 ++++++++++ .../runtime-spec/specs-go/features/features.go | 6 ++++++ .../opencontainers/runtime-spec/specs-go/version.go | 4 ++-- vendor/modules.txt | 2 +- 9 files changed, 32 insertions(+), 15 deletions(-) diff --git a/docs/spec-conformance.md b/docs/spec-conformance.md index 7ef21d6f948..91c12aea8ac 100644 --- a/docs/spec-conformance.md +++ b/docs/spec-conformance.md @@ -1,14 +1,15 @@ # Spec conformance -This branch of runc implements the [OCI Runtime Spec v1.1.0](https://github.com/opencontainers/runtime-spec/tree/v1.1.0) +This branch of runc implements the [OCI Runtime Spec v1.2.0](https://github.com/opencontainers/runtime-spec/tree/v1.2.0) for the `linux` platform. The following features are not implemented yet: -Spec version | Feature | PR --------------|------------------------------------------|---------------------------------------------------------- -v1.1.0 | `SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV` | [#3862](https://github.com/opencontainers/runc/pull/3862) -v1.1.0 | `.process.ioPriority` | [#3783](https://github.com/opencontainers/runc/pull/3783) +Spec version | Feature | PR +-------------|------------------------------------------------|---------------------------------------------------------- +v1.1.0 | `SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV` | [#3862](https://github.com/opencontainers/runc/pull/3862) +v1.1.0 | `.process.ioPriority` | [#3783](https://github.com/opencontainers/runc/pull/3783) +v1.2.0 | Features: `potentiallyUnsafeConfigAnnotations` | TODO ## Architectures diff --git a/go.mod b/go.mod index 383c55dc09c..c1873925663 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/moby/sys/mountinfo v0.7.1 github.com/moby/sys/user v0.1.0 github.com/mrunalp/fileutils v0.5.1 - github.com/opencontainers/runtime-spec v1.1.1-0.20230823135140-4fec88fd00a4 + github.com/opencontainers/runtime-spec v1.2.0 github.com/opencontainers/selinux v1.11.0 github.com/seccomp/libseccomp-golang v0.10.0 github.com/sirupsen/logrus v1.9.3 diff --git a/go.sum b/go.sum index 6c7a5eac8f2..29e8089313a 100644 --- a/go.sum +++ b/go.sum @@ -32,8 +32,8 @@ github.com/moby/sys/user v0.1.0 h1:WmZ93f5Ux6het5iituh9x2zAG7NFY9Aqi49jjE1PaQg= github.com/moby/sys/user v0.1.0/go.mod h1:fKJhFOnsCN6xZ5gSfbM6zaHGgDJMrqt9/reuj4T7MmU= github.com/mrunalp/fileutils v0.5.1 h1:F+S7ZlNKnrwHfSwdlgNSkKo67ReVf8o9fel6C3dkm/Q= github.com/mrunalp/fileutils v0.5.1/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ= -github.com/opencontainers/runtime-spec v1.1.1-0.20230823135140-4fec88fd00a4 h1:EctkgBjZ1y4q+sibyuuIgiKpa0QSd2elFtSSdNvBVow= -github.com/opencontainers/runtime-spec v1.1.1-0.20230823135140-4fec88fd00a4/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= +github.com/opencontainers/runtime-spec v1.2.0 h1:z97+pHb3uELt/yiAWD691HNHQIF07bE7dzrbT927iTk= +github.com/opencontainers/runtime-spec v1.2.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/selinux v1.11.0 h1:+5Zbo97w3Lbmb3PeqQtpmTkMwsW5nRI3YaLpt7tQ7oU= github.com/opencontainers/selinux v1.11.0/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M586T4DlDRYpFkyec= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go index fbb68c24d5d..25ef7227f54 100644 --- a/libcontainer/specconv/spec_linux.go +++ b/libcontainer/specconv/spec_linux.go @@ -791,7 +791,7 @@ func CreateCgroupConfig(opts *CreateOpts, defaultDevs []*devices.Device) (*confi if r.Memory.Swap != nil { c.Resources.MemorySwap = *r.Memory.Swap } - if r.Memory.Kernel != nil || r.Memory.KernelTCP != nil { + if r.Memory.Kernel != nil || r.Memory.KernelTCP != nil { //nolint:staticcheck // Ignore SA1019. Need to keep deprecated package for compatibility. logrus.Warn("Kernel memory settings are ignored and will be removed") } if r.Memory.Swappiness != nil { @@ -1207,7 +1207,7 @@ func SetupSeccomp(config *specs.LinuxSeccomp) (*configs.Seccomp, error) { func createHooks(rspec *specs.Spec, config *configs.Config) { config.Hooks = configs.Hooks{} if rspec.Hooks != nil { - for _, h := range rspec.Hooks.Prestart { + for _, h := range rspec.Hooks.Prestart { //nolint:staticcheck // Ignore SA1019. Need to keep deprecated package for compatibility. cmd := createCommandHook(h) config.Hooks[configs.Prestart] = append(config.Hooks[configs.Prestart], configs.NewCommandHook(cmd)) } diff --git a/update.go b/update.go index fc2d656abbf..5bcc441a173 100644 --- a/update.go +++ b/update.go @@ -250,7 +250,7 @@ other options are ignored. }{ {"memory", r.Memory.Limit}, {"memory-swap", r.Memory.Swap}, - {"kernel-memory", r.Memory.Kernel}, + {"kernel-memory", r.Memory.Kernel}, //nolint:staticcheck // Ignore SA1019. Need to keep deprecated package for compatibility. {"kernel-memory-tcp", r.Memory.KernelTCP}, {"memory-reservation", r.Memory.Reservation}, } { @@ -272,7 +272,7 @@ other options are ignored. r.Pids.Limit = int64(context.Int("pids-limit")) } - if *r.Memory.Kernel != 0 || *r.Memory.KernelTCP != 0 { + if *r.Memory.Kernel != 0 || *r.Memory.KernelTCP != 0 { //nolint:staticcheck // Ignore SA1019. Need to keep deprecated package for compatibility. logrus.Warn("Kernel memory settings are ignored and will be removed") } diff --git a/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go b/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go index 4e7717d53f1..d1236ba7213 100644 --- a/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go +++ b/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go @@ -187,6 +187,10 @@ type Hook struct { type Hooks struct { // Prestart is Deprecated. Prestart is a list of hooks to be run before the container process is executed. // It is called in the Runtime Namespace + // + // Deprecated: use [Hooks.CreateRuntime], [Hooks.CreateContainer], and + // [Hooks.StartContainer] instead, which allow more granular hook control + // during the create and start phase. Prestart []Hook `json:"prestart,omitempty"` // CreateRuntime is a list of hooks to be run after the container has been created but before pivot_root or any equivalent operation has been called // It is called in the Runtime Namespace @@ -371,6 +375,12 @@ type LinuxMemory struct { // Total memory limit (memory + swap). Swap *int64 `json:"swap,omitempty"` // Kernel memory limit (in bytes). + // + // Deprecated: kernel-memory limits are not supported in cgroups v2, and + // were obsoleted in [kernel v5.4]. This field should no longer be used, + // as it may be ignored by runtimes. + // + // [kernel v5.4]: https://github.com/torvalds/linux/commit/0158115f702b0ba208ab0 Kernel *int64 `json:"kernel,omitempty"` // Kernel memory limit for tcp (in bytes) KernelTCP *int64 `json:"kernelTCP,omitempty"` diff --git a/vendor/github.com/opencontainers/runtime-spec/specs-go/features/features.go b/vendor/github.com/opencontainers/runtime-spec/specs-go/features/features.go index 39009c79d2c..949f532b65a 100644 --- a/vendor/github.com/opencontainers/runtime-spec/specs-go/features/features.go +++ b/vendor/github.com/opencontainers/runtime-spec/specs-go/features/features.go @@ -24,6 +24,12 @@ type Features struct { // Annotations contains implementation-specific annotation strings, // such as the implementation version, and third-party extensions. Annotations map[string]string `json:"annotations,omitempty"` + + // PotentiallyUnsafeConfigAnnotations the list of the potential unsafe annotations + // that may appear in `config.json`. + // + // A value that ends with "." is interpreted as a prefix of annotations. + PotentiallyUnsafeConfigAnnotations []string `json:"potentiallyUnsafeConfigAnnotations,omitempty"` } // Linux is specific to Linux. diff --git a/vendor/github.com/opencontainers/runtime-spec/specs-go/version.go b/vendor/github.com/opencontainers/runtime-spec/specs-go/version.go index 35358c2c5b2..503971e058b 100644 --- a/vendor/github.com/opencontainers/runtime-spec/specs-go/version.go +++ b/vendor/github.com/opencontainers/runtime-spec/specs-go/version.go @@ -6,12 +6,12 @@ const ( // VersionMajor is for an API incompatible changes VersionMajor = 1 // VersionMinor is for functionality in a backwards-compatible manner - VersionMinor = 1 + VersionMinor = 2 // VersionPatch is for backwards-compatible bug fixes VersionPatch = 0 // VersionDev indicates development branch. Releases will be empty string. - VersionDev = "+dev" + VersionDev = "" ) // Version is the specification version that the package types support. diff --git a/vendor/modules.txt b/vendor/modules.txt index 146cceeb3e3..3de1e684a57 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -42,7 +42,7 @@ github.com/moby/sys/user # github.com/mrunalp/fileutils v0.5.1 ## explicit; go 1.13 github.com/mrunalp/fileutils -# github.com/opencontainers/runtime-spec v1.1.1-0.20230823135140-4fec88fd00a4 +# github.com/opencontainers/runtime-spec v1.2.0 ## explicit github.com/opencontainers/runtime-spec/specs-go github.com/opencontainers/runtime-spec/specs-go/features From eefc6ae2544a6819da9f92c5aa8e65d356da4c96 Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Sat, 9 Mar 2024 21:30:56 +0900 Subject: [PATCH 0519/1176] features: implement returning potentiallyUnsafeConfigAnnotations list See https://github.com/opencontainers/runtime-spec/blob/v1.2.0/features.md#unsafe-annotations-in-configjson Signed-off-by: Akihiro Suda --- docs/spec-conformance.md | 1 - features.go | 5 +++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/docs/spec-conformance.md b/docs/spec-conformance.md index 91c12aea8ac..b4f3b9df660 100644 --- a/docs/spec-conformance.md +++ b/docs/spec-conformance.md @@ -9,7 +9,6 @@ Spec version | Feature | PR -------------|------------------------------------------------|---------------------------------------------------------- v1.1.0 | `SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV` | [#3862](https://github.com/opencontainers/runc/pull/3862) v1.1.0 | `.process.ioPriority` | [#3783](https://github.com/opencontainers/runc/pull/3783) -v1.2.0 | Features: `potentiallyUnsafeConfigAnnotations` | TODO ## Architectures diff --git a/features.go b/features.go index 81cd149ac73..eff04c1b2d2 100644 --- a/features.go +++ b/features.go @@ -64,6 +64,11 @@ var featuresCommand = cli.Command{ }, }, }, + PotentiallyUnsafeConfigAnnotations: []string{ + "bundle", + "org.systemd.property.", // prefix form + "org.criu.config", + }, } if seccomp.Enabled { From 37581ad3401bda7981cbf99aca7062e4bd93cfcf Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Wed, 13 Mar 2024 16:23:36 +1100 Subject: [PATCH 0520/1176] dmz: remove SELinux special-casing Now that runc-dmz is opt-in, we no longer need to try to detect whether SELinux would cause issues for us. We can also remove the special-purpose build-tag we added. Signed-off-by: Aleksa Sarai --- .cirrus.yml | 11 ----------- README.md | 1 - Vagrantfile.fedora | 3 --- libcontainer/container_linux.go | 4 ---- libcontainer/dmz/README.md | 12 ------------ libcontainer/dmz/selinux.go | 10 ---------- libcontainer/dmz/selinux_compat.go | 28 ---------------------------- tests/integration/helpers.bash | 14 ++++++++++++++ tests/integration/run.bats | 12 ++++++++++++ tests/integration/selinux.bats | 4 ++++ 10 files changed, 30 insertions(+), 69 deletions(-) delete mode 100644 libcontainer/dmz/selinux.go delete mode 100644 libcontainer/dmz/selinux_compat.go diff --git a/.cirrus.yml b/.cirrus.yml index a3fb3218e53..d79db495a0c 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -159,17 +159,6 @@ task: echo -e "Host localhost\n\tStrictHostKeyChecking no\t\nIdentityFile /root/.ssh/id_ed25519\n" >> /root/.ssh/config sed -e "s,PermitRootLogin.*,PermitRootLogin prohibit-password,g" -i /etc/ssh/sshd_config systemctl restart sshd - - # Disable the dmz-vs-selinux workaround for distros that have - # container-selinux >= 2.224.0 (CentOS 7 does not have it). - case $DISTRO in - centos-7) - # Do nothing. - ;; - *) - echo 'export EXTRA_BUILDTAGS=runc_dmz_selinux_nocompat' >> /root/.bashrc - ;; - esac host_info_script: | uname -a # ----- diff --git a/README.md b/README.md index df5061a37f1..91bebb637ba 100644 --- a/README.md +++ b/README.md @@ -69,7 +69,6 @@ make BUILDTAGS="" |---------------|---------------------------------------|--------------------|---------------------| | `seccomp` | Syscall filtering using `libseccomp`. | yes | `libseccomp` | | `!runc_nodmz` | Reduce memory usage for CVE-2019-5736 protection by using a small C binary, [see `memfd-bind` for more details][contrib-memfd-bind]. `runc_nodmz` disables this **experimental feature** and causes runc to use a different protection mechanism which will further increases memory usage temporarily during container startup. To enable this feature you also need to set the `RUNC_DMZ=true` environment variable. | yes || -| `runc_dmz_selinux_nocompat` | Disables a SELinux DMZ workaround (new distros should set this). See [dmz README] for details. | no || The following build tags were used earlier, but are now obsoleted: - **nokmem** (since runc v1.0.0-rc94 kernel memory settings are ignored) diff --git a/Vagrantfile.fedora b/Vagrantfile.fedora index b1e3d628894..9b4f6d72687 100644 --- a/Vagrantfile.fedora +++ b/Vagrantfile.fedora @@ -32,9 +32,6 @@ EOF # To avoid "avc: denied { nosuid_transition }" from SELinux as we run tests on /tmp. mount -o remount,suid /tmp - # Disable selinux-vs-dmz workaround as Fedora doesn't need it. - echo 'export EXTRA_BUILDTAGS=runc_dmz_selinux_nocompat' >> /root/.bashrc - # Prevent the "fatal: unsafe repository" git complain during build. git config --global --add safe.directory /vagrant diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index b3075fd34df..13be71ccb89 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -463,10 +463,6 @@ func slicesContains[S ~[]E, E comparable](slice S, needle E) bool { } func isDmzBinarySafe(c *configs.Config) bool { - if !dmz.WorksWithSELinux(c) { - return false - } - // Because we set the dumpable flag in nsexec, the only time when it is // unsafe to use runc-dmz is when the container process would be able to // race against "runc init" and bypass the ptrace_may_access() checks. diff --git a/libcontainer/dmz/README.md b/libcontainer/dmz/README.md index b415f9e3988..3cfa913ff68 100644 --- a/libcontainer/dmz/README.md +++ b/libcontainer/dmz/README.md @@ -15,16 +15,4 @@ It also support all the architectures we support in runc. If the GOARCH we use for compiling doesn't support nolibc, it fallbacks to using the C stdlib. -## SELinux compatibility issue and a workaround - -Older SELinux policy can prevent runc to execute the dmz binary. The issue is -fixed in [container-selinux v2.224.0]. Yet, some older distributions may not -have the fix, so runc has a runtime workaround of disabling dmz if it finds -that SELinux is in enforced mode and the container SELinux label is set. - -Distributions that have a sufficiently new container-selinux can disable the -workaround by building runc with the `runc_dmz_selinux_nocompat` build flag, -essentially allowing dmz to be used together with SELinux. - [nolibc-upstream]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/tools/include/nolibc?h=v6.6-rc3 -[container-selinux v2.224.0]: https://github.com/containers/container-selinux/releases/tag/v2.224.0 diff --git a/libcontainer/dmz/selinux.go b/libcontainer/dmz/selinux.go deleted file mode 100644 index 49a76ec1741..00000000000 --- a/libcontainer/dmz/selinux.go +++ /dev/null @@ -1,10 +0,0 @@ -//go:build runc_dmz_selinux_nocompat || !linux - -package dmz - -import "github.com/opencontainers/runc/libcontainer/configs" - -// WorksWithSELinux tells whether runc-dmz can work with SELinux. -func WorksWithSELinux(*configs.Config) bool { - return true -} diff --git a/libcontainer/dmz/selinux_compat.go b/libcontainer/dmz/selinux_compat.go deleted file mode 100644 index 027a5e76243..00000000000 --- a/libcontainer/dmz/selinux_compat.go +++ /dev/null @@ -1,28 +0,0 @@ -//go:build linux && !runc_dmz_selinux_nocompat - -package dmz - -import ( - "github.com/opencontainers/runc/libcontainer/configs" - "github.com/opencontainers/selinux/go-selinux" -) - -// WorksWithSELinux tells whether runc-dmz can work with SELinux. -// -// Older SELinux policy can prevent runc to execute the dmz binary. The issue is -// fixed in container-selinux >= 2.224.0: -// -// - https://github.com/containers/container-selinux/issues/274 -// - https://github.com/containers/container-selinux/pull/280 -// -// Alas, there is is no easy way to do a runtime check if dmz works with -// SELinux, so the below workaround is enabled by default. It results in -// disabling dmz in case container SELinux label is set and the selinux is in -// enforced mode. -// -// Newer distributions that have the sufficiently new container-selinux version -// can build runc with runc_dmz_selinux_nocompat build flag to disable this -// workaround (essentially allowing dmz to be used together with SELinux). -func WorksWithSELinux(c *configs.Config) bool { - return c.ProcessLabel == "" || selinux.EnforceMode() != selinux.Enforcing -} diff --git a/tests/integration/helpers.bash b/tests/integration/helpers.bash index 85e1113c46e..bd4d50c15e5 100755 --- a/tests/integration/helpers.bash +++ b/tests/integration/helpers.bash @@ -538,6 +538,20 @@ function requires() { done } +# Allow a test to specify that it will not work properly on a given OS. The +# fingerprint for the OS used for this test is $ID-$VERSION_ID, using the +# variables in /etc/os-release. The arguments are regular expressions, and any +# match will cause the test to be skipped. +function exclude_os() { + local host + host="$(sh -c '. /etc/os-release ; echo "$ID-$VERSION_ID"')" + for bad_os in "$@"; do + if [[ "$host" =~ ^$bad_os$ ]]; then + skip "test doesn't work on $bad_os" + fi + done +} + # Retry a command $1 times until it succeeds. Wait $2 seconds between retries. function retry() { local attempts=$1 diff --git a/tests/integration/run.bats b/tests/integration/run.bats index b49f3ac4c1a..c2e0f4d2686 100644 --- a/tests/integration/run.bats +++ b/tests/integration/run.bats @@ -128,6 +128,10 @@ function teardown() { } @test "RUNC_DMZ=true runc run [runc-dmz]" { + # centos-7 has an outdated container-selinux (<2.224.0) which means + # runc-dmz won't work. + exclude_os centos-7 + RUNC_DMZ=true runc --debug run test_hello [ "$status" -eq 0 ] [[ "$output" = *"Hello World"* ]] @@ -136,6 +140,10 @@ function teardown() { } @test "RUNC_DMZ=true runc run [cap_sys_ptrace -> /proc/self/exe clone]" { + # centos-7 has an outdated container-selinux (<2.224.0) which means + # runc-dmz won't work. + exclude_os centos-7 + # Add CAP_SYS_PTRACE to the bounding set, the minimum needed to indicate a # container process _could_ get CAP_SYS_PTRACE. update_config '.process.capabilities.bounding += ["CAP_SYS_PTRACE"]' @@ -232,6 +240,10 @@ function teardown() { } @test "RUNC_DMZ=true runc run [exec error]" { + # centos-7 has an outdated container-selinux (<2.224.0) which means + # runc-dmz won't work. + exclude_os centos-7 + cat <rootfs/run.sh #!/mmnnttbb foo bar sh diff --git a/tests/integration/selinux.bats b/tests/integration/selinux.bats index 19bc9d2070e..08246e6b04f 100644 --- a/tests/integration/selinux.bats +++ b/tests/integration/selinux.bats @@ -40,6 +40,10 @@ function teardown() { # https://github.com/opencontainers/runc/issues/4057 @test "runc run (custom selinux label, RUNC_DMZ=true)" { + # centos-7 has an outdated container-selinux (<2.224.0) which means + # runc-dmz won't work. + exclude_os centos-7 + update_config ' .process.selinuxLabel |= "system_u:system_r:container_t:s0:c4,c5" | .process.args = ["/bin/true"]' RUNC_DMZ=true runc run tst From da79b616a35e4bc06f148d71f8c71d82ff063247 Mon Sep 17 00:00:00 2001 From: lifubang Date: Thu, 14 Mar 2024 18:10:42 +0800 Subject: [PATCH 0521/1176] fix runc-dmz bin path error in Makefile Signed-off-by: lifubang --- Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index c858a1ceeee..eb57ba947ba 100644 --- a/Makefile +++ b/Makefile @@ -99,7 +99,7 @@ static-bin: runc-dmz .PHONY: runc-dmz runc-dmz: - rm -f libcontainer/dmz/runc-dmz + rm -f libcontainer/dmz/binary/runc-dmz $(GO) generate -tags "$(BUILDTAGS)" ./libcontainer/dmz .PHONY: releaseall @@ -242,12 +242,12 @@ verify-dependencies: vendor .PHONY: verify-dmz-arch verify-dmz-arch: - @if test -s libcontainer/dmz/runc-dmz; then \ + @if test -s libcontainer/dmz/binary/runc-dmz; then \ set -Eeuo pipefail; \ export LC_ALL=C; \ diff -u \ <(readelf -h runc | grep -E "(Machine|Flags):") \ - <(readelf -h libcontainer/dmz/runc-dmz | grep -E "(Machine|Flags):"); \ + <(readelf -h libcontainer/dmz/binary/runc-dmz | grep -E "(Machine|Flags):"); \ fi .PHONY: validate-keyring From cdccf6d615ac94ac2a3897392b29327e77720502 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Fri, 15 Mar 2024 17:33:11 +1100 Subject: [PATCH 0522/1176] build: update libseccomp to v2.5.5 This adds support for syscalls up to Linux 6.7-rc3. Signed-off-by: Aleksa Sarai --- Dockerfile | 2 +- script/release_build.sh | 2 +- script/seccomp.sh | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 6fa8752b5e3..7598cba9347 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ ARG GO_VERSION=1.20 ARG BATS_VERSION=v1.9.0 -ARG LIBSECCOMP_VERSION=2.5.4 +ARG LIBSECCOMP_VERSION=2.5.5 FROM golang:${GO_VERSION}-bullseye ARG DEBIAN_FRONTEND=noninteractive diff --git a/script/release_build.sh b/script/release_build.sh index 6c7aee88b23..476f08fa72b 100755 --- a/script/release_build.sh +++ b/script/release_build.sh @@ -19,7 +19,7 @@ set -e ## ---> # Project-specific options and functions. In *theory* you shouldn't need to # touch anything else in this script in order to use this elsewhere. -: "${LIBSECCOMP_VERSION:=2.5.4}" +: "${LIBSECCOMP_VERSION:=2.5.5}" project="runc" root="$(readlink -f "$(dirname "${BASH_SOURCE[0]}")/..")" diff --git a/script/seccomp.sh b/script/seccomp.sh index 955437c2fb4..dcc0d7ca345 100755 --- a/script/seccomp.sh +++ b/script/seccomp.sh @@ -7,7 +7,7 @@ source "$(dirname "${BASH_SOURCE[0]}")/lib.sh" # sha256 checksums for seccomp release tarballs. declare -A SECCOMP_SHA256=( - ["2.5.4"]=d82902400405cf0068574ef3dc1fe5f5926207543ba1ae6f8e7a1576351dcbdb + ["2.5.5"]=248a2c8a4d9b9858aa6baf52712c34afefcf9c9e94b76dce02c1c9aa25fb3375 ) # Due to libseccomp being LGPL we must include its sources, From ab6788d307a4360989e6d59b283fe2a5daf8d1a9 Mon Sep 17 00:00:00 2001 From: SuperQ Date: Fri, 15 Mar 2024 08:36:40 +0100 Subject: [PATCH 0523/1176] Remove dependabot ignore The referenced issue was fixed in `github.com/urfave/cli` v1.22.6. We can now remove the dependabot ignore for this package. Signed-off-by: SuperQ --- .github/dependabot.yml | 3 --- go.mod | 2 +- go.sum | 10 +++++----- vendor/modules.txt | 2 +- 4 files changed, 7 insertions(+), 10 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 4bd9208ec4b..16397754efe 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -8,9 +8,6 @@ updates: directory: "/" # Location of package manifests schedule: interval: "daily" - ignore: - # a regression in v1.22.2, see https://github.com/urfave/cli/issues/1092 - - dependency-name: "github.com/urfave/cli" # Dependencies listed in .github/workflows/*.yml - package-ecosystem: "github-actions" diff --git a/go.mod b/go.mod index c1873925663..40bebdf900f 100644 --- a/go.mod +++ b/go.mod @@ -18,7 +18,7 @@ require ( github.com/seccomp/libseccomp-golang v0.10.0 github.com/sirupsen/logrus v1.9.3 github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 - github.com/urfave/cli v1.22.12 + github.com/urfave/cli v1.22.14 github.com/vishvananda/netlink v1.1.0 golang.org/x/net v0.22.0 golang.org/x/sys v0.18.0 diff --git a/go.sum b/go.sum index 29e8089313a..956a5945fca 100644 --- a/go.sum +++ b/go.sum @@ -1,4 +1,4 @@ -github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= +github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/checkpoint-restore/go-criu/v6 v6.3.0 h1:mIdrSO2cPNWQY1truPg6uHLXyKHk3Z5Odx4wjKOASzA= github.com/checkpoint-restore/go-criu/v6 v6.3.0/go.mod h1:rrRTN/uSwY2X+BPRl/gkulo9gsKOSAeVp9/K2tv7xZI= github.com/cilium/ebpf v0.12.3 h1:8ht6F9MquybnY97at+VDZb3eQQr8ev79RueWeVaEcG4= @@ -53,12 +53,12 @@ github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpE github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= -github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk= -github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= +github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 h1:kdXcSzyDtseVEc4yCz2qF8ZrQvIDBJLl4S1c3GCXmoI= github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= -github.com/urfave/cli v1.22.12 h1:igJgVw1JdKH+trcLWLeLwZjU9fEfPesQ+9/e4MQ44S8= -github.com/urfave/cli v1.22.12/go.mod h1:sSBEIC79qR6OvcmsD4U3KABeOTxDqQtdDnaFuUN30b8= +github.com/urfave/cli v1.22.14 h1:ebbhrRiGK2i4naQJr+1Xj92HXZCrK7MsyTS/ob3HnAk= +github.com/urfave/cli v1.22.14/go.mod h1:X0eDS6pD6Exaclxm99NJ3FiCDRED7vIHpx2mDOHLvkA= github.com/vishvananda/netlink v1.1.0 h1:1iyaYNBLmP6L0220aDnYQpo1QEV4t4hJ+xEEhhJH8j0= github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE= github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df h1:OviZH7qLw/7ZovXvuNyL3XQl8UFofeikI1NW1Gypu7k= diff --git a/vendor/modules.txt b/vendor/modules.txt index 3de1e684a57..2f4d71a3a86 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -64,7 +64,7 @@ github.com/sirupsen/logrus/hooks/test # github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 ## explicit github.com/syndtr/gocapability/capability -# github.com/urfave/cli v1.22.12 +# github.com/urfave/cli v1.22.14 ## explicit; go 1.11 github.com/urfave/cli # github.com/vishvananda/netlink v1.1.0 From b288abeaa58816aae1235dbd527b79cec5df644b Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Wed, 13 Mar 2024 13:40:16 +1100 Subject: [PATCH 0524/1176] seccomp: patchbpf: rename nativeArch -> linuxAuditArch Calling the Linux AUDIT_* architecture constants "native" leads to confusing code when we are getting the actual native architecture of the running system. Signed-off-by: Aleksa Sarai --- libcontainer/seccomp/patchbpf/enosys_linux.go | 81 ++++++++++--------- .../seccomp/patchbpf/enosys_linux_test.go | 16 ++-- 2 files changed, 49 insertions(+), 48 deletions(-) diff --git a/libcontainer/seccomp/patchbpf/enosys_linux.go b/libcontainer/seccomp/patchbpf/enosys_linux.go index 665138609c7..4aca11b9e33 100644 --- a/libcontainer/seccomp/patchbpf/enosys_linux.go +++ b/libcontainer/seccomp/patchbpf/enosys_linux.go @@ -171,11 +171,11 @@ func disassembleFilter(filter *libseccomp.ScmpFilter) ([]bpf.Instruction, error) return program, nil } -type nativeArch uint32 +type linuxAuditArch uint32 -const invalidArch nativeArch = 0 +const invalidArch linuxAuditArch = 0 -func archToNative(arch libseccomp.ScmpArch) (nativeArch, error) { +func scmpArchToAuditArch(arch libseccomp.ScmpArch) (linuxAuditArch, error) { switch arch { case libseccomp.ArchNative: // Convert to actual native architecture. @@ -183,48 +183,48 @@ func archToNative(arch libseccomp.ScmpArch) (nativeArch, error) { if err != nil { return invalidArch, fmt.Errorf("unable to get native arch: %w", err) } - return archToNative(arch) + return scmpArchToAuditArch(arch) case libseccomp.ArchX86: - return nativeArch(C.C_AUDIT_ARCH_I386), nil + return linuxAuditArch(C.C_AUDIT_ARCH_I386), nil case libseccomp.ArchAMD64, libseccomp.ArchX32: // NOTE: x32 is treated like x86_64 except all x32 syscalls have the // 30th bit of the syscall number set to indicate that it's not a // normal x86_64 syscall. - return nativeArch(C.C_AUDIT_ARCH_X86_64), nil + return linuxAuditArch(C.C_AUDIT_ARCH_X86_64), nil case libseccomp.ArchARM: - return nativeArch(C.C_AUDIT_ARCH_ARM), nil + return linuxAuditArch(C.C_AUDIT_ARCH_ARM), nil case libseccomp.ArchARM64: - return nativeArch(C.C_AUDIT_ARCH_AARCH64), nil + return linuxAuditArch(C.C_AUDIT_ARCH_AARCH64), nil case libseccomp.ArchMIPS: - return nativeArch(C.C_AUDIT_ARCH_MIPS), nil + return linuxAuditArch(C.C_AUDIT_ARCH_MIPS), nil case libseccomp.ArchMIPS64: - return nativeArch(C.C_AUDIT_ARCH_MIPS64), nil + return linuxAuditArch(C.C_AUDIT_ARCH_MIPS64), nil case libseccomp.ArchMIPS64N32: - return nativeArch(C.C_AUDIT_ARCH_MIPS64N32), nil + return linuxAuditArch(C.C_AUDIT_ARCH_MIPS64N32), nil case libseccomp.ArchMIPSEL: - return nativeArch(C.C_AUDIT_ARCH_MIPSEL), nil + return linuxAuditArch(C.C_AUDIT_ARCH_MIPSEL), nil case libseccomp.ArchMIPSEL64: - return nativeArch(C.C_AUDIT_ARCH_MIPSEL64), nil + return linuxAuditArch(C.C_AUDIT_ARCH_MIPSEL64), nil case libseccomp.ArchMIPSEL64N32: - return nativeArch(C.C_AUDIT_ARCH_MIPSEL64N32), nil + return linuxAuditArch(C.C_AUDIT_ARCH_MIPSEL64N32), nil case libseccomp.ArchPPC: - return nativeArch(C.C_AUDIT_ARCH_PPC), nil + return linuxAuditArch(C.C_AUDIT_ARCH_PPC), nil case libseccomp.ArchPPC64: - return nativeArch(C.C_AUDIT_ARCH_PPC64), nil + return linuxAuditArch(C.C_AUDIT_ARCH_PPC64), nil case libseccomp.ArchPPC64LE: - return nativeArch(C.C_AUDIT_ARCH_PPC64LE), nil + return linuxAuditArch(C.C_AUDIT_ARCH_PPC64LE), nil case libseccomp.ArchS390: - return nativeArch(C.C_AUDIT_ARCH_S390), nil + return linuxAuditArch(C.C_AUDIT_ARCH_S390), nil case libseccomp.ArchS390X: - return nativeArch(C.C_AUDIT_ARCH_S390X), nil + return linuxAuditArch(C.C_AUDIT_ARCH_S390X), nil case libseccomp.ArchRISCV64: - return nativeArch(C.C_AUDIT_ARCH_RISCV64), nil + return linuxAuditArch(C.C_AUDIT_ARCH_RISCV64), nil default: return invalidArch, fmt.Errorf("unknown architecture: %v", arch) } } -type lastSyscallMap map[nativeArch]map[libseccomp.ScmpArch]libseccomp.ScmpSyscall +type lastSyscallMap map[linuxAuditArch]map[libseccomp.ScmpArch]libseccomp.ScmpSyscall // Figure out largest syscall number referenced in the filter for each // architecture. We will be generating code based on the native architecture @@ -241,17 +241,17 @@ func findLastSyscalls(config *configs.Seccomp) (lastSyscallMap, error) { } // Figure out native architecture representation of the architecture. - nativeArch, err := archToNative(arch) + auditArch, err := scmpArchToAuditArch(arch) if err != nil { return nil, fmt.Errorf("cannot map architecture %v to AUDIT_ARCH_ constant: %w", arch, err) } - if _, ok := lastSyscalls[nativeArch]; !ok { - lastSyscalls[nativeArch] = map[libseccomp.ScmpArch]libseccomp.ScmpSyscall{} + if _, ok := lastSyscalls[auditArch]; !ok { + lastSyscalls[auditArch] = map[libseccomp.ScmpArch]libseccomp.ScmpSyscall{} } - if _, ok := lastSyscalls[nativeArch][arch]; ok { + if _, ok := lastSyscalls[auditArch][arch]; ok { // Because of ArchNative we may hit the same entry multiple times. - // Just skip it if we've seen this (nativeArch, ScmpArch) + // Just skip it if we've seen this (linuxAuditArch, ScmpArch) // combination before. continue } @@ -269,10 +269,11 @@ func findLastSyscalls(config *configs.Seccomp) (lastSyscallMap, error) { } } if largestSyscall != 0 { - lastSyscalls[nativeArch][arch] = largestSyscall + logrus.Debugf("seccomp: largest syscall number for arch %v is %v", arch, largestSyscall) + lastSyscalls[auditArch][arch] = largestSyscall } else { - logrus.Warnf("could not find any syscalls for arch %s", ociArch) - delete(lastSyscalls[nativeArch], arch) + logrus.Warnf("could not find any syscalls for arch %v", arch) + delete(lastSyscalls[auditArch], arch) } } return lastSyscalls, nil @@ -290,10 +291,10 @@ func findLastSyscalls(config *configs.Seccomp) (lastSyscallMap, error) { // close_range(2) which were added out-of-order in the syscall table between // kernel releases. func generateEnosysStub(lastSyscalls lastSyscallMap) ([]bpf.Instruction, error) { - // A jump-table for each nativeArch used to generate the initial + // A jump-table for each linuxAuditArch used to generate the initial // conditional jumps -- measured from the *END* of the program so they // remain valid after prepending to the tail. - archJumpTable := map[nativeArch]uint32{} + archJumpTable := map[linuxAuditArch]uint32{} // Generate our own -ENOSYS rules for each architecture. They have to be // generated in reverse (prepended to the tail of the program) because the @@ -306,7 +307,7 @@ func generateEnosysStub(lastSyscalls lastSyscallMap) ([]bpf.Instruction, error) } // Generate the syscall -ENOSYS rules. - for nativeArch, maxSyscalls := range lastSyscalls { + for auditArch, maxSyscalls := range lastSyscalls { // The number of instructions from the tail of this section which need // to be jumped in order to reach the -ENOSYS return. If the section // does not jump, it will fall through to the actual filter. @@ -387,7 +388,7 @@ func generateEnosysStub(lastSyscalls lastSyscallMap) ([]bpf.Instruction, error) // If we're on x86 we need to add a check for x32 and if we're in // the wrong mode we jump over the section. - if uint32(nativeArch) == uint32(C.C_AUDIT_ARCH_X86_64) { + if uint32(auditArch) == uint32(C.C_AUDIT_ARCH_X86_64) { // Generate a prefix to check the mode. switch scmpArch { case libseccomp.ArchAMD64: @@ -416,8 +417,8 @@ func generateEnosysStub(lastSyscalls lastSyscallMap) ([]bpf.Instruction, error) section = append(section, sectionTail...) case 2: // x32 and x86_64 are a unique case, we can't handle any others. - if uint32(nativeArch) != uint32(C.C_AUDIT_ARCH_X86_64) { - return nil, fmt.Errorf("unknown architecture overlap on native arch %#x", nativeArch) + if uint32(auditArch) != uint32(C.C_AUDIT_ARCH_X86_64) { + return nil, fmt.Errorf("unknown architecture overlap on native arch %#x", auditArch) } x32sysno, ok := maxSyscalls[libseccomp.ArchX32] @@ -494,7 +495,7 @@ func generateEnosysStub(lastSyscalls lastSyscallMap) ([]bpf.Instruction, error) programTail = append(section, programTail...) // Update jump table. - archJumpTable[nativeArch] = uint32(len(programTail)) + archJumpTable[auditArch] = uint32(len(programTail)) } // Add a dummy "jump to filter" for any architecture we might miss below. @@ -514,9 +515,9 @@ func generateEnosysStub(lastSyscalls lastSyscallMap) ([]bpf.Instruction, error) // architectures based on how large the jumps are going to be, or // re-sort the candidate architectures each time to make sure that we // pick the largest jump which is going to be smaller than 255. - for nativeArch := range lastSyscalls { + for auditArch := range lastSyscalls { // We jump forwards but the jump table is calculated from the *END*. - jump := uint32(len(programTail)) - archJumpTable[nativeArch] + jump := uint32(len(programTail)) - archJumpTable[auditArch] // Same routine as above -- this is a basic jeq check, complicated // slightly if it turns out that we need to do a long jump. @@ -525,7 +526,7 @@ func generateEnosysStub(lastSyscalls lastSyscallMap) ([]bpf.Instruction, error) // jeq [arch],[jump] bpf.JumpIf{ Cond: bpf.JumpEqual, - Val: uint32(nativeArch), + Val: uint32(auditArch), SkipTrue: uint8(jump), }, }, programTail...) @@ -534,7 +535,7 @@ func generateEnosysStub(lastSyscalls lastSyscallMap) ([]bpf.Instruction, error) // jne [arch],1 bpf.JumpIf{ Cond: bpf.JumpNotEqual, - Val: uint32(nativeArch), + Val: uint32(auditArch), SkipTrue: 1, }, // ja [jump] diff --git a/libcontainer/seccomp/patchbpf/enosys_linux_test.go b/libcontainer/seccomp/patchbpf/enosys_linux_test.go index e2d363a43bd..bdfeff68adb 100644 --- a/libcontainer/seccomp/patchbpf/enosys_linux_test.go +++ b/libcontainer/seccomp/patchbpf/enosys_linux_test.go @@ -23,7 +23,7 @@ type seccompData struct { } // mockSyscallPayload creates a fake seccomp_data struct with the given data. -func mockSyscallPayload(t *testing.T, sysno libseccomp.ScmpSyscall, arch nativeArch, args ...uint64) []byte { +func mockSyscallPayload(t *testing.T, sysno libseccomp.ScmpSyscall, arch linuxAuditArch, args ...uint64) []byte { var buf bytes.Buffer data := seccompData{ @@ -150,8 +150,8 @@ func testEnosysStub(t *testing.T, defaultAction configs.Action, arches []string) for _, arch := range testArches { type syscallTest struct { - syscall string sysno libseccomp.ScmpSyscall + syscall string expected uint32 } @@ -160,7 +160,7 @@ func testEnosysStub(t *testing.T, defaultAction configs.Action, arches []string) t.Fatalf("unknown libseccomp architecture %q: %v", arch, err) } - nativeArch, err := archToNative(scmpArch) + auditArch, err := scmpArchToAuditArch(scmpArch) if err != nil { t.Fatalf("unknown audit architecture %q: %v", arch, err) } @@ -179,9 +179,9 @@ func testEnosysStub(t *testing.T, defaultAction configs.Action, arches []string) t.Fatalf("unknown syscall %q on arch %q: %v", syscall, arch, err) } syscallTests = append(syscallTests, syscallTest{ - syscall, - sysno, - expected, + sysno: sysno, + syscall: syscall, + expected: expected, }) } @@ -233,7 +233,7 @@ func testEnosysStub(t *testing.T, defaultAction configs.Action, arches []string) test.expected = retFallthrough } - payload := mockSyscallPayload(t, test.sysno, nativeArch, 0x1337, 0xF00BA5) + payload := mockSyscallPayload(t, test.sysno, auditArch, 0x1337, 0xF00BA5) // NOTE: golang.org/x/net/bpf returns int here rather // than uint32. rawRet, err := filter.Run(payload) @@ -247,7 +247,7 @@ func testEnosysStub(t *testing.T, defaultAction configs.Action, arches []string) t.Logf(" [%4.1d] %s", idx, insn) } t.Logf("payload: %#v", payload) - t.Errorf("filter %s(%d) %q(%d): got %#x, want %#x", arch, nativeArch, test.syscall, test.sysno, ret, test.expected) + t.Errorf("filter %s(%d) %q(%d): got %#x, want %#x", arch, auditArch, test.syscall, test.sysno, ret, test.expected) } } } From ccc500c427da731554a181f2ea407adf99870423 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Wed, 13 Mar 2024 16:12:51 +1100 Subject: [PATCH 0525/1176] seccomp: patchbpf: always include native architecture in stub It turns out that on ppc64le (at least), Docker doesn't include any architectures in the list of allowed architectures. libseccomp interprets this as "just include the default architecture" but patchbpf would return a no-op ENOSYS stub, which would lead to the exact issues that commit 7a8d7162f9d7 ("seccomp: prepend -ENOSYS stub to all filters") fixed for other architectures. So, just always include the running architecture in the list. There's no real downside. Ref: https://bugzilla.suse.com/show_bug.cgi?id=1192051#c6 Reported-by: Fabian Vogt Signed-off-by: Aleksa Sarai --- libcontainer/seccomp/patchbpf/enosys_linux.go | 22 ++++++++-- .../seccomp/patchbpf/enosys_linux_test.go | 42 +++++++++++++++++-- 2 files changed, 56 insertions(+), 8 deletions(-) diff --git a/libcontainer/seccomp/patchbpf/enosys_linux.go b/libcontainer/seccomp/patchbpf/enosys_linux.go index 4aca11b9e33..6ee4f1d5388 100644 --- a/libcontainer/seccomp/patchbpf/enosys_linux.go +++ b/libcontainer/seccomp/patchbpf/enosys_linux.go @@ -231,16 +231,30 @@ type lastSyscallMap map[linuxAuditArch]map[libseccomp.ScmpArch]libseccomp.ScmpSy // representation, but SCMP_ARCH_X32 means we have to track cases where the // same architecture has different largest syscalls based on the mode. func findLastSyscalls(config *configs.Seccomp) (lastSyscallMap, error) { - lastSyscalls := make(lastSyscallMap) - // Only loop over architectures which are present in the filter. Any other - // architectures will get the libseccomp bad architecture action anyway. + scmpArchs := make(map[libseccomp.ScmpArch]struct{}) for _, ociArch := range config.Architectures { arch, err := libseccomp.GetArchFromString(ociArch) if err != nil { return nil, fmt.Errorf("unable to validate seccomp architecture: %w", err) } + scmpArchs[arch] = struct{}{} + } + // On architectures like ppc64le, Docker inexplicably doesn't include the + // native architecture in the architecture list which results in no + // architectures being present in the list at all (rendering the ENOSYS + // stub a no-op). So, always include the native architecture. + if nativeScmpArch, err := libseccomp.GetNativeArch(); err != nil { + return nil, fmt.Errorf("unable to get native arch: %w", err) + } else if _, ok := scmpArchs[nativeScmpArch]; !ok { + logrus.Debugf("seccomp: adding implied native architecture %v to config set", nativeScmpArch) + scmpArchs[nativeScmpArch] = struct{}{} + } + logrus.Debugf("seccomp: configured architecture set: %s", scmpArchs) - // Figure out native architecture representation of the architecture. + // Only loop over architectures which are present in the filter. Any other + // architectures will get the libseccomp bad architecture action anyway. + lastSyscalls := make(lastSyscallMap) + for arch := range scmpArchs { auditArch, err := scmpArchToAuditArch(arch) if err != nil { return nil, fmt.Errorf("cannot map architecture %v to AUDIT_ARCH_ constant: %w", arch, err) diff --git a/libcontainer/seccomp/patchbpf/enosys_linux_test.go b/libcontainer/seccomp/patchbpf/enosys_linux_test.go index bdfeff68adb..6ca2c06162d 100644 --- a/libcontainer/seccomp/patchbpf/enosys_linux_test.go +++ b/libcontainer/seccomp/patchbpf/enosys_linux_test.go @@ -105,8 +105,16 @@ var testArches = []string{ "ppc64le", "s390", "s390x", + // Dummy value to indicate a configuration with no architecture specified. + "native", } +// Used for the "native" architecture. +var ( + scmpNativeArch, _ = libseccomp.GetNativeArch() + nativeArch = scmpNativeArch.String() +) + func testEnosysStub(t *testing.T, defaultAction configs.Action, arches []string) { explicitSyscalls := []string{ "setns", @@ -155,6 +163,9 @@ func testEnosysStub(t *testing.T, defaultAction configs.Action, arches []string) expected uint32 } + if arch == "native" { + arch = nativeArch + } scmpArch, err := libseccomp.GetArchFromString(arch) if err != nil { t.Fatalf("unknown libseccomp architecture %q: %v", arch, err) @@ -228,8 +239,15 @@ func testEnosysStub(t *testing.T, defaultAction configs.Action, arches []string) // Test syscalls in the explicit list. for _, test := range syscallTests { - // Override the expected value in the two special cases. - if !archSet[arch] || isAllowAction(defaultAction) { + // Override the expected value in the two special cases: + // 1. If the default action is allow, the filter won't have + // the stub prepended so we expect a fallthrough. + // 2. If the executing architecture is not in the architecture + // set, then the architecture is not handled by the stub -- + // *except* in the case of the native architecture (which + // is always included in the stub). + if isAllowAction(defaultAction) || + (!archSet[arch] && arch != nativeArch) { test.expected = retFallthrough } @@ -263,7 +281,14 @@ var testActions = map[string]configs.Action{ func TestEnosysStub_SingleArch(t *testing.T) { for _, arch := range testArches { - arches := []string{arch} + var arches []string + // "native" indicates a blank architecture field for seccomp, to test + // the case where the running architecture was not included in the + // architecture. Docker doesn't always set the architecture for some + // reason (namely for ppc64le). + if arch != "native" { + arches = append(arches, arch) + } t.Run("arch="+arch, func(t *testing.T) { for name, action := range testActions { t.Run("action="+name, func(t *testing.T) { @@ -277,7 +302,16 @@ func TestEnosysStub_SingleArch(t *testing.T) { func TestEnosysStub_MultiArch(t *testing.T) { for end := 0; end < len(testArches); end++ { for start := 0; start < end; start++ { - arches := testArches[start:end] + var arches []string + for _, arch := range testArches[start:end] { + // "native" indicates a blank architecture field for seccomp, to test + // the case where the running architecture was not included in the + // architecture. Docker doesn't always set the architecture for some + // reason (namely for ppc64le). + if arch != "native" { + arches = append(arches, arch) + } + } if len(arches) <= 1 { continue } From bfbd0305ba6ca14ef90f0e13410b18f892209358 Mon Sep 17 00:00:00 2001 From: utam0k Date: Fri, 24 Mar 2023 12:22:25 +0000 Subject: [PATCH 0526/1176] Add I/O priority Signed-off-by: utam0k --- docs/spec-conformance.md | 1 - libcontainer/configs/config.go | 11 +++++++ libcontainer/configs/validate/validator.go | 12 ++++++++ .../configs/validate/validator_test.go | 29 ++++++++++++++++++ libcontainer/process.go | 2 ++ libcontainer/process_linux.go | 25 ++++++++++++++++ libcontainer/specconv/spec_linux.go | 5 ++++ libcontainer/standard_init_linux.go | 5 ++++ tests/integration/ioprio.bats | 30 +++++++++++++++++++ utils_linux.go | 5 ++++ 10 files changed, 124 insertions(+), 1 deletion(-) create mode 100644 tests/integration/ioprio.bats diff --git a/docs/spec-conformance.md b/docs/spec-conformance.md index b4f3b9df660..21c853822e3 100644 --- a/docs/spec-conformance.md +++ b/docs/spec-conformance.md @@ -8,7 +8,6 @@ The following features are not implemented yet: Spec version | Feature | PR -------------|------------------------------------------------|---------------------------------------------------------- v1.1.0 | `SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV` | [#3862](https://github.com/opencontainers/runc/pull/3862) -v1.1.0 | `.process.ioPriority` | [#3783](https://github.com/opencontainers/runc/pull/3783) ## Architectures diff --git a/libcontainer/configs/config.go b/libcontainer/configs/config.go index a0a79d19d53..22fe0f9b4c1 100644 --- a/libcontainer/configs/config.go +++ b/libcontainer/configs/config.go @@ -222,6 +222,9 @@ type Config struct { // Personality contains configuration for the Linux personality syscall. Personality *LinuxPersonality `json:"personality,omitempty"` + + // IOPriority is the container's I/O priority. + IOPriority *IOPriority `json:"io_priority,omitempty"` } // Scheduler is based on the Linux sched_setattr(2) syscall. @@ -283,6 +286,14 @@ func ToSchedAttr(scheduler *Scheduler) (*unix.SchedAttr, error) { }, nil } +var IOPrioClassMapping = map[specs.IOPriorityClass]int{ + specs.IOPRIO_CLASS_RT: 1, + specs.IOPRIO_CLASS_BE: 2, + specs.IOPRIO_CLASS_IDLE: 3, +} + +type IOPriority = specs.LinuxIOPriority + type ( HookName string HookList []Hook diff --git a/libcontainer/configs/validate/validator.go b/libcontainer/configs/validate/validator.go index ed63e950e43..37ece0aebbd 100644 --- a/libcontainer/configs/validate/validator.go +++ b/libcontainer/configs/validate/validator.go @@ -32,6 +32,7 @@ func Validate(config *configs.Config) error { rootlessEUIDCheck, mountsStrict, scheduler, + ioPriority, } for _, c := range checks { if err := c(config); err != nil { @@ -396,3 +397,14 @@ func scheduler(config *configs.Config) error { } return nil } + +func ioPriority(config *configs.Config) error { + if config.IOPriority == nil { + return nil + } + priority := config.IOPriority.Priority + if priority < 0 || priority > 7 { + return fmt.Errorf("invalid ioPriority.Priority: %d", priority) + } + return nil +} diff --git a/libcontainer/configs/validate/validator_test.go b/libcontainer/configs/validate/validator_test.go index 85b5e5eeade..b0b740a122d 100644 --- a/libcontainer/configs/validate/validator_test.go +++ b/libcontainer/configs/validate/validator_test.go @@ -842,3 +842,32 @@ func TestValidateScheduler(t *testing.T) { } } } + +func TestValidateIOPriority(t *testing.T) { + testCases := []struct { + isErr bool + priority int + }{ + {isErr: false, priority: 0}, + {isErr: false, priority: 7}, + {isErr: true, priority: -1}, + } + + for _, tc := range testCases { + ioPriroty := configs.IOPriority{ + Priority: tc.priority, + } + config := &configs.Config{ + Rootfs: "/var", + IOPriority: &ioPriroty, + } + + err := Validate(config) + if tc.isErr && err == nil { + t.Errorf("iopriority: %d, expected error, got nil", tc.priority) + } + if !tc.isErr && err != nil { + t.Errorf("iopriority: %d, expected nil, got error %v", tc.priority, err) + } + } +} diff --git a/libcontainer/process.go b/libcontainer/process.go index 8181062ae64..3663c7e0dd2 100644 --- a/libcontainer/process.go +++ b/libcontainer/process.go @@ -100,6 +100,8 @@ type Process struct { SubCgroupPaths map[string]string Scheduler *configs.Scheduler + + IOPriority *configs.IOPriority } // Wait waits for the process to exit. diff --git a/libcontainer/process_linux.go b/libcontainer/process_linux.go index ba916571489..6d51eada2b3 100644 --- a/libcontainer/process_linux.go +++ b/libcontainer/process_linux.go @@ -124,6 +124,13 @@ func (p *setnsProcess) signal(sig os.Signal) error { func (p *setnsProcess) start() (retErr error) { defer p.comm.closeParent() + + if p.process.IOPriority != nil { + if err := setIOPriority(p.process.IOPriority); err != nil { + return err + } + } + // get the "before" value of oom kill count oom, _ := p.manager.OOMKillCount() err := p.cmd.Start() @@ -972,3 +979,21 @@ func initWaiter(r io.Reader) chan error { return ch } + +func setIOPriority(ioprio *configs.IOPriority) error { + const ioprioWhoPgrp = 1 + + class, ok := configs.IOPrioClassMapping[ioprio.Class] + if !ok { + return fmt.Errorf("invalid io priority class: %s", ioprio.Class) + } + + // Combine class and priority into a single value + // https://github.com/torvalds/linux/blob/v5.18/include/uapi/linux/ioprio.h#L5-L17 + iop := (class << 13) | ioprio.Priority + _, _, errno := unix.RawSyscall(unix.SYS_IOPRIO_SET, ioprioWhoPgrp, 0, uintptr(iop)) + if errno != 0 { + return fmt.Errorf("failed to set io priority: %w", errno) + } + return nil +} diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go index 25ef7227f54..5a09f74b1e3 100644 --- a/libcontainer/specconv/spec_linux.go +++ b/libcontainer/specconv/spec_linux.go @@ -534,6 +534,11 @@ func CreateLibcontainerConfig(opts *CreateOpts) (*configs.Config, error) { s := *spec.Process.Scheduler config.Scheduler = &s } + + if spec.Process.IOPriority != nil { + ioPriority := *spec.Process.IOPriority + config.IOPriority = &ioPriority + } } createHooks(spec, config) config.Version = specs.Version diff --git a/libcontainer/standard_init_linux.go b/libcontainer/standard_init_linux.go index c69e4e312a0..4447032cf59 100644 --- a/libcontainer/standard_init_linux.go +++ b/libcontainer/standard_init_linux.go @@ -161,6 +161,11 @@ func (l *linuxStandardInit) Init() error { return err } } + if l.config.Config.IOPriority != nil { + if err := setIOPriority(l.config.Config.IOPriority); err != nil { + return err + } + } // Tell our parent that we're ready to Execv. This must be done before the // Seccomp rules have been applied, because we need to be able to read and diff --git a/tests/integration/ioprio.bats b/tests/integration/ioprio.bats new file mode 100644 index 00000000000..a907d782f01 --- /dev/null +++ b/tests/integration/ioprio.bats @@ -0,0 +1,30 @@ +#!/usr/bin/env bats + +load helpers + +function setup() { + setup_debian +} + +function teardown() { + teardown_bundle +} + +@test "ioprio_set is applied to process group" { + # Create a container with a specific I/O priority. + update_config '.process.ioPriority = {"class": "IOPRIO_CLASS_BE", "priority": 4}' + + runc run -d --console-socket "$CONSOLE_SOCKET" test_ioprio + [ "$status" -eq 0 ] + + # Check the init process. + runc exec test_ioprio ionice -p 1 + [ "$status" -eq 0 ] + [[ "$output" = *'best-effort: prio 4'* ]] + + # Check the process made from the exec command. + runc exec test_ioprio ionice + [ "$status" -eq 0 ] + + [[ "$output" = *'best-effort: prio 4'* ]] +} diff --git a/utils_linux.go b/utils_linux.go index e7b362cdb2e..a59301c1874 100644 --- a/utils_linux.go +++ b/utils_linux.go @@ -67,6 +67,11 @@ func newProcess(p specs.Process) (*libcontainer.Process, error) { lp.Scheduler = &s } + if p.IOPriority != nil { + ioPriority := *p.IOPriority + lp.IOPriority = &ioPriority + } + if p.Capabilities != nil { lp.Capabilities = &configs.Capabilities{} lp.Capabilities.Bounding = p.Capabilities.Bounding From ac31da6b8049885142a460fd62dadb6d89884cfe Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 29 Mar 2024 15:29:22 -0700 Subject: [PATCH 0527/1176] ci/cross-i386: pin Go to 1.21.x Signed-off-by: Kir Kolyshkin Signed-off-by: Aleksa Sarai --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index e0d24f8f24e..7c3b074115e 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -146,7 +146,7 @@ jobs: - name: install go uses: actions/setup-go@v5 with: - go-version: 1.x # Latest stable + go-version: 1.21.x # TODO: switch to 1.x (latest stable) once Go 1.22 vs glibc issue is fixed. - name: unit test env: From e377e16846b8997a4ef52d7044cf0efcecac5e2e Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Fri, 29 Mar 2024 12:14:48 +1100 Subject: [PATCH 0528/1176] [hotfix] nsenter: refuse to build with Go 1.22 on glibc We will almost certainly need to eventually rework nsenter to: 1. Figure out a way to make pthread_self() not break after nsenter runs (probably not possible, because the core issue is likely that we are ignoring the rules of signal-safety(7)); or 2. Do an other re-exec of /proc/self/exe to execute the Go half of "runc init" -- after we've done the nsenter setup. This would reset all of the process state and ensure we have a clean glibc state for Go, but it would make runc slower... For now, just block Go 1.22 builds to avoid having broken runcs floating around until we resolve the issue. It seems possible for musl to also have an issue, but it appears to work and so for now just block glibc builds. Note that this will only block builds for anything that uses nsenter -- so users of our (internal) libcontainer libraries should be fine. Only users that are starting containers using nsenter to actually start containers will see the error (which is precisely what we want). Signed-off-by: Aleksa Sarai --- CHANGELOG.md | 7 +++++++ libcontainer/nsenter/nsenter_go122.go | 15 +++++++++++++++ 2 files changed, 22 insertions(+) create mode 100644 libcontainer/nsenter/nsenter_go122.go diff --git a/CHANGELOG.md b/CHANGELOG.md index ffdc9ae2fb5..958b2a9e7bc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +> **NOTE**: runc currently will not work properly when compiled with Go 1.22 or +> newer. This is due to some unfortunate glibc behaviour that Go 1.22 +> exacerbates in a way that results in containers not being able to start on +> some systems. [See this issue for more information.][runc-4233]. + ### Deprecated * `runc` option `--criu` is now ignored (with a warning), and the option will @@ -47,6 +52,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 * Remove tun/tap from the default device rules. (#3468) * specconv: avoid mapping "acl" to MS_POSIXACL. (#3739) +[runc-4233]: https://github.com/opencontainers/runc/issues/4233 + ## [1.1.8] - 2023-07-20 > æµ·çº³ç™¾å· æœ‰å®¹ä¹ƒå¤§ diff --git a/libcontainer/nsenter/nsenter_go122.go b/libcontainer/nsenter/nsenter_go122.go new file mode 100644 index 00000000000..2b9ece0ad29 --- /dev/null +++ b/libcontainer/nsenter/nsenter_go122.go @@ -0,0 +1,15 @@ +//go:build go1.22 + +package nsenter + +/* +// We know for sure that glibc has issues with pthread_self() when called from +// Go after nsenter has run. This is likely a more general problem with how we +// ignore the rules in signal-safety(7), and so it's possible musl will also +// have issues, but as this is just a hotfix let's only block glibc builds. +#include +#ifdef __GLIBC__ +# error "runc does not currently work properly with Go >=1.22. See ." +#endif +*/ +import "C" From 851e3882b78a3860a7dfa15ac1d8a9c69c89a20f Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 29 Mar 2024 15:41:01 -0700 Subject: [PATCH 0529/1176] ci/test: exclude some runc_nodmz jobs 1. Sort the list of matrix excludes in the order of matrix, add comments explaining why we disable some jobs. 2. Exclude some jobs: - runc_nodmz && go 1.20.x - runc_nodmz && -race Signed-off-by: Kir Kolyshkin --- .github/workflows/test.yml | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 7c3b074115e..3fdaa3fc546 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -30,16 +30,26 @@ jobs: criu: ["", "criu-dev"] dmz: ["", "runc_nodmz"] exclude: - - criu: criu-dev - rootless: rootless + # Disable most of criu-dev jobs, as they are expensive + # (need to compile criu) and don't add much value/coverage. - criu: criu-dev go-version: 1.20.x + - criu: criu-dev + rootless: rootless - criu: criu-dev race: -race - - dmz: runc_nodmz - criu: criu-dev + - criu: criu-dev + dmz: runc_nodmz + # Disable most of runc_nodmz jobs, as they don't add much value + # (as dmz is disabled by default anyway). - dmz: runc_nodmz os: ubuntu-20.04 + - dmz: runc_nodmz + go-version: 1.20.x + - dmz: runc_nodmz + rootless: rootless + - dmz: runc_nodmz + race: -race runs-on: ${{ matrix.os }} steps: From d4b670fca6d0ac606777376440ffe49686ce15f4 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Wed, 13 Mar 2024 02:48:34 +1100 Subject: [PATCH 0530/1176] changelog: mention key breaking changes for mount options Just to make sure we don't forget to fully explain these when we do -rc1. Signed-off-by: Aleksa Sarai --- CHANGELOG.md | 51 ++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 48 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 958b2a9e7bc..32ca5f88126 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,7 +9,54 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 > **NOTE**: runc currently will not work properly when compiled with Go 1.22 or > newer. This is due to some unfortunate glibc behaviour that Go 1.22 > exacerbates in a way that results in containers not being able to start on -> some systems. [See this issue for more information.][runc-4233]. +> some systems. [See this issue for more information.][runc-4233] + +[runc-4233]: https://github.com/opencontainers/runc/issues/4233 + +### Breaking + + * Several aspects of how mount options work has been adjusted in a way that + could theoretically break users that have very strange mount option strings. + This was necessary to fix glaring issues in how mount options were being + treated. The key changes are: + + - Mount options on bind-mounts that clear a mount flag are now always + applied. Previously, if a user requested a bind-mount with only clearing + options (such as `rw,exec,dev`) the options would be ignored and the + original bind-mount options would be set. Unfortunately this also means + that container configurations which specified only clearing mount options + will now actually get what they asked for, which could break existing + containers (though it seems unlikely that a user who requested a specific + mount option would consider it "broken" to get the mount options they + asked foruser who requested a specific mount option would consider it + "broken" to get the mount options they asked for). This also allows us to + silently add locked mount flags the user *did not explicitly request to be + cleared* in rootless mode, allowing for easier use of bind-mounts for + rootless containers. (#3967) + + - Container configurations using bind-mounts with superblock mount flags + (i.e. filesystem-specific mount flags, referred to as "data" in + `mount(2)`, as opposed to VFS generic mount flags like `MS_NODEV`) will + now return an error. This is because superblock mount flags will also + affect the host mount (as the superblock is shared when bind-mounting), + which is obviously not acceptable. Previously, these flags were silently + ignored so this change simply tells users that runc cannot fulfil their + request rather than just ignoring it. (#3990) + + If any of these changes cause problems in real-world workloads, please [open + an issue](https://github.com/opencontainers/runc/issues/new/choose) so we + can adjust the behaviour to avoid compatibility issues. + +### Added + + * runc now supports id-mapped mounts for bind-mounts (with no restrictions on + the mapping used for each mount). Other mount types are not currently + supported. This feature requires `MOUNT_ATTR_IDMAP` kernel support (Linux + 5.12 or newer) as well as kernel support for the underlying filesystem used + for the bind-mount. See [`mount_setattr(2)`][mount_setattr.2] for a list of + supported filesystems and other restrictions. + +[mount_setattr.2]: https://man7.org/linux/man-pages/man2/mount_setattr.2.html ### Deprecated @@ -52,8 +99,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 * Remove tun/tap from the default device rules. (#3468) * specconv: avoid mapping "acl" to MS_POSIXACL. (#3739) -[runc-4233]: https://github.com/opencontainers/runc/issues/4233 - ## [1.1.8] - 2023-07-20 > æµ·çº³ç™¾å· æœ‰å®¹ä¹ƒå¤§ From b47fb3fda43e62fdcb9c5cfb3e1ae70b1be6e7b8 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Wed, 13 Mar 2024 17:39:03 +1100 Subject: [PATCH 0531/1176] changelog: sync changelog entries up to runc 1.1.12 Signed-off-by: Aleksa Sarai --- CHANGELOG.md | 82 +++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 81 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 32ca5f88126..1e3a43b8900 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -99,6 +99,82 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 * Remove tun/tap from the default device rules. (#3468) * specconv: avoid mapping "acl" to MS_POSIXACL. (#3739) +## [1.1.12] - 2024-01-31 + +> Now you're thinking with Portalsâ„¢! + +### Security + +* Fix [CVE-2024-21626][cve-2024-21626], a container breakout attack that took + advantage of a file descriptor that was leaked internally within runc (but + never leaked to the container process). In addition to fixing the leak, + several strict hardening measures were added to ensure that future internal + leaks could not be used to break out in this manner again. Based on our + research, while no other container runtime had a similar leak, none had any + of the hardening steps we've introduced (and some runtimes would not check + for any file descriptors that a calling process may have leaked to them, + allowing for container breakouts due to basic user error). + +[cve-2024-21626]: https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv + +## [1.1.11] - 2024-01-01 + +> Happy New Year! + +### Fixed + +* Fix several issues with userns path handling. (#4122, #4124, #4134, #4144) + +### Changed + + * Support memory.peak and memory.swap.peak in cgroups v2. + Add `swapOnlyUsage` in `MemoryStats`. This field reports swap-only usage. + For cgroupv1, `Usage` and `Failcnt` are set by subtracting memory usage + from memory+swap usage. For cgroupv2, `Usage`, `Limit`, and `MaxUsage` + are set. (#4000, #4010, #4131) + * build(deps): bump github.com/cyphar/filepath-securejoin. (#4140) + +## [1.1.10] - 2023-10-31 + +> Åruba, przykrÄ™cona we Å›nie, nie zmieni sytuacji, jaka panuje na jawie. + +### Added + +* Support for `hugetlb..rsvd` limiting and accounting. Fixes the + issue of postres failing when hugepage limits are set. (#3859, #4077) + +### Fixed + +* Fixed permissions of a newly created directories to not depend on the value + of umask in tmpcopyup feature implementation. (#3991, #4060) +* libcontainer: cgroup v1 GetStats now ignores missing `kmem.limit_in_bytes` + (fixes the compatibility with Linux kernel 6.1+). (#4028) +* Fix a semi-arbitrary cgroup write bug when given a malicious hugetlb + configuration. This issue is not a security issue because it requires a + malicious `config.json`, which is outside of our threat model. (#4103) +* Various CI fixes. (#4081, #4055) + +## [1.1.9] - 2023-08-10 + +> There is a crack in everything. That's how the light gets in. + +### Added + +* Added go 1.21 to the CI matrix; other CI updates. (#3976, #3958) + +### Fixed + +* Fixed losing sticky bit on tmpfs (a regression in 1.1.8). (#3952, #3961) +* intelrdt: fixed ignoring ClosID on some systems. (#3550, #3978) + +### Changed + + * Sum `anon` and `file` from `memory.stat` for cgroupv2 root usage, + as the root does not have `memory.current` for cgroupv2. + This aligns cgroupv2 root usage more closely with cgroupv1 reporting. + Additionally, report root swap usage as sum of swap and memory usage, + aligned with v1 and existing non-root v2 reporting. (#3933) + ## [1.1.8] - 2023-07-20 > æµ·çº³ç™¾å· æœ‰å®¹ä¹ƒå¤§ @@ -528,7 +604,11 @@ implementation (libcontainer) is *not* covered by this policy. [1.0.1]: https://github.com/opencontainers/runc/compare/v1.0.0...v1.0.1 -[Unreleased 1.1.z]: https://github.com/opencontainers/runc/compare/v1.1.8...release-1.1 +[Unreleased 1.1.z]: https://github.com/opencontainers/runc/compare/v1.1.12...release-1.1 +[1.1.12]: https://github.com/opencontainers/runc/compare/v1.1.11...v1.1.12 +[1.1.11]: https://github.com/opencontainers/runc/compare/v1.1.10...v1.1.11 +[1.1.10]: https://github.com/opencontainers/runc/compare/v1.1.9...v1.1.10 +[1.1.9]: https://github.com/opencontainers/runc/compare/v1.1.8...v1.1.9 [1.1.8]: https://github.com/opencontainers/runc/compare/v1.1.7...v1.1.8 [1.1.7]: https://github.com/opencontainers/runc/compare/v1.1.6...v1.1.7 [1.1.6]: https://github.com/opencontainers/runc/compare/v1.1.5...v1.1.6 From fc3e04dc35330214cf44cc41c505f33602a3f5b2 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Thu, 14 Mar 2024 17:00:30 +1100 Subject: [PATCH 0532/1176] changelog: update to include all new changes since 1.1.0 Signed-off-by: Rodrigo Campos [ cyphar: restructuring and removal of outdated or incorrect info ] Signed-off-by: Aleksa Sarai --- CHANGELOG.md | 84 ++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 81 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1e3a43b8900..0a3a72ea10f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +`runc` now requires a minimum of Go 1.20 to compile. + > **NOTE**: runc currently will not work properly when compiled with Go 1.22 or > newer. This is due to some unfortunate glibc behaviour that Go 1.22 > exacerbates in a way that results in containers not being able to start on @@ -49,14 +51,50 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Added + * runc has been updated to OCI runtime-spec 1.2.0, and supports all Linux + features with a few minor exceptions. See + [`docs/spec-conformance.md`](https://github.com/opencontainers/runc/blob/v1.2.0-rc.1/docs/spec-conformance.md) + for more details. * runc now supports id-mapped mounts for bind-mounts (with no restrictions on the mapping used for each mount). Other mount types are not currently supported. This feature requires `MOUNT_ATTR_IDMAP` kernel support (Linux 5.12 or newer) as well as kernel support for the underlying filesystem used for the bind-mount. See [`mount_setattr(2)`][mount_setattr.2] for a list of - supported filesystems and other restrictions. + supported filesystems and other restrictions. (#3717, #3985, #3993) + * Two new mechanisms for reducing the memory usage of our protections against + [CVE-2019-5736][cve-2019-5736] have been introduced: + - `runc-dmz` is a minimal binary (~8K) which acts as an additional execve + stage, allowing us to only need to protect the smaller binary. It should + be noted that there have been several compatibility issues reported with + the usage of `runc-dmz` (namely related to capabilities and SELinux). As + such, this mechanism is **opt-in** and can be enabled by running `runc` + with the environment variable `RUNC_DMZ=true` (setting this environment + variable in `config.json` will have no effect). This feature can be + disabled at build time using the `runc_nodmz` build tag. (#3983, #3987) + - `contrib/memfd-bind` is a helper daemon which will bind-mount a memfd copy + of `/usr/bin/runc` on top of `/usr/bin/runc`. This entirely eliminates + per-container copies of the binary, but requires care to ensure that + upgrades to runc are handled properly, and requires a long-running daemon + (unfortunately memfds cannot be bind-mounted directly and thus require a + daemon to keep them alive). (#3987) + * runc will now use `cgroup.kill` if available to kill all processes in a + container (such as when doing `runc kill`). (#3135, #3825) + * Add support for setting the umask for `runc exec`. (#3661) + * libct/cg: support `SCHED_IDLE` for runc cgroupfs. (#3377) + * checkpoint/restore: implement `--manage-cgroups-mode=ignore`. (#3546) + * seccomp: refactor flags support; add flags to features, set `SPEC_ALLOW` by + default. (#3588) + * libct/cg/sd: use systemd v240+ new `MAJOR:*` syntax. (#3843) + * Support CFS bandwidth burst for CPU. (#3749, #3145) + * Support time namespaces. (#3876) + * Reduce the `runc` binary size by ~11% by updating + `github.com/checkpoint-restore/go-criu`. (#3652) + * Add `--pidfd-socket` to `runc run` and `runc exec` to allow for management + processes to receive a pidfd for the new process, allowing them to avoid pid + reuse attacks. (#4045) [mount_setattr.2]: https://man7.org/linux/man-pages/man2/mount_setattr.2.html +[cve-2019-5736]: https://github.com/advisories/GHSA-gxmr-w5mj-v8hh ### Deprecated @@ -68,12 +106,15 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 to kill a container (with SIGKILL) which does not have its own private PID namespace (so that runc would send SIGKILL to all processes). Now, this is done automatically. (#3864, #3825) + * `github.com/opencontainers/runc/libcontainer/user` is now deprecated, please + use `github.com/moby/sys/user` instead. It will be removed in a future + release. (#4017) ### Changed * When Intel RDT feature is not available, its initialization is skipped, resulting in slightly faster `runc exec` and `runc run`. (#3306) - * Enforce absolute paths for mounts. (#3020, #3717) + * `runc features` is no longer experimental. (#3861) * libcontainer users that create and kill containers from a daemon process (so that the container init is a child of that process) must now implement a proper child reaper in case a container does not have its own private PID @@ -87,6 +128,18 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 For cgroupv1, `Usage` and `Failcnt` are set by subtracting memory usage from memory+swap usage. For cgroupv2, `Usage`, `Limit`, and `MaxUsage` are set. (#4010) + * libcontainer users that create and kill containers from a daemon process + (so that the container init is a child of that process) must now implement + a proper child reaper in case a container does not have its own private PID + namespace, as documented in `container.Signal`. (#3825) + * libcontainer: `container.Signal` no longer takes an `all` argument. Whether + or not it is necessary to kill all processes in the container individually + is now determined automatically. (#3825, #3885) + * seccomp: enable seccomp binary tree optimization. (#3405) + * `runc run`/`runc exec`: ignore SIGURG. (#3368) + * Remove tun/tap from the default device allowlist. (#3468) + * `runc --root non-existent-dir list` now reports an error for non-existent + root directory. (#3374) ### Fixed @@ -97,7 +150,32 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 support would return `-EPERM` despite the existence of the `-ENOSYS` stub code (this was due to how s390x does syscall multiplexing). (#3474) * Remove tun/tap from the default device rules. (#3468) - * specconv: avoid mapping "acl" to MS_POSIXACL. (#3739) + * specconv: avoid mapping "acl" to `MS_POSIXACL`. (#3739) + * libcontainer: fix private PID namespace detection when killing the + container. (#3866, #3825) + * systemd socket notification: fix race where runc exited before systemd + properly handled the `READY` notification. (#3291, #3293) + * The `-ENOSYS` seccomp stub is now always generated for the native + architecture that `runc` is running on. This is needed to work around some + arguably specification-incompliant behaviour from Docker on architectures + such as ppc64le, where the allowed architecture list is set to `null`. This + ensures that we always generate at least one `-ENOSYS` stub for the native + architecture even with these weird configs. (#4219) + +### Removed + + * In order to fix performance issues in the "lightweight" bindfd protection + against [CVE-2019-5736][cve-2019-5736], the temporary `ro` bind-mount of + `/proc/self/exe` has been removed. runc now creates a binary copy in all + cases. See the above notes about `memfd-bind` and `runc-dmz` as well as + `contrib/cmd/memfd-bind/README.md` for more information about how this + (minor) change in memory usage can be further reduced. (#3987, #3599, #2532, + #3931) + * libct/cg: Remove `EnterPid` (a function with no users). (#3797) + * libcontainer: Remove `{Pre,Post}MountCmds` which were never used and are + obsoleted by more generic container hooks. (#3350) + +[cve-2019-5736]: https://github.com/advisories/GHSA-gxmr-w5mj-v8hh ## [1.1.12] - 2024-01-31 From 275e6d85f78a9d0a90d9a714ba5f667561a4b0b9 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Thu, 14 Mar 2024 17:03:19 +1100 Subject: [PATCH 0533/1176] VERSION: release v1.2.0-rc.1 Signed-off-by: Aleksa Sarai --- CHANGELOG.md | 9 ++++++++- VERSION | 2 +- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0a3a72ea10f..4d89ec538bc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +## [1.2.0-rc.1] - 2024-04-03 + +> There's a frood who really knows where his towel is. + `runc` now requires a minimum of Go 1.20 to compile. > **NOTE**: runc currently will not work properly when compiled with Go 1.22 or @@ -671,7 +675,7 @@ implementation (libcontainer) is *not* covered by this policy. cgroups at all during `runc update`). (#2994) -[Unreleased]: https://github.com/opencontainers/runc/compare/v1.1.0...HEAD +[Unreleased]: https://github.com/opencontainers/runc/compare/v1.2.0-rc.1...HEAD [1.1.0]: https://github.com/opencontainers/runc/compare/v1.1.0-rc.1...v1.1.0 [1.0.0]: https://github.com/opencontainers/runc/releases/tag/v1.0.0 @@ -696,3 +700,6 @@ implementation (libcontainer) is *not* covered by this policy. [1.1.2]: https://github.com/opencontainers/runc/compare/v1.1.1...v1.1.2 [1.1.1]: https://github.com/opencontainers/runc/compare/v1.1.0...v1.1.1 [1.1.0-rc.1]: https://github.com/opencontainers/runc/compare/v1.0.0...v1.1.0-rc.1 + + +[1.2.0-rc.1]: https://github.com/opencontainers/runc/compare/v1.1.0...v1.2.0-rc.1 diff --git a/VERSION b/VERSION index 15863e3d98a..a94c1f6e270 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.1.0+dev +1.2.0-rc.1 From 5194bd8df329b702e62c1632b246ef81811171e7 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Thu, 14 Mar 2024 17:03:36 +1100 Subject: [PATCH 0534/1176] VERSION: back to development Signed-off-by: Aleksa Sarai --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index a94c1f6e270..851e1952c7b 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.2.0-rc.1 +1.2.0-rc.1+dev From afcb9c2ebf6fff55be209cd27e5c3561604497d4 Mon Sep 17 00:00:00 2001 From: lifubang Date: Fri, 15 Mar 2024 13:02:22 +0800 Subject: [PATCH 0535/1176] add a test case for runc update cpu burst In issue #4210, if we don't provide `--cpu-burst` in `runc update`, the value of cpu burst will always set to 0. Signed-off-by: lifubang --- tests/integration/update.bats | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/tests/integration/update.bats b/tests/integration/update.bats index 5a3dc7f0563..bc737d47f3b 100644 --- a/tests/integration/update.bats +++ b/tests/integration/update.bats @@ -344,6 +344,14 @@ EOF [ "$status" -eq 0 ] check_cpu_burst 500000 + # issue: https://github.com/opencontainers/runc/issues/4210 + # for systemd, cpu-burst value will be cleared, it's a known issue. + if [ ! -v RUNC_USE_SYSTEMD ]; then + runc update test_update --memory 100M + [ "$status" -eq 0 ] + check_cpu_burst 500000 + fi + runc update test_update --cpu-period 900000 --cpu-burst 0 [ "$status" -eq 0 ] check_cpu_burst 0 From e4bf49ff2cfdbcbf73473c0e90c16676677443a3 Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Fri, 15 Dec 2023 17:07:51 +0900 Subject: [PATCH 0536/1176] runc update: distinguish nil from zero Prior to this commit, commands like `runc update --cpuset-cpus=1` were implying to set cpu burst to "0" (which does not mean "leave it as is"). This was failing when the kernel does not support cpu burst: `openat2 /sys/fs/cgroup/runc-cgroups-integration-test/test-cgroup-22167/cpu.max.burst: no such file or directory` Signed-off-by: Akihiro Suda --- update.go | 126 +++++++++++++++++++++++++++++++----------------------- 1 file changed, 72 insertions(+), 54 deletions(-) diff --git a/update.go b/update.go index 5bcc441a173..4fef85f71fb 100644 --- a/update.go +++ b/update.go @@ -147,30 +147,13 @@ other options are ignored. } r := specs.LinuxResources{ + // nil and u64Ptr(0) are not interchangeable Memory: &specs.LinuxMemory{ - Limit: i64Ptr(0), - Reservation: i64Ptr(0), - Swap: i64Ptr(0), - Kernel: i64Ptr(0), - KernelTCP: i64Ptr(0), - CheckBeforeUpdate: boolPtr(false), - }, - CPU: &specs.LinuxCPU{ - Shares: u64Ptr(0), - Quota: i64Ptr(0), - Burst: u64Ptr(0), - Period: u64Ptr(0), - RealtimeRuntime: i64Ptr(0), - RealtimePeriod: u64Ptr(0), - Cpus: "", - Mems: "", - }, - BlockIO: &specs.LinuxBlockIO{ - Weight: u16Ptr(0), - }, - Pids: &specs.LinuxPids{ - Limit: 0, + CheckBeforeUpdate: boolPtr(false), // constant }, + CPU: &specs.LinuxCPU{}, + BlockIO: &specs.LinuxBlockIO{}, + Pids: &specs.LinuxPids{}, } config := container.Config() @@ -214,45 +197,45 @@ other options are ignored. for _, pair := range []struct { opt string - dest *uint64 + dest **uint64 }{ - {"cpu-burst", r.CPU.Burst}, - {"cpu-period", r.CPU.Period}, - {"cpu-rt-period", r.CPU.RealtimePeriod}, - {"cpu-share", r.CPU.Shares}, + {"cpu-burst", &r.CPU.Burst}, + {"cpu-period", &r.CPU.Period}, + {"cpu-rt-period", &r.CPU.RealtimePeriod}, + {"cpu-share", &r.CPU.Shares}, } { if val := context.String(pair.opt); val != "" { - var err error - *pair.dest, err = strconv.ParseUint(val, 10, 64) + v, err := strconv.ParseUint(val, 10, 64) if err != nil { return fmt.Errorf("invalid value for %s: %w", pair.opt, err) } + *pair.dest = &v } } for _, pair := range []struct { opt string - dest *int64 + dest **int64 }{ - {"cpu-quota", r.CPU.Quota}, - {"cpu-rt-runtime", r.CPU.RealtimeRuntime}, + {"cpu-quota", &r.CPU.Quota}, + {"cpu-rt-runtime", &r.CPU.RealtimeRuntime}, } { if val := context.String(pair.opt); val != "" { - var err error - *pair.dest, err = strconv.ParseInt(val, 10, 64) + v, err := strconv.ParseInt(val, 10, 64) if err != nil { return fmt.Errorf("invalid value for %s: %w", pair.opt, err) } + *pair.dest = &v } } for _, pair := range []struct { opt string - dest *int64 + dest **int64 }{ - {"memory", r.Memory.Limit}, - {"memory-swap", r.Memory.Swap}, - {"kernel-memory", r.Memory.Kernel}, //nolint:staticcheck // Ignore SA1019. Need to keep deprecated package for compatibility. - {"kernel-memory-tcp", r.Memory.KernelTCP}, - {"memory-reservation", r.Memory.Reservation}, + {"memory", &r.Memory.Limit}, + {"memory-swap", &r.Memory.Swap}, + {"kernel-memory", &r.Memory.Kernel}, //nolint:staticcheck // Ignore SA1019. Need to keep deprecated package for compatibility. + {"kernel-memory-tcp", &r.Memory.KernelTCP}, + {"memory-reservation", &r.Memory.Reservation}, } { if val := context.String(pair.opt); val != "" { var v int64 @@ -265,19 +248,31 @@ other options are ignored. } else { v = -1 } - *pair.dest = v + *pair.dest = &v } } r.Pids.Limit = int64(context.Int("pids-limit")) } - if *r.Memory.Kernel != 0 || *r.Memory.KernelTCP != 0 { //nolint:staticcheck // Ignore SA1019. Need to keep deprecated package for compatibility. + // Fix up values + if r.Memory.Limit != nil && *r.Memory.Limit == -1 && r.Memory.Swap == nil { + // To avoid error "unable to set swap limit without memory limit" + r.Memory.Swap = i64Ptr(0) + } + if r.CPU.Idle != nil && r.CPU.Shares == nil { + // To avoid error "failed to write \"4\": write /sys/fs/cgroup/runc-cgroups-integration-test/test-cgroup-7341/cpu.weight: invalid argument" + r.CPU.Shares = u64Ptr(0) + } + + if (r.Memory.Kernel != nil) || (r.Memory.KernelTCP != nil) { //nolint:staticcheck // Ignore SA1019. Need to keep deprecated package for compatibility. logrus.Warn("Kernel memory settings are ignored and will be removed") } // Update the values - config.Cgroups.Resources.BlkioWeight = *r.BlockIO.Weight + if r.BlockIO.Weight != nil { + config.Cgroups.Resources.BlkioWeight = *r.BlockIO.Weight + } // Setting CPU quota and period independently does not make much sense, // but historically runc allowed it and this needs to be supported @@ -290,7 +285,16 @@ other options are ignored. // Here in update, previously set values are available from config. // If only one of {quota,period} is set and the other is not, leave // the unset parameter at the old value (don't overwrite config). - p, q := *r.CPU.Period, *r.CPU.Quota + var ( + p uint64 + q int64 + ) + if r.CPU.Period != nil { + p = *r.CPU.Period + } + if r.CPU.Quota != nil { + q = *r.CPU.Quota + } if (p == 0 && q == 0) || (p != 0 && q != 0) { // both values are either set or unset (0) config.Cgroups.Resources.CpuPeriod = p @@ -306,19 +310,33 @@ other options are ignored. } } - config.Cgroups.Resources.CpuBurst = r.CPU.Burst - config.Cgroups.Resources.CpuShares = *r.CPU.Shares - // CpuWeight is used for cgroupv2 and should be converted - config.Cgroups.Resources.CpuWeight = cgroups.ConvertCPUSharesToCgroupV2Value(*r.CPU.Shares) - config.Cgroups.Resources.CpuRtPeriod = *r.CPU.RealtimePeriod - config.Cgroups.Resources.CpuRtRuntime = *r.CPU.RealtimeRuntime + config.Cgroups.Resources.CpuBurst = r.CPU.Burst // can be nil + if r.CPU.Shares != nil { + config.Cgroups.Resources.CpuShares = *r.CPU.Shares + // CpuWeight is used for cgroupv2 and should be converted + config.Cgroups.Resources.CpuWeight = cgroups.ConvertCPUSharesToCgroupV2Value(*r.CPU.Shares) + } + if r.CPU.RealtimePeriod != nil { + config.Cgroups.Resources.CpuRtPeriod = *r.CPU.RealtimePeriod + } + if r.CPU.RealtimeRuntime != nil { + config.Cgroups.Resources.CpuRtRuntime = *r.CPU.RealtimeRuntime + } config.Cgroups.Resources.CpusetCpus = r.CPU.Cpus config.Cgroups.Resources.CpusetMems = r.CPU.Mems - config.Cgroups.Resources.Memory = *r.Memory.Limit + if r.Memory.Limit != nil { + config.Cgroups.Resources.Memory = *r.Memory.Limit + } config.Cgroups.Resources.CPUIdle = r.CPU.Idle - config.Cgroups.Resources.MemoryReservation = *r.Memory.Reservation - config.Cgroups.Resources.MemorySwap = *r.Memory.Swap - config.Cgroups.Resources.MemoryCheckBeforeUpdate = *r.Memory.CheckBeforeUpdate + if r.Memory.Reservation != nil { + config.Cgroups.Resources.MemoryReservation = *r.Memory.Reservation + } + if r.Memory.Swap != nil { + config.Cgroups.Resources.MemorySwap = *r.Memory.Swap + } + if r.Memory.CheckBeforeUpdate != nil { + config.Cgroups.Resources.MemoryCheckBeforeUpdate = *r.Memory.CheckBeforeUpdate + } config.Cgroups.Resources.PidsLimit = r.Pids.Limit config.Cgroups.Resources.Unified = r.Unified From 5052c075109870dfb2f240caadc49a0318ff1fc3 Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Wed, 3 Apr 2024 15:09:49 +0100 Subject: [PATCH 0537/1176] tests/integration/mounts_sshfs.bats: Fix test on debian testing relatime is not shown on some debian systems. Let's check that no other setting that removes the relatime effect is set, as that should be enough too. For more info, see the issue linked in the comments. Signed-off-by: Rodrigo Campos --- tests/integration/mounts_sshfs.bats | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tests/integration/mounts_sshfs.bats b/tests/integration/mounts_sshfs.bats index 0bef01784f3..10a2c19b225 100644 --- a/tests/integration/mounts_sshfs.bats +++ b/tests/integration/mounts_sshfs.bats @@ -393,7 +393,11 @@ function fail_sshfs_bind_flags() { pass_sshfs_bind_flags "nodiratime" "bind" run -0 grep -wq nodiratime <<<"$mnt_flags" # MS_DIRATIME implies MS_RELATIME by default. - run -0 grep -wq relatime <<<"$mnt_flags" + # Let's check either relatime is set or no other option that removes + # relatime semantics is set. + # The latter case is needed in debian. For more info, see issue: #4093 + run -0 grep -wq relatime <<<"$mnt_flags" || + (run ! grep -wqE 'strictatime|norelatime|noatime' <<<"$mnt_flags") pass_sshfs_bind_flags "noatime,nodiratime" "bind" run -0 grep -wq noatime <<<"$mnt_flags" From 6b1f73088ba96c37409039d3eb64db8a3c364f79 Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Thu, 4 Apr 2024 15:12:50 +0100 Subject: [PATCH 0538/1176] tests/integration: Fix remount on debian testing When we run this: mount --bind -o remount,diratime,strictatime "$DIR" It fails in debian testing, when it is the second time we call this function in the same bats test (i.e. when $DIR is defined already). strace shows this syscall failing: mount_setattr(3, "", AT_EMPTY_PATH, {attr_set=MOUNT_ATTR_NOSUID|MOUNT_ATTR_NODEV|MOUNT_ATTR_NOEXEC|MOUNT_ATTR_NOATIME|MOUNT_ATTR_STRICTATIME, attr_clr=MOUNT_ATTR_RDONLY|MOUNT_ATTR_NOATIME|MOUNT_ATTR_STRICTATIME|MOUNT_ATTR_NODIRATIME|0x40, propagation=0 /* MS_??? */, userns_fd=0}, 32) = -1 EINVAL (Invalid argument) Note it has `MOUNT_ATTR_NOATIME` and `MOUNT_ATTR_STRICTATIME` which probably causes it to return EINVAL. This patch simply adds atime to the options, so the mount command now works and fixes most of the tests in debian testing. Signed-off-by: Rodrigo Campos --- tests/integration/mounts_sshfs.bats | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/integration/mounts_sshfs.bats b/tests/integration/mounts_sshfs.bats index 10a2c19b225..ad7c215c5c1 100644 --- a/tests/integration/mounts_sshfs.bats +++ b/tests/integration/mounts_sshfs.bats @@ -43,7 +43,7 @@ function setup_sshfs() { fi # Reset atime flags. "diratime" is quite a strange flag, so we need to make # sure it's cleared before we apply the requested flags. - mount --bind -o remount,diratime,strictatime "$DIR" + mount --bind -o remount,diratime,atime,strictatime "$DIR" # We need to set the mount flags separately on the mount because some mount # flags (such as "ro") are set on the superblock if you do them in the # initial mount, which means that they cannot be cleared by bind-mounts. From cde1d0908ad9b7199847330fad89b29ca59738af Mon Sep 17 00:00:00 2001 From: Sohan Kunkerkar Date: Wed, 10 Apr 2024 18:15:40 -0400 Subject: [PATCH 0539/1176] libcontainer: force apps to think fips is enabled/disabled for testing The motivation behind this change is to provide a flexible mechanism for containers within a Kubernetes cluster to opt out of FIPS mode when necessary. This change enables apps to simulate FIPS mode being enabled or disabled for testing purposes. Users can control whether apps believe FIPS mode is on or off by manipulating `/proc/sys/crypto/fips_enabled`. Signed-off-by: Sohan Kunkerkar --- libcontainer/rootfs_linux.go | 1 + libcontainer/rootfs_linux_test.go | 15 +++++++++++++++ 2 files changed, 16 insertions(+) diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index 89faea085a5..348d30fefe8 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -783,6 +783,7 @@ func checkProcMount(rootfs, dest string, m mountEntry) error { "/proc/slabinfo", "/proc/net/dev", "/proc/sys/kernel/ns_last_pid", + "/proc/sys/crypto/fips_enabled", } for _, valid := range validProcMounts { path, err := filepath.Rel(filepath.Join(rootfs, valid), dest) diff --git a/libcontainer/rootfs_linux_test.go b/libcontainer/rootfs_linux_test.go index 6ce099d256d..03bfbb8d121 100644 --- a/libcontainer/rootfs_linux_test.go +++ b/libcontainer/rootfs_linux_test.go @@ -134,6 +134,21 @@ func TestCheckMountDestNsLastPid(t *testing.T) { } } +func TestCheckCryptoFipsEnabled(t *testing.T) { + m := mountEntry{ + Mount: &configs.Mount{ + Destination: "/proc/sys/crypto/fips_enabled", + Source: "tmpfs", + Device: "tmpfs", + }, + } + dest := "/rootfs/proc/sys/crypto/fips_enabled" + err := checkProcMount("/rootfs", dest, m) + if err != nil { + t.Fatalf("/proc/sys/crypto/fips_enabled should not return an error: %v", err) + } +} + func TestNeedsSetupDev(t *testing.T) { config := &configs.Config{ Mounts: []*configs.Mount{ From afc23e33971b657c4a09c54b16c6139651171aad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Clerget?= Date: Fri, 30 Jun 2023 15:49:47 +0200 Subject: [PATCH 0540/1176] Set temporary single CPU affinity before cgroup cpuset transition. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This handles a corner case when joining a container having all the processes running exclusively on isolated CPU cores to force the kernel to schedule runc process on the first CPU core within the cgroups cpuset. The introduction of the kernel commit 46a87b3851f0d6eb05e6d83d5c5a30df0eca8f76 has affected this deterministic scheduling behavior by distributing tasks across CPU cores within the cgroups cpuset. Some intensive real-time application are relying on this deterministic behavior and use the first CPU core to run a slow thread while other CPU cores are fully used by real-time threads with SCHED_FIFO policy. Such applications prevents runc process from joining a container when the runc process is randomly scheduled on a CPU core owned by a real-time thread. Introduces isolated CPU affinity transition OCI runtime annotation org.opencontainers.runc.exec.isolated-cpu-affinity-transition to restore the behavior during runc exec. Fix issue with kernel >= 6.2 not resetting CPU affinity for container processes. Signed-off-by: CĂ©dric Clerget --- docs/isolated-cpu-affinity-transition.md | 125 ++++++++ features.go | 1 + libcontainer/cgroups/cgroups.go | 4 + libcontainer/cgroups/fs/fs.go | 27 ++ libcontainer/cgroups/fs2/fs2.go | 28 ++ libcontainer/cgroups/systemd/v1.go | 4 + libcontainer/cgroups/systemd/v2.go | 4 + libcontainer/container_linux_test.go | 4 + libcontainer/process_linux.go | 269 +++++++++++++++++- libcontainer/process_linux_test.go | 232 +++++++++++++++ libcontainer/system/kernelparam/lookup.go | 41 +++ .../system/kernelparam/lookup_test.go | 60 ++++ tests/integration/exec.bats | 136 +++++++++ tests/integration/helpers.bash | 21 ++ 14 files changed, 954 insertions(+), 2 deletions(-) create mode 100644 docs/isolated-cpu-affinity-transition.md create mode 100644 libcontainer/process_linux_test.go create mode 100644 libcontainer/system/kernelparam/lookup.go create mode 100644 libcontainer/system/kernelparam/lookup_test.go diff --git a/docs/isolated-cpu-affinity-transition.md b/docs/isolated-cpu-affinity-transition.md new file mode 100644 index 00000000000..d2f3b12e899 --- /dev/null +++ b/docs/isolated-cpu-affinity-transition.md @@ -0,0 +1,125 @@ +## Isolated CPU affinity transition + +The introduction of the kernel commit 46a87b3851f0d6eb05e6d83d5c5a30df0eca8f76 +in 5.7 has affected a deterministic scheduling behavior by distributing tasks +across CPU cores within a cgroups cpuset. It means that `runc exec` might be +impacted under some circumstances, by example when a container has been +created within a cgroup cpuset entirely composed of isolated CPU cores +usually sets either with `nohz_full` and/or `isolcpus` kernel boot parameters. + +Some containerized real-time applications are relying on this deterministic +behavior and uses the first CPU core to run a slow thread while other CPU +cores are fully used by the real-time threads with SCHED_FIFO policy. +Such applications can prevent runc process from joining a container when the +runc process is randomly scheduled on a CPU core owned by a real-time thread. + +Runc introduces a way to restore this behavior by adding the following +annotation to the container runtime spec (`config.json`): + +`org.opencontainers.runc.exec.isolated-cpu-affinity-transition` + +This annotation can take one of those values: + +* `temporary` to temporarily set the runc process CPU affinity to the first +isolated CPU core of the container cgroup cpuset. +* `definitive`: to definitively set the runc process CPU affinity to the first +isolated CPU core of the container cgroup cpuset. + +For example: + +```json + "annotations": { + "org.opencontainers.runc.exec.isolated-cpu-affinity-transition": "temporary" + } +``` + +__WARNING:__ `definitive` requires a kernel >= 6.2, also works with RHEL 9 and +above. + +### How it works? + +When enabled and during `runc exec`, runc is looking for the `nohz_full` kernel +boot parameter value and considers the CPUs in the list as isolated, it doesn't +look for `isolcpus` boot parameter, it just assumes that `isolcpus` value is +identical to `nohz_full` when specified. If `nohz_full` parameter is not found, +runc also attempts to read the list from `/sys/devices/system/cpu/nohz_full`. + +Once it gets the isolated CPU list, it returns an eligible CPU core within the +container cgroup cpuset based on those heuristics: + +* when there is not cpuset cores: no eligible CPU +* when there is not isolated cores: no eligible CPU +* when cpuset cores are not in isolated core list: no eligible CPU +* when cpuset cores are all isolated cores: return the first CPU of the cpuset +* when cpuset cores are mixed between housekeeping/isolated cores: return the + first housekeeping CPU not in isolated CPUs. + +The returned CPU core is then used to set the `runc init` CPU affinity before +the container cgroup cpuset transition. + +#### Transition example + +`nohz_full` has the isolated cores `4-7`. A container has been created with +the cgroup cpuset `4-7` to only run on the isolated CPU cores 4 to 7. +`runc exec` is called by a process with CPU affinity set to `0-3` + +* with `temporary` transition: + + runc exec (affinity 0-3) -> runc init (affinity 4) -> container process (affinity 4-7) + +* with `definitive` transition: + + runc exec (affinity 0-3) -> runc init (affinity 4) -> container process (affinity 4) + +The difference between `temporary` and `definitive` is the container process +affinity, `definitive` will constraint the container process to run on the +first isolated CPU core of the cgroup cpuset, while `temporary` restore the +CPU affinity to match the container cgroup cpuset. + +`definitive` transition might be helpful when `nohz_full` is used without +`isolcpus` to avoid runc and container process to be a noisy neighbour for +real-time applications. + +### How to use it with Kubernetes? + +Kubernetes doesn't manage container directly, instead it uses the Container Runtime +Interface (CRI) to communicate with a software implementing this interface and responsible +to manage the lifecycle of containers. There are popular CRI implementations like Containerd +and CRI-O. Those implementations allows to pass pod annotations to the container runtime +via the container runtime spec. Currently runc is the runtime used by default for both. + +#### Containerd configuration + +Containerd CRI uses runc by default but requires an extra step to pass the annotation to runc. +You have to whitelist `org.opencontainers.runc.exec.isolated-cpu-affinity-transition` as a pod +annotation allowed to be passed to the container runtime in `/etc/containerd/config.toml`: + +```toml +[plugins."io.containerd.grpc.v1.cri".containerd] + default_runtime_name = "runc" + [plugins."io.containerd.grpc.v1.cri".containerd.runtimes] + [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc] + runtime_type = "io.containerd.runc.v2" + base_runtime_spec = "/etc/containerd/cri-base.json" + pod_annotations = ["org.opencontainers.runc.exec.isolated-cpu-affinity-transition"] +``` + +#### CRI-O configuration + +CRI-O doesn't require any extra step, however some annotations could be excluded by +configuration. + +#### Pod deployment example + +```yaml +apiVersion: v1 +kind: Pod +metadata: + name: demo-pod + annotations: + org.opencontainers.runc.exec.isolated-cpu-affinity-transition: "temporary" +spec: + containers: + - name: demo + image: registry.com/demo:latest +``` diff --git a/features.go b/features.go index eff04c1b2d2..190b7d10422 100644 --- a/features.go +++ b/features.go @@ -68,6 +68,7 @@ var featuresCommand = cli.Command{ "bundle", "org.systemd.property.", // prefix form "org.criu.config", + "org.opencontainers.runc.exec.isolated-cpu-affinity-transition", }, } diff --git a/libcontainer/cgroups/cgroups.go b/libcontainer/cgroups/cgroups.go index b9ba889b7a0..d97c874eab6 100644 --- a/libcontainer/cgroups/cgroups.go +++ b/libcontainer/cgroups/cgroups.go @@ -71,4 +71,8 @@ type Manager interface { // OOMKillCount reports OOM kill count for the cgroup. OOMKillCount() (uint64, error) + + // GetEffectiveCPUs returns the effective CPUs of the cgroup, an empty + // value means that the cgroups cpuset subsystem/controller is not enabled. + GetEffectiveCPUs() string } diff --git a/libcontainer/cgroups/fs/fs.go b/libcontainer/cgroups/fs/fs.go index d2decb127ca..723d18b7637 100644 --- a/libcontainer/cgroups/fs/fs.go +++ b/libcontainer/cgroups/fs/fs.go @@ -4,6 +4,8 @@ import ( "errors" "fmt" "os" + "path/filepath" + "strings" "sync" "golang.org/x/sys/unix" @@ -263,3 +265,28 @@ func (m *Manager) OOMKillCount() (uint64, error) { return c, err } + +func (m *Manager) GetEffectiveCPUs() string { + return GetEffectiveCPUs(m.Path("cpuset"), m.cgroups) +} + +func GetEffectiveCPUs(cpusetPath string, cgroups *configs.Cgroup) string { + // Fast path. + if cgroups.CpusetCpus != "" { + return cgroups.CpusetCpus + } else if !strings.HasPrefix(cpusetPath, defaultCgroupRoot) { + return "" + } + + // Iterates until it goes to the cgroup root path. + // It's required for containers in which cpuset controller + // is not enabled, in this case a parent cgroup is used. + for path := cpusetPath; path != defaultCgroupRoot; path = filepath.Dir(path) { + cpus, err := fscommon.GetCgroupParamString(path, "cpuset.effective_cpus") + if err == nil { + return cpus + } + } + + return "" +} diff --git a/libcontainer/cgroups/fs2/fs2.go b/libcontainer/cgroups/fs2/fs2.go index 0760be74b97..0a579b23e84 100644 --- a/libcontainer/cgroups/fs2/fs2.go +++ b/libcontainer/cgroups/fs2/fs2.go @@ -4,11 +4,13 @@ import ( "errors" "fmt" "os" + "path/filepath" "strings" "github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/cgroups/fscommon" "github.com/opencontainers/runc/libcontainer/configs" + "github.com/opencontainers/runc/libcontainer/utils" ) type parseError = fscommon.ParseError @@ -32,6 +34,9 @@ func NewManager(config *configs.Cgroup, dirPath string) (*Manager, error) { if err != nil { return nil, err } + } else { + // Clean path for safety. + dirPath = utils.CleanPath(dirPath) } m := &Manager{ @@ -316,3 +321,26 @@ func CheckMemoryUsage(dirPath string, r *configs.Resources) error { return nil } + +func (m *Manager) GetEffectiveCPUs() string { + // Fast path. + if m.config.CpusetCpus != "" { + return m.config.CpusetCpus + } else if !strings.HasPrefix(m.dirPath, UnifiedMountpoint) { + return "" + } + + // Iterates until it goes outside of the cgroup root path. + // It's required for containers in which cpuset controller + // is not enabled, in this case a parent cgroup is used. + outsidePath := filepath.Dir(UnifiedMountpoint) + + for path := m.dirPath; path != outsidePath; path = filepath.Dir(path) { + cpus, err := fscommon.GetCgroupParamString(path, "cpuset.cpus.effective") + if err == nil { + return cpus + } + } + + return "" +} diff --git a/libcontainer/cgroups/systemd/v1.go b/libcontainer/cgroups/systemd/v1.go index 8c64a5887a9..e04e35682cd 100644 --- a/libcontainer/cgroups/systemd/v1.go +++ b/libcontainer/cgroups/systemd/v1.go @@ -411,3 +411,7 @@ func (m *LegacyManager) Exists() bool { func (m *LegacyManager) OOMKillCount() (uint64, error) { return fs.OOMKillCount(m.Path("memory")) } + +func (m *LegacyManager) GetEffectiveCPUs() string { + return fs.GetEffectiveCPUs(m.Path("cpuset"), m.cgroups) +} diff --git a/libcontainer/cgroups/systemd/v2.go b/libcontainer/cgroups/systemd/v2.go index b28ec6b22f2..2c4a8c4c3ac 100644 --- a/libcontainer/cgroups/systemd/v2.go +++ b/libcontainer/cgroups/systemd/v2.go @@ -514,3 +514,7 @@ func (m *UnifiedManager) Exists() bool { func (m *UnifiedManager) OOMKillCount() (uint64, error) { return m.fsMgr.OOMKillCount() } + +func (m *UnifiedManager) GetEffectiveCPUs() string { + return m.fsMgr.GetEffectiveCPUs() +} diff --git a/libcontainer/container_linux_test.go b/libcontainer/container_linux_test.go index 99908376562..c76178d808a 100644 --- a/libcontainer/container_linux_test.go +++ b/libcontainer/container_linux_test.go @@ -69,6 +69,10 @@ func (m *mockCgroupManager) GetFreezerState() (configs.FreezerState, error) { return configs.Thawed, nil } +func (m *mockCgroupManager) GetEffectiveCPUs() string { + return "" +} + type mockProcess struct { _pid int started uint64 diff --git a/libcontainer/process_linux.go b/libcontainer/process_linux.go index 6d51eada2b3..93c0e313e00 100644 --- a/libcontainer/process_linux.go +++ b/libcontainer/process_linux.go @@ -1,11 +1,13 @@ package libcontainer import ( + "bytes" "context" "encoding/json" "errors" "fmt" "io" + "io/fs" "net" "os" "os/exec" @@ -21,10 +23,12 @@ import ( "github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/cgroups/fs2" + "github.com/opencontainers/runc/libcontainer/cgroups/systemd" "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/intelrdt" "github.com/opencontainers/runc/libcontainer/logs" "github.com/opencontainers/runc/libcontainer/system" + "github.com/opencontainers/runc/libcontainer/system/kernelparam" "github.com/opencontainers/runc/libcontainer/userns" "github.com/opencontainers/runc/libcontainer/utils" ) @@ -133,8 +137,58 @@ func (p *setnsProcess) start() (retErr error) { // get the "before" value of oom kill count oom, _ := p.manager.OOMKillCount() - err := p.cmd.Start() - // close the child-side of the pipes (controlled by child) + + // When greater or equal to zero, it will set a temporary single CPU + // affinity before cgroup cpuset transition, this handles a corner + // case when joining a container having all the processes running + // exclusively on isolated CPU cores to force the kernel to schedule + // runc process on the first CPU core within the cgroups cpuset. + // The introduction of the kernel commit 46a87b3851f0d6eb05e6d83d5c5a30df0eca8f76 + // in 5.7 has affected this deterministic scheduling behavior by + // distributing tasks across CPU cores within the cgroups cpuset. + // Some intensive real-time application are relying on this + // deterministic behavior and use the first CPU core to run a slow + // thread while other CPU cores are fully used by real-time threads + // with SCHED_FIFO policy. Such applications prevent runc process + // from joining a container when the runc process is randomly + // scheduled on a CPU core owned by a real-time thread. + cpuAffinity := -1 + resetCPUAffinity := true + + if len(p.manager.GetPaths()) > 0 { + // Get the target container cgroup. + if cg, err := p.manager.GetCgroups(); err != nil { + // Close the pipe to not be blocked in the parent. + p.comm.closeChild() + return fmt.Errorf("getting container cgroups: %w", err) + } else if cg.CpusetCpus != "" { + definitive := false + + _, annotations := utils.Annotations(p.config.Config.Labels) + cpuAffinity, definitive, err = isolatedCPUAffinityTransition( + os.DirFS("/"), + cg.CpusetCpus, + annotations, + ) + if err != nil { + // Close the pipe to not be blocked in the parent. + p.comm.closeChild() + return fmt.Errorf("getting CPU affinity: %w", err) + } else if definitive { + resetCPUAffinity = false + } + } + } + + var err error + + if cpuAffinity < 0 { + err = p.cmd.Start() + } else { + err = startCommandWithCPUAffinity(p.cmd, cpuAffinity) + } + + // Close the write-side of the pipes (controlled by child). p.comm.closeChild() if err != nil { return fmt.Errorf("error starting setns process: %w", err) @@ -193,6 +247,18 @@ func (p *setnsProcess) start() (retErr error) { } } } + + if resetCPUAffinity { + // Fix the container process CPU affinity to match container cgroup cpuset, + // since kernel 6.2, the runc CPU affinity might affect the container process + // CPU affinity after cgroup cpuset transition, by example if runc is running + // with CPU affinity 0-1 and container process has cpuset.cpus set to 1-2, the + // resulting container process CPU affinity will be 1 instead of 1-2. + if err := fixProcessCPUAffinity(p.pid(), p.manager); err != nil { + return fmt.Errorf("error resetting container process CPU affinity: %w", err) + } + } + if p.intelRdtPath != "" { // if Intel RDT "resource control" filesystem path exists _, err := os.Stat(p.intelRdtPath) @@ -744,6 +810,14 @@ func (p *initProcess) start() (retErr error) { if err := p.manager.Set(p.config.Config.Cgroups.Resources); err != nil { return fmt.Errorf("error setting cgroup config for procHooks process: %w", err) } + // Reset container process CPU affinity to match container cgroup cpuset, + // since kernel 6.2, the runc CPU affinity might affect the container process + // CPU affinity after cgroup cpuset transition, by example if runc is running + // with CPU affinity 0-1 and container process has cpuset.cpus set to 1-2, the + // resulting container process CPU affinity will be 1 instead of 1-2. + if err := fixProcessCPUAffinity(p.pid(), p.manager); err != nil { + return fmt.Errorf("error resetting container process CPU affinity: %w", err) + } if p.intelRdtManager != nil { if err := p.intelRdtManager.Set(p.config.Config); err != nil { return fmt.Errorf("error setting Intel RDT config for procHooks process: %w", err) @@ -995,5 +1069,196 @@ func setIOPriority(ioprio *configs.IOPriority) error { if errno != 0 { return fmt.Errorf("failed to set io priority: %w", errno) } + + return nil +} + +// isolatedCPUAffinityTransition returns a CPU affinity if necessary based on heuristics +// and org.opencontainers.runc.exec.isolated-cpu-affinity-transition annotation value. +func isolatedCPUAffinityTransition(rootFS fs.FS, cpusetList string, annotations map[string]string) (int, bool, error) { + const ( + isolatedCPUAffinityTransitionAnnotation = "org.opencontainers.runc.exec.isolated-cpu-affinity-transition" + nohzFullParam = "nohz_full" + ) + + definitive := false + + transition := annotations[isolatedCPUAffinityTransitionAnnotation] + switch transition { + case "temporary": + case "definitive": + definitive = true + default: + if transition != "" { + return -1, false, fmt.Errorf( + "unknown transition value %q for annotation %s", + transition, isolatedCPUAffinityTransitionAnnotation, + ) + } + return -1, false, nil + } + + kernelParams, err := kernelparam.LookupKernelBootParameters( + rootFS, + nohzFullParam, + ) + if err != nil { + // If /proc/cmdline does not exist or isn't readable, continue to read + // nohz_full from sysfs below. + if !errors.Is(err, os.ErrNotExist) && !errors.Is(err, os.ErrPermission) { + return -1, false, err + } + } + + // First get nohz_full value from kernel boot params, if not + // present, get the value from sysfs, to cover the case where + // CONFIG_NO_HZ_FULL_ALL is set, it also makes the integration + // tests not dependent on /sys/devices/system/cpu/nohz_full. + isolatedList := kernelParams[nohzFullParam] + if isolatedList == "" { + // Get the isolated CPU list, the error is not checked here because + // no matter what the error is, it returns without error the same way + // as with empty data. + isolatedData, _ := fs.ReadFile(rootFS, "sys/devices/system/cpu/nohz_full") + isolatedList = string(bytes.TrimSpace(isolatedData)) + if isolatedList == "" || isolatedList == "(null)" { + return -1, false, nil + } + } + + cpu, err := getEligibleCPU(cpusetList, isolatedList) + if err != nil { + return -1, false, fmt.Errorf("getting eligible cpu: %w", err) + } else if cpu == -1 { + definitive = false + } + + return cpu, definitive, nil +} + +// getEligibleCPU returns the first eligible CPU for CPU affinity before +// entering in a cgroup cpuset: +// - when there is not cpuset cores: no eligible CPU (-1) +// - when there is not isolated cores: no eligible CPU (-1) +// - when cpuset cores are not in isolated cores: no eligible CPU (-1) +// - when cpuset cores are all isolated cores: return the first CPU of the cpuset +// - when cpuset cores are mixed between housekeeping/isolated cores: return the +// first housekeeping CPU not in isolated CPUs. +func getEligibleCPU(cpusetList, isolatedList string) (int, error) { + if isolatedList == "" || cpusetList == "" { + return -1, nil + } + + // The target container has a cgroup cpuset, get the bit range. + cpusetBits, err := systemd.RangeToBits(cpusetList) + if err != nil { + return -1, fmt.Errorf("parsing cpuset cpus list %s: %w", cpusetList, err) + } + + isolatedBits, err := systemd.RangeToBits(isolatedList) + if err != nil { + return -1, fmt.Errorf("parsing isolated cpus list %s: %w", isolatedList, err) + } + + eligibleCore := -1 + isolatedCores := 0 + + // Start from cpu core #0. + currentCore := 0 + // Handle mixed sets. + mixed := false + + // CPU core start from the first slice element and bits are read + // from the least to the most significant bit. + for byteRange := 0; byteRange < len(cpusetBits); byteRange++ { + if byteRange >= len(isolatedBits) { + // No more isolated cores. + break + } + for bit := 0; bit < 8; bit++ { + if cpusetBits[byteRange]&(1< 0 { + return eligibleCore, nil + } + } + currentCore++ + } + } + + // We have an eligible CPU if there is at least one isolated CPU in the cpuset. + if isolatedCores == 0 { + return -1, nil + } + + return eligibleCore, nil +} + +// startCommandWithCPUAffinity starts a command on a specific CPU if set. +func startCommandWithCPUAffinity(cmd *exec.Cmd, cpuAffinity int) error { + errCh := make(chan error) + defer close(errCh) + + // Use a goroutine to dedicate an OS thread. + go func() { + cpuSet := new(unix.CPUSet) + cpuSet.Zero() + cpuSet.Set(cpuAffinity) + + // Don't call runtime.UnlockOSThread to terminate the OS thread + // when goroutine exits. + runtime.LockOSThread() + + // Command inherits the CPU affinity. + if err := unix.SchedSetaffinity(unix.Gettid(), cpuSet); err != nil { + errCh <- fmt.Errorf("setting os thread CPU affinity: %w", err) + return + } + + errCh <- cmd.Start() + }() + + return <-errCh +} + +// fixProcessCPUAffinity sets the CPU affinity of a container process +// to all CPUs allowed by container cgroup cpuset. +func fixProcessCPUAffinity(pid int, manager cgroups.Manager) error { + cpusetList := manager.GetEffectiveCPUs() + if cpusetList == "" { + // If the cgroup cpuset is not present, the container will inherit + // this process CPU affinity, so it can return without further actions. + return nil + } + + cpusetBits, err := systemd.RangeToBits(cpusetList) + if err != nil { + return fmt.Errorf("parsing cpuset cpus list %s: %w", cpusetList, err) + } + + processCPUSet := new(unix.CPUSet) + + for byteRange := 0; byteRange < len(cpusetBits); byteRange++ { + for bit := 0; bit < 8; bit++ { + processCPUSet.Set(byteRange*8 + bit) + } + } + + if err := unix.SchedSetaffinity(pid, processCPUSet); err != nil { + return fmt.Errorf("setting process PID %d CPU affinity: %w", pid, err) + } + return nil } diff --git a/libcontainer/process_linux_test.go b/libcontainer/process_linux_test.go new file mode 100644 index 00000000000..8303643967b --- /dev/null +++ b/libcontainer/process_linux_test.go @@ -0,0 +1,232 @@ +package libcontainer + +import ( + "io/fs" + "testing" + "testing/fstest" +) + +func TestIsolatedCPUAffinityTransition(t *testing.T) { + const isolatedCPUAffinityTransitionAnnotation = "org.opencontainers.runc.exec.isolated-cpu-affinity-transition" + + noAffinity := -1 + temporaryTransition := "temporary" + definitiveTransition := "definitive" + + tests := []struct { + name string + testFS fs.FS + cpuset string + expectedErr bool + expectedAffinityCore int + expectedDefinitiveTransition bool + annotations map[string]string + }{ + { + name: "no affinity", + cpuset: "0-15", + testFS: fstest.MapFS{ + "sys/devices/system/cpu/nohz_full": &fstest.MapFile{Data: []byte("0-4\n")}, + }, + expectedAffinityCore: noAffinity, + expectedDefinitiveTransition: false, + }, + { + name: "affinity match with temporary transition", + cpuset: "3-4", + testFS: fstest.MapFS{ + "sys/devices/system/cpu/nohz_full": &fstest.MapFile{Data: []byte("0-4\n")}, + }, + expectedAffinityCore: 3, + expectedDefinitiveTransition: false, + annotations: map[string]string{ + isolatedCPUAffinityTransitionAnnotation: temporaryTransition, + }, + }, + { + name: "affinity match with temporary transition and nohz_full boot param", + cpuset: "3-4", + testFS: fstest.MapFS{ + "proc/cmdline": &fstest.MapFile{Data: []byte("nohz_full=0-4\n")}, + }, + expectedAffinityCore: 3, + expectedDefinitiveTransition: false, + annotations: map[string]string{ + isolatedCPUAffinityTransitionAnnotation: temporaryTransition, + }, + }, + { + name: "affinity match with definitive transition", + cpuset: "3-4", + testFS: fstest.MapFS{ + "sys/devices/system/cpu/nohz_full": &fstest.MapFile{Data: []byte("0-4\n")}, + }, + expectedAffinityCore: 3, + expectedDefinitiveTransition: true, + annotations: map[string]string{ + isolatedCPUAffinityTransitionAnnotation: definitiveTransition, + }, + }, + { + name: "affinity match with definitive transition and nohz_full boot param", + cpuset: "3-4", + testFS: fstest.MapFS{ + "proc/cmdline": &fstest.MapFile{Data: []byte("nohz_full=0-4\n")}, + }, + expectedAffinityCore: 3, + expectedDefinitiveTransition: true, + annotations: map[string]string{ + isolatedCPUAffinityTransitionAnnotation: definitiveTransition, + }, + }, + { + name: "affinity error with bad isolated set", + cpuset: "0-15", + testFS: fstest.MapFS{ + "sys/devices/system/cpu/nohz_full": &fstest.MapFile{Data: []byte("bad_isolated_set\n")}, + }, + expectedErr: true, + expectedAffinityCore: noAffinity, + annotations: map[string]string{ + isolatedCPUAffinityTransitionAnnotation: temporaryTransition, + }, + }, + { + name: "affinity error with bad isolated set for nohz_full boot param", + cpuset: "0-15", + testFS: fstest.MapFS{ + "proc/cmdline": &fstest.MapFile{Data: []byte("nohz_full=bad_isolated_set\n")}, + }, + expectedErr: true, + expectedAffinityCore: noAffinity, + annotations: map[string]string{ + isolatedCPUAffinityTransitionAnnotation: temporaryTransition, + }, + }, + { + name: "no affinity with null isolated set value", + cpuset: "0-15", + testFS: fstest.MapFS{ + "sys/devices/system/cpu/nohz_full": &fstest.MapFile{Data: []byte("(null)\n")}, + }, + expectedAffinityCore: noAffinity, + expectedDefinitiveTransition: false, + annotations: map[string]string{ + isolatedCPUAffinityTransitionAnnotation: temporaryTransition, + }, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + affinityCore, definitive, err := isolatedCPUAffinityTransition(tt.testFS, tt.cpuset, tt.annotations) + if err != nil && !tt.expectedErr { + t.Fatalf("unexpected error: %s", err) + } else if err == nil && tt.expectedErr { + t.Fatalf("unexpected success") + } else if tt.expectedDefinitiveTransition != definitive { + t.Fatalf("expected reset affinity %t: got %t instead", tt.expectedDefinitiveTransition, definitive) + } else if tt.expectedAffinityCore != affinityCore { + t.Fatalf("expected affinity core %d: got %d instead", tt.expectedAffinityCore, affinityCore) + } + }) + } +} + +func TestGetEligibleCPU(t *testing.T) { + tests := []struct { + name string + cpuset string + isolset string + expectedErr bool + expectedAffinityCore int + expectedEligible bool + }{ + { + name: "no cpuset", + isolset: "2-15,18-31,34-47", + expectedEligible: false, + }, + { + name: "no isolated set", + cpuset: "0-15", + expectedEligible: false, + }, + { + name: "bad cpuset format", + cpuset: "core0 to core15", + isolset: "2-15,18-31,34-47", + expectedErr: true, + }, + { + name: "bad isolated set format", + cpuset: "0-15", + isolset: "core0 to core15", + expectedErr: true, + }, + { + name: "no eligible core", + cpuset: "0-1,16-17,32-33", + isolset: "2-15,18-31,34-47", + expectedEligible: false, + }, + { + name: "no eligible core inverted", + cpuset: "2-15,18-31,34-47", + isolset: "0-1,16-17,32-33", + expectedEligible: false, + }, + { + name: "eligible core mixed", + cpuset: "8-31", + isolset: "2-15,18-31,34-47", + expectedEligible: true, + expectedAffinityCore: 16, + }, + { + name: "eligible core #4", + cpuset: "4-7", + isolset: "2-15,18-31,34-47", + expectedEligible: true, + expectedAffinityCore: 4, + }, + { + name: "eligible core #40", + cpuset: "40-47", + isolset: "2-15,18-31,34-47", + expectedEligible: true, + expectedAffinityCore: 40, + }, + { + name: "eligible core #24", + cpuset: "24-31", + isolset: "2-15,18-31,34-47", + expectedEligible: true, + expectedAffinityCore: 24, + }, + { + name: "no eligible core small isolated set", + cpuset: "60-63", + isolset: "0-1", + expectedEligible: false, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + affinityCore, err := getEligibleCPU(tt.cpuset, tt.isolset) + eligible := affinityCore >= 0 + if err != nil && !tt.expectedErr { + t.Fatalf("unexpected error: %s", err) + } else if err == nil && tt.expectedErr { + t.Fatalf("unexpected success") + } else if tt.expectedEligible && !eligible { + t.Fatalf("was expecting eligible core but no eligible core returned") + } else if !tt.expectedEligible && eligible { + t.Fatalf("was not expecting eligible core but got eligible core") + } else if tt.expectedEligible && tt.expectedAffinityCore != affinityCore { + t.Fatalf("expected affinity core %d: got %d instead", tt.expectedAffinityCore, affinityCore) + } + }) + } +} diff --git a/libcontainer/system/kernelparam/lookup.go b/libcontainer/system/kernelparam/lookup.go new file mode 100644 index 00000000000..4cf452412ff --- /dev/null +++ b/libcontainer/system/kernelparam/lookup.go @@ -0,0 +1,41 @@ +package kernelparam + +import ( + "io/fs" + "strings" +) + +func runeFilter(c rune) bool { + return c < '!' || c > '~' +} + +// LookupKernelBootParameters returns the selected kernel parameters specified +// in the kernel command line. The parameters are returned as a map of key-value pairs. +func LookupKernelBootParameters(rootFS fs.FS, lookupParameters ...string) (map[string]string, error) { + cmdline, err := fs.ReadFile(rootFS, "proc/cmdline") + if err != nil { + return nil, err + } + + kernelParameters := make(map[string]string) + remaining := len(lookupParameters) + + for _, parameter := range strings.FieldsFunc(string(cmdline), runeFilter) { + if remaining == 0 { + break + } + idx := strings.IndexByte(parameter, '=') + if idx == -1 { + continue + } + for _, lookupParam := range lookupParameters { + if lookupParam == parameter[:idx] { + kernelParameters[lookupParam] = parameter[idx+1:] + remaining-- + break + } + } + } + + return kernelParameters, nil +} diff --git a/libcontainer/system/kernelparam/lookup_test.go b/libcontainer/system/kernelparam/lookup_test.go new file mode 100644 index 00000000000..9d906301eb4 --- /dev/null +++ b/libcontainer/system/kernelparam/lookup_test.go @@ -0,0 +1,60 @@ +package kernelparam + +import ( + "testing" + "testing/fstest" +) + +func TestLookupKernelBootParameters(t *testing.T) { + for _, test := range []struct { + cmdline string + lookupParameters []string + expectedKernelParameters map[string]string + }{ + { + cmdline: "root=/dev/sda1 ro console=ttyS0 console=tty0", + lookupParameters: []string{"root"}, + expectedKernelParameters: map[string]string{ + "root": "/dev/sda1", + }, + }, + { + cmdline: "ro runc.kernel_parameter=a_value console=ttyS0 console=tty0", + lookupParameters: []string{"runc.kernel_parameter"}, + expectedKernelParameters: map[string]string{ + "runc.kernel_parameter": "a_value", + }, + }, + { + cmdline: "ro runc.kernel_parameter_a=value_a runc.kernel_parameter_b=value_a:value_b", + lookupParameters: []string{ + "runc.kernel_parameter_a", + "runc.kernel_parameter_b", + }, + expectedKernelParameters: map[string]string{ + "runc.kernel_parameter_a": "value_a", + "runc.kernel_parameter_b": "value_a:value_b", + }, + }, + { + cmdline: "root=/dev/sda1 ro console=ttyS0 console=tty0", + lookupParameters: []string{"runc.kernel_parameter_a"}, + expectedKernelParameters: map[string]string{}, + }, + } { + params, err := LookupKernelBootParameters(fstest.MapFS{ + "proc/cmdline": &fstest.MapFile{Data: []byte(test.cmdline + "\n")}, + }, test.lookupParameters...) + if err != nil { + t.Fatalf("unexpected error: %s", err) + } + if len(params) != len(test.expectedKernelParameters) { + t.Fatalf("expected %d parameters, got %d", len(test.expectedKernelParameters), len(params)) + } + for k, v := range test.expectedKernelParameters { + if params[k] != v { + t.Fatalf("expected parameter %s to be %s, got %s", k, v, params[k]) + } + } + } +} diff --git a/tests/integration/exec.bats b/tests/integration/exec.bats index a92a237809d..c0ea7f5dce6 100644 --- a/tests/integration/exec.bats +++ b/tests/integration/exec.bats @@ -340,3 +340,139 @@ EOF [ ${#lines[@]} -eq 1 ] [[ ${lines[0]} = *"exec /run.sh: no such file or directory"* ]] } + +@test "runc exec with isolated cpus affinity temporary transition [cgroup cpuset]" { + requires root cgroups_cpuset + + tmp=$(mktemp -d "$BATS_RUN_TMPDIR/runc.XXXXXX") + + set_cgroup_cpuset_all_cpus + local all_cpus + all_cpus="$(get_all_online_cpus)" + + # set temporary isolated CPU affinity transition + update_config '.annotations += {"org.opencontainers.runc.exec.isolated-cpu-affinity-transition": "temporary"}' + + runc run -d --console-socket "$CONSOLE_SOCKET" test_isolated_temporary_transition + [ "$status" -eq 0 ] + + # set all online cpus as isolated + echo "nohz_full=$all_cpus" >"$tmp/cmdline" + + mount --bind "$tmp/cmdline" /proc/cmdline + + runc exec test_isolated_temporary_transition grep "Cpus_allowed_list:" /proc/self/status + + umount /proc/cmdline + + [ "$status" -eq 0 ] + [[ "${lines[0]}" == "Cpus_allowed_list: $all_cpus" ]] +} + +@test "runc exec with isolated cpus affinity definitive transition [cgroup cpuset]" { + requires root cgroups_cpuset + + tmp=$(mktemp -d "$BATS_RUN_TMPDIR/runc.XXXXXX") + + set_cgroup_cpuset_all_cpus + local all_cpus + all_cpus="$(get_all_online_cpus)" + + # set definitive isolated CPU affinity transition + update_config '.annotations += {"org.opencontainers.runc.exec.isolated-cpu-affinity-transition": "definitive"}' + + runc run -d --console-socket "$CONSOLE_SOCKET" test_isolated_definitive_transition + [ "$status" -eq 0 ] + + # set all online cpus as isolated + echo "nohz_full=$all_cpus" >"$tmp/cmdline" + + mount --bind "$tmp/cmdline" /proc/cmdline + + runc exec test_isolated_definitive_transition grep "Cpus_allowed_list:" /proc/self/status + + umount /proc/cmdline + + [ "$status" -eq 0 ] + + load /etc/os-release + + # fix unbound variable in condition below + VERSION_ID=${VERSION_ID:-} + + allowed_cpus=$all_cpus + # use first cpu on systems with RHEL >= 9 or systems with kernel >= 6.2 + if [[ "${ID_LIKE:-}" =~ "rhel" && "${VERSION_ID%%.*}" -ge "9" ]] || is_kernel_gte 6.2; then + allowed_cpus="$(get_first_online_cpu)" + fi + + [[ "${lines[0]}" == "Cpus_allowed_list: $allowed_cpus" ]] +} + +@test "runc exec with isolated cpus affinity bad transition [cgroup cpuset]" { + requires root cgroups_cpuset + + tmp=$(mktemp -d "$BATS_RUN_TMPDIR/runc.XXXXXX") + + set_cgroup_cpuset_all_cpus + local all_cpus + all_cpus="$(get_all_online_cpus)" + + # set a bad isolated CPU affinity transition + update_config '.annotations += {"org.opencontainers.runc.exec.isolated-cpu-affinity-transition": "bad"}' + + runc run -d --console-socket "$CONSOLE_SOCKET" test_isolated_bad_transition + [ "$status" -eq 0 ] + + # set all online cpus as isolated + echo "nohz_full=$all_cpus" >"$tmp/cmdline" + + mount --bind "$tmp/cmdline" /proc/cmdline + + runc exec test_isolated_bad_transition true + + umount /proc/cmdline + + [ "$status" -eq 255 ] +} + +@test "runc exec with taskset affinity [cgroup cpuset]" { + requires root cgroups_cpuset + + set_cgroup_cpuset_all_cpus + local all_cpus + all_cpus="$(get_all_online_cpus)" + + taskset -p -c "$(get_first_online_cpu)" $$ + + runc run -d --console-socket "$CONSOLE_SOCKET" test_with_taskset + [ "$status" -eq 0 ] + + runc exec test_with_taskset grep "Cpus_allowed_list:" /proc/1/status + [ "$status" -eq 0 ] + [[ "${lines[0]}" == "Cpus_allowed_list: $all_cpus" ]] + + runc exec test_with_taskset grep "Cpus_allowed_list:" /proc/self/status + [ "$status" -eq 0 ] + [[ "${lines[0]}" == "Cpus_allowed_list: $all_cpus" ]] +} + +@test "runc exec with taskset affinity [rootless cgroups_v2]" { + requires rootless cgroups_v2 + + local all_cpus + all_cpus="$(get_all_online_cpus)" + + taskset -p -c "$(get_first_online_cpu)" $$ + + runc run -d --console-socket "$CONSOLE_SOCKET" test_with_taskset + [ "$status" -eq 0 ] + + runc exec test_with_taskset grep "Cpus_allowed_list:" /proc/1/status + [ "$status" -eq 0 ] + [[ "${lines[0]}" == "Cpus_allowed_list: $all_cpus" ]] + + runc exec test_with_taskset grep "Cpus_allowed_list:" /proc/self/status + [ "$status" -eq 0 ] + [[ "${lines[0]}" == "Cpus_allowed_list: $all_cpus" ]] +} diff --git a/tests/integration/helpers.bash b/tests/integration/helpers.bash index e8a2894b915..6b836f15d41 100755 --- a/tests/integration/helpers.bash +++ b/tests/integration/helpers.bash @@ -354,6 +354,27 @@ function set_cgroup_mount_writable() { update_config '.mounts |= map((select(.type == "cgroup") | .options -= ["ro"]) // .)' } +# Helper function to get all online cpus. +function get_all_online_cpus() { + cat /sys/devices/system/cpu/online +} + +# Helper function to get the first online cpu. +function get_first_online_cpu() { + [[ $(get_all_online_cpus) =~ [^0-9]*([0-9]+)([-,][0-9]+)? ]] && echo "${BASH_REMATCH[1]}" +} + +# Helper function to set all cpus/mems in container cgroup cpuset. +function set_cgroup_cpuset_all_cpus() { + update_config ".linux.resources.cpu.cpus = \"$(get_all_online_cpus)\"" + + local mems + mems="$(cat /sys/devices/system/node/online 2>/dev/null || true)" + if [[ -n $mems ]]; then + update_config ".linux.resources.cpu.mems = \"$mems\"" + fi +} + # Fails the current test, providing the error given. function fail() { echo "$@" >&2 From 4f3319b56d1c7e4cab4420e54761a006a04cc47f Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 17 Apr 2024 14:16:35 -0700 Subject: [PATCH 0541/1176] libct: decouple libct/cg/devices Commit b6967fa84c26 moved the functionality of managing cgroup devices into a separate package, and decoupled libcontainer/cgroups from it. Yet, some software (e.g. cadvisor) may need to use libcontainer package, which imports libcontainer/cgroups/devices, thus making it impossible to use libcontainer without bringing in cgroup/devices dependency. In fact, we only need to manage devices in runc binary, so move the import to main.go. The need to import libct/cg/dev in order to manage devices is already documented in libcontainer/cgroups, but let's - update that documentation; - add a similar note to libcontainer/cgroups/systemd; - add a note to libct README. Signed-off-by: Kir Kolyshkin --- CHANGELOG.md | 5 +++++ libcontainer/README.md | 27 ++++++++++++++++++++++---- libcontainer/cgroups/cgroups.go | 3 ++- libcontainer/cgroups/systemd/common.go | 5 +++++ libcontainer/factory_linux.go | 2 -- main.go | 2 ++ 6 files changed, 37 insertions(+), 7 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4d89ec538bc..24997f7692c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Changed + + * libcontainer/cgroups users who want to manage cgroup devices need to explicitly + import libcontainer/cgroups/devices. (#3452, #4248) + ## [1.2.0-rc.1] - 2024-04-03 > There's a frood who really knows where his towel is. diff --git a/libcontainer/README.md b/libcontainer/README.md index 0a4ae96c9b3..50e9a1325b5 100644 --- a/libcontainer/README.md +++ b/libcontainer/README.md @@ -8,11 +8,13 @@ It allows you to manage the lifecycle of the container performing additional ope after the container is created. -#### Container +## Container A container is a self contained execution environment that shares the kernel of the host system and which is (optionally) isolated from other containers in the system. -#### Using libcontainer +## Using libcontainer + +### Container init Because containers are spawned in a two step process you will need a binary that will be executed as the init process for the container. In libcontainer, we use @@ -27,7 +29,24 @@ For details on how runc implements such "init", see [init.go](https://github.com/opencontainers/runc/blob/master/init.go) and [libcontainer/init_linux.go](https://github.com/opencontainers/runc/blob/master/libcontainer/init_linux.go). -Then to create a container you first have to create a configuration +### Device management + +If you want containers that have access to some devices, you need to import +this package into your code: + +```go + import ( + _ "github.com/opencontainers/runc/libcontainer/cgroups/devices" + ) +``` + +Without doing this, libcontainer cgroup manager won't be able to set up device +access rules, and will fail if devices are specified in the container +configuration. + +### Container creation + +To create a container you first have to create a configuration struct describing how the container is to be created. A sample would look similar to this: ```go @@ -274,7 +293,7 @@ state, err := container.State() ``` -#### Checkpoint & Restore +## Checkpoint & Restore libcontainer now integrates [CRIU](http://criu.org/) for checkpointing and restoring containers. This lets you save the state of a process running inside a container to disk, and then restore diff --git a/libcontainer/cgroups/cgroups.go b/libcontainer/cgroups/cgroups.go index d97c874eab6..fa72f2eac2d 100644 --- a/libcontainer/cgroups/cgroups.go +++ b/libcontainer/cgroups/cgroups.go @@ -12,7 +12,8 @@ var ( ErrDevicesUnsupported = errors.New("cgroup manager is not configured to set device rules") // DevicesSetV1 and DevicesSetV2 are functions to set devices for - // cgroup v1 and v2, respectively. Unless libcontainer/cgroups/devices + // cgroup v1 and v2, respectively. Unless + // [github.com/opencontainers/runc/libcontainer/cgroups/devices] // package is imported, it is set to nil, so cgroup managers can't // manage devices. DevicesSetV1 func(path string, r *configs.Resources) error diff --git a/libcontainer/cgroups/systemd/common.go b/libcontainer/cgroups/systemd/common.go index 3e1a9a833e8..ed2f4110f4e 100644 --- a/libcontainer/cgroups/systemd/common.go +++ b/libcontainer/cgroups/systemd/common.go @@ -33,6 +33,11 @@ var ( isRunningSystemdOnce sync.Once isRunningSystemd bool + // GenerateDeviceProps is a function to generate systemd device + // properties, used by Set methods. Unless + // [github.com/opencontainers/runc/libcontainer/cgroups/devices] + // package is imported, it is set to nil, so cgroup managers can't + // configure devices. GenerateDeviceProps func(r *configs.Resources, sdVer int) ([]systemdDbus.Property, error) ) diff --git a/libcontainer/factory_linux.go b/libcontainer/factory_linux.go index bc682f23ed8..b13f8bf9bb3 100644 --- a/libcontainer/factory_linux.go +++ b/libcontainer/factory_linux.go @@ -9,8 +9,6 @@ import ( securejoin "github.com/cyphar/filepath-securejoin" "golang.org/x/sys/unix" - //nolint:revive // Enable cgroup manager to manage devices - _ "github.com/opencontainers/runc/libcontainer/cgroups/devices" "github.com/opencontainers/runc/libcontainer/cgroups/manager" "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/configs/validate" diff --git a/main.go b/main.go index 56a6066f8c5..cac34ce0346 100644 --- a/main.go +++ b/main.go @@ -10,6 +10,8 @@ import ( "strconv" "strings" + //nolint:revive // Enable cgroup manager to manage devices + _ "github.com/opencontainers/runc/libcontainer/cgroups/devices" "github.com/opencontainers/runc/libcontainer/seccomp" "github.com/opencontainers/runtime-spec/specs-go" From 30dc98f5770c2179bce6d3d34d168a95262338aa Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Fri, 15 Dec 2023 10:32:27 +0900 Subject: [PATCH 0542/1176] CI: run apt with -y Signed-off-by: Akihiro Suda --- .github/workflows/test.yml | 6 +++--- .github/workflows/validate.yml | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 3fdaa3fc546..362f76ee635 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -67,13 +67,13 @@ jobs: curl -fSsLl $REPO/Release.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/devel_tools_criu.gpg > /dev/null echo "deb $REPO/ /" | sudo tee /etc/apt/sources.list.d/criu.list sudo apt update - sudo apt install libseccomp-dev criu sshfs + sudo apt -y install libseccomp-dev criu sshfs - name: install deps (criu ${{ matrix.criu }}) if: matrix.criu != '' run: | sudo apt -q update - sudo apt -q install libseccomp-dev sshfs \ + sudo apt -qy install libseccomp-dev sshfs \ libcap-dev libnet1-dev libnl-3-dev \ libprotobuf-c-dev libprotobuf-dev protobuf-c-compiler protobuf-compiler git clone https://github.com/checkpoint-restore/criu.git ~/criu @@ -151,7 +151,7 @@ jobs: sudo add-apt-repository -y ppa:criu/ppa # apt-add-repository runs apt update so we don't have to. - sudo apt -q install libseccomp-dev libseccomp-dev:i386 gcc-multilib libgcc-s1:i386 criu + sudo apt -qy install libseccomp-dev libseccomp-dev:i386 gcc-multilib libgcc-s1:i386 criu - name: install go uses: actions/setup-go@v5 diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index c28094cec31..ca468223fc7 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -38,7 +38,7 @@ jobs: - name: install deps run: | sudo apt -q update - sudo apt -q install libseccomp-dev + sudo apt -qy install libseccomp-dev - uses: golangci/golangci-lint-action@v4 with: version: v1.54 @@ -153,7 +153,7 @@ jobs: - name: install deps run: | sudo apt -qq update - sudo apt -qq install indent + sudo apt -qqy install indent - name: cfmt run: | make cfmt From 053f6a0dca214138ba5e14f5a73a038809d86d20 Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Fri, 15 Dec 2023 11:23:01 +0900 Subject: [PATCH 0543/1176] seccomp_syscall_test1: use ftruncate instead of kcmp kcmp is often missing: https://man7.org/linux/man-pages/man2/kcmp.2.html > Before Linux 5.12, this system call is available only if the > kernel is configured with CONFIG_CHECKPOINT_RESTORE, since the > original purpose of the system call was for the > checkpoint/restore in user space (CRIU) feature. (The > alternative to this system call would have been to expose > suitable process information via the proc(5) filesystem; this was > deemed to be unsuitable for security reasons.) Since Linux 5.12, > this system call is also available if the kernel is configured > with CONFIG_KCMP. Signed-off-by: Akihiro Suda --- tests/integration/testdata/seccomp_syscall_test1.c | 8 ++++---- tests/integration/testdata/seccomp_syscall_test1.json | 7 +++---- 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/tests/integration/testdata/seccomp_syscall_test1.c b/tests/integration/testdata/seccomp_syscall_test1.c index d62598a209d..856dc25b8db 100644 --- a/tests/integration/testdata/seccomp_syscall_test1.c +++ b/tests/integration/testdata/seccomp_syscall_test1.c @@ -57,10 +57,10 @@ int main(void) syscall_assert(raw(process_vm_writev, 0, NULL, 0, NULL, 0, ~0), -EPERM); // Multiple arguments with AND rules. - syscall_assert(raw(kcmp, 0, 1337, 0, 0, 0), -ESRCH); - syscall_assert(raw(kcmp, 0, 0, 0, 0, 0), -EPERM); - syscall_assert(raw(kcmp, 500, 1337, 0, 0, 0), -EPERM); - syscall_assert(raw(kcmp, 500, 500, 0, 0, 0), -EPERM); + syscall_assert(raw(ftruncate, 123456789, 1337), -EBADF); + syscall_assert(raw(ftruncate, 123456789, 0), -EPERM); + syscall_assert(raw(ftruncate, 500, 1337), -EPERM); + syscall_assert(raw(ftruncate, 500, 500), -EPERM); // Multiple rules for the same syscall. syscall_assert(raw(dup3, 0, -100, 0xFFFF), -EPERM); diff --git a/tests/integration/testdata/seccomp_syscall_test1.json b/tests/integration/testdata/seccomp_syscall_test1.json index c48ceae7e1d..9e8e8aec44e 100644 --- a/tests/integration/testdata/seccomp_syscall_test1.json +++ b/tests/integration/testdata/seccomp_syscall_test1.json @@ -79,8 +79,6 @@ "fstatfs", "fstatfs64", "fsync", - "ftruncate", - "ftruncate64", "futex", "futex_time64", "futimesat", @@ -380,12 +378,13 @@ { "action": "SCMP_ACT_ALLOW", "names": [ - "kcmp" + "ftruncate", + "ftruncate64" ], "args": [ { "index": 0, - "value": 0, + "value": 123456789, "op": "SCMP_CMP_EQ" }, { From d618c6fe84e0dc4eef5f94e66e82408257a37874 Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Fri, 15 Dec 2023 12:45:03 +0900 Subject: [PATCH 0544/1176] cgroups.bats: check cgroups_io_weight Signed-off-by: Akihiro Suda --- tests/integration/cgroups.bats | 2 +- tests/integration/helpers.bash | 16 ++++++++++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/tests/integration/cgroups.bats b/tests/integration/cgroups.bats index 790108ba0b4..a9c2ea4856f 100644 --- a/tests/integration/cgroups.bats +++ b/tests/integration/cgroups.bats @@ -132,7 +132,7 @@ function setup() { } @test "runc run (blkio weight)" { - requires cgroups_v2 + requires cgroups_v2 cgroups_io_weight [ $EUID -ne 0 ] && requires rootless_cgroup set_cgroups_path diff --git a/tests/integration/helpers.bash b/tests/integration/helpers.bash index 6b836f15d41..bd38a75d483 100755 --- a/tests/integration/helpers.bash +++ b/tests/integration/helpers.bash @@ -472,6 +472,22 @@ function requires() { skip_me=1 fi ;; + cgroups_io_weight) + local p f1 f2 + init_cgroup_paths + if [ -v CGROUP_V1 ]; then + p="$CGROUP_CPU_BASE_PATH" + f1="blkio.weight" + f2="blkio.bfq.weight" + elif [ -v CGROUP_V2 ]; then + p="$CGROUP_BASE_PATH" + f1="io.weight" + f2="io.bfq.weight" + fi + if [ -z "$(find "$p" -type f \( -name "$f1" -o -name "$f2" \) -print -quit)" ]; then + skip_me=1 + fi + ;; cgroupns) if [ ! -e "/proc/self/ns/cgroup" ]; then skip_me=1 From 758b2e2bda24bd7c6cefb45c0026f81365038f7e Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Fri, 15 Dec 2023 12:52:28 +0900 Subject: [PATCH 0545/1176] helpers.bats: cgroups_cpu_burst: check kernel version On cgroup v2, cpu burst needs kernel >= 5.14 https://github.com/torvalds/linux/commit/f4183717b370ad28dd0c0d74760142b20e6e7931 Signed-off-by: Akihiro Suda --- tests/integration/helpers.bash | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/integration/helpers.bash b/tests/integration/helpers.bash index bd38a75d483..4de319018be 100755 --- a/tests/integration/helpers.bash +++ b/tests/integration/helpers.bash @@ -465,6 +465,8 @@ function requires() { p="$CGROUP_CPU_BASE_PATH" f="cpu.cfs_burst_us" elif [ -v CGROUP_V2 ]; then + # https://github.com/torvalds/linux/commit/f4183717b370ad28dd0c0d74760142b20e6e7931 + requires_kernel 5.14 p="$CGROUP_BASE_PATH" f="cpu.max.burst" fi From 00238f5d2b1236fb4e708ba111cfa3e646a30e70 Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Tue, 12 Dec 2023 20:12:23 +0900 Subject: [PATCH 0546/1176] CI: add actuated-arm64 See . Thanks to Alex Ellis, Ampere Computing, and Equinix. Host information: * CPU: aarch64 (ARMv8) * Kernel: 5.10.201 * Lacks ~CONFIG_CHECKPOINT_RESTORE~, CONFIG_BLK_CGROUP_IOCOST, etc. * Cgroup: v2 * OS: Ubuntu 22.04 * Lacks newuidmap, newgidmap, etc. (still apt-gettable) * sshd is not running vmmeter is added from: https://gist.github.com/alexellis/1f33e581c75e11e161fe613c46180771#file-metering-gha-md Signed-off-by: Akihiro Suda --- .github/workflows/test.yml | 79 ++++++++++++++++++++++++++++++++++---- README.md | 1 + 2 files changed, 73 insertions(+), 7 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 362f76ee635..33286b1b0ae 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -23,7 +23,7 @@ jobs: strategy: fail-fast: false matrix: - os: [ubuntu-20.04, ubuntu-22.04] + os: [ubuntu-20.04, ubuntu-22.04, actuated-arm64-6cpu-8gb] go-version: [1.20.x, 1.21.x] rootless: ["rootless", ""] race: ["-race", ""] @@ -50,15 +50,81 @@ jobs: rootless: rootless - dmz: runc_nodmz race: -race + - go-version: 1.20.x + os: actuated-arm64-6cpu-8gb + - race: "-race" + os: actuated-arm64-6cpu-8gb + - criu: criu-dev + os: actuated-arm64-6cpu-8gb + - dmz: runc_nodmz + os: actuated-arm64-6cpu-8gb + runs-on: ${{ matrix.os }} steps: +# https://gist.github.com/alexellis/1f33e581c75e11e161fe613c46180771#file-metering-gha-md +# vmmeter start + - name: Prepare arkade + uses: alexellis/arkade-get@master + if: matrix.os == 'actuated-arm64-6cpu-8gb' + with: + crane: latest + print-summary: false + + - name: Install vmmeter + if: matrix.os == 'actuated-arm64-6cpu-8gb' + run: | + crane export --platform linux/arm64 ghcr.io/openfaasltd/vmmeter:latest | sudo tar -xvf - -C /usr/local/bin + + - name: Run vmmeter + uses: self-actuated/vmmeter-action@master + if: matrix.os == 'actuated-arm64-6cpu-8gb' +# vmmeter end - name: checkout uses: actions/checkout@v4 + - name: Show host info + run: | + set -x + # Sync `set -x` outputs with command ouputs + exec 2>&1 + # Version + uname -a + cat /etc/os-release + # Hardware + cat /proc/cpuinfo + free -mt + # cgroup + ls -F /sys/fs/cgroup + cat /proc/self/cgroup + if [ -e /sys/fs/cgroup/cgroup.controllers ]; then + cat /sys/fs/cgroup/cgroup.controllers + cat /sys/fs/cgroup/cgroup.subtree_control + ls -F /sys/fs/cgroup$(grep -oP '0::\K.*' /proc/self/cgroup) + fi + # kernel config + script/check-config.sh + + - name: start sshd (used for testing rootless with systemd user session) + if: ${{ matrix.os == 'actuated-arm64-6cpu-8gb' && matrix.rootless == 'rootless' }} + run: | + # Generate new keys to fix "sshd: no hostkeys available -- exiting." + sudo ssh-keygen -A + if ! sudo systemctl start ssh.service; then + sudo journalctl -xeu ssh.service + exit 1 + fi + ps auxw | grep sshd + - name: install deps - if: matrix.criu == '' + run: | + sudo apt update + sudo apt -y install libseccomp-dev sshfs uidmap + + - name: install CRIU + # TODO: enable CRIU for actuated: https://github.com/opencontainers/runc/pull/4142#issuecomment-1945408382 + if: ${{ matrix.os != 'actuated-arm64-6cpu-8gb' && matrix.criu == '' }} env: PREFIX: https://download.opensuse.org/repositories/devel:/tools:/criu/xUbuntu run: | @@ -67,13 +133,12 @@ jobs: curl -fSsLl $REPO/Release.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/devel_tools_criu.gpg > /dev/null echo "deb $REPO/ /" | sudo tee /etc/apt/sources.list.d/criu.list sudo apt update - sudo apt -y install libseccomp-dev criu sshfs + sudo apt -y install criu - - name: install deps (criu ${{ matrix.criu }}) - if: matrix.criu != '' + - name: install CRIU (criu ${{ matrix.criu }}) + if: ${{ matrix.os != 'actuated-arm64-6cpu-8gb' && matrix.criu != '' }} run: | - sudo apt -q update - sudo apt -qy install libseccomp-dev sshfs \ + sudo apt -qy install \ libcap-dev libnet1-dev libnl-3-dev \ libprotobuf-c-dev libprotobuf-dev protobuf-c-compiler protobuf-compiler git clone https://github.com/checkpoint-restore/criu.git ~/criu diff --git a/README.md b/README.md index 91bebb637ba..6d8ac4d47ca 100644 --- a/README.md +++ b/README.md @@ -6,6 +6,7 @@ [![gha/validate](https://github.com/opencontainers/runc/workflows/validate/badge.svg)](https://github.com/opencontainers/runc/actions?query=workflow%3Avalidate) [![gha/ci](https://github.com/opencontainers/runc/workflows/ci/badge.svg)](https://github.com/opencontainers/runc/actions?query=workflow%3Aci) [![CirrusCI](https://api.cirrus-ci.com/github/opencontainers/runc.svg)](https://cirrus-ci.com/github/opencontainers/runc) +Arm CI sponsored by Actuated ## Introduction From e5c82f00e17bb8bdbea46414d6e563905df6c631 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 24 Apr 2024 17:23:43 -0700 Subject: [PATCH 0547/1176] tests/int/checkpoint: rm double logging Since commit c77aaa3f the tail of criu.log is printed by runc, so there's no need to do the same thing in tests. Related to 3711, 3816. Signed-off-by: Kir Kolyshkin --- tests/integration/checkpoint.bats | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/tests/integration/checkpoint.bats b/tests/integration/checkpoint.bats index de3647b23d0..c26a2387c43 100644 --- a/tests/integration/checkpoint.bats +++ b/tests/integration/checkpoint.bats @@ -89,8 +89,6 @@ function runc_restore_with_pipes() { echo "__runc restore $name failed (status: $ret)" exec {err_w}>&- cat <&${err_r} - echo "CRIU log errors (if any):" - grep -B 5 Error "$workdir"/*.log ./image-dir/*.log || true fail "runc restore failed" fi @@ -110,7 +108,6 @@ function simple_cr() { for _ in $(seq 2); do # checkpoint the running container runc "$@" checkpoint --work-path ./work-dir test_busybox - grep -B 5 Error ./work-dir/dump.log || true [ "$status" -eq 0 ] # after checkpoint busybox is no longer running @@ -118,7 +115,6 @@ function simple_cr() { # restore from checkpoint runc "$@" restore -d --work-path ./work-dir --console-socket "$CONSOLE_SOCKET" test_busybox - grep -B 5 Error ./work-dir/restore.log || true [ "$status" -eq 0 ] # busybox should be back up and running @@ -188,7 +184,6 @@ function simple_cr() { mkdir image-dir mkdir work-dir runc checkpoint --parent-path ../parent-dir --work-path ./work-dir --image-path ./image-dir test_busybox - grep -B 5 Error ./work-dir/dump.log || true [ "$status" -eq 0 ] # check parent path is valid @@ -240,8 +235,6 @@ function simple_cr() { exec {lazy_w}>&- # shellcheck disable=SC2116,SC2086 out=$(echo $out) # rm newlines - # show errors if there are any before we fail - grep -B5 Error ./work-dir/dump.log || true # expecting \0 which od prints as [ "$out" = "0000000 000000 0000001" ] @@ -302,7 +295,6 @@ function simple_cr() { # checkpoint the running container; this automatically tells CRIU to # handle the network namespace defined in config.json as an external runc checkpoint --work-path ./work-dir test_busybox - grep -B 5 Error ./work-dir/dump.log || true [ "$status" -eq 0 ] # after checkpoint busybox is no longer running @@ -310,7 +302,6 @@ function simple_cr() { # restore from checkpoint; this should restore the container into the existing network namespace runc restore -d --work-path ./work-dir --console-socket "$CONSOLE_SOCKET" test_busybox - grep -B 5 Error ./work-dir/restore.log || true [ "$status" -eq 0 ] # busybox should be back up and running @@ -353,7 +344,6 @@ function simple_cr() { # checkpoint the running container runc checkpoint --work-path ./work-dir test_busybox - grep -B 5 Error ./work-dir/dump.log || true [ "$status" -eq 0 ] run ! test -f ./work-dir/"$tmplog1" test -f ./work-dir/"$tmplog2" @@ -364,7 +354,6 @@ function simple_cr() { test -f ./work-dir/"$tmplog2" && unlink ./work-dir/"$tmplog2" # restore from checkpoint runc restore -d --work-path ./work-dir --console-socket "$CONSOLE_SOCKET" test_busybox - grep -B 5 Error ./work-dir/restore.log || true [ "$status" -eq 0 ] run ! test -f ./work-dir/"$tmplog1" test -f ./work-dir/"$tmplog2" @@ -398,7 +387,6 @@ function simple_cr() { # checkpoint the running container runc checkpoint --work-path ./work-dir test_busybox - grep -B 5 Error ./work-dir/dump.log || true [ "$status" -eq 0 ] # after checkpoint busybox is no longer running @@ -410,7 +398,6 @@ function simple_cr() { # restore from checkpoint runc restore -d --work-path ./work-dir --console-socket "$CONSOLE_SOCKET" test_busybox - grep -B 5 Error ./work-dir/restore.log || true [ "$status" -eq 0 ] # busybox should be back up and running @@ -430,7 +417,6 @@ function simple_cr() { test -d "$orig_path" runc checkpoint --work-path ./work-dir --manage-cgroups-mode ignore test_busybox - grep -B 5 Error ./work-dir/dump.log || true [ "$status" -eq 0 ] testcontainer test_busybox checkpointed # Check that the cgroup is gone. @@ -440,7 +426,6 @@ function simple_cr() { set_cgroups_path # Changes the path. runc restore -d --manage-cgroups-mode ignore --pid-file pid \ --work-path ./work-dir --console-socket "$CONSOLE_SOCKET" test_busybox - grep -B 5 Error ./work-dir/restore.log || true [ "$status" -eq 0 ] testcontainer test_busybox running From f6b7167bc568e5eb69eefb3c80a085e1e09fe2b7 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 24 Apr 2024 18:51:30 -0700 Subject: [PATCH 0548/1176] tests/int/checkpoint: add requires criu_feature_xxx 1. A few tests use "criu check --feature" to check for a specific feature. Let's generalize it. 2. Fix "checkpoint --pre-dump and restore" test to require memory tracking (which is missing on ARM). Signed-off-by: Kir Kolyshkin --- tests/integration/checkpoint.bats | 17 ++++++++--------- tests/integration/helpers.bash | 6 ++++++ 2 files changed, 14 insertions(+), 9 deletions(-) diff --git a/tests/integration/checkpoint.bats b/tests/integration/checkpoint.bats index de3647b23d0..b4837d0598e 100644 --- a/tests/integration/checkpoint.bats +++ b/tests/integration/checkpoint.bats @@ -173,6 +173,10 @@ function simple_cr() { } @test "checkpoint --pre-dump and restore" { + # Requires kernel dirty memory tracking (missing on ARM, see + # https://github.com/checkpoint-restore/criu/issues/1729). + requires criu_feature_mem_dirty_track + setup_pipes runc_run_with_pipes test_busybox @@ -202,10 +206,8 @@ function simple_cr() { } @test "checkpoint --lazy-pages and restore" { - # check if lazy-pages is supported - if ! criu check --feature uffd-noncoop; then - skip "this criu does not support lazy migration" - fi + # Requires lazy-pages support. + requires criu_feature_uffd-noncoop setup_pipes runc_run_with_pipes test_busybox @@ -274,11 +276,8 @@ function simple_cr() { } @test "checkpoint and restore in external network namespace" { - # check if external_net_ns is supported; only with criu 3.10++ - if ! criu check --feature external_net_ns; then - # this criu does not support external_net_ns; skip the test - skip "this criu does not support external network namespaces" - fi + # Requires external network namespaces (criu >= 3.10). + requires criu_feature_external_net_ns # create a temporary name for the test network namespace tmp=$(mktemp) diff --git a/tests/integration/helpers.bash b/tests/integration/helpers.bash index 4de319018be..e1d2a80af84 100755 --- a/tests/integration/helpers.bash +++ b/tests/integration/helpers.bash @@ -407,6 +407,12 @@ function requires() { skip_me=1 fi ;; + criu_feature_*) + var=${var#criu_feature_} + if ! criu check --feature "$var"; then + skip "requires CRIU feature ${var}" + fi + ;; root) if [ $EUID -ne 0 ]; then skip_me=1 From baba55e278bce2aae55b7a07aa4dc91f6ff07a58 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 24 Apr 2024 17:31:14 -0700 Subject: [PATCH 0549/1176] ci/actuated: re-enable CRIU tests They were failing earlier but are working now. This includes a fix to criu repo path assignment so it works for actuated case. Signed-off-by: Kir Kolyshkin --- .github/workflows/test.yml | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 33286b1b0ae..e9fe1d8ffba 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -123,20 +123,18 @@ jobs: sudo apt -y install libseccomp-dev sshfs uidmap - name: install CRIU - # TODO: enable CRIU for actuated: https://github.com/opencontainers/runc/pull/4142#issuecomment-1945408382 - if: ${{ matrix.os != 'actuated-arm64-6cpu-8gb' && matrix.criu == '' }} + if: ${{ matrix.criu == '' }} env: PREFIX: https://download.opensuse.org/repositories/devel:/tools:/criu/xUbuntu run: | - # criu repo - REPO=${PREFIX}_$(echo ${{ matrix.os }} | sed 's/.*-//') + REPO=${PREFIX}_$(. /etc/os-release && echo $VERSION_ID) curl -fSsLl $REPO/Release.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/devel_tools_criu.gpg > /dev/null echo "deb $REPO/ /" | sudo tee /etc/apt/sources.list.d/criu.list sudo apt update sudo apt -y install criu - name: install CRIU (criu ${{ matrix.criu }}) - if: ${{ matrix.os != 'actuated-arm64-6cpu-8gb' && matrix.criu != '' }} + if: ${{ matrix.criu != '' }} run: | sudo apt -qy install \ libcap-dev libnet1-dev libnl-3-dev \ From 6bcc73612281bcceac892375fdd68ed298cedd15 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 25 Apr 2024 08:25:02 -0700 Subject: [PATCH 0550/1176] ci/gha: bump golangci/golangci-lint-action to v5 Since v5 removes caching [1], re-enable setup-go cache. [1] https://github.com/golangci/golangci-lint-action/pull/1024 Signed-off-by: Kir Kolyshkin --- .github/workflows/validate.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index ca468223fc7..b4d43811c78 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -34,12 +34,11 @@ jobs: - uses: actions/setup-go@v5 with: go-version: "${{ env.GO_VERSION }}" - cache: false # golangci-lint-action does its own caching - name: install deps run: | sudo apt -q update sudo apt -qy install libseccomp-dev - - uses: golangci/golangci-lint-action@v4 + - uses: golangci/golangci-lint-action@v5 with: version: v1.54 # Extra linters, only checking new code from a pull request. From 0eb8bb5f6683851cbd7ee2485238101827ac3eac Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 25 Apr 2024 08:38:49 -0700 Subject: [PATCH 0551/1176] Format sources with gofumpt v0.6 Signed-off-by: Kir Kolyshkin --- libcontainer/init_linux.go | 1 - 1 file changed, 1 deletion(-) diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go index 591981e9874..bd89b253d5a 100644 --- a/libcontainer/init_linux.go +++ b/libcontainer/init_linux.go @@ -399,7 +399,6 @@ func setupConsole(socket *os.File, config *initConfig, mount bool) error { Height: config.ConsoleHeight, Width: config.ConsoleWidth, }) - if err != nil { return err } From d63018c2524e1767b6f3b55046f6e748139e0cc2 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 25 Apr 2024 08:28:45 -0700 Subject: [PATCH 0552/1176] ci/gha: bump golangci-lint to v1.57 Signed-off-by: Kir Kolyshkin --- .github/workflows/validate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index b4d43811c78..5e131916dac 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -40,7 +40,7 @@ jobs: sudo apt -qy install libseccomp-dev - uses: golangci/golangci-lint-action@v5 with: - version: v1.54 + version: v1.57 # Extra linters, only checking new code from a pull request. - name: lint-extra if: github.event_name == 'pull_request' From 8732eada627458f29f88926532d2cc9b612a638f Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 25 Apr 2024 10:49:02 -0700 Subject: [PATCH 0553/1176] Vagrantfile.fedora: bump Fedora to 39 Signed-off-by: Kir Kolyshkin --- Vagrantfile.fedora | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Vagrantfile.fedora b/Vagrantfile.fedora index 9b4f6d72687..f8931804df2 100644 --- a/Vagrantfile.fedora +++ b/Vagrantfile.fedora @@ -3,7 +3,7 @@ Vagrant.configure("2") do |config| # Fedora box is used for testing cgroup v2 support - config.vm.box = "fedora/38-cloud-base" + config.vm.box = "fedora/39-cloud-base" config.vm.provider :virtualbox do |v| v.memory = 2048 v.cpus = 2 From 6bf1d3adbecc5d429a02d13cdd98c87021f373dd Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 25 Apr 2024 18:13:25 -0700 Subject: [PATCH 0554/1176] tests/int/tty: increase the timeout Earlier, commit fce8dd4d already increased this timeout from 1 to 5 seconds. Yet, I just saw this timeout being hit in actuated-arm CI. Increase the timeout again, this time from 5 to 50 (100 * 0.5) seconds. Also, use wait_pids_gone, and improve some comments. Signed-off-by: Kir Kolyshkin --- tests/integration/tty.bats | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/tests/integration/tty.bats b/tests/integration/tty.bats index 6f008e5f7ab..c95c19a1eea 100644 --- a/tests/integration/tty.bats +++ b/tests/integration/tty.bats @@ -171,15 +171,13 @@ function teardown() { EOF ) - # run the exec + # Run the detached exec. runc exec -t --pid-file pid.txt -d --console-socket "$CONSOLE_SOCKET" -p <(echo "$tty_info_with_consize_size") test_busybox [ "$status" -eq 0 ] - - # check the pid was generated [ -e pid.txt ] - # wait for the process to finish - timeout 5 tail --pid="$(head -n 1 pid.txt)" -f /dev/null + # Wait for the exec to finish. + wait_pids_gone 100 0.5 "$(cat pid.txt)" tty_info=$( cat < Date: Thu, 25 Apr 2024 15:54:24 -0700 Subject: [PATCH 0555/1176] libct/cg/fs: don't write cpu_burst twice on ENOENT If CPU burst knob is non-existent, the current implementation (added in commit e1584831) still tries to set it again after setting the new CPU quota, which is useless (and we have to ignore ENOENT again). Fix this. Signed-off-by: Kir Kolyshkin --- libcontainer/cgroups/fs/cpu.go | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/libcontainer/cgroups/fs/cpu.go b/libcontainer/cgroups/fs/cpu.go index 727f7f9184f..fbbb8f34eef 100644 --- a/libcontainer/cgroups/fs/cpu.go +++ b/libcontainer/cgroups/fs/cpu.go @@ -89,9 +89,11 @@ func (s *CpuGroup) Set(path string, r *configs.Resources) error { if r.CpuBurst != nil { burst = strconv.FormatUint(*r.CpuBurst, 10) if err := cgroups.WriteFile(path, "cpu.cfs_burst_us", burst); err != nil { - // this is a special trick for burst feature, the current systemd and low version of kernel will not support it. - // So, an `no such file or directory` error would be raised, and we can ignore it . - if !errors.Is(err, unix.ENOENT) { + if errors.Is(err, unix.ENOENT) { + // If CPU burst knob is not available (e.g. + // older kernel), ignore it. + burst = "" + } else { // Sometimes when the burst to be set is larger // than the current one, it is rejected by the kernel // (EINVAL) as old_quota/new_burst exceeds the parent @@ -117,9 +119,7 @@ func (s *CpuGroup) Set(path string, r *configs.Resources) error { } if burst != "" { if err := cgroups.WriteFile(path, "cpu.cfs_burst_us", burst); err != nil { - if !errors.Is(err, unix.ENOENT) { - return err - } + return err } } } From 75e02193c24db0c14c4bebafec7c47a3a24147e7 Mon Sep 17 00:00:00 2001 From: lifubang Date: Sat, 30 Mar 2024 23:34:56 +0800 Subject: [PATCH 0556/1176] use go mod instead of go get in spec.bats Signed-off-by: lifubang --- tests/integration/spec.bats | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/integration/spec.bats b/tests/integration/spec.bats index 8091ba339a5..999e3b8c940 100644 --- a/tests/integration/spec.bats +++ b/tests/integration/spec.bats @@ -31,11 +31,11 @@ function teardown() { git clone https://github.com/opencontainers/runtime-spec.git (cd runtime-spec && git reset --hard "$SPEC_REF") - SCHEMA='runtime-spec/schema/config-schema.json' - [ -e "$SCHEMA" ] - GO111MODULE=auto go get github.com/xeipuuv/gojsonschema - GO111MODULE=auto go build runtime-spec/schema/validate.go + cd runtime-spec/schema + go mod init runtime-spec + go mod tidy + go build ./validate.go - ./validate "$SCHEMA" config.json + ./validate config-schema.json ../../config.json } From 9d9273c926450a2f6f658768e3238b7082ec878d Mon Sep 17 00:00:00 2001 From: Akhil Mohan Date: Sun, 5 May 2024 16:52:37 +0530 Subject: [PATCH 0557/1176] allow overriding VERSION value in Makefile this allows using a custom version string while building runc without modifying the VERSION file Signed-off-by: Akhil Mohan --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index eb57ba947ba..a669fa6735a 100644 --- a/Makefile +++ b/Makefile @@ -18,7 +18,7 @@ BUILDTAGS ?= seccomp urfave_cli_no_docs BUILDTAGS += $(EXTRA_BUILDTAGS) COMMIT ?= $(shell git describe --dirty --long --always) -VERSION := $(shell cat ./VERSION) +VERSION ?= $(shell cat ./VERSION) LDFLAGS_COMMON := -X main.gitCommit=$(COMMIT) -X main.version=$(VERSION) GOARCH := $(shell $(GO) env GOARCH) From dbd0c3349f7aab94563f9d6950e558ea547911f8 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 3 May 2024 12:12:46 -0700 Subject: [PATCH 0558/1176] libct/system: rm Execv This is not used since commit dac41717. Signed-off-by: Kir Kolyshkin --- libcontainer/system/linux.go | 9 --------- 1 file changed, 9 deletions(-) diff --git a/libcontainer/system/linux.go b/libcontainer/system/linux.go index 0b3b4da33d7..368364baf04 100644 --- a/libcontainer/system/linux.go +++ b/libcontainer/system/linux.go @@ -7,7 +7,6 @@ import ( "fmt" "io" "os" - "os/exec" "strconv" "syscall" "unsafe" @@ -36,14 +35,6 @@ func (p ParentDeathSignal) Set() error { return SetParentDeathSignal(uintptr(p)) } -func Execv(cmd string, args []string, env []string) error { - name, err := exec.LookPath(cmd) - if err != nil { - return err - } - return Exec(name, args, env) -} - func Exec(cmd string, args []string, env []string) error { for { err := unix.Exec(cmd, args, env) From bac506463d48faca55baefbeb0e9ec7068088ad3 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 3 May 2024 12:15:58 -0700 Subject: [PATCH 0559/1176] libct: fix a comment Do not refer to the function which was removed. Signed-off-by: Kir Kolyshkin --- libcontainer/standard_init_linux.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libcontainer/standard_init_linux.go b/libcontainer/standard_init_linux.go index 4447032cf59..4b7aa677509 100644 --- a/libcontainer/standard_init_linux.go +++ b/libcontainer/standard_init_linux.go @@ -167,7 +167,7 @@ func (l *linuxStandardInit) Init() error { } } - // Tell our parent that we're ready to Execv. This must be done before the + // Tell our parent that we're ready to exec. This must be done before the // Seccomp rules have been applied, because we need to be able to read and // write to a socket. if err := syncParentReady(l.pipe); err != nil { From f452f667c0861ba19460dbaea47e8f81e63262e1 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 7 May 2024 14:22:59 -0700 Subject: [PATCH 0560/1176] ci/gha: bump golangci-lint-action from 5 to 6 Note that github-actions output format is deprecated and no longer supported, and it is also no longer needed since setup-go problem matcher already handles default golangci-lint output format ("colored-line-number"). Signed-off-by: Kir Kolyshkin --- .github/workflows/validate.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 5e131916dac..fc15d375a71 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -38,14 +38,14 @@ jobs: run: | sudo apt -q update sudo apt -qy install libseccomp-dev - - uses: golangci/golangci-lint-action@v5 + - uses: golangci/golangci-lint-action@v6 with: version: v1.57 # Extra linters, only checking new code from a pull request. - name: lint-extra if: github.event_name == 'pull_request' run: | - golangci-lint run --config .golangci-extra.yml --new-from-rev=HEAD~1 --out-format=github-actions + golangci-lint run --config .golangci-extra.yml --new-from-rev=HEAD~1 compile-buildtags: runs-on: ubuntu-22.04 From a853a82677daf631d472b5c842d4182135cd1813 Mon Sep 17 00:00:00 2001 From: lifubang Date: Tue, 30 Apr 2024 23:41:36 +0800 Subject: [PATCH 0561/1176] runc exec: setupRlimits after syscall.rlimit.init() completed Issue: https://github.com/opencontainers/runc/issues/4195 Since https://go-review.googlesource.com/c/go/+/476097, there is a get/set race between runc exec and syscall.rlimit.init, so we need to call setupRlimits after syscall.rlimit.init() completed. Signed-off-by: lifubang --- libcontainer/process_linux.go | 25 +++++++++++++++++-------- libcontainer/setns_init_linux.go | 7 +++++++ 2 files changed, 24 insertions(+), 8 deletions(-) diff --git a/libcontainer/process_linux.go b/libcontainer/process_linux.go index 93c0e313e00..be824962640 100644 --- a/libcontainer/process_linux.go +++ b/libcontainer/process_linux.go @@ -268,20 +268,26 @@ func (p *setnsProcess) start() (retErr error) { } } } - // set rlimits, this has to be done here because we lose permissions - // to raise the limits once we enter a user-namespace - if err := setupRlimits(p.config.Rlimits, p.pid()); err != nil { - return fmt.Errorf("error setting rlimits for process: %w", err) - } + if err := utils.WriteJSON(p.comm.initSockParent, p.config); err != nil { return fmt.Errorf("error writing config to pipe: %w", err) } + var seenProcReady bool ierr := parseSync(p.comm.syncSockParent, func(sync *syncT) error { switch sync.Type { case procReady: - // This shouldn't happen. - panic("unexpected procReady in setns") + seenProcReady = true + // Set rlimits, this has to be done here because we lose permissions + // to raise the limits once we enter a user-namespace + if err := setupRlimits(p.config.Rlimits, p.pid()); err != nil { + return fmt.Errorf("error setting rlimits for ready process: %w", err) + } + + // Sync with child. + if err := writeSync(p.comm.syncSockParent, procRun); err != nil { + return err + } case procHooks: // This shouldn't happen. panic("unexpected procHooks in setns") @@ -340,6 +346,9 @@ func (p *setnsProcess) start() (retErr error) { if err := p.comm.syncSockParent.Shutdown(unix.SHUT_WR); err != nil && ierr == nil { return err } + if !seenProcReady && ierr == nil { + ierr = errors.New("procReady not received") + } // Must be done after Shutdown so the child will exit and we can wait for it. if ierr != nil { _, _ = p.wait() @@ -774,7 +783,7 @@ func (p *initProcess) start() (retErr error) { } case procReady: seenProcReady = true - // set rlimits, this has to be done here because we lose permissions + // Set rlimits, this has to be done here because we lose permissions // to raise the limits once we enter a user-namespace if err := setupRlimits(p.config.Rlimits, p.pid()); err != nil { return fmt.Errorf("error setting rlimits for ready process: %w", err) diff --git a/libcontainer/setns_init_linux.go b/libcontainer/setns_init_linux.go index ba48604d988..18745d658c8 100644 --- a/libcontainer/setns_init_linux.go +++ b/libcontainer/setns_init_linux.go @@ -77,6 +77,13 @@ func (l *linuxSetnsInit) Init() error { } } + // Tell our parent that we're ready to exec. This must be done before the + // Seccomp rules have been applied, because we need to be able to read and + // write to a socket. + if err := syncParentReady(l.pipe); err != nil { + return fmt.Errorf("sync ready: %w", err) + } + if err := selinux.SetExecLabel(l.config.ProcessLabel); err != nil { return err } From da68c8e37b2f281c2105d6f7375d75d84db13a0f Mon Sep 17 00:00:00 2001 From: ls-ggg <335814617@qq.com> Date: Fri, 29 Mar 2024 18:12:08 +0800 Subject: [PATCH 0562/1176] libct: clean cached rlimit nofile in go runtime As reported in issue #4195, the new version(since 1.19) of go runtime will cache rlimit-nofile. Before executing execve, the rlimit-nofile of the process will be restored with the cache. In runc, this will cause the rlimit-nofile set by the parent process for the container to become invalid. It can be solved by clearing the cache. Signed-off-by: ls-ggg <335814617@qq.com> (cherry picked from commit f9f8abf3102e47f2fc3aa45bcd134e957da7de66) Signed-off-by: lifubang --- libcontainer/init_linux.go | 15 +++++++++++++++ libcontainer/setns_init_linux.go | 1 + libcontainer/system/linux.go | 15 +++++++++++++++ 3 files changed, 31 insertions(+) diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go index bd89b253d5a..7e1298c4d16 100644 --- a/libcontainer/init_linux.go +++ b/libcontainer/init_linux.go @@ -223,6 +223,12 @@ func containerInit(t initType, config *initConfig, pipe *syncSocket, consoleSock return err } + // Clean the RLIMIT_NOFILE cache in go runtime. + // Issue: https://github.com/opencontainers/runc/issues/4195 + if containsRlimit(config.Rlimits, unix.RLIMIT_NOFILE) { + system.ClearRlimitNofileCache() + } + switch t { case initSetns: i := &linuxSetnsInit{ @@ -649,6 +655,15 @@ func setupRoute(config *configs.Config) error { return nil } +func containsRlimit(limits []configs.Rlimit, resource int) bool { + for _, rlimit := range limits { + if rlimit.Type == resource { + return true + } + } + return false +} + func setupRlimits(limits []configs.Rlimit, pid int) error { for _, rlimit := range limits { if err := unix.Prlimit(pid, rlimit.Type, &unix.Rlimit{Max: rlimit.Hard, Cur: rlimit.Soft}, nil); err != nil { diff --git a/libcontainer/setns_init_linux.go b/libcontainer/setns_init_linux.go index 18745d658c8..de3a15f6e2f 100644 --- a/libcontainer/setns_init_linux.go +++ b/libcontainer/setns_init_linux.go @@ -49,6 +49,7 @@ func (l *linuxSetnsInit) Init() error { } } } + if l.config.CreateConsole { if err := setupConsole(l.consoleSocket, l.config, false); err != nil { return err diff --git a/libcontainer/system/linux.go b/libcontainer/system/linux.go index 368364baf04..5e24d44e112 100644 --- a/libcontainer/system/linux.go +++ b/libcontainer/system/linux.go @@ -8,6 +8,7 @@ import ( "io" "os" "strconv" + "sync/atomic" "syscall" "unsafe" @@ -15,6 +16,20 @@ import ( "golang.org/x/sys/unix" ) +//go:linkname syscallOrigRlimitNofile syscall.origRlimitNofile +var syscallOrigRlimitNofile atomic.Pointer[syscall.Rlimit] + +// As reported in issue #4195, the new version of go runtime(since 1.19) +// will cache rlimit-nofile. Before executing execve, the rlimit-nofile +// of the process will be restored with the cache. In runc, this will +// cause the rlimit-nofile setting by the parent process for the container +// to become invalid. It can be solved by clearing this cache. But +// unfortunately, go stdlib doesn't provide such function, so we need to +// link to the private var `origRlimitNofile` in package syscall to hack. +func ClearRlimitNofileCache() { + syscallOrigRlimitNofile.Store(nil) +} + type ParentDeathSignal int func (p ParentDeathSignal) Restore() error { From 4ea0bf88fda72a1aeb34d443649b6d3d1e1c6baf Mon Sep 17 00:00:00 2001 From: lifubang Date: Wed, 1 May 2024 00:25:49 +0800 Subject: [PATCH 0563/1176] update/add some tests for rlimit issues: https://github.com/opencontainers/runc/issues/4195 https://github.com/opencontainers/runc/pull/4265#discussion_r1588599809 Signed-off-by: lifubang --- libcontainer/integration/exec_test.go | 6 +- tests/integration/rlimits.bats | 88 +++++++++++++++++++++++++++ 2 files changed, 92 insertions(+), 2 deletions(-) create mode 100644 tests/integration/rlimits.bats diff --git a/libcontainer/integration/exec_test.go b/libcontainer/integration/exec_test.go index 9dd056ad502..5a289ba7cb5 100644 --- a/libcontainer/integration/exec_test.go +++ b/libcontainer/integration/exec_test.go @@ -136,11 +136,13 @@ func testRlimit(t *testing.T, userns bool) { config := newTemplateConfig(t, &tParam{userns: userns}) - // ensure limit is lower than what the config requests to test that in a user namespace + // Ensure limit is lower than what the config requests to test that in a user namespace // the Setrlimit call happens early enough that we still have permissions to raise the limit. + // Do not change the Cur value to be equal to the Max value, please see: + // https://github.com/opencontainers/runc/pull/4265#discussion_r1589666444 ok(t, unix.Setrlimit(unix.RLIMIT_NOFILE, &unix.Rlimit{ Max: 1024, - Cur: 1024, + Cur: 512, })) out := runContainerOk(t, config, "/bin/sh", "-c", "ulimit -n") diff --git a/tests/integration/rlimits.bats b/tests/integration/rlimits.bats new file mode 100644 index 00000000000..356a7871069 --- /dev/null +++ b/tests/integration/rlimits.bats @@ -0,0 +1,88 @@ +#!/usr/bin/env bats + +load helpers + +function setup() { + # Do not change the Cur value to be equal to the Max value + # Because in some environments, the soft and hard nofile limit have the same value. + [ $EUID -eq 0 ] && prlimit --nofile=1024:65536 -p $$ + setup_busybox +} + +function teardown() { + teardown_bundle +} + +# Set and check rlimit_nofile for runc run. Arguments are: +# $1: soft limit; +# $2: hard limit. +function run_check_nofile() { + soft="$1" + hard="$2" + update_config ".process.rlimits = [{\"type\": \"RLIMIT_NOFILE\", \"soft\": ${soft}, \"hard\": ${hard}}]" + update_config '.process.args = ["/bin/sh", "-c", "ulimit -n; ulimit -H -n"]' + + runc run test_rlimit + [ "$status" -eq 0 ] + [[ "${lines[0]}" == "${soft}" ]] + [[ "${lines[1]}" == "${hard}" ]] +} + +# Set and check rlimit_nofile for runc exec. Arguments are: +# $1: soft limit; +# $2: hard limit. +function exec_check_nofile() { + soft="$1" + hard="$2" + update_config ".process.rlimits = [{\"type\": \"RLIMIT_NOFILE\", \"soft\": ${soft}, \"hard\": ${hard}}]" + + runc run -d --console-socket "$CONSOLE_SOCKET" test_rlimit + [ "$status" -eq 0 ] + + runc exec test_rlimit /bin/sh -c "ulimit -n; ulimit -H -n" + [ "$status" -eq 0 ] + [[ "${lines[0]}" == "${soft}" ]] + [[ "${lines[1]}" == "${hard}" ]] +} + +@test "runc run with RLIMIT_NOFILE(The same as system's hard value)" { + hard=$(ulimit -n -H) + soft="$hard" + run_check_nofile "$soft" "$hard" +} + +@test "runc run with RLIMIT_NOFILE(Bigger than system's hard value)" { + requires root + limit=$(ulimit -n -H) + soft=$((limit + 1)) + hard=$soft + run_check_nofile "$soft" "$hard" +} + +@test "runc run with RLIMIT_NOFILE(Smaller than system's hard value)" { + limit=$(ulimit -n -H) + soft=$((limit - 1)) + hard=$soft + run_check_nofile "$soft" "$hard" +} + +@test "runc exec with RLIMIT_NOFILE(The same as system's hard value)" { + hard=$(ulimit -n -H) + soft="$hard" + exec_check_nofile "$soft" "$hard" +} + +@test "runc exec with RLIMIT_NOFILE(Bigger than system's hard value)" { + requires root + limit=$(ulimit -n -H) + soft=$((limit + 1)) + hard=$soft + exec_check_nofile "$soft" "$hard" +} + +@test "runc exec with RLIMIT_NOFILE(Smaller than system's hard value)" { + limit=$(ulimit -n -H) + soft=$((limit - 1)) + hard=$soft + exec_check_nofile "$soft" "$hard" +} From f6a8c9b816927368a7ce96f2451168e562cbdbd3 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 8 May 2024 10:33:04 -0700 Subject: [PATCH 0564/1176] libct: checkCriuFeatures: return underlying error Signed-off-by: Kir Kolyshkin --- libcontainer/criu_linux.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/libcontainer/criu_linux.go b/libcontainer/criu_linux.go index 66178fc16f6..fd3aa530bc3 100644 --- a/libcontainer/criu_linux.go +++ b/libcontainer/criu_linux.go @@ -48,8 +48,7 @@ func (c *Container) checkCriuFeatures(criuOpts *CriuOpts, rpcOpts *criurpc.CriuO err := c.criuSwrk(nil, req, criuOpts, nil) if err != nil { - logrus.Debugf("%s", err) - return errors.New("CRIU feature check failed") + return fmt.Errorf("CRIU feature check failed: %w", err) } var missingFeatures []string From e676dac5238377ae868e5ec0318015e0760d3ea4 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 8 May 2024 11:36:57 -0700 Subject: [PATCH 0565/1176] libct/criu: simplify checkCriuFeatures Since criu 2.12, rpcOpts is not needed when checking criu features. As we requires criu >= 3.0 in Checkpoint, we can remove rpcOpts. Signed-off-by: Kir Kolyshkin --- libcontainer/criu_linux.go | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/libcontainer/criu_linux.go b/libcontainer/criu_linux.go index fd3aa530bc3..fda16bead4c 100644 --- a/libcontainer/criu_linux.go +++ b/libcontainer/criu_linux.go @@ -30,7 +30,7 @@ var criuFeatures *criurpc.CriuFeatures var ErrCriuMissingFeatures = errors.New("criu is missing features") -func (c *Container) checkCriuFeatures(criuOpts *CriuOpts, rpcOpts *criurpc.CriuOpts, criuFeat *criurpc.CriuFeatures) error { +func (c *Container) checkCriuFeatures(criuOpts *CriuOpts, criuFeat *criurpc.CriuFeatures) error { t := criurpc.CriuReqType_FEATURE_CHECK // make sure the features we are looking for are really not from @@ -38,11 +38,7 @@ func (c *Container) checkCriuFeatures(criuOpts *CriuOpts, rpcOpts *criurpc.CriuO criuFeatures = nil req := &criurpc.CriuReq{ - Type: &t, - // Theoretically this should not be necessary but CRIU - // segfaults if Opts is empty. - // Fixed in CRIU 2.12 - Opts: rpcOpts, + Type: &t, Features: criuFeat, } @@ -397,7 +393,7 @@ func (c *Container) Checkpoint(criuOpts *CriuOpts) error { MemTrack: proto.Bool(true), } - if err := c.checkCriuFeatures(criuOpts, &rpcOpts, &feat); err != nil { + if err := c.checkCriuFeatures(criuOpts, &feat); err != nil { return err } @@ -411,7 +407,7 @@ func (c *Container) Checkpoint(criuOpts *CriuOpts) error { feat := criurpc.CriuFeatures{ LazyPages: proto.Bool(true), } - if err := c.checkCriuFeatures(criuOpts, &rpcOpts, &feat); err != nil { + if err := c.checkCriuFeatures(criuOpts, &feat); err != nil { return err } From 62a314656ab6f3b849ab20c0b2ce1336bcdc7f80 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 9 May 2024 13:21:11 -0700 Subject: [PATCH 0566/1176] libct/int/cpt: simplify test pre-check criu check --feature userns also tests for the /proc/self/ns/user presense, so remove the redundant check, and simplify the error message. Signed-off-by: Kir Kolyshkin --- libcontainer/integration/checkpoint_test.go | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/libcontainer/integration/checkpoint_test.go b/libcontainer/integration/checkpoint_test.go index c5426af1983..a62e61b3dbb 100644 --- a/libcontainer/integration/checkpoint_test.go +++ b/libcontainer/integration/checkpoint_test.go @@ -40,12 +40,9 @@ func showFile(t *testing.T, fname string) { } func TestUsernsCheckpoint(t *testing.T) { - if _, err := os.Stat("/proc/self/ns/user"); os.IsNotExist(err) { - t.Skip("Test requires userns.") - } cmd := exec.Command("criu", "check", "--feature", "userns") if err := cmd.Run(); err != nil { - t.Skip("Unable to c/r a container with userns") + t.Skip("Test requires userns") } testCheckpoint(t, true) } From e42d981d6705bb27306e7941cce6e8018f5dfbf0 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 8 May 2024 10:25:31 -0700 Subject: [PATCH 0567/1176] libct/int: rm double logging in checkpoint_test Since commit c77aaa3f the tail of criu log is printed by runc, so there's no need to do the same thing in tests. This also fixes a test failure on ARM where showLog fails (because there's no log file) and thus the conditional t.Skip is not called. Signed-off-by: Kir Kolyshkin --- libcontainer/integration/checkpoint_test.go | 31 --------------------- 1 file changed, 31 deletions(-) diff --git a/libcontainer/integration/checkpoint_test.go b/libcontainer/integration/checkpoint_test.go index a62e61b3dbb..6c3ddf63bd9 100644 --- a/libcontainer/integration/checkpoint_test.go +++ b/libcontainer/integration/checkpoint_test.go @@ -1,7 +1,6 @@ package integration import ( - "bufio" "bytes" "errors" "os" @@ -15,30 +14,6 @@ import ( "golang.org/x/sys/unix" ) -func showFile(t *testing.T, fname string) { - t.Helper() - t.Logf("=== %s ===\n", fname) - - f, err := os.Open(fname) - if err != nil { - t.Log(err) - return - } - defer f.Close() //nolint: errcheck - - scanner := bufio.NewScanner(f) - for scanner.Scan() { - t.Log(scanner.Text()) - } - - if err := scanner.Err(); err != nil { - t.Log(err) - return - } - - t.Logf("=== END ===\n") -} - func TestUsernsCheckpoint(t *testing.T) { cmd := exec.Command("criu", "check", "--feature", "userns") if err := cmd.Run(); err != nil { @@ -106,10 +81,8 @@ func testCheckpoint(t *testing.T, userns bool) { WorkDirectory: parentDir, PreDump: true, } - preDumpLog := filepath.Join(preDumpOpts.WorkDirectory, "dump.log") if err := container.Checkpoint(preDumpOpts); err != nil { - showFile(t, preDumpLog) if errors.Is(err, libcontainer.ErrCriuMissingFeatures) { t.Skip(err) } @@ -130,11 +103,8 @@ func testCheckpoint(t *testing.T, userns bool) { WorkDirectory: imagesDir, ParentImage: "../criu-parent", } - dumpLog := filepath.Join(checkpointOpts.WorkDirectory, "dump.log") - restoreLog := filepath.Join(checkpointOpts.WorkDirectory, "restore.log") if err := container.Checkpoint(checkpointOpts); err != nil { - showFile(t, dumpLog) t.Fatal(err) } @@ -168,7 +138,6 @@ func testCheckpoint(t *testing.T, userns bool) { _ = restoreStdinR.Close() defer restoreStdinW.Close() //nolint: errcheck if err != nil { - showFile(t, restoreLog) t.Fatal(err) } From 36be6d0510e7bd28a160545e23dae52907d0e7e9 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 9 May 2024 14:48:31 -0700 Subject: [PATCH 0568/1176] libct/int: checkpoint test: skip pre-dump if not avail Since we're now testing on ARM, the test case fails when trying to do pre-dump since MemTrack is not available. Skip the pre-dump part if so. This also reverts part of commit 3f4a73d6 as it is no longer needed (now, instead of skipping the whole test, we're just skipping the pre-dump). [Review with --ignore-all-space] Signed-off-by: Kir Kolyshkin --- libcontainer/integration/checkpoint_test.go | 51 +++++++++++---------- 1 file changed, 28 insertions(+), 23 deletions(-) diff --git a/libcontainer/integration/checkpoint_test.go b/libcontainer/integration/checkpoint_test.go index 6c3ddf63bd9..8d4d6fe4751 100644 --- a/libcontainer/integration/checkpoint_test.go +++ b/libcontainer/integration/checkpoint_test.go @@ -2,7 +2,6 @@ package integration import ( "bytes" - "errors" "os" "os/exec" "path/filepath" @@ -14,11 +13,11 @@ import ( "golang.org/x/sys/unix" ) +func criuFeature(feature string) bool { + return exec.Command("criu", "check", "--feature", feature).Run() == nil +} + func TestUsernsCheckpoint(t *testing.T) { - cmd := exec.Command("criu", "check", "--feature", "userns") - if err := cmd.Run(); err != nil { - t.Skip("Test requires userns") - } testCheckpoint(t, true) } @@ -41,6 +40,10 @@ func testCheckpoint(t *testing.T, userns bool) { t.Skip("Test requires criu >= 3.17-4 on CentOS Stream 9.") } + if userns && !criuFeature("userns") { + t.Skip("Test requires userns") + } + config := newTemplateConfig(t, &tParam{userns: userns}) stateDir := t.TempDir() @@ -74,26 +77,28 @@ func testCheckpoint(t *testing.T, userns bool) { ok(t, err) tmp := t.TempDir() + var parentImage string + + // Test pre-dump if mem_dirty_track is available. + if criuFeature("mem_dirty_track") { + parentImage = "../criu-parent" + parentDir := filepath.Join(tmp, "criu-parent") + preDumpOpts := &libcontainer.CriuOpts{ + ImagesDirectory: parentDir, + WorkDirectory: parentDir, + PreDump: true, + } - parentDir := filepath.Join(tmp, "criu-parent") - preDumpOpts := &libcontainer.CriuOpts{ - ImagesDirectory: parentDir, - WorkDirectory: parentDir, - PreDump: true, - } - - if err := container.Checkpoint(preDumpOpts); err != nil { - if errors.Is(err, libcontainer.ErrCriuMissingFeatures) { - t.Skip(err) + if err := container.Checkpoint(preDumpOpts); err != nil { + t.Fatal(err) } - t.Fatal(err) - } - state, err := container.Status() - ok(t, err) + state, err := container.Status() + ok(t, err) - if state != libcontainer.Running { - t.Fatal("Unexpected preDump state: ", state) + if state != libcontainer.Running { + t.Fatal("Unexpected preDump state: ", state) + } } imagesDir := filepath.Join(tmp, "criu") @@ -101,14 +106,14 @@ func testCheckpoint(t *testing.T, userns bool) { checkpointOpts := &libcontainer.CriuOpts{ ImagesDirectory: imagesDir, WorkDirectory: imagesDir, - ParentImage: "../criu-parent", + ParentImage: parentImage, } if err := container.Checkpoint(checkpointOpts); err != nil { t.Fatal(err) } - state, err = container.Status() + state, err := container.Status() ok(t, err) if state != libcontainer.Stopped { From e5e8f33695f52c53c4554800080d380eda2e9506 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 13 May 2024 17:43:45 -0700 Subject: [PATCH 0569/1176] .cirrus.yml: rm FIXME from rootless fs on CentOS 7 I tried to fix it, but it looks like older CentOS 7 kernel is the ultimate reason why it doesn't work. So, remove FIXME and add some explanation. Signed-off-by: Kir Kolyshkin --- .cirrus.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.cirrus.yml b/.cirrus.yml index d79db495a0c..0e11f0cc7ec 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -192,7 +192,11 @@ task: integration_fs_rootless_script: | case $DISTRO in centos-7) - echo "SKIP: FIXME: integration_fs_rootless_script is skipped because of EPERM on writing cgroup.procs" + # Most probably EPERM on cgroup.procs is caused by some missing kernel + # patch. The other issue is SELinux, but even with SELinux fixes in + # https://github.com/opencontainers/runc/pull/4068 it still doesn't work. + # Does not make sense in trying to fix this since it's an older distro. + echo "SKIP: integration_fs_rootless_script is skipped because of EPERM on writing cgroup.procs" ;; *) ssh -tt localhost "make -C /home/runc localrootlessintegration" From f8052066116326b82f815ffe7a1d3eb03665ddca Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 25 Apr 2024 15:40:49 -0700 Subject: [PATCH 0570/1176] libct/cg/fs: fix setting rt_period vs rt_runtime The issue is the same as in commit 1b2adcf but for RT scheduler; the fix is also the same. Test case by ls-ggg. Co-authored-by: ls-ggg <335814617@qq.com> Signed-off-by: Kir Kolyshkin --- libcontainer/cgroups/fs/cpu.go | 20 ++++++++++++++++++-- tests/integration/update.bats | 11 +++++++++++ 2 files changed, 29 insertions(+), 2 deletions(-) diff --git a/libcontainer/cgroups/fs/cpu.go b/libcontainer/cgroups/fs/cpu.go index fbbb8f34eef..62574b53c59 100644 --- a/libcontainer/cgroups/fs/cpu.go +++ b/libcontainer/cgroups/fs/cpu.go @@ -35,15 +35,31 @@ func (s *CpuGroup) Apply(path string, r *configs.Resources, pid int) error { } func (s *CpuGroup) SetRtSched(path string, r *configs.Resources) error { + var period string if r.CpuRtPeriod != 0 { - if err := cgroups.WriteFile(path, "cpu.rt_period_us", strconv.FormatUint(r.CpuRtPeriod, 10)); err != nil { - return err + period = strconv.FormatUint(r.CpuRtPeriod, 10) + if err := cgroups.WriteFile(path, "cpu.rt_period_us", period); err != nil { + // The values of cpu.rt_period_us and cpu.rt_runtime_us + // are inter-dependent and need to be set in a proper order. + // If the kernel rejects the new period value with EINVAL + // and the new runtime value is also being set, let's + // ignore the error for now and retry later. + if !errors.Is(err, unix.EINVAL) || r.CpuRtRuntime == 0 { + return err + } + } else { + period = "" } } if r.CpuRtRuntime != 0 { if err := cgroups.WriteFile(path, "cpu.rt_runtime_us", strconv.FormatInt(r.CpuRtRuntime, 10)); err != nil { return err } + if period != "" { + if err := cgroups.WriteFile(path, "cpu.rt_period_us", period); err != nil { + return err + } + } } return nil } diff --git a/tests/integration/update.bats b/tests/integration/update.bats index bc737d47f3b..ed57efca9fb 100644 --- a/tests/integration/update.bats +++ b/tests/integration/update.bats @@ -766,6 +766,17 @@ EOF check_cgroup_value "cpu.rt_period_us" 900001 check_cgroup_value "cpu.rt_runtime_us" 600001 + + # https://github.com/opencontainers/runc/issues/4094 + runc update test_update_rt --cpu-rt-period 10000 --cpu-rt-runtime 3000 + [ "$status" -eq 0 ] + check_cgroup_value "cpu.rt_period_us" 10000 + check_cgroup_value "cpu.rt_runtime_us" 3000 + + runc update test_update_rt --cpu-rt-period 100000 --cpu-rt-runtime 20000 + [ "$status" -eq 0 ] + check_cgroup_value "cpu.rt_period_us" 100000 + check_cgroup_value "cpu.rt_runtime_us" 20000 } @test "update devices [minimal transition rules]" { From 6ab3d8ad1eca7bde6d8b6c26f5dc27c3de995393 Mon Sep 17 00:00:00 2001 From: Austin Vazquez Date: Tue, 14 May 2024 12:22:55 +0000 Subject: [PATCH 0571/1176] vendor: golang.org/x/net@v0.24.0 This change vendors golang.org/x/net@v0.24.0 to silence security warnings for https://pkg.go.dev/vuln/GO-2024-2687. runc takes a dependency on net/bpf only and would not be impacted by the HTTP2 vulnerability reported. Signed-off-by: Austin Vazquez --- go.mod | 4 +- go.sum | 8 +- vendor/golang.org/x/sys/unix/mmap_nomremap.go | 2 +- .../x/sys/unix/syscall_zos_s390x.go | 8 ++ .../x/sys/windows/syscall_windows.go | 82 ++++++++++++ .../golang.org/x/sys/windows/types_windows.go | 24 ++++ .../x/sys/windows/zsyscall_windows.go | 126 ++++++++++++++++-- vendor/modules.txt | 4 +- 8 files changed, 240 insertions(+), 18 deletions(-) diff --git a/go.mod b/go.mod index 40bebdf900f..9c15a6bffd1 100644 --- a/go.mod +++ b/go.mod @@ -20,8 +20,8 @@ require ( github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 github.com/urfave/cli v1.22.14 github.com/vishvananda/netlink v1.1.0 - golang.org/x/net v0.22.0 - golang.org/x/sys v0.18.0 + golang.org/x/net v0.24.0 + golang.org/x/sys v0.19.0 google.golang.org/protobuf v1.33.0 ) diff --git a/go.sum b/go.sum index 956a5945fca..59f2fc9fb26 100644 --- a/go.sum +++ b/go.sum @@ -65,15 +65,15 @@ github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df h1:OviZH7qLw/7Zo github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU= golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2 h1:Jvc7gsqn21cJHCmAWx0LiimpP18LZmUxkT5Mp7EZ1mI= golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= -golang.org/x/net v0.22.0 h1:9sGLhx7iRIHEiX0oAJ3MRZMUCElJgy7Br1nO+AMN3Tc= -golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= +golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w= +golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8= golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= -golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= +golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= diff --git a/vendor/golang.org/x/sys/unix/mmap_nomremap.go b/vendor/golang.org/x/sys/unix/mmap_nomremap.go index 4b68e59780a..7f602ffd26d 100644 --- a/vendor/golang.org/x/sys/unix/mmap_nomremap.go +++ b/vendor/golang.org/x/sys/unix/mmap_nomremap.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build aix || darwin || dragonfly || freebsd || openbsd || solaris +//go:build aix || darwin || dragonfly || freebsd || openbsd || solaris || zos package unix diff --git a/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go b/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go index b473038c615..27c41b6f0a1 100644 --- a/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go +++ b/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go @@ -1520,6 +1520,14 @@ func (m *mmapper) Munmap(data []byte) (err error) { return nil } +func Mmap(fd int, offset int64, length int, prot int, flags int) (data []byte, err error) { + return mapper.Mmap(fd, offset, length, prot, flags) +} + +func Munmap(b []byte) (err error) { + return mapper.Munmap(b) +} + func Read(fd int, p []byte) (n int, err error) { n, err = read(fd, p) if raceenabled { diff --git a/vendor/golang.org/x/sys/windows/syscall_windows.go b/vendor/golang.org/x/sys/windows/syscall_windows.go index 6395a031d45..6525c62f3c2 100644 --- a/vendor/golang.org/x/sys/windows/syscall_windows.go +++ b/vendor/golang.org/x/sys/windows/syscall_windows.go @@ -165,6 +165,7 @@ func NewCallbackCDecl(fn interface{}) uintptr { //sys CreateFile(name *uint16, access uint32, mode uint32, sa *SecurityAttributes, createmode uint32, attrs uint32, templatefile Handle) (handle Handle, err error) [failretval==InvalidHandle] = CreateFileW //sys CreateNamedPipe(name *uint16, flags uint32, pipeMode uint32, maxInstances uint32, outSize uint32, inSize uint32, defaultTimeout uint32, sa *SecurityAttributes) (handle Handle, err error) [failretval==InvalidHandle] = CreateNamedPipeW //sys ConnectNamedPipe(pipe Handle, overlapped *Overlapped) (err error) +//sys DisconnectNamedPipe(pipe Handle) (err error) //sys GetNamedPipeInfo(pipe Handle, flags *uint32, outSize *uint32, inSize *uint32, maxInstances *uint32) (err error) //sys GetNamedPipeHandleState(pipe Handle, state *uint32, curInstances *uint32, maxCollectionCount *uint32, collectDataTimeout *uint32, userName *uint16, maxUserNameSize uint32) (err error) = GetNamedPipeHandleStateW //sys SetNamedPipeHandleState(pipe Handle, state *uint32, maxCollectionCount *uint32, collectDataTimeout *uint32) (err error) = SetNamedPipeHandleState @@ -348,8 +349,19 @@ func NewCallbackCDecl(fn interface{}) uintptr { //sys SetProcessPriorityBoost(process Handle, disable bool) (err error) = kernel32.SetProcessPriorityBoost //sys GetProcessWorkingSetSizeEx(hProcess Handle, lpMinimumWorkingSetSize *uintptr, lpMaximumWorkingSetSize *uintptr, flags *uint32) //sys SetProcessWorkingSetSizeEx(hProcess Handle, dwMinimumWorkingSetSize uintptr, dwMaximumWorkingSetSize uintptr, flags uint32) (err error) +//sys ClearCommBreak(handle Handle) (err error) +//sys ClearCommError(handle Handle, lpErrors *uint32, lpStat *ComStat) (err error) +//sys EscapeCommFunction(handle Handle, dwFunc uint32) (err error) +//sys GetCommState(handle Handle, lpDCB *DCB) (err error) +//sys GetCommModemStatus(handle Handle, lpModemStat *uint32) (err error) //sys GetCommTimeouts(handle Handle, timeouts *CommTimeouts) (err error) +//sys PurgeComm(handle Handle, dwFlags uint32) (err error) +//sys SetCommBreak(handle Handle) (err error) +//sys SetCommMask(handle Handle, dwEvtMask uint32) (err error) +//sys SetCommState(handle Handle, lpDCB *DCB) (err error) //sys SetCommTimeouts(handle Handle, timeouts *CommTimeouts) (err error) +//sys SetupComm(handle Handle, dwInQueue uint32, dwOutQueue uint32) (err error) +//sys WaitCommEvent(handle Handle, lpEvtMask *uint32, lpOverlapped *Overlapped) (err error) //sys GetActiveProcessorCount(groupNumber uint16) (ret uint32) //sys GetMaximumProcessorCount(groupNumber uint16) (ret uint32) //sys EnumWindows(enumFunc uintptr, param unsafe.Pointer) (err error) = user32.EnumWindows @@ -1834,3 +1846,73 @@ func ResizePseudoConsole(pconsole Handle, size Coord) error { // accept arguments that can be casted to uintptr, and Coord can't. return resizePseudoConsole(pconsole, *((*uint32)(unsafe.Pointer(&size)))) } + +// DCB constants. See https://learn.microsoft.com/en-us/windows/win32/api/winbase/ns-winbase-dcb. +const ( + CBR_110 = 110 + CBR_300 = 300 + CBR_600 = 600 + CBR_1200 = 1200 + CBR_2400 = 2400 + CBR_4800 = 4800 + CBR_9600 = 9600 + CBR_14400 = 14400 + CBR_19200 = 19200 + CBR_38400 = 38400 + CBR_57600 = 57600 + CBR_115200 = 115200 + CBR_128000 = 128000 + CBR_256000 = 256000 + + DTR_CONTROL_DISABLE = 0x00000000 + DTR_CONTROL_ENABLE = 0x00000010 + DTR_CONTROL_HANDSHAKE = 0x00000020 + + RTS_CONTROL_DISABLE = 0x00000000 + RTS_CONTROL_ENABLE = 0x00001000 + RTS_CONTROL_HANDSHAKE = 0x00002000 + RTS_CONTROL_TOGGLE = 0x00003000 + + NOPARITY = 0 + ODDPARITY = 1 + EVENPARITY = 2 + MARKPARITY = 3 + SPACEPARITY = 4 + + ONESTOPBIT = 0 + ONE5STOPBITS = 1 + TWOSTOPBITS = 2 +) + +// EscapeCommFunction constants. See https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-escapecommfunction. +const ( + SETXOFF = 1 + SETXON = 2 + SETRTS = 3 + CLRRTS = 4 + SETDTR = 5 + CLRDTR = 6 + SETBREAK = 8 + CLRBREAK = 9 +) + +// PurgeComm constants. See https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-purgecomm. +const ( + PURGE_TXABORT = 0x0001 + PURGE_RXABORT = 0x0002 + PURGE_TXCLEAR = 0x0004 + PURGE_RXCLEAR = 0x0008 +) + +// SetCommMask constants. See https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-setcommmask. +const ( + EV_RXCHAR = 0x0001 + EV_RXFLAG = 0x0002 + EV_TXEMPTY = 0x0004 + EV_CTS = 0x0008 + EV_DSR = 0x0010 + EV_RLSD = 0x0020 + EV_BREAK = 0x0040 + EV_ERR = 0x0080 + EV_RING = 0x0100 +) diff --git a/vendor/golang.org/x/sys/windows/types_windows.go b/vendor/golang.org/x/sys/windows/types_windows.go index 359780f6ace..d8cb71db0a6 100644 --- a/vendor/golang.org/x/sys/windows/types_windows.go +++ b/vendor/golang.org/x/sys/windows/types_windows.go @@ -3380,3 +3380,27 @@ type BLOB struct { Size uint32 BlobData *byte } + +type ComStat struct { + Flags uint32 + CBInQue uint32 + CBOutQue uint32 +} + +type DCB struct { + DCBlength uint32 + BaudRate uint32 + Flags uint32 + wReserved uint16 + XonLim uint16 + XoffLim uint16 + ByteSize uint8 + Parity uint8 + StopBits uint8 + XonChar byte + XoffChar byte + ErrorChar byte + EofChar byte + EvtChar byte + wReserved1 uint16 +} diff --git a/vendor/golang.org/x/sys/windows/zsyscall_windows.go b/vendor/golang.org/x/sys/windows/zsyscall_windows.go index e8791c82c30..5c6035ddfa9 100644 --- a/vendor/golang.org/x/sys/windows/zsyscall_windows.go +++ b/vendor/golang.org/x/sys/windows/zsyscall_windows.go @@ -188,6 +188,8 @@ var ( procAssignProcessToJobObject = modkernel32.NewProc("AssignProcessToJobObject") procCancelIo = modkernel32.NewProc("CancelIo") procCancelIoEx = modkernel32.NewProc("CancelIoEx") + procClearCommBreak = modkernel32.NewProc("ClearCommBreak") + procClearCommError = modkernel32.NewProc("ClearCommError") procCloseHandle = modkernel32.NewProc("CloseHandle") procClosePseudoConsole = modkernel32.NewProc("ClosePseudoConsole") procConnectNamedPipe = modkernel32.NewProc("ConnectNamedPipe") @@ -212,7 +214,9 @@ var ( procDeleteProcThreadAttributeList = modkernel32.NewProc("DeleteProcThreadAttributeList") procDeleteVolumeMountPointW = modkernel32.NewProc("DeleteVolumeMountPointW") procDeviceIoControl = modkernel32.NewProc("DeviceIoControl") + procDisconnectNamedPipe = modkernel32.NewProc("DisconnectNamedPipe") procDuplicateHandle = modkernel32.NewProc("DuplicateHandle") + procEscapeCommFunction = modkernel32.NewProc("EscapeCommFunction") procExitProcess = modkernel32.NewProc("ExitProcess") procExpandEnvironmentStringsW = modkernel32.NewProc("ExpandEnvironmentStringsW") procFindClose = modkernel32.NewProc("FindClose") @@ -236,6 +240,8 @@ var ( procGenerateConsoleCtrlEvent = modkernel32.NewProc("GenerateConsoleCtrlEvent") procGetACP = modkernel32.NewProc("GetACP") procGetActiveProcessorCount = modkernel32.NewProc("GetActiveProcessorCount") + procGetCommModemStatus = modkernel32.NewProc("GetCommModemStatus") + procGetCommState = modkernel32.NewProc("GetCommState") procGetCommTimeouts = modkernel32.NewProc("GetCommTimeouts") procGetCommandLineW = modkernel32.NewProc("GetCommandLineW") procGetComputerNameExW = modkernel32.NewProc("GetComputerNameExW") @@ -322,6 +328,7 @@ var ( procProcess32NextW = modkernel32.NewProc("Process32NextW") procProcessIdToSessionId = modkernel32.NewProc("ProcessIdToSessionId") procPulseEvent = modkernel32.NewProc("PulseEvent") + procPurgeComm = modkernel32.NewProc("PurgeComm") procQueryDosDeviceW = modkernel32.NewProc("QueryDosDeviceW") procQueryFullProcessImageNameW = modkernel32.NewProc("QueryFullProcessImageNameW") procQueryInformationJobObject = modkernel32.NewProc("QueryInformationJobObject") @@ -335,6 +342,9 @@ var ( procResetEvent = modkernel32.NewProc("ResetEvent") procResizePseudoConsole = modkernel32.NewProc("ResizePseudoConsole") procResumeThread = modkernel32.NewProc("ResumeThread") + procSetCommBreak = modkernel32.NewProc("SetCommBreak") + procSetCommMask = modkernel32.NewProc("SetCommMask") + procSetCommState = modkernel32.NewProc("SetCommState") procSetCommTimeouts = modkernel32.NewProc("SetCommTimeouts") procSetConsoleCursorPosition = modkernel32.NewProc("SetConsoleCursorPosition") procSetConsoleMode = modkernel32.NewProc("SetConsoleMode") @@ -342,7 +352,6 @@ var ( procSetDefaultDllDirectories = modkernel32.NewProc("SetDefaultDllDirectories") procSetDllDirectoryW = modkernel32.NewProc("SetDllDirectoryW") procSetEndOfFile = modkernel32.NewProc("SetEndOfFile") - procSetFileValidData = modkernel32.NewProc("SetFileValidData") procSetEnvironmentVariableW = modkernel32.NewProc("SetEnvironmentVariableW") procSetErrorMode = modkernel32.NewProc("SetErrorMode") procSetEvent = modkernel32.NewProc("SetEvent") @@ -351,6 +360,7 @@ var ( procSetFileInformationByHandle = modkernel32.NewProc("SetFileInformationByHandle") procSetFilePointer = modkernel32.NewProc("SetFilePointer") procSetFileTime = modkernel32.NewProc("SetFileTime") + procSetFileValidData = modkernel32.NewProc("SetFileValidData") procSetHandleInformation = modkernel32.NewProc("SetHandleInformation") procSetInformationJobObject = modkernel32.NewProc("SetInformationJobObject") procSetNamedPipeHandleState = modkernel32.NewProc("SetNamedPipeHandleState") @@ -361,6 +371,7 @@ var ( procSetStdHandle = modkernel32.NewProc("SetStdHandle") procSetVolumeLabelW = modkernel32.NewProc("SetVolumeLabelW") procSetVolumeMountPointW = modkernel32.NewProc("SetVolumeMountPointW") + procSetupComm = modkernel32.NewProc("SetupComm") procSizeofResource = modkernel32.NewProc("SizeofResource") procSleepEx = modkernel32.NewProc("SleepEx") procTerminateJobObject = modkernel32.NewProc("TerminateJobObject") @@ -379,6 +390,7 @@ var ( procVirtualQueryEx = modkernel32.NewProc("VirtualQueryEx") procVirtualUnlock = modkernel32.NewProc("VirtualUnlock") procWTSGetActiveConsoleSessionId = modkernel32.NewProc("WTSGetActiveConsoleSessionId") + procWaitCommEvent = modkernel32.NewProc("WaitCommEvent") procWaitForMultipleObjects = modkernel32.NewProc("WaitForMultipleObjects") procWaitForSingleObject = modkernel32.NewProc("WaitForSingleObject") procWriteConsoleW = modkernel32.NewProc("WriteConsoleW") @@ -1641,6 +1653,22 @@ func CancelIoEx(s Handle, o *Overlapped) (err error) { return } +func ClearCommBreak(handle Handle) (err error) { + r1, _, e1 := syscall.Syscall(procClearCommBreak.Addr(), 1, uintptr(handle), 0, 0) + if r1 == 0 { + err = errnoErr(e1) + } + return +} + +func ClearCommError(handle Handle, lpErrors *uint32, lpStat *ComStat) (err error) { + r1, _, e1 := syscall.Syscall(procClearCommError.Addr(), 3, uintptr(handle), uintptr(unsafe.Pointer(lpErrors)), uintptr(unsafe.Pointer(lpStat))) + if r1 == 0 { + err = errnoErr(e1) + } + return +} + func CloseHandle(handle Handle) (err error) { r1, _, e1 := syscall.Syscall(procCloseHandle.Addr(), 1, uintptr(handle), 0, 0) if r1 == 0 { @@ -1845,6 +1873,14 @@ func DeviceIoControl(handle Handle, ioControlCode uint32, inBuffer *byte, inBuff return } +func DisconnectNamedPipe(pipe Handle) (err error) { + r1, _, e1 := syscall.Syscall(procDisconnectNamedPipe.Addr(), 1, uintptr(pipe), 0, 0) + if r1 == 0 { + err = errnoErr(e1) + } + return +} + func DuplicateHandle(hSourceProcessHandle Handle, hSourceHandle Handle, hTargetProcessHandle Handle, lpTargetHandle *Handle, dwDesiredAccess uint32, bInheritHandle bool, dwOptions uint32) (err error) { var _p0 uint32 if bInheritHandle { @@ -1857,6 +1893,14 @@ func DuplicateHandle(hSourceProcessHandle Handle, hSourceHandle Handle, hTargetP return } +func EscapeCommFunction(handle Handle, dwFunc uint32) (err error) { + r1, _, e1 := syscall.Syscall(procEscapeCommFunction.Addr(), 2, uintptr(handle), uintptr(dwFunc), 0) + if r1 == 0 { + err = errnoErr(e1) + } + return +} + func ExitProcess(exitcode uint32) { syscall.Syscall(procExitProcess.Addr(), 1, uintptr(exitcode), 0, 0) return @@ -2058,6 +2102,22 @@ func GetActiveProcessorCount(groupNumber uint16) (ret uint32) { return } +func GetCommModemStatus(handle Handle, lpModemStat *uint32) (err error) { + r1, _, e1 := syscall.Syscall(procGetCommModemStatus.Addr(), 2, uintptr(handle), uintptr(unsafe.Pointer(lpModemStat)), 0) + if r1 == 0 { + err = errnoErr(e1) + } + return +} + +func GetCommState(handle Handle, lpDCB *DCB) (err error) { + r1, _, e1 := syscall.Syscall(procGetCommState.Addr(), 2, uintptr(handle), uintptr(unsafe.Pointer(lpDCB)), 0) + if r1 == 0 { + err = errnoErr(e1) + } + return +} + func GetCommTimeouts(handle Handle, timeouts *CommTimeouts) (err error) { r1, _, e1 := syscall.Syscall(procGetCommTimeouts.Addr(), 2, uintptr(handle), uintptr(unsafe.Pointer(timeouts)), 0) if r1 == 0 { @@ -2810,6 +2870,14 @@ func PulseEvent(event Handle) (err error) { return } +func PurgeComm(handle Handle, dwFlags uint32) (err error) { + r1, _, e1 := syscall.Syscall(procPurgeComm.Addr(), 2, uintptr(handle), uintptr(dwFlags), 0) + if r1 == 0 { + err = errnoErr(e1) + } + return +} + func QueryDosDevice(deviceName *uint16, targetPath *uint16, max uint32) (n uint32, err error) { r0, _, e1 := syscall.Syscall(procQueryDosDeviceW.Addr(), 3, uintptr(unsafe.Pointer(deviceName)), uintptr(unsafe.Pointer(targetPath)), uintptr(max)) n = uint32(r0) @@ -2924,6 +2992,30 @@ func ResumeThread(thread Handle) (ret uint32, err error) { return } +func SetCommBreak(handle Handle) (err error) { + r1, _, e1 := syscall.Syscall(procSetCommBreak.Addr(), 1, uintptr(handle), 0, 0) + if r1 == 0 { + err = errnoErr(e1) + } + return +} + +func SetCommMask(handle Handle, dwEvtMask uint32) (err error) { + r1, _, e1 := syscall.Syscall(procSetCommMask.Addr(), 2, uintptr(handle), uintptr(dwEvtMask), 0) + if r1 == 0 { + err = errnoErr(e1) + } + return +} + +func SetCommState(handle Handle, lpDCB *DCB) (err error) { + r1, _, e1 := syscall.Syscall(procSetCommState.Addr(), 2, uintptr(handle), uintptr(unsafe.Pointer(lpDCB)), 0) + if r1 == 0 { + err = errnoErr(e1) + } + return +} + func SetCommTimeouts(handle Handle, timeouts *CommTimeouts) (err error) { r1, _, e1 := syscall.Syscall(procSetCommTimeouts.Addr(), 2, uintptr(handle), uintptr(unsafe.Pointer(timeouts)), 0) if r1 == 0 { @@ -2989,14 +3081,6 @@ func SetEndOfFile(handle Handle) (err error) { return } -func SetFileValidData(handle Handle, validDataLength int64) (err error) { - r1, _, e1 := syscall.Syscall(procSetFileValidData.Addr(), 2, uintptr(handle), uintptr(validDataLength), 0) - if r1 == 0 { - err = errnoErr(e1) - } - return -} - func SetEnvironmentVariable(name *uint16, value *uint16) (err error) { r1, _, e1 := syscall.Syscall(procSetEnvironmentVariableW.Addr(), 2, uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(value)), 0) if r1 == 0 { @@ -3060,6 +3144,14 @@ func SetFileTime(handle Handle, ctime *Filetime, atime *Filetime, wtime *Filetim return } +func SetFileValidData(handle Handle, validDataLength int64) (err error) { + r1, _, e1 := syscall.Syscall(procSetFileValidData.Addr(), 2, uintptr(handle), uintptr(validDataLength), 0) + if r1 == 0 { + err = errnoErr(e1) + } + return +} + func SetHandleInformation(handle Handle, mask uint32, flags uint32) (err error) { r1, _, e1 := syscall.Syscall(procSetHandleInformation.Addr(), 3, uintptr(handle), uintptr(mask), uintptr(flags)) if r1 == 0 { @@ -3145,6 +3237,14 @@ func SetVolumeMountPoint(volumeMountPoint *uint16, volumeName *uint16) (err erro return } +func SetupComm(handle Handle, dwInQueue uint32, dwOutQueue uint32) (err error) { + r1, _, e1 := syscall.Syscall(procSetupComm.Addr(), 3, uintptr(handle), uintptr(dwInQueue), uintptr(dwOutQueue)) + if r1 == 0 { + err = errnoErr(e1) + } + return +} + func SizeofResource(module Handle, resInfo Handle) (size uint32, err error) { r0, _, e1 := syscall.Syscall(procSizeofResource.Addr(), 2, uintptr(module), uintptr(resInfo), 0) size = uint32(r0) @@ -3291,6 +3391,14 @@ func WTSGetActiveConsoleSessionId() (sessionID uint32) { return } +func WaitCommEvent(handle Handle, lpEvtMask *uint32, lpOverlapped *Overlapped) (err error) { + r1, _, e1 := syscall.Syscall(procWaitCommEvent.Addr(), 3, uintptr(handle), uintptr(unsafe.Pointer(lpEvtMask)), uintptr(unsafe.Pointer(lpOverlapped))) + if r1 == 0 { + err = errnoErr(e1) + } + return +} + func waitForMultipleObjects(count uint32, handles uintptr, waitAll bool, waitMilliseconds uint32) (event uint32, err error) { var _p0 uint32 if waitAll { diff --git a/vendor/modules.txt b/vendor/modules.txt index 2f4d71a3a86..2a0f5b8eb1c 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -79,10 +79,10 @@ github.com/vishvananda/netns golang.org/x/exp/constraints golang.org/x/exp/maps golang.org/x/exp/slices -# golang.org/x/net v0.22.0 +# golang.org/x/net v0.24.0 ## explicit; go 1.18 golang.org/x/net/bpf -# golang.org/x/sys v0.18.0 +# golang.org/x/sys v0.19.0 ## explicit; go 1.18 golang.org/x/sys/execabs golang.org/x/sys/unix From a35f7d80931192c50ea15d688afd54f45c7fb7fd Mon Sep 17 00:00:00 2001 From: lifubang Date: Thu, 16 May 2024 20:34:43 +0800 Subject: [PATCH 0572/1176] fix comments for ClearRlimitNofileCache Signed-off-by: lifubang --- libcontainer/system/linux.go | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/libcontainer/system/linux.go b/libcontainer/system/linux.go index 5e24d44e112..4d5565b25f4 100644 --- a/libcontainer/system/linux.go +++ b/libcontainer/system/linux.go @@ -19,14 +19,15 @@ import ( //go:linkname syscallOrigRlimitNofile syscall.origRlimitNofile var syscallOrigRlimitNofile atomic.Pointer[syscall.Rlimit] -// As reported in issue #4195, the new version of go runtime(since 1.19) -// will cache rlimit-nofile. Before executing execve, the rlimit-nofile -// of the process will be restored with the cache. In runc, this will -// cause the rlimit-nofile setting by the parent process for the container -// to become invalid. It can be solved by clearing this cache. But -// unfortunately, go stdlib doesn't provide such function, so we need to -// link to the private var `origRlimitNofile` in package syscall to hack. +// ClearRlimitNofileCache is to clear go runtime's nofile rlimit cache. func ClearRlimitNofileCache() { + // As reported in issue #4195, the new version of go runtime(since 1.19) + // will cache rlimit-nofile. Before executing execve, the rlimit-nofile + // of the process will be restored with the cache. In runc, this will + // cause the rlimit-nofile setting by the parent process for the container + // to become invalid. It can be solved by clearing this cache. But + // unfortunately, go stdlib doesn't provide such function, so we need to + // link to the private var `origRlimitNofile` in package syscall to hack. syscallOrigRlimitNofile.Store(nil) } From 177c7d4f590dd6efc6fdff139aba728c694e90ad Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 23 May 2024 22:00:06 -0700 Subject: [PATCH 0573/1176] Fix codespell warnings ./features.go:30: tru ==> through, true ... ./utils_linux.go:147: infront ==> in front Signed-off-by: Kir Kolyshkin --- features.go | 22 +++++++++++----------- utils_linux.go | 5 ++--- 2 files changed, 13 insertions(+), 14 deletions(-) diff --git a/features.go b/features.go index 190b7d10422..53b5ae38b94 100644 --- a/features.go +++ b/features.go @@ -27,7 +27,7 @@ var featuresCommand = cli.Command{ return err } - tru := true + t := true feat := features.Features{ OCIVersionMin: "1.0.0", @@ -43,24 +43,24 @@ var featuresCommand = cli.Command{ Namespaces: specconv.KnownNamespaces(), Capabilities: capabilities.KnownCapabilities(), Cgroup: &features.Cgroup{ - V1: &tru, - V2: &tru, - Systemd: &tru, - SystemdUser: &tru, - Rdma: &tru, + V1: &t, + V2: &t, + Systemd: &t, + SystemdUser: &t, + Rdma: &t, }, Apparmor: &features.Apparmor{ - Enabled: &tru, + Enabled: &t, }, Selinux: &features.Selinux{ - Enabled: &tru, + Enabled: &t, }, IntelRdt: &features.IntelRdt{ - Enabled: &tru, + Enabled: &t, }, MountExtensions: &features.MountExtensions{ IDMap: &features.IDMap{ - Enabled: &tru, + Enabled: &t, }, }, }, @@ -74,7 +74,7 @@ var featuresCommand = cli.Command{ if seccomp.Enabled { feat.Linux.Seccomp = &features.Seccomp{ - Enabled: &tru, + Enabled: &t, Actions: seccomp.KnownActions(), Operators: seccomp.KnownOperators(), Archs: seccomp.KnownArchs(), diff --git a/utils_linux.go b/utils_linux.go index a59301c1874..feb6ef80c4a 100644 --- a/utils_linux.go +++ b/utils_linux.go @@ -143,9 +143,8 @@ func setupIO(process *libcontainer.Process, rootuid, rootgid int, createTTY, det return setupProcessPipes(process, rootuid, rootgid) } -// createPidFile creates a file with the processes pid inside it atomically -// it creates a temp file with the paths filename + '.' infront of it -// then renames the file +// createPidFile creates a file containing the PID, +// doing so atomically (via create and rename). func createPidFile(path string, process *libcontainer.Process) error { pid, err := process.Pid() if err != nil { From d697725a4d36f43c487c25eb02b2f843a4c0d4cd Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 30 May 2024 10:18:54 -0700 Subject: [PATCH 0574/1176] libct/cg/dev: fix TestSetV1Allow panic This test panics if userns is detected (such as when run in a rootless docker container) because SetV1 does nothing in this case. We could fix the panic, but it doesn't make sense to run the test at all. Signed-off-by: Kir Kolyshkin --- libcontainer/cgroups/devices/v1_test.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libcontainer/cgroups/devices/v1_test.go b/libcontainer/cgroups/devices/v1_test.go index 1d1c4c3770a..aed1024b2ef 100644 --- a/libcontainer/cgroups/devices/v1_test.go +++ b/libcontainer/cgroups/devices/v1_test.go @@ -9,6 +9,7 @@ import ( "github.com/opencontainers/runc/libcontainer/cgroups/fscommon" "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/devices" + "github.com/opencontainers/runc/libcontainer/userns" ) func init() { @@ -17,6 +18,9 @@ func init() { } func TestSetV1Allow(t *testing.T) { + if userns.RunningInUserNS() { + t.Skip("userns detected; setV1 does nothing") + } dir := t.TempDir() for file, contents := range map[string]string{ From b74b33c43967d1a7be872998d79f951bdd6f1f32 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 30 May 2024 11:23:03 -0700 Subject: [PATCH 0575/1176] Dockerfile: bump Debian to 12, Go to 1.21 Signed-off-by: Kir Kolyshkin --- Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 7598cba9347..79e0aafbf1a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,10 +1,10 @@ -ARG GO_VERSION=1.20 +ARG GO_VERSION=1.21 ARG BATS_VERSION=v1.9.0 ARG LIBSECCOMP_VERSION=2.5.5 -FROM golang:${GO_VERSION}-bullseye +FROM golang:${GO_VERSION}-bookworm ARG DEBIAN_FRONTEND=noninteractive -ARG CRIU_REPO=https://download.opensuse.org/repositories/devel:/tools:/criu/Debian_11 +ARG CRIU_REPO=https://download.opensuse.org/repositories/devel:/tools:/criu/Debian_12 RUN KEYFILE=/usr/share/keyrings/criu-repo-keyring.gpg; \ wget -nv $CRIU_REPO/Release.key -O- | gpg --dearmor > "$KEYFILE" \ From 584afc675650e87ecc443896f56aed27a0064dc0 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 23 May 2024 16:29:58 -0700 Subject: [PATCH 0576/1176] libct/system: ClearRlimitNofileCache for go 1.23 Go 1.23 tightens access to internal symbols, and even puts runc into "hall of shame" for using an internal symbol (recently added by commit da68c8e3). So, while not impossible, it becomes harder to access those internal symbols, and it is a bad idea in general. Since Go 1.23 includes https://go.dev/cl/588076, we can clean the internal rlimit cache by setting the RLIMIT_NOFILE for ourselves, essentially disabling the rlimit cache. Once Go 1.22 is no longer supported, we will remove the go:linkname hack. Signed-off-by: Kir Kolyshkin --- libcontainer/init_linux.go | 16 ++++++++------ libcontainer/system/linux.go | 16 -------------- libcontainer/system/rlimit_linux.go | 15 +++++++++++++ libcontainer/system/rlimit_linux_go122.go | 27 +++++++++++++++++++++++ 4 files changed, 51 insertions(+), 23 deletions(-) create mode 100644 libcontainer/system/rlimit_linux.go create mode 100644 libcontainer/system/rlimit_linux_go122.go diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go index 7e1298c4d16..e0a65d5cc8f 100644 --- a/libcontainer/init_linux.go +++ b/libcontainer/init_linux.go @@ -12,6 +12,7 @@ import ( "runtime/debug" "strconv" "strings" + "syscall" "github.com/containerd/console" "github.com/moby/sys/user" @@ -225,9 +226,7 @@ func containerInit(t initType, config *initConfig, pipe *syncSocket, consoleSock // Clean the RLIMIT_NOFILE cache in go runtime. // Issue: https://github.com/opencontainers/runc/issues/4195 - if containsRlimit(config.Rlimits, unix.RLIMIT_NOFILE) { - system.ClearRlimitNofileCache() - } + maybeClearRlimitNofileCache(config.Rlimits) switch t { case initSetns: @@ -655,13 +654,16 @@ func setupRoute(config *configs.Config) error { return nil } -func containsRlimit(limits []configs.Rlimit, resource int) bool { +func maybeClearRlimitNofileCache(limits []configs.Rlimit) { for _, rlimit := range limits { - if rlimit.Type == resource { - return true + if rlimit.Type == syscall.RLIMIT_NOFILE { + system.ClearRlimitNofileCache(&syscall.Rlimit{ + Cur: rlimit.Soft, + Max: rlimit.Hard, + }) + return } } - return false } func setupRlimits(limits []configs.Rlimit, pid int) error { diff --git a/libcontainer/system/linux.go b/libcontainer/system/linux.go index 4d5565b25f4..368364baf04 100644 --- a/libcontainer/system/linux.go +++ b/libcontainer/system/linux.go @@ -8,7 +8,6 @@ import ( "io" "os" "strconv" - "sync/atomic" "syscall" "unsafe" @@ -16,21 +15,6 @@ import ( "golang.org/x/sys/unix" ) -//go:linkname syscallOrigRlimitNofile syscall.origRlimitNofile -var syscallOrigRlimitNofile atomic.Pointer[syscall.Rlimit] - -// ClearRlimitNofileCache is to clear go runtime's nofile rlimit cache. -func ClearRlimitNofileCache() { - // As reported in issue #4195, the new version of go runtime(since 1.19) - // will cache rlimit-nofile. Before executing execve, the rlimit-nofile - // of the process will be restored with the cache. In runc, this will - // cause the rlimit-nofile setting by the parent process for the container - // to become invalid. It can be solved by clearing this cache. But - // unfortunately, go stdlib doesn't provide such function, so we need to - // link to the private var `origRlimitNofile` in package syscall to hack. - syscallOrigRlimitNofile.Store(nil) -} - type ParentDeathSignal int func (p ParentDeathSignal) Restore() error { diff --git a/libcontainer/system/rlimit_linux.go b/libcontainer/system/rlimit_linux.go new file mode 100644 index 00000000000..4595fa82aa1 --- /dev/null +++ b/libcontainer/system/rlimit_linux.go @@ -0,0 +1,15 @@ +//go:build go1.23 + +package system + +import ( + "syscall" +) + +// ClearRlimitNofileCache clears go runtime's nofile rlimit cache. The argument +// is process RLIMIT_NOFILE values. Relies on go.dev/cl/588076. +func ClearRlimitNofileCache(lim *syscall.Rlimit) { + // Ignore the return values since we only need to clean the cache, + // the limit is going to be set via unix.Prlimit elsewhere. + _ = syscall.Setrlimit(syscall.RLIMIT_NOFILE, lim) +} diff --git a/libcontainer/system/rlimit_linux_go122.go b/libcontainer/system/rlimit_linux_go122.go new file mode 100644 index 00000000000..865d1802214 --- /dev/null +++ b/libcontainer/system/rlimit_linux_go122.go @@ -0,0 +1,27 @@ +//go:build !go1.23 + +// TODO: remove this file once go 1.22 is no longer supported. + +package system + +import ( + "sync/atomic" + "syscall" + _ "unsafe" // Needed for go:linkname to work. +) + +//go:linkname syscallOrigRlimitNofile syscall.origRlimitNofile +var syscallOrigRlimitNofile atomic.Pointer[syscall.Rlimit] + +// ClearRlimitNofileCache clears go runtime's nofile rlimit cache. +// The argument is process RLIMIT_NOFILE values. +func ClearRlimitNofileCache(_ *syscall.Rlimit) { + // As reported in issue #4195, the new version of go runtime(since 1.19) + // will cache rlimit-nofile. Before executing execve, the rlimit-nofile + // of the process will be restored with the cache. In runc, this will + // cause the rlimit-nofile setting by the parent process for the container + // to become invalid. It can be solved by clearing this cache. But + // unfortunately, go stdlib doesn't provide such function, so we need to + // link to the private var `origRlimitNofile` in package syscall to hack. + syscallOrigRlimitNofile.Store(nil) +} From b24fc9d2c44bc6e53b9a6ea580e96348181e2f27 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Sun, 2 Jun 2024 10:51:43 -0700 Subject: [PATCH 0577/1176] ci: pin codespell CI should not fail and require attention every time a new codespell version is released. Signed-off-by: Kir Kolyshkin --- .github/workflows/validate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index fc15d375a71..9bddda6513a 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -67,7 +67,7 @@ jobs: - uses: actions/checkout@v4 - name: install deps # Version of codespell bundled with Ubuntu is way old, so use pip. - run: pip install codespell + run: pip install codespell==v2.3.0 - name: run codespell run: codespell From 5c5ebe772bea4e4e4dcff91b6e97ec3b9fd40e28 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 31 May 2024 15:49:54 -0700 Subject: [PATCH 0578/1176] tests/int/scheduler: require smp This test case fails when there's a single CPU. Fix this by adding "require smp". While at it, document the test case and add a FIXME to maybe remove this test later. Signed-off-by: Kir Kolyshkin --- tests/integration/scheduler.bats | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/tests/integration/scheduler.bats b/tests/integration/scheduler.bats index c07b760d6e5..b7cd96f8890 100644 --- a/tests/integration/scheduler.bats +++ b/tests/integration/scheduler.bats @@ -25,10 +25,21 @@ function teardown() { [[ "${lines[2]}" == *"runtime/deadline/period parameters: 42000/1000000/1000000" ]] } +# Checks that runc emits a specific error when scheduling policy is used +# together with specific CPUs. As documented in sched_setattr(2): +# +# ERRORS: +# ... +# EPERM The CPU affinity mask of the thread specified by pid does not +# include all CPUs in the system (see sched_setaffinity(2)). +# @test "scheduler vs cpus" { + requires smp + update_config ' .linux.resources.cpu.cpus = "0" | .process.scheduler = {"policy": "SCHED_DEADLINE", "nice": 19, "runtime": 42000, "deadline": 1000000, "period": 1000000, }' runc run -d --console-socket "$CONSOLE_SOCKET" test_scheduler [ "$status" -eq 1 ] + [[ "$output" == *"process scheduler can't be used together with AllowedCPUs"* ]] } From 48c4e733f4eaa4ca90c589c1e029e9785ce7a806 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 3 Jun 2024 17:15:11 -0700 Subject: [PATCH 0579/1176] ci: workaround for centos stream 8 being EOLed Signed-off-by: Kir Kolyshkin --- .cirrus.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.cirrus.yml b/.cirrus.yml index 0e11f0cc7ec..a791f0a5bf5 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -106,6 +106,10 @@ task: sysctl --system ;; centos-stream-8) + # CS8 is EOF. As a temp workaround, fix repo URLs to point to vault. + for f in /etc/yum.repos.d/*.repo; do \ + sed -i -e 's,^mirrorlist=,#\0,' -e 's,^#baseurl=http://mirror\.,baseurl=http://vault.,' $f; \ + done yum config-manager --set-enabled powertools # for glibc-static ;; centos-stream-9) From 40bb9c468ea85a577ef501ca0ec15c078dec9488 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 4 Jun 2024 18:19:33 -0700 Subject: [PATCH 0580/1176] ci/cirrus: rm centos stream 8 It is past EOL and has been removed from GCE public images. Signed-off-by: Kir Kolyshkin --- .cirrus.yml | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/.cirrus.yml b/.cirrus.yml index a791f0a5bf5..e8405d14ebf 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -83,7 +83,6 @@ task: # yamllint disable rule:key-duplicates matrix: DISTRO: centos-7 - DISTRO: centos-stream-8 DISTRO: centos-stream-9 name: ci / $DISTRO @@ -105,13 +104,6 @@ task: echo "user.max_user_namespaces=15076" > /etc/sysctl.d/userns.conf sysctl --system ;; - centos-stream-8) - # CS8 is EOF. As a temp workaround, fix repo URLs to point to vault. - for f in /etc/yum.repos.d/*.repo; do \ - sed -i -e 's,^mirrorlist=,#\0,' -e 's,^#baseurl=http://mirror\.,baseurl=http://vault.,' $f; \ - done - yum config-manager --set-enabled powertools # for glibc-static - ;; centos-stream-9) dnf config-manager --set-enabled crb # for glibc-static dnf -y install epel-release epel-next-release # for fuse-sshfs @@ -187,7 +179,7 @@ task: ssh -tt localhost "make -C /home/runc localintegration" integration_systemd_rootless_script: | case $DISTRO in - centos-7|centos-stream-8) + centos-7) echo "SKIP: integration_systemd_rootless_script requires cgroup v2" ;; *) From 67f6c37bc24d472d09ab250cb12b5c670b15c32f Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 21 May 2024 12:12:03 -0700 Subject: [PATCH 0581/1176] ci/gha: switch to ubuntu 24.04 Let's replace ubuntu-22.04 with ubuntu-24.04 where we can, and keep ubuntu-20.04 to test cgroup v1 stuff. Leave ubuntu-22.04 for ci/cross-i386 (issue with systemctl restart hang after apt install). This can be addressed separately later. The only kludge we have to add is enable userns for runc binary being tested (as userns is disabled by apparmor system-wide by default now, see [1]). [1] https://discourse.ubuntu.com/t/ubuntu-24-04-lts-noble-numbat-release-notes/39890#unprivileged-user-namespace-restrictions-15 Signed-off-by: Kir Kolyshkin --- .github/workflows/test.yml | 10 ++++++++-- .github/workflows/validate.yml | 24 ++++++++++++------------ 2 files changed, 20 insertions(+), 14 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index e9fe1d8ffba..ea93554c02c 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -23,7 +23,7 @@ jobs: strategy: fail-fast: false matrix: - os: [ubuntu-20.04, ubuntu-22.04, actuated-arm64-6cpu-8gb] + os: [ubuntu-20.04, ubuntu-24.04, actuated-arm64-6cpu-8gb] go-version: [1.20.x, 1.21.x] rootless: ["rootless", ""] race: ["-race", ""] @@ -158,6 +158,12 @@ jobs: with: bats-version: 1.9.0 + - name: Allow userns for runc + # https://discourse.ubuntu.com/t/ubuntu-24-04-lts-noble-numbat-release-notes/39890#unprivileged-user-namespace-restrictions-15 + if: matrix.os == 'ubuntu-24.04' + run: | + sed "s;^profile runc /usr/sbin/;profile runc-test $PWD/;" < /etc/apparmor.d/runc | sudo apparmor_parser + - name: unit test if: matrix.rootless != 'rootless' env: @@ -174,7 +180,7 @@ jobs: sudo cp $HOME/rootless.key /home/rootless/.ssh/id_ecdsa sudo cp $HOME/rootless.key.pub /home/rootless/.ssh/authorized_keys sudo chown -R rootless.rootless /home/rootless - sudo chmod a+X $HOME # for Ubuntu 22.04 + sudo chmod a+X $HOME # for Ubuntu 22.04 and later - name: integration test (fs driver) run: sudo -E PATH="$PATH" script -e -c 'make local${{ matrix.rootless }}integration' diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 9bddda6513a..e5108c32dcb 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -14,7 +14,7 @@ permissions: jobs: keyring: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v4 - name: check runc.keyring @@ -26,7 +26,7 @@ jobs: contents: read pull-requests: read checks: write # to allow the action to annotate code in the PR. - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v4 with: @@ -48,7 +48,7 @@ jobs: golangci-lint run --config .golangci-extra.yml --new-from-rev=HEAD~1 compile-buildtags: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 env: # Don't ignore C warnings. Note that the output of "go env CGO_CFLAGS" by default is "-g -O2", so we keep them. CGO_CFLAGS: -g -O2 -Werror @@ -62,24 +62,24 @@ jobs: run: make BUILDTAGS="" codespell: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v4 - name: install deps # Version of codespell bundled with Ubuntu is way old, so use pip. - run: pip install codespell==v2.3.0 + run: pip install --break-system-packages codespell==v2.3.0 - name: run codespell run: codespell shfmt: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v4 - name: shfmt run: make shfmt shellcheck: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v4 - name: install shellcheck @@ -110,7 +110,7 @@ jobs: - run: if git -P grep -I -n '\s$'; then echo "^^^ extra whitespace at EOL, please fix"; exit 1; fi deps: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v4 - name: install go @@ -125,7 +125,7 @@ jobs: permissions: contents: read pull-requests: read - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 # Only check commits on pull requests. if: github.event_name == 'pull_request' steps: @@ -143,7 +143,7 @@ jobs: error: 'Subject too long (max 72)' cfmt: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - name: checkout uses: actions/checkout@v4 @@ -161,7 +161,7 @@ jobs: release: timeout-minutes: 30 - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - name: checkout uses: actions/checkout@v4 @@ -192,7 +192,7 @@ jobs: get-images: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v4 with: From 760105ab116fe1125919613fa5d01056cec757d5 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 5 Feb 2024 16:09:51 -0800 Subject: [PATCH 0582/1176] script/*: fix gpg usage wrt keyboxd I used script/keyring_validate.sh, which gave me this error: > [*] User cyphar in runc.keyring is not a maintainer! Apparently, when gnupg 2.4.1+ sees a fresh install (i.e. no ~/.gnupg directory), it configures itself to use keyboxd instead of keyring files, and when just silently ignores options like --keyring and --no-default-keyring, working with keyboxd all the time. The only way I found to make it not use keyboxd is to set --homedir. Let's do that when we explicitly want a separate keyring. Similar change is made to script/release_key.sh. Also, change "--import --import-options=show-only" to "--show-keys" which is a shortcut. When using this, there is no need to protect the default keyring since this command does not read or modify it. Signed-off-by: Kir Kolyshkin --- script/keyring_validate.sh | 18 ++++++++++-------- script/release_sign.sh | 4 ++-- 2 files changed, 12 insertions(+), 10 deletions(-) diff --git a/script/keyring_validate.sh b/script/keyring_validate.sh index ccb3da2a679..20a0b85618f 100755 --- a/script/keyring_validate.sh +++ b/script/keyring_validate.sh @@ -32,6 +32,12 @@ function bail() { tmp_gpgdir="$(mktemp -d --tmpdir "$project-validate-tmpkeyring.XXXXXX")" trap 'rm -r "$tmp_gpgdir"' EXIT +function gpg_user() { + local user=$1 + shift + gpg --homedir="$tmp_gpgdir" --no-default-keyring --keyring="$user.keyring" "$@" +} + # Get the set of MAINTAINERS. readarray -t maintainers < <(sed -E 's|.* <.*> \(@?(.*)\)$|\1|' <"$root/MAINTAINERS") echo "------------------------------------------------------------" @@ -41,8 +47,7 @@ echo "------------------------------------------------------------" # Create a dummy gpg keyring from the set of MAINTAINERS. while IFS="" read -r username || [ -n "$username" ]; do - curl -sSL "https://github.com/$username.gpg" | - gpg --no-default-keyring --keyring="$tmp_gpgdir/$username.keyring" --import + curl -sSL "https://github.com/$username.gpg" | gpg_user "$username" --import done < <(printf '%s\n' "${maintainers[@]}") # Make sure all of the keys in the keyring have a github=... comment. @@ -65,8 +70,7 @@ echo "------------------------------------------------------------" echo "$project release managers:" sed -En "s|^Comment:.* github=(\w+).*| * \1|p" <"$root/$project.keyring" | sort -u echo "------------------------------------------------------------" -gpg --no-default-keyring --keyring="$tmp_gpgdir/keyring" \ - --import --import-options=show-only <"$root/$project.keyring" +gpg --show-keys <"$root/$project.keyring" echo "------------------------------------------------------------" # Check that each entry in the kering is actually a maintainer's key. @@ -94,12 +98,10 @@ while IFS="" read -d $'\0' -r block || [ -n "$block" ]; do # fingerprint. See # for more details. while IFS="" read -r key || [ -n "$key" ]; do - gpg --no-default-keyring --keyring="$tmp_gpgdir/$username.keyring" \ - --list-keys --with-colons | grep "$fprfield:::::::::$key:" >/dev/null || + gpg_user "$username" --list-keys --with-colons | grep "$fprfield:::::::::$key:" >/dev/null || bail "(Sub?)Key $key in $project.keyring is NOT actually one of $username's keys!" log "Successfully verified $username's (sub?)key $key is legitimate." - done < <(gpg --no-default-keyring \ - --import --import-options=show-only --with-colons <<<"$block" | + done < <(gpg --show-keys --with-colons <<<"$block" | grep "^$fprfield:" | cut -d: -f10) done < <(awk <"$root/$project.keyring" ' /^-----BEGIN PGP PUBLIC KEY BLOCK-----$/ { in_block=1 } diff --git a/script/release_sign.sh b/script/release_sign.sh index e66a81bc7b2..39f806fa642 100755 --- a/script/release_sign.sh +++ b/script/release_sign.sh @@ -105,10 +105,10 @@ set -x tmp_gpgdir="$(mktemp -d --tmpdir "$project-sign-tmpkeyring.XXXXXX")" trap 'rm -r "$tmp_gpgdir"' EXIT -tmp_runc_gpgflags=("--no-default-keyring" "--keyring=$tmp_gpgdir/$project.keyring") +tmp_runc_gpgflags=("--homedir=$tmp_gpgdir" "--no-default-keyring" "--keyring=$project.keyring") gpg "${tmp_runc_gpgflags[@]}" --import <"$root/$project.keyring" -tmp_seccomp_gpgflags=("--no-default-keyring" "--keyring=$tmp_gpgdir/seccomp.keyring") +tmp_seccomp_gpgflags=("--homedir=$tmp_gpgdir" "--no-default-keyring" "--keyring=seccomp.keyring") gpg "${tmp_seccomp_gpgflags[@]}" --recv-keys 0x47A68FCE37C7D7024FD65E11356CE62C2B524099 gpg "${tmp_seccomp_gpgflags[@]}" --recv-keys 0x7100AADFAE6E6E940D2E0AD655E45A5AE8CA7C8A From 024c2711f336fc5ed78248f6a365b0260284b4ab Mon Sep 17 00:00:00 2001 From: Avi Deitcher Date: Tue, 20 Jun 2023 16:41:15 +0300 Subject: [PATCH 0583/1176] make trimpath optional Signed-off-by: Avi Deitcher --- Makefile | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index a669fa6735a..94b9a3c341f 100644 --- a/Makefile +++ b/Makefile @@ -23,6 +23,13 @@ LDFLAGS_COMMON := -X main.gitCommit=$(COMMIT) -X main.version=$(VERSION) GOARCH := $(shell $(GO) env GOARCH) +# -trimpath may be required on some platforms to create reproducible builds +# on the other hand, it does strip out build information, like -ldflags, which +# some tools use to infer the version, in the absence of go information, +# which happens when you use `go build`. +# This enables someone to override by doing `make runc TRIMPATH= ` etc. +TRIMPATH := -trimpath + GO_BUILDMODE := # Enable dynamic PIE executables on supported platforms. ifneq (,$(filter $(GOARCH),386 amd64 arm arm64 ppc64le riscv64 s390x)) @@ -30,7 +37,7 @@ ifneq (,$(filter $(GOARCH),386 amd64 arm arm64 ppc64le riscv64 s390x)) GO_BUILDMODE := "-buildmode=pie" endif endif -GO_BUILD := $(GO) build -trimpath $(GO_BUILDMODE) \ +GO_BUILD := $(GO) build $(TRIMPATH) $(GO_BUILDMODE) \ $(EXTRA_FLAGS) -tags "$(BUILDTAGS)" \ -ldflags "$(LDFLAGS_COMMON) $(EXTRA_LDFLAGS)" @@ -46,7 +53,7 @@ ifneq (,$(filter $(GOARCH),arm64 amd64)) endif endif # Enable static PIE binaries on supported platforms. -GO_BUILD_STATIC := $(GO) build -trimpath $(GO_BUILDMODE_STATIC) \ +GO_BUILD_STATIC := $(GO) build $(TRIMPATH) $(GO_BUILDMODE_STATIC) \ $(EXTRA_FLAGS) -tags "$(BUILDTAGS) netgo osusergo" \ -ldflags "$(LDFLAGS_COMMON) $(LDFLAGS_STATIC) $(EXTRA_LDFLAGS)" From e530b2a668a0df5facd1faac70507c1b1ddc5bf7 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 2 Feb 2024 14:57:17 -0800 Subject: [PATCH 0584/1176] tests/int/update: fix v2 swap check If swap is disabled, we should not run swap tests. Fixes 4166. Signed-off-by: Kir Kolyshkin --- tests/integration/update.bats | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/tests/integration/update.bats b/tests/integration/update.bats index ed57efca9fb..54774a877b2 100644 --- a/tests/integration/update.bats +++ b/tests/integration/update.bats @@ -38,10 +38,6 @@ function setup() { MEM_SWAP="memory.memsw.limit_in_bytes" SD_MEM_SWAP="unsupported" SYSTEM_MEM=$(cat "${CGROUP_MEMORY_BASE_PATH}/${MEM_LIMIT}") - HAVE_SWAP="no" - if [ -f "${CGROUP_MEMORY_BASE_PATH}/${MEM_SWAP}" ]; then - HAVE_SWAP="yes" - fi else MEM_LIMIT="memory.max" SD_MEM_LIMIT="MemoryMax" @@ -50,9 +46,11 @@ function setup() { MEM_SWAP="memory.swap.max" SD_MEM_SWAP="MemorySwapMax" SYSTEM_MEM="max" - HAVE_SWAP="yes" fi + unset HAVE_SWAP + get_cgroup_value $MEM_SWAP >/dev/null && HAVE_SWAP=yes + SD_UNLIMITED="infinity" SD_VERSION=$(systemctl --version | awk '{print $2; exit}') if [ "$SD_VERSION" -lt 227 ]; then @@ -94,8 +92,8 @@ function setup() { check_cgroup_value "$MEM_RESERVE" 33554432 check_systemd_value "$SD_MEM_RESERVE" 33554432 - # Run swap memory tests if swap is available - if [ "$HAVE_SWAP" = "yes" ]; then + # Run swap memory tests if swap is available. + if [ -v HAVE_SWAP ]; then # try to remove memory swap limit runc update test_update --memory-swap -1 [ "$status" -eq 0 ] @@ -127,7 +125,7 @@ function setup() { check_systemd_value "$SD_MEM_LIMIT" "$SD_UNLIMITED" # check swap memory limited is gone - if [ "$HAVE_SWAP" = "yes" ]; then + if [ -v HAVE_SWAP ]; then check_cgroup_value "$MEM_SWAP" "$SYSTEM_MEM" check_systemd_value "$SD_MEM_SWAP" "$SD_UNLIMITED" fi @@ -221,7 +219,7 @@ EOF check_cgroup_value "pids.max" 20 check_systemd_value "TasksMax" 20 - if [ "$HAVE_SWAP" = "yes" ]; then + if [ -v HAVE_SWAP ]; then # Test case for https://github.com/opencontainers/runc/pull/592, # checking libcontainer/cgroups/fs/memory.go:setMemoryAndSwap. From 8626c7173ef9965f8b1f367b0be3f91df2c257d9 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 2 Feb 2024 15:05:05 -0800 Subject: [PATCH 0585/1176] tests/int: fixup find statements 1. Add "-maxdepth 2" to not dive too deep into cgroup hierarchy. 2. Add "-type f" to look for a regular file. Signed-off-by: Kir Kolyshkin --- tests/integration/helpers.bash | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/integration/helpers.bash b/tests/integration/helpers.bash index e1d2a80af84..4702d971486 100755 --- a/tests/integration/helpers.bash +++ b/tests/integration/helpers.bash @@ -121,7 +121,7 @@ function init_cgroup_paths() { CGROUP_BASE_PATH=/sys/fs/cgroup # Find any cgroup.freeze files... - if [ -n "$(find "$CGROUP_BASE_PATH" -type f -name "cgroup.freeze" -print -quit)" ]; then + if [ -n "$(find "$CGROUP_BASE_PATH" -maxdepth 2 -type f -name "cgroup.freeze" -print -quit)" ]; then CGROUP_SUBSYSTEMS+=" freezer" fi else @@ -460,7 +460,7 @@ function requires() { init_cgroup_paths [ -v CGROUP_V1 ] && p="$CGROUP_CPU_BASE_PATH" [ -v CGROUP_V2 ] && p="$CGROUP_BASE_PATH" - if [ -z "$(find "$p" -name cpu.idle -print -quit)" ]; then + if [ -z "$(find "$p" -maxdepth 2 -type f -name cpu.idle -print -quit)" ]; then skip_me=1 fi ;; @@ -476,7 +476,7 @@ function requires() { p="$CGROUP_BASE_PATH" f="cpu.max.burst" fi - if [ -z "$(find "$p" -name "$f" -print -quit)" ]; then + if [ -z "$(find "$p" -maxdepth 2 -type f -name "$f" -print -quit)" ]; then skip_me=1 fi ;; From dbb011ecd9ffcd9e02ed92ca6c3e1ff051125bcf Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 2 Feb 2024 15:00:24 -0800 Subject: [PATCH 0586/1176] tests/int/helpers: fix cgroups_swap check for v2 In case of cgroup v2, there's no memory.swap.max in the top-level cgroup, so we have to use find. Signed-off-by: Kir Kolyshkin --- tests/integration/helpers.bash | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/tests/integration/helpers.bash b/tests/integration/helpers.bash index 4702d971486..8124abbd75c 100755 --- a/tests/integration/helpers.bash +++ b/tests/integration/helpers.bash @@ -451,8 +451,14 @@ function requires() { ;; cgroups_swap) init_cgroup_paths - if [ -v CGROUP_V1 ] && [ ! -e "${CGROUP_MEMORY_BASE_PATH}/memory.memsw.limit_in_bytes" ]; then - skip_me=1 + if [ -v CGROUP_V1 ]; then + if [ ! -e "${CGROUP_MEMORY_BASE_PATH}/memory.memsw.limit_in_bytes" ]; then + skip_me=1 + fi + elif [ -v CGROUP_V2 ]; then + if [ -z "$(find "$CGROUP_BASE_PATH" -maxdepth 2 -type f -name memory.swap.max -print -quit)" ]; then + skip_me=1 + fi fi ;; cgroups_cpu_idle) From 4209439b5f55e18bd901054f41df2f9470033832 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 26 Mar 2024 16:42:32 -0700 Subject: [PATCH 0587/1176] libct/cg/fs/v2: ignore setting swap in some cases When swap is being disabled (as set to 0), or set to max, ignore non-existent memory.swap.max cgroup file. If swap is being set explicitly to some value, do return an error like before. Signed-off-by: Kir Kolyshkin --- libcontainer/cgroups/fs2/memory.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libcontainer/cgroups/fs2/memory.go b/libcontainer/cgroups/fs2/memory.go index 29656597423..df8336ba0f8 100644 --- a/libcontainer/cgroups/fs2/memory.go +++ b/libcontainer/cgroups/fs2/memory.go @@ -57,7 +57,10 @@ func setMemory(dirPath string, r *configs.Resources) error { // never write empty string to `memory.swap.max`, it means set to 0. if swapStr != "" { if err := cgroups.WriteFile(dirPath, "memory.swap.max", swapStr); err != nil { - return err + // If swap is not enabled, silently ignore setting to max or disabling it. + if !(errors.Is(err, os.ErrNotExist) && (swapStr == "max" || swapStr == "0")) { + return err + } } } From 3083bd443f7b37929f9a83165e365a597d2c6d71 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 26 Mar 2024 16:47:13 -0700 Subject: [PATCH 0588/1176] tests/cgroups: separate cgroup v2 swap test There are cgroup v2 systems out there that do not have cgroup swap enabled, and this test will probably fail in there. Move it to a separate case, guarded with requires cgroups_swap. Signed-off-by: Kir Kolyshkin --- tests/integration/cgroups.bats | 26 +++++++++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) diff --git a/tests/integration/cgroups.bats b/tests/integration/cgroups.bats index a9c2ea4856f..d5ca1325dce 100644 --- a/tests/integration/cgroups.bats +++ b/tests/integration/cgroups.bats @@ -272,7 +272,6 @@ convert_hugetlb_size() { "memory.low": "524288", "memory.high": "5242880", "memory.max": "20484096", - "memory.swap.max": "20971520", "pids.max": "99", "cpu.max": "10000 100000", "cpu.weight": "42" @@ -289,7 +288,6 @@ convert_hugetlb_size() { echo "$output" | grep -q '^memory.low:524288$' echo "$output" | grep -q '^memory.high:5242880$' echo "$output" | grep -q '^memory.max:20484096$' - echo "$output" | grep -q '^memory.swap.max:20971520$' echo "$output" | grep -q '^pids.max:99$' echo "$output" | grep -q '^cpu.max:10000 100000$' @@ -297,12 +295,34 @@ convert_hugetlb_size() { check_systemd_value "MemoryLow" 524288 check_systemd_value "MemoryHigh" 5242880 check_systemd_value "MemoryMax" 20484096 - check_systemd_value "MemorySwapMax" 20971520 check_systemd_value "TasksMax" 99 check_cpu_quota 10000 100000 "100ms" check_cpu_weight 42 } +@test "runc run (cgroup v2 resources.unified swap)" { + requires root cgroups_v2 cgroups_swap + + set_cgroups_path + update_config ' .linux.resources.unified |= { + "memory.max": "20484096", + "memory.swap.max": "20971520" + }' + + runc run -d --console-socket "$CONSOLE_SOCKET" test_cgroups_unified + [ "$status" -eq 0 ] + + runc exec test_cgroups_unified sh -c 'cd /sys/fs/cgroup && grep . *.max' + [ "$status" -eq 0 ] + echo "$output" + + echo "$output" | grep -q '^memory.max:20484096$' + echo "$output" | grep -q '^memory.swap.max:20971520$' + + check_systemd_value "MemoryMax" 20484096 + check_systemd_value "MemorySwapMax" 20971520 +} + @test "runc run (cgroup v2 resources.unified override)" { requires root cgroups_v2 From 24c2d28d1ff89b98f14922ec801b5fadad09471d Mon Sep 17 00:00:00 2001 From: lfbzhm Date: Thu, 6 Jun 2024 14:22:04 +0000 Subject: [PATCH 0589/1176] fix a debug msg for user ns in nsexec Signed-off-by: lfbzhm --- libcontainer/nsenter/nsexec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libcontainer/nsenter/nsexec.c b/libcontainer/nsenter/nsexec.c index c771ac7e116..65e0ef53b9d 100644 --- a/libcontainer/nsenter/nsexec.c +++ b/libcontainer/nsenter/nsexec.c @@ -902,7 +902,7 @@ void nsexec(void) bail("failed to sync with parent: write(SYNC_USERMAP_PLS)"); /* ... wait for mapping ... */ - write_log(DEBUG, "request stage-0 to map user namespace"); + write_log(DEBUG, "waiting stage-0 to complete the mapping of user namespace"); if (read(syncfd, &s, sizeof(s)) != sizeof(s)) bail("failed to sync with parent: read(SYNC_USERMAP_ACK)"); if (s != SYNC_USERMAP_ACK) From e660ef61a5f8677e22fb50e51cd4368d8f24d319 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 7 Jun 2024 09:04:16 -0700 Subject: [PATCH 0590/1176] libct/nsenter: stop blacklisting go 1.22+ Go 1.23 includes a fix (https://go.dev/cl/587919) so go1.23.x can be used. This fix is also backported to 1.22.4, so go1.22.x can also be used (when x >= 4). Finally, for glibc >= 2.32 it doesn't really matter. Add a note about Go 1.22.x > 1.22.4 to README as well. Signed-off-by: Kir Kolyshkin --- README.md | 4 ++++ libcontainer/nsenter/nsenter_go122.go | 15 --------------- 2 files changed, 4 insertions(+), 15 deletions(-) delete mode 100644 libcontainer/nsenter/nsenter_go122.go diff --git a/README.md b/README.md index 6d8ac4d47ca..2cb8ed9f91e 100644 --- a/README.md +++ b/README.md @@ -29,6 +29,10 @@ A third party security audit was performed by Cure53, you can see the full repor `runc` only supports Linux. It must be built with Go version 1.19 or higher. +NOTE: if building with Go 1.22.x, make sure to use 1.22.4 or a later version +(see [issue #4233](https://github.com/opencontainers/runc/issues/4233) for +more details). + In order to enable seccomp support you will need to install `libseccomp` on your platform. > e.g. `libseccomp-devel` for CentOS, or `libseccomp-dev` for Ubuntu diff --git a/libcontainer/nsenter/nsenter_go122.go b/libcontainer/nsenter/nsenter_go122.go deleted file mode 100644 index 2b9ece0ad29..00000000000 --- a/libcontainer/nsenter/nsenter_go122.go +++ /dev/null @@ -1,15 +0,0 @@ -//go:build go1.22 - -package nsenter - -/* -// We know for sure that glibc has issues with pthread_self() when called from -// Go after nsenter has run. This is likely a more general problem with how we -// ignore the rules in signal-safety(7), and so it's possible musl will also -// have issues, but as this is just a hotfix let's only block glibc builds. -#include -#ifdef __GLIBC__ -# error "runc does not currently work properly with Go >=1.22. See ." -#endif -*/ -import "C" From a3302f20548c6f7b3443985c8dccccf2f4889bd9 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 24 May 2024 16:55:03 -0700 Subject: [PATCH 0591/1176] ci: switch to go 1.22 as main version Now when Go 1.22.4 is out it should no longer be a problem. Leave Go 1.21 for CentOS testing (CentOS 7 and 8 have older glibc) and Dockerfile (Debian 11 have older glibc). Signed-off-by: Kir Kolyshkin --- .github/workflows/test.yml | 12 +++++++----- .github/workflows/validate.yml | 3 ++- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index ea93554c02c..73cbf652d92 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -24,7 +24,7 @@ jobs: fail-fast: false matrix: os: [ubuntu-20.04, ubuntu-24.04, actuated-arm64-6cpu-8gb] - go-version: [1.20.x, 1.21.x] + go-version: [1.21.x, 1.22.x] rootless: ["rootless", ""] race: ["-race", ""] criu: ["", "criu-dev"] @@ -33,7 +33,7 @@ jobs: # Disable most of criu-dev jobs, as they are expensive # (need to compile criu) and don't add much value/coverage. - criu: criu-dev - go-version: 1.20.x + go-version: 1.21.x - criu: criu-dev rootless: rootless - criu: criu-dev @@ -45,12 +45,12 @@ jobs: - dmz: runc_nodmz os: ubuntu-20.04 - dmz: runc_nodmz - go-version: 1.20.x + go-version: 1.21.x - dmz: runc_nodmz rootless: rootless - dmz: runc_nodmz race: -race - - go-version: 1.20.x + - go-version: 1.21.x os: actuated-arm64-6cpu-8gb - race: "-race" os: actuated-arm64-6cpu-8gb @@ -147,6 +147,7 @@ jobs: uses: actions/setup-go@v5 with: go-version: ${{ matrix.go-version }} + check-latest: true - name: build env: @@ -225,7 +226,8 @@ jobs: - name: install go uses: actions/setup-go@v5 with: - go-version: 1.21.x # TODO: switch to 1.x (latest stable) once Go 1.22 vs glibc issue is fixed. + go-version: 1.x # Latest stable + check-latest: true - name: unit test env: diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index e5108c32dcb..ad4929b2326 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -8,7 +8,7 @@ on: - release-* pull_request: env: - GO_VERSION: 1.20.x + GO_VERSION: 1.22.x permissions: contents: read @@ -117,6 +117,7 @@ jobs: uses: actions/setup-go@v5 with: go-version: "${{ env.GO_VERSION }}" + check-latest: true - name: verify deps run: make verify-dependencies From 17380da2772e932e8febe091cfe13ec26e05099c Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 30 May 2024 11:16:41 -0700 Subject: [PATCH 0592/1176] Dockerfile: switch to Go 1.22 and Debian 12 Signed-off-by: Kir Kolyshkin --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 79e0aafbf1a..d04a958892d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -ARG GO_VERSION=1.21 +ARG GO_VERSION=1.22 ARG BATS_VERSION=v1.9.0 ARG LIBSECCOMP_VERSION=2.5.5 From 6b2eb52fb08de4c33473ea54bb50d892b2003f5d Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 24 May 2024 17:03:06 -0700 Subject: [PATCH 0593/1176] go.mod,README: require Go 1.21 Go 1.20 was released in February 2023 and is no longer supported since February 2024. Time to move on. Signed-off-by: Kir Kolyshkin --- README.md | 2 +- go.mod | 2 +- go.sum | 5 +++++ 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 2cb8ed9f91e..2d532f984fe 100644 --- a/README.md +++ b/README.md @@ -27,7 +27,7 @@ A third party security audit was performed by Cure53, you can see the full repor ## Building -`runc` only supports Linux. It must be built with Go version 1.19 or higher. +`runc` only supports Linux. It must be built with Go version 1.21 or higher. NOTE: if building with Go 1.22.x, make sure to use 1.22.4 or a later version (see [issue #4233](https://github.com/opencontainers/runc/issues/4233) for diff --git a/go.mod b/go.mod index 9c15a6bffd1..98b23ab872d 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/opencontainers/runc -go 1.20 +go 1.21 require ( github.com/checkpoint-restore/go-criu/v6 v6.3.0 diff --git a/go.sum b/go.sum index 59f2fc9fb26..13b88a4850c 100644 --- a/go.sum +++ b/go.sum @@ -17,15 +17,19 @@ github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4= github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= github.com/frankban/quicktest v1.14.5 h1:dfYrrRyLtiqT9GyKXgdh+k4inNeTvmGbuSgZ3lx3GhA= +github.com/frankban/quicktest v1.14.5/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk= github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= +github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= +github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= +github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/moby/sys/mountinfo v0.7.1 h1:/tTvQaSJRr2FshkhXiIpux6fQ2Zvc4j7tAhMTStAG2g= github.com/moby/sys/mountinfo v0.7.1/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI= github.com/moby/sys/user v0.1.0 h1:WmZ93f5Ux6het5iituh9x2zAG7NFY9Aqi49jjE1PaQg= @@ -39,6 +43,7 @@ github.com/opencontainers/selinux v1.11.0/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M5 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8= +github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/seccomp/libseccomp-golang v0.10.0 h1:aA4bp+/Zzi0BnWZ2F1wgNBs5gTpm+na2rWM6M9YjLpY= From a1e87f8d76456a46b487f13e2e805d64723a0a1d Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 24 May 2024 16:56:40 -0700 Subject: [PATCH 0594/1176] libct: rm eaccess It is not needed since Go 1.20 (which was released in February 2023 and is no longer supported since February 2024). Signed-off-by: Kir Kolyshkin --- libcontainer/eaccess_go119.go | 17 ----------------- libcontainer/eaccess_stub.go | 10 ---------- libcontainer/setns_init_linux.go | 7 ------- libcontainer/standard_init_linux.go | 7 ------- 4 files changed, 41 deletions(-) delete mode 100644 libcontainer/eaccess_go119.go delete mode 100644 libcontainer/eaccess_stub.go diff --git a/libcontainer/eaccess_go119.go b/libcontainer/eaccess_go119.go deleted file mode 100644 index cc1e2079a79..00000000000 --- a/libcontainer/eaccess_go119.go +++ /dev/null @@ -1,17 +0,0 @@ -//go:build !go1.20 -// +build !go1.20 - -package libcontainer - -import "golang.org/x/sys/unix" - -func eaccess(path string) error { - // This check is similar to access(2) with X_OK except for - // setuid/setgid binaries where it checks against the effective - // (rather than real) uid and gid. It is not needed in go 1.20 - // and beyond and will be removed later. - - // Relies on code added in https://go-review.googlesource.com/c/sys/+/468877 - // and older CLs linked from there. - return unix.Faccessat(unix.AT_FDCWD, path, unix.X_OK, unix.AT_EACCESS) -} diff --git a/libcontainer/eaccess_stub.go b/libcontainer/eaccess_stub.go deleted file mode 100644 index 7c049fd7aa0..00000000000 --- a/libcontainer/eaccess_stub.go +++ /dev/null @@ -1,10 +0,0 @@ -//go:build go1.20 - -package libcontainer - -func eaccess(path string) error { - // Not needed in Go 1.20+ as the functionality is already in there - // (added by https://go.dev/cl/416115, https://go.dev/cl/414824, - // and fixed in Go 1.20.2 by https://go.dev/cl/469956). - return nil -} diff --git a/libcontainer/setns_init_linux.go b/libcontainer/setns_init_linux.go index de3a15f6e2f..d14198772aa 100644 --- a/libcontainer/setns_init_linux.go +++ b/libcontainer/setns_init_linux.go @@ -117,13 +117,6 @@ func (l *linuxSetnsInit) Init() error { if err != nil { return err } - // exec.LookPath in Go < 1.20 might return no error for an executable - // residing on a file system mounted with noexec flag, so perform this - // extra check now while we can still return a proper error. - // TODO: remove this once go < 1.20 is not supported. - if err := eaccess(name); err != nil { - return &os.PathError{Op: "eaccess", Path: name, Err: err} - } // Set seccomp as close to execve as possible, so as few syscalls take // place afterward (reducing the amount of syscalls that users need to // enable in their seccomp profiles). diff --git a/libcontainer/standard_init_linux.go b/libcontainer/standard_init_linux.go index 4b7aa677509..ec2e814370a 100644 --- a/libcontainer/standard_init_linux.go +++ b/libcontainer/standard_init_linux.go @@ -211,13 +211,6 @@ func (l *linuxStandardInit) Init() error { if err != nil { return err } - // exec.LookPath in Go < 1.20 might return no error for an executable - // residing on a file system mounted with noexec flag, so perform this - // extra check now while we can still return a proper error. - // TODO: remove this once go < 1.20 is not supported. - if err := eaccess(name); err != nil { - return &os.PathError{Op: "eaccess", Path: name, Err: err} - } // Set seccomp as close to execve as possible, so as few syscalls take // place afterward (reducing the amount of syscalls that users need to From b7fdd524cb3758b373d873831dea02bd1499e8b3 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 24 May 2024 17:00:38 -0700 Subject: [PATCH 0595/1176] libct: use slices package As we're no longer supporting Go < 1.21. Signed-off-by: Kir Kolyshkin --- libcontainer/container_linux.go | 17 ++++------------- 1 file changed, 4 insertions(+), 13 deletions(-) diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index 13be71ccb89..ad49244a889 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -10,6 +10,7 @@ import ( "path" "path/filepath" "reflect" + "slices" "strconv" "strings" "sync" @@ -452,16 +453,6 @@ func (c *Container) includeExecFifo(cmd *exec.Cmd) error { return nil } -// No longer needed in Go 1.21. -func slicesContains[S ~[]E, E comparable](slice S, needle E) bool { - for _, val := range slice { - if val == needle { - return true - } - } - return false -} - func isDmzBinarySafe(c *configs.Config) bool { // Because we set the dumpable flag in nsexec, the only time when it is // unsafe to use runc-dmz is when the container process would be able to @@ -472,9 +463,9 @@ func isDmzBinarySafe(c *configs.Config) bool { // inheritable, or ambient sets). Luckily, most containers do not have this // capability. if c.Capabilities == nil || - (!slicesContains(c.Capabilities.Bounding, "CAP_SYS_PTRACE") && - !slicesContains(c.Capabilities.Inheritable, "CAP_SYS_PTRACE") && - !slicesContains(c.Capabilities.Ambient, "CAP_SYS_PTRACE")) { + (!slices.Contains(c.Capabilities.Bounding, "CAP_SYS_PTRACE") && + !slices.Contains(c.Capabilities.Inheritable, "CAP_SYS_PTRACE") && + !slices.Contains(c.Capabilities.Ambient, "CAP_SYS_PTRACE")) { return true } From 3019e842de904de2d6259aca906d11fc36453b07 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 24 May 2024 17:02:39 -0700 Subject: [PATCH 0596/1176] libct/cg: use clear built-in As we no longer support Go < 1.21. Signed-off-by: Kir Kolyshkin --- libcontainer/cgroups/utils.go | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/libcontainer/cgroups/utils.go b/libcontainer/cgroups/utils.go index 186cbc6413f..8bec8c36f16 100644 --- a/libcontainer/cgroups/utils.go +++ b/libcontainer/cgroups/utils.go @@ -275,9 +275,7 @@ func RemovePaths(paths map[string]string) (err error) { } } if len(paths) == 0 { - //nolint:ineffassign,staticcheck // done to help garbage collecting: opencontainers/runc#2506 - // TODO: switch to clear once Go < 1.21 is not supported. - paths = make(map[string]string) + clear(paths) return nil } return fmt.Errorf("Failed to remove paths: %v", paths) From 40dd884a00e9e1bb36033e36b1376a63cbe8df18 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 7 Jun 2024 14:23:14 -0700 Subject: [PATCH 0597/1176] MAINTAINERS: add Rodrigo Campos I am nominating @rata for the role of runc maintainer. He is pretty active in the project, did some substantial work and is helping with PR review and releases. As noted in MAINTAINERS_GUIDE.md, we have a week to vote, and need to get 66% of current maintainers' votes. Signed-off-by: Kir Kolyshkin --- MAINTAINERS | 1 + 1 file changed, 1 insertion(+) diff --git a/MAINTAINERS b/MAINTAINERS index e959e4fed31..7a0eeebf68f 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -7,3 +7,4 @@ Akihiro Suda (@AkihiroSuda) Kir Kolyshkin (@kolyshkin) Sebastiaan van Stijn (@thaJeztah) Li Fu Bang (@lifubang) +Rodrigo Campos (@rata) From 771903608c7317defee99ec0c8dc107471c41d71 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 2 Feb 2024 13:57:16 -0800 Subject: [PATCH 0598/1176] libct/cg: write unified resources line by line It has been pointed out that some controllers can not accept multiple lines of output at once. In particular, io.max can only set one device at a time. Practically, the only multi-line resource values we can get come from unified.* -- let's write those line by line. Add a test case. Reported-by: Tao Shen Signed-off-by: Kir Kolyshkin --- libcontainer/cgroups/file.go | 34 +++++++++++++++++++++++++++++++ libcontainer/cgroups/file_test.go | 22 ++++++++++++++++++++ libcontainer/cgroups/fs2/fs2.go | 2 +- tests/integration/cgroups.bats | 32 +++++++++++++++++++++++++++++ 4 files changed, 89 insertions(+), 1 deletion(-) diff --git a/libcontainer/cgroups/file.go b/libcontainer/cgroups/file.go index 16aae5a3b7c..78c5bcf0d37 100644 --- a/libcontainer/cgroups/file.go +++ b/libcontainer/cgroups/file.go @@ -57,6 +57,40 @@ func WriteFile(dir, file, data string) error { return nil } +// WriteFileByLine is the same as WriteFile, except if data contains newlines, +// it is written line by line. +func WriteFileByLine(dir, file, data string) error { + i := strings.Index(data, "\n") + if i == -1 { + return WriteFile(dir, file, data) + } + + fd, err := OpenFile(dir, file, unix.O_WRONLY) + if err != nil { + return err + } + defer fd.Close() + start := 0 + for { + var line string + if i == -1 { + line = data[start:] + } else { + line = data[start : start+i+1] + } + _, err := fd.WriteString(line) + if err != nil { + return fmt.Errorf("failed to write %q: %w", line, err) + } + if i == -1 { + break + } + start += i + 1 + i = strings.Index(data[start:], "\n") + } + return nil +} + const ( cgroupfsDir = "/sys/fs/cgroup" cgroupfsPrefix = cgroupfsDir + "/" diff --git a/libcontainer/cgroups/file_test.go b/libcontainer/cgroups/file_test.go index 6236bb9ec1e..5ce43838018 100644 --- a/libcontainer/cgroups/file_test.go +++ b/libcontainer/cgroups/file_test.go @@ -73,3 +73,25 @@ func TestOpenat2(t *testing.T) { fd.Close() } } + +func BenchmarkWriteFile(b *testing.B) { + TestMode = true + defer func() { TestMode = false }() + + dir := b.TempDir() + tc := []string{ + "one", + "one\ntwo\nthree", + "10:200 foo=bar boo=far\n300:1200 something=other\ndefault 45000\n", + "\n\n\n\n\n\n\n\n", + } + + b.ResetTimer() + for i := 0; i < b.N; i++ { + for _, val := range tc { + if err := WriteFileByLine(dir, "file", val); err != nil { + b.Fatal(err) + } + } + } +} diff --git a/libcontainer/cgroups/fs2/fs2.go b/libcontainer/cgroups/fs2/fs2.go index 0a579b23e84..87c89e8a129 100644 --- a/libcontainer/cgroups/fs2/fs2.go +++ b/libcontainer/cgroups/fs2/fs2.go @@ -238,7 +238,7 @@ func (m *Manager) setUnified(res map[string]string) error { if strings.Contains(k, "/") { return fmt.Errorf("unified resource %q must be a file name (no slashes)", k) } - if err := cgroups.WriteFile(m.dirPath, k, v); err != nil { + if err := cgroups.WriteFileByLine(m.dirPath, k, v); err != nil { // Check for both EPERM and ENOENT since O_CREAT is used by WriteFile. if errors.Is(err, os.ErrPermission) || errors.Is(err, os.ErrNotExist) { // Check if a controller is available, diff --git a/tests/integration/cgroups.bats b/tests/integration/cgroups.bats index d5ca1325dce..3a74eb26249 100644 --- a/tests/integration/cgroups.bats +++ b/tests/integration/cgroups.bats @@ -187,6 +187,38 @@ function setup() { [[ "$weights" == *"$major:$minor 444"* ]] } +@test "runc run (per-device multiple iops via unified)" { + requires root cgroups_v2 + + dd if=/dev/zero of=backing1.img bs=4096 count=1 + dev1=$(losetup --find --show backing1.img) || skip "unable to create a loop device" + + # Second device. + dd if=/dev/zero of=backing2.img bs=4096 count=1 + dev2=$(losetup --find --show backing2.img) || skip "unable to create a loop device" + + set_cgroups_path + + IFS=$' \t:' read -r major1 minor1 <<<"$(lsblk -nd -o MAJ:MIN "$dev1")" + IFS=$' \t:' read -r major2 minor2 <<<"$(lsblk -nd -o MAJ:MIN "$dev2")" + update_config ' .linux.devices += [ + {path: "'"$dev1"'", type: "b", major: '"$major1"', minor: '"$minor1"'}, + {path: "'"$dev2"'", type: "b", major: '"$major2"', minor: '"$minor2"'} + ] + | .linux.resources.unified |= + {"io.max": "'"$major1"':'"$minor1"' riops=333 wiops=444\n'"$major2"':'"$minor2"' riops=555 wiops=666\n"}' + runc run -d --console-socket "$CONSOLE_SOCKET" test_dev_weight + [ "$status" -eq 0 ] + + # The loop devices are no longer needed. + losetup -d "$dev1" + losetup -d "$dev2" + + weights=$(get_cgroup_value "io.max") + grep "^$major1:$minor1 .* riops=333 wiops=444$" <<<"$weights" + grep "^$major2:$minor2 .* riops=555 wiops=666$" <<<"$weights" +} + @test "runc run (cpu.idle)" { requires cgroups_cpu_idle [ $EUID -ne 0 ] && requires rootless_cgroup From f8f1bc9a304ba14203f2091524cb7ee0fe5b4b35 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 21 May 2024 10:04:51 -0700 Subject: [PATCH 0599/1176] Vagrantfile.fedora: bump to F40 Get the image from Fedora directly. Also, remove the comment about cgroup v2 as it is also tested on Ubuntu 22.04 now. Signed-off-by: Kir Kolyshkin --- Vagrantfile.fedora | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Vagrantfile.fedora b/Vagrantfile.fedora index f8931804df2..4863808ee51 100644 --- a/Vagrantfile.fedora +++ b/Vagrantfile.fedora @@ -2,8 +2,9 @@ # vi: set ft=ruby : Vagrant.configure("2") do |config| -# Fedora box is used for testing cgroup v2 support - config.vm.box = "fedora/39-cloud-base" + config.vm.box = "fedora-40" + # For URL, check https://www.fedoraproject.org/cloud/download + config.vm.box_url = "https://download.fedoraproject.org/pub/fedora/linux/releases/40/Cloud/x86_64/images/Fedora-Cloud-Base-Vagrant-libvirt.x86_64-40-1.14.vagrant.libvirt.box" config.vm.provider :virtualbox do |v| v.memory = 2048 v.cpus = 2 From 1c505fffdc59a1f8dc969fae053ade8d7d881038 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 17 May 2024 17:21:15 -0700 Subject: [PATCH 0600/1176] Revert "Set temporary single CPU affinity..." There's too much logic here figuring out which CPUs to use. Runc is a low level tool and is not supposed to be that "smart". What's worse, this logic is executed on every exec, making it slower. Some of the logic in (*setnsProcess).start is executed even if no annotation is set, thus making ALL execs slow. Also, this should be a property of a process, rather than annotation. The plan is to rework this. This reverts commit afc23e33971b657c4a09c54b16c6139651171aad. Signed-off-by: Kir Kolyshkin --- docs/isolated-cpu-affinity-transition.md | 125 -------- features.go | 1 - libcontainer/cgroups/cgroups.go | 4 - libcontainer/cgroups/fs/fs.go | 27 -- libcontainer/cgroups/fs2/fs2.go | 28 -- libcontainer/cgroups/systemd/v1.go | 4 - libcontainer/cgroups/systemd/v2.go | 4 - libcontainer/cgroups/utils.go | 21 +- libcontainer/container_linux_test.go | 4 - libcontainer/process_linux.go | 269 +----------------- libcontainer/process_linux_test.go | 232 --------------- libcontainer/system/kernelparam/lookup.go | 41 --- .../system/kernelparam/lookup_test.go | 60 ---- tests/integration/exec.bats | 136 --------- tests/integration/helpers.bash | 21 -- 15 files changed, 16 insertions(+), 961 deletions(-) delete mode 100644 docs/isolated-cpu-affinity-transition.md delete mode 100644 libcontainer/process_linux_test.go delete mode 100644 libcontainer/system/kernelparam/lookup.go delete mode 100644 libcontainer/system/kernelparam/lookup_test.go diff --git a/docs/isolated-cpu-affinity-transition.md b/docs/isolated-cpu-affinity-transition.md deleted file mode 100644 index d2f3b12e899..00000000000 --- a/docs/isolated-cpu-affinity-transition.md +++ /dev/null @@ -1,125 +0,0 @@ -## Isolated CPU affinity transition - -The introduction of the kernel commit 46a87b3851f0d6eb05e6d83d5c5a30df0eca8f76 -in 5.7 has affected a deterministic scheduling behavior by distributing tasks -across CPU cores within a cgroups cpuset. It means that `runc exec` might be -impacted under some circumstances, by example when a container has been -created within a cgroup cpuset entirely composed of isolated CPU cores -usually sets either with `nohz_full` and/or `isolcpus` kernel boot parameters. - -Some containerized real-time applications are relying on this deterministic -behavior and uses the first CPU core to run a slow thread while other CPU -cores are fully used by the real-time threads with SCHED_FIFO policy. -Such applications can prevent runc process from joining a container when the -runc process is randomly scheduled on a CPU core owned by a real-time thread. - -Runc introduces a way to restore this behavior by adding the following -annotation to the container runtime spec (`config.json`): - -`org.opencontainers.runc.exec.isolated-cpu-affinity-transition` - -This annotation can take one of those values: - -* `temporary` to temporarily set the runc process CPU affinity to the first -isolated CPU core of the container cgroup cpuset. -* `definitive`: to definitively set the runc process CPU affinity to the first -isolated CPU core of the container cgroup cpuset. - -For example: - -```json - "annotations": { - "org.opencontainers.runc.exec.isolated-cpu-affinity-transition": "temporary" - } -``` - -__WARNING:__ `definitive` requires a kernel >= 6.2, also works with RHEL 9 and -above. - -### How it works? - -When enabled and during `runc exec`, runc is looking for the `nohz_full` kernel -boot parameter value and considers the CPUs in the list as isolated, it doesn't -look for `isolcpus` boot parameter, it just assumes that `isolcpus` value is -identical to `nohz_full` when specified. If `nohz_full` parameter is not found, -runc also attempts to read the list from `/sys/devices/system/cpu/nohz_full`. - -Once it gets the isolated CPU list, it returns an eligible CPU core within the -container cgroup cpuset based on those heuristics: - -* when there is not cpuset cores: no eligible CPU -* when there is not isolated cores: no eligible CPU -* when cpuset cores are not in isolated core list: no eligible CPU -* when cpuset cores are all isolated cores: return the first CPU of the cpuset -* when cpuset cores are mixed between housekeeping/isolated cores: return the - first housekeeping CPU not in isolated CPUs. - -The returned CPU core is then used to set the `runc init` CPU affinity before -the container cgroup cpuset transition. - -#### Transition example - -`nohz_full` has the isolated cores `4-7`. A container has been created with -the cgroup cpuset `4-7` to only run on the isolated CPU cores 4 to 7. -`runc exec` is called by a process with CPU affinity set to `0-3` - -* with `temporary` transition: - - runc exec (affinity 0-3) -> runc init (affinity 4) -> container process (affinity 4-7) - -* with `definitive` transition: - - runc exec (affinity 0-3) -> runc init (affinity 4) -> container process (affinity 4) - -The difference between `temporary` and `definitive` is the container process -affinity, `definitive` will constraint the container process to run on the -first isolated CPU core of the cgroup cpuset, while `temporary` restore the -CPU affinity to match the container cgroup cpuset. - -`definitive` transition might be helpful when `nohz_full` is used without -`isolcpus` to avoid runc and container process to be a noisy neighbour for -real-time applications. - -### How to use it with Kubernetes? - -Kubernetes doesn't manage container directly, instead it uses the Container Runtime -Interface (CRI) to communicate with a software implementing this interface and responsible -to manage the lifecycle of containers. There are popular CRI implementations like Containerd -and CRI-O. Those implementations allows to pass pod annotations to the container runtime -via the container runtime spec. Currently runc is the runtime used by default for both. - -#### Containerd configuration - -Containerd CRI uses runc by default but requires an extra step to pass the annotation to runc. -You have to whitelist `org.opencontainers.runc.exec.isolated-cpu-affinity-transition` as a pod -annotation allowed to be passed to the container runtime in `/etc/containerd/config.toml`: - -```toml -[plugins."io.containerd.grpc.v1.cri".containerd] - default_runtime_name = "runc" - [plugins."io.containerd.grpc.v1.cri".containerd.runtimes] - [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc] - runtime_type = "io.containerd.runc.v2" - base_runtime_spec = "/etc/containerd/cri-base.json" - pod_annotations = ["org.opencontainers.runc.exec.isolated-cpu-affinity-transition"] -``` - -#### CRI-O configuration - -CRI-O doesn't require any extra step, however some annotations could be excluded by -configuration. - -#### Pod deployment example - -```yaml -apiVersion: v1 -kind: Pod -metadata: - name: demo-pod - annotations: - org.opencontainers.runc.exec.isolated-cpu-affinity-transition: "temporary" -spec: - containers: - - name: demo - image: registry.com/demo:latest -``` diff --git a/features.go b/features.go index 53b5ae38b94..b636466bfe4 100644 --- a/features.go +++ b/features.go @@ -68,7 +68,6 @@ var featuresCommand = cli.Command{ "bundle", "org.systemd.property.", // prefix form "org.criu.config", - "org.opencontainers.runc.exec.isolated-cpu-affinity-transition", }, } diff --git a/libcontainer/cgroups/cgroups.go b/libcontainer/cgroups/cgroups.go index fa72f2eac2d..811f2d26e00 100644 --- a/libcontainer/cgroups/cgroups.go +++ b/libcontainer/cgroups/cgroups.go @@ -72,8 +72,4 @@ type Manager interface { // OOMKillCount reports OOM kill count for the cgroup. OOMKillCount() (uint64, error) - - // GetEffectiveCPUs returns the effective CPUs of the cgroup, an empty - // value means that the cgroups cpuset subsystem/controller is not enabled. - GetEffectiveCPUs() string } diff --git a/libcontainer/cgroups/fs/fs.go b/libcontainer/cgroups/fs/fs.go index 723d18b7637..d2decb127ca 100644 --- a/libcontainer/cgroups/fs/fs.go +++ b/libcontainer/cgroups/fs/fs.go @@ -4,8 +4,6 @@ import ( "errors" "fmt" "os" - "path/filepath" - "strings" "sync" "golang.org/x/sys/unix" @@ -265,28 +263,3 @@ func (m *Manager) OOMKillCount() (uint64, error) { return c, err } - -func (m *Manager) GetEffectiveCPUs() string { - return GetEffectiveCPUs(m.Path("cpuset"), m.cgroups) -} - -func GetEffectiveCPUs(cpusetPath string, cgroups *configs.Cgroup) string { - // Fast path. - if cgroups.CpusetCpus != "" { - return cgroups.CpusetCpus - } else if !strings.HasPrefix(cpusetPath, defaultCgroupRoot) { - return "" - } - - // Iterates until it goes to the cgroup root path. - // It's required for containers in which cpuset controller - // is not enabled, in this case a parent cgroup is used. - for path := cpusetPath; path != defaultCgroupRoot; path = filepath.Dir(path) { - cpus, err := fscommon.GetCgroupParamString(path, "cpuset.effective_cpus") - if err == nil { - return cpus - } - } - - return "" -} diff --git a/libcontainer/cgroups/fs2/fs2.go b/libcontainer/cgroups/fs2/fs2.go index 87c89e8a129..b1be7df5ccc 100644 --- a/libcontainer/cgroups/fs2/fs2.go +++ b/libcontainer/cgroups/fs2/fs2.go @@ -4,13 +4,11 @@ import ( "errors" "fmt" "os" - "path/filepath" "strings" "github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/cgroups/fscommon" "github.com/opencontainers/runc/libcontainer/configs" - "github.com/opencontainers/runc/libcontainer/utils" ) type parseError = fscommon.ParseError @@ -34,9 +32,6 @@ func NewManager(config *configs.Cgroup, dirPath string) (*Manager, error) { if err != nil { return nil, err } - } else { - // Clean path for safety. - dirPath = utils.CleanPath(dirPath) } m := &Manager{ @@ -321,26 +316,3 @@ func CheckMemoryUsage(dirPath string, r *configs.Resources) error { return nil } - -func (m *Manager) GetEffectiveCPUs() string { - // Fast path. - if m.config.CpusetCpus != "" { - return m.config.CpusetCpus - } else if !strings.HasPrefix(m.dirPath, UnifiedMountpoint) { - return "" - } - - // Iterates until it goes outside of the cgroup root path. - // It's required for containers in which cpuset controller - // is not enabled, in this case a parent cgroup is used. - outsidePath := filepath.Dir(UnifiedMountpoint) - - for path := m.dirPath; path != outsidePath; path = filepath.Dir(path) { - cpus, err := fscommon.GetCgroupParamString(path, "cpuset.cpus.effective") - if err == nil { - return cpus - } - } - - return "" -} diff --git a/libcontainer/cgroups/systemd/v1.go b/libcontainer/cgroups/systemd/v1.go index e04e35682cd..8c64a5887a9 100644 --- a/libcontainer/cgroups/systemd/v1.go +++ b/libcontainer/cgroups/systemd/v1.go @@ -411,7 +411,3 @@ func (m *LegacyManager) Exists() bool { func (m *LegacyManager) OOMKillCount() (uint64, error) { return fs.OOMKillCount(m.Path("memory")) } - -func (m *LegacyManager) GetEffectiveCPUs() string { - return fs.GetEffectiveCPUs(m.Path("cpuset"), m.cgroups) -} diff --git a/libcontainer/cgroups/systemd/v2.go b/libcontainer/cgroups/systemd/v2.go index 2c4a8c4c3ac..b28ec6b22f2 100644 --- a/libcontainer/cgroups/systemd/v2.go +++ b/libcontainer/cgroups/systemd/v2.go @@ -514,7 +514,3 @@ func (m *UnifiedManager) Exists() bool { func (m *UnifiedManager) OOMKillCount() (uint64, error) { return m.fsMgr.OOMKillCount() } - -func (m *UnifiedManager) GetEffectiveCPUs() string { - return m.fsMgr.GetEffectiveCPUs() -} diff --git a/libcontainer/cgroups/utils.go b/libcontainer/cgroups/utils.go index 8bec8c36f16..d303cf204c9 100644 --- a/libcontainer/cgroups/utils.go +++ b/libcontainer/cgroups/utils.go @@ -136,18 +136,18 @@ func GetAllSubsystems() ([]string, error) { return subsystems, nil } -func readProcsFile(dir string) ([]int, error) { - f, err := OpenFile(dir, CgroupProcesses, os.O_RDONLY) +func readProcsFile(dir string) (out []int, _ error) { + file := CgroupProcesses + retry := true + +again: + f, err := OpenFile(dir, file, os.O_RDONLY) if err != nil { return nil, err } defer f.Close() - var ( - s = bufio.NewScanner(f) - out = []int{} - ) - + s := bufio.NewScanner(f) for s.Scan() { if t := s.Text(); t != "" { pid, err := strconv.Atoi(t) @@ -157,6 +157,13 @@ func readProcsFile(dir string) ([]int, error) { out = append(out, pid) } } + if errors.Is(s.Err(), unix.ENOTSUP) && retry { + // For a threaded cgroup, read returns ENOTSUP, and we should + // read from cgroup.threads instead. + file = "cgroup.threads" + retry = false + goto again + } return out, s.Err() } diff --git a/libcontainer/container_linux_test.go b/libcontainer/container_linux_test.go index c76178d808a..99908376562 100644 --- a/libcontainer/container_linux_test.go +++ b/libcontainer/container_linux_test.go @@ -69,10 +69,6 @@ func (m *mockCgroupManager) GetFreezerState() (configs.FreezerState, error) { return configs.Thawed, nil } -func (m *mockCgroupManager) GetEffectiveCPUs() string { - return "" -} - type mockProcess struct { _pid int started uint64 diff --git a/libcontainer/process_linux.go b/libcontainer/process_linux.go index be824962640..3c3e797661a 100644 --- a/libcontainer/process_linux.go +++ b/libcontainer/process_linux.go @@ -1,13 +1,11 @@ package libcontainer import ( - "bytes" "context" "encoding/json" "errors" "fmt" "io" - "io/fs" "net" "os" "os/exec" @@ -23,12 +21,10 @@ import ( "github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/cgroups/fs2" - "github.com/opencontainers/runc/libcontainer/cgroups/systemd" "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/intelrdt" "github.com/opencontainers/runc/libcontainer/logs" "github.com/opencontainers/runc/libcontainer/system" - "github.com/opencontainers/runc/libcontainer/system/kernelparam" "github.com/opencontainers/runc/libcontainer/userns" "github.com/opencontainers/runc/libcontainer/utils" ) @@ -137,58 +133,8 @@ func (p *setnsProcess) start() (retErr error) { // get the "before" value of oom kill count oom, _ := p.manager.OOMKillCount() - - // When greater or equal to zero, it will set a temporary single CPU - // affinity before cgroup cpuset transition, this handles a corner - // case when joining a container having all the processes running - // exclusively on isolated CPU cores to force the kernel to schedule - // runc process on the first CPU core within the cgroups cpuset. - // The introduction of the kernel commit 46a87b3851f0d6eb05e6d83d5c5a30df0eca8f76 - // in 5.7 has affected this deterministic scheduling behavior by - // distributing tasks across CPU cores within the cgroups cpuset. - // Some intensive real-time application are relying on this - // deterministic behavior and use the first CPU core to run a slow - // thread while other CPU cores are fully used by real-time threads - // with SCHED_FIFO policy. Such applications prevent runc process - // from joining a container when the runc process is randomly - // scheduled on a CPU core owned by a real-time thread. - cpuAffinity := -1 - resetCPUAffinity := true - - if len(p.manager.GetPaths()) > 0 { - // Get the target container cgroup. - if cg, err := p.manager.GetCgroups(); err != nil { - // Close the pipe to not be blocked in the parent. - p.comm.closeChild() - return fmt.Errorf("getting container cgroups: %w", err) - } else if cg.CpusetCpus != "" { - definitive := false - - _, annotations := utils.Annotations(p.config.Config.Labels) - cpuAffinity, definitive, err = isolatedCPUAffinityTransition( - os.DirFS("/"), - cg.CpusetCpus, - annotations, - ) - if err != nil { - // Close the pipe to not be blocked in the parent. - p.comm.closeChild() - return fmt.Errorf("getting CPU affinity: %w", err) - } else if definitive { - resetCPUAffinity = false - } - } - } - - var err error - - if cpuAffinity < 0 { - err = p.cmd.Start() - } else { - err = startCommandWithCPUAffinity(p.cmd, cpuAffinity) - } - - // Close the write-side of the pipes (controlled by child). + err := p.cmd.Start() + // close the child-side of the pipes (controlled by child) p.comm.closeChild() if err != nil { return fmt.Errorf("error starting setns process: %w", err) @@ -247,18 +193,6 @@ func (p *setnsProcess) start() (retErr error) { } } } - - if resetCPUAffinity { - // Fix the container process CPU affinity to match container cgroup cpuset, - // since kernel 6.2, the runc CPU affinity might affect the container process - // CPU affinity after cgroup cpuset transition, by example if runc is running - // with CPU affinity 0-1 and container process has cpuset.cpus set to 1-2, the - // resulting container process CPU affinity will be 1 instead of 1-2. - if err := fixProcessCPUAffinity(p.pid(), p.manager); err != nil { - return fmt.Errorf("error resetting container process CPU affinity: %w", err) - } - } - if p.intelRdtPath != "" { // if Intel RDT "resource control" filesystem path exists _, err := os.Stat(p.intelRdtPath) @@ -819,14 +753,6 @@ func (p *initProcess) start() (retErr error) { if err := p.manager.Set(p.config.Config.Cgroups.Resources); err != nil { return fmt.Errorf("error setting cgroup config for procHooks process: %w", err) } - // Reset container process CPU affinity to match container cgroup cpuset, - // since kernel 6.2, the runc CPU affinity might affect the container process - // CPU affinity after cgroup cpuset transition, by example if runc is running - // with CPU affinity 0-1 and container process has cpuset.cpus set to 1-2, the - // resulting container process CPU affinity will be 1 instead of 1-2. - if err := fixProcessCPUAffinity(p.pid(), p.manager); err != nil { - return fmt.Errorf("error resetting container process CPU affinity: %w", err) - } if p.intelRdtManager != nil { if err := p.intelRdtManager.Set(p.config.Config); err != nil { return fmt.Errorf("error setting Intel RDT config for procHooks process: %w", err) @@ -1078,196 +1004,5 @@ func setIOPriority(ioprio *configs.IOPriority) error { if errno != 0 { return fmt.Errorf("failed to set io priority: %w", errno) } - - return nil -} - -// isolatedCPUAffinityTransition returns a CPU affinity if necessary based on heuristics -// and org.opencontainers.runc.exec.isolated-cpu-affinity-transition annotation value. -func isolatedCPUAffinityTransition(rootFS fs.FS, cpusetList string, annotations map[string]string) (int, bool, error) { - const ( - isolatedCPUAffinityTransitionAnnotation = "org.opencontainers.runc.exec.isolated-cpu-affinity-transition" - nohzFullParam = "nohz_full" - ) - - definitive := false - - transition := annotations[isolatedCPUAffinityTransitionAnnotation] - switch transition { - case "temporary": - case "definitive": - definitive = true - default: - if transition != "" { - return -1, false, fmt.Errorf( - "unknown transition value %q for annotation %s", - transition, isolatedCPUAffinityTransitionAnnotation, - ) - } - return -1, false, nil - } - - kernelParams, err := kernelparam.LookupKernelBootParameters( - rootFS, - nohzFullParam, - ) - if err != nil { - // If /proc/cmdline does not exist or isn't readable, continue to read - // nohz_full from sysfs below. - if !errors.Is(err, os.ErrNotExist) && !errors.Is(err, os.ErrPermission) { - return -1, false, err - } - } - - // First get nohz_full value from kernel boot params, if not - // present, get the value from sysfs, to cover the case where - // CONFIG_NO_HZ_FULL_ALL is set, it also makes the integration - // tests not dependent on /sys/devices/system/cpu/nohz_full. - isolatedList := kernelParams[nohzFullParam] - if isolatedList == "" { - // Get the isolated CPU list, the error is not checked here because - // no matter what the error is, it returns without error the same way - // as with empty data. - isolatedData, _ := fs.ReadFile(rootFS, "sys/devices/system/cpu/nohz_full") - isolatedList = string(bytes.TrimSpace(isolatedData)) - if isolatedList == "" || isolatedList == "(null)" { - return -1, false, nil - } - } - - cpu, err := getEligibleCPU(cpusetList, isolatedList) - if err != nil { - return -1, false, fmt.Errorf("getting eligible cpu: %w", err) - } else if cpu == -1 { - definitive = false - } - - return cpu, definitive, nil -} - -// getEligibleCPU returns the first eligible CPU for CPU affinity before -// entering in a cgroup cpuset: -// - when there is not cpuset cores: no eligible CPU (-1) -// - when there is not isolated cores: no eligible CPU (-1) -// - when cpuset cores are not in isolated cores: no eligible CPU (-1) -// - when cpuset cores are all isolated cores: return the first CPU of the cpuset -// - when cpuset cores are mixed between housekeeping/isolated cores: return the -// first housekeeping CPU not in isolated CPUs. -func getEligibleCPU(cpusetList, isolatedList string) (int, error) { - if isolatedList == "" || cpusetList == "" { - return -1, nil - } - - // The target container has a cgroup cpuset, get the bit range. - cpusetBits, err := systemd.RangeToBits(cpusetList) - if err != nil { - return -1, fmt.Errorf("parsing cpuset cpus list %s: %w", cpusetList, err) - } - - isolatedBits, err := systemd.RangeToBits(isolatedList) - if err != nil { - return -1, fmt.Errorf("parsing isolated cpus list %s: %w", isolatedList, err) - } - - eligibleCore := -1 - isolatedCores := 0 - - // Start from cpu core #0. - currentCore := 0 - // Handle mixed sets. - mixed := false - - // CPU core start from the first slice element and bits are read - // from the least to the most significant bit. - for byteRange := 0; byteRange < len(cpusetBits); byteRange++ { - if byteRange >= len(isolatedBits) { - // No more isolated cores. - break - } - for bit := 0; bit < 8; bit++ { - if cpusetBits[byteRange]&(1< 0 { - return eligibleCore, nil - } - } - currentCore++ - } - } - - // We have an eligible CPU if there is at least one isolated CPU in the cpuset. - if isolatedCores == 0 { - return -1, nil - } - - return eligibleCore, nil -} - -// startCommandWithCPUAffinity starts a command on a specific CPU if set. -func startCommandWithCPUAffinity(cmd *exec.Cmd, cpuAffinity int) error { - errCh := make(chan error) - defer close(errCh) - - // Use a goroutine to dedicate an OS thread. - go func() { - cpuSet := new(unix.CPUSet) - cpuSet.Zero() - cpuSet.Set(cpuAffinity) - - // Don't call runtime.UnlockOSThread to terminate the OS thread - // when goroutine exits. - runtime.LockOSThread() - - // Command inherits the CPU affinity. - if err := unix.SchedSetaffinity(unix.Gettid(), cpuSet); err != nil { - errCh <- fmt.Errorf("setting os thread CPU affinity: %w", err) - return - } - - errCh <- cmd.Start() - }() - - return <-errCh -} - -// fixProcessCPUAffinity sets the CPU affinity of a container process -// to all CPUs allowed by container cgroup cpuset. -func fixProcessCPUAffinity(pid int, manager cgroups.Manager) error { - cpusetList := manager.GetEffectiveCPUs() - if cpusetList == "" { - // If the cgroup cpuset is not present, the container will inherit - // this process CPU affinity, so it can return without further actions. - return nil - } - - cpusetBits, err := systemd.RangeToBits(cpusetList) - if err != nil { - return fmt.Errorf("parsing cpuset cpus list %s: %w", cpusetList, err) - } - - processCPUSet := new(unix.CPUSet) - - for byteRange := 0; byteRange < len(cpusetBits); byteRange++ { - for bit := 0; bit < 8; bit++ { - processCPUSet.Set(byteRange*8 + bit) - } - } - - if err := unix.SchedSetaffinity(pid, processCPUSet); err != nil { - return fmt.Errorf("setting process PID %d CPU affinity: %w", pid, err) - } - return nil } diff --git a/libcontainer/process_linux_test.go b/libcontainer/process_linux_test.go deleted file mode 100644 index 8303643967b..00000000000 --- a/libcontainer/process_linux_test.go +++ /dev/null @@ -1,232 +0,0 @@ -package libcontainer - -import ( - "io/fs" - "testing" - "testing/fstest" -) - -func TestIsolatedCPUAffinityTransition(t *testing.T) { - const isolatedCPUAffinityTransitionAnnotation = "org.opencontainers.runc.exec.isolated-cpu-affinity-transition" - - noAffinity := -1 - temporaryTransition := "temporary" - definitiveTransition := "definitive" - - tests := []struct { - name string - testFS fs.FS - cpuset string - expectedErr bool - expectedAffinityCore int - expectedDefinitiveTransition bool - annotations map[string]string - }{ - { - name: "no affinity", - cpuset: "0-15", - testFS: fstest.MapFS{ - "sys/devices/system/cpu/nohz_full": &fstest.MapFile{Data: []byte("0-4\n")}, - }, - expectedAffinityCore: noAffinity, - expectedDefinitiveTransition: false, - }, - { - name: "affinity match with temporary transition", - cpuset: "3-4", - testFS: fstest.MapFS{ - "sys/devices/system/cpu/nohz_full": &fstest.MapFile{Data: []byte("0-4\n")}, - }, - expectedAffinityCore: 3, - expectedDefinitiveTransition: false, - annotations: map[string]string{ - isolatedCPUAffinityTransitionAnnotation: temporaryTransition, - }, - }, - { - name: "affinity match with temporary transition and nohz_full boot param", - cpuset: "3-4", - testFS: fstest.MapFS{ - "proc/cmdline": &fstest.MapFile{Data: []byte("nohz_full=0-4\n")}, - }, - expectedAffinityCore: 3, - expectedDefinitiveTransition: false, - annotations: map[string]string{ - isolatedCPUAffinityTransitionAnnotation: temporaryTransition, - }, - }, - { - name: "affinity match with definitive transition", - cpuset: "3-4", - testFS: fstest.MapFS{ - "sys/devices/system/cpu/nohz_full": &fstest.MapFile{Data: []byte("0-4\n")}, - }, - expectedAffinityCore: 3, - expectedDefinitiveTransition: true, - annotations: map[string]string{ - isolatedCPUAffinityTransitionAnnotation: definitiveTransition, - }, - }, - { - name: "affinity match with definitive transition and nohz_full boot param", - cpuset: "3-4", - testFS: fstest.MapFS{ - "proc/cmdline": &fstest.MapFile{Data: []byte("nohz_full=0-4\n")}, - }, - expectedAffinityCore: 3, - expectedDefinitiveTransition: true, - annotations: map[string]string{ - isolatedCPUAffinityTransitionAnnotation: definitiveTransition, - }, - }, - { - name: "affinity error with bad isolated set", - cpuset: "0-15", - testFS: fstest.MapFS{ - "sys/devices/system/cpu/nohz_full": &fstest.MapFile{Data: []byte("bad_isolated_set\n")}, - }, - expectedErr: true, - expectedAffinityCore: noAffinity, - annotations: map[string]string{ - isolatedCPUAffinityTransitionAnnotation: temporaryTransition, - }, - }, - { - name: "affinity error with bad isolated set for nohz_full boot param", - cpuset: "0-15", - testFS: fstest.MapFS{ - "proc/cmdline": &fstest.MapFile{Data: []byte("nohz_full=bad_isolated_set\n")}, - }, - expectedErr: true, - expectedAffinityCore: noAffinity, - annotations: map[string]string{ - isolatedCPUAffinityTransitionAnnotation: temporaryTransition, - }, - }, - { - name: "no affinity with null isolated set value", - cpuset: "0-15", - testFS: fstest.MapFS{ - "sys/devices/system/cpu/nohz_full": &fstest.MapFile{Data: []byte("(null)\n")}, - }, - expectedAffinityCore: noAffinity, - expectedDefinitiveTransition: false, - annotations: map[string]string{ - isolatedCPUAffinityTransitionAnnotation: temporaryTransition, - }, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - affinityCore, definitive, err := isolatedCPUAffinityTransition(tt.testFS, tt.cpuset, tt.annotations) - if err != nil && !tt.expectedErr { - t.Fatalf("unexpected error: %s", err) - } else if err == nil && tt.expectedErr { - t.Fatalf("unexpected success") - } else if tt.expectedDefinitiveTransition != definitive { - t.Fatalf("expected reset affinity %t: got %t instead", tt.expectedDefinitiveTransition, definitive) - } else if tt.expectedAffinityCore != affinityCore { - t.Fatalf("expected affinity core %d: got %d instead", tt.expectedAffinityCore, affinityCore) - } - }) - } -} - -func TestGetEligibleCPU(t *testing.T) { - tests := []struct { - name string - cpuset string - isolset string - expectedErr bool - expectedAffinityCore int - expectedEligible bool - }{ - { - name: "no cpuset", - isolset: "2-15,18-31,34-47", - expectedEligible: false, - }, - { - name: "no isolated set", - cpuset: "0-15", - expectedEligible: false, - }, - { - name: "bad cpuset format", - cpuset: "core0 to core15", - isolset: "2-15,18-31,34-47", - expectedErr: true, - }, - { - name: "bad isolated set format", - cpuset: "0-15", - isolset: "core0 to core15", - expectedErr: true, - }, - { - name: "no eligible core", - cpuset: "0-1,16-17,32-33", - isolset: "2-15,18-31,34-47", - expectedEligible: false, - }, - { - name: "no eligible core inverted", - cpuset: "2-15,18-31,34-47", - isolset: "0-1,16-17,32-33", - expectedEligible: false, - }, - { - name: "eligible core mixed", - cpuset: "8-31", - isolset: "2-15,18-31,34-47", - expectedEligible: true, - expectedAffinityCore: 16, - }, - { - name: "eligible core #4", - cpuset: "4-7", - isolset: "2-15,18-31,34-47", - expectedEligible: true, - expectedAffinityCore: 4, - }, - { - name: "eligible core #40", - cpuset: "40-47", - isolset: "2-15,18-31,34-47", - expectedEligible: true, - expectedAffinityCore: 40, - }, - { - name: "eligible core #24", - cpuset: "24-31", - isolset: "2-15,18-31,34-47", - expectedEligible: true, - expectedAffinityCore: 24, - }, - { - name: "no eligible core small isolated set", - cpuset: "60-63", - isolset: "0-1", - expectedEligible: false, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - affinityCore, err := getEligibleCPU(tt.cpuset, tt.isolset) - eligible := affinityCore >= 0 - if err != nil && !tt.expectedErr { - t.Fatalf("unexpected error: %s", err) - } else if err == nil && tt.expectedErr { - t.Fatalf("unexpected success") - } else if tt.expectedEligible && !eligible { - t.Fatalf("was expecting eligible core but no eligible core returned") - } else if !tt.expectedEligible && eligible { - t.Fatalf("was not expecting eligible core but got eligible core") - } else if tt.expectedEligible && tt.expectedAffinityCore != affinityCore { - t.Fatalf("expected affinity core %d: got %d instead", tt.expectedAffinityCore, affinityCore) - } - }) - } -} diff --git a/libcontainer/system/kernelparam/lookup.go b/libcontainer/system/kernelparam/lookup.go deleted file mode 100644 index 4cf452412ff..00000000000 --- a/libcontainer/system/kernelparam/lookup.go +++ /dev/null @@ -1,41 +0,0 @@ -package kernelparam - -import ( - "io/fs" - "strings" -) - -func runeFilter(c rune) bool { - return c < '!' || c > '~' -} - -// LookupKernelBootParameters returns the selected kernel parameters specified -// in the kernel command line. The parameters are returned as a map of key-value pairs. -func LookupKernelBootParameters(rootFS fs.FS, lookupParameters ...string) (map[string]string, error) { - cmdline, err := fs.ReadFile(rootFS, "proc/cmdline") - if err != nil { - return nil, err - } - - kernelParameters := make(map[string]string) - remaining := len(lookupParameters) - - for _, parameter := range strings.FieldsFunc(string(cmdline), runeFilter) { - if remaining == 0 { - break - } - idx := strings.IndexByte(parameter, '=') - if idx == -1 { - continue - } - for _, lookupParam := range lookupParameters { - if lookupParam == parameter[:idx] { - kernelParameters[lookupParam] = parameter[idx+1:] - remaining-- - break - } - } - } - - return kernelParameters, nil -} diff --git a/libcontainer/system/kernelparam/lookup_test.go b/libcontainer/system/kernelparam/lookup_test.go deleted file mode 100644 index 9d906301eb4..00000000000 --- a/libcontainer/system/kernelparam/lookup_test.go +++ /dev/null @@ -1,60 +0,0 @@ -package kernelparam - -import ( - "testing" - "testing/fstest" -) - -func TestLookupKernelBootParameters(t *testing.T) { - for _, test := range []struct { - cmdline string - lookupParameters []string - expectedKernelParameters map[string]string - }{ - { - cmdline: "root=/dev/sda1 ro console=ttyS0 console=tty0", - lookupParameters: []string{"root"}, - expectedKernelParameters: map[string]string{ - "root": "/dev/sda1", - }, - }, - { - cmdline: "ro runc.kernel_parameter=a_value console=ttyS0 console=tty0", - lookupParameters: []string{"runc.kernel_parameter"}, - expectedKernelParameters: map[string]string{ - "runc.kernel_parameter": "a_value", - }, - }, - { - cmdline: "ro runc.kernel_parameter_a=value_a runc.kernel_parameter_b=value_a:value_b", - lookupParameters: []string{ - "runc.kernel_parameter_a", - "runc.kernel_parameter_b", - }, - expectedKernelParameters: map[string]string{ - "runc.kernel_parameter_a": "value_a", - "runc.kernel_parameter_b": "value_a:value_b", - }, - }, - { - cmdline: "root=/dev/sda1 ro console=ttyS0 console=tty0", - lookupParameters: []string{"runc.kernel_parameter_a"}, - expectedKernelParameters: map[string]string{}, - }, - } { - params, err := LookupKernelBootParameters(fstest.MapFS{ - "proc/cmdline": &fstest.MapFile{Data: []byte(test.cmdline + "\n")}, - }, test.lookupParameters...) - if err != nil { - t.Fatalf("unexpected error: %s", err) - } - if len(params) != len(test.expectedKernelParameters) { - t.Fatalf("expected %d parameters, got %d", len(test.expectedKernelParameters), len(params)) - } - for k, v := range test.expectedKernelParameters { - if params[k] != v { - t.Fatalf("expected parameter %s to be %s, got %s", k, v, params[k]) - } - } - } -} diff --git a/tests/integration/exec.bats b/tests/integration/exec.bats index c0ea7f5dce6..a92a237809d 100644 --- a/tests/integration/exec.bats +++ b/tests/integration/exec.bats @@ -340,139 +340,3 @@ EOF [ ${#lines[@]} -eq 1 ] [[ ${lines[0]} = *"exec /run.sh: no such file or directory"* ]] } - -@test "runc exec with isolated cpus affinity temporary transition [cgroup cpuset]" { - requires root cgroups_cpuset - - tmp=$(mktemp -d "$BATS_RUN_TMPDIR/runc.XXXXXX") - - set_cgroup_cpuset_all_cpus - local all_cpus - all_cpus="$(get_all_online_cpus)" - - # set temporary isolated CPU affinity transition - update_config '.annotations += {"org.opencontainers.runc.exec.isolated-cpu-affinity-transition": "temporary"}' - - runc run -d --console-socket "$CONSOLE_SOCKET" test_isolated_temporary_transition - [ "$status" -eq 0 ] - - # set all online cpus as isolated - echo "nohz_full=$all_cpus" >"$tmp/cmdline" - - mount --bind "$tmp/cmdline" /proc/cmdline - - runc exec test_isolated_temporary_transition grep "Cpus_allowed_list:" /proc/self/status - - umount /proc/cmdline - - [ "$status" -eq 0 ] - [[ "${lines[0]}" == "Cpus_allowed_list: $all_cpus" ]] -} - -@test "runc exec with isolated cpus affinity definitive transition [cgroup cpuset]" { - requires root cgroups_cpuset - - tmp=$(mktemp -d "$BATS_RUN_TMPDIR/runc.XXXXXX") - - set_cgroup_cpuset_all_cpus - local all_cpus - all_cpus="$(get_all_online_cpus)" - - # set definitive isolated CPU affinity transition - update_config '.annotations += {"org.opencontainers.runc.exec.isolated-cpu-affinity-transition": "definitive"}' - - runc run -d --console-socket "$CONSOLE_SOCKET" test_isolated_definitive_transition - [ "$status" -eq 0 ] - - # set all online cpus as isolated - echo "nohz_full=$all_cpus" >"$tmp/cmdline" - - mount --bind "$tmp/cmdline" /proc/cmdline - - runc exec test_isolated_definitive_transition grep "Cpus_allowed_list:" /proc/self/status - - umount /proc/cmdline - - [ "$status" -eq 0 ] - - load /etc/os-release - - # fix unbound variable in condition below - VERSION_ID=${VERSION_ID:-} - - allowed_cpus=$all_cpus - # use first cpu on systems with RHEL >= 9 or systems with kernel >= 6.2 - if [[ "${ID_LIKE:-}" =~ "rhel" && "${VERSION_ID%%.*}" -ge "9" ]] || is_kernel_gte 6.2; then - allowed_cpus="$(get_first_online_cpu)" - fi - - [[ "${lines[0]}" == "Cpus_allowed_list: $allowed_cpus" ]] -} - -@test "runc exec with isolated cpus affinity bad transition [cgroup cpuset]" { - requires root cgroups_cpuset - - tmp=$(mktemp -d "$BATS_RUN_TMPDIR/runc.XXXXXX") - - set_cgroup_cpuset_all_cpus - local all_cpus - all_cpus="$(get_all_online_cpus)" - - # set a bad isolated CPU affinity transition - update_config '.annotations += {"org.opencontainers.runc.exec.isolated-cpu-affinity-transition": "bad"}' - - runc run -d --console-socket "$CONSOLE_SOCKET" test_isolated_bad_transition - [ "$status" -eq 0 ] - - # set all online cpus as isolated - echo "nohz_full=$all_cpus" >"$tmp/cmdline" - - mount --bind "$tmp/cmdline" /proc/cmdline - - runc exec test_isolated_bad_transition true - - umount /proc/cmdline - - [ "$status" -eq 255 ] -} - -@test "runc exec with taskset affinity [cgroup cpuset]" { - requires root cgroups_cpuset - - set_cgroup_cpuset_all_cpus - local all_cpus - all_cpus="$(get_all_online_cpus)" - - taskset -p -c "$(get_first_online_cpu)" $$ - - runc run -d --console-socket "$CONSOLE_SOCKET" test_with_taskset - [ "$status" -eq 0 ] - - runc exec test_with_taskset grep "Cpus_allowed_list:" /proc/1/status - [ "$status" -eq 0 ] - [[ "${lines[0]}" == "Cpus_allowed_list: $all_cpus" ]] - - runc exec test_with_taskset grep "Cpus_allowed_list:" /proc/self/status - [ "$status" -eq 0 ] - [[ "${lines[0]}" == "Cpus_allowed_list: $all_cpus" ]] -} - -@test "runc exec with taskset affinity [rootless cgroups_v2]" { - requires rootless cgroups_v2 - - local all_cpus - all_cpus="$(get_all_online_cpus)" - - taskset -p -c "$(get_first_online_cpu)" $$ - - runc run -d --console-socket "$CONSOLE_SOCKET" test_with_taskset - [ "$status" -eq 0 ] - - runc exec test_with_taskset grep "Cpus_allowed_list:" /proc/1/status - [ "$status" -eq 0 ] - [[ "${lines[0]}" == "Cpus_allowed_list: $all_cpus" ]] - - runc exec test_with_taskset grep "Cpus_allowed_list:" /proc/self/status - [ "$status" -eq 0 ] - [[ "${lines[0]}" == "Cpus_allowed_list: $all_cpus" ]] -} diff --git a/tests/integration/helpers.bash b/tests/integration/helpers.bash index 8124abbd75c..40637bca648 100755 --- a/tests/integration/helpers.bash +++ b/tests/integration/helpers.bash @@ -354,27 +354,6 @@ function set_cgroup_mount_writable() { update_config '.mounts |= map((select(.type == "cgroup") | .options -= ["ro"]) // .)' } -# Helper function to get all online cpus. -function get_all_online_cpus() { - cat /sys/devices/system/cpu/online -} - -# Helper function to get the first online cpu. -function get_first_online_cpu() { - [[ $(get_all_online_cpus) =~ [^0-9]*([0-9]+)([-,][0-9]+)? ]] && echo "${BASH_REMATCH[1]}" -} - -# Helper function to set all cpus/mems in container cgroup cpuset. -function set_cgroup_cpuset_all_cpus() { - update_config ".linux.resources.cpu.cpus = \"$(get_all_online_cpus)\"" - - local mems - mems="$(cat /sys/devices/system/node/online 2>/dev/null || true)" - if [[ -n $mems ]]; then - update_config ".linux.resources.cpu.mems = \"$mems\"" - fi -} - # Fails the current test, providing the error given. function fail() { echo "$@" >&2 From e7294527e20c9e6e52380d5540d502b39de0a7ee Mon Sep 17 00:00:00 2001 From: lifubang Date: Mon, 10 Jun 2024 18:55:50 +0800 Subject: [PATCH 0601/1176] try to delete exec fifo file when failure in creation Signed-off-by: lifubang --- libcontainer/container_linux.go | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index ad49244a889..71dc4979a9f 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -406,7 +406,7 @@ func (c *Container) Signal(s os.Signal) error { return nil } -func (c *Container) createExecFifo() error { +func (c *Container) createExecFifo() (retErr error) { rootuid, err := c.Config().HostRootUID() if err != nil { return err @@ -423,6 +423,11 @@ func (c *Container) createExecFifo() error { if err := unix.Mkfifo(fifoName, 0o622); err != nil { return &os.PathError{Op: "mkfifo", Path: fifoName, Err: err} } + defer func() { + if retErr != nil { + os.Remove(fifoName) + } + }() // Ensure permission bits (can be different because of umask). if err := os.Chmod(fifoName, 0o622); err != nil { return err From 304a4c0fee6d1745b4154883fc37233268f3a2cc Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 6 May 2024 17:43:25 -0700 Subject: [PATCH 0602/1176] libct: createExecFifo: rm unneeded os.Stat In case file already exists, mknod(2) will return EEXIST. This os.Stat call was (inadvertently?) added by commit 805b8c73. Signed-off-by: Kir Kolyshkin --- libcontainer/container_linux.go | 3 --- 1 file changed, 3 deletions(-) diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index ad49244a889..cb68b30a209 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -417,9 +417,6 @@ func (c *Container) createExecFifo() error { } fifoName := filepath.Join(c.stateDir, execFifoFilename) - if _, err := os.Stat(fifoName); err == nil { - return fmt.Errorf("exec fifo %s already exists", fifoName) - } if err := unix.Mkfifo(fifoName, 0o622); err != nil { return &os.PathError{Op: "mkfifo", Path: fifoName, Err: err} } From e3e107257581e676208a0493a78e78ddfdbc1d59 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 6 May 2024 17:56:19 -0700 Subject: [PATCH 0603/1176] libct: fix locking in Start/Run/Exec 1. The code to call c.exec from c.Run was initially added by commit 3aacff695. At the time, there was a lock in c.Run. That lock was removed by commit bd3c4f84, which resulted in part of c.Run executing without the lock. 2. All the Start/Run/Exec calls were a mere wrappers for start/run/exec adding a lock, but some more code crept into Start at some point, e.g. by commits 805b8c73 and 108ee85b8. Since the reason mentioned in commit 805b8c73 is no longer true after refactoring, we can fix this. Fix both issues by moving code out of wrappers, and adding locking into c.Run. Signed-off-by: Kir Kolyshkin --- libcontainer/container_linux.go | 34 +++++++++++++++++---------------- 1 file changed, 18 insertions(+), 16 deletions(-) diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index cb68b30a209..7566afd25b3 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -204,28 +204,16 @@ func (c *Container) Set(config configs.Config) error { func (c *Container) Start(process *Process) error { c.m.Lock() defer c.m.Unlock() - if c.config.Cgroups.Resources.SkipDevices { - return errors.New("can't start container with SkipDevices set") - } - if process.Init { - if err := c.createExecFifo(); err != nil { - return err - } - } - if err := c.start(process); err != nil { - if process.Init { - c.deleteExecFifo() - } - return err - } - return nil + return c.start(process) } // Run immediately starts the process inside the container. Returns an error if // the process fails to start. It does not block waiting for the exec fifo // after start returns but opens the fifo after start returns. func (c *Container) Run(process *Process) error { - if err := c.Start(process); err != nil { + c.m.Lock() + defer c.m.Unlock() + if err := c.start(process); err != nil { return err } if process.Init { @@ -314,6 +302,20 @@ type openResult struct { } func (c *Container) start(process *Process) (retErr error) { + if c.config.Cgroups.Resources.SkipDevices { + return errors.New("can't start container with SkipDevices set") + } + if process.Init { + if err := c.createExecFifo(); err != nil { + return err + } + defer func() { + if retErr != nil { + c.deleteExecFifo() + } + }() + } + parent, err := c.newParentProcess(process) if err != nil { return fmt.Errorf("unable to create new parent process: %w", err) From 42cea2ecb43d7cf0637ac683d8edbc2b12013ae5 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 6 May 2024 18:18:36 -0700 Subject: [PATCH 0604/1176] libct: don't allow to start second init process By definition, every container has only 1 init (i.e. PID 1) process. Apparently, libcontainer API supported running more than 1 init, and at least one tests mistakenly used it. Let's not allow that, erroring out if we already have init. Doing otherwise _probably_ results in some confusion inside the library. Fix two cases in libct/int which ran two inits inside a container. Signed-off-by: Kir Kolyshkin --- libcontainer/container_linux.go | 3 +++ libcontainer/integration/execin_test.go | 2 -- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index 7566afd25b3..3af5da7dcd7 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -306,6 +306,9 @@ func (c *Container) start(process *Process) (retErr error) { return errors.New("can't start container with SkipDevices set") } if process.Init { + if c.initProcessStartTime != 0 { + return errors.New("container already has init process") + } if err := c.createExecFifo(); err != nil { return err } diff --git a/libcontainer/integration/execin_test.go b/libcontainer/integration/execin_test.go index c5c324130c6..b9683b76442 100644 --- a/libcontainer/integration/execin_test.go +++ b/libcontainer/integration/execin_test.go @@ -115,7 +115,6 @@ func testExecInRlimit(t *testing.T, userns bool) { // increase process rlimit higher than container rlimit to test per-process limit {Type: unix.RLIMIT_NOFILE, Hard: 1026, Soft: 1026}, }, - Init: true, } err = container.Run(ps) ok(t, err) @@ -359,7 +358,6 @@ func TestExecInEnvironment(t *testing.T) { Stdin: buffers.Stdin, Stdout: buffers.Stdout, Stderr: buffers.Stderr, - Init: true, } err = container.Run(process2) ok(t, err) From a6d46ed1a750e95abc042879aed06ab72cadf5a8 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 28 Aug 2023 19:15:22 -0700 Subject: [PATCH 0605/1176] runc exec: improve options parsing 1. Do not ask for the same option value twice. 2. For tty, we always want false, unless specified, and this is what GetBool gets us. Signed-off-by: Kir Kolyshkin --- exec.go | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/exec.go b/exec.go index 675f12fb905..0d1250b69f8 100644 --- a/exec.go +++ b/exec.go @@ -219,9 +219,9 @@ func getProcess(context *cli.Context, bundle string) (*specs.Process, error) { } p := spec.Process p.Args = context.Args()[1:] - // override the cwd, if passed - if context.String("cwd") != "" { - p.Cwd = context.String("cwd") + // Override the cwd, if passed. + if cwd := context.String("cwd"); cwd != "" { + p.Cwd = cwd } if ap := context.String("apparmor"); ap != "" { p.ApparmorProfile = ap @@ -240,17 +240,14 @@ func getProcess(context *cli.Context, bundle string) (*specs.Process, error) { // append the passed env variables p.Env = append(p.Env, context.StringSlice("env")...) - // set the tty - p.Terminal = false - if context.IsSet("tty") { - p.Terminal = context.Bool("tty") - } + // Always set tty to false, unless explicitly enabled from CLI. + p.Terminal = context.Bool("tty") if context.IsSet("no-new-privs") { p.NoNewPrivileges = context.Bool("no-new-privs") } - // override the user, if passed - if context.String("user") != "" { - u := strings.SplitN(context.String("user"), ":", 2) + // Override the user, if passed. + if user := context.String("user"); user != "" { + u := strings.SplitN(user, ":", 2) if len(u) > 1 { gid, err := strconv.Atoi(u[1]) if err != nil { From d6e427e1ea95f9012bb811ab84ece6d3bb59747a Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 28 Aug 2023 19:28:52 -0700 Subject: [PATCH 0606/1176] runc exec: avoid stuttering in error messages An error from strconv.Atoi already contains the text it fails to parse. Because of that, errors look way too verbose, e.g.: [root@kir-rhat runc-tst]# ./runc exec --user 1:1:1 2345 true ERRO[0000] exec failed: parsing 1:1 as int for gid failed: strconv.Atoi: parsing "1:1": invalid syntax With this patch, the error looks like this now: [root@kir-rhat runc]# ./runc exec --user 1:1:1 2345 true ERRO[0000] exec failed: bad gid: strconv.Atoi: parsing "1:1": invalid syntax Still not awesome, but better. Signed-off-by: Kir Kolyshkin --- exec.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/exec.go b/exec.go index 0d1250b69f8..ad8a369a5dd 100644 --- a/exec.go +++ b/exec.go @@ -251,13 +251,13 @@ func getProcess(context *cli.Context, bundle string) (*specs.Process, error) { if len(u) > 1 { gid, err := strconv.Atoi(u[1]) if err != nil { - return nil, fmt.Errorf("parsing %s as int for gid failed: %w", u[1], err) + return nil, fmt.Errorf("bad gid: %w", err) } p.User.GID = uint32(gid) } uid, err := strconv.Atoi(u[0]) if err != nil { - return nil, fmt.Errorf("parsing %s as int for uid failed: %w", u[0], err) + return nil, fmt.Errorf("bad uid: %w", err) } p.User.UID = uint32(uid) } From 2cb46c6e0df4cd0d62bebdc8242afb3330810814 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 13 Jun 2024 08:03:08 -0700 Subject: [PATCH 0607/1176] script/keyring_validate.sh: fix a typo Signed-off-by: Kir Kolyshkin --- script/keyring_validate.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/script/keyring_validate.sh b/script/keyring_validate.sh index 20a0b85618f..cb331f62e10 100755 --- a/script/keyring_validate.sh +++ b/script/keyring_validate.sh @@ -73,7 +73,7 @@ echo "------------------------------------------------------------" gpg --show-keys <"$root/$project.keyring" echo "------------------------------------------------------------" -# Check that each entry in the kering is actually a maintainer's key. +# Check that each entry in the keyring is actually a maintainer's key. while IFS="" read -d $'\0' -r block || [ -n "$block" ]; do username="$(sed -En "s|^Comment:.* github=(\w+).*|\1|p" <<<"$block")" From 4e2d7c0a6e8c07de8e389dfc5bd78767f1a8f31b Mon Sep 17 00:00:00 2001 From: lfbzhm Date: Thu, 13 Jun 2024 22:43:37 +0000 Subject: [PATCH 0608/1176] update changelog after v1.1.13 released Signed-off-by: lfbzhm --- CHANGELOG.md | 29 ++++++++++++++++++++++++++++- 1 file changed, 28 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 24997f7692c..8aef80a2b33 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,32 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 * libcontainer/cgroups users who want to manage cgroup devices need to explicitly import libcontainer/cgroups/devices. (#3452, #4248) +## [1.1.13] - 2024-06-13 + +> There is no certainty in the world. This is the only certainty I have. +### Important Notes + * If building with Go 1.22.x, make sure to use 1.22.4 or a later version. + (see #4233 for more details) + +### Fixed + + * Support go 1.22.4+. (#4313) + * runc list: fix race with runc delete. (#4231) + * Fix set nofile rlimit error. (#4277, #4299) + * libct/cg/fs: fix setting rt_period vs rt_runtime. (#4284) + * Fix a debug msg for user ns in nsexec. (#4315) + * script/*: fix gpg usage wrt keyboxd. (#4316) + * CI fixes and misc backports. (#4241) + * Fix codespell warnings. (#4300) + +### Changed + + * Silence security false positives from golang/net. (#4244) + * libcontainer: allow containers to make apps think fips is enabled/disabled for testing. (#4257) + * allow overriding VERSION value in Makefile. (#4270) + * Vagrantfile.fedora: bump Fedora to 39. (#4261) + * ci/cirrus: rm centos stream 8. (#4305, #4308) + ## [1.2.0-rc.1] - 2024-04-03 > There's a frood who really knows where his towel is. @@ -691,7 +717,8 @@ implementation (libcontainer) is *not* covered by this policy. [1.0.1]: https://github.com/opencontainers/runc/compare/v1.0.0...v1.0.1 -[Unreleased 1.1.z]: https://github.com/opencontainers/runc/compare/v1.1.12...release-1.1 +[Unreleased 1.1.z]: https://github.com/opencontainers/runc/compare/v1.1.13...release-1.1 +[1.1.13]: https://github.com/opencontainers/runc/compare/v1.1.12...v1.1.13 [1.1.12]: https://github.com/opencontainers/runc/compare/v1.1.11...v1.1.12 [1.1.11]: https://github.com/opencontainers/runc/compare/v1.1.10...v1.1.11 [1.1.10]: https://github.com/opencontainers/runc/compare/v1.1.9...v1.1.10 From ad976aa155dffa145a09dcbf8eba85b73ddb5ed6 Mon Sep 17 00:00:00 2001 From: lfbzhm Date: Wed, 19 Jun 2024 14:09:02 +0000 Subject: [PATCH 0609/1176] put the changelog of v1.1.13 after v1.2.0-rc.1 Signed-off-by: lfbzhm --- CHANGELOG.md | 54 +++++++++++++++++++++++++++------------------------- 1 file changed, 28 insertions(+), 26 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8aef80a2b33..067266a27c6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,32 +11,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 * libcontainer/cgroups users who want to manage cgroup devices need to explicitly import libcontainer/cgroups/devices. (#3452, #4248) -## [1.1.13] - 2024-06-13 - -> There is no certainty in the world. This is the only certainty I have. -### Important Notes - * If building with Go 1.22.x, make sure to use 1.22.4 or a later version. - (see #4233 for more details) - -### Fixed - - * Support go 1.22.4+. (#4313) - * runc list: fix race with runc delete. (#4231) - * Fix set nofile rlimit error. (#4277, #4299) - * libct/cg/fs: fix setting rt_period vs rt_runtime. (#4284) - * Fix a debug msg for user ns in nsexec. (#4315) - * script/*: fix gpg usage wrt keyboxd. (#4316) - * CI fixes and misc backports. (#4241) - * Fix codespell warnings. (#4300) - -### Changed - - * Silence security false positives from golang/net. (#4244) - * libcontainer: allow containers to make apps think fips is enabled/disabled for testing. (#4257) - * allow overriding VERSION value in Makefile. (#4270) - * Vagrantfile.fedora: bump Fedora to 39. (#4261) - * ci/cirrus: rm centos stream 8. (#4305, #4308) - ## [1.2.0-rc.1] - 2024-04-03 > There's a frood who really knows where his towel is. @@ -212,6 +186,34 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 [cve-2019-5736]: https://github.com/advisories/GHSA-gxmr-w5mj-v8hh +## [1.1.13] - 2024-06-13 + +> There is no certainty in the world. This is the only certainty I have. + +### Important Notes + + * If building with Go 1.22.x, make sure to use 1.22.4 or a later version. + (see #4233 for more details) + +### Fixed + + * Support go 1.22.4+. (#4313) + * runc list: fix race with runc delete. (#4231) + * Fix set nofile rlimit error. (#4277, #4299) + * libct/cg/fs: fix setting rt_period vs rt_runtime. (#4284) + * Fix a debug msg for user ns in nsexec. (#4315) + * script/*: fix gpg usage wrt keyboxd. (#4316) + * CI fixes and misc backports. (#4241) + * Fix codespell warnings. (#4300) + +### Changed + + * Silence security false positives from golang/net. (#4244) + * libcontainer: allow containers to make apps think fips is enabled/disabled for testing. (#4257) + * allow overriding VERSION value in Makefile. (#4270) + * Vagrantfile.fedora: bump Fedora to 39. (#4261) + * ci/cirrus: rm centos stream 8. (#4305, #4308) + ## [1.1.12] - 2024-01-31 > Now you're thinking with Portalsâ„¢! From d6563f6bcd1359574685ee4550e9051673d2f2ed Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 11 Jun 2024 21:15:50 -0700 Subject: [PATCH 0610/1176] MAINTAINERS: move crosbymichael to EMERITUS I talked to Michael, he says he is stepping down as a maintainer, being busy with other stuff. Thank you for all the hard work that you did! Signed-off-by: Kir Kolyshkin --- EMERITUS.md | 1 + MAINTAINERS | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/EMERITUS.md b/EMERITUS.md index 4d4cd37286f..aabcae78af6 100644 --- a/EMERITUS.md +++ b/EMERITUS.md @@ -7,5 +7,6 @@ contributions to our collective success: * Andrei Vagin (@avagin) * Rohit Jnagal (@rjnagal) * Victor Marmol (@vmarmol) + * Michael Crosby (@crosbymichael) We thank these members for their service to the OCI community. diff --git a/MAINTAINERS b/MAINTAINERS index 7a0eeebf68f..f8aca0f68d8 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -1,4 +1,3 @@ -Michael Crosby (@crosbymichael) Mrunal Patel (@mrunalp) Daniel, Dao Quang Minh (@dqminh) Qiang Huang (@hqhq) From ee601b87f9c17f07c6ba50979a781fb1c6073db1 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 24 Jun 2024 16:32:55 -0700 Subject: [PATCH 0611/1176] MAINTAINERS_GUIDE: rm chief maintainer role Since Michael Crosby is stepping down, and we don't want to nominate someone else to be a chief maintainer, let's remove the position. Signed-off-by: Kir Kolyshkin --- MAINTAINERS_GUIDE.md | 23 +++-------------------- 1 file changed, 3 insertions(+), 20 deletions(-) diff --git a/MAINTAINERS_GUIDE.md b/MAINTAINERS_GUIDE.md index 926ac969140..6aca1a27b85 100644 --- a/MAINTAINERS_GUIDE.md +++ b/MAINTAINERS_GUIDE.md @@ -70,19 +70,6 @@ Overall the maintainer system works because of mutual respect across the maintainers of the project. The maintainers trust one another to make decisions in the best interests of the project. Sometimes maintainers can disagree and this is part of a healthy project to represent the point of views of various people. -In the case where maintainers cannot find agreement on a specific change the -role of a Chief Maintainer comes into play. - -The Chief Maintainer for the project is responsible for overall architecture -of the project to maintain conceptual integrity. Large decisions and -architecture changes should be reviewed by the chief maintainer. -The current chief maintainer for the project is Michael Crosby (@crosbymichael). - -Even though the maintainer system is built on trust, if there is a conflict -with the chief maintainer on a decision, their decision can be challenged -and brought to the technical oversight board if two-thirds of the -maintainers vote for an appeal. It is expected that this would be a -very exceptional event. ### How are maintainers added? @@ -97,9 +84,8 @@ Just contributing does not make you a maintainer, it is about building trust with the current maintainers of the project and being a person that they can depend on and trust to make decisions in the best interest of the project. The final vote to add a new maintainer should be approved by over 66% of the current -maintainers with the chief maintainer having veto power. In case of a veto, -conflict resolution rules expressed above apply. The voting period is -five business days on the Pull Request to add the new maintainer. +maintainers. The voting period is five business days on the Pull Request +to add the new maintainer. ### What is expected of maintainers? @@ -111,10 +97,7 @@ issues where they are pinged. Being a maintainer is a time consuming commitment not be taken lightly. When a maintainer is unable to perform the required duties they can be removed with -a vote by 66% of the current maintainers with the chief maintainer having veto power. +a vote by 66% of the current maintainers. The voting period is ten business days. Issues related to a maintainer's performance should be discussed with them among the other maintainers so that they are not surprised by a pull request removing them. - - - From f2d2ee5e45af3c9b38dfd639ac92f43c3055ce4e Mon Sep 17 00:00:00 2001 From: lifubang Date: Mon, 10 Jun 2024 08:56:27 +0800 Subject: [PATCH 0612/1176] VERSION: release 1.2.0-rc.2 Signed-off-by: lifubang --- CHANGELOG.md | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++-- VERSION | 2 +- 2 files changed, 55 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 067266a27c6..59cdda4f136 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,10 +6,61 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] -### Changed +## [1.2.0-rc.2] - 2024-06-26 + +> TRUE or FALSE, it's a problem! + +### Important Notes * libcontainer/cgroups users who want to manage cgroup devices need to explicitly import libcontainer/cgroups/devices. (#3452, #4248) + * If building with Go 1.22.x, make sure to use 1.22.4 or a later version. + (see #4233 for more details) + +### Added + + * CI: add actuated-arm64. (#4142) + +### Fixed + + * cgroup v2: do not set swap to 0 or unlimited when it's not available. (#4188) + * Set the default value of CpuBurst to nil instead of 0. (#4210, #4211) + * runc exec: fix setting rlimit_nofile. (#4195, #4265, #4282, #4290) + * libct/cg/fs: fix setting rt_period vs rt_runtime. (#4094, #4258) + * script/*: fix gpg usage wrt keyboxd. (#4189) + * Fix a debug log message for user namespaces in nsexec. (#4311) + * libct/cg: write unified resources line by line. (#4186) + * libct.Start: fix locking, do not allow a second container init. (#4271) + * Fix tests in debian testing (mount_sshfs.bats). (#4245) + * Fix checkpoint/restore tests on actuated-arm64. (#4276) + * Fix codespell warnings. (#4291) + * libct/cg/dev: fix TestSetV1Allow panic. (#4295) + * tests/int/scheduler: require smp. (#4298) + +### Changed + + * libcontainer: allow containers to make apps think fips is enabled/disabled for testing. (#4246) + * libct/cg/fs: don't write cpu_burst twice on ENOENT. (#4259) + * Allow overriding VERSION value in Makefile. (#4269) + * Make trimpath optional. (#3908) + * Remove unused system.Execv. (#4268) + * Stop blacklisting Go 1.22+, drop Go < 1.21 support, use Go 1.22 in CI. (#4292) + * Improve some error messages for runc exec. (#4320) + * ci/actuated: re-enable CRIU tests. (#4252) + * Vagrantfile.fedora: bump Fedora to 39. (#4256) + * ci/gha: bump golangci-lint[-action]. (#4255) + * tests/int/tty: increase the timeout. (#4260) + * [ci] use go mod instead of go get in spec.bats. (#4264) + * tests/int/checkpoint: rm double logging. (#4251) + * ci/gha: bump golangci-lint-action from 5 to 6. (#4275) + * .cirrus.yml: rm FIXME from rootless fs on CentOS 7. (#4279) + * vendor: golang.org/x/net@v0.24.0. (#4280) + * Dockerfile: bump Debian to 12, Go to 1.21. (#4296) + * ci: pin codespell. (#4301) + * ci: workaround for centos stream 8 being EOLed. (#4304) + * ci/cirrus: rm centos stream 8. (#4307) + * ci/gha: switch to ubuntu 24.04. (#4286) + * Vagrantfile.fedora: bump to F40. (#4285) ## [1.2.0-rc.1] - 2024-04-03 @@ -708,7 +759,7 @@ implementation (libcontainer) is *not* covered by this policy. cgroups at all during `runc update`). (#2994) -[Unreleased]: https://github.com/opencontainers/runc/compare/v1.2.0-rc.1...HEAD +[Unreleased]: https://github.com/opencontainers/runc/compare/v1.2.0-rc.2...HEAD [1.1.0]: https://github.com/opencontainers/runc/compare/v1.1.0-rc.1...v1.1.0 [1.0.0]: https://github.com/opencontainers/runc/releases/tag/v1.0.0 @@ -736,4 +787,5 @@ implementation (libcontainer) is *not* covered by this policy. [1.1.0-rc.1]: https://github.com/opencontainers/runc/compare/v1.0.0...v1.1.0-rc.1 +[1.2.0-rc.2]: https://github.com/opencontainers/runc/compare/v1.2.0-rc.1...v1.2.0-rc.2 [1.2.0-rc.1]: https://github.com/opencontainers/runc/compare/v1.1.0...v1.2.0-rc.1 diff --git a/VERSION b/VERSION index 851e1952c7b..8f890920fa4 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.2.0-rc.1+dev +1.2.0-rc.2 From 5ea76254010bb8506fc9a4ff2780be0593792e02 Mon Sep 17 00:00:00 2001 From: lifubang Date: Mon, 24 Jun 2024 11:51:48 +0800 Subject: [PATCH 0613/1176] VERSION: back to development Signed-off-by: lifubang --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index 8f890920fa4..49d540ecf11 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.2.0-rc.2 +1.2.0-rc.2+dev From c14213399a2fc5cde974d477995cc13e1fb893c8 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Sat, 29 Jun 2024 15:44:42 +0200 Subject: [PATCH 0614/1176] remove pre-go1.17 build-tags Removed pre-go1.17 build-tags with go fix; go fix -mod=readonly ./... Signed-off-by: Sebastiaan van Stijn --- contrib/cmd/seccompagent/seccompagent.go | 1 - contrib/cmd/seccompagent/unsupported.go | 1 - libcontainer/apparmor/apparmor_unsupported.go | 1 - libcontainer/capabilities/capabilities.go | 1 - libcontainer/capabilities/capabilities_unsupported.go | 1 - libcontainer/configs/cgroup_unsupported.go | 1 - libcontainer/configs/configs_fuzzer.go | 1 - libcontainer/configs/mount_unsupported.go | 1 - libcontainer/configs/namespaces_syscall.go | 1 - libcontainer/configs/namespaces_syscall_unsupported.go | 1 - libcontainer/configs/namespaces_unsupported.go | 1 - libcontainer/devices/device_unix.go | 1 - libcontainer/devices/device_unix_test.go | 1 - libcontainer/dmz/dmz_linux.go | 1 - libcontainer/dmz/dmz_unsupported.go | 1 - libcontainer/integration/seccomp_test.go | 1 - libcontainer/nsenter/nsenter.go | 1 - libcontainer/nsenter/nsenter_gccgo.go | 1 - libcontainer/seccomp/patchbpf/enosys_linux.go | 1 - libcontainer/seccomp/patchbpf/enosys_linux_test.go | 1 - libcontainer/seccomp/patchbpf/enosys_unsupported.go | 1 - libcontainer/seccomp/seccomp_linux.go | 1 - libcontainer/seccomp/seccomp_unsupported.go | 1 - libcontainer/system/linux.go | 1 - libcontainer/userns/userns_fuzzer.go | 1 - libcontainer/userns/userns_unsupported.go | 1 - libcontainer/utils/utils_unix.go | 1 - 27 files changed, 27 deletions(-) diff --git a/contrib/cmd/seccompagent/seccompagent.go b/contrib/cmd/seccompagent/seccompagent.go index 9a6abc8f0b6..be1e6c25592 100644 --- a/contrib/cmd/seccompagent/seccompagent.go +++ b/contrib/cmd/seccompagent/seccompagent.go @@ -1,5 +1,4 @@ //go:build linux && seccomp -// +build linux,seccomp package main diff --git a/contrib/cmd/seccompagent/unsupported.go b/contrib/cmd/seccompagent/unsupported.go index 773eeaf6596..3463d4e0b31 100644 --- a/contrib/cmd/seccompagent/unsupported.go +++ b/contrib/cmd/seccompagent/unsupported.go @@ -1,5 +1,4 @@ //go:build !linux || !seccomp -// +build !linux !seccomp package main diff --git a/libcontainer/apparmor/apparmor_unsupported.go b/libcontainer/apparmor/apparmor_unsupported.go index 684248f2559..4484cd23971 100644 --- a/libcontainer/apparmor/apparmor_unsupported.go +++ b/libcontainer/apparmor/apparmor_unsupported.go @@ -1,5 +1,4 @@ //go:build !linux -// +build !linux package apparmor diff --git a/libcontainer/capabilities/capabilities.go b/libcontainer/capabilities/capabilities.go index d38b8a7cd89..69884ef992a 100644 --- a/libcontainer/capabilities/capabilities.go +++ b/libcontainer/capabilities/capabilities.go @@ -1,5 +1,4 @@ //go:build linux -// +build linux package capabilities diff --git a/libcontainer/capabilities/capabilities_unsupported.go b/libcontainer/capabilities/capabilities_unsupported.go index 0eafa4f2c2c..d7b5ce960df 100644 --- a/libcontainer/capabilities/capabilities_unsupported.go +++ b/libcontainer/capabilities/capabilities_unsupported.go @@ -1,4 +1,3 @@ //go:build !linux -// +build !linux package capabilities diff --git a/libcontainer/configs/cgroup_unsupported.go b/libcontainer/configs/cgroup_unsupported.go index 7e383020f4c..53f5ec5a0da 100644 --- a/libcontainer/configs/cgroup_unsupported.go +++ b/libcontainer/configs/cgroup_unsupported.go @@ -1,5 +1,4 @@ //go:build !linux -// +build !linux package configs diff --git a/libcontainer/configs/configs_fuzzer.go b/libcontainer/configs/configs_fuzzer.go index bce829e290a..1fd87ce6a4b 100644 --- a/libcontainer/configs/configs_fuzzer.go +++ b/libcontainer/configs/configs_fuzzer.go @@ -1,5 +1,4 @@ //go:build gofuzz -// +build gofuzz package configs diff --git a/libcontainer/configs/mount_unsupported.go b/libcontainer/configs/mount_unsupported.go index 21541912154..1d4d9fe52a5 100644 --- a/libcontainer/configs/mount_unsupported.go +++ b/libcontainer/configs/mount_unsupported.go @@ -1,5 +1,4 @@ //go:build !linux -// +build !linux package configs diff --git a/libcontainer/configs/namespaces_syscall.go b/libcontainer/configs/namespaces_syscall.go index 15d8046f3d6..26b70b26fa1 100644 --- a/libcontainer/configs/namespaces_syscall.go +++ b/libcontainer/configs/namespaces_syscall.go @@ -1,5 +1,4 @@ //go:build linux -// +build linux package configs diff --git a/libcontainer/configs/namespaces_syscall_unsupported.go b/libcontainer/configs/namespaces_syscall_unsupported.go index fbb0d49071e..10bf2436502 100644 --- a/libcontainer/configs/namespaces_syscall_unsupported.go +++ b/libcontainer/configs/namespaces_syscall_unsupported.go @@ -1,5 +1,4 @@ //go:build !linux && !windows -// +build !linux,!windows package configs diff --git a/libcontainer/configs/namespaces_unsupported.go b/libcontainer/configs/namespaces_unsupported.go index 946db30a549..914684993c9 100644 --- a/libcontainer/configs/namespaces_unsupported.go +++ b/libcontainer/configs/namespaces_unsupported.go @@ -1,5 +1,4 @@ //go:build !linux -// +build !linux package configs diff --git a/libcontainer/devices/device_unix.go b/libcontainer/devices/device_unix.go index 7d8e9fc3104..d00775f5142 100644 --- a/libcontainer/devices/device_unix.go +++ b/libcontainer/devices/device_unix.go @@ -1,5 +1,4 @@ //go:build !windows -// +build !windows package devices diff --git a/libcontainer/devices/device_unix_test.go b/libcontainer/devices/device_unix_test.go index 9d6fb5c2e45..2e00847acc4 100644 --- a/libcontainer/devices/device_unix_test.go +++ b/libcontainer/devices/device_unix_test.go @@ -1,5 +1,4 @@ //go:build !windows -// +build !windows package devices diff --git a/libcontainer/dmz/dmz_linux.go b/libcontainer/dmz/dmz_linux.go index eddbbc7016f..29f2af08edf 100644 --- a/libcontainer/dmz/dmz_linux.go +++ b/libcontainer/dmz/dmz_linux.go @@ -1,5 +1,4 @@ //go:build !runc_nodmz -// +build !runc_nodmz package dmz diff --git a/libcontainer/dmz/dmz_unsupported.go b/libcontainer/dmz/dmz_unsupported.go index 2ba67270495..9e284f65394 100644 --- a/libcontainer/dmz/dmz_unsupported.go +++ b/libcontainer/dmz/dmz_unsupported.go @@ -1,5 +1,4 @@ //go:build !linux || runc_nodmz -// +build !linux runc_nodmz package dmz diff --git a/libcontainer/integration/seccomp_test.go b/libcontainer/integration/seccomp_test.go index ecdfa7957df..465dbaefccc 100644 --- a/libcontainer/integration/seccomp_test.go +++ b/libcontainer/integration/seccomp_test.go @@ -1,5 +1,4 @@ //go:build linux && cgo && seccomp -// +build linux,cgo,seccomp package integration diff --git a/libcontainer/nsenter/nsenter.go b/libcontainer/nsenter/nsenter.go index 2d1f3e11cf7..f767864c3ff 100644 --- a/libcontainer/nsenter/nsenter.go +++ b/libcontainer/nsenter/nsenter.go @@ -1,5 +1,4 @@ //go:build linux && !gccgo -// +build linux,!gccgo package nsenter diff --git a/libcontainer/nsenter/nsenter_gccgo.go b/libcontainer/nsenter/nsenter_gccgo.go index 86bad539e0c..1dcde2ea8df 100644 --- a/libcontainer/nsenter/nsenter_gccgo.go +++ b/libcontainer/nsenter/nsenter_gccgo.go @@ -1,5 +1,4 @@ //go:build linux && gccgo -// +build linux,gccgo package nsenter diff --git a/libcontainer/seccomp/patchbpf/enosys_linux.go b/libcontainer/seccomp/patchbpf/enosys_linux.go index 6ee4f1d5388..f0bf186ee0d 100644 --- a/libcontainer/seccomp/patchbpf/enosys_linux.go +++ b/libcontainer/seccomp/patchbpf/enosys_linux.go @@ -1,5 +1,4 @@ //go:build cgo && seccomp -// +build cgo,seccomp package patchbpf diff --git a/libcontainer/seccomp/patchbpf/enosys_linux_test.go b/libcontainer/seccomp/patchbpf/enosys_linux_test.go index 6ca2c06162d..cb8458929e6 100644 --- a/libcontainer/seccomp/patchbpf/enosys_linux_test.go +++ b/libcontainer/seccomp/patchbpf/enosys_linux_test.go @@ -1,5 +1,4 @@ //go:build cgo && seccomp -// +build cgo,seccomp package patchbpf diff --git a/libcontainer/seccomp/patchbpf/enosys_unsupported.go b/libcontainer/seccomp/patchbpf/enosys_unsupported.go index d23167ae357..2812ca46123 100644 --- a/libcontainer/seccomp/patchbpf/enosys_unsupported.go +++ b/libcontainer/seccomp/patchbpf/enosys_unsupported.go @@ -1,4 +1,3 @@ //go:build !linux || !cgo || !seccomp -// +build !linux !cgo !seccomp package patchbpf diff --git a/libcontainer/seccomp/seccomp_linux.go b/libcontainer/seccomp/seccomp_linux.go index 2c64ebbbadd..2f646b6d822 100644 --- a/libcontainer/seccomp/seccomp_linux.go +++ b/libcontainer/seccomp/seccomp_linux.go @@ -1,5 +1,4 @@ //go:build cgo && seccomp -// +build cgo,seccomp package seccomp diff --git a/libcontainer/seccomp/seccomp_unsupported.go b/libcontainer/seccomp/seccomp_unsupported.go index b08a3498687..d2222ce71b7 100644 --- a/libcontainer/seccomp/seccomp_unsupported.go +++ b/libcontainer/seccomp/seccomp_unsupported.go @@ -1,5 +1,4 @@ //go:build !linux || !cgo || !seccomp -// +build !linux !cgo !seccomp package seccomp diff --git a/libcontainer/system/linux.go b/libcontainer/system/linux.go index 368364baf04..7bbf92a3d30 100644 --- a/libcontainer/system/linux.go +++ b/libcontainer/system/linux.go @@ -1,5 +1,4 @@ //go:build linux -// +build linux package system diff --git a/libcontainer/userns/userns_fuzzer.go b/libcontainer/userns/userns_fuzzer.go index bff03f8d859..d90cffcf40c 100644 --- a/libcontainer/userns/userns_fuzzer.go +++ b/libcontainer/userns/userns_fuzzer.go @@ -1,5 +1,4 @@ //go:build gofuzz -// +build gofuzz package userns diff --git a/libcontainer/userns/userns_unsupported.go b/libcontainer/userns/userns_unsupported.go index 391c811c680..71d4c6353a4 100644 --- a/libcontainer/userns/userns_unsupported.go +++ b/libcontainer/userns/userns_unsupported.go @@ -1,5 +1,4 @@ //go:build !linux -// +build !linux package userns diff --git a/libcontainer/utils/utils_unix.go b/libcontainer/utils/utils_unix.go index f57f0874a06..7b0acfa833a 100644 --- a/libcontainer/utils/utils_unix.go +++ b/libcontainer/utils/utils_unix.go @@ -1,5 +1,4 @@ //go:build !windows -// +build !windows package utils From 30b530ca949c97728600461edb0df2eca0e13c40 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Sat, 29 Jun 2024 19:26:09 +0200 Subject: [PATCH 0615/1176] libct/userns: split userns detection from internal userns code Commit 4316df8b53cce2933d7f0f3cf4bf87da67459835 isolated RunningInUserNS to a separate package to make it easier to consume without bringing in additional dependencies, and with the potential to move it separate in a similar fashion as libcontainer/user was moved to a separate module in commit ca32014adbc5bcdd1ec5862672c35c7d4cbd849d. While RunningInUserNS is fairly trivial to implement, it (or variants of this utility) is used in many codebases, and moving to a separate module could consolidate those implementations, as well as making it easier to consume without large dependency trees (when being a package as part of a larger code base). Commit 1912d5988bbb379189ea9ceb2e03945738c513dc and follow-ups introduced cgo code into the userns package, and code introduced in those commits are not intended for external use, therefore complicating the potential of moving the userns package separate. This commit moves the new code to a separate package; some of this code was included in v1.1.11 and up, but I could not find external consumers of `GetUserNamespaceMappings` and `IsSameMapping`. The `Mapping` and `Handles` types (added in ba0b5e26989f39d0bdadeeff38182902df781df6) only exist in main and in non-stable releases (v1.2.0-rc.x), so don't need an alias / deprecation. Signed-off-by: Sebastiaan van Stijn --- libcontainer/integration/exec_test.go | 4 ++-- libcontainer/{ => internal}/userns/userns_maps.c | 0 libcontainer/{ => internal}/userns/userns_maps_linux.go | 0 libcontainer/{ => internal}/userns/usernsfd_linux.go | 0 libcontainer/{ => internal}/userns/usernsfd_linux_test.go | 0 libcontainer/mount_linux.go | 2 +- libcontainer/process_linux.go | 2 +- libcontainer/specconv/spec_linux.go | 2 +- 8 files changed, 5 insertions(+), 5 deletions(-) rename libcontainer/{ => internal}/userns/userns_maps.c (100%) rename libcontainer/{ => internal}/userns/userns_maps_linux.go (100%) rename libcontainer/{ => internal}/userns/usernsfd_linux.go (100%) rename libcontainer/{ => internal}/userns/usernsfd_linux_test.go (100%) diff --git a/libcontainer/integration/exec_test.go b/libcontainer/integration/exec_test.go index 5a289ba7cb5..e8a2dc53c80 100644 --- a/libcontainer/integration/exec_test.go +++ b/libcontainer/integration/exec_test.go @@ -18,7 +18,7 @@ import ( "github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/cgroups/systemd" "github.com/opencontainers/runc/libcontainer/configs" - "github.com/opencontainers/runc/libcontainer/userns" + "github.com/opencontainers/runc/libcontainer/internal/userns" "github.com/opencontainers/runc/libcontainer/utils" "github.com/opencontainers/runtime-spec/specs-go" @@ -724,7 +724,7 @@ func TestContainerState(t *testing.T) { {Type: configs.NEWNS}, {Type: configs.NEWUTS}, // host for IPC - //{Type: configs.NEWIPC}, + // {Type: configs.NEWIPC}, {Type: configs.NEWPID}, {Type: configs.NEWNET}, }) diff --git a/libcontainer/userns/userns_maps.c b/libcontainer/internal/userns/userns_maps.c similarity index 100% rename from libcontainer/userns/userns_maps.c rename to libcontainer/internal/userns/userns_maps.c diff --git a/libcontainer/userns/userns_maps_linux.go b/libcontainer/internal/userns/userns_maps_linux.go similarity index 100% rename from libcontainer/userns/userns_maps_linux.go rename to libcontainer/internal/userns/userns_maps_linux.go diff --git a/libcontainer/userns/usernsfd_linux.go b/libcontainer/internal/userns/usernsfd_linux.go similarity index 100% rename from libcontainer/userns/usernsfd_linux.go rename to libcontainer/internal/userns/usernsfd_linux.go diff --git a/libcontainer/userns/usernsfd_linux_test.go b/libcontainer/internal/userns/usernsfd_linux_test.go similarity index 100% rename from libcontainer/userns/usernsfd_linux_test.go rename to libcontainer/internal/userns/usernsfd_linux_test.go diff --git a/libcontainer/mount_linux.go b/libcontainer/mount_linux.go index f9b1adf51db..f2eaa937ee6 100644 --- a/libcontainer/mount_linux.go +++ b/libcontainer/mount_linux.go @@ -11,7 +11,7 @@ import ( "golang.org/x/sys/unix" "github.com/opencontainers/runc/libcontainer/configs" - "github.com/opencontainers/runc/libcontainer/userns" + "github.com/opencontainers/runc/libcontainer/internal/userns" "github.com/opencontainers/runc/libcontainer/utils" ) diff --git a/libcontainer/process_linux.go b/libcontainer/process_linux.go index 3c3e797661a..9a2473f716e 100644 --- a/libcontainer/process_linux.go +++ b/libcontainer/process_linux.go @@ -23,9 +23,9 @@ import ( "github.com/opencontainers/runc/libcontainer/cgroups/fs2" "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/intelrdt" + "github.com/opencontainers/runc/libcontainer/internal/userns" "github.com/opencontainers/runc/libcontainer/logs" "github.com/opencontainers/runc/libcontainer/system" - "github.com/opencontainers/runc/libcontainer/userns" "github.com/opencontainers/runc/libcontainer/utils" ) diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go index 5a09f74b1e3..ae08a827c1f 100644 --- a/libcontainer/specconv/spec_linux.go +++ b/libcontainer/specconv/spec_linux.go @@ -17,8 +17,8 @@ import ( "github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/devices" + "github.com/opencontainers/runc/libcontainer/internal/userns" "github.com/opencontainers/runc/libcontainer/seccomp" - "github.com/opencontainers/runc/libcontainer/userns" libcontainerUtils "github.com/opencontainers/runc/libcontainer/utils" "github.com/opencontainers/runtime-spec/specs-go" "github.com/sirupsen/logrus" From 5b09a71228a4f4e22a8e55b318000b918dc65fd2 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Sat, 29 Jun 2024 17:53:53 +0200 Subject: [PATCH 0616/1176] libct/userns: change RunningInUserNS to a wrapper instead of an alias This was a poor decision on my side; 4316df8b53cce2933d7f0f3cf4bf87da67459835 moved this utility to a separate package, and split the exported function from the implementation (and stubs). Out of convenience, I used an alias for the latter part, but there's two downsides to that; - `RunningInUserNS` being an exported var means that (technically) it can be replaced by other code; perhaps that's a "feature", but not one we intended it to be used for. - `RunningInUserNS` being implemented through a var / alias means it's also documented as such on [pkg.go.dev], which is confusing. This patch changes it to a regular function, acting as a wrapper for the underlying implementations. While at it, also slightly touching up the GoDoc to describe its functionality / behavior. [pkg.go.dev]: https://pkg.go.dev/github.com/opencontainers/runc@v1.1.13/libcontainer/userns#RunningInUserNS Signed-off-by: Sebastiaan van Stijn --- libcontainer/userns/userns.go | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/libcontainer/userns/userns.go b/libcontainer/userns/userns.go index b225f18f2e2..069a9bb28c3 100644 --- a/libcontainer/userns/userns.go +++ b/libcontainer/userns/userns.go @@ -1,4 +1,8 @@ package userns -// RunningInUserNS detects whether we are currently running in a user namespace. -var RunningInUserNS = runningInUserNS +// RunningInUserNS detects whether we are currently running in a Linux +// user namespace and memoizes the result. It returns false on non-Linux +// platforms. +func RunningInUserNS() bool { + return runningInUserNS() +} From b3b31ff27cefa382b36241c508556dcec032cdd7 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Sat, 29 Jun 2024 18:08:44 +0200 Subject: [PATCH 0617/1176] libct/userns: make fuzzer Linux-only, and remove stub for uidMapInUserNS The fuzzer for this only runs on Linux; rename the file to be Linux-only so that we don't have to stub out the uidMapInUserNS function. Signed-off-by: Sebastiaan van Stijn --- .../userns/{userns_fuzzer.go => userns_linux_fuzzer.go} | 2 +- libcontainer/userns/userns_unsupported.go | 6 ------ 2 files changed, 1 insertion(+), 7 deletions(-) rename libcontainer/userns/{userns_fuzzer.go => userns_linux_fuzzer.go} (79%) diff --git a/libcontainer/userns/userns_fuzzer.go b/libcontainer/userns/userns_linux_fuzzer.go similarity index 79% rename from libcontainer/userns/userns_fuzzer.go rename to libcontainer/userns/userns_linux_fuzzer.go index d90cffcf40c..26ba2e16ec4 100644 --- a/libcontainer/userns/userns_fuzzer.go +++ b/libcontainer/userns/userns_linux_fuzzer.go @@ -1,4 +1,4 @@ -//go:build gofuzz +//go:build linux && gofuzz package userns diff --git a/libcontainer/userns/userns_unsupported.go b/libcontainer/userns/userns_unsupported.go index 71d4c6353a4..47dd5aab106 100644 --- a/libcontainer/userns/userns_unsupported.go +++ b/libcontainer/userns/userns_unsupported.go @@ -7,9 +7,3 @@ package userns func runningInUserNS() bool { return false } - -// uidMapInUserNS is a stub for non-Linux systems -// Always returns false -func uidMapInUserNS(uidMap string) bool { - return false -} From 6980adb67ce78ed9bd760e85042858b1e3f499a0 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Sat, 29 Jun 2024 18:15:07 +0200 Subject: [PATCH 0618/1176] libct/userns: implement RunningInUserNS with sync.OnceValue Now that we dropped support for go < 1.21, we can use this; moving the sync.once out of the runningInUserNS() implementation would also allow for it to be more easily tested if we'd decide to. Signed-off-by: Sebastiaan van Stijn --- libcontainer/userns/userns.go | 2 +- libcontainer/userns/userns_linux.go | 36 ++++++++++------------- libcontainer/userns/userns_unsupported.go | 7 ++--- 3 files changed, 18 insertions(+), 27 deletions(-) diff --git a/libcontainer/userns/userns.go b/libcontainer/userns/userns.go index 069a9bb28c3..a07afe07bc8 100644 --- a/libcontainer/userns/userns.go +++ b/libcontainer/userns/userns.go @@ -4,5 +4,5 @@ package userns // user namespace and memoizes the result. It returns false on non-Linux // platforms. func RunningInUserNS() bool { - return runningInUserNS() + return inUserNS() } diff --git a/libcontainer/userns/userns_linux.go b/libcontainer/userns/userns_linux.go index a6710b321be..a1462e13bc0 100644 --- a/libcontainer/userns/userns_linux.go +++ b/libcontainer/userns/userns_linux.go @@ -7,32 +7,26 @@ import ( "sync" ) -var ( - inUserNS bool - nsOnce sync.Once -) +var inUserNS = sync.OnceValue(runningInUserNS) // runningInUserNS detects whether we are currently running in a user namespace. // // Originally copied from https://github.com/lxc/incus/blob/e45085dd42f826b3c8c3228e9733c0b6f998eafe/shared/util.go#L678-L700. func runningInUserNS() bool { - nsOnce.Do(func() { - file, err := os.Open("/proc/self/uid_map") - if err != nil { - // This kernel-provided file only exists if user namespaces are supported. - return - } - defer file.Close() - - buf := bufio.NewReader(file) - l, _, err := buf.ReadLine() - if err != nil { - return - } - - inUserNS = uidMapInUserNS(string(l)) - }) - return inUserNS + file, err := os.Open("/proc/self/uid_map") + if err != nil { + // This kernel-provided file only exists if user namespaces are supported. + return false + } + defer file.Close() + + buf := bufio.NewReader(file) + l, _, err := buf.ReadLine() + if err != nil { + return false + } + + return uidMapInUserNS(string(l)) } func uidMapInUserNS(uidMap string) bool { diff --git a/libcontainer/userns/userns_unsupported.go b/libcontainer/userns/userns_unsupported.go index 47dd5aab106..8ed83072c23 100644 --- a/libcontainer/userns/userns_unsupported.go +++ b/libcontainer/userns/userns_unsupported.go @@ -2,8 +2,5 @@ package userns -// runningInUserNS is a stub for non-Linux systems -// Always returns false -func runningInUserNS() bool { - return false -} +// inUserNS is a stub for non-Linux systems. Always returns false. +func inUserNS() bool { return false } From 8b1c0f7e470eba9c6f15020b5a1601223ae14cb9 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 26 Jun 2024 11:18:00 -0700 Subject: [PATCH 0619/1176] CHANGELOG.md: dedup v1.2.0-rc.2 notes Remove changes that are already reflected in v1.1.13 changelog: - rlimit_nofile fix; - rt_period vs rt_runtime fix; - gpg vs keyboxd fix; - nsexec debug log fix; - fips faking; - vagrant Fedora 39 bump; - golangci-lint bump; - x/net bump; - centos stream 8 removal; - codespell ci fixes. Compact some of the entries that are related (e.g. about actuated-ci). Signed-off-by: Kir Kolyshkin --- CHANGELOG.md | 16 +--------------- 1 file changed, 1 insertion(+), 15 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 59cdda4f136..aa08955e875 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -19,46 +19,32 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Added - * CI: add actuated-arm64. (#4142) + * CI: add actuated-arm64. (#4142, #4252, #4276) ### Fixed * cgroup v2: do not set swap to 0 or unlimited when it's not available. (#4188) * Set the default value of CpuBurst to nil instead of 0. (#4210, #4211) - * runc exec: fix setting rlimit_nofile. (#4195, #4265, #4282, #4290) - * libct/cg/fs: fix setting rt_period vs rt_runtime. (#4094, #4258) - * script/*: fix gpg usage wrt keyboxd. (#4189) - * Fix a debug log message for user namespaces in nsexec. (#4311) * libct/cg: write unified resources line by line. (#4186) * libct.Start: fix locking, do not allow a second container init. (#4271) * Fix tests in debian testing (mount_sshfs.bats). (#4245) - * Fix checkpoint/restore tests on actuated-arm64. (#4276) * Fix codespell warnings. (#4291) * libct/cg/dev: fix TestSetV1Allow panic. (#4295) * tests/int/scheduler: require smp. (#4298) ### Changed - * libcontainer: allow containers to make apps think fips is enabled/disabled for testing. (#4246) * libct/cg/fs: don't write cpu_burst twice on ENOENT. (#4259) - * Allow overriding VERSION value in Makefile. (#4269) * Make trimpath optional. (#3908) * Remove unused system.Execv. (#4268) * Stop blacklisting Go 1.22+, drop Go < 1.21 support, use Go 1.22 in CI. (#4292) * Improve some error messages for runc exec. (#4320) - * ci/actuated: re-enable CRIU tests. (#4252) - * Vagrantfile.fedora: bump Fedora to 39. (#4256) * ci/gha: bump golangci-lint[-action]. (#4255) * tests/int/tty: increase the timeout. (#4260) * [ci] use go mod instead of go get in spec.bats. (#4264) * tests/int/checkpoint: rm double logging. (#4251) - * ci/gha: bump golangci-lint-action from 5 to 6. (#4275) * .cirrus.yml: rm FIXME from rootless fs on CentOS 7. (#4279) - * vendor: golang.org/x/net@v0.24.0. (#4280) * Dockerfile: bump Debian to 12, Go to 1.21. (#4296) - * ci: pin codespell. (#4301) - * ci: workaround for centos stream 8 being EOLed. (#4304) - * ci/cirrus: rm centos stream 8. (#4307) * ci/gha: switch to ubuntu 24.04. (#4286) * Vagrantfile.fedora: bump to F40. (#4285) From b18d052bb83cbf0a6ad79aa1e79d5c9f75eddda7 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 2 Jul 2024 14:44:53 -0700 Subject: [PATCH 0620/1176] ci/cirrus: switch from CentOS to Almalinux Remove CentOS 7 as it is EOL. Add back RHEL 8 clone (CentOS Stream 8 was removed by commit 40bb9c468ea85a). Switch from CentOS Stream 9 to Almalinux 9. Signed-off-by: Kir Kolyshkin --- .cirrus.yml | 52 ++++++++++++++++------------------------------------ 1 file changed, 16 insertions(+), 36 deletions(-) diff --git a/.cirrus.yml b/.cirrus.yml index e8405d14ebf..c5661a02a4a 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -1,6 +1,6 @@ --- -# We use Cirrus for CentOS (native) and Fedora (in Vagrant), because neither -# CentOS nor Fedora is available on GHA natively, so the only option is VM. +# We use Cirrus for RHEL clones (native) and Fedora (in Vagrant), because +# neither is available on GHA natively, so the only option is VM. # In GHA, nested virtualization is only supported on macOS instances, which # are slow and flaky. @@ -82,13 +82,13 @@ task: RPMS: gcc git iptables jq glibc-static libseccomp-devel make criu fuse-sshfs container-selinux # yamllint disable rule:key-duplicates matrix: - DISTRO: centos-7 - DISTRO: centos-stream-9 + DISTRO: almalinux-8 + DISTRO: almalinux-9 name: ci / $DISTRO compute_engine_instance: - image_project: centos-cloud + image_project: almalinux-cloud image: family/$DISTRO platform: linux cpu: 4 @@ -96,17 +96,12 @@ task: install_dependencies_script: | case $DISTRO in - centos-7) - (cd /etc/yum.repos.d && curl -O https://copr.fedorainfracloud.org/coprs/adrian/criu-el7/repo/epel-7/adrian-criu-el7-epel-7.repo) - # EPEL is needed for jq and fuse-sshfs. - rpm -q epel-release || rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm - # sysctl - echo "user.max_user_namespaces=15076" > /etc/sysctl.d/userns.conf - sysctl --system + *-8) + yum config-manager --set-enabled powertools # for glibc-static ;; - centos-stream-9) + *-9) dnf config-manager --set-enabled crb # for glibc-static - dnf -y install epel-release epel-next-release # for fuse-sshfs + dnf -y install epel-release # for fuse-sshfs # Delegate all cgroup v2 controllers to rootless user via --systemd-cgroup. # The default (since systemd v252) is "pids memory cpu". mkdir -p /etc/systemd/system/user@.service.d @@ -121,11 +116,7 @@ task: done [ $? -eq 0 ] # fail if yum failed - # Double check that all rpms were installed (yum from CentOS 7 - # does not exit with an error if some packages were not found). - # Use --whatprovides since some packages are renamed. - rpm -q --whatprovides $RPMS - # install Go + # Install Go. PREFIX="https://go.dev/dl/" # Find out the latest minor release URL. eval $(curl -fsSL "${PREFIX}?mode=json" | jq -r --arg Ver "$GO_VERSION" '.[] | select(.version | startswith("go\($Ver)")) | .files[] | select(.os == "linux" and .arch == "amd64" and .kind == "archive") | "filename=\"" + .filename + "\""') @@ -179,22 +170,11 @@ task: ssh -tt localhost "make -C /home/runc localintegration" integration_systemd_rootless_script: | case $DISTRO in - centos-7) - echo "SKIP: integration_systemd_rootless_script requires cgroup v2" - ;; - *) - ssh -tt localhost "make -C /home/runc localrootlessintegration RUNC_USE_SYSTEMD=yes" - esac - integration_fs_rootless_script: | - case $DISTRO in - centos-7) - # Most probably EPERM on cgroup.procs is caused by some missing kernel - # patch. The other issue is SELinux, but even with SELinux fixes in - # https://github.com/opencontainers/runc/pull/4068 it still doesn't work. - # Does not make sense in trying to fix this since it's an older distro. - echo "SKIP: integration_fs_rootless_script is skipped because of EPERM on writing cgroup.procs" + *-8) + echo "SKIP: integration_systemd_rootless_script requires cgroup v2" ;; - *) - ssh -tt localhost "make -C /home/runc localrootlessintegration" - ;; + *) + ssh -tt localhost "make -C /home/runc localrootlessintegration RUNC_USE_SYSTEMD=yes" esac + integration_fs_rootless_script: | + ssh -tt localhost "make -C /home/runc localrootlessintegration" From e7848482e227e8da4f958510734de370f6ee6479 Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Wed, 3 Jul 2024 17:25:10 +0900 Subject: [PATCH 0621/1176] Revert "libcontainer: seccomp: pass around *os.File for notifyfd" This reverts commit 20b95f23ca33cb1751ee0b5318e1d5f3676032c6. > Conflicts: > libcontainer/init_linux.go Signed-off-by: Akihiro Suda --- libcontainer/init_linux.go | 8 ++--- libcontainer/seccomp/patchbpf/enosys_linux.go | 13 +++---- libcontainer/seccomp/seccomp_linux.go | 35 ++++++++++--------- libcontainer/seccomp/seccomp_unsupported.go | 7 ++-- 4 files changed, 32 insertions(+), 31 deletions(-) diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go index e0a65d5cc8f..f3d0d5706f2 100644 --- a/libcontainer/init_linux.go +++ b/libcontainer/init_linux.go @@ -451,11 +451,11 @@ func syncParentHooks(pipe *syncSocket) error { // syncParentSeccomp sends the fd associated with the seccomp file descriptor // to the parent, and wait for the parent to do pidfd_getfd() to grab a copy. -func syncParentSeccomp(pipe *syncSocket, seccompFd *os.File) error { - if seccompFd == nil { +func syncParentSeccomp(pipe *syncSocket, seccompFd int) error { + if seccompFd == -1 { return nil } - defer seccompFd.Close() + defer unix.Close(seccompFd) // Tell parent to grab our fd. // @@ -466,7 +466,7 @@ func syncParentSeccomp(pipe *syncSocket, seccompFd *os.File) error { // before the parent gets the file descriptor would deadlock "runc init" if // we allowed it for SCMP_ACT_NOTIFY). See seccomp.InitSeccomp() for more // details. - if err := writeSyncArg(pipe, procSeccomp, seccompFd.Fd()); err != nil { + if err := writeSyncArg(pipe, procSeccomp, seccompFd); err != nil { return err } // Wait for parent to tell us they've grabbed the seccompfd. diff --git a/libcontainer/seccomp/patchbpf/enosys_linux.go b/libcontainer/seccomp/patchbpf/enosys_linux.go index f0bf186ee0d..f829bf7ae2f 100644 --- a/libcontainer/seccomp/patchbpf/enosys_linux.go +++ b/libcontainer/seccomp/patchbpf/enosys_linux.go @@ -704,17 +704,17 @@ func sysSeccompSetFilter(flags uint, filter []unix.SockFilter) (fd int, err erro // patches said filter to handle -ENOSYS in a much nicer manner than the // default libseccomp default action behaviour, and loads the patched filter // into the kernel for the current process. -func PatchAndLoad(config *configs.Seccomp, filter *libseccomp.ScmpFilter) (*os.File, error) { +func PatchAndLoad(config *configs.Seccomp, filter *libseccomp.ScmpFilter) (int, error) { // Generate a patched filter. fprog, err := enosysPatchFilter(config, filter) if err != nil { - return nil, fmt.Errorf("error patching filter: %w", err) + return -1, fmt.Errorf("error patching filter: %w", err) } // Get the set of libseccomp flags set. seccompFlags, noNewPrivs, err := filterFlags(config, filter) if err != nil { - return nil, fmt.Errorf("unable to fetch seccomp filter flags: %w", err) + return -1, fmt.Errorf("unable to fetch seccomp filter flags: %w", err) } // Set no_new_privs if it was requested, though in runc we handle @@ -722,14 +722,15 @@ func PatchAndLoad(config *configs.Seccomp, filter *libseccomp.ScmpFilter) (*os.F if noNewPrivs { logrus.Warnf("potentially misconfigured filter -- setting no_new_privs in seccomp path") if err := unix.Prctl(unix.PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0); err != nil { - return nil, fmt.Errorf("error enabling no_new_privs bit: %w", err) + return -1, fmt.Errorf("error enabling no_new_privs bit: %w", err) } } // Finally, load the filter. fd, err := sysSeccompSetFilter(seccompFlags, fprog) if err != nil { - return nil, fmt.Errorf("error loading seccomp filter: %w", err) + return -1, fmt.Errorf("error loading seccomp filter: %w", err) } - return os.NewFile(uintptr(fd), "[seccomp filter]"), nil + + return fd, nil } diff --git a/libcontainer/seccomp/seccomp_linux.go b/libcontainer/seccomp/seccomp_linux.go index 2f646b6d822..e399972aa53 100644 --- a/libcontainer/seccomp/seccomp_linux.go +++ b/libcontainer/seccomp/seccomp_linux.go @@ -5,7 +5,6 @@ package seccomp import ( "errors" "fmt" - "os" libseccomp "github.com/seccomp/libseccomp-golang" "github.com/sirupsen/logrus" @@ -27,16 +26,17 @@ const ( ) // InitSeccomp installs the seccomp filters to be used in the container as -// specified in config. Returns the seccomp file descriptor if any of the -// filters include a SCMP_ACT_NOTIFY action. -func InitSeccomp(config *configs.Seccomp) (*os.File, error) { +// specified in config. +// Returns the seccomp file descriptor if any of the filters include a +// SCMP_ACT_NOTIFY action, otherwise returns -1. +func InitSeccomp(config *configs.Seccomp) (int, error) { if config == nil { - return nil, errors.New("cannot initialize Seccomp - nil config passed") + return -1, errors.New("cannot initialize Seccomp - nil config passed") } defaultAction, err := getAction(config.DefaultAction, config.DefaultErrnoRet) if err != nil { - return nil, errors.New("error initializing seccomp - invalid default action") + return -1, errors.New("error initializing seccomp - invalid default action") } // Ignore the error since pre-2.4 libseccomp is treated as API level 0. @@ -44,7 +44,7 @@ func InitSeccomp(config *configs.Seccomp) (*os.File, error) { for _, call := range config.Syscalls { if call.Action == configs.Notify { if apiLevel < 6 { - return nil, fmt.Errorf("seccomp notify unsupported: API level: got %d, want at least 6. Please try with libseccomp >= 2.5.0 and Linux >= 5.7", apiLevel) + return -1, fmt.Errorf("seccomp notify unsupported: API level: got %d, want at least 6. Please try with libseccomp >= 2.5.0 and Linux >= 5.7", apiLevel) } // We can't allow the write syscall to notify to the seccomp agent. @@ -60,36 +60,36 @@ func InitSeccomp(config *configs.Seccomp) (*os.File, error) { // agent allows those syscalls to proceed, initialization works just fine and the agent can // handle future read()/close() syscalls as it wanted. if call.Name == "write" { - return nil, errors.New("SCMP_ACT_NOTIFY cannot be used for the write syscall") + return -1, errors.New("SCMP_ACT_NOTIFY cannot be used for the write syscall") } } } // See comment on why write is not allowed. The same reason applies, as this can mean handling write too. if defaultAction == libseccomp.ActNotify { - return nil, errors.New("SCMP_ACT_NOTIFY cannot be used as default action") + return -1, errors.New("SCMP_ACT_NOTIFY cannot be used as default action") } filter, err := libseccomp.NewFilter(defaultAction) if err != nil { - return nil, fmt.Errorf("error creating filter: %w", err) + return -1, fmt.Errorf("error creating filter: %w", err) } // Add extra architectures for _, arch := range config.Architectures { scmpArch, err := libseccomp.GetArchFromString(arch) if err != nil { - return nil, fmt.Errorf("error validating Seccomp architecture: %w", err) + return -1, fmt.Errorf("error validating Seccomp architecture: %w", err) } if err := filter.AddArch(scmpArch); err != nil { - return nil, fmt.Errorf("error adding architecture to seccomp filter: %w", err) + return -1, fmt.Errorf("error adding architecture to seccomp filter: %w", err) } } // Add extra flags. for _, flag := range config.Flags { if err := setFlag(filter, flag); err != nil { - return nil, err + return -1, err } } @@ -109,24 +109,25 @@ func InitSeccomp(config *configs.Seccomp) (*os.File, error) { // Unset no new privs bit if err := filter.SetNoNewPrivsBit(false); err != nil { - return nil, fmt.Errorf("error setting no new privileges: %w", err) + return -1, fmt.Errorf("error setting no new privileges: %w", err) } // Add a rule for each syscall for _, call := range config.Syscalls { if call == nil { - return nil, errors.New("encountered nil syscall while initializing Seccomp") + return -1, errors.New("encountered nil syscall while initializing Seccomp") } if err := matchCall(filter, call, defaultAction); err != nil { - return nil, err + return -1, err } } seccompFd, err := patchbpf.PatchAndLoad(config, filter) if err != nil { - return nil, fmt.Errorf("error loading seccomp filter into kernel: %w", err) + return -1, fmt.Errorf("error loading seccomp filter into kernel: %w", err) } + return seccompFd, nil } diff --git a/libcontainer/seccomp/seccomp_unsupported.go b/libcontainer/seccomp/seccomp_unsupported.go index d2222ce71b7..25713f23271 100644 --- a/libcontainer/seccomp/seccomp_unsupported.go +++ b/libcontainer/seccomp/seccomp_unsupported.go @@ -4,7 +4,6 @@ package seccomp import ( "errors" - "os" "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runtime-spec/specs-go" @@ -13,11 +12,11 @@ import ( var ErrSeccompNotEnabled = errors.New("seccomp: config provided but seccomp not supported") // InitSeccomp does nothing because seccomp is not supported. -func InitSeccomp(config *configs.Seccomp) (*os.File, error) { +func InitSeccomp(config *configs.Seccomp) (int, error) { if config != nil { - return nil, ErrSeccompNotEnabled + return -1, ErrSeccompNotEnabled } - return nil, nil + return -1, nil } // FlagSupported tells if a provided seccomp flag is supported. From a5e660ca5b3045545c2a442f0cae2b3f1862958e Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Wed, 3 Jul 2024 17:25:51 +0900 Subject: [PATCH 0622/1176] seccomp-notify.bats: add fcntl to the important syscall list For issue 4328 Signed-off-by: Akihiro Suda --- tests/integration/seccomp-notify.bats | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tests/integration/seccomp-notify.bats b/tests/integration/seccomp-notify.bats index d979cf09ce8..58492090236 100644 --- a/tests/integration/seccomp-notify.bats +++ b/tests/integration/seccomp-notify.bats @@ -83,8 +83,9 @@ function scmp_act_notify_template() { } # Test important syscalls (some might be executed by runc) work fine when handled by the agent. noNewPrivileges FALSE. +# fcntl: https://github.com/opencontainers/runc/issues/4328 @test "runc run [seccomp] (SCMP_ACT_NOTIFY important syscalls noNewPrivileges false)" { - scmp_act_notify_template "/bin/true" false '"execve","openat","open","read","close"' + scmp_act_notify_template "/bin/true" false '"execve","openat","open","read","close","fcntl"' runc run test_busybox [ "$status" -eq 0 ] @@ -92,7 +93,7 @@ function scmp_act_notify_template() { # Test important syscalls (some might be executed by runc) work fine when handled by the agent. noNewPrivileges TRUE. @test "runc run [seccomp] (SCMP_ACT_NOTIFY important syscalls noNewPrivileges true)" { - scmp_act_notify_template "/bin/true" true '"execve","openat","open","read","close"' + scmp_act_notify_template "/bin/true" true '"execve","openat","open","read","close","fcntl"' runc run test_busybox [ "$status" -eq 0 ] From 309a6d91a43658e5468552d63b10feb6fb251424 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 1 Jul 2024 10:10:24 -0700 Subject: [PATCH 0623/1176] ci/gha: add go-fix job Add a CI job to ensure go fix produces no result. Quoting `go doc cmd/fix`: > Fix finds Go programs that use old APIs and rewrites them to use newer > ones. After you update to a new Go release, fix helps make the > necessary changes to your programs. Signed-off-by: Kir Kolyshkin --- .github/workflows/validate.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index ad4929b2326..2fc53c129dc 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -47,6 +47,24 @@ jobs: run: | golangci-lint run --config .golangci-extra.yml --new-from-rev=HEAD~1 + go-fix: + runs-on: ubuntu-24.04 + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 2 + - uses: actions/setup-go@v5 + with: + go-version: "${{ env.GO_VERSION }}" + - name: install deps + run: | + sudo apt -q update + sudo apt -qy install libseccomp-dev + - name: run go fix + run: | + go fix ./... + git diff --exit-code + compile-buildtags: runs-on: ubuntu-24.04 env: From c8395b6e535214cd559fb8567810d65cd08081cc Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 10 Jul 2024 16:03:34 -0700 Subject: [PATCH 0624/1176] Enable govet nilness, fix an issue The code already checked if err == nil above, so the linter complains: > libcontainer/container_linux.go:534:18: nilness: tautological condition: non-nil != nil (govet) > } else if err != nil { > ^ Fix the issue, enable the check. Signed-off-by: Kir Kolyshkin --- .golangci.yml | 5 +++++ libcontainer/container_linux.go | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/.golangci.yml b/.golangci.yml index c088117d2ca..25d94ecf485 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -11,3 +11,8 @@ linters: - errorlint - unconvert - unparam + +linters-settings: + govet: + enable: + - nilness diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index e3e2cf2bdb8..6242c1ba248 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -531,7 +531,7 @@ func (c *Container) newParentProcess(p *Process) (parentProcess, error) { logrus.Debug("runc-dmz: using runc-dmz") // used for tests } else if errors.Is(err, dmz.ErrNoDmzBinary) { logrus.Debug("runc-dmz binary not embedded in runc binary, falling back to /proc/self/exe clone") - } else if err != nil { + } else { return nil, fmt.Errorf("failed to create runc-dmz binary clone: %w", err) } } else { From bb2db7b4fd85e694ae8bb68c23b2d253e9178f35 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 10 Jul 2024 16:12:04 -0700 Subject: [PATCH 0625/1176] libct: drop error from (*Container).currentState return This function never returns error since 2016 (commit 556f798a), so let's remove it. Signed-off-by: Kir Kolyshkin --- libcontainer/container_linux.go | 19 ++++++------------- 1 file changed, 6 insertions(+), 13 deletions(-) diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index 6242c1ba248..63db2199d54 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -99,7 +99,7 @@ func (c *Container) Status() (Status, error) { func (c *Container) State() (*State, error) { c.m.Lock() defer c.m.Unlock() - return c.currentState() + return c.currentState(), nil } // OCIState returns the current container's state information. @@ -666,10 +666,7 @@ func (c *Container) newInitProcess(p *Process, cmd *exec.Cmd, comm *processComm) func (c *Container) newSetnsProcess(p *Process, cmd *exec.Cmd, comm *processComm) (*setnsProcess, error) { cmd.Env = append(cmd.Env, "_LIBCONTAINER_INITTYPE="+string(initSetns)) - state, err := c.currentState() - if err != nil { - return nil, fmt.Errorf("unable to get container state: %w", err) - } + state := c.currentState() // for setns process, we don't have to set cloneflags as the process namespaces // will only be set via setns syscall data, err := c.bootstrapData(0, state.NamespacePaths) @@ -847,12 +844,8 @@ func (c *Container) updateState(process parentProcess) (*State, error) { if process != nil { c.initProcess = process } - state, err := c.currentState() - if err != nil { - return nil, err - } - err = c.saveState(state) - if err != nil { + state := c.currentState() + if err := c.saveState(state); err != nil { return nil, err } return state, nil @@ -938,7 +931,7 @@ func (c *Container) isPaused() (bool, error) { return state == configs.Frozen, nil } -func (c *Container) currentState() (*State, error) { +func (c *Container) currentState() *State { var ( startTime uint64 externalDescriptors []string @@ -982,7 +975,7 @@ func (c *Container) currentState() (*State, error) { } } } - return state, nil + return state } func (c *Container) currentOCIState() (*specs.State, error) { From 15ec295bb147cf9ae7df14564351ff52b0c13760 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 10 Jul 2024 16:25:07 -0700 Subject: [PATCH 0626/1176] ci/gha: bump golangci-lint to v1.59 Signed-off-by: Kir Kolyshkin --- .github/workflows/validate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 2fc53c129dc..eb0746ef407 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -40,7 +40,7 @@ jobs: sudo apt -qy install libseccomp-dev - uses: golangci/golangci-lint-action@v6 with: - version: v1.57 + version: v1.59 # Extra linters, only checking new code from a pull request. - name: lint-extra if: github.event_name == 'pull_request' From 6fc2733a911f92c2dbf57d6f67674c9afe52d8c5 Mon Sep 17 00:00:00 2001 From: Avi Deitcher Date: Fri, 19 Jul 2024 15:10:16 +0300 Subject: [PATCH 0627/1176] document build prerequsites for different platforms Signed-off-by: Avi Deitcher --- README.md | 36 ++++++++++++++++++++++++++++++++---- 1 file changed, 32 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 2d532f984fe..2c855e3c23e 100644 --- a/README.md +++ b/README.md @@ -29,12 +29,41 @@ A third party security audit was performed by Cure53, you can see the full repor `runc` only supports Linux. It must be built with Go version 1.21 or higher. +### Pre-Requisites + +#### Go + NOTE: if building with Go 1.22.x, make sure to use 1.22.4 or a later version (see [issue #4233](https://github.com/opencontainers/runc/issues/4233) for more details). -In order to enable seccomp support you will need to install `libseccomp` on your platform. -> e.g. `libseccomp-devel` for CentOS, or `libseccomp-dev` for Ubuntu +#### Utilities and Libraries + +In addition to Go, building `runc` requires multiple utilities and libraries to be installed on your system. + +On Ubuntu/Debian, you can install the required dependencies with: + +```bash +apt update && apt install -y make gcc linux-libc-dev libseccomp-dev pkg-config git +``` + +On CentOS/Fedora, you can install the required dependencies with: + +```bash +yum install -y make gcc kernel-headers libseccomp-devel pkg-config git +``` + +On Alpine Linux, you can install the required dependencies with: + +```bash +apk --update add bash make gcc libseccomp-dev musl-dev linux-headers git +``` + +The following dependencies are optional: + +* `libseccomp` - only required if you enable seccomp support; to disable, see [Build Tags](#build-tags) + +### Build ```bash # create a 'github.com/opencontainers' in your GOPATH/src @@ -57,7 +86,6 @@ sudo make install `runc` will be installed to `/usr/local/sbin/runc` on your system. - #### Build Tags `runc` supports optional build tags for compiling support of various features, @@ -118,7 +146,7 @@ You can run a test using your container engine's flags by setting `CONTAINER_ENG # make test CONTAINER_ENGINE_BUILD_FLAGS="--build-arg http_proxy=http://yourproxy/" CONTAINER_ENGINE_RUN_FLAGS="-e http_proxy=http://yourproxy/" ``` -### Dependencies Management +### Go Dependencies Management `runc` uses [Go Modules](https://github.com/golang/go/wiki/Modules) for dependencies management. Please refer to [Go Modules](https://github.com/golang/go/wiki/Modules) for how to add or update From 1410a6988d439ed2e17d5860cb95b8e50ed08a81 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Mon, 1 Jul 2024 13:36:43 +1000 Subject: [PATCH 0628/1176] rootfs: consolidate mountpoint creation logic The logic for how we create mountpoints is spread over each mountpoint preparation function, when in reality the behaviour is pretty uniform with only a handful of exceptions. So just move it all to one function that is easier to understand. Signed-off-by: Aleksa Sarai --- libcontainer/criu_linux.go | 35 ++------ libcontainer/rootfs_linux.go | 135 ++++++++++++++++--------------- libcontainer/utils/utils_unix.go | 15 ++++ 3 files changed, 94 insertions(+), 91 deletions(-) diff --git a/libcontainer/criu_linux.go b/libcontainer/criu_linux.go index fda16bead4c..4c6ae71465f 100644 --- a/libcontainer/criu_linux.go +++ b/libcontainer/criu_linux.go @@ -523,17 +523,7 @@ func (c *Container) restoreNetwork(req *criurpc.CriuReq, criuOpts *CriuOpts) { // restore using CRIU. This function is inspired from the code in // rootfs_linux.go. func (c *Container) makeCriuRestoreMountpoints(m *configs.Mount) error { - me := mountEntry{Mount: m} - dest, err := securejoin.SecureJoin(c.config.Rootfs, m.Destination) - if err != nil { - return err - } - // TODO: pass srcFD? Not sure if criu is impacted by issue #2484. - if err := checkProcMount(c.config.Rootfs, dest, me); err != nil { - return err - } - switch m.Device { - case "cgroup": + if m.Device == "cgroup" { // No mount point(s) need to be created: // // * for v1, mount points are saved by CRIU because @@ -542,23 +532,12 @@ func (c *Container) makeCriuRestoreMountpoints(m *configs.Mount) error { // * for v2, /sys/fs/cgroup is a real mount, but // the mountpoint appears as soon as /sys is mounted return nil - case "bind": - // For bind-mounts (unlike other filesystem types), we need to check if - // the source exists. - fi, _, err := me.srcStat() - if err != nil { - // error out if the source of a bind mount does not exist as we - // will be unable to bind anything to it. - return err - } - if err := createIfNotExists(dest, fi.IsDir()); err != nil { - return err - } - default: - // for all other filesystems just create the mountpoints - if err := os.MkdirAll(dest, 0o755); err != nil { - return err - } + } + // TODO: pass srcFD? Not sure if criu is impacted by issue #2484. + me := mountEntry{Mount: m} + // For all other filesystems, just make the target. + if _, err := createMountpoint(c.config.Rootfs, me); err != nil { + return fmt.Errorf("create criu restore mountpoint for %s mount: %w", me.Destination, err) } return nil } diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index 348d30fefe8..16878274cae 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -308,7 +308,11 @@ func mountCgroupV1(m *configs.Mount, c *mountConfig) error { for _, b := range binds { if c.cgroupns { + // We just created the tmpfs, and so we can just use filepath.Join + // here (not to mention we want to make sure we create the path + // inside the tmpfs, so we don't want to resolve symlinks). subsystemPath := filepath.Join(c.root, b.Destination) + subsystemName := filepath.Base(b.Destination) if err := os.MkdirAll(subsystemPath, 0o755); err != nil { return err } @@ -319,7 +323,7 @@ func mountCgroupV1(m *configs.Mount, c *mountConfig) error { } var ( source = "cgroup" - data = filepath.Base(subsystemPath) + data = subsystemName ) if data == "systemd" { data = cgroups.CgroupNamePrefix + data @@ -349,14 +353,7 @@ func mountCgroupV1(m *configs.Mount, c *mountConfig) error { } func mountCgroupV2(m *configs.Mount, c *mountConfig) error { - dest, err := securejoin.SecureJoin(c.root, m.Destination) - if err != nil { - return err - } - if err := os.MkdirAll(dest, 0o755); err != nil { - return err - } - err = utils.WithProcfd(c.root, m.Destination, func(dstFd string) error { + err := utils.WithProcfd(c.root, m.Destination, func(dstFd string) error { return mountViaFds(m.Source, nil, m.Destination, dstFd, "cgroup2", uintptr(m.Flags), m.Data) }) if err == nil || !(errors.Is(err, unix.EPERM) || errors.Is(err, unix.EBUSY)) { @@ -482,6 +479,65 @@ func statfsToMountFlags(st unix.Statfs_t) int { return flags } +var errRootfsToFile = errors.New("config tries to change rootfs to file") + +func createMountpoint(rootfs string, m mountEntry) (string, error) { + dest, err := securejoin.SecureJoin(rootfs, m.Destination) + if err != nil { + return "", err + } + if err := checkProcMount(rootfs, dest, m); err != nil { + return "", fmt.Errorf("check proc-safety of %s mount: %w", m.Destination, err) + } + + switch m.Device { + case "bind": + fi, _, err := m.srcStat() + if err != nil { + // Error out if the source of a bind mount does not exist as we + // will be unable to bind anything to it. + return "", err + } + // If the original source is not a directory, make the target a file. + if !fi.IsDir() { + // Make sure we aren't tricked into trying to make the root a file. + if rootfs == dest { + return "", fmt.Errorf("%w: file bind mount over rootfs", errRootfsToFile) + } + // Make the parent directory. + if err := os.MkdirAll(filepath.Dir(dest), 0o755); err != nil { + return "", fmt.Errorf("make parent dir of file bind-mount: %w", err) + } + // Make the target file. + f, err := os.OpenFile(dest, os.O_CREATE, 0o755) + if err != nil { + return "", fmt.Errorf("create target of file bind-mount: %w", err) + } + _ = f.Close() + // Nothing left to do. + return dest, nil + } + + case "tmpfs": + // If the original target exists, copy the mode for the tmpfs mount. + if stat, err := os.Stat(dest); err == nil { + dt := fmt.Sprintf("mode=%04o", syscallMode(stat.Mode())) + if m.Data != "" { + dt = dt + "," + m.Data + } + m.Data = dt + + // Nothing left to do. + return dest, nil + } + } + + if err := os.MkdirAll(dest, 0o755); err != nil { + return "", err + } + return dest, nil +} + func mountToRootfs(c *mountConfig, m mountEntry) error { rootfs := c.root @@ -495,7 +551,7 @@ func mountToRootfs(c *mountConfig, m mountEntry) error { // TODO: This won't be necessary once we switch to libpathrs and we can // stop all of these symlink-exchange attacks. dest := filepath.Clean(m.Destination) - if !strings.HasPrefix(dest, rootfs) { + if !utils.IsLexicallyInRoot(rootfs, dest) { // Do not use securejoin as it resolves symlinks. dest = filepath.Join(rootfs, dest) } @@ -516,37 +572,19 @@ func mountToRootfs(c *mountConfig, m mountEntry) error { return mountPropagate(m, rootfs, "") } - mountLabel := c.label - dest, err := securejoin.SecureJoin(rootfs, m.Destination) + dest, err := createMountpoint(rootfs, m) if err != nil { - return err - } - if err := checkProcMount(rootfs, dest, m); err != nil { - return err + return fmt.Errorf("create mountpoint for %s mount: %w", m.Destination, err) } + mountLabel := c.label switch m.Device { case "mqueue": - if err := os.MkdirAll(dest, 0o755); err != nil { - return err - } if err := mountPropagate(m, rootfs, ""); err != nil { return err } return label.SetFileLabel(dest, mountLabel) case "tmpfs": - if stat, err := os.Stat(dest); err != nil { - if err := os.MkdirAll(dest, 0o755); err != nil { - return err - } - } else { - dt := fmt.Sprintf("mode=%04o", syscallMode(stat.Mode())) - if m.Data != "" { - dt = dt + "," + m.Data - } - m.Data = dt - } - if m.Extensions&configs.EXT_COPYUP == configs.EXT_COPYUP { err = doTmpfsCopyUp(m, rootfs, mountLabel) } else { @@ -555,15 +593,6 @@ func mountToRootfs(c *mountConfig, m mountEntry) error { return err case "bind": - fi, _, err := m.srcStat() - if err != nil { - // error out if the source of a bind mount does not exist as we will be - // unable to bind anything to it. - return err - } - if err := createIfNotExists(dest, fi.IsDir()); err != nil { - return err - } // open_tree()-related shenanigans are all handled in mountViaFds. if err := mountPropagate(m, rootfs, mountLabel); err != nil { return err @@ -679,9 +708,6 @@ func mountToRootfs(c *mountConfig, m mountEntry) error { } return mountCgroupV1(m.Mount, c) default: - if err := os.MkdirAll(dest, 0o755); err != nil { - return err - } return mountPropagate(m, rootfs, mountLabel) } } @@ -899,6 +925,9 @@ func createDeviceNode(rootfs string, node *devices.Device, bind bool) error { if err != nil { return err } + if dest == rootfs { + return fmt.Errorf("%w: mknod over rootfs", errRootfsToFile) + } if err := os.MkdirAll(filepath.Dir(dest), 0o755); err != nil { return err } @@ -1169,26 +1198,6 @@ func chroot() error { return nil } -// createIfNotExists creates a file or a directory only if it does not already exist. -func createIfNotExists(path string, isDir bool) error { - if _, err := os.Stat(path); err != nil { - if os.IsNotExist(err) { - if isDir { - return os.MkdirAll(path, 0o755) - } - if err := os.MkdirAll(filepath.Dir(path), 0o755); err != nil { - return err - } - f, err := os.OpenFile(path, os.O_CREATE, 0o755) - if err != nil { - return err - } - _ = f.Close() - } - } - return nil -} - // readonlyPath will make a path read only. func readonlyPath(path string) error { if err := mount(path, path, "", unix.MS_BIND|unix.MS_REC, ""); err != nil { diff --git a/libcontainer/utils/utils_unix.go b/libcontainer/utils/utils_unix.go index 7b0acfa833a..6bf9102f414 100644 --- a/libcontainer/utils/utils_unix.go +++ b/libcontainer/utils/utils_unix.go @@ -9,6 +9,7 @@ import ( "path/filepath" "runtime" "strconv" + "strings" "sync" _ "unsafe" // for go:linkname @@ -260,3 +261,17 @@ func ProcThreadSelf(subpath string) (string, ProcThreadSelfCloser) { func ProcThreadSelfFd(fd uintptr) (string, ProcThreadSelfCloser) { return ProcThreadSelf("fd/" + strconv.FormatUint(uint64(fd), 10)) } + +// IsLexicallyInRoot is shorthand for strings.HasPrefix(path+"/", root+"/"), +// but properly handling the case where path or root are "/". +// +// NOTE: The return value only make sense if the path doesn't contain "..". +func IsLexicallyInRoot(root, path string) bool { + if root != "/" { + root += "/" + } + if path != "/" { + path += "/" + } + return strings.HasPrefix(path, root) +} From 171304c8a3c92fdd5a3ddaf0eb6ae9d4a27aacf2 Mon Sep 17 00:00:00 2001 From: ver4a Date: Wed, 7 Aug 2024 00:27:57 +0200 Subject: [PATCH 0629/1176] docs/systemd: fix a broken link Documentation was moved from https://docs.gtk.org/glib/gvariant-text.html to https://docs.gtk.org/glib/gvariant-text-format.html. Signed-off-by: ver4a --- docs/systemd.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/systemd.md b/docs/systemd.md index afe262462a0..1381709d111 100644 --- a/docs/systemd.md +++ b/docs/systemd.md @@ -125,7 +125,7 @@ The above will set the following properties: * `CollectMode` to "inactive-or-failed". The values must be in the gvariant text format, as described in -[gvariant documentation](https://docs.gtk.org/glib/gvariant-text.html). +[gvariant documentation](https://docs.gtk.org/glib/gvariant-text-format.html). To find out which type systemd expects for a particular parameter, please consult systemd sources. From 2c398bb41d8a824eabe1989e1939a16a18ffb83a Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Sat, 10 Aug 2024 14:45:44 -0700 Subject: [PATCH 0630/1176] libct/int/seccomp_test: simplify exit code checks In all the three cases, we check that the program returned non-zero exit code. This can be done in a much simpler manner. Signed-off-by: Kir Kolyshkin --- libcontainer/integration/seccomp_test.go | 45 ++++-------------------- 1 file changed, 6 insertions(+), 39 deletions(-) diff --git a/libcontainer/integration/seccomp_test.go b/libcontainer/integration/seccomp_test.go index 465dbaefccc..1ca13ebcf7d 100644 --- a/libcontainer/integration/seccomp_test.go +++ b/libcontainer/integration/seccomp_test.go @@ -52,19 +52,8 @@ func TestSeccompDenySyslogWithErrno(t *testing.T) { if err == nil { t.Fatal("Expecting error (negative return code); instead exited cleanly!") } - - var exitCode int - status := ps.Sys().(syscall.WaitStatus) - if status.Exited() { - exitCode = status.ExitStatus() - } else if status.Signaled() { - exitCode = -int(status.Signal()) - } else { - t.Fatalf("Unrecognized exit reason!") - } - - if exitCode == 0 { - t.Fatalf("dmesg should fail with negative exit code, instead got %d!", exitCode) + if ps.Success() { + t.Fatal("dmesg should fail with negative exit code, instead got 0!") } expected := "dmesg: klogctl: No such process" @@ -111,19 +100,8 @@ func TestSeccompDenySyslog(t *testing.T) { if err == nil { t.Fatal("Expecting error (negative return code); instead exited cleanly!") } - - var exitCode int - status := ps.Sys().(syscall.WaitStatus) - if status.Exited() { - exitCode = status.ExitStatus() - } else if status.Signaled() { - exitCode = -int(status.Signal()) - } else { - t.Fatalf("Unrecognized exit reason!") - } - - if exitCode == 0 { - t.Fatalf("dmesg should fail with negative exit code, instead got %d!", exitCode) + if ps.Success() { + t.Fatal("dmesg should fail with negative exit code, instead got 0!") } expected := "dmesg: klogctl: Operation not permitted" @@ -230,19 +208,8 @@ func TestSeccompDenyWriteConditional(t *testing.T) { if err == nil { t.Fatal("Expecting negative return, instead got 0!") } - - var exitCode int - status := ps.Sys().(syscall.WaitStatus) - if status.Exited() { - exitCode = status.ExitStatus() - } else if status.Signaled() { - exitCode = -int(status.Signal()) - } else { - t.Fatalf("Unrecognized exit reason!") - } - - if exitCode == 0 { - t.Fatalf("Busybox should fail with negative exit code, instead got %d!", exitCode) + if ps.Success() { + t.Fatal("Busybox should fail with negative exit code, instead got 0!") } // We're denying write to stderr, so we expect an empty buffer From b437ed3063150c721eb1d3c5e4d8d46b083c7ed7 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 13 Aug 2024 17:33:14 -0700 Subject: [PATCH 0631/1176] tests/int: check_{systemd,cgroup}_value: better log 1. Rename current -> got, expected -> want. 2. check_cgroup_value: add file name to output. 3. Improve functions description. This is mostly to simplify debugging test failures. Example output before: current 500000 !? 500 After: cpu.max.burst: got 500000, want 500 Signed-off-by: Kir Kolyshkin --- tests/integration/helpers.bash | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/tests/integration/helpers.bash b/tests/integration/helpers.bash index 40637bca648..b32652dc25e 100755 --- a/tests/integration/helpers.bash +++ b/tests/integration/helpers.bash @@ -260,29 +260,29 @@ function get_cgroup_value() { cat "$cgroup/$1" } -# Helper to check a if value in a cgroup file matches the expected one. +# Check if a value in a cgroup file $1 matches $2. function check_cgroup_value() { - local current - current="$(get_cgroup_value "$1")" - local expected=$2 + local got + got="$(get_cgroup_value "$1")" + local want=$2 - echo "current $current !? $expected" - [ "$current" = "$expected" ] + echo "$1: got $got, want $want" + [ "$got" = "$want" ] } -# Helper to check a value in systemd. +# Check if a value of systemd unit property $1 matches $2 or $3 (if specified). function check_systemd_value() { [ ! -v RUNC_USE_SYSTEMD ] && return local source="$1" [ "$source" = "unsupported" ] && return - local expected="$2" - local expected2="${3:-}" + local want="$2" + local want2="${3:-}" local user="" [ $EUID -ne 0 ] && user="--user" - current=$(systemctl show $user --property "$source" "$SD_UNIT_NAME" | awk -F= '{print $2}') - echo "systemd $source: current $current !? $expected $expected2" - [ "$current" = "$expected" ] || [[ -n "$expected2" && "$current" = "$expected2" ]] + got=$(systemctl show $user --property "$source" "$SD_UNIT_NAME" | awk -F= '{print $2}') + echo "systemd $source: got $got, want $want $want2" + [ "$got" = "$want" ] || [[ -n "$want2" && "$got" = "$want2" ]] } function check_cpu_quota() { From a7c8d86fc14da6c80d834e15b234c6012d5e2bf0 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 13 Aug 2024 17:53:46 -0700 Subject: [PATCH 0632/1176] tests/int: fix "cpu burst" failure on new kernels A kernel bug which resulted in cpu.max.burst value read which is 1000 times smaller than it should be has recently been fixed (see [1]). Adapt the test so it works with either broken or fixed kernel. [1]: https://lore.kernel.org/all/20240424132438.514720-1-serein.chengyu@huawei.com/ Signed-off-by: Kir Kolyshkin --- tests/integration/helpers.bash | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/tests/integration/helpers.bash b/tests/integration/helpers.bash index b32652dc25e..a644bbadf63 100755 --- a/tests/integration/helpers.bash +++ b/tests/integration/helpers.bash @@ -260,14 +260,15 @@ function get_cgroup_value() { cat "$cgroup/$1" } -# Check if a value in a cgroup file $1 matches $2. +# Check if a value in a cgroup file $1 matches $2 or $3 (if specified). function check_cgroup_value() { local got got="$(get_cgroup_value "$1")" local want=$2 + local want2="${3:-}" - echo "$1: got $got, want $want" - [ "$got" = "$want" ] + echo "$1: got $got, want $want $want2" + [ "$got" = "$want" ] || [[ -n "$want2" && "$got" = "$want2" ]] } # Check if a value of systemd unit property $1 matches $2 or $3 (if specified). @@ -316,8 +317,10 @@ function check_cpu_quota() { function check_cpu_burst() { local burst=$1 if [ -v CGROUP_V2 ]; then - burst=$((burst / 1000)) - check_cgroup_value "cpu.max.burst" "$burst" + # Due to a kernel bug (fixed by commit 49217ea147df, see + # https://lore.kernel.org/all/20240424132438.514720-1-serein.chengyu@huawei.com/), + # older kernels printed value divided by 1000. Check for both. + check_cgroup_value "cpu.max.burst" "$burst" "$((burst / 1000))" else check_cgroup_value "cpu.cfs_burst_us" "$burst" fi From be539412b826a1511eba0ab061bc4ec7f9182302 Mon Sep 17 00:00:00 2001 From: lifubang Date: Wed, 14 Aug 2024 18:30:18 +0800 Subject: [PATCH 0633/1176] ensure we can download the specific version's go Signed-off-by: lifubang --- .cirrus.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.cirrus.yml b/.cirrus.yml index c5661a02a4a..35cd3d4abf7 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -119,7 +119,7 @@ task: # Install Go. PREFIX="https://go.dev/dl/" # Find out the latest minor release URL. - eval $(curl -fsSL "${PREFIX}?mode=json" | jq -r --arg Ver "$GO_VERSION" '.[] | select(.version | startswith("go\($Ver)")) | .files[] | select(.os == "linux" and .arch == "amd64" and .kind == "archive") | "filename=\"" + .filename + "\""') + filename=$(curl -fsSL "${PREFIX}?mode=json&include=all" | jq -r --arg Ver "go$GO_VERSION." '. | map(select(.version | contains($Ver))) | first | .files[] | select(.os == "linux" and .arch == "amd64" and .kind == "archive") | .filename') curl -fsSL "$PREFIX$filename" | tar Cxz /usr/local # install bats cd /tmp From adedeb993a3a1b782a904d03c544f56f3bc0fc2b Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 25 Jul 2024 23:57:31 -0700 Subject: [PATCH 0634/1176] ci/gha: add Go 1.23, drop 1.21 - drop Go 1.21; - add Go 1.23; - for a few jobs that were using Go 1.21, switch to 1.22; Also, bump go to 1.22 in go.mod. Signed-off-by: Kir Kolyshkin --- .cirrus.yml | 2 +- .github/workflows/test.yml | 8 ++++---- go.mod | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.cirrus.yml b/.cirrus.yml index 35cd3d4abf7..9912d74da8d 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -77,7 +77,7 @@ task: env: HOME: /root CIRRUS_WORKING_DIR: /home/runc - GO_VERSION: "1.21" + GO_VERSION: "1.22" BATS_VERSION: "v1.9.0" RPMS: gcc git iptables jq glibc-static libseccomp-devel make criu fuse-sshfs container-selinux # yamllint disable rule:key-duplicates diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 73cbf652d92..13d8ff0bdb8 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -24,7 +24,7 @@ jobs: fail-fast: false matrix: os: [ubuntu-20.04, ubuntu-24.04, actuated-arm64-6cpu-8gb] - go-version: [1.21.x, 1.22.x] + go-version: [1.22.x, 1.23.x] rootless: ["rootless", ""] race: ["-race", ""] criu: ["", "criu-dev"] @@ -33,7 +33,7 @@ jobs: # Disable most of criu-dev jobs, as they are expensive # (need to compile criu) and don't add much value/coverage. - criu: criu-dev - go-version: 1.21.x + go-version: 1.22.x - criu: criu-dev rootless: rootless - criu: criu-dev @@ -45,12 +45,12 @@ jobs: - dmz: runc_nodmz os: ubuntu-20.04 - dmz: runc_nodmz - go-version: 1.21.x + go-version: 1.22.x - dmz: runc_nodmz rootless: rootless - dmz: runc_nodmz race: -race - - go-version: 1.21.x + - go-version: 1.22.x os: actuated-arm64-6cpu-8gb - race: "-race" os: actuated-arm64-6cpu-8gb diff --git a/go.mod b/go.mod index 98b23ab872d..cd65bd3b7b7 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/opencontainers/runc -go 1.21 +go 1.22 require ( github.com/checkpoint-restore/go-criu/v6 v6.3.0 From 606257c6e14f0d77c10fdffe4837ef7d70a6c4f9 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 13 Aug 2024 23:20:26 -0700 Subject: [PATCH 0635/1176] Bump golangci-lint to v1.60, fix new warnings The warnings fixed were: libcontainer/configs/config_test.go:205:12: printf: non-constant format string in call to (*testing.common).Errorf (govet) t.Errorf(fmt.Sprintf("Expected error to not occur but it was %+v", err)) ^ libcontainer/cgroups/fs/blkio_test.go:481:13: printf: non-constant format string in call to (*testing.common).Errorf (govet) t.Errorf(fmt.Sprintf("test case '%s' failed unexpectedly: %s", testCase.desc, err)) ^ libcontainer/cgroups/fs/blkio_test.go:595:13: printf: non-constant format string in call to (*testing.common).Errorf (govet) t.Errorf(fmt.Sprintf("test case '%s' failed unexpectedly: %s", testCase.desc, err)) ^ Signed-off-by: Kir Kolyshkin --- .github/workflows/validate.yml | 2 +- libcontainer/cgroups/fs/blkio_test.go | 5 ++--- libcontainer/configs/config_test.go | 2 +- 3 files changed, 4 insertions(+), 5 deletions(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index eb0746ef407..acbd5953678 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -40,7 +40,7 @@ jobs: sudo apt -qy install libseccomp-dev - uses: golangci/golangci-lint-action@v6 with: - version: v1.59 + version: v1.60 # Extra linters, only checking new code from a pull request. - name: lint-extra if: github.event_name == 'pull_request' diff --git a/libcontainer/cgroups/fs/blkio_test.go b/libcontainer/cgroups/fs/blkio_test.go index 09abd712323..d2603fd6c7d 100644 --- a/libcontainer/cgroups/fs/blkio_test.go +++ b/libcontainer/cgroups/fs/blkio_test.go @@ -1,7 +1,6 @@ package fs import ( - "fmt" "strconv" "testing" @@ -478,7 +477,7 @@ func TestBlkioStatsNoFilesBFQDebug(t *testing.T) { actualStats := *cgroups.NewStats() err := cpuset.GetStats(path, &actualStats) if err != nil { - t.Errorf(fmt.Sprintf("test case '%s' failed unexpectedly: %s", testCase.desc, err)) + t.Errorf("%s: want no error, got: %+v", testCase.desc, err) } } } @@ -592,7 +591,7 @@ func TestBlkioStatsNoFilesCFQ(t *testing.T) { actualStats := *cgroups.NewStats() err := cpuset.GetStats(path, &actualStats) if err != nil { - t.Errorf(fmt.Sprintf("test case '%s' failed unexpectedly: %s", testCase.desc, err)) + t.Errorf("%s: want no error, got %+v", testCase.desc, err) } } } diff --git a/libcontainer/configs/config_test.go b/libcontainer/configs/config_test.go index 5c29b747fce..ceabaca737f 100644 --- a/libcontainer/configs/config_test.go +++ b/libcontainer/configs/config_test.go @@ -202,7 +202,7 @@ exit 0 }) if err := cmdHook.Run(state); err != nil { - t.Errorf(fmt.Sprintf("Expected error to not occur but it was %+v", err)) + t.Errorf("Want no error, got: %+v", err) } } From f4cc3d83131363e3ecc609abbb2190f0403ce6c6 Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Thu, 8 Aug 2024 12:10:16 +0200 Subject: [PATCH 0636/1176] Revert "allow overriding VERSION value in Makefile" This reverts commit 9d9273c926450a2f6f658768e3238b7082ec878d. This commit broke the build for several other projects (see comments here: https://github.com/opencontainers/runc/pull/4270, after the merge) and we don't really need this to be able to set the version without changing the file. With this commit reverted, we can still run: make VERSION="1.2.3" and it just works. It doesn't take it from an env variable, but that is what broke all the other projects (VERSION is just too generic as an env var, especially for a project like runc that is embedded in many others). Signed-off-by: Rodrigo Campos --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 94b9a3c341f..0fc9923e4f2 100644 --- a/Makefile +++ b/Makefile @@ -18,7 +18,7 @@ BUILDTAGS ?= seccomp urfave_cli_no_docs BUILDTAGS += $(EXTRA_BUILDTAGS) COMMIT ?= $(shell git describe --dirty --long --always) -VERSION ?= $(shell cat ./VERSION) +VERSION := $(shell cat ./VERSION) LDFLAGS_COMMON := -X main.gitCommit=$(COMMIT) -X main.version=$(VERSION) GOARCH := $(shell $(GO) env GOARCH) From f76489f0afe680f227a67c703f234f6c2d4357e8 Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Fri, 16 Aug 2024 00:55:48 +0900 Subject: [PATCH 0637/1176] mv contrib/cmd tests/cmd (except memfd-bind) The following commands are moved from `contrib/cmd` to `tests/cmd`: - fs-idmap - pidfd-kill - recvtty - remap-rootfs - sd-helper - seccompagent Signed-off-by: Akihiro Suda --- .gitignore | 12 +++++----- Makefile | 22 +++++++++++-------- docs/terminals.md | 2 +- {contrib => tests}/cmd/fs-idmap/fs-idmap.go | 0 .../cmd/pidfd-kill/pidfd-kill.go | 2 +- {contrib => tests}/cmd/recvtty/recvtty.go | 2 +- .../cmd/remap-rootfs/remap-rootfs.go | 2 +- {contrib => tests}/cmd/sd-helper/helper.go | 2 +- {contrib => tests}/cmd/seccompagent/README.md | 2 +- .../seccompagent/gen-seccomp-example-cfg.sh | 0 .../cmd/seccompagent/seccompagent.go | 0 .../cmd/seccompagent/unsupported.go | 0 tests/integration/helpers.bash | 12 +++++----- tests/integration/seccomp-notify.bats | 2 +- 14 files changed, 32 insertions(+), 28 deletions(-) rename {contrib => tests}/cmd/fs-idmap/fs-idmap.go (100%) rename {contrib => tests}/cmd/pidfd-kill/pidfd-kill.go (97%) rename {contrib => tests}/cmd/recvtty/recvtty.go (98%) rename {contrib => tests}/cmd/remap-rootfs/remap-rootfs.go (98%) rename {contrib => tests}/cmd/sd-helper/helper.go (96%) rename {contrib => tests}/cmd/seccompagent/README.md (97%) rename {contrib => tests}/cmd/seccompagent/gen-seccomp-example-cfg.sh (100%) rename {contrib => tests}/cmd/seccompagent/seccompagent.go (100%) rename {contrib => tests}/cmd/seccompagent/unsupported.go (100%) diff --git a/.gitignore b/.gitignore index 1fcbcfbd379..8cab96cbc75 100644 --- a/.gitignore +++ b/.gitignore @@ -1,13 +1,13 @@ vendor/pkg /runc /runc-* -/contrib/cmd/recvtty/recvtty -/contrib/cmd/sd-helper/sd-helper -/contrib/cmd/seccompagent/seccompagent -/contrib/cmd/fs-idmap/fs-idmap /contrib/cmd/memfd-bind/memfd-bind -/contrib/cmd/pidfd-kill/pidfd-kill -/contrib/cmd/remap-rootfs/remap-rootfs +/tests/cmd/recvtty/recvtty +/tests/cmd/sd-helper/sd-helper +/tests/cmd/seccompagent/seccompagent +/tests/cmd/fs-idmap/fs-idmap +/tests/cmd/pidfd-kill/pidfd-kill +/tests/cmd/remap-rootfs/remap-rootfs man/man8 release Vagrantfile diff --git a/Makefile b/Makefile index 94b9a3c341f..ba08b886161 100644 --- a/Makefile +++ b/Makefile @@ -78,22 +78,26 @@ runc-bin: runc-dmz $(GO_BUILD) -o runc . .PHONY: all -all: runc recvtty sd-helper seccompagent fs-idmap memfd-bind pidfd-kill remap-rootfs +all: runc memfd-bind recvtty sd-helper seccompagent fs-idmap pidfd-kill remap-rootfs -.PHONY: recvtty sd-helper seccompagent fs-idmap memfd-bind pidfd-kill remap-rootfs -recvtty sd-helper seccompagent fs-idmap memfd-bind pidfd-kill remap-rootfs: +.PHONY: memfd-bind +memfd-bind: $(GO_BUILD) -o contrib/cmd/$@/$@ ./contrib/cmd/$@ +.PHONY: recvtty sd-helper seccompagent fs-idmap pidfd-kill remap-rootfs +recvtty sd-helper seccompagent fs-idmap pidfd-kill remap-rootfs: + $(GO_BUILD) -o tests/cmd/$@/$@ ./tests/cmd/$@ + .PHONY: clean clean: rm -f runc runc-* libcontainer/dmz/binary/runc-dmz - rm -f contrib/cmd/recvtty/recvtty - rm -f contrib/cmd/sd-helper/sd-helper - rm -f contrib/cmd/seccompagent/seccompagent - rm -f contrib/cmd/fs-idmap/fs-idmap rm -f contrib/cmd/memfd-bind/memfd-bind - rm -f contrib/cmd/pidfd-kill/pidfd-kill - rm -f contrib/cmd/remap-rootfs/remap-rootfs + rm -f tests/cmd/recvtty/recvtty + rm -f tests/cmd/sd-helper/sd-helper + rm -f tests/cmd/seccompagent/seccompagent + rm -f tests/cmd/fs-idmap/fs-idmap + rm -f tests/cmd/pidfd-kill/pidfd-kill + rm -f tests/cmd/remap-rootfs/remap-rootfs sudo rm -rf release rm -rf man/man8 diff --git a/docs/terminals.md b/docs/terminals.md index aa9f71ee059..1e53f5de80a 100644 --- a/docs/terminals.md +++ b/docs/terminals.md @@ -351,4 +351,4 @@ a [Go implementation in the `go-runc` bindings][containerd/go-runc.Socket], as well as [a simple client][recvtty]. [containerd/go-runc.Socket]: https://godoc.org/github.com/containerd/go-runc#Socket -[recvtty]: /contrib/cmd/recvtty +[recvtty]: /tests/cmd/recvtty diff --git a/contrib/cmd/fs-idmap/fs-idmap.go b/tests/cmd/fs-idmap/fs-idmap.go similarity index 100% rename from contrib/cmd/fs-idmap/fs-idmap.go rename to tests/cmd/fs-idmap/fs-idmap.go diff --git a/contrib/cmd/pidfd-kill/pidfd-kill.go b/tests/cmd/pidfd-kill/pidfd-kill.go similarity index 97% rename from contrib/cmd/pidfd-kill/pidfd-kill.go rename to tests/cmd/pidfd-kill/pidfd-kill.go index b5caa4f208d..ea9a9df8d77 100644 --- a/contrib/cmd/pidfd-kill/pidfd-kill.go +++ b/tests/cmd/pidfd-kill/pidfd-kill.go @@ -14,7 +14,7 @@ import ( ) const ( - usage = `Open Container Initiative contrib/cmd/pidfd-kill + usage = `Open Container Initiative tests/cmd/pidfd-kill pidfd-kill is an implementation of a consumer of runC's --pidfd-socket API. After received SIGTERM, pidfd-kill sends the given signal to init process by diff --git a/contrib/cmd/recvtty/recvtty.go b/tests/cmd/recvtty/recvtty.go similarity index 98% rename from contrib/cmd/recvtty/recvtty.go rename to tests/cmd/recvtty/recvtty.go index 532a4c33904..2c82665ab09 100644 --- a/contrib/cmd/recvtty/recvtty.go +++ b/tests/cmd/recvtty/recvtty.go @@ -39,7 +39,7 @@ var version = "" var gitCommit = "" const ( - usage = `Open Container Initiative contrib/cmd/recvtty + usage = `Open Container Initiative tests/cmd/recvtty recvtty is a reference implementation of a consumer of runC's --console-socket API. It has two main modes of operation: diff --git a/contrib/cmd/remap-rootfs/remap-rootfs.go b/tests/cmd/remap-rootfs/remap-rootfs.go similarity index 98% rename from contrib/cmd/remap-rootfs/remap-rootfs.go rename to tests/cmd/remap-rootfs/remap-rootfs.go index b9739ba89c7..0c4eb2021b1 100644 --- a/contrib/cmd/remap-rootfs/remap-rootfs.go +++ b/tests/cmd/remap-rootfs/remap-rootfs.go @@ -13,7 +13,7 @@ import ( "github.com/opencontainers/runtime-spec/specs-go" ) -const usage = `contrib/cmd/remap-rootfs +const usage = `tests/cmd/remap-rootfs remap-rootfs is a helper tool to remap the root filesystem of a Open Container Initiative bundle using user namespaces such that the file owners are remapped diff --git a/contrib/cmd/sd-helper/helper.go b/tests/cmd/sd-helper/helper.go similarity index 96% rename from contrib/cmd/sd-helper/helper.go rename to tests/cmd/sd-helper/helper.go index fc2bf38af67..49b77d004fb 100644 --- a/contrib/cmd/sd-helper/helper.go +++ b/tests/cmd/sd-helper/helper.go @@ -13,7 +13,7 @@ import ( ) func usage() { - fmt.Print(`Open Container Initiative contrib/cmd/sd-helper + fmt.Print(`Open Container Initiative tests/cmd/sd-helper sd-helper is a tool that uses runc/libcontainer/cgroups/systemd package functionality to communicate to systemd in order to perform various operations. diff --git a/contrib/cmd/seccompagent/README.md b/tests/cmd/seccompagent/README.md similarity index 97% rename from contrib/cmd/seccompagent/README.md rename to tests/cmd/seccompagent/README.md index d42d4bda369..80638797adb 100644 --- a/contrib/cmd/seccompagent/README.md +++ b/tests/cmd/seccompagent/README.md @@ -17,7 +17,7 @@ make all Run the seccomp agent in the background: ```bash -sudo ./contrib/cmd/seccompagent/seccompagent & +sudo ./tests/cmd/seccompagent/seccompagent & ``` Prepare a container: diff --git a/contrib/cmd/seccompagent/gen-seccomp-example-cfg.sh b/tests/cmd/seccompagent/gen-seccomp-example-cfg.sh similarity index 100% rename from contrib/cmd/seccompagent/gen-seccomp-example-cfg.sh rename to tests/cmd/seccompagent/gen-seccomp-example-cfg.sh diff --git a/contrib/cmd/seccompagent/seccompagent.go b/tests/cmd/seccompagent/seccompagent.go similarity index 100% rename from contrib/cmd/seccompagent/seccompagent.go rename to tests/cmd/seccompagent/seccompagent.go diff --git a/contrib/cmd/seccompagent/unsupported.go b/tests/cmd/seccompagent/unsupported.go similarity index 100% rename from contrib/cmd/seccompagent/unsupported.go rename to tests/cmd/seccompagent/unsupported.go diff --git a/tests/integration/helpers.bash b/tests/integration/helpers.bash index a644bbadf63..76fbab3f5d1 100755 --- a/tests/integration/helpers.bash +++ b/tests/integration/helpers.bash @@ -13,12 +13,12 @@ eval "$IMAGES" unset IMAGES : "${RUNC:="${INTEGRATION_ROOT}/../../runc"}" -RECVTTY="${INTEGRATION_ROOT}/../../contrib/cmd/recvtty/recvtty" -SD_HELPER="${INTEGRATION_ROOT}/../../contrib/cmd/sd-helper/sd-helper" -SECCOMP_AGENT="${INTEGRATION_ROOT}/../../contrib/cmd/seccompagent/seccompagent" -FS_IDMAP="${INTEGRATION_ROOT}/../../contrib/cmd/fs-idmap/fs-idmap" -PIDFD_KILL="${INTEGRATION_ROOT}/../../contrib/cmd/pidfd-kill/pidfd-kill" -REMAP_ROOTFS="${INTEGRATION_ROOT}/../../contrib/cmd/remap-rootfs/remap-rootfs" +RECVTTY="${INTEGRATION_ROOT}/../../tests/cmd/recvtty/recvtty" +SD_HELPER="${INTEGRATION_ROOT}/../../tests/cmd/sd-helper/sd-helper" +SECCOMP_AGENT="${INTEGRATION_ROOT}/../../tests/cmd/seccompagent/seccompagent" +FS_IDMAP="${INTEGRATION_ROOT}/../../tests/cmd/fs-idmap/fs-idmap" +PIDFD_KILL="${INTEGRATION_ROOT}/../../tests/cmd/pidfd-kill/pidfd-kill" +REMAP_ROOTFS="${INTEGRATION_ROOT}/../../tests/cmd/remap-rootfs/remap-rootfs" # Some variables may not always be set. Set those to empty value, # if unset, to avoid "unbound variable" error. diff --git a/tests/integration/seccomp-notify.bats b/tests/integration/seccomp-notify.bats index 58492090236..fcbd5664907 100644 --- a/tests/integration/seccomp-notify.bats +++ b/tests/integration/seccomp-notify.bats @@ -214,7 +214,7 @@ function scmp_act_notify_template() { @test "runc run [seccomp] (SCMP_ACT_NOTIFY example config)" { # Run the script used in the seccomp agent example. # This takes a bare config.json and modifies it to run an example. - "${INTEGRATION_ROOT}/../../contrib/cmd/seccompagent/gen-seccomp-example-cfg.sh" + "${INTEGRATION_ROOT}/../../tests/cmd/seccompagent/gen-seccomp-example-cfg.sh" # The listenerPath the previous command uses is the default used by the # seccomp agent. However, inside bats the socket is in a bats tmp dir. From cc2078ccddd1bf77fbc225ae5507eea6c125b956 Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Wed, 14 Aug 2024 12:46:54 +0200 Subject: [PATCH 0638/1176] Makefile: Add EXTRA_VERSION Add this new make variable so users can specify build information without modifying the runc version nor the source code. Signed-off-by: Rodrigo Campos --- Makefile | 3 ++- README.md | 11 +++++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 0fc9923e4f2..3c952faefcf 100644 --- a/Makefile +++ b/Makefile @@ -18,7 +18,8 @@ BUILDTAGS ?= seccomp urfave_cli_no_docs BUILDTAGS += $(EXTRA_BUILDTAGS) COMMIT ?= $(shell git describe --dirty --long --always) -VERSION := $(shell cat ./VERSION) +EXTRA_VERSION := +VERSION := $(shell cat ./VERSION)$(EXTRA_VERSION) LDFLAGS_COMMON := -X main.gitCommit=$(COMMIT) -X main.version=$(VERSION) GOARCH := $(shell $(GO) env GOARCH) diff --git a/README.md b/README.md index 2c855e3c23e..88497c16945 100644 --- a/README.md +++ b/README.md @@ -86,6 +86,17 @@ sudo make install `runc` will be installed to `/usr/local/sbin/runc` on your system. +#### Version string customization + +You can see the runc version by running `runc --version`. You can append a custom string to the +version using the `EXTRA_VERSION` make variable when building, e.g.: + +```bash +make EXTRA_VERSION="+build-1" +``` + +Bear in mind to include some separator for readability. + #### Build Tags `runc` supports optional build tags for compiling support of various features, From 2cd24a4dae4d3bc9a8d67b7802b06b41e2cb5a5f Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 13 Aug 2024 18:50:35 -0700 Subject: [PATCH 0639/1176] ci/gha: add all-done jobs The sole reason is to simplify branch protection rules, requiring just these to be passed. Signed-off-by: Kir Kolyshkin --- .github/workflows/test.yml | 8 ++++++++ .github/workflows/validate.yml | 19 +++++++++++++++++++ 2 files changed, 27 insertions(+) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 13d8ff0bdb8..b74c9eca87f 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -233,3 +233,11 @@ jobs: env: EXTRA_BUILDTAGS: ${{ matrix.dmz }} run: sudo -E PATH="$PATH" -- make GOARCH=386 localunittest + + all-done: + needs: + - test + - cross-i386 + runs-on: ubuntu-24.04 + steps: + - run: echo "All jobs completed" diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index acbd5953678..9f6c7ffc62e 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -234,3 +234,22 @@ jobs: cd tests/integration ./bootstrap-get-images.sh > get-images.sh git diff --exit-code + + all-done: + needs: + - cfmt + - codespell + - commit + - compile-buildtags + - deps + - get-images + - go-fix + - keyring + - lint + - release + - shellcheck + - shfmt + - space-at-eol + runs-on: ubuntu-24.04 + steps: + - run: echo "All jobs completed" From 767bc0089c605b80c7bf5d7f6bc8ce63e9853020 Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Thu, 15 Aug 2024 11:37:59 +0200 Subject: [PATCH 0640/1176] Makefile: Don't read COMMIT, BUILDTAG, EXTRA_BUILDTAGS from env vars We recently switched VERSION to be read from env vars (#4270). This broke several projects, as they were building runc and using a `VERSION` env var for, e.g. the containerd version. When fixing that in #4370, we discussed to consider doing the same for these variables too (https://github.com/opencontainers/runc/pull/4370#pullrequestreview-2240030944). Let's stop reading them from env vars, as it is very easy to do it by mistake (e.g. compile runc and define a COMMIT env var, not to override the commit shown in `runc --version`) and users that want can still override them if they want to. For example, with: make EXTRA_BUILDTAGS=runc_nodmz Signed-off-by: Rodrigo Campos --- Makefile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index c7a563a49f2..6bdd031addc 100644 --- a/Makefile +++ b/Makefile @@ -14,10 +14,11 @@ GIT_BRANCH := $(shell git rev-parse --abbrev-ref HEAD 2>/dev/null) GIT_BRANCH_CLEAN := $(shell echo $(GIT_BRANCH) | sed -e "s/[^[:alnum:]]/-/g") RUNC_IMAGE := runc_dev$(if $(GIT_BRANCH_CLEAN),:$(GIT_BRANCH_CLEAN)) PROJECT := github.com/opencontainers/runc -BUILDTAGS ?= seccomp urfave_cli_no_docs +EXTRA_BUILDTAGS := +BUILDTAGS := seccomp urfave_cli_no_docs BUILDTAGS += $(EXTRA_BUILDTAGS) -COMMIT ?= $(shell git describe --dirty --long --always) +COMMIT := $(shell git describe --dirty --long --always) EXTRA_VERSION := VERSION := $(shell cat ./VERSION)$(EXTRA_VERSION) LDFLAGS_COMMON := -X main.gitCommit=$(COMMIT) -X main.version=$(VERSION) From 63c2908164f3a1daea455bf5bcd8d363d70328c7 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Tue, 2 Jul 2024 20:58:43 +1000 Subject: [PATCH 0641/1176] rootfs: try to scope MkdirAll to stay inside the rootfs While we use SecureJoin to try to make all of our target paths inside the container safe, SecureJoin is not safe against an attacker than can change the path after we "resolve" it. os.MkdirAll can inadvertently follow symlinks and thus an attacker could end up tricking runc into creating empty directories on the host (note that the container doesn't get access to these directories, and the host just sees empty directories). However, this could potentially cause DoS issues by (for instance) creating a directory in a conf.d directory for a daemon that doesn't handle subdirectories properly. In addition, the handling for creating file bind-mounts did a plain open(O_CREAT) on the SecureJoin'd path, which is even more obviously unsafe (luckily we didn't use O_TRUNC, or this bug could've allowed an attacker to cause data loss...). Regardless of the symlink issue, opening an untrusted file could result in a DoS if the file is a hung tty or some other "nasty" file. We can use mknodat to safely create a regular file without opening anything anyway (O_CREAT|O_EXCL would also work but it makes the logic a bit more complicated, and we don't want to open the file for any particular reason anyway). libpathrs[1] is the long-term solution for these kinds of problems, but for now we can patch this particular issue by creating a more restricted MkdirAll that refuses to resolve symlinks and does the creation using file descriptors. This is loosely based on a more secure version that filepath-securejoin now has[2] and will be added to libpathrs soon[3]. [1]: https://github.com/openSUSE/libpathrs [2]: https://github.com/cyphar/filepath-securejoin/releases/tag/v0.3.0 [3]: https://github.com/openSUSE/libpathrs/issues/10 Fixes: CVE-2024-45310 Signed-off-by: Aleksa Sarai --- libcontainer/rootfs_linux.go | 31 ++++++--- libcontainer/system/linux.go | 41 +++++++++++ libcontainer/utils/utils_unix.go | 112 +++++++++++++++++++++++++++++++ 3 files changed, 174 insertions(+), 10 deletions(-) diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index 16878274cae..f5112398cb2 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -313,7 +313,7 @@ func mountCgroupV1(m *configs.Mount, c *mountConfig) error { // inside the tmpfs, so we don't want to resolve symlinks). subsystemPath := filepath.Join(c.root, b.Destination) subsystemName := filepath.Base(b.Destination) - if err := os.MkdirAll(subsystemPath, 0o755); err != nil { + if err := utils.MkdirAllInRoot(c.root, subsystemPath, 0o755); err != nil { return err } if err := utils.WithProcfd(c.root, b.Destination, func(dstFd string) error { @@ -505,15 +505,26 @@ func createMountpoint(rootfs string, m mountEntry) (string, error) { return "", fmt.Errorf("%w: file bind mount over rootfs", errRootfsToFile) } // Make the parent directory. - if err := os.MkdirAll(filepath.Dir(dest), 0o755); err != nil { + destDir, destBase := filepath.Split(dest) + destDirFd, err := utils.MkdirAllInRootOpen(rootfs, destDir, 0o755) + if err != nil { return "", fmt.Errorf("make parent dir of file bind-mount: %w", err) } - // Make the target file. - f, err := os.OpenFile(dest, os.O_CREATE, 0o755) - if err != nil { - return "", fmt.Errorf("create target of file bind-mount: %w", err) + defer destDirFd.Close() + // Make the target file. We want to avoid opening any file that is + // already there because it could be a "bad" file like an invalid + // device or hung tty that might cause a DoS, so we use mknodat. + // destBase does not contain any "/" components, and mknodat does + // not follow trailing symlinks, so we can safely just call mknodat + // here. + if err := unix.Mknodat(int(destDirFd.Fd()), destBase, unix.S_IFREG|0o644, 0); err != nil { + // If we get EEXIST, there was already an inode there and + // we can consider that a success. + if !errors.Is(err, unix.EEXIST) { + err = &os.PathError{Op: "mknod regular file", Path: dest, Err: err} + return "", fmt.Errorf("create target of file bind-mount: %w", err) + } } - _ = f.Close() // Nothing left to do. return dest, nil } @@ -532,7 +543,7 @@ func createMountpoint(rootfs string, m mountEntry) (string, error) { } } - if err := os.MkdirAll(dest, 0o755); err != nil { + if err := utils.MkdirAllInRoot(rootfs, dest, 0o755); err != nil { return "", err } return dest, nil @@ -565,7 +576,7 @@ func mountToRootfs(c *mountConfig, m mountEntry) error { } else if !fi.IsDir() { return fmt.Errorf("filesystem %q must be mounted on ordinary directory", m.Device) } - if err := os.MkdirAll(dest, 0o755); err != nil { + if err := utils.MkdirAllInRoot(rootfs, dest, 0o755); err != nil { return err } // Selinux kernels do not support labeling of /proc or /sys. @@ -928,7 +939,7 @@ func createDeviceNode(rootfs string, node *devices.Device, bind bool) error { if dest == rootfs { return fmt.Errorf("%w: mknod over rootfs", errRootfsToFile) } - if err := os.MkdirAll(filepath.Dir(dest), 0o755); err != nil { + if err := utils.MkdirAllInRoot(rootfs, filepath.Dir(dest), 0o755); err != nil { return err } if bind { diff --git a/libcontainer/system/linux.go b/libcontainer/system/linux.go index 7bbf92a3d30..27e89d635ca 100644 --- a/libcontainer/system/linux.go +++ b/libcontainer/system/linux.go @@ -6,7 +6,9 @@ import ( "fmt" "io" "os" + "runtime" "strconv" + "strings" "syscall" "unsafe" @@ -214,3 +216,42 @@ func SetLinuxPersonality(personality int) error { } return nil } + +func prepareAt(dir *os.File, path string) (int, string) { + if dir == nil { + return unix.AT_FDCWD, path + } + + // Rather than just filepath.Join-ing path here, do it manually so the + // error and handle correctly indicate cases like path=".." as being + // relative to the correct directory. The handle.Name() might end up being + // wrong but because this is (currently) only used in MkdirAllInRoot, that + // isn't a problem. + dirName := dir.Name() + if !strings.HasSuffix(dirName, "/") { + dirName += "/" + } + fullPath := dirName + path + + return int(dir.Fd()), fullPath +} + +func Openat(dir *os.File, path string, flags int, mode uint32) (*os.File, error) { + dirFd, fullPath := prepareAt(dir, path) + fd, err := unix.Openat(dirFd, path, flags, mode) + if err != nil { + return nil, &os.PathError{Op: "openat", Path: fullPath, Err: err} + } + runtime.KeepAlive(dir) + return os.NewFile(uintptr(fd), fullPath), nil +} + +func Mkdirat(dir *os.File, path string, mode uint32) error { + dirFd, fullPath := prepareAt(dir, path) + err := unix.Mkdirat(dirFd, path, mode) + if err != nil { + err = &os.PathError{Op: "mkdirat", Path: fullPath, Err: err} + } + runtime.KeepAlive(dir) + return err +} diff --git a/libcontainer/utils/utils_unix.go b/libcontainer/utils/utils_unix.go index 6bf9102f414..1f3439b78fb 100644 --- a/libcontainer/utils/utils_unix.go +++ b/libcontainer/utils/utils_unix.go @@ -3,6 +3,7 @@ package utils import ( + "errors" "fmt" "math" "os" @@ -13,6 +14,8 @@ import ( "sync" _ "unsafe" // for go:linkname + "github.com/opencontainers/runc/libcontainer/system" + securejoin "github.com/cyphar/filepath-securejoin" "github.com/sirupsen/logrus" "golang.org/x/sys/unix" @@ -275,3 +278,112 @@ func IsLexicallyInRoot(root, path string) bool { } return strings.HasPrefix(path, root) } + +// MkdirAllInRootOpen attempts to make +// +// path, _ := securejoin.SecureJoin(root, unsafePath) +// os.MkdirAll(path, mode) +// os.Open(path) +// +// safer against attacks where components in the path are changed between +// SecureJoin returning and MkdirAll (or Open) being called. In particular, we +// try to detect any symlink components in the path while we are doing the +// MkdirAll. +// +// NOTE: Unlike os.MkdirAll, mode is not Go's os.FileMode, it is the unix mode +// (the suid/sgid/sticky bits are not the same as for os.FileMode). +// +// NOTE: If unsafePath is a subpath of root, we assume that you have already +// called SecureJoin and so we use the provided path verbatim without resolving +// any symlinks (this is done in a way that avoids symlink-exchange races). +// This means that the path also must not contain ".." elements, otherwise an +// error will occur. +// +// This is a somewhat less safe alternative to +// , but it should +// detect attempts to trick us into creating directories outside of the root. +// We should migrate to securejoin.MkdirAll once it is merged. +func MkdirAllInRootOpen(root, unsafePath string, mode uint32) (_ *os.File, Err error) { + // If the path is already "within" the root, use it verbatim. + fullPath := unsafePath + if !IsLexicallyInRoot(root, unsafePath) { + var err error + fullPath, err = securejoin.SecureJoin(root, unsafePath) + if err != nil { + return nil, err + } + } + subPath, err := filepath.Rel(root, fullPath) + if err != nil { + return nil, err + } + + // Check for any silly mode bits. + if mode&^0o7777 != 0 { + return nil, fmt.Errorf("tried to include non-mode bits in MkdirAll mode: 0o%.3o", mode) + } + + currentDir, err := os.OpenFile(root, unix.O_DIRECTORY|unix.O_CLOEXEC, 0) + if err != nil { + return nil, fmt.Errorf("open root handle: %w", err) + } + defer func() { + if Err != nil { + currentDir.Close() + } + }() + + for _, part := range strings.Split(subPath, string(filepath.Separator)) { + switch part { + case "", ".": + // Skip over no-op components. + continue + case "..": + return nil, fmt.Errorf("possible breakout detected: found %q component in SecureJoin subpath %s", part, subPath) + } + + nextDir, err := system.Openat(currentDir, part, unix.O_DIRECTORY|unix.O_NOFOLLOW|unix.O_CLOEXEC, 0) + switch { + case err == nil: + // Update the currentDir. + _ = currentDir.Close() + currentDir = nextDir + + case errors.Is(err, unix.ENOTDIR): + // This might be a symlink or some other random file. Either way, + // error out. + return nil, fmt.Errorf("cannot mkdir in %s/%s: %w", currentDir.Name(), part, unix.ENOTDIR) + + case errors.Is(err, os.ErrNotExist): + // Luckily, mkdirat will not follow trailing symlinks, so this is + // safe to do as-is. + if err := system.Mkdirat(currentDir, part, mode); err != nil { + return nil, err + } + // Open the new directory. There is a race here where an attacker + // could swap the directory with a different directory, but + // MkdirAll's fuzzy semantics mean we don't care about that. + nextDir, err := system.Openat(currentDir, part, unix.O_DIRECTORY|unix.O_NOFOLLOW|unix.O_CLOEXEC, 0) + if err != nil { + return nil, fmt.Errorf("open newly created directory: %w", err) + } + // Update the currentDir. + _ = currentDir.Close() + currentDir = nextDir + + default: + return nil, err + } + } + return currentDir, nil +} + +// MkdirAllInRoot is a wrapper around MkdirAllInRootOpen which closes the +// returned handle, for callers that don't need to use it. +func MkdirAllInRoot(root, unsafePath string, mode uint32) error { + f, err := MkdirAllInRootOpen(root, unsafePath, mode) + if err == nil { + _ = f.Close() + } + return err +} From 6c24b2e83e09be09982f248e8633908a9c811677 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Tue, 3 Sep 2024 11:29:16 +1000 Subject: [PATCH 0642/1176] changelog: update to include 1.1.14 notes Signed-off-by: Aleksa Sarai --- CHANGELOG.md | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index aa08955e875..b005b440ce6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -223,6 +223,28 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 [cve-2019-5736]: https://github.com/advisories/GHSA-gxmr-w5mj-v8hh +## [1.1.14] - 2024-09-03 + +> å¹´ă‚’å–ă£ă¦ă„ă„ă“ă¨ă¯ă€é©ă‹ăªăăªă‚‹ă“ă¨ă­ă€‚ + +### Security + + * Fix [CVE-2024-45310][cve-2024-45310], a low-severity attack that allowed + maliciously configured containers to create empty files and directories on + the host. + +[cve-2024-45310]: https://github.com/opencontainers/runc/security/advisories/GHSA-jfvp-7x6p-h2pv + +### Added + + * Add support for Go 1.23. (#4360, #4372) + +### Fixed + + * Revert "allow overriding VERSION value in Makefile" and add `EXTRA_VERSION`. + (#4370, #4382) + * rootfs: consolidate mountpoint creation logic. (#4359) + ## [1.1.13] - 2024-06-13 > There is no certainty in the world. This is the only certainty I have. @@ -756,7 +778,8 @@ implementation (libcontainer) is *not* covered by this policy. [1.0.1]: https://github.com/opencontainers/runc/compare/v1.0.0...v1.0.1 -[Unreleased 1.1.z]: https://github.com/opencontainers/runc/compare/v1.1.13...release-1.1 +[Unreleased 1.1.z]: https://github.com/opencontainers/runc/compare/v1.1.14...release-1.1 +[1.1.14]: https://github.com/opencontainers/runc/compare/v1.1.13...v1.1.14 [1.1.13]: https://github.com/opencontainers/runc/compare/v1.1.12...v1.1.13 [1.1.12]: https://github.com/opencontainers/runc/compare/v1.1.11...v1.1.12 [1.1.11]: https://github.com/opencontainers/runc/compare/v1.1.10...v1.1.11 From 45471bc945571d57acef05e0795008d7f1d9baf5 Mon Sep 17 00:00:00 2001 From: lifubang Date: Sat, 31 Aug 2024 18:32:40 +0800 Subject: [PATCH 0643/1176] VERSION: release v1.2.0-rc.3 Signed-off-by: lifubang Signed-off-by: Aleksa Sarai --- CHANGELOG.md | 36 +++++++++++++++++++++++++++++++++++- VERSION | 2 +- 2 files changed, 36 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b005b440ce6..e7f4c62b89c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,39 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +## [1.2.0-rc.3] - 2024-09-02 + +> The supreme happiness of life is the conviction that we are loved. + +### Security + + * Fix [CVE-2024-45310][cve-2024-45310], a low-severity attack that allowed + maliciously configured containers to create empty files and directories on + the host. + +[cve-2024-45310]: https://github.com/opencontainers/runc/security/advisories/GHSA-jfvp-7x6p-h2pv + +### Added + + * Document build prerequisites for different platforms. (#4353) + +### Fixed + + * Try to delete exec fifo file when failure in creation. (#4319) + * Revert "libcontainer: seccomp: pass around *os.File for notifyfd". (#4337) + * Fix link to gvariant documentation in systemd docs. (#4369) + +### Changed + + * Remove pre-go1.17 build-tags. (#4329) + * libct/userns: assorted (godoc) improvements. (#4330) + * libct/userns: split userns detection from internal userns code. (#4331) + * rootfs: consolidate mountpoint creation logic. (#4359) + * Add Go 1.23, drop 1.21. (#4360) + * Revert "allow overriding VERSION value in Makefile" and add EXTRA_VERSION. (#4370) + * Mv contrib/cmd tests/cmd (except memfd-bind). (#4377) + * Makefile: Don't read COMMIT, BUILDTAGS, EXTRA_BUILDTAGS from env vars. (#4380) + ## [1.2.0-rc.2] - 2024-06-26 > TRUE or FALSE, it's a problem! @@ -767,7 +800,7 @@ implementation (libcontainer) is *not* covered by this policy. cgroups at all during `runc update`). (#2994) -[Unreleased]: https://github.com/opencontainers/runc/compare/v1.2.0-rc.2...HEAD +[Unreleased]: https://github.com/opencontainers/runc/compare/v1.2.0-rc.3...HEAD [1.1.0]: https://github.com/opencontainers/runc/compare/v1.1.0-rc.1...v1.1.0 [1.0.0]: https://github.com/opencontainers/runc/releases/tag/v1.0.0 @@ -796,5 +829,6 @@ implementation (libcontainer) is *not* covered by this policy. [1.1.0-rc.1]: https://github.com/opencontainers/runc/compare/v1.0.0...v1.1.0-rc.1 +[1.2.0-rc.3]: https://github.com/opencontainers/runc/compare/v1.2.0-rc.2...v1.2.0-rc.3 [1.2.0-rc.2]: https://github.com/opencontainers/runc/compare/v1.2.0-rc.1...v1.2.0-rc.2 [1.2.0-rc.1]: https://github.com/opencontainers/runc/compare/v1.1.0...v1.2.0-rc.1 diff --git a/VERSION b/VERSION index 49d540ecf11..6410ff441a3 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.2.0-rc.2+dev +1.2.0-rc.3 From 961b8031f6614be300d3b10eec9d2f54323026d9 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Tue, 3 Sep 2024 11:30:26 +1000 Subject: [PATCH 0644/1176] VERSION: back to development Signed-off-by: Aleksa Sarai --- CHANGELOG.md | 6 ++++-- VERSION | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e7f4c62b89c..c8dfad5e186 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -35,9 +35,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 * libct/userns: split userns detection from internal userns code. (#4331) * rootfs: consolidate mountpoint creation logic. (#4359) * Add Go 1.23, drop 1.21. (#4360) - * Revert "allow overriding VERSION value in Makefile" and add EXTRA_VERSION. (#4370) + * Revert "allow overriding VERSION value in Makefile" and add `EXTRA_VERSION`. + (#4370) * Mv contrib/cmd tests/cmd (except memfd-bind). (#4377) - * Makefile: Don't read COMMIT, BUILDTAGS, EXTRA_BUILDTAGS from env vars. (#4380) + * Makefile: Don't read COMMIT, BUILDTAGS, `EXTRA_BUILDTAGS` from env vars. + (#4380) ## [1.2.0-rc.2] - 2024-06-26 diff --git a/VERSION b/VERSION index 6410ff441a3..ab33538a802 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.2.0-rc.3 +1.2.0-rc.3+dev From 5ab5ef3dc3f32179c33762f4feff54f80d026821 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Sat, 3 Aug 2024 16:26:26 +1000 Subject: [PATCH 0645/1176] deps: update to golang.org/x/sys@v0.22 Signed-off-by: Aleksa Sarai --- go.mod | 2 +- go.sum | 4 +- vendor/golang.org/x/sys/unix/asm_zos_s390x.s | 665 +- vendor/golang.org/x/sys/unix/bpxsvc_zos.go | 657 ++ vendor/golang.org/x/sys/unix/bpxsvc_zos.s | 192 + vendor/golang.org/x/sys/unix/epoll_zos.go | 220 - vendor/golang.org/x/sys/unix/fstatfs_zos.go | 163 - vendor/golang.org/x/sys/unix/mkerrors.sh | 2 + vendor/golang.org/x/sys/unix/mremap.go | 5 + vendor/golang.org/x/sys/unix/pagesize_unix.go | 2 +- .../x/sys/unix/readdirent_getdirentries.go | 2 +- vendor/golang.org/x/sys/unix/sockcmsg_zos.go | 58 + .../golang.org/x/sys/unix/symaddr_zos_s390x.s | 75 + .../golang.org/x/sys/unix/syscall_darwin.go | 12 + vendor/golang.org/x/sys/unix/syscall_unix.go | 9 + .../x/sys/unix/syscall_zos_s390x.go | 1507 ++++- vendor/golang.org/x/sys/unix/sysvshm_unix.go | 2 +- .../x/sys/unix/sysvshm_unix_other.go | 2 +- vendor/golang.org/x/sys/unix/zerrors_linux.go | 29 +- .../x/sys/unix/zerrors_linux_386.go | 1 + .../x/sys/unix/zerrors_linux_amd64.go | 1 + .../x/sys/unix/zerrors_linux_arm64.go | 1 + .../x/sys/unix/zerrors_zos_s390x.go | 233 +- .../x/sys/unix/zsymaddr_zos_s390x.s | 364 ++ .../x/sys/unix/zsyscall_darwin_amd64.go | 33 + .../x/sys/unix/zsyscall_darwin_amd64.s | 10 + .../x/sys/unix/zsyscall_darwin_arm64.go | 33 + .../x/sys/unix/zsyscall_darwin_arm64.s | 10 + .../x/sys/unix/zsyscall_zos_s390x.go | 3113 ++++++++-- .../x/sys/unix/zsysnum_linux_386.go | 5 + .../x/sys/unix/zsysnum_linux_amd64.go | 5 + .../x/sys/unix/zsysnum_linux_arm.go | 5 + .../x/sys/unix/zsysnum_linux_arm64.go | 5 + .../x/sys/unix/zsysnum_linux_loong64.go | 5 + .../x/sys/unix/zsysnum_linux_mips.go | 5 + .../x/sys/unix/zsysnum_linux_mips64.go | 5 + .../x/sys/unix/zsysnum_linux_mips64le.go | 5 + .../x/sys/unix/zsysnum_linux_mipsle.go | 5 + .../x/sys/unix/zsysnum_linux_ppc.go | 5 + .../x/sys/unix/zsysnum_linux_ppc64.go | 5 + .../x/sys/unix/zsysnum_linux_ppc64le.go | 5 + .../x/sys/unix/zsysnum_linux_riscv64.go | 5 + .../x/sys/unix/zsysnum_linux_s390x.go | 5 + .../x/sys/unix/zsysnum_linux_sparc64.go | 5 + .../x/sys/unix/zsysnum_zos_s390x.go | 5507 +++++++++-------- vendor/golang.org/x/sys/unix/ztypes_linux.go | 59 +- .../golang.org/x/sys/unix/ztypes_linux_386.go | 8 - .../x/sys/unix/ztypes_linux_amd64.go | 9 - .../golang.org/x/sys/unix/ztypes_linux_arm.go | 9 - .../x/sys/unix/ztypes_linux_arm64.go | 9 - .../x/sys/unix/ztypes_linux_loong64.go | 9 - .../x/sys/unix/ztypes_linux_mips.go | 9 - .../x/sys/unix/ztypes_linux_mips64.go | 9 - .../x/sys/unix/ztypes_linux_mips64le.go | 9 - .../x/sys/unix/ztypes_linux_mipsle.go | 9 - .../golang.org/x/sys/unix/ztypes_linux_ppc.go | 9 - .../x/sys/unix/ztypes_linux_ppc64.go | 9 - .../x/sys/unix/ztypes_linux_ppc64le.go | 9 - .../x/sys/unix/ztypes_linux_riscv64.go | 9 - .../x/sys/unix/ztypes_linux_s390x.go | 9 - .../x/sys/unix/ztypes_linux_sparc64.go | 9 - .../golang.org/x/sys/unix/ztypes_zos_s390x.go | 146 +- vendor/golang.org/x/sys/windows/aliases.go | 2 +- vendor/golang.org/x/sys/windows/empty.s | 8 - .../x/sys/windows/security_windows.go | 25 +- .../x/sys/windows/zsyscall_windows.go | 18 + vendor/modules.txt | 2 +- 67 files changed, 9121 insertions(+), 4262 deletions(-) create mode 100644 vendor/golang.org/x/sys/unix/bpxsvc_zos.go create mode 100644 vendor/golang.org/x/sys/unix/bpxsvc_zos.s delete mode 100644 vendor/golang.org/x/sys/unix/epoll_zos.go delete mode 100644 vendor/golang.org/x/sys/unix/fstatfs_zos.go create mode 100644 vendor/golang.org/x/sys/unix/sockcmsg_zos.go create mode 100644 vendor/golang.org/x/sys/unix/symaddr_zos_s390x.s create mode 100644 vendor/golang.org/x/sys/unix/zsymaddr_zos_s390x.s delete mode 100644 vendor/golang.org/x/sys/windows/empty.s diff --git a/go.mod b/go.mod index cd65bd3b7b7..9686f10dca2 100644 --- a/go.mod +++ b/go.mod @@ -21,7 +21,7 @@ require ( github.com/urfave/cli v1.22.14 github.com/vishvananda/netlink v1.1.0 golang.org/x/net v0.24.0 - golang.org/x/sys v0.19.0 + golang.org/x/sys v0.22.0 google.golang.org/protobuf v1.33.0 ) diff --git a/go.sum b/go.sum index 13b88a4850c..089ea9340da 100644 --- a/go.sum +++ b/go.sum @@ -77,8 +77,8 @@ golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= -golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI= +golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= diff --git a/vendor/golang.org/x/sys/unix/asm_zos_s390x.s b/vendor/golang.org/x/sys/unix/asm_zos_s390x.s index 2f67ba86d57..813dfad7d26 100644 --- a/vendor/golang.org/x/sys/unix/asm_zos_s390x.s +++ b/vendor/golang.org/x/sys/unix/asm_zos_s390x.s @@ -9,9 +9,11 @@ #define PSALAA 1208(R0) #define GTAB64(x) 80(x) #define LCA64(x) 88(x) +#define SAVSTACK_ASYNC(x) 336(x) // in the LCA #define CAA(x) 8(x) -#define EDCHPXV(x) 1016(x) // in the CAA -#define SAVSTACK_ASYNC(x) 336(x) // in the LCA +#define CEECAATHDID(x) 976(x) // in the CAA +#define EDCHPXV(x) 1016(x) // in the CAA +#define GOCB(x) 1104(x) // in the CAA // SS_*, where x=SAVSTACK_ASYNC #define SS_LE(x) 0(x) @@ -19,405 +21,362 @@ #define SS_ERRNO(x) 16(x) #define SS_ERRNOJR(x) 20(x) -#define LE_CALL BYTE $0x0D; BYTE $0x76; // BL R7, R6 +// Function Descriptor Offsets +#define __errno 0x156*16 +#define __err2ad 0x16C*16 -TEXT ·clearErrno(SB),NOSPLIT,$0-0 - BL addrerrno<>(SB) - MOVD $0, 0(R3) +// Call Instructions +#define LE_CALL BYTE $0x0D; BYTE $0x76 // BL R7, R6 +#define SVC_LOAD BYTE $0x0A; BYTE $0x08 // SVC 08 LOAD +#define SVC_DELETE BYTE $0x0A; BYTE $0x09 // SVC 09 DELETE + +DATA zosLibVec<>(SB)/8, $0 +GLOBL zosLibVec<>(SB), NOPTR, $8 + +TEXT ·initZosLibVec(SB), NOSPLIT|NOFRAME, $0-0 + MOVW PSALAA, R8 + MOVD LCA64(R8), R8 + MOVD CAA(R8), R8 + MOVD EDCHPXV(R8), R8 + MOVD R8, zosLibVec<>(SB) + RET + +TEXT ·GetZosLibVec(SB), NOSPLIT|NOFRAME, $0-0 + MOVD zosLibVec<>(SB), R8 + MOVD R8, ret+0(FP) + RET + +TEXT ·clearErrno(SB), NOSPLIT, $0-0 + BL addrerrno<>(SB) + MOVD $0, 0(R3) RET // Returns the address of errno in R3. -TEXT addrerrno<>(SB),NOSPLIT|NOFRAME,$0-0 +TEXT addrerrno<>(SB), NOSPLIT|NOFRAME, $0-0 // Get library control area (LCA). - MOVW PSALAA, R8 - MOVD LCA64(R8), R8 + MOVW PSALAA, R8 + MOVD LCA64(R8), R8 // Get __errno FuncDesc. - MOVD CAA(R8), R9 - MOVD EDCHPXV(R9), R9 - ADD $(0x156*16), R9 - LMG 0(R9), R5, R6 + MOVD CAA(R8), R9 + MOVD EDCHPXV(R9), R9 + ADD $(__errno), R9 + LMG 0(R9), R5, R6 // Switch to saved LE stack. - MOVD SAVSTACK_ASYNC(R8), R9 - MOVD 0(R9), R4 - MOVD $0, 0(R9) + MOVD SAVSTACK_ASYNC(R8), R9 + MOVD 0(R9), R4 + MOVD $0, 0(R9) // Call __errno function. LE_CALL NOPH // Switch back to Go stack. - XOR R0, R0 // Restore R0 to $0. - MOVD R4, 0(R9) // Save stack pointer. + XOR R0, R0 // Restore R0 to $0. + MOVD R4, 0(R9) // Save stack pointer. RET -TEXT ·syscall_syscall(SB),NOSPLIT,$0-56 - BL runtime·entersyscall(SB) - MOVD a1+8(FP), R1 - MOVD a2+16(FP), R2 - MOVD a3+24(FP), R3 +// func svcCall(fnptr unsafe.Pointer, argv *unsafe.Pointer, dsa *uint64) +TEXT ·svcCall(SB), NOSPLIT, $0 + BL runtime·save_g(SB) // Save g and stack pointer + MOVW PSALAA, R8 + MOVD LCA64(R8), R8 + MOVD SAVSTACK_ASYNC(R8), R9 + MOVD R15, 0(R9) - // Get library control area (LCA). - MOVW PSALAA, R8 - MOVD LCA64(R8), R8 + MOVD argv+8(FP), R1 // Move function arguments into registers + MOVD dsa+16(FP), g + MOVD fnptr+0(FP), R15 - // Get function. - MOVD CAA(R8), R9 - MOVD EDCHPXV(R9), R9 - MOVD trap+0(FP), R5 - SLD $4, R5 - ADD R5, R9 - LMG 0(R9), R5, R6 + BYTE $0x0D // Branch to function + BYTE $0xEF - // Restore LE stack. - MOVD SAVSTACK_ASYNC(R8), R9 - MOVD 0(R9), R4 - MOVD $0, 0(R9) + BL runtime·load_g(SB) // Restore g and stack pointer + MOVW PSALAA, R8 + MOVD LCA64(R8), R8 + MOVD SAVSTACK_ASYNC(R8), R9 + MOVD 0(R9), R15 - // Call function. - LE_CALL - NOPH - XOR R0, R0 // Restore R0 to $0. - MOVD R4, 0(R9) // Save stack pointer. - - MOVD R3, r1+32(FP) - MOVD R0, r2+40(FP) - MOVD R0, err+48(FP) - MOVW R3, R4 - CMP R4, $-1 - BNE done - BL addrerrno<>(SB) - MOVWZ 0(R3), R3 - MOVD R3, err+48(FP) -done: - BL runtime·exitsyscall(SB) RET -TEXT ·syscall_rawsyscall(SB),NOSPLIT,$0-56 - MOVD a1+8(FP), R1 - MOVD a2+16(FP), R2 - MOVD a3+24(FP), R3 - - // Get library control area (LCA). - MOVW PSALAA, R8 - MOVD LCA64(R8), R8 - - // Get function. - MOVD CAA(R8), R9 - MOVD EDCHPXV(R9), R9 - MOVD trap+0(FP), R5 - SLD $4, R5 - ADD R5, R9 - LMG 0(R9), R5, R6 +// func svcLoad(name *byte) unsafe.Pointer +TEXT ·svcLoad(SB), NOSPLIT, $0 + MOVD R15, R2 // Save go stack pointer + MOVD name+0(FP), R0 // Move SVC args into registers + MOVD $0x80000000, R1 + MOVD $0, R15 + SVC_LOAD + MOVW R15, R3 // Save return code from SVC + MOVD R2, R15 // Restore go stack pointer + CMP R3, $0 // Check SVC return code + BNE error + + MOVD $-2, R3 // Reset last bit of entry point to zero + AND R0, R3 + MOVD R3, ret+8(FP) // Return entry point returned by SVC + CMP R0, R3 // Check if last bit of entry point was set + BNE done + + MOVD R15, R2 // Save go stack pointer + MOVD $0, R15 // Move SVC args into registers (entry point still in r0 from SVC 08) + SVC_DELETE + MOVD R2, R15 // Restore go stack pointer - // Restore LE stack. - MOVD SAVSTACK_ASYNC(R8), R9 - MOVD 0(R9), R4 - MOVD $0, 0(R9) +error: + MOVD $0, ret+8(FP) // Return 0 on failure - // Call function. - LE_CALL - NOPH - XOR R0, R0 // Restore R0 to $0. - MOVD R4, 0(R9) // Save stack pointer. - - MOVD R3, r1+32(FP) - MOVD R0, r2+40(FP) - MOVD R0, err+48(FP) - MOVW R3, R4 - CMP R4, $-1 - BNE done - BL addrerrno<>(SB) - MOVWZ 0(R3), R3 - MOVD R3, err+48(FP) done: + XOR R0, R0 // Reset r0 to 0 RET -TEXT ·syscall_syscall6(SB),NOSPLIT,$0-80 - BL runtime·entersyscall(SB) - MOVD a1+8(FP), R1 - MOVD a2+16(FP), R2 - MOVD a3+24(FP), R3 +// func svcUnload(name *byte, fnptr unsafe.Pointer) int64 +TEXT ·svcUnload(SB), NOSPLIT, $0 + MOVD R15, R2 // Save go stack pointer + MOVD name+0(FP), R0 // Move SVC args into registers + MOVD fnptr+8(FP), R15 + SVC_DELETE + XOR R0, R0 // Reset r0 to 0 + MOVD R15, R1 // Save SVC return code + MOVD R2, R15 // Restore go stack pointer + MOVD R1, ret+16(FP) // Return SVC return code + RET +// func gettid() uint64 +TEXT ·gettid(SB), NOSPLIT, $0 // Get library control area (LCA). - MOVW PSALAA, R8 - MOVD LCA64(R8), R8 + MOVW PSALAA, R8 + MOVD LCA64(R8), R8 - // Get function. - MOVD CAA(R8), R9 - MOVD EDCHPXV(R9), R9 - MOVD trap+0(FP), R5 - SLD $4, R5 - ADD R5, R9 - LMG 0(R9), R5, R6 + // Get CEECAATHDID + MOVD CAA(R8), R9 + MOVD CEECAATHDID(R9), R9 + MOVD R9, ret+0(FP) - // Restore LE stack. - MOVD SAVSTACK_ASYNC(R8), R9 - MOVD 0(R9), R4 - MOVD $0, 0(R9) - - // Fill in parameter list. - MOVD a4+32(FP), R12 - MOVD R12, (2176+24)(R4) - MOVD a5+40(FP), R12 - MOVD R12, (2176+32)(R4) - MOVD a6+48(FP), R12 - MOVD R12, (2176+40)(R4) - - // Call function. - LE_CALL - NOPH - XOR R0, R0 // Restore R0 to $0. - MOVD R4, 0(R9) // Save stack pointer. - - MOVD R3, r1+56(FP) - MOVD R0, r2+64(FP) - MOVD R0, err+72(FP) - MOVW R3, R4 - CMP R4, $-1 - BNE done - BL addrerrno<>(SB) - MOVWZ 0(R3), R3 - MOVD R3, err+72(FP) -done: - BL runtime·exitsyscall(SB) RET -TEXT ·syscall_rawsyscall6(SB),NOSPLIT,$0-80 - MOVD a1+8(FP), R1 - MOVD a2+16(FP), R2 - MOVD a3+24(FP), R3 - - // Get library control area (LCA). - MOVW PSALAA, R8 - MOVD LCA64(R8), R8 - - // Get function. - MOVD CAA(R8), R9 - MOVD EDCHPXV(R9), R9 - MOVD trap+0(FP), R5 - SLD $4, R5 - ADD R5, R9 - LMG 0(R9), R5, R6 +// +// Call LE function, if the return is -1 +// errno and errno2 is retrieved +// +TEXT ·CallLeFuncWithErr(SB), NOSPLIT, $0 + MOVW PSALAA, R8 + MOVD LCA64(R8), R8 + MOVD CAA(R8), R9 + MOVD g, GOCB(R9) // Restore LE stack. - MOVD SAVSTACK_ASYNC(R8), R9 - MOVD 0(R9), R4 - MOVD $0, 0(R9) - - // Fill in parameter list. - MOVD a4+32(FP), R12 - MOVD R12, (2176+24)(R4) - MOVD a5+40(FP), R12 - MOVD R12, (2176+32)(R4) - MOVD a6+48(FP), R12 - MOVD R12, (2176+40)(R4) - - // Call function. - LE_CALL + MOVD SAVSTACK_ASYNC(R8), R9 // R9-> LE stack frame saving address + MOVD 0(R9), R4 // R4-> restore previously saved stack frame pointer + + MOVD parms_base+8(FP), R7 // R7 -> argument array + MOVD parms_len+16(FP), R8 // R8 number of arguments + + // arg 1 ---> R1 + CMP R8, $0 + BEQ docall + SUB $1, R8 + MOVD 0(R7), R1 + + // arg 2 ---> R2 + CMP R8, $0 + BEQ docall + SUB $1, R8 + ADD $8, R7 + MOVD 0(R7), R2 + + // arg 3 --> R3 + CMP R8, $0 + BEQ docall + SUB $1, R8 + ADD $8, R7 + MOVD 0(R7), R3 + + CMP R8, $0 + BEQ docall + MOVD $2176+16, R6 // starting LE stack address-8 to store 4th argument + +repeat: + ADD $8, R7 + MOVD 0(R7), R0 // advance arg pointer by 8 byte + ADD $8, R6 // advance LE argument address by 8 byte + MOVD R0, (R4)(R6*1) // copy argument from go-slice to le-frame + SUB $1, R8 + CMP R8, $0 + BNE repeat + +docall: + MOVD funcdesc+0(FP), R8 // R8-> function descriptor + LMG 0(R8), R5, R6 + MOVD $0, 0(R9) // R9 address of SAVSTACK_ASYNC + LE_CALL // balr R7, R6 (return #1) + NOPH + MOVD R3, ret+32(FP) + CMP R3, $-1 // compare result to -1 + BNE done + + // retrieve errno and errno2 + MOVD zosLibVec<>(SB), R8 + ADD $(__errno), R8 + LMG 0(R8), R5, R6 + LE_CALL // balr R7, R6 __errno (return #3) NOPH - XOR R0, R0 // Restore R0 to $0. - MOVD R4, 0(R9) // Save stack pointer. - - MOVD R3, r1+56(FP) - MOVD R0, r2+64(FP) - MOVD R0, err+72(FP) - MOVW R3, R4 - CMP R4, $-1 - BNE done - BL ·rrno<>(SB) - MOVWZ 0(R3), R3 - MOVD R3, err+72(FP) + MOVWZ 0(R3), R3 + MOVD R3, err+48(FP) + MOVD zosLibVec<>(SB), R8 + ADD $(__err2ad), R8 + LMG 0(R8), R5, R6 + LE_CALL // balr R7, R6 __err2ad (return #2) + NOPH + MOVW (R3), R2 // retrieve errno2 + MOVD R2, errno2+40(FP) // store in return area + done: + MOVD R4, 0(R9) // Save stack pointer. RET -TEXT ·syscall_syscall9(SB),NOSPLIT,$0 - BL runtime·entersyscall(SB) - MOVD a1+8(FP), R1 - MOVD a2+16(FP), R2 - MOVD a3+24(FP), R3 - - // Get library control area (LCA). - MOVW PSALAA, R8 - MOVD LCA64(R8), R8 - - // Get function. - MOVD CAA(R8), R9 - MOVD EDCHPXV(R9), R9 - MOVD trap+0(FP), R5 - SLD $4, R5 - ADD R5, R9 - LMG 0(R9), R5, R6 +// +// Call LE function, if the return is 0 +// errno and errno2 is retrieved +// +TEXT ·CallLeFuncWithPtrReturn(SB), NOSPLIT, $0 + MOVW PSALAA, R8 + MOVD LCA64(R8), R8 + MOVD CAA(R8), R9 + MOVD g, GOCB(R9) // Restore LE stack. - MOVD SAVSTACK_ASYNC(R8), R9 - MOVD 0(R9), R4 - MOVD $0, 0(R9) - - // Fill in parameter list. - MOVD a4+32(FP), R12 - MOVD R12, (2176+24)(R4) - MOVD a5+40(FP), R12 - MOVD R12, (2176+32)(R4) - MOVD a6+48(FP), R12 - MOVD R12, (2176+40)(R4) - MOVD a7+56(FP), R12 - MOVD R12, (2176+48)(R4) - MOVD a8+64(FP), R12 - MOVD R12, (2176+56)(R4) - MOVD a9+72(FP), R12 - MOVD R12, (2176+64)(R4) - - // Call function. - LE_CALL + MOVD SAVSTACK_ASYNC(R8), R9 // R9-> LE stack frame saving address + MOVD 0(R9), R4 // R4-> restore previously saved stack frame pointer + + MOVD parms_base+8(FP), R7 // R7 -> argument array + MOVD parms_len+16(FP), R8 // R8 number of arguments + + // arg 1 ---> R1 + CMP R8, $0 + BEQ docall + SUB $1, R8 + MOVD 0(R7), R1 + + // arg 2 ---> R2 + CMP R8, $0 + BEQ docall + SUB $1, R8 + ADD $8, R7 + MOVD 0(R7), R2 + + // arg 3 --> R3 + CMP R8, $0 + BEQ docall + SUB $1, R8 + ADD $8, R7 + MOVD 0(R7), R3 + + CMP R8, $0 + BEQ docall + MOVD $2176+16, R6 // starting LE stack address-8 to store 4th argument + +repeat: + ADD $8, R7 + MOVD 0(R7), R0 // advance arg pointer by 8 byte + ADD $8, R6 // advance LE argument address by 8 byte + MOVD R0, (R4)(R6*1) // copy argument from go-slice to le-frame + SUB $1, R8 + CMP R8, $0 + BNE repeat + +docall: + MOVD funcdesc+0(FP), R8 // R8-> function descriptor + LMG 0(R8), R5, R6 + MOVD $0, 0(R9) // R9 address of SAVSTACK_ASYNC + LE_CALL // balr R7, R6 (return #1) NOPH - XOR R0, R0 // Restore R0 to $0. - MOVD R4, 0(R9) // Save stack pointer. - - MOVD R3, r1+80(FP) - MOVD R0, r2+88(FP) - MOVD R0, err+96(FP) - MOVW R3, R4 - CMP R4, $-1 - BNE done - BL addrerrno<>(SB) - MOVWZ 0(R3), R3 - MOVD R3, err+96(FP) -done: - BL runtime·exitsyscall(SB) - RET - -TEXT ·syscall_rawsyscall9(SB),NOSPLIT,$0 - MOVD a1+8(FP), R1 - MOVD a2+16(FP), R2 - MOVD a3+24(FP), R3 - - // Get library control area (LCA). - MOVW PSALAA, R8 - MOVD LCA64(R8), R8 - - // Get function. - MOVD CAA(R8), R9 - MOVD EDCHPXV(R9), R9 - MOVD trap+0(FP), R5 - SLD $4, R5 - ADD R5, R9 - LMG 0(R9), R5, R6 - - // Restore LE stack. - MOVD SAVSTACK_ASYNC(R8), R9 - MOVD 0(R9), R4 - MOVD $0, 0(R9) - - // Fill in parameter list. - MOVD a4+32(FP), R12 - MOVD R12, (2176+24)(R4) - MOVD a5+40(FP), R12 - MOVD R12, (2176+32)(R4) - MOVD a6+48(FP), R12 - MOVD R12, (2176+40)(R4) - MOVD a7+56(FP), R12 - MOVD R12, (2176+48)(R4) - MOVD a8+64(FP), R12 - MOVD R12, (2176+56)(R4) - MOVD a9+72(FP), R12 - MOVD R12, (2176+64)(R4) - - // Call function. - LE_CALL + MOVD R3, ret+32(FP) + CMP R3, $0 // compare result to 0 + BNE done + + // retrieve errno and errno2 + MOVD zosLibVec<>(SB), R8 + ADD $(__errno), R8 + LMG 0(R8), R5, R6 + LE_CALL // balr R7, R6 __errno (return #3) NOPH - XOR R0, R0 // Restore R0 to $0. - MOVD R4, 0(R9) // Save stack pointer. - - MOVD R3, r1+80(FP) - MOVD R0, r2+88(FP) - MOVD R0, err+96(FP) - MOVW R3, R4 - CMP R4, $-1 - BNE done - BL addrerrno<>(SB) - MOVWZ 0(R3), R3 - MOVD R3, err+96(FP) -done: - RET - -// func svcCall(fnptr unsafe.Pointer, argv *unsafe.Pointer, dsa *uint64) -TEXT ·svcCall(SB),NOSPLIT,$0 - BL runtime·save_g(SB) // Save g and stack pointer - MOVW PSALAA, R8 - MOVD LCA64(R8), R8 - MOVD SAVSTACK_ASYNC(R8), R9 - MOVD R15, 0(R9) - - MOVD argv+8(FP), R1 // Move function arguments into registers - MOVD dsa+16(FP), g - MOVD fnptr+0(FP), R15 - - BYTE $0x0D // Branch to function - BYTE $0xEF - - BL runtime·load_g(SB) // Restore g and stack pointer - MOVW PSALAA, R8 - MOVD LCA64(R8), R8 - MOVD SAVSTACK_ASYNC(R8), R9 - MOVD 0(R9), R15 - - RET - -// func svcLoad(name *byte) unsafe.Pointer -TEXT ·svcLoad(SB),NOSPLIT,$0 - MOVD R15, R2 // Save go stack pointer - MOVD name+0(FP), R0 // Move SVC args into registers - MOVD $0x80000000, R1 - MOVD $0, R15 - BYTE $0x0A // SVC 08 LOAD - BYTE $0x08 - MOVW R15, R3 // Save return code from SVC - MOVD R2, R15 // Restore go stack pointer - CMP R3, $0 // Check SVC return code - BNE error - - MOVD $-2, R3 // Reset last bit of entry point to zero - AND R0, R3 - MOVD R3, addr+8(FP) // Return entry point returned by SVC - CMP R0, R3 // Check if last bit of entry point was set - BNE done - - MOVD R15, R2 // Save go stack pointer - MOVD $0, R15 // Move SVC args into registers (entry point still in r0 from SVC 08) - BYTE $0x0A // SVC 09 DELETE - BYTE $0x09 - MOVD R2, R15 // Restore go stack pointer + MOVWZ 0(R3), R3 + MOVD R3, err+48(FP) + MOVD zosLibVec<>(SB), R8 + ADD $(__err2ad), R8 + LMG 0(R8), R5, R6 + LE_CALL // balr R7, R6 __err2ad (return #2) + NOPH + MOVW (R3), R2 // retrieve errno2 + MOVD R2, errno2+40(FP) // store in return area + XOR R2, R2 + MOVWZ R2, (R3) // clear errno2 -error: - MOVD $0, addr+8(FP) // Return 0 on failure done: - XOR R0, R0 // Reset r0 to 0 + MOVD R4, 0(R9) // Save stack pointer. RET -// func svcUnload(name *byte, fnptr unsafe.Pointer) int64 -TEXT ·svcUnload(SB),NOSPLIT,$0 - MOVD R15, R2 // Save go stack pointer - MOVD name+0(FP), R0 // Move SVC args into registers - MOVD addr+8(FP), R15 - BYTE $0x0A // SVC 09 - BYTE $0x09 - XOR R0, R0 // Reset r0 to 0 - MOVD R15, R1 // Save SVC return code - MOVD R2, R15 // Restore go stack pointer - MOVD R1, rc+0(FP) // Return SVC return code +// +// function to test if a pointer can be safely dereferenced (content read) +// return 0 for succces +// +TEXT ·ptrtest(SB), NOSPLIT, $0-16 + MOVD arg+0(FP), R10 // test pointer in R10 + + // set up R2 to point to CEECAADMC + BYTE $0xE3; BYTE $0x20; BYTE $0x04; BYTE $0xB8; BYTE $0x00; BYTE $0x17 // llgt 2,1208 + BYTE $0xB9; BYTE $0x17; BYTE $0x00; BYTE $0x22 // llgtr 2,2 + BYTE $0xA5; BYTE $0x26; BYTE $0x7F; BYTE $0xFF // nilh 2,32767 + BYTE $0xE3; BYTE $0x22; BYTE $0x00; BYTE $0x58; BYTE $0x00; BYTE $0x04 // lg 2,88(2) + BYTE $0xE3; BYTE $0x22; BYTE $0x00; BYTE $0x08; BYTE $0x00; BYTE $0x04 // lg 2,8(2) + BYTE $0x41; BYTE $0x22; BYTE $0x03; BYTE $0x68 // la 2,872(2) + + // set up R5 to point to the "shunt" path which set 1 to R3 (failure) + BYTE $0xB9; BYTE $0x82; BYTE $0x00; BYTE $0x33 // xgr 3,3 + BYTE $0xA7; BYTE $0x55; BYTE $0x00; BYTE $0x04 // bras 5,lbl1 + BYTE $0xA7; BYTE $0x39; BYTE $0x00; BYTE $0x01 // lghi 3,1 + + // if r3 is not zero (failed) then branch to finish + BYTE $0xB9; BYTE $0x02; BYTE $0x00; BYTE $0x33 // lbl1 ltgr 3,3 + BYTE $0xA7; BYTE $0x74; BYTE $0x00; BYTE $0x08 // brc b'0111',lbl2 + + // stomic store shunt address in R5 into CEECAADMC + BYTE $0xE3; BYTE $0x52; BYTE $0x00; BYTE $0x00; BYTE $0x00; BYTE $0x24 // stg 5,0(2) + + // now try reading from the test pointer in R10, if it fails it branches to the "lghi" instruction above + BYTE $0xE3; BYTE $0x9A; BYTE $0x00; BYTE $0x00; BYTE $0x00; BYTE $0x04 // lg 9,0(10) + + // finish here, restore 0 into CEECAADMC + BYTE $0xB9; BYTE $0x82; BYTE $0x00; BYTE $0x99 // lbl2 xgr 9,9 + BYTE $0xE3; BYTE $0x92; BYTE $0x00; BYTE $0x00; BYTE $0x00; BYTE $0x24 // stg 9,0(2) + MOVD R3, ret+8(FP) // result in R3 RET -// func gettid() uint64 -TEXT ·gettid(SB), NOSPLIT, $0 - // Get library control area (LCA). - MOVW PSALAA, R8 - MOVD LCA64(R8), R8 - - // Get CEECAATHDID - MOVD CAA(R8), R9 - MOVD 0x3D0(R9), R9 - MOVD R9, ret+0(FP) - +// +// function to test if a untptr can be loaded from a pointer +// return 1: the 8-byte content +// 2: 0 for success, 1 for failure +// +// func safeload(ptr uintptr) ( value uintptr, error uintptr) +TEXT ·safeload(SB), NOSPLIT, $0-24 + MOVD ptr+0(FP), R10 // test pointer in R10 + MOVD $0x0, R6 + BYTE $0xE3; BYTE $0x20; BYTE $0x04; BYTE $0xB8; BYTE $0x00; BYTE $0x17 // llgt 2,1208 + BYTE $0xB9; BYTE $0x17; BYTE $0x00; BYTE $0x22 // llgtr 2,2 + BYTE $0xA5; BYTE $0x26; BYTE $0x7F; BYTE $0xFF // nilh 2,32767 + BYTE $0xE3; BYTE $0x22; BYTE $0x00; BYTE $0x58; BYTE $0x00; BYTE $0x04 // lg 2,88(2) + BYTE $0xE3; BYTE $0x22; BYTE $0x00; BYTE $0x08; BYTE $0x00; BYTE $0x04 // lg 2,8(2) + BYTE $0x41; BYTE $0x22; BYTE $0x03; BYTE $0x68 // la 2,872(2) + BYTE $0xB9; BYTE $0x82; BYTE $0x00; BYTE $0x33 // xgr 3,3 + BYTE $0xA7; BYTE $0x55; BYTE $0x00; BYTE $0x04 // bras 5,lbl1 + BYTE $0xA7; BYTE $0x39; BYTE $0x00; BYTE $0x01 // lghi 3,1 + BYTE $0xB9; BYTE $0x02; BYTE $0x00; BYTE $0x33 // lbl1 ltgr 3,3 + BYTE $0xA7; BYTE $0x74; BYTE $0x00; BYTE $0x08 // brc b'0111',lbl2 + BYTE $0xE3; BYTE $0x52; BYTE $0x00; BYTE $0x00; BYTE $0x00; BYTE $0x24 // stg 5,0(2) + BYTE $0xE3; BYTE $0x6A; BYTE $0x00; BYTE $0x00; BYTE $0x00; BYTE $0x04 // lg 6,0(10) + BYTE $0xB9; BYTE $0x82; BYTE $0x00; BYTE $0x99 // lbl2 xgr 9,9 + BYTE $0xE3; BYTE $0x92; BYTE $0x00; BYTE $0x00; BYTE $0x00; BYTE $0x24 // stg 9,0(2) + MOVD R6, value+8(FP) // result in R6 + MOVD R3, error+16(FP) // error in R3 RET diff --git a/vendor/golang.org/x/sys/unix/bpxsvc_zos.go b/vendor/golang.org/x/sys/unix/bpxsvc_zos.go new file mode 100644 index 00000000000..39d647d863a --- /dev/null +++ b/vendor/golang.org/x/sys/unix/bpxsvc_zos.go @@ -0,0 +1,657 @@ +// Copyright 2024 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build zos + +package unix + +import ( + "bytes" + "fmt" + "unsafe" +) + +//go:noescape +func bpxcall(plist []unsafe.Pointer, bpx_offset int64) + +//go:noescape +func A2e([]byte) + +//go:noescape +func E2a([]byte) + +const ( + BPX4STA = 192 // stat + BPX4FST = 104 // fstat + BPX4LST = 132 // lstat + BPX4OPN = 156 // open + BPX4CLO = 72 // close + BPX4CHR = 500 // chattr + BPX4FCR = 504 // fchattr + BPX4LCR = 1180 // lchattr + BPX4CTW = 492 // cond_timed_wait + BPX4GTH = 1056 // __getthent + BPX4PTQ = 412 // pthread_quiesc + BPX4PTR = 320 // ptrace +) + +const ( + //options + //byte1 + BPX_OPNFHIGH = 0x80 + //byte2 + BPX_OPNFEXEC = 0x80 + //byte3 + BPX_O_NOLARGEFILE = 0x08 + BPX_O_LARGEFILE = 0x04 + BPX_O_ASYNCSIG = 0x02 + BPX_O_SYNC = 0x01 + //byte4 + BPX_O_CREXCL = 0xc0 + BPX_O_CREAT = 0x80 + BPX_O_EXCL = 0x40 + BPX_O_NOCTTY = 0x20 + BPX_O_TRUNC = 0x10 + BPX_O_APPEND = 0x08 + BPX_O_NONBLOCK = 0x04 + BPX_FNDELAY = 0x04 + BPX_O_RDWR = 0x03 + BPX_O_RDONLY = 0x02 + BPX_O_WRONLY = 0x01 + BPX_O_ACCMODE = 0x03 + BPX_O_GETFL = 0x0f + + //mode + // byte1 (file type) + BPX_FT_DIR = 1 + BPX_FT_CHARSPEC = 2 + BPX_FT_REGFILE = 3 + BPX_FT_FIFO = 4 + BPX_FT_SYMLINK = 5 + BPX_FT_SOCKET = 6 + //byte3 + BPX_S_ISUID = 0x08 + BPX_S_ISGID = 0x04 + BPX_S_ISVTX = 0x02 + BPX_S_IRWXU1 = 0x01 + BPX_S_IRUSR = 0x01 + //byte4 + BPX_S_IRWXU2 = 0xc0 + BPX_S_IWUSR = 0x80 + BPX_S_IXUSR = 0x40 + BPX_S_IRWXG = 0x38 + BPX_S_IRGRP = 0x20 + BPX_S_IWGRP = 0x10 + BPX_S_IXGRP = 0x08 + BPX_S_IRWXOX = 0x07 + BPX_S_IROTH = 0x04 + BPX_S_IWOTH = 0x02 + BPX_S_IXOTH = 0x01 + + CW_INTRPT = 1 + CW_CONDVAR = 32 + CW_TIMEOUT = 64 + + PGTHA_NEXT = 2 + PGTHA_CURRENT = 1 + PGTHA_FIRST = 0 + PGTHA_LAST = 3 + PGTHA_PROCESS = 0x80 + PGTHA_CONTTY = 0x40 + PGTHA_PATH = 0x20 + PGTHA_COMMAND = 0x10 + PGTHA_FILEDATA = 0x08 + PGTHA_THREAD = 0x04 + PGTHA_PTAG = 0x02 + PGTHA_COMMANDLONG = 0x01 + PGTHA_THREADFAST = 0x80 + PGTHA_FILEPATH = 0x40 + PGTHA_THDSIGMASK = 0x20 + // thread quiece mode + QUIESCE_TERM int32 = 1 + QUIESCE_FORCE int32 = 2 + QUIESCE_QUERY int32 = 3 + QUIESCE_FREEZE int32 = 4 + QUIESCE_UNFREEZE int32 = 5 + FREEZE_THIS_THREAD int32 = 6 + FREEZE_EXIT int32 = 8 + QUIESCE_SRB int32 = 9 +) + +type Pgtha struct { + Pid uint32 // 0 + Tid0 uint32 // 4 + Tid1 uint32 + Accesspid byte // C + Accesstid byte // D + Accessasid uint16 // E + Loginname [8]byte // 10 + Flag1 byte // 18 + Flag1b2 byte // 19 +} + +type Bpxystat_t struct { // DSECT BPXYSTAT + St_id [4]uint8 // 0 + St_length uint16 // 0x4 + St_version uint16 // 0x6 + St_mode uint32 // 0x8 + St_ino uint32 // 0xc + St_dev uint32 // 0x10 + St_nlink uint32 // 0x14 + St_uid uint32 // 0x18 + St_gid uint32 // 0x1c + St_size uint64 // 0x20 + St_atime uint32 // 0x28 + St_mtime uint32 // 0x2c + St_ctime uint32 // 0x30 + St_rdev uint32 // 0x34 + St_auditoraudit uint32 // 0x38 + St_useraudit uint32 // 0x3c + St_blksize uint32 // 0x40 + St_createtime uint32 // 0x44 + St_auditid [4]uint32 // 0x48 + St_res01 uint32 // 0x58 + Ft_ccsid uint16 // 0x5c + Ft_flags uint16 // 0x5e + St_res01a [2]uint32 // 0x60 + St_res02 uint32 // 0x68 + St_blocks uint32 // 0x6c + St_opaque [3]uint8 // 0x70 + St_visible uint8 // 0x73 + St_reftime uint32 // 0x74 + St_fid uint64 // 0x78 + St_filefmt uint8 // 0x80 + St_fspflag2 uint8 // 0x81 + St_res03 [2]uint8 // 0x82 + St_ctimemsec uint32 // 0x84 + St_seclabel [8]uint8 // 0x88 + St_res04 [4]uint8 // 0x90 + // end of version 1 + _ uint32 // 0x94 + St_atime64 uint64 // 0x98 + St_mtime64 uint64 // 0xa0 + St_ctime64 uint64 // 0xa8 + St_createtime64 uint64 // 0xb0 + St_reftime64 uint64 // 0xb8 + _ uint64 // 0xc0 + St_res05 [16]uint8 // 0xc8 + // end of version 2 +} + +type BpxFilestatus struct { + Oflag1 byte + Oflag2 byte + Oflag3 byte + Oflag4 byte +} + +type BpxMode struct { + Ftype byte + Mode1 byte + Mode2 byte + Mode3 byte +} + +// Thr attribute structure for extended attributes +type Bpxyatt_t struct { // DSECT BPXYATT + Att_id [4]uint8 + Att_version uint16 + Att_res01 [2]uint8 + Att_setflags1 uint8 + Att_setflags2 uint8 + Att_setflags3 uint8 + Att_setflags4 uint8 + Att_mode uint32 + Att_uid uint32 + Att_gid uint32 + Att_opaquemask [3]uint8 + Att_visblmaskres uint8 + Att_opaque [3]uint8 + Att_visibleres uint8 + Att_size_h uint32 + Att_size_l uint32 + Att_atime uint32 + Att_mtime uint32 + Att_auditoraudit uint32 + Att_useraudit uint32 + Att_ctime uint32 + Att_reftime uint32 + // end of version 1 + Att_filefmt uint8 + Att_res02 [3]uint8 + Att_filetag uint32 + Att_res03 [8]uint8 + // end of version 2 + Att_atime64 uint64 + Att_mtime64 uint64 + Att_ctime64 uint64 + Att_reftime64 uint64 + Att_seclabel [8]uint8 + Att_ver3res02 [8]uint8 + // end of version 3 +} + +func BpxOpen(name string, options *BpxFilestatus, mode *BpxMode) (rv int32, rc int32, rn int32) { + if len(name) < 1024 { + var namebuf [1024]byte + sz := int32(copy(namebuf[:], name)) + A2e(namebuf[:sz]) + var parms [7]unsafe.Pointer + parms[0] = unsafe.Pointer(&sz) + parms[1] = unsafe.Pointer(&namebuf[0]) + parms[2] = unsafe.Pointer(options) + parms[3] = unsafe.Pointer(mode) + parms[4] = unsafe.Pointer(&rv) + parms[5] = unsafe.Pointer(&rc) + parms[6] = unsafe.Pointer(&rn) + bpxcall(parms[:], BPX4OPN) + return rv, rc, rn + } + return -1, -1, -1 +} + +func BpxClose(fd int32) (rv int32, rc int32, rn int32) { + var parms [4]unsafe.Pointer + parms[0] = unsafe.Pointer(&fd) + parms[1] = unsafe.Pointer(&rv) + parms[2] = unsafe.Pointer(&rc) + parms[3] = unsafe.Pointer(&rn) + bpxcall(parms[:], BPX4CLO) + return rv, rc, rn +} + +func BpxFileFStat(fd int32, st *Bpxystat_t) (rv int32, rc int32, rn int32) { + st.St_id = [4]uint8{0xe2, 0xe3, 0xc1, 0xe3} + st.St_version = 2 + stat_sz := uint32(unsafe.Sizeof(*st)) + var parms [6]unsafe.Pointer + parms[0] = unsafe.Pointer(&fd) + parms[1] = unsafe.Pointer(&stat_sz) + parms[2] = unsafe.Pointer(st) + parms[3] = unsafe.Pointer(&rv) + parms[4] = unsafe.Pointer(&rc) + parms[5] = unsafe.Pointer(&rn) + bpxcall(parms[:], BPX4FST) + return rv, rc, rn +} + +func BpxFileStat(name string, st *Bpxystat_t) (rv int32, rc int32, rn int32) { + if len(name) < 1024 { + var namebuf [1024]byte + sz := int32(copy(namebuf[:], name)) + A2e(namebuf[:sz]) + st.St_id = [4]uint8{0xe2, 0xe3, 0xc1, 0xe3} + st.St_version = 2 + stat_sz := uint32(unsafe.Sizeof(*st)) + var parms [7]unsafe.Pointer + parms[0] = unsafe.Pointer(&sz) + parms[1] = unsafe.Pointer(&namebuf[0]) + parms[2] = unsafe.Pointer(&stat_sz) + parms[3] = unsafe.Pointer(st) + parms[4] = unsafe.Pointer(&rv) + parms[5] = unsafe.Pointer(&rc) + parms[6] = unsafe.Pointer(&rn) + bpxcall(parms[:], BPX4STA) + return rv, rc, rn + } + return -1, -1, -1 +} + +func BpxFileLStat(name string, st *Bpxystat_t) (rv int32, rc int32, rn int32) { + if len(name) < 1024 { + var namebuf [1024]byte + sz := int32(copy(namebuf[:], name)) + A2e(namebuf[:sz]) + st.St_id = [4]uint8{0xe2, 0xe3, 0xc1, 0xe3} + st.St_version = 2 + stat_sz := uint32(unsafe.Sizeof(*st)) + var parms [7]unsafe.Pointer + parms[0] = unsafe.Pointer(&sz) + parms[1] = unsafe.Pointer(&namebuf[0]) + parms[2] = unsafe.Pointer(&stat_sz) + parms[3] = unsafe.Pointer(st) + parms[4] = unsafe.Pointer(&rv) + parms[5] = unsafe.Pointer(&rc) + parms[6] = unsafe.Pointer(&rn) + bpxcall(parms[:], BPX4LST) + return rv, rc, rn + } + return -1, -1, -1 +} + +func BpxChattr(path string, attr *Bpxyatt_t) (rv int32, rc int32, rn int32) { + if len(path) >= 1024 { + return -1, -1, -1 + } + var namebuf [1024]byte + sz := int32(copy(namebuf[:], path)) + A2e(namebuf[:sz]) + attr_sz := uint32(unsafe.Sizeof(*attr)) + var parms [7]unsafe.Pointer + parms[0] = unsafe.Pointer(&sz) + parms[1] = unsafe.Pointer(&namebuf[0]) + parms[2] = unsafe.Pointer(&attr_sz) + parms[3] = unsafe.Pointer(attr) + parms[4] = unsafe.Pointer(&rv) + parms[5] = unsafe.Pointer(&rc) + parms[6] = unsafe.Pointer(&rn) + bpxcall(parms[:], BPX4CHR) + return rv, rc, rn +} + +func BpxLchattr(path string, attr *Bpxyatt_t) (rv int32, rc int32, rn int32) { + if len(path) >= 1024 { + return -1, -1, -1 + } + var namebuf [1024]byte + sz := int32(copy(namebuf[:], path)) + A2e(namebuf[:sz]) + attr_sz := uint32(unsafe.Sizeof(*attr)) + var parms [7]unsafe.Pointer + parms[0] = unsafe.Pointer(&sz) + parms[1] = unsafe.Pointer(&namebuf[0]) + parms[2] = unsafe.Pointer(&attr_sz) + parms[3] = unsafe.Pointer(attr) + parms[4] = unsafe.Pointer(&rv) + parms[5] = unsafe.Pointer(&rc) + parms[6] = unsafe.Pointer(&rn) + bpxcall(parms[:], BPX4LCR) + return rv, rc, rn +} + +func BpxFchattr(fd int32, attr *Bpxyatt_t) (rv int32, rc int32, rn int32) { + attr_sz := uint32(unsafe.Sizeof(*attr)) + var parms [6]unsafe.Pointer + parms[0] = unsafe.Pointer(&fd) + parms[1] = unsafe.Pointer(&attr_sz) + parms[2] = unsafe.Pointer(attr) + parms[3] = unsafe.Pointer(&rv) + parms[4] = unsafe.Pointer(&rc) + parms[5] = unsafe.Pointer(&rn) + bpxcall(parms[:], BPX4FCR) + return rv, rc, rn +} + +func BpxCondTimedWait(sec uint32, nsec uint32, events uint32, secrem *uint32, nsecrem *uint32) (rv int32, rc int32, rn int32) { + var parms [8]unsafe.Pointer + parms[0] = unsafe.Pointer(&sec) + parms[1] = unsafe.Pointer(&nsec) + parms[2] = unsafe.Pointer(&events) + parms[3] = unsafe.Pointer(secrem) + parms[4] = unsafe.Pointer(nsecrem) + parms[5] = unsafe.Pointer(&rv) + parms[6] = unsafe.Pointer(&rc) + parms[7] = unsafe.Pointer(&rn) + bpxcall(parms[:], BPX4CTW) + return rv, rc, rn +} +func BpxGetthent(in *Pgtha, outlen *uint32, out unsafe.Pointer) (rv int32, rc int32, rn int32) { + var parms [7]unsafe.Pointer + inlen := uint32(26) // nothing else will work. Go says Pgtha is 28-byte because of alignment, but Pgtha is "packed" and must be 26-byte + parms[0] = unsafe.Pointer(&inlen) + parms[1] = unsafe.Pointer(&in) + parms[2] = unsafe.Pointer(outlen) + parms[3] = unsafe.Pointer(&out) + parms[4] = unsafe.Pointer(&rv) + parms[5] = unsafe.Pointer(&rc) + parms[6] = unsafe.Pointer(&rn) + bpxcall(parms[:], BPX4GTH) + return rv, rc, rn +} +func ZosJobname() (jobname string, err error) { + var pgtha Pgtha + pgtha.Pid = uint32(Getpid()) + pgtha.Accesspid = PGTHA_CURRENT + pgtha.Flag1 = PGTHA_PROCESS + var out [256]byte + var outlen uint32 + outlen = 256 + rv, rc, rn := BpxGetthent(&pgtha, &outlen, unsafe.Pointer(&out[0])) + if rv == 0 { + gthc := []byte{0x87, 0xa3, 0x88, 0x83} // 'gthc' in ebcdic + ix := bytes.Index(out[:], gthc) + if ix == -1 { + err = fmt.Errorf("BPX4GTH: gthc return data not found") + return + } + jn := out[ix+80 : ix+88] // we didn't declare Pgthc, but jobname is 8-byte at offset 80 + E2a(jn) + jobname = string(bytes.TrimRight(jn, " ")) + + } else { + err = fmt.Errorf("BPX4GTH: rc=%d errno=%d reason=code=0x%x", rv, rc, rn) + } + return +} +func Bpx4ptq(code int32, data string) (rv int32, rc int32, rn int32) { + var userdata [8]byte + var parms [5]unsafe.Pointer + copy(userdata[:], data+" ") + A2e(userdata[:]) + parms[0] = unsafe.Pointer(&code) + parms[1] = unsafe.Pointer(&userdata[0]) + parms[2] = unsafe.Pointer(&rv) + parms[3] = unsafe.Pointer(&rc) + parms[4] = unsafe.Pointer(&rn) + bpxcall(parms[:], BPX4PTQ) + return rv, rc, rn +} + +const ( + PT_TRACE_ME = 0 // Debug this process + PT_READ_I = 1 // Read a full word + PT_READ_D = 2 // Read a full word + PT_READ_U = 3 // Read control info + PT_WRITE_I = 4 //Write a full word + PT_WRITE_D = 5 //Write a full word + PT_CONTINUE = 7 //Continue the process + PT_KILL = 8 //Terminate the process + PT_READ_GPR = 11 // Read GPR, CR, PSW + PT_READ_FPR = 12 // Read FPR + PT_READ_VR = 13 // Read VR + PT_WRITE_GPR = 14 // Write GPR, CR, PSW + PT_WRITE_FPR = 15 // Write FPR + PT_WRITE_VR = 16 // Write VR + PT_READ_BLOCK = 17 // Read storage + PT_WRITE_BLOCK = 19 // Write storage + PT_READ_GPRH = 20 // Read GPRH + PT_WRITE_GPRH = 21 // Write GPRH + PT_REGHSET = 22 // Read all GPRHs + PT_ATTACH = 30 // Attach to a process + PT_DETACH = 31 // Detach from a process + PT_REGSET = 32 // Read all GPRs + PT_REATTACH = 33 // Reattach to a process + PT_LDINFO = 34 // Read loader info + PT_MULTI = 35 // Multi process mode + PT_LD64INFO = 36 // RMODE64 Info Area + PT_BLOCKREQ = 40 // Block request + PT_THREAD_INFO = 60 // Read thread info + PT_THREAD_MODIFY = 61 + PT_THREAD_READ_FOCUS = 62 + PT_THREAD_WRITE_FOCUS = 63 + PT_THREAD_HOLD = 64 + PT_THREAD_SIGNAL = 65 + PT_EXPLAIN = 66 + PT_EVENTS = 67 + PT_THREAD_INFO_EXTENDED = 68 + PT_REATTACH2 = 71 + PT_CAPTURE = 72 + PT_UNCAPTURE = 73 + PT_GET_THREAD_TCB = 74 + PT_GET_ALET = 75 + PT_SWAPIN = 76 + PT_EXTENDED_EVENT = 98 + PT_RECOVER = 99 // Debug a program check + PT_GPR0 = 0 // General purpose register 0 + PT_GPR1 = 1 // General purpose register 1 + PT_GPR2 = 2 // General purpose register 2 + PT_GPR3 = 3 // General purpose register 3 + PT_GPR4 = 4 // General purpose register 4 + PT_GPR5 = 5 // General purpose register 5 + PT_GPR6 = 6 // General purpose register 6 + PT_GPR7 = 7 // General purpose register 7 + PT_GPR8 = 8 // General purpose register 8 + PT_GPR9 = 9 // General purpose register 9 + PT_GPR10 = 10 // General purpose register 10 + PT_GPR11 = 11 // General purpose register 11 + PT_GPR12 = 12 // General purpose register 12 + PT_GPR13 = 13 // General purpose register 13 + PT_GPR14 = 14 // General purpose register 14 + PT_GPR15 = 15 // General purpose register 15 + PT_FPR0 = 16 // Floating point register 0 + PT_FPR1 = 17 // Floating point register 1 + PT_FPR2 = 18 // Floating point register 2 + PT_FPR3 = 19 // Floating point register 3 + PT_FPR4 = 20 // Floating point register 4 + PT_FPR5 = 21 // Floating point register 5 + PT_FPR6 = 22 // Floating point register 6 + PT_FPR7 = 23 // Floating point register 7 + PT_FPR8 = 24 // Floating point register 8 + PT_FPR9 = 25 // Floating point register 9 + PT_FPR10 = 26 // Floating point register 10 + PT_FPR11 = 27 // Floating point register 11 + PT_FPR12 = 28 // Floating point register 12 + PT_FPR13 = 29 // Floating point register 13 + PT_FPR14 = 30 // Floating point register 14 + PT_FPR15 = 31 // Floating point register 15 + PT_FPC = 32 // Floating point control register + PT_PSW = 40 // PSW + PT_PSW0 = 40 // Left half of the PSW + PT_PSW1 = 41 // Right half of the PSW + PT_CR0 = 42 // Control register 0 + PT_CR1 = 43 // Control register 1 + PT_CR2 = 44 // Control register 2 + PT_CR3 = 45 // Control register 3 + PT_CR4 = 46 // Control register 4 + PT_CR5 = 47 // Control register 5 + PT_CR6 = 48 // Control register 6 + PT_CR7 = 49 // Control register 7 + PT_CR8 = 50 // Control register 8 + PT_CR9 = 51 // Control register 9 + PT_CR10 = 52 // Control register 10 + PT_CR11 = 53 // Control register 11 + PT_CR12 = 54 // Control register 12 + PT_CR13 = 55 // Control register 13 + PT_CR14 = 56 // Control register 14 + PT_CR15 = 57 // Control register 15 + PT_GPRH0 = 58 // GP High register 0 + PT_GPRH1 = 59 // GP High register 1 + PT_GPRH2 = 60 // GP High register 2 + PT_GPRH3 = 61 // GP High register 3 + PT_GPRH4 = 62 // GP High register 4 + PT_GPRH5 = 63 // GP High register 5 + PT_GPRH6 = 64 // GP High register 6 + PT_GPRH7 = 65 // GP High register 7 + PT_GPRH8 = 66 // GP High register 8 + PT_GPRH9 = 67 // GP High register 9 + PT_GPRH10 = 68 // GP High register 10 + PT_GPRH11 = 69 // GP High register 11 + PT_GPRH12 = 70 // GP High register 12 + PT_GPRH13 = 71 // GP High register 13 + PT_GPRH14 = 72 // GP High register 14 + PT_GPRH15 = 73 // GP High register 15 + PT_VR0 = 74 // Vector register 0 + PT_VR1 = 75 // Vector register 1 + PT_VR2 = 76 // Vector register 2 + PT_VR3 = 77 // Vector register 3 + PT_VR4 = 78 // Vector register 4 + PT_VR5 = 79 // Vector register 5 + PT_VR6 = 80 // Vector register 6 + PT_VR7 = 81 // Vector register 7 + PT_VR8 = 82 // Vector register 8 + PT_VR9 = 83 // Vector register 9 + PT_VR10 = 84 // Vector register 10 + PT_VR11 = 85 // Vector register 11 + PT_VR12 = 86 // Vector register 12 + PT_VR13 = 87 // Vector register 13 + PT_VR14 = 88 // Vector register 14 + PT_VR15 = 89 // Vector register 15 + PT_VR16 = 90 // Vector register 16 + PT_VR17 = 91 // Vector register 17 + PT_VR18 = 92 // Vector register 18 + PT_VR19 = 93 // Vector register 19 + PT_VR20 = 94 // Vector register 20 + PT_VR21 = 95 // Vector register 21 + PT_VR22 = 96 // Vector register 22 + PT_VR23 = 97 // Vector register 23 + PT_VR24 = 98 // Vector register 24 + PT_VR25 = 99 // Vector register 25 + PT_VR26 = 100 // Vector register 26 + PT_VR27 = 101 // Vector register 27 + PT_VR28 = 102 // Vector register 28 + PT_VR29 = 103 // Vector register 29 + PT_VR30 = 104 // Vector register 30 + PT_VR31 = 105 // Vector register 31 + PT_PSWG = 106 // PSWG + PT_PSWG0 = 106 // Bytes 0-3 + PT_PSWG1 = 107 // Bytes 4-7 + PT_PSWG2 = 108 // Bytes 8-11 (IA high word) + PT_PSWG3 = 109 // Bytes 12-15 (IA low word) +) + +func Bpx4ptr(request int32, pid int32, addr unsafe.Pointer, data unsafe.Pointer, buffer unsafe.Pointer) (rv int32, rc int32, rn int32) { + var parms [8]unsafe.Pointer + parms[0] = unsafe.Pointer(&request) + parms[1] = unsafe.Pointer(&pid) + parms[2] = unsafe.Pointer(&addr) + parms[3] = unsafe.Pointer(&data) + parms[4] = unsafe.Pointer(&buffer) + parms[5] = unsafe.Pointer(&rv) + parms[6] = unsafe.Pointer(&rc) + parms[7] = unsafe.Pointer(&rn) + bpxcall(parms[:], BPX4PTR) + return rv, rc, rn +} + +func copyU8(val uint8, dest []uint8) int { + if len(dest) < 1 { + return 0 + } + dest[0] = val + return 1 +} + +func copyU8Arr(src, dest []uint8) int { + if len(dest) < len(src) { + return 0 + } + for i, v := range src { + dest[i] = v + } + return len(src) +} + +func copyU16(val uint16, dest []uint16) int { + if len(dest) < 1 { + return 0 + } + dest[0] = val + return 1 +} + +func copyU32(val uint32, dest []uint32) int { + if len(dest) < 1 { + return 0 + } + dest[0] = val + return 1 +} + +func copyU32Arr(src, dest []uint32) int { + if len(dest) < len(src) { + return 0 + } + for i, v := range src { + dest[i] = v + } + return len(src) +} + +func copyU64(val uint64, dest []uint64) int { + if len(dest) < 1 { + return 0 + } + dest[0] = val + return 1 +} diff --git a/vendor/golang.org/x/sys/unix/bpxsvc_zos.s b/vendor/golang.org/x/sys/unix/bpxsvc_zos.s new file mode 100644 index 00000000000..4bd4a179821 --- /dev/null +++ b/vendor/golang.org/x/sys/unix/bpxsvc_zos.s @@ -0,0 +1,192 @@ +// Copyright 2024 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +#include "go_asm.h" +#include "textflag.h" + +// function to call USS assembly language services +// +// doc: https://www.ibm.com/support/knowledgecenter/en/SSLTBW_3.1.0/com.ibm.zos.v3r1.bpxb100/bit64env.htm +// +// arg1 unsafe.Pointer array that ressembles an OS PLIST +// +// arg2 function offset as in +// doc: https://www.ibm.com/support/knowledgecenter/en/SSLTBW_3.1.0/com.ibm.zos.v3r1.bpxb100/bpx2cr_List_of_offsets.htm +// +// func bpxcall(plist []unsafe.Pointer, bpx_offset int64) + +TEXT ·bpxcall(SB), NOSPLIT|NOFRAME, $0 + MOVD plist_base+0(FP), R1 // r1 points to plist + MOVD bpx_offset+24(FP), R2 // r2 offset to BPX vector table + MOVD R14, R7 // save r14 + MOVD R15, R8 // save r15 + MOVWZ 16(R0), R9 + MOVWZ 544(R9), R9 + MOVWZ 24(R9), R9 // call vector in r9 + ADD R2, R9 // add offset to vector table + MOVWZ (R9), R9 // r9 points to entry point + BYTE $0x0D // BL R14,R9 --> basr r14,r9 + BYTE $0xE9 // clobbers 0,1,14,15 + MOVD R8, R15 // restore 15 + JMP R7 // return via saved return address + +// func A2e(arr [] byte) +// code page conversion from 819 to 1047 +TEXT ·A2e(SB), NOSPLIT|NOFRAME, $0 + MOVD arg_base+0(FP), R2 // pointer to arry of characters + MOVD arg_len+8(FP), R3 // count + XOR R0, R0 + XOR R1, R1 + BYTE $0xA7; BYTE $0x15; BYTE $0x00; BYTE $0x82 // BRAS 1,(2+(256/2)) + + // ASCII -> EBCDIC conversion table: + BYTE $0x00; BYTE $0x01; BYTE $0x02; BYTE $0x03 + BYTE $0x37; BYTE $0x2d; BYTE $0x2e; BYTE $0x2f + BYTE $0x16; BYTE $0x05; BYTE $0x15; BYTE $0x0b + BYTE $0x0c; BYTE $0x0d; BYTE $0x0e; BYTE $0x0f + BYTE $0x10; BYTE $0x11; BYTE $0x12; BYTE $0x13 + BYTE $0x3c; BYTE $0x3d; BYTE $0x32; BYTE $0x26 + BYTE $0x18; BYTE $0x19; BYTE $0x3f; BYTE $0x27 + BYTE $0x1c; BYTE $0x1d; BYTE $0x1e; BYTE $0x1f + BYTE $0x40; BYTE $0x5a; BYTE $0x7f; BYTE $0x7b + BYTE $0x5b; BYTE $0x6c; BYTE $0x50; BYTE $0x7d + BYTE $0x4d; BYTE $0x5d; BYTE $0x5c; BYTE $0x4e + BYTE $0x6b; BYTE $0x60; BYTE $0x4b; BYTE $0x61 + BYTE $0xf0; BYTE $0xf1; BYTE $0xf2; BYTE $0xf3 + BYTE $0xf4; BYTE $0xf5; BYTE $0xf6; BYTE $0xf7 + BYTE $0xf8; BYTE $0xf9; BYTE $0x7a; BYTE $0x5e + BYTE $0x4c; BYTE $0x7e; BYTE $0x6e; BYTE $0x6f + BYTE $0x7c; BYTE $0xc1; BYTE $0xc2; BYTE $0xc3 + BYTE $0xc4; BYTE $0xc5; BYTE $0xc6; BYTE $0xc7 + BYTE $0xc8; BYTE $0xc9; BYTE $0xd1; BYTE $0xd2 + BYTE $0xd3; BYTE $0xd4; BYTE $0xd5; BYTE $0xd6 + BYTE $0xd7; BYTE $0xd8; BYTE $0xd9; BYTE $0xe2 + BYTE $0xe3; BYTE $0xe4; BYTE $0xe5; BYTE $0xe6 + BYTE $0xe7; BYTE $0xe8; BYTE $0xe9; BYTE $0xad + BYTE $0xe0; BYTE $0xbd; BYTE $0x5f; BYTE $0x6d + BYTE $0x79; BYTE $0x81; BYTE $0x82; BYTE $0x83 + BYTE $0x84; BYTE $0x85; BYTE $0x86; BYTE $0x87 + BYTE $0x88; BYTE $0x89; BYTE $0x91; BYTE $0x92 + BYTE $0x93; BYTE $0x94; BYTE $0x95; BYTE $0x96 + BYTE $0x97; BYTE $0x98; BYTE $0x99; BYTE $0xa2 + BYTE $0xa3; BYTE $0xa4; BYTE $0xa5; BYTE $0xa6 + BYTE $0xa7; BYTE $0xa8; BYTE $0xa9; BYTE $0xc0 + BYTE $0x4f; BYTE $0xd0; BYTE $0xa1; BYTE $0x07 + BYTE $0x20; BYTE $0x21; BYTE $0x22; BYTE $0x23 + BYTE $0x24; BYTE $0x25; BYTE $0x06; BYTE $0x17 + BYTE $0x28; BYTE $0x29; BYTE $0x2a; BYTE $0x2b + BYTE $0x2c; BYTE $0x09; BYTE $0x0a; BYTE $0x1b + BYTE $0x30; BYTE $0x31; BYTE $0x1a; BYTE $0x33 + BYTE $0x34; BYTE $0x35; BYTE $0x36; BYTE $0x08 + BYTE $0x38; BYTE $0x39; BYTE $0x3a; BYTE $0x3b + BYTE $0x04; BYTE $0x14; BYTE $0x3e; BYTE $0xff + BYTE $0x41; BYTE $0xaa; BYTE $0x4a; BYTE $0xb1 + BYTE $0x9f; BYTE $0xb2; BYTE $0x6a; BYTE $0xb5 + BYTE $0xbb; BYTE $0xb4; BYTE $0x9a; BYTE $0x8a + BYTE $0xb0; BYTE $0xca; BYTE $0xaf; BYTE $0xbc + BYTE $0x90; BYTE $0x8f; BYTE $0xea; BYTE $0xfa + BYTE $0xbe; BYTE $0xa0; BYTE $0xb6; BYTE $0xb3 + BYTE $0x9d; BYTE $0xda; BYTE $0x9b; BYTE $0x8b + BYTE $0xb7; BYTE $0xb8; BYTE $0xb9; BYTE $0xab + BYTE $0x64; BYTE $0x65; BYTE $0x62; BYTE $0x66 + BYTE $0x63; BYTE $0x67; BYTE $0x9e; BYTE $0x68 + BYTE $0x74; BYTE $0x71; BYTE $0x72; BYTE $0x73 + BYTE $0x78; BYTE $0x75; BYTE $0x76; BYTE $0x77 + BYTE $0xac; BYTE $0x69; BYTE $0xed; BYTE $0xee + BYTE $0xeb; BYTE $0xef; BYTE $0xec; BYTE $0xbf + BYTE $0x80; BYTE $0xfd; BYTE $0xfe; BYTE $0xfb + BYTE $0xfc; BYTE $0xba; BYTE $0xae; BYTE $0x59 + BYTE $0x44; BYTE $0x45; BYTE $0x42; BYTE $0x46 + BYTE $0x43; BYTE $0x47; BYTE $0x9c; BYTE $0x48 + BYTE $0x54; BYTE $0x51; BYTE $0x52; BYTE $0x53 + BYTE $0x58; BYTE $0x55; BYTE $0x56; BYTE $0x57 + BYTE $0x8c; BYTE $0x49; BYTE $0xcd; BYTE $0xce + BYTE $0xcb; BYTE $0xcf; BYTE $0xcc; BYTE $0xe1 + BYTE $0x70; BYTE $0xdd; BYTE $0xde; BYTE $0xdb + BYTE $0xdc; BYTE $0x8d; BYTE $0x8e; BYTE $0xdf + +retry: + WORD $0xB9931022 // TROO 2,2,b'0001' + BVS retry + RET + +// func e2a(arr [] byte) +// code page conversion from 1047 to 819 +TEXT ·E2a(SB), NOSPLIT|NOFRAME, $0 + MOVD arg_base+0(FP), R2 // pointer to arry of characters + MOVD arg_len+8(FP), R3 // count + XOR R0, R0 + XOR R1, R1 + BYTE $0xA7; BYTE $0x15; BYTE $0x00; BYTE $0x82 // BRAS 1,(2+(256/2)) + + // EBCDIC -> ASCII conversion table: + BYTE $0x00; BYTE $0x01; BYTE $0x02; BYTE $0x03 + BYTE $0x9c; BYTE $0x09; BYTE $0x86; BYTE $0x7f + BYTE $0x97; BYTE $0x8d; BYTE $0x8e; BYTE $0x0b + BYTE $0x0c; BYTE $0x0d; BYTE $0x0e; BYTE $0x0f + BYTE $0x10; BYTE $0x11; BYTE $0x12; BYTE $0x13 + BYTE $0x9d; BYTE $0x0a; BYTE $0x08; BYTE $0x87 + BYTE $0x18; BYTE $0x19; BYTE $0x92; BYTE $0x8f + BYTE $0x1c; BYTE $0x1d; BYTE $0x1e; BYTE $0x1f + BYTE $0x80; BYTE $0x81; BYTE $0x82; BYTE $0x83 + BYTE $0x84; BYTE $0x85; BYTE $0x17; BYTE $0x1b + BYTE $0x88; BYTE $0x89; BYTE $0x8a; BYTE $0x8b + BYTE $0x8c; BYTE $0x05; BYTE $0x06; BYTE $0x07 + BYTE $0x90; BYTE $0x91; BYTE $0x16; BYTE $0x93 + BYTE $0x94; BYTE $0x95; BYTE $0x96; BYTE $0x04 + BYTE $0x98; BYTE $0x99; BYTE $0x9a; BYTE $0x9b + BYTE $0x14; BYTE $0x15; BYTE $0x9e; BYTE $0x1a + BYTE $0x20; BYTE $0xa0; BYTE $0xe2; BYTE $0xe4 + BYTE $0xe0; BYTE $0xe1; BYTE $0xe3; BYTE $0xe5 + BYTE $0xe7; BYTE $0xf1; BYTE $0xa2; BYTE $0x2e + BYTE $0x3c; BYTE $0x28; BYTE $0x2b; BYTE $0x7c + BYTE $0x26; BYTE $0xe9; BYTE $0xea; BYTE $0xeb + BYTE $0xe8; BYTE $0xed; BYTE $0xee; BYTE $0xef + BYTE $0xec; BYTE $0xdf; BYTE $0x21; BYTE $0x24 + BYTE $0x2a; BYTE $0x29; BYTE $0x3b; BYTE $0x5e + BYTE $0x2d; BYTE $0x2f; BYTE $0xc2; BYTE $0xc4 + BYTE $0xc0; BYTE $0xc1; BYTE $0xc3; BYTE $0xc5 + BYTE $0xc7; BYTE $0xd1; BYTE $0xa6; BYTE $0x2c + BYTE $0x25; BYTE $0x5f; BYTE $0x3e; BYTE $0x3f + BYTE $0xf8; BYTE $0xc9; BYTE $0xca; BYTE $0xcb + BYTE $0xc8; BYTE $0xcd; BYTE $0xce; BYTE $0xcf + BYTE $0xcc; BYTE $0x60; BYTE $0x3a; BYTE $0x23 + BYTE $0x40; BYTE $0x27; BYTE $0x3d; BYTE $0x22 + BYTE $0xd8; BYTE $0x61; BYTE $0x62; BYTE $0x63 + BYTE $0x64; BYTE $0x65; BYTE $0x66; BYTE $0x67 + BYTE $0x68; BYTE $0x69; BYTE $0xab; BYTE $0xbb + BYTE $0xf0; BYTE $0xfd; BYTE $0xfe; BYTE $0xb1 + BYTE $0xb0; BYTE $0x6a; BYTE $0x6b; BYTE $0x6c + BYTE $0x6d; BYTE $0x6e; BYTE $0x6f; BYTE $0x70 + BYTE $0x71; BYTE $0x72; BYTE $0xaa; BYTE $0xba + BYTE $0xe6; BYTE $0xb8; BYTE $0xc6; BYTE $0xa4 + BYTE $0xb5; BYTE $0x7e; BYTE $0x73; BYTE $0x74 + BYTE $0x75; BYTE $0x76; BYTE $0x77; BYTE $0x78 + BYTE $0x79; BYTE $0x7a; BYTE $0xa1; BYTE $0xbf + BYTE $0xd0; BYTE $0x5b; BYTE $0xde; BYTE $0xae + BYTE $0xac; BYTE $0xa3; BYTE $0xa5; BYTE $0xb7 + BYTE $0xa9; BYTE $0xa7; BYTE $0xb6; BYTE $0xbc + BYTE $0xbd; BYTE $0xbe; BYTE $0xdd; BYTE $0xa8 + BYTE $0xaf; BYTE $0x5d; BYTE $0xb4; BYTE $0xd7 + BYTE $0x7b; BYTE $0x41; BYTE $0x42; BYTE $0x43 + BYTE $0x44; BYTE $0x45; BYTE $0x46; BYTE $0x47 + BYTE $0x48; BYTE $0x49; BYTE $0xad; BYTE $0xf4 + BYTE $0xf6; BYTE $0xf2; BYTE $0xf3; BYTE $0xf5 + BYTE $0x7d; BYTE $0x4a; BYTE $0x4b; BYTE $0x4c + BYTE $0x4d; BYTE $0x4e; BYTE $0x4f; BYTE $0x50 + BYTE $0x51; BYTE $0x52; BYTE $0xb9; BYTE $0xfb + BYTE $0xfc; BYTE $0xf9; BYTE $0xfa; BYTE $0xff + BYTE $0x5c; BYTE $0xf7; BYTE $0x53; BYTE $0x54 + BYTE $0x55; BYTE $0x56; BYTE $0x57; BYTE $0x58 + BYTE $0x59; BYTE $0x5a; BYTE $0xb2; BYTE $0xd4 + BYTE $0xd6; BYTE $0xd2; BYTE $0xd3; BYTE $0xd5 + BYTE $0x30; BYTE $0x31; BYTE $0x32; BYTE $0x33 + BYTE $0x34; BYTE $0x35; BYTE $0x36; BYTE $0x37 + BYTE $0x38; BYTE $0x39; BYTE $0xb3; BYTE $0xdb + BYTE $0xdc; BYTE $0xd9; BYTE $0xda; BYTE $0x9f + +retry: + WORD $0xB9931022 // TROO 2,2,b'0001' + BVS retry + RET diff --git a/vendor/golang.org/x/sys/unix/epoll_zos.go b/vendor/golang.org/x/sys/unix/epoll_zos.go deleted file mode 100644 index 7753fddea81..00000000000 --- a/vendor/golang.org/x/sys/unix/epoll_zos.go +++ /dev/null @@ -1,220 +0,0 @@ -// Copyright 2020 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -//go:build zos && s390x - -package unix - -import ( - "sync" -) - -// This file simulates epoll on z/OS using poll. - -// Analogous to epoll_event on Linux. -// TODO(neeilan): Pad is because the Linux kernel expects a 96-bit struct. We never pass this to the kernel; remove? -type EpollEvent struct { - Events uint32 - Fd int32 - Pad int32 -} - -const ( - EPOLLERR = 0x8 - EPOLLHUP = 0x10 - EPOLLIN = 0x1 - EPOLLMSG = 0x400 - EPOLLOUT = 0x4 - EPOLLPRI = 0x2 - EPOLLRDBAND = 0x80 - EPOLLRDNORM = 0x40 - EPOLLWRBAND = 0x200 - EPOLLWRNORM = 0x100 - EPOLL_CTL_ADD = 0x1 - EPOLL_CTL_DEL = 0x2 - EPOLL_CTL_MOD = 0x3 - // The following constants are part of the epoll API, but represent - // currently unsupported functionality on z/OS. - // EPOLL_CLOEXEC = 0x80000 - // EPOLLET = 0x80000000 - // EPOLLONESHOT = 0x40000000 - // EPOLLRDHUP = 0x2000 // Typically used with edge-triggered notis - // EPOLLEXCLUSIVE = 0x10000000 // Exclusive wake-up mode - // EPOLLWAKEUP = 0x20000000 // Relies on Linux's BLOCK_SUSPEND capability -) - -// TODO(neeilan): We can eliminate these epToPoll / pToEpoll calls by using identical mask values for POLL/EPOLL -// constants where possible The lower 16 bits of epoll events (uint32) can fit any system poll event (int16). - -// epToPollEvt converts epoll event field to poll equivalent. -// In epoll, Events is a 32-bit field, while poll uses 16 bits. -func epToPollEvt(events uint32) int16 { - var ep2p = map[uint32]int16{ - EPOLLIN: POLLIN, - EPOLLOUT: POLLOUT, - EPOLLHUP: POLLHUP, - EPOLLPRI: POLLPRI, - EPOLLERR: POLLERR, - } - - var pollEvts int16 = 0 - for epEvt, pEvt := range ep2p { - if (events & epEvt) != 0 { - pollEvts |= pEvt - } - } - - return pollEvts -} - -// pToEpollEvt converts 16 bit poll event bitfields to 32-bit epoll event fields. -func pToEpollEvt(revents int16) uint32 { - var p2ep = map[int16]uint32{ - POLLIN: EPOLLIN, - POLLOUT: EPOLLOUT, - POLLHUP: EPOLLHUP, - POLLPRI: EPOLLPRI, - POLLERR: EPOLLERR, - } - - var epollEvts uint32 = 0 - for pEvt, epEvt := range p2ep { - if (revents & pEvt) != 0 { - epollEvts |= epEvt - } - } - - return epollEvts -} - -// Per-process epoll implementation. -type epollImpl struct { - mu sync.Mutex - epfd2ep map[int]*eventPoll - nextEpfd int -} - -// eventPoll holds a set of file descriptors being watched by the process. A process can have multiple epoll instances. -// On Linux, this is an in-kernel data structure accessed through a fd. -type eventPoll struct { - mu sync.Mutex - fds map[int]*EpollEvent -} - -// epoll impl for this process. -var impl epollImpl = epollImpl{ - epfd2ep: make(map[int]*eventPoll), - nextEpfd: 0, -} - -func (e *epollImpl) epollcreate(size int) (epfd int, err error) { - e.mu.Lock() - defer e.mu.Unlock() - epfd = e.nextEpfd - e.nextEpfd++ - - e.epfd2ep[epfd] = &eventPoll{ - fds: make(map[int]*EpollEvent), - } - return epfd, nil -} - -func (e *epollImpl) epollcreate1(flag int) (fd int, err error) { - return e.epollcreate(4) -} - -func (e *epollImpl) epollctl(epfd int, op int, fd int, event *EpollEvent) (err error) { - e.mu.Lock() - defer e.mu.Unlock() - - ep, ok := e.epfd2ep[epfd] - if !ok { - - return EBADF - } - - switch op { - case EPOLL_CTL_ADD: - // TODO(neeilan): When we make epfds and fds disjoint, detect epoll - // loops here (instances watching each other) and return ELOOP. - if _, ok := ep.fds[fd]; ok { - return EEXIST - } - ep.fds[fd] = event - case EPOLL_CTL_MOD: - if _, ok := ep.fds[fd]; !ok { - return ENOENT - } - ep.fds[fd] = event - case EPOLL_CTL_DEL: - if _, ok := ep.fds[fd]; !ok { - return ENOENT - } - delete(ep.fds, fd) - - } - return nil -} - -// Must be called while holding ep.mu -func (ep *eventPoll) getFds() []int { - fds := make([]int, len(ep.fds)) - for fd := range ep.fds { - fds = append(fds, fd) - } - return fds -} - -func (e *epollImpl) epollwait(epfd int, events []EpollEvent, msec int) (n int, err error) { - e.mu.Lock() // in [rare] case of concurrent epollcreate + epollwait - ep, ok := e.epfd2ep[epfd] - - if !ok { - e.mu.Unlock() - return 0, EBADF - } - - pollfds := make([]PollFd, 4) - for fd, epollevt := range ep.fds { - pollfds = append(pollfds, PollFd{Fd: int32(fd), Events: epToPollEvt(epollevt.Events)}) - } - e.mu.Unlock() - - n, err = Poll(pollfds, msec) - if err != nil { - return n, err - } - - i := 0 - for _, pFd := range pollfds { - if pFd.Revents != 0 { - events[i] = EpollEvent{Fd: pFd.Fd, Events: pToEpollEvt(pFd.Revents)} - i++ - } - - if i == n { - break - } - } - - return n, nil -} - -func EpollCreate(size int) (fd int, err error) { - return impl.epollcreate(size) -} - -func EpollCreate1(flag int) (fd int, err error) { - return impl.epollcreate1(flag) -} - -func EpollCtl(epfd int, op int, fd int, event *EpollEvent) (err error) { - return impl.epollctl(epfd, op, fd, event) -} - -// Because EpollWait mutates events, the caller is expected to coordinate -// concurrent access if calling with the same epfd from multiple goroutines. -func EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error) { - return impl.epollwait(epfd, events, msec) -} diff --git a/vendor/golang.org/x/sys/unix/fstatfs_zos.go b/vendor/golang.org/x/sys/unix/fstatfs_zos.go deleted file mode 100644 index c8bde601e77..00000000000 --- a/vendor/golang.org/x/sys/unix/fstatfs_zos.go +++ /dev/null @@ -1,163 +0,0 @@ -// Copyright 2020 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -//go:build zos && s390x - -package unix - -import ( - "unsafe" -) - -// This file simulates fstatfs on z/OS using fstatvfs and w_getmntent. - -func Fstatfs(fd int, stat *Statfs_t) (err error) { - var stat_v Statvfs_t - err = Fstatvfs(fd, &stat_v) - if err == nil { - // populate stat - stat.Type = 0 - stat.Bsize = stat_v.Bsize - stat.Blocks = stat_v.Blocks - stat.Bfree = stat_v.Bfree - stat.Bavail = stat_v.Bavail - stat.Files = stat_v.Files - stat.Ffree = stat_v.Ffree - stat.Fsid = stat_v.Fsid - stat.Namelen = stat_v.Namemax - stat.Frsize = stat_v.Frsize - stat.Flags = stat_v.Flag - for passn := 0; passn < 5; passn++ { - switch passn { - case 0: - err = tryGetmntent64(stat) - break - case 1: - err = tryGetmntent128(stat) - break - case 2: - err = tryGetmntent256(stat) - break - case 3: - err = tryGetmntent512(stat) - break - case 4: - err = tryGetmntent1024(stat) - break - default: - break - } - //proceed to return if: err is nil (found), err is nonnil but not ERANGE (another error occurred) - if err == nil || err != nil && err != ERANGE { - break - } - } - } - return err -} - -func tryGetmntent64(stat *Statfs_t) (err error) { - var mnt_ent_buffer struct { - header W_Mnth - filesys_info [64]W_Mntent - } - var buffer_size int = int(unsafe.Sizeof(mnt_ent_buffer)) - fs_count, err := W_Getmntent((*byte)(unsafe.Pointer(&mnt_ent_buffer)), buffer_size) - if err != nil { - return err - } - err = ERANGE //return ERANGE if no match is found in this batch - for i := 0; i < fs_count; i++ { - if stat.Fsid == uint64(mnt_ent_buffer.filesys_info[i].Dev) { - stat.Type = uint32(mnt_ent_buffer.filesys_info[i].Fstname[0]) - err = nil - break - } - } - return err -} - -func tryGetmntent128(stat *Statfs_t) (err error) { - var mnt_ent_buffer struct { - header W_Mnth - filesys_info [128]W_Mntent - } - var buffer_size int = int(unsafe.Sizeof(mnt_ent_buffer)) - fs_count, err := W_Getmntent((*byte)(unsafe.Pointer(&mnt_ent_buffer)), buffer_size) - if err != nil { - return err - } - err = ERANGE //return ERANGE if no match is found in this batch - for i := 0; i < fs_count; i++ { - if stat.Fsid == uint64(mnt_ent_buffer.filesys_info[i].Dev) { - stat.Type = uint32(mnt_ent_buffer.filesys_info[i].Fstname[0]) - err = nil - break - } - } - return err -} - -func tryGetmntent256(stat *Statfs_t) (err error) { - var mnt_ent_buffer struct { - header W_Mnth - filesys_info [256]W_Mntent - } - var buffer_size int = int(unsafe.Sizeof(mnt_ent_buffer)) - fs_count, err := W_Getmntent((*byte)(unsafe.Pointer(&mnt_ent_buffer)), buffer_size) - if err != nil { - return err - } - err = ERANGE //return ERANGE if no match is found in this batch - for i := 0; i < fs_count; i++ { - if stat.Fsid == uint64(mnt_ent_buffer.filesys_info[i].Dev) { - stat.Type = uint32(mnt_ent_buffer.filesys_info[i].Fstname[0]) - err = nil - break - } - } - return err -} - -func tryGetmntent512(stat *Statfs_t) (err error) { - var mnt_ent_buffer struct { - header W_Mnth - filesys_info [512]W_Mntent - } - var buffer_size int = int(unsafe.Sizeof(mnt_ent_buffer)) - fs_count, err := W_Getmntent((*byte)(unsafe.Pointer(&mnt_ent_buffer)), buffer_size) - if err != nil { - return err - } - err = ERANGE //return ERANGE if no match is found in this batch - for i := 0; i < fs_count; i++ { - if stat.Fsid == uint64(mnt_ent_buffer.filesys_info[i].Dev) { - stat.Type = uint32(mnt_ent_buffer.filesys_info[i].Fstname[0]) - err = nil - break - } - } - return err -} - -func tryGetmntent1024(stat *Statfs_t) (err error) { - var mnt_ent_buffer struct { - header W_Mnth - filesys_info [1024]W_Mntent - } - var buffer_size int = int(unsafe.Sizeof(mnt_ent_buffer)) - fs_count, err := W_Getmntent((*byte)(unsafe.Pointer(&mnt_ent_buffer)), buffer_size) - if err != nil { - return err - } - err = ERANGE //return ERANGE if no match is found in this batch - for i := 0; i < fs_count; i++ { - if stat.Fsid == uint64(mnt_ent_buffer.filesys_info[i].Dev) { - stat.Type = uint32(mnt_ent_buffer.filesys_info[i].Fstname[0]) - err = nil - break - } - } - return err -} diff --git a/vendor/golang.org/x/sys/unix/mkerrors.sh b/vendor/golang.org/x/sys/unix/mkerrors.sh index fdcaa974d23..4ed2e488b61 100644 --- a/vendor/golang.org/x/sys/unix/mkerrors.sh +++ b/vendor/golang.org/x/sys/unix/mkerrors.sh @@ -263,6 +263,7 @@ struct ltchars { #include #include #include +#include #include #include #include @@ -549,6 +550,7 @@ ccflags="$@" $2 !~ "NLA_TYPE_MASK" && $2 !~ /^RTC_VL_(ACCURACY|BACKUP|DATA)/ && $2 ~ /^(NETLINK|NLM|NLMSG|NLA|IFA|IFAN|RT|RTC|RTCF|RTN|RTPROT|RTNH|ARPHRD|ETH_P|NETNSA)_/ || + $2 ~ /^SOCK_|SK_DIAG_|SKNLGRP_$/ || $2 ~ /^FIORDCHK$/ || $2 ~ /^SIOC/ || $2 ~ /^TIOC/ || diff --git a/vendor/golang.org/x/sys/unix/mremap.go b/vendor/golang.org/x/sys/unix/mremap.go index fd45fe529da..3a5e776f895 100644 --- a/vendor/golang.org/x/sys/unix/mremap.go +++ b/vendor/golang.org/x/sys/unix/mremap.go @@ -50,3 +50,8 @@ func (m *mremapMmapper) Mremap(oldData []byte, newLength int, flags int) (data [ func Mremap(oldData []byte, newLength int, flags int) (data []byte, err error) { return mapper.Mremap(oldData, newLength, flags) } + +func MremapPtr(oldAddr unsafe.Pointer, oldSize uintptr, newAddr unsafe.Pointer, newSize uintptr, flags int) (ret unsafe.Pointer, err error) { + xaddr, err := mapper.mremap(uintptr(oldAddr), oldSize, newSize, flags, uintptr(newAddr)) + return unsafe.Pointer(xaddr), err +} diff --git a/vendor/golang.org/x/sys/unix/pagesize_unix.go b/vendor/golang.org/x/sys/unix/pagesize_unix.go index 4d0a3430edc..0482408d7c6 100644 --- a/vendor/golang.org/x/sys/unix/pagesize_unix.go +++ b/vendor/golang.org/x/sys/unix/pagesize_unix.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris +//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos // For Unix, get the pagesize from the runtime. diff --git a/vendor/golang.org/x/sys/unix/readdirent_getdirentries.go b/vendor/golang.org/x/sys/unix/readdirent_getdirentries.go index 130398b6b76..b903c00604b 100644 --- a/vendor/golang.org/x/sys/unix/readdirent_getdirentries.go +++ b/vendor/golang.org/x/sys/unix/readdirent_getdirentries.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build darwin +//go:build darwin || zos package unix diff --git a/vendor/golang.org/x/sys/unix/sockcmsg_zos.go b/vendor/golang.org/x/sys/unix/sockcmsg_zos.go new file mode 100644 index 00000000000..3e53dbc0286 --- /dev/null +++ b/vendor/golang.org/x/sys/unix/sockcmsg_zos.go @@ -0,0 +1,58 @@ +// Copyright 2024 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Socket control messages + +package unix + +import "unsafe" + +// UnixCredentials encodes credentials into a socket control message +// for sending to another process. This can be used for +// authentication. +func UnixCredentials(ucred *Ucred) []byte { + b := make([]byte, CmsgSpace(SizeofUcred)) + h := (*Cmsghdr)(unsafe.Pointer(&b[0])) + h.Level = SOL_SOCKET + h.Type = SCM_CREDENTIALS + h.SetLen(CmsgLen(SizeofUcred)) + *(*Ucred)(h.data(0)) = *ucred + return b +} + +// ParseUnixCredentials decodes a socket control message that contains +// credentials in a Ucred structure. To receive such a message, the +// SO_PASSCRED option must be enabled on the socket. +func ParseUnixCredentials(m *SocketControlMessage) (*Ucred, error) { + if m.Header.Level != SOL_SOCKET { + return nil, EINVAL + } + if m.Header.Type != SCM_CREDENTIALS { + return nil, EINVAL + } + ucred := *(*Ucred)(unsafe.Pointer(&m.Data[0])) + return &ucred, nil +} + +// PktInfo4 encodes Inet4Pktinfo into a socket control message of type IP_PKTINFO. +func PktInfo4(info *Inet4Pktinfo) []byte { + b := make([]byte, CmsgSpace(SizeofInet4Pktinfo)) + h := (*Cmsghdr)(unsafe.Pointer(&b[0])) + h.Level = SOL_IP + h.Type = IP_PKTINFO + h.SetLen(CmsgLen(SizeofInet4Pktinfo)) + *(*Inet4Pktinfo)(h.data(0)) = *info + return b +} + +// PktInfo6 encodes Inet6Pktinfo into a socket control message of type IPV6_PKTINFO. +func PktInfo6(info *Inet6Pktinfo) []byte { + b := make([]byte, CmsgSpace(SizeofInet6Pktinfo)) + h := (*Cmsghdr)(unsafe.Pointer(&b[0])) + h.Level = SOL_IPV6 + h.Type = IPV6_PKTINFO + h.SetLen(CmsgLen(SizeofInet6Pktinfo)) + *(*Inet6Pktinfo)(h.data(0)) = *info + return b +} diff --git a/vendor/golang.org/x/sys/unix/symaddr_zos_s390x.s b/vendor/golang.org/x/sys/unix/symaddr_zos_s390x.s new file mode 100644 index 00000000000..3c4f33cb6a8 --- /dev/null +++ b/vendor/golang.org/x/sys/unix/symaddr_zos_s390x.s @@ -0,0 +1,75 @@ +// Copyright 2024 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build zos && s390x && gc + +#include "textflag.h" + +// provide the address of function variable to be fixed up. + +TEXT ·getPipe2Addr(SB), NOSPLIT|NOFRAME, $0-8 + MOVD $·Pipe2(SB), R8 + MOVD R8, ret+0(FP) + RET + +TEXT ·get_FlockAddr(SB), NOSPLIT|NOFRAME, $0-8 + MOVD $·Flock(SB), R8 + MOVD R8, ret+0(FP) + RET + +TEXT ·get_GetxattrAddr(SB), NOSPLIT|NOFRAME, $0-8 + MOVD $·Getxattr(SB), R8 + MOVD R8, ret+0(FP) + RET + +TEXT ·get_NanosleepAddr(SB), NOSPLIT|NOFRAME, $0-8 + MOVD $·Nanosleep(SB), R8 + MOVD R8, ret+0(FP) + RET + +TEXT ·get_SetxattrAddr(SB), NOSPLIT|NOFRAME, $0-8 + MOVD $·Setxattr(SB), R8 + MOVD R8, ret+0(FP) + RET + +TEXT ·get_Wait4Addr(SB), NOSPLIT|NOFRAME, $0-8 + MOVD $·Wait4(SB), R8 + MOVD R8, ret+0(FP) + RET + +TEXT ·get_MountAddr(SB), NOSPLIT|NOFRAME, $0-8 + MOVD $·Mount(SB), R8 + MOVD R8, ret+0(FP) + RET + +TEXT ·get_UnmountAddr(SB), NOSPLIT|NOFRAME, $0-8 + MOVD $·Unmount(SB), R8 + MOVD R8, ret+0(FP) + RET + +TEXT ·get_UtimesNanoAtAddr(SB), NOSPLIT|NOFRAME, $0-8 + MOVD $·UtimesNanoAt(SB), R8 + MOVD R8, ret+0(FP) + RET + +TEXT ·get_UtimesNanoAddr(SB), NOSPLIT|NOFRAME, $0-8 + MOVD $·UtimesNano(SB), R8 + MOVD R8, ret+0(FP) + RET + +TEXT ·get_MkfifoatAddr(SB), NOSPLIT|NOFRAME, $0-8 + MOVD $·Mkfifoat(SB), R8 + MOVD R8, ret+0(FP) + RET + +TEXT ·get_ChtagAddr(SB), NOSPLIT|NOFRAME, $0-8 + MOVD $·Chtag(SB), R8 + MOVD R8, ret+0(FP) + RET + +TEXT ·get_ReadlinkatAddr(SB), NOSPLIT|NOFRAME, $0-8 + MOVD $·Readlinkat(SB), R8 + MOVD R8, ret+0(FP) + RET + diff --git a/vendor/golang.org/x/sys/unix/syscall_darwin.go b/vendor/golang.org/x/sys/unix/syscall_darwin.go index 59542a897d2..4cc7b005967 100644 --- a/vendor/golang.org/x/sys/unix/syscall_darwin.go +++ b/vendor/golang.org/x/sys/unix/syscall_darwin.go @@ -542,6 +542,18 @@ func SysctlKinfoProcSlice(name string, args ...int) ([]KinfoProc, error) { } } +//sys pthread_chdir_np(path string) (err error) + +func PthreadChdir(path string) (err error) { + return pthread_chdir_np(path) +} + +//sys pthread_fchdir_np(fd int) (err error) + +func PthreadFchdir(fd int) (err error) { + return pthread_fchdir_np(fd) +} + //sys sendfile(infd int, outfd int, offset int64, len *int64, hdtr unsafe.Pointer, flags int) (err error) //sys shmat(id int, addr uintptr, flag int) (ret uintptr, err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_unix.go b/vendor/golang.org/x/sys/unix/syscall_unix.go index 77081de8c7d..4e92e5aa406 100644 --- a/vendor/golang.org/x/sys/unix/syscall_unix.go +++ b/vendor/golang.org/x/sys/unix/syscall_unix.go @@ -154,6 +154,15 @@ func Munmap(b []byte) (err error) { return mapper.Munmap(b) } +func MmapPtr(fd int, offset int64, addr unsafe.Pointer, length uintptr, prot int, flags int) (ret unsafe.Pointer, err error) { + xaddr, err := mapper.mmap(uintptr(addr), length, prot, flags, fd, offset) + return unsafe.Pointer(xaddr), err +} + +func MunmapPtr(addr unsafe.Pointer, length uintptr) (err error) { + return mapper.munmap(uintptr(addr), length) +} + func Read(fd int, p []byte) (n int, err error) { n, err = read(fd, p) if raceenabled { diff --git a/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go b/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go index 27c41b6f0a1..312ae6ac1d2 100644 --- a/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go +++ b/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go @@ -4,11 +4,21 @@ //go:build zos && s390x +// Many of the following syscalls are not available on all versions of z/OS. +// Some missing calls have legacy implementations/simulations but others +// will be missing completely. To achieve consistent failing behaviour on +// legacy systems, we first test the function pointer via a safeloading +// mechanism to see if the function exists on a given system. Then execution +// is branched to either continue the function call, or return an error. + package unix import ( "bytes" "fmt" + "os" + "reflect" + "regexp" "runtime" "sort" "strings" @@ -17,17 +27,205 @@ import ( "unsafe" ) +//go:noescape +func initZosLibVec() + +//go:noescape +func GetZosLibVec() uintptr + +func init() { + initZosLibVec() + r0, _, _ := CallLeFuncWithPtrReturn(GetZosLibVec()+SYS_____GETENV_A<<4, uintptr(unsafe.Pointer(&([]byte("__ZOS_XSYSTRACE\x00"))[0]))) + if r0 != 0 { + n, _, _ := CallLeFuncWithPtrReturn(GetZosLibVec()+SYS___ATOI_A<<4, r0) + ZosTraceLevel = int(n) + r0, _, _ := CallLeFuncWithPtrReturn(GetZosLibVec()+SYS_____GETENV_A<<4, uintptr(unsafe.Pointer(&([]byte("__ZOS_XSYSTRACEFD\x00"))[0]))) + if r0 != 0 { + fd, _, _ := CallLeFuncWithPtrReturn(GetZosLibVec()+SYS___ATOI_A<<4, r0) + f := os.NewFile(fd, "zostracefile") + if f != nil { + ZosTracefile = f + } + } + + } +} + +//go:noescape +func CallLeFuncWithErr(funcdesc uintptr, parms ...uintptr) (ret, errno2 uintptr, err Errno) + +//go:noescape +func CallLeFuncWithPtrReturn(funcdesc uintptr, parms ...uintptr) (ret, errno2 uintptr, err Errno) + +// ------------------------------- +// pointer validity test +// good pointer returns 0 +// bad pointer returns 1 +// +//go:nosplit +func ptrtest(uintptr) uint64 + +// Load memory at ptr location with error handling if the location is invalid +// +//go:noescape +func safeload(ptr uintptr) (value uintptr, error uintptr) + const ( - O_CLOEXEC = 0 // Dummy value (not supported). - AF_LOCAL = AF_UNIX // AF_LOCAL is an alias for AF_UNIX + entrypointLocationOffset = 8 // From function descriptor + + xplinkEyecatcher = 0x00c300c500c500f1 // ".C.E.E.1" + eyecatcherOffset = 16 // From function entrypoint (negative) + ppa1LocationOffset = 8 // From function entrypoint (negative) + + nameLenOffset = 0x14 // From PPA1 start + nameOffset = 0x16 // From PPA1 start ) -func syscall_syscall(trap, a1, a2, a3 uintptr) (r1, r2 uintptr, err Errno) -func syscall_rawsyscall(trap, a1, a2, a3 uintptr) (r1, r2 uintptr, err Errno) -func syscall_syscall6(trap, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2 uintptr, err Errno) -func syscall_rawsyscall6(trap, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2 uintptr, err Errno) -func syscall_syscall9(trap, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err Errno) -func syscall_rawsyscall9(trap, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err Errno) +func getPpaOffset(funcptr uintptr) int64 { + entrypoint, err := safeload(funcptr + entrypointLocationOffset) + if err != 0 { + return -1 + } + + // XPLink functions have ".C.E.E.1" as the first 8 bytes (EBCDIC) + val, err := safeload(entrypoint - eyecatcherOffset) + if err != 0 { + return -1 + } + if val != xplinkEyecatcher { + return -1 + } + + ppaoff, err := safeload(entrypoint - ppa1LocationOffset) + if err != 0 { + return -1 + } + + ppaoff >>= 32 + return int64(ppaoff) +} + +//------------------------------- +// function descriptor pointer validity test +// good pointer returns 0 +// bad pointer returns 1 + +// TODO: currently mksyscall_zos_s390x.go generate empty string for funcName +// have correct funcName pass to the funcptrtest function +func funcptrtest(funcptr uintptr, funcName string) uint64 { + entrypoint, err := safeload(funcptr + entrypointLocationOffset) + if err != 0 { + return 1 + } + + ppaoff := getPpaOffset(funcptr) + if ppaoff == -1 { + return 1 + } + + // PPA1 offset value is from the start of the entire function block, not the entrypoint + ppa1 := (entrypoint - eyecatcherOffset) + uintptr(ppaoff) + + nameLen, err := safeload(ppa1 + nameLenOffset) + if err != 0 { + return 1 + } + + nameLen >>= 48 + if nameLen > 128 { + return 1 + } + + // no function name input to argument end here + if funcName == "" { + return 0 + } + + var funcname [128]byte + for i := 0; i < int(nameLen); i += 8 { + v, err := safeload(ppa1 + nameOffset + uintptr(i)) + if err != 0 { + return 1 + } + funcname[i] = byte(v >> 56) + funcname[i+1] = byte(v >> 48) + funcname[i+2] = byte(v >> 40) + funcname[i+3] = byte(v >> 32) + funcname[i+4] = byte(v >> 24) + funcname[i+5] = byte(v >> 16) + funcname[i+6] = byte(v >> 8) + funcname[i+7] = byte(v) + } + + runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS___E2A_L<<4, // __e2a_l + []uintptr{uintptr(unsafe.Pointer(&funcname[0])), nameLen}) + + name := string(funcname[:nameLen]) + if name != funcName { + return 1 + } + + return 0 +} + +// For detection of capabilities on a system. +// Is function descriptor f a valid function? +func isValidLeFunc(f uintptr) error { + ret := funcptrtest(f, "") + if ret != 0 { + return fmt.Errorf("Bad pointer, not an LE function ") + } + return nil +} + +// Retrieve function name from descriptor +func getLeFuncName(f uintptr) (string, error) { + // assume it has been checked, only check ppa1 validity here + entry := ((*[2]uintptr)(unsafe.Pointer(f)))[1] + preamp := ((*[4]uint32)(unsafe.Pointer(entry - eyecatcherOffset))) + + offsetPpa1 := preamp[2] + if offsetPpa1 > 0x0ffff { + return "", fmt.Errorf("PPA1 offset seems too big 0x%x\n", offsetPpa1) + } + + ppa1 := uintptr(unsafe.Pointer(preamp)) + uintptr(offsetPpa1) + res := ptrtest(ppa1) + if res != 0 { + return "", fmt.Errorf("PPA1 address not valid") + } + + size := *(*uint16)(unsafe.Pointer(ppa1 + nameLenOffset)) + if size > 128 { + return "", fmt.Errorf("Function name seems too long, length=%d\n", size) + } + + var name [128]byte + funcname := (*[128]byte)(unsafe.Pointer(ppa1 + nameOffset)) + copy(name[0:size], funcname[0:size]) + + runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS___E2A_L<<4, // __e2a_l + []uintptr{uintptr(unsafe.Pointer(&name[0])), uintptr(size)}) + + return string(name[:size]), nil +} + +// Check z/OS version +func zosLeVersion() (version, release uint32) { + p1 := (*(*uintptr)(unsafe.Pointer(uintptr(1208)))) >> 32 + p1 = *(*uintptr)(unsafe.Pointer(uintptr(p1 + 88))) + p1 = *(*uintptr)(unsafe.Pointer(uintptr(p1 + 8))) + p1 = *(*uintptr)(unsafe.Pointer(uintptr(p1 + 984))) + vrm := *(*uint32)(unsafe.Pointer(p1 + 80)) + version = (vrm & 0x00ff0000) >> 16 + release = (vrm & 0x0000ff00) >> 8 + return +} + +// returns a zos C FILE * for stdio fd 0, 1, 2 +func ZosStdioFilep(fd int32) uintptr { + return uintptr(*(*uint64)(unsafe.Pointer(uintptr(*(*uint64)(unsafe.Pointer(uintptr(*(*uint64)(unsafe.Pointer(uintptr(uint64(*(*uint32)(unsafe.Pointer(uintptr(1208)))) + 80))) + uint64((fd+2)<<3)))))))) +} func copyStat(stat *Stat_t, statLE *Stat_LE_t) { stat.Dev = uint64(statLE.Dev) @@ -65,6 +263,21 @@ func (d *Dirent) NameString() string { } } +func DecodeData(dest []byte, sz int, val uint64) { + for i := 0; i < sz; i++ { + dest[sz-1-i] = byte((val >> (uint64(i * 8))) & 0xff) + } +} + +func EncodeData(data []byte) uint64 { + var value uint64 + sz := len(data) + for i := 0; i < sz; i++ { + value |= uint64(data[i]) << uint64(((sz - i - 1) * 8)) + } + return value +} + func (sa *SockaddrInet4) sockaddr() (unsafe.Pointer, _Socklen, error) { if sa.Port < 0 || sa.Port > 0xFFFF { return nil, 0, EINVAL @@ -74,7 +287,9 @@ func (sa *SockaddrInet4) sockaddr() (unsafe.Pointer, _Socklen, error) { p := (*[2]byte)(unsafe.Pointer(&sa.raw.Port)) p[0] = byte(sa.Port >> 8) p[1] = byte(sa.Port) - sa.raw.Addr = sa.Addr + for i := 0; i < len(sa.Addr); i++ { + sa.raw.Addr[i] = sa.Addr[i] + } return unsafe.Pointer(&sa.raw), _Socklen(sa.raw.Len), nil } @@ -88,7 +303,9 @@ func (sa *SockaddrInet6) sockaddr() (unsafe.Pointer, _Socklen, error) { p[0] = byte(sa.Port >> 8) p[1] = byte(sa.Port) sa.raw.Scope_id = sa.ZoneId - sa.raw.Addr = sa.Addr + for i := 0; i < len(sa.Addr); i++ { + sa.raw.Addr[i] = sa.Addr[i] + } return unsafe.Pointer(&sa.raw), _Socklen(sa.raw.Len), nil } @@ -146,7 +363,9 @@ func anyToSockaddr(_ int, rsa *RawSockaddrAny) (Sockaddr, error) { sa := new(SockaddrInet4) p := (*[2]byte)(unsafe.Pointer(&pp.Port)) sa.Port = int(p[0])<<8 + int(p[1]) - sa.Addr = pp.Addr + for i := 0; i < len(sa.Addr); i++ { + sa.Addr[i] = pp.Addr[i] + } return sa, nil case AF_INET6: @@ -155,7 +374,9 @@ func anyToSockaddr(_ int, rsa *RawSockaddrAny) (Sockaddr, error) { p := (*[2]byte)(unsafe.Pointer(&pp.Port)) sa.Port = int(p[0])<<8 + int(p[1]) sa.ZoneId = pp.Scope_id - sa.Addr = pp.Addr + for i := 0; i < len(sa.Addr); i++ { + sa.Addr[i] = pp.Addr[i] + } return sa, nil } return nil, EAFNOSUPPORT @@ -177,6 +398,43 @@ func Accept(fd int) (nfd int, sa Sockaddr, err error) { return } +func Accept4(fd int, flags int) (nfd int, sa Sockaddr, err error) { + var rsa RawSockaddrAny + var len _Socklen = SizeofSockaddrAny + nfd, err = accept4(fd, &rsa, &len, flags) + if err != nil { + return + } + if len > SizeofSockaddrAny { + panic("RawSockaddrAny too small") + } + // TODO(neeilan): Remove 0 in call + sa, err = anyToSockaddr(0, &rsa) + if err != nil { + Close(nfd) + nfd = 0 + } + return +} + +func Ctermid() (tty string, err error) { + var termdev [1025]byte + runtime.EnterSyscall() + r0, err2, err1 := CallLeFuncWithPtrReturn(GetZosLibVec()+SYS___CTERMID_A<<4, uintptr(unsafe.Pointer(&termdev[0]))) + runtime.ExitSyscall() + if r0 == 0 { + return "", fmt.Errorf("%s (errno2=0x%x)\n", err1.Error(), err2) + } + s := string(termdev[:]) + idx := strings.Index(s, string(rune(0))) + if idx == -1 { + tty = s + } else { + tty = s[:idx] + } + return +} + func (iov *Iovec) SetLen(length int) { iov.Len = uint64(length) } @@ -190,10 +448,16 @@ func (cmsg *Cmsghdr) SetLen(length int) { } //sys fcntl(fd int, cmd int, arg int) (val int, err error) +//sys Flistxattr(fd int, dest []byte) (sz int, err error) = SYS___FLISTXATTR_A +//sys Fremovexattr(fd int, attr string) (err error) = SYS___FREMOVEXATTR_A //sys read(fd int, p []byte) (n int, err error) //sys write(fd int, p []byte) (n int, err error) +//sys Fgetxattr(fd int, attr string, dest []byte) (sz int, err error) = SYS___FGETXATTR_A +//sys Fsetxattr(fd int, attr string, data []byte, flag int) (err error) = SYS___FSETXATTR_A + //sys accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) = SYS___ACCEPT_A +//sys accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) = SYS___ACCEPT4_A //sys bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) = SYS___BIND_A //sys connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) = SYS___CONNECT_A //sysnb getgroups(n int, list *_Gid_t) (nn int, err error) @@ -204,6 +468,7 @@ func (cmsg *Cmsghdr) SetLen(length int) { //sysnb socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) //sysnb getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) = SYS___GETPEERNAME_A //sysnb getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) = SYS___GETSOCKNAME_A +//sys Removexattr(path string, attr string) (err error) = SYS___REMOVEXATTR_A //sys recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) = SYS___RECVFROM_A //sys sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) = SYS___SENDTO_A //sys recvmsg(s int, msg *Msghdr, flags int) (n int, err error) = SYS___RECVMSG_A @@ -212,6 +477,10 @@ func (cmsg *Cmsghdr) SetLen(length int) { //sys munmap(addr uintptr, length uintptr) (err error) = SYS_MUNMAP //sys ioctl(fd int, req int, arg uintptr) (err error) = SYS_IOCTL //sys ioctlPtr(fd int, req int, arg unsafe.Pointer) (err error) = SYS_IOCTL +//sys shmat(id int, addr uintptr, flag int) (ret uintptr, err error) = SYS_SHMAT +//sys shmctl(id int, cmd int, buf *SysvShmDesc) (result int, err error) = SYS_SHMCTL64 +//sys shmdt(addr uintptr) (err error) = SYS_SHMDT +//sys shmget(key int, size int, flag int) (id int, err error) = SYS_SHMGET //sys Access(path string, mode uint32) (err error) = SYS___ACCESS_A //sys Chdir(path string) (err error) = SYS___CHDIR_A @@ -220,14 +489,31 @@ func (cmsg *Cmsghdr) SetLen(length int) { //sys Creat(path string, mode uint32) (fd int, err error) = SYS___CREAT_A //sys Dup(oldfd int) (fd int, err error) //sys Dup2(oldfd int, newfd int) (err error) +//sys Dup3(oldfd int, newfd int, flags int) (err error) = SYS_DUP3 +//sys Dirfd(dirp uintptr) (fd int, err error) = SYS_DIRFD +//sys EpollCreate(size int) (fd int, err error) = SYS_EPOLL_CREATE +//sys EpollCreate1(flags int) (fd int, err error) = SYS_EPOLL_CREATE1 +//sys EpollCtl(epfd int, op int, fd int, event *EpollEvent) (err error) = SYS_EPOLL_CTL +//sys EpollPwait(epfd int, events []EpollEvent, msec int, sigmask *int) (n int, err error) = SYS_EPOLL_PWAIT +//sys EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error) = SYS_EPOLL_WAIT //sys Errno2() (er2 int) = SYS___ERRNO2 -//sys Err2ad() (eadd *int) = SYS___ERR2AD +//sys Eventfd(initval uint, flags int) (fd int, err error) = SYS_EVENTFD //sys Exit(code int) +//sys Faccessat(dirfd int, path string, mode uint32, flags int) (err error) = SYS___FACCESSAT_A + +func Faccessat2(dirfd int, path string, mode uint32, flags int) (err error) { + return Faccessat(dirfd, path, mode, flags) +} + //sys Fchdir(fd int) (err error) //sys Fchmod(fd int, mode uint32) (err error) +//sys Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) = SYS___FCHMODAT_A //sys Fchown(fd int, uid int, gid int) (err error) +//sys Fchownat(fd int, path string, uid int, gid int, flags int) (err error) = SYS___FCHOWNAT_A //sys FcntlInt(fd uintptr, cmd int, arg int) (retval int, err error) = SYS_FCNTL +//sys Fdatasync(fd int) (err error) = SYS_FDATASYNC //sys fstat(fd int, stat *Stat_LE_t) (err error) +//sys fstatat(dirfd int, path string, stat *Stat_LE_t, flags int) (err error) = SYS___FSTATAT_A func Fstat(fd int, stat *Stat_t) (err error) { var statLE Stat_LE_t @@ -236,28 +522,208 @@ func Fstat(fd int, stat *Stat_t) (err error) { return } +func Fstatat(dirfd int, path string, stat *Stat_t, flags int) (err error) { + var statLE Stat_LE_t + err = fstatat(dirfd, path, &statLE, flags) + copyStat(stat, &statLE) + return +} + +func impl_Getxattr(path string, attr string, dest []byte) (sz int, err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + var _p1 *byte + _p1, err = BytePtrFromString(attr) + if err != nil { + return + } + var _p2 unsafe.Pointer + if len(dest) > 0 { + _p2 = unsafe.Pointer(&dest[0]) + } else { + _p2 = unsafe.Pointer(&_zero) + } + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___GETXATTR_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(dest))) + sz = int(r0) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +//go:nosplit +func get_GetxattrAddr() *(func(path string, attr string, dest []byte) (sz int, err error)) + +var Getxattr = enter_Getxattr + +func enter_Getxattr(path string, attr string, dest []byte) (sz int, err error) { + funcref := get_GetxattrAddr() + if validGetxattr() { + *funcref = impl_Getxattr + } else { + *funcref = error_Getxattr + } + return (*funcref)(path, attr, dest) +} + +func error_Getxattr(path string, attr string, dest []byte) (sz int, err error) { + return -1, ENOSYS +} + +func validGetxattr() bool { + if funcptrtest(GetZosLibVec()+SYS___GETXATTR_A<<4, "") == 0 { + if name, err := getLeFuncName(GetZosLibVec() + SYS___GETXATTR_A<<4); err == nil { + return name == "__getxattr_a" + } + } + return false +} + +//sys Lgetxattr(link string, attr string, dest []byte) (sz int, err error) = SYS___LGETXATTR_A +//sys Lsetxattr(path string, attr string, data []byte, flags int) (err error) = SYS___LSETXATTR_A + +func impl_Setxattr(path string, attr string, data []byte, flags int) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + var _p1 *byte + _p1, err = BytePtrFromString(attr) + if err != nil { + return + } + var _p2 unsafe.Pointer + if len(data) > 0 { + _p2 = unsafe.Pointer(&data[0]) + } else { + _p2 = unsafe.Pointer(&_zero) + } + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___SETXATTR_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(data)), uintptr(flags)) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +//go:nosplit +func get_SetxattrAddr() *(func(path string, attr string, data []byte, flags int) (err error)) + +var Setxattr = enter_Setxattr + +func enter_Setxattr(path string, attr string, data []byte, flags int) (err error) { + funcref := get_SetxattrAddr() + if validSetxattr() { + *funcref = impl_Setxattr + } else { + *funcref = error_Setxattr + } + return (*funcref)(path, attr, data, flags) +} + +func error_Setxattr(path string, attr string, data []byte, flags int) (err error) { + return ENOSYS +} + +func validSetxattr() bool { + if funcptrtest(GetZosLibVec()+SYS___SETXATTR_A<<4, "") == 0 { + if name, err := getLeFuncName(GetZosLibVec() + SYS___SETXATTR_A<<4); err == nil { + return name == "__setxattr_a" + } + } + return false +} + +//sys Fstatfs(fd int, buf *Statfs_t) (err error) = SYS_FSTATFS //sys Fstatvfs(fd int, stat *Statvfs_t) (err error) = SYS_FSTATVFS //sys Fsync(fd int) (err error) +//sys Futimes(fd int, tv []Timeval) (err error) = SYS_FUTIMES +//sys Futimesat(dirfd int, path string, tv []Timeval) (err error) = SYS___FUTIMESAT_A //sys Ftruncate(fd int, length int64) (err error) -//sys Getpagesize() (pgsize int) = SYS_GETPAGESIZE +//sys Getrandom(buf []byte, flags int) (n int, err error) = SYS_GETRANDOM +//sys InotifyInit() (fd int, err error) = SYS_INOTIFY_INIT +//sys InotifyInit1(flags int) (fd int, err error) = SYS_INOTIFY_INIT1 +//sys InotifyAddWatch(fd int, pathname string, mask uint32) (watchdesc int, err error) = SYS___INOTIFY_ADD_WATCH_A +//sys InotifyRmWatch(fd int, watchdesc uint32) (success int, err error) = SYS_INOTIFY_RM_WATCH +//sys Listxattr(path string, dest []byte) (sz int, err error) = SYS___LISTXATTR_A +//sys Llistxattr(path string, dest []byte) (sz int, err error) = SYS___LLISTXATTR_A +//sys Lremovexattr(path string, attr string) (err error) = SYS___LREMOVEXATTR_A +//sys Lutimes(path string, tv []Timeval) (err error) = SYS___LUTIMES_A //sys Mprotect(b []byte, prot int) (err error) = SYS_MPROTECT //sys Msync(b []byte, flags int) (err error) = SYS_MSYNC +//sys Console2(cmsg *ConsMsg2, modstr *byte, concmd *uint32) (err error) = SYS___CONSOLE2 + +// Pipe2 begin + +//go:nosplit +func getPipe2Addr() *(func([]int, int) error) + +var Pipe2 = pipe2Enter + +func pipe2Enter(p []int, flags int) (err error) { + if funcptrtest(GetZosLibVec()+SYS_PIPE2<<4, "") == 0 { + *getPipe2Addr() = pipe2Impl + } else { + *getPipe2Addr() = pipe2Error + } + return (*getPipe2Addr())(p, flags) +} + +func pipe2Impl(p []int, flags int) (err error) { + var pp [2]_C_int + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_PIPE2<<4, uintptr(unsafe.Pointer(&pp[0])), uintptr(flags)) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } else { + p[0] = int(pp[0]) + p[1] = int(pp[1]) + } + return +} +func pipe2Error(p []int, flags int) (err error) { + return fmt.Errorf("Pipe2 is not available on this system") +} + +// Pipe2 end + //sys Poll(fds []PollFd, timeout int) (n int, err error) = SYS_POLL + +func Readdir(dir uintptr) (dirent *Dirent, err error) { + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___READDIR_A<<4, uintptr(dir)) + runtime.ExitSyscall() + dirent = (*Dirent)(unsafe.Pointer(r0)) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +//sys Readdir_r(dirp uintptr, entry *direntLE, result **direntLE) (err error) = SYS___READDIR_R_A +//sys Statfs(path string, buf *Statfs_t) (err error) = SYS___STATFS_A +//sys Syncfs(fd int) (err error) = SYS_SYNCFS //sys Times(tms *Tms) (ticks uintptr, err error) = SYS_TIMES //sys W_Getmntent(buff *byte, size int) (lastsys int, err error) = SYS_W_GETMNTENT //sys W_Getmntent_A(buff *byte, size int) (lastsys int, err error) = SYS___W_GETMNTENT_A //sys mount_LE(path string, filesystem string, fstype string, mtm uint32, parmlen int32, parm string) (err error) = SYS___MOUNT_A -//sys unmount(filesystem string, mtm int) (err error) = SYS___UMOUNT_A +//sys unmount_LE(filesystem string, mtm int) (err error) = SYS___UMOUNT_A //sys Chroot(path string) (err error) = SYS___CHROOT_A //sys Select(nmsgsfds int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (ret int, err error) = SYS_SELECT -//sysnb Uname(buf *Utsname) (err error) = SYS___UNAME_A +//sysnb Uname(buf *Utsname) (err error) = SYS_____OSNAME_A +//sys Unshare(flags int) (err error) = SYS_UNSHARE func Ptsname(fd int) (name string, err error) { - r0, _, e1 := syscall_syscall(SYS___PTSNAME_A, uintptr(fd), 0, 0) - name = u2s(unsafe.Pointer(r0)) - if e1 != 0 { - err = errnoErr(e1) + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithPtrReturn(GetZosLibVec()+SYS___PTSNAME_A<<4, uintptr(fd)) + runtime.ExitSyscall() + if r0 == 0 { + err = errnoErr2(e1, e2) + } else { + name = u2s(unsafe.Pointer(r0)) } return } @@ -272,13 +738,19 @@ func u2s(cstr unsafe.Pointer) string { } func Close(fd int) (err error) { - _, _, e1 := syscall_syscall(SYS_CLOSE, uintptr(fd), 0, 0) + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_CLOSE<<4, uintptr(fd)) + runtime.ExitSyscall() for i := 0; e1 == EAGAIN && i < 10; i++ { - _, _, _ = syscall_syscall(SYS_USLEEP, uintptr(10), 0, 0) - _, _, e1 = syscall_syscall(SYS_CLOSE, uintptr(fd), 0, 0) + runtime.EnterSyscall() + CallLeFuncWithErr(GetZosLibVec()+SYS_USLEEP<<4, uintptr(10)) + runtime.ExitSyscall() + runtime.EnterSyscall() + r0, e2, e1 = CallLeFuncWithErr(GetZosLibVec()+SYS_CLOSE<<4, uintptr(fd)) + runtime.ExitSyscall() } - if e1 != 0 { - err = errnoErr(e1) + if r0 != 0 { + err = errnoErr2(e1, e2) } return } @@ -288,9 +760,15 @@ func Madvise(b []byte, advice int) (err error) { return } +func Mmap(fd int, offset int64, length int, prot int, flags int) (data []byte, err error) { + return mapper.Mmap(fd, offset, length, prot, flags) +} + +func Munmap(b []byte) (err error) { + return mapper.Munmap(b) +} + //sys Gethostname(buf []byte) (err error) = SYS___GETHOSTNAME_A -//sysnb Getegid() (egid int) -//sysnb Geteuid() (uid int) //sysnb Getgid() (gid int) //sysnb Getpid() (pid int) //sysnb Getpgid(pid int) (pgid int, err error) = SYS_GETPGID @@ -317,11 +795,14 @@ func Getrusage(who int, rusage *Rusage) (err error) { return } +//sys Getegid() (egid int) = SYS_GETEGID +//sys Geteuid() (euid int) = SYS_GETEUID //sysnb Getsid(pid int) (sid int, err error) = SYS_GETSID //sysnb Getuid() (uid int) //sysnb Kill(pid int, sig Signal) (err error) //sys Lchown(path string, uid int, gid int) (err error) = SYS___LCHOWN_A //sys Link(path string, link string) (err error) = SYS___LINK_A +//sys Linkat(oldDirFd int, oldPath string, newDirFd int, newPath string, flags int) (err error) = SYS___LINKAT_A //sys Listen(s int, n int) (err error) //sys lstat(path string, stat *Stat_LE_t) (err error) = SYS___LSTAT_A @@ -332,15 +813,150 @@ func Lstat(path string, stat *Stat_t) (err error) { return } +// for checking symlinks begins with $VERSION/ $SYSNAME/ $SYSSYMR/ $SYSSYMA/ +func isSpecialPath(path []byte) (v bool) { + var special = [4][8]byte{ + [8]byte{'V', 'E', 'R', 'S', 'I', 'O', 'N', '/'}, + [8]byte{'S', 'Y', 'S', 'N', 'A', 'M', 'E', '/'}, + [8]byte{'S', 'Y', 'S', 'S', 'Y', 'M', 'R', '/'}, + [8]byte{'S', 'Y', 'S', 'S', 'Y', 'M', 'A', '/'}} + + var i, j int + for i = 0; i < len(special); i++ { + for j = 0; j < len(special[i]); j++ { + if path[j] != special[i][j] { + break + } + } + if j == len(special[i]) { + return true + } + } + return false +} + +func realpath(srcpath string, abspath []byte) (pathlen int, errno int) { + var source [1024]byte + copy(source[:], srcpath) + source[len(srcpath)] = 0 + ret := runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS___REALPATH_A<<4, //__realpath_a() + []uintptr{uintptr(unsafe.Pointer(&source[0])), + uintptr(unsafe.Pointer(&abspath[0]))}) + if ret != 0 { + index := bytes.IndexByte(abspath[:], byte(0)) + if index != -1 { + return index, 0 + } + } else { + errptr := (*int)(unsafe.Pointer(runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS___ERRNO<<4, []uintptr{}))) //__errno() + return 0, *errptr + } + return 0, 245 // EBADDATA 245 +} + +func Readlink(path string, buf []byte) (n int, err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + var _p1 unsafe.Pointer + if len(buf) > 0 { + _p1 = unsafe.Pointer(&buf[0]) + } else { + _p1 = unsafe.Pointer(&_zero) + } + n = int(runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS___READLINK_A<<4, + []uintptr{uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf))})) + runtime.KeepAlive(unsafe.Pointer(_p0)) + if n == -1 { + value := *(*int32)(unsafe.Pointer(runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS___ERRNO<<4, []uintptr{}))) + err = errnoErr(Errno(value)) + } else { + if buf[0] == '$' { + if isSpecialPath(buf[1:9]) { + cnt, err1 := realpath(path, buf) + if err1 == 0 { + n = cnt + } + } + } + } + return +} + +func impl_Readlinkat(dirfd int, path string, buf []byte) (n int, err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + var _p1 unsafe.Pointer + if len(buf) > 0 { + _p1 = unsafe.Pointer(&buf[0]) + } else { + _p1 = unsafe.Pointer(&_zero) + } + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___READLINKAT_A<<4, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf))) + runtime.ExitSyscall() + n = int(r0) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + return n, err + } else { + if buf[0] == '$' { + if isSpecialPath(buf[1:9]) { + cnt, err1 := realpath(path, buf) + if err1 == 0 { + n = cnt + } + } + } + } + return +} + +//go:nosplit +func get_ReadlinkatAddr() *(func(dirfd int, path string, buf []byte) (n int, err error)) + +var Readlinkat = enter_Readlinkat + +func enter_Readlinkat(dirfd int, path string, buf []byte) (n int, err error) { + funcref := get_ReadlinkatAddr() + if funcptrtest(GetZosLibVec()+SYS___READLINKAT_A<<4, "") == 0 { + *funcref = impl_Readlinkat + } else { + *funcref = error_Readlinkat + } + return (*funcref)(dirfd, path, buf) +} + +func error_Readlinkat(dirfd int, path string, buf []byte) (n int, err error) { + n = -1 + err = ENOSYS + return +} + //sys Mkdir(path string, mode uint32) (err error) = SYS___MKDIR_A +//sys Mkdirat(dirfd int, path string, mode uint32) (err error) = SYS___MKDIRAT_A //sys Mkfifo(path string, mode uint32) (err error) = SYS___MKFIFO_A //sys Mknod(path string, mode uint32, dev int) (err error) = SYS___MKNOD_A +//sys Mknodat(dirfd int, path string, mode uint32, dev int) (err error) = SYS___MKNODAT_A +//sys PivotRoot(newroot string, oldroot string) (err error) = SYS___PIVOT_ROOT_A //sys Pread(fd int, p []byte, offset int64) (n int, err error) //sys Pwrite(fd int, p []byte, offset int64) (n int, err error) -//sys Readlink(path string, buf []byte) (n int, err error) = SYS___READLINK_A +//sys Prctl(option int, arg2 uintptr, arg3 uintptr, arg4 uintptr, arg5 uintptr) (err error) = SYS___PRCTL_A +//sysnb Prlimit(pid int, resource int, newlimit *Rlimit, old *Rlimit) (err error) = SYS_PRLIMIT //sys Rename(from string, to string) (err error) = SYS___RENAME_A +//sys Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) = SYS___RENAMEAT_A +//sys Renameat2(olddirfd int, oldpath string, newdirfd int, newpath string, flags uint) (err error) = SYS___RENAMEAT2_A //sys Rmdir(path string) (err error) = SYS___RMDIR_A //sys Seek(fd int, offset int64, whence int) (off int64, err error) = SYS_LSEEK +//sys Setegid(egid int) (err error) = SYS_SETEGID +//sys Seteuid(euid int) (err error) = SYS_SETEUID +//sys Sethostname(p []byte) (err error) = SYS___SETHOSTNAME_A +//sys Setns(fd int, nstype int) (err error) = SYS_SETNS //sys Setpriority(which int, who int, prio int) (err error) //sysnb Setpgid(pid int, pgid int) (err error) = SYS_SETPGID //sysnb Setrlimit(resource int, lim *Rlimit) (err error) @@ -360,32 +976,57 @@ func Stat(path string, sta *Stat_t) (err error) { } //sys Symlink(path string, link string) (err error) = SYS___SYMLINK_A +//sys Symlinkat(oldPath string, dirfd int, newPath string) (err error) = SYS___SYMLINKAT_A //sys Sync() = SYS_SYNC //sys Truncate(path string, length int64) (err error) = SYS___TRUNCATE_A //sys Tcgetattr(fildes int, termptr *Termios) (err error) = SYS_TCGETATTR //sys Tcsetattr(fildes int, when int, termptr *Termios) (err error) = SYS_TCSETATTR //sys Umask(mask int) (oldmask int) //sys Unlink(path string) (err error) = SYS___UNLINK_A +//sys Unlinkat(dirfd int, path string, flags int) (err error) = SYS___UNLINKAT_A //sys Utime(path string, utim *Utimbuf) (err error) = SYS___UTIME_A //sys open(path string, mode int, perm uint32) (fd int, err error) = SYS___OPEN_A func Open(path string, mode int, perm uint32) (fd int, err error) { + if mode&O_ACCMODE == 0 { + mode |= O_RDONLY + } return open(path, mode, perm) } -func Mkfifoat(dirfd int, path string, mode uint32) (err error) { - wd, err := Getwd() - if err != nil { - return err +//sys openat(dirfd int, path string, flags int, mode uint32) (fd int, err error) = SYS___OPENAT_A + +func Openat(dirfd int, path string, flags int, mode uint32) (fd int, err error) { + if flags&O_ACCMODE == 0 { + flags |= O_RDONLY } + return openat(dirfd, path, flags, mode) +} - if err := Fchdir(dirfd); err != nil { - return err +//sys openat2(dirfd int, path string, open_how *OpenHow, size int) (fd int, err error) = SYS___OPENAT2_A + +func Openat2(dirfd int, path string, how *OpenHow) (fd int, err error) { + if how.Flags&O_ACCMODE == 0 { + how.Flags |= O_RDONLY } - defer Chdir(wd) + return openat2(dirfd, path, how, SizeofOpenHow) +} - return Mkfifo(path, mode) +func ZosFdToPath(dirfd int) (path string, err error) { + var buffer [1024]byte + runtime.EnterSyscall() + ret, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_W_IOCTL<<4, uintptr(dirfd), 17, 1024, uintptr(unsafe.Pointer(&buffer[0]))) + runtime.ExitSyscall() + if ret == 0 { + zb := bytes.IndexByte(buffer[:], 0) + if zb == -1 { + zb = len(buffer) + } + CallLeFuncWithErr(GetZosLibVec()+SYS___E2A_L<<4, uintptr(unsafe.Pointer(&buffer[0])), uintptr(zb)) + return string(buffer[:zb]), nil + } + return "", errnoErr2(e1, e2) } //sys remove(path string) (err error) @@ -403,10 +1044,12 @@ func Getcwd(buf []byte) (n int, err error) { } else { p = unsafe.Pointer(&_zero) } - _, _, e := syscall_syscall(SYS___GETCWD_A, uintptr(p), uintptr(len(buf)), 0) + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithPtrReturn(GetZosLibVec()+SYS___GETCWD_A<<4, uintptr(p), uintptr(len(buf))) + runtime.ExitSyscall() n = clen(buf) + 1 - if e != 0 { - err = errnoErr(e) + if r0 == 0 { + err = errnoErr2(e1, e2) } return } @@ -520,9 +1163,41 @@ func (w WaitStatus) StopSignal() Signal { func (w WaitStatus) TrapCause() int { return -1 } +//sys waitid(idType int, id int, info *Siginfo, options int) (err error) + +func Waitid(idType int, id int, info *Siginfo, options int, rusage *Rusage) (err error) { + return waitid(idType, id, info, options) +} + //sys waitpid(pid int, wstatus *_C_int, options int) (wpid int, err error) -func Wait4(pid int, wstatus *WaitStatus, options int, rusage *Rusage) (wpid int, err error) { +func impl_Wait4(pid int, wstatus *WaitStatus, options int, rusage *Rusage) (wpid int, err error) { + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_WAIT4<<4, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage))) + runtime.ExitSyscall() + wpid = int(r0) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +//go:nosplit +func get_Wait4Addr() *(func(pid int, wstatus *WaitStatus, options int, rusage *Rusage) (wpid int, err error)) + +var Wait4 = enter_Wait4 + +func enter_Wait4(pid int, wstatus *WaitStatus, options int, rusage *Rusage) (wpid int, err error) { + funcref := get_Wait4Addr() + if funcptrtest(GetZosLibVec()+SYS_WAIT4<<4, "") == 0 { + *funcref = impl_Wait4 + } else { + *funcref = legacyWait4 + } + return (*funcref)(pid, wstatus, options, rusage) +} + +func legacyWait4(pid int, wstatus *WaitStatus, options int, rusage *Rusage) (wpid int, err error) { // TODO(mundaym): z/OS doesn't have wait4. I don't think getrusage does what we want. // At the moment rusage will not be touched. var status _C_int @@ -571,23 +1246,62 @@ func Pipe(p []int) (err error) { } var pp [2]_C_int err = pipe(&pp) - if err == nil { - p[0] = int(pp[0]) - p[1] = int(pp[1]) - } + p[0] = int(pp[0]) + p[1] = int(pp[1]) return } //sys utimes(path string, timeval *[2]Timeval) (err error) = SYS___UTIMES_A func Utimes(path string, tv []Timeval) (err error) { + if tv == nil { + return utimes(path, nil) + } if len(tv) != 2 { return EINVAL } return utimes(path, (*[2]Timeval)(unsafe.Pointer(&tv[0]))) } -func UtimesNano(path string, ts []Timespec) error { +//sys utimensat(dirfd int, path string, ts *[2]Timespec, flags int) (err error) = SYS___UTIMENSAT_A + +func validUtimensat() bool { + if funcptrtest(GetZosLibVec()+SYS___UTIMENSAT_A<<4, "") == 0 { + if name, err := getLeFuncName(GetZosLibVec() + SYS___UTIMENSAT_A<<4); err == nil { + return name == "__utimensat_a" + } + } + return false +} + +// Begin UtimesNano + +//go:nosplit +func get_UtimesNanoAddr() *(func(path string, ts []Timespec) (err error)) + +var UtimesNano = enter_UtimesNano + +func enter_UtimesNano(path string, ts []Timespec) (err error) { + funcref := get_UtimesNanoAddr() + if validUtimensat() { + *funcref = utimesNanoImpl + } else { + *funcref = legacyUtimesNano + } + return (*funcref)(path, ts) +} + +func utimesNanoImpl(path string, ts []Timespec) (err error) { + if ts == nil { + return utimensat(AT_FDCWD, path, nil, 0) + } + if len(ts) != 2 { + return EINVAL + } + return utimensat(AT_FDCWD, path, (*[2]Timespec)(unsafe.Pointer(&ts[0])), 0) +} + +func legacyUtimesNano(path string, ts []Timespec) (err error) { if len(ts) != 2 { return EINVAL } @@ -600,6 +1314,70 @@ func UtimesNano(path string, ts []Timespec) error { return utimes(path, (*[2]Timeval)(unsafe.Pointer(&tv[0]))) } +// End UtimesNano + +// Begin UtimesNanoAt + +//go:nosplit +func get_UtimesNanoAtAddr() *(func(dirfd int, path string, ts []Timespec, flags int) (err error)) + +var UtimesNanoAt = enter_UtimesNanoAt + +func enter_UtimesNanoAt(dirfd int, path string, ts []Timespec, flags int) (err error) { + funcref := get_UtimesNanoAtAddr() + if validUtimensat() { + *funcref = utimesNanoAtImpl + } else { + *funcref = legacyUtimesNanoAt + } + return (*funcref)(dirfd, path, ts, flags) +} + +func utimesNanoAtImpl(dirfd int, path string, ts []Timespec, flags int) (err error) { + if ts == nil { + return utimensat(dirfd, path, nil, flags) + } + if len(ts) != 2 { + return EINVAL + } + return utimensat(dirfd, path, (*[2]Timespec)(unsafe.Pointer(&ts[0])), flags) +} + +func legacyUtimesNanoAt(dirfd int, path string, ts []Timespec, flags int) (err error) { + if path[0] != '/' { + dirPath, err := ZosFdToPath(dirfd) + if err != nil { + return err + } + path = dirPath + "/" + path + } + if flags == AT_SYMLINK_NOFOLLOW { + if len(ts) != 2 { + return EINVAL + } + + if ts[0].Nsec >= 5e8 { + ts[0].Sec++ + } + ts[0].Nsec = 0 + if ts[1].Nsec >= 5e8 { + ts[1].Sec++ + } + ts[1].Nsec = 0 + + // Not as efficient as it could be because Timespec and + // Timeval have different types in the different OSes + tv := []Timeval{ + NsecToTimeval(TimespecToNsec(ts[0])), + NsecToTimeval(TimespecToNsec(ts[1])), + } + return Lutimes(path, tv) + } + return UtimesNano(path, ts) +} + +// End UtimesNanoAt + func Getsockname(fd int) (sa Sockaddr, err error) { var rsa RawSockaddrAny var len _Socklen = SizeofSockaddrAny @@ -1191,62 +1969,41 @@ func Opendir(name string) (uintptr, error) { if err != nil { return 0, err } - dir, _, e := syscall_syscall(SYS___OPENDIR_A, uintptr(unsafe.Pointer(p)), 0, 0) - runtime.KeepAlive(unsafe.Pointer(p)) - if e != 0 { - err = errnoErr(e) - } - return dir, err -} - -// clearsyscall.Errno resets the errno value to 0. -func clearErrno() - -func Readdir(dir uintptr) (*Dirent, error) { - var ent Dirent - var res uintptr - // __readdir_r_a returns errno at the end of the directory stream, rather than 0. - // Therefore to avoid false positives we clear errno before calling it. - - // TODO(neeilan): Commented this out to get sys/unix compiling on z/OS. Uncomment and fix. Error: "undefined: clearsyscall" - //clearsyscall.Errno() // TODO(mundaym): check pre-emption rules. - - e, _, _ := syscall_syscall(SYS___READDIR_R_A, dir, uintptr(unsafe.Pointer(&ent)), uintptr(unsafe.Pointer(&res))) - var err error - if e != 0 { - err = errnoErr(Errno(e)) - } - if res == 0 { - return nil, err - } - return &ent, err -} - -func readdir_r(dirp uintptr, entry *direntLE, result **direntLE) (err error) { - r0, _, e1 := syscall_syscall(SYS___READDIR_R_A, dirp, uintptr(unsafe.Pointer(entry)), uintptr(unsafe.Pointer(result))) - if int64(r0) == -1 { - err = errnoErr(Errno(e1)) + err = nil + runtime.EnterSyscall() + dir, e2, e1 := CallLeFuncWithPtrReturn(GetZosLibVec()+SYS___OPENDIR_A<<4, uintptr(unsafe.Pointer(p))) + runtime.ExitSyscall() + runtime.KeepAlive(unsafe.Pointer(p)) + if dir == 0 { + err = errnoErr2(e1, e2) } - return + return dir, err } +// clearsyscall.Errno resets the errno value to 0. +func clearErrno() + func Closedir(dir uintptr) error { - _, _, e := syscall_syscall(SYS_CLOSEDIR, dir, 0, 0) - if e != 0 { - return errnoErr(e) + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_CLOSEDIR<<4, dir) + runtime.ExitSyscall() + if r0 != 0 { + return errnoErr2(e1, e2) } return nil } func Seekdir(dir uintptr, pos int) { - _, _, _ = syscall_syscall(SYS_SEEKDIR, dir, uintptr(pos), 0) + runtime.EnterSyscall() + CallLeFuncWithErr(GetZosLibVec()+SYS_SEEKDIR<<4, dir, uintptr(pos)) + runtime.ExitSyscall() } func Telldir(dir uintptr) (int, error) { - p, _, e := syscall_syscall(SYS_TELLDIR, dir, 0, 0) + p, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_TELLDIR<<4, dir) pos := int(p) - if pos == -1 { - return pos, errnoErr(e) + if int64(p) == -1 { + return pos, errnoErr2(e1, e2) } return pos, nil } @@ -1261,19 +2018,55 @@ func FcntlFlock(fd uintptr, cmd int, lk *Flock_t) error { *(*int64)(unsafe.Pointer(&flock[4])) = lk.Start *(*int64)(unsafe.Pointer(&flock[12])) = lk.Len *(*int32)(unsafe.Pointer(&flock[20])) = lk.Pid - _, _, errno := syscall_syscall(SYS_FCNTL, fd, uintptr(cmd), uintptr(unsafe.Pointer(&flock))) + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_FCNTL<<4, fd, uintptr(cmd), uintptr(unsafe.Pointer(&flock))) + runtime.ExitSyscall() lk.Type = *(*int16)(unsafe.Pointer(&flock[0])) lk.Whence = *(*int16)(unsafe.Pointer(&flock[2])) lk.Start = *(*int64)(unsafe.Pointer(&flock[4])) lk.Len = *(*int64)(unsafe.Pointer(&flock[12])) lk.Pid = *(*int32)(unsafe.Pointer(&flock[20])) - if errno == 0 { + if r0 == 0 { return nil } - return errno + return errnoErr2(e1, e2) +} + +func impl_Flock(fd int, how int) (err error) { + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_FLOCK<<4, uintptr(fd), uintptr(how)) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +//go:nosplit +func get_FlockAddr() *(func(fd int, how int) (err error)) + +var Flock = enter_Flock + +func validFlock(fp uintptr) bool { + if funcptrtest(GetZosLibVec()+SYS_FLOCK<<4, "") == 0 { + if name, err := getLeFuncName(GetZosLibVec() + SYS_FLOCK<<4); err == nil { + return name == "flock" + } + } + return false +} + +func enter_Flock(fd int, how int) (err error) { + funcref := get_FlockAddr() + if validFlock(GetZosLibVec() + SYS_FLOCK<<4) { + *funcref = impl_Flock + } else { + *funcref = legacyFlock + } + return (*funcref)(fd, how) } -func Flock(fd int, how int) error { +func legacyFlock(fd int, how int) error { var flock_type int16 var fcntl_cmd int @@ -1307,41 +2100,51 @@ func Flock(fd int, how int) error { } func Mlock(b []byte) (err error) { - _, _, e1 := syscall_syscall(SYS___MLOCKALL, _BPX_NONSWAP, 0, 0) - if e1 != 0 { - err = errnoErr(e1) + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___MLOCKALL<<4, _BPX_NONSWAP) + runtime.ExitSyscall() + if r0 != 0 { + err = errnoErr2(e1, e2) } return } func Mlock2(b []byte, flags int) (err error) { - _, _, e1 := syscall_syscall(SYS___MLOCKALL, _BPX_NONSWAP, 0, 0) - if e1 != 0 { - err = errnoErr(e1) + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___MLOCKALL<<4, _BPX_NONSWAP) + runtime.ExitSyscall() + if r0 != 0 { + err = errnoErr2(e1, e2) } return } func Mlockall(flags int) (err error) { - _, _, e1 := syscall_syscall(SYS___MLOCKALL, _BPX_NONSWAP, 0, 0) - if e1 != 0 { - err = errnoErr(e1) + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___MLOCKALL<<4, _BPX_NONSWAP) + runtime.ExitSyscall() + if r0 != 0 { + err = errnoErr2(e1, e2) } return } func Munlock(b []byte) (err error) { - _, _, e1 := syscall_syscall(SYS___MLOCKALL, _BPX_SWAP, 0, 0) - if e1 != 0 { - err = errnoErr(e1) + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___MLOCKALL<<4, _BPX_SWAP) + runtime.ExitSyscall() + if r0 != 0 { + err = errnoErr2(e1, e2) } return } func Munlockall() (err error) { - _, _, e1 := syscall_syscall(SYS___MLOCKALL, _BPX_SWAP, 0, 0) - if e1 != 0 { - err = errnoErr(e1) + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___MLOCKALL<<4, _BPX_SWAP) + runtime.ExitSyscall() + if r0 != 0 { + err = errnoErr2(e1, e2) } return } @@ -1372,15 +2175,104 @@ func ClockGettime(clockid int32, ts *Timespec) error { return nil } -func Statfs(path string, stat *Statfs_t) (err error) { - fd, err := open(path, O_RDONLY, 0) - defer Close(fd) - if err != nil { - return err +// Chtag + +//go:nosplit +func get_ChtagAddr() *(func(path string, ccsid uint64, textbit uint64) error) + +var Chtag = enter_Chtag + +func enter_Chtag(path string, ccsid uint64, textbit uint64) error { + funcref := get_ChtagAddr() + if validSetxattr() { + *funcref = impl_Chtag + } else { + *funcref = legacy_Chtag + } + return (*funcref)(path, ccsid, textbit) +} + +func legacy_Chtag(path string, ccsid uint64, textbit uint64) error { + tag := ccsid<<16 | textbit<<15 + var tag_buff [8]byte + DecodeData(tag_buff[:], 8, tag) + return Setxattr(path, "filetag", tag_buff[:], XATTR_REPLACE) +} + +func impl_Chtag(path string, ccsid uint64, textbit uint64) error { + tag := ccsid<<16 | textbit<<15 + var tag_buff [4]byte + DecodeData(tag_buff[:], 4, tag) + return Setxattr(path, "system.filetag", tag_buff[:], XATTR_REPLACE) +} + +// End of Chtag + +// Nanosleep + +//go:nosplit +func get_NanosleepAddr() *(func(time *Timespec, leftover *Timespec) error) + +var Nanosleep = enter_Nanosleep + +func enter_Nanosleep(time *Timespec, leftover *Timespec) error { + funcref := get_NanosleepAddr() + if funcptrtest(GetZosLibVec()+SYS_NANOSLEEP<<4, "") == 0 { + *funcref = impl_Nanosleep + } else { + *funcref = legacyNanosleep + } + return (*funcref)(time, leftover) +} + +func impl_Nanosleep(time *Timespec, leftover *Timespec) error { + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_NANOSLEEP<<4, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover))) + runtime.ExitSyscall() + if int64(r0) == -1 { + return errnoErr2(e1, e2) + } + return nil +} + +func legacyNanosleep(time *Timespec, leftover *Timespec) error { + t0 := runtime.Nanotime1() + var secrem uint32 + var nsecrem uint32 + total := time.Sec*1000000000 + time.Nsec + elapsed := runtime.Nanotime1() - t0 + var rv int32 + var rc int32 + var err error + // repeatedly sleep for 1 second until less than 1 second left + for total-elapsed > 1000000000 { + rv, rc, _ = BpxCondTimedWait(uint32(1), uint32(0), uint32(CW_CONDVAR), &secrem, &nsecrem) + if rv != 0 && rc != 112 { // 112 is EAGAIN + if leftover != nil && rc == 120 { // 120 is EINTR + leftover.Sec = int64(secrem) + leftover.Nsec = int64(nsecrem) + } + err = Errno(rc) + return err + } + elapsed = runtime.Nanotime1() - t0 + } + // sleep the remainder + if total > elapsed { + rv, rc, _ = BpxCondTimedWait(uint32(0), uint32(total-elapsed), uint32(CW_CONDVAR), &secrem, &nsecrem) + } + if leftover != nil && rc == 120 { + leftover.Sec = int64(secrem) + leftover.Nsec = int64(nsecrem) } - return Fstatfs(fd, stat) + if rv != 0 && rc != 112 { + err = Errno(rc) + } + return err } +// End of Nanosleep + var ( Stdin = 0 Stdout = 1 @@ -1395,6 +2287,9 @@ var ( errENOENT error = syscall.ENOENT ) +var ZosTraceLevel int +var ZosTracefile *os.File + var ( signalNameMapOnce sync.Once signalNameMap map[string]syscall.Signal @@ -1416,6 +2311,56 @@ func errnoErr(e Errno) error { return e } +var reg *regexp.Regexp + +// enhanced with zos specific errno2 +func errnoErr2(e Errno, e2 uintptr) error { + switch e { + case 0: + return nil + case EAGAIN: + return errEAGAIN + /* + Allow the retrieval of errno2 for EINVAL and ENOENT on zos + case EINVAL: + return errEINVAL + case ENOENT: + return errENOENT + */ + } + if ZosTraceLevel > 0 { + var name string + if reg == nil { + reg = regexp.MustCompile("(^unix\\.[^/]+$|.*\\/unix\\.[^/]+$)") + } + i := 1 + pc, file, line, ok := runtime.Caller(i) + if ok { + name = runtime.FuncForPC(pc).Name() + } + for ok && reg.MatchString(runtime.FuncForPC(pc).Name()) { + i += 1 + pc, file, line, ok = runtime.Caller(i) + } + if ok { + if ZosTracefile == nil { + ZosConsolePrintf("From %s:%d\n", file, line) + ZosConsolePrintf("%s: %s (errno2=0x%x)\n", name, e.Error(), e2) + } else { + fmt.Fprintf(ZosTracefile, "From %s:%d\n", file, line) + fmt.Fprintf(ZosTracefile, "%s: %s (errno2=0x%x)\n", name, e.Error(), e2) + } + } else { + if ZosTracefile == nil { + ZosConsolePrintf("%s (errno2=0x%x)\n", e.Error(), e2) + } else { + fmt.Fprintf(ZosTracefile, "%s (errno2=0x%x)\n", e.Error(), e2) + } + } + } + return e +} + // ErrnoName returns the error name for error number e. func ErrnoName(e Errno) string { i := sort.Search(len(errorList), func(i int) bool { @@ -1474,6 +2419,9 @@ func (m *mmapper) Mmap(fd int, offset int64, length int, prot int, flags int) (d return nil, EINVAL } + // Set __MAP_64 by default + flags |= __MAP_64 + // Map the requested memory. addr, errno := m.mmap(0, uintptr(length), prot, flags, fd, offset) if errno != nil { @@ -1520,14 +2468,6 @@ func (m *mmapper) Munmap(data []byte) (err error) { return nil } -func Mmap(fd int, offset int64, length int, prot int, flags int) (data []byte, err error) { - return mapper.Mmap(fd, offset, length, prot, flags) -} - -func Munmap(b []byte) (err error) { - return mapper.Munmap(b) -} - func Read(fd int, p []byte) (n int, err error) { n, err = read(fd, p) if raceenabled { @@ -1786,83 +2726,170 @@ func Exec(argv0 string, argv []string, envv []string) error { return syscall.Exec(argv0, argv, envv) } -func Mount(source string, target string, fstype string, flags uintptr, data string) (err error) { +func Getag(path string) (ccsid uint16, flag uint16, err error) { + var val [8]byte + sz, err := Getxattr(path, "ccsid", val[:]) + if err != nil { + return + } + ccsid = uint16(EncodeData(val[0:sz])) + sz, err = Getxattr(path, "flags", val[:]) + if err != nil { + return + } + flag = uint16(EncodeData(val[0:sz]) >> 15) + return +} + +// Mount begin +func impl_Mount(source string, target string, fstype string, flags uintptr, data string) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(source) + if err != nil { + return + } + var _p1 *byte + _p1, err = BytePtrFromString(target) + if err != nil { + return + } + var _p2 *byte + _p2, err = BytePtrFromString(fstype) + if err != nil { + return + } + var _p3 *byte + _p3, err = BytePtrFromString(data) + if err != nil { + return + } + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___MOUNT1_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(unsafe.Pointer(_p2)), uintptr(flags), uintptr(unsafe.Pointer(_p3))) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +//go:nosplit +func get_MountAddr() *(func(source string, target string, fstype string, flags uintptr, data string) (err error)) + +var Mount = enter_Mount + +func enter_Mount(source string, target string, fstype string, flags uintptr, data string) (err error) { + funcref := get_MountAddr() + if validMount() { + *funcref = impl_Mount + } else { + *funcref = legacyMount + } + return (*funcref)(source, target, fstype, flags, data) +} + +func legacyMount(source string, target string, fstype string, flags uintptr, data string) (err error) { if needspace := 8 - len(fstype); needspace <= 0 { - fstype = fstype[:8] + fstype = fstype[0:8] } else { - fstype += " "[:needspace] + fstype += " "[0:needspace] } return mount_LE(target, source, fstype, uint32(flags), int32(len(data)), data) } -func Unmount(name string, mtm int) (err error) { +func validMount() bool { + if funcptrtest(GetZosLibVec()+SYS___MOUNT1_A<<4, "") == 0 { + if name, err := getLeFuncName(GetZosLibVec() + SYS___MOUNT1_A<<4); err == nil { + return name == "__mount1_a" + } + } + return false +} + +// Mount end + +// Unmount begin +func impl_Unmount(target string, flags int) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(target) + if err != nil { + return + } + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___UMOUNT2_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(flags)) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +//go:nosplit +func get_UnmountAddr() *(func(target string, flags int) (err error)) + +var Unmount = enter_Unmount + +func enter_Unmount(target string, flags int) (err error) { + funcref := get_UnmountAddr() + if funcptrtest(GetZosLibVec()+SYS___UMOUNT2_A<<4, "") == 0 { + *funcref = impl_Unmount + } else { + *funcref = legacyUnmount + } + return (*funcref)(target, flags) +} + +func legacyUnmount(name string, mtm int) (err error) { // mountpoint is always a full path and starts with a '/' // check if input string is not a mountpoint but a filesystem name if name[0] != '/' { - return unmount(name, mtm) + return unmount_LE(name, mtm) } // treat name as mountpoint b2s := func(arr []byte) string { - nulli := bytes.IndexByte(arr, 0) - if nulli == -1 { - return string(arr) - } else { - return string(arr[:nulli]) + var str string + for i := 0; i < len(arr); i++ { + if arr[i] == 0 { + str = string(arr[:i]) + break + } } + return str } var buffer struct { header W_Mnth fsinfo [64]W_Mntent } - fsCount, err := W_Getmntent_A((*byte)(unsafe.Pointer(&buffer)), int(unsafe.Sizeof(buffer))) - if err != nil { - return err - } - if fsCount == 0 { - return EINVAL - } - for i := 0; i < fsCount; i++ { - if b2s(buffer.fsinfo[i].Mountpoint[:]) == name { - err = unmount(b2s(buffer.fsinfo[i].Fsname[:]), mtm) - break + fs_count, err := W_Getmntent_A((*byte)(unsafe.Pointer(&buffer)), int(unsafe.Sizeof(buffer))) + if err == nil { + err = EINVAL + for i := 0; i < fs_count; i++ { + if b2s(buffer.fsinfo[i].Mountpoint[:]) == name { + err = unmount_LE(b2s(buffer.fsinfo[i].Fsname[:]), mtm) + break + } } + } else if fs_count == 0 { + err = EINVAL } return err } -func fdToPath(dirfd int) (path string, err error) { - var buffer [1024]byte - // w_ctrl() - ret := runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS_W_IOCTL<<4, - []uintptr{uintptr(dirfd), 17, 1024, uintptr(unsafe.Pointer(&buffer[0]))}) - if ret == 0 { - zb := bytes.IndexByte(buffer[:], 0) - if zb == -1 { - zb = len(buffer) - } - // __e2a_l() - runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS___E2A_L<<4, - []uintptr{uintptr(unsafe.Pointer(&buffer[0])), uintptr(zb)}) - return string(buffer[:zb]), nil - } - // __errno() - errno := int(*(*int32)(unsafe.Pointer(runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS___ERRNO<<4, - []uintptr{})))) - // __errno2() - errno2 := int(runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS___ERRNO2<<4, - []uintptr{})) - // strerror_r() - ret = runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS_STRERROR_R<<4, - []uintptr{uintptr(errno), uintptr(unsafe.Pointer(&buffer[0])), 1024}) - if ret == 0 { - zb := bytes.IndexByte(buffer[:], 0) - if zb == -1 { - zb = len(buffer) - } - return "", fmt.Errorf("%s (errno2=0x%x)", buffer[:zb], errno2) - } else { - return "", fmt.Errorf("fdToPath errno %d (errno2=0x%x)", errno, errno2) +// Unmount end + +func direntIno(buf []byte) (uint64, bool) { + return readInt(buf, unsafe.Offsetof(Dirent{}.Ino), unsafe.Sizeof(Dirent{}.Ino)) +} + +func direntReclen(buf []byte) (uint64, bool) { + return readInt(buf, unsafe.Offsetof(Dirent{}.Reclen), unsafe.Sizeof(Dirent{}.Reclen)) +} + +func direntNamlen(buf []byte) (uint64, bool) { + reclen, ok := direntReclen(buf) + if !ok { + return 0, false } + return reclen - uint64(unsafe.Offsetof(Dirent{}.Name)), true } func direntLeToDirentUnix(dirent *direntLE, dir uintptr, path string) (Dirent, error) { @@ -1904,7 +2931,7 @@ func Getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) { } // Get path from fd to avoid unavailable call (fdopendir) - path, err := fdToPath(fd) + path, err := ZosFdToPath(fd) if err != nil { return 0, err } @@ -1918,7 +2945,7 @@ func Getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) { for { var entryLE direntLE var entrypLE *direntLE - e := readdir_r(d, &entryLE, &entrypLE) + e := Readdir_r(d, &entryLE, &entrypLE) if e != nil { return n, e } @@ -1964,23 +2991,127 @@ func Getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) { return n, nil } -func ReadDirent(fd int, buf []byte) (n int, err error) { - var base = (*uintptr)(unsafe.Pointer(new(uint64))) - return Getdirentries(fd, buf, base) +func Err2ad() (eadd *int) { + r0, _, _ := CallLeFuncWithErr(GetZosLibVec() + SYS___ERR2AD<<4) + eadd = (*int)(unsafe.Pointer(r0)) + return } -func direntIno(buf []byte) (uint64, bool) { - return readInt(buf, unsafe.Offsetof(Dirent{}.Ino), unsafe.Sizeof(Dirent{}.Ino)) +func ZosConsolePrintf(format string, v ...interface{}) (int, error) { + type __cmsg struct { + _ uint16 + _ [2]uint8 + __msg_length uint32 + __msg uintptr + _ [4]uint8 + } + msg := fmt.Sprintf(format, v...) + strptr := unsafe.Pointer((*reflect.StringHeader)(unsafe.Pointer(&msg)).Data) + len := (*reflect.StringHeader)(unsafe.Pointer(&msg)).Len + cmsg := __cmsg{__msg_length: uint32(len), __msg: uintptr(strptr)} + cmd := uint32(0) + runtime.EnterSyscall() + rc, err2, err1 := CallLeFuncWithErr(GetZosLibVec()+SYS_____CONSOLE_A<<4, uintptr(unsafe.Pointer(&cmsg)), 0, uintptr(unsafe.Pointer(&cmd))) + runtime.ExitSyscall() + if rc != 0 { + return 0, fmt.Errorf("%s (errno2=0x%x)\n", err1.Error(), err2) + } + return 0, nil +} +func ZosStringToEbcdicBytes(str string, nullterm bool) (ebcdicBytes []byte) { + if nullterm { + ebcdicBytes = []byte(str + "\x00") + } else { + ebcdicBytes = []byte(str) + } + A2e(ebcdicBytes) + return +} +func ZosEbcdicBytesToString(b []byte, trimRight bool) (str string) { + res := make([]byte, len(b)) + copy(res, b) + E2a(res) + if trimRight { + str = string(bytes.TrimRight(res, " \x00")) + } else { + str = string(res) + } + return } -func direntReclen(buf []byte) (uint64, bool) { - return readInt(buf, unsafe.Offsetof(Dirent{}.Reclen), unsafe.Sizeof(Dirent{}.Reclen)) +func fdToPath(dirfd int) (path string, err error) { + var buffer [1024]byte + // w_ctrl() + ret := runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS_W_IOCTL<<4, + []uintptr{uintptr(dirfd), 17, 1024, uintptr(unsafe.Pointer(&buffer[0]))}) + if ret == 0 { + zb := bytes.IndexByte(buffer[:], 0) + if zb == -1 { + zb = len(buffer) + } + // __e2a_l() + runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS___E2A_L<<4, + []uintptr{uintptr(unsafe.Pointer(&buffer[0])), uintptr(zb)}) + return string(buffer[:zb]), nil + } + // __errno() + errno := int(*(*int32)(unsafe.Pointer(runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS___ERRNO<<4, + []uintptr{})))) + // __errno2() + errno2 := int(runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS___ERRNO2<<4, + []uintptr{})) + // strerror_r() + ret = runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS_STRERROR_R<<4, + []uintptr{uintptr(errno), uintptr(unsafe.Pointer(&buffer[0])), 1024}) + if ret == 0 { + zb := bytes.IndexByte(buffer[:], 0) + if zb == -1 { + zb = len(buffer) + } + return "", fmt.Errorf("%s (errno2=0x%x)", buffer[:zb], errno2) + } else { + return "", fmt.Errorf("fdToPath errno %d (errno2=0x%x)", errno, errno2) + } } -func direntNamlen(buf []byte) (uint64, bool) { - reclen, ok := direntReclen(buf) - if !ok { - return 0, false +func impl_Mkfifoat(dirfd int, path string, mode uint32) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return } - return reclen - uint64(unsafe.Offsetof(Dirent{}.Name)), true + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___MKFIFOAT_A<<4, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode)) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +//go:nosplit +func get_MkfifoatAddr() *(func(dirfd int, path string, mode uint32) (err error)) + +var Mkfifoat = enter_Mkfifoat + +func enter_Mkfifoat(dirfd int, path string, mode uint32) (err error) { + funcref := get_MkfifoatAddr() + if funcptrtest(GetZosLibVec()+SYS___MKFIFOAT_A<<4, "") == 0 { + *funcref = impl_Mkfifoat + } else { + *funcref = legacy_Mkfifoat + } + return (*funcref)(dirfd, path, mode) +} + +func legacy_Mkfifoat(dirfd int, path string, mode uint32) (err error) { + dirname, err := ZosFdToPath(dirfd) + if err != nil { + return err + } + return Mkfifo(dirname+"/"+path, mode) } + +//sys Posix_openpt(oflag int) (fd int, err error) = SYS_POSIX_OPENPT +//sys Grantpt(fildes int) (rc int, err error) = SYS_GRANTPT +//sys Unlockpt(fildes int) (rc int, err error) = SYS_UNLOCKPT diff --git a/vendor/golang.org/x/sys/unix/sysvshm_unix.go b/vendor/golang.org/x/sys/unix/sysvshm_unix.go index 79a84f18b46..672d6b0a880 100644 --- a/vendor/golang.org/x/sys/unix/sysvshm_unix.go +++ b/vendor/golang.org/x/sys/unix/sysvshm_unix.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build (darwin && !ios) || linux +//go:build (darwin && !ios) || linux || zos package unix diff --git a/vendor/golang.org/x/sys/unix/sysvshm_unix_other.go b/vendor/golang.org/x/sys/unix/sysvshm_unix_other.go index 9eb0db664cb..8b7977a28c0 100644 --- a/vendor/golang.org/x/sys/unix/sysvshm_unix_other.go +++ b/vendor/golang.org/x/sys/unix/sysvshm_unix_other.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build darwin && !ios +//go:build (darwin && !ios) || zos package unix diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux.go b/vendor/golang.org/x/sys/unix/zerrors_linux.go index 36bf8399f4f..877a62b479a 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux.go @@ -491,6 +491,7 @@ const ( BPF_F_REPLACE = 0x4 BPF_F_SLEEPABLE = 0x10 BPF_F_STRICT_ALIGNMENT = 0x1 + BPF_F_TEST_REG_INVARIANTS = 0x80 BPF_F_TEST_RND_HI32 = 0x4 BPF_F_TEST_RUN_ON_CPU = 0x1 BPF_F_TEST_STATE_FREQ = 0x8 @@ -501,6 +502,7 @@ const ( BPF_IMM = 0x0 BPF_IND = 0x40 BPF_JA = 0x0 + BPF_JCOND = 0xe0 BPF_JEQ = 0x10 BPF_JGE = 0x30 BPF_JGT = 0x20 @@ -656,6 +658,9 @@ const ( CAN_NPROTO = 0x8 CAN_RAW = 0x1 CAN_RAW_FILTER_MAX = 0x200 + CAN_RAW_XL_VCID_RX_FILTER = 0x4 + CAN_RAW_XL_VCID_TX_PASS = 0x2 + CAN_RAW_XL_VCID_TX_SET = 0x1 CAN_RTR_FLAG = 0x40000000 CAN_SFF_ID_BITS = 0xb CAN_SFF_MASK = 0x7ff @@ -1338,6 +1343,7 @@ const ( F_OFD_SETLK = 0x25 F_OFD_SETLKW = 0x26 F_OK = 0x0 + F_SEAL_EXEC = 0x20 F_SEAL_FUTURE_WRITE = 0x10 F_SEAL_GROW = 0x4 F_SEAL_SEAL = 0x1 @@ -1626,6 +1632,7 @@ const ( IP_FREEBIND = 0xf IP_HDRINCL = 0x3 IP_IPSEC_POLICY = 0x10 + IP_LOCAL_PORT_RANGE = 0x33 IP_MAXPACKET = 0xffff IP_MAX_MEMBERSHIPS = 0x14 IP_MF = 0x2000 @@ -1652,6 +1659,7 @@ const ( IP_PMTUDISC_OMIT = 0x5 IP_PMTUDISC_PROBE = 0x3 IP_PMTUDISC_WANT = 0x1 + IP_PROTOCOL = 0x34 IP_RECVERR = 0xb IP_RECVERR_RFC4884 = 0x1a IP_RECVFRAGSIZE = 0x19 @@ -1697,6 +1705,7 @@ const ( KEXEC_ARCH_S390 = 0x160000 KEXEC_ARCH_SH = 0x2a0000 KEXEC_ARCH_X86_64 = 0x3e0000 + KEXEC_FILE_DEBUG = 0x8 KEXEC_FILE_NO_INITRAMFS = 0x4 KEXEC_FILE_ON_CRASH = 0x2 KEXEC_FILE_UNLOAD = 0x1 @@ -1898,6 +1907,7 @@ const ( MNT_DETACH = 0x2 MNT_EXPIRE = 0x4 MNT_FORCE = 0x1 + MNT_ID_REQ_SIZE_VER0 = 0x18 MODULE_INIT_COMPRESSED_FILE = 0x4 MODULE_INIT_IGNORE_MODVERSIONS = 0x1 MODULE_INIT_IGNORE_VERMAGIC = 0x2 @@ -2166,7 +2176,7 @@ const ( NFT_SECMARK_CTX_MAXLEN = 0x100 NFT_SET_MAXNAMELEN = 0x100 NFT_SOCKET_MAX = 0x3 - NFT_TABLE_F_MASK = 0x3 + NFT_TABLE_F_MASK = 0x7 NFT_TABLE_MAXNAMELEN = 0x100 NFT_TRACETYPE_MAX = 0x3 NFT_TUNNEL_F_MASK = 0x7 @@ -2302,6 +2312,7 @@ const ( PERF_AUX_FLAG_PARTIAL = 0x4 PERF_AUX_FLAG_PMU_FORMAT_TYPE_MASK = 0xff00 PERF_AUX_FLAG_TRUNCATED = 0x1 + PERF_BRANCH_ENTRY_INFO_BITS_MAX = 0x21 PERF_BR_ARM64_DEBUG_DATA = 0x7 PERF_BR_ARM64_DEBUG_EXIT = 0x5 PERF_BR_ARM64_DEBUG_HALT = 0x4 @@ -2399,6 +2410,7 @@ const ( PERF_RECORD_MISC_USER = 0x2 PERF_SAMPLE_BRANCH_PLM_ALL = 0x7 PERF_SAMPLE_WEIGHT_TYPE = 0x1004000 + PID_FS_MAGIC = 0x50494446 PIPEFS_MAGIC = 0x50495045 PPPIOCGNPMODE = 0xc008744c PPPIOCNEWUNIT = 0xc004743e @@ -2892,8 +2904,9 @@ const ( RWF_APPEND = 0x10 RWF_DSYNC = 0x2 RWF_HIPRI = 0x1 + RWF_NOAPPEND = 0x20 RWF_NOWAIT = 0x8 - RWF_SUPPORTED = 0x1f + RWF_SUPPORTED = 0x3f RWF_SYNC = 0x4 RWF_WRITE_LIFE_NOT_SET = 0x0 SCHED_BATCH = 0x3 @@ -2914,7 +2927,9 @@ const ( SCHED_RESET_ON_FORK = 0x40000000 SCHED_RR = 0x2 SCM_CREDENTIALS = 0x2 + SCM_PIDFD = 0x4 SCM_RIGHTS = 0x1 + SCM_SECURITY = 0x3 SCM_TIMESTAMP = 0x1d SC_LOG_FLUSH = 0x100000 SECCOMP_ADDFD_FLAG_SEND = 0x2 @@ -3047,6 +3062,8 @@ const ( SIOCSMIIREG = 0x8949 SIOCSRARP = 0x8962 SIOCWANDEV = 0x894a + SK_DIAG_BPF_STORAGE_MAX = 0x3 + SK_DIAG_BPF_STORAGE_REQ_MAX = 0x1 SMACK_MAGIC = 0x43415d53 SMART_AUTOSAVE = 0xd2 SMART_AUTO_OFFLINE = 0xdb @@ -3067,6 +3084,8 @@ const ( SOCKFS_MAGIC = 0x534f434b SOCK_BUF_LOCK_MASK = 0x3 SOCK_DCCP = 0x6 + SOCK_DESTROY = 0x15 + SOCK_DIAG_BY_FAMILY = 0x14 SOCK_IOC_TYPE = 0x89 SOCK_PACKET = 0xa SOCK_RAW = 0x3 @@ -3168,6 +3187,7 @@ const ( STATX_GID = 0x10 STATX_INO = 0x100 STATX_MNT_ID = 0x1000 + STATX_MNT_ID_UNIQUE = 0x4000 STATX_MODE = 0x2 STATX_MTIME = 0x40 STATX_NLINK = 0x4 @@ -3255,6 +3275,7 @@ const ( TCP_MAX_WINSHIFT = 0xe TCP_MD5SIG = 0xe TCP_MD5SIG_EXT = 0x20 + TCP_MD5SIG_FLAG_IFINDEX = 0x2 TCP_MD5SIG_FLAG_PREFIX = 0x1 TCP_MD5SIG_MAXKEYLEN = 0x50 TCP_MSS = 0x200 @@ -3562,12 +3583,16 @@ const ( XDP_RX_RING = 0x2 XDP_SHARED_UMEM = 0x1 XDP_STATISTICS = 0x7 + XDP_TXMD_FLAGS_CHECKSUM = 0x2 + XDP_TXMD_FLAGS_TIMESTAMP = 0x1 + XDP_TX_METADATA = 0x2 XDP_TX_RING = 0x3 XDP_UMEM_COMPLETION_RING = 0x6 XDP_UMEM_FILL_RING = 0x5 XDP_UMEM_PGOFF_COMPLETION_RING = 0x180000000 XDP_UMEM_PGOFF_FILL_RING = 0x100000000 XDP_UMEM_REG = 0x4 + XDP_UMEM_TX_SW_CSUM = 0x2 XDP_UMEM_UNALIGNED_CHUNK_FLAG = 0x1 XDP_USE_NEED_WAKEUP = 0x8 XDP_USE_SG = 0x10 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go index 42ff8c3c1b0..e4bc0bd57c7 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go @@ -118,6 +118,7 @@ const ( IXOFF = 0x1000 IXON = 0x400 MAP_32BIT = 0x40 + MAP_ABOVE4G = 0x80 MAP_ANON = 0x20 MAP_ANONYMOUS = 0x20 MAP_DENYWRITE = 0x800 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go index dca436004fa..689317afdbf 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go @@ -118,6 +118,7 @@ const ( IXOFF = 0x1000 IXON = 0x400 MAP_32BIT = 0x40 + MAP_ABOVE4G = 0x80 MAP_ANON = 0x20 MAP_ANONYMOUS = 0x20 MAP_DENYWRITE = 0x800 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go index d8cae6d1534..14270508b04 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go @@ -87,6 +87,7 @@ const ( FICLONE = 0x40049409 FICLONERANGE = 0x4020940d FLUSHO = 0x1000 + FPMR_MAGIC = 0x46504d52 FPSIMD_MAGIC = 0x46508001 FS_IOC_ENABLE_VERITY = 0x40806685 FS_IOC_GETFLAGS = 0x80086601 diff --git a/vendor/golang.org/x/sys/unix/zerrors_zos_s390x.go b/vendor/golang.org/x/sys/unix/zerrors_zos_s390x.go index 4dfd2e051d3..da08b2ab3d9 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_zos_s390x.go +++ b/vendor/golang.org/x/sys/unix/zerrors_zos_s390x.go @@ -10,41 +10,99 @@ package unix const ( - BRKINT = 0x0001 - CLOCK_MONOTONIC = 0x1 - CLOCK_PROCESS_CPUTIME_ID = 0x2 - CLOCK_REALTIME = 0x0 - CLOCK_THREAD_CPUTIME_ID = 0x3 - CS8 = 0x0030 - CSIZE = 0x0030 - ECHO = 0x00000008 - ECHONL = 0x00000001 - FD_CLOEXEC = 0x01 - FD_CLOFORK = 0x02 - FNDELAY = 0x04 - F_CLOSFD = 9 - F_CONTROL_CVT = 13 - F_DUPFD = 0 - F_DUPFD2 = 8 - F_GETFD = 1 - F_GETFL = 259 - F_GETLK = 5 - F_GETOWN = 10 - F_OK = 0x0 - F_RDLCK = 1 - F_SETFD = 2 - F_SETFL = 4 - F_SETLK = 6 - F_SETLKW = 7 - F_SETOWN = 11 - F_SETTAG = 12 - F_UNLCK = 3 - F_WRLCK = 2 - FSTYPE_ZFS = 0xe9 //"Z" - FSTYPE_HFS = 0xc8 //"H" - FSTYPE_NFS = 0xd5 //"N" - FSTYPE_TFS = 0xe3 //"T" - FSTYPE_AUTOMOUNT = 0xc1 //"A" + BRKINT = 0x0001 + CLOCAL = 0x1 + CLOCK_MONOTONIC = 0x1 + CLOCK_PROCESS_CPUTIME_ID = 0x2 + CLOCK_REALTIME = 0x0 + CLOCK_THREAD_CPUTIME_ID = 0x3 + CLONE_NEWIPC = 0x08000000 + CLONE_NEWNET = 0x40000000 + CLONE_NEWNS = 0x00020000 + CLONE_NEWPID = 0x20000000 + CLONE_NEWUTS = 0x04000000 + CLONE_PARENT = 0x00008000 + CS8 = 0x0030 + CSIZE = 0x0030 + ECHO = 0x00000008 + ECHONL = 0x00000001 + EFD_SEMAPHORE = 0x00002000 + EFD_CLOEXEC = 0x00001000 + EFD_NONBLOCK = 0x00000004 + EPOLL_CLOEXEC = 0x00001000 + EPOLL_CTL_ADD = 0 + EPOLL_CTL_MOD = 1 + EPOLL_CTL_DEL = 2 + EPOLLRDNORM = 0x0001 + EPOLLRDBAND = 0x0002 + EPOLLIN = 0x0003 + EPOLLOUT = 0x0004 + EPOLLWRBAND = 0x0008 + EPOLLPRI = 0x0010 + EPOLLERR = 0x0020 + EPOLLHUP = 0x0040 + EPOLLEXCLUSIVE = 0x20000000 + EPOLLONESHOT = 0x40000000 + FD_CLOEXEC = 0x01 + FD_CLOFORK = 0x02 + FD_SETSIZE = 0x800 + FNDELAY = 0x04 + F_CLOSFD = 9 + F_CONTROL_CVT = 13 + F_DUPFD = 0 + F_DUPFD2 = 8 + F_GETFD = 1 + F_GETFL = 259 + F_GETLK = 5 + F_GETOWN = 10 + F_OK = 0x0 + F_RDLCK = 1 + F_SETFD = 2 + F_SETFL = 4 + F_SETLK = 6 + F_SETLKW = 7 + F_SETOWN = 11 + F_SETTAG = 12 + F_UNLCK = 3 + F_WRLCK = 2 + FSTYPE_ZFS = 0xe9 //"Z" + FSTYPE_HFS = 0xc8 //"H" + FSTYPE_NFS = 0xd5 //"N" + FSTYPE_TFS = 0xe3 //"T" + FSTYPE_AUTOMOUNT = 0xc1 //"A" + GRND_NONBLOCK = 1 + GRND_RANDOM = 2 + HUPCL = 0x0100 // Hang up on last close + IN_CLOEXEC = 0x00001000 + IN_NONBLOCK = 0x00000004 + IN_ACCESS = 0x00000001 + IN_MODIFY = 0x00000002 + IN_ATTRIB = 0x00000004 + IN_CLOSE_WRITE = 0x00000008 + IN_CLOSE_NOWRITE = 0x00000010 + IN_OPEN = 0x00000020 + IN_MOVED_FROM = 0x00000040 + IN_MOVED_TO = 0x00000080 + IN_CREATE = 0x00000100 + IN_DELETE = 0x00000200 + IN_DELETE_SELF = 0x00000400 + IN_MOVE_SELF = 0x00000800 + IN_UNMOUNT = 0x00002000 + IN_Q_OVERFLOW = 0x00004000 + IN_IGNORED = 0x00008000 + IN_CLOSE = (IN_CLOSE_WRITE | IN_CLOSE_NOWRITE) + IN_MOVE = (IN_MOVED_FROM | IN_MOVED_TO) + IN_ALL_EVENTS = (IN_ACCESS | IN_MODIFY | IN_ATTRIB | + IN_CLOSE | IN_OPEN | IN_MOVE | + IN_CREATE | IN_DELETE | IN_DELETE_SELF | + IN_MOVE_SELF) + IN_ONLYDIR = 0x01000000 + IN_DONT_FOLLOW = 0x02000000 + IN_EXCL_UNLINK = 0x04000000 + IN_MASK_CREATE = 0x10000000 + IN_MASK_ADD = 0x20000000 + IN_ISDIR = 0x40000000 + IN_ONESHOT = 0x80000000 IP6F_MORE_FRAG = 0x0001 IP6F_OFF_MASK = 0xfff8 IP6F_RESERVED_MASK = 0x0006 @@ -152,10 +210,18 @@ const ( IP_PKTINFO = 101 IP_RECVPKTINFO = 102 IP_TOS = 2 - IP_TTL = 3 + IP_TTL = 14 IP_UNBLOCK_SOURCE = 11 + ICMP6_FILTER = 1 + MCAST_INCLUDE = 0 + MCAST_EXCLUDE = 1 + MCAST_JOIN_GROUP = 40 + MCAST_LEAVE_GROUP = 41 + MCAST_JOIN_SOURCE_GROUP = 42 + MCAST_LEAVE_SOURCE_GROUP = 43 + MCAST_BLOCK_SOURCE = 44 + MCAST_UNBLOCK_SOURCE = 46 ICANON = 0x0010 - ICMP6_FILTER = 0x26 ICRNL = 0x0002 IEXTEN = 0x0020 IGNBRK = 0x0004 @@ -165,10 +231,10 @@ const ( ISTRIP = 0x0080 IXON = 0x0200 IXOFF = 0x0100 - LOCK_SH = 0x1 // Not exist on zOS - LOCK_EX = 0x2 // Not exist on zOS - LOCK_NB = 0x4 // Not exist on zOS - LOCK_UN = 0x8 // Not exist on zOS + LOCK_SH = 0x1 + LOCK_EX = 0x2 + LOCK_NB = 0x4 + LOCK_UN = 0x8 POLLIN = 0x0003 POLLOUT = 0x0004 POLLPRI = 0x0010 @@ -182,15 +248,29 @@ const ( MAP_PRIVATE = 0x1 // changes are private MAP_SHARED = 0x2 // changes are shared MAP_FIXED = 0x4 // place exactly - MCAST_JOIN_GROUP = 40 - MCAST_LEAVE_GROUP = 41 - MCAST_JOIN_SOURCE_GROUP = 42 - MCAST_LEAVE_SOURCE_GROUP = 43 - MCAST_BLOCK_SOURCE = 44 - MCAST_UNBLOCK_SOURCE = 45 + __MAP_MEGA = 0x8 + __MAP_64 = 0x10 + MAP_ANON = 0x20 + MAP_ANONYMOUS = 0x20 MS_SYNC = 0x1 // msync - synchronous writes MS_ASYNC = 0x2 // asynchronous writes MS_INVALIDATE = 0x4 // invalidate mappings + MS_BIND = 0x00001000 + MS_MOVE = 0x00002000 + MS_NOSUID = 0x00000002 + MS_PRIVATE = 0x00040000 + MS_REC = 0x00004000 + MS_REMOUNT = 0x00008000 + MS_RDONLY = 0x00000001 + MS_UNBINDABLE = 0x00020000 + MNT_DETACH = 0x00000004 + ZOSDSFS_SUPER_MAGIC = 0x44534653 // zOS DSFS + NFS_SUPER_MAGIC = 0x6969 // NFS + NSFS_MAGIC = 0x6e736673 // PROCNS + PROC_SUPER_MAGIC = 0x9fa0 // proc FS + ZOSTFS_SUPER_MAGIC = 0x544653 // zOS TFS + ZOSUFS_SUPER_MAGIC = 0x554653 // zOS UFS + ZOSZFS_SUPER_MAGIC = 0x5A4653 // zOS ZFS MTM_RDONLY = 0x80000000 MTM_RDWR = 0x40000000 MTM_UMOUNT = 0x10000000 @@ -205,13 +285,20 @@ const ( MTM_REMOUNT = 0x00000100 MTM_NOSECURITY = 0x00000080 NFDBITS = 0x20 + ONLRET = 0x0020 // NL performs CR function O_ACCMODE = 0x03 O_APPEND = 0x08 O_ASYNCSIG = 0x0200 O_CREAT = 0x80 + O_DIRECT = 0x00002000 + O_NOFOLLOW = 0x00004000 + O_DIRECTORY = 0x00008000 + O_PATH = 0x00080000 + O_CLOEXEC = 0x00001000 O_EXCL = 0x40 O_GETFL = 0x0F O_LARGEFILE = 0x0400 + O_NDELAY = 0x4 O_NONBLOCK = 0x04 O_RDONLY = 0x02 O_RDWR = 0x03 @@ -248,6 +335,7 @@ const ( AF_IUCV = 17 AF_LAT = 14 AF_LINK = 18 + AF_LOCAL = AF_UNIX // AF_LOCAL is an alias for AF_UNIX AF_MAX = 30 AF_NBS = 7 AF_NDD = 23 @@ -285,15 +373,33 @@ const ( RLIMIT_AS = 5 RLIMIT_NOFILE = 6 RLIMIT_MEMLIMIT = 7 + RLIMIT_MEMLOCK = 0x8 RLIM_INFINITY = 2147483647 + SCHED_FIFO = 0x2 + SCM_CREDENTIALS = 0x2 SCM_RIGHTS = 0x01 SF_CLOSE = 0x00000002 SF_REUSE = 0x00000001 + SHM_RND = 0x2 + SHM_RDONLY = 0x1 + SHMLBA = 0x1000 + IPC_STAT = 0x3 + IPC_SET = 0x2 + IPC_RMID = 0x1 + IPC_PRIVATE = 0x0 + IPC_CREAT = 0x1000000 + __IPC_MEGA = 0x4000000 + __IPC_SHAREAS = 0x20000000 + __IPC_BELOWBAR = 0x10000000 + IPC_EXCL = 0x2000000 + __IPC_GIGA = 0x8000000 SHUT_RD = 0 SHUT_RDWR = 2 SHUT_WR = 1 + SOCK_CLOEXEC = 0x00001000 SOCK_CONN_DGRAM = 6 SOCK_DGRAM = 2 + SOCK_NONBLOCK = 0x800 SOCK_RAW = 3 SOCK_RDM = 4 SOCK_SEQPACKET = 5 @@ -378,8 +484,6 @@ const ( S_IFMST = 0x00FF0000 TCP_KEEPALIVE = 0x8 TCP_NODELAY = 0x1 - TCP_INFO = 0xb - TCP_USER_TIMEOUT = 0x1 TIOCGWINSZ = 0x4008a368 TIOCSWINSZ = 0x8008a367 TIOCSBRK = 0x2000a77b @@ -427,7 +531,10 @@ const ( VSUSP = 9 VTIME = 10 WCONTINUED = 0x4 + WEXITED = 0x8 WNOHANG = 0x1 + WNOWAIT = 0x20 + WSTOPPED = 0x10 WUNTRACED = 0x2 _BPX_SWAP = 1 _BPX_NONSWAP = 2 @@ -452,8 +559,28 @@ const ( MADV_FREE = 15 // for Linux compatibility -- no zos semantics MADV_WIPEONFORK = 16 // for Linux compatibility -- no zos semantics MADV_KEEPONFORK = 17 // for Linux compatibility -- no zos semantics - AT_SYMLINK_NOFOLLOW = 1 // for Unix compatibility -- no zos semantics - AT_FDCWD = 2 // for Unix compatibility -- no zos semantics + AT_SYMLINK_FOLLOW = 0x400 + AT_SYMLINK_NOFOLLOW = 0x100 + XATTR_CREATE = 0x1 + XATTR_REPLACE = 0x2 + P_PID = 0 + P_PGID = 1 + P_ALL = 2 + PR_SET_NAME = 15 + PR_GET_NAME = 16 + PR_SET_NO_NEW_PRIVS = 38 + PR_GET_NO_NEW_PRIVS = 39 + PR_SET_DUMPABLE = 4 + PR_GET_DUMPABLE = 3 + PR_SET_PDEATHSIG = 1 + PR_GET_PDEATHSIG = 2 + PR_SET_CHILD_SUBREAPER = 36 + PR_GET_CHILD_SUBREAPER = 37 + AT_FDCWD = -100 + AT_EACCESS = 0x200 + AT_EMPTY_PATH = 0x1000 + AT_REMOVEDIR = 0x200 + RENAME_NOREPLACE = 1 << 0 ) const ( @@ -476,6 +603,7 @@ const ( EMLINK = Errno(125) ENAMETOOLONG = Errno(126) ENFILE = Errno(127) + ENOATTR = Errno(265) ENODEV = Errno(128) ENOENT = Errno(129) ENOEXEC = Errno(130) @@ -700,7 +828,7 @@ var errorList = [...]struct { {145, "EDC5145I", "The parameter list is too long, or the message to receive was too large for the buffer."}, {146, "EDC5146I", "Too many levels of symbolic links."}, {147, "EDC5147I", "Illegal byte sequence."}, - {148, "", ""}, + {148, "EDC5148I", "The named attribute or data not available."}, {149, "EDC5149I", "Value Overflow Error."}, {150, "EDC5150I", "UNIX System Services is not active."}, {151, "EDC5151I", "Dynamic allocation error."}, @@ -743,6 +871,7 @@ var errorList = [...]struct { {259, "EDC5259I", "A CUN_RS_NO_CONVERSION error was issued by Unicode Services."}, {260, "EDC5260I", "A CUN_RS_TABLE_NOT_ALIGNED error was issued by Unicode Services."}, {262, "EDC5262I", "An iconv() function encountered an unexpected error while using Unicode Services."}, + {265, "EDC5265I", "The named attribute not available."}, {1000, "EDC8000I", "A bad socket-call constant was found in the IUCV header."}, {1001, "EDC8001I", "An error was found in the IUCV header."}, {1002, "EDC8002I", "A socket descriptor is out of range."}, diff --git a/vendor/golang.org/x/sys/unix/zsymaddr_zos_s390x.s b/vendor/golang.org/x/sys/unix/zsymaddr_zos_s390x.s new file mode 100644 index 00000000000..b77ff5db90d --- /dev/null +++ b/vendor/golang.org/x/sys/unix/zsymaddr_zos_s390x.s @@ -0,0 +1,364 @@ +// go run mksyscall_zos_s390x.go -o_sysnum zsysnum_zos_s390x.go -o_syscall zsyscall_zos_s390x.go -i_syscall syscall_zos_s390x.go -o_asm zsymaddr_zos_s390x.s +// Code generated by the command above; see README.md. DO NOT EDIT. + +//go:build zos && s390x +#include "textflag.h" + +// provide the address of function variable to be fixed up. + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +TEXT ·get_FlistxattrAddr(SB), NOSPLIT|NOFRAME, $0-8 + MOVD $·Flistxattr(SB), R8 + MOVD R8, ret+0(FP) + RET + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +TEXT ·get_FremovexattrAddr(SB), NOSPLIT|NOFRAME, $0-8 + MOVD $·Fremovexattr(SB), R8 + MOVD R8, ret+0(FP) + RET + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +TEXT ·get_FgetxattrAddr(SB), NOSPLIT|NOFRAME, $0-8 + MOVD $·Fgetxattr(SB), R8 + MOVD R8, ret+0(FP) + RET + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +TEXT ·get_FsetxattrAddr(SB), NOSPLIT|NOFRAME, $0-8 + MOVD $·Fsetxattr(SB), R8 + MOVD R8, ret+0(FP) + RET + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +TEXT ·get_accept4Addr(SB), NOSPLIT|NOFRAME, $0-8 + MOVD $·accept4(SB), R8 + MOVD R8, ret+0(FP) + RET + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +TEXT ·get_RemovexattrAddr(SB), NOSPLIT|NOFRAME, $0-8 + MOVD $·Removexattr(SB), R8 + MOVD R8, ret+0(FP) + RET + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +TEXT ·get_Dup3Addr(SB), NOSPLIT|NOFRAME, $0-8 + MOVD $·Dup3(SB), R8 + MOVD R8, ret+0(FP) + RET + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +TEXT ·get_DirfdAddr(SB), NOSPLIT|NOFRAME, $0-8 + MOVD $·Dirfd(SB), R8 + MOVD R8, ret+0(FP) + RET + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +TEXT ·get_EpollCreateAddr(SB), NOSPLIT|NOFRAME, $0-8 + MOVD $·EpollCreate(SB), R8 + MOVD R8, ret+0(FP) + RET + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +TEXT ·get_EpollCreate1Addr(SB), NOSPLIT|NOFRAME, $0-8 + MOVD $·EpollCreate1(SB), R8 + MOVD R8, ret+0(FP) + RET + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +TEXT ·get_EpollCtlAddr(SB), NOSPLIT|NOFRAME, $0-8 + MOVD $·EpollCtl(SB), R8 + MOVD R8, ret+0(FP) + RET + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +TEXT ·get_EpollPwaitAddr(SB), NOSPLIT|NOFRAME, $0-8 + MOVD $·EpollPwait(SB), R8 + MOVD R8, ret+0(FP) + RET + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +TEXT ·get_EpollWaitAddr(SB), NOSPLIT|NOFRAME, $0-8 + MOVD $·EpollWait(SB), R8 + MOVD R8, ret+0(FP) + RET + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +TEXT ·get_EventfdAddr(SB), NOSPLIT|NOFRAME, $0-8 + MOVD $·Eventfd(SB), R8 + MOVD R8, ret+0(FP) + RET + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +TEXT ·get_FaccessatAddr(SB), NOSPLIT|NOFRAME, $0-8 + MOVD $·Faccessat(SB), R8 + MOVD R8, ret+0(FP) + RET + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +TEXT ·get_FchmodatAddr(SB), NOSPLIT|NOFRAME, $0-8 + MOVD $·Fchmodat(SB), R8 + MOVD R8, ret+0(FP) + RET + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +TEXT ·get_FchownatAddr(SB), NOSPLIT|NOFRAME, $0-8 + MOVD $·Fchownat(SB), R8 + MOVD R8, ret+0(FP) + RET + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +TEXT ·get_FdatasyncAddr(SB), NOSPLIT|NOFRAME, $0-8 + MOVD $·Fdatasync(SB), R8 + MOVD R8, ret+0(FP) + RET + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +TEXT ·get_fstatatAddr(SB), NOSPLIT|NOFRAME, $0-8 + MOVD $·fstatat(SB), R8 + MOVD R8, ret+0(FP) + RET + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +TEXT ·get_LgetxattrAddr(SB), NOSPLIT|NOFRAME, $0-8 + MOVD $·Lgetxattr(SB), R8 + MOVD R8, ret+0(FP) + RET + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +TEXT ·get_LsetxattrAddr(SB), NOSPLIT|NOFRAME, $0-8 + MOVD $·Lsetxattr(SB), R8 + MOVD R8, ret+0(FP) + RET + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +TEXT ·get_FstatfsAddr(SB), NOSPLIT|NOFRAME, $0-8 + MOVD $·Fstatfs(SB), R8 + MOVD R8, ret+0(FP) + RET + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +TEXT ·get_FutimesAddr(SB), NOSPLIT|NOFRAME, $0-8 + MOVD $·Futimes(SB), R8 + MOVD R8, ret+0(FP) + RET + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +TEXT ·get_FutimesatAddr(SB), NOSPLIT|NOFRAME, $0-8 + MOVD $·Futimesat(SB), R8 + MOVD R8, ret+0(FP) + RET + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +TEXT ·get_GetrandomAddr(SB), NOSPLIT|NOFRAME, $0-8 + MOVD $·Getrandom(SB), R8 + MOVD R8, ret+0(FP) + RET + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +TEXT ·get_InotifyInitAddr(SB), NOSPLIT|NOFRAME, $0-8 + MOVD $·InotifyInit(SB), R8 + MOVD R8, ret+0(FP) + RET + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +TEXT ·get_InotifyInit1Addr(SB), NOSPLIT|NOFRAME, $0-8 + MOVD $·InotifyInit1(SB), R8 + MOVD R8, ret+0(FP) + RET + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +TEXT ·get_InotifyAddWatchAddr(SB), NOSPLIT|NOFRAME, $0-8 + MOVD $·InotifyAddWatch(SB), R8 + MOVD R8, ret+0(FP) + RET + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +TEXT ·get_InotifyRmWatchAddr(SB), NOSPLIT|NOFRAME, $0-8 + MOVD $·InotifyRmWatch(SB), R8 + MOVD R8, ret+0(FP) + RET + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +TEXT ·get_ListxattrAddr(SB), NOSPLIT|NOFRAME, $0-8 + MOVD $·Listxattr(SB), R8 + MOVD R8, ret+0(FP) + RET + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +TEXT ·get_LlistxattrAddr(SB), NOSPLIT|NOFRAME, $0-8 + MOVD $·Llistxattr(SB), R8 + MOVD R8, ret+0(FP) + RET + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +TEXT ·get_LremovexattrAddr(SB), NOSPLIT|NOFRAME, $0-8 + MOVD $·Lremovexattr(SB), R8 + MOVD R8, ret+0(FP) + RET + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +TEXT ·get_LutimesAddr(SB), NOSPLIT|NOFRAME, $0-8 + MOVD $·Lutimes(SB), R8 + MOVD R8, ret+0(FP) + RET + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +TEXT ·get_StatfsAddr(SB), NOSPLIT|NOFRAME, $0-8 + MOVD $·Statfs(SB), R8 + MOVD R8, ret+0(FP) + RET + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +TEXT ·get_SyncfsAddr(SB), NOSPLIT|NOFRAME, $0-8 + MOVD $·Syncfs(SB), R8 + MOVD R8, ret+0(FP) + RET + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +TEXT ·get_UnshareAddr(SB), NOSPLIT|NOFRAME, $0-8 + MOVD $·Unshare(SB), R8 + MOVD R8, ret+0(FP) + RET + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +TEXT ·get_LinkatAddr(SB), NOSPLIT|NOFRAME, $0-8 + MOVD $·Linkat(SB), R8 + MOVD R8, ret+0(FP) + RET + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +TEXT ·get_MkdiratAddr(SB), NOSPLIT|NOFRAME, $0-8 + MOVD $·Mkdirat(SB), R8 + MOVD R8, ret+0(FP) + RET + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +TEXT ·get_MknodatAddr(SB), NOSPLIT|NOFRAME, $0-8 + MOVD $·Mknodat(SB), R8 + MOVD R8, ret+0(FP) + RET + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +TEXT ·get_PivotRootAddr(SB), NOSPLIT|NOFRAME, $0-8 + MOVD $·PivotRoot(SB), R8 + MOVD R8, ret+0(FP) + RET + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +TEXT ·get_PrctlAddr(SB), NOSPLIT|NOFRAME, $0-8 + MOVD $·Prctl(SB), R8 + MOVD R8, ret+0(FP) + RET + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +TEXT ·get_PrlimitAddr(SB), NOSPLIT|NOFRAME, $0-8 + MOVD $·Prlimit(SB), R8 + MOVD R8, ret+0(FP) + RET + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +TEXT ·get_RenameatAddr(SB), NOSPLIT|NOFRAME, $0-8 + MOVD $·Renameat(SB), R8 + MOVD R8, ret+0(FP) + RET + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +TEXT ·get_Renameat2Addr(SB), NOSPLIT|NOFRAME, $0-8 + MOVD $·Renameat2(SB), R8 + MOVD R8, ret+0(FP) + RET + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +TEXT ·get_SethostnameAddr(SB), NOSPLIT|NOFRAME, $0-8 + MOVD $·Sethostname(SB), R8 + MOVD R8, ret+0(FP) + RET + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +TEXT ·get_SetnsAddr(SB), NOSPLIT|NOFRAME, $0-8 + MOVD $·Setns(SB), R8 + MOVD R8, ret+0(FP) + RET + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +TEXT ·get_SymlinkatAddr(SB), NOSPLIT|NOFRAME, $0-8 + MOVD $·Symlinkat(SB), R8 + MOVD R8, ret+0(FP) + RET + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +TEXT ·get_UnlinkatAddr(SB), NOSPLIT|NOFRAME, $0-8 + MOVD $·Unlinkat(SB), R8 + MOVD R8, ret+0(FP) + RET + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +TEXT ·get_openatAddr(SB), NOSPLIT|NOFRAME, $0-8 + MOVD $·openat(SB), R8 + MOVD R8, ret+0(FP) + RET + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +TEXT ·get_openat2Addr(SB), NOSPLIT|NOFRAME, $0-8 + MOVD $·openat2(SB), R8 + MOVD R8, ret+0(FP) + RET + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +TEXT ·get_utimensatAddr(SB), NOSPLIT|NOFRAME, $0-8 + MOVD $·utimensat(SB), R8 + MOVD R8, ret+0(FP) + RET diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go index ccb02f240a4..07642c308d3 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go @@ -760,6 +760,39 @@ var libc_sysctl_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func pthread_chdir_np(path string) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := syscall_syscall(libc_pthread_chdir_np_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_pthread_chdir_np_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_pthread_chdir_np pthread_chdir_np "/usr/lib/libSystem.B.dylib" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func pthread_fchdir_np(fd int) (err error) { + _, _, e1 := syscall_syscall(libc_pthread_fchdir_np_trampoline_addr, uintptr(fd), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_pthread_fchdir_np_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_pthread_fchdir_np pthread_fchdir_np "/usr/lib/libSystem.B.dylib" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func sendfile(infd int, outfd int, offset int64, len *int64, hdtr unsafe.Pointer, flags int) (err error) { _, _, e1 := syscall_syscall6(libc_sendfile_trampoline_addr, uintptr(infd), uintptr(outfd), uintptr(offset), uintptr(unsafe.Pointer(len)), uintptr(hdtr), uintptr(flags)) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s index 8b8bb284028..923e08cb792 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s +++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s @@ -228,6 +228,16 @@ TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0 GLOBL ·libc_sysctl_trampoline_addr(SB), RODATA, $8 DATA ·libc_sysctl_trampoline_addr(SB)/8, $libc_sysctl_trampoline<>(SB) +TEXT libc_pthread_chdir_np_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_pthread_chdir_np(SB) +GLOBL ·libc_pthread_chdir_np_trampoline_addr(SB), RODATA, $8 +DATA ·libc_pthread_chdir_np_trampoline_addr(SB)/8, $libc_pthread_chdir_np_trampoline<>(SB) + +TEXT libc_pthread_fchdir_np_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_pthread_fchdir_np(SB) +GLOBL ·libc_pthread_fchdir_np_trampoline_addr(SB), RODATA, $8 +DATA ·libc_pthread_fchdir_np_trampoline_addr(SB)/8, $libc_pthread_fchdir_np_trampoline<>(SB) + TEXT libc_sendfile_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_sendfile(SB) GLOBL ·libc_sendfile_trampoline_addr(SB), RODATA, $8 diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go index 1b40b997b52..7d73dda6473 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go @@ -760,6 +760,39 @@ var libc_sysctl_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func pthread_chdir_np(path string) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := syscall_syscall(libc_pthread_chdir_np_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_pthread_chdir_np_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_pthread_chdir_np pthread_chdir_np "/usr/lib/libSystem.B.dylib" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func pthread_fchdir_np(fd int) (err error) { + _, _, e1 := syscall_syscall(libc_pthread_fchdir_np_trampoline_addr, uintptr(fd), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_pthread_fchdir_np_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_pthread_fchdir_np pthread_fchdir_np "/usr/lib/libSystem.B.dylib" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func sendfile(infd int, outfd int, offset int64, len *int64, hdtr unsafe.Pointer, flags int) (err error) { _, _, e1 := syscall_syscall6(libc_sendfile_trampoline_addr, uintptr(infd), uintptr(outfd), uintptr(offset), uintptr(unsafe.Pointer(len)), uintptr(hdtr), uintptr(flags)) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s index 08362c1ab74..057700111e7 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s +++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s @@ -228,6 +228,16 @@ TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0 GLOBL ·libc_sysctl_trampoline_addr(SB), RODATA, $8 DATA ·libc_sysctl_trampoline_addr(SB)/8, $libc_sysctl_trampoline<>(SB) +TEXT libc_pthread_chdir_np_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_pthread_chdir_np(SB) +GLOBL ·libc_pthread_chdir_np_trampoline_addr(SB), RODATA, $8 +DATA ·libc_pthread_chdir_np_trampoline_addr(SB)/8, $libc_pthread_chdir_np_trampoline<>(SB) + +TEXT libc_pthread_fchdir_np_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_pthread_fchdir_np(SB) +GLOBL ·libc_pthread_fchdir_np_trampoline_addr(SB), RODATA, $8 +DATA ·libc_pthread_fchdir_np_trampoline_addr(SB)/8, $libc_pthread_fchdir_np_trampoline<>(SB) + TEXT libc_sendfile_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_sendfile(SB) GLOBL ·libc_sendfile_trampoline_addr(SB), RODATA, $8 diff --git a/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go b/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go index 94f01123831..7ccf66b7ee0 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go @@ -1,4 +1,4 @@ -// go run mksyscall.go -tags zos,s390x syscall_zos_s390x.go +// go run mksyscall_zos_s390x.go -o_sysnum zsysnum_zos_s390x.go -o_syscall zsyscall_zos_s390x.go -i_syscall syscall_zos_s390x.go -o_asm zsymaddr_zos_s390x.s // Code generated by the command above; see README.md. DO NOT EDIT. //go:build zos && s390x @@ -6,17 +6,100 @@ package unix import ( + "runtime" + "syscall" "unsafe" ) +var _ syscall.Errno + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func fcntl(fd int, cmd int, arg int) (val int, err error) { - r0, _, e1 := syscall_syscall(SYS_FCNTL, uintptr(fd), uintptr(cmd), uintptr(arg)) + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_FCNTL<<4, uintptr(fd), uintptr(cmd), uintptr(arg)) + runtime.ExitSyscall() val = int(r0) - if e1 != 0 { - err = errnoErr(e1) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func impl_Flistxattr(fd int, dest []byte) (sz int, err error) { + var _p0 unsafe.Pointer + if len(dest) > 0 { + _p0 = unsafe.Pointer(&dest[0]) + } else { + _p0 = unsafe.Pointer(&_zero) + } + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___FLISTXATTR_A<<4, uintptr(fd), uintptr(_p0), uintptr(len(dest))) + runtime.ExitSyscall() + sz = int(r0) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +//go:nosplit +func get_FlistxattrAddr() *(func(fd int, dest []byte) (sz int, err error)) + +var Flistxattr = enter_Flistxattr + +func enter_Flistxattr(fd int, dest []byte) (sz int, err error) { + funcref := get_FlistxattrAddr() + if funcptrtest(GetZosLibVec()+SYS___FLISTXATTR_A<<4, "") == 0 { + *funcref = impl_Flistxattr + } else { + *funcref = error_Flistxattr + } + return (*funcref)(fd, dest) +} + +func error_Flistxattr(fd int, dest []byte) (sz int, err error) { + sz = -1 + err = ENOSYS + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func impl_Fremovexattr(fd int, attr string) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(attr) + if err != nil { + return + } + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___FREMOVEXATTR_A<<4, uintptr(fd), uintptr(unsafe.Pointer(_p0))) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +//go:nosplit +func get_FremovexattrAddr() *(func(fd int, attr string) (err error)) + +var Fremovexattr = enter_Fremovexattr + +func enter_Fremovexattr(fd int, attr string) (err error) { + funcref := get_FremovexattrAddr() + if funcptrtest(GetZosLibVec()+SYS___FREMOVEXATTR_A<<4, "") == 0 { + *funcref = impl_Fremovexattr + } else { + *funcref = error_Fremovexattr } + return (*funcref)(fd, attr) +} + +func error_Fremovexattr(fd int, attr string) (err error) { + err = ENOSYS return } @@ -29,10 +112,12 @@ func read(fd int, p []byte) (n int, err error) { } else { _p0 = unsafe.Pointer(&_zero) } - r0, _, e1 := syscall_syscall(SYS_READ, uintptr(fd), uintptr(_p0), uintptr(len(p))) + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_READ<<4, uintptr(fd), uintptr(_p0), uintptr(len(p))) + runtime.ExitSyscall() n = int(r0) - if e1 != 0 { - err = errnoErr(e1) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) } return } @@ -46,31 +131,159 @@ func write(fd int, p []byte) (n int, err error) { } else { _p0 = unsafe.Pointer(&_zero) } - r0, _, e1 := syscall_syscall(SYS_WRITE, uintptr(fd), uintptr(_p0), uintptr(len(p))) + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_WRITE<<4, uintptr(fd), uintptr(_p0), uintptr(len(p))) + runtime.ExitSyscall() n = int(r0) - if e1 != 0 { - err = errnoErr(e1) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func impl_Fgetxattr(fd int, attr string, dest []byte) (sz int, err error) { + var _p0 *byte + _p0, err = BytePtrFromString(attr) + if err != nil { + return + } + var _p1 unsafe.Pointer + if len(dest) > 0 { + _p1 = unsafe.Pointer(&dest[0]) + } else { + _p1 = unsafe.Pointer(&_zero) + } + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___FGETXATTR_A<<4, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(dest))) + runtime.ExitSyscall() + sz = int(r0) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +//go:nosplit +func get_FgetxattrAddr() *(func(fd int, attr string, dest []byte) (sz int, err error)) + +var Fgetxattr = enter_Fgetxattr + +func enter_Fgetxattr(fd int, attr string, dest []byte) (sz int, err error) { + funcref := get_FgetxattrAddr() + if funcptrtest(GetZosLibVec()+SYS___FGETXATTR_A<<4, "") == 0 { + *funcref = impl_Fgetxattr + } else { + *funcref = error_Fgetxattr + } + return (*funcref)(fd, attr, dest) +} + +func error_Fgetxattr(fd int, attr string, dest []byte) (sz int, err error) { + sz = -1 + err = ENOSYS + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func impl_Fsetxattr(fd int, attr string, data []byte, flag int) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(attr) + if err != nil { + return + } + var _p1 unsafe.Pointer + if len(data) > 0 { + _p1 = unsafe.Pointer(&data[0]) + } else { + _p1 = unsafe.Pointer(&_zero) + } + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___FSETXATTR_A<<4, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(data)), uintptr(flag)) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +//go:nosplit +func get_FsetxattrAddr() *(func(fd int, attr string, data []byte, flag int) (err error)) + +var Fsetxattr = enter_Fsetxattr + +func enter_Fsetxattr(fd int, attr string, data []byte, flag int) (err error) { + funcref := get_FsetxattrAddr() + if funcptrtest(GetZosLibVec()+SYS___FSETXATTR_A<<4, "") == 0 { + *funcref = impl_Fsetxattr + } else { + *funcref = error_Fsetxattr } + return (*funcref)(fd, attr, data, flag) +} + +func error_Fsetxattr(fd int, attr string, data []byte, flag int) (err error) { + err = ENOSYS return } // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) { - r0, _, e1 := syscall_syscall(SYS___ACCEPT_A, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___ACCEPT_A<<4, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) + runtime.ExitSyscall() + fd = int(r0) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func impl_accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) { + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___ACCEPT4_A<<4, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags)) + runtime.ExitSyscall() fd = int(r0) - if e1 != 0 { - err = errnoErr(e1) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +//go:nosplit +func get_accept4Addr() *(func(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error)) + +var accept4 = enter_accept4 + +func enter_accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) { + funcref := get_accept4Addr() + if funcptrtest(GetZosLibVec()+SYS___ACCEPT4_A<<4, "") == 0 { + *funcref = impl_accept4 + } else { + *funcref = error_accept4 } + return (*funcref)(s, rsa, addrlen, flags) +} + +func error_accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) { + fd = -1 + err = ENOSYS return } // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) { - _, _, e1 := syscall_syscall(SYS___BIND_A, uintptr(s), uintptr(addr), uintptr(addrlen)) - if e1 != 0 { - err = errnoErr(e1) + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___BIND_A<<4, uintptr(s), uintptr(addr), uintptr(addrlen)) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) } return } @@ -78,9 +291,11 @@ func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) { - _, _, e1 := syscall_syscall(SYS___CONNECT_A, uintptr(s), uintptr(addr), uintptr(addrlen)) - if e1 != 0 { - err = errnoErr(e1) + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___CONNECT_A<<4, uintptr(s), uintptr(addr), uintptr(addrlen)) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) } return } @@ -88,10 +303,10 @@ func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func getgroups(n int, list *_Gid_t) (nn int, err error) { - r0, _, e1 := syscall_rawsyscall(SYS_GETGROUPS, uintptr(n), uintptr(unsafe.Pointer(list)), 0) + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_GETGROUPS<<4, uintptr(n), uintptr(unsafe.Pointer(list))) nn = int(r0) - if e1 != 0 { - err = errnoErr(e1) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) } return } @@ -99,9 +314,9 @@ func getgroups(n int, list *_Gid_t) (nn int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func setgroups(n int, list *_Gid_t) (err error) { - _, _, e1 := syscall_rawsyscall(SYS_SETGROUPS, uintptr(n), uintptr(unsafe.Pointer(list)), 0) - if e1 != 0 { - err = errnoErr(e1) + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SETGROUPS<<4, uintptr(n), uintptr(unsafe.Pointer(list))) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) } return } @@ -109,9 +324,11 @@ func setgroups(n int, list *_Gid_t) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) { - _, _, e1 := syscall_syscall6(SYS_GETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0) - if e1 != 0 { - err = errnoErr(e1) + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_GETSOCKOPT<<4, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen))) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) } return } @@ -119,9 +336,11 @@ func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) { - _, _, e1 := syscall_syscall6(SYS_SETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0) - if e1 != 0 { - err = errnoErr(e1) + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SETSOCKOPT<<4, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen)) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) } return } @@ -129,10 +348,10 @@ func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func socket(domain int, typ int, proto int) (fd int, err error) { - r0, _, e1 := syscall_rawsyscall(SYS_SOCKET, uintptr(domain), uintptr(typ), uintptr(proto)) + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SOCKET<<4, uintptr(domain), uintptr(typ), uintptr(proto)) fd = int(r0) - if e1 != 0 { - err = errnoErr(e1) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) } return } @@ -140,9 +359,9 @@ func socket(domain int, typ int, proto int) (fd int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) { - _, _, e1 := syscall_rawsyscall6(SYS_SOCKETPAIR, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0) - if e1 != 0 { - err = errnoErr(e1) + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SOCKETPAIR<<4, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd))) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) } return } @@ -150,9 +369,9 @@ func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) { - _, _, e1 := syscall_rawsyscall(SYS___GETPEERNAME_A, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) - if e1 != 0 { - err = errnoErr(e1) + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___GETPEERNAME_A<<4, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) } return } @@ -160,10 +379,52 @@ func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) { - _, _, e1 := syscall_rawsyscall(SYS___GETSOCKNAME_A, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) - if e1 != 0 { - err = errnoErr(e1) + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___GETSOCKNAME_A<<4, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func impl_Removexattr(path string, attr string) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + var _p1 *byte + _p1, err = BytePtrFromString(attr) + if err != nil { + return + } + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___REMOVEXATTR_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1))) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +//go:nosplit +func get_RemovexattrAddr() *(func(path string, attr string) (err error)) + +var Removexattr = enter_Removexattr + +func enter_Removexattr(path string, attr string) (err error) { + funcref := get_RemovexattrAddr() + if funcptrtest(GetZosLibVec()+SYS___REMOVEXATTR_A<<4, "") == 0 { + *funcref = impl_Removexattr + } else { + *funcref = error_Removexattr } + return (*funcref)(path, attr) +} + +func error_Removexattr(path string, attr string) (err error) { + err = ENOSYS return } @@ -176,10 +437,12 @@ func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Sockl } else { _p0 = unsafe.Pointer(&_zero) } - r0, _, e1 := syscall_syscall6(SYS___RECVFROM_A, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen))) + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___RECVFROM_A<<4, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen))) + runtime.ExitSyscall() n = int(r0) - if e1 != 0 { - err = errnoErr(e1) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) } return } @@ -193,9 +456,11 @@ func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) ( } else { _p0 = unsafe.Pointer(&_zero) } - _, _, e1 := syscall_syscall6(SYS___SENDTO_A, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen)) - if e1 != 0 { - err = errnoErr(e1) + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___SENDTO_A<<4, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen)) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) } return } @@ -203,10 +468,12 @@ func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) ( // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) { - r0, _, e1 := syscall_syscall(SYS___RECVMSG_A, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags)) + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___RECVMSG_A<<4, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags)) + runtime.ExitSyscall() n = int(r0) - if e1 != 0 { - err = errnoErr(e1) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) } return } @@ -214,10 +481,12 @@ func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) { - r0, _, e1 := syscall_syscall(SYS___SENDMSG_A, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags)) + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___SENDMSG_A<<4, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags)) + runtime.ExitSyscall() n = int(r0) - if e1 != 0 { - err = errnoErr(e1) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) } return } @@ -225,10 +494,12 @@ func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error) { - r0, _, e1 := syscall_syscall6(SYS_MMAP, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flag), uintptr(fd), uintptr(pos)) + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_MMAP<<4, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flag), uintptr(fd), uintptr(pos)) + runtime.ExitSyscall() ret = uintptr(r0) - if e1 != 0 { - err = errnoErr(e1) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) } return } @@ -236,9 +507,11 @@ func mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) ( // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func munmap(addr uintptr, length uintptr) (err error) { - _, _, e1 := syscall_syscall(SYS_MUNMAP, uintptr(addr), uintptr(length), 0) - if e1 != 0 { - err = errnoErr(e1) + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_MUNMAP<<4, uintptr(addr), uintptr(length)) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) } return } @@ -246,9 +519,11 @@ func munmap(addr uintptr, length uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func ioctl(fd int, req int, arg uintptr) (err error) { - _, _, e1 := syscall_syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) - if e1 != 0 { - err = errnoErr(e1) + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_IOCTL<<4, uintptr(fd), uintptr(req), uintptr(arg)) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) } return } @@ -256,9 +531,62 @@ func ioctl(fd int, req int, arg uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func ioctlPtr(fd int, req int, arg unsafe.Pointer) (err error) { - _, _, e1 := syscall_syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) - if e1 != 0 { - err = errnoErr(e1) + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_IOCTL<<4, uintptr(fd), uintptr(req), uintptr(arg)) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func shmat(id int, addr uintptr, flag int) (ret uintptr, err error) { + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SHMAT<<4, uintptr(id), uintptr(addr), uintptr(flag)) + runtime.ExitSyscall() + ret = uintptr(r0) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func shmctl(id int, cmd int, buf *SysvShmDesc) (result int, err error) { + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SHMCTL64<<4, uintptr(id), uintptr(cmd), uintptr(unsafe.Pointer(buf))) + runtime.ExitSyscall() + result = int(r0) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func shmdt(addr uintptr) (err error) { + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SHMDT<<4, uintptr(addr)) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func shmget(key int, size int, flag int) (id int, err error) { + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SHMGET<<4, uintptr(key), uintptr(size), uintptr(flag)) + runtime.ExitSyscall() + id = int(r0) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) } return } @@ -271,9 +599,11 @@ func Access(path string, mode uint32) (err error) { if err != nil { return } - _, _, e1 := syscall_syscall(SYS___ACCESS_A, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0) - if e1 != 0 { - err = errnoErr(e1) + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___ACCESS_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(mode)) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) } return } @@ -286,9 +616,11 @@ func Chdir(path string) (err error) { if err != nil { return } - _, _, e1 := syscall_syscall(SYS___CHDIR_A, uintptr(unsafe.Pointer(_p0)), 0, 0) - if e1 != 0 { - err = errnoErr(e1) + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___CHDIR_A<<4, uintptr(unsafe.Pointer(_p0))) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) } return } @@ -301,9 +633,11 @@ func Chown(path string, uid int, gid int) (err error) { if err != nil { return } - _, _, e1 := syscall_syscall(SYS___CHOWN_A, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid)) - if e1 != 0 { - err = errnoErr(e1) + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___CHOWN_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid)) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) } return } @@ -316,9 +650,11 @@ func Chmod(path string, mode uint32) (err error) { if err != nil { return } - _, _, e1 := syscall_syscall(SYS___CHMOD_A, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0) - if e1 != 0 { - err = errnoErr(e1) + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___CHMOD_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(mode)) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) } return } @@ -331,10 +667,12 @@ func Creat(path string, mode uint32) (fd int, err error) { if err != nil { return } - r0, _, e1 := syscall_syscall(SYS___CREAT_A, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0) + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___CREAT_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(mode)) + runtime.ExitSyscall() fd = int(r0) - if e1 != 0 { - err = errnoErr(e1) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) } return } @@ -342,10 +680,12 @@ func Creat(path string, mode uint32) (fd int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Dup(oldfd int) (fd int, err error) { - r0, _, e1 := syscall_syscall(SYS_DUP, uintptr(oldfd), 0, 0) + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_DUP<<4, uintptr(oldfd)) + runtime.ExitSyscall() fd = int(r0) - if e1 != 0 { - err = errnoErr(e1) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) } return } @@ -353,617 +693,2216 @@ func Dup(oldfd int) (fd int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Dup2(oldfd int, newfd int) (err error) { - _, _, e1 := syscall_syscall(SYS_DUP2, uintptr(oldfd), uintptr(newfd), 0) - if e1 != 0 { - err = errnoErr(e1) + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_DUP2<<4, uintptr(oldfd), uintptr(newfd)) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) } return } // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Errno2() (er2 int) { - uer2, _, _ := syscall_syscall(SYS___ERRNO2, 0, 0, 0) - er2 = int(uer2) +func impl_Dup3(oldfd int, newfd int, flags int) (err error) { + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_DUP3<<4, uintptr(oldfd), uintptr(newfd), uintptr(flags)) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } return } -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +//go:nosplit +func get_Dup3Addr() *(func(oldfd int, newfd int, flags int) (err error)) -func Err2ad() (eadd *int) { - ueadd, _, _ := syscall_syscall(SYS___ERR2AD, 0, 0, 0) - eadd = (*int)(unsafe.Pointer(ueadd)) - return -} +var Dup3 = enter_Dup3 -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func enter_Dup3(oldfd int, newfd int, flags int) (err error) { + funcref := get_Dup3Addr() + if funcptrtest(GetZosLibVec()+SYS_DUP3<<4, "") == 0 { + *funcref = impl_Dup3 + } else { + *funcref = error_Dup3 + } + return (*funcref)(oldfd, newfd, flags) +} -func Exit(code int) { - syscall_syscall(SYS_EXIT, uintptr(code), 0, 0) +func error_Dup3(oldfd int, newfd int, flags int) (err error) { + err = ENOSYS return } // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Fchdir(fd int) (err error) { - _, _, e1 := syscall_syscall(SYS_FCHDIR, uintptr(fd), 0, 0) - if e1 != 0 { - err = errnoErr(e1) +func impl_Dirfd(dirp uintptr) (fd int, err error) { + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_DIRFD<<4, uintptr(dirp)) + runtime.ExitSyscall() + fd = int(r0) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) } return } -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +//go:nosplit +func get_DirfdAddr() *(func(dirp uintptr) (fd int, err error)) -func Fchmod(fd int, mode uint32) (err error) { - _, _, e1 := syscall_syscall(SYS_FCHMOD, uintptr(fd), uintptr(mode), 0) - if e1 != 0 { - err = errnoErr(e1) +var Dirfd = enter_Dirfd + +func enter_Dirfd(dirp uintptr) (fd int, err error) { + funcref := get_DirfdAddr() + if funcptrtest(GetZosLibVec()+SYS_DIRFD<<4, "") == 0 { + *funcref = impl_Dirfd + } else { + *funcref = error_Dirfd } + return (*funcref)(dirp) +} + +func error_Dirfd(dirp uintptr) (fd int, err error) { + fd = -1 + err = ENOSYS return } // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Fchown(fd int, uid int, gid int) (err error) { - _, _, e1 := syscall_syscall(SYS_FCHOWN, uintptr(fd), uintptr(uid), uintptr(gid)) - if e1 != 0 { - err = errnoErr(e1) +func impl_EpollCreate(size int) (fd int, err error) { + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_EPOLL_CREATE<<4, uintptr(size)) + runtime.ExitSyscall() + fd = int(r0) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) } return } -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +//go:nosplit +func get_EpollCreateAddr() *(func(size int) (fd int, err error)) -func FcntlInt(fd uintptr, cmd int, arg int) (retval int, err error) { - r0, _, e1 := syscall_syscall(SYS_FCNTL, uintptr(fd), uintptr(cmd), uintptr(arg)) - retval = int(r0) - if e1 != 0 { - err = errnoErr(e1) +var EpollCreate = enter_EpollCreate + +func enter_EpollCreate(size int) (fd int, err error) { + funcref := get_EpollCreateAddr() + if funcptrtest(GetZosLibVec()+SYS_EPOLL_CREATE<<4, "") == 0 { + *funcref = impl_EpollCreate + } else { + *funcref = error_EpollCreate } + return (*funcref)(size) +} + +func error_EpollCreate(size int) (fd int, err error) { + fd = -1 + err = ENOSYS return } // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func fstat(fd int, stat *Stat_LE_t) (err error) { - _, _, e1 := syscall_syscall(SYS_FSTAT, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0) - if e1 != 0 { - err = errnoErr(e1) +func impl_EpollCreate1(flags int) (fd int, err error) { + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_EPOLL_CREATE1<<4, uintptr(flags)) + runtime.ExitSyscall() + fd = int(r0) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) } return } -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +//go:nosplit +func get_EpollCreate1Addr() *(func(flags int) (fd int, err error)) -func Fstatvfs(fd int, stat *Statvfs_t) (err error) { - _, _, e1 := syscall_syscall(SYS_FSTATVFS, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0) - if e1 != 0 { - err = errnoErr(e1) +var EpollCreate1 = enter_EpollCreate1 + +func enter_EpollCreate1(flags int) (fd int, err error) { + funcref := get_EpollCreate1Addr() + if funcptrtest(GetZosLibVec()+SYS_EPOLL_CREATE1<<4, "") == 0 { + *funcref = impl_EpollCreate1 + } else { + *funcref = error_EpollCreate1 } + return (*funcref)(flags) +} + +func error_EpollCreate1(flags int) (fd int, err error) { + fd = -1 + err = ENOSYS return } // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Fsync(fd int) (err error) { - _, _, e1 := syscall_syscall(SYS_FSYNC, uintptr(fd), 0, 0) - if e1 != 0 { - err = errnoErr(e1) +func impl_EpollCtl(epfd int, op int, fd int, event *EpollEvent) (err error) { + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_EPOLL_CTL<<4, uintptr(epfd), uintptr(op), uintptr(fd), uintptr(unsafe.Pointer(event))) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) } return } -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +//go:nosplit +func get_EpollCtlAddr() *(func(epfd int, op int, fd int, event *EpollEvent) (err error)) -func Ftruncate(fd int, length int64) (err error) { - _, _, e1 := syscall_syscall(SYS_FTRUNCATE, uintptr(fd), uintptr(length), 0) - if e1 != 0 { - err = errnoErr(e1) +var EpollCtl = enter_EpollCtl + +func enter_EpollCtl(epfd int, op int, fd int, event *EpollEvent) (err error) { + funcref := get_EpollCtlAddr() + if funcptrtest(GetZosLibVec()+SYS_EPOLL_CTL<<4, "") == 0 { + *funcref = impl_EpollCtl + } else { + *funcref = error_EpollCtl } - return + return (*funcref)(epfd, op, fd, event) } -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func Getpagesize() (pgsize int) { - r0, _, _ := syscall_syscall(SYS_GETPAGESIZE, 0, 0, 0) - pgsize = int(r0) +func error_EpollCtl(epfd int, op int, fd int, event *EpollEvent) (err error) { + err = ENOSYS return } // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Mprotect(b []byte, prot int) (err error) { +func impl_EpollPwait(epfd int, events []EpollEvent, msec int, sigmask *int) (n int, err error) { var _p0 unsafe.Pointer - if len(b) > 0 { - _p0 = unsafe.Pointer(&b[0]) + if len(events) > 0 { + _p0 = unsafe.Pointer(&events[0]) } else { _p0 = unsafe.Pointer(&_zero) } - _, _, e1 := syscall_syscall(SYS_MPROTECT, uintptr(_p0), uintptr(len(b)), uintptr(prot)) - if e1 != 0 { - err = errnoErr(e1) + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_EPOLL_PWAIT<<4, uintptr(epfd), uintptr(_p0), uintptr(len(events)), uintptr(msec), uintptr(unsafe.Pointer(sigmask))) + runtime.ExitSyscall() + n = int(r0) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) } return } -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +//go:nosplit +func get_EpollPwaitAddr() *(func(epfd int, events []EpollEvent, msec int, sigmask *int) (n int, err error)) -func Msync(b []byte, flags int) (err error) { - var _p0 unsafe.Pointer - if len(b) > 0 { - _p0 = unsafe.Pointer(&b[0]) +var EpollPwait = enter_EpollPwait + +func enter_EpollPwait(epfd int, events []EpollEvent, msec int, sigmask *int) (n int, err error) { + funcref := get_EpollPwaitAddr() + if funcptrtest(GetZosLibVec()+SYS_EPOLL_PWAIT<<4, "") == 0 { + *funcref = impl_EpollPwait } else { - _p0 = unsafe.Pointer(&_zero) - } - _, _, e1 := syscall_syscall(SYS_MSYNC, uintptr(_p0), uintptr(len(b)), uintptr(flags)) - if e1 != 0 { - err = errnoErr(e1) + *funcref = error_EpollPwait } + return (*funcref)(epfd, events, msec, sigmask) +} + +func error_EpollPwait(epfd int, events []EpollEvent, msec int, sigmask *int) (n int, err error) { + n = -1 + err = ENOSYS return } // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Poll(fds []PollFd, timeout int) (n int, err error) { +func impl_EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error) { var _p0 unsafe.Pointer - if len(fds) > 0 { - _p0 = unsafe.Pointer(&fds[0]) + if len(events) > 0 { + _p0 = unsafe.Pointer(&events[0]) } else { _p0 = unsafe.Pointer(&_zero) } - r0, _, e1 := syscall_syscall(SYS_POLL, uintptr(_p0), uintptr(len(fds)), uintptr(timeout)) + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_EPOLL_WAIT<<4, uintptr(epfd), uintptr(_p0), uintptr(len(events)), uintptr(msec)) + runtime.ExitSyscall() n = int(r0) - if e1 != 0 { - err = errnoErr(e1) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) } return } -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +//go:nosplit +func get_EpollWaitAddr() *(func(epfd int, events []EpollEvent, msec int) (n int, err error)) -func Times(tms *Tms) (ticks uintptr, err error) { - r0, _, e1 := syscall_syscall(SYS_TIMES, uintptr(unsafe.Pointer(tms)), 0, 0) - ticks = uintptr(r0) - if e1 != 0 { - err = errnoErr(e1) +var EpollWait = enter_EpollWait + +func enter_EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error) { + funcref := get_EpollWaitAddr() + if funcptrtest(GetZosLibVec()+SYS_EPOLL_WAIT<<4, "") == 0 { + *funcref = impl_EpollWait + } else { + *funcref = error_EpollWait } + return (*funcref)(epfd, events, msec) +} + +func error_EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error) { + n = -1 + err = ENOSYS return } // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func W_Getmntent(buff *byte, size int) (lastsys int, err error) { - r0, _, e1 := syscall_syscall(SYS_W_GETMNTENT, uintptr(unsafe.Pointer(buff)), uintptr(size), 0) - lastsys = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } +func Errno2() (er2 int) { + runtime.EnterSyscall() + r0, _, _ := CallLeFuncWithErr(GetZosLibVec() + SYS___ERRNO2<<4) + runtime.ExitSyscall() + er2 = int(r0) return } // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func W_Getmntent_A(buff *byte, size int) (lastsys int, err error) { - r0, _, e1 := syscall_syscall(SYS___W_GETMNTENT_A, uintptr(unsafe.Pointer(buff)), uintptr(size), 0) - lastsys = int(r0) - if e1 != 0 { - err = errnoErr(e1) +func impl_Eventfd(initval uint, flags int) (fd int, err error) { + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_EVENTFD<<4, uintptr(initval), uintptr(flags)) + runtime.ExitSyscall() + fd = int(r0) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) } return } +//go:nosplit +func get_EventfdAddr() *(func(initval uint, flags int) (fd int, err error)) + +var Eventfd = enter_Eventfd + +func enter_Eventfd(initval uint, flags int) (fd int, err error) { + funcref := get_EventfdAddr() + if funcptrtest(GetZosLibVec()+SYS_EVENTFD<<4, "") == 0 { + *funcref = impl_Eventfd + } else { + *funcref = error_Eventfd + } + return (*funcref)(initval, flags) +} + +func error_Eventfd(initval uint, flags int) (fd int, err error) { + fd = -1 + err = ENOSYS + return +} + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func mount_LE(path string, filesystem string, fstype string, mtm uint32, parmlen int32, parm string) (err error) { +func Exit(code int) { + runtime.EnterSyscall() + CallLeFuncWithErr(GetZosLibVec()+SYS_EXIT<<4, uintptr(code)) + runtime.ExitSyscall() + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func impl_Faccessat(dirfd int, path string, mode uint32, flags int) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) if err != nil { return } - var _p1 *byte - _p1, err = BytePtrFromString(filesystem) - if err != nil { - return - } - var _p2 *byte - _p2, err = BytePtrFromString(fstype) - if err != nil { - return - } - var _p3 *byte - _p3, err = BytePtrFromString(parm) - if err != nil { - return - } - _, _, e1 := syscall_syscall6(SYS___MOUNT_A, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(unsafe.Pointer(_p2)), uintptr(mtm), uintptr(parmlen), uintptr(unsafe.Pointer(_p3))) - if e1 != 0 { - err = errnoErr(e1) + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___FACCESSAT_A<<4, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags)) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) } return } -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +//go:nosplit +func get_FaccessatAddr() *(func(dirfd int, path string, mode uint32, flags int) (err error)) -func unmount(filesystem string, mtm int) (err error) { +var Faccessat = enter_Faccessat + +func enter_Faccessat(dirfd int, path string, mode uint32, flags int) (err error) { + funcref := get_FaccessatAddr() + if funcptrtest(GetZosLibVec()+SYS___FACCESSAT_A<<4, "") == 0 { + *funcref = impl_Faccessat + } else { + *funcref = error_Faccessat + } + return (*funcref)(dirfd, path, mode, flags) +} + +func error_Faccessat(dirfd int, path string, mode uint32, flags int) (err error) { + err = ENOSYS + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Fchdir(fd int) (err error) { + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_FCHDIR<<4, uintptr(fd)) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Fchmod(fd int, mode uint32) (err error) { + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_FCHMOD<<4, uintptr(fd), uintptr(mode)) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func impl_Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) { var _p0 *byte - _p0, err = BytePtrFromString(filesystem) + _p0, err = BytePtrFromString(path) if err != nil { return } - _, _, e1 := syscall_syscall(SYS___UMOUNT_A, uintptr(unsafe.Pointer(_p0)), uintptr(mtm), 0) - if e1 != 0 { - err = errnoErr(e1) + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___FCHMODAT_A<<4, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags)) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +//go:nosplit +func get_FchmodatAddr() *(func(dirfd int, path string, mode uint32, flags int) (err error)) + +var Fchmodat = enter_Fchmodat + +func enter_Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) { + funcref := get_FchmodatAddr() + if funcptrtest(GetZosLibVec()+SYS___FCHMODAT_A<<4, "") == 0 { + *funcref = impl_Fchmodat + } else { + *funcref = error_Fchmodat + } + return (*funcref)(dirfd, path, mode, flags) +} + +func error_Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) { + err = ENOSYS + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Fchown(fd int, uid int, gid int) (err error) { + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_FCHOWN<<4, uintptr(fd), uintptr(uid), uintptr(gid)) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) } return } // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Chroot(path string) (err error) { +func impl_Fchownat(fd int, path string, uid int, gid int, flags int) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) if err != nil { return } - _, _, e1 := syscall_syscall(SYS___CHROOT_A, uintptr(unsafe.Pointer(_p0)), 0, 0) - if e1 != 0 { - err = errnoErr(e1) + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___FCHOWNAT_A<<4, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags)) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +//go:nosplit +func get_FchownatAddr() *(func(fd int, path string, uid int, gid int, flags int) (err error)) + +var Fchownat = enter_Fchownat + +func enter_Fchownat(fd int, path string, uid int, gid int, flags int) (err error) { + funcref := get_FchownatAddr() + if funcptrtest(GetZosLibVec()+SYS___FCHOWNAT_A<<4, "") == 0 { + *funcref = impl_Fchownat + } else { + *funcref = error_Fchownat } + return (*funcref)(fd, path, uid, gid, flags) +} + +func error_Fchownat(fd int, path string, uid int, gid int, flags int) (err error) { + err = ENOSYS return } // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Uname(buf *Utsname) (err error) { - _, _, e1 := syscall_rawsyscall(SYS___UNAME_A, uintptr(unsafe.Pointer(buf)), 0, 0) - if e1 != 0 { - err = errnoErr(e1) +func FcntlInt(fd uintptr, cmd int, arg int) (retval int, err error) { + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_FCNTL<<4, uintptr(fd), uintptr(cmd), uintptr(arg)) + runtime.ExitSyscall() + retval = int(r0) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) } return } // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Gethostname(buf []byte) (err error) { +func impl_Fdatasync(fd int) (err error) { + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_FDATASYNC<<4, uintptr(fd)) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +//go:nosplit +func get_FdatasyncAddr() *(func(fd int) (err error)) + +var Fdatasync = enter_Fdatasync + +func enter_Fdatasync(fd int) (err error) { + funcref := get_FdatasyncAddr() + if funcptrtest(GetZosLibVec()+SYS_FDATASYNC<<4, "") == 0 { + *funcref = impl_Fdatasync + } else { + *funcref = error_Fdatasync + } + return (*funcref)(fd) +} + +func error_Fdatasync(fd int) (err error) { + err = ENOSYS + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func fstat(fd int, stat *Stat_LE_t) (err error) { + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_FSTAT<<4, uintptr(fd), uintptr(unsafe.Pointer(stat))) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func impl_fstatat(dirfd int, path string, stat *Stat_LE_t, flags int) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___FSTATAT_A<<4, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags)) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +//go:nosplit +func get_fstatatAddr() *(func(dirfd int, path string, stat *Stat_LE_t, flags int) (err error)) + +var fstatat = enter_fstatat + +func enter_fstatat(dirfd int, path string, stat *Stat_LE_t, flags int) (err error) { + funcref := get_fstatatAddr() + if funcptrtest(GetZosLibVec()+SYS___FSTATAT_A<<4, "") == 0 { + *funcref = impl_fstatat + } else { + *funcref = error_fstatat + } + return (*funcref)(dirfd, path, stat, flags) +} + +func error_fstatat(dirfd int, path string, stat *Stat_LE_t, flags int) (err error) { + err = ENOSYS + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func impl_Lgetxattr(link string, attr string, dest []byte) (sz int, err error) { + var _p0 *byte + _p0, err = BytePtrFromString(link) + if err != nil { + return + } + var _p1 *byte + _p1, err = BytePtrFromString(attr) + if err != nil { + return + } + var _p2 unsafe.Pointer + if len(dest) > 0 { + _p2 = unsafe.Pointer(&dest[0]) + } else { + _p2 = unsafe.Pointer(&_zero) + } + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___LGETXATTR_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(dest))) + runtime.ExitSyscall() + sz = int(r0) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +//go:nosplit +func get_LgetxattrAddr() *(func(link string, attr string, dest []byte) (sz int, err error)) + +var Lgetxattr = enter_Lgetxattr + +func enter_Lgetxattr(link string, attr string, dest []byte) (sz int, err error) { + funcref := get_LgetxattrAddr() + if funcptrtest(GetZosLibVec()+SYS___LGETXATTR_A<<4, "") == 0 { + *funcref = impl_Lgetxattr + } else { + *funcref = error_Lgetxattr + } + return (*funcref)(link, attr, dest) +} + +func error_Lgetxattr(link string, attr string, dest []byte) (sz int, err error) { + sz = -1 + err = ENOSYS + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func impl_Lsetxattr(path string, attr string, data []byte, flags int) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + var _p1 *byte + _p1, err = BytePtrFromString(attr) + if err != nil { + return + } + var _p2 unsafe.Pointer + if len(data) > 0 { + _p2 = unsafe.Pointer(&data[0]) + } else { + _p2 = unsafe.Pointer(&_zero) + } + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___LSETXATTR_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(data)), uintptr(flags)) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +//go:nosplit +func get_LsetxattrAddr() *(func(path string, attr string, data []byte, flags int) (err error)) + +var Lsetxattr = enter_Lsetxattr + +func enter_Lsetxattr(path string, attr string, data []byte, flags int) (err error) { + funcref := get_LsetxattrAddr() + if funcptrtest(GetZosLibVec()+SYS___LSETXATTR_A<<4, "") == 0 { + *funcref = impl_Lsetxattr + } else { + *funcref = error_Lsetxattr + } + return (*funcref)(path, attr, data, flags) +} + +func error_Lsetxattr(path string, attr string, data []byte, flags int) (err error) { + err = ENOSYS + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func impl_Fstatfs(fd int, buf *Statfs_t) (err error) { + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_FSTATFS<<4, uintptr(fd), uintptr(unsafe.Pointer(buf))) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +//go:nosplit +func get_FstatfsAddr() *(func(fd int, buf *Statfs_t) (err error)) + +var Fstatfs = enter_Fstatfs + +func enter_Fstatfs(fd int, buf *Statfs_t) (err error) { + funcref := get_FstatfsAddr() + if funcptrtest(GetZosLibVec()+SYS_FSTATFS<<4, "") == 0 { + *funcref = impl_Fstatfs + } else { + *funcref = error_Fstatfs + } + return (*funcref)(fd, buf) +} + +func error_Fstatfs(fd int, buf *Statfs_t) (err error) { + err = ENOSYS + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Fstatvfs(fd int, stat *Statvfs_t) (err error) { + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_FSTATVFS<<4, uintptr(fd), uintptr(unsafe.Pointer(stat))) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Fsync(fd int) (err error) { + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_FSYNC<<4, uintptr(fd)) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func impl_Futimes(fd int, tv []Timeval) (err error) { var _p0 unsafe.Pointer - if len(buf) > 0 { - _p0 = unsafe.Pointer(&buf[0]) + if len(tv) > 0 { + _p0 = unsafe.Pointer(&tv[0]) } else { _p0 = unsafe.Pointer(&_zero) } - _, _, e1 := syscall_syscall(SYS___GETHOSTNAME_A, uintptr(_p0), uintptr(len(buf)), 0) - if e1 != 0 { - err = errnoErr(e1) + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_FUTIMES<<4, uintptr(fd), uintptr(_p0), uintptr(len(tv))) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) } return } -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +//go:nosplit +func get_FutimesAddr() *(func(fd int, tv []Timeval) (err error)) -func Getegid() (egid int) { - r0, _, _ := syscall_rawsyscall(SYS_GETEGID, 0, 0, 0) - egid = int(r0) +var Futimes = enter_Futimes + +func enter_Futimes(fd int, tv []Timeval) (err error) { + funcref := get_FutimesAddr() + if funcptrtest(GetZosLibVec()+SYS_FUTIMES<<4, "") == 0 { + *funcref = impl_Futimes + } else { + *funcref = error_Futimes + } + return (*funcref)(fd, tv) +} + +func error_Futimes(fd int, tv []Timeval) (err error) { + err = ENOSYS return } // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Geteuid() (uid int) { - r0, _, _ := syscall_rawsyscall(SYS_GETEUID, 0, 0, 0) - uid = int(r0) +func impl_Futimesat(dirfd int, path string, tv []Timeval) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + var _p1 unsafe.Pointer + if len(tv) > 0 { + _p1 = unsafe.Pointer(&tv[0]) + } else { + _p1 = unsafe.Pointer(&_zero) + } + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___FUTIMESAT_A<<4, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(tv))) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +//go:nosplit +func get_FutimesatAddr() *(func(dirfd int, path string, tv []Timeval) (err error)) + +var Futimesat = enter_Futimesat + +func enter_Futimesat(dirfd int, path string, tv []Timeval) (err error) { + funcref := get_FutimesatAddr() + if funcptrtest(GetZosLibVec()+SYS___FUTIMESAT_A<<4, "") == 0 { + *funcref = impl_Futimesat + } else { + *funcref = error_Futimesat + } + return (*funcref)(dirfd, path, tv) +} + +func error_Futimesat(dirfd int, path string, tv []Timeval) (err error) { + err = ENOSYS return } // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Getgid() (gid int) { - r0, _, _ := syscall_rawsyscall(SYS_GETGID, 0, 0, 0) - gid = int(r0) +func Ftruncate(fd int, length int64) (err error) { + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_FTRUNCATE<<4, uintptr(fd), uintptr(length)) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } return } // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Getpid() (pid int) { - r0, _, _ := syscall_rawsyscall(SYS_GETPID, 0, 0, 0) - pid = int(r0) +func impl_Getrandom(buf []byte, flags int) (n int, err error) { + var _p0 unsafe.Pointer + if len(buf) > 0 { + _p0 = unsafe.Pointer(&buf[0]) + } else { + _p0 = unsafe.Pointer(&_zero) + } + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_GETRANDOM<<4, uintptr(_p0), uintptr(len(buf)), uintptr(flags)) + runtime.ExitSyscall() + n = int(r0) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +//go:nosplit +func get_GetrandomAddr() *(func(buf []byte, flags int) (n int, err error)) + +var Getrandom = enter_Getrandom + +func enter_Getrandom(buf []byte, flags int) (n int, err error) { + funcref := get_GetrandomAddr() + if funcptrtest(GetZosLibVec()+SYS_GETRANDOM<<4, "") == 0 { + *funcref = impl_Getrandom + } else { + *funcref = error_Getrandom + } + return (*funcref)(buf, flags) +} + +func error_Getrandom(buf []byte, flags int) (n int, err error) { + n = -1 + err = ENOSYS return } // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Getpgid(pid int) (pgid int, err error) { - r0, _, e1 := syscall_rawsyscall(SYS_GETPGID, uintptr(pid), 0, 0) - pgid = int(r0) - if e1 != 0 { - err = errnoErr(e1) +func impl_InotifyInit() (fd int, err error) { + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec() + SYS_INOTIFY_INIT<<4) + runtime.ExitSyscall() + fd = int(r0) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +//go:nosplit +func get_InotifyInitAddr() *(func() (fd int, err error)) + +var InotifyInit = enter_InotifyInit + +func enter_InotifyInit() (fd int, err error) { + funcref := get_InotifyInitAddr() + if funcptrtest(GetZosLibVec()+SYS_INOTIFY_INIT<<4, "") == 0 { + *funcref = impl_InotifyInit + } else { + *funcref = error_InotifyInit } + return (*funcref)() +} + +func error_InotifyInit() (fd int, err error) { + fd = -1 + err = ENOSYS return } // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Getppid() (pid int) { - r0, _, _ := syscall_rawsyscall(SYS_GETPPID, 0, 0, 0) - pid = int(r0) +func impl_InotifyInit1(flags int) (fd int, err error) { + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_INOTIFY_INIT1<<4, uintptr(flags)) + runtime.ExitSyscall() + fd = int(r0) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +//go:nosplit +func get_InotifyInit1Addr() *(func(flags int) (fd int, err error)) + +var InotifyInit1 = enter_InotifyInit1 + +func enter_InotifyInit1(flags int) (fd int, err error) { + funcref := get_InotifyInit1Addr() + if funcptrtest(GetZosLibVec()+SYS_INOTIFY_INIT1<<4, "") == 0 { + *funcref = impl_InotifyInit1 + } else { + *funcref = error_InotifyInit1 + } + return (*funcref)(flags) +} + +func error_InotifyInit1(flags int) (fd int, err error) { + fd = -1 + err = ENOSYS + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func impl_InotifyAddWatch(fd int, pathname string, mask uint32) (watchdesc int, err error) { + var _p0 *byte + _p0, err = BytePtrFromString(pathname) + if err != nil { + return + } + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___INOTIFY_ADD_WATCH_A<<4, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(mask)) + runtime.ExitSyscall() + watchdesc = int(r0) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +//go:nosplit +func get_InotifyAddWatchAddr() *(func(fd int, pathname string, mask uint32) (watchdesc int, err error)) + +var InotifyAddWatch = enter_InotifyAddWatch + +func enter_InotifyAddWatch(fd int, pathname string, mask uint32) (watchdesc int, err error) { + funcref := get_InotifyAddWatchAddr() + if funcptrtest(GetZosLibVec()+SYS___INOTIFY_ADD_WATCH_A<<4, "") == 0 { + *funcref = impl_InotifyAddWatch + } else { + *funcref = error_InotifyAddWatch + } + return (*funcref)(fd, pathname, mask) +} + +func error_InotifyAddWatch(fd int, pathname string, mask uint32) (watchdesc int, err error) { + watchdesc = -1 + err = ENOSYS + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func impl_InotifyRmWatch(fd int, watchdesc uint32) (success int, err error) { + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_INOTIFY_RM_WATCH<<4, uintptr(fd), uintptr(watchdesc)) + runtime.ExitSyscall() + success = int(r0) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +//go:nosplit +func get_InotifyRmWatchAddr() *(func(fd int, watchdesc uint32) (success int, err error)) + +var InotifyRmWatch = enter_InotifyRmWatch + +func enter_InotifyRmWatch(fd int, watchdesc uint32) (success int, err error) { + funcref := get_InotifyRmWatchAddr() + if funcptrtest(GetZosLibVec()+SYS_INOTIFY_RM_WATCH<<4, "") == 0 { + *funcref = impl_InotifyRmWatch + } else { + *funcref = error_InotifyRmWatch + } + return (*funcref)(fd, watchdesc) +} + +func error_InotifyRmWatch(fd int, watchdesc uint32) (success int, err error) { + success = -1 + err = ENOSYS + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func impl_Listxattr(path string, dest []byte) (sz int, err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + var _p1 unsafe.Pointer + if len(dest) > 0 { + _p1 = unsafe.Pointer(&dest[0]) + } else { + _p1 = unsafe.Pointer(&_zero) + } + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___LISTXATTR_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(dest))) + runtime.ExitSyscall() + sz = int(r0) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +//go:nosplit +func get_ListxattrAddr() *(func(path string, dest []byte) (sz int, err error)) + +var Listxattr = enter_Listxattr + +func enter_Listxattr(path string, dest []byte) (sz int, err error) { + funcref := get_ListxattrAddr() + if funcptrtest(GetZosLibVec()+SYS___LISTXATTR_A<<4, "") == 0 { + *funcref = impl_Listxattr + } else { + *funcref = error_Listxattr + } + return (*funcref)(path, dest) +} + +func error_Listxattr(path string, dest []byte) (sz int, err error) { + sz = -1 + err = ENOSYS + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func impl_Llistxattr(path string, dest []byte) (sz int, err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + var _p1 unsafe.Pointer + if len(dest) > 0 { + _p1 = unsafe.Pointer(&dest[0]) + } else { + _p1 = unsafe.Pointer(&_zero) + } + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___LLISTXATTR_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(dest))) + runtime.ExitSyscall() + sz = int(r0) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +//go:nosplit +func get_LlistxattrAddr() *(func(path string, dest []byte) (sz int, err error)) + +var Llistxattr = enter_Llistxattr + +func enter_Llistxattr(path string, dest []byte) (sz int, err error) { + funcref := get_LlistxattrAddr() + if funcptrtest(GetZosLibVec()+SYS___LLISTXATTR_A<<4, "") == 0 { + *funcref = impl_Llistxattr + } else { + *funcref = error_Llistxattr + } + return (*funcref)(path, dest) +} + +func error_Llistxattr(path string, dest []byte) (sz int, err error) { + sz = -1 + err = ENOSYS + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func impl_Lremovexattr(path string, attr string) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + var _p1 *byte + _p1, err = BytePtrFromString(attr) + if err != nil { + return + } + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___LREMOVEXATTR_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1))) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +//go:nosplit +func get_LremovexattrAddr() *(func(path string, attr string) (err error)) + +var Lremovexattr = enter_Lremovexattr + +func enter_Lremovexattr(path string, attr string) (err error) { + funcref := get_LremovexattrAddr() + if funcptrtest(GetZosLibVec()+SYS___LREMOVEXATTR_A<<4, "") == 0 { + *funcref = impl_Lremovexattr + } else { + *funcref = error_Lremovexattr + } + return (*funcref)(path, attr) +} + +func error_Lremovexattr(path string, attr string) (err error) { + err = ENOSYS + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func impl_Lutimes(path string, tv []Timeval) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + var _p1 unsafe.Pointer + if len(tv) > 0 { + _p1 = unsafe.Pointer(&tv[0]) + } else { + _p1 = unsafe.Pointer(&_zero) + } + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___LUTIMES_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(tv))) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +//go:nosplit +func get_LutimesAddr() *(func(path string, tv []Timeval) (err error)) + +var Lutimes = enter_Lutimes + +func enter_Lutimes(path string, tv []Timeval) (err error) { + funcref := get_LutimesAddr() + if funcptrtest(GetZosLibVec()+SYS___LUTIMES_A<<4, "") == 0 { + *funcref = impl_Lutimes + } else { + *funcref = error_Lutimes + } + return (*funcref)(path, tv) +} + +func error_Lutimes(path string, tv []Timeval) (err error) { + err = ENOSYS + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Mprotect(b []byte, prot int) (err error) { + var _p0 unsafe.Pointer + if len(b) > 0 { + _p0 = unsafe.Pointer(&b[0]) + } else { + _p0 = unsafe.Pointer(&_zero) + } + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_MPROTECT<<4, uintptr(_p0), uintptr(len(b)), uintptr(prot)) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Msync(b []byte, flags int) (err error) { + var _p0 unsafe.Pointer + if len(b) > 0 { + _p0 = unsafe.Pointer(&b[0]) + } else { + _p0 = unsafe.Pointer(&_zero) + } + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_MSYNC<<4, uintptr(_p0), uintptr(len(b)), uintptr(flags)) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Console2(cmsg *ConsMsg2, modstr *byte, concmd *uint32) (err error) { + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___CONSOLE2<<4, uintptr(unsafe.Pointer(cmsg)), uintptr(unsafe.Pointer(modstr)), uintptr(unsafe.Pointer(concmd))) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Poll(fds []PollFd, timeout int) (n int, err error) { + var _p0 unsafe.Pointer + if len(fds) > 0 { + _p0 = unsafe.Pointer(&fds[0]) + } else { + _p0 = unsafe.Pointer(&_zero) + } + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_POLL<<4, uintptr(_p0), uintptr(len(fds)), uintptr(timeout)) + runtime.ExitSyscall() + n = int(r0) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Readdir_r(dirp uintptr, entry *direntLE, result **direntLE) (err error) { + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___READDIR_R_A<<4, uintptr(dirp), uintptr(unsafe.Pointer(entry)), uintptr(unsafe.Pointer(result))) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func impl_Statfs(path string, buf *Statfs_t) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___STATFS_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(buf))) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +//go:nosplit +func get_StatfsAddr() *(func(path string, buf *Statfs_t) (err error)) + +var Statfs = enter_Statfs + +func enter_Statfs(path string, buf *Statfs_t) (err error) { + funcref := get_StatfsAddr() + if funcptrtest(GetZosLibVec()+SYS___STATFS_A<<4, "") == 0 { + *funcref = impl_Statfs + } else { + *funcref = error_Statfs + } + return (*funcref)(path, buf) +} + +func error_Statfs(path string, buf *Statfs_t) (err error) { + err = ENOSYS + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func impl_Syncfs(fd int) (err error) { + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SYNCFS<<4, uintptr(fd)) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +//go:nosplit +func get_SyncfsAddr() *(func(fd int) (err error)) + +var Syncfs = enter_Syncfs + +func enter_Syncfs(fd int) (err error) { + funcref := get_SyncfsAddr() + if funcptrtest(GetZosLibVec()+SYS_SYNCFS<<4, "") == 0 { + *funcref = impl_Syncfs + } else { + *funcref = error_Syncfs + } + return (*funcref)(fd) +} + +func error_Syncfs(fd int) (err error) { + err = ENOSYS + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Times(tms *Tms) (ticks uintptr, err error) { + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_TIMES<<4, uintptr(unsafe.Pointer(tms))) + runtime.ExitSyscall() + ticks = uintptr(r0) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func W_Getmntent(buff *byte, size int) (lastsys int, err error) { + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_W_GETMNTENT<<4, uintptr(unsafe.Pointer(buff)), uintptr(size)) + runtime.ExitSyscall() + lastsys = int(r0) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func W_Getmntent_A(buff *byte, size int) (lastsys int, err error) { + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___W_GETMNTENT_A<<4, uintptr(unsafe.Pointer(buff)), uintptr(size)) + runtime.ExitSyscall() + lastsys = int(r0) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func mount_LE(path string, filesystem string, fstype string, mtm uint32, parmlen int32, parm string) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + var _p1 *byte + _p1, err = BytePtrFromString(filesystem) + if err != nil { + return + } + var _p2 *byte + _p2, err = BytePtrFromString(fstype) + if err != nil { + return + } + var _p3 *byte + _p3, err = BytePtrFromString(parm) + if err != nil { + return + } + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___MOUNT_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(unsafe.Pointer(_p2)), uintptr(mtm), uintptr(parmlen), uintptr(unsafe.Pointer(_p3))) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func unmount_LE(filesystem string, mtm int) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(filesystem) + if err != nil { + return + } + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___UMOUNT_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(mtm)) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Chroot(path string) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___CHROOT_A<<4, uintptr(unsafe.Pointer(_p0))) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Select(nmsgsfds int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (ret int, err error) { + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SELECT<<4, uintptr(nmsgsfds), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout))) + runtime.ExitSyscall() + ret = int(r0) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Uname(buf *Utsname) (err error) { + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_____OSNAME_A<<4, uintptr(unsafe.Pointer(buf))) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func impl_Unshare(flags int) (err error) { + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_UNSHARE<<4, uintptr(flags)) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +//go:nosplit +func get_UnshareAddr() *(func(flags int) (err error)) + +var Unshare = enter_Unshare + +func enter_Unshare(flags int) (err error) { + funcref := get_UnshareAddr() + if funcptrtest(GetZosLibVec()+SYS_UNSHARE<<4, "") == 0 { + *funcref = impl_Unshare + } else { + *funcref = error_Unshare + } + return (*funcref)(flags) +} + +func error_Unshare(flags int) (err error) { + err = ENOSYS + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Gethostname(buf []byte) (err error) { + var _p0 unsafe.Pointer + if len(buf) > 0 { + _p0 = unsafe.Pointer(&buf[0]) + } else { + _p0 = unsafe.Pointer(&_zero) + } + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___GETHOSTNAME_A<<4, uintptr(_p0), uintptr(len(buf))) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Getgid() (gid int) { + r0, _, _ := CallLeFuncWithErr(GetZosLibVec() + SYS_GETGID<<4) + gid = int(r0) + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Getpid() (pid int) { + r0, _, _ := CallLeFuncWithErr(GetZosLibVec() + SYS_GETPID<<4) + pid = int(r0) + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Getpgid(pid int) (pgid int, err error) { + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_GETPGID<<4, uintptr(pid)) + pgid = int(r0) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Getppid() (pid int) { + r0, _, _ := CallLeFuncWithErr(GetZosLibVec() + SYS_GETPPID<<4) + pid = int(r0) + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Getpriority(which int, who int) (prio int, err error) { + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_GETPRIORITY<<4, uintptr(which), uintptr(who)) + runtime.ExitSyscall() + prio = int(r0) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Getrlimit(resource int, rlim *Rlimit) (err error) { + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_GETRLIMIT<<4, uintptr(resource), uintptr(unsafe.Pointer(rlim))) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func getrusage(who int, rusage *rusage_zos) (err error) { + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_GETRUSAGE<<4, uintptr(who), uintptr(unsafe.Pointer(rusage))) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Getegid() (egid int) { + runtime.EnterSyscall() + r0, _, _ := CallLeFuncWithErr(GetZosLibVec() + SYS_GETEGID<<4) + runtime.ExitSyscall() + egid = int(r0) + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Geteuid() (euid int) { + runtime.EnterSyscall() + r0, _, _ := CallLeFuncWithErr(GetZosLibVec() + SYS_GETEUID<<4) + runtime.ExitSyscall() + euid = int(r0) + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Getsid(pid int) (sid int, err error) { + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_GETSID<<4, uintptr(pid)) + sid = int(r0) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Getuid() (uid int) { + r0, _, _ := CallLeFuncWithErr(GetZosLibVec() + SYS_GETUID<<4) + uid = int(r0) + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Kill(pid int, sig Signal) (err error) { + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_KILL<<4, uintptr(pid), uintptr(sig)) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Lchown(path string, uid int, gid int) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___LCHOWN_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid)) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Link(path string, link string) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + var _p1 *byte + _p1, err = BytePtrFromString(link) + if err != nil { + return + } + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___LINK_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1))) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func impl_Linkat(oldDirFd int, oldPath string, newDirFd int, newPath string, flags int) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(oldPath) + if err != nil { + return + } + var _p1 *byte + _p1, err = BytePtrFromString(newPath) + if err != nil { + return + } + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___LINKAT_A<<4, uintptr(oldDirFd), uintptr(unsafe.Pointer(_p0)), uintptr(newDirFd), uintptr(unsafe.Pointer(_p1)), uintptr(flags)) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +//go:nosplit +func get_LinkatAddr() *(func(oldDirFd int, oldPath string, newDirFd int, newPath string, flags int) (err error)) + +var Linkat = enter_Linkat + +func enter_Linkat(oldDirFd int, oldPath string, newDirFd int, newPath string, flags int) (err error) { + funcref := get_LinkatAddr() + if funcptrtest(GetZosLibVec()+SYS___LINKAT_A<<4, "") == 0 { + *funcref = impl_Linkat + } else { + *funcref = error_Linkat + } + return (*funcref)(oldDirFd, oldPath, newDirFd, newPath, flags) +} + +func error_Linkat(oldDirFd int, oldPath string, newDirFd int, newPath string, flags int) (err error) { + err = ENOSYS + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Listen(s int, n int) (err error) { + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_LISTEN<<4, uintptr(s), uintptr(n)) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func lstat(path string, stat *Stat_LE_t) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___LSTAT_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat))) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Mkdir(path string, mode uint32) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___MKDIR_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(mode)) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func impl_Mkdirat(dirfd int, path string, mode uint32) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___MKDIRAT_A<<4, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode)) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +//go:nosplit +func get_MkdiratAddr() *(func(dirfd int, path string, mode uint32) (err error)) + +var Mkdirat = enter_Mkdirat + +func enter_Mkdirat(dirfd int, path string, mode uint32) (err error) { + funcref := get_MkdiratAddr() + if funcptrtest(GetZosLibVec()+SYS___MKDIRAT_A<<4, "") == 0 { + *funcref = impl_Mkdirat + } else { + *funcref = error_Mkdirat + } + return (*funcref)(dirfd, path, mode) +} + +func error_Mkdirat(dirfd int, path string, mode uint32) (err error) { + err = ENOSYS + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Mkfifo(path string, mode uint32) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___MKFIFO_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(mode)) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Mknod(path string, mode uint32, dev int) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___MKNOD_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev)) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func impl_Mknodat(dirfd int, path string, mode uint32, dev int) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___MKNODAT_A<<4, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev)) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +//go:nosplit +func get_MknodatAddr() *(func(dirfd int, path string, mode uint32, dev int) (err error)) + +var Mknodat = enter_Mknodat + +func enter_Mknodat(dirfd int, path string, mode uint32, dev int) (err error) { + funcref := get_MknodatAddr() + if funcptrtest(GetZosLibVec()+SYS___MKNODAT_A<<4, "") == 0 { + *funcref = impl_Mknodat + } else { + *funcref = error_Mknodat + } + return (*funcref)(dirfd, path, mode, dev) +} + +func error_Mknodat(dirfd int, path string, mode uint32, dev int) (err error) { + err = ENOSYS + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func impl_PivotRoot(newroot string, oldroot string) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(newroot) + if err != nil { + return + } + var _p1 *byte + _p1, err = BytePtrFromString(oldroot) + if err != nil { + return + } + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___PIVOT_ROOT_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1))) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +//go:nosplit +func get_PivotRootAddr() *(func(newroot string, oldroot string) (err error)) + +var PivotRoot = enter_PivotRoot + +func enter_PivotRoot(newroot string, oldroot string) (err error) { + funcref := get_PivotRootAddr() + if funcptrtest(GetZosLibVec()+SYS___PIVOT_ROOT_A<<4, "") == 0 { + *funcref = impl_PivotRoot + } else { + *funcref = error_PivotRoot + } + return (*funcref)(newroot, oldroot) +} + +func error_PivotRoot(newroot string, oldroot string) (err error) { + err = ENOSYS + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Pread(fd int, p []byte, offset int64) (n int, err error) { + var _p0 unsafe.Pointer + if len(p) > 0 { + _p0 = unsafe.Pointer(&p[0]) + } else { + _p0 = unsafe.Pointer(&_zero) + } + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_PREAD<<4, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset)) + runtime.ExitSyscall() + n = int(r0) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } return } // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Getpriority(which int, who int) (prio int, err error) { - r0, _, e1 := syscall_syscall(SYS_GETPRIORITY, uintptr(which), uintptr(who), 0) - prio = int(r0) - if e1 != 0 { - err = errnoErr(e1) +func Pwrite(fd int, p []byte, offset int64) (n int, err error) { + var _p0 unsafe.Pointer + if len(p) > 0 { + _p0 = unsafe.Pointer(&p[0]) + } else { + _p0 = unsafe.Pointer(&_zero) + } + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_PWRITE<<4, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset)) + runtime.ExitSyscall() + n = int(r0) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) } return } // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Getrlimit(resource int, rlim *Rlimit) (err error) { - _, _, e1 := syscall_rawsyscall(SYS_GETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0) - if e1 != 0 { - err = errnoErr(e1) +func impl_Prctl(option int, arg2 uintptr, arg3 uintptr, arg4 uintptr, arg5 uintptr) (err error) { + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___PRCTL_A<<4, uintptr(option), uintptr(arg2), uintptr(arg3), uintptr(arg4), uintptr(arg5)) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) } return } -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +//go:nosplit +func get_PrctlAddr() *(func(option int, arg2 uintptr, arg3 uintptr, arg4 uintptr, arg5 uintptr) (err error)) -func getrusage(who int, rusage *rusage_zos) (err error) { - _, _, e1 := syscall_rawsyscall(SYS_GETRUSAGE, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0) - if e1 != 0 { - err = errnoErr(e1) +var Prctl = enter_Prctl + +func enter_Prctl(option int, arg2 uintptr, arg3 uintptr, arg4 uintptr, arg5 uintptr) (err error) { + funcref := get_PrctlAddr() + if funcptrtest(GetZosLibVec()+SYS___PRCTL_A<<4, "") == 0 { + *funcref = impl_Prctl + } else { + *funcref = error_Prctl } - return + return (*funcref)(option, arg2, arg3, arg4, arg5) } -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func Getsid(pid int) (sid int, err error) { - r0, _, e1 := syscall_rawsyscall(SYS_GETSID, uintptr(pid), 0, 0) - sid = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } +func error_Prctl(option int, arg2 uintptr, arg3 uintptr, arg4 uintptr, arg5 uintptr) (err error) { + err = ENOSYS return } // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Getuid() (uid int) { - r0, _, _ := syscall_rawsyscall(SYS_GETUID, 0, 0, 0) - uid = int(r0) +func impl_Prlimit(pid int, resource int, newlimit *Rlimit, old *Rlimit) (err error) { + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_PRLIMIT<<4, uintptr(pid), uintptr(resource), uintptr(unsafe.Pointer(newlimit)), uintptr(unsafe.Pointer(old))) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } return } -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +//go:nosplit +func get_PrlimitAddr() *(func(pid int, resource int, newlimit *Rlimit, old *Rlimit) (err error)) -func Kill(pid int, sig Signal) (err error) { - _, _, e1 := syscall_rawsyscall(SYS_KILL, uintptr(pid), uintptr(sig), 0) - if e1 != 0 { - err = errnoErr(e1) +var Prlimit = enter_Prlimit + +func enter_Prlimit(pid int, resource int, newlimit *Rlimit, old *Rlimit) (err error) { + funcref := get_PrlimitAddr() + if funcptrtest(GetZosLibVec()+SYS_PRLIMIT<<4, "") == 0 { + *funcref = impl_Prlimit + } else { + *funcref = error_Prlimit } + return (*funcref)(pid, resource, newlimit, old) +} + +func error_Prlimit(pid int, resource int, newlimit *Rlimit, old *Rlimit) (err error) { + err = ENOSYS return } // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Lchown(path string, uid int, gid int) (err error) { +func Rename(from string, to string) (err error) { var _p0 *byte - _p0, err = BytePtrFromString(path) + _p0, err = BytePtrFromString(from) + if err != nil { + return + } + var _p1 *byte + _p1, err = BytePtrFromString(to) if err != nil { return } - _, _, e1 := syscall_syscall(SYS___LCHOWN_A, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid)) - if e1 != 0 { - err = errnoErr(e1) + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___RENAME_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1))) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) } return } // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Link(path string, link string) (err error) { +func impl_Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) { var _p0 *byte - _p0, err = BytePtrFromString(path) + _p0, err = BytePtrFromString(oldpath) if err != nil { return } var _p1 *byte - _p1, err = BytePtrFromString(link) + _p1, err = BytePtrFromString(newpath) if err != nil { return } - _, _, e1 := syscall_syscall(SYS___LINK_A, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0) - if e1 != 0 { - err = errnoErr(e1) + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___RENAMEAT_A<<4, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1))) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) } return } -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +//go:nosplit +func get_RenameatAddr() *(func(olddirfd int, oldpath string, newdirfd int, newpath string) (err error)) -func Listen(s int, n int) (err error) { - _, _, e1 := syscall_syscall(SYS_LISTEN, uintptr(s), uintptr(n), 0) - if e1 != 0 { - err = errnoErr(e1) +var Renameat = enter_Renameat + +func enter_Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) { + funcref := get_RenameatAddr() + if funcptrtest(GetZosLibVec()+SYS___RENAMEAT_A<<4, "") == 0 { + *funcref = impl_Renameat + } else { + *funcref = error_Renameat } + return (*funcref)(olddirfd, oldpath, newdirfd, newpath) +} + +func error_Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) { + err = ENOSYS return } // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func lstat(path string, stat *Stat_LE_t) (err error) { +func impl_Renameat2(olddirfd int, oldpath string, newdirfd int, newpath string, flags uint) (err error) { var _p0 *byte - _p0, err = BytePtrFromString(path) + _p0, err = BytePtrFromString(oldpath) + if err != nil { + return + } + var _p1 *byte + _p1, err = BytePtrFromString(newpath) if err != nil { return } - _, _, e1 := syscall_syscall(SYS___LSTAT_A, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0) - if e1 != 0 { - err = errnoErr(e1) + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___RENAMEAT2_A<<4, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags)) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) } return } -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +//go:nosplit +func get_Renameat2Addr() *(func(olddirfd int, oldpath string, newdirfd int, newpath string, flags uint) (err error)) -func Mkdir(path string, mode uint32) (err error) { - var _p0 *byte - _p0, err = BytePtrFromString(path) - if err != nil { - return - } - _, _, e1 := syscall_syscall(SYS___MKDIR_A, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0) - if e1 != 0 { - err = errnoErr(e1) +var Renameat2 = enter_Renameat2 + +func enter_Renameat2(olddirfd int, oldpath string, newdirfd int, newpath string, flags uint) (err error) { + funcref := get_Renameat2Addr() + if funcptrtest(GetZosLibVec()+SYS___RENAMEAT2_A<<4, "") == 0 { + *funcref = impl_Renameat2 + } else { + *funcref = error_Renameat2 } + return (*funcref)(olddirfd, oldpath, newdirfd, newpath, flags) +} + +func error_Renameat2(olddirfd int, oldpath string, newdirfd int, newpath string, flags uint) (err error) { + err = ENOSYS return } // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Mkfifo(path string, mode uint32) (err error) { +func Rmdir(path string) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) if err != nil { return } - _, _, e1 := syscall_syscall(SYS___MKFIFO_A, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0) - if e1 != 0 { - err = errnoErr(e1) + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___RMDIR_A<<4, uintptr(unsafe.Pointer(_p0))) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) } return } // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Mknod(path string, mode uint32, dev int) (err error) { - var _p0 *byte - _p0, err = BytePtrFromString(path) - if err != nil { - return - } - _, _, e1 := syscall_syscall(SYS___MKNOD_A, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev)) - if e1 != 0 { - err = errnoErr(e1) +func Seek(fd int, offset int64, whence int) (off int64, err error) { + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_LSEEK<<4, uintptr(fd), uintptr(offset), uintptr(whence)) + runtime.ExitSyscall() + off = int64(r0) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) } return } // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Pread(fd int, p []byte, offset int64) (n int, err error) { - var _p0 unsafe.Pointer - if len(p) > 0 { - _p0 = unsafe.Pointer(&p[0]) - } else { - _p0 = unsafe.Pointer(&_zero) +func Setegid(egid int) (err error) { + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SETEGID<<4, uintptr(egid)) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) } - r0, _, e1 := syscall_syscall6(SYS_PREAD, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0) - n = int(r0) - if e1 != 0 { - err = errnoErr(e1) + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Seteuid(euid int) (err error) { + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SETEUID<<4, uintptr(euid)) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) } return } // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Pwrite(fd int, p []byte, offset int64) (n int, err error) { +func impl_Sethostname(p []byte) (err error) { var _p0 unsafe.Pointer if len(p) > 0 { _p0 = unsafe.Pointer(&p[0]) } else { _p0 = unsafe.Pointer(&_zero) } - r0, _, e1 := syscall_syscall6(SYS_PWRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0) - n = int(r0) - if e1 != 0 { - err = errnoErr(e1) + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___SETHOSTNAME_A<<4, uintptr(_p0), uintptr(len(p))) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) } return } -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +//go:nosplit +func get_SethostnameAddr() *(func(p []byte) (err error)) -func Readlink(path string, buf []byte) (n int, err error) { - var _p0 *byte - _p0, err = BytePtrFromString(path) - if err != nil { - return - } - var _p1 unsafe.Pointer - if len(buf) > 0 { - _p1 = unsafe.Pointer(&buf[0]) +var Sethostname = enter_Sethostname + +func enter_Sethostname(p []byte) (err error) { + funcref := get_SethostnameAddr() + if funcptrtest(GetZosLibVec()+SYS___SETHOSTNAME_A<<4, "") == 0 { + *funcref = impl_Sethostname } else { - _p1 = unsafe.Pointer(&_zero) + *funcref = error_Sethostname } - r0, _, e1 := syscall_syscall(SYS___READLINK_A, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf))) - n = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return + return (*funcref)(p) } -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - -func Rename(from string, to string) (err error) { - var _p0 *byte - _p0, err = BytePtrFromString(from) - if err != nil { - return - } - var _p1 *byte - _p1, err = BytePtrFromString(to) - if err != nil { - return - } - _, _, e1 := syscall_syscall(SYS___RENAME_A, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0) - if e1 != 0 { - err = errnoErr(e1) - } +func error_Sethostname(p []byte) (err error) { + err = ENOSYS return } // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Rmdir(path string) (err error) { - var _p0 *byte - _p0, err = BytePtrFromString(path) - if err != nil { - return - } - _, _, e1 := syscall_syscall(SYS___RMDIR_A, uintptr(unsafe.Pointer(_p0)), 0, 0) - if e1 != 0 { - err = errnoErr(e1) +func impl_Setns(fd int, nstype int) (err error) { + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SETNS<<4, uintptr(fd), uintptr(nstype)) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) } return } -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +//go:nosplit +func get_SetnsAddr() *(func(fd int, nstype int) (err error)) -func Seek(fd int, offset int64, whence int) (off int64, err error) { - r0, _, e1 := syscall_syscall(SYS_LSEEK, uintptr(fd), uintptr(offset), uintptr(whence)) - off = int64(r0) - if e1 != 0 { - err = errnoErr(e1) +var Setns = enter_Setns + +func enter_Setns(fd int, nstype int) (err error) { + funcref := get_SetnsAddr() + if funcptrtest(GetZosLibVec()+SYS_SETNS<<4, "") == 0 { + *funcref = impl_Setns + } else { + *funcref = error_Setns } + return (*funcref)(fd, nstype) +} + +func error_Setns(fd int, nstype int) (err error) { + err = ENOSYS return } // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setpriority(which int, who int, prio int) (err error) { - _, _, e1 := syscall_syscall(SYS_SETPRIORITY, uintptr(which), uintptr(who), uintptr(prio)) - if e1 != 0 { - err = errnoErr(e1) + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SETPRIORITY<<4, uintptr(which), uintptr(who), uintptr(prio)) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) } return } @@ -971,9 +2910,9 @@ func Setpriority(which int, who int, prio int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setpgid(pid int, pgid int) (err error) { - _, _, e1 := syscall_rawsyscall(SYS_SETPGID, uintptr(pid), uintptr(pgid), 0) - if e1 != 0 { - err = errnoErr(e1) + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SETPGID<<4, uintptr(pid), uintptr(pgid)) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) } return } @@ -981,9 +2920,9 @@ func Setpgid(pid int, pgid int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setrlimit(resource int, lim *Rlimit) (err error) { - _, _, e1 := syscall_rawsyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(lim)), 0) - if e1 != 0 { - err = errnoErr(e1) + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SETRLIMIT<<4, uintptr(resource), uintptr(unsafe.Pointer(lim))) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) } return } @@ -991,9 +2930,9 @@ func Setrlimit(resource int, lim *Rlimit) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setregid(rgid int, egid int) (err error) { - _, _, e1 := syscall_rawsyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0) - if e1 != 0 { - err = errnoErr(e1) + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SETREGID<<4, uintptr(rgid), uintptr(egid)) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) } return } @@ -1001,9 +2940,9 @@ func Setregid(rgid int, egid int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setreuid(ruid int, euid int) (err error) { - _, _, e1 := syscall_rawsyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0) - if e1 != 0 { - err = errnoErr(e1) + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SETREUID<<4, uintptr(ruid), uintptr(euid)) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) } return } @@ -1011,10 +2950,10 @@ func Setreuid(ruid int, euid int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setsid() (pid int, err error) { - r0, _, e1 := syscall_rawsyscall(SYS_SETSID, 0, 0, 0) + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec() + SYS_SETSID<<4) pid = int(r0) - if e1 != 0 { - err = errnoErr(e1) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) } return } @@ -1022,9 +2961,11 @@ func Setsid() (pid int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setuid(uid int) (err error) { - _, _, e1 := syscall_syscall(SYS_SETUID, uintptr(uid), 0, 0) - if e1 != 0 { - err = errnoErr(e1) + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SETUID<<4, uintptr(uid)) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) } return } @@ -1032,9 +2973,11 @@ func Setuid(uid int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Setgid(uid int) (err error) { - _, _, e1 := syscall_syscall(SYS_SETGID, uintptr(uid), 0, 0) - if e1 != 0 { - err = errnoErr(e1) + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SETGID<<4, uintptr(uid)) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) } return } @@ -1042,9 +2985,11 @@ func Setgid(uid int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Shutdown(fd int, how int) (err error) { - _, _, e1 := syscall_syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0) - if e1 != 0 { - err = errnoErr(e1) + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SHUTDOWN<<4, uintptr(fd), uintptr(how)) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) } return } @@ -1057,9 +3002,11 @@ func stat(path string, statLE *Stat_LE_t) (err error) { if err != nil { return } - _, _, e1 := syscall_syscall(SYS___STAT_A, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(statLE)), 0) - if e1 != 0 { - err = errnoErr(e1) + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___STAT_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(statLE))) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) } return } @@ -1077,17 +3024,63 @@ func Symlink(path string, link string) (err error) { if err != nil { return } - _, _, e1 := syscall_syscall(SYS___SYMLINK_A, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0) - if e1 != 0 { - err = errnoErr(e1) + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___SYMLINK_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1))) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func impl_Symlinkat(oldPath string, dirfd int, newPath string) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(oldPath) + if err != nil { + return + } + var _p1 *byte + _p1, err = BytePtrFromString(newPath) + if err != nil { + return + } + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___SYMLINKAT_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(dirfd), uintptr(unsafe.Pointer(_p1))) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) } return } +//go:nosplit +func get_SymlinkatAddr() *(func(oldPath string, dirfd int, newPath string) (err error)) + +var Symlinkat = enter_Symlinkat + +func enter_Symlinkat(oldPath string, dirfd int, newPath string) (err error) { + funcref := get_SymlinkatAddr() + if funcptrtest(GetZosLibVec()+SYS___SYMLINKAT_A<<4, "") == 0 { + *funcref = impl_Symlinkat + } else { + *funcref = error_Symlinkat + } + return (*funcref)(oldPath, dirfd, newPath) +} + +func error_Symlinkat(oldPath string, dirfd int, newPath string) (err error) { + err = ENOSYS + return +} + // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Sync() { - syscall_syscall(SYS_SYNC, 0, 0, 0) + runtime.EnterSyscall() + CallLeFuncWithErr(GetZosLibVec() + SYS_SYNC<<4) + runtime.ExitSyscall() return } @@ -1099,9 +3092,11 @@ func Truncate(path string, length int64) (err error) { if err != nil { return } - _, _, e1 := syscall_syscall(SYS___TRUNCATE_A, uintptr(unsafe.Pointer(_p0)), uintptr(length), 0) - if e1 != 0 { - err = errnoErr(e1) + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___TRUNCATE_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(length)) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) } return } @@ -1109,9 +3104,11 @@ func Truncate(path string, length int64) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Tcgetattr(fildes int, termptr *Termios) (err error) { - _, _, e1 := syscall_syscall(SYS_TCGETATTR, uintptr(fildes), uintptr(unsafe.Pointer(termptr)), 0) - if e1 != 0 { - err = errnoErr(e1) + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_TCGETATTR<<4, uintptr(fildes), uintptr(unsafe.Pointer(termptr))) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) } return } @@ -1119,9 +3116,11 @@ func Tcgetattr(fildes int, termptr *Termios) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Tcsetattr(fildes int, when int, termptr *Termios) (err error) { - _, _, e1 := syscall_syscall(SYS_TCSETATTR, uintptr(fildes), uintptr(when), uintptr(unsafe.Pointer(termptr))) - if e1 != 0 { - err = errnoErr(e1) + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_TCSETATTR<<4, uintptr(fildes), uintptr(when), uintptr(unsafe.Pointer(termptr))) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) } return } @@ -1129,7 +3128,9 @@ func Tcsetattr(fildes int, when int, termptr *Termios) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Umask(mask int) (oldmask int) { - r0, _, _ := syscall_syscall(SYS_UMASK, uintptr(mask), 0, 0) + runtime.EnterSyscall() + r0, _, _ := CallLeFuncWithErr(GetZosLibVec()+SYS_UMASK<<4, uintptr(mask)) + runtime.ExitSyscall() oldmask = int(r0) return } @@ -1142,10 +3143,49 @@ func Unlink(path string) (err error) { if err != nil { return } - _, _, e1 := syscall_syscall(SYS___UNLINK_A, uintptr(unsafe.Pointer(_p0)), 0, 0) - if e1 != 0 { - err = errnoErr(e1) + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___UNLINK_A<<4, uintptr(unsafe.Pointer(_p0))) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func impl_Unlinkat(dirfd int, path string, flags int) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___UNLINKAT_A<<4, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags)) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +//go:nosplit +func get_UnlinkatAddr() *(func(dirfd int, path string, flags int) (err error)) + +var Unlinkat = enter_Unlinkat + +func enter_Unlinkat(dirfd int, path string, flags int) (err error) { + funcref := get_UnlinkatAddr() + if funcptrtest(GetZosLibVec()+SYS___UNLINKAT_A<<4, "") == 0 { + *funcref = impl_Unlinkat + } else { + *funcref = error_Unlinkat } + return (*funcref)(dirfd, path, flags) +} + +func error_Unlinkat(dirfd int, path string, flags int) (err error) { + err = ENOSYS return } @@ -1157,9 +3197,11 @@ func Utime(path string, utim *Utimbuf) (err error) { if err != nil { return } - _, _, e1 := syscall_syscall(SYS___UTIME_A, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(utim)), 0) - if e1 != 0 { - err = errnoErr(e1) + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___UTIME_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(utim))) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) } return } @@ -1172,11 +3214,91 @@ func open(path string, mode int, perm uint32) (fd int, err error) { if err != nil { return } - r0, _, e1 := syscall_syscall(SYS___OPEN_A, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm)) + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___OPEN_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm)) + runtime.ExitSyscall() + fd = int(r0) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func impl_openat(dirfd int, path string, flags int, mode uint32) (fd int, err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___OPENAT_A<<4, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags), uintptr(mode)) + runtime.ExitSyscall() + fd = int(r0) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +//go:nosplit +func get_openatAddr() *(func(dirfd int, path string, flags int, mode uint32) (fd int, err error)) + +var openat = enter_openat + +func enter_openat(dirfd int, path string, flags int, mode uint32) (fd int, err error) { + funcref := get_openatAddr() + if funcptrtest(GetZosLibVec()+SYS___OPENAT_A<<4, "") == 0 { + *funcref = impl_openat + } else { + *funcref = error_openat + } + return (*funcref)(dirfd, path, flags, mode) +} + +func error_openat(dirfd int, path string, flags int, mode uint32) (fd int, err error) { + fd = -1 + err = ENOSYS + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func impl_openat2(dirfd int, path string, open_how *OpenHow, size int) (fd int, err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___OPENAT2_A<<4, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(open_how)), uintptr(size)) + runtime.ExitSyscall() fd = int(r0) - if e1 != 0 { - err = errnoErr(e1) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +//go:nosplit +func get_openat2Addr() *(func(dirfd int, path string, open_how *OpenHow, size int) (fd int, err error)) + +var openat2 = enter_openat2 + +func enter_openat2(dirfd int, path string, open_how *OpenHow, size int) (fd int, err error) { + funcref := get_openat2Addr() + if funcptrtest(GetZosLibVec()+SYS___OPENAT2_A<<4, "") == 0 { + *funcref = impl_openat2 + } else { + *funcref = error_openat2 } + return (*funcref)(dirfd, path, open_how, size) +} + +func error_openat2(dirfd int, path string, open_how *OpenHow, size int) (fd int, err error) { + fd = -1 + err = ENOSYS return } @@ -1188,9 +3310,23 @@ func remove(path string) (err error) { if err != nil { return } - _, _, e1 := syscall_syscall(SYS_REMOVE, uintptr(unsafe.Pointer(_p0)), 0, 0) - if e1 != 0 { - err = errnoErr(e1) + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_REMOVE<<4, uintptr(unsafe.Pointer(_p0))) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func waitid(idType int, id int, info *Siginfo, options int) (err error) { + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_WAITID<<4, uintptr(idType), uintptr(id), uintptr(unsafe.Pointer(info)), uintptr(options)) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) } return } @@ -1198,10 +3334,12 @@ func remove(path string) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func waitpid(pid int, wstatus *_C_int, options int) (wpid int, err error) { - r0, _, e1 := syscall_syscall(SYS_WAITPID, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options)) + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_WAITPID<<4, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options)) + runtime.ExitSyscall() wpid = int(r0) - if e1 != 0 { - err = errnoErr(e1) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) } return } @@ -1209,9 +3347,9 @@ func waitpid(pid int, wstatus *_C_int, options int) (wpid int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func gettimeofday(tv *timeval_zos) (err error) { - _, _, e1 := syscall_rawsyscall(SYS_GETTIMEOFDAY, uintptr(unsafe.Pointer(tv)), 0, 0) - if e1 != 0 { - err = errnoErr(e1) + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_GETTIMEOFDAY<<4, uintptr(unsafe.Pointer(tv))) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) } return } @@ -1219,9 +3357,9 @@ func gettimeofday(tv *timeval_zos) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func pipe(p *[2]_C_int) (err error) { - _, _, e1 := syscall_rawsyscall(SYS_PIPE, uintptr(unsafe.Pointer(p)), 0, 0) - if e1 != 0 { - err = errnoErr(e1) + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_PIPE<<4, uintptr(unsafe.Pointer(p))) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) } return } @@ -1234,20 +3372,87 @@ func utimes(path string, timeval *[2]Timeval) (err error) { if err != nil { return } - _, _, e1 := syscall_syscall(SYS___UTIMES_A, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(timeval)), 0) - if e1 != 0 { - err = errnoErr(e1) + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___UTIMES_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(timeval))) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) } return } // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func Select(nmsgsfds int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (ret int, err error) { - r0, _, e1 := syscall_syscall6(SYS_SELECT, uintptr(nmsgsfds), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0) - ret = int(r0) - if e1 != 0 { - err = errnoErr(e1) +func impl_utimensat(dirfd int, path string, ts *[2]Timespec, flags int) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___UTIMENSAT_A<<4, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(ts)), uintptr(flags)) + runtime.ExitSyscall() + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +//go:nosplit +func get_utimensatAddr() *(func(dirfd int, path string, ts *[2]Timespec, flags int) (err error)) + +var utimensat = enter_utimensat + +func enter_utimensat(dirfd int, path string, ts *[2]Timespec, flags int) (err error) { + funcref := get_utimensatAddr() + if funcptrtest(GetZosLibVec()+SYS___UTIMENSAT_A<<4, "") == 0 { + *funcref = impl_utimensat + } else { + *funcref = error_utimensat + } + return (*funcref)(dirfd, path, ts, flags) +} + +func error_utimensat(dirfd int, path string, ts *[2]Timespec, flags int) (err error) { + err = ENOSYS + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Posix_openpt(oflag int) (fd int, err error) { + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_POSIX_OPENPT<<4, uintptr(oflag)) + runtime.ExitSyscall() + fd = int(r0) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Grantpt(fildes int) (rc int, err error) { + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_GRANTPT<<4, uintptr(fildes)) + runtime.ExitSyscall() + rc = int(r0) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Unlockpt(fildes int) (rc int, err error) { + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_UNLOCKPT<<4, uintptr(fildes)) + runtime.ExitSyscall() + rc = int(r0) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) } return } diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go index 0cc3ce496e2..53aef5dc58d 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go @@ -452,4 +452,9 @@ const ( SYS_FUTEX_WAKE = 454 SYS_FUTEX_WAIT = 455 SYS_FUTEX_REQUEUE = 456 + SYS_STATMOUNT = 457 + SYS_LISTMOUNT = 458 + SYS_LSM_GET_SELF_ATTR = 459 + SYS_LSM_SET_SELF_ATTR = 460 + SYS_LSM_LIST_MODULES = 461 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go index 856d92d69ef..71d524763d3 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go @@ -374,4 +374,9 @@ const ( SYS_FUTEX_WAKE = 454 SYS_FUTEX_WAIT = 455 SYS_FUTEX_REQUEUE = 456 + SYS_STATMOUNT = 457 + SYS_LISTMOUNT = 458 + SYS_LSM_GET_SELF_ATTR = 459 + SYS_LSM_SET_SELF_ATTR = 460 + SYS_LSM_LIST_MODULES = 461 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go index 8d467094cf5..c747706131c 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go @@ -416,4 +416,9 @@ const ( SYS_FUTEX_WAKE = 454 SYS_FUTEX_WAIT = 455 SYS_FUTEX_REQUEUE = 456 + SYS_STATMOUNT = 457 + SYS_LISTMOUNT = 458 + SYS_LSM_GET_SELF_ATTR = 459 + SYS_LSM_SET_SELF_ATTR = 460 + SYS_LSM_LIST_MODULES = 461 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go index edc173244d0..f96e214f6d4 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go @@ -319,4 +319,9 @@ const ( SYS_FUTEX_WAKE = 454 SYS_FUTEX_WAIT = 455 SYS_FUTEX_REQUEUE = 456 + SYS_STATMOUNT = 457 + SYS_LISTMOUNT = 458 + SYS_LSM_GET_SELF_ATTR = 459 + SYS_LSM_SET_SELF_ATTR = 460 + SYS_LSM_LIST_MODULES = 461 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go index 445eba20615..28425346cf1 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go @@ -313,4 +313,9 @@ const ( SYS_FUTEX_WAKE = 454 SYS_FUTEX_WAIT = 455 SYS_FUTEX_REQUEUE = 456 + SYS_STATMOUNT = 457 + SYS_LISTMOUNT = 458 + SYS_LSM_GET_SELF_ATTR = 459 + SYS_LSM_SET_SELF_ATTR = 460 + SYS_LSM_LIST_MODULES = 461 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go index adba01bca70..d0953018dae 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go @@ -436,4 +436,9 @@ const ( SYS_FUTEX_WAKE = 4454 SYS_FUTEX_WAIT = 4455 SYS_FUTEX_REQUEUE = 4456 + SYS_STATMOUNT = 4457 + SYS_LISTMOUNT = 4458 + SYS_LSM_GET_SELF_ATTR = 4459 + SYS_LSM_SET_SELF_ATTR = 4460 + SYS_LSM_LIST_MODULES = 4461 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go index 014c4e9c7a7..295c7f4b818 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go @@ -366,4 +366,9 @@ const ( SYS_FUTEX_WAKE = 5454 SYS_FUTEX_WAIT = 5455 SYS_FUTEX_REQUEUE = 5456 + SYS_STATMOUNT = 5457 + SYS_LISTMOUNT = 5458 + SYS_LSM_GET_SELF_ATTR = 5459 + SYS_LSM_SET_SELF_ATTR = 5460 + SYS_LSM_LIST_MODULES = 5461 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go index ccc97d74d05..d1a9eaca7a4 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go @@ -366,4 +366,9 @@ const ( SYS_FUTEX_WAKE = 5454 SYS_FUTEX_WAIT = 5455 SYS_FUTEX_REQUEUE = 5456 + SYS_STATMOUNT = 5457 + SYS_LISTMOUNT = 5458 + SYS_LSM_GET_SELF_ATTR = 5459 + SYS_LSM_SET_SELF_ATTR = 5460 + SYS_LSM_LIST_MODULES = 5461 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go index ec2b64a95d7..bec157c39fd 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go @@ -436,4 +436,9 @@ const ( SYS_FUTEX_WAKE = 4454 SYS_FUTEX_WAIT = 4455 SYS_FUTEX_REQUEUE = 4456 + SYS_STATMOUNT = 4457 + SYS_LISTMOUNT = 4458 + SYS_LSM_GET_SELF_ATTR = 4459 + SYS_LSM_SET_SELF_ATTR = 4460 + SYS_LSM_LIST_MODULES = 4461 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go index 21a839e338b..7ee7bdc435c 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go @@ -443,4 +443,9 @@ const ( SYS_FUTEX_WAKE = 454 SYS_FUTEX_WAIT = 455 SYS_FUTEX_REQUEUE = 456 + SYS_STATMOUNT = 457 + SYS_LISTMOUNT = 458 + SYS_LSM_GET_SELF_ATTR = 459 + SYS_LSM_SET_SELF_ATTR = 460 + SYS_LSM_LIST_MODULES = 461 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go index c11121ec3b4..fad1f25b449 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go @@ -415,4 +415,9 @@ const ( SYS_FUTEX_WAKE = 454 SYS_FUTEX_WAIT = 455 SYS_FUTEX_REQUEUE = 456 + SYS_STATMOUNT = 457 + SYS_LISTMOUNT = 458 + SYS_LSM_GET_SELF_ATTR = 459 + SYS_LSM_SET_SELF_ATTR = 460 + SYS_LSM_LIST_MODULES = 461 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go index 909b631fcb4..7d3e16357d6 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go @@ -415,4 +415,9 @@ const ( SYS_FUTEX_WAKE = 454 SYS_FUTEX_WAIT = 455 SYS_FUTEX_REQUEUE = 456 + SYS_STATMOUNT = 457 + SYS_LISTMOUNT = 458 + SYS_LSM_GET_SELF_ATTR = 459 + SYS_LSM_SET_SELF_ATTR = 460 + SYS_LSM_LIST_MODULES = 461 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go index e49bed16ea6..0ed53ad9f7e 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go @@ -320,4 +320,9 @@ const ( SYS_FUTEX_WAKE = 454 SYS_FUTEX_WAIT = 455 SYS_FUTEX_REQUEUE = 456 + SYS_STATMOUNT = 457 + SYS_LISTMOUNT = 458 + SYS_LSM_GET_SELF_ATTR = 459 + SYS_LSM_SET_SELF_ATTR = 460 + SYS_LSM_LIST_MODULES = 461 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go index 66017d2d32b..2fba04ad500 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go @@ -381,4 +381,9 @@ const ( SYS_FUTEX_WAKE = 454 SYS_FUTEX_WAIT = 455 SYS_FUTEX_REQUEUE = 456 + SYS_STATMOUNT = 457 + SYS_LISTMOUNT = 458 + SYS_LSM_GET_SELF_ATTR = 459 + SYS_LSM_SET_SELF_ATTR = 460 + SYS_LSM_LIST_MODULES = 461 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go index 47bab18dced..621d00d741b 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go @@ -394,4 +394,9 @@ const ( SYS_FUTEX_WAKE = 454 SYS_FUTEX_WAIT = 455 SYS_FUTEX_REQUEUE = 456 + SYS_STATMOUNT = 457 + SYS_LISTMOUNT = 458 + SYS_LSM_GET_SELF_ATTR = 459 + SYS_LSM_SET_SELF_ATTR = 460 + SYS_LSM_LIST_MODULES = 461 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_zos_s390x.go b/vendor/golang.org/x/sys/unix/zsysnum_zos_s390x.go index b2e30858199..5e8c263ca9c 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_zos_s390x.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_zos_s390x.go @@ -1,2669 +1,2852 @@ -// Copyright 2020 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. +// go run mksyscall_zos_s390x.go -o_sysnum zsysnum_zos_s390x.go -o_syscall zsyscall_zos_s390x.go -i_syscall syscall_zos_s390x.go -o_asm zsymaddr_zos_s390x.s +// Code generated by the command above; see README.md. DO NOT EDIT. //go:build zos && s390x package unix -// TODO: auto-generate. - const ( - SYS_ACOSD128 = 0xB80 - SYS_ACOSD32 = 0xB7E - SYS_ACOSD64 = 0xB7F - SYS_ACOSHD128 = 0xB83 - SYS_ACOSHD32 = 0xB81 - SYS_ACOSHD64 = 0xB82 - SYS_AIO_FSYNC = 0xC69 - SYS_ASCTIME = 0x0AE - SYS_ASCTIME64 = 0xCD7 - SYS_ASCTIME64_R = 0xCD8 - SYS_ASIND128 = 0xB86 - SYS_ASIND32 = 0xB84 - SYS_ASIND64 = 0xB85 - SYS_ASINHD128 = 0xB89 - SYS_ASINHD32 = 0xB87 - SYS_ASINHD64 = 0xB88 - SYS_ATAN2D128 = 0xB8F - SYS_ATAN2D32 = 0xB8D - SYS_ATAN2D64 = 0xB8E - SYS_ATAND128 = 0xB8C - SYS_ATAND32 = 0xB8A - SYS_ATAND64 = 0xB8B - SYS_ATANHD128 = 0xB92 - SYS_ATANHD32 = 0xB90 - SYS_ATANHD64 = 0xB91 - SYS_BIND2ADDRSEL = 0xD59 - SYS_C16RTOMB = 0xD40 - SYS_C32RTOMB = 0xD41 - SYS_CBRTD128 = 0xB95 - SYS_CBRTD32 = 0xB93 - SYS_CBRTD64 = 0xB94 - SYS_CEILD128 = 0xB98 - SYS_CEILD32 = 0xB96 - SYS_CEILD64 = 0xB97 - SYS_CLEARENV = 0x0C9 - SYS_CLEARERR_UNLOCKED = 0xCA1 - SYS_CLOCK = 0x0AA - SYS_CLOGL = 0xA00 - SYS_CLRMEMF = 0x0BD - SYS_CONJ = 0xA03 - SYS_CONJF = 0xA06 - SYS_CONJL = 0xA09 - SYS_COPYSIGND128 = 0xB9E - SYS_COPYSIGND32 = 0xB9C - SYS_COPYSIGND64 = 0xB9D - SYS_COSD128 = 0xBA1 - SYS_COSD32 = 0xB9F - SYS_COSD64 = 0xBA0 - SYS_COSHD128 = 0xBA4 - SYS_COSHD32 = 0xBA2 - SYS_COSHD64 = 0xBA3 - SYS_CPOW = 0xA0C - SYS_CPOWF = 0xA0F - SYS_CPOWL = 0xA12 - SYS_CPROJ = 0xA15 - SYS_CPROJF = 0xA18 - SYS_CPROJL = 0xA1B - SYS_CREAL = 0xA1E - SYS_CREALF = 0xA21 - SYS_CREALL = 0xA24 - SYS_CSIN = 0xA27 - SYS_CSINF = 0xA2A - SYS_CSINH = 0xA30 - SYS_CSINHF = 0xA33 - SYS_CSINHL = 0xA36 - SYS_CSINL = 0xA2D - SYS_CSNAP = 0x0C5 - SYS_CSQRT = 0xA39 - SYS_CSQRTF = 0xA3C - SYS_CSQRTL = 0xA3F - SYS_CTAN = 0xA42 - SYS_CTANF = 0xA45 - SYS_CTANH = 0xA4B - SYS_CTANHF = 0xA4E - SYS_CTANHL = 0xA51 - SYS_CTANL = 0xA48 - SYS_CTIME = 0x0AB - SYS_CTIME64 = 0xCD9 - SYS_CTIME64_R = 0xCDA - SYS_CTRACE = 0x0C6 - SYS_DIFFTIME = 0x0A7 - SYS_DIFFTIME64 = 0xCDB - SYS_DLADDR = 0xC82 - SYS_DYNALLOC = 0x0C3 - SYS_DYNFREE = 0x0C2 - SYS_ERFCD128 = 0xBAA - SYS_ERFCD32 = 0xBA8 - SYS_ERFCD64 = 0xBA9 - SYS_ERFD128 = 0xBA7 - SYS_ERFD32 = 0xBA5 - SYS_ERFD64 = 0xBA6 - SYS_EXP2D128 = 0xBB0 - SYS_EXP2D32 = 0xBAE - SYS_EXP2D64 = 0xBAF - SYS_EXPD128 = 0xBAD - SYS_EXPD32 = 0xBAB - SYS_EXPD64 = 0xBAC - SYS_EXPM1D128 = 0xBB3 - SYS_EXPM1D32 = 0xBB1 - SYS_EXPM1D64 = 0xBB2 - SYS_FABSD128 = 0xBB6 - SYS_FABSD32 = 0xBB4 - SYS_FABSD64 = 0xBB5 - SYS_FDELREC_UNLOCKED = 0xCA2 - SYS_FDIMD128 = 0xBB9 - SYS_FDIMD32 = 0xBB7 - SYS_FDIMD64 = 0xBB8 - SYS_FDOPEN_UNLOCKED = 0xCFC - SYS_FECLEAREXCEPT = 0xAEA - SYS_FEGETENV = 0xAEB - SYS_FEGETEXCEPTFLAG = 0xAEC - SYS_FEGETROUND = 0xAED - SYS_FEHOLDEXCEPT = 0xAEE - SYS_FEOF_UNLOCKED = 0xCA3 - SYS_FERAISEEXCEPT = 0xAEF - SYS_FERROR_UNLOCKED = 0xCA4 - SYS_FESETENV = 0xAF0 - SYS_FESETEXCEPTFLAG = 0xAF1 - SYS_FESETROUND = 0xAF2 - SYS_FETCHEP = 0x0BF - SYS_FETESTEXCEPT = 0xAF3 - SYS_FEUPDATEENV = 0xAF4 - SYS_FE_DEC_GETROUND = 0xBBA - SYS_FE_DEC_SETROUND = 0xBBB - SYS_FFLUSH_UNLOCKED = 0xCA5 - SYS_FGETC_UNLOCKED = 0xC80 - SYS_FGETPOS64 = 0xCEE - SYS_FGETPOS64_UNLOCKED = 0xCF4 - SYS_FGETPOS_UNLOCKED = 0xCA6 - SYS_FGETS_UNLOCKED = 0xC7C - SYS_FGETWC_UNLOCKED = 0xCA7 - SYS_FGETWS_UNLOCKED = 0xCA8 - SYS_FILENO_UNLOCKED = 0xCA9 - SYS_FLDATA = 0x0C1 - SYS_FLDATA_UNLOCKED = 0xCAA - SYS_FLOCATE_UNLOCKED = 0xCAB - SYS_FLOORD128 = 0xBBE - SYS_FLOORD32 = 0xBBC - SYS_FLOORD64 = 0xBBD - SYS_FMA = 0xA63 - SYS_FMAD128 = 0xBC1 - SYS_FMAD32 = 0xBBF - SYS_FMAD64 = 0xBC0 - SYS_FMAF = 0xA66 - SYS_FMAL = 0xA69 - SYS_FMAX = 0xA6C - SYS_FMAXD128 = 0xBC4 - SYS_FMAXD32 = 0xBC2 - SYS_FMAXD64 = 0xBC3 - SYS_FMAXF = 0xA6F - SYS_FMAXL = 0xA72 - SYS_FMIN = 0xA75 - SYS_FMIND128 = 0xBC7 - SYS_FMIND32 = 0xBC5 - SYS_FMIND64 = 0xBC6 - SYS_FMINF = 0xA78 - SYS_FMINL = 0xA7B - SYS_FMODD128 = 0xBCA - SYS_FMODD32 = 0xBC8 - SYS_FMODD64 = 0xBC9 - SYS_FOPEN64 = 0xD49 - SYS_FOPEN64_UNLOCKED = 0xD4A - SYS_FOPEN_UNLOCKED = 0xCFA - SYS_FPRINTF_UNLOCKED = 0xCAC - SYS_FPUTC_UNLOCKED = 0xC81 - SYS_FPUTS_UNLOCKED = 0xC7E - SYS_FPUTWC_UNLOCKED = 0xCAD - SYS_FPUTWS_UNLOCKED = 0xCAE - SYS_FREAD_NOUPDATE = 0xCEC - SYS_FREAD_NOUPDATE_UNLOCKED = 0xCED - SYS_FREAD_UNLOCKED = 0xC7B - SYS_FREEIFADDRS = 0xCE6 - SYS_FREOPEN64 = 0xD4B - SYS_FREOPEN64_UNLOCKED = 0xD4C - SYS_FREOPEN_UNLOCKED = 0xCFB - SYS_FREXPD128 = 0xBCE - SYS_FREXPD32 = 0xBCC - SYS_FREXPD64 = 0xBCD - SYS_FSCANF_UNLOCKED = 0xCAF - SYS_FSEEK64 = 0xCEF - SYS_FSEEK64_UNLOCKED = 0xCF5 - SYS_FSEEKO64 = 0xCF0 - SYS_FSEEKO64_UNLOCKED = 0xCF6 - SYS_FSEEKO_UNLOCKED = 0xCB1 - SYS_FSEEK_UNLOCKED = 0xCB0 - SYS_FSETPOS64 = 0xCF1 - SYS_FSETPOS64_UNLOCKED = 0xCF7 - SYS_FSETPOS_UNLOCKED = 0xCB3 - SYS_FTELL64 = 0xCF2 - SYS_FTELL64_UNLOCKED = 0xCF8 - SYS_FTELLO64 = 0xCF3 - SYS_FTELLO64_UNLOCKED = 0xCF9 - SYS_FTELLO_UNLOCKED = 0xCB5 - SYS_FTELL_UNLOCKED = 0xCB4 - SYS_FUPDATE = 0x0B5 - SYS_FUPDATE_UNLOCKED = 0xCB7 - SYS_FWIDE_UNLOCKED = 0xCB8 - SYS_FWPRINTF_UNLOCKED = 0xCB9 - SYS_FWRITE_UNLOCKED = 0xC7A - SYS_FWSCANF_UNLOCKED = 0xCBA - SYS_GETDATE64 = 0xD4F - SYS_GETIFADDRS = 0xCE7 - SYS_GETIPV4SOURCEFILTER = 0xC77 - SYS_GETSOURCEFILTER = 0xC79 - SYS_GETSYNTX = 0x0FD - SYS_GETS_UNLOCKED = 0xC7D - SYS_GETTIMEOFDAY64 = 0xD50 - SYS_GETWCHAR_UNLOCKED = 0xCBC - SYS_GETWC_UNLOCKED = 0xCBB - SYS_GMTIME = 0x0B0 - SYS_GMTIME64 = 0xCDC - SYS_GMTIME64_R = 0xCDD - SYS_HYPOTD128 = 0xBD1 - SYS_HYPOTD32 = 0xBCF - SYS_HYPOTD64 = 0xBD0 - SYS_ILOGBD128 = 0xBD4 - SYS_ILOGBD32 = 0xBD2 - SYS_ILOGBD64 = 0xBD3 - SYS_ILOGBF = 0xA7E - SYS_ILOGBL = 0xA81 - SYS_INET6_IS_SRCADDR = 0xD5A - SYS_ISBLANK = 0x0FE - SYS_ISWALNUM = 0x0FF - SYS_LDEXPD128 = 0xBD7 - SYS_LDEXPD32 = 0xBD5 - SYS_LDEXPD64 = 0xBD6 - SYS_LGAMMAD128 = 0xBDA - SYS_LGAMMAD32 = 0xBD8 - SYS_LGAMMAD64 = 0xBD9 - SYS_LIO_LISTIO = 0xC6A - SYS_LLRINT = 0xA84 - SYS_LLRINTD128 = 0xBDD - SYS_LLRINTD32 = 0xBDB - SYS_LLRINTD64 = 0xBDC - SYS_LLRINTF = 0xA87 - SYS_LLRINTL = 0xA8A - SYS_LLROUND = 0xA8D - SYS_LLROUNDD128 = 0xBE0 - SYS_LLROUNDD32 = 0xBDE - SYS_LLROUNDD64 = 0xBDF - SYS_LLROUNDF = 0xA90 - SYS_LLROUNDL = 0xA93 - SYS_LOCALTIM = 0x0B1 - SYS_LOCALTIME = 0x0B1 - SYS_LOCALTIME64 = 0xCDE - SYS_LOCALTIME64_R = 0xCDF - SYS_LOG10D128 = 0xBE6 - SYS_LOG10D32 = 0xBE4 - SYS_LOG10D64 = 0xBE5 - SYS_LOG1PD128 = 0xBE9 - SYS_LOG1PD32 = 0xBE7 - SYS_LOG1PD64 = 0xBE8 - SYS_LOG2D128 = 0xBEC - SYS_LOG2D32 = 0xBEA - SYS_LOG2D64 = 0xBEB - SYS_LOGBD128 = 0xBEF - SYS_LOGBD32 = 0xBED - SYS_LOGBD64 = 0xBEE - SYS_LOGBF = 0xA96 - SYS_LOGBL = 0xA99 - SYS_LOGD128 = 0xBE3 - SYS_LOGD32 = 0xBE1 - SYS_LOGD64 = 0xBE2 - SYS_LRINT = 0xA9C - SYS_LRINTD128 = 0xBF2 - SYS_LRINTD32 = 0xBF0 - SYS_LRINTD64 = 0xBF1 - SYS_LRINTF = 0xA9F - SYS_LRINTL = 0xAA2 - SYS_LROUNDD128 = 0xBF5 - SYS_LROUNDD32 = 0xBF3 - SYS_LROUNDD64 = 0xBF4 - SYS_LROUNDL = 0xAA5 - SYS_MBLEN = 0x0AF - SYS_MBRTOC16 = 0xD42 - SYS_MBRTOC32 = 0xD43 - SYS_MEMSET = 0x0A3 - SYS_MKTIME = 0x0AC - SYS_MKTIME64 = 0xCE0 - SYS_MODFD128 = 0xBF8 - SYS_MODFD32 = 0xBF6 - SYS_MODFD64 = 0xBF7 - SYS_NAN = 0xAA8 - SYS_NAND128 = 0xBFB - SYS_NAND32 = 0xBF9 - SYS_NAND64 = 0xBFA - SYS_NANF = 0xAAA - SYS_NANL = 0xAAC - SYS_NEARBYINT = 0xAAE - SYS_NEARBYINTD128 = 0xBFE - SYS_NEARBYINTD32 = 0xBFC - SYS_NEARBYINTD64 = 0xBFD - SYS_NEARBYINTF = 0xAB1 - SYS_NEARBYINTL = 0xAB4 - SYS_NEXTAFTERD128 = 0xC01 - SYS_NEXTAFTERD32 = 0xBFF - SYS_NEXTAFTERD64 = 0xC00 - SYS_NEXTAFTERF = 0xAB7 - SYS_NEXTAFTERL = 0xABA - SYS_NEXTTOWARD = 0xABD - SYS_NEXTTOWARDD128 = 0xC04 - SYS_NEXTTOWARDD32 = 0xC02 - SYS_NEXTTOWARDD64 = 0xC03 - SYS_NEXTTOWARDF = 0xAC0 - SYS_NEXTTOWARDL = 0xAC3 - SYS_NL_LANGINFO = 0x0FC - SYS_PERROR_UNLOCKED = 0xCBD - SYS_POSIX_FALLOCATE = 0xCE8 - SYS_POSIX_MEMALIGN = 0xCE9 - SYS_POSIX_OPENPT = 0xC66 - SYS_POWD128 = 0xC07 - SYS_POWD32 = 0xC05 - SYS_POWD64 = 0xC06 - SYS_PRINTF_UNLOCKED = 0xCBE - SYS_PSELECT = 0xC67 - SYS_PTHREAD_ATTR_GETSTACK = 0xB3E - SYS_PTHREAD_ATTR_SETSTACK = 0xB3F - SYS_PTHREAD_SECURITY_APPLID_NP = 0xCE4 - SYS_PUTS_UNLOCKED = 0xC7F - SYS_PUTWCHAR_UNLOCKED = 0xCC0 - SYS_PUTWC_UNLOCKED = 0xCBF - SYS_QUANTEXPD128 = 0xD46 - SYS_QUANTEXPD32 = 0xD44 - SYS_QUANTEXPD64 = 0xD45 - SYS_QUANTIZED128 = 0xC0A - SYS_QUANTIZED32 = 0xC08 - SYS_QUANTIZED64 = 0xC09 - SYS_REMAINDERD128 = 0xC0D - SYS_REMAINDERD32 = 0xC0B - SYS_REMAINDERD64 = 0xC0C - SYS_RESIZE_ALLOC = 0xCEB - SYS_REWIND_UNLOCKED = 0xCC1 - SYS_RINTD128 = 0xC13 - SYS_RINTD32 = 0xC11 - SYS_RINTD64 = 0xC12 - SYS_RINTF = 0xACB - SYS_RINTL = 0xACD - SYS_ROUND = 0xACF - SYS_ROUNDD128 = 0xC16 - SYS_ROUNDD32 = 0xC14 - SYS_ROUNDD64 = 0xC15 - SYS_ROUNDF = 0xAD2 - SYS_ROUNDL = 0xAD5 - SYS_SAMEQUANTUMD128 = 0xC19 - SYS_SAMEQUANTUMD32 = 0xC17 - SYS_SAMEQUANTUMD64 = 0xC18 - SYS_SCALBLN = 0xAD8 - SYS_SCALBLND128 = 0xC1C - SYS_SCALBLND32 = 0xC1A - SYS_SCALBLND64 = 0xC1B - SYS_SCALBLNF = 0xADB - SYS_SCALBLNL = 0xADE - SYS_SCALBND128 = 0xC1F - SYS_SCALBND32 = 0xC1D - SYS_SCALBND64 = 0xC1E - SYS_SCALBNF = 0xAE3 - SYS_SCALBNL = 0xAE6 - SYS_SCANF_UNLOCKED = 0xCC2 - SYS_SCHED_YIELD = 0xB32 - SYS_SETENV = 0x0C8 - SYS_SETIPV4SOURCEFILTER = 0xC76 - SYS_SETSOURCEFILTER = 0xC78 - SYS_SHM_OPEN = 0xC8C - SYS_SHM_UNLINK = 0xC8D - SYS_SIND128 = 0xC22 - SYS_SIND32 = 0xC20 - SYS_SIND64 = 0xC21 - SYS_SINHD128 = 0xC25 - SYS_SINHD32 = 0xC23 - SYS_SINHD64 = 0xC24 - SYS_SIZEOF_ALLOC = 0xCEA - SYS_SOCKATMARK = 0xC68 - SYS_SQRTD128 = 0xC28 - SYS_SQRTD32 = 0xC26 - SYS_SQRTD64 = 0xC27 - SYS_STRCHR = 0x0A0 - SYS_STRCSPN = 0x0A1 - SYS_STRERROR = 0x0A8 - SYS_STRERROR_R = 0xB33 - SYS_STRFTIME = 0x0B2 - SYS_STRLEN = 0x0A9 - SYS_STRPBRK = 0x0A2 - SYS_STRSPN = 0x0A4 - SYS_STRSTR = 0x0A5 - SYS_STRTOD128 = 0xC2B - SYS_STRTOD32 = 0xC29 - SYS_STRTOD64 = 0xC2A - SYS_STRTOK = 0x0A6 - SYS_TAND128 = 0xC2E - SYS_TAND32 = 0xC2C - SYS_TAND64 = 0xC2D - SYS_TANHD128 = 0xC31 - SYS_TANHD32 = 0xC2F - SYS_TANHD64 = 0xC30 - SYS_TGAMMAD128 = 0xC34 - SYS_TGAMMAD32 = 0xC32 - SYS_TGAMMAD64 = 0xC33 - SYS_TIME = 0x0AD - SYS_TIME64 = 0xCE1 - SYS_TMPFILE64 = 0xD4D - SYS_TMPFILE64_UNLOCKED = 0xD4E - SYS_TMPFILE_UNLOCKED = 0xCFD - SYS_TRUNCD128 = 0xC40 - SYS_TRUNCD32 = 0xC3E - SYS_TRUNCD64 = 0xC3F - SYS_UNGETC_UNLOCKED = 0xCC3 - SYS_UNGETWC_UNLOCKED = 0xCC4 - SYS_UNSETENV = 0xB34 - SYS_VFPRINTF_UNLOCKED = 0xCC5 - SYS_VFSCANF_UNLOCKED = 0xCC7 - SYS_VFWPRINTF_UNLOCKED = 0xCC9 - SYS_VFWSCANF_UNLOCKED = 0xCCB - SYS_VPRINTF_UNLOCKED = 0xCCD - SYS_VSCANF_UNLOCKED = 0xCCF - SYS_VWPRINTF_UNLOCKED = 0xCD1 - SYS_VWSCANF_UNLOCKED = 0xCD3 - SYS_WCSTOD128 = 0xC43 - SYS_WCSTOD32 = 0xC41 - SYS_WCSTOD64 = 0xC42 - SYS_WPRINTF_UNLOCKED = 0xCD5 - SYS_WSCANF_UNLOCKED = 0xCD6 - SYS__FLUSHLBF = 0xD68 - SYS__FLUSHLBF_UNLOCKED = 0xD6F - SYS___ACOSHF_H = 0xA54 - SYS___ACOSHL_H = 0xA55 - SYS___ASINHF_H = 0xA56 - SYS___ASINHL_H = 0xA57 - SYS___ATANPID128 = 0xC6D - SYS___ATANPID32 = 0xC6B - SYS___ATANPID64 = 0xC6C - SYS___CBRTF_H = 0xA58 - SYS___CBRTL_H = 0xA59 - SYS___CDUMP = 0x0C4 - SYS___CLASS = 0xAFA - SYS___CLASS2 = 0xB99 - SYS___CLASS2D128 = 0xC99 - SYS___CLASS2D32 = 0xC97 - SYS___CLASS2D64 = 0xC98 - SYS___CLASS2F = 0xC91 - SYS___CLASS2F_B = 0xC93 - SYS___CLASS2F_H = 0xC94 - SYS___CLASS2L = 0xC92 - SYS___CLASS2L_B = 0xC95 - SYS___CLASS2L_H = 0xC96 - SYS___CLASS2_B = 0xB9A - SYS___CLASS2_H = 0xB9B - SYS___CLASS_B = 0xAFB - SYS___CLASS_H = 0xAFC - SYS___CLOGL_B = 0xA01 - SYS___CLOGL_H = 0xA02 - SYS___CLRENV = 0x0C9 - SYS___CLRMF = 0x0BD - SYS___CODEPAGE_INFO = 0xC64 - SYS___CONJF_B = 0xA07 - SYS___CONJF_H = 0xA08 - SYS___CONJL_B = 0xA0A - SYS___CONJL_H = 0xA0B - SYS___CONJ_B = 0xA04 - SYS___CONJ_H = 0xA05 - SYS___COPYSIGN_B = 0xA5A - SYS___COPYSIGN_H = 0xAF5 - SYS___COSPID128 = 0xC70 - SYS___COSPID32 = 0xC6E - SYS___COSPID64 = 0xC6F - SYS___CPOWF_B = 0xA10 - SYS___CPOWF_H = 0xA11 - SYS___CPOWL_B = 0xA13 - SYS___CPOWL_H = 0xA14 - SYS___CPOW_B = 0xA0D - SYS___CPOW_H = 0xA0E - SYS___CPROJF_B = 0xA19 - SYS___CPROJF_H = 0xA1A - SYS___CPROJL_B = 0xA1C - SYS___CPROJL_H = 0xA1D - SYS___CPROJ_B = 0xA16 - SYS___CPROJ_H = 0xA17 - SYS___CREALF_B = 0xA22 - SYS___CREALF_H = 0xA23 - SYS___CREALL_B = 0xA25 - SYS___CREALL_H = 0xA26 - SYS___CREAL_B = 0xA1F - SYS___CREAL_H = 0xA20 - SYS___CSINF_B = 0xA2B - SYS___CSINF_H = 0xA2C - SYS___CSINHF_B = 0xA34 - SYS___CSINHF_H = 0xA35 - SYS___CSINHL_B = 0xA37 - SYS___CSINHL_H = 0xA38 - SYS___CSINH_B = 0xA31 - SYS___CSINH_H = 0xA32 - SYS___CSINL_B = 0xA2E - SYS___CSINL_H = 0xA2F - SYS___CSIN_B = 0xA28 - SYS___CSIN_H = 0xA29 - SYS___CSNAP = 0x0C5 - SYS___CSQRTF_B = 0xA3D - SYS___CSQRTF_H = 0xA3E - SYS___CSQRTL_B = 0xA40 - SYS___CSQRTL_H = 0xA41 - SYS___CSQRT_B = 0xA3A - SYS___CSQRT_H = 0xA3B - SYS___CTANF_B = 0xA46 - SYS___CTANF_H = 0xA47 - SYS___CTANHF_B = 0xA4F - SYS___CTANHF_H = 0xA50 - SYS___CTANHL_B = 0xA52 - SYS___CTANHL_H = 0xA53 - SYS___CTANH_B = 0xA4C - SYS___CTANH_H = 0xA4D - SYS___CTANL_B = 0xA49 - SYS___CTANL_H = 0xA4A - SYS___CTAN_B = 0xA43 - SYS___CTAN_H = 0xA44 - SYS___CTEST = 0x0C7 - SYS___CTRACE = 0x0C6 - SYS___D1TOP = 0xC9B - SYS___D2TOP = 0xC9C - SYS___D4TOP = 0xC9D - SYS___DYNALL = 0x0C3 - SYS___DYNFRE = 0x0C2 - SYS___EXP2F_H = 0xA5E - SYS___EXP2L_H = 0xA5F - SYS___EXP2_H = 0xA5D - SYS___EXPM1F_H = 0xA5B - SYS___EXPM1L_H = 0xA5C - SYS___FBUFSIZE = 0xD60 - SYS___FLBF = 0xD62 - SYS___FLDATA = 0x0C1 - SYS___FMAF_B = 0xA67 - SYS___FMAF_H = 0xA68 - SYS___FMAL_B = 0xA6A - SYS___FMAL_H = 0xA6B - SYS___FMAXF_B = 0xA70 - SYS___FMAXF_H = 0xA71 - SYS___FMAXL_B = 0xA73 - SYS___FMAXL_H = 0xA74 - SYS___FMAX_B = 0xA6D - SYS___FMAX_H = 0xA6E - SYS___FMA_B = 0xA64 - SYS___FMA_H = 0xA65 - SYS___FMINF_B = 0xA79 - SYS___FMINF_H = 0xA7A - SYS___FMINL_B = 0xA7C - SYS___FMINL_H = 0xA7D - SYS___FMIN_B = 0xA76 - SYS___FMIN_H = 0xA77 - SYS___FPENDING = 0xD61 - SYS___FPENDING_UNLOCKED = 0xD6C - SYS___FPURGE = 0xD69 - SYS___FPURGE_UNLOCKED = 0xD70 - SYS___FP_CAST_D = 0xBCB - SYS___FREADABLE = 0xD63 - SYS___FREADAHEAD = 0xD6A - SYS___FREADAHEAD_UNLOCKED = 0xD71 - SYS___FREADING = 0xD65 - SYS___FREADING_UNLOCKED = 0xD6D - SYS___FSEEK2 = 0xB3C - SYS___FSETERR = 0xD6B - SYS___FSETLOCKING = 0xD67 - SYS___FTCHEP = 0x0BF - SYS___FTELL2 = 0xB3B - SYS___FUPDT = 0x0B5 - SYS___FWRITABLE = 0xD64 - SYS___FWRITING = 0xD66 - SYS___FWRITING_UNLOCKED = 0xD6E - SYS___GETCB = 0x0B4 - SYS___GETGRGID1 = 0xD5B - SYS___GETGRNAM1 = 0xD5C - SYS___GETTHENT = 0xCE5 - SYS___GETTOD = 0xD3E - SYS___HYPOTF_H = 0xAF6 - SYS___HYPOTL_H = 0xAF7 - SYS___ILOGBF_B = 0xA7F - SYS___ILOGBF_H = 0xA80 - SYS___ILOGBL_B = 0xA82 - SYS___ILOGBL_H = 0xA83 - SYS___ISBLANK_A = 0xB2E - SYS___ISBLNK = 0x0FE - SYS___ISWBLANK_A = 0xB2F - SYS___LE_CEEGTJS = 0xD72 - SYS___LE_TRACEBACK = 0xB7A - SYS___LGAMMAL_H = 0xA62 - SYS___LGAMMA_B_C99 = 0xB39 - SYS___LGAMMA_H_C99 = 0xB38 - SYS___LGAMMA_R_C99 = 0xB3A - SYS___LLRINTF_B = 0xA88 - SYS___LLRINTF_H = 0xA89 - SYS___LLRINTL_B = 0xA8B - SYS___LLRINTL_H = 0xA8C - SYS___LLRINT_B = 0xA85 - SYS___LLRINT_H = 0xA86 - SYS___LLROUNDF_B = 0xA91 - SYS___LLROUNDF_H = 0xA92 - SYS___LLROUNDL_B = 0xA94 - SYS___LLROUNDL_H = 0xA95 - SYS___LLROUND_B = 0xA8E - SYS___LLROUND_H = 0xA8F - SYS___LOCALE_CTL = 0xD47 - SYS___LOG1PF_H = 0xA60 - SYS___LOG1PL_H = 0xA61 - SYS___LOGBF_B = 0xA97 - SYS___LOGBF_H = 0xA98 - SYS___LOGBL_B = 0xA9A - SYS___LOGBL_H = 0xA9B - SYS___LOGIN_APPLID = 0xCE2 - SYS___LRINTF_B = 0xAA0 - SYS___LRINTF_H = 0xAA1 - SYS___LRINTL_B = 0xAA3 - SYS___LRINTL_H = 0xAA4 - SYS___LRINT_B = 0xA9D - SYS___LRINT_H = 0xA9E - SYS___LROUNDF_FIXUP = 0xB31 - SYS___LROUNDL_B = 0xAA6 - SYS___LROUNDL_H = 0xAA7 - SYS___LROUND_FIXUP = 0xB30 - SYS___MOSERVICES = 0xD3D - SYS___MUST_STAY_CLEAN = 0xB7C - SYS___NANF_B = 0xAAB - SYS___NANL_B = 0xAAD - SYS___NAN_B = 0xAA9 - SYS___NEARBYINTF_B = 0xAB2 - SYS___NEARBYINTF_H = 0xAB3 - SYS___NEARBYINTL_B = 0xAB5 - SYS___NEARBYINTL_H = 0xAB6 - SYS___NEARBYINT_B = 0xAAF - SYS___NEARBYINT_H = 0xAB0 - SYS___NEXTAFTERF_B = 0xAB8 - SYS___NEXTAFTERF_H = 0xAB9 - SYS___NEXTAFTERL_B = 0xABB - SYS___NEXTAFTERL_H = 0xABC - SYS___NEXTTOWARDF_B = 0xAC1 - SYS___NEXTTOWARDF_H = 0xAC2 - SYS___NEXTTOWARDL_B = 0xAC4 - SYS___NEXTTOWARDL_H = 0xAC5 - SYS___NEXTTOWARD_B = 0xABE - SYS___NEXTTOWARD_H = 0xABF - SYS___O_ENV = 0xB7D - SYS___PASSWD_APPLID = 0xCE3 - SYS___PTOD1 = 0xC9E - SYS___PTOD2 = 0xC9F - SYS___PTOD4 = 0xCA0 - SYS___REGCOMP_STD = 0x0EA - SYS___REMAINDERF_H = 0xAC6 - SYS___REMAINDERL_H = 0xAC7 - SYS___REMQUOD128 = 0xC10 - SYS___REMQUOD32 = 0xC0E - SYS___REMQUOD64 = 0xC0F - SYS___REMQUOF_H = 0xAC9 - SYS___REMQUOL_H = 0xACA - SYS___REMQUO_H = 0xAC8 - SYS___RINTF_B = 0xACC - SYS___RINTL_B = 0xACE - SYS___ROUNDF_B = 0xAD3 - SYS___ROUNDF_H = 0xAD4 - SYS___ROUNDL_B = 0xAD6 - SYS___ROUNDL_H = 0xAD7 - SYS___ROUND_B = 0xAD0 - SYS___ROUND_H = 0xAD1 - SYS___SCALBLNF_B = 0xADC - SYS___SCALBLNF_H = 0xADD - SYS___SCALBLNL_B = 0xADF - SYS___SCALBLNL_H = 0xAE0 - SYS___SCALBLN_B = 0xAD9 - SYS___SCALBLN_H = 0xADA - SYS___SCALBNF_B = 0xAE4 - SYS___SCALBNF_H = 0xAE5 - SYS___SCALBNL_B = 0xAE7 - SYS___SCALBNL_H = 0xAE8 - SYS___SCALBN_B = 0xAE1 - SYS___SCALBN_H = 0xAE2 - SYS___SETENV = 0x0C8 - SYS___SINPID128 = 0xC73 - SYS___SINPID32 = 0xC71 - SYS___SINPID64 = 0xC72 - SYS___SMF_RECORD2 = 0xD48 - SYS___STATIC_REINIT = 0xB3D - SYS___TGAMMAF_H_C99 = 0xB79 - SYS___TGAMMAL_H = 0xAE9 - SYS___TGAMMA_H_C99 = 0xB78 - SYS___TOCSNAME2 = 0xC9A - SYS_CEIL = 0x01F - SYS_CHAUDIT = 0x1E0 - SYS_EXP = 0x01A - SYS_FCHAUDIT = 0x1E1 - SYS_FREXP = 0x01D - SYS_GETGROUPSBYNAME = 0x1E2 - SYS_GETPWUID = 0x1A0 - SYS_GETUID = 0x1A1 - SYS_ISATTY = 0x1A3 - SYS_KILL = 0x1A4 - SYS_LDEXP = 0x01E - SYS_LINK = 0x1A5 - SYS_LOG10 = 0x01C - SYS_LSEEK = 0x1A6 - SYS_LSTAT = 0x1A7 - SYS_MKDIR = 0x1A8 - SYS_MKFIFO = 0x1A9 - SYS_MKNOD = 0x1AA - SYS_MODF = 0x01B - SYS_MOUNT = 0x1AB - SYS_OPEN = 0x1AC - SYS_OPENDIR = 0x1AD - SYS_PATHCONF = 0x1AE - SYS_PAUSE = 0x1AF - SYS_PIPE = 0x1B0 - SYS_PTHREAD_ATTR_DESTROY = 0x1E7 - SYS_PTHREAD_ATTR_GETDETACHSTATE = 0x1EB - SYS_PTHREAD_ATTR_GETSTACKSIZE = 0x1E9 - SYS_PTHREAD_ATTR_GETWEIGHT_NP = 0x1ED - SYS_PTHREAD_ATTR_INIT = 0x1E6 - SYS_PTHREAD_ATTR_SETDETACHSTATE = 0x1EA - SYS_PTHREAD_ATTR_SETSTACKSIZE = 0x1E8 - SYS_PTHREAD_ATTR_SETWEIGHT_NP = 0x1EC - SYS_PTHREAD_CANCEL = 0x1EE - SYS_PTHREAD_CLEANUP_POP = 0x1F0 - SYS_PTHREAD_CLEANUP_PUSH = 0x1EF - SYS_PTHREAD_CONDATTR_DESTROY = 0x1F2 - SYS_PTHREAD_CONDATTR_INIT = 0x1F1 - SYS_PTHREAD_COND_BROADCAST = 0x1F6 - SYS_PTHREAD_COND_DESTROY = 0x1F4 - SYS_PTHREAD_COND_INIT = 0x1F3 - SYS_PTHREAD_COND_SIGNAL = 0x1F5 - SYS_PTHREAD_COND_TIMEDWAIT = 0x1F8 - SYS_PTHREAD_COND_WAIT = 0x1F7 - SYS_PTHREAD_CREATE = 0x1F9 - SYS_PTHREAD_DETACH = 0x1FA - SYS_PTHREAD_EQUAL = 0x1FB - SYS_PTHREAD_EXIT = 0x1E4 - SYS_PTHREAD_GETSPECIFIC = 0x1FC - SYS_PTHREAD_JOIN = 0x1FD - SYS_PTHREAD_KEY_CREATE = 0x1FE - SYS_PTHREAD_KILL = 0x1E5 - SYS_PTHREAD_MUTEXATTR_INIT = 0x1FF - SYS_READ = 0x1B2 - SYS_READDIR = 0x1B3 - SYS_READLINK = 0x1B4 - SYS_REWINDDIR = 0x1B5 - SYS_RMDIR = 0x1B6 - SYS_SETEGID = 0x1B7 - SYS_SETEUID = 0x1B8 - SYS_SETGID = 0x1B9 - SYS_SETPGID = 0x1BA - SYS_SETSID = 0x1BB - SYS_SETUID = 0x1BC - SYS_SIGACTION = 0x1BD - SYS_SIGADDSET = 0x1BE - SYS_SIGDELSET = 0x1BF - SYS_SIGEMPTYSET = 0x1C0 - SYS_SIGFILLSET = 0x1C1 - SYS_SIGISMEMBER = 0x1C2 - SYS_SIGLONGJMP = 0x1C3 - SYS_SIGPENDING = 0x1C4 - SYS_SIGPROCMASK = 0x1C5 - SYS_SIGSETJMP = 0x1C6 - SYS_SIGSUSPEND = 0x1C7 - SYS_SIGWAIT = 0x1E3 - SYS_SLEEP = 0x1C8 - SYS_STAT = 0x1C9 - SYS_SYMLINK = 0x1CB - SYS_SYSCONF = 0x1CC - SYS_TCDRAIN = 0x1CD - SYS_TCFLOW = 0x1CE - SYS_TCFLUSH = 0x1CF - SYS_TCGETATTR = 0x1D0 - SYS_TCGETPGRP = 0x1D1 - SYS_TCSENDBREAK = 0x1D2 - SYS_TCSETATTR = 0x1D3 - SYS_TCSETPGRP = 0x1D4 - SYS_TIMES = 0x1D5 - SYS_TTYNAME = 0x1D6 - SYS_TZSET = 0x1D7 - SYS_UMASK = 0x1D8 - SYS_UMOUNT = 0x1D9 - SYS_UNAME = 0x1DA - SYS_UNLINK = 0x1DB - SYS_UTIME = 0x1DC - SYS_WAIT = 0x1DD - SYS_WAITPID = 0x1DE - SYS_WRITE = 0x1DF - SYS_W_GETPSENT = 0x1B1 - SYS_W_IOCTL = 0x1A2 - SYS_W_STATFS = 0x1CA - SYS_A64L = 0x2EF - SYS_BCMP = 0x2B9 - SYS_BCOPY = 0x2BA - SYS_BZERO = 0x2BB - SYS_CATCLOSE = 0x2B6 - SYS_CATGETS = 0x2B7 - SYS_CATOPEN = 0x2B8 - SYS_CRYPT = 0x2AC - SYS_DBM_CLEARERR = 0x2F7 - SYS_DBM_CLOSE = 0x2F8 - SYS_DBM_DELETE = 0x2F9 - SYS_DBM_ERROR = 0x2FA - SYS_DBM_FETCH = 0x2FB - SYS_DBM_FIRSTKEY = 0x2FC - SYS_DBM_NEXTKEY = 0x2FD - SYS_DBM_OPEN = 0x2FE - SYS_DBM_STORE = 0x2FF - SYS_DRAND48 = 0x2B2 - SYS_ENCRYPT = 0x2AD - SYS_ENDUTXENT = 0x2E1 - SYS_ERAND48 = 0x2B3 - SYS_ERF = 0x02C - SYS_ERFC = 0x02D - SYS_FCHDIR = 0x2D9 - SYS_FFS = 0x2BC - SYS_FMTMSG = 0x2E5 - SYS_FSTATVFS = 0x2B4 - SYS_FTIME = 0x2F5 - SYS_GAMMA = 0x02E - SYS_GETDATE = 0x2A6 - SYS_GETPAGESIZE = 0x2D8 - SYS_GETTIMEOFDAY = 0x2F6 - SYS_GETUTXENT = 0x2E0 - SYS_GETUTXID = 0x2E2 - SYS_GETUTXLINE = 0x2E3 - SYS_HCREATE = 0x2C6 - SYS_HDESTROY = 0x2C7 - SYS_HSEARCH = 0x2C8 - SYS_HYPOT = 0x02B - SYS_INDEX = 0x2BD - SYS_INITSTATE = 0x2C2 - SYS_INSQUE = 0x2CF - SYS_ISASCII = 0x2ED - SYS_JRAND48 = 0x2E6 - SYS_L64A = 0x2F0 - SYS_LCONG48 = 0x2EA - SYS_LFIND = 0x2C9 - SYS_LRAND48 = 0x2E7 - SYS_LSEARCH = 0x2CA - SYS_MEMCCPY = 0x2D4 - SYS_MRAND48 = 0x2E8 - SYS_NRAND48 = 0x2E9 - SYS_PCLOSE = 0x2D2 - SYS_POPEN = 0x2D1 - SYS_PUTUTXLINE = 0x2E4 - SYS_RANDOM = 0x2C4 - SYS_REMQUE = 0x2D0 - SYS_RINDEX = 0x2BE - SYS_SEED48 = 0x2EC - SYS_SETKEY = 0x2AE - SYS_SETSTATE = 0x2C3 - SYS_SETUTXENT = 0x2DF - SYS_SRAND48 = 0x2EB - SYS_SRANDOM = 0x2C5 - SYS_STATVFS = 0x2B5 - SYS_STRCASECMP = 0x2BF - SYS_STRDUP = 0x2C0 - SYS_STRNCASECMP = 0x2C1 - SYS_SWAB = 0x2D3 - SYS_TDELETE = 0x2CB - SYS_TFIND = 0x2CC - SYS_TOASCII = 0x2EE - SYS_TSEARCH = 0x2CD - SYS_TWALK = 0x2CE - SYS_UALARM = 0x2F1 - SYS_USLEEP = 0x2F2 - SYS_WAIT3 = 0x2A7 - SYS_WAITID = 0x2A8 - SYS_Y1 = 0x02A - SYS___ATOE = 0x2DB - SYS___ATOE_L = 0x2DC - SYS___CATTRM = 0x2A9 - SYS___CNVBLK = 0x2AF - SYS___CRYTRM = 0x2B0 - SYS___DLGHT = 0x2A1 - SYS___ECRTRM = 0x2B1 - SYS___ETOA = 0x2DD - SYS___ETOA_L = 0x2DE - SYS___GDTRM = 0x2AA - SYS___OCLCK = 0x2DA - SYS___OPARGF = 0x2A2 - SYS___OPERRF = 0x2A5 - SYS___OPINDF = 0x2A4 - SYS___OPOPTF = 0x2A3 - SYS___RNDTRM = 0x2AB - SYS___SRCTRM = 0x2F4 - SYS___TZONE = 0x2A0 - SYS___UTXTRM = 0x2F3 - SYS_ASIN = 0x03E - SYS_ISXDIGIT = 0x03B - SYS_SETLOCAL = 0x03A - SYS_SETLOCALE = 0x03A - SYS_SIN = 0x03F - SYS_TOLOWER = 0x03C - SYS_TOUPPER = 0x03D - SYS_ACCEPT_AND_RECV = 0x4F7 - SYS_ATOL = 0x04E - SYS_CHECKSCH = 0x4BC - SYS_CHECKSCHENV = 0x4BC - SYS_CLEARERR = 0x04C - SYS_CONNECTS = 0x4B5 - SYS_CONNECTSERVER = 0x4B5 - SYS_CONNECTW = 0x4B4 - SYS_CONNECTWORKMGR = 0x4B4 - SYS_CONTINUE = 0x4B3 - SYS_CONTINUEWORKUNIT = 0x4B3 - SYS_COPYSIGN = 0x4C2 - SYS_CREATEWO = 0x4B2 - SYS_CREATEWORKUNIT = 0x4B2 - SYS_DELETEWO = 0x4B9 - SYS_DELETEWORKUNIT = 0x4B9 - SYS_DISCONNE = 0x4B6 - SYS_DISCONNECTSERVER = 0x4B6 - SYS_FEOF = 0x04D - SYS_FERROR = 0x04A - SYS_FINITE = 0x4C8 - SYS_GAMMA_R = 0x4E2 - SYS_JOINWORK = 0x4B7 - SYS_JOINWORKUNIT = 0x4B7 - SYS_LEAVEWOR = 0x4B8 - SYS_LEAVEWORKUNIT = 0x4B8 - SYS_LGAMMA_R = 0x4EB - SYS_MATHERR = 0x4D0 - SYS_PERROR = 0x04F - SYS_QUERYMET = 0x4BA - SYS_QUERYMETRICS = 0x4BA - SYS_QUERYSCH = 0x4BB - SYS_QUERYSCHENV = 0x4BB - SYS_REWIND = 0x04B - SYS_SCALBN = 0x4D4 - SYS_SIGNIFIC = 0x4D5 - SYS_SIGNIFICAND = 0x4D5 - SYS___ACOSH_B = 0x4DA - SYS___ACOS_B = 0x4D9 - SYS___ASINH_B = 0x4BE - SYS___ASIN_B = 0x4DB - SYS___ATAN2_B = 0x4DC - SYS___ATANH_B = 0x4DD - SYS___ATAN_B = 0x4BF - SYS___CBRT_B = 0x4C0 - SYS___CEIL_B = 0x4C1 - SYS___COSH_B = 0x4DE - SYS___COS_B = 0x4C3 - SYS___DGHT = 0x4A8 - SYS___ENVN = 0x4B0 - SYS___ERFC_B = 0x4C5 - SYS___ERF_B = 0x4C4 - SYS___EXPM1_B = 0x4C6 - SYS___EXP_B = 0x4DF - SYS___FABS_B = 0x4C7 - SYS___FLOOR_B = 0x4C9 - SYS___FMOD_B = 0x4E0 - SYS___FP_SETMODE = 0x4F8 - SYS___FREXP_B = 0x4CA - SYS___GAMMA_B = 0x4E1 - SYS___GDRR = 0x4A1 - SYS___HRRNO = 0x4A2 - SYS___HYPOT_B = 0x4E3 - SYS___ILOGB_B = 0x4CB - SYS___ISNAN_B = 0x4CC - SYS___J0_B = 0x4E4 - SYS___J1_B = 0x4E6 - SYS___JN_B = 0x4E8 - SYS___LDEXP_B = 0x4CD - SYS___LGAMMA_B = 0x4EA - SYS___LOG10_B = 0x4ED - SYS___LOG1P_B = 0x4CE - SYS___LOGB_B = 0x4CF - SYS___LOGIN = 0x4F5 - SYS___LOG_B = 0x4EC - SYS___MLOCKALL = 0x4B1 - SYS___MODF_B = 0x4D1 - SYS___NEXTAFTER_B = 0x4D2 - SYS___OPENDIR2 = 0x4F3 - SYS___OPEN_STAT = 0x4F6 - SYS___OPND = 0x4A5 - SYS___OPPT = 0x4A6 - SYS___OPRG = 0x4A3 - SYS___OPRR = 0x4A4 - SYS___PID_AFFINITY = 0x4BD - SYS___POW_B = 0x4EE - SYS___READDIR2 = 0x4F4 - SYS___REMAINDER_B = 0x4EF - SYS___RINT_B = 0x4D3 - SYS___SCALB_B = 0x4F0 - SYS___SIGACTIONSET = 0x4FB - SYS___SIGGM = 0x4A7 - SYS___SINH_B = 0x4F1 - SYS___SIN_B = 0x4D6 - SYS___SQRT_B = 0x4F2 - SYS___TANH_B = 0x4D8 - SYS___TAN_B = 0x4D7 - SYS___TRRNO = 0x4AF - SYS___TZNE = 0x4A9 - SYS___TZZN = 0x4AA - SYS___UCREATE = 0x4FC - SYS___UFREE = 0x4FE - SYS___UHEAPREPORT = 0x4FF - SYS___UMALLOC = 0x4FD - SYS___Y0_B = 0x4E5 - SYS___Y1_B = 0x4E7 - SYS___YN_B = 0x4E9 - SYS_ABORT = 0x05C - SYS_ASCTIME_R = 0x5E0 - SYS_ATEXIT = 0x05D - SYS_CONNECTE = 0x5AE - SYS_CONNECTEXPORTIMPORT = 0x5AE - SYS_CTIME_R = 0x5E1 - SYS_DN_COMP = 0x5DF - SYS_DN_EXPAND = 0x5DD - SYS_DN_SKIPNAME = 0x5DE - SYS_EXIT = 0x05A - SYS_EXPORTWO = 0x5A1 - SYS_EXPORTWORKUNIT = 0x5A1 - SYS_EXTRACTW = 0x5A5 - SYS_EXTRACTWORKUNIT = 0x5A5 - SYS_FSEEKO = 0x5C9 - SYS_FTELLO = 0x5C8 - SYS_GETGRGID_R = 0x5E7 - SYS_GETGRNAM_R = 0x5E8 - SYS_GETLOGIN_R = 0x5E9 - SYS_GETPWNAM_R = 0x5EA - SYS_GETPWUID_R = 0x5EB - SYS_GMTIME_R = 0x5E2 - SYS_IMPORTWO = 0x5A3 - SYS_IMPORTWORKUNIT = 0x5A3 - SYS_INET_NTOP = 0x5D3 - SYS_INET_PTON = 0x5D4 - SYS_LLABS = 0x5CE - SYS_LLDIV = 0x5CB - SYS_LOCALTIME_R = 0x5E3 - SYS_PTHREAD_ATFORK = 0x5ED - SYS_PTHREAD_ATTR_GETDETACHSTATE_U98 = 0x5FB - SYS_PTHREAD_ATTR_GETGUARDSIZE = 0x5EE - SYS_PTHREAD_ATTR_GETSCHEDPARAM = 0x5F9 - SYS_PTHREAD_ATTR_GETSTACKADDR = 0x5EF - SYS_PTHREAD_ATTR_SETDETACHSTATE_U98 = 0x5FC - SYS_PTHREAD_ATTR_SETGUARDSIZE = 0x5F0 - SYS_PTHREAD_ATTR_SETSCHEDPARAM = 0x5FA - SYS_PTHREAD_ATTR_SETSTACKADDR = 0x5F1 - SYS_PTHREAD_CONDATTR_GETPSHARED = 0x5F2 - SYS_PTHREAD_CONDATTR_SETPSHARED = 0x5F3 - SYS_PTHREAD_DETACH_U98 = 0x5FD - SYS_PTHREAD_GETCONCURRENCY = 0x5F4 - SYS_PTHREAD_GETSPECIFIC_U98 = 0x5FE - SYS_PTHREAD_KEY_DELETE = 0x5F5 - SYS_PTHREAD_SETCANCELSTATE = 0x5FF - SYS_PTHREAD_SETCONCURRENCY = 0x5F6 - SYS_PTHREAD_SIGMASK = 0x5F7 - SYS_QUERYENC = 0x5AD - SYS_QUERYWORKUNITCLASSIFICATION = 0x5AD - SYS_RAISE = 0x05E - SYS_RAND_R = 0x5E4 - SYS_READDIR_R = 0x5E6 - SYS_REALLOC = 0x05B - SYS_RES_INIT = 0x5D8 - SYS_RES_MKQUERY = 0x5D7 - SYS_RES_QUERY = 0x5D9 - SYS_RES_QUERYDOMAIN = 0x5DC - SYS_RES_SEARCH = 0x5DA - SYS_RES_SEND = 0x5DB - SYS_SETJMP = 0x05F - SYS_SIGQUEUE = 0x5A9 - SYS_STRTOK_R = 0x5E5 - SYS_STRTOLL = 0x5B0 - SYS_STRTOULL = 0x5B1 - SYS_TTYNAME_R = 0x5EC - SYS_UNDOEXPO = 0x5A2 - SYS_UNDOEXPORTWORKUNIT = 0x5A2 - SYS_UNDOIMPO = 0x5A4 - SYS_UNDOIMPORTWORKUNIT = 0x5A4 - SYS_WCSTOLL = 0x5CC - SYS_WCSTOULL = 0x5CD - SYS___ABORT = 0x05C - SYS___CONSOLE2 = 0x5D2 - SYS___CPL = 0x5A6 - SYS___DISCARDDATA = 0x5F8 - SYS___DSA_PREV = 0x5B2 - SYS___EP_FIND = 0x5B3 - SYS___FP_SWAPMODE = 0x5AF - SYS___GETUSERID = 0x5AB - SYS___GET_CPUID = 0x5B9 - SYS___GET_SYSTEM_SETTINGS = 0x5BA - SYS___IPDOMAINNAME = 0x5AC - SYS___MAP_INIT = 0x5A7 - SYS___MAP_SERVICE = 0x5A8 - SYS___MOUNT = 0x5AA - SYS___MSGRCV_TIMED = 0x5B7 - SYS___RES = 0x5D6 - SYS___SEMOP_TIMED = 0x5B8 - SYS___SERVER_THREADS_QUERY = 0x5B4 - SYS_FPRINTF = 0x06D - SYS_FSCANF = 0x06A - SYS_PRINTF = 0x06F - SYS_SETBUF = 0x06B - SYS_SETVBUF = 0x06C - SYS_SSCANF = 0x06E - SYS___CATGETS_A = 0x6C0 - SYS___CHAUDIT_A = 0x6F4 - SYS___CHMOD_A = 0x6E8 - SYS___COLLATE_INIT_A = 0x6AC - SYS___CREAT_A = 0x6F6 - SYS___CTYPE_INIT_A = 0x6AF - SYS___DLLLOAD_A = 0x6DF - SYS___DLLQUERYFN_A = 0x6E0 - SYS___DLLQUERYVAR_A = 0x6E1 - SYS___E2A_L = 0x6E3 - SYS___EXECLE_A = 0x6A0 - SYS___EXECLP_A = 0x6A4 - SYS___EXECVE_A = 0x6C1 - SYS___EXECVP_A = 0x6C2 - SYS___EXECV_A = 0x6B1 - SYS___FPRINTF_A = 0x6FA - SYS___GETADDRINFO_A = 0x6BF - SYS___GETNAMEINFO_A = 0x6C4 - SYS___GET_WCTYPE_STD_A = 0x6AE - SYS___ICONV_OPEN_A = 0x6DE - SYS___IF_INDEXTONAME_A = 0x6DC - SYS___IF_NAMETOINDEX_A = 0x6DB - SYS___ISWCTYPE_A = 0x6B0 - SYS___IS_WCTYPE_STD_A = 0x6B2 - SYS___LOCALECONV_A = 0x6B8 - SYS___LOCALECONV_STD_A = 0x6B9 - SYS___LOCALE_INIT_A = 0x6B7 - SYS___LSTAT_A = 0x6EE - SYS___LSTAT_O_A = 0x6EF - SYS___MKDIR_A = 0x6E9 - SYS___MKFIFO_A = 0x6EC - SYS___MKNOD_A = 0x6F0 - SYS___MONETARY_INIT_A = 0x6BC - SYS___MOUNT_A = 0x6F1 - SYS___NL_CSINFO_A = 0x6D6 - SYS___NL_LANGINFO_A = 0x6BA - SYS___NL_LNAGINFO_STD_A = 0x6BB - SYS___NL_MONINFO_A = 0x6D7 - SYS___NL_NUMINFO_A = 0x6D8 - SYS___NL_RESPINFO_A = 0x6D9 - SYS___NL_TIMINFO_A = 0x6DA - SYS___NUMERIC_INIT_A = 0x6C6 - SYS___OPEN_A = 0x6F7 - SYS___PRINTF_A = 0x6DD - SYS___RESP_INIT_A = 0x6C7 - SYS___RPMATCH_A = 0x6C8 - SYS___RPMATCH_C_A = 0x6C9 - SYS___RPMATCH_STD_A = 0x6CA - SYS___SETLOCALE_A = 0x6F9 - SYS___SPAWNP_A = 0x6C5 - SYS___SPAWN_A = 0x6C3 - SYS___SPRINTF_A = 0x6FB - SYS___STAT_A = 0x6EA - SYS___STAT_O_A = 0x6EB - SYS___STRCOLL_STD_A = 0x6A1 - SYS___STRFMON_A = 0x6BD - SYS___STRFMON_STD_A = 0x6BE - SYS___STRFTIME_A = 0x6CC - SYS___STRFTIME_STD_A = 0x6CD - SYS___STRPTIME_A = 0x6CE - SYS___STRPTIME_STD_A = 0x6CF - SYS___STRXFRM_A = 0x6A2 - SYS___STRXFRM_C_A = 0x6A3 - SYS___STRXFRM_STD_A = 0x6A5 - SYS___SYNTAX_INIT_A = 0x6D4 - SYS___TIME_INIT_A = 0x6CB - SYS___TOD_INIT_A = 0x6D5 - SYS___TOWLOWER_A = 0x6B3 - SYS___TOWLOWER_STD_A = 0x6B4 - SYS___TOWUPPER_A = 0x6B5 - SYS___TOWUPPER_STD_A = 0x6B6 - SYS___UMOUNT_A = 0x6F2 - SYS___VFPRINTF_A = 0x6FC - SYS___VPRINTF_A = 0x6FD - SYS___VSPRINTF_A = 0x6FE - SYS___VSWPRINTF_A = 0x6FF - SYS___WCSCOLL_A = 0x6A6 - SYS___WCSCOLL_C_A = 0x6A7 - SYS___WCSCOLL_STD_A = 0x6A8 - SYS___WCSFTIME_A = 0x6D0 - SYS___WCSFTIME_STD_A = 0x6D1 - SYS___WCSXFRM_A = 0x6A9 - SYS___WCSXFRM_C_A = 0x6AA - SYS___WCSXFRM_STD_A = 0x6AB - SYS___WCTYPE_A = 0x6AD - SYS___W_GETMNTENT_A = 0x6F5 - SYS_____CCSIDTYPE_A = 0x6E6 - SYS_____CHATTR_A = 0x6E2 - SYS_____CSNAMETYPE_A = 0x6E7 - SYS_____OPEN_STAT_A = 0x6ED - SYS_____SPAWN2_A = 0x6D2 - SYS_____SPAWNP2_A = 0x6D3 - SYS_____TOCCSID_A = 0x6E4 - SYS_____TOCSNAME_A = 0x6E5 - SYS_ACL_FREE = 0x7FF - SYS_ACL_INIT = 0x7FE - SYS_FWIDE = 0x7DF - SYS_FWPRINTF = 0x7D1 - SYS_FWRITE = 0x07E - SYS_FWSCANF = 0x7D5 - SYS_GETCHAR = 0x07B - SYS_GETS = 0x07C - SYS_M_CREATE_LAYOUT = 0x7C9 - SYS_M_DESTROY_LAYOUT = 0x7CA - SYS_M_GETVALUES_LAYOUT = 0x7CB - SYS_M_SETVALUES_LAYOUT = 0x7CC - SYS_M_TRANSFORM_LAYOUT = 0x7CD - SYS_M_WTRANSFORM_LAYOUT = 0x7CE - SYS_PREAD = 0x7C7 - SYS_PUTC = 0x07D - SYS_PUTCHAR = 0x07A - SYS_PUTS = 0x07F - SYS_PWRITE = 0x7C8 - SYS_TOWCTRAN = 0x7D8 - SYS_TOWCTRANS = 0x7D8 - SYS_UNATEXIT = 0x7B5 - SYS_VFWPRINT = 0x7D3 - SYS_VFWPRINTF = 0x7D3 - SYS_VWPRINTF = 0x7D4 - SYS_WCTRANS = 0x7D7 - SYS_WPRINTF = 0x7D2 - SYS_WSCANF = 0x7D6 - SYS___ASCTIME_R_A = 0x7A1 - SYS___BASENAME_A = 0x7DC - SYS___BTOWC_A = 0x7E4 - SYS___CDUMP_A = 0x7B7 - SYS___CEE3DMP_A = 0x7B6 - SYS___CEILF_H = 0x7F4 - SYS___CEILL_H = 0x7F5 - SYS___CEIL_H = 0x7EA - SYS___CRYPT_A = 0x7BE - SYS___CSNAP_A = 0x7B8 - SYS___CTEST_A = 0x7B9 - SYS___CTIME_R_A = 0x7A2 - SYS___CTRACE_A = 0x7BA - SYS___DBM_OPEN_A = 0x7E6 - SYS___DIRNAME_A = 0x7DD - SYS___FABSF_H = 0x7FA - SYS___FABSL_H = 0x7FB - SYS___FABS_H = 0x7ED - SYS___FGETWC_A = 0x7AA - SYS___FGETWS_A = 0x7AD - SYS___FLOORF_H = 0x7F6 - SYS___FLOORL_H = 0x7F7 - SYS___FLOOR_H = 0x7EB - SYS___FPUTWC_A = 0x7A5 - SYS___FPUTWS_A = 0x7A8 - SYS___GETTIMEOFDAY_A = 0x7AE - SYS___GETWCHAR_A = 0x7AC - SYS___GETWC_A = 0x7AB - SYS___GLOB_A = 0x7DE - SYS___GMTIME_A = 0x7AF - SYS___GMTIME_R_A = 0x7B0 - SYS___INET_PTON_A = 0x7BC - SYS___J0_H = 0x7EE - SYS___J1_H = 0x7EF - SYS___JN_H = 0x7F0 - SYS___LOCALTIME_A = 0x7B1 - SYS___LOCALTIME_R_A = 0x7B2 - SYS___MALLOC24 = 0x7FC - SYS___MALLOC31 = 0x7FD - SYS___MKTIME_A = 0x7B3 - SYS___MODFF_H = 0x7F8 - SYS___MODFL_H = 0x7F9 - SYS___MODF_H = 0x7EC - SYS___OPENDIR_A = 0x7C2 - SYS___OSNAME = 0x7E0 - SYS___PUTWCHAR_A = 0x7A7 - SYS___PUTWC_A = 0x7A6 - SYS___READDIR_A = 0x7C3 - SYS___STRTOLL_A = 0x7A3 - SYS___STRTOULL_A = 0x7A4 - SYS___SYSLOG_A = 0x7BD - SYS___TZZNA = 0x7B4 - SYS___UNGETWC_A = 0x7A9 - SYS___UTIME_A = 0x7A0 - SYS___VFPRINTF2_A = 0x7E7 - SYS___VPRINTF2_A = 0x7E8 - SYS___VSPRINTF2_A = 0x7E9 - SYS___VSWPRNTF2_A = 0x7BB - SYS___WCSTOD_A = 0x7D9 - SYS___WCSTOL_A = 0x7DA - SYS___WCSTOUL_A = 0x7DB - SYS___WCTOB_A = 0x7E5 - SYS___Y0_H = 0x7F1 - SYS___Y1_H = 0x7F2 - SYS___YN_H = 0x7F3 - SYS_____OPENDIR2_A = 0x7BF - SYS_____OSNAME_A = 0x7E1 - SYS_____READDIR2_A = 0x7C0 - SYS_DLCLOSE = 0x8DF - SYS_DLERROR = 0x8E0 - SYS_DLOPEN = 0x8DD - SYS_DLSYM = 0x8DE - SYS_FLOCKFILE = 0x8D3 - SYS_FTRYLOCKFILE = 0x8D4 - SYS_FUNLOCKFILE = 0x8D5 - SYS_GETCHAR_UNLOCKED = 0x8D7 - SYS_GETC_UNLOCKED = 0x8D6 - SYS_PUTCHAR_UNLOCKED = 0x8D9 - SYS_PUTC_UNLOCKED = 0x8D8 - SYS_SNPRINTF = 0x8DA - SYS_VSNPRINTF = 0x8DB - SYS_WCSCSPN = 0x08B - SYS_WCSLEN = 0x08C - SYS_WCSNCAT = 0x08D - SYS_WCSNCMP = 0x08A - SYS_WCSNCPY = 0x08F - SYS_WCSSPN = 0x08E - SYS___ABSF_H = 0x8E7 - SYS___ABSL_H = 0x8E8 - SYS___ABS_H = 0x8E6 - SYS___ACOSF_H = 0x8EA - SYS___ACOSH_H = 0x8EC - SYS___ACOSL_H = 0x8EB - SYS___ACOS_H = 0x8E9 - SYS___ASINF_H = 0x8EE - SYS___ASINH_H = 0x8F0 - SYS___ASINL_H = 0x8EF - SYS___ASIN_H = 0x8ED - SYS___ATAN2F_H = 0x8F8 - SYS___ATAN2L_H = 0x8F9 - SYS___ATAN2_H = 0x8F7 - SYS___ATANF_H = 0x8F2 - SYS___ATANHF_H = 0x8F5 - SYS___ATANHL_H = 0x8F6 - SYS___ATANH_H = 0x8F4 - SYS___ATANL_H = 0x8F3 - SYS___ATAN_H = 0x8F1 - SYS___CBRT_H = 0x8FA - SYS___COPYSIGNF_H = 0x8FB - SYS___COPYSIGNL_H = 0x8FC - SYS___COSF_H = 0x8FE - SYS___COSL_H = 0x8FF - SYS___COS_H = 0x8FD - SYS___DLERROR_A = 0x8D2 - SYS___DLOPEN_A = 0x8D0 - SYS___DLSYM_A = 0x8D1 - SYS___GETUTXENT_A = 0x8C6 - SYS___GETUTXID_A = 0x8C7 - SYS___GETUTXLINE_A = 0x8C8 - SYS___ITOA = 0x8AA - SYS___ITOA_A = 0x8B0 - SYS___LE_CONDITION_TOKEN_BUILD = 0x8A5 - SYS___LE_MSG_ADD_INSERT = 0x8A6 - SYS___LE_MSG_GET = 0x8A7 - SYS___LE_MSG_GET_AND_WRITE = 0x8A8 - SYS___LE_MSG_WRITE = 0x8A9 - SYS___LLTOA = 0x8AE - SYS___LLTOA_A = 0x8B4 - SYS___LTOA = 0x8AC - SYS___LTOA_A = 0x8B2 - SYS___PUTCHAR_UNLOCKED_A = 0x8CC - SYS___PUTC_UNLOCKED_A = 0x8CB - SYS___PUTUTXLINE_A = 0x8C9 - SYS___RESET_EXCEPTION_HANDLER = 0x8E3 - SYS___REXEC_A = 0x8C4 - SYS___REXEC_AF_A = 0x8C5 - SYS___SET_EXCEPTION_HANDLER = 0x8E2 - SYS___SNPRINTF_A = 0x8CD - SYS___SUPERKILL = 0x8A4 - SYS___TCGETATTR_A = 0x8A1 - SYS___TCSETATTR_A = 0x8A2 - SYS___ULLTOA = 0x8AF - SYS___ULLTOA_A = 0x8B5 - SYS___ULTOA = 0x8AD - SYS___ULTOA_A = 0x8B3 - SYS___UTOA = 0x8AB - SYS___UTOA_A = 0x8B1 - SYS___VHM_EVENT = 0x8E4 - SYS___VSNPRINTF_A = 0x8CE - SYS_____GETENV_A = 0x8C3 - SYS_____UTMPXNAME_A = 0x8CA - SYS_CACOSH = 0x9A0 - SYS_CACOSHF = 0x9A3 - SYS_CACOSHL = 0x9A6 - SYS_CARG = 0x9A9 - SYS_CARGF = 0x9AC - SYS_CARGL = 0x9AF - SYS_CASIN = 0x9B2 - SYS_CASINF = 0x9B5 - SYS_CASINH = 0x9BB - SYS_CASINHF = 0x9BE - SYS_CASINHL = 0x9C1 - SYS_CASINL = 0x9B8 - SYS_CATAN = 0x9C4 - SYS_CATANF = 0x9C7 - SYS_CATANH = 0x9CD - SYS_CATANHF = 0x9D0 - SYS_CATANHL = 0x9D3 - SYS_CATANL = 0x9CA - SYS_CCOS = 0x9D6 - SYS_CCOSF = 0x9D9 - SYS_CCOSH = 0x9DF - SYS_CCOSHF = 0x9E2 - SYS_CCOSHL = 0x9E5 - SYS_CCOSL = 0x9DC - SYS_CEXP = 0x9E8 - SYS_CEXPF = 0x9EB - SYS_CEXPL = 0x9EE - SYS_CIMAG = 0x9F1 - SYS_CIMAGF = 0x9F4 - SYS_CIMAGL = 0x9F7 - SYS_CLOGF = 0x9FD - SYS_MEMCHR = 0x09B - SYS_MEMCMP = 0x09A - SYS_STRCOLL = 0x09C - SYS_STRNCMP = 0x09D - SYS_STRRCHR = 0x09F - SYS_STRXFRM = 0x09E - SYS___CACOSHF_B = 0x9A4 - SYS___CACOSHF_H = 0x9A5 - SYS___CACOSHL_B = 0x9A7 - SYS___CACOSHL_H = 0x9A8 - SYS___CACOSH_B = 0x9A1 - SYS___CACOSH_H = 0x9A2 - SYS___CARGF_B = 0x9AD - SYS___CARGF_H = 0x9AE - SYS___CARGL_B = 0x9B0 - SYS___CARGL_H = 0x9B1 - SYS___CARG_B = 0x9AA - SYS___CARG_H = 0x9AB - SYS___CASINF_B = 0x9B6 - SYS___CASINF_H = 0x9B7 - SYS___CASINHF_B = 0x9BF - SYS___CASINHF_H = 0x9C0 - SYS___CASINHL_B = 0x9C2 - SYS___CASINHL_H = 0x9C3 - SYS___CASINH_B = 0x9BC - SYS___CASINH_H = 0x9BD - SYS___CASINL_B = 0x9B9 - SYS___CASINL_H = 0x9BA - SYS___CASIN_B = 0x9B3 - SYS___CASIN_H = 0x9B4 - SYS___CATANF_B = 0x9C8 - SYS___CATANF_H = 0x9C9 - SYS___CATANHF_B = 0x9D1 - SYS___CATANHF_H = 0x9D2 - SYS___CATANHL_B = 0x9D4 - SYS___CATANHL_H = 0x9D5 - SYS___CATANH_B = 0x9CE - SYS___CATANH_H = 0x9CF - SYS___CATANL_B = 0x9CB - SYS___CATANL_H = 0x9CC - SYS___CATAN_B = 0x9C5 - SYS___CATAN_H = 0x9C6 - SYS___CCOSF_B = 0x9DA - SYS___CCOSF_H = 0x9DB - SYS___CCOSHF_B = 0x9E3 - SYS___CCOSHF_H = 0x9E4 - SYS___CCOSHL_B = 0x9E6 - SYS___CCOSHL_H = 0x9E7 - SYS___CCOSH_B = 0x9E0 - SYS___CCOSH_H = 0x9E1 - SYS___CCOSL_B = 0x9DD - SYS___CCOSL_H = 0x9DE - SYS___CCOS_B = 0x9D7 - SYS___CCOS_H = 0x9D8 - SYS___CEXPF_B = 0x9EC - SYS___CEXPF_H = 0x9ED - SYS___CEXPL_B = 0x9EF - SYS___CEXPL_H = 0x9F0 - SYS___CEXP_B = 0x9E9 - SYS___CEXP_H = 0x9EA - SYS___CIMAGF_B = 0x9F5 - SYS___CIMAGF_H = 0x9F6 - SYS___CIMAGL_B = 0x9F8 - SYS___CIMAGL_H = 0x9F9 - SYS___CIMAG_B = 0x9F2 - SYS___CIMAG_H = 0x9F3 - SYS___CLOG = 0x9FA - SYS___CLOGF_B = 0x9FE - SYS___CLOGF_H = 0x9FF - SYS___CLOG_B = 0x9FB - SYS___CLOG_H = 0x9FC - SYS_ISWCTYPE = 0x10C - SYS_ISWXDIGI = 0x10A - SYS_ISWXDIGIT = 0x10A - SYS_MBSINIT = 0x10F - SYS_TOWLOWER = 0x10D - SYS_TOWUPPER = 0x10E - SYS_WCTYPE = 0x10B - SYS_WCSSTR = 0x11B - SYS___RPMTCH = 0x11A - SYS_WCSTOD = 0x12E - SYS_WCSTOK = 0x12C - SYS_WCSTOL = 0x12D - SYS_WCSTOUL = 0x12F - SYS_FGETWC = 0x13C - SYS_FGETWS = 0x13D - SYS_FPUTWC = 0x13E - SYS_FPUTWS = 0x13F - SYS_REGERROR = 0x13B - SYS_REGFREE = 0x13A - SYS_COLLEQUIV = 0x14F - SYS_COLLTOSTR = 0x14E - SYS_ISMCCOLLEL = 0x14C - SYS_STRTOCOLL = 0x14D - SYS_DLLFREE = 0x16F - SYS_DLLQUERYFN = 0x16D - SYS_DLLQUERYVAR = 0x16E - SYS_GETMCCOLL = 0x16A - SYS_GETWMCCOLL = 0x16B - SYS___ERR2AD = 0x16C - SYS_CFSETOSPEED = 0x17A - SYS_CHDIR = 0x17B - SYS_CHMOD = 0x17C - SYS_CHOWN = 0x17D - SYS_CLOSE = 0x17E - SYS_CLOSEDIR = 0x17F - SYS_LOG = 0x017 - SYS_COSH = 0x018 - SYS_FCHMOD = 0x18A - SYS_FCHOWN = 0x18B - SYS_FCNTL = 0x18C - SYS_FILENO = 0x18D - SYS_FORK = 0x18E - SYS_FPATHCONF = 0x18F - SYS_GETLOGIN = 0x19A - SYS_GETPGRP = 0x19C - SYS_GETPID = 0x19D - SYS_GETPPID = 0x19E - SYS_GETPWNAM = 0x19F - SYS_TANH = 0x019 - SYS_W_GETMNTENT = 0x19B - SYS_POW = 0x020 - SYS_PTHREAD_SELF = 0x20A - SYS_PTHREAD_SETINTR = 0x20B - SYS_PTHREAD_SETINTRTYPE = 0x20C - SYS_PTHREAD_SETSPECIFIC = 0x20D - SYS_PTHREAD_TESTINTR = 0x20E - SYS_PTHREAD_YIELD = 0x20F - SYS_SQRT = 0x021 - SYS_FLOOR = 0x022 - SYS_J1 = 0x023 - SYS_WCSPBRK = 0x23F - SYS_BSEARCH = 0x24C - SYS_FABS = 0x024 - SYS_GETENV = 0x24A - SYS_LDIV = 0x24D - SYS_SYSTEM = 0x24B - SYS_FMOD = 0x025 - SYS___RETHROW = 0x25F - SYS___THROW = 0x25E - SYS_J0 = 0x026 - SYS_PUTENV = 0x26A - SYS___GETENV = 0x26F - SYS_SEMCTL = 0x27A - SYS_SEMGET = 0x27B - SYS_SEMOP = 0x27C - SYS_SHMAT = 0x27D - SYS_SHMCTL = 0x27E - SYS_SHMDT = 0x27F - SYS_YN = 0x027 - SYS_JN = 0x028 - SYS_SIGALTSTACK = 0x28A - SYS_SIGHOLD = 0x28B - SYS_SIGIGNORE = 0x28C - SYS_SIGINTERRUPT = 0x28D - SYS_SIGPAUSE = 0x28E - SYS_SIGRELSE = 0x28F - SYS_GETOPT = 0x29A - SYS_GETSUBOPT = 0x29D - SYS_LCHOWN = 0x29B - SYS_SETPGRP = 0x29E - SYS_TRUNCATE = 0x29C - SYS_Y0 = 0x029 - SYS___GDERR = 0x29F - SYS_ISALPHA = 0x030 - SYS_VFORK = 0x30F - SYS__LONGJMP = 0x30D - SYS__SETJMP = 0x30E - SYS_GLOB = 0x31A - SYS_GLOBFREE = 0x31B - SYS_ISALNUM = 0x031 - SYS_PUTW = 0x31C - SYS_SEEKDIR = 0x31D - SYS_TELLDIR = 0x31E - SYS_TEMPNAM = 0x31F - SYS_GETTIMEOFDAY_R = 0x32E - SYS_ISLOWER = 0x032 - SYS_LGAMMA = 0x32C - SYS_REMAINDER = 0x32A - SYS_SCALB = 0x32B - SYS_SYNC = 0x32F - SYS_TTYSLOT = 0x32D - SYS_ENDPROTOENT = 0x33A - SYS_ENDSERVENT = 0x33B - SYS_GETHOSTBYADDR = 0x33D - SYS_GETHOSTBYADDR_R = 0x33C - SYS_GETHOSTBYNAME = 0x33F - SYS_GETHOSTBYNAME_R = 0x33E - SYS_ISCNTRL = 0x033 - SYS_GETSERVBYNAME = 0x34A - SYS_GETSERVBYPORT = 0x34B - SYS_GETSERVENT = 0x34C - SYS_GETSOCKNAME = 0x34D - SYS_GETSOCKOPT = 0x34E - SYS_INET_ADDR = 0x34F - SYS_ISDIGIT = 0x034 - SYS_ISGRAPH = 0x035 - SYS_SELECT = 0x35B - SYS_SELECTEX = 0x35C - SYS_SEND = 0x35D - SYS_SENDTO = 0x35F - SYS_CHROOT = 0x36A - SYS_ISNAN = 0x36D - SYS_ISUPPER = 0x036 - SYS_ULIMIT = 0x36C - SYS_UTIMES = 0x36E - SYS_W_STATVFS = 0x36B - SYS___H_ERRNO = 0x36F - SYS_GRANTPT = 0x37A - SYS_ISPRINT = 0x037 - SYS_TCGETSID = 0x37C - SYS_UNLOCKPT = 0x37B - SYS___TCGETCP = 0x37D - SYS___TCSETCP = 0x37E - SYS___TCSETTABLES = 0x37F - SYS_ISPUNCT = 0x038 - SYS_NLIST = 0x38C - SYS___IPDBCS = 0x38D - SYS___IPDSPX = 0x38E - SYS___IPMSGC = 0x38F - SYS___STHOSTENT = 0x38B - SYS___STSERVENT = 0x38A - SYS_ISSPACE = 0x039 - SYS_COS = 0x040 - SYS_T_ALLOC = 0x40A - SYS_T_BIND = 0x40B - SYS_T_CLOSE = 0x40C - SYS_T_CONNECT = 0x40D - SYS_T_ERROR = 0x40E - SYS_T_FREE = 0x40F - SYS_TAN = 0x041 - SYS_T_RCVREL = 0x41A - SYS_T_RCVUDATA = 0x41B - SYS_T_RCVUDERR = 0x41C - SYS_T_SND = 0x41D - SYS_T_SNDDIS = 0x41E - SYS_T_SNDREL = 0x41F - SYS_GETPMSG = 0x42A - SYS_ISASTREAM = 0x42B - SYS_PUTMSG = 0x42C - SYS_PUTPMSG = 0x42D - SYS_SINH = 0x042 - SYS___ISPOSIXON = 0x42E - SYS___OPENMVSREL = 0x42F - SYS_ACOS = 0x043 - SYS_ATAN = 0x044 - SYS_ATAN2 = 0x045 - SYS_FTELL = 0x046 - SYS_FGETPOS = 0x047 - SYS_SOCK_DEBUG = 0x47A - SYS_SOCK_DO_TESTSTOR = 0x47D - SYS_TAKESOCKET = 0x47E - SYS___SERVER_INIT = 0x47F - SYS_FSEEK = 0x048 - SYS___IPHOST = 0x48B - SYS___IPNODE = 0x48C - SYS___SERVER_CLASSIFY_CREATE = 0x48D - SYS___SERVER_CLASSIFY_DESTROY = 0x48E - SYS___SERVER_CLASSIFY_RESET = 0x48F - SYS___SMF_RECORD = 0x48A - SYS_FSETPOS = 0x049 - SYS___FNWSA = 0x49B - SYS___SPAWN2 = 0x49D - SYS___SPAWNP2 = 0x49E - SYS_ATOF = 0x050 - SYS_PTHREAD_MUTEXATTR_GETPSHARED = 0x50A - SYS_PTHREAD_MUTEXATTR_SETPSHARED = 0x50B - SYS_PTHREAD_RWLOCK_DESTROY = 0x50C - SYS_PTHREAD_RWLOCK_INIT = 0x50D - SYS_PTHREAD_RWLOCK_RDLOCK = 0x50E - SYS_PTHREAD_RWLOCK_TRYRDLOCK = 0x50F - SYS_ATOI = 0x051 - SYS___FP_CLASS = 0x51D - SYS___FP_CLR_FLAG = 0x51A - SYS___FP_FINITE = 0x51E - SYS___FP_ISNAN = 0x51F - SYS___FP_RAISE_XCP = 0x51C - SYS___FP_READ_FLAG = 0x51B - SYS_RAND = 0x052 - SYS_SIGTIMEDWAIT = 0x52D - SYS_SIGWAITINFO = 0x52E - SYS___CHKBFP = 0x52F - SYS___FPC_RS = 0x52C - SYS___FPC_RW = 0x52A - SYS___FPC_SM = 0x52B - SYS_STRTOD = 0x053 - SYS_STRTOL = 0x054 - SYS_STRTOUL = 0x055 - SYS_MALLOC = 0x056 - SYS_SRAND = 0x057 - SYS_CALLOC = 0x058 - SYS_FREE = 0x059 - SYS___OSENV = 0x59F - SYS___W_PIOCTL = 0x59E - SYS_LONGJMP = 0x060 - SYS___FLOORF_B = 0x60A - SYS___FLOORL_B = 0x60B - SYS___FREXPF_B = 0x60C - SYS___FREXPL_B = 0x60D - SYS___LDEXPF_B = 0x60E - SYS___LDEXPL_B = 0x60F - SYS_SIGNAL = 0x061 - SYS___ATAN2F_B = 0x61A - SYS___ATAN2L_B = 0x61B - SYS___COSHF_B = 0x61C - SYS___COSHL_B = 0x61D - SYS___EXPF_B = 0x61E - SYS___EXPL_B = 0x61F - SYS_TMPNAM = 0x062 - SYS___ABSF_B = 0x62A - SYS___ABSL_B = 0x62C - SYS___ABS_B = 0x62B - SYS___FMODF_B = 0x62D - SYS___FMODL_B = 0x62E - SYS___MODFF_B = 0x62F - SYS_ATANL = 0x63A - SYS_CEILF = 0x63B - SYS_CEILL = 0x63C - SYS_COSF = 0x63D - SYS_COSHF = 0x63F - SYS_COSL = 0x63E - SYS_REMOVE = 0x063 - SYS_POWL = 0x64A - SYS_RENAME = 0x064 - SYS_SINF = 0x64B - SYS_SINHF = 0x64F - SYS_SINL = 0x64C - SYS_SQRTF = 0x64D - SYS_SQRTL = 0x64E - SYS_BTOWC = 0x65F - SYS_FREXPL = 0x65A - SYS_LDEXPF = 0x65B - SYS_LDEXPL = 0x65C - SYS_MODFF = 0x65D - SYS_MODFL = 0x65E - SYS_TMPFILE = 0x065 - SYS_FREOPEN = 0x066 - SYS___CHARMAP_INIT_A = 0x66E - SYS___GETHOSTBYADDR_R_A = 0x66C - SYS___GETHOSTBYNAME_A = 0x66A - SYS___GETHOSTBYNAME_R_A = 0x66D - SYS___MBLEN_A = 0x66F - SYS___RES_INIT_A = 0x66B - SYS_FCLOSE = 0x067 - SYS___GETGRGID_R_A = 0x67D - SYS___WCSTOMBS_A = 0x67A - SYS___WCSTOMBS_STD_A = 0x67B - SYS___WCSWIDTH_A = 0x67C - SYS___WCSWIDTH_ASIA = 0x67F - SYS___WCSWIDTH_STD_A = 0x67E - SYS_FFLUSH = 0x068 - SYS___GETLOGIN_R_A = 0x68E - SYS___GETPWNAM_R_A = 0x68C - SYS___GETPWUID_R_A = 0x68D - SYS___TTYNAME_R_A = 0x68F - SYS___WCWIDTH_ASIA = 0x68B - SYS___WCWIDTH_STD_A = 0x68A - SYS_FOPEN = 0x069 - SYS___REGEXEC_A = 0x69A - SYS___REGEXEC_STD_A = 0x69B - SYS___REGFREE_A = 0x69C - SYS___REGFREE_STD_A = 0x69D - SYS___STRCOLL_A = 0x69E - SYS___STRCOLL_C_A = 0x69F - SYS_SCANF = 0x070 - SYS___A64L_A = 0x70C - SYS___ECVT_A = 0x70D - SYS___FCVT_A = 0x70E - SYS___GCVT_A = 0x70F - SYS___STRTOUL_A = 0x70A - SYS_____AE_CORRESTBL_QUERY_A = 0x70B - SYS_SPRINTF = 0x071 - SYS___ACCESS_A = 0x71F - SYS___CATOPEN_A = 0x71E - SYS___GETOPT_A = 0x71D - SYS___REALPATH_A = 0x71A - SYS___SETENV_A = 0x71B - SYS___SYSTEM_A = 0x71C - SYS_FGETC = 0x072 - SYS___GAI_STRERROR_A = 0x72F - SYS___RMDIR_A = 0x72A - SYS___STATVFS_A = 0x72B - SYS___SYMLINK_A = 0x72C - SYS___TRUNCATE_A = 0x72D - SYS___UNLINK_A = 0x72E - SYS_VFPRINTF = 0x073 - SYS___ISSPACE_A = 0x73A - SYS___ISUPPER_A = 0x73B - SYS___ISWALNUM_A = 0x73F - SYS___ISXDIGIT_A = 0x73C - SYS___TOLOWER_A = 0x73D - SYS___TOUPPER_A = 0x73E - SYS_VPRINTF = 0x074 - SYS___CONFSTR_A = 0x74B - SYS___FDOPEN_A = 0x74E - SYS___FLDATA_A = 0x74F - SYS___FTOK_A = 0x74C - SYS___ISWXDIGIT_A = 0x74A - SYS___MKTEMP_A = 0x74D - SYS_VSPRINTF = 0x075 - SYS___GETGRGID_A = 0x75A - SYS___GETGRNAM_A = 0x75B - SYS___GETGROUPSBYNAME_A = 0x75C - SYS___GETHOSTENT_A = 0x75D - SYS___GETHOSTNAME_A = 0x75E - SYS___GETLOGIN_A = 0x75F - SYS_GETC = 0x076 - SYS___CREATEWORKUNIT_A = 0x76A - SYS___CTERMID_A = 0x76B - SYS___FMTMSG_A = 0x76C - SYS___INITGROUPS_A = 0x76D - SYS___MSGRCV_A = 0x76F - SYS_____LOGIN_A = 0x76E - SYS_FGETS = 0x077 - SYS___STRCASECMP_A = 0x77B - SYS___STRNCASECMP_A = 0x77C - SYS___TTYNAME_A = 0x77D - SYS___UNAME_A = 0x77E - SYS___UTIMES_A = 0x77F - SYS_____SERVER_PWU_A = 0x77A - SYS_FPUTC = 0x078 - SYS___CREAT_O_A = 0x78E - SYS___ENVNA = 0x78F - SYS___FREAD_A = 0x78A - SYS___FWRITE_A = 0x78B - SYS___ISASCII = 0x78D - SYS___OPEN_O_A = 0x78C - SYS_FPUTS = 0x079 - SYS___ASCTIME_A = 0x79C - SYS___CTIME_A = 0x79D - SYS___GETDATE_A = 0x79E - SYS___GETSERVBYPORT_A = 0x79A - SYS___GETSERVENT_A = 0x79B - SYS___TZSET_A = 0x79F - SYS_ACL_FROM_TEXT = 0x80C - SYS_ACL_SET_FD = 0x80A - SYS_ACL_SET_FILE = 0x80B - SYS_ACL_SORT = 0x80E - SYS_ACL_TO_TEXT = 0x80D - SYS_UNGETC = 0x080 - SYS___SHUTDOWN_REGISTRATION = 0x80F - SYS_FREAD = 0x081 - SYS_FREEADDRINFO = 0x81A - SYS_GAI_STRERROR = 0x81B - SYS_REXEC_AF = 0x81C - SYS___DYNALLOC_A = 0x81F - SYS___POE = 0x81D - SYS_WCSTOMBS = 0x082 - SYS___INET_ADDR_A = 0x82F - SYS___NLIST_A = 0x82A - SYS_____TCGETCP_A = 0x82B - SYS_____TCSETCP_A = 0x82C - SYS_____W_PIOCTL_A = 0x82E - SYS_MBTOWC = 0x083 - SYS___CABEND = 0x83D - SYS___LE_CIB_GET = 0x83E - SYS___RECVMSG_A = 0x83B - SYS___SENDMSG_A = 0x83A - SYS___SET_LAA_FOR_JIT = 0x83F - SYS_____LCHATTR_A = 0x83C - SYS_WCTOMB = 0x084 - SYS___CBRTL_B = 0x84A - SYS___COPYSIGNF_B = 0x84B - SYS___COPYSIGNL_B = 0x84C - SYS___COTANF_B = 0x84D - SYS___COTANL_B = 0x84F - SYS___COTAN_B = 0x84E - SYS_MBSTOWCS = 0x085 - SYS___LOG1PL_B = 0x85A - SYS___LOG2F_B = 0x85B - SYS___LOG2L_B = 0x85D - SYS___LOG2_B = 0x85C - SYS___REMAINDERF_B = 0x85E - SYS___REMAINDERL_B = 0x85F - SYS_ACOSHF = 0x86E - SYS_ACOSHL = 0x86F - SYS_WCSCPY = 0x086 - SYS___ERFCF_B = 0x86D - SYS___ERFF_B = 0x86C - SYS___LROUNDF_B = 0x86A - SYS___LROUND_B = 0x86B - SYS_COTANL = 0x87A - SYS_EXP2F = 0x87B - SYS_EXP2L = 0x87C - SYS_EXPM1F = 0x87D - SYS_EXPM1L = 0x87E - SYS_FDIMF = 0x87F - SYS_WCSCAT = 0x087 - SYS___COTANL = 0x87A - SYS_REMAINDERF = 0x88A - SYS_REMAINDERL = 0x88B - SYS_REMAINDF = 0x88A - SYS_REMAINDL = 0x88B - SYS_REMQUO = 0x88D - SYS_REMQUOF = 0x88C - SYS_REMQUOL = 0x88E - SYS_TGAMMAF = 0x88F - SYS_WCSCHR = 0x088 - SYS_ERFCF = 0x89B - SYS_ERFCL = 0x89C - SYS_ERFL = 0x89A - SYS_EXP2 = 0x89E - SYS_WCSCMP = 0x089 - SYS___EXP2_B = 0x89D - SYS___FAR_JUMP = 0x89F - SYS_ABS = 0x090 - SYS___ERFCL_H = 0x90A - SYS___EXPF_H = 0x90C - SYS___EXPL_H = 0x90D - SYS___EXPM1_H = 0x90E - SYS___EXP_H = 0x90B - SYS___FDIM_H = 0x90F - SYS_DIV = 0x091 - SYS___LOG2F_H = 0x91F - SYS___LOG2_H = 0x91E - SYS___LOGB_H = 0x91D - SYS___LOGF_H = 0x91B - SYS___LOGL_H = 0x91C - SYS___LOG_H = 0x91A - SYS_LABS = 0x092 - SYS___POWL_H = 0x92A - SYS___REMAINDER_H = 0x92B - SYS___RINT_H = 0x92C - SYS___SCALB_H = 0x92D - SYS___SINF_H = 0x92F - SYS___SIN_H = 0x92E - SYS_STRNCPY = 0x093 - SYS___TANHF_H = 0x93B - SYS___TANHL_H = 0x93C - SYS___TANH_H = 0x93A - SYS___TGAMMAF_H = 0x93E - SYS___TGAMMA_H = 0x93D - SYS___TRUNC_H = 0x93F - SYS_MEMCPY = 0x094 - SYS_VFWSCANF = 0x94A - SYS_VSWSCANF = 0x94E - SYS_VWSCANF = 0x94C - SYS_INET6_RTH_ADD = 0x95D - SYS_INET6_RTH_INIT = 0x95C - SYS_INET6_RTH_REVERSE = 0x95E - SYS_INET6_RTH_SEGMENTS = 0x95F - SYS_INET6_RTH_SPACE = 0x95B - SYS_MEMMOVE = 0x095 - SYS_WCSTOLD = 0x95A - SYS_STRCPY = 0x096 - SYS_STRCMP = 0x097 - SYS_CABS = 0x98E - SYS_STRCAT = 0x098 - SYS___CABS_B = 0x98F - SYS___POW_II = 0x98A - SYS___POW_II_B = 0x98B - SYS___POW_II_H = 0x98C - SYS_CACOSF = 0x99A - SYS_CACOSL = 0x99D - SYS_STRNCAT = 0x099 - SYS___CACOSF_B = 0x99B - SYS___CACOSF_H = 0x99C - SYS___CACOSL_B = 0x99E - SYS___CACOSL_H = 0x99F - SYS_ISWALPHA = 0x100 - SYS_ISWBLANK = 0x101 - SYS___ISWBLK = 0x101 - SYS_ISWCNTRL = 0x102 - SYS_ISWDIGIT = 0x103 - SYS_ISWGRAPH = 0x104 - SYS_ISWLOWER = 0x105 - SYS_ISWPRINT = 0x106 - SYS_ISWPUNCT = 0x107 - SYS_ISWSPACE = 0x108 - SYS_ISWUPPER = 0x109 - SYS_WCTOB = 0x110 - SYS_MBRLEN = 0x111 - SYS_MBRTOWC = 0x112 - SYS_MBSRTOWC = 0x113 - SYS_MBSRTOWCS = 0x113 - SYS_WCRTOMB = 0x114 - SYS_WCSRTOMB = 0x115 - SYS_WCSRTOMBS = 0x115 - SYS___CSID = 0x116 - SYS___WCSID = 0x117 - SYS_STRPTIME = 0x118 - SYS___STRPTM = 0x118 - SYS_STRFMON = 0x119 - SYS_WCSCOLL = 0x130 - SYS_WCSXFRM = 0x131 - SYS_WCSWIDTH = 0x132 - SYS_WCWIDTH = 0x133 - SYS_WCSFTIME = 0x134 - SYS_SWPRINTF = 0x135 - SYS_VSWPRINT = 0x136 - SYS_VSWPRINTF = 0x136 - SYS_SWSCANF = 0x137 - SYS_REGCOMP = 0x138 - SYS_REGEXEC = 0x139 - SYS_GETWC = 0x140 - SYS_GETWCHAR = 0x141 - SYS_PUTWC = 0x142 - SYS_PUTWCHAR = 0x143 - SYS_UNGETWC = 0x144 - SYS_ICONV_OPEN = 0x145 - SYS_ICONV = 0x146 - SYS_ICONV_CLOSE = 0x147 - SYS_COLLRANGE = 0x150 - SYS_CCLASS = 0x151 - SYS_COLLORDER = 0x152 - SYS___DEMANGLE = 0x154 - SYS_FDOPEN = 0x155 - SYS___ERRNO = 0x156 - SYS___ERRNO2 = 0x157 - SYS___TERROR = 0x158 - SYS_MAXCOLL = 0x169 - SYS_DLLLOAD = 0x170 - SYS__EXIT = 0x174 - SYS_ACCESS = 0x175 - SYS_ALARM = 0x176 - SYS_CFGETISPEED = 0x177 - SYS_CFGETOSPEED = 0x178 - SYS_CFSETISPEED = 0x179 - SYS_CREAT = 0x180 - SYS_CTERMID = 0x181 - SYS_DUP = 0x182 - SYS_DUP2 = 0x183 - SYS_EXECL = 0x184 - SYS_EXECLE = 0x185 - SYS_EXECLP = 0x186 - SYS_EXECV = 0x187 - SYS_EXECVE = 0x188 - SYS_EXECVP = 0x189 - SYS_FSTAT = 0x190 - SYS_FSYNC = 0x191 - SYS_FTRUNCATE = 0x192 - SYS_GETCWD = 0x193 - SYS_GETEGID = 0x194 - SYS_GETEUID = 0x195 - SYS_GETGID = 0x196 - SYS_GETGRGID = 0x197 - SYS_GETGRNAM = 0x198 - SYS_GETGROUPS = 0x199 - SYS_PTHREAD_MUTEXATTR_DESTROY = 0x200 - SYS_PTHREAD_MUTEXATTR_SETKIND_NP = 0x201 - SYS_PTHREAD_MUTEXATTR_GETKIND_NP = 0x202 - SYS_PTHREAD_MUTEX_INIT = 0x203 - SYS_PTHREAD_MUTEX_DESTROY = 0x204 - SYS_PTHREAD_MUTEX_LOCK = 0x205 - SYS_PTHREAD_MUTEX_TRYLOCK = 0x206 - SYS_PTHREAD_MUTEX_UNLOCK = 0x207 - SYS_PTHREAD_ONCE = 0x209 - SYS_TW_OPEN = 0x210 - SYS_TW_FCNTL = 0x211 - SYS_PTHREAD_JOIN_D4_NP = 0x212 - SYS_PTHREAD_CONDATTR_SETKIND_NP = 0x213 - SYS_PTHREAD_CONDATTR_GETKIND_NP = 0x214 - SYS_EXTLINK_NP = 0x215 - SYS___PASSWD = 0x216 - SYS_SETGROUPS = 0x217 - SYS_INITGROUPS = 0x218 - SYS_WCSRCHR = 0x240 - SYS_SVC99 = 0x241 - SYS___SVC99 = 0x241 - SYS_WCSWCS = 0x242 - SYS_LOCALECO = 0x243 - SYS_LOCALECONV = 0x243 - SYS___LIBREL = 0x244 - SYS_RELEASE = 0x245 - SYS___RLSE = 0x245 - SYS_FLOCATE = 0x246 - SYS___FLOCT = 0x246 - SYS_FDELREC = 0x247 - SYS___FDLREC = 0x247 - SYS_FETCH = 0x248 - SYS___FETCH = 0x248 - SYS_QSORT = 0x249 - SYS___CLEANUPCATCH = 0x260 - SYS___CATCHMATCH = 0x261 - SYS___CLEAN2UPCATCH = 0x262 - SYS_GETPRIORITY = 0x270 - SYS_NICE = 0x271 - SYS_SETPRIORITY = 0x272 - SYS_GETITIMER = 0x273 - SYS_SETITIMER = 0x274 - SYS_MSGCTL = 0x275 - SYS_MSGGET = 0x276 - SYS_MSGRCV = 0x277 - SYS_MSGSND = 0x278 - SYS_MSGXRCV = 0x279 - SYS___MSGXR = 0x279 - SYS_SHMGET = 0x280 - SYS___GETIPC = 0x281 - SYS_SETGRENT = 0x282 - SYS_GETGRENT = 0x283 - SYS_ENDGRENT = 0x284 - SYS_SETPWENT = 0x285 - SYS_GETPWENT = 0x286 - SYS_ENDPWENT = 0x287 - SYS_BSD_SIGNAL = 0x288 - SYS_KILLPG = 0x289 - SYS_SIGSET = 0x290 - SYS_SIGSTACK = 0x291 - SYS_GETRLIMIT = 0x292 - SYS_SETRLIMIT = 0x293 - SYS_GETRUSAGE = 0x294 - SYS_MMAP = 0x295 - SYS_MPROTECT = 0x296 - SYS_MSYNC = 0x297 - SYS_MUNMAP = 0x298 - SYS_CONFSTR = 0x299 - SYS___NDMTRM = 0x300 - SYS_FTOK = 0x301 - SYS_BASENAME = 0x302 - SYS_DIRNAME = 0x303 - SYS_GETDTABLESIZE = 0x304 - SYS_MKSTEMP = 0x305 - SYS_MKTEMP = 0x306 - SYS_NFTW = 0x307 - SYS_GETWD = 0x308 - SYS_LOCKF = 0x309 - SYS_WORDEXP = 0x310 - SYS_WORDFREE = 0x311 - SYS_GETPGID = 0x312 - SYS_GETSID = 0x313 - SYS___UTMPXNAME = 0x314 - SYS_CUSERID = 0x315 - SYS_GETPASS = 0x316 - SYS_FNMATCH = 0x317 - SYS_FTW = 0x318 - SYS_GETW = 0x319 - SYS_ACOSH = 0x320 - SYS_ASINH = 0x321 - SYS_ATANH = 0x322 - SYS_CBRT = 0x323 - SYS_EXPM1 = 0x324 - SYS_ILOGB = 0x325 - SYS_LOGB = 0x326 - SYS_LOG1P = 0x327 - SYS_NEXTAFTER = 0x328 - SYS_RINT = 0x329 - SYS_SPAWN = 0x330 - SYS_SPAWNP = 0x331 - SYS_GETLOGIN_UU = 0x332 - SYS_ECVT = 0x333 - SYS_FCVT = 0x334 - SYS_GCVT = 0x335 - SYS_ACCEPT = 0x336 - SYS_BIND = 0x337 - SYS_CONNECT = 0x338 - SYS_ENDHOSTENT = 0x339 - SYS_GETHOSTENT = 0x340 - SYS_GETHOSTID = 0x341 - SYS_GETHOSTNAME = 0x342 - SYS_GETNETBYADDR = 0x343 - SYS_GETNETBYNAME = 0x344 - SYS_GETNETENT = 0x345 - SYS_GETPEERNAME = 0x346 - SYS_GETPROTOBYNAME = 0x347 - SYS_GETPROTOBYNUMBER = 0x348 - SYS_GETPROTOENT = 0x349 - SYS_INET_LNAOF = 0x350 - SYS_INET_MAKEADDR = 0x351 - SYS_INET_NETOF = 0x352 - SYS_INET_NETWORK = 0x353 - SYS_INET_NTOA = 0x354 - SYS_IOCTL = 0x355 - SYS_LISTEN = 0x356 - SYS_READV = 0x357 - SYS_RECV = 0x358 - SYS_RECVFROM = 0x359 - SYS_SETHOSTENT = 0x360 - SYS_SETNETENT = 0x361 - SYS_SETPEER = 0x362 - SYS_SETPROTOENT = 0x363 - SYS_SETSERVENT = 0x364 - SYS_SETSOCKOPT = 0x365 - SYS_SHUTDOWN = 0x366 - SYS_SOCKET = 0x367 - SYS_SOCKETPAIR = 0x368 - SYS_WRITEV = 0x369 - SYS_ENDNETENT = 0x370 - SYS_CLOSELOG = 0x371 - SYS_OPENLOG = 0x372 - SYS_SETLOGMASK = 0x373 - SYS_SYSLOG = 0x374 - SYS_PTSNAME = 0x375 - SYS_SETREUID = 0x376 - SYS_SETREGID = 0x377 - SYS_REALPATH = 0x378 - SYS___SIGNGAM = 0x379 - SYS_POLL = 0x380 - SYS_REXEC = 0x381 - SYS___ISASCII2 = 0x382 - SYS___TOASCII2 = 0x383 - SYS_CHPRIORITY = 0x384 - SYS_PTHREAD_ATTR_SETSYNCTYPE_NP = 0x385 - SYS_PTHREAD_ATTR_GETSYNCTYPE_NP = 0x386 - SYS_PTHREAD_SET_LIMIT_NP = 0x387 - SYS___STNETENT = 0x388 - SYS___STPROTOENT = 0x389 - SYS___SELECT1 = 0x390 - SYS_PTHREAD_SECURITY_NP = 0x391 - SYS___CHECK_RESOURCE_AUTH_NP = 0x392 - SYS___CONVERT_ID_NP = 0x393 - SYS___OPENVMREL = 0x394 - SYS_WMEMCHR = 0x395 - SYS_WMEMCMP = 0x396 - SYS_WMEMCPY = 0x397 - SYS_WMEMMOVE = 0x398 - SYS_WMEMSET = 0x399 - SYS___FPUTWC = 0x400 - SYS___PUTWC = 0x401 - SYS___PWCHAR = 0x402 - SYS___WCSFTM = 0x403 - SYS___WCSTOK = 0x404 - SYS___WCWDTH = 0x405 - SYS_T_ACCEPT = 0x409 - SYS_T_GETINFO = 0x410 - SYS_T_GETPROTADDR = 0x411 - SYS_T_GETSTATE = 0x412 - SYS_T_LISTEN = 0x413 - SYS_T_LOOK = 0x414 - SYS_T_OPEN = 0x415 - SYS_T_OPTMGMT = 0x416 - SYS_T_RCV = 0x417 - SYS_T_RCVCONNECT = 0x418 - SYS_T_RCVDIS = 0x419 - SYS_T_SNDUDATA = 0x420 - SYS_T_STRERROR = 0x421 - SYS_T_SYNC = 0x422 - SYS_T_UNBIND = 0x423 - SYS___T_ERRNO = 0x424 - SYS___RECVMSG2 = 0x425 - SYS___SENDMSG2 = 0x426 - SYS_FATTACH = 0x427 - SYS_FDETACH = 0x428 - SYS_GETMSG = 0x429 - SYS_GETCONTEXT = 0x430 - SYS_SETCONTEXT = 0x431 - SYS_MAKECONTEXT = 0x432 - SYS_SWAPCONTEXT = 0x433 - SYS_PTHREAD_GETSPECIFIC_D8_NP = 0x434 - SYS_GETCLIENTID = 0x470 - SYS___GETCLIENTID = 0x471 - SYS_GETSTABLESIZE = 0x472 - SYS_GETIBMOPT = 0x473 - SYS_GETIBMSOCKOPT = 0x474 - SYS_GIVESOCKET = 0x475 - SYS_IBMSFLUSH = 0x476 - SYS_MAXDESC = 0x477 - SYS_SETIBMOPT = 0x478 - SYS_SETIBMSOCKOPT = 0x479 - SYS___SERVER_PWU = 0x480 - SYS_PTHREAD_TAG_NP = 0x481 - SYS___CONSOLE = 0x482 - SYS___WSINIT = 0x483 - SYS___IPTCPN = 0x489 - SYS___SERVER_CLASSIFY = 0x490 - SYS___HEAPRPT = 0x496 - SYS___ISBFP = 0x500 - SYS___FP_CAST = 0x501 - SYS___CERTIFICATE = 0x502 - SYS_SEND_FILE = 0x503 - SYS_AIO_CANCEL = 0x504 - SYS_AIO_ERROR = 0x505 - SYS_AIO_READ = 0x506 - SYS_AIO_RETURN = 0x507 - SYS_AIO_SUSPEND = 0x508 - SYS_AIO_WRITE = 0x509 - SYS_PTHREAD_RWLOCK_TRYWRLOCK = 0x510 - SYS_PTHREAD_RWLOCK_UNLOCK = 0x511 - SYS_PTHREAD_RWLOCK_WRLOCK = 0x512 - SYS_PTHREAD_RWLOCKATTR_GETPSHARED = 0x513 - SYS_PTHREAD_RWLOCKATTR_SETPSHARED = 0x514 - SYS_PTHREAD_RWLOCKATTR_INIT = 0x515 - SYS_PTHREAD_RWLOCKATTR_DESTROY = 0x516 - SYS___CTTBL = 0x517 - SYS_PTHREAD_MUTEXATTR_SETTYPE = 0x518 - SYS_PTHREAD_MUTEXATTR_GETTYPE = 0x519 - SYS___FP_UNORDERED = 0x520 - SYS___FP_READ_RND = 0x521 - SYS___FP_READ_RND_B = 0x522 - SYS___FP_SWAP_RND = 0x523 - SYS___FP_SWAP_RND_B = 0x524 - SYS___FP_LEVEL = 0x525 - SYS___FP_BTOH = 0x526 - SYS___FP_HTOB = 0x527 - SYS___FPC_RD = 0x528 - SYS___FPC_WR = 0x529 - SYS_PTHREAD_SETCANCELTYPE = 0x600 - SYS_PTHREAD_TESTCANCEL = 0x601 - SYS___ATANF_B = 0x602 - SYS___ATANL_B = 0x603 - SYS___CEILF_B = 0x604 - SYS___CEILL_B = 0x605 - SYS___COSF_B = 0x606 - SYS___COSL_B = 0x607 - SYS___FABSF_B = 0x608 - SYS___FABSL_B = 0x609 - SYS___SINF_B = 0x610 - SYS___SINL_B = 0x611 - SYS___TANF_B = 0x612 - SYS___TANL_B = 0x613 - SYS___TANHF_B = 0x614 - SYS___TANHL_B = 0x615 - SYS___ACOSF_B = 0x616 - SYS___ACOSL_B = 0x617 - SYS___ASINF_B = 0x618 - SYS___ASINL_B = 0x619 - SYS___LOGF_B = 0x620 - SYS___LOGL_B = 0x621 - SYS___LOG10F_B = 0x622 - SYS___LOG10L_B = 0x623 - SYS___POWF_B = 0x624 - SYS___POWL_B = 0x625 - SYS___SINHF_B = 0x626 - SYS___SINHL_B = 0x627 - SYS___SQRTF_B = 0x628 - SYS___SQRTL_B = 0x629 - SYS___MODFL_B = 0x630 - SYS_ABSF = 0x631 - SYS_ABSL = 0x632 - SYS_ACOSF = 0x633 - SYS_ACOSL = 0x634 - SYS_ASINF = 0x635 - SYS_ASINL = 0x636 - SYS_ATAN2F = 0x637 - SYS_ATAN2L = 0x638 - SYS_ATANF = 0x639 - SYS_COSHL = 0x640 - SYS_EXPF = 0x641 - SYS_EXPL = 0x642 - SYS_TANHF = 0x643 - SYS_TANHL = 0x644 - SYS_LOG10F = 0x645 - SYS_LOG10L = 0x646 - SYS_LOGF = 0x647 - SYS_LOGL = 0x648 - SYS_POWF = 0x649 - SYS_SINHL = 0x650 - SYS_TANF = 0x651 - SYS_TANL = 0x652 - SYS_FABSF = 0x653 - SYS_FABSL = 0x654 - SYS_FLOORF = 0x655 - SYS_FLOORL = 0x656 - SYS_FMODF = 0x657 - SYS_FMODL = 0x658 - SYS_FREXPF = 0x659 - SYS___CHATTR = 0x660 - SYS___FCHATTR = 0x661 - SYS___TOCCSID = 0x662 - SYS___CSNAMETYPE = 0x663 - SYS___TOCSNAME = 0x664 - SYS___CCSIDTYPE = 0x665 - SYS___AE_CORRESTBL_QUERY = 0x666 - SYS___AE_AUTOCONVERT_STATE = 0x667 - SYS_DN_FIND = 0x668 - SYS___GETHOSTBYADDR_A = 0x669 - SYS___MBLEN_SB_A = 0x670 - SYS___MBLEN_STD_A = 0x671 - SYS___MBLEN_UTF = 0x672 - SYS___MBSTOWCS_A = 0x673 - SYS___MBSTOWCS_STD_A = 0x674 - SYS___MBTOWC_A = 0x675 - SYS___MBTOWC_ISO1 = 0x676 - SYS___MBTOWC_SBCS = 0x677 - SYS___MBTOWC_MBCS = 0x678 - SYS___MBTOWC_UTF = 0x679 - SYS___CSID_A = 0x680 - SYS___CSID_STD_A = 0x681 - SYS___WCSID_A = 0x682 - SYS___WCSID_STD_A = 0x683 - SYS___WCTOMB_A = 0x684 - SYS___WCTOMB_ISO1 = 0x685 - SYS___WCTOMB_STD_A = 0x686 - SYS___WCTOMB_UTF = 0x687 - SYS___WCWIDTH_A = 0x688 - SYS___GETGRNAM_R_A = 0x689 - SYS___READDIR_R_A = 0x690 - SYS___E2A_S = 0x691 - SYS___FNMATCH_A = 0x692 - SYS___FNMATCH_C_A = 0x693 - SYS___EXECL_A = 0x694 - SYS___FNMATCH_STD_A = 0x695 - SYS___REGCOMP_A = 0x696 - SYS___REGCOMP_STD_A = 0x697 - SYS___REGERROR_A = 0x698 - SYS___REGERROR_STD_A = 0x699 - SYS___SWPRINTF_A = 0x700 - SYS___FSCANF_A = 0x701 - SYS___SCANF_A = 0x702 - SYS___SSCANF_A = 0x703 - SYS___SWSCANF_A = 0x704 - SYS___ATOF_A = 0x705 - SYS___ATOI_A = 0x706 - SYS___ATOL_A = 0x707 - SYS___STRTOD_A = 0x708 - SYS___STRTOL_A = 0x709 - SYS___L64A_A = 0x710 - SYS___STRERROR_A = 0x711 - SYS___PERROR_A = 0x712 - SYS___FETCH_A = 0x713 - SYS___GETENV_A = 0x714 - SYS___MKSTEMP_A = 0x717 - SYS___PTSNAME_A = 0x718 - SYS___PUTENV_A = 0x719 - SYS___CHDIR_A = 0x720 - SYS___CHOWN_A = 0x721 - SYS___CHROOT_A = 0x722 - SYS___GETCWD_A = 0x723 - SYS___GETWD_A = 0x724 - SYS___LCHOWN_A = 0x725 - SYS___LINK_A = 0x726 - SYS___PATHCONF_A = 0x727 - SYS___IF_NAMEINDEX_A = 0x728 - SYS___READLINK_A = 0x729 - SYS___EXTLINK_NP_A = 0x730 - SYS___ISALNUM_A = 0x731 - SYS___ISALPHA_A = 0x732 - SYS___A2E_S = 0x733 - SYS___ISCNTRL_A = 0x734 - SYS___ISDIGIT_A = 0x735 - SYS___ISGRAPH_A = 0x736 - SYS___ISLOWER_A = 0x737 - SYS___ISPRINT_A = 0x738 - SYS___ISPUNCT_A = 0x739 - SYS___ISWALPHA_A = 0x740 - SYS___A2E_L = 0x741 - SYS___ISWCNTRL_A = 0x742 - SYS___ISWDIGIT_A = 0x743 - SYS___ISWGRAPH_A = 0x744 - SYS___ISWLOWER_A = 0x745 - SYS___ISWPRINT_A = 0x746 - SYS___ISWPUNCT_A = 0x747 - SYS___ISWSPACE_A = 0x748 - SYS___ISWUPPER_A = 0x749 - SYS___REMOVE_A = 0x750 - SYS___RENAME_A = 0x751 - SYS___TMPNAM_A = 0x752 - SYS___FOPEN_A = 0x753 - SYS___FREOPEN_A = 0x754 - SYS___CUSERID_A = 0x755 - SYS___POPEN_A = 0x756 - SYS___TEMPNAM_A = 0x757 - SYS___FTW_A = 0x758 - SYS___GETGRENT_A = 0x759 - SYS___INET_NTOP_A = 0x760 - SYS___GETPASS_A = 0x761 - SYS___GETPWENT_A = 0x762 - SYS___GETPWNAM_A = 0x763 - SYS___GETPWUID_A = 0x764 - SYS_____CHECK_RESOURCE_AUTH_NP_A = 0x765 - SYS___CHECKSCHENV_A = 0x766 - SYS___CONNECTSERVER_A = 0x767 - SYS___CONNECTWORKMGR_A = 0x768 - SYS_____CONSOLE_A = 0x769 - SYS___MSGSND_A = 0x770 - SYS___MSGXRCV_A = 0x771 - SYS___NFTW_A = 0x772 - SYS_____PASSWD_A = 0x773 - SYS___PTHREAD_SECURITY_NP_A = 0x774 - SYS___QUERYMETRICS_A = 0x775 - SYS___QUERYSCHENV = 0x776 - SYS___READV_A = 0x777 - SYS_____SERVER_CLASSIFY_A = 0x778 - SYS_____SERVER_INIT_A = 0x779 - SYS___W_GETPSENT_A = 0x780 - SYS___WRITEV_A = 0x781 - SYS___W_STATFS_A = 0x782 - SYS___W_STATVFS_A = 0x783 - SYS___FPUTC_A = 0x784 - SYS___PUTCHAR_A = 0x785 - SYS___PUTS_A = 0x786 - SYS___FGETS_A = 0x787 - SYS___GETS_A = 0x788 - SYS___FPUTS_A = 0x789 - SYS___PUTC_A = 0x790 - SYS___AE_THREAD_SETMODE = 0x791 - SYS___AE_THREAD_SWAPMODE = 0x792 - SYS___GETNETBYADDR_A = 0x793 - SYS___GETNETBYNAME_A = 0x794 - SYS___GETNETENT_A = 0x795 - SYS___GETPROTOBYNAME_A = 0x796 - SYS___GETPROTOBYNUMBER_A = 0x797 - SYS___GETPROTOENT_A = 0x798 - SYS___GETSERVBYNAME_A = 0x799 - SYS_ACL_FIRST_ENTRY = 0x800 - SYS_ACL_GET_ENTRY = 0x801 - SYS_ACL_VALID = 0x802 - SYS_ACL_CREATE_ENTRY = 0x803 - SYS_ACL_DELETE_ENTRY = 0x804 - SYS_ACL_UPDATE_ENTRY = 0x805 - SYS_ACL_DELETE_FD = 0x806 - SYS_ACL_DELETE_FILE = 0x807 - SYS_ACL_GET_FD = 0x808 - SYS_ACL_GET_FILE = 0x809 - SYS___ERFL_B = 0x810 - SYS___ERFCL_B = 0x811 - SYS___LGAMMAL_B = 0x812 - SYS___SETHOOKEVENTS = 0x813 - SYS_IF_NAMETOINDEX = 0x814 - SYS_IF_INDEXTONAME = 0x815 - SYS_IF_NAMEINDEX = 0x816 - SYS_IF_FREENAMEINDEX = 0x817 - SYS_GETADDRINFO = 0x818 - SYS_GETNAMEINFO = 0x819 - SYS___DYNFREE_A = 0x820 - SYS___RES_QUERY_A = 0x821 - SYS___RES_SEARCH_A = 0x822 - SYS___RES_QUERYDOMAIN_A = 0x823 - SYS___RES_MKQUERY_A = 0x824 - SYS___RES_SEND_A = 0x825 - SYS___DN_EXPAND_A = 0x826 - SYS___DN_SKIPNAME_A = 0x827 - SYS___DN_COMP_A = 0x828 - SYS___DN_FIND_A = 0x829 - SYS___INET_NTOA_A = 0x830 - SYS___INET_NETWORK_A = 0x831 - SYS___ACCEPT_A = 0x832 - SYS___ACCEPT_AND_RECV_A = 0x833 - SYS___BIND_A = 0x834 - SYS___CONNECT_A = 0x835 - SYS___GETPEERNAME_A = 0x836 - SYS___GETSOCKNAME_A = 0x837 - SYS___RECVFROM_A = 0x838 - SYS___SENDTO_A = 0x839 - SYS___LCHATTR = 0x840 - SYS___WRITEDOWN = 0x841 - SYS_PTHREAD_MUTEX_INIT2 = 0x842 - SYS___ACOSHF_B = 0x843 - SYS___ACOSHL_B = 0x844 - SYS___ASINHF_B = 0x845 - SYS___ASINHL_B = 0x846 - SYS___ATANHF_B = 0x847 - SYS___ATANHL_B = 0x848 - SYS___CBRTF_B = 0x849 - SYS___EXP2F_B = 0x850 - SYS___EXP2L_B = 0x851 - SYS___EXPM1F_B = 0x852 - SYS___EXPM1L_B = 0x853 - SYS___FDIMF_B = 0x854 - SYS___FDIM_B = 0x855 - SYS___FDIML_B = 0x856 - SYS___HYPOTF_B = 0x857 - SYS___HYPOTL_B = 0x858 - SYS___LOG1PF_B = 0x859 - SYS___REMQUOF_B = 0x860 - SYS___REMQUO_B = 0x861 - SYS___REMQUOL_B = 0x862 - SYS___TGAMMAF_B = 0x863 - SYS___TGAMMA_B = 0x864 - SYS___TGAMMAL_B = 0x865 - SYS___TRUNCF_B = 0x866 - SYS___TRUNC_B = 0x867 - SYS___TRUNCL_B = 0x868 - SYS___LGAMMAF_B = 0x869 - SYS_ASINHF = 0x870 - SYS_ASINHL = 0x871 - SYS_ATANHF = 0x872 - SYS_ATANHL = 0x873 - SYS_CBRTF = 0x874 - SYS_CBRTL = 0x875 - SYS_COPYSIGNF = 0x876 - SYS_CPYSIGNF = 0x876 - SYS_COPYSIGNL = 0x877 - SYS_CPYSIGNL = 0x877 - SYS_COTANF = 0x878 - SYS___COTANF = 0x878 - SYS_COTAN = 0x879 - SYS___COTAN = 0x879 - SYS_FDIM = 0x881 - SYS_FDIML = 0x882 - SYS_HYPOTF = 0x883 - SYS_HYPOTL = 0x884 - SYS_LOG1PF = 0x885 - SYS_LOG1PL = 0x886 - SYS_LOG2F = 0x887 - SYS_LOG2 = 0x888 - SYS_LOG2L = 0x889 - SYS_TGAMMA = 0x890 - SYS_TGAMMAL = 0x891 - SYS_TRUNCF = 0x892 - SYS_TRUNC = 0x893 - SYS_TRUNCL = 0x894 - SYS_LGAMMAF = 0x895 - SYS_LGAMMAL = 0x896 - SYS_LROUNDF = 0x897 - SYS_LROUND = 0x898 - SYS_ERFF = 0x899 - SYS___COSHF_H = 0x900 - SYS___COSHL_H = 0x901 - SYS___COTAN_H = 0x902 - SYS___COTANF_H = 0x903 - SYS___COTANL_H = 0x904 - SYS___ERF_H = 0x905 - SYS___ERFF_H = 0x906 - SYS___ERFL_H = 0x907 - SYS___ERFC_H = 0x908 - SYS___ERFCF_H = 0x909 - SYS___FDIMF_H = 0x910 - SYS___FDIML_H = 0x911 - SYS___FMOD_H = 0x912 - SYS___FMODF_H = 0x913 - SYS___FMODL_H = 0x914 - SYS___GAMMA_H = 0x915 - SYS___HYPOT_H = 0x916 - SYS___ILOGB_H = 0x917 - SYS___LGAMMA_H = 0x918 - SYS___LGAMMAF_H = 0x919 - SYS___LOG2L_H = 0x920 - SYS___LOG1P_H = 0x921 - SYS___LOG10_H = 0x922 - SYS___LOG10F_H = 0x923 - SYS___LOG10L_H = 0x924 - SYS___LROUND_H = 0x925 - SYS___LROUNDF_H = 0x926 - SYS___NEXTAFTER_H = 0x927 - SYS___POW_H = 0x928 - SYS___POWF_H = 0x929 - SYS___SINL_H = 0x930 - SYS___SINH_H = 0x931 - SYS___SINHF_H = 0x932 - SYS___SINHL_H = 0x933 - SYS___SQRT_H = 0x934 - SYS___SQRTF_H = 0x935 - SYS___SQRTL_H = 0x936 - SYS___TAN_H = 0x937 - SYS___TANF_H = 0x938 - SYS___TANL_H = 0x939 - SYS___TRUNCF_H = 0x940 - SYS___TRUNCL_H = 0x941 - SYS___COSH_H = 0x942 - SYS___LE_DEBUG_SET_RESUME_MCH = 0x943 - SYS_VFSCANF = 0x944 - SYS_VSCANF = 0x946 - SYS_VSSCANF = 0x948 - SYS_IMAXABS = 0x950 - SYS_IMAXDIV = 0x951 - SYS_STRTOIMAX = 0x952 - SYS_STRTOUMAX = 0x953 - SYS_WCSTOIMAX = 0x954 - SYS_WCSTOUMAX = 0x955 - SYS_ATOLL = 0x956 - SYS_STRTOF = 0x957 - SYS_STRTOLD = 0x958 - SYS_WCSTOF = 0x959 - SYS_INET6_RTH_GETADDR = 0x960 - SYS_INET6_OPT_INIT = 0x961 - SYS_INET6_OPT_APPEND = 0x962 - SYS_INET6_OPT_FINISH = 0x963 - SYS_INET6_OPT_SET_VAL = 0x964 - SYS_INET6_OPT_NEXT = 0x965 - SYS_INET6_OPT_FIND = 0x966 - SYS_INET6_OPT_GET_VAL = 0x967 - SYS___POW_I = 0x987 - SYS___POW_I_B = 0x988 - SYS___POW_I_H = 0x989 - SYS___CABS_H = 0x990 - SYS_CABSF = 0x991 - SYS___CABSF_B = 0x992 - SYS___CABSF_H = 0x993 - SYS_CABSL = 0x994 - SYS___CABSL_B = 0x995 - SYS___CABSL_H = 0x996 - SYS_CACOS = 0x997 - SYS___CACOS_B = 0x998 - SYS___CACOS_H = 0x999 + SYS_LOG = 0x17 // 23 + SYS_COSH = 0x18 // 24 + SYS_TANH = 0x19 // 25 + SYS_EXP = 0x1A // 26 + SYS_MODF = 0x1B // 27 + SYS_LOG10 = 0x1C // 28 + SYS_FREXP = 0x1D // 29 + SYS_LDEXP = 0x1E // 30 + SYS_CEIL = 0x1F // 31 + SYS_POW = 0x20 // 32 + SYS_SQRT = 0x21 // 33 + SYS_FLOOR = 0x22 // 34 + SYS_J1 = 0x23 // 35 + SYS_FABS = 0x24 // 36 + SYS_FMOD = 0x25 // 37 + SYS_J0 = 0x26 // 38 + SYS_YN = 0x27 // 39 + SYS_JN = 0x28 // 40 + SYS_Y0 = 0x29 // 41 + SYS_Y1 = 0x2A // 42 + SYS_HYPOT = 0x2B // 43 + SYS_ERF = 0x2C // 44 + SYS_ERFC = 0x2D // 45 + SYS_GAMMA = 0x2E // 46 + SYS_ISALPHA = 0x30 // 48 + SYS_ISALNUM = 0x31 // 49 + SYS_ISLOWER = 0x32 // 50 + SYS_ISCNTRL = 0x33 // 51 + SYS_ISDIGIT = 0x34 // 52 + SYS_ISGRAPH = 0x35 // 53 + SYS_ISUPPER = 0x36 // 54 + SYS_ISPRINT = 0x37 // 55 + SYS_ISPUNCT = 0x38 // 56 + SYS_ISSPACE = 0x39 // 57 + SYS_SETLOCAL = 0x3A // 58 + SYS_SETLOCALE = 0x3A // 58 + SYS_ISXDIGIT = 0x3B // 59 + SYS_TOLOWER = 0x3C // 60 + SYS_TOUPPER = 0x3D // 61 + SYS_ASIN = 0x3E // 62 + SYS_SIN = 0x3F // 63 + SYS_COS = 0x40 // 64 + SYS_TAN = 0x41 // 65 + SYS_SINH = 0x42 // 66 + SYS_ACOS = 0x43 // 67 + SYS_ATAN = 0x44 // 68 + SYS_ATAN2 = 0x45 // 69 + SYS_FTELL = 0x46 // 70 + SYS_FGETPOS = 0x47 // 71 + SYS_FSEEK = 0x48 // 72 + SYS_FSETPOS = 0x49 // 73 + SYS_FERROR = 0x4A // 74 + SYS_REWIND = 0x4B // 75 + SYS_CLEARERR = 0x4C // 76 + SYS_FEOF = 0x4D // 77 + SYS_ATOL = 0x4E // 78 + SYS_PERROR = 0x4F // 79 + SYS_ATOF = 0x50 // 80 + SYS_ATOI = 0x51 // 81 + SYS_RAND = 0x52 // 82 + SYS_STRTOD = 0x53 // 83 + SYS_STRTOL = 0x54 // 84 + SYS_STRTOUL = 0x55 // 85 + SYS_MALLOC = 0x56 // 86 + SYS_SRAND = 0x57 // 87 + SYS_CALLOC = 0x58 // 88 + SYS_FREE = 0x59 // 89 + SYS_EXIT = 0x5A // 90 + SYS_REALLOC = 0x5B // 91 + SYS_ABORT = 0x5C // 92 + SYS___ABORT = 0x5C // 92 + SYS_ATEXIT = 0x5D // 93 + SYS_RAISE = 0x5E // 94 + SYS_SETJMP = 0x5F // 95 + SYS_LONGJMP = 0x60 // 96 + SYS_SIGNAL = 0x61 // 97 + SYS_TMPNAM = 0x62 // 98 + SYS_REMOVE = 0x63 // 99 + SYS_RENAME = 0x64 // 100 + SYS_TMPFILE = 0x65 // 101 + SYS_FREOPEN = 0x66 // 102 + SYS_FCLOSE = 0x67 // 103 + SYS_FFLUSH = 0x68 // 104 + SYS_FOPEN = 0x69 // 105 + SYS_FSCANF = 0x6A // 106 + SYS_SETBUF = 0x6B // 107 + SYS_SETVBUF = 0x6C // 108 + SYS_FPRINTF = 0x6D // 109 + SYS_SSCANF = 0x6E // 110 + SYS_PRINTF = 0x6F // 111 + SYS_SCANF = 0x70 // 112 + SYS_SPRINTF = 0x71 // 113 + SYS_FGETC = 0x72 // 114 + SYS_VFPRINTF = 0x73 // 115 + SYS_VPRINTF = 0x74 // 116 + SYS_VSPRINTF = 0x75 // 117 + SYS_GETC = 0x76 // 118 + SYS_FGETS = 0x77 // 119 + SYS_FPUTC = 0x78 // 120 + SYS_FPUTS = 0x79 // 121 + SYS_PUTCHAR = 0x7A // 122 + SYS_GETCHAR = 0x7B // 123 + SYS_GETS = 0x7C // 124 + SYS_PUTC = 0x7D // 125 + SYS_FWRITE = 0x7E // 126 + SYS_PUTS = 0x7F // 127 + SYS_UNGETC = 0x80 // 128 + SYS_FREAD = 0x81 // 129 + SYS_WCSTOMBS = 0x82 // 130 + SYS_MBTOWC = 0x83 // 131 + SYS_WCTOMB = 0x84 // 132 + SYS_MBSTOWCS = 0x85 // 133 + SYS_WCSCPY = 0x86 // 134 + SYS_WCSCAT = 0x87 // 135 + SYS_WCSCHR = 0x88 // 136 + SYS_WCSCMP = 0x89 // 137 + SYS_WCSNCMP = 0x8A // 138 + SYS_WCSCSPN = 0x8B // 139 + SYS_WCSLEN = 0x8C // 140 + SYS_WCSNCAT = 0x8D // 141 + SYS_WCSSPN = 0x8E // 142 + SYS_WCSNCPY = 0x8F // 143 + SYS_ABS = 0x90 // 144 + SYS_DIV = 0x91 // 145 + SYS_LABS = 0x92 // 146 + SYS_STRNCPY = 0x93 // 147 + SYS_MEMCPY = 0x94 // 148 + SYS_MEMMOVE = 0x95 // 149 + SYS_STRCPY = 0x96 // 150 + SYS_STRCMP = 0x97 // 151 + SYS_STRCAT = 0x98 // 152 + SYS_STRNCAT = 0x99 // 153 + SYS_MEMCMP = 0x9A // 154 + SYS_MEMCHR = 0x9B // 155 + SYS_STRCOLL = 0x9C // 156 + SYS_STRNCMP = 0x9D // 157 + SYS_STRXFRM = 0x9E // 158 + SYS_STRRCHR = 0x9F // 159 + SYS_STRCHR = 0xA0 // 160 + SYS_STRCSPN = 0xA1 // 161 + SYS_STRPBRK = 0xA2 // 162 + SYS_MEMSET = 0xA3 // 163 + SYS_STRSPN = 0xA4 // 164 + SYS_STRSTR = 0xA5 // 165 + SYS_STRTOK = 0xA6 // 166 + SYS_DIFFTIME = 0xA7 // 167 + SYS_STRERROR = 0xA8 // 168 + SYS_STRLEN = 0xA9 // 169 + SYS_CLOCK = 0xAA // 170 + SYS_CTIME = 0xAB // 171 + SYS_MKTIME = 0xAC // 172 + SYS_TIME = 0xAD // 173 + SYS_ASCTIME = 0xAE // 174 + SYS_MBLEN = 0xAF // 175 + SYS_GMTIME = 0xB0 // 176 + SYS_LOCALTIM = 0xB1 // 177 + SYS_LOCALTIME = 0xB1 // 177 + SYS_STRFTIME = 0xB2 // 178 + SYS___GETCB = 0xB4 // 180 + SYS_FUPDATE = 0xB5 // 181 + SYS___FUPDT = 0xB5 // 181 + SYS_CLRMEMF = 0xBD // 189 + SYS___CLRMF = 0xBD // 189 + SYS_FETCHEP = 0xBF // 191 + SYS___FTCHEP = 0xBF // 191 + SYS_FLDATA = 0xC1 // 193 + SYS___FLDATA = 0xC1 // 193 + SYS_DYNFREE = 0xC2 // 194 + SYS___DYNFRE = 0xC2 // 194 + SYS_DYNALLOC = 0xC3 // 195 + SYS___DYNALL = 0xC3 // 195 + SYS___CDUMP = 0xC4 // 196 + SYS_CSNAP = 0xC5 // 197 + SYS___CSNAP = 0xC5 // 197 + SYS_CTRACE = 0xC6 // 198 + SYS___CTRACE = 0xC6 // 198 + SYS___CTEST = 0xC7 // 199 + SYS_SETENV = 0xC8 // 200 + SYS___SETENV = 0xC8 // 200 + SYS_CLEARENV = 0xC9 // 201 + SYS___CLRENV = 0xC9 // 201 + SYS___REGCOMP_STD = 0xEA // 234 + SYS_NL_LANGINFO = 0xFC // 252 + SYS_GETSYNTX = 0xFD // 253 + SYS_ISBLANK = 0xFE // 254 + SYS___ISBLNK = 0xFE // 254 + SYS_ISWALNUM = 0xFF // 255 + SYS_ISWALPHA = 0x100 // 256 + SYS_ISWBLANK = 0x101 // 257 + SYS___ISWBLK = 0x101 // 257 + SYS_ISWCNTRL = 0x102 // 258 + SYS_ISWDIGIT = 0x103 // 259 + SYS_ISWGRAPH = 0x104 // 260 + SYS_ISWLOWER = 0x105 // 261 + SYS_ISWPRINT = 0x106 // 262 + SYS_ISWPUNCT = 0x107 // 263 + SYS_ISWSPACE = 0x108 // 264 + SYS_ISWUPPER = 0x109 // 265 + SYS_ISWXDIGI = 0x10A // 266 + SYS_ISWXDIGIT = 0x10A // 266 + SYS_WCTYPE = 0x10B // 267 + SYS_ISWCTYPE = 0x10C // 268 + SYS_TOWLOWER = 0x10D // 269 + SYS_TOWUPPER = 0x10E // 270 + SYS_MBSINIT = 0x10F // 271 + SYS_WCTOB = 0x110 // 272 + SYS_MBRLEN = 0x111 // 273 + SYS_MBRTOWC = 0x112 // 274 + SYS_MBSRTOWC = 0x113 // 275 + SYS_MBSRTOWCS = 0x113 // 275 + SYS_WCRTOMB = 0x114 // 276 + SYS_WCSRTOMB = 0x115 // 277 + SYS_WCSRTOMBS = 0x115 // 277 + SYS___CSID = 0x116 // 278 + SYS___WCSID = 0x117 // 279 + SYS_STRPTIME = 0x118 // 280 + SYS___STRPTM = 0x118 // 280 + SYS_STRFMON = 0x119 // 281 + SYS___RPMTCH = 0x11A // 282 + SYS_WCSSTR = 0x11B // 283 + SYS_WCSTOK = 0x12C // 300 + SYS_WCSTOL = 0x12D // 301 + SYS_WCSTOD = 0x12E // 302 + SYS_WCSTOUL = 0x12F // 303 + SYS_WCSCOLL = 0x130 // 304 + SYS_WCSXFRM = 0x131 // 305 + SYS_WCSWIDTH = 0x132 // 306 + SYS_WCWIDTH = 0x133 // 307 + SYS_WCSFTIME = 0x134 // 308 + SYS_SWPRINTF = 0x135 // 309 + SYS_VSWPRINT = 0x136 // 310 + SYS_VSWPRINTF = 0x136 // 310 + SYS_SWSCANF = 0x137 // 311 + SYS_REGCOMP = 0x138 // 312 + SYS_REGEXEC = 0x139 // 313 + SYS_REGFREE = 0x13A // 314 + SYS_REGERROR = 0x13B // 315 + SYS_FGETWC = 0x13C // 316 + SYS_FGETWS = 0x13D // 317 + SYS_FPUTWC = 0x13E // 318 + SYS_FPUTWS = 0x13F // 319 + SYS_GETWC = 0x140 // 320 + SYS_GETWCHAR = 0x141 // 321 + SYS_PUTWC = 0x142 // 322 + SYS_PUTWCHAR = 0x143 // 323 + SYS_UNGETWC = 0x144 // 324 + SYS_ICONV_OPEN = 0x145 // 325 + SYS_ICONV = 0x146 // 326 + SYS_ICONV_CLOSE = 0x147 // 327 + SYS_ISMCCOLLEL = 0x14C // 332 + SYS_STRTOCOLL = 0x14D // 333 + SYS_COLLTOSTR = 0x14E // 334 + SYS_COLLEQUIV = 0x14F // 335 + SYS_COLLRANGE = 0x150 // 336 + SYS_CCLASS = 0x151 // 337 + SYS_COLLORDER = 0x152 // 338 + SYS___DEMANGLE = 0x154 // 340 + SYS_FDOPEN = 0x155 // 341 + SYS___ERRNO = 0x156 // 342 + SYS___ERRNO2 = 0x157 // 343 + SYS___TERROR = 0x158 // 344 + SYS_MAXCOLL = 0x169 // 361 + SYS_GETMCCOLL = 0x16A // 362 + SYS_GETWMCCOLL = 0x16B // 363 + SYS___ERR2AD = 0x16C // 364 + SYS_DLLQUERYFN = 0x16D // 365 + SYS_DLLQUERYVAR = 0x16E // 366 + SYS_DLLFREE = 0x16F // 367 + SYS_DLLLOAD = 0x170 // 368 + SYS__EXIT = 0x174 // 372 + SYS_ACCESS = 0x175 // 373 + SYS_ALARM = 0x176 // 374 + SYS_CFGETISPEED = 0x177 // 375 + SYS_CFGETOSPEED = 0x178 // 376 + SYS_CFSETISPEED = 0x179 // 377 + SYS_CFSETOSPEED = 0x17A // 378 + SYS_CHDIR = 0x17B // 379 + SYS_CHMOD = 0x17C // 380 + SYS_CHOWN = 0x17D // 381 + SYS_CLOSE = 0x17E // 382 + SYS_CLOSEDIR = 0x17F // 383 + SYS_CREAT = 0x180 // 384 + SYS_CTERMID = 0x181 // 385 + SYS_DUP = 0x182 // 386 + SYS_DUP2 = 0x183 // 387 + SYS_EXECL = 0x184 // 388 + SYS_EXECLE = 0x185 // 389 + SYS_EXECLP = 0x186 // 390 + SYS_EXECV = 0x187 // 391 + SYS_EXECVE = 0x188 // 392 + SYS_EXECVP = 0x189 // 393 + SYS_FCHMOD = 0x18A // 394 + SYS_FCHOWN = 0x18B // 395 + SYS_FCNTL = 0x18C // 396 + SYS_FILENO = 0x18D // 397 + SYS_FORK = 0x18E // 398 + SYS_FPATHCONF = 0x18F // 399 + SYS_FSTAT = 0x190 // 400 + SYS_FSYNC = 0x191 // 401 + SYS_FTRUNCATE = 0x192 // 402 + SYS_GETCWD = 0x193 // 403 + SYS_GETEGID = 0x194 // 404 + SYS_GETEUID = 0x195 // 405 + SYS_GETGID = 0x196 // 406 + SYS_GETGRGID = 0x197 // 407 + SYS_GETGRNAM = 0x198 // 408 + SYS_GETGROUPS = 0x199 // 409 + SYS_GETLOGIN = 0x19A // 410 + SYS_W_GETMNTENT = 0x19B // 411 + SYS_GETPGRP = 0x19C // 412 + SYS_GETPID = 0x19D // 413 + SYS_GETPPID = 0x19E // 414 + SYS_GETPWNAM = 0x19F // 415 + SYS_GETPWUID = 0x1A0 // 416 + SYS_GETUID = 0x1A1 // 417 + SYS_W_IOCTL = 0x1A2 // 418 + SYS_ISATTY = 0x1A3 // 419 + SYS_KILL = 0x1A4 // 420 + SYS_LINK = 0x1A5 // 421 + SYS_LSEEK = 0x1A6 // 422 + SYS_LSTAT = 0x1A7 // 423 + SYS_MKDIR = 0x1A8 // 424 + SYS_MKFIFO = 0x1A9 // 425 + SYS_MKNOD = 0x1AA // 426 + SYS_MOUNT = 0x1AB // 427 + SYS_OPEN = 0x1AC // 428 + SYS_OPENDIR = 0x1AD // 429 + SYS_PATHCONF = 0x1AE // 430 + SYS_PAUSE = 0x1AF // 431 + SYS_PIPE = 0x1B0 // 432 + SYS_W_GETPSENT = 0x1B1 // 433 + SYS_READ = 0x1B2 // 434 + SYS_READDIR = 0x1B3 // 435 + SYS_READLINK = 0x1B4 // 436 + SYS_REWINDDIR = 0x1B5 // 437 + SYS_RMDIR = 0x1B6 // 438 + SYS_SETEGID = 0x1B7 // 439 + SYS_SETEUID = 0x1B8 // 440 + SYS_SETGID = 0x1B9 // 441 + SYS_SETPGID = 0x1BA // 442 + SYS_SETSID = 0x1BB // 443 + SYS_SETUID = 0x1BC // 444 + SYS_SIGACTION = 0x1BD // 445 + SYS_SIGADDSET = 0x1BE // 446 + SYS_SIGDELSET = 0x1BF // 447 + SYS_SIGEMPTYSET = 0x1C0 // 448 + SYS_SIGFILLSET = 0x1C1 // 449 + SYS_SIGISMEMBER = 0x1C2 // 450 + SYS_SIGLONGJMP = 0x1C3 // 451 + SYS_SIGPENDING = 0x1C4 // 452 + SYS_SIGPROCMASK = 0x1C5 // 453 + SYS_SIGSETJMP = 0x1C6 // 454 + SYS_SIGSUSPEND = 0x1C7 // 455 + SYS_SLEEP = 0x1C8 // 456 + SYS_STAT = 0x1C9 // 457 + SYS_W_STATFS = 0x1CA // 458 + SYS_SYMLINK = 0x1CB // 459 + SYS_SYSCONF = 0x1CC // 460 + SYS_TCDRAIN = 0x1CD // 461 + SYS_TCFLOW = 0x1CE // 462 + SYS_TCFLUSH = 0x1CF // 463 + SYS_TCGETATTR = 0x1D0 // 464 + SYS_TCGETPGRP = 0x1D1 // 465 + SYS_TCSENDBREAK = 0x1D2 // 466 + SYS_TCSETATTR = 0x1D3 // 467 + SYS_TCSETPGRP = 0x1D4 // 468 + SYS_TIMES = 0x1D5 // 469 + SYS_TTYNAME = 0x1D6 // 470 + SYS_TZSET = 0x1D7 // 471 + SYS_UMASK = 0x1D8 // 472 + SYS_UMOUNT = 0x1D9 // 473 + SYS_UNAME = 0x1DA // 474 + SYS_UNLINK = 0x1DB // 475 + SYS_UTIME = 0x1DC // 476 + SYS_WAIT = 0x1DD // 477 + SYS_WAITPID = 0x1DE // 478 + SYS_WRITE = 0x1DF // 479 + SYS_CHAUDIT = 0x1E0 // 480 + SYS_FCHAUDIT = 0x1E1 // 481 + SYS_GETGROUPSBYNAME = 0x1E2 // 482 + SYS_SIGWAIT = 0x1E3 // 483 + SYS_PTHREAD_EXIT = 0x1E4 // 484 + SYS_PTHREAD_KILL = 0x1E5 // 485 + SYS_PTHREAD_ATTR_INIT = 0x1E6 // 486 + SYS_PTHREAD_ATTR_DESTROY = 0x1E7 // 487 + SYS_PTHREAD_ATTR_SETSTACKSIZE = 0x1E8 // 488 + SYS_PTHREAD_ATTR_GETSTACKSIZE = 0x1E9 // 489 + SYS_PTHREAD_ATTR_SETDETACHSTATE = 0x1EA // 490 + SYS_PTHREAD_ATTR_GETDETACHSTATE = 0x1EB // 491 + SYS_PTHREAD_ATTR_SETWEIGHT_NP = 0x1EC // 492 + SYS_PTHREAD_ATTR_GETWEIGHT_NP = 0x1ED // 493 + SYS_PTHREAD_CANCEL = 0x1EE // 494 + SYS_PTHREAD_CLEANUP_PUSH = 0x1EF // 495 + SYS_PTHREAD_CLEANUP_POP = 0x1F0 // 496 + SYS_PTHREAD_CONDATTR_INIT = 0x1F1 // 497 + SYS_PTHREAD_CONDATTR_DESTROY = 0x1F2 // 498 + SYS_PTHREAD_COND_INIT = 0x1F3 // 499 + SYS_PTHREAD_COND_DESTROY = 0x1F4 // 500 + SYS_PTHREAD_COND_SIGNAL = 0x1F5 // 501 + SYS_PTHREAD_COND_BROADCAST = 0x1F6 // 502 + SYS_PTHREAD_COND_WAIT = 0x1F7 // 503 + SYS_PTHREAD_COND_TIMEDWAIT = 0x1F8 // 504 + SYS_PTHREAD_CREATE = 0x1F9 // 505 + SYS_PTHREAD_DETACH = 0x1FA // 506 + SYS_PTHREAD_EQUAL = 0x1FB // 507 + SYS_PTHREAD_GETSPECIFIC = 0x1FC // 508 + SYS_PTHREAD_JOIN = 0x1FD // 509 + SYS_PTHREAD_KEY_CREATE = 0x1FE // 510 + SYS_PTHREAD_MUTEXATTR_INIT = 0x1FF // 511 + SYS_PTHREAD_MUTEXATTR_DESTROY = 0x200 // 512 + SYS_PTHREAD_MUTEXATTR_SETKIND_NP = 0x201 // 513 + SYS_PTHREAD_MUTEXATTR_GETKIND_NP = 0x202 // 514 + SYS_PTHREAD_MUTEX_INIT = 0x203 // 515 + SYS_PTHREAD_MUTEX_DESTROY = 0x204 // 516 + SYS_PTHREAD_MUTEX_LOCK = 0x205 // 517 + SYS_PTHREAD_MUTEX_TRYLOCK = 0x206 // 518 + SYS_PTHREAD_MUTEX_UNLOCK = 0x207 // 519 + SYS_PTHREAD_ONCE = 0x209 // 521 + SYS_PTHREAD_SELF = 0x20A // 522 + SYS_PTHREAD_SETINTR = 0x20B // 523 + SYS_PTHREAD_SETINTRTYPE = 0x20C // 524 + SYS_PTHREAD_SETSPECIFIC = 0x20D // 525 + SYS_PTHREAD_TESTINTR = 0x20E // 526 + SYS_PTHREAD_YIELD = 0x20F // 527 + SYS_TW_OPEN = 0x210 // 528 + SYS_TW_FCNTL = 0x211 // 529 + SYS_PTHREAD_JOIN_D4_NP = 0x212 // 530 + SYS_PTHREAD_CONDATTR_SETKIND_NP = 0x213 // 531 + SYS_PTHREAD_CONDATTR_GETKIND_NP = 0x214 // 532 + SYS_EXTLINK_NP = 0x215 // 533 + SYS___PASSWD = 0x216 // 534 + SYS_SETGROUPS = 0x217 // 535 + SYS_INITGROUPS = 0x218 // 536 + SYS_WCSPBRK = 0x23F // 575 + SYS_WCSRCHR = 0x240 // 576 + SYS_SVC99 = 0x241 // 577 + SYS___SVC99 = 0x241 // 577 + SYS_WCSWCS = 0x242 // 578 + SYS_LOCALECO = 0x243 // 579 + SYS_LOCALECONV = 0x243 // 579 + SYS___LIBREL = 0x244 // 580 + SYS_RELEASE = 0x245 // 581 + SYS___RLSE = 0x245 // 581 + SYS_FLOCATE = 0x246 // 582 + SYS___FLOCT = 0x246 // 582 + SYS_FDELREC = 0x247 // 583 + SYS___FDLREC = 0x247 // 583 + SYS_FETCH = 0x248 // 584 + SYS___FETCH = 0x248 // 584 + SYS_QSORT = 0x249 // 585 + SYS_GETENV = 0x24A // 586 + SYS_SYSTEM = 0x24B // 587 + SYS_BSEARCH = 0x24C // 588 + SYS_LDIV = 0x24D // 589 + SYS___THROW = 0x25E // 606 + SYS___RETHROW = 0x25F // 607 + SYS___CLEANUPCATCH = 0x260 // 608 + SYS___CATCHMATCH = 0x261 // 609 + SYS___CLEAN2UPCATCH = 0x262 // 610 + SYS_PUTENV = 0x26A // 618 + SYS___GETENV = 0x26F // 623 + SYS_GETPRIORITY = 0x270 // 624 + SYS_NICE = 0x271 // 625 + SYS_SETPRIORITY = 0x272 // 626 + SYS_GETITIMER = 0x273 // 627 + SYS_SETITIMER = 0x274 // 628 + SYS_MSGCTL = 0x275 // 629 + SYS_MSGGET = 0x276 // 630 + SYS_MSGRCV = 0x277 // 631 + SYS_MSGSND = 0x278 // 632 + SYS_MSGXRCV = 0x279 // 633 + SYS___MSGXR = 0x279 // 633 + SYS_SEMCTL = 0x27A // 634 + SYS_SEMGET = 0x27B // 635 + SYS_SEMOP = 0x27C // 636 + SYS_SHMAT = 0x27D // 637 + SYS_SHMCTL = 0x27E // 638 + SYS_SHMDT = 0x27F // 639 + SYS_SHMGET = 0x280 // 640 + SYS___GETIPC = 0x281 // 641 + SYS_SETGRENT = 0x282 // 642 + SYS_GETGRENT = 0x283 // 643 + SYS_ENDGRENT = 0x284 // 644 + SYS_SETPWENT = 0x285 // 645 + SYS_GETPWENT = 0x286 // 646 + SYS_ENDPWENT = 0x287 // 647 + SYS_BSD_SIGNAL = 0x288 // 648 + SYS_KILLPG = 0x289 // 649 + SYS_SIGALTSTACK = 0x28A // 650 + SYS_SIGHOLD = 0x28B // 651 + SYS_SIGIGNORE = 0x28C // 652 + SYS_SIGINTERRUPT = 0x28D // 653 + SYS_SIGPAUSE = 0x28E // 654 + SYS_SIGRELSE = 0x28F // 655 + SYS_SIGSET = 0x290 // 656 + SYS_SIGSTACK = 0x291 // 657 + SYS_GETRLIMIT = 0x292 // 658 + SYS_SETRLIMIT = 0x293 // 659 + SYS_GETRUSAGE = 0x294 // 660 + SYS_MMAP = 0x295 // 661 + SYS_MPROTECT = 0x296 // 662 + SYS_MSYNC = 0x297 // 663 + SYS_MUNMAP = 0x298 // 664 + SYS_CONFSTR = 0x299 // 665 + SYS_GETOPT = 0x29A // 666 + SYS_LCHOWN = 0x29B // 667 + SYS_TRUNCATE = 0x29C // 668 + SYS_GETSUBOPT = 0x29D // 669 + SYS_SETPGRP = 0x29E // 670 + SYS___GDERR = 0x29F // 671 + SYS___TZONE = 0x2A0 // 672 + SYS___DLGHT = 0x2A1 // 673 + SYS___OPARGF = 0x2A2 // 674 + SYS___OPOPTF = 0x2A3 // 675 + SYS___OPINDF = 0x2A4 // 676 + SYS___OPERRF = 0x2A5 // 677 + SYS_GETDATE = 0x2A6 // 678 + SYS_WAIT3 = 0x2A7 // 679 + SYS_WAITID = 0x2A8 // 680 + SYS___CATTRM = 0x2A9 // 681 + SYS___GDTRM = 0x2AA // 682 + SYS___RNDTRM = 0x2AB // 683 + SYS_CRYPT = 0x2AC // 684 + SYS_ENCRYPT = 0x2AD // 685 + SYS_SETKEY = 0x2AE // 686 + SYS___CNVBLK = 0x2AF // 687 + SYS___CRYTRM = 0x2B0 // 688 + SYS___ECRTRM = 0x2B1 // 689 + SYS_DRAND48 = 0x2B2 // 690 + SYS_ERAND48 = 0x2B3 // 691 + SYS_FSTATVFS = 0x2B4 // 692 + SYS_STATVFS = 0x2B5 // 693 + SYS_CATCLOSE = 0x2B6 // 694 + SYS_CATGETS = 0x2B7 // 695 + SYS_CATOPEN = 0x2B8 // 696 + SYS_BCMP = 0x2B9 // 697 + SYS_BCOPY = 0x2BA // 698 + SYS_BZERO = 0x2BB // 699 + SYS_FFS = 0x2BC // 700 + SYS_INDEX = 0x2BD // 701 + SYS_RINDEX = 0x2BE // 702 + SYS_STRCASECMP = 0x2BF // 703 + SYS_STRDUP = 0x2C0 // 704 + SYS_STRNCASECMP = 0x2C1 // 705 + SYS_INITSTATE = 0x2C2 // 706 + SYS_SETSTATE = 0x2C3 // 707 + SYS_RANDOM = 0x2C4 // 708 + SYS_SRANDOM = 0x2C5 // 709 + SYS_HCREATE = 0x2C6 // 710 + SYS_HDESTROY = 0x2C7 // 711 + SYS_HSEARCH = 0x2C8 // 712 + SYS_LFIND = 0x2C9 // 713 + SYS_LSEARCH = 0x2CA // 714 + SYS_TDELETE = 0x2CB // 715 + SYS_TFIND = 0x2CC // 716 + SYS_TSEARCH = 0x2CD // 717 + SYS_TWALK = 0x2CE // 718 + SYS_INSQUE = 0x2CF // 719 + SYS_REMQUE = 0x2D0 // 720 + SYS_POPEN = 0x2D1 // 721 + SYS_PCLOSE = 0x2D2 // 722 + SYS_SWAB = 0x2D3 // 723 + SYS_MEMCCPY = 0x2D4 // 724 + SYS_GETPAGESIZE = 0x2D8 // 728 + SYS_FCHDIR = 0x2D9 // 729 + SYS___OCLCK = 0x2DA // 730 + SYS___ATOE = 0x2DB // 731 + SYS___ATOE_L = 0x2DC // 732 + SYS___ETOA = 0x2DD // 733 + SYS___ETOA_L = 0x2DE // 734 + SYS_SETUTXENT = 0x2DF // 735 + SYS_GETUTXENT = 0x2E0 // 736 + SYS_ENDUTXENT = 0x2E1 // 737 + SYS_GETUTXID = 0x2E2 // 738 + SYS_GETUTXLINE = 0x2E3 // 739 + SYS_PUTUTXLINE = 0x2E4 // 740 + SYS_FMTMSG = 0x2E5 // 741 + SYS_JRAND48 = 0x2E6 // 742 + SYS_LRAND48 = 0x2E7 // 743 + SYS_MRAND48 = 0x2E8 // 744 + SYS_NRAND48 = 0x2E9 // 745 + SYS_LCONG48 = 0x2EA // 746 + SYS_SRAND48 = 0x2EB // 747 + SYS_SEED48 = 0x2EC // 748 + SYS_ISASCII = 0x2ED // 749 + SYS_TOASCII = 0x2EE // 750 + SYS_A64L = 0x2EF // 751 + SYS_L64A = 0x2F0 // 752 + SYS_UALARM = 0x2F1 // 753 + SYS_USLEEP = 0x2F2 // 754 + SYS___UTXTRM = 0x2F3 // 755 + SYS___SRCTRM = 0x2F4 // 756 + SYS_FTIME = 0x2F5 // 757 + SYS_GETTIMEOFDAY = 0x2F6 // 758 + SYS_DBM_CLEARERR = 0x2F7 // 759 + SYS_DBM_CLOSE = 0x2F8 // 760 + SYS_DBM_DELETE = 0x2F9 // 761 + SYS_DBM_ERROR = 0x2FA // 762 + SYS_DBM_FETCH = 0x2FB // 763 + SYS_DBM_FIRSTKEY = 0x2FC // 764 + SYS_DBM_NEXTKEY = 0x2FD // 765 + SYS_DBM_OPEN = 0x2FE // 766 + SYS_DBM_STORE = 0x2FF // 767 + SYS___NDMTRM = 0x300 // 768 + SYS_FTOK = 0x301 // 769 + SYS_BASENAME = 0x302 // 770 + SYS_DIRNAME = 0x303 // 771 + SYS_GETDTABLESIZE = 0x304 // 772 + SYS_MKSTEMP = 0x305 // 773 + SYS_MKTEMP = 0x306 // 774 + SYS_NFTW = 0x307 // 775 + SYS_GETWD = 0x308 // 776 + SYS_LOCKF = 0x309 // 777 + SYS__LONGJMP = 0x30D // 781 + SYS__SETJMP = 0x30E // 782 + SYS_VFORK = 0x30F // 783 + SYS_WORDEXP = 0x310 // 784 + SYS_WORDFREE = 0x311 // 785 + SYS_GETPGID = 0x312 // 786 + SYS_GETSID = 0x313 // 787 + SYS___UTMPXNAME = 0x314 // 788 + SYS_CUSERID = 0x315 // 789 + SYS_GETPASS = 0x316 // 790 + SYS_FNMATCH = 0x317 // 791 + SYS_FTW = 0x318 // 792 + SYS_GETW = 0x319 // 793 + SYS_GLOB = 0x31A // 794 + SYS_GLOBFREE = 0x31B // 795 + SYS_PUTW = 0x31C // 796 + SYS_SEEKDIR = 0x31D // 797 + SYS_TELLDIR = 0x31E // 798 + SYS_TEMPNAM = 0x31F // 799 + SYS_ACOSH = 0x320 // 800 + SYS_ASINH = 0x321 // 801 + SYS_ATANH = 0x322 // 802 + SYS_CBRT = 0x323 // 803 + SYS_EXPM1 = 0x324 // 804 + SYS_ILOGB = 0x325 // 805 + SYS_LOGB = 0x326 // 806 + SYS_LOG1P = 0x327 // 807 + SYS_NEXTAFTER = 0x328 // 808 + SYS_RINT = 0x329 // 809 + SYS_REMAINDER = 0x32A // 810 + SYS_SCALB = 0x32B // 811 + SYS_LGAMMA = 0x32C // 812 + SYS_TTYSLOT = 0x32D // 813 + SYS_GETTIMEOFDAY_R = 0x32E // 814 + SYS_SYNC = 0x32F // 815 + SYS_SPAWN = 0x330 // 816 + SYS_SPAWNP = 0x331 // 817 + SYS_GETLOGIN_UU = 0x332 // 818 + SYS_ECVT = 0x333 // 819 + SYS_FCVT = 0x334 // 820 + SYS_GCVT = 0x335 // 821 + SYS_ACCEPT = 0x336 // 822 + SYS_BIND = 0x337 // 823 + SYS_CONNECT = 0x338 // 824 + SYS_ENDHOSTENT = 0x339 // 825 + SYS_ENDPROTOENT = 0x33A // 826 + SYS_ENDSERVENT = 0x33B // 827 + SYS_GETHOSTBYADDR_R = 0x33C // 828 + SYS_GETHOSTBYADDR = 0x33D // 829 + SYS_GETHOSTBYNAME_R = 0x33E // 830 + SYS_GETHOSTBYNAME = 0x33F // 831 + SYS_GETHOSTENT = 0x340 // 832 + SYS_GETHOSTID = 0x341 // 833 + SYS_GETHOSTNAME = 0x342 // 834 + SYS_GETNETBYADDR = 0x343 // 835 + SYS_GETNETBYNAME = 0x344 // 836 + SYS_GETNETENT = 0x345 // 837 + SYS_GETPEERNAME = 0x346 // 838 + SYS_GETPROTOBYNAME = 0x347 // 839 + SYS_GETPROTOBYNUMBER = 0x348 // 840 + SYS_GETPROTOENT = 0x349 // 841 + SYS_GETSERVBYNAME = 0x34A // 842 + SYS_GETSERVBYPORT = 0x34B // 843 + SYS_GETSERVENT = 0x34C // 844 + SYS_GETSOCKNAME = 0x34D // 845 + SYS_GETSOCKOPT = 0x34E // 846 + SYS_INET_ADDR = 0x34F // 847 + SYS_INET_LNAOF = 0x350 // 848 + SYS_INET_MAKEADDR = 0x351 // 849 + SYS_INET_NETOF = 0x352 // 850 + SYS_INET_NETWORK = 0x353 // 851 + SYS_INET_NTOA = 0x354 // 852 + SYS_IOCTL = 0x355 // 853 + SYS_LISTEN = 0x356 // 854 + SYS_READV = 0x357 // 855 + SYS_RECV = 0x358 // 856 + SYS_RECVFROM = 0x359 // 857 + SYS_SELECT = 0x35B // 859 + SYS_SELECTEX = 0x35C // 860 + SYS_SEND = 0x35D // 861 + SYS_SENDTO = 0x35F // 863 + SYS_SETHOSTENT = 0x360 // 864 + SYS_SETNETENT = 0x361 // 865 + SYS_SETPEER = 0x362 // 866 + SYS_SETPROTOENT = 0x363 // 867 + SYS_SETSERVENT = 0x364 // 868 + SYS_SETSOCKOPT = 0x365 // 869 + SYS_SHUTDOWN = 0x366 // 870 + SYS_SOCKET = 0x367 // 871 + SYS_SOCKETPAIR = 0x368 // 872 + SYS_WRITEV = 0x369 // 873 + SYS_CHROOT = 0x36A // 874 + SYS_W_STATVFS = 0x36B // 875 + SYS_ULIMIT = 0x36C // 876 + SYS_ISNAN = 0x36D // 877 + SYS_UTIMES = 0x36E // 878 + SYS___H_ERRNO = 0x36F // 879 + SYS_ENDNETENT = 0x370 // 880 + SYS_CLOSELOG = 0x371 // 881 + SYS_OPENLOG = 0x372 // 882 + SYS_SETLOGMASK = 0x373 // 883 + SYS_SYSLOG = 0x374 // 884 + SYS_PTSNAME = 0x375 // 885 + SYS_SETREUID = 0x376 // 886 + SYS_SETREGID = 0x377 // 887 + SYS_REALPATH = 0x378 // 888 + SYS___SIGNGAM = 0x379 // 889 + SYS_GRANTPT = 0x37A // 890 + SYS_UNLOCKPT = 0x37B // 891 + SYS_TCGETSID = 0x37C // 892 + SYS___TCGETCP = 0x37D // 893 + SYS___TCSETCP = 0x37E // 894 + SYS___TCSETTABLES = 0x37F // 895 + SYS_POLL = 0x380 // 896 + SYS_REXEC = 0x381 // 897 + SYS___ISASCII2 = 0x382 // 898 + SYS___TOASCII2 = 0x383 // 899 + SYS_CHPRIORITY = 0x384 // 900 + SYS_PTHREAD_ATTR_SETSYNCTYPE_NP = 0x385 // 901 + SYS_PTHREAD_ATTR_GETSYNCTYPE_NP = 0x386 // 902 + SYS_PTHREAD_SET_LIMIT_NP = 0x387 // 903 + SYS___STNETENT = 0x388 // 904 + SYS___STPROTOENT = 0x389 // 905 + SYS___STSERVENT = 0x38A // 906 + SYS___STHOSTENT = 0x38B // 907 + SYS_NLIST = 0x38C // 908 + SYS___IPDBCS = 0x38D // 909 + SYS___IPDSPX = 0x38E // 910 + SYS___IPMSGC = 0x38F // 911 + SYS___SELECT1 = 0x390 // 912 + SYS_PTHREAD_SECURITY_NP = 0x391 // 913 + SYS___CHECK_RESOURCE_AUTH_NP = 0x392 // 914 + SYS___CONVERT_ID_NP = 0x393 // 915 + SYS___OPENVMREL = 0x394 // 916 + SYS_WMEMCHR = 0x395 // 917 + SYS_WMEMCMP = 0x396 // 918 + SYS_WMEMCPY = 0x397 // 919 + SYS_WMEMMOVE = 0x398 // 920 + SYS_WMEMSET = 0x399 // 921 + SYS___FPUTWC = 0x400 // 1024 + SYS___PUTWC = 0x401 // 1025 + SYS___PWCHAR = 0x402 // 1026 + SYS___WCSFTM = 0x403 // 1027 + SYS___WCSTOK = 0x404 // 1028 + SYS___WCWDTH = 0x405 // 1029 + SYS_T_ACCEPT = 0x409 // 1033 + SYS_T_ALLOC = 0x40A // 1034 + SYS_T_BIND = 0x40B // 1035 + SYS_T_CLOSE = 0x40C // 1036 + SYS_T_CONNECT = 0x40D // 1037 + SYS_T_ERROR = 0x40E // 1038 + SYS_T_FREE = 0x40F // 1039 + SYS_T_GETINFO = 0x410 // 1040 + SYS_T_GETPROTADDR = 0x411 // 1041 + SYS_T_GETSTATE = 0x412 // 1042 + SYS_T_LISTEN = 0x413 // 1043 + SYS_T_LOOK = 0x414 // 1044 + SYS_T_OPEN = 0x415 // 1045 + SYS_T_OPTMGMT = 0x416 // 1046 + SYS_T_RCV = 0x417 // 1047 + SYS_T_RCVCONNECT = 0x418 // 1048 + SYS_T_RCVDIS = 0x419 // 1049 + SYS_T_RCVREL = 0x41A // 1050 + SYS_T_RCVUDATA = 0x41B // 1051 + SYS_T_RCVUDERR = 0x41C // 1052 + SYS_T_SND = 0x41D // 1053 + SYS_T_SNDDIS = 0x41E // 1054 + SYS_T_SNDREL = 0x41F // 1055 + SYS_T_SNDUDATA = 0x420 // 1056 + SYS_T_STRERROR = 0x421 // 1057 + SYS_T_SYNC = 0x422 // 1058 + SYS_T_UNBIND = 0x423 // 1059 + SYS___T_ERRNO = 0x424 // 1060 + SYS___RECVMSG2 = 0x425 // 1061 + SYS___SENDMSG2 = 0x426 // 1062 + SYS_FATTACH = 0x427 // 1063 + SYS_FDETACH = 0x428 // 1064 + SYS_GETMSG = 0x429 // 1065 + SYS_GETPMSG = 0x42A // 1066 + SYS_ISASTREAM = 0x42B // 1067 + SYS_PUTMSG = 0x42C // 1068 + SYS_PUTPMSG = 0x42D // 1069 + SYS___ISPOSIXON = 0x42E // 1070 + SYS___OPENMVSREL = 0x42F // 1071 + SYS_GETCONTEXT = 0x430 // 1072 + SYS_SETCONTEXT = 0x431 // 1073 + SYS_MAKECONTEXT = 0x432 // 1074 + SYS_SWAPCONTEXT = 0x433 // 1075 + SYS_PTHREAD_GETSPECIFIC_D8_NP = 0x434 // 1076 + SYS_GETCLIENTID = 0x470 // 1136 + SYS___GETCLIENTID = 0x471 // 1137 + SYS_GETSTABLESIZE = 0x472 // 1138 + SYS_GETIBMOPT = 0x473 // 1139 + SYS_GETIBMSOCKOPT = 0x474 // 1140 + SYS_GIVESOCKET = 0x475 // 1141 + SYS_IBMSFLUSH = 0x476 // 1142 + SYS_MAXDESC = 0x477 // 1143 + SYS_SETIBMOPT = 0x478 // 1144 + SYS_SETIBMSOCKOPT = 0x479 // 1145 + SYS_SOCK_DEBUG = 0x47A // 1146 + SYS_SOCK_DO_TESTSTOR = 0x47D // 1149 + SYS_TAKESOCKET = 0x47E // 1150 + SYS___SERVER_INIT = 0x47F // 1151 + SYS___SERVER_PWU = 0x480 // 1152 + SYS_PTHREAD_TAG_NP = 0x481 // 1153 + SYS___CONSOLE = 0x482 // 1154 + SYS___WSINIT = 0x483 // 1155 + SYS___IPTCPN = 0x489 // 1161 + SYS___SMF_RECORD = 0x48A // 1162 + SYS___IPHOST = 0x48B // 1163 + SYS___IPNODE = 0x48C // 1164 + SYS___SERVER_CLASSIFY_CREATE = 0x48D // 1165 + SYS___SERVER_CLASSIFY_DESTROY = 0x48E // 1166 + SYS___SERVER_CLASSIFY_RESET = 0x48F // 1167 + SYS___SERVER_CLASSIFY = 0x490 // 1168 + SYS___HEAPRPT = 0x496 // 1174 + SYS___FNWSA = 0x49B // 1179 + SYS___SPAWN2 = 0x49D // 1181 + SYS___SPAWNP2 = 0x49E // 1182 + SYS___GDRR = 0x4A1 // 1185 + SYS___HRRNO = 0x4A2 // 1186 + SYS___OPRG = 0x4A3 // 1187 + SYS___OPRR = 0x4A4 // 1188 + SYS___OPND = 0x4A5 // 1189 + SYS___OPPT = 0x4A6 // 1190 + SYS___SIGGM = 0x4A7 // 1191 + SYS___DGHT = 0x4A8 // 1192 + SYS___TZNE = 0x4A9 // 1193 + SYS___TZZN = 0x4AA // 1194 + SYS___TRRNO = 0x4AF // 1199 + SYS___ENVN = 0x4B0 // 1200 + SYS___MLOCKALL = 0x4B1 // 1201 + SYS_CREATEWO = 0x4B2 // 1202 + SYS_CREATEWORKUNIT = 0x4B2 // 1202 + SYS_CONTINUE = 0x4B3 // 1203 + SYS_CONTINUEWORKUNIT = 0x4B3 // 1203 + SYS_CONNECTW = 0x4B4 // 1204 + SYS_CONNECTWORKMGR = 0x4B4 // 1204 + SYS_CONNECTS = 0x4B5 // 1205 + SYS_CONNECTSERVER = 0x4B5 // 1205 + SYS_DISCONNE = 0x4B6 // 1206 + SYS_DISCONNECTSERVER = 0x4B6 // 1206 + SYS_JOINWORK = 0x4B7 // 1207 + SYS_JOINWORKUNIT = 0x4B7 // 1207 + SYS_LEAVEWOR = 0x4B8 // 1208 + SYS_LEAVEWORKUNIT = 0x4B8 // 1208 + SYS_DELETEWO = 0x4B9 // 1209 + SYS_DELETEWORKUNIT = 0x4B9 // 1209 + SYS_QUERYMET = 0x4BA // 1210 + SYS_QUERYMETRICS = 0x4BA // 1210 + SYS_QUERYSCH = 0x4BB // 1211 + SYS_QUERYSCHENV = 0x4BB // 1211 + SYS_CHECKSCH = 0x4BC // 1212 + SYS_CHECKSCHENV = 0x4BC // 1212 + SYS___PID_AFFINITY = 0x4BD // 1213 + SYS___ASINH_B = 0x4BE // 1214 + SYS___ATAN_B = 0x4BF // 1215 + SYS___CBRT_B = 0x4C0 // 1216 + SYS___CEIL_B = 0x4C1 // 1217 + SYS_COPYSIGN = 0x4C2 // 1218 + SYS___COS_B = 0x4C3 // 1219 + SYS___ERF_B = 0x4C4 // 1220 + SYS___ERFC_B = 0x4C5 // 1221 + SYS___EXPM1_B = 0x4C6 // 1222 + SYS___FABS_B = 0x4C7 // 1223 + SYS_FINITE = 0x4C8 // 1224 + SYS___FLOOR_B = 0x4C9 // 1225 + SYS___FREXP_B = 0x4CA // 1226 + SYS___ILOGB_B = 0x4CB // 1227 + SYS___ISNAN_B = 0x4CC // 1228 + SYS___LDEXP_B = 0x4CD // 1229 + SYS___LOG1P_B = 0x4CE // 1230 + SYS___LOGB_B = 0x4CF // 1231 + SYS_MATHERR = 0x4D0 // 1232 + SYS___MODF_B = 0x4D1 // 1233 + SYS___NEXTAFTER_B = 0x4D2 // 1234 + SYS___RINT_B = 0x4D3 // 1235 + SYS_SCALBN = 0x4D4 // 1236 + SYS_SIGNIFIC = 0x4D5 // 1237 + SYS_SIGNIFICAND = 0x4D5 // 1237 + SYS___SIN_B = 0x4D6 // 1238 + SYS___TAN_B = 0x4D7 // 1239 + SYS___TANH_B = 0x4D8 // 1240 + SYS___ACOS_B = 0x4D9 // 1241 + SYS___ACOSH_B = 0x4DA // 1242 + SYS___ASIN_B = 0x4DB // 1243 + SYS___ATAN2_B = 0x4DC // 1244 + SYS___ATANH_B = 0x4DD // 1245 + SYS___COSH_B = 0x4DE // 1246 + SYS___EXP_B = 0x4DF // 1247 + SYS___FMOD_B = 0x4E0 // 1248 + SYS___GAMMA_B = 0x4E1 // 1249 + SYS_GAMMA_R = 0x4E2 // 1250 + SYS___HYPOT_B = 0x4E3 // 1251 + SYS___J0_B = 0x4E4 // 1252 + SYS___Y0_B = 0x4E5 // 1253 + SYS___J1_B = 0x4E6 // 1254 + SYS___Y1_B = 0x4E7 // 1255 + SYS___JN_B = 0x4E8 // 1256 + SYS___YN_B = 0x4E9 // 1257 + SYS___LGAMMA_B = 0x4EA // 1258 + SYS_LGAMMA_R = 0x4EB // 1259 + SYS___LOG_B = 0x4EC // 1260 + SYS___LOG10_B = 0x4ED // 1261 + SYS___POW_B = 0x4EE // 1262 + SYS___REMAINDER_B = 0x4EF // 1263 + SYS___SCALB_B = 0x4F0 // 1264 + SYS___SINH_B = 0x4F1 // 1265 + SYS___SQRT_B = 0x4F2 // 1266 + SYS___OPENDIR2 = 0x4F3 // 1267 + SYS___READDIR2 = 0x4F4 // 1268 + SYS___LOGIN = 0x4F5 // 1269 + SYS___OPEN_STAT = 0x4F6 // 1270 + SYS_ACCEPT_AND_RECV = 0x4F7 // 1271 + SYS___FP_SETMODE = 0x4F8 // 1272 + SYS___SIGACTIONSET = 0x4FB // 1275 + SYS___UCREATE = 0x4FC // 1276 + SYS___UMALLOC = 0x4FD // 1277 + SYS___UFREE = 0x4FE // 1278 + SYS___UHEAPREPORT = 0x4FF // 1279 + SYS___ISBFP = 0x500 // 1280 + SYS___FP_CAST = 0x501 // 1281 + SYS___CERTIFICATE = 0x502 // 1282 + SYS_SEND_FILE = 0x503 // 1283 + SYS_AIO_CANCEL = 0x504 // 1284 + SYS_AIO_ERROR = 0x505 // 1285 + SYS_AIO_READ = 0x506 // 1286 + SYS_AIO_RETURN = 0x507 // 1287 + SYS_AIO_SUSPEND = 0x508 // 1288 + SYS_AIO_WRITE = 0x509 // 1289 + SYS_PTHREAD_MUTEXATTR_GETPSHARED = 0x50A // 1290 + SYS_PTHREAD_MUTEXATTR_SETPSHARED = 0x50B // 1291 + SYS_PTHREAD_RWLOCK_DESTROY = 0x50C // 1292 + SYS_PTHREAD_RWLOCK_INIT = 0x50D // 1293 + SYS_PTHREAD_RWLOCK_RDLOCK = 0x50E // 1294 + SYS_PTHREAD_RWLOCK_TRYRDLOCK = 0x50F // 1295 + SYS_PTHREAD_RWLOCK_TRYWRLOCK = 0x510 // 1296 + SYS_PTHREAD_RWLOCK_UNLOCK = 0x511 // 1297 + SYS_PTHREAD_RWLOCK_WRLOCK = 0x512 // 1298 + SYS_PTHREAD_RWLOCKATTR_GETPSHARED = 0x513 // 1299 + SYS_PTHREAD_RWLOCKATTR_SETPSHARED = 0x514 // 1300 + SYS_PTHREAD_RWLOCKATTR_INIT = 0x515 // 1301 + SYS_PTHREAD_RWLOCKATTR_DESTROY = 0x516 // 1302 + SYS___CTTBL = 0x517 // 1303 + SYS_PTHREAD_MUTEXATTR_SETTYPE = 0x518 // 1304 + SYS_PTHREAD_MUTEXATTR_GETTYPE = 0x519 // 1305 + SYS___FP_CLR_FLAG = 0x51A // 1306 + SYS___FP_READ_FLAG = 0x51B // 1307 + SYS___FP_RAISE_XCP = 0x51C // 1308 + SYS___FP_CLASS = 0x51D // 1309 + SYS___FP_FINITE = 0x51E // 1310 + SYS___FP_ISNAN = 0x51F // 1311 + SYS___FP_UNORDERED = 0x520 // 1312 + SYS___FP_READ_RND = 0x521 // 1313 + SYS___FP_READ_RND_B = 0x522 // 1314 + SYS___FP_SWAP_RND = 0x523 // 1315 + SYS___FP_SWAP_RND_B = 0x524 // 1316 + SYS___FP_LEVEL = 0x525 // 1317 + SYS___FP_BTOH = 0x526 // 1318 + SYS___FP_HTOB = 0x527 // 1319 + SYS___FPC_RD = 0x528 // 1320 + SYS___FPC_WR = 0x529 // 1321 + SYS___FPC_RW = 0x52A // 1322 + SYS___FPC_SM = 0x52B // 1323 + SYS___FPC_RS = 0x52C // 1324 + SYS_SIGTIMEDWAIT = 0x52D // 1325 + SYS_SIGWAITINFO = 0x52E // 1326 + SYS___CHKBFP = 0x52F // 1327 + SYS___W_PIOCTL = 0x59E // 1438 + SYS___OSENV = 0x59F // 1439 + SYS_EXPORTWO = 0x5A1 // 1441 + SYS_EXPORTWORKUNIT = 0x5A1 // 1441 + SYS_UNDOEXPO = 0x5A2 // 1442 + SYS_UNDOEXPORTWORKUNIT = 0x5A2 // 1442 + SYS_IMPORTWO = 0x5A3 // 1443 + SYS_IMPORTWORKUNIT = 0x5A3 // 1443 + SYS_UNDOIMPO = 0x5A4 // 1444 + SYS_UNDOIMPORTWORKUNIT = 0x5A4 // 1444 + SYS_EXTRACTW = 0x5A5 // 1445 + SYS_EXTRACTWORKUNIT = 0x5A5 // 1445 + SYS___CPL = 0x5A6 // 1446 + SYS___MAP_INIT = 0x5A7 // 1447 + SYS___MAP_SERVICE = 0x5A8 // 1448 + SYS_SIGQUEUE = 0x5A9 // 1449 + SYS___MOUNT = 0x5AA // 1450 + SYS___GETUSERID = 0x5AB // 1451 + SYS___IPDOMAINNAME = 0x5AC // 1452 + SYS_QUERYENC = 0x5AD // 1453 + SYS_QUERYWORKUNITCLASSIFICATION = 0x5AD // 1453 + SYS_CONNECTE = 0x5AE // 1454 + SYS_CONNECTEXPORTIMPORT = 0x5AE // 1454 + SYS___FP_SWAPMODE = 0x5AF // 1455 + SYS_STRTOLL = 0x5B0 // 1456 + SYS_STRTOULL = 0x5B1 // 1457 + SYS___DSA_PREV = 0x5B2 // 1458 + SYS___EP_FIND = 0x5B3 // 1459 + SYS___SERVER_THREADS_QUERY = 0x5B4 // 1460 + SYS___MSGRCV_TIMED = 0x5B7 // 1463 + SYS___SEMOP_TIMED = 0x5B8 // 1464 + SYS___GET_CPUID = 0x5B9 // 1465 + SYS___GET_SYSTEM_SETTINGS = 0x5BA // 1466 + SYS_FTELLO = 0x5C8 // 1480 + SYS_FSEEKO = 0x5C9 // 1481 + SYS_LLDIV = 0x5CB // 1483 + SYS_WCSTOLL = 0x5CC // 1484 + SYS_WCSTOULL = 0x5CD // 1485 + SYS_LLABS = 0x5CE // 1486 + SYS___CONSOLE2 = 0x5D2 // 1490 + SYS_INET_NTOP = 0x5D3 // 1491 + SYS_INET_PTON = 0x5D4 // 1492 + SYS___RES = 0x5D6 // 1494 + SYS_RES_MKQUERY = 0x5D7 // 1495 + SYS_RES_INIT = 0x5D8 // 1496 + SYS_RES_QUERY = 0x5D9 // 1497 + SYS_RES_SEARCH = 0x5DA // 1498 + SYS_RES_SEND = 0x5DB // 1499 + SYS_RES_QUERYDOMAIN = 0x5DC // 1500 + SYS_DN_EXPAND = 0x5DD // 1501 + SYS_DN_SKIPNAME = 0x5DE // 1502 + SYS_DN_COMP = 0x5DF // 1503 + SYS_ASCTIME_R = 0x5E0 // 1504 + SYS_CTIME_R = 0x5E1 // 1505 + SYS_GMTIME_R = 0x5E2 // 1506 + SYS_LOCALTIME_R = 0x5E3 // 1507 + SYS_RAND_R = 0x5E4 // 1508 + SYS_STRTOK_R = 0x5E5 // 1509 + SYS_READDIR_R = 0x5E6 // 1510 + SYS_GETGRGID_R = 0x5E7 // 1511 + SYS_GETGRNAM_R = 0x5E8 // 1512 + SYS_GETLOGIN_R = 0x5E9 // 1513 + SYS_GETPWNAM_R = 0x5EA // 1514 + SYS_GETPWUID_R = 0x5EB // 1515 + SYS_TTYNAME_R = 0x5EC // 1516 + SYS_PTHREAD_ATFORK = 0x5ED // 1517 + SYS_PTHREAD_ATTR_GETGUARDSIZE = 0x5EE // 1518 + SYS_PTHREAD_ATTR_GETSTACKADDR = 0x5EF // 1519 + SYS_PTHREAD_ATTR_SETGUARDSIZE = 0x5F0 // 1520 + SYS_PTHREAD_ATTR_SETSTACKADDR = 0x5F1 // 1521 + SYS_PTHREAD_CONDATTR_GETPSHARED = 0x5F2 // 1522 + SYS_PTHREAD_CONDATTR_SETPSHARED = 0x5F3 // 1523 + SYS_PTHREAD_GETCONCURRENCY = 0x5F4 // 1524 + SYS_PTHREAD_KEY_DELETE = 0x5F5 // 1525 + SYS_PTHREAD_SETCONCURRENCY = 0x5F6 // 1526 + SYS_PTHREAD_SIGMASK = 0x5F7 // 1527 + SYS___DISCARDDATA = 0x5F8 // 1528 + SYS_PTHREAD_ATTR_GETSCHEDPARAM = 0x5F9 // 1529 + SYS_PTHREAD_ATTR_SETSCHEDPARAM = 0x5FA // 1530 + SYS_PTHREAD_ATTR_GETDETACHSTATE_U98 = 0x5FB // 1531 + SYS_PTHREAD_ATTR_SETDETACHSTATE_U98 = 0x5FC // 1532 + SYS_PTHREAD_DETACH_U98 = 0x5FD // 1533 + SYS_PTHREAD_GETSPECIFIC_U98 = 0x5FE // 1534 + SYS_PTHREAD_SETCANCELSTATE = 0x5FF // 1535 + SYS_PTHREAD_SETCANCELTYPE = 0x600 // 1536 + SYS_PTHREAD_TESTCANCEL = 0x601 // 1537 + SYS___ATANF_B = 0x602 // 1538 + SYS___ATANL_B = 0x603 // 1539 + SYS___CEILF_B = 0x604 // 1540 + SYS___CEILL_B = 0x605 // 1541 + SYS___COSF_B = 0x606 // 1542 + SYS___COSL_B = 0x607 // 1543 + SYS___FABSF_B = 0x608 // 1544 + SYS___FABSL_B = 0x609 // 1545 + SYS___FLOORF_B = 0x60A // 1546 + SYS___FLOORL_B = 0x60B // 1547 + SYS___FREXPF_B = 0x60C // 1548 + SYS___FREXPL_B = 0x60D // 1549 + SYS___LDEXPF_B = 0x60E // 1550 + SYS___LDEXPL_B = 0x60F // 1551 + SYS___SINF_B = 0x610 // 1552 + SYS___SINL_B = 0x611 // 1553 + SYS___TANF_B = 0x612 // 1554 + SYS___TANL_B = 0x613 // 1555 + SYS___TANHF_B = 0x614 // 1556 + SYS___TANHL_B = 0x615 // 1557 + SYS___ACOSF_B = 0x616 // 1558 + SYS___ACOSL_B = 0x617 // 1559 + SYS___ASINF_B = 0x618 // 1560 + SYS___ASINL_B = 0x619 // 1561 + SYS___ATAN2F_B = 0x61A // 1562 + SYS___ATAN2L_B = 0x61B // 1563 + SYS___COSHF_B = 0x61C // 1564 + SYS___COSHL_B = 0x61D // 1565 + SYS___EXPF_B = 0x61E // 1566 + SYS___EXPL_B = 0x61F // 1567 + SYS___LOGF_B = 0x620 // 1568 + SYS___LOGL_B = 0x621 // 1569 + SYS___LOG10F_B = 0x622 // 1570 + SYS___LOG10L_B = 0x623 // 1571 + SYS___POWF_B = 0x624 // 1572 + SYS___POWL_B = 0x625 // 1573 + SYS___SINHF_B = 0x626 // 1574 + SYS___SINHL_B = 0x627 // 1575 + SYS___SQRTF_B = 0x628 // 1576 + SYS___SQRTL_B = 0x629 // 1577 + SYS___ABSF_B = 0x62A // 1578 + SYS___ABS_B = 0x62B // 1579 + SYS___ABSL_B = 0x62C // 1580 + SYS___FMODF_B = 0x62D // 1581 + SYS___FMODL_B = 0x62E // 1582 + SYS___MODFF_B = 0x62F // 1583 + SYS___MODFL_B = 0x630 // 1584 + SYS_ABSF = 0x631 // 1585 + SYS_ABSL = 0x632 // 1586 + SYS_ACOSF = 0x633 // 1587 + SYS_ACOSL = 0x634 // 1588 + SYS_ASINF = 0x635 // 1589 + SYS_ASINL = 0x636 // 1590 + SYS_ATAN2F = 0x637 // 1591 + SYS_ATAN2L = 0x638 // 1592 + SYS_ATANF = 0x639 // 1593 + SYS_ATANL = 0x63A // 1594 + SYS_CEILF = 0x63B // 1595 + SYS_CEILL = 0x63C // 1596 + SYS_COSF = 0x63D // 1597 + SYS_COSL = 0x63E // 1598 + SYS_COSHF = 0x63F // 1599 + SYS_COSHL = 0x640 // 1600 + SYS_EXPF = 0x641 // 1601 + SYS_EXPL = 0x642 // 1602 + SYS_TANHF = 0x643 // 1603 + SYS_TANHL = 0x644 // 1604 + SYS_LOG10F = 0x645 // 1605 + SYS_LOG10L = 0x646 // 1606 + SYS_LOGF = 0x647 // 1607 + SYS_LOGL = 0x648 // 1608 + SYS_POWF = 0x649 // 1609 + SYS_POWL = 0x64A // 1610 + SYS_SINF = 0x64B // 1611 + SYS_SINL = 0x64C // 1612 + SYS_SQRTF = 0x64D // 1613 + SYS_SQRTL = 0x64E // 1614 + SYS_SINHF = 0x64F // 1615 + SYS_SINHL = 0x650 // 1616 + SYS_TANF = 0x651 // 1617 + SYS_TANL = 0x652 // 1618 + SYS_FABSF = 0x653 // 1619 + SYS_FABSL = 0x654 // 1620 + SYS_FLOORF = 0x655 // 1621 + SYS_FLOORL = 0x656 // 1622 + SYS_FMODF = 0x657 // 1623 + SYS_FMODL = 0x658 // 1624 + SYS_FREXPF = 0x659 // 1625 + SYS_FREXPL = 0x65A // 1626 + SYS_LDEXPF = 0x65B // 1627 + SYS_LDEXPL = 0x65C // 1628 + SYS_MODFF = 0x65D // 1629 + SYS_MODFL = 0x65E // 1630 + SYS_BTOWC = 0x65F // 1631 + SYS___CHATTR = 0x660 // 1632 + SYS___FCHATTR = 0x661 // 1633 + SYS___TOCCSID = 0x662 // 1634 + SYS___CSNAMETYPE = 0x663 // 1635 + SYS___TOCSNAME = 0x664 // 1636 + SYS___CCSIDTYPE = 0x665 // 1637 + SYS___AE_CORRESTBL_QUERY = 0x666 // 1638 + SYS___AE_AUTOCONVERT_STATE = 0x667 // 1639 + SYS_DN_FIND = 0x668 // 1640 + SYS___GETHOSTBYADDR_A = 0x669 // 1641 + SYS___GETHOSTBYNAME_A = 0x66A // 1642 + SYS___RES_INIT_A = 0x66B // 1643 + SYS___GETHOSTBYADDR_R_A = 0x66C // 1644 + SYS___GETHOSTBYNAME_R_A = 0x66D // 1645 + SYS___CHARMAP_INIT_A = 0x66E // 1646 + SYS___MBLEN_A = 0x66F // 1647 + SYS___MBLEN_SB_A = 0x670 // 1648 + SYS___MBLEN_STD_A = 0x671 // 1649 + SYS___MBLEN_UTF = 0x672 // 1650 + SYS___MBSTOWCS_A = 0x673 // 1651 + SYS___MBSTOWCS_STD_A = 0x674 // 1652 + SYS___MBTOWC_A = 0x675 // 1653 + SYS___MBTOWC_ISO1 = 0x676 // 1654 + SYS___MBTOWC_SBCS = 0x677 // 1655 + SYS___MBTOWC_MBCS = 0x678 // 1656 + SYS___MBTOWC_UTF = 0x679 // 1657 + SYS___WCSTOMBS_A = 0x67A // 1658 + SYS___WCSTOMBS_STD_A = 0x67B // 1659 + SYS___WCSWIDTH_A = 0x67C // 1660 + SYS___GETGRGID_R_A = 0x67D // 1661 + SYS___WCSWIDTH_STD_A = 0x67E // 1662 + SYS___WCSWIDTH_ASIA = 0x67F // 1663 + SYS___CSID_A = 0x680 // 1664 + SYS___CSID_STD_A = 0x681 // 1665 + SYS___WCSID_A = 0x682 // 1666 + SYS___WCSID_STD_A = 0x683 // 1667 + SYS___WCTOMB_A = 0x684 // 1668 + SYS___WCTOMB_ISO1 = 0x685 // 1669 + SYS___WCTOMB_STD_A = 0x686 // 1670 + SYS___WCTOMB_UTF = 0x687 // 1671 + SYS___WCWIDTH_A = 0x688 // 1672 + SYS___GETGRNAM_R_A = 0x689 // 1673 + SYS___WCWIDTH_STD_A = 0x68A // 1674 + SYS___WCWIDTH_ASIA = 0x68B // 1675 + SYS___GETPWNAM_R_A = 0x68C // 1676 + SYS___GETPWUID_R_A = 0x68D // 1677 + SYS___GETLOGIN_R_A = 0x68E // 1678 + SYS___TTYNAME_R_A = 0x68F // 1679 + SYS___READDIR_R_A = 0x690 // 1680 + SYS___E2A_S = 0x691 // 1681 + SYS___FNMATCH_A = 0x692 // 1682 + SYS___FNMATCH_C_A = 0x693 // 1683 + SYS___EXECL_A = 0x694 // 1684 + SYS___FNMATCH_STD_A = 0x695 // 1685 + SYS___REGCOMP_A = 0x696 // 1686 + SYS___REGCOMP_STD_A = 0x697 // 1687 + SYS___REGERROR_A = 0x698 // 1688 + SYS___REGERROR_STD_A = 0x699 // 1689 + SYS___REGEXEC_A = 0x69A // 1690 + SYS___REGEXEC_STD_A = 0x69B // 1691 + SYS___REGFREE_A = 0x69C // 1692 + SYS___REGFREE_STD_A = 0x69D // 1693 + SYS___STRCOLL_A = 0x69E // 1694 + SYS___STRCOLL_C_A = 0x69F // 1695 + SYS___EXECLE_A = 0x6A0 // 1696 + SYS___STRCOLL_STD_A = 0x6A1 // 1697 + SYS___STRXFRM_A = 0x6A2 // 1698 + SYS___STRXFRM_C_A = 0x6A3 // 1699 + SYS___EXECLP_A = 0x6A4 // 1700 + SYS___STRXFRM_STD_A = 0x6A5 // 1701 + SYS___WCSCOLL_A = 0x6A6 // 1702 + SYS___WCSCOLL_C_A = 0x6A7 // 1703 + SYS___WCSCOLL_STD_A = 0x6A8 // 1704 + SYS___WCSXFRM_A = 0x6A9 // 1705 + SYS___WCSXFRM_C_A = 0x6AA // 1706 + SYS___WCSXFRM_STD_A = 0x6AB // 1707 + SYS___COLLATE_INIT_A = 0x6AC // 1708 + SYS___WCTYPE_A = 0x6AD // 1709 + SYS___GET_WCTYPE_STD_A = 0x6AE // 1710 + SYS___CTYPE_INIT_A = 0x6AF // 1711 + SYS___ISWCTYPE_A = 0x6B0 // 1712 + SYS___EXECV_A = 0x6B1 // 1713 + SYS___IS_WCTYPE_STD_A = 0x6B2 // 1714 + SYS___TOWLOWER_A = 0x6B3 // 1715 + SYS___TOWLOWER_STD_A = 0x6B4 // 1716 + SYS___TOWUPPER_A = 0x6B5 // 1717 + SYS___TOWUPPER_STD_A = 0x6B6 // 1718 + SYS___LOCALE_INIT_A = 0x6B7 // 1719 + SYS___LOCALECONV_A = 0x6B8 // 1720 + SYS___LOCALECONV_STD_A = 0x6B9 // 1721 + SYS___NL_LANGINFO_A = 0x6BA // 1722 + SYS___NL_LNAGINFO_STD_A = 0x6BB // 1723 + SYS___MONETARY_INIT_A = 0x6BC // 1724 + SYS___STRFMON_A = 0x6BD // 1725 + SYS___STRFMON_STD_A = 0x6BE // 1726 + SYS___GETADDRINFO_A = 0x6BF // 1727 + SYS___CATGETS_A = 0x6C0 // 1728 + SYS___EXECVE_A = 0x6C1 // 1729 + SYS___EXECVP_A = 0x6C2 // 1730 + SYS___SPAWN_A = 0x6C3 // 1731 + SYS___GETNAMEINFO_A = 0x6C4 // 1732 + SYS___SPAWNP_A = 0x6C5 // 1733 + SYS___NUMERIC_INIT_A = 0x6C6 // 1734 + SYS___RESP_INIT_A = 0x6C7 // 1735 + SYS___RPMATCH_A = 0x6C8 // 1736 + SYS___RPMATCH_C_A = 0x6C9 // 1737 + SYS___RPMATCH_STD_A = 0x6CA // 1738 + SYS___TIME_INIT_A = 0x6CB // 1739 + SYS___STRFTIME_A = 0x6CC // 1740 + SYS___STRFTIME_STD_A = 0x6CD // 1741 + SYS___STRPTIME_A = 0x6CE // 1742 + SYS___STRPTIME_STD_A = 0x6CF // 1743 + SYS___WCSFTIME_A = 0x6D0 // 1744 + SYS___WCSFTIME_STD_A = 0x6D1 // 1745 + SYS_____SPAWN2_A = 0x6D2 // 1746 + SYS_____SPAWNP2_A = 0x6D3 // 1747 + SYS___SYNTAX_INIT_A = 0x6D4 // 1748 + SYS___TOD_INIT_A = 0x6D5 // 1749 + SYS___NL_CSINFO_A = 0x6D6 // 1750 + SYS___NL_MONINFO_A = 0x6D7 // 1751 + SYS___NL_NUMINFO_A = 0x6D8 // 1752 + SYS___NL_RESPINFO_A = 0x6D9 // 1753 + SYS___NL_TIMINFO_A = 0x6DA // 1754 + SYS___IF_NAMETOINDEX_A = 0x6DB // 1755 + SYS___IF_INDEXTONAME_A = 0x6DC // 1756 + SYS___PRINTF_A = 0x6DD // 1757 + SYS___ICONV_OPEN_A = 0x6DE // 1758 + SYS___DLLLOAD_A = 0x6DF // 1759 + SYS___DLLQUERYFN_A = 0x6E0 // 1760 + SYS___DLLQUERYVAR_A = 0x6E1 // 1761 + SYS_____CHATTR_A = 0x6E2 // 1762 + SYS___E2A_L = 0x6E3 // 1763 + SYS_____TOCCSID_A = 0x6E4 // 1764 + SYS_____TOCSNAME_A = 0x6E5 // 1765 + SYS_____CCSIDTYPE_A = 0x6E6 // 1766 + SYS_____CSNAMETYPE_A = 0x6E7 // 1767 + SYS___CHMOD_A = 0x6E8 // 1768 + SYS___MKDIR_A = 0x6E9 // 1769 + SYS___STAT_A = 0x6EA // 1770 + SYS___STAT_O_A = 0x6EB // 1771 + SYS___MKFIFO_A = 0x6EC // 1772 + SYS_____OPEN_STAT_A = 0x6ED // 1773 + SYS___LSTAT_A = 0x6EE // 1774 + SYS___LSTAT_O_A = 0x6EF // 1775 + SYS___MKNOD_A = 0x6F0 // 1776 + SYS___MOUNT_A = 0x6F1 // 1777 + SYS___UMOUNT_A = 0x6F2 // 1778 + SYS___CHAUDIT_A = 0x6F4 // 1780 + SYS___W_GETMNTENT_A = 0x6F5 // 1781 + SYS___CREAT_A = 0x6F6 // 1782 + SYS___OPEN_A = 0x6F7 // 1783 + SYS___SETLOCALE_A = 0x6F9 // 1785 + SYS___FPRINTF_A = 0x6FA // 1786 + SYS___SPRINTF_A = 0x6FB // 1787 + SYS___VFPRINTF_A = 0x6FC // 1788 + SYS___VPRINTF_A = 0x6FD // 1789 + SYS___VSPRINTF_A = 0x6FE // 1790 + SYS___VSWPRINTF_A = 0x6FF // 1791 + SYS___SWPRINTF_A = 0x700 // 1792 + SYS___FSCANF_A = 0x701 // 1793 + SYS___SCANF_A = 0x702 // 1794 + SYS___SSCANF_A = 0x703 // 1795 + SYS___SWSCANF_A = 0x704 // 1796 + SYS___ATOF_A = 0x705 // 1797 + SYS___ATOI_A = 0x706 // 1798 + SYS___ATOL_A = 0x707 // 1799 + SYS___STRTOD_A = 0x708 // 1800 + SYS___STRTOL_A = 0x709 // 1801 + SYS___STRTOUL_A = 0x70A // 1802 + SYS_____AE_CORRESTBL_QUERY_A = 0x70B // 1803 + SYS___A64L_A = 0x70C // 1804 + SYS___ECVT_A = 0x70D // 1805 + SYS___FCVT_A = 0x70E // 1806 + SYS___GCVT_A = 0x70F // 1807 + SYS___L64A_A = 0x710 // 1808 + SYS___STRERROR_A = 0x711 // 1809 + SYS___PERROR_A = 0x712 // 1810 + SYS___FETCH_A = 0x713 // 1811 + SYS___GETENV_A = 0x714 // 1812 + SYS___MKSTEMP_A = 0x717 // 1815 + SYS___PTSNAME_A = 0x718 // 1816 + SYS___PUTENV_A = 0x719 // 1817 + SYS___REALPATH_A = 0x71A // 1818 + SYS___SETENV_A = 0x71B // 1819 + SYS___SYSTEM_A = 0x71C // 1820 + SYS___GETOPT_A = 0x71D // 1821 + SYS___CATOPEN_A = 0x71E // 1822 + SYS___ACCESS_A = 0x71F // 1823 + SYS___CHDIR_A = 0x720 // 1824 + SYS___CHOWN_A = 0x721 // 1825 + SYS___CHROOT_A = 0x722 // 1826 + SYS___GETCWD_A = 0x723 // 1827 + SYS___GETWD_A = 0x724 // 1828 + SYS___LCHOWN_A = 0x725 // 1829 + SYS___LINK_A = 0x726 // 1830 + SYS___PATHCONF_A = 0x727 // 1831 + SYS___IF_NAMEINDEX_A = 0x728 // 1832 + SYS___READLINK_A = 0x729 // 1833 + SYS___RMDIR_A = 0x72A // 1834 + SYS___STATVFS_A = 0x72B // 1835 + SYS___SYMLINK_A = 0x72C // 1836 + SYS___TRUNCATE_A = 0x72D // 1837 + SYS___UNLINK_A = 0x72E // 1838 + SYS___GAI_STRERROR_A = 0x72F // 1839 + SYS___EXTLINK_NP_A = 0x730 // 1840 + SYS___ISALNUM_A = 0x731 // 1841 + SYS___ISALPHA_A = 0x732 // 1842 + SYS___A2E_S = 0x733 // 1843 + SYS___ISCNTRL_A = 0x734 // 1844 + SYS___ISDIGIT_A = 0x735 // 1845 + SYS___ISGRAPH_A = 0x736 // 1846 + SYS___ISLOWER_A = 0x737 // 1847 + SYS___ISPRINT_A = 0x738 // 1848 + SYS___ISPUNCT_A = 0x739 // 1849 + SYS___ISSPACE_A = 0x73A // 1850 + SYS___ISUPPER_A = 0x73B // 1851 + SYS___ISXDIGIT_A = 0x73C // 1852 + SYS___TOLOWER_A = 0x73D // 1853 + SYS___TOUPPER_A = 0x73E // 1854 + SYS___ISWALNUM_A = 0x73F // 1855 + SYS___ISWALPHA_A = 0x740 // 1856 + SYS___A2E_L = 0x741 // 1857 + SYS___ISWCNTRL_A = 0x742 // 1858 + SYS___ISWDIGIT_A = 0x743 // 1859 + SYS___ISWGRAPH_A = 0x744 // 1860 + SYS___ISWLOWER_A = 0x745 // 1861 + SYS___ISWPRINT_A = 0x746 // 1862 + SYS___ISWPUNCT_A = 0x747 // 1863 + SYS___ISWSPACE_A = 0x748 // 1864 + SYS___ISWUPPER_A = 0x749 // 1865 + SYS___ISWXDIGIT_A = 0x74A // 1866 + SYS___CONFSTR_A = 0x74B // 1867 + SYS___FTOK_A = 0x74C // 1868 + SYS___MKTEMP_A = 0x74D // 1869 + SYS___FDOPEN_A = 0x74E // 1870 + SYS___FLDATA_A = 0x74F // 1871 + SYS___REMOVE_A = 0x750 // 1872 + SYS___RENAME_A = 0x751 // 1873 + SYS___TMPNAM_A = 0x752 // 1874 + SYS___FOPEN_A = 0x753 // 1875 + SYS___FREOPEN_A = 0x754 // 1876 + SYS___CUSERID_A = 0x755 // 1877 + SYS___POPEN_A = 0x756 // 1878 + SYS___TEMPNAM_A = 0x757 // 1879 + SYS___FTW_A = 0x758 // 1880 + SYS___GETGRENT_A = 0x759 // 1881 + SYS___GETGRGID_A = 0x75A // 1882 + SYS___GETGRNAM_A = 0x75B // 1883 + SYS___GETGROUPSBYNAME_A = 0x75C // 1884 + SYS___GETHOSTENT_A = 0x75D // 1885 + SYS___GETHOSTNAME_A = 0x75E // 1886 + SYS___GETLOGIN_A = 0x75F // 1887 + SYS___INET_NTOP_A = 0x760 // 1888 + SYS___GETPASS_A = 0x761 // 1889 + SYS___GETPWENT_A = 0x762 // 1890 + SYS___GETPWNAM_A = 0x763 // 1891 + SYS___GETPWUID_A = 0x764 // 1892 + SYS_____CHECK_RESOURCE_AUTH_NP_A = 0x765 // 1893 + SYS___CHECKSCHENV_A = 0x766 // 1894 + SYS___CONNECTSERVER_A = 0x767 // 1895 + SYS___CONNECTWORKMGR_A = 0x768 // 1896 + SYS_____CONSOLE_A = 0x769 // 1897 + SYS___CREATEWORKUNIT_A = 0x76A // 1898 + SYS___CTERMID_A = 0x76B // 1899 + SYS___FMTMSG_A = 0x76C // 1900 + SYS___INITGROUPS_A = 0x76D // 1901 + SYS_____LOGIN_A = 0x76E // 1902 + SYS___MSGRCV_A = 0x76F // 1903 + SYS___MSGSND_A = 0x770 // 1904 + SYS___MSGXRCV_A = 0x771 // 1905 + SYS___NFTW_A = 0x772 // 1906 + SYS_____PASSWD_A = 0x773 // 1907 + SYS___PTHREAD_SECURITY_NP_A = 0x774 // 1908 + SYS___QUERYMETRICS_A = 0x775 // 1909 + SYS___QUERYSCHENV = 0x776 // 1910 + SYS___READV_A = 0x777 // 1911 + SYS_____SERVER_CLASSIFY_A = 0x778 // 1912 + SYS_____SERVER_INIT_A = 0x779 // 1913 + SYS_____SERVER_PWU_A = 0x77A // 1914 + SYS___STRCASECMP_A = 0x77B // 1915 + SYS___STRNCASECMP_A = 0x77C // 1916 + SYS___TTYNAME_A = 0x77D // 1917 + SYS___UNAME_A = 0x77E // 1918 + SYS___UTIMES_A = 0x77F // 1919 + SYS___W_GETPSENT_A = 0x780 // 1920 + SYS___WRITEV_A = 0x781 // 1921 + SYS___W_STATFS_A = 0x782 // 1922 + SYS___W_STATVFS_A = 0x783 // 1923 + SYS___FPUTC_A = 0x784 // 1924 + SYS___PUTCHAR_A = 0x785 // 1925 + SYS___PUTS_A = 0x786 // 1926 + SYS___FGETS_A = 0x787 // 1927 + SYS___GETS_A = 0x788 // 1928 + SYS___FPUTS_A = 0x789 // 1929 + SYS___FREAD_A = 0x78A // 1930 + SYS___FWRITE_A = 0x78B // 1931 + SYS___OPEN_O_A = 0x78C // 1932 + SYS___ISASCII = 0x78D // 1933 + SYS___CREAT_O_A = 0x78E // 1934 + SYS___ENVNA = 0x78F // 1935 + SYS___PUTC_A = 0x790 // 1936 + SYS___AE_THREAD_SETMODE = 0x791 // 1937 + SYS___AE_THREAD_SWAPMODE = 0x792 // 1938 + SYS___GETNETBYADDR_A = 0x793 // 1939 + SYS___GETNETBYNAME_A = 0x794 // 1940 + SYS___GETNETENT_A = 0x795 // 1941 + SYS___GETPROTOBYNAME_A = 0x796 // 1942 + SYS___GETPROTOBYNUMBER_A = 0x797 // 1943 + SYS___GETPROTOENT_A = 0x798 // 1944 + SYS___GETSERVBYNAME_A = 0x799 // 1945 + SYS___GETSERVBYPORT_A = 0x79A // 1946 + SYS___GETSERVENT_A = 0x79B // 1947 + SYS___ASCTIME_A = 0x79C // 1948 + SYS___CTIME_A = 0x79D // 1949 + SYS___GETDATE_A = 0x79E // 1950 + SYS___TZSET_A = 0x79F // 1951 + SYS___UTIME_A = 0x7A0 // 1952 + SYS___ASCTIME_R_A = 0x7A1 // 1953 + SYS___CTIME_R_A = 0x7A2 // 1954 + SYS___STRTOLL_A = 0x7A3 // 1955 + SYS___STRTOULL_A = 0x7A4 // 1956 + SYS___FPUTWC_A = 0x7A5 // 1957 + SYS___PUTWC_A = 0x7A6 // 1958 + SYS___PUTWCHAR_A = 0x7A7 // 1959 + SYS___FPUTWS_A = 0x7A8 // 1960 + SYS___UNGETWC_A = 0x7A9 // 1961 + SYS___FGETWC_A = 0x7AA // 1962 + SYS___GETWC_A = 0x7AB // 1963 + SYS___GETWCHAR_A = 0x7AC // 1964 + SYS___FGETWS_A = 0x7AD // 1965 + SYS___GETTIMEOFDAY_A = 0x7AE // 1966 + SYS___GMTIME_A = 0x7AF // 1967 + SYS___GMTIME_R_A = 0x7B0 // 1968 + SYS___LOCALTIME_A = 0x7B1 // 1969 + SYS___LOCALTIME_R_A = 0x7B2 // 1970 + SYS___MKTIME_A = 0x7B3 // 1971 + SYS___TZZNA = 0x7B4 // 1972 + SYS_UNATEXIT = 0x7B5 // 1973 + SYS___CEE3DMP_A = 0x7B6 // 1974 + SYS___CDUMP_A = 0x7B7 // 1975 + SYS___CSNAP_A = 0x7B8 // 1976 + SYS___CTEST_A = 0x7B9 // 1977 + SYS___CTRACE_A = 0x7BA // 1978 + SYS___VSWPRNTF2_A = 0x7BB // 1979 + SYS___INET_PTON_A = 0x7BC // 1980 + SYS___SYSLOG_A = 0x7BD // 1981 + SYS___CRYPT_A = 0x7BE // 1982 + SYS_____OPENDIR2_A = 0x7BF // 1983 + SYS_____READDIR2_A = 0x7C0 // 1984 + SYS___OPENDIR_A = 0x7C2 // 1986 + SYS___READDIR_A = 0x7C3 // 1987 + SYS_PREAD = 0x7C7 // 1991 + SYS_PWRITE = 0x7C8 // 1992 + SYS_M_CREATE_LAYOUT = 0x7C9 // 1993 + SYS_M_DESTROY_LAYOUT = 0x7CA // 1994 + SYS_M_GETVALUES_LAYOUT = 0x7CB // 1995 + SYS_M_SETVALUES_LAYOUT = 0x7CC // 1996 + SYS_M_TRANSFORM_LAYOUT = 0x7CD // 1997 + SYS_M_WTRANSFORM_LAYOUT = 0x7CE // 1998 + SYS_FWPRINTF = 0x7D1 // 2001 + SYS_WPRINTF = 0x7D2 // 2002 + SYS_VFWPRINT = 0x7D3 // 2003 + SYS_VFWPRINTF = 0x7D3 // 2003 + SYS_VWPRINTF = 0x7D4 // 2004 + SYS_FWSCANF = 0x7D5 // 2005 + SYS_WSCANF = 0x7D6 // 2006 + SYS_WCTRANS = 0x7D7 // 2007 + SYS_TOWCTRAN = 0x7D8 // 2008 + SYS_TOWCTRANS = 0x7D8 // 2008 + SYS___WCSTOD_A = 0x7D9 // 2009 + SYS___WCSTOL_A = 0x7DA // 2010 + SYS___WCSTOUL_A = 0x7DB // 2011 + SYS___BASENAME_A = 0x7DC // 2012 + SYS___DIRNAME_A = 0x7DD // 2013 + SYS___GLOB_A = 0x7DE // 2014 + SYS_FWIDE = 0x7DF // 2015 + SYS___OSNAME = 0x7E0 // 2016 + SYS_____OSNAME_A = 0x7E1 // 2017 + SYS___BTOWC_A = 0x7E4 // 2020 + SYS___WCTOB_A = 0x7E5 // 2021 + SYS___DBM_OPEN_A = 0x7E6 // 2022 + SYS___VFPRINTF2_A = 0x7E7 // 2023 + SYS___VPRINTF2_A = 0x7E8 // 2024 + SYS___VSPRINTF2_A = 0x7E9 // 2025 + SYS___CEIL_H = 0x7EA // 2026 + SYS___FLOOR_H = 0x7EB // 2027 + SYS___MODF_H = 0x7EC // 2028 + SYS___FABS_H = 0x7ED // 2029 + SYS___J0_H = 0x7EE // 2030 + SYS___J1_H = 0x7EF // 2031 + SYS___JN_H = 0x7F0 // 2032 + SYS___Y0_H = 0x7F1 // 2033 + SYS___Y1_H = 0x7F2 // 2034 + SYS___YN_H = 0x7F3 // 2035 + SYS___CEILF_H = 0x7F4 // 2036 + SYS___CEILL_H = 0x7F5 // 2037 + SYS___FLOORF_H = 0x7F6 // 2038 + SYS___FLOORL_H = 0x7F7 // 2039 + SYS___MODFF_H = 0x7F8 // 2040 + SYS___MODFL_H = 0x7F9 // 2041 + SYS___FABSF_H = 0x7FA // 2042 + SYS___FABSL_H = 0x7FB // 2043 + SYS___MALLOC24 = 0x7FC // 2044 + SYS___MALLOC31 = 0x7FD // 2045 + SYS_ACL_INIT = 0x7FE // 2046 + SYS_ACL_FREE = 0x7FF // 2047 + SYS_ACL_FIRST_ENTRY = 0x800 // 2048 + SYS_ACL_GET_ENTRY = 0x801 // 2049 + SYS_ACL_VALID = 0x802 // 2050 + SYS_ACL_CREATE_ENTRY = 0x803 // 2051 + SYS_ACL_DELETE_ENTRY = 0x804 // 2052 + SYS_ACL_UPDATE_ENTRY = 0x805 // 2053 + SYS_ACL_DELETE_FD = 0x806 // 2054 + SYS_ACL_DELETE_FILE = 0x807 // 2055 + SYS_ACL_GET_FD = 0x808 // 2056 + SYS_ACL_GET_FILE = 0x809 // 2057 + SYS_ACL_SET_FD = 0x80A // 2058 + SYS_ACL_SET_FILE = 0x80B // 2059 + SYS_ACL_FROM_TEXT = 0x80C // 2060 + SYS_ACL_TO_TEXT = 0x80D // 2061 + SYS_ACL_SORT = 0x80E // 2062 + SYS___SHUTDOWN_REGISTRATION = 0x80F // 2063 + SYS___ERFL_B = 0x810 // 2064 + SYS___ERFCL_B = 0x811 // 2065 + SYS___LGAMMAL_B = 0x812 // 2066 + SYS___SETHOOKEVENTS = 0x813 // 2067 + SYS_IF_NAMETOINDEX = 0x814 // 2068 + SYS_IF_INDEXTONAME = 0x815 // 2069 + SYS_IF_NAMEINDEX = 0x816 // 2070 + SYS_IF_FREENAMEINDEX = 0x817 // 2071 + SYS_GETADDRINFO = 0x818 // 2072 + SYS_GETNAMEINFO = 0x819 // 2073 + SYS_FREEADDRINFO = 0x81A // 2074 + SYS_GAI_STRERROR = 0x81B // 2075 + SYS_REXEC_AF = 0x81C // 2076 + SYS___POE = 0x81D // 2077 + SYS___DYNALLOC_A = 0x81F // 2079 + SYS___DYNFREE_A = 0x820 // 2080 + SYS___RES_QUERY_A = 0x821 // 2081 + SYS___RES_SEARCH_A = 0x822 // 2082 + SYS___RES_QUERYDOMAIN_A = 0x823 // 2083 + SYS___RES_MKQUERY_A = 0x824 // 2084 + SYS___RES_SEND_A = 0x825 // 2085 + SYS___DN_EXPAND_A = 0x826 // 2086 + SYS___DN_SKIPNAME_A = 0x827 // 2087 + SYS___DN_COMP_A = 0x828 // 2088 + SYS___DN_FIND_A = 0x829 // 2089 + SYS___NLIST_A = 0x82A // 2090 + SYS_____TCGETCP_A = 0x82B // 2091 + SYS_____TCSETCP_A = 0x82C // 2092 + SYS_____W_PIOCTL_A = 0x82E // 2094 + SYS___INET_ADDR_A = 0x82F // 2095 + SYS___INET_NTOA_A = 0x830 // 2096 + SYS___INET_NETWORK_A = 0x831 // 2097 + SYS___ACCEPT_A = 0x832 // 2098 + SYS___ACCEPT_AND_RECV_A = 0x833 // 2099 + SYS___BIND_A = 0x834 // 2100 + SYS___CONNECT_A = 0x835 // 2101 + SYS___GETPEERNAME_A = 0x836 // 2102 + SYS___GETSOCKNAME_A = 0x837 // 2103 + SYS___RECVFROM_A = 0x838 // 2104 + SYS___SENDTO_A = 0x839 // 2105 + SYS___SENDMSG_A = 0x83A // 2106 + SYS___RECVMSG_A = 0x83B // 2107 + SYS_____LCHATTR_A = 0x83C // 2108 + SYS___CABEND = 0x83D // 2109 + SYS___LE_CIB_GET = 0x83E // 2110 + SYS___SET_LAA_FOR_JIT = 0x83F // 2111 + SYS___LCHATTR = 0x840 // 2112 + SYS___WRITEDOWN = 0x841 // 2113 + SYS_PTHREAD_MUTEX_INIT2 = 0x842 // 2114 + SYS___ACOSHF_B = 0x843 // 2115 + SYS___ACOSHL_B = 0x844 // 2116 + SYS___ASINHF_B = 0x845 // 2117 + SYS___ASINHL_B = 0x846 // 2118 + SYS___ATANHF_B = 0x847 // 2119 + SYS___ATANHL_B = 0x848 // 2120 + SYS___CBRTF_B = 0x849 // 2121 + SYS___CBRTL_B = 0x84A // 2122 + SYS___COPYSIGNF_B = 0x84B // 2123 + SYS___COPYSIGNL_B = 0x84C // 2124 + SYS___COTANF_B = 0x84D // 2125 + SYS___COTAN_B = 0x84E // 2126 + SYS___COTANL_B = 0x84F // 2127 + SYS___EXP2F_B = 0x850 // 2128 + SYS___EXP2L_B = 0x851 // 2129 + SYS___EXPM1F_B = 0x852 // 2130 + SYS___EXPM1L_B = 0x853 // 2131 + SYS___FDIMF_B = 0x854 // 2132 + SYS___FDIM_B = 0x855 // 2133 + SYS___FDIML_B = 0x856 // 2134 + SYS___HYPOTF_B = 0x857 // 2135 + SYS___HYPOTL_B = 0x858 // 2136 + SYS___LOG1PF_B = 0x859 // 2137 + SYS___LOG1PL_B = 0x85A // 2138 + SYS___LOG2F_B = 0x85B // 2139 + SYS___LOG2_B = 0x85C // 2140 + SYS___LOG2L_B = 0x85D // 2141 + SYS___REMAINDERF_B = 0x85E // 2142 + SYS___REMAINDERL_B = 0x85F // 2143 + SYS___REMQUOF_B = 0x860 // 2144 + SYS___REMQUO_B = 0x861 // 2145 + SYS___REMQUOL_B = 0x862 // 2146 + SYS___TGAMMAF_B = 0x863 // 2147 + SYS___TGAMMA_B = 0x864 // 2148 + SYS___TGAMMAL_B = 0x865 // 2149 + SYS___TRUNCF_B = 0x866 // 2150 + SYS___TRUNC_B = 0x867 // 2151 + SYS___TRUNCL_B = 0x868 // 2152 + SYS___LGAMMAF_B = 0x869 // 2153 + SYS___LROUNDF_B = 0x86A // 2154 + SYS___LROUND_B = 0x86B // 2155 + SYS___ERFF_B = 0x86C // 2156 + SYS___ERFCF_B = 0x86D // 2157 + SYS_ACOSHF = 0x86E // 2158 + SYS_ACOSHL = 0x86F // 2159 + SYS_ASINHF = 0x870 // 2160 + SYS_ASINHL = 0x871 // 2161 + SYS_ATANHF = 0x872 // 2162 + SYS_ATANHL = 0x873 // 2163 + SYS_CBRTF = 0x874 // 2164 + SYS_CBRTL = 0x875 // 2165 + SYS_COPYSIGNF = 0x876 // 2166 + SYS_CPYSIGNF = 0x876 // 2166 + SYS_COPYSIGNL = 0x877 // 2167 + SYS_CPYSIGNL = 0x877 // 2167 + SYS_COTANF = 0x878 // 2168 + SYS___COTANF = 0x878 // 2168 + SYS_COTAN = 0x879 // 2169 + SYS___COTAN = 0x879 // 2169 + SYS_COTANL = 0x87A // 2170 + SYS___COTANL = 0x87A // 2170 + SYS_EXP2F = 0x87B // 2171 + SYS_EXP2L = 0x87C // 2172 + SYS_EXPM1F = 0x87D // 2173 + SYS_EXPM1L = 0x87E // 2174 + SYS_FDIMF = 0x87F // 2175 + SYS_FDIM = 0x881 // 2177 + SYS_FDIML = 0x882 // 2178 + SYS_HYPOTF = 0x883 // 2179 + SYS_HYPOTL = 0x884 // 2180 + SYS_LOG1PF = 0x885 // 2181 + SYS_LOG1PL = 0x886 // 2182 + SYS_LOG2F = 0x887 // 2183 + SYS_LOG2 = 0x888 // 2184 + SYS_LOG2L = 0x889 // 2185 + SYS_REMAINDERF = 0x88A // 2186 + SYS_REMAINDF = 0x88A // 2186 + SYS_REMAINDERL = 0x88B // 2187 + SYS_REMAINDL = 0x88B // 2187 + SYS_REMQUOF = 0x88C // 2188 + SYS_REMQUO = 0x88D // 2189 + SYS_REMQUOL = 0x88E // 2190 + SYS_TGAMMAF = 0x88F // 2191 + SYS_TGAMMA = 0x890 // 2192 + SYS_TGAMMAL = 0x891 // 2193 + SYS_TRUNCF = 0x892 // 2194 + SYS_TRUNC = 0x893 // 2195 + SYS_TRUNCL = 0x894 // 2196 + SYS_LGAMMAF = 0x895 // 2197 + SYS_LGAMMAL = 0x896 // 2198 + SYS_LROUNDF = 0x897 // 2199 + SYS_LROUND = 0x898 // 2200 + SYS_ERFF = 0x899 // 2201 + SYS_ERFL = 0x89A // 2202 + SYS_ERFCF = 0x89B // 2203 + SYS_ERFCL = 0x89C // 2204 + SYS___EXP2_B = 0x89D // 2205 + SYS_EXP2 = 0x89E // 2206 + SYS___FAR_JUMP = 0x89F // 2207 + SYS___TCGETATTR_A = 0x8A1 // 2209 + SYS___TCSETATTR_A = 0x8A2 // 2210 + SYS___SUPERKILL = 0x8A4 // 2212 + SYS___LE_CONDITION_TOKEN_BUILD = 0x8A5 // 2213 + SYS___LE_MSG_ADD_INSERT = 0x8A6 // 2214 + SYS___LE_MSG_GET = 0x8A7 // 2215 + SYS___LE_MSG_GET_AND_WRITE = 0x8A8 // 2216 + SYS___LE_MSG_WRITE = 0x8A9 // 2217 + SYS___ITOA = 0x8AA // 2218 + SYS___UTOA = 0x8AB // 2219 + SYS___LTOA = 0x8AC // 2220 + SYS___ULTOA = 0x8AD // 2221 + SYS___LLTOA = 0x8AE // 2222 + SYS___ULLTOA = 0x8AF // 2223 + SYS___ITOA_A = 0x8B0 // 2224 + SYS___UTOA_A = 0x8B1 // 2225 + SYS___LTOA_A = 0x8B2 // 2226 + SYS___ULTOA_A = 0x8B3 // 2227 + SYS___LLTOA_A = 0x8B4 // 2228 + SYS___ULLTOA_A = 0x8B5 // 2229 + SYS_____GETENV_A = 0x8C3 // 2243 + SYS___REXEC_A = 0x8C4 // 2244 + SYS___REXEC_AF_A = 0x8C5 // 2245 + SYS___GETUTXENT_A = 0x8C6 // 2246 + SYS___GETUTXID_A = 0x8C7 // 2247 + SYS___GETUTXLINE_A = 0x8C8 // 2248 + SYS___PUTUTXLINE_A = 0x8C9 // 2249 + SYS_____UTMPXNAME_A = 0x8CA // 2250 + SYS___PUTC_UNLOCKED_A = 0x8CB // 2251 + SYS___PUTCHAR_UNLOCKED_A = 0x8CC // 2252 + SYS___SNPRINTF_A = 0x8CD // 2253 + SYS___VSNPRINTF_A = 0x8CE // 2254 + SYS___DLOPEN_A = 0x8D0 // 2256 + SYS___DLSYM_A = 0x8D1 // 2257 + SYS___DLERROR_A = 0x8D2 // 2258 + SYS_FLOCKFILE = 0x8D3 // 2259 + SYS_FTRYLOCKFILE = 0x8D4 // 2260 + SYS_FUNLOCKFILE = 0x8D5 // 2261 + SYS_GETC_UNLOCKED = 0x8D6 // 2262 + SYS_GETCHAR_UNLOCKED = 0x8D7 // 2263 + SYS_PUTC_UNLOCKED = 0x8D8 // 2264 + SYS_PUTCHAR_UNLOCKED = 0x8D9 // 2265 + SYS_SNPRINTF = 0x8DA // 2266 + SYS_VSNPRINTF = 0x8DB // 2267 + SYS_DLOPEN = 0x8DD // 2269 + SYS_DLSYM = 0x8DE // 2270 + SYS_DLCLOSE = 0x8DF // 2271 + SYS_DLERROR = 0x8E0 // 2272 + SYS___SET_EXCEPTION_HANDLER = 0x8E2 // 2274 + SYS___RESET_EXCEPTION_HANDLER = 0x8E3 // 2275 + SYS___VHM_EVENT = 0x8E4 // 2276 + SYS___ABS_H = 0x8E6 // 2278 + SYS___ABSF_H = 0x8E7 // 2279 + SYS___ABSL_H = 0x8E8 // 2280 + SYS___ACOS_H = 0x8E9 // 2281 + SYS___ACOSF_H = 0x8EA // 2282 + SYS___ACOSL_H = 0x8EB // 2283 + SYS___ACOSH_H = 0x8EC // 2284 + SYS___ASIN_H = 0x8ED // 2285 + SYS___ASINF_H = 0x8EE // 2286 + SYS___ASINL_H = 0x8EF // 2287 + SYS___ASINH_H = 0x8F0 // 2288 + SYS___ATAN_H = 0x8F1 // 2289 + SYS___ATANF_H = 0x8F2 // 2290 + SYS___ATANL_H = 0x8F3 // 2291 + SYS___ATANH_H = 0x8F4 // 2292 + SYS___ATANHF_H = 0x8F5 // 2293 + SYS___ATANHL_H = 0x8F6 // 2294 + SYS___ATAN2_H = 0x8F7 // 2295 + SYS___ATAN2F_H = 0x8F8 // 2296 + SYS___ATAN2L_H = 0x8F9 // 2297 + SYS___CBRT_H = 0x8FA // 2298 + SYS___COPYSIGNF_H = 0x8FB // 2299 + SYS___COPYSIGNL_H = 0x8FC // 2300 + SYS___COS_H = 0x8FD // 2301 + SYS___COSF_H = 0x8FE // 2302 + SYS___COSL_H = 0x8FF // 2303 + SYS___COSHF_H = 0x900 // 2304 + SYS___COSHL_H = 0x901 // 2305 + SYS___COTAN_H = 0x902 // 2306 + SYS___COTANF_H = 0x903 // 2307 + SYS___COTANL_H = 0x904 // 2308 + SYS___ERF_H = 0x905 // 2309 + SYS___ERFF_H = 0x906 // 2310 + SYS___ERFL_H = 0x907 // 2311 + SYS___ERFC_H = 0x908 // 2312 + SYS___ERFCF_H = 0x909 // 2313 + SYS___ERFCL_H = 0x90A // 2314 + SYS___EXP_H = 0x90B // 2315 + SYS___EXPF_H = 0x90C // 2316 + SYS___EXPL_H = 0x90D // 2317 + SYS___EXPM1_H = 0x90E // 2318 + SYS___FDIM_H = 0x90F // 2319 + SYS___FDIMF_H = 0x910 // 2320 + SYS___FDIML_H = 0x911 // 2321 + SYS___FMOD_H = 0x912 // 2322 + SYS___FMODF_H = 0x913 // 2323 + SYS___FMODL_H = 0x914 // 2324 + SYS___GAMMA_H = 0x915 // 2325 + SYS___HYPOT_H = 0x916 // 2326 + SYS___ILOGB_H = 0x917 // 2327 + SYS___LGAMMA_H = 0x918 // 2328 + SYS___LGAMMAF_H = 0x919 // 2329 + SYS___LOG_H = 0x91A // 2330 + SYS___LOGF_H = 0x91B // 2331 + SYS___LOGL_H = 0x91C // 2332 + SYS___LOGB_H = 0x91D // 2333 + SYS___LOG2_H = 0x91E // 2334 + SYS___LOG2F_H = 0x91F // 2335 + SYS___LOG2L_H = 0x920 // 2336 + SYS___LOG1P_H = 0x921 // 2337 + SYS___LOG10_H = 0x922 // 2338 + SYS___LOG10F_H = 0x923 // 2339 + SYS___LOG10L_H = 0x924 // 2340 + SYS___LROUND_H = 0x925 // 2341 + SYS___LROUNDF_H = 0x926 // 2342 + SYS___NEXTAFTER_H = 0x927 // 2343 + SYS___POW_H = 0x928 // 2344 + SYS___POWF_H = 0x929 // 2345 + SYS___POWL_H = 0x92A // 2346 + SYS___REMAINDER_H = 0x92B // 2347 + SYS___RINT_H = 0x92C // 2348 + SYS___SCALB_H = 0x92D // 2349 + SYS___SIN_H = 0x92E // 2350 + SYS___SINF_H = 0x92F // 2351 + SYS___SINL_H = 0x930 // 2352 + SYS___SINH_H = 0x931 // 2353 + SYS___SINHF_H = 0x932 // 2354 + SYS___SINHL_H = 0x933 // 2355 + SYS___SQRT_H = 0x934 // 2356 + SYS___SQRTF_H = 0x935 // 2357 + SYS___SQRTL_H = 0x936 // 2358 + SYS___TAN_H = 0x937 // 2359 + SYS___TANF_H = 0x938 // 2360 + SYS___TANL_H = 0x939 // 2361 + SYS___TANH_H = 0x93A // 2362 + SYS___TANHF_H = 0x93B // 2363 + SYS___TANHL_H = 0x93C // 2364 + SYS___TGAMMA_H = 0x93D // 2365 + SYS___TGAMMAF_H = 0x93E // 2366 + SYS___TRUNC_H = 0x93F // 2367 + SYS___TRUNCF_H = 0x940 // 2368 + SYS___TRUNCL_H = 0x941 // 2369 + SYS___COSH_H = 0x942 // 2370 + SYS___LE_DEBUG_SET_RESUME_MCH = 0x943 // 2371 + SYS_VFSCANF = 0x944 // 2372 + SYS_VSCANF = 0x946 // 2374 + SYS_VSSCANF = 0x948 // 2376 + SYS_VFWSCANF = 0x94A // 2378 + SYS_VWSCANF = 0x94C // 2380 + SYS_VSWSCANF = 0x94E // 2382 + SYS_IMAXABS = 0x950 // 2384 + SYS_IMAXDIV = 0x951 // 2385 + SYS_STRTOIMAX = 0x952 // 2386 + SYS_STRTOUMAX = 0x953 // 2387 + SYS_WCSTOIMAX = 0x954 // 2388 + SYS_WCSTOUMAX = 0x955 // 2389 + SYS_ATOLL = 0x956 // 2390 + SYS_STRTOF = 0x957 // 2391 + SYS_STRTOLD = 0x958 // 2392 + SYS_WCSTOF = 0x959 // 2393 + SYS_WCSTOLD = 0x95A // 2394 + SYS_INET6_RTH_SPACE = 0x95B // 2395 + SYS_INET6_RTH_INIT = 0x95C // 2396 + SYS_INET6_RTH_ADD = 0x95D // 2397 + SYS_INET6_RTH_REVERSE = 0x95E // 2398 + SYS_INET6_RTH_SEGMENTS = 0x95F // 2399 + SYS_INET6_RTH_GETADDR = 0x960 // 2400 + SYS_INET6_OPT_INIT = 0x961 // 2401 + SYS_INET6_OPT_APPEND = 0x962 // 2402 + SYS_INET6_OPT_FINISH = 0x963 // 2403 + SYS_INET6_OPT_SET_VAL = 0x964 // 2404 + SYS_INET6_OPT_NEXT = 0x965 // 2405 + SYS_INET6_OPT_FIND = 0x966 // 2406 + SYS_INET6_OPT_GET_VAL = 0x967 // 2407 + SYS___POW_I = 0x987 // 2439 + SYS___POW_I_B = 0x988 // 2440 + SYS___POW_I_H = 0x989 // 2441 + SYS___POW_II = 0x98A // 2442 + SYS___POW_II_B = 0x98B // 2443 + SYS___POW_II_H = 0x98C // 2444 + SYS_CABS = 0x98E // 2446 + SYS___CABS_B = 0x98F // 2447 + SYS___CABS_H = 0x990 // 2448 + SYS_CABSF = 0x991 // 2449 + SYS___CABSF_B = 0x992 // 2450 + SYS___CABSF_H = 0x993 // 2451 + SYS_CABSL = 0x994 // 2452 + SYS___CABSL_B = 0x995 // 2453 + SYS___CABSL_H = 0x996 // 2454 + SYS_CACOS = 0x997 // 2455 + SYS___CACOS_B = 0x998 // 2456 + SYS___CACOS_H = 0x999 // 2457 + SYS_CACOSF = 0x99A // 2458 + SYS___CACOSF_B = 0x99B // 2459 + SYS___CACOSF_H = 0x99C // 2460 + SYS_CACOSL = 0x99D // 2461 + SYS___CACOSL_B = 0x99E // 2462 + SYS___CACOSL_H = 0x99F // 2463 + SYS_CACOSH = 0x9A0 // 2464 + SYS___CACOSH_B = 0x9A1 // 2465 + SYS___CACOSH_H = 0x9A2 // 2466 + SYS_CACOSHF = 0x9A3 // 2467 + SYS___CACOSHF_B = 0x9A4 // 2468 + SYS___CACOSHF_H = 0x9A5 // 2469 + SYS_CACOSHL = 0x9A6 // 2470 + SYS___CACOSHL_B = 0x9A7 // 2471 + SYS___CACOSHL_H = 0x9A8 // 2472 + SYS_CARG = 0x9A9 // 2473 + SYS___CARG_B = 0x9AA // 2474 + SYS___CARG_H = 0x9AB // 2475 + SYS_CARGF = 0x9AC // 2476 + SYS___CARGF_B = 0x9AD // 2477 + SYS___CARGF_H = 0x9AE // 2478 + SYS_CARGL = 0x9AF // 2479 + SYS___CARGL_B = 0x9B0 // 2480 + SYS___CARGL_H = 0x9B1 // 2481 + SYS_CASIN = 0x9B2 // 2482 + SYS___CASIN_B = 0x9B3 // 2483 + SYS___CASIN_H = 0x9B4 // 2484 + SYS_CASINF = 0x9B5 // 2485 + SYS___CASINF_B = 0x9B6 // 2486 + SYS___CASINF_H = 0x9B7 // 2487 + SYS_CASINL = 0x9B8 // 2488 + SYS___CASINL_B = 0x9B9 // 2489 + SYS___CASINL_H = 0x9BA // 2490 + SYS_CASINH = 0x9BB // 2491 + SYS___CASINH_B = 0x9BC // 2492 + SYS___CASINH_H = 0x9BD // 2493 + SYS_CASINHF = 0x9BE // 2494 + SYS___CASINHF_B = 0x9BF // 2495 + SYS___CASINHF_H = 0x9C0 // 2496 + SYS_CASINHL = 0x9C1 // 2497 + SYS___CASINHL_B = 0x9C2 // 2498 + SYS___CASINHL_H = 0x9C3 // 2499 + SYS_CATAN = 0x9C4 // 2500 + SYS___CATAN_B = 0x9C5 // 2501 + SYS___CATAN_H = 0x9C6 // 2502 + SYS_CATANF = 0x9C7 // 2503 + SYS___CATANF_B = 0x9C8 // 2504 + SYS___CATANF_H = 0x9C9 // 2505 + SYS_CATANL = 0x9CA // 2506 + SYS___CATANL_B = 0x9CB // 2507 + SYS___CATANL_H = 0x9CC // 2508 + SYS_CATANH = 0x9CD // 2509 + SYS___CATANH_B = 0x9CE // 2510 + SYS___CATANH_H = 0x9CF // 2511 + SYS_CATANHF = 0x9D0 // 2512 + SYS___CATANHF_B = 0x9D1 // 2513 + SYS___CATANHF_H = 0x9D2 // 2514 + SYS_CATANHL = 0x9D3 // 2515 + SYS___CATANHL_B = 0x9D4 // 2516 + SYS___CATANHL_H = 0x9D5 // 2517 + SYS_CCOS = 0x9D6 // 2518 + SYS___CCOS_B = 0x9D7 // 2519 + SYS___CCOS_H = 0x9D8 // 2520 + SYS_CCOSF = 0x9D9 // 2521 + SYS___CCOSF_B = 0x9DA // 2522 + SYS___CCOSF_H = 0x9DB // 2523 + SYS_CCOSL = 0x9DC // 2524 + SYS___CCOSL_B = 0x9DD // 2525 + SYS___CCOSL_H = 0x9DE // 2526 + SYS_CCOSH = 0x9DF // 2527 + SYS___CCOSH_B = 0x9E0 // 2528 + SYS___CCOSH_H = 0x9E1 // 2529 + SYS_CCOSHF = 0x9E2 // 2530 + SYS___CCOSHF_B = 0x9E3 // 2531 + SYS___CCOSHF_H = 0x9E4 // 2532 + SYS_CCOSHL = 0x9E5 // 2533 + SYS___CCOSHL_B = 0x9E6 // 2534 + SYS___CCOSHL_H = 0x9E7 // 2535 + SYS_CEXP = 0x9E8 // 2536 + SYS___CEXP_B = 0x9E9 // 2537 + SYS___CEXP_H = 0x9EA // 2538 + SYS_CEXPF = 0x9EB // 2539 + SYS___CEXPF_B = 0x9EC // 2540 + SYS___CEXPF_H = 0x9ED // 2541 + SYS_CEXPL = 0x9EE // 2542 + SYS___CEXPL_B = 0x9EF // 2543 + SYS___CEXPL_H = 0x9F0 // 2544 + SYS_CIMAG = 0x9F1 // 2545 + SYS___CIMAG_B = 0x9F2 // 2546 + SYS___CIMAG_H = 0x9F3 // 2547 + SYS_CIMAGF = 0x9F4 // 2548 + SYS___CIMAGF_B = 0x9F5 // 2549 + SYS___CIMAGF_H = 0x9F6 // 2550 + SYS_CIMAGL = 0x9F7 // 2551 + SYS___CIMAGL_B = 0x9F8 // 2552 + SYS___CIMAGL_H = 0x9F9 // 2553 + SYS___CLOG = 0x9FA // 2554 + SYS___CLOG_B = 0x9FB // 2555 + SYS___CLOG_H = 0x9FC // 2556 + SYS_CLOGF = 0x9FD // 2557 + SYS___CLOGF_B = 0x9FE // 2558 + SYS___CLOGF_H = 0x9FF // 2559 + SYS_CLOGL = 0xA00 // 2560 + SYS___CLOGL_B = 0xA01 // 2561 + SYS___CLOGL_H = 0xA02 // 2562 + SYS_CONJ = 0xA03 // 2563 + SYS___CONJ_B = 0xA04 // 2564 + SYS___CONJ_H = 0xA05 // 2565 + SYS_CONJF = 0xA06 // 2566 + SYS___CONJF_B = 0xA07 // 2567 + SYS___CONJF_H = 0xA08 // 2568 + SYS_CONJL = 0xA09 // 2569 + SYS___CONJL_B = 0xA0A // 2570 + SYS___CONJL_H = 0xA0B // 2571 + SYS_CPOW = 0xA0C // 2572 + SYS___CPOW_B = 0xA0D // 2573 + SYS___CPOW_H = 0xA0E // 2574 + SYS_CPOWF = 0xA0F // 2575 + SYS___CPOWF_B = 0xA10 // 2576 + SYS___CPOWF_H = 0xA11 // 2577 + SYS_CPOWL = 0xA12 // 2578 + SYS___CPOWL_B = 0xA13 // 2579 + SYS___CPOWL_H = 0xA14 // 2580 + SYS_CPROJ = 0xA15 // 2581 + SYS___CPROJ_B = 0xA16 // 2582 + SYS___CPROJ_H = 0xA17 // 2583 + SYS_CPROJF = 0xA18 // 2584 + SYS___CPROJF_B = 0xA19 // 2585 + SYS___CPROJF_H = 0xA1A // 2586 + SYS_CPROJL = 0xA1B // 2587 + SYS___CPROJL_B = 0xA1C // 2588 + SYS___CPROJL_H = 0xA1D // 2589 + SYS_CREAL = 0xA1E // 2590 + SYS___CREAL_B = 0xA1F // 2591 + SYS___CREAL_H = 0xA20 // 2592 + SYS_CREALF = 0xA21 // 2593 + SYS___CREALF_B = 0xA22 // 2594 + SYS___CREALF_H = 0xA23 // 2595 + SYS_CREALL = 0xA24 // 2596 + SYS___CREALL_B = 0xA25 // 2597 + SYS___CREALL_H = 0xA26 // 2598 + SYS_CSIN = 0xA27 // 2599 + SYS___CSIN_B = 0xA28 // 2600 + SYS___CSIN_H = 0xA29 // 2601 + SYS_CSINF = 0xA2A // 2602 + SYS___CSINF_B = 0xA2B // 2603 + SYS___CSINF_H = 0xA2C // 2604 + SYS_CSINL = 0xA2D // 2605 + SYS___CSINL_B = 0xA2E // 2606 + SYS___CSINL_H = 0xA2F // 2607 + SYS_CSINH = 0xA30 // 2608 + SYS___CSINH_B = 0xA31 // 2609 + SYS___CSINH_H = 0xA32 // 2610 + SYS_CSINHF = 0xA33 // 2611 + SYS___CSINHF_B = 0xA34 // 2612 + SYS___CSINHF_H = 0xA35 // 2613 + SYS_CSINHL = 0xA36 // 2614 + SYS___CSINHL_B = 0xA37 // 2615 + SYS___CSINHL_H = 0xA38 // 2616 + SYS_CSQRT = 0xA39 // 2617 + SYS___CSQRT_B = 0xA3A // 2618 + SYS___CSQRT_H = 0xA3B // 2619 + SYS_CSQRTF = 0xA3C // 2620 + SYS___CSQRTF_B = 0xA3D // 2621 + SYS___CSQRTF_H = 0xA3E // 2622 + SYS_CSQRTL = 0xA3F // 2623 + SYS___CSQRTL_B = 0xA40 // 2624 + SYS___CSQRTL_H = 0xA41 // 2625 + SYS_CTAN = 0xA42 // 2626 + SYS___CTAN_B = 0xA43 // 2627 + SYS___CTAN_H = 0xA44 // 2628 + SYS_CTANF = 0xA45 // 2629 + SYS___CTANF_B = 0xA46 // 2630 + SYS___CTANF_H = 0xA47 // 2631 + SYS_CTANL = 0xA48 // 2632 + SYS___CTANL_B = 0xA49 // 2633 + SYS___CTANL_H = 0xA4A // 2634 + SYS_CTANH = 0xA4B // 2635 + SYS___CTANH_B = 0xA4C // 2636 + SYS___CTANH_H = 0xA4D // 2637 + SYS_CTANHF = 0xA4E // 2638 + SYS___CTANHF_B = 0xA4F // 2639 + SYS___CTANHF_H = 0xA50 // 2640 + SYS_CTANHL = 0xA51 // 2641 + SYS___CTANHL_B = 0xA52 // 2642 + SYS___CTANHL_H = 0xA53 // 2643 + SYS___ACOSHF_H = 0xA54 // 2644 + SYS___ACOSHL_H = 0xA55 // 2645 + SYS___ASINHF_H = 0xA56 // 2646 + SYS___ASINHL_H = 0xA57 // 2647 + SYS___CBRTF_H = 0xA58 // 2648 + SYS___CBRTL_H = 0xA59 // 2649 + SYS___COPYSIGN_B = 0xA5A // 2650 + SYS___EXPM1F_H = 0xA5B // 2651 + SYS___EXPM1L_H = 0xA5C // 2652 + SYS___EXP2_H = 0xA5D // 2653 + SYS___EXP2F_H = 0xA5E // 2654 + SYS___EXP2L_H = 0xA5F // 2655 + SYS___LOG1PF_H = 0xA60 // 2656 + SYS___LOG1PL_H = 0xA61 // 2657 + SYS___LGAMMAL_H = 0xA62 // 2658 + SYS_FMA = 0xA63 // 2659 + SYS___FMA_B = 0xA64 // 2660 + SYS___FMA_H = 0xA65 // 2661 + SYS_FMAF = 0xA66 // 2662 + SYS___FMAF_B = 0xA67 // 2663 + SYS___FMAF_H = 0xA68 // 2664 + SYS_FMAL = 0xA69 // 2665 + SYS___FMAL_B = 0xA6A // 2666 + SYS___FMAL_H = 0xA6B // 2667 + SYS_FMAX = 0xA6C // 2668 + SYS___FMAX_B = 0xA6D // 2669 + SYS___FMAX_H = 0xA6E // 2670 + SYS_FMAXF = 0xA6F // 2671 + SYS___FMAXF_B = 0xA70 // 2672 + SYS___FMAXF_H = 0xA71 // 2673 + SYS_FMAXL = 0xA72 // 2674 + SYS___FMAXL_B = 0xA73 // 2675 + SYS___FMAXL_H = 0xA74 // 2676 + SYS_FMIN = 0xA75 // 2677 + SYS___FMIN_B = 0xA76 // 2678 + SYS___FMIN_H = 0xA77 // 2679 + SYS_FMINF = 0xA78 // 2680 + SYS___FMINF_B = 0xA79 // 2681 + SYS___FMINF_H = 0xA7A // 2682 + SYS_FMINL = 0xA7B // 2683 + SYS___FMINL_B = 0xA7C // 2684 + SYS___FMINL_H = 0xA7D // 2685 + SYS_ILOGBF = 0xA7E // 2686 + SYS___ILOGBF_B = 0xA7F // 2687 + SYS___ILOGBF_H = 0xA80 // 2688 + SYS_ILOGBL = 0xA81 // 2689 + SYS___ILOGBL_B = 0xA82 // 2690 + SYS___ILOGBL_H = 0xA83 // 2691 + SYS_LLRINT = 0xA84 // 2692 + SYS___LLRINT_B = 0xA85 // 2693 + SYS___LLRINT_H = 0xA86 // 2694 + SYS_LLRINTF = 0xA87 // 2695 + SYS___LLRINTF_B = 0xA88 // 2696 + SYS___LLRINTF_H = 0xA89 // 2697 + SYS_LLRINTL = 0xA8A // 2698 + SYS___LLRINTL_B = 0xA8B // 2699 + SYS___LLRINTL_H = 0xA8C // 2700 + SYS_LLROUND = 0xA8D // 2701 + SYS___LLROUND_B = 0xA8E // 2702 + SYS___LLROUND_H = 0xA8F // 2703 + SYS_LLROUNDF = 0xA90 // 2704 + SYS___LLROUNDF_B = 0xA91 // 2705 + SYS___LLROUNDF_H = 0xA92 // 2706 + SYS_LLROUNDL = 0xA93 // 2707 + SYS___LLROUNDL_B = 0xA94 // 2708 + SYS___LLROUNDL_H = 0xA95 // 2709 + SYS_LOGBF = 0xA96 // 2710 + SYS___LOGBF_B = 0xA97 // 2711 + SYS___LOGBF_H = 0xA98 // 2712 + SYS_LOGBL = 0xA99 // 2713 + SYS___LOGBL_B = 0xA9A // 2714 + SYS___LOGBL_H = 0xA9B // 2715 + SYS_LRINT = 0xA9C // 2716 + SYS___LRINT_B = 0xA9D // 2717 + SYS___LRINT_H = 0xA9E // 2718 + SYS_LRINTF = 0xA9F // 2719 + SYS___LRINTF_B = 0xAA0 // 2720 + SYS___LRINTF_H = 0xAA1 // 2721 + SYS_LRINTL = 0xAA2 // 2722 + SYS___LRINTL_B = 0xAA3 // 2723 + SYS___LRINTL_H = 0xAA4 // 2724 + SYS_LROUNDL = 0xAA5 // 2725 + SYS___LROUNDL_B = 0xAA6 // 2726 + SYS___LROUNDL_H = 0xAA7 // 2727 + SYS_NAN = 0xAA8 // 2728 + SYS___NAN_B = 0xAA9 // 2729 + SYS_NANF = 0xAAA // 2730 + SYS___NANF_B = 0xAAB // 2731 + SYS_NANL = 0xAAC // 2732 + SYS___NANL_B = 0xAAD // 2733 + SYS_NEARBYINT = 0xAAE // 2734 + SYS___NEARBYINT_B = 0xAAF // 2735 + SYS___NEARBYINT_H = 0xAB0 // 2736 + SYS_NEARBYINTF = 0xAB1 // 2737 + SYS___NEARBYINTF_B = 0xAB2 // 2738 + SYS___NEARBYINTF_H = 0xAB3 // 2739 + SYS_NEARBYINTL = 0xAB4 // 2740 + SYS___NEARBYINTL_B = 0xAB5 // 2741 + SYS___NEARBYINTL_H = 0xAB6 // 2742 + SYS_NEXTAFTERF = 0xAB7 // 2743 + SYS___NEXTAFTERF_B = 0xAB8 // 2744 + SYS___NEXTAFTERF_H = 0xAB9 // 2745 + SYS_NEXTAFTERL = 0xABA // 2746 + SYS___NEXTAFTERL_B = 0xABB // 2747 + SYS___NEXTAFTERL_H = 0xABC // 2748 + SYS_NEXTTOWARD = 0xABD // 2749 + SYS___NEXTTOWARD_B = 0xABE // 2750 + SYS___NEXTTOWARD_H = 0xABF // 2751 + SYS_NEXTTOWARDF = 0xAC0 // 2752 + SYS___NEXTTOWARDF_B = 0xAC1 // 2753 + SYS___NEXTTOWARDF_H = 0xAC2 // 2754 + SYS_NEXTTOWARDL = 0xAC3 // 2755 + SYS___NEXTTOWARDL_B = 0xAC4 // 2756 + SYS___NEXTTOWARDL_H = 0xAC5 // 2757 + SYS___REMAINDERF_H = 0xAC6 // 2758 + SYS___REMAINDERL_H = 0xAC7 // 2759 + SYS___REMQUO_H = 0xAC8 // 2760 + SYS___REMQUOF_H = 0xAC9 // 2761 + SYS___REMQUOL_H = 0xACA // 2762 + SYS_RINTF = 0xACB // 2763 + SYS___RINTF_B = 0xACC // 2764 + SYS_RINTL = 0xACD // 2765 + SYS___RINTL_B = 0xACE // 2766 + SYS_ROUND = 0xACF // 2767 + SYS___ROUND_B = 0xAD0 // 2768 + SYS___ROUND_H = 0xAD1 // 2769 + SYS_ROUNDF = 0xAD2 // 2770 + SYS___ROUNDF_B = 0xAD3 // 2771 + SYS___ROUNDF_H = 0xAD4 // 2772 + SYS_ROUNDL = 0xAD5 // 2773 + SYS___ROUNDL_B = 0xAD6 // 2774 + SYS___ROUNDL_H = 0xAD7 // 2775 + SYS_SCALBLN = 0xAD8 // 2776 + SYS___SCALBLN_B = 0xAD9 // 2777 + SYS___SCALBLN_H = 0xADA // 2778 + SYS_SCALBLNF = 0xADB // 2779 + SYS___SCALBLNF_B = 0xADC // 2780 + SYS___SCALBLNF_H = 0xADD // 2781 + SYS_SCALBLNL = 0xADE // 2782 + SYS___SCALBLNL_B = 0xADF // 2783 + SYS___SCALBLNL_H = 0xAE0 // 2784 + SYS___SCALBN_B = 0xAE1 // 2785 + SYS___SCALBN_H = 0xAE2 // 2786 + SYS_SCALBNF = 0xAE3 // 2787 + SYS___SCALBNF_B = 0xAE4 // 2788 + SYS___SCALBNF_H = 0xAE5 // 2789 + SYS_SCALBNL = 0xAE6 // 2790 + SYS___SCALBNL_B = 0xAE7 // 2791 + SYS___SCALBNL_H = 0xAE8 // 2792 + SYS___TGAMMAL_H = 0xAE9 // 2793 + SYS_FECLEAREXCEPT = 0xAEA // 2794 + SYS_FEGETENV = 0xAEB // 2795 + SYS_FEGETEXCEPTFLAG = 0xAEC // 2796 + SYS_FEGETROUND = 0xAED // 2797 + SYS_FEHOLDEXCEPT = 0xAEE // 2798 + SYS_FERAISEEXCEPT = 0xAEF // 2799 + SYS_FESETENV = 0xAF0 // 2800 + SYS_FESETEXCEPTFLAG = 0xAF1 // 2801 + SYS_FESETROUND = 0xAF2 // 2802 + SYS_FETESTEXCEPT = 0xAF3 // 2803 + SYS_FEUPDATEENV = 0xAF4 // 2804 + SYS___COPYSIGN_H = 0xAF5 // 2805 + SYS___HYPOTF_H = 0xAF6 // 2806 + SYS___HYPOTL_H = 0xAF7 // 2807 + SYS___CLASS = 0xAFA // 2810 + SYS___CLASS_B = 0xAFB // 2811 + SYS___CLASS_H = 0xAFC // 2812 + SYS___ISBLANK_A = 0xB2E // 2862 + SYS___ISWBLANK_A = 0xB2F // 2863 + SYS___LROUND_FIXUP = 0xB30 // 2864 + SYS___LROUNDF_FIXUP = 0xB31 // 2865 + SYS_SCHED_YIELD = 0xB32 // 2866 + SYS_STRERROR_R = 0xB33 // 2867 + SYS_UNSETENV = 0xB34 // 2868 + SYS___LGAMMA_H_C99 = 0xB38 // 2872 + SYS___LGAMMA_B_C99 = 0xB39 // 2873 + SYS___LGAMMA_R_C99 = 0xB3A // 2874 + SYS___FTELL2 = 0xB3B // 2875 + SYS___FSEEK2 = 0xB3C // 2876 + SYS___STATIC_REINIT = 0xB3D // 2877 + SYS_PTHREAD_ATTR_GETSTACK = 0xB3E // 2878 + SYS_PTHREAD_ATTR_SETSTACK = 0xB3F // 2879 + SYS___TGAMMA_H_C99 = 0xB78 // 2936 + SYS___TGAMMAF_H_C99 = 0xB79 // 2937 + SYS___LE_TRACEBACK = 0xB7A // 2938 + SYS___MUST_STAY_CLEAN = 0xB7C // 2940 + SYS___O_ENV = 0xB7D // 2941 + SYS_ACOSD32 = 0xB7E // 2942 + SYS_ACOSD64 = 0xB7F // 2943 + SYS_ACOSD128 = 0xB80 // 2944 + SYS_ACOSHD32 = 0xB81 // 2945 + SYS_ACOSHD64 = 0xB82 // 2946 + SYS_ACOSHD128 = 0xB83 // 2947 + SYS_ASIND32 = 0xB84 // 2948 + SYS_ASIND64 = 0xB85 // 2949 + SYS_ASIND128 = 0xB86 // 2950 + SYS_ASINHD32 = 0xB87 // 2951 + SYS_ASINHD64 = 0xB88 // 2952 + SYS_ASINHD128 = 0xB89 // 2953 + SYS_ATAND32 = 0xB8A // 2954 + SYS_ATAND64 = 0xB8B // 2955 + SYS_ATAND128 = 0xB8C // 2956 + SYS_ATAN2D32 = 0xB8D // 2957 + SYS_ATAN2D64 = 0xB8E // 2958 + SYS_ATAN2D128 = 0xB8F // 2959 + SYS_ATANHD32 = 0xB90 // 2960 + SYS_ATANHD64 = 0xB91 // 2961 + SYS_ATANHD128 = 0xB92 // 2962 + SYS_CBRTD32 = 0xB93 // 2963 + SYS_CBRTD64 = 0xB94 // 2964 + SYS_CBRTD128 = 0xB95 // 2965 + SYS_CEILD32 = 0xB96 // 2966 + SYS_CEILD64 = 0xB97 // 2967 + SYS_CEILD128 = 0xB98 // 2968 + SYS___CLASS2 = 0xB99 // 2969 + SYS___CLASS2_B = 0xB9A // 2970 + SYS___CLASS2_H = 0xB9B // 2971 + SYS_COPYSIGND32 = 0xB9C // 2972 + SYS_COPYSIGND64 = 0xB9D // 2973 + SYS_COPYSIGND128 = 0xB9E // 2974 + SYS_COSD32 = 0xB9F // 2975 + SYS_COSD64 = 0xBA0 // 2976 + SYS_COSD128 = 0xBA1 // 2977 + SYS_COSHD32 = 0xBA2 // 2978 + SYS_COSHD64 = 0xBA3 // 2979 + SYS_COSHD128 = 0xBA4 // 2980 + SYS_ERFD32 = 0xBA5 // 2981 + SYS_ERFD64 = 0xBA6 // 2982 + SYS_ERFD128 = 0xBA7 // 2983 + SYS_ERFCD32 = 0xBA8 // 2984 + SYS_ERFCD64 = 0xBA9 // 2985 + SYS_ERFCD128 = 0xBAA // 2986 + SYS_EXPD32 = 0xBAB // 2987 + SYS_EXPD64 = 0xBAC // 2988 + SYS_EXPD128 = 0xBAD // 2989 + SYS_EXP2D32 = 0xBAE // 2990 + SYS_EXP2D64 = 0xBAF // 2991 + SYS_EXP2D128 = 0xBB0 // 2992 + SYS_EXPM1D32 = 0xBB1 // 2993 + SYS_EXPM1D64 = 0xBB2 // 2994 + SYS_EXPM1D128 = 0xBB3 // 2995 + SYS_FABSD32 = 0xBB4 // 2996 + SYS_FABSD64 = 0xBB5 // 2997 + SYS_FABSD128 = 0xBB6 // 2998 + SYS_FDIMD32 = 0xBB7 // 2999 + SYS_FDIMD64 = 0xBB8 // 3000 + SYS_FDIMD128 = 0xBB9 // 3001 + SYS_FE_DEC_GETROUND = 0xBBA // 3002 + SYS_FE_DEC_SETROUND = 0xBBB // 3003 + SYS_FLOORD32 = 0xBBC // 3004 + SYS_FLOORD64 = 0xBBD // 3005 + SYS_FLOORD128 = 0xBBE // 3006 + SYS_FMAD32 = 0xBBF // 3007 + SYS_FMAD64 = 0xBC0 // 3008 + SYS_FMAD128 = 0xBC1 // 3009 + SYS_FMAXD32 = 0xBC2 // 3010 + SYS_FMAXD64 = 0xBC3 // 3011 + SYS_FMAXD128 = 0xBC4 // 3012 + SYS_FMIND32 = 0xBC5 // 3013 + SYS_FMIND64 = 0xBC6 // 3014 + SYS_FMIND128 = 0xBC7 // 3015 + SYS_FMODD32 = 0xBC8 // 3016 + SYS_FMODD64 = 0xBC9 // 3017 + SYS_FMODD128 = 0xBCA // 3018 + SYS___FP_CAST_D = 0xBCB // 3019 + SYS_FREXPD32 = 0xBCC // 3020 + SYS_FREXPD64 = 0xBCD // 3021 + SYS_FREXPD128 = 0xBCE // 3022 + SYS_HYPOTD32 = 0xBCF // 3023 + SYS_HYPOTD64 = 0xBD0 // 3024 + SYS_HYPOTD128 = 0xBD1 // 3025 + SYS_ILOGBD32 = 0xBD2 // 3026 + SYS_ILOGBD64 = 0xBD3 // 3027 + SYS_ILOGBD128 = 0xBD4 // 3028 + SYS_LDEXPD32 = 0xBD5 // 3029 + SYS_LDEXPD64 = 0xBD6 // 3030 + SYS_LDEXPD128 = 0xBD7 // 3031 + SYS_LGAMMAD32 = 0xBD8 // 3032 + SYS_LGAMMAD64 = 0xBD9 // 3033 + SYS_LGAMMAD128 = 0xBDA // 3034 + SYS_LLRINTD32 = 0xBDB // 3035 + SYS_LLRINTD64 = 0xBDC // 3036 + SYS_LLRINTD128 = 0xBDD // 3037 + SYS_LLROUNDD32 = 0xBDE // 3038 + SYS_LLROUNDD64 = 0xBDF // 3039 + SYS_LLROUNDD128 = 0xBE0 // 3040 + SYS_LOGD32 = 0xBE1 // 3041 + SYS_LOGD64 = 0xBE2 // 3042 + SYS_LOGD128 = 0xBE3 // 3043 + SYS_LOG10D32 = 0xBE4 // 3044 + SYS_LOG10D64 = 0xBE5 // 3045 + SYS_LOG10D128 = 0xBE6 // 3046 + SYS_LOG1PD32 = 0xBE7 // 3047 + SYS_LOG1PD64 = 0xBE8 // 3048 + SYS_LOG1PD128 = 0xBE9 // 3049 + SYS_LOG2D32 = 0xBEA // 3050 + SYS_LOG2D64 = 0xBEB // 3051 + SYS_LOG2D128 = 0xBEC // 3052 + SYS_LOGBD32 = 0xBED // 3053 + SYS_LOGBD64 = 0xBEE // 3054 + SYS_LOGBD128 = 0xBEF // 3055 + SYS_LRINTD32 = 0xBF0 // 3056 + SYS_LRINTD64 = 0xBF1 // 3057 + SYS_LRINTD128 = 0xBF2 // 3058 + SYS_LROUNDD32 = 0xBF3 // 3059 + SYS_LROUNDD64 = 0xBF4 // 3060 + SYS_LROUNDD128 = 0xBF5 // 3061 + SYS_MODFD32 = 0xBF6 // 3062 + SYS_MODFD64 = 0xBF7 // 3063 + SYS_MODFD128 = 0xBF8 // 3064 + SYS_NAND32 = 0xBF9 // 3065 + SYS_NAND64 = 0xBFA // 3066 + SYS_NAND128 = 0xBFB // 3067 + SYS_NEARBYINTD32 = 0xBFC // 3068 + SYS_NEARBYINTD64 = 0xBFD // 3069 + SYS_NEARBYINTD128 = 0xBFE // 3070 + SYS_NEXTAFTERD32 = 0xBFF // 3071 + SYS_NEXTAFTERD64 = 0xC00 // 3072 + SYS_NEXTAFTERD128 = 0xC01 // 3073 + SYS_NEXTTOWARDD32 = 0xC02 // 3074 + SYS_NEXTTOWARDD64 = 0xC03 // 3075 + SYS_NEXTTOWARDD128 = 0xC04 // 3076 + SYS_POWD32 = 0xC05 // 3077 + SYS_POWD64 = 0xC06 // 3078 + SYS_POWD128 = 0xC07 // 3079 + SYS_QUANTIZED32 = 0xC08 // 3080 + SYS_QUANTIZED64 = 0xC09 // 3081 + SYS_QUANTIZED128 = 0xC0A // 3082 + SYS_REMAINDERD32 = 0xC0B // 3083 + SYS_REMAINDERD64 = 0xC0C // 3084 + SYS_REMAINDERD128 = 0xC0D // 3085 + SYS___REMQUOD32 = 0xC0E // 3086 + SYS___REMQUOD64 = 0xC0F // 3087 + SYS___REMQUOD128 = 0xC10 // 3088 + SYS_RINTD32 = 0xC11 // 3089 + SYS_RINTD64 = 0xC12 // 3090 + SYS_RINTD128 = 0xC13 // 3091 + SYS_ROUNDD32 = 0xC14 // 3092 + SYS_ROUNDD64 = 0xC15 // 3093 + SYS_ROUNDD128 = 0xC16 // 3094 + SYS_SAMEQUANTUMD32 = 0xC17 // 3095 + SYS_SAMEQUANTUMD64 = 0xC18 // 3096 + SYS_SAMEQUANTUMD128 = 0xC19 // 3097 + SYS_SCALBLND32 = 0xC1A // 3098 + SYS_SCALBLND64 = 0xC1B // 3099 + SYS_SCALBLND128 = 0xC1C // 3100 + SYS_SCALBND32 = 0xC1D // 3101 + SYS_SCALBND64 = 0xC1E // 3102 + SYS_SCALBND128 = 0xC1F // 3103 + SYS_SIND32 = 0xC20 // 3104 + SYS_SIND64 = 0xC21 // 3105 + SYS_SIND128 = 0xC22 // 3106 + SYS_SINHD32 = 0xC23 // 3107 + SYS_SINHD64 = 0xC24 // 3108 + SYS_SINHD128 = 0xC25 // 3109 + SYS_SQRTD32 = 0xC26 // 3110 + SYS_SQRTD64 = 0xC27 // 3111 + SYS_SQRTD128 = 0xC28 // 3112 + SYS_STRTOD32 = 0xC29 // 3113 + SYS_STRTOD64 = 0xC2A // 3114 + SYS_STRTOD128 = 0xC2B // 3115 + SYS_TAND32 = 0xC2C // 3116 + SYS_TAND64 = 0xC2D // 3117 + SYS_TAND128 = 0xC2E // 3118 + SYS_TANHD32 = 0xC2F // 3119 + SYS_TANHD64 = 0xC30 // 3120 + SYS_TANHD128 = 0xC31 // 3121 + SYS_TGAMMAD32 = 0xC32 // 3122 + SYS_TGAMMAD64 = 0xC33 // 3123 + SYS_TGAMMAD128 = 0xC34 // 3124 + SYS_TRUNCD32 = 0xC3E // 3134 + SYS_TRUNCD64 = 0xC3F // 3135 + SYS_TRUNCD128 = 0xC40 // 3136 + SYS_WCSTOD32 = 0xC41 // 3137 + SYS_WCSTOD64 = 0xC42 // 3138 + SYS_WCSTOD128 = 0xC43 // 3139 + SYS___CODEPAGE_INFO = 0xC64 // 3172 + SYS_POSIX_OPENPT = 0xC66 // 3174 + SYS_PSELECT = 0xC67 // 3175 + SYS_SOCKATMARK = 0xC68 // 3176 + SYS_AIO_FSYNC = 0xC69 // 3177 + SYS_LIO_LISTIO = 0xC6A // 3178 + SYS___ATANPID32 = 0xC6B // 3179 + SYS___ATANPID64 = 0xC6C // 3180 + SYS___ATANPID128 = 0xC6D // 3181 + SYS___COSPID32 = 0xC6E // 3182 + SYS___COSPID64 = 0xC6F // 3183 + SYS___COSPID128 = 0xC70 // 3184 + SYS___SINPID32 = 0xC71 // 3185 + SYS___SINPID64 = 0xC72 // 3186 + SYS___SINPID128 = 0xC73 // 3187 + SYS_SETIPV4SOURCEFILTER = 0xC76 // 3190 + SYS_GETIPV4SOURCEFILTER = 0xC77 // 3191 + SYS_SETSOURCEFILTER = 0xC78 // 3192 + SYS_GETSOURCEFILTER = 0xC79 // 3193 + SYS_FWRITE_UNLOCKED = 0xC7A // 3194 + SYS_FREAD_UNLOCKED = 0xC7B // 3195 + SYS_FGETS_UNLOCKED = 0xC7C // 3196 + SYS_GETS_UNLOCKED = 0xC7D // 3197 + SYS_FPUTS_UNLOCKED = 0xC7E // 3198 + SYS_PUTS_UNLOCKED = 0xC7F // 3199 + SYS_FGETC_UNLOCKED = 0xC80 // 3200 + SYS_FPUTC_UNLOCKED = 0xC81 // 3201 + SYS_DLADDR = 0xC82 // 3202 + SYS_SHM_OPEN = 0xC8C // 3212 + SYS_SHM_UNLINK = 0xC8D // 3213 + SYS___CLASS2F = 0xC91 // 3217 + SYS___CLASS2L = 0xC92 // 3218 + SYS___CLASS2F_B = 0xC93 // 3219 + SYS___CLASS2F_H = 0xC94 // 3220 + SYS___CLASS2L_B = 0xC95 // 3221 + SYS___CLASS2L_H = 0xC96 // 3222 + SYS___CLASS2D32 = 0xC97 // 3223 + SYS___CLASS2D64 = 0xC98 // 3224 + SYS___CLASS2D128 = 0xC99 // 3225 + SYS___TOCSNAME2 = 0xC9A // 3226 + SYS___D1TOP = 0xC9B // 3227 + SYS___D2TOP = 0xC9C // 3228 + SYS___D4TOP = 0xC9D // 3229 + SYS___PTOD1 = 0xC9E // 3230 + SYS___PTOD2 = 0xC9F // 3231 + SYS___PTOD4 = 0xCA0 // 3232 + SYS_CLEARERR_UNLOCKED = 0xCA1 // 3233 + SYS_FDELREC_UNLOCKED = 0xCA2 // 3234 + SYS_FEOF_UNLOCKED = 0xCA3 // 3235 + SYS_FERROR_UNLOCKED = 0xCA4 // 3236 + SYS_FFLUSH_UNLOCKED = 0xCA5 // 3237 + SYS_FGETPOS_UNLOCKED = 0xCA6 // 3238 + SYS_FGETWC_UNLOCKED = 0xCA7 // 3239 + SYS_FGETWS_UNLOCKED = 0xCA8 // 3240 + SYS_FILENO_UNLOCKED = 0xCA9 // 3241 + SYS_FLDATA_UNLOCKED = 0xCAA // 3242 + SYS_FLOCATE_UNLOCKED = 0xCAB // 3243 + SYS_FPRINTF_UNLOCKED = 0xCAC // 3244 + SYS_FPUTWC_UNLOCKED = 0xCAD // 3245 + SYS_FPUTWS_UNLOCKED = 0xCAE // 3246 + SYS_FSCANF_UNLOCKED = 0xCAF // 3247 + SYS_FSEEK_UNLOCKED = 0xCB0 // 3248 + SYS_FSEEKO_UNLOCKED = 0xCB1 // 3249 + SYS_FSETPOS_UNLOCKED = 0xCB3 // 3251 + SYS_FTELL_UNLOCKED = 0xCB4 // 3252 + SYS_FTELLO_UNLOCKED = 0xCB5 // 3253 + SYS_FUPDATE_UNLOCKED = 0xCB7 // 3255 + SYS_FWIDE_UNLOCKED = 0xCB8 // 3256 + SYS_FWPRINTF_UNLOCKED = 0xCB9 // 3257 + SYS_FWSCANF_UNLOCKED = 0xCBA // 3258 + SYS_GETWC_UNLOCKED = 0xCBB // 3259 + SYS_GETWCHAR_UNLOCKED = 0xCBC // 3260 + SYS_PERROR_UNLOCKED = 0xCBD // 3261 + SYS_PRINTF_UNLOCKED = 0xCBE // 3262 + SYS_PUTWC_UNLOCKED = 0xCBF // 3263 + SYS_PUTWCHAR_UNLOCKED = 0xCC0 // 3264 + SYS_REWIND_UNLOCKED = 0xCC1 // 3265 + SYS_SCANF_UNLOCKED = 0xCC2 // 3266 + SYS_UNGETC_UNLOCKED = 0xCC3 // 3267 + SYS_UNGETWC_UNLOCKED = 0xCC4 // 3268 + SYS_VFPRINTF_UNLOCKED = 0xCC5 // 3269 + SYS_VFSCANF_UNLOCKED = 0xCC7 // 3271 + SYS_VFWPRINTF_UNLOCKED = 0xCC9 // 3273 + SYS_VFWSCANF_UNLOCKED = 0xCCB // 3275 + SYS_VPRINTF_UNLOCKED = 0xCCD // 3277 + SYS_VSCANF_UNLOCKED = 0xCCF // 3279 + SYS_VWPRINTF_UNLOCKED = 0xCD1 // 3281 + SYS_VWSCANF_UNLOCKED = 0xCD3 // 3283 + SYS_WPRINTF_UNLOCKED = 0xCD5 // 3285 + SYS_WSCANF_UNLOCKED = 0xCD6 // 3286 + SYS_ASCTIME64 = 0xCD7 // 3287 + SYS_ASCTIME64_R = 0xCD8 // 3288 + SYS_CTIME64 = 0xCD9 // 3289 + SYS_CTIME64_R = 0xCDA // 3290 + SYS_DIFFTIME64 = 0xCDB // 3291 + SYS_GMTIME64 = 0xCDC // 3292 + SYS_GMTIME64_R = 0xCDD // 3293 + SYS_LOCALTIME64 = 0xCDE // 3294 + SYS_LOCALTIME64_R = 0xCDF // 3295 + SYS_MKTIME64 = 0xCE0 // 3296 + SYS_TIME64 = 0xCE1 // 3297 + SYS___LOGIN_APPLID = 0xCE2 // 3298 + SYS___PASSWD_APPLID = 0xCE3 // 3299 + SYS_PTHREAD_SECURITY_APPLID_NP = 0xCE4 // 3300 + SYS___GETTHENT = 0xCE5 // 3301 + SYS_FREEIFADDRS = 0xCE6 // 3302 + SYS_GETIFADDRS = 0xCE7 // 3303 + SYS_POSIX_FALLOCATE = 0xCE8 // 3304 + SYS_POSIX_MEMALIGN = 0xCE9 // 3305 + SYS_SIZEOF_ALLOC = 0xCEA // 3306 + SYS_RESIZE_ALLOC = 0xCEB // 3307 + SYS_FREAD_NOUPDATE = 0xCEC // 3308 + SYS_FREAD_NOUPDATE_UNLOCKED = 0xCED // 3309 + SYS_FGETPOS64 = 0xCEE // 3310 + SYS_FSEEK64 = 0xCEF // 3311 + SYS_FSEEKO64 = 0xCF0 // 3312 + SYS_FSETPOS64 = 0xCF1 // 3313 + SYS_FTELL64 = 0xCF2 // 3314 + SYS_FTELLO64 = 0xCF3 // 3315 + SYS_FGETPOS64_UNLOCKED = 0xCF4 // 3316 + SYS_FSEEK64_UNLOCKED = 0xCF5 // 3317 + SYS_FSEEKO64_UNLOCKED = 0xCF6 // 3318 + SYS_FSETPOS64_UNLOCKED = 0xCF7 // 3319 + SYS_FTELL64_UNLOCKED = 0xCF8 // 3320 + SYS_FTELLO64_UNLOCKED = 0xCF9 // 3321 + SYS_FOPEN_UNLOCKED = 0xCFA // 3322 + SYS_FREOPEN_UNLOCKED = 0xCFB // 3323 + SYS_FDOPEN_UNLOCKED = 0xCFC // 3324 + SYS_TMPFILE_UNLOCKED = 0xCFD // 3325 + SYS___MOSERVICES = 0xD3D // 3389 + SYS___GETTOD = 0xD3E // 3390 + SYS_C16RTOMB = 0xD40 // 3392 + SYS_C32RTOMB = 0xD41 // 3393 + SYS_MBRTOC16 = 0xD42 // 3394 + SYS_MBRTOC32 = 0xD43 // 3395 + SYS_QUANTEXPD32 = 0xD44 // 3396 + SYS_QUANTEXPD64 = 0xD45 // 3397 + SYS_QUANTEXPD128 = 0xD46 // 3398 + SYS___LOCALE_CTL = 0xD47 // 3399 + SYS___SMF_RECORD2 = 0xD48 // 3400 + SYS_FOPEN64 = 0xD49 // 3401 + SYS_FOPEN64_UNLOCKED = 0xD4A // 3402 + SYS_FREOPEN64 = 0xD4B // 3403 + SYS_FREOPEN64_UNLOCKED = 0xD4C // 3404 + SYS_TMPFILE64 = 0xD4D // 3405 + SYS_TMPFILE64_UNLOCKED = 0xD4E // 3406 + SYS_GETDATE64 = 0xD4F // 3407 + SYS_GETTIMEOFDAY64 = 0xD50 // 3408 + SYS_BIND2ADDRSEL = 0xD59 // 3417 + SYS_INET6_IS_SRCADDR = 0xD5A // 3418 + SYS___GETGRGID1 = 0xD5B // 3419 + SYS___GETGRNAM1 = 0xD5C // 3420 + SYS___FBUFSIZE = 0xD60 // 3424 + SYS___FPENDING = 0xD61 // 3425 + SYS___FLBF = 0xD62 // 3426 + SYS___FREADABLE = 0xD63 // 3427 + SYS___FWRITABLE = 0xD64 // 3428 + SYS___FREADING = 0xD65 // 3429 + SYS___FWRITING = 0xD66 // 3430 + SYS___FSETLOCKING = 0xD67 // 3431 + SYS__FLUSHLBF = 0xD68 // 3432 + SYS___FPURGE = 0xD69 // 3433 + SYS___FREADAHEAD = 0xD6A // 3434 + SYS___FSETERR = 0xD6B // 3435 + SYS___FPENDING_UNLOCKED = 0xD6C // 3436 + SYS___FREADING_UNLOCKED = 0xD6D // 3437 + SYS___FWRITING_UNLOCKED = 0xD6E // 3438 + SYS__FLUSHLBF_UNLOCKED = 0xD6F // 3439 + SYS___FPURGE_UNLOCKED = 0xD70 // 3440 + SYS___FREADAHEAD_UNLOCKED = 0xD71 // 3441 + SYS___LE_CEEGTJS = 0xD72 // 3442 + SYS___LE_RECORD_DUMP = 0xD73 // 3443 + SYS_FSTAT64 = 0xD74 // 3444 + SYS_LSTAT64 = 0xD75 // 3445 + SYS_STAT64 = 0xD76 // 3446 + SYS___READDIR2_64 = 0xD77 // 3447 + SYS___OPEN_STAT64 = 0xD78 // 3448 + SYS_FTW64 = 0xD79 // 3449 + SYS_NFTW64 = 0xD7A // 3450 + SYS_UTIME64 = 0xD7B // 3451 + SYS_UTIMES64 = 0xD7C // 3452 + SYS___GETIPC64 = 0xD7D // 3453 + SYS_MSGCTL64 = 0xD7E // 3454 + SYS_SEMCTL64 = 0xD7F // 3455 + SYS_SHMCTL64 = 0xD80 // 3456 + SYS_MSGXRCV64 = 0xD81 // 3457 + SYS___MGXR64 = 0xD81 // 3457 + SYS_W_GETPSENT64 = 0xD82 // 3458 + SYS_PTHREAD_COND_TIMEDWAIT64 = 0xD83 // 3459 + SYS_FTIME64 = 0xD85 // 3461 + SYS_GETUTXENT64 = 0xD86 // 3462 + SYS_GETUTXID64 = 0xD87 // 3463 + SYS_GETUTXLINE64 = 0xD88 // 3464 + SYS_PUTUTXLINE64 = 0xD89 // 3465 + SYS_NEWLOCALE = 0xD8A // 3466 + SYS_FREELOCALE = 0xD8B // 3467 + SYS_USELOCALE = 0xD8C // 3468 + SYS_DUPLOCALE = 0xD8D // 3469 + SYS___CHATTR64 = 0xD9C // 3484 + SYS___LCHATTR64 = 0xD9D // 3485 + SYS___FCHATTR64 = 0xD9E // 3486 + SYS_____CHATTR64_A = 0xD9F // 3487 + SYS_____LCHATTR64_A = 0xDA0 // 3488 + SYS___LE_CEEUSGD = 0xDA1 // 3489 + SYS___LE_IFAM_CON = 0xDA2 // 3490 + SYS___LE_IFAM_DSC = 0xDA3 // 3491 + SYS___LE_IFAM_GET = 0xDA4 // 3492 + SYS___LE_IFAM_QRY = 0xDA5 // 3493 + SYS_ALIGNED_ALLOC = 0xDA6 // 3494 + SYS_ACCEPT4 = 0xDA7 // 3495 + SYS___ACCEPT4_A = 0xDA8 // 3496 + SYS_COPYFILERANGE = 0xDA9 // 3497 + SYS_GETLINE = 0xDAA // 3498 + SYS___GETLINE_A = 0xDAB // 3499 + SYS_DIRFD = 0xDAC // 3500 + SYS_CLOCK_GETTIME = 0xDAD // 3501 + SYS_DUP3 = 0xDAE // 3502 + SYS_EPOLL_CREATE = 0xDAF // 3503 + SYS_EPOLL_CREATE1 = 0xDB0 // 3504 + SYS_EPOLL_CTL = 0xDB1 // 3505 + SYS_EPOLL_WAIT = 0xDB2 // 3506 + SYS_EPOLL_PWAIT = 0xDB3 // 3507 + SYS_EVENTFD = 0xDB4 // 3508 + SYS_STATFS = 0xDB5 // 3509 + SYS___STATFS_A = 0xDB6 // 3510 + SYS_FSTATFS = 0xDB7 // 3511 + SYS_INOTIFY_INIT = 0xDB8 // 3512 + SYS_INOTIFY_INIT1 = 0xDB9 // 3513 + SYS_INOTIFY_ADD_WATCH = 0xDBA // 3514 + SYS___INOTIFY_ADD_WATCH_A = 0xDBB // 3515 + SYS_INOTIFY_RM_WATCH = 0xDBC // 3516 + SYS_PIPE2 = 0xDBD // 3517 + SYS_PIVOT_ROOT = 0xDBE // 3518 + SYS___PIVOT_ROOT_A = 0xDBF // 3519 + SYS_PRCTL = 0xDC0 // 3520 + SYS_PRLIMIT = 0xDC1 // 3521 + SYS_SETHOSTNAME = 0xDC2 // 3522 + SYS___SETHOSTNAME_A = 0xDC3 // 3523 + SYS_SETRESUID = 0xDC4 // 3524 + SYS_SETRESGID = 0xDC5 // 3525 + SYS_PTHREAD_CONDATTR_GETCLOCK = 0xDC6 // 3526 + SYS_FLOCK = 0xDC7 // 3527 + SYS_FGETXATTR = 0xDC8 // 3528 + SYS___FGETXATTR_A = 0xDC9 // 3529 + SYS_FLISTXATTR = 0xDCA // 3530 + SYS___FLISTXATTR_A = 0xDCB // 3531 + SYS_FREMOVEXATTR = 0xDCC // 3532 + SYS___FREMOVEXATTR_A = 0xDCD // 3533 + SYS_FSETXATTR = 0xDCE // 3534 + SYS___FSETXATTR_A = 0xDCF // 3535 + SYS_GETXATTR = 0xDD0 // 3536 + SYS___GETXATTR_A = 0xDD1 // 3537 + SYS_LGETXATTR = 0xDD2 // 3538 + SYS___LGETXATTR_A = 0xDD3 // 3539 + SYS_LISTXATTR = 0xDD4 // 3540 + SYS___LISTXATTR_A = 0xDD5 // 3541 + SYS_LLISTXATTR = 0xDD6 // 3542 + SYS___LLISTXATTR_A = 0xDD7 // 3543 + SYS_LREMOVEXATTR = 0xDD8 // 3544 + SYS___LREMOVEXATTR_A = 0xDD9 // 3545 + SYS_LSETXATTR = 0xDDA // 3546 + SYS___LSETXATTR_A = 0xDDB // 3547 + SYS_REMOVEXATTR = 0xDDC // 3548 + SYS___REMOVEXATTR_A = 0xDDD // 3549 + SYS_SETXATTR = 0xDDE // 3550 + SYS___SETXATTR_A = 0xDDF // 3551 + SYS_FDATASYNC = 0xDE0 // 3552 + SYS_SYNCFS = 0xDE1 // 3553 + SYS_FUTIMES = 0xDE2 // 3554 + SYS_FUTIMESAT = 0xDE3 // 3555 + SYS___FUTIMESAT_A = 0xDE4 // 3556 + SYS_LUTIMES = 0xDE5 // 3557 + SYS___LUTIMES_A = 0xDE6 // 3558 + SYS_INET_ATON = 0xDE7 // 3559 + SYS_GETRANDOM = 0xDE8 // 3560 + SYS_GETTID = 0xDE9 // 3561 + SYS_MEMFD_CREATE = 0xDEA // 3562 + SYS___MEMFD_CREATE_A = 0xDEB // 3563 + SYS_FACCESSAT = 0xDEC // 3564 + SYS___FACCESSAT_A = 0xDED // 3565 + SYS_FCHMODAT = 0xDEE // 3566 + SYS___FCHMODAT_A = 0xDEF // 3567 + SYS_FCHOWNAT = 0xDF0 // 3568 + SYS___FCHOWNAT_A = 0xDF1 // 3569 + SYS_FSTATAT = 0xDF2 // 3570 + SYS___FSTATAT_A = 0xDF3 // 3571 + SYS_LINKAT = 0xDF4 // 3572 + SYS___LINKAT_A = 0xDF5 // 3573 + SYS_MKDIRAT = 0xDF6 // 3574 + SYS___MKDIRAT_A = 0xDF7 // 3575 + SYS_MKFIFOAT = 0xDF8 // 3576 + SYS___MKFIFOAT_A = 0xDF9 // 3577 + SYS_MKNODAT = 0xDFA // 3578 + SYS___MKNODAT_A = 0xDFB // 3579 + SYS_OPENAT = 0xDFC // 3580 + SYS___OPENAT_A = 0xDFD // 3581 + SYS_READLINKAT = 0xDFE // 3582 + SYS___READLINKAT_A = 0xDFF // 3583 + SYS_RENAMEAT = 0xE00 // 3584 + SYS___RENAMEAT_A = 0xE01 // 3585 + SYS_RENAMEAT2 = 0xE02 // 3586 + SYS___RENAMEAT2_A = 0xE03 // 3587 + SYS_SYMLINKAT = 0xE04 // 3588 + SYS___SYMLINKAT_A = 0xE05 // 3589 + SYS_UNLINKAT = 0xE06 // 3590 + SYS___UNLINKAT_A = 0xE07 // 3591 + SYS_SYSINFO = 0xE08 // 3592 + SYS_WAIT4 = 0xE0A // 3594 + SYS_CLONE = 0xE0B // 3595 + SYS_UNSHARE = 0xE0C // 3596 + SYS_SETNS = 0xE0D // 3597 + SYS_CAPGET = 0xE0E // 3598 + SYS_CAPSET = 0xE0F // 3599 + SYS_STRCHRNUL = 0xE10 // 3600 + SYS_PTHREAD_CONDATTR_SETCLOCK = 0xE12 // 3602 + SYS_OPEN_BY_HANDLE_AT = 0xE13 // 3603 + SYS___OPEN_BY_HANDLE_AT_A = 0xE14 // 3604 + SYS___INET_ATON_A = 0xE15 // 3605 + SYS_MOUNT1 = 0xE16 // 3606 + SYS___MOUNT1_A = 0xE17 // 3607 + SYS_UMOUNT1 = 0xE18 // 3608 + SYS___UMOUNT1_A = 0xE19 // 3609 + SYS_UMOUNT2 = 0xE1A // 3610 + SYS___UMOUNT2_A = 0xE1B // 3611 + SYS___PRCTL_A = 0xE1C // 3612 + SYS_LOCALTIME_R2 = 0xE1D // 3613 + SYS___LOCALTIME_R2_A = 0xE1E // 3614 + SYS_OPENAT2 = 0xE1F // 3615 + SYS___OPENAT2_A = 0xE20 // 3616 + SYS___LE_CEEMICT = 0xE21 // 3617 + SYS_GETENTROPY = 0xE22 // 3618 + SYS_NANOSLEEP = 0xE23 // 3619 + SYS_UTIMENSAT = 0xE24 // 3620 + SYS___UTIMENSAT_A = 0xE25 // 3621 + SYS_ASPRINTF = 0xE26 // 3622 + SYS___ASPRINTF_A = 0xE27 // 3623 + SYS_VASPRINTF = 0xE28 // 3624 + SYS___VASPRINTF_A = 0xE29 // 3625 + SYS_DPRINTF = 0xE2A // 3626 + SYS___DPRINTF_A = 0xE2B // 3627 + SYS_GETOPT_LONG = 0xE2C // 3628 + SYS___GETOPT_LONG_A = 0xE2D // 3629 + SYS_PSIGNAL = 0xE2E // 3630 + SYS___PSIGNAL_A = 0xE2F // 3631 + SYS_PSIGNAL_UNLOCKED = 0xE30 // 3632 + SYS___PSIGNAL_UNLOCKED_A = 0xE31 // 3633 + SYS_FSTATAT_O = 0xE32 // 3634 + SYS___FSTATAT_O_A = 0xE33 // 3635 + SYS_FSTATAT64 = 0xE34 // 3636 + SYS___FSTATAT64_A = 0xE35 // 3637 + SYS___CHATTRAT = 0xE36 // 3638 + SYS_____CHATTRAT_A = 0xE37 // 3639 + SYS___CHATTRAT64 = 0xE38 // 3640 + SYS_____CHATTRAT64_A = 0xE39 // 3641 + SYS_MADVISE = 0xE3A // 3642 + SYS___AUTHENTICATE = 0xE3B // 3643 + ) diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux.go b/vendor/golang.org/x/sys/unix/ztypes_linux.go index eff6bcdef81..4740b834854 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux.go @@ -1178,7 +1178,8 @@ const ( PERF_SAMPLE_BRANCH_TYPE_SAVE_SHIFT = 0x10 PERF_SAMPLE_BRANCH_HW_INDEX_SHIFT = 0x11 PERF_SAMPLE_BRANCH_PRIV_SAVE_SHIFT = 0x12 - PERF_SAMPLE_BRANCH_MAX_SHIFT = 0x13 + PERF_SAMPLE_BRANCH_COUNTERS = 0x80000 + PERF_SAMPLE_BRANCH_MAX_SHIFT = 0x14 PERF_SAMPLE_BRANCH_USER = 0x1 PERF_SAMPLE_BRANCH_KERNEL = 0x2 PERF_SAMPLE_BRANCH_HV = 0x4 @@ -1198,7 +1199,7 @@ const ( PERF_SAMPLE_BRANCH_TYPE_SAVE = 0x10000 PERF_SAMPLE_BRANCH_HW_INDEX = 0x20000 PERF_SAMPLE_BRANCH_PRIV_SAVE = 0x40000 - PERF_SAMPLE_BRANCH_MAX = 0x80000 + PERF_SAMPLE_BRANCH_MAX = 0x100000 PERF_BR_UNKNOWN = 0x0 PERF_BR_COND = 0x1 PERF_BR_UNCOND = 0x2 @@ -2481,6 +2482,15 @@ type XDPMmapOffsets struct { Cr XDPRingOffset } +type XDPUmemReg struct { + Addr uint64 + Len uint64 + Chunk_size uint32 + Headroom uint32 + Flags uint32 + Tx_metadata_len uint32 +} + type XDPStatistics struct { Rx_dropped uint64 Rx_invalid_descs uint64 @@ -2935,7 +2945,7 @@ const ( BPF_TCP_LISTEN = 0xa BPF_TCP_CLOSING = 0xb BPF_TCP_NEW_SYN_RECV = 0xc - BPF_TCP_MAX_STATES = 0xd + BPF_TCP_MAX_STATES = 0xe TCP_BPF_IW = 0x3e9 TCP_BPF_SNDCWND_CLAMP = 0x3ea TCP_BPF_DELACK_MAX = 0x3eb @@ -3211,7 +3221,7 @@ const ( DEVLINK_CMD_LINECARD_NEW = 0x50 DEVLINK_CMD_LINECARD_DEL = 0x51 DEVLINK_CMD_SELFTESTS_GET = 0x52 - DEVLINK_CMD_MAX = 0x53 + DEVLINK_CMD_MAX = 0x54 DEVLINK_PORT_TYPE_NOTSET = 0x0 DEVLINK_PORT_TYPE_AUTO = 0x1 DEVLINK_PORT_TYPE_ETH = 0x2 @@ -4595,7 +4605,7 @@ const ( NL80211_ATTR_MAC_HINT = 0xc8 NL80211_ATTR_MAC_MASK = 0xd7 NL80211_ATTR_MAX_AP_ASSOC_STA = 0xca - NL80211_ATTR_MAX = 0x146 + NL80211_ATTR_MAX = 0x14a NL80211_ATTR_MAX_CRIT_PROT_DURATION = 0xb4 NL80211_ATTR_MAX_CSA_COUNTERS = 0xce NL80211_ATTR_MAX_MATCH_SETS = 0x85 @@ -4861,7 +4871,7 @@ const ( NL80211_BSS_FREQUENCY_OFFSET = 0x14 NL80211_BSS_INFORMATION_ELEMENTS = 0x6 NL80211_BSS_LAST_SEEN_BOOTTIME = 0xf - NL80211_BSS_MAX = 0x16 + NL80211_BSS_MAX = 0x18 NL80211_BSS_MLD_ADDR = 0x16 NL80211_BSS_MLO_LINK_ID = 0x15 NL80211_BSS_PAD = 0x10 @@ -4965,7 +4975,7 @@ const ( NL80211_CMD_LEAVE_IBSS = 0x2c NL80211_CMD_LEAVE_MESH = 0x45 NL80211_CMD_LEAVE_OCB = 0x6d - NL80211_CMD_MAX = 0x9a + NL80211_CMD_MAX = 0x9b NL80211_CMD_MICHAEL_MIC_FAILURE = 0x29 NL80211_CMD_MODIFY_LINK_STA = 0x97 NL80211_CMD_NAN_MATCH = 0x78 @@ -5199,7 +5209,7 @@ const ( NL80211_FREQUENCY_ATTR_GO_CONCURRENT = 0xf NL80211_FREQUENCY_ATTR_INDOOR_ONLY = 0xe NL80211_FREQUENCY_ATTR_IR_CONCURRENT = 0xf - NL80211_FREQUENCY_ATTR_MAX = 0x1c + NL80211_FREQUENCY_ATTR_MAX = 0x20 NL80211_FREQUENCY_ATTR_MAX_TX_POWER = 0x6 NL80211_FREQUENCY_ATTR_NO_10MHZ = 0x11 NL80211_FREQUENCY_ATTR_NO_160MHZ = 0xc @@ -5693,7 +5703,7 @@ const ( NL80211_STA_FLAG_ASSOCIATED = 0x7 NL80211_STA_FLAG_AUTHENTICATED = 0x5 NL80211_STA_FLAG_AUTHORIZED = 0x1 - NL80211_STA_FLAG_MAX = 0x7 + NL80211_STA_FLAG_MAX = 0x8 NL80211_STA_FLAG_MAX_OLD_API = 0x6 NL80211_STA_FLAG_MFP = 0x4 NL80211_STA_FLAG_SHORT_PREAMBLE = 0x2 @@ -5991,3 +6001,34 @@ type CachestatRange struct { Off uint64 Len uint64 } + +const ( + SK_MEMINFO_RMEM_ALLOC = 0x0 + SK_MEMINFO_RCVBUF = 0x1 + SK_MEMINFO_WMEM_ALLOC = 0x2 + SK_MEMINFO_SNDBUF = 0x3 + SK_MEMINFO_FWD_ALLOC = 0x4 + SK_MEMINFO_WMEM_QUEUED = 0x5 + SK_MEMINFO_OPTMEM = 0x6 + SK_MEMINFO_BACKLOG = 0x7 + SK_MEMINFO_DROPS = 0x8 + SK_MEMINFO_VARS = 0x9 + SKNLGRP_NONE = 0x0 + SKNLGRP_INET_TCP_DESTROY = 0x1 + SKNLGRP_INET_UDP_DESTROY = 0x2 + SKNLGRP_INET6_TCP_DESTROY = 0x3 + SKNLGRP_INET6_UDP_DESTROY = 0x4 + SK_DIAG_BPF_STORAGE_REQ_NONE = 0x0 + SK_DIAG_BPF_STORAGE_REQ_MAP_FD = 0x1 + SK_DIAG_BPF_STORAGE_REP_NONE = 0x0 + SK_DIAG_BPF_STORAGE = 0x1 + SK_DIAG_BPF_STORAGE_NONE = 0x0 + SK_DIAG_BPF_STORAGE_PAD = 0x1 + SK_DIAG_BPF_STORAGE_MAP_ID = 0x2 + SK_DIAG_BPF_STORAGE_MAP_VALUE = 0x3 +) + +type SockDiagReq struct { + Family uint8 + Protocol uint8 +} diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_386.go b/vendor/golang.org/x/sys/unix/ztypes_linux_386.go index 438a30affad..fd402da43fc 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_386.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_386.go @@ -477,14 +477,6 @@ const ( BLKPG = 0x1269 ) -type XDPUmemReg struct { - Addr uint64 - Len uint64 - Size uint32 - Headroom uint32 - Flags uint32 -} - type CryptoUserAlg struct { Name [64]int8 Driver_name [64]int8 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go index adceca3553b..eb7a5e1864a 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go @@ -492,15 +492,6 @@ const ( BLKPG = 0x1269 ) -type XDPUmemReg struct { - Addr uint64 - Len uint64 - Size uint32 - Headroom uint32 - Flags uint32 - _ [4]byte -} - type CryptoUserAlg struct { Name [64]int8 Driver_name [64]int8 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go b/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go index eeaa00a37d6..d78ac108b6c 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go @@ -470,15 +470,6 @@ const ( BLKPG = 0x1269 ) -type XDPUmemReg struct { - Addr uint64 - Len uint64 - Size uint32 - Headroom uint32 - Flags uint32 - _ [4]byte -} - type CryptoUserAlg struct { Name [64]uint8 Driver_name [64]uint8 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go index 6739aa91d4e..cd06d47f1f7 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go @@ -471,15 +471,6 @@ const ( BLKPG = 0x1269 ) -type XDPUmemReg struct { - Addr uint64 - Len uint64 - Size uint32 - Headroom uint32 - Flags uint32 - _ [4]byte -} - type CryptoUserAlg struct { Name [64]int8 Driver_name [64]int8 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go index 9920ef6317d..2f28fe26c1a 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go @@ -472,15 +472,6 @@ const ( BLKPG = 0x1269 ) -type XDPUmemReg struct { - Addr uint64 - Len uint64 - Size uint32 - Headroom uint32 - Flags uint32 - _ [4]byte -} - type CryptoUserAlg struct { Name [64]int8 Driver_name [64]int8 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go index 2923b799a48..71d6cac2f1a 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go @@ -476,15 +476,6 @@ const ( BLKPG = 0x20001269 ) -type XDPUmemReg struct { - Addr uint64 - Len uint64 - Size uint32 - Headroom uint32 - Flags uint32 - _ [4]byte -} - type CryptoUserAlg struct { Name [64]int8 Driver_name [64]int8 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go index ce2750ee415..8596d453563 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go @@ -474,15 +474,6 @@ const ( BLKPG = 0x20001269 ) -type XDPUmemReg struct { - Addr uint64 - Len uint64 - Size uint32 - Headroom uint32 - Flags uint32 - _ [4]byte -} - type CryptoUserAlg struct { Name [64]int8 Driver_name [64]int8 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go index 3038811d70b..cd60ea18662 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go @@ -474,15 +474,6 @@ const ( BLKPG = 0x20001269 ) -type XDPUmemReg struct { - Addr uint64 - Len uint64 - Size uint32 - Headroom uint32 - Flags uint32 - _ [4]byte -} - type CryptoUserAlg struct { Name [64]int8 Driver_name [64]int8 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go index efc6fed18c1..b0ae420c489 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go @@ -476,15 +476,6 @@ const ( BLKPG = 0x20001269 ) -type XDPUmemReg struct { - Addr uint64 - Len uint64 - Size uint32 - Headroom uint32 - Flags uint32 - _ [4]byte -} - type CryptoUserAlg struct { Name [64]int8 Driver_name [64]int8 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go index 9a654b75a90..8359728759b 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go @@ -482,15 +482,6 @@ const ( BLKPG = 0x20001269 ) -type XDPUmemReg struct { - Addr uint64 - Len uint64 - Size uint32 - Headroom uint32 - Flags uint32 - _ [4]byte -} - type CryptoUserAlg struct { Name [64]uint8 Driver_name [64]uint8 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go index 40d358e33e3..69eb6a5c689 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go @@ -481,15 +481,6 @@ const ( BLKPG = 0x20001269 ) -type XDPUmemReg struct { - Addr uint64 - Len uint64 - Size uint32 - Headroom uint32 - Flags uint32 - _ [4]byte -} - type CryptoUserAlg struct { Name [64]uint8 Driver_name [64]uint8 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go index 148c6ceb869..5f583cb62bf 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go @@ -481,15 +481,6 @@ const ( BLKPG = 0x20001269 ) -type XDPUmemReg struct { - Addr uint64 - Len uint64 - Size uint32 - Headroom uint32 - Flags uint32 - _ [4]byte -} - type CryptoUserAlg struct { Name [64]uint8 Driver_name [64]uint8 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go index 72ba81543ef..15adc04142f 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go @@ -499,15 +499,6 @@ const ( BLKPG = 0x1269 ) -type XDPUmemReg struct { - Addr uint64 - Len uint64 - Size uint32 - Headroom uint32 - Flags uint32 - _ [4]byte -} - type CryptoUserAlg struct { Name [64]uint8 Driver_name [64]uint8 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go b/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go index 71e765508e2..cf3ce900377 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go @@ -495,15 +495,6 @@ const ( BLKPG = 0x1269 ) -type XDPUmemReg struct { - Addr uint64 - Len uint64 - Size uint32 - Headroom uint32 - Flags uint32 - _ [4]byte -} - type CryptoUserAlg struct { Name [64]int8 Driver_name [64]int8 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go index 4abbdb9de93..590b56739c5 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go @@ -476,15 +476,6 @@ const ( BLKPG = 0x20001269 ) -type XDPUmemReg struct { - Addr uint64 - Len uint64 - Size uint32 - Headroom uint32 - Flags uint32 - _ [4]byte -} - type CryptoUserAlg struct { Name [64]int8 Driver_name [64]int8 diff --git a/vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go b/vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go index 54f31be6373..d9a13af4684 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go +++ b/vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go @@ -25,10 +25,13 @@ const ( SizeofIPv6Mreq = 20 SizeofICMPv6Filter = 32 SizeofIPv6MTUInfo = 32 + SizeofInet4Pktinfo = 8 + SizeofInet6Pktinfo = 20 SizeofLinger = 8 SizeofSockaddrInet4 = 16 SizeofSockaddrInet6 = 28 SizeofTCPInfo = 0x68 + SizeofUcred = 12 ) type ( @@ -69,12 +72,17 @@ type Utimbuf struct { } type Utsname struct { - Sysname [65]byte - Nodename [65]byte - Release [65]byte - Version [65]byte - Machine [65]byte - Domainname [65]byte + Sysname [16]byte + Nodename [32]byte + Release [8]byte + Version [8]byte + Machine [16]byte +} + +type Ucred struct { + Pid int32 + Uid uint32 + Gid uint32 } type RawSockaddrInet4 struct { @@ -325,7 +333,7 @@ type Statvfs_t struct { } type Statfs_t struct { - Type uint32 + Type uint64 Bsize uint64 Blocks uint64 Bfree uint64 @@ -336,6 +344,7 @@ type Statfs_t struct { Namelen uint64 Frsize uint64 Flags uint64 + _ [4]uint64 } type direntLE struct { @@ -412,3 +421,126 @@ type W_Mntent struct { Quiesceowner [8]byte _ [38]byte } + +type EpollEvent struct { + Events uint32 + _ int32 + Fd int32 + Pad int32 +} + +type InotifyEvent struct { + Wd int32 + Mask uint32 + Cookie uint32 + Len uint32 + Name string +} + +const ( + SizeofInotifyEvent = 0x10 +) + +type ConsMsg2 struct { + Cm2Format uint16 + Cm2R1 uint16 + Cm2Msglength uint32 + Cm2Msg *byte + Cm2R2 [4]byte + Cm2R3 [4]byte + Cm2Routcde *uint32 + Cm2Descr *uint32 + Cm2Msgflag uint32 + Cm2Token uint32 + Cm2Msgid *uint32 + Cm2R4 [4]byte + Cm2DomToken uint32 + Cm2DomMsgid *uint32 + Cm2ModCartptr *byte + Cm2ModConsidptr *byte + Cm2MsgCart [8]byte + Cm2MsgConsid [4]byte + Cm2R5 [12]byte +} + +const ( + CC_modify = 1 + CC_stop = 2 + CONSOLE_FORMAT_2 = 2 + CONSOLE_FORMAT_3 = 3 + CONSOLE_HRDCPY = 0x80000000 +) + +type OpenHow struct { + Flags uint64 + Mode uint64 + Resolve uint64 +} + +const SizeofOpenHow = 0x18 + +const ( + RESOLVE_CACHED = 0x20 + RESOLVE_BENEATH = 0x8 + RESOLVE_IN_ROOT = 0x10 + RESOLVE_NO_MAGICLINKS = 0x2 + RESOLVE_NO_SYMLINKS = 0x4 + RESOLVE_NO_XDEV = 0x1 +) + +type Siginfo struct { + Signo int32 + Errno int32 + Code int32 + Pid int32 + Uid uint32 + _ [44]byte +} + +type SysvIpcPerm struct { + Uid uint32 + Gid uint32 + Cuid uint32 + Cgid uint32 + Mode int32 +} + +type SysvShmDesc struct { + Perm SysvIpcPerm + _ [4]byte + Lpid int32 + Cpid int32 + Nattch uint32 + _ [4]byte + _ [4]byte + _ [4]byte + _ int32 + _ uint8 + _ uint8 + _ uint16 + _ *byte + Segsz uint64 + Atime Time_t + Dtime Time_t + Ctime Time_t +} + +type SysvShmDesc64 struct { + Perm SysvIpcPerm + _ [4]byte + Lpid int32 + Cpid int32 + Nattch uint32 + _ [4]byte + _ [4]byte + _ [4]byte + _ int32 + _ byte + _ uint8 + _ uint16 + _ *byte + Segsz uint64 + Atime int64 + Dtime int64 + Ctime int64 +} diff --git a/vendor/golang.org/x/sys/windows/aliases.go b/vendor/golang.org/x/sys/windows/aliases.go index ce2d713d62e..16f90560a23 100644 --- a/vendor/golang.org/x/sys/windows/aliases.go +++ b/vendor/golang.org/x/sys/windows/aliases.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build windows && go1.9 +//go:build windows package windows diff --git a/vendor/golang.org/x/sys/windows/empty.s b/vendor/golang.org/x/sys/windows/empty.s deleted file mode 100644 index ba64caca5d3..00000000000 --- a/vendor/golang.org/x/sys/windows/empty.s +++ /dev/null @@ -1,8 +0,0 @@ -// Copyright 2019 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -//go:build !go1.12 - -// This file is here to allow bodyless functions with go:linkname for Go 1.11 -// and earlier (see https://golang.org/issue/23311). diff --git a/vendor/golang.org/x/sys/windows/security_windows.go b/vendor/golang.org/x/sys/windows/security_windows.go index 26be94a8a7b..97651b5bd04 100644 --- a/vendor/golang.org/x/sys/windows/security_windows.go +++ b/vendor/golang.org/x/sys/windows/security_windows.go @@ -68,6 +68,7 @@ type UserInfo10 struct { //sys NetUserGetInfo(serverName *uint16, userName *uint16, level uint32, buf **byte) (neterr error) = netapi32.NetUserGetInfo //sys NetGetJoinInformation(server *uint16, name **uint16, bufType *uint32) (neterr error) = netapi32.NetGetJoinInformation //sys NetApiBufferFree(buf *byte) (neterr error) = netapi32.NetApiBufferFree +//sys NetUserEnum(serverName *uint16, level uint32, filter uint32, buf **byte, prefMaxLen uint32, entriesRead *uint32, totalEntries *uint32, resumeHandle *uint32) (neterr error) = netapi32.NetUserEnum const ( // do not reorder @@ -893,7 +894,7 @@ type ACL struct { aclRevision byte sbz1 byte aclSize uint16 - aceCount uint16 + AceCount uint16 sbz2 uint16 } @@ -1086,6 +1087,27 @@ type EXPLICIT_ACCESS struct { Trustee TRUSTEE } +// https://learn.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-ace_header +type ACE_HEADER struct { + AceType uint8 + AceFlags uint8 + AceSize uint16 +} + +// https://learn.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-access_allowed_ace +type ACCESS_ALLOWED_ACE struct { + Header ACE_HEADER + Mask ACCESS_MASK + SidStart uint32 +} + +const ( + // Constants for AceType + // https://learn.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-ace_header + ACCESS_ALLOWED_ACE_TYPE = 0 + ACCESS_DENIED_ACE_TYPE = 1 +) + // This type is the union inside of TRUSTEE and must be created using one of the TrusteeValueFrom* functions. type TrusteeValue uintptr @@ -1157,6 +1179,7 @@ type OBJECTS_AND_NAME struct { //sys makeSelfRelativeSD(absoluteSD *SECURITY_DESCRIPTOR, selfRelativeSD *SECURITY_DESCRIPTOR, selfRelativeSDSize *uint32) (err error) = advapi32.MakeSelfRelativeSD //sys setEntriesInAcl(countExplicitEntries uint32, explicitEntries *EXPLICIT_ACCESS, oldACL *ACL, newACL **ACL) (ret error) = advapi32.SetEntriesInAclW +//sys GetAce(acl *ACL, aceIndex uint32, pAce **ACCESS_ALLOWED_ACE) (ret error) = advapi32.GetAce // Control returns the security descriptor control bits. func (sd *SECURITY_DESCRIPTOR) Control() (control SECURITY_DESCRIPTOR_CONTROL, revision uint32, err error) { diff --git a/vendor/golang.org/x/sys/windows/zsyscall_windows.go b/vendor/golang.org/x/sys/windows/zsyscall_windows.go index 5c6035ddfa9..eba761018aa 100644 --- a/vendor/golang.org/x/sys/windows/zsyscall_windows.go +++ b/vendor/golang.org/x/sys/windows/zsyscall_windows.go @@ -91,6 +91,7 @@ var ( procEnumServicesStatusExW = modadvapi32.NewProc("EnumServicesStatusExW") procEqualSid = modadvapi32.NewProc("EqualSid") procFreeSid = modadvapi32.NewProc("FreeSid") + procGetAce = modadvapi32.NewProc("GetAce") procGetLengthSid = modadvapi32.NewProc("GetLengthSid") procGetNamedSecurityInfoW = modadvapi32.NewProc("GetNamedSecurityInfoW") procGetSecurityDescriptorControl = modadvapi32.NewProc("GetSecurityDescriptorControl") @@ -401,6 +402,7 @@ var ( procTransmitFile = modmswsock.NewProc("TransmitFile") procNetApiBufferFree = modnetapi32.NewProc("NetApiBufferFree") procNetGetJoinInformation = modnetapi32.NewProc("NetGetJoinInformation") + procNetUserEnum = modnetapi32.NewProc("NetUserEnum") procNetUserGetInfo = modnetapi32.NewProc("NetUserGetInfo") procNtCreateFile = modntdll.NewProc("NtCreateFile") procNtCreateNamedPipeFile = modntdll.NewProc("NtCreateNamedPipeFile") @@ -1223,6 +1225,14 @@ func setEntriesInAcl(countExplicitEntries uint32, explicitEntries *EXPLICIT_ACCE return } +func GetAce(acl *ACL, aceIndex uint32, pAce **ACCESS_ALLOWED_ACE) (ret error) { + r0, _, _ := syscall.Syscall(procGetAce.Addr(), 3, uintptr(unsafe.Pointer(acl)), uintptr(aceIndex), uintptr(unsafe.Pointer(pAce))) + if r0 == 0 { + ret = GetLastError() + } + return +} + func SetKernelObjectSecurity(handle Handle, securityInformation SECURITY_INFORMATION, securityDescriptor *SECURITY_DESCRIPTOR) (err error) { r1, _, e1 := syscall.Syscall(procSetKernelObjectSecurity.Addr(), 3, uintptr(handle), uintptr(securityInformation), uintptr(unsafe.Pointer(securityDescriptor))) if r1 == 0 { @@ -3486,6 +3496,14 @@ func NetGetJoinInformation(server *uint16, name **uint16, bufType *uint32) (nete return } +func NetUserEnum(serverName *uint16, level uint32, filter uint32, buf **byte, prefMaxLen uint32, entriesRead *uint32, totalEntries *uint32, resumeHandle *uint32) (neterr error) { + r0, _, _ := syscall.Syscall9(procNetUserEnum.Addr(), 8, uintptr(unsafe.Pointer(serverName)), uintptr(level), uintptr(filter), uintptr(unsafe.Pointer(buf)), uintptr(prefMaxLen), uintptr(unsafe.Pointer(entriesRead)), uintptr(unsafe.Pointer(totalEntries)), uintptr(unsafe.Pointer(resumeHandle)), 0) + if r0 != 0 { + neterr = syscall.Errno(r0) + } + return +} + func NetUserGetInfo(serverName *uint16, userName *uint16, level uint32, buf **byte) (neterr error) { r0, _, _ := syscall.Syscall6(procNetUserGetInfo.Addr(), 4, uintptr(unsafe.Pointer(serverName)), uintptr(unsafe.Pointer(userName)), uintptr(level), uintptr(unsafe.Pointer(buf)), 0, 0) if r0 != 0 { diff --git a/vendor/modules.txt b/vendor/modules.txt index 2a0f5b8eb1c..28f02a8ea11 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -82,7 +82,7 @@ golang.org/x/exp/slices # golang.org/x/net v0.24.0 ## explicit; go 1.18 golang.org/x/net/bpf -# golang.org/x/sys v0.19.0 +# golang.org/x/sys v0.22.0 ## explicit; go 1.18 golang.org/x/sys/execabs golang.org/x/sys/unix From 1d308c7da4641025dcfa688fc04a835a0a449486 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Tue, 3 Sep 2024 23:05:59 +1000 Subject: [PATCH 0646/1176] vendor: update to github.com/cyphar/filepath-securejoin@v0.3.1 This includes the MkdirAll and OpenInRoot implementations which are actually secure against races. Signed-off-by: Aleksa Sarai --- go.mod | 2 +- go.sum | 7 +- .../cyphar/filepath-securejoin/CHANGELOG.md | 138 +++++ .../cyphar/filepath-securejoin/LICENSE | 2 +- .../cyphar/filepath-securejoin/README.md | 139 ++++- .../cyphar/filepath-securejoin/VERSION | 2 +- .../cyphar/filepath-securejoin/join.go | 85 ++-- .../filepath-securejoin/lookup_linux.go | 389 ++++++++++++++ .../cyphar/filepath-securejoin/mkdir_linux.go | 229 +++++++++ .../cyphar/filepath-securejoin/open_linux.go | 101 ++++ .../filepath-securejoin/openat2_linux.go | 141 ++++++ .../filepath-securejoin/openat_linux.go | 59 +++ .../filepath-securejoin/procfs_linux.go | 474 ++++++++++++++++++ .../testing_mocks_linux.go | 68 +++ .../cyphar/filepath-securejoin/vfs.go | 2 +- vendor/modules.txt | 4 +- 16 files changed, 1768 insertions(+), 74 deletions(-) create mode 100644 vendor/github.com/cyphar/filepath-securejoin/CHANGELOG.md create mode 100644 vendor/github.com/cyphar/filepath-securejoin/lookup_linux.go create mode 100644 vendor/github.com/cyphar/filepath-securejoin/mkdir_linux.go create mode 100644 vendor/github.com/cyphar/filepath-securejoin/open_linux.go create mode 100644 vendor/github.com/cyphar/filepath-securejoin/openat2_linux.go create mode 100644 vendor/github.com/cyphar/filepath-securejoin/openat_linux.go create mode 100644 vendor/github.com/cyphar/filepath-securejoin/procfs_linux.go create mode 100644 vendor/github.com/cyphar/filepath-securejoin/testing_mocks_linux.go diff --git a/go.mod b/go.mod index 9686f10dca2..df040a685f8 100644 --- a/go.mod +++ b/go.mod @@ -7,7 +7,7 @@ require ( github.com/cilium/ebpf v0.12.3 github.com/containerd/console v1.0.4 github.com/coreos/go-systemd/v22 v22.5.0 - github.com/cyphar/filepath-securejoin v0.2.4 + github.com/cyphar/filepath-securejoin v0.3.1 github.com/docker/go-units v0.5.0 github.com/godbus/dbus/v5 v5.1.0 github.com/moby/sys/mountinfo v0.7.1 diff --git a/go.sum b/go.sum index 089ea9340da..30eac24d227 100644 --- a/go.sum +++ b/go.sum @@ -9,8 +9,8 @@ github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8 github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w= github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= -github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg= -github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= +github.com/cyphar/filepath-securejoin v0.3.1 h1:1V7cHiaW+C+39wEfpH6XlLBQo3j/PciWFrgfCLS8XrE= +github.com/cyphar/filepath-securejoin v0.3.1/go.mod h1:F7i41x/9cBF7lzCrVsYs9fuzwRZm4NQsGTBdpp6mETc= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -58,8 +58,9 @@ github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpE github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= -github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= +github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= +github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 h1:kdXcSzyDtseVEc4yCz2qF8ZrQvIDBJLl4S1c3GCXmoI= github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= github.com/urfave/cli v1.22.14 h1:ebbhrRiGK2i4naQJr+1Xj92HXZCrK7MsyTS/ob3HnAk= diff --git a/vendor/github.com/cyphar/filepath-securejoin/CHANGELOG.md b/vendor/github.com/cyphar/filepath-securejoin/CHANGELOG.md new file mode 100644 index 00000000000..7436896e137 --- /dev/null +++ b/vendor/github.com/cyphar/filepath-securejoin/CHANGELOG.md @@ -0,0 +1,138 @@ +# Changelog # +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](http://keepachangelog.com/) +and this project adheres to [Semantic Versioning](http://semver.org/). + +## [Unreleased] ## + +## [0.3.1] - 2024-07-23 ## + +### Changed ### +- By allowing `Open(at)InRoot` to opt-out of the extra work done by `MkdirAll` + to do the necessary "partial lookups", `Open(at)InRoot` now does less work + for both implementations (resulting in a many-fold decrease in the number of + operations for `openat2`, and a modest improvement for non-`openat2`) and is + far more guaranteed to match the correct `openat2(RESOLVE_IN_ROOT)` + behaviour. +- We now use `readlinkat(fd, "")` where possible. For `Open(at)InRoot` this + effectively just means that we no longer risk getting spurious errors during + rename races. However, for our hardened procfs handler, this in theory should + prevent mount attacks from tricking us when doing magic-link readlinks (even + when using the unsafe host `/proc` handle). Unfortunately `Reopen` is still + potentially vulnerable to those kinds of somewhat-esoteric attacks. + + Technically this [will only work on post-2.6.39 kernels][linux-readlinkat-emptypath] + but it seems incredibly unlikely anyone is using `filepath-securejoin` on a + pre-2011 kernel. + +### Fixed ### +- Several improvements were made to the errors returned by `Open(at)InRoot` and + `MkdirAll` when dealing with invalid paths under the emulated (ie. + non-`openat2`) implementation. Previously, some paths would return the wrong + error (`ENOENT` when the last component was a non-directory), and other paths + would be returned as though they were acceptable (trailing-slash components + after a non-directory would be ignored by `Open(at)InRoot`). + + These changes were done to match `openat2`'s behaviour and purely is a + consistency fix (most users are going to be using `openat2` anyway). + +[linux-readlinkat-emptypath]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=65cfc6722361570bfe255698d9cd4dccaf47570d + +## [0.3.0] - 2024-07-11 ## + +### Added ### +- A new set of `*os.File`-based APIs have been added. These are adapted from + [libpathrs][] and we strongly suggest using them if possible (as they provide + far more protection against attacks than `SecureJoin`): + + - `Open(at)InRoot` resolves a path inside a rootfs and returns an `*os.File` + handle to the path. Note that the handle returned is an `O_PATH` handle, + which cannot be used for reading or writing (as well as some other + operations -- [see open(2) for more details][open.2]) + + - `Reopen` takes an `O_PATH` file handle and safely re-opens it to upgrade + it to a regular handle. This can also be used with non-`O_PATH` handles, + but `O_PATH` is the most obvious application. + + - `MkdirAll` is an implementation of `os.MkdirAll` that is safe to use to + create a directory tree within a rootfs. + + As these are new APIs, they may change in the future. However, they should be + safe to start migrating to as we have extensive tests ensuring they behave + correctly and are safe against various races and other attacks. + +[libpathrs]: https://github.com/openSUSE/libpathrs +[open.2]: https://www.man7.org/linux/man-pages/man2/open.2.html + +## [0.2.5] - 2024-05-03 ## + +### Changed ### +- Some minor changes were made to how lexical components (like `..` and `.`) + are handled during path generation in `SecureJoin`. There is no behaviour + change as a result of this fix (the resulting paths are the same). + +### Fixed ### +- The error returned when we hit a symlink loop now references the correct + path. (#10) + +## [0.2.4] - 2023-09-06 ## + +### Security ### +- This release fixes a potential security issue in filepath-securejoin when + used on Windows ([GHSA-6xv5-86q9-7xr8][], which could be used to generate + paths outside of the provided rootfs in certain cases), as well as improving + the overall behaviour of filepath-securejoin when dealing with Windows paths + that contain volume names. Thanks to Paulo Gomes for discovering and fixing + these issues. + +### Fixed ### +- Switch to GitHub Actions for CI so we can test on Windows as well as Linux + and MacOS. + +[GHSA-6xv5-86q9-7xr8]: https://github.com/advisories/GHSA-6xv5-86q9-7xr8 + +## [0.2.3] - 2021-06-04 ## + +### Changed ### +- Switch to Go 1.13-style `%w` error wrapping, letting us drop the dependency + on `github.com/pkg/errors`. + +## [0.2.2] - 2018-09-05 ## + +### Changed ### +- Use `syscall.ELOOP` as the base error for symlink loops, rather than our own + (internal) error. This allows callers to more easily use `errors.Is` to check + for this case. + +## [0.2.1] - 2018-09-05 ## + +### Fixed ### +- Use our own `IsNotExist` implementation, which lets us handle `ENOTDIR` + properly within `SecureJoin`. + +## [0.2.0] - 2017-07-19 ## + +We now have 100% test coverage! + +### Added ### +- Add a `SecureJoinVFS` API that can be used for mocking (as we do in our new + tests) or for implementing custom handling of lookup operations (such as for + rootless containers, where work is necessary to access directories with weird + modes because we don't have `CAP_DAC_READ_SEARCH` or `CAP_DAC_OVERRIDE`). + +## 0.1.0 - 2017-07-19 + +This is our first release of `github.com/cyphar/filepath-securejoin`, +containing a full implementation with a coverage of 93.5% (the only missing +cases are the error cases, which are hard to mocktest at the moment). + +[Unreleased]: https://github.com/cyphar/filepath-securejoin/compare/v0.3.1...HEAD +[0.3.1]: https://github.com/cyphar/filepath-securejoin/compare/v0.3.0...v0.3.1 +[0.3.0]: https://github.com/cyphar/filepath-securejoin/compare/v0.2.5...v0.3.0 +[0.2.5]: https://github.com/cyphar/filepath-securejoin/compare/v0.2.4...v0.2.5 +[0.2.4]: https://github.com/cyphar/filepath-securejoin/compare/v0.2.3...v0.2.4 +[0.2.3]: https://github.com/cyphar/filepath-securejoin/compare/v0.2.2...v0.2.3 +[0.2.2]: https://github.com/cyphar/filepath-securejoin/compare/v0.2.1...v0.2.2 +[0.2.1]: https://github.com/cyphar/filepath-securejoin/compare/v0.2.0...v0.2.1 +[0.2.0]: https://github.com/cyphar/filepath-securejoin/compare/v0.1.0...v0.2.0 diff --git a/vendor/github.com/cyphar/filepath-securejoin/LICENSE b/vendor/github.com/cyphar/filepath-securejoin/LICENSE index bec842f294f..cb1ab88da0f 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/LICENSE +++ b/vendor/github.com/cyphar/filepath-securejoin/LICENSE @@ -1,5 +1,5 @@ Copyright (C) 2014-2015 Docker Inc & Go Authors. All rights reserved. -Copyright (C) 2017 SUSE LLC. All rights reserved. +Copyright (C) 2017-2024 SUSE LLC. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are diff --git a/vendor/github.com/cyphar/filepath-securejoin/README.md b/vendor/github.com/cyphar/filepath-securejoin/README.md index 4eca0f23550..253956f8657 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/README.md +++ b/vendor/github.com/cyphar/filepath-securejoin/README.md @@ -2,31 +2,24 @@ [![Build Status](https://github.com/cyphar/filepath-securejoin/actions/workflows/ci.yml/badge.svg)](https://github.com/cyphar/filepath-securejoin/actions/workflows/ci.yml) -An implementation of `SecureJoin`, a [candidate for inclusion in the Go -standard library][go#20126]. The purpose of this function is to be a "secure" -alternative to `filepath.Join`, and in particular it provides certain -guarantees that are not provided by `filepath.Join`. - -> **NOTE**: This code is *only* safe if you are not at risk of other processes -> modifying path components after you've used `SecureJoin`. If it is possible -> for a malicious process to modify path components of the resolved path, then -> you will be vulnerable to some fairly trivial TOCTOU race conditions. [There -> are some Linux kernel patches I'm working on which might allow for a better -> solution.][lwn-obeneath] -> -> In addition, with a slightly modified API it might be possible to use -> `O_PATH` and verify that the opened path is actually the resolved one -- but -> I have not done that yet. I might add it in the future as a helper function -> to help users verify the path (we can't just return `/proc/self/fd/` -> because that doesn't always work transparently for all users). - -This is the function prototype: +### Old API ### -```go -func SecureJoin(root, unsafePath string) (string, error) -``` +This library was originally just an implementation of `SecureJoin` which was +[intended to be included in the Go standard library][go#20126] as a safer +`filepath.Join` that would restrict the path lookup to be inside a root +directory. + +The implementation was based on code that existed in several container +runtimes. Unfortunately, this API is **fundamentally unsafe** against attackers +that can modify path components after `SecureJoin` returns and before the +caller uses the path, allowing for some fairly trivial TOCTOU attacks. + +`SecureJoin` (and `SecureJoinVFS`) are still provided by this library to +support legacy users, but new users are strongly suggested to avoid using +`SecureJoin` and instead use the [new api](#new-api) or switch to +[libpathrs][libpathrs]. -This library **guarantees** the following: +With the above limitations in mind, this library guarantees the following: * If no error is set, the resulting string **must** be a child path of `root` and will not contain any symlink path components (they will all be @@ -47,7 +40,7 @@ This library **guarantees** the following: A (trivial) implementation of this function on GNU/Linux systems could be done with the following (note that this requires root privileges and is far more opaque than the implementation in this library, and also requires that -`readlink` is inside the `root` path): +`readlink` is inside the `root` path and is trustworthy): ```go package securejoin @@ -70,9 +63,105 @@ func SecureJoin(root, unsafePath string) (string, error) { } ``` -[lwn-obeneath]: https://lwn.net/Articles/767547/ +[libpathrs]: https://github.com/openSUSE/libpathrs [go#20126]: https://github.com/golang/go/issues/20126 +### New API ### + +While we recommend users switch to [libpathrs][libpathrs] as soon as it has a +stable release, some methods implemented by libpathrs have been ported to this +library to ease the transition. These APIs are only supported on Linux. + +These APIs are implemented such that `filepath-securejoin` will +opportunistically use certain newer kernel APIs that make these operations far +more secure. In particular: + +* All of the lookup operations will use [`openat2`][openat2.2] on new enough + kernels (Linux 5.6 or later) to restrict lookups through magic-links and + bind-mounts (for certain operations) and to make use of `RESOLVE_IN_ROOT` to + efficiently resolve symlinks within a rootfs. + +* The APIs provide hardening against a malicious `/proc` mount to either detect + or avoid being tricked by a `/proc` that is not legitimate. This is done + using [`openat2`][openat2.2] for all users, and privileged users will also be + further protected by using [`fsopen`][fsopen.2] and [`open_tree`][open_tree.2] + (Linux 4.18 or later). + +[openat2.2]: https://www.man7.org/linux/man-pages/man2/openat2.2.html +[fsopen.2]: https://github.com/brauner/man-pages-md/blob/main/fsopen.md +[open_tree.2]: https://github.com/brauner/man-pages-md/blob/main/open_tree.md + +#### `OpenInRoot` #### + +```go +func OpenInRoot(root, unsafePath string) (*os.File, error) +func OpenatInRoot(root *os.File, unsafePath string) (*os.File, error) +func Reopen(handle *os.File, flags int) (*os.File, error) +``` + +`OpenInRoot` is a much safer version of + +```go +path, err := securejoin.SecureJoin(root, unsafePath) +file, err := os.OpenFile(path, unix.O_PATH|unix.O_CLOEXEC) +``` + +that protects against various race attacks that could lead to serious security +issues, depending on the application. Note that the returned `*os.File` is an +`O_PATH` file descriptor, which is quite restricted. Callers will probably need +to use `Reopen` to get a more usable handle (this split is done to provide +useful features like PTY spawning and to avoid users accidentally opening bad +inodes that could cause a DoS). + +Callers need to be careful in how they use the returned `*os.File`. Usually it +is only safe to operate on the handle directly, and it is very easy to create a +security issue. [libpathrs][libpathrs] provides far more helpers to make using +these handles safer -- there is currently no plan to port them to +`filepath-securejoin`. + +`OpenatInRoot` is like `OpenInRoot` except that the root is provided using an +`*os.File`. This allows you to ensure that multiple `OpenatInRoot` (or +`MkdirAllHandle`) calls are operating on the same rootfs. + +> **NOTE**: Unlike `SecureJoin`, `OpenInRoot` will error out as soon as it hits +> a dangling symlink or non-existent path. This is in contrast to `SecureJoin` +> which treated non-existent components as though they were real directories, +> and would allow for partial resolution of dangling symlinks. These behaviours +> are at odds with how Linux treats non-existent paths and dangling symlinks, +> and so these are no longer allowed. + +#### `MkdirAll` #### + +```go +func MkdirAll(root, unsafePath string, mode int) error +func MkdirAllHandle(root *os.File, unsafePath string, mode int) (*os.File, error) +``` + +`MkdirAll` is a much safer version of + +```go +path, err := securejoin.SecureJoin(root, unsafePath) +err = os.MkdirAll(path, mode) +``` + +that protects against the same kinds of races that `OpenInRoot` protects +against. + +`MkdirAllHandle` is like `MkdirAll` except that the root is provided using an +`*os.File` (the reason for this is the same as with `OpenatInRoot`) and an +`*os.File` of the final created directory is returned (this directory is +guaranteed to be effectively identical to the directory created by +`MkdirAllHandle`, which is not possible to ensure by just using `OpenatInRoot` +after `MkdirAll`). + +> **NOTE**: Unlike `SecureJoin`, `MkdirAll` will error out as soon as it hits +> a dangling symlink or non-existent path. This is in contrast to `SecureJoin` +> which treated non-existent components as though they were real directories, +> and would allow for partial resolution of dangling symlinks. These behaviours +> are at odds with how Linux treats non-existent paths and dangling symlinks, +> and so these are no longer allowed. This means that `MkdirAll` will not +> create non-existent directories referenced by a dangling symlink. + ### License ### The license of this project is the same as Go, which is a BSD 3-clause license diff --git a/vendor/github.com/cyphar/filepath-securejoin/VERSION b/vendor/github.com/cyphar/filepath-securejoin/VERSION index abd410582de..9e11b32fcaa 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/VERSION +++ b/vendor/github.com/cyphar/filepath-securejoin/VERSION @@ -1 +1 @@ -0.2.4 +0.3.1 diff --git a/vendor/github.com/cyphar/filepath-securejoin/join.go b/vendor/github.com/cyphar/filepath-securejoin/join.go index aa32b85fb84..bd86a48b0cc 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/join.go +++ b/vendor/github.com/cyphar/filepath-securejoin/join.go @@ -1,5 +1,5 @@ // Copyright (C) 2014-2015 Docker Inc & Go Authors. All rights reserved. -// Copyright (C) 2017 SUSE LLC. All rights reserved. +// Copyright (C) 2017-2024 SUSE LLC. All rights reserved. // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. @@ -11,7 +11,6 @@ package securejoin import ( - "bytes" "errors" "os" "path/filepath" @@ -19,6 +18,8 @@ import ( "syscall" ) +const maxSymlinkLimit = 255 + // IsNotExist tells you if err is an error that implies that either the path // accessed does not exist (or path components don't exist). This is // effectively a more broad version of os.IsNotExist. @@ -40,6 +41,12 @@ func IsNotExist(err error) bool { // replaced with symlinks on the filesystem) after this function has returned. // Such a symlink race is necessarily out-of-scope of SecureJoin. // +// NOTE: Due to the above limitation, Linux users are strongly encouraged to +// use OpenInRoot instead, which does safely protect against these kinds of +// attacks. There is no way to solve this problem with SecureJoinVFS because +// the API is fundamentally wrong (you cannot return a "safe" path string and +// guarantee it won't be modified afterwards). +// // Volume names in unsafePath are always discarded, regardless if they are // provided via direct input or when evaluating symlinks. Therefore: // @@ -51,71 +58,69 @@ func SecureJoinVFS(root, unsafePath string, vfs VFS) (string, error) { } unsafePath = filepath.FromSlash(unsafePath) - var path bytes.Buffer - n := 0 - for unsafePath != "" { - if n > 255 { - return "", &os.PathError{Op: "SecureJoin", Path: root + string(filepath.Separator) + unsafePath, Err: syscall.ELOOP} + var ( + currentPath string + remainingPath = unsafePath + linksWalked int + ) + for remainingPath != "" { + if v := filepath.VolumeName(remainingPath); v != "" { + remainingPath = remainingPath[len(v):] } - if v := filepath.VolumeName(unsafePath); v != "" { - unsafePath = unsafePath[len(v):] - } - - // Next path component, p. - i := strings.IndexRune(unsafePath, filepath.Separator) - var p string - if i == -1 { - p, unsafePath = unsafePath, "" + // Get the next path component. + var part string + if i := strings.IndexRune(remainingPath, filepath.Separator); i == -1 { + part, remainingPath = remainingPath, "" } else { - p, unsafePath = unsafePath[:i], unsafePath[i+1:] + part, remainingPath = remainingPath[:i], remainingPath[i+1:] } - // Create a cleaned path, using the lexical semantics of /../a, to - // create a "scoped" path component which can safely be joined to fullP - // for evaluation. At this point, path.String() doesn't contain any - // symlink components. - cleanP := filepath.Clean(string(filepath.Separator) + path.String() + p) - if cleanP == string(filepath.Separator) { - path.Reset() + // Apply the component lexically to the path we are building. + // currentPath does not contain any symlinks, and we are lexically + // dealing with a single component, so it's okay to do a filepath.Clean + // here. + nextPath := filepath.Join(string(filepath.Separator), currentPath, part) + if nextPath == string(filepath.Separator) { + currentPath = "" continue } - fullP := filepath.Clean(root + cleanP) + fullPath := root + string(filepath.Separator) + nextPath // Figure out whether the path is a symlink. - fi, err := vfs.Lstat(fullP) + fi, err := vfs.Lstat(fullPath) if err != nil && !IsNotExist(err) { return "", err } // Treat non-existent path components the same as non-symlinks (we // can't do any better here). if IsNotExist(err) || fi.Mode()&os.ModeSymlink == 0 { - path.WriteString(p) - path.WriteRune(filepath.Separator) + currentPath = nextPath continue } - // Only increment when we actually dereference a link. - n++ + // It's a symlink, so get its contents and expand it by prepending it + // to the yet-unparsed path. + linksWalked++ + if linksWalked > maxSymlinkLimit { + return "", &os.PathError{Op: "SecureJoin", Path: root + string(filepath.Separator) + unsafePath, Err: syscall.ELOOP} + } - // It's a symlink, expand it by prepending it to the yet-unparsed path. - dest, err := vfs.Readlink(fullP) + dest, err := vfs.Readlink(fullPath) if err != nil { return "", err } + remainingPath = dest + string(filepath.Separator) + remainingPath // Absolute symlinks reset any work we've already done. if filepath.IsAbs(dest) { - path.Reset() + currentPath = "" } - unsafePath = dest + string(filepath.Separator) + unsafePath } - // We have to clean path.String() here because it may contain '..' - // components that are entirely lexical, but would be misleading otherwise. - // And finally do a final clean to ensure that root is also lexically - // clean. - fullP := filepath.Clean(string(filepath.Separator) + path.String()) - return filepath.Clean(root + fullP), nil + // There should be no lexical components like ".." left in the path here, + // but for safety clean up the path before joining it to the root. + finalPath := filepath.Join(string(filepath.Separator), currentPath) + return filepath.Join(root, finalPath), nil } // SecureJoin is a wrapper around SecureJoinVFS that just uses the os.* library diff --git a/vendor/github.com/cyphar/filepath-securejoin/lookup_linux.go b/vendor/github.com/cyphar/filepath-securejoin/lookup_linux.go new file mode 100644 index 00000000000..290befa1547 --- /dev/null +++ b/vendor/github.com/cyphar/filepath-securejoin/lookup_linux.go @@ -0,0 +1,389 @@ +//go:build linux + +// Copyright (C) 2024 SUSE LLC. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package securejoin + +import ( + "errors" + "fmt" + "os" + "path" + "path/filepath" + "slices" + "strings" + + "golang.org/x/sys/unix" +) + +type symlinkStackEntry struct { + // (dir, remainingPath) is what we would've returned if the link didn't + // exist. This matches what openat2(RESOLVE_IN_ROOT) would return in + // this case. + dir *os.File + remainingPath string + // linkUnwalked is the remaining path components from the original + // Readlink which we have yet to walk. When this slice is empty, we + // drop the link from the stack. + linkUnwalked []string +} + +func (se symlinkStackEntry) String() string { + return fmt.Sprintf("<%s>/%s [->%s]", se.dir.Name(), se.remainingPath, strings.Join(se.linkUnwalked, "/")) +} + +func (se symlinkStackEntry) Close() { + _ = se.dir.Close() +} + +type symlinkStack []*symlinkStackEntry + +func (s *symlinkStack) IsEmpty() bool { + return s == nil || len(*s) == 0 +} + +func (s *symlinkStack) Close() { + if s != nil { + for _, link := range *s { + link.Close() + } + // TODO: Switch to clear once we switch to Go 1.21. + *s = nil + } +} + +var ( + errEmptyStack = errors.New("[internal] stack is empty") + errBrokenSymlinkStack = errors.New("[internal error] broken symlink stack") +) + +func (s *symlinkStack) popPart(part string) error { + if s == nil || s.IsEmpty() { + // If there is nothing in the symlink stack, then the part was from the + // real path provided by the user, and this is a no-op. + return errEmptyStack + } + if part == "." { + // "." components are no-ops -- we drop them when doing SwapLink. + return nil + } + + tailEntry := (*s)[len(*s)-1] + + // Double-check that we are popping the component we expect. + if len(tailEntry.linkUnwalked) == 0 { + return fmt.Errorf("%w: trying to pop component %q of empty stack entry %s", errBrokenSymlinkStack, part, tailEntry) + } + headPart := tailEntry.linkUnwalked[0] + if headPart != part { + return fmt.Errorf("%w: trying to pop component %q but the last stack entry is %s (%q)", errBrokenSymlinkStack, part, tailEntry, headPart) + } + + // Drop the component, but keep the entry around in case we are dealing + // with a "tail-chained" symlink. + tailEntry.linkUnwalked = tailEntry.linkUnwalked[1:] + return nil +} + +func (s *symlinkStack) PopPart(part string) error { + if err := s.popPart(part); err != nil { + if errors.Is(err, errEmptyStack) { + // Skip empty stacks. + err = nil + } + return err + } + + // Clean up any of the trailing stack entries that are empty. + for lastGood := len(*s) - 1; lastGood >= 0; lastGood-- { + entry := (*s)[lastGood] + if len(entry.linkUnwalked) > 0 { + break + } + entry.Close() + (*s) = (*s)[:lastGood] + } + return nil +} + +func (s *symlinkStack) push(dir *os.File, remainingPath, linkTarget string) error { + if s == nil { + return nil + } + // Split the link target and clean up any "" parts. + linkTargetParts := slices.DeleteFunc( + strings.Split(linkTarget, "/"), + func(part string) bool { return part == "" || part == "." }) + + // Copy the directory so the caller doesn't close our copy. + dirCopy, err := dupFile(dir) + if err != nil { + return err + } + + // Add to the stack. + *s = append(*s, &symlinkStackEntry{ + dir: dirCopy, + remainingPath: remainingPath, + linkUnwalked: linkTargetParts, + }) + return nil +} + +func (s *symlinkStack) SwapLink(linkPart string, dir *os.File, remainingPath, linkTarget string) error { + // If we are currently inside a symlink resolution, remove the symlink + // component from the last symlink entry, but don't remove the entry even + // if it's empty. If we are a "tail-chained" symlink (a trailing symlink we + // hit during a symlink resolution) we need to keep the old symlink until + // we finish the resolution. + if err := s.popPart(linkPart); err != nil { + if !errors.Is(err, errEmptyStack) { + return err + } + // Push the component regardless of whether the stack was empty. + } + return s.push(dir, remainingPath, linkTarget) +} + +func (s *symlinkStack) PopTopSymlink() (*os.File, string, bool) { + if s == nil || s.IsEmpty() { + return nil, "", false + } + tailEntry := (*s)[0] + *s = (*s)[1:] + return tailEntry.dir, tailEntry.remainingPath, true +} + +// partialLookupInRoot tries to lookup as much of the request path as possible +// within the provided root (a-la RESOLVE_IN_ROOT) and opens the final existing +// component of the requested path, returning a file handle to the final +// existing component and a string containing the remaining path components. +func partialLookupInRoot(root *os.File, unsafePath string) (*os.File, string, error) { + return lookupInRoot(root, unsafePath, true) +} + +func completeLookupInRoot(root *os.File, unsafePath string) (*os.File, error) { + handle, remainingPath, err := lookupInRoot(root, unsafePath, false) + if remainingPath != "" && err == nil { + // should never happen + err = fmt.Errorf("[bug] non-empty remaining path when doing a non-partial lookup: %q", remainingPath) + } + // lookupInRoot(partial=false) will always close the handle if an error is + // returned, so no need to double-check here. + return handle, err +} + +func lookupInRoot(root *os.File, unsafePath string, partial bool) (Handle *os.File, _ string, _ error) { + unsafePath = filepath.ToSlash(unsafePath) // noop + + // This is very similar to SecureJoin, except that we operate on the + // components using file descriptors. We then return the last component we + // managed open, along with the remaining path components not opened. + + // Try to use openat2 if possible. + if hasOpenat2() { + return lookupOpenat2(root, unsafePath, partial) + } + + // Get the "actual" root path from /proc/self/fd. This is necessary if the + // root is some magic-link like /proc/$pid/root, in which case we want to + // make sure when we do checkProcSelfFdPath that we are using the correct + // root path. + logicalRootPath, err := procSelfFdReadlink(root) + if err != nil { + return nil, "", fmt.Errorf("get real root path: %w", err) + } + + currentDir, err := dupFile(root) + if err != nil { + return nil, "", fmt.Errorf("clone root fd: %w", err) + } + defer func() { + // If a handle is not returned, close the internal handle. + if Handle == nil { + _ = currentDir.Close() + } + }() + + // symlinkStack is used to emulate how openat2(RESOLVE_IN_ROOT) treats + // dangling symlinks. If we hit a non-existent path while resolving a + // symlink, we need to return the (dir, remainingPath) that we had when we + // hit the symlink (treating the symlink as though it were a regular file). + // The set of (dir, remainingPath) sets is stored within the symlinkStack + // and we add and remove parts when we hit symlink and non-symlink + // components respectively. We need a stack because of recursive symlinks + // (symlinks that contain symlink components in their target). + // + // Note that the stack is ONLY used for book-keeping. All of the actual + // path walking logic is still based on currentPath/remainingPath and + // currentDir (as in SecureJoin). + var symStack *symlinkStack + if partial { + symStack = new(symlinkStack) + defer symStack.Close() + } + + var ( + linksWalked int + currentPath string + remainingPath = unsafePath + ) + for remainingPath != "" { + // Save the current remaining path so if the part is not real we can + // return the path including the component. + oldRemainingPath := remainingPath + + // Get the next path component. + var part string + if i := strings.IndexByte(remainingPath, '/'); i == -1 { + part, remainingPath = remainingPath, "" + } else { + part, remainingPath = remainingPath[:i], remainingPath[i+1:] + } + // If we hit an empty component, we need to treat it as though it is + // "." so that trailing "/" and "//" components on a non-directory + // correctly return the right error code. + if part == "" { + part = "." + } + + // Apply the component lexically to the path we are building. + // currentPath does not contain any symlinks, and we are lexically + // dealing with a single component, so it's okay to do a filepath.Clean + // here. + nextPath := path.Join("/", currentPath, part) + // If we logically hit the root, just clone the root rather than + // opening the part and doing all of the other checks. + if nextPath == "/" { + if err := symStack.PopPart(part); err != nil { + return nil, "", fmt.Errorf("walking into root with part %q failed: %w", part, err) + } + // Jump to root. + rootClone, err := dupFile(root) + if err != nil { + return nil, "", fmt.Errorf("clone root fd: %w", err) + } + _ = currentDir.Close() + currentDir = rootClone + currentPath = nextPath + continue + } + + // Try to open the next component. + nextDir, err := openatFile(currentDir, part, unix.O_PATH|unix.O_NOFOLLOW|unix.O_CLOEXEC, 0) + switch { + case err == nil: + st, err := nextDir.Stat() + if err != nil { + _ = nextDir.Close() + return nil, "", fmt.Errorf("stat component %q: %w", part, err) + } + + switch st.Mode() & os.ModeType { + case os.ModeSymlink: + // readlinkat implies AT_EMPTY_PATH since Linux 2.6.39. See + // Linux commit 65cfc6722361 ("readlinkat(), fchownat() and + // fstatat() with empty relative pathnames"). + linkDest, err := readlinkatFile(nextDir, "") + // We don't need the handle anymore. + _ = nextDir.Close() + if err != nil { + return nil, "", err + } + + linksWalked++ + if linksWalked > maxSymlinkLimit { + return nil, "", &os.PathError{Op: "securejoin.lookupInRoot", Path: logicalRootPath + "/" + unsafePath, Err: unix.ELOOP} + } + + // Swap out the symlink's component for the link entry itself. + if err := symStack.SwapLink(part, currentDir, oldRemainingPath, linkDest); err != nil { + return nil, "", fmt.Errorf("walking into symlink %q failed: push symlink: %w", part, err) + } + + // Update our logical remaining path. + remainingPath = linkDest + "/" + remainingPath + // Absolute symlinks reset any work we've already done. + if path.IsAbs(linkDest) { + // Jump to root. + rootClone, err := dupFile(root) + if err != nil { + return nil, "", fmt.Errorf("clone root fd: %w", err) + } + _ = currentDir.Close() + currentDir = rootClone + currentPath = "/" + } + + default: + // If we are dealing with a directory, simply walk into it. + _ = currentDir.Close() + currentDir = nextDir + currentPath = nextPath + + // The part was real, so drop it from the symlink stack. + if err := symStack.PopPart(part); err != nil { + return nil, "", fmt.Errorf("walking into directory %q failed: %w", part, err) + } + + // If we are operating on a .., make sure we haven't escaped. + // We only have to check for ".." here because walking down + // into a regular component component cannot cause you to + // escape. This mirrors the logic in RESOLVE_IN_ROOT, except we + // have to check every ".." rather than only checking after a + // rename or mount on the system. + if part == ".." { + // Make sure the root hasn't moved. + if err := checkProcSelfFdPath(logicalRootPath, root); err != nil { + return nil, "", fmt.Errorf("root path moved during lookup: %w", err) + } + // Make sure the path is what we expect. + fullPath := logicalRootPath + nextPath + if err := checkProcSelfFdPath(fullPath, currentDir); err != nil { + return nil, "", fmt.Errorf("walking into %q had unexpected result: %w", part, err) + } + } + } + + default: + if !partial { + return nil, "", err + } + // If there are any remaining components in the symlink stack, we + // are still within a symlink resolution and thus we hit a dangling + // symlink. So pretend that the first symlink in the stack we hit + // was an ENOENT (to match openat2). + if oldDir, remainingPath, ok := symStack.PopTopSymlink(); ok { + _ = currentDir.Close() + return oldDir, remainingPath, err + } + // We have hit a final component that doesn't exist, so we have our + // partial open result. Note that we have to use the OLD remaining + // path, since the lookup failed. + return currentDir, oldRemainingPath, err + } + } + + // If the unsafePath had a trailing slash, we need to make sure we try to + // do a relative "." open so that we will correctly return an error when + // the final component is a non-directory (to match openat2). In the + // context of openat2, a trailing slash and a trailing "/." are completely + // equivalent. + if strings.HasSuffix(unsafePath, "/") { + nextDir, err := openatFile(currentDir, ".", unix.O_PATH|unix.O_NOFOLLOW|unix.O_CLOEXEC, 0) + if err != nil { + if !partial { + _ = currentDir.Close() + currentDir = nil + } + return currentDir, "", err + } + _ = currentDir.Close() + currentDir = nextDir + } + + // All of the components existed! + return currentDir, "", nil +} diff --git a/vendor/github.com/cyphar/filepath-securejoin/mkdir_linux.go b/vendor/github.com/cyphar/filepath-securejoin/mkdir_linux.go new file mode 100644 index 00000000000..ad2bd7973ab --- /dev/null +++ b/vendor/github.com/cyphar/filepath-securejoin/mkdir_linux.go @@ -0,0 +1,229 @@ +//go:build linux + +// Copyright (C) 2024 SUSE LLC. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package securejoin + +import ( + "errors" + "fmt" + "io" + "os" + "path/filepath" + "slices" + "strings" + + "golang.org/x/sys/unix" +) + +var ( + errInvalidMode = errors.New("invalid permission mode") + errPossibleAttack = errors.New("possible attack detected") +) + +// MkdirAllHandle is equivalent to MkdirAll, except that it is safer to use in +// two respects: +// +// - The caller provides the root directory as an *os.File (preferably O_PATH) +// handle. This means that the caller can be sure which root directory is +// being used. Note that this can be emulated by using /proc/self/fd/... as +// the root path with MkdirAll. +// +// - Once all of the directories have been created, an *os.File (O_PATH) handle +// to the directory at unsafePath is returned to the caller. This is done in +// an effectively-race-free way (an attacker would only be able to swap the +// final directory component), which is not possible to emulate with +// MkdirAll. +// +// In addition, the returned handle is obtained far more efficiently than doing +// a brand new lookup of unsafePath (such as with SecureJoin or openat2) after +// doing MkdirAll. If you intend to open the directory after creating it, you +// should use MkdirAllHandle. +func MkdirAllHandle(root *os.File, unsafePath string, mode int) (_ *os.File, Err error) { + // Make sure there are no os.FileMode bits set. + if mode&^0o7777 != 0 { + return nil, fmt.Errorf("%w for mkdir 0o%.3o", errInvalidMode, mode) + } + + // Try to open as much of the path as possible. + currentDir, remainingPath, err := partialLookupInRoot(root, unsafePath) + defer func() { + if Err != nil { + _ = currentDir.Close() + } + }() + if err != nil && !errors.Is(err, unix.ENOENT) { + return nil, fmt.Errorf("find existing subpath of %q: %w", unsafePath, err) + } + + // If there is an attacker deleting directories as we walk into them, + // detect this proactively. Note this is guaranteed to detect if the + // attacker deleted any part of the tree up to currentDir. + // + // Once we walk into a dead directory, partialLookupInRoot would not be + // able to walk further down the tree (directories must be empty before + // they are deleted), and if the attacker has removed the entire tree we + // can be sure that anything that was originally inside a dead directory + // must also be deleted and thus is a dead directory in its own right. + // + // This is mostly a quality-of-life check, because mkdir will simply fail + // later if the attacker deletes the tree after this check. + if err := isDeadInode(currentDir); err != nil { + return nil, fmt.Errorf("finding existing subpath of %q: %w", unsafePath, err) + } + + // Re-open the path to match the O_DIRECTORY reopen loop later (so that we + // always return a non-O_PATH handle). We also check that we actually got a + // directory. + if reopenDir, err := Reopen(currentDir, unix.O_DIRECTORY|unix.O_CLOEXEC); errors.Is(err, unix.ENOTDIR) { + return nil, fmt.Errorf("cannot create subdirectories in %q: %w", currentDir.Name(), unix.ENOTDIR) + } else if err != nil { + return nil, fmt.Errorf("re-opening handle to %q: %w", currentDir.Name(), err) + } else { + _ = currentDir.Close() + currentDir = reopenDir + } + + remainingParts := strings.Split(remainingPath, string(filepath.Separator)) + if slices.Contains(remainingParts, "..") { + // The path contained ".." components after the end of the "real" + // components. We could try to safely resolve ".." here but that would + // add a bunch of extra logic for something that it's not clear even + // needs to be supported. So just return an error. + // + // If we do filepath.Clean(remainingPath) then we end up with the + // problem that ".." can erase a trailing dangling symlink and produce + // a path that doesn't quite match what the user asked for. + return nil, fmt.Errorf("%w: yet-to-be-created path %q contains '..' components", unix.ENOENT, remainingPath) + } + + // Make sure the mode doesn't have any type bits. + mode &^= unix.S_IFMT + // What properties do we expect any newly created directories to have? + var ( + // While umask(2) is a per-thread property, and thus this value could + // vary between threads, a functioning Go program would LockOSThread + // threads with different umasks and so we don't need to LockOSThread + // for this entire mkdirat loop (if we are in the locked thread with a + // different umask, we are already locked and there's nothing for us to + // do -- and if not then it doesn't matter which thread we run on and + // there's nothing for us to do). + expectedMode = uint32(unix.S_IFDIR | (mode &^ getUmask())) + + // We would want to get the fs[ug]id here, but we can't access those + // from userspace. In practice, nobody uses setfs[ug]id() anymore, so + // just use the effective [ug]id (which is equivalent to the fs[ug]id + // for programs that don't use setfs[ug]id). + expectedUid = uint32(unix.Geteuid()) + expectedGid = uint32(unix.Getegid()) + ) + + // Create the remaining components. + for _, part := range remainingParts { + switch part { + case "", ".": + // Skip over no-op paths. + continue + } + + // NOTE: mkdir(2) will not follow trailing symlinks, so we can safely + // create the finaly component without worrying about symlink-exchange + // attacks. + if err := unix.Mkdirat(int(currentDir.Fd()), part, uint32(mode)); err != nil { + err = &os.PathError{Op: "mkdirat", Path: currentDir.Name() + "/" + part, Err: err} + // Make the error a bit nicer if the directory is dead. + if err2 := isDeadInode(currentDir); err2 != nil { + err = fmt.Errorf("%w (%w)", err, err2) + } + return nil, err + } + + // Get a handle to the next component. O_DIRECTORY means we don't need + // to use O_PATH. + var nextDir *os.File + if hasOpenat2() { + nextDir, err = openat2File(currentDir, part, &unix.OpenHow{ + Flags: unix.O_NOFOLLOW | unix.O_DIRECTORY | unix.O_CLOEXEC, + Resolve: unix.RESOLVE_BENEATH | unix.RESOLVE_NO_SYMLINKS | unix.RESOLVE_NO_XDEV, + }) + } else { + nextDir, err = openatFile(currentDir, part, unix.O_NOFOLLOW|unix.O_DIRECTORY|unix.O_CLOEXEC, 0) + } + if err != nil { + return nil, err + } + _ = currentDir.Close() + currentDir = nextDir + + // Make sure that the directory matches what we expect. An attacker + // could have swapped the directory between us making it and opening + // it. There's no way for us to be sure that the directory is + // _precisely_ the same as the directory we created, but if we are in + // an empty directory with the same owner and mode as the one we + // created then there is nothing the attacker could do with this new + // directory that they couldn't do with the old one. + if stat, err := fstat(currentDir); err != nil { + return nil, fmt.Errorf("check newly created directory: %w", err) + } else { + if stat.Mode != expectedMode { + return nil, fmt.Errorf("%w: newly created directory %q has incorrect mode 0o%.3o (expected 0o%.3o)", errPossibleAttack, currentDir.Name(), stat.Mode, expectedMode) + } + if stat.Uid != expectedUid || stat.Gid != expectedGid { + return nil, fmt.Errorf("%w: newly created directory %q has incorrect owner %d:%d (expected %d:%d)", errPossibleAttack, currentDir.Name(), stat.Uid, stat.Gid, expectedUid, expectedGid) + } + // Check that the directory is empty. We only need to check for + // a single entry, and we should get EOF if the directory is + // empty. + _, err := currentDir.Readdirnames(1) + if !errors.Is(err, io.EOF) { + if err == nil { + err = fmt.Errorf("%w: newly created directory %q is non-empty", errPossibleAttack, currentDir.Name()) + } + return nil, fmt.Errorf("check if newly created directory %q is empty: %w", currentDir.Name(), err) + } + // Reset the offset. + _, _ = currentDir.Seek(0, unix.SEEK_SET) + } + } + return currentDir, nil +} + +// MkdirAll is a race-safe alternative to the Go stdlib's os.MkdirAll function, +// where the new directory is guaranteed to be within the root directory (if an +// attacker can move directories from inside the root to outside the root, the +// created directory tree might be outside of the root but the key constraint +// is that at no point will we walk outside of the directory tree we are +// creating). +// +// Effectively, MkdirAll(root, unsafePath, mode) is equivalent to +// +// path, _ := securejoin.SecureJoin(root, unsafePath) +// err := os.MkdirAll(path, mode) +// +// But is much safer. The above implementation is unsafe because if an attacker +// can modify the filesystem tree between SecureJoin and MkdirAll, it is +// possible for MkdirAll to resolve unsafe symlink components and create +// directories outside of the root. +// +// If you plan to open the directory after you have created it or want to use +// an open directory handle as the root, you should use MkdirAllHandle instead. +// This function is a wrapper around MkdirAllHandle. +// +// NOTE: The mode argument must be set the unix mode bits (unix.S_I...), not +// the Go generic mode bits (os.Mode...). +func MkdirAll(root, unsafePath string, mode int) error { + rootDir, err := os.OpenFile(root, unix.O_PATH|unix.O_DIRECTORY|unix.O_CLOEXEC, 0) + if err != nil { + return err + } + defer rootDir.Close() + + f, err := MkdirAllHandle(rootDir, unsafePath, mode) + if err != nil { + return err + } + _ = f.Close() + return nil +} diff --git a/vendor/github.com/cyphar/filepath-securejoin/open_linux.go b/vendor/github.com/cyphar/filepath-securejoin/open_linux.go new file mode 100644 index 00000000000..52dce76f3f4 --- /dev/null +++ b/vendor/github.com/cyphar/filepath-securejoin/open_linux.go @@ -0,0 +1,101 @@ +//go:build linux + +// Copyright (C) 2024 SUSE LLC. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package securejoin + +import ( + "fmt" + "os" + "strconv" + + "golang.org/x/sys/unix" +) + +// OpenatInRoot is equivalent to OpenInRoot, except that the root is provided +// using an *os.File handle, to ensure that the correct root directory is used. +func OpenatInRoot(root *os.File, unsafePath string) (*os.File, error) { + handle, err := completeLookupInRoot(root, unsafePath) + if err != nil { + return nil, &os.PathError{Op: "securejoin.OpenInRoot", Path: unsafePath, Err: err} + } + return handle, nil +} + +// OpenInRoot safely opens the provided unsafePath within the root. +// Effectively, OpenInRoot(root, unsafePath) is equivalent to +// +// path, _ := securejoin.SecureJoin(root, unsafePath) +// handle, err := os.OpenFile(path, unix.O_PATH|unix.O_CLOEXEC) +// +// But is much safer. The above implementation is unsafe because if an attacker +// can modify the filesystem tree between SecureJoin and OpenFile, it is +// possible for the returned file to be outside of the root. +// +// Note that the returned handle is an O_PATH handle, meaning that only a very +// limited set of operations will work on the handle. This is done to avoid +// accidentally opening an untrusted file that could cause issues (such as a +// disconnected TTY that could cause a DoS, or some other issue). In order to +// use the returned handle, you can "upgrade" it to a proper handle using +// Reopen. +func OpenInRoot(root, unsafePath string) (*os.File, error) { + rootDir, err := os.OpenFile(root, unix.O_PATH|unix.O_DIRECTORY|unix.O_CLOEXEC, 0) + if err != nil { + return nil, err + } + defer rootDir.Close() + return OpenatInRoot(rootDir, unsafePath) +} + +// Reopen takes an *os.File handle and re-opens it through /proc/self/fd. +// Reopen(file, flags) is effectively equivalent to +// +// fdPath := fmt.Sprintf("/proc/self/fd/%d", file.Fd()) +// os.OpenFile(fdPath, flags|unix.O_CLOEXEC) +// +// But with some extra hardenings to ensure that we are not tricked by a +// maliciously-configured /proc mount. While this attack scenario is not +// common, in container runtimes it is possible for higher-level runtimes to be +// tricked into configuring an unsafe /proc that can be used to attack file +// operations. See CVE-2019-19921 for more details. +func Reopen(handle *os.File, flags int) (*os.File, error) { + procRoot, err := getProcRoot() + if err != nil { + return nil, err + } + + // We can't operate on /proc/thread-self/fd/$n directly when doing a + // re-open, so we need to open /proc/thread-self/fd and then open a single + // final component. + procFdDir, closer, err := procThreadSelf(procRoot, "fd/") + if err != nil { + return nil, fmt.Errorf("get safe /proc/thread-self/fd handle: %w", err) + } + defer procFdDir.Close() + defer closer() + + // Try to detect if there is a mount on top of the magic-link we are about + // to open. If we are using unsafeHostProcRoot(), this could change after + // we check it (and there's nothing we can do about that) but for + // privateProcRoot() this should be guaranteed to be safe (at least since + // Linux 5.12[1], when anonymous mount namespaces were completely isolated + // from external mounts including mount propagation events). + // + // [1]: Linux commit ee2e3f50629f ("mount: fix mounting of detached mounts + // onto targets that reside on shared mounts"). + fdStr := strconv.Itoa(int(handle.Fd())) + if err := checkSymlinkOvermount(procRoot, procFdDir, fdStr); err != nil { + return nil, fmt.Errorf("check safety of /proc/thread-self/fd/%s magiclink: %w", fdStr, err) + } + + flags |= unix.O_CLOEXEC + // Rather than just wrapping openatFile, open-code it so we can copy + // handle.Name(). + reopenFd, err := unix.Openat(int(procFdDir.Fd()), fdStr, flags, 0) + if err != nil { + return nil, fmt.Errorf("reopen fd %d: %w", handle.Fd(), err) + } + return os.NewFile(uintptr(reopenFd), handle.Name()), nil +} diff --git a/vendor/github.com/cyphar/filepath-securejoin/openat2_linux.go b/vendor/github.com/cyphar/filepath-securejoin/openat2_linux.go new file mode 100644 index 00000000000..921b3e1d449 --- /dev/null +++ b/vendor/github.com/cyphar/filepath-securejoin/openat2_linux.go @@ -0,0 +1,141 @@ +//go:build linux + +// Copyright (C) 2024 SUSE LLC. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package securejoin + +import ( + "errors" + "fmt" + "os" + "path/filepath" + "strings" + "sync" + "testing" + + "golang.org/x/sys/unix" +) + +var ( + hasOpenat2Bool bool + hasOpenat2Once sync.Once + + testingForceHasOpenat2 *bool +) + +func hasOpenat2() bool { + if testing.Testing() && testingForceHasOpenat2 != nil { + return *testingForceHasOpenat2 + } + hasOpenat2Once.Do(func() { + fd, err := unix.Openat2(unix.AT_FDCWD, ".", &unix.OpenHow{ + Flags: unix.O_PATH | unix.O_CLOEXEC, + Resolve: unix.RESOLVE_NO_SYMLINKS | unix.RESOLVE_IN_ROOT, + }) + if err == nil { + hasOpenat2Bool = true + _ = unix.Close(fd) + } + }) + return hasOpenat2Bool +} + +func scopedLookupShouldRetry(how *unix.OpenHow, err error) bool { + // RESOLVE_IN_ROOT (and RESOLVE_BENEATH) can return -EAGAIN if we resolve + // ".." while a mount or rename occurs anywhere on the system. This could + // happen spuriously, or as the result of an attacker trying to mess with + // us during lookup. + // + // In addition, scoped lookups have a "safety check" at the end of + // complete_walk which will return -EXDEV if the final path is not in the + // root. + return how.Resolve&(unix.RESOLVE_IN_ROOT|unix.RESOLVE_BENEATH) != 0 && + (errors.Is(err, unix.EAGAIN) || errors.Is(err, unix.EXDEV)) +} + +const scopedLookupMaxRetries = 10 + +func openat2File(dir *os.File, path string, how *unix.OpenHow) (*os.File, error) { + fullPath := dir.Name() + "/" + path + // Make sure we always set O_CLOEXEC. + how.Flags |= unix.O_CLOEXEC + var tries int + for tries < scopedLookupMaxRetries { + fd, err := unix.Openat2(int(dir.Fd()), path, how) + if err != nil { + if scopedLookupShouldRetry(how, err) { + // We retry a couple of times to avoid the spurious errors, and + // if we are being attacked then returning -EAGAIN is the best + // we can do. + tries++ + continue + } + return nil, &os.PathError{Op: "openat2", Path: fullPath, Err: err} + } + // If we are using RESOLVE_IN_ROOT, the name we generated may be wrong. + // NOTE: The procRoot code MUST NOT use RESOLVE_IN_ROOT, otherwise + // you'll get infinite recursion here. + if how.Resolve&unix.RESOLVE_IN_ROOT == unix.RESOLVE_IN_ROOT { + if actualPath, err := rawProcSelfFdReadlink(fd); err == nil { + fullPath = actualPath + } + } + return os.NewFile(uintptr(fd), fullPath), nil + } + return nil, &os.PathError{Op: "openat2", Path: fullPath, Err: errPossibleAttack} +} + +func lookupOpenat2(root *os.File, unsafePath string, partial bool) (*os.File, string, error) { + if !partial { + file, err := openat2File(root, unsafePath, &unix.OpenHow{ + Flags: unix.O_PATH | unix.O_CLOEXEC, + Resolve: unix.RESOLVE_IN_ROOT | unix.RESOLVE_NO_MAGICLINKS, + }) + return file, "", err + } + return partialLookupOpenat2(root, unsafePath) +} + +// partialLookupOpenat2 is an alternative implementation of +// partialLookupInRoot, using openat2(RESOLVE_IN_ROOT) to more safely get a +// handle to the deepest existing child of the requested path within the root. +func partialLookupOpenat2(root *os.File, unsafePath string) (*os.File, string, error) { + // TODO: Implement this as a git-bisect-like binary search. + + unsafePath = filepath.ToSlash(unsafePath) // noop + endIdx := len(unsafePath) + var lastError error + for endIdx > 0 { + subpath := unsafePath[:endIdx] + + handle, err := openat2File(root, subpath, &unix.OpenHow{ + Flags: unix.O_PATH | unix.O_CLOEXEC, + Resolve: unix.RESOLVE_IN_ROOT | unix.RESOLVE_NO_MAGICLINKS, + }) + if err == nil { + // Jump over the slash if we have a non-"" remainingPath. + if endIdx < len(unsafePath) { + endIdx += 1 + } + // We found a subpath! + return handle, unsafePath[endIdx:], lastError + } + if errors.Is(err, unix.ENOENT) || errors.Is(err, unix.ENOTDIR) { + // That path doesn't exist, let's try the next directory up. + endIdx = strings.LastIndexByte(subpath, '/') + lastError = err + continue + } + return nil, "", fmt.Errorf("open subpath: %w", err) + } + // If we couldn't open anything, the whole subpath is missing. Return a + // copy of the root fd so that the caller doesn't close this one by + // accident. + rootClone, err := dupFile(root) + if err != nil { + return nil, "", err + } + return rootClone, unsafePath, lastError +} diff --git a/vendor/github.com/cyphar/filepath-securejoin/openat_linux.go b/vendor/github.com/cyphar/filepath-securejoin/openat_linux.go new file mode 100644 index 00000000000..949fb5f2d82 --- /dev/null +++ b/vendor/github.com/cyphar/filepath-securejoin/openat_linux.go @@ -0,0 +1,59 @@ +//go:build linux + +// Copyright (C) 2024 SUSE LLC. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package securejoin + +import ( + "os" + "path/filepath" + + "golang.org/x/sys/unix" +) + +func dupFile(f *os.File) (*os.File, error) { + fd, err := unix.FcntlInt(f.Fd(), unix.F_DUPFD_CLOEXEC, 0) + if err != nil { + return nil, os.NewSyscallError("fcntl(F_DUPFD_CLOEXEC)", err) + } + return os.NewFile(uintptr(fd), f.Name()), nil +} + +func openatFile(dir *os.File, path string, flags int, mode int) (*os.File, error) { + // Make sure we always set O_CLOEXEC. + flags |= unix.O_CLOEXEC + fd, err := unix.Openat(int(dir.Fd()), path, flags, uint32(mode)) + if err != nil { + return nil, &os.PathError{Op: "openat", Path: dir.Name() + "/" + path, Err: err} + } + // All of the paths we use with openatFile(2) are guaranteed to be + // lexically safe, so we can use path.Join here. + fullPath := filepath.Join(dir.Name(), path) + return os.NewFile(uintptr(fd), fullPath), nil +} + +func fstatatFile(dir *os.File, path string, flags int) (unix.Stat_t, error) { + var stat unix.Stat_t + if err := unix.Fstatat(int(dir.Fd()), path, &stat, flags); err != nil { + return stat, &os.PathError{Op: "fstatat", Path: dir.Name() + "/" + path, Err: err} + } + return stat, nil +} + +func readlinkatFile(dir *os.File, path string) (string, error) { + size := 4096 + for { + linkBuf := make([]byte, size) + n, err := unix.Readlinkat(int(dir.Fd()), path, linkBuf) + if err != nil { + return "", &os.PathError{Op: "readlinkat", Path: dir.Name() + "/" + path, Err: err} + } + if n != size { + return string(linkBuf[:n]), nil + } + // Possible truncation, resize the buffer. + size *= 2 + } +} diff --git a/vendor/github.com/cyphar/filepath-securejoin/procfs_linux.go b/vendor/github.com/cyphar/filepath-securejoin/procfs_linux.go new file mode 100644 index 00000000000..adf0bd08f3b --- /dev/null +++ b/vendor/github.com/cyphar/filepath-securejoin/procfs_linux.go @@ -0,0 +1,474 @@ +//go:build linux + +// Copyright (C) 2024 SUSE LLC. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package securejoin + +import ( + "errors" + "fmt" + "os" + "runtime" + "strconv" + "sync" + + "golang.org/x/sys/unix" +) + +func fstat(f *os.File) (unix.Stat_t, error) { + var stat unix.Stat_t + if err := unix.Fstat(int(f.Fd()), &stat); err != nil { + return stat, &os.PathError{Op: "fstat", Path: f.Name(), Err: err} + } + return stat, nil +} + +func fstatfs(f *os.File) (unix.Statfs_t, error) { + var statfs unix.Statfs_t + if err := unix.Fstatfs(int(f.Fd()), &statfs); err != nil { + return statfs, &os.PathError{Op: "fstatfs", Path: f.Name(), Err: err} + } + return statfs, nil +} + +// The kernel guarantees that the root inode of a procfs mount has an +// f_type of PROC_SUPER_MAGIC and st_ino of PROC_ROOT_INO. +const ( + procSuperMagic = 0x9fa0 // PROC_SUPER_MAGIC + procRootIno = 1 // PROC_ROOT_INO +) + +func verifyProcRoot(procRoot *os.File) error { + if statfs, err := fstatfs(procRoot); err != nil { + return err + } else if statfs.Type != procSuperMagic { + return fmt.Errorf("%w: incorrect procfs root filesystem type 0x%x", errUnsafeProcfs, statfs.Type) + } + if stat, err := fstat(procRoot); err != nil { + return err + } else if stat.Ino != procRootIno { + return fmt.Errorf("%w: incorrect procfs root inode number %d", errUnsafeProcfs, stat.Ino) + } + return nil +} + +var ( + hasNewMountApiBool bool + hasNewMountApiOnce sync.Once +) + +func hasNewMountApi() bool { + hasNewMountApiOnce.Do(func() { + // All of the pieces of the new mount API we use (fsopen, fsconfig, + // fsmount, open_tree) were added together in Linux 5.1[1,2], so we can + // just check for one of the syscalls and the others should also be + // available. + // + // Just try to use open_tree(2) to open a file without OPEN_TREE_CLONE. + // This is equivalent to openat(2), but tells us if open_tree is + // available (and thus all of the other basic new mount API syscalls). + // open_tree(2) is most light-weight syscall to test here. + // + // [1]: merge commit 400913252d09 + // [2]: + fd, err := unix.OpenTree(-int(unix.EBADF), "/", unix.OPEN_TREE_CLOEXEC) + if err == nil { + hasNewMountApiBool = true + _ = unix.Close(fd) + } + }) + return hasNewMountApiBool +} + +func fsopen(fsName string, flags int) (*os.File, error) { + // Make sure we always set O_CLOEXEC. + flags |= unix.FSOPEN_CLOEXEC + fd, err := unix.Fsopen(fsName, flags) + if err != nil { + return nil, os.NewSyscallError("fsopen "+fsName, err) + } + return os.NewFile(uintptr(fd), "fscontext:"+fsName), nil +} + +func fsmount(ctx *os.File, flags, mountAttrs int) (*os.File, error) { + // Make sure we always set O_CLOEXEC. + flags |= unix.FSMOUNT_CLOEXEC + fd, err := unix.Fsmount(int(ctx.Fd()), flags, mountAttrs) + if err != nil { + return nil, os.NewSyscallError("fsmount "+ctx.Name(), err) + } + return os.NewFile(uintptr(fd), "fsmount:"+ctx.Name()), nil +} + +func newPrivateProcMount() (*os.File, error) { + procfsCtx, err := fsopen("proc", unix.FSOPEN_CLOEXEC) + if err != nil { + return nil, err + } + defer procfsCtx.Close() + + // Try to configure hidepid=ptraceable,subset=pid if possible, but ignore errors. + _ = unix.FsconfigSetString(int(procfsCtx.Fd()), "hidepid", "ptraceable") + _ = unix.FsconfigSetString(int(procfsCtx.Fd()), "subset", "pid") + + // Get an actual handle. + if err := unix.FsconfigCreate(int(procfsCtx.Fd())); err != nil { + return nil, os.NewSyscallError("fsconfig create procfs", err) + } + return fsmount(procfsCtx, unix.FSMOUNT_CLOEXEC, unix.MS_RDONLY|unix.MS_NODEV|unix.MS_NOEXEC|unix.MS_NOSUID) +} + +func openTree(dir *os.File, path string, flags uint) (*os.File, error) { + dirFd := -int(unix.EBADF) + dirName := "." + if dir != nil { + dirFd = int(dir.Fd()) + dirName = dir.Name() + } + // Make sure we always set O_CLOEXEC. + flags |= unix.OPEN_TREE_CLOEXEC + fd, err := unix.OpenTree(dirFd, path, flags) + if err != nil { + return nil, &os.PathError{Op: "open_tree", Path: path, Err: err} + } + return os.NewFile(uintptr(fd), dirName+"/"+path), nil +} + +func clonePrivateProcMount() (_ *os.File, Err error) { + // Try to make a clone without using AT_RECURSIVE if we can. If this works, + // we can be sure there are no over-mounts and so if the root is valid then + // we're golden. Otherwise, we have to deal with over-mounts. + procfsHandle, err := openTree(nil, "/proc", unix.OPEN_TREE_CLONE) + if err != nil || testingForcePrivateProcRootOpenTreeAtRecursive(procfsHandle) { + procfsHandle, err = openTree(nil, "/proc", unix.OPEN_TREE_CLONE|unix.AT_RECURSIVE) + } + if err != nil { + return nil, fmt.Errorf("creating a detached procfs clone: %w", err) + } + defer func() { + if Err != nil { + _ = procfsHandle.Close() + } + }() + if err := verifyProcRoot(procfsHandle); err != nil { + return nil, err + } + return procfsHandle, nil +} + +func privateProcRoot() (*os.File, error) { + if !hasNewMountApi() || testingForceGetProcRootUnsafe() { + return nil, fmt.Errorf("new mount api: %w", unix.ENOTSUP) + } + // Try to create a new procfs mount from scratch if we can. This ensures we + // can get a procfs mount even if /proc is fake (for whatever reason). + procRoot, err := newPrivateProcMount() + if err != nil || testingForcePrivateProcRootOpenTree(procRoot) { + // Try to clone /proc then... + procRoot, err = clonePrivateProcMount() + } + return procRoot, err +} + +var ( + procRootHandle *os.File + procRootError error + procRootOnce sync.Once + + errUnsafeProcfs = errors.New("unsafe procfs detected") +) + +func unsafeHostProcRoot() (_ *os.File, Err error) { + procRoot, err := os.OpenFile("/proc", unix.O_PATH|unix.O_NOFOLLOW|unix.O_DIRECTORY|unix.O_CLOEXEC, 0) + if err != nil { + return nil, err + } + defer func() { + if Err != nil { + _ = procRoot.Close() + } + }() + if err := verifyProcRoot(procRoot); err != nil { + return nil, err + } + return procRoot, nil +} + +func doGetProcRoot() (*os.File, error) { + procRoot, err := privateProcRoot() + if err != nil { + // Fall back to using a /proc handle if making a private mount failed. + // If we have openat2, at least we can avoid some kinds of over-mount + // attacks, but without openat2 there's not much we can do. + procRoot, err = unsafeHostProcRoot() + } + return procRoot, err +} + +func getProcRoot() (*os.File, error) { + procRootOnce.Do(func() { + procRootHandle, procRootError = doGetProcRoot() + }) + return procRootHandle, procRootError +} + +var ( + haveProcThreadSelf bool + haveProcThreadSelfOnce sync.Once +) + +type procThreadSelfCloser func() + +// procThreadSelf returns a handle to /proc/thread-self/ (or an +// equivalent handle on older kernels where /proc/thread-self doesn't exist). +// Once finished with the handle, you must call the returned closer function +// (runtime.UnlockOSThread). You must not pass the returned *os.File to other +// Go threads or use the handle after calling the closer. +// +// This is similar to ProcThreadSelf from runc, but with extra hardening +// applied and using *os.File. +func procThreadSelf(procRoot *os.File, subpath string) (_ *os.File, _ procThreadSelfCloser, Err error) { + haveProcThreadSelfOnce.Do(func() { + // If the kernel doesn't support thread-self, it doesn't matter which + // /proc handle we use. + _, err := fstatatFile(procRoot, "thread-self", unix.AT_SYMLINK_NOFOLLOW) + haveProcThreadSelf = (err == nil) + }) + + // We need to lock our thread until the caller is done with the handle + // because between getting the handle and using it we could get interrupted + // by the Go runtime and hit the case where the underlying thread is + // swapped out and the original thread is killed, resulting in + // pull-your-hair-out-hard-to-debug issues in the caller. + runtime.LockOSThread() + defer func() { + if Err != nil { + runtime.UnlockOSThread() + } + }() + + // Figure out what prefix we want to use. + threadSelf := "thread-self/" + if !haveProcThreadSelf || testingForceProcSelfTask() { + /// Pre-3.17 kernels don't have /proc/thread-self, so do it manually. + threadSelf = "self/task/" + strconv.Itoa(unix.Gettid()) + "/" + if _, err := fstatatFile(procRoot, threadSelf, unix.AT_SYMLINK_NOFOLLOW); err != nil || testingForceProcSelf() { + // In this case, we running in a pid namespace that doesn't match + // the /proc mount we have. This can happen inside runc. + // + // Unfortunately, there is no nice way to get the correct TID to + // use here because of the age of the kernel, so we have to just + // use /proc/self and hope that it works. + threadSelf = "self/" + } + } + + // Grab the handle. + var ( + handle *os.File + err error + ) + if hasOpenat2() { + // We prefer being able to use RESOLVE_NO_XDEV if we can, to be + // absolutely sure we are operating on a clean /proc handle that + // doesn't have any cheeky overmounts that could trick us (including + // symlink mounts on top of /proc/thread-self). RESOLVE_BENEATH isn't + // stricly needed, but just use it since we have it. + // + // NOTE: /proc/self is technically a magic-link (the contents of the + // symlink are generated dynamically), but it doesn't use + // nd_jump_link() so RESOLVE_NO_MAGICLINKS allows it. + // + // NOTE: We MUST NOT use RESOLVE_IN_ROOT here, as openat2File uses + // procSelfFdReadlink to clean up the returned f.Name() if we use + // RESOLVE_IN_ROOT (which would lead to an infinite recursion). + handle, err = openat2File(procRoot, threadSelf+subpath, &unix.OpenHow{ + Flags: unix.O_PATH | unix.O_NOFOLLOW | unix.O_CLOEXEC, + Resolve: unix.RESOLVE_BENEATH | unix.RESOLVE_NO_XDEV | unix.RESOLVE_NO_MAGICLINKS, + }) + if err != nil { + return nil, nil, fmt.Errorf("%w: %w", errUnsafeProcfs, err) + } + } else { + handle, err = openatFile(procRoot, threadSelf+subpath, unix.O_PATH|unix.O_NOFOLLOW|unix.O_CLOEXEC, 0) + if err != nil { + return nil, nil, fmt.Errorf("%w: %w", errUnsafeProcfs, err) + } + defer func() { + if Err != nil { + _ = handle.Close() + } + }() + // We can't detect bind-mounts of different parts of procfs on top of + // /proc (a-la RESOLVE_NO_XDEV), but we can at least be sure that we + // aren't on the wrong filesystem here. + if statfs, err := fstatfs(handle); err != nil { + return nil, nil, err + } else if statfs.Type != procSuperMagic { + return nil, nil, fmt.Errorf("%w: incorrect /proc/self/fd filesystem type 0x%x", errUnsafeProcfs, statfs.Type) + } + } + return handle, runtime.UnlockOSThread, nil +} + +var ( + hasStatxMountIdBool bool + hasStatxMountIdOnce sync.Once +) + +func hasStatxMountId() bool { + hasStatxMountIdOnce.Do(func() { + var ( + stx unix.Statx_t + // We don't care which mount ID we get. The kernel will give us the + // unique one if it is supported. + wantStxMask uint32 = unix.STATX_MNT_ID_UNIQUE | unix.STATX_MNT_ID + ) + err := unix.Statx(-int(unix.EBADF), "/", 0, int(wantStxMask), &stx) + hasStatxMountIdBool = (err == nil && (stx.Mask&wantStxMask != 0)) + }) + return hasStatxMountIdBool +} + +func getMountId(dir *os.File, path string) (uint64, error) { + // If we don't have statx(STATX_MNT_ID*) support, we can't do anything. + if !hasStatxMountId() { + return 0, nil + } + + var ( + stx unix.Statx_t + // We don't care which mount ID we get. The kernel will give us the + // unique one if it is supported. + wantStxMask uint32 = unix.STATX_MNT_ID_UNIQUE | unix.STATX_MNT_ID + ) + + err := unix.Statx(int(dir.Fd()), path, unix.AT_EMPTY_PATH|unix.AT_SYMLINK_NOFOLLOW, int(wantStxMask), &stx) + if stx.Mask&wantStxMask == 0 { + // It's not a kernel limitation, for some reason we couldn't get a + // mount ID. Assume it's some kind of attack. + err = fmt.Errorf("%w: could not get mount id", errUnsafeProcfs) + } + if err != nil { + return 0, &os.PathError{Op: "statx(STATX_MNT_ID_...)", Path: dir.Name() + "/" + path, Err: err} + } + return stx.Mnt_id, nil +} + +func checkSymlinkOvermount(procRoot *os.File, dir *os.File, path string) error { + // Get the mntId of our procfs handle. + expectedMountId, err := getMountId(procRoot, "") + if err != nil { + return err + } + // Get the mntId of the target magic-link. + gotMountId, err := getMountId(dir, path) + if err != nil { + return err + } + // As long as the directory mount is alive, even with wrapping mount IDs, + // we would expect to see a different mount ID here. (Of course, if we're + // using unsafeHostProcRoot() then an attaker could change this after we + // did this check.) + if expectedMountId != gotMountId { + return fmt.Errorf("%w: symlink %s/%s has an overmount obscuring the real link (mount ids do not match %d != %d)", errUnsafeProcfs, dir.Name(), path, expectedMountId, gotMountId) + } + return nil +} + +func doRawProcSelfFdReadlink(procRoot *os.File, fd int) (string, error) { + fdPath := fmt.Sprintf("fd/%d", fd) + procFdLink, closer, err := procThreadSelf(procRoot, fdPath) + if err != nil { + return "", fmt.Errorf("get safe /proc/thread-self/%s handle: %w", fdPath, err) + } + defer procFdLink.Close() + defer closer() + + // Try to detect if there is a mount on top of the magic-link. Since we use the handle directly + // provide to the closure. If the closure uses the handle directly, this + // should be safe in general (a mount on top of the path afterwards would + // not affect the handle itself) and will definitely be safe if we are + // using privateProcRoot() (at least since Linux 5.12[1], when anonymous + // mount namespaces were completely isolated from external mounts including + // mount propagation events). + // + // [1]: Linux commit ee2e3f50629f ("mount: fix mounting of detached mounts + // onto targets that reside on shared mounts"). + if err := checkSymlinkOvermount(procRoot, procFdLink, ""); err != nil { + return "", fmt.Errorf("check safety of /proc/thread-self/fd/%d magiclink: %w", fd, err) + } + + // readlinkat implies AT_EMPTY_PATH since Linux 2.6.39. See Linux commit + // 65cfc6722361 ("readlinkat(), fchownat() and fstatat() with empty + // relative pathnames"). + return readlinkatFile(procFdLink, "") +} + +func rawProcSelfFdReadlink(fd int) (string, error) { + procRoot, err := getProcRoot() + if err != nil { + return "", err + } + return doRawProcSelfFdReadlink(procRoot, fd) +} + +func procSelfFdReadlink(f *os.File) (string, error) { + return rawProcSelfFdReadlink(int(f.Fd())) +} + +var ( + errPossibleBreakout = errors.New("possible breakout detected") + errInvalidDirectory = errors.New("wandered into deleted directory") + errDeletedInode = errors.New("cannot verify path of deleted inode") +) + +func isDeadInode(file *os.File) error { + // If the nlink of a file drops to 0, there is an attacker deleting + // directories during our walk, which could result in weird /proc values. + // It's better to error out in this case. + stat, err := fstat(file) + if err != nil { + return fmt.Errorf("check for dead inode: %w", err) + } + if stat.Nlink == 0 { + err := errDeletedInode + if stat.Mode&unix.S_IFMT == unix.S_IFDIR { + err = errInvalidDirectory + } + return fmt.Errorf("%w %q", err, file.Name()) + } + return nil +} + +func getUmask() int { + // umask is a per-thread property, but it is inherited by children, so we + // need to lock our OS thread to make sure that no other goroutine runs in + // this thread and no goroutines are spawned from this thread until we + // revert to the old umask. + // + // We could parse /proc/self/status to avoid this get-set problem, but + // /proc/thread-self requires LockOSThread anyway, so there's no real + // benefit over just using umask(2). + runtime.LockOSThread() + umask := unix.Umask(0) + unix.Umask(umask) + runtime.UnlockOSThread() + return umask +} + +func checkProcSelfFdPath(path string, file *os.File) error { + if err := isDeadInode(file); err != nil { + return err + } + actualPath, err := procSelfFdReadlink(file) + if err != nil { + return fmt.Errorf("get path of handle: %w", err) + } + if actualPath != path { + return fmt.Errorf("%w: handle path %q doesn't match expected path %q", errPossibleBreakout, actualPath, path) + } + return nil +} diff --git a/vendor/github.com/cyphar/filepath-securejoin/testing_mocks_linux.go b/vendor/github.com/cyphar/filepath-securejoin/testing_mocks_linux.go new file mode 100644 index 00000000000..a3aedf03d1b --- /dev/null +++ b/vendor/github.com/cyphar/filepath-securejoin/testing_mocks_linux.go @@ -0,0 +1,68 @@ +//go:build linux + +// Copyright (C) 2024 SUSE LLC. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package securejoin + +import ( + "os" + "testing" +) + +type forceGetProcRootLevel int + +const ( + forceGetProcRootDefault forceGetProcRootLevel = iota + forceGetProcRootOpenTree // force open_tree() + forceGetProcRootOpenTreeAtRecursive // force open_tree(AT_RECURSIVE) + forceGetProcRootUnsafe // force open() +) + +var testingForceGetProcRoot *forceGetProcRootLevel + +func testingCheckClose(check bool, f *os.File) bool { + if check { + if f != nil { + _ = f.Close() + } + return true + } + return false +} + +func testingForcePrivateProcRootOpenTree(f *os.File) bool { + return testing.Testing() && testingForceGetProcRoot != nil && + testingCheckClose(*testingForceGetProcRoot >= forceGetProcRootOpenTree, f) +} + +func testingForcePrivateProcRootOpenTreeAtRecursive(f *os.File) bool { + return testing.Testing() && testingForceGetProcRoot != nil && + testingCheckClose(*testingForceGetProcRoot >= forceGetProcRootOpenTreeAtRecursive, f) +} + +func testingForceGetProcRootUnsafe() bool { + return testing.Testing() && testingForceGetProcRoot != nil && + *testingForceGetProcRoot >= forceGetProcRootUnsafe +} + +type forceProcThreadSelfLevel int + +const ( + forceProcThreadSelfDefault forceProcThreadSelfLevel = iota + forceProcSelfTask + forceProcSelf +) + +var testingForceProcThreadSelf *forceProcThreadSelfLevel + +func testingForceProcSelfTask() bool { + return testing.Testing() && testingForceProcThreadSelf != nil && + *testingForceProcThreadSelf >= forceProcSelfTask +} + +func testingForceProcSelf() bool { + return testing.Testing() && testingForceProcThreadSelf != nil && + *testingForceProcThreadSelf >= forceProcSelf +} diff --git a/vendor/github.com/cyphar/filepath-securejoin/vfs.go b/vendor/github.com/cyphar/filepath-securejoin/vfs.go index a82a5eae11e..6e27c7dd8e1 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/vfs.go +++ b/vendor/github.com/cyphar/filepath-securejoin/vfs.go @@ -1,4 +1,4 @@ -// Copyright (C) 2017 SUSE LLC. All rights reserved. +// Copyright (C) 2017-2024 SUSE LLC. All rights reserved. // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. diff --git a/vendor/modules.txt b/vendor/modules.txt index 28f02a8ea11..22becdb55fb 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -24,8 +24,8 @@ github.com/coreos/go-systemd/v22/dbus # github.com/cpuguy83/go-md2man/v2 v2.0.2 ## explicit; go 1.11 github.com/cpuguy83/go-md2man/v2/md2man -# github.com/cyphar/filepath-securejoin v0.2.4 -## explicit; go 1.13 +# github.com/cyphar/filepath-securejoin v0.3.1 +## explicit; go 1.20 github.com/cyphar/filepath-securejoin # github.com/docker/go-units v0.5.0 ## explicit From dd827f7b715ac1d48a336d101fce00dca6e20f9b Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Sat, 3 Aug 2024 16:27:42 +1000 Subject: [PATCH 0647/1176] utils: switch to securejoin.MkdirAllHandle filepath-securejoin has a bunch of extra hardening features and is very well-tested, so we should use it instead of our own homebrew solution. A lot of rootfs_linux.go callers pass a SecureJoin'd path, which means we need to keep the wrapper helpers in utils, but at least the core logic is no longer in runc. In future we will want to remove this dodgy logic and just use file handles for everything (using libpathrs, ideally). Signed-off-by: Aleksa Sarai --- libcontainer/system/linux.go | 41 ---------------- libcontainer/utils/utils_unix.go | 81 +++++++------------------------- 2 files changed, 16 insertions(+), 106 deletions(-) diff --git a/libcontainer/system/linux.go b/libcontainer/system/linux.go index 27e89d635ca..7bbf92a3d30 100644 --- a/libcontainer/system/linux.go +++ b/libcontainer/system/linux.go @@ -6,9 +6,7 @@ import ( "fmt" "io" "os" - "runtime" "strconv" - "strings" "syscall" "unsafe" @@ -216,42 +214,3 @@ func SetLinuxPersonality(personality int) error { } return nil } - -func prepareAt(dir *os.File, path string) (int, string) { - if dir == nil { - return unix.AT_FDCWD, path - } - - // Rather than just filepath.Join-ing path here, do it manually so the - // error and handle correctly indicate cases like path=".." as being - // relative to the correct directory. The handle.Name() might end up being - // wrong but because this is (currently) only used in MkdirAllInRoot, that - // isn't a problem. - dirName := dir.Name() - if !strings.HasSuffix(dirName, "/") { - dirName += "/" - } - fullPath := dirName + path - - return int(dir.Fd()), fullPath -} - -func Openat(dir *os.File, path string, flags int, mode uint32) (*os.File, error) { - dirFd, fullPath := prepareAt(dir, path) - fd, err := unix.Openat(dirFd, path, flags, mode) - if err != nil { - return nil, &os.PathError{Op: "openat", Path: fullPath, Err: err} - } - runtime.KeepAlive(dir) - return os.NewFile(uintptr(fd), fullPath), nil -} - -func Mkdirat(dir *os.File, path string, mode uint32) error { - dirFd, fullPath := prepareAt(dir, path) - err := unix.Mkdirat(dirFd, path, mode) - if err != nil { - err = &os.PathError{Op: "mkdirat", Path: fullPath, Err: err} - } - runtime.KeepAlive(dir) - return err -} diff --git a/libcontainer/utils/utils_unix.go b/libcontainer/utils/utils_unix.go index 1f3439b78fb..6521114ba75 100644 --- a/libcontainer/utils/utils_unix.go +++ b/libcontainer/utils/utils_unix.go @@ -3,7 +3,6 @@ package utils import ( - "errors" "fmt" "math" "os" @@ -14,8 +13,6 @@ import ( "sync" _ "unsafe" // for go:linkname - "github.com/opencontainers/runc/libcontainer/system" - securejoin "github.com/cyphar/filepath-securejoin" "github.com/sirupsen/logrus" "golang.org/x/sys/unix" @@ -299,23 +296,23 @@ func IsLexicallyInRoot(root, path string) bool { // This means that the path also must not contain ".." elements, otherwise an // error will occur. // -// This is a somewhat less safe alternative to -// , but it should -// detect attempts to trick us into creating directories outside of the root. -// We should migrate to securejoin.MkdirAll once it is merged. +// This uses securejoin.MkdirAllHandle under the hood, but it has special +// handling if unsafePath has already been scoped within the rootfs (this is +// needed for a lot of runc callers and fixing this would require reworking a +// lot of path logic). func MkdirAllInRootOpen(root, unsafePath string, mode uint32) (_ *os.File, Err error) { - // If the path is already "within" the root, use it verbatim. - fullPath := unsafePath - if !IsLexicallyInRoot(root, unsafePath) { - var err error - fullPath, err = securejoin.SecureJoin(root, unsafePath) + // If the path is already "within" the root, get the path relative to the + // root and use that as the unsafe path. This is necessary because a lot of + // MkdirAllInRootOpen callers have already done SecureJoin, and refactoring + // all of them to stop using these SecureJoin'd paths would require a fair + // amount of work. + // TODO(cyphar): Do the refactor to libpathrs once it's ready. + if IsLexicallyInRoot(root, unsafePath) { + subPath, err := filepath.Rel(root, unsafePath) if err != nil { return nil, err } - } - subPath, err := filepath.Rel(root, fullPath) - if err != nil { - return nil, err + unsafePath = subPath } // Check for any silly mode bits. @@ -323,59 +320,13 @@ func MkdirAllInRootOpen(root, unsafePath string, mode uint32) (_ *os.File, Err e return nil, fmt.Errorf("tried to include non-mode bits in MkdirAll mode: 0o%.3o", mode) } - currentDir, err := os.OpenFile(root, unix.O_DIRECTORY|unix.O_CLOEXEC, 0) + rootDir, err := os.OpenFile(root, unix.O_DIRECTORY|unix.O_CLOEXEC, 0) if err != nil { return nil, fmt.Errorf("open root handle: %w", err) } - defer func() { - if Err != nil { - currentDir.Close() - } - }() - - for _, part := range strings.Split(subPath, string(filepath.Separator)) { - switch part { - case "", ".": - // Skip over no-op components. - continue - case "..": - return nil, fmt.Errorf("possible breakout detected: found %q component in SecureJoin subpath %s", part, subPath) - } + defer rootDir.Close() - nextDir, err := system.Openat(currentDir, part, unix.O_DIRECTORY|unix.O_NOFOLLOW|unix.O_CLOEXEC, 0) - switch { - case err == nil: - // Update the currentDir. - _ = currentDir.Close() - currentDir = nextDir - - case errors.Is(err, unix.ENOTDIR): - // This might be a symlink or some other random file. Either way, - // error out. - return nil, fmt.Errorf("cannot mkdir in %s/%s: %w", currentDir.Name(), part, unix.ENOTDIR) - - case errors.Is(err, os.ErrNotExist): - // Luckily, mkdirat will not follow trailing symlinks, so this is - // safe to do as-is. - if err := system.Mkdirat(currentDir, part, mode); err != nil { - return nil, err - } - // Open the new directory. There is a race here where an attacker - // could swap the directory with a different directory, but - // MkdirAll's fuzzy semantics mean we don't care about that. - nextDir, err := system.Openat(currentDir, part, unix.O_DIRECTORY|unix.O_NOFOLLOW|unix.O_CLOEXEC, 0) - if err != nil { - return nil, fmt.Errorf("open newly created directory: %w", err) - } - // Update the currentDir. - _ = currentDir.Close() - currentDir = nextDir - - default: - return nil, err - } - } - return currentDir, nil + return securejoin.MkdirAllHandle(rootDir, unsafePath, int(mode)) } // MkdirAllInRoot is a wrapper around MkdirAllInRootOpen which closes the From 429e06a518ae749ab6ba7671745ea835eb64cb9b Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Thu, 5 Sep 2024 05:05:24 +0900 Subject: [PATCH 0648/1176] libct: Signal: honor RootlessCgroups `signalAllProcesses()` depends on the cgroup and is expected to fail when runc is running in rootless without an access to the cgroup. When `RootlessCgroups` is set to `true`, runc just ignores the error from `signalAllProcesses` and may leak some processes running. (See the comments in PR 4395) In the future, runc should walk the process tree to avoid such a leak. Note that `RootlessCgroups` is a misnomer; it is set to `false` despite the name when cgroup v2 delegation is configured. This is expected to be renamed in a separate commit. Fix issue 4394 Signed-off-by: Akihiro Suda --- libcontainer/container_linux.go | 10 ++++++++++ libcontainer/init_linux.go | 2 ++ libcontainer/state_linux.go | 1 + tests/integration/kill.bats | 24 ++++++++++++++++++++++++ 4 files changed, 37 insertions(+) diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index 63db2199d54..6a91df01db0 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -388,11 +388,21 @@ func (c *Container) Signal(s os.Signal) error { // leftover processes. Handle this special case here. if s == unix.SIGKILL && !c.config.Namespaces.IsPrivate(configs.NEWPID) { if err := signalAllProcesses(c.cgroupManager, unix.SIGKILL); err != nil { + if c.config.RootlessCgroups { // may not have an access to cgroup + logrus.WithError(err).Warn("failed to kill all processes, possibly due to lack of cgroup (Hint: enable cgroup v2 delegation)") + // Some processes may leak when cgroup is not delegated + // https://github.com/opencontainers/runc/pull/4395#pullrequestreview-2291179652 + return c.signal(s) + } return fmt.Errorf("unable to kill all processes: %w", err) } return nil } + return c.signal(s) +} + +func (c *Container) signal(s os.Signal) error { // To avoid a PID reuse attack, don't kill non-running container. if !c.hasInit() { return ErrNotRunning diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go index f3d0d5706f2..90f40cad257 100644 --- a/libcontainer/init_linux.go +++ b/libcontainer/init_linux.go @@ -695,6 +695,8 @@ func setupPersonality(config *configs.Config) error { // signalAllProcesses freezes then iterates over all the processes inside the // manager's cgroups sending the signal s to them. +// +// signalAllProcesses returns ErrNotRunning when the cgroup does not exist. func signalAllProcesses(m cgroups.Manager, s unix.Signal) error { if !m.Exists() { return ErrNotRunning diff --git a/libcontainer/state_linux.go b/libcontainer/state_linux.go index 0b1b8716a76..ad96f0801ea 100644 --- a/libcontainer/state_linux.go +++ b/libcontainer/state_linux.go @@ -44,6 +44,7 @@ func destroy(c *Container) error { // and destroy is supposed to remove all the container resources, we need // to kill those processes here. if !c.config.Namespaces.IsPrivate(configs.NEWPID) { + // Likely to fail when c.config.RootlessCgroups is true _ = signalAllProcesses(c.cgroupManager, unix.SIGKILL) } if err := c.cgroupManager.Destroy(); err != nil { diff --git a/tests/integration/kill.bats b/tests/integration/kill.bats index 4d3208be0bc..355407eccdb 100644 --- a/tests/integration/kill.bats +++ b/tests/integration/kill.bats @@ -133,3 +133,27 @@ test_host_pidns_kill() { test_host_pidns_kill unset KILL_INIT } + +# https://github.com/opencontainers/runc/issues/4394 (cgroup v1, rootless) +@test "kill KILL [shared pidns]" { + update_config '.process.args = ["sleep", "infinity"]' + + runc run -d --console-socket "$CONSOLE_SOCKET" target_ctr + [ "$status" -eq 0 ] + testcontainer target_ctr running + target_pid="$(__runc state target_ctr | jq .pid)" + update_config '.linux.namespaces |= map(if .type == "user" or .type == "pid" then (.path = "/proc/'"$target_pid"'/ns/" + .type) else . end) | del(.linux.uidMappings) | del(.linux.gidMappings)' + + runc run -d --console-socket "$CONSOLE_SOCKET" attached_ctr + [ "$status" -eq 0 ] + testcontainer attached_ctr running + + runc kill attached_ctr 9 + [ "$status" -eq 0 ] + + runc delete --force attached_ctr + [ "$status" -eq 0 ] + + runc delete --force target_ctr + [ "$status" -eq 0 ] +} From a31efe70454d29330e0e7a105352dcf88ad5fbf3 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 11 Sep 2024 22:04:14 -0700 Subject: [PATCH 0649/1176] libct/seccomp/patchbpf: use binary.NativeEndian It is available since Go 1.21 and is defined during compile time (i.e. based on GOARCH during build). Signed-off-by: Kir Kolyshkin --- libcontainer/seccomp/patchbpf/enosys_linux.go | 3 +-- libcontainer/utils/utils.go | 16 ---------------- 2 files changed, 1 insertion(+), 18 deletions(-) diff --git a/libcontainer/seccomp/patchbpf/enosys_linux.go b/libcontainer/seccomp/patchbpf/enosys_linux.go index f829bf7ae2f..86de3137855 100644 --- a/libcontainer/seccomp/patchbpf/enosys_linux.go +++ b/libcontainer/seccomp/patchbpf/enosys_linux.go @@ -18,7 +18,6 @@ import ( "golang.org/x/sys/unix" "github.com/opencontainers/runc/libcontainer/configs" - "github.com/opencontainers/runc/libcontainer/utils" ) // #cgo pkg-config: libseccomp @@ -110,7 +109,7 @@ func parseProgram(rdr io.Reader) ([]bpf.RawInstruction, error) { // Read the next instruction. We have to use NativeEndian because // seccomp_export_bpf outputs the program in *host* endian-ness. var insn unix.SockFilter - if err := binary.Read(rdr, utils.NativeEndian, &insn); err != nil { + if err := binary.Read(rdr, binary.NativeEndian, &insn); err != nil { if errors.Is(err, io.EOF) { // Parsing complete. break diff --git a/libcontainer/utils/utils.go b/libcontainer/utils/utils.go index 1b523d8ac54..793783929fb 100644 --- a/libcontainer/utils/utils.go +++ b/libcontainer/utils/utils.go @@ -1,13 +1,11 @@ package utils import ( - "encoding/binary" "encoding/json" "io" "os" "path/filepath" "strings" - "unsafe" "golang.org/x/sys/unix" ) @@ -16,20 +14,6 @@ const ( exitSignalOffset = 128 ) -// NativeEndian is the native byte order of the host system. -var NativeEndian binary.ByteOrder - -func init() { - // Copied from . - i := uint32(1) - b := (*[4]byte)(unsafe.Pointer(&i)) - if b[0] == 1 { - NativeEndian = binary.LittleEndian - } else { - NativeEndian = binary.BigEndian - } -} - // ExitStatus returns the correct exit status for a process based on if it // was signaled or exited cleanly func ExitStatus(status unix.WaitStatus) int { From 216175a9ca84cac30a570049a98e948f60c5f1a4 Mon Sep 17 00:00:00 2001 From: Rafael Roquetto Date: Thu, 12 Sep 2024 08:52:04 -0600 Subject: [PATCH 0650/1176] Upgrade Cilium's eBPF library version to 0.16 Signed-off-by: Rafael Roquetto --- go.mod | 2 +- go.sum | 26 +- libcontainer/cgroups/devices/ebpf_linux.go | 21 +- vendor/github.com/cilium/ebpf/.gitattributes | 1 + vendor/github.com/cilium/ebpf/.vimto.toml | 12 + vendor/github.com/cilium/ebpf/ARCHITECTURE.md | 92 ---- vendor/github.com/cilium/ebpf/CODEOWNERS | 11 + vendor/github.com/cilium/ebpf/CONTRIBUTING.md | 49 +- vendor/github.com/cilium/ebpf/Makefile | 20 +- vendor/github.com/cilium/ebpf/README.md | 22 +- .../cilium/ebpf/attachtype_string.go | 17 +- vendor/github.com/cilium/ebpf/btf/btf.go | 351 ++++++------- vendor/github.com/cilium/ebpf/btf/core.go | 446 ++++++++++++---- vendor/github.com/cilium/ebpf/btf/ext_info.go | 40 +- vendor/github.com/cilium/ebpf/btf/handle.go | 58 ++- vendor/github.com/cilium/ebpf/btf/kernel.go | 159 ++++++ vendor/github.com/cilium/ebpf/btf/marshal.go | 97 ++-- vendor/github.com/cilium/ebpf/btf/strings.go | 5 +- .../github.com/cilium/ebpf/btf/traversal.go | 162 +++--- vendor/github.com/cilium/ebpf/btf/types.go | 96 ++-- vendor/github.com/cilium/ebpf/collection.go | 2 +- .../cilium/ebpf/{internal => }/cpu.go | 23 +- vendor/github.com/cilium/ebpf/elf_reader.go | 234 +++++---- vendor/github.com/cilium/ebpf/elf_sections.go | 109 ++++ vendor/github.com/cilium/ebpf/info.go | 50 +- .../github.com/cilium/ebpf/internal/auxv.go | 60 +++ .../cilium/ebpf/internal/endian_be.go | 3 - .../cilium/ebpf/internal/endian_le.go | 3 - .../github.com/cilium/ebpf/internal/errors.go | 29 +- .../cilium/ebpf/internal/feature.go | 2 +- .../cilium/ebpf/internal/kallsyms/kallsyms.go | 74 +++ .../cilium/ebpf/internal/kconfig/kconfig.go | 13 + .../ebpf/internal/{align.go => math.go} | 5 + .../cilium/ebpf/internal/memoize.go | 26 - .../ebpf/internal/sys/mapflags_string.go | 32 +- .../cilium/ebpf/internal/sys/signals.go | 2 +- .../cilium/ebpf/internal/sys/syscall.go | 51 ++ .../cilium/ebpf/internal/sys/types.go | 353 ++++++++++--- .../cilium/ebpf/internal/sysenc/buffer.go | 6 + .../cilium/ebpf/internal/sysenc/marshal.go | 3 +- .../cilium/ebpf/internal/tracefs/kprobe.go | 3 +- .../cilium/ebpf/internal/unix/types_linux.go | 12 + .../cilium/ebpf/internal/unix/types_other.go | 15 + .../github.com/cilium/ebpf/internal/vdso.go | 50 +- .../cilium/ebpf/internal/version.go | 3 +- vendor/github.com/cilium/ebpf/link/anchor.go | 137 +++++ vendor/github.com/cilium/ebpf/link/cgroup.go | 22 +- vendor/github.com/cilium/ebpf/link/kprobe.go | 10 +- .../cilium/ebpf/link/kprobe_multi.go | 21 +- vendor/github.com/cilium/ebpf/link/link.go | 264 ++++++++-- .../github.com/cilium/ebpf/link/netfilter.go | 90 ++++ vendor/github.com/cilium/ebpf/link/netkit.go | 89 ++++ vendor/github.com/cilium/ebpf/link/netns.go | 19 + .../github.com/cilium/ebpf/link/perf_event.go | 102 +++- vendor/github.com/cilium/ebpf/link/program.go | 76 ++- vendor/github.com/cilium/ebpf/link/query.go | 110 ++-- .../github.com/cilium/ebpf/link/syscalls.go | 86 +++- vendor/github.com/cilium/ebpf/link/tcx.go | 89 ++++ .../github.com/cilium/ebpf/link/tracepoint.go | 2 + vendor/github.com/cilium/ebpf/link/tracing.go | 19 + vendor/github.com/cilium/ebpf/link/uprobe.go | 30 +- .../cilium/ebpf/link/uprobe_multi.go | 216 ++++++++ vendor/github.com/cilium/ebpf/link/xdp.go | 28 +- vendor/github.com/cilium/ebpf/linker.go | 68 ++- vendor/github.com/cilium/ebpf/map.go | 388 ++++++++++---- vendor/github.com/cilium/ebpf/marshalers.go | 147 ++++-- vendor/github.com/cilium/ebpf/prog.go | 235 ++++++--- vendor/github.com/cilium/ebpf/run-tests.sh | 178 ------- vendor/github.com/cilium/ebpf/syscalls.go | 33 ++ vendor/github.com/cilium/ebpf/types.go | 164 +++--- vendor/github.com/cilium/ebpf/types_string.go | 5 +- vendor/golang.org/x/exp/maps/maps.go | 94 ---- vendor/golang.org/x/exp/slices/slices.go | 258 ---------- vendor/golang.org/x/exp/slices/sort.go | 126 ----- vendor/golang.org/x/exp/slices/zsortfunc.go | 479 ----------------- .../golang.org/x/exp/slices/zsortordered.go | 481 ------------------ vendor/modules.txt | 7 +- 77 files changed, 3904 insertions(+), 3019 deletions(-) create mode 100644 vendor/github.com/cilium/ebpf/.gitattributes create mode 100644 vendor/github.com/cilium/ebpf/.vimto.toml delete mode 100644 vendor/github.com/cilium/ebpf/ARCHITECTURE.md create mode 100644 vendor/github.com/cilium/ebpf/CODEOWNERS create mode 100644 vendor/github.com/cilium/ebpf/btf/kernel.go rename vendor/github.com/cilium/ebpf/{internal => }/cpu.go (72%) create mode 100644 vendor/github.com/cilium/ebpf/elf_sections.go create mode 100644 vendor/github.com/cilium/ebpf/internal/auxv.go create mode 100644 vendor/github.com/cilium/ebpf/internal/kallsyms/kallsyms.go rename vendor/github.com/cilium/ebpf/internal/{align.go => math.go} (63%) delete mode 100644 vendor/github.com/cilium/ebpf/internal/memoize.go create mode 100644 vendor/github.com/cilium/ebpf/link/anchor.go create mode 100644 vendor/github.com/cilium/ebpf/link/netfilter.go create mode 100644 vendor/github.com/cilium/ebpf/link/netkit.go create mode 100644 vendor/github.com/cilium/ebpf/link/tcx.go create mode 100644 vendor/github.com/cilium/ebpf/link/uprobe_multi.go delete mode 100644 vendor/github.com/cilium/ebpf/run-tests.sh delete mode 100644 vendor/golang.org/x/exp/maps/maps.go delete mode 100644 vendor/golang.org/x/exp/slices/slices.go delete mode 100644 vendor/golang.org/x/exp/slices/sort.go delete mode 100644 vendor/golang.org/x/exp/slices/zsortfunc.go delete mode 100644 vendor/golang.org/x/exp/slices/zsortordered.go diff --git a/go.mod b/go.mod index df040a685f8..64f94056d50 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.22 require ( github.com/checkpoint-restore/go-criu/v6 v6.3.0 - github.com/cilium/ebpf v0.12.3 + github.com/cilium/ebpf v0.16.0 github.com/containerd/console v1.0.4 github.com/coreos/go-systemd/v22 v22.5.0 github.com/cyphar/filepath-securejoin v0.3.1 diff --git a/go.sum b/go.sum index 30eac24d227..2287c5ee20c 100644 --- a/go.sum +++ b/go.sum @@ -1,8 +1,8 @@ github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/checkpoint-restore/go-criu/v6 v6.3.0 h1:mIdrSO2cPNWQY1truPg6uHLXyKHk3Z5Odx4wjKOASzA= github.com/checkpoint-restore/go-criu/v6 v6.3.0/go.mod h1:rrRTN/uSwY2X+BPRl/gkulo9gsKOSAeVp9/K2tv7xZI= -github.com/cilium/ebpf v0.12.3 h1:8ht6F9MquybnY97at+VDZb3eQQr8ev79RueWeVaEcG4= -github.com/cilium/ebpf v0.12.3/go.mod h1:TctK1ivibvI3znr66ljgi4hqOT8EYQjz1KWBfb1UVgM= +github.com/cilium/ebpf v0.16.0 h1:+BiEnHL6Z7lXnlGUsXQPPAE7+kenAd4ES8MQ5min0Ok= +github.com/cilium/ebpf v0.16.0/go.mod h1:L7u2Blt2jMM/vLAVgjxluxtBKlz3/GWjB0dMOEngfwE= github.com/containerd/console v1.0.4 h1:F2g4+oChYvBTsASRTz8NP6iIAi97J3TtSAsLbIFn4ro= github.com/containerd/console v1.0.4/go.mod h1:YynlIjWYF8myEu6sdkwKIvGQq+cOckRm6So2avqoYAk= github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs= @@ -16,20 +16,28 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4= github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= -github.com/frankban/quicktest v1.14.5 h1:dfYrrRyLtiqT9GyKXgdh+k4inNeTvmGbuSgZ3lx3GhA= -github.com/frankban/quicktest v1.14.5/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= +github.com/go-quicktest/qt v1.101.0 h1:O1K29Txy5P2OK0dGo59b7b0LR6wKfIhttaAhHUyn7eI= +github.com/go-quicktest/qt v1.101.0/go.mod h1:14Bz/f7NwaXPtdYEgzsx46kqSxVwTbzVZsDC26tQJow= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk= github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= -github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= +github.com/josharian/native v1.1.0 h1:uuaP0hAbW7Y4l0ZRQ6C9zfb7Mg1mbFKry/xzDAfmtLA= +github.com/josharian/native v1.1.0/go.mod h1:7X/raswPFr05uY3HiLlYeyQntB6OO7E/d2Cu7qoaN2w= +github.com/jsimonetti/rtnetlink/v2 v2.0.1 h1:xda7qaHDSVOsADNouv7ukSuicKZO7GgVUCXxpaIEIlM= +github.com/jsimonetti/rtnetlink/v2 v2.0.1/go.mod h1:7MoNYNbb3UaDHtF8udiJo/RH6VsTKP1pqKLUTVCvToE= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= +github.com/mdlayher/netlink v1.7.2 h1:/UtM3ofJap7Vl4QWCPDGXY8d3GIY2UGSDbK+QWmY8/g= +github.com/mdlayher/netlink v1.7.2/go.mod h1:xraEF7uJbxLhc5fpHL4cPe221LI2bdttWlU+ZGLfQSw= +github.com/mdlayher/socket v0.4.1 h1:eM9y2/jlbs1M615oshPQOHZzj6R6wMT7bX5NPiQvn2U= +github.com/mdlayher/socket v0.4.1/go.mod h1:cAqeGjoufqdxWkD7DkpyS+wcefOtmu5OQ8KuoJGIReA= github.com/moby/sys/mountinfo v0.7.1 h1:/tTvQaSJRr2FshkhXiIpux6fQ2Zvc4j7tAhMTStAG2g= github.com/moby/sys/mountinfo v0.7.1/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI= github.com/moby/sys/user v0.1.0 h1:WmZ93f5Ux6het5iituh9x2zAG7NFY9Aqi49jjE1PaQg= @@ -42,8 +50,8 @@ github.com/opencontainers/selinux v1.11.0 h1:+5Zbo97w3Lbmb3PeqQtpmTkMwsW5nRI3YaL github.com/opencontainers/selinux v1.11.0/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M586T4DlDRYpFkyec= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8= -github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= +github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= +github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA= github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/seccomp/libseccomp-golang v0.10.0 h1:aA4bp+/Zzi0BnWZ2F1wgNBs5gTpm+na2rWM6M9YjLpY= @@ -73,6 +81,8 @@ golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2 h1:Jvc7gsqn21cJHCmAWx0LiimpP golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w= golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8= +golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= +golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= diff --git a/libcontainer/cgroups/devices/ebpf_linux.go b/libcontainer/cgroups/devices/ebpf_linux.go index b7125fa5f6d..1d3999e664d 100644 --- a/libcontainer/cgroups/devices/ebpf_linux.go +++ b/libcontainer/cgroups/devices/ebpf_linux.go @@ -176,21 +176,18 @@ func loadAttachCgroupDeviceFilter(insts asm.Instructions, license string, dirFd } // If there is only one old program, we can just replace it directly. - var ( - replaceProg *ebpf.Program - attachFlags uint32 = unix.BPF_F_ALLOW_MULTI - ) - if useReplaceProg { - replaceProg = oldProgs[0] - attachFlags |= unix.BPF_F_REPLACE - } - err = link.RawAttachProgram(link.RawAttachProgramOptions{ + + attachProgramOptions := link.RawAttachProgramOptions{ Target: dirFd, Program: prog, - Replace: replaceProg, Attach: ebpf.AttachCGroupDevice, - Flags: attachFlags, - }) + Flags: unix.BPF_F_ALLOW_MULTI, + } + + if useReplaceProg { + attachProgramOptions.Anchor = link.ReplaceProgram(oldProgs[0]) + } + err = link.RawAttachProgram(attachProgramOptions) if err != nil { return nilCloser, fmt.Errorf("failed to call BPF_PROG_ATTACH (BPF_CGROUP_DEVICE, BPF_F_ALLOW_MULTI): %w", err) } diff --git a/vendor/github.com/cilium/ebpf/.gitattributes b/vendor/github.com/cilium/ebpf/.gitattributes new file mode 100644 index 00000000000..113f97b9804 --- /dev/null +++ b/vendor/github.com/cilium/ebpf/.gitattributes @@ -0,0 +1 @@ +internal/sys/types.go linguist-generated=false diff --git a/vendor/github.com/cilium/ebpf/.vimto.toml b/vendor/github.com/cilium/ebpf/.vimto.toml new file mode 100644 index 00000000000..49a12dbc090 --- /dev/null +++ b/vendor/github.com/cilium/ebpf/.vimto.toml @@ -0,0 +1,12 @@ +kernel="ghcr.io/cilium/ci-kernels:stable" +smp="cpus=2" +memory="1G" +user="root" +setup=[ + "mount -t cgroup2 -o nosuid,noexec,nodev cgroup2 /sys/fs/cgroup", + "/bin/sh -c 'modprobe bpf_testmod || true'", + "dmesg --clear", +] +teardown=[ + "dmesg --read-clear", +] diff --git a/vendor/github.com/cilium/ebpf/ARCHITECTURE.md b/vendor/github.com/cilium/ebpf/ARCHITECTURE.md deleted file mode 100644 index 26f555eb7a7..00000000000 --- a/vendor/github.com/cilium/ebpf/ARCHITECTURE.md +++ /dev/null @@ -1,92 +0,0 @@ -Architecture of the library -=== - -```mermaid -graph RL - Program --> ProgramSpec --> ELF - btf.Spec --> ELF - Map --> MapSpec --> ELF - Links --> Map & Program - ProgramSpec -.-> btf.Spec - MapSpec -.-> btf.Spec - subgraph Collection - Program & Map - end - subgraph CollectionSpec - ProgramSpec & MapSpec & btf.Spec - end -``` - -ELF ---- - -BPF is usually produced by using Clang to compile a subset of C. Clang outputs -an ELF file which contains program byte code (aka BPF), but also metadata for -maps used by the program. The metadata follows the conventions set by libbpf -shipped with the kernel. Certain ELF sections have special meaning -and contain structures defined by libbpf. Newer versions of clang emit -additional metadata in [BPF Type Format](#BTF). - -The library aims to be compatible with libbpf so that moving from a C toolchain -to a Go one creates little friction. To that end, the [ELF reader](elf_reader.go) -is tested against the Linux selftests and avoids introducing custom behaviour -if possible. - -The output of the ELF reader is a `CollectionSpec` which encodes -all of the information contained in the ELF in a form that is easy to work with -in Go. The returned `CollectionSpec` should be deterministic: reading the same ELF -file on different systems must produce the same output. -As a corollary, any changes that depend on the runtime environment like the -current kernel version must happen when creating [Objects](#Objects). - -Specifications ---- - -`CollectionSpec` is a very simple container for `ProgramSpec`, `MapSpec` and -`btf.Spec`. Avoid adding functionality to it if possible. - -`ProgramSpec` and `MapSpec` are blueprints for in-kernel -objects and contain everything necessary to execute the relevant `bpf(2)` -syscalls. They refer to `btf.Spec` for type information such as `Map` key and -value types. - -The [asm](asm/) package provides an assembler that can be used to generate -`ProgramSpec` on the fly. - -Objects ---- - -`Program` and `Map` are the result of loading specifications into the kernel. -Features that depend on knowledge of the current system (e.g kernel version) -are implemented at this point. - -Sometimes loading a spec will fail because the kernel is too old, or a feature is not -enabled. There are multiple ways the library deals with that: - -* Fallback: older kernels don't allow naming programs and maps. The library - automatically detects support for names, and omits them during load if - necessary. This works since name is primarily a debug aid. - -* Sentinel error: sometimes it's possible to detect that a feature isn't available. - In that case the library will return an error wrapping `ErrNotSupported`. - This is also useful to skip tests that can't run on the current kernel. - -Once program and map objects are loaded they expose the kernel's low-level API, -e.g. `NextKey`. Often this API is awkward to use in Go, so there are safer -wrappers on top of the low-level API, like `MapIterator`. The low-level API is -useful when our higher-level API doesn't support a particular use case. - -Links ---- - -Programs can be attached to many different points in the kernel and newer BPF hooks -tend to use bpf_link to do so. Older hooks unfortunately use a combination of -syscalls, netlink messages, etc. Adding support for a new link type should not -pull in large dependencies like netlink, so XDP programs or tracepoints are -out of scope. - -Each bpf_link_type has one corresponding Go type, e.g. `link.tracing` corresponds -to BPF_LINK_TRACING. In general, these types should be unexported as long as they -don't export methods outside of the Link interface. Each Go type may have multiple -exported constructors. For example `AttachTracing` and `AttachLSM` create a -tracing link, but are distinct functions since they may require different arguments. diff --git a/vendor/github.com/cilium/ebpf/CODEOWNERS b/vendor/github.com/cilium/ebpf/CODEOWNERS new file mode 100644 index 00000000000..ca65d23c09d --- /dev/null +++ b/vendor/github.com/cilium/ebpf/CODEOWNERS @@ -0,0 +1,11 @@ +* @cilium/ebpf-lib-maintainers + +features/ @rgo3 +link/ @mmat11 + +perf/ @florianl +ringbuf/ @florianl + +btf/ @dylandreimerink + +cmd/bpf2go/ @mejedi diff --git a/vendor/github.com/cilium/ebpf/CONTRIBUTING.md b/vendor/github.com/cilium/ebpf/CONTRIBUTING.md index bf57da93953..673a9ac2907 100644 --- a/vendor/github.com/cilium/ebpf/CONTRIBUTING.md +++ b/vendor/github.com/cilium/ebpf/CONTRIBUTING.md @@ -1,48 +1,5 @@ -# How to contribute +# Contributing to ebpf-go -Development is on [GitHub](https://github.com/cilium/ebpf) and contributions in -the form of pull requests and issues reporting bugs or suggesting new features -are welcome. Please take a look at [the architecture](ARCHITECTURE.md) to get -a better understanding for the high-level goals. - -## Adding a new feature - -1. [Join](https://ebpf.io/slack) the -[#ebpf-go](https://cilium.slack.com/messages/ebpf-go) channel to discuss your requirements and how the feature can be implemented. The most important part is figuring out how much new exported API is necessary. **The less new API is required the easier it will be to land the feature.** -2. (*optional*) Create a draft PR if you want to discuss the implementation or have hit a problem. It's fine if this doesn't compile or contains debug statements. -3. Create a PR that is ready to merge. This must pass CI and have tests. - -### API stability - -The library doesn't guarantee the stability of its API at the moment. - -1. If possible avoid breakage by introducing new API and deprecating the old one - at the same time. If an API was deprecated in v0.x it can be removed in v0.x+1. -2. Breaking API in a way that causes compilation failures is acceptable but must - have good reasons. -3. Changing the semantics of the API without causing compilation failures is - heavily discouraged. - -## Running the tests - -Many of the tests require privileges to set resource limits and load eBPF code. -The easiest way to obtain these is to run the tests with `sudo`. - -To test the current package with your local kernel you can simply run: -``` -go test -exec sudo ./... -``` - -To test the current package with a different kernel version you can use the [run-tests.sh](run-tests.sh) script. -It requires [virtme](https://github.com/amluto/virtme) and qemu to be installed. - -Examples: - -```bash -# Run all tests on a 5.4 kernel -./run-tests.sh 5.4 - -# Run a subset of tests: -./run-tests.sh 5.4 ./link -``` +Want to contribute to ebpf-go? There are a few things you need to know. +We wrote a [contribution guide](https://ebpf-go.dev/contributing/) to help you get started. diff --git a/vendor/github.com/cilium/ebpf/Makefile b/vendor/github.com/cilium/ebpf/Makefile index 0fa8cdc521c..d355eea71ca 100644 --- a/vendor/github.com/cilium/ebpf/Makefile +++ b/vendor/github.com/cilium/ebpf/Makefile @@ -44,9 +44,11 @@ TARGETS := \ testdata/invalid-kfunc \ testdata/kfunc-kmod \ testdata/constants \ + testdata/errors \ btf/testdata/relocs \ btf/testdata/relocs_read \ btf/testdata/relocs_read_tgt \ + btf/testdata/relocs_enum \ cmd/bpf2go/testdata/minimal .PHONY: all clean container-all container-shell generate @@ -84,7 +86,8 @@ all: format $(addsuffix -el.elf,$(TARGETS)) $(addsuffix -eb.elf,$(TARGETS)) gene ln -srf testdata/loader-$(CLANG)-eb.elf testdata/loader-eb.elf generate: - go generate ./... + go generate -run "internal/cmd/gentypes" ./... + go generate -skip "internal/cmd/gentypes" ./... testdata/loader-%-el.elf: testdata/loader.c $* $(CFLAGS) -target bpfel -c $< -o $@ @@ -102,13 +105,8 @@ testdata/loader-%-eb.elf: testdata/loader.c $(CLANG) $(CFLAGS) -target bpfeb -c $< -o $@ $(STRIP) -g $@ -.PHONY: generate-btf -generate-btf: KERNEL_VERSION?=6.1.29 -generate-btf: - $(eval TMP := $(shell mktemp -d)) - curl -fL "$(CI_KERNEL_URL)/linux-$(KERNEL_VERSION)-amd64.tgz" -o "$(TMP)/linux.tgz" - tar xvf "$(TMP)/linux.tgz" -C "$(TMP)" --strip-components=2 ./boot/vmlinuz ./lib/modules - /lib/modules/$(shell uname -r)/build/scripts/extract-vmlinux "$(TMP)/vmlinuz" > "$(TMP)/vmlinux" - $(OBJCOPY) --dump-section .BTF=/dev/stdout "$(TMP)/vmlinux" /dev/null | gzip > "btf/testdata/vmlinux.btf.gz" - find "$(TMP)/modules" -type f -name bpf_testmod.ko -exec $(OBJCOPY) --dump-section .BTF="btf/testdata/btf_testmod.btf" {} /dev/null \; - $(RM) -r "$(TMP)" +.PHONY: update-kernel-deps +update-kernel-deps: export KERNEL_VERSION?=6.8 +update-kernel-deps: + ./testdata/sh/update-kernel-deps.sh + $(MAKE) container-all diff --git a/vendor/github.com/cilium/ebpf/README.md b/vendor/github.com/cilium/ebpf/README.md index 81235a69dd3..85871db1ae3 100644 --- a/vendor/github.com/cilium/ebpf/README.md +++ b/vendor/github.com/cilium/ebpf/README.md @@ -13,10 +13,9 @@ ecosystem. ## Getting Started -A small collection of Go and eBPF programs that serve as examples for building -your own tools can be found under [examples/](examples/). +Please take a look at our [Getting Started] guide. -[Contributions](CONTRIBUTING.md) are highly encouraged, as they highlight certain use cases of +[Contributions](https://ebpf-go.dev/contributing) are highly encouraged, as they highlight certain use cases of eBPF and the library, and help shape the future of the project. ## Getting Help @@ -59,19 +58,8 @@ This library includes the following packages: * A version of Go that is [supported by upstream](https://golang.org/doc/devel/release.html#policy) -* Linux >= 4.9. CI is run against kernel.org LTS releases. 4.4 should work but is - not tested against. - -## Regenerating Testdata - -Run `make` in the root of this repository to rebuild testdata in all -subpackages. This requires Docker, as it relies on a standardized build -environment to keep the build output stable. - -It is possible to regenerate data using Podman by overriding the `CONTAINER_*` -variables: `CONTAINER_ENGINE=podman CONTAINER_RUN_ARGS= make`. - -The toolchain image build files are kept in [testdata/docker/](testdata/docker/). +* CI is run against kernel.org LTS releases. >= 4.4 should work but EOL'ed versions + are not supported. ## License @@ -80,3 +68,5 @@ MIT ### eBPF Gopher The eBPF honeygopher is based on the Go gopher designed by Renee French. + +[Getting Started]: https://ebpf-go.dev/guides/getting-started/ diff --git a/vendor/github.com/cilium/ebpf/attachtype_string.go b/vendor/github.com/cilium/ebpf/attachtype_string.go index add2a3b5cc9..bece896bb61 100644 --- a/vendor/github.com/cilium/ebpf/attachtype_string.go +++ b/vendor/github.com/cilium/ebpf/attachtype_string.go @@ -52,11 +52,24 @@ func _() { _ = x[AttachSkReuseportSelectOrMigrate-40] _ = x[AttachPerfEvent-41] _ = x[AttachTraceKprobeMulti-42] + _ = x[AttachLSMCgroup-43] + _ = x[AttachStructOps-44] + _ = x[AttachNetfilter-45] + _ = x[AttachTCXIngress-46] + _ = x[AttachTCXEgress-47] + _ = x[AttachTraceUprobeMulti-48] + _ = x[AttachCgroupUnixConnect-49] + _ = x[AttachCgroupUnixSendmsg-50] + _ = x[AttachCgroupUnixRecvmsg-51] + _ = x[AttachCgroupUnixGetpeername-52] + _ = x[AttachCgroupUnixGetsockname-53] + _ = x[AttachNetkitPrimary-54] + _ = x[AttachNetkitPeer-55] } -const _AttachType_name = "NoneCGroupInetEgressCGroupInetSockCreateCGroupSockOpsSkSKBStreamParserSkSKBStreamVerdictCGroupDeviceSkMsgVerdictCGroupInet4BindCGroupInet6BindCGroupInet4ConnectCGroupInet6ConnectCGroupInet4PostBindCGroupInet6PostBindCGroupUDP4SendmsgCGroupUDP6SendmsgLircMode2FlowDissectorCGroupSysctlCGroupUDP4RecvmsgCGroupUDP6RecvmsgCGroupGetsockoptCGroupSetsockoptTraceRawTpTraceFEntryTraceFExitModifyReturnLSMMacTraceIterCgroupInet4GetPeernameCgroupInet6GetPeernameCgroupInet4GetSocknameCgroupInet6GetSocknameXDPDevMapCgroupInetSockReleaseXDPCPUMapSkLookupXDPSkSKBVerdictSkReuseportSelectSkReuseportSelectOrMigratePerfEventTraceKprobeMulti" +const _AttachType_name = "NoneCGroupInetEgressCGroupInetSockCreateCGroupSockOpsSkSKBStreamParserSkSKBStreamVerdictCGroupDeviceSkMsgVerdictCGroupInet4BindCGroupInet6BindCGroupInet4ConnectCGroupInet6ConnectCGroupInet4PostBindCGroupInet6PostBindCGroupUDP4SendmsgCGroupUDP6SendmsgLircMode2FlowDissectorCGroupSysctlCGroupUDP4RecvmsgCGroupUDP6RecvmsgCGroupGetsockoptCGroupSetsockoptTraceRawTpTraceFEntryTraceFExitModifyReturnLSMMacTraceIterCgroupInet4GetPeernameCgroupInet6GetPeernameCgroupInet4GetSocknameCgroupInet6GetSocknameXDPDevMapCgroupInetSockReleaseXDPCPUMapSkLookupXDPSkSKBVerdictSkReuseportSelectSkReuseportSelectOrMigratePerfEventTraceKprobeMultiLSMCgroupStructOpsNetfilterTCXIngressTCXEgressTraceUprobeMultiCgroupUnixConnectCgroupUnixSendmsgCgroupUnixRecvmsgCgroupUnixGetpeernameCgroupUnixGetsocknameNetkitPrimaryNetkitPeer" -var _AttachType_index = [...]uint16{0, 4, 20, 40, 53, 70, 88, 100, 112, 127, 142, 160, 178, 197, 216, 233, 250, 259, 272, 284, 301, 318, 334, 350, 360, 371, 381, 393, 399, 408, 430, 452, 474, 496, 505, 526, 535, 543, 546, 558, 575, 601, 610, 626} +var _AttachType_index = [...]uint16{0, 4, 20, 40, 53, 70, 88, 100, 112, 127, 142, 160, 178, 197, 216, 233, 250, 259, 272, 284, 301, 318, 334, 350, 360, 371, 381, 393, 399, 408, 430, 452, 474, 496, 505, 526, 535, 543, 546, 558, 575, 601, 610, 626, 635, 644, 653, 663, 672, 688, 705, 722, 739, 760, 781, 794, 804} func (i AttachType) String() string { if i >= AttachType(len(_AttachType_index)-1) { diff --git a/vendor/github.com/cilium/ebpf/btf/btf.go b/vendor/github.com/cilium/ebpf/btf/btf.go index 80f64d78aee..671f680b2af 100644 --- a/vendor/github.com/cilium/ebpf/btf/btf.go +++ b/vendor/github.com/cilium/ebpf/btf/btf.go @@ -29,9 +29,8 @@ var ( // ID represents the unique ID of a BTF object. type ID = sys.BTFID -// Spec allows querying a set of Types and loading the set into the -// kernel. -type Spec struct { +// immutableTypes is a set of types which musn't be changed. +type immutableTypes struct { // All types contained by the spec, not including types from the base in // case the spec was parsed from split BTF. types []Type @@ -44,13 +43,140 @@ type Spec struct { // Types indexed by essential name. // Includes all struct flavors and types with the same name. - namedTypes map[essentialName][]Type + namedTypes map[essentialName][]TypeID + + // Byte order of the types. This affects things like struct member order + // when using bitfields. + byteOrder binary.ByteOrder +} + +func (s *immutableTypes) typeByID(id TypeID) (Type, bool) { + if id < s.firstTypeID { + return nil, false + } + + index := int(id - s.firstTypeID) + if index >= len(s.types) { + return nil, false + } + + return s.types[index], true +} + +// mutableTypes is a set of types which may be changed. +type mutableTypes struct { + imm immutableTypes + mu sync.RWMutex // protects copies below + copies map[Type]Type // map[orig]copy + copiedTypeIDs map[Type]TypeID // map[copy]origID +} + +// add a type to the set of mutable types. +// +// Copies type and all of its children once. Repeated calls with the same type +// do not copy again. +func (mt *mutableTypes) add(typ Type, typeIDs map[Type]TypeID) Type { + mt.mu.RLock() + cpy, ok := mt.copies[typ] + mt.mu.RUnlock() + + if ok { + // Fast path: the type has been copied before. + return cpy + } + + // modifyGraphPreorder copies the type graph node by node, so we can't drop + // the lock in between. + mt.mu.Lock() + defer mt.mu.Unlock() + + return copyType(typ, typeIDs, mt.copies, mt.copiedTypeIDs) +} + +// copy a set of mutable types. +func (mt *mutableTypes) copy() *mutableTypes { + if mt == nil { + return nil + } + + mtCopy := &mutableTypes{ + mt.imm, + sync.RWMutex{}, + make(map[Type]Type, len(mt.copies)), + make(map[Type]TypeID, len(mt.copiedTypeIDs)), + } + + // Prevent concurrent modification of mt.copiedTypeIDs. + mt.mu.RLock() + defer mt.mu.RUnlock() + + copiesOfCopies := make(map[Type]Type, len(mt.copies)) + for orig, copy := range mt.copies { + // NB: We make a copy of copy, not orig, so that changes to mutable types + // are preserved. + copyOfCopy := copyType(copy, mt.copiedTypeIDs, copiesOfCopies, mtCopy.copiedTypeIDs) + mtCopy.copies[orig] = copyOfCopy + } + + return mtCopy +} + +func (mt *mutableTypes) typeID(typ Type) (TypeID, error) { + if _, ok := typ.(*Void); ok { + // Equality is weird for void, since it is a zero sized type. + return 0, nil + } + + mt.mu.RLock() + defer mt.mu.RUnlock() + + id, ok := mt.copiedTypeIDs[typ] + if !ok { + return 0, fmt.Errorf("no ID for type %s: %w", typ, ErrNotFound) + } + + return id, nil +} + +func (mt *mutableTypes) typeByID(id TypeID) (Type, bool) { + immT, ok := mt.imm.typeByID(id) + if !ok { + return nil, false + } + + return mt.add(immT, mt.imm.typeIDs), true +} + +func (mt *mutableTypes) anyTypesByName(name string) ([]Type, error) { + immTypes := mt.imm.namedTypes[newEssentialName(name)] + if len(immTypes) == 0 { + return nil, fmt.Errorf("type name %s: %w", name, ErrNotFound) + } + + // Return a copy to prevent changes to namedTypes. + result := make([]Type, 0, len(immTypes)) + for _, id := range immTypes { + immT, ok := mt.imm.typeByID(id) + if !ok { + return nil, fmt.Errorf("no type with ID %d", id) + } + + // Match against the full name, not just the essential one + // in case the type being looked up is a struct flavor. + if immT.TypeName() == name { + result = append(result, mt.add(immT, mt.imm.typeIDs)) + } + } + return result, nil +} + +// Spec allows querying a set of Types and loading the set into the +// kernel. +type Spec struct { + *mutableTypes // String table from ELF. strings *stringTable - - // Byte order of the ELF we decoded the spec from, may be nil. - byteOrder binary.ByteOrder } // LoadSpec opens file and calls LoadSpecFromReader on it. @@ -181,7 +307,7 @@ func loadSpecFromELF(file *internal.SafeELFFile) (*Spec, error) { return nil, err } - err = fixupDatasec(spec.types, sectionSizes, offsets) + err = fixupDatasec(spec.imm.types, sectionSizes, offsets) if err != nil { return nil, err } @@ -197,7 +323,7 @@ func loadRawSpec(btf io.ReaderAt, bo binary.ByteOrder, base *Spec) (*Spec, error ) if base != nil { - if base.firstTypeID != 0 { + if base.imm.firstTypeID != 0 { return nil, fmt.Errorf("can't use split BTF as base") } @@ -217,16 +343,23 @@ func loadRawSpec(btf io.ReaderAt, bo binary.ByteOrder, base *Spec) (*Spec, error typeIDs, typesByName := indexTypes(types, firstTypeID) return &Spec{ - namedTypes: typesByName, - typeIDs: typeIDs, - types: types, - firstTypeID: firstTypeID, - strings: rawStrings, - byteOrder: bo, + &mutableTypes{ + immutableTypes{ + types, + typeIDs, + firstTypeID, + typesByName, + bo, + }, + sync.RWMutex{}, + make(map[Type]Type), + make(map[Type]TypeID), + }, + rawStrings, }, nil } -func indexTypes(types []Type, firstTypeID TypeID) (map[Type]TypeID, map[essentialName][]Type) { +func indexTypes(types []Type, firstTypeID TypeID) (map[Type]TypeID, map[essentialName][]TypeID) { namedTypes := 0 for _, typ := range types { if typ.TypeName() != "" { @@ -238,119 +371,20 @@ func indexTypes(types []Type, firstTypeID TypeID) (map[Type]TypeID, map[essentia } typeIDs := make(map[Type]TypeID, len(types)) - typesByName := make(map[essentialName][]Type, namedTypes) + typesByName := make(map[essentialName][]TypeID, namedTypes) for i, typ := range types { + id := firstTypeID + TypeID(i) + typeIDs[typ] = id + if name := newEssentialName(typ.TypeName()); name != "" { - typesByName[name] = append(typesByName[name], typ) + typesByName[name] = append(typesByName[name], id) } - typeIDs[typ] = firstTypeID + TypeID(i) } return typeIDs, typesByName } -// LoadKernelSpec returns the current kernel's BTF information. -// -// Defaults to /sys/kernel/btf/vmlinux and falls back to scanning the file system -// for vmlinux ELFs. Returns an error wrapping ErrNotSupported if BTF is not enabled. -func LoadKernelSpec() (*Spec, error) { - spec, _, err := kernelSpec() - if err != nil { - return nil, err - } - return spec.Copy(), nil -} - -var kernelBTF struct { - sync.RWMutex - spec *Spec - // True if the spec was read from an ELF instead of raw BTF in /sys. - fallback bool -} - -// FlushKernelSpec removes any cached kernel type information. -func FlushKernelSpec() { - kernelBTF.Lock() - defer kernelBTF.Unlock() - - kernelBTF.spec, kernelBTF.fallback = nil, false -} - -func kernelSpec() (*Spec, bool, error) { - kernelBTF.RLock() - spec, fallback := kernelBTF.spec, kernelBTF.fallback - kernelBTF.RUnlock() - - if spec == nil { - kernelBTF.Lock() - defer kernelBTF.Unlock() - - spec, fallback = kernelBTF.spec, kernelBTF.fallback - } - - if spec != nil { - return spec, fallback, nil - } - - spec, fallback, err := loadKernelSpec() - if err != nil { - return nil, false, err - } - - kernelBTF.spec, kernelBTF.fallback = spec, fallback - return spec, fallback, nil -} - -func loadKernelSpec() (_ *Spec, fallback bool, _ error) { - fh, err := os.Open("/sys/kernel/btf/vmlinux") - if err == nil { - defer fh.Close() - - spec, err := loadRawSpec(fh, internal.NativeEndian, nil) - return spec, false, err - } - - file, err := findVMLinux() - if err != nil { - return nil, false, err - } - defer file.Close() - - spec, err := LoadSpecFromReader(file) - return spec, true, err -} - -// findVMLinux scans multiple well-known paths for vmlinux kernel images. -func findVMLinux() (*os.File, error) { - release, err := internal.KernelRelease() - if err != nil { - return nil, err - } - - // use same list of locations as libbpf - // https://github.com/libbpf/libbpf/blob/9a3a42608dbe3731256a5682a125ac1e23bced8f/src/btf.c#L3114-L3122 - locations := []string{ - "/boot/vmlinux-%s", - "/lib/modules/%s/vmlinux-%[1]s", - "/lib/modules/%s/build/vmlinux", - "/usr/lib/modules/%s/kernel/vmlinux", - "/usr/lib/debug/boot/vmlinux-%s", - "/usr/lib/debug/boot/vmlinux-%s.debug", - "/usr/lib/debug/lib/modules/%s/vmlinux", - } - - for _, loc := range locations { - file, err := os.Open(fmt.Sprintf(loc, release)) - if errors.Is(err, os.ErrNotExist) { - continue - } - return file, err - } - - return nil, fmt.Errorf("no BTF found for kernel version %s: %w", release, internal.ErrNotSupported) -} - func guessRawBTFByteOrder(r io.ReaderAt) binary.ByteOrder { buf := new(bufio.Reader) for _, bo := range []binary.ByteOrder{ @@ -492,17 +526,13 @@ func fixupDatasecLayout(ds *Datasec) error { // Copy creates a copy of Spec. func (s *Spec) Copy() *Spec { - types := copyTypes(s.types, nil) - typeIDs, typesByName := indexTypes(types, s.firstTypeID) + if s == nil { + return nil + } - // NB: Other parts of spec are not copied since they are immutable. return &Spec{ - types, - typeIDs, - s.firstTypeID, - typesByName, + s.mutableTypes.copy(), s.strings, - s.byteOrder, } } @@ -519,8 +549,8 @@ func (sw sliceWriter) Write(p []byte) (int, error) { // nextTypeID returns the next unallocated type ID or an error if there are no // more type IDs. func (s *Spec) nextTypeID() (TypeID, error) { - id := s.firstTypeID + TypeID(len(s.types)) - if id < s.firstTypeID { + id := s.imm.firstTypeID + TypeID(len(s.imm.types)) + if id < s.imm.firstTypeID { return 0, fmt.Errorf("no more type IDs") } return id, nil @@ -531,33 +561,19 @@ func (s *Spec) nextTypeID() (TypeID, error) { // Returns an error wrapping ErrNotFound if a Type with the given ID // does not exist in the Spec. func (s *Spec) TypeByID(id TypeID) (Type, error) { - if id < s.firstTypeID { - return nil, fmt.Errorf("look up type with ID %d (first ID is %d): %w", id, s.firstTypeID, ErrNotFound) - } - - index := int(id - s.firstTypeID) - if index >= len(s.types) { - return nil, fmt.Errorf("look up type with ID %d: %w", id, ErrNotFound) + typ, ok := s.typeByID(id) + if !ok { + return nil, fmt.Errorf("look up type with ID %d (first ID is %d): %w", id, s.imm.firstTypeID, ErrNotFound) } - return s.types[index], nil + return typ, nil } // TypeID returns the ID for a given Type. // -// Returns an error wrapping ErrNoFound if the type isn't part of the Spec. +// Returns an error wrapping [ErrNotFound] if the type isn't part of the Spec. func (s *Spec) TypeID(typ Type) (TypeID, error) { - if _, ok := typ.(*Void); ok { - // Equality is weird for void, since it is a zero sized type. - return 0, nil - } - - id, ok := s.typeIDs[typ] - if !ok { - return 0, fmt.Errorf("no ID for type %s: %w", typ, ErrNotFound) - } - - return id, nil + return s.mutableTypes.typeID(typ) } // AnyTypesByName returns a list of BTF Types with the given name. @@ -568,21 +584,7 @@ func (s *Spec) TypeID(typ Type) (TypeID, error) { // // Returns an error wrapping ErrNotFound if no matching Type exists in the Spec. func (s *Spec) AnyTypesByName(name string) ([]Type, error) { - types := s.namedTypes[newEssentialName(name)] - if len(types) == 0 { - return nil, fmt.Errorf("type name %s: %w", name, ErrNotFound) - } - - // Return a copy to prevent changes to namedTypes. - result := make([]Type, 0, len(types)) - for _, t := range types { - // Match against the full name, not just the essential one - // in case the type being looked up is a struct flavor. - if t.TypeName() == name { - result = append(result, t) - } - } - return result, nil + return s.mutableTypes.anyTypesByName(name) } // AnyTypeByName returns a Type with the given name. @@ -671,26 +673,27 @@ func LoadSplitSpecFromReader(r io.ReaderAt, base *Spec) (*Spec, error) { // TypesIterator iterates over types of a given spec. type TypesIterator struct { - types []Type - index int + spec *Spec + id TypeID + done bool // The last visited type in the spec. Type Type } // Iterate returns the types iterator. func (s *Spec) Iterate() *TypesIterator { - // We share the backing array of types with the Spec. This is safe since - // we don't allow deletion or shuffling of types. - return &TypesIterator{types: s.types, index: 0} + return &TypesIterator{spec: s, id: s.imm.firstTypeID} } // Next returns true as long as there are any remaining types. func (iter *TypesIterator) Next() bool { - if len(iter.types) <= iter.index { + if iter.done { return false } - iter.Type = iter.types[iter.index] - iter.index++ - return true + var ok bool + iter.Type, ok = iter.spec.typeByID(iter.id) + iter.id++ + iter.done = !ok + return !iter.done } diff --git a/vendor/github.com/cilium/ebpf/btf/core.go b/vendor/github.com/cilium/ebpf/btf/core.go index ded7d43d482..ee89f98331a 100644 --- a/vendor/github.com/cilium/ebpf/btf/core.go +++ b/vendor/github.com/cilium/ebpf/btf/core.go @@ -6,6 +6,7 @@ import ( "fmt" "math" "reflect" + "slices" "strconv" "strings" @@ -15,6 +16,11 @@ import ( // Code in this file is derived from libbpf, which is available under a BSD // 2-Clause license. +// A constant used when CO-RE relocation has to remove instructions. +// +// Taken from libbpf. +const COREBadRelocationSentinel = 0xbad2310 + // COREFixup is the result of computing a CO-RE relocation for a target. type COREFixup struct { kind coreKind @@ -41,9 +47,22 @@ func (f *COREFixup) String() string { func (f *COREFixup) Apply(ins *asm.Instruction) error { if f.poison { - const badRelo = 0xbad2310 + // Relocation is poisoned, replace the instruction with an invalid one. + if ins.OpCode.IsDWordLoad() { + // Replace a dword load with a invalid dword load to preserve instruction size. + *ins = asm.LoadImm(asm.R10, COREBadRelocationSentinel, asm.DWord) + } else { + // Replace all single size instruction with a invalid call instruction. + *ins = asm.BuiltinFunc(COREBadRelocationSentinel).Call() + } + + // Add context to the kernel verifier output. + if source := ins.Source(); source != nil { + *ins = ins.WithSource(asm.Comment(fmt.Sprintf("instruction poisoned by CO-RE: %s", source))) + } else { + *ins = ins.WithSource(asm.Comment("instruction poisoned by CO-RE")) + } - *ins = asm.BuiltinFunc(badRelo).Call() return nil } @@ -119,10 +138,11 @@ const ( reloTypeSize /* type size in bytes */ reloEnumvalExists /* enum value existence in target kernel */ reloEnumvalValue /* enum value integer value */ + reloTypeMatches /* type matches kernel type */ ) func (k coreKind) checksForExistence() bool { - return k == reloEnumvalExists || k == reloTypeExists || k == reloFieldExists + return k == reloEnumvalExists || k == reloTypeExists || k == reloFieldExists || k == reloTypeMatches } func (k coreKind) String() string { @@ -151,30 +171,43 @@ func (k coreKind) String() string { return "enumval_exists" case reloEnumvalValue: return "enumval_value" + case reloTypeMatches: + return "type_matches" default: - return "unknown" + return fmt.Sprintf("unknown (%d)", k) } } // CORERelocate calculates changes needed to adjust eBPF instructions for differences // in types. // +// targets forms the set of types to relocate against. The first element has to be +// BTF for vmlinux, the following must be types for kernel modules. +// +// resolveLocalTypeID is called for each local type which requires a stable TypeID. +// Calling the function with the same type multiple times must produce the same +// result. It is the callers responsibility to ensure that the relocated instructions +// are loaded with matching BTF. +// // Returns a list of fixups which can be applied to instructions to make them // match the target type(s). // // Fixups are returned in the order of relos, e.g. fixup[i] is the solution // for relos[i]. -func CORERelocate(relos []*CORERelocation, target *Spec, bo binary.ByteOrder) ([]COREFixup, error) { - if target == nil { - var err error - target, _, err = kernelSpec() - if err != nil { - return nil, fmt.Errorf("load kernel spec: %w", err) - } +func CORERelocate(relos []*CORERelocation, targets []*Spec, bo binary.ByteOrder, resolveLocalTypeID func(Type) (TypeID, error)) ([]COREFixup, error) { + if len(targets) == 0 { + // Explicitly check for nil here since the argument used to be optional. + return nil, fmt.Errorf("targets must be provided") } - if bo != target.byteOrder { - return nil, fmt.Errorf("can't relocate %s against %s", bo, target.byteOrder) + // We can't encode type IDs that aren't for vmlinux into instructions at the + // moment. + resolveTargetTypeID := targets[0].TypeID + + for _, target := range targets { + if bo != target.imm.byteOrder { + return nil, fmt.Errorf("can't relocate %s against %s", bo, target.imm.byteOrder) + } } type reloGroup struct { @@ -194,14 +227,15 @@ func CORERelocate(relos []*CORERelocation, target *Spec, bo binary.ByteOrder) ([ return nil, fmt.Errorf("%s: unexpected accessor %v", relo.kind, relo.accessor) } + id, err := resolveLocalTypeID(relo.typ) + if err != nil { + return nil, fmt.Errorf("%s: get type id: %w", relo.kind, err) + } + result[i] = COREFixup{ - kind: relo.kind, - local: uint64(relo.id), - // NB: Using relo.id as the target here is incorrect, since - // it doesn't match the BTF we generate on the fly. This isn't - // too bad for now since there are no uses of the local type ID - // in the kernel, yet. - target: uint64(relo.id), + kind: relo.kind, + local: uint64(relo.id), + target: uint64(id), } continue } @@ -221,8 +255,23 @@ func CORERelocate(relos []*CORERelocation, target *Spec, bo binary.ByteOrder) ([ return nil, fmt.Errorf("relocate unnamed or anonymous type %s: %w", localType, ErrNotSupported) } - targets := target.namedTypes[newEssentialName(localTypeName)] - fixups, err := coreCalculateFixups(group.relos, target, targets, bo) + essentialName := newEssentialName(localTypeName) + + var targetTypes []Type + for _, target := range targets { + namedTypeIDs := target.imm.namedTypes[essentialName] + targetTypes = slices.Grow(targetTypes, len(namedTypeIDs)) + for _, id := range namedTypeIDs { + typ, err := target.TypeByID(id) + if err != nil { + return nil, err + } + + targetTypes = append(targetTypes, typ) + } + } + + fixups, err := coreCalculateFixups(group.relos, targetTypes, bo, resolveTargetTypeID) if err != nil { return nil, fmt.Errorf("relocate %s: %w", localType, err) } @@ -245,19 +294,14 @@ var errIncompatibleTypes = errors.New("incompatible types") // // The best target is determined by scoring: the less poisoning we have to do // the better the target is. -func coreCalculateFixups(relos []*CORERelocation, targetSpec *Spec, targets []Type, bo binary.ByteOrder) ([]COREFixup, error) { +func coreCalculateFixups(relos []*CORERelocation, targets []Type, bo binary.ByteOrder, resolveTargetTypeID func(Type) (TypeID, error)) ([]COREFixup, error) { bestScore := len(relos) var bestFixups []COREFixup for _, target := range targets { - targetID, err := targetSpec.TypeID(target) - if err != nil { - return nil, fmt.Errorf("target type ID: %w", err) - } - score := 0 // lower is better fixups := make([]COREFixup, 0, len(relos)) for _, relo := range relos { - fixup, err := coreCalculateFixup(relo, target, targetID, bo) + fixup, err := coreCalculateFixup(relo, target, bo, resolveTargetTypeID) if err != nil { return nil, fmt.Errorf("target %s: %s: %w", target, relo.kind, err) } @@ -308,9 +352,8 @@ func coreCalculateFixups(relos []*CORERelocation, targetSpec *Spec, targets []Ty var errNoSignedness = errors.New("no signedness") -// coreCalculateFixup calculates the fixup for a single local type, target type -// and relocation. -func coreCalculateFixup(relo *CORERelocation, target Type, targetID TypeID, bo binary.ByteOrder) (COREFixup, error) { +// coreCalculateFixup calculates the fixup given a relocation and a target type. +func coreCalculateFixup(relo *CORERelocation, target Type, bo binary.ByteOrder, resolveTargetTypeID func(Type) (TypeID, error)) (COREFixup, error) { fixup := func(local, target uint64) (COREFixup, error) { return COREFixup{kind: relo.kind, local: local, target: target}, nil } @@ -328,12 +371,27 @@ func coreCalculateFixup(relo *CORERelocation, target Type, targetID TypeID, bo b local := relo.typ switch relo.kind { + case reloTypeMatches: + if len(relo.accessor) > 1 || relo.accessor[0] != 0 { + return zero, fmt.Errorf("unexpected accessor %v", relo.accessor) + } + + err := coreTypesMatch(local, target, nil) + if errors.Is(err, errIncompatibleTypes) { + return poison() + } + if err != nil { + return zero, err + } + + return fixup(1, 1) + case reloTypeIDTarget, reloTypeSize, reloTypeExists: if len(relo.accessor) > 1 || relo.accessor[0] != 0 { return zero, fmt.Errorf("unexpected accessor %v", relo.accessor) } - err := coreAreTypesCompatible(local, target) + err := CheckTypeCompatibility(local, target) if errors.Is(err, errIncompatibleTypes) { return poison() } @@ -346,6 +404,15 @@ func coreCalculateFixup(relo *CORERelocation, target Type, targetID TypeID, bo b return fixup(1, 1) case reloTypeIDTarget: + targetID, err := resolveTargetTypeID(target) + if errors.Is(err, ErrNotFound) { + // Probably a relocation trying to get the ID + // of a type from a kmod. + return poison() + } + if err != nil { + return zero, err + } return fixup(uint64(relo.id), uint64(targetID)) case reloTypeSize: @@ -380,7 +447,7 @@ func coreCalculateFixup(relo *CORERelocation, target Type, targetID TypeID, bo b } case reloFieldByteOffset, reloFieldByteSize, reloFieldExists, reloFieldLShiftU64, reloFieldRShiftU64, reloFieldSigned: - if _, ok := as[*Fwd](target); ok { + if _, ok := As[*Fwd](target); ok { // We can't relocate fields using a forward declaration, so // skip it. If a non-forward declaration is present in the BTF // we'll find it in one of the other iterations. @@ -449,14 +516,14 @@ func coreCalculateFixup(relo *CORERelocation, target Type, targetID TypeID, bo b case reloFieldSigned: switch local := UnderlyingType(localField.Type).(type) { case *Enum: - target, ok := as[*Enum](targetField.Type) + target, ok := As[*Enum](targetField.Type) if !ok { return zero, fmt.Errorf("target isn't *Enum but %T", targetField.Type) } return fixup(boolToUint64(local.Signed), boolToUint64(target.Signed)) case *Int: - target, ok := as[*Int](targetField.Type) + target, ok := As[*Int](targetField.Type) if !ok { return zero, fmt.Errorf("target isn't *Int but %T", targetField.Type) } @@ -540,7 +607,7 @@ func (ca coreAccessor) String() string { } func (ca coreAccessor) enumValue(t Type) (*EnumValue, error) { - e, ok := as[*Enum](t) + e, ok := As[*Enum](t) if !ok { return nil, fmt.Errorf("not an enum: %s", t) } @@ -666,7 +733,7 @@ func coreFindField(localT Type, localAcc coreAccessor, targetT Type) (coreField, localMember := localMembers[acc] if localMember.Name == "" { - localMemberType, ok := as[composite](localMember.Type) + localMemberType, ok := As[composite](localMember.Type) if !ok { return coreField{}, coreField{}, fmt.Errorf("unnamed field with type %s: %s", localMember.Type, ErrNotSupported) } @@ -680,7 +747,7 @@ func coreFindField(localT Type, localAcc coreAccessor, targetT Type) (coreField, continue } - targetType, ok := as[composite](target.Type) + targetType, ok := As[composite](target.Type) if !ok { return coreField{}, coreField{}, fmt.Errorf("target not composite: %w", errImpossibleRelocation) } @@ -726,7 +793,7 @@ func coreFindField(localT Type, localAcc coreAccessor, targetT Type) (coreField, case *Array: // For arrays, acc is the index in the target. - targetType, ok := as[*Array](target.Type) + targetType, ok := As[*Array](target.Type) if !ok { return coreField{}, coreField{}, fmt.Errorf("target not array: %w", errImpossibleRelocation) } @@ -820,7 +887,7 @@ func coreFindMember(typ composite, name string) (Member, bool, error) { continue } - comp, ok := as[composite](member.Type) + comp, ok := As[composite](member.Type) if !ok { return Member{}, false, fmt.Errorf("anonymous non-composite type %T not allowed", member.Type) } @@ -839,7 +906,7 @@ func coreFindEnumValue(local Type, localAcc coreAccessor, target Type) (localVal return nil, nil, err } - targetEnum, ok := as[*Enum](target) + targetEnum, ok := As[*Enum](target) if !ok { return nil, nil, errImpossibleRelocation } @@ -860,7 +927,11 @@ func coreFindEnumValue(local Type, localAcc coreAccessor, target Type) (localVal // // Only layout compatibility is checked, ignoring names of the root type. func CheckTypeCompatibility(localType Type, targetType Type) error { - return coreAreTypesCompatible(localType, targetType) + return coreAreTypesCompatible(localType, targetType, nil) +} + +type pair struct { + A, B Type } /* The comment below is from bpf_core_types_are_compat in libbpf.c: @@ -886,59 +957,60 @@ func CheckTypeCompatibility(localType Type, targetType Type) error { * * Returns errIncompatibleTypes if types are not compatible. */ -func coreAreTypesCompatible(localType Type, targetType Type) error { +func coreAreTypesCompatible(localType Type, targetType Type, visited map[pair]struct{}) error { + localType = UnderlyingType(localType) + targetType = UnderlyingType(targetType) - var ( - localTs, targetTs typeDeque - l, t = &localType, &targetType - depth = 0 - ) + if reflect.TypeOf(localType) != reflect.TypeOf(targetType) { + return fmt.Errorf("type mismatch between %v and %v: %w", localType, targetType, errIncompatibleTypes) + } - for ; l != nil && t != nil; l, t = localTs.Shift(), targetTs.Shift() { - if depth >= maxResolveDepth { - return errors.New("types are nested too deep") - } + if _, ok := visited[pair{localType, targetType}]; ok { + return nil + } + if visited == nil { + visited = make(map[pair]struct{}) + } + visited[pair{localType, targetType}] = struct{}{} - localType = UnderlyingType(*l) - targetType = UnderlyingType(*t) + switch lv := localType.(type) { + case *Void, *Struct, *Union, *Enum, *Fwd, *Int: + return nil - if reflect.TypeOf(localType) != reflect.TypeOf(targetType) { - return fmt.Errorf("type mismatch: %w", errIncompatibleTypes) - } + case *Pointer: + tv := targetType.(*Pointer) + return coreAreTypesCompatible(lv.Target, tv.Target, visited) - switch lv := (localType).(type) { - case *Void, *Struct, *Union, *Enum, *Fwd, *Int: - // Nothing to do here + case *Array: + tv := targetType.(*Array) + if err := coreAreTypesCompatible(lv.Index, tv.Index, visited); err != nil { + return err + } - case *Pointer, *Array: - depth++ - walkType(localType, localTs.Push) - walkType(targetType, targetTs.Push) + return coreAreTypesCompatible(lv.Type, tv.Type, visited) - case *FuncProto: - tv := targetType.(*FuncProto) - if len(lv.Params) != len(tv.Params) { - return fmt.Errorf("function param mismatch: %w", errIncompatibleTypes) - } + case *FuncProto: + tv := targetType.(*FuncProto) + if err := coreAreTypesCompatible(lv.Return, tv.Return, visited); err != nil { + return err + } - depth++ - walkType(localType, localTs.Push) - walkType(targetType, targetTs.Push) + if len(lv.Params) != len(tv.Params) { + return fmt.Errorf("function param mismatch: %w", errIncompatibleTypes) + } - default: - return fmt.Errorf("unsupported type %T", localType) + for i, localParam := range lv.Params { + targetParam := tv.Params[i] + if err := coreAreTypesCompatible(localParam.Type, targetParam.Type, visited); err != nil { + return err + } } - } - if l != nil { - return fmt.Errorf("dangling local type %T", *l) - } + return nil - if t != nil { - return fmt.Errorf("dangling target type %T", *t) + default: + return fmt.Errorf("unsupported type %T", localType) } - - return nil } /* coreAreMembersCompatible checks two types for field-based relocation compatibility. @@ -970,19 +1042,6 @@ func coreAreMembersCompatible(localType Type, targetType Type) error { localType = UnderlyingType(localType) targetType = UnderlyingType(targetType) - doNamesMatch := func(a, b string) error { - if a == "" || b == "" { - // allow anonymous and named type to match - return nil - } - - if newEssentialName(a) == newEssentialName(b) { - return nil - } - - return fmt.Errorf("names don't match: %w", errImpossibleRelocation) - } - _, lok := localType.(composite) _, tok := targetType.(composite) if lok && tok { @@ -999,13 +1058,204 @@ func coreAreMembersCompatible(localType Type, targetType Type) error { case *Enum: tv := targetType.(*Enum) - return doNamesMatch(lv.Name, tv.Name) + if !coreEssentialNamesMatch(lv.Name, tv.Name) { + return fmt.Errorf("names %q and %q don't match: %w", lv.Name, tv.Name, errImpossibleRelocation) + } + + return nil case *Fwd: tv := targetType.(*Fwd) - return doNamesMatch(lv.Name, tv.Name) + if !coreEssentialNamesMatch(lv.Name, tv.Name) { + return fmt.Errorf("names %q and %q don't match: %w", lv.Name, tv.Name, errImpossibleRelocation) + } + + return nil default: return fmt.Errorf("type %s: %w", localType, ErrNotSupported) } } + +// coreEssentialNamesMatch compares two names while ignoring their flavour suffix. +// +// This should only be used on names which are in the global scope, like struct +// names, typedefs or enum values. +func coreEssentialNamesMatch(a, b string) bool { + if a == "" || b == "" { + // allow anonymous and named type to match + return true + } + + return newEssentialName(a) == newEssentialName(b) +} + +/* The comment below is from __bpf_core_types_match in relo_core.c: + * + * Check that two types "match". This function assumes that root types were + * already checked for name match. + * + * The matching relation is defined as follows: + * - modifiers and typedefs are stripped (and, hence, effectively ignored) + * - generally speaking types need to be of same kind (struct vs. struct, union + * vs. union, etc.) + * - exceptions are struct/union behind a pointer which could also match a + * forward declaration of a struct or union, respectively, and enum vs. + * enum64 (see below) + * Then, depending on type: + * - integers: + * - match if size and signedness match + * - arrays & pointers: + * - target types are recursively matched + * - structs & unions: + * - local members need to exist in target with the same name + * - for each member we recursively check match unless it is already behind a + * pointer, in which case we only check matching names and compatible kind + * - enums: + * - local variants have to have a match in target by symbolic name (but not + * numeric value) + * - size has to match (but enum may match enum64 and vice versa) + * - function pointers: + * - number and position of arguments in local type has to match target + * - for each argument and the return value we recursively check match + */ +func coreTypesMatch(localType Type, targetType Type, visited map[pair]struct{}) error { + localType = UnderlyingType(localType) + targetType = UnderlyingType(targetType) + + if !coreEssentialNamesMatch(localType.TypeName(), targetType.TypeName()) { + return fmt.Errorf("type name %q don't match %q: %w", localType.TypeName(), targetType.TypeName(), errIncompatibleTypes) + } + + if reflect.TypeOf(localType) != reflect.TypeOf(targetType) { + return fmt.Errorf("type mismatch between %v and %v: %w", localType, targetType, errIncompatibleTypes) + } + + if _, ok := visited[pair{localType, targetType}]; ok { + return nil + } + if visited == nil { + visited = make(map[pair]struct{}) + } + visited[pair{localType, targetType}] = struct{}{} + + switch lv := (localType).(type) { + case *Void: + + case *Fwd: + if targetType.(*Fwd).Kind != lv.Kind { + return fmt.Errorf("fwd kind mismatch between %v and %v: %w", localType, targetType, errIncompatibleTypes) + } + + case *Enum: + return coreEnumsMatch(lv, targetType.(*Enum)) + + case composite: + tv := targetType.(composite) + + if len(lv.members()) > len(tv.members()) { + return errIncompatibleTypes + } + + localMembers := lv.members() + targetMembers := map[string]Member{} + for _, member := range tv.members() { + targetMembers[member.Name] = member + } + + for _, localMember := range localMembers { + targetMember, found := targetMembers[localMember.Name] + if !found { + return fmt.Errorf("no field %q in %v: %w", localMember.Name, targetType, errIncompatibleTypes) + } + + err := coreTypesMatch(localMember.Type, targetMember.Type, visited) + if err != nil { + return err + } + } + + case *Int: + if !coreEncodingMatches(lv, targetType.(*Int)) { + return fmt.Errorf("int mismatch between %v and %v: %w", localType, targetType, errIncompatibleTypes) + } + + case *Pointer: + tv := targetType.(*Pointer) + + // Allow a pointer to a forward declaration to match a struct + // or union. + if fwd, ok := As[*Fwd](lv.Target); ok && fwd.matches(tv.Target) { + return nil + } + + if fwd, ok := As[*Fwd](tv.Target); ok && fwd.matches(lv.Target) { + return nil + } + + return coreTypesMatch(lv.Target, tv.Target, visited) + + case *Array: + tv := targetType.(*Array) + + if lv.Nelems != tv.Nelems { + return fmt.Errorf("array mismatch between %v and %v: %w", localType, targetType, errIncompatibleTypes) + } + + return coreTypesMatch(lv.Type, tv.Type, visited) + + case *FuncProto: + tv := targetType.(*FuncProto) + + if len(lv.Params) != len(tv.Params) { + return fmt.Errorf("function param mismatch: %w", errIncompatibleTypes) + } + + for i, lparam := range lv.Params { + if err := coreTypesMatch(lparam.Type, tv.Params[i].Type, visited); err != nil { + return err + } + } + + return coreTypesMatch(lv.Return, tv.Return, visited) + + default: + return fmt.Errorf("unsupported type %T", localType) + } + + return nil +} + +// coreEncodingMatches returns true if both ints have the same size and signedness. +// All encodings other than `Signed` are considered unsigned. +func coreEncodingMatches(local, target *Int) bool { + return local.Size == target.Size && (local.Encoding == Signed) == (target.Encoding == Signed) +} + +// coreEnumsMatch checks two enums match, which is considered to be the case if the following is true: +// - size has to match (but enum may match enum64 and vice versa) +// - local variants have to have a match in target by symbolic name (but not numeric value) +func coreEnumsMatch(local *Enum, target *Enum) error { + if local.Size != target.Size { + return fmt.Errorf("size mismatch between %v and %v: %w", local, target, errIncompatibleTypes) + } + + // If there are more values in the local than the target, there must be at least one value in the local + // that isn't in the target, and therefor the types are incompatible. + if len(local.Values) > len(target.Values) { + return fmt.Errorf("local has more values than target: %w", errIncompatibleTypes) + } + +outer: + for _, lv := range local.Values { + for _, rv := range target.Values { + if coreEssentialNamesMatch(lv.Name, rv.Name) { + continue outer + } + } + + return fmt.Errorf("no match for %v in %v: %w", lv, target, errIncompatibleTypes) + } + + return nil +} diff --git a/vendor/github.com/cilium/ebpf/btf/ext_info.go b/vendor/github.com/cilium/ebpf/btf/ext_info.go index d85f45ae9d8..eb9044badf2 100644 --- a/vendor/github.com/cilium/ebpf/btf/ext_info.go +++ b/vendor/github.com/cilium/ebpf/btf/ext_info.go @@ -143,27 +143,19 @@ func AssignMetadataToInstructions( // MarshalExtInfos encodes function and line info embedded in insns into kernel // wire format. // -// Returns ErrNotSupported if the kernel doesn't support BTF-associated programs. -func MarshalExtInfos(insns asm.Instructions) (_ *Handle, funcInfos, lineInfos []byte, _ error) { - // Bail out early if the kernel doesn't support Func(Proto). If this is the - // case, func_info will also be unsupported. - if err := haveProgBTF(); err != nil { - return nil, nil, nil, err - } - +// If an instruction has an [asm.Comment], it will be synthesized into a mostly +// empty line info. +func MarshalExtInfos(insns asm.Instructions, b *Builder) (funcInfos, lineInfos []byte, _ error) { iter := insns.Iterate() for iter.Next() { - _, ok := iter.Ins.Source().(*Line) - fn := FuncMetadata(iter.Ins) - if ok || fn != nil { + if iter.Ins.Source() != nil || FuncMetadata(iter.Ins) != nil { goto marshal } } - return nil, nil, nil, nil + return nil, nil, nil marshal: - var b Builder var fiBuf, liBuf bytes.Buffer for { if fn := FuncMetadata(iter.Ins); fn != nil { @@ -171,18 +163,27 @@ marshal: fn: fn, offset: iter.Offset, } - if err := fi.marshal(&fiBuf, &b); err != nil { - return nil, nil, nil, fmt.Errorf("write func info: %w", err) + if err := fi.marshal(&fiBuf, b); err != nil { + return nil, nil, fmt.Errorf("write func info: %w", err) } } - if line, ok := iter.Ins.Source().(*Line); ok { + if source := iter.Ins.Source(); source != nil { + var line *Line + if l, ok := source.(*Line); ok { + line = l + } else { + line = &Line{ + line: source.String(), + } + } + li := &lineInfo{ line: line, offset: iter.Offset, } - if err := li.marshal(&liBuf, &b); err != nil { - return nil, nil, nil, fmt.Errorf("write line info: %w", err) + if err := li.marshal(&liBuf, b); err != nil { + return nil, nil, fmt.Errorf("write line info: %w", err) } } @@ -191,8 +192,7 @@ marshal: } } - handle, err := NewHandle(&b) - return handle, fiBuf.Bytes(), liBuf.Bytes(), err + return fiBuf.Bytes(), liBuf.Bytes(), nil } // btfExtHeader is found at the start of the .BTF.ext section. diff --git a/vendor/github.com/cilium/ebpf/btf/handle.go b/vendor/github.com/cilium/ebpf/btf/handle.go index b6b3e87f504..adfa6fed4bc 100644 --- a/vendor/github.com/cilium/ebpf/btf/handle.go +++ b/vendor/github.com/cilium/ebpf/btf/handle.go @@ -41,6 +41,8 @@ func NewHandle(b *Builder) (*Handle, error) { // // Returns an error wrapping ErrNotSupported if the kernel doesn't support BTF. func NewHandleFromRawBTF(btf []byte) (*Handle, error) { + const minLogSize = 64 * 1024 + if uint64(len(btf)) > math.MaxUint32 { return nil, errors.New("BTF exceeds the maximum size") } @@ -50,26 +52,54 @@ func NewHandleFromRawBTF(btf []byte) (*Handle, error) { BtfSize: uint32(len(btf)), } - fd, err := sys.BtfLoad(attr) - if err == nil { - return &Handle{fd, attr.BtfSize, false}, nil + var ( + logBuf []byte + err error + ) + for { + var fd *sys.FD + fd, err = sys.BtfLoad(attr) + if err == nil { + return &Handle{fd, attr.BtfSize, false}, nil + } + + if attr.BtfLogTrueSize != 0 && attr.BtfLogSize >= attr.BtfLogTrueSize { + // The log buffer already has the correct size. + break + } + + if attr.BtfLogSize != 0 && !errors.Is(err, unix.ENOSPC) { + // Up until at least kernel 6.0, the BTF verifier does not return ENOSPC + // if there are other verification errors. ENOSPC is only returned when + // the BTF blob is correct, a log was requested, and the provided buffer + // is too small. We're therefore not sure whether we got the full + // log or not. + break + } + + // Make an educated guess how large the buffer should be. Start + // at a reasonable minimum and then double the size. + logSize := uint32(max(len(logBuf)*2, minLogSize)) + if int(logSize) < len(logBuf) { + return nil, errors.New("overflow while probing log buffer size") + } + + if attr.BtfLogTrueSize != 0 { + // The kernel has given us a hint how large the log buffer has to be. + logSize = attr.BtfLogTrueSize + } + + logBuf = make([]byte, logSize) + attr.BtfLogSize = logSize + attr.BtfLogBuf = sys.NewSlicePointer(logBuf) + attr.BtfLogLevel = 1 } if err := haveBTF(); err != nil { return nil, err } - logBuf := make([]byte, 64*1024) - attr.BtfLogBuf = sys.NewSlicePointer(logBuf) - attr.BtfLogSize = uint32(len(logBuf)) - attr.BtfLogLevel = 1 - - // Up until at least kernel 6.0, the BTF verifier does not return ENOSPC - // if there are other verification errors. ENOSPC is only returned when - // the BTF blob is correct, a log was requested, and the provided buffer - // is too small. - _, ve := sys.BtfLoad(attr) - return nil, internal.ErrorWithLog("load btf", err, logBuf, errors.Is(ve, unix.ENOSPC)) + return nil, internal.ErrorWithLog("load btf", err, logBuf) } // NewHandleFromID returns the BTF handle for a given id. diff --git a/vendor/github.com/cilium/ebpf/btf/kernel.go b/vendor/github.com/cilium/ebpf/btf/kernel.go new file mode 100644 index 00000000000..8584ebcb932 --- /dev/null +++ b/vendor/github.com/cilium/ebpf/btf/kernel.go @@ -0,0 +1,159 @@ +package btf + +import ( + "errors" + "fmt" + "os" + "path/filepath" + "sync" + + "github.com/cilium/ebpf/internal" + "github.com/cilium/ebpf/internal/kallsyms" +) + +var kernelBTF = struct { + sync.RWMutex + kernel *Spec + modules map[string]*Spec +}{ + modules: make(map[string]*Spec), +} + +// FlushKernelSpec removes any cached kernel type information. +func FlushKernelSpec() { + kallsyms.FlushKernelModuleCache() + + kernelBTF.Lock() + defer kernelBTF.Unlock() + + kernelBTF.kernel = nil + kernelBTF.modules = make(map[string]*Spec) +} + +// LoadKernelSpec returns the current kernel's BTF information. +// +// Defaults to /sys/kernel/btf/vmlinux and falls back to scanning the file system +// for vmlinux ELFs. Returns an error wrapping ErrNotSupported if BTF is not enabled. +func LoadKernelSpec() (*Spec, error) { + kernelBTF.RLock() + spec := kernelBTF.kernel + kernelBTF.RUnlock() + + if spec == nil { + kernelBTF.Lock() + defer kernelBTF.Unlock() + + spec = kernelBTF.kernel + } + + if spec != nil { + return spec.Copy(), nil + } + + spec, _, err := loadKernelSpec() + if err != nil { + return nil, err + } + + kernelBTF.kernel = spec + return spec.Copy(), nil +} + +// LoadKernelModuleSpec returns the BTF information for the named kernel module. +// +// Defaults to /sys/kernel/btf/. +// Returns an error wrapping ErrNotSupported if BTF is not enabled. +// Returns an error wrapping fs.ErrNotExist if BTF for the specific module doesn't exist. +func LoadKernelModuleSpec(module string) (*Spec, error) { + kernelBTF.RLock() + spec := kernelBTF.modules[module] + kernelBTF.RUnlock() + + if spec != nil { + return spec.Copy(), nil + } + + base, err := LoadKernelSpec() + if err != nil { + return nil, fmt.Errorf("load kernel spec: %w", err) + } + + kernelBTF.Lock() + defer kernelBTF.Unlock() + + if spec = kernelBTF.modules[module]; spec != nil { + return spec.Copy(), nil + } + + spec, err = loadKernelModuleSpec(module, base) + if err != nil { + return nil, err + } + + kernelBTF.modules[module] = spec + return spec.Copy(), nil +} + +func loadKernelSpec() (_ *Spec, fallback bool, _ error) { + fh, err := os.Open("/sys/kernel/btf/vmlinux") + if err == nil { + defer fh.Close() + + spec, err := loadRawSpec(fh, internal.NativeEndian, nil) + return spec, false, err + } + + file, err := findVMLinux() + if err != nil { + return nil, false, err + } + defer file.Close() + + spec, err := LoadSpecFromReader(file) + return spec, true, err +} + +func loadKernelModuleSpec(module string, base *Spec) (*Spec, error) { + dir, file := filepath.Split(module) + if dir != "" || filepath.Ext(file) != "" { + return nil, fmt.Errorf("invalid module name %q", module) + } + + fh, err := os.Open(filepath.Join("/sys/kernel/btf", module)) + if err != nil { + return nil, err + } + defer fh.Close() + + return loadRawSpec(fh, internal.NativeEndian, base) +} + +// findVMLinux scans multiple well-known paths for vmlinux kernel images. +func findVMLinux() (*os.File, error) { + release, err := internal.KernelRelease() + if err != nil { + return nil, err + } + + // use same list of locations as libbpf + // https://github.com/libbpf/libbpf/blob/9a3a42608dbe3731256a5682a125ac1e23bced8f/src/btf.c#L3114-L3122 + locations := []string{ + "/boot/vmlinux-%s", + "/lib/modules/%s/vmlinux-%[1]s", + "/lib/modules/%s/build/vmlinux", + "/usr/lib/modules/%s/kernel/vmlinux", + "/usr/lib/debug/boot/vmlinux-%s", + "/usr/lib/debug/boot/vmlinux-%s.debug", + "/usr/lib/debug/lib/modules/%s/vmlinux", + } + + for _, loc := range locations { + file, err := os.Open(fmt.Sprintf(loc, release)) + if errors.Is(err, os.ErrNotExist) { + continue + } + return file, err + } + + return nil, fmt.Errorf("no BTF found for kernel version %s: %w", release, internal.ErrNotSupported) +} diff --git a/vendor/github.com/cilium/ebpf/btf/marshal.go b/vendor/github.com/cilium/ebpf/btf/marshal.go index 0d093c66564..f14cfa6e973 100644 --- a/vendor/github.com/cilium/ebpf/btf/marshal.go +++ b/vendor/github.com/cilium/ebpf/btf/marshal.go @@ -5,12 +5,12 @@ import ( "encoding/binary" "errors" "fmt" + "maps" "math" + "slices" "sync" "github.com/cilium/ebpf/internal" - - "golang.org/x/exp/slices" ) type MarshalOptions struct { @@ -20,14 +20,17 @@ type MarshalOptions struct { StripFuncLinkage bool // Replace Enum64 with a placeholder for compatibility with <6.0 kernels. ReplaceEnum64 bool + // Prevent the "No type found" error when loading BTF without any types. + PreventNoTypeFound bool } // KernelMarshalOptions will generate BTF suitable for the current kernel. func KernelMarshalOptions() *MarshalOptions { return &MarshalOptions{ - Order: internal.NativeEndian, - StripFuncLinkage: haveFuncLinkage() != nil, - ReplaceEnum64: haveEnum64() != nil, + Order: internal.NativeEndian, + StripFuncLinkage: haveFuncLinkage() != nil, + ReplaceEnum64: haveEnum64() != nil, + PreventNoTypeFound: true, // All current kernels require this. } } @@ -39,6 +42,7 @@ type encoder struct { buf *bytes.Buffer strings *stringTableBuilder ids map[Type]TypeID + visited map[Type]struct{} lastID TypeID } @@ -93,6 +97,11 @@ func NewBuilder(types []Type) (*Builder, error) { return b, nil } +// Empty returns true if neither types nor strings have been added. +func (b *Builder) Empty() bool { + return len(b.types) == 0 && (b.strings == nil || b.strings.Length() == 0) +} + // Add a Type and allocate a stable ID for it. // // Adding the identical Type multiple times is valid and will return the same ID. @@ -159,15 +168,29 @@ func (b *Builder) Marshal(buf []byte, opts *MarshalOptions) ([]byte, error) { buf: w, strings: stb, lastID: TypeID(len(b.types)), - ids: make(map[Type]TypeID, len(b.types)), + visited: make(map[Type]struct{}, len(b.types)), + ids: maps.Clone(b.stableIDs), + } + + if e.ids == nil { + e.ids = make(map[Type]TypeID) + } + + types := b.types + if len(types) == 0 && stb.Length() > 0 && opts.PreventNoTypeFound { + // We have strings that need to be written out, + // but no types (besides the implicit Void). + // Kernels as recent as v6.7 refuse to load such BTF + // with a "No type found" error in the log. + // Fix this by adding a dummy type. + types = []Type{&Int{Size: 0}} } // Ensure that types are marshaled in the exact order they were Add()ed. // Otherwise the ID returned from Add() won't match. - e.pending.Grow(len(b.types)) - for _, typ := range b.types { + e.pending.Grow(len(types)) + for _, typ := range types { e.pending.Push(typ) - e.ids[typ] = b.stableIDs[typ] } if err := e.deflatePending(); err != nil { @@ -214,16 +237,28 @@ func (b *Builder) addString(str string) (uint32, error) { return b.strings.Add(str) } -func (e *encoder) allocateID(typ Type) error { - id := e.lastID + 1 - if id < e.lastID { - return errors.New("type ID overflow") - } +func (e *encoder) allocateIDs(root Type) (err error) { + visitInPostorder(root, e.visited, func(typ Type) bool { + if _, ok := typ.(*Void); ok { + return true + } - e.pending.Push(typ) - e.ids[typ] = id - e.lastID = id - return nil + if _, ok := e.ids[typ]; ok { + return true + } + + id := e.lastID + 1 + if id < e.lastID { + err = errors.New("type ID overflow") + return false + } + + e.pending.Push(typ) + e.ids[typ] = id + e.lastID = id + return true + }) + return } // id returns the ID for the given type or panics with an error. @@ -243,33 +278,13 @@ func (e *encoder) id(typ Type) TypeID { func (e *encoder) deflatePending() error { // Declare root outside of the loop to avoid repeated heap allocations. var root Type - skip := func(t Type) (skip bool) { - if t == root { - // Force descending into the current root type even if it already - // has an ID. Otherwise we miss children of types that have their - // ID pre-allocated via Add. - return false - } - - _, isVoid := t.(*Void) - _, alreadyEncoded := e.ids[t] - return isVoid || alreadyEncoded - } for !e.pending.Empty() { root = e.pending.Shift() // Allocate IDs for all children of typ, including transitive dependencies. - iter := postorderTraversal(root, skip) - for iter.Next() { - if iter.Type == root { - // The iterator yields root at the end, do not allocate another ID. - break - } - - if err := e.allocateID(iter.Type); err != nil { - return err - } + if err := e.allocateIDs(root); err != nil { + return err } if err := e.deflateType(root); err != nil { @@ -494,7 +509,7 @@ func (e *encoder) deflateEnum64(raw *rawType, enum *Enum) (err error) { if enum.Signed { placeholder.Encoding = Signed } - if err := e.allocateID(placeholder); err != nil { + if err := e.allocateIDs(placeholder); err != nil { return fmt.Errorf("add enum64 placeholder: %w", err) } diff --git a/vendor/github.com/cilium/ebpf/btf/strings.go b/vendor/github.com/cilium/ebpf/btf/strings.go index 114d250018b..7c31461c306 100644 --- a/vendor/github.com/cilium/ebpf/btf/strings.go +++ b/vendor/github.com/cilium/ebpf/btf/strings.go @@ -6,10 +6,9 @@ import ( "errors" "fmt" "io" + "maps" + "slices" "strings" - - "golang.org/x/exp/maps" - "golang.org/x/exp/slices" ) type stringTable struct { diff --git a/vendor/github.com/cilium/ebpf/btf/traversal.go b/vendor/github.com/cilium/ebpf/btf/traversal.go index a3a9dec940a..c39dc66e46c 100644 --- a/vendor/github.com/cilium/ebpf/btf/traversal.go +++ b/vendor/github.com/cilium/ebpf/btf/traversal.go @@ -2,93 +2,41 @@ package btf import ( "fmt" - - "github.com/cilium/ebpf/internal" ) // Functions to traverse a cyclic graph of types. The below was very useful: // https://eli.thegreenplace.net/2015/directed-graph-traversal-orderings-and-applications-to-data-flow-analysis/#post-order-and-reverse-post-order -type postorderIterator struct { - // Iteration skips types for which this function returns true. - skip func(Type) bool - // The root type. May be nil if skip(root) is true. - root Type - - // Contains types which need to be either walked or yielded. - types typeDeque - // Contains a boolean whether the type has been walked or not. - walked internal.Deque[bool] - // The set of types which has been pushed onto types. - pushed map[Type]struct{} - - // The current type. Only valid after a call to Next(). - Type Type -} - -// postorderTraversal iterates all types reachable from root by visiting the -// leaves of the graph first. +// Visit all types reachable from root in postorder. // -// Types for which skip returns true are ignored. skip may be nil. -func postorderTraversal(root Type, skip func(Type) (skip bool)) postorderIterator { - // Avoid allocations for the common case of a skipped root. - if skip != nil && skip(root) { - return postorderIterator{} - } - - po := postorderIterator{root: root, skip: skip} - walkType(root, po.push) - - return po -} - -func (po *postorderIterator) push(t *Type) { - if _, ok := po.pushed[*t]; ok || *t == po.root { - return - } - - if po.skip != nil && po.skip(*t) { - return +// Traversal stops if yield returns false. +// +// Returns false if traversal was aborted. +func visitInPostorder(root Type, visited map[Type]struct{}, yield func(typ Type) bool) bool { + if _, ok := visited[root]; ok { + return true } - - if po.pushed == nil { - // Lazily allocate pushed to avoid an allocation for Types without children. - po.pushed = make(map[Type]struct{}) + if visited == nil { + visited = make(map[Type]struct{}) } + visited[root] = struct{}{} - po.pushed[*t] = struct{}{} - po.types.Push(t) - po.walked.Push(false) -} - -// Next returns true if there is another Type to traverse. -func (po *postorderIterator) Next() bool { - for !po.types.Empty() { - t := po.types.Pop() - - if !po.walked.Pop() { - // Push the type again, so that we re-evaluate it in done state - // after all children have been handled. - po.types.Push(t) - po.walked.Push(true) - - // Add all direct children to todo. - walkType(*t, po.push) - } else { - // We've walked this type previously, so we now know that all - // children have been handled. - po.Type = *t - return true - } + cont := children(root, func(child *Type) bool { + return visitInPostorder(*child, visited, yield) + }) + if !cont { + return false } - // Only return root once. - po.Type, po.root = po.root, nil - return po.Type != nil + return yield(root) } -// walkType calls fn on each child of typ. -func walkType(typ Type, fn func(*Type)) { +// children calls yield on each child of typ. +// +// Traversal stops if yield returns false. +// +// Returns false if traversal was aborted. +func children(typ Type, yield func(child *Type) bool) bool { // Explicitly type switch on the most common types to allow the inliner to // do its work. This avoids allocating intermediate slices from walk() on // the heap. @@ -96,46 +44,80 @@ func walkType(typ Type, fn func(*Type)) { case *Void, *Int, *Enum, *Fwd, *Float: // No children to traverse. case *Pointer: - fn(&v.Target) + if !yield(&v.Target) { + return false + } case *Array: - fn(&v.Index) - fn(&v.Type) + if !yield(&v.Index) { + return false + } + if !yield(&v.Type) { + return false + } case *Struct: for i := range v.Members { - fn(&v.Members[i].Type) + if !yield(&v.Members[i].Type) { + return false + } } case *Union: for i := range v.Members { - fn(&v.Members[i].Type) + if !yield(&v.Members[i].Type) { + return false + } } case *Typedef: - fn(&v.Type) + if !yield(&v.Type) { + return false + } case *Volatile: - fn(&v.Type) + if !yield(&v.Type) { + return false + } case *Const: - fn(&v.Type) + if !yield(&v.Type) { + return false + } case *Restrict: - fn(&v.Type) + if !yield(&v.Type) { + return false + } case *Func: - fn(&v.Type) + if !yield(&v.Type) { + return false + } case *FuncProto: - fn(&v.Return) + if !yield(&v.Return) { + return false + } for i := range v.Params { - fn(&v.Params[i].Type) + if !yield(&v.Params[i].Type) { + return false + } } case *Var: - fn(&v.Type) + if !yield(&v.Type) { + return false + } case *Datasec: for i := range v.Vars { - fn(&v.Vars[i].Type) + if !yield(&v.Vars[i].Type) { + return false + } } case *declTag: - fn(&v.Type) + if !yield(&v.Type) { + return false + } case *typeTag: - fn(&v.Type) + if !yield(&v.Type) { + return false + } case *cycle: // cycle has children, but we ignore them deliberately. default: panic(fmt.Sprintf("don't know how to walk Type %T", v)) } + + return true } diff --git a/vendor/github.com/cilium/ebpf/btf/types.go b/vendor/github.com/cilium/ebpf/btf/types.go index 8bd7fc77fc6..a3397460b9d 100644 --- a/vendor/github.com/cilium/ebpf/btf/types.go +++ b/vendor/github.com/cilium/ebpf/btf/types.go @@ -6,12 +6,12 @@ import ( "fmt" "io" "math" + "slices" "strings" "github.com/cilium/ebpf/asm" "github.com/cilium/ebpf/internal" "github.com/cilium/ebpf/internal/sys" - "golang.org/x/exp/slices" ) // Mirrors MAX_RESOLVE_DEPTH in libbpf. @@ -318,6 +318,18 @@ func (f *Fwd) copy() Type { return &cpy } +func (f *Fwd) matches(typ Type) bool { + if _, ok := As[*Struct](typ); ok && f.Kind == FwdStruct { + return true + } + + if _, ok := As[*Union](typ); ok && f.Kind == FwdUnion { + return true + } + + return false +} + // Typedef is an alias of a Type. type Typedef struct { Name string @@ -655,75 +667,44 @@ func alignof(typ Type) (int, error) { return 0, fmt.Errorf("can't calculate alignment of %T", t) } - if !pow(n) { + if !internal.IsPow(n) { return 0, fmt.Errorf("alignment value %d is not a power of two", n) } return n, nil } -// pow returns true if n is a power of two. -func pow(n int) bool { - return n != 0 && (n&(n-1)) == 0 -} - -// Transformer modifies a given Type and returns the result. -// -// For example, UnderlyingType removes any qualifiers or typedefs from a type. -// See the example on Copy for how to use a transform. -type Transformer func(Type) Type - // Copy a Type recursively. // -// typ may form a cycle. If transform is not nil, it is called with the -// to be copied type, and the returned value is copied instead. -func Copy(typ Type, transform Transformer) Type { - copies := copier{copies: make(map[Type]Type)} - copies.copy(&typ, transform) - return typ +// typ may form a cycle. +func Copy(typ Type) Type { + return copyType(typ, nil, make(map[Type]Type), nil) } -// copy a slice of Types recursively. -// -// See Copy for the semantics. -func copyTypes(types []Type, transform Transformer) []Type { - result := make([]Type, len(types)) - copy(result, types) - - copies := copier{copies: make(map[Type]Type, len(types))} - for i := range result { - copies.copy(&result[i], transform) +func copyType(typ Type, ids map[Type]TypeID, copies map[Type]Type, copiedIDs map[Type]TypeID) Type { + if typ == nil { + return nil } - return result -} - -type copier struct { - copies map[Type]Type - work typeDeque -} + cpy, ok := copies[typ] + if ok { + // This has been copied previously, no need to continue. + return cpy + } -func (c *copier) copy(typ *Type, transform Transformer) { - for t := typ; t != nil; t = c.work.Pop() { - // *t is the identity of the type. - if cpy := c.copies[*t]; cpy != nil { - *t = cpy - continue - } + cpy = typ.copy() + copies[typ] = cpy - var cpy Type - if transform != nil { - cpy = transform(*t).copy() - } else { - cpy = (*t).copy() - } + if id, ok := ids[typ]; ok { + copiedIDs[cpy] = id + } - c.copies[*t] = cpy - *t = cpy + children(cpy, func(child *Type) bool { + *child = copyType(*child, ids, copies, copiedIDs) + return true + }) - // Mark any nested types for copying. - walkType(cpy, c.work.Push) - } + return cpy } type typeDeque = internal.Deque[*Type] @@ -1226,12 +1207,15 @@ func UnderlyingType(typ Type) Type { return &cycle{typ} } -// as returns typ if is of type T. Otherwise it peels qualifiers and Typedefs +// As returns typ if is of type T. Otherwise it peels qualifiers and Typedefs // until it finds a T. // // Returns the zero value and false if there is no T or if the type is nested // too deeply. -func as[T Type](typ Type) (T, bool) { +func As[T Type](typ Type) (T, bool) { + // NB: We can't make this function return (*T) since then + // we can't assert that a type matches an interface which + // embeds Type: as[composite](T). for depth := 0; depth <= maxResolveDepth; depth++ { switch v := (typ).(type) { case T: diff --git a/vendor/github.com/cilium/ebpf/collection.go b/vendor/github.com/cilium/ebpf/collection.go index a5532220fd0..b2cb214adce 100644 --- a/vendor/github.com/cilium/ebpf/collection.go +++ b/vendor/github.com/cilium/ebpf/collection.go @@ -57,7 +57,7 @@ func (cs *CollectionSpec) Copy() *CollectionSpec { Maps: make(map[string]*MapSpec, len(cs.Maps)), Programs: make(map[string]*ProgramSpec, len(cs.Programs)), ByteOrder: cs.ByteOrder, - Types: cs.Types, + Types: cs.Types.Copy(), } for name, spec := range cs.Maps { diff --git a/vendor/github.com/cilium/ebpf/internal/cpu.go b/vendor/github.com/cilium/ebpf/cpu.go similarity index 72% rename from vendor/github.com/cilium/ebpf/internal/cpu.go rename to vendor/github.com/cilium/ebpf/cpu.go index 9e908b610b5..07e959efdcb 100644 --- a/vendor/github.com/cilium/ebpf/internal/cpu.go +++ b/vendor/github.com/cilium/ebpf/cpu.go @@ -1,17 +1,32 @@ -package internal +package ebpf import ( "fmt" "os" "strings" + "sync" ) -// PossibleCPUs returns the max number of CPUs a system may possibly have -// Logical CPU numbers must be of the form 0-n -var PossibleCPUs = Memoize(func() (int, error) { +var possibleCPU = sync.OnceValues(func() (int, error) { return parseCPUsFromFile("/sys/devices/system/cpu/possible") }) +// PossibleCPU returns the max number of CPUs a system may possibly have +// Logical CPU numbers must be of the form 0-n +func PossibleCPU() (int, error) { + return possibleCPU() +} + +// MustPossibleCPU is a helper that wraps a call to PossibleCPU and panics if +// the error is non-nil. +func MustPossibleCPU() int { + cpus, err := PossibleCPU() + if err != nil { + panic(err) + } + return cpus +} + func parseCPUsFromFile(path string) (int, error) { spec, err := os.ReadFile(path) if err != nil { diff --git a/vendor/github.com/cilium/ebpf/elf_reader.go b/vendor/github.com/cilium/ebpf/elf_reader.go index 5a85cbc24ff..620037d80a8 100644 --- a/vendor/github.com/cilium/ebpf/elf_reader.go +++ b/vendor/github.com/cilium/ebpf/elf_reader.go @@ -15,6 +15,7 @@ import ( "github.com/cilium/ebpf/asm" "github.com/cilium/ebpf/btf" "github.com/cilium/ebpf/internal" + "github.com/cilium/ebpf/internal/sys" "github.com/cilium/ebpf/internal/unix" ) @@ -25,7 +26,12 @@ type kconfigMeta struct { Offset uint32 } -type kfuncMeta struct{} +type kfuncMetaKey struct{} + +type kfuncMeta struct { + Binding elf.SymBind + Func *btf.Func +} // elfCode is a convenience to reduce the amount of arguments that have to // be passed around explicitly. You should treat its contents as immutable. @@ -456,6 +462,8 @@ func jumpTarget(offset uint64, ins asm.Instruction) uint64 { return uint64(dest) } +var errUnsupportedBinding = errors.New("unsupported binding") + func (ec *elfCode) relocateInstruction(ins *asm.Instruction, rel elf.Symbol) error { var ( typ = elf.ST_TYPE(rel.Info) @@ -472,7 +480,7 @@ func (ec *elfCode) relocateInstruction(ins *asm.Instruction, rel elf.Symbol) err } if bind != elf.STB_GLOBAL { - return fmt.Errorf("map %q: unsupported relocation %s", name, bind) + return fmt.Errorf("map %q: %w: %s", name, errUnsupportedBinding, bind) } if typ != elf.STT_OBJECT && typ != elf.STT_NOTYPE { @@ -488,7 +496,7 @@ func (ec *elfCode) relocateInstruction(ins *asm.Instruction, rel elf.Symbol) err switch typ { case elf.STT_SECTION: if bind != elf.STB_LOCAL { - return fmt.Errorf("direct load: %s: unsupported section relocation %s", name, bind) + return fmt.Errorf("direct load: %s: %w: %s", name, errUnsupportedBinding, bind) } // This is really a reference to a static symbol, which clang doesn't @@ -499,7 +507,7 @@ func (ec *elfCode) relocateInstruction(ins *asm.Instruction, rel elf.Symbol) err case elf.STT_OBJECT: // LLVM 9 emits OBJECT-LOCAL symbols for anonymous constants. if bind != elf.STB_GLOBAL && bind != elf.STB_LOCAL { - return fmt.Errorf("direct load: %s: unsupported object relocation %s", name, bind) + return fmt.Errorf("direct load: %s: %w: %s", name, errUnsupportedBinding, bind) } offset = uint32(rel.Value) @@ -507,7 +515,7 @@ func (ec *elfCode) relocateInstruction(ins *asm.Instruction, rel elf.Symbol) err case elf.STT_NOTYPE: // LLVM 7 emits NOTYPE-LOCAL symbols for anonymous constants. if bind != elf.STB_LOCAL { - return fmt.Errorf("direct load: %s: unsupported untyped relocation %s", name, bind) + return fmt.Errorf("direct load: %s: %w: %s", name, errUnsupportedBinding, bind) } offset = uint32(rel.Value) @@ -535,12 +543,12 @@ func (ec *elfCode) relocateInstruction(ins *asm.Instruction, rel elf.Symbol) err switch typ { case elf.STT_NOTYPE, elf.STT_FUNC: if bind != elf.STB_GLOBAL { - return fmt.Errorf("call: %s: unsupported binding: %s", name, bind) + return fmt.Errorf("call: %s: %w: %s", name, errUnsupportedBinding, bind) } case elf.STT_SECTION: if bind != elf.STB_LOCAL { - return fmt.Errorf("call: %s: unsupported binding: %s", name, bind) + return fmt.Errorf("call: %s: %w: %s", name, errUnsupportedBinding, bind) } // The function we want to call is in the indicated section, @@ -563,12 +571,12 @@ func (ec *elfCode) relocateInstruction(ins *asm.Instruction, rel elf.Symbol) err switch typ { case elf.STT_FUNC: if bind != elf.STB_GLOBAL { - return fmt.Errorf("load: %s: unsupported binding: %s", name, bind) + return fmt.Errorf("load: %s: %w: %s", name, errUnsupportedBinding, bind) } case elf.STT_SECTION: if bind != elf.STB_LOCAL { - return fmt.Errorf("load: %s: unsupported binding: %s", name, bind) + return fmt.Errorf("load: %s: %w: %s", name, errUnsupportedBinding, bind) } // ins.Constant already contains the offset in bytes from the @@ -597,8 +605,8 @@ func (ec *elfCode) relocateInstruction(ins *asm.Instruction, rel elf.Symbol) err // function declarations, as well as extern kfunc declarations using __ksym // and extern kconfig variables declared using __kconfig. case undefSection: - if bind != elf.STB_GLOBAL { - return fmt.Errorf("asm relocation: %s: unsupported binding: %s", name, bind) + if bind != elf.STB_GLOBAL && bind != elf.STB_WEAK { + return fmt.Errorf("asm relocation: %s: %w: %s", name, errUnsupportedBinding, bind) } if typ != elf.STT_NOTYPE { @@ -607,13 +615,25 @@ func (ec *elfCode) relocateInstruction(ins *asm.Instruction, rel elf.Symbol) err kf := ec.kfuncs[name] switch { - // If a Call instruction is found and the datasec has a btf.Func with a Name - // that matches the symbol name we mark the instruction as a call to a kfunc. + // If a Call / DWordLoad instruction is found and the datasec has a btf.Func with a Name + // that matches the symbol name we mark the instruction as a referencing a kfunc. case kf != nil && ins.OpCode.JumpOp() == asm.Call: - ins.Metadata.Set(kfuncMeta{}, kf) + ins.Metadata.Set(kfuncMetaKey{}, &kfuncMeta{ + Func: kf, + Binding: bind, + }) + ins.Src = asm.PseudoKfuncCall ins.Constant = -1 + case kf != nil && ins.OpCode.IsDWordLoad(): + ins.Metadata.Set(kfuncMetaKey{}, &kfuncMeta{ + Func: kf, + Binding: bind, + }) + + ins.Constant = 0 + // If no kconfig map is found, this must be a symbol reference from inline // asm (see testdata/loader.c:asm_relocation()) or a call to a forward // function declaration (see testdata/fwd_decl.c). Don't interfere, These @@ -623,6 +643,10 @@ func (ec *elfCode) relocateInstruction(ins *asm.Instruction, rel elf.Symbol) err // require it to contain the symbol to disambiguate between inline asm // relos and kconfigs. case ec.kconfig != nil && ins.OpCode.IsDWordLoad(): + if bind != elf.STB_GLOBAL { + return fmt.Errorf("asm relocation: %s: %w: %s", name, errUnsupportedBinding, bind) + } + for _, vsi := range ec.kconfig.Value.(*btf.Datasec).Vars { if vsi.Type.(*btf.Var).Name != rel.Name { continue @@ -948,6 +972,9 @@ func mapSpecFromBTF(es *elfSection, vs *btf.VarSecinfo, def *btf.Struct, spec *b return nil, fmt.Errorf("resolving values contents: %w", err) } + case "map_extra": + return nil, fmt.Errorf("BTF map definition: field %s: %w", member.Name, ErrNotSupported) + default: return nil, fmt.Errorf("unrecognized field %s in BTF map definition", member.Name) } @@ -1181,109 +1208,106 @@ func (ec *elfCode) loadKsymsSection() error { return nil } +type libbpfElfSectionDef struct { + pattern string + programType sys.ProgType + attachType sys.AttachType + flags libbpfElfSectionFlag +} + +type libbpfElfSectionFlag uint32 + +// The values correspond to enum sec_def_flags in libbpf. +const ( + _SEC_NONE libbpfElfSectionFlag = 0 + + _SEC_EXP_ATTACH_OPT libbpfElfSectionFlag = 1 << (iota - 1) + _SEC_ATTACHABLE + _SEC_ATTACH_BTF + _SEC_SLEEPABLE + _SEC_XDP_FRAGS + _SEC_USDT + + // Ignore any present extra in order to preserve backwards compatibility + // with earlier versions of the library. + ignoreExtra + + _SEC_ATTACHABLE_OPT = _SEC_ATTACHABLE | _SEC_EXP_ATTACH_OPT +) + +func init() { + // Compatibility with older versions of the library. + // We prepend libbpf definitions since they contain a prefix match + // for "xdp". + elfSectionDefs = append([]libbpfElfSectionDef{ + {"xdp.frags/", sys.BPF_PROG_TYPE_XDP, sys.BPF_XDP, _SEC_XDP_FRAGS | ignoreExtra}, + {"xdp.frags_devmap/", sys.BPF_PROG_TYPE_XDP, sys.BPF_XDP_DEVMAP, _SEC_XDP_FRAGS}, + {"xdp_devmap/", sys.BPF_PROG_TYPE_XDP, sys.BPF_XDP_DEVMAP, 0}, + {"xdp.frags_cpumap/", sys.BPF_PROG_TYPE_XDP, sys.BPF_XDP_CPUMAP, _SEC_XDP_FRAGS}, + {"xdp_cpumap/", sys.BPF_PROG_TYPE_XDP, sys.BPF_XDP_CPUMAP, 0}, + // This has been in the library since the beginning of time. Not sure + // where it came from. + {"seccomp", sys.BPF_PROG_TYPE_SOCKET_FILTER, 0, _SEC_NONE}, + }, elfSectionDefs...) +} + func getProgType(sectionName string) (ProgramType, AttachType, uint32, string) { - types := []struct { - prefix string - progType ProgramType - attachType AttachType - progFlags uint32 - }{ - // Please update the types from libbpf.c and follow the order of it. - // https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/tools/lib/bpf/libbpf.c - {"socket", SocketFilter, AttachNone, 0}, - {"sk_reuseport/migrate", SkReuseport, AttachSkReuseportSelectOrMigrate, 0}, - {"sk_reuseport", SkReuseport, AttachSkReuseportSelect, 0}, - {"kprobe/", Kprobe, AttachNone, 0}, - {"uprobe/", Kprobe, AttachNone, 0}, - {"kretprobe/", Kprobe, AttachNone, 0}, - {"uretprobe/", Kprobe, AttachNone, 0}, - {"tc", SchedCLS, AttachNone, 0}, - {"classifier", SchedCLS, AttachNone, 0}, - {"action", SchedACT, AttachNone, 0}, - {"tracepoint/", TracePoint, AttachNone, 0}, - {"tp/", TracePoint, AttachNone, 0}, - {"raw_tracepoint/", RawTracepoint, AttachNone, 0}, - {"raw_tp/", RawTracepoint, AttachNone, 0}, - {"raw_tracepoint.w/", RawTracepointWritable, AttachNone, 0}, - {"raw_tp.w/", RawTracepointWritable, AttachNone, 0}, - {"tp_btf/", Tracing, AttachTraceRawTp, 0}, - {"fentry/", Tracing, AttachTraceFEntry, 0}, - {"fmod_ret/", Tracing, AttachModifyReturn, 0}, - {"fexit/", Tracing, AttachTraceFExit, 0}, - {"fentry.s/", Tracing, AttachTraceFEntry, unix.BPF_F_SLEEPABLE}, - {"fmod_ret.s/", Tracing, AttachModifyReturn, unix.BPF_F_SLEEPABLE}, - {"fexit.s/", Tracing, AttachTraceFExit, unix.BPF_F_SLEEPABLE}, - {"freplace/", Extension, AttachNone, 0}, - {"lsm/", LSM, AttachLSMMac, 0}, - {"lsm.s/", LSM, AttachLSMMac, unix.BPF_F_SLEEPABLE}, - {"iter/", Tracing, AttachTraceIter, 0}, - {"iter.s/", Tracing, AttachTraceIter, unix.BPF_F_SLEEPABLE}, - {"syscall", Syscall, AttachNone, 0}, - {"xdp.frags_devmap/", XDP, AttachXDPDevMap, unix.BPF_F_XDP_HAS_FRAGS}, - {"xdp_devmap/", XDP, AttachXDPDevMap, 0}, - {"xdp.frags_cpumap/", XDP, AttachXDPCPUMap, unix.BPF_F_XDP_HAS_FRAGS}, - {"xdp_cpumap/", XDP, AttachXDPCPUMap, 0}, - {"xdp.frags", XDP, AttachNone, unix.BPF_F_XDP_HAS_FRAGS}, - {"xdp", XDP, AttachNone, 0}, - {"perf_event", PerfEvent, AttachNone, 0}, - {"lwt_in", LWTIn, AttachNone, 0}, - {"lwt_out", LWTOut, AttachNone, 0}, - {"lwt_xmit", LWTXmit, AttachNone, 0}, - {"lwt_seg6local", LWTSeg6Local, AttachNone, 0}, - {"cgroup_skb/ingress", CGroupSKB, AttachCGroupInetIngress, 0}, - {"cgroup_skb/egress", CGroupSKB, AttachCGroupInetEgress, 0}, - {"cgroup/skb", CGroupSKB, AttachNone, 0}, - {"cgroup/sock_create", CGroupSock, AttachCGroupInetSockCreate, 0}, - {"cgroup/sock_release", CGroupSock, AttachCgroupInetSockRelease, 0}, - {"cgroup/sock", CGroupSock, AttachCGroupInetSockCreate, 0}, - {"cgroup/post_bind4", CGroupSock, AttachCGroupInet4PostBind, 0}, - {"cgroup/post_bind6", CGroupSock, AttachCGroupInet6PostBind, 0}, - {"cgroup/dev", CGroupDevice, AttachCGroupDevice, 0}, - {"sockops", SockOps, AttachCGroupSockOps, 0}, - {"sk_skb/stream_parser", SkSKB, AttachSkSKBStreamParser, 0}, - {"sk_skb/stream_verdict", SkSKB, AttachSkSKBStreamVerdict, 0}, - {"sk_skb", SkSKB, AttachNone, 0}, - {"sk_msg", SkMsg, AttachSkMsgVerdict, 0}, - {"lirc_mode2", LircMode2, AttachLircMode2, 0}, - {"flow_dissector", FlowDissector, AttachFlowDissector, 0}, - {"cgroup/bind4", CGroupSockAddr, AttachCGroupInet4Bind, 0}, - {"cgroup/bind6", CGroupSockAddr, AttachCGroupInet6Bind, 0}, - {"cgroup/connect4", CGroupSockAddr, AttachCGroupInet4Connect, 0}, - {"cgroup/connect6", CGroupSockAddr, AttachCGroupInet6Connect, 0}, - {"cgroup/sendmsg4", CGroupSockAddr, AttachCGroupUDP4Sendmsg, 0}, - {"cgroup/sendmsg6", CGroupSockAddr, AttachCGroupUDP6Sendmsg, 0}, - {"cgroup/recvmsg4", CGroupSockAddr, AttachCGroupUDP4Recvmsg, 0}, - {"cgroup/recvmsg6", CGroupSockAddr, AttachCGroupUDP6Recvmsg, 0}, - {"cgroup/getpeername4", CGroupSockAddr, AttachCgroupInet4GetPeername, 0}, - {"cgroup/getpeername6", CGroupSockAddr, AttachCgroupInet6GetPeername, 0}, - {"cgroup/getsockname4", CGroupSockAddr, AttachCgroupInet4GetSockname, 0}, - {"cgroup/getsockname6", CGroupSockAddr, AttachCgroupInet6GetSockname, 0}, - {"cgroup/sysctl", CGroupSysctl, AttachCGroupSysctl, 0}, - {"cgroup/getsockopt", CGroupSockopt, AttachCGroupGetsockopt, 0}, - {"cgroup/setsockopt", CGroupSockopt, AttachCGroupSetsockopt, 0}, - {"struct_ops+", StructOps, AttachNone, 0}, - {"sk_lookup/", SkLookup, AttachSkLookup, 0}, - {"seccomp", SocketFilter, AttachNone, 0}, - {"kprobe.multi", Kprobe, AttachTraceKprobeMulti, 0}, - {"kretprobe.multi", Kprobe, AttachTraceKprobeMulti, 0}, - // Document all prefixes in docs/ebpf/concepts/elf-sections.md. - } + // Skip optional program marking for now. + sectionName = strings.TrimPrefix(sectionName, "?") - for _, t := range types { - if !strings.HasPrefix(sectionName, t.prefix) { + for _, t := range elfSectionDefs { + extra, ok := matchSectionName(sectionName, t.pattern) + if !ok { continue } - if !strings.HasSuffix(t.prefix, "/") { - return t.progType, t.attachType, t.progFlags, "" + programType := ProgramType(t.programType) + attachType := AttachType(t.attachType) + + var flags uint32 + if t.flags&_SEC_SLEEPABLE > 0 { + flags |= unix.BPF_F_SLEEPABLE + } + if t.flags&_SEC_XDP_FRAGS > 0 { + flags |= unix.BPF_F_XDP_HAS_FRAGS + } + if t.flags&_SEC_EXP_ATTACH_OPT > 0 { + if programType == XDP { + // The library doesn't yet have code to fallback to not specifying + // attach type. Only do this for XDP since we've enforced correct + // attach type for all other program types. + attachType = AttachNone + } + } + if t.flags&ignoreExtra > 0 { + extra = "" } - return t.progType, t.attachType, t.progFlags, sectionName[len(t.prefix):] + return programType, attachType, flags, extra } return UnspecifiedProgram, AttachNone, 0, "" } +// matchSectionName checks a section name against a pattern. +// +// It's behaviour mirrors that of libbpf's sec_def_matches. +func matchSectionName(sectionName, pattern string) (extra string, found bool) { + have, extra, found := strings.Cut(sectionName, "/") + want := strings.TrimRight(pattern, "+/") + + if strings.HasSuffix(pattern, "/") { + // Section name must have a slash and extra may be empty. + return extra, have == want && found + } else if strings.HasSuffix(pattern, "+") { + // Section name may have a slash and extra may be empty. + return extra, have == want + } + + // Section name must have a prefix. extra is ignored. + return "", strings.HasPrefix(sectionName, pattern) +} + func (ec *elfCode) loadSectionRelocations(sec *elf.Section, symbols []elf.Symbol) (map[uint64]elf.Symbol, error) { rels := make(map[uint64]elf.Symbol) diff --git a/vendor/github.com/cilium/ebpf/elf_sections.go b/vendor/github.com/cilium/ebpf/elf_sections.go new file mode 100644 index 00000000000..4b58251d9ab --- /dev/null +++ b/vendor/github.com/cilium/ebpf/elf_sections.go @@ -0,0 +1,109 @@ +// Code generated by internal/cmd/gensections.awk; DO NOT EDIT. + +package ebpf + +// Code in this file is derived from libbpf, available under BSD-2-Clause. + +import "github.com/cilium/ebpf/internal/sys" + +var elfSectionDefs = []libbpfElfSectionDef{ + {"socket", sys.BPF_PROG_TYPE_SOCKET_FILTER, 0, _SEC_NONE}, + {"sk_reuseport/migrate", sys.BPF_PROG_TYPE_SK_REUSEPORT, sys.BPF_SK_REUSEPORT_SELECT_OR_MIGRATE, _SEC_ATTACHABLE}, + {"sk_reuseport", sys.BPF_PROG_TYPE_SK_REUSEPORT, sys.BPF_SK_REUSEPORT_SELECT, _SEC_ATTACHABLE}, + {"kprobe+", sys.BPF_PROG_TYPE_KPROBE, 0, _SEC_NONE}, + {"uprobe+", sys.BPF_PROG_TYPE_KPROBE, 0, _SEC_NONE}, + {"uprobe.s+", sys.BPF_PROG_TYPE_KPROBE, 0, _SEC_SLEEPABLE}, + {"kretprobe+", sys.BPF_PROG_TYPE_KPROBE, 0, _SEC_NONE}, + {"uretprobe+", sys.BPF_PROG_TYPE_KPROBE, 0, _SEC_NONE}, + {"uretprobe.s+", sys.BPF_PROG_TYPE_KPROBE, 0, _SEC_SLEEPABLE}, + {"kprobe.multi+", sys.BPF_PROG_TYPE_KPROBE, sys.BPF_TRACE_KPROBE_MULTI, _SEC_NONE}, + {"kretprobe.multi+", sys.BPF_PROG_TYPE_KPROBE, sys.BPF_TRACE_KPROBE_MULTI, _SEC_NONE}, + {"uprobe.multi+", sys.BPF_PROG_TYPE_KPROBE, sys.BPF_TRACE_UPROBE_MULTI, _SEC_NONE}, + {"uretprobe.multi+", sys.BPF_PROG_TYPE_KPROBE, sys.BPF_TRACE_UPROBE_MULTI, _SEC_NONE}, + {"uprobe.multi.s+", sys.BPF_PROG_TYPE_KPROBE, sys.BPF_TRACE_UPROBE_MULTI, _SEC_SLEEPABLE}, + {"uretprobe.multi.s+", sys.BPF_PROG_TYPE_KPROBE, sys.BPF_TRACE_UPROBE_MULTI, _SEC_SLEEPABLE}, + {"ksyscall+", sys.BPF_PROG_TYPE_KPROBE, 0, _SEC_NONE}, + {"kretsyscall+", sys.BPF_PROG_TYPE_KPROBE, 0, _SEC_NONE}, + {"usdt+", sys.BPF_PROG_TYPE_KPROBE, 0, _SEC_USDT}, + {"usdt.s+", sys.BPF_PROG_TYPE_KPROBE, 0, _SEC_USDT | _SEC_SLEEPABLE}, + {"tc/ingress", sys.BPF_PROG_TYPE_SCHED_CLS, sys.BPF_TCX_INGRESS, _SEC_NONE}, + {"tc/egress", sys.BPF_PROG_TYPE_SCHED_CLS, sys.BPF_TCX_EGRESS, _SEC_NONE}, + {"tcx/ingress", sys.BPF_PROG_TYPE_SCHED_CLS, sys.BPF_TCX_INGRESS, _SEC_NONE}, + {"tcx/egress", sys.BPF_PROG_TYPE_SCHED_CLS, sys.BPF_TCX_EGRESS, _SEC_NONE}, + {"tc", sys.BPF_PROG_TYPE_SCHED_CLS, 0, _SEC_NONE}, + {"classifier", sys.BPF_PROG_TYPE_SCHED_CLS, 0, _SEC_NONE}, + {"action", sys.BPF_PROG_TYPE_SCHED_ACT, 0, _SEC_NONE}, + {"netkit/primary", sys.BPF_PROG_TYPE_SCHED_CLS, sys.BPF_NETKIT_PRIMARY, _SEC_NONE}, + {"netkit/peer", sys.BPF_PROG_TYPE_SCHED_CLS, sys.BPF_NETKIT_PEER, _SEC_NONE}, + {"tracepoint+", sys.BPF_PROG_TYPE_TRACEPOINT, 0, _SEC_NONE}, + {"tp+", sys.BPF_PROG_TYPE_TRACEPOINT, 0, _SEC_NONE}, + {"raw_tracepoint+", sys.BPF_PROG_TYPE_RAW_TRACEPOINT, 0, _SEC_NONE}, + {"raw_tp+", sys.BPF_PROG_TYPE_RAW_TRACEPOINT, 0, _SEC_NONE}, + {"raw_tracepoint.w+", sys.BPF_PROG_TYPE_RAW_TRACEPOINT_WRITABLE, 0, _SEC_NONE}, + {"raw_tp.w+", sys.BPF_PROG_TYPE_RAW_TRACEPOINT_WRITABLE, 0, _SEC_NONE}, + {"tp_btf+", sys.BPF_PROG_TYPE_TRACING, sys.BPF_TRACE_RAW_TP, _SEC_ATTACH_BTF}, + {"fentry+", sys.BPF_PROG_TYPE_TRACING, sys.BPF_TRACE_FENTRY, _SEC_ATTACH_BTF}, + {"fmod_ret+", sys.BPF_PROG_TYPE_TRACING, sys.BPF_MODIFY_RETURN, _SEC_ATTACH_BTF}, + {"fexit+", sys.BPF_PROG_TYPE_TRACING, sys.BPF_TRACE_FEXIT, _SEC_ATTACH_BTF}, + {"fentry.s+", sys.BPF_PROG_TYPE_TRACING, sys.BPF_TRACE_FENTRY, _SEC_ATTACH_BTF | _SEC_SLEEPABLE}, + {"fmod_ret.s+", sys.BPF_PROG_TYPE_TRACING, sys.BPF_MODIFY_RETURN, _SEC_ATTACH_BTF | _SEC_SLEEPABLE}, + {"fexit.s+", sys.BPF_PROG_TYPE_TRACING, sys.BPF_TRACE_FEXIT, _SEC_ATTACH_BTF | _SEC_SLEEPABLE}, + {"freplace+", sys.BPF_PROG_TYPE_EXT, 0, _SEC_ATTACH_BTF}, + {"lsm+", sys.BPF_PROG_TYPE_LSM, sys.BPF_LSM_MAC, _SEC_ATTACH_BTF}, + {"lsm.s+", sys.BPF_PROG_TYPE_LSM, sys.BPF_LSM_MAC, _SEC_ATTACH_BTF | _SEC_SLEEPABLE}, + {"lsm_cgroup+", sys.BPF_PROG_TYPE_LSM, sys.BPF_LSM_CGROUP, _SEC_ATTACH_BTF}, + {"iter+", sys.BPF_PROG_TYPE_TRACING, sys.BPF_TRACE_ITER, _SEC_ATTACH_BTF}, + {"iter.s+", sys.BPF_PROG_TYPE_TRACING, sys.BPF_TRACE_ITER, _SEC_ATTACH_BTF | _SEC_SLEEPABLE}, + {"syscall", sys.BPF_PROG_TYPE_SYSCALL, 0, _SEC_SLEEPABLE}, + {"xdp.frags/devmap", sys.BPF_PROG_TYPE_XDP, sys.BPF_XDP_DEVMAP, _SEC_XDP_FRAGS}, + {"xdp/devmap", sys.BPF_PROG_TYPE_XDP, sys.BPF_XDP_DEVMAP, _SEC_ATTACHABLE}, + {"xdp.frags/cpumap", sys.BPF_PROG_TYPE_XDP, sys.BPF_XDP_CPUMAP, _SEC_XDP_FRAGS}, + {"xdp/cpumap", sys.BPF_PROG_TYPE_XDP, sys.BPF_XDP_CPUMAP, _SEC_ATTACHABLE}, + {"xdp.frags", sys.BPF_PROG_TYPE_XDP, sys.BPF_XDP, _SEC_XDP_FRAGS}, + {"xdp", sys.BPF_PROG_TYPE_XDP, sys.BPF_XDP, _SEC_ATTACHABLE_OPT}, + {"perf_event", sys.BPF_PROG_TYPE_PERF_EVENT, 0, _SEC_NONE}, + {"lwt_in", sys.BPF_PROG_TYPE_LWT_IN, 0, _SEC_NONE}, + {"lwt_out", sys.BPF_PROG_TYPE_LWT_OUT, 0, _SEC_NONE}, + {"lwt_xmit", sys.BPF_PROG_TYPE_LWT_XMIT, 0, _SEC_NONE}, + {"lwt_seg6local", sys.BPF_PROG_TYPE_LWT_SEG6LOCAL, 0, _SEC_NONE}, + {"sockops", sys.BPF_PROG_TYPE_SOCK_OPS, sys.BPF_CGROUP_SOCK_OPS, _SEC_ATTACHABLE_OPT}, + {"sk_skb/stream_parser", sys.BPF_PROG_TYPE_SK_SKB, sys.BPF_SK_SKB_STREAM_PARSER, _SEC_ATTACHABLE_OPT}, + {"sk_skb/stream_verdict", sys.BPF_PROG_TYPE_SK_SKB, sys.BPF_SK_SKB_STREAM_VERDICT, _SEC_ATTACHABLE_OPT}, + {"sk_skb", sys.BPF_PROG_TYPE_SK_SKB, 0, _SEC_NONE}, + {"sk_msg", sys.BPF_PROG_TYPE_SK_MSG, sys.BPF_SK_MSG_VERDICT, _SEC_ATTACHABLE_OPT}, + {"lirc_mode2", sys.BPF_PROG_TYPE_LIRC_MODE2, sys.BPF_LIRC_MODE2, _SEC_ATTACHABLE_OPT}, + {"flow_dissector", sys.BPF_PROG_TYPE_FLOW_DISSECTOR, sys.BPF_FLOW_DISSECTOR, _SEC_ATTACHABLE_OPT}, + {"cgroup_skb/ingress", sys.BPF_PROG_TYPE_CGROUP_SKB, sys.BPF_CGROUP_INET_INGRESS, _SEC_ATTACHABLE_OPT}, + {"cgroup_skb/egress", sys.BPF_PROG_TYPE_CGROUP_SKB, sys.BPF_CGROUP_INET_EGRESS, _SEC_ATTACHABLE_OPT}, + {"cgroup/skb", sys.BPF_PROG_TYPE_CGROUP_SKB, 0, _SEC_NONE}, + {"cgroup/sock_create", sys.BPF_PROG_TYPE_CGROUP_SOCK, sys.BPF_CGROUP_INET_SOCK_CREATE, _SEC_ATTACHABLE}, + {"cgroup/sock_release", sys.BPF_PROG_TYPE_CGROUP_SOCK, sys.BPF_CGROUP_INET_SOCK_RELEASE, _SEC_ATTACHABLE}, + {"cgroup/sock", sys.BPF_PROG_TYPE_CGROUP_SOCK, sys.BPF_CGROUP_INET_SOCK_CREATE, _SEC_ATTACHABLE_OPT}, + {"cgroup/post_bind4", sys.BPF_PROG_TYPE_CGROUP_SOCK, sys.BPF_CGROUP_INET4_POST_BIND, _SEC_ATTACHABLE}, + {"cgroup/post_bind6", sys.BPF_PROG_TYPE_CGROUP_SOCK, sys.BPF_CGROUP_INET6_POST_BIND, _SEC_ATTACHABLE}, + {"cgroup/bind4", sys.BPF_PROG_TYPE_CGROUP_SOCK_ADDR, sys.BPF_CGROUP_INET4_BIND, _SEC_ATTACHABLE}, + {"cgroup/bind6", sys.BPF_PROG_TYPE_CGROUP_SOCK_ADDR, sys.BPF_CGROUP_INET6_BIND, _SEC_ATTACHABLE}, + {"cgroup/connect4", sys.BPF_PROG_TYPE_CGROUP_SOCK_ADDR, sys.BPF_CGROUP_INET4_CONNECT, _SEC_ATTACHABLE}, + {"cgroup/connect6", sys.BPF_PROG_TYPE_CGROUP_SOCK_ADDR, sys.BPF_CGROUP_INET6_CONNECT, _SEC_ATTACHABLE}, + {"cgroup/connect_unix", sys.BPF_PROG_TYPE_CGROUP_SOCK_ADDR, sys.BPF_CGROUP_UNIX_CONNECT, _SEC_ATTACHABLE}, + {"cgroup/sendmsg4", sys.BPF_PROG_TYPE_CGROUP_SOCK_ADDR, sys.BPF_CGROUP_UDP4_SENDMSG, _SEC_ATTACHABLE}, + {"cgroup/sendmsg6", sys.BPF_PROG_TYPE_CGROUP_SOCK_ADDR, sys.BPF_CGROUP_UDP6_SENDMSG, _SEC_ATTACHABLE}, + {"cgroup/sendmsg_unix", sys.BPF_PROG_TYPE_CGROUP_SOCK_ADDR, sys.BPF_CGROUP_UNIX_SENDMSG, _SEC_ATTACHABLE}, + {"cgroup/recvmsg4", sys.BPF_PROG_TYPE_CGROUP_SOCK_ADDR, sys.BPF_CGROUP_UDP4_RECVMSG, _SEC_ATTACHABLE}, + {"cgroup/recvmsg6", sys.BPF_PROG_TYPE_CGROUP_SOCK_ADDR, sys.BPF_CGROUP_UDP6_RECVMSG, _SEC_ATTACHABLE}, + {"cgroup/recvmsg_unix", sys.BPF_PROG_TYPE_CGROUP_SOCK_ADDR, sys.BPF_CGROUP_UNIX_RECVMSG, _SEC_ATTACHABLE}, + {"cgroup/getpeername4", sys.BPF_PROG_TYPE_CGROUP_SOCK_ADDR, sys.BPF_CGROUP_INET4_GETPEERNAME, _SEC_ATTACHABLE}, + {"cgroup/getpeername6", sys.BPF_PROG_TYPE_CGROUP_SOCK_ADDR, sys.BPF_CGROUP_INET6_GETPEERNAME, _SEC_ATTACHABLE}, + {"cgroup/getpeername_unix", sys.BPF_PROG_TYPE_CGROUP_SOCK_ADDR, sys.BPF_CGROUP_UNIX_GETPEERNAME, _SEC_ATTACHABLE}, + {"cgroup/getsockname4", sys.BPF_PROG_TYPE_CGROUP_SOCK_ADDR, sys.BPF_CGROUP_INET4_GETSOCKNAME, _SEC_ATTACHABLE}, + {"cgroup/getsockname6", sys.BPF_PROG_TYPE_CGROUP_SOCK_ADDR, sys.BPF_CGROUP_INET6_GETSOCKNAME, _SEC_ATTACHABLE}, + {"cgroup/getsockname_unix", sys.BPF_PROG_TYPE_CGROUP_SOCK_ADDR, sys.BPF_CGROUP_UNIX_GETSOCKNAME, _SEC_ATTACHABLE}, + {"cgroup/sysctl", sys.BPF_PROG_TYPE_CGROUP_SYSCTL, sys.BPF_CGROUP_SYSCTL, _SEC_ATTACHABLE}, + {"cgroup/getsockopt", sys.BPF_PROG_TYPE_CGROUP_SOCKOPT, sys.BPF_CGROUP_GETSOCKOPT, _SEC_ATTACHABLE}, + {"cgroup/setsockopt", sys.BPF_PROG_TYPE_CGROUP_SOCKOPT, sys.BPF_CGROUP_SETSOCKOPT, _SEC_ATTACHABLE}, + {"cgroup/dev", sys.BPF_PROG_TYPE_CGROUP_DEVICE, sys.BPF_CGROUP_DEVICE, _SEC_ATTACHABLE_OPT}, + {"struct_ops+", sys.BPF_PROG_TYPE_STRUCT_OPS, 0, _SEC_NONE}, + {"struct_ops.s+", sys.BPF_PROG_TYPE_STRUCT_OPS, 0, _SEC_SLEEPABLE}, + {"sk_lookup", sys.BPF_PROG_TYPE_SK_LOOKUP, sys.BPF_SK_LOOKUP, _SEC_ATTACHABLE}, + {"netfilter", sys.BPF_PROG_TYPE_NETFILTER, sys.BPF_NETFILTER, _SEC_NONE}, +} diff --git a/vendor/github.com/cilium/ebpf/info.go b/vendor/github.com/cilium/ebpf/info.go index 79b11c951f4..04c60c64b89 100644 --- a/vendor/github.com/cilium/ebpf/info.go +++ b/vendor/github.com/cilium/ebpf/info.go @@ -20,6 +20,23 @@ import ( "github.com/cilium/ebpf/internal/unix" ) +// The *Info structs expose metadata about a program or map. Most +// fields are exposed via a getter: +// +// func (*MapInfo) ID() (MapID, bool) +// +// This is because the metadata available changes based on kernel version. +// The second boolean return value indicates whether a particular field is +// available on the current kernel. +// +// Always add new metadata as such a getter, unless you can somehow get the +// value of the field on all supported kernels. Also document which version +// a particular field first appeared in. +// +// Some metadata is a buffer which needs additional parsing. In this case, +// store the undecoded data in the Info struct and provide a getter which +// decodes it when necessary. See ProgramInfo.Instructions for an example. + // MapInfo describes a map. type MapInfo struct { Type MapType @@ -30,6 +47,8 @@ type MapInfo struct { Flags uint32 // Name as supplied by user space at load time. Available from 4.15. Name string + + btf btf.ID } func newMapInfoFromFd(fd *sys.FD) (*MapInfo, error) { @@ -50,6 +69,7 @@ func newMapInfoFromFd(fd *sys.FD) (*MapInfo, error) { info.MaxEntries, uint32(info.MapFlags), unix.ByteSliceToString(info.Name[:]), + btf.ID(info.BtfId), }, nil } @@ -77,12 +97,27 @@ func (mi *MapInfo) ID() (MapID, bool) { return mi.id, mi.id > 0 } +// BTFID returns the BTF ID associated with the Map. +// +// The ID is only valid as long as the associated Map is kept alive. +// Available from 4.18. +// +// The bool return value indicates whether this optional field is available and +// populated. (The field may be available but not populated if the kernel +// supports the field but the Map was loaded without BTF information.) +func (mi *MapInfo) BTFID() (btf.ID, bool) { + return mi.btf, mi.btf > 0 +} + // programStats holds statistics of a program. type programStats struct { // Total accumulated runtime of the program ins ns. runtime time.Duration // Total number of times the program was called. runCount uint64 + // Total number of times the programm was NOT called. + // Added in commit 9ed9e9ba2337 ("bpf: Count the number of times recursion was prevented"). + recursionMisses uint64 } // ProgramInfo describes a program. @@ -125,8 +160,9 @@ func newProgramInfoFromFd(fd *sys.FD) (*ProgramInfo, error) { Name: unix.ByteSliceToString(info.Name[:]), btf: btf.ID(info.BtfId), stats: &programStats{ - runtime: time.Duration(info.RunTimeNs), - runCount: info.RunCnt, + runtime: time.Duration(info.RunTimeNs), + runCount: info.RunCnt, + recursionMisses: info.RecursionMisses, }, } @@ -259,6 +295,16 @@ func (pi *ProgramInfo) Runtime() (time.Duration, bool) { return time.Duration(0), false } +// RecursionMisses returns the total number of times the program was NOT called. +// This can happen when another bpf program is already running on the cpu, which +// is likely to happen for example when you interrupt bpf program execution. +func (pi *ProgramInfo) RecursionMisses() (uint64, bool) { + if pi.stats != nil { + return pi.stats.recursionMisses, true + } + return 0, false +} + // Instructions returns the 'xlated' instruction stream of the program // after it has been verified and rewritten by the kernel. These instructions // cannot be loaded back into the kernel as-is, this is mainly used for diff --git a/vendor/github.com/cilium/ebpf/internal/auxv.go b/vendor/github.com/cilium/ebpf/internal/auxv.go new file mode 100644 index 00000000000..45fd0d37f13 --- /dev/null +++ b/vendor/github.com/cilium/ebpf/internal/auxv.go @@ -0,0 +1,60 @@ +package internal + +import ( + "errors" + "io" + _ "unsafe" +) + +type auxvPairReader interface { + Close() error + ReadAuxvPair() (uint64, uint64, error) +} + +// See https://elixir.bootlin.com/linux/v6.5.5/source/include/uapi/linux/auxvec.h +const ( + _AT_NULL = 0 // End of vector + _AT_SYSINFO_EHDR = 33 // Offset to vDSO blob in process image +) + +//go:linkname runtime_getAuxv runtime.getAuxv +func runtime_getAuxv() []uintptr + +type auxvRuntimeReader struct { + data []uintptr + index int +} + +func (r *auxvRuntimeReader) Close() error { + return nil +} + +func (r *auxvRuntimeReader) ReadAuxvPair() (uint64, uint64, error) { + if r.index >= len(r.data)+2 { + return 0, 0, io.EOF + } + + // we manually add the (_AT_NULL, _AT_NULL) pair at the end + // that is not provided by the go runtime + var tag, value uintptr + if r.index+1 < len(r.data) { + tag, value = r.data[r.index], r.data[r.index+1] + } else { + tag, value = _AT_NULL, _AT_NULL + } + r.index += 2 + return uint64(tag), uint64(value), nil +} + +func newAuxvRuntimeReader() (auxvPairReader, error) { + data := runtime_getAuxv() + + if len(data)%2 != 0 { + return nil, errors.New("malformed auxv passed from runtime") + } + + return &auxvRuntimeReader{ + data: data, + index: 0, + }, nil +} diff --git a/vendor/github.com/cilium/ebpf/internal/endian_be.go b/vendor/github.com/cilium/ebpf/internal/endian_be.go index 39f49ba3a01..a37777f21f2 100644 --- a/vendor/github.com/cilium/ebpf/internal/endian_be.go +++ b/vendor/github.com/cilium/ebpf/internal/endian_be.go @@ -7,6 +7,3 @@ import "encoding/binary" // NativeEndian is set to either binary.BigEndian or binary.LittleEndian, // depending on the host's endianness. var NativeEndian = binary.BigEndian - -// ClangEndian is set to either "el" or "eb" depending on the host's endianness. -const ClangEndian = "eb" diff --git a/vendor/github.com/cilium/ebpf/internal/endian_le.go b/vendor/github.com/cilium/ebpf/internal/endian_le.go index 9488e301bfe..6dcd916d5df 100644 --- a/vendor/github.com/cilium/ebpf/internal/endian_le.go +++ b/vendor/github.com/cilium/ebpf/internal/endian_le.go @@ -7,6 +7,3 @@ import "encoding/binary" // NativeEndian is set to either binary.BigEndian or binary.LittleEndian, // depending on the host's endianness. var NativeEndian = binary.LittleEndian - -// ClangEndian is set to either "el" or "eb" depending on the host's endianness. -const ClangEndian = "el" diff --git a/vendor/github.com/cilium/ebpf/internal/errors.go b/vendor/github.com/cilium/ebpf/internal/errors.go index bda01e2fde5..83a371ad35d 100644 --- a/vendor/github.com/cilium/ebpf/internal/errors.go +++ b/vendor/github.com/cilium/ebpf/internal/errors.go @@ -12,7 +12,7 @@ import ( // // The default error output is a summary of the full log. The latter can be // accessed via VerifierError.Log or by formatting the error, see Format. -func ErrorWithLog(source string, err error, log []byte, truncated bool) *VerifierError { +func ErrorWithLog(source string, err error, log []byte) *VerifierError { const whitespace = "\t\r\v\n " // Convert verifier log C string by truncating it on the first 0 byte @@ -23,7 +23,7 @@ func ErrorWithLog(source string, err error, log []byte, truncated bool) *Verifie log = bytes.Trim(log, whitespace) if len(log) == 0 { - return &VerifierError{source, err, nil, truncated} + return &VerifierError{source, err, nil, false} } logLines := bytes.Split(log, []byte{'\n'}) @@ -34,7 +34,7 @@ func ErrorWithLog(source string, err error, log []byte, truncated bool) *Verifie lines = append(lines, string(bytes.TrimRight(line, whitespace))) } - return &VerifierError{source, err, lines, truncated} + return &VerifierError{source, err, lines, false} } // VerifierError includes information from the eBPF verifier. @@ -46,7 +46,7 @@ type VerifierError struct { Cause error // The verifier output split into lines. Log []string - // Whether the log output is truncated, based on several heuristics. + // Deprecated: the log is never truncated anymore. Truncated bool } @@ -70,7 +70,7 @@ func (le *VerifierError) Error() string { } lines := log[n-1:] - if n >= 2 && (includePreviousLine(log[n-1]) || le.Truncated) { + if n >= 2 && includePreviousLine(log[n-1]) { // Add one more line of context if it aids understanding the error. lines = log[n-2:] } @@ -81,22 +81,9 @@ func (le *VerifierError) Error() string { } omitted := len(le.Log) - len(lines) - if omitted == 0 && !le.Truncated { - return b.String() - } - - b.WriteString(" (") - if le.Truncated { - b.WriteString("truncated") - } - if omitted > 0 { - if le.Truncated { - b.WriteString(", ") - } - fmt.Fprintf(&b, "%d line(s) omitted", omitted) + fmt.Fprintf(&b, " (%d line(s) omitted)", omitted) } - b.WriteString(")") return b.String() } @@ -188,10 +175,6 @@ func (le *VerifierError) Format(f fmt.State, verb rune) { } } - if le.Truncated { - fmt.Fprintf(f, "\n\t(truncated)") - } - default: fmt.Fprintf(f, "%%!%c(BADVERB)", verb) } diff --git a/vendor/github.com/cilium/ebpf/internal/feature.go b/vendor/github.com/cilium/ebpf/internal/feature.go index b1f650751de..2b856c735e7 100644 --- a/vendor/github.com/cilium/ebpf/internal/feature.go +++ b/vendor/github.com/cilium/ebpf/internal/feature.go @@ -37,7 +37,7 @@ func (ufe *UnsupportedFeatureError) Is(target error) bool { type FeatureTest struct { // The name of the feature being detected. Name string - // Version in in the form Major.Minor[.Patch]. + // Version in the form Major.Minor[.Patch]. Version string // The feature test itself. Fn FeatureTestFn diff --git a/vendor/github.com/cilium/ebpf/internal/kallsyms/kallsyms.go b/vendor/github.com/cilium/ebpf/internal/kallsyms/kallsyms.go new file mode 100644 index 00000000000..776c7a10a28 --- /dev/null +++ b/vendor/github.com/cilium/ebpf/internal/kallsyms/kallsyms.go @@ -0,0 +1,74 @@ +package kallsyms + +import ( + "bufio" + "bytes" + "io" + "os" + "sync" +) + +var kernelModules struct { + sync.RWMutex + // function to kernel module mapping + kmods map[string]string +} + +// KernelModule returns the kernel module, if any, a probe-able function is contained in. +func KernelModule(fn string) (string, error) { + kernelModules.RLock() + kmods := kernelModules.kmods + kernelModules.RUnlock() + + if kmods == nil { + kernelModules.Lock() + defer kernelModules.Unlock() + kmods = kernelModules.kmods + } + + if kmods != nil { + return kmods[fn], nil + } + + f, err := os.Open("/proc/kallsyms") + if err != nil { + return "", err + } + defer f.Close() + kmods, err = loadKernelModuleMapping(f) + if err != nil { + return "", err + } + + kernelModules.kmods = kmods + return kmods[fn], nil +} + +// FlushKernelModuleCache removes any cached information about function to kernel module mapping. +func FlushKernelModuleCache() { + kernelModules.Lock() + defer kernelModules.Unlock() + + kernelModules.kmods = nil +} + +func loadKernelModuleMapping(f io.Reader) (map[string]string, error) { + mods := make(map[string]string) + scanner := bufio.NewScanner(f) + for scanner.Scan() { + fields := bytes.Fields(scanner.Bytes()) + if len(fields) < 4 { + continue + } + switch string(fields[1]) { + case "t", "T": + mods[string(fields[2])] = string(bytes.Trim(fields[3], "[]")) + default: + continue + } + } + if scanner.Err() != nil { + return nil, scanner.Err() + } + return mods, nil +} diff --git a/vendor/github.com/cilium/ebpf/internal/kconfig/kconfig.go b/vendor/github.com/cilium/ebpf/internal/kconfig/kconfig.go index fa530857824..1921e4f15ad 100644 --- a/vendor/github.com/cilium/ebpf/internal/kconfig/kconfig.go +++ b/vendor/github.com/cilium/ebpf/internal/kconfig/kconfig.go @@ -263,12 +263,25 @@ func PutInteger(data []byte, integer *btf.Int, n uint64) error { return fmt.Errorf("invalid boolean value: %d", n) } + if len(data) < int(integer.Size) { + return fmt.Errorf("can't fit an integer of size %d into a byte slice of length %d", integer.Size, len(data)) + } + switch integer.Size { case 1: + if integer.Encoding == btf.Signed && (int64(n) > math.MaxInt8 || int64(n) < math.MinInt8) { + return fmt.Errorf("can't represent %d as a signed integer of size %d", int64(n), integer.Size) + } data[0] = byte(n) case 2: + if integer.Encoding == btf.Signed && (int64(n) > math.MaxInt16 || int64(n) < math.MinInt16) { + return fmt.Errorf("can't represent %d as a signed integer of size %d", int64(n), integer.Size) + } internal.NativeEndian.PutUint16(data, uint16(n)) case 4: + if integer.Encoding == btf.Signed && (int64(n) > math.MaxInt32 || int64(n) < math.MinInt32) { + return fmt.Errorf("can't represent %d as a signed integer of size %d", int64(n), integer.Size) + } internal.NativeEndian.PutUint32(data, uint32(n)) case 8: internal.NativeEndian.PutUint64(data, uint64(n)) diff --git a/vendor/github.com/cilium/ebpf/internal/align.go b/vendor/github.com/cilium/ebpf/internal/math.go similarity index 63% rename from vendor/github.com/cilium/ebpf/internal/align.go rename to vendor/github.com/cilium/ebpf/internal/math.go index edc898fa968..e95c8efde51 100644 --- a/vendor/github.com/cilium/ebpf/internal/align.go +++ b/vendor/github.com/cilium/ebpf/internal/math.go @@ -6,3 +6,8 @@ import "golang.org/x/exp/constraints" func Align[I constraints.Integer](n, alignment I) I { return (n + alignment - 1) / alignment * alignment } + +// IsPow returns true if n is a power of two. +func IsPow[I constraints.Integer](n I) bool { + return n != 0 && (n&(n-1)) == 0 +} diff --git a/vendor/github.com/cilium/ebpf/internal/memoize.go b/vendor/github.com/cilium/ebpf/internal/memoize.go deleted file mode 100644 index 3de0a3fb95a..00000000000 --- a/vendor/github.com/cilium/ebpf/internal/memoize.go +++ /dev/null @@ -1,26 +0,0 @@ -package internal - -import ( - "sync" -) - -type memoizedFunc[T any] struct { - once sync.Once - fn func() (T, error) - result T - err error -} - -func (mf *memoizedFunc[T]) do() (T, error) { - mf.once.Do(func() { - mf.result, mf.err = mf.fn() - }) - return mf.result, mf.err -} - -// Memoize the result of a function call. -// -// fn is only ever called once, even if it returns an error. -func Memoize[T any](fn func() (T, error)) func() (T, error) { - return (&memoizedFunc[T]{fn: fn}).do -} diff --git a/vendor/github.com/cilium/ebpf/internal/sys/mapflags_string.go b/vendor/github.com/cilium/ebpf/internal/sys/mapflags_string.go index c80744ae0e0..d9fe217222b 100644 --- a/vendor/github.com/cilium/ebpf/internal/sys/mapflags_string.go +++ b/vendor/github.com/cilium/ebpf/internal/sys/mapflags_string.go @@ -21,24 +21,28 @@ func _() { _ = x[BPF_F_MMAPABLE-1024] _ = x[BPF_F_PRESERVE_ELEMS-2048] _ = x[BPF_F_INNER_MAP-4096] + _ = x[BPF_F_LINK-8192] + _ = x[BPF_F_PATH_FD-16384] } -const _MapFlags_name = "BPF_F_NO_PREALLOCBPF_F_NO_COMMON_LRUBPF_F_NUMA_NODEBPF_F_RDONLYBPF_F_WRONLYBPF_F_STACK_BUILD_IDBPF_F_ZERO_SEEDBPF_F_RDONLY_PROGBPF_F_WRONLY_PROGBPF_F_CLONEBPF_F_MMAPABLEBPF_F_PRESERVE_ELEMSBPF_F_INNER_MAP" +const _MapFlags_name = "BPF_F_NO_PREALLOCBPF_F_NO_COMMON_LRUBPF_F_NUMA_NODEBPF_F_RDONLYBPF_F_WRONLYBPF_F_STACK_BUILD_IDBPF_F_ZERO_SEEDBPF_F_RDONLY_PROGBPF_F_WRONLY_PROGBPF_F_CLONEBPF_F_MMAPABLEBPF_F_PRESERVE_ELEMSBPF_F_INNER_MAPBPF_F_LINKBPF_F_PATH_FD" var _MapFlags_map = map[MapFlags]string{ - 1: _MapFlags_name[0:17], - 2: _MapFlags_name[17:36], - 4: _MapFlags_name[36:51], - 8: _MapFlags_name[51:63], - 16: _MapFlags_name[63:75], - 32: _MapFlags_name[75:95], - 64: _MapFlags_name[95:110], - 128: _MapFlags_name[110:127], - 256: _MapFlags_name[127:144], - 512: _MapFlags_name[144:155], - 1024: _MapFlags_name[155:169], - 2048: _MapFlags_name[169:189], - 4096: _MapFlags_name[189:204], + 1: _MapFlags_name[0:17], + 2: _MapFlags_name[17:36], + 4: _MapFlags_name[36:51], + 8: _MapFlags_name[51:63], + 16: _MapFlags_name[63:75], + 32: _MapFlags_name[75:95], + 64: _MapFlags_name[95:110], + 128: _MapFlags_name[110:127], + 256: _MapFlags_name[127:144], + 512: _MapFlags_name[144:155], + 1024: _MapFlags_name[155:169], + 2048: _MapFlags_name[169:189], + 4096: _MapFlags_name[189:204], + 8192: _MapFlags_name[204:214], + 16384: _MapFlags_name[214:227], } func (i MapFlags) String() string { diff --git a/vendor/github.com/cilium/ebpf/internal/sys/signals.go b/vendor/github.com/cilium/ebpf/internal/sys/signals.go index 7494c030c01..e5337191d69 100644 --- a/vendor/github.com/cilium/ebpf/internal/sys/signals.go +++ b/vendor/github.com/cilium/ebpf/internal/sys/signals.go @@ -63,7 +63,7 @@ func sigsetAdd(set *unix.Sigset_t, signal unix.Signal) error { // For amd64, runtime.sigaddset() performs the following operation: // set[(signal-1)/32] |= 1 << ((uint32(signal) - 1) & 31) // - // This trick depends on sigset being two u32's, causing a signal in the the + // This trick depends on sigset being two u32's, causing a signal in the // bottom 31 bits to be written to the low word if bit 32 is low, or the high // word if bit 32 is high. diff --git a/vendor/github.com/cilium/ebpf/internal/sys/syscall.go b/vendor/github.com/cilium/ebpf/internal/sys/syscall.go index 088e82eea2a..f6b6e934580 100644 --- a/vendor/github.com/cilium/ebpf/internal/sys/syscall.go +++ b/vendor/github.com/cilium/ebpf/internal/sys/syscall.go @@ -71,12 +71,52 @@ func (i *LinkInfo) info() (unsafe.Pointer, uint32) { return unsafe.Pointer(i), uint32(unsafe.Sizeof(*i)) } +func (i *TracingLinkInfo) info() (unsafe.Pointer, uint32) { + return unsafe.Pointer(i), uint32(unsafe.Sizeof(*i)) +} + +func (i *CgroupLinkInfo) info() (unsafe.Pointer, uint32) { + return unsafe.Pointer(i), uint32(unsafe.Sizeof(*i)) +} + +func (i *NetNsLinkInfo) info() (unsafe.Pointer, uint32) { + return unsafe.Pointer(i), uint32(unsafe.Sizeof(*i)) +} + +func (i *XDPLinkInfo) info() (unsafe.Pointer, uint32) { + return unsafe.Pointer(i), uint32(unsafe.Sizeof(*i)) +} + +func (i *TcxLinkInfo) info() (unsafe.Pointer, uint32) { + return unsafe.Pointer(i), uint32(unsafe.Sizeof(*i)) +} + +func (i *NetfilterLinkInfo) info() (unsafe.Pointer, uint32) { + return unsafe.Pointer(i), uint32(unsafe.Sizeof(*i)) +} + +func (i *NetkitLinkInfo) info() (unsafe.Pointer, uint32) { + return unsafe.Pointer(i), uint32(unsafe.Sizeof(*i)) +} + +func (i *KprobeMultiLinkInfo) info() (unsafe.Pointer, uint32) { + return unsafe.Pointer(i), uint32(unsafe.Sizeof(*i)) +} + +func (i *KprobeLinkInfo) info() (unsafe.Pointer, uint32) { + return unsafe.Pointer(i), uint32(unsafe.Sizeof(*i)) +} + var _ Info = (*BtfInfo)(nil) func (i *BtfInfo) info() (unsafe.Pointer, uint32) { return unsafe.Pointer(i), uint32(unsafe.Sizeof(*i)) } +func (i *PerfEventLinkInfo) info() (unsafe.Pointer, uint32) { + return unsafe.Pointer(i), uint32(unsafe.Sizeof(*i)) +} + // ObjInfo retrieves information about a BPF Fd. // // info may be one of MapInfo, ProgInfo, LinkInfo and BtfInfo. @@ -139,6 +179,17 @@ const ( BPF_F_MMAPABLE BPF_F_PRESERVE_ELEMS BPF_F_INNER_MAP + BPF_F_LINK + BPF_F_PATH_FD +) + +// Flags used by bpf_mprog. +const ( + BPF_F_REPLACE = 1 << (iota + 2) + BPF_F_BEFORE + BPF_F_AFTER + BPF_F_ID + BPF_F_LINK_MPROG = 1 << 13 // aka BPF_F_LINK ) // wrappedErrno wraps syscall.Errno to prevent direct comparisons with diff --git a/vendor/github.com/cilium/ebpf/internal/sys/types.go b/vendor/github.com/cilium/ebpf/internal/sys/types.go index 51698e06b47..70e754de71d 100644 --- a/vendor/github.com/cilium/ebpf/internal/sys/types.go +++ b/vendor/github.com/cilium/ebpf/internal/sys/types.go @@ -65,7 +65,14 @@ const ( BPF_TCX_INGRESS AttachType = 46 BPF_TCX_EGRESS AttachType = 47 BPF_TRACE_UPROBE_MULTI AttachType = 48 - __MAX_BPF_ATTACH_TYPE AttachType = 49 + BPF_CGROUP_UNIX_CONNECT AttachType = 49 + BPF_CGROUP_UNIX_SENDMSG AttachType = 50 + BPF_CGROUP_UNIX_RECVMSG AttachType = 51 + BPF_CGROUP_UNIX_GETPEERNAME AttachType = 52 + BPF_CGROUP_UNIX_GETSOCKNAME AttachType = 53 + BPF_NETKIT_PRIMARY AttachType = 54 + BPF_NETKIT_PEER AttachType = 55 + __MAX_BPF_ATTACH_TYPE AttachType = 56 ) type Cmd uint32 @@ -351,46 +358,60 @@ const ( BPF_LINK_TYPE_NETFILTER LinkType = 10 BPF_LINK_TYPE_TCX LinkType = 11 BPF_LINK_TYPE_UPROBE_MULTI LinkType = 12 - MAX_BPF_LINK_TYPE LinkType = 13 + BPF_LINK_TYPE_NETKIT LinkType = 13 + __MAX_BPF_LINK_TYPE LinkType = 14 ) type MapType uint32 const ( - BPF_MAP_TYPE_UNSPEC MapType = 0 - BPF_MAP_TYPE_HASH MapType = 1 - BPF_MAP_TYPE_ARRAY MapType = 2 - BPF_MAP_TYPE_PROG_ARRAY MapType = 3 - BPF_MAP_TYPE_PERF_EVENT_ARRAY MapType = 4 - BPF_MAP_TYPE_PERCPU_HASH MapType = 5 - BPF_MAP_TYPE_PERCPU_ARRAY MapType = 6 - BPF_MAP_TYPE_STACK_TRACE MapType = 7 - BPF_MAP_TYPE_CGROUP_ARRAY MapType = 8 - BPF_MAP_TYPE_LRU_HASH MapType = 9 - BPF_MAP_TYPE_LRU_PERCPU_HASH MapType = 10 - BPF_MAP_TYPE_LPM_TRIE MapType = 11 - BPF_MAP_TYPE_ARRAY_OF_MAPS MapType = 12 - BPF_MAP_TYPE_HASH_OF_MAPS MapType = 13 - BPF_MAP_TYPE_DEVMAP MapType = 14 - BPF_MAP_TYPE_SOCKMAP MapType = 15 - BPF_MAP_TYPE_CPUMAP MapType = 16 - BPF_MAP_TYPE_XSKMAP MapType = 17 - BPF_MAP_TYPE_SOCKHASH MapType = 18 - BPF_MAP_TYPE_CGROUP_STORAGE_DEPRECATED MapType = 19 - BPF_MAP_TYPE_CGROUP_STORAGE MapType = 19 - BPF_MAP_TYPE_REUSEPORT_SOCKARRAY MapType = 20 - BPF_MAP_TYPE_PERCPU_CGROUP_STORAGE MapType = 21 - BPF_MAP_TYPE_QUEUE MapType = 22 - BPF_MAP_TYPE_STACK MapType = 23 - BPF_MAP_TYPE_SK_STORAGE MapType = 24 - BPF_MAP_TYPE_DEVMAP_HASH MapType = 25 - BPF_MAP_TYPE_STRUCT_OPS MapType = 26 - BPF_MAP_TYPE_RINGBUF MapType = 27 - BPF_MAP_TYPE_INODE_STORAGE MapType = 28 - BPF_MAP_TYPE_TASK_STORAGE MapType = 29 - BPF_MAP_TYPE_BLOOM_FILTER MapType = 30 - BPF_MAP_TYPE_USER_RINGBUF MapType = 31 - BPF_MAP_TYPE_CGRP_STORAGE MapType = 32 + BPF_MAP_TYPE_UNSPEC MapType = 0 + BPF_MAP_TYPE_HASH MapType = 1 + BPF_MAP_TYPE_ARRAY MapType = 2 + BPF_MAP_TYPE_PROG_ARRAY MapType = 3 + BPF_MAP_TYPE_PERF_EVENT_ARRAY MapType = 4 + BPF_MAP_TYPE_PERCPU_HASH MapType = 5 + BPF_MAP_TYPE_PERCPU_ARRAY MapType = 6 + BPF_MAP_TYPE_STACK_TRACE MapType = 7 + BPF_MAP_TYPE_CGROUP_ARRAY MapType = 8 + BPF_MAP_TYPE_LRU_HASH MapType = 9 + BPF_MAP_TYPE_LRU_PERCPU_HASH MapType = 10 + BPF_MAP_TYPE_LPM_TRIE MapType = 11 + BPF_MAP_TYPE_ARRAY_OF_MAPS MapType = 12 + BPF_MAP_TYPE_HASH_OF_MAPS MapType = 13 + BPF_MAP_TYPE_DEVMAP MapType = 14 + BPF_MAP_TYPE_SOCKMAP MapType = 15 + BPF_MAP_TYPE_CPUMAP MapType = 16 + BPF_MAP_TYPE_XSKMAP MapType = 17 + BPF_MAP_TYPE_SOCKHASH MapType = 18 + BPF_MAP_TYPE_CGROUP_STORAGE_DEPRECATED MapType = 19 + BPF_MAP_TYPE_CGROUP_STORAGE MapType = 19 + BPF_MAP_TYPE_REUSEPORT_SOCKARRAY MapType = 20 + BPF_MAP_TYPE_PERCPU_CGROUP_STORAGE_DEPRECATED MapType = 21 + BPF_MAP_TYPE_PERCPU_CGROUP_STORAGE MapType = 21 + BPF_MAP_TYPE_QUEUE MapType = 22 + BPF_MAP_TYPE_STACK MapType = 23 + BPF_MAP_TYPE_SK_STORAGE MapType = 24 + BPF_MAP_TYPE_DEVMAP_HASH MapType = 25 + BPF_MAP_TYPE_STRUCT_OPS MapType = 26 + BPF_MAP_TYPE_RINGBUF MapType = 27 + BPF_MAP_TYPE_INODE_STORAGE MapType = 28 + BPF_MAP_TYPE_TASK_STORAGE MapType = 29 + BPF_MAP_TYPE_BLOOM_FILTER MapType = 30 + BPF_MAP_TYPE_USER_RINGBUF MapType = 31 + BPF_MAP_TYPE_CGRP_STORAGE MapType = 32 +) + +type PerfEventType uint32 + +const ( + BPF_PERF_EVENT_UNSPEC PerfEventType = 0 + BPF_PERF_EVENT_UPROBE PerfEventType = 1 + BPF_PERF_EVENT_URETPROBE PerfEventType = 2 + BPF_PERF_EVENT_KPROBE PerfEventType = 3 + BPF_PERF_EVENT_KRETPROBE PerfEventType = 4 + BPF_PERF_EVENT_TRACEPOINT PerfEventType = 5 + BPF_PERF_EVENT_EVENT PerfEventType = 6 ) type ProgType uint32 @@ -462,6 +483,15 @@ const ( BPF_STATS_RUN_TIME StatsType = 0 ) +type TcxActionBase int32 + +const ( + TCX_NEXT TcxActionBase = -1 + TCX_PASS TcxActionBase = 0 + TCX_DROP TcxActionBase = 2 + TCX_REDIRECT TcxActionBase = 7 +) + type XdpAction uint32 const ( @@ -498,7 +528,7 @@ type LinkInfo struct { Id LinkID ProgId uint32 _ [4]byte - Extra [32]uint8 + Extra [48]uint8 } type MapInfo struct { @@ -702,6 +732,45 @@ func LinkCreateKprobeMulti(attr *LinkCreateKprobeMultiAttr) (*FD, error) { return NewFD(int(fd)) } +type LinkCreateNetfilterAttr struct { + ProgFd uint32 + TargetFd uint32 + AttachType AttachType + Flags uint32 + Pf uint32 + Hooknum uint32 + Priority int32 + NetfilterFlags uint32 + _ [32]byte +} + +func LinkCreateNetfilter(attr *LinkCreateNetfilterAttr) (*FD, error) { + fd, err := BPF(BPF_LINK_CREATE, unsafe.Pointer(attr), unsafe.Sizeof(*attr)) + if err != nil { + return nil, err + } + return NewFD(int(fd)) +} + +type LinkCreateNetkitAttr struct { + ProgFd uint32 + TargetIfindex uint32 + AttachType AttachType + Flags uint32 + RelativeFdOrId uint32 + _ [4]byte + ExpectedRevision uint64 + _ [32]byte +} + +func LinkCreateNetkit(attr *LinkCreateNetkitAttr) (*FD, error) { + fd, err := BPF(BPF_LINK_CREATE, unsafe.Pointer(attr), unsafe.Sizeof(*attr)) + if err != nil { + return nil, err + } + return NewFD(int(fd)) +} + type LinkCreatePerfEventAttr struct { ProgFd uint32 TargetFd uint32 @@ -719,6 +788,25 @@ func LinkCreatePerfEvent(attr *LinkCreatePerfEventAttr) (*FD, error) { return NewFD(int(fd)) } +type LinkCreateTcxAttr struct { + ProgFd uint32 + TargetIfindex uint32 + AttachType AttachType + Flags uint32 + RelativeFdOrId uint32 + _ [4]byte + ExpectedRevision uint64 + _ [32]byte +} + +func LinkCreateTcx(attr *LinkCreateTcxAttr) (*FD, error) { + fd, err := BPF(BPF_LINK_CREATE, unsafe.Pointer(attr), unsafe.Sizeof(*attr)) + if err != nil { + return nil, err + } + return NewFD(int(fd)) +} + type LinkCreateTracingAttr struct { ProgFd uint32 TargetFd uint32 @@ -738,6 +826,49 @@ func LinkCreateTracing(attr *LinkCreateTracingAttr) (*FD, error) { return NewFD(int(fd)) } +type LinkCreateUprobeMultiAttr struct { + ProgFd uint32 + TargetFd uint32 + AttachType AttachType + Flags uint32 + Path Pointer + Offsets Pointer + RefCtrOffsets Pointer + Cookies Pointer + Count uint32 + UprobeMultiFlags uint32 + Pid uint32 + _ [4]byte +} + +func LinkCreateUprobeMulti(attr *LinkCreateUprobeMultiAttr) (*FD, error) { + fd, err := BPF(BPF_LINK_CREATE, unsafe.Pointer(attr), unsafe.Sizeof(*attr)) + if err != nil { + return nil, err + } + return NewFD(int(fd)) +} + +type LinkGetFdByIdAttr struct{ Id LinkID } + +func LinkGetFdById(attr *LinkGetFdByIdAttr) (*FD, error) { + fd, err := BPF(BPF_LINK_GET_FD_BY_ID, unsafe.Pointer(attr), unsafe.Sizeof(*attr)) + if err != nil { + return nil, err + } + return NewFD(int(fd)) +} + +type LinkGetNextIdAttr struct { + Id LinkID + NextId LinkID +} + +func LinkGetNextId(attr *LinkGetNextIdAttr) error { + _, err := BPF(BPF_LINK_GET_NEXT_ID, unsafe.Pointer(attr), unsafe.Sizeof(*attr)) + return err +} + type LinkUpdateAttr struct { LinkFd uint32 NewProgFd uint32 @@ -971,13 +1102,13 @@ func ObjPin(attr *ObjPinAttr) error { } type ProgAttachAttr struct { - TargetFd uint32 - AttachBpfFd uint32 - AttachType uint32 - AttachFlags uint32 - ReplaceBpfFd uint32 - RelativeFd uint32 - ExpectedRevision uint64 + TargetFdOrIfindex uint32 + AttachBpfFd uint32 + AttachType uint32 + AttachFlags uint32 + ReplaceBpfFd uint32 + RelativeFdOrId uint32 + ExpectedRevision uint64 } func ProgAttach(attr *ProgAttachAttr) error { @@ -997,9 +1128,13 @@ func ProgBindMap(attr *ProgBindMapAttr) error { } type ProgDetachAttr struct { - TargetFd uint32 - AttachBpfFd uint32 - AttachType uint32 + TargetFdOrIfindex uint32 + AttachBpfFd uint32 + AttachType uint32 + AttachFlags uint32 + _ [4]byte + RelativeFdOrId uint32 + ExpectedRevision uint64 } func ProgDetach(attr *ProgDetachAttr) error { @@ -1065,17 +1200,17 @@ func ProgLoad(attr *ProgLoadAttr) (*FD, error) { } type ProgQueryAttr struct { - TargetFd uint32 - AttachType AttachType - QueryFlags uint32 - AttachFlags uint32 - ProgIds Pointer - ProgCount uint32 - _ [4]byte - ProgAttachFlags Pointer - LinkIds Pointer - LinkAttachFlags Pointer - Revision uint64 + TargetFdOrIfindex uint32 + AttachType AttachType + QueryFlags uint32 + AttachFlags uint32 + ProgIds Pointer + Count uint32 + _ [4]byte + ProgAttachFlags Pointer + LinkIds Pointer + LinkAttachFlags Pointer + Revision uint64 } func ProgQuery(attr *ProgQueryAttr) error { @@ -1122,31 +1257,127 @@ func RawTracepointOpen(attr *RawTracepointOpenAttr) (*FD, error) { } type CgroupLinkInfo struct { + Type LinkType + Id LinkID + ProgId uint32 + _ [4]byte CgroupId uint64 AttachType AttachType - _ [4]byte + _ [36]byte } type IterLinkInfo struct { + Type LinkType + Id LinkID + ProgId uint32 + _ [4]byte TargetName Pointer TargetNameLen uint32 } +type KprobeLinkInfo struct { + Type LinkType + Id LinkID + ProgId uint32 + _ [4]byte + PerfEventType PerfEventType + _ [4]byte + FuncName Pointer + NameLen uint32 + Offset uint32 + Addr uint64 + Missed uint64 + _ [8]byte +} + +type KprobeMultiLinkInfo struct { + Type LinkType + Id LinkID + ProgId uint32 + _ [4]byte + Addrs Pointer + Count uint32 + Flags uint32 + Missed uint64 + _ [24]byte +} + type NetNsLinkInfo struct { + Type LinkType + Id LinkID + ProgId uint32 + _ [4]byte NetnsIno uint32 AttachType AttachType + _ [40]byte +} + +type NetfilterLinkInfo struct { + Type LinkType + Id LinkID + ProgId uint32 + _ [4]byte + Pf uint32 + Hooknum uint32 + Priority int32 + Flags uint32 + _ [32]byte +} + +type NetkitLinkInfo struct { + Type LinkType + Id LinkID + ProgId uint32 + _ [4]byte + Ifindex uint32 + AttachType AttachType + _ [40]byte +} + +type PerfEventLinkInfo struct { + Type LinkType + Id LinkID + ProgId uint32 + _ [4]byte + PerfEventType PerfEventType } type RawTracepointLinkInfo struct { + Type LinkType + Id LinkID + ProgId uint32 + _ [4]byte TpName Pointer TpNameLen uint32 - _ [4]byte + _ [36]byte +} + +type TcxLinkInfo struct { + Type LinkType + Id LinkID + ProgId uint32 + _ [4]byte + Ifindex uint32 + AttachType AttachType + _ [40]byte } type TracingLinkInfo struct { + Type LinkType + Id LinkID + ProgId uint32 + _ [4]byte AttachType AttachType TargetObjId uint32 TargetBtfId TypeID + _ [36]byte } -type XDPLinkInfo struct{ Ifindex uint32 } +type XDPLinkInfo struct { + Type LinkType + Id LinkID + ProgId uint32 + _ [4]byte + Ifindex uint32 + _ [44]byte +} diff --git a/vendor/github.com/cilium/ebpf/internal/sysenc/buffer.go b/vendor/github.com/cilium/ebpf/internal/sysenc/buffer.go index c6959d9cc97..d184ea196ae 100644 --- a/vendor/github.com/cilium/ebpf/internal/sysenc/buffer.go +++ b/vendor/github.com/cilium/ebpf/internal/sysenc/buffer.go @@ -32,6 +32,7 @@ func UnsafeBuffer(ptr unsafe.Pointer) Buffer { // SyscallOutput prepares a Buffer for a syscall to write into. // +// size is the length of the desired buffer in bytes. // The buffer may point at the underlying memory of dst, in which case [Unmarshal] // becomes a no-op. // @@ -53,6 +54,11 @@ func (b Buffer) CopyTo(dst []byte) int { return copy(dst, b.unsafeBytes()) } +// AppendTo appends the buffer onto dst. +func (b Buffer) AppendTo(dst []byte) []byte { + return append(dst, b.unsafeBytes()...) +} + // Pointer returns the location where a syscall should write. func (b Buffer) Pointer() sys.Pointer { // NB: This deliberately ignores b.length to support zero-copy diff --git a/vendor/github.com/cilium/ebpf/internal/sysenc/marshal.go b/vendor/github.com/cilium/ebpf/internal/sysenc/marshal.go index 52339456aaf..0026af8f24f 100644 --- a/vendor/github.com/cilium/ebpf/internal/sysenc/marshal.go +++ b/vendor/github.com/cilium/ebpf/internal/sysenc/marshal.go @@ -7,12 +7,11 @@ import ( "errors" "fmt" "reflect" + "slices" "sync" "unsafe" "github.com/cilium/ebpf/internal" - - "golang.org/x/exp/slices" ) // Marshal turns data into a byte slice using the system's native endianness. diff --git a/vendor/github.com/cilium/ebpf/internal/tracefs/kprobe.go b/vendor/github.com/cilium/ebpf/internal/tracefs/kprobe.go index 1b45a9a7427..897740fec0c 100644 --- a/vendor/github.com/cilium/ebpf/internal/tracefs/kprobe.go +++ b/vendor/github.com/cilium/ebpf/internal/tracefs/kprobe.go @@ -8,6 +8,7 @@ import ( "path/filepath" "runtime" "strings" + "sync" "syscall" "github.com/cilium/ebpf/internal" @@ -110,7 +111,7 @@ func sanitizeTracefsPath(path ...string) (string, error) { // Since kernel 4.1 tracefs should be mounted by default at /sys/kernel/tracing, // but may be also be available at /sys/kernel/debug/tracing if debugfs is mounted. // The available tracefs paths will depends on distribution choices. -var getTracefsPath = internal.Memoize(func() (string, error) { +var getTracefsPath = sync.OnceValues(func() (string, error) { for _, p := range []struct { path string fsType int64 diff --git a/vendor/github.com/cilium/ebpf/internal/unix/types_linux.go b/vendor/github.com/cilium/ebpf/internal/unix/types_linux.go index 51ed7d0597e..d725cfaa394 100644 --- a/vendor/github.com/cilium/ebpf/internal/unix/types_linux.go +++ b/vendor/github.com/cilium/ebpf/internal/unix/types_linux.go @@ -25,6 +25,7 @@ const ( EACCES = linux.EACCES EILSEQ = linux.EILSEQ EOPNOTSUPP = linux.EOPNOTSUPP + ESTALE = linux.ESTALE ) const ( @@ -39,6 +40,8 @@ const ( BPF_F_MMAPABLE = linux.BPF_F_MMAPABLE BPF_F_INNER_MAP = linux.BPF_F_INNER_MAP BPF_F_KPROBE_MULTI_RETURN = linux.BPF_F_KPROBE_MULTI_RETURN + BPF_F_UPROBE_MULTI_RETURN = linux.BPF_F_UPROBE_MULTI_RETURN + BPF_F_LOCK = linux.BPF_F_LOCK BPF_OBJ_NAME_LEN = linux.BPF_OBJ_NAME_LEN BPF_TAG_SIZE = linux.BPF_TAG_SIZE BPF_RINGBUF_BUSY_BIT = linux.BPF_RINGBUF_BUSY_BIT @@ -98,6 +101,7 @@ type PerfEventMmapPage = linux.PerfEventMmapPage type EpollEvent = linux.EpollEvent type PerfEventAttr = linux.PerfEventAttr type Utsname = linux.Utsname +type CPUSet = linux.CPUSet func Syscall(trap, a1, a2, a3 uintptr) (r1, r2 uintptr, err syscall.Errno) { return linux.Syscall(trap, a1, a2, a3) @@ -202,3 +206,11 @@ func Fstat(fd int, stat *Stat_t) error { func SetsockoptInt(fd, level, opt, value int) error { return linux.SetsockoptInt(fd, level, opt, value) } + +func SchedSetaffinity(pid int, set *CPUSet) error { + return linux.SchedSetaffinity(pid, set) +} + +func SchedGetaffinity(pid int, set *CPUSet) error { + return linux.SchedGetaffinity(pid, set) +} diff --git a/vendor/github.com/cilium/ebpf/internal/unix/types_other.go b/vendor/github.com/cilium/ebpf/internal/unix/types_other.go index 1760e9e796b..3ff8962716a 100644 --- a/vendor/github.com/cilium/ebpf/internal/unix/types_other.go +++ b/vendor/github.com/cilium/ebpf/internal/unix/types_other.go @@ -27,6 +27,7 @@ const ( EACCES EILSEQ EOPNOTSUPP + ESTALE ) // Constants are distinct to avoid breaking switch statements. @@ -41,6 +42,7 @@ const ( BPF_F_MMAPABLE BPF_F_INNER_MAP BPF_F_KPROBE_MULTI_RETURN + BPF_F_UPROBE_MULTI_RETURN BPF_F_XDP_HAS_FRAGS BPF_OBJ_NAME_LEN BPF_TAG_SIZE @@ -91,6 +93,7 @@ const ( DEBUGFS_MAGIC BPF_RB_NO_WAKEUP BPF_RB_FORCE_WAKEUP + BPF_F_LOCK ) type Statfs_t struct { @@ -294,3 +297,15 @@ func Fstat(fd int, stat *Stat_t) error { func SetsockoptInt(fd, level, opt, value int) error { return errNonLinux } + +type CPUSet struct{} + +func (*CPUSet) Set(int) {} + +func SchedSetaffinity(pid int, set *CPUSet) error { + return errNonLinux +} + +func SchedGetaffinity(pid int, set *CPUSet) error { + return errNonLinux +} diff --git a/vendor/github.com/cilium/ebpf/internal/vdso.go b/vendor/github.com/cilium/ebpf/internal/vdso.go index c444a41c4b1..1049278554e 100644 --- a/vendor/github.com/cilium/ebpf/internal/vdso.go +++ b/vendor/github.com/cilium/ebpf/internal/vdso.go @@ -8,7 +8,6 @@ import ( "io" "math" "os" - "unsafe" "github.com/cilium/ebpf/internal/unix" ) @@ -20,21 +19,14 @@ var ( // vdsoVersion returns the LINUX_VERSION_CODE embedded in the vDSO library // linked into the current process image. func vdsoVersion() (uint32, error) { - const uintptrIs32bits = unsafe.Sizeof((uintptr)(0)) == 4 - - // Read data from the auxiliary vector, which is normally passed directly - // to the process. Go does not expose that data, so we must read it from procfs. - // https://man7.org/linux/man-pages/man3/getauxval.3.html - av, err := os.Open("/proc/self/auxv") - if errors.Is(err, unix.EACCES) { - return 0, fmt.Errorf("opening auxv: %w (process may not be dumpable due to file capabilities)", err) - } + av, err := newAuxvRuntimeReader() if err != nil { - return 0, fmt.Errorf("opening auxv: %w", err) + return 0, err } + defer av.Close() - vdsoAddr, err := vdsoMemoryAddress(av, NativeEndian, uintptrIs32bits) + vdsoAddr, err := vdsoMemoryAddress(av) if err != nil { return 0, fmt.Errorf("finding vDSO memory address: %w", err) } @@ -55,43 +47,13 @@ func vdsoVersion() (uint32, error) { return c, nil } -type auxvPair32 struct { - Tag, Value uint32 -} - -type auxvPair64 struct { - Tag, Value uint64 -} - -func readAuxvPair(r io.Reader, order binary.ByteOrder, uintptrIs32bits bool) (tag, value uint64, _ error) { - if uintptrIs32bits { - var aux auxvPair32 - if err := binary.Read(r, order, &aux); err != nil { - return 0, 0, fmt.Errorf("reading auxv entry: %w", err) - } - return uint64(aux.Tag), uint64(aux.Value), nil - } - - var aux auxvPair64 - if err := binary.Read(r, order, &aux); err != nil { - return 0, 0, fmt.Errorf("reading auxv entry: %w", err) - } - return aux.Tag, aux.Value, nil -} - // vdsoMemoryAddress returns the memory address of the vDSO library // linked into the current process image. r is an io.Reader into an auxv blob. -func vdsoMemoryAddress(r io.Reader, order binary.ByteOrder, uintptrIs32bits bool) (uintptr, error) { - // See https://elixir.bootlin.com/linux/v6.5.5/source/include/uapi/linux/auxvec.h - const ( - _AT_NULL = 0 // End of vector - _AT_SYSINFO_EHDR = 33 // Offset to vDSO blob in process image - ) - +func vdsoMemoryAddress(r auxvPairReader) (uintptr, error) { // Loop through all tag/value pairs in auxv until we find `AT_SYSINFO_EHDR`, // the address of a page containing the virtual Dynamic Shared Object (vDSO). for { - tag, value, err := readAuxvPair(r, order, uintptrIs32bits) + tag, value, err := r.ReadAuxvPair() if err != nil { return 0, err } diff --git a/vendor/github.com/cilium/ebpf/internal/version.go b/vendor/github.com/cilium/ebpf/internal/version.go index 9b17ffb44de..acd4650af73 100644 --- a/vendor/github.com/cilium/ebpf/internal/version.go +++ b/vendor/github.com/cilium/ebpf/internal/version.go @@ -2,6 +2,7 @@ package internal import ( "fmt" + "sync" "github.com/cilium/ebpf/internal/unix" ) @@ -79,7 +80,7 @@ func (v Version) Kernel() uint32 { } // KernelVersion returns the version of the currently running kernel. -var KernelVersion = Memoize(func() (Version, error) { +var KernelVersion = sync.OnceValues(func() (Version, error) { return detectKernelVersion() }) diff --git a/vendor/github.com/cilium/ebpf/link/anchor.go b/vendor/github.com/cilium/ebpf/link/anchor.go new file mode 100644 index 00000000000..1a3b5f7681f --- /dev/null +++ b/vendor/github.com/cilium/ebpf/link/anchor.go @@ -0,0 +1,137 @@ +package link + +import ( + "fmt" + + "github.com/cilium/ebpf" + "github.com/cilium/ebpf/internal/sys" +) + +const anchorFlags = sys.BPF_F_REPLACE | + sys.BPF_F_BEFORE | + sys.BPF_F_AFTER | + sys.BPF_F_ID | + sys.BPF_F_LINK_MPROG + +// Anchor is a reference to a link or program. +// +// It is used to describe where an attachment or detachment should take place +// for link types which support multiple attachment. +type Anchor interface { + // anchor returns an fd or ID and a set of flags. + // + // By default fdOrID is taken to reference a program, but BPF_F_LINK_MPROG + // changes this to refer to a link instead. + // + // BPF_F_BEFORE, BPF_F_AFTER, BPF_F_REPLACE modify where a link or program + // is attached. The default behaviour if none of these flags is specified + // matches BPF_F_AFTER. + anchor() (fdOrID, flags uint32, _ error) +} + +type firstAnchor struct{} + +func (firstAnchor) anchor() (fdOrID, flags uint32, _ error) { + return 0, sys.BPF_F_BEFORE, nil +} + +// Head is the position before all other programs or links. +func Head() Anchor { + return firstAnchor{} +} + +type lastAnchor struct{} + +func (lastAnchor) anchor() (fdOrID, flags uint32, _ error) { + return 0, sys.BPF_F_AFTER, nil +} + +// Tail is the position after all other programs or links. +func Tail() Anchor { + return lastAnchor{} +} + +// Before is the position just in front of target. +func BeforeLink(target Link) Anchor { + return anchor{target, sys.BPF_F_BEFORE} +} + +// After is the position just after target. +func AfterLink(target Link) Anchor { + return anchor{target, sys.BPF_F_AFTER} +} + +// Before is the position just in front of target. +func BeforeLinkByID(target ID) Anchor { + return anchor{target, sys.BPF_F_BEFORE} +} + +// After is the position just after target. +func AfterLinkByID(target ID) Anchor { + return anchor{target, sys.BPF_F_AFTER} +} + +// Before is the position just in front of target. +func BeforeProgram(target *ebpf.Program) Anchor { + return anchor{target, sys.BPF_F_BEFORE} +} + +// After is the position just after target. +func AfterProgram(target *ebpf.Program) Anchor { + return anchor{target, sys.BPF_F_AFTER} +} + +// Replace the target itself. +func ReplaceProgram(target *ebpf.Program) Anchor { + return anchor{target, sys.BPF_F_REPLACE} +} + +// Before is the position just in front of target. +func BeforeProgramByID(target ebpf.ProgramID) Anchor { + return anchor{target, sys.BPF_F_BEFORE} +} + +// After is the position just after target. +func AfterProgramByID(target ebpf.ProgramID) Anchor { + return anchor{target, sys.BPF_F_AFTER} +} + +// Replace the target itself. +func ReplaceProgramByID(target ebpf.ProgramID) Anchor { + return anchor{target, sys.BPF_F_REPLACE} +} + +type anchor struct { + target any + position uint32 +} + +func (ap anchor) anchor() (fdOrID, flags uint32, _ error) { + var typeFlag uint32 + switch target := ap.target.(type) { + case *ebpf.Program: + fd := target.FD() + if fd < 0 { + return 0, 0, sys.ErrClosedFd + } + fdOrID = uint32(fd) + typeFlag = 0 + case ebpf.ProgramID: + fdOrID = uint32(target) + typeFlag = sys.BPF_F_ID + case interface{ FD() int }: + fd := target.FD() + if fd < 0 { + return 0, 0, sys.ErrClosedFd + } + fdOrID = uint32(fd) + typeFlag = sys.BPF_F_LINK_MPROG + case ID: + fdOrID = uint32(target) + typeFlag = sys.BPF_F_LINK_MPROG | sys.BPF_F_ID + default: + return 0, 0, fmt.Errorf("invalid target %T", ap.target) + } + + return fdOrID, ap.position | typeFlag, nil +} diff --git a/vendor/github.com/cilium/ebpf/link/cgroup.go b/vendor/github.com/cilium/ebpf/link/cgroup.go index 58e85fe9d47..f17d34f03c0 100644 --- a/vendor/github.com/cilium/ebpf/link/cgroup.go +++ b/vendor/github.com/cilium/ebpf/link/cgroup.go @@ -6,6 +6,7 @@ import ( "os" "github.com/cilium/ebpf" + "github.com/cilium/ebpf/internal/sys" ) type cgroupAttachFlags uint32 @@ -143,8 +144,7 @@ func (cg *progAttachCgroup) Update(prog *ebpf.Program) error { // Atomically replacing multiple programs requires at least // 5.5 (commit 7dd68b3279f17921 "bpf: Support replacing cgroup-bpf // program in MULTI mode") - args.Flags |= uint32(flagReplace) - args.Replace = cg.current + args.Anchor = ReplaceProgram(cg.current) } if err := RawAttachProgram(args); err != nil { @@ -188,3 +188,21 @@ func newLinkCgroup(cgroup *os.File, attach ebpf.AttachType, prog *ebpf.Program) return &linkCgroup{*link}, err } + +func (cg *linkCgroup) Info() (*Info, error) { + var info sys.CgroupLinkInfo + if err := sys.ObjInfo(cg.fd, &info); err != nil { + return nil, fmt.Errorf("cgroup link info: %s", err) + } + extra := &CgroupInfo{ + CgroupId: info.CgroupId, + AttachType: info.AttachType, + } + + return &Info{ + info.Type, + info.Id, + ebpf.ProgramID(info.ProgId), + extra, + }, nil +} diff --git a/vendor/github.com/cilium/ebpf/link/kprobe.go b/vendor/github.com/cilium/ebpf/link/kprobe.go index b54ca908533..fe3f17c3717 100644 --- a/vendor/github.com/cilium/ebpf/link/kprobe.go +++ b/vendor/github.com/cilium/ebpf/link/kprobe.go @@ -59,6 +59,8 @@ func (ko *KprobeOptions) cookie() uint64 { // If attaching to symbol fails, automatically retries with the running // platform's syscall prefix (e.g. __x64_) to support attaching to syscalls // in a portable fashion. +// +// The returned Link may implement [PerfEvent]. func Kprobe(symbol string, prog *ebpf.Program, opts *KprobeOptions) (Link, error) { k, err := kprobe(symbol, prog, opts, false) if err != nil { @@ -90,6 +92,8 @@ func Kprobe(symbol string, prog *ebpf.Program, opts *KprobeOptions) (Link, error // // On kernels 5.10 and earlier, setting a kretprobe on a nonexistent symbol // incorrectly returns unix.EINVAL instead of os.ErrNotExist. +// +// The returned Link may implement [PerfEvent]. func Kretprobe(symbol string, prog *ebpf.Program, opts *KprobeOptions) (Link, error) { k, err := kprobe(symbol, prog, opts, true) if err != nil { @@ -274,7 +278,11 @@ func pmuProbe(args tracefs.ProbeArgs) (*perfEvent, error) { } } - rawFd, err := unix.PerfEventOpen(&attr, args.Pid, 0, -1, unix.PERF_FLAG_FD_CLOEXEC) + cpu := 0 + if args.Pid != perfAllThreads { + cpu = -1 + } + rawFd, err := unix.PerfEventOpen(&attr, args.Pid, cpu, -1, unix.PERF_FLAG_FD_CLOEXEC) // On some old kernels, kprobe PMU doesn't allow `.` in symbol names and // return -EINVAL. Return ErrNotSupported to allow falling back to tracefs. diff --git a/vendor/github.com/cilium/ebpf/link/kprobe_multi.go b/vendor/github.com/cilium/ebpf/link/kprobe_multi.go index 4d364d80ebc..f7a8291f945 100644 --- a/vendor/github.com/cilium/ebpf/link/kprobe_multi.go +++ b/vendor/github.com/cilium/ebpf/link/kprobe_multi.go @@ -130,12 +130,23 @@ func (kml *kprobeMultiLink) Update(prog *ebpf.Program) error { return fmt.Errorf("update kprobe_multi: %w", ErrNotSupported) } -func (kml *kprobeMultiLink) Pin(string) error { - return fmt.Errorf("pin kprobe_multi: %w", ErrNotSupported) -} +func (kml *kprobeMultiLink) Info() (*Info, error) { + var info sys.KprobeMultiLinkInfo + if err := sys.ObjInfo(kml.fd, &info); err != nil { + return nil, fmt.Errorf("kprobe multi link info: %s", err) + } + extra := &KprobeMultiInfo{ + count: info.Count, + flags: info.Flags, + missed: info.Missed, + } -func (kml *kprobeMultiLink) Unpin() error { - return fmt.Errorf("unpin kprobe_multi: %w", ErrNotSupported) + return &Info{ + info.Type, + info.Id, + ebpf.ProgramID(info.ProgId), + extra, + }, nil } var haveBPFLinkKprobeMulti = internal.NewFeatureTest("bpf_link_kprobe_multi", "5.18", func() error { diff --git a/vendor/github.com/cilium/ebpf/link/link.go b/vendor/github.com/cilium/ebpf/link/link.go index 36acd6ee4b9..9c34616c9a9 100644 --- a/vendor/github.com/cilium/ebpf/link/link.go +++ b/vendor/github.com/cilium/ebpf/link/link.go @@ -1,9 +1,9 @@ package link import ( - "bytes" - "encoding/binary" + "errors" "fmt" + "os" "github.com/cilium/ebpf" "github.com/cilium/ebpf/btf" @@ -48,8 +48,15 @@ type Link interface { // NewLinkFromFD creates a link from a raw fd. // -// You should not use fd after calling this function. +// Deprecated: use [NewFromFD] instead. func NewLinkFromFD(fd int) (Link, error) { + return NewFromFD(fd) +} + +// NewFromFD creates a link from a raw fd. +// +// You should not use fd after calling this function. +func NewFromFD(fd int) (Link, error) { sysFD, err := sys.NewFD(fd) if err != nil { return nil, err @@ -58,6 +65,19 @@ func NewLinkFromFD(fd int) (Link, error) { return wrapRawLink(&RawLink{fd: sysFD}) } +// NewFromID returns the link associated with the given id. +// +// Returns ErrNotExist if there is no link with the given id. +func NewFromID(id ID) (Link, error) { + getFdAttr := &sys.LinkGetFdByIdAttr{Id: id} + fd, err := sys.LinkGetFdById(getFdAttr) + if err != nil { + return nil, fmt.Errorf("get link fd from ID %d: %w", id, err) + } + + return wrapRawLink(&RawLink{fd, ""}) +} + // LoadPinnedLink loads a link that was persisted into a bpffs. func LoadPinnedLink(fileName string, opts *ebpf.LoadPinOptions) (Link, error) { raw, err := loadPinnedRawLink(fileName, opts) @@ -96,8 +116,18 @@ func wrapRawLink(raw *RawLink) (_ Link, err error) { return &NetNsLink{*raw}, nil case KprobeMultiType: return &kprobeMultiLink{*raw}, nil + case UprobeMultiType: + return &uprobeMultiLink{*raw}, nil case PerfEventType: - return nil, fmt.Errorf("recovering perf event fd: %w", ErrNotSupported) + return &perfEventLink{*raw, nil}, nil + case TCXType: + return &tcxLink{*raw}, nil + case NetfilterType: + return &netfilterLink{*raw}, nil + case NetkitType: + return &netkitLink{*raw}, nil + case XDPType: + return &xdpLink{*raw}, nil default: return raw, nil } @@ -128,10 +158,85 @@ type Info struct { extra interface{} } -type TracingInfo sys.TracingLinkInfo -type CgroupInfo sys.CgroupLinkInfo -type NetNsInfo sys.NetNsLinkInfo -type XDPInfo sys.XDPLinkInfo +type TracingInfo struct { + AttachType sys.AttachType + TargetObjId uint32 + TargetBtfId sys.TypeID +} + +type CgroupInfo struct { + CgroupId uint64 + AttachType sys.AttachType + _ [4]byte +} + +type NetNsInfo struct { + NetnsIno uint32 + AttachType sys.AttachType +} + +type TCXInfo struct { + Ifindex uint32 + AttachType sys.AttachType +} + +type XDPInfo struct { + Ifindex uint32 +} + +type NetfilterInfo struct { + Pf uint32 + Hooknum uint32 + Priority int32 + Flags uint32 +} + +type NetkitInfo struct { + Ifindex uint32 + AttachType sys.AttachType +} + +type KprobeMultiInfo struct { + count uint32 + flags uint32 + missed uint64 +} + +// AddressCount is the number of addresses hooked by the kprobe. +func (kpm *KprobeMultiInfo) AddressCount() (uint32, bool) { + return kpm.count, kpm.count > 0 +} + +func (kpm *KprobeMultiInfo) Flags() (uint32, bool) { + return kpm.flags, kpm.count > 0 +} + +func (kpm *KprobeMultiInfo) Missed() (uint64, bool) { + return kpm.missed, kpm.count > 0 +} + +type PerfEventInfo struct { + Type sys.PerfEventType + extra interface{} +} + +func (r *PerfEventInfo) Kprobe() *KprobeInfo { + e, _ := r.extra.(*KprobeInfo) + return e +} + +type KprobeInfo struct { + address uint64 + missed uint64 +} + +func (kp *KprobeInfo) Address() (uint64, bool) { + return kp.address, kp.address > 0 +} + +func (kp *KprobeInfo) Missed() (uint64, bool) { + return kp.missed, kp.address > 0 +} // Tracing returns tracing type-specific link info. // @@ -157,7 +262,7 @@ func (r Info) NetNs() *NetNsInfo { return e } -// ExtraNetNs returns XDP type-specific link info. +// XDP returns XDP type-specific link info. // // Returns nil if the type-specific link info isn't available. func (r Info) XDP() *XDPInfo { @@ -165,6 +270,46 @@ func (r Info) XDP() *XDPInfo { return e } +// TCX returns TCX type-specific link info. +// +// Returns nil if the type-specific link info isn't available. +func (r Info) TCX() *TCXInfo { + e, _ := r.extra.(*TCXInfo) + return e +} + +// Netfilter returns netfilter type-specific link info. +// +// Returns nil if the type-specific link info isn't available. +func (r Info) Netfilter() *NetfilterInfo { + e, _ := r.extra.(*NetfilterInfo) + return e +} + +// Netkit returns netkit type-specific link info. +// +// Returns nil if the type-specific link info isn't available. +func (r Info) Netkit() *NetkitInfo { + e, _ := r.extra.(*NetkitInfo) + return e +} + +// KprobeMulti returns kprobe-multi type-specific link info. +// +// Returns nil if the type-specific link info isn't available. +func (r Info) KprobeMulti() *KprobeMultiInfo { + e, _ := r.extra.(*KprobeMultiInfo) + return e +} + +// PerfEvent returns perf-event type-specific link info. +// +// Returns nil if the type-specific link info isn't available. +func (r Info) PerfEvent() *PerfEventInfo { + e, _ := r.extra.(*PerfEventInfo) + return e +} + // RawLink is the low-level API to bpf_link. // // You should consider using the higher level interfaces in this @@ -295,6 +440,9 @@ func (l *RawLink) UpdateArgs(opts RawLinkUpdateOptions) error { } // Info returns metadata about the link. +// +// Linktype specific metadata is not included and can be retrieved +// via the linktype specific Info() method. func (l *RawLink) Info() (*Info, error) { var info sys.LinkInfo @@ -302,35 +450,81 @@ func (l *RawLink) Info() (*Info, error) { return nil, fmt.Errorf("link info: %s", err) } - var extra interface{} - switch info.Type { - case CgroupType: - extra = &CgroupInfo{} - case NetNsType: - extra = &NetNsInfo{} - case TracingType: - extra = &TracingInfo{} - case XDPType: - extra = &XDPInfo{} - case RawTracepointType, IterType, - PerfEventType, KprobeMultiType: - // Extra metadata not supported. - default: - return nil, fmt.Errorf("unknown link info type: %d", info.Type) - } - - if extra != nil { - buf := bytes.NewReader(info.Extra[:]) - err := binary.Read(buf, internal.NativeEndian, extra) - if err != nil { - return nil, fmt.Errorf("cannot read extra link info: %w", err) - } - } - return &Info{ info.Type, info.Id, ebpf.ProgramID(info.ProgId), - extra, + nil, }, nil } + +// Iterator allows iterating over links attached into the kernel. +type Iterator struct { + // The ID of the current link. Only valid after a call to Next + ID ID + // The current link. Only valid until a call to Next. + // See Take if you want to retain the link. + Link Link + err error +} + +// Next retrieves the next link. +// +// Returns true if another link was found. Call [Iterator.Err] after the function returns false. +func (it *Iterator) Next() bool { + id := it.ID + for { + getIdAttr := &sys.LinkGetNextIdAttr{Id: id} + err := sys.LinkGetNextId(getIdAttr) + if errors.Is(err, os.ErrNotExist) { + // There are no more links. + break + } else if err != nil { + it.err = fmt.Errorf("get next link ID: %w", err) + break + } + + id = getIdAttr.NextId + l, err := NewFromID(id) + if errors.Is(err, os.ErrNotExist) { + // Couldn't load the link fast enough. Try next ID. + continue + } else if err != nil { + it.err = fmt.Errorf("get link for ID %d: %w", id, err) + break + } + + if it.Link != nil { + it.Link.Close() + } + it.ID, it.Link = id, l + return true + } + + // No more links or we encountered an error. + if it.Link != nil { + it.Link.Close() + } + it.Link = nil + return false +} + +// Take the ownership of the current link. +// +// It's the callers responsibility to close the link. +func (it *Iterator) Take() Link { + l := it.Link + it.Link = nil + return l +} + +// Err returns an error if iteration failed for some reason. +func (it *Iterator) Err() error { + return it.err +} + +func (it *Iterator) Close() { + if it.Link != nil { + it.Link.Close() + } +} diff --git a/vendor/github.com/cilium/ebpf/link/netfilter.go b/vendor/github.com/cilium/ebpf/link/netfilter.go new file mode 100644 index 00000000000..34be3908597 --- /dev/null +++ b/vendor/github.com/cilium/ebpf/link/netfilter.go @@ -0,0 +1,90 @@ +package link + +import ( + "fmt" + + "github.com/cilium/ebpf" + "github.com/cilium/ebpf/internal/sys" +) + +const NetfilterIPDefrag NetfilterAttachFlags = 0 // Enable IP packet defragmentation + +type NetfilterAttachFlags uint32 + +type NetfilterOptions struct { + // Program must be a netfilter BPF program. + Program *ebpf.Program + // The protocol family. + ProtocolFamily uint32 + // The number of the hook you are interested in. + HookNumber uint32 + // Priority within hook + Priority int32 + // Extra link flags + Flags uint32 + // Netfilter flags + NetfilterFlags NetfilterAttachFlags +} + +type netfilterLink struct { + RawLink +} + +// AttachNetfilter links a netfilter BPF program to a netfilter hook. +func AttachNetfilter(opts NetfilterOptions) (Link, error) { + if opts.Program == nil { + return nil, fmt.Errorf("netfilter program is nil") + } + + if t := opts.Program.Type(); t != ebpf.Netfilter { + return nil, fmt.Errorf("invalid program type %s, expected netfilter", t) + } + + progFd := opts.Program.FD() + if progFd < 0 { + return nil, fmt.Errorf("invalid program: %s", sys.ErrClosedFd) + } + + attr := sys.LinkCreateNetfilterAttr{ + ProgFd: uint32(opts.Program.FD()), + AttachType: sys.BPF_NETFILTER, + Flags: opts.Flags, + Pf: uint32(opts.ProtocolFamily), + Hooknum: uint32(opts.HookNumber), + Priority: opts.Priority, + NetfilterFlags: uint32(opts.NetfilterFlags), + } + + fd, err := sys.LinkCreateNetfilter(&attr) + if err != nil { + return nil, fmt.Errorf("attach netfilter link: %w", err) + } + + return &netfilterLink{RawLink{fd, ""}}, nil +} + +func (*netfilterLink) Update(new *ebpf.Program) error { + return fmt.Errorf("netfilter update: %w", ErrNotSupported) +} + +func (nf *netfilterLink) Info() (*Info, error) { + var info sys.NetfilterLinkInfo + if err := sys.ObjInfo(nf.fd, &info); err != nil { + return nil, fmt.Errorf("netfilter link info: %s", err) + } + extra := &NetfilterInfo{ + Pf: info.Pf, + Hooknum: info.Hooknum, + Priority: info.Priority, + Flags: info.Flags, + } + + return &Info{ + info.Type, + info.Id, + ebpf.ProgramID(info.ProgId), + extra, + }, nil +} + +var _ Link = (*netfilterLink)(nil) diff --git a/vendor/github.com/cilium/ebpf/link/netkit.go b/vendor/github.com/cilium/ebpf/link/netkit.go new file mode 100644 index 00000000000..5eee3b023ae --- /dev/null +++ b/vendor/github.com/cilium/ebpf/link/netkit.go @@ -0,0 +1,89 @@ +package link + +import ( + "fmt" + "runtime" + + "github.com/cilium/ebpf" + "github.com/cilium/ebpf/internal/sys" +) + +type NetkitOptions struct { + // Index of the interface to attach to. + Interface int + // Program to attach. + Program *ebpf.Program + // One of the AttachNetkit* constants. + Attach ebpf.AttachType + // Attach relative to an anchor. Optional. + Anchor Anchor + // Only attach if the expected revision matches. + ExpectedRevision uint64 + // Flags control the attach behaviour. Specify an Anchor instead of + // F_LINK, F_ID, F_BEFORE, F_AFTER and R_REPLACE. Optional. + Flags uint32 +} + +func AttachNetkit(opts NetkitOptions) (Link, error) { + if opts.Interface < 0 { + return nil, fmt.Errorf("interface %d is out of bounds", opts.Interface) + } + + if opts.Flags&anchorFlags != 0 { + return nil, fmt.Errorf("disallowed flags: use Anchor to specify attach target") + } + + attr := sys.LinkCreateNetkitAttr{ + ProgFd: uint32(opts.Program.FD()), + AttachType: sys.AttachType(opts.Attach), + TargetIfindex: uint32(opts.Interface), + ExpectedRevision: opts.ExpectedRevision, + Flags: opts.Flags, + } + + if opts.Anchor != nil { + fdOrID, flags, err := opts.Anchor.anchor() + if err != nil { + return nil, fmt.Errorf("attach netkit link: %w", err) + } + + attr.RelativeFdOrId = fdOrID + attr.Flags |= flags + } + + fd, err := sys.LinkCreateNetkit(&attr) + runtime.KeepAlive(opts.Program) + runtime.KeepAlive(opts.Anchor) + if err != nil { + if haveFeatErr := haveNetkit(); haveFeatErr != nil { + return nil, haveFeatErr + } + return nil, fmt.Errorf("attach netkit link: %w", err) + } + + return &netkitLink{RawLink{fd, ""}}, nil +} + +type netkitLink struct { + RawLink +} + +var _ Link = (*netkitLink)(nil) + +func (netkit *netkitLink) Info() (*Info, error) { + var info sys.NetkitLinkInfo + if err := sys.ObjInfo(netkit.fd, &info); err != nil { + return nil, fmt.Errorf("netkit link info: %s", err) + } + extra := &NetkitInfo{ + Ifindex: info.Ifindex, + AttachType: info.AttachType, + } + + return &Info{ + info.Type, + info.Id, + ebpf.ProgramID(info.ProgId), + extra, + }, nil +} diff --git a/vendor/github.com/cilium/ebpf/link/netns.go b/vendor/github.com/cilium/ebpf/link/netns.go index 344ecced6be..b1edd340a3f 100644 --- a/vendor/github.com/cilium/ebpf/link/netns.go +++ b/vendor/github.com/cilium/ebpf/link/netns.go @@ -4,6 +4,7 @@ import ( "fmt" "github.com/cilium/ebpf" + "github.com/cilium/ebpf/internal/sys" ) // NetNsLink is a program attached to a network namespace. @@ -34,3 +35,21 @@ func AttachNetNs(ns int, prog *ebpf.Program) (*NetNsLink, error) { return &NetNsLink{*link}, nil } + +func (ns *NetNsLink) Info() (*Info, error) { + var info sys.NetNsLinkInfo + if err := sys.ObjInfo(ns.fd, &info); err != nil { + return nil, fmt.Errorf("netns link info: %s", err) + } + extra := &NetNsInfo{ + NetnsIno: info.NetnsIno, + AttachType: info.AttachType, + } + + return &Info{ + info.Type, + info.Id, + ebpf.ProgramID(info.ProgId), + extra, + }, nil +} diff --git a/vendor/github.com/cilium/ebpf/link/perf_event.go b/vendor/github.com/cilium/ebpf/link/perf_event.go index 5f7a628b3d7..1d8feb58c1c 100644 --- a/vendor/github.com/cilium/ebpf/link/perf_event.go +++ b/vendor/github.com/cilium/ebpf/link/perf_event.go @@ -3,6 +3,7 @@ package link import ( "errors" "fmt" + "os" "runtime" "unsafe" @@ -78,6 +79,18 @@ func (pe *perfEvent) Close() error { return nil } +// PerfEvent is implemented by some Link types which use a perf event under +// the hood. +type PerfEvent interface { + // PerfEvent returns a file for the underlying perf event. + // + // It is the callers responsibility to close the returned file. + // + // Making changes to the associated perf event lead to + // undefined behaviour. + PerfEvent() (*os.File, error) +} + // perfEventLink represents a bpf perf link. type perfEventLink struct { RawLink @@ -86,30 +99,16 @@ type perfEventLink struct { func (pl *perfEventLink) isLink() {} -// Pinning requires the underlying perf event FD to stay open. -// -// | PerfEvent FD | BpfLink FD | Works | -// |--------------|------------|-------| -// | Open | Open | Yes | -// | Closed | Open | No | -// | Open | Closed | No (Pin() -> EINVAL) | -// | Closed | Closed | No (Pin() -> EINVAL) | -// -// There is currently no pretty way to recover the perf event FD -// when loading a pinned link, so leave as not supported for now. -func (pl *perfEventLink) Pin(string) error { - return fmt.Errorf("perf event link pin: %w", ErrNotSupported) -} - -func (pl *perfEventLink) Unpin() error { - return fmt.Errorf("perf event link unpin: %w", ErrNotSupported) -} - func (pl *perfEventLink) Close() error { if err := pl.fd.Close(); err != nil { return fmt.Errorf("perf link close: %w", err) } + // when created from pinned link + if pl.pe == nil { + return nil + } + if err := pl.pe.Close(); err != nil { return fmt.Errorf("perf event close: %w", err) } @@ -120,6 +119,54 @@ func (pl *perfEventLink) Update(prog *ebpf.Program) error { return fmt.Errorf("perf event link update: %w", ErrNotSupported) } +var _ PerfEvent = (*perfEventLink)(nil) + +func (pl *perfEventLink) PerfEvent() (*os.File, error) { + // when created from pinned link + if pl.pe == nil { + return nil, ErrNotSupported + } + + fd, err := pl.pe.fd.Dup() + if err != nil { + return nil, err + } + + return fd.File("perf-event"), nil +} + +func (pl *perfEventLink) Info() (*Info, error) { + var info sys.PerfEventLinkInfo + if err := sys.ObjInfo(pl.fd, &info); err != nil { + return nil, fmt.Errorf("perf event link info: %s", err) + } + + var extra2 interface{} + switch info.PerfEventType { + case sys.BPF_PERF_EVENT_KPROBE, sys.BPF_PERF_EVENT_KRETPROBE: + var kprobeInfo sys.KprobeLinkInfo + if err := sys.ObjInfo(pl.fd, &kprobeInfo); err != nil { + return nil, fmt.Errorf("kprobe link info: %s", err) + } + extra2 = &KprobeInfo{ + address: kprobeInfo.Addr, + missed: kprobeInfo.Missed, + } + } + + extra := &PerfEventInfo{ + Type: info.PerfEventType, + extra: extra2, + } + + return &Info{ + info.Type, + info.Id, + ebpf.ProgramID(info.ProgId), + extra, + }, nil +} + // perfEventIoctl implements Link and handles the perf event lifecycle // via ioctl(). type perfEventIoctl struct { @@ -154,6 +201,17 @@ func (pi *perfEventIoctl) Info() (*Info, error) { return nil, fmt.Errorf("perf event ioctl info: %w", ErrNotSupported) } +var _ PerfEvent = (*perfEventIoctl)(nil) + +func (pi *perfEventIoctl) PerfEvent() (*os.File, error) { + fd, err := pi.fd.Dup() + if err != nil { + return nil, err + } + + return fd.File("perf-event"), nil +} + // attach the given eBPF prog to the perf event stored in pe. // pe must contain a valid perf event fd. // prog's type must match the program type stored in pe. @@ -229,7 +287,11 @@ func openTracepointPerfEvent(tid uint64, pid int) (*sys.FD, error) { Wakeup: 1, } - fd, err := unix.PerfEventOpen(&attr, pid, 0, -1, unix.PERF_FLAG_FD_CLOEXEC) + cpu := 0 + if pid != perfAllThreads { + cpu = -1 + } + fd, err := unix.PerfEventOpen(&attr, pid, cpu, -1, unix.PERF_FLAG_FD_CLOEXEC) if err != nil { return nil, fmt.Errorf("opening tracepoint perf event: %w", err) } diff --git a/vendor/github.com/cilium/ebpf/link/program.go b/vendor/github.com/cilium/ebpf/link/program.go index 053735a6773..d8a2a15f937 100644 --- a/vendor/github.com/cilium/ebpf/link/program.go +++ b/vendor/github.com/cilium/ebpf/link/program.go @@ -2,22 +2,27 @@ package link import ( "fmt" + "runtime" "github.com/cilium/ebpf" "github.com/cilium/ebpf/internal/sys" ) type RawAttachProgramOptions struct { - // File descriptor to attach to. This differs for each attach type. + // Target to query. This is usually a file descriptor but may refer to + // something else based on the attach type. Target int // Program to attach. Program *ebpf.Program - // Program to replace (cgroups). - Replace *ebpf.Program - // Attach must match the attach type of Program (and Replace). + // Attach must match the attach type of Program. Attach ebpf.AttachType - // Flags control the attach behaviour. This differs for each attach type. + // Attach relative to an anchor. Optional. + Anchor Anchor + // Flags control the attach behaviour. Specify an Anchor instead of + // F_LINK, F_ID, F_BEFORE, F_AFTER and F_REPLACE. Optional. Flags uint32 + // Only attach if the internal revision matches the given value. + ExpectedRevision uint64 } // RawAttachProgram is a low level wrapper around BPF_PROG_ATTACH. @@ -25,45 +30,72 @@ type RawAttachProgramOptions struct { // You should use one of the higher level abstractions available in this // package if possible. func RawAttachProgram(opts RawAttachProgramOptions) error { - var replaceFd uint32 - if opts.Replace != nil { - replaceFd = uint32(opts.Replace.FD()) + if opts.Flags&anchorFlags != 0 { + return fmt.Errorf("disallowed flags: use Anchor to specify attach target") } attr := sys.ProgAttachAttr{ - TargetFd: uint32(opts.Target), - AttachBpfFd: uint32(opts.Program.FD()), - ReplaceBpfFd: replaceFd, - AttachType: uint32(opts.Attach), - AttachFlags: uint32(opts.Flags), + TargetFdOrIfindex: uint32(opts.Target), + AttachBpfFd: uint32(opts.Program.FD()), + AttachType: uint32(opts.Attach), + AttachFlags: uint32(opts.Flags), + ExpectedRevision: opts.ExpectedRevision, + } + + if opts.Anchor != nil { + fdOrID, flags, err := opts.Anchor.anchor() + if err != nil { + return fmt.Errorf("attach program: %w", err) + } + + if flags == sys.BPF_F_REPLACE { + // Ensure that replacing a program works on old kernels. + attr.ReplaceBpfFd = fdOrID + } else { + attr.RelativeFdOrId = fdOrID + attr.AttachFlags |= flags + } } if err := sys.ProgAttach(&attr); err != nil { if haveFeatErr := haveProgAttach(); haveFeatErr != nil { return haveFeatErr } - return fmt.Errorf("can't attach program: %w", err) + return fmt.Errorf("attach program: %w", err) } + runtime.KeepAlive(opts.Program) return nil } -type RawDetachProgramOptions struct { - Target int - Program *ebpf.Program - Attach ebpf.AttachType -} +type RawDetachProgramOptions RawAttachProgramOptions // RawDetachProgram is a low level wrapper around BPF_PROG_DETACH. // // You should use one of the higher level abstractions available in this // package if possible. func RawDetachProgram(opts RawDetachProgramOptions) error { + if opts.Flags&anchorFlags != 0 { + return fmt.Errorf("disallowed flags: use Anchor to specify attach target") + } + attr := sys.ProgDetachAttr{ - TargetFd: uint32(opts.Target), - AttachBpfFd: uint32(opts.Program.FD()), - AttachType: uint32(opts.Attach), + TargetFdOrIfindex: uint32(opts.Target), + AttachBpfFd: uint32(opts.Program.FD()), + AttachType: uint32(opts.Attach), + ExpectedRevision: opts.ExpectedRevision, } + + if opts.Anchor != nil { + fdOrID, flags, err := opts.Anchor.anchor() + if err != nil { + return fmt.Errorf("detach program: %w", err) + } + + attr.RelativeFdOrId = fdOrID + attr.AttachFlags |= flags + } + if err := sys.ProgDetach(&attr); err != nil { if haveFeatErr := haveProgAttach(); haveFeatErr != nil { return haveFeatErr diff --git a/vendor/github.com/cilium/ebpf/link/query.go b/vendor/github.com/cilium/ebpf/link/query.go index c05656512d5..fe534f8efad 100644 --- a/vendor/github.com/cilium/ebpf/link/query.go +++ b/vendor/github.com/cilium/ebpf/link/query.go @@ -2,7 +2,6 @@ package link import ( "fmt" - "os" "unsafe" "github.com/cilium/ebpf" @@ -11,53 +10,102 @@ import ( // QueryOptions defines additional parameters when querying for programs. type QueryOptions struct { - // Path can be a path to a cgroup, netns or LIRC2 device - Path string + // Target to query. This is usually a file descriptor but may refer to + // something else based on the attach type. + Target int // Attach specifies the AttachType of the programs queried for Attach ebpf.AttachType // QueryFlags are flags for BPF_PROG_QUERY, e.g. BPF_F_QUERY_EFFECTIVE QueryFlags uint32 } -// QueryPrograms retrieves ProgramIDs associated with the AttachType. -// -// Returns (nil, nil) if there are no programs attached to the queried kernel -// resource. Calling QueryPrograms on a kernel missing PROG_QUERY will result in -// ErrNotSupported. -func QueryPrograms(opts QueryOptions) ([]ebpf.ProgramID, error) { - if haveProgQuery() != nil { - return nil, fmt.Errorf("can't query program IDs: %w", ErrNotSupported) - } +// QueryResult describes which programs and links are active. +type QueryResult struct { + // List of attached programs. + Programs []AttachedProgram - f, err := os.Open(opts.Path) - if err != nil { - return nil, fmt.Errorf("can't open file: %s", err) - } - defer f.Close() + // Incremented by one every time the set of attached programs changes. + // May be zero if not supported by the [ebpf.AttachType]. + Revision uint64 +} + +// HaveLinkInfo returns true if the kernel supports querying link information +// for a particular [ebpf.AttachType]. +func (qr *QueryResult) HaveLinkInfo() bool { + return qr.Revision > 0 +} + +type AttachedProgram struct { + ID ebpf.ProgramID + linkID ID +} + +// LinkID returns the ID associated with the program. +// +// Returns 0, false if the kernel doesn't support retrieving the ID or if the +// program wasn't attached via a link. See [QueryResult.HaveLinkInfo] if you +// need to tell the two apart. +func (ap *AttachedProgram) LinkID() (ID, bool) { + return ap.linkID, ap.linkID != 0 +} +// QueryPrograms retrieves a list of programs for the given AttachType. +// +// Returns a slice of attached programs, which may be empty. +// revision counts how many times the set of attached programs has changed and +// may be zero if not supported by the [ebpf.AttachType]. +// Returns ErrNotSupportd on a kernel without BPF_PROG_QUERY +func QueryPrograms(opts QueryOptions) (*QueryResult, error) { // query the number of programs to allocate correct slice size attr := sys.ProgQueryAttr{ - TargetFd: uint32(f.Fd()), - AttachType: sys.AttachType(opts.Attach), - QueryFlags: opts.QueryFlags, + TargetFdOrIfindex: uint32(opts.Target), + AttachType: sys.AttachType(opts.Attach), + QueryFlags: opts.QueryFlags, } - if err := sys.ProgQuery(&attr); err != nil { - return nil, fmt.Errorf("can't query program count: %w", err) + err := sys.ProgQuery(&attr) + if err != nil { + if haveFeatErr := haveProgQuery(); haveFeatErr != nil { + return nil, fmt.Errorf("query programs: %w", haveFeatErr) + } + return nil, fmt.Errorf("query programs: %w", err) } + if attr.Count == 0 { + return &QueryResult{Revision: attr.Revision}, nil + } + + // The minimum bpf_mprog revision is 1, so we can use the field to detect + // whether the attach type supports link ids. + haveLinkIDs := attr.Revision != 0 - // return nil if no progs are attached - if attr.ProgCount == 0 { - return nil, nil + count := attr.Count + progIds := make([]ebpf.ProgramID, count) + attr = sys.ProgQueryAttr{ + TargetFdOrIfindex: uint32(opts.Target), + AttachType: sys.AttachType(opts.Attach), + QueryFlags: opts.QueryFlags, + Count: count, + ProgIds: sys.NewPointer(unsafe.Pointer(&progIds[0])), + } + + var linkIds []ID + if haveLinkIDs { + linkIds = make([]ID, count) + attr.LinkIds = sys.NewPointer(unsafe.Pointer(&linkIds[0])) } - // we have at least one prog, so we query again - progIds := make([]ebpf.ProgramID, attr.ProgCount) - attr.ProgIds = sys.NewPointer(unsafe.Pointer(&progIds[0])) - attr.ProgCount = uint32(len(progIds)) if err := sys.ProgQuery(&attr); err != nil { - return nil, fmt.Errorf("can't query program IDs: %w", err) + return nil, fmt.Errorf("query programs: %w", err) } - return progIds, nil + // NB: attr.Count might have changed between the two syscalls. + var programs []AttachedProgram + for i, id := range progIds[:attr.Count] { + ap := AttachedProgram{ID: id} + if haveLinkIDs { + ap.linkID = linkIds[i] + } + programs = append(programs, ap) + } + return &QueryResult{programs, attr.Revision}, nil } diff --git a/vendor/github.com/cilium/ebpf/link/syscalls.go b/vendor/github.com/cilium/ebpf/link/syscalls.go index 012970ec78e..d09b5acb0f3 100644 --- a/vendor/github.com/cilium/ebpf/link/syscalls.go +++ b/vendor/github.com/cilium/ebpf/link/syscalls.go @@ -24,6 +24,10 @@ const ( XDPType = sys.BPF_LINK_TYPE_XDP PerfEventType = sys.BPF_LINK_TYPE_PERF_EVENT KprobeMultiType = sys.BPF_LINK_TYPE_KPROBE_MULTI + TCXType = sys.BPF_LINK_TYPE_TCX + UprobeMultiType = sys.BPF_LINK_TYPE_UPROBE_MULTI + NetfilterType = sys.BPF_LINK_TYPE_NETFILTER + NetkitType = sys.BPF_LINK_TYPE_NETKIT ) var haveProgAttach = internal.NewFeatureTest("BPF_PROG_ATTACH", "4.10", func() error { @@ -72,10 +76,10 @@ var haveProgAttachReplace = internal.NewFeatureTest("BPF_PROG_ATTACH atomic repl // present. attr := sys.ProgAttachAttr{ // We rely on this being checked after attachFlags. - TargetFd: ^uint32(0), - AttachBpfFd: uint32(prog.FD()), - AttachType: uint32(ebpf.AttachCGroupInetIngress), - AttachFlags: uint32(flagReplace), + TargetFdOrIfindex: ^uint32(0), + AttachBpfFd: uint32(prog.FD()), + AttachType: uint32(ebpf.AttachCGroupInetIngress), + AttachFlags: uint32(flagReplace), } err = sys.ProgAttach(&attr) @@ -110,8 +114,8 @@ var haveProgQuery = internal.NewFeatureTest("BPF_PROG_QUERY", "4.15", func() err // We rely on this being checked during the syscall. // With an otherwise correct payload we expect EBADF here // as an indication that the feature is present. - TargetFd: ^uint32(0), - AttachType: sys.AttachType(ebpf.AttachCGroupInetIngress), + TargetFdOrIfindex: ^uint32(0), + AttachType: sys.AttachType(ebpf.AttachCGroupInetIngress), } err := sys.ProgQuery(&attr) @@ -124,3 +128,73 @@ var haveProgQuery = internal.NewFeatureTest("BPF_PROG_QUERY", "4.15", func() err } return errors.New("syscall succeeded unexpectedly") }) + +var haveTCX = internal.NewFeatureTest("tcx", "6.6", func() error { + prog, err := ebpf.NewProgram(&ebpf.ProgramSpec{ + Type: ebpf.SchedCLS, + License: "MIT", + Instructions: asm.Instructions{ + asm.Mov.Imm(asm.R0, 0), + asm.Return(), + }, + }) + + if err != nil { + return internal.ErrNotSupported + } + + defer prog.Close() + attr := sys.LinkCreateTcxAttr{ + // We rely on this being checked during the syscall. + // With an otherwise correct payload we expect ENODEV here + // as an indication that the feature is present. + TargetIfindex: ^uint32(0), + ProgFd: uint32(prog.FD()), + AttachType: sys.AttachType(ebpf.AttachTCXIngress), + } + + _, err = sys.LinkCreateTcx(&attr) + + if errors.Is(err, unix.ENODEV) { + return nil + } + if err != nil { + return ErrNotSupported + } + return errors.New("syscall succeeded unexpectedly") +}) + +var haveNetkit = internal.NewFeatureTest("netkit", "6.7", func() error { + prog, err := ebpf.NewProgram(&ebpf.ProgramSpec{ + Type: ebpf.SchedCLS, + License: "MIT", + Instructions: asm.Instructions{ + asm.Mov.Imm(asm.R0, 0), + asm.Return(), + }, + }) + + if err != nil { + return internal.ErrNotSupported + } + + defer prog.Close() + attr := sys.LinkCreateNetkitAttr{ + // We rely on this being checked during the syscall. + // With an otherwise correct payload we expect ENODEV here + // as an indication that the feature is present. + TargetIfindex: ^uint32(0), + ProgFd: uint32(prog.FD()), + AttachType: sys.AttachType(ebpf.AttachNetkitPrimary), + } + + _, err = sys.LinkCreateNetkit(&attr) + + if errors.Is(err, unix.ENODEV) { + return nil + } + if err != nil { + return ErrNotSupported + } + return errors.New("syscall succeeded unexpectedly") +}) diff --git a/vendor/github.com/cilium/ebpf/link/tcx.go b/vendor/github.com/cilium/ebpf/link/tcx.go new file mode 100644 index 00000000000..ac045b71da0 --- /dev/null +++ b/vendor/github.com/cilium/ebpf/link/tcx.go @@ -0,0 +1,89 @@ +package link + +import ( + "fmt" + "runtime" + + "github.com/cilium/ebpf" + "github.com/cilium/ebpf/internal/sys" +) + +type TCXOptions struct { + // Index of the interface to attach to. + Interface int + // Program to attach. + Program *ebpf.Program + // One of the AttachTCX* constants. + Attach ebpf.AttachType + // Attach relative to an anchor. Optional. + Anchor Anchor + // Only attach if the expected revision matches. + ExpectedRevision uint64 + // Flags control the attach behaviour. Specify an Anchor instead of + // F_LINK, F_ID, F_BEFORE, F_AFTER and R_REPLACE. Optional. + Flags uint32 +} + +func AttachTCX(opts TCXOptions) (Link, error) { + if opts.Interface < 0 { + return nil, fmt.Errorf("interface %d is out of bounds", opts.Interface) + } + + if opts.Flags&anchorFlags != 0 { + return nil, fmt.Errorf("disallowed flags: use Anchor to specify attach target") + } + + attr := sys.LinkCreateTcxAttr{ + ProgFd: uint32(opts.Program.FD()), + AttachType: sys.AttachType(opts.Attach), + TargetIfindex: uint32(opts.Interface), + ExpectedRevision: opts.ExpectedRevision, + Flags: opts.Flags, + } + + if opts.Anchor != nil { + fdOrID, flags, err := opts.Anchor.anchor() + if err != nil { + return nil, fmt.Errorf("attach tcx link: %w", err) + } + + attr.RelativeFdOrId = fdOrID + attr.Flags |= flags + } + + fd, err := sys.LinkCreateTcx(&attr) + runtime.KeepAlive(opts.Program) + runtime.KeepAlive(opts.Anchor) + if err != nil { + if haveFeatErr := haveTCX(); haveFeatErr != nil { + return nil, haveFeatErr + } + return nil, fmt.Errorf("attach tcx link: %w", err) + } + + return &tcxLink{RawLink{fd, ""}}, nil +} + +type tcxLink struct { + RawLink +} + +var _ Link = (*tcxLink)(nil) + +func (tcx *tcxLink) Info() (*Info, error) { + var info sys.TcxLinkInfo + if err := sys.ObjInfo(tcx.fd, &info); err != nil { + return nil, fmt.Errorf("tcx link info: %s", err) + } + extra := &TCXInfo{ + Ifindex: info.Ifindex, + AttachType: info.AttachType, + } + + return &Info{ + info.Type, + info.Id, + ebpf.ProgramID(info.ProgId), + extra, + }, nil +} diff --git a/vendor/github.com/cilium/ebpf/link/tracepoint.go b/vendor/github.com/cilium/ebpf/link/tracepoint.go index 95f5fae3b09..6fc78b98287 100644 --- a/vendor/github.com/cilium/ebpf/link/tracepoint.go +++ b/vendor/github.com/cilium/ebpf/link/tracepoint.go @@ -30,6 +30,8 @@ type TracepointOptions struct { // // Note that attaching eBPF programs to syscalls (sys_enter_*/sys_exit_*) is // only possible as of kernel 4.14 (commit cf5f5ce). +// +// The returned Link may implement [PerfEvent]. func Tracepoint(group, name string, prog *ebpf.Program, opts *TracepointOptions) (Link, error) { if group == "" || name == "" { return nil, fmt.Errorf("group and name cannot be empty: %w", errInvalidInput) diff --git a/vendor/github.com/cilium/ebpf/link/tracing.go b/vendor/github.com/cilium/ebpf/link/tracing.go index 1e1a7834d8e..9e570afc96a 100644 --- a/vendor/github.com/cilium/ebpf/link/tracing.go +++ b/vendor/github.com/cilium/ebpf/link/tracing.go @@ -18,6 +18,25 @@ func (f *tracing) Update(new *ebpf.Program) error { return fmt.Errorf("tracing update: %w", ErrNotSupported) } +func (f *tracing) Info() (*Info, error) { + var info sys.TracingLinkInfo + if err := sys.ObjInfo(f.fd, &info); err != nil { + return nil, fmt.Errorf("tracing link info: %s", err) + } + extra := &TracingInfo{ + TargetObjId: info.TargetObjId, + TargetBtfId: info.TargetBtfId, + AttachType: info.AttachType, + } + + return &Info{ + info.Type, + info.Id, + ebpf.ProgramID(info.ProgId), + extra, + }, nil +} + // AttachFreplace attaches the given eBPF program to the function it replaces. // // The program and name can either be provided at link time, or can be provided diff --git a/vendor/github.com/cilium/ebpf/link/uprobe.go b/vendor/github.com/cilium/ebpf/link/uprobe.go index 83977e0e54d..194d1d319a7 100644 --- a/vendor/github.com/cilium/ebpf/link/uprobe.go +++ b/vendor/github.com/cilium/ebpf/link/uprobe.go @@ -36,10 +36,10 @@ var ( type Executable struct { // Path of the executable on the filesystem. path string - // Parsed ELF and dynamic symbols' addresses. - addresses map[string]uint64 + // Parsed ELF and dynamic symbols' cachedAddresses. + cachedAddresses map[string]uint64 // Keep track of symbol table lazy load. - addressesOnce sync.Once + cacheAddressesOnce sync.Once } // UprobeOptions defines additional parameters that will be used @@ -108,8 +108,8 @@ func OpenExecutable(path string) (*Executable, error) { } return &Executable{ - path: path, - addresses: make(map[string]uint64), + path: path, + cachedAddresses: make(map[string]uint64), }, nil } @@ -153,7 +153,7 @@ func (ex *Executable) load(f *internal.SafeELFFile) error { } } - ex.addresses[s.Name] = address + ex.cachedAddresses[s.Name] = address } return nil @@ -162,13 +162,13 @@ func (ex *Executable) load(f *internal.SafeELFFile) error { // address calculates the address of a symbol in the executable. // // opts must not be nil. -func (ex *Executable) address(symbol string, opts *UprobeOptions) (uint64, error) { - if opts.Address > 0 { - return opts.Address + opts.Offset, nil +func (ex *Executable) address(symbol string, address, offset uint64) (uint64, error) { + if address > 0 { + return address + offset, nil } var err error - ex.addressesOnce.Do(func() { + ex.cacheAddressesOnce.Do(func() { var f *internal.SafeELFFile f, err = internal.OpenSafeELFFile(ex.path) if err != nil { @@ -183,7 +183,7 @@ func (ex *Executable) address(symbol string, opts *UprobeOptions) (uint64, error return 0, fmt.Errorf("lazy load symbols: %w", err) } - address, ok := ex.addresses[symbol] + address, ok := ex.cachedAddresses[symbol] if !ok { return 0, fmt.Errorf("symbol %s: %w", symbol, ErrNoSymbol) } @@ -199,7 +199,7 @@ func (ex *Executable) address(symbol string, opts *UprobeOptions) (uint64, error "(consider providing UprobeOptions.Address)", ex.path, symbol, ErrNotSupported) } - return address + opts.Offset, nil + return address + offset, nil } // Uprobe attaches the given eBPF program to a perf event that fires when the @@ -222,6 +222,8 @@ func (ex *Executable) address(symbol string, opts *UprobeOptions) (uint64, error // // Functions provided by shared libraries can currently not be traced and // will result in an ErrNotSupported. +// +// The returned Link may implement [PerfEvent]. func (ex *Executable) Uprobe(symbol string, prog *ebpf.Program, opts *UprobeOptions) (Link, error) { u, err := ex.uprobe(symbol, prog, opts, false) if err != nil { @@ -256,6 +258,8 @@ func (ex *Executable) Uprobe(symbol string, prog *ebpf.Program, opts *UprobeOpti // // Functions provided by shared libraries can currently not be traced and // will result in an ErrNotSupported. +// +// The returned Link may implement [PerfEvent]. func (ex *Executable) Uretprobe(symbol string, prog *ebpf.Program, opts *UprobeOptions) (Link, error) { u, err := ex.uprobe(symbol, prog, opts, true) if err != nil { @@ -284,7 +288,7 @@ func (ex *Executable) uprobe(symbol string, prog *ebpf.Program, opts *UprobeOpti opts = &UprobeOptions{} } - offset, err := ex.address(symbol, opts) + offset, err := ex.address(symbol, opts.Address, opts.Offset) if err != nil { return nil, err } diff --git a/vendor/github.com/cilium/ebpf/link/uprobe_multi.go b/vendor/github.com/cilium/ebpf/link/uprobe_multi.go new file mode 100644 index 00000000000..aea807b329a --- /dev/null +++ b/vendor/github.com/cilium/ebpf/link/uprobe_multi.go @@ -0,0 +1,216 @@ +package link + +import ( + "errors" + "fmt" + "os" + "unsafe" + + "github.com/cilium/ebpf" + "github.com/cilium/ebpf/asm" + "github.com/cilium/ebpf/internal" + "github.com/cilium/ebpf/internal/sys" + "github.com/cilium/ebpf/internal/unix" +) + +// UprobeMultiOptions defines additional parameters that will be used +// when opening a UprobeMulti Link. +type UprobeMultiOptions struct { + // Symbol addresses. If set, overrides the addresses eventually parsed from + // the executable. Mutually exclusive with UprobeMulti's symbols argument. + Addresses []uint64 + + // Offsets into functions provided by UprobeMulti's symbols argument. + // For example: to set uprobes to main+5 and _start+10, call UprobeMulti + // with: + // symbols: "main", "_start" + // opt.Offsets: 5, 10 + Offsets []uint64 + + // Optional list of associated ref counter offsets. + RefCtrOffsets []uint64 + + // Optional list of associated BPF cookies. + Cookies []uint64 + + // Only set the uprobe_multi link on the given process ID, zero PID means + // system-wide. + PID uint32 +} + +func (ex *Executable) UprobeMulti(symbols []string, prog *ebpf.Program, opts *UprobeMultiOptions) (Link, error) { + return ex.uprobeMulti(symbols, prog, opts, 0) +} + +func (ex *Executable) UretprobeMulti(symbols []string, prog *ebpf.Program, opts *UprobeMultiOptions) (Link, error) { + + // The return probe is not limited for symbols entry, so there's no special + // setup for return uprobes (other than the extra flag). The symbols, opts.Offsets + // and opts.Addresses arrays follow the same logic as for entry uprobes. + return ex.uprobeMulti(symbols, prog, opts, unix.BPF_F_UPROBE_MULTI_RETURN) +} + +func (ex *Executable) uprobeMulti(symbols []string, prog *ebpf.Program, opts *UprobeMultiOptions, flags uint32) (Link, error) { + if prog == nil { + return nil, errors.New("cannot attach a nil program") + } + + if opts == nil { + opts = &UprobeMultiOptions{} + } + + addresses, err := ex.addresses(symbols, opts.Addresses, opts.Offsets) + if err != nil { + return nil, err + } + + addrs := len(addresses) + cookies := len(opts.Cookies) + refCtrOffsets := len(opts.RefCtrOffsets) + + if addrs == 0 { + return nil, fmt.Errorf("Addresses are required: %w", errInvalidInput) + } + if refCtrOffsets > 0 && refCtrOffsets != addrs { + return nil, fmt.Errorf("RefCtrOffsets must be exactly Addresses in length: %w", errInvalidInput) + } + if cookies > 0 && cookies != addrs { + return nil, fmt.Errorf("Cookies must be exactly Addresses in length: %w", errInvalidInput) + } + + attr := &sys.LinkCreateUprobeMultiAttr{ + Path: sys.NewStringPointer(ex.path), + ProgFd: uint32(prog.FD()), + AttachType: sys.BPF_TRACE_UPROBE_MULTI, + UprobeMultiFlags: flags, + Count: uint32(addrs), + Offsets: sys.NewPointer(unsafe.Pointer(&addresses[0])), + Pid: opts.PID, + } + + if refCtrOffsets != 0 { + attr.RefCtrOffsets = sys.NewPointer(unsafe.Pointer(&opts.RefCtrOffsets[0])) + } + if cookies != 0 { + attr.Cookies = sys.NewPointer(unsafe.Pointer(&opts.Cookies[0])) + } + + fd, err := sys.LinkCreateUprobeMulti(attr) + if errors.Is(err, unix.ESRCH) { + return nil, fmt.Errorf("%w (specified pid not found?)", os.ErrNotExist) + } + if errors.Is(err, unix.EINVAL) { + return nil, fmt.Errorf("%w (missing symbol or prog's AttachType not AttachTraceUprobeMulti?)", err) + } + + if err != nil { + if haveFeatErr := haveBPFLinkUprobeMulti(); haveFeatErr != nil { + return nil, haveFeatErr + } + return nil, err + } + + return &uprobeMultiLink{RawLink{fd, ""}}, nil +} + +func (ex *Executable) addresses(symbols []string, addresses, offsets []uint64) ([]uint64, error) { + n := len(symbols) + if n == 0 { + n = len(addresses) + } + + if n == 0 { + return nil, fmt.Errorf("%w: neither symbols nor addresses given", errInvalidInput) + } + + if symbols != nil && len(symbols) != n { + return nil, fmt.Errorf("%w: have %d symbols but want %d", errInvalidInput, len(symbols), n) + } + + if addresses != nil && len(addresses) != n { + return nil, fmt.Errorf("%w: have %d addresses but want %d", errInvalidInput, len(addresses), n) + } + + if offsets != nil && len(offsets) != n { + return nil, fmt.Errorf("%w: have %d offsets but want %d", errInvalidInput, len(offsets), n) + } + + results := make([]uint64, 0, n) + for i := 0; i < n; i++ { + var sym string + if symbols != nil { + sym = symbols[i] + } + + var addr, off uint64 + if addresses != nil { + addr = addresses[i] + } + + if offsets != nil { + off = offsets[i] + } + + result, err := ex.address(sym, addr, off) + if err != nil { + return nil, err + } + + results = append(results, result) + } + + return results, nil +} + +type uprobeMultiLink struct { + RawLink +} + +var _ Link = (*uprobeMultiLink)(nil) + +func (kml *uprobeMultiLink) Update(prog *ebpf.Program) error { + return fmt.Errorf("update uprobe_multi: %w", ErrNotSupported) +} + +var haveBPFLinkUprobeMulti = internal.NewFeatureTest("bpf_link_uprobe_multi", "6.6", func() error { + prog, err := ebpf.NewProgram(&ebpf.ProgramSpec{ + Name: "probe_upm_link", + Type: ebpf.Kprobe, + Instructions: asm.Instructions{ + asm.Mov.Imm(asm.R0, 0), + asm.Return(), + }, + AttachType: ebpf.AttachTraceUprobeMulti, + License: "MIT", + }) + if errors.Is(err, unix.E2BIG) { + // Kernel doesn't support AttachType field. + return internal.ErrNotSupported + } + if err != nil { + return err + } + defer prog.Close() + + // We try to create uprobe multi link on '/' path which results in + // error with -EBADF in case uprobe multi link is supported. + fd, err := sys.LinkCreateUprobeMulti(&sys.LinkCreateUprobeMultiAttr{ + ProgFd: uint32(prog.FD()), + AttachType: sys.BPF_TRACE_UPROBE_MULTI, + Path: sys.NewStringPointer("/"), + Offsets: sys.NewPointer(unsafe.Pointer(&[]uint64{0})), + Count: 1, + }) + switch { + case errors.Is(err, unix.EBADF): + return nil + case errors.Is(err, unix.EINVAL): + return internal.ErrNotSupported + case err != nil: + return err + } + + // should not happen + fd.Close() + return errors.New("successfully attached uprobe_multi to /, kernel bug?") +}) diff --git a/vendor/github.com/cilium/ebpf/link/xdp.go b/vendor/github.com/cilium/ebpf/link/xdp.go index aa8dd3a4cb3..2ec441229a5 100644 --- a/vendor/github.com/cilium/ebpf/link/xdp.go +++ b/vendor/github.com/cilium/ebpf/link/xdp.go @@ -4,6 +4,7 @@ import ( "fmt" "github.com/cilium/ebpf" + "github.com/cilium/ebpf/internal/sys" ) // XDPAttachFlags represents how XDP program will be attached to interface. @@ -50,5 +51,30 @@ func AttachXDP(opts XDPOptions) (Link, error) { Flags: uint32(opts.Flags), }) - return rawLink, err + if err != nil { + return nil, fmt.Errorf("failed to attach link: %w", err) + } + + return &xdpLink{*rawLink}, nil +} + +type xdpLink struct { + RawLink +} + +func (xdp *xdpLink) Info() (*Info, error) { + var info sys.XDPLinkInfo + if err := sys.ObjInfo(xdp.fd, &info); err != nil { + return nil, fmt.Errorf("xdp link info: %s", err) + } + extra := &XDPInfo{ + Ifindex: info.Ifindex, + } + + return &Info{ + info.Type, + info.Id, + ebpf.ProgramID(info.ProgId), + extra, + }, nil } diff --git a/vendor/github.com/cilium/ebpf/linker.go b/vendor/github.com/cilium/ebpf/linker.go index cf5b02ddf58..788f21b7b6f 100644 --- a/vendor/github.com/cilium/ebpf/linker.go +++ b/vendor/github.com/cilium/ebpf/linker.go @@ -1,13 +1,14 @@ package ebpf import ( + "debug/elf" "encoding/binary" "errors" "fmt" "io" + "io/fs" "math" - - "golang.org/x/exp/slices" + "slices" "github.com/cilium/ebpf/asm" "github.com/cilium/ebpf/btf" @@ -120,7 +121,7 @@ func hasFunctionReferences(insns asm.Instructions) bool { // // Passing a nil target will relocate against the running kernel. insns are // modified in place. -func applyRelocations(insns asm.Instructions, target *btf.Spec, bo binary.ByteOrder) error { +func applyRelocations(insns asm.Instructions, targets []*btf.Spec, kmodName string, bo binary.ByteOrder, b *btf.Builder) error { var relos []*btf.CORERelocation var reloInsns []*asm.Instruction iter := insns.Iterate() @@ -139,7 +140,26 @@ func applyRelocations(insns asm.Instructions, target *btf.Spec, bo binary.ByteOr bo = internal.NativeEndian } - fixups, err := btf.CORERelocate(relos, target, bo) + if len(targets) == 0 { + kernelTarget, err := btf.LoadKernelSpec() + if err != nil { + return fmt.Errorf("load kernel spec: %w", err) + } + targets = append(targets, kernelTarget) + + if kmodName != "" { + kmodTarget, err := btf.LoadKernelModuleSpec(kmodName) + // Ignore ErrNotExists to cater to kernels which have CONFIG_DEBUG_INFO_BTF_MODULES disabled. + if err != nil && !errors.Is(err, fs.ErrNotExist) { + return fmt.Errorf("load kernel module spec: %w", err) + } + if err == nil { + targets = append(targets, kmodTarget) + } + } + } + + fixups, err := btf.CORERelocate(relos, targets, bo, b.Add) if err != nil { return err } @@ -244,6 +264,10 @@ func fixupAndValidate(insns asm.Instructions) error { return nil } +// POISON_CALL_KFUNC_BASE in libbpf. +// https://github.com/libbpf/libbpf/blob/2778cbce609aa1e2747a69349f7f46a2f94f0522/src/libbpf.c#L5767 +const kfuncCallPoisonBase = 2002000000 + // fixupKfuncs loops over all instructions in search for kfunc calls. // If at least one is found, the current kernels BTF and module BTFis are searched to set Instruction.Constant // and Instruction.Offset to the correct values. @@ -257,7 +281,7 @@ func fixupKfuncs(insns asm.Instructions) (_ handles, err error) { iter := insns.Iterate() for iter.Next() { ins := iter.Ins - if ins.IsKfuncCall() { + if metadata := ins.Metadata.Get(kfuncMetaKey{}); metadata != nil { goto fixups } } @@ -277,7 +301,8 @@ fixups: for { ins := iter.Ins - if !ins.IsKfuncCall() { + metadata := ins.Metadata.Get(kfuncMetaKey{}) + if metadata == nil { if !iter.Next() { // break loop if this was the last instruction in the stream. break @@ -286,15 +311,34 @@ fixups: } // check meta, if no meta return err - kfm, _ := ins.Metadata.Get(kfuncMeta{}).(*btf.Func) + kfm, _ := metadata.(*kfuncMeta) if kfm == nil { - return nil, fmt.Errorf("kfunc call has no kfuncMeta") + return nil, fmt.Errorf("kfuncMetaKey doesn't contain kfuncMeta") } target := btf.Type((*btf.Func)(nil)) - spec, module, err := findTargetInKernel(kernelSpec, kfm.Name, &target) + spec, module, err := findTargetInKernel(kernelSpec, kfm.Func.Name, &target) + if kfm.Binding == elf.STB_WEAK && errors.Is(err, btf.ErrNotFound) { + if ins.IsKfuncCall() { + // If the kfunc call is weak and not found, poison the call. Use a recognizable constant + // to make it easier to debug. And set src to zero so the verifier doesn't complain + // about the invalid imm/offset values before dead-code elimination. + ins.Constant = kfuncCallPoisonBase + ins.Src = 0 + } else if ins.OpCode.IsDWordLoad() { + // If the kfunc DWordLoad is weak and not found, set its address to 0. + ins.Constant = 0 + ins.Src = 0 + } else { + return nil, fmt.Errorf("only kfunc calls and dword loads may have kfunc metadata") + } + + iter.Next() + continue + } + // Error on non-weak kfunc not found. if errors.Is(err, btf.ErrNotFound) { - return nil, fmt.Errorf("kfunc %q: %w", kfm.Name, ErrNotSupported) + return nil, fmt.Errorf("kfunc %q: %w", kfm.Func.Name, ErrNotSupported) } if err != nil { return nil, err @@ -305,8 +349,8 @@ fixups: return nil, err } - if err := btf.CheckTypeCompatibility(kfm.Type, target.(*btf.Func).Type); err != nil { - return nil, &incompatibleKfuncError{kfm.Name, err} + if err := btf.CheckTypeCompatibility(kfm.Func.Type, target.(*btf.Func).Type); err != nil { + return nil, &incompatibleKfuncError{kfm.Func.Name, err} } id, err := spec.TypeID(target) diff --git a/vendor/github.com/cilium/ebpf/map.go b/vendor/github.com/cilium/ebpf/map.go index ce945ace083..0b62101c3cb 100644 --- a/vendor/github.com/cilium/ebpf/map.go +++ b/vendor/github.com/cilium/ebpf/map.go @@ -9,7 +9,9 @@ import ( "os" "path/filepath" "reflect" + "slices" "strings" + "sync" "time" "unsafe" @@ -27,6 +29,10 @@ var ( ErrIterationAborted = errors.New("iteration aborted") ErrMapIncompatible = errors.New("map spec is incompatible with existing map") errMapNoBTFValue = errors.New("map spec does not contain a BTF Value") + + // pre-allocating these errors here since they may get called in hot code paths + // and cause unnecessary memory allocations + errMapLookupKeyNotExist = fmt.Errorf("lookup: %w", sysErrKeyNotExist) ) // MapOptions control loading a map into the kernel. @@ -95,11 +101,20 @@ func (ms *MapSpec) Copy() *MapSpec { } cpy := *ms + cpy.Contents = slices.Clone(cpy.Contents) + cpy.Key = btf.Copy(cpy.Key) + cpy.Value = btf.Copy(cpy.Value) - cpy.Contents = make([]MapKV, len(ms.Contents)) - copy(cpy.Contents, ms.Contents) + if cpy.InnerMap == ms { + cpy.InnerMap = &cpy + } else { + cpy.InnerMap = ms.InnerMap.Copy() + } - cpy.InnerMap = ms.InnerMap.Copy() + if cpy.Extra != nil { + extra := *cpy.Extra + cpy.Extra = &extra + } return &cpy } @@ -133,7 +148,7 @@ func (spec *MapSpec) fixupMagicFields() (*MapSpec, error) { spec.KeySize = 4 spec.ValueSize = 4 - n, err := internal.PossibleCPUs() + n, err := PossibleCPU() if err != nil { return nil, fmt.Errorf("fixup perf event array: %w", err) } @@ -489,8 +504,14 @@ func handleMapCreateError(attr sys.MapCreateAttr, spec *MapSpec, err error) erro return fmt.Errorf("map create: %w", haveFeatErr) } } - if attr.BtfFd == 0 { - return fmt.Errorf("map create: %w (without BTF k/v)", err) + // BPF_MAP_TYPE_RINGBUF's max_entries must be a power-of-2 multiple of kernel's page size. + if errors.Is(err, unix.EINVAL) && + (attr.MapType == sys.BPF_MAP_TYPE_RINGBUF || attr.MapType == sys.BPF_MAP_TYPE_USER_RINGBUF) { + pageSize := uint32(os.Getpagesize()) + maxEntries := attr.MaxEntries + if maxEntries%pageSize != 0 || !internal.IsPow(maxEntries) { + return fmt.Errorf("map create: %w (ring map size %d not a multiple of page size %d)", err, maxEntries, pageSize) + } } return fmt.Errorf("map create: %w", err) @@ -515,7 +536,7 @@ func newMap(fd *sys.FD, name string, typ MapType, keySize, valueSize, maxEntries return m, nil } - possibleCPUs, err := internal.PossibleCPUs() + possibleCPUs, err := PossibleCPU() if err != nil { return nil, err } @@ -561,11 +582,29 @@ func (m *Map) Info() (*MapInfo, error) { return newMapInfoFromFd(m.fd) } +// Handle returns a reference to the Map's type information in the kernel. +// +// Returns ErrNotSupported if the kernel has no BTF support, or if there is no +// BTF associated with the Map. +func (m *Map) Handle() (*btf.Handle, error) { + info, err := m.Info() + if err != nil { + return nil, err + } + + id, ok := info.BTFID() + if !ok { + return nil, fmt.Errorf("map %s: retrieve BTF ID: %w", m, ErrNotSupported) + } + + return btf.NewHandleFromID(id) +} + // MapLookupFlags controls the behaviour of the map lookup calls. type MapLookupFlags uint64 // LookupLock look up the value of a spin-locked map. -const LookupLock MapLookupFlags = 4 +const LookupLock MapLookupFlags = unix.BPF_F_LOCK // Lookup retrieves a value from a Map. // @@ -642,11 +681,15 @@ func (m *Map) LookupBytes(key interface{}) ([]byte, error) { } func (m *Map) lookupPerCPU(key, valueOut any, flags MapLookupFlags) error { + slice, err := ensurePerCPUSlice(valueOut) + if err != nil { + return err + } valueBytes := make([]byte, m.fullValueSize) if err := m.lookup(key, sys.NewSlicePointer(valueBytes), flags); err != nil { return err } - return unmarshalPerCPUValue(valueOut, int(m.valueSize), valueBytes) + return unmarshalPerCPUValue(slice, int(m.valueSize), valueBytes) } func (m *Map) lookup(key interface{}, valueOut sys.Pointer, flags MapLookupFlags) error { @@ -663,17 +706,62 @@ func (m *Map) lookup(key interface{}, valueOut sys.Pointer, flags MapLookupFlags } if err = sys.MapLookupElem(&attr); err != nil { + if errors.Is(err, unix.ENOENT) { + return errMapLookupKeyNotExist + } return fmt.Errorf("lookup: %w", wrapMapError(err)) } return nil } func (m *Map) lookupAndDeletePerCPU(key, valueOut any, flags MapLookupFlags) error { + slice, err := ensurePerCPUSlice(valueOut) + if err != nil { + return err + } valueBytes := make([]byte, m.fullValueSize) if err := m.lookupAndDelete(key, sys.NewSlicePointer(valueBytes), flags); err != nil { return err } - return unmarshalPerCPUValue(valueOut, int(m.valueSize), valueBytes) + return unmarshalPerCPUValue(slice, int(m.valueSize), valueBytes) +} + +// ensurePerCPUSlice allocates a slice for a per-CPU value if necessary. +func ensurePerCPUSlice(sliceOrPtr any) (any, error) { + sliceOrPtrType := reflect.TypeOf(sliceOrPtr) + if sliceOrPtrType.Kind() == reflect.Slice { + // The target is a slice, the caller is responsible for ensuring that + // size is correct. + return sliceOrPtr, nil + } + + slicePtrType := sliceOrPtrType + if slicePtrType.Kind() != reflect.Ptr || slicePtrType.Elem().Kind() != reflect.Slice { + return nil, fmt.Errorf("per-cpu value requires a slice or a pointer to slice") + } + + possibleCPUs, err := PossibleCPU() + if err != nil { + return nil, err + } + + sliceType := slicePtrType.Elem() + slice := reflect.MakeSlice(sliceType, possibleCPUs, possibleCPUs) + + sliceElemType := sliceType.Elem() + sliceElemIsPointer := sliceElemType.Kind() == reflect.Ptr + reflect.ValueOf(sliceOrPtr).Elem().Set(slice) + if !sliceElemIsPointer { + return slice.Interface(), nil + } + sliceElemType = sliceElemType.Elem() + + for i := 0; i < possibleCPUs; i++ { + newElem := reflect.New(sliceElemType) + slice.Index(i).Set(newElem) + } + + return slice.Interface(), nil } func (m *Map) lookupAndDelete(key any, valuePtr sys.Pointer, flags MapLookupFlags) error { @@ -861,7 +949,7 @@ func (m *Map) nextKey(key interface{}, nextKeyOut sys.Pointer) error { return nil } -var mmapProtectedPage = internal.Memoize(func() ([]byte, error) { +var mmapProtectedPage = sync.OnceValues(func() ([]byte, error) { return unix.Mmap(-1, 0, os.Getpagesize(), unix.PROT_NONE, unix.MAP_ANON|unix.MAP_SHARED) }) @@ -917,14 +1005,23 @@ func (m *Map) guessNonExistentKey() ([]byte, error) { // // "keysOut" and "valuesOut" must be of type slice, a pointer // to a slice or buffer will not work. -// "prevKey" is the key to start the batch lookup from, it will -// *not* be included in the results. Use nil to start at the first key. +// "cursor" is an pointer to an opaque handle. It must be non-nil. Pass +// "cursor" to subsequent calls of this function to continue the batching +// operation in the case of chunking. +// +// Warning: This API is not very safe to use as the kernel implementation for +// batching relies on the user to be aware of subtle details with regarding to +// different map type implementations. // // ErrKeyNotExist is returned when the batch lookup has reached // the end of all possible results, even when partial results // are returned. It should be used to evaluate when lookup is "done". -func (m *Map) BatchLookup(prevKey, nextKeyOut, keysOut, valuesOut interface{}, opts *BatchOptions) (int, error) { - return m.batchLookup(sys.BPF_MAP_LOOKUP_BATCH, prevKey, nextKeyOut, keysOut, valuesOut, opts) +func (m *Map) BatchLookup(cursor *MapBatchCursor, keysOut, valuesOut interface{}, opts *BatchOptions) (int, error) { + n, err := m.batchLookup(sys.BPF_MAP_LOOKUP_BATCH, cursor, keysOut, valuesOut, opts) + if err != nil { + return n, fmt.Errorf("map batch lookup: %w", err) + } + return n, nil } // BatchLookupAndDelete looks up many elements in a map at once, @@ -932,47 +1029,121 @@ func (m *Map) BatchLookup(prevKey, nextKeyOut, keysOut, valuesOut interface{}, o // It then deletes all those elements. // "keysOut" and "valuesOut" must be of type slice, a pointer // to a slice or buffer will not work. -// "prevKey" is the key to start the batch lookup from, it will -// *not* be included in the results. Use nil to start at the first key. +// "cursor" is an pointer to an opaque handle. It must be non-nil. Pass +// "cursor" to subsequent calls of this function to continue the batching +// operation in the case of chunking. +// +// Warning: This API is not very safe to use as the kernel implementation for +// batching relies on the user to be aware of subtle details with regarding to +// different map type implementations. // // ErrKeyNotExist is returned when the batch lookup has reached // the end of all possible results, even when partial results // are returned. It should be used to evaluate when lookup is "done". -func (m *Map) BatchLookupAndDelete(prevKey, nextKeyOut, keysOut, valuesOut interface{}, opts *BatchOptions) (int, error) { - return m.batchLookup(sys.BPF_MAP_LOOKUP_AND_DELETE_BATCH, prevKey, nextKeyOut, keysOut, valuesOut, opts) +func (m *Map) BatchLookupAndDelete(cursor *MapBatchCursor, keysOut, valuesOut interface{}, opts *BatchOptions) (int, error) { + n, err := m.batchLookup(sys.BPF_MAP_LOOKUP_AND_DELETE_BATCH, cursor, keysOut, valuesOut, opts) + if err != nil { + return n, fmt.Errorf("map batch lookup and delete: %w", err) + } + return n, nil } -func (m *Map) batchLookup(cmd sys.Cmd, startKey, nextKeyOut, keysOut, valuesOut interface{}, opts *BatchOptions) (int, error) { - if err := haveBatchAPI(); err != nil { - return 0, err - } +// MapBatchCursor represents a starting point for a batch operation. +type MapBatchCursor struct { + m *Map + opaque []byte +} + +func (m *Map) batchLookup(cmd sys.Cmd, cursor *MapBatchCursor, keysOut, valuesOut interface{}, opts *BatchOptions) (int, error) { if m.typ.hasPerCPUValue() { - return 0, ErrNotSupported + return m.batchLookupPerCPU(cmd, cursor, keysOut, valuesOut, opts) } - keysValue := reflect.ValueOf(keysOut) - if keysValue.Kind() != reflect.Slice { - return 0, fmt.Errorf("keys must be a slice") + + count, err := batchCount(keysOut, valuesOut) + if err != nil { + return 0, err } - valuesValue := reflect.ValueOf(valuesOut) - if valuesValue.Kind() != reflect.Slice { - return 0, fmt.Errorf("valuesOut must be a slice") + + valueBuf := sysenc.SyscallOutput(valuesOut, count*int(m.fullValueSize)) + + n, err := m.batchLookupCmd(cmd, cursor, count, keysOut, valueBuf.Pointer(), opts) + if errors.Is(err, unix.ENOSPC) { + // Hash tables return ENOSPC when the size of the batch is smaller than + // any bucket. + return n, fmt.Errorf("%w (batch size too small?)", err) + } else if err != nil { + return n, err } - count := keysValue.Len() - if count != valuesValue.Len() { - return 0, fmt.Errorf("keysOut and valuesOut must be the same length") + + err = valueBuf.Unmarshal(valuesOut) + if err != nil { + return 0, err } - keyBuf := make([]byte, count*int(m.keySize)) - keyPtr := sys.NewSlicePointer(keyBuf) + + return n, nil +} + +func (m *Map) batchLookupPerCPU(cmd sys.Cmd, cursor *MapBatchCursor, keysOut, valuesOut interface{}, opts *BatchOptions) (int, error) { + count, err := sliceLen(keysOut) + if err != nil { + return 0, fmt.Errorf("keys: %w", err) + } + valueBuf := make([]byte, count*int(m.fullValueSize)) valuePtr := sys.NewSlicePointer(valueBuf) - nextBuf := makeMapSyscallOutput(nextKeyOut, int(m.keySize)) + + n, sysErr := m.batchLookupCmd(cmd, cursor, count, keysOut, valuePtr, opts) + if sysErr != nil && !errors.Is(sysErr, unix.ENOENT) { + return 0, err + } + + err = unmarshalBatchPerCPUValue(valuesOut, count, int(m.valueSize), valueBuf) + if err != nil { + return 0, err + } + + return n, sysErr +} + +func (m *Map) batchLookupCmd(cmd sys.Cmd, cursor *MapBatchCursor, count int, keysOut any, valuePtr sys.Pointer, opts *BatchOptions) (int, error) { + cursorLen := int(m.keySize) + if cursorLen < 4 { + // * generic_map_lookup_batch requires that batch_out is key_size bytes. + // This is used by array and LPM maps. + // + // * __htab_map_lookup_and_delete_batch requires u32. This is used by the + // various hash maps. + // + // Use a minimum of 4 bytes to avoid having to distinguish between the two. + cursorLen = 4 + } + + inBatch := cursor.opaque + if inBatch == nil { + // This is the first lookup, allocate a buffer to hold the cursor. + cursor.opaque = make([]byte, cursorLen) + cursor.m = m + } else if cursor.m != m { + // Prevent reuse of a cursor across maps. First, it's unlikely to work. + // Second, the maps may require different cursorLen and cursor.opaque + // may therefore be too short. This could lead to the kernel clobbering + // user space memory. + return 0, errors.New("a cursor may not be reused across maps") + } + + if err := haveBatchAPI(); err != nil { + return 0, err + } + + keyBuf := sysenc.SyscallOutput(keysOut, count*int(m.keySize)) attr := sys.MapLookupBatchAttr{ MapFd: m.fd.Uint(), - Keys: keyPtr, + Keys: keyBuf.Pointer(), Values: valuePtr, Count: uint32(count), - OutBatch: nextBuf.Pointer(), + InBatch: sys.NewSlicePointer(inBatch), + OutBatch: sys.NewSlicePointer(cursor.opaque), } if opts != nil { @@ -980,30 +1151,13 @@ func (m *Map) batchLookup(cmd sys.Cmd, startKey, nextKeyOut, keysOut, valuesOut attr.Flags = opts.Flags } - var err error - if startKey != nil { - attr.InBatch, err = marshalMapSyscallInput(startKey, int(m.keySize)) - if err != nil { - return 0, err - } - } - _, sysErr := sys.BPF(cmd, unsafe.Pointer(&attr), unsafe.Sizeof(attr)) sysErr = wrapMapError(sysErr) if sysErr != nil && !errors.Is(sysErr, unix.ENOENT) { return 0, sysErr } - err = nextBuf.Unmarshal(nextKeyOut) - if err != nil { - return 0, err - } - err = sysenc.Unmarshal(keysOut, keyBuf) - if err != nil { - return 0, err - } - err = sysenc.Unmarshal(valuesOut, valueBuf) - if err != nil { + if err := keyBuf.Unmarshal(keysOut); err != nil { return 0, err } @@ -1016,29 +1170,24 @@ func (m *Map) batchLookup(cmd sys.Cmd, startKey, nextKeyOut, keysOut, valuesOut // to a slice or buffer will not work. func (m *Map) BatchUpdate(keys, values interface{}, opts *BatchOptions) (int, error) { if m.typ.hasPerCPUValue() { - return 0, ErrNotSupported - } - keysValue := reflect.ValueOf(keys) - if keysValue.Kind() != reflect.Slice { - return 0, fmt.Errorf("keys must be a slice") + return m.batchUpdatePerCPU(keys, values, opts) } - valuesValue := reflect.ValueOf(values) - if valuesValue.Kind() != reflect.Slice { - return 0, fmt.Errorf("values must be a slice") - } - var ( - count = keysValue.Len() - valuePtr sys.Pointer - err error - ) - if count != valuesValue.Len() { - return 0, fmt.Errorf("keys and values must be the same length") + + count, err := batchCount(keys, values) + if err != nil { + return 0, err } - keyPtr, err := marshalMapSyscallInput(keys, count*int(m.keySize)) + + valuePtr, err := marshalMapSyscallInput(values, count*int(m.valueSize)) if err != nil { return 0, err } - valuePtr, err = marshalMapSyscallInput(values, count*int(m.valueSize)) + + return m.batchUpdate(count, keys, valuePtr, opts) +} + +func (m *Map) batchUpdate(count int, keys any, valuePtr sys.Pointer, opts *BatchOptions) (int, error) { + keyPtr, err := marshalMapSyscallInput(keys, count*int(m.keySize)) if err != nil { return 0, err } @@ -1065,17 +1214,28 @@ func (m *Map) BatchUpdate(keys, values interface{}, opts *BatchOptions) (int, er return int(attr.Count), nil } +func (m *Map) batchUpdatePerCPU(keys, values any, opts *BatchOptions) (int, error) { + count, err := sliceLen(keys) + if err != nil { + return 0, fmt.Errorf("keys: %w", err) + } + + valueBuf, err := marshalBatchPerCPUValue(values, count, int(m.valueSize)) + if err != nil { + return 0, err + } + + return m.batchUpdate(count, keys, sys.NewSlicePointer(valueBuf), opts) +} + // BatchDelete batch deletes entries in the map by keys. // "keys" must be of type slice, a pointer to a slice or buffer will not work. func (m *Map) BatchDelete(keys interface{}, opts *BatchOptions) (int, error) { - if m.typ.hasPerCPUValue() { - return 0, ErrNotSupported - } - keysValue := reflect.ValueOf(keys) - if keysValue.Kind() != reflect.Slice { - return 0, fmt.Errorf("keys must be a slice") + count, err := sliceLen(keys) + if err != nil { + return 0, fmt.Errorf("keys: %w", err) } - count := keysValue.Len() + keyPtr, err := marshalMapSyscallInput(keys, count*int(m.keySize)) if err != nil { return 0, fmt.Errorf("cannot marshal keys: %v", err) @@ -1102,6 +1262,24 @@ func (m *Map) BatchDelete(keys interface{}, opts *BatchOptions) (int, error) { return int(attr.Count), nil } +func batchCount(keys, values any) (int, error) { + keysLen, err := sliceLen(keys) + if err != nil { + return 0, fmt.Errorf("keys: %w", err) + } + + valuesLen, err := sliceLen(values) + if err != nil { + return 0, fmt.Errorf("values: %w", err) + } + + if keysLen != valuesLen { + return 0, fmt.Errorf("keys and values must have the same length") + } + + return keysLen, nil +} + // Iterate traverses a map. // // It's safe to create multiple iterators at the same time. @@ -1365,8 +1543,10 @@ func marshalMap(m *Map, length int) ([]byte, error) { // // See Map.Iterate. type MapIterator struct { - target *Map - curKey []byte + target *Map + // Temporary storage to avoid allocations in Next(). This is any instead + // of []byte to avoid allocations. + cursor any count, maxEntries uint32 done bool err error @@ -1394,34 +1574,30 @@ func (mi *MapIterator) Next(keyOut, valueOut interface{}) bool { return false } - // For array-like maps NextKeyBytes returns nil only on after maxEntries + // For array-like maps NextKey returns nil only after maxEntries // iterations. for mi.count <= mi.maxEntries { - var nextKey []byte - if mi.curKey == nil { - // Pass nil interface to NextKeyBytes to make sure the Map's first key + if mi.cursor == nil { + // Pass nil interface to NextKey to make sure the Map's first key // is returned. If we pass an uninitialized []byte instead, it'll see a // non-nil interface and try to marshal it. - nextKey, mi.err = mi.target.NextKeyBytes(nil) - - mi.curKey = make([]byte, mi.target.keySize) + mi.cursor = make([]byte, mi.target.keySize) + mi.err = mi.target.NextKey(nil, mi.cursor) } else { - nextKey, mi.err = mi.target.NextKeyBytes(mi.curKey) - } - if mi.err != nil { - mi.err = fmt.Errorf("get next key: %w", mi.err) - return false + mi.err = mi.target.NextKey(mi.cursor, mi.cursor) } - if nextKey == nil { + if errors.Is(mi.err, ErrKeyNotExist) { mi.done = true + mi.err = nil + return false + } else if mi.err != nil { + mi.err = fmt.Errorf("get next key: %w", mi.err) return false } - mi.curKey = nextKey - mi.count++ - mi.err = mi.target.Lookup(nextKey, valueOut) + mi.err = mi.target.Lookup(mi.cursor, valueOut) if errors.Is(mi.err, ErrKeyNotExist) { // Even though the key should be valid, we couldn't look up // its value. If we're iterating a hash map this is probably @@ -1438,10 +1614,11 @@ func (mi *MapIterator) Next(keyOut, valueOut interface{}) bool { return false } + buf := mi.cursor.([]byte) if ptr, ok := keyOut.(unsafe.Pointer); ok { - copy(unsafe.Slice((*byte)(ptr), len(nextKey)), nextKey) + copy(unsafe.Slice((*byte)(ptr), len(buf)), buf) } else { - mi.err = sysenc.Unmarshal(keyOut, nextKey) + mi.err = sysenc.Unmarshal(keyOut, buf) } return mi.err == nil @@ -1481,3 +1658,12 @@ func NewMapFromID(id MapID) (*Map, error) { return newMapFromFD(fd) } + +// sliceLen returns the length if the value is a slice or an error otherwise. +func sliceLen(slice any) (int, error) { + sliceValue := reflect.ValueOf(slice) + if sliceValue.Kind() != reflect.Slice { + return 0, fmt.Errorf("%T is not a slice", slice) + } + return sliceValue.Len(), nil +} diff --git a/vendor/github.com/cilium/ebpf/marshalers.go b/vendor/github.com/cilium/ebpf/marshalers.go index e89a12f0fb1..57a0a8e88af 100644 --- a/vendor/github.com/cilium/ebpf/marshalers.go +++ b/vendor/github.com/cilium/ebpf/marshalers.go @@ -5,6 +5,7 @@ import ( "errors" "fmt" "reflect" + "slices" "unsafe" "github.com/cilium/ebpf/internal" @@ -43,79 +44,125 @@ func makeMapSyscallOutput(dst any, length int) sysenc.Buffer { return sysenc.SyscallOutput(dst, length) } -// marshalPerCPUValue encodes a slice containing one value per +// appendPerCPUSlice encodes a slice containing one value per // possible CPU into a buffer of bytes. // // Values are initialized to zero if the slice has less elements than CPUs. -func marshalPerCPUValue(slice any, elemLength int) (sys.Pointer, error) { +func appendPerCPUSlice(buf []byte, slice any, possibleCPUs, elemLength, alignedElemLength int) ([]byte, error) { sliceType := reflect.TypeOf(slice) if sliceType.Kind() != reflect.Slice { - return sys.Pointer{}, errors.New("per-CPU value requires slice") - } - - possibleCPUs, err := internal.PossibleCPUs() - if err != nil { - return sys.Pointer{}, err + return nil, errors.New("per-CPU value requires slice") } sliceValue := reflect.ValueOf(slice) sliceLen := sliceValue.Len() if sliceLen > possibleCPUs { - return sys.Pointer{}, fmt.Errorf("per-CPU value exceeds number of CPUs") + return nil, fmt.Errorf("per-CPU value greater than number of CPUs") } - alignedElemLength := internal.Align(elemLength, 8) - buf := make([]byte, alignedElemLength*possibleCPUs) - + // Grow increases the slice's capacity, _if_necessary_ + buf = slices.Grow(buf, alignedElemLength*possibleCPUs) for i := 0; i < sliceLen; i++ { elem := sliceValue.Index(i).Interface() elemBytes, err := sysenc.Marshal(elem, elemLength) if err != nil { - return sys.Pointer{}, err + return nil, err } - offset := i * alignedElemLength - elemBytes.CopyTo(buf[offset : offset+elemLength]) + buf = elemBytes.AppendTo(buf) + buf = append(buf, make([]byte, alignedElemLength-elemLength)...) + } + + // Ensure buf is zero-padded full size. + buf = append(buf, make([]byte, (possibleCPUs-sliceLen)*alignedElemLength)...) + + return buf, nil +} + +// marshalPerCPUValue encodes a slice containing one value per +// possible CPU into a buffer of bytes. +// +// Values are initialized to zero if the slice has less elements than CPUs. +func marshalPerCPUValue(slice any, elemLength int) (sys.Pointer, error) { + possibleCPUs, err := PossibleCPU() + if err != nil { + return sys.Pointer{}, err + } + + alignedElemLength := internal.Align(elemLength, 8) + buf := make([]byte, 0, alignedElemLength*possibleCPUs) + buf, err = appendPerCPUSlice(buf, slice, possibleCPUs, elemLength, alignedElemLength) + if err != nil { + return sys.Pointer{}, err } return sys.NewSlicePointer(buf), nil } +// marshalBatchPerCPUValue encodes a batch-sized slice of slices containing +// one value per possible CPU into a buffer of bytes. +func marshalBatchPerCPUValue(slice any, batchLen, elemLength int) ([]byte, error) { + sliceType := reflect.TypeOf(slice) + if sliceType.Kind() != reflect.Slice { + return nil, fmt.Errorf("batch value requires a slice") + } + sliceValue := reflect.ValueOf(slice) + + possibleCPUs, err := PossibleCPU() + if err != nil { + return nil, err + } + if sliceValue.Len() != batchLen*possibleCPUs { + return nil, fmt.Errorf("per-CPU slice has incorrect length, expected %d, got %d", + batchLen*possibleCPUs, sliceValue.Len()) + } + alignedElemLength := internal.Align(elemLength, 8) + buf := make([]byte, 0, batchLen*alignedElemLength*possibleCPUs) + for i := 0; i < batchLen; i++ { + batch := sliceValue.Slice(i*possibleCPUs, (i+1)*possibleCPUs).Interface() + buf, err = appendPerCPUSlice(buf, batch, possibleCPUs, elemLength, alignedElemLength) + if err != nil { + return nil, fmt.Errorf("batch %d: %w", i, err) + } + } + return buf, nil +} + // unmarshalPerCPUValue decodes a buffer into a slice containing one value per // possible CPU. // -// slicePtr must be a pointer to a slice. -func unmarshalPerCPUValue(slicePtr any, elemLength int, buf []byte) error { - slicePtrType := reflect.TypeOf(slicePtr) - if slicePtrType.Kind() != reflect.Ptr || slicePtrType.Elem().Kind() != reflect.Slice { - return fmt.Errorf("per-cpu value requires pointer to slice") +// slice must be a literal slice and not a pointer. +func unmarshalPerCPUValue(slice any, elemLength int, buf []byte) error { + sliceType := reflect.TypeOf(slice) + if sliceType.Kind() != reflect.Slice { + return fmt.Errorf("per-CPU value requires a slice") } - possibleCPUs, err := internal.PossibleCPUs() + possibleCPUs, err := PossibleCPU() if err != nil { return err } - sliceType := slicePtrType.Elem() - slice := reflect.MakeSlice(sliceType, possibleCPUs, possibleCPUs) + sliceValue := reflect.ValueOf(slice) + if sliceValue.Len() != possibleCPUs { + return fmt.Errorf("per-CPU slice has incorrect length, expected %d, got %d", + possibleCPUs, sliceValue.Len()) + } sliceElemType := sliceType.Elem() sliceElemIsPointer := sliceElemType.Kind() == reflect.Ptr - if sliceElemIsPointer { - sliceElemType = sliceElemType.Elem() - } - stride := internal.Align(elemLength, 8) for i := 0; i < possibleCPUs; i++ { var elem any + v := sliceValue.Index(i) if sliceElemIsPointer { - newElem := reflect.New(sliceElemType) - slice.Index(i).Set(newElem) - elem = newElem.Interface() + if !v.Elem().CanAddr() { + return fmt.Errorf("per-CPU slice elements cannot be nil") + } + elem = v.Elem().Addr().Interface() } else { - elem = slice.Index(i).Addr().Interface() + elem = v.Addr().Interface() } - err := sysenc.Unmarshal(elem, buf[:elemLength]) if err != nil { return fmt.Errorf("cpu %d: %w", i, err) @@ -123,7 +170,41 @@ func unmarshalPerCPUValue(slicePtr any, elemLength int, buf []byte) error { buf = buf[stride:] } + return nil +} - reflect.ValueOf(slicePtr).Elem().Set(slice) +// unmarshalBatchPerCPUValue decodes a buffer into a batch-sized slice +// containing one value per possible CPU. +// +// slice must have length batchLen * PossibleCPUs(). +func unmarshalBatchPerCPUValue(slice any, batchLen, elemLength int, buf []byte) error { + sliceType := reflect.TypeOf(slice) + if sliceType.Kind() != reflect.Slice { + return fmt.Errorf("batch requires a slice") + } + + sliceValue := reflect.ValueOf(slice) + possibleCPUs, err := PossibleCPU() + if err != nil { + return err + } + if sliceValue.Len() != batchLen*possibleCPUs { + return fmt.Errorf("per-CPU slice has incorrect length, expected %d, got %d", + sliceValue.Len(), batchLen*possibleCPUs) + } + + fullValueSize := possibleCPUs * internal.Align(elemLength, 8) + if len(buf) != batchLen*fullValueSize { + return fmt.Errorf("input buffer has incorrect length, expected %d, got %d", + len(buf), batchLen*fullValueSize) + } + + for i := 0; i < batchLen; i++ { + elem := sliceValue.Slice(i*possibleCPUs, (i+1)*possibleCPUs).Interface() + if err := unmarshalPerCPUValue(elem, elemLength, buf[:fullValueSize]); err != nil { + return fmt.Errorf("batch %d: %w", i, err) + } + buf = buf[fullValueSize:] + } return nil } diff --git a/vendor/github.com/cilium/ebpf/prog.go b/vendor/github.com/cilium/ebpf/prog.go index 6d46a0422b9..9bc6325f887 100644 --- a/vendor/github.com/cilium/ebpf/prog.go +++ b/vendor/github.com/cilium/ebpf/prog.go @@ -15,6 +15,7 @@ import ( "github.com/cilium/ebpf/asm" "github.com/cilium/ebpf/btf" "github.com/cilium/ebpf/internal" + "github.com/cilium/ebpf/internal/kallsyms" "github.com/cilium/ebpf/internal/sys" "github.com/cilium/ebpf/internal/sysenc" "github.com/cilium/ebpf/internal/unix" @@ -23,6 +24,18 @@ import ( // ErrNotSupported is returned whenever the kernel doesn't support a feature. var ErrNotSupported = internal.ErrNotSupported +// errBadRelocation is returned when the verifier rejects a program due to a +// bad CO-RE relocation. +// +// This error is detected based on heuristics and therefore may not be reliable. +var errBadRelocation = errors.New("bad CO-RE relocation") + +// errUnknownKfunc is returned when the verifier rejects a program due to an +// unknown kfunc. +// +// This error is detected based on heuristics and therefore may not be reliable. +var errUnknownKfunc = errors.New("unknown kfunc") + // ProgramID represents the unique ID of an eBPF program. type ProgramID uint32 @@ -33,13 +46,13 @@ const ( outputPad = 256 + 2 ) -// DefaultVerifierLogSize is the default number of bytes allocated for the -// verifier log. +// Deprecated: the correct log size is now detected automatically and this +// constant is unused. const DefaultVerifierLogSize = 64 * 1024 -// maxVerifierLogSize is the maximum size of verifier log buffer the kernel -// will accept before returning EINVAL. -const maxVerifierLogSize = math.MaxUint32 >> 2 +// minVerifierLogSize is the default number of bytes allocated for the +// verifier log. +const minVerifierLogSize = 64 * 1024 // ProgramOptions control loading a program into the kernel. type ProgramOptions struct { @@ -53,22 +66,15 @@ type ProgramOptions struct { // verifier output enabled. Upon error, the program load will be repeated // with LogLevelBranch and the given (or default) LogSize value. // - // Setting this to a non-zero value will unconditionally enable the verifier + // Unless LogDisabled is set, setting this to a non-zero value will enable the verifier // log, populating the [ebpf.Program.VerifierLog] field on successful loads // and including detailed verifier errors if the program is rejected. This // will always allocate an output buffer, but will result in only a single // attempt at loading the program. LogLevel LogLevel - // Controls the output buffer size for the verifier log, in bytes. See the - // documentation on ProgramOptions.LogLevel for details about how this value - // is used. - // - // If this value is set too low to fit the verifier log, the resulting - // [ebpf.VerifierError]'s Truncated flag will be true, and the error string - // will also contain a hint to that effect. - // - // Defaults to DefaultVerifierLogSize. + // Deprecated: the correct log buffer size is determined automatically + // and this field is ignored. LogSize int // Disables the verifier log completely, regardless of other options. @@ -80,6 +86,14 @@ type ProgramOptions struct { // (containers) or where it is in a non-standard location. Defaults to // use the kernel BTF from a well-known location if nil. KernelTypes *btf.Spec + + // Type information used for CO-RE relocations of kernel modules, + // indexed by module name. + // + // This is useful in environments where the kernel BTF is not available + // (containers) or where it is in a non-standard location. Defaults to + // use the kernel module BTF from a well-known location if nil. + KernelModuleTypes map[string]*btf.Spec } // ProgramSpec defines a Program. @@ -148,6 +162,28 @@ func (ps *ProgramSpec) Tag() (string, error) { return ps.Instructions.Tag(internal.NativeEndian) } +// KernelModule returns the kernel module, if any, the AttachTo function is contained in. +func (ps *ProgramSpec) KernelModule() (string, error) { + if ps.AttachTo == "" { + return "", nil + } + + switch ps.Type { + default: + return "", nil + case Tracing: + switch ps.AttachType { + default: + return "", nil + case AttachTraceFEntry: + case AttachTraceFExit: + } + fallthrough + case Kprobe: + return kallsyms.KernelModule(ps.AttachTo) + } +} + // VerifierError is returned by [NewProgram] and [NewProgramWithOptions] if a // program is rejected by the verifier. // @@ -197,6 +233,15 @@ func NewProgramWithOptions(spec *ProgramSpec, opts ProgramOptions) (*Program, er return prog, err } +var ( + coreBadLoad = []byte(fmt.Sprintf("(18) r10 = 0x%x\n", btf.COREBadRelocationSentinel)) + // This log message was introduced by ebb676daa1a3 ("bpf: Print function name in + // addition to function id") which first appeared in v4.10 and has remained + // unchanged since. + coreBadCall = []byte(fmt.Sprintf("invalid func unknown#%d\n", btf.COREBadRelocationSentinel)) + kfuncBadCall = []byte(fmt.Sprintf("invalid func unknown#%d\n", kfuncCallPoisonBase)) +) + func newProgramWithOptions(spec *ProgramSpec, opts ProgramOptions) (*Program, error) { if len(spec.Instructions) == 0 { return nil, errors.New("instructions cannot be empty") @@ -210,10 +255,6 @@ func newProgramWithOptions(spec *ProgramSpec, opts ProgramOptions) (*Program, er return nil, fmt.Errorf("can't load %s program on %s", spec.ByteOrder, internal.NativeEndian) } - if opts.LogSize < 0 { - return nil, errors.New("ProgramOptions.LogSize must be a positive value; disable verifier logs using ProgramOptions.LogDisabled") - } - // Kernels before 5.0 (6c4fc209fcf9 "bpf: remove useless version check for prog load") // require the version field to be set to the value of the KERNEL_VERSION // macro for kprobe-type programs. @@ -242,14 +283,41 @@ func newProgramWithOptions(spec *ProgramSpec, opts ProgramOptions) (*Program, er insns := make(asm.Instructions, len(spec.Instructions)) copy(insns, spec.Instructions) - handle, fib, lib, err := btf.MarshalExtInfos(insns) - if err != nil && !errors.Is(err, btf.ErrNotSupported) { - return nil, fmt.Errorf("load ext_infos: %w", err) + kmodName, err := spec.KernelModule() + if err != nil { + return nil, fmt.Errorf("kernel module search: %w", err) } - if handle != nil { - defer handle.Close() - attr.ProgBtfFd = uint32(handle.FD()) + var targets []*btf.Spec + if opts.KernelTypes != nil { + targets = append(targets, opts.KernelTypes) + } + if kmodName != "" && opts.KernelModuleTypes != nil { + if modBTF, ok := opts.KernelModuleTypes[kmodName]; ok { + targets = append(targets, modBTF) + } + } + + var b btf.Builder + if err := applyRelocations(insns, targets, kmodName, spec.ByteOrder, &b); err != nil { + return nil, fmt.Errorf("apply CO-RE relocations: %w", err) + } + + errExtInfos := haveProgramExtInfos() + if !b.Empty() && errors.Is(errExtInfos, ErrNotSupported) { + // There is at least one CO-RE relocation which relies on a stable local + // type ID. + // Return ErrNotSupported instead of E2BIG if there is no BTF support. + return nil, errExtInfos + } + + if errExtInfos == nil { + // Only add func and line info if the kernel supports it. This allows + // BPF compiled with modern toolchains to work on old kernels. + fib, lib, err := btf.MarshalExtInfos(insns, &b) + if err != nil { + return nil, fmt.Errorf("marshal ext_infos: %w", err) + } attr.FuncInfoRecSize = btf.FuncInfoSize attr.FuncInfoCnt = uint32(len(fib)) / btf.FuncInfoSize @@ -260,8 +328,14 @@ func newProgramWithOptions(spec *ProgramSpec, opts ProgramOptions) (*Program, er attr.LineInfo = sys.NewSlicePointer(lib) } - if err := applyRelocations(insns, opts.KernelTypes, spec.ByteOrder); err != nil { - return nil, fmt.Errorf("apply CO-RE relocations: %w", err) + if !b.Empty() { + handle, err := btf.NewHandle(&b) + if err != nil { + return nil, fmt.Errorf("load BTF: %w", err) + } + defer handle.Close() + + attr.ProgBtfFd = uint32(handle.FD()) } kconfig, err := resolveKconfigReferences(insns) @@ -319,39 +393,67 @@ func newProgramWithOptions(spec *ProgramSpec, opts ProgramOptions) (*Program, er } } - if opts.LogSize == 0 { - opts.LogSize = DefaultVerifierLogSize - } - - // The caller requested a specific verifier log level. Set up the log buffer. + // The caller requested a specific verifier log level. Set up the log buffer + // so that there is a chance of loading the program in a single shot. var logBuf []byte if !opts.LogDisabled && opts.LogLevel != 0 { - logBuf = make([]byte, opts.LogSize) + logBuf = make([]byte, minVerifierLogSize) attr.LogLevel = opts.LogLevel attr.LogSize = uint32(len(logBuf)) attr.LogBuf = sys.NewSlicePointer(logBuf) } - fd, err := sys.ProgLoad(attr) - if err == nil { - return &Program{unix.ByteSliceToString(logBuf), fd, spec.Name, "", spec.Type}, nil - } + for { + var fd *sys.FD + fd, err = sys.ProgLoad(attr) + if err == nil { + return &Program{unix.ByteSliceToString(logBuf), fd, spec.Name, "", spec.Type}, nil + } - // An error occurred loading the program, but the caller did not explicitly - // enable the verifier log. Re-run with branch-level verifier logs enabled to - // obtain more info. Preserve the original error to return it to the caller. - // An undersized log buffer will result in ENOSPC regardless of the underlying - // cause. - var err2 error - if !opts.LogDisabled && opts.LogLevel == 0 { - logBuf = make([]byte, opts.LogSize) - attr.LogLevel = LogLevelBranch - attr.LogSize = uint32(len(logBuf)) + if opts.LogDisabled { + break + } + + if attr.LogTrueSize != 0 && attr.LogSize >= attr.LogTrueSize { + // The log buffer already has the correct size. + break + } + + if attr.LogSize != 0 && !errors.Is(err, unix.ENOSPC) { + // Logging is enabled and the error is not ENOSPC, so we can infer + // that the log buffer is large enough. + break + } + + if attr.LogLevel == 0 { + // Logging is not enabled but loading the program failed. Enable + // basic logging. + attr.LogLevel = LogLevelBranch + } + + // Make an educated guess how large the buffer should be. Start + // at minVerifierLogSize and then double the size. + logSize := uint32(max(len(logBuf)*2, minVerifierLogSize)) + if int(logSize) < len(logBuf) { + return nil, errors.New("overflow while probing log buffer size") + } + + if attr.LogTrueSize != 0 { + // The kernel has given us a hint how large the log buffer has to be. + logSize = attr.LogTrueSize + } + + logBuf = make([]byte, logSize) + attr.LogSize = logSize attr.LogBuf = sys.NewSlicePointer(logBuf) + } - _, err2 = sys.ProgLoad(attr) + end := bytes.IndexByte(logBuf, 0) + if end < 0 { + end = len(logBuf) } + tail := logBuf[max(end-256, 0):end] switch { case errors.Is(err, unix.EPERM): if len(logBuf) > 0 && logBuf[0] == 0 { @@ -360,22 +462,31 @@ func newProgramWithOptions(spec *ProgramSpec, opts ProgramOptions) (*Program, er return nil, fmt.Errorf("load program: %w (MEMLOCK may be too low, consider rlimit.RemoveMemlock)", err) } - fallthrough - case errors.Is(err, unix.EINVAL): - if hasFunctionReferences(spec.Instructions) { - if err := haveBPFToBPFCalls(); err != nil { - return nil, fmt.Errorf("load program: %w", err) - } + if bytes.Contains(tail, coreBadCall) { + err = errBadRelocation + break + } else if bytes.Contains(tail, kfuncBadCall) { + err = errUnknownKfunc + break } - if opts.LogSize > maxVerifierLogSize { - return nil, fmt.Errorf("load program: %w (ProgramOptions.LogSize exceeds maximum value of %d)", err, maxVerifierLogSize) + case errors.Is(err, unix.EACCES): + if bytes.Contains(tail, coreBadLoad) { + err = errBadRelocation + break } } - truncated := errors.Is(err, unix.ENOSPC) || errors.Is(err2, unix.ENOSPC) - return nil, internal.ErrorWithLog("load program", err, logBuf, truncated) + // hasFunctionReferences may be expensive, so check it last. + if (errors.Is(err, unix.EINVAL) || errors.Is(err, unix.EPERM)) && + hasFunctionReferences(spec.Instructions) { + if err := haveBPFToBPFCalls(); err != nil { + return nil, fmt.Errorf("load program: %w", err) + } + } + + return nil, internal.ErrorWithLog("load program", err, logBuf) } // NewProgramFromFD creates a program from a raw fd. @@ -554,7 +665,7 @@ type RunOptions struct { } // Test runs the Program in the kernel with the given input and returns the -// value returned by the eBPF program. outLen may be zero. +// value returned by the eBPF program. // // Note: the kernel expects at least 14 bytes input for an ethernet header for // XDP and SKB programs. @@ -703,10 +814,6 @@ func (p *Program) run(opts *RunOptions) (uint32, time.Duration, error) { Cpu: opts.CPU, } - if attr.Repeat == 0 { - attr.Repeat = 1 - } - retry: for { err := sys.ProgRun(&attr) @@ -715,7 +822,7 @@ retry: } if errors.Is(err, unix.EINTR) { - if attr.Repeat == 1 { + if attr.Repeat <= 1 { // Older kernels check whether enough repetitions have been // executed only after checking for pending signals. // diff --git a/vendor/github.com/cilium/ebpf/run-tests.sh b/vendor/github.com/cilium/ebpf/run-tests.sh deleted file mode 100644 index 629a069dd14..00000000000 --- a/vendor/github.com/cilium/ebpf/run-tests.sh +++ /dev/null @@ -1,178 +0,0 @@ -#!/usr/bin/env bash -# Test the current package under a different kernel. -# Requires virtme and qemu to be installed. -# Examples: -# Run all tests on a 5.4 kernel -# $ ./run-tests.sh 5.4 -# Run a subset of tests: -# $ ./run-tests.sh 5.4 ./link -# Run using a local kernel image -# $ ./run-tests.sh /path/to/bzImage - -set -euo pipefail - -script="$(realpath "$0")" -readonly script - -quote_env() { - for var in "$@"; do - if [ -v "$var" ]; then - printf "%s=%q " "$var" "${!var}" - fi - done -} - -declare -a preserved_env=( - PATH - CI_MAX_KERNEL_VERSION - TEST_SEED - KERNEL_VERSION -) - -# This script is a bit like a Matryoshka doll since it keeps re-executing itself -# in various different contexts: -# -# 1. invoked by the user like run-tests.sh 5.4 -# 2. invoked by go test like run-tests.sh --exec-vm -# 3. invoked by init in the vm like run-tests.sh --exec-test -# -# This allows us to use all available CPU on the host machine to compile our -# code, and then only use the VM to execute the test. This is because the VM -# is usually slower at compiling than the host. -if [[ "${1:-}" = "--exec-vm" ]]; then - shift - - input="$1" - shift - - # Use sudo if /dev/kvm isn't accessible by the current user. - sudo="" - if [[ ! -r /dev/kvm || ! -w /dev/kvm ]]; then - sudo="sudo" - fi - readonly sudo - - testdir="$(dirname "$1")" - output="$(mktemp -d)" - printf -v cmd "%q " "$@" - - if [[ "$(stat -c '%t:%T' -L /proc/$$/fd/0)" == "1:3" ]]; then - # stdin is /dev/null, which doesn't play well with qemu. Use a fifo as a - # blocking substitute. - mkfifo "${output}/fake-stdin" - # Open for reading and writing to avoid blocking. - exec 0<> "${output}/fake-stdin" - rm "${output}/fake-stdin" - fi - - for ((i = 0; i < 3; i++)); do - if ! $sudo virtme-run --kimg "${input}/boot/vmlinuz" --memory 768M --pwd \ - --rwdir="${testdir}=${testdir}" \ - --rodir=/run/input="${input}" \ - --rwdir=/run/output="${output}" \ - --script-sh "$(quote_env "${preserved_env[@]}") \"$script\" --exec-test $cmd" \ - --kopt possible_cpus=2; then # need at least two CPUs for some tests - exit 23 - fi - - if [[ -e "${output}/status" ]]; then - break - fi - - if [[ -v CI ]]; then - echo "Retrying test run due to qemu crash" - continue - fi - - exit 42 - done - - rc=$(<"${output}/status") - $sudo rm -r "$output" - exit $rc -elif [[ "${1:-}" = "--exec-test" ]]; then - shift - - mount -t bpf bpf /sys/fs/bpf - mount -t tracefs tracefs /sys/kernel/debug/tracing - - if [[ -d "/run/input/bpf" ]]; then - export KERNEL_SELFTESTS="/run/input/bpf" - fi - - if [[ -d "/run/input/lib/modules" ]]; then - find /run/input/lib/modules -type f -name bpf_testmod.ko -exec insmod {} \; - fi - - dmesg --clear - rc=0 - "$@" || rc=$? - dmesg - echo $rc > "/run/output/status" - exit $rc # this return code is "swallowed" by qemu -fi - -if [[ -z "${1:-}" ]]; then - echo "Expecting kernel version or path as first argument" - exit 1 -fi - -readonly input="$(mktemp -d)" -readonly tmp_dir="${TMPDIR:-/tmp}" - -fetch() { - echo Fetching "${1}" - pushd "${tmp_dir}" > /dev/null - curl --no-progress-meter -L -O --fail --etag-compare "${1}.etag" --etag-save "${1}.etag" "https://github.com/cilium/ci-kernels/raw/${BRANCH:-master}/${1}" - local ret=$? - popd > /dev/null - return $ret -} - -machine="$(uname -m)" -readonly machine - -if [[ -f "${1}" ]]; then - readonly kernel="${1}" - cp "${1}" "${input}/bzImage" -else -# LINUX_VERSION_CODE test compares this to discovered value. - export KERNEL_VERSION="${1}" - - if [ "${machine}" = "x86_64" ]; then - readonly kernel="linux-${1}-amd64.tgz" - readonly selftests="linux-${1}-amd64-selftests-bpf.tgz" - elif [ "${machine}" = "aarch64" ]; then - readonly kernel="linux-${1}-arm64.tgz" - readonly selftests="" - else - echo "Arch ${machine} is not supported" - exit 1 - fi - - fetch "${kernel}" - tar xf "${tmp_dir}/${kernel}" -C "${input}" - - if [ -n "${selftests}" ] && fetch "${selftests}"; then - echo "Decompressing selftests" - mkdir "${input}/bpf" - tar --strip-components=5 -xf "${tmp_dir}/${selftests}" -C "${input}/bpf" - else - echo "No selftests found, disabling" - fi -fi -shift - -args=(-short -coverpkg=./... -coverprofile=coverage.out -count 1 ./...) -if (( $# > 0 )); then - args=("$@") -fi - -export GOFLAGS=-mod=readonly -export CGO_ENABLED=0 - -echo Testing on "${kernel}" -go test -exec "$script --exec-vm $input" "${args[@]}" -echo "Test successful on ${kernel}" - -rm -r "${input}" diff --git a/vendor/github.com/cilium/ebpf/syscalls.go b/vendor/github.com/cilium/ebpf/syscalls.go index cdf1fcf2ef5..4aef7faebc8 100644 --- a/vendor/github.com/cilium/ebpf/syscalls.go +++ b/vendor/github.com/cilium/ebpf/syscalls.go @@ -4,6 +4,7 @@ import ( "bytes" "errors" "fmt" + "math" "os" "runtime" @@ -302,3 +303,35 @@ var haveSyscallWrapper = internal.NewFeatureTest("syscall wrapper", "4.17", func return evt.Close() }) + +var haveProgramExtInfos = internal.NewFeatureTest("program ext_infos", "5.0", func() error { + insns := asm.Instructions{ + asm.Mov.Imm(asm.R0, 0), + asm.Return(), + } + + buf := bytes.NewBuffer(make([]byte, 0, insns.Size())) + if err := insns.Marshal(buf, internal.NativeEndian); err != nil { + return err + } + bytecode := buf.Bytes() + + _, err := sys.ProgLoad(&sys.ProgLoadAttr{ + ProgType: sys.ProgType(SocketFilter), + License: sys.NewStringPointer("MIT"), + Insns: sys.NewSlicePointer(bytecode), + InsnCnt: uint32(len(bytecode) / asm.InstructionSize), + FuncInfoCnt: 1, + ProgBtfFd: math.MaxUint32, + }) + + if errors.Is(err, unix.EBADF) { + return nil + } + + if errors.Is(err, unix.E2BIG) { + return ErrNotSupported + } + + return err +}) diff --git a/vendor/github.com/cilium/ebpf/types.go b/vendor/github.com/cilium/ebpf/types.go index e9215519a2f..542c2397cab 100644 --- a/vendor/github.com/cilium/ebpf/types.go +++ b/vendor/github.com/cilium/ebpf/types.go @@ -125,38 +125,39 @@ type ProgramType uint32 // eBPF program types const ( - UnspecifiedProgram ProgramType = iota - SocketFilter - Kprobe - SchedCLS - SchedACT - TracePoint - XDP - PerfEvent - CGroupSKB - CGroupSock - LWTIn - LWTOut - LWTXmit - SockOps - SkSKB - CGroupDevice - SkMsg - RawTracepoint - CGroupSockAddr - LWTSeg6Local - LircMode2 - SkReuseport - FlowDissector - CGroupSysctl - RawTracepointWritable - CGroupSockopt - Tracing - StructOps - Extension - LSM - SkLookup - Syscall + UnspecifiedProgram = ProgramType(sys.BPF_PROG_TYPE_UNSPEC) + SocketFilter = ProgramType(sys.BPF_PROG_TYPE_SOCKET_FILTER) + Kprobe = ProgramType(sys.BPF_PROG_TYPE_KPROBE) + SchedCLS = ProgramType(sys.BPF_PROG_TYPE_SCHED_CLS) + SchedACT = ProgramType(sys.BPF_PROG_TYPE_SCHED_ACT) + TracePoint = ProgramType(sys.BPF_PROG_TYPE_TRACEPOINT) + XDP = ProgramType(sys.BPF_PROG_TYPE_XDP) + PerfEvent = ProgramType(sys.BPF_PROG_TYPE_PERF_EVENT) + CGroupSKB = ProgramType(sys.BPF_PROG_TYPE_CGROUP_SKB) + CGroupSock = ProgramType(sys.BPF_PROG_TYPE_CGROUP_SOCK) + LWTIn = ProgramType(sys.BPF_PROG_TYPE_LWT_IN) + LWTOut = ProgramType(sys.BPF_PROG_TYPE_LWT_OUT) + LWTXmit = ProgramType(sys.BPF_PROG_TYPE_LWT_XMIT) + SockOps = ProgramType(sys.BPF_PROG_TYPE_SOCK_OPS) + SkSKB = ProgramType(sys.BPF_PROG_TYPE_SK_SKB) + CGroupDevice = ProgramType(sys.BPF_PROG_TYPE_CGROUP_DEVICE) + SkMsg = ProgramType(sys.BPF_PROG_TYPE_SK_MSG) + RawTracepoint = ProgramType(sys.BPF_PROG_TYPE_RAW_TRACEPOINT) + CGroupSockAddr = ProgramType(sys.BPF_PROG_TYPE_CGROUP_SOCK_ADDR) + LWTSeg6Local = ProgramType(sys.BPF_PROG_TYPE_LWT_SEG6LOCAL) + LircMode2 = ProgramType(sys.BPF_PROG_TYPE_LIRC_MODE2) + SkReuseport = ProgramType(sys.BPF_PROG_TYPE_SK_REUSEPORT) + FlowDissector = ProgramType(sys.BPF_PROG_TYPE_FLOW_DISSECTOR) + CGroupSysctl = ProgramType(sys.BPF_PROG_TYPE_CGROUP_SYSCTL) + RawTracepointWritable = ProgramType(sys.BPF_PROG_TYPE_RAW_TRACEPOINT_WRITABLE) + CGroupSockopt = ProgramType(sys.BPF_PROG_TYPE_CGROUP_SOCKOPT) + Tracing = ProgramType(sys.BPF_PROG_TYPE_TRACING) + StructOps = ProgramType(sys.BPF_PROG_TYPE_STRUCT_OPS) + Extension = ProgramType(sys.BPF_PROG_TYPE_EXT) + LSM = ProgramType(sys.BPF_PROG_TYPE_LSM) + SkLookup = ProgramType(sys.BPF_PROG_TYPE_SK_LOOKUP) + Syscall = ProgramType(sys.BPF_PROG_TYPE_SYSCALL) + Netfilter = ProgramType(sys.BPF_PROG_TYPE_NETFILTER) ) // AttachType of the eBPF program, needed to differentiate allowed context accesses in @@ -170,49 +171,62 @@ type AttachType uint32 const AttachNone AttachType = 0 const ( - AttachCGroupInetIngress AttachType = iota - AttachCGroupInetEgress - AttachCGroupInetSockCreate - AttachCGroupSockOps - AttachSkSKBStreamParser - AttachSkSKBStreamVerdict - AttachCGroupDevice - AttachSkMsgVerdict - AttachCGroupInet4Bind - AttachCGroupInet6Bind - AttachCGroupInet4Connect - AttachCGroupInet6Connect - AttachCGroupInet4PostBind - AttachCGroupInet6PostBind - AttachCGroupUDP4Sendmsg - AttachCGroupUDP6Sendmsg - AttachLircMode2 - AttachFlowDissector - AttachCGroupSysctl - AttachCGroupUDP4Recvmsg - AttachCGroupUDP6Recvmsg - AttachCGroupGetsockopt - AttachCGroupSetsockopt - AttachTraceRawTp - AttachTraceFEntry - AttachTraceFExit - AttachModifyReturn - AttachLSMMac - AttachTraceIter - AttachCgroupInet4GetPeername - AttachCgroupInet6GetPeername - AttachCgroupInet4GetSockname - AttachCgroupInet6GetSockname - AttachXDPDevMap - AttachCgroupInetSockRelease - AttachXDPCPUMap - AttachSkLookup - AttachXDP - AttachSkSKBVerdict - AttachSkReuseportSelect - AttachSkReuseportSelectOrMigrate - AttachPerfEvent - AttachTraceKprobeMulti + AttachCGroupInetIngress = AttachType(sys.BPF_CGROUP_INET_INGRESS) + AttachCGroupInetEgress = AttachType(sys.BPF_CGROUP_INET_EGRESS) + AttachCGroupInetSockCreate = AttachType(sys.BPF_CGROUP_INET_SOCK_CREATE) + AttachCGroupSockOps = AttachType(sys.BPF_CGROUP_SOCK_OPS) + AttachSkSKBStreamParser = AttachType(sys.BPF_SK_SKB_STREAM_PARSER) + AttachSkSKBStreamVerdict = AttachType(sys.BPF_SK_SKB_STREAM_VERDICT) + AttachCGroupDevice = AttachType(sys.BPF_CGROUP_DEVICE) + AttachSkMsgVerdict = AttachType(sys.BPF_SK_MSG_VERDICT) + AttachCGroupInet4Bind = AttachType(sys.BPF_CGROUP_INET4_BIND) + AttachCGroupInet6Bind = AttachType(sys.BPF_CGROUP_INET6_BIND) + AttachCGroupInet4Connect = AttachType(sys.BPF_CGROUP_INET4_CONNECT) + AttachCGroupInet6Connect = AttachType(sys.BPF_CGROUP_INET6_CONNECT) + AttachCGroupInet4PostBind = AttachType(sys.BPF_CGROUP_INET4_POST_BIND) + AttachCGroupInet6PostBind = AttachType(sys.BPF_CGROUP_INET6_POST_BIND) + AttachCGroupUDP4Sendmsg = AttachType(sys.BPF_CGROUP_UDP4_SENDMSG) + AttachCGroupUDP6Sendmsg = AttachType(sys.BPF_CGROUP_UDP6_SENDMSG) + AttachLircMode2 = AttachType(sys.BPF_LIRC_MODE2) + AttachFlowDissector = AttachType(sys.BPF_FLOW_DISSECTOR) + AttachCGroupSysctl = AttachType(sys.BPF_CGROUP_SYSCTL) + AttachCGroupUDP4Recvmsg = AttachType(sys.BPF_CGROUP_UDP4_RECVMSG) + AttachCGroupUDP6Recvmsg = AttachType(sys.BPF_CGROUP_UDP6_RECVMSG) + AttachCGroupGetsockopt = AttachType(sys.BPF_CGROUP_GETSOCKOPT) + AttachCGroupSetsockopt = AttachType(sys.BPF_CGROUP_SETSOCKOPT) + AttachTraceRawTp = AttachType(sys.BPF_TRACE_RAW_TP) + AttachTraceFEntry = AttachType(sys.BPF_TRACE_FENTRY) + AttachTraceFExit = AttachType(sys.BPF_TRACE_FEXIT) + AttachModifyReturn = AttachType(sys.BPF_MODIFY_RETURN) + AttachLSMMac = AttachType(sys.BPF_LSM_MAC) + AttachTraceIter = AttachType(sys.BPF_TRACE_ITER) + AttachCgroupInet4GetPeername = AttachType(sys.BPF_CGROUP_INET4_GETPEERNAME) + AttachCgroupInet6GetPeername = AttachType(sys.BPF_CGROUP_INET6_GETPEERNAME) + AttachCgroupInet4GetSockname = AttachType(sys.BPF_CGROUP_INET4_GETSOCKNAME) + AttachCgroupInet6GetSockname = AttachType(sys.BPF_CGROUP_INET6_GETSOCKNAME) + AttachXDPDevMap = AttachType(sys.BPF_XDP_DEVMAP) + AttachCgroupInetSockRelease = AttachType(sys.BPF_CGROUP_INET_SOCK_RELEASE) + AttachXDPCPUMap = AttachType(sys.BPF_XDP_CPUMAP) + AttachSkLookup = AttachType(sys.BPF_SK_LOOKUP) + AttachXDP = AttachType(sys.BPF_XDP) + AttachSkSKBVerdict = AttachType(sys.BPF_SK_SKB_VERDICT) + AttachSkReuseportSelect = AttachType(sys.BPF_SK_REUSEPORT_SELECT) + AttachSkReuseportSelectOrMigrate = AttachType(sys.BPF_SK_REUSEPORT_SELECT_OR_MIGRATE) + AttachPerfEvent = AttachType(sys.BPF_PERF_EVENT) + AttachTraceKprobeMulti = AttachType(sys.BPF_TRACE_KPROBE_MULTI) + AttachLSMCgroup = AttachType(sys.BPF_LSM_CGROUP) + AttachStructOps = AttachType(sys.BPF_STRUCT_OPS) + AttachNetfilter = AttachType(sys.BPF_NETFILTER) + AttachTCXIngress = AttachType(sys.BPF_TCX_INGRESS) + AttachTCXEgress = AttachType(sys.BPF_TCX_EGRESS) + AttachTraceUprobeMulti = AttachType(sys.BPF_TRACE_UPROBE_MULTI) + AttachCgroupUnixConnect = AttachType(sys.BPF_CGROUP_UNIX_CONNECT) + AttachCgroupUnixSendmsg = AttachType(sys.BPF_CGROUP_UNIX_SENDMSG) + AttachCgroupUnixRecvmsg = AttachType(sys.BPF_CGROUP_UNIX_RECVMSG) + AttachCgroupUnixGetpeername = AttachType(sys.BPF_CGROUP_UNIX_GETPEERNAME) + AttachCgroupUnixGetsockname = AttachType(sys.BPF_CGROUP_UNIX_GETSOCKNAME) + AttachNetkitPrimary = AttachType(sys.BPF_NETKIT_PRIMARY) + AttachNetkitPeer = AttachType(sys.BPF_NETKIT_PEER) ) // AttachFlags of the eBPF program used in BPF_PROG_ATTACH command diff --git a/vendor/github.com/cilium/ebpf/types_string.go b/vendor/github.com/cilium/ebpf/types_string.go index e20c37aa4e4..ee60b5be5b6 100644 --- a/vendor/github.com/cilium/ebpf/types_string.go +++ b/vendor/github.com/cilium/ebpf/types_string.go @@ -86,11 +86,12 @@ func _() { _ = x[LSM-29] _ = x[SkLookup-30] _ = x[Syscall-31] + _ = x[Netfilter-32] } -const _ProgramType_name = "UnspecifiedProgramSocketFilterKprobeSchedCLSSchedACTTracePointXDPPerfEventCGroupSKBCGroupSockLWTInLWTOutLWTXmitSockOpsSkSKBCGroupDeviceSkMsgRawTracepointCGroupSockAddrLWTSeg6LocalLircMode2SkReuseportFlowDissectorCGroupSysctlRawTracepointWritableCGroupSockoptTracingStructOpsExtensionLSMSkLookupSyscall" +const _ProgramType_name = "UnspecifiedProgramSocketFilterKprobeSchedCLSSchedACTTracePointXDPPerfEventCGroupSKBCGroupSockLWTInLWTOutLWTXmitSockOpsSkSKBCGroupDeviceSkMsgRawTracepointCGroupSockAddrLWTSeg6LocalLircMode2SkReuseportFlowDissectorCGroupSysctlRawTracepointWritableCGroupSockoptTracingStructOpsExtensionLSMSkLookupSyscallNetfilter" -var _ProgramType_index = [...]uint16{0, 18, 30, 36, 44, 52, 62, 65, 74, 83, 93, 98, 104, 111, 118, 123, 135, 140, 153, 167, 179, 188, 199, 212, 224, 245, 258, 265, 274, 283, 286, 294, 301} +var _ProgramType_index = [...]uint16{0, 18, 30, 36, 44, 52, 62, 65, 74, 83, 93, 98, 104, 111, 118, 123, 135, 140, 153, 167, 179, 188, 199, 212, 224, 245, 258, 265, 274, 283, 286, 294, 301, 310} func (i ProgramType) String() string { if i >= ProgramType(len(_ProgramType_index)-1) { diff --git a/vendor/golang.org/x/exp/maps/maps.go b/vendor/golang.org/x/exp/maps/maps.go deleted file mode 100644 index ecc0dabb74d..00000000000 --- a/vendor/golang.org/x/exp/maps/maps.go +++ /dev/null @@ -1,94 +0,0 @@ -// Copyright 2021 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// Package maps defines various functions useful with maps of any type. -package maps - -// Keys returns the keys of the map m. -// The keys will be in an indeterminate order. -func Keys[M ~map[K]V, K comparable, V any](m M) []K { - r := make([]K, 0, len(m)) - for k := range m { - r = append(r, k) - } - return r -} - -// Values returns the values of the map m. -// The values will be in an indeterminate order. -func Values[M ~map[K]V, K comparable, V any](m M) []V { - r := make([]V, 0, len(m)) - for _, v := range m { - r = append(r, v) - } - return r -} - -// Equal reports whether two maps contain the same key/value pairs. -// Values are compared using ==. -func Equal[M1, M2 ~map[K]V, K, V comparable](m1 M1, m2 M2) bool { - if len(m1) != len(m2) { - return false - } - for k, v1 := range m1 { - if v2, ok := m2[k]; !ok || v1 != v2 { - return false - } - } - return true -} - -// EqualFunc is like Equal, but compares values using eq. -// Keys are still compared with ==. -func EqualFunc[M1 ~map[K]V1, M2 ~map[K]V2, K comparable, V1, V2 any](m1 M1, m2 M2, eq func(V1, V2) bool) bool { - if len(m1) != len(m2) { - return false - } - for k, v1 := range m1 { - if v2, ok := m2[k]; !ok || !eq(v1, v2) { - return false - } - } - return true -} - -// Clear removes all entries from m, leaving it empty. -func Clear[M ~map[K]V, K comparable, V any](m M) { - for k := range m { - delete(m, k) - } -} - -// Clone returns a copy of m. This is a shallow clone: -// the new keys and values are set using ordinary assignment. -func Clone[M ~map[K]V, K comparable, V any](m M) M { - // Preserve nil in case it matters. - if m == nil { - return nil - } - r := make(M, len(m)) - for k, v := range m { - r[k] = v - } - return r -} - -// Copy copies all key/value pairs in src adding them to dst. -// When a key in src is already present in dst, -// the value in dst will be overwritten by the value associated -// with the key in src. -func Copy[M1 ~map[K]V, M2 ~map[K]V, K comparable, V any](dst M1, src M2) { - for k, v := range src { - dst[k] = v - } -} - -// DeleteFunc deletes any key/value pairs from m for which del returns true. -func DeleteFunc[M ~map[K]V, K comparable, V any](m M, del func(K, V) bool) { - for k, v := range m { - if del(k, v) { - delete(m, k) - } - } -} diff --git a/vendor/golang.org/x/exp/slices/slices.go b/vendor/golang.org/x/exp/slices/slices.go deleted file mode 100644 index cff0cd49ecf..00000000000 --- a/vendor/golang.org/x/exp/slices/slices.go +++ /dev/null @@ -1,258 +0,0 @@ -// Copyright 2021 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// Package slices defines various functions useful with slices of any type. -// Unless otherwise specified, these functions all apply to the elements -// of a slice at index 0 <= i < len(s). -// -// Note that the less function in IsSortedFunc, SortFunc, SortStableFunc requires a -// strict weak ordering (https://en.wikipedia.org/wiki/Weak_ordering#Strict_weak_orderings), -// or the sorting may fail to sort correctly. A common case is when sorting slices of -// floating-point numbers containing NaN values. -package slices - -import "golang.org/x/exp/constraints" - -// Equal reports whether two slices are equal: the same length and all -// elements equal. If the lengths are different, Equal returns false. -// Otherwise, the elements are compared in increasing index order, and the -// comparison stops at the first unequal pair. -// Floating point NaNs are not considered equal. -func Equal[E comparable](s1, s2 []E) bool { - if len(s1) != len(s2) { - return false - } - for i := range s1 { - if s1[i] != s2[i] { - return false - } - } - return true -} - -// EqualFunc reports whether two slices are equal using a comparison -// function on each pair of elements. If the lengths are different, -// EqualFunc returns false. Otherwise, the elements are compared in -// increasing index order, and the comparison stops at the first index -// for which eq returns false. -func EqualFunc[E1, E2 any](s1 []E1, s2 []E2, eq func(E1, E2) bool) bool { - if len(s1) != len(s2) { - return false - } - for i, v1 := range s1 { - v2 := s2[i] - if !eq(v1, v2) { - return false - } - } - return true -} - -// Compare compares the elements of s1 and s2. -// The elements are compared sequentially, starting at index 0, -// until one element is not equal to the other. -// The result of comparing the first non-matching elements is returned. -// If both slices are equal until one of them ends, the shorter slice is -// considered less than the longer one. -// The result is 0 if s1 == s2, -1 if s1 < s2, and +1 if s1 > s2. -// Comparisons involving floating point NaNs are ignored. -func Compare[E constraints.Ordered](s1, s2 []E) int { - s2len := len(s2) - for i, v1 := range s1 { - if i >= s2len { - return +1 - } - v2 := s2[i] - switch { - case v1 < v2: - return -1 - case v1 > v2: - return +1 - } - } - if len(s1) < s2len { - return -1 - } - return 0 -} - -// CompareFunc is like Compare but uses a comparison function -// on each pair of elements. The elements are compared in increasing -// index order, and the comparisons stop after the first time cmp -// returns non-zero. -// The result is the first non-zero result of cmp; if cmp always -// returns 0 the result is 0 if len(s1) == len(s2), -1 if len(s1) < len(s2), -// and +1 if len(s1) > len(s2). -func CompareFunc[E1, E2 any](s1 []E1, s2 []E2, cmp func(E1, E2) int) int { - s2len := len(s2) - for i, v1 := range s1 { - if i >= s2len { - return +1 - } - v2 := s2[i] - if c := cmp(v1, v2); c != 0 { - return c - } - } - if len(s1) < s2len { - return -1 - } - return 0 -} - -// Index returns the index of the first occurrence of v in s, -// or -1 if not present. -func Index[E comparable](s []E, v E) int { - for i, vs := range s { - if v == vs { - return i - } - } - return -1 -} - -// IndexFunc returns the first index i satisfying f(s[i]), -// or -1 if none do. -func IndexFunc[E any](s []E, f func(E) bool) int { - for i, v := range s { - if f(v) { - return i - } - } - return -1 -} - -// Contains reports whether v is present in s. -func Contains[E comparable](s []E, v E) bool { - return Index(s, v) >= 0 -} - -// ContainsFunc reports whether at least one -// element e of s satisfies f(e). -func ContainsFunc[E any](s []E, f func(E) bool) bool { - return IndexFunc(s, f) >= 0 -} - -// Insert inserts the values v... into s at index i, -// returning the modified slice. -// In the returned slice r, r[i] == v[0]. -// Insert panics if i is out of range. -// This function is O(len(s) + len(v)). -func Insert[S ~[]E, E any](s S, i int, v ...E) S { - tot := len(s) + len(v) - if tot <= cap(s) { - s2 := s[:tot] - copy(s2[i+len(v):], s[i:]) - copy(s2[i:], v) - return s2 - } - s2 := make(S, tot) - copy(s2, s[:i]) - copy(s2[i:], v) - copy(s2[i+len(v):], s[i:]) - return s2 -} - -// Delete removes the elements s[i:j] from s, returning the modified slice. -// Delete panics if s[i:j] is not a valid slice of s. -// Delete modifies the contents of the slice s; it does not create a new slice. -// Delete is O(len(s)-j), so if many items must be deleted, it is better to -// make a single call deleting them all together than to delete one at a time. -// Delete might not modify the elements s[len(s)-(j-i):len(s)]. If those -// elements contain pointers you might consider zeroing those elements so that -// objects they reference can be garbage collected. -func Delete[S ~[]E, E any](s S, i, j int) S { - _ = s[i:j] // bounds check - - return append(s[:i], s[j:]...) -} - -// Replace replaces the elements s[i:j] by the given v, and returns the -// modified slice. Replace panics if s[i:j] is not a valid slice of s. -func Replace[S ~[]E, E any](s S, i, j int, v ...E) S { - _ = s[i:j] // verify that i:j is a valid subslice - tot := len(s[:i]) + len(v) + len(s[j:]) - if tot <= cap(s) { - s2 := s[:tot] - copy(s2[i+len(v):], s[j:]) - copy(s2[i:], v) - return s2 - } - s2 := make(S, tot) - copy(s2, s[:i]) - copy(s2[i:], v) - copy(s2[i+len(v):], s[j:]) - return s2 -} - -// Clone returns a copy of the slice. -// The elements are copied using assignment, so this is a shallow clone. -func Clone[S ~[]E, E any](s S) S { - // Preserve nil in case it matters. - if s == nil { - return nil - } - return append(S([]E{}), s...) -} - -// Compact replaces consecutive runs of equal elements with a single copy. -// This is like the uniq command found on Unix. -// Compact modifies the contents of the slice s; it does not create a new slice. -// When Compact discards m elements in total, it might not modify the elements -// s[len(s)-m:len(s)]. If those elements contain pointers you might consider -// zeroing those elements so that objects they reference can be garbage collected. -func Compact[S ~[]E, E comparable](s S) S { - if len(s) < 2 { - return s - } - i := 1 - last := s[0] - for _, v := range s[1:] { - if v != last { - s[i] = v - i++ - last = v - } - } - return s[:i] -} - -// CompactFunc is like Compact but uses a comparison function. -func CompactFunc[S ~[]E, E any](s S, eq func(E, E) bool) S { - if len(s) < 2 { - return s - } - i := 1 - last := s[0] - for _, v := range s[1:] { - if !eq(v, last) { - s[i] = v - i++ - last = v - } - } - return s[:i] -} - -// Grow increases the slice's capacity, if necessary, to guarantee space for -// another n elements. After Grow(n), at least n elements can be appended -// to the slice without another allocation. If n is negative or too large to -// allocate the memory, Grow panics. -func Grow[S ~[]E, E any](s S, n int) S { - if n < 0 { - panic("cannot be negative") - } - if n -= cap(s) - len(s); n > 0 { - // TODO(https://go.dev/issue/53888): Make using []E instead of S - // to workaround a compiler bug where the runtime.growslice optimization - // does not take effect. Revert when the compiler is fixed. - s = append([]E(s)[:cap(s)], make([]E, n)...)[:len(s)] - } - return s -} - -// Clip removes unused capacity from the slice, returning s[:len(s):len(s)]. -func Clip[S ~[]E, E any](s S) S { - return s[:len(s):len(s)] -} diff --git a/vendor/golang.org/x/exp/slices/sort.go b/vendor/golang.org/x/exp/slices/sort.go deleted file mode 100644 index f14f40da712..00000000000 --- a/vendor/golang.org/x/exp/slices/sort.go +++ /dev/null @@ -1,126 +0,0 @@ -// Copyright 2022 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package slices - -import ( - "math/bits" - - "golang.org/x/exp/constraints" -) - -// Sort sorts a slice of any ordered type in ascending order. -// Sort may fail to sort correctly when sorting slices of floating-point -// numbers containing Not-a-number (NaN) values. -// Use slices.SortFunc(x, func(a, b float64) bool {return a < b || (math.IsNaN(a) && !math.IsNaN(b))}) -// instead if the input may contain NaNs. -func Sort[E constraints.Ordered](x []E) { - n := len(x) - pdqsortOrdered(x, 0, n, bits.Len(uint(n))) -} - -// SortFunc sorts the slice x in ascending order as determined by the less function. -// This sort is not guaranteed to be stable. -// -// SortFunc requires that less is a strict weak ordering. -// See https://en.wikipedia.org/wiki/Weak_ordering#Strict_weak_orderings. -func SortFunc[E any](x []E, less func(a, b E) bool) { - n := len(x) - pdqsortLessFunc(x, 0, n, bits.Len(uint(n)), less) -} - -// SortStableFunc sorts the slice x while keeping the original order of equal -// elements, using less to compare elements. -func SortStableFunc[E any](x []E, less func(a, b E) bool) { - stableLessFunc(x, len(x), less) -} - -// IsSorted reports whether x is sorted in ascending order. -func IsSorted[E constraints.Ordered](x []E) bool { - for i := len(x) - 1; i > 0; i-- { - if x[i] < x[i-1] { - return false - } - } - return true -} - -// IsSortedFunc reports whether x is sorted in ascending order, with less as the -// comparison function. -func IsSortedFunc[E any](x []E, less func(a, b E) bool) bool { - for i := len(x) - 1; i > 0; i-- { - if less(x[i], x[i-1]) { - return false - } - } - return true -} - -// BinarySearch searches for target in a sorted slice and returns the position -// where target is found, or the position where target would appear in the -// sort order; it also returns a bool saying whether the target is really found -// in the slice. The slice must be sorted in increasing order. -func BinarySearch[E constraints.Ordered](x []E, target E) (int, bool) { - // Inlining is faster than calling BinarySearchFunc with a lambda. - n := len(x) - // Define x[-1] < target and x[n] >= target. - // Invariant: x[i-1] < target, x[j] >= target. - i, j := 0, n - for i < j { - h := int(uint(i+j) >> 1) // avoid overflow when computing h - // i ≤ h < j - if x[h] < target { - i = h + 1 // preserves x[i-1] < target - } else { - j = h // preserves x[j] >= target - } - } - // i == j, x[i-1] < target, and x[j] (= x[i]) >= target => answer is i. - return i, i < n && x[i] == target -} - -// BinarySearchFunc works like BinarySearch, but uses a custom comparison -// function. The slice must be sorted in increasing order, where "increasing" is -// defined by cmp. cmp(a, b) is expected to return an integer comparing the two -// parameters: 0 if a == b, a negative number if a < b and a positive number if -// a > b. -func BinarySearchFunc[E, T any](x []E, target T, cmp func(E, T) int) (int, bool) { - n := len(x) - // Define cmp(x[-1], target) < 0 and cmp(x[n], target) >= 0 . - // Invariant: cmp(x[i - 1], target) < 0, cmp(x[j], target) >= 0. - i, j := 0, n - for i < j { - h := int(uint(i+j) >> 1) // avoid overflow when computing h - // i ≤ h < j - if cmp(x[h], target) < 0 { - i = h + 1 // preserves cmp(x[i - 1], target) < 0 - } else { - j = h // preserves cmp(x[j], target) >= 0 - } - } - // i == j, cmp(x[i-1], target) < 0, and cmp(x[j], target) (= cmp(x[i], target)) >= 0 => answer is i. - return i, i < n && cmp(x[i], target) == 0 -} - -type sortedHint int // hint for pdqsort when choosing the pivot - -const ( - unknownHint sortedHint = iota - increasingHint - decreasingHint -) - -// xorshift paper: https://www.jstatsoft.org/article/view/v008i14/xorshift.pdf -type xorshift uint64 - -func (r *xorshift) Next() uint64 { - *r ^= *r << 13 - *r ^= *r >> 17 - *r ^= *r << 5 - return uint64(*r) -} - -func nextPowerOfTwo(length int) uint { - return 1 << bits.Len(uint(length)) -} diff --git a/vendor/golang.org/x/exp/slices/zsortfunc.go b/vendor/golang.org/x/exp/slices/zsortfunc.go deleted file mode 100644 index 2a632476c50..00000000000 --- a/vendor/golang.org/x/exp/slices/zsortfunc.go +++ /dev/null @@ -1,479 +0,0 @@ -// Code generated by gen_sort_variants.go; DO NOT EDIT. - -// Copyright 2022 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package slices - -// insertionSortLessFunc sorts data[a:b] using insertion sort. -func insertionSortLessFunc[E any](data []E, a, b int, less func(a, b E) bool) { - for i := a + 1; i < b; i++ { - for j := i; j > a && less(data[j], data[j-1]); j-- { - data[j], data[j-1] = data[j-1], data[j] - } - } -} - -// siftDownLessFunc implements the heap property on data[lo:hi]. -// first is an offset into the array where the root of the heap lies. -func siftDownLessFunc[E any](data []E, lo, hi, first int, less func(a, b E) bool) { - root := lo - for { - child := 2*root + 1 - if child >= hi { - break - } - if child+1 < hi && less(data[first+child], data[first+child+1]) { - child++ - } - if !less(data[first+root], data[first+child]) { - return - } - data[first+root], data[first+child] = data[first+child], data[first+root] - root = child - } -} - -func heapSortLessFunc[E any](data []E, a, b int, less func(a, b E) bool) { - first := a - lo := 0 - hi := b - a - - // Build heap with greatest element at top. - for i := (hi - 1) / 2; i >= 0; i-- { - siftDownLessFunc(data, i, hi, first, less) - } - - // Pop elements, largest first, into end of data. - for i := hi - 1; i >= 0; i-- { - data[first], data[first+i] = data[first+i], data[first] - siftDownLessFunc(data, lo, i, first, less) - } -} - -// pdqsortLessFunc sorts data[a:b]. -// The algorithm based on pattern-defeating quicksort(pdqsort), but without the optimizations from BlockQuicksort. -// pdqsort paper: https://arxiv.org/pdf/2106.05123.pdf -// C++ implementation: https://github.com/orlp/pdqsort -// Rust implementation: https://docs.rs/pdqsort/latest/pdqsort/ -// limit is the number of allowed bad (very unbalanced) pivots before falling back to heapsort. -func pdqsortLessFunc[E any](data []E, a, b, limit int, less func(a, b E) bool) { - const maxInsertion = 12 - - var ( - wasBalanced = true // whether the last partitioning was reasonably balanced - wasPartitioned = true // whether the slice was already partitioned - ) - - for { - length := b - a - - if length <= maxInsertion { - insertionSortLessFunc(data, a, b, less) - return - } - - // Fall back to heapsort if too many bad choices were made. - if limit == 0 { - heapSortLessFunc(data, a, b, less) - return - } - - // If the last partitioning was imbalanced, we need to breaking patterns. - if !wasBalanced { - breakPatternsLessFunc(data, a, b, less) - limit-- - } - - pivot, hint := choosePivotLessFunc(data, a, b, less) - if hint == decreasingHint { - reverseRangeLessFunc(data, a, b, less) - // The chosen pivot was pivot-a elements after the start of the array. - // After reversing it is pivot-a elements before the end of the array. - // The idea came from Rust's implementation. - pivot = (b - 1) - (pivot - a) - hint = increasingHint - } - - // The slice is likely already sorted. - if wasBalanced && wasPartitioned && hint == increasingHint { - if partialInsertionSortLessFunc(data, a, b, less) { - return - } - } - - // Probably the slice contains many duplicate elements, partition the slice into - // elements equal to and elements greater than the pivot. - if a > 0 && !less(data[a-1], data[pivot]) { - mid := partitionEqualLessFunc(data, a, b, pivot, less) - a = mid - continue - } - - mid, alreadyPartitioned := partitionLessFunc(data, a, b, pivot, less) - wasPartitioned = alreadyPartitioned - - leftLen, rightLen := mid-a, b-mid - balanceThreshold := length / 8 - if leftLen < rightLen { - wasBalanced = leftLen >= balanceThreshold - pdqsortLessFunc(data, a, mid, limit, less) - a = mid + 1 - } else { - wasBalanced = rightLen >= balanceThreshold - pdqsortLessFunc(data, mid+1, b, limit, less) - b = mid - } - } -} - -// partitionLessFunc does one quicksort partition. -// Let p = data[pivot] -// Moves elements in data[a:b] around, so that data[i]

=p for inewpivot. -// On return, data[newpivot] = p -func partitionLessFunc[E any](data []E, a, b, pivot int, less func(a, b E) bool) (newpivot int, alreadyPartitioned bool) { - data[a], data[pivot] = data[pivot], data[a] - i, j := a+1, b-1 // i and j are inclusive of the elements remaining to be partitioned - - for i <= j && less(data[i], data[a]) { - i++ - } - for i <= j && !less(data[j], data[a]) { - j-- - } - if i > j { - data[j], data[a] = data[a], data[j] - return j, true - } - data[i], data[j] = data[j], data[i] - i++ - j-- - - for { - for i <= j && less(data[i], data[a]) { - i++ - } - for i <= j && !less(data[j], data[a]) { - j-- - } - if i > j { - break - } - data[i], data[j] = data[j], data[i] - i++ - j-- - } - data[j], data[a] = data[a], data[j] - return j, false -} - -// partitionEqualLessFunc partitions data[a:b] into elements equal to data[pivot] followed by elements greater than data[pivot]. -// It assumed that data[a:b] does not contain elements smaller than the data[pivot]. -func partitionEqualLessFunc[E any](data []E, a, b, pivot int, less func(a, b E) bool) (newpivot int) { - data[a], data[pivot] = data[pivot], data[a] - i, j := a+1, b-1 // i and j are inclusive of the elements remaining to be partitioned - - for { - for i <= j && !less(data[a], data[i]) { - i++ - } - for i <= j && less(data[a], data[j]) { - j-- - } - if i > j { - break - } - data[i], data[j] = data[j], data[i] - i++ - j-- - } - return i -} - -// partialInsertionSortLessFunc partially sorts a slice, returns true if the slice is sorted at the end. -func partialInsertionSortLessFunc[E any](data []E, a, b int, less func(a, b E) bool) bool { - const ( - maxSteps = 5 // maximum number of adjacent out-of-order pairs that will get shifted - shortestShifting = 50 // don't shift any elements on short arrays - ) - i := a + 1 - for j := 0; j < maxSteps; j++ { - for i < b && !less(data[i], data[i-1]) { - i++ - } - - if i == b { - return true - } - - if b-a < shortestShifting { - return false - } - - data[i], data[i-1] = data[i-1], data[i] - - // Shift the smaller one to the left. - if i-a >= 2 { - for j := i - 1; j >= 1; j-- { - if !less(data[j], data[j-1]) { - break - } - data[j], data[j-1] = data[j-1], data[j] - } - } - // Shift the greater one to the right. - if b-i >= 2 { - for j := i + 1; j < b; j++ { - if !less(data[j], data[j-1]) { - break - } - data[j], data[j-1] = data[j-1], data[j] - } - } - } - return false -} - -// breakPatternsLessFunc scatters some elements around in an attempt to break some patterns -// that might cause imbalanced partitions in quicksort. -func breakPatternsLessFunc[E any](data []E, a, b int, less func(a, b E) bool) { - length := b - a - if length >= 8 { - random := xorshift(length) - modulus := nextPowerOfTwo(length) - - for idx := a + (length/4)*2 - 1; idx <= a+(length/4)*2+1; idx++ { - other := int(uint(random.Next()) & (modulus - 1)) - if other >= length { - other -= length - } - data[idx], data[a+other] = data[a+other], data[idx] - } - } -} - -// choosePivotLessFunc chooses a pivot in data[a:b]. -// -// [0,8): chooses a static pivot. -// [8,shortestNinther): uses the simple median-of-three method. -// [shortestNinther,âˆ): uses the Tukey ninther method. -func choosePivotLessFunc[E any](data []E, a, b int, less func(a, b E) bool) (pivot int, hint sortedHint) { - const ( - shortestNinther = 50 - maxSwaps = 4 * 3 - ) - - l := b - a - - var ( - swaps int - i = a + l/4*1 - j = a + l/4*2 - k = a + l/4*3 - ) - - if l >= 8 { - if l >= shortestNinther { - // Tukey ninther method, the idea came from Rust's implementation. - i = medianAdjacentLessFunc(data, i, &swaps, less) - j = medianAdjacentLessFunc(data, j, &swaps, less) - k = medianAdjacentLessFunc(data, k, &swaps, less) - } - // Find the median among i, j, k and stores it into j. - j = medianLessFunc(data, i, j, k, &swaps, less) - } - - switch swaps { - case 0: - return j, increasingHint - case maxSwaps: - return j, decreasingHint - default: - return j, unknownHint - } -} - -// order2LessFunc returns x,y where data[x] <= data[y], where x,y=a,b or x,y=b,a. -func order2LessFunc[E any](data []E, a, b int, swaps *int, less func(a, b E) bool) (int, int) { - if less(data[b], data[a]) { - *swaps++ - return b, a - } - return a, b -} - -// medianLessFunc returns x where data[x] is the median of data[a],data[b],data[c], where x is a, b, or c. -func medianLessFunc[E any](data []E, a, b, c int, swaps *int, less func(a, b E) bool) int { - a, b = order2LessFunc(data, a, b, swaps, less) - b, c = order2LessFunc(data, b, c, swaps, less) - a, b = order2LessFunc(data, a, b, swaps, less) - return b -} - -// medianAdjacentLessFunc finds the median of data[a - 1], data[a], data[a + 1] and stores the index into a. -func medianAdjacentLessFunc[E any](data []E, a int, swaps *int, less func(a, b E) bool) int { - return medianLessFunc(data, a-1, a, a+1, swaps, less) -} - -func reverseRangeLessFunc[E any](data []E, a, b int, less func(a, b E) bool) { - i := a - j := b - 1 - for i < j { - data[i], data[j] = data[j], data[i] - i++ - j-- - } -} - -func swapRangeLessFunc[E any](data []E, a, b, n int, less func(a, b E) bool) { - for i := 0; i < n; i++ { - data[a+i], data[b+i] = data[b+i], data[a+i] - } -} - -func stableLessFunc[E any](data []E, n int, less func(a, b E) bool) { - blockSize := 20 // must be > 0 - a, b := 0, blockSize - for b <= n { - insertionSortLessFunc(data, a, b, less) - a = b - b += blockSize - } - insertionSortLessFunc(data, a, n, less) - - for blockSize < n { - a, b = 0, 2*blockSize - for b <= n { - symMergeLessFunc(data, a, a+blockSize, b, less) - a = b - b += 2 * blockSize - } - if m := a + blockSize; m < n { - symMergeLessFunc(data, a, m, n, less) - } - blockSize *= 2 - } -} - -// symMergeLessFunc merges the two sorted subsequences data[a:m] and data[m:b] using -// the SymMerge algorithm from Pok-Son Kim and Arne Kutzner, "Stable Minimum -// Storage Merging by Symmetric Comparisons", in Susanne Albers and Tomasz -// Radzik, editors, Algorithms - ESA 2004, volume 3221 of Lecture Notes in -// Computer Science, pages 714-723. Springer, 2004. -// -// Let M = m-a and N = b-n. Wolog M < N. -// The recursion depth is bound by ceil(log(N+M)). -// The algorithm needs O(M*log(N/M + 1)) calls to data.Less. -// The algorithm needs O((M+N)*log(M)) calls to data.Swap. -// -// The paper gives O((M+N)*log(M)) as the number of assignments assuming a -// rotation algorithm which uses O(M+N+gcd(M+N)) assignments. The argumentation -// in the paper carries through for Swap operations, especially as the block -// swapping rotate uses only O(M+N) Swaps. -// -// symMerge assumes non-degenerate arguments: a < m && m < b. -// Having the caller check this condition eliminates many leaf recursion calls, -// which improves performance. -func symMergeLessFunc[E any](data []E, a, m, b int, less func(a, b E) bool) { - // Avoid unnecessary recursions of symMerge - // by direct insertion of data[a] into data[m:b] - // if data[a:m] only contains one element. - if m-a == 1 { - // Use binary search to find the lowest index i - // such that data[i] >= data[a] for m <= i < b. - // Exit the search loop with i == b in case no such index exists. - i := m - j := b - for i < j { - h := int(uint(i+j) >> 1) - if less(data[h], data[a]) { - i = h + 1 - } else { - j = h - } - } - // Swap values until data[a] reaches the position before i. - for k := a; k < i-1; k++ { - data[k], data[k+1] = data[k+1], data[k] - } - return - } - - // Avoid unnecessary recursions of symMerge - // by direct insertion of data[m] into data[a:m] - // if data[m:b] only contains one element. - if b-m == 1 { - // Use binary search to find the lowest index i - // such that data[i] > data[m] for a <= i < m. - // Exit the search loop with i == m in case no such index exists. - i := a - j := m - for i < j { - h := int(uint(i+j) >> 1) - if !less(data[m], data[h]) { - i = h + 1 - } else { - j = h - } - } - // Swap values until data[m] reaches the position i. - for k := m; k > i; k-- { - data[k], data[k-1] = data[k-1], data[k] - } - return - } - - mid := int(uint(a+b) >> 1) - n := mid + m - var start, r int - if m > mid { - start = n - b - r = mid - } else { - start = a - r = m - } - p := n - 1 - - for start < r { - c := int(uint(start+r) >> 1) - if !less(data[p-c], data[c]) { - start = c + 1 - } else { - r = c - } - } - - end := n - start - if start < m && m < end { - rotateLessFunc(data, start, m, end, less) - } - if a < start && start < mid { - symMergeLessFunc(data, a, start, mid, less) - } - if mid < end && end < b { - symMergeLessFunc(data, mid, end, b, less) - } -} - -// rotateLessFunc rotates two consecutive blocks u = data[a:m] and v = data[m:b] in data: -// Data of the form 'x u v y' is changed to 'x v u y'. -// rotate performs at most b-a many calls to data.Swap, -// and it assumes non-degenerate arguments: a < m && m < b. -func rotateLessFunc[E any](data []E, a, m, b int, less func(a, b E) bool) { - i := m - a - j := b - m - - for i != j { - if i > j { - swapRangeLessFunc(data, m-i, m, j, less) - i -= j - } else { - swapRangeLessFunc(data, m-i, m+j-i, i, less) - j -= i - } - } - // i == j - swapRangeLessFunc(data, m-i, m, i, less) -} diff --git a/vendor/golang.org/x/exp/slices/zsortordered.go b/vendor/golang.org/x/exp/slices/zsortordered.go deleted file mode 100644 index efaa1c8b714..00000000000 --- a/vendor/golang.org/x/exp/slices/zsortordered.go +++ /dev/null @@ -1,481 +0,0 @@ -// Code generated by gen_sort_variants.go; DO NOT EDIT. - -// Copyright 2022 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package slices - -import "golang.org/x/exp/constraints" - -// insertionSortOrdered sorts data[a:b] using insertion sort. -func insertionSortOrdered[E constraints.Ordered](data []E, a, b int) { - for i := a + 1; i < b; i++ { - for j := i; j > a && (data[j] < data[j-1]); j-- { - data[j], data[j-1] = data[j-1], data[j] - } - } -} - -// siftDownOrdered implements the heap property on data[lo:hi]. -// first is an offset into the array where the root of the heap lies. -func siftDownOrdered[E constraints.Ordered](data []E, lo, hi, first int) { - root := lo - for { - child := 2*root + 1 - if child >= hi { - break - } - if child+1 < hi && (data[first+child] < data[first+child+1]) { - child++ - } - if !(data[first+root] < data[first+child]) { - return - } - data[first+root], data[first+child] = data[first+child], data[first+root] - root = child - } -} - -func heapSortOrdered[E constraints.Ordered](data []E, a, b int) { - first := a - lo := 0 - hi := b - a - - // Build heap with greatest element at top. - for i := (hi - 1) / 2; i >= 0; i-- { - siftDownOrdered(data, i, hi, first) - } - - // Pop elements, largest first, into end of data. - for i := hi - 1; i >= 0; i-- { - data[first], data[first+i] = data[first+i], data[first] - siftDownOrdered(data, lo, i, first) - } -} - -// pdqsortOrdered sorts data[a:b]. -// The algorithm based on pattern-defeating quicksort(pdqsort), but without the optimizations from BlockQuicksort. -// pdqsort paper: https://arxiv.org/pdf/2106.05123.pdf -// C++ implementation: https://github.com/orlp/pdqsort -// Rust implementation: https://docs.rs/pdqsort/latest/pdqsort/ -// limit is the number of allowed bad (very unbalanced) pivots before falling back to heapsort. -func pdqsortOrdered[E constraints.Ordered](data []E, a, b, limit int) { - const maxInsertion = 12 - - var ( - wasBalanced = true // whether the last partitioning was reasonably balanced - wasPartitioned = true // whether the slice was already partitioned - ) - - for { - length := b - a - - if length <= maxInsertion { - insertionSortOrdered(data, a, b) - return - } - - // Fall back to heapsort if too many bad choices were made. - if limit == 0 { - heapSortOrdered(data, a, b) - return - } - - // If the last partitioning was imbalanced, we need to breaking patterns. - if !wasBalanced { - breakPatternsOrdered(data, a, b) - limit-- - } - - pivot, hint := choosePivotOrdered(data, a, b) - if hint == decreasingHint { - reverseRangeOrdered(data, a, b) - // The chosen pivot was pivot-a elements after the start of the array. - // After reversing it is pivot-a elements before the end of the array. - // The idea came from Rust's implementation. - pivot = (b - 1) - (pivot - a) - hint = increasingHint - } - - // The slice is likely already sorted. - if wasBalanced && wasPartitioned && hint == increasingHint { - if partialInsertionSortOrdered(data, a, b) { - return - } - } - - // Probably the slice contains many duplicate elements, partition the slice into - // elements equal to and elements greater than the pivot. - if a > 0 && !(data[a-1] < data[pivot]) { - mid := partitionEqualOrdered(data, a, b, pivot) - a = mid - continue - } - - mid, alreadyPartitioned := partitionOrdered(data, a, b, pivot) - wasPartitioned = alreadyPartitioned - - leftLen, rightLen := mid-a, b-mid - balanceThreshold := length / 8 - if leftLen < rightLen { - wasBalanced = leftLen >= balanceThreshold - pdqsortOrdered(data, a, mid, limit) - a = mid + 1 - } else { - wasBalanced = rightLen >= balanceThreshold - pdqsortOrdered(data, mid+1, b, limit) - b = mid - } - } -} - -// partitionOrdered does one quicksort partition. -// Let p = data[pivot] -// Moves elements in data[a:b] around, so that data[i]

=p for inewpivot. -// On return, data[newpivot] = p -func partitionOrdered[E constraints.Ordered](data []E, a, b, pivot int) (newpivot int, alreadyPartitioned bool) { - data[a], data[pivot] = data[pivot], data[a] - i, j := a+1, b-1 // i and j are inclusive of the elements remaining to be partitioned - - for i <= j && (data[i] < data[a]) { - i++ - } - for i <= j && !(data[j] < data[a]) { - j-- - } - if i > j { - data[j], data[a] = data[a], data[j] - return j, true - } - data[i], data[j] = data[j], data[i] - i++ - j-- - - for { - for i <= j && (data[i] < data[a]) { - i++ - } - for i <= j && !(data[j] < data[a]) { - j-- - } - if i > j { - break - } - data[i], data[j] = data[j], data[i] - i++ - j-- - } - data[j], data[a] = data[a], data[j] - return j, false -} - -// partitionEqualOrdered partitions data[a:b] into elements equal to data[pivot] followed by elements greater than data[pivot]. -// It assumed that data[a:b] does not contain elements smaller than the data[pivot]. -func partitionEqualOrdered[E constraints.Ordered](data []E, a, b, pivot int) (newpivot int) { - data[a], data[pivot] = data[pivot], data[a] - i, j := a+1, b-1 // i and j are inclusive of the elements remaining to be partitioned - - for { - for i <= j && !(data[a] < data[i]) { - i++ - } - for i <= j && (data[a] < data[j]) { - j-- - } - if i > j { - break - } - data[i], data[j] = data[j], data[i] - i++ - j-- - } - return i -} - -// partialInsertionSortOrdered partially sorts a slice, returns true if the slice is sorted at the end. -func partialInsertionSortOrdered[E constraints.Ordered](data []E, a, b int) bool { - const ( - maxSteps = 5 // maximum number of adjacent out-of-order pairs that will get shifted - shortestShifting = 50 // don't shift any elements on short arrays - ) - i := a + 1 - for j := 0; j < maxSteps; j++ { - for i < b && !(data[i] < data[i-1]) { - i++ - } - - if i == b { - return true - } - - if b-a < shortestShifting { - return false - } - - data[i], data[i-1] = data[i-1], data[i] - - // Shift the smaller one to the left. - if i-a >= 2 { - for j := i - 1; j >= 1; j-- { - if !(data[j] < data[j-1]) { - break - } - data[j], data[j-1] = data[j-1], data[j] - } - } - // Shift the greater one to the right. - if b-i >= 2 { - for j := i + 1; j < b; j++ { - if !(data[j] < data[j-1]) { - break - } - data[j], data[j-1] = data[j-1], data[j] - } - } - } - return false -} - -// breakPatternsOrdered scatters some elements around in an attempt to break some patterns -// that might cause imbalanced partitions in quicksort. -func breakPatternsOrdered[E constraints.Ordered](data []E, a, b int) { - length := b - a - if length >= 8 { - random := xorshift(length) - modulus := nextPowerOfTwo(length) - - for idx := a + (length/4)*2 - 1; idx <= a+(length/4)*2+1; idx++ { - other := int(uint(random.Next()) & (modulus - 1)) - if other >= length { - other -= length - } - data[idx], data[a+other] = data[a+other], data[idx] - } - } -} - -// choosePivotOrdered chooses a pivot in data[a:b]. -// -// [0,8): chooses a static pivot. -// [8,shortestNinther): uses the simple median-of-three method. -// [shortestNinther,âˆ): uses the Tukey ninther method. -func choosePivotOrdered[E constraints.Ordered](data []E, a, b int) (pivot int, hint sortedHint) { - const ( - shortestNinther = 50 - maxSwaps = 4 * 3 - ) - - l := b - a - - var ( - swaps int - i = a + l/4*1 - j = a + l/4*2 - k = a + l/4*3 - ) - - if l >= 8 { - if l >= shortestNinther { - // Tukey ninther method, the idea came from Rust's implementation. - i = medianAdjacentOrdered(data, i, &swaps) - j = medianAdjacentOrdered(data, j, &swaps) - k = medianAdjacentOrdered(data, k, &swaps) - } - // Find the median among i, j, k and stores it into j. - j = medianOrdered(data, i, j, k, &swaps) - } - - switch swaps { - case 0: - return j, increasingHint - case maxSwaps: - return j, decreasingHint - default: - return j, unknownHint - } -} - -// order2Ordered returns x,y where data[x] <= data[y], where x,y=a,b or x,y=b,a. -func order2Ordered[E constraints.Ordered](data []E, a, b int, swaps *int) (int, int) { - if data[b] < data[a] { - *swaps++ - return b, a - } - return a, b -} - -// medianOrdered returns x where data[x] is the median of data[a],data[b],data[c], where x is a, b, or c. -func medianOrdered[E constraints.Ordered](data []E, a, b, c int, swaps *int) int { - a, b = order2Ordered(data, a, b, swaps) - b, c = order2Ordered(data, b, c, swaps) - a, b = order2Ordered(data, a, b, swaps) - return b -} - -// medianAdjacentOrdered finds the median of data[a - 1], data[a], data[a + 1] and stores the index into a. -func medianAdjacentOrdered[E constraints.Ordered](data []E, a int, swaps *int) int { - return medianOrdered(data, a-1, a, a+1, swaps) -} - -func reverseRangeOrdered[E constraints.Ordered](data []E, a, b int) { - i := a - j := b - 1 - for i < j { - data[i], data[j] = data[j], data[i] - i++ - j-- - } -} - -func swapRangeOrdered[E constraints.Ordered](data []E, a, b, n int) { - for i := 0; i < n; i++ { - data[a+i], data[b+i] = data[b+i], data[a+i] - } -} - -func stableOrdered[E constraints.Ordered](data []E, n int) { - blockSize := 20 // must be > 0 - a, b := 0, blockSize - for b <= n { - insertionSortOrdered(data, a, b) - a = b - b += blockSize - } - insertionSortOrdered(data, a, n) - - for blockSize < n { - a, b = 0, 2*blockSize - for b <= n { - symMergeOrdered(data, a, a+blockSize, b) - a = b - b += 2 * blockSize - } - if m := a + blockSize; m < n { - symMergeOrdered(data, a, m, n) - } - blockSize *= 2 - } -} - -// symMergeOrdered merges the two sorted subsequences data[a:m] and data[m:b] using -// the SymMerge algorithm from Pok-Son Kim and Arne Kutzner, "Stable Minimum -// Storage Merging by Symmetric Comparisons", in Susanne Albers and Tomasz -// Radzik, editors, Algorithms - ESA 2004, volume 3221 of Lecture Notes in -// Computer Science, pages 714-723. Springer, 2004. -// -// Let M = m-a and N = b-n. Wolog M < N. -// The recursion depth is bound by ceil(log(N+M)). -// The algorithm needs O(M*log(N/M + 1)) calls to data.Less. -// The algorithm needs O((M+N)*log(M)) calls to data.Swap. -// -// The paper gives O((M+N)*log(M)) as the number of assignments assuming a -// rotation algorithm which uses O(M+N+gcd(M+N)) assignments. The argumentation -// in the paper carries through for Swap operations, especially as the block -// swapping rotate uses only O(M+N) Swaps. -// -// symMerge assumes non-degenerate arguments: a < m && m < b. -// Having the caller check this condition eliminates many leaf recursion calls, -// which improves performance. -func symMergeOrdered[E constraints.Ordered](data []E, a, m, b int) { - // Avoid unnecessary recursions of symMerge - // by direct insertion of data[a] into data[m:b] - // if data[a:m] only contains one element. - if m-a == 1 { - // Use binary search to find the lowest index i - // such that data[i] >= data[a] for m <= i < b. - // Exit the search loop with i == b in case no such index exists. - i := m - j := b - for i < j { - h := int(uint(i+j) >> 1) - if data[h] < data[a] { - i = h + 1 - } else { - j = h - } - } - // Swap values until data[a] reaches the position before i. - for k := a; k < i-1; k++ { - data[k], data[k+1] = data[k+1], data[k] - } - return - } - - // Avoid unnecessary recursions of symMerge - // by direct insertion of data[m] into data[a:m] - // if data[m:b] only contains one element. - if b-m == 1 { - // Use binary search to find the lowest index i - // such that data[i] > data[m] for a <= i < m. - // Exit the search loop with i == m in case no such index exists. - i := a - j := m - for i < j { - h := int(uint(i+j) >> 1) - if !(data[m] < data[h]) { - i = h + 1 - } else { - j = h - } - } - // Swap values until data[m] reaches the position i. - for k := m; k > i; k-- { - data[k], data[k-1] = data[k-1], data[k] - } - return - } - - mid := int(uint(a+b) >> 1) - n := mid + m - var start, r int - if m > mid { - start = n - b - r = mid - } else { - start = a - r = m - } - p := n - 1 - - for start < r { - c := int(uint(start+r) >> 1) - if !(data[p-c] < data[c]) { - start = c + 1 - } else { - r = c - } - } - - end := n - start - if start < m && m < end { - rotateOrdered(data, start, m, end) - } - if a < start && start < mid { - symMergeOrdered(data, a, start, mid) - } - if mid < end && end < b { - symMergeOrdered(data, mid, end, b) - } -} - -// rotateOrdered rotates two consecutive blocks u = data[a:m] and v = data[m:b] in data: -// Data of the form 'x u v y' is changed to 'x v u y'. -// rotate performs at most b-a many calls to data.Swap, -// and it assumes non-degenerate arguments: a < m && m < b. -func rotateOrdered[E constraints.Ordered](data []E, a, m, b int) { - i := m - a - j := b - m - - for i != j { - if i > j { - swapRangeOrdered(data, m-i, m, j) - i -= j - } else { - swapRangeOrdered(data, m-i, m+j-i, i) - j -= i - } - } - // i == j - swapRangeOrdered(data, m-i, m, i) -} diff --git a/vendor/modules.txt b/vendor/modules.txt index 22becdb55fb..398ce07611b 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -2,12 +2,13 @@ ## explicit; go 1.16 github.com/checkpoint-restore/go-criu/v6 github.com/checkpoint-restore/go-criu/v6/rpc -# github.com/cilium/ebpf v0.12.3 -## explicit; go 1.20 +# github.com/cilium/ebpf v0.16.0 +## explicit; go 1.21 github.com/cilium/ebpf github.com/cilium/ebpf/asm github.com/cilium/ebpf/btf github.com/cilium/ebpf/internal +github.com/cilium/ebpf/internal/kallsyms github.com/cilium/ebpf/internal/kconfig github.com/cilium/ebpf/internal/sys github.com/cilium/ebpf/internal/sysenc @@ -77,8 +78,6 @@ github.com/vishvananda/netns # golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2 ## explicit; go 1.18 golang.org/x/exp/constraints -golang.org/x/exp/maps -golang.org/x/exp/slices # golang.org/x/net v0.24.0 ## explicit; go 1.18 golang.org/x/net/bpf From 457e1ffa4c78b188e7ff88ecdad90ad9f044c776 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Fri, 13 Sep 2024 15:24:15 +1000 Subject: [PATCH 0651/1176] tests: add regression test for CVE-2019-19921 / CVE-2023-27561 We reintroduced this once already because it is quite easy to miss this subtle aspect of proc mounting. The recent migration to securejoin.MkdirAllInRoot could have also inadvertently reintroduced this (though it didn't). Signed-off-by: Aleksa Sarai --- tests/integration/mounts.bats | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tests/integration/mounts.bats b/tests/integration/mounts.bats index 5dafb655c92..1dba80f9be6 100644 --- a/tests/integration/mounts.bats +++ b/tests/integration/mounts.bats @@ -199,6 +199,18 @@ function test_mount_order() { [ "$status" -eq 0 ] } +# CVE-2023-27561 CVE-2019-19921 +@test "runc run [/proc is a symlink]" { + # Make /proc in the container a symlink. + rm -rf rootfs/proc + mkdir -p rootfs/bad-proc + ln -sf /bad-proc rootfs/proc + # This should fail. + runc run test_busybox + [ "$status" -ne 0 ] + [[ "$output" == *"must be mounted on ordinary directory"* ]] +} + @test "runc run [ro /sys/fs/cgroup mounts]" { # Without cgroup namespace. update_config '.linux.namespaces -= [{"type": "cgroup"}]' From 646efe70b11447d43e5587f34ed203dc4b65f1af Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Fri, 13 Sep 2024 14:33:48 +1000 Subject: [PATCH 0652/1176] utils: mkdirall: mask silently ignored mode bits to match os.MkdirAll It turns out that the suid and sgid mode bits are silently ignored by Linux (though the sticky bit is honoured), and some users are requesting mode bits that are ignored. While returning an error (as securejoin does) makes some sense, this is a regression. Ref: https://github.com/cyphar/filepath-securejoin/issues/23 Fixes: dd827f7b715a ("utils: switch to securejoin.MkdirAllHandle") Signed-off-by: Aleksa Sarai --- libcontainer/utils/utils_unix.go | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/libcontainer/utils/utils_unix.go b/libcontainer/utils/utils_unix.go index 6521114ba75..cc84597a7ce 100644 --- a/libcontainer/utils/utils_unix.go +++ b/libcontainer/utils/utils_unix.go @@ -319,6 +319,14 @@ func MkdirAllInRootOpen(root, unsafePath string, mode uint32) (_ *os.File, Err e if mode&^0o7777 != 0 { return nil, fmt.Errorf("tried to include non-mode bits in MkdirAll mode: 0o%.3o", mode) } + // Linux (and thus os.MkdirAll) silently ignores the suid and sgid bits if + // passed. While it would make sense to return an error in that case (since + // the user has asked for a mode that won't be applied), for compatibility + // reasons we have to ignore these bits. + if ignoredBits := mode &^ 0o1777; ignoredBits != 0 { + logrus.Warnf("MkdirAll called with no-op mode bits that are ignored by Linux: 0o%.3o", ignoredBits) + mode &= 0o1777 + } rootDir, err := os.OpenFile(root, unix.O_DIRECTORY|unix.O_CLOEXEC, 0) if err != nil { From 066b109e99b5795107f1762d9806827dc031f3c3 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Fri, 13 Sep 2024 17:22:20 +1000 Subject: [PATCH 0653/1176] vendor: update to github.com/cyphar/filepath-securejoin@v0.3.2 This includes a fix for the handling of S_ISGID directories. Signed-off-by: Aleksa Sarai --- go.mod | 2 +- go.sum | 4 ++-- .../cyphar/filepath-securejoin/CHANGELOG.md | 21 ++++++++++++++++++- .../cyphar/filepath-securejoin/VERSION | 2 +- .../cyphar/filepath-securejoin/mkdir_linux.go | 18 ++++++++++++++++ .../filepath-securejoin/openat_linux.go | 4 ++++ vendor/modules.txt | 2 +- 7 files changed, 47 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index df040a685f8..35c9a16c47c 100644 --- a/go.mod +++ b/go.mod @@ -7,7 +7,7 @@ require ( github.com/cilium/ebpf v0.12.3 github.com/containerd/console v1.0.4 github.com/coreos/go-systemd/v22 v22.5.0 - github.com/cyphar/filepath-securejoin v0.3.1 + github.com/cyphar/filepath-securejoin v0.3.2 github.com/docker/go-units v0.5.0 github.com/godbus/dbus/v5 v5.1.0 github.com/moby/sys/mountinfo v0.7.1 diff --git a/go.sum b/go.sum index 30eac24d227..365c720661b 100644 --- a/go.sum +++ b/go.sum @@ -9,8 +9,8 @@ github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8 github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w= github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= -github.com/cyphar/filepath-securejoin v0.3.1 h1:1V7cHiaW+C+39wEfpH6XlLBQo3j/PciWFrgfCLS8XrE= -github.com/cyphar/filepath-securejoin v0.3.1/go.mod h1:F7i41x/9cBF7lzCrVsYs9fuzwRZm4NQsGTBdpp6mETc= +github.com/cyphar/filepath-securejoin v0.3.2 h1:QhZu5AxQ+o1XZH0Ye05YzvJ0kAdK6VQc0z9NNMek7gc= +github.com/cyphar/filepath-securejoin v0.3.2/go.mod h1:F7i41x/9cBF7lzCrVsYs9fuzwRZm4NQsGTBdpp6mETc= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= diff --git a/vendor/github.com/cyphar/filepath-securejoin/CHANGELOG.md b/vendor/github.com/cyphar/filepath-securejoin/CHANGELOG.md index 7436896e137..98172cedda7 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/CHANGELOG.md +++ b/vendor/github.com/cyphar/filepath-securejoin/CHANGELOG.md @@ -6,6 +6,24 @@ and this project adheres to [Semantic Versioning](http://semver.org/). ## [Unreleased] ## +## [0.3.2] - 2024-09-13 ## + +### Changed ### +- Passing the `S_ISUID` or `S_ISGID` modes to `MkdirAllInRoot` will now return + an explicit error saying that those bits are ignored by `mkdirat(2)`. In the + past a different error was returned, but since the silent ignoring behaviour + is codified in the man pages a more explicit error seems apt. While silently + ignoring these bits would be the most compatible option, it could lead to + users thinking their code sets these bits when it doesn't. Programs that need + to deal with compatibility can mask the bits themselves. (#23, #25) + +### Fixed ### +- If a directory has `S_ISGID` set, then all child directories will have + `S_ISGID` set when created and a different gid will be used for any inode + created under the directory. Previously, the "expected owner and mode" + validation in `securejoin.MkdirAll` did not correctly handle this. We now + correctly handle this case. (#24, #25) + ## [0.3.1] - 2024-07-23 ## ### Changed ### @@ -127,7 +145,8 @@ This is our first release of `github.com/cyphar/filepath-securejoin`, containing a full implementation with a coverage of 93.5% (the only missing cases are the error cases, which are hard to mocktest at the moment). -[Unreleased]: https://github.com/cyphar/filepath-securejoin/compare/v0.3.1...HEAD +[Unreleased]: https://github.com/cyphar/filepath-securejoin/compare/v0.3.2...HEAD +[0.3.2]: https://github.com/cyphar/filepath-securejoin/compare/v0.3.1...v0.3.2 [0.3.1]: https://github.com/cyphar/filepath-securejoin/compare/v0.3.0...v0.3.1 [0.3.0]: https://github.com/cyphar/filepath-securejoin/compare/v0.2.5...v0.3.0 [0.2.5]: https://github.com/cyphar/filepath-securejoin/compare/v0.2.4...v0.2.5 diff --git a/vendor/github.com/cyphar/filepath-securejoin/VERSION b/vendor/github.com/cyphar/filepath-securejoin/VERSION index 9e11b32fcaa..d15723fbe8d 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/VERSION +++ b/vendor/github.com/cyphar/filepath-securejoin/VERSION @@ -1 +1 @@ -0.3.1 +0.3.2 diff --git a/vendor/github.com/cyphar/filepath-securejoin/mkdir_linux.go b/vendor/github.com/cyphar/filepath-securejoin/mkdir_linux.go index ad2bd7973ab..49ffdbe02bd 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/mkdir_linux.go +++ b/vendor/github.com/cyphar/filepath-securejoin/mkdir_linux.go @@ -46,6 +46,13 @@ func MkdirAllHandle(root *os.File, unsafePath string, mode int) (_ *os.File, Err if mode&^0o7777 != 0 { return nil, fmt.Errorf("%w for mkdir 0o%.3o", errInvalidMode, mode) } + // On Linux, mkdirat(2) (and os.Mkdir) silently ignore the suid and sgid + // bits. We could also silently ignore them but since we have very few + // users it seems more prudent to return an error so users notice that + // these bits will not be set. + if mode&^0o1777 != 0 { + return nil, fmt.Errorf("%w for mkdir 0o%.3o: suid and sgid are ignored by mkdir", errInvalidMode, mode) + } // Try to open as much of the path as possible. currentDir, remainingPath, err := partialLookupInRoot(root, unsafePath) @@ -120,6 +127,17 @@ func MkdirAllHandle(root *os.File, unsafePath string, mode int) (_ *os.File, Err expectedGid = uint32(unix.Getegid()) ) + // The setgid bit (S_ISGID = 0o2000) is inherited to child directories and + // affects the group of any inodes created in said directory, so if the + // starting directory has it set we need to adjust our expected mode and + // owner to match. + if st, err := fstatFile(currentDir); err != nil { + return nil, fmt.Errorf("failed to stat starting path for mkdir %q: %w", currentDir.Name(), err) + } else if st.Mode&unix.S_ISGID == unix.S_ISGID { + expectedMode |= unix.S_ISGID + expectedGid = st.Gid + } + // Create the remaining components. for _, part := range remainingParts { switch part { diff --git a/vendor/github.com/cyphar/filepath-securejoin/openat_linux.go b/vendor/github.com/cyphar/filepath-securejoin/openat_linux.go index 949fb5f2d82..ac083f218fe 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/openat_linux.go +++ b/vendor/github.com/cyphar/filepath-securejoin/openat_linux.go @@ -42,6 +42,10 @@ func fstatatFile(dir *os.File, path string, flags int) (unix.Stat_t, error) { return stat, nil } +func fstatFile(fd *os.File) (unix.Stat_t, error) { + return fstatatFile(fd, "", unix.AT_EMPTY_PATH) +} + func readlinkatFile(dir *os.File, path string) (string, error) { size := 4096 for { diff --git a/vendor/modules.txt b/vendor/modules.txt index 22becdb55fb..c340ef1e67d 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -24,7 +24,7 @@ github.com/coreos/go-systemd/v22/dbus # github.com/cpuguy83/go-md2man/v2 v2.0.2 ## explicit; go 1.11 github.com/cpuguy83/go-md2man/v2/md2man -# github.com/cyphar/filepath-securejoin v0.3.1 +# github.com/cyphar/filepath-securejoin v0.3.2 ## explicit; go 1.20 github.com/cyphar/filepath-securejoin # github.com/docker/go-units v0.5.0 From d8844e2939015f03a683c5f40f4111388d2f1244 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Fri, 13 Sep 2024 17:45:34 +1000 Subject: [PATCH 0654/1176] tests: integration: add setgid mkdirall test Signed-off-by: Aleksa Sarai --- tests/integration/mounts.bats | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/tests/integration/mounts.bats b/tests/integration/mounts.bats index 1dba80f9be6..11fb2cfc63e 100644 --- a/tests/integration/mounts.bats +++ b/tests/integration/mounts.bats @@ -211,6 +211,29 @@ function test_mount_order() { [[ "$output" == *"must be mounted on ordinary directory"* ]] } +# https://github.com/opencontainers/runc/issues/4401 +@test "runc run [setgid / + mkdirall]" { + mkdir rootfs/setgid + chmod '=7755' rootfs/setgid + + update_config '.mounts += [{ + type: "tmpfs", + source: "tmpfs", + destination: "/setgid/a/b/c", + options: ["ro", "nodev", "nosuid"] + }]' + update_config '.process.args |= ["true"]' + + runc run test_busybox + [ "$status" -eq 0 ] + + # Verify that the setgid bit is inherited. + [[ "$(stat -c %a rootfs/setgid)" == 7755 ]] + [[ "$(stat -c %a rootfs/setgid/a)" == 2755 ]] + [[ "$(stat -c %a rootfs/setgid/a/b)" == 2755 ]] + [[ "$(stat -c %a rootfs/setgid/a/b/c)" == 2755 ]] +} + @test "runc run [ro /sys/fs/cgroup mounts]" { # Without cgroup namespace. update_config '.linux.namespaces -= [{"type": "cgroup"}]' From b1449fd5102dfd58859c18ce5aae7bbcc980e61d Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 9 Sep 2024 18:25:28 -0700 Subject: [PATCH 0655/1176] libct: use Namespaces.IsPrivate more In these cases, this is exactly what we want to find out. Slightly improves performance and readability. Signed-off-by: Kir Kolyshkin --- libcontainer/configs/validate/rootless.go | 2 +- libcontainer/specconv/spec_linux.go | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/libcontainer/configs/validate/rootless.go b/libcontainer/configs/validate/rootless.go index faceea04c09..4507d4495e6 100644 --- a/libcontainer/configs/validate/rootless.go +++ b/libcontainer/configs/validate/rootless.go @@ -34,7 +34,7 @@ func rootlessEUIDMappings(config *configs.Config) error { return errors.New("rootless container requires user namespaces") } // We only require mappings if we are not joining another userns. - if path := config.Namespaces.PathOf(configs.NEWUSER); path == "" { + if config.Namespaces.IsPrivate(configs.NEWUSER) { if len(config.UIDMappings) == 0 { return errors.New("rootless containers requires at least one UID mapping") } diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go index ae08a827c1f..e7c6faae347 100644 --- a/libcontainer/specconv/spec_linux.go +++ b/libcontainer/specconv/spec_linux.go @@ -415,7 +415,7 @@ func CreateLibcontainerConfig(opts *CreateOpts) (*configs.Config, error) { } config.Namespaces.Add(t, ns.Path) } - if config.Namespaces.Contains(configs.NEWNET) && config.Namespaces.PathOf(configs.NEWNET) == "" { + if config.Namespaces.IsPrivate(configs.NEWNET) { config.Networks = []*configs.Network{ { Type: "loopback", @@ -481,7 +481,7 @@ func CreateLibcontainerConfig(opts *CreateOpts) (*configs.Config, error) { // Only set it if the container will have its own cgroup // namespace and the cgroupfs will be mounted read/write. // - hasCgroupNS := config.Namespaces.Contains(configs.NEWCGROUP) && config.Namespaces.PathOf(configs.NEWCGROUP) == "" + hasCgroupNS := config.Namespaces.IsPrivate(configs.NEWCGROUP) hasRwCgroupfs := false if hasCgroupNS { for _, m := range config.Mounts { From 21c61165572353bbbde13f0208d59d7bbdd36864 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 12 Sep 2024 16:44:40 -0700 Subject: [PATCH 0656/1176] tests/int: log when teardown starts This aids in failed test analysis by allowing to distinguish the output of various commands being run as part of the test case from the output of teardown command like runc delete. Signed-off-by: Kir Kolyshkin --- tests/integration/helpers.bash | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/integration/helpers.bash b/tests/integration/helpers.bash index 76fbab3f5d1..fb8abb9052e 100755 --- a/tests/integration/helpers.bash +++ b/tests/integration/helpers.bash @@ -727,6 +727,8 @@ function teardown_bundle() { [ ! -v ROOT ] && return 0 # nothing to teardown cd "$INTEGRATION_ROOT" || return + echo "--- teardown ---" >&2 + teardown_recvtty local ct for ct in $(__runc list -q); do From 30f8f51eab4c01ed083a590214da9d17394a9205 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 11 Sep 2024 17:57:01 -0700 Subject: [PATCH 0657/1176] runc create/run: warn on rootless + shared pidns + no cgroup Shared pid namespace means `runc kill` (or `runc delete -f`) have to kill all container processes, not just init. To do so, it needs a cgroup to read the PIDs from. If there is no cgroup, processes will be leaked, and so such configuration is bad and should not be allowed. To keep backward compatibility, though, let's merely warn about this for now. Alas, the only way to know if cgroup access is available is by returning an error from Manager.Apply. Amend fs cgroup managers to do so (systemd doesn't need it, since v1 can't work with rootless, and cgroup v2 does not have a special rootless case). Signed-off-by: Kir Kolyshkin --- libcontainer/cgroups/cgroups.go | 5 +++++ libcontainer/cgroups/fs/fs.go | 5 +++-- libcontainer/cgroups/fs2/fs2.go | 2 +- libcontainer/process_linux.go | 13 ++++++++++++- tests/integration/create.bats | 28 ++++++++++++++++++++++++++++ 5 files changed, 49 insertions(+), 4 deletions(-) diff --git a/libcontainer/cgroups/cgroups.go b/libcontainer/cgroups/cgroups.go index 811f2d26e00..53e194c74dc 100644 --- a/libcontainer/cgroups/cgroups.go +++ b/libcontainer/cgroups/cgroups.go @@ -11,6 +11,11 @@ var ( // is not configured to set device rules. ErrDevicesUnsupported = errors.New("cgroup manager is not configured to set device rules") + // ErrRootless is returned by [Manager.Apply] when there is an error + // creating cgroup directory, and cgroup.Rootless is set. In general, + // this error is to be ignored. + ErrRootless = errors.New("cgroup manager can not access cgroup (rootless container)") + // DevicesSetV1 and DevicesSetV2 are functions to set devices for // cgroup v1 and v2, respectively. Unless // [github.com/opencontainers/runc/libcontainer/cgroups/devices] diff --git a/libcontainer/cgroups/fs/fs.go b/libcontainer/cgroups/fs/fs.go index d2decb127ca..ba15bfc4077 100644 --- a/libcontainer/cgroups/fs/fs.go +++ b/libcontainer/cgroups/fs/fs.go @@ -105,7 +105,7 @@ func isIgnorableError(rootless bool, err error) bool { return false } -func (m *Manager) Apply(pid int) (err error) { +func (m *Manager) Apply(pid int) (retErr error) { m.mu.Lock() defer m.mu.Unlock() @@ -129,6 +129,7 @@ func (m *Manager) Apply(pid int) (err error) { // later by Set, which fails with a friendly error (see // if path == "" in Set). if isIgnorableError(c.Rootless, err) && c.Path == "" { + retErr = cgroups.ErrRootless delete(m.paths, name) continue } @@ -136,7 +137,7 @@ func (m *Manager) Apply(pid int) (err error) { } } - return nil + return retErr } func (m *Manager) Destroy() error { diff --git a/libcontainer/cgroups/fs2/fs2.go b/libcontainer/cgroups/fs2/fs2.go index b1be7df5ccc..93f81bf8dae 100644 --- a/libcontainer/cgroups/fs2/fs2.go +++ b/libcontainer/cgroups/fs2/fs2.go @@ -71,7 +71,7 @@ func (m *Manager) Apply(pid int) error { if m.config.Rootless { if m.config.Path == "" { if blNeed, nErr := needAnyControllers(m.config.Resources); nErr == nil && !blNeed { - return nil + return cgroups.ErrRootless } return fmt.Errorf("rootless needs no limits + no cgrouppath when no permission is granted for cgroups: %w", err) } diff --git a/libcontainer/process_linux.go b/libcontainer/process_linux.go index 9a2473f716e..493dbeaac5a 100644 --- a/libcontainer/process_linux.go +++ b/libcontainer/process_linux.go @@ -580,7 +580,18 @@ func (p *initProcess) start() (retErr error) { // cgroup. We don't need to worry about not doing this and not being root // because we'd be using the rootless cgroup manager in that case. if err := p.manager.Apply(p.pid()); err != nil { - return fmt.Errorf("unable to apply cgroup configuration: %w", err) + if errors.Is(err, cgroups.ErrRootless) { + // ErrRootless is to be ignored except when + // the container doesn't have private pidns. + if !p.config.Config.Namespaces.IsPrivate(configs.NEWPID) { + // TODO: make this an error in runc 1.3. + logrus.Warn("Creating a rootless container with no cgroup and no private pid namespace. " + + "Such configuration is strongly discouraged (as it is impossible to properly kill all container's processes) " + + "and will result in an error in a future runc version.") + } + } else { + return fmt.Errorf("unable to apply cgroup configuration: %w", err) + } } if p.intelRdtManager != nil { if err := p.intelRdtManager.Apply(p.pid()); err != nil { diff --git a/tests/integration/create.bats b/tests/integration/create.bats index 938ac8b63dc..f12291ca9d9 100644 --- a/tests/integration/create.bats +++ b/tests/integration/create.bats @@ -81,3 +81,31 @@ function teardown() { testcontainer test_busybox running } + +# https://github.com/opencontainers/runc/issues/4394#issuecomment-2334926257 +@test "runc create [shared pidns + rootless]" { + # Remove pidns so it's shared with the host. + update_config ' .linux.namespaces -= [{"type": "pid"}]' + if [ $EUID -ne 0 ]; then + if rootless_cgroup; then + # Rootless containers have empty cgroup path by default. + set_cgroups_path + fi + # Can't mount real /proc when rootless + no pidns, + # so change it to a bind-mounted one from the host. + update_config ' .mounts |= map((select(.type == "proc") + | .type = "none" + | .source = "/proc" + | .options = ["rbind", "nosuid", "nodev", "noexec"] + ) // .)' + fi + + exp="Such configuration is strongly discouraged" + runc create --console-socket "$CONSOLE_SOCKET" test + [ "$status" -eq 0 ] + if [ $EUID -ne 0 ] && ! rootless_cgroup; then + [[ "$output" = *"$exp"* ]] + else + [[ "$output" != *"$exp"* ]] + fi +} From 8671a7dba9ee3f274d8750518fbe62b52daf83a6 Mon Sep 17 00:00:00 2001 From: Akhil Mohan Date: Sun, 22 Sep 2024 22:43:22 +0530 Subject: [PATCH 0658/1176] ci: update to setup bats action from bats-core mig4/setup-bats is now unmaintained(last commit in Sep 2021). bats-core/bats-action can be used as a replacement maintained by the bats-core team. Signed-off-by: Akhil Mohan --- .github/workflows/test.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index b74c9eca87f..37bbd13b7f0 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -154,8 +154,8 @@ jobs: EXTRA_BUILDTAGS: ${{ matrix.dmz }} run: sudo -E PATH="$PATH" make EXTRA_FLAGS="${{ matrix.race }}" all - - name: install bats - uses: mig4/setup-bats@v1 + - name: Setup Bats and bats libs + uses: bats-core/bats-action@2.0.0 with: bats-version: 1.9.0 From 319e133c3cd6b5bd819bcf7b050c19462d518c06 Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Thu, 19 Sep 2024 20:55:24 +0200 Subject: [PATCH 0659/1176] go.mod: Use toolchain 1.22.4 Go since 1.21 allows to set a "toolchain" that specifies the minimum Go toolchain to use when working in runc. In contrast to the go line, toolchain does not impose a requirement on other modules[1][2]. As documented in the 1.2.0-rc.1 release notes, 1.22.4 is needed for the nsenter package. Let's suggest this with the toolchain version. [1]: https://go.dev/doc/toolchain [2]: https://go.dev/blog/toolchain Signed-off-by: Rodrigo Campos --- go.mod | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/go.mod b/go.mod index b086e0e0b27..9c9dc9f237b 100644 --- a/go.mod +++ b/go.mod @@ -2,6 +2,11 @@ module github.com/opencontainers/runc go 1.22 +// Suggest toolchain 1.22.4 due to a fix in golang for libcontainer/nsenter/. +// For more info, see: #4233 +// Note that toolchain does not impose a requirement on other modules using runc. +toolchain go1.22.4 + require ( github.com/checkpoint-restore/go-criu/v6 v6.3.0 github.com/cilium/ebpf v0.16.0 From 10c951e335b3a437f35af86dd9f0e59cd19deab5 Mon Sep 17 00:00:00 2001 From: lifubang Date: Mon, 23 Sep 2024 20:59:57 +0800 Subject: [PATCH 0660/1176] add ErrCgroupNotExist For some rootless container, runc has no access to cgroup, But the container is still running. So we should return the `ErrNotRunning` and `ErrCgroupNotExist` error seperatlly. Signed-off-by: lifubang --- libcontainer/container_linux.go | 5 +++++ libcontainer/error.go | 15 ++++++++------- libcontainer/init_linux.go | 4 +--- 3 files changed, 14 insertions(+), 10 deletions(-) diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index 6a91df01db0..0b17168c2bb 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -394,6 +394,11 @@ func (c *Container) Signal(s os.Signal) error { // https://github.com/opencontainers/runc/pull/4395#pullrequestreview-2291179652 return c.signal(s) } + // For not rootless container, if there is no init process and no cgroup, + // it means that the container is not running. + if errors.Is(err, ErrCgroupNotExist) && !c.hasInit() { + err = ErrNotRunning + } return fmt.Errorf("unable to kill all processes: %w", err) } return nil diff --git a/libcontainer/error.go b/libcontainer/error.go index 510c072264f..7f6a5eb463b 100644 --- a/libcontainer/error.go +++ b/libcontainer/error.go @@ -3,11 +3,12 @@ package libcontainer import "errors" var ( - ErrExist = errors.New("container with given ID already exists") - ErrInvalidID = errors.New("invalid container ID format") - ErrNotExist = errors.New("container does not exist") - ErrPaused = errors.New("container paused") - ErrRunning = errors.New("container still running") - ErrNotRunning = errors.New("container not running") - ErrNotPaused = errors.New("container not paused") + ErrExist = errors.New("container with given ID already exists") + ErrInvalidID = errors.New("invalid container ID format") + ErrNotExist = errors.New("container does not exist") + ErrPaused = errors.New("container paused") + ErrRunning = errors.New("container still running") + ErrNotRunning = errors.New("container not running") + ErrNotPaused = errors.New("container not paused") + ErrCgroupNotExist = errors.New("cgroup not exist") ) diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go index 90f40cad257..797982ad252 100644 --- a/libcontainer/init_linux.go +++ b/libcontainer/init_linux.go @@ -695,11 +695,9 @@ func setupPersonality(config *configs.Config) error { // signalAllProcesses freezes then iterates over all the processes inside the // manager's cgroups sending the signal s to them. -// -// signalAllProcesses returns ErrNotRunning when the cgroup does not exist. func signalAllProcesses(m cgroups.Manager, s unix.Signal) error { if !m.Exists() { - return ErrNotRunning + return ErrCgroupNotExist } // Use cgroup.kill, if available. if s == unix.SIGKILL { From 35f999dded045276787f13444f8ef62ebac7d74e Mon Sep 17 00:00:00 2001 From: Akhil Mohan Date: Wed, 25 Sep 2024 11:31:44 +0530 Subject: [PATCH 0661/1176] remove installation of unused bats support libs bats-core/bats-action installs a few support libraries by default which are not used by runc. Disable the installation, which will remove /usr/bin/tar: Permission denied errors. Signed-off-by: Akhil Mohan --- .github/workflows/test.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 37bbd13b7f0..c7c340225c3 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -158,6 +158,10 @@ jobs: uses: bats-core/bats-action@2.0.0 with: bats-version: 1.9.0 + support-install: false + assert-install: false + detik-install: false + file-install: false - name: Allow userns for runc # https://discourse.ubuntu.com/t/ubuntu-24-04-lts-noble-numbat-release-notes/39890#unprivileged-user-namespace-restrictions-15 From 5b161e04ae1404f2280b8f7c42e2251bf05569ca Mon Sep 17 00:00:00 2001 From: Akhil Mohan Date: Wed, 25 Sep 2024 13:56:48 +0530 Subject: [PATCH 0662/1176] update bats-action to 2.1.1 bats-action@2.1.1 supports: - ubuntu 20.04 - cache key with multiple arch Signed-off-by: Akhil Mohan --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index c7c340225c3..7c49cc0ae7c 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -155,7 +155,7 @@ jobs: run: sudo -E PATH="$PATH" make EXTRA_FLAGS="${{ matrix.race }}" all - name: Setup Bats and bats libs - uses: bats-core/bats-action@2.0.0 + uses: bats-core/bats-action@2.1.1 with: bats-version: 1.9.0 support-install: false From 3e3f96034f1d454835c27f0ef230f0d5af4adc16 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 1 Aug 2024 17:50:57 -0700 Subject: [PATCH 0663/1176] runc exec --cap: do not add capabilities to ambient Commit 98fe566c removed setting inheritable capabilities from runc exec --cap, but neglected to also remove ambient capabilities. An ambient capability could only be set if the same inheritable capability is set, so as a result of the above change ambient capabilities were not set (but due to a bug in gocapability package, those errors are never reported). Once we start using a library with the fix [1], that bug will become apparent. Alas, we do not have any tests for runc exec --cap, so add one. Yet, if some inheritable bits are already set from spec, let's set ambient to avoid a possible regression. Add a test case for that, too. [1]: https://github.com/kolyshkin/capability/pull/3 Fixes: 98fe566c ("runc: do not set inheritable capabilities") Co-authored-by: lifubang Signed-off-by: Kir Kolyshkin --- exec.go | 7 +++- tests/integration/capabilities.bats | 63 +++++++++++++++++++++++++++++ 2 files changed, 69 insertions(+), 1 deletion(-) diff --git a/exec.go b/exec.go index ad8a369a5dd..1e47f6cfb6b 100644 --- a/exec.go +++ b/exec.go @@ -234,7 +234,12 @@ func getProcess(context *cli.Context, bundle string) (*specs.Process, error) { p.Capabilities.Bounding = append(p.Capabilities.Bounding, c) p.Capabilities.Effective = append(p.Capabilities.Effective, c) p.Capabilities.Permitted = append(p.Capabilities.Permitted, c) - p.Capabilities.Ambient = append(p.Capabilities.Ambient, c) + // Since ambient capabilities can't be set without inherritable, + // and runc exec --cap don't set inheritable, let's only set + // ambient if we already have some inheritable bits set from spec. + if p.Capabilities.Inheritable != nil { + p.Capabilities.Ambient = append(p.Capabilities.Ambient, c) + } } } // append the passed env variables diff --git a/tests/integration/capabilities.bats b/tests/integration/capabilities.bats index 968041223f7..5d1178b7c1a 100644 --- a/tests/integration/capabilities.bats +++ b/tests/integration/capabilities.bats @@ -53,3 +53,66 @@ function teardown() { [[ "${output}" == *"CapPrm: 0000000000200000"* ]] [[ "${output}" == *"NoNewPrivs: 1"* ]] } + +@test "runc exec --cap" { + update_config ' .process.args = ["/bin/sh"] + | .process.capabilities = {}' + runc run -d --console-socket "$CONSOLE_SOCKET" test_exec_cap + [ "$status" -eq 0 ] + + runc exec test_exec_cap cat /proc/self/status + [ "$status" -eq 0 ] + # Check no capabilities are set. + [[ "${output}" == *"CapInh: 0000000000000000"* ]] + [[ "${output}" == *"CapPrm: 0000000000000000"* ]] + [[ "${output}" == *"CapEff: 0000000000000000"* ]] + [[ "${output}" == *"CapBnd: 0000000000000000"* ]] + [[ "${output}" == *"CapAmb: 0000000000000000"* ]] + + runc exec --cap CAP_KILL --cap CAP_AUDIT_WRITE test_exec_cap cat /proc/self/status + [ "$status" -eq 0 ] + # Check capabilities are added into bounding/effective/permitted only, + # but not to inheritable or ambient. + # + # CAP_KILL is 5, the bit mask is 0x20 (1 << 5). + # CAP_AUDIT_WRITE is 26, the bit mask is 0x20000000 (1 << 26). + [[ "${output}" == *"CapInh: 0000000000000000"* ]] + [[ "${output}" == *"CapPrm: 0000000020000020"* ]] + [[ "${output}" == *"CapEff: 0000000020000020"* ]] + [[ "${output}" == *"CapBnd: 0000000020000020"* ]] + [[ "${output}" == *"CapAmb: 0000000000000000"* ]] +} + +@test "runc exec --cap [ambient is set from spec]" { + update_config ' .process.args = ["/bin/sh"] + | .process.capabilities.inheritable = ["CAP_CHOWN", "CAP_SYSLOG"] + | .process.capabilities.permitted = ["CAP_KILL", "CAP_CHOWN"] + | .process.capabilities.effective = ["CAP_KILL"] + | .process.capabilities.bounding = ["CAP_KILL", "CAP_CHOWN", "CAP_SYSLOG"] + | .process.capabilities.ambient = ["CAP_CHOWN"]' + runc run -d --console-socket "$CONSOLE_SOCKET" test_some_caps + [ "$status" -eq 0 ] + + runc exec test_some_caps cat /proc/self/status + [ "$status" -eq 0 ] + # Check that capabilities are as set in spec. + # + # CAP_CHOWN is 0, the bit mask is 0x1 (1 << 0) + # CAP_KILL is 5, the bit mask is 0x20 (1 << 5). + # CAP_SYSLOG is 34, the bit mask is 0x400000000 (1 << 34). + [[ "${output}" == *"CapInh: 0000000400000001"* ]] + [[ "${output}" == *"CapPrm: 0000000000000021"* ]] + [[ "${output}" == *"CapEff: 0000000000000021"* ]] + [[ "${output}" == *"CapBnd: 0000000400000021"* ]] + [[ "${output}" == *"CapAmb: 0000000000000001"* ]] + + # Check that if config.json has an inheritable capability set, + # runc exec --cap adds ambient capabilities. + runc exec --cap CAP_SYSLOG test_some_caps cat /proc/self/status + [ "$status" -eq 0 ] + [[ "${output}" == *"CapInh: 0000000400000001"* ]] + [[ "${output}" == *"CapPrm: 0000000400000021"* ]] + [[ "${output}" == *"CapEff: 0000000400000021"* ]] + [[ "${output}" == *"CapBnd: 0000000400000021"* ]] + [[ "${output}" == *"CapAmb: 0000000400000001"* ]] +} From 0de1953333143cdbc5df7cfc4b0c6bf91ee99709 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 6 Aug 2024 10:44:25 -0700 Subject: [PATCH 0664/1176] runc spec, libct/int: do not add ambient capabilities Commit 98fe566c removed inheritable capabilities from the example spec (used by runc spec) and from the libcontainer/integration test config, but neglected to also remove ambient capabilities. An ambient capability could only be set if the same inheritable capability is set, so as a result of the above change ambient capabilities were not set (but due to a bug in gocapability package, those errors are never reported). Once we start using a library with the fix [1], that bug will become apparent (both bats-based and libct/int tests will fail). [1]: https://github.com/kolyshkin/capability/pull/3 Fixes: 98fe566c ("runc: do not set inheritable capabilities") Signed-off-by: Kir Kolyshkin --- libcontainer/integration/template_test.go | 16 ---------------- libcontainer/specconv/example.go | 5 ----- 2 files changed, 21 deletions(-) diff --git a/libcontainer/integration/template_test.go b/libcontainer/integration/template_test.go index 63c46b28fae..473f601ed49 100644 --- a/libcontainer/integration/template_test.go +++ b/libcontainer/integration/template_test.go @@ -75,22 +75,6 @@ func newTemplateConfig(t *testing.T, p *tParam) *configs.Config { "CAP_KILL", "CAP_AUDIT_WRITE", }, - Ambient: []string{ - "CAP_CHOWN", - "CAP_DAC_OVERRIDE", - "CAP_FSETID", - "CAP_FOWNER", - "CAP_MKNOD", - "CAP_NET_RAW", - "CAP_SETGID", - "CAP_SETUID", - "CAP_SETFCAP", - "CAP_SETPCAP", - "CAP_NET_BIND_SERVICE", - "CAP_SYS_CHROOT", - "CAP_KILL", - "CAP_AUDIT_WRITE", - }, Effective: []string{ "CAP_CHOWN", "CAP_DAC_OVERRIDE", diff --git a/libcontainer/specconv/example.go b/libcontainer/specconv/example.go index 152d938a50a..1e9cfa2dbfe 100644 --- a/libcontainer/specconv/example.go +++ b/libcontainer/specconv/example.go @@ -41,11 +41,6 @@ func Example() *specs.Spec { "CAP_KILL", "CAP_NET_BIND_SERVICE", }, - Ambient: []string{ - "CAP_AUDIT_WRITE", - "CAP_KILL", - "CAP_NET_BIND_SERVICE", - }, Effective: []string{ "CAP_AUDIT_WRITE", "CAP_KILL", From 7a449109f3c854a6280d0d749d02116f4b64a9fd Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 1 Aug 2024 00:59:19 -0700 Subject: [PATCH 0665/1176] libct/README: simplify example, rm inheritable caps The example is too long since it lists too many capabilities. Simplify it, leaving only two capabilities. Also, remove ambient capabilities from the set. Inheritable capabilities were removed earlier by commit 98fe566c, but ambient capabilities can't be raised without inheritable ones. Fixes: 98fe566c Signed-off-by: Kir Kolyshkin --- libcontainer/README.md | 52 ------------------------------------------ 1 file changed, 52 deletions(-) diff --git a/libcontainer/README.md b/libcontainer/README.md index 50e9a1325b5..b1e7b0cd15c 100644 --- a/libcontainer/README.md +++ b/libcontainer/README.md @@ -59,66 +59,14 @@ config := &configs.Config{ Rootfs: "/your/path/to/rootfs", Capabilities: &configs.Capabilities{ Bounding: []string{ - "CAP_CHOWN", - "CAP_DAC_OVERRIDE", - "CAP_FSETID", - "CAP_FOWNER", - "CAP_MKNOD", - "CAP_NET_RAW", - "CAP_SETGID", - "CAP_SETUID", - "CAP_SETFCAP", - "CAP_SETPCAP", - "CAP_NET_BIND_SERVICE", - "CAP_SYS_CHROOT", "CAP_KILL", "CAP_AUDIT_WRITE", }, Effective: []string{ - "CAP_CHOWN", - "CAP_DAC_OVERRIDE", - "CAP_FSETID", - "CAP_FOWNER", - "CAP_MKNOD", - "CAP_NET_RAW", - "CAP_SETGID", - "CAP_SETUID", - "CAP_SETFCAP", - "CAP_SETPCAP", - "CAP_NET_BIND_SERVICE", - "CAP_SYS_CHROOT", "CAP_KILL", "CAP_AUDIT_WRITE", }, Permitted: []string{ - "CAP_CHOWN", - "CAP_DAC_OVERRIDE", - "CAP_FSETID", - "CAP_FOWNER", - "CAP_MKNOD", - "CAP_NET_RAW", - "CAP_SETGID", - "CAP_SETUID", - "CAP_SETFCAP", - "CAP_SETPCAP", - "CAP_NET_BIND_SERVICE", - "CAP_SYS_CHROOT", - "CAP_KILL", - "CAP_AUDIT_WRITE", - }, - Ambient: []string{ - "CAP_CHOWN", - "CAP_DAC_OVERRIDE", - "CAP_FSETID", - "CAP_FOWNER", - "CAP_MKNOD", - "CAP_NET_RAW", - "CAP_SETGID", - "CAP_SETUID", - "CAP_SETFCAP", - "CAP_SETPCAP", - "CAP_NET_BIND_SERVICE", - "CAP_SYS_CHROOT", "CAP_KILL", "CAP_AUDIT_WRITE", }, From 1be06760ed66ae86182e79347c95886a284bf4b8 Mon Sep 17 00:00:00 2001 From: Stavros Panakakis Date: Sun, 15 Sep 2024 17:00:34 +0300 Subject: [PATCH 0666/1176] libcontainer/cgroups/fs: remove todo since strings.Fields performs well Initially, this was a commit to switch from strings.Fields to strings.SplitN in getCpuUsageBreakdown, since strings.Fields was probably slower than strings.SplitN in some old Go versions. Afterwards, strings.Cut was also considered for potential speed improvements. After writing a benchmark test, we learned that: - strings.Fields performance is now adequate; - strings.SplitN is slower than strings.Fields; - strings.Cut had <5% performance gain from strings.Fields; So, remove the TODO and keep the benchmark test. Signed-off-by: Stavros Panakakis --- libcontainer/cgroups/fs/cpuacct.go | 2 +- libcontainer/cgroups/fs/cpuacct_test.go | 15 +++++++++++++++ libcontainer/cgroups/fs/util_test.go | 4 ++-- 3 files changed, 18 insertions(+), 3 deletions(-) diff --git a/libcontainer/cgroups/fs/cpuacct.go b/libcontainer/cgroups/fs/cpuacct.go index d3bd7e111c7..69f8f9d8cdd 100644 --- a/libcontainer/cgroups/fs/cpuacct.go +++ b/libcontainer/cgroups/fs/cpuacct.go @@ -91,7 +91,7 @@ func getCpuUsageBreakdown(path string) (uint64, uint64, error) { if err != nil { return 0, 0, err } - // TODO: use strings.SplitN instead. + fields := strings.Fields(data) if len(fields) < 4 || fields[0] != userField || fields[2] != systemField { return 0, 0, malformedLine(path, file, data) diff --git a/libcontainer/cgroups/fs/cpuacct_test.go b/libcontainer/cgroups/fs/cpuacct_test.go index 70b237a0b61..d7d926d505c 100644 --- a/libcontainer/cgroups/fs/cpuacct_test.go +++ b/libcontainer/cgroups/fs/cpuacct_test.go @@ -95,3 +95,18 @@ func TestCpuacctStatsWithoutUsageAll(t *testing.T) { expectedStats, actualStats.CpuStats.CpuUsage) } } + +func BenchmarkGetCpuUsageBreakdown(b *testing.B) { + path := tempDir(b, "cpuacct") + writeFileContents(b, path, map[string]string{ + "cpuacct.stat": cpuAcctStatContents, + }) + + b.ResetTimer() + for i := 0; i < b.N; i++ { + _, _, err := getCpuUsageBreakdown(path) + if err != nil { + b.Fatal(err) + } + } +} diff --git a/libcontainer/cgroups/fs/util_test.go b/libcontainer/cgroups/fs/util_test.go index 85842b73532..87c70ed1d9d 100644 --- a/libcontainer/cgroups/fs/util_test.go +++ b/libcontainer/cgroups/fs/util_test.go @@ -18,7 +18,7 @@ func init() { } // tempDir creates a new test directory for the specified subsystem. -func tempDir(t *testing.T, subsystem string) string { +func tempDir(t testing.TB, subsystem string) string { path := filepath.Join(t.TempDir(), subsystem) // Ensure the full mock cgroup path exists. if err := os.Mkdir(path, 0o755); err != nil { @@ -29,7 +29,7 @@ func tempDir(t *testing.T, subsystem string) string { // writeFileContents writes the specified contents on the mock of the specified // cgroup files. -func writeFileContents(t *testing.T, path string, fileContents map[string]string) { +func writeFileContents(t testing.TB, path string, fileContents map[string]string) { for file, contents := range fileContents { err := cgroups.WriteFile(path, file, contents) if err != nil { From faffe1b9eec1b52f5e38228c44b94ffafd3936a0 Mon Sep 17 00:00:00 2001 From: "Amir M. Ghazanfari" Date: Sat, 28 Sep 2024 10:02:21 +0330 Subject: [PATCH 0667/1176] replace strings.SplitN with strings.Cut Signed-off-by: Amir M. Ghazanfari --- exec.go | 8 ++++---- libcontainer/cgroups/fs/memory.go | 5 ++--- libcontainer/cgroups/systemd/cpuset.go | 10 +++++----- libcontainer/init_linux.go | 5 ++--- libcontainer/utils/utils.go | 10 +++++----- 5 files changed, 18 insertions(+), 20 deletions(-) diff --git a/exec.go b/exec.go index ad8a369a5dd..f7bd7669042 100644 --- a/exec.go +++ b/exec.go @@ -247,15 +247,15 @@ func getProcess(context *cli.Context, bundle string) (*specs.Process, error) { } // Override the user, if passed. if user := context.String("user"); user != "" { - u := strings.SplitN(user, ":", 2) - if len(u) > 1 { - gid, err := strconv.Atoi(u[1]) + uids, gids, ok := strings.Cut(user, ":") + if ok { + gid, err := strconv.Atoi(gids) if err != nil { return nil, fmt.Errorf("bad gid: %w", err) } p.User.GID = uint32(gid) } - uid, err := strconv.Atoi(u[0]) + uid, err := strconv.Atoi(uids) if err != nil { return nil, fmt.Errorf("bad uid: %w", err) } diff --git a/libcontainer/cgroups/fs/memory.go b/libcontainer/cgroups/fs/memory.go index 783566d68f0..0abea63f92a 100644 --- a/libcontainer/cgroups/fs/memory.go +++ b/libcontainer/cgroups/fs/memory.go @@ -282,11 +282,11 @@ func getPageUsageByNUMA(path string) (cgroups.PageUsageByNUMA, error) { line := scanner.Text() columns := strings.SplitN(line, " ", maxColumns) for i, column := range columns { - byNode := strings.SplitN(column, "=", 2) + key, val, ok := strings.Cut(column, "=") // Some custom kernels have non-standard fields, like // numa_locality 0 0 0 0 0 0 0 0 0 0 // numa_exectime 0 - if len(byNode) < 2 { + if !ok { if i == 0 { // Ignore/skip those. break @@ -296,7 +296,6 @@ func getPageUsageByNUMA(path string) (cgroups.PageUsageByNUMA, error) { return stats, malformedLine(path, file, line) } } - key, val := byNode[0], byNode[1] if i == 0 { // First column: key is name, val is total. field = getNUMAField(&stats, key) if field == nil { // unknown field (new kernel?) diff --git a/libcontainer/cgroups/systemd/cpuset.go b/libcontainer/cgroups/systemd/cpuset.go index dd474cf1b16..c6f5642dcd2 100644 --- a/libcontainer/cgroups/systemd/cpuset.go +++ b/libcontainer/cgroups/systemd/cpuset.go @@ -21,13 +21,13 @@ func RangeToBits(str string) ([]byte, error) { if r == "" { continue } - ranges := strings.SplitN(r, "-", 2) - if len(ranges) > 1 { - start, err := strconv.ParseUint(ranges[0], 10, 32) + startr, endr, ok := strings.Cut(r, "-") + if ok { + start, err := strconv.ParseUint(startr, 10, 32) if err != nil { return nil, err } - end, err := strconv.ParseUint(ranges[1], 10, 32) + end, err := strconv.ParseUint(endr, 10, 32) if err != nil { return nil, err } @@ -38,7 +38,7 @@ func RangeToBits(str string) ([]byte, error) { bits.SetBit(bits, int(i), 1) } } else { - val, err := strconv.ParseUint(ranges[0], 10, 32) + val, err := strconv.ParseUint(startr, 10, 32) if err != nil { return nil, err } diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go index 90f40cad257..5123314516d 100644 --- a/libcontainer/init_linux.go +++ b/libcontainer/init_linux.go @@ -259,11 +259,10 @@ func containerInit(t initType, config *initConfig, pipe *syncSocket, consoleSock // current processes's environment. func populateProcessEnvironment(env []string) error { for _, pair := range env { - p := strings.SplitN(pair, "=", 2) - if len(p) < 2 { + name, val, ok := strings.Cut(pair, "=") + if !ok { return errors.New("invalid environment variable: missing '='") } - name, val := p[0], p[1] if name == "" { return errors.New("invalid environment variable: name cannot be empty") } diff --git a/libcontainer/utils/utils.go b/libcontainer/utils/utils.go index 793783929fb..db420ea688d 100644 --- a/libcontainer/utils/utils.go +++ b/libcontainer/utils/utils.go @@ -101,14 +101,14 @@ func SearchLabels(labels []string, key string) (string, bool) { func Annotations(labels []string) (bundle string, userAnnotations map[string]string) { userAnnotations = make(map[string]string) for _, l := range labels { - parts := strings.SplitN(l, "=", 2) - if len(parts) < 2 { + name, value, ok := strings.Cut(l, "=") + if !ok { continue } - if parts[0] == "bundle" { - bundle = parts[1] + if name == "bundle" { + bundle = value } else { - userAnnotations[parts[0]] = parts[1] + userAnnotations[name] = value } } return From bb2bd38d6f5eb923b27f2334d9bf6f7173b052ca Mon Sep 17 00:00:00 2001 From: "Amir M. Ghazanfari" Date: Wed, 25 Sep 2024 16:13:17 +0330 Subject: [PATCH 0668/1176] change go minimum version in README Signed-off-by: Amir M. Ghazanfari Update go version Co-authored-by: Akihiro Suda Signed-off-by: Amir M. Ghazanfari --- README.md | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/README.md b/README.md index 88497c16945..134acc65cba 100644 --- a/README.md +++ b/README.md @@ -27,16 +27,10 @@ A third party security audit was performed by Cure53, you can see the full repor ## Building -`runc` only supports Linux. It must be built with Go version 1.21 or higher. +`runc` only supports Linux. See the header of [`go.mod`](./go mod) for the required Go version. ### Pre-Requisites -#### Go - -NOTE: if building with Go 1.22.x, make sure to use 1.22.4 or a later version -(see [issue #4233](https://github.com/opencontainers/runc/issues/4233) for -more details). - #### Utilities and Libraries In addition to Go, building `runc` requires multiple utilities and libraries to be installed on your system. From f55957de35ee298940bec8983cd88abe72e66a1a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 30 Sep 2024 04:20:03 +0000 Subject: [PATCH 0669/1176] build(deps): bump bats-core/bats-action from 2.1.1 to 3.0.0 Bumps [bats-core/bats-action](https://github.com/bats-core/bats-action) from 2.1.1 to 3.0.0. - [Release notes](https://github.com/bats-core/bats-action/releases) - [Commits](https://github.com/bats-core/bats-action/compare/2.1.1...3.0.0) --- updated-dependencies: - dependency-name: bats-core/bats-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 7c49cc0ae7c..9466d5996be 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -155,7 +155,7 @@ jobs: run: sudo -E PATH="$PATH" make EXTRA_FLAGS="${{ matrix.race }}" all - name: Setup Bats and bats libs - uses: bats-core/bats-action@2.1.1 + uses: bats-core/bats-action@3.0.0 with: bats-version: 1.9.0 support-install: false From b096459a070e27eeef46b4305933297c4a047421 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Mon, 30 Sep 2024 16:25:35 +0200 Subject: [PATCH 0670/1176] vendor: update github.com/cyphar/filepath-securejoin to v0.3.3 This fixes issues we had with spurious MkdirAll failures. Signed-off-by: Aleksa Sarai --- go.mod | 2 +- go.sum | 4 +- .../cyphar/filepath-securejoin/CHANGELOG.md | 15 +- .../cyphar/filepath-securejoin/VERSION | 2 +- .../cyphar/filepath-securejoin/join.go | 16 +-- .../cyphar/filepath-securejoin/mkdir_linux.go | 106 +++++---------- .../cyphar/filepath-securejoin/open_linux.go | 14 +- .../filepath-securejoin/openat2_linux.go | 33 ++--- .../filepath-securejoin/procfs_linux.go | 128 ++++++------------ .../cyphar/filepath-securejoin/vfs.go | 24 ++-- vendor/modules.txt | 4 +- 11 files changed, 128 insertions(+), 220 deletions(-) diff --git a/go.mod b/go.mod index 9c9dc9f237b..478c04dc7cd 100644 --- a/go.mod +++ b/go.mod @@ -12,7 +12,7 @@ require ( github.com/cilium/ebpf v0.16.0 github.com/containerd/console v1.0.4 github.com/coreos/go-systemd/v22 v22.5.0 - github.com/cyphar/filepath-securejoin v0.3.2 + github.com/cyphar/filepath-securejoin v0.3.3 github.com/docker/go-units v0.5.0 github.com/godbus/dbus/v5 v5.1.0 github.com/moby/sys/mountinfo v0.7.1 diff --git a/go.sum b/go.sum index 02393213996..d515898bbfd 100644 --- a/go.sum +++ b/go.sum @@ -9,8 +9,8 @@ github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8 github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w= github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= -github.com/cyphar/filepath-securejoin v0.3.2 h1:QhZu5AxQ+o1XZH0Ye05YzvJ0kAdK6VQc0z9NNMek7gc= -github.com/cyphar/filepath-securejoin v0.3.2/go.mod h1:F7i41x/9cBF7lzCrVsYs9fuzwRZm4NQsGTBdpp6mETc= +github.com/cyphar/filepath-securejoin v0.3.3 h1:lofZkCEVFIBe0KcdQOzFs8Soy9oaHOWl4gGtPI+gCFc= +github.com/cyphar/filepath-securejoin v0.3.3/go.mod h1:8s/MCNJREmFK0H02MF6Ihv1nakJe4L/w3WZLHNkvlYM= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= diff --git a/vendor/github.com/cyphar/filepath-securejoin/CHANGELOG.md b/vendor/github.com/cyphar/filepath-securejoin/CHANGELOG.md index 98172cedda7..23f7bc7f62a 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/CHANGELOG.md +++ b/vendor/github.com/cyphar/filepath-securejoin/CHANGELOG.md @@ -6,6 +6,18 @@ and this project adheres to [Semantic Versioning](http://semver.org/). ## [Unreleased] ## +## [0.3.3] - 2024-09-30 ## + +### Fixed ### +- The mode and owner verification logic in `MkdirAll` has been removed. This + was originally intended to protect against some theoretical attacks but upon + further consideration these protections don't actually buy us anything and + they were causing spurious errors with more complicated filesystem setups. +- The "is the created directory empty" logic in `MkdirAll` has also been + removed. This was not causing us issues yet, but some pseudofilesystems (such + as `cgroup`) create non-empty directories and so this logic would've been + wrong for such cases. + ## [0.3.2] - 2024-09-13 ## ### Changed ### @@ -145,7 +157,8 @@ This is our first release of `github.com/cyphar/filepath-securejoin`, containing a full implementation with a coverage of 93.5% (the only missing cases are the error cases, which are hard to mocktest at the moment). -[Unreleased]: https://github.com/cyphar/filepath-securejoin/compare/v0.3.2...HEAD +[Unreleased]: https://github.com/cyphar/filepath-securejoin/compare/v0.3.3...HEAD +[0.3.3]: https://github.com/cyphar/filepath-securejoin/compare/v0.3.2...v0.3.3 [0.3.2]: https://github.com/cyphar/filepath-securejoin/compare/v0.3.1...v0.3.2 [0.3.1]: https://github.com/cyphar/filepath-securejoin/compare/v0.3.0...v0.3.1 [0.3.0]: https://github.com/cyphar/filepath-securejoin/compare/v0.2.5...v0.3.0 diff --git a/vendor/github.com/cyphar/filepath-securejoin/VERSION b/vendor/github.com/cyphar/filepath-securejoin/VERSION index d15723fbe8d..1c09c74e221 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/VERSION +++ b/vendor/github.com/cyphar/filepath-securejoin/VERSION @@ -1 +1 @@ -0.3.2 +0.3.3 diff --git a/vendor/github.com/cyphar/filepath-securejoin/join.go b/vendor/github.com/cyphar/filepath-securejoin/join.go index bd86a48b0cc..ca4ce1f29a6 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/join.go +++ b/vendor/github.com/cyphar/filepath-securejoin/join.go @@ -22,27 +22,27 @@ const maxSymlinkLimit = 255 // IsNotExist tells you if err is an error that implies that either the path // accessed does not exist (or path components don't exist). This is -// effectively a more broad version of os.IsNotExist. +// effectively a more broad version of [os.IsNotExist]. func IsNotExist(err error) bool { // Check that it's not actually an ENOTDIR, which in some cases is a more // convoluted case of ENOENT (usually involving weird paths). return errors.Is(err, os.ErrNotExist) || errors.Is(err, syscall.ENOTDIR) || errors.Is(err, syscall.ENOENT) } -// SecureJoinVFS joins the two given path components (similar to Join) except +// SecureJoinVFS joins the two given path components (similar to [filepath.Join]) except // that the returned path is guaranteed to be scoped inside the provided root // path (when evaluated). Any symbolic links in the path are evaluated with the // given root treated as the root of the filesystem, similar to a chroot. The -// filesystem state is evaluated through the given VFS interface (if nil, the -// standard os.* family of functions are used). +// filesystem state is evaluated through the given [VFS] interface (if nil, the +// standard [os].* family of functions are used). // // Note that the guarantees provided by this function only apply if the path // components in the returned string are not modified (in other words are not // replaced with symlinks on the filesystem) after this function has returned. -// Such a symlink race is necessarily out-of-scope of SecureJoin. +// Such a symlink race is necessarily out-of-scope of SecureJoinVFS. // // NOTE: Due to the above limitation, Linux users are strongly encouraged to -// use OpenInRoot instead, which does safely protect against these kinds of +// use [OpenInRoot] instead, which does safely protect against these kinds of // attacks. There is no way to solve this problem with SecureJoinVFS because // the API is fundamentally wrong (you cannot return a "safe" path string and // guarantee it won't be modified afterwards). @@ -123,8 +123,8 @@ func SecureJoinVFS(root, unsafePath string, vfs VFS) (string, error) { return filepath.Join(root, finalPath), nil } -// SecureJoin is a wrapper around SecureJoinVFS that just uses the os.* library -// of functions as the VFS. If in doubt, use this function over SecureJoinVFS. +// SecureJoin is a wrapper around [SecureJoinVFS] that just uses the [os].* library +// of functions as the [VFS]. If in doubt, use this function over [SecureJoinVFS]. func SecureJoin(root, unsafePath string) (string, error) { return SecureJoinVFS(root, unsafePath, nil) } diff --git a/vendor/github.com/cyphar/filepath-securejoin/mkdir_linux.go b/vendor/github.com/cyphar/filepath-securejoin/mkdir_linux.go index 49ffdbe02bd..b5f674524c8 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/mkdir_linux.go +++ b/vendor/github.com/cyphar/filepath-securejoin/mkdir_linux.go @@ -9,7 +9,6 @@ package securejoin import ( "errors" "fmt" - "io" "os" "path/filepath" "slices" @@ -23,23 +22,23 @@ var ( errPossibleAttack = errors.New("possible attack detected") ) -// MkdirAllHandle is equivalent to MkdirAll, except that it is safer to use in -// two respects: +// MkdirAllHandle is equivalent to [MkdirAll], except that it is safer to use +// in two respects: // -// - The caller provides the root directory as an *os.File (preferably O_PATH) +// - The caller provides the root directory as an *[os.File] (preferably O_PATH) // handle. This means that the caller can be sure which root directory is // being used. Note that this can be emulated by using /proc/self/fd/... as -// the root path with MkdirAll. +// the root path with [os.MkdirAll]. // -// - Once all of the directories have been created, an *os.File (O_PATH) handle +// - Once all of the directories have been created, an *[os.File] O_PATH handle // to the directory at unsafePath is returned to the caller. This is done in // an effectively-race-free way (an attacker would only be able to swap the // final directory component), which is not possible to emulate with -// MkdirAll. +// [MkdirAll]. // // In addition, the returned handle is obtained far more efficiently than doing -// a brand new lookup of unsafePath (such as with SecureJoin or openat2) after -// doing MkdirAll. If you intend to open the directory after creating it, you +// a brand new lookup of unsafePath (such as with [SecureJoin] or openat2) after +// doing [MkdirAll]. If you intend to open the directory after creating it, you // should use MkdirAllHandle. func MkdirAllHandle(root *os.File, unsafePath string, mode int) (_ *os.File, Err error) { // Make sure there are no os.FileMode bits set. @@ -108,35 +107,6 @@ func MkdirAllHandle(root *os.File, unsafePath string, mode int) (_ *os.File, Err // Make sure the mode doesn't have any type bits. mode &^= unix.S_IFMT - // What properties do we expect any newly created directories to have? - var ( - // While umask(2) is a per-thread property, and thus this value could - // vary between threads, a functioning Go program would LockOSThread - // threads with different umasks and so we don't need to LockOSThread - // for this entire mkdirat loop (if we are in the locked thread with a - // different umask, we are already locked and there's nothing for us to - // do -- and if not then it doesn't matter which thread we run on and - // there's nothing for us to do). - expectedMode = uint32(unix.S_IFDIR | (mode &^ getUmask())) - - // We would want to get the fs[ug]id here, but we can't access those - // from userspace. In practice, nobody uses setfs[ug]id() anymore, so - // just use the effective [ug]id (which is equivalent to the fs[ug]id - // for programs that don't use setfs[ug]id). - expectedUid = uint32(unix.Geteuid()) - expectedGid = uint32(unix.Getegid()) - ) - - // The setgid bit (S_ISGID = 0o2000) is inherited to child directories and - // affects the group of any inodes created in said directory, so if the - // starting directory has it set we need to adjust our expected mode and - // owner to match. - if st, err := fstatFile(currentDir); err != nil { - return nil, fmt.Errorf("failed to stat starting path for mkdir %q: %w", currentDir.Name(), err) - } else if st.Mode&unix.S_ISGID == unix.S_ISGID { - expectedMode |= unix.S_ISGID - expectedGid = st.Gid - } // Create the remaining components. for _, part := range remainingParts { @@ -147,7 +117,7 @@ func MkdirAllHandle(root *os.File, unsafePath string, mode int) (_ *os.File, Err } // NOTE: mkdir(2) will not follow trailing symlinks, so we can safely - // create the finaly component without worrying about symlink-exchange + // create the final component without worrying about symlink-exchange // attacks. if err := unix.Mkdirat(int(currentDir.Fd()), part, uint32(mode)); err != nil { err = &os.PathError{Op: "mkdirat", Path: currentDir.Name() + "/" + part, Err: err} @@ -175,40 +145,30 @@ func MkdirAllHandle(root *os.File, unsafePath string, mode int) (_ *os.File, Err _ = currentDir.Close() currentDir = nextDir - // Make sure that the directory matches what we expect. An attacker - // could have swapped the directory between us making it and opening - // it. There's no way for us to be sure that the directory is - // _precisely_ the same as the directory we created, but if we are in - // an empty directory with the same owner and mode as the one we - // created then there is nothing the attacker could do with this new - // directory that they couldn't do with the old one. - if stat, err := fstat(currentDir); err != nil { - return nil, fmt.Errorf("check newly created directory: %w", err) - } else { - if stat.Mode != expectedMode { - return nil, fmt.Errorf("%w: newly created directory %q has incorrect mode 0o%.3o (expected 0o%.3o)", errPossibleAttack, currentDir.Name(), stat.Mode, expectedMode) - } - if stat.Uid != expectedUid || stat.Gid != expectedGid { - return nil, fmt.Errorf("%w: newly created directory %q has incorrect owner %d:%d (expected %d:%d)", errPossibleAttack, currentDir.Name(), stat.Uid, stat.Gid, expectedUid, expectedGid) - } - // Check that the directory is empty. We only need to check for - // a single entry, and we should get EOF if the directory is - // empty. - _, err := currentDir.Readdirnames(1) - if !errors.Is(err, io.EOF) { - if err == nil { - err = fmt.Errorf("%w: newly created directory %q is non-empty", errPossibleAttack, currentDir.Name()) - } - return nil, fmt.Errorf("check if newly created directory %q is empty: %w", currentDir.Name(), err) - } - // Reset the offset. - _, _ = currentDir.Seek(0, unix.SEEK_SET) - } + // It's possible that the directory we just opened was swapped by an + // attacker. Unfortunately there isn't much we can do to protect + // against this, and MkdirAll's behaviour is that we will reuse + // existing directories anyway so the need to protect against this is + // incredibly limited (and arguably doesn't even deserve mention here). + // + // Ideally we might want to check that the owner and mode match what we + // would've created -- unfortunately, it is non-trivial to verify that + // the owner and mode of the created directory match. While plain Unix + // DAC rules seem simple enough to emulate, there are a bunch of other + // factors that can change the mode or owner of created directories + // (default POSIX ACLs, mount options like uid=1,gid=2,umask=0 on + // filesystems like vfat, etc etc). We used to try to verify this but + // it just lead to a series of spurious errors. + // + // We could also check that the directory is non-empty, but + // unfortunately some pseduofilesystems (like cgroupfs) create + // non-empty directories, which would result in different spurious + // errors. } return currentDir, nil } -// MkdirAll is a race-safe alternative to the Go stdlib's os.MkdirAll function, +// MkdirAll is a race-safe alternative to the [os.MkdirAll] function, // where the new directory is guaranteed to be within the root directory (if an // attacker can move directories from inside the root to outside the root, the // created directory tree might be outside of the root but the key constraint @@ -221,16 +181,16 @@ func MkdirAllHandle(root *os.File, unsafePath string, mode int) (_ *os.File, Err // err := os.MkdirAll(path, mode) // // But is much safer. The above implementation is unsafe because if an attacker -// can modify the filesystem tree between SecureJoin and MkdirAll, it is +// can modify the filesystem tree between [SecureJoin] and [os.MkdirAll], it is // possible for MkdirAll to resolve unsafe symlink components and create // directories outside of the root. // // If you plan to open the directory after you have created it or want to use -// an open directory handle as the root, you should use MkdirAllHandle instead. -// This function is a wrapper around MkdirAllHandle. +// an open directory handle as the root, you should use [MkdirAllHandle] instead. +// This function is a wrapper around [MkdirAllHandle]. // // NOTE: The mode argument must be set the unix mode bits (unix.S_I...), not -// the Go generic mode bits (os.Mode...). +// the Go generic mode bits ([os.FileMode]...). func MkdirAll(root, unsafePath string, mode int) error { rootDir, err := os.OpenFile(root, unix.O_PATH|unix.O_DIRECTORY|unix.O_CLOEXEC, 0) if err != nil { diff --git a/vendor/github.com/cyphar/filepath-securejoin/open_linux.go b/vendor/github.com/cyphar/filepath-securejoin/open_linux.go index 52dce76f3f4..230be73f0eb 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/open_linux.go +++ b/vendor/github.com/cyphar/filepath-securejoin/open_linux.go @@ -14,8 +14,8 @@ import ( "golang.org/x/sys/unix" ) -// OpenatInRoot is equivalent to OpenInRoot, except that the root is provided -// using an *os.File handle, to ensure that the correct root directory is used. +// OpenatInRoot is equivalent to [OpenInRoot], except that the root is provided +// using an *[os.File] handle, to ensure that the correct root directory is used. func OpenatInRoot(root *os.File, unsafePath string) (*os.File, error) { handle, err := completeLookupInRoot(root, unsafePath) if err != nil { @@ -31,7 +31,7 @@ func OpenatInRoot(root *os.File, unsafePath string) (*os.File, error) { // handle, err := os.OpenFile(path, unix.O_PATH|unix.O_CLOEXEC) // // But is much safer. The above implementation is unsafe because if an attacker -// can modify the filesystem tree between SecureJoin and OpenFile, it is +// can modify the filesystem tree between [SecureJoin] and [os.OpenFile], it is // possible for the returned file to be outside of the root. // // Note that the returned handle is an O_PATH handle, meaning that only a very @@ -39,7 +39,7 @@ func OpenatInRoot(root *os.File, unsafePath string) (*os.File, error) { // accidentally opening an untrusted file that could cause issues (such as a // disconnected TTY that could cause a DoS, or some other issue). In order to // use the returned handle, you can "upgrade" it to a proper handle using -// Reopen. +// [Reopen]. func OpenInRoot(root, unsafePath string) (*os.File, error) { rootDir, err := os.OpenFile(root, unix.O_PATH|unix.O_DIRECTORY|unix.O_CLOEXEC, 0) if err != nil { @@ -49,7 +49,7 @@ func OpenInRoot(root, unsafePath string) (*os.File, error) { return OpenatInRoot(rootDir, unsafePath) } -// Reopen takes an *os.File handle and re-opens it through /proc/self/fd. +// Reopen takes an *[os.File] handle and re-opens it through /proc/self/fd. // Reopen(file, flags) is effectively equivalent to // // fdPath := fmt.Sprintf("/proc/self/fd/%d", file.Fd()) @@ -59,7 +59,9 @@ func OpenInRoot(root, unsafePath string) (*os.File, error) { // maliciously-configured /proc mount. While this attack scenario is not // common, in container runtimes it is possible for higher-level runtimes to be // tricked into configuring an unsafe /proc that can be used to attack file -// operations. See CVE-2019-19921 for more details. +// operations. See [CVE-2019-19921] for more details. +// +// [CVE-2019-19921]: https://github.com/advisories/GHSA-fh74-hm69-rqjw func Reopen(handle *os.File, flags int) (*os.File, error) { procRoot, err := getProcRoot() if err != nil { diff --git a/vendor/github.com/cyphar/filepath-securejoin/openat2_linux.go b/vendor/github.com/cyphar/filepath-securejoin/openat2_linux.go index 921b3e1d449..ae3b381efe6 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/openat2_linux.go +++ b/vendor/github.com/cyphar/filepath-securejoin/openat2_linux.go @@ -13,34 +13,21 @@ import ( "path/filepath" "strings" "sync" - "testing" "golang.org/x/sys/unix" ) -var ( - hasOpenat2Bool bool - hasOpenat2Once sync.Once - - testingForceHasOpenat2 *bool -) - -func hasOpenat2() bool { - if testing.Testing() && testingForceHasOpenat2 != nil { - return *testingForceHasOpenat2 - } - hasOpenat2Once.Do(func() { - fd, err := unix.Openat2(unix.AT_FDCWD, ".", &unix.OpenHow{ - Flags: unix.O_PATH | unix.O_CLOEXEC, - Resolve: unix.RESOLVE_NO_SYMLINKS | unix.RESOLVE_IN_ROOT, - }) - if err == nil { - hasOpenat2Bool = true - _ = unix.Close(fd) - } +var hasOpenat2 = sync.OnceValue(func() bool { + fd, err := unix.Openat2(unix.AT_FDCWD, ".", &unix.OpenHow{ + Flags: unix.O_PATH | unix.O_CLOEXEC, + Resolve: unix.RESOLVE_NO_SYMLINKS | unix.RESOLVE_IN_ROOT, }) - return hasOpenat2Bool -} + if err != nil { + return false + } + _ = unix.Close(fd) + return true +}) func scopedLookupShouldRetry(how *unix.OpenHow, err error) bool { // RESOLVE_IN_ROOT (and RESOLVE_BENEATH) can return -EAGAIN if we resolve diff --git a/vendor/github.com/cyphar/filepath-securejoin/procfs_linux.go b/vendor/github.com/cyphar/filepath-securejoin/procfs_linux.go index adf0bd08f3b..fa7929a5298 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/procfs_linux.go +++ b/vendor/github.com/cyphar/filepath-securejoin/procfs_linux.go @@ -54,33 +54,26 @@ func verifyProcRoot(procRoot *os.File) error { return nil } -var ( - hasNewMountApiBool bool - hasNewMountApiOnce sync.Once -) - -func hasNewMountApi() bool { - hasNewMountApiOnce.Do(func() { - // All of the pieces of the new mount API we use (fsopen, fsconfig, - // fsmount, open_tree) were added together in Linux 5.1[1,2], so we can - // just check for one of the syscalls and the others should also be - // available. - // - // Just try to use open_tree(2) to open a file without OPEN_TREE_CLONE. - // This is equivalent to openat(2), but tells us if open_tree is - // available (and thus all of the other basic new mount API syscalls). - // open_tree(2) is most light-weight syscall to test here. - // - // [1]: merge commit 400913252d09 - // [2]: - fd, err := unix.OpenTree(-int(unix.EBADF), "/", unix.OPEN_TREE_CLOEXEC) - if err == nil { - hasNewMountApiBool = true - _ = unix.Close(fd) - } - }) - return hasNewMountApiBool -} +var hasNewMountApi = sync.OnceValue(func() bool { + // All of the pieces of the new mount API we use (fsopen, fsconfig, + // fsmount, open_tree) were added together in Linux 5.1[1,2], so we can + // just check for one of the syscalls and the others should also be + // available. + // + // Just try to use open_tree(2) to open a file without OPEN_TREE_CLONE. + // This is equivalent to openat(2), but tells us if open_tree is + // available (and thus all of the other basic new mount API syscalls). + // open_tree(2) is most light-weight syscall to test here. + // + // [1]: merge commit 400913252d09 + // [2]: + fd, err := unix.OpenTree(-int(unix.EBADF), "/", unix.OPEN_TREE_CLOEXEC) + if err != nil { + return false + } + _ = unix.Close(fd) + return true +}) func fsopen(fsName string, flags int) (*os.File, error) { // Make sure we always set O_CLOEXEC. @@ -172,14 +165,6 @@ func privateProcRoot() (*os.File, error) { return procRoot, err } -var ( - procRootHandle *os.File - procRootError error - procRootOnce sync.Once - - errUnsafeProcfs = errors.New("unsafe procfs detected") -) - func unsafeHostProcRoot() (_ *os.File, Err error) { procRoot, err := os.OpenFile("/proc", unix.O_PATH|unix.O_NOFOLLOW|unix.O_DIRECTORY|unix.O_CLOEXEC, 0) if err != nil { @@ -207,17 +192,15 @@ func doGetProcRoot() (*os.File, error) { return procRoot, err } -func getProcRoot() (*os.File, error) { - procRootOnce.Do(func() { - procRootHandle, procRootError = doGetProcRoot() - }) - return procRootHandle, procRootError -} +var getProcRoot = sync.OnceValues(func() (*os.File, error) { + return doGetProcRoot() +}) -var ( - haveProcThreadSelf bool - haveProcThreadSelfOnce sync.Once -) +var hasProcThreadSelf = sync.OnceValue(func() bool { + return unix.Access("/proc/thread-self/", unix.F_OK) == nil +}) + +var errUnsafeProcfs = errors.New("unsafe procfs detected") type procThreadSelfCloser func() @@ -230,13 +213,6 @@ type procThreadSelfCloser func() // This is similar to ProcThreadSelf from runc, but with extra hardening // applied and using *os.File. func procThreadSelf(procRoot *os.File, subpath string) (_ *os.File, _ procThreadSelfCloser, Err error) { - haveProcThreadSelfOnce.Do(func() { - // If the kernel doesn't support thread-self, it doesn't matter which - // /proc handle we use. - _, err := fstatatFile(procRoot, "thread-self", unix.AT_SYMLINK_NOFOLLOW) - haveProcThreadSelf = (err == nil) - }) - // We need to lock our thread until the caller is done with the handle // because between getting the handle and using it we could get interrupted // by the Go runtime and hit the case where the underlying thread is @@ -251,7 +227,7 @@ func procThreadSelf(procRoot *os.File, subpath string) (_ *os.File, _ procThread // Figure out what prefix we want to use. threadSelf := "thread-self/" - if !haveProcThreadSelf || testingForceProcSelfTask() { + if !hasProcThreadSelf() || testingForceProcSelfTask() { /// Pre-3.17 kernels don't have /proc/thread-self, so do it manually. threadSelf = "self/task/" + strconv.Itoa(unix.Gettid()) + "/" if _, err := fstatatFile(procRoot, threadSelf, unix.AT_SYMLINK_NOFOLLOW); err != nil || testingForceProcSelf() { @@ -275,7 +251,7 @@ func procThreadSelf(procRoot *os.File, subpath string) (_ *os.File, _ procThread // absolutely sure we are operating on a clean /proc handle that // doesn't have any cheeky overmounts that could trick us (including // symlink mounts on top of /proc/thread-self). RESOLVE_BENEATH isn't - // stricly needed, but just use it since we have it. + // strictly needed, but just use it since we have it. // // NOTE: /proc/self is technically a magic-link (the contents of the // symlink are generated dynamically), but it doesn't use @@ -313,24 +289,16 @@ func procThreadSelf(procRoot *os.File, subpath string) (_ *os.File, _ procThread return handle, runtime.UnlockOSThread, nil } -var ( - hasStatxMountIdBool bool - hasStatxMountIdOnce sync.Once -) - -func hasStatxMountId() bool { - hasStatxMountIdOnce.Do(func() { - var ( - stx unix.Statx_t - // We don't care which mount ID we get. The kernel will give us the - // unique one if it is supported. - wantStxMask uint32 = unix.STATX_MNT_ID_UNIQUE | unix.STATX_MNT_ID - ) - err := unix.Statx(-int(unix.EBADF), "/", 0, int(wantStxMask), &stx) - hasStatxMountIdBool = (err == nil && (stx.Mask&wantStxMask != 0)) - }) - return hasStatxMountIdBool -} +var hasStatxMountId = sync.OnceValue(func() bool { + var ( + stx unix.Statx_t + // We don't care which mount ID we get. The kernel will give us the + // unique one if it is supported. + wantStxMask uint32 = unix.STATX_MNT_ID_UNIQUE | unix.STATX_MNT_ID + ) + err := unix.Statx(-int(unix.EBADF), "/", 0, int(wantStxMask), &stx) + return err == nil && stx.Mask&wantStxMask != 0 +}) func getMountId(dir *os.File, path string) (uint64, error) { // If we don't have statx(STATX_MNT_ID*) support, we can't do anything. @@ -443,22 +411,6 @@ func isDeadInode(file *os.File) error { return nil } -func getUmask() int { - // umask is a per-thread property, but it is inherited by children, so we - // need to lock our OS thread to make sure that no other goroutine runs in - // this thread and no goroutines are spawned from this thread until we - // revert to the old umask. - // - // We could parse /proc/self/status to avoid this get-set problem, but - // /proc/thread-self requires LockOSThread anyway, so there's no real - // benefit over just using umask(2). - runtime.LockOSThread() - umask := unix.Umask(0) - unix.Umask(umask) - runtime.UnlockOSThread() - return umask -} - func checkProcSelfFdPath(path string, file *os.File) error { if err := isDeadInode(file); err != nil { return err diff --git a/vendor/github.com/cyphar/filepath-securejoin/vfs.go b/vendor/github.com/cyphar/filepath-securejoin/vfs.go index 6e27c7dd8e1..36373f8c517 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/vfs.go +++ b/vendor/github.com/cyphar/filepath-securejoin/vfs.go @@ -10,19 +10,19 @@ import "os" // are several projects (umoci and go-mtree) that are using this sort of // interface. -// VFS is the minimal interface necessary to use SecureJoinVFS. A nil VFS is -// equivalent to using the standard os.* family of functions. This is mainly +// VFS is the minimal interface necessary to use [SecureJoinVFS]. A nil VFS is +// equivalent to using the standard [os].* family of functions. This is mainly // used for the purposes of mock testing, but also can be used to otherwise use -// SecureJoin with VFS-like system. +// [SecureJoinVFS] with VFS-like system. type VFS interface { - // Lstat returns a FileInfo describing the named file. If the file is a - // symbolic link, the returned FileInfo describes the symbolic link. Lstat - // makes no attempt to follow the link. These semantics are identical to - // os.Lstat. + // Lstat returns an [os.FileInfo] describing the named file. If the + // file is a symbolic link, the returned [os.FileInfo] describes the + // symbolic link. Lstat makes no attempt to follow the link. + // The semantics are identical to [os.Lstat]. Lstat(name string) (os.FileInfo, error) - // Readlink returns the destination of the named symbolic link. These - // semantics are identical to os.Readlink. + // Readlink returns the destination of the named symbolic link. + // The semantics are identical to [os.Readlink]. Readlink(name string) (string, error) } @@ -30,12 +30,6 @@ type VFS interface { // module. type osVFS struct{} -// Lstat returns a FileInfo describing the named file. If the file is a -// symbolic link, the returned FileInfo describes the symbolic link. Lstat -// makes no attempt to follow the link. These semantics are identical to -// os.Lstat. func (o osVFS) Lstat(name string) (os.FileInfo, error) { return os.Lstat(name) } -// Readlink returns the destination of the named symbolic link. These -// semantics are identical to os.Readlink. func (o osVFS) Readlink(name string) (string, error) { return os.Readlink(name) } diff --git a/vendor/modules.txt b/vendor/modules.txt index 95fd1d36bbf..bd1228e32a3 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -25,8 +25,8 @@ github.com/coreos/go-systemd/v22/dbus # github.com/cpuguy83/go-md2man/v2 v2.0.2 ## explicit; go 1.11 github.com/cpuguy83/go-md2man/v2/md2man -# github.com/cyphar/filepath-securejoin v0.3.2 -## explicit; go 1.20 +# github.com/cyphar/filepath-securejoin v0.3.3 +## explicit; go 1.21 github.com/cyphar/filepath-securejoin # github.com/docker/go-units v0.5.0 ## explicit From 13a6f56097e9d6be75b15ddd33749dc92d1bc88c Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 26 Sep 2024 16:42:59 -0700 Subject: [PATCH 0671/1176] runc run: fix mount leak When preparing to mount container root, we need to make its parent mount private (i.e. disable propagation), otherwise the new in-container mounts are leaked to the host. To find a parent mount, we use to read mountinfo and find the longest entry which can be a parent of the container root directory. Unfortunately, due to kernel bug in all Linux kernels older than v5.8 (see [1], [2]), sometimes mountinfo can't be read in its entirety. In this case, getParentMount may occasionally return a wrong parent mount. As a result, we do not change the mount propagation to private, and container mounts are leaked. Alas, we can not fix the kernel, and reading mountinfo a few times to ensure its consistency (like it's done in, say, Kubernetes) does not look like a good solution for performance reasons. Fortunately, we don't need mountinfo. Let's just traverse the directory tree, trying to remount it private until we find a mount point (any error other than EINVAL means we just found it). Fixes issue 2404. [1]: https://github.com/kolyshkin/procfs-test [2]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9f6c61f96f2d97cbb5f Signed-off-by: Kir Kolyshkin --- libcontainer/rootfs_linux.go | 68 ++++++++++++------------------------ 1 file changed, 22 insertions(+), 46 deletions(-) diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index f5112398cb2..18fa54dd315 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -982,54 +982,33 @@ func mknodDevice(dest string, node *devices.Device) error { return os.Chown(dest, int(node.Uid), int(node.Gid)) } -// Get the parent mount point of directory passed in as argument. Also return -// optional fields. -func getParentMount(rootfs string) (string, string, error) { - mi, err := mountinfo.GetMounts(mountinfo.ParentsFilter(rootfs)) - if err != nil { - return "", "", err - } - if len(mi) < 1 { - return "", "", fmt.Errorf("could not find parent mount of %s", rootfs) - } - - // find the longest mount point - var idx, maxlen int - for i := range mi { - if len(mi[i].Mountpoint) > maxlen { - maxlen = len(mi[i].Mountpoint) - idx = i +// rootfsParentMountPrivate ensures rootfs parent mount is private. +// This is needed for two reasons: +// - pivot_root() will fail if parent mount is shared; +// - when we bind mount rootfs, if its parent is not private, the new mount +// will propagate (leak!) to parent namespace and we don't want that. +func rootfsParentMountPrivate(path string) error { + var err error + // Assuming path is absolute and clean (this is checked in + // libcontainer/validate). Any error other than EINVAL means we failed, + // and EINVAL means this is not a mount point, so traverse up until we + // find one. + for { + err = unix.Mount("", path, "", unix.MS_PRIVATE, "") + if err == nil { + return nil } - } - return mi[idx].Mountpoint, mi[idx].Optional, nil -} - -// Make parent mount private if it was shared -func rootfsParentMountPrivate(rootfs string) error { - sharedMount := false - - parentMount, optionalOpts, err := getParentMount(rootfs) - if err != nil { - return err - } - - optsSplit := strings.Split(optionalOpts, " ") - for _, opt := range optsSplit { - if strings.HasPrefix(opt, "shared:") { - sharedMount = true + if err != unix.EINVAL || path == "/" { //nolint:errorlint // unix errors are bare break } + path = filepath.Dir(path) } - - // Make parent mount PRIVATE if it was shared. It is needed for two - // reasons. First of all pivot_root() will fail if parent mount is - // shared. Secondly when we bind mount rootfs it will propagate to - // parent namespace and we don't want that to happen. - if sharedMount { - return mount("", parentMount, "", unix.MS_PRIVATE, "") + return &mountError{ + op: "remount-private", + target: path, + flags: unix.MS_PRIVATE, + err: err, } - - return nil } func prepareRoot(config *configs.Config) error { @@ -1041,9 +1020,6 @@ func prepareRoot(config *configs.Config) error { return err } - // Make parent mount private to make sure following bind mount does - // not propagate in other namespaces. Also it will help with kernel - // check pass in pivot_root. (IS_SHARED(new_mnt->mnt_parent)) if err := rootfsParentMountPrivate(config.Rootfs); err != nil { return err } From 9e5545876e1fa37417e0875c0cc61bd6bc126976 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 8 Oct 2024 13:18:55 -0700 Subject: [PATCH 0672/1176] memfd-bind: fixup systemd unit file and README MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The example of starting memfd-bind via systemd in README did not work for me (Fedora 40, systemd 255): # systemctl status memfd-bind@/usr/bin/runc Invalid unit name "memfd-bind@/usr/bin/runc" escaped as "memfd-bind@-usr-bin-runc" (maybe you should use systemd-escape?). â—‹ memfd-bind@-usr-bin-runc.service Loaded: bad-setting (Reason: Unit memfd-bind@-usr-bin-runc.service has a bad unit file setting.) Active: inactive (dead) Docs: https://github.com/opencontainers/runc So, let's use systemd-escape -p ("path") in the README example, and use %f in the systemd unit file to prepend the slash to the filename. Signed-off-by: Kir Kolyshkin --- contrib/cmd/memfd-bind/README.md | 2 +- contrib/cmd/memfd-bind/memfd-bind@.service | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/contrib/cmd/memfd-bind/README.md b/contrib/cmd/memfd-bind/README.md index 8123c897006..c4887fa7f0e 100644 --- a/contrib/cmd/memfd-bind/README.md +++ b/contrib/cmd/memfd-bind/README.md @@ -25,7 +25,7 @@ The provided `memfd-bind@.service` file can be used to get systemd to manage this daemon. You can supply the path like so: ``` -% systemctl start memfd-bind@/usr/bin/runc +% systemctl start memfd-bind@$(systemd-escape -p /usr/bin/runc) ``` Thus, there are three ways of protecting against CVE-2019-5736, in order of how diff --git a/contrib/cmd/memfd-bind/memfd-bind@.service b/contrib/cmd/memfd-bind/memfd-bind@.service index 591548ea4d9..796d05cb445 100644 --- a/contrib/cmd/memfd-bind/memfd-bind@.service +++ b/contrib/cmd/memfd-bind/memfd-bind@.service @@ -1,11 +1,11 @@ [Unit] -Description=Manage memfd-bind of %I +Description=Manage memfd-bind of %f Documentation=https://github.com/opencontainers/runc [Service] Type=simple -ExecStart=memfd-bind "%I" -ExecStop=memfd-bind --cleanup "%I" +ExecStart=memfd-bind "%f" +ExecStop=memfd-bind --cleanup "%f" [Install] WantedBy=multi-user.target From 4fdd56169d9a44f037c801810ac355db4c6d442b Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 8 Oct 2024 13:30:59 -0700 Subject: [PATCH 0673/1176] memfd-bind: more specific doc URL Let's point to the relevant README directly in the systemd unit file, as it is hard to find in the whole nine yards of the runc repo. Signed-off-by: Kir Kolyshkin --- contrib/cmd/memfd-bind/memfd-bind@.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/cmd/memfd-bind/memfd-bind@.service b/contrib/cmd/memfd-bind/memfd-bind@.service index 796d05cb445..89086902651 100644 --- a/contrib/cmd/memfd-bind/memfd-bind@.service +++ b/contrib/cmd/memfd-bind/memfd-bind@.service @@ -1,6 +1,6 @@ [Unit] Description=Manage memfd-bind of %f -Documentation=https://github.com/opencontainers/runc +Documentation=https://github.com/opencontainers/runc/blob/main/contrib/cmd/memfd-bind/README.md [Service] Type=simple From 1623cde125fe1237f847e2f699403ff23feb88c0 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Wed, 9 Oct 2024 15:13:08 +1100 Subject: [PATCH 0674/1176] go: update github.com/cyphar/filepath-securejoin to v0.3.4 This includes a fix to avoid doing import "testing" in non-_test.go code. Signed-off-by: Aleksa Sarai --- go.mod | 2 +- go.sum | 4 +- .../cyphar/filepath-securejoin/CHANGELOG.md | 10 ++- .../cyphar/filepath-securejoin/README.md | 3 +- .../cyphar/filepath-securejoin/VERSION | 2 +- .../cyphar/filepath-securejoin/doc.go | 39 +++++++++++ .../cyphar/filepath-securejoin/join.go | 5 -- .../filepath-securejoin/openat_linux.go | 4 -- .../filepath-securejoin/procfs_linux.go | 24 +++++-- .../testing_mocks_linux.go | 68 ------------------- vendor/modules.txt | 2 +- 11 files changed, 74 insertions(+), 89 deletions(-) create mode 100644 vendor/github.com/cyphar/filepath-securejoin/doc.go delete mode 100644 vendor/github.com/cyphar/filepath-securejoin/testing_mocks_linux.go diff --git a/go.mod b/go.mod index 478c04dc7cd..3e548bdb54e 100644 --- a/go.mod +++ b/go.mod @@ -12,7 +12,7 @@ require ( github.com/cilium/ebpf v0.16.0 github.com/containerd/console v1.0.4 github.com/coreos/go-systemd/v22 v22.5.0 - github.com/cyphar/filepath-securejoin v0.3.3 + github.com/cyphar/filepath-securejoin v0.3.4 github.com/docker/go-units v0.5.0 github.com/godbus/dbus/v5 v5.1.0 github.com/moby/sys/mountinfo v0.7.1 diff --git a/go.sum b/go.sum index d515898bbfd..0f11aa5b9c0 100644 --- a/go.sum +++ b/go.sum @@ -9,8 +9,8 @@ github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8 github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w= github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= -github.com/cyphar/filepath-securejoin v0.3.3 h1:lofZkCEVFIBe0KcdQOzFs8Soy9oaHOWl4gGtPI+gCFc= -github.com/cyphar/filepath-securejoin v0.3.3/go.mod h1:8s/MCNJREmFK0H02MF6Ihv1nakJe4L/w3WZLHNkvlYM= +github.com/cyphar/filepath-securejoin v0.3.4 h1:VBWugsJh2ZxJmLFSM06/0qzQyiQX2Qs0ViKrUAcqdZ8= +github.com/cyphar/filepath-securejoin v0.3.4/go.mod h1:8s/MCNJREmFK0H02MF6Ihv1nakJe4L/w3WZLHNkvlYM= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= diff --git a/vendor/github.com/cyphar/filepath-securejoin/CHANGELOG.md b/vendor/github.com/cyphar/filepath-securejoin/CHANGELOG.md index 23f7bc7f62a..04b5685ab4f 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/CHANGELOG.md +++ b/vendor/github.com/cyphar/filepath-securejoin/CHANGELOG.md @@ -6,6 +6,13 @@ and this project adheres to [Semantic Versioning](http://semver.org/). ## [Unreleased] ## +## [0.3.4] - 2024-10-09 ## + +### Fixed ### +- Previously, some testing mocks we had resulted in us doing `import "testing"` + in non-`_test.go` code, which made some downstreams like Kubernetes unhappy. + This has been fixed. (#32) + ## [0.3.3] - 2024-09-30 ## ### Fixed ### @@ -157,7 +164,8 @@ This is our first release of `github.com/cyphar/filepath-securejoin`, containing a full implementation with a coverage of 93.5% (the only missing cases are the error cases, which are hard to mocktest at the moment). -[Unreleased]: https://github.com/cyphar/filepath-securejoin/compare/v0.3.3...HEAD +[Unreleased]: https://github.com/cyphar/filepath-securejoin/compare/v0.3.4...HEAD +[0.3.3]: https://github.com/cyphar/filepath-securejoin/compare/v0.3.3...v0.3.4 [0.3.3]: https://github.com/cyphar/filepath-securejoin/compare/v0.3.2...v0.3.3 [0.3.2]: https://github.com/cyphar/filepath-securejoin/compare/v0.3.1...v0.3.2 [0.3.1]: https://github.com/cyphar/filepath-securejoin/compare/v0.3.0...v0.3.1 diff --git a/vendor/github.com/cyphar/filepath-securejoin/README.md b/vendor/github.com/cyphar/filepath-securejoin/README.md index 253956f8657..eaeb53fcd0a 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/README.md +++ b/vendor/github.com/cyphar/filepath-securejoin/README.md @@ -1,5 +1,6 @@ ## `filepath-securejoin` ## +[![Go Documentation](https://pkg.go.dev/badge/github.com/cyphar/filepath-securejoin.svg)](https://pkg.go.dev/github.com/cyphar/filepath-securejoin) [![Build Status](https://github.com/cyphar/filepath-securejoin/actions/workflows/ci.yml/badge.svg)](https://github.com/cyphar/filepath-securejoin/actions/workflows/ci.yml) ### Old API ### @@ -85,7 +86,7 @@ more secure. In particular: or avoid being tricked by a `/proc` that is not legitimate. This is done using [`openat2`][openat2.2] for all users, and privileged users will also be further protected by using [`fsopen`][fsopen.2] and [`open_tree`][open_tree.2] - (Linux 4.18 or later). + (Linux 5.2 or later). [openat2.2]: https://www.man7.org/linux/man-pages/man2/openat2.2.html [fsopen.2]: https://github.com/brauner/man-pages-md/blob/main/fsopen.md diff --git a/vendor/github.com/cyphar/filepath-securejoin/VERSION b/vendor/github.com/cyphar/filepath-securejoin/VERSION index 1c09c74e221..42045acae20 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/VERSION +++ b/vendor/github.com/cyphar/filepath-securejoin/VERSION @@ -1 +1 @@ -0.3.3 +0.3.4 diff --git a/vendor/github.com/cyphar/filepath-securejoin/doc.go b/vendor/github.com/cyphar/filepath-securejoin/doc.go new file mode 100644 index 00000000000..1ec7d065ef4 --- /dev/null +++ b/vendor/github.com/cyphar/filepath-securejoin/doc.go @@ -0,0 +1,39 @@ +// Copyright (C) 2014-2015 Docker Inc & Go Authors. All rights reserved. +// Copyright (C) 2017-2024 SUSE LLC. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Package securejoin implements a set of helpers to make it easier to write Go +// code that is safe against symlink-related escape attacks. The primary idea +// is to let you resolve a path within a rootfs directory as if the rootfs was +// a chroot. +// +// securejoin has two APIs, a "legacy" API and a "modern" API. +// +// The legacy API is [SecureJoin] and [SecureJoinVFS]. These methods are +// **not** safe against race conditions where an attacker changes the +// filesystem after (or during) the [SecureJoin] operation. +// +// The new API is made up of [OpenInRoot] and [MkdirAll] (and derived +// functions). These are safe against racing attackers and have several other +// protections that are not provided by the legacy API. There are many more +// operations that most programs expect to be able to do safely, but we do not +// provide explicit support for them because we want to encourage users to +// switch to [libpathrs](https://github.com/openSUSE/libpathrs) which is a +// cross-language next-generation library that is entirely designed around +// operating on paths safely. +// +// securejoin has been used by several container runtimes (Docker, runc, +// Kubernetes, etc) for quite a few years as a de-facto standard for operating +// on container filesystem paths "safely". However, most users still use the +// legacy API which is unsafe against various attacks (there is a fairly long +// history of CVEs in dependent as a result). Users should switch to the modern +// API as soon as possible (or even better, switch to libpathrs). +// +// This project was initially intended to be included in the Go standard +// library, but [it was rejected](https://go.dev/issue/20126). There is now a +// [new Go proposal](https://go.dev/issue/67002) for a safe path resolution API +// that shares some of the goals of filepath-securejoin. However, that design +// is intended to work like `openat2(RESOLVE_BENEATH)` which does not fit the +// usecase of container runtimes and most system tools. +package securejoin diff --git a/vendor/github.com/cyphar/filepath-securejoin/join.go b/vendor/github.com/cyphar/filepath-securejoin/join.go index ca4ce1f29a6..e0ee3f2b57a 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/join.go +++ b/vendor/github.com/cyphar/filepath-securejoin/join.go @@ -3,11 +3,6 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -// Package securejoin is an implementation of the hopefully-soon-to-be-included -// SecureJoin helper that is meant to be part of the "path/filepath" package. -// The purpose of this project is to provide a PoC implementation to make the -// SecureJoin proposal (https://github.com/golang/go/issues/20126) more -// tangible. package securejoin import ( diff --git a/vendor/github.com/cyphar/filepath-securejoin/openat_linux.go b/vendor/github.com/cyphar/filepath-securejoin/openat_linux.go index ac083f218fe..949fb5f2d82 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/openat_linux.go +++ b/vendor/github.com/cyphar/filepath-securejoin/openat_linux.go @@ -42,10 +42,6 @@ func fstatatFile(dir *os.File, path string, flags int) (unix.Stat_t, error) { return stat, nil } -func fstatFile(fd *os.File) (unix.Stat_t, error) { - return fstatatFile(fd, "", unix.AT_EMPTY_PATH) -} - func readlinkatFile(dir *os.File, path string) (string, error) { size := 4096 for { diff --git a/vendor/github.com/cyphar/filepath-securejoin/procfs_linux.go b/vendor/github.com/cyphar/filepath-securejoin/procfs_linux.go index fa7929a5298..8cc827d7046 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/procfs_linux.go +++ b/vendor/github.com/cyphar/filepath-securejoin/procfs_linux.go @@ -134,7 +134,7 @@ func clonePrivateProcMount() (_ *os.File, Err error) { // we can be sure there are no over-mounts and so if the root is valid then // we're golden. Otherwise, we have to deal with over-mounts. procfsHandle, err := openTree(nil, "/proc", unix.OPEN_TREE_CLONE) - if err != nil || testingForcePrivateProcRootOpenTreeAtRecursive(procfsHandle) { + if err != nil || hookForcePrivateProcRootOpenTreeAtRecursive(procfsHandle) { procfsHandle, err = openTree(nil, "/proc", unix.OPEN_TREE_CLONE|unix.AT_RECURSIVE) } if err != nil { @@ -152,13 +152,13 @@ func clonePrivateProcMount() (_ *os.File, Err error) { } func privateProcRoot() (*os.File, error) { - if !hasNewMountApi() || testingForceGetProcRootUnsafe() { + if !hasNewMountApi() || hookForceGetProcRootUnsafe() { return nil, fmt.Errorf("new mount api: %w", unix.ENOTSUP) } // Try to create a new procfs mount from scratch if we can. This ensures we // can get a procfs mount even if /proc is fake (for whatever reason). procRoot, err := newPrivateProcMount() - if err != nil || testingForcePrivateProcRootOpenTree(procRoot) { + if err != nil || hookForcePrivateProcRootOpenTree(procRoot) { // Try to clone /proc then... procRoot, err = clonePrivateProcMount() } @@ -227,10 +227,10 @@ func procThreadSelf(procRoot *os.File, subpath string) (_ *os.File, _ procThread // Figure out what prefix we want to use. threadSelf := "thread-self/" - if !hasProcThreadSelf() || testingForceProcSelfTask() { + if !hasProcThreadSelf() || hookForceProcSelfTask() { /// Pre-3.17 kernels don't have /proc/thread-self, so do it manually. threadSelf = "self/task/" + strconv.Itoa(unix.Gettid()) + "/" - if _, err := fstatatFile(procRoot, threadSelf, unix.AT_SYMLINK_NOFOLLOW); err != nil || testingForceProcSelf() { + if _, err := fstatatFile(procRoot, threadSelf, unix.AT_SYMLINK_NOFOLLOW); err != nil || hookForceProcSelf() { // In this case, we running in a pid namespace that doesn't match // the /proc mount we have. This can happen inside runc. // @@ -424,3 +424,17 @@ func checkProcSelfFdPath(path string, file *os.File) error { } return nil } + +// Test hooks used in the procfs tests to verify that the fallback logic works. +// See testing_mocks_linux_test.go and procfs_linux_test.go for more details. +var ( + hookForcePrivateProcRootOpenTree = hookDummyFile + hookForcePrivateProcRootOpenTreeAtRecursive = hookDummyFile + hookForceGetProcRootUnsafe = hookDummy + + hookForceProcSelfTask = hookDummy + hookForceProcSelf = hookDummy +) + +func hookDummy() bool { return false } +func hookDummyFile(_ *os.File) bool { return false } diff --git a/vendor/github.com/cyphar/filepath-securejoin/testing_mocks_linux.go b/vendor/github.com/cyphar/filepath-securejoin/testing_mocks_linux.go deleted file mode 100644 index a3aedf03d1b..00000000000 --- a/vendor/github.com/cyphar/filepath-securejoin/testing_mocks_linux.go +++ /dev/null @@ -1,68 +0,0 @@ -//go:build linux - -// Copyright (C) 2024 SUSE LLC. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package securejoin - -import ( - "os" - "testing" -) - -type forceGetProcRootLevel int - -const ( - forceGetProcRootDefault forceGetProcRootLevel = iota - forceGetProcRootOpenTree // force open_tree() - forceGetProcRootOpenTreeAtRecursive // force open_tree(AT_RECURSIVE) - forceGetProcRootUnsafe // force open() -) - -var testingForceGetProcRoot *forceGetProcRootLevel - -func testingCheckClose(check bool, f *os.File) bool { - if check { - if f != nil { - _ = f.Close() - } - return true - } - return false -} - -func testingForcePrivateProcRootOpenTree(f *os.File) bool { - return testing.Testing() && testingForceGetProcRoot != nil && - testingCheckClose(*testingForceGetProcRoot >= forceGetProcRootOpenTree, f) -} - -func testingForcePrivateProcRootOpenTreeAtRecursive(f *os.File) bool { - return testing.Testing() && testingForceGetProcRoot != nil && - testingCheckClose(*testingForceGetProcRoot >= forceGetProcRootOpenTreeAtRecursive, f) -} - -func testingForceGetProcRootUnsafe() bool { - return testing.Testing() && testingForceGetProcRoot != nil && - *testingForceGetProcRoot >= forceGetProcRootUnsafe -} - -type forceProcThreadSelfLevel int - -const ( - forceProcThreadSelfDefault forceProcThreadSelfLevel = iota - forceProcSelfTask - forceProcSelf -) - -var testingForceProcThreadSelf *forceProcThreadSelfLevel - -func testingForceProcSelfTask() bool { - return testing.Testing() && testingForceProcThreadSelf != nil && - *testingForceProcThreadSelf >= forceProcSelfTask -} - -func testingForceProcSelf() bool { - return testing.Testing() && testingForceProcThreadSelf != nil && - *testingForceProcThreadSelf >= forceProcSelf -} diff --git a/vendor/modules.txt b/vendor/modules.txt index bd1228e32a3..ded326d7359 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -25,7 +25,7 @@ github.com/coreos/go-systemd/v22/dbus # github.com/cpuguy83/go-md2man/v2 v2.0.2 ## explicit; go 1.11 github.com/cpuguy83/go-md2man/v2/md2man -# github.com/cyphar/filepath-securejoin v0.3.3 +# github.com/cyphar/filepath-securejoin v0.3.4 ## explicit; go 1.21 github.com/cyphar/filepath-securejoin # github.com/docker/go-units v0.5.0 From 9b60a93cf33cb8166d805f1de11e8feb27b51ff8 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Thu, 25 Jul 2024 11:38:28 +0200 Subject: [PATCH 0675/1176] libcontainer/userns: migrate to github.com/moby/sys/userns The userns package was moved to the moby/sys/userns module at commit 3778ae603c706494fd1e2c2faf83b406e38d687d. This patch deprecates the old location, and adds it as an alias for the moby/sys/userns package. Signed-off-by: Sebastiaan van Stijn --- checkpoint.go | 5 +- go.mod | 3 +- go.sum | 6 +- libcontainer/cgroups/devices/v1.go | 2 +- libcontainer/cgroups/devices/v1_test.go | 3 +- libcontainer/cgroups/devices/v2.go | 2 +- libcontainer/cgroups/systemd/user.go | 3 +- libcontainer/cgroups/utils.go | 2 +- libcontainer/rootfs_linux.go | 2 +- .../{userns.go => userns_deprecated.go} | 7 +- libcontainer/userns/userns_linux_test.go | 34 --- restore.go | 2 +- rootless_linux.go | 5 +- vendor/github.com/moby/sys/user/user.go | 1 - vendor/github.com/moby/sys/userns/LICENSE | 202 ++++++++++++++++++ vendor/github.com/moby/sys/userns/userns.go | 16 ++ .../moby/sys}/userns/userns_linux.go | 6 +- .../moby/sys}/userns/userns_linux_fuzzer.go | 0 .../moby/sys}/userns/userns_unsupported.go | 0 vendor/modules.txt | 5 +- 20 files changed, 253 insertions(+), 53 deletions(-) rename libcontainer/userns/{userns.go => userns_deprecated.go} (55%) delete mode 100644 libcontainer/userns/userns_linux_test.go create mode 100644 vendor/github.com/moby/sys/userns/LICENSE create mode 100644 vendor/github.com/moby/sys/userns/userns.go rename {libcontainer => vendor/github.com/moby/sys}/userns/userns_linux.go (73%) rename {libcontainer => vendor/github.com/moby/sys}/userns/userns_linux_fuzzer.go (100%) rename {libcontainer => vendor/github.com/moby/sys}/userns/userns_unsupported.go (100%) diff --git a/checkpoint.go b/checkpoint.go index 1f5f5e73975..c1bcc703ca9 100644 --- a/checkpoint.go +++ b/checkpoint.go @@ -9,12 +9,13 @@ import ( "strconv" criu "github.com/checkpoint-restore/go-criu/v6/rpc" - "github.com/opencontainers/runc/libcontainer" - "github.com/opencontainers/runc/libcontainer/userns" + "github.com/moby/sys/userns" "github.com/opencontainers/runtime-spec/specs-go" "github.com/sirupsen/logrus" "github.com/urfave/cli" "golang.org/x/sys/unix" + + "github.com/opencontainers/runc/libcontainer" ) var checkpointCommand = cli.Command{ diff --git a/go.mod b/go.mod index 3e548bdb54e..17a18f5f430 100644 --- a/go.mod +++ b/go.mod @@ -16,7 +16,8 @@ require ( github.com/docker/go-units v0.5.0 github.com/godbus/dbus/v5 v5.1.0 github.com/moby/sys/mountinfo v0.7.1 - github.com/moby/sys/user v0.1.0 + github.com/moby/sys/user v0.3.0 + github.com/moby/sys/userns v0.1.0 github.com/mrunalp/fileutils v0.5.1 github.com/opencontainers/runtime-spec v1.2.0 github.com/opencontainers/selinux v1.11.0 diff --git a/go.sum b/go.sum index 0f11aa5b9c0..b755d5b97fe 100644 --- a/go.sum +++ b/go.sum @@ -40,8 +40,10 @@ github.com/mdlayher/socket v0.4.1 h1:eM9y2/jlbs1M615oshPQOHZzj6R6wMT7bX5NPiQvn2U github.com/mdlayher/socket v0.4.1/go.mod h1:cAqeGjoufqdxWkD7DkpyS+wcefOtmu5OQ8KuoJGIReA= github.com/moby/sys/mountinfo v0.7.1 h1:/tTvQaSJRr2FshkhXiIpux6fQ2Zvc4j7tAhMTStAG2g= github.com/moby/sys/mountinfo v0.7.1/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI= -github.com/moby/sys/user v0.1.0 h1:WmZ93f5Ux6het5iituh9x2zAG7NFY9Aqi49jjE1PaQg= -github.com/moby/sys/user v0.1.0/go.mod h1:fKJhFOnsCN6xZ5gSfbM6zaHGgDJMrqt9/reuj4T7MmU= +github.com/moby/sys/user v0.3.0 h1:9ni5DlcW5an3SvRSx4MouotOygvzaXbaSrc/wGDFWPo= +github.com/moby/sys/user v0.3.0/go.mod h1:bG+tYYYJgaMtRKgEmuueC0hJEAZWwtIbZTB+85uoHjs= +github.com/moby/sys/userns v0.1.0 h1:tVLXkFOxVu9A64/yh59slHVv9ahO9UIev4JZusOLG/g= +github.com/moby/sys/userns v0.1.0/go.mod h1:IHUYgu/kao6N8YZlp9Cf444ySSvCmDlmzUcYfDHOl28= github.com/mrunalp/fileutils v0.5.1 h1:F+S7ZlNKnrwHfSwdlgNSkKo67ReVf8o9fel6C3dkm/Q= github.com/mrunalp/fileutils v0.5.1/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ= github.com/opencontainers/runtime-spec v1.2.0 h1:z97+pHb3uELt/yiAWD691HNHQIF07bE7dzrbT927iTk= diff --git a/libcontainer/cgroups/devices/v1.go b/libcontainer/cgroups/devices/v1.go index 397c00c8d46..4493f0d056d 100644 --- a/libcontainer/cgroups/devices/v1.go +++ b/libcontainer/cgroups/devices/v1.go @@ -5,10 +5,10 @@ import ( "errors" "reflect" + "github.com/moby/sys/userns" "github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/devices" - "github.com/opencontainers/runc/libcontainer/userns" ) var testingSkipFinalCheck bool diff --git a/libcontainer/cgroups/devices/v1_test.go b/libcontainer/cgroups/devices/v1_test.go index aed1024b2ef..934fb94c132 100644 --- a/libcontainer/cgroups/devices/v1_test.go +++ b/libcontainer/cgroups/devices/v1_test.go @@ -5,11 +5,12 @@ import ( "path" "testing" + "github.com/moby/sys/userns" + "github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/cgroups/fscommon" "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/devices" - "github.com/opencontainers/runc/libcontainer/userns" ) func init() { diff --git a/libcontainer/cgroups/devices/v2.go b/libcontainer/cgroups/devices/v2.go index 4bcf860b5bb..23c092b2afe 100644 --- a/libcontainer/cgroups/devices/v2.go +++ b/libcontainer/cgroups/devices/v2.go @@ -3,11 +3,11 @@ package devices import ( "fmt" + "github.com/moby/sys/userns" "golang.org/x/sys/unix" "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/devices" - "github.com/opencontainers/runc/libcontainer/userns" ) func isRWM(perms devices.Permissions) bool { diff --git a/libcontainer/cgroups/systemd/user.go b/libcontainer/cgroups/systemd/user.go index 6fa1cc77639..1e18403bae1 100644 --- a/libcontainer/cgroups/systemd/user.go +++ b/libcontainer/cgroups/systemd/user.go @@ -13,8 +13,7 @@ import ( systemdDbus "github.com/coreos/go-systemd/v22/dbus" dbus "github.com/godbus/dbus/v5" - - "github.com/opencontainers/runc/libcontainer/userns" + "github.com/moby/sys/userns" ) // newUserSystemdDbus creates a connection for systemd user-instance. diff --git a/libcontainer/cgroups/utils.go b/libcontainer/cgroups/utils.go index d303cf204c9..67341e690d2 100644 --- a/libcontainer/cgroups/utils.go +++ b/libcontainer/cgroups/utils.go @@ -12,7 +12,7 @@ import ( "sync" "time" - "github.com/opencontainers/runc/libcontainer/userns" + "github.com/moby/sys/userns" "github.com/sirupsen/logrus" "golang.org/x/sys/unix" ) diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index 18fa54dd315..f7cd95dd189 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -14,6 +14,7 @@ import ( securejoin "github.com/cyphar/filepath-securejoin" "github.com/moby/sys/mountinfo" + "github.com/moby/sys/userns" "github.com/mrunalp/fileutils" "github.com/opencontainers/runtime-spec/specs-go" "github.com/opencontainers/selinux/go-selinux/label" @@ -24,7 +25,6 @@ import ( "github.com/opencontainers/runc/libcontainer/cgroups/fs2" "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/devices" - "github.com/opencontainers/runc/libcontainer/userns" "github.com/opencontainers/runc/libcontainer/utils" ) diff --git a/libcontainer/userns/userns.go b/libcontainer/userns/userns_deprecated.go similarity index 55% rename from libcontainer/userns/userns.go rename to libcontainer/userns/userns_deprecated.go index a07afe07bc8..31107f87295 100644 --- a/libcontainer/userns/userns.go +++ b/libcontainer/userns/userns_deprecated.go @@ -1,8 +1,13 @@ +// Deprecated: use github.com/moby/sys/userns package userns +import "github.com/moby/sys/userns" + // RunningInUserNS detects whether we are currently running in a Linux // user namespace and memoizes the result. It returns false on non-Linux // platforms. +// +// Deprecated: use [userns.RunningInUserNS]. func RunningInUserNS() bool { - return inUserNS() + return userns.RunningInUserNS() } diff --git a/libcontainer/userns/userns_linux_test.go b/libcontainer/userns/userns_linux_test.go deleted file mode 100644 index 25c4ac301de..00000000000 --- a/libcontainer/userns/userns_linux_test.go +++ /dev/null @@ -1,34 +0,0 @@ -package userns - -import "testing" - -func TestUIDMapInUserNS(t *testing.T) { - cases := []struct { - s string - expected bool - }{ - { - s: " 0 0 4294967295\n", - expected: false, - }, - { - s: " 0 0 1\n", - expected: true, - }, - { - s: " 0 1001 1\n 1 231072 65536\n", - expected: true, - }, - { - // file exist but empty (the initial state when userns is created. see man 7 user_namespaces) - s: "", - expected: true, - }, - } - for _, c := range cases { - actual := uidMapInUserNS(c.s) - if c.expected != actual { - t.Fatalf("expected %v, got %v for %q", c.expected, actual, c.s) - } - } -} diff --git a/restore.go b/restore.go index d65afcfc788..f1648eaea57 100644 --- a/restore.go +++ b/restore.go @@ -3,7 +3,7 @@ package main import ( "os" - "github.com/opencontainers/runc/libcontainer/userns" + "github.com/moby/sys/userns" "github.com/sirupsen/logrus" "github.com/urfave/cli" ) diff --git a/rootless_linux.go b/rootless_linux.go index a1f54858635..6ba178b5392 100644 --- a/rootless_linux.go +++ b/rootless_linux.go @@ -3,10 +3,11 @@ package main import ( "os" - "github.com/opencontainers/runc/libcontainer/cgroups/systemd" - "github.com/opencontainers/runc/libcontainer/userns" + "github.com/moby/sys/userns" "github.com/sirupsen/logrus" "github.com/urfave/cli" + + "github.com/opencontainers/runc/libcontainer/cgroups/systemd" ) func shouldUseRootlessCgroupManager(context *cli.Context) (bool, error) { diff --git a/vendor/github.com/moby/sys/user/user.go b/vendor/github.com/moby/sys/user/user.go index 984466d1ab5..198c4936795 100644 --- a/vendor/github.com/moby/sys/user/user.go +++ b/vendor/github.com/moby/sys/user/user.go @@ -197,7 +197,6 @@ func ParseGroupFilter(r io.Reader, filter func(Group) bool) ([]Group, error) { for { var line []byte line, isPrefix, err = rd.ReadLine() - if err != nil { // We should return no error if EOF is reached // without a match. diff --git a/vendor/github.com/moby/sys/userns/LICENSE b/vendor/github.com/moby/sys/userns/LICENSE new file mode 100644 index 00000000000..d6456956733 --- /dev/null +++ b/vendor/github.com/moby/sys/userns/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/vendor/github.com/moby/sys/userns/userns.go b/vendor/github.com/moby/sys/userns/userns.go new file mode 100644 index 00000000000..56b24c44ad0 --- /dev/null +++ b/vendor/github.com/moby/sys/userns/userns.go @@ -0,0 +1,16 @@ +// Package userns provides utilities to detect whether we are currently running +// in a Linux user namespace. +// +// This code was migrated from [libcontainer/runc], which based its implementation +// on code from [lcx/incus]. +// +// [libcontainer/runc]: https://github.com/opencontainers/runc/blob/3778ae603c706494fd1e2c2faf83b406e38d687d/libcontainer/userns/userns_linux.go#L12-L49 +// [lcx/incus]: https://github.com/lxc/incus/blob/e45085dd42f826b3c8c3228e9733c0b6f998eafe/shared/util.go#L678-L700 +package userns + +// RunningInUserNS detects whether we are currently running in a Linux +// user namespace and memoizes the result. It returns false on non-Linux +// platforms. +func RunningInUserNS() bool { + return inUserNS() +} diff --git a/libcontainer/userns/userns_linux.go b/vendor/github.com/moby/sys/userns/userns_linux.go similarity index 73% rename from libcontainer/userns/userns_linux.go rename to vendor/github.com/moby/sys/userns/userns_linux.go index a1462e13bc0..87c1c38eec2 100644 --- a/libcontainer/userns/userns_linux.go +++ b/vendor/github.com/moby/sys/userns/userns_linux.go @@ -11,7 +11,11 @@ var inUserNS = sync.OnceValue(runningInUserNS) // runningInUserNS detects whether we are currently running in a user namespace. // -// Originally copied from https://github.com/lxc/incus/blob/e45085dd42f826b3c8c3228e9733c0b6f998eafe/shared/util.go#L678-L700. +// This code was migrated from [libcontainer/runc] and based on an implementation +// from [lcx/incus]. +// +// [libcontainer/runc]: https://github.com/opencontainers/runc/blob/3778ae603c706494fd1e2c2faf83b406e38d687d/libcontainer/userns/userns_linux.go#L12-L49 +// [lcx/incus]: https://github.com/lxc/incus/blob/e45085dd42f826b3c8c3228e9733c0b6f998eafe/shared/util.go#L678-L700 func runningInUserNS() bool { file, err := os.Open("/proc/self/uid_map") if err != nil { diff --git a/libcontainer/userns/userns_linux_fuzzer.go b/vendor/github.com/moby/sys/userns/userns_linux_fuzzer.go similarity index 100% rename from libcontainer/userns/userns_linux_fuzzer.go rename to vendor/github.com/moby/sys/userns/userns_linux_fuzzer.go diff --git a/libcontainer/userns/userns_unsupported.go b/vendor/github.com/moby/sys/userns/userns_unsupported.go similarity index 100% rename from libcontainer/userns/userns_unsupported.go rename to vendor/github.com/moby/sys/userns/userns_unsupported.go diff --git a/vendor/modules.txt b/vendor/modules.txt index ded326d7359..97d1c3ef117 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -37,9 +37,12 @@ github.com/godbus/dbus/v5 # github.com/moby/sys/mountinfo v0.7.1 ## explicit; go 1.16 github.com/moby/sys/mountinfo -# github.com/moby/sys/user v0.1.0 +# github.com/moby/sys/user v0.3.0 ## explicit; go 1.17 github.com/moby/sys/user +# github.com/moby/sys/userns v0.1.0 +## explicit; go 1.21 +github.com/moby/sys/userns # github.com/mrunalp/fileutils v0.5.1 ## explicit; go 1.13 github.com/mrunalp/fileutils From eff6f049bc7ccd6c5d60544e5e8f78de0dd63ae7 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 8 Oct 2024 13:34:55 -0700 Subject: [PATCH 0676/1176] libct/cap: no need to load capabilities We are not really interested in the capabilities of the current process, so there is no need to load those. This results in some performance improvement since now the capability package don't have to parse /proc/self/status. Signed-off-by: Kir Kolyshkin --- libcontainer/capabilities/capabilities.go | 3 --- 1 file changed, 3 deletions(-) diff --git a/libcontainer/capabilities/capabilities.go b/libcontainer/capabilities/capabilities.go index 69884ef992a..cb11edd403b 100644 --- a/libcontainer/capabilities/capabilities.go +++ b/libcontainer/capabilities/capabilities.go @@ -65,9 +65,6 @@ func New(capConfig *configs.Capabilities) (*Caps, error) { if c.pid, err = capability.NewPid2(0); err != nil { return nil, err } - if err = c.pid.Load(); err != nil { - return nil, err - } if len(unknownCaps) > 0 { logrus.Warn("ignoring unknown or unavailable capabilities: ", mapKeys(unknownCaps)) } From 324fcea4ec679d9bf1317c7716a43d0266cf4207 Mon Sep 17 00:00:00 2001 From: "yangzhao.hjh" Date: Fri, 11 Oct 2024 09:56:07 +0800 Subject: [PATCH 0677/1176] Terminate execution for criu that does not meet version requirements Signed-off-by: yangzhao.hjh --- libcontainer/criu_linux.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libcontainer/criu_linux.go b/libcontainer/criu_linux.go index 4c6ae71465f..fed34e79148 100644 --- a/libcontainer/criu_linux.go +++ b/libcontainer/criu_linux.go @@ -186,7 +186,7 @@ func criuNsToKey(t configs.NamespaceType) string { func (c *Container) handleCheckpointingExternalNamespaces(rpcOpts *criurpc.CriuOpts, t configs.NamespaceType) error { if !c.criuSupportsExtNS(t) { - return nil + return fmt.Errorf("criu lacks support for external %s namespace during checkpointing process (old criu version?)", configs.NsName(t)) } nsPath := c.config.Namespaces.PathOf(t) @@ -246,7 +246,7 @@ func (c *Container) handleRestoringNamespaces(rpcOpts *criurpc.CriuOpts, extraFi func (c *Container) handleRestoringExternalNamespaces(rpcOpts *criurpc.CriuOpts, extraFiles *[]*os.File, t configs.NamespaceType) error { if !c.criuSupportsExtNS(t) { - return nil + return fmt.Errorf("criu lacks support for external %s namespace during the restoration process (old criu version?)", configs.NsName(t)) } nsPath := c.config.Namespaces.PathOf(t) From 9fa324c4796479555c3ebb8a9fb8ad396815e893 Mon Sep 17 00:00:00 2001 From: lifubang Date: Sun, 13 Oct 2024 20:07:56 +0800 Subject: [PATCH 0678/1176] dmz: cloned binary: set +x permissions when creating regular tmpfile While we did set +x when "sealing" regular temporary files, the "is executable" checks were done before then and would thus fail, causing the fallback to not work properly. So just set +x after we create the file. We already have a O_RDWR handle open when we do the chmod so we won't get permission issues when writing to the file. Fixes: e089db3b4a31 ("dmz: add fallbacks to handle noexec for O_TMPFILE and mktemp()") Signed-off-by: lifubang --- libcontainer/dmz/cloned_binary_linux.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libcontainer/dmz/cloned_binary_linux.go b/libcontainer/dmz/cloned_binary_linux.go index db5e18a3260..3d732d3f98a 100644 --- a/libcontainer/dmz/cloned_binary_linux.go +++ b/libcontainer/dmz/cloned_binary_linux.go @@ -64,9 +64,6 @@ func Memfd(comment string) (*os.File, SealFunc, error) { } func sealFile(f **os.File) error { - if err := (*f).Chmod(0o511); err != nil { - return err - } // When sealing an O_TMPFILE-style descriptor we need to // re-open the path as O_PATH to clear the existing write // handle we have. @@ -108,6 +105,9 @@ func mktemp(dir string) (*os.File, SealFunc, error) { if err := os.Remove(file.Name()); err != nil { return nil, nil, fmt.Errorf("unlinking classic tmpfile: %w", err) } + if err := file.Chmod(0o511); err != nil { + return nil, nil, fmt.Errorf("chmod classic tmpfile: %w", err) + } var stat unix.Stat_t if err := unix.Fstat(int(file.Fd()), &stat); err != nil { return nil, nil, fmt.Errorf("cannot fstat classic tmpfile: %w", err) From b5bdf592f2df7149793600b2de19fe8459fd30f6 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 11 Oct 2024 16:29:29 -0700 Subject: [PATCH 0679/1176] libct: rm initWaiter This initWaiter logic was introduced by commit 4ecff8d9, but since the logic of /proc/self/exe was moved out of runc init in commit 0e9a335, this seems unnecessary to have initWaiter. Remove it. This essentially reverts commit 4ecff8d9. Signed-off-by: Kir Kolyshkin --- libcontainer/nsenter/nsenter_test.go | 22 -------------- libcontainer/nsenter/nsexec.c | 7 ----- libcontainer/process_linux.go | 44 ---------------------------- 3 files changed, 73 deletions(-) diff --git a/libcontainer/nsenter/nsenter_test.go b/libcontainer/nsenter/nsenter_test.go index 0cbf0aae61b..c0b4e9b47e4 100644 --- a/libcontainer/nsenter/nsenter_test.go +++ b/libcontainer/nsenter/nsenter_test.go @@ -52,8 +52,6 @@ func TestNsenterValidPaths(t *testing.T) { t.Fatal(err) } - initWaiter(t, parent) - if err := cmd.Wait(); err != nil { t.Fatalf("nsenter error: %v", err) } @@ -94,7 +92,6 @@ func TestNsenterInvalidPaths(t *testing.T) { t.Fatal(err) } - initWaiter(t, parent) if err := cmd.Wait(); err == nil { t.Fatalf("nsenter exits with a zero exit status") } @@ -133,7 +130,6 @@ func TestNsenterIncorrectPathType(t *testing.T) { t.Fatal(err) } - initWaiter(t, parent) if err := cmd.Wait(); err == nil { t.Fatalf("nsenter error: %v", err) } @@ -177,8 +173,6 @@ func TestNsenterChildLogging(t *testing.T) { t.Fatal(err) } - initWaiter(t, parent) - getLogs(t, logread) if err := cmd.Wait(); err != nil { t.Fatalf("nsenter error: %v", err) @@ -208,22 +202,6 @@ func newPipe(t *testing.T) (parent *os.File, child *os.File) { return } -// initWaiter reads back the initial \0 from runc init -func initWaiter(t *testing.T, r io.Reader) { - inited := make([]byte, 1) - n, err := r.Read(inited) - if err == nil { - if n < 1 { - err = errors.New("short read") - } else if inited[0] != 0 { - err = fmt.Errorf("unexpected %d != 0", inited[0]) - } else { - return - } - } - t.Fatalf("waiting for init preliminary setup: %v", err) -} - func reapChildren(t *testing.T, parent *os.File) { t.Helper() decoder := json.NewDecoder(parent) diff --git a/libcontainer/nsenter/nsexec.c b/libcontainer/nsenter/nsexec.c index 65e0ef53b9d..74e15b96d5f 100644 --- a/libcontainer/nsenter/nsexec.c +++ b/libcontainer/nsenter/nsexec.c @@ -571,13 +571,6 @@ void nsexec(void) return; } - /* - * Inform the parent we're past initial setup. - * For the other side of this, see initWaiter. - */ - if (write(pipenum, "", 1) != 1) - bail("could not inform the parent we are past initial setup"); - write_log(DEBUG, "=> nsexec container setup"); /* Parse all of the netlink configuration. */ diff --git a/libcontainer/process_linux.go b/libcontainer/process_linux.go index 493dbeaac5a..fcbb54a3e41 100644 --- a/libcontainer/process_linux.go +++ b/libcontainer/process_linux.go @@ -140,17 +140,12 @@ func (p *setnsProcess) start() (retErr error) { return fmt.Errorf("error starting setns process: %w", err) } - waitInit := initWaiter(p.comm.initSockParent) defer func() { if retErr != nil { if newOom, err := p.manager.OOMKillCount(); err == nil && newOom != oom { // Someone in this cgroup was killed, this _might_ be us. retErr = fmt.Errorf("%w (possibly OOM-killed)", retErr) } - werr := <-waitInit - if werr != nil { - logrus.WithError(werr).Warn() - } err := ignoreTerminateErrors(p.terminate()) if err != nil { logrus.WithError(err).Warn("unable to terminate setnsProcess") @@ -163,10 +158,6 @@ func (p *setnsProcess) start() (retErr error) { return fmt.Errorf("error copying bootstrap data to pipe: %w", err) } } - err = <-waitInit - if err != nil { - return err - } if err := p.execSetns(); err != nil { return fmt.Errorf("error executing setns process: %w", err) } @@ -536,7 +527,6 @@ func (p *initProcess) start() (retErr error) { return fmt.Errorf("unable to start init: %w", err) } - waitInit := initWaiter(p.comm.initSockParent) defer func() { if retErr != nil { // Find out if init is killed by the kernel's OOM killer. @@ -559,11 +549,6 @@ func (p *initProcess) start() (retErr error) { } } - werr := <-waitInit - if werr != nil { - logrus.WithError(werr).Warn() - } - // Terminate the process to ensure we can remove cgroups. if err := ignoreTerminateErrors(p.terminate()); err != nil { logrus.WithError(err).Warn("unable to terminate initProcess") @@ -601,10 +586,6 @@ func (p *initProcess) start() (retErr error) { if _, err := io.Copy(p.comm.initSockParent, p.bootstrapData); err != nil { return fmt.Errorf("can't copy bootstrap data to pipe: %w", err) } - err = <-waitInit - if err != nil { - return err - } childPid, err := p.getChildPid() if err != nil { @@ -975,31 +956,6 @@ func (p *Process) InitializeIO(rootuid, rootgid int) (i *IO, err error) { return i, nil } -// initWaiter returns a channel to wait on for making sure -// runc init has finished the initial setup. -func initWaiter(r io.Reader) chan error { - ch := make(chan error, 1) - go func() { - defer close(ch) - - inited := make([]byte, 1) - n, err := r.Read(inited) - if err == nil { - if n < 1 { - err = errors.New("short read") - } else if inited[0] != 0 { - err = fmt.Errorf("unexpected %d != 0", inited[0]) - } else { - ch <- nil - return - } - } - ch <- fmt.Errorf("waiting for init preliminary setup: %w", err) - }() - - return ch -} - func setIOPriority(ioprio *configs.IOPriority) error { const ioprioWhoPgrp = 1 From 76a821fab7cb3866a8ea6ad517c6da12fc9aa15b Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 17 Oct 2024 16:45:53 -0700 Subject: [PATCH 0680/1176] tests/int: update info about EL9 kernel The issue quoted is now fixed, so add some information about the fixed kernel version, and remove links to older discussions about idmapped mounts security. We can actually remove all of it for now, but let's keep it. Change the skip message to say which kernel is required. Amends commit b460dc39. Signed-off-by: Kir Kolyshkin --- tests/integration/helpers.bash | 22 ++++++---------------- 1 file changed, 6 insertions(+), 16 deletions(-) diff --git a/tests/integration/helpers.bash b/tests/integration/helpers.bash index fb8abb9052e..31e7dee8438 100755 --- a/tests/integration/helpers.bash +++ b/tests/integration/helpers.bash @@ -771,25 +771,15 @@ function requires_idmap_fs() { ;; *operation\ not\ permitted) if uname -r | grep -q el9; then - # centos kernel 5.14.0-200 does not permit using ID map mounts due to a - # specific patch added to their sources: + # Older EL9 kernels did not permit using ID map mounts + # due to a specific patch added to their sources: # https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/merge_requests/131 # - # There doesn't seem to be any technical reason behind - # it, none was provided in numerous examples, like: - # https://lore.kernel.org/lkml/20210213130042.828076-1-christian.brauner@ubuntu.com/T/#m3a9df31aa183e8797c70bc193040adfd601399ad - # https://lore.kernel.org/lkml/20210213130042.828076-1-christian.brauner@ubuntu.com/T/#m59cdad9630d5a279aeecd0c1f117115144bc15eb - # https://lore.kernel.org/lkml/m1r1ifzf8x.fsf@fess.ebiederm.org - # https://lore.kernel.org/lkml/20210510125147.tkgeurcindldiwxg@wittgenstein + # That patch was reverted in: + # https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/merge_requests/2179 # - # So, sadly we just need to skip this on centos. - # - # TODO Nonetheless, there are ongoing works to revert the patch - # deactivating ID map mounts: - # https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/merge_requests/2179/diffs?commit_id=06f4fe946394cb94d2cf274aa7f3091d8f8469dc - # Once this patch is merge, we should be able to remove the below skip - # if the revert is backported or if CI centos kernel is upgraded. - skip "sadly, centos kernel 5.14 does not permit using ID map mounts" + # The above revert is included into the kernel 5.14.0-334.el9. + skip "Needs kernel >= 5.14.0-334.el9" fi ;; esac From ff7753636f2240cb14e0e63977910fd272e07a24 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 17 Oct 2024 16:44:50 -0700 Subject: [PATCH 0681/1176] tests/int: rm centos-7 exclusion We no longer run tests on CentOS 7, so this is now useless. Signed-off-by: Kir Kolyshkin --- tests/integration/run.bats | 12 ------------ tests/integration/selinux.bats | 4 ---- 2 files changed, 16 deletions(-) diff --git a/tests/integration/run.bats b/tests/integration/run.bats index c2e0f4d2686..b49f3ac4c1a 100644 --- a/tests/integration/run.bats +++ b/tests/integration/run.bats @@ -128,10 +128,6 @@ function teardown() { } @test "RUNC_DMZ=true runc run [runc-dmz]" { - # centos-7 has an outdated container-selinux (<2.224.0) which means - # runc-dmz won't work. - exclude_os centos-7 - RUNC_DMZ=true runc --debug run test_hello [ "$status" -eq 0 ] [[ "$output" = *"Hello World"* ]] @@ -140,10 +136,6 @@ function teardown() { } @test "RUNC_DMZ=true runc run [cap_sys_ptrace -> /proc/self/exe clone]" { - # centos-7 has an outdated container-selinux (<2.224.0) which means - # runc-dmz won't work. - exclude_os centos-7 - # Add CAP_SYS_PTRACE to the bounding set, the minimum needed to indicate a # container process _could_ get CAP_SYS_PTRACE. update_config '.process.capabilities.bounding += ["CAP_SYS_PTRACE"]' @@ -240,10 +232,6 @@ function teardown() { } @test "RUNC_DMZ=true runc run [exec error]" { - # centos-7 has an outdated container-selinux (<2.224.0) which means - # runc-dmz won't work. - exclude_os centos-7 - cat <rootfs/run.sh #!/mmnnttbb foo bar sh diff --git a/tests/integration/selinux.bats b/tests/integration/selinux.bats index 08246e6b04f..19bc9d2070e 100644 --- a/tests/integration/selinux.bats +++ b/tests/integration/selinux.bats @@ -40,10 +40,6 @@ function teardown() { # https://github.com/opencontainers/runc/issues/4057 @test "runc run (custom selinux label, RUNC_DMZ=true)" { - # centos-7 has an outdated container-selinux (<2.224.0) which means - # runc-dmz won't work. - exclude_os centos-7 - update_config ' .process.selinuxLabel |= "system_u:system_r:container_t:s0:c4,c5" | .process.args = ["/bin/true"]' RUNC_DMZ=true runc run tst From 54ef07d8996e7b2cbdd52f10930aa61e0f601646 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 17 Oct 2024 16:50:50 -0700 Subject: [PATCH 0682/1176] tests/int: skip "update memory vs CheckBeforeUpdate" on EL9 This test case is frequently hanging recently. Might be caused by a recent kernel update from 5.14.0-427.33.1.el9_4.x86_64 to 5.14.0-427.37.1.el9_4.x86_64. Could not reproduce locally. Let's skip it for now. Signed-off-by: Kir Kolyshkin --- tests/integration/update.bats | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/integration/update.bats b/tests/integration/update.bats index 54774a877b2..4d928c42f47 100644 --- a/tests/integration/update.bats +++ b/tests/integration/update.bats @@ -852,6 +852,8 @@ EOF } @test "update memory vs CheckBeforeUpdate" { + exclude_os almalinux-9.4 # See https://github.com/opencontainers/runc/issues/4454 + requires cgroups_v2 [ $EUID -ne 0 ] && requires rootless_cgroup From 8cfbccb6d99a1bcfad5b16fb3f0bbca97cb5be4c Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Sun, 20 Oct 2024 19:55:00 +1100 Subject: [PATCH 0683/1176] tests: integration: add helper to check if we're in a userns Signed-off-by: Aleksa Sarai --- tests/integration/helpers.bash | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/tests/integration/helpers.bash b/tests/integration/helpers.bash index 31e7dee8438..789b83e5b92 100755 --- a/tests/integration/helpers.bash +++ b/tests/integration/helpers.bash @@ -368,6 +368,12 @@ function rootless_cgroup() { [[ "$ROOTLESS_FEATURES" == *"cgroup"* || -v RUNC_USE_SYSTEMD ]] } +function in_userns() { + # The kernel guarantees the root userns inode number (and thus the value of + # the magic-link) is always the same value (PROC_USER_INIT_INO). + [[ "$(readlink /proc/self/ns/user)" != "user:[$((0xEFFFFFFD))]" ]] +} + # Check if criu is available and working. function have_criu() { command -v criu &>/dev/null || return 1 @@ -396,7 +402,7 @@ function requires() { fi ;; root) - if [ $EUID -ne 0 ]; then + if [ $EUID -ne 0 ] || in_userns; then skip_me=1 fi ;; From 515f09f7b1dbd442298132592c7e9689b855dbdf Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Wed, 16 Oct 2024 17:13:39 +1100 Subject: [PATCH 0684/1176] dmz: use overlayfs to write-protect /proc/self/exe if possible MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Commit b999376fb237 ("nsenter: cloned_binary: remove bindfd logic entirely") removed the read-only bind-mount logic from our cloned binary code because it wasn't really safe because a container with CAP_SYS_ADMIN could remove the MS_RDONLY bit and get write access to /proc/self/exe (even with user namespaces this could've been an issue because it's not clear if the flags are locked). However, copying a binary does seem to have a minor performance impact. The only way to have no performance impact would be for the kernel to block these write attempts, but barring that we could try to reduce the overhead by coming up with a mount that cannot have it's read-only bits cleared. The "simplest" solution is to create a temporary overlayfs using fsopen(2) which uses the directory where runc exists as a lowerdir, ensuring that the container cannot access the underlying file -- and we don't have to do any copies. While fsopen(2) is not free because mount namespace cloning is usually expensive (and so it seems like the difference would be marginal), some basic performance testing seems to indicate there is a ~60% improvement doing it this way and that it has effectively no overhead even when compared to just using /proc/self/exe directly: % hyperfine --warmup 50 \ > "./runc-noclone run -b bundle ctr" \ > "./runc-overlayfs run -b bundle ctr" \ > "./runc-memfd run -b bundle ctr" Benchmark 1: ./runc-noclone run -b bundle ctr Time (mean ± σ): 13.7 ms ± 0.9 ms [User: 6.0 ms, System: 10.9 ms] Range (min … max): 11.3 ms … 16.1 ms 184 runs Benchmark 2: ./runc-overlayfs run -b bundle ctr Time (mean ± σ): 13.9 ms ± 0.9 ms [User: 6.2 ms, System: 10.8 ms] Range (min … max): 11.8 ms … 16.0 ms 180 runs Benchmark 3: ./runc-memfd run -b bundle ctr Time (mean ± σ): 22.6 ms ± 1.3 ms [User: 5.7 ms, System: 20.7 ms] Range (min … max): 19.9 ms … 26.5 ms 114 runs Summary ./runc-noclone run -b bundle ctr ran 1.01 ± 0.09 times faster than ./runc-overlayfs run -b bundle ctr 1.65 ± 0.15 times faster than ./runc-memfd run -b bundle ctr Signed-off-by: Aleksa Sarai --- libcontainer/dmz/cloned_binary_linux.go | 17 ++++ libcontainer/dmz/overlayfs_linux.go | 115 ++++++++++++++++++++++++ libcontainer/utils/utils_unix.go | 15 ++++ tests/integration/helpers.bash | 43 +++++++++ tests/integration/run.bats | 4 + 5 files changed, 194 insertions(+) create mode 100644 libcontainer/dmz/overlayfs_linux.go diff --git a/libcontainer/dmz/cloned_binary_linux.go b/libcontainer/dmz/cloned_binary_linux.go index 3d732d3f98a..1c034e4e6e5 100644 --- a/libcontainer/dmz/cloned_binary_linux.go +++ b/libcontainer/dmz/cloned_binary_linux.go @@ -212,6 +212,23 @@ func IsCloned(exe *os.File) bool { // make sure the container process can never resolve the original runc binary. // For more details on why this is necessary, see CVE-2019-5736. func CloneSelfExe(tmpDir string) (*os.File, error) { + // Try to create a temporary overlayfs to produce a readonly version of + // /proc/self/exe that cannot be "unwrapped" by the container. In contrast + // to CloneBinary, this technique does not require any extra memory usage + // and does not have the (fairly noticeable) performance impact of copying + // a large binary file into a memfd. + // + // Based on some basic performance testing, the overlayfs approach has + // effectively no performance overhead (it is on par with both + // MS_BIND+MS_RDONLY and no binary cloning at all) while memfd copying adds + // around ~60% overhead during container startup. + overlayFile, err := sealedOverlayfs("/proc/self/exe", tmpDir) + if err == nil { + logrus.Debug("runc-dmz: using overlayfs for sealed /proc/self/exe") // used for tests + return overlayFile, nil + } + logrus.WithError(err).Debugf("could not use overlayfs for /proc/self/exe sealing -- falling back to making a temporary copy") + selfExe, err := os.Open("/proc/self/exe") if err != nil { return nil, fmt.Errorf("opening current binary: %w", err) diff --git a/libcontainer/dmz/overlayfs_linux.go b/libcontainer/dmz/overlayfs_linux.go new file mode 100644 index 00000000000..92cb1944e59 --- /dev/null +++ b/libcontainer/dmz/overlayfs_linux.go @@ -0,0 +1,115 @@ +package dmz + +import ( + "fmt" + "os" + "path/filepath" + "runtime" + "strings" + + "golang.org/x/sys/unix" + + "github.com/opencontainers/runc/libcontainer/utils" +) + +func fsopen(fsName string, flags int) (*os.File, error) { + // Make sure we always set O_CLOEXEC. + flags |= unix.FSOPEN_CLOEXEC + fd, err := unix.Fsopen(fsName, flags) + if err != nil { + return nil, os.NewSyscallError("fsopen "+fsName, err) + } + return os.NewFile(uintptr(fd), "fscontext:"+fsName), nil +} + +func fsmount(ctx *os.File, flags, mountAttrs int) (*os.File, error) { + // Make sure we always set O_CLOEXEC. + flags |= unix.FSMOUNT_CLOEXEC + fd, err := unix.Fsmount(int(ctx.Fd()), flags, mountAttrs) + if err != nil { + return nil, os.NewSyscallError("fsmount "+ctx.Name(), err) + } + runtime.KeepAlive(ctx) // make sure fd is kept alive while it's used + return os.NewFile(uintptr(fd), "fsmount:"+ctx.Name()), nil +} + +func escapeOverlayLowerDir(path string) string { + // If the lowerdir path contains ":" we need to escape them, and if there + // were any escape characters already (\) we need to escape those first. + return strings.ReplaceAll(strings.ReplaceAll(path, `\`, `\\`), `:`, `\:`) +} + +// sealedOverlayfs will create an internal overlayfs mount using fsopen() that +// uses the directory containing the binary as a lowerdir and a temporary tmpfs +// as an upperdir. There is no way to "unwrap" this (unlike MS_BIND+MS_RDONLY) +// and so we can create a safe zero-copy sealed version of /proc/self/exe. +// This only works for privileged users and on kernels with overlayfs and +// fsopen() enabled. +// +// TODO: Since Linux 5.11, overlayfs can be created inside user namespaces so +// it is technically possible to create an overlayfs even for rootless +// containers. Unfortunately, this would require some ugly manual CGo+fork +// magic so we can do this later if we feel it's really needed. +func sealedOverlayfs(binPath, tmpDir string) (_ *os.File, Err error) { + // Try to do the superblock creation first to bail out early if we can't + // use this method. + overlayCtx, err := fsopen("overlay", unix.FSOPEN_CLOEXEC) + if err != nil { + return nil, err + } + defer overlayCtx.Close() + + // binPath is going to be /proc/self/exe, so do a readlink to get the real + // path. overlayfs needs the real underlying directory for this protection + // mode to work properly. + if realPath, err := os.Readlink(binPath); err == nil { + binPath = realPath + } + binLowerDirPath, binName := filepath.Split(binPath) + // Escape any ":"s or "\"s in the path. + binLowerDirPath = escapeOverlayLowerDir(binLowerDirPath) + + // Overlayfs requires two lowerdirs in order to run in "lower-only" mode, + // where writes are completely blocked. Ideally we would create a dummy + // tmpfs for this, but it turns out that overlayfs doesn't allow for + // anonymous mountns paths. + // NOTE: I'm working on a patch to fix this but it won't be backported. + dummyLowerDirPath := escapeOverlayLowerDir(tmpDir) + + // Configure the lowerdirs. The binary lowerdir needs to be on the top to + // ensure that a file called "runc" (binName) in the dummy lowerdir doesn't + // mask the binary. + lowerDirStr := binLowerDirPath + ":" + dummyLowerDirPath + if err := unix.FsconfigSetString(int(overlayCtx.Fd()), "lowerdir", lowerDirStr); err != nil { + return nil, fmt.Errorf("fsconfig set overlayfs lowerdir=%s: %w", lowerDirStr, err) + } + + // Get an actual handle to the overlayfs. + if err := unix.FsconfigCreate(int(overlayCtx.Fd())); err != nil { + return nil, os.NewSyscallError("fsconfig create overlayfs", err) + } + overlayFd, err := fsmount(overlayCtx, unix.FSMOUNT_CLOEXEC, unix.MS_RDONLY|unix.MS_NODEV|unix.MS_NOSUID) + if err != nil { + return nil, err + } + defer overlayFd.Close() + + // Grab a handle to the binary through overlayfs. + exeFile, err := utils.Openat(overlayFd, binName, unix.O_PATH|unix.O_NOFOLLOW|unix.O_CLOEXEC, 0) + if err != nil { + return nil, fmt.Errorf("open %s from overlayfs (lowerdir=%s): %w", binName, lowerDirStr, err) + } + // NOTE: We would like to check that exeFile is the same as /proc/self/exe, + // except this is a little difficult. Depending on what filesystems the + // layers are on, overlayfs can remap the inode numbers (and it always + // creates its own device numbers -- see ovl_map_dev_ino) so we can't do a + // basic stat-based check. The only reasonable option would be to hash both + // files and compare them, but this would require fully reading both files + // which would produce a similar performance overhead to memfd cloning. + // + // Ultimately, there isn't a real attack to be worried about here. An + // attacker would need to be able to modify files in /usr/sbin (or wherever + // runc lives), at which point they could just replace the runc binary with + // something malicious anyway. + return exeFile, nil +} diff --git a/libcontainer/utils/utils_unix.go b/libcontainer/utils/utils_unix.go index cc84597a7ce..c8ad559d931 100644 --- a/libcontainer/utils/utils_unix.go +++ b/libcontainer/utils/utils_unix.go @@ -346,3 +346,18 @@ func MkdirAllInRoot(root, unsafePath string, mode uint32) error { } return err } + +// Openat is a Go-friendly openat(2) wrapper. +func Openat(dir *os.File, path string, flags int, mode uint32) (*os.File, error) { + dirFd := unix.AT_FDCWD + if dir != nil { + dirFd = int(dir.Fd()) + } + flags |= unix.O_CLOEXEC + + fd, err := unix.Openat(dirFd, path, flags, mode) + if err != nil { + return nil, &os.PathError{Op: "openat", Path: path, Err: err} + } + return os.NewFile(uintptr(fd), dir.Name()+"/"+path), nil +} diff --git a/tests/integration/helpers.bash b/tests/integration/helpers.bash index 789b83e5b92..85f1fb0a558 100755 --- a/tests/integration/helpers.bash +++ b/tests/integration/helpers.bash @@ -374,6 +374,49 @@ function in_userns() { [[ "$(readlink /proc/self/ns/user)" != "user:[$((0xEFFFFFFD))]" ]] } +function can_fsopen() { + fstype="$1" + + # At the very least you need 5.1 for fsopen() and the filesystem needs to + # be supported by the running kernel. + if ! is_kernel_gte 5.1 || ! grep -qFw "$fstype" /proc/filesystems; then + return 1 + fi + + # You need to be root to use fsopen. + if [ "$EUID" -ne 0 ]; then + return 1 + fi + + # If we're root in the initial userns, we're done. + if ! in_userns; then + return 0 + fi + + # If we are running in a userns, then the filesystem needs to support + # FS_USERNS_MOUNT, which is a per-filesystem flag that depends on the + # kernel version. + case "$fstype" in + overlay) + # 459c7c565ac3 ("ovl: unprivieged mounts") + is_kernel_gte 5.11 || return 2 + ;; + fuse) + # 4ad769f3c346 ("fuse: Allow fully unprivileged mounts") + is_kernel_gte 4.18 || return 2 + ;; + ramfs | tmpfs) + # b3c6761d9b5c ("userns: Allow the userns root to mount ramfs.") + # 2b8576cb09a7 ("userns: Allow the userns root to mount tmpfs.") + is_kernel_gte 3.9 || return 2 + ;; + *) + # If we don't know about the filesystem, return an error. + fail "can_fsopen: unknown filesystem $fstype" + ;; + esac +} + # Check if criu is available and working. function have_criu() { command -v criu &>/dev/null || return 1 diff --git a/tests/integration/run.bats b/tests/integration/run.bats index b49f3ac4c1a..390a69bf083 100644 --- a/tests/integration/run.bats +++ b/tests/integration/run.bats @@ -159,6 +159,10 @@ function teardown() { [ "$status" -eq 0 ] [[ "$output" = *"Hello World"* ]] [[ "$output" = *"runc-dmz: using /proc/self/exe clone"* ]] + # runc will use fsopen("overlay") if it can. + if can_fsopen overlay; then + [[ "$output" = *"runc-dmz: using overlayfs for sealed /proc/self/exe"* ]] + fi } @test "runc run [joining existing container namespaces]" { From e66992669172d1b5a10e553dc40a7c1853097d85 Mon Sep 17 00:00:00 2001 From: lfbzhm Date: Mon, 21 Oct 2024 06:36:56 +0000 Subject: [PATCH 0685/1176] fix an error caused by fd reuse race when starting runc init There is a race situation when we are opening a file, if there is a small fd was closed at that time, maybe it will be reused by safeExe. Because of Go stdlib fds shuffling bug, if the fd of safeExe is too small, go stdlib will dup3 it to another fd, or dup3 a other fd to this fd, then it will cause the fd type cmd.Path refers to a random path, and it can lead to an error "permission denied" when starting the process. Please see #4294 and . So we should not use the original fd of safeExe, but use the fd after shuffled by Go stdlib. Because Go stdlib will guarantee this fd refers to the correct file. Signed-off-by: lfbzhm --- libcontainer/container_linux.go | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index 0b17168c2bb..838517c1c4d 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -618,6 +618,8 @@ func (c *Container) newParentProcess(p *Process) (parentProcess, error) { ) } + // TODO: After https://go-review.googlesource.com/c/go/+/515799 included + // in go versions supported by us, we can remove this logic. if safeExe != nil { // Due to a Go stdlib bug, we need to add safeExe to the set of // ExtraFiles otherwise it is possible for the stdlib to clobber the fd @@ -628,6 +630,18 @@ func (c *Container) newParentProcess(p *Process) (parentProcess, error) { // // See . cmd.ExtraFiles = append(cmd.ExtraFiles, safeExe) + + // There is a race situation when we are opening a file, if there is a + // small fd was closed at that time, maybe it will be reused by safeExe. + // Because of Go stdlib fds shuffling bug, if the fd of safeExe is too + // small, go stdlib will dup3 it to another fd, or dup3 a other fd to this + // fd, then it will cause the fd type cmd.Path refers to a random path, + // and it can lead to an error "permission denied" when starting the process. + // Please see #4294. + // So we should not use the original fd of safeExe, but use the fd after + // shuffled by Go stdlib. Because Go stdlib will guarantee this fd refers to + // the correct file. + cmd.Path = "/proc/self/fd/" + strconv.Itoa(stdioFdCount+len(cmd.ExtraFiles)-1) } // NOTE: when running a container with no PID namespace and the parent From 568231cc4ef4b0c20ff50185c006d48827903fe4 Mon Sep 17 00:00:00 2001 From: lfbzhm Date: Tue, 15 Oct 2024 22:54:32 +0000 Subject: [PATCH 0686/1176] Revert "increase memory.max in cgroups.bats" This reverts commit 65a1074c75123afbe1d59e6ca2abc683e9d0d9dc. We needed [1] because when we removed the bindfd logic in [2] we had not yet moved the binary cloning logic to Go and thus it was necessary to increase the memory limit in CI because the clone was happening after joining the cgroup. However, [3] finally moved that code to Go and thus the cloning is now done outside of the container's cgroup and thus is no longer accounted as part of the container's memory usage at any point. Now we can properly support running a simple container with lower memory usage as we did before. [1]: commit 65a1074c7512 ("increase memory.max in cgroups.bats") [2]: commit b999376fb237 ("nsenter: cloned_binary: remove bindfd logic entirely") [3]: commit 0e9a3358f848 ("nsexec: migrate memfd /proc/self/exe logic to Go code") Signed-off-by: lfbzhm [cyphar: fixed commit messages] Signed-off-by: Aleksa Sarai --- tests/integration/cgroups.bats | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/integration/cgroups.bats b/tests/integration/cgroups.bats index 3a74eb26249..70e3ee9f5e0 100644 --- a/tests/integration/cgroups.bats +++ b/tests/integration/cgroups.bats @@ -303,7 +303,7 @@ convert_hugetlb_size() { "memory.min": "131072", "memory.low": "524288", "memory.high": "5242880", - "memory.max": "20484096", + "memory.max": "10485760", "pids.max": "99", "cpu.max": "10000 100000", "cpu.weight": "42" @@ -319,14 +319,14 @@ convert_hugetlb_size() { echo "$output" | grep -q '^memory.min:131072$' echo "$output" | grep -q '^memory.low:524288$' echo "$output" | grep -q '^memory.high:5242880$' - echo "$output" | grep -q '^memory.max:20484096$' + echo "$output" | grep -q '^memory.max:10485760$' echo "$output" | grep -q '^pids.max:99$' echo "$output" | grep -q '^cpu.max:10000 100000$' check_systemd_value "MemoryMin" 131072 check_systemd_value "MemoryLow" 524288 check_systemd_value "MemoryHigh" 5242880 - check_systemd_value "MemoryMax" 20484096 + check_systemd_value "MemoryMax" 10485760 check_systemd_value "TasksMax" 99 check_cpu_quota 10000 100000 "100ms" check_cpu_weight 42 @@ -368,7 +368,7 @@ convert_hugetlb_size() { } | .linux.resources.unified |= { "memory.min": "131072", - "memory.max": "40484864", + "memory.max": "10485760", "pids.max": "42", "cpu.max": "5000 50000", "cpu.weight": "42" @@ -383,7 +383,7 @@ convert_hugetlb_size() { runc exec test_cgroups_unified cat /sys/fs/cgroup/memory.max [ "$status" -eq 0 ] - [ "$output" = '40484864' ] + [ "$output" = '10485760' ] runc exec test_cgroups_unified cat /sys/fs/cgroup/pids.max [ "$status" -eq 0 ] From 0b9fa21be2bcba45f6d9d748b4bcf70cfbffbc19 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Tue, 22 Oct 2024 09:14:55 +1100 Subject: [PATCH 0687/1176] VERSION: release v1.2.0 Signed-off-by: Aleksa Sarai --- CHANGELOG.md | 50 +++++++++++++++++++++++++++++++++++++++++++++++--- VERSION | 2 +- 2 files changed, 48 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c8dfad5e186..6e5dc1137e3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,48 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +## [1.2.0] - 2024-10-22 + +> ă§ăă‚‹ă¨ăă«ă§ăă‚‹ă“ă¨ă‚’ă‚„ă‚‹ă‚“ă ă€‚ăă‚ŒăŒä»ă ă€‚ + +### Added + * In order to alleviate the remaining concerns around the memory usage and + (arguably somewhat unimportant, but measurable) performance overhead of + memfds for cloning `/proc/self/exe`, we have added a new protection using + `overlayfs` that is used if you have enough privileges and the running + kernel supports it. It has effectively no performance nor memory overhead + (compared to no cloning at all). (#4448) + +### Fixed + * The original fix for [CVE-2024-45310][cve-2024-45310] was intentionally very + limited in scope to make it easier to review, however it also did not handle + all possible `os.MkdirAll` cases and thus could lead to regressions. We have + switched to the more complete implementation in the newer versions of + `github.com/cyphar/filepath-securejoin`. (#4393, #4400, #4421, #4430) + * In certain situations (a system with lots of mounts or racing mounts) we + could accidentally end up leaking mounts from the container into the host. + This has been fixed. (#4417) + * The fallback logic for `O_TMPFILE` clones of `/proc/self/exe` had a minor + bug that would cause us to miss non-`noexec` directories and thus fail to + start containers on some systems. (#4444) + * Sometimes the cloned `/proc/self/exe` file descriptor could be placed in a + way that it would get clobbered by the Go runtime. We had a fix for this + already but it turns out it could still break in rare circumstances, but it + has now been fixed. (#4294, #4452) + +### Changed + * It is not possible for `runc kill` to work properly in some specific + configurations (such as rootless containers with no cgroups and a shared pid + namespace). We now output a warning for such configurations. (#4398) + * memfd-bind: update the documentation and make path handling with the systemd + unit more idiomatic. (#4428) + * We now use v0.16 of Cilium's eBPF library, including fixes that quite a few + downstreams asked for. (#4397, #4396) + * Some internal `runc init` synchronisation that was no longer necessary (due + to the `/proc/self/exe` cloning move to Go) was removed. (#4441) + +[cve-2024-45310]: https://github.com/opencontainers/runc/security/advisories/GHSA-jfvp-7x6p-h2pv + ## [1.2.0-rc.3] - 2024-09-02 > The supreme happiness of life is the conviction that we are loved. @@ -16,8 +58,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 maliciously configured containers to create empty files and directories on the host. -[cve-2024-45310]: https://github.com/opencontainers/runc/security/advisories/GHSA-jfvp-7x6p-h2pv - ### Added * Document build prerequisites for different platforms. (#4353) @@ -41,6 +81,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 * Makefile: Don't read COMMIT, BUILDTAGS, `EXTRA_BUILDTAGS` from env vars. (#4380) +[cve-2024-45310]: https://github.com/opencontainers/runc/security/advisories/GHSA-jfvp-7x6p-h2pv + ## [1.2.0-rc.2] - 2024-06-26 > TRUE or FALSE, it's a problem! @@ -802,7 +844,8 @@ implementation (libcontainer) is *not* covered by this policy. cgroups at all during `runc update`). (#2994) -[Unreleased]: https://github.com/opencontainers/runc/compare/v1.2.0-rc.3...HEAD +[Unreleased]: https://github.com/opencontainers/runc/compare/v1.2.0...HEAD +[1.2.0]: https://github.com/opencontainers/runc/compare/v1.2.0-rc.1...v1.2.0 [1.1.0]: https://github.com/opencontainers/runc/compare/v1.1.0-rc.1...v1.1.0 [1.0.0]: https://github.com/opencontainers/runc/releases/tag/v1.0.0 @@ -831,6 +874,7 @@ implementation (libcontainer) is *not* covered by this policy. [1.1.0-rc.1]: https://github.com/opencontainers/runc/compare/v1.0.0...v1.1.0-rc.1 +[Unreleased 1.2.z]: https://github.com/opencontainers/runc/compare/v1.2.0...release-1.2 [1.2.0-rc.3]: https://github.com/opencontainers/runc/compare/v1.2.0-rc.2...v1.2.0-rc.3 [1.2.0-rc.2]: https://github.com/opencontainers/runc/compare/v1.2.0-rc.1...v1.2.0-rc.2 [1.2.0-rc.1]: https://github.com/opencontainers/runc/compare/v1.1.0...v1.2.0-rc.1 diff --git a/VERSION b/VERSION index ab33538a802..26aaba0e866 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.2.0-rc.3+dev +1.2.0 From 42f9630578fbdbb1d7f57317bbf3f2a3916d53d0 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Tue, 22 Oct 2024 09:15:30 +1100 Subject: [PATCH 0688/1176] VERSION: back to development Signed-off-by: Aleksa Sarai --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index 26aaba0e866..2eefd601979 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.2.0 +1.2.0+dev From af024b6c2bc5fe165ae4d9695e191959013de902 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 22 Oct 2024 13:23:25 +0000 Subject: [PATCH 0689/1176] build(deps): bump github.com/moby/sys/mountinfo from 0.7.1 to 0.7.2 Bumps [github.com/moby/sys/mountinfo](https://github.com/moby/sys) from 0.7.1 to 0.7.2. - [Release notes](https://github.com/moby/sys/releases) - [Commits](https://github.com/moby/sys/compare/signal/v0.7.1...mountinfo/v0.7.2) --- updated-dependencies: - dependency-name: github.com/moby/sys/mountinfo dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 5 ++--- vendor/github.com/moby/sys/mountinfo/mounted_linux.go | 2 +- vendor/modules.txt | 4 ++-- 4 files changed, 6 insertions(+), 7 deletions(-) diff --git a/go.mod b/go.mod index 17a18f5f430..acacc296c94 100644 --- a/go.mod +++ b/go.mod @@ -15,7 +15,7 @@ require ( github.com/cyphar/filepath-securejoin v0.3.4 github.com/docker/go-units v0.5.0 github.com/godbus/dbus/v5 v5.1.0 - github.com/moby/sys/mountinfo v0.7.1 + github.com/moby/sys/mountinfo v0.7.2 github.com/moby/sys/user v0.3.0 github.com/moby/sys/userns v0.1.0 github.com/mrunalp/fileutils v0.5.1 diff --git a/go.sum b/go.sum index b755d5b97fe..16d0a218d76 100644 --- a/go.sum +++ b/go.sum @@ -38,8 +38,8 @@ github.com/mdlayher/netlink v1.7.2 h1:/UtM3ofJap7Vl4QWCPDGXY8d3GIY2UGSDbK+QWmY8/ github.com/mdlayher/netlink v1.7.2/go.mod h1:xraEF7uJbxLhc5fpHL4cPe221LI2bdttWlU+ZGLfQSw= github.com/mdlayher/socket v0.4.1 h1:eM9y2/jlbs1M615oshPQOHZzj6R6wMT7bX5NPiQvn2U= github.com/mdlayher/socket v0.4.1/go.mod h1:cAqeGjoufqdxWkD7DkpyS+wcefOtmu5OQ8KuoJGIReA= -github.com/moby/sys/mountinfo v0.7.1 h1:/tTvQaSJRr2FshkhXiIpux6fQ2Zvc4j7tAhMTStAG2g= -github.com/moby/sys/mountinfo v0.7.1/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI= +github.com/moby/sys/mountinfo v0.7.2 h1:1shs6aH5s4o5H2zQLn796ADW1wMrIwHsyJ2v9KouLrg= +github.com/moby/sys/mountinfo v0.7.2/go.mod h1:1YOa8w8Ih7uW0wALDUgT1dTTSBrZ+HiBLGws92L2RU4= github.com/moby/sys/user v0.3.0 h1:9ni5DlcW5an3SvRSx4MouotOygvzaXbaSrc/wGDFWPo= github.com/moby/sys/user v0.3.0/go.mod h1:bG+tYYYJgaMtRKgEmuueC0hJEAZWwtIbZTB+85uoHjs= github.com/moby/sys/userns v0.1.0 h1:tVLXkFOxVu9A64/yh59slHVv9ahO9UIev4JZusOLG/g= @@ -87,7 +87,6 @@ golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI= diff --git a/vendor/github.com/moby/sys/mountinfo/mounted_linux.go b/vendor/github.com/moby/sys/mountinfo/mounted_linux.go index e78e726196e..58f13c269d3 100644 --- a/vendor/github.com/moby/sys/mountinfo/mounted_linux.go +++ b/vendor/github.com/moby/sys/mountinfo/mounted_linux.go @@ -51,7 +51,7 @@ func mountedByOpenat2(path string) (bool, error) { Resolve: unix.RESOLVE_NO_XDEV, }) _ = unix.Close(dirfd) - switch err { //nolint:errorlint // unix errors are bare + switch err { case nil: // definitely not a mount _ = unix.Close(fd) return false, nil diff --git a/vendor/modules.txt b/vendor/modules.txt index 97d1c3ef117..e2af46418ef 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -34,8 +34,8 @@ github.com/docker/go-units # github.com/godbus/dbus/v5 v5.1.0 ## explicit; go 1.12 github.com/godbus/dbus/v5 -# github.com/moby/sys/mountinfo v0.7.1 -## explicit; go 1.16 +# github.com/moby/sys/mountinfo v0.7.2 +## explicit; go 1.17 github.com/moby/sys/mountinfo # github.com/moby/sys/user v0.3.0 ## explicit; go 1.17 From 93db63ab52a478a2d8808eeefa1028d96461c9ab Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 22 Oct 2024 13:23:32 +0000 Subject: [PATCH 0690/1176] build(deps): bump github.com/urfave/cli from 1.22.14 to 1.22.16 Bumps [github.com/urfave/cli](https://github.com/urfave/cli) from 1.22.14 to 1.22.16. - [Release notes](https://github.com/urfave/cli/releases) - [Changelog](https://github.com/urfave/cli/blob/main/docs/CHANGELOG.md) - [Commits](https://github.com/urfave/cli/compare/v1.22.14...v1.22.16) --- updated-dependencies: - dependency-name: github.com/urfave/cli dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 4 +- go.sum | 10 +- .../cpuguy83/go-md2man/v2/md2man/debug.go | 62 ++++++ .../cpuguy83/go-md2man/v2/md2man/md2man.go | 13 +- .../cpuguy83/go-md2man/v2/md2man/roff.go | 200 ++++++++++++------ vendor/modules.txt | 4 +- 6 files changed, 219 insertions(+), 74 deletions(-) create mode 100644 vendor/github.com/cpuguy83/go-md2man/v2/md2man/debug.go diff --git a/go.mod b/go.mod index 17a18f5f430..0be9376fed5 100644 --- a/go.mod +++ b/go.mod @@ -24,7 +24,7 @@ require ( github.com/seccomp/libseccomp-golang v0.10.0 github.com/sirupsen/logrus v1.9.3 github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 - github.com/urfave/cli v1.22.14 + github.com/urfave/cli v1.22.16 github.com/vishvananda/netlink v1.1.0 golang.org/x/net v0.24.0 golang.org/x/sys v0.22.0 @@ -32,7 +32,7 @@ require ( ) require ( - github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect + github.com/cpuguy83/go-md2man/v2 v2.0.5 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df // indirect golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2 // indirect diff --git a/go.sum b/go.sum index b755d5b97fe..3e6d925be65 100644 --- a/go.sum +++ b/go.sum @@ -1,4 +1,4 @@ -github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= +github.com/BurntSushi/toml v1.4.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= github.com/checkpoint-restore/go-criu/v6 v6.3.0 h1:mIdrSO2cPNWQY1truPg6uHLXyKHk3Z5Odx4wjKOASzA= github.com/checkpoint-restore/go-criu/v6 v6.3.0/go.mod h1:rrRTN/uSwY2X+BPRl/gkulo9gsKOSAeVp9/K2tv7xZI= github.com/cilium/ebpf v0.16.0 h1:+BiEnHL6Z7lXnlGUsXQPPAE7+kenAd4ES8MQ5min0Ok= @@ -7,8 +7,9 @@ github.com/containerd/console v1.0.4 h1:F2g4+oChYvBTsASRTz8NP6iIAi97J3TtSAsLbIFn github.com/containerd/console v1.0.4/go.mod h1:YynlIjWYF8myEu6sdkwKIvGQq+cOckRm6So2avqoYAk= github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs= github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= -github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w= github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= +github.com/cpuguy83/go-md2man/v2 v2.0.5 h1:ZtcqGrnekaHpVLArFSe4HK5DoKx1T0rq2DwVB0alcyc= +github.com/cpuguy83/go-md2man/v2 v2.0.5/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/cyphar/filepath-securejoin v0.3.4 h1:VBWugsJh2ZxJmLFSM06/0qzQyiQX2Qs0ViKrUAcqdZ8= github.com/cyphar/filepath-securejoin v0.3.4/go.mod h1:8s/MCNJREmFK0H02MF6Ihv1nakJe4L/w3WZLHNkvlYM= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -65,6 +66,7 @@ github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= +github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= @@ -73,8 +75,8 @@ github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsT github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 h1:kdXcSzyDtseVEc4yCz2qF8ZrQvIDBJLl4S1c3GCXmoI= github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= -github.com/urfave/cli v1.22.14 h1:ebbhrRiGK2i4naQJr+1Xj92HXZCrK7MsyTS/ob3HnAk= -github.com/urfave/cli v1.22.14/go.mod h1:X0eDS6pD6Exaclxm99NJ3FiCDRED7vIHpx2mDOHLvkA= +github.com/urfave/cli v1.22.16 h1:MH0k6uJxdwdeWQTwhSO42Pwr4YLrNLwBtg1MRgTqPdQ= +github.com/urfave/cli v1.22.16/go.mod h1:EeJR6BKodywf4zciqrdw6hpCPk68JO9z5LazXZMn5Po= github.com/vishvananda/netlink v1.1.0 h1:1iyaYNBLmP6L0220aDnYQpo1QEV4t4hJ+xEEhhJH8j0= github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE= github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df h1:OviZH7qLw/7ZovXvuNyL3XQl8UFofeikI1NW1Gypu7k= diff --git a/vendor/github.com/cpuguy83/go-md2man/v2/md2man/debug.go b/vendor/github.com/cpuguy83/go-md2man/v2/md2man/debug.go new file mode 100644 index 00000000000..0ec4b12c75d --- /dev/null +++ b/vendor/github.com/cpuguy83/go-md2man/v2/md2man/debug.go @@ -0,0 +1,62 @@ +package md2man + +import ( + "fmt" + "io" + "os" + "strings" + + "github.com/russross/blackfriday/v2" +) + +func fmtListFlags(flags blackfriday.ListType) string { + knownFlags := []struct { + name string + flag blackfriday.ListType + }{ + {"ListTypeOrdered", blackfriday.ListTypeOrdered}, + {"ListTypeDefinition", blackfriday.ListTypeDefinition}, + {"ListTypeTerm", blackfriday.ListTypeTerm}, + {"ListItemContainsBlock", blackfriday.ListItemContainsBlock}, + {"ListItemBeginningOfList", blackfriday.ListItemBeginningOfList}, + {"ListItemEndOfList", blackfriday.ListItemEndOfList}, + } + + var f []string + for _, kf := range knownFlags { + if flags&kf.flag != 0 { + f = append(f, kf.name) + flags &^= kf.flag + } + } + if flags != 0 { + f = append(f, fmt.Sprintf("Unknown(%#x)", flags)) + } + return strings.Join(f, "|") +} + +type debugDecorator struct { + blackfriday.Renderer +} + +func depth(node *blackfriday.Node) int { + d := 0 + for n := node.Parent; n != nil; n = n.Parent { + d++ + } + return d +} + +func (d *debugDecorator) RenderNode(w io.Writer, node *blackfriday.Node, entering bool) blackfriday.WalkStatus { + fmt.Fprintf(os.Stderr, "%s%s %v %v\n", + strings.Repeat(" ", depth(node)), + map[bool]string{true: "+", false: "-"}[entering], + node, + fmtListFlags(node.ListFlags)) + var b strings.Builder + status := d.Renderer.RenderNode(io.MultiWriter(&b, w), node, entering) + if b.Len() > 0 { + fmt.Fprintf(os.Stderr, ">> %q\n", b.String()) + } + return status +} diff --git a/vendor/github.com/cpuguy83/go-md2man/v2/md2man/md2man.go b/vendor/github.com/cpuguy83/go-md2man/v2/md2man/md2man.go index b4800567345..62d91b77d58 100644 --- a/vendor/github.com/cpuguy83/go-md2man/v2/md2man/md2man.go +++ b/vendor/github.com/cpuguy83/go-md2man/v2/md2man/md2man.go @@ -1,14 +1,23 @@ package md2man import ( + "os" + "strconv" + "github.com/russross/blackfriday/v2" ) // Render converts a markdown document into a roff formatted document. func Render(doc []byte) []byte { renderer := NewRoffRenderer() + var r blackfriday.Renderer = renderer + if v, _ := strconv.ParseBool(os.Getenv("MD2MAN_DEBUG")); v { + r = &debugDecorator{Renderer: r} + } return blackfriday.Run(doc, - []blackfriday.Option{blackfriday.WithRenderer(renderer), - blackfriday.WithExtensions(renderer.GetExtensions())}...) + []blackfriday.Option{ + blackfriday.WithRenderer(r), + blackfriday.WithExtensions(renderer.GetExtensions()), + }...) } diff --git a/vendor/github.com/cpuguy83/go-md2man/v2/md2man/roff.go b/vendor/github.com/cpuguy83/go-md2man/v2/md2man/roff.go index be2b3436062..9d6c473fdc0 100644 --- a/vendor/github.com/cpuguy83/go-md2man/v2/md2man/roff.go +++ b/vendor/github.com/cpuguy83/go-md2man/v2/md2man/roff.go @@ -1,6 +1,8 @@ package md2man import ( + "bufio" + "bytes" "fmt" "io" "os" @@ -12,68 +14,72 @@ import ( // roffRenderer implements the blackfriday.Renderer interface for creating // roff format (manpages) from markdown text type roffRenderer struct { - extensions blackfriday.Extensions listCounters []int firstHeader bool - firstDD bool listDepth int } const ( - titleHeader = ".TH " - topLevelHeader = "\n\n.SH " - secondLevelHdr = "\n.SH " - otherHeader = "\n.SS " - crTag = "\n" - emphTag = "\\fI" - emphCloseTag = "\\fP" - strongTag = "\\fB" - strongCloseTag = "\\fP" - breakTag = "\n.br\n" - paraTag = "\n.PP\n" - hruleTag = "\n.ti 0\n\\l'\\n(.lu'\n" - linkTag = "\n\\[la]" - linkCloseTag = "\\[ra]" - codespanTag = "\\fB\\fC" - codespanCloseTag = "\\fR" - codeTag = "\n.PP\n.RS\n\n.nf\n" - codeCloseTag = "\n.fi\n.RE\n" - quoteTag = "\n.PP\n.RS\n" - quoteCloseTag = "\n.RE\n" - listTag = "\n.RS\n" - listCloseTag = "\n.RE\n" - dtTag = "\n.TP\n" - dd2Tag = "\n" - tableStart = "\n.TS\nallbox;\n" - tableEnd = ".TE\n" - tableCellStart = "T{\n" - tableCellEnd = "\nT}\n" + titleHeader = ".TH " + topLevelHeader = "\n\n.SH " + secondLevelHdr = "\n.SH " + otherHeader = "\n.SS " + crTag = "\n" + emphTag = "\\fI" + emphCloseTag = "\\fP" + strongTag = "\\fB" + strongCloseTag = "\\fP" + breakTag = "\n.br\n" + paraTag = "\n.PP\n" + hruleTag = "\n.ti 0\n\\l'\\n(.lu'\n" + linkTag = "\n\\[la]" + linkCloseTag = "\\[ra]" + codespanTag = "\\fB" + codespanCloseTag = "\\fR" + codeTag = "\n.EX\n" + codeCloseTag = ".EE\n" // Do not prepend a newline character since code blocks, by definition, include a newline already (or at least as how blackfriday gives us on). + quoteTag = "\n.PP\n.RS\n" + quoteCloseTag = "\n.RE\n" + listTag = "\n.RS\n" + listCloseTag = ".RE\n" + dtTag = "\n.TP\n" + dd2Tag = "\n" + tableStart = "\n.TS\nallbox;\n" + tableEnd = ".TE\n" + tableCellStart = "T{\n" + tableCellEnd = "\nT}\n" + tablePreprocessor = `'\" t` ) // NewRoffRenderer creates a new blackfriday Renderer for generating roff documents // from markdown func NewRoffRenderer() *roffRenderer { // nolint: golint - var extensions blackfriday.Extensions - - extensions |= blackfriday.NoIntraEmphasis - extensions |= blackfriday.Tables - extensions |= blackfriday.FencedCode - extensions |= blackfriday.SpaceHeadings - extensions |= blackfriday.Footnotes - extensions |= blackfriday.Titleblock - extensions |= blackfriday.DefinitionLists - return &roffRenderer{ - extensions: extensions, - } + return &roffRenderer{} } // GetExtensions returns the list of extensions used by this renderer implementation -func (r *roffRenderer) GetExtensions() blackfriday.Extensions { - return r.extensions +func (*roffRenderer) GetExtensions() blackfriday.Extensions { + return blackfriday.NoIntraEmphasis | + blackfriday.Tables | + blackfriday.FencedCode | + blackfriday.SpaceHeadings | + blackfriday.Footnotes | + blackfriday.Titleblock | + blackfriday.DefinitionLists } // RenderHeader handles outputting the header at document start func (r *roffRenderer) RenderHeader(w io.Writer, ast *blackfriday.Node) { + // We need to walk the tree to check if there are any tables. + // If there are, we need to enable the roff table preprocessor. + ast.Walk(func(node *blackfriday.Node, entering bool) blackfriday.WalkStatus { + if node.Type == blackfriday.Table { + out(w, tablePreprocessor+"\n") + return blackfriday.Terminate + } + return blackfriday.GoToNext + }) + // disable hyphenation out(w, ".nh\n") } @@ -86,12 +92,27 @@ func (r *roffRenderer) RenderFooter(w io.Writer, ast *blackfriday.Node) { // RenderNode is called for each node in a markdown document; based on the node // type the equivalent roff output is sent to the writer func (r *roffRenderer) RenderNode(w io.Writer, node *blackfriday.Node, entering bool) blackfriday.WalkStatus { - - var walkAction = blackfriday.GoToNext + walkAction := blackfriday.GoToNext switch node.Type { case blackfriday.Text: - escapeSpecialChars(w, node.Literal) + // Special case: format the NAME section as required for proper whatis parsing. + // Refer to the lexgrog(1) and groff_man(7) manual pages for details. + if node.Parent != nil && + node.Parent.Type == blackfriday.Paragraph && + node.Parent.Prev != nil && + node.Parent.Prev.Type == blackfriday.Heading && + node.Parent.Prev.FirstChild != nil && + bytes.EqualFold(node.Parent.Prev.FirstChild.Literal, []byte("NAME")) { + before, after, found := bytes.Cut(node.Literal, []byte(" - ")) + escapeSpecialChars(w, before) + if found { + out(w, ` \- `) + escapeSpecialChars(w, after) + } + } else { + escapeSpecialChars(w, node.Literal) + } case blackfriday.Softbreak: out(w, crTag) case blackfriday.Hardbreak: @@ -109,9 +130,16 @@ func (r *roffRenderer) RenderNode(w io.Writer, node *blackfriday.Node, entering out(w, strongCloseTag) } case blackfriday.Link: - if !entering { - out(w, linkTag+string(node.LinkData.Destination)+linkCloseTag) + // Don't render the link text for automatic links, because this + // will only duplicate the URL in the roff output. + // See https://daringfireball.net/projects/markdown/syntax#autolink + if !bytes.Equal(node.LinkData.Destination, node.FirstChild.Literal) { + out(w, string(node.FirstChild.Literal)) } + // Hyphens in a link must be escaped to avoid word-wrap in the rendered man page. + escapedLink := strings.ReplaceAll(string(node.LinkData.Destination), "-", "\\-") + out(w, linkTag+escapedLink+linkCloseTag) + walkAction = blackfriday.SkipChildren case blackfriday.Image: // ignore images walkAction = blackfriday.SkipChildren @@ -122,14 +150,25 @@ func (r *roffRenderer) RenderNode(w io.Writer, node *blackfriday.Node, entering case blackfriday.Document: break case blackfriday.Paragraph: - // roff .PP markers break lists - if r.listDepth > 0 { - return blackfriday.GoToNext - } if entering { - out(w, paraTag) + if r.listDepth > 0 { + // roff .PP markers break lists + if node.Prev != nil { // continued paragraph + if node.Prev.Type == blackfriday.List && node.Prev.ListFlags&blackfriday.ListTypeDefinition == 0 { + out(w, ".IP\n") + } else { + out(w, crTag) + } + } + } else if node.Prev != nil && node.Prev.Type == blackfriday.Heading { + out(w, crTag) + } else { + out(w, paraTag) + } } else { - out(w, crTag) + if node.Next == nil || node.Next.Type != blackfriday.List { + out(w, crTag) + } } case blackfriday.BlockQuote: if entering { @@ -160,6 +199,11 @@ func (r *roffRenderer) RenderNode(w io.Writer, node *blackfriday.Node, entering r.handleTableCell(w, node, entering) case blackfriday.HTMLSpan: // ignore other HTML tags + case blackfriday.HTMLBlock: + if bytes.HasPrefix(node.Literal, []byte(" -[Unreleased 1.1.z]: https://github.com/opencontainers/runc/compare/v1.1.14...release-1.1 +[Unreleased 1.1.z]: https://github.com/opencontainers/runc/compare/v1.1.15...release-1.1 +[1.1.15]: https://github.com/opencontainers/runc/compare/v1.1.14...v1.1.15 [1.1.14]: https://github.com/opencontainers/runc/compare/v1.1.13...v1.1.14 [1.1.13]: https://github.com/opencontainers/runc/compare/v1.1.12...v1.1.13 [1.1.12]: https://github.com/opencontainers/runc/compare/v1.1.11...v1.1.12 From 5586d7caa1bed366065d2a610e839007575e822e Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 29 Oct 2024 17:11:56 -0700 Subject: [PATCH 0708/1176] libct: rm obsoleted comment This was added by commit f2f16213e when runc-dmz was still a thing. Signed-off-by: Kir Kolyshkin --- libcontainer/setns_init_linux.go | 5 ----- libcontainer/standard_init_linux.go | 5 ----- 2 files changed, 10 deletions(-) diff --git a/libcontainer/setns_init_linux.go b/libcontainer/setns_init_linux.go index e03ab634b2d..92c6ef77030 100644 --- a/libcontainer/setns_init_linux.go +++ b/libcontainer/setns_init_linux.go @@ -150,11 +150,6 @@ func (l *linuxSetnsInit) Init() error { // (otherwise the (*os.File) finaliser could close the wrong file). See // CVE-2024-21626 for more information as to why this protection is // necessary. - // - // This is not needed for runc-dmz, because the extra execve(2) step means - // that all O_CLOEXEC file descriptors have already been closed and thus - // the second execve(2) from runc-dmz cannot access internal file - // descriptors from runc. if err := utils.UnsafeCloseFrom(l.config.PassedFilesCount + 3); err != nil { return err } diff --git a/libcontainer/standard_init_linux.go b/libcontainer/standard_init_linux.go index 4631f249ee2..9f7fa45d533 100644 --- a/libcontainer/standard_init_linux.go +++ b/libcontainer/standard_init_linux.go @@ -284,11 +284,6 @@ func (l *linuxStandardInit) Init() error { // (otherwise the (*os.File) finaliser could close the wrong file). See // CVE-2024-21626 for more information as to why this protection is // necessary. - // - // This is not needed for runc-dmz, because the extra execve(2) step means - // that all O_CLOEXEC file descriptors have already been closed and thus - // the second execve(2) from runc-dmz cannot access internal file - // descriptors from runc. if err := utils.UnsafeCloseFrom(l.config.PassedFilesCount + 3); err != nil { return err } From 80c46d31c4326c7ad328e9173e0f8c8262198d48 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 2 Nov 2024 00:36:10 +0000 Subject: [PATCH 0709/1176] build(deps): bump golang.org/x/net from 0.24.0 to 0.30.0 Bumps [golang.org/x/net](https://github.com/golang/net) from 0.24.0 to 0.30.0. - [Commits](https://github.com/golang/net/compare/v0.24.0...v0.30.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- vendor/golang.org/x/net/LICENSE | 4 ++-- vendor/modules.txt | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index f4f1482d885..221b54d6f4b 100644 --- a/go.mod +++ b/go.mod @@ -26,7 +26,7 @@ require ( github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 github.com/urfave/cli v1.22.16 github.com/vishvananda/netlink v1.3.0 - golang.org/x/net v0.24.0 + golang.org/x/net v0.30.0 golang.org/x/sys v0.26.0 google.golang.org/protobuf v1.35.1 ) diff --git a/go.sum b/go.sum index 3c409e5772b..f9800161422 100644 --- a/go.sum +++ b/go.sum @@ -83,8 +83,8 @@ github.com/vishvananda/netns v0.0.4 h1:Oeaw1EM2JMxD51g9uhtC0D7erkIjgmj8+JZc26m1Y github.com/vishvananda/netns v0.0.4/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM= golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2 h1:Jvc7gsqn21cJHCmAWx0LiimpP18LZmUxkT5Mp7EZ1mI= golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= -golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w= -golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8= +golang.org/x/net v0.30.0 h1:AcW1SDZMkb8IpzCdQUaIq2sP4sZ4zw+55h6ynffypl4= +golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU= golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= diff --git a/vendor/golang.org/x/net/LICENSE b/vendor/golang.org/x/net/LICENSE index 6a66aea5eaf..2a7cf70da6e 100644 --- a/vendor/golang.org/x/net/LICENSE +++ b/vendor/golang.org/x/net/LICENSE @@ -1,4 +1,4 @@ -Copyright (c) 2009 The Go Authors. All rights reserved. +Copyright 2009 The Go Authors. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are @@ -10,7 +10,7 @@ notice, this list of conditions and the following disclaimer. copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. - * Neither the name of Google Inc. nor the names of its + * Neither the name of Google LLC nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. diff --git a/vendor/modules.txt b/vendor/modules.txt index ea5918abbde..c26b2f1cf9e 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -81,7 +81,7 @@ github.com/vishvananda/netns # golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2 ## explicit; go 1.18 golang.org/x/exp/constraints -# golang.org/x/net v0.24.0 +# golang.org/x/net v0.30.0 ## explicit; go 1.18 golang.org/x/net/bpf # golang.org/x/sys v0.26.0 From 609e9a51345288e2acc6cfd03ca95da9a72c804e Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 1 Nov 2024 16:44:02 -0700 Subject: [PATCH 0710/1176] Vagrantfile.fedora: stop using dnf shell In Fedora 41, dnf5 is used and it does not have dnf shell. Let's use old dnf update; dnf install instead. It is two transactions instead of one, but dnf5 is faster. While at it: - add `--setopt=tsflags=nodocs` as we don't need docs in CI; - change golang-go to golang as this is a new rpm name; - remove gcc as it is now required by golang-bin; - remove container-selinux, criu, fuse-sshfs, iptables from rpms as they are already installed. Signed-off-by: Kir Kolyshkin --- Vagrantfile.fedora | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/Vagrantfile.fedora b/Vagrantfile.fedora index 4863808ee51..1d77c95136a 100644 --- a/Vagrantfile.fedora +++ b/Vagrantfile.fedora @@ -15,18 +15,12 @@ Vagrant.configure("2") do |config| end config.vm.provision "shell", inline: <<-SHELL set -e -u -o pipefail - # Work around dnf mirror failures by retrying a few times + DNF_OPTS="-y --setopt=install_weak_deps=False --setopt=tsflags=nodocs --exclude=kernel,kernel-core" + RPMS="bats git-core glibc-static golang jq libseccomp-devel make" + # Work around dnf mirror failures by retrying a few times. for i in $(seq 0 2); do sleep $i - # "config exclude" dnf shell command is not working in Fedora 35 - # (see https://bugzilla.redhat.com/show_bug.cgi?id=2022571); - # the workaround is to specify it as an option. - cat << EOF | dnf -y --exclude=kernel,kernel-core shell && break -config install_weak_deps false -update -install iptables gcc golang-go make glibc-static libseccomp-devel bats jq git-core criu fuse-sshfs container-selinux -ts run -EOF + dnf $DNF_OPTS update && dnf $DNF_OPTS install $RPMS && break done dnf clean all From 9ce7392b59448f8eb9021cdf04b5c462638b167e Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Sat, 2 Nov 2024 07:38:16 +0900 Subject: [PATCH 0711/1176] Vagrantfile.fedora: bump Fedora to 41 Signed-off-by: Akihiro Suda --- Vagrantfile.fedora | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Vagrantfile.fedora b/Vagrantfile.fedora index 1d77c95136a..f0099721521 100644 --- a/Vagrantfile.fedora +++ b/Vagrantfile.fedora @@ -2,9 +2,9 @@ # vi: set ft=ruby : Vagrant.configure("2") do |config| - config.vm.box = "fedora-40" + config.vm.box = "fedora-41" # For URL, check https://www.fedoraproject.org/cloud/download - config.vm.box_url = "https://download.fedoraproject.org/pub/fedora/linux/releases/40/Cloud/x86_64/images/Fedora-Cloud-Base-Vagrant-libvirt.x86_64-40-1.14.vagrant.libvirt.box" + config.vm.box_url = "https://download.fedoraproject.org/pub/fedora/linux/releases/41/Cloud/x86_64/images/Fedora-Cloud-Base-Vagrant-libvirt-41-1.4.x86_64.vagrant.libvirt.box" config.vm.provider :virtualbox do |v| v.memory = 2048 v.cpus = 2 From 9bc42d61bb6ce280c48a6b491357ec773b2adf45 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Mon, 4 Nov 2024 20:41:21 +1100 Subject: [PATCH 0712/1176] dmz: overlay: set xino=off to disable dmesg spam If /run/runc and /usr/bin are on different filesystems, overlayfs may enable the xino feature which results in the following log message: kernel: overlayfs: "xino" feature enabled using 3 upper inode bits. Each time we have to protect /proc/self/exe. So disable xino to remove the log message (we don't care about the inode numbers of the files anyway). Signed-off-by: Aleksa Sarai --- libcontainer/dmz/overlayfs_linux.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/libcontainer/dmz/overlayfs_linux.go b/libcontainer/dmz/overlayfs_linux.go index 92cb1944e59..b81b7025895 100644 --- a/libcontainer/dmz/overlayfs_linux.go +++ b/libcontainer/dmz/overlayfs_linux.go @@ -84,6 +84,13 @@ func sealedOverlayfs(binPath, tmpDir string) (_ *os.File, Err error) { return nil, fmt.Errorf("fsconfig set overlayfs lowerdir=%s: %w", lowerDirStr, err) } + // We don't care about xino (Linux 4.17) but it will be auto-enabled on + // some systems (if /run/runc and /usr/bin are on different filesystems) + // and this produces spurious dmesg log entries. We can safely ignore + // errors when disabling this because we don't actually care about the + // setting and we're just opportunistically disabling it. + _ = unix.FsconfigSetString(int(overlayCtx.Fd()), "xino", "off") + // Get an actual handle to the overlayfs. if err := unix.FsconfigCreate(int(overlayCtx.Fd())); err != nil { return nil, os.NewSyscallError("fsconfig create overlayfs", err) From aa505bfa89a6feaae5378a7a6e5166886f8bc0fc Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Mon, 4 Nov 2024 20:47:07 +1100 Subject: [PATCH 0713/1176] memfd-bind: mention that overlayfs obviates the need for it Signed-off-by: Aleksa Sarai --- contrib/cmd/memfd-bind/README.md | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/contrib/cmd/memfd-bind/README.md b/contrib/cmd/memfd-bind/README.md index a83cc78208c..e529eacfeaf 100644 --- a/contrib/cmd/memfd-bind/README.md +++ b/contrib/cmd/memfd-bind/README.md @@ -1,6 +1,15 @@ ## memfd-bind ## -`runc` normally has to make a binary copy of itself when constructing a +> **NOTE**: Since runc 1.2.0, runc will now use a private overlayfs mount to +> protect the runc binary. This protection is far more light-weight than +> memfd-bind, and for most users this should obviate the need for `memfd-bind` +> entirely. Rootless containers will still make a memfd copy (unless you are +> using `runc` itself inside a user namespace -- a-la +> [`rootlesskit`][rootlesskit]), but `memfd-bind` is not particularly useful +> for rootless container users anyway (see [Caveats](#Caveats) for more +> details). + +`runc` sometimes has to make a binary copy of itself when constructing a container process in order to defend against certain container runtime attacks such as CVE-2019-5736. @@ -38,6 +47,8 @@ much memory usage they can use: container process setup takes up about 10MB per process spawned inside the container by runc (both pid1 and `runc exec`). +[rootlesskit]: https://github.com/rootless-containers/rootlesskit + ### Caveats ### There are several downsides with using `memfd-bind` on the `runc` binary: From b9dfb22dbfefe0b211adfe634d5348cd1ad39266 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Mon, 4 Nov 2024 20:49:42 +1100 Subject: [PATCH 0714/1176] readme: drop unused memfd-bind reference Fixes: 871057d863e8 ("drop runc-dmz solution according to overlay solution") Signed-off-by: Aleksa Sarai --- README.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/README.md b/README.md index 8cbe1fe6878..50fcd4e9222 100644 --- a/README.md +++ b/README.md @@ -113,8 +113,6 @@ The following build tags were used earlier, but are now obsoleted: - **apparmor** (since runc v1.0.0-rc93 the feature is always enabled) - **selinux** (since runc v1.0.0-rc93 the feature is always enabled) - [contrib-memfd-bind]: /contrib/cmd/memfd-bind/README.md - ### Running the test suite `runc` currently supports running its test suite via Docker. From 5000f1697c7562e8fbc725da99e457949d4db1c6 Mon Sep 17 00:00:00 2001 From: lfbzhm Date: Wed, 6 Nov 2024 13:25:06 +0000 Subject: [PATCH 0715/1176] Temporary set vagrant to 2.4.1-1 Signed-off-by: lfbzhm --- .cirrus.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.cirrus.yml b/.cirrus.yml index e63ef51cf1a..d76a78bbd5c 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -42,7 +42,8 @@ task: echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list sudo sed -i 's/^# deb-src/deb-src/' /etc/apt/sources.list apt-get update - apt-get install -y libvirt-daemon libvirt-daemon-system vagrant + # Temporary set vagrant to 2.4.1-1 because of https://github.com/hashicorp/vagrant/pull/13532 + apt-get install -y libvirt-daemon libvirt-daemon-system vagrant=2.4.1-1 systemctl enable --now libvirtd apt-get build-dep -y vagrant ruby-libvirt apt-get install -y --no-install-recommends libxslt-dev libxml2-dev libvirt-dev ruby-bundler ruby-dev zlib1g-dev From 9cb59b46590329861c3e5701326821a7c613178c Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 4 Nov 2024 18:05:41 -0800 Subject: [PATCH 0716/1176] ci: rm "skip on CentOS 7" kludges We no longer test on CentOS 7. Remove the internal/testutil package as it has no other uses. Signed-off-by: Kir Kolyshkin --- internal/testutil/testutil.go | 30 -------------------- libcontainer/cgroups/devices/systemd_test.go | 5 ---- libcontainer/cgroups/file_test.go | 4 --- 3 files changed, 39 deletions(-) delete mode 100644 internal/testutil/testutil.go diff --git a/internal/testutil/testutil.go b/internal/testutil/testutil.go deleted file mode 100644 index 9df3ed1f68e..00000000000 --- a/internal/testutil/testutil.go +++ /dev/null @@ -1,30 +0,0 @@ -package testutil - -import ( - "os/exec" - "strconv" - "sync" - "testing" -) - -var ( - centosVer string - centosVerOnce sync.Once -) - -func centosVersion() string { - centosVerOnce.Do(func() { - ver, _ := exec.Command("rpm", "-q", "--qf", "%{version}", "centos-release").CombinedOutput() - centosVer = string(ver) - }) - return centosVer -} - -func SkipOnCentOS(t *testing.T, reason string, versions ...int) { - t.Helper() - for _, v := range versions { - if vstr := strconv.Itoa(v); centosVersion() == vstr { - t.Skip(reason + " on CentOS " + vstr) - } - } -} diff --git a/libcontainer/cgroups/devices/systemd_test.go b/libcontainer/cgroups/devices/systemd_test.go index 7bae2f7406a..2ab4b253529 100644 --- a/libcontainer/cgroups/devices/systemd_test.go +++ b/libcontainer/cgroups/devices/systemd_test.go @@ -8,7 +8,6 @@ import ( "strings" "testing" - "github.com/opencontainers/runc/internal/testutil" "github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/cgroups/systemd" "github.com/opencontainers/runc/libcontainer/configs" @@ -27,8 +26,6 @@ func TestPodSkipDevicesUpdate(t *testing.T) { if os.Geteuid() != 0 { t.Skip("Test requires root.") } - // https://github.com/opencontainers/runc/issues/3743. - testutil.SkipOnCentOS(t, "Flaky (#3743)", 7) podName := "system-runc_test_pod" + t.Name() + ".slice" podConfig := &configs.Cgroup{ @@ -126,8 +123,6 @@ func testSkipDevices(t *testing.T, skipDevices bool, expected []string) { if os.Geteuid() != 0 { t.Skip("Test requires root.") } - // https://github.com/opencontainers/runc/issues/3743. - testutil.SkipOnCentOS(t, "Flaky (#3743)", 7) podConfig := &configs.Cgroup{ Parent: "system.slice", diff --git a/libcontainer/cgroups/file_test.go b/libcontainer/cgroups/file_test.go index 5ce43838018..3a9fac32935 100644 --- a/libcontainer/cgroups/file_test.go +++ b/libcontainer/cgroups/file_test.go @@ -8,13 +8,9 @@ import ( "strconv" "testing" "time" - - "github.com/opencontainers/runc/internal/testutil" ) func TestWriteCgroupFileHandlesInterrupt(t *testing.T) { - testutil.SkipOnCentOS(t, "Flaky (see #3418)", 7) - const ( memoryCgroupMount = "/sys/fs/cgroup/memory" memoryLimit = "memory.limit_in_bytes" From ec5e7eb70abda78fa0591a4ca616015247ad04ee Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 8 Nov 2024 04:29:56 +0000 Subject: [PATCH 0717/1176] build(deps): bump golang.org/x/sys from 0.26.0 to 0.27.0 Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.26.0 to 0.27.0. - [Commits](https://github.com/golang/sys/compare/v0.26.0...v0.27.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 +- vendor/golang.org/x/sys/unix/ioctl_linux.go | 96 +++++++++++++ vendor/golang.org/x/sys/unix/mkerrors.sh | 12 ++ vendor/golang.org/x/sys/unix/syscall_linux.go | 1 + .../x/sys/unix/syscall_zos_s390x.go | 104 ++++++++++++++- vendor/golang.org/x/sys/unix/zerrors_linux.go | 22 +++ .../x/sys/unix/zerrors_linux_386.go | 14 ++ .../x/sys/unix/zerrors_linux_amd64.go | 14 ++ .../x/sys/unix/zerrors_linux_arm.go | 14 ++ .../x/sys/unix/zerrors_linux_arm64.go | 14 ++ .../x/sys/unix/zerrors_linux_loong64.go | 14 ++ .../x/sys/unix/zerrors_linux_mips.go | 14 ++ .../x/sys/unix/zerrors_linux_mips64.go | 14 ++ .../x/sys/unix/zerrors_linux_mips64le.go | 14 ++ .../x/sys/unix/zerrors_linux_mipsle.go | 14 ++ .../x/sys/unix/zerrors_linux_ppc.go | 14 ++ .../x/sys/unix/zerrors_linux_ppc64.go | 14 ++ .../x/sys/unix/zerrors_linux_ppc64le.go | 14 ++ .../x/sys/unix/zerrors_linux_riscv64.go | 14 ++ .../x/sys/unix/zerrors_linux_s390x.go | 14 ++ .../x/sys/unix/zerrors_linux_sparc64.go | 14 ++ .../golang.org/x/sys/unix/zsyscall_linux.go | 10 ++ vendor/golang.org/x/sys/unix/ztypes_linux.go | 120 ++++++++++++++++- .../golang.org/x/sys/unix/ztypes_zos_s390x.go | 6 + .../x/sys/windows/syscall_windows.go | 34 ++--- .../golang.org/x/sys/windows/types_windows.go | 126 ++++++++++++++++++ .../x/sys/windows/zsyscall_windows.go | 53 ++++++++ vendor/modules.txt | 2 +- 29 files changed, 771 insertions(+), 31 deletions(-) diff --git a/go.mod b/go.mod index 221b54d6f4b..baac371b0c6 100644 --- a/go.mod +++ b/go.mod @@ -27,7 +27,7 @@ require ( github.com/urfave/cli v1.22.16 github.com/vishvananda/netlink v1.3.0 golang.org/x/net v0.30.0 - golang.org/x/sys v0.26.0 + golang.org/x/sys v0.27.0 google.golang.org/protobuf v1.35.1 ) diff --git a/go.sum b/go.sum index f9800161422..5b557c595d4 100644 --- a/go.sum +++ b/go.sum @@ -92,8 +92,8 @@ golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo= -golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.27.0 h1:wBqf8DvsY9Y/2P8gAfPDEYNuS30J4lPHJxXSb/nJZ+s= +golang.org/x/sys v0.27.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= diff --git a/vendor/golang.org/x/sys/unix/ioctl_linux.go b/vendor/golang.org/x/sys/unix/ioctl_linux.go index dbe680eab88..7ca4fa12aa6 100644 --- a/vendor/golang.org/x/sys/unix/ioctl_linux.go +++ b/vendor/golang.org/x/sys/unix/ioctl_linux.go @@ -58,6 +58,102 @@ func IoctlGetEthtoolDrvinfo(fd int, ifname string) (*EthtoolDrvinfo, error) { return &value, err } +// IoctlGetEthtoolTsInfo fetches ethtool timestamping and PHC +// association for the network device specified by ifname. +func IoctlGetEthtoolTsInfo(fd int, ifname string) (*EthtoolTsInfo, error) { + ifr, err := NewIfreq(ifname) + if err != nil { + return nil, err + } + + value := EthtoolTsInfo{Cmd: ETHTOOL_GET_TS_INFO} + ifrd := ifr.withData(unsafe.Pointer(&value)) + + err = ioctlIfreqData(fd, SIOCETHTOOL, &ifrd) + return &value, err +} + +// IoctlGetHwTstamp retrieves the hardware timestamping configuration +// for the network device specified by ifname. +func IoctlGetHwTstamp(fd int, ifname string) (*HwTstampConfig, error) { + ifr, err := NewIfreq(ifname) + if err != nil { + return nil, err + } + + value := HwTstampConfig{} + ifrd := ifr.withData(unsafe.Pointer(&value)) + + err = ioctlIfreqData(fd, SIOCGHWTSTAMP, &ifrd) + return &value, err +} + +// IoctlSetHwTstamp updates the hardware timestamping configuration for +// the network device specified by ifname. +func IoctlSetHwTstamp(fd int, ifname string, cfg *HwTstampConfig) error { + ifr, err := NewIfreq(ifname) + if err != nil { + return err + } + ifrd := ifr.withData(unsafe.Pointer(cfg)) + return ioctlIfreqData(fd, SIOCSHWTSTAMP, &ifrd) +} + +// FdToClockID derives the clock ID from the file descriptor number +// - see clock_gettime(3), FD_TO_CLOCKID macros. The resulting ID is +// suitable for system calls like ClockGettime. +func FdToClockID(fd int) int32 { return int32((int(^fd) << 3) | 3) } + +// IoctlPtpClockGetcaps returns the description of a given PTP device. +func IoctlPtpClockGetcaps(fd int) (*PtpClockCaps, error) { + var value PtpClockCaps + err := ioctlPtr(fd, PTP_CLOCK_GETCAPS2, unsafe.Pointer(&value)) + return &value, err +} + +// IoctlPtpSysOffsetPrecise returns a description of the clock +// offset compared to the system clock. +func IoctlPtpSysOffsetPrecise(fd int) (*PtpSysOffsetPrecise, error) { + var value PtpSysOffsetPrecise + err := ioctlPtr(fd, PTP_SYS_OFFSET_PRECISE2, unsafe.Pointer(&value)) + return &value, err +} + +// IoctlPtpSysOffsetExtended returns an extended description of the +// clock offset compared to the system clock. The samples parameter +// specifies the desired number of measurements. +func IoctlPtpSysOffsetExtended(fd int, samples uint) (*PtpSysOffsetExtended, error) { + value := PtpSysOffsetExtended{Samples: uint32(samples)} + err := ioctlPtr(fd, PTP_SYS_OFFSET_EXTENDED2, unsafe.Pointer(&value)) + return &value, err +} + +// IoctlPtpPinGetfunc returns the configuration of the specified +// I/O pin on given PTP device. +func IoctlPtpPinGetfunc(fd int, index uint) (*PtpPinDesc, error) { + value := PtpPinDesc{Index: uint32(index)} + err := ioctlPtr(fd, PTP_PIN_GETFUNC2, unsafe.Pointer(&value)) + return &value, err +} + +// IoctlPtpPinSetfunc updates configuration of the specified PTP +// I/O pin. +func IoctlPtpPinSetfunc(fd int, pd *PtpPinDesc) error { + return ioctlPtr(fd, PTP_PIN_SETFUNC2, unsafe.Pointer(pd)) +} + +// IoctlPtpPeroutRequest configures the periodic output mode of the +// PTP I/O pins. +func IoctlPtpPeroutRequest(fd int, r *PtpPeroutRequest) error { + return ioctlPtr(fd, PTP_PEROUT_REQUEST2, unsafe.Pointer(r)) +} + +// IoctlPtpExttsRequest configures the external timestamping mode +// of the PTP I/O pins. +func IoctlPtpExttsRequest(fd int, r *PtpExttsRequest) error { + return ioctlPtr(fd, PTP_EXTTS_REQUEST2, unsafe.Pointer(r)) +} + // IoctlGetWatchdogInfo fetches information about a watchdog device from the // Linux watchdog API. For more information, see: // https://www.kernel.org/doc/html/latest/watchdog/watchdog-api.html. diff --git a/vendor/golang.org/x/sys/unix/mkerrors.sh b/vendor/golang.org/x/sys/unix/mkerrors.sh index ac54ecaba0a..6ab02b6c312 100644 --- a/vendor/golang.org/x/sys/unix/mkerrors.sh +++ b/vendor/golang.org/x/sys/unix/mkerrors.sh @@ -158,6 +158,16 @@ includes_Linux=' #endif #define _GNU_SOURCE +// See the description in unix/linux/types.go +#if defined(__ARM_EABI__) || \ + (defined(__mips__) && (_MIPS_SIM == _ABIO32)) || \ + (defined(__powerpc__) && (!defined(__powerpc64__))) +# ifdef _TIME_BITS +# undef _TIME_BITS +# endif +# define _TIME_BITS 32 +#endif + // is broken on powerpc64, as it fails to include definitions of // these structures. We just include them copied from . #if defined(__powerpc__) @@ -256,6 +266,7 @@ struct ltchars { #include #include #include +#include #include #include #include @@ -527,6 +538,7 @@ ccflags="$@" $2 ~ /^(AF|SOCK|SO|SOL|IPPROTO|IP|IPV6|TCP|MCAST|EVFILT|NOTE|SHUT|PROT|MAP|MREMAP|MFD|T?PACKET|MSG|SCM|MCL|DT|MADV|PR|LOCAL|TCPOPT|UDP)_/ || $2 ~ /^NFC_(GENL|PROTO|COMM|RF|SE|DIRECTION|LLCP|SOCKPROTO)_/ || $2 ~ /^NFC_.*_(MAX)?SIZE$/ || + $2 ~ /^PTP_/ || $2 ~ /^RAW_PAYLOAD_/ || $2 ~ /^[US]F_/ || $2 ~ /^TP_STATUS_/ || diff --git a/vendor/golang.org/x/sys/unix/syscall_linux.go b/vendor/golang.org/x/sys/unix/syscall_linux.go index f08abd434ff..230a94549a7 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux.go @@ -1860,6 +1860,7 @@ func Sendfile(outfd int, infd int, offset *int64, count int) (written int, err e //sys ClockAdjtime(clockid int32, buf *Timex) (state int, err error) //sys ClockGetres(clockid int32, res *Timespec) (err error) //sys ClockGettime(clockid int32, time *Timespec) (err error) +//sys ClockSettime(clockid int32, time *Timespec) (err error) //sys ClockNanosleep(clockid int32, flags int, request *Timespec, remain *Timespec) (err error) //sys Close(fd int) (err error) //sys CloseRange(first uint, last uint, flags uint) (err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go b/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go index 312ae6ac1d2..7bf5c04bb0a 100644 --- a/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go +++ b/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go @@ -768,6 +768,15 @@ func Munmap(b []byte) (err error) { return mapper.Munmap(b) } +func MmapPtr(fd int, offset int64, addr unsafe.Pointer, length uintptr, prot int, flags int) (ret unsafe.Pointer, err error) { + xaddr, err := mapper.mmap(uintptr(addr), length, prot, flags, fd, offset) + return unsafe.Pointer(xaddr), err +} + +func MunmapPtr(addr unsafe.Pointer, length uintptr) (err error) { + return mapper.munmap(uintptr(addr), length) +} + //sys Gethostname(buf []byte) (err error) = SYS___GETHOSTNAME_A //sysnb Getgid() (gid int) //sysnb Getpid() (pid int) @@ -816,10 +825,10 @@ func Lstat(path string, stat *Stat_t) (err error) { // for checking symlinks begins with $VERSION/ $SYSNAME/ $SYSSYMR/ $SYSSYMA/ func isSpecialPath(path []byte) (v bool) { var special = [4][8]byte{ - [8]byte{'V', 'E', 'R', 'S', 'I', 'O', 'N', '/'}, - [8]byte{'S', 'Y', 'S', 'N', 'A', 'M', 'E', '/'}, - [8]byte{'S', 'Y', 'S', 'S', 'Y', 'M', 'R', '/'}, - [8]byte{'S', 'Y', 'S', 'S', 'Y', 'M', 'A', '/'}} + {'V', 'E', 'R', 'S', 'I', 'O', 'N', '/'}, + {'S', 'Y', 'S', 'N', 'A', 'M', 'E', '/'}, + {'S', 'Y', 'S', 'S', 'Y', 'M', 'R', '/'}, + {'S', 'Y', 'S', 'S', 'Y', 'M', 'A', '/'}} var i, j int for i = 0; i < len(special); i++ { @@ -3115,3 +3124,90 @@ func legacy_Mkfifoat(dirfd int, path string, mode uint32) (err error) { //sys Posix_openpt(oflag int) (fd int, err error) = SYS_POSIX_OPENPT //sys Grantpt(fildes int) (rc int, err error) = SYS_GRANTPT //sys Unlockpt(fildes int) (rc int, err error) = SYS_UNLOCKPT + +func fcntlAsIs(fd uintptr, cmd int, arg uintptr) (val int, err error) { + runtime.EnterSyscall() + r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_FCNTL<<4, uintptr(fd), uintptr(cmd), arg) + runtime.ExitSyscall() + val = int(r0) + if int64(r0) == -1 { + err = errnoErr2(e1, e2) + } + return +} + +func Fcntl(fd uintptr, cmd int, op interface{}) (ret int, err error) { + switch op.(type) { + case *Flock_t: + err = FcntlFlock(fd, cmd, op.(*Flock_t)) + if err != nil { + ret = -1 + } + return + case int: + return FcntlInt(fd, cmd, op.(int)) + case *F_cnvrt: + return fcntlAsIs(fd, cmd, uintptr(unsafe.Pointer(op.(*F_cnvrt)))) + case unsafe.Pointer: + return fcntlAsIs(fd, cmd, uintptr(op.(unsafe.Pointer))) + default: + return -1, EINVAL + } + return +} + +func Sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) { + if raceenabled { + raceReleaseMerge(unsafe.Pointer(&ioSync)) + } + return sendfile(outfd, infd, offset, count) +} + +func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) { + // TODO: use LE call instead if the call is implemented + originalOffset, err := Seek(infd, 0, SEEK_CUR) + if err != nil { + return -1, err + } + //start reading data from in_fd + if offset != nil { + _, err := Seek(infd, *offset, SEEK_SET) + if err != nil { + return -1, err + } + } + + buf := make([]byte, count) + readBuf := make([]byte, 0) + var n int = 0 + for i := 0; i < count; i += n { + n, err := Read(infd, buf) + if n == 0 { + if err != nil { + return -1, err + } else { // EOF + break + } + } + readBuf = append(readBuf, buf...) + buf = buf[0:0] + } + + n2, err := Write(outfd, readBuf) + if err != nil { + return -1, err + } + + //When sendfile() returns, this variable will be set to the + // offset of the byte following the last byte that was read. + if offset != nil { + *offset = *offset + int64(n) + // If offset is not NULL, then sendfile() does not modify the file + // offset of in_fd + _, err := Seek(infd, originalOffset, SEEK_SET) + if err != nil { + return -1, err + } + } + return n2, nil +} diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux.go b/vendor/golang.org/x/sys/unix/zerrors_linux.go index de3b462489c..ccba391c9fb 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux.go @@ -2625,6 +2625,28 @@ const ( PR_UNALIGN_NOPRINT = 0x1 PR_UNALIGN_SIGBUS = 0x2 PSTOREFS_MAGIC = 0x6165676c + PTP_CLK_MAGIC = '=' + PTP_ENABLE_FEATURE = 0x1 + PTP_EXTTS_EDGES = 0x6 + PTP_EXTTS_EVENT_VALID = 0x1 + PTP_EXTTS_V1_VALID_FLAGS = 0x7 + PTP_EXTTS_VALID_FLAGS = 0x1f + PTP_EXT_OFFSET = 0x10 + PTP_FALLING_EDGE = 0x4 + PTP_MAX_SAMPLES = 0x19 + PTP_PEROUT_DUTY_CYCLE = 0x2 + PTP_PEROUT_ONE_SHOT = 0x1 + PTP_PEROUT_PHASE = 0x4 + PTP_PEROUT_V1_VALID_FLAGS = 0x0 + PTP_PEROUT_VALID_FLAGS = 0x7 + PTP_PIN_GETFUNC = 0xc0603d06 + PTP_PIN_GETFUNC2 = 0xc0603d0f + PTP_RISING_EDGE = 0x2 + PTP_STRICT_FLAGS = 0x8 + PTP_SYS_OFFSET_EXTENDED = 0xc4c03d09 + PTP_SYS_OFFSET_EXTENDED2 = 0xc4c03d12 + PTP_SYS_OFFSET_PRECISE = 0xc0403d08 + PTP_SYS_OFFSET_PRECISE2 = 0xc0403d11 PTRACE_ATTACH = 0x10 PTRACE_CONT = 0x7 PTRACE_DETACH = 0x11 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go index 8aa6d77c018..0c00cb3f3af 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go @@ -237,6 +237,20 @@ const ( PPPIOCUNBRIDGECHAN = 0x7434 PPPIOCXFERUNIT = 0x744e PR_SET_PTRACER_ANY = 0xffffffff + PTP_CLOCK_GETCAPS = 0x80503d01 + PTP_CLOCK_GETCAPS2 = 0x80503d0a + PTP_ENABLE_PPS = 0x40043d04 + PTP_ENABLE_PPS2 = 0x40043d0d + PTP_EXTTS_REQUEST = 0x40103d02 + PTP_EXTTS_REQUEST2 = 0x40103d0b + PTP_MASK_CLEAR_ALL = 0x3d13 + PTP_MASK_EN_SINGLE = 0x40043d14 + PTP_PEROUT_REQUEST = 0x40383d03 + PTP_PEROUT_REQUEST2 = 0x40383d0c + PTP_PIN_SETFUNC = 0x40603d07 + PTP_PIN_SETFUNC2 = 0x40603d10 + PTP_SYS_OFFSET = 0x43403d05 + PTP_SYS_OFFSET2 = 0x43403d0e PTRACE_GETFPREGS = 0xe PTRACE_GETFPXREGS = 0x12 PTRACE_GET_THREAD_AREA = 0x19 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go index da428f42533..dfb364554dd 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go @@ -237,6 +237,20 @@ const ( PPPIOCUNBRIDGECHAN = 0x7434 PPPIOCXFERUNIT = 0x744e PR_SET_PTRACER_ANY = 0xffffffffffffffff + PTP_CLOCK_GETCAPS = 0x80503d01 + PTP_CLOCK_GETCAPS2 = 0x80503d0a + PTP_ENABLE_PPS = 0x40043d04 + PTP_ENABLE_PPS2 = 0x40043d0d + PTP_EXTTS_REQUEST = 0x40103d02 + PTP_EXTTS_REQUEST2 = 0x40103d0b + PTP_MASK_CLEAR_ALL = 0x3d13 + PTP_MASK_EN_SINGLE = 0x40043d14 + PTP_PEROUT_REQUEST = 0x40383d03 + PTP_PEROUT_REQUEST2 = 0x40383d0c + PTP_PIN_SETFUNC = 0x40603d07 + PTP_PIN_SETFUNC2 = 0x40603d10 + PTP_SYS_OFFSET = 0x43403d05 + PTP_SYS_OFFSET2 = 0x43403d0e PTRACE_ARCH_PRCTL = 0x1e PTRACE_GETFPREGS = 0xe PTRACE_GETFPXREGS = 0x12 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go index bf45bfec78a..d46dcf78abc 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go @@ -234,6 +234,20 @@ const ( PPPIOCUNBRIDGECHAN = 0x7434 PPPIOCXFERUNIT = 0x744e PR_SET_PTRACER_ANY = 0xffffffff + PTP_CLOCK_GETCAPS = 0x80503d01 + PTP_CLOCK_GETCAPS2 = 0x80503d0a + PTP_ENABLE_PPS = 0x40043d04 + PTP_ENABLE_PPS2 = 0x40043d0d + PTP_EXTTS_REQUEST = 0x40103d02 + PTP_EXTTS_REQUEST2 = 0x40103d0b + PTP_MASK_CLEAR_ALL = 0x3d13 + PTP_MASK_EN_SINGLE = 0x40043d14 + PTP_PEROUT_REQUEST = 0x40383d03 + PTP_PEROUT_REQUEST2 = 0x40383d0c + PTP_PIN_SETFUNC = 0x40603d07 + PTP_PIN_SETFUNC2 = 0x40603d10 + PTP_SYS_OFFSET = 0x43403d05 + PTP_SYS_OFFSET2 = 0x43403d0e PTRACE_GETCRUNCHREGS = 0x19 PTRACE_GETFDPIC = 0x1f PTRACE_GETFDPIC_EXEC = 0x0 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go index 71c67162b73..3af3248a7f2 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go @@ -240,6 +240,20 @@ const ( PROT_BTI = 0x10 PROT_MTE = 0x20 PR_SET_PTRACER_ANY = 0xffffffffffffffff + PTP_CLOCK_GETCAPS = 0x80503d01 + PTP_CLOCK_GETCAPS2 = 0x80503d0a + PTP_ENABLE_PPS = 0x40043d04 + PTP_ENABLE_PPS2 = 0x40043d0d + PTP_EXTTS_REQUEST = 0x40103d02 + PTP_EXTTS_REQUEST2 = 0x40103d0b + PTP_MASK_CLEAR_ALL = 0x3d13 + PTP_MASK_EN_SINGLE = 0x40043d14 + PTP_PEROUT_REQUEST = 0x40383d03 + PTP_PEROUT_REQUEST2 = 0x40383d0c + PTP_PIN_SETFUNC = 0x40603d07 + PTP_PIN_SETFUNC2 = 0x40603d10 + PTP_SYS_OFFSET = 0x43403d05 + PTP_SYS_OFFSET2 = 0x43403d0e PTRACE_PEEKMTETAGS = 0x21 PTRACE_POKEMTETAGS = 0x22 PTRACE_SYSEMU = 0x1f diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go index 9476628fa02..292bcf0283d 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go @@ -238,6 +238,20 @@ const ( PPPIOCUNBRIDGECHAN = 0x7434 PPPIOCXFERUNIT = 0x744e PR_SET_PTRACER_ANY = 0xffffffffffffffff + PTP_CLOCK_GETCAPS = 0x80503d01 + PTP_CLOCK_GETCAPS2 = 0x80503d0a + PTP_ENABLE_PPS = 0x40043d04 + PTP_ENABLE_PPS2 = 0x40043d0d + PTP_EXTTS_REQUEST = 0x40103d02 + PTP_EXTTS_REQUEST2 = 0x40103d0b + PTP_MASK_CLEAR_ALL = 0x3d13 + PTP_MASK_EN_SINGLE = 0x40043d14 + PTP_PEROUT_REQUEST = 0x40383d03 + PTP_PEROUT_REQUEST2 = 0x40383d0c + PTP_PIN_SETFUNC = 0x40603d07 + PTP_PIN_SETFUNC2 = 0x40603d10 + PTP_SYS_OFFSET = 0x43403d05 + PTP_SYS_OFFSET2 = 0x43403d0e PTRACE_SYSEMU = 0x1f PTRACE_SYSEMU_SINGLESTEP = 0x20 RLIMIT_AS = 0x9 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go index b9e85f3cf0c..782b7110fa1 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go @@ -234,6 +234,20 @@ const ( PPPIOCUNBRIDGECHAN = 0x20007434 PPPIOCXFERUNIT = 0x2000744e PR_SET_PTRACER_ANY = 0xffffffff + PTP_CLOCK_GETCAPS = 0x40503d01 + PTP_CLOCK_GETCAPS2 = 0x40503d0a + PTP_ENABLE_PPS = 0x80043d04 + PTP_ENABLE_PPS2 = 0x80043d0d + PTP_EXTTS_REQUEST = 0x80103d02 + PTP_EXTTS_REQUEST2 = 0x80103d0b + PTP_MASK_CLEAR_ALL = 0x20003d13 + PTP_MASK_EN_SINGLE = 0x80043d14 + PTP_PEROUT_REQUEST = 0x80383d03 + PTP_PEROUT_REQUEST2 = 0x80383d0c + PTP_PIN_SETFUNC = 0x80603d07 + PTP_PIN_SETFUNC2 = 0x80603d10 + PTP_SYS_OFFSET = 0x83403d05 + PTP_SYS_OFFSET2 = 0x83403d0e PTRACE_GETFPREGS = 0xe PTRACE_GET_THREAD_AREA = 0x19 PTRACE_GET_THREAD_AREA_3264 = 0xc4 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go index a48b68a7647..84973fd9271 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go @@ -234,6 +234,20 @@ const ( PPPIOCUNBRIDGECHAN = 0x20007434 PPPIOCXFERUNIT = 0x2000744e PR_SET_PTRACER_ANY = 0xffffffffffffffff + PTP_CLOCK_GETCAPS = 0x40503d01 + PTP_CLOCK_GETCAPS2 = 0x40503d0a + PTP_ENABLE_PPS = 0x80043d04 + PTP_ENABLE_PPS2 = 0x80043d0d + PTP_EXTTS_REQUEST = 0x80103d02 + PTP_EXTTS_REQUEST2 = 0x80103d0b + PTP_MASK_CLEAR_ALL = 0x20003d13 + PTP_MASK_EN_SINGLE = 0x80043d14 + PTP_PEROUT_REQUEST = 0x80383d03 + PTP_PEROUT_REQUEST2 = 0x80383d0c + PTP_PIN_SETFUNC = 0x80603d07 + PTP_PIN_SETFUNC2 = 0x80603d10 + PTP_SYS_OFFSET = 0x83403d05 + PTP_SYS_OFFSET2 = 0x83403d0e PTRACE_GETFPREGS = 0xe PTRACE_GET_THREAD_AREA = 0x19 PTRACE_GET_THREAD_AREA_3264 = 0xc4 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go index ea00e8522a1..6d9cbc3b274 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go @@ -234,6 +234,20 @@ const ( PPPIOCUNBRIDGECHAN = 0x20007434 PPPIOCXFERUNIT = 0x2000744e PR_SET_PTRACER_ANY = 0xffffffffffffffff + PTP_CLOCK_GETCAPS = 0x40503d01 + PTP_CLOCK_GETCAPS2 = 0x40503d0a + PTP_ENABLE_PPS = 0x80043d04 + PTP_ENABLE_PPS2 = 0x80043d0d + PTP_EXTTS_REQUEST = 0x80103d02 + PTP_EXTTS_REQUEST2 = 0x80103d0b + PTP_MASK_CLEAR_ALL = 0x20003d13 + PTP_MASK_EN_SINGLE = 0x80043d14 + PTP_PEROUT_REQUEST = 0x80383d03 + PTP_PEROUT_REQUEST2 = 0x80383d0c + PTP_PIN_SETFUNC = 0x80603d07 + PTP_PIN_SETFUNC2 = 0x80603d10 + PTP_SYS_OFFSET = 0x83403d05 + PTP_SYS_OFFSET2 = 0x83403d0e PTRACE_GETFPREGS = 0xe PTRACE_GET_THREAD_AREA = 0x19 PTRACE_GET_THREAD_AREA_3264 = 0xc4 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go index 91c64687176..5f9fedbce02 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go @@ -234,6 +234,20 @@ const ( PPPIOCUNBRIDGECHAN = 0x20007434 PPPIOCXFERUNIT = 0x2000744e PR_SET_PTRACER_ANY = 0xffffffff + PTP_CLOCK_GETCAPS = 0x40503d01 + PTP_CLOCK_GETCAPS2 = 0x40503d0a + PTP_ENABLE_PPS = 0x80043d04 + PTP_ENABLE_PPS2 = 0x80043d0d + PTP_EXTTS_REQUEST = 0x80103d02 + PTP_EXTTS_REQUEST2 = 0x80103d0b + PTP_MASK_CLEAR_ALL = 0x20003d13 + PTP_MASK_EN_SINGLE = 0x80043d14 + PTP_PEROUT_REQUEST = 0x80383d03 + PTP_PEROUT_REQUEST2 = 0x80383d0c + PTP_PIN_SETFUNC = 0x80603d07 + PTP_PIN_SETFUNC2 = 0x80603d10 + PTP_SYS_OFFSET = 0x83403d05 + PTP_SYS_OFFSET2 = 0x83403d0e PTRACE_GETFPREGS = 0xe PTRACE_GET_THREAD_AREA = 0x19 PTRACE_GET_THREAD_AREA_3264 = 0xc4 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go index 8cbf38d6390..bb0026ee0c4 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go @@ -237,6 +237,20 @@ const ( PPPIOCXFERUNIT = 0x2000744e PROT_SAO = 0x10 PR_SET_PTRACER_ANY = 0xffffffff + PTP_CLOCK_GETCAPS = 0x40503d01 + PTP_CLOCK_GETCAPS2 = 0x40503d0a + PTP_ENABLE_PPS = 0x80043d04 + PTP_ENABLE_PPS2 = 0x80043d0d + PTP_EXTTS_REQUEST = 0x80103d02 + PTP_EXTTS_REQUEST2 = 0x80103d0b + PTP_MASK_CLEAR_ALL = 0x20003d13 + PTP_MASK_EN_SINGLE = 0x80043d14 + PTP_PEROUT_REQUEST = 0x80383d03 + PTP_PEROUT_REQUEST2 = 0x80383d0c + PTP_PIN_SETFUNC = 0x80603d07 + PTP_PIN_SETFUNC2 = 0x80603d10 + PTP_SYS_OFFSET = 0x83403d05 + PTP_SYS_OFFSET2 = 0x83403d0e PTRACE_GETEVRREGS = 0x14 PTRACE_GETFPREGS = 0xe PTRACE_GETREGS64 = 0x16 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go index a2df7341917..46120db5c9a 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go @@ -237,6 +237,20 @@ const ( PPPIOCXFERUNIT = 0x2000744e PROT_SAO = 0x10 PR_SET_PTRACER_ANY = 0xffffffffffffffff + PTP_CLOCK_GETCAPS = 0x40503d01 + PTP_CLOCK_GETCAPS2 = 0x40503d0a + PTP_ENABLE_PPS = 0x80043d04 + PTP_ENABLE_PPS2 = 0x80043d0d + PTP_EXTTS_REQUEST = 0x80103d02 + PTP_EXTTS_REQUEST2 = 0x80103d0b + PTP_MASK_CLEAR_ALL = 0x20003d13 + PTP_MASK_EN_SINGLE = 0x80043d14 + PTP_PEROUT_REQUEST = 0x80383d03 + PTP_PEROUT_REQUEST2 = 0x80383d0c + PTP_PIN_SETFUNC = 0x80603d07 + PTP_PIN_SETFUNC2 = 0x80603d10 + PTP_SYS_OFFSET = 0x83403d05 + PTP_SYS_OFFSET2 = 0x83403d0e PTRACE_GETEVRREGS = 0x14 PTRACE_GETFPREGS = 0xe PTRACE_GETREGS64 = 0x16 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go index 24791379233..5c951634fbe 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go @@ -237,6 +237,20 @@ const ( PPPIOCXFERUNIT = 0x2000744e PROT_SAO = 0x10 PR_SET_PTRACER_ANY = 0xffffffffffffffff + PTP_CLOCK_GETCAPS = 0x40503d01 + PTP_CLOCK_GETCAPS2 = 0x40503d0a + PTP_ENABLE_PPS = 0x80043d04 + PTP_ENABLE_PPS2 = 0x80043d0d + PTP_EXTTS_REQUEST = 0x80103d02 + PTP_EXTTS_REQUEST2 = 0x80103d0b + PTP_MASK_CLEAR_ALL = 0x20003d13 + PTP_MASK_EN_SINGLE = 0x80043d14 + PTP_PEROUT_REQUEST = 0x80383d03 + PTP_PEROUT_REQUEST2 = 0x80383d0c + PTP_PIN_SETFUNC = 0x80603d07 + PTP_PIN_SETFUNC2 = 0x80603d10 + PTP_SYS_OFFSET = 0x83403d05 + PTP_SYS_OFFSET2 = 0x83403d0e PTRACE_GETEVRREGS = 0x14 PTRACE_GETFPREGS = 0xe PTRACE_GETREGS64 = 0x16 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go index d265f146ee0..11a84d5af20 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go @@ -234,6 +234,20 @@ const ( PPPIOCUNBRIDGECHAN = 0x7434 PPPIOCXFERUNIT = 0x744e PR_SET_PTRACER_ANY = 0xffffffffffffffff + PTP_CLOCK_GETCAPS = 0x80503d01 + PTP_CLOCK_GETCAPS2 = 0x80503d0a + PTP_ENABLE_PPS = 0x40043d04 + PTP_ENABLE_PPS2 = 0x40043d0d + PTP_EXTTS_REQUEST = 0x40103d02 + PTP_EXTTS_REQUEST2 = 0x40103d0b + PTP_MASK_CLEAR_ALL = 0x3d13 + PTP_MASK_EN_SINGLE = 0x40043d14 + PTP_PEROUT_REQUEST = 0x40383d03 + PTP_PEROUT_REQUEST2 = 0x40383d0c + PTP_PIN_SETFUNC = 0x40603d07 + PTP_PIN_SETFUNC2 = 0x40603d10 + PTP_SYS_OFFSET = 0x43403d05 + PTP_SYS_OFFSET2 = 0x43403d0e PTRACE_GETFDPIC = 0x21 PTRACE_GETFDPIC_EXEC = 0x0 PTRACE_GETFDPIC_INTERP = 0x1 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go index 3f2d6443964..f78c4617cac 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go @@ -234,6 +234,20 @@ const ( PPPIOCUNBRIDGECHAN = 0x7434 PPPIOCXFERUNIT = 0x744e PR_SET_PTRACER_ANY = 0xffffffffffffffff + PTP_CLOCK_GETCAPS = 0x80503d01 + PTP_CLOCK_GETCAPS2 = 0x80503d0a + PTP_ENABLE_PPS = 0x40043d04 + PTP_ENABLE_PPS2 = 0x40043d0d + PTP_EXTTS_REQUEST = 0x40103d02 + PTP_EXTTS_REQUEST2 = 0x40103d0b + PTP_MASK_CLEAR_ALL = 0x3d13 + PTP_MASK_EN_SINGLE = 0x40043d14 + PTP_PEROUT_REQUEST = 0x40383d03 + PTP_PEROUT_REQUEST2 = 0x40383d0c + PTP_PIN_SETFUNC = 0x40603d07 + PTP_PIN_SETFUNC2 = 0x40603d10 + PTP_SYS_OFFSET = 0x43403d05 + PTP_SYS_OFFSET2 = 0x43403d0e PTRACE_DISABLE_TE = 0x5010 PTRACE_ENABLE_TE = 0x5009 PTRACE_GET_LAST_BREAK = 0x5006 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go index 5d8b727a1c8..aeb777c3442 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go @@ -239,6 +239,20 @@ const ( PPPIOCUNBRIDGECHAN = 0x20007434 PPPIOCXFERUNIT = 0x2000744e PR_SET_PTRACER_ANY = 0xffffffffffffffff + PTP_CLOCK_GETCAPS = 0x40503d01 + PTP_CLOCK_GETCAPS2 = 0x40503d0a + PTP_ENABLE_PPS = 0x80043d04 + PTP_ENABLE_PPS2 = 0x80043d0d + PTP_EXTTS_REQUEST = 0x80103d02 + PTP_EXTTS_REQUEST2 = 0x80103d0b + PTP_MASK_CLEAR_ALL = 0x20003d13 + PTP_MASK_EN_SINGLE = 0x80043d14 + PTP_PEROUT_REQUEST = 0x80383d03 + PTP_PEROUT_REQUEST2 = 0x80383d0c + PTP_PIN_SETFUNC = 0x80603d07 + PTP_PIN_SETFUNC2 = 0x80603d10 + PTP_SYS_OFFSET = 0x83403d05 + PTP_SYS_OFFSET2 = 0x83403d0e PTRACE_GETFPAREGS = 0x14 PTRACE_GETFPREGS = 0xe PTRACE_GETFPREGS64 = 0x19 diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux.go b/vendor/golang.org/x/sys/unix/zsyscall_linux.go index af30da55780..5cc1e8eb2f3 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux.go @@ -592,6 +592,16 @@ func ClockGettime(clockid int32, time *Timespec) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ClockSettime(clockid int32, time *Timespec) (err error) { + _, _, e1 := Syscall(SYS_CLOCK_SETTIME, uintptr(clockid), uintptr(unsafe.Pointer(time)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func ClockNanosleep(clockid int32, flags int, request *Timespec, remain *Timespec) (err error) { _, _, e1 := Syscall6(SYS_CLOCK_NANOSLEEP, uintptr(clockid), uintptr(flags), uintptr(unsafe.Pointer(request)), uintptr(unsafe.Pointer(remain)), 0, 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux.go b/vendor/golang.org/x/sys/unix/ztypes_linux.go index 3a69e454962..8daaf3faf4c 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux.go @@ -1752,12 +1752,6 @@ const ( IFLA_IPVLAN_UNSPEC = 0x0 IFLA_IPVLAN_MODE = 0x1 IFLA_IPVLAN_FLAGS = 0x2 - NETKIT_NEXT = -0x1 - NETKIT_PASS = 0x0 - NETKIT_DROP = 0x2 - NETKIT_REDIRECT = 0x7 - NETKIT_L2 = 0x0 - NETKIT_L3 = 0x1 IFLA_NETKIT_UNSPEC = 0x0 IFLA_NETKIT_PEER_INFO = 0x1 IFLA_NETKIT_PRIMARY = 0x2 @@ -1796,6 +1790,7 @@ const ( IFLA_VXLAN_DF = 0x1d IFLA_VXLAN_VNIFILTER = 0x1e IFLA_VXLAN_LOCALBYPASS = 0x1f + IFLA_VXLAN_LABEL_POLICY = 0x20 IFLA_GENEVE_UNSPEC = 0x0 IFLA_GENEVE_ID = 0x1 IFLA_GENEVE_REMOTE = 0x2 @@ -1825,6 +1820,8 @@ const ( IFLA_GTP_ROLE = 0x4 IFLA_GTP_CREATE_SOCKETS = 0x5 IFLA_GTP_RESTART_COUNT = 0x6 + IFLA_GTP_LOCAL = 0x7 + IFLA_GTP_LOCAL6 = 0x8 IFLA_BOND_UNSPEC = 0x0 IFLA_BOND_MODE = 0x1 IFLA_BOND_ACTIVE_SLAVE = 0x2 @@ -1857,6 +1854,7 @@ const ( IFLA_BOND_AD_LACP_ACTIVE = 0x1d IFLA_BOND_MISSED_MAX = 0x1e IFLA_BOND_NS_IP6_TARGET = 0x1f + IFLA_BOND_COUPLED_CONTROL = 0x20 IFLA_BOND_AD_INFO_UNSPEC = 0x0 IFLA_BOND_AD_INFO_AGGREGATOR = 0x1 IFLA_BOND_AD_INFO_NUM_PORTS = 0x2 @@ -1925,6 +1923,7 @@ const ( IFLA_HSR_SEQ_NR = 0x5 IFLA_HSR_VERSION = 0x6 IFLA_HSR_PROTOCOL = 0x7 + IFLA_HSR_INTERLINK = 0x8 IFLA_STATS_UNSPEC = 0x0 IFLA_STATS_LINK_64 = 0x1 IFLA_STATS_LINK_XSTATS = 0x2 @@ -1977,6 +1976,15 @@ const ( IFLA_DSA_MASTER = 0x1 ) +const ( + NETKIT_NEXT = -0x1 + NETKIT_PASS = 0x0 + NETKIT_DROP = 0x2 + NETKIT_REDIRECT = 0x7 + NETKIT_L2 = 0x0 + NETKIT_L3 = 0x1 +) + const ( NF_INET_PRE_ROUTING = 0x0 NF_INET_LOCAL_IN = 0x1 @@ -4110,6 +4118,106 @@ type EthtoolDrvinfo struct { Regdump_len uint32 } +type EthtoolTsInfo struct { + Cmd uint32 + So_timestamping uint32 + Phc_index int32 + Tx_types uint32 + Tx_reserved [3]uint32 + Rx_filters uint32 + Rx_reserved [3]uint32 +} + +type HwTstampConfig struct { + Flags int32 + Tx_type int32 + Rx_filter int32 +} + +const ( + HWTSTAMP_FILTER_NONE = 0x0 + HWTSTAMP_FILTER_ALL = 0x1 + HWTSTAMP_FILTER_SOME = 0x2 + HWTSTAMP_FILTER_PTP_V1_L4_EVENT = 0x3 + HWTSTAMP_FILTER_PTP_V2_L4_EVENT = 0x6 + HWTSTAMP_FILTER_PTP_V2_L2_EVENT = 0x9 + HWTSTAMP_FILTER_PTP_V2_EVENT = 0xc +) + +const ( + HWTSTAMP_TX_OFF = 0x0 + HWTSTAMP_TX_ON = 0x1 + HWTSTAMP_TX_ONESTEP_SYNC = 0x2 +) + +type ( + PtpClockCaps struct { + Max_adj int32 + N_alarm int32 + N_ext_ts int32 + N_per_out int32 + Pps int32 + N_pins int32 + Cross_timestamping int32 + Adjust_phase int32 + Max_phase_adj int32 + Rsv [11]int32 + } + PtpClockTime struct { + Sec int64 + Nsec uint32 + Reserved uint32 + } + PtpExttsEvent struct { + T PtpClockTime + Index uint32 + Flags uint32 + Rsv [2]uint32 + } + PtpExttsRequest struct { + Index uint32 + Flags uint32 + Rsv [2]uint32 + } + PtpPeroutRequest struct { + StartOrPhase PtpClockTime + Period PtpClockTime + Index uint32 + Flags uint32 + On PtpClockTime + } + PtpPinDesc struct { + Name [64]byte + Index uint32 + Func uint32 + Chan uint32 + Rsv [5]uint32 + } + PtpSysOffset struct { + Samples uint32 + Rsv [3]uint32 + Ts [51]PtpClockTime + } + PtpSysOffsetExtended struct { + Samples uint32 + Rsv [3]uint32 + Ts [25][3]PtpClockTime + } + PtpSysOffsetPrecise struct { + Device PtpClockTime + Realtime PtpClockTime + Monoraw PtpClockTime + Rsv [4]uint32 + } +) + +const ( + PTP_PF_NONE = 0x0 + PTP_PF_EXTTS = 0x1 + PTP_PF_PEROUT = 0x2 + PTP_PF_PHYSYNC = 0x3 +) + type ( HIDRawReportDescriptor struct { Size uint32 diff --git a/vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go b/vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go index d9a13af4684..2e5d5a44357 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go +++ b/vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go @@ -377,6 +377,12 @@ type Flock_t struct { Pid int32 } +type F_cnvrt struct { + Cvtcmd int32 + Pccsid int16 + Fccsid int16 +} + type Termios struct { Cflag uint32 Iflag uint32 diff --git a/vendor/golang.org/x/sys/windows/syscall_windows.go b/vendor/golang.org/x/sys/windows/syscall_windows.go index 5cee9a3143f..4510bfc3f5c 100644 --- a/vendor/golang.org/x/sys/windows/syscall_windows.go +++ b/vendor/golang.org/x/sys/windows/syscall_windows.go @@ -725,20 +725,12 @@ func DurationSinceBoot() time.Duration { } func Ftruncate(fd Handle, length int64) (err error) { - curoffset, e := Seek(fd, 0, 1) - if e != nil { - return e - } - defer Seek(fd, curoffset, 0) - _, e = Seek(fd, length, 0) - if e != nil { - return e + type _FILE_END_OF_FILE_INFO struct { + EndOfFile int64 } - e = SetEndOfFile(fd) - if e != nil { - return e - } - return nil + var info _FILE_END_OF_FILE_INFO + info.EndOfFile = length + return SetFileInformationByHandle(fd, FileEndOfFileInfo, (*byte)(unsafe.Pointer(&info)), uint32(unsafe.Sizeof(info))) } func Gettimeofday(tv *Timeval) (err error) { @@ -894,6 +886,11 @@ const socket_error = uintptr(^uint32(0)) //sys GetACP() (acp uint32) = kernel32.GetACP //sys MultiByteToWideChar(codePage uint32, dwFlags uint32, str *byte, nstr int32, wchar *uint16, nwchar int32) (nwrite int32, err error) = kernel32.MultiByteToWideChar //sys getBestInterfaceEx(sockaddr unsafe.Pointer, pdwBestIfIndex *uint32) (errcode error) = iphlpapi.GetBestInterfaceEx +//sys GetIfEntry2Ex(level uint32, row *MibIfRow2) (errcode error) = iphlpapi.GetIfEntry2Ex +//sys GetUnicastIpAddressEntry(row *MibUnicastIpAddressRow) (errcode error) = iphlpapi.GetUnicastIpAddressEntry +//sys NotifyIpInterfaceChange(family uint16, callback uintptr, callerContext unsafe.Pointer, initialNotification bool, notificationHandle *Handle) (errcode error) = iphlpapi.NotifyIpInterfaceChange +//sys NotifyUnicastIpAddressChange(family uint16, callback uintptr, callerContext unsafe.Pointer, initialNotification bool, notificationHandle *Handle) (errcode error) = iphlpapi.NotifyUnicastIpAddressChange +//sys CancelMibChangeNotify2(notificationHandle Handle) (errcode error) = iphlpapi.CancelMibChangeNotify2 // For testing: clients can set this flag to force // creation of IPv6 sockets to return EAFNOSUPPORT. @@ -1685,13 +1682,16 @@ func (s NTStatus) Error() string { // do not use NTUnicodeString, and instead UTF16PtrFromString should be used for // the more common *uint16 string type. func NewNTUnicodeString(s string) (*NTUnicodeString, error) { - var u NTUnicodeString - s16, err := UTF16PtrFromString(s) + s16, err := UTF16FromString(s) if err != nil { return nil, err } - RtlInitUnicodeString(&u, s16) - return &u, nil + n := uint16(len(s16) * 2) + return &NTUnicodeString{ + Length: n - 2, // subtract 2 bytes for the NULL terminator + MaximumLength: n, + Buffer: &s16[0], + }, nil } // Slice returns a uint16 slice that aliases the data in the NTUnicodeString. diff --git a/vendor/golang.org/x/sys/windows/types_windows.go b/vendor/golang.org/x/sys/windows/types_windows.go index 7b97a154c95..51311e205ff 100644 --- a/vendor/golang.org/x/sys/windows/types_windows.go +++ b/vendor/golang.org/x/sys/windows/types_windows.go @@ -2203,6 +2203,132 @@ const ( IfOperStatusLowerLayerDown = 7 ) +const ( + IF_MAX_PHYS_ADDRESS_LENGTH = 32 + IF_MAX_STRING_SIZE = 256 +) + +// MIB_IF_ENTRY_LEVEL enumeration from netioapi.h or +// https://learn.microsoft.com/en-us/windows/win32/api/netioapi/nf-netioapi-getifentry2ex. +const ( + MibIfEntryNormal = 0 + MibIfEntryNormalWithoutStatistics = 2 +) + +// MIB_NOTIFICATION_TYPE enumeration from netioapi.h or +// https://learn.microsoft.com/en-us/windows/win32/api/netioapi/ne-netioapi-mib_notification_type. +const ( + MibParameterNotification = 0 + MibAddInstance = 1 + MibDeleteInstance = 2 + MibInitialNotification = 3 +) + +// MibIfRow2 stores information about a particular interface. See +// https://learn.microsoft.com/en-us/windows/win32/api/netioapi/ns-netioapi-mib_if_row2. +type MibIfRow2 struct { + InterfaceLuid uint64 + InterfaceIndex uint32 + InterfaceGuid GUID + Alias [IF_MAX_STRING_SIZE + 1]uint16 + Description [IF_MAX_STRING_SIZE + 1]uint16 + PhysicalAddressLength uint32 + PhysicalAddress [IF_MAX_PHYS_ADDRESS_LENGTH]uint8 + PermanentPhysicalAddress [IF_MAX_PHYS_ADDRESS_LENGTH]uint8 + Mtu uint32 + Type uint32 + TunnelType uint32 + MediaType uint32 + PhysicalMediumType uint32 + AccessType uint32 + DirectionType uint32 + InterfaceAndOperStatusFlags uint8 + OperStatus uint32 + AdminStatus uint32 + MediaConnectState uint32 + NetworkGuid GUID + ConnectionType uint32 + TransmitLinkSpeed uint64 + ReceiveLinkSpeed uint64 + InOctets uint64 + InUcastPkts uint64 + InNUcastPkts uint64 + InDiscards uint64 + InErrors uint64 + InUnknownProtos uint64 + InUcastOctets uint64 + InMulticastOctets uint64 + InBroadcastOctets uint64 + OutOctets uint64 + OutUcastPkts uint64 + OutNUcastPkts uint64 + OutDiscards uint64 + OutErrors uint64 + OutUcastOctets uint64 + OutMulticastOctets uint64 + OutBroadcastOctets uint64 + OutQLen uint64 +} + +// MIB_UNICASTIPADDRESS_ROW stores information about a unicast IP address. See +// https://learn.microsoft.com/en-us/windows/win32/api/netioapi/ns-netioapi-mib_unicastipaddress_row. +type MibUnicastIpAddressRow struct { + Address RawSockaddrInet6 // SOCKADDR_INET union + InterfaceLuid uint64 + InterfaceIndex uint32 + PrefixOrigin uint32 + SuffixOrigin uint32 + ValidLifetime uint32 + PreferredLifetime uint32 + OnLinkPrefixLength uint8 + SkipAsSource uint8 + DadState uint32 + ScopeId uint32 + CreationTimeStamp Filetime +} + +const ScopeLevelCount = 16 + +// MIB_IPINTERFACE_ROW stores interface management information for a particular IP address family on a network interface. +// See https://learn.microsoft.com/en-us/windows/win32/api/netioapi/ns-netioapi-mib_ipinterface_row. +type MibIpInterfaceRow struct { + Family uint16 + InterfaceLuid uint64 + InterfaceIndex uint32 + MaxReassemblySize uint32 + InterfaceIdentifier uint64 + MinRouterAdvertisementInterval uint32 + MaxRouterAdvertisementInterval uint32 + AdvertisingEnabled uint8 + ForwardingEnabled uint8 + WeakHostSend uint8 + WeakHostReceive uint8 + UseAutomaticMetric uint8 + UseNeighborUnreachabilityDetection uint8 + ManagedAddressConfigurationSupported uint8 + OtherStatefulConfigurationSupported uint8 + AdvertiseDefaultRoute uint8 + RouterDiscoveryBehavior uint32 + DadTransmits uint32 + BaseReachableTime uint32 + RetransmitTime uint32 + PathMtuDiscoveryTimeout uint32 + LinkLocalAddressBehavior uint32 + LinkLocalAddressTimeout uint32 + ZoneIndices [ScopeLevelCount]uint32 + SitePrefixLength uint32 + Metric uint32 + NlMtu uint32 + Connected uint8 + SupportsWakeUpPatterns uint8 + SupportsNeighborDiscovery uint8 + SupportsRouterDiscovery uint8 + ReachableTime uint32 + TransmitOffload uint32 + ReceiveOffload uint32 + DisableDefaultRoutes uint8 +} + // Console related constants used for the mode parameter to SetConsoleMode. See // https://docs.microsoft.com/en-us/windows/console/setconsolemode for details. diff --git a/vendor/golang.org/x/sys/windows/zsyscall_windows.go b/vendor/golang.org/x/sys/windows/zsyscall_windows.go index 4c2e1bdc01e..6f5252880ce 100644 --- a/vendor/golang.org/x/sys/windows/zsyscall_windows.go +++ b/vendor/golang.org/x/sys/windows/zsyscall_windows.go @@ -181,10 +181,15 @@ var ( procDnsRecordListFree = moddnsapi.NewProc("DnsRecordListFree") procDwmGetWindowAttribute = moddwmapi.NewProc("DwmGetWindowAttribute") procDwmSetWindowAttribute = moddwmapi.NewProc("DwmSetWindowAttribute") + procCancelMibChangeNotify2 = modiphlpapi.NewProc("CancelMibChangeNotify2") procGetAdaptersAddresses = modiphlpapi.NewProc("GetAdaptersAddresses") procGetAdaptersInfo = modiphlpapi.NewProc("GetAdaptersInfo") procGetBestInterfaceEx = modiphlpapi.NewProc("GetBestInterfaceEx") procGetIfEntry = modiphlpapi.NewProc("GetIfEntry") + procGetIfEntry2Ex = modiphlpapi.NewProc("GetIfEntry2Ex") + procGetUnicastIpAddressEntry = modiphlpapi.NewProc("GetUnicastIpAddressEntry") + procNotifyIpInterfaceChange = modiphlpapi.NewProc("NotifyIpInterfaceChange") + procNotifyUnicastIpAddressChange = modiphlpapi.NewProc("NotifyUnicastIpAddressChange") procAddDllDirectory = modkernel32.NewProc("AddDllDirectory") procAssignProcessToJobObject = modkernel32.NewProc("AssignProcessToJobObject") procCancelIo = modkernel32.NewProc("CancelIo") @@ -1606,6 +1611,14 @@ func DwmSetWindowAttribute(hwnd HWND, attribute uint32, value unsafe.Pointer, si return } +func CancelMibChangeNotify2(notificationHandle Handle) (errcode error) { + r0, _, _ := syscall.SyscallN(procCancelMibChangeNotify2.Addr(), uintptr(notificationHandle)) + if r0 != 0 { + errcode = syscall.Errno(r0) + } + return +} + func GetAdaptersAddresses(family uint32, flags uint32, reserved uintptr, adapterAddresses *IpAdapterAddresses, sizePointer *uint32) (errcode error) { r0, _, _ := syscall.Syscall6(procGetAdaptersAddresses.Addr(), 5, uintptr(family), uintptr(flags), uintptr(reserved), uintptr(unsafe.Pointer(adapterAddresses)), uintptr(unsafe.Pointer(sizePointer)), 0) if r0 != 0 { @@ -1638,6 +1651,46 @@ func GetIfEntry(pIfRow *MibIfRow) (errcode error) { return } +func GetIfEntry2Ex(level uint32, row *MibIfRow2) (errcode error) { + r0, _, _ := syscall.SyscallN(procGetIfEntry2Ex.Addr(), uintptr(level), uintptr(unsafe.Pointer(row))) + if r0 != 0 { + errcode = syscall.Errno(r0) + } + return +} + +func GetUnicastIpAddressEntry(row *MibUnicastIpAddressRow) (errcode error) { + r0, _, _ := syscall.SyscallN(procGetUnicastIpAddressEntry.Addr(), uintptr(unsafe.Pointer(row))) + if r0 != 0 { + errcode = syscall.Errno(r0) + } + return +} + +func NotifyIpInterfaceChange(family uint16, callback uintptr, callerContext unsafe.Pointer, initialNotification bool, notificationHandle *Handle) (errcode error) { + var _p0 uint32 + if initialNotification { + _p0 = 1 + } + r0, _, _ := syscall.SyscallN(procNotifyIpInterfaceChange.Addr(), uintptr(family), uintptr(callback), uintptr(callerContext), uintptr(_p0), uintptr(unsafe.Pointer(notificationHandle))) + if r0 != 0 { + errcode = syscall.Errno(r0) + } + return +} + +func NotifyUnicastIpAddressChange(family uint16, callback uintptr, callerContext unsafe.Pointer, initialNotification bool, notificationHandle *Handle) (errcode error) { + var _p0 uint32 + if initialNotification { + _p0 = 1 + } + r0, _, _ := syscall.SyscallN(procNotifyUnicastIpAddressChange.Addr(), uintptr(family), uintptr(callback), uintptr(callerContext), uintptr(_p0), uintptr(unsafe.Pointer(notificationHandle))) + if r0 != 0 { + errcode = syscall.Errno(r0) + } + return +} + func AddDllDirectory(path *uint16) (cookie uintptr, err error) { r0, _, e1 := syscall.Syscall(procAddDllDirectory.Addr(), 1, uintptr(unsafe.Pointer(path)), 0, 0) cookie = uintptr(r0) diff --git a/vendor/modules.txt b/vendor/modules.txt index c26b2f1cf9e..e63035cc082 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -84,7 +84,7 @@ golang.org/x/exp/constraints # golang.org/x/net v0.30.0 ## explicit; go 1.18 golang.org/x/net/bpf -# golang.org/x/sys v0.26.0 +# golang.org/x/sys v0.27.0 ## explicit; go 1.18 golang.org/x/sys/unix golang.org/x/sys/windows From 43af111e050a01b97b21d0f93969443a89354ac9 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 8 Nov 2024 13:09:54 -0800 Subject: [PATCH 0718/1176] MAINTAINERS: move dqminh and hqhq to EMERITUS Daniel and Qiang are stepping down as runc maintainers, not being able to contribute as much as they used to. Thank you for all the hard work! Signed-off-by: Kir Kolyshkin --- EMERITUS.md | 2 ++ MAINTAINERS | 2 -- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/EMERITUS.md b/EMERITUS.md index aabcae78af6..e1dc0091648 100644 --- a/EMERITUS.md +++ b/EMERITUS.md @@ -8,5 +8,7 @@ contributions to our collective success: * Rohit Jnagal (@rjnagal) * Victor Marmol (@vmarmol) * Michael Crosby (@crosbymichael) + * Daniel, Dao Quang Minh (@dqminh) + * Qiang Huang (@hqhq) We thank these members for their service to the OCI community. diff --git a/MAINTAINERS b/MAINTAINERS index f8aca0f68d8..7f253ee8c97 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -1,6 +1,4 @@ Mrunal Patel (@mrunalp) -Daniel, Dao Quang Minh (@dqminh) -Qiang Huang (@hqhq) Aleksa Sarai (@cyphar) Akihiro Suda (@AkihiroSuda) Kir Kolyshkin (@kolyshkin) From ca4a7a86f82798513e0e670433e494018624d44f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 11 Nov 2024 04:11:55 +0000 Subject: [PATCH 0719/1176] build(deps): bump golang.org/x/net from 0.30.0 to 0.31.0 Bumps [golang.org/x/net](https://github.com/golang/net) from 0.30.0 to 0.31.0. - [Commits](https://github.com/golang/net/compare/v0.30.0...v0.31.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- vendor/modules.txt | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index baac371b0c6..e17a8790c90 100644 --- a/go.mod +++ b/go.mod @@ -26,7 +26,7 @@ require ( github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 github.com/urfave/cli v1.22.16 github.com/vishvananda/netlink v1.3.0 - golang.org/x/net v0.30.0 + golang.org/x/net v0.31.0 golang.org/x/sys v0.27.0 google.golang.org/protobuf v1.35.1 ) diff --git a/go.sum b/go.sum index 5b557c595d4..7cd27896317 100644 --- a/go.sum +++ b/go.sum @@ -83,8 +83,8 @@ github.com/vishvananda/netns v0.0.4 h1:Oeaw1EM2JMxD51g9uhtC0D7erkIjgmj8+JZc26m1Y github.com/vishvananda/netns v0.0.4/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM= golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2 h1:Jvc7gsqn21cJHCmAWx0LiimpP18LZmUxkT5Mp7EZ1mI= golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= -golang.org/x/net v0.30.0 h1:AcW1SDZMkb8IpzCdQUaIq2sP4sZ4zw+55h6ynffypl4= -golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU= +golang.org/x/net v0.31.0 h1:68CPQngjLL0r2AlUKiSxtQFKvzRVbnzLwMUn5SzcLHo= +golang.org/x/net v0.31.0/go.mod h1:P4fl1q7dY2hnZFxEk4pPSkDHF+QqjitcnDjUQyMM+pM= golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= diff --git a/vendor/modules.txt b/vendor/modules.txt index e63035cc082..1d4ab439ca6 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -81,7 +81,7 @@ github.com/vishvananda/netns # golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2 ## explicit; go 1.18 golang.org/x/exp/constraints -# golang.org/x/net v0.30.0 +# golang.org/x/net v0.31.0 ## explicit; go 1.18 golang.org/x/net/bpf # golang.org/x/sys v0.27.0 From db59489b680104319541b0614c30229c8fa0270f Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 11 Nov 2024 23:12:32 -0800 Subject: [PATCH 0720/1176] runc delete: fix for rootless cgroup + ro cgroupfs An issue with runc 1.2.0 was reported to buildkit, in which runc delete returns with an error, with the log saying: > unable to destroy container: unable to remove container's cgroup: open /sys/fs/cgroup/snschvixiy3s74w74fjantrdg: no such file or directory Apparently, what happens is runc is running with no cgroup access (because /sys/fs/cgroup is mounted read-only). In this case error to create a cgroup path (in runc create/run) is ignored, but cgroup removal (in runc delete) is not. This is caused by commit d3d7f7d, which changes the cgroup removal logic in RemovePath. In the current code, if the initial rmdir has failed (in this case with EROFS), but the subsequent os.ReadDir returns ENOENT, it is returned (instead of being ignored -- as the path does not exist and so there is nothing to remove). Here is the minimal fix for the issue. Signed-off-by: Kir Kolyshkin --- libcontainer/cgroups/utils.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libcontainer/cgroups/utils.go b/libcontainer/cgroups/utils.go index a05945cba6c..f699ed709a6 100644 --- a/libcontainer/cgroups/utils.go +++ b/libcontainer/cgroups/utils.go @@ -257,7 +257,10 @@ func RemovePath(path string) error { } infos, err := os.ReadDir(path) - if err != nil && !os.IsNotExist(err) { + if err != nil { + if os.IsNotExist(err) { + return nil + } return err } for _, info := range infos { From 12e06a7c4f081fc6fb4347741bf054f7ee7c256b Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 11 Nov 2024 23:13:27 -0800 Subject: [PATCH 0721/1176] libct/cg: RemovePath: simplify logic If the sub-cgroup RemovePath has failed for any reason, return the error right away. This way, we don't have to check for err != nil before retrying rmdir. This is a cosmetic change and should not change any functionality. Signed-off-by: Kir Kolyshkin --- libcontainer/cgroups/utils.go | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/libcontainer/cgroups/utils.go b/libcontainer/cgroups/utils.go index f699ed709a6..e3605856568 100644 --- a/libcontainer/cgroups/utils.go +++ b/libcontainer/cgroups/utils.go @@ -267,14 +267,11 @@ func RemovePath(path string) error { if info.IsDir() { // We should remove subcgroup first. if err = RemovePath(filepath.Join(path, info.Name())); err != nil { - break + return err } } } - if err == nil { - err = rmdir(path, true) - } - return err + return rmdir(path, true) } // RemovePaths iterates over the provided paths removing them. From ba3d026e5267c3b456ad946cc30877e303479f84 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 11 Nov 2024 23:17:42 -0800 Subject: [PATCH 0722/1176] libct/cg: RemovePath: improve comments Let's explain in greater details what's happening here and why. Signed-off-by: Kir Kolyshkin --- libcontainer/cgroups/utils.go | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/libcontainer/cgroups/utils.go b/libcontainer/cgroups/utils.go index e3605856568..d404647c8c0 100644 --- a/libcontainer/cgroups/utils.go +++ b/libcontainer/cgroups/utils.go @@ -251,11 +251,21 @@ again: // RemovePath aims to remove cgroup path. It does so recursively, // by removing any subdirectories (sub-cgroups) first. func RemovePath(path string) error { - // Try the fast path first. + // Try the fast path first; don't retry on EBUSY yet. if err := rmdir(path, false); err == nil { return nil } + // There are many reasons why rmdir can fail, including: + // 1. cgroup have existing sub-cgroups; + // 2. cgroup (still) have some processes (that are about to vanish); + // 3. lack of permission (one example is read-only /sys/fs/cgroup mount, + // in which case rmdir returns EROFS even for for a non-existent path, + // see issue 4518). + // + // Using os.ReadDir here kills two birds with one stone: check if + // the directory exists (handling scenario 3 above), and use + // directory contents to remove sub-cgroups (handling scenario 1). infos, err := os.ReadDir(path) if err != nil { if os.IsNotExist(err) { @@ -263,14 +273,16 @@ func RemovePath(path string) error { } return err } + // Let's remove sub-cgroups, if any. for _, info := range infos { if info.IsDir() { - // We should remove subcgroup first. if err = RemovePath(filepath.Join(path, info.Name())); err != nil { return err } } } + // Finally, try rmdir again, this time with retries on EBUSY, + // which may help with scenario 2 above. return rmdir(path, true) } From ac435895b909edba7c7fbca6e88a53ca11a3cb95 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Wed, 13 Nov 2024 01:19:46 +1100 Subject: [PATCH 0723/1176] memfd-bind: elaborate kernel requirements for overlayfs protection Arguably these docs should live elsewhere (especially if we plan to remove memfd-bind in the future), but for now this is the only place that fully explains this issue. Suggested-by: Rodrigo Campos Signed-off-by: Aleksa Sarai --- contrib/cmd/memfd-bind/README.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/contrib/cmd/memfd-bind/README.md b/contrib/cmd/memfd-bind/README.md index e529eacfeaf..93229250259 100644 --- a/contrib/cmd/memfd-bind/README.md +++ b/contrib/cmd/memfd-bind/README.md @@ -1,13 +1,13 @@ ## memfd-bind ## > **NOTE**: Since runc 1.2.0, runc will now use a private overlayfs mount to -> protect the runc binary. This protection is far more light-weight than -> memfd-bind, and for most users this should obviate the need for `memfd-bind` -> entirely. Rootless containers will still make a memfd copy (unless you are -> using `runc` itself inside a user namespace -- a-la -> [`rootlesskit`][rootlesskit]), but `memfd-bind` is not particularly useful -> for rootless container users anyway (see [Caveats](#Caveats) for more -> details). +> protect the runc binary (if you are on Linux 5.1 or later). This protection +> is far more light-weight than memfd-bind, and for most users this should +> obviate the need for `memfd-bind` entirely. Rootless containers will still +> make a memfd copy (unless you are using `runc` itself inside a user namespace +> -- a-la [`rootlesskit`][rootlesskit] -- and are on Linux 5.11 or later), but +> `memfd-bind` is not particularly useful for rootless container users anyway +> (see [Caveats](#Caveats) for more details). `runc` sometimes has to make a binary copy of itself when constructing a container process in order to defend against certain container runtime attacks From 068d7da7d656dfa9c9bec101bfdb920867f17b60 Mon Sep 17 00:00:00 2001 From: lfbzhm Date: Wed, 13 Nov 2024 13:40:38 +0000 Subject: [PATCH 0724/1176] Revert "Temporary set vagrant to 2.4.1-1" This reverts commit 5000f1697c7562e8fbc725da99e457949d4db1c6. Signed-off-by: lfbzhm --- .cirrus.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.cirrus.yml b/.cirrus.yml index d76a78bbd5c..e63ef51cf1a 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -42,8 +42,7 @@ task: echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list sudo sed -i 's/^# deb-src/deb-src/' /etc/apt/sources.list apt-get update - # Temporary set vagrant to 2.4.1-1 because of https://github.com/hashicorp/vagrant/pull/13532 - apt-get install -y libvirt-daemon libvirt-daemon-system vagrant=2.4.1-1 + apt-get install -y libvirt-daemon libvirt-daemon-system vagrant systemctl enable --now libvirtd apt-get build-dep -y vagrant ruby-libvirt apt-get install -y --no-install-recommends libxslt-dev libxml2-dev libvirt-dev ruby-bundler ruby-dev zlib1g-dev From 49bee5c4d4754c1aa95cc05ed3ff7b4b13867842 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Wed, 30 Oct 2024 23:54:32 +1100 Subject: [PATCH 0725/1176] cfmt: use the Linux { a, b } decl style Signed-off-by: Aleksa Sarai --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 0a15fd908ea..1ddaefaa29a 100644 --- a/Makefile +++ b/Makefile @@ -207,7 +207,7 @@ install-man: man .PHONY: cfmt cfmt: C_SRC=$(shell git ls-files '*.c' | grep -v '^vendor/') cfmt: - indent -linux -l120 -il0 -ppi2 -cp1 -T size_t -T jmp_buf $(C_SRC) + indent -linux -l120 -il0 -ppi2 -cp1 -sar -T size_t -T jmp_buf $(C_SRC) .PHONY: shellcheck shellcheck: From a97d7cb2170f981b07207a71037816bb4e9493d9 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Wed, 30 Oct 2024 17:37:49 +1100 Subject: [PATCH 0726/1176] nsenter: refuse to join unknown namespaces This is basically a no-op change because runc already disallows this, but it will be needed in future patches when we have to track what namespaces have already been joined. Signed-off-by: Aleksa Sarai --- libcontainer/nsenter/nsexec.c | 63 +++++++++++++++++++---------------- 1 file changed, 35 insertions(+), 28 deletions(-) diff --git a/libcontainer/nsenter/nsexec.c b/libcontainer/nsenter/nsexec.c index 565b2ca2030..ed6ee814d31 100644 --- a/libcontainer/nsenter/nsexec.c +++ b/libcontainer/nsenter/nsexec.c @@ -322,30 +322,6 @@ static int clone_parent(jmp_buf *env, int jmpval) return clone(child_func, ca.stack_ptr, CLONE_PARENT | SIGCHLD, &ca); } -/* Returns the clone(2) flag for a namespace, given the name of a namespace. */ -static int nsflag(char *name) -{ - if (!strcmp(name, "cgroup")) - return CLONE_NEWCGROUP; - else if (!strcmp(name, "ipc")) - return CLONE_NEWIPC; - else if (!strcmp(name, "mnt")) - return CLONE_NEWNS; - else if (!strcmp(name, "net")) - return CLONE_NEWNET; - else if (!strcmp(name, "pid")) - return CLONE_NEWPID; - else if (!strcmp(name, "user")) - return CLONE_NEWUSER; - else if (!strcmp(name, "uts")) - return CLONE_NEWUTS; - else if (!strcmp(name, "time")) - return CLONE_NEWTIME; - - /* If we don't recognise a name, fallback to 0. */ - return 0; -} - static uint32_t readint32(char *buf) { return *(uint32_t *) buf; @@ -444,6 +420,37 @@ void nl_free(struct nlconfig_t *config) free(config->data); } +static struct nstype_t { + int type; + char *name; +} all_ns_types[] = { + { CLONE_NEWCGROUP, "cgroup" }, + { CLONE_NEWIPC, "ipc" }, + { CLONE_NEWNS, "mnt" }, + { CLONE_NEWNET, "net" }, + { CLONE_NEWPID, "pid" }, + { CLONE_NEWTIME, "time" }, + { CLONE_NEWUSER, "user" }, + { CLONE_NEWUTS, "uts" }, + { }, /* null terminator */ +}; + +/* Returns the clone(2) flag for a namespace, given the name of a namespace. */ +static int nstype(char *name) +{ + for (struct nstype_t * ns = all_ns_types; ns->name != NULL; ns++) + if (!strcmp(name, ns->name)) + return ns->type; + /* + * setns(2) lets us join namespaces without knowing the type, but + * namespaces usually require special handling of some kind (so joining + * a namespace without knowing its type or joining a new namespace type + * without corresponding handling could result in broken behaviour) and + * the rest of runc doesn't allow unknown namespace types anyway. + */ + bail("unknown namespace type %s", name); +} + void join_namespaces(char *nslist) { int num = 0, i; @@ -499,10 +506,10 @@ void join_namespaces(char *nslist) for (i = 0; i < num; i++) { struct namespace_t *ns = &namespaces[i]; - int flag = nsflag(ns->type); + int type = nstype(ns->type); - write_log(DEBUG, "setns(%#x) into %s namespace (with path %s)", flag, ns->type, ns->path); - if (setns(ns->fd, flag) < 0) + write_log(DEBUG, "setns(%#x) into %s namespace (with path %s)", type, ns->type, ns->path); + if (setns(ns->fd, type) < 0) bail("failed to setns into %s namespace", ns->type); /* @@ -511,7 +518,7 @@ void join_namespaces(char *nslist) * of things can break if we aren't the right user. See * for one example. */ - if (flag == CLONE_NEWUSER) { + if (type == CLONE_NEWUSER) { if (setresuid(0, 0, 0) < 0) bail("failed to become root in user namespace"); } From fadc55eb17bc68feb2ebd28d226e9c6d1db20114 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Wed, 30 Oct 2024 18:59:04 +1100 Subject: [PATCH 0727/1176] nsenter: implement a two-stage join for setns If we are running with privileges and are asked to join an externally created user namespaces as well as some other namespace that was *not* created underneath said user namespace, the approach we added in commit 2cd9c31b995c ("nsenter: guarantee correct user namespace ordering") doesn't work. While in theory you would want all externally created namespaces to be sane, it seems that some tools really do create unrelated namespaces and ask us to join them. Luckily we can just loosely copy what nsenter(1) appears to do -- we first try to join any namespaces we can (with host root privileges), then we join any user namespaces, and then we join any remaining namespaces (now with the user namespace's privileges). Note that we *do not* have to try to join namespaces after we create our own user namespace. Namespace permissions are based purely on the owning user namespace (not the rootuid) so we will not have access to any extra namespaces once we unshare(CLONE_NEWUSER) (in fact we will not be able to setns(2) to anything!). Fixes: 2cd9c31b995c ("nsenter: guarantee correct user namespace ordering") Signed-off-by: Aleksa Sarai --- libcontainer/nsenter/nsexec.c | 166 ++++++++++++++++++++++++++++------ 1 file changed, 137 insertions(+), 29 deletions(-) diff --git a/libcontainer/nsenter/nsexec.c b/libcontainer/nsenter/nsexec.c index ed6ee814d31..607d495a263 100644 --- a/libcontainer/nsenter/nsexec.c +++ b/libcontainer/nsenter/nsexec.c @@ -420,6 +420,14 @@ void nl_free(struct nlconfig_t *config) free(config->data); } +struct namespace_t { + int fd; + char type[PATH_MAX]; + char path[PATH_MAX]; +}; + +typedef int nsset_t; + static struct nstype_t { int type; char *name; @@ -451,35 +459,28 @@ static int nstype(char *name) bail("unknown namespace type %s", name); } -void join_namespaces(char *nslist) +static nsset_t __open_namespaces(char *nsspec, struct namespace_t **ns_list, size_t *ns_len) { - int num = 0, i; - char *saveptr = NULL; - char *namespace = strtok_r(nslist, ",", &saveptr); - struct namespace_t { - int fd; - char type[PATH_MAX]; - char path[PATH_MAX]; - } *namespaces = NULL; + int len = 0; + nsset_t ns_to_join = 0; + char *namespace, *saveptr = NULL; + struct namespace_t *namespaces = NULL; + + namespace = strtok_r(nsspec, ",", &saveptr); - if (!namespace || !strlen(namespace) || !strlen(nslist)) + if (!namespace || !strlen(namespace) || !strlen(nsspec)) bail("ns paths are empty"); - /* - * We have to open the file descriptors first, since after - * we join the mnt namespace we might no longer be able to - * access the paths. - */ do { int fd; char *path; struct namespace_t *ns; /* Resize the namespace array. */ - namespaces = realloc(namespaces, ++num * sizeof(struct namespace_t)); + namespaces = realloc(namespaces, ++len * sizeof(struct namespace_t)); if (!namespaces) bail("failed to reallocate namespace array"); - ns = &namespaces[num - 1]; + ns = &namespaces[len - 1]; /* Split 'ns:path'. */ path = strstr(namespace, ":"); @@ -495,22 +496,43 @@ void join_namespaces(char *nslist) strncpy(ns->type, namespace, PATH_MAX - 1); strncpy(ns->path, path, PATH_MAX - 1); ns->path[PATH_MAX - 1] = '\0'; + + ns_to_join |= nstype(ns->type); } while ((namespace = strtok_r(NULL, ",", &saveptr)) != NULL); - /* - * The ordering in which we join namespaces is important. We should - * always join the user namespace *first*. This is all guaranteed - * from the container_linux.go side of this, so we're just going to - * follow the order given to us. - */ + *ns_list = namespaces; + *ns_len = len; + return ns_to_join; +} - for (i = 0; i < num; i++) { - struct namespace_t *ns = &namespaces[i]; - int type = nstype(ns->type); +/* + * Try to join all namespaces that are in the "allow" nsset, and return the + * set we were able to successfully join. If a permission error is returned + * from nsset(2), the namespace is skipped (non-permission errors are fatal). + */ +static nsset_t __join_namespaces(nsset_t allow, struct namespace_t *ns_list, size_t ns_len) +{ + nsset_t joined = 0; - write_log(DEBUG, "setns(%#x) into %s namespace (with path %s)", type, ns->type, ns->path); - if (setns(ns->fd, type) < 0) + for (size_t i = 0; i < ns_len; i++) { + struct namespace_t *ns = &ns_list[i]; + int type = nstype(ns->type); + int err, saved_errno; + + if (!(type & allow)) + continue; + + err = setns(ns->fd, type); + saved_errno = errno; + write_log(DEBUG, "setns(%#x) into %s namespace (with path %s): %s", + type, ns->type, ns->path, strerror(errno)); + if (err < 0) { + /* Skip permission errors. */ + if (saved_errno == EPERM) + continue; bail("failed to setns into %s namespace", ns->type); + } + joined |= type; /* * If we change user namespaces, make sure we switch to root in the @@ -524,9 +546,95 @@ void join_namespaces(char *nslist) } close(ns->fd); + ns->fd = -1; } + return joined; +} + +static char *strappend(char *dst, char *src) +{ + if (!dst) + return strdup(src); + + size_t len = strlen(dst) + strlen(src) + 1; + dst = realloc(dst, len); + strncat(dst, src, len); + return dst; +} + +static char *nsset_to_str(nsset_t nsset) +{ + char *str = NULL; + for (struct nstype_t * ns = all_ns_types; ns->name != NULL; ns++) { + if (ns->type & nsset) { + if (str) + str = strappend(str, ", "); + str = strappend(str, ns->name); + } + } + return str ? : strdup(""); +} + +static void __close_namespaces(nsset_t to_join, nsset_t joined, struct namespace_t *ns_list, size_t ns_len) +{ + /* We expect to have joined every namespace. */ + nsset_t failed_to_join = to_join & ~joined; + + /* Double-check that we used up (and thus joined) all of the nsfds. */ + for (size_t i = 0; i < ns_len; i++) { + struct namespace_t *ns = &ns_list[i]; + int type = nstype(ns->type); + + if (ns->fd < 0) + continue; + + failed_to_join |= type; + write_log(FATAL, "failed to setns(%#x) into %s namespace (with path %s): %s", + type, ns->type, ns->path, strerror(EPERM)); + close(ns->fd); + ns->fd = -1; + } + + /* Make sure we joined the namespaces we planned to. */ + if (failed_to_join) + bail("failed to join {%s} namespaces: %s", nsset_to_str(failed_to_join), strerror(EPERM)); + + free(ns_list); +} + +void join_namespaces(char *nsspec) +{ + nsset_t to_join = 0, joined = 0; + struct namespace_t *ns_list; + size_t ns_len; + + /* + * We have to open the file descriptors first, since after we join the + * mnt or user namespaces we might no longer be able to access the + * paths. + */ + to_join = __open_namespaces(nsspec, &ns_list, &ns_len); + + /* + * We first try to join all non-userns namespaces to join any namespaces + * that we might not be able to join once we switch credentials to the + * container's userns. We then join the user namespace, and then try to + * join any remaining namespaces (this last step is needed for rootless + * containers -- we don't get setns(2) permissions until we join the userns + * and get CAP_SYS_ADMIN). + * + * Splitting the joins this way is necessary for containers that are + * configured to join some externally-created namespace but are also + * configured to join an unrelated user namespace. + * + * This is similar to what nsenter(1) seems to do in practice. + */ + joined |= __join_namespaces(to_join & ~(joined | CLONE_NEWUSER), ns_list, ns_len); + joined |= __join_namespaces(CLONE_NEWUSER, ns_list, ns_len); + joined |= __join_namespaces(to_join & ~(joined | CLONE_NEWUSER), ns_list, ns_len); - free(namespaces); + /* Verify that we joined all of the namespaces. */ + __close_namespaces(to_join, joined, ns_list, ns_len); } static inline int sane_kill(pid_t pid, int signum) From fffc165d79aa94253618e00c3b11b46a1a67cd04 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Wed, 30 Oct 2024 19:13:13 +1100 Subject: [PATCH 0728/1176] tests: add test for 'weird' external namespace joining Signed-off-by: Aleksa Sarai --- tests/integration/userns.bats | 64 ++++++++++++++++++++++++++++++++++- 1 file changed, 63 insertions(+), 1 deletion(-) diff --git a/tests/integration/userns.bats b/tests/integration/userns.bats index 78583ba4d45..67766401693 100644 --- a/tests/integration/userns.bats +++ b/tests/integration/userns.bats @@ -29,7 +29,7 @@ function teardown() { if [ -v to_umount_list ]; then while read -r mount_path; do umount -l "$mount_path" || : - rm -f "$mount_path" + rm -rf "$mount_path" done <"$to_umount_list" rm -f "$to_umount_list" unset to_umount_list @@ -184,3 +184,65 @@ function teardown() { grep -E '^\s+0\s+'$EUID'\s+1$' <<<"$output" fi } + +# +@test "userns join external namespaces [wrong userns owner]" { + requires root + + # Create an external user namespace for us to join. It seems on some + # operating systems (AlmaLinux in particular) "unshare -U" will + # automatically use an identity mapping (which breaks this test) so we need + # to use runc to create the userns. + update_config '.process.args = ["sleep", "infinity"]' + runc run -d --console-socket "$CONSOLE_SOCKET" target_userns + [ "$status" -eq 0 ] + + # Bind-mount the first containers userns nsfd to a different path, to + # exercise the non-fast-path (where runc has to join the userns to get the + # mappings). + userns_pid="$(__runc state target_userns | jq .pid)" + userns_path="$(mktemp "$BATS_RUN_TMPDIR/userns.XXXXXX")" + mount --bind "/proc/$userns_pid/ns/user" "$userns_path" + echo "$userns_path" >>"$to_umount_list" + + # Kill the container -- we have the userns bind-mounted. + runc delete -f target_userns + [ "$status" -eq 0 ] + + # Configure our container to attach to the external userns. + update_config '.linux.namespaces |= map(if .type == "user" then (.path = "'"$userns_path"'") else . end) + | del(.linux.uidMappings) + | del(.linux.gidMappings)' + + # Also create a network namespace that *is not owned* by the above userns. + # NOTE: Having no permissions in a namespaces makes it necessary to modify + # the config so that we don't get mount errors (for reference: no netns + # permissions == no sysfs mounts, no pidns permissoins == no procfs mounts, + # no utsns permissions == no sethostname(2), no ipc permissions == no + # mqueue mounts, etc). + netns_path="$(mktemp "$BATS_RUN_TMPDIR/netns.XXXXXX")" + unshare -i -- mount --bind "/proc/self/ns/net" "$netns_path" + echo "$netns_path" >>"$to_umount_list" + # Configure our container to attach to the external netns. + update_config '.linux.namespaces |= map(if .type == "network" then (.path = "'"$netns_path"'") else . end)' + + # Convert sysfs mounts to a bind-mount from the host, to avoid permission + # issues due to the netns setup we have. + update_config '.mounts |= map((select(.type == "sysfs") | { "source": "/sys", "destination": .destination, "type": "bind", "options": ["rbind"] }) // .)' + + # Create a detached container to verify the namespaces are correct. + update_config '.process.args = ["sleep", "infinity"]' + runc --debug run -d --console-socket "$CONSOLE_SOCKET" ctr + [ "$status" -eq 0 ] + + userns_id="user:[$(stat -c "%i" "$userns_path")]" + netns_id="net:[$(stat -c "%i" "$netns_path")]" + + runc exec ctr readlink /proc/self/ns/user + [ "$status" -eq 0 ] + [[ "$output" == "$userns_id" ]] + + runc exec ctr readlink /proc/self/ns/net + [ "$status" -eq 0 ] + [[ "$output" == "$netns_id" ]] +} From 119111a0dfaece9a5ba4787fa49f5ae6efbd0b23 Mon Sep 17 00:00:00 2001 From: lfbzhm Date: Tue, 12 Nov 2024 14:15:41 +0000 Subject: [PATCH 0729/1176] libct/cg: add test for remove a non-existent dir in a ro mount point Signed-off-by: lfbzhm --- libcontainer/cgroups/utils_test.go | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/libcontainer/cgroups/utils_test.go b/libcontainer/cgroups/utils_test.go index fc81992f0b0..58ac85a5864 100644 --- a/libcontainer/cgroups/utils_test.go +++ b/libcontainer/cgroups/utils_test.go @@ -3,11 +3,13 @@ package cgroups import ( "bytes" "errors" + "path/filepath" "reflect" "strings" "testing" "github.com/moby/sys/mountinfo" + "golang.org/x/sys/unix" ) const fedoraMountinfo = `15 35 0:3 / /proc rw,nosuid,nodev,noexec,relatime shared:5 - proc proc rw @@ -661,3 +663,29 @@ func TestConvertBlkIOToIOWeightValue(t *testing.T) { } } } + +// TestRemovePathReadOnly is to test remove a non-existent dir in a ro mount point. +// The similar issue example: https://github.com/opencontainers/runc/issues/4518 +func TestRemovePathReadOnly(t *testing.T) { + dirTo := t.TempDir() + err := unix.Mount(t.TempDir(), dirTo, "", unix.MS_BIND, "") + if err != nil { + t.Skip("no permission of mount") + } + defer func() { + _ = unix.Unmount(dirTo, 0) + }() + err = unix.Mount("", dirTo, "", unix.MS_REMOUNT|unix.MS_BIND|unix.MS_RDONLY, "") + if err != nil { + t.Skip("no permission of mount") + } + nonExistentDir := filepath.Join(dirTo, "non-existent-dir") + err = rmdir(nonExistentDir, true) + if !errors.Is(err, unix.EROFS) { + t.Fatalf("expected the error of removing a non-existent dir %s in a ro mount point with rmdir to be unix.EROFS, but got: %v", nonExistentDir, err) + } + err = RemovePath(nonExistentDir) + if err != nil { + t.Fatalf("expected the error of removing a non-existent dir %s in a ro mount point with RemovePath to be nil, but got: %v", nonExistentDir, err) + } +} From b7da16731c8b55e0e38070ac1d84a56b15f6db37 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Nov 2024 03:50:25 +0000 Subject: [PATCH 0730/1176] build(deps): bump google.golang.org/protobuf from 1.35.1 to 1.35.2 Bumps google.golang.org/protobuf from 1.35.1 to 1.35.2. --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- .../editiondefaults/editions_defaults.binpb | Bin 93 -> 99 bytes .../protobuf/internal/filedesc/desc.go | 15 +++++++++++++++ .../protobuf/internal/filedesc/editions.go | 4 ++++ .../protobuf/internal/genid/go_features_gen.go | 17 +++++++++++++++++ .../protobuf/internal/version/version.go | 2 +- vendor/modules.txt | 2 +- 8 files changed, 41 insertions(+), 5 deletions(-) diff --git a/go.mod b/go.mod index e17a8790c90..037903d7956 100644 --- a/go.mod +++ b/go.mod @@ -28,7 +28,7 @@ require ( github.com/vishvananda/netlink v1.3.0 golang.org/x/net v0.31.0 golang.org/x/sys v0.27.0 - google.golang.org/protobuf v1.35.1 + google.golang.org/protobuf v1.35.2 ) require ( diff --git a/go.sum b/go.sum index 7cd27896317..07ca744a705 100644 --- a/go.sum +++ b/go.sum @@ -97,8 +97,8 @@ golang.org/x/sys v0.27.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA= -google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= +google.golang.org/protobuf v1.35.2 h1:8Ar7bF+apOIoThw1EdZl0p1oWvMqTHmpA2fRTyZO8io= +google.golang.org/protobuf v1.35.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/vendor/google.golang.org/protobuf/internal/editiondefaults/editions_defaults.binpb b/vendor/google.golang.org/protobuf/internal/editiondefaults/editions_defaults.binpb index ff6a38360add36f53d48bb0863b701696e0d7b2d..2c0693d7abbf532f021dafc96e7568f57214b8e7 100644 GIT binary patch literal 99 zcmd;*m3YRk#C*w)K}(o}QGiK;Nr72|(SYfa9SaAe1S6NM#B;bblK@aefe9$h2$E(1 dOTS=O5(H{Ql40Ut&|548XQ literal 93 zcmd;*mUzal#C*w)K}(Q>QGiK;Nr72|(SYfa9TNv5m$bxlxFnMRqXeS@6Ht;7B*_4j Ve8H{+(u69m1u{(G8N0>{b^xZ!4_5#H diff --git a/vendor/google.golang.org/protobuf/internal/filedesc/desc.go b/vendor/google.golang.org/protobuf/internal/filedesc/desc.go index fa790e0ff19..f3252985641 100644 --- a/vendor/google.golang.org/protobuf/internal/filedesc/desc.go +++ b/vendor/google.golang.org/protobuf/internal/filedesc/desc.go @@ -32,6 +32,7 @@ const ( EditionProto2 Edition = 998 EditionProto3 Edition = 999 Edition2023 Edition = 1000 + Edition2024 Edition = 1001 EditionUnsupported Edition = 100000 ) @@ -77,28 +78,42 @@ type ( Locations SourceLocations } + // EditionFeatures is a frequently-instantiated struct, so please take care + // to minimize padding when adding new fields to this struct (add them in + // the right place/order). EditionFeatures struct { + // StripEnumPrefix determines if the plugin generates enum value + // constants as-is, with their prefix stripped, or both variants. + StripEnumPrefix int + // IsFieldPresence is true if field_presence is EXPLICIT // https://protobuf.dev/editions/features/#field_presence IsFieldPresence bool + // IsFieldPresence is true if field_presence is LEGACY_REQUIRED // https://protobuf.dev/editions/features/#field_presence IsLegacyRequired bool + // IsOpenEnum is true if enum_type is OPEN // https://protobuf.dev/editions/features/#enum_type IsOpenEnum bool + // IsPacked is true if repeated_field_encoding is PACKED // https://protobuf.dev/editions/features/#repeated_field_encoding IsPacked bool + // IsUTF8Validated is true if utf_validation is VERIFY // https://protobuf.dev/editions/features/#utf8_validation IsUTF8Validated bool + // IsDelimitedEncoded is true if message_encoding is DELIMITED // https://protobuf.dev/editions/features/#message_encoding IsDelimitedEncoded bool + // IsJSONCompliant is true if json_format is ALLOW // https://protobuf.dev/editions/features/#json_format IsJSONCompliant bool + // GenerateLegacyUnmarshalJSON determines if the plugin generates the // UnmarshalJSON([]byte) error method for enums. GenerateLegacyUnmarshalJSON bool diff --git a/vendor/google.golang.org/protobuf/internal/filedesc/editions.go b/vendor/google.golang.org/protobuf/internal/filedesc/editions.go index fd4d0c83d25..7611796e86c 100644 --- a/vendor/google.golang.org/protobuf/internal/filedesc/editions.go +++ b/vendor/google.golang.org/protobuf/internal/filedesc/editions.go @@ -32,6 +32,10 @@ func unmarshalGoFeature(b []byte, parent EditionFeatures) EditionFeatures { v, m := protowire.ConsumeVarint(b) b = b[m:] parent.GenerateLegacyUnmarshalJSON = protowire.DecodeBool(v) + case genid.GoFeatures_StripEnumPrefix_field_number: + v, m := protowire.ConsumeVarint(b) + b = b[m:] + parent.StripEnumPrefix = int(v) default: panic(fmt.Sprintf("unkown field number %d while unmarshalling GoFeatures", num)) } diff --git a/vendor/google.golang.org/protobuf/internal/genid/go_features_gen.go b/vendor/google.golang.org/protobuf/internal/genid/go_features_gen.go index 7f67cbb6e97..09792d96f6b 100644 --- a/vendor/google.golang.org/protobuf/internal/genid/go_features_gen.go +++ b/vendor/google.golang.org/protobuf/internal/genid/go_features_gen.go @@ -21,13 +21,30 @@ const ( // Field names for pb.GoFeatures. const ( GoFeatures_LegacyUnmarshalJsonEnum_field_name protoreflect.Name = "legacy_unmarshal_json_enum" + GoFeatures_StripEnumPrefix_field_name protoreflect.Name = "strip_enum_prefix" GoFeatures_LegacyUnmarshalJsonEnum_field_fullname protoreflect.FullName = "pb.GoFeatures.legacy_unmarshal_json_enum" + GoFeatures_StripEnumPrefix_field_fullname protoreflect.FullName = "pb.GoFeatures.strip_enum_prefix" ) // Field numbers for pb.GoFeatures. const ( GoFeatures_LegacyUnmarshalJsonEnum_field_number protoreflect.FieldNumber = 1 + GoFeatures_StripEnumPrefix_field_number protoreflect.FieldNumber = 3 +) + +// Full and short names for pb.GoFeatures.StripEnumPrefix. +const ( + GoFeatures_StripEnumPrefix_enum_fullname = "pb.GoFeatures.StripEnumPrefix" + GoFeatures_StripEnumPrefix_enum_name = "StripEnumPrefix" +) + +// Enum values for pb.GoFeatures.StripEnumPrefix. +const ( + GoFeatures_STRIP_ENUM_PREFIX_UNSPECIFIED_enum_value = 0 + GoFeatures_STRIP_ENUM_PREFIX_KEEP_enum_value = 1 + GoFeatures_STRIP_ENUM_PREFIX_GENERATE_BOTH_enum_value = 2 + GoFeatures_STRIP_ENUM_PREFIX_STRIP_enum_value = 3 ) // Extension numbers diff --git a/vendor/google.golang.org/protobuf/internal/version/version.go b/vendor/google.golang.org/protobuf/internal/version/version.go index fb8e15e8dad..62a52a40a31 100644 --- a/vendor/google.golang.org/protobuf/internal/version/version.go +++ b/vendor/google.golang.org/protobuf/internal/version/version.go @@ -52,7 +52,7 @@ import ( const ( Major = 1 Minor = 35 - Patch = 1 + Patch = 2 PreRelease = "" ) diff --git a/vendor/modules.txt b/vendor/modules.txt index 1d4ab439ca6..03657f6b819 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -88,7 +88,7 @@ golang.org/x/net/bpf ## explicit; go 1.18 golang.org/x/sys/unix golang.org/x/sys/windows -# google.golang.org/protobuf v1.35.1 +# google.golang.org/protobuf v1.35.2 ## explicit; go 1.21 google.golang.org/protobuf/encoding/prototext google.golang.org/protobuf/encoding/protowire From cdee1b386fd54e90b8f67ff29f846312fd1550d9 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 29 Jul 2024 13:29:51 -0700 Subject: [PATCH 0731/1176] libct/cap: preallocate slices Signed-off-by: Kir Kolyshkin --- libcontainer/capabilities/capabilities.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libcontainer/capabilities/capabilities.go b/libcontainer/capabilities/capabilities.go index cb11edd403b..7f1f7882f45 100644 --- a/libcontainer/capabilities/capabilities.go +++ b/libcontainer/capabilities/capabilities.go @@ -75,7 +75,7 @@ func New(capConfig *configs.Capabilities) (*Caps, error) { // equivalent, and returns them as a slice. Unknown or unavailable capabilities // are not returned, but appended to unknownCaps. func capSlice(caps []string, unknownCaps map[string]struct{}) []capability.Cap { - var out []capability.Cap + out := make([]capability.Cap, 0, len(caps)) for _, c := range caps { if v, ok := capabilityMap[c]; !ok { unknownCaps[c] = struct{}{} @@ -88,7 +88,7 @@ func capSlice(caps []string, unknownCaps map[string]struct{}) []capability.Cap { // mapKeys returns the keys of input in sorted order func mapKeys(input map[string]struct{}) []string { - var keys []string + keys := make([]string, 0, len(input)) for c := range input { keys = append(keys, c) } From fe73f1a9ab817d1936c0f128b29a62dd695a38bb Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 22 Jul 2024 17:23:17 -0700 Subject: [PATCH 0732/1176] libct/cap: switch to lazy init A map which is created in func init is only used by capSlice, which is only used by New, which is only used by runc init. Switch to lazy init to slightly save on startup time. Signed-off-by: Kir Kolyshkin --- libcontainer/capabilities/capabilities.go | 26 ++++++++++++----------- 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/libcontainer/capabilities/capabilities.go b/libcontainer/capabilities/capabilities.go index 7f1f7882f45..2d170683592 100644 --- a/libcontainer/capabilities/capabilities.go +++ b/libcontainer/capabilities/capabilities.go @@ -5,6 +5,7 @@ package capabilities import ( "sort" "strings" + "sync" "github.com/opencontainers/runc/libcontainer/configs" "github.com/sirupsen/logrus" @@ -14,25 +15,25 @@ import ( const allCapabilityTypes = capability.CAPS | capability.BOUNDING | capability.AMBIENT var ( - capabilityMap map[string]capability.Cap - capTypes = []capability.CapType{ + capTypes = []capability.CapType{ capability.BOUNDING, capability.PERMITTED, capability.INHERITABLE, capability.EFFECTIVE, capability.AMBIENT, } -) -func init() { - capabilityMap = make(map[string]capability.Cap, capability.CAP_LAST_CAP+1) - for _, c := range capability.List() { - if c > capability.CAP_LAST_CAP { - continue + capMap = sync.OnceValue(func() map[string]capability.Cap { + cm := make(map[string]capability.Cap, capability.CAP_LAST_CAP+1) + for _, c := range capability.List() { + if c > capability.CAP_LAST_CAP { + continue + } + cm["CAP_"+strings.ToUpper(c.String())] = c } - capabilityMap["CAP_"+strings.ToUpper(c.String())] = c - } -} + return cm + }) +) // KnownCapabilities returns the list of the known capabilities. // Used by `runc features`. @@ -75,9 +76,10 @@ func New(capConfig *configs.Capabilities) (*Caps, error) { // equivalent, and returns them as a slice. Unknown or unavailable capabilities // are not returned, but appended to unknownCaps. func capSlice(caps []string, unknownCaps map[string]struct{}) []capability.Cap { + cm := capMap() out := make([]capability.Cap, 0, len(caps)) for _, c := range caps { - if v, ok := capabilityMap[c]; !ok { + if v, ok := cm[c]; !ok { unknownCaps[c] = struct{}{} } else { out = append(out, v) From 66969827c036c7fa182035c6a0cb7dbd639d379a Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 31 Jul 2024 16:03:34 -0700 Subject: [PATCH 0733/1176] Switch to github.com/moby/sys/capability v0.4.0 This removes the last unversioned package in runc's direct dependencies. Signed-off-by: Kir Kolyshkin --- go.mod | 2 +- go.sum | 4 +- libcontainer/capabilities/capabilities.go | 82 +++-- .../capabilities/capabilities_linux_test.go | 10 +- tests/integration/capabilities.bats | 14 + .../moby/sys/capability/CHANGELOG.md | 124 +++++++ .../sys/capability}/LICENSE | 1 + .../github.com/moby/sys/capability/README.md | 13 + .../moby/sys/capability/capability.go | 176 +++++++++ .../sys}/capability/capability_linux.go | 339 ++++++++---------- .../moby/sys/capability/capability_noop.go | 46 +++ .../sys}/capability/enum.go | 37 +- .../sys}/capability/enum_gen.go | 5 +- .../sys}/capability/syscall_linux.go | 31 +- .../gocapability/capability/capability.go | 133 ------- .../capability/capability_noop.go | 19 - vendor/modules.txt | 6 +- 17 files changed, 635 insertions(+), 407 deletions(-) create mode 100644 vendor/github.com/moby/sys/capability/CHANGELOG.md rename vendor/github.com/{syndtr/gocapability => moby/sys/capability}/LICENSE (97%) create mode 100644 vendor/github.com/moby/sys/capability/README.md create mode 100644 vendor/github.com/moby/sys/capability/capability.go rename vendor/github.com/{syndtr/gocapability => moby/sys}/capability/capability_linux.go (65%) create mode 100644 vendor/github.com/moby/sys/capability/capability_noop.go rename vendor/github.com/{syndtr/gocapability => moby/sys}/capability/enum.go (91%) rename vendor/github.com/{syndtr/gocapability => moby/sys}/capability/enum_gen.go (94%) rename vendor/github.com/{syndtr/gocapability => moby/sys}/capability/syscall_linux.go (68%) delete mode 100644 vendor/github.com/syndtr/gocapability/capability/capability.go delete mode 100644 vendor/github.com/syndtr/gocapability/capability/capability_noop.go diff --git a/go.mod b/go.mod index 037903d7956..f709b2eaf61 100644 --- a/go.mod +++ b/go.mod @@ -15,6 +15,7 @@ require ( github.com/cyphar/filepath-securejoin v0.3.4 github.com/docker/go-units v0.5.0 github.com/godbus/dbus/v5 v5.1.0 + github.com/moby/sys/capability v0.4.0 github.com/moby/sys/mountinfo v0.7.2 github.com/moby/sys/user v0.3.0 github.com/moby/sys/userns v0.1.0 @@ -23,7 +24,6 @@ require ( github.com/opencontainers/selinux v1.11.1 github.com/seccomp/libseccomp-golang v0.10.0 github.com/sirupsen/logrus v1.9.3 - github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 github.com/urfave/cli v1.22.16 github.com/vishvananda/netlink v1.3.0 golang.org/x/net v0.31.0 diff --git a/go.sum b/go.sum index 07ca744a705..ce6feea0f35 100644 --- a/go.sum +++ b/go.sum @@ -39,6 +39,8 @@ github.com/mdlayher/netlink v1.7.2 h1:/UtM3ofJap7Vl4QWCPDGXY8d3GIY2UGSDbK+QWmY8/ github.com/mdlayher/netlink v1.7.2/go.mod h1:xraEF7uJbxLhc5fpHL4cPe221LI2bdttWlU+ZGLfQSw= github.com/mdlayher/socket v0.4.1 h1:eM9y2/jlbs1M615oshPQOHZzj6R6wMT7bX5NPiQvn2U= github.com/mdlayher/socket v0.4.1/go.mod h1:cAqeGjoufqdxWkD7DkpyS+wcefOtmu5OQ8KuoJGIReA= +github.com/moby/sys/capability v0.4.0 h1:4D4mI6KlNtWMCM1Z/K0i7RV1FkX+DBDHKVJpCndZoHk= +github.com/moby/sys/capability v0.4.0/go.mod h1:4g9IK291rVkms3LKCDOoYlnV8xKwoDTpIrNEE35Wq0I= github.com/moby/sys/mountinfo v0.7.2 h1:1shs6aH5s4o5H2zQLn796ADW1wMrIwHsyJ2v9KouLrg= github.com/moby/sys/mountinfo v0.7.2/go.mod h1:1YOa8w8Ih7uW0wALDUgT1dTTSBrZ+HiBLGws92L2RU4= github.com/moby/sys/user v0.3.0 h1:9ni5DlcW5an3SvRSx4MouotOygvzaXbaSrc/wGDFWPo= @@ -73,8 +75,6 @@ github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= -github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 h1:kdXcSzyDtseVEc4yCz2qF8ZrQvIDBJLl4S1c3GCXmoI= -github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= github.com/urfave/cli v1.22.16 h1:MH0k6uJxdwdeWQTwhSO42Pwr4YLrNLwBtg1MRgTqPdQ= github.com/urfave/cli v1.22.16/go.mod h1:EeJR6BKodywf4zciqrdw6hpCPk68JO9z5LazXZMn5Po= github.com/vishvananda/netlink v1.3.0 h1:X7l42GfcV4S6E4vHTsw48qbrV+9PVojNfIhZcwQdrZk= diff --git a/libcontainer/capabilities/capabilities.go b/libcontainer/capabilities/capabilities.go index 2d170683592..4e63d97a201 100644 --- a/libcontainer/capabilities/capabilities.go +++ b/libcontainer/capabilities/capabilities.go @@ -3,42 +3,36 @@ package capabilities import ( + "fmt" "sort" "strings" "sync" + "github.com/moby/sys/capability" "github.com/opencontainers/runc/libcontainer/configs" "github.com/sirupsen/logrus" - "github.com/syndtr/gocapability/capability" ) -const allCapabilityTypes = capability.CAPS | capability.BOUNDING | capability.AMBIENT +func capToStr(c capability.Cap) string { + return "CAP_" + strings.ToUpper(c.String()) +} -var ( - capTypes = []capability.CapType{ - capability.BOUNDING, - capability.PERMITTED, - capability.INHERITABLE, - capability.EFFECTIVE, - capability.AMBIENT, +var capMap = sync.OnceValues(func() (map[string]capability.Cap, error) { + list, err := capability.ListSupported() + if err != nil { + return nil, err } - - capMap = sync.OnceValue(func() map[string]capability.Cap { - cm := make(map[string]capability.Cap, capability.CAP_LAST_CAP+1) - for _, c := range capability.List() { - if c > capability.CAP_LAST_CAP { - continue - } - cm["CAP_"+strings.ToUpper(c.String())] = c - } - return cm - }) -) + cm := make(map[string]capability.Cap, len(list)) + for _, c := range list { + cm[capToStr(c)] = c + } + return cm, nil +}) // KnownCapabilities returns the list of the known capabilities. // Used by `runc features`. func KnownCapabilities() []string { - list := capability.List() + list := capability.ListKnown() res := make([]string, len(list)) for i, c := range list { res[i] = "CAP_" + strings.ToUpper(c.String()) @@ -50,11 +44,12 @@ func KnownCapabilities() []string { // or Capabilities that are unavailable in the current environment are ignored, // printing a warning instead. func New(capConfig *configs.Capabilities) (*Caps, error) { - var ( - err error - c Caps - ) + var c Caps + _, err := capMap() + if err != nil { + return nil, err + } unknownCaps := make(map[string]struct{}) c.caps = map[capability.CapType][]capability.Cap{ capability.BOUNDING: capSlice(capConfig.Bounding, unknownCaps), @@ -76,7 +71,7 @@ func New(capConfig *configs.Capabilities) (*Caps, error) { // equivalent, and returns them as a slice. Unknown or unavailable capabilities // are not returned, but appended to unknownCaps. func capSlice(caps []string, unknownCaps map[string]struct{}) []capability.Cap { - cm := capMap() + cm, _ := capMap() out := make([]capability.Cap, 0, len(caps)) for _, c := range caps { if v, ok := cm[c]; !ok { @@ -113,9 +108,36 @@ func (c *Caps) ApplyBoundingSet() error { // Apply sets all the capabilities for the current process in the config. func (c *Caps) ApplyCaps() error { - c.pid.Clear(allCapabilityTypes) - for _, g := range capTypes { + c.pid.Clear(capability.CAPS | capability.BOUNDS) + for _, g := range []capability.CapType{ + capability.EFFECTIVE, + capability.PERMITTED, + capability.INHERITABLE, + capability.BOUNDING, + } { c.pid.Set(g, c.caps[g]...) } - return c.pid.Apply(allCapabilityTypes) + if err := c.pid.Apply(capability.CAPS | capability.BOUNDS); err != nil { + return fmt.Errorf("can't apply capabilities: %w", err) + } + + // Old version of capability package used to ignore errors from setting + // ambient capabilities, which is now fixed (see + // https://github.com/kolyshkin/capability/pull/3). + // + // To maintain backward compatibility, set ambient caps one by one and + // don't return any errors, only warn. + ambs := c.caps[capability.AMBIENT] + err := capability.ResetAmbient() + if err != nil { + return fmt.Errorf("can't reset ambient capabilities: %w", err) + } + for _, a := range ambs { + err := capability.SetAmbient(true, a) + if err != nil { + logrus.Warnf("can't raise ambient capability %s: %v", capToStr(a), err) + } + } + + return nil } diff --git a/libcontainer/capabilities/capabilities_linux_test.go b/libcontainer/capabilities/capabilities_linux_test.go index dfbb44b4a3f..0e9f45a009a 100644 --- a/libcontainer/capabilities/capabilities_linux_test.go +++ b/libcontainer/capabilities/capabilities_linux_test.go @@ -5,12 +5,20 @@ import ( "os" "testing" + "github.com/moby/sys/capability" "github.com/opencontainers/runc/libcontainer/configs" "github.com/sirupsen/logrus" "github.com/sirupsen/logrus/hooks/test" - "github.com/syndtr/gocapability/capability" ) +var capTypes = []capability.CapType{ + capability.BOUNDING, + capability.PERMITTED, + capability.INHERITABLE, + capability.EFFECTIVE, + capability.AMBIENT, +} + func TestNew(t *testing.T) { cs := []string{"CAP_CHOWN", "CAP_UNKNOWN", "CAP_UNKNOWN2"} conf := configs.Capabilities{ diff --git a/tests/integration/capabilities.bats b/tests/integration/capabilities.bats index 5d1178b7c1a..4b1c127e026 100644 --- a/tests/integration/capabilities.bats +++ b/tests/integration/capabilities.bats @@ -116,3 +116,17 @@ function teardown() { [[ "${output}" == *"CapBnd: 0000000400000021"* ]] [[ "${output}" == *"CapAmb: 0000000400000001"* ]] } + +@test "runc run [ambient caps not set in inheritable result in a warning]" { + update_config ' .process.capabilities.inheritable = ["CAP_KILL"] + | .process.capabilities.ambient = ["CAP_KILL", "CAP_CHOWN"]' + runc run test_amb + [ "$status" -eq 0 ] + # This should result in CAP_KILL set in ambient, + # and a warning about inability to set CAP_CHOWN. + # + # CAP_CHOWN is 0, the bit mask is 0x1 (1 << 0) + # CAP_KILL is 5, the bit mask is 0x20 (1 << 5). + [[ "$output" == *"can't raise ambient capability CAP_CHOWN: "* ]] + [[ "${output}" == *"CapAmb: 0000000000000020"* ]] +} diff --git a/vendor/github.com/moby/sys/capability/CHANGELOG.md b/vendor/github.com/moby/sys/capability/CHANGELOG.md new file mode 100644 index 00000000000..299b36d92a5 --- /dev/null +++ b/vendor/github.com/moby/sys/capability/CHANGELOG.md @@ -0,0 +1,124 @@ +# Changelog +This file documents all notable changes made to this project since the initial fork +from https://github.com/syndtr/gocapability/commit/42c35b4376354fd5. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [0.4.0] - 2024-11-11 + +### Added +* New separate API for ambient ([GetAmbient], [SetAmbient], [ResetAmbient]) + and bound ([GetBound], [DropBound]) capabilities, modelled after libcap. (#176) + +### Fixed +* [Apply] now returns an error if called for non-zero `pid`. Before this change, + it could silently change some capabilities of the current process, instead of + the one identified by the `pid`. (#168, #174) +* Fixed tests that change capabilities to be run in a separate process. (#173) +* Other improvements in tests. (#169, #170) + +### Changed +* Use raw syscalls (which are slightly faster). (#176) +* Most tests are now limited to testing the public API of the package. (#162) +* Simplify parsing /proc/*pid*/status, add a test case. (#162) +* Optimize the number of syscall to set ambient capabilities in Apply + by clearing them first; add a test case. (#163, #164) +* Better documentation for [Apply], [NewFile], [NewFile2], [NewPid], [NewPid2]. (#175) + +### Removed +* `.golangci.yml` and `.codespellrc` are no longer part of the package. (#158) + +## [0.3.0] - 2024-09-25 + +### Added +* Added [ListKnown] and [ListSupported] functions. (#153) +* [LastCap] is now available on non-Linux platforms (where it returns an error). (#152) + +### Changed +* [List] is now deprecated in favor of [ListKnown] and [ListSupported]. (#153) + +### Fixed +* Various documentation improvements. (#151) +* Fix "generated code" comment. (#153) + +## [0.2.0] - 2024-09-16 + +This is the first release after the move to a new home in +github.com/moby/sys/capability. + +### Fixed + * Fixed URLs in documentation to reflect the new home. + +## [0.1.1] - 2024-08-01 + +This is a maintenance release, fixing a few minor issues. + +### Fixed + * Fixed future kernel compatibility, for real this time. [#11] + * Fixed [LastCap] to be a function. [#12] + +## [0.1.0] - 2024-07-31 + +This is an initial release since the fork. + +### Breaking changes + + * The `CAP_LAST_CAP` variable is removed; users need to modify the code to + use [LastCap] to get the value. [#6] + * The code now requires Go >= 1.21. + +### Added + * `go.mod` and `go.sum` files. [#2] + * New [LastCap] function. [#6] + * Basic CI using GHA infra. [#8], [#9] + * README and CHANGELOG. [#10] + +### Fixed + * Fixed ambient capabilities error handling in [Apply]. [#3] + * Fixed future kernel compatibility. [#1] + * Fixed various linter warnings. [#4], [#7] + +### Changed + * Go build tags changed from old-style (`+build`) to new Go 1.17+ style (`go:build`). [#2] + +### Removed + * Removed support for capabilities v1 and v2. [#1] + * Removed init function so programs that use this package start faster. [#6] + * Removed `CAP_LAST_CAP` (use [LastCap] instead). [#6] + + +[Apply]: https://pkg.go.dev/github.com/moby/sys/capability#Capabilities.Apply +[DropBound]: https://pkg.go.dev/github.com/moby/sys/capability#DropBound +[GetAmbient]: https://pkg.go.dev/github.com/moby/sys/capability#GetAmbient +[GetBound]: https://pkg.go.dev/github.com/moby/sys/capability#GetBound +[LastCap]: https://pkg.go.dev/github.com/moby/sys/capability#LastCap +[ListKnown]: https://pkg.go.dev/github.com/moby/sys/capability#ListKnown +[ListSupported]: https://pkg.go.dev/github.com/moby/sys/capability#ListSupported +[List]: https://pkg.go.dev/github.com/moby/sys/capability#List +[NewFile2]: https://pkg.go.dev/github.com/moby/sys/capability#NewFile2 +[NewFile]: https://pkg.go.dev/github.com/moby/sys/capability#NewFile +[NewPid2]: https://pkg.go.dev/github.com/moby/sys/capability#NewPid2 +[NewPid]: https://pkg.go.dev/github.com/moby/sys/capability#NewPid +[ResetAmbient]: https://pkg.go.dev/github.com/moby/sys/capability#ResetAmbient +[SetAmbient]: https://pkg.go.dev/github.com/moby/sys/capability#SetAmbient + + +[0.4.0]: https://github.com/moby/sys/releases/tag/capability%2Fv0.4.0 +[0.3.0]: https://github.com/moby/sys/releases/tag/capability%2Fv0.3.0 +[0.2.0]: https://github.com/moby/sys/releases/tag/capability%2Fv0.2.0 +[0.1.1]: https://github.com/kolyshkin/capability/compare/v0.1.0...v0.1.1 +[0.1.0]: https://github.com/kolyshkin/capability/compare/42c35b4376354fd5...v0.1.0 + + +[#1]: https://github.com/kolyshkin/capability/pull/1 +[#2]: https://github.com/kolyshkin/capability/pull/2 +[#3]: https://github.com/kolyshkin/capability/pull/3 +[#4]: https://github.com/kolyshkin/capability/pull/4 +[#6]: https://github.com/kolyshkin/capability/pull/6 +[#7]: https://github.com/kolyshkin/capability/pull/7 +[#8]: https://github.com/kolyshkin/capability/pull/8 +[#9]: https://github.com/kolyshkin/capability/pull/9 +[#10]: https://github.com/kolyshkin/capability/pull/10 +[#11]: https://github.com/kolyshkin/capability/pull/11 +[#12]: https://github.com/kolyshkin/capability/pull/12 diff --git a/vendor/github.com/syndtr/gocapability/LICENSE b/vendor/github.com/moby/sys/capability/LICENSE similarity index 97% rename from vendor/github.com/syndtr/gocapability/LICENSE rename to vendor/github.com/moby/sys/capability/LICENSE index 80dd96de77f..08adcd6ecfb 100644 --- a/vendor/github.com/syndtr/gocapability/LICENSE +++ b/vendor/github.com/moby/sys/capability/LICENSE @@ -1,3 +1,4 @@ +Copyright 2023 The Capability Authors. Copyright 2013 Suryandaru Triandana All rights reserved. diff --git a/vendor/github.com/moby/sys/capability/README.md b/vendor/github.com/moby/sys/capability/README.md new file mode 100644 index 00000000000..84b74871aa2 --- /dev/null +++ b/vendor/github.com/moby/sys/capability/README.md @@ -0,0 +1,13 @@ +This is a fork of (apparently no longer maintained) +https://github.com/syndtr/gocapability package. It provides basic primitives to +work with [Linux capabilities][capabilities(7)]. + +For changes, see [CHANGELOG.md](./CHANGELOG.md). + +[![Go Reference](https://pkg.go.dev/badge/github.com/moby/sys/capability/capability.svg)](https://pkg.go.dev/github.com/moby/sys/capability) + +## Alternatives + + * https://pkg.go.dev/kernel.org/pub/linux/libs/security/libcap/cap + +[capabilities(7)]: https://man7.org/linux/man-pages/man7/capabilities.7.html diff --git a/vendor/github.com/moby/sys/capability/capability.go b/vendor/github.com/moby/sys/capability/capability.go new file mode 100644 index 00000000000..11e47bed731 --- /dev/null +++ b/vendor/github.com/moby/sys/capability/capability.go @@ -0,0 +1,176 @@ +// Copyright 2023 The Capability Authors. +// Copyright 2013 Suryandaru Triandana +// All rights reserved. +// +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Package capability provides utilities for manipulating POSIX capabilities. +package capability + +type Capabilities interface { + // Get check whether a capability present in the given + // capabilities set. The 'which' value should be one of EFFECTIVE, + // PERMITTED, INHERITABLE, BOUNDING or AMBIENT. + Get(which CapType, what Cap) bool + + // Empty check whether all capability bits of the given capabilities + // set are zero. The 'which' value should be one of EFFECTIVE, + // PERMITTED, INHERITABLE, BOUNDING or AMBIENT. + Empty(which CapType) bool + + // Full check whether all capability bits of the given capabilities + // set are one. The 'which' value should be one of EFFECTIVE, + // PERMITTED, INHERITABLE, BOUNDING or AMBIENT. + Full(which CapType) bool + + // Set sets capabilities of the given capabilities sets. The + // 'which' value should be one or combination (OR'ed) of EFFECTIVE, + // PERMITTED, INHERITABLE, BOUNDING or AMBIENT. + Set(which CapType, caps ...Cap) + + // Unset unsets capabilities of the given capabilities sets. The + // 'which' value should be one or combination (OR'ed) of EFFECTIVE, + // PERMITTED, INHERITABLE, BOUNDING or AMBIENT. + Unset(which CapType, caps ...Cap) + + // Fill sets all bits of the given capabilities kind to one. The + // 'kind' value should be one or combination (OR'ed) of CAPS, + // BOUNDS or AMBS. + Fill(kind CapType) + + // Clear sets all bits of the given capabilities kind to zero. The + // 'kind' value should be one or combination (OR'ed) of CAPS, + // BOUNDS or AMBS. + Clear(kind CapType) + + // String return current capabilities state of the given capabilities + // set as string. The 'which' value should be one of EFFECTIVE, + // PERMITTED, INHERITABLE BOUNDING or AMBIENT + StringCap(which CapType) string + + // String return current capabilities state as string. + String() string + + // Load load actual capabilities value. This will overwrite all + // outstanding changes. + Load() error + + // Apply apply the capabilities settings, so all changes made by + // [Set], [Unset], [Fill], or [Clear] will take effect. + Apply(kind CapType) error +} + +// NewPid initializes a new [Capabilities] object for given pid when +// it is nonzero, or for the current process if pid is 0. +// +// Deprecated: replace with [NewPid2] followed by optional [Capabilities.Load] +// (only if needed). For example, replace: +// +// c, err := NewPid(0) +// if err != nil { +// return err +// } +// +// with: +// +// c, err := NewPid2(0) +// if err != nil { +// return err +// } +// err = c.Load() +// if err != nil { +// return err +// } +func NewPid(pid int) (Capabilities, error) { + c, err := newPid(pid) + if err != nil { + return c, err + } + err = c.Load() + return c, err +} + +// NewPid2 initializes a new [Capabilities] object for given pid when +// it is nonzero, or for the current process if pid is 0. This +// does not load the process's current capabilities; if needed, +// call [Capabilities.Load]. +func NewPid2(pid int) (Capabilities, error) { + return newPid(pid) +} + +// NewFile initializes a new Capabilities object for given file path. +// +// Deprecated: replace with [NewFile2] followed by optional [Capabilities.Load] +// (only if needed). For example, replace: +// +// c, err := NewFile(path) +// if err != nil { +// return err +// } +// +// with: +// +// c, err := NewFile2(path) +// if err != nil { +// return err +// } +// err = c.Load() +// if err != nil { +// return err +// } +func NewFile(path string) (Capabilities, error) { + c, err := newFile(path) + if err != nil { + return c, err + } + err = c.Load() + return c, err +} + +// NewFile2 creates a new initialized [Capabilities] object for given +// file path. This does not load the process's current capabilities; +// if needed, call [Capabilities.Load]. +func NewFile2(path string) (Capabilities, error) { + return newFile(path) +} + +// LastCap returns highest valid capability of the running kernel, +// or an error if it can not be obtained. +// +// See also: [ListSupported]. +func LastCap() (Cap, error) { + return lastCap() +} + +// GetAmbient determines if a specific ambient capability is raised in the +// calling thread. +func GetAmbient(c Cap) (bool, error) { + return getAmbient(c) +} + +// SetAmbient raises or lowers specified ambient capabilities for the calling +// thread. To complete successfully, the prevailing effective capability set +// must have a raised CAP_SETPCAP. Further, to raise a specific ambient +// capability the inheritable and permitted sets of the calling thread must +// already contain the specified capability. +func SetAmbient(raise bool, caps ...Cap) error { + return setAmbient(raise, caps...) +} + +// ResetAmbient resets all of the ambient capabilities for the calling thread +// to their lowered value. +func ResetAmbient() error { + return resetAmbient() +} + +// GetBound determines if a specific bounding capability is raised in the +// calling thread. +func GetBound(c Cap) (bool, error) { + return getBound(c) +} + +// DropBound lowers the specified bounding set capability. +func DropBound(caps ...Cap) error { + return dropBound(caps...) +} diff --git a/vendor/github.com/syndtr/gocapability/capability/capability_linux.go b/vendor/github.com/moby/sys/capability/capability_linux.go similarity index 65% rename from vendor/github.com/syndtr/gocapability/capability/capability_linux.go rename to vendor/github.com/moby/sys/capability/capability_linux.go index 1567dc81040..234b1efb29a 100644 --- a/vendor/github.com/syndtr/gocapability/capability/capability_linux.go +++ b/vendor/github.com/moby/sys/capability/capability_linux.go @@ -1,8 +1,9 @@ -// Copyright (c) 2013, Suryandaru Triandana +// Copyright 2023 The Capability Authors. +// Copyright 2013 Suryandaru Triandana // All rights reserved. // -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. package capability @@ -12,62 +13,53 @@ import ( "fmt" "io" "os" + "strconv" "strings" + "sync" "syscall" ) -var errUnknownVers = errors.New("unknown capability version") - const ( - linuxCapVer1 = 0x19980330 - linuxCapVer2 = 0x20071026 + linuxCapVer1 = 0x19980330 // No longer supported. + linuxCapVer2 = 0x20071026 // No longer supported. linuxCapVer3 = 0x20080522 ) -var ( - capVers uint32 - capLastCap Cap -) - -func init() { - var hdr capHeader - capget(&hdr, nil) - capVers = hdr.version - - if initLastCap() == nil { - CAP_LAST_CAP = capLastCap - if capLastCap > 31 { - capUpperMask = (uint32(1) << (uint(capLastCap) - 31)) - 1 - } else { - capUpperMask = 0 - } - } -} - -func initLastCap() error { - if capLastCap != 0 { - return nil - } - +var lastCap = sync.OnceValues(func() (Cap, error) { f, err := os.Open("/proc/sys/kernel/cap_last_cap") if err != nil { - return err + return 0, err } - defer f.Close() - var b []byte = make([]byte, 11) - _, err = f.Read(b) + buf := make([]byte, 11) + l, err := f.Read(buf) + f.Close() if err != nil { - return err + return 0, err } + buf = buf[:l] - fmt.Sscanf(string(b), "%d", &capLastCap) + last, err := strconv.Atoi(strings.TrimSpace(string(buf))) + if err != nil { + return 0, err + } + return Cap(last), nil +}) - return nil +func capUpperMask() uint32 { + last, err := lastCap() + if err != nil || last < 32 { + return 0 + } + return (uint32(1) << (uint(last) - 31)) - 1 } func mkStringCap(c Capabilities, which CapType) (ret string) { - for i, first := Cap(0), true; i <= CAP_LAST_CAP; i++ { + last, err := lastCap() + if err != nil { + return "" + } + for i, first := Cap(0), true; i <= last; i++ { if !c.Get(which, i) { continue } @@ -98,136 +90,38 @@ func mkString(c Capabilities, max CapType) (ret string) { return } -func newPid(pid int) (c Capabilities, err error) { - switch capVers { - case linuxCapVer1: - p := new(capsV1) - p.hdr.version = capVers - p.hdr.pid = int32(pid) - c = p - case linuxCapVer2, linuxCapVer3: +var capVersion = sync.OnceValues(func() (uint32, error) { + var hdr capHeader + err := capget(&hdr, nil) + return hdr.version, err +}) + +func newPid(pid int) (c Capabilities, retErr error) { + ver, err := capVersion() + if err != nil { + retErr = fmt.Errorf("unable to get capability version from the kernel: %w", err) + return + } + switch ver { + case linuxCapVer1, linuxCapVer2: + retErr = errors.New("old/unsupported capability version (kernel older than 2.6.26?)") + default: + // Either linuxCapVer3, or an unknown/future version (such as v4). + // In the latter case, we fall back to v3 as the latest version known + // to this package, as kernel should be backward-compatible to v3. p := new(capsV3) - p.hdr.version = capVers + p.hdr.version = linuxCapVer3 p.hdr.pid = int32(pid) c = p - default: - err = errUnknownVers - return } return } -type capsV1 struct { - hdr capHeader - data capData -} - -func (c *capsV1) Get(which CapType, what Cap) bool { - if what > 32 { - return false +func ignoreEINVAL(err error) error { + if errors.Is(err, syscall.EINVAL) { + err = nil } - - switch which { - case EFFECTIVE: - return (1< 32 { - continue - } - - if which&EFFECTIVE != 0 { - c.data.effective |= 1 << uint(what) - } - if which&PERMITTED != 0 { - c.data.permitted |= 1 << uint(what) - } - if which&INHERITABLE != 0 { - c.data.inheritable |= 1 << uint(what) - } - } -} - -func (c *capsV1) Unset(which CapType, caps ...Cap) { - for _, what := range caps { - if what > 32 { - continue - } - - if which&EFFECTIVE != 0 { - c.data.effective &= ^(1 << uint(what)) - } - if which&PERMITTED != 0 { - c.data.permitted &= ^(1 << uint(what)) - } - if which&INHERITABLE != 0 { - c.data.inheritable &= ^(1 << uint(what)) - } - } -} - -func (c *capsV1) Fill(kind CapType) { - if kind&CAPS == CAPS { - c.data.effective = 0x7fffffff - c.data.permitted = 0x7fffffff - c.data.inheritable = 0 - } -} - -func (c *capsV1) Clear(kind CapType) { - if kind&CAPS == CAPS { - c.data.effective = 0 - c.data.permitted = 0 - c.data.inheritable = 0 - } -} - -func (c *capsV1) StringCap(which CapType) (ret string) { - return mkStringCap(c, which) -} - -func (c *capsV1) String() (ret string) { - return mkString(c, BOUNDING) -} - -func (c *capsV1) Load() (err error) { - return capget(&c.hdr, &c.data) -} - -func (c *capsV1) Apply(kind CapType) error { - if kind&CAPS == CAPS { - return capset(&c.hdr, &c.data) - } - return nil + return err } type capsV3 struct { @@ -292,7 +186,8 @@ func (c *capsV3) Full(which CapType) bool { if (data[0] & 0xffffffff) != 0xffffffff { return false } - return (data[1] & capUpperMask) == capUpperMask + mask := capUpperMask() + return (data[1] & mask) == mask } func (c *capsV3) Set(which CapType, caps ...Cap) { @@ -401,15 +296,12 @@ func (c *capsV3) Load() (err error) { return } - var status_path string - - if c.hdr.pid == 0 { - status_path = fmt.Sprintf("/proc/self/status") - } else { - status_path = fmt.Sprintf("/proc/%d/status", c.hdr.pid) + path := "/proc/self/status" + if c.hdr.pid != 0 { + path = fmt.Sprintf("/proc/%d/status", c.hdr.pid) } - f, err := os.Open(status_path) + f, err := os.Open(path) if err != nil { return } @@ -422,12 +314,18 @@ func (c *capsV3) Load() (err error) { } break } - if strings.HasPrefix(line, "CapB") { - fmt.Sscanf(line[4:], "nd: %08x%08x", &c.bounds[1], &c.bounds[0]) + if val, ok := strings.CutPrefix(line, "CapBnd:\t"); ok { + _, err = fmt.Sscanf(val, "%08x%08x", &c.bounds[1], &c.bounds[0]) + if err != nil { + break + } continue } - if strings.HasPrefix(line, "CapA") { - fmt.Sscanf(line[4:], "mb: %08x%08x", &c.ambient[1], &c.ambient[0]) + if val, ok := strings.CutPrefix(line, "CapAmb:\t"); ok { + _, err = fmt.Sscanf(val, "%08x%08x", &c.ambient[1], &c.ambient[0]) + if err != nil { + break + } continue } } @@ -436,26 +334,29 @@ func (c *capsV3) Load() (err error) { return } -func (c *capsV3) Apply(kind CapType) (err error) { +func (c *capsV3) Apply(kind CapType) error { + if c.hdr.pid != 0 { + return errors.New("unable to modify capabilities of another process") + } + last, err := LastCap() + if err != nil { + return err + } if kind&BOUNDS == BOUNDS { var data [2]capData err = capget(&c.hdr, &data[0]) if err != nil { - return + return err } if (1< 0, nil +} + +func setAmbient(raise bool, caps ...Cap) error { + op := pr_CAP_AMBIENT_RAISE + if !raise { + op = pr_CAP_AMBIENT_LOWER + } + for _, val := range caps { + err := prctl(pr_CAP_AMBIENT, op, uintptr(val)) + if err != nil { + return err + } + } + return nil +} + +func resetAmbient() error { + return prctl(pr_CAP_AMBIENT, pr_CAP_AMBIENT_CLEAR_ALL, 0) +} + +func getBound(c Cap) (bool, error) { + res, err := prctlRetInt(syscall.PR_CAPBSET_READ, uintptr(c), 0) + if err != nil { + return false, err + } + return res > 0, nil +} + +func dropBound(caps ...Cap) error { + for _, val := range caps { + err := prctl(syscall.PR_CAPBSET_DROP, uintptr(val), 0) + if err != nil { + return err + } + } + return nil } func newFile(path string) (c Capabilities, err error) { @@ -547,7 +495,8 @@ func (c *capsFile) Full(which CapType) bool { if (data[0] & 0xffffffff) != 0xffffffff { return false } - return (data[1] & capUpperMask) == capUpperMask + mask := capUpperMask() + return (data[1] & mask) == mask } func (c *capsFile) Set(which CapType, caps ...Cap) { diff --git a/vendor/github.com/moby/sys/capability/capability_noop.go b/vendor/github.com/moby/sys/capability/capability_noop.go new file mode 100644 index 00000000000..b766e444f39 --- /dev/null +++ b/vendor/github.com/moby/sys/capability/capability_noop.go @@ -0,0 +1,46 @@ +// Copyright 2023 The Capability Authors. +// Copyright 2013 Suryandaru Triandana +// All rights reserved. +// +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build !linux + +package capability + +import "errors" + +var errNotSup = errors.New("not supported") + +func newPid(_ int) (Capabilities, error) { + return nil, errNotSup +} + +func newFile(_ string) (Capabilities, error) { + return nil, errNotSup +} + +func lastCap() (Cap, error) { + return -1, errNotSup +} + +func getAmbient(_ Cap) (bool, error) { + return false, errNotSup +} + +func setAmbient(_ bool, _ ...Cap) error { + return errNotSup +} + +func resetAmbient() error { + return errNotSup +} + +func getBound(_ Cap) (bool, error) { + return false, errNotSup +} + +func dropBound(_ ...Cap) error { + return errNotSup +} diff --git a/vendor/github.com/syndtr/gocapability/capability/enum.go b/vendor/github.com/moby/sys/capability/enum.go similarity index 91% rename from vendor/github.com/syndtr/gocapability/capability/enum.go rename to vendor/github.com/moby/sys/capability/enum.go index ad10785314d..f88593310ea 100644 --- a/vendor/github.com/syndtr/gocapability/capability/enum.go +++ b/vendor/github.com/moby/sys/capability/enum.go @@ -1,11 +1,14 @@ -// Copyright (c) 2013, Suryandaru Triandana +// Copyright 2024 The Capability Authors. +// Copyright 2013 Suryandaru Triandana // All rights reserved. // -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. package capability +import "slices" + type CapType uint func (c CapType) String() string { @@ -301,9 +304,27 @@ const ( CAP_CHECKPOINT_RESTORE = Cap(40) ) -var ( - // Highest valid capability of the running kernel. - CAP_LAST_CAP = Cap(63) +// List returns the list of all capabilities known to the package. +// +// Deprecated: use [ListKnown] or [ListSupported] instead. +func List() []Cap { + return ListKnown() +} - capUpperMask = ^uint32(0) -) +// ListKnown returns the list of all capabilities known to the package. +func ListKnown() []Cap { + return list() +} + +// ListSupported returns the list of all capabilities known to the package, +// except those that are not supported by the currently running Linux kernel. +func ListSupported() ([]Cap, error) { + last, err := LastCap() + if err != nil { + return nil, err + } + return slices.DeleteFunc(list(), func(c Cap) bool { + // Remove caps not supported by the kernel. + return c > last + }), nil +} diff --git a/vendor/github.com/syndtr/gocapability/capability/enum_gen.go b/vendor/github.com/moby/sys/capability/enum_gen.go similarity index 94% rename from vendor/github.com/syndtr/gocapability/capability/enum_gen.go rename to vendor/github.com/moby/sys/capability/enum_gen.go index 2ff9bf4d887..f72cd43a6e0 100644 --- a/vendor/github.com/syndtr/gocapability/capability/enum_gen.go +++ b/vendor/github.com/moby/sys/capability/enum_gen.go @@ -1,4 +1,4 @@ -// generated file; DO NOT EDIT - use go generate in directory with source +// Code generated by go generate; DO NOT EDIT. package capability @@ -90,8 +90,7 @@ func (c Cap) String() string { return "unknown" } -// List returns list of all supported capabilities -func List() []Cap { +func list() []Cap { return []Cap{ CAP_CHOWN, CAP_DAC_OVERRIDE, diff --git a/vendor/github.com/syndtr/gocapability/capability/syscall_linux.go b/vendor/github.com/moby/sys/capability/syscall_linux.go similarity index 68% rename from vendor/github.com/syndtr/gocapability/capability/syscall_linux.go rename to vendor/github.com/moby/sys/capability/syscall_linux.go index 3d2bf6927f3..2d8faa85fff 100644 --- a/vendor/github.com/syndtr/gocapability/capability/syscall_linux.go +++ b/vendor/github.com/moby/sys/capability/syscall_linux.go @@ -1,8 +1,9 @@ -// Copyright (c) 2013, Suryandaru Triandana +// Copyright 2024 The Capability Authors. +// Copyright 2013 Suryandaru Triandana // All rights reserved. // -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. package capability @@ -23,7 +24,7 @@ type capData struct { } func capget(hdr *capHeader, data *capData) (err error) { - _, _, e1 := syscall.Syscall(syscall.SYS_CAPGET, uintptr(unsafe.Pointer(hdr)), uintptr(unsafe.Pointer(data)), 0) + _, _, e1 := syscall.RawSyscall(syscall.SYS_CAPGET, uintptr(unsafe.Pointer(hdr)), uintptr(unsafe.Pointer(data)), 0) if e1 != 0 { err = e1 } @@ -31,7 +32,7 @@ func capget(hdr *capHeader, data *capData) (err error) { } func capset(hdr *capHeader, data *capData) (err error) { - _, _, e1 := syscall.Syscall(syscall.SYS_CAPSET, uintptr(unsafe.Pointer(hdr)), uintptr(unsafe.Pointer(data)), 0) + _, _, e1 := syscall.RawSyscall(syscall.SYS_CAPSET, uintptr(unsafe.Pointer(hdr)), uintptr(unsafe.Pointer(data)), 0) if e1 != 0 { err = e1 } @@ -47,14 +48,22 @@ const ( pr_CAP_AMBIENT_CLEAR_ALL = uintptr(4) ) -func prctl(option int, arg2, arg3, arg4, arg5 uintptr) (err error) { - _, _, e1 := syscall.Syscall6(syscall.SYS_PRCTL, uintptr(option), arg2, arg3, arg4, arg5, 0) +func prctl(option int, arg2, arg3 uintptr) (err error) { + _, _, e1 := syscall.RawSyscall(syscall.SYS_PRCTL, uintptr(option), arg2, arg3) if e1 != 0 { err = e1 } return } +func prctlRetInt(option int, arg2, arg3 uintptr) (int, error) { + ret, _, err := syscall.RawSyscall(syscall.SYS_PRCTL, uintptr(option), arg2, arg3) + if err != 0 { + return 0, err + } + return int(ret), nil +} + const ( vfsXattrName = "security.capability" @@ -79,9 +88,7 @@ type vfscapData struct { version int8 } -var ( - _vfsXattrName *byte -) +var _vfsXattrName *byte func init() { _vfsXattrName, _ = syscall.BytePtrFromString(vfsXattrName) @@ -93,7 +100,7 @@ func getVfsCap(path string, dest *vfscapData) (err error) { if err != nil { return } - r0, _, e1 := syscall.Syscall6(syscall.SYS_GETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_vfsXattrName)), uintptr(unsafe.Pointer(dest)), vfscapDataSizeV2, 0, 0) + r0, _, e1 := syscall.RawSyscall6(syscall.SYS_GETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_vfsXattrName)), uintptr(unsafe.Pointer(dest)), vfscapDataSizeV2, 0, 0) if e1 != 0 { if e1 == syscall.ENODATA { dest.version = 2 @@ -146,7 +153,7 @@ func setVfsCap(path string, data *vfscapData) (err error) { } else { return syscall.EINVAL } - _, _, e1 := syscall.Syscall6(syscall.SYS_SETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_vfsXattrName)), uintptr(unsafe.Pointer(data)), size, 0, 0) + _, _, e1 := syscall.RawSyscall6(syscall.SYS_SETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_vfsXattrName)), uintptr(unsafe.Pointer(data)), size, 0, 0) if e1 != 0 { err = e1 } diff --git a/vendor/github.com/syndtr/gocapability/capability/capability.go b/vendor/github.com/syndtr/gocapability/capability/capability.go deleted file mode 100644 index 61a90775e59..00000000000 --- a/vendor/github.com/syndtr/gocapability/capability/capability.go +++ /dev/null @@ -1,133 +0,0 @@ -// Copyright (c) 2013, Suryandaru Triandana -// All rights reserved. -// -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -// Package capability provides utilities for manipulating POSIX capabilities. -package capability - -type Capabilities interface { - // Get check whether a capability present in the given - // capabilities set. The 'which' value should be one of EFFECTIVE, - // PERMITTED, INHERITABLE, BOUNDING or AMBIENT. - Get(which CapType, what Cap) bool - - // Empty check whether all capability bits of the given capabilities - // set are zero. The 'which' value should be one of EFFECTIVE, - // PERMITTED, INHERITABLE, BOUNDING or AMBIENT. - Empty(which CapType) bool - - // Full check whether all capability bits of the given capabilities - // set are one. The 'which' value should be one of EFFECTIVE, - // PERMITTED, INHERITABLE, BOUNDING or AMBIENT. - Full(which CapType) bool - - // Set sets capabilities of the given capabilities sets. The - // 'which' value should be one or combination (OR'ed) of EFFECTIVE, - // PERMITTED, INHERITABLE, BOUNDING or AMBIENT. - Set(which CapType, caps ...Cap) - - // Unset unsets capabilities of the given capabilities sets. The - // 'which' value should be one or combination (OR'ed) of EFFECTIVE, - // PERMITTED, INHERITABLE, BOUNDING or AMBIENT. - Unset(which CapType, caps ...Cap) - - // Fill sets all bits of the given capabilities kind to one. The - // 'kind' value should be one or combination (OR'ed) of CAPS, - // BOUNDS or AMBS. - Fill(kind CapType) - - // Clear sets all bits of the given capabilities kind to zero. The - // 'kind' value should be one or combination (OR'ed) of CAPS, - // BOUNDS or AMBS. - Clear(kind CapType) - - // String return current capabilities state of the given capabilities - // set as string. The 'which' value should be one of EFFECTIVE, - // PERMITTED, INHERITABLE BOUNDING or AMBIENT - StringCap(which CapType) string - - // String return current capabilities state as string. - String() string - - // Load load actual capabilities value. This will overwrite all - // outstanding changes. - Load() error - - // Apply apply the capabilities settings, so all changes will take - // effect. - Apply(kind CapType) error -} - -// NewPid initializes a new Capabilities object for given pid when -// it is nonzero, or for the current process if pid is 0. -// -// Deprecated: Replace with NewPid2. For example, replace: -// -// c, err := NewPid(0) -// if err != nil { -// return err -// } -// -// with: -// -// c, err := NewPid2(0) -// if err != nil { -// return err -// } -// err = c.Load() -// if err != nil { -// return err -// } -func NewPid(pid int) (Capabilities, error) { - c, err := newPid(pid) - if err != nil { - return c, err - } - err = c.Load() - return c, err -} - -// NewPid2 initializes a new Capabilities object for given pid when -// it is nonzero, or for the current process if pid is 0. This -// does not load the process's current capabilities; to do that you -// must call Load explicitly. -func NewPid2(pid int) (Capabilities, error) { - return newPid(pid) -} - -// NewFile initializes a new Capabilities object for given file path. -// -// Deprecated: Replace with NewFile2. For example, replace: -// -// c, err := NewFile(path) -// if err != nil { -// return err -// } -// -// with: -// -// c, err := NewFile2(path) -// if err != nil { -// return err -// } -// err = c.Load() -// if err != nil { -// return err -// } -func NewFile(path string) (Capabilities, error) { - c, err := newFile(path) - if err != nil { - return c, err - } - err = c.Load() - return c, err -} - -// NewFile2 creates a new initialized Capabilities object for given -// file path. This does not load the process's current capabilities; -// to do that you must call Load explicitly. -func NewFile2(path string) (Capabilities, error) { - return newFile(path) -} diff --git a/vendor/github.com/syndtr/gocapability/capability/capability_noop.go b/vendor/github.com/syndtr/gocapability/capability/capability_noop.go deleted file mode 100644 index 9bb3070c5ec..00000000000 --- a/vendor/github.com/syndtr/gocapability/capability/capability_noop.go +++ /dev/null @@ -1,19 +0,0 @@ -// Copyright (c) 2013, Suryandaru Triandana -// All rights reserved. -// -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -// +build !linux - -package capability - -import "errors" - -func newPid(pid int) (Capabilities, error) { - return nil, errors.New("not supported") -} - -func newFile(path string) (Capabilities, error) { - return nil, errors.New("not supported") -} diff --git a/vendor/modules.txt b/vendor/modules.txt index 03657f6b819..248f67b2e20 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -34,6 +34,9 @@ github.com/docker/go-units # github.com/godbus/dbus/v5 v5.1.0 ## explicit; go 1.12 github.com/godbus/dbus/v5 +# github.com/moby/sys/capability v0.4.0 +## explicit; go 1.21 +github.com/moby/sys/capability # github.com/moby/sys/mountinfo v0.7.2 ## explicit; go 1.17 github.com/moby/sys/mountinfo @@ -65,9 +68,6 @@ github.com/seccomp/libseccomp-golang ## explicit; go 1.13 github.com/sirupsen/logrus github.com/sirupsen/logrus/hooks/test -# github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 -## explicit -github.com/syndtr/gocapability/capability # github.com/urfave/cli v1.22.16 ## explicit; go 1.11 github.com/urfave/cli From ec7e90b308eedb45bd9f807292dc38211254098d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 5 Dec 2024 04:47:30 +0000 Subject: [PATCH 0734/1176] build(deps): bump golang.org/x/sys from 0.27.0 to 0.28.0 Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.27.0 to 0.28.0. - [Commits](https://github.com/golang/sys/compare/v0.27.0...v0.28.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 +- vendor/golang.org/x/sys/unix/zerrors_linux.go | 9 +++ .../x/sys/unix/zerrors_linux_386.go | 6 ++ .../x/sys/unix/zerrors_linux_amd64.go | 6 ++ .../x/sys/unix/zerrors_linux_arm.go | 6 ++ .../x/sys/unix/zerrors_linux_arm64.go | 7 +++ .../x/sys/unix/zerrors_linux_loong64.go | 6 ++ .../x/sys/unix/zerrors_linux_mips.go | 6 ++ .../x/sys/unix/zerrors_linux_mips64.go | 6 ++ .../x/sys/unix/zerrors_linux_mips64le.go | 6 ++ .../x/sys/unix/zerrors_linux_mipsle.go | 6 ++ .../x/sys/unix/zerrors_linux_ppc.go | 6 ++ .../x/sys/unix/zerrors_linux_ppc64.go | 6 ++ .../x/sys/unix/zerrors_linux_ppc64le.go | 6 ++ .../x/sys/unix/zerrors_linux_riscv64.go | 6 ++ .../x/sys/unix/zerrors_linux_s390x.go | 6 ++ .../x/sys/unix/zerrors_linux_sparc64.go | 6 ++ .../x/sys/unix/ztypes_darwin_amd64.go | 60 +++++++++++++++++++ .../x/sys/unix/ztypes_darwin_arm64.go | 60 +++++++++++++++++++ vendor/golang.org/x/sys/unix/ztypes_linux.go | 20 ++++--- .../x/sys/windows/syscall_windows.go | 2 + .../golang.org/x/sys/windows/types_windows.go | 1 + .../x/sys/windows/zsyscall_windows.go | 28 +++++++-- vendor/modules.txt | 2 +- 25 files changed, 261 insertions(+), 18 deletions(-) diff --git a/go.mod b/go.mod index f709b2eaf61..fa367d479ca 100644 --- a/go.mod +++ b/go.mod @@ -27,7 +27,7 @@ require ( github.com/urfave/cli v1.22.16 github.com/vishvananda/netlink v1.3.0 golang.org/x/net v0.31.0 - golang.org/x/sys v0.27.0 + golang.org/x/sys v0.28.0 google.golang.org/protobuf v1.35.2 ) diff --git a/go.sum b/go.sum index ce6feea0f35..e7d2c5a50c2 100644 --- a/go.sum +++ b/go.sum @@ -92,8 +92,8 @@ golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.27.0 h1:wBqf8DvsY9Y/2P8gAfPDEYNuS30J4lPHJxXSb/nJZ+s= -golang.org/x/sys v0.27.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= +golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux.go b/vendor/golang.org/x/sys/unix/zerrors_linux.go index ccba391c9fb..6ebc48b3fec 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux.go @@ -321,6 +321,9 @@ const ( AUDIT_INTEGRITY_STATUS = 0x70a AUDIT_IPC = 0x517 AUDIT_IPC_SET_PERM = 0x51f + AUDIT_IPE_ACCESS = 0x58c + AUDIT_IPE_CONFIG_CHANGE = 0x58d + AUDIT_IPE_POLICY_LOAD = 0x58e AUDIT_KERNEL = 0x7d0 AUDIT_KERNEL_OTHER = 0x524 AUDIT_KERN_MODULE = 0x532 @@ -489,6 +492,7 @@ const ( BPF_F_ID = 0x20 BPF_F_NETFILTER_IP_DEFRAG = 0x1 BPF_F_QUERY_EFFECTIVE = 0x1 + BPF_F_REDIRECT_FLAGS = 0x19 BPF_F_REPLACE = 0x4 BPF_F_SLEEPABLE = 0x10 BPF_F_STRICT_ALIGNMENT = 0x1 @@ -1166,6 +1170,7 @@ const ( EXTA = 0xe EXTB = 0xf F2FS_SUPER_MAGIC = 0xf2f52010 + FALLOC_FL_ALLOCATE_RANGE = 0x0 FALLOC_FL_COLLAPSE_RANGE = 0x8 FALLOC_FL_INSERT_RANGE = 0x20 FALLOC_FL_KEEP_SIZE = 0x1 @@ -1799,6 +1804,8 @@ const ( LANDLOCK_ACCESS_NET_BIND_TCP = 0x1 LANDLOCK_ACCESS_NET_CONNECT_TCP = 0x2 LANDLOCK_CREATE_RULESET_VERSION = 0x1 + LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET = 0x1 + LANDLOCK_SCOPE_SIGNAL = 0x2 LINUX_REBOOT_CMD_CAD_OFF = 0x0 LINUX_REBOOT_CMD_CAD_ON = 0x89abcdef LINUX_REBOOT_CMD_HALT = 0xcdef0123 @@ -1924,6 +1931,7 @@ const ( MNT_FORCE = 0x1 MNT_ID_REQ_SIZE_VER0 = 0x18 MNT_ID_REQ_SIZE_VER1 = 0x20 + MNT_NS_INFO_SIZE_VER0 = 0x10 MODULE_INIT_COMPRESSED_FILE = 0x4 MODULE_INIT_IGNORE_MODVERSIONS = 0x1 MODULE_INIT_IGNORE_VERMAGIC = 0x2 @@ -2970,6 +2978,7 @@ const ( RWF_WRITE_LIFE_NOT_SET = 0x0 SCHED_BATCH = 0x3 SCHED_DEADLINE = 0x6 + SCHED_EXT = 0x7 SCHED_FIFO = 0x1 SCHED_FLAG_ALL = 0x7f SCHED_FLAG_DL_OVERRUN = 0x4 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go index 0c00cb3f3af..c0d45e32050 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go @@ -109,6 +109,7 @@ const ( HIDIOCGRAWINFO = 0x80084803 HIDIOCGRDESC = 0x90044802 HIDIOCGRDESCSIZE = 0x80044801 + HIDIOCREVOKE = 0x4004480d HUPCL = 0x400 ICANON = 0x2 IEXTEN = 0x8000 @@ -297,6 +298,8 @@ const ( RTC_WIE_ON = 0x700f RTC_WKALM_RD = 0x80287010 RTC_WKALM_SET = 0x4028700f + SCM_DEVMEM_DMABUF = 0x4f + SCM_DEVMEM_LINEAR = 0x4e SCM_TIMESTAMPING = 0x25 SCM_TIMESTAMPING_OPT_STATS = 0x36 SCM_TIMESTAMPING_PKTINFO = 0x3a @@ -335,6 +338,9 @@ const ( SO_CNX_ADVICE = 0x35 SO_COOKIE = 0x39 SO_DETACH_REUSEPORT_BPF = 0x44 + SO_DEVMEM_DMABUF = 0x4f + SO_DEVMEM_DONTNEED = 0x50 + SO_DEVMEM_LINEAR = 0x4e SO_DOMAIN = 0x27 SO_DONTROUTE = 0x5 SO_ERROR = 0x4 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go index dfb364554dd..c731d24f025 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go @@ -109,6 +109,7 @@ const ( HIDIOCGRAWINFO = 0x80084803 HIDIOCGRDESC = 0x90044802 HIDIOCGRDESCSIZE = 0x80044801 + HIDIOCREVOKE = 0x4004480d HUPCL = 0x400 ICANON = 0x2 IEXTEN = 0x8000 @@ -298,6 +299,8 @@ const ( RTC_WIE_ON = 0x700f RTC_WKALM_RD = 0x80287010 RTC_WKALM_SET = 0x4028700f + SCM_DEVMEM_DMABUF = 0x4f + SCM_DEVMEM_LINEAR = 0x4e SCM_TIMESTAMPING = 0x25 SCM_TIMESTAMPING_OPT_STATS = 0x36 SCM_TIMESTAMPING_PKTINFO = 0x3a @@ -336,6 +339,9 @@ const ( SO_CNX_ADVICE = 0x35 SO_COOKIE = 0x39 SO_DETACH_REUSEPORT_BPF = 0x44 + SO_DEVMEM_DMABUF = 0x4f + SO_DEVMEM_DONTNEED = 0x50 + SO_DEVMEM_LINEAR = 0x4e SO_DOMAIN = 0x27 SO_DONTROUTE = 0x5 SO_ERROR = 0x4 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go index d46dcf78abc..680018a4a7c 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go @@ -108,6 +108,7 @@ const ( HIDIOCGRAWINFO = 0x80084803 HIDIOCGRDESC = 0x90044802 HIDIOCGRDESCSIZE = 0x80044801 + HIDIOCREVOKE = 0x4004480d HUPCL = 0x400 ICANON = 0x2 IEXTEN = 0x8000 @@ -303,6 +304,8 @@ const ( RTC_WIE_ON = 0x700f RTC_WKALM_RD = 0x80287010 RTC_WKALM_SET = 0x4028700f + SCM_DEVMEM_DMABUF = 0x4f + SCM_DEVMEM_LINEAR = 0x4e SCM_TIMESTAMPING = 0x25 SCM_TIMESTAMPING_OPT_STATS = 0x36 SCM_TIMESTAMPING_PKTINFO = 0x3a @@ -341,6 +344,9 @@ const ( SO_CNX_ADVICE = 0x35 SO_COOKIE = 0x39 SO_DETACH_REUSEPORT_BPF = 0x44 + SO_DEVMEM_DMABUF = 0x4f + SO_DEVMEM_DONTNEED = 0x50 + SO_DEVMEM_LINEAR = 0x4e SO_DOMAIN = 0x27 SO_DONTROUTE = 0x5 SO_ERROR = 0x4 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go index 3af3248a7f2..a63909f308d 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go @@ -112,6 +112,7 @@ const ( HIDIOCGRAWINFO = 0x80084803 HIDIOCGRDESC = 0x90044802 HIDIOCGRDESCSIZE = 0x80044801 + HIDIOCREVOKE = 0x4004480d HUPCL = 0x400 ICANON = 0x2 IEXTEN = 0x8000 @@ -205,6 +206,7 @@ const ( PERF_EVENT_IOC_SET_BPF = 0x40042408 PERF_EVENT_IOC_SET_FILTER = 0x40082406 PERF_EVENT_IOC_SET_OUTPUT = 0x2405 + POE_MAGIC = 0x504f4530 PPPIOCATTACH = 0x4004743d PPPIOCATTCHAN = 0x40047438 PPPIOCBRIDGECHAN = 0x40047435 @@ -294,6 +296,8 @@ const ( RTC_WIE_ON = 0x700f RTC_WKALM_RD = 0x80287010 RTC_WKALM_SET = 0x4028700f + SCM_DEVMEM_DMABUF = 0x4f + SCM_DEVMEM_LINEAR = 0x4e SCM_TIMESTAMPING = 0x25 SCM_TIMESTAMPING_OPT_STATS = 0x36 SCM_TIMESTAMPING_PKTINFO = 0x3a @@ -332,6 +336,9 @@ const ( SO_CNX_ADVICE = 0x35 SO_COOKIE = 0x39 SO_DETACH_REUSEPORT_BPF = 0x44 + SO_DEVMEM_DMABUF = 0x4f + SO_DEVMEM_DONTNEED = 0x50 + SO_DEVMEM_LINEAR = 0x4e SO_DOMAIN = 0x27 SO_DONTROUTE = 0x5 SO_ERROR = 0x4 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go index 292bcf0283d..9b0a2573fe3 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go @@ -109,6 +109,7 @@ const ( HIDIOCGRAWINFO = 0x80084803 HIDIOCGRDESC = 0x90044802 HIDIOCGRDESCSIZE = 0x80044801 + HIDIOCREVOKE = 0x4004480d HUPCL = 0x400 ICANON = 0x2 IEXTEN = 0x8000 @@ -290,6 +291,8 @@ const ( RTC_WIE_ON = 0x700f RTC_WKALM_RD = 0x80287010 RTC_WKALM_SET = 0x4028700f + SCM_DEVMEM_DMABUF = 0x4f + SCM_DEVMEM_LINEAR = 0x4e SCM_TIMESTAMPING = 0x25 SCM_TIMESTAMPING_OPT_STATS = 0x36 SCM_TIMESTAMPING_PKTINFO = 0x3a @@ -328,6 +331,9 @@ const ( SO_CNX_ADVICE = 0x35 SO_COOKIE = 0x39 SO_DETACH_REUSEPORT_BPF = 0x44 + SO_DEVMEM_DMABUF = 0x4f + SO_DEVMEM_DONTNEED = 0x50 + SO_DEVMEM_LINEAR = 0x4e SO_DOMAIN = 0x27 SO_DONTROUTE = 0x5 SO_ERROR = 0x4 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go index 782b7110fa1..958e6e0645a 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go @@ -108,6 +108,7 @@ const ( HIDIOCGRAWINFO = 0x40084803 HIDIOCGRDESC = 0x50044802 HIDIOCGRDESCSIZE = 0x40044801 + HIDIOCREVOKE = 0x8004480d HUPCL = 0x400 ICANON = 0x2 IEXTEN = 0x100 @@ -296,6 +297,8 @@ const ( RTC_WIE_ON = 0x2000700f RTC_WKALM_RD = 0x40287010 RTC_WKALM_SET = 0x8028700f + SCM_DEVMEM_DMABUF = 0x4f + SCM_DEVMEM_LINEAR = 0x4e SCM_TIMESTAMPING = 0x25 SCM_TIMESTAMPING_OPT_STATS = 0x36 SCM_TIMESTAMPING_PKTINFO = 0x3a @@ -334,6 +337,9 @@ const ( SO_CNX_ADVICE = 0x35 SO_COOKIE = 0x39 SO_DETACH_REUSEPORT_BPF = 0x44 + SO_DEVMEM_DMABUF = 0x4f + SO_DEVMEM_DONTNEED = 0x50 + SO_DEVMEM_LINEAR = 0x4e SO_DOMAIN = 0x1029 SO_DONTROUTE = 0x10 SO_ERROR = 0x1007 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go index 84973fd9271..50c7f25bd16 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go @@ -108,6 +108,7 @@ const ( HIDIOCGRAWINFO = 0x40084803 HIDIOCGRDESC = 0x50044802 HIDIOCGRDESCSIZE = 0x40044801 + HIDIOCREVOKE = 0x8004480d HUPCL = 0x400 ICANON = 0x2 IEXTEN = 0x100 @@ -296,6 +297,8 @@ const ( RTC_WIE_ON = 0x2000700f RTC_WKALM_RD = 0x40287010 RTC_WKALM_SET = 0x8028700f + SCM_DEVMEM_DMABUF = 0x4f + SCM_DEVMEM_LINEAR = 0x4e SCM_TIMESTAMPING = 0x25 SCM_TIMESTAMPING_OPT_STATS = 0x36 SCM_TIMESTAMPING_PKTINFO = 0x3a @@ -334,6 +337,9 @@ const ( SO_CNX_ADVICE = 0x35 SO_COOKIE = 0x39 SO_DETACH_REUSEPORT_BPF = 0x44 + SO_DEVMEM_DMABUF = 0x4f + SO_DEVMEM_DONTNEED = 0x50 + SO_DEVMEM_LINEAR = 0x4e SO_DOMAIN = 0x1029 SO_DONTROUTE = 0x10 SO_ERROR = 0x1007 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go index 6d9cbc3b274..ced21d66d95 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go @@ -108,6 +108,7 @@ const ( HIDIOCGRAWINFO = 0x40084803 HIDIOCGRDESC = 0x50044802 HIDIOCGRDESCSIZE = 0x40044801 + HIDIOCREVOKE = 0x8004480d HUPCL = 0x400 ICANON = 0x2 IEXTEN = 0x100 @@ -296,6 +297,8 @@ const ( RTC_WIE_ON = 0x2000700f RTC_WKALM_RD = 0x40287010 RTC_WKALM_SET = 0x8028700f + SCM_DEVMEM_DMABUF = 0x4f + SCM_DEVMEM_LINEAR = 0x4e SCM_TIMESTAMPING = 0x25 SCM_TIMESTAMPING_OPT_STATS = 0x36 SCM_TIMESTAMPING_PKTINFO = 0x3a @@ -334,6 +337,9 @@ const ( SO_CNX_ADVICE = 0x35 SO_COOKIE = 0x39 SO_DETACH_REUSEPORT_BPF = 0x44 + SO_DEVMEM_DMABUF = 0x4f + SO_DEVMEM_DONTNEED = 0x50 + SO_DEVMEM_LINEAR = 0x4e SO_DOMAIN = 0x1029 SO_DONTROUTE = 0x10 SO_ERROR = 0x1007 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go index 5f9fedbce02..226c0441902 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go @@ -108,6 +108,7 @@ const ( HIDIOCGRAWINFO = 0x40084803 HIDIOCGRDESC = 0x50044802 HIDIOCGRDESCSIZE = 0x40044801 + HIDIOCREVOKE = 0x8004480d HUPCL = 0x400 ICANON = 0x2 IEXTEN = 0x100 @@ -296,6 +297,8 @@ const ( RTC_WIE_ON = 0x2000700f RTC_WKALM_RD = 0x40287010 RTC_WKALM_SET = 0x8028700f + SCM_DEVMEM_DMABUF = 0x4f + SCM_DEVMEM_LINEAR = 0x4e SCM_TIMESTAMPING = 0x25 SCM_TIMESTAMPING_OPT_STATS = 0x36 SCM_TIMESTAMPING_PKTINFO = 0x3a @@ -334,6 +337,9 @@ const ( SO_CNX_ADVICE = 0x35 SO_COOKIE = 0x39 SO_DETACH_REUSEPORT_BPF = 0x44 + SO_DEVMEM_DMABUF = 0x4f + SO_DEVMEM_DONTNEED = 0x50 + SO_DEVMEM_LINEAR = 0x4e SO_DOMAIN = 0x1029 SO_DONTROUTE = 0x10 SO_ERROR = 0x1007 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go index bb0026ee0c4..3122737cd46 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go @@ -108,6 +108,7 @@ const ( HIDIOCGRAWINFO = 0x40084803 HIDIOCGRDESC = 0x50044802 HIDIOCGRDESCSIZE = 0x40044801 + HIDIOCREVOKE = 0x8004480d HUPCL = 0x4000 ICANON = 0x100 IEXTEN = 0x400 @@ -351,6 +352,8 @@ const ( RTC_WIE_ON = 0x2000700f RTC_WKALM_RD = 0x40287010 RTC_WKALM_SET = 0x8028700f + SCM_DEVMEM_DMABUF = 0x4f + SCM_DEVMEM_LINEAR = 0x4e SCM_TIMESTAMPING = 0x25 SCM_TIMESTAMPING_OPT_STATS = 0x36 SCM_TIMESTAMPING_PKTINFO = 0x3a @@ -389,6 +392,9 @@ const ( SO_CNX_ADVICE = 0x35 SO_COOKIE = 0x39 SO_DETACH_REUSEPORT_BPF = 0x44 + SO_DEVMEM_DMABUF = 0x4f + SO_DEVMEM_DONTNEED = 0x50 + SO_DEVMEM_LINEAR = 0x4e SO_DOMAIN = 0x27 SO_DONTROUTE = 0x5 SO_ERROR = 0x4 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go index 46120db5c9a..eb5d3467edf 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go @@ -108,6 +108,7 @@ const ( HIDIOCGRAWINFO = 0x40084803 HIDIOCGRDESC = 0x50044802 HIDIOCGRDESCSIZE = 0x40044801 + HIDIOCREVOKE = 0x8004480d HUPCL = 0x4000 ICANON = 0x100 IEXTEN = 0x400 @@ -355,6 +356,8 @@ const ( RTC_WIE_ON = 0x2000700f RTC_WKALM_RD = 0x40287010 RTC_WKALM_SET = 0x8028700f + SCM_DEVMEM_DMABUF = 0x4f + SCM_DEVMEM_LINEAR = 0x4e SCM_TIMESTAMPING = 0x25 SCM_TIMESTAMPING_OPT_STATS = 0x36 SCM_TIMESTAMPING_PKTINFO = 0x3a @@ -393,6 +396,9 @@ const ( SO_CNX_ADVICE = 0x35 SO_COOKIE = 0x39 SO_DETACH_REUSEPORT_BPF = 0x44 + SO_DEVMEM_DMABUF = 0x4f + SO_DEVMEM_DONTNEED = 0x50 + SO_DEVMEM_LINEAR = 0x4e SO_DOMAIN = 0x27 SO_DONTROUTE = 0x5 SO_ERROR = 0x4 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go index 5c951634fbe..e921ebc60b7 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go @@ -108,6 +108,7 @@ const ( HIDIOCGRAWINFO = 0x40084803 HIDIOCGRDESC = 0x50044802 HIDIOCGRDESCSIZE = 0x40044801 + HIDIOCREVOKE = 0x8004480d HUPCL = 0x4000 ICANON = 0x100 IEXTEN = 0x400 @@ -355,6 +356,8 @@ const ( RTC_WIE_ON = 0x2000700f RTC_WKALM_RD = 0x40287010 RTC_WKALM_SET = 0x8028700f + SCM_DEVMEM_DMABUF = 0x4f + SCM_DEVMEM_LINEAR = 0x4e SCM_TIMESTAMPING = 0x25 SCM_TIMESTAMPING_OPT_STATS = 0x36 SCM_TIMESTAMPING_PKTINFO = 0x3a @@ -393,6 +396,9 @@ const ( SO_CNX_ADVICE = 0x35 SO_COOKIE = 0x39 SO_DETACH_REUSEPORT_BPF = 0x44 + SO_DEVMEM_DMABUF = 0x4f + SO_DEVMEM_DONTNEED = 0x50 + SO_DEVMEM_LINEAR = 0x4e SO_DOMAIN = 0x27 SO_DONTROUTE = 0x5 SO_ERROR = 0x4 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go index 11a84d5af20..38ba81c55c1 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go @@ -108,6 +108,7 @@ const ( HIDIOCGRAWINFO = 0x80084803 HIDIOCGRDESC = 0x90044802 HIDIOCGRDESCSIZE = 0x80044801 + HIDIOCREVOKE = 0x4004480d HUPCL = 0x400 ICANON = 0x2 IEXTEN = 0x8000 @@ -287,6 +288,8 @@ const ( RTC_WIE_ON = 0x700f RTC_WKALM_RD = 0x80287010 RTC_WKALM_SET = 0x4028700f + SCM_DEVMEM_DMABUF = 0x4f + SCM_DEVMEM_LINEAR = 0x4e SCM_TIMESTAMPING = 0x25 SCM_TIMESTAMPING_OPT_STATS = 0x36 SCM_TIMESTAMPING_PKTINFO = 0x3a @@ -325,6 +328,9 @@ const ( SO_CNX_ADVICE = 0x35 SO_COOKIE = 0x39 SO_DETACH_REUSEPORT_BPF = 0x44 + SO_DEVMEM_DMABUF = 0x4f + SO_DEVMEM_DONTNEED = 0x50 + SO_DEVMEM_LINEAR = 0x4e SO_DOMAIN = 0x27 SO_DONTROUTE = 0x5 SO_ERROR = 0x4 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go index f78c4617cac..71f0400977b 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go @@ -108,6 +108,7 @@ const ( HIDIOCGRAWINFO = 0x80084803 HIDIOCGRDESC = 0x90044802 HIDIOCGRDESCSIZE = 0x80044801 + HIDIOCREVOKE = 0x4004480d HUPCL = 0x400 ICANON = 0x2 IEXTEN = 0x8000 @@ -359,6 +360,8 @@ const ( RTC_WIE_ON = 0x700f RTC_WKALM_RD = 0x80287010 RTC_WKALM_SET = 0x4028700f + SCM_DEVMEM_DMABUF = 0x4f + SCM_DEVMEM_LINEAR = 0x4e SCM_TIMESTAMPING = 0x25 SCM_TIMESTAMPING_OPT_STATS = 0x36 SCM_TIMESTAMPING_PKTINFO = 0x3a @@ -397,6 +400,9 @@ const ( SO_CNX_ADVICE = 0x35 SO_COOKIE = 0x39 SO_DETACH_REUSEPORT_BPF = 0x44 + SO_DEVMEM_DMABUF = 0x4f + SO_DEVMEM_DONTNEED = 0x50 + SO_DEVMEM_LINEAR = 0x4e SO_DOMAIN = 0x27 SO_DONTROUTE = 0x5 SO_ERROR = 0x4 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go index aeb777c3442..c44a313322c 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go @@ -112,6 +112,7 @@ const ( HIDIOCGRAWINFO = 0x40084803 HIDIOCGRDESC = 0x50044802 HIDIOCGRDESCSIZE = 0x40044801 + HIDIOCREVOKE = 0x8004480d HUPCL = 0x400 ICANON = 0x2 IEXTEN = 0x8000 @@ -350,6 +351,8 @@ const ( RTC_WIE_ON = 0x2000700f RTC_WKALM_RD = 0x40287010 RTC_WKALM_SET = 0x8028700f + SCM_DEVMEM_DMABUF = 0x58 + SCM_DEVMEM_LINEAR = 0x57 SCM_TIMESTAMPING = 0x23 SCM_TIMESTAMPING_OPT_STATS = 0x38 SCM_TIMESTAMPING_PKTINFO = 0x3c @@ -436,6 +439,9 @@ const ( SO_CNX_ADVICE = 0x37 SO_COOKIE = 0x3b SO_DETACH_REUSEPORT_BPF = 0x47 + SO_DEVMEM_DMABUF = 0x58 + SO_DEVMEM_DONTNEED = 0x59 + SO_DEVMEM_LINEAR = 0x57 SO_DOMAIN = 0x1029 SO_DONTROUTE = 0x10 SO_ERROR = 0x1007 diff --git a/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go index d003c3d4378..17c53bd9b33 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go @@ -462,11 +462,14 @@ type FdSet struct { const ( SizeofIfMsghdr = 0x70 + SizeofIfMsghdr2 = 0xa0 SizeofIfData = 0x60 + SizeofIfData64 = 0x80 SizeofIfaMsghdr = 0x14 SizeofIfmaMsghdr = 0x10 SizeofIfmaMsghdr2 = 0x14 SizeofRtMsghdr = 0x5c + SizeofRtMsghdr2 = 0x5c SizeofRtMetrics = 0x38 ) @@ -480,6 +483,20 @@ type IfMsghdr struct { Data IfData } +type IfMsghdr2 struct { + Msglen uint16 + Version uint8 + Type uint8 + Addrs int32 + Flags int32 + Index uint16 + Snd_len int32 + Snd_maxlen int32 + Snd_drops int32 + Timer int32 + Data IfData64 +} + type IfData struct { Type uint8 Typelen uint8 @@ -512,6 +529,34 @@ type IfData struct { Reserved2 uint32 } +type IfData64 struct { + Type uint8 + Typelen uint8 + Physical uint8 + Addrlen uint8 + Hdrlen uint8 + Recvquota uint8 + Xmitquota uint8 + Unused1 uint8 + Mtu uint32 + Metric uint32 + Baudrate uint64 + Ipackets uint64 + Ierrors uint64 + Opackets uint64 + Oerrors uint64 + Collisions uint64 + Ibytes uint64 + Obytes uint64 + Imcasts uint64 + Omcasts uint64 + Iqdrops uint64 + Noproto uint64 + Recvtiming uint32 + Xmittiming uint32 + Lastchange Timeval32 +} + type IfaMsghdr struct { Msglen uint16 Version uint8 @@ -557,6 +602,21 @@ type RtMsghdr struct { Rmx RtMetrics } +type RtMsghdr2 struct { + Msglen uint16 + Version uint8 + Type uint8 + Index uint16 + Flags int32 + Addrs int32 + Refcnt int32 + Parentflags int32 + Reserved int32 + Use int32 + Inits uint32 + Rmx RtMetrics +} + type RtMetrics struct { Locks uint32 Mtu uint32 diff --git a/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go b/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go index 0d45a941aae..2392226a743 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go @@ -462,11 +462,14 @@ type FdSet struct { const ( SizeofIfMsghdr = 0x70 + SizeofIfMsghdr2 = 0xa0 SizeofIfData = 0x60 + SizeofIfData64 = 0x80 SizeofIfaMsghdr = 0x14 SizeofIfmaMsghdr = 0x10 SizeofIfmaMsghdr2 = 0x14 SizeofRtMsghdr = 0x5c + SizeofRtMsghdr2 = 0x5c SizeofRtMetrics = 0x38 ) @@ -480,6 +483,20 @@ type IfMsghdr struct { Data IfData } +type IfMsghdr2 struct { + Msglen uint16 + Version uint8 + Type uint8 + Addrs int32 + Flags int32 + Index uint16 + Snd_len int32 + Snd_maxlen int32 + Snd_drops int32 + Timer int32 + Data IfData64 +} + type IfData struct { Type uint8 Typelen uint8 @@ -512,6 +529,34 @@ type IfData struct { Reserved2 uint32 } +type IfData64 struct { + Type uint8 + Typelen uint8 + Physical uint8 + Addrlen uint8 + Hdrlen uint8 + Recvquota uint8 + Xmitquota uint8 + Unused1 uint8 + Mtu uint32 + Metric uint32 + Baudrate uint64 + Ipackets uint64 + Ierrors uint64 + Opackets uint64 + Oerrors uint64 + Collisions uint64 + Ibytes uint64 + Obytes uint64 + Imcasts uint64 + Omcasts uint64 + Iqdrops uint64 + Noproto uint64 + Recvtiming uint32 + Xmittiming uint32 + Lastchange Timeval32 +} + type IfaMsghdr struct { Msglen uint16 Version uint8 @@ -557,6 +602,21 @@ type RtMsghdr struct { Rmx RtMetrics } +type RtMsghdr2 struct { + Msglen uint16 + Version uint8 + Type uint8 + Index uint16 + Flags int32 + Addrs int32 + Refcnt int32 + Parentflags int32 + Reserved int32 + Use int32 + Inits uint32 + Rmx RtMetrics +} + type RtMetrics struct { Locks uint32 Mtu uint32 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux.go b/vendor/golang.org/x/sys/unix/ztypes_linux.go index 8daaf3faf4c..5537148dcbb 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux.go @@ -2594,8 +2594,8 @@ const ( SOF_TIMESTAMPING_BIND_PHC = 0x8000 SOF_TIMESTAMPING_OPT_ID_TCP = 0x10000 - SOF_TIMESTAMPING_LAST = 0x10000 - SOF_TIMESTAMPING_MASK = 0x1ffff + SOF_TIMESTAMPING_LAST = 0x20000 + SOF_TIMESTAMPING_MASK = 0x3ffff SCM_TSTAMP_SND = 0x0 SCM_TSTAMP_SCHED = 0x1 @@ -3541,7 +3541,7 @@ type Nhmsg struct { type NexthopGrp struct { Id uint32 Weight uint8 - Resvd1 uint8 + High uint8 Resvd2 uint16 } @@ -3802,7 +3802,7 @@ const ( ETHTOOL_MSG_PSE_GET = 0x24 ETHTOOL_MSG_PSE_SET = 0x25 ETHTOOL_MSG_RSS_GET = 0x26 - ETHTOOL_MSG_USER_MAX = 0x2c + ETHTOOL_MSG_USER_MAX = 0x2d ETHTOOL_MSG_KERNEL_NONE = 0x0 ETHTOOL_MSG_STRSET_GET_REPLY = 0x1 ETHTOOL_MSG_LINKINFO_GET_REPLY = 0x2 @@ -3842,7 +3842,7 @@ const ( ETHTOOL_MSG_MODULE_NTF = 0x24 ETHTOOL_MSG_PSE_GET_REPLY = 0x25 ETHTOOL_MSG_RSS_GET_REPLY = 0x26 - ETHTOOL_MSG_KERNEL_MAX = 0x2c + ETHTOOL_MSG_KERNEL_MAX = 0x2e ETHTOOL_FLAG_COMPACT_BITSETS = 0x1 ETHTOOL_FLAG_OMIT_REPLY = 0x2 ETHTOOL_FLAG_STATS = 0x4 @@ -3850,7 +3850,7 @@ const ( ETHTOOL_A_HEADER_DEV_INDEX = 0x1 ETHTOOL_A_HEADER_DEV_NAME = 0x2 ETHTOOL_A_HEADER_FLAGS = 0x3 - ETHTOOL_A_HEADER_MAX = 0x3 + ETHTOOL_A_HEADER_MAX = 0x4 ETHTOOL_A_BITSET_BIT_UNSPEC = 0x0 ETHTOOL_A_BITSET_BIT_INDEX = 0x1 ETHTOOL_A_BITSET_BIT_NAME = 0x2 @@ -4031,11 +4031,11 @@ const ( ETHTOOL_A_CABLE_RESULT_UNSPEC = 0x0 ETHTOOL_A_CABLE_RESULT_PAIR = 0x1 ETHTOOL_A_CABLE_RESULT_CODE = 0x2 - ETHTOOL_A_CABLE_RESULT_MAX = 0x2 + ETHTOOL_A_CABLE_RESULT_MAX = 0x3 ETHTOOL_A_CABLE_FAULT_LENGTH_UNSPEC = 0x0 ETHTOOL_A_CABLE_FAULT_LENGTH_PAIR = 0x1 ETHTOOL_A_CABLE_FAULT_LENGTH_CM = 0x2 - ETHTOOL_A_CABLE_FAULT_LENGTH_MAX = 0x2 + ETHTOOL_A_CABLE_FAULT_LENGTH_MAX = 0x3 ETHTOOL_A_CABLE_TEST_NTF_STATUS_UNSPEC = 0x0 ETHTOOL_A_CABLE_TEST_NTF_STATUS_STARTED = 0x1 ETHTOOL_A_CABLE_TEST_NTF_STATUS_COMPLETED = 0x2 @@ -4200,7 +4200,8 @@ type ( } PtpSysOffsetExtended struct { Samples uint32 - Rsv [3]uint32 + Clockid int32 + Rsv [2]uint32 Ts [25][3]PtpClockTime } PtpSysOffsetPrecise struct { @@ -4399,6 +4400,7 @@ const ( type LandlockRulesetAttr struct { Access_fs uint64 Access_net uint64 + Scoped uint64 } type LandlockPathBeneathAttr struct { diff --git a/vendor/golang.org/x/sys/windows/syscall_windows.go b/vendor/golang.org/x/sys/windows/syscall_windows.go index 4510bfc3f5c..4a325438685 100644 --- a/vendor/golang.org/x/sys/windows/syscall_windows.go +++ b/vendor/golang.org/x/sys/windows/syscall_windows.go @@ -168,6 +168,8 @@ func NewCallbackCDecl(fn interface{}) uintptr { //sys CreateNamedPipe(name *uint16, flags uint32, pipeMode uint32, maxInstances uint32, outSize uint32, inSize uint32, defaultTimeout uint32, sa *SecurityAttributes) (handle Handle, err error) [failretval==InvalidHandle] = CreateNamedPipeW //sys ConnectNamedPipe(pipe Handle, overlapped *Overlapped) (err error) //sys DisconnectNamedPipe(pipe Handle) (err error) +//sys GetNamedPipeClientProcessId(pipe Handle, clientProcessID *uint32) (err error) +//sys GetNamedPipeServerProcessId(pipe Handle, serverProcessID *uint32) (err error) //sys GetNamedPipeInfo(pipe Handle, flags *uint32, outSize *uint32, inSize *uint32, maxInstances *uint32) (err error) //sys GetNamedPipeHandleState(pipe Handle, state *uint32, curInstances *uint32, maxCollectionCount *uint32, collectDataTimeout *uint32, userName *uint16, maxUserNameSize uint32) (err error) = GetNamedPipeHandleStateW //sys SetNamedPipeHandleState(pipe Handle, state *uint32, maxCollectionCount *uint32, collectDataTimeout *uint32) (err error) = SetNamedPipeHandleState diff --git a/vendor/golang.org/x/sys/windows/types_windows.go b/vendor/golang.org/x/sys/windows/types_windows.go index 51311e205ff..9d138de5fed 100644 --- a/vendor/golang.org/x/sys/windows/types_windows.go +++ b/vendor/golang.org/x/sys/windows/types_windows.go @@ -176,6 +176,7 @@ const ( WAIT_FAILED = 0xFFFFFFFF // Access rights for process. + PROCESS_ALL_ACCESS = 0xFFFF PROCESS_CREATE_PROCESS = 0x0080 PROCESS_CREATE_THREAD = 0x0002 PROCESS_DUP_HANDLE = 0x0040 diff --git a/vendor/golang.org/x/sys/windows/zsyscall_windows.go b/vendor/golang.org/x/sys/windows/zsyscall_windows.go index 6f5252880ce..01c0716c2c4 100644 --- a/vendor/golang.org/x/sys/windows/zsyscall_windows.go +++ b/vendor/golang.org/x/sys/windows/zsyscall_windows.go @@ -280,8 +280,10 @@ var ( procGetMaximumProcessorCount = modkernel32.NewProc("GetMaximumProcessorCount") procGetModuleFileNameW = modkernel32.NewProc("GetModuleFileNameW") procGetModuleHandleExW = modkernel32.NewProc("GetModuleHandleExW") + procGetNamedPipeClientProcessId = modkernel32.NewProc("GetNamedPipeClientProcessId") procGetNamedPipeHandleStateW = modkernel32.NewProc("GetNamedPipeHandleStateW") procGetNamedPipeInfo = modkernel32.NewProc("GetNamedPipeInfo") + procGetNamedPipeServerProcessId = modkernel32.NewProc("GetNamedPipeServerProcessId") procGetOverlappedResult = modkernel32.NewProc("GetOverlappedResult") procGetPriorityClass = modkernel32.NewProc("GetPriorityClass") procGetProcAddress = modkernel32.NewProc("GetProcAddress") @@ -1612,7 +1614,7 @@ func DwmSetWindowAttribute(hwnd HWND, attribute uint32, value unsafe.Pointer, si } func CancelMibChangeNotify2(notificationHandle Handle) (errcode error) { - r0, _, _ := syscall.SyscallN(procCancelMibChangeNotify2.Addr(), uintptr(notificationHandle)) + r0, _, _ := syscall.Syscall(procCancelMibChangeNotify2.Addr(), 1, uintptr(notificationHandle), 0, 0) if r0 != 0 { errcode = syscall.Errno(r0) } @@ -1652,7 +1654,7 @@ func GetIfEntry(pIfRow *MibIfRow) (errcode error) { } func GetIfEntry2Ex(level uint32, row *MibIfRow2) (errcode error) { - r0, _, _ := syscall.SyscallN(procGetIfEntry2Ex.Addr(), uintptr(level), uintptr(unsafe.Pointer(row))) + r0, _, _ := syscall.Syscall(procGetIfEntry2Ex.Addr(), 2, uintptr(level), uintptr(unsafe.Pointer(row)), 0) if r0 != 0 { errcode = syscall.Errno(r0) } @@ -1660,7 +1662,7 @@ func GetIfEntry2Ex(level uint32, row *MibIfRow2) (errcode error) { } func GetUnicastIpAddressEntry(row *MibUnicastIpAddressRow) (errcode error) { - r0, _, _ := syscall.SyscallN(procGetUnicastIpAddressEntry.Addr(), uintptr(unsafe.Pointer(row))) + r0, _, _ := syscall.Syscall(procGetUnicastIpAddressEntry.Addr(), 1, uintptr(unsafe.Pointer(row)), 0, 0) if r0 != 0 { errcode = syscall.Errno(r0) } @@ -1672,7 +1674,7 @@ func NotifyIpInterfaceChange(family uint16, callback uintptr, callerContext unsa if initialNotification { _p0 = 1 } - r0, _, _ := syscall.SyscallN(procNotifyIpInterfaceChange.Addr(), uintptr(family), uintptr(callback), uintptr(callerContext), uintptr(_p0), uintptr(unsafe.Pointer(notificationHandle))) + r0, _, _ := syscall.Syscall6(procNotifyIpInterfaceChange.Addr(), 5, uintptr(family), uintptr(callback), uintptr(callerContext), uintptr(_p0), uintptr(unsafe.Pointer(notificationHandle)), 0) if r0 != 0 { errcode = syscall.Errno(r0) } @@ -1684,7 +1686,7 @@ func NotifyUnicastIpAddressChange(family uint16, callback uintptr, callerContext if initialNotification { _p0 = 1 } - r0, _, _ := syscall.SyscallN(procNotifyUnicastIpAddressChange.Addr(), uintptr(family), uintptr(callback), uintptr(callerContext), uintptr(_p0), uintptr(unsafe.Pointer(notificationHandle))) + r0, _, _ := syscall.Syscall6(procNotifyUnicastIpAddressChange.Addr(), 5, uintptr(family), uintptr(callback), uintptr(callerContext), uintptr(_p0), uintptr(unsafe.Pointer(notificationHandle)), 0) if r0 != 0 { errcode = syscall.Errno(r0) } @@ -2446,6 +2448,14 @@ func GetModuleHandleEx(flags uint32, moduleName *uint16, module *Handle) (err er return } +func GetNamedPipeClientProcessId(pipe Handle, clientProcessID *uint32) (err error) { + r1, _, e1 := syscall.Syscall(procGetNamedPipeClientProcessId.Addr(), 2, uintptr(pipe), uintptr(unsafe.Pointer(clientProcessID)), 0) + if r1 == 0 { + err = errnoErr(e1) + } + return +} + func GetNamedPipeHandleState(pipe Handle, state *uint32, curInstances *uint32, maxCollectionCount *uint32, collectDataTimeout *uint32, userName *uint16, maxUserNameSize uint32) (err error) { r1, _, e1 := syscall.Syscall9(procGetNamedPipeHandleStateW.Addr(), 7, uintptr(pipe), uintptr(unsafe.Pointer(state)), uintptr(unsafe.Pointer(curInstances)), uintptr(unsafe.Pointer(maxCollectionCount)), uintptr(unsafe.Pointer(collectDataTimeout)), uintptr(unsafe.Pointer(userName)), uintptr(maxUserNameSize), 0, 0) if r1 == 0 { @@ -2462,6 +2472,14 @@ func GetNamedPipeInfo(pipe Handle, flags *uint32, outSize *uint32, inSize *uint3 return } +func GetNamedPipeServerProcessId(pipe Handle, serverProcessID *uint32) (err error) { + r1, _, e1 := syscall.Syscall(procGetNamedPipeServerProcessId.Addr(), 2, uintptr(pipe), uintptr(unsafe.Pointer(serverProcessID)), 0) + if r1 == 0 { + err = errnoErr(e1) + } + return +} + func GetOverlappedResult(handle Handle, overlapped *Overlapped, done *uint32, wait bool) (err error) { var _p0 uint32 if wait { diff --git a/vendor/modules.txt b/vendor/modules.txt index 248f67b2e20..a44a85631cb 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -84,7 +84,7 @@ golang.org/x/exp/constraints # golang.org/x/net v0.31.0 ## explicit; go 1.18 golang.org/x/net/bpf -# golang.org/x/sys v0.27.0 +# golang.org/x/sys v0.28.0 ## explicit; go 1.18 golang.org/x/sys/unix golang.org/x/sys/windows From d5694eed7c7bc1a92c967e35f21411db6cda6f82 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 5 Dec 2024 09:28:56 +0000 Subject: [PATCH 0735/1176] build(deps): bump golang.org/x/net from 0.31.0 to 0.32.0 Bumps [golang.org/x/net](https://github.com/golang/net) from 0.31.0 to 0.32.0. - [Commits](https://github.com/golang/net/compare/v0.31.0...v0.32.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- vendor/modules.txt | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index fa367d479ca..824c5d6989e 100644 --- a/go.mod +++ b/go.mod @@ -26,7 +26,7 @@ require ( github.com/sirupsen/logrus v1.9.3 github.com/urfave/cli v1.22.16 github.com/vishvananda/netlink v1.3.0 - golang.org/x/net v0.31.0 + golang.org/x/net v0.32.0 golang.org/x/sys v0.28.0 google.golang.org/protobuf v1.35.2 ) diff --git a/go.sum b/go.sum index e7d2c5a50c2..b94e620d4a3 100644 --- a/go.sum +++ b/go.sum @@ -83,8 +83,8 @@ github.com/vishvananda/netns v0.0.4 h1:Oeaw1EM2JMxD51g9uhtC0D7erkIjgmj8+JZc26m1Y github.com/vishvananda/netns v0.0.4/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM= golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2 h1:Jvc7gsqn21cJHCmAWx0LiimpP18LZmUxkT5Mp7EZ1mI= golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= -golang.org/x/net v0.31.0 h1:68CPQngjLL0r2AlUKiSxtQFKvzRVbnzLwMUn5SzcLHo= -golang.org/x/net v0.31.0/go.mod h1:P4fl1q7dY2hnZFxEk4pPSkDHF+QqjitcnDjUQyMM+pM= +golang.org/x/net v0.32.0 h1:ZqPmj8Kzc+Y6e0+skZsuACbx+wzMgo5MQsJh9Qd6aYI= +golang.org/x/net v0.32.0/go.mod h1:CwU0IoeOlnQQWJ6ioyFrfRuomB8GKF6KbYXZVyeXNfs= golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= diff --git a/vendor/modules.txt b/vendor/modules.txt index a44a85631cb..7aac064cd37 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -81,7 +81,7 @@ github.com/vishvananda/netns # golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2 ## explicit; go 1.18 golang.org/x/exp/constraints -# golang.org/x/net v0.31.0 +# golang.org/x/net v0.32.0 ## explicit; go 1.18 golang.org/x/net/bpf # golang.org/x/sys v0.28.0 From dea0e04dd93d3922083e68667d20aac532d31129 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Fri, 6 Dec 2024 17:45:25 +1100 Subject: [PATCH 0736/1176] cgroups: ebpf: use link.Anchor to check for BPF_F_REPLACE support In v0.13.0, cilium/ebpf stopped supporting setting BPF_F_REPLACE as an explicit flag and instead requires us to use link.Anchor to specify where the program should be attached. Commit 216175a9ca84 ("Upgrade Cilium's eBPF library version to 0.16") did update this correctly for the actual attaching logic, but when checking for kernel support we still passed BPF_F_REPLACE. This would result in a generic error being returned, which our feature-support checking logic would treat as being an error the indicates that BPF_F_REPLACE *is* supported, resulting in a regression on pre-5.6 kernels. It turns out that our debug logging saying that this unexpected error was happening was being output as a result of this change, but nobody noticed... Fixes: 216175a9ca84 ("Upgrade Cilium's eBPF library version to 0.16") Signed-off-by: Aleksa Sarai --- libcontainer/cgroups/devices/ebpf_linux.go | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/libcontainer/cgroups/devices/ebpf_linux.go b/libcontainer/cgroups/devices/ebpf_linux.go index 1d3999e664d..0e808e29b32 100644 --- a/libcontainer/cgroups/devices/ebpf_linux.go +++ b/libcontainer/cgroups/devices/ebpf_linux.go @@ -123,12 +123,15 @@ func haveBpfProgReplace() bool { // BPF_CGROUP_DEVICE programs. If passing BPF_F_REPLACE gives us EINVAL // we know that the feature isn't present. err = link.RawAttachProgram(link.RawAttachProgramOptions{ - // We rely on this fd being checked after attachFlags. + // We rely on this fd being checked after attachFlags in the kernel. Target: int(devnull.Fd()), - // Attempt to "replace" bad fds with this program. + // Attempt to "replace" our BPF program with itself. This will + // always fail, but we should get -EINVAL if BPF_F_REPLACE is not + // supported. + Anchor: link.ReplaceProgram(prog), Program: prog, Attach: ebpf.AttachCGroupDevice, - Flags: unix.BPF_F_ALLOW_MULTI | unix.BPF_F_REPLACE, + Flags: unix.BPF_F_ALLOW_MULTI, }) if errors.Is(err, unix.EINVAL) { // not supported From 9bc6753d1f38072b2f12a7ddaf850d0580ccef2b Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Fri, 6 Dec 2024 17:50:14 +1100 Subject: [PATCH 0737/1176] cgroups: ebpf: also check for ebpf.ErrNotSupported It is possible for LinkAttachProgram to return ErrNotSupported if program attachment is not supported at all (which doesn't matter in this case), but it seems possible that upstream will start returning ErrNotSupported for BPF_F_REPLACE at some point so it's best to make sure we don't cause additional regressions here. Signed-off-by: Aleksa Sarai --- libcontainer/cgroups/devices/ebpf_linux.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/libcontainer/cgroups/devices/ebpf_linux.go b/libcontainer/cgroups/devices/ebpf_linux.go index 0e808e29b32..63bc10ec0ad 100644 --- a/libcontainer/cgroups/devices/ebpf_linux.go +++ b/libcontainer/cgroups/devices/ebpf_linux.go @@ -133,11 +133,10 @@ func haveBpfProgReplace() bool { Attach: ebpf.AttachCGroupDevice, Flags: unix.BPF_F_ALLOW_MULTI, }) - if errors.Is(err, unix.EINVAL) { + if errors.Is(err, ebpf.ErrNotSupported) || errors.Is(err, unix.EINVAL) { // not supported return } - // attach_flags test succeeded. if !errors.Is(err, unix.EBADF) { logrus.Debugf("checking for BPF_F_REPLACE: got unexpected (not EBADF or EINVAL) error: %v", err) } From c0044c7aa403ecf2d9172bd9386d05433b011076 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Fri, 6 Dec 2024 17:54:06 +1100 Subject: [PATCH 0738/1176] cgroup: ebpf: make unexpected errors in haveBpfProgReplace louder If we get an unexpected error here, it is probably because of a library or kernel change that could cause our detection logic to be invalid. As a result, these warnings should be louder so users have a chance to tell us about them sooner (or so we might notice them before doing a release, as happened with the 1.2.0 regression). Signed-off-by: Aleksa Sarai --- libcontainer/cgroups/devices/ebpf_linux.go | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/libcontainer/cgroups/devices/ebpf_linux.go b/libcontainer/cgroups/devices/ebpf_linux.go index 63bc10ec0ad..6a41aff6e1a 100644 --- a/libcontainer/cgroups/devices/ebpf_linux.go +++ b/libcontainer/cgroups/devices/ebpf_linux.go @@ -107,14 +107,14 @@ func haveBpfProgReplace() bool { }, }) if err != nil { - logrus.Debugf("checking for BPF_F_REPLACE support: ebpf.NewProgram failed: %v", err) + logrus.Warnf("checking for BPF_F_REPLACE support: ebpf.NewProgram failed: %v", err) return } defer prog.Close() devnull, err := os.Open("/dev/null") if err != nil { - logrus.Debugf("checking for BPF_F_REPLACE support: open dummy target fd: %v", err) + logrus.Warnf("checking for BPF_F_REPLACE support: open dummy target fd: %v", err) return } defer devnull.Close() @@ -138,7 +138,11 @@ func haveBpfProgReplace() bool { return } if !errors.Is(err, unix.EBADF) { - logrus.Debugf("checking for BPF_F_REPLACE: got unexpected (not EBADF or EINVAL) error: %v", err) + // If we see any new errors here, it's possible that there is a + // regression due to a cilium/ebpf update and the above EINVAL + // checks are not working. So, be loud about it so someone notices + // and we can get the issue fixed quicker. + logrus.Warnf("checking for BPF_F_REPLACE: got unexpected (not EBADF or EINVAL) error: %v", err) } haveBpfProgReplaceBool = true }) From 2f1b6626f38c63ee37930267caa3a9bf57a2ea79 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Fri, 6 Dec 2024 19:38:46 +1100 Subject: [PATCH 0739/1176] deps: update to github.com/cyphar/filepath-securejoin@v0.3.5 This fixes a regression in use of securejoin.MkdirAll, where multiple runc processes racing to create the same mountpoint in a shared rootfs would result in spurious EEXIST errors. In particular, this regression caused issues with BuildKit. Fixes: dd827f7b715a ("utils: switch to securejoin.MkdirAllHandle") Signed-off-by: Aleksa Sarai --- go.mod | 2 +- go.sum | 4 ++-- .../cyphar/filepath-securejoin/CHANGELOG.md | 12 ++++++++++-- vendor/github.com/cyphar/filepath-securejoin/VERSION | 2 +- .../cyphar/filepath-securejoin/mkdir_linux.go | 7 ++++++- vendor/modules.txt | 2 +- 6 files changed, 21 insertions(+), 8 deletions(-) diff --git a/go.mod b/go.mod index 824c5d6989e..4aff1f52fdd 100644 --- a/go.mod +++ b/go.mod @@ -12,7 +12,7 @@ require ( github.com/cilium/ebpf v0.16.0 github.com/containerd/console v1.0.4 github.com/coreos/go-systemd/v22 v22.5.0 - github.com/cyphar/filepath-securejoin v0.3.4 + github.com/cyphar/filepath-securejoin v0.3.5 github.com/docker/go-units v0.5.0 github.com/godbus/dbus/v5 v5.1.0 github.com/moby/sys/capability v0.4.0 diff --git a/go.sum b/go.sum index b94e620d4a3..d7797b3e269 100644 --- a/go.sum +++ b/go.sum @@ -10,8 +10,8 @@ github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSV github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/cpuguy83/go-md2man/v2 v2.0.5 h1:ZtcqGrnekaHpVLArFSe4HK5DoKx1T0rq2DwVB0alcyc= github.com/cpuguy83/go-md2man/v2 v2.0.5/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= -github.com/cyphar/filepath-securejoin v0.3.4 h1:VBWugsJh2ZxJmLFSM06/0qzQyiQX2Qs0ViKrUAcqdZ8= -github.com/cyphar/filepath-securejoin v0.3.4/go.mod h1:8s/MCNJREmFK0H02MF6Ihv1nakJe4L/w3WZLHNkvlYM= +github.com/cyphar/filepath-securejoin v0.3.5 h1:L81NHjquoQmcPgXcttUS9qTSR/+bXry6pbSINQGpjj4= +github.com/cyphar/filepath-securejoin v0.3.5/go.mod h1:edhVd3c6OXKjUmSrVa/tGJRS9joFTxlslFCAyaxigkE= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= diff --git a/vendor/github.com/cyphar/filepath-securejoin/CHANGELOG.md b/vendor/github.com/cyphar/filepath-securejoin/CHANGELOG.md index 04b5685ab4f..05657248fa3 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/CHANGELOG.md +++ b/vendor/github.com/cyphar/filepath-securejoin/CHANGELOG.md @@ -6,6 +6,13 @@ and this project adheres to [Semantic Versioning](http://semver.org/). ## [Unreleased] ## +## [0.3.5] - 2024-12-06 ## +### Fixed ### +- `MkdirAll` will now no longer return an `EEXIST` error if two racing + processes are creating the same directory. We will still verify that the path + is a directory, but this will avoid spurious errors when multiple threads or + programs are trying to `MkdirAll` the same path. opencontainers/runc#4543 + ## [0.3.4] - 2024-10-09 ## ### Fixed ### @@ -164,8 +171,9 @@ This is our first release of `github.com/cyphar/filepath-securejoin`, containing a full implementation with a coverage of 93.5% (the only missing cases are the error cases, which are hard to mocktest at the moment). -[Unreleased]: https://github.com/cyphar/filepath-securejoin/compare/v0.3.4...HEAD -[0.3.3]: https://github.com/cyphar/filepath-securejoin/compare/v0.3.3...v0.3.4 +[Unreleased]: https://github.com/cyphar/filepath-securejoin/compare/v0.3.5...HEAD +[0.3.5]: https://github.com/cyphar/filepath-securejoin/compare/v0.3.4...v0.3.5 +[0.3.4]: https://github.com/cyphar/filepath-securejoin/compare/v0.3.3...v0.3.4 [0.3.3]: https://github.com/cyphar/filepath-securejoin/compare/v0.3.2...v0.3.3 [0.3.2]: https://github.com/cyphar/filepath-securejoin/compare/v0.3.1...v0.3.2 [0.3.1]: https://github.com/cyphar/filepath-securejoin/compare/v0.3.0...v0.3.1 diff --git a/vendor/github.com/cyphar/filepath-securejoin/VERSION b/vendor/github.com/cyphar/filepath-securejoin/VERSION index 42045acae20..c2c0004f0e2 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/VERSION +++ b/vendor/github.com/cyphar/filepath-securejoin/VERSION @@ -1 +1 @@ -0.3.4 +0.3.5 diff --git a/vendor/github.com/cyphar/filepath-securejoin/mkdir_linux.go b/vendor/github.com/cyphar/filepath-securejoin/mkdir_linux.go index b5f674524c8..6dfe8c42b36 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/mkdir_linux.go +++ b/vendor/github.com/cyphar/filepath-securejoin/mkdir_linux.go @@ -119,7 +119,12 @@ func MkdirAllHandle(root *os.File, unsafePath string, mode int) (_ *os.File, Err // NOTE: mkdir(2) will not follow trailing symlinks, so we can safely // create the final component without worrying about symlink-exchange // attacks. - if err := unix.Mkdirat(int(currentDir.Fd()), part, uint32(mode)); err != nil { + // + // If we get -EEXIST, it's possible that another program created the + // directory at the same time as us. In that case, just continue on as + // if we created it (if the created inode is not a directory, the + // following open call will fail). + if err := unix.Mkdirat(int(currentDir.Fd()), part, uint32(mode)); err != nil && !errors.Is(err, unix.EEXIST) { err = &os.PathError{Op: "mkdirat", Path: currentDir.Name() + "/" + part, Err: err} // Make the error a bit nicer if the directory is dead. if err2 := isDeadInode(currentDir); err2 != nil { diff --git a/vendor/modules.txt b/vendor/modules.txt index 7aac064cd37..5da6a81157b 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -25,7 +25,7 @@ github.com/coreos/go-systemd/v22/dbus # github.com/cpuguy83/go-md2man/v2 v2.0.5 ## explicit; go 1.11 github.com/cpuguy83/go-md2man/v2/md2man -# github.com/cyphar/filepath-securejoin v0.3.4 +# github.com/cyphar/filepath-securejoin v0.3.5 ## explicit; go 1.21 github.com/cyphar/filepath-securejoin # github.com/docker/go-units v0.5.0 From c487840f75db1851cc8fd7822c10f762114dc56a Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 5 Dec 2024 16:15:23 -0800 Subject: [PATCH 0740/1176] Remove main package dependency on criurpc Commit 7f64fb47 made the main package, and runc/libcontainer's CriuOpts depend on criu/rpc. This is not good; among the other things, it makes it complicated to make c/r optional. Let's switch CriuOpts.ManageCgroupsMode to a string (yes, it's an APIt breaking change) and move the cgroup mode string parsing to libcontainer. While at it, let's better document ManageCgroupsMode. Signed-off-by: Kir Kolyshkin --- checkpoint.go | 17 +---- libcontainer/criu_linux.go | 106 +++++++++++++++++++------------- libcontainer/criu_opts_linux.go | 9 ++- 3 files changed, 69 insertions(+), 63 deletions(-) diff --git a/checkpoint.go b/checkpoint.go index c1bcc703ca9..ffc26a5f313 100644 --- a/checkpoint.go +++ b/checkpoint.go @@ -8,7 +8,6 @@ import ( "path/filepath" "strconv" - criu "github.com/checkpoint-restore/go-criu/v6/rpc" "github.com/moby/sys/userns" "github.com/opencontainers/runtime-spec/specs-go" "github.com/sirupsen/logrus" @@ -132,6 +131,7 @@ func criuOptions(context *cli.Context) (*libcontainer.CriuOpts, error) { StatusFd: context.Int("status-fd"), LsmProfile: context.String("lsm-profile"), LsmMountContext: context.String("lsm-mount-context"), + ManageCgroupsMode: context.String("manage-cgroups-mode"), } // CRIU options below may or may not be set. @@ -152,21 +152,6 @@ func criuOptions(context *cli.Context) (*libcontainer.CriuOpts, error) { } } - switch context.String("manage-cgroups-mode") { - case "": - // do nothing - case "soft": - opts.ManageCgroupsMode = criu.CriuCgMode_SOFT - case "full": - opts.ManageCgroupsMode = criu.CriuCgMode_FULL - case "strict": - opts.ManageCgroupsMode = criu.CriuCgMode_STRICT - case "ignore": - opts.ManageCgroupsMode = criu.CriuCgMode_IGNORE - default: - return nil, errors.New("Invalid manage-cgroups-mode value") - } - // runc doesn't manage network devices and their configuration. nsmask := unix.CLONE_NEWNET diff --git a/libcontainer/criu_linux.go b/libcontainer/criu_linux.go index fed34e79148..65bd08ea1ed 100644 --- a/libcontainer/criu_linux.go +++ b/libcontainer/criu_linux.go @@ -295,6 +295,11 @@ func (c *Container) Checkpoint(criuOpts *CriuOpts) error { return errors.New("invalid directory to save checkpoint") } + cgMode, err := criuCgMode(criuOpts.ManageCgroupsMode) + if err != nil { + return err + } + // Since a container can be C/R'ed multiple times, // the checkpoint directory may already exist. if err := os.Mkdir(criuOpts.ImagesDirectory, 0o700); err != nil && !os.IsExist(err) { @@ -309,22 +314,23 @@ func (c *Container) Checkpoint(criuOpts *CriuOpts) error { defer imageDir.Close() rpcOpts := criurpc.CriuOpts{ - ImagesDirFd: proto.Int32(int32(imageDir.Fd())), - LogLevel: proto.Int32(4), - LogFile: proto.String(logFile), - Root: proto.String(c.config.Rootfs), - ManageCgroups: proto.Bool(true), - NotifyScripts: proto.Bool(true), - Pid: proto.Int32(int32(c.initProcess.pid())), - ShellJob: proto.Bool(criuOpts.ShellJob), - LeaveRunning: proto.Bool(criuOpts.LeaveRunning), - TcpEstablished: proto.Bool(criuOpts.TcpEstablished), - ExtUnixSk: proto.Bool(criuOpts.ExternalUnixConnections), - FileLocks: proto.Bool(criuOpts.FileLocks), - EmptyNs: proto.Uint32(criuOpts.EmptyNs), - OrphanPtsMaster: proto.Bool(true), - AutoDedup: proto.Bool(criuOpts.AutoDedup), - LazyPages: proto.Bool(criuOpts.LazyPages), + ImagesDirFd: proto.Int32(int32(imageDir.Fd())), + LogLevel: proto.Int32(4), + LogFile: proto.String(logFile), + Root: proto.String(c.config.Rootfs), + ManageCgroups: proto.Bool(true), // Obsoleted by ManageCgroupsMode. + ManageCgroupsMode: &cgMode, + NotifyScripts: proto.Bool(true), + Pid: proto.Int32(int32(c.initProcess.pid())), + ShellJob: proto.Bool(criuOpts.ShellJob), + LeaveRunning: proto.Bool(criuOpts.LeaveRunning), + TcpEstablished: proto.Bool(criuOpts.TcpEstablished), + ExtUnixSk: proto.Bool(criuOpts.ExternalUnixConnections), + FileLocks: proto.Bool(criuOpts.FileLocks), + EmptyNs: proto.Uint32(criuOpts.EmptyNs), + OrphanPtsMaster: proto.Bool(true), + AutoDedup: proto.Bool(criuOpts.AutoDedup), + LazyPages: proto.Bool(criuOpts.LazyPages), } // if criuOpts.WorkDirectory is not set, criu default is used. @@ -381,12 +387,6 @@ func (c *Container) Checkpoint(criuOpts *CriuOpts) error { rpcOpts.TrackMem = proto.Bool(true) } - // append optional manage cgroups mode - if criuOpts.ManageCgroupsMode != 0 { - mode := criuOpts.ManageCgroupsMode - rpcOpts.ManageCgroupsMode = &mode - } - var t criurpc.CriuReqType if criuOpts.PreDump { feat := criurpc.CriuFeatures{ @@ -634,6 +634,12 @@ func (c *Container) Restore(process *Process, criuOpts *CriuOpts) error { if criuOpts.ImagesDirectory == "" { return errors.New("invalid directory to restore checkpoint") } + + cgMode, err := criuCgMode(criuOpts.ManageCgroupsMode) + if err != nil { + return err + } + logDir := criuOpts.ImagesDirectory imageDir, err := os.Open(criuOpts.ImagesDirectory) if err != nil { @@ -663,22 +669,23 @@ func (c *Container) Restore(process *Process, criuOpts *CriuOpts) error { req := &criurpc.CriuReq{ Type: &t, Opts: &criurpc.CriuOpts{ - ImagesDirFd: proto.Int32(int32(imageDir.Fd())), - EvasiveDevices: proto.Bool(true), - LogLevel: proto.Int32(4), - LogFile: proto.String(logFile), - RstSibling: proto.Bool(true), - Root: proto.String(root), - ManageCgroups: proto.Bool(true), - NotifyScripts: proto.Bool(true), - ShellJob: proto.Bool(criuOpts.ShellJob), - ExtUnixSk: proto.Bool(criuOpts.ExternalUnixConnections), - TcpEstablished: proto.Bool(criuOpts.TcpEstablished), - FileLocks: proto.Bool(criuOpts.FileLocks), - EmptyNs: proto.Uint32(criuOpts.EmptyNs), - OrphanPtsMaster: proto.Bool(true), - AutoDedup: proto.Bool(criuOpts.AutoDedup), - LazyPages: proto.Bool(criuOpts.LazyPages), + ImagesDirFd: proto.Int32(int32(imageDir.Fd())), + EvasiveDevices: proto.Bool(true), + LogLevel: proto.Int32(4), + LogFile: proto.String(logFile), + RstSibling: proto.Bool(true), + Root: proto.String(root), + ManageCgroups: proto.Bool(true), // Obsoleted by ManageCgroupsMode. + ManageCgroupsMode: &cgMode, + NotifyScripts: proto.Bool(true), + ShellJob: proto.Bool(criuOpts.ShellJob), + ExtUnixSk: proto.Bool(criuOpts.ExternalUnixConnections), + TcpEstablished: proto.Bool(criuOpts.TcpEstablished), + FileLocks: proto.Bool(criuOpts.FileLocks), + EmptyNs: proto.Uint32(criuOpts.EmptyNs), + OrphanPtsMaster: proto.Bool(true), + AutoDedup: proto.Bool(criuOpts.AutoDedup), + LazyPages: proto.Bool(criuOpts.LazyPages), }, } @@ -757,12 +764,6 @@ func (c *Container) Restore(process *Process, criuOpts *CriuOpts) error { c.restoreNetwork(req, criuOpts) } - // append optional manage cgroups mode - if criuOpts.ManageCgroupsMode != 0 { - mode := criuOpts.ManageCgroupsMode - req.Opts.ManageCgroupsMode = &mode - } - var ( fds []string fdJSON []byte @@ -1184,3 +1185,20 @@ func (c *Container) criuNotifications(resp *criurpc.CriuResp, process *Process, } return nil } + +func criuCgMode(mode string) (criurpc.CriuCgMode, error) { + switch mode { + case "": + return criurpc.CriuCgMode_DEFAULT, nil + case "soft": + return criurpc.CriuCgMode_SOFT, nil + case "full": + return criurpc.CriuCgMode_FULL, nil + case "strict": + return criurpc.CriuCgMode_STRICT, nil + case "ignore": + return criurpc.CriuCgMode_IGNORE, nil + default: + return 0, errors.New("invalid manage-cgroups-mode value") + } +} diff --git a/libcontainer/criu_opts_linux.go b/libcontainer/criu_opts_linux.go index 6b0cfb82b12..f26df7d8da7 100644 --- a/libcontainer/criu_opts_linux.go +++ b/libcontainer/criu_opts_linux.go @@ -1,7 +1,5 @@ package libcontainer -import criu "github.com/checkpoint-restore/go-criu/v6/rpc" - type CriuPageServerInfo struct { Address string // IP address of CRIU page server Port int32 // port number of CRIU page server @@ -24,11 +22,16 @@ type CriuOpts struct { PreDump bool // call criu predump to perform iterative checkpoint PageServer CriuPageServerInfo // allow to dump to criu page server VethPairs []VethPairName // pass the veth to criu when restore - ManageCgroupsMode criu.CriuCgMode // dump or restore cgroup mode EmptyNs uint32 // don't c/r properties for namespace from this mask AutoDedup bool // auto deduplication for incremental dumps LazyPages bool // restore memory pages lazily using userfaultfd StatusFd int // fd for feedback when lazy server is ready LsmProfile string // LSM profile used to restore the container LsmMountContext string // LSM mount context value to use during restore + + // ManageCgroupsMode tells how criu should manage cgroups during + // checkpoint or restore. Possible values are: "soft", "full", + // "strict", "ignore", or "" (empty string) for criu default. + // See https://criu.org/CGroups for more details. + ManageCgroupsMode string } From 47dc185880dcae67daa0c8900682f8eed0200ccd Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 5 Dec 2024 16:32:18 -0800 Subject: [PATCH 0741/1176] Add runc_nocriu build tag MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This allows to make a 17% smaller runc binary by not compiling in checkpoint/restore support. It turns out that google.golang.org/protobuf package, used by go-criu, is quite big, and go linker can't drop unused stuff if reflection is used anywhere in the code. Currently there's no alternative to using protobuf in go-criu, and since not all users use c/r, let's provide them an option for a smaller binary. For the reference, here's top10 biggest vendored packages, as reported by gsa[1]: $ gsa runc | grep vendor | head │ 8.59% │ google.golang.org/protobuf │ 1.3 MB │ vendor │ │ 5.76% │ github.com/opencontainers/runc │ 865 kB │ vendor │ │ 4.05% │ github.com/cilium/ebpf │ 608 kB │ vendor │ │ 2.86% │ github.com/godbus/dbus/v5 │ 429 kB │ vendor │ │ 1.25% │ github.com/urfave/cli │ 188 kB │ vendor │ │ 0.90% │ github.com/vishvananda/netlink │ 135 kB │ vendor │ │ 0.59% │ github.com/sirupsen/logrus │ 89 kB │ vendor │ │ 0.56% │ github.com/checkpoint-restore/go-criu/v6 │ 84 kB │ vendor │ │ 0.51% │ golang.org/x/sys │ 76 kB │ vendor │ │ 0.47% │ github.com/seccomp/libseccomp-golang │ 71 kB │ vendor │ And here is a total binary size saving when `runc_nocriu` is used. For non-stripped binaries: $ gsa runc-cr runc-nocr | tail -3 │ -17.04% │ runc-cr │ 15 MB │ 12 MB │ -2.6 MB │ │ │ runc-nocr │ │ │ │ └─────────┴──────────────────────────────────────────┴──────────┴──────────┴─────────┘ And for stripped binaries: │ -17.01% │ runc-cr-stripped │ 11 MB │ 8.8 MB │ -1.8 MB │ │ │ runc-nocr-stripped │ │ │ │ └─────────┴──────────────────────────────────────────┴──────────┴──────────┴─────────┘ [1]: https://github.com/Zxilly/go-size-analyzer Signed-off-by: Kir Kolyshkin --- .github/workflows/validate.yml | 6 ++++++ README.md | 8 ++++++++ libcontainer/criu_disabled_linux.go | 15 +++++++++++++++ libcontainer/criu_linux.go | 2 ++ 4 files changed, 31 insertions(+) create mode 100644 libcontainer/criu_disabled_linux.go diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index cfdf4fb8725..3b565f05215 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -76,8 +76,14 @@ jobs: uses: actions/setup-go@v5 with: go-version: "${{ env.GO_VERSION }}" + - name: install deps + run: | + sudo apt update + sudo apt -y install libseccomp-dev - name: compile with no build tags run: make BUILDTAGS="" + - name: compile with runc_nocriu build tag + run: make EXTRA_BUILDTAGS="runc_nocriu" codespell: runs-on: ubuntu-24.04 diff --git a/README.md b/README.md index 50fcd4e9222..5b1ac15d55e 100644 --- a/README.md +++ b/README.md @@ -103,9 +103,17 @@ e.g. to disable seccomp: make BUILDTAGS="" ``` +To add some more build tags to the default set, use the `EXTRA_BUILDTAGS` +make variable, e.g. to disable checkpoint/restore: + +```bash +make EXTRA_BUILDTAGS="runc_nocriu" +``` + | Build Tag | Feature | Enabled by Default | Dependencies | |---------------|---------------------------------------|--------------------|---------------------| | `seccomp` | Syscall filtering using `libseccomp`. | yes | `libseccomp` | +| `runc_nocriu` | **Disables** runc checkpoint/restore. | no | `criu` | The following build tags were used earlier, but are now obsoleted: - **runc_nodmz** (since runc v1.2.1 runc dmz binary is dropped) diff --git a/libcontainer/criu_disabled_linux.go b/libcontainer/criu_disabled_linux.go new file mode 100644 index 00000000000..28c4ad1664d --- /dev/null +++ b/libcontainer/criu_disabled_linux.go @@ -0,0 +1,15 @@ +//go:build runc_nocriu + +package libcontainer + +import "errors" + +var ErrNoCR = errors.New("this runc binary has not been compiled with checkpoint/restore support enabled (runc_nocriu)") + +func (c *Container) Restore(process *Process, criuOpts *CriuOpts) error { + return ErrNoCR +} + +func (c *Container) Checkpoint(criuOpts *CriuOpts) error { + return ErrNoCR +} diff --git a/libcontainer/criu_linux.go b/libcontainer/criu_linux.go index 65bd08ea1ed..a7651958a88 100644 --- a/libcontainer/criu_linux.go +++ b/libcontainer/criu_linux.go @@ -1,3 +1,5 @@ +//go:build !runc_nocriu + package libcontainer import ( From 66fe7db3bc31d4acd1937919615a8e41677131f6 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 21 Aug 2024 18:57:38 -0700 Subject: [PATCH 0742/1176] Move test helper binaries Instead of having every test helper binary in its own directory, let's use /tests/cmd/_bin as a destination directory. This allows for simpler setup/cleanup. Signed-off-by: Kir Kolyshkin --- .gitignore | 7 +------ Makefile | 29 +++++++++++++++-------------- tests/cmd/README.md | 4 ++++ tests/cmd/seccompagent/README.md | 4 ++-- tests/integration/helpers.bash | 23 ++++++++++------------- tests/integration/update.bats | 2 +- 6 files changed, 33 insertions(+), 36 deletions(-) create mode 100644 tests/cmd/README.md diff --git a/.gitignore b/.gitignore index 8cab96cbc75..6991faf08ee 100644 --- a/.gitignore +++ b/.gitignore @@ -2,12 +2,7 @@ vendor/pkg /runc /runc-* /contrib/cmd/memfd-bind/memfd-bind -/tests/cmd/recvtty/recvtty -/tests/cmd/sd-helper/sd-helper -/tests/cmd/seccompagent/seccompagent -/tests/cmd/fs-idmap/fs-idmap -/tests/cmd/pidfd-kill/pidfd-kill -/tests/cmd/remap-rootfs/remap-rootfs +/tests/cmd/_bin man/man8 release Vagrantfile diff --git a/Makefile b/Makefile index 1ddaefaa29a..39c1ef918d4 100644 --- a/Makefile +++ b/Makefile @@ -77,26 +77,27 @@ runc-bin: $(GO_BUILD) -o runc . .PHONY: all -all: runc memfd-bind recvtty sd-helper seccompagent fs-idmap pidfd-kill remap-rootfs +all: runc memfd-bind .PHONY: memfd-bind memfd-bind: $(GO_BUILD) -o contrib/cmd/$@/$@ ./contrib/cmd/$@ -.PHONY: recvtty sd-helper seccompagent fs-idmap pidfd-kill remap-rootfs -recvtty sd-helper seccompagent fs-idmap pidfd-kill remap-rootfs: - $(GO_BUILD) -o tests/cmd/$@/$@ ./tests/cmd/$@ +TESTBINDIR := tests/cmd/_bin +$(TESTBINDIR): + mkdir $(TESTBINDIR) + +TESTBINS := recvtty sd-helper seccompagent fs-idmap pidfd-kill remap-rootfs +.PHONY: test-binaries $(TESTBINS) +test-binaries: $(TESTBINS) +$(TESTBINS): $(TESTBINDIR) + $(GO_BUILD) -o $(TESTBINDIR) ./tests/cmd/$@ .PHONY: clean clean: rm -f runc runc-* rm -f contrib/cmd/memfd-bind/memfd-bind - rm -f tests/cmd/recvtty/recvtty - rm -f tests/cmd/sd-helper/sd-helper - rm -f tests/cmd/seccompagent/seccompagent - rm -f tests/cmd/fs-idmap/fs-idmap - rm -f tests/cmd/pidfd-kill/pidfd-kill - rm -f tests/cmd/remap-rootfs/remap-rootfs + rm -fr $(TESTBINDIR) sudo rm -rf release rm -rf man/man8 @@ -128,7 +129,7 @@ dbuild: runcimage $(CONTAINER_ENGINE) run $(CONTAINER_ENGINE_RUN_FLAGS) \ --privileged --rm \ -v $(CURDIR):/go/src/$(PROJECT) \ - $(RUNC_IMAGE) make clean all + $(RUNC_IMAGE) make clean runc test-binaries .PHONY: lint lint: @@ -157,7 +158,7 @@ unittest: runcimage $(RUNC_IMAGE) make localunittest TESTFLAGS="$(TESTFLAGS)" .PHONY: localunittest -localunittest: all +localunittest: test-binaries $(GO) test -timeout 3m -tags "$(BUILDTAGS)" $(TESTFLAGS) -v ./... .PHONY: integration @@ -169,7 +170,7 @@ integration: runcimage $(RUNC_IMAGE) make localintegration TESTPATH="$(TESTPATH)" .PHONY: localintegration -localintegration: all +localintegration: runc test-binaries bats -t tests/integration$(TESTPATH) .PHONY: rootlessintegration @@ -181,7 +182,7 @@ rootlessintegration: runcimage $(RUNC_IMAGE) make localrootlessintegration .PHONY: localrootlessintegration -localrootlessintegration: all +localrootlessintegration: runc test-binaries tests/rootless.sh .PHONY: shell diff --git a/tests/cmd/README.md b/tests/cmd/README.md new file mode 100644 index 00000000000..27f636ca3e5 --- /dev/null +++ b/tests/cmd/README.md @@ -0,0 +1,4 @@ +These are helpers used by [integration tests](/tests/integration). + +They are compiled from the top-level Makefile via `make test-binaries`, +and the resulting binaries can be found in `./_bin`. diff --git a/tests/cmd/seccompagent/README.md b/tests/cmd/seccompagent/README.md index 80638797adb..193e856b156 100644 --- a/tests/cmd/seccompagent/README.md +++ b/tests/cmd/seccompagent/README.md @@ -12,12 +12,12 @@ behaviour can break the integration tests. Compile runc and seccompagent: ```bash -make all +make runc seccompagent ``` Run the seccomp agent in the background: ```bash -sudo ./tests/cmd/seccompagent/seccompagent & +sudo ./tests/cmd/_bin/seccompagent & ``` Prepare a container: diff --git a/tests/integration/helpers.bash b/tests/integration/helpers.bash index 85f1fb0a558..f370e9b5a82 100755 --- a/tests/integration/helpers.bash +++ b/tests/integration/helpers.bash @@ -13,12 +13,9 @@ eval "$IMAGES" unset IMAGES : "${RUNC:="${INTEGRATION_ROOT}/../../runc"}" -RECVTTY="${INTEGRATION_ROOT}/../../tests/cmd/recvtty/recvtty" -SD_HELPER="${INTEGRATION_ROOT}/../../tests/cmd/sd-helper/sd-helper" -SECCOMP_AGENT="${INTEGRATION_ROOT}/../../tests/cmd/seccompagent/seccompagent" -FS_IDMAP="${INTEGRATION_ROOT}/../../tests/cmd/fs-idmap/fs-idmap" -PIDFD_KILL="${INTEGRATION_ROOT}/../../tests/cmd/pidfd-kill/pidfd-kill" -REMAP_ROOTFS="${INTEGRATION_ROOT}/../../tests/cmd/remap-rootfs/remap-rootfs" + +# Path to binaries compiled from packages in tests/cmd by "make test-binaries"). +TESTBINDIR=${INTEGRATION_ROOT}/../cmd/_bin # Some variables may not always be set. Set those to empty value, # if unset, to avoid "unbound variable" error. @@ -143,7 +140,7 @@ function init_cgroup_paths() { function create_parent() { if [ -v RUNC_USE_SYSTEMD ]; then [ ! -v SD_PARENT_NAME ] && return - "$SD_HELPER" --parent machine.slice start "$SD_PARENT_NAME" + "$TESTBINDIR/sd-helper" --parent machine.slice start "$SD_PARENT_NAME" else [ ! -v REL_PARENT_PATH ] && return if [ -v CGROUP_V2 ]; then @@ -163,7 +160,7 @@ function create_parent() { function remove_parent() { if [ -v RUNC_USE_SYSTEMD ]; then [ ! -v SD_PARENT_NAME ] && return - "$SD_HELPER" --parent machine.slice stop "$SD_PARENT_NAME" + "$TESTBINDIR/sd-helper" --parent machine.slice stop "$SD_PARENT_NAME" else [ ! -v REL_PARENT_PATH ] && return if [ -v CGROUP_V2 ]; then @@ -715,7 +712,7 @@ function setup_recvtty() { export CONSOLE_SOCKET="$dir/sock" # We need to start recvtty in the background, so we double fork in the shell. - ("$RECVTTY" --pid-file "$dir/pid" --mode null "$CONSOLE_SOCKET" &) & + ("$TESTBINDIR/recvtty" --pid-file "$dir/pid" --mode null "$CONSOLE_SOCKET" &) & } function teardown_recvtty() { @@ -732,7 +729,7 @@ function teardown_recvtty() { } function setup_seccompagent() { - ("${SECCOMP_AGENT}" -socketfile="$SECCCOMP_AGENT_SOCKET" -pid-file "$BATS_TMPDIR/seccompagent.pid" &) & + ("$TESTBINDIR/seccompagent" -socketfile="$SECCCOMP_AGENT_SOCKET" -pid-file "$BATS_TMPDIR/seccompagent.pid" &) & } function teardown_seccompagent() { @@ -790,7 +787,7 @@ function teardown_bundle() { function remap_rootfs() { [ ! -v ROOT ] && return 0 # nothing to remap - "$REMAP_ROOTFS" "$ROOT/bundle" + "$TESTBINDIR/remap-rootfs" "$ROOT/bundle" } function is_kernel_gte() { @@ -812,7 +809,7 @@ function requires_idmap_fs() { # We need to "|| true" it to avoid CI failure as this binary may return with # something different than 0. - stderr=$($FS_IDMAP "$fs" 2>&1 >/dev/null || true) + stderr=$("$TESTBINDIR/fs-idmap" "$fs" 2>&1 >/dev/null || true) case $stderr in *invalid\ argument) @@ -846,7 +843,7 @@ function setup_pidfd_kill() { mkdir "${dir}" export PIDFD_SOCKET="${dir}/sock" - ("${PIDFD_KILL}" --pid-file "${dir}/pid" --signal "${signal}" "${PIDFD_SOCKET}" &) & + ("$TESTBINDIR/pidfd-kill" --pid-file "${dir}/pid" --signal "${signal}" "${PIDFD_SOCKET}" &) & # ensure socket is ready retry 10 1 stat "${PIDFD_SOCKET}" diff --git a/tests/integration/update.bats b/tests/integration/update.bats index 4d928c42f47..22a92e8bd69 100644 --- a/tests/integration/update.bats +++ b/tests/integration/update.bats @@ -801,7 +801,7 @@ EOF TMP_RECVTTY_PID="$TMP_RECVTTY_DIR/recvtty.pid" TMP_CONSOLE_SOCKET="$TMP_RECVTTY_DIR/console.sock" CONTAINER_OUTPUT="$TMP_RECVTTY_DIR/output" - ("$RECVTTY" --no-stdin --pid-file "$TMP_RECVTTY_PID" \ + ("$TESTBINDIR/recvtty" --no-stdin --pid-file "$TMP_RECVTTY_PID" \ --mode single "$TMP_CONSOLE_SOCKET" &>"$CONTAINER_OUTPUT") & retry 10 0.1 [ -e "$TMP_CONSOLE_SOCKET" ] From 85c7c99d0579c5e3de9367ca40c9c1b61faf4304 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 11 Dec 2024 18:36:12 -0800 Subject: [PATCH 0743/1176] libct/cg/fs2: fix some revive linter warnings These: > Error: libcontainer/cgroups/fs2/cpu.go:15:6: var-naming: func isCpuSet should be isCPUSet (revive) > func isCpuSet(r *cgroups.Resources) bool { > ^ > Error: libcontainer/cgroups/fs2/cpu.go:19:6: var-naming: func setCpu should be setCPU (revive) > func setCpu(dirPath string, r *cgroups.Resources) error { > ^ They are going to be shown after next commits because of linter-extra CI job (which, due to major changes, now thinks it's a new code so extra linters apply). Fixing it beforehand. Signed-off-by: Kir Kolyshkin --- libcontainer/cgroups/fs2/cpu.go | 6 +++--- libcontainer/cgroups/fs2/create.go | 4 ++-- libcontainer/cgroups/fs2/fs2.go | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/libcontainer/cgroups/fs2/cpu.go b/libcontainer/cgroups/fs2/cpu.go index 8ee49d499f1..293defad40b 100644 --- a/libcontainer/cgroups/fs2/cpu.go +++ b/libcontainer/cgroups/fs2/cpu.go @@ -13,12 +13,12 @@ import ( "github.com/opencontainers/runc/libcontainer/configs" ) -func isCpuSet(r *configs.Resources) bool { +func isCPUSet(r *configs.Resources) bool { return r.CpuWeight != 0 || r.CpuQuota != 0 || r.CpuPeriod != 0 || r.CPUIdle != nil || r.CpuBurst != nil } -func setCpu(dirPath string, r *configs.Resources) error { - if !isCpuSet(r) { +func setCPU(dirPath string, r *configs.Resources) error { + if !isCPUSet(r) { return nil } diff --git a/libcontainer/cgroups/fs2/create.go b/libcontainer/cgroups/fs2/create.go index 641123a4d84..6034741938d 100644 --- a/libcontainer/cgroups/fs2/create.go +++ b/libcontainer/cgroups/fs2/create.go @@ -48,7 +48,7 @@ func needAnyControllers(r *configs.Resources) (bool, error) { if isIoSet(r) && have("io") { return true, nil } - if isCpuSet(r) && have("cpu") { + if isCPUSet(r) && have("cpu") { return true, nil } if isCpusetSet(r) && have("cpuset") { @@ -65,7 +65,7 @@ func needAnyControllers(r *configs.Resources) (bool, error) { // Refer to: http://man7.org/linux/man-pages/man7/cgroups.7.html // As at Linux 4.19, the following controllers are threaded: cpu, perf_event, and pids. func containsDomainController(r *configs.Resources) bool { - return isMemorySet(r) || isIoSet(r) || isCpuSet(r) || isHugeTlbSet(r) + return isMemorySet(r) || isIoSet(r) || isCPUSet(r) || isHugeTlbSet(r) } // CreateCgroupPath creates cgroupv2 path, enabling all the supported controllers. diff --git a/libcontainer/cgroups/fs2/fs2.go b/libcontainer/cgroups/fs2/fs2.go index 93f81bf8dae..272b69a7f39 100644 --- a/libcontainer/cgroups/fs2/fs2.go +++ b/libcontainer/cgroups/fs2/fs2.go @@ -182,7 +182,7 @@ func (m *Manager) Set(r *configs.Resources) error { return err } // cpu (since kernel 4.15) - if err := setCpu(m.dirPath, r); err != nil { + if err := setCPU(m.dirPath, r); err != nil { return err } // devices (since kernel 4.15, pseudo-controller) From ae477f15f0bee3019f815ea29492e6bf7e1be57d Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 23 Oct 2024 15:10:09 -0700 Subject: [PATCH 0744/1176] libct/configs: move cgroup stuff to libct/cgroups We have quite a few external users of libcontainer/cgroups packages, and they all have to depend on libcontainer/configs as well. Let's move cgroup-related configuration to libcontainer/croups. Signed-off-by: Kir Kolyshkin --- libcontainer/cgroups/cgroups.go | 14 +++++----- .../config_blkio_device.go} | 2 +- .../config_hugepages.go} | 2 +- .../config_ifprio_map.go} | 2 +- .../config_linux.go} | 2 +- .../rdma.go => cgroups/config_rdma.go} | 2 +- .../config_unsupported.go} | 2 +- libcontainer/configs/cgroup_deprecated.go | 26 +++++++++++++++++++ 8 files changed, 38 insertions(+), 14 deletions(-) rename libcontainer/{configs/blkio_device.go => cgroups/config_blkio_device.go} (99%) rename libcontainer/{configs/hugepage_limit.go => cgroups/config_hugepages.go} (91%) rename libcontainer/{configs/interface_priority_map.go => cgroups/config_ifprio_map.go} (93%) rename libcontainer/{configs/cgroup_linux.go => cgroups/config_linux.go} (99%) rename libcontainer/{configs/rdma.go => cgroups/config_rdma.go} (95%) rename libcontainer/{configs/cgroup_unsupported.go => cgroups/config_unsupported.go} (92%) create mode 100644 libcontainer/configs/cgroup_deprecated.go diff --git a/libcontainer/cgroups/cgroups.go b/libcontainer/cgroups/cgroups.go index 53e194c74dc..719489c02ea 100644 --- a/libcontainer/cgroups/cgroups.go +++ b/libcontainer/cgroups/cgroups.go @@ -2,8 +2,6 @@ package cgroups import ( "errors" - - "github.com/opencontainers/runc/libcontainer/configs" ) var ( @@ -21,8 +19,8 @@ var ( // [github.com/opencontainers/runc/libcontainer/cgroups/devices] // package is imported, it is set to nil, so cgroup managers can't // manage devices. - DevicesSetV1 func(path string, r *configs.Resources) error - DevicesSetV2 func(path string, r *configs.Resources) error + DevicesSetV1 func(path string, r *Resources) error + DevicesSetV2 func(path string, r *Resources) error ) type Manager interface { @@ -42,7 +40,7 @@ type Manager interface { GetStats() (*Stats, error) // Freeze sets the freezer cgroup to the specified state. - Freeze(state configs.FreezerState) error + Freeze(state FreezerState) error // Destroy removes cgroup. Destroy() error @@ -54,7 +52,7 @@ type Manager interface { // Set sets cgroup resources parameters/limits. If the argument is nil, // the resources specified during Manager creation (or the previous call // to Set) are used. - Set(r *configs.Resources) error + Set(r *Resources) error // GetPaths returns cgroup path(s) to save in a state file in order to // restore later. @@ -67,10 +65,10 @@ type Manager interface { GetPaths() map[string]string // GetCgroups returns the cgroup data as configured. - GetCgroups() (*configs.Cgroup, error) + GetCgroups() (*Cgroup, error) // GetFreezerState retrieves the current FreezerState of the cgroup. - GetFreezerState() (configs.FreezerState, error) + GetFreezerState() (FreezerState, error) // Exists returns whether the cgroup path exists or not. Exists() bool diff --git a/libcontainer/configs/blkio_device.go b/libcontainer/cgroups/config_blkio_device.go similarity index 99% rename from libcontainer/configs/blkio_device.go rename to libcontainer/cgroups/config_blkio_device.go index 865344f99c4..9dc2a034c6b 100644 --- a/libcontainer/configs/blkio_device.go +++ b/libcontainer/cgroups/config_blkio_device.go @@ -1,4 +1,4 @@ -package configs +package cgroups import "fmt" diff --git a/libcontainer/configs/hugepage_limit.go b/libcontainer/cgroups/config_hugepages.go similarity index 91% rename from libcontainer/configs/hugepage_limit.go rename to libcontainer/cgroups/config_hugepages.go index d30216380b5..5357dd090f4 100644 --- a/libcontainer/configs/hugepage_limit.go +++ b/libcontainer/cgroups/config_hugepages.go @@ -1,4 +1,4 @@ -package configs +package cgroups type HugepageLimit struct { // which type of hugepage to limit. diff --git a/libcontainer/configs/interface_priority_map.go b/libcontainer/cgroups/config_ifprio_map.go similarity index 93% rename from libcontainer/configs/interface_priority_map.go rename to libcontainer/cgroups/config_ifprio_map.go index 9a0395eaf5f..d771603a773 100644 --- a/libcontainer/configs/interface_priority_map.go +++ b/libcontainer/cgroups/config_ifprio_map.go @@ -1,4 +1,4 @@ -package configs +package cgroups import ( "fmt" diff --git a/libcontainer/configs/cgroup_linux.go b/libcontainer/cgroups/config_linux.go similarity index 99% rename from libcontainer/configs/cgroup_linux.go rename to libcontainer/cgroups/config_linux.go index 4a34cf76fc5..f1e8a15782e 100644 --- a/libcontainer/configs/cgroup_linux.go +++ b/libcontainer/cgroups/config_linux.go @@ -1,4 +1,4 @@ -package configs +package cgroups import ( systemdDbus "github.com/coreos/go-systemd/v22/dbus" diff --git a/libcontainer/configs/rdma.go b/libcontainer/cgroups/config_rdma.go similarity index 95% rename from libcontainer/configs/rdma.go rename to libcontainer/cgroups/config_rdma.go index c69f2c8024b..a0bd54f04f5 100644 --- a/libcontainer/configs/rdma.go +++ b/libcontainer/cgroups/config_rdma.go @@ -1,4 +1,4 @@ -package configs +package cgroups // LinuxRdma for Linux cgroup 'rdma' resource management (Linux 4.11) type LinuxRdma struct { diff --git a/libcontainer/configs/cgroup_unsupported.go b/libcontainer/cgroups/config_unsupported.go similarity index 92% rename from libcontainer/configs/cgroup_unsupported.go rename to libcontainer/cgroups/config_unsupported.go index 53f5ec5a0da..db32ec48325 100644 --- a/libcontainer/configs/cgroup_unsupported.go +++ b/libcontainer/cgroups/config_unsupported.go @@ -1,6 +1,6 @@ //go:build !linux -package configs +package cgroups // Cgroup holds properties of a cgroup on Linux // TODO Windows: This can ultimately be entirely factored out on Windows as diff --git a/libcontainer/configs/cgroup_deprecated.go b/libcontainer/configs/cgroup_deprecated.go new file mode 100644 index 00000000000..2277d326e2e --- /dev/null +++ b/libcontainer/configs/cgroup_deprecated.go @@ -0,0 +1,26 @@ +package configs // Deprecated: use [github.com/opencontainers/runc/libcontainer/cgroups]. + +import "github.com/opencontainers/runc/libcontainer/cgroups" + +type ( + Cgroup = cgroups.Cgroup + Resources = cgroups.Resources + FreezerState = cgroups.FreezerState + LinuxRdma = cgroups.LinuxRdma + BlockIODevice = cgroups.BlockIODevice + WeightDevice = cgroups.WeightDevice + ThrottleDevice = cgroups.ThrottleDevice + HugepageLimit = cgroups.HugepageLimit + IfPrioMap = cgroups.IfPrioMap +) + +const ( + Undefined = cgroups.Undefined + Frozen = cgroups.Frozen + Thawed = cgroups.Thawed +) + +var ( + NewWeightDevice = cgroups.NewWeightDevice + NewThrottleDevice = cgroups.NewThrottleDevice +) From 04041f21acee4ebc87c942ba0a86675711a465db Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 23 Oct 2024 16:28:42 -0700 Subject: [PATCH 0745/1176] libct/cgroups/*: switch from configs to cgroups Signed-off-by: Kir Kolyshkin --- libcontainer/cgroups/devices/systemd.go | 4 +- libcontainer/cgroups/devices/systemd_test.go | 19 ++++--- libcontainer/cgroups/devices/v1.go | 3 +- libcontainer/cgroups/devices/v1_test.go | 3 +- libcontainer/cgroups/devices/v2.go | 6 +-- libcontainer/cgroups/fs/blkio.go | 5 +- libcontainer/cgroups/fs/blkio_test.go | 41 ++++++++------- libcontainer/cgroups/fs/cpu.go | 7 ++- libcontainer/cgroups/fs/cpu_test.go | 7 ++- libcontainer/cgroups/fs/cpuacct.go | 5 +- libcontainer/cgroups/fs/cpuset.go | 9 ++-- libcontainer/cgroups/fs/cpuset_test.go | 5 +- libcontainer/cgroups/fs/devices.go | 5 +- libcontainer/cgroups/fs/freezer.go | 37 +++++++------- libcontainer/cgroups/fs/freezer_test.go | 14 +++--- libcontainer/cgroups/fs/fs.go | 21 ++++---- libcontainer/cgroups/fs/fs_test.go | 5 +- libcontainer/cgroups/fs/hugetlb.go | 5 +- libcontainer/cgroups/fs/hugetlb_test.go | 5 +- libcontainer/cgroups/fs/memory.go | 7 ++- libcontainer/cgroups/fs/memory_test.go | 13 +++-- libcontainer/cgroups/fs/name.go | 5 +- libcontainer/cgroups/fs/net_cls.go | 5 +- libcontainer/cgroups/fs/net_cls_test.go | 4 +- libcontainer/cgroups/fs/net_prio.go | 5 +- libcontainer/cgroups/fs/net_prio_test.go | 6 +-- libcontainer/cgroups/fs/paths.go | 5 +- libcontainer/cgroups/fs/paths_test.go | 3 +- libcontainer/cgroups/fs/perf_event.go | 5 +- libcontainer/cgroups/fs/pids.go | 5 +- libcontainer/cgroups/fs/pids_test.go | 5 +- libcontainer/cgroups/fs/rdma.go | 5 +- libcontainer/cgroups/fs2/cpu.go | 5 +- libcontainer/cgroups/fs2/cpuset.go | 5 +- libcontainer/cgroups/fs2/create.go | 7 ++- libcontainer/cgroups/fs2/defaultpath.go | 4 +- libcontainer/cgroups/fs2/freezer.go | 37 +++++++------- libcontainer/cgroups/fs2/fs2.go | 17 +++---- libcontainer/cgroups/fs2/hugetlb.go | 5 +- libcontainer/cgroups/fs2/io.go | 5 +- libcontainer/cgroups/fs2/memory.go | 5 +- libcontainer/cgroups/fs2/pids.go | 5 +- libcontainer/cgroups/fscommon/rdma.go | 8 +-- libcontainer/cgroups/fscommon/rdma_test.go | 6 +-- libcontainer/cgroups/manager/manager_test.go | 8 +-- libcontainer/cgroups/manager/new.go | 5 +- libcontainer/cgroups/systemd/common.go | 7 ++- libcontainer/cgroups/systemd/devices.go | 8 +-- libcontainer/cgroups/systemd/freeze_test.go | 53 ++++++++++---------- libcontainer/cgroups/systemd/systemd_test.go | 7 ++- libcontainer/cgroups/systemd/v1.go | 31 ++++++------ libcontainer/cgroups/systemd/v2.go | 15 +++--- 52 files changed, 240 insertions(+), 282 deletions(-) diff --git a/libcontainer/cgroups/devices/systemd.go b/libcontainer/cgroups/devices/systemd.go index 5e7e46ae250..e1251c5ffb1 100644 --- a/libcontainer/cgroups/devices/systemd.go +++ b/libcontainer/cgroups/devices/systemd.go @@ -11,13 +11,13 @@ import ( "github.com/godbus/dbus/v5" "github.com/sirupsen/logrus" - "github.com/opencontainers/runc/libcontainer/configs" + "github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/devices" ) // systemdProperties takes the configured device rules and generates a // corresponding set of systemd properties to configure the devices correctly. -func systemdProperties(r *configs.Resources, sdVer int) ([]systemdDbus.Property, error) { +func systemdProperties(r *cgroups.Resources, sdVer int) ([]systemdDbus.Property, error) { if r.SkipDevices { return nil, nil } diff --git a/libcontainer/cgroups/devices/systemd_test.go b/libcontainer/cgroups/devices/systemd_test.go index 2ab4b253529..ef802007b07 100644 --- a/libcontainer/cgroups/devices/systemd_test.go +++ b/libcontainer/cgroups/devices/systemd_test.go @@ -10,7 +10,6 @@ import ( "github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/cgroups/systemd" - "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/devices" ) @@ -28,11 +27,11 @@ func TestPodSkipDevicesUpdate(t *testing.T) { } podName := "system-runc_test_pod" + t.Name() + ".slice" - podConfig := &configs.Cgroup{ + podConfig := &cgroups.Cgroup{ Systemd: true, Parent: "system.slice", Name: podName, - Resources: &configs.Resources{ + Resources: &cgroups.Resources{ PidsLimit: 42, Memory: 32 * 1024 * 1024, SkipDevices: true, @@ -47,11 +46,11 @@ func TestPodSkipDevicesUpdate(t *testing.T) { t.Fatal(err) } - containerConfig := &configs.Cgroup{ + containerConfig := &cgroups.Cgroup{ Parent: podName, ScopePrefix: "test", Name: "PodSkipDevicesUpdate", - Resources: &configs.Resources{ + Resources: &cgroups.Resources{ Devices: []*devices.Rule{ // Allow access to /dev/null. { @@ -124,10 +123,10 @@ func testSkipDevices(t *testing.T, skipDevices bool, expected []string) { t.Skip("Test requires root.") } - podConfig := &configs.Cgroup{ + podConfig := &cgroups.Cgroup{ Parent: "system.slice", Name: "system-runc_test_pods.slice", - Resources: &configs.Resources{ + Resources: &cgroups.Resources{ SkipDevices: skipDevices, }, } @@ -140,11 +139,11 @@ func testSkipDevices(t *testing.T, skipDevices bool, expected []string) { t.Fatal(err) } - config := &configs.Cgroup{ + config := &cgroups.Cgroup{ Parent: "system-runc_test_pods.slice", ScopePrefix: "test", Name: "SkipDevices", - Resources: &configs.Resources{ + Resources: &cgroups.Resources{ Devices: []*devices.Rule{ // Allow access to /dev/full only. { @@ -262,7 +261,7 @@ func BenchmarkFindDeviceGroup(b *testing.B) { } } -func newManager(t *testing.T, config *configs.Cgroup) (m cgroups.Manager) { +func newManager(t *testing.T, config *cgroups.Cgroup) (m cgroups.Manager) { t.Helper() var err error diff --git a/libcontainer/cgroups/devices/v1.go b/libcontainer/cgroups/devices/v1.go index 4493f0d056d..17e11847724 100644 --- a/libcontainer/cgroups/devices/v1.go +++ b/libcontainer/cgroups/devices/v1.go @@ -7,13 +7,12 @@ import ( "github.com/moby/sys/userns" "github.com/opencontainers/runc/libcontainer/cgroups" - "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/devices" ) var testingSkipFinalCheck bool -func setV1(path string, r *configs.Resources) error { +func setV1(path string, r *cgroups.Resources) error { if userns.RunningInUserNS() || r.SkipDevices { return nil } diff --git a/libcontainer/cgroups/devices/v1_test.go b/libcontainer/cgroups/devices/v1_test.go index 934fb94c132..2deb56c6e6e 100644 --- a/libcontainer/cgroups/devices/v1_test.go +++ b/libcontainer/cgroups/devices/v1_test.go @@ -9,7 +9,6 @@ import ( "github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/cgroups/fscommon" - "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/devices" ) @@ -35,7 +34,7 @@ func TestSetV1Allow(t *testing.T) { } } - r := &configs.Resources{ + r := &cgroups.Resources{ Devices: []*devices.Rule{ { Type: devices.CharDevice, diff --git a/libcontainer/cgroups/devices/v2.go b/libcontainer/cgroups/devices/v2.go index 23c092b2afe..23ac09f70dd 100644 --- a/libcontainer/cgroups/devices/v2.go +++ b/libcontainer/cgroups/devices/v2.go @@ -6,7 +6,7 @@ import ( "github.com/moby/sys/userns" "golang.org/x/sys/unix" - "github.com/opencontainers/runc/libcontainer/configs" + "github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/devices" ) @@ -27,7 +27,7 @@ func isRWM(perms devices.Permissions) bool { // This is similar to the logic applied in crun for handling errors from bpf(2) // . -func canSkipEBPFError(r *configs.Resources) bool { +func canSkipEBPFError(r *cgroups.Resources) bool { // If we're running in a user namespace we can ignore eBPF rules because we // usually cannot use bpf(2), as well as rootless containers usually don't // have the necessary privileges to mknod(2) device inodes or access @@ -51,7 +51,7 @@ func canSkipEBPFError(r *configs.Resources) bool { return true } -func setV2(dirPath string, r *configs.Resources) error { +func setV2(dirPath string, r *cgroups.Resources) error { if r.SkipDevices { return nil } diff --git a/libcontainer/cgroups/fs/blkio.go b/libcontainer/cgroups/fs/blkio.go index c81b6562ac5..58d8ded6ae1 100644 --- a/libcontainer/cgroups/fs/blkio.go +++ b/libcontainer/cgroups/fs/blkio.go @@ -8,7 +8,6 @@ import ( "strings" "github.com/opencontainers/runc/libcontainer/cgroups" - "github.com/opencontainers/runc/libcontainer/configs" ) type BlkioGroup struct { @@ -20,11 +19,11 @@ func (s *BlkioGroup) Name() string { return "blkio" } -func (s *BlkioGroup) Apply(path string, _ *configs.Resources, pid int) error { +func (s *BlkioGroup) Apply(path string, _ *cgroups.Resources, pid int) error { return apply(path, pid) } -func (s *BlkioGroup) Set(path string, r *configs.Resources) error { +func (s *BlkioGroup) Set(path string, r *cgroups.Resources) error { s.detectWeightFilenames(path) if r.BlkioWeight != 0 { if err := cgroups.WriteFile(path, s.weightFilename, strconv.FormatUint(uint64(r.BlkioWeight), 10)); err != nil { diff --git a/libcontainer/cgroups/fs/blkio_test.go b/libcontainer/cgroups/fs/blkio_test.go index d2603fd6c7d..3e539656955 100644 --- a/libcontainer/cgroups/fs/blkio_test.go +++ b/libcontainer/cgroups/fs/blkio_test.go @@ -6,7 +6,6 @@ import ( "github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/cgroups/fscommon" - "github.com/opencontainers/runc/libcontainer/configs" ) const ( @@ -184,7 +183,7 @@ func TestBlkioSetWeight(t *testing.T) { weightFilename: strconv.Itoa(weightBefore), }) // Apply new configuration - r := &configs.Resources{ + r := &cgroups.Resources{ BlkioWeight: weightAfter, } blkio := &BlkioGroup{} @@ -224,10 +223,10 @@ func TestBlkioSetWeightDevice(t *testing.T) { weightDeviceFilename: weightDeviceBefore, }) // Apply new configuration - wd := configs.NewWeightDevice(8, 0, 500, 0) + wd := cgroups.NewWeightDevice(8, 0, 500, 0) weightDeviceAfter := wd.WeightString() - r := &configs.Resources{ - BlkioWeightDevice: []*configs.WeightDevice{wd}, + r := &cgroups.Resources{ + BlkioWeightDevice: []*cgroups.WeightDevice{wd}, } blkio := &BlkioGroup{} if err := blkio.Set(path, r); err != nil { @@ -255,8 +254,8 @@ func TestBlkioSetMultipleWeightDevice(t *testing.T) { weightDeviceBefore = "8:0 400" ) - wd1 := configs.NewWeightDevice(8, 0, 500, 0) - wd2 := configs.NewWeightDevice(8, 16, 500, 0) + wd1 := cgroups.NewWeightDevice(8, 0, 500, 0) + wd2 := cgroups.NewWeightDevice(8, 16, 500, 0) // we cannot actually set and check both because normal os.WriteFile // when writing to cgroup file will overwrite the whole file content instead // of updating it as the kernel is doing. Just check the second device @@ -272,8 +271,8 @@ func TestBlkioSetMultipleWeightDevice(t *testing.T) { blkio.weightDeviceFilename: weightDeviceBefore, }) - r := &configs.Resources{ - BlkioWeightDevice: []*configs.WeightDevice{wd1, wd2}, + r := &cgroups.Resources{ + BlkioWeightDevice: []*cgroups.WeightDevice{wd1, wd2}, } if err := blkio.Set(path, r); err != nil { t.Fatal(err) @@ -745,15 +744,15 @@ func TestBlkioSetThrottleReadBpsDevice(t *testing.T) { throttleBefore = `8:0 1024` ) - td := configs.NewThrottleDevice(8, 0, 2048) + td := cgroups.NewThrottleDevice(8, 0, 2048) throttleAfter := td.String() writeFileContents(t, path, map[string]string{ "blkio.throttle.read_bps_device": throttleBefore, }) - r := &configs.Resources{ - BlkioThrottleReadBpsDevice: []*configs.ThrottleDevice{td}, + r := &cgroups.Resources{ + BlkioThrottleReadBpsDevice: []*cgroups.ThrottleDevice{td}, } blkio := &BlkioGroup{} if err := blkio.Set(path, r); err != nil { @@ -776,15 +775,15 @@ func TestBlkioSetThrottleWriteBpsDevice(t *testing.T) { throttleBefore = `8:0 1024` ) - td := configs.NewThrottleDevice(8, 0, 2048) + td := cgroups.NewThrottleDevice(8, 0, 2048) throttleAfter := td.String() writeFileContents(t, path, map[string]string{ "blkio.throttle.write_bps_device": throttleBefore, }) - r := &configs.Resources{ - BlkioThrottleWriteBpsDevice: []*configs.ThrottleDevice{td}, + r := &cgroups.Resources{ + BlkioThrottleWriteBpsDevice: []*cgroups.ThrottleDevice{td}, } blkio := &BlkioGroup{} if err := blkio.Set(path, r); err != nil { @@ -807,15 +806,15 @@ func TestBlkioSetThrottleReadIOpsDevice(t *testing.T) { throttleBefore = `8:0 1024` ) - td := configs.NewThrottleDevice(8, 0, 2048) + td := cgroups.NewThrottleDevice(8, 0, 2048) throttleAfter := td.String() writeFileContents(t, path, map[string]string{ "blkio.throttle.read_iops_device": throttleBefore, }) - r := &configs.Resources{ - BlkioThrottleReadIOPSDevice: []*configs.ThrottleDevice{td}, + r := &cgroups.Resources{ + BlkioThrottleReadIOPSDevice: []*cgroups.ThrottleDevice{td}, } blkio := &BlkioGroup{} if err := blkio.Set(path, r); err != nil { @@ -838,15 +837,15 @@ func TestBlkioSetThrottleWriteIOpsDevice(t *testing.T) { throttleBefore = `8:0 1024` ) - td := configs.NewThrottleDevice(8, 0, 2048) + td := cgroups.NewThrottleDevice(8, 0, 2048) throttleAfter := td.String() writeFileContents(t, path, map[string]string{ "blkio.throttle.write_iops_device": throttleBefore, }) - r := &configs.Resources{ - BlkioThrottleWriteIOPSDevice: []*configs.ThrottleDevice{td}, + r := &cgroups.Resources{ + BlkioThrottleWriteIOPSDevice: []*cgroups.ThrottleDevice{td}, } blkio := &BlkioGroup{} if err := blkio.Set(path, r); err != nil { diff --git a/libcontainer/cgroups/fs/cpu.go b/libcontainer/cgroups/fs/cpu.go index 62574b53c59..e3dd1ebe387 100644 --- a/libcontainer/cgroups/fs/cpu.go +++ b/libcontainer/cgroups/fs/cpu.go @@ -9,7 +9,6 @@ import ( "github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/cgroups/fscommon" - "github.com/opencontainers/runc/libcontainer/configs" "golang.org/x/sys/unix" ) @@ -19,7 +18,7 @@ func (s *CpuGroup) Name() string { return "cpu" } -func (s *CpuGroup) Apply(path string, r *configs.Resources, pid int) error { +func (s *CpuGroup) Apply(path string, r *cgroups.Resources, pid int) error { if err := os.MkdirAll(path, 0o755); err != nil { return err } @@ -34,7 +33,7 @@ func (s *CpuGroup) Apply(path string, r *configs.Resources, pid int) error { return cgroups.WriteCgroupProc(path, pid) } -func (s *CpuGroup) SetRtSched(path string, r *configs.Resources) error { +func (s *CpuGroup) SetRtSched(path string, r *cgroups.Resources) error { var period string if r.CpuRtPeriod != 0 { period = strconv.FormatUint(r.CpuRtPeriod, 10) @@ -64,7 +63,7 @@ func (s *CpuGroup) SetRtSched(path string, r *configs.Resources) error { return nil } -func (s *CpuGroup) Set(path string, r *configs.Resources) error { +func (s *CpuGroup) Set(path string, r *cgroups.Resources) error { if r.CpuShares != 0 { shares := r.CpuShares if err := cgroups.WriteFile(path, "cpu.shares", strconv.FormatUint(shares, 10)); err != nil { diff --git a/libcontainer/cgroups/fs/cpu_test.go b/libcontainer/cgroups/fs/cpu_test.go index 4848b56a354..34b98f54369 100644 --- a/libcontainer/cgroups/fs/cpu_test.go +++ b/libcontainer/cgroups/fs/cpu_test.go @@ -7,7 +7,6 @@ import ( "github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/cgroups/fscommon" - "github.com/opencontainers/runc/libcontainer/configs" ) func TestCpuSetShares(t *testing.T) { @@ -22,7 +21,7 @@ func TestCpuSetShares(t *testing.T) { "cpu.shares": strconv.Itoa(sharesBefore), }) - r := &configs.Resources{ + r := &cgroups.Resources{ CpuShares: sharesAfter, } cpu := &CpuGroup{} @@ -63,7 +62,7 @@ func TestCpuSetBandWidth(t *testing.T) { "cpu.rt_period_us": strconv.Itoa(rtPeriodBefore), }) - r := &configs.Resources{ + r := &cgroups.Resources{ CpuQuota: quotaAfter, CpuBurst: &burstAfter, CpuPeriod: periodAfter, @@ -191,7 +190,7 @@ func TestCpuSetRtSchedAtApply(t *testing.T) { "cpu.rt_period_us": strconv.Itoa(rtPeriodBefore), }) - r := &configs.Resources{ + r := &cgroups.Resources{ CpuRtRuntime: rtRuntimeAfter, CpuRtPeriod: rtPeriodAfter, } diff --git a/libcontainer/cgroups/fs/cpuacct.go b/libcontainer/cgroups/fs/cpuacct.go index 69f8f9d8cdd..88af8c568a2 100644 --- a/libcontainer/cgroups/fs/cpuacct.go +++ b/libcontainer/cgroups/fs/cpuacct.go @@ -8,7 +8,6 @@ import ( "github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/cgroups/fscommon" - "github.com/opencontainers/runc/libcontainer/configs" ) const ( @@ -34,11 +33,11 @@ func (s *CpuacctGroup) Name() string { return "cpuacct" } -func (s *CpuacctGroup) Apply(path string, _ *configs.Resources, pid int) error { +func (s *CpuacctGroup) Apply(path string, _ *cgroups.Resources, pid int) error { return apply(path, pid) } -func (s *CpuacctGroup) Set(_ string, _ *configs.Resources) error { +func (s *CpuacctGroup) Set(_ string, _ *cgroups.Resources) error { return nil } diff --git a/libcontainer/cgroups/fs/cpuset.go b/libcontainer/cgroups/fs/cpuset.go index fe01ba98408..4cf1f30ff6c 100644 --- a/libcontainer/cgroups/fs/cpuset.go +++ b/libcontainer/cgroups/fs/cpuset.go @@ -11,7 +11,6 @@ import ( "github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/cgroups/fscommon" - "github.com/opencontainers/runc/libcontainer/configs" ) type CpusetGroup struct{} @@ -20,11 +19,11 @@ func (s *CpusetGroup) Name() string { return "cpuset" } -func (s *CpusetGroup) Apply(path string, r *configs.Resources, pid int) error { +func (s *CpusetGroup) Apply(path string, r *cgroups.Resources, pid int) error { return s.ApplyDir(path, r, pid) } -func (s *CpusetGroup) Set(path string, r *configs.Resources) error { +func (s *CpusetGroup) Set(path string, r *cgroups.Resources) error { if r.CpusetCpus != "" { if err := cgroups.WriteFile(path, "cpuset.cpus", r.CpusetCpus); err != nil { return err @@ -141,7 +140,7 @@ func (s *CpusetGroup) GetStats(path string, stats *cgroups.Stats) error { return nil } -func (s *CpusetGroup) ApplyDir(dir string, r *configs.Resources, pid int) error { +func (s *CpusetGroup) ApplyDir(dir string, r *cgroups.Resources, pid int) error { // This might happen if we have no cpuset cgroup mounted. // Just do nothing and don't fail. if dir == "" { @@ -237,7 +236,7 @@ func isEmptyCpuset(str string) bool { return str == "" || str == "\n" } -func (s *CpusetGroup) ensureCpusAndMems(path string, r *configs.Resources) error { +func (s *CpusetGroup) ensureCpusAndMems(path string, r *cgroups.Resources) error { if err := s.Set(path, r); err != nil { return err } diff --git a/libcontainer/cgroups/fs/cpuset_test.go b/libcontainer/cgroups/fs/cpuset_test.go index 8933b3ca351..ec1c86ca6e5 100644 --- a/libcontainer/cgroups/fs/cpuset_test.go +++ b/libcontainer/cgroups/fs/cpuset_test.go @@ -6,7 +6,6 @@ import ( "github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/cgroups/fscommon" - "github.com/opencontainers/runc/libcontainer/configs" ) const ( @@ -49,7 +48,7 @@ func TestCPUSetSetCpus(t *testing.T) { "cpuset.cpus": cpusBefore, }) - r := &configs.Resources{ + r := &cgroups.Resources{ CpusetCpus: cpusAfter, } cpuset := &CpusetGroup{} @@ -78,7 +77,7 @@ func TestCPUSetSetMems(t *testing.T) { "cpuset.mems": memsBefore, }) - r := &configs.Resources{ + r := &cgroups.Resources{ CpusetMems: memsAfter, } cpuset := &CpusetGroup{} diff --git a/libcontainer/cgroups/fs/devices.go b/libcontainer/cgroups/fs/devices.go index 0bf3d9debb9..305bb0dac58 100644 --- a/libcontainer/cgroups/fs/devices.go +++ b/libcontainer/cgroups/fs/devices.go @@ -2,7 +2,6 @@ package fs import ( "github.com/opencontainers/runc/libcontainer/cgroups" - "github.com/opencontainers/runc/libcontainer/configs" ) type DevicesGroup struct{} @@ -11,7 +10,7 @@ func (s *DevicesGroup) Name() string { return "devices" } -func (s *DevicesGroup) Apply(path string, r *configs.Resources, pid int) error { +func (s *DevicesGroup) Apply(path string, r *cgroups.Resources, pid int) error { if r.SkipDevices { return nil } @@ -24,7 +23,7 @@ func (s *DevicesGroup) Apply(path string, r *configs.Resources, pid int) error { return apply(path, pid) } -func (s *DevicesGroup) Set(path string, r *configs.Resources) error { +func (s *DevicesGroup) Set(path string, r *cgroups.Resources) error { if cgroups.DevicesSetV1 == nil { if len(r.Devices) == 0 { return nil diff --git a/libcontainer/cgroups/fs/freezer.go b/libcontainer/cgroups/fs/freezer.go index 987f1bf5e74..c959afde309 100644 --- a/libcontainer/cgroups/fs/freezer.go +++ b/libcontainer/cgroups/fs/freezer.go @@ -8,7 +8,6 @@ import ( "time" "github.com/opencontainers/runc/libcontainer/cgroups" - "github.com/opencontainers/runc/libcontainer/configs" "github.com/sirupsen/logrus" "golang.org/x/sys/unix" ) @@ -19,19 +18,19 @@ func (s *FreezerGroup) Name() string { return "freezer" } -func (s *FreezerGroup) Apply(path string, _ *configs.Resources, pid int) error { +func (s *FreezerGroup) Apply(path string, _ *cgroups.Resources, pid int) error { return apply(path, pid) } -func (s *FreezerGroup) Set(path string, r *configs.Resources) (Err error) { +func (s *FreezerGroup) Set(path string, r *cgroups.Resources) (Err error) { switch r.Freezer { - case configs.Frozen: + case cgroups.Frozen: defer func() { if Err != nil { // Freezing failed, and it is bad and dangerous // to leave the cgroup in FROZEN or FREEZING // state, so (try to) thaw it back. - _ = cgroups.WriteFile(path, "freezer.state", string(configs.Thawed)) + _ = cgroups.WriteFile(path, "freezer.state", string(cgroups.Thawed)) } }() @@ -64,11 +63,11 @@ func (s *FreezerGroup) Set(path string, r *configs.Resources) (Err error) { // the chances to succeed in freezing // in case new processes keep appearing // in the cgroup. - _ = cgroups.WriteFile(path, "freezer.state", string(configs.Thawed)) + _ = cgroups.WriteFile(path, "freezer.state", string(cgroups.Thawed)) time.Sleep(10 * time.Millisecond) } - if err := cgroups.WriteFile(path, "freezer.state", string(configs.Frozen)); err != nil { + if err := cgroups.WriteFile(path, "freezer.state", string(cgroups.Frozen)); err != nil { return err } @@ -87,7 +86,7 @@ func (s *FreezerGroup) Set(path string, r *configs.Resources) (Err error) { switch state { case "FREEZING": continue - case string(configs.Frozen): + case string(cgroups.Frozen): if i > 1 { logrus.Debugf("frozen after %d retries", i) } @@ -99,9 +98,9 @@ func (s *FreezerGroup) Set(path string, r *configs.Resources) (Err error) { } // Despite our best efforts, it got stuck in FREEZING. return errors.New("unable to freeze") - case configs.Thawed: - return cgroups.WriteFile(path, "freezer.state", string(configs.Thawed)) - case configs.Undefined: + case cgroups.Thawed: + return cgroups.WriteFile(path, "freezer.state", string(cgroups.Thawed)) + case cgroups.Undefined: return nil default: return fmt.Errorf("Invalid argument '%s' to freezer.state", string(r.Freezer)) @@ -112,7 +111,7 @@ func (s *FreezerGroup) GetStats(path string, stats *cgroups.Stats) error { return nil } -func (s *FreezerGroup) GetState(path string) (configs.FreezerState, error) { +func (s *FreezerGroup) GetState(path string) (cgroups.FreezerState, error) { for { state, err := cgroups.ReadFile(path, "freezer.state") if err != nil { @@ -121,11 +120,11 @@ func (s *FreezerGroup) GetState(path string) (configs.FreezerState, error) { if os.IsNotExist(err) || errors.Is(err, unix.ENODEV) { err = nil } - return configs.Undefined, err + return cgroups.Undefined, err } switch strings.TrimSpace(state) { case "THAWED": - return configs.Thawed, nil + return cgroups.Thawed, nil case "FROZEN": // Find out whether the cgroup is frozen directly, // or indirectly via an ancestor. @@ -136,15 +135,15 @@ func (s *FreezerGroup) GetState(path string) (configs.FreezerState, error) { if errors.Is(err, os.ErrNotExist) || errors.Is(err, unix.ENODEV) { err = nil } - return configs.Frozen, err + return cgroups.Frozen, err } switch self { case "0\n": - return configs.Thawed, nil + return cgroups.Thawed, nil case "1\n": - return configs.Frozen, nil + return cgroups.Frozen, nil default: - return configs.Undefined, fmt.Errorf(`unknown "freezer.self_freezing" state: %q`, self) + return cgroups.Undefined, fmt.Errorf(`unknown "freezer.self_freezing" state: %q`, self) } case "FREEZING": // Make sure we get a stable freezer state, so retry if the cgroup @@ -152,7 +151,7 @@ func (s *FreezerGroup) GetState(path string) (configs.FreezerState, error) { time.Sleep(1 * time.Millisecond) continue default: - return configs.Undefined, fmt.Errorf("unknown freezer.state %q", state) + return cgroups.Undefined, fmt.Errorf("unknown freezer.state %q", state) } } } diff --git a/libcontainer/cgroups/fs/freezer_test.go b/libcontainer/cgroups/fs/freezer_test.go index bbdd3717dbe..d905380840d 100644 --- a/libcontainer/cgroups/fs/freezer_test.go +++ b/libcontainer/cgroups/fs/freezer_test.go @@ -3,19 +3,19 @@ package fs import ( "testing" + "github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/cgroups/fscommon" - "github.com/opencontainers/runc/libcontainer/configs" ) func TestFreezerSetState(t *testing.T) { path := tempDir(t, "freezer") writeFileContents(t, path, map[string]string{ - "freezer.state": string(configs.Frozen), + "freezer.state": string(cgroups.Frozen), }) - r := &configs.Resources{ - Freezer: configs.Thawed, + r := &cgroups.Resources{ + Freezer: cgroups.Thawed, } freezer := &FreezerGroup{} if err := freezer.Set(path, r); err != nil { @@ -26,7 +26,7 @@ func TestFreezerSetState(t *testing.T) { if err != nil { t.Fatal(err) } - if value != string(configs.Thawed) { + if value != string(cgroups.Thawed) { t.Fatal("Got the wrong value, set freezer.state failed.") } } @@ -34,9 +34,9 @@ func TestFreezerSetState(t *testing.T) { func TestFreezerSetInvalidState(t *testing.T) { path := tempDir(t, "freezer") - const invalidArg configs.FreezerState = "Invalid" + const invalidArg cgroups.FreezerState = "Invalid" - r := &configs.Resources{ + r := &cgroups.Resources{ Freezer: invalidArg, } freezer := &FreezerGroup{} diff --git a/libcontainer/cgroups/fs/fs.go b/libcontainer/cgroups/fs/fs.go index ba15bfc4077..490847246e1 100644 --- a/libcontainer/cgroups/fs/fs.go +++ b/libcontainer/cgroups/fs/fs.go @@ -10,7 +10,6 @@ import ( "github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/cgroups/fscommon" - "github.com/opencontainers/runc/libcontainer/configs" ) var subsystems = []subsystem{ @@ -49,22 +48,22 @@ type subsystem interface { // Apply creates and joins a cgroup, adding pid into it. Some // subsystems use resources to pre-configure the cgroup parents // before creating or joining it. - Apply(path string, r *configs.Resources, pid int) error + Apply(path string, r *cgroups.Resources, pid int) error // Set sets the cgroup resources. - Set(path string, r *configs.Resources) error + Set(path string, r *cgroups.Resources) error } type Manager struct { mu sync.Mutex - cgroups *configs.Cgroup + cgroups *cgroups.Cgroup paths map[string]string } -func NewManager(cg *configs.Cgroup, paths map[string]string) (*Manager, error) { +func NewManager(cg *cgroups.Cgroup, paths map[string]string) (*Manager, error) { // Some v1 controllers (cpu, cpuset, and devices) expect // cgroups.Resources to not be nil in Apply. if cg.Resources == nil { - return nil, errors.New("cgroup v1 manager needs configs.Resources to be set during manager creation") + return nil, errors.New("cgroup v1 manager needs cgroups.Resources to be set during manager creation") } if cg.Resources.Unified != nil { return nil, cgroups.ErrV1NoUnified @@ -168,7 +167,7 @@ func (m *Manager) GetStats() (*cgroups.Stats, error) { return stats, nil } -func (m *Manager) Set(r *configs.Resources) error { +func (m *Manager) Set(r *cgroups.Resources) error { if r == nil { return nil } @@ -203,7 +202,7 @@ func (m *Manager) Set(r *configs.Resources) error { // Freeze toggles the container's freezer cgroup depending on the state // provided -func (m *Manager) Freeze(state configs.FreezerState) error { +func (m *Manager) Freeze(state cgroups.FreezerState) error { path := m.Path("freezer") if path == "" { return errors.New("cannot toggle freezer: cgroups not configured for container") @@ -233,15 +232,15 @@ func (m *Manager) GetPaths() map[string]string { return m.paths } -func (m *Manager) GetCgroups() (*configs.Cgroup, error) { +func (m *Manager) GetCgroups() (*cgroups.Cgroup, error) { return m.cgroups, nil } -func (m *Manager) GetFreezerState() (configs.FreezerState, error) { +func (m *Manager) GetFreezerState() (cgroups.FreezerState, error) { dir := m.Path("freezer") // If the container doesn't have the freezer cgroup, say it's undefined. if dir == "" { - return configs.Undefined, nil + return cgroups.Undefined, nil } freezer := &FreezerGroup{} return freezer.GetState(dir) diff --git a/libcontainer/cgroups/fs/fs_test.go b/libcontainer/cgroups/fs/fs_test.go index 01293ad1267..2d6cad1d50c 100644 --- a/libcontainer/cgroups/fs/fs_test.go +++ b/libcontainer/cgroups/fs/fs_test.go @@ -4,7 +4,6 @@ import ( "testing" "github.com/opencontainers/runc/libcontainer/cgroups" - "github.com/opencontainers/runc/libcontainer/configs" ) func BenchmarkGetStats(b *testing.B) { @@ -19,9 +18,9 @@ func BenchmarkGetStats(b *testing.B) { cgroups.TestMode = true }() - cg := &configs.Cgroup{ + cg := &cgroups.Cgroup{ Path: "/some/kind/of/a/path/here", - Resources: &configs.Resources{}, + Resources: &cgroups.Resources{}, } m, err := NewManager(cg, nil) if err != nil { diff --git a/libcontainer/cgroups/fs/hugetlb.go b/libcontainer/cgroups/fs/hugetlb.go index 50f8f30cd39..9800f627a33 100644 --- a/libcontainer/cgroups/fs/hugetlb.go +++ b/libcontainer/cgroups/fs/hugetlb.go @@ -7,7 +7,6 @@ import ( "github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/cgroups/fscommon" - "github.com/opencontainers/runc/libcontainer/configs" ) type HugetlbGroup struct{} @@ -16,11 +15,11 @@ func (s *HugetlbGroup) Name() string { return "hugetlb" } -func (s *HugetlbGroup) Apply(path string, _ *configs.Resources, pid int) error { +func (s *HugetlbGroup) Apply(path string, _ *cgroups.Resources, pid int) error { return apply(path, pid) } -func (s *HugetlbGroup) Set(path string, r *configs.Resources) error { +func (s *HugetlbGroup) Set(path string, r *cgroups.Resources) error { const suffix = ".limit_in_bytes" skipRsvd := false diff --git a/libcontainer/cgroups/fs/hugetlb_test.go b/libcontainer/cgroups/fs/hugetlb_test.go index 17b4945a167..92598709bfc 100644 --- a/libcontainer/cgroups/fs/hugetlb_test.go +++ b/libcontainer/cgroups/fs/hugetlb_test.go @@ -7,7 +7,6 @@ import ( "github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/cgroups/fscommon" - "github.com/opencontainers/runc/libcontainer/configs" ) const ( @@ -42,9 +41,9 @@ func TestHugetlbSetHugetlb(t *testing.T) { }) } - r := &configs.Resources{} + r := &cgroups.Resources{} for _, pageSize := range cgroups.HugePageSizes() { - r.HugetlbLimit = []*configs.HugepageLimit{ + r.HugetlbLimit = []*cgroups.HugepageLimit{ { Pagesize: pageSize, Limit: hugetlbAfter, diff --git a/libcontainer/cgroups/fs/memory.go b/libcontainer/cgroups/fs/memory.go index 0abea63f92a..ad9190db130 100644 --- a/libcontainer/cgroups/fs/memory.go +++ b/libcontainer/cgroups/fs/memory.go @@ -14,7 +14,6 @@ import ( "github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/cgroups/fscommon" - "github.com/opencontainers/runc/libcontainer/configs" ) const ( @@ -30,7 +29,7 @@ func (s *MemoryGroup) Name() string { return "memory" } -func (s *MemoryGroup) Apply(path string, _ *configs.Resources, pid int) error { +func (s *MemoryGroup) Apply(path string, _ *cgroups.Resources, pid int) error { return apply(path, pid) } @@ -66,7 +65,7 @@ func setSwap(path string, val int64) error { return cgroups.WriteFile(path, cgroupMemorySwapLimit, strconv.FormatInt(val, 10)) } -func setMemoryAndSwap(path string, r *configs.Resources) error { +func setMemoryAndSwap(path string, r *cgroups.Resources) error { // If the memory update is set to -1 and the swap is not explicitly // set, we should also set swap to -1, it means unlimited memory. if r.Memory == -1 && r.MemorySwap == 0 { @@ -108,7 +107,7 @@ func setMemoryAndSwap(path string, r *configs.Resources) error { return nil } -func (s *MemoryGroup) Set(path string, r *configs.Resources) error { +func (s *MemoryGroup) Set(path string, r *cgroups.Resources) error { if err := setMemoryAndSwap(path, r); err != nil { return err } diff --git a/libcontainer/cgroups/fs/memory_test.go b/libcontainer/cgroups/fs/memory_test.go index 95e9d3cbaa4..25687b6f97e 100644 --- a/libcontainer/cgroups/fs/memory_test.go +++ b/libcontainer/cgroups/fs/memory_test.go @@ -6,7 +6,6 @@ import ( "github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/cgroups/fscommon" - "github.com/opencontainers/runc/libcontainer/configs" ) const ( @@ -53,7 +52,7 @@ func TestMemorySetMemory(t *testing.T) { "memory.soft_limit_in_bytes": strconv.Itoa(reservationBefore), }) - r := &configs.Resources{ + r := &cgroups.Resources{ Memory: memoryAfter, MemoryReservation: reservationAfter, } @@ -91,7 +90,7 @@ func TestMemorySetMemoryswap(t *testing.T) { "memory.memsw.limit_in_bytes": strconv.Itoa(memoryswapBefore), }) - r := &configs.Resources{ + r := &cgroups.Resources{ MemorySwap: memoryswapAfter, } memory := &MemoryGroup{} @@ -128,7 +127,7 @@ func TestMemorySetMemoryLargerThanSwap(t *testing.T) { "memory.failcnt": "0", }) - r := &configs.Resources{ + r := &cgroups.Resources{ Memory: memoryAfter, MemorySwap: memoryswapAfter, } @@ -169,7 +168,7 @@ func TestMemorySetSwapSmallerThanMemory(t *testing.T) { "memory.memsw.limit_in_bytes": strconv.Itoa(memoryswapBefore), }) - r := &configs.Resources{ + r := &cgroups.Resources{ Memory: memoryAfter, MemorySwap: memoryswapAfter, } @@ -205,7 +204,7 @@ func TestMemorySetMemorySwappinessDefault(t *testing.T) { "memory.swappiness": strconv.Itoa(swappinessBefore), }) - r := &configs.Resources{ + r := &cgroups.Resources{ MemorySwappiness: &swappinessAfter, } memory := &MemoryGroup{} @@ -418,7 +417,7 @@ func TestMemorySetOomControl(t *testing.T) { }) memory := &MemoryGroup{} - r := &configs.Resources{} + r := &cgroups.Resources{} if err := memory.Set(path, r); err != nil { t.Fatal(err) } diff --git a/libcontainer/cgroups/fs/name.go b/libcontainer/cgroups/fs/name.go index b8d5d849c52..bf51cd63244 100644 --- a/libcontainer/cgroups/fs/name.go +++ b/libcontainer/cgroups/fs/name.go @@ -2,7 +2,6 @@ package fs import ( "github.com/opencontainers/runc/libcontainer/cgroups" - "github.com/opencontainers/runc/libcontainer/configs" ) type NameGroup struct { @@ -14,7 +13,7 @@ func (s *NameGroup) Name() string { return s.GroupName } -func (s *NameGroup) Apply(path string, _ *configs.Resources, pid int) error { +func (s *NameGroup) Apply(path string, _ *cgroups.Resources, pid int) error { if s.Join { // Ignore errors if the named cgroup does not exist. _ = apply(path, pid) @@ -22,7 +21,7 @@ func (s *NameGroup) Apply(path string, _ *configs.Resources, pid int) error { return nil } -func (s *NameGroup) Set(_ string, _ *configs.Resources) error { +func (s *NameGroup) Set(_ string, _ *cgroups.Resources) error { return nil } diff --git a/libcontainer/cgroups/fs/net_cls.go b/libcontainer/cgroups/fs/net_cls.go index abfd09ce83a..ce3b3f3ae12 100644 --- a/libcontainer/cgroups/fs/net_cls.go +++ b/libcontainer/cgroups/fs/net_cls.go @@ -4,7 +4,6 @@ import ( "strconv" "github.com/opencontainers/runc/libcontainer/cgroups" - "github.com/opencontainers/runc/libcontainer/configs" ) type NetClsGroup struct{} @@ -13,11 +12,11 @@ func (s *NetClsGroup) Name() string { return "net_cls" } -func (s *NetClsGroup) Apply(path string, _ *configs.Resources, pid int) error { +func (s *NetClsGroup) Apply(path string, _ *cgroups.Resources, pid int) error { return apply(path, pid) } -func (s *NetClsGroup) Set(path string, r *configs.Resources) error { +func (s *NetClsGroup) Set(path string, r *cgroups.Resources) error { if r.NetClsClassid != 0 { if err := cgroups.WriteFile(path, "net_cls.classid", strconv.FormatUint(uint64(r.NetClsClassid), 10)); err != nil { return err diff --git a/libcontainer/cgroups/fs/net_cls_test.go b/libcontainer/cgroups/fs/net_cls_test.go index 085c0615123..ea051d99a1e 100644 --- a/libcontainer/cgroups/fs/net_cls_test.go +++ b/libcontainer/cgroups/fs/net_cls_test.go @@ -4,8 +4,8 @@ import ( "strconv" "testing" + "github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/cgroups/fscommon" - "github.com/opencontainers/runc/libcontainer/configs" ) const ( @@ -20,7 +20,7 @@ func TestNetClsSetClassid(t *testing.T) { "net_cls.classid": strconv.FormatUint(classidBefore, 10), }) - r := &configs.Resources{ + r := &cgroups.Resources{ NetClsClassid: classidAfter, } netcls := &NetClsGroup{} diff --git a/libcontainer/cgroups/fs/net_prio.go b/libcontainer/cgroups/fs/net_prio.go index da74d377989..3fb5050ab6a 100644 --- a/libcontainer/cgroups/fs/net_prio.go +++ b/libcontainer/cgroups/fs/net_prio.go @@ -2,7 +2,6 @@ package fs import ( "github.com/opencontainers/runc/libcontainer/cgroups" - "github.com/opencontainers/runc/libcontainer/configs" ) type NetPrioGroup struct{} @@ -11,11 +10,11 @@ func (s *NetPrioGroup) Name() string { return "net_prio" } -func (s *NetPrioGroup) Apply(path string, _ *configs.Resources, pid int) error { +func (s *NetPrioGroup) Apply(path string, _ *cgroups.Resources, pid int) error { return apply(path, pid) } -func (s *NetPrioGroup) Set(path string, r *configs.Resources) error { +func (s *NetPrioGroup) Set(path string, r *cgroups.Resources) error { for _, prioMap := range r.NetPrioIfpriomap { if err := cgroups.WriteFile(path, "net_prio.ifpriomap", prioMap.CgroupString()); err != nil { return err diff --git a/libcontainer/cgroups/fs/net_prio_test.go b/libcontainer/cgroups/fs/net_prio_test.go index 453ff363b81..90115e99eb3 100644 --- a/libcontainer/cgroups/fs/net_prio_test.go +++ b/libcontainer/cgroups/fs/net_prio_test.go @@ -4,11 +4,11 @@ import ( "strings" "testing" + "github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/cgroups/fscommon" - "github.com/opencontainers/runc/libcontainer/configs" ) -var prioMap = []*configs.IfPrioMap{ +var prioMap = []*cgroups.IfPrioMap{ { Interface: "test", Priority: 5, @@ -18,7 +18,7 @@ var prioMap = []*configs.IfPrioMap{ func TestNetPrioSetIfPrio(t *testing.T) { path := tempDir(t, "net_prio") - r := &configs.Resources{ + r := &cgroups.Resources{ NetPrioIfpriomap: prioMap, } netPrio := &NetPrioGroup{} diff --git a/libcontainer/cgroups/fs/paths.go b/libcontainer/cgroups/fs/paths.go index 5f119bac31b..b8516865a86 100644 --- a/libcontainer/cgroups/fs/paths.go +++ b/libcontainer/cgroups/fs/paths.go @@ -9,7 +9,6 @@ import ( "golang.org/x/sys/unix" "github.com/opencontainers/runc/libcontainer/cgroups" - "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/utils" ) @@ -21,7 +20,7 @@ var ( const defaultCgroupRoot = "/sys/fs/cgroup" -func initPaths(cg *configs.Cgroup) (map[string]string, error) { +func initPaths(cg *cgroups.Cgroup) (map[string]string, error) { root, err := rootPath() if err != nil { return nil, err @@ -136,7 +135,7 @@ func rootPath() (string, error) { return cgroupRoot, nil } -func innerPath(c *configs.Cgroup) (string, error) { +func innerPath(c *cgroups.Cgroup) (string, error) { if (c.Name != "" || c.Parent != "") && c.Path != "" { return "", errors.New("cgroup: either Path or Name and Parent should be used") } diff --git a/libcontainer/cgroups/fs/paths_test.go b/libcontainer/cgroups/fs/paths_test.go index 3a4d45fc212..43dcfcbbb2b 100644 --- a/libcontainer/cgroups/fs/paths_test.go +++ b/libcontainer/cgroups/fs/paths_test.go @@ -6,7 +6,6 @@ import ( "testing" "github.com/opencontainers/runc/libcontainer/cgroups" - "github.com/opencontainers/runc/libcontainer/configs" ) func TestInvalidCgroupPath(t *testing.T) { @@ -65,7 +64,7 @@ func TestInvalidCgroupPath(t *testing.T) { for _, tc := range testCases { t.Run(tc.test, func(t *testing.T) { - config := &configs.Cgroup{Path: tc.path, Name: tc.name, Parent: tc.parent} + config := &cgroups.Cgroup{Path: tc.path, Name: tc.name, Parent: tc.parent} inner, err := innerPath(config) if err != nil { diff --git a/libcontainer/cgroups/fs/perf_event.go b/libcontainer/cgroups/fs/perf_event.go index b86955c8f31..3a04767a20f 100644 --- a/libcontainer/cgroups/fs/perf_event.go +++ b/libcontainer/cgroups/fs/perf_event.go @@ -2,7 +2,6 @@ package fs import ( "github.com/opencontainers/runc/libcontainer/cgroups" - "github.com/opencontainers/runc/libcontainer/configs" ) type PerfEventGroup struct{} @@ -11,11 +10,11 @@ func (s *PerfEventGroup) Name() string { return "perf_event" } -func (s *PerfEventGroup) Apply(path string, _ *configs.Resources, pid int) error { +func (s *PerfEventGroup) Apply(path string, _ *cgroups.Resources, pid int) error { return apply(path, pid) } -func (s *PerfEventGroup) Set(_ string, _ *configs.Resources) error { +func (s *PerfEventGroup) Set(_ string, _ *cgroups.Resources) error { return nil } diff --git a/libcontainer/cgroups/fs/pids.go b/libcontainer/cgroups/fs/pids.go index 1f13532a5ad..6ab094bc0bb 100644 --- a/libcontainer/cgroups/fs/pids.go +++ b/libcontainer/cgroups/fs/pids.go @@ -6,7 +6,6 @@ import ( "github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/cgroups/fscommon" - "github.com/opencontainers/runc/libcontainer/configs" ) type PidsGroup struct{} @@ -15,11 +14,11 @@ func (s *PidsGroup) Name() string { return "pids" } -func (s *PidsGroup) Apply(path string, _ *configs.Resources, pid int) error { +func (s *PidsGroup) Apply(path string, _ *cgroups.Resources, pid int) error { return apply(path, pid) } -func (s *PidsGroup) Set(path string, r *configs.Resources) error { +func (s *PidsGroup) Set(path string, r *cgroups.Resources) error { if r.PidsLimit != 0 { // "max" is the fallback value. limit := "max" diff --git a/libcontainer/cgroups/fs/pids_test.go b/libcontainer/cgroups/fs/pids_test.go index 9d9a7ce8f18..eb05511ff0d 100644 --- a/libcontainer/cgroups/fs/pids_test.go +++ b/libcontainer/cgroups/fs/pids_test.go @@ -6,7 +6,6 @@ import ( "github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/cgroups/fscommon" - "github.com/opencontainers/runc/libcontainer/configs" ) const ( @@ -21,7 +20,7 @@ func TestPidsSetMax(t *testing.T) { "pids.max": "max", }) - r := &configs.Resources{ + r := &cgroups.Resources{ PidsLimit: maxLimited, } pids := &PidsGroup{} @@ -45,7 +44,7 @@ func TestPidsSetUnlimited(t *testing.T) { "pids.max": strconv.Itoa(maxLimited), }) - r := &configs.Resources{ + r := &cgroups.Resources{ PidsLimit: maxUnlimited, } pids := &PidsGroup{} diff --git a/libcontainer/cgroups/fs/rdma.go b/libcontainer/cgroups/fs/rdma.go index 5bbe0f35f81..bc40c2d5bef 100644 --- a/libcontainer/cgroups/fs/rdma.go +++ b/libcontainer/cgroups/fs/rdma.go @@ -3,7 +3,6 @@ package fs import ( "github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/cgroups/fscommon" - "github.com/opencontainers/runc/libcontainer/configs" ) type RdmaGroup struct{} @@ -12,11 +11,11 @@ func (s *RdmaGroup) Name() string { return "rdma" } -func (s *RdmaGroup) Apply(path string, _ *configs.Resources, pid int) error { +func (s *RdmaGroup) Apply(path string, _ *cgroups.Resources, pid int) error { return apply(path, pid) } -func (s *RdmaGroup) Set(path string, r *configs.Resources) error { +func (s *RdmaGroup) Set(path string, r *cgroups.Resources) error { return fscommon.RdmaSet(path, r) } diff --git a/libcontainer/cgroups/fs2/cpu.go b/libcontainer/cgroups/fs2/cpu.go index 293defad40b..9734f6c459a 100644 --- a/libcontainer/cgroups/fs2/cpu.go +++ b/libcontainer/cgroups/fs2/cpu.go @@ -10,14 +10,13 @@ import ( "github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/cgroups/fscommon" - "github.com/opencontainers/runc/libcontainer/configs" ) -func isCPUSet(r *configs.Resources) bool { +func isCPUSet(r *cgroups.Resources) bool { return r.CpuWeight != 0 || r.CpuQuota != 0 || r.CpuPeriod != 0 || r.CPUIdle != nil || r.CpuBurst != nil } -func setCPU(dirPath string, r *configs.Resources) error { +func setCPU(dirPath string, r *cgroups.Resources) error { if !isCPUSet(r) { return nil } diff --git a/libcontainer/cgroups/fs2/cpuset.go b/libcontainer/cgroups/fs2/cpuset.go index 16c45bad8f0..7c3326e37fe 100644 --- a/libcontainer/cgroups/fs2/cpuset.go +++ b/libcontainer/cgroups/fs2/cpuset.go @@ -2,14 +2,13 @@ package fs2 import ( "github.com/opencontainers/runc/libcontainer/cgroups" - "github.com/opencontainers/runc/libcontainer/configs" ) -func isCpusetSet(r *configs.Resources) bool { +func isCpusetSet(r *cgroups.Resources) bool { return r.CpusetCpus != "" || r.CpusetMems != "" } -func setCpuset(dirPath string, r *configs.Resources) error { +func setCpuset(dirPath string, r *cgroups.Resources) error { if !isCpusetSet(r) { return nil } diff --git a/libcontainer/cgroups/fs2/create.go b/libcontainer/cgroups/fs2/create.go index 6034741938d..9427aae600a 100644 --- a/libcontainer/cgroups/fs2/create.go +++ b/libcontainer/cgroups/fs2/create.go @@ -7,7 +7,6 @@ import ( "strings" "github.com/opencontainers/runc/libcontainer/cgroups" - "github.com/opencontainers/runc/libcontainer/configs" ) func supportedControllers() (string, error) { @@ -18,7 +17,7 @@ func supportedControllers() (string, error) { // based on (1) controllers available and (2) resources that are being set. // We don't check "pseudo" controllers such as // "freezer" and "devices". -func needAnyControllers(r *configs.Resources) (bool, error) { +func needAnyControllers(r *cgroups.Resources) (bool, error) { if r == nil { return false, nil } @@ -64,12 +63,12 @@ func needAnyControllers(r *configs.Resources) (bool, error) { // containsDomainController returns whether the current config contains domain controller or not. // Refer to: http://man7.org/linux/man-pages/man7/cgroups.7.html // As at Linux 4.19, the following controllers are threaded: cpu, perf_event, and pids. -func containsDomainController(r *configs.Resources) bool { +func containsDomainController(r *cgroups.Resources) bool { return isMemorySet(r) || isIoSet(r) || isCPUSet(r) || isHugeTlbSet(r) } // CreateCgroupPath creates cgroupv2 path, enabling all the supported controllers. -func CreateCgroupPath(path string, c *configs.Cgroup) (Err error) { +func CreateCgroupPath(path string, c *cgroups.Cgroup) (Err error) { if !strings.HasPrefix(path, UnifiedMountpoint) { return fmt.Errorf("invalid cgroup path %s", path) } diff --git a/libcontainer/cgroups/fs2/defaultpath.go b/libcontainer/cgroups/fs2/defaultpath.go index 8ac8312017b..6637ef85c3c 100644 --- a/libcontainer/cgroups/fs2/defaultpath.go +++ b/libcontainer/cgroups/fs2/defaultpath.go @@ -25,13 +25,13 @@ import ( "path/filepath" "strings" - "github.com/opencontainers/runc/libcontainer/configs" + "github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/utils" ) const UnifiedMountpoint = "/sys/fs/cgroup" -func defaultDirPath(c *configs.Cgroup) (string, error) { +func defaultDirPath(c *cgroups.Cgroup) (string, error) { if (c.Name != "" || c.Parent != "") && c.Path != "" { return "", fmt.Errorf("cgroup: either Path or Name and Parent should be used, got %+v", c) } diff --git a/libcontainer/cgroups/fs2/freezer.go b/libcontainer/cgroups/fs2/freezer.go index 8917a6411d6..7396ac02814 100644 --- a/libcontainer/cgroups/fs2/freezer.go +++ b/libcontainer/cgroups/fs2/freezer.go @@ -11,17 +11,16 @@ import ( "golang.org/x/sys/unix" "github.com/opencontainers/runc/libcontainer/cgroups" - "github.com/opencontainers/runc/libcontainer/configs" ) -func setFreezer(dirPath string, state configs.FreezerState) error { +func setFreezer(dirPath string, state cgroups.FreezerState) error { var stateStr string switch state { - case configs.Undefined: + case cgroups.Undefined: return nil - case configs.Frozen: + case cgroups.Frozen: stateStr = "1" - case configs.Thawed: + case cgroups.Thawed: stateStr = "0" default: return fmt.Errorf("invalid freezer state %q requested", state) @@ -32,7 +31,7 @@ func setFreezer(dirPath string, state configs.FreezerState) error { // We can ignore this request as long as the user didn't ask us to // freeze the container (since without the freezer cgroup, that's a // no-op). - if state != configs.Frozen { + if state != cgroups.Frozen { return nil } return fmt.Errorf("freezer not supported: %w", err) @@ -51,7 +50,7 @@ func setFreezer(dirPath string, state configs.FreezerState) error { return nil } -func getFreezer(dirPath string) (configs.FreezerState, error) { +func getFreezer(dirPath string) (cgroups.FreezerState, error) { fd, err := cgroups.OpenFile(dirPath, "cgroup.freeze", unix.O_RDONLY) if err != nil { // If the kernel is too old, then we just treat the freezer as being in @@ -59,36 +58,36 @@ func getFreezer(dirPath string) (configs.FreezerState, error) { if os.IsNotExist(err) || errors.Is(err, unix.ENODEV) { err = nil } - return configs.Undefined, err + return cgroups.Undefined, err } defer fd.Close() return readFreezer(dirPath, fd) } -func readFreezer(dirPath string, fd *os.File) (configs.FreezerState, error) { +func readFreezer(dirPath string, fd *os.File) (cgroups.FreezerState, error) { if _, err := fd.Seek(0, 0); err != nil { - return configs.Undefined, err + return cgroups.Undefined, err } state := make([]byte, 2) if _, err := fd.Read(state); err != nil { - return configs.Undefined, err + return cgroups.Undefined, err } switch string(state) { case "0\n": - return configs.Thawed, nil + return cgroups.Thawed, nil case "1\n": return waitFrozen(dirPath) default: - return configs.Undefined, fmt.Errorf(`unknown "cgroup.freeze" state: %q`, state) + return cgroups.Undefined, fmt.Errorf(`unknown "cgroup.freeze" state: %q`, state) } } // waitFrozen polls cgroup.events until it sees "frozen 1" in it. -func waitFrozen(dirPath string) (configs.FreezerState, error) { +func waitFrozen(dirPath string) (cgroups.FreezerState, error) { fd, err := cgroups.OpenFile(dirPath, "cgroup.events", unix.O_RDONLY) if err != nil { - return configs.Undefined, err + return cgroups.Undefined, err } defer fd.Close() @@ -103,13 +102,13 @@ func waitFrozen(dirPath string) (configs.FreezerState, error) { scanner := bufio.NewScanner(fd) for i := 0; scanner.Scan(); { if i == maxIter { - return configs.Undefined, fmt.Errorf("timeout of %s reached waiting for the cgroup to freeze", waitTime*maxIter) + return cgroups.Undefined, fmt.Errorf("timeout of %s reached waiting for the cgroup to freeze", waitTime*maxIter) } line := scanner.Text() val := strings.TrimPrefix(line, "frozen ") if val != line { // got prefix if val[0] == '1' { - return configs.Frozen, nil + return cgroups.Frozen, nil } i++ @@ -117,11 +116,11 @@ func waitFrozen(dirPath string) (configs.FreezerState, error) { time.Sleep(waitTime) _, err := fd.Seek(0, 0) if err != nil { - return configs.Undefined, err + return cgroups.Undefined, err } } } // Should only reach here either on read error, // or if the file does not contain "frozen " line. - return configs.Undefined, scanner.Err() + return cgroups.Undefined, scanner.Err() } diff --git a/libcontainer/cgroups/fs2/fs2.go b/libcontainer/cgroups/fs2/fs2.go index 272b69a7f39..74dfcfdafcd 100644 --- a/libcontainer/cgroups/fs2/fs2.go +++ b/libcontainer/cgroups/fs2/fs2.go @@ -8,13 +8,12 @@ import ( "github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/cgroups/fscommon" - "github.com/opencontainers/runc/libcontainer/configs" ) type parseError = fscommon.ParseError type Manager struct { - config *configs.Cgroup + config *cgroups.Cgroup // dirPath is like "/sys/fs/cgroup/user.slice/user-1001.slice/session-1.scope" dirPath string // controllers is content of "cgroup.controllers" file. @@ -25,7 +24,7 @@ type Manager struct { // NewManager creates a manager for cgroup v2 unified hierarchy. // dirPath is like "/sys/fs/cgroup/user.slice/user-1001.slice/session-1.scope". // If dirPath is empty, it is automatically set using config. -func NewManager(config *configs.Cgroup, dirPath string) (*Manager, error) { +func NewManager(config *cgroups.Cgroup, dirPath string) (*Manager, error) { if dirPath == "" { var err error dirPath, err = defaultDirPath(config) @@ -143,7 +142,7 @@ func (m *Manager) GetStats() (*cgroups.Stats, error) { return st, nil } -func (m *Manager) Freeze(state configs.FreezerState) error { +func (m *Manager) Freeze(state cgroups.FreezerState) error { if m.config.Resources == nil { return errors.New("cannot toggle freezer: cgroups not configured for container") } @@ -162,7 +161,7 @@ func (m *Manager) Path(_ string) string { return m.dirPath } -func (m *Manager) Set(r *configs.Resources) error { +func (m *Manager) Set(r *cgroups.Resources) error { if r == nil { return nil } @@ -218,7 +217,7 @@ func (m *Manager) Set(r *configs.Resources) error { return nil } -func setDevices(dirPath string, r *configs.Resources) error { +func setDevices(dirPath string, r *cgroups.Resources) error { if cgroups.DevicesSetV2 == nil { if len(r.Devices) > 0 { return cgroups.ErrDevicesUnsupported @@ -260,11 +259,11 @@ func (m *Manager) GetPaths() map[string]string { return paths } -func (m *Manager) GetCgroups() (*configs.Cgroup, error) { +func (m *Manager) GetCgroups() (*cgroups.Cgroup, error) { return m.config, nil } -func (m *Manager) GetFreezerState() (configs.FreezerState, error) { +func (m *Manager) GetFreezerState() (cgroups.FreezerState, error) { return getFreezer(m.dirPath) } @@ -285,7 +284,7 @@ func (m *Manager) OOMKillCount() (uint64, error) { return c, err } -func CheckMemoryUsage(dirPath string, r *configs.Resources) error { +func CheckMemoryUsage(dirPath string, r *cgroups.Resources) error { if !r.MemoryCheckBeforeUpdate { return nil } diff --git a/libcontainer/cgroups/fs2/hugetlb.go b/libcontainer/cgroups/fs2/hugetlb.go index 2ce2631e187..117b69f50bd 100644 --- a/libcontainer/cgroups/fs2/hugetlb.go +++ b/libcontainer/cgroups/fs2/hugetlb.go @@ -7,14 +7,13 @@ import ( "github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/cgroups/fscommon" - "github.com/opencontainers/runc/libcontainer/configs" ) -func isHugeTlbSet(r *configs.Resources) bool { +func isHugeTlbSet(r *cgroups.Resources) bool { return len(r.HugetlbLimit) > 0 } -func setHugeTlb(dirPath string, r *configs.Resources) error { +func setHugeTlb(dirPath string, r *cgroups.Resources) error { if !isHugeTlbSet(r) { return nil } diff --git a/libcontainer/cgroups/fs2/io.go b/libcontainer/cgroups/fs2/io.go index b2ff7d34086..2da1449eba5 100644 --- a/libcontainer/cgroups/fs2/io.go +++ b/libcontainer/cgroups/fs2/io.go @@ -11,10 +11,9 @@ import ( "github.com/sirupsen/logrus" "github.com/opencontainers/runc/libcontainer/cgroups" - "github.com/opencontainers/runc/libcontainer/configs" ) -func isIoSet(r *configs.Resources) bool { +func isIoSet(r *cgroups.Resources) bool { return r.BlkioWeight != 0 || len(r.BlkioWeightDevice) > 0 || len(r.BlkioThrottleReadBpsDevice) > 0 || @@ -37,7 +36,7 @@ func bfqDeviceWeightSupported(bfq *os.File) bool { return err != nil } -func setIo(dirPath string, r *configs.Resources) error { +func setIo(dirPath string, r *cgroups.Resources) error { if !isIoSet(r) { return nil } diff --git a/libcontainer/cgroups/fs2/memory.go b/libcontainer/cgroups/fs2/memory.go index df8336ba0f8..f314755f4de 100644 --- a/libcontainer/cgroups/fs2/memory.go +++ b/libcontainer/cgroups/fs2/memory.go @@ -12,7 +12,6 @@ import ( "github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/cgroups/fscommon" - "github.com/opencontainers/runc/libcontainer/configs" ) // numToStr converts an int64 value to a string for writing to a @@ -32,11 +31,11 @@ func numToStr(value int64) (ret string) { return ret } -func isMemorySet(r *configs.Resources) bool { +func isMemorySet(r *cgroups.Resources) bool { return r.MemoryReservation != 0 || r.Memory != 0 || r.MemorySwap != 0 } -func setMemory(dirPath string, r *configs.Resources) error { +func setMemory(dirPath string, r *cgroups.Resources) error { if !isMemorySet(r) { return nil } diff --git a/libcontainer/cgroups/fs2/pids.go b/libcontainer/cgroups/fs2/pids.go index c8c4a365894..86d2f567309 100644 --- a/libcontainer/cgroups/fs2/pids.go +++ b/libcontainer/cgroups/fs2/pids.go @@ -10,14 +10,13 @@ import ( "github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/cgroups/fscommon" - "github.com/opencontainers/runc/libcontainer/configs" ) -func isPidsSet(r *configs.Resources) bool { +func isPidsSet(r *cgroups.Resources) bool { return r.PidsLimit != 0 } -func setPids(dirPath string, r *configs.Resources) error { +func setPids(dirPath string, r *cgroups.Resources) error { if !isPidsSet(r) { return nil } diff --git a/libcontainer/cgroups/fscommon/rdma.go b/libcontainer/cgroups/fscommon/rdma.go index d463d15ee4e..93e05017cc7 100644 --- a/libcontainer/cgroups/fscommon/rdma.go +++ b/libcontainer/cgroups/fscommon/rdma.go @@ -8,9 +8,9 @@ import ( "strconv" "strings" - "github.com/opencontainers/runc/libcontainer/cgroups" - "github.com/opencontainers/runc/libcontainer/configs" "golang.org/x/sys/unix" + + "github.com/opencontainers/runc/libcontainer/cgroups" ) // parseRdmaKV parses raw string to RdmaEntry. @@ -99,7 +99,7 @@ func RdmaGetStats(path string, stats *cgroups.Stats) error { return nil } -func createCmdString(device string, limits configs.LinuxRdma) string { +func createCmdString(device string, limits cgroups.LinuxRdma) string { cmdString := device if limits.HcaHandles != nil { cmdString += " hca_handle=" + strconv.FormatUint(uint64(*limits.HcaHandles), 10) @@ -111,7 +111,7 @@ func createCmdString(device string, limits configs.LinuxRdma) string { } // RdmaSet sets RDMA resources. -func RdmaSet(path string, r *configs.Resources) error { +func RdmaSet(path string, r *cgroups.Resources) error { for device, limits := range r.Rdma { if err := cgroups.WriteFile(path, "rdma.max", createCmdString(device, limits)); err != nil { return err diff --git a/libcontainer/cgroups/fscommon/rdma_test.go b/libcontainer/cgroups/fscommon/rdma_test.go index 9bc08190d12..ad15d515d02 100644 --- a/libcontainer/cgroups/fscommon/rdma_test.go +++ b/libcontainer/cgroups/fscommon/rdma_test.go @@ -5,7 +5,7 @@ import ( "path/filepath" "testing" - "github.com/opencontainers/runc/libcontainer/configs" + "github.com/opencontainers/runc/libcontainer/cgroups" ) /* Roadmap for future */ @@ -27,8 +27,8 @@ func TestRdmaSet(t *testing.T) { maxHandles := uint32(100) maxObjects := uint32(300) - rdmaStubResource := &configs.Resources{ - Rdma: map[string]configs.LinuxRdma{ + rdmaStubResource := &cgroups.Resources{ + Rdma: map[string]cgroups.LinuxRdma{ rdmaDevice: { HcaHandles: &maxHandles, HcaObjects: &maxObjects, diff --git a/libcontainer/cgroups/manager/manager_test.go b/libcontainer/cgroups/manager/manager_test.go index 6f0c0703a60..dc861bb423d 100644 --- a/libcontainer/cgroups/manager/manager_test.go +++ b/libcontainer/cgroups/manager/manager_test.go @@ -3,8 +3,8 @@ package manager import ( "testing" + "github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/cgroups/systemd" - "github.com/opencontainers/runc/libcontainer/configs" ) // TestNilResources checks that a cgroup manager do not panic when @@ -27,14 +27,14 @@ func TestNilResourcesSystemd(t *testing.T) { } func testNilResources(t *testing.T, systemd bool) { - cg := &configs.Cgroup{} // .Resources is nil + cg := &cgroups.Cgroup{} // .Resources is nil cg.Systemd = systemd mgr, err := New(cg) if err != nil { // Some managers require non-nil Resources during // instantiation -- provide and retry. In such case // we're mostly testing Set(nil) below. - cg.Resources = &configs.Resources{} + cg.Resources = &cgroups.Resources{} mgr, err = New(cg) if err != nil { t.Fatal(err) @@ -42,7 +42,7 @@ func testNilResources(t *testing.T, systemd bool) { } _ = mgr.Apply(-1) _ = mgr.Set(nil) - _ = mgr.Freeze(configs.Thawed) + _ = mgr.Freeze(cgroups.Thawed) _ = mgr.Exists() _, _ = mgr.GetAllPids() _, _ = mgr.GetCgroups() diff --git a/libcontainer/cgroups/manager/new.go b/libcontainer/cgroups/manager/new.go index a7bf155cf81..f6313b16bac 100644 --- a/libcontainer/cgroups/manager/new.go +++ b/libcontainer/cgroups/manager/new.go @@ -9,13 +9,12 @@ import ( "github.com/opencontainers/runc/libcontainer/cgroups/fs" "github.com/opencontainers/runc/libcontainer/cgroups/fs2" "github.com/opencontainers/runc/libcontainer/cgroups/systemd" - "github.com/opencontainers/runc/libcontainer/configs" ) // New returns the instance of a cgroup manager, which is chosen // based on the local environment (whether cgroup v1 or v2 is used) // and the config (whether config.Systemd is set or not). -func New(config *configs.Cgroup) (cgroups.Manager, error) { +func New(config *cgroups.Cgroup) (cgroups.Manager, error) { return NewWithPaths(config, nil) } @@ -27,7 +26,7 @@ func New(config *configs.Cgroup) (cgroups.Manager, error) { // // For cgroup v2, the only key allowed is "" (empty string), and the value // is the unified cgroup path. -func NewWithPaths(config *configs.Cgroup, paths map[string]string) (cgroups.Manager, error) { +func NewWithPaths(config *cgroups.Cgroup, paths map[string]string) (cgroups.Manager, error) { if config == nil { return nil, errors.New("cgroups/manager.New: config must not be nil") } diff --git a/libcontainer/cgroups/systemd/common.go b/libcontainer/cgroups/systemd/common.go index ed2f4110f4e..bcd1f99eb0c 100644 --- a/libcontainer/cgroups/systemd/common.go +++ b/libcontainer/cgroups/systemd/common.go @@ -16,7 +16,6 @@ import ( "github.com/sirupsen/logrus" "github.com/opencontainers/runc/libcontainer/cgroups" - "github.com/opencontainers/runc/libcontainer/configs" ) const ( @@ -38,7 +37,7 @@ var ( // [github.com/opencontainers/runc/libcontainer/cgroups/devices] // package is imported, it is set to nil, so cgroup managers can't // configure devices. - GenerateDeviceProps func(r *configs.Resources, sdVer int) ([]systemdDbus.Property, error) + GenerateDeviceProps func(r *cgroups.Resources, sdVer int) ([]systemdDbus.Property, error) ) // NOTE: This function comes from package github.com/coreos/go-systemd/util @@ -97,7 +96,7 @@ func newProp(name string, units interface{}) systemdDbus.Property { } } -func getUnitName(c *configs.Cgroup) string { +func getUnitName(c *cgroups.Cgroup) string { // by default, we create a scope unless the user explicitly asks for a slice. if !strings.HasSuffix(c.Name, ".slice") { return c.ScopePrefix + "-" + c.Name + ".scope" @@ -351,7 +350,7 @@ func addCpuset(cm *dbusConnManager, props *[]systemdDbus.Property, cpus, mems st // generateDeviceProperties takes the configured device rules and generates a // corresponding set of systemd properties to configure the devices correctly. -func generateDeviceProperties(r *configs.Resources, cm *dbusConnManager) ([]systemdDbus.Property, error) { +func generateDeviceProperties(r *cgroups.Resources, cm *dbusConnManager) ([]systemdDbus.Property, error) { if GenerateDeviceProps == nil { if len(r.Devices) > 0 { return nil, cgroups.ErrDevicesUnsupported diff --git a/libcontainer/cgroups/systemd/devices.go b/libcontainer/cgroups/systemd/devices.go index d8c572b4dd3..424d1c6eb81 100644 --- a/libcontainer/cgroups/systemd/devices.go +++ b/libcontainer/cgroups/systemd/devices.go @@ -5,7 +5,7 @@ import ( dbus "github.com/godbus/dbus/v5" - "github.com/opencontainers/runc/libcontainer/configs" + "github.com/opencontainers/runc/libcontainer/cgroups" ) // freezeBeforeSet answers whether there is a need to freeze the cgroup before @@ -17,7 +17,7 @@ import ( // (unlike our fs driver, they will happily write deny-all rules to running // containers). So we have to freeze the container to avoid the container get // an occasional "permission denied" error. -func (m *LegacyManager) freezeBeforeSet(unitName string, r *configs.Resources) (needsFreeze, needsThaw bool, err error) { +func (m *LegacyManager) freezeBeforeSet(unitName string, r *cgroups.Resources) (needsFreeze, needsThaw bool, err error) { // Special case for SkipDevices, as used by Kubernetes to create pod // cgroups with allow-all device policy). if r.SkipDevices { @@ -60,13 +60,13 @@ func (m *LegacyManager) freezeBeforeSet(unitName string, r *configs.Resources) ( if err != nil { return } - if freezerState == configs.Frozen { + if freezerState == cgroups.Frozen { // Already frozen, and should stay frozen. needsFreeze = false needsThaw = false } - if r.Freezer == configs.Frozen { + if r.Freezer == cgroups.Frozen { // Will be frozen anyway -- no need to thaw. needsThaw = false } diff --git a/libcontainer/cgroups/systemd/freeze_test.go b/libcontainer/cgroups/systemd/freeze_test.go index ed71603ca70..8ecf5e6e649 100644 --- a/libcontainer/cgroups/systemd/freeze_test.go +++ b/libcontainer/cgroups/systemd/freeze_test.go @@ -9,7 +9,6 @@ import ( "testing" "github.com/opencontainers/runc/libcontainer/cgroups" - "github.com/opencontainers/runc/libcontainer/configs" "golang.org/x/sys/unix" ) @@ -19,7 +18,7 @@ func TestFreezeBeforeSet(t *testing.T) { testCases := []struct { desc string // Test input. - cg *configs.Cgroup + cg *cgroups.Cgroup preFreeze bool // Expected values. // Before unit creation (Apply). @@ -30,10 +29,10 @@ func TestFreezeBeforeSet(t *testing.T) { { // A slice with SkipDevices. desc: "slice,skip-devices", - cg: &configs.Cgroup{ + cg: &cgroups.Cgroup{ Name: "system-runc_test_freeze_1.slice", Parent: "system.slice", - Resources: &configs.Resources{ + Resources: &cgroups.Resources{ SkipDevices: true, }, }, @@ -48,11 +47,11 @@ func TestFreezeBeforeSet(t *testing.T) { // (as container can't have SkipDevices == true), but possible // for a standalone cgroup manager. desc: "scope,skip-devices", - cg: &configs.Cgroup{ + cg: &cgroups.Cgroup{ ScopePrefix: "test", Name: "testFreeze2", Parent: "system.slice", - Resources: &configs.Resources{ + Resources: &cgroups.Resources{ SkipDevices: true, }, }, @@ -65,11 +64,11 @@ func TestFreezeBeforeSet(t *testing.T) { { // A slice that is about to be frozen in Set. desc: "slice,will-freeze", - cg: &configs.Cgroup{ + cg: &cgroups.Cgroup{ Name: "system-runc_test_freeze_3.slice", Parent: "system.slice", - Resources: &configs.Resources{ - Freezer: configs.Frozen, + Resources: &cgroups.Resources{ + Freezer: cgroups.Frozen, }, }, // Expected. @@ -81,11 +80,11 @@ func TestFreezeBeforeSet(t *testing.T) { { // A pre-frozen slice that should stay frozen. desc: "slice,pre-frozen,will-freeze", - cg: &configs.Cgroup{ + cg: &cgroups.Cgroup{ Name: "system-runc_test_freeze_4.slice", Parent: "system.slice", - Resources: &configs.Resources{ - Freezer: configs.Frozen, + Resources: &cgroups.Resources{ + Freezer: cgroups.Frozen, }, }, preFreeze: true, @@ -98,11 +97,11 @@ func TestFreezeBeforeSet(t *testing.T) { { // A pre-frozen scope with skip devices set. desc: "scope,pre-frozen,skip-devices", - cg: &configs.Cgroup{ + cg: &cgroups.Cgroup{ ScopePrefix: "test", Name: "testFreeze5", Parent: "system.slice", - Resources: &configs.Resources{ + Resources: &cgroups.Resources{ SkipDevices: true, }, }, @@ -116,11 +115,11 @@ func TestFreezeBeforeSet(t *testing.T) { { // A pre-frozen scope which will be thawed. desc: "scope,pre-frozen", - cg: &configs.Cgroup{ + cg: &cgroups.Cgroup{ ScopePrefix: "test", Name: "testFreeze6", Parent: "system.slice", - Resources: &configs.Resources{}, + Resources: &cgroups.Resources{}, }, preFreeze: true, // Expected. @@ -170,7 +169,7 @@ func TestFreezeBeforeSet(t *testing.T) { t.Fatal(err) } if tc.preFreeze { - if err := m.Freeze(configs.Frozen); err != nil { + if err := m.Freeze(cgroups.Frozen); err != nil { t.Error(err) return // no more checks } @@ -186,7 +185,7 @@ func TestFreezeBeforeSet(t *testing.T) { } // Destroy() timeouts on a frozen container, so we need to thaw it. if tc.preFreeze { - if err := m.Freeze(configs.Thawed); err != nil { + if err := m.Freeze(cgroups.Thawed); err != nil { t.Error(err) } } @@ -227,12 +226,12 @@ func TestFreezePodCgroup(t *testing.T) { t.Skip("Test requires root.") } - podConfig := &configs.Cgroup{ + podConfig := &cgroups.Cgroup{ Parent: "system.slice", Name: "system-runc_test_pod.slice", - Resources: &configs.Resources{ + Resources: &cgroups.Resources{ SkipDevices: true, - Freezer: configs.Frozen, + Freezer: cgroups.Frozen, }, } // Create a "pod" cgroup (a systemd slice to hold containers), @@ -251,17 +250,17 @@ func TestFreezePodCgroup(t *testing.T) { if err != nil { t.Fatal(err) } - if pf != configs.Frozen { + if pf != cgroups.Frozen { t.Fatalf("expected pod to be frozen, got %v", pf) } // Create a "container" within the "pod" cgroup. // This is not a real container, just a process in the cgroup. - containerConfig := &configs.Cgroup{ + containerConfig := &cgroups.Cgroup{ Parent: "system-runc_test_pod.slice", ScopePrefix: "test", Name: "inner-container", - Resources: &configs.Resources{}, + Resources: &cgroups.Resources{}, } cmd := exec.Command("bash", "-c", "while read; do echo $REPLY; done") @@ -322,12 +321,12 @@ func TestFreezePodCgroup(t *testing.T) { if err != nil { t.Fatal(err) } - if cf != configs.Thawed { + if cf != cgroups.Thawed { t.Fatalf("expected container to be thawed, got %v", cf) } // Unfreeze the pod. - if err := pm.Freeze(configs.Thawed); err != nil { + if err := pm.Freeze(cgroups.Thawed); err != nil { t.Fatal(err) } @@ -335,7 +334,7 @@ func TestFreezePodCgroup(t *testing.T) { if err != nil { t.Fatal(err) } - if cf != configs.Thawed { + if cf != cgroups.Thawed { t.Fatalf("expected container to be thawed, got %v", cf) } diff --git a/libcontainer/cgroups/systemd/systemd_test.go b/libcontainer/cgroups/systemd/systemd_test.go index 8e333a00649..9980e780df3 100644 --- a/libcontainer/cgroups/systemd/systemd_test.go +++ b/libcontainer/cgroups/systemd/systemd_test.go @@ -7,10 +7,9 @@ import ( systemdDbus "github.com/coreos/go-systemd/v22/dbus" "github.com/opencontainers/runc/libcontainer/cgroups" - "github.com/opencontainers/runc/libcontainer/configs" ) -func newManager(t *testing.T, config *configs.Cgroup) (m cgroups.Manager) { +func newManager(t *testing.T, config *cgroups.Cgroup) (m cgroups.Manager) { t.Helper() var err error @@ -82,10 +81,10 @@ func TestUnitExistsIgnored(t *testing.T) { t.Skip("Test requires root.") } - podConfig := &configs.Cgroup{ + podConfig := &cgroups.Cgroup{ Parent: "system.slice", Name: "system-runc_test_exists.slice", - Resources: &configs.Resources{}, + Resources: &cgroups.Resources{}, } // Create "pods" cgroup (a systemd slice to hold containers). pm := newManager(t, podConfig) diff --git a/libcontainer/cgroups/systemd/v1.go b/libcontainer/cgroups/systemd/v1.go index 8c64a5887a9..cee76eb35cf 100644 --- a/libcontainer/cgroups/systemd/v1.go +++ b/libcontainer/cgroups/systemd/v1.go @@ -12,17 +12,16 @@ import ( "github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/cgroups/fs" - "github.com/opencontainers/runc/libcontainer/configs" ) type LegacyManager struct { mu sync.Mutex - cgroups *configs.Cgroup + cgroups *cgroups.Cgroup paths map[string]string dbus *dbusConnManager } -func NewLegacyManager(cg *configs.Cgroup, paths map[string]string) (*LegacyManager, error) { +func NewLegacyManager(cg *cgroups.Cgroup, paths map[string]string) (*LegacyManager, error) { if cg.Rootless { return nil, errors.New("cannot use rootless systemd cgroups manager on cgroup v1") } @@ -49,7 +48,7 @@ type subsystem interface { // GetStats returns the stats, as 'stats', corresponding to the cgroup under 'path'. GetStats(path string, stats *cgroups.Stats) error // Set sets cgroup resource limits. - Set(path string, r *configs.Resources) error + Set(path string, r *cgroups.Resources) error } var errSubsystemDoesNotExist = errors.New("cgroup: subsystem does not exist") @@ -72,7 +71,7 @@ var legacySubsystems = []subsystem{ &fs.NameGroup{GroupName: "misc"}, } -func genV1ResourcesProperties(r *configs.Resources, cm *dbusConnManager) ([]systemdDbus.Property, error) { +func genV1ResourcesProperties(r *cgroups.Resources, cm *dbusConnManager) ([]systemdDbus.Property, error) { var properties []systemdDbus.Property deviceProperties, err := generateDeviceProperties(r, cm) @@ -112,7 +111,7 @@ func genV1ResourcesProperties(r *configs.Resources, cm *dbusConnManager) ([]syst } // initPaths figures out and returns paths to cgroups. -func initPaths(c *configs.Cgroup) (map[string]string, error) { +func initPaths(c *cgroups.Cgroup) (map[string]string, error) { slice := "system.slice" if c.Parent != "" { var err error @@ -275,7 +274,7 @@ func getSubsystemPath(slice, unit, subsystem string) (string, error) { return filepath.Join(mountpoint, slice, unit), nil } -func (m *LegacyManager) Freeze(state configs.FreezerState) error { +func (m *LegacyManager) Freeze(state cgroups.FreezerState) error { err := m.doFreeze(state) if err == nil { m.cgroups.Resources.Freezer = state @@ -285,13 +284,13 @@ func (m *LegacyManager) Freeze(state configs.FreezerState) error { // doFreeze is the same as Freeze but without // changing the m.cgroups.Resources.Frozen field. -func (m *LegacyManager) doFreeze(state configs.FreezerState) error { +func (m *LegacyManager) doFreeze(state cgroups.FreezerState) error { path, ok := m.paths["freezer"] if !ok { return errSubsystemDoesNotExist } freezer := &fs.FreezerGroup{} - resources := &configs.Resources{Freezer: state} + resources := &cgroups.Resources{Freezer: state} return freezer.Set(path, resources) } @@ -328,7 +327,7 @@ func (m *LegacyManager) GetStats() (*cgroups.Stats, error) { return stats, nil } -func (m *LegacyManager) Set(r *configs.Resources) error { +func (m *LegacyManager) Set(r *cgroups.Resources) error { if r == nil { return nil } @@ -347,13 +346,13 @@ func (m *LegacyManager) Set(r *configs.Resources) error { } if needsFreeze { - if err := m.doFreeze(configs.Frozen); err != nil { + if err := m.doFreeze(cgroups.Frozen); err != nil { // If freezer cgroup isn't supported, we just warn about it. logrus.Infof("freeze container before SetUnitProperties failed: %v", err) // skip update the cgroup while frozen failed. #3803 if !errors.Is(err, errSubsystemDoesNotExist) { if needsThaw { - if thawErr := m.doFreeze(configs.Thawed); thawErr != nil { + if thawErr := m.doFreeze(cgroups.Thawed); thawErr != nil { logrus.Infof("thaw container after doFreeze failed: %v", thawErr) } } @@ -363,7 +362,7 @@ func (m *LegacyManager) Set(r *configs.Resources) error { } setErr := setUnitProperties(m.dbus, unitName, properties...) if needsThaw { - if err := m.doFreeze(configs.Thawed); err != nil { + if err := m.doFreeze(cgroups.Thawed); err != nil { logrus.Infof("thaw container after SetUnitProperties failed: %v", err) } } @@ -391,14 +390,14 @@ func (m *LegacyManager) GetPaths() map[string]string { return m.paths } -func (m *LegacyManager) GetCgroups() (*configs.Cgroup, error) { +func (m *LegacyManager) GetCgroups() (*cgroups.Cgroup, error) { return m.cgroups, nil } -func (m *LegacyManager) GetFreezerState() (configs.FreezerState, error) { +func (m *LegacyManager) GetFreezerState() (cgroups.FreezerState, error) { path, ok := m.paths["freezer"] if !ok { - return configs.Undefined, nil + return cgroups.Undefined, nil } freezer := &fs.FreezerGroup{} return freezer.GetState(path) diff --git a/libcontainer/cgroups/systemd/v2.go b/libcontainer/cgroups/systemd/v2.go index b28ec6b22f2..7b16f528b9c 100644 --- a/libcontainer/cgroups/systemd/v2.go +++ b/libcontainer/cgroups/systemd/v2.go @@ -17,7 +17,6 @@ import ( "github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/cgroups/fs2" - "github.com/opencontainers/runc/libcontainer/configs" ) const ( @@ -26,14 +25,14 @@ const ( type UnifiedManager struct { mu sync.Mutex - cgroups *configs.Cgroup + cgroups *cgroups.Cgroup // path is like "/sys/fs/cgroup/user.slice/user-1001.slice/session-1.scope" path string dbus *dbusConnManager fsMgr cgroups.Manager } -func NewUnifiedManager(config *configs.Cgroup, path string) (*UnifiedManager, error) { +func NewUnifiedManager(config *cgroups.Cgroup, path string) (*UnifiedManager, error) { m := &UnifiedManager{ cgroups: config, path: path, @@ -199,7 +198,7 @@ func unifiedResToSystemdProps(cm *dbusConnManager, res map[string]string) (props return props, nil } -func genV2ResourcesProperties(dirPath string, r *configs.Resources, cm *dbusConnManager) ([]systemdDbus.Property, error) { +func genV2ResourcesProperties(dirPath string, r *cgroups.Resources, cm *dbusConnManager) ([]systemdDbus.Property, error) { // We need this check before setting systemd properties, otherwise // the container is OOM-killed and the systemd unit is removed // before we get to fsMgr.Set(). @@ -461,7 +460,7 @@ func (m *UnifiedManager) initPath() error { return nil } -func (m *UnifiedManager) Freeze(state configs.FreezerState) error { +func (m *UnifiedManager) Freeze(state cgroups.FreezerState) error { return m.fsMgr.Freeze(state) } @@ -477,7 +476,7 @@ func (m *UnifiedManager) GetStats() (*cgroups.Stats, error) { return m.fsMgr.GetStats() } -func (m *UnifiedManager) Set(r *configs.Resources) error { +func (m *UnifiedManager) Set(r *cgroups.Resources) error { if r == nil { return nil } @@ -499,11 +498,11 @@ func (m *UnifiedManager) GetPaths() map[string]string { return paths } -func (m *UnifiedManager) GetCgroups() (*configs.Cgroup, error) { +func (m *UnifiedManager) GetCgroups() (*cgroups.Cgroup, error) { return m.cgroups, nil } -func (m *UnifiedManager) GetFreezerState() (configs.FreezerState, error) { +func (m *UnifiedManager) GetFreezerState() (cgroups.FreezerState, error) { return m.fsMgr.GetFreezerState() } From a56f85f87b9f7912d96277d639f02e7ad6cfae35 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 23 Oct 2024 16:47:01 -0700 Subject: [PATCH 0746/1176] libct/*: switch from configs to cgroups Signed-off-by: Kir Kolyshkin --- libcontainer/container_linux.go | 8 ++++---- libcontainer/container_linux_test.go | 14 ++++++------- libcontainer/factory_linux.go | 3 ++- libcontainer/factory_linux_test.go | 5 +++-- libcontainer/init_linux.go | 6 +++--- libcontainer/integration/exec_test.go | 4 ++-- libcontainer/integration/template_test.go | 5 +++-- libcontainer/specconv/spec_linux.go | 24 +++++++++++------------ libcontainer/state_linux.go | 3 ++- 9 files changed, 38 insertions(+), 34 deletions(-) diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index c02116177ad..d2d740665ac 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -417,7 +417,7 @@ func (c *Container) signal(s os.Signal) error { // does nothing until it's thawed. Only thaw the cgroup // for SIGKILL. if paused, _ := c.isPaused(); paused { - _ = c.cgroupManager.Freeze(configs.Thawed) + _ = c.cgroupManager.Freeze(cgroups.Thawed) } } return nil @@ -742,7 +742,7 @@ func (c *Container) Pause() error { } switch status { case Running, Created: - if err := c.cgroupManager.Freeze(configs.Frozen); err != nil { + if err := c.cgroupManager.Freeze(cgroups.Frozen); err != nil { return err } return c.state.transition(&pausedState{ @@ -766,7 +766,7 @@ func (c *Container) Resume() error { if status != Paused { return ErrNotPaused } - if err := c.cgroupManager.Freeze(configs.Thawed); err != nil { + if err := c.cgroupManager.Freeze(cgroups.Thawed); err != nil { return err } return c.state.transition(&runningState{ @@ -886,7 +886,7 @@ func (c *Container) isPaused() (bool, error) { if err != nil { return false, err } - return state == configs.Frozen, nil + return state == cgroups.Frozen, nil } func (c *Container) currentState() *State { diff --git a/libcontainer/container_linux_test.go b/libcontainer/container_linux_test.go index 99908376562..8d9920925a8 100644 --- a/libcontainer/container_linux_test.go +++ b/libcontainer/container_linux_test.go @@ -32,7 +32,7 @@ func (m *mockCgroupManager) Apply(pid int) error { return nil } -func (m *mockCgroupManager) Set(_ *configs.Resources) error { +func (m *mockCgroupManager) Set(_ *cgroups.Resources) error { return nil } @@ -57,16 +57,16 @@ func (m *mockCgroupManager) Path(subsys string) string { return m.paths[subsys] } -func (m *mockCgroupManager) Freeze(state configs.FreezerState) error { +func (m *mockCgroupManager) Freeze(_ cgroups.FreezerState) error { return nil } -func (m *mockCgroupManager) GetCgroups() (*configs.Cgroup, error) { +func (m *mockCgroupManager) GetCgroups() (*cgroups.Cgroup, error) { return nil, nil } -func (m *mockCgroupManager) GetFreezerState() (configs.FreezerState, error) { - return configs.Thawed, nil +func (m *mockCgroupManager) GetFreezerState() (cgroups.FreezerState, error) { + return cgroups.Thawed, nil } type mockProcess struct { @@ -243,8 +243,8 @@ func TestGetContainerStateAfterUpdate(t *testing.T) { {Type: configs.NEWUTS}, {Type: configs.NEWIPC}, }, - Cgroups: &configs.Cgroup{ - Resources: &configs.Resources{ + Cgroups: &cgroups.Cgroup{ + Resources: &cgroups.Resources{ Memory: 1024, }, }, diff --git a/libcontainer/factory_linux.go b/libcontainer/factory_linux.go index b13f8bf9bb3..114cbf20e84 100644 --- a/libcontainer/factory_linux.go +++ b/libcontainer/factory_linux.go @@ -9,6 +9,7 @@ import ( securejoin "github.com/cyphar/filepath-securejoin" "golang.org/x/sys/unix" + "github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/cgroups/manager" "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/configs/validate" @@ -82,7 +83,7 @@ func Create(root, id string, config *configs.Config) (*Container, error) { if err != nil { return nil, fmt.Errorf("unable to get cgroup freezer state: %w", err) } - if st == configs.Frozen { + if st == cgroups.Frozen { return nil, errors.New("container's cgroup unexpectedly frozen") } diff --git a/libcontainer/factory_linux_test.go b/libcontainer/factory_linux_test.go index 889ae0340dd..dec21afb212 100644 --- a/libcontainer/factory_linux_test.go +++ b/libcontainer/factory_linux_test.go @@ -7,6 +7,7 @@ import ( "reflect" "testing" + "github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/utils" "github.com/opencontainers/runtime-spec/specs-go" @@ -43,8 +44,8 @@ func TestFactoryLoadContainer(t *testing.T) { expectedConfig = &configs.Config{ Rootfs: "/mycontainer/root", Hooks: expectedHooks, - Cgroups: &configs.Cgroup{ - Resources: &configs.Resources{}, + Cgroups: &cgroups.Cgroup{ + Resources: &cgroups.Resources{}, }, } expectedState = &State{ diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go index 1eb0279d9e0..d23153e9b3d 100644 --- a/libcontainer/init_linux.go +++ b/libcontainer/init_linux.go @@ -696,12 +696,12 @@ func signalAllProcesses(m cgroups.Manager, s unix.Signal) error { } } - if err := m.Freeze(configs.Frozen); err != nil { + if err := m.Freeze(cgroups.Frozen); err != nil { logrus.Warn(err) } pids, err := m.GetAllPids() if err != nil { - if err := m.Freeze(configs.Thawed); err != nil { + if err := m.Freeze(cgroups.Thawed); err != nil { logrus.Warn(err) } return err @@ -712,7 +712,7 @@ func signalAllProcesses(m cgroups.Manager, s unix.Signal) error { logrus.Warnf("kill %d: %v", pid, err) } } - if err := m.Freeze(configs.Thawed); err != nil { + if err := m.Freeze(cgroups.Thawed); err != nil { logrus.Warn(err) } diff --git a/libcontainer/integration/exec_test.go b/libcontainer/integration/exec_test.go index e8a2dc53c80..e3d26468dde 100644 --- a/libcontainer/integration/exec_test.go +++ b/libcontainer/integration/exec_test.go @@ -472,7 +472,7 @@ func testFreeze(t *testing.T, withSystemd bool, useSet bool) { if !useSet { err = container.Pause() } else { - config.Cgroups.Resources.Freezer = configs.Frozen + config.Cgroups.Resources.Freezer = cgroups.Frozen err = container.Set(*config) } ok(t, err) @@ -486,7 +486,7 @@ func testFreeze(t *testing.T, withSystemd bool, useSet bool) { if !useSet { err = container.Resume() } else { - config.Cgroups.Resources.Freezer = configs.Thawed + config.Cgroups.Resources.Freezer = cgroups.Thawed err = container.Set(*config) } ok(t, err) diff --git a/libcontainer/integration/template_test.go b/libcontainer/integration/template_test.go index 38024c571d3..9c5e18c6923 100644 --- a/libcontainer/integration/template_test.go +++ b/libcontainer/integration/template_test.go @@ -6,6 +6,7 @@ import ( "testing" "time" + "github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/devices" "github.com/opencontainers/runc/libcontainer/specconv" @@ -99,9 +100,9 @@ func newTemplateConfig(t testing.TB, p *tParam) *configs.Config { {Type: configs.NEWPID}, {Type: configs.NEWNET}, }), - Cgroups: &configs.Cgroup{ + Cgroups: &cgroups.Cgroup{ Systemd: p.systemd, - Resources: &configs.Resources{ + Resources: &cgroups.Resources{ MemorySwappiness: nil, Devices: allowedDevices, }, diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go index e7c6faae347..e44e04c50cb 100644 --- a/libcontainer/specconv/spec_linux.go +++ b/libcontainer/specconv/spec_linux.go @@ -697,7 +697,7 @@ func initSystemdProps(spec *specs.Spec) ([]systemdDbus.Property, error) { return sp, nil } -func CreateCgroupConfig(opts *CreateOpts, defaultDevs []*devices.Device) (*configs.Cgroup, error) { +func CreateCgroupConfig(opts *CreateOpts, defaultDevs []*devices.Device) (*cgroups.Cgroup, error) { var ( myCgroupPath string @@ -706,10 +706,10 @@ func CreateCgroupConfig(opts *CreateOpts, defaultDevs []*devices.Device) (*confi name = opts.CgroupName ) - c := &configs.Cgroup{ + c := &cgroups.Cgroup{ Systemd: useSystemdCgroup, Rootless: opts.RootlessCgroups, - Resources: &configs.Resources{}, + Resources: &cgroups.Resources{}, } if useSystemdCgroup { @@ -853,40 +853,40 @@ func CreateCgroupConfig(opts *CreateOpts, defaultDevs []*devices.Device) (*confi if wd.LeafWeight != nil { leafWeight = *wd.LeafWeight } - weightDevice := configs.NewWeightDevice(wd.Major, wd.Minor, weight, leafWeight) + weightDevice := cgroups.NewWeightDevice(wd.Major, wd.Minor, weight, leafWeight) c.Resources.BlkioWeightDevice = append(c.Resources.BlkioWeightDevice, weightDevice) } for _, td := range r.BlockIO.ThrottleReadBpsDevice { rate := td.Rate - throttleDevice := configs.NewThrottleDevice(td.Major, td.Minor, rate) + throttleDevice := cgroups.NewThrottleDevice(td.Major, td.Minor, rate) c.Resources.BlkioThrottleReadBpsDevice = append(c.Resources.BlkioThrottleReadBpsDevice, throttleDevice) } for _, td := range r.BlockIO.ThrottleWriteBpsDevice { rate := td.Rate - throttleDevice := configs.NewThrottleDevice(td.Major, td.Minor, rate) + throttleDevice := cgroups.NewThrottleDevice(td.Major, td.Minor, rate) c.Resources.BlkioThrottleWriteBpsDevice = append(c.Resources.BlkioThrottleWriteBpsDevice, throttleDevice) } for _, td := range r.BlockIO.ThrottleReadIOPSDevice { rate := td.Rate - throttleDevice := configs.NewThrottleDevice(td.Major, td.Minor, rate) + throttleDevice := cgroups.NewThrottleDevice(td.Major, td.Minor, rate) c.Resources.BlkioThrottleReadIOPSDevice = append(c.Resources.BlkioThrottleReadIOPSDevice, throttleDevice) } for _, td := range r.BlockIO.ThrottleWriteIOPSDevice { rate := td.Rate - throttleDevice := configs.NewThrottleDevice(td.Major, td.Minor, rate) + throttleDevice := cgroups.NewThrottleDevice(td.Major, td.Minor, rate) c.Resources.BlkioThrottleWriteIOPSDevice = append(c.Resources.BlkioThrottleWriteIOPSDevice, throttleDevice) } } for _, l := range r.HugepageLimits { - c.Resources.HugetlbLimit = append(c.Resources.HugetlbLimit, &configs.HugepageLimit{ + c.Resources.HugetlbLimit = append(c.Resources.HugetlbLimit, &cgroups.HugepageLimit{ Pagesize: l.Pagesize, Limit: l.Limit, }) } if len(r.Rdma) > 0 { - c.Resources.Rdma = make(map[string]configs.LinuxRdma, len(r.Rdma)) + c.Resources.Rdma = make(map[string]cgroups.LinuxRdma, len(r.Rdma)) for k, v := range r.Rdma { - c.Resources.Rdma[k] = configs.LinuxRdma{ + c.Resources.Rdma[k] = cgroups.LinuxRdma{ HcaHandles: v.HcaHandles, HcaObjects: v.HcaObjects, } @@ -897,7 +897,7 @@ func CreateCgroupConfig(opts *CreateOpts, defaultDevs []*devices.Device) (*confi c.Resources.NetClsClassid = *r.Network.ClassID } for _, m := range r.Network.Priorities { - c.Resources.NetPrioIfpriomap = append(c.Resources.NetPrioIfpriomap, &configs.IfPrioMap{ + c.Resources.NetPrioIfpriomap = append(c.Resources.NetPrioIfpriomap, &cgroups.IfPrioMap{ Interface: m.Name, Priority: int64(m.Priority), }) diff --git a/libcontainer/state_linux.go b/libcontainer/state_linux.go index ad96f0801ea..64f43e8fbae 100644 --- a/libcontainer/state_linux.go +++ b/libcontainer/state_linux.go @@ -5,6 +5,7 @@ import ( "os" "path/filepath" + "github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runtime-spec/specs-go" "golang.org/x/sys/unix" @@ -185,7 +186,7 @@ func (p *pausedState) destroy() error { if p.c.hasInit() { return ErrPaused } - if err := p.c.cgroupManager.Freeze(configs.Thawed); err != nil { + if err := p.c.cgroupManager.Freeze(cgroups.Thawed); err != nil { return err } return destroy(p.c) From 5a838ccbe01d0bc736d0e205836f6dc1f6a25985 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 23 Oct 2024 16:46:37 -0700 Subject: [PATCH 0747/1176] tests/cmd/sd-helper: switch from configs to cgroups Signed-off-by: Kir Kolyshkin --- tests/cmd/sd-helper/helper.go | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/tests/cmd/sd-helper/helper.go b/tests/cmd/sd-helper/helper.go index 49b77d004fb..be7de3e5802 100644 --- a/tests/cmd/sd-helper/helper.go +++ b/tests/cmd/sd-helper/helper.go @@ -9,7 +9,6 @@ import ( "github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/cgroups/systemd" - "github.com/opencontainers/runc/libcontainer/configs" ) func usage() { @@ -57,7 +56,7 @@ func main() { } } -func newManager(config *configs.Cgroup) (cgroups.Manager, error) { +func newManager(config *cgroups.Cgroup) (cgroups.Manager, error) { if cgroups.IsCgroup2UnifiedMode() { return systemd.NewUnifiedManager(config, "") } @@ -65,10 +64,10 @@ func newManager(config *configs.Cgroup) (cgroups.Manager, error) { } func unitCommand(cmd, name, parent string) error { - podConfig := &configs.Cgroup{ + podConfig := &cgroups.Cgroup{ Name: name, Parent: parent, - Resources: &configs.Resources{}, + Resources: &cgroups.Resources{}, } pm, err := newManager(podConfig) if err != nil { From b15fcc1be64b7620740214c09c1b9115e446b3e2 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 12 Dec 2024 14:42:39 -0800 Subject: [PATCH 0748/1176] keyring: update @kolyshkin key expiry Signed-off-by: Kir Kolyshkin --- runc.keyring | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/runc.keyring b/runc.keyring index 3fb6d283636..4219f48265a 100644 --- a/runc.keyring +++ b/runc.keyring @@ -122,10 +122,10 @@ lxxclgJYU604APsFzpoLD0oUlfMn5Fh75ftkKPrwiHpTj4rRU6oIQu1/Bg== =Ab7w -----END PGP PUBLIC KEY BLOCK----- -pub rsa2048 2020-04-28 [SC] [expires: 2025-04-18] +pub rsa2048 2020-04-28 [SC] [expires: 2028-04-18] C2428CD75720FACDCF76B6EA17DE5ECB75A1100E uid [ultimate] Kir Kolyshkin -sub rsa2048 2020-04-28 [E] [expires: 2025-04-18] +sub rsa2048 2020-04-28 [E] [expires: 2028-04-18] -----BEGIN PGP PUBLIC KEY BLOCK----- Comment: github=kolyshkin @@ -137,26 +137,26 @@ ppTSiCl8/x/gKoXiJ+7MyvOZozUavkVHdim1NKCzwD014VOB8RXz+heUjS+HDXY9 SbTL4jCsN/x0bq+ZNp4lunihVY5WqX+BGLcx7xPnJ0Rp9Ju1mAhKrbKUmOG3rkWu DIJuVP8HQfCoffsBLUKQ0V4fh18kfq1bo3JvABEBAAG0I0tpciBLb2x5c2hraW4g PGtvbHlzaGtpbkBnbWFpbC5jb20+iQFUBBMBCAA+AhsDBQsJCAcCBhUKCQgLAgQW -AgMBAh4BAheAFiEEwkKM11cg+s3PdrbqF95ey3WhEA4FAmRAbOgFCQlaGGoACgkQ -F95ey3WhEA6dRQf+P+OHI3QiZu3TnrNBTsf+V8HhFBWKqafrjKbIE1A5HOHzcK2F -t2afYG+MZQILwSuCQOObgr3o7hGlqkwMwGtHt5nqG6/Z0bmkowG4JJmYIg9FhvQW -JEm/7lSBtxvFkw05H90UlzCM7AigD+PrLs96Zb0+FqdzEDWTMJeU7yYUFRNbXEu3 -wqpOZpHlYCJGKzFJBbGxYphlmljexRlWdZPwACKg7lBsVkM8JDPGxmmEe7/5tXPt -Oa1yS13SleLv4muHH3KO3cgJGqBfY/XIExZUQUF0GdL0yppBDbn0oZ/wvRuibCR0 -1P7rW88csSjAjhNjja4v/zWleSIpyWVi8IvYLLkBDQReqLt+AQgAtKUDLyUFxQ9k +AgMBAh4BAheAFiEEwkKM11cg+s3PdrbqF95ey3WhEA4FAmdcs+gFCQ7+0bIACgkQ +F95ey3WhEA6rRwf8CxnbLB/uqPZfmmiTzTk7luWaIo6YxtnNz3bn2rTByEo+rBgO +gbgtKaV4REYeKhtbdstkMTX3zr+zlqwuqaPaag/Cz20HLkD04bI+JCPoRH/dPadd +3nOdbdRfdWZeDDSFKjVunVpXlLxwvZ1WaaYKCfF06U3F7/z7MTAuKHrHTG9SrNPJ +UPJTy63dNnuiPpVNNtOyftLGEGgD1JH2tcosVEwEpAlXpIpJy4Lad9ajaRVoYNtT +qZr26sRFYNOQqWgl25QM8LyLFyYry9HfEXkbilW0OpkAkUvv0yAe97UPZ0beP8D+ +d5rMbZps6Ph1TtosdE/Gx8xWs7ALNDmXyCI/F7kBDQReqLt+AQgAtKUDLyUFxQ9k p8OwI/MsPTLLoYfjilJaXnmtzQjGYFrEuU3lt7omRUBldNChkjGghEukGTq0RD7Z s6Qv5PM5dtOypPJM0lmz2j7seun3AfDV44h/bjOFwTUjab3Nr9fQ52qESmRS03ik 6+5YNwq2D/+2kHVJ2vkUoo6KvioA1vPU311oW/Yfky8dLS5NguikE3to6YElWW38 oqFUVdMScCbf9a6CPXSQEz/rH4TgAhwyTo6oegv+8L/szGFy5ToNGiA0D45HcFDc yXs1d+b3bYRuGfC1l/z+WZWwbeHt1fKEQ8pCLDLRre5y0hPRHeN2CG4U7iyI5B5h 8LITPcZ66wARAQABiQE8BBgBCAAmAhsMFiEEwkKM11cg+s3PdrbqF95ey3WhEA4F -AmRAbRQFCQlaGJYACgkQF95ey3WhEA7vywf9FFTeRgNji8ZIPMM2vIlns+CMkP5R -uXakU6Q0O6Wmbb/ULOkobTqJ/Jcze8OuembuU3V6MiOQKgUIDrN7itjnJPQBneKT -iqJdPK8KOiGIzqa0aRekvOu2nCz9n87Bf48pviH922yfs8gXYRCUnSV/i7/p+N8r -5Fy7dJen5SXksN2/rUCEgU9FD17l2uMAoQbRqZg74/GwSDLnhrZ9eMrbPnguSQF4 -S1NPMeS7+G/gPN9Ze9qFmOF2p57cmEa+8mriZCYY3BcUBOiMOV5HSBKJwqA2M8au -2dAKmFWb/G+K/dgBdkAulQ/BfCpwgFmmgJ5dAeaS3y8Xd86aBE0/eLCrhQ== -=GkpD +AmdctAIFCQ7+0bIACgkQF95ey3WhEA7PDggAlZxK7mCYThh7Z75mWftIaT3ms5jR +cuQcCQYy2Z7qCaNxJtRklhsaAwpO0NQdNdQEfVXlNYLXRuFDq+hemhZKMu4lzQbZ +3atm5swWcB8+9q+aCMP5nppwUXxCxHdhp4VxIYEv+wNjTF/6Fxu66fYPQPDKVacS +H9NLjHsVoDFSi9rvtAy/Bs2aVn0hZkwpxzHJNVPnNcMAEnYXfM+kXu3761J61FAr +o8zT9XXXnUYRuxHRAsrpa3atQj7jDHvFlcc3VfPmUFPs0aLRy19/44xRE1FZOSur +f7jJ1HOKSJA9zx0xWaURRTRkMTIVuMnQKZofxC96GavBDVTtZlgLzeWVnQ== +=eHgH -----END PGP PUBLIC KEY BLOCK----- pub rsa3072 2019-07-25 [SC] [expires: 2025-07-27] From 394f4c3b7012674ebe0232c560713e57cbd653e6 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Sun, 15 Dec 2024 17:45:50 -0800 Subject: [PATCH 0749/1176] Re-add tun/tap to default device rules Since v1.2.0 was released, a number of users complained that the removal of tun/tap device access from the default device ruleset is causing a regression in their workloads. Additionally, it seems that some upper-level orchestration tools (Docker Swarm, Kubernetes) makes it either impossible or cumbersome to supply additional device rules. While it's probably not quite right to have /dev/net/tun in a default device list, it was there from the very beginning, and users rely on it. Let's keep it there for the sake of backward compatibility. This reverts commit 2ce40b6ad72b4bd4391380cafc5ef1bad1fa0b31. Signed-off-by: Kir Kolyshkin --- .../cgroups/devices/devicefilter_test.go | 19 +++++++++++++------ libcontainer/specconv/spec_linux.go | 17 +++++++++++++++++ 2 files changed, 30 insertions(+), 6 deletions(-) diff --git a/libcontainer/cgroups/devices/devicefilter_test.go b/libcontainer/cgroups/devices/devicefilter_test.go index 3a415a71eed..23ad92ea06e 100644 --- a/libcontainer/cgroups/devices/devicefilter_test.go +++ b/libcontainer/cgroups/devices/devicefilter_test.go @@ -120,14 +120,21 @@ block-8: 51: MovImm32 dst: r0 imm: 1 52: Exit block-9: -// /dev/pts (c, 136, wildcard, rwm, true) +// tuntap (c, 10, 200, rwm, true) 53: JNEImm dst: r2 off: -1 imm: 2 - 54: JNEImm dst: r4 off: -1 imm: 136 - 55: MovImm32 dst: r0 imm: 1 - 56: Exit + 54: JNEImm dst: r4 off: -1 imm: 10 + 55: JNEImm dst: r5 off: -1 imm: 200 + 56: MovImm32 dst: r0 imm: 1 + 57: Exit block-10: - 57: MovImm32 dst: r0 imm: 0 - 58: Exit +// /dev/pts (c, 136, wildcard, rwm, true) + 58: JNEImm dst: r2 off: -1 imm: 2 + 59: JNEImm dst: r4 off: -1 imm: 136 + 60: MovImm32 dst: r0 imm: 1 + 61: Exit +block-11: + 62: MovImm32 dst: r0 imm: 0 + 63: Exit ` var devices []*devices.Rule for _, device := range specconv.AllowedDevices { diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go index e44e04c50cb..79a9a790049 100644 --- a/libcontainer/specconv/spec_linux.go +++ b/libcontainer/specconv/spec_linux.go @@ -315,6 +315,23 @@ var AllowedDevices = []*devices.Device{ Allow: true, }, }, + // The following entry for /dev/net/tun device was there from the + // very early days of Docker, but got removed in runc 1.2.0-rc1, + // causing a number of regressions for users (see + // https://github.com/opencontainers/runc/pull/3468). + // + // Some upper-level orcherstration tools makes it either impossible + // or cumbersome to supply additional device rules, so we have to + // keep this for the sake of backward compatibility. + { + Rule: devices.Rule{ + Type: devices.CharDevice, + Major: 10, + Minor: 200, + Permissions: "rwm", + Allow: true, + }, + }, } type CreateOpts struct { From 705382ac66913a364d1456363b3ca5c73dcdf08c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 17 Dec 2024 04:53:16 +0000 Subject: [PATCH 0750/1176] build(deps): bump google.golang.org/protobuf from 1.35.2 to 1.36.0 Bumps google.golang.org/protobuf from 1.35.2 to 1.36.0. --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 +- .../editiondefaults/editions_defaults.binpb | Bin 99 -> 138 bytes .../protobuf/internal/filedesc/desc.go | 3 + .../protobuf/internal/filedesc/editions.go | 4 + .../internal/genid/go_features_gen.go | 17 + .../protobuf/internal/genid/name.go | 12 + .../internal/impl/api_export_opaque.go | 128 ++++ .../protobuf/internal/impl/bitmap.go | 34 + .../protobuf/internal/impl/bitmap_race.go | 126 ++++ .../protobuf/internal/impl/checkinit.go | 33 + .../internal/impl/codec_field_opaque.go | 264 ++++++++ .../protobuf/internal/impl/codec_message.go | 13 + .../internal/impl/codec_message_opaque.go | 156 +++++ .../protobuf/internal/impl/decode.go | 56 +- .../protobuf/internal/impl/encode.go | 78 +++ .../protobuf/internal/impl/lazy.go | 433 ++++++++++++ .../protobuf/internal/impl/merge.go | 27 + .../protobuf/internal/impl/message.go | 12 + .../protobuf/internal/impl/message_opaque.go | 614 ++++++++++++++++++ .../internal/impl/message_opaque_gen.go | 132 ++++ .../protobuf/internal/impl/message_reflect.go | 9 +- .../internal/impl/message_reflect_field.go | 32 +- .../impl/message_reflect_field_gen.go | 273 ++++++++ .../protobuf/internal/impl/pointer_unsafe.go | 9 + .../internal/impl/pointer_unsafe_opaque.go | 42 ++ .../protobuf/internal/impl/presence.go | 142 ++++ .../protobuf/internal/impl/validate.go | 16 + .../internal/protolazy/bufferreader.go | 364 +++++++++++ .../protobuf/internal/protolazy/lazy.go | 359 ++++++++++ .../internal/protolazy/pointer_unsafe.go | 17 + .../protobuf/internal/version/version.go | 4 +- .../protobuf/proto/decode.go | 16 + .../protobuf/proto/encode.go | 3 +- .../google.golang.org/protobuf/proto/size.go | 8 + .../protobuf/proto/wrapperopaque.go | 80 +++ .../protobuf/reflect/protoreflect/value.go | 2 +- .../protobuf/runtime/protoiface/methods.go | 16 + .../protobuf/runtime/protoimpl/impl.go | 4 + vendor/modules.txt | 3 +- 40 files changed, 3515 insertions(+), 32 deletions(-) create mode 100644 vendor/google.golang.org/protobuf/internal/genid/name.go create mode 100644 vendor/google.golang.org/protobuf/internal/impl/api_export_opaque.go create mode 100644 vendor/google.golang.org/protobuf/internal/impl/bitmap.go create mode 100644 vendor/google.golang.org/protobuf/internal/impl/bitmap_race.go create mode 100644 vendor/google.golang.org/protobuf/internal/impl/codec_field_opaque.go create mode 100644 vendor/google.golang.org/protobuf/internal/impl/codec_message_opaque.go create mode 100644 vendor/google.golang.org/protobuf/internal/impl/lazy.go create mode 100644 vendor/google.golang.org/protobuf/internal/impl/message_opaque.go create mode 100644 vendor/google.golang.org/protobuf/internal/impl/message_opaque_gen.go create mode 100644 vendor/google.golang.org/protobuf/internal/impl/message_reflect_field_gen.go create mode 100644 vendor/google.golang.org/protobuf/internal/impl/pointer_unsafe_opaque.go create mode 100644 vendor/google.golang.org/protobuf/internal/impl/presence.go create mode 100644 vendor/google.golang.org/protobuf/internal/protolazy/bufferreader.go create mode 100644 vendor/google.golang.org/protobuf/internal/protolazy/lazy.go create mode 100644 vendor/google.golang.org/protobuf/internal/protolazy/pointer_unsafe.go create mode 100644 vendor/google.golang.org/protobuf/proto/wrapperopaque.go diff --git a/go.mod b/go.mod index 4aff1f52fdd..00402718593 100644 --- a/go.mod +++ b/go.mod @@ -28,7 +28,7 @@ require ( github.com/vishvananda/netlink v1.3.0 golang.org/x/net v0.32.0 golang.org/x/sys v0.28.0 - google.golang.org/protobuf v1.35.2 + google.golang.org/protobuf v1.36.0 ) require ( diff --git a/go.sum b/go.sum index d7797b3e269..4b698ab726b 100644 --- a/go.sum +++ b/go.sum @@ -97,8 +97,8 @@ golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.35.2 h1:8Ar7bF+apOIoThw1EdZl0p1oWvMqTHmpA2fRTyZO8io= -google.golang.org/protobuf v1.35.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= +google.golang.org/protobuf v1.36.0 h1:mjIs9gYtt56AzC4ZaffQuh88TZurBGhIJMBZGSxNerQ= +google.golang.org/protobuf v1.36.0/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/vendor/google.golang.org/protobuf/internal/editiondefaults/editions_defaults.binpb b/vendor/google.golang.org/protobuf/internal/editiondefaults/editions_defaults.binpb index 2c0693d7abbf532f021dafc96e7568f57214b8e7..5a57ef6f3c80a4a930b7bdb33b039ea94d1eb5f2 100644 GIT binary patch literal 138 zcmd;*muO*EV!mX@pe4$|D8MAaq`<7fXux#Ijt$6VkYMDJmv|0Wz$CyZ!KlClRKN&Q wzyMY7f?Y`%s2WL*1th1%ddZFnY{E-+C6MVz3P75fB^b3pHY+@1*LcYe04AXnGXMYp literal 99 zcmd;*m3YRk#C*w)K}(o}QGiK;Nr72|(SYfa9SaAe1S6NM#B;bblK@aefe9$h2$E(1 dOTS=O5(H{Ql40Ut&|548XQ diff --git a/vendor/google.golang.org/protobuf/internal/filedesc/desc.go b/vendor/google.golang.org/protobuf/internal/filedesc/desc.go index f3252985641..378b826faa6 100644 --- a/vendor/google.golang.org/protobuf/internal/filedesc/desc.go +++ b/vendor/google.golang.org/protobuf/internal/filedesc/desc.go @@ -117,6 +117,9 @@ type ( // GenerateLegacyUnmarshalJSON determines if the plugin generates the // UnmarshalJSON([]byte) error method for enums. GenerateLegacyUnmarshalJSON bool + // APILevel controls which API (Open, Hybrid or Opaque) should be used + // for generated code (.pb.go files). + APILevel int } ) diff --git a/vendor/google.golang.org/protobuf/internal/filedesc/editions.go b/vendor/google.golang.org/protobuf/internal/filedesc/editions.go index 7611796e86c..10132c9b384 100644 --- a/vendor/google.golang.org/protobuf/internal/filedesc/editions.go +++ b/vendor/google.golang.org/protobuf/internal/filedesc/editions.go @@ -32,6 +32,10 @@ func unmarshalGoFeature(b []byte, parent EditionFeatures) EditionFeatures { v, m := protowire.ConsumeVarint(b) b = b[m:] parent.GenerateLegacyUnmarshalJSON = protowire.DecodeBool(v) + case genid.GoFeatures_ApiLevel_field_number: + v, m := protowire.ConsumeVarint(b) + b = b[m:] + parent.APILevel = int(v) case genid.GoFeatures_StripEnumPrefix_field_number: v, m := protowire.ConsumeVarint(b) b = b[m:] diff --git a/vendor/google.golang.org/protobuf/internal/genid/go_features_gen.go b/vendor/google.golang.org/protobuf/internal/genid/go_features_gen.go index 09792d96f6b..f5ee7f5c2b7 100644 --- a/vendor/google.golang.org/protobuf/internal/genid/go_features_gen.go +++ b/vendor/google.golang.org/protobuf/internal/genid/go_features_gen.go @@ -21,18 +21,35 @@ const ( // Field names for pb.GoFeatures. const ( GoFeatures_LegacyUnmarshalJsonEnum_field_name protoreflect.Name = "legacy_unmarshal_json_enum" + GoFeatures_ApiLevel_field_name protoreflect.Name = "api_level" GoFeatures_StripEnumPrefix_field_name protoreflect.Name = "strip_enum_prefix" GoFeatures_LegacyUnmarshalJsonEnum_field_fullname protoreflect.FullName = "pb.GoFeatures.legacy_unmarshal_json_enum" + GoFeatures_ApiLevel_field_fullname protoreflect.FullName = "pb.GoFeatures.api_level" GoFeatures_StripEnumPrefix_field_fullname protoreflect.FullName = "pb.GoFeatures.strip_enum_prefix" ) // Field numbers for pb.GoFeatures. const ( GoFeatures_LegacyUnmarshalJsonEnum_field_number protoreflect.FieldNumber = 1 + GoFeatures_ApiLevel_field_number protoreflect.FieldNumber = 2 GoFeatures_StripEnumPrefix_field_number protoreflect.FieldNumber = 3 ) +// Full and short names for pb.GoFeatures.APILevel. +const ( + GoFeatures_APILevel_enum_fullname = "pb.GoFeatures.APILevel" + GoFeatures_APILevel_enum_name = "APILevel" +) + +// Enum values for pb.GoFeatures.APILevel. +const ( + GoFeatures_API_LEVEL_UNSPECIFIED_enum_value = 0 + GoFeatures_API_OPEN_enum_value = 1 + GoFeatures_API_HYBRID_enum_value = 2 + GoFeatures_API_OPAQUE_enum_value = 3 +) + // Full and short names for pb.GoFeatures.StripEnumPrefix. const ( GoFeatures_StripEnumPrefix_enum_fullname = "pb.GoFeatures.StripEnumPrefix" diff --git a/vendor/google.golang.org/protobuf/internal/genid/name.go b/vendor/google.golang.org/protobuf/internal/genid/name.go new file mode 100644 index 00000000000..224f339302f --- /dev/null +++ b/vendor/google.golang.org/protobuf/internal/genid/name.go @@ -0,0 +1,12 @@ +// Copyright 2024 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package genid + +const ( + NoUnkeyedLiteral_goname = "noUnkeyedLiteral" + NoUnkeyedLiteralA_goname = "XXX_NoUnkeyedLiteral" + + BuilderSuffix_goname = "_builder" +) diff --git a/vendor/google.golang.org/protobuf/internal/impl/api_export_opaque.go b/vendor/google.golang.org/protobuf/internal/impl/api_export_opaque.go new file mode 100644 index 00000000000..6075d6f6967 --- /dev/null +++ b/vendor/google.golang.org/protobuf/internal/impl/api_export_opaque.go @@ -0,0 +1,128 @@ +// Copyright 2024 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package impl + +import ( + "strconv" + "sync/atomic" + "unsafe" + + "google.golang.org/protobuf/reflect/protoreflect" +) + +func (Export) UnmarshalField(msg any, fieldNum int32) { + UnmarshalField(msg.(protoreflect.ProtoMessage).ProtoReflect(), protoreflect.FieldNumber(fieldNum)) +} + +// Present checks the presence set for a certain field number (zero +// based, ordered by appearance in original proto file). part is +// a pointer to the correct element in the bitmask array, num is the +// field number unaltered. Example (field number 70 -> part = +// &m.XXX_presence[1], num = 70) +func (Export) Present(part *uint32, num uint32) bool { + // This hook will read an unprotected shadow presence set if + // we're unning under the race detector + raceDetectHookPresent(part, num) + return atomic.LoadUint32(part)&(1<<(num%32)) > 0 +} + +// SetPresent adds a field to the presence set. part is a pointer to +// the relevant element in the array and num is the field number +// unaltered. size is the number of fields in the protocol +// buffer. +func (Export) SetPresent(part *uint32, num uint32, size uint32) { + // This hook will mutate an unprotected shadow presence set if + // we're running under the race detector + raceDetectHookSetPresent(part, num, presenceSize(size)) + for { + old := atomic.LoadUint32(part) + if atomic.CompareAndSwapUint32(part, old, old|(1<<(num%32))) { + return + } + } +} + +// SetPresentNonAtomic is like SetPresent, but operates non-atomically. +// It is meant for use by builder methods, where the message is known not +// to be accessible yet by other goroutines. +func (Export) SetPresentNonAtomic(part *uint32, num uint32, size uint32) { + // This hook will mutate an unprotected shadow presence set if + // we're running under the race detector + raceDetectHookSetPresent(part, num, presenceSize(size)) + *part |= 1 << (num % 32) +} + +// ClearPresence removes a field from the presence set. part is a +// pointer to the relevant element in the presence array and num is +// the field number unaltered. +func (Export) ClearPresent(part *uint32, num uint32) { + // This hook will mutate an unprotected shadow presence set if + // we're running under the race detector + raceDetectHookClearPresent(part, num) + for { + old := atomic.LoadUint32(part) + if atomic.CompareAndSwapUint32(part, old, old&^(1<<(num%32))) { + return + } + } +} + +// interfaceToPointer takes a pointer to an empty interface whose value is a +// pointer type, and converts it into a "pointer" that points to the same +// target +func interfaceToPointer(i *any) pointer { + return pointer{p: (*[2]unsafe.Pointer)(unsafe.Pointer(i))[1]} +} + +func (p pointer) atomicGetPointer() pointer { + return pointer{p: atomic.LoadPointer((*unsafe.Pointer)(p.p))} +} + +func (p pointer) atomicSetPointer(q pointer) { + atomic.StorePointer((*unsafe.Pointer)(p.p), q.p) +} + +// AtomicCheckPointerIsNil takes an interface (which is a pointer to a +// pointer) and returns true if the pointed-to pointer is nil (using an +// atomic load). This function is inlineable and, on x86, just becomes a +// simple load and compare. +func (Export) AtomicCheckPointerIsNil(ptr any) bool { + return interfaceToPointer(&ptr).atomicGetPointer().IsNil() +} + +// AtomicSetPointer takes two interfaces (first is a pointer to a pointer, +// second is a pointer) and atomically sets the second pointer into location +// referenced by first pointer. Unfortunately, atomicSetPointer() does not inline +// (even on x86), so this does not become a simple store on x86. +func (Export) AtomicSetPointer(dstPtr, valPtr any) { + interfaceToPointer(&dstPtr).atomicSetPointer(interfaceToPointer(&valPtr)) +} + +// AtomicLoadPointer loads the pointer at the location pointed at by src, +// and stores that pointer value into the location pointed at by dst. +func (Export) AtomicLoadPointer(ptr Pointer, dst Pointer) { + *(*unsafe.Pointer)(unsafe.Pointer(dst)) = atomic.LoadPointer((*unsafe.Pointer)(unsafe.Pointer(ptr))) +} + +// AtomicInitializePointer makes ptr and dst point to the same value. +// +// If *ptr is a nil pointer, it sets *ptr = *dst. +// +// If *ptr is a non-nil pointer, it sets *dst = *ptr. +func (Export) AtomicInitializePointer(ptr Pointer, dst Pointer) { + if !atomic.CompareAndSwapPointer((*unsafe.Pointer)(ptr), unsafe.Pointer(nil), *(*unsafe.Pointer)(dst)) { + *(*unsafe.Pointer)(unsafe.Pointer(dst)) = atomic.LoadPointer((*unsafe.Pointer)(unsafe.Pointer(ptr))) + } +} + +// MessageFieldStringOf returns the field formatted as a string, +// either as the field name if resolvable otherwise as a decimal string. +func (Export) MessageFieldStringOf(md protoreflect.MessageDescriptor, n protoreflect.FieldNumber) string { + fd := md.Fields().ByNumber(n) + if fd != nil { + return string(fd.Name()) + } + return strconv.Itoa(int(n)) +} diff --git a/vendor/google.golang.org/protobuf/internal/impl/bitmap.go b/vendor/google.golang.org/protobuf/internal/impl/bitmap.go new file mode 100644 index 00000000000..ea276547cd6 --- /dev/null +++ b/vendor/google.golang.org/protobuf/internal/impl/bitmap.go @@ -0,0 +1,34 @@ +// Copyright 2024 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build !race + +package impl + +// There is no additional data as we're not running under race detector. +type RaceDetectHookData struct{} + +// Empty stubs for when not using the race detector. Calls to these from index.go should be optimized away. +func (presence) raceDetectHookPresent(num uint32) {} +func (presence) raceDetectHookSetPresent(num uint32, size presenceSize) {} +func (presence) raceDetectHookClearPresent(num uint32) {} +func (presence) raceDetectHookAllocAndCopy(src presence) {} + +// raceDetectHookPresent is called by the generated file interface +// (*proto.internalFuncs) Present to optionally read an unprotected +// shadow bitmap when race detection is enabled. In regular code it is +// a noop. +func raceDetectHookPresent(field *uint32, num uint32) {} + +// raceDetectHookSetPresent is called by the generated file interface +// (*proto.internalFuncs) SetPresent to optionally write an unprotected +// shadow bitmap when race detection is enabled. In regular code it is +// a noop. +func raceDetectHookSetPresent(field *uint32, num uint32, size presenceSize) {} + +// raceDetectHookClearPresent is called by the generated file interface +// (*proto.internalFuncs) ClearPresent to optionally write an unprotected +// shadow bitmap when race detection is enabled. In regular code it is +// a noop. +func raceDetectHookClearPresent(field *uint32, num uint32) {} diff --git a/vendor/google.golang.org/protobuf/internal/impl/bitmap_race.go b/vendor/google.golang.org/protobuf/internal/impl/bitmap_race.go new file mode 100644 index 00000000000..e9a27583aeb --- /dev/null +++ b/vendor/google.golang.org/protobuf/internal/impl/bitmap_race.go @@ -0,0 +1,126 @@ +// Copyright 2024 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build race + +package impl + +// When running under race detector, we add a presence map of bytes, that we can access +// in the hook functions so that we trigger the race detection whenever we have concurrent +// Read-Writes or Write-Writes. The race detector does not otherwise detect invalid concurrent +// access to lazy fields as all updates of bitmaps and pointers are done using atomic operations. +type RaceDetectHookData struct { + shadowPresence *[]byte +} + +// Hooks for presence bitmap operations that allocate, read and write the shadowPresence +// using non-atomic operations. +func (data *RaceDetectHookData) raceDetectHookAlloc(size presenceSize) { + sp := make([]byte, size) + atomicStoreShadowPresence(&data.shadowPresence, &sp) +} + +func (p presence) raceDetectHookPresent(num uint32) { + data := p.toRaceDetectData() + if data == nil { + return + } + sp := atomicLoadShadowPresence(&data.shadowPresence) + if sp != nil { + _ = (*sp)[num] + } +} + +func (p presence) raceDetectHookSetPresent(num uint32, size presenceSize) { + data := p.toRaceDetectData() + if data == nil { + return + } + sp := atomicLoadShadowPresence(&data.shadowPresence) + if sp == nil { + data.raceDetectHookAlloc(size) + sp = atomicLoadShadowPresence(&data.shadowPresence) + } + (*sp)[num] = 1 +} + +func (p presence) raceDetectHookClearPresent(num uint32) { + data := p.toRaceDetectData() + if data == nil { + return + } + sp := atomicLoadShadowPresence(&data.shadowPresence) + if sp != nil { + (*sp)[num] = 0 + + } +} + +// raceDetectHookAllocAndCopy allocates a new shadowPresence slice at lazy and copies +// shadowPresence bytes from src to lazy. +func (p presence) raceDetectHookAllocAndCopy(q presence) { + sData := q.toRaceDetectData() + dData := p.toRaceDetectData() + if sData == nil { + return + } + srcSp := atomicLoadShadowPresence(&sData.shadowPresence) + if srcSp == nil { + atomicStoreShadowPresence(&dData.shadowPresence, nil) + return + } + n := len(*srcSp) + dSlice := make([]byte, n) + atomicStoreShadowPresence(&dData.shadowPresence, &dSlice) + for i := 0; i < n; i++ { + dSlice[i] = (*srcSp)[i] + } +} + +// raceDetectHookPresent is called by the generated file interface +// (*proto.internalFuncs) Present to optionally read an unprotected +// shadow bitmap when race detection is enabled. In regular code it is +// a noop. +func raceDetectHookPresent(field *uint32, num uint32) { + data := findPointerToRaceDetectData(field, num) + if data == nil { + return + } + sp := atomicLoadShadowPresence(&data.shadowPresence) + if sp != nil { + _ = (*sp)[num] + } +} + +// raceDetectHookSetPresent is called by the generated file interface +// (*proto.internalFuncs) SetPresent to optionally write an unprotected +// shadow bitmap when race detection is enabled. In regular code it is +// a noop. +func raceDetectHookSetPresent(field *uint32, num uint32, size presenceSize) { + data := findPointerToRaceDetectData(field, num) + if data == nil { + return + } + sp := atomicLoadShadowPresence(&data.shadowPresence) + if sp == nil { + data.raceDetectHookAlloc(size) + sp = atomicLoadShadowPresence(&data.shadowPresence) + } + (*sp)[num] = 1 +} + +// raceDetectHookClearPresent is called by the generated file interface +// (*proto.internalFuncs) ClearPresent to optionally write an unprotected +// shadow bitmap when race detection is enabled. In regular code it is +// a noop. +func raceDetectHookClearPresent(field *uint32, num uint32) { + data := findPointerToRaceDetectData(field, num) + if data == nil { + return + } + sp := atomicLoadShadowPresence(&data.shadowPresence) + if sp != nil { + (*sp)[num] = 0 + } +} diff --git a/vendor/google.golang.org/protobuf/internal/impl/checkinit.go b/vendor/google.golang.org/protobuf/internal/impl/checkinit.go index f29e6a8fa88..fe2c719ce40 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/checkinit.go +++ b/vendor/google.golang.org/protobuf/internal/impl/checkinit.go @@ -35,6 +35,12 @@ func (mi *MessageInfo) checkInitializedPointer(p pointer) error { } return nil } + + var presence presence + if mi.presenceOffset.IsValid() { + presence = p.Apply(mi.presenceOffset).PresenceInfo() + } + if mi.extensionOffset.IsValid() { e := p.Apply(mi.extensionOffset).Extensions() if err := mi.isInitExtensions(e); err != nil { @@ -45,6 +51,33 @@ func (mi *MessageInfo) checkInitializedPointer(p pointer) error { if !f.isRequired && f.funcs.isInit == nil { continue } + + if f.presenceIndex != noPresence { + if !presence.Present(f.presenceIndex) { + if f.isRequired { + return errors.RequiredNotSet(string(mi.Desc.Fields().ByNumber(f.num).FullName())) + } + continue + } + if f.funcs.isInit != nil { + f.mi.init() + if f.mi.needsInitCheck { + if f.isLazy && p.Apply(f.offset).AtomicGetPointer().IsNil() { + lazy := *p.Apply(mi.lazyOffset).LazyInfoPtr() + if !lazy.AllowedPartial() { + // Nothing to see here, it was checked on unmarshal + continue + } + mi.lazyUnmarshal(p, f.num) + } + if err := f.funcs.isInit(p.Apply(f.offset), f); err != nil { + return err + } + } + } + continue + } + fptr := p.Apply(f.offset) if f.isPointer && fptr.Elem().IsNil() { if f.isRequired { diff --git a/vendor/google.golang.org/protobuf/internal/impl/codec_field_opaque.go b/vendor/google.golang.org/protobuf/internal/impl/codec_field_opaque.go new file mode 100644 index 00000000000..76818ea252f --- /dev/null +++ b/vendor/google.golang.org/protobuf/internal/impl/codec_field_opaque.go @@ -0,0 +1,264 @@ +// Copyright 2024 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package impl + +import ( + "fmt" + "reflect" + + "google.golang.org/protobuf/encoding/protowire" + "google.golang.org/protobuf/internal/errors" + "google.golang.org/protobuf/reflect/protoreflect" +) + +func makeOpaqueMessageFieldCoder(fd protoreflect.FieldDescriptor, ft reflect.Type) (*MessageInfo, pointerCoderFuncs) { + mi := getMessageInfo(ft) + if mi == nil { + panic(fmt.Sprintf("invalid field: %v: unsupported message type %v", fd.FullName(), ft)) + } + switch fd.Kind() { + case protoreflect.MessageKind: + return mi, pointerCoderFuncs{ + size: sizeOpaqueMessage, + marshal: appendOpaqueMessage, + unmarshal: consumeOpaqueMessage, + isInit: isInitOpaqueMessage, + merge: mergeOpaqueMessage, + } + case protoreflect.GroupKind: + return mi, pointerCoderFuncs{ + size: sizeOpaqueGroup, + marshal: appendOpaqueGroup, + unmarshal: consumeOpaqueGroup, + isInit: isInitOpaqueMessage, + merge: mergeOpaqueMessage, + } + } + panic("unexpected field kind") +} + +func sizeOpaqueMessage(p pointer, f *coderFieldInfo, opts marshalOptions) (size int) { + return protowire.SizeBytes(f.mi.sizePointer(p.AtomicGetPointer(), opts)) + f.tagsize +} + +func appendOpaqueMessage(b []byte, p pointer, f *coderFieldInfo, opts marshalOptions) ([]byte, error) { + mp := p.AtomicGetPointer() + calculatedSize := f.mi.sizePointer(mp, opts) + b = protowire.AppendVarint(b, f.wiretag) + b = protowire.AppendVarint(b, uint64(calculatedSize)) + before := len(b) + b, err := f.mi.marshalAppendPointer(b, mp, opts) + if measuredSize := len(b) - before; calculatedSize != measuredSize && err == nil { + return nil, errors.MismatchedSizeCalculation(calculatedSize, measuredSize) + } + return b, err +} + +func consumeOpaqueMessage(b []byte, p pointer, wtyp protowire.Type, f *coderFieldInfo, opts unmarshalOptions) (out unmarshalOutput, err error) { + if wtyp != protowire.BytesType { + return out, errUnknown + } + v, n := protowire.ConsumeBytes(b) + if n < 0 { + return out, errDecode + } + mp := p.AtomicGetPointer() + if mp.IsNil() { + mp = p.AtomicSetPointerIfNil(pointerOfValue(reflect.New(f.mi.GoReflectType.Elem()))) + } + o, err := f.mi.unmarshalPointer(v, mp, 0, opts) + if err != nil { + return out, err + } + out.n = n + out.initialized = o.initialized + return out, nil +} + +func isInitOpaqueMessage(p pointer, f *coderFieldInfo) error { + mp := p.AtomicGetPointer() + if mp.IsNil() { + return nil + } + return f.mi.checkInitializedPointer(mp) +} + +func mergeOpaqueMessage(dst, src pointer, f *coderFieldInfo, opts mergeOptions) { + dstmp := dst.AtomicGetPointer() + if dstmp.IsNil() { + dstmp = dst.AtomicSetPointerIfNil(pointerOfValue(reflect.New(f.mi.GoReflectType.Elem()))) + } + f.mi.mergePointer(dstmp, src.AtomicGetPointer(), opts) +} + +func sizeOpaqueGroup(p pointer, f *coderFieldInfo, opts marshalOptions) (size int) { + return 2*f.tagsize + f.mi.sizePointer(p.AtomicGetPointer(), opts) +} + +func appendOpaqueGroup(b []byte, p pointer, f *coderFieldInfo, opts marshalOptions) ([]byte, error) { + b = protowire.AppendVarint(b, f.wiretag) // start group + b, err := f.mi.marshalAppendPointer(b, p.AtomicGetPointer(), opts) + b = protowire.AppendVarint(b, f.wiretag+1) // end group + return b, err +} + +func consumeOpaqueGroup(b []byte, p pointer, wtyp protowire.Type, f *coderFieldInfo, opts unmarshalOptions) (out unmarshalOutput, err error) { + if wtyp != protowire.StartGroupType { + return out, errUnknown + } + mp := p.AtomicGetPointer() + if mp.IsNil() { + mp = p.AtomicSetPointerIfNil(pointerOfValue(reflect.New(f.mi.GoReflectType.Elem()))) + } + o, e := f.mi.unmarshalPointer(b, mp, f.num, opts) + return o, e +} + +func makeOpaqueRepeatedMessageFieldCoder(fd protoreflect.FieldDescriptor, ft reflect.Type) (*MessageInfo, pointerCoderFuncs) { + if ft.Kind() != reflect.Ptr || ft.Elem().Kind() != reflect.Slice { + panic(fmt.Sprintf("invalid field: %v: unsupported type for opaque repeated message: %v", fd.FullName(), ft)) + } + mt := ft.Elem().Elem() // *[]*T -> *T + mi := getMessageInfo(mt) + if mi == nil { + panic(fmt.Sprintf("invalid field: %v: unsupported message type %v", fd.FullName(), mt)) + } + switch fd.Kind() { + case protoreflect.MessageKind: + return mi, pointerCoderFuncs{ + size: sizeOpaqueMessageSlice, + marshal: appendOpaqueMessageSlice, + unmarshal: consumeOpaqueMessageSlice, + isInit: isInitOpaqueMessageSlice, + merge: mergeOpaqueMessageSlice, + } + case protoreflect.GroupKind: + return mi, pointerCoderFuncs{ + size: sizeOpaqueGroupSlice, + marshal: appendOpaqueGroupSlice, + unmarshal: consumeOpaqueGroupSlice, + isInit: isInitOpaqueMessageSlice, + merge: mergeOpaqueMessageSlice, + } + } + panic("unexpected field kind") +} + +func sizeOpaqueMessageSlice(p pointer, f *coderFieldInfo, opts marshalOptions) (size int) { + s := p.AtomicGetPointer().PointerSlice() + n := 0 + for _, v := range s { + n += protowire.SizeBytes(f.mi.sizePointer(v, opts)) + f.tagsize + } + return n +} + +func appendOpaqueMessageSlice(b []byte, p pointer, f *coderFieldInfo, opts marshalOptions) ([]byte, error) { + s := p.AtomicGetPointer().PointerSlice() + var err error + for _, v := range s { + b = protowire.AppendVarint(b, f.wiretag) + siz := f.mi.sizePointer(v, opts) + b = protowire.AppendVarint(b, uint64(siz)) + before := len(b) + b, err = f.mi.marshalAppendPointer(b, v, opts) + if err != nil { + return b, err + } + if measuredSize := len(b) - before; siz != measuredSize { + return nil, errors.MismatchedSizeCalculation(siz, measuredSize) + } + } + return b, nil +} + +func consumeOpaqueMessageSlice(b []byte, p pointer, wtyp protowire.Type, f *coderFieldInfo, opts unmarshalOptions) (out unmarshalOutput, err error) { + if wtyp != protowire.BytesType { + return out, errUnknown + } + v, n := protowire.ConsumeBytes(b) + if n < 0 { + return out, errDecode + } + mp := pointerOfValue(reflect.New(f.mi.GoReflectType.Elem())) + o, err := f.mi.unmarshalPointer(v, mp, 0, opts) + if err != nil { + return out, err + } + sp := p.AtomicGetPointer() + if sp.IsNil() { + sp = p.AtomicSetPointerIfNil(pointerOfValue(reflect.New(f.ft.Elem()))) + } + sp.AppendPointerSlice(mp) + out.n = n + out.initialized = o.initialized + return out, nil +} + +func isInitOpaqueMessageSlice(p pointer, f *coderFieldInfo) error { + sp := p.AtomicGetPointer() + if sp.IsNil() { + return nil + } + s := sp.PointerSlice() + for _, v := range s { + if err := f.mi.checkInitializedPointer(v); err != nil { + return err + } + } + return nil +} + +func mergeOpaqueMessageSlice(dst, src pointer, f *coderFieldInfo, opts mergeOptions) { + ds := dst.AtomicGetPointer() + if ds.IsNil() { + ds = dst.AtomicSetPointerIfNil(pointerOfValue(reflect.New(f.ft.Elem()))) + } + for _, sp := range src.AtomicGetPointer().PointerSlice() { + dm := pointerOfValue(reflect.New(f.mi.GoReflectType.Elem())) + f.mi.mergePointer(dm, sp, opts) + ds.AppendPointerSlice(dm) + } +} + +func sizeOpaqueGroupSlice(p pointer, f *coderFieldInfo, opts marshalOptions) (size int) { + s := p.AtomicGetPointer().PointerSlice() + n := 0 + for _, v := range s { + n += 2*f.tagsize + f.mi.sizePointer(v, opts) + } + return n +} + +func appendOpaqueGroupSlice(b []byte, p pointer, f *coderFieldInfo, opts marshalOptions) ([]byte, error) { + s := p.AtomicGetPointer().PointerSlice() + var err error + for _, v := range s { + b = protowire.AppendVarint(b, f.wiretag) // start group + b, err = f.mi.marshalAppendPointer(b, v, opts) + if err != nil { + return b, err + } + b = protowire.AppendVarint(b, f.wiretag+1) // end group + } + return b, nil +} + +func consumeOpaqueGroupSlice(b []byte, p pointer, wtyp protowire.Type, f *coderFieldInfo, opts unmarshalOptions) (out unmarshalOutput, err error) { + if wtyp != protowire.StartGroupType { + return out, errUnknown + } + mp := pointerOfValue(reflect.New(f.mi.GoReflectType.Elem())) + out, err = f.mi.unmarshalPointer(b, mp, f.num, opts) + if err != nil { + return out, err + } + sp := p.AtomicGetPointer() + if sp.IsNil() { + sp = p.AtomicSetPointerIfNil(pointerOfValue(reflect.New(f.ft.Elem()))) + } + sp.AppendPointerSlice(mp) + return out, err +} diff --git a/vendor/google.golang.org/protobuf/internal/impl/codec_message.go b/vendor/google.golang.org/protobuf/internal/impl/codec_message.go index 78be9df3420..2f7b363ec4a 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/codec_message.go +++ b/vendor/google.golang.org/protobuf/internal/impl/codec_message.go @@ -32,6 +32,10 @@ type coderMessageInfo struct { needsInitCheck bool isMessageSet bool numRequiredFields uint8 + + lazyOffset offset + presenceOffset offset + presenceSize presenceSize } type coderFieldInfo struct { @@ -45,12 +49,19 @@ type coderFieldInfo struct { tagsize int // size of the varint-encoded tag isPointer bool // true if IsNil may be called on the struct field isRequired bool // true if field is required + + isLazy bool + presenceIndex uint32 } +const noPresence = 0xffffffff + func (mi *MessageInfo) makeCoderMethods(t reflect.Type, si structInfo) { mi.sizecacheOffset = invalidOffset mi.unknownOffset = invalidOffset mi.extensionOffset = invalidOffset + mi.lazyOffset = invalidOffset + mi.presenceOffset = si.presenceOffset if si.sizecacheOffset.IsValid() && si.sizecacheType == sizecacheType { mi.sizecacheOffset = si.sizecacheOffset @@ -127,6 +138,8 @@ func (mi *MessageInfo) makeCoderMethods(t reflect.Type, si structInfo) { validation: newFieldValidationInfo(mi, si, fd, ft), isPointer: fd.Cardinality() == protoreflect.Repeated || fd.HasPresence(), isRequired: fd.Cardinality() == protoreflect.Required, + + presenceIndex: noPresence, } mi.orderedCoderFields = append(mi.orderedCoderFields, cf) mi.coderFields[cf.num] = cf diff --git a/vendor/google.golang.org/protobuf/internal/impl/codec_message_opaque.go b/vendor/google.golang.org/protobuf/internal/impl/codec_message_opaque.go new file mode 100644 index 00000000000..88c16ae5b7c --- /dev/null +++ b/vendor/google.golang.org/protobuf/internal/impl/codec_message_opaque.go @@ -0,0 +1,156 @@ +// Copyright 2024 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package impl + +import ( + "fmt" + "reflect" + "sort" + + "google.golang.org/protobuf/encoding/protowire" + "google.golang.org/protobuf/internal/encoding/messageset" + "google.golang.org/protobuf/internal/order" + "google.golang.org/protobuf/reflect/protoreflect" + piface "google.golang.org/protobuf/runtime/protoiface" +) + +func (mi *MessageInfo) makeOpaqueCoderMethods(t reflect.Type, si opaqueStructInfo) { + mi.sizecacheOffset = si.sizecacheOffset + mi.unknownOffset = si.unknownOffset + mi.unknownPtrKind = si.unknownType.Kind() == reflect.Ptr + mi.extensionOffset = si.extensionOffset + mi.lazyOffset = si.lazyOffset + mi.presenceOffset = si.presenceOffset + + mi.coderFields = make(map[protowire.Number]*coderFieldInfo) + fields := mi.Desc.Fields() + for i := 0; i < fields.Len(); i++ { + fd := fields.Get(i) + + fs := si.fieldsByNumber[fd.Number()] + if fd.ContainingOneof() != nil && !fd.ContainingOneof().IsSynthetic() { + fs = si.oneofsByName[fd.ContainingOneof().Name()] + } + ft := fs.Type + var wiretag uint64 + if !fd.IsPacked() { + wiretag = protowire.EncodeTag(fd.Number(), wireTypes[fd.Kind()]) + } else { + wiretag = protowire.EncodeTag(fd.Number(), protowire.BytesType) + } + var fieldOffset offset + var funcs pointerCoderFuncs + var childMessage *MessageInfo + switch { + case fd.ContainingOneof() != nil && !fd.ContainingOneof().IsSynthetic(): + fieldOffset = offsetOf(fs, mi.Exporter) + case fd.IsWeak(): + fieldOffset = si.weakOffset + funcs = makeWeakMessageFieldCoder(fd) + case fd.Message() != nil && !fd.IsMap(): + fieldOffset = offsetOf(fs, mi.Exporter) + if fd.IsList() { + childMessage, funcs = makeOpaqueRepeatedMessageFieldCoder(fd, ft) + } else { + childMessage, funcs = makeOpaqueMessageFieldCoder(fd, ft) + } + default: + fieldOffset = offsetOf(fs, mi.Exporter) + childMessage, funcs = fieldCoder(fd, ft) + } + cf := &coderFieldInfo{ + num: fd.Number(), + offset: fieldOffset, + wiretag: wiretag, + ft: ft, + tagsize: protowire.SizeVarint(wiretag), + funcs: funcs, + mi: childMessage, + validation: newFieldValidationInfo(mi, si.structInfo, fd, ft), + isPointer: (fd.Cardinality() == protoreflect.Repeated || + fd.Kind() == protoreflect.MessageKind || + fd.Kind() == protoreflect.GroupKind), + isRequired: fd.Cardinality() == protoreflect.Required, + presenceIndex: noPresence, + } + + // TODO: Use presence for all fields. + // + // In some cases, such as maps, presence means only "might be set" rather + // than "is definitely set", but every field should have a presence bit to + // permit us to skip over definitely-unset fields at marshal time. + + var hasPresence bool + hasPresence, cf.isLazy = usePresenceForField(si, fd) + + if hasPresence { + cf.presenceIndex, mi.presenceSize = presenceIndex(mi.Desc, fd) + } + + mi.orderedCoderFields = append(mi.orderedCoderFields, cf) + mi.coderFields[cf.num] = cf + } + for i, oneofs := 0, mi.Desc.Oneofs(); i < oneofs.Len(); i++ { + if od := oneofs.Get(i); !od.IsSynthetic() { + mi.initOneofFieldCoders(od, si.structInfo) + } + } + if messageset.IsMessageSet(mi.Desc) { + if !mi.extensionOffset.IsValid() { + panic(fmt.Sprintf("%v: MessageSet with no extensions field", mi.Desc.FullName())) + } + if !mi.unknownOffset.IsValid() { + panic(fmt.Sprintf("%v: MessageSet with no unknown field", mi.Desc.FullName())) + } + mi.isMessageSet = true + } + sort.Slice(mi.orderedCoderFields, func(i, j int) bool { + return mi.orderedCoderFields[i].num < mi.orderedCoderFields[j].num + }) + + var maxDense protoreflect.FieldNumber + for _, cf := range mi.orderedCoderFields { + if cf.num >= 16 && cf.num >= 2*maxDense { + break + } + maxDense = cf.num + } + mi.denseCoderFields = make([]*coderFieldInfo, maxDense+1) + for _, cf := range mi.orderedCoderFields { + if int(cf.num) > len(mi.denseCoderFields) { + break + } + mi.denseCoderFields[cf.num] = cf + } + + // To preserve compatibility with historic wire output, marshal oneofs last. + if mi.Desc.Oneofs().Len() > 0 { + sort.Slice(mi.orderedCoderFields, func(i, j int) bool { + fi := fields.ByNumber(mi.orderedCoderFields[i].num) + fj := fields.ByNumber(mi.orderedCoderFields[j].num) + return order.LegacyFieldOrder(fi, fj) + }) + } + + mi.needsInitCheck = needsInitCheck(mi.Desc) + if mi.methods.Marshal == nil && mi.methods.Size == nil { + mi.methods.Flags |= piface.SupportMarshalDeterministic + mi.methods.Marshal = mi.marshal + mi.methods.Size = mi.size + } + if mi.methods.Unmarshal == nil { + mi.methods.Flags |= piface.SupportUnmarshalDiscardUnknown + mi.methods.Unmarshal = mi.unmarshal + } + if mi.methods.CheckInitialized == nil { + mi.methods.CheckInitialized = mi.checkInitialized + } + if mi.methods.Merge == nil { + mi.methods.Merge = mi.merge + } + if mi.methods.Equal == nil { + mi.methods.Equal = equal + } +} diff --git a/vendor/google.golang.org/protobuf/internal/impl/decode.go b/vendor/google.golang.org/protobuf/internal/impl/decode.go index cda0520c275..e0dd21fa5f4 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/decode.go +++ b/vendor/google.golang.org/protobuf/internal/impl/decode.go @@ -34,6 +34,8 @@ func (o unmarshalOptions) Options() proto.UnmarshalOptions { AllowPartial: true, DiscardUnknown: o.DiscardUnknown(), Resolver: o.resolver, + + NoLazyDecoding: o.NoLazyDecoding(), } } @@ -41,13 +43,26 @@ func (o unmarshalOptions) DiscardUnknown() bool { return o.flags&protoiface.UnmarshalDiscardUnknown != 0 } -func (o unmarshalOptions) IsDefault() bool { - return o.flags == 0 && o.resolver == protoregistry.GlobalTypes +func (o unmarshalOptions) AliasBuffer() bool { return o.flags&protoiface.UnmarshalAliasBuffer != 0 } +func (o unmarshalOptions) Validated() bool { return o.flags&protoiface.UnmarshalValidated != 0 } +func (o unmarshalOptions) NoLazyDecoding() bool { + return o.flags&protoiface.UnmarshalNoLazyDecoding != 0 +} + +func (o unmarshalOptions) CanBeLazy() bool { + if o.resolver != protoregistry.GlobalTypes { + return false + } + // We ignore the UnmarshalInvalidateSizeCache even though it's not in the default set + return (o.flags & ^(protoiface.UnmarshalAliasBuffer | protoiface.UnmarshalValidated | protoiface.UnmarshalCheckRequired)) == 0 } var lazyUnmarshalOptions = unmarshalOptions{ resolver: protoregistry.GlobalTypes, - depth: protowire.DefaultRecursionLimit, + + flags: protoiface.UnmarshalAliasBuffer | protoiface.UnmarshalValidated, + + depth: protowire.DefaultRecursionLimit, } type unmarshalOutput struct { @@ -94,9 +109,30 @@ func (mi *MessageInfo) unmarshalPointer(b []byte, p pointer, groupTag protowire. if flags.ProtoLegacy && mi.isMessageSet { return unmarshalMessageSet(mi, b, p, opts) } + + lazyDecoding := LazyEnabled() // default + if opts.NoLazyDecoding() { + lazyDecoding = false // explicitly disabled + } + if mi.lazyOffset.IsValid() && lazyDecoding { + return mi.unmarshalPointerLazy(b, p, groupTag, opts) + } + return mi.unmarshalPointerEager(b, p, groupTag, opts) +} + +// unmarshalPointerEager is the message unmarshalling function for all messages that are not lazy. +// The corresponding function for Lazy is in google_lazy.go. +func (mi *MessageInfo) unmarshalPointerEager(b []byte, p pointer, groupTag protowire.Number, opts unmarshalOptions) (out unmarshalOutput, err error) { + initialized := true var requiredMask uint64 var exts *map[int32]ExtensionField + + var presence presence + if mi.presenceOffset.IsValid() { + presence = p.Apply(mi.presenceOffset).PresenceInfo() + } + start := len(b) for len(b) > 0 { // Parse the tag (field number and wire type). @@ -154,6 +190,11 @@ func (mi *MessageInfo) unmarshalPointer(b []byte, p pointer, groupTag protowire. if f.funcs.isInit != nil && !o.initialized { initialized = false } + + if f.presenceIndex != noPresence { + presence.SetPresentUnatomic(f.presenceIndex, mi.presenceSize) + } + default: // Possible extension. if exts == nil && mi.extensionOffset.IsValid() { @@ -222,7 +263,7 @@ func (mi *MessageInfo) unmarshalExtension(b []byte, num protowire.Number, wtyp p return out, errUnknown } if flags.LazyUnmarshalExtensions { - if opts.IsDefault() && x.canLazy(xt) { + if opts.CanBeLazy() && x.canLazy(xt) { out, valid := skipExtension(b, xi, num, wtyp, opts) switch valid { case ValidationValid: @@ -270,6 +311,13 @@ func skipExtension(b []byte, xi *extensionFieldInfo, num protowire.Number, wtyp if n < 0 { return out, ValidationUnknown } + + if opts.Validated() { + out.initialized = true + out.n = n + return out, ValidationValid + } + out, st := xi.validation.mi.validate(v, 0, opts) out.n = n return out, st diff --git a/vendor/google.golang.org/protobuf/internal/impl/encode.go b/vendor/google.golang.org/protobuf/internal/impl/encode.go index 6254f5de41f..b2e212291d6 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/encode.go +++ b/vendor/google.golang.org/protobuf/internal/impl/encode.go @@ -10,6 +10,7 @@ import ( "sync/atomic" "google.golang.org/protobuf/internal/flags" + "google.golang.org/protobuf/internal/protolazy" "google.golang.org/protobuf/proto" piface "google.golang.org/protobuf/runtime/protoiface" ) @@ -71,11 +72,39 @@ func (mi *MessageInfo) sizePointerSlow(p pointer, opts marshalOptions) (size int e := p.Apply(mi.extensionOffset).Extensions() size += mi.sizeExtensions(e, opts) } + + var lazy **protolazy.XXX_lazyUnmarshalInfo + var presence presence + if mi.presenceOffset.IsValid() { + presence = p.Apply(mi.presenceOffset).PresenceInfo() + if mi.lazyOffset.IsValid() { + lazy = p.Apply(mi.lazyOffset).LazyInfoPtr() + } + } + for _, f := range mi.orderedCoderFields { if f.funcs.size == nil { continue } fptr := p.Apply(f.offset) + + if f.presenceIndex != noPresence { + if !presence.Present(f.presenceIndex) { + continue + } + + if f.isLazy && fptr.AtomicGetPointer().IsNil() { + if lazyFields(opts) { + size += (*lazy).SizeField(uint32(f.num)) + continue + } else { + mi.lazyUnmarshal(p, f.num) + } + } + size += f.funcs.size(fptr, f, opts) + continue + } + if f.isPointer && fptr.Elem().IsNil() { continue } @@ -134,11 +163,52 @@ func (mi *MessageInfo) marshalAppendPointer(b []byte, p pointer, opts marshalOpt return b, err } } + + var lazy **protolazy.XXX_lazyUnmarshalInfo + var presence presence + if mi.presenceOffset.IsValid() { + presence = p.Apply(mi.presenceOffset).PresenceInfo() + if mi.lazyOffset.IsValid() { + lazy = p.Apply(mi.lazyOffset).LazyInfoPtr() + } + } + for _, f := range mi.orderedCoderFields { if f.funcs.marshal == nil { continue } fptr := p.Apply(f.offset) + + if f.presenceIndex != noPresence { + if !presence.Present(f.presenceIndex) { + continue + } + if f.isLazy { + // Be careful, this field needs to be read atomically, like for a get + if f.isPointer && fptr.AtomicGetPointer().IsNil() { + if lazyFields(opts) { + b, _ = (*lazy).AppendField(b, uint32(f.num)) + continue + } else { + mi.lazyUnmarshal(p, f.num) + } + } + + b, err = f.funcs.marshal(b, fptr, f, opts) + if err != nil { + return b, err + } + continue + } else if f.isPointer && fptr.Elem().IsNil() { + continue + } + b, err = f.funcs.marshal(b, fptr, f, opts) + if err != nil { + return b, err + } + continue + } + if f.isPointer && fptr.Elem().IsNil() { continue } @@ -163,6 +233,14 @@ func fullyLazyExtensions(opts marshalOptions) bool { return opts.flags&piface.MarshalDeterministic == 0 } +// lazyFields returns true if we should attempt to keep fields lazy over size and marshal. +func lazyFields(opts marshalOptions) bool { + // When deterministic marshaling is requested, force an unmarshal for lazy + // fields to produce a deterministic result, instead of passing through + // bytes lazily that may or may not match what Go Protobuf would produce. + return opts.flags&piface.MarshalDeterministic == 0 +} + func (mi *MessageInfo) sizeExtensions(ext *map[int32]ExtensionField, opts marshalOptions) (n int) { if ext == nil { return 0 diff --git a/vendor/google.golang.org/protobuf/internal/impl/lazy.go b/vendor/google.golang.org/protobuf/internal/impl/lazy.go new file mode 100644 index 00000000000..e8fb6c35b4a --- /dev/null +++ b/vendor/google.golang.org/protobuf/internal/impl/lazy.go @@ -0,0 +1,433 @@ +// Copyright 2024 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package impl + +import ( + "fmt" + "math/bits" + "os" + "reflect" + "sort" + "sync/atomic" + + "google.golang.org/protobuf/encoding/protowire" + "google.golang.org/protobuf/internal/errors" + "google.golang.org/protobuf/internal/protolazy" + "google.golang.org/protobuf/reflect/protoreflect" + preg "google.golang.org/protobuf/reflect/protoregistry" + piface "google.golang.org/protobuf/runtime/protoiface" +) + +var enableLazy int32 = func() int32 { + if os.Getenv("GOPROTODEBUG") == "nolazy" { + return 0 + } + return 1 +}() + +// EnableLazyUnmarshal enables lazy unmarshaling. +func EnableLazyUnmarshal(enable bool) { + if enable { + atomic.StoreInt32(&enableLazy, 1) + return + } + atomic.StoreInt32(&enableLazy, 0) +} + +// LazyEnabled reports whether lazy unmarshalling is currently enabled. +func LazyEnabled() bool { + return atomic.LoadInt32(&enableLazy) != 0 +} + +// UnmarshalField unmarshals a field in a message. +func UnmarshalField(m interface{}, num protowire.Number) { + switch m := m.(type) { + case *messageState: + m.messageInfo().lazyUnmarshal(m.pointer(), num) + case *messageReflectWrapper: + m.messageInfo().lazyUnmarshal(m.pointer(), num) + default: + panic(fmt.Sprintf("unsupported wrapper type %T", m)) + } +} + +func (mi *MessageInfo) lazyUnmarshal(p pointer, num protoreflect.FieldNumber) { + var f *coderFieldInfo + if int(num) < len(mi.denseCoderFields) { + f = mi.denseCoderFields[num] + } else { + f = mi.coderFields[num] + } + if f == nil { + panic(fmt.Sprintf("lazyUnmarshal: field info for %v.%v", mi.Desc.FullName(), num)) + } + lazy := *p.Apply(mi.lazyOffset).LazyInfoPtr() + start, end, found, _, multipleEntries := lazy.FindFieldInProto(uint32(num)) + if !found && multipleEntries == nil { + panic(fmt.Sprintf("lazyUnmarshal: can't find field data for %v.%v", mi.Desc.FullName(), num)) + } + // The actual pointer in the message can not be set until the whole struct is filled in, otherwise we will have races. + // Create another pointer and set it atomically, if we won the race and the pointer in the original message is still nil. + fp := pointerOfValue(reflect.New(f.ft)) + if multipleEntries != nil { + for _, entry := range multipleEntries { + mi.unmarshalField(lazy.Buffer()[entry.Start:entry.End], fp, f, lazy, lazy.UnmarshalFlags()) + } + } else { + mi.unmarshalField(lazy.Buffer()[start:end], fp, f, lazy, lazy.UnmarshalFlags()) + } + p.Apply(f.offset).AtomicSetPointerIfNil(fp.Elem()) +} + +func (mi *MessageInfo) unmarshalField(b []byte, p pointer, f *coderFieldInfo, lazyInfo *protolazy.XXX_lazyUnmarshalInfo, flags piface.UnmarshalInputFlags) error { + opts := lazyUnmarshalOptions + opts.flags |= flags + for len(b) > 0 { + // Parse the tag (field number and wire type). + var tag uint64 + if b[0] < 0x80 { + tag = uint64(b[0]) + b = b[1:] + } else if len(b) >= 2 && b[1] < 128 { + tag = uint64(b[0]&0x7f) + uint64(b[1])<<7 + b = b[2:] + } else { + var n int + tag, n = protowire.ConsumeVarint(b) + if n < 0 { + return errors.New("invalid wire data") + } + b = b[n:] + } + var num protowire.Number + if n := tag >> 3; n < uint64(protowire.MinValidNumber) || n > uint64(protowire.MaxValidNumber) { + return errors.New("invalid wire data") + } else { + num = protowire.Number(n) + } + wtyp := protowire.Type(tag & 7) + if num == f.num { + o, err := f.funcs.unmarshal(b, p, wtyp, f, opts) + if err == nil { + b = b[o.n:] + continue + } + if err != errUnknown { + return err + } + } + n := protowire.ConsumeFieldValue(num, wtyp, b) + if n < 0 { + return errors.New("invalid wire data") + } + b = b[n:] + } + return nil +} + +func (mi *MessageInfo) skipField(b []byte, f *coderFieldInfo, wtyp protowire.Type, opts unmarshalOptions) (out unmarshalOutput, _ ValidationStatus) { + fmi := f.validation.mi + if fmi == nil { + fd := mi.Desc.Fields().ByNumber(f.num) + if fd == nil || !fd.IsWeak() { + return out, ValidationUnknown + } + messageName := fd.Message().FullName() + messageType, err := preg.GlobalTypes.FindMessageByName(messageName) + if err != nil { + return out, ValidationUnknown + } + var ok bool + fmi, ok = messageType.(*MessageInfo) + if !ok { + return out, ValidationUnknown + } + } + fmi.init() + switch f.validation.typ { + case validationTypeMessage: + if wtyp != protowire.BytesType { + return out, ValidationWrongWireType + } + v, n := protowire.ConsumeBytes(b) + if n < 0 { + return out, ValidationInvalid + } + out, st := fmi.validate(v, 0, opts) + out.n = n + return out, st + case validationTypeGroup: + if wtyp != protowire.StartGroupType { + return out, ValidationWrongWireType + } + out, st := fmi.validate(b, f.num, opts) + return out, st + default: + return out, ValidationUnknown + } +} + +// unmarshalPointerLazy is similar to unmarshalPointerEager, but it +// specifically handles lazy unmarshalling. it expects lazyOffset and +// presenceOffset to both be valid. +func (mi *MessageInfo) unmarshalPointerLazy(b []byte, p pointer, groupTag protowire.Number, opts unmarshalOptions) (out unmarshalOutput, err error) { + initialized := true + var requiredMask uint64 + var lazy **protolazy.XXX_lazyUnmarshalInfo + var presence presence + var lazyIndex []protolazy.IndexEntry + var lastNum protowire.Number + outOfOrder := false + lazyDecode := false + presence = p.Apply(mi.presenceOffset).PresenceInfo() + lazy = p.Apply(mi.lazyOffset).LazyInfoPtr() + if !presence.AnyPresent(mi.presenceSize) { + if opts.CanBeLazy() { + // If the message contains existing data, we need to merge into it. + // Lazy unmarshaling doesn't merge, so only enable it when the + // message is empty (has no presence bitmap). + lazyDecode = true + if *lazy == nil { + *lazy = &protolazy.XXX_lazyUnmarshalInfo{} + } + (*lazy).SetUnmarshalFlags(opts.flags) + if !opts.AliasBuffer() { + // Make a copy of the buffer for lazy unmarshaling. + // Set the AliasBuffer flag so recursive unmarshal + // operations reuse the copy. + b = append([]byte{}, b...) + opts.flags |= piface.UnmarshalAliasBuffer + } + (*lazy).SetBuffer(b) + } + } + // Track special handling of lazy fields. + // + // In the common case, all fields are lazyValidateOnly (and lazyFields remains nil). + // In the event that validation for a field fails, this map tracks handling of the field. + type lazyAction uint8 + const ( + lazyValidateOnly lazyAction = iota // validate the field only + lazyUnmarshalNow // eagerly unmarshal the field + lazyUnmarshalLater // unmarshal the field after the message is fully processed + ) + var lazyFields map[*coderFieldInfo]lazyAction + var exts *map[int32]ExtensionField + start := len(b) + pos := 0 + for len(b) > 0 { + // Parse the tag (field number and wire type). + var tag uint64 + if b[0] < 0x80 { + tag = uint64(b[0]) + b = b[1:] + } else if len(b) >= 2 && b[1] < 128 { + tag = uint64(b[0]&0x7f) + uint64(b[1])<<7 + b = b[2:] + } else { + var n int + tag, n = protowire.ConsumeVarint(b) + if n < 0 { + return out, errDecode + } + b = b[n:] + } + var num protowire.Number + if n := tag >> 3; n < uint64(protowire.MinValidNumber) || n > uint64(protowire.MaxValidNumber) { + return out, errors.New("invalid field number") + } else { + num = protowire.Number(n) + } + wtyp := protowire.Type(tag & 7) + + if wtyp == protowire.EndGroupType { + if num != groupTag { + return out, errors.New("mismatching end group marker") + } + groupTag = 0 + break + } + + var f *coderFieldInfo + if int(num) < len(mi.denseCoderFields) { + f = mi.denseCoderFields[num] + } else { + f = mi.coderFields[num] + } + var n int + err := errUnknown + discardUnknown := false + Field: + switch { + case f != nil: + if f.funcs.unmarshal == nil { + break + } + if f.isLazy && lazyDecode { + switch { + case lazyFields == nil || lazyFields[f] == lazyValidateOnly: + // Attempt to validate this field and leave it for later lazy unmarshaling. + o, valid := mi.skipField(b, f, wtyp, opts) + switch valid { + case ValidationValid: + // Skip over the valid field and continue. + err = nil + presence.SetPresentUnatomic(f.presenceIndex, mi.presenceSize) + requiredMask |= f.validation.requiredBit + if !o.initialized { + initialized = false + } + n = o.n + break Field + case ValidationInvalid: + return out, errors.New("invalid proto wire format") + case ValidationWrongWireType: + break Field + case ValidationUnknown: + if lazyFields == nil { + lazyFields = make(map[*coderFieldInfo]lazyAction) + } + if presence.Present(f.presenceIndex) { + // We were unable to determine if the field is valid or not, + // and we've already skipped over at least one instance of this + // field. Clear the presence bit (so if we stop decoding early, + // we don't leave a partially-initialized field around) and flag + // the field for unmarshaling before we return. + presence.ClearPresent(f.presenceIndex) + lazyFields[f] = lazyUnmarshalLater + discardUnknown = true + break Field + } else { + // We were unable to determine if the field is valid or not, + // but this is the first time we've seen it. Flag it as needing + // eager unmarshaling and fall through to the eager unmarshal case below. + lazyFields[f] = lazyUnmarshalNow + } + } + case lazyFields[f] == lazyUnmarshalLater: + // This field will be unmarshaled in a separate pass below. + // Skip over it here. + discardUnknown = true + break Field + default: + // Eagerly unmarshal the field. + } + } + if f.isLazy && !lazyDecode && presence.Present(f.presenceIndex) { + if p.Apply(f.offset).AtomicGetPointer().IsNil() { + mi.lazyUnmarshal(p, f.num) + } + } + var o unmarshalOutput + o, err = f.funcs.unmarshal(b, p.Apply(f.offset), wtyp, f, opts) + n = o.n + if err != nil { + break + } + requiredMask |= f.validation.requiredBit + if f.funcs.isInit != nil && !o.initialized { + initialized = false + } + if f.presenceIndex != noPresence { + presence.SetPresentUnatomic(f.presenceIndex, mi.presenceSize) + } + default: + // Possible extension. + if exts == nil && mi.extensionOffset.IsValid() { + exts = p.Apply(mi.extensionOffset).Extensions() + if *exts == nil { + *exts = make(map[int32]ExtensionField) + } + } + if exts == nil { + break + } + var o unmarshalOutput + o, err = mi.unmarshalExtension(b, num, wtyp, *exts, opts) + if err != nil { + break + } + n = o.n + if !o.initialized { + initialized = false + } + } + if err != nil { + if err != errUnknown { + return out, err + } + n = protowire.ConsumeFieldValue(num, wtyp, b) + if n < 0 { + return out, errDecode + } + if !discardUnknown && !opts.DiscardUnknown() && mi.unknownOffset.IsValid() { + u := mi.mutableUnknownBytes(p) + *u = protowire.AppendTag(*u, num, wtyp) + *u = append(*u, b[:n]...) + } + } + b = b[n:] + end := start - len(b) + if lazyDecode && f != nil && f.isLazy { + if num != lastNum { + lazyIndex = append(lazyIndex, protolazy.IndexEntry{ + FieldNum: uint32(num), + Start: uint32(pos), + End: uint32(end), + }) + } else { + i := len(lazyIndex) - 1 + lazyIndex[i].End = uint32(end) + lazyIndex[i].MultipleContiguous = true + } + } + if num < lastNum { + outOfOrder = true + } + pos = end + lastNum = num + } + if groupTag != 0 { + return out, errors.New("missing end group marker") + } + if lazyFields != nil { + // Some fields failed validation, and now need to be unmarshaled. + for f, action := range lazyFields { + if action != lazyUnmarshalLater { + continue + } + initialized = false + if *lazy == nil { + *lazy = &protolazy.XXX_lazyUnmarshalInfo{} + } + if err := mi.unmarshalField((*lazy).Buffer(), p.Apply(f.offset), f, *lazy, opts.flags); err != nil { + return out, err + } + presence.SetPresentUnatomic(f.presenceIndex, mi.presenceSize) + } + } + if lazyDecode { + if outOfOrder { + sort.Slice(lazyIndex, func(i, j int) bool { + return lazyIndex[i].FieldNum < lazyIndex[j].FieldNum || + (lazyIndex[i].FieldNum == lazyIndex[j].FieldNum && + lazyIndex[i].Start < lazyIndex[j].Start) + }) + } + if *lazy == nil { + *lazy = &protolazy.XXX_lazyUnmarshalInfo{} + } + + (*lazy).SetIndex(lazyIndex) + } + if mi.numRequiredFields > 0 && bits.OnesCount64(requiredMask) != int(mi.numRequiredFields) { + initialized = false + } + if initialized { + out.initialized = true + } + out.n = start - len(b) + return out, nil +} diff --git a/vendor/google.golang.org/protobuf/internal/impl/merge.go b/vendor/google.golang.org/protobuf/internal/impl/merge.go index 7e65f64f28e..8ffdce67d34 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/merge.go +++ b/vendor/google.golang.org/protobuf/internal/impl/merge.go @@ -41,11 +41,38 @@ func (mi *MessageInfo) mergePointer(dst, src pointer, opts mergeOptions) { if src.IsNil() { return } + + var presenceSrc presence + var presenceDst presence + if mi.presenceOffset.IsValid() { + presenceSrc = src.Apply(mi.presenceOffset).PresenceInfo() + presenceDst = dst.Apply(mi.presenceOffset).PresenceInfo() + } + for _, f := range mi.orderedCoderFields { if f.funcs.merge == nil { continue } sfptr := src.Apply(f.offset) + + if f.presenceIndex != noPresence { + if !presenceSrc.Present(f.presenceIndex) { + continue + } + dfptr := dst.Apply(f.offset) + if f.isLazy { + if sfptr.AtomicGetPointer().IsNil() { + mi.lazyUnmarshal(src, f.num) + } + if presenceDst.Present(f.presenceIndex) && dfptr.AtomicGetPointer().IsNil() { + mi.lazyUnmarshal(dst, f.num) + } + } + f.funcs.merge(dst.Apply(f.offset), sfptr, f, opts) + presenceDst.SetPresentUnatomic(f.presenceIndex, mi.presenceSize) + continue + } + if f.isPointer && sfptr.Elem().IsNil() { continue } diff --git a/vendor/google.golang.org/protobuf/internal/impl/message.go b/vendor/google.golang.org/protobuf/internal/impl/message.go index 741b5ed29cf..fa10a0f5cc9 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/message.go +++ b/vendor/google.golang.org/protobuf/internal/impl/message.go @@ -79,6 +79,9 @@ func (mi *MessageInfo) initOnce() { if mi.initDone == 1 { return } + if opaqueInitHook(mi) { + return + } t := mi.GoReflectType if t.Kind() != reflect.Ptr && t.Elem().Kind() != reflect.Struct { @@ -133,6 +136,9 @@ type structInfo struct { extensionOffset offset extensionType reflect.Type + lazyOffset offset + presenceOffset offset + fieldsByNumber map[protoreflect.FieldNumber]reflect.StructField oneofsByName map[protoreflect.Name]reflect.StructField oneofWrappersByType map[reflect.Type]protoreflect.FieldNumber @@ -145,6 +151,8 @@ func (mi *MessageInfo) makeStructInfo(t reflect.Type) structInfo { weakOffset: invalidOffset, unknownOffset: invalidOffset, extensionOffset: invalidOffset, + lazyOffset: invalidOffset, + presenceOffset: invalidOffset, fieldsByNumber: map[protoreflect.FieldNumber]reflect.StructField{}, oneofsByName: map[protoreflect.Name]reflect.StructField{}, @@ -175,6 +183,10 @@ fieldLoop: si.extensionOffset = offsetOf(f, mi.Exporter) si.extensionType = f.Type } + case "lazyFields", "XXX_lazyUnmarshalInfo": + si.lazyOffset = offsetOf(f, mi.Exporter) + case "XXX_presence": + si.presenceOffset = offsetOf(f, mi.Exporter) default: for _, s := range strings.Split(f.Tag.Get("protobuf"), ",") { if len(s) > 0 && strings.Trim(s, "0123456789") == "" { diff --git a/vendor/google.golang.org/protobuf/internal/impl/message_opaque.go b/vendor/google.golang.org/protobuf/internal/impl/message_opaque.go new file mode 100644 index 00000000000..d407dd791e8 --- /dev/null +++ b/vendor/google.golang.org/protobuf/internal/impl/message_opaque.go @@ -0,0 +1,614 @@ +// Copyright 2024 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package impl + +import ( + "fmt" + "math" + "reflect" + "strings" + "sync/atomic" + + "google.golang.org/protobuf/reflect/protoreflect" +) + +type opaqueStructInfo struct { + structInfo +} + +// isOpaque determines whether a protobuf message type is on the Opaque API. It +// checks whether the type is a Go struct that protoc-gen-go would generate. +// +// This function only detects newly generated messages from the v2 +// implementation of protoc-gen-go. It is unable to classify generated messages +// that are too old or those that are generated by a different generator +// such as protoc-gen-gogo. +func isOpaque(t reflect.Type) bool { + // The current detection mechanism is to simply check the first field + // for a struct tag with the "protogen" key. + if t.Kind() == reflect.Struct && t.NumField() > 0 { + pgt := t.Field(0).Tag.Get("protogen") + return strings.HasPrefix(pgt, "opaque.") + } + return false +} + +func opaqueInitHook(mi *MessageInfo) bool { + mt := mi.GoReflectType.Elem() + si := opaqueStructInfo{ + structInfo: mi.makeStructInfo(mt), + } + + if !isOpaque(mt) { + return false + } + + defer atomic.StoreUint32(&mi.initDone, 1) + + mi.fields = map[protoreflect.FieldNumber]*fieldInfo{} + fds := mi.Desc.Fields() + for i := 0; i < fds.Len(); i++ { + fd := fds.Get(i) + fs := si.fieldsByNumber[fd.Number()] + var fi fieldInfo + usePresence, _ := usePresenceForField(si, fd) + + switch { + case fd.IsWeak(): + // Weak fields are no different for opaque. + fi = fieldInfoForWeakMessage(fd, si.weakOffset) + case fd.ContainingOneof() != nil && !fd.ContainingOneof().IsSynthetic(): + // Oneofs are no different for opaque. + fi = fieldInfoForOneof(fd, si.oneofsByName[fd.ContainingOneof().Name()], mi.Exporter, si.oneofWrappersByNumber[fd.Number()]) + case fd.IsMap(): + fi = mi.fieldInfoForMapOpaque(si, fd, fs) + case fd.IsList() && fd.Message() == nil && usePresence: + fi = mi.fieldInfoForScalarListOpaque(si, fd, fs) + case fd.IsList() && fd.Message() == nil: + // Proto3 lists without presence can use same access methods as open + fi = fieldInfoForList(fd, fs, mi.Exporter) + case fd.IsList() && usePresence: + fi = mi.fieldInfoForMessageListOpaque(si, fd, fs) + case fd.IsList(): + // Proto3 opaque messages that does not need presence bitmap. + // Different representation than open struct, but same logic + fi = mi.fieldInfoForMessageListOpaqueNoPresence(si, fd, fs) + case fd.Message() != nil && usePresence: + fi = mi.fieldInfoForMessageOpaque(si, fd, fs) + case fd.Message() != nil: + // Proto3 messages without presence can use same access methods as open + fi = fieldInfoForMessage(fd, fs, mi.Exporter) + default: + fi = mi.fieldInfoForScalarOpaque(si, fd, fs) + } + mi.fields[fd.Number()] = &fi + } + mi.oneofs = map[protoreflect.Name]*oneofInfo{} + for i := 0; i < mi.Desc.Oneofs().Len(); i++ { + od := mi.Desc.Oneofs().Get(i) + if !od.IsSynthetic() { + mi.oneofs[od.Name()] = makeOneofInfo(od, si.structInfo, mi.Exporter) + } + } + + mi.denseFields = make([]*fieldInfo, fds.Len()*2) + for i := 0; i < fds.Len(); i++ { + if fd := fds.Get(i); int(fd.Number()) < len(mi.denseFields) { + mi.denseFields[fd.Number()] = mi.fields[fd.Number()] + } + } + + for i := 0; i < fds.Len(); { + fd := fds.Get(i) + if od := fd.ContainingOneof(); od != nil && !fd.ContainingOneof().IsSynthetic() { + mi.rangeInfos = append(mi.rangeInfos, mi.oneofs[od.Name()]) + i += od.Fields().Len() + } else { + mi.rangeInfos = append(mi.rangeInfos, mi.fields[fd.Number()]) + i++ + } + } + + mi.makeExtensionFieldsFunc(mt, si.structInfo) + mi.makeUnknownFieldsFunc(mt, si.structInfo) + mi.makeOpaqueCoderMethods(mt, si) + mi.makeFieldTypes(si.structInfo) + + return true +} + +func (mi *MessageInfo) fieldInfoForMapOpaque(si opaqueStructInfo, fd protoreflect.FieldDescriptor, fs reflect.StructField) fieldInfo { + ft := fs.Type + if ft.Kind() != reflect.Map { + panic(fmt.Sprintf("invalid type: got %v, want map kind", ft)) + } + fieldOffset := offsetOf(fs, mi.Exporter) + conv := NewConverter(ft, fd) + return fieldInfo{ + fieldDesc: fd, + has: func(p pointer) bool { + if p.IsNil() { + return false + } + // Don't bother checking presence bits, since we need to + // look at the map length even if the presence bit is set. + rv := p.Apply(fieldOffset).AsValueOf(fs.Type).Elem() + return rv.Len() > 0 + }, + clear: func(p pointer) { + rv := p.Apply(fieldOffset).AsValueOf(fs.Type).Elem() + rv.Set(reflect.Zero(rv.Type())) + }, + get: func(p pointer) protoreflect.Value { + if p.IsNil() { + return conv.Zero() + } + rv := p.Apply(fieldOffset).AsValueOf(fs.Type).Elem() + if rv.Len() == 0 { + return conv.Zero() + } + return conv.PBValueOf(rv) + }, + set: func(p pointer, v protoreflect.Value) { + pv := conv.GoValueOf(v) + if pv.IsNil() { + panic(fmt.Sprintf("invalid value: setting map field to read-only value")) + } + rv := p.Apply(fieldOffset).AsValueOf(fs.Type).Elem() + rv.Set(pv) + }, + mutable: func(p pointer) protoreflect.Value { + v := p.Apply(fieldOffset).AsValueOf(fs.Type).Elem() + if v.IsNil() { + v.Set(reflect.MakeMap(fs.Type)) + } + return conv.PBValueOf(v) + }, + newField: func() protoreflect.Value { + return conv.New() + }, + } +} + +func (mi *MessageInfo) fieldInfoForScalarListOpaque(si opaqueStructInfo, fd protoreflect.FieldDescriptor, fs reflect.StructField) fieldInfo { + ft := fs.Type + if ft.Kind() != reflect.Slice { + panic(fmt.Sprintf("invalid type: got %v, want slice kind", ft)) + } + conv := NewConverter(reflect.PtrTo(ft), fd) + fieldOffset := offsetOf(fs, mi.Exporter) + index, _ := presenceIndex(mi.Desc, fd) + return fieldInfo{ + fieldDesc: fd, + has: func(p pointer) bool { + if p.IsNil() { + return false + } + rv := p.Apply(fieldOffset).AsValueOf(fs.Type).Elem() + return rv.Len() > 0 + }, + clear: func(p pointer) { + rv := p.Apply(fieldOffset).AsValueOf(fs.Type).Elem() + rv.Set(reflect.Zero(rv.Type())) + }, + get: func(p pointer) protoreflect.Value { + if p.IsNil() { + return conv.Zero() + } + rv := p.Apply(fieldOffset).AsValueOf(fs.Type) + if rv.Elem().Len() == 0 { + return conv.Zero() + } + return conv.PBValueOf(rv) + }, + set: func(p pointer, v protoreflect.Value) { + pv := conv.GoValueOf(v) + if pv.IsNil() { + panic(fmt.Sprintf("invalid value: setting repeated field to read-only value")) + } + mi.setPresent(p, index) + rv := p.Apply(fieldOffset).AsValueOf(fs.Type).Elem() + rv.Set(pv.Elem()) + }, + mutable: func(p pointer) protoreflect.Value { + mi.setPresent(p, index) + return conv.PBValueOf(p.Apply(fieldOffset).AsValueOf(fs.Type)) + }, + newField: func() protoreflect.Value { + return conv.New() + }, + } +} + +func (mi *MessageInfo) fieldInfoForMessageListOpaque(si opaqueStructInfo, fd protoreflect.FieldDescriptor, fs reflect.StructField) fieldInfo { + ft := fs.Type + if ft.Kind() != reflect.Ptr || ft.Elem().Kind() != reflect.Slice { + panic(fmt.Sprintf("invalid type: got %v, want slice kind", ft)) + } + conv := NewConverter(ft, fd) + fieldOffset := offsetOf(fs, mi.Exporter) + index, _ := presenceIndex(mi.Desc, fd) + fieldNumber := fd.Number() + return fieldInfo{ + fieldDesc: fd, + has: func(p pointer) bool { + if p.IsNil() { + return false + } + if !mi.present(p, index) { + return false + } + sp := p.Apply(fieldOffset).AtomicGetPointer() + if sp.IsNil() { + // Lazily unmarshal this field. + mi.lazyUnmarshal(p, fieldNumber) + sp = p.Apply(fieldOffset).AtomicGetPointer() + } + rv := sp.AsValueOf(fs.Type.Elem()) + return rv.Elem().Len() > 0 + }, + clear: func(p pointer) { + fp := p.Apply(fieldOffset) + sp := fp.AtomicGetPointer() + if sp.IsNil() { + sp = fp.AtomicSetPointerIfNil(pointerOfValue(reflect.New(fs.Type.Elem()))) + mi.setPresent(p, index) + } + rv := sp.AsValueOf(fs.Type.Elem()) + rv.Elem().Set(reflect.Zero(rv.Type().Elem())) + }, + get: func(p pointer) protoreflect.Value { + if p.IsNil() { + return conv.Zero() + } + if !mi.present(p, index) { + return conv.Zero() + } + sp := p.Apply(fieldOffset).AtomicGetPointer() + if sp.IsNil() { + // Lazily unmarshal this field. + mi.lazyUnmarshal(p, fieldNumber) + sp = p.Apply(fieldOffset).AtomicGetPointer() + } + rv := sp.AsValueOf(fs.Type.Elem()) + if rv.Elem().Len() == 0 { + return conv.Zero() + } + return conv.PBValueOf(rv) + }, + set: func(p pointer, v protoreflect.Value) { + fp := p.Apply(fieldOffset) + sp := fp.AtomicGetPointer() + if sp.IsNil() { + sp = fp.AtomicSetPointerIfNil(pointerOfValue(reflect.New(fs.Type.Elem()))) + mi.setPresent(p, index) + } + rv := sp.AsValueOf(fs.Type.Elem()) + val := conv.GoValueOf(v) + if val.IsNil() { + panic(fmt.Sprintf("invalid value: setting repeated field to read-only value")) + } else { + rv.Elem().Set(val.Elem()) + } + }, + mutable: func(p pointer) protoreflect.Value { + fp := p.Apply(fieldOffset) + sp := fp.AtomicGetPointer() + if sp.IsNil() { + if mi.present(p, index) { + // Lazily unmarshal this field. + mi.lazyUnmarshal(p, fieldNumber) + sp = p.Apply(fieldOffset).AtomicGetPointer() + } else { + sp = fp.AtomicSetPointerIfNil(pointerOfValue(reflect.New(fs.Type.Elem()))) + mi.setPresent(p, index) + } + } + rv := sp.AsValueOf(fs.Type.Elem()) + return conv.PBValueOf(rv) + }, + newField: func() protoreflect.Value { + return conv.New() + }, + } +} + +func (mi *MessageInfo) fieldInfoForMessageListOpaqueNoPresence(si opaqueStructInfo, fd protoreflect.FieldDescriptor, fs reflect.StructField) fieldInfo { + ft := fs.Type + if ft.Kind() != reflect.Ptr || ft.Elem().Kind() != reflect.Slice { + panic(fmt.Sprintf("invalid type: got %v, want slice kind", ft)) + } + conv := NewConverter(ft, fd) + fieldOffset := offsetOf(fs, mi.Exporter) + return fieldInfo{ + fieldDesc: fd, + has: func(p pointer) bool { + if p.IsNil() { + return false + } + sp := p.Apply(fieldOffset).AtomicGetPointer() + if sp.IsNil() { + return false + } + rv := sp.AsValueOf(fs.Type.Elem()) + return rv.Elem().Len() > 0 + }, + clear: func(p pointer) { + sp := p.Apply(fieldOffset).AtomicGetPointer() + if !sp.IsNil() { + rv := sp.AsValueOf(fs.Type.Elem()) + rv.Elem().Set(reflect.Zero(rv.Type().Elem())) + } + }, + get: func(p pointer) protoreflect.Value { + if p.IsNil() { + return conv.Zero() + } + sp := p.Apply(fieldOffset).AtomicGetPointer() + if sp.IsNil() { + return conv.Zero() + } + rv := sp.AsValueOf(fs.Type.Elem()) + if rv.Elem().Len() == 0 { + return conv.Zero() + } + return conv.PBValueOf(rv) + }, + set: func(p pointer, v protoreflect.Value) { + rv := p.Apply(fieldOffset).AsValueOf(fs.Type).Elem() + if rv.IsNil() { + rv.Set(reflect.New(fs.Type.Elem())) + } + val := conv.GoValueOf(v) + if val.IsNil() { + panic(fmt.Sprintf("invalid value: setting repeated field to read-only value")) + } else { + rv.Elem().Set(val.Elem()) + } + }, + mutable: func(p pointer) protoreflect.Value { + rv := p.Apply(fieldOffset).AsValueOf(fs.Type).Elem() + if rv.IsNil() { + rv.Set(reflect.New(fs.Type.Elem())) + } + return conv.PBValueOf(rv) + }, + newField: func() protoreflect.Value { + return conv.New() + }, + } +} + +func (mi *MessageInfo) fieldInfoForScalarOpaque(si opaqueStructInfo, fd protoreflect.FieldDescriptor, fs reflect.StructField) fieldInfo { + ft := fs.Type + nullable := fd.HasPresence() + if oneof := fd.ContainingOneof(); oneof != nil && oneof.IsSynthetic() { + nullable = true + } + deref := false + if nullable && ft.Kind() == reflect.Ptr { + ft = ft.Elem() + deref = true + } + conv := NewConverter(ft, fd) + fieldOffset := offsetOf(fs, mi.Exporter) + index, _ := presenceIndex(mi.Desc, fd) + var getter func(p pointer) protoreflect.Value + if !nullable { + getter = getterForDirectScalar(fd, fs, conv, fieldOffset) + } else { + getter = getterForOpaqueNullableScalar(mi, index, fd, fs, conv, fieldOffset) + } + return fieldInfo{ + fieldDesc: fd, + has: func(p pointer) bool { + if p.IsNil() { + return false + } + if nullable { + return mi.present(p, index) + } + rv := p.Apply(fieldOffset).AsValueOf(fs.Type).Elem() + switch rv.Kind() { + case reflect.Bool: + return rv.Bool() + case reflect.Int32, reflect.Int64: + return rv.Int() != 0 + case reflect.Uint32, reflect.Uint64: + return rv.Uint() != 0 + case reflect.Float32, reflect.Float64: + return rv.Float() != 0 || math.Signbit(rv.Float()) + case reflect.String, reflect.Slice: + return rv.Len() > 0 + default: + panic(fmt.Sprintf("invalid type: %v", rv.Type())) // should never happen + } + }, + clear: func(p pointer) { + if nullable { + mi.clearPresent(p, index) + } + // This is only valuable for bytes and strings, but we do it unconditionally. + rv := p.Apply(fieldOffset).AsValueOf(fs.Type).Elem() + rv.Set(reflect.Zero(rv.Type())) + }, + get: getter, + // TODO: Implement unsafe fast path for set? + set: func(p pointer, v protoreflect.Value) { + rv := p.Apply(fieldOffset).AsValueOf(fs.Type).Elem() + if deref { + if rv.IsNil() { + rv.Set(reflect.New(ft)) + } + rv = rv.Elem() + } + + rv.Set(conv.GoValueOf(v)) + if nullable && rv.Kind() == reflect.Slice && rv.IsNil() { + rv.Set(emptyBytes) + } + if nullable { + mi.setPresent(p, index) + } + }, + newField: func() protoreflect.Value { + return conv.New() + }, + } +} + +func (mi *MessageInfo) fieldInfoForMessageOpaque(si opaqueStructInfo, fd protoreflect.FieldDescriptor, fs reflect.StructField) fieldInfo { + ft := fs.Type + conv := NewConverter(ft, fd) + fieldOffset := offsetOf(fs, mi.Exporter) + index, _ := presenceIndex(mi.Desc, fd) + fieldNumber := fd.Number() + elemType := fs.Type.Elem() + return fieldInfo{ + fieldDesc: fd, + has: func(p pointer) bool { + if p.IsNil() { + return false + } + return mi.present(p, index) + }, + clear: func(p pointer) { + mi.clearPresent(p, index) + p.Apply(fieldOffset).AtomicSetNilPointer() + }, + get: func(p pointer) protoreflect.Value { + if p.IsNil() || !mi.present(p, index) { + return conv.Zero() + } + fp := p.Apply(fieldOffset) + mp := fp.AtomicGetPointer() + if mp.IsNil() { + // Lazily unmarshal this field. + mi.lazyUnmarshal(p, fieldNumber) + mp = fp.AtomicGetPointer() + } + rv := mp.AsValueOf(elemType) + return conv.PBValueOf(rv) + }, + set: func(p pointer, v protoreflect.Value) { + val := pointerOfValue(conv.GoValueOf(v)) + if val.IsNil() { + panic("invalid nil pointer") + } + p.Apply(fieldOffset).AtomicSetPointer(val) + mi.setPresent(p, index) + }, + mutable: func(p pointer) protoreflect.Value { + fp := p.Apply(fieldOffset) + mp := fp.AtomicGetPointer() + if mp.IsNil() { + if mi.present(p, index) { + // Lazily unmarshal this field. + mi.lazyUnmarshal(p, fieldNumber) + mp = fp.AtomicGetPointer() + } else { + mp = pointerOfValue(conv.GoValueOf(conv.New())) + fp.AtomicSetPointer(mp) + mi.setPresent(p, index) + } + } + return conv.PBValueOf(mp.AsValueOf(fs.Type.Elem())) + }, + newMessage: func() protoreflect.Message { + return conv.New().Message() + }, + newField: func() protoreflect.Value { + return conv.New() + }, + } +} + +// A presenceList wraps a List, updating presence bits as necessary when the +// list contents change. +type presenceList struct { + pvalueList + setPresence func(bool) +} +type pvalueList interface { + protoreflect.List + //Unwrapper +} + +func (list presenceList) Append(v protoreflect.Value) { + list.pvalueList.Append(v) + list.setPresence(true) +} +func (list presenceList) Truncate(i int) { + list.pvalueList.Truncate(i) + list.setPresence(i > 0) +} + +// presenceIndex returns the index to pass to presence functions. +// +// TODO: field.Desc.Index() would be simpler, and would give space to record the presence of oneof fields. +func presenceIndex(md protoreflect.MessageDescriptor, fd protoreflect.FieldDescriptor) (uint32, presenceSize) { + found := false + var index, numIndices uint32 + for i := 0; i < md.Fields().Len(); i++ { + f := md.Fields().Get(i) + if f == fd { + found = true + index = numIndices + } + if f.ContainingOneof() == nil || isLastOneofField(f) { + numIndices++ + } + } + if !found { + panic(fmt.Sprintf("BUG: %v not in %v", fd.Name(), md.FullName())) + } + return index, presenceSize(numIndices) +} + +func isLastOneofField(fd protoreflect.FieldDescriptor) bool { + fields := fd.ContainingOneof().Fields() + return fields.Get(fields.Len()-1) == fd +} + +func (mi *MessageInfo) setPresent(p pointer, index uint32) { + p.Apply(mi.presenceOffset).PresenceInfo().SetPresent(index, mi.presenceSize) +} + +func (mi *MessageInfo) clearPresent(p pointer, index uint32) { + p.Apply(mi.presenceOffset).PresenceInfo().ClearPresent(index) +} + +func (mi *MessageInfo) present(p pointer, index uint32) bool { + return p.Apply(mi.presenceOffset).PresenceInfo().Present(index) +} + +// usePresenceForField implements the somewhat intricate logic of when +// the presence bitmap is used for a field. The main logic is that a +// field that is optional or that can be lazy will use the presence +// bit, but for proto2, also maps have a presence bit. It also records +// if the field can ever be lazy, which is true if we have a +// lazyOffset and the field is a message or a slice of messages. A +// field that is lazy will always need a presence bit. Oneofs are not +// lazy and do not use presence, unless they are a synthetic oneof, +// which is a proto3 optional field. For proto3 optionals, we use the +// presence and they can also be lazy when applicable (a message). +func usePresenceForField(si opaqueStructInfo, fd protoreflect.FieldDescriptor) (usePresence, canBeLazy bool) { + hasLazyField := fd.(interface{ IsLazy() bool }).IsLazy() + + // Non-oneof scalar fields with explicit field presence use the presence array. + usesPresenceArray := fd.HasPresence() && fd.Message() == nil && (fd.ContainingOneof() == nil || fd.ContainingOneof().IsSynthetic()) + switch { + case fd.ContainingOneof() != nil && !fd.ContainingOneof().IsSynthetic(): + return false, false + case fd.IsWeak(): + return false, false + case fd.IsMap(): + return false, false + case fd.Kind() == protoreflect.MessageKind || fd.Kind() == protoreflect.GroupKind: + return hasLazyField, hasLazyField + default: + return usesPresenceArray || (hasLazyField && fd.HasPresence()), false + } +} diff --git a/vendor/google.golang.org/protobuf/internal/impl/message_opaque_gen.go b/vendor/google.golang.org/protobuf/internal/impl/message_opaque_gen.go new file mode 100644 index 00000000000..a69825699ab --- /dev/null +++ b/vendor/google.golang.org/protobuf/internal/impl/message_opaque_gen.go @@ -0,0 +1,132 @@ +// Copyright 2018 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Code generated by generate-types. DO NOT EDIT. + +package impl + +import ( + "reflect" + + "google.golang.org/protobuf/reflect/protoreflect" +) + +func getterForOpaqueNullableScalar(mi *MessageInfo, index uint32, fd protoreflect.FieldDescriptor, fs reflect.StructField, conv Converter, fieldOffset offset) func(p pointer) protoreflect.Value { + ft := fs.Type + if ft.Kind() == reflect.Ptr { + ft = ft.Elem() + } + if fd.Kind() == protoreflect.EnumKind { + // Enums for nullable opaque types. + return func(p pointer) protoreflect.Value { + if p.IsNil() || !mi.present(p, index) { + return conv.Zero() + } + rv := p.Apply(fieldOffset).AsValueOf(fs.Type).Elem() + return conv.PBValueOf(rv) + } + } + switch ft.Kind() { + case reflect.Bool: + return func(p pointer) protoreflect.Value { + if p.IsNil() || !mi.present(p, index) { + return conv.Zero() + } + x := p.Apply(fieldOffset).Bool() + return protoreflect.ValueOfBool(*x) + } + case reflect.Int32: + return func(p pointer) protoreflect.Value { + if p.IsNil() || !mi.present(p, index) { + return conv.Zero() + } + x := p.Apply(fieldOffset).Int32() + return protoreflect.ValueOfInt32(*x) + } + case reflect.Uint32: + return func(p pointer) protoreflect.Value { + if p.IsNil() || !mi.present(p, index) { + return conv.Zero() + } + x := p.Apply(fieldOffset).Uint32() + return protoreflect.ValueOfUint32(*x) + } + case reflect.Int64: + return func(p pointer) protoreflect.Value { + if p.IsNil() || !mi.present(p, index) { + return conv.Zero() + } + x := p.Apply(fieldOffset).Int64() + return protoreflect.ValueOfInt64(*x) + } + case reflect.Uint64: + return func(p pointer) protoreflect.Value { + if p.IsNil() || !mi.present(p, index) { + return conv.Zero() + } + x := p.Apply(fieldOffset).Uint64() + return protoreflect.ValueOfUint64(*x) + } + case reflect.Float32: + return func(p pointer) protoreflect.Value { + if p.IsNil() || !mi.present(p, index) { + return conv.Zero() + } + x := p.Apply(fieldOffset).Float32() + return protoreflect.ValueOfFloat32(*x) + } + case reflect.Float64: + return func(p pointer) protoreflect.Value { + if p.IsNil() || !mi.present(p, index) { + return conv.Zero() + } + x := p.Apply(fieldOffset).Float64() + return protoreflect.ValueOfFloat64(*x) + } + case reflect.String: + if fd.Kind() == protoreflect.BytesKind { + return func(p pointer) protoreflect.Value { + if p.IsNil() || !mi.present(p, index) { + return conv.Zero() + } + x := p.Apply(fieldOffset).StringPtr() + if *x == nil { + return conv.Zero() + } + if len(**x) == 0 { + return protoreflect.ValueOfBytes(nil) + } + return protoreflect.ValueOfBytes([]byte(**x)) + } + } + return func(p pointer) protoreflect.Value { + if p.IsNil() || !mi.present(p, index) { + return conv.Zero() + } + x := p.Apply(fieldOffset).StringPtr() + if *x == nil { + return conv.Zero() + } + return protoreflect.ValueOfString(**x) + } + case reflect.Slice: + if fd.Kind() == protoreflect.StringKind { + return func(p pointer) protoreflect.Value { + if p.IsNil() || !mi.present(p, index) { + return conv.Zero() + } + x := p.Apply(fieldOffset).Bytes() + return protoreflect.ValueOfString(string(*x)) + } + } + return func(p pointer) protoreflect.Value { + if p.IsNil() || !mi.present(p, index) { + return conv.Zero() + } + x := p.Apply(fieldOffset).Bytes() + return protoreflect.ValueOfBytes(*x) + } + } + panic("unexpected protobuf kind: " + ft.Kind().String()) +} diff --git a/vendor/google.golang.org/protobuf/internal/impl/message_reflect.go b/vendor/google.golang.org/protobuf/internal/impl/message_reflect.go index ecb4623d701..1b9b16a4079 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/message_reflect.go +++ b/vendor/google.golang.org/protobuf/internal/impl/message_reflect.go @@ -85,7 +85,9 @@ func (mi *MessageInfo) makeKnownFieldsFunc(si structInfo) { mi.oneofs = map[protoreflect.Name]*oneofInfo{} for i := 0; i < md.Oneofs().Len(); i++ { od := md.Oneofs().Get(i) - mi.oneofs[od.Name()] = makeOneofInfo(od, si, mi.Exporter) + if !od.IsSynthetic() { + mi.oneofs[od.Name()] = makeOneofInfo(od, si, mi.Exporter) + } } mi.denseFields = make([]*fieldInfo, fds.Len()*2) @@ -205,6 +207,11 @@ func (mi *MessageInfo) makeFieldTypes(si structInfo) { case fd.IsList(): if fd.Enum() != nil || fd.Message() != nil { ft = fs.Type.Elem() + + if ft.Kind() == reflect.Slice { + ft = ft.Elem() + } + } isMessage = fd.Message() != nil case fd.Enum() != nil: diff --git a/vendor/google.golang.org/protobuf/internal/impl/message_reflect_field.go b/vendor/google.golang.org/protobuf/internal/impl/message_reflect_field.go index 986322b195a..a740646205c 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/message_reflect_field.go +++ b/vendor/google.golang.org/protobuf/internal/impl/message_reflect_field.go @@ -256,6 +256,7 @@ func fieldInfoForScalar(fd protoreflect.FieldDescriptor, fs reflect.StructField, ft := fs.Type nullable := fd.HasPresence() isBytes := ft.Kind() == reflect.Slice && ft.Elem().Kind() == reflect.Uint8 + var getter func(p pointer) protoreflect.Value if nullable { if ft.Kind() != reflect.Ptr && ft.Kind() != reflect.Slice { // This never occurs for generated message types. @@ -268,19 +269,25 @@ func fieldInfoForScalar(fd protoreflect.FieldDescriptor, fs reflect.StructField, } } conv := NewConverter(ft, fd) - - // TODO: Implement unsafe fast path? fieldOffset := offsetOf(fs, x) + + // Generate specialized getter functions to avoid going through reflect.Value + if nullable { + getter = getterForNullableScalar(fd, fs, conv, fieldOffset) + } else { + getter = getterForDirectScalar(fd, fs, conv, fieldOffset) + } + return fieldInfo{ fieldDesc: fd, has: func(p pointer) bool { if p.IsNil() { return false } - rv := p.Apply(fieldOffset).AsValueOf(fs.Type).Elem() if nullable { - return !rv.IsNil() + return !p.Apply(fieldOffset).Elem().IsNil() } + rv := p.Apply(fieldOffset).AsValueOf(fs.Type).Elem() switch rv.Kind() { case reflect.Bool: return rv.Bool() @@ -300,21 +307,8 @@ func fieldInfoForScalar(fd protoreflect.FieldDescriptor, fs reflect.StructField, rv := p.Apply(fieldOffset).AsValueOf(fs.Type).Elem() rv.Set(reflect.Zero(rv.Type())) }, - get: func(p pointer) protoreflect.Value { - if p.IsNil() { - return conv.Zero() - } - rv := p.Apply(fieldOffset).AsValueOf(fs.Type).Elem() - if nullable { - if rv.IsNil() { - return conv.Zero() - } - if rv.Kind() == reflect.Ptr { - rv = rv.Elem() - } - } - return conv.PBValueOf(rv) - }, + get: getter, + // TODO: Implement unsafe fast path for set? set: func(p pointer, v protoreflect.Value) { rv := p.Apply(fieldOffset).AsValueOf(fs.Type).Elem() if nullable && rv.Kind() == reflect.Ptr { diff --git a/vendor/google.golang.org/protobuf/internal/impl/message_reflect_field_gen.go b/vendor/google.golang.org/protobuf/internal/impl/message_reflect_field_gen.go new file mode 100644 index 00000000000..af5e063a1e8 --- /dev/null +++ b/vendor/google.golang.org/protobuf/internal/impl/message_reflect_field_gen.go @@ -0,0 +1,273 @@ +// Copyright 2018 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Code generated by generate-types. DO NOT EDIT. + +package impl + +import ( + "reflect" + + "google.golang.org/protobuf/reflect/protoreflect" +) + +func getterForNullableScalar(fd protoreflect.FieldDescriptor, fs reflect.StructField, conv Converter, fieldOffset offset) func(p pointer) protoreflect.Value { + ft := fs.Type + if ft.Kind() == reflect.Ptr { + ft = ft.Elem() + } + if fd.Kind() == protoreflect.EnumKind { + elemType := fs.Type.Elem() + // Enums for nullable types. + return func(p pointer) protoreflect.Value { + if p.IsNil() { + return conv.Zero() + } + rv := p.Apply(fieldOffset).Elem().AsValueOf(elemType) + if rv.IsNil() { + return conv.Zero() + } + return conv.PBValueOf(rv.Elem()) + } + } + switch ft.Kind() { + case reflect.Bool: + return func(p pointer) protoreflect.Value { + if p.IsNil() { + return conv.Zero() + } + x := p.Apply(fieldOffset).BoolPtr() + if *x == nil { + return conv.Zero() + } + return protoreflect.ValueOfBool(**x) + } + case reflect.Int32: + return func(p pointer) protoreflect.Value { + if p.IsNil() { + return conv.Zero() + } + x := p.Apply(fieldOffset).Int32Ptr() + if *x == nil { + return conv.Zero() + } + return protoreflect.ValueOfInt32(**x) + } + case reflect.Uint32: + return func(p pointer) protoreflect.Value { + if p.IsNil() { + return conv.Zero() + } + x := p.Apply(fieldOffset).Uint32Ptr() + if *x == nil { + return conv.Zero() + } + return protoreflect.ValueOfUint32(**x) + } + case reflect.Int64: + return func(p pointer) protoreflect.Value { + if p.IsNil() { + return conv.Zero() + } + x := p.Apply(fieldOffset).Int64Ptr() + if *x == nil { + return conv.Zero() + } + return protoreflect.ValueOfInt64(**x) + } + case reflect.Uint64: + return func(p pointer) protoreflect.Value { + if p.IsNil() { + return conv.Zero() + } + x := p.Apply(fieldOffset).Uint64Ptr() + if *x == nil { + return conv.Zero() + } + return protoreflect.ValueOfUint64(**x) + } + case reflect.Float32: + return func(p pointer) protoreflect.Value { + if p.IsNil() { + return conv.Zero() + } + x := p.Apply(fieldOffset).Float32Ptr() + if *x == nil { + return conv.Zero() + } + return protoreflect.ValueOfFloat32(**x) + } + case reflect.Float64: + return func(p pointer) protoreflect.Value { + if p.IsNil() { + return conv.Zero() + } + x := p.Apply(fieldOffset).Float64Ptr() + if *x == nil { + return conv.Zero() + } + return protoreflect.ValueOfFloat64(**x) + } + case reflect.String: + if fd.Kind() == protoreflect.BytesKind { + return func(p pointer) protoreflect.Value { + if p.IsNil() { + return conv.Zero() + } + x := p.Apply(fieldOffset).StringPtr() + if *x == nil { + return conv.Zero() + } + if len(**x) == 0 { + return protoreflect.ValueOfBytes(nil) + } + return protoreflect.ValueOfBytes([]byte(**x)) + } + } + return func(p pointer) protoreflect.Value { + if p.IsNil() { + return conv.Zero() + } + x := p.Apply(fieldOffset).StringPtr() + if *x == nil { + return conv.Zero() + } + return protoreflect.ValueOfString(**x) + } + case reflect.Slice: + if fd.Kind() == protoreflect.StringKind { + return func(p pointer) protoreflect.Value { + if p.IsNil() { + return conv.Zero() + } + x := p.Apply(fieldOffset).Bytes() + if len(*x) == 0 { + return conv.Zero() + } + return protoreflect.ValueOfString(string(*x)) + } + } + return func(p pointer) protoreflect.Value { + if p.IsNil() { + return conv.Zero() + } + x := p.Apply(fieldOffset).Bytes() + if *x == nil { + return conv.Zero() + } + return protoreflect.ValueOfBytes(*x) + } + } + panic("unexpected protobuf kind: " + ft.Kind().String()) +} + +func getterForDirectScalar(fd protoreflect.FieldDescriptor, fs reflect.StructField, conv Converter, fieldOffset offset) func(p pointer) protoreflect.Value { + ft := fs.Type + if fd.Kind() == protoreflect.EnumKind { + // Enums for non nullable types. + return func(p pointer) protoreflect.Value { + if p.IsNil() { + return conv.Zero() + } + rv := p.Apply(fieldOffset).AsValueOf(fs.Type).Elem() + return conv.PBValueOf(rv) + } + } + switch ft.Kind() { + case reflect.Bool: + return func(p pointer) protoreflect.Value { + if p.IsNil() { + return conv.Zero() + } + x := p.Apply(fieldOffset).Bool() + return protoreflect.ValueOfBool(*x) + } + case reflect.Int32: + return func(p pointer) protoreflect.Value { + if p.IsNil() { + return conv.Zero() + } + x := p.Apply(fieldOffset).Int32() + return protoreflect.ValueOfInt32(*x) + } + case reflect.Uint32: + return func(p pointer) protoreflect.Value { + if p.IsNil() { + return conv.Zero() + } + x := p.Apply(fieldOffset).Uint32() + return protoreflect.ValueOfUint32(*x) + } + case reflect.Int64: + return func(p pointer) protoreflect.Value { + if p.IsNil() { + return conv.Zero() + } + x := p.Apply(fieldOffset).Int64() + return protoreflect.ValueOfInt64(*x) + } + case reflect.Uint64: + return func(p pointer) protoreflect.Value { + if p.IsNil() { + return conv.Zero() + } + x := p.Apply(fieldOffset).Uint64() + return protoreflect.ValueOfUint64(*x) + } + case reflect.Float32: + return func(p pointer) protoreflect.Value { + if p.IsNil() { + return conv.Zero() + } + x := p.Apply(fieldOffset).Float32() + return protoreflect.ValueOfFloat32(*x) + } + case reflect.Float64: + return func(p pointer) protoreflect.Value { + if p.IsNil() { + return conv.Zero() + } + x := p.Apply(fieldOffset).Float64() + return protoreflect.ValueOfFloat64(*x) + } + case reflect.String: + if fd.Kind() == protoreflect.BytesKind { + return func(p pointer) protoreflect.Value { + if p.IsNil() { + return conv.Zero() + } + x := p.Apply(fieldOffset).String() + if len(*x) == 0 { + return protoreflect.ValueOfBytes(nil) + } + return protoreflect.ValueOfBytes([]byte(*x)) + } + } + return func(p pointer) protoreflect.Value { + if p.IsNil() { + return conv.Zero() + } + x := p.Apply(fieldOffset).String() + return protoreflect.ValueOfString(*x) + } + case reflect.Slice: + if fd.Kind() == protoreflect.StringKind { + return func(p pointer) protoreflect.Value { + if p.IsNil() { + return conv.Zero() + } + x := p.Apply(fieldOffset).Bytes() + return protoreflect.ValueOfString(string(*x)) + } + } + return func(p pointer) protoreflect.Value { + if p.IsNil() { + return conv.Zero() + } + x := p.Apply(fieldOffset).Bytes() + return protoreflect.ValueOfBytes(*x) + } + } + panic("unexpected protobuf kind: " + ft.Kind().String()) +} diff --git a/vendor/google.golang.org/protobuf/internal/impl/pointer_unsafe.go b/vendor/google.golang.org/protobuf/internal/impl/pointer_unsafe.go index 79e186667b7..041ebde2de6 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/pointer_unsafe.go +++ b/vendor/google.golang.org/protobuf/internal/impl/pointer_unsafe.go @@ -8,6 +8,8 @@ import ( "reflect" "sync/atomic" "unsafe" + + "google.golang.org/protobuf/internal/protolazy" ) const UnsafeEnabled = true @@ -111,6 +113,13 @@ func (p pointer) BytesPtr() **[]byte { return (**[]byte)(p.p) func (p pointer) BytesSlice() *[][]byte { return (*[][]byte)(p.p) } func (p pointer) WeakFields() *weakFields { return (*weakFields)(p.p) } func (p pointer) Extensions() *map[int32]ExtensionField { return (*map[int32]ExtensionField)(p.p) } +func (p pointer) LazyInfoPtr() **protolazy.XXX_lazyUnmarshalInfo { + return (**protolazy.XXX_lazyUnmarshalInfo)(p.p) +} + +func (p pointer) PresenceInfo() presence { + return presence{P: p.p} +} func (p pointer) Elem() pointer { return pointer{p: *(*unsafe.Pointer)(p.p)} diff --git a/vendor/google.golang.org/protobuf/internal/impl/pointer_unsafe_opaque.go b/vendor/google.golang.org/protobuf/internal/impl/pointer_unsafe_opaque.go new file mode 100644 index 00000000000..38aa7b7dcf2 --- /dev/null +++ b/vendor/google.golang.org/protobuf/internal/impl/pointer_unsafe_opaque.go @@ -0,0 +1,42 @@ +// Copyright 2024 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package impl + +import ( + "sync/atomic" + "unsafe" +) + +func (p pointer) AtomicGetPointer() pointer { + return pointer{p: atomic.LoadPointer((*unsafe.Pointer)(p.p))} +} + +func (p pointer) AtomicSetPointer(v pointer) { + atomic.StorePointer((*unsafe.Pointer)(p.p), v.p) +} + +func (p pointer) AtomicSetNilPointer() { + atomic.StorePointer((*unsafe.Pointer)(p.p), unsafe.Pointer(nil)) +} + +func (p pointer) AtomicSetPointerIfNil(v pointer) pointer { + if atomic.CompareAndSwapPointer((*unsafe.Pointer)(p.p), unsafe.Pointer(nil), v.p) { + return v + } + return pointer{p: atomic.LoadPointer((*unsafe.Pointer)(p.p))} +} + +type atomicV1MessageInfo struct{ p Pointer } + +func (mi *atomicV1MessageInfo) Get() Pointer { + return Pointer(atomic.LoadPointer((*unsafe.Pointer)(&mi.p))) +} + +func (mi *atomicV1MessageInfo) SetIfNil(p Pointer) Pointer { + if atomic.CompareAndSwapPointer((*unsafe.Pointer)(&mi.p), nil, unsafe.Pointer(p)) { + return p + } + return mi.Get() +} diff --git a/vendor/google.golang.org/protobuf/internal/impl/presence.go b/vendor/google.golang.org/protobuf/internal/impl/presence.go new file mode 100644 index 00000000000..914cb1deda2 --- /dev/null +++ b/vendor/google.golang.org/protobuf/internal/impl/presence.go @@ -0,0 +1,142 @@ +// Copyright 2024 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package impl + +import ( + "sync/atomic" + "unsafe" +) + +// presenceSize represents the size of a presence set, which should be the largest index of the set+1 +type presenceSize uint32 + +// presence is the internal representation of the bitmap array in a generated protobuf +type presence struct { + // This is a pointer to the beginning of an array of uint32 + P unsafe.Pointer +} + +func (p presence) toElem(num uint32) (ret *uint32) { + const ( + bitsPerByte = 8 + siz = unsafe.Sizeof(*ret) + ) + // p.P points to an array of uint32, num is the bit in this array that the + // caller wants to check/manipulate. Calculate the index in the array that + // contains this specific bit. E.g.: 76 / 32 = 2 (integer division). + offset := uintptr(num) / (siz * bitsPerByte) * siz + return (*uint32)(unsafe.Pointer(uintptr(p.P) + offset)) +} + +// Present checks for the presence of a specific field number in a presence set. +func (p presence) Present(num uint32) bool { + if p.P == nil { + return false + } + return Export{}.Present(p.toElem(num), num) +} + +// SetPresent adds presence for a specific field number in a presence set. +func (p presence) SetPresent(num uint32, size presenceSize) { + Export{}.SetPresent(p.toElem(num), num, uint32(size)) +} + +// SetPresentUnatomic adds presence for a specific field number in a presence set without using +// atomic operations. Only to be called during unmarshaling. +func (p presence) SetPresentUnatomic(num uint32, size presenceSize) { + Export{}.SetPresentNonAtomic(p.toElem(num), num, uint32(size)) +} + +// ClearPresent removes presence for a specific field number in a presence set. +func (p presence) ClearPresent(num uint32) { + Export{}.ClearPresent(p.toElem(num), num) +} + +// LoadPresenceCache (together with PresentInCache) allows for a +// cached version of checking for presence without re-reading the word +// for every field. It is optimized for efficiency and assumes no +// simltaneous mutation of the presence set (or at least does not have +// a problem with simultaneous mutation giving inconsistent results). +func (p presence) LoadPresenceCache() (current uint32) { + if p.P == nil { + return 0 + } + return atomic.LoadUint32((*uint32)(p.P)) +} + +// PresentInCache reads presence from a cached word in the presence +// bitmap. It caches up a new word if the bit is outside the +// word. This is for really fast iteration through bitmaps in cases +// where we either know that the bitmap will not be altered, or we +// don't care about inconsistencies caused by simultaneous writes. +func (p presence) PresentInCache(num uint32, cachedElement *uint32, current *uint32) bool { + if num/32 != *cachedElement { + o := uintptr(num/32) * unsafe.Sizeof(uint32(0)) + q := (*uint32)(unsafe.Pointer(uintptr(p.P) + o)) + *current = atomic.LoadUint32(q) + *cachedElement = num / 32 + } + return (*current & (1 << (num % 32))) > 0 +} + +// AnyPresent checks if any field is marked as present in the bitmap. +func (p presence) AnyPresent(size presenceSize) bool { + n := uintptr((size + 31) / 32) + for j := uintptr(0); j < n; j++ { + o := j * unsafe.Sizeof(uint32(0)) + q := (*uint32)(unsafe.Pointer(uintptr(p.P) + o)) + b := atomic.LoadUint32(q) + if b > 0 { + return true + } + } + return false +} + +// toRaceDetectData finds the preceding RaceDetectHookData in a +// message by using pointer arithmetic. As the type of the presence +// set (bitmap) varies with the number of fields in the protobuf, we +// can not have a struct type containing the array and the +// RaceDetectHookData. instead the RaceDetectHookData is placed +// immediately before the bitmap array, and we find it by walking +// backwards in the struct. +// +// This method is only called from the race-detect version of the code, +// so RaceDetectHookData is never an empty struct. +func (p presence) toRaceDetectData() *RaceDetectHookData { + var template struct { + d RaceDetectHookData + a [1]uint32 + } + o := (uintptr(unsafe.Pointer(&template.a)) - uintptr(unsafe.Pointer(&template.d))) + return (*RaceDetectHookData)(unsafe.Pointer(uintptr(p.P) - o)) +} + +func atomicLoadShadowPresence(p **[]byte) *[]byte { + return (*[]byte)(atomic.LoadPointer((*unsafe.Pointer)(unsafe.Pointer(p)))) +} +func atomicStoreShadowPresence(p **[]byte, v *[]byte) { + atomic.CompareAndSwapPointer((*unsafe.Pointer)(unsafe.Pointer(p)), nil, unsafe.Pointer(v)) +} + +// findPointerToRaceDetectData finds the preceding RaceDetectHookData +// in a message by using pointer arithmetic. For the methods called +// directy from generated code, we don't have a pointer to the +// beginning of the presence set, but a pointer inside the array. As +// we know the index of the bit we're manipulating (num), we can +// calculate which element of the array ptr is pointing to. With that +// information we find the preceding RaceDetectHookData and can +// manipulate the shadow bitmap. +// +// This method is only called from the race-detect version of the +// code, so RaceDetectHookData is never an empty struct. +func findPointerToRaceDetectData(ptr *uint32, num uint32) *RaceDetectHookData { + var template struct { + d RaceDetectHookData + a [1]uint32 + } + o := (uintptr(unsafe.Pointer(&template.a)) - uintptr(unsafe.Pointer(&template.d))) + uintptr(num/32)*unsafe.Sizeof(uint32(0)) + return (*RaceDetectHookData)(unsafe.Pointer(uintptr(unsafe.Pointer(ptr)) - o)) +} diff --git a/vendor/google.golang.org/protobuf/internal/impl/validate.go b/vendor/google.golang.org/protobuf/internal/impl/validate.go index a24e6bbd7a5..b534a3d6dbb 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/validate.go +++ b/vendor/google.golang.org/protobuf/internal/impl/validate.go @@ -37,6 +37,10 @@ const ( // ValidationValid indicates that unmarshaling the message will succeed. ValidationValid + + // ValidationWrongWireType indicates that a validated field does not have + // the expected wire type. + ValidationWrongWireType ) func (v ValidationStatus) String() string { @@ -149,11 +153,23 @@ func newValidationInfo(fd protoreflect.FieldDescriptor, ft reflect.Type) validat switch fd.Kind() { case protoreflect.MessageKind: vi.typ = validationTypeMessage + + if ft.Kind() == reflect.Ptr { + // Repeated opaque message fields are *[]*T. + ft = ft.Elem() + } + if ft.Kind() == reflect.Slice { vi.mi = getMessageInfo(ft.Elem()) } case protoreflect.GroupKind: vi.typ = validationTypeGroup + + if ft.Kind() == reflect.Ptr { + // Repeated opaque message fields are *[]*T. + ft = ft.Elem() + } + if ft.Kind() == reflect.Slice { vi.mi = getMessageInfo(ft.Elem()) } diff --git a/vendor/google.golang.org/protobuf/internal/protolazy/bufferreader.go b/vendor/google.golang.org/protobuf/internal/protolazy/bufferreader.go new file mode 100644 index 00000000000..82e5cab4aad --- /dev/null +++ b/vendor/google.golang.org/protobuf/internal/protolazy/bufferreader.go @@ -0,0 +1,364 @@ +// Copyright 2024 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Helper code for parsing a protocol buffer + +package protolazy + +import ( + "errors" + "fmt" + "io" + + "google.golang.org/protobuf/encoding/protowire" +) + +// BufferReader is a structure encapsulating a protobuf and a current position +type BufferReader struct { + Buf []byte + Pos int +} + +// NewBufferReader creates a new BufferRead from a protobuf +func NewBufferReader(buf []byte) BufferReader { + return BufferReader{Buf: buf, Pos: 0} +} + +var errOutOfBounds = errors.New("protobuf decoding: out of bounds") +var errOverflow = errors.New("proto: integer overflow") + +func (b *BufferReader) DecodeVarintSlow() (x uint64, err error) { + i := b.Pos + l := len(b.Buf) + + for shift := uint(0); shift < 64; shift += 7 { + if i >= l { + err = io.ErrUnexpectedEOF + return + } + v := b.Buf[i] + i++ + x |= (uint64(v) & 0x7F) << shift + if v < 0x80 { + b.Pos = i + return + } + } + + // The number is too large to represent in a 64-bit value. + err = errOverflow + return +} + +// decodeVarint decodes a varint at the current position +func (b *BufferReader) DecodeVarint() (x uint64, err error) { + i := b.Pos + buf := b.Buf + + if i >= len(buf) { + return 0, io.ErrUnexpectedEOF + } else if buf[i] < 0x80 { + b.Pos++ + return uint64(buf[i]), nil + } else if len(buf)-i < 10 { + return b.DecodeVarintSlow() + } + + var v uint64 + // we already checked the first byte + x = uint64(buf[i]) & 127 + i++ + + v = uint64(buf[i]) + i++ + x |= (v & 127) << 7 + if v < 128 { + goto done + } + + v = uint64(buf[i]) + i++ + x |= (v & 127) << 14 + if v < 128 { + goto done + } + + v = uint64(buf[i]) + i++ + x |= (v & 127) << 21 + if v < 128 { + goto done + } + + v = uint64(buf[i]) + i++ + x |= (v & 127) << 28 + if v < 128 { + goto done + } + + v = uint64(buf[i]) + i++ + x |= (v & 127) << 35 + if v < 128 { + goto done + } + + v = uint64(buf[i]) + i++ + x |= (v & 127) << 42 + if v < 128 { + goto done + } + + v = uint64(buf[i]) + i++ + x |= (v & 127) << 49 + if v < 128 { + goto done + } + + v = uint64(buf[i]) + i++ + x |= (v & 127) << 56 + if v < 128 { + goto done + } + + v = uint64(buf[i]) + i++ + x |= (v & 127) << 63 + if v < 128 { + goto done + } + + return 0, errOverflow + +done: + b.Pos = i + return +} + +// decodeVarint32 decodes a varint32 at the current position +func (b *BufferReader) DecodeVarint32() (x uint32, err error) { + i := b.Pos + buf := b.Buf + + if i >= len(buf) { + return 0, io.ErrUnexpectedEOF + } else if buf[i] < 0x80 { + b.Pos++ + return uint32(buf[i]), nil + } else if len(buf)-i < 5 { + v, err := b.DecodeVarintSlow() + return uint32(v), err + } + + var v uint32 + // we already checked the first byte + x = uint32(buf[i]) & 127 + i++ + + v = uint32(buf[i]) + i++ + x |= (v & 127) << 7 + if v < 128 { + goto done + } + + v = uint32(buf[i]) + i++ + x |= (v & 127) << 14 + if v < 128 { + goto done + } + + v = uint32(buf[i]) + i++ + x |= (v & 127) << 21 + if v < 128 { + goto done + } + + v = uint32(buf[i]) + i++ + x |= (v & 127) << 28 + if v < 128 { + goto done + } + + return 0, errOverflow + +done: + b.Pos = i + return +} + +// skipValue skips a value in the protobuf, based on the specified tag +func (b *BufferReader) SkipValue(tag uint32) (err error) { + wireType := tag & 0x7 + switch protowire.Type(wireType) { + case protowire.VarintType: + err = b.SkipVarint() + case protowire.Fixed64Type: + err = b.SkipFixed64() + case protowire.BytesType: + var n uint32 + n, err = b.DecodeVarint32() + if err == nil { + err = b.Skip(int(n)) + } + case protowire.StartGroupType: + err = b.SkipGroup(tag) + case protowire.Fixed32Type: + err = b.SkipFixed32() + default: + err = fmt.Errorf("Unexpected wire type (%d)", wireType) + } + return +} + +// skipGroup skips a group with the specified tag. It executes efficiently using a tag stack +func (b *BufferReader) SkipGroup(tag uint32) (err error) { + tagStack := make([]uint32, 0, 16) + tagStack = append(tagStack, tag) + var n uint32 + for len(tagStack) > 0 { + tag, err = b.DecodeVarint32() + if err != nil { + return err + } + switch protowire.Type(tag & 0x7) { + case protowire.VarintType: + err = b.SkipVarint() + case protowire.Fixed64Type: + err = b.Skip(8) + case protowire.BytesType: + n, err = b.DecodeVarint32() + if err == nil { + err = b.Skip(int(n)) + } + case protowire.StartGroupType: + tagStack = append(tagStack, tag) + case protowire.Fixed32Type: + err = b.SkipFixed32() + case protowire.EndGroupType: + if protoFieldNumber(tagStack[len(tagStack)-1]) == protoFieldNumber(tag) { + tagStack = tagStack[:len(tagStack)-1] + } else { + err = fmt.Errorf("end group tag %d does not match begin group tag %d at pos %d", + protoFieldNumber(tag), protoFieldNumber(tagStack[len(tagStack)-1]), b.Pos) + } + } + if err != nil { + return err + } + } + return nil +} + +// skipVarint effiently skips a varint +func (b *BufferReader) SkipVarint() (err error) { + i := b.Pos + + if len(b.Buf)-i < 10 { + // Use DecodeVarintSlow() to check for buffer overflow, but ignore result + if _, err := b.DecodeVarintSlow(); err != nil { + return err + } + return nil + } + + if b.Buf[i] < 0x80 { + goto out + } + i++ + + if b.Buf[i] < 0x80 { + goto out + } + i++ + + if b.Buf[i] < 0x80 { + goto out + } + i++ + + if b.Buf[i] < 0x80 { + goto out + } + i++ + + if b.Buf[i] < 0x80 { + goto out + } + i++ + + if b.Buf[i] < 0x80 { + goto out + } + i++ + + if b.Buf[i] < 0x80 { + goto out + } + i++ + + if b.Buf[i] < 0x80 { + goto out + } + i++ + + if b.Buf[i] < 0x80 { + goto out + } + i++ + + if b.Buf[i] < 0x80 { + goto out + } + return errOverflow + +out: + b.Pos = i + 1 + return nil +} + +// skip skips the specified number of bytes +func (b *BufferReader) Skip(n int) (err error) { + if len(b.Buf) < b.Pos+n { + return io.ErrUnexpectedEOF + } + b.Pos += n + return +} + +// skipFixed64 skips a fixed64 +func (b *BufferReader) SkipFixed64() (err error) { + return b.Skip(8) +} + +// skipFixed32 skips a fixed32 +func (b *BufferReader) SkipFixed32() (err error) { + return b.Skip(4) +} + +// skipBytes skips a set of bytes +func (b *BufferReader) SkipBytes() (err error) { + n, err := b.DecodeVarint32() + if err != nil { + return err + } + return b.Skip(int(n)) +} + +// Done returns whether we are at the end of the protobuf +func (b *BufferReader) Done() bool { + return b.Pos == len(b.Buf) +} + +// Remaining returns how many bytes remain +func (b *BufferReader) Remaining() int { + return len(b.Buf) - b.Pos +} diff --git a/vendor/google.golang.org/protobuf/internal/protolazy/lazy.go b/vendor/google.golang.org/protobuf/internal/protolazy/lazy.go new file mode 100644 index 00000000000..ff4d4834bbc --- /dev/null +++ b/vendor/google.golang.org/protobuf/internal/protolazy/lazy.go @@ -0,0 +1,359 @@ +// Copyright 2024 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Package protolazy contains internal data structures for lazy message decoding. +package protolazy + +import ( + "fmt" + "sort" + + "google.golang.org/protobuf/encoding/protowire" + piface "google.golang.org/protobuf/runtime/protoiface" +) + +// IndexEntry is the structure for an index of the fields in a message of a +// proto (not descending to sub-messages) +type IndexEntry struct { + FieldNum uint32 + // first byte of this tag/field + Start uint32 + // first byte after a contiguous sequence of bytes for this tag/field, which could + // include a single encoding of the field, or multiple encodings for the field + End uint32 + // True if this protobuf segment includes multiple encodings of the field + MultipleContiguous bool +} + +// XXX_lazyUnmarshalInfo has information about a particular lazily decoded message +// +// Deprecated: Do not use. This will be deleted in the near future. +type XXX_lazyUnmarshalInfo struct { + // Index of fields and their positions in the protobuf for this + // message. Make index be a pointer to a slice so it can be updated + // atomically. The index pointer is only set once (lazily when/if + // the index is first needed), and must always be SET and LOADED + // ATOMICALLY. + index *[]IndexEntry + // The protobuf associated with this lazily decoded message. It is + // only set during proto.Unmarshal(). It doesn't need to be set and + // loaded atomically, since any simultaneous set (Unmarshal) and read + // (during a get) would already be a race in the app code. + Protobuf []byte + // The flags present when Unmarshal was originally called for this particular message + unmarshalFlags piface.UnmarshalInputFlags +} + +// The Buffer and SetBuffer methods let v2/internal/impl interact with +// XXX_lazyUnmarshalInfo via an interface, to avoid an import cycle. + +// Buffer returns the lazy unmarshal buffer. +// +// Deprecated: Do not use. This will be deleted in the near future. +func (lazy *XXX_lazyUnmarshalInfo) Buffer() []byte { + return lazy.Protobuf +} + +// SetBuffer sets the lazy unmarshal buffer. +// +// Deprecated: Do not use. This will be deleted in the near future. +func (lazy *XXX_lazyUnmarshalInfo) SetBuffer(b []byte) { + lazy.Protobuf = b +} + +// SetUnmarshalFlags is called to set a copy of the original unmarshalInputFlags. +// The flags should reflect how Unmarshal was called. +func (lazy *XXX_lazyUnmarshalInfo) SetUnmarshalFlags(f piface.UnmarshalInputFlags) { + lazy.unmarshalFlags = f +} + +// UnmarshalFlags returns the original unmarshalInputFlags. +func (lazy *XXX_lazyUnmarshalInfo) UnmarshalFlags() piface.UnmarshalInputFlags { + return lazy.unmarshalFlags +} + +// AllowedPartial returns true if the user originally unmarshalled this message with +// AllowPartial set to true +func (lazy *XXX_lazyUnmarshalInfo) AllowedPartial() bool { + return (lazy.unmarshalFlags & piface.UnmarshalCheckRequired) == 0 +} + +func protoFieldNumber(tag uint32) uint32 { + return tag >> 3 +} + +// buildIndex builds an index of the specified protobuf, return the index +// array and an error. +func buildIndex(buf []byte) ([]IndexEntry, error) { + index := make([]IndexEntry, 0, 16) + var lastProtoFieldNum uint32 + var outOfOrder bool + + var r BufferReader = NewBufferReader(buf) + + for !r.Done() { + var tag uint32 + var err error + var curPos = r.Pos + // INLINED: tag, err = r.DecodeVarint32() + { + i := r.Pos + buf := r.Buf + + if i >= len(buf) { + return nil, errOutOfBounds + } else if buf[i] < 0x80 { + r.Pos++ + tag = uint32(buf[i]) + } else if r.Remaining() < 5 { + var v uint64 + v, err = r.DecodeVarintSlow() + tag = uint32(v) + } else { + var v uint32 + // we already checked the first byte + tag = uint32(buf[i]) & 127 + i++ + + v = uint32(buf[i]) + i++ + tag |= (v & 127) << 7 + if v < 128 { + goto done + } + + v = uint32(buf[i]) + i++ + tag |= (v & 127) << 14 + if v < 128 { + goto done + } + + v = uint32(buf[i]) + i++ + tag |= (v & 127) << 21 + if v < 128 { + goto done + } + + v = uint32(buf[i]) + i++ + tag |= (v & 127) << 28 + if v < 128 { + goto done + } + + return nil, errOutOfBounds + + done: + r.Pos = i + } + } + // DONE: tag, err = r.DecodeVarint32() + + fieldNum := protoFieldNumber(tag) + if fieldNum < lastProtoFieldNum { + outOfOrder = true + } + + // Skip the current value -- will skip over an entire group as well. + // INLINED: err = r.SkipValue(tag) + wireType := tag & 0x7 + switch protowire.Type(wireType) { + case protowire.VarintType: + // INLINED: err = r.SkipVarint() + i := r.Pos + + if len(r.Buf)-i < 10 { + // Use DecodeVarintSlow() to skip while + // checking for buffer overflow, but ignore result + _, err = r.DecodeVarintSlow() + goto out2 + } + if r.Buf[i] < 0x80 { + goto out + } + i++ + + if r.Buf[i] < 0x80 { + goto out + } + i++ + + if r.Buf[i] < 0x80 { + goto out + } + i++ + + if r.Buf[i] < 0x80 { + goto out + } + i++ + + if r.Buf[i] < 0x80 { + goto out + } + i++ + + if r.Buf[i] < 0x80 { + goto out + } + i++ + + if r.Buf[i] < 0x80 { + goto out + } + i++ + + if r.Buf[i] < 0x80 { + goto out + } + i++ + + if r.Buf[i] < 0x80 { + goto out + } + i++ + + if r.Buf[i] < 0x80 { + goto out + } + return nil, errOverflow + out: + r.Pos = i + 1 + // DONE: err = r.SkipVarint() + case protowire.Fixed64Type: + err = r.SkipFixed64() + case protowire.BytesType: + var n uint32 + n, err = r.DecodeVarint32() + if err == nil { + err = r.Skip(int(n)) + } + case protowire.StartGroupType: + err = r.SkipGroup(tag) + case protowire.Fixed32Type: + err = r.SkipFixed32() + default: + err = fmt.Errorf("Unexpected wire type (%d)", wireType) + } + // DONE: err = r.SkipValue(tag) + + out2: + if err != nil { + return nil, err + } + if fieldNum != lastProtoFieldNum { + index = append(index, IndexEntry{FieldNum: fieldNum, + Start: uint32(curPos), + End: uint32(r.Pos)}, + ) + } else { + index[len(index)-1].End = uint32(r.Pos) + index[len(index)-1].MultipleContiguous = true + } + lastProtoFieldNum = fieldNum + } + if outOfOrder { + sort.Slice(index, func(i, j int) bool { + return index[i].FieldNum < index[j].FieldNum || + (index[i].FieldNum == index[j].FieldNum && + index[i].Start < index[j].Start) + }) + } + return index, nil +} + +func (lazy *XXX_lazyUnmarshalInfo) SizeField(num uint32) (size int) { + start, end, found, _, multipleEntries := lazy.FindFieldInProto(num) + if multipleEntries != nil { + for _, entry := range multipleEntries { + size += int(entry.End - entry.Start) + } + return size + } + if !found { + return 0 + } + return int(end - start) +} + +func (lazy *XXX_lazyUnmarshalInfo) AppendField(b []byte, num uint32) ([]byte, bool) { + start, end, found, _, multipleEntries := lazy.FindFieldInProto(num) + if multipleEntries != nil { + for _, entry := range multipleEntries { + b = append(b, lazy.Protobuf[entry.Start:entry.End]...) + } + return b, true + } + if !found { + return nil, false + } + b = append(b, lazy.Protobuf[start:end]...) + return b, true +} + +func (lazy *XXX_lazyUnmarshalInfo) SetIndex(index []IndexEntry) { + atomicStoreIndex(&lazy.index, &index) +} + +// FindFieldInProto looks for field fieldNum in lazyUnmarshalInfo information +// (including protobuf), returns startOffset/endOffset/found. +func (lazy *XXX_lazyUnmarshalInfo) FindFieldInProto(fieldNum uint32) (start, end uint32, found, multipleContiguous bool, multipleEntries []IndexEntry) { + if lazy.Protobuf == nil { + // There is no backing protobuf for this message -- it was made from a builder + return 0, 0, false, false, nil + } + index := atomicLoadIndex(&lazy.index) + if index == nil { + r, err := buildIndex(lazy.Protobuf) + if err != nil { + panic(fmt.Sprintf("findFieldInfo: error building index when looking for field %d: %v", fieldNum, err)) + } + // lazy.index is a pointer to the slice returned by BuildIndex + index = &r + atomicStoreIndex(&lazy.index, index) + } + return lookupField(index, fieldNum) +} + +// lookupField returns the offset at which the indicated field starts using +// the index, offset immediately after field ends (including all instances of +// a repeated field), and bools indicating if field was found and if there +// are multiple encodings of the field in the byte range. +// +// To hande the uncommon case where there are repeated encodings for the same +// field which are not consecutive in the protobuf (so we need to returns +// multiple start/end offsets), we also return a slice multipleEntries. If +// multipleEntries is non-nil, then multiple entries were found, and the +// values in the slice should be used, rather than start/end/found. +func lookupField(indexp *[]IndexEntry, fieldNum uint32) (start, end uint32, found bool, multipleContiguous bool, multipleEntries []IndexEntry) { + // The pointer indexp to the index was already loaded atomically. + // The slice is uniquely associated with the pointer, so it doesn't + // need to be loaded atomically. + index := *indexp + for i, entry := range index { + if fieldNum == entry.FieldNum { + if i < len(index)-1 && entry.FieldNum == index[i+1].FieldNum { + // Handle the uncommon case where there are + // repeated entries for the same field which + // are not contiguous in the protobuf. + multiple := make([]IndexEntry, 1, 2) + multiple[0] = IndexEntry{fieldNum, entry.Start, entry.End, entry.MultipleContiguous} + i++ + for i < len(index) && index[i].FieldNum == fieldNum { + multiple = append(multiple, IndexEntry{fieldNum, index[i].Start, index[i].End, index[i].MultipleContiguous}) + i++ + } + return 0, 0, false, false, multiple + + } + return entry.Start, entry.End, true, entry.MultipleContiguous, nil + } + if fieldNum < entry.FieldNum { + return 0, 0, false, false, nil + } + } + return 0, 0, false, false, nil +} diff --git a/vendor/google.golang.org/protobuf/internal/protolazy/pointer_unsafe.go b/vendor/google.golang.org/protobuf/internal/protolazy/pointer_unsafe.go new file mode 100644 index 00000000000..dc2a64ca643 --- /dev/null +++ b/vendor/google.golang.org/protobuf/internal/protolazy/pointer_unsafe.go @@ -0,0 +1,17 @@ +// Copyright 2024 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package protolazy + +import ( + "sync/atomic" + "unsafe" +) + +func atomicLoadIndex(p **[]IndexEntry) *[]IndexEntry { + return (*[]IndexEntry)(atomic.LoadPointer((*unsafe.Pointer)(unsafe.Pointer(p)))) +} +func atomicStoreIndex(p **[]IndexEntry, v *[]IndexEntry) { + atomic.StorePointer((*unsafe.Pointer)(unsafe.Pointer(p)), unsafe.Pointer(v)) +} diff --git a/vendor/google.golang.org/protobuf/internal/version/version.go b/vendor/google.golang.org/protobuf/internal/version/version.go index 62a52a40a31..e27eaefcf3a 100644 --- a/vendor/google.golang.org/protobuf/internal/version/version.go +++ b/vendor/google.golang.org/protobuf/internal/version/version.go @@ -51,8 +51,8 @@ import ( // 10. Send out the CL for review and submit it. const ( Major = 1 - Minor = 35 - Patch = 2 + Minor = 36 + Patch = 0 PreRelease = "" ) diff --git a/vendor/google.golang.org/protobuf/proto/decode.go b/vendor/google.golang.org/protobuf/proto/decode.go index d75a6534c1b..a3b5e142d24 100644 --- a/vendor/google.golang.org/protobuf/proto/decode.go +++ b/vendor/google.golang.org/protobuf/proto/decode.go @@ -47,6 +47,12 @@ type UnmarshalOptions struct { // RecursionLimit limits how deeply messages may be nested. // If zero, a default limit is applied. RecursionLimit int + + // + // NoLazyDecoding turns off lazy decoding, which otherwise is enabled by + // default. Lazy decoding only affects submessages (annotated with [lazy = + // true] in the .proto file) within messages that use the Opaque API. + NoLazyDecoding bool } // Unmarshal parses the wire-format message in b and places the result in m. @@ -104,6 +110,16 @@ func (o UnmarshalOptions) unmarshal(b []byte, m protoreflect.Message) (out proto if o.DiscardUnknown { in.Flags |= protoiface.UnmarshalDiscardUnknown } + + if !allowPartial { + // This does not affect how current unmarshal functions work, it just allows them + // to record this for lazy the decoding case. + in.Flags |= protoiface.UnmarshalCheckRequired + } + if o.NoLazyDecoding { + in.Flags |= protoiface.UnmarshalNoLazyDecoding + } + out, err = methods.Unmarshal(in) } else { o.RecursionLimit-- diff --git a/vendor/google.golang.org/protobuf/proto/encode.go b/vendor/google.golang.org/protobuf/proto/encode.go index 1f847bcc358..f0473c5869a 100644 --- a/vendor/google.golang.org/protobuf/proto/encode.go +++ b/vendor/google.golang.org/protobuf/proto/encode.go @@ -63,7 +63,8 @@ type MarshalOptions struct { // options (except for UseCachedSize itself). // // 2. The message and all its submessages have not changed in any - // way since the Size call. + // way since the Size call. For lazily decoded messages, accessing + // a message results in decoding the message, which is a change. // // If either of these invariants is violated, // the results are undefined and may include panics or corrupted output. diff --git a/vendor/google.golang.org/protobuf/proto/size.go b/vendor/google.golang.org/protobuf/proto/size.go index 052fb5ae313..c8675806c65 100644 --- a/vendor/google.golang.org/protobuf/proto/size.go +++ b/vendor/google.golang.org/protobuf/proto/size.go @@ -12,11 +12,19 @@ import ( ) // Size returns the size in bytes of the wire-format encoding of m. +// +// Note that Size might return more bytes than Marshal will write in the case of +// lazily decoded messages that arrive in non-minimal wire format: see +// https://protobuf.dev/reference/go/size/ for more details. func Size(m Message) int { return MarshalOptions{}.Size(m) } // Size returns the size in bytes of the wire-format encoding of m. +// +// Note that Size might return more bytes than Marshal will write in the case of +// lazily decoded messages that arrive in non-minimal wire format: see +// https://protobuf.dev/reference/go/size/ for more details. func (o MarshalOptions) Size(m Message) int { // Treat a nil message interface as an empty message; nothing to output. if m == nil { diff --git a/vendor/google.golang.org/protobuf/proto/wrapperopaque.go b/vendor/google.golang.org/protobuf/proto/wrapperopaque.go new file mode 100644 index 00000000000..267fd0f1f62 --- /dev/null +++ b/vendor/google.golang.org/protobuf/proto/wrapperopaque.go @@ -0,0 +1,80 @@ +// Copyright 2024 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package proto + +// ValueOrNil returns nil if has is false, or a pointer to a new variable +// containing the value returned by the specified getter. +// +// This function is similar to the wrappers (proto.Int32(), proto.String(), +// etc.), but is generic (works for any field type) and works with the hasser +// and getter of a field, as opposed to a value. +// +// This is convenient when populating builder fields. +// +// Example: +// +// hop := attr.GetDirectHop() +// injectedRoute := ripb.InjectedRoute_builder{ +// Prefixes: route.GetPrefixes(), +// NextHop: proto.ValueOrNil(hop.HasAddress(), hop.GetAddress), +// } +func ValueOrNil[T any](has bool, getter func() T) *T { + if !has { + return nil + } + v := getter() + return &v +} + +// ValueOrDefault returns the protobuf message val if val is not nil, otherwise +// it returns a pointer to an empty val message. +// +// This function allows for translating code from the old Open Struct API to the +// new Opaque API. +// +// The old Open Struct API represented oneof fields with a wrapper struct: +// +// var signedImg *accountpb.SignedImage +// profile := &accountpb.Profile{ +// // The Avatar oneof will be set, with an empty SignedImage. +// Avatar: &accountpb.Profile_SignedImage{signedImg}, +// } +// +// The new Opaque API treats oneof fields like regular fields, there are no more +// wrapper structs: +// +// var signedImg *accountpb.SignedImage +// profile := &accountpb.Profile{} +// profile.SetSignedImage(signedImg) +// +// For convenience, the Opaque API also offers Builders, which allow for a +// direct translation of struct initialization. However, because Builders use +// nilness to represent field presence (but there is no non-nil wrapper struct +// anymore), Builders cannot distinguish between an unset oneof and a set oneof +// with nil message. The above code would need to be translated with help of the +// ValueOrDefault function to retain the same behavior: +// +// var signedImg *accountpb.SignedImage +// return &accountpb.Profile_builder{ +// SignedImage: proto.ValueOrDefault(signedImg), +// }.Build() +func ValueOrDefault[T interface { + *P + Message +}, P any](val T) T { + if val == nil { + return T(new(P)) + } + return val +} + +// ValueOrDefaultBytes is like ValueOrDefault but for working with fields of +// type []byte. +func ValueOrDefaultBytes(val []byte) []byte { + if val == nil { + return []byte{} + } + return val +} diff --git a/vendor/google.golang.org/protobuf/reflect/protoreflect/value.go b/vendor/google.golang.org/protobuf/reflect/protoreflect/value.go index a7b0d06ff32..a4b78acef68 100644 --- a/vendor/google.golang.org/protobuf/reflect/protoreflect/value.go +++ b/vendor/google.golang.org/protobuf/reflect/protoreflect/value.go @@ -152,7 +152,7 @@ type Message interface { // This method may return nil. // // The returned methods type is identical to - // google.golang.org/protobuf/runtime/protoiface.Methods. + // [google.golang.org/protobuf/runtime/protoiface.Methods]. // Consult the protoiface package documentation for details. ProtoMethods() *methods } diff --git a/vendor/google.golang.org/protobuf/runtime/protoiface/methods.go b/vendor/google.golang.org/protobuf/runtime/protoiface/methods.go index 246156561ce..28e9e9f0397 100644 --- a/vendor/google.golang.org/protobuf/runtime/protoiface/methods.go +++ b/vendor/google.golang.org/protobuf/runtime/protoiface/methods.go @@ -122,6 +122,22 @@ type UnmarshalInputFlags = uint8 const ( UnmarshalDiscardUnknown UnmarshalInputFlags = 1 << iota + + // UnmarshalAliasBuffer permits unmarshal operations to alias the input buffer. + // The unmarshaller must not modify the contents of the buffer. + UnmarshalAliasBuffer + + // UnmarshalValidated indicates that validation has already been + // performed on the input buffer. + UnmarshalValidated + + // UnmarshalCheckRequired is set if this unmarshal operation ultimately will care if required fields are + // initialized. + UnmarshalCheckRequired + + // UnmarshalNoLazyDecoding is set if this unmarshal operation should not use + // lazy decoding, even when otherwise available. + UnmarshalNoLazyDecoding ) // UnmarshalOutputFlags are output from the Unmarshal method. diff --git a/vendor/google.golang.org/protobuf/runtime/protoimpl/impl.go b/vendor/google.golang.org/protobuf/runtime/protoimpl/impl.go index 4a1ab7fb3de..93df1b569bb 100644 --- a/vendor/google.golang.org/protobuf/runtime/protoimpl/impl.go +++ b/vendor/google.golang.org/protobuf/runtime/protoimpl/impl.go @@ -15,6 +15,7 @@ import ( "google.golang.org/protobuf/internal/filedesc" "google.golang.org/protobuf/internal/filetype" "google.golang.org/protobuf/internal/impl" + "google.golang.org/protobuf/internal/protolazy" ) // UnsafeEnabled specifies whether package unsafe can be used. @@ -39,6 +40,9 @@ type ( ExtensionFieldV1 = impl.ExtensionField Pointer = impl.Pointer + + LazyUnmarshalInfo = *protolazy.XXX_lazyUnmarshalInfo + RaceDetectHookData = impl.RaceDetectHookData ) var X impl.Export diff --git a/vendor/modules.txt b/vendor/modules.txt index 5da6a81157b..a89554d2ddc 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -88,7 +88,7 @@ golang.org/x/net/bpf ## explicit; go 1.18 golang.org/x/sys/unix golang.org/x/sys/windows -# google.golang.org/protobuf v1.35.2 +# google.golang.org/protobuf v1.36.0 ## explicit; go 1.21 google.golang.org/protobuf/encoding/prototext google.golang.org/protobuf/encoding/protowire @@ -108,6 +108,7 @@ google.golang.org/protobuf/internal/genid google.golang.org/protobuf/internal/impl google.golang.org/protobuf/internal/order google.golang.org/protobuf/internal/pragma +google.golang.org/protobuf/internal/protolazy google.golang.org/protobuf/internal/set google.golang.org/protobuf/internal/strs google.golang.org/protobuf/internal/version From e845f4be86d11660a1c0d31f7b5eeb187340efaa Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 17 Dec 2024 22:50:44 -0800 Subject: [PATCH 0751/1176] ci: bump golangci-lint to v1.62 Signed-off-by: Kir Kolyshkin --- .github/workflows/validate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 3b565f05215..a64bc679881 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -40,7 +40,7 @@ jobs: sudo apt -qy install libseccomp-dev - uses: golangci/golangci-lint-action@v6 with: - version: v1.60 + version: v1.62 # Extra linters, only checking new code from a pull request. - name: lint-extra if: github.event_name == 'pull_request' From 9468986a49e6d753fe95ae89ec8873f7f274941d Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 17 Dec 2024 22:51:21 -0800 Subject: [PATCH 0752/1176] ci: use a specific ubuntu version GHA shows a warning telling that "ubuntu-latest" is going to be switched to ubuntu-24.04 soon. Let's specify the version explicitly (and switch to 24.04 for this job ahead of github). Signed-off-by: Kir Kolyshkin --- .github/workflows/validate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index a64bc679881..dad27d5b574 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -127,7 +127,7 @@ jobs: run : ./script/check-config.sh space-at-eol: - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v4 - run: rm -fr vendor From 21c0968bf1f14bb976377445c36077b88be590eb Mon Sep 17 00:00:00 2001 From: Adam Korczynski Date: Wed, 18 Dec 2024 16:48:05 +0000 Subject: [PATCH 0753/1176] remove broken fuzzer from oss-fuzz build script Signed-off-by: Adam Korczynski --- tests/fuzzing/oss_fuzz_build.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/fuzzing/oss_fuzz_build.sh b/tests/fuzzing/oss_fuzz_build.sh index 5da59e7981e..74b608da6ee 100755 --- a/tests/fuzzing/oss_fuzz_build.sh +++ b/tests/fuzzing/oss_fuzz_build.sh @@ -8,6 +8,5 @@ # OSS-fuzz environment. # More info about compile_go_fuzzer() can be found here: # https://google.github.io/oss-fuzz/getting-started/new-project-guide/go-lang/#buildsh -compile_go_fuzzer github.com/opencontainers/runc/libcontainer/userns FuzzUIDMap id_map_fuzzer linux,gofuzz compile_go_fuzzer github.com/opencontainers/runc/libcontainer/user FuzzUser user_fuzzer compile_go_fuzzer github.com/opencontainers/runc/libcontainer/configs FuzzUnmarshalJSON configs_fuzzer From af929228bbe244d1c8f2ec706668468b4fb8c9a8 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Tue, 17 Dec 2024 15:07:32 +1100 Subject: [PATCH 0754/1176] RELEASES: add formal release policy for runc Historically, our release cadence and support policy has been quite ad-hoc, which has caused some strife and is not really becoming of a project as widely used as ours. So, in an attempt to make our releases more regular and to provide more guidance on our backport policy, add a document outlining our policy. Signed-off-by: Aleksa Sarai --- RELEASES.md | 110 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 110 insertions(+) create mode 100644 RELEASES.md diff --git a/RELEASES.md b/RELEASES.md new file mode 100644 index 00000000000..663df1d9be2 --- /dev/null +++ b/RELEASES.md @@ -0,0 +1,110 @@ +## Release Cadence and Support Policy ## + +This document describes the release cadence for runc as well as outlining the +support policy for old release branches. Historically, despite runc being the +most widely used Linux container runtime, our release schedule has been very +ad-hoc and has resulted in very long periods of time between minor releases, +causing issues for downstreams that wanted particular features. + +### Semantic Versioning ### + +runc uses [Semantic Versioning][semver] for releases. However, our +compatibility policy only applies to the runc binary. We will make a +best-effort attempt to reduce the impact to users that make direct use of the +Go packages prefixed with `github.com/opencontainers/runc`, but we do not +formally guarantee that API compatibility will be preserved. + +[semver]: https://semver.org/spec/v2.0.0.html + +### Release Cadence ### + +> **NOTE**: At time of writing, this proposal is still a draft as we have not +> yet done several releases using this cadence. If you have feedback on this +> proposal (such as how well this proposal addresses your needs as a downstream +> packager of runc), please feel free to [open an issue][new-issue] so we can +> discuss it further. However, the current plan is for this proposal to be +> followed for the `1.3.0` and `1.4.0` releases in 2025. + +[new-issue]: https://github.com/opencontainers/runc/issues/new/choose + +runc follows a 6-month minor version release schedule, with the aim of releases +happening at the end of April and October each year. + +The first release candidate will be created 2 months before the planned release +date (i.e. the end of February and August, respectively), at which point the +release branch will be created and will enter a feature freeze. No new features +will be merged into the release branch, and large features being developed +immediately before the feature freeze may have their merge delayed so as to not +be included in the next release. Most releases will have two or three release +candidates, but this may change depending on the circumstances of the release +at the time. + +If a last-minute critical issue is discovered, the release may be delayed. +However, the following release will still go according to schedule (except in +the exceptionally unlikely scenario where the delay is 4-6 months long, in +which case the next release is moved forward to when the subsequent release +would have been). + +Here is a hypothetical release timeline to see how this works in practice: + +| Date | Release | Notes | +| ---------- | ------------ | ----- | +| 200X-02-28 | `1.3.0-rc.1` | `release-1.3` branch created, feature freeze. | +| 200X-03-12 | `1.3.0-rc.2` | | +| 200X-03-25 | `1.3.0-rc.3` | | +| 200X-04-30 | `1.3.0` | `1.3` release published. | +| 200X-05-10 | `1.3.1` | | +| 200X-06-21 | `1.3.2` | | +| 200X-06-25 | `1.3.3` | | +| 200X-07-02 | `1.3.4` | | +| 200X-08-28 | `1.4.0-rc.1` | `release-1.4` branch created, feature freeze. | +| 200X-09-15 | `1.3.5` | Patch releases in other release branches have no impact on the new release branch. | +| 200X-09-21 | `1.4.0-rc.2` | | +| 200X-10-31 | `1.4.0` | `1.4` release published. | +| 200X-11-10 | `1.4.1` | | +| 200X-12-25 | `1.4.2` | | + +(And so on for the next year.) + +### Support Policy ### + +> **NOTE**: The following policy provides much longer support guarantees than +> we have historically provided for older runc releases. In order to avoid +> adding new support guarantees for old runc versions we have long-since +> stopped supporting, the following support policy only applies for runc +> releases from `1.2.0` onwards. In other words, runc `1.1.0` and `1.0.0` are +> not guaranteed support by this policy. + +In order to ease the transition between minor runc releases, previous minor +release branches of runc will be maintained for some time after the newest +minor release is published. In the following text, `latest` refers to the +latest minor (non-release-candidate) runc release published; `latest-1` is the +previous minor release branch; and `latest-2` is the minor release branch +before `latest-1`. For example, if `latest` is `1.4.0` then `latest-1` is +`1.3.z` and `latest-2` is `1.2.z`. + + * Once `latest` is released, new features will no longer be merged into + `latest` and only bug and security fixes will be backported, though we will + be fairly liberal with what kinds of bugs will considered candidates for + backporting. + + * `latest-1` will only receive security fixes and significant bug fixes (what + bug fixes are "significant" are down to the maintainer's judgement, but + maintainers should err on the side of reducing the number of backports at + this stage). At this stage, users of `latest-1` are encouraged to start + planning the migration to the `latest` release of runc (as well as reporting + any issues they may find). + + * `latest-2` will only receive high severity security fixes (i.e. CVEs that + have been assessed as having a CVSS score of 7.0 or higher). At this stage, + users still using `latest-2` would be strongly encouraged to upgrade to + either `latest` or `latest-1`. + + * Any older releases will no longer receive any updates, and users are + encouraged to upgrade in the strongest possible terms, as they will not + receive any security fixes regardless of severity or impact. + +This policy only applies to minor releases of runc with major version `1`. If +there is a runc `2.0` release in the future, this document will be updated to +reflect the necessary changes to the support policy for the `1.y` major release +branch of runc. From 71327d7fcd41aa11cbcae2970a986ac05477a43e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 19 Dec 2024 01:42:44 +0000 Subject: [PATCH 0755/1176] build(deps): bump github.com/cyphar/filepath-securejoin Bumps [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) from 0.3.5 to 0.3.6. - [Release notes](https://github.com/cyphar/filepath-securejoin/releases) - [Changelog](https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md) - [Commits](https://github.com/cyphar/filepath-securejoin/compare/v0.3.5...v0.3.6) --- updated-dependencies: - dependency-name: github.com/cyphar/filepath-securejoin dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 +- .../cyphar/filepath-securejoin/CHANGELOG.md | 25 +++- .../cyphar/filepath-securejoin/VERSION | 2 +- .../gocompat_errors_go120.go | 18 +++ .../gocompat_errors_unsupported.go | 38 ++++++ .../gocompat_generics_go121.go | 32 +++++ .../gocompat_generics_unsupported.go | 124 ++++++++++++++++++ .../filepath-securejoin/lookup_linux.go | 3 +- .../cyphar/filepath-securejoin/mkdir_linux.go | 11 +- .../filepath-securejoin/openat2_linux.go | 3 +- .../filepath-securejoin/procfs_linux.go | 30 +++-- vendor/modules.txt | 4 +- 13 files changed, 272 insertions(+), 24 deletions(-) create mode 100644 vendor/github.com/cyphar/filepath-securejoin/gocompat_errors_go120.go create mode 100644 vendor/github.com/cyphar/filepath-securejoin/gocompat_errors_unsupported.go create mode 100644 vendor/github.com/cyphar/filepath-securejoin/gocompat_generics_go121.go create mode 100644 vendor/github.com/cyphar/filepath-securejoin/gocompat_generics_unsupported.go diff --git a/go.mod b/go.mod index 00402718593..5c324dbdd4e 100644 --- a/go.mod +++ b/go.mod @@ -12,7 +12,7 @@ require ( github.com/cilium/ebpf v0.16.0 github.com/containerd/console v1.0.4 github.com/coreos/go-systemd/v22 v22.5.0 - github.com/cyphar/filepath-securejoin v0.3.5 + github.com/cyphar/filepath-securejoin v0.3.6 github.com/docker/go-units v0.5.0 github.com/godbus/dbus/v5 v5.1.0 github.com/moby/sys/capability v0.4.0 diff --git a/go.sum b/go.sum index 4b698ab726b..be93f773c56 100644 --- a/go.sum +++ b/go.sum @@ -10,8 +10,8 @@ github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSV github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/cpuguy83/go-md2man/v2 v2.0.5 h1:ZtcqGrnekaHpVLArFSe4HK5DoKx1T0rq2DwVB0alcyc= github.com/cpuguy83/go-md2man/v2 v2.0.5/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= -github.com/cyphar/filepath-securejoin v0.3.5 h1:L81NHjquoQmcPgXcttUS9qTSR/+bXry6pbSINQGpjj4= -github.com/cyphar/filepath-securejoin v0.3.5/go.mod h1:edhVd3c6OXKjUmSrVa/tGJRS9joFTxlslFCAyaxigkE= +github.com/cyphar/filepath-securejoin v0.3.6 h1:4d9N5ykBnSp5Xn2JkhocYDkOpURL/18CYMpo6xB9uWM= +github.com/cyphar/filepath-securejoin v0.3.6/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= diff --git a/vendor/github.com/cyphar/filepath-securejoin/CHANGELOG.md b/vendor/github.com/cyphar/filepath-securejoin/CHANGELOG.md index 05657248fa3..cb1252b53ee 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/CHANGELOG.md +++ b/vendor/github.com/cyphar/filepath-securejoin/CHANGELOG.md @@ -6,7 +6,29 @@ and this project adheres to [Semantic Versioning](http://semver.org/). ## [Unreleased] ## +## [0.3.6] - 2024-12-17 ## + +### Compatibility ### +- The minimum Go version requirement for `filepath-securejoin` is now Go 1.18 + (we use generics internally). + + For reference, `filepath-securejoin@v0.3.0` somewhat-arbitrarily bumped the + Go version requirement to 1.21. + + While we did make some use of Go 1.21 stdlib features (and in principle Go + versions <= 1.21 are no longer even supported by upstream anymore), some + downstreams have complained that the version bump has meant that they have to + do workarounds when backporting fixes that use the new `filepath-securejoin` + API onto old branches. This is not an ideal situation, but since using this + library is probably better for most downstreams than a hand-rolled + workaround, we now have compatibility shims that allow us to build on older + Go versions. +- Lower minimum version requirement for `golang.org/x/sys` to `v0.18.0` (we + need the wrappers for `fsconfig(2)`), which should also make backporting + patches to older branches easier. + ## [0.3.5] - 2024-12-06 ## + ### Fixed ### - `MkdirAll` will now no longer return an `EEXIST` error if two racing processes are creating the same directory. We will still verify that the path @@ -171,7 +193,8 @@ This is our first release of `github.com/cyphar/filepath-securejoin`, containing a full implementation with a coverage of 93.5% (the only missing cases are the error cases, which are hard to mocktest at the moment). -[Unreleased]: https://github.com/cyphar/filepath-securejoin/compare/v0.3.5...HEAD +[Unreleased]: https://github.com/cyphar/filepath-securejoin/compare/v0.3.6...HEAD +[0.3.6]: https://github.com/cyphar/filepath-securejoin/compare/v0.3.5...v0.3.6 [0.3.5]: https://github.com/cyphar/filepath-securejoin/compare/v0.3.4...v0.3.5 [0.3.4]: https://github.com/cyphar/filepath-securejoin/compare/v0.3.3...v0.3.4 [0.3.3]: https://github.com/cyphar/filepath-securejoin/compare/v0.3.2...v0.3.3 diff --git a/vendor/github.com/cyphar/filepath-securejoin/VERSION b/vendor/github.com/cyphar/filepath-securejoin/VERSION index c2c0004f0e2..449d7e73a96 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/VERSION +++ b/vendor/github.com/cyphar/filepath-securejoin/VERSION @@ -1 +1 @@ -0.3.5 +0.3.6 diff --git a/vendor/github.com/cyphar/filepath-securejoin/gocompat_errors_go120.go b/vendor/github.com/cyphar/filepath-securejoin/gocompat_errors_go120.go new file mode 100644 index 00000000000..42452bbf9b0 --- /dev/null +++ b/vendor/github.com/cyphar/filepath-securejoin/gocompat_errors_go120.go @@ -0,0 +1,18 @@ +//go:build linux && go1.20 + +// Copyright (C) 2024 SUSE LLC. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package securejoin + +import ( + "fmt" +) + +// wrapBaseError is a helper that is equivalent to fmt.Errorf("%w: %w"), except +// that on pre-1.20 Go versions only errors.Is() works properly (errors.Unwrap) +// is only guaranteed to give you baseErr. +func wrapBaseError(baseErr, extraErr error) error { + return fmt.Errorf("%w: %w", extraErr, baseErr) +} diff --git a/vendor/github.com/cyphar/filepath-securejoin/gocompat_errors_unsupported.go b/vendor/github.com/cyphar/filepath-securejoin/gocompat_errors_unsupported.go new file mode 100644 index 00000000000..e7adca3fd12 --- /dev/null +++ b/vendor/github.com/cyphar/filepath-securejoin/gocompat_errors_unsupported.go @@ -0,0 +1,38 @@ +//go:build linux && !go1.20 + +// Copyright (C) 2024 SUSE LLC. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package securejoin + +import ( + "fmt" +) + +type wrappedError struct { + inner error + isError error +} + +func (err wrappedError) Is(target error) bool { + return err.isError == target +} + +func (err wrappedError) Unwrap() error { + return err.inner +} + +func (err wrappedError) Error() string { + return fmt.Sprintf("%v: %v", err.isError, err.inner) +} + +// wrapBaseError is a helper that is equivalent to fmt.Errorf("%w: %w"), except +// that on pre-1.20 Go versions only errors.Is() works properly (errors.Unwrap) +// is only guaranteed to give you baseErr. +func wrapBaseError(baseErr, extraErr error) error { + return wrappedError{ + inner: baseErr, + isError: extraErr, + } +} diff --git a/vendor/github.com/cyphar/filepath-securejoin/gocompat_generics_go121.go b/vendor/github.com/cyphar/filepath-securejoin/gocompat_generics_go121.go new file mode 100644 index 00000000000..ddd6fa9a41c --- /dev/null +++ b/vendor/github.com/cyphar/filepath-securejoin/gocompat_generics_go121.go @@ -0,0 +1,32 @@ +//go:build linux && go1.21 + +// Copyright (C) 2024 SUSE LLC. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package securejoin + +import ( + "slices" + "sync" +) + +func slices_DeleteFunc[S ~[]E, E any](slice S, delFn func(E) bool) S { + return slices.DeleteFunc(slice, delFn) +} + +func slices_Contains[S ~[]E, E comparable](slice S, val E) bool { + return slices.Contains(slice, val) +} + +func slices_Clone[S ~[]E, E any](slice S) S { + return slices.Clone(slice) +} + +func sync_OnceValue[T any](f func() T) func() T { + return sync.OnceValue(f) +} + +func sync_OnceValues[T1, T2 any](f func() (T1, T2)) func() (T1, T2) { + return sync.OnceValues(f) +} diff --git a/vendor/github.com/cyphar/filepath-securejoin/gocompat_generics_unsupported.go b/vendor/github.com/cyphar/filepath-securejoin/gocompat_generics_unsupported.go new file mode 100644 index 00000000000..f1e6fe7e717 --- /dev/null +++ b/vendor/github.com/cyphar/filepath-securejoin/gocompat_generics_unsupported.go @@ -0,0 +1,124 @@ +//go:build linux && !go1.21 + +// Copyright (C) 2024 SUSE LLC. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package securejoin + +import ( + "sync" +) + +// These are very minimal implementations of functions that appear in Go 1.21's +// stdlib, included so that we can build on older Go versions. Most are +// borrowed directly from the stdlib, and a few are modified to be "obviously +// correct" without needing to copy too many other helpers. + +// clearSlice is equivalent to the builtin clear from Go 1.21. +// Copied from the Go 1.24 stdlib implementation. +func clearSlice[S ~[]E, E any](slice S) { + var zero E + for i := range slice { + slice[i] = zero + } +} + +// Copied from the Go 1.24 stdlib implementation. +func slices_IndexFunc[S ~[]E, E any](s S, f func(E) bool) int { + for i := range s { + if f(s[i]) { + return i + } + } + return -1 +} + +// Copied from the Go 1.24 stdlib implementation. +func slices_DeleteFunc[S ~[]E, E any](s S, del func(E) bool) S { + i := slices_IndexFunc(s, del) + if i == -1 { + return s + } + // Don't start copying elements until we find one to delete. + for j := i + 1; j < len(s); j++ { + if v := s[j]; !del(v) { + s[i] = v + i++ + } + } + clearSlice(s[i:]) // zero/nil out the obsolete elements, for GC + return s[:i] +} + +// Similar to the stdlib slices.Contains, except that we don't have +// slices.Index so we need to use slices.IndexFunc for this non-Func helper. +func slices_Contains[S ~[]E, E comparable](s S, v E) bool { + return slices_IndexFunc(s, func(e E) bool { return e == v }) >= 0 +} + +// Copied from the Go 1.24 stdlib implementation. +func slices_Clone[S ~[]E, E any](s S) S { + // Preserve nil in case it matters. + if s == nil { + return nil + } + return append(S([]E{}), s...) +} + +// Copied from the Go 1.24 stdlib implementation. +func sync_OnceValue[T any](f func() T) func() T { + var ( + once sync.Once + valid bool + p any + result T + ) + g := func() { + defer func() { + p = recover() + if !valid { + panic(p) + } + }() + result = f() + f = nil + valid = true + } + return func() T { + once.Do(g) + if !valid { + panic(p) + } + return result + } +} + +// Copied from the Go 1.24 stdlib implementation. +func sync_OnceValues[T1, T2 any](f func() (T1, T2)) func() (T1, T2) { + var ( + once sync.Once + valid bool + p any + r1 T1 + r2 T2 + ) + g := func() { + defer func() { + p = recover() + if !valid { + panic(p) + } + }() + r1, r2 = f() + f = nil + valid = true + } + return func() (T1, T2) { + once.Do(g) + if !valid { + panic(p) + } + return r1, r2 + } +} diff --git a/vendor/github.com/cyphar/filepath-securejoin/lookup_linux.go b/vendor/github.com/cyphar/filepath-securejoin/lookup_linux.go index 290befa1547..be81e498d72 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/lookup_linux.go +++ b/vendor/github.com/cyphar/filepath-securejoin/lookup_linux.go @@ -12,7 +12,6 @@ import ( "os" "path" "path/filepath" - "slices" "strings" "golang.org/x/sys/unix" @@ -113,7 +112,7 @@ func (s *symlinkStack) push(dir *os.File, remainingPath, linkTarget string) erro return nil } // Split the link target and clean up any "" parts. - linkTargetParts := slices.DeleteFunc( + linkTargetParts := slices_DeleteFunc( strings.Split(linkTarget, "/"), func(part string) bool { return part == "" || part == "." }) diff --git a/vendor/github.com/cyphar/filepath-securejoin/mkdir_linux.go b/vendor/github.com/cyphar/filepath-securejoin/mkdir_linux.go index 6dfe8c42b36..5e559bb7a89 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/mkdir_linux.go +++ b/vendor/github.com/cyphar/filepath-securejoin/mkdir_linux.go @@ -11,7 +11,6 @@ import ( "fmt" "os" "path/filepath" - "slices" "strings" "golang.org/x/sys/unix" @@ -93,7 +92,7 @@ func MkdirAllHandle(root *os.File, unsafePath string, mode int) (_ *os.File, Err } remainingParts := strings.Split(remainingPath, string(filepath.Separator)) - if slices.Contains(remainingParts, "..") { + if slices_Contains(remainingParts, "..") { // The path contained ".." components after the end of the "real" // components. We could try to safely resolve ".." here but that would // add a bunch of extra logic for something that it's not clear even @@ -127,8 +126,12 @@ func MkdirAllHandle(root *os.File, unsafePath string, mode int) (_ *os.File, Err if err := unix.Mkdirat(int(currentDir.Fd()), part, uint32(mode)); err != nil && !errors.Is(err, unix.EEXIST) { err = &os.PathError{Op: "mkdirat", Path: currentDir.Name() + "/" + part, Err: err} // Make the error a bit nicer if the directory is dead. - if err2 := isDeadInode(currentDir); err2 != nil { - err = fmt.Errorf("%w (%w)", err, err2) + if deadErr := isDeadInode(currentDir); deadErr != nil { + // TODO: Once we bump the minimum Go version to 1.20, we can use + // multiple %w verbs for this wrapping. For now we need to use a + // compatibility shim for older Go versions. + //err = fmt.Errorf("%w (%w)", err, deadErr) + err = wrapBaseError(err, deadErr) } return nil, err } diff --git a/vendor/github.com/cyphar/filepath-securejoin/openat2_linux.go b/vendor/github.com/cyphar/filepath-securejoin/openat2_linux.go index ae3b381efe6..f7a13e69ce8 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/openat2_linux.go +++ b/vendor/github.com/cyphar/filepath-securejoin/openat2_linux.go @@ -12,12 +12,11 @@ import ( "os" "path/filepath" "strings" - "sync" "golang.org/x/sys/unix" ) -var hasOpenat2 = sync.OnceValue(func() bool { +var hasOpenat2 = sync_OnceValue(func() bool { fd, err := unix.Openat2(unix.AT_FDCWD, ".", &unix.OpenHow{ Flags: unix.O_PATH | unix.O_CLOEXEC, Resolve: unix.RESOLVE_NO_SYMLINKS | unix.RESOLVE_IN_ROOT, diff --git a/vendor/github.com/cyphar/filepath-securejoin/procfs_linux.go b/vendor/github.com/cyphar/filepath-securejoin/procfs_linux.go index 8cc827d7046..809a579cbdb 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/procfs_linux.go +++ b/vendor/github.com/cyphar/filepath-securejoin/procfs_linux.go @@ -12,7 +12,6 @@ import ( "os" "runtime" "strconv" - "sync" "golang.org/x/sys/unix" ) @@ -54,7 +53,7 @@ func verifyProcRoot(procRoot *os.File) error { return nil } -var hasNewMountApi = sync.OnceValue(func() bool { +var hasNewMountApi = sync_OnceValue(func() bool { // All of the pieces of the new mount API we use (fsopen, fsconfig, // fsmount, open_tree) were added together in Linux 5.1[1,2], so we can // just check for one of the syscalls and the others should also be @@ -192,11 +191,11 @@ func doGetProcRoot() (*os.File, error) { return procRoot, err } -var getProcRoot = sync.OnceValues(func() (*os.File, error) { +var getProcRoot = sync_OnceValues(func() (*os.File, error) { return doGetProcRoot() }) -var hasProcThreadSelf = sync.OnceValue(func() bool { +var hasProcThreadSelf = sync_OnceValue(func() bool { return unix.Access("/proc/thread-self/", unix.F_OK) == nil }) @@ -265,12 +264,20 @@ func procThreadSelf(procRoot *os.File, subpath string) (_ *os.File, _ procThread Resolve: unix.RESOLVE_BENEATH | unix.RESOLVE_NO_XDEV | unix.RESOLVE_NO_MAGICLINKS, }) if err != nil { - return nil, nil, fmt.Errorf("%w: %w", errUnsafeProcfs, err) + // TODO: Once we bump the minimum Go version to 1.20, we can use + // multiple %w verbs for this wrapping. For now we need to use a + // compatibility shim for older Go versions. + //err = fmt.Errorf("%w: %w", errUnsafeProcfs, err) + return nil, nil, wrapBaseError(err, errUnsafeProcfs) } } else { handle, err = openatFile(procRoot, threadSelf+subpath, unix.O_PATH|unix.O_NOFOLLOW|unix.O_CLOEXEC, 0) if err != nil { - return nil, nil, fmt.Errorf("%w: %w", errUnsafeProcfs, err) + // TODO: Once we bump the minimum Go version to 1.20, we can use + // multiple %w verbs for this wrapping. For now we need to use a + // compatibility shim for older Go versions. + //err = fmt.Errorf("%w: %w", errUnsafeProcfs, err) + return nil, nil, wrapBaseError(err, errUnsafeProcfs) } defer func() { if Err != nil { @@ -289,12 +296,17 @@ func procThreadSelf(procRoot *os.File, subpath string) (_ *os.File, _ procThread return handle, runtime.UnlockOSThread, nil } -var hasStatxMountId = sync.OnceValue(func() bool { +// STATX_MNT_ID_UNIQUE is provided in golang.org/x/sys@v0.20.0, but in order to +// avoid bumping the requirement for a single constant we can just define it +// ourselves. +const STATX_MNT_ID_UNIQUE = 0x4000 + +var hasStatxMountId = sync_OnceValue(func() bool { var ( stx unix.Statx_t // We don't care which mount ID we get. The kernel will give us the // unique one if it is supported. - wantStxMask uint32 = unix.STATX_MNT_ID_UNIQUE | unix.STATX_MNT_ID + wantStxMask uint32 = STATX_MNT_ID_UNIQUE | unix.STATX_MNT_ID ) err := unix.Statx(-int(unix.EBADF), "/", 0, int(wantStxMask), &stx) return err == nil && stx.Mask&wantStxMask != 0 @@ -310,7 +322,7 @@ func getMountId(dir *os.File, path string) (uint64, error) { stx unix.Statx_t // We don't care which mount ID we get. The kernel will give us the // unique one if it is supported. - wantStxMask uint32 = unix.STATX_MNT_ID_UNIQUE | unix.STATX_MNT_ID + wantStxMask uint32 = STATX_MNT_ID_UNIQUE | unix.STATX_MNT_ID ) err := unix.Statx(int(dir.Fd()), path, unix.AT_EMPTY_PATH|unix.AT_SYMLINK_NOFOLLOW, int(wantStxMask), &stx) diff --git a/vendor/modules.txt b/vendor/modules.txt index a89554d2ddc..3be973d1e49 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -25,8 +25,8 @@ github.com/coreos/go-systemd/v22/dbus # github.com/cpuguy83/go-md2man/v2 v2.0.5 ## explicit; go 1.11 github.com/cpuguy83/go-md2man/v2/md2man -# github.com/cyphar/filepath-securejoin v0.3.5 -## explicit; go 1.21 +# github.com/cyphar/filepath-securejoin v0.3.6 +## explicit; go 1.18 github.com/cyphar/filepath-securejoin # github.com/docker/go-units v0.5.0 ## explicit From c2b11a63532b854f46546be19e84cc0c840bbb75 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 19 Dec 2024 04:09:48 +0000 Subject: [PATCH 0756/1176] build(deps): bump golang.org/x/net from 0.32.0 to 0.33.0 Bumps [golang.org/x/net](https://github.com/golang/net) from 0.32.0 to 0.33.0. - [Commits](https://github.com/golang/net/compare/v0.32.0...v0.33.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- vendor/modules.txt | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index 00402718593..c39fc70bfbf 100644 --- a/go.mod +++ b/go.mod @@ -26,7 +26,7 @@ require ( github.com/sirupsen/logrus v1.9.3 github.com/urfave/cli v1.22.16 github.com/vishvananda/netlink v1.3.0 - golang.org/x/net v0.32.0 + golang.org/x/net v0.33.0 golang.org/x/sys v0.28.0 google.golang.org/protobuf v1.36.0 ) diff --git a/go.sum b/go.sum index 4b698ab726b..49bfa4f32c8 100644 --- a/go.sum +++ b/go.sum @@ -83,8 +83,8 @@ github.com/vishvananda/netns v0.0.4 h1:Oeaw1EM2JMxD51g9uhtC0D7erkIjgmj8+JZc26m1Y github.com/vishvananda/netns v0.0.4/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM= golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2 h1:Jvc7gsqn21cJHCmAWx0LiimpP18LZmUxkT5Mp7EZ1mI= golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= -golang.org/x/net v0.32.0 h1:ZqPmj8Kzc+Y6e0+skZsuACbx+wzMgo5MQsJh9Qd6aYI= -golang.org/x/net v0.32.0/go.mod h1:CwU0IoeOlnQQWJ6ioyFrfRuomB8GKF6KbYXZVyeXNfs= +golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I= +golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= diff --git a/vendor/modules.txt b/vendor/modules.txt index a89554d2ddc..0fd59aaf538 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -81,7 +81,7 @@ github.com/vishvananda/netns # golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2 ## explicit; go 1.18 golang.org/x/exp/constraints -# golang.org/x/net v0.32.0 +# golang.org/x/net v0.33.0 ## explicit; go 1.18 golang.org/x/net/bpf # golang.org/x/sys v0.28.0 From e809db842fa8bf66dd2b6b16a347b6a6a60ab9f5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 20 Dec 2024 00:07:03 +0000 Subject: [PATCH 0757/1176] build(deps): bump github.com/cilium/ebpf from 0.16.0 to 0.17.0 Bumps [github.com/cilium/ebpf](https://github.com/cilium/ebpf) from 0.16.0 to 0.17.0. - [Release notes](https://github.com/cilium/ebpf/releases) - [Commits](https://github.com/cilium/ebpf/compare/v0.16.0...v0.17.0) --- updated-dependencies: - dependency-name: github.com/cilium/ebpf dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 3 +- go.sum | 6 +- vendor/github.com/cilium/ebpf/.golangci.yaml | 6 + vendor/github.com/cilium/ebpf/CODEOWNERS | 2 + vendor/github.com/cilium/ebpf/Makefile | 6 +- vendor/github.com/cilium/ebpf/README.md | 1 + .../github.com/cilium/ebpf/asm/instruction.go | 3 +- vendor/github.com/cilium/ebpf/btf/btf.go | 24 +- .../github.com/cilium/ebpf/btf/btf_types.go | 1 + vendor/github.com/cilium/ebpf/btf/ext_info.go | 150 +++---- vendor/github.com/cilium/ebpf/btf/feature.go | 55 ++- vendor/github.com/cilium/ebpf/btf/format.go | 3 + vendor/github.com/cilium/ebpf/btf/kernel.go | 6 +- vendor/github.com/cilium/ebpf/btf/marshal.go | 83 +++- .../github.com/cilium/ebpf/btf/traversal.go | 48 ++- vendor/github.com/cilium/ebpf/btf/types.go | 138 ++++++- .../github.com/cilium/ebpf/btf/workarounds.go | 2 +- vendor/github.com/cilium/ebpf/collection.go | 253 ++++++++---- vendor/github.com/cilium/ebpf/elf_reader.go | 172 ++++++-- vendor/github.com/cilium/ebpf/info.go | 370 ++++++++++++++++-- .../github.com/cilium/ebpf/internal/errors.go | 6 +- .../cilium/ebpf/internal/feature.go | 55 ++- .../cilium/ebpf/internal/kallsyms/cache.go | 20 + .../cilium/ebpf/internal/kallsyms/kallsyms.go | 291 +++++++++++--- .../cilium/ebpf/internal/kallsyms/reader.go | 118 ++++++ .../cilium/ebpf/internal/kconfig/kconfig.go | 45 +-- .../cilium/ebpf/internal/{ => linux}/auxv.go | 2 +- .../cilium/ebpf/internal/linux/doc.go | 2 + .../cilium/ebpf/internal/linux/kconfig.go | 31 ++ .../ebpf/internal/{ => linux}/platform.go | 2 +- .../ebpf/internal/{ => linux}/statfs.go | 2 +- .../cilium/ebpf/internal/{ => linux}/vdso.go | 9 +- .../cilium/ebpf/internal/linux/version.go | 34 ++ .../github.com/cilium/ebpf/internal/math.go | 28 +- .../github.com/cilium/ebpf/internal/sys/fd.go | 74 +++- .../cilium/ebpf/internal/sys/fd_trace.go | 93 ----- .../ebpf/internal/sys/mapflags_string.go | 53 --- .../cilium/ebpf/internal/{ => sys}/pinning.go | 16 +- .../cilium/ebpf/internal/sys/ptr.go | 6 +- .../cilium/ebpf/internal/sys/syscall.go | 37 +- .../cilium/ebpf/internal/sys/types.go | 185 ++++++++- .../cilium/ebpf/internal/sysenc/buffer.go | 10 +- .../internal/testutils/fdtrace/fd_trace.go | 103 +++++ .../ebpf/internal/testutils/fdtrace/main.go | 31 ++ .../cilium/ebpf/internal/tracefs/kprobe.go | 8 +- .../cilium/ebpf/internal/unix/types_linux.go | 5 +- .../cilium/ebpf/internal/unix/types_other.go | 5 +- .../cilium/ebpf/internal/version.go | 30 -- vendor/github.com/cilium/ebpf/link/kprobe.go | 12 +- .../cilium/ebpf/link/kprobe_multi.go | 8 +- vendor/github.com/cilium/ebpf/link/link.go | 15 +- .../github.com/cilium/ebpf/link/netfilter.go | 2 +- .../github.com/cilium/ebpf/link/perf_event.go | 8 +- .../github.com/cilium/ebpf/link/syscalls.go | 24 +- vendor/github.com/cilium/ebpf/link/tracing.go | 2 +- vendor/github.com/cilium/ebpf/link/uprobe.go | 6 +- .../cilium/ebpf/link/uprobe_multi.go | 13 +- vendor/github.com/cilium/ebpf/linker.go | 41 ++ vendor/github.com/cilium/ebpf/map.go | 127 ++++-- vendor/github.com/cilium/ebpf/memory.go | 145 +++++++ vendor/github.com/cilium/ebpf/prog.go | 102 +++-- vendor/github.com/cilium/ebpf/syscalls.go | 80 ++-- vendor/github.com/cilium/ebpf/types.go | 28 +- vendor/github.com/cilium/ebpf/types_string.go | 8 +- vendor/github.com/cilium/ebpf/variable.go | 230 +++++++++++ vendor/golang.org/x/exp/LICENSE | 27 -- vendor/golang.org/x/exp/PATENTS | 22 -- .../x/exp/constraints/constraints.go | 50 --- vendor/modules.txt | 9 +- 69 files changed, 2727 insertions(+), 865 deletions(-) create mode 100644 vendor/github.com/cilium/ebpf/internal/kallsyms/cache.go create mode 100644 vendor/github.com/cilium/ebpf/internal/kallsyms/reader.go rename vendor/github.com/cilium/ebpf/internal/{ => linux}/auxv.go (98%) create mode 100644 vendor/github.com/cilium/ebpf/internal/linux/doc.go create mode 100644 vendor/github.com/cilium/ebpf/internal/linux/kconfig.go rename vendor/github.com/cilium/ebpf/internal/{ => linux}/platform.go (97%) rename vendor/github.com/cilium/ebpf/internal/{ => linux}/statfs.go (96%) rename vendor/github.com/cilium/ebpf/internal/{ => linux}/vdso.go (93%) create mode 100644 vendor/github.com/cilium/ebpf/internal/linux/version.go delete mode 100644 vendor/github.com/cilium/ebpf/internal/sys/fd_trace.go delete mode 100644 vendor/github.com/cilium/ebpf/internal/sys/mapflags_string.go rename vendor/github.com/cilium/ebpf/internal/{ => sys}/pinning.go (77%) create mode 100644 vendor/github.com/cilium/ebpf/internal/testutils/fdtrace/fd_trace.go create mode 100644 vendor/github.com/cilium/ebpf/internal/testutils/fdtrace/main.go create mode 100644 vendor/github.com/cilium/ebpf/memory.go create mode 100644 vendor/github.com/cilium/ebpf/variable.go delete mode 100644 vendor/golang.org/x/exp/LICENSE delete mode 100644 vendor/golang.org/x/exp/PATENTS delete mode 100644 vendor/golang.org/x/exp/constraints/constraints.go diff --git a/go.mod b/go.mod index 3d844324a81..c90769e5af7 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,7 @@ toolchain go1.22.4 require ( github.com/checkpoint-restore/go-criu/v6 v6.3.0 - github.com/cilium/ebpf v0.16.0 + github.com/cilium/ebpf v0.17.0 github.com/containerd/console v1.0.4 github.com/coreos/go-systemd/v22 v22.5.0 github.com/cyphar/filepath-securejoin v0.3.6 @@ -35,5 +35,4 @@ require ( github.com/cpuguy83/go-md2man/v2 v2.0.5 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/vishvananda/netns v0.0.4 // indirect - golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2 // indirect ) diff --git a/go.sum b/go.sum index 53d1e395311..daf1b74a81c 100644 --- a/go.sum +++ b/go.sum @@ -1,8 +1,8 @@ github.com/BurntSushi/toml v1.4.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= github.com/checkpoint-restore/go-criu/v6 v6.3.0 h1:mIdrSO2cPNWQY1truPg6uHLXyKHk3Z5Odx4wjKOASzA= github.com/checkpoint-restore/go-criu/v6 v6.3.0/go.mod h1:rrRTN/uSwY2X+BPRl/gkulo9gsKOSAeVp9/K2tv7xZI= -github.com/cilium/ebpf v0.16.0 h1:+BiEnHL6Z7lXnlGUsXQPPAE7+kenAd4ES8MQ5min0Ok= -github.com/cilium/ebpf v0.16.0/go.mod h1:L7u2Blt2jMM/vLAVgjxluxtBKlz3/GWjB0dMOEngfwE= +github.com/cilium/ebpf v0.17.0 h1:wAgiAWE86w8DxbR/UJ9KsaaoUfjrO0yhg5yE7f898As= +github.com/cilium/ebpf v0.17.0/go.mod h1:vay2FaYSmIlv3r8dNACd4mW/OCaZLJKJOo+IHBvCIO8= github.com/containerd/console v1.0.4 h1:F2g4+oChYvBTsASRTz8NP6iIAi97J3TtSAsLbIFn4ro= github.com/containerd/console v1.0.4/go.mod h1:YynlIjWYF8myEu6sdkwKIvGQq+cOckRm6So2avqoYAk= github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs= @@ -81,8 +81,6 @@ github.com/vishvananda/netlink v1.3.0 h1:X7l42GfcV4S6E4vHTsw48qbrV+9PVojNfIhZcwQ github.com/vishvananda/netlink v1.3.0/go.mod h1:i6NetklAujEcC6fK0JPjT8qSwWyO0HLn4UKG+hGqeJs= github.com/vishvananda/netns v0.0.4 h1:Oeaw1EM2JMxD51g9uhtC0D7erkIjgmj8+JZc26m1YX8= github.com/vishvananda/netns v0.0.4/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM= -golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2 h1:Jvc7gsqn21cJHCmAWx0LiimpP18LZmUxkT5Mp7EZ1mI= -golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I= golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= diff --git a/vendor/github.com/cilium/ebpf/.golangci.yaml b/vendor/github.com/cilium/ebpf/.golangci.yaml index 65f91b910bf..366d4893f20 100644 --- a/vendor/github.com/cilium/ebpf/.golangci.yaml +++ b/vendor/github.com/cilium/ebpf/.golangci.yaml @@ -11,3 +11,9 @@ linters: - typecheck - unused - gofmt +linters-settings: + goimports: + # A comma-separated list of prefixes, which, if set, checks import paths + # with the given prefixes are grouped after 3rd-party packages. + # Default: "" + local-prefixes: github.com/cilium/ebpf diff --git a/vendor/github.com/cilium/ebpf/CODEOWNERS b/vendor/github.com/cilium/ebpf/CODEOWNERS index ca65d23c09d..0f76dce85c8 100644 --- a/vendor/github.com/cilium/ebpf/CODEOWNERS +++ b/vendor/github.com/cilium/ebpf/CODEOWNERS @@ -9,3 +9,5 @@ ringbuf/ @florianl btf/ @dylandreimerink cmd/bpf2go/ @mejedi + +docs/ @ti-mo diff --git a/vendor/github.com/cilium/ebpf/Makefile b/vendor/github.com/cilium/ebpf/Makefile index d355eea71ca..e0fe9749206 100644 --- a/vendor/github.com/cilium/ebpf/Makefile +++ b/vendor/github.com/cilium/ebpf/Makefile @@ -39,16 +39,18 @@ TARGETS := \ testdata/subprog_reloc \ testdata/fwd_decl \ testdata/kconfig \ - testdata/kconfig_config \ + testdata/ksym \ testdata/kfunc \ testdata/invalid-kfunc \ testdata/kfunc-kmod \ testdata/constants \ testdata/errors \ + testdata/variables \ btf/testdata/relocs \ btf/testdata/relocs_read \ btf/testdata/relocs_read_tgt \ btf/testdata/relocs_enum \ + btf/testdata/tags \ cmd/bpf2go/testdata/minimal .PHONY: all clean container-all container-shell generate @@ -57,7 +59,7 @@ TARGETS := \ # Build all ELF binaries using a containerized LLVM toolchain. container-all: - +${CONTAINER_ENGINE} run --rm -t ${CONTAINER_RUN_ARGS} \ + +${CONTAINER_ENGINE} run --rm -ti ${CONTAINER_RUN_ARGS} \ -v "${REPODIR}":/ebpf -w /ebpf --env MAKEFLAGS \ --env HOME="/tmp" \ --env BPF2GO_CC="$(CLANG)" \ diff --git a/vendor/github.com/cilium/ebpf/README.md b/vendor/github.com/cilium/ebpf/README.md index 85871db1ae3..8238256c8ed 100644 --- a/vendor/github.com/cilium/ebpf/README.md +++ b/vendor/github.com/cilium/ebpf/README.md @@ -53,6 +53,7 @@ This library includes the following packages: * [rlimit](https://pkg.go.dev/github.com/cilium/ebpf/rlimit) provides a convenient API to lift the `RLIMIT_MEMLOCK` constraint on kernels before 5.11. * [btf](https://pkg.go.dev/github.com/cilium/ebpf/btf) allows reading the BPF Type Format. +* [pin](https://pkg.go.dev/github.com/cilium/ebpf/pin) provides APIs for working with pinned objects on bpffs. ## Requirements diff --git a/vendor/github.com/cilium/ebpf/asm/instruction.go b/vendor/github.com/cilium/ebpf/asm/instruction.go index 67cd39d6f67..86b384c02a9 100644 --- a/vendor/github.com/cilium/ebpf/asm/instruction.go +++ b/vendor/github.com/cilium/ebpf/asm/instruction.go @@ -12,7 +12,6 @@ import ( "strings" "github.com/cilium/ebpf/internal/sys" - "github.com/cilium/ebpf/internal/unix" ) // InstructionSize is the size of a BPF instruction in bytes @@ -804,7 +803,7 @@ func (insns Instructions) Tag(bo binary.ByteOrder) (string, error) { return "", fmt.Errorf("instruction %d: %w", i, err) } } - return hex.EncodeToString(h.Sum(nil)[:unix.BPF_TAG_SIZE]), nil + return hex.EncodeToString(h.Sum(nil)[:sys.BPF_TAG_SIZE]), nil } // encodeFunctionReferences populates the Offset (or Constant, depending on diff --git a/vendor/github.com/cilium/ebpf/btf/btf.go b/vendor/github.com/cilium/ebpf/btf/btf.go index 671f680b2af..880c5ade0c1 100644 --- a/vendor/github.com/cilium/ebpf/btf/btf.go +++ b/vendor/github.com/cilium/ebpf/btf/btf.go @@ -443,13 +443,19 @@ func fixupDatasec(types []Type, sectionSizes map[string]uint32, offsets map[symb // Some Datasecs are virtual and don't have corresponding ELF sections. switch name { case ".ksyms": - // .ksyms describes forward declarations of kfunc signatures. + // .ksyms describes forward declarations of kfunc signatures, as well as + // references to kernel symbols. // Nothing to fix up, all sizes and offsets are 0. for _, vsi := range ds.Vars { - _, ok := vsi.Type.(*Func) - if !ok { - // Only Funcs are supported in the .ksyms Datasec. - return fmt.Errorf("data section %s: expected *btf.Func, not %T: %w", name, vsi.Type, ErrNotSupported) + switch t := vsi.Type.(type) { + case *Func: + continue + case *Var: + if _, ok := t.Type.(*Void); !ok { + return fmt.Errorf("data section %s: expected %s to be *Void, not %T: %w", name, vsi.Type.TypeName(), vsi.Type, ErrNotSupported) + } + default: + return fmt.Errorf("data section %s: expected to be either *btf.Func or *btf.Var, not %T: %w", name, vsi.Type, ErrNotSupported) } } @@ -695,5 +701,13 @@ func (iter *TypesIterator) Next() bool { iter.Type, ok = iter.spec.typeByID(iter.id) iter.id++ iter.done = !ok + if !iter.done { + // Skip declTags, during unmarshaling declTags become `Tags` fields of other types. + // We keep them in the spec to avoid holes in the ID space, but for the purposes of + // iteration, they are not useful to the user. + if _, ok := iter.Type.(*declTag); ok { + return iter.Next() + } + } return !iter.done } diff --git a/vendor/github.com/cilium/ebpf/btf/btf_types.go b/vendor/github.com/cilium/ebpf/btf/btf_types.go index f0e327abc0e..320311b3320 100644 --- a/vendor/github.com/cilium/ebpf/btf/btf_types.go +++ b/vendor/github.com/cilium/ebpf/btf/btf_types.go @@ -39,6 +39,7 @@ const ( kindFloat // Float // Added 5.16 kindDeclTag // DeclTag + // Added 5.17 kindTypeTag // TypeTag // Added 6.0 kindEnum64 // Enum64 diff --git a/vendor/github.com/cilium/ebpf/btf/ext_info.go b/vendor/github.com/cilium/ebpf/btf/ext_info.go index eb9044badf2..2c684fe2a79 100644 --- a/vendor/github.com/cilium/ebpf/btf/ext_info.go +++ b/vendor/github.com/cilium/ebpf/btf/ext_info.go @@ -16,8 +16,8 @@ import ( // ExtInfos contains ELF section metadata. type ExtInfos struct { // The slices are sorted by offset in ascending order. - funcInfos map[string]FuncInfos - lineInfos map[string]LineInfos + funcInfos map[string]FuncOffsets + lineInfos map[string]LineOffsets relocationInfos map[string]CORERelocationInfos } @@ -58,9 +58,9 @@ func loadExtInfos(r io.ReaderAt, bo binary.ByteOrder, spec *Spec) (*ExtInfos, er return nil, fmt.Errorf("parsing BTF function info: %w", err) } - funcInfos := make(map[string]FuncInfos, len(btfFuncInfos)) + funcInfos := make(map[string]FuncOffsets, len(btfFuncInfos)) for section, bfis := range btfFuncInfos { - funcInfos[section], err = newFuncInfos(bfis, spec) + funcInfos[section], err = newFuncOffsets(bfis, spec) if err != nil { return nil, fmt.Errorf("section %s: func infos: %w", section, err) } @@ -72,7 +72,7 @@ func loadExtInfos(r io.ReaderAt, bo binary.ByteOrder, spec *Spec) (*ExtInfos, er return nil, fmt.Errorf("parsing BTF line info: %w", err) } - lineInfos := make(map[string]LineInfos, len(btfLineInfos)) + lineInfos := make(map[string]LineOffsets, len(btfLineInfos)) for section, blis := range btfLineInfos { lineInfos[section], err = newLineInfos(blis, spec.strings) if err != nil { @@ -102,8 +102,10 @@ func loadExtInfos(r io.ReaderAt, bo binary.ByteOrder, spec *Spec) (*ExtInfos, er return &ExtInfos{funcInfos, lineInfos, coreRelos}, nil } -type funcInfoMeta struct{} -type coreRelocationMeta struct{} +type ( + funcInfoMeta struct{} + coreRelocationMeta struct{} +) // Assign per-section metadata from BTF to a section's instructions. func (ei *ExtInfos) Assign(insns asm.Instructions, section string) { @@ -117,20 +119,20 @@ func (ei *ExtInfos) Assign(insns asm.Instructions, section string) { // Assign per-instruction metadata to the instructions in insns. func AssignMetadataToInstructions( insns asm.Instructions, - funcInfos FuncInfos, - lineInfos LineInfos, + funcInfos FuncOffsets, + lineInfos LineOffsets, reloInfos CORERelocationInfos, ) { iter := insns.Iterate() for iter.Next() { - if len(funcInfos.infos) > 0 && funcInfos.infos[0].offset == iter.Offset { - *iter.Ins = WithFuncMetadata(*iter.Ins, funcInfos.infos[0].fn) - funcInfos.infos = funcInfos.infos[1:] + if len(funcInfos) > 0 && funcInfos[0].Offset == iter.Offset { + *iter.Ins = WithFuncMetadata(*iter.Ins, funcInfos[0].Func) + funcInfos = funcInfos[1:] } - if len(lineInfos.infos) > 0 && lineInfos.infos[0].offset == iter.Offset { - *iter.Ins = iter.Ins.WithSource(lineInfos.infos[0].line) - lineInfos.infos = lineInfos.infos[1:] + if len(lineInfos) > 0 && lineInfos[0].Offset == iter.Offset { + *iter.Ins = iter.Ins.WithSource(lineInfos[0].Line) + lineInfos = lineInfos[1:] } if len(reloInfos.infos) > 0 && reloInfos.infos[0].offset == iter.Offset { @@ -159,9 +161,9 @@ marshal: var fiBuf, liBuf bytes.Buffer for { if fn := FuncMetadata(iter.Ins); fn != nil { - fi := &funcInfo{ - fn: fn, - offset: iter.Offset, + fi := &FuncOffset{ + Func: fn, + Offset: iter.Offset, } if err := fi.marshal(&fiBuf, b); err != nil { return nil, nil, fmt.Errorf("write func info: %w", err) @@ -178,9 +180,9 @@ marshal: } } - li := &lineInfo{ - line: line, - offset: iter.Offset, + li := &LineOffset{ + Offset: iter.Offset, + Line: line, } if err := li.marshal(&liBuf, b); err != nil { return nil, nil, fmt.Errorf("write line info: %w", err) @@ -333,17 +335,17 @@ func parseExtInfoRecordSize(r io.Reader, bo binary.ByteOrder) (uint32, error) { return recordSize, nil } -// FuncInfos contains a sorted list of func infos. -type FuncInfos struct { - infos []funcInfo -} +// FuncOffsets is a sorted slice of FuncOffset. +type FuncOffsets []FuncOffset // The size of a FuncInfo in BTF wire format. var FuncInfoSize = uint32(binary.Size(bpfFuncInfo{})) -type funcInfo struct { - fn *Func - offset asm.RawInstructionOffset +// FuncOffset represents a [btf.Func] and its raw instruction offset within a +// BPF program. +type FuncOffset struct { + Offset asm.RawInstructionOffset + Func *Func } type bpfFuncInfo struct { @@ -352,7 +354,7 @@ type bpfFuncInfo struct { TypeID TypeID } -func newFuncInfo(fi bpfFuncInfo, spec *Spec) (*funcInfo, error) { +func newFuncOffset(fi bpfFuncInfo, spec *Spec) (*FuncOffset, error) { typ, err := spec.TypeByID(fi.TypeID) if err != nil { return nil, err @@ -368,31 +370,32 @@ func newFuncInfo(fi bpfFuncInfo, spec *Spec) (*funcInfo, error) { return nil, fmt.Errorf("func with type ID %d doesn't have a name", fi.TypeID) } - return &funcInfo{ - fn, + return &FuncOffset{ asm.RawInstructionOffset(fi.InsnOff), + fn, }, nil } -func newFuncInfos(bfis []bpfFuncInfo, spec *Spec) (FuncInfos, error) { - fis := FuncInfos{ - infos: make([]funcInfo, 0, len(bfis)), - } +func newFuncOffsets(bfis []bpfFuncInfo, spec *Spec) (FuncOffsets, error) { + fos := make(FuncOffsets, 0, len(bfis)) + for _, bfi := range bfis { - fi, err := newFuncInfo(bfi, spec) + fi, err := newFuncOffset(bfi, spec) if err != nil { - return FuncInfos{}, fmt.Errorf("offset %d: %w", bfi.InsnOff, err) + return FuncOffsets{}, fmt.Errorf("offset %d: %w", bfi.InsnOff, err) } - fis.infos = append(fis.infos, *fi) + fos = append(fos, *fi) } - sort.Slice(fis.infos, func(i, j int) bool { - return fis.infos[i].offset <= fis.infos[j].offset + sort.Slice(fos, func(i, j int) bool { + return fos[i].Offset <= fos[j].Offset }) - return fis, nil + return fos, nil } -// LoadFuncInfos parses BTF func info in kernel wire format. -func LoadFuncInfos(reader io.Reader, bo binary.ByteOrder, recordNum uint32, spec *Spec) (FuncInfos, error) { +// LoadFuncInfos parses BTF func info from kernel wire format into a +// [FuncOffsets], a sorted slice of [btf.Func]s of (sub)programs within a BPF +// program with their corresponding raw instruction offsets. +func LoadFuncInfos(reader io.Reader, bo binary.ByteOrder, recordNum uint32, spec *Spec) (FuncOffsets, error) { fis, err := parseFuncInfoRecords( reader, bo, @@ -401,20 +404,20 @@ func LoadFuncInfos(reader io.Reader, bo binary.ByteOrder, recordNum uint32, spec false, ) if err != nil { - return FuncInfos{}, fmt.Errorf("parsing BTF func info: %w", err) + return FuncOffsets{}, fmt.Errorf("parsing BTF func info: %w", err) } - return newFuncInfos(fis, spec) + return newFuncOffsets(fis, spec) } // marshal into the BTF wire format. -func (fi *funcInfo) marshal(w *bytes.Buffer, b *Builder) error { - id, err := b.Add(fi.fn) +func (fi *FuncOffset) marshal(w *bytes.Buffer, b *Builder) error { + id, err := b.Add(fi.Func) if err != nil { return err } bfi := bpfFuncInfo{ - InsnOff: uint32(fi.offset), + InsnOff: uint32(fi.Offset), TypeID: id, } buf := make([]byte, FuncInfoSize) @@ -515,14 +518,13 @@ func (li *Line) String() string { return li.line } -// LineInfos contains a sorted list of line infos. -type LineInfos struct { - infos []lineInfo -} +// LineOffsets contains a sorted list of line infos. +type LineOffsets []LineOffset -type lineInfo struct { - line *Line - offset asm.RawInstructionOffset +// LineOffset represents a line info and its raw instruction offset. +type LineOffset struct { + Offset asm.RawInstructionOffset + Line *Line } // Constants for the format of bpfLineInfo.LineCol. @@ -541,7 +543,7 @@ type bpfLineInfo struct { } // LoadLineInfos parses BTF line info in kernel wire format. -func LoadLineInfos(reader io.Reader, bo binary.ByteOrder, recordNum uint32, spec *Spec) (LineInfos, error) { +func LoadLineInfos(reader io.Reader, bo binary.ByteOrder, recordNum uint32, spec *Spec) (LineOffsets, error) { lis, err := parseLineInfoRecords( reader, bo, @@ -550,57 +552,55 @@ func LoadLineInfos(reader io.Reader, bo binary.ByteOrder, recordNum uint32, spec false, ) if err != nil { - return LineInfos{}, fmt.Errorf("parsing BTF line info: %w", err) + return LineOffsets{}, fmt.Errorf("parsing BTF line info: %w", err) } return newLineInfos(lis, spec.strings) } -func newLineInfo(li bpfLineInfo, strings *stringTable) (lineInfo, error) { +func newLineInfo(li bpfLineInfo, strings *stringTable) (LineOffset, error) { line, err := strings.Lookup(li.LineOff) if err != nil { - return lineInfo{}, fmt.Errorf("lookup of line: %w", err) + return LineOffset{}, fmt.Errorf("lookup of line: %w", err) } fileName, err := strings.Lookup(li.FileNameOff) if err != nil { - return lineInfo{}, fmt.Errorf("lookup of filename: %w", err) + return LineOffset{}, fmt.Errorf("lookup of filename: %w", err) } lineNumber := li.LineCol >> bpfLineShift lineColumn := li.LineCol & bpfColumnMax - return lineInfo{ + return LineOffset{ + asm.RawInstructionOffset(li.InsnOff), &Line{ fileName, line, lineNumber, lineColumn, }, - asm.RawInstructionOffset(li.InsnOff), }, nil } -func newLineInfos(blis []bpfLineInfo, strings *stringTable) (LineInfos, error) { - lis := LineInfos{ - infos: make([]lineInfo, 0, len(blis)), - } +func newLineInfos(blis []bpfLineInfo, strings *stringTable) (LineOffsets, error) { + lis := make([]LineOffset, 0, len(blis)) for _, bli := range blis { li, err := newLineInfo(bli, strings) if err != nil { - return LineInfos{}, fmt.Errorf("offset %d: %w", bli.InsnOff, err) + return LineOffsets{}, fmt.Errorf("offset %d: %w", bli.InsnOff, err) } - lis.infos = append(lis.infos, li) + lis = append(lis, li) } - sort.Slice(lis.infos, func(i, j int) bool { - return lis.infos[i].offset <= lis.infos[j].offset + sort.Slice(lis, func(i, j int) bool { + return lis[i].Offset <= lis[j].Offset }) return lis, nil } // marshal writes the binary representation of the LineInfo to w. -func (li *lineInfo) marshal(w *bytes.Buffer, b *Builder) error { - line := li.line +func (li *LineOffset) marshal(w *bytes.Buffer, b *Builder) error { + line := li.Line if line.lineNumber > bpfLineMax { return fmt.Errorf("line %d exceeds %d", line.lineNumber, bpfLineMax) } @@ -620,7 +620,7 @@ func (li *lineInfo) marshal(w *bytes.Buffer, b *Builder) error { } bli := bpfLineInfo{ - uint32(li.offset), + uint32(li.Offset), fileNameOff, lineOff, (line.lineNumber << bpfLineShift) | line.lineColumn, @@ -799,7 +799,7 @@ func parseCORERelos(r io.Reader, bo binary.ByteOrder, strings *stringTable) (map return nil, err } - records, err := parseCOREReloRecords(r, bo, recordSize, infoHeader.NumInfo) + records, err := parseCOREReloRecords(r, bo, infoHeader.NumInfo) if err != nil { return nil, fmt.Errorf("section %v: %w", secName, err) } @@ -811,7 +811,7 @@ func parseCORERelos(r io.Reader, bo binary.ByteOrder, strings *stringTable) (map // parseCOREReloRecords parses a stream of CO-RE relocation entries into a // coreRelos. These records appear after a btf_ext_info_sec header in the // core_relos sub-section of .BTF.ext. -func parseCOREReloRecords(r io.Reader, bo binary.ByteOrder, recordSize uint32, recordNum uint32) ([]bpfCORERelo, error) { +func parseCOREReloRecords(r io.Reader, bo binary.ByteOrder, recordNum uint32) ([]bpfCORERelo, error) { var out []bpfCORERelo var relo bpfCORERelo diff --git a/vendor/github.com/cilium/ebpf/btf/feature.go b/vendor/github.com/cilium/ebpf/btf/feature.go index 6feb08dfbb0..e71c707fe4d 100644 --- a/vendor/github.com/cilium/ebpf/btf/feature.go +++ b/vendor/github.com/cilium/ebpf/btf/feature.go @@ -11,19 +11,19 @@ import ( // haveBTF attempts to load a BTF blob containing an Int. It should pass on any // kernel that supports BPF_BTF_LOAD. -var haveBTF = internal.NewFeatureTest("BTF", "4.18", func() error { +var haveBTF = internal.NewFeatureTest("BTF", func() error { // 0-length anonymous integer err := probeBTF(&Int{}) if errors.Is(err, unix.EINVAL) || errors.Is(err, unix.EPERM) { return internal.ErrNotSupported } return err -}) +}, "4.18") // haveMapBTF attempts to load a minimal BTF blob containing a Var. It is // used as a proxy for .bss, .data and .rodata map support, which generally // come with a Var and Datasec. These were introduced in Linux 5.2. -var haveMapBTF = internal.NewFeatureTest("Map BTF (Var/Datasec)", "5.2", func() error { +var haveMapBTF = internal.NewFeatureTest("Map BTF (Var/Datasec)", func() error { if err := haveBTF(); err != nil { return err } @@ -40,12 +40,12 @@ var haveMapBTF = internal.NewFeatureTest("Map BTF (Var/Datasec)", "5.2", func() return internal.ErrNotSupported } return err -}) +}, "5.2") // haveProgBTF attempts to load a BTF blob containing a Func and FuncProto. It // is used as a proxy for ext_info (func_info) support, which depends on // Func(Proto) by definition. -var haveProgBTF = internal.NewFeatureTest("Program BTF (func/line_info)", "5.0", func() error { +var haveProgBTF = internal.NewFeatureTest("Program BTF (func/line_info)", func() error { if err := haveBTF(); err != nil { return err } @@ -60,9 +60,9 @@ var haveProgBTF = internal.NewFeatureTest("Program BTF (func/line_info)", "5.0", return internal.ErrNotSupported } return err -}) +}, "5.0") -var haveFuncLinkage = internal.NewFeatureTest("BTF func linkage", "5.6", func() error { +var haveFuncLinkage = internal.NewFeatureTest("BTF func linkage", func() error { if err := haveProgBTF(); err != nil { return err } @@ -78,9 +78,44 @@ var haveFuncLinkage = internal.NewFeatureTest("BTF func linkage", "5.6", func() return internal.ErrNotSupported } return err -}) +}, "5.6") -var haveEnum64 = internal.NewFeatureTest("ENUM64", "6.0", func() error { +var haveDeclTags = internal.NewFeatureTest("BTF decl tags", func() error { + if err := haveBTF(); err != nil { + return err + } + + t := &Typedef{ + Name: "a", + Type: &Int{}, + Tags: []string{"a"}, + } + + err := probeBTF(t) + if errors.Is(err, unix.EINVAL) { + return internal.ErrNotSupported + } + return err +}, "5.16") + +var haveTypeTags = internal.NewFeatureTest("BTF type tags", func() error { + if err := haveBTF(); err != nil { + return err + } + + t := &TypeTag{ + Type: &Int{}, + Value: "a", + } + + err := probeBTF(t) + if errors.Is(err, unix.EINVAL) { + return internal.ErrNotSupported + } + return err +}, "5.17") + +var haveEnum64 = internal.NewFeatureTest("ENUM64", func() error { if err := haveBTF(); err != nil { return err } @@ -97,7 +132,7 @@ var haveEnum64 = internal.NewFeatureTest("ENUM64", "6.0", func() error { return internal.ErrNotSupported } return err -}) +}, "6.0") func probeBTF(typ Type) error { b, err := NewBuilder([]Type{typ}) diff --git a/vendor/github.com/cilium/ebpf/btf/format.go b/vendor/github.com/cilium/ebpf/btf/format.go index 5e581b4a851..3e0dedaa2bd 100644 --- a/vendor/github.com/cilium/ebpf/btf/format.go +++ b/vendor/github.com/cilium/ebpf/btf/format.go @@ -161,6 +161,9 @@ func (gf *GoFormatter) writeTypeLit(typ Type, depth int) error { case *Datasec: err = gf.writeDatasecLit(v, depth) + case *Var: + err = gf.writeTypeLit(v.Type, depth) + default: return fmt.Errorf("type %T: %w", v, ErrNotSupported) } diff --git a/vendor/github.com/cilium/ebpf/btf/kernel.go b/vendor/github.com/cilium/ebpf/btf/kernel.go index 8584ebcb932..1a9321f054c 100644 --- a/vendor/github.com/cilium/ebpf/btf/kernel.go +++ b/vendor/github.com/cilium/ebpf/btf/kernel.go @@ -8,7 +8,7 @@ import ( "sync" "github.com/cilium/ebpf/internal" - "github.com/cilium/ebpf/internal/kallsyms" + "github.com/cilium/ebpf/internal/linux" ) var kernelBTF = struct { @@ -21,8 +21,6 @@ var kernelBTF = struct { // FlushKernelSpec removes any cached kernel type information. func FlushKernelSpec() { - kallsyms.FlushKernelModuleCache() - kernelBTF.Lock() defer kernelBTF.Unlock() @@ -130,7 +128,7 @@ func loadKernelModuleSpec(module string, base *Spec) (*Spec, error) { // findVMLinux scans multiple well-known paths for vmlinux kernel images. func findVMLinux() (*os.File, error) { - release, err := internal.KernelRelease() + release, err := linux.KernelRelease() if err != nil { return nil, err } diff --git a/vendor/github.com/cilium/ebpf/btf/marshal.go b/vendor/github.com/cilium/ebpf/btf/marshal.go index f14cfa6e973..d7204e62476 100644 --- a/vendor/github.com/cilium/ebpf/btf/marshal.go +++ b/vendor/github.com/cilium/ebpf/btf/marshal.go @@ -18,6 +18,10 @@ type MarshalOptions struct { Order binary.ByteOrder // Remove function linkage information for compatibility with <5.6 kernels. StripFuncLinkage bool + // Replace decl tags with a placeholder for compatibility with <5.16 kernels. + ReplaceDeclTags bool + // Replace TypeTags with a placeholder for compatibility with <5.17 kernels. + ReplaceTypeTags bool // Replace Enum64 with a placeholder for compatibility with <6.0 kernels. ReplaceEnum64 bool // Prevent the "No type found" error when loading BTF without any types. @@ -29,6 +33,8 @@ func KernelMarshalOptions() *MarshalOptions { return &MarshalOptions{ Order: internal.NativeEndian, StripFuncLinkage: haveFuncLinkage() != nil, + ReplaceDeclTags: haveDeclTags() != nil, + ReplaceTypeTags: haveTypeTags() != nil, ReplaceEnum64: haveEnum64() != nil, PreventNoTypeFound: true, // All current kernels require this. } @@ -318,15 +324,7 @@ func (e *encoder) deflateType(typ Type) (err error) { return errors.New("Void is implicit in BTF wire format") case *Int: - raw.SetKind(kindInt) - raw.SetSize(v.Size) - - var bi btfInt - bi.SetEncoding(v.Encoding) - // We need to set bits in addition to size, since btf_type_int_is_regular - // otherwise flags this as a bitfield. - bi.SetBits(byte(v.Size) * 8) - raw.data = bi + e.deflateInt(&raw, v) case *Pointer: raw.SetKind(kindPointer) @@ -368,8 +366,7 @@ func (e *encoder) deflateType(typ Type) (err error) { raw.SetType(e.id(v.Type)) case *Const: - raw.SetKind(kindConst) - raw.SetType(e.id(v.Type)) + e.deflateConst(&raw, v) case *Restrict: raw.SetKind(kindRestrict) @@ -404,15 +401,10 @@ func (e *encoder) deflateType(typ Type) (err error) { raw.SetSize(v.Size) case *declTag: - raw.SetKind(kindDeclTag) - raw.SetType(e.id(v.Type)) - raw.data = &btfDeclTag{uint32(v.Index)} - raw.NameOff, err = e.strings.Add(v.Value) + err = e.deflateDeclTag(&raw, v) - case *typeTag: - raw.SetKind(kindTypeTag) - raw.SetType(e.id(v.Type)) - raw.NameOff, err = e.strings.Add(v.Value) + case *TypeTag: + err = e.deflateTypeTag(&raw, v) default: return fmt.Errorf("don't know how to deflate %T", v) @@ -425,6 +417,57 @@ func (e *encoder) deflateType(typ Type) (err error) { return raw.Marshal(e.buf, e.Order) } +func (e *encoder) deflateInt(raw *rawType, i *Int) { + raw.SetKind(kindInt) + raw.SetSize(i.Size) + + var bi btfInt + bi.SetEncoding(i.Encoding) + // We need to set bits in addition to size, since btf_type_int_is_regular + // otherwise flags this as a bitfield. + bi.SetBits(byte(i.Size) * 8) + raw.data = bi +} + +func (e *encoder) deflateDeclTag(raw *rawType, tag *declTag) (err error) { + // Replace a decl tag with an integer for compatibility with <5.16 kernels, + // following libbpf behaviour. + if e.ReplaceDeclTags { + typ := &Int{"decl_tag_placeholder", 1, Unsigned} + e.deflateInt(raw, typ) + + // Add the placeholder type name to the string table. The encoder added the + // original type name before this call. + raw.NameOff, err = e.strings.Add(typ.TypeName()) + return + } + + raw.SetKind(kindDeclTag) + raw.SetType(e.id(tag.Type)) + raw.data = &btfDeclTag{uint32(tag.Index)} + raw.NameOff, err = e.strings.Add(tag.Value) + return +} + +func (e *encoder) deflateConst(raw *rawType, c *Const) { + raw.SetKind(kindConst) + raw.SetType(e.id(c.Type)) +} + +func (e *encoder) deflateTypeTag(raw *rawType, tag *TypeTag) (err error) { + // Replace a type tag with a const qualifier for compatibility with <5.17 + // kernels, following libbpf behaviour. + if e.ReplaceTypeTags { + e.deflateConst(raw, &Const{tag.Type}) + return + } + + raw.SetKind(kindTypeTag) + raw.SetType(e.id(tag.Type)) + raw.NameOff, err = e.strings.Add(tag.Value) + return +} + func (e *encoder) deflateUnion(raw *rawType, union *Union) (err error) { raw.SetKind(kindUnion) raw.SetSize(union.Size) @@ -521,7 +564,7 @@ func (e *encoder) deflateEnum64(raw *rawType, enum *Enum) (err error) { }) } - return e.deflateUnion(raw, &Union{enum.Name, enum.Size, members}) + return e.deflateUnion(raw, &Union{enum.Name, enum.Size, members, nil}) } raw.SetKind(kindEnum64) diff --git a/vendor/github.com/cilium/ebpf/btf/traversal.go b/vendor/github.com/cilium/ebpf/btf/traversal.go index c39dc66e46c..13647d931ff 100644 --- a/vendor/github.com/cilium/ebpf/btf/traversal.go +++ b/vendor/github.com/cilium/ebpf/btf/traversal.go @@ -40,9 +40,12 @@ func children(typ Type, yield func(child *Type) bool) bool { // Explicitly type switch on the most common types to allow the inliner to // do its work. This avoids allocating intermediate slices from walk() on // the heap. + var tags []string switch v := typ.(type) { - case *Void, *Int, *Enum, *Fwd, *Float: + case *Void, *Int, *Enum, *Fwd, *Float, *declTag: // No children to traverse. + // declTags is declared as a leaf type since it's parsed into .Tags fields of other types + // during unmarshaling. case *Pointer: if !yield(&v.Target) { return false @@ -59,17 +62,32 @@ func children(typ Type, yield func(child *Type) bool) bool { if !yield(&v.Members[i].Type) { return false } + for _, t := range v.Members[i].Tags { + var tag Type = &declTag{v, t, i} + if !yield(&tag) { + return false + } + } } + tags = v.Tags case *Union: for i := range v.Members { if !yield(&v.Members[i].Type) { return false } + for _, t := range v.Members[i].Tags { + var tag Type = &declTag{v, t, i} + if !yield(&tag) { + return false + } + } } + tags = v.Tags case *Typedef: if !yield(&v.Type) { return false } + tags = v.Tags case *Volatile: if !yield(&v.Type) { return false @@ -86,6 +104,20 @@ func children(typ Type, yield func(child *Type) bool) bool { if !yield(&v.Type) { return false } + if fp, ok := v.Type.(*FuncProto); ok { + for i := range fp.Params { + if len(v.ParamTags) <= i { + continue + } + for _, t := range v.ParamTags[i] { + var tag Type = &declTag{v, t, i} + if !yield(&tag) { + return false + } + } + } + } + tags = v.Tags case *FuncProto: if !yield(&v.Return) { return false @@ -99,17 +131,14 @@ func children(typ Type, yield func(child *Type) bool) bool { if !yield(&v.Type) { return false } + tags = v.Tags case *Datasec: for i := range v.Vars { if !yield(&v.Vars[i].Type) { return false } } - case *declTag: - if !yield(&v.Type) { - return false - } - case *typeTag: + case *TypeTag: if !yield(&v.Type) { return false } @@ -119,5 +148,12 @@ func children(typ Type, yield func(child *Type) bool) bool { panic(fmt.Sprintf("don't know how to walk Type %T", v)) } + for _, t := range tags { + var tag Type = &declTag{typ, t, -1} + if !yield(&tag) { + return false + } + } + return true } diff --git a/vendor/github.com/cilium/ebpf/btf/types.go b/vendor/github.com/cilium/ebpf/btf/types.go index a3397460b9d..dbcdf9dd7aa 100644 --- a/vendor/github.com/cilium/ebpf/btf/types.go +++ b/vendor/github.com/cilium/ebpf/btf/types.go @@ -67,7 +67,7 @@ var ( _ Type = (*Datasec)(nil) _ Type = (*Float)(nil) _ Type = (*declTag)(nil) - _ Type = (*typeTag)(nil) + _ Type = (*TypeTag)(nil) _ Type = (*cycle)(nil) ) @@ -169,6 +169,7 @@ type Struct struct { // The size of the struct including padding, in bytes Size uint32 Members []Member + Tags []string } func (s *Struct) Format(fs fmt.State, verb rune) { @@ -182,6 +183,7 @@ func (s *Struct) size() uint32 { return s.Size } func (s *Struct) copy() Type { cpy := *s cpy.Members = copyMembers(s.Members) + cpy.Tags = copyTags(cpy.Tags) return &cpy } @@ -195,6 +197,7 @@ type Union struct { // The size of the union including padding, in bytes. Size uint32 Members []Member + Tags []string } func (u *Union) Format(fs fmt.State, verb rune) { @@ -208,6 +211,7 @@ func (u *Union) size() uint32 { return u.Size } func (u *Union) copy() Type { cpy := *u cpy.Members = copyMembers(u.Members) + cpy.Tags = copyTags(cpy.Tags) return &cpy } @@ -218,6 +222,18 @@ func (u *Union) members() []Member { func copyMembers(orig []Member) []Member { cpy := make([]Member, len(orig)) copy(cpy, orig) + for i, member := range cpy { + cpy[i].Tags = copyTags(member.Tags) + } + return cpy +} + +func copyTags(orig []string) []string { + if orig == nil { // preserve nil vs zero-len slice distinction + return nil + } + cpy := make([]string, len(orig)) + copy(cpy, orig) return cpy } @@ -247,6 +263,7 @@ type Member struct { Type Type Offset Bits BitfieldSize Bits + Tags []string } // Enum lists possible values. @@ -334,6 +351,7 @@ func (f *Fwd) matches(typ Type) bool { type Typedef struct { Name string Type Type + Tags []string } func (td *Typedef) Format(fs fmt.State, verb rune) { @@ -344,6 +362,7 @@ func (td *Typedef) TypeName() string { return td.Name } func (td *Typedef) copy() Type { cpy := *td + cpy.Tags = copyTags(td.Tags) return &cpy } @@ -403,6 +422,12 @@ type Func struct { Name string Type Type Linkage FuncLinkage + Tags []string + // ParamTags holds a list of tags for each parameter of the FuncProto to which `Type` points. + // If no tags are present for any param, the outer slice will be nil/len(ParamTags)==0. + // If at least 1 param has a tag, the outer slice will have the same length as the number of params. + // The inner slice contains the tags and may be nil/len(ParamTags[i])==0 if no tags are present for that param. + ParamTags [][]string } func FuncMetadata(ins *asm.Instruction) *Func { @@ -424,6 +449,14 @@ func (f *Func) TypeName() string { return f.Name } func (f *Func) copy() Type { cpy := *f + cpy.Tags = copyTags(f.Tags) + if f.ParamTags != nil { // preserve nil vs zero-len slice distinction + ptCopy := make([][]string, len(f.ParamTags)) + for i, tags := range f.ParamTags { + ptCopy[i] = copyTags(tags) + } + cpy.ParamTags = ptCopy + } return &cpy } @@ -456,6 +489,7 @@ type Var struct { Name string Type Type Linkage VarLinkage + Tags []string } func (v *Var) Format(fs fmt.State, verb rune) { @@ -466,6 +500,7 @@ func (v *Var) TypeName() string { return v.Name } func (v *Var) copy() Type { cpy := *v + cpy.Tags = copyTags(v.Tags) return &cpy } @@ -540,19 +575,25 @@ func (dt *declTag) copy() Type { return &cpy } -// typeTag associates metadata with a type. -type typeTag struct { +// TypeTag associates metadata with a pointer type. Tag types act as a custom +// modifier(const, restrict, volatile) for the target type. Unlike declTags, +// TypeTags are ordered so the order in which they are added matters. +// +// One of their uses is to mark pointers as `__kptr` meaning a pointer points +// to kernel memory. Adding a `__kptr` to pointers in map values allows you +// to store pointers to kernel memory in maps. +type TypeTag struct { Type Type Value string } -func (tt *typeTag) Format(fs fmt.State, verb rune) { +func (tt *TypeTag) Format(fs fmt.State, verb rune) { formatType(fs, verb, tt, "type=", tt.Type, "value=", tt.Value) } -func (tt *typeTag) TypeName() string { return "" } -func (tt *typeTag) qualify() Type { return tt.Type } -func (tt *typeTag) copy() Type { +func (tt *TypeTag) TypeName() string { return "" } +func (tt *TypeTag) qualify() Type { return tt.Type } +func (tt *TypeTag) copy() Type { cpy := *tt return &cpy } @@ -591,7 +632,7 @@ var ( _ qualifier = (*Const)(nil) _ qualifier = (*Restrict)(nil) _ qualifier = (*Volatile)(nil) - _ qualifier = (*typeTag)(nil) + _ qualifier = (*TypeTag)(nil) ) var errUnsizedType = errors.New("type is unsized") @@ -918,7 +959,7 @@ func readAndInflateTypes(r io.Reader, bo binary.ByteOrder, typeLen uint32, rawSt if err != nil { return nil, fmt.Errorf("struct %s (id %d): %w", name, id, err) } - typ = &Struct{name, header.Size(), members} + typ = &Struct{name, header.Size(), members, nil} case kindUnion: vlen := header.Vlen() @@ -935,7 +976,7 @@ func readAndInflateTypes(r io.Reader, bo binary.ByteOrder, typeLen uint32, rawSt if err != nil { return nil, fmt.Errorf("union %s (id %d): %w", name, id, err) } - typ = &Union{name, header.Size(), members} + typ = &Union{name, header.Size(), members, nil} case kindEnum: vlen := header.Vlen() @@ -968,7 +1009,7 @@ func readAndInflateTypes(r io.Reader, bo binary.ByteOrder, typeLen uint32, rawSt typ = &Fwd{name, header.FwdKind()} case kindTypedef: - typedef := &Typedef{name, nil} + typedef := &Typedef{name, nil, nil} fixup(header.Type(), &typedef.Type) typ = typedef @@ -988,7 +1029,7 @@ func readAndInflateTypes(r io.Reader, bo binary.ByteOrder, typeLen uint32, rawSt typ = restrict case kindFunc: - fn := &Func{name, nil, header.Linkage()} + fn := &Func{name, nil, header.Linkage(), nil, nil} fixup(header.Type(), &fn.Type) typ = fn @@ -1030,7 +1071,7 @@ func readAndInflateTypes(r io.Reader, bo binary.ByteOrder, typeLen uint32, rawSt return nil, fmt.Errorf("can't read btfVariable, id: %d: %w", id, err) } - v := &Var{name, nil, VarLinkage(bVariable.Linkage)} + v := &Var{name, nil, VarLinkage(bVariable.Linkage), nil} fixup(header.Type(), &v.Type) typ = v @@ -1081,7 +1122,7 @@ func readAndInflateTypes(r io.Reader, bo binary.ByteOrder, typeLen uint32, rawSt declTags = append(declTags, dt) case kindTypeTag: - tt := &typeTag{nil, name} + tt := &TypeTag{nil, name} fixup(header.Type(), &tt.Type) typ = tt @@ -1142,26 +1183,69 @@ func readAndInflateTypes(r io.Reader, bo binary.ByteOrder, typeLen uint32, rawSt for _, dt := range declTags { switch t := dt.Type.(type) { - case *Var, *Typedef: + case *Var: + if dt.Index != -1 { + return nil, fmt.Errorf("type %s: component idx %d is not -1", dt, dt.Index) + } + t.Tags = append(t.Tags, dt.Value) + + case *Typedef: if dt.Index != -1 { - return nil, fmt.Errorf("type %s: index %d is not -1", dt, dt.Index) + return nil, fmt.Errorf("type %s: component idx %d is not -1", dt, dt.Index) } + t.Tags = append(t.Tags, dt.Value) case composite: - if dt.Index >= len(t.members()) { - return nil, fmt.Errorf("type %s: index %d exceeds members of %s", dt, dt.Index, t) + if dt.Index >= 0 { + members := t.members() + if dt.Index >= len(members) { + return nil, fmt.Errorf("type %s: component idx %d exceeds members of %s", dt, dt.Index, t) + } + + members[dt.Index].Tags = append(members[dt.Index].Tags, dt.Value) + continue + } + + if dt.Index == -1 { + switch t2 := t.(type) { + case *Struct: + t2.Tags = append(t2.Tags, dt.Value) + case *Union: + t2.Tags = append(t2.Tags, dt.Value) + } + + continue } + return nil, fmt.Errorf("type %s: decl tag for type %s has invalid component idx", dt, t) + case *Func: fp, ok := t.Type.(*FuncProto) if !ok { return nil, fmt.Errorf("type %s: %s is not a FuncProto", dt, t.Type) } - if dt.Index >= len(fp.Params) { - return nil, fmt.Errorf("type %s: index %d exceeds params of %s", dt, dt.Index, t) + // Ensure the number of argument tag lists equals the number of arguments + if len(t.ParamTags) == 0 { + t.ParamTags = make([][]string, len(fp.Params)) + } + + if dt.Index >= 0 { + if dt.Index >= len(fp.Params) { + return nil, fmt.Errorf("type %s: component idx %d exceeds params of %s", dt, dt.Index, t) + } + + t.ParamTags[dt.Index] = append(t.ParamTags[dt.Index], dt.Value) + continue } + if dt.Index == -1 { + t.Tags = append(t.Tags, dt.Value) + continue + } + + return nil, fmt.Errorf("type %s: decl tag for type %s has invalid component idx", dt, t) + default: return nil, fmt.Errorf("type %s: decl tag for type %s is not supported", dt, t) } @@ -1207,6 +1291,20 @@ func UnderlyingType(typ Type) Type { return &cycle{typ} } +// QualifiedType returns the type with all qualifiers removed. +func QualifiedType(typ Type) Type { + result := typ + for depth := 0; depth <= maxResolveDepth; depth++ { + switch v := (result).(type) { + case qualifier: + result = v.qualify() + default: + return result + } + } + return &cycle{typ} +} + // As returns typ if is of type T. Otherwise it peels qualifiers and Typedefs // until it finds a T. // diff --git a/vendor/github.com/cilium/ebpf/btf/workarounds.go b/vendor/github.com/cilium/ebpf/btf/workarounds.go index 12a89b87eed..eb09047fb30 100644 --- a/vendor/github.com/cilium/ebpf/btf/workarounds.go +++ b/vendor/github.com/cilium/ebpf/btf/workarounds.go @@ -12,7 +12,7 @@ func datasecResolveWorkaround(b *Builder, ds *Datasec) error { } switch v.Type.(type) { - case *Typedef, *Volatile, *Const, *Restrict, *typeTag: + case *Typedef, *Volatile, *Const, *Restrict, *TypeTag: // NB: We must never call Add on a Datasec, otherwise we risk // infinite recursion. _, err := b.Add(v.Type) diff --git a/vendor/github.com/cilium/ebpf/collection.go b/vendor/github.com/cilium/ebpf/collection.go index b2cb214adce..1bda110a401 100644 --- a/vendor/github.com/cilium/ebpf/collection.go +++ b/vendor/github.com/cilium/ebpf/collection.go @@ -10,8 +10,10 @@ import ( "github.com/cilium/ebpf/asm" "github.com/cilium/ebpf/btf" "github.com/cilium/ebpf/internal" + "github.com/cilium/ebpf/internal/kallsyms" "github.com/cilium/ebpf/internal/kconfig" - "github.com/cilium/ebpf/internal/sysenc" + "github.com/cilium/ebpf/internal/linux" + "github.com/cilium/ebpf/internal/sys" ) // CollectionOptions control loading a collection into the kernel. @@ -38,6 +40,11 @@ type CollectionSpec struct { Maps map[string]*MapSpec Programs map[string]*ProgramSpec + // Variables refer to global variables declared in the ELF. They can be read + // and modified freely before loading the Collection. Modifying them after + // loading has no effect on a running eBPF program. + Variables map[string]*VariableSpec + // Types holds type information about Maps and Programs. // Modifications to Types are currently undefined behaviour. Types *btf.Spec @@ -56,6 +63,7 @@ func (cs *CollectionSpec) Copy() *CollectionSpec { cpy := CollectionSpec{ Maps: make(map[string]*MapSpec, len(cs.Maps)), Programs: make(map[string]*ProgramSpec, len(cs.Programs)), + Variables: make(map[string]*VariableSpec, len(cs.Variables)), ByteOrder: cs.ByteOrder, Types: cs.Types.Copy(), } @@ -68,6 +76,10 @@ func (cs *CollectionSpec) Copy() *CollectionSpec { cpy.Programs[name] = spec.Copy() } + for name, spec := range cs.Variables { + cpy.Variables[name] = spec.copy(&cpy) + } + return &cpy } @@ -134,65 +146,24 @@ func (m *MissingConstantsError) Error() string { // From Linux 5.5 the verifier will use constants to eliminate dead code. // // Returns an error wrapping [MissingConstantsError] if a constant doesn't exist. +// +// Deprecated: Use [CollectionSpec.Variables] to interact with constants instead. +// RewriteConstants is now a wrapper around the VariableSpec API. func (cs *CollectionSpec) RewriteConstants(consts map[string]interface{}) error { - replaced := make(map[string]bool) - - for name, spec := range cs.Maps { - if !strings.HasPrefix(name, ".rodata") { + var missing []string + for n, c := range consts { + v, ok := cs.Variables[n] + if !ok { + missing = append(missing, n) continue } - b, ds, err := spec.dataSection() - if errors.Is(err, errMapNoBTFValue) { - // Data sections without a BTF Datasec are valid, but don't support - // constant replacements. - continue - } - if err != nil { - return fmt.Errorf("map %s: %w", name, err) + if !v.Constant() { + return fmt.Errorf("variable %s is not a constant", n) } - // MapSpec.Copy() performs a shallow copy. Fully copy the byte slice - // to avoid any changes affecting other copies of the MapSpec. - cpy := make([]byte, len(b)) - copy(cpy, b) - - for _, v := range ds.Vars { - vname := v.Type.TypeName() - replacement, ok := consts[vname] - if !ok { - continue - } - - if _, ok := v.Type.(*btf.Var); !ok { - return fmt.Errorf("section %s: unexpected type %T for variable %s", name, v.Type, vname) - } - - if replaced[vname] { - return fmt.Errorf("section %s: duplicate variable %s", name, vname) - } - - if int(v.Offset+v.Size) > len(cpy) { - return fmt.Errorf("section %s: offset %d(+%d) for variable %s is out of bounds", name, v.Offset, v.Size, vname) - } - - b, err := sysenc.Marshal(replacement, int(v.Size)) - if err != nil { - return fmt.Errorf("marshaling constant replacement %s: %w", vname, err) - } - - b.CopyTo(cpy[v.Offset : v.Offset+v.Size]) - - replaced[vname] = true - } - - spec.Contents[0] = MapKV{Key: uint32(0), Value: cpy} - } - - var missing []string - for c := range consts { - if !replaced[c] { - missing = append(missing, c) + if err := v.Set(c); err != nil { + return fmt.Errorf("rewriting constant %s: %w", n, err) } } @@ -210,25 +181,23 @@ func (cs *CollectionSpec) RewriteConstants(consts map[string]interface{}) error // if this sounds useful. // // 'to' must be a pointer to a struct. A field of the -// struct is updated with values from Programs or Maps if it -// has an `ebpf` tag and its type is *ProgramSpec or *MapSpec. +// struct is updated with values from Programs, Maps or Variables if it +// has an `ebpf` tag and its type is *ProgramSpec, *MapSpec or *VariableSpec. // The tag's value specifies the name of the program or map as // found in the CollectionSpec. // // struct { -// Foo *ebpf.ProgramSpec `ebpf:"xdp_foo"` -// Bar *ebpf.MapSpec `ebpf:"bar_map"` +// Foo *ebpf.ProgramSpec `ebpf:"xdp_foo"` +// Bar *ebpf.MapSpec `ebpf:"bar_map"` +// Var *ebpf.VariableSpec `ebpf:"some_var"` // Ignored int // } // // Returns an error if any of the eBPF objects can't be found, or -// if the same MapSpec or ProgramSpec is assigned multiple times. +// if the same Spec is assigned multiple times. func (cs *CollectionSpec) Assign(to interface{}) error { - // Assign() only supports assigning ProgramSpecs and MapSpecs, - // so doesn't load any resources into the kernel. getValue := func(typ reflect.Type, name string) (interface{}, error) { switch typ { - case reflect.TypeOf((*ProgramSpec)(nil)): if p := cs.Programs[name]; p != nil { return p, nil @@ -241,6 +210,12 @@ func (cs *CollectionSpec) Assign(to interface{}) error { } return nil, fmt.Errorf("missing map %q", name) + case reflect.TypeOf((*VariableSpec)(nil)): + if v := cs.Variables[name]; v != nil { + return v, nil + } + return nil, fmt.Errorf("missing variable %q", name) + default: return nil, fmt.Errorf("unsupported type %s", typ) } @@ -286,6 +261,7 @@ func (cs *CollectionSpec) LoadAndAssign(to interface{}, opts *CollectionOptions) // Support assigning Programs and Maps, lazy-loading the required objects. assignedMaps := make(map[string]bool) assignedProgs := make(map[string]bool) + assignedVars := make(map[string]bool) getValue := func(typ reflect.Type, name string) (interface{}, error) { switch typ { @@ -298,6 +274,10 @@ func (cs *CollectionSpec) LoadAndAssign(to interface{}, opts *CollectionOptions) assignedMaps[name] = true return loader.loadMap(name) + case reflect.TypeOf((*Variable)(nil)): + assignedVars[name] = true + return loader.loadVariable(name) + default: return nil, fmt.Errorf("unsupported type %s", typ) } @@ -338,15 +318,22 @@ func (cs *CollectionSpec) LoadAndAssign(to interface{}, opts *CollectionOptions) for p := range assignedProgs { delete(loader.programs, p) } + for p := range assignedVars { + delete(loader.vars, p) + } return nil } -// Collection is a collection of Programs and Maps associated -// with their symbols +// Collection is a collection of live BPF resources present in the kernel. type Collection struct { Programs map[string]*Program Maps map[string]*Map + + // Variables contains global variables used by the Collection's program(s). On + // kernels older than 5.5, most interactions with Variables return + // [ErrNotSupported]. + Variables map[string]*Variable } // NewCollection creates a Collection from the given spec, creating and @@ -387,19 +374,26 @@ func NewCollectionWithOptions(spec *CollectionSpec, opts CollectionOptions) (*Co } } + for varName := range spec.Variables { + if _, err := loader.loadVariable(varName); err != nil { + return nil, err + } + } + // Maps can contain Program and Map stubs, so populate them after // all Maps and Programs have been successfully loaded. if err := loader.populateDeferredMaps(); err != nil { return nil, err } - // Prevent loader.cleanup from closing maps and programs. - maps, progs := loader.maps, loader.programs - loader.maps, loader.programs = nil, nil + // Prevent loader.cleanup from closing maps, programs and vars. + maps, progs, vars := loader.maps, loader.programs, loader.vars + loader.maps, loader.programs, loader.vars = nil, nil, nil return &Collection{ progs, maps, + vars, }, nil } @@ -408,6 +402,7 @@ type collectionLoader struct { opts *CollectionOptions maps map[string]*Map programs map[string]*Program + vars map[string]*Variable } func newCollectionLoader(coll *CollectionSpec, opts *CollectionOptions) (*collectionLoader, error) { @@ -427,14 +422,58 @@ func newCollectionLoader(coll *CollectionSpec, opts *CollectionOptions) (*collec } } + if err := populateKallsyms(coll.Programs); err != nil { + return nil, fmt.Errorf("populating kallsyms caches: %w", err) + } + return &collectionLoader{ coll, opts, make(map[string]*Map), make(map[string]*Program), + make(map[string]*Variable), }, nil } +// populateKallsyms populates kallsyms caches, making lookups cheaper later on +// during individual program loading. Since we have less context available +// at those stages, we batch the lookups here instead to avoid redundant work. +func populateKallsyms(progs map[string]*ProgramSpec) error { + // Look up associated kernel modules for all symbols referenced by + // ProgramSpec.AttachTo for program types that support attaching to kmods. + mods := make(map[string]string) + for _, p := range progs { + if p.AttachTo != "" && p.targetsKernelModule() { + mods[p.AttachTo] = "" + } + } + if len(mods) != 0 { + if err := kallsyms.AssignModules(mods); err != nil { + return fmt.Errorf("getting modules from kallsyms: %w", err) + } + } + + // Look up addresses of all kernel symbols referenced by all programs. + addrs := make(map[string]uint64) + for _, p := range progs { + iter := p.Instructions.Iterate() + for iter.Next() { + ins := iter.Ins + meta, _ := ins.Metadata.Get(ksymMetaKey{}).(*ksymMeta) + if meta != nil { + addrs[meta.Name] = 0 + } + } + } + if len(addrs) != 0 { + if err := kallsyms.AssignAddresses(addrs); err != nil { + return fmt.Errorf("getting addresses from kallsyms: %w", err) + } + } + + return nil +} + // close all resources left over in the collectionLoader. func (cl *collectionLoader) close() { for _, m := range cl.maps { @@ -466,6 +505,13 @@ func (cl *collectionLoader) loadMap(mapName string) (*Map, error) { return m, nil } + // Defer setting the mmapable flag on maps until load time. This avoids the + // MapSpec having different flags on some kernel versions. Also avoid running + // syscalls during ELF loading, so platforms like wasm can also parse an ELF. + if isDataSection(mapSpec.Name) && haveMmapableMaps() == nil { + mapSpec.Flags |= sys.BPF_F_MMAPABLE + } + m, err := newMapWithOptions(mapSpec, cl.opts.Maps) if err != nil { return nil, fmt.Errorf("map %s: %w", mapName, err) @@ -537,6 +583,58 @@ func (cl *collectionLoader) loadProgram(progName string) (*Program, error) { return prog, nil } +func (cl *collectionLoader) loadVariable(varName string) (*Variable, error) { + if v := cl.vars[varName]; v != nil { + return v, nil + } + + varSpec := cl.coll.Variables[varName] + if varSpec == nil { + return nil, fmt.Errorf("unknown variable %s", varName) + } + + // Get the key of the VariableSpec's MapSpec in the CollectionSpec. + var mapName string + for n, ms := range cl.coll.Maps { + if ms == varSpec.m { + mapName = n + break + } + } + if mapName == "" { + return nil, fmt.Errorf("variable %s: underlying MapSpec %s was removed from CollectionSpec", varName, varSpec.m.Name) + } + + m, err := cl.loadMap(mapName) + if err != nil { + return nil, fmt.Errorf("variable %s: %w", varName, err) + } + + // If the kernel is too old or the underlying map was created without + // BPF_F_MMAPABLE, [Map.Memory] will return ErrNotSupported. In this case, + // emit a Variable with a nil Memory. This keeps Collection{Spec}.Variables + // consistent across systems with different feature sets without breaking + // LoadAndAssign. + mm, err := m.Memory() + if err != nil && !errors.Is(err, ErrNotSupported) { + return nil, fmt.Errorf("variable %s: getting memory for map %s: %w", varName, mapName, err) + } + + v, err := newVariable( + varSpec.name, + varSpec.offset, + varSpec.size, + varSpec.t, + mm, + ) + if err != nil { + return nil, fmt.Errorf("variable %s: %w", varName, err) + } + + cl.vars[varName] = v + return v, nil +} + // populateDeferredMaps iterates maps holding programs or other maps and loads // any dependencies. Populates all maps in cl and freezes them if specified. func (cl *collectionLoader) populateDeferredMaps() error { @@ -603,6 +701,7 @@ func resolveKconfig(m *MapSpec) error { type configInfo struct { offset uint32 + size uint32 typ btf.Type } @@ -619,7 +718,7 @@ func resolveKconfig(m *MapSpec) error { return fmt.Errorf("variable %s must be a 32 bits integer, got %s", n, v.Type) } - kv, err := internal.KernelVersion() + kv, err := linux.KernelVersion() if err != nil { return fmt.Errorf("getting kernel version: %w", err) } @@ -644,6 +743,7 @@ func resolveKconfig(m *MapSpec) error { default: // Catch CONFIG_*. configs[n] = configInfo{ offset: vsi.Offset, + size: vsi.Size, typ: v.Type, } } @@ -651,7 +751,7 @@ func resolveKconfig(m *MapSpec) error { // We only parse kconfig file if a CONFIG_* variable was found. if len(configs) > 0 { - f, err := kconfig.Find() + f, err := linux.FindKConfig() if err != nil { return fmt.Errorf("cannot find a kconfig file: %w", err) } @@ -670,10 +770,10 @@ func resolveKconfig(m *MapSpec) error { for n, info := range configs { value, ok := kernelConfig[n] if !ok { - return fmt.Errorf("config option %q does not exists for this kernel", n) + return fmt.Errorf("config option %q does not exist on this kernel", n) } - err := kconfig.PutValue(data[info.offset:], info.typ, value) + err := kconfig.PutValue(data[info.offset:info.offset+info.size], info.typ, value) if err != nil { return fmt.Errorf("problem adding value for %s: %w", n, err) } @@ -723,6 +823,7 @@ func LoadCollection(file string) (*Collection, error) { func (coll *Collection) Assign(to interface{}) error { assignedMaps := make(map[string]bool) assignedProgs := make(map[string]bool) + assignedVars := make(map[string]bool) // Assign() only transfers already-loaded Maps and Programs. No extra // loading is done. @@ -743,6 +844,13 @@ func (coll *Collection) Assign(to interface{}) error { } return nil, fmt.Errorf("missing map %q", name) + case reflect.TypeOf((*Variable)(nil)): + if v := coll.Variables[name]; v != nil { + assignedVars[name] = true + return v, nil + } + return nil, fmt.Errorf("missing variable %q", name) + default: return nil, fmt.Errorf("unsupported type %s", typ) } @@ -759,6 +867,9 @@ func (coll *Collection) Assign(to interface{}) error { for m := range assignedMaps { delete(coll.Maps, m) } + for s := range assignedVars { + delete(coll.Variables, s) + } return nil } diff --git a/vendor/github.com/cilium/ebpf/elf_reader.go b/vendor/github.com/cilium/ebpf/elf_reader.go index 620037d80a8..9e8dbc7ae5a 100644 --- a/vendor/github.com/cilium/ebpf/elf_reader.go +++ b/vendor/github.com/cilium/ebpf/elf_reader.go @@ -16,7 +16,6 @@ import ( "github.com/cilium/ebpf/btf" "github.com/cilium/ebpf/internal" "github.com/cilium/ebpf/internal/sys" - "github.com/cilium/ebpf/internal/unix" ) type kconfigMetaKey struct{} @@ -33,6 +32,13 @@ type kfuncMeta struct { Func *btf.Func } +type ksymMetaKey struct{} + +type ksymMeta struct { + Binding elf.SymBind + Name string +} + // elfCode is a convenience to reduce the amount of arguments that have to // be passed around explicitly. You should treat its contents as immutable. type elfCode struct { @@ -43,7 +49,9 @@ type elfCode struct { btf *btf.Spec extInfo *btf.ExtInfos maps map[string]*MapSpec + vars map[string]*VariableSpec kfuncs map[string]*btf.Func + ksyms map[string]struct{} kconfig *MapSpec } @@ -71,7 +79,7 @@ func LoadCollectionSpecFromReader(rd io.ReaderAt) (*CollectionSpec, error) { // Checks if the ELF file is for BPF data. // Old LLVM versions set e_machine to EM_NONE. - if f.File.Machine != unix.EM_NONE && f.File.Machine != elf.EM_BPF { + if f.File.Machine != elf.EM_NONE && f.File.Machine != elf.EM_BPF { return nil, fmt.Errorf("unexpected machine type for BPF ELF: %s", f.File.Machine) } @@ -101,7 +109,7 @@ func LoadCollectionSpecFromReader(rd io.ReaderAt) (*CollectionSpec, error) { sections[idx] = newElfSection(sec, mapSection) case sec.Name == ".maps": sections[idx] = newElfSection(sec, btfMapSection) - case sec.Name == ".bss" || sec.Name == ".data" || strings.HasPrefix(sec.Name, ".rodata"): + case isDataSection(sec.Name): sections[idx] = newElfSection(sec, dataSection) case sec.Type == elf.SHT_REL: // Store relocations under the section index of the target @@ -134,7 +142,9 @@ func LoadCollectionSpecFromReader(rd io.ReaderAt) (*CollectionSpec, error) { btf: btfSpec, extInfo: btfExtInfo, maps: make(map[string]*MapSpec), + vars: make(map[string]*VariableSpec), kfuncs: make(map[string]*btf.Func), + ksyms: make(map[string]struct{}), } symbols, err := f.Symbols() @@ -174,7 +184,7 @@ func LoadCollectionSpecFromReader(rd io.ReaderAt) (*CollectionSpec, error) { return nil, fmt.Errorf("load programs: %w", err) } - return &CollectionSpec{ec.maps, progs, btfSpec, ec.ByteOrder}, nil + return &CollectionSpec{ec.maps, progs, ec.vars, btfSpec, ec.ByteOrder}, nil } func loadLicense(sec *elf.Section) (string, error) { @@ -201,6 +211,18 @@ func loadVersion(sec *elf.Section, bo binary.ByteOrder) (uint32, error) { return version, nil } +func isDataSection(name string) bool { + return name == ".bss" || strings.HasPrefix(name, ".data") || strings.HasPrefix(name, ".rodata") +} + +func isConstantDataSection(name string) bool { + return strings.HasPrefix(name, ".rodata") +} + +func isKconfigSection(name string) bool { + return name == ".kconfig" +} + type elfSectionKind int const ( @@ -506,7 +528,7 @@ func (ec *elfCode) relocateInstruction(ins *asm.Instruction, rel elf.Symbol) err case elf.STT_OBJECT: // LLVM 9 emits OBJECT-LOCAL symbols for anonymous constants. - if bind != elf.STB_GLOBAL && bind != elf.STB_LOCAL { + if bind != elf.STB_GLOBAL && bind != elf.STB_LOCAL && bind != elf.STB_WEAK { return fmt.Errorf("direct load: %s: %w: %s", name, errUnsupportedBinding, bind) } @@ -614,6 +636,8 @@ func (ec *elfCode) relocateInstruction(ins *asm.Instruction, rel elf.Symbol) err } kf := ec.kfuncs[name] + _, ks := ec.ksyms[name] + switch { // If a Call / DWordLoad instruction is found and the datasec has a btf.Func with a Name // that matches the symbol name we mark the instruction as a referencing a kfunc. @@ -634,6 +658,15 @@ func (ec *elfCode) relocateInstruction(ins *asm.Instruction, rel elf.Symbol) err ins.Constant = 0 + case ks && ins.OpCode.IsDWordLoad(): + if bind != elf.STB_GLOBAL && bind != elf.STB_WEAK { + return fmt.Errorf("asm relocation: %s: %w: %s", name, errUnsupportedBinding, bind) + } + ins.Metadata.Set(ksymMetaKey{}, &ksymMeta{ + Binding: bind, + Name: name, + }) + // If no kconfig map is found, this must be a symbol reference from inline // asm (see testdata/loader.c:asm_relocation()) or a call to a forward // function declaration (see testdata/fwd_decl.c). Don't interfere, These @@ -980,6 +1013,13 @@ func mapSpecFromBTF(es *elfSection, vs *btf.VarSecinfo, def *btf.Struct, spec *b } } + // Some maps don't support value sizes, but annotating their map definitions + // with __type macros can still be useful, especially to let bpf2go generate + // type definitions for them. + if value != nil && !mapType.canHaveValueSize() { + valueSize = 0 + } + return &MapSpec{ Name: SanitizeName(name, -1), Type: MapType(mapType), @@ -1092,12 +1132,21 @@ func (ec *elfCode) loadDataSections() error { continue } - if sec.references == 0 { - // Prune data sections which are not referenced by any - // instructions. + // If a section has no references, it will be freed as soon as the + // Collection closes, so creating and populating it is wasteful. If it has + // no symbols, it is likely an ephemeral section used during compilation + // that wasn't sanitized by the bpf linker. (like .rodata.str1.1) + // + // No symbols means no VariableSpecs can be generated from it, making it + // pointless to emit a data section for. + if sec.references == 0 && len(sec.symbols) == 0 { continue } + if sec.Size > math.MaxUint32 { + return fmt.Errorf("data section %s: contents exceed maximum size", sec.Name) + } + mapSpec := &MapSpec{ Name: SanitizeName(sec.Name, -1), Type: Array, @@ -1106,6 +1155,10 @@ func (ec *elfCode) loadDataSections() error { MaxEntries: 1, } + if isConstantDataSection(sec.Name) { + mapSpec.Flags = sys.BPF_F_RDONLY_PROG + } + switch sec.Type { // Only open the section if we know there's actual data to be read. case elf.SHT_PROGBITS: @@ -1113,20 +1166,56 @@ func (ec *elfCode) loadDataSections() error { if err != nil { return fmt.Errorf("data section %s: can't get contents: %w", sec.Name, err) } - - if uint64(len(data)) > math.MaxUint32 { - return fmt.Errorf("data section %s: contents exceed maximum size", sec.Name) - } mapSpec.Contents = []MapKV{{uint32(0), data}} case elf.SHT_NOBITS: - // NOBITS sections like .bss contain only zeroes, and since data sections - // are Arrays, the kernel already preallocates them. Skip reading zeroes - // from the ELF. + // NOBITS sections like .bss contain only zeroes and are not allocated in + // the ELF. Since data sections are Arrays, the kernel can preallocate + // them. Don't attempt reading zeroes from the ELF, instead allocate the + // zeroed memory to support getting and setting VariableSpecs for sections + // like .bss. + mapSpec.Contents = []MapKV{{uint32(0), make([]byte, sec.Size)}} + default: return fmt.Errorf("data section %s: unknown section type %s", sec.Name, sec.Type) } + for off, sym := range sec.symbols { + // Skip symbols marked with the 'hidden' attribute. + if elf.ST_VISIBILITY(sym.Other) == elf.STV_HIDDEN || + elf.ST_VISIBILITY(sym.Other) == elf.STV_INTERNAL { + continue + } + + // Only accept symbols with global or weak bindings. The common + // alternative is STB_LOCAL, which are either function-scoped or declared + // 'static'. + if elf.ST_BIND(sym.Info) != elf.STB_GLOBAL && + elf.ST_BIND(sym.Info) != elf.STB_WEAK { + continue + } + + if ec.vars[sym.Name] != nil { + return fmt.Errorf("data section %s: duplicate variable %s", sec.Name, sym.Name) + } + + // Skip symbols starting with a dot, they are compiler-internal symbols + // emitted by clang 11 and earlier and are not cleaned up by the bpf + // compiler backend (e.g. symbols named .Lconstinit.1 in sections like + // .rodata.cst32). Variables in C cannot start with a dot, so filter these + // out. + if strings.HasPrefix(sym.Name, ".") { + continue + } + + ec.vars[sym.Name] = &VariableSpec{ + name: sym.Name, + offset: off, + size: sym.Size, + m: mapSpec, + } + } + // It is possible for a data section to exist without a corresponding BTF Datasec // if it only contains anonymous values like macro-defined arrays. if ec.btf != nil { @@ -1135,12 +1224,38 @@ func (ec *elfCode) loadDataSections() error { // Assign the spec's key and BTF only if the Datasec lookup was successful. mapSpec.Key = &btf.Void{} mapSpec.Value = ds - } - } - if strings.HasPrefix(sec.Name, ".rodata") { - mapSpec.Flags = unix.BPF_F_RDONLY_PROG - mapSpec.Freeze = true + // Populate VariableSpecs with type information, if available. + for _, v := range ds.Vars { + name := v.Type.TypeName() + if name == "" { + return fmt.Errorf("data section %s: anonymous variable %v", sec.Name, v) + } + + vt, ok := v.Type.(*btf.Var) + if !ok { + return fmt.Errorf("data section %s: unexpected type %T for variable %s", sec.Name, v.Type, name) + } + + ev := ec.vars[name] + if ev == nil { + // Hidden symbols appear in the BTF Datasec but don't receive a VariableSpec. + continue + } + + if uint64(v.Offset) != ev.offset { + return fmt.Errorf("data section %s: variable %s datasec offset (%d) doesn't match ELF symbol offset (%d)", sec.Name, name, v.Offset, ev.offset) + } + + if uint64(v.Size) != ev.size { + return fmt.Errorf("data section %s: variable %s size in datasec (%d) doesn't match ELF symbol size (%d)", sec.Name, name, v.Size, ev.size) + } + + // Decouple the Var in the VariableSpec from the underlying DataSec in + // the MapSpec to avoid modifications from affecting map loads later on. + ev.t = btf.Copy(vt).(*btf.Var) + } + } } ec.maps[sec.Name] = mapSpec @@ -1175,8 +1290,7 @@ func (ec *elfCode) loadKconfigSection() error { KeySize: uint32(4), ValueSize: ds.Size, MaxEntries: 1, - Flags: unix.BPF_F_RDONLY_PROG, - Freeze: true, + Flags: sys.BPF_F_RDONLY_PROG, Key: &btf.Int{Size: 4}, Value: ds, } @@ -1201,8 +1315,14 @@ func (ec *elfCode) loadKsymsSection() error { } for _, v := range ds.Vars { - // we have already checked the .ksyms Datasec to only contain Func Vars. - ec.kfuncs[v.Type.TypeName()] = v.Type.(*btf.Func) + switch t := v.Type.(type) { + case *btf.Func: + ec.kfuncs[t.TypeName()] = t + case *btf.Var: + ec.ksyms[t.TypeName()] = struct{}{} + default: + return fmt.Errorf("unexpected variable type in .ksyms: %T", v) + } } return nil @@ -1266,10 +1386,10 @@ func getProgType(sectionName string) (ProgramType, AttachType, uint32, string) { var flags uint32 if t.flags&_SEC_SLEEPABLE > 0 { - flags |= unix.BPF_F_SLEEPABLE + flags |= sys.BPF_F_SLEEPABLE } if t.flags&_SEC_XDP_FRAGS > 0 { - flags |= unix.BPF_F_XDP_HAS_FRAGS + flags |= sys.BPF_F_XDP_HAS_FRAGS } if t.flags&_SEC_EXP_ATTACH_OPT > 0 { if programType == XDP { diff --git a/vendor/github.com/cilium/ebpf/info.go b/vendor/github.com/cilium/ebpf/info.go index 04c60c64b89..56a1f1e9a31 100644 --- a/vendor/github.com/cilium/ebpf/info.go +++ b/vendor/github.com/cilium/ebpf/info.go @@ -8,10 +8,10 @@ import ( "fmt" "io" "os" + "reflect" "strings" "syscall" "time" - "unsafe" "github.com/cilium/ebpf/asm" "github.com/cilium/ebpf/btf" @@ -39,53 +39,83 @@ import ( // MapInfo describes a map. type MapInfo struct { - Type MapType - id MapID - KeySize uint32 - ValueSize uint32 + // Type of the map. + Type MapType + // KeySize is the size of the map key in bytes. + KeySize uint32 + // ValueSize is the size of the map value in bytes. + ValueSize uint32 + // MaxEntries is the maximum number of entries the map can hold. Its meaning + // is map-specific. MaxEntries uint32 - Flags uint32 + // Flags used during map creation. + Flags uint32 // Name as supplied by user space at load time. Available from 4.15. Name string - btf btf.ID + id MapID + btf btf.ID + mapExtra uint64 + memlock uint64 + frozen bool } +// newMapInfoFromFd queries map information about the given fd. [sys.ObjInfo] is +// attempted first, supplementing any missing values with information from +// /proc/self/fdinfo. Ignores EINVAL from ObjInfo as well as ErrNotSupported +// from reading fdinfo (indicating the file exists, but no fields of interest +// were found). If both fail, an error is always returned. func newMapInfoFromFd(fd *sys.FD) (*MapInfo, error) { var info sys.MapInfo - err := sys.ObjInfo(fd, &info) - if errors.Is(err, syscall.EINVAL) { - return newMapInfoFromProc(fd) - } - if err != nil { - return nil, err + err1 := sys.ObjInfo(fd, &info) + // EINVAL means the kernel doesn't support BPF_OBJ_GET_INFO_BY_FD. Continue + // with fdinfo if that's the case. + if err1 != nil && !errors.Is(err1, unix.EINVAL) { + return nil, fmt.Errorf("getting object info: %w", err1) } - return &MapInfo{ + mi := &MapInfo{ MapType(info.Type), - MapID(info.Id), info.KeySize, info.ValueSize, info.MaxEntries, uint32(info.MapFlags), unix.ByteSliceToString(info.Name[:]), + MapID(info.Id), btf.ID(info.BtfId), - }, nil + info.MapExtra, + 0, + false, + } + + // Supplement OBJ_INFO with data from /proc/self/fdinfo. It contains fields + // like memlock and frozen that are not present in OBJ_INFO. + err2 := readMapInfoFromProc(fd, mi) + if err2 != nil && !errors.Is(err2, ErrNotSupported) { + return nil, fmt.Errorf("getting map info from fdinfo: %w", err2) + } + + if err1 != nil && err2 != nil { + return nil, fmt.Errorf("ObjInfo and fdinfo both failed: objinfo: %w, fdinfo: %w", err1, err2) + } + + return mi, nil } -func newMapInfoFromProc(fd *sys.FD) (*MapInfo, error) { - var mi MapInfo - err := scanFdInfo(fd, map[string]interface{}{ +// readMapInfoFromProc queries map information about the given fd from +// /proc/self/fdinfo. It only writes data into fields that have a zero value. +func readMapInfoFromProc(fd *sys.FD, mi *MapInfo) error { + return scanFdInfo(fd, map[string]interface{}{ "map_type": &mi.Type, + "map_id": &mi.id, "key_size": &mi.KeySize, "value_size": &mi.ValueSize, "max_entries": &mi.MaxEntries, "map_flags": &mi.Flags, + "map_extra": &mi.mapExtra, + "memlock": &mi.memlock, + "frozen": &mi.frozen, }) - if err != nil { - return nil, err - } - return &mi, nil } // ID returns the map ID. @@ -109,6 +139,35 @@ func (mi *MapInfo) BTFID() (btf.ID, bool) { return mi.btf, mi.btf > 0 } +// MapExtra returns an opaque field whose meaning is map-specific. +// +// Available from 5.16. +// +// The bool return value indicates whether this optional field is available and +// populated, if it was specified during Map creation. +func (mi *MapInfo) MapExtra() (uint64, bool) { + return mi.mapExtra, mi.mapExtra > 0 +} + +// Memlock returns an approximate number of bytes allocated to this map. +// +// Available from 4.10. +// +// The bool return value indicates whether this optional field is available. +func (mi *MapInfo) Memlock() (uint64, bool) { + return mi.memlock, mi.memlock > 0 +} + +// Frozen indicates whether [Map.Freeze] was called on this map. If true, +// modifications from user space are not allowed. +// +// Available from 5.2. Requires access to procfs. +// +// If the kernel doesn't support map freezing, this field will always be false. +func (mi *MapInfo) Frozen() bool { + return mi.frozen +} + // programStats holds statistics of a program. type programStats struct { // Total accumulated runtime of the program ins ns. @@ -120,6 +179,40 @@ type programStats struct { recursionMisses uint64 } +// programJitedInfo holds information about JITed info of a program. +type programJitedInfo struct { + // ksyms holds the ksym addresses of the BPF program, including those of its + // subprograms. + // + // Available from 4.18. + ksyms []uintptr + numKsyms uint32 + + // insns holds the JITed machine native instructions of the program, + // including those of its subprograms. + // + // Available from 4.13. + insns []byte + numInsns uint32 + + // lineInfos holds the JITed line infos, which are kernel addresses. + // + // Available from 5.0. + lineInfos []uint64 + numLineInfos uint32 + + // lineInfoRecSize is the size of a single line info record. + // + // Available from 5.0. + lineInfoRecSize uint32 + + // funcLens holds the insns length of each function. + // + // Available from 4.18. + funcLens []uint32 + numFuncLens uint32 +} + // ProgramInfo describes a program. type ProgramInfo struct { Type ProgramType @@ -133,9 +226,14 @@ type ProgramInfo struct { haveCreatedByUID bool btf btf.ID stats *programStats + loadTime time.Duration + + maps []MapID + insns []byte + jitedSize uint32 + verifiedInstructions uint32 - maps []MapID - insns []byte + jitedInfo programJitedInfo lineInfos []byte numLineInfos uint32 @@ -164,6 +262,9 @@ func newProgramInfoFromFd(fd *sys.FD) (*ProgramInfo, error) { runCount: info.RunCnt, recursionMisses: info.RecursionMisses, }, + jitedSize: info.JitedProgLen, + loadTime: time.Duration(info.LoadTime), + verifiedInstructions: info.VerifiedInsns, } // Start with a clean struct for the second call, otherwise we may get EFAULT. @@ -174,7 +275,7 @@ func newProgramInfoFromFd(fd *sys.FD) (*ProgramInfo, error) { if info.NrMapIds > 0 { pi.maps = make([]MapID, info.NrMapIds) info2.NrMapIds = info.NrMapIds - info2.MapIds = sys.NewPointer(unsafe.Pointer(&pi.maps[0])) + info2.MapIds = sys.NewSlicePointer(pi.maps) makeSecondCall = true } else if haveProgramInfoMapIDs() == nil { // This program really has no associated maps. @@ -215,6 +316,40 @@ func newProgramInfoFromFd(fd *sys.FD) (*ProgramInfo, error) { makeSecondCall = true } + pi.jitedInfo.lineInfoRecSize = info.JitedLineInfoRecSize + if info.JitedProgLen > 0 { + pi.jitedInfo.numInsns = info.JitedProgLen + pi.jitedInfo.insns = make([]byte, info.JitedProgLen) + info2.JitedProgLen = info.JitedProgLen + info2.JitedProgInsns = sys.NewSlicePointer(pi.jitedInfo.insns) + makeSecondCall = true + } + + if info.NrJitedFuncLens > 0 { + pi.jitedInfo.numFuncLens = info.NrJitedFuncLens + pi.jitedInfo.funcLens = make([]uint32, info.NrJitedFuncLens) + info2.NrJitedFuncLens = info.NrJitedFuncLens + info2.JitedFuncLens = sys.NewSlicePointer(pi.jitedInfo.funcLens) + makeSecondCall = true + } + + if info.NrJitedLineInfo > 0 { + pi.jitedInfo.numLineInfos = info.NrJitedLineInfo + pi.jitedInfo.lineInfos = make([]uint64, info.NrJitedLineInfo) + info2.NrJitedLineInfo = info.NrJitedLineInfo + info2.JitedLineInfo = sys.NewSlicePointer(pi.jitedInfo.lineInfos) + info2.JitedLineInfoRecSize = info.JitedLineInfoRecSize + makeSecondCall = true + } + + if info.NrJitedKsyms > 0 { + pi.jitedInfo.numKsyms = info.NrJitedKsyms + pi.jitedInfo.ksyms = make([]uintptr, info.NrJitedKsyms) + info2.JitedKsyms = sys.NewSlicePointer(pi.jitedInfo.ksyms) + info2.NrJitedKsyms = info.NrJitedKsyms + makeSecondCall = true + } + if makeSecondCall { if err := sys.ObjInfo(fd, &info2); err != nil { return nil, err @@ -230,7 +365,7 @@ func newProgramInfoFromProc(fd *sys.FD) (*ProgramInfo, error) { "prog_type": &info.Type, "prog_tag": &info.Tag, }) - if errors.Is(err, errMissingFields) { + if errors.Is(err, ErrNotSupported) { return nil, &internal.UnsupportedFeatureError{ Name: "reading program info from /proc/self/fdinfo", MinimumVersion: internal.Version{4, 10, 0}, @@ -305,6 +440,52 @@ func (pi *ProgramInfo) RecursionMisses() (uint64, bool) { return 0, false } +// btfSpec returns the BTF spec associated with the program. +func (pi *ProgramInfo) btfSpec() (*btf.Spec, error) { + id, ok := pi.BTFID() + if !ok { + return nil, fmt.Errorf("program created without BTF or unsupported kernel: %w", ErrNotSupported) + } + + h, err := btf.NewHandleFromID(id) + if err != nil { + return nil, fmt.Errorf("get BTF handle: %w", err) + } + defer h.Close() + + spec, err := h.Spec(nil) + if err != nil { + return nil, fmt.Errorf("get BTF spec: %w", err) + } + + return spec, nil +} + +// LineInfos returns the BTF line information of the program. +// +// Available from 5.0. +// +// Requires CAP_SYS_ADMIN or equivalent for reading BTF information. Returns +// ErrNotSupported if the program was created without BTF or if the kernel +// doesn't support the field. +func (pi *ProgramInfo) LineInfos() (btf.LineOffsets, error) { + if len(pi.lineInfos) == 0 { + return nil, fmt.Errorf("insufficient permissions or unsupported kernel: %w", ErrNotSupported) + } + + spec, err := pi.btfSpec() + if err != nil { + return nil, err + } + + return btf.LoadLineInfos( + bytes.NewReader(pi.lineInfos), + internal.NativeEndian, + pi.numLineInfos, + spec, + ) +} + // Instructions returns the 'xlated' instruction stream of the program // after it has been verified and rewritten by the kernel. These instructions // cannot be loaded back into the kernel as-is, this is mainly used for @@ -391,6 +572,29 @@ func (pi *ProgramInfo) Instructions() (asm.Instructions, error) { return insns, nil } +// JitedSize returns the size of the program's JIT-compiled machine code in bytes, which is the +// actual code executed on the host's CPU. This field requires the BPF JIT compiler to be enabled. +// +// Available from 4.13. Reading this metadata requires CAP_BPF or equivalent. +func (pi *ProgramInfo) JitedSize() (uint32, error) { + if pi.jitedSize == 0 { + return 0, fmt.Errorf("insufficient permissions, unsupported kernel, or JIT compiler disabled: %w", ErrNotSupported) + } + return pi.jitedSize, nil +} + +// TranslatedSize returns the size of the program's translated instructions in bytes, after it has +// been verified and rewritten by the kernel. +// +// Available from 4.13. Reading this metadata requires CAP_BPF or equivalent. +func (pi *ProgramInfo) TranslatedSize() (int, error) { + insns := len(pi.insns) + if insns == 0 { + return 0, fmt.Errorf("insufficient permissions or unsupported kernel: %w", ErrNotSupported) + } + return insns, nil +} + // MapIDs returns the maps related to the program. // // Available from 4.15. @@ -400,6 +604,89 @@ func (pi *ProgramInfo) MapIDs() ([]MapID, bool) { return pi.maps, pi.maps != nil } +// LoadTime returns when the program was loaded since boot time. +// +// Available from 4.15. +// +// The bool return value indicates whether this optional field is available. +func (pi *ProgramInfo) LoadTime() (time.Duration, bool) { + // loadTime and NrMapIds were introduced in the same kernel version. + return pi.loadTime, pi.loadTime > 0 +} + +// VerifiedInstructions returns the number verified instructions in the program. +// +// Available from 5.16. +// +// The bool return value indicates whether this optional field is available. +func (pi *ProgramInfo) VerifiedInstructions() (uint32, bool) { + return pi.verifiedInstructions, pi.verifiedInstructions > 0 +} + +// JitedKsymAddrs returns the ksym addresses of the BPF program, including its +// subprograms. The addresses correspond to their symbols in /proc/kallsyms. +// +// Available from 4.18. Note that before 5.x, this field can be empty for +// programs without subprograms (bpf2bpf calls). +// +// The bool return value indicates whether this optional field is available. +func (pi *ProgramInfo) JitedKsymAddrs() ([]uintptr, bool) { + return pi.jitedInfo.ksyms, len(pi.jitedInfo.ksyms) > 0 +} + +// JitedInsns returns the JITed machine native instructions of the program. +// +// Available from 4.13. +// +// The bool return value indicates whether this optional field is available. +func (pi *ProgramInfo) JitedInsns() ([]byte, bool) { + return pi.jitedInfo.insns, len(pi.jitedInfo.insns) > 0 +} + +// JitedLineInfos returns the JITed line infos of the program. +// +// Available from 5.0. +// +// The bool return value indicates whether this optional field is available. +func (pi *ProgramInfo) JitedLineInfos() ([]uint64, bool) { + return pi.jitedInfo.lineInfos, len(pi.jitedInfo.lineInfos) > 0 +} + +// JitedFuncLens returns the insns length of each function in the JITed program. +// +// Available from 4.18. +// +// The bool return value indicates whether this optional field is available. +func (pi *ProgramInfo) JitedFuncLens() ([]uint32, bool) { + return pi.jitedInfo.funcLens, len(pi.jitedInfo.funcLens) > 0 +} + +// FuncInfos returns the offset and function information of all (sub)programs in +// a BPF program. +// +// Available from 5.0. +// +// Requires CAP_SYS_ADMIN or equivalent for reading BTF information. Returns +// ErrNotSupported if the program was created without BTF or if the kernel +// doesn't support the field. +func (pi *ProgramInfo) FuncInfos() (btf.FuncOffsets, error) { + if len(pi.funcInfos) == 0 { + return nil, fmt.Errorf("insufficient permissions or unsupported kernel: %w", ErrNotSupported) + } + + spec, err := pi.btfSpec() + if err != nil { + return nil, err + } + + return btf.LoadFuncInfos( + bytes.NewReader(pi.funcInfos), + internal.NativeEndian, + pi.numFuncInfos, + spec, + ) +} + func scanFdInfo(fd *sys.FD, fields map[string]interface{}) error { fh, err := os.Open(fmt.Sprintf("/proc/self/fdinfo/%d", fd.Int())) if err != nil { @@ -413,8 +700,6 @@ func scanFdInfo(fd *sys.FD, fields map[string]interface{}) error { return nil } -var errMissingFields = errors.New("missing fields") - func scanFdInfoReader(r io.Reader, fields map[string]interface{}) error { var ( scanner = bufio.NewScanner(r) @@ -433,26 +718,37 @@ func scanFdInfoReader(r io.Reader, fields map[string]interface{}) error { continue } - if n, err := fmt.Sscanln(parts[1], field); err != nil || n != 1 { - return fmt.Errorf("can't parse field %s: %v", name, err) + // If field already contains a non-zero value, don't overwrite it with fdinfo. + if zero(field) { + if n, err := fmt.Sscanln(parts[1], field); err != nil || n != 1 { + return fmt.Errorf("can't parse field %s: %v", name, err) + } } scanned++ } if err := scanner.Err(); err != nil { - return err + return fmt.Errorf("scanning fdinfo: %w", err) } if len(fields) > 0 && scanned == 0 { return ErrNotSupported } - if scanned != len(fields) { - return errMissingFields + return nil +} + +func zero(arg any) bool { + v := reflect.ValueOf(arg) + + // Unwrap pointers and interfaces. + for v.Kind() == reflect.Pointer || + v.Kind() == reflect.Interface { + v = v.Elem() } - return nil + return v.IsZero() } // EnableStats starts the measuring of the runtime @@ -471,7 +767,7 @@ func EnableStats(which uint32) (io.Closer, error) { return fd, nil } -var haveProgramInfoMapIDs = internal.NewFeatureTest("map IDs in program info", "4.15", func() error { +var haveProgramInfoMapIDs = internal.NewFeatureTest("map IDs in program info", func() error { prog, err := progLoad(asm.Instructions{ asm.LoadImm(asm.R0, 0, asm.DWord), asm.Return(), @@ -496,4 +792,4 @@ var haveProgramInfoMapIDs = internal.NewFeatureTest("map IDs in program info", " } return err -}) +}, "4.15") diff --git a/vendor/github.com/cilium/ebpf/internal/errors.go b/vendor/github.com/cilium/ebpf/internal/errors.go index 83a371ad35d..19d5294ca04 100644 --- a/vendor/github.com/cilium/ebpf/internal/errors.go +++ b/vendor/github.com/cilium/ebpf/internal/errors.go @@ -23,7 +23,7 @@ func ErrorWithLog(source string, err error, log []byte) *VerifierError { log = bytes.Trim(log, whitespace) if len(log) == 0 { - return &VerifierError{source, err, nil, false} + return &VerifierError{source, err, nil} } logLines := bytes.Split(log, []byte{'\n'}) @@ -34,7 +34,7 @@ func ErrorWithLog(source string, err error, log []byte) *VerifierError { lines = append(lines, string(bytes.TrimRight(line, whitespace))) } - return &VerifierError{source, err, lines, false} + return &VerifierError{source, err, lines} } // VerifierError includes information from the eBPF verifier. @@ -46,8 +46,6 @@ type VerifierError struct { Cause error // The verifier output split into lines. Log []string - // Deprecated: the log is never truncated anymore. - Truncated bool } func (le *VerifierError) Unwrap() error { diff --git a/vendor/github.com/cilium/ebpf/internal/feature.go b/vendor/github.com/cilium/ebpf/internal/feature.go index 2b856c735e7..6399be08514 100644 --- a/vendor/github.com/cilium/ebpf/internal/feature.go +++ b/vendor/github.com/cilium/ebpf/internal/feature.go @@ -3,15 +3,25 @@ package internal import ( "errors" "fmt" + "runtime" + "strings" "sync" ) -// ErrNotSupported indicates that a feature is not supported by the current kernel. +// ErrNotSupported indicates that a feature is not supported. var ErrNotSupported = errors.New("not supported") +// ErrNotSupportedOnOS indicates that a feature is not supported on the current +// operating system. +var ErrNotSupportedOnOS = fmt.Errorf("%w on %s", ErrNotSupported, runtime.GOOS) + // UnsupportedFeatureError is returned by FeatureTest() functions. type UnsupportedFeatureError struct { - // The minimum Linux mainline version required for this feature. + // The minimum version required for this feature. + // + // On Linux this refers to the mainline kernel version, on other platforms + // to the version of the runtime. + // // Used for the error string, and for sanity checking during testing. MinimumVersion Version @@ -58,11 +68,44 @@ type FeatureTest struct { type FeatureTestFn func() error // NewFeatureTest is a convenient way to create a single [FeatureTest]. -func NewFeatureTest(name, version string, fn FeatureTestFn) func() error { +// +// versions specifies in which version of a BPF runtime a feature appeared. +// The format is "GOOS:Major.Minor[.Patch]". GOOS may be omitted when targeting +// Linux. Returns [ErrNotSupportedOnOS] if there is no version specified for the +// current OS. +func NewFeatureTest(name string, fn FeatureTestFn, versions ...string) func() error { + const nativePrefix = runtime.GOOS + ":" + + if len(versions) == 0 { + return func() error { + return fmt.Errorf("feature test %q: no versions specified", name) + } + } + ft := &FeatureTest{ - Name: name, - Version: version, - Fn: fn, + Name: name, + Fn: fn, + } + + for _, version := range versions { + if strings.HasPrefix(version, nativePrefix) { + ft.Version = strings.TrimPrefix(version, nativePrefix) + break + } + + if runtime.GOOS == "linux" && !strings.ContainsRune(version, ':') { + // Allow version numbers without a GOOS prefix on Linux. + ft.Version = version + break + } + } + + if ft.Version == "" { + return func() error { + // We don't return an UnsupportedFeatureError here, since that will + // trigger version checks which don't make sense. + return fmt.Errorf("%s: %w", name, ErrNotSupportedOnOS) + } } return ft.execute diff --git a/vendor/github.com/cilium/ebpf/internal/kallsyms/cache.go b/vendor/github.com/cilium/ebpf/internal/kallsyms/cache.go new file mode 100644 index 00000000000..b7f3e0b7819 --- /dev/null +++ b/vendor/github.com/cilium/ebpf/internal/kallsyms/cache.go @@ -0,0 +1,20 @@ +package kallsyms + +import "sync" + +type cache[K, V comparable] struct { + m sync.Map +} + +func (c *cache[K, V]) Load(key K) (value V, _ bool) { + v, ok := c.m.Load(key) + if !ok { + return value, false + } + value = v.(V) + return value, true +} + +func (c *cache[K, V]) Store(key K, value V) { + c.m.Store(key, value) +} diff --git a/vendor/github.com/cilium/ebpf/internal/kallsyms/kallsyms.go b/vendor/github.com/cilium/ebpf/internal/kallsyms/kallsyms.go index 776c7a10a28..f93d785849c 100644 --- a/vendor/github.com/cilium/ebpf/internal/kallsyms/kallsyms.go +++ b/vendor/github.com/cilium/ebpf/internal/kallsyms/kallsyms.go @@ -1,74 +1,277 @@ package kallsyms import ( - "bufio" - "bytes" + "errors" + "fmt" "io" "os" - "sync" + "slices" + "strconv" + "strings" ) -var kernelModules struct { - sync.RWMutex - // function to kernel module mapping - kmods map[string]string -} +var errAmbiguousKsym = errors.New("multiple kernel symbols with the same name") -// KernelModule returns the kernel module, if any, a probe-able function is contained in. -func KernelModule(fn string) (string, error) { - kernelModules.RLock() - kmods := kernelModules.kmods - kernelModules.RUnlock() +var symAddrs cache[string, uint64] +var symModules cache[string, string] - if kmods == nil { - kernelModules.Lock() - defer kernelModules.Unlock() - kmods = kernelModules.kmods +// Module returns the kernel module providing the given symbol in the kernel, if +// any. Returns an empty string and no error if the symbol is not present in the +// kernel. Only function symbols are considered. Returns an error if multiple +// symbols with the same name were found. +// +// Consider [AssignModules] if you need to resolve multiple symbols, as it will +// only perform one iteration over /proc/kallsyms. +func Module(name string) (string, error) { + if name == "" { + return "", nil } - if kmods != nil { - return kmods[fn], nil + if mod, ok := symModules.Load(name); ok { + return mod, nil } - f, err := os.Open("/proc/kallsyms") - if err != nil { + request := map[string]string{name: ""} + if err := AssignModules(request); err != nil { return "", err } - defer f.Close() - kmods, err = loadKernelModuleMapping(f) + + return request[name], nil +} + +// AssignModules looks up the kernel module providing each given symbol, if any, +// and assigns them to their corresponding values in the symbols map. Only +// function symbols are considered. Results of all lookups are cached, +// successful or otherwise. +// +// Any symbols missing in the kernel are ignored. Returns an error if multiple +// symbols with a given name were found. +func AssignModules(symbols map[string]string) error { + if len(symbols) == 0 { + return nil + } + + // Attempt to fetch symbols from cache. + request := make(map[string]string) + for name := range symbols { + if mod, ok := symModules.Load(name); ok { + symbols[name] = mod + continue + } + + // Mark the symbol to be read from /proc/kallsyms. + request[name] = "" + } + if len(request) == 0 { + // All symbols satisfied from cache. + return nil + } + + f, err := os.Open("/proc/kallsyms") if err != nil { - return "", err + return err + } + + if err := assignModules(f, request); err != nil { + return fmt.Errorf("assigning symbol modules: %w", err) + } + + // Update the cache with the new symbols. Cache all requested symbols, even if + // they're missing or don't belong to a module. + for name, mod := range request { + symModules.Store(name, mod) + symbols[name] = mod + } + + return nil +} + +// assignModules assigns kernel symbol modules read from f to values requested +// by symbols. Always scans the whole input to make sure the user didn't request +// an ambiguous symbol. +func assignModules(f io.Reader, symbols map[string]string) error { + if len(symbols) == 0 { + return nil + } + + found := make(map[string]struct{}) + r := newReader(f) + for r.Line() { + // Only look for function symbols in the kernel's text section (tT). + s, err, skip := parseSymbol(r, []rune{'t', 'T'}) + if err != nil { + return fmt.Errorf("parsing kallsyms line: %w", err) + } + if skip { + continue + } + + if _, requested := symbols[s.name]; !requested { + continue + } + + if _, ok := found[s.name]; ok { + // We've already seen this symbol. Return an error to avoid silently + // attaching to a symbol in the wrong module. libbpf also rejects + // referring to ambiguous symbols. + // + // We can't simply check if we already have a value for the given symbol, + // since many won't have an associated kernel module. + return fmt.Errorf("symbol %s: duplicate found at address 0x%x (module %q): %w", + s.name, s.addr, s.mod, errAmbiguousKsym) + } + + symbols[s.name] = s.mod + found[s.name] = struct{}{} + } + if err := r.Err(); err != nil { + return fmt.Errorf("reading kallsyms: %w", err) } - kernelModules.kmods = kmods - return kmods[fn], nil + return nil } -// FlushKernelModuleCache removes any cached information about function to kernel module mapping. -func FlushKernelModuleCache() { - kernelModules.Lock() - defer kernelModules.Unlock() +// Address returns the address of the given symbol in the kernel. Returns 0 and +// no error if the symbol is not present. Returns an error if multiple addresses +// were found for a symbol. +// +// Consider [AssignAddresses] if you need to resolve multiple symbols, as it +// will only perform one iteration over /proc/kallsyms. +func Address(symbol string) (uint64, error) { + if symbol == "" { + return 0, nil + } + + if addr, ok := symAddrs.Load(symbol); ok { + return addr, nil + } + + request := map[string]uint64{symbol: 0} + if err := AssignAddresses(request); err != nil { + return 0, err + } - kernelModules.kmods = nil + return request[symbol], nil } -func loadKernelModuleMapping(f io.Reader) (map[string]string, error) { - mods := make(map[string]string) - scanner := bufio.NewScanner(f) - for scanner.Scan() { - fields := bytes.Fields(scanner.Bytes()) - if len(fields) < 4 { +// AssignAddresses looks up the addresses of the requested symbols in the kernel +// and assigns them to their corresponding values in the symbols map. Results +// of all lookups are cached, successful or otherwise. +// +// Any symbols missing in the kernel are ignored. Returns an error if multiple +// addresses were found for a symbol. +func AssignAddresses(symbols map[string]uint64) error { + if len(symbols) == 0 { + return nil + } + + // Attempt to fetch symbols from cache. + request := make(map[string]uint64) + for name := range symbols { + if addr, ok := symAddrs.Load(name); ok { + symbols[name] = addr continue } - switch string(fields[1]) { - case "t", "T": - mods[string(fields[2])] = string(bytes.Trim(fields[3], "[]")) - default: + + // Mark the symbol to be read from /proc/kallsyms. + request[name] = 0 + } + if len(request) == 0 { + // All symbols satisfied from cache. + return nil + } + + f, err := os.Open("/proc/kallsyms") + if err != nil { + return err + } + + if err := assignAddresses(f, request); err != nil { + return fmt.Errorf("loading symbol addresses: %w", err) + } + + // Update the cache with the new symbols. Cache all requested symbols even if + // they weren't found, to avoid repeated lookups. + for name, addr := range request { + symAddrs.Store(name, addr) + symbols[name] = addr + } + + return nil +} + +// assignAddresses assigns kernel symbol addresses read from f to values +// requested by symbols. Always scans the whole input to make sure the user +// didn't request an ambiguous symbol. +func assignAddresses(f io.Reader, symbols map[string]uint64) error { + if len(symbols) == 0 { + return nil + } + r := newReader(f) + for r.Line() { + s, err, skip := parseSymbol(r, nil) + if err != nil { + return fmt.Errorf("parsing kallsyms line: %w", err) + } + if skip { continue } + + existing, requested := symbols[s.name] + if existing != 0 { + // Multiple addresses for a symbol have been found. Return a friendly + // error to avoid silently attaching to the wrong symbol. libbpf also + // rejects referring to ambiguous symbols. + return fmt.Errorf("symbol %s(0x%x): duplicate found at address 0x%x: %w", s.name, existing, s.addr, errAmbiguousKsym) + } + if requested { + symbols[s.name] = s.addr + } } - if scanner.Err() != nil { - return nil, scanner.Err() + if err := r.Err(); err != nil { + return fmt.Errorf("reading kallsyms: %w", err) } - return mods, nil + + return nil +} + +type ksym struct { + addr uint64 + name string + mod string +} + +// parseSymbol parses a line from /proc/kallsyms into an address, type, name and +// module. Skip will be true if the symbol doesn't match any of the given symbol +// types. See `man 1 nm` for all available types. +// +// Example line: `ffffffffc1682010 T nf_nat_init [nf_nat]` +func parseSymbol(r *reader, types []rune) (s ksym, err error, skip bool) { + for i := 0; r.Word(); i++ { + switch i { + // Address of the symbol. + case 0: + s.addr, err = strconv.ParseUint(r.Text(), 16, 64) + if err != nil { + return s, fmt.Errorf("parsing address: %w", err), false + } + // Type of the symbol. Assume the character is ASCII-encoded by converting + // it directly to a rune, since it's a fixed field controlled by the kernel. + case 1: + if len(types) > 0 && !slices.Contains(types, rune(r.Bytes()[0])) { + return s, nil, true + } + // Name of the symbol. + case 2: + s.name = r.Text() + // Kernel module the symbol is provided by. + case 3: + s.mod = strings.Trim(r.Text(), "[]") + // Ignore any future fields. + default: + break + } + } + + return } diff --git a/vendor/github.com/cilium/ebpf/internal/kallsyms/reader.go b/vendor/github.com/cilium/ebpf/internal/kallsyms/reader.go new file mode 100644 index 00000000000..2bd4f8eafcb --- /dev/null +++ b/vendor/github.com/cilium/ebpf/internal/kallsyms/reader.go @@ -0,0 +1,118 @@ +package kallsyms + +import ( + "bufio" + "io" + "unicode" + "unicode/utf8" +) + +// reader is a line and word-oriented reader built for reading /proc/kallsyms. +// It takes an io.Reader and iterates its contents line by line, then word by +// word. +// +// It's designed to allow partial reading of lines without paying the cost of +// allocating objects that will never be accessed, resulting in less work for +// the garbage collector. +type reader struct { + s *bufio.Scanner + line []byte + word []byte + + err error +} + +func newReader(r io.Reader) *reader { + return &reader{ + s: bufio.NewScanner(r), + } +} + +// Bytes returns the current word as a byte slice. +func (r *reader) Bytes() []byte { + return r.word +} + +// Text returns the output of Bytes as a string. +func (r *reader) Text() string { + return string(r.Bytes()) +} + +// Line advances the reader to the next line in the input. Calling Line resets +// the current word, making [reader.Bytes] and [reader.Text] return empty +// values. Follow this up with a call to [reader.Word]. +// +// Like [bufio.Scanner], [reader.Err] needs to be checked after Line returns +// false to determine if an error occurred during reading. +// +// Returns true if Line can be called again. Returns false if all lines in the +// input have been read. +func (r *reader) Line() bool { + for r.s.Scan() { + line := r.s.Bytes() + if len(line) == 0 { + continue + } + + r.line = line + r.word = nil + + return true + } + if err := r.s.Err(); err != nil { + r.err = err + } + + return false +} + +// Word advances the reader to the next word in the current line. +// +// Returns true if a word is found and Word should be called again. Returns +// false when all words on the line have been read. +func (r *reader) Word() bool { + if len(r.line) == 0 { + return false + } + + // Find next word start, skipping leading spaces. + start := 0 + for width := 0; start < len(r.line); start += width { + var c rune + c, width = utf8.DecodeRune(r.line[start:]) + if !unicode.IsSpace(c) { + break + } + } + + // Whitespace scanning reached the end of the line due to trailing whitespace, + // meaning there are no more words to read + if start == len(r.line) { + return false + } + + // Find next word end. + for width, i := 0, start; i < len(r.line); i += width { + var c rune + c, width = utf8.DecodeRune(r.line[i:]) + if unicode.IsSpace(c) { + r.word = r.line[start:i] + r.line = r.line[i:] + return true + } + } + + // The line contains data, but no end-of-word boundary was found. This is the + // last, unterminated word in the line. + if len(r.line) > start { + r.word = r.line[start:] + r.line = nil + return true + } + + return false +} + +func (r *reader) Err() error { + return r.err +} diff --git a/vendor/github.com/cilium/ebpf/internal/kconfig/kconfig.go b/vendor/github.com/cilium/ebpf/internal/kconfig/kconfig.go index 1921e4f15ad..29c62b6266e 100644 --- a/vendor/github.com/cilium/ebpf/internal/kconfig/kconfig.go +++ b/vendor/github.com/cilium/ebpf/internal/kconfig/kconfig.go @@ -1,3 +1,4 @@ +// Package kconfig implements a parser for the format of Linux's .config file. package kconfig import ( @@ -7,7 +8,6 @@ import ( "fmt" "io" "math" - "os" "strconv" "strings" @@ -15,30 +15,6 @@ import ( "github.com/cilium/ebpf/internal" ) -// Find find a kconfig file on the host. -// It first reads from /boot/config- of the current running kernel and tries -// /proc/config.gz if nothing was found in /boot. -// If none of the file provide a kconfig, it returns an error. -func Find() (*os.File, error) { - kernelRelease, err := internal.KernelRelease() - if err != nil { - return nil, fmt.Errorf("cannot get kernel release: %w", err) - } - - path := "/boot/config-" + kernelRelease - f, err := os.Open(path) - if err == nil { - return f, nil - } - - f, err = os.Open("/proc/config.gz") - if err == nil { - return f, nil - } - - return nil, fmt.Errorf("neither %s nor /proc/config.gz provide a kconfig", path) -} - // Parse parses the kconfig file for which a reader is given. // All the CONFIG_* which are in filter and which are set set will be // put in the returned map as key with their corresponding value as map value. @@ -127,12 +103,13 @@ func PutValue(data []byte, typ btf.Type, value string) error { switch value { case "y", "n", "m": return putValueTri(data, typ, value) - default: - if strings.HasPrefix(value, `"`) { - return putValueString(data, typ, value) - } - return putValueNumber(data, typ, value) } + + if strings.HasPrefix(value, `"`) { + return putValueString(data, typ, value) + } + + return putValueNumber(data, typ, value) } // Golang translation of libbpf_tristate enum: @@ -169,6 +146,10 @@ func putValueTri(data []byte, typ btf.Type, value string) error { return fmt.Errorf("cannot use enum %q, only libbpf_tristate is supported", v.Name) } + if len(data) != 4 { + return fmt.Errorf("expected enum value to occupy 4 bytes in datasec, got: %d", len(data)) + } + var tri triState switch value { case "y": @@ -178,10 +159,10 @@ func putValueTri(data []byte, typ btf.Type, value string) error { case "n": tri = TriNo default: - return fmt.Errorf("value %q is not support for libbpf_tristate", value) + return fmt.Errorf("value %q is not supported for libbpf_tristate", value) } - internal.NativeEndian.PutUint64(data, uint64(tri)) + internal.NativeEndian.PutUint32(data, uint32(tri)) default: return fmt.Errorf("cannot add number value, expected btf.Int or btf.Enum, got: %T", v) } diff --git a/vendor/github.com/cilium/ebpf/internal/auxv.go b/vendor/github.com/cilium/ebpf/internal/linux/auxv.go similarity index 98% rename from vendor/github.com/cilium/ebpf/internal/auxv.go rename to vendor/github.com/cilium/ebpf/internal/linux/auxv.go index 45fd0d37f13..98bb5d83cad 100644 --- a/vendor/github.com/cilium/ebpf/internal/auxv.go +++ b/vendor/github.com/cilium/ebpf/internal/linux/auxv.go @@ -1,4 +1,4 @@ -package internal +package linux import ( "errors" diff --git a/vendor/github.com/cilium/ebpf/internal/linux/doc.go b/vendor/github.com/cilium/ebpf/internal/linux/doc.go new file mode 100644 index 00000000000..064e75437d8 --- /dev/null +++ b/vendor/github.com/cilium/ebpf/internal/linux/doc.go @@ -0,0 +1,2 @@ +// Package linux contains OS specific wrappers around package unix. +package linux diff --git a/vendor/github.com/cilium/ebpf/internal/linux/kconfig.go b/vendor/github.com/cilium/ebpf/internal/linux/kconfig.go new file mode 100644 index 00000000000..1488ecb35c3 --- /dev/null +++ b/vendor/github.com/cilium/ebpf/internal/linux/kconfig.go @@ -0,0 +1,31 @@ +package linux + +import ( + "fmt" + "os" +) + +// FindKConfig searches for a kconfig file on the host. +// +// It first reads from /boot/config- of the current running kernel and tries +// /proc/config.gz if nothing was found in /boot. +// If none of the file provide a kconfig, it returns an error. +func FindKConfig() (*os.File, error) { + kernelRelease, err := KernelRelease() + if err != nil { + return nil, fmt.Errorf("cannot get kernel release: %w", err) + } + + path := "/boot/config-" + kernelRelease + f, err := os.Open(path) + if err == nil { + return f, nil + } + + f, err = os.Open("/proc/config.gz") + if err == nil { + return f, nil + } + + return nil, fmt.Errorf("neither %s nor /proc/config.gz provide a kconfig", path) +} diff --git a/vendor/github.com/cilium/ebpf/internal/platform.go b/vendor/github.com/cilium/ebpf/internal/linux/platform.go similarity index 97% rename from vendor/github.com/cilium/ebpf/internal/platform.go rename to vendor/github.com/cilium/ebpf/internal/linux/platform.go index 6e90f2ef714..39bdcc51f9a 100644 --- a/vendor/github.com/cilium/ebpf/internal/platform.go +++ b/vendor/github.com/cilium/ebpf/internal/linux/platform.go @@ -1,4 +1,4 @@ -package internal +package linux import ( "runtime" diff --git a/vendor/github.com/cilium/ebpf/internal/statfs.go b/vendor/github.com/cilium/ebpf/internal/linux/statfs.go similarity index 96% rename from vendor/github.com/cilium/ebpf/internal/statfs.go rename to vendor/github.com/cilium/ebpf/internal/linux/statfs.go index 44c02d676e6..e268c06fab6 100644 --- a/vendor/github.com/cilium/ebpf/internal/statfs.go +++ b/vendor/github.com/cilium/ebpf/internal/linux/statfs.go @@ -1,4 +1,4 @@ -package internal +package linux import ( "unsafe" diff --git a/vendor/github.com/cilium/ebpf/internal/vdso.go b/vendor/github.com/cilium/ebpf/internal/linux/vdso.go similarity index 93% rename from vendor/github.com/cilium/ebpf/internal/vdso.go rename to vendor/github.com/cilium/ebpf/internal/linux/vdso.go index 1049278554e..1d8d0ef6b11 100644 --- a/vendor/github.com/cilium/ebpf/internal/vdso.go +++ b/vendor/github.com/cilium/ebpf/internal/linux/vdso.go @@ -1,4 +1,4 @@ -package internal +package linux import ( "debug/elf" @@ -9,6 +9,7 @@ import ( "math" "os" + "github.com/cilium/ebpf/internal" "github.com/cilium/ebpf/internal/unix" ) @@ -82,7 +83,7 @@ type elfNoteHeader struct { // vdsoLinuxVersionCode returns the LINUX_VERSION_CODE embedded in // the ELF notes section of the binary provided by the reader. func vdsoLinuxVersionCode(r io.ReaderAt) (uint32, error) { - hdr, err := NewSafeELFFile(r) + hdr, err := internal.NewSafeELFFile(r) if err != nil { return 0, fmt.Errorf("reading vDSO ELF: %w", err) } @@ -110,7 +111,7 @@ func vdsoLinuxVersionCode(r io.ReaderAt) (uint32, error) { var name string if n.NameSize > 0 { // Read the note name, aligned to 4 bytes. - buf := make([]byte, Align(n.NameSize, 4)) + buf := make([]byte, internal.Align(n.NameSize, 4)) if err := binary.Read(sr, hdr.ByteOrder, &buf); err != nil { return 0, fmt.Errorf("reading note name: %w", err) } @@ -132,7 +133,7 @@ func vdsoLinuxVersionCode(r io.ReaderAt) (uint32, error) { } // Discard the note descriptor if it exists but we're not interested in it. - if _, err := io.CopyN(io.Discard, sr, int64(Align(n.DescSize, 4))); err != nil { + if _, err := io.CopyN(io.Discard, sr, int64(internal.Align(n.DescSize, 4))); err != nil { return 0, err } } diff --git a/vendor/github.com/cilium/ebpf/internal/linux/version.go b/vendor/github.com/cilium/ebpf/internal/linux/version.go new file mode 100644 index 00000000000..798dd3fed02 --- /dev/null +++ b/vendor/github.com/cilium/ebpf/internal/linux/version.go @@ -0,0 +1,34 @@ +package linux + +import ( + "fmt" + "sync" + + "github.com/cilium/ebpf/internal" + "github.com/cilium/ebpf/internal/unix" +) + +// KernelVersion returns the version of the currently running kernel. +var KernelVersion = sync.OnceValues(detectKernelVersion) + +// detectKernelVersion returns the version of the running kernel. +func detectKernelVersion() (internal.Version, error) { + vc, err := vdsoVersion() + if err != nil { + return internal.Version{}, err + } + return internal.NewVersionFromCode(vc), nil +} + +// KernelRelease returns the release string of the running kernel. +// Its format depends on the Linux distribution and corresponds to directory +// names in /lib/modules by convention. Some examples are 5.15.17-1-lts and +// 4.19.0-16-amd64. +func KernelRelease() (string, error) { + var uname unix.Utsname + if err := unix.Uname(&uname); err != nil { + return "", fmt.Errorf("uname failed: %w", err) + } + + return unix.ByteSliceToString(uname.Release[:]), nil +} diff --git a/vendor/github.com/cilium/ebpf/internal/math.go b/vendor/github.com/cilium/ebpf/internal/math.go index e95c8efde51..10cde66860d 100644 --- a/vendor/github.com/cilium/ebpf/internal/math.go +++ b/vendor/github.com/cilium/ebpf/internal/math.go @@ -1,13 +1,33 @@ package internal -import "golang.org/x/exp/constraints" - // Align returns 'n' updated to 'alignment' boundary. -func Align[I constraints.Integer](n, alignment I) I { +func Align[I Integer](n, alignment I) I { return (n + alignment - 1) / alignment * alignment } // IsPow returns true if n is a power of two. -func IsPow[I constraints.Integer](n I) bool { +func IsPow[I Integer](n I) bool { return n != 0 && (n&(n-1)) == 0 } + +// Between returns the value clamped between a and b. +func Between[I Integer](val, a, b I) I { + lower, upper := a, b + if lower > upper { + upper, lower = a, b + } + + val = min(val, upper) + return max(val, lower) +} + +// Integer represents all possible integer types. +// Remove when x/exp/constraints is moved to the standard library. +type Integer interface { + ~int | ~int8 | ~int16 | ~int32 | ~int64 | ~uint | ~uint8 | ~uint16 | ~uint32 | ~uint64 | ~uintptr +} + +// List of integer types known by the Go compiler. Used by TestIntegerConstraint +// to warn if a new integer type is introduced. Remove when x/exp/constraints +// is moved to the standard library. +var integers = []string{"int", "int8", "int16", "int32", "int64", "uint", "uint8", "uint16", "uint32", "uint64", "uintptr"} diff --git a/vendor/github.com/cilium/ebpf/internal/sys/fd.go b/vendor/github.com/cilium/ebpf/internal/sys/fd.go index 941a56fb91b..e2ba43fd3b3 100644 --- a/vendor/github.com/cilium/ebpf/internal/sys/fd.go +++ b/vendor/github.com/cilium/ebpf/internal/sys/fd.go @@ -4,9 +4,12 @@ import ( "fmt" "math" "os" + "path/filepath" "runtime" "strconv" + "strings" + "github.com/cilium/ebpf/internal/testutils/fdtrace" "github.com/cilium/ebpf/internal/unix" ) @@ -17,15 +20,7 @@ type FD struct { } func newFD(value int) *FD { - if onLeakFD != nil { - // Attempt to store the caller's stack for the given fd value. - // Panic if fds contains an existing stack for the fd. - old, exist := fds.LoadOrStore(value, callersFrames()) - if exist { - f := old.(*runtime.Frames) - panic(fmt.Sprintf("found existing stack for fd %d:\n%s", value, FormatFrames(f))) - } - } + fdtrace.TraceFD(value, 1) fd := &FD{value} runtime.SetFinalizer(fd, (*FD).finalize) @@ -39,13 +34,7 @@ func (fd *FD) finalize() { return } - // Invoke the fd leak callback. Calls LoadAndDelete to guarantee the callback - // is invoked at most once for one sys.FD allocation, runtime.Frames can only - // be unwound once. - f, ok := fds.LoadAndDelete(fd.Int()) - if ok && onLeakFD != nil { - onLeakFD(f.(*runtime.Frames)) - } + fdtrace.LeakFD(fd.raw) _ = fd.Close() } @@ -92,12 +81,15 @@ func (fd *FD) Close() error { return nil } - return unix.Close(fd.disown()) + return unix.Close(fd.Disown()) } -func (fd *FD) disown() int { - value := int(fd.raw) - fds.Delete(int(value)) +// Disown destroys the FD and returns its raw file descriptor without closing +// it. After this call, the underlying fd is no longer tied to the FD's +// lifecycle. +func (fd *FD) Disown() int { + value := fd.raw + fdtrace.ForgetFD(value) fd.raw = -1 runtime.SetFinalizer(fd, nil) @@ -129,5 +121,45 @@ func (fd *FD) File(name string) *os.File { return nil } - return os.NewFile(uintptr(fd.disown()), name) + return os.NewFile(uintptr(fd.Disown()), name) +} + +// ObjGetTyped wraps [ObjGet] with a readlink call to extract the type of the +// underlying bpf object. +func ObjGetTyped(attr *ObjGetAttr) (*FD, ObjType, error) { + fd, err := ObjGet(attr) + if err != nil { + return nil, 0, err + } + + typ, err := readType(fd) + if err != nil { + _ = fd.Close() + return nil, 0, fmt.Errorf("reading fd type: %w", err) + } + + return fd, typ, nil +} + +// readType returns the bpf object type of the file descriptor by calling +// readlink(3). Returns an error if the file descriptor does not represent a bpf +// object. +func readType(fd *FD) (ObjType, error) { + s, err := os.Readlink(filepath.Join("/proc/self/fd/", fd.String())) + if err != nil { + return 0, fmt.Errorf("readlink fd %d: %w", fd.Int(), err) + } + + s = strings.TrimPrefix(s, "anon_inode:") + + switch s { + case "bpf-map": + return BPF_TYPE_MAP, nil + case "bpf-prog": + return BPF_TYPE_PROG, nil + case "bpf-link": + return BPF_TYPE_LINK, nil + } + + return 0, fmt.Errorf("unknown type %s of fd %d", s, fd.Int()) } diff --git a/vendor/github.com/cilium/ebpf/internal/sys/fd_trace.go b/vendor/github.com/cilium/ebpf/internal/sys/fd_trace.go deleted file mode 100644 index cd50dd1f642..00000000000 --- a/vendor/github.com/cilium/ebpf/internal/sys/fd_trace.go +++ /dev/null @@ -1,93 +0,0 @@ -package sys - -import ( - "bytes" - "fmt" - "runtime" - "sync" -) - -// OnLeakFD controls tracing [FD] lifetime to detect resources that are not -// closed by Close(). -// -// If fn is not nil, tracing is enabled for all FDs created going forward. fn is -// invoked for all FDs that are closed by the garbage collector instead of an -// explicit Close() by a caller. Calling OnLeakFD twice with a non-nil fn -// (without disabling tracing in the meantime) will cause a panic. -// -// If fn is nil, tracing will be disabled. Any FDs that have not been closed are -// considered to be leaked, fn will be invoked for them, and the process will be -// terminated. -// -// fn will be invoked at most once for every unique sys.FD allocation since a -// runtime.Frames can only be unwound once. -func OnLeakFD(fn func(*runtime.Frames)) { - // Enable leak tracing if new fn is provided. - if fn != nil { - if onLeakFD != nil { - panic("OnLeakFD called twice with non-nil fn") - } - - onLeakFD = fn - return - } - - // fn is nil past this point. - - if onLeakFD == nil { - return - } - - // Call onLeakFD for all open fds. - if fs := flushFrames(); len(fs) != 0 { - for _, f := range fs { - onLeakFD(f) - } - } - - onLeakFD = nil -} - -var onLeakFD func(*runtime.Frames) - -// fds is a registry of all file descriptors wrapped into sys.fds that were -// created while an fd tracer was active. -var fds sync.Map // map[int]*runtime.Frames - -// flushFrames removes all elements from fds and returns them as a slice. This -// deals with the fact that a runtime.Frames can only be unwound once using -// Next(). -func flushFrames() []*runtime.Frames { - var frames []*runtime.Frames - fds.Range(func(key, value any) bool { - frames = append(frames, value.(*runtime.Frames)) - fds.Delete(key) - return true - }) - return frames -} - -func callersFrames() *runtime.Frames { - c := make([]uintptr, 32) - - // Skip runtime.Callers and this function. - i := runtime.Callers(2, c) - if i == 0 { - return nil - } - - return runtime.CallersFrames(c) -} - -// FormatFrames formats a runtime.Frames as a human-readable string. -func FormatFrames(fs *runtime.Frames) string { - var b bytes.Buffer - for { - f, more := fs.Next() - b.WriteString(fmt.Sprintf("\t%s+%#x\n\t\t%s:%d\n", f.Function, f.PC-f.Entry, f.File, f.Line)) - if !more { - break - } - } - return b.String() -} diff --git a/vendor/github.com/cilium/ebpf/internal/sys/mapflags_string.go b/vendor/github.com/cilium/ebpf/internal/sys/mapflags_string.go deleted file mode 100644 index d9fe217222b..00000000000 --- a/vendor/github.com/cilium/ebpf/internal/sys/mapflags_string.go +++ /dev/null @@ -1,53 +0,0 @@ -// Code generated by "stringer -type MapFlags"; DO NOT EDIT. - -package sys - -import "strconv" - -func _() { - // An "invalid array index" compiler error signifies that the constant values have changed. - // Re-run the stringer command to generate them again. - var x [1]struct{} - _ = x[BPF_F_NO_PREALLOC-1] - _ = x[BPF_F_NO_COMMON_LRU-2] - _ = x[BPF_F_NUMA_NODE-4] - _ = x[BPF_F_RDONLY-8] - _ = x[BPF_F_WRONLY-16] - _ = x[BPF_F_STACK_BUILD_ID-32] - _ = x[BPF_F_ZERO_SEED-64] - _ = x[BPF_F_RDONLY_PROG-128] - _ = x[BPF_F_WRONLY_PROG-256] - _ = x[BPF_F_CLONE-512] - _ = x[BPF_F_MMAPABLE-1024] - _ = x[BPF_F_PRESERVE_ELEMS-2048] - _ = x[BPF_F_INNER_MAP-4096] - _ = x[BPF_F_LINK-8192] - _ = x[BPF_F_PATH_FD-16384] -} - -const _MapFlags_name = "BPF_F_NO_PREALLOCBPF_F_NO_COMMON_LRUBPF_F_NUMA_NODEBPF_F_RDONLYBPF_F_WRONLYBPF_F_STACK_BUILD_IDBPF_F_ZERO_SEEDBPF_F_RDONLY_PROGBPF_F_WRONLY_PROGBPF_F_CLONEBPF_F_MMAPABLEBPF_F_PRESERVE_ELEMSBPF_F_INNER_MAPBPF_F_LINKBPF_F_PATH_FD" - -var _MapFlags_map = map[MapFlags]string{ - 1: _MapFlags_name[0:17], - 2: _MapFlags_name[17:36], - 4: _MapFlags_name[36:51], - 8: _MapFlags_name[51:63], - 16: _MapFlags_name[63:75], - 32: _MapFlags_name[75:95], - 64: _MapFlags_name[95:110], - 128: _MapFlags_name[110:127], - 256: _MapFlags_name[127:144], - 512: _MapFlags_name[144:155], - 1024: _MapFlags_name[155:169], - 2048: _MapFlags_name[169:189], - 4096: _MapFlags_name[189:204], - 8192: _MapFlags_name[204:214], - 16384: _MapFlags_name[214:227], -} - -func (i MapFlags) String() string { - if str, ok := _MapFlags_map[i]; ok { - return str - } - return "MapFlags(" + strconv.FormatInt(int64(i), 10) + ")" -} diff --git a/vendor/github.com/cilium/ebpf/internal/pinning.go b/vendor/github.com/cilium/ebpf/internal/sys/pinning.go similarity index 77% rename from vendor/github.com/cilium/ebpf/internal/pinning.go rename to vendor/github.com/cilium/ebpf/internal/sys/pinning.go index 01d892f9344..9a4c6c7a153 100644 --- a/vendor/github.com/cilium/ebpf/internal/pinning.go +++ b/vendor/github.com/cilium/ebpf/internal/sys/pinning.go @@ -1,4 +1,4 @@ -package internal +package sys import ( "errors" @@ -7,11 +7,11 @@ import ( "path/filepath" "runtime" - "github.com/cilium/ebpf/internal/sys" + "github.com/cilium/ebpf/internal/linux" "github.com/cilium/ebpf/internal/unix" ) -func Pin(currentPath, newPath string, fd *sys.FD) error { +func Pin(currentPath, newPath string, fd *FD) error { if newPath == "" { return errors.New("given pinning path cannot be empty") } @@ -19,7 +19,7 @@ func Pin(currentPath, newPath string, fd *sys.FD) error { return nil } - fsType, err := FSType(filepath.Dir(newPath)) + fsType, err := linux.FSType(filepath.Dir(newPath)) if err != nil { return err } @@ -30,8 +30,8 @@ func Pin(currentPath, newPath string, fd *sys.FD) error { defer runtime.KeepAlive(fd) if currentPath == "" { - return sys.ObjPin(&sys.ObjPinAttr{ - Pathname: sys.NewStringPointer(newPath), + return ObjPin(&ObjPinAttr{ + Pathname: NewStringPointer(newPath), BpfFd: fd.Uint(), }) } @@ -47,8 +47,8 @@ func Pin(currentPath, newPath string, fd *sys.FD) error { return fmt.Errorf("unable to move pinned object to new path %v: %w", newPath, err) } // Internal state not in sync with the file system so let's fix it. - return sys.ObjPin(&sys.ObjPinAttr{ - Pathname: sys.NewStringPointer(newPath), + return ObjPin(&ObjPinAttr{ + Pathname: NewStringPointer(newPath), BpfFd: fd.Uint(), }) } diff --git a/vendor/github.com/cilium/ebpf/internal/sys/ptr.go b/vendor/github.com/cilium/ebpf/internal/sys/ptr.go index e9bb5905973..af0c014e3b9 100644 --- a/vendor/github.com/cilium/ebpf/internal/sys/ptr.go +++ b/vendor/github.com/cilium/ebpf/internal/sys/ptr.go @@ -11,13 +11,13 @@ func NewPointer(ptr unsafe.Pointer) Pointer { return Pointer{ptr: ptr} } -// NewSlicePointer creates a 64-bit pointer from a byte slice. -func NewSlicePointer(buf []byte) Pointer { +// NewSlicePointer creates a 64-bit pointer from a slice. +func NewSlicePointer[T comparable](buf []T) Pointer { if len(buf) == 0 { return Pointer{} } - return Pointer{ptr: unsafe.Pointer(&buf[0])} + return Pointer{ptr: unsafe.Pointer(unsafe.SliceData(buf))} } // NewSlicePointerLen creates a 64-bit pointer from a byte slice. diff --git a/vendor/github.com/cilium/ebpf/internal/sys/syscall.go b/vendor/github.com/cilium/ebpf/internal/sys/syscall.go index f6b6e934580..e37f4cf6710 100644 --- a/vendor/github.com/cilium/ebpf/internal/sys/syscall.go +++ b/vendor/github.com/cilium/ebpf/internal/sys/syscall.go @@ -133,12 +133,12 @@ func ObjInfo(fd *FD, info Info) error { // BPFObjName is a null-terminated string made up of // 'A-Za-z0-9_' characters. -type ObjName [unix.BPF_OBJ_NAME_LEN]byte +type ObjName [BPF_OBJ_NAME_LEN]byte // NewObjName truncates the result if it is too long. func NewObjName(name string) ObjName { var result ObjName - copy(result[:unix.BPF_OBJ_NAME_LEN-1], name) + copy(result[:BPF_OBJ_NAME_LEN-1], name) return result } @@ -160,29 +160,6 @@ type BTFID uint32 // TypeID identifies a type in a BTF blob. type TypeID uint32 -// MapFlags control map behaviour. -type MapFlags uint32 - -//go:generate go run golang.org/x/tools/cmd/stringer@latest -type MapFlags - -const ( - BPF_F_NO_PREALLOC MapFlags = 1 << iota - BPF_F_NO_COMMON_LRU - BPF_F_NUMA_NODE - BPF_F_RDONLY - BPF_F_WRONLY - BPF_F_STACK_BUILD_ID - BPF_F_ZERO_SEED - BPF_F_RDONLY_PROG - BPF_F_WRONLY_PROG - BPF_F_CLONE - BPF_F_MMAPABLE - BPF_F_PRESERVE_ELEMS - BPF_F_INNER_MAP - BPF_F_LINK - BPF_F_PATH_FD -) - // Flags used by bpf_mprog. const ( BPF_F_REPLACE = 1 << (iota + 2) @@ -192,6 +169,16 @@ const ( BPF_F_LINK_MPROG = 1 << 13 // aka BPF_F_LINK ) +// Flags used by BPF_PROG_LOAD. +const ( + BPF_F_SLEEPABLE = 1 << 4 + BPF_F_XDP_HAS_FRAGS = 1 << 5 + BPF_F_XDP_DEV_BOUND_ONLY = 1 << 6 +) + +const BPF_TAG_SIZE = 8 +const BPF_OBJ_NAME_LEN = 16 + // wrappedErrno wraps syscall.Errno to prevent direct comparisons with // syscall.E* or unix.E* constants. // diff --git a/vendor/github.com/cilium/ebpf/internal/sys/types.go b/vendor/github.com/cilium/ebpf/internal/sys/types.go index 70e754de71d..88001c319eb 100644 --- a/vendor/github.com/cilium/ebpf/internal/sys/types.go +++ b/vendor/github.com/cilium/ebpf/internal/sys/types.go @@ -6,6 +6,170 @@ import ( "unsafe" ) +const ( + BPF_ADJ_ROOM_ENCAP_L2_MASK = 255 + BPF_ADJ_ROOM_ENCAP_L2_SHIFT = 56 + BPF_ANY = 0 + BPF_CSUM_LEVEL_DEC = 2 + BPF_CSUM_LEVEL_INC = 1 + BPF_CSUM_LEVEL_QUERY = 0 + BPF_CSUM_LEVEL_RESET = 3 + BPF_EXIST = 2 + BPF_FIB_LKUP_RET_BLACKHOLE = 1 + BPF_FIB_LKUP_RET_FRAG_NEEDED = 8 + BPF_FIB_LKUP_RET_FWD_DISABLED = 5 + BPF_FIB_LKUP_RET_NOT_FWDED = 4 + BPF_FIB_LKUP_RET_NO_NEIGH = 7 + BPF_FIB_LKUP_RET_NO_SRC_ADDR = 9 + BPF_FIB_LKUP_RET_PROHIBIT = 3 + BPF_FIB_LKUP_RET_SUCCESS = 0 + BPF_FIB_LKUP_RET_UNREACHABLE = 2 + BPF_FIB_LKUP_RET_UNSUPP_LWT = 6 + BPF_FIB_LOOKUP_DIRECT = 1 + BPF_FIB_LOOKUP_OUTPUT = 2 + BPF_FIB_LOOKUP_SKIP_NEIGH = 4 + BPF_FIB_LOOKUP_SRC = 16 + BPF_FIB_LOOKUP_TBID = 8 + BPF_FLOW_DISSECTOR_F_PARSE_1ST_FRAG = 1 + BPF_FLOW_DISSECTOR_F_STOP_AT_ENCAP = 4 + BPF_FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL = 2 + BPF_F_ADJ_ROOM_DECAP_L3_IPV4 = 128 + BPF_F_ADJ_ROOM_DECAP_L3_IPV6 = 256 + BPF_F_ADJ_ROOM_ENCAP_L2_ETH = 64 + BPF_F_ADJ_ROOM_ENCAP_L3_IPV4 = 2 + BPF_F_ADJ_ROOM_ENCAP_L3_IPV6 = 4 + BPF_F_ADJ_ROOM_ENCAP_L4_GRE = 8 + BPF_F_ADJ_ROOM_ENCAP_L4_UDP = 16 + BPF_F_ADJ_ROOM_FIXED_GSO = 1 + BPF_F_ADJ_ROOM_NO_CSUM_RESET = 32 + BPF_F_BPRM_SECUREEXEC = 1 + BPF_F_BROADCAST = 8 + BPF_F_CLONE = 512 + BPF_F_CTXLEN_MASK = 4503595332403200 + BPF_F_CURRENT_CPU = 4294967295 + BPF_F_CURRENT_NETNS = 18446744073709551615 + BPF_F_DONT_FRAGMENT = 4 + BPF_F_EXCLUDE_INGRESS = 16 + BPF_F_FAST_STACK_CMP = 512 + BPF_F_GET_BRANCH_RECORDS_SIZE = 1 + BPF_F_HDR_FIELD_MASK = 15 + BPF_F_INDEX_MASK = 4294967295 + BPF_F_INGRESS = 1 + BPF_F_INNER_MAP = 4096 + BPF_F_INVALIDATE_HASH = 2 + BPF_F_KPROBE_MULTI_RETURN = 1 + BPF_F_LINK = 8192 + BPF_F_LOCK = 4 + BPF_F_MARK_ENFORCE = 64 + BPF_F_MARK_MANGLED_0 = 32 + BPF_F_MMAPABLE = 1024 + BPF_F_NEIGH = 2 + BPF_F_NEXTHOP = 8 + BPF_F_NO_COMMON_LRU = 2 + BPF_F_NO_PREALLOC = 1 + BPF_F_NO_TUNNEL_KEY = 16 + BPF_F_NUMA_NODE = 4 + BPF_F_PATH_FD = 16384 + BPF_F_PEER = 4 + BPF_F_PRESERVE_ELEMS = 2048 + BPF_F_PSEUDO_HDR = 16 + BPF_F_RDONLY = 8 + BPF_F_RDONLY_PROG = 128 + BPF_F_RECOMPUTE_CSUM = 1 + BPF_F_REUSE_STACKID = 1024 + BPF_F_SEQ_NUMBER = 8 + BPF_F_SKIP_FIELD_MASK = 255 + BPF_F_STACK_BUILD_ID = 32 + BPF_F_SYSCTL_BASE_NAME = 1 + BPF_F_TIMER_ABS = 1 + BPF_F_TIMER_CPU_PIN = 2 + BPF_F_TUNINFO_FLAGS = 16 + BPF_F_TUNINFO_IPV6 = 1 + BPF_F_UPROBE_MULTI_RETURN = 1 + BPF_F_USER_BUILD_ID = 2048 + BPF_F_USER_STACK = 256 + BPF_F_WRONLY = 16 + BPF_F_WRONLY_PROG = 256 + BPF_F_ZERO_CSUM_TX = 2 + BPF_F_ZERO_SEED = 64 + BPF_LOAD_HDR_OPT_TCP_SYN = 1 + BPF_LOCAL_STORAGE_GET_F_CREATE = 1 + BPF_MAX_LOOPS = 8388608 + BPF_MAX_TRAMP_LINKS = 38 + BPF_NOEXIST = 1 + BPF_RB_AVAIL_DATA = 0 + BPF_RB_CONS_POS = 2 + BPF_RB_FORCE_WAKEUP = 2 + BPF_RB_NO_WAKEUP = 1 + BPF_RB_PROD_POS = 3 + BPF_RB_RING_SIZE = 1 + BPF_REG_0 = 0 + BPF_REG_1 = 1 + BPF_REG_10 = 10 + BPF_REG_2 = 2 + BPF_REG_3 = 3 + BPF_REG_4 = 4 + BPF_REG_5 = 5 + BPF_REG_6 = 6 + BPF_REG_7 = 7 + BPF_REG_8 = 8 + BPF_REG_9 = 9 + BPF_RINGBUF_BUSY_BIT = 2147483648 + BPF_RINGBUF_DISCARD_BIT = 1073741824 + BPF_RINGBUF_HDR_SZ = 8 + BPF_SKB_TSTAMP_DELIVERY_MONO = 1 + BPF_SKB_TSTAMP_UNSPEC = 0 + BPF_SK_LOOKUP_F_NO_REUSEPORT = 2 + BPF_SK_LOOKUP_F_REPLACE = 1 + BPF_SK_STORAGE_GET_F_CREATE = 1 + BPF_SOCK_OPS_ACTIVE_ESTABLISHED_CB = 4 + BPF_SOCK_OPS_ALL_CB_FLAGS = 127 + BPF_SOCK_OPS_BASE_RTT = 7 + BPF_SOCK_OPS_HDR_OPT_LEN_CB = 14 + BPF_SOCK_OPS_NEEDS_ECN = 6 + BPF_SOCK_OPS_PARSE_ALL_HDR_OPT_CB_FLAG = 16 + BPF_SOCK_OPS_PARSE_HDR_OPT_CB = 13 + BPF_SOCK_OPS_PARSE_UNKNOWN_HDR_OPT_CB_FLAG = 32 + BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB = 5 + BPF_SOCK_OPS_RETRANS_CB = 9 + BPF_SOCK_OPS_RETRANS_CB_FLAG = 2 + BPF_SOCK_OPS_RTO_CB = 8 + BPF_SOCK_OPS_RTO_CB_FLAG = 1 + BPF_SOCK_OPS_RTT_CB = 12 + BPF_SOCK_OPS_RTT_CB_FLAG = 8 + BPF_SOCK_OPS_RWND_INIT = 2 + BPF_SOCK_OPS_STATE_CB = 10 + BPF_SOCK_OPS_STATE_CB_FLAG = 4 + BPF_SOCK_OPS_TCP_CONNECT_CB = 3 + BPF_SOCK_OPS_TCP_LISTEN_CB = 11 + BPF_SOCK_OPS_TIMEOUT_INIT = 1 + BPF_SOCK_OPS_VOID = 0 + BPF_SOCK_OPS_WRITE_HDR_OPT_CB = 15 + BPF_SOCK_OPS_WRITE_HDR_OPT_CB_FLAG = 64 + BPF_STRUCT_OPS_TYPE_bpf_dummy_ops = 0 + BPF_STRUCT_OPS_TYPE_tcp_congestion_ops = 1 + BPF_TASK_ITER_ALL_PROCS = 0 + BPF_TASK_ITER_ALL_THREADS = 1 + BPF_TASK_ITER_PROC_THREADS = 2 + BPF_TCP_BOUND_INACTIVE = 13 + BPF_TCP_CLOSE = 7 + BPF_TCP_CLOSE_WAIT = 8 + BPF_TCP_CLOSING = 11 + BPF_TCP_ESTABLISHED = 1 + BPF_TCP_FIN_WAIT1 = 4 + BPF_TCP_FIN_WAIT2 = 5 + BPF_TCP_LAST_ACK = 9 + BPF_TCP_LISTEN = 10 + BPF_TCP_MAX_STATES = 14 + BPF_TCP_NEW_SYN_RECV = 12 + BPF_TCP_SYN_RECV = 3 + BPF_TCP_SYN_SENT = 2 + BPF_TCP_TIME_WAIT = 6 + BPF_WRITE_HDR_TCP_CURRENT_MSS = 1 + BPF_WRITE_HDR_TCP_SYNACK_COOKIE = 2 + BPF_XFRM_STATE_OPTS_SZ = 36 +) + type AdjRoomMode uint32 const ( @@ -402,6 +566,15 @@ const ( BPF_MAP_TYPE_CGRP_STORAGE MapType = 32 ) +type ObjType uint32 + +const ( + BPF_TYPE_UNSPEC ObjType = 0 + BPF_TYPE_PROG ObjType = 1 + BPF_TYPE_MAP ObjType = 2 + BPF_TYPE_LINK ObjType = 3 +) + type PerfEventType uint32 const ( @@ -537,7 +710,7 @@ type MapInfo struct { KeySize uint32 ValueSize uint32 MaxEntries uint32 - MapFlags MapFlags + MapFlags uint32 Name ObjName Ifindex uint32 BtfVmlinuxValueTypeId TypeID @@ -556,7 +729,7 @@ type ProgInfo struct { Tag [8]uint8 JitedProgLen uint32 XlatedProgLen uint32 - JitedProgInsns uint64 + JitedProgInsns Pointer XlatedProgInsns Pointer LoadTime uint64 CreatedByUid uint32 @@ -569,15 +742,15 @@ type ProgInfo struct { NetnsIno uint64 NrJitedKsyms uint32 NrJitedFuncLens uint32 - JitedKsyms uint64 - JitedFuncLens uint64 + JitedKsyms Pointer + JitedFuncLens Pointer BtfId BTFID FuncInfoRecSize uint32 FuncInfo Pointer NrFuncInfo uint32 NrLineInfo uint32 LineInfo Pointer - JitedLineInfo uint64 + JitedLineInfo Pointer NrJitedLineInfo uint32 LineInfoRecSize uint32 JitedLineInfoRecSize uint32 @@ -886,7 +1059,7 @@ type MapCreateAttr struct { KeySize uint32 ValueSize uint32 MaxEntries uint32 - MapFlags MapFlags + MapFlags uint32 InnerMapFd uint32 NumaNode uint32 MapName ObjName diff --git a/vendor/github.com/cilium/ebpf/internal/sysenc/buffer.go b/vendor/github.com/cilium/ebpf/internal/sysenc/buffer.go index d184ea196ae..1b4f052ee2b 100644 --- a/vendor/github.com/cilium/ebpf/internal/sysenc/buffer.go +++ b/vendor/github.com/cilium/ebpf/internal/sysenc/buffer.go @@ -51,12 +51,12 @@ func SyscallOutput(dst any, size int) Buffer { // // Returns the number of copied bytes. func (b Buffer) CopyTo(dst []byte) int { - return copy(dst, b.unsafeBytes()) + return copy(dst, b.Bytes()) } // AppendTo appends the buffer onto dst. func (b Buffer) AppendTo(dst []byte) []byte { - return append(dst, b.unsafeBytes()...) + return append(dst, b.Bytes()...) } // Pointer returns the location where a syscall should write. @@ -72,10 +72,12 @@ func (b Buffer) Unmarshal(data any) error { return nil } - return Unmarshal(data, b.unsafeBytes()) + return Unmarshal(data, b.Bytes()) } -func (b Buffer) unsafeBytes() []byte { +// Bytes returns the buffer as a byte slice. Returns nil if the Buffer was +// created using UnsafeBuffer or by zero-copy unmarshaling. +func (b Buffer) Bytes() []byte { if b.size == syscallPointerOnly { return nil } diff --git a/vendor/github.com/cilium/ebpf/internal/testutils/fdtrace/fd_trace.go b/vendor/github.com/cilium/ebpf/internal/testutils/fdtrace/fd_trace.go new file mode 100644 index 00000000000..562df2cc0c2 --- /dev/null +++ b/vendor/github.com/cilium/ebpf/internal/testutils/fdtrace/fd_trace.go @@ -0,0 +1,103 @@ +package fdtrace + +import ( + "bytes" + "fmt" + "os" + "runtime" + "sync" + "sync/atomic" +) + +// foundLeak is atomic since the GC may collect objects in parallel. +var foundLeak atomic.Bool + +func onLeakFD(fs *runtime.Frames) { + foundLeak.Store(true) + fmt.Fprintln(os.Stderr, "leaked fd created at:") + fmt.Fprintln(os.Stderr, formatFrames(fs)) +} + +// fds is a registry of all file descriptors wrapped into sys.fds that were +// created while an fd tracer was active. +var fds *sync.Map // map[int]*runtime.Frames + +// TraceFD associates raw with the current execution stack. +// +// skip controls how many entries of the stack the function should skip. +func TraceFD(raw int, skip int) { + if fds == nil { + return + } + + // Attempt to store the caller's stack for the given fd value. + // Panic if fds contains an existing stack for the fd. + old, exist := fds.LoadOrStore(raw, callersFrames(skip)) + if exist { + f := old.(*runtime.Frames) + panic(fmt.Sprintf("found existing stack for fd %d:\n%s", raw, formatFrames(f))) + } +} + +// ForgetFD removes any existing association for raw. +func ForgetFD(raw int) { + if fds != nil { + fds.Delete(raw) + } +} + +// LeakFD indicates that raw was leaked. +// +// Calling the function with a value that was not passed to [TraceFD] before +// is undefined. +func LeakFD(raw int) { + if fds == nil { + return + } + + // Invoke the fd leak callback. Calls LoadAndDelete to guarantee the callback + // is invoked at most once for one sys.FD allocation, runtime.Frames can only + // be unwound once. + f, ok := fds.LoadAndDelete(raw) + if ok { + onLeakFD(f.(*runtime.Frames)) + } +} + +// flushFrames removes all elements from fds and returns them as a slice. This +// deals with the fact that a runtime.Frames can only be unwound once using +// Next(). +func flushFrames() []*runtime.Frames { + var frames []*runtime.Frames + fds.Range(func(key, value any) bool { + frames = append(frames, value.(*runtime.Frames)) + fds.Delete(key) + return true + }) + return frames +} + +func callersFrames(skip int) *runtime.Frames { + c := make([]uintptr, 32) + + // Skip runtime.Callers and this function. + i := runtime.Callers(skip+2, c) + if i == 0 { + return nil + } + + return runtime.CallersFrames(c) +} + +// formatFrames formats a runtime.Frames as a human-readable string. +func formatFrames(fs *runtime.Frames) string { + var b bytes.Buffer + for { + f, more := fs.Next() + b.WriteString(fmt.Sprintf("\t%s+%#x\n\t\t%s:%d\n", f.Function, f.PC-f.Entry, f.File, f.Line)) + if !more { + break + } + } + return b.String() +} diff --git a/vendor/github.com/cilium/ebpf/internal/testutils/fdtrace/main.go b/vendor/github.com/cilium/ebpf/internal/testutils/fdtrace/main.go new file mode 100644 index 00000000000..c1f7b42d91d --- /dev/null +++ b/vendor/github.com/cilium/ebpf/internal/testutils/fdtrace/main.go @@ -0,0 +1,31 @@ +package fdtrace + +import ( + "os" + "sync" +) + +type testingM interface { + Run() int +} + +// TestMain runs m with fd tracing enabled. +// +// The function calls [os.Exit] and does not return. +func TestMain(m testingM) { + fds = new(sync.Map) + + ret := m.Run() + + if fs := flushFrames(); len(fs) != 0 { + for _, f := range fs { + onLeakFD(f) + } + } + + if foundLeak.Load() { + ret = 99 + } + + os.Exit(ret) +} diff --git a/vendor/github.com/cilium/ebpf/internal/tracefs/kprobe.go b/vendor/github.com/cilium/ebpf/internal/tracefs/kprobe.go index 897740fec0c..062bef9ec37 100644 --- a/vendor/github.com/cilium/ebpf/internal/tracefs/kprobe.go +++ b/vendor/github.com/cilium/ebpf/internal/tracefs/kprobe.go @@ -12,6 +12,7 @@ import ( "syscall" "github.com/cilium/ebpf/internal" + "github.com/cilium/ebpf/internal/linux" "github.com/cilium/ebpf/internal/unix" ) @@ -121,7 +122,7 @@ var getTracefsPath = sync.OnceValues(func() (string, error) { // RHEL/CentOS {"/sys/kernel/debug/tracing", unix.DEBUGFS_MAGIC}, } { - if fsType, err := internal.FSType(p.path); err == nil && fsType == p.fsType { + if fsType, err := linux.FSType(p.path); err == nil && fsType == p.fsType { return p.path, nil } } @@ -213,7 +214,10 @@ func NewEvent(args ProbeArgs) (*Event, error) { if err == nil { return nil, fmt.Errorf("trace event %s/%s: %w", args.Group, eventName, os.ErrExist) } - if err != nil && !errors.Is(err, os.ErrNotExist) { + if errors.Is(err, unix.EINVAL) { + return nil, fmt.Errorf("trace event %s/%s: %w (unknown symbol?)", args.Group, eventName, err) + } + if !errors.Is(err, os.ErrNotExist) { return nil, fmt.Errorf("checking trace event %s/%s: %w", args.Group, eventName, err) } diff --git a/vendor/github.com/cilium/ebpf/internal/unix/types_linux.go b/vendor/github.com/cilium/ebpf/internal/unix/types_linux.go index d725cfaa394..144e608d1c7 100644 --- a/vendor/github.com/cilium/ebpf/internal/unix/types_linux.go +++ b/vendor/github.com/cilium/ebpf/internal/unix/types_linux.go @@ -81,15 +81,16 @@ const ( SO_DETACH_BPF = linux.SO_DETACH_BPF SOL_SOCKET = linux.SOL_SOCKET SIGPROF = linux.SIGPROF + SIGUSR1 = linux.SIGUSR1 SIG_BLOCK = linux.SIG_BLOCK SIG_UNBLOCK = linux.SIG_UNBLOCK - EM_NONE = linux.EM_NONE - EM_BPF = linux.EM_BPF BPF_FS_MAGIC = linux.BPF_FS_MAGIC TRACEFS_MAGIC = linux.TRACEFS_MAGIC DEBUGFS_MAGIC = linux.DEBUGFS_MAGIC BPF_RB_NO_WAKEUP = linux.BPF_RB_NO_WAKEUP BPF_RB_FORCE_WAKEUP = linux.BPF_RB_FORCE_WAKEUP + AF_UNSPEC = linux.AF_UNSPEC + IFF_UP = linux.IFF_UP ) type Statfs_t = linux.Statfs_t diff --git a/vendor/github.com/cilium/ebpf/internal/unix/types_other.go b/vendor/github.com/cilium/ebpf/internal/unix/types_other.go index 3ff8962716a..06cc3a09663 100644 --- a/vendor/github.com/cilium/ebpf/internal/unix/types_other.go +++ b/vendor/github.com/cilium/ebpf/internal/unix/types_other.go @@ -84,16 +84,17 @@ const ( SO_DETACH_BPF SOL_SOCKET SIGPROF + SIGUSR1 SIG_BLOCK SIG_UNBLOCK - EM_NONE - EM_BPF BPF_FS_MAGIC TRACEFS_MAGIC DEBUGFS_MAGIC BPF_RB_NO_WAKEUP BPF_RB_FORCE_WAKEUP BPF_F_LOCK + AF_UNSPEC + IFF_UP ) type Statfs_t struct { diff --git a/vendor/github.com/cilium/ebpf/internal/version.go b/vendor/github.com/cilium/ebpf/internal/version.go index acd4650af73..a230830b013 100644 --- a/vendor/github.com/cilium/ebpf/internal/version.go +++ b/vendor/github.com/cilium/ebpf/internal/version.go @@ -2,9 +2,6 @@ package internal import ( "fmt" - "sync" - - "github.com/cilium/ebpf/internal/unix" ) const ( @@ -78,30 +75,3 @@ func (v Version) Kernel() uint32 { // each other when overflowing 8 bits. return uint32(uint8(v[0]))<<16 | uint32(uint8(v[1]))<<8 | uint32(uint8(s)) } - -// KernelVersion returns the version of the currently running kernel. -var KernelVersion = sync.OnceValues(func() (Version, error) { - return detectKernelVersion() -}) - -// detectKernelVersion returns the version of the running kernel. -func detectKernelVersion() (Version, error) { - vc, err := vdsoVersion() - if err != nil { - return Version{}, err - } - return NewVersionFromCode(vc), nil -} - -// KernelRelease returns the release string of the running kernel. -// Its format depends on the Linux distribution and corresponds to directory -// names in /lib/modules by convention. Some examples are 5.15.17-1-lts and -// 4.19.0-16-amd64. -func KernelRelease() (string, error) { - var uname unix.Utsname - if err := unix.Uname(&uname); err != nil { - return "", fmt.Errorf("uname failed: %w", err) - } - - return unix.ByteSliceToString(uname.Release[:]), nil -} diff --git a/vendor/github.com/cilium/ebpf/link/kprobe.go b/vendor/github.com/cilium/ebpf/link/kprobe.go index fe3f17c3717..6f93a27a254 100644 --- a/vendor/github.com/cilium/ebpf/link/kprobe.go +++ b/vendor/github.com/cilium/ebpf/link/kprobe.go @@ -10,6 +10,7 @@ import ( "github.com/cilium/ebpf" "github.com/cilium/ebpf/internal" + "github.com/cilium/ebpf/internal/linux" "github.com/cilium/ebpf/internal/sys" "github.com/cilium/ebpf/internal/tracefs" "github.com/cilium/ebpf/internal/unix" @@ -60,6 +61,9 @@ func (ko *KprobeOptions) cookie() uint64 { // platform's syscall prefix (e.g. __x64_) to support attaching to syscalls // in a portable fashion. // +// On kernels 6.11 and later, setting a kprobe on a nonexistent symbol using +// tracefs incorrectly returns [unix.EINVAL] instead of [os.ErrNotExist]. +// // The returned Link may implement [PerfEvent]. func Kprobe(symbol string, prog *ebpf.Program, opts *KprobeOptions) (Link, error) { k, err := kprobe(symbol, prog, opts, false) @@ -91,7 +95,7 @@ func Kprobe(symbol string, prog *ebpf.Program, opts *KprobeOptions) (Link, error // in a portable fashion. // // On kernels 5.10 and earlier, setting a kretprobe on a nonexistent symbol -// incorrectly returns unix.EINVAL instead of os.ErrNotExist. +// incorrectly returns [unix.EINVAL] instead of [os.ErrNotExist]. // // The returned Link may implement [PerfEvent]. func Kretprobe(symbol string, prog *ebpf.Program, opts *KprobeOptions) (Link, error) { @@ -169,7 +173,7 @@ func kprobe(symbol string, prog *ebpf.Program, opts *KprobeOptions, ret bool) (* // Use kprobe PMU if the kernel has it available. tp, err := pmuProbe(args) if errors.Is(err, os.ErrNotExist) || errors.Is(err, unix.EINVAL) { - if prefix := internal.PlatformPrefix(); prefix != "" { + if prefix := linux.PlatformPrefix(); prefix != "" { args.Symbol = prefix + symbol tp, err = pmuProbe(args) } @@ -177,7 +181,7 @@ func kprobe(symbol string, prog *ebpf.Program, opts *KprobeOptions, ret bool) (* if err == nil { return tp, nil } - if err != nil && !errors.Is(err, ErrNotSupported) { + if !errors.Is(err, ErrNotSupported) { return nil, fmt.Errorf("creating perf_kprobe PMU (arch-specific fallback for %q): %w", symbol, err) } @@ -185,7 +189,7 @@ func kprobe(symbol string, prog *ebpf.Program, opts *KprobeOptions, ret bool) (* args.Symbol = symbol tp, err = tracefsProbe(args) if errors.Is(err, os.ErrNotExist) || errors.Is(err, unix.EINVAL) { - if prefix := internal.PlatformPrefix(); prefix != "" { + if prefix := linux.PlatformPrefix(); prefix != "" { args.Symbol = prefix + symbol tp, err = tracefsProbe(args) } diff --git a/vendor/github.com/cilium/ebpf/link/kprobe_multi.go b/vendor/github.com/cilium/ebpf/link/kprobe_multi.go index f7a8291f945..094cb0538cb 100644 --- a/vendor/github.com/cilium/ebpf/link/kprobe_multi.go +++ b/vendor/github.com/cilium/ebpf/link/kprobe_multi.go @@ -60,7 +60,7 @@ func KprobeMulti(prog *ebpf.Program, opts KprobeMultiOptions) (Link, error) { // // Requires at least Linux 5.18. func KretprobeMulti(prog *ebpf.Program, opts KprobeMultiOptions) (Link, error) { - return kprobeMulti(prog, opts, unix.BPF_F_KPROBE_MULTI_RETURN) + return kprobeMulti(prog, opts, sys.BPF_F_KPROBE_MULTI_RETURN) } func kprobeMulti(prog *ebpf.Program, opts KprobeMultiOptions, flags uint32) (Link, error) { @@ -126,7 +126,7 @@ type kprobeMultiLink struct { var _ Link = (*kprobeMultiLink)(nil) -func (kml *kprobeMultiLink) Update(prog *ebpf.Program) error { +func (kml *kprobeMultiLink) Update(_ *ebpf.Program) error { return fmt.Errorf("update kprobe_multi: %w", ErrNotSupported) } @@ -149,7 +149,7 @@ func (kml *kprobeMultiLink) Info() (*Info, error) { }, nil } -var haveBPFLinkKprobeMulti = internal.NewFeatureTest("bpf_link_kprobe_multi", "5.18", func() error { +var haveBPFLinkKprobeMulti = internal.NewFeatureTest("bpf_link_kprobe_multi", func() error { prog, err := ebpf.NewProgram(&ebpf.ProgramSpec{ Name: "probe_kpm_link", Type: ebpf.Kprobe, @@ -188,4 +188,4 @@ var haveBPFLinkKprobeMulti = internal.NewFeatureTest("bpf_link_kprobe_multi", "5 fd.Close() return nil -}) +}, "5.18") diff --git a/vendor/github.com/cilium/ebpf/link/link.go b/vendor/github.com/cilium/ebpf/link/link.go index 9c34616c9a9..796769f8ea4 100644 --- a/vendor/github.com/cilium/ebpf/link/link.go +++ b/vendor/github.com/cilium/ebpf/link/link.go @@ -78,7 +78,9 @@ func NewFromID(id ID) (Link, error) { return wrapRawLink(&RawLink{fd, ""}) } -// LoadPinnedLink loads a link that was persisted into a bpffs. +// LoadPinnedLink loads a Link from a pin (file) on the BPF virtual filesystem. +// +// Requires at least Linux 5.7. func LoadPinnedLink(fileName string, opts *ebpf.LoadPinOptions) (Link, error) { raw, err := loadPinnedRawLink(fileName, opts) if err != nil { @@ -350,7 +352,7 @@ func AttachRawLink(opts RawLinkOptions) (*RawLink, error) { } func loadPinnedRawLink(fileName string, opts *ebpf.LoadPinOptions) (*RawLink, error) { - fd, err := sys.ObjGet(&sys.ObjGetAttr{ + fd, typ, err := sys.ObjGetTyped(&sys.ObjGetAttr{ Pathname: sys.NewStringPointer(fileName), FileFlags: opts.Marshal(), }) @@ -358,6 +360,11 @@ func loadPinnedRawLink(fileName string, opts *ebpf.LoadPinOptions) (*RawLink, er return nil, fmt.Errorf("load pinned link: %w", err) } + if typ != sys.BPF_TYPE_LINK { + _ = fd.Close() + return nil, fmt.Errorf("%s is not a Link", fileName) + } + return &RawLink{fd, fileName}, nil } @@ -380,7 +387,7 @@ func (l *RawLink) Close() error { // Calling Close on a pinned Link will not break the link // until the pin is removed. func (l *RawLink) Pin(fileName string) error { - if err := internal.Pin(l.pinnedPath, fileName, l.fd); err != nil { + if err := sys.Pin(l.pinnedPath, fileName, l.fd); err != nil { return err } l.pinnedPath = fileName @@ -389,7 +396,7 @@ func (l *RawLink) Pin(fileName string) error { // Unpin implements the Link interface. func (l *RawLink) Unpin() error { - if err := internal.Unpin(l.pinnedPath); err != nil { + if err := sys.Unpin(l.pinnedPath); err != nil { return err } l.pinnedPath = "" diff --git a/vendor/github.com/cilium/ebpf/link/netfilter.go b/vendor/github.com/cilium/ebpf/link/netfilter.go index 34be3908597..9436d11df93 100644 --- a/vendor/github.com/cilium/ebpf/link/netfilter.go +++ b/vendor/github.com/cilium/ebpf/link/netfilter.go @@ -63,7 +63,7 @@ func AttachNetfilter(opts NetfilterOptions) (Link, error) { return &netfilterLink{RawLink{fd, ""}}, nil } -func (*netfilterLink) Update(new *ebpf.Program) error { +func (*netfilterLink) Update(_ *ebpf.Program) error { return fmt.Errorf("netfilter update: %w", ErrNotSupported) } diff --git a/vendor/github.com/cilium/ebpf/link/perf_event.go b/vendor/github.com/cilium/ebpf/link/perf_event.go index 1d8feb58c1c..7440e8b292a 100644 --- a/vendor/github.com/cilium/ebpf/link/perf_event.go +++ b/vendor/github.com/cilium/ebpf/link/perf_event.go @@ -115,7 +115,7 @@ func (pl *perfEventLink) Close() error { return nil } -func (pl *perfEventLink) Update(prog *ebpf.Program) error { +func (pl *perfEventLink) Update(_ *ebpf.Program) error { return fmt.Errorf("perf event link update: %w", ErrNotSupported) } @@ -185,7 +185,7 @@ func (pi *perfEventIoctl) isLink() {} // // Detaching a program from a perf event is currently not possible, so a // program replacement mechanism cannot be implemented for perf events. -func (pi *perfEventIoctl) Update(prog *ebpf.Program) error { +func (pi *perfEventIoctl) Update(_ *ebpf.Program) error { return fmt.Errorf("perf event ioctl update: %w", ErrNotSupported) } @@ -303,7 +303,7 @@ func openTracepointPerfEvent(tid uint64, pid int) (*sys.FD, error) { // // https://elixir.bootlin.com/linux/v5.16.8/source/kernel/bpf/syscall.c#L4307 // https://github.com/torvalds/linux/commit/b89fbfbb854c9afc3047e8273cc3a694650b802e -var haveBPFLinkPerfEvent = internal.NewFeatureTest("bpf_link_perf_event", "5.15", func() error { +var haveBPFLinkPerfEvent = internal.NewFeatureTest("bpf_link_perf_event", func() error { prog, err := ebpf.NewProgram(&ebpf.ProgramSpec{ Name: "probe_bpf_perf_link", Type: ebpf.Kprobe, @@ -329,4 +329,4 @@ var haveBPFLinkPerfEvent = internal.NewFeatureTest("bpf_link_perf_event", "5.15" return nil } return err -}) +}, "5.15") diff --git a/vendor/github.com/cilium/ebpf/link/syscalls.go b/vendor/github.com/cilium/ebpf/link/syscalls.go index d09b5acb0f3..25951b017dd 100644 --- a/vendor/github.com/cilium/ebpf/link/syscalls.go +++ b/vendor/github.com/cilium/ebpf/link/syscalls.go @@ -30,7 +30,7 @@ const ( NetkitType = sys.BPF_LINK_TYPE_NETKIT ) -var haveProgAttach = internal.NewFeatureTest("BPF_PROG_ATTACH", "4.10", func() error { +var haveProgAttach = internal.NewFeatureTest("BPF_PROG_ATTACH", func() error { prog, err := ebpf.NewProgram(&ebpf.ProgramSpec{ Type: ebpf.CGroupSKB, License: "MIT", @@ -48,9 +48,9 @@ var haveProgAttach = internal.NewFeatureTest("BPF_PROG_ATTACH", "4.10", func() e // have the syscall. prog.Close() return nil -}) +}, "4.10") -var haveProgAttachReplace = internal.NewFeatureTest("BPF_PROG_ATTACH atomic replacement of MULTI progs", "5.5", func() error { +var haveProgAttachReplace = internal.NewFeatureTest("BPF_PROG_ATTACH atomic replacement of MULTI progs", func() error { if err := haveProgAttach(); err != nil { return err } @@ -90,9 +90,9 @@ var haveProgAttachReplace = internal.NewFeatureTest("BPF_PROG_ATTACH atomic repl return nil } return err -}) +}, "5.5") -var haveBPFLink = internal.NewFeatureTest("bpf_link", "5.7", func() error { +var haveBPFLink = internal.NewFeatureTest("bpf_link", func() error { attr := sys.LinkCreateAttr{ // This is a hopefully invalid file descriptor, which triggers EBADF. TargetFd: ^uint32(0), @@ -107,9 +107,9 @@ var haveBPFLink = internal.NewFeatureTest("bpf_link", "5.7", func() error { return nil } return err -}) +}, "5.7") -var haveProgQuery = internal.NewFeatureTest("BPF_PROG_QUERY", "4.15", func() error { +var haveProgQuery = internal.NewFeatureTest("BPF_PROG_QUERY", func() error { attr := sys.ProgQueryAttr{ // We rely on this being checked during the syscall. // With an otherwise correct payload we expect EBADF here @@ -127,9 +127,9 @@ var haveProgQuery = internal.NewFeatureTest("BPF_PROG_QUERY", "4.15", func() err return ErrNotSupported } return errors.New("syscall succeeded unexpectedly") -}) +}, "4.15") -var haveTCX = internal.NewFeatureTest("tcx", "6.6", func() error { +var haveTCX = internal.NewFeatureTest("tcx", func() error { prog, err := ebpf.NewProgram(&ebpf.ProgramSpec{ Type: ebpf.SchedCLS, License: "MIT", @@ -162,9 +162,9 @@ var haveTCX = internal.NewFeatureTest("tcx", "6.6", func() error { return ErrNotSupported } return errors.New("syscall succeeded unexpectedly") -}) +}, "6.6") -var haveNetkit = internal.NewFeatureTest("netkit", "6.7", func() error { +var haveNetkit = internal.NewFeatureTest("netkit", func() error { prog, err := ebpf.NewProgram(&ebpf.ProgramSpec{ Type: ebpf.SchedCLS, License: "MIT", @@ -197,4 +197,4 @@ var haveNetkit = internal.NewFeatureTest("netkit", "6.7", func() error { return ErrNotSupported } return errors.New("syscall succeeded unexpectedly") -}) +}, "6.7") diff --git a/vendor/github.com/cilium/ebpf/link/tracing.go b/vendor/github.com/cilium/ebpf/link/tracing.go index 9e570afc96a..a461007f9f5 100644 --- a/vendor/github.com/cilium/ebpf/link/tracing.go +++ b/vendor/github.com/cilium/ebpf/link/tracing.go @@ -14,7 +14,7 @@ type tracing struct { RawLink } -func (f *tracing) Update(new *ebpf.Program) error { +func (f *tracing) Update(_ *ebpf.Program) error { return fmt.Errorf("tracing update: %w", ErrNotSupported) } diff --git a/vendor/github.com/cilium/ebpf/link/uprobe.go b/vendor/github.com/cilium/ebpf/link/uprobe.go index 194d1d319a7..1852a3fadd2 100644 --- a/vendor/github.com/cilium/ebpf/link/uprobe.go +++ b/vendor/github.com/cilium/ebpf/link/uprobe.go @@ -16,7 +16,7 @@ var ( uprobeRefCtrOffsetPMUPath = "/sys/bus/event_source/devices/uprobe/format/ref_ctr_offset" // elixir.bootlin.com/linux/v5.15-rc7/source/kernel/events/core.c#L9799 uprobeRefCtrOffsetShift = 32 - haveRefCtrOffsetPMU = internal.NewFeatureTest("RefCtrOffsetPMU", "4.20", func() error { + haveRefCtrOffsetPMU = internal.NewFeatureTest("RefCtrOffsetPMU", func() error { _, err := os.Stat(uprobeRefCtrOffsetPMUPath) if errors.Is(err, os.ErrNotExist) { return internal.ErrNotSupported @@ -25,7 +25,7 @@ var ( return err } return nil - }) + }, "4.20") // ErrNoSymbol indicates that the given symbol was not found // in the ELF symbols table. @@ -321,7 +321,7 @@ func (ex *Executable) uprobe(symbol string, prog *ebpf.Program, opts *UprobeOpti if err == nil { return tp, nil } - if err != nil && !errors.Is(err, ErrNotSupported) { + if !errors.Is(err, ErrNotSupported) { return nil, fmt.Errorf("creating perf_uprobe PMU: %w", err) } diff --git a/vendor/github.com/cilium/ebpf/link/uprobe_multi.go b/vendor/github.com/cilium/ebpf/link/uprobe_multi.go index aea807b329a..49dc18b4492 100644 --- a/vendor/github.com/cilium/ebpf/link/uprobe_multi.go +++ b/vendor/github.com/cilium/ebpf/link/uprobe_multi.go @@ -47,7 +47,7 @@ func (ex *Executable) UretprobeMulti(symbols []string, prog *ebpf.Program, opts // The return probe is not limited for symbols entry, so there's no special // setup for return uprobes (other than the extra flag). The symbols, opts.Offsets // and opts.Addresses arrays follow the same logic as for entry uprobes. - return ex.uprobeMulti(symbols, prog, opts, unix.BPF_F_UPROBE_MULTI_RETURN) + return ex.uprobeMulti(symbols, prog, opts, sys.BPF_F_UPROBE_MULTI_RETURN) } func (ex *Executable) uprobeMulti(symbols []string, prog *ebpf.Program, opts *UprobeMultiOptions, flags uint32) (Link, error) { @@ -99,8 +99,11 @@ func (ex *Executable) uprobeMulti(symbols []string, prog *ebpf.Program, opts *Up if errors.Is(err, unix.ESRCH) { return nil, fmt.Errorf("%w (specified pid not found?)", os.ErrNotExist) } + // Since Linux commit 46ba0e49b642 ("bpf: fix multi-uprobe PID filtering + // logic"), if the provided pid overflows MaxInt32 (turning it negative), the + // kernel will return EINVAL instead of ESRCH. if errors.Is(err, unix.EINVAL) { - return nil, fmt.Errorf("%w (missing symbol or prog's AttachType not AttachTraceUprobeMulti?)", err) + return nil, fmt.Errorf("%w (invalid pid, missing symbol or prog's AttachType not AttachTraceUprobeMulti?)", err) } if err != nil { @@ -168,11 +171,11 @@ type uprobeMultiLink struct { var _ Link = (*uprobeMultiLink)(nil) -func (kml *uprobeMultiLink) Update(prog *ebpf.Program) error { +func (kml *uprobeMultiLink) Update(_ *ebpf.Program) error { return fmt.Errorf("update uprobe_multi: %w", ErrNotSupported) } -var haveBPFLinkUprobeMulti = internal.NewFeatureTest("bpf_link_uprobe_multi", "6.6", func() error { +var haveBPFLinkUprobeMulti = internal.NewFeatureTest("bpf_link_uprobe_multi", func() error { prog, err := ebpf.NewProgram(&ebpf.ProgramSpec{ Name: "probe_upm_link", Type: ebpf.Kprobe, @@ -213,4 +216,4 @@ var haveBPFLinkUprobeMulti = internal.NewFeatureTest("bpf_link_uprobe_multi", "6 // should not happen fd.Close() return errors.New("successfully attached uprobe_multi to /, kernel bug?") -}) +}, "6.6") diff --git a/vendor/github.com/cilium/ebpf/linker.go b/vendor/github.com/cilium/ebpf/linker.go index 788f21b7b6f..6f97af27840 100644 --- a/vendor/github.com/cilium/ebpf/linker.go +++ b/vendor/github.com/cilium/ebpf/linker.go @@ -9,10 +9,12 @@ import ( "io/fs" "math" "slices" + "strings" "github.com/cilium/ebpf/asm" "github.com/cilium/ebpf/btf" "github.com/cilium/ebpf/internal" + "github.com/cilium/ebpf/internal/kallsyms" ) // handles stores handle objects to avoid gc cleanup @@ -457,3 +459,42 @@ func resolveKconfigReferences(insns asm.Instructions) (_ *Map, err error) { return kconfig, nil } + +func resolveKsymReferences(insns asm.Instructions) error { + var missing []string + + iter := insns.Iterate() + for iter.Next() { + ins := iter.Ins + meta, _ := ins.Metadata.Get(ksymMetaKey{}).(*ksymMeta) + if meta == nil { + continue + } + + addr, err := kallsyms.Address(meta.Name) + if err != nil { + return fmt.Errorf("resolve ksym %s: %w", meta.Name, err) + } + if addr != 0 { + ins.Constant = int64(addr) + continue + } + + if meta.Binding == elf.STB_WEAK { + // A weak ksym variable in eBPF C means its resolution is optional. + // Set a zero constant explicitly for clarity. + ins.Constant = 0 + continue + } + + if !slices.Contains(missing, meta.Name) { + missing = append(missing, meta.Name) + } + } + + if len(missing) > 0 { + return fmt.Errorf("kernel is missing symbol: %s", strings.Join(missing, ",")) + } + + return nil +} diff --git a/vendor/github.com/cilium/ebpf/map.go b/vendor/github.com/cilium/ebpf/map.go index 0b62101c3cb..e5d8bd78095 100644 --- a/vendor/github.com/cilium/ebpf/map.go +++ b/vendor/github.com/cilium/ebpf/map.go @@ -66,16 +66,13 @@ type MapSpec struct { Pinning PinType // Specify numa node during map creation - // (effective only if unix.BPF_F_NUMA_NODE flag is set, + // (effective only if sys.BPF_F_NUMA_NODE flag is set, // which can be imported from golang.org/x/sys/unix) NumaNode uint32 // The initial contents of the map. May be nil. Contents []MapKV - // Whether to freeze a map after setting its initial contents. - Freeze bool - // InnerMap is used as a template for ArrayOfMaps and HashOfMaps InnerMap *MapSpec @@ -161,6 +158,17 @@ func (spec *MapSpec) fixupMagicFields() (*MapSpec, error) { // behaviour in the past. spec.MaxEntries = n } + + case CPUMap: + n, err := PossibleCPU() + if err != nil { + return nil, fmt.Errorf("fixup cpu map: %w", err) + } + + if n := uint32(n); spec.MaxEntries == 0 || spec.MaxEntries > n { + // Perform clamping similar to PerfEventArray. + spec.MaxEntries = n + } } return spec, nil @@ -190,6 +198,14 @@ func (ms *MapSpec) dataSection() ([]byte, *btf.Datasec, error) { return value, ds, nil } +func (ms *MapSpec) readOnly() bool { + return (ms.Flags & sys.BPF_F_RDONLY_PROG) > 0 +} + +func (ms *MapSpec) writeOnly() bool { + return (ms.Flags & sys.BPF_F_WRONLY_PROG) > 0 +} + // MapKV is used to initialize the contents of a Map. type MapKV struct { Key interface{} @@ -222,7 +238,7 @@ func (ms *MapSpec) Compatible(m *Map) error { // BPF_F_RDONLY_PROG is set unconditionally for devmaps. Explicitly allow this // mismatch. - if !((ms.Type == DevMap || ms.Type == DevMapHash) && m.flags^ms.Flags == unix.BPF_F_RDONLY_PROG) && + if !((ms.Type == DevMap || ms.Type == DevMapHash) && m.flags^ms.Flags == sys.BPF_F_RDONLY_PROG) && m.flags != ms.Flags { diffs = append(diffs, fmt.Sprintf("Flags: %d changed to %d", m.flags, ms.Flags)) } @@ -254,6 +270,8 @@ type Map struct { pinnedPath string // Per CPU maps return values larger than the size in the spec fullValueSize int + + memory *Memory } // NewMapFromFD creates a map from a raw fd. @@ -359,7 +377,7 @@ func newMapWithOptions(spec *MapSpec, opts MapOptions) (_ *Map, err error) { return nil, errors.New("inner maps cannot be pinned") } - template, err := spec.InnerMap.createMap(nil, opts) + template, err := spec.InnerMap.createMap(nil) if err != nil { return nil, fmt.Errorf("inner map: %w", err) } @@ -371,7 +389,7 @@ func newMapWithOptions(spec *MapSpec, opts MapOptions) (_ *Map, err error) { innerFd = template.fd } - m, err := spec.createMap(innerFd, opts) + m, err := spec.createMap(innerFd) if err != nil { return nil, err } @@ -387,9 +405,54 @@ func newMapWithOptions(spec *MapSpec, opts MapOptions) (_ *Map, err error) { return m, nil } +// Memory returns a memory-mapped region for the Map. The Map must have been +// created with the BPF_F_MMAPABLE flag. Repeated calls to Memory return the +// same mapping. Callers are responsible for coordinating access to Memory. +func (m *Map) Memory() (*Memory, error) { + if m.memory != nil { + return m.memory, nil + } + + if m.flags&sys.BPF_F_MMAPABLE == 0 { + return nil, fmt.Errorf("Map was not created with the BPF_F_MMAPABLE flag: %w", ErrNotSupported) + } + + size, err := m.memorySize() + if err != nil { + return nil, err + } + + mm, err := newMemory(m.FD(), size) + if err != nil { + return nil, fmt.Errorf("creating new Memory: %w", err) + } + + m.memory = mm + + return mm, nil +} + +func (m *Map) memorySize() (int, error) { + switch m.Type() { + case Array: + // In Arrays, values are always laid out on 8-byte boundaries regardless of + // architecture. Multiply by MaxEntries and align the result to the host's + // page size. + size := int(internal.Align(m.ValueSize(), 8) * m.MaxEntries()) + size = internal.Align(size, os.Getpagesize()) + return size, nil + case Arena: + // For Arenas, MaxEntries denotes the maximum number of pages available to + // the arena. + return int(m.MaxEntries()) * os.Getpagesize(), nil + } + + return 0, fmt.Errorf("determine memory size of map type %s: %w", m.Type(), ErrNotSupported) +} + // createMap validates the spec's properties and creates the map in the kernel // using the given opts. It does not populate or freeze the map. -func (spec *MapSpec) createMap(inner *sys.FD, opts MapOptions) (_ *Map, err error) { +func (spec *MapSpec) createMap(inner *sys.FD) (_ *Map, err error) { closeOnError := func(closer io.Closer) { if err != nil { closer.Close() @@ -416,7 +479,7 @@ func (spec *MapSpec) createMap(inner *sys.FD, opts MapOptions) (_ *Map, err erro KeySize: spec.KeySize, ValueSize: spec.ValueSize, MaxEntries: spec.MaxEntries, - MapFlags: sys.MapFlags(spec.Flags), + MapFlags: spec.Flags, NumaNode: spec.NumaNode, } @@ -474,32 +537,32 @@ func handleMapCreateError(attr sys.MapCreateAttr, spec *MapSpec, err error) erro if errors.Is(err, unix.EINVAL) && spec.Type == UnspecifiedMap { return fmt.Errorf("map create: cannot use type %s", UnspecifiedMap) } - if errors.Is(err, unix.EINVAL) && spec.Flags&unix.BPF_F_NO_PREALLOC > 0 { + if errors.Is(err, unix.EINVAL) && spec.Flags&sys.BPF_F_NO_PREALLOC > 0 { return fmt.Errorf("map create: %w (noPrealloc flag may be incompatible with map type %s)", err, spec.Type) } - switch spec.Type { - case ArrayOfMaps, HashOfMaps: + if spec.Type.canStoreMap() { if haveFeatErr := haveNestedMaps(); haveFeatErr != nil { return fmt.Errorf("map create: %w", haveFeatErr) } } - if spec.Flags&(unix.BPF_F_RDONLY_PROG|unix.BPF_F_WRONLY_PROG) > 0 || spec.Freeze { + + if spec.readOnly() || spec.writeOnly() { if haveFeatErr := haveMapMutabilityModifiers(); haveFeatErr != nil { return fmt.Errorf("map create: %w", haveFeatErr) } } - if spec.Flags&unix.BPF_F_MMAPABLE > 0 { + if spec.Flags&sys.BPF_F_MMAPABLE > 0 { if haveFeatErr := haveMmapableMaps(); haveFeatErr != nil { return fmt.Errorf("map create: %w", haveFeatErr) } } - if spec.Flags&unix.BPF_F_INNER_MAP > 0 { + if spec.Flags&sys.BPF_F_INNER_MAP > 0 { if haveFeatErr := haveInnerMaps(); haveFeatErr != nil { return fmt.Errorf("map create: %w", haveFeatErr) } } - if spec.Flags&unix.BPF_F_NO_PREALLOC > 0 { + if spec.Flags&sys.BPF_F_NO_PREALLOC > 0 { if haveFeatErr := haveNoPreallocMaps(); haveFeatErr != nil { return fmt.Errorf("map create: %w", haveFeatErr) } @@ -530,6 +593,7 @@ func newMap(fd *sys.FD, name string, typ MapType, keySize, valueSize, maxEntries flags, "", int(valueSize), + nil, } if !typ.hasPerCPUValue() { @@ -577,7 +641,12 @@ func (m *Map) Flags() uint32 { return m.flags } -// Info returns metadata about the map. +// Info returns metadata about the map. This was first introduced in Linux 4.5, +// but newer kernels support more MapInfo fields with the introduction of more +// features. See [MapInfo] and its methods for more details. +// +// Returns an error wrapping ErrNotSupported if the kernel supports neither +// BPF_OBJ_GET_INFO_BY_FD nor reading map information from /proc/self/fdinfo. func (m *Map) Info() (*MapInfo, error) { return newMapInfoFromFd(m.fd) } @@ -604,7 +673,7 @@ func (m *Map) Handle() (*btf.Handle, error) { type MapLookupFlags uint64 // LookupLock look up the value of a spin-locked map. -const LookupLock MapLookupFlags = unix.BPF_F_LOCK +const LookupLock MapLookupFlags = sys.BPF_F_LOCK // Lookup retrieves a value from a Map. // @@ -1336,6 +1405,7 @@ func (m *Map) Clone() (*Map, error) { m.flags, "", m.fullValueSize, + nil, }, nil } @@ -1349,7 +1419,7 @@ func (m *Map) Clone() (*Map, error) { // This requires bpffs to be mounted above fileName. // See https://docs.cilium.io/en/stable/network/kubernetes/configuration/#mounting-bpffs-with-systemd func (m *Map) Pin(fileName string) error { - if err := internal.Pin(m.pinnedPath, fileName, m.fd); err != nil { + if err := sys.Pin(m.pinnedPath, fileName, m.fd); err != nil { return err } m.pinnedPath = fileName @@ -1362,7 +1432,7 @@ func (m *Map) Pin(fileName string) error { // // Unpinning an unpinned Map returns nil. func (m *Map) Unpin() error { - if err := internal.Unpin(m.pinnedPath); err != nil { + if err := sys.Unpin(m.pinnedPath); err != nil { return err } m.pinnedPath = "" @@ -1400,7 +1470,7 @@ func (m *Map) finalize(spec *MapSpec) error { } } - if spec.Freeze { + if isConstantDataSection(spec.Name) || isKconfigSection(spec.Name) { if err := m.Freeze(); err != nil { return fmt.Errorf("freezing map: %w", err) } @@ -1501,9 +1571,11 @@ func (m *Map) unmarshalValue(value any, buf sysenc.Buffer) error { return buf.Unmarshal(value) } -// LoadPinnedMap loads a Map from a BPF file. +// LoadPinnedMap opens a Map from a pin (file) on the BPF virtual filesystem. +// +// Requires at least Linux 4.5. func LoadPinnedMap(fileName string, opts *LoadPinOptions) (*Map, error) { - fd, err := sys.ObjGet(&sys.ObjGetAttr{ + fd, typ, err := sys.ObjGetTyped(&sys.ObjGetAttr{ Pathname: sys.NewStringPointer(fileName), FileFlags: opts.Marshal(), }) @@ -1511,6 +1583,11 @@ func LoadPinnedMap(fileName string, opts *LoadPinOptions) (*Map, error) { return nil, err } + if typ != sys.BPF_TYPE_MAP { + _ = fd.Close() + return nil, fmt.Errorf("%s is not a Map", fileName) + } + m, err := newMapFromFD(fd) if err == nil { m.pinnedPath = fileName @@ -1530,6 +1607,10 @@ func unmarshalMap(buf sysenc.Buffer) (*Map, error) { // marshalMap marshals the fd of a map into a buffer in host endianness. func marshalMap(m *Map, length int) ([]byte, error) { + if m == nil { + return nil, errors.New("can't marshal a nil Map") + } + if length != 4 { return nil, fmt.Errorf("can't marshal map to %d bytes", length) } diff --git a/vendor/github.com/cilium/ebpf/memory.go b/vendor/github.com/cilium/ebpf/memory.go new file mode 100644 index 00000000000..312c967131a --- /dev/null +++ b/vendor/github.com/cilium/ebpf/memory.go @@ -0,0 +1,145 @@ +package ebpf + +import ( + "errors" + "fmt" + "io" + "runtime" + + "github.com/cilium/ebpf/internal/unix" +) + +// Memory is the building block for accessing the memory of specific bpf map +// types (Array and Arena at the time of writing) without going through the bpf +// syscall interface. +// +// Given the fd of a bpf map created with the BPF_F_MMAPABLE flag, a shared +// 'file'-based memory-mapped region can be allocated in the process' address +// space, exposing the bpf map's memory by simply accessing a memory location. + +var ErrReadOnly = errors.New("resource is read-only") + +// Memory implements accessing a Map's memory without making any syscalls. +// Pay attention to the difference between Go and C struct alignment rules. Use +// [structs.HostLayout] on supported Go versions to help with alignment. +// +// Note on memory coherence: avoid using packed structs in memory shared between +// user space and eBPF C programs. This drops a struct's memory alignment to 1, +// forcing the compiler to use single-byte loads and stores for field accesses. +// This may lead to partially-written data to be observed from user space. +// +// On most architectures, the memmove implementation used by Go's copy() will +// access data in word-sized chunks. If paired with a matching access pattern on +// the eBPF C side (and if using default memory alignment), accessing shared +// memory without atomics or other synchronization primitives should be sound +// for individual values. For accesses beyond a single value, the usual +// concurrent programming rules apply. +type Memory struct { + b []byte + ro bool +} + +func newMemory(fd, size int) (*Memory, error) { + // Typically, maps created with BPF_F_RDONLY_PROG remain writable from user + // space until frozen. As a security precaution, the kernel doesn't allow + // mapping bpf map memory as read-write into user space if the bpf map was + // frozen, or if it was created using the RDONLY_PROG flag. + // + // The user would be able to write to the map after freezing (since the kernel + // can't change the protection mode of an already-mapped page), while the + // verifier assumes the contents to be immutable. + b, err := unix.Mmap(fd, 0, size, unix.PROT_READ|unix.PROT_WRITE, unix.MAP_SHARED) + + // If the map is frozen when an rw mapping is requested, expect EPERM. If the + // map was created with BPF_F_RDONLY_PROG, expect EACCES. + var ro bool + if errors.Is(err, unix.EPERM) || errors.Is(err, unix.EACCES) { + ro = true + b, err = unix.Mmap(fd, 0, size, unix.PROT_READ, unix.MAP_SHARED) + } + if err != nil { + return nil, fmt.Errorf("setting up memory-mapped region: %w", err) + } + + mm := &Memory{ + b, + ro, + } + runtime.SetFinalizer(mm, (*Memory).close) + + return mm, nil +} + +func (mm *Memory) close() { + if err := unix.Munmap(mm.b); err != nil { + panic(fmt.Errorf("unmapping memory: %w", err)) + } + mm.b = nil +} + +// Size returns the size of the memory-mapped region in bytes. +func (mm *Memory) Size() int { + return len(mm.b) +} + +// ReadOnly returns true if the memory-mapped region is read-only. +func (mm *Memory) ReadOnly() bool { + return mm.ro +} + +// bounds returns true if an access at off of the given size is within bounds. +func (mm *Memory) bounds(off uint64, size uint64) bool { + return off+size < uint64(len(mm.b)) +} + +// ReadAt implements [io.ReaderAt]. Useful for creating a new [io.OffsetWriter]. +// +// See [Memory] for details around memory coherence. +func (mm *Memory) ReadAt(p []byte, off int64) (int, error) { + if mm.b == nil { + return 0, fmt.Errorf("memory-mapped region closed") + } + + if p == nil { + return 0, fmt.Errorf("input buffer p is nil") + } + + if off < 0 || off >= int64(len(mm.b)) { + return 0, fmt.Errorf("read offset out of range") + } + + n := copy(p, mm.b[off:]) + if n < len(p) { + return n, io.EOF + } + + return n, nil +} + +// WriteAt implements [io.WriterAt]. Useful for creating a new +// [io.SectionReader]. +// +// See [Memory] for details around memory coherence. +func (mm *Memory) WriteAt(p []byte, off int64) (int, error) { + if mm.b == nil { + return 0, fmt.Errorf("memory-mapped region closed") + } + if mm.ro { + return 0, fmt.Errorf("memory-mapped region not writable: %w", ErrReadOnly) + } + + if p == nil { + return 0, fmt.Errorf("output buffer p is nil") + } + + if off < 0 || off >= int64(len(mm.b)) { + return 0, fmt.Errorf("write offset out of range") + } + + n := copy(mm.b[off:], p) + if n < len(p) { + return n, io.EOF + } + + return n, nil +} diff --git a/vendor/github.com/cilium/ebpf/prog.go b/vendor/github.com/cilium/ebpf/prog.go index 9bc6325f887..3767f28736a 100644 --- a/vendor/github.com/cilium/ebpf/prog.go +++ b/vendor/github.com/cilium/ebpf/prog.go @@ -16,6 +16,7 @@ import ( "github.com/cilium/ebpf/btf" "github.com/cilium/ebpf/internal" "github.com/cilium/ebpf/internal/kallsyms" + "github.com/cilium/ebpf/internal/linux" "github.com/cilium/ebpf/internal/sys" "github.com/cilium/ebpf/internal/sysenc" "github.com/cilium/ebpf/internal/unix" @@ -46,14 +47,15 @@ const ( outputPad = 256 + 2 ) -// Deprecated: the correct log size is now detected automatically and this -// constant is unused. -const DefaultVerifierLogSize = 64 * 1024 - // minVerifierLogSize is the default number of bytes allocated for the // verifier log. const minVerifierLogSize = 64 * 1024 +// maxVerifierLogSize is the maximum size of verifier log buffer the kernel +// will accept before returning EINVAL. May be increased to MaxUint32 in the +// future, but avoid the unnecessary EINVAL for now. +const maxVerifierLogSize = math.MaxUint32 >> 2 + // ProgramOptions control loading a program into the kernel. type ProgramOptions struct { // Bitmap controlling the detail emitted by the kernel's eBPF verifier log. @@ -73,9 +75,10 @@ type ProgramOptions struct { // attempt at loading the program. LogLevel LogLevel - // Deprecated: the correct log buffer size is determined automatically - // and this field is ignored. - LogSize int + // Starting size of the verifier log buffer. If the verifier log is larger + // than this size, the buffer will be grown to fit the entire log. Leave at + // its default value unless troubleshooting. + LogSizeStart uint32 // Disables the verifier log completely, regardless of other options. LogDisabled bool @@ -162,26 +165,35 @@ func (ps *ProgramSpec) Tag() (string, error) { return ps.Instructions.Tag(internal.NativeEndian) } -// KernelModule returns the kernel module, if any, the AttachTo function is contained in. -func (ps *ProgramSpec) KernelModule() (string, error) { +// kernelModule returns the kernel module providing the symbol in +// ProgramSpec.AttachTo, if any. Returns an empty string if the symbol is not +// present or not part of a kernel module. +func (ps *ProgramSpec) kernelModule() (string, error) { + if ps.AttachTo == "" && ps.targetsKernelModule() { + return kallsyms.Module(ps.AttachTo) + } + + return "", nil +} + +// targetsKernelModule returns true if the program supports being attached to a +// symbol provided by a kernel module. +func (ps *ProgramSpec) targetsKernelModule() bool { if ps.AttachTo == "" { - return "", nil + return false } switch ps.Type { - default: - return "", nil case Tracing: switch ps.AttachType { - default: - return "", nil - case AttachTraceFEntry: - case AttachTraceFExit: + case AttachTraceFEntry, AttachTraceFExit: + return true } - fallthrough case Kprobe: - return kallsyms.KernelModule(ps.AttachTo) + return true } + + return false } // VerifierError is returned by [NewProgram] and [NewProgramWithOptions] if a @@ -261,7 +273,7 @@ func newProgramWithOptions(spec *ProgramSpec, opts ProgramOptions) (*Program, er // Overwrite Kprobe program version if set to zero or the magic version constant. kv := spec.KernelVersion if spec.Type == Kprobe && (kv == 0 || kv == internal.MagicKernelVersion) { - v, err := internal.KernelVersion() + v, err := linux.KernelVersion() if err != nil { return nil, fmt.Errorf("detecting kernel version: %w", err) } @@ -283,7 +295,7 @@ func newProgramWithOptions(spec *ProgramSpec, opts ProgramOptions) (*Program, er insns := make(asm.Instructions, len(spec.Instructions)) copy(insns, spec.Instructions) - kmodName, err := spec.KernelModule() + kmodName, err := spec.kernelModule() if err != nil { return nil, fmt.Errorf("kernel module search: %w", err) } @@ -344,6 +356,10 @@ func newProgramWithOptions(spec *ProgramSpec, opts ProgramOptions) (*Program, er } defer kconfig.Close() + if err := resolveKsymReferences(insns); err != nil { + return nil, fmt.Errorf("resolve .ksyms: %w", err) + } + if err := fixupAndValidate(insns); err != nil { return nil, err } @@ -395,9 +411,10 @@ func newProgramWithOptions(spec *ProgramSpec, opts ProgramOptions) (*Program, er // The caller requested a specific verifier log level. Set up the log buffer // so that there is a chance of loading the program in a single shot. + logSize := internal.Between(opts.LogSizeStart, minVerifierLogSize, maxVerifierLogSize) var logBuf []byte if !opts.LogDisabled && opts.LogLevel != 0 { - logBuf = make([]byte, minVerifierLogSize) + logBuf = make([]byte, logSize) attr.LogLevel = opts.LogLevel attr.LogSize = uint32(len(logBuf)) attr.LogBuf = sys.NewSlicePointer(logBuf) @@ -431,12 +448,11 @@ func newProgramWithOptions(spec *ProgramSpec, opts ProgramOptions) (*Program, er attr.LogLevel = LogLevelBranch } - // Make an educated guess how large the buffer should be. Start - // at minVerifierLogSize and then double the size. - logSize := uint32(max(len(logBuf)*2, minVerifierLogSize)) - if int(logSize) < len(logBuf) { - return nil, errors.New("overflow while probing log buffer size") - } + // Make an educated guess how large the buffer should be by multiplying. + // Ensure the size doesn't overflow. + const factor = 2 + logSize := internal.Between(logSize, minVerifierLogSize, maxVerifierLogSize/factor) + logSize *= factor if attr.LogTrueSize != 0 { // The kernel has given us a hint how large the log buffer has to be. @@ -462,6 +478,12 @@ func newProgramWithOptions(spec *ProgramSpec, opts ProgramOptions) (*Program, er return nil, fmt.Errorf("load program: %w (MEMLOCK may be too low, consider rlimit.RemoveMemlock)", err) } + case errors.Is(err, unix.EFAULT): + // EFAULT is returned when the kernel hits a verifier bug, and always + // overrides ENOSPC, defeating the buffer growth strategy. Warn the user + // that they may need to increase the buffer size manually. + return nil, fmt.Errorf("load program: %w (hit verifier bug, increase LogSizeStart to fit the log and check dmesg)", err) + case errors.Is(err, unix.EINVAL): if bytes.Contains(tail, coreBadCall) { err = errBadRelocation @@ -598,7 +620,7 @@ func (p *Program) Clone() (*Program, error) { // This requires bpffs to be mounted above fileName. // See https://docs.cilium.io/en/stable/network/kubernetes/configuration/#mounting-bpffs-with-systemd func (p *Program) Pin(fileName string) error { - if err := internal.Pin(p.pinnedPath, fileName, p.fd); err != nil { + if err := sys.Pin(p.pinnedPath, fileName, p.fd); err != nil { return err } p.pinnedPath = fileName @@ -611,7 +633,7 @@ func (p *Program) Pin(fileName string) error { // // Unpinning an unpinned Program returns nil. func (p *Program) Unpin() error { - if err := internal.Unpin(p.pinnedPath); err != nil { + if err := sys.Unpin(p.pinnedPath); err != nil { return err } p.pinnedPath = "" @@ -699,6 +721,10 @@ func (p *Program) Test(in []byte) (uint32, []byte, error) { // // Note: the same restrictions from Test apply. func (p *Program) Run(opts *RunOptions) (uint32, error) { + if opts == nil { + opts = &RunOptions{} + } + ret, _, err := p.run(opts) if err != nil { return ret, fmt.Errorf("run program: %w", err) @@ -732,7 +758,7 @@ func (p *Program) Benchmark(in []byte, repeat int, reset func()) (uint32, time.D return ret, total, nil } -var haveProgRun = internal.NewFeatureTest("BPF_PROG_RUN", "4.12", func() error { +var haveProgRun = internal.NewFeatureTest("BPF_PROG_RUN", func() error { prog, err := NewProgram(&ProgramSpec{ // SocketFilter does not require privileges on newer kernels. Type: SocketFilter, @@ -774,7 +800,7 @@ var haveProgRun = internal.NewFeatureTest("BPF_PROG_RUN", "4.12", func() error { } return err -}) +}, "4.12") func (p *Program) run(opts *RunOptions) (uint32, time.Duration, error) { if uint(len(opts.Data)) > math.MaxUint32 { @@ -883,6 +909,10 @@ func unmarshalProgram(buf sysenc.Buffer) (*Program, error) { } func marshalProgram(p *Program, length int) ([]byte, error) { + if p == nil { + return nil, errors.New("can't marshal a nil Program") + } + if length != 4 { return nil, fmt.Errorf("can't marshal program to %d bytes", length) } @@ -892,11 +922,12 @@ func marshalProgram(p *Program, length int) ([]byte, error) { return buf, nil } -// LoadPinnedProgram loads a Program from a BPF file. +// LoadPinnedProgram loads a Program from a pin (file) on the BPF virtual +// filesystem. // // Requires at least Linux 4.11. func LoadPinnedProgram(fileName string, opts *LoadPinOptions) (*Program, error) { - fd, err := sys.ObjGet(&sys.ObjGetAttr{ + fd, typ, err := sys.ObjGetTyped(&sys.ObjGetAttr{ Pathname: sys.NewStringPointer(fileName), FileFlags: opts.Marshal(), }) @@ -904,6 +935,11 @@ func LoadPinnedProgram(fileName string, opts *LoadPinOptions) (*Program, error) return nil, err } + if typ != sys.BPF_TYPE_PROG { + _ = fd.Close() + return nil, fmt.Errorf("%s is not a Program", fileName) + } + info, err := newProgramInfoFromFd(fd) if err != nil { _ = fd.Close() diff --git a/vendor/github.com/cilium/ebpf/syscalls.go b/vendor/github.com/cilium/ebpf/syscalls.go index 4aef7faebc8..25c84c3c5c1 100644 --- a/vendor/github.com/cilium/ebpf/syscalls.go +++ b/vendor/github.com/cilium/ebpf/syscalls.go @@ -10,6 +10,7 @@ import ( "github.com/cilium/ebpf/asm" "github.com/cilium/ebpf/internal" + "github.com/cilium/ebpf/internal/linux" "github.com/cilium/ebpf/internal/sys" "github.com/cilium/ebpf/internal/tracefs" "github.com/cilium/ebpf/internal/unix" @@ -60,7 +61,7 @@ func progLoad(insns asm.Instructions, typ ProgramType, license string) (*sys.FD, }) } -var haveNestedMaps = internal.NewFeatureTest("nested maps", "4.12", func() error { +var haveNestedMaps = internal.NewFeatureTest("nested maps", func() error { _, err := sys.MapCreate(&sys.MapCreateAttr{ MapType: sys.MapType(ArrayOfMaps), KeySize: 4, @@ -76,9 +77,9 @@ var haveNestedMaps = internal.NewFeatureTest("nested maps", "4.12", func() error return nil } return err -}) +}, "4.12") -var haveMapMutabilityModifiers = internal.NewFeatureTest("read- and write-only maps", "5.2", func() error { +var haveMapMutabilityModifiers = internal.NewFeatureTest("read- and write-only maps", func() error { // This checks BPF_F_RDONLY_PROG and BPF_F_WRONLY_PROG. Since // BPF_MAP_FREEZE appeared in 5.2 as well we don't do a separate check. m, err := sys.MapCreate(&sys.MapCreateAttr{ @@ -86,39 +87,39 @@ var haveMapMutabilityModifiers = internal.NewFeatureTest("read- and write-only m KeySize: 4, ValueSize: 4, MaxEntries: 1, - MapFlags: unix.BPF_F_RDONLY_PROG, + MapFlags: sys.BPF_F_RDONLY_PROG, }) if err != nil { return internal.ErrNotSupported } _ = m.Close() return nil -}) +}, "5.2") -var haveMmapableMaps = internal.NewFeatureTest("mmapable maps", "5.5", func() error { +var haveMmapableMaps = internal.NewFeatureTest("mmapable maps", func() error { // This checks BPF_F_MMAPABLE, which appeared in 5.5 for array maps. m, err := sys.MapCreate(&sys.MapCreateAttr{ MapType: sys.MapType(Array), KeySize: 4, ValueSize: 4, MaxEntries: 1, - MapFlags: unix.BPF_F_MMAPABLE, + MapFlags: sys.BPF_F_MMAPABLE, }) if err != nil { return internal.ErrNotSupported } _ = m.Close() return nil -}) +}, "5.5") -var haveInnerMaps = internal.NewFeatureTest("inner maps", "5.10", func() error { +var haveInnerMaps = internal.NewFeatureTest("inner maps", func() error { // This checks BPF_F_INNER_MAP, which appeared in 5.10. m, err := sys.MapCreate(&sys.MapCreateAttr{ MapType: sys.MapType(Array), KeySize: 4, ValueSize: 4, MaxEntries: 1, - MapFlags: unix.BPF_F_INNER_MAP, + MapFlags: sys.BPF_F_INNER_MAP, }) if err != nil { @@ -126,16 +127,16 @@ var haveInnerMaps = internal.NewFeatureTest("inner maps", "5.10", func() error { } _ = m.Close() return nil -}) +}, "5.10") -var haveNoPreallocMaps = internal.NewFeatureTest("prealloc maps", "4.6", func() error { +var haveNoPreallocMaps = internal.NewFeatureTest("prealloc maps", func() error { // This checks BPF_F_NO_PREALLOC, which appeared in 4.6. m, err := sys.MapCreate(&sys.MapCreateAttr{ MapType: sys.MapType(Hash), KeySize: 4, ValueSize: 4, MaxEntries: 1, - MapFlags: unix.BPF_F_NO_PREALLOC, + MapFlags: sys.BPF_F_NO_PREALLOC, }) if err != nil { @@ -143,7 +144,7 @@ var haveNoPreallocMaps = internal.NewFeatureTest("prealloc maps", "4.6", func() } _ = m.Close() return nil -}) +}, "4.6") func wrapMapError(err error) error { if err == nil { @@ -169,7 +170,7 @@ func wrapMapError(err error) error { return err } -var haveObjName = internal.NewFeatureTest("object names", "4.15", func() error { +var haveObjName = internal.NewFeatureTest("object names", func() error { attr := sys.MapCreateAttr{ MapType: sys.MapType(Array), KeySize: 4, @@ -178,16 +179,24 @@ var haveObjName = internal.NewFeatureTest("object names", "4.15", func() error { MapName: sys.NewObjName("feature_test"), } + // Tolerate EPERM as this runs during ELF loading which is potentially + // unprivileged. Only EINVAL is conclusive, thrown from CHECK_ATTR. fd, err := sys.MapCreate(&attr) - if err != nil { + if errors.Is(err, unix.EPERM) { + return nil + } + if errors.Is(err, unix.EINVAL) { return internal.ErrNotSupported } + if err != nil { + return err + } _ = fd.Close() return nil -}) +}, "4.15") -var objNameAllowsDot = internal.NewFeatureTest("dot in object names", "5.2", func() error { +var objNameAllowsDot = internal.NewFeatureTest("dot in object names", func() error { if err := haveObjName(); err != nil { return err } @@ -200,16 +209,25 @@ var objNameAllowsDot = internal.NewFeatureTest("dot in object names", "5.2", fun MapName: sys.NewObjName(".test"), } + // Tolerate EPERM, otherwise MapSpec.Name has its dots removed when run by + // unprivileged tools. (bpf2go, other code gen). Only EINVAL is conclusive, + // thrown from bpf_obj_name_cpy(). fd, err := sys.MapCreate(&attr) - if err != nil { + if errors.Is(err, unix.EPERM) { + return nil + } + if errors.Is(err, unix.EINVAL) { return internal.ErrNotSupported } + if err != nil { + return err + } _ = fd.Close() return nil -}) +}, "5.2") -var haveBatchAPI = internal.NewFeatureTest("map batch api", "5.6", func() error { +var haveBatchAPI = internal.NewFeatureTest("map batch api", func() error { var maxEntries uint32 = 2 attr := sys.MapCreateAttr{ MapType: sys.MapType(Hash), @@ -239,9 +257,9 @@ var haveBatchAPI = internal.NewFeatureTest("map batch api", "5.6", func() error return internal.ErrNotSupported } return nil -}) +}, "5.6") -var haveProbeReadKernel = internal.NewFeatureTest("bpf_probe_read_kernel", "5.5", func() error { +var haveProbeReadKernel = internal.NewFeatureTest("bpf_probe_read_kernel", func() error { insns := asm.Instructions{ asm.Mov.Reg(asm.R1, asm.R10), asm.Add.Imm(asm.R1, -8), @@ -257,9 +275,9 @@ var haveProbeReadKernel = internal.NewFeatureTest("bpf_probe_read_kernel", "5.5" } _ = fd.Close() return nil -}) +}, "5.5") -var haveBPFToBPFCalls = internal.NewFeatureTest("bpf2bpf calls", "4.16", func() error { +var haveBPFToBPFCalls = internal.NewFeatureTest("bpf2bpf calls", func() error { insns := asm.Instructions{ asm.Call.Label("prog2").WithSymbol("prog1"), asm.Return(), @@ -273,10 +291,10 @@ var haveBPFToBPFCalls = internal.NewFeatureTest("bpf2bpf calls", "4.16", func() } _ = fd.Close() return nil -}) +}, "4.16") -var haveSyscallWrapper = internal.NewFeatureTest("syscall wrapper", "4.17", func() error { - prefix := internal.PlatformPrefix() +var haveSyscallWrapper = internal.NewFeatureTest("syscall wrapper", func() error { + prefix := linux.PlatformPrefix() if prefix == "" { return fmt.Errorf("unable to find the platform prefix for (%s)", runtime.GOARCH) } @@ -302,9 +320,9 @@ var haveSyscallWrapper = internal.NewFeatureTest("syscall wrapper", "4.17", func } return evt.Close() -}) +}, "4.17") -var haveProgramExtInfos = internal.NewFeatureTest("program ext_infos", "5.0", func() error { +var haveProgramExtInfos = internal.NewFeatureTest("program ext_infos", func() error { insns := asm.Instructions{ asm.Mov.Imm(asm.R0, 0), asm.Return(), @@ -334,4 +352,4 @@ var haveProgramExtInfos = internal.NewFeatureTest("program ext_infos", "5.0", fu } return err -}) +}, "5.0") diff --git a/vendor/github.com/cilium/ebpf/types.go b/vendor/github.com/cilium/ebpf/types.go index 542c2397cab..211b308bbc7 100644 --- a/vendor/github.com/cilium/ebpf/types.go +++ b/vendor/github.com/cilium/ebpf/types.go @@ -2,7 +2,6 @@ package ebpf import ( "github.com/cilium/ebpf/internal/sys" - "github.com/cilium/ebpf/internal/unix" ) //go:generate go run golang.org/x/tools/cmd/stringer@latest -output types_string.go -type=MapType,ProgramType,PinType @@ -95,6 +94,14 @@ const ( InodeStorage // TaskStorage - Specialized local storage map for task_struct. TaskStorage + // BloomFilter - Space-efficient data structure to quickly test whether an element exists in a set. + BloomFilter + // UserRingbuf - The reverse of RingBuf, used to send messages from user space to BPF programs. + UserRingbuf + // CgroupStorage - Store data keyed on a cgroup. If the cgroup disappears, the key is automatically removed. + CgroupStorage + // Arena - Sparse shared memory region between a BPF program and user space. + Arena ) // hasPerCPUValue returns true if the Map stores a value per CPU. @@ -120,6 +127,21 @@ func (mt MapType) canStoreProgram() bool { return mt == ProgramArray } +// canHaveValueSize returns true if the map type supports setting a value size. +func (mt MapType) canHaveValueSize() bool { + switch mt { + case RingBuf, Arena: + return false + + // Special-case perf events since they require a value size of either 0 or 4 + // for historical reasons. Let the library fix this up later. + case PerfEventArray: + return false + } + + return true +} + // ProgramType of the eBPF program type ProgramType uint32 @@ -263,10 +285,10 @@ func (lpo *LoadPinOptions) Marshal() uint32 { flags := lpo.Flags if lpo.ReadOnly { - flags |= unix.BPF_F_RDONLY + flags |= sys.BPF_F_RDONLY } if lpo.WriteOnly { - flags |= unix.BPF_F_WRONLY + flags |= sys.BPF_F_WRONLY } return flags } diff --git a/vendor/github.com/cilium/ebpf/types_string.go b/vendor/github.com/cilium/ebpf/types_string.go index ee60b5be5b6..f06685112c2 100644 --- a/vendor/github.com/cilium/ebpf/types_string.go +++ b/vendor/github.com/cilium/ebpf/types_string.go @@ -38,11 +38,15 @@ func _() { _ = x[RingBuf-27] _ = x[InodeStorage-28] _ = x[TaskStorage-29] + _ = x[BloomFilter-30] + _ = x[UserRingbuf-31] + _ = x[CgroupStorage-32] + _ = x[Arena-33] } -const _MapType_name = "UnspecifiedMapHashArrayProgramArrayPerfEventArrayPerCPUHashPerCPUArrayStackTraceCGroupArrayLRUHashLRUCPUHashLPMTrieArrayOfMapsHashOfMapsDevMapSockMapCPUMapXSKMapSockHashCGroupStorageReusePortSockArrayPerCPUCGroupStorageQueueStackSkStorageDevMapHashStructOpsMapRingBufInodeStorageTaskStorage" +const _MapType_name = "UnspecifiedMapHashArrayProgramArrayPerfEventArrayPerCPUHashPerCPUArrayStackTraceCGroupArrayLRUHashLRUCPUHashLPMTrieArrayOfMapsHashOfMapsDevMapSockMapCPUMapXSKMapSockHashCGroupStorageReusePortSockArrayPerCPUCGroupStorageQueueStackSkStorageDevMapHashStructOpsMapRingBufInodeStorageTaskStorageBloomFilterUserRingbufCgroupStorageArena" -var _MapType_index = [...]uint16{0, 14, 18, 23, 35, 49, 59, 70, 80, 91, 98, 108, 115, 126, 136, 142, 149, 155, 161, 169, 182, 200, 219, 224, 229, 238, 248, 260, 267, 279, 290} +var _MapType_index = [...]uint16{0, 14, 18, 23, 35, 49, 59, 70, 80, 91, 98, 108, 115, 126, 136, 142, 149, 155, 161, 169, 182, 200, 219, 224, 229, 238, 248, 260, 267, 279, 290, 301, 312, 325, 330} func (i MapType) String() string { if i >= MapType(len(_MapType_index)-1) { diff --git a/vendor/github.com/cilium/ebpf/variable.go b/vendor/github.com/cilium/ebpf/variable.go new file mode 100644 index 00000000000..288b173a115 --- /dev/null +++ b/vendor/github.com/cilium/ebpf/variable.go @@ -0,0 +1,230 @@ +package ebpf + +import ( + "fmt" + "io" + + "github.com/cilium/ebpf/btf" + "github.com/cilium/ebpf/internal/sysenc" +) + +// VariableSpec is a convenience wrapper for modifying global variables of a +// CollectionSpec before loading it into the kernel. +// +// All operations on a VariableSpec's underlying MapSpec are performed in the +// host's native endianness. +type VariableSpec struct { + name string + offset uint64 + size uint64 + + m *MapSpec + t *btf.Var +} + +// Set sets the value of the VariableSpec to the provided input using the host's +// native endianness. +func (s *VariableSpec) Set(in any) error { + buf, err := sysenc.Marshal(in, int(s.size)) + if err != nil { + return fmt.Errorf("marshaling value %s: %w", s.name, err) + } + + b, _, err := s.m.dataSection() + if err != nil { + return fmt.Errorf("getting data section of map %s: %w", s.m.Name, err) + } + + if int(s.offset+s.size) > len(b) { + return fmt.Errorf("offset %d(+%d) for variable %s is out of bounds", s.offset, s.size, s.name) + } + + // MapSpec.Copy() performs a shallow copy. Fully copy the byte slice + // to avoid any changes affecting other copies of the MapSpec. + cpy := make([]byte, len(b)) + copy(cpy, b) + + buf.CopyTo(cpy[s.offset : s.offset+s.size]) + + s.m.Contents[0] = MapKV{Key: uint32(0), Value: cpy} + + return nil +} + +// Get writes the value of the VariableSpec to the provided output using the +// host's native endianness. +func (s *VariableSpec) Get(out any) error { + b, _, err := s.m.dataSection() + if err != nil { + return fmt.Errorf("getting data section of map %s: %w", s.m.Name, err) + } + + if int(s.offset+s.size) > len(b) { + return fmt.Errorf("offset %d(+%d) for variable %s is out of bounds", s.offset, s.size, s.name) + } + + if err := sysenc.Unmarshal(out, b[s.offset:s.offset+s.size]); err != nil { + return fmt.Errorf("unmarshaling value: %w", err) + } + + return nil +} + +// Size returns the size of the variable in bytes. +func (s *VariableSpec) Size() uint64 { + return s.size +} + +// MapName returns the name of the underlying MapSpec. +func (s *VariableSpec) MapName() string { + return s.m.Name +} + +// Offset returns the offset of the variable in the underlying MapSpec. +func (s *VariableSpec) Offset() uint64 { + return s.offset +} + +// Constant returns true if the VariableSpec represents a variable that is +// read-only from the perspective of the BPF program. +func (s *VariableSpec) Constant() bool { + return s.m.readOnly() +} + +// Type returns the [btf.Var] representing the variable in its data section. +// This is useful for inspecting the variable's decl tags and the type +// information of the inner type. +// +// Returns nil if the original ELF object did not contain BTF information. +func (s *VariableSpec) Type() *btf.Var { + return s.t +} + +func (s *VariableSpec) String() string { + return fmt.Sprintf("%s (type=%v, map=%s, offset=%d, size=%d)", s.name, s.t, s.m.Name, s.offset, s.size) +} + +// copy returns a new VariableSpec with the same values as the original, +// but with a different underlying MapSpec. This is useful when copying a +// CollectionSpec. Returns nil if a MapSpec with the same name is not found. +func (s *VariableSpec) copy(cpy *CollectionSpec) *VariableSpec { + out := &VariableSpec{ + name: s.name, + offset: s.offset, + size: s.size, + } + if s.t != nil { + out.t = btf.Copy(s.t).(*btf.Var) + } + + // Attempt to find a MapSpec with the same name in the copied CollectionSpec. + for _, m := range cpy.Maps { + if m.Name == s.m.Name { + out.m = m + return out + } + } + + return nil +} + +// Variable is a convenience wrapper for modifying global variables of a +// Collection after loading it into the kernel. Operations on a Variable are +// performed using direct memory access, bypassing the BPF map syscall API. +// +// On kernels older than 5.5, most interactions with Variable return +// [ErrNotSupported]. +type Variable struct { + name string + offset uint64 + size uint64 + t *btf.Var + + mm *Memory +} + +func newVariable(name string, offset, size uint64, t *btf.Var, mm *Memory) (*Variable, error) { + if mm != nil { + if int(offset+size) > mm.Size() { + return nil, fmt.Errorf("offset %d(+%d) is out of bounds", offset, size) + } + } + + return &Variable{ + name: name, + offset: offset, + size: size, + t: t, + mm: mm, + }, nil +} + +// Size returns the size of the variable. +func (v *Variable) Size() uint64 { + return v.size +} + +// ReadOnly returns true if the Variable represents a variable that is read-only +// after loading the Collection into the kernel. +// +// On systems without BPF_F_MMAPABLE support, ReadOnly always returns true. +func (v *Variable) ReadOnly() bool { + if v.mm == nil { + return true + } + return v.mm.ReadOnly() +} + +// Type returns the [btf.Var] representing the variable in its data section. +// This is useful for inspecting the variable's decl tags and the type +// information of the inner type. +// +// Returns nil if the original ELF object did not contain BTF information. +func (v *Variable) Type() *btf.Var { + return v.t +} + +func (v *Variable) String() string { + return fmt.Sprintf("%s (type=%v)", v.name, v.t) +} + +// Set the value of the Variable to the provided input. The input must marshal +// to the same length as the size of the Variable. +func (v *Variable) Set(in any) error { + if v.mm == nil { + return fmt.Errorf("variable %s: direct access requires Linux 5.5 or later: %w", v.name, ErrNotSupported) + } + + if v.ReadOnly() { + return fmt.Errorf("variable %s: %w", v.name, ErrReadOnly) + } + + buf, err := sysenc.Marshal(in, int(v.size)) + if err != nil { + return fmt.Errorf("marshaling value %s: %w", v.name, err) + } + + if _, err := v.mm.WriteAt(buf.Bytes(), int64(v.offset)); err != nil { + return fmt.Errorf("writing value to %s: %w", v.name, err) + } + + return nil +} + +// Get writes the value of the Variable to the provided output. The output must +// be a pointer to a value whose size matches the Variable. +func (v *Variable) Get(out any) error { + if v.mm == nil { + return fmt.Errorf("variable %s: direct access requires Linux 5.5 or later: %w", v.name, ErrNotSupported) + } + + if !v.mm.bounds(v.offset, v.size) { + return fmt.Errorf("variable %s: access out of bounds: %w", v.name, io.EOF) + } + + if err := sysenc.Unmarshal(out, v.mm.b[v.offset:v.offset+v.size]); err != nil { + return fmt.Errorf("unmarshaling value %s: %w", v.name, err) + } + + return nil +} diff --git a/vendor/golang.org/x/exp/LICENSE b/vendor/golang.org/x/exp/LICENSE deleted file mode 100644 index 6a66aea5eaf..00000000000 --- a/vendor/golang.org/x/exp/LICENSE +++ /dev/null @@ -1,27 +0,0 @@ -Copyright (c) 2009 The Go Authors. All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are -met: - - * Redistributions of source code must retain the above copyright -notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above -copyright notice, this list of conditions and the following disclaimer -in the documentation and/or other materials provided with the -distribution. - * Neither the name of Google Inc. nor the names of its -contributors may be used to endorse or promote products derived from -this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/vendor/golang.org/x/exp/PATENTS b/vendor/golang.org/x/exp/PATENTS deleted file mode 100644 index 733099041f8..00000000000 --- a/vendor/golang.org/x/exp/PATENTS +++ /dev/null @@ -1,22 +0,0 @@ -Additional IP Rights Grant (Patents) - -"This implementation" means the copyrightable works distributed by -Google as part of the Go project. - -Google hereby grants to You a perpetual, worldwide, non-exclusive, -no-charge, royalty-free, irrevocable (except as stated in this section) -patent license to make, have made, use, offer to sell, sell, import, -transfer and otherwise run, modify and propagate the contents of this -implementation of Go, where such license applies only to those patent -claims, both currently owned or controlled by Google and acquired in -the future, licensable by Google that are necessarily infringed by this -implementation of Go. This grant does not include claims that would be -infringed only as a consequence of further modification of this -implementation. If you or your agent or exclusive licensee institute or -order or agree to the institution of patent litigation against any -entity (including a cross-claim or counterclaim in a lawsuit) alleging -that this implementation of Go or any code incorporated within this -implementation of Go constitutes direct or contributory patent -infringement, or inducement of patent infringement, then any patent -rights granted to you under this License for this implementation of Go -shall terminate as of the date such litigation is filed. diff --git a/vendor/golang.org/x/exp/constraints/constraints.go b/vendor/golang.org/x/exp/constraints/constraints.go deleted file mode 100644 index 2c033dff47e..00000000000 --- a/vendor/golang.org/x/exp/constraints/constraints.go +++ /dev/null @@ -1,50 +0,0 @@ -// Copyright 2021 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// Package constraints defines a set of useful constraints to be used -// with type parameters. -package constraints - -// Signed is a constraint that permits any signed integer type. -// If future releases of Go add new predeclared signed integer types, -// this constraint will be modified to include them. -type Signed interface { - ~int | ~int8 | ~int16 | ~int32 | ~int64 -} - -// Unsigned is a constraint that permits any unsigned integer type. -// If future releases of Go add new predeclared unsigned integer types, -// this constraint will be modified to include them. -type Unsigned interface { - ~uint | ~uint8 | ~uint16 | ~uint32 | ~uint64 | ~uintptr -} - -// Integer is a constraint that permits any integer type. -// If future releases of Go add new predeclared integer types, -// this constraint will be modified to include them. -type Integer interface { - Signed | Unsigned -} - -// Float is a constraint that permits any floating-point type. -// If future releases of Go add new predeclared floating-point types, -// this constraint will be modified to include them. -type Float interface { - ~float32 | ~float64 -} - -// Complex is a constraint that permits any complex numeric type. -// If future releases of Go add new predeclared complex numeric types, -// this constraint will be modified to include them. -type Complex interface { - ~complex64 | ~complex128 -} - -// Ordered is a constraint that permits any ordered type: any type -// that supports the operators < <= >= >. -// If future releases of Go add new ordered types, -// this constraint will be modified to include them. -type Ordered interface { - Integer | Float | ~string -} diff --git a/vendor/modules.txt b/vendor/modules.txt index 6b081b67553..8409d2c3e47 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -2,16 +2,18 @@ ## explicit; go 1.16 github.com/checkpoint-restore/go-criu/v6 github.com/checkpoint-restore/go-criu/v6/rpc -# github.com/cilium/ebpf v0.16.0 -## explicit; go 1.21 +# github.com/cilium/ebpf v0.17.0 +## explicit; go 1.22 github.com/cilium/ebpf github.com/cilium/ebpf/asm github.com/cilium/ebpf/btf github.com/cilium/ebpf/internal github.com/cilium/ebpf/internal/kallsyms github.com/cilium/ebpf/internal/kconfig +github.com/cilium/ebpf/internal/linux github.com/cilium/ebpf/internal/sys github.com/cilium/ebpf/internal/sysenc +github.com/cilium/ebpf/internal/testutils/fdtrace github.com/cilium/ebpf/internal/tracefs github.com/cilium/ebpf/internal/unix github.com/cilium/ebpf/link @@ -78,9 +80,6 @@ github.com/vishvananda/netlink/nl # github.com/vishvananda/netns v0.0.4 ## explicit; go 1.17 github.com/vishvananda/netns -# golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2 -## explicit; go 1.18 -golang.org/x/exp/constraints # golang.org/x/net v0.33.0 ## explicit; go 1.18 golang.org/x/net/bpf From 5855ba53036d51559ea0894c5eef8e2c82116e37 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 20 Dec 2024 04:10:23 +0000 Subject: [PATCH 0758/1176] build(deps): bump github.com/cilium/ebpf from 0.17.0 to 0.17.1 Bumps [github.com/cilium/ebpf](https://github.com/cilium/ebpf) from 0.17.0 to 0.17.1. - [Release notes](https://github.com/cilium/ebpf/releases) - [Commits](https://github.com/cilium/ebpf/compare/v0.17.0...v0.17.1) --- updated-dependencies: - dependency-name: github.com/cilium/ebpf dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- vendor/github.com/cilium/ebpf/prog.go | 2 +- vendor/modules.txt | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/go.mod b/go.mod index c90769e5af7..37d2205e999 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,7 @@ toolchain go1.22.4 require ( github.com/checkpoint-restore/go-criu/v6 v6.3.0 - github.com/cilium/ebpf v0.17.0 + github.com/cilium/ebpf v0.17.1 github.com/containerd/console v1.0.4 github.com/coreos/go-systemd/v22 v22.5.0 github.com/cyphar/filepath-securejoin v0.3.6 diff --git a/go.sum b/go.sum index daf1b74a81c..0a340f3fb83 100644 --- a/go.sum +++ b/go.sum @@ -1,8 +1,8 @@ github.com/BurntSushi/toml v1.4.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= github.com/checkpoint-restore/go-criu/v6 v6.3.0 h1:mIdrSO2cPNWQY1truPg6uHLXyKHk3Z5Odx4wjKOASzA= github.com/checkpoint-restore/go-criu/v6 v6.3.0/go.mod h1:rrRTN/uSwY2X+BPRl/gkulo9gsKOSAeVp9/K2tv7xZI= -github.com/cilium/ebpf v0.17.0 h1:wAgiAWE86w8DxbR/UJ9KsaaoUfjrO0yhg5yE7f898As= -github.com/cilium/ebpf v0.17.0/go.mod h1:vay2FaYSmIlv3r8dNACd4mW/OCaZLJKJOo+IHBvCIO8= +github.com/cilium/ebpf v0.17.1 h1:G8mzU81R2JA1nE5/8SRubzqvBMmAmri2VL8BIZPWvV0= +github.com/cilium/ebpf v0.17.1/go.mod h1:vay2FaYSmIlv3r8dNACd4mW/OCaZLJKJOo+IHBvCIO8= github.com/containerd/console v1.0.4 h1:F2g4+oChYvBTsASRTz8NP6iIAi97J3TtSAsLbIFn4ro= github.com/containerd/console v1.0.4/go.mod h1:YynlIjWYF8myEu6sdkwKIvGQq+cOckRm6So2avqoYAk= github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs= diff --git a/vendor/github.com/cilium/ebpf/prog.go b/vendor/github.com/cilium/ebpf/prog.go index 3767f28736a..4f3ce43bfae 100644 --- a/vendor/github.com/cilium/ebpf/prog.go +++ b/vendor/github.com/cilium/ebpf/prog.go @@ -451,7 +451,7 @@ func newProgramWithOptions(spec *ProgramSpec, opts ProgramOptions) (*Program, er // Make an educated guess how large the buffer should be by multiplying. // Ensure the size doesn't overflow. const factor = 2 - logSize := internal.Between(logSize, minVerifierLogSize, maxVerifierLogSize/factor) + logSize = internal.Between(logSize, minVerifierLogSize, maxVerifierLogSize/factor) logSize *= factor if attr.LogTrueSize != 0 { diff --git a/vendor/modules.txt b/vendor/modules.txt index 8409d2c3e47..a0e87062072 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -2,7 +2,7 @@ ## explicit; go 1.16 github.com/checkpoint-restore/go-criu/v6 github.com/checkpoint-restore/go-criu/v6/rpc -# github.com/cilium/ebpf v0.17.0 +# github.com/cilium/ebpf v0.17.1 ## explicit; go 1.22 github.com/cilium/ebpf github.com/cilium/ebpf/asm From 171c414904dd8374b343e12e6b5f281c21a302e0 Mon Sep 17 00:00:00 2001 From: lfbzhm Date: Thu, 6 Jun 2024 15:22:55 +0000 Subject: [PATCH 0759/1176] refactor init and setns process Introduce a common parent struct `containerProcess`, let both `initProcess` and `setnsProcess` are inherited from it. Signed-off-by: lfbzhm --- libcontainer/container_linux.go | 31 ++++--- libcontainer/process_linux.go | 159 +++++++++++--------------------- 2 files changed, 74 insertions(+), 116 deletions(-) diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index d2d740665ac..8212a331676 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -609,14 +609,16 @@ func (c *Container) newInitProcess(p *Process, cmd *exec.Cmd, comm *processComm) } init := &initProcess{ - cmd: cmd, - comm: comm, - manager: c.cgroupManager, + containerProcess: containerProcess{ + cmd: cmd, + comm: comm, + manager: c.cgroupManager, + config: c.newInitConfig(p), + process: p, + bootstrapData: data, + container: c, + }, intelRdtManager: c.intelRdtManager, - config: c.newInitConfig(p), - container: c, - process: p, - bootstrapData: data, } c.initProcess = init return init, nil @@ -632,15 +634,18 @@ func (c *Container) newSetnsProcess(p *Process, cmd *exec.Cmd, comm *processComm return nil, err } proc := &setnsProcess{ - cmd: cmd, + containerProcess: containerProcess{ + cmd: cmd, + comm: comm, + manager: c.cgroupManager, + config: c.newInitConfig(p), + process: p, + bootstrapData: data, + container: c, + }, cgroupPaths: state.CgroupPaths, rootlessCgroups: c.config.RootlessCgroups, intelRdtPath: state.IntelRdtPath, - comm: comm, - manager: c.cgroupManager, - config: c.newInitConfig(p), - process: p, - bootstrapData: data, initProcessPid: state.InitProcessPid, } if len(p.SubCgroupPaths) > 0 { diff --git a/libcontainer/process_linux.go b/libcontainer/process_linux.go index fcbb54a3e41..dde6aecf13a 100644 --- a/libcontainer/process_linux.go +++ b/libcontainer/process_linux.go @@ -95,26 +95,27 @@ func (c *processComm) closeParent() { // c.logPipeParent is kept alive for ForwardLogs } -type setnsProcess struct { - cmd *exec.Cmd - comm *processComm - cgroupPaths map[string]string - rootlessCgroups bool - manager cgroups.Manager - intelRdtPath string - config *initConfig - fds []string - process *Process - bootstrapData io.Reader - initProcessPid int +type containerProcess struct { + cmd *exec.Cmd + comm *processComm + config *initConfig + manager cgroups.Manager + fds []string + process *Process + bootstrapData io.Reader + container *Container +} + +func (p *containerProcess) pid() int { + return p.cmd.Process.Pid } -func (p *setnsProcess) startTime() (uint64, error) { +func (p *containerProcess) startTime() (uint64, error) { stat, err := system.Stat(p.pid()) return stat.StartTime, err } -func (p *setnsProcess) signal(sig os.Signal) error { +func (p *containerProcess) signal(sig os.Signal) error { s, ok := sig.(unix.Signal) if !ok { return errors.New("os: unsupported signal type") @@ -122,6 +123,46 @@ func (p *setnsProcess) signal(sig os.Signal) error { return unix.Kill(p.pid(), s) } +func (p *containerProcess) externalDescriptors() []string { + return p.fds +} + +func (p *containerProcess) setExternalDescriptors(newFds []string) { + p.fds = newFds +} + +func (p *containerProcess) forwardChildLogs() chan error { + return logs.ForwardLogs(p.comm.logPipeParent) +} + +// terminate sends a SIGKILL to the forked process for the setns routine then waits to +// avoid the process becoming a zombie. +func (p *containerProcess) terminate() error { + if p.cmd.Process == nil { + return nil + } + err := p.cmd.Process.Kill() + if _, werr := p.wait(); err == nil { + err = werr + } + return err +} + +func (p *containerProcess) wait() (*os.ProcessState, error) { //nolint:unparam + err := p.cmd.Wait() + + // Return actual ProcessState even on Wait error + return p.cmd.ProcessState, err +} + +type setnsProcess struct { + containerProcess + cgroupPaths map[string]string + rootlessCgroups bool + intelRdtPath string + initProcessPid int +} + func (p *setnsProcess) start() (retErr error) { defer p.comm.closeParent() @@ -318,60 +359,9 @@ func (p *setnsProcess) execSetns() error { return nil } -// terminate sends a SIGKILL to the forked process for the setns routine then waits to -// avoid the process becoming a zombie. -func (p *setnsProcess) terminate() error { - if p.cmd.Process == nil { - return nil - } - err := p.cmd.Process.Kill() - if _, werr := p.wait(); err == nil { - err = werr - } - return err -} - -func (p *setnsProcess) wait() (*os.ProcessState, error) { - err := p.cmd.Wait() - - // Return actual ProcessState even on Wait error - return p.cmd.ProcessState, err -} - -func (p *setnsProcess) pid() int { - return p.cmd.Process.Pid -} - -func (p *setnsProcess) externalDescriptors() []string { - return p.fds -} - -func (p *setnsProcess) setExternalDescriptors(newFds []string) { - p.fds = newFds -} - -func (p *setnsProcess) forwardChildLogs() chan error { - return logs.ForwardLogs(p.comm.logPipeParent) -} - type initProcess struct { - cmd *exec.Cmd - comm *processComm - config *initConfig - manager cgroups.Manager + containerProcess intelRdtManager *intelrdt.Manager - container *Container - fds []string - process *Process - bootstrapData io.Reader -} - -func (p *initProcess) pid() int { - return p.cmd.Process.Pid -} - -func (p *initProcess) externalDescriptors() []string { - return p.fds } // getChildPid receives the final child's pid over the provided pipe. @@ -789,27 +779,6 @@ func (p *initProcess) start() (retErr error) { return nil } -func (p *initProcess) wait() (*os.ProcessState, error) { - err := p.cmd.Wait() - return p.cmd.ProcessState, err -} - -func (p *initProcess) terminate() error { - if p.cmd.Process == nil { - return nil - } - err := p.cmd.Process.Kill() - if _, werr := p.wait(); err == nil { - err = werr - } - return err -} - -func (p *initProcess) startTime() (uint64, error) { - stat, err := system.Stat(p.pid()) - return stat.StartTime, err -} - func (p *initProcess) updateSpecState() error { s, err := p.container.currentOCIState() if err != nil { @@ -837,22 +806,6 @@ func (p *initProcess) createNetworkInterfaces() error { return nil } -func (p *initProcess) signal(sig os.Signal) error { - s, ok := sig.(unix.Signal) - if !ok { - return errors.New("os: unsupported signal type") - } - return unix.Kill(p.pid(), s) -} - -func (p *initProcess) setExternalDescriptors(newFds []string) { - p.fds = newFds -} - -func (p *initProcess) forwardChildLogs() chan error { - return logs.ForwardLogs(p.comm.logPipeParent) -} - func pidGetFd(pid, srcFd int) (*os.File, error) { pidFd, err := unix.PidfdOpen(pid, 0) if err != nil { From 8afeb5839872650880b15909167b2feeada0c2f0 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 9 Oct 2024 11:00:48 -0700 Subject: [PATCH 0760/1176] libct: add/use configs.HasHook This allows to omit a call to c.currentOCIState (which can be somewhat costly when there are many annotations) when the hooks of a given kind won't be run. Signed-off-by: Kir Kolyshkin --- libcontainer/configs/config.go | 13 +++++++++++++ libcontainer/container_linux.go | 2 +- libcontainer/criu_linux.go | 2 +- libcontainer/process_linux.go | 2 +- 4 files changed, 16 insertions(+), 3 deletions(-) diff --git a/libcontainer/configs/config.go b/libcontainer/configs/config.go index 22fe0f9b4c1..0c7a0128c74 100644 --- a/libcontainer/configs/config.go +++ b/libcontainer/configs/config.go @@ -332,6 +332,19 @@ const ( Poststop HookName = "poststop" ) +// HasHook checks if config has any hooks with any given names configured. +func (c *Config) HasHook(names ...HookName) bool { + if c.Hooks == nil { + return false + } + for _, h := range names { + if len(c.Hooks[h]) > 0 { + return true + } + } + return false +} + // KnownHookNames returns the known hook names. // Used by `runc features`. func KnownHookNames() []string { diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index 8212a331676..c99c8a6eea5 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -350,7 +350,7 @@ func (c *Container) start(process *Process) (retErr error) { if process.Init { c.fifo.Close() - if c.config.Hooks != nil { + if c.config.HasHook(configs.Poststart) { s, err := c.currentOCIState() if err != nil { return err diff --git a/libcontainer/criu_linux.go b/libcontainer/criu_linux.go index a7651958a88..ed08f5f40ed 100644 --- a/libcontainer/criu_linux.go +++ b/libcontainer/criu_linux.go @@ -1113,7 +1113,7 @@ func (c *Container) criuNotifications(resp *criurpc.CriuResp, process *Process, return err } case "setup-namespaces": - if c.config.Hooks != nil { + if c.config.HasHook(configs.Prestart, configs.CreateRuntime) { s, err := c.currentOCIState() if err != nil { return nil diff --git a/libcontainer/process_linux.go b/libcontainer/process_linux.go index dde6aecf13a..82b5f601559 100644 --- a/libcontainer/process_linux.go +++ b/libcontainer/process_linux.go @@ -740,7 +740,7 @@ func (p *initProcess) start() (retErr error) { return fmt.Errorf("error setting Intel RDT config for procHooks process: %w", err) } } - if len(p.config.Config.Hooks) != 0 { + if p.config.Config.HasHook(configs.Prestart, configs.CreateRuntime) { s, err := p.container.currentOCIState() if err != nil { return err From 93091e6ac2cb8c1a60b4565c04bdaad478da0e5e Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 9 Oct 2024 11:46:51 -0700 Subject: [PATCH 0761/1176] libct: don't pass SpecState to init unless needed SpecState field of initConfig is only needed to run hooks that are executed inside a container -- namely CreateContainer and StartContainer. If these hooks are not configured, there is no need to fill, marshal and unmarshal SpecState. While at it, inline updateSpecState as it is trivial and only has one user. Signed-off-by: Kir Kolyshkin --- libcontainer/process_linux.go | 21 +++++++++------------ libcontainer/rootfs_linux.go | 11 ++++++----- libcontainer/standard_init_linux.go | 11 ++++++----- 3 files changed, 21 insertions(+), 22 deletions(-) diff --git a/libcontainer/process_linux.go b/libcontainer/process_linux.go index 82b5f601559..eefd202b514 100644 --- a/libcontainer/process_linux.go +++ b/libcontainer/process_linux.go @@ -615,9 +615,16 @@ func (p *initProcess) start() (retErr error) { if err := p.createNetworkInterfaces(); err != nil { return fmt.Errorf("error creating network interfaces: %w", err) } - if err := p.updateSpecState(); err != nil { - return fmt.Errorf("error updating spec state: %w", err) + + // initConfig.SpecState is only needed to run hooks that are executed + // inside a container, i.e. CreateContainer and StartContainer. + if p.config.Config.HasHook(configs.CreateContainer, configs.StartContainer) { + p.config.SpecState, err = p.container.currentOCIState() + if err != nil { + return fmt.Errorf("error getting current state: %w", err) + } } + if err := utils.WriteJSON(p.comm.initSockParent, p.config); err != nil { return fmt.Errorf("error sending config to init process: %w", err) } @@ -779,16 +786,6 @@ func (p *initProcess) start() (retErr error) { return nil } -func (p *initProcess) updateSpecState() error { - s, err := p.container.currentOCIState() - if err != nil { - return err - } - - p.config.SpecState = s - return nil -} - func (p *initProcess) createNetworkInterfaces() error { for _, config := range p.config.Config.Networks { strategy, err := getStrategy(config.Type) diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index f7cd95dd189..158e03c56d9 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -195,11 +195,12 @@ func prepareRootfs(pipe *syncSocket, iConfig *initConfig) (err error) { return &os.PathError{Op: "chdir", Path: config.Rootfs, Err: err} } - s := iConfig.SpecState - s.Pid = unix.Getpid() - s.Status = specs.StateCreating - if err := iConfig.Config.Hooks.Run(configs.CreateContainer, s); err != nil { - return err + if s := iConfig.SpecState; s != nil { + s.Pid = unix.Getpid() + s.Status = specs.StateCreating + if err := iConfig.Config.Hooks.Run(configs.CreateContainer, s); err != nil { + return err + } } if config.NoPivotRoot { diff --git a/libcontainer/standard_init_linux.go b/libcontainer/standard_init_linux.go index 9f7fa45d533..ce6a896ce29 100644 --- a/libcontainer/standard_init_linux.go +++ b/libcontainer/standard_init_linux.go @@ -267,11 +267,12 @@ func (l *linuxStandardInit) Init() error { // https://github.com/torvalds/linux/blob/v4.9/fs/exec.c#L1290-L1318 _ = l.fifoFile.Close() - s := l.config.SpecState - s.Pid = unix.Getpid() - s.Status = specs.StateCreated - if err := l.config.Config.Hooks.Run(configs.StartContainer, s); err != nil { - return err + if s := l.config.SpecState; s != nil { + s.Pid = unix.Getpid() + s.Status = specs.StateCreated + if err := l.config.Config.Hooks.Run(configs.StartContainer, s); err != nil { + return err + } } // Close all file descriptors we are not passing to the container. This is From 2dc3ea4b87083b6c4b3737e8e8f9506e9be94853 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 26 Jun 2024 16:14:44 -0700 Subject: [PATCH 0762/1176] libct: simplify setIOPriority/setupScheduler calls Move the nil check inside, simplifying the callers. Fixes: bfbd0305 ("Add I/O priority") Fixes: 770728e1 ("Support `process.scheduler`") Signed-off-by: Kir Kolyshkin --- libcontainer/init_linux.go | 3 +++ libcontainer/process_linux.go | 9 +++++---- libcontainer/setns_init_linux.go | 6 ++---- libcontainer/standard_init_linux.go | 13 +++++-------- 4 files changed, 15 insertions(+), 16 deletions(-) diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go index d23153e9b3d..cc897703a68 100644 --- a/libcontainer/init_linux.go +++ b/libcontainer/init_linux.go @@ -662,6 +662,9 @@ func setupRlimits(limits []configs.Rlimit, pid int) error { } func setupScheduler(config *configs.Config) error { + if config.Scheduler == nil { + return nil + } attr, err := configs.ToSchedAttr(config.Scheduler) if err != nil { return err diff --git a/libcontainer/process_linux.go b/libcontainer/process_linux.go index dde6aecf13a..7e17fe5117a 100644 --- a/libcontainer/process_linux.go +++ b/libcontainer/process_linux.go @@ -166,10 +166,8 @@ type setnsProcess struct { func (p *setnsProcess) start() (retErr error) { defer p.comm.closeParent() - if p.process.IOPriority != nil { - if err := setIOPriority(p.process.IOPriority); err != nil { - return err - } + if err := setIOPriority(p.process.IOPriority); err != nil { + return err } // get the "before" value of oom kill count @@ -912,6 +910,9 @@ func (p *Process) InitializeIO(rootuid, rootgid int) (i *IO, err error) { func setIOPriority(ioprio *configs.IOPriority) error { const ioprioWhoPgrp = 1 + if ioprio == nil { + return nil + } class, ok := configs.IOPrioClassMapping[ioprio.Class] if !ok { return fmt.Errorf("invalid io priority class: %s", ioprio.Class) diff --git a/libcontainer/setns_init_linux.go b/libcontainer/setns_init_linux.go index 92c6ef77030..db4aa1463a6 100644 --- a/libcontainer/setns_init_linux.go +++ b/libcontainer/setns_init_linux.go @@ -71,10 +71,8 @@ func (l *linuxSetnsInit) Init() error { unix.Umask(int(*l.config.Config.Umask)) } - if l.config.Config.Scheduler != nil { - if err := setupScheduler(l.config.Config); err != nil { - return err - } + if err := setupScheduler(l.config.Config); err != nil { + return err } // Tell our parent that we're ready to exec. This must be done before the diff --git a/libcontainer/standard_init_linux.go b/libcontainer/standard_init_linux.go index 9f7fa45d533..fe6af5704d7 100644 --- a/libcontainer/standard_init_linux.go +++ b/libcontainer/standard_init_linux.go @@ -155,15 +155,12 @@ func (l *linuxStandardInit) Init() error { } } - if l.config.Config.Scheduler != nil { - if err := setupScheduler(l.config.Config); err != nil { - return err - } + if err := setupScheduler(l.config.Config); err != nil { + return err } - if l.config.Config.IOPriority != nil { - if err := setIOPriority(l.config.Config.IOPriority); err != nil { - return err - } + + if err := setIOPriority(l.config.Config.IOPriority); err != nil { + return err } // Tell our parent that we're ready to exec. This must be done before the From ec465d39f5b97ffb3b52539659f536fdf09027be Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 26 Jun 2024 16:17:36 -0700 Subject: [PATCH 0763/1176] utils: simplify newProcess This code is not in libcontainer, meaning it is only used by a short lived binary (runc start/run/exec). Unlike code in libcontainer (see CreateLibcontainerConfig), here we don't have to care about copying the structures supplied as input, meaning we can just reuse the pointers directly. Fixes: bfbd0305 ("Add I/O priority") Fixes: 770728e1 ("Support `process.scheduler`") Signed-off-by: Kir Kolyshkin --- utils_linux.go | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/utils_linux.go b/utils_linux.go index feb6ef80c4a..eef78ea3845 100644 --- a/utils_linux.go +++ b/utils_linux.go @@ -55,6 +55,8 @@ func newProcess(p specs.Process) (*libcontainer.Process, error) { Label: p.SelinuxLabel, NoNewPrivileges: &p.NoNewPrivileges, AppArmorProfile: p.ApparmorProfile, + Scheduler: p.Scheduler, + IOPriority: p.IOPriority, } if p.ConsoleSize != nil { @@ -62,16 +64,6 @@ func newProcess(p specs.Process) (*libcontainer.Process, error) { lp.ConsoleHeight = uint16(p.ConsoleSize.Height) } - if p.Scheduler != nil { - s := *p.Scheduler - lp.Scheduler = &s - } - - if p.IOPriority != nil { - ioPriority := *p.IOPriority - lp.IOPriority = &ioPriority - } - if p.Capabilities != nil { lp.Capabilities = &configs.Capabilities{} lp.Capabilities.Bounding = p.Capabilities.Bounding From 5d3942eec37a2608d20711ad2abb6065226a360f Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 26 Jun 2024 17:22:02 -0700 Subject: [PATCH 0764/1176] libct: unify IOPriority setting For some reason, io priority is set in different places between runc start/run and runc exec: - for runc start/run, it is done in the middle of (*linuxStandardInit).Init, close to the place where we exec runc init. - for runc exec, it is done much earlier, in (*setnsProcess) start(). Let's move setIOPriority call for runc exec to (*linuxSetnsInit).Init, so it is in the same logical place as for runc start/run. Also, move the function itself to init_linux.go as it's part of init. Should not have any visible effect, except part of runc init is run with a different I/O priority. While at it, rename setIOPriority to setupIOPriority, and make it accept the whole *configs.Config, for uniformity with other similar functions. Fixes: bfbd0305 ("Add I/O priority") Signed-off-by: Kir Kolyshkin --- libcontainer/init_linux.go | 22 ++++++++++++++++++++++ libcontainer/process_linux.go | 25 ------------------------- libcontainer/setns_init_linux.go | 3 +++ libcontainer/standard_init_linux.go | 2 +- 4 files changed, 26 insertions(+), 26 deletions(-) diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go index cc897703a68..086f3125863 100644 --- a/libcontainer/init_linux.go +++ b/libcontainer/init_linux.go @@ -678,6 +678,28 @@ func setupScheduler(config *configs.Config) error { return nil } +func setupIOPriority(config *configs.Config) error { + const ioprioWhoPgrp = 1 + + ioprio := config.IOPriority + if ioprio == nil { + return nil + } + class, ok := configs.IOPrioClassMapping[ioprio.Class] + if !ok { + return fmt.Errorf("invalid io priority class: %s", ioprio.Class) + } + + // Combine class and priority into a single value + // https://github.com/torvalds/linux/blob/v5.18/include/uapi/linux/ioprio.h#L5-L17 + iop := (class << 13) | ioprio.Priority + _, _, errno := unix.RawSyscall(unix.SYS_IOPRIO_SET, ioprioWhoPgrp, 0, uintptr(iop)) + if errno != 0 { + return fmt.Errorf("failed to set io priority: %w", errno) + } + return nil +} + func setupPersonality(config *configs.Config) error { return system.SetLinuxPersonality(config.Personality.Domain) } diff --git a/libcontainer/process_linux.go b/libcontainer/process_linux.go index 7e17fe5117a..9b20f2d6695 100644 --- a/libcontainer/process_linux.go +++ b/libcontainer/process_linux.go @@ -166,10 +166,6 @@ type setnsProcess struct { func (p *setnsProcess) start() (retErr error) { defer p.comm.closeParent() - if err := setIOPriority(p.process.IOPriority); err != nil { - return err - } - // get the "before" value of oom kill count oom, _ := p.manager.OOMKillCount() err := p.cmd.Start() @@ -906,24 +902,3 @@ func (p *Process) InitializeIO(rootuid, rootgid int) (i *IO, err error) { } return i, nil } - -func setIOPriority(ioprio *configs.IOPriority) error { - const ioprioWhoPgrp = 1 - - if ioprio == nil { - return nil - } - class, ok := configs.IOPrioClassMapping[ioprio.Class] - if !ok { - return fmt.Errorf("invalid io priority class: %s", ioprio.Class) - } - - // Combine class and priority into a single value - // https://github.com/torvalds/linux/blob/v5.18/include/uapi/linux/ioprio.h#L5-L17 - iop := (class << 13) | ioprio.Priority - _, _, errno := unix.RawSyscall(unix.SYS_IOPRIO_SET, ioprioWhoPgrp, 0, uintptr(iop)) - if errno != 0 { - return fmt.Errorf("failed to set io priority: %w", errno) - } - return nil -} diff --git a/libcontainer/setns_init_linux.go b/libcontainer/setns_init_linux.go index db4aa1463a6..462662a84ed 100644 --- a/libcontainer/setns_init_linux.go +++ b/libcontainer/setns_init_linux.go @@ -75,6 +75,9 @@ func (l *linuxSetnsInit) Init() error { return err } + if err := setupIOPriority(l.config.Config); err != nil { + return err + } // Tell our parent that we're ready to exec. This must be done before the // Seccomp rules have been applied, because we need to be able to read and // write to a socket. diff --git a/libcontainer/standard_init_linux.go b/libcontainer/standard_init_linux.go index fe6af5704d7..65444f38ae0 100644 --- a/libcontainer/standard_init_linux.go +++ b/libcontainer/standard_init_linux.go @@ -159,7 +159,7 @@ func (l *linuxStandardInit) Init() error { return err } - if err := setIOPriority(l.config.Config.IOPriority); err != nil { + if err := setupIOPriority(l.config.Config); err != nil { return err } From 7334ee01e606c1bb79bba1d62ee4d931cf495e9b Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 21 Oct 2024 15:00:11 -0700 Subject: [PATCH 0765/1176] libct/configs: rm IOPrioClassMapping This is an internal implementation detail and should not be either public or visible. Amend setIOPriority to do own class conversion. Fixes: bfbd0305 ("Add I/O priority") Signed-off-by: Kir Kolyshkin --- libcontainer/configs/config.go | 6 ------ libcontainer/init_linux.go | 11 +++++++++-- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/libcontainer/configs/config.go b/libcontainer/configs/config.go index 22fe0f9b4c1..4436aaa0cfa 100644 --- a/libcontainer/configs/config.go +++ b/libcontainer/configs/config.go @@ -286,12 +286,6 @@ func ToSchedAttr(scheduler *Scheduler) (*unix.SchedAttr, error) { }, nil } -var IOPrioClassMapping = map[specs.IOPriorityClass]int{ - specs.IOPRIO_CLASS_RT: 1, - specs.IOPRIO_CLASS_BE: 2, - specs.IOPRIO_CLASS_IDLE: 3, -} - type IOPriority = specs.LinuxIOPriority type ( diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go index 086f3125863..b218a6cb126 100644 --- a/libcontainer/init_linux.go +++ b/libcontainer/init_linux.go @@ -685,8 +685,15 @@ func setupIOPriority(config *configs.Config) error { if ioprio == nil { return nil } - class, ok := configs.IOPrioClassMapping[ioprio.Class] - if !ok { + class := 0 + switch ioprio.Class { + case specs.IOPRIO_CLASS_RT: + class = 1 + case specs.IOPRIO_CLASS_BE: + class = 2 + case specs.IOPRIO_CLASS_IDLE: + class = 3 + default: return fmt.Errorf("invalid io priority class: %s", ioprio.Class) } From 57462491c1a3b02a513c667920995220c75eae25 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 21 Oct 2024 15:15:14 -0700 Subject: [PATCH 0766/1176] libct/configs/validate: add IOPriority.Class validation Signed-off-by: Kir Kolyshkin --- libcontainer/configs/validate/validator.go | 8 ++++++++ libcontainer/configs/validate/validator_test.go | 12 +++++++++--- 2 files changed, 17 insertions(+), 3 deletions(-) diff --git a/libcontainer/configs/validate/validator.go b/libcontainer/configs/validate/validator.go index 37ece0aebbd..7d17676ed18 100644 --- a/libcontainer/configs/validate/validator.go +++ b/libcontainer/configs/validate/validator.go @@ -406,5 +406,13 @@ func ioPriority(config *configs.Config) error { if priority < 0 || priority > 7 { return fmt.Errorf("invalid ioPriority.Priority: %d", priority) } + + switch class := config.IOPriority.Class; class { + case specs.IOPRIO_CLASS_RT, specs.IOPRIO_CLASS_BE, specs.IOPRIO_CLASS_IDLE: + // Valid class, do nothing. + default: + return fmt.Errorf("invalid ioPriority.Class: %q", class) + } + return nil } diff --git a/libcontainer/configs/validate/validator_test.go b/libcontainer/configs/validate/validator_test.go index b0b740a122d..d157feea5bc 100644 --- a/libcontainer/configs/validate/validator_test.go +++ b/libcontainer/configs/validate/validator_test.go @@ -847,15 +847,21 @@ func TestValidateIOPriority(t *testing.T) { testCases := []struct { isErr bool priority int + class specs.IOPriorityClass }{ - {isErr: false, priority: 0}, - {isErr: false, priority: 7}, - {isErr: true, priority: -1}, + {isErr: false, priority: 0, class: specs.IOPRIO_CLASS_IDLE}, + {isErr: false, priority: 7, class: specs.IOPRIO_CLASS_RT}, + {isErr: false, priority: 3, class: specs.IOPRIO_CLASS_BE}, + // Invalid priority. + {isErr: true, priority: -1, class: specs.IOPRIO_CLASS_BE}, + // Invalid class. + {isErr: true, priority: 3, class: specs.IOPriorityClass("IOPRIO_CLASS_WOW")}, } for _, tc := range testCases { ioPriroty := configs.IOPriority{ Priority: tc.priority, + Class: tc.class, } config := &configs.Config{ Rootfs: "/var", From f848304994b81112746b844eecd424e5f3914606 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 24 Dec 2024 04:33:24 +0000 Subject: [PATCH 0767/1176] build(deps): bump google.golang.org/protobuf from 1.36.0 to 1.36.1 Bumps google.golang.org/protobuf from 1.36.0 to 1.36.1. --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 +- .../protobuf/internal/errors/is_go112.go | 40 ------------------- .../protobuf/internal/errors/is_go113.go | 13 ------ .../protobuf/internal/impl/message_reflect.go | 4 +- .../protobuf/internal/version/version.go | 2 +- vendor/modules.txt | 2 +- 7 files changed, 6 insertions(+), 61 deletions(-) delete mode 100644 vendor/google.golang.org/protobuf/internal/errors/is_go112.go delete mode 100644 vendor/google.golang.org/protobuf/internal/errors/is_go113.go diff --git a/go.mod b/go.mod index 37d2205e999..253f58a704d 100644 --- a/go.mod +++ b/go.mod @@ -28,7 +28,7 @@ require ( github.com/vishvananda/netlink v1.3.0 golang.org/x/net v0.33.0 golang.org/x/sys v0.28.0 - google.golang.org/protobuf v1.36.0 + google.golang.org/protobuf v1.36.1 ) require ( diff --git a/go.sum b/go.sum index 0a340f3fb83..5de19cf4cec 100644 --- a/go.sum +++ b/go.sum @@ -95,8 +95,8 @@ golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.36.0 h1:mjIs9gYtt56AzC4ZaffQuh88TZurBGhIJMBZGSxNerQ= -google.golang.org/protobuf v1.36.0/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= +google.golang.org/protobuf v1.36.1 h1:yBPeRvTftaleIgM3PZ/WBIZ7XM/eEYAaEyCwvyjq/gk= +google.golang.org/protobuf v1.36.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/vendor/google.golang.org/protobuf/internal/errors/is_go112.go b/vendor/google.golang.org/protobuf/internal/errors/is_go112.go deleted file mode 100644 index fbcd349207d..00000000000 --- a/vendor/google.golang.org/protobuf/internal/errors/is_go112.go +++ /dev/null @@ -1,40 +0,0 @@ -// Copyright 2020 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -//go:build !go1.13 -// +build !go1.13 - -package errors - -import "reflect" - -// Is is a copy of Go 1.13's errors.Is for use with older Go versions. -func Is(err, target error) bool { - if target == nil { - return err == target - } - - isComparable := reflect.TypeOf(target).Comparable() - for { - if isComparable && err == target { - return true - } - if x, ok := err.(interface{ Is(error) bool }); ok && x.Is(target) { - return true - } - if err = unwrap(err); err == nil { - return false - } - } -} - -func unwrap(err error) error { - u, ok := err.(interface { - Unwrap() error - }) - if !ok { - return nil - } - return u.Unwrap() -} diff --git a/vendor/google.golang.org/protobuf/internal/errors/is_go113.go b/vendor/google.golang.org/protobuf/internal/errors/is_go113.go deleted file mode 100644 index 5e72f1cde9e..00000000000 --- a/vendor/google.golang.org/protobuf/internal/errors/is_go113.go +++ /dev/null @@ -1,13 +0,0 @@ -// Copyright 2020 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -//go:build go1.13 -// +build go1.13 - -package errors - -import "errors" - -// Is is errors.Is. -func Is(err, target error) bool { return errors.Is(err, target) } diff --git a/vendor/google.golang.org/protobuf/internal/impl/message_reflect.go b/vendor/google.golang.org/protobuf/internal/impl/message_reflect.go index 1b9b16a4079..31c19b54f8d 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/message_reflect.go +++ b/vendor/google.golang.org/protobuf/internal/impl/message_reflect.go @@ -85,9 +85,7 @@ func (mi *MessageInfo) makeKnownFieldsFunc(si structInfo) { mi.oneofs = map[protoreflect.Name]*oneofInfo{} for i := 0; i < md.Oneofs().Len(); i++ { od := md.Oneofs().Get(i) - if !od.IsSynthetic() { - mi.oneofs[od.Name()] = makeOneofInfo(od, si, mi.Exporter) - } + mi.oneofs[od.Name()] = makeOneofInfo(od, si, mi.Exporter) } mi.denseFields = make([]*fieldInfo, fds.Len()*2) diff --git a/vendor/google.golang.org/protobuf/internal/version/version.go b/vendor/google.golang.org/protobuf/internal/version/version.go index e27eaefcf3a..3018450df79 100644 --- a/vendor/google.golang.org/protobuf/internal/version/version.go +++ b/vendor/google.golang.org/protobuf/internal/version/version.go @@ -52,7 +52,7 @@ import ( const ( Major = 1 Minor = 36 - Patch = 0 + Patch = 1 PreRelease = "" ) diff --git a/vendor/modules.txt b/vendor/modules.txt index a0e87062072..28f0c9326fb 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -87,7 +87,7 @@ golang.org/x/net/bpf ## explicit; go 1.18 golang.org/x/sys/unix golang.org/x/sys/windows -# google.golang.org/protobuf v1.36.0 +# google.golang.org/protobuf v1.36.1 ## explicit; go 1.21 google.golang.org/protobuf/encoding/prototext google.golang.org/protobuf/encoding/protowire From c0abf76e0f15dfcb82754fa68436922db52d9432 Mon Sep 17 00:00:00 2001 From: Rin Arakaki Date: Sun, 29 Dec 2024 14:36:49 +0900 Subject: [PATCH 0768/1176] Update README.md Signed-off-by: Rin Arakaki --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 5b1ac15d55e..bd946dea6ea 100644 --- a/README.md +++ b/README.md @@ -27,7 +27,7 @@ A third party security audit was performed by Cure53, you can see the full repor ## Building -`runc` only supports Linux. See the header of [`go.mod`](./go mod) for the required Go version. +`runc` only supports Linux. See the header of [`go.mod`](./go.mod) for the required Go version. ### Pre-Requisites From 83350c24a979d9982f9c35a9311ef41180d7c4bd Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 3 Jan 2025 13:43:22 -0800 Subject: [PATCH 0769/1176] libct/system: rm Fexecve This helper was added for runc-dmz in commit dac417174, but runc-dmz was later removed in commit 871057d, which forgot to remove the helper. Signed-off-by: Kir Kolyshkin --- libcontainer/system/linux.go | 45 ------------------------------------ 1 file changed, 45 deletions(-) diff --git a/libcontainer/system/linux.go b/libcontainer/system/linux.go index 7bbf92a3d30..e8ce0ecac9d 100644 --- a/libcontainer/system/linux.go +++ b/libcontainer/system/linux.go @@ -6,8 +6,6 @@ import ( "fmt" "io" "os" - "strconv" - "syscall" "unsafe" "github.com/sirupsen/logrus" @@ -43,49 +41,6 @@ func Exec(cmd string, args []string, env []string) error { } } -func execveat(fd uintptr, pathname string, args []string, env []string, flags int) error { - pathnamep, err := syscall.BytePtrFromString(pathname) - if err != nil { - return err - } - - argvp, err := syscall.SlicePtrFromStrings(args) - if err != nil { - return err - } - - envp, err := syscall.SlicePtrFromStrings(env) - if err != nil { - return err - } - - _, _, errno := syscall.Syscall6( - unix.SYS_EXECVEAT, - fd, - uintptr(unsafe.Pointer(pathnamep)), - uintptr(unsafe.Pointer(&argvp[0])), - uintptr(unsafe.Pointer(&envp[0])), - uintptr(flags), - 0, - ) - return errno -} - -func Fexecve(fd uintptr, args []string, env []string) error { - var err error - for { - err = execveat(fd, "", args, env, unix.AT_EMPTY_PATH) - if err != unix.EINTR { // nolint:errorlint // unix errors are bare - break - } - } - if err == unix.ENOSYS { // nolint:errorlint // unix errors are bare - // Fallback to classic /proc/self/fd/... exec. - return Exec("/proc/self/fd/"+strconv.Itoa(int(fd)), args, env) - } - return os.NewSyscallError("execveat", err) -} - func SetParentDeathSignal(sig uintptr) error { if err := unix.Prctl(unix.PR_SET_PDEATHSIG, sig, 0, 0, 0); err != nil { return err From 48ad17f4c6e2c21b8a42eccfc82bfeefcb1fc661 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 6 Jan 2025 04:55:38 +0000 Subject: [PATCH 0770/1176] build(deps): bump golang.org/x/sys from 0.28.0 to 0.29.0 Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.28.0 to 0.29.0. - [Commits](https://github.com/golang/sys/compare/v0.28.0...v0.29.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- vendor/golang.org/x/sys/unix/syscall_dragonfly.go | 12 ++++++++++++ vendor/golang.org/x/sys/windows/dll_windows.go | 11 +++++------ vendor/modules.txt | 2 +- 5 files changed, 21 insertions(+), 10 deletions(-) diff --git a/go.mod b/go.mod index 253f58a704d..cca3dea1bbf 100644 --- a/go.mod +++ b/go.mod @@ -27,7 +27,7 @@ require ( github.com/urfave/cli v1.22.16 github.com/vishvananda/netlink v1.3.0 golang.org/x/net v0.33.0 - golang.org/x/sys v0.28.0 + golang.org/x/sys v0.29.0 google.golang.org/protobuf v1.36.1 ) diff --git a/go.sum b/go.sum index 5de19cf4cec..749212cc79c 100644 --- a/go.sum +++ b/go.sum @@ -90,8 +90,8 @@ golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= -golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU= +golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= diff --git a/vendor/golang.org/x/sys/unix/syscall_dragonfly.go b/vendor/golang.org/x/sys/unix/syscall_dragonfly.go index 97cb916f2c9..be8c0020701 100644 --- a/vendor/golang.org/x/sys/unix/syscall_dragonfly.go +++ b/vendor/golang.org/x/sys/unix/syscall_dragonfly.go @@ -246,6 +246,18 @@ func Sendfile(outfd int, infd int, offset *int64, count int) (written int, err e return sendfile(outfd, infd, offset, count) } +func Dup3(oldfd, newfd, flags int) error { + if oldfd == newfd || flags&^O_CLOEXEC != 0 { + return EINVAL + } + how := F_DUP2FD + if flags&O_CLOEXEC != 0 { + how = F_DUP2FD_CLOEXEC + } + _, err := fcntl(oldfd, how, newfd) + return err +} + /* * Exposed directly */ diff --git a/vendor/golang.org/x/sys/windows/dll_windows.go b/vendor/golang.org/x/sys/windows/dll_windows.go index 4e613cf6335..3ca814f54d4 100644 --- a/vendor/golang.org/x/sys/windows/dll_windows.go +++ b/vendor/golang.org/x/sys/windows/dll_windows.go @@ -43,8 +43,8 @@ type DLL struct { // LoadDLL loads DLL file into memory. // // Warning: using LoadDLL without an absolute path name is subject to -// DLL preloading attacks. To safely load a system DLL, use LazyDLL -// with System set to true, or use LoadLibraryEx directly. +// DLL preloading attacks. To safely load a system DLL, use [NewLazySystemDLL], +// or use [LoadLibraryEx] directly. func LoadDLL(name string) (dll *DLL, err error) { namep, err := UTF16PtrFromString(name) if err != nil { @@ -271,6 +271,9 @@ func (d *LazyDLL) NewProc(name string) *LazyProc { } // NewLazyDLL creates new LazyDLL associated with DLL file. +// +// Warning: using NewLazyDLL without an absolute path name is subject to +// DLL preloading attacks. To safely load a system DLL, use [NewLazySystemDLL]. func NewLazyDLL(name string) *LazyDLL { return &LazyDLL{Name: name} } @@ -410,7 +413,3 @@ func loadLibraryEx(name string, system bool) (*DLL, error) { } return &DLL{Name: name, Handle: h}, nil } - -type errString string - -func (s errString) Error() string { return string(s) } diff --git a/vendor/modules.txt b/vendor/modules.txt index 28f0c9326fb..481154fac7b 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -83,7 +83,7 @@ github.com/vishvananda/netns # golang.org/x/net v0.33.0 ## explicit; go 1.18 golang.org/x/net/bpf -# golang.org/x/sys v0.28.0 +# golang.org/x/sys v0.29.0 ## explicit; go 1.18 golang.org/x/sys/unix golang.org/x/sys/windows From 061483b62a6689f316c04ce374e507acf1b08f6b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 7 Jan 2025 04:35:23 +0000 Subject: [PATCH 0771/1176] build(deps): bump golang.org/x/net from 0.33.0 to 0.34.0 Bumps [golang.org/x/net](https://github.com/golang/net) from 0.33.0 to 0.34.0. - [Commits](https://github.com/golang/net/compare/v0.33.0...v0.34.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- vendor/modules.txt | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index cca3dea1bbf..5c83e0bf7b8 100644 --- a/go.mod +++ b/go.mod @@ -26,7 +26,7 @@ require ( github.com/sirupsen/logrus v1.9.3 github.com/urfave/cli v1.22.16 github.com/vishvananda/netlink v1.3.0 - golang.org/x/net v0.33.0 + golang.org/x/net v0.34.0 golang.org/x/sys v0.29.0 google.golang.org/protobuf v1.36.1 ) diff --git a/go.sum b/go.sum index 749212cc79c..86c7eb1a8de 100644 --- a/go.sum +++ b/go.sum @@ -81,8 +81,8 @@ github.com/vishvananda/netlink v1.3.0 h1:X7l42GfcV4S6E4vHTsw48qbrV+9PVojNfIhZcwQ github.com/vishvananda/netlink v1.3.0/go.mod h1:i6NetklAujEcC6fK0JPjT8qSwWyO0HLn4UKG+hGqeJs= github.com/vishvananda/netns v0.0.4 h1:Oeaw1EM2JMxD51g9uhtC0D7erkIjgmj8+JZc26m1YX8= github.com/vishvananda/netns v0.0.4/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM= -golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I= -golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= +golang.org/x/net v0.34.0 h1:Mb7Mrk043xzHgnRM88suvJFwzVrRfHEHJEl5/71CKw0= +golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k= golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= diff --git a/vendor/modules.txt b/vendor/modules.txt index 481154fac7b..25d8d639635 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -80,7 +80,7 @@ github.com/vishvananda/netlink/nl # github.com/vishvananda/netns v0.0.4 ## explicit; go 1.17 github.com/vishvananda/netns -# golang.org/x/net v0.33.0 +# golang.org/x/net v0.34.0 ## explicit; go 1.18 golang.org/x/net/bpf # golang.org/x/sys v0.29.0 From 1890af6d453c77e246f84a71a259b6f7582451f1 Mon Sep 17 00:00:00 2001 From: Tomasz Duda Date: Sun, 8 Dec 2024 21:49:18 +0100 Subject: [PATCH 0772/1176] support cgroup v1 mounted with noprefix Android mounts the v1 cpuset cgroup with the noprefix option. As a result, runc first attempts to access cpuset files using the prefix format (e.g., cpuset.cpus). If this fails, it falls back to accessing them without the prefix (e.g., cpus). Once a successful access method is determined, it is cached and used for all subsequent operations. Only the v1 cpuset cgroup is allowed to mount with noprefix. See kernel source: https://github.com/torvalds/linux/blob/2e1b3cc9d7f790145a80cb705b168f05dab65df2/kernel/cgroup/cgroup-v1.c#L1070. Cpuset cannot be mounted with and without prefix simultaneously. Signed-off-by: Tomasz Duda --- libcontainer/cgroups/fs/cpuset.go | 69 +++++++++++++++++++++++-------- 1 file changed, 52 insertions(+), 17 deletions(-) diff --git a/libcontainer/cgroups/fs/cpuset.go b/libcontainer/cgroups/fs/cpuset.go index 4cf1f30ff6c..c5ff0dacf69 100644 --- a/libcontainer/cgroups/fs/cpuset.go +++ b/libcontainer/cgroups/fs/cpuset.go @@ -6,6 +6,7 @@ import ( "path/filepath" "strconv" "strings" + "sync" "golang.org/x/sys/unix" @@ -13,6 +14,40 @@ import ( "github.com/opencontainers/runc/libcontainer/cgroups/fscommon" ) +var ( + cpusetLock sync.Mutex + cpusetPrefix = "cpuset." + cpusetFastPath bool +) + +func cpusetFile(path string, name string) string { + cpusetLock.Lock() + defer cpusetLock.Unlock() + + // Only the v1 cpuset cgroup is allowed to mount with noprefix. + // See kernel source: https://github.com/torvalds/linux/blob/2e1b3cc9d7f790145a80cb705b168f05dab65df2/kernel/cgroup/cgroup-v1.c#L1070 + // Cpuset cannot be mounted with and without prefix simultaneously. + // Commonly used in Android environments. + + if cpusetFastPath { + return cpusetPrefix + name + } + + err := unix.Access(filepath.Join(path, cpusetPrefix+name), unix.F_OK) + if err == nil { + // Use the fast path only if we can access one type of mount for cpuset already + cpusetFastPath = true + } else { + err = unix.Access(filepath.Join(path, name), unix.F_OK) + if err == nil { + cpusetPrefix = "" + cpusetFastPath = true + } + } + + return cpusetPrefix + name +} + type CpusetGroup struct{} func (s *CpusetGroup) Name() string { @@ -25,12 +60,12 @@ func (s *CpusetGroup) Apply(path string, r *cgroups.Resources, pid int) error { func (s *CpusetGroup) Set(path string, r *cgroups.Resources) error { if r.CpusetCpus != "" { - if err := cgroups.WriteFile(path, "cpuset.cpus", r.CpusetCpus); err != nil { + if err := cgroups.WriteFile(path, cpusetFile(path, "cpus"), r.CpusetCpus); err != nil { return err } } if r.CpusetMems != "" { - if err := cgroups.WriteFile(path, "cpuset.mems", r.CpusetMems); err != nil { + if err := cgroups.WriteFile(path, cpusetFile(path, "mems"), r.CpusetMems); err != nil { return err } } @@ -82,57 +117,57 @@ func getCpusetStat(path string, file string) ([]uint16, error) { func (s *CpusetGroup) GetStats(path string, stats *cgroups.Stats) error { var err error - stats.CPUSetStats.CPUs, err = getCpusetStat(path, "cpuset.cpus") + stats.CPUSetStats.CPUs, err = getCpusetStat(path, cpusetFile(path, "cpus")) if err != nil && !errors.Is(err, os.ErrNotExist) { return err } - stats.CPUSetStats.CPUExclusive, err = fscommon.GetCgroupParamUint(path, "cpuset.cpu_exclusive") + stats.CPUSetStats.CPUExclusive, err = fscommon.GetCgroupParamUint(path, cpusetFile(path, "cpu_exclusive")) if err != nil && !errors.Is(err, os.ErrNotExist) { return err } - stats.CPUSetStats.Mems, err = getCpusetStat(path, "cpuset.mems") + stats.CPUSetStats.Mems, err = getCpusetStat(path, cpusetFile(path, "mems")) if err != nil && !errors.Is(err, os.ErrNotExist) { return err } - stats.CPUSetStats.MemHardwall, err = fscommon.GetCgroupParamUint(path, "cpuset.mem_hardwall") + stats.CPUSetStats.MemHardwall, err = fscommon.GetCgroupParamUint(path, cpusetFile(path, "mem_hardwall")) if err != nil && !errors.Is(err, os.ErrNotExist) { return err } - stats.CPUSetStats.MemExclusive, err = fscommon.GetCgroupParamUint(path, "cpuset.mem_exclusive") + stats.CPUSetStats.MemExclusive, err = fscommon.GetCgroupParamUint(path, cpusetFile(path, "mem_exclusive")) if err != nil && !errors.Is(err, os.ErrNotExist) { return err } - stats.CPUSetStats.MemoryMigrate, err = fscommon.GetCgroupParamUint(path, "cpuset.memory_migrate") + stats.CPUSetStats.MemoryMigrate, err = fscommon.GetCgroupParamUint(path, cpusetFile(path, "memory_migrate")) if err != nil && !errors.Is(err, os.ErrNotExist) { return err } - stats.CPUSetStats.MemorySpreadPage, err = fscommon.GetCgroupParamUint(path, "cpuset.memory_spread_page") + stats.CPUSetStats.MemorySpreadPage, err = fscommon.GetCgroupParamUint(path, cpusetFile(path, "memory_spread_page")) if err != nil && !errors.Is(err, os.ErrNotExist) { return err } - stats.CPUSetStats.MemorySpreadSlab, err = fscommon.GetCgroupParamUint(path, "cpuset.memory_spread_slab") + stats.CPUSetStats.MemorySpreadSlab, err = fscommon.GetCgroupParamUint(path, cpusetFile(path, "memory_spread_slab")) if err != nil && !errors.Is(err, os.ErrNotExist) { return err } - stats.CPUSetStats.MemoryPressure, err = fscommon.GetCgroupParamUint(path, "cpuset.memory_pressure") + stats.CPUSetStats.MemoryPressure, err = fscommon.GetCgroupParamUint(path, cpusetFile(path, "memory_pressure")) if err != nil && !errors.Is(err, os.ErrNotExist) { return err } - stats.CPUSetStats.SchedLoadBalance, err = fscommon.GetCgroupParamUint(path, "cpuset.sched_load_balance") + stats.CPUSetStats.SchedLoadBalance, err = fscommon.GetCgroupParamUint(path, cpusetFile(path, "sched_load_balance")) if err != nil && !errors.Is(err, os.ErrNotExist) { return err } - stats.CPUSetStats.SchedRelaxDomainLevel, err = fscommon.GetCgroupParamInt(path, "cpuset.sched_relax_domain_level") + stats.CPUSetStats.SchedRelaxDomainLevel, err = fscommon.GetCgroupParamInt(path, cpusetFile(path, "sched_relax_domain_level")) if err != nil && !errors.Is(err, os.ErrNotExist) { return err } @@ -171,10 +206,10 @@ func (s *CpusetGroup) ApplyDir(dir string, r *cgroups.Resources, pid int) error } func getCpusetSubsystemSettings(parent string) (cpus, mems string, err error) { - if cpus, err = cgroups.ReadFile(parent, "cpuset.cpus"); err != nil { + if cpus, err = cgroups.ReadFile(parent, cpusetFile(parent, "cpus")); err != nil { return } - if mems, err = cgroups.ReadFile(parent, "cpuset.mems"); err != nil { + if mems, err = cgroups.ReadFile(parent, cpusetFile(parent, "mems")); err != nil { return } return cpus, mems, nil @@ -220,12 +255,12 @@ func cpusetCopyIfNeeded(current, parent string) error { } if isEmptyCpuset(currentCpus) { - if err := cgroups.WriteFile(current, "cpuset.cpus", parentCpus); err != nil { + if err := cgroups.WriteFile(current, cpusetFile(current, "cpus"), parentCpus); err != nil { return err } } if isEmptyCpuset(currentMems) { - if err := cgroups.WriteFile(current, "cpuset.mems", parentMems); err != nil { + if err := cgroups.WriteFile(current, cpusetFile(current, "mems"), parentMems); err != nil { return err } } From a22ea827a892adf7c2d6b6289b56aa3bffc90f90 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 7 Jan 2025 13:46:13 -0800 Subject: [PATCH 0773/1176] tests/int/hooks_so: don't hardcode soname Reuse the appropriate variables instead. No functional change. Signed-off-by: Kir Kolyshkin --- tests/integration/hooks_so.bats | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/integration/hooks_so.bats b/tests/integration/hooks_so.bats index 2ebc174e5a1..44299ab57a6 100644 --- a/tests/integration/hooks_so.bats +++ b/tests/integration/hooks_so.bats @@ -24,8 +24,8 @@ function teardown() { @test "runc run (hooks library tests)" { # setup some dummy libs - gcc -shared -Wl,-soname,librunc-hooks-create-runtime.so.1 -o "$HOOKLIBCR.1.0.0" - gcc -shared -Wl,-soname,librunc-hooks-create-container.so.1 -o "$HOOKLIBCC.1.0.0" + gcc -shared -Wl,-soname,"$HOOKLIBCR.1" -o "$HOOKLIBCR.1.0.0" + gcc -shared -Wl,-soname,"$HOOKLIBCC.1" -o "$HOOKLIBCC.1.0.0" bundle=$(pwd) From a50e6872beb20ef409c3893b7deedbffe4d62845 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 7 Jan 2025 13:50:16 -0800 Subject: [PATCH 0774/1176] tests/int: simplify assignments Assigning a multi-line value to a bash variable should not be so complex. While at it, slightly reformat create_runtime_hook. No functional change. Signed-off-by: Kir Kolyshkin --- tests/integration/hooks_so.bats | 9 ++------- tests/integration/tty.bats | 14 ++++---------- 2 files changed, 6 insertions(+), 17 deletions(-) diff --git a/tests/integration/hooks_so.bats b/tests/integration/hooks_so.bats index 44299ab57a6..515f9e322a2 100644 --- a/tests/integration/hooks_so.bats +++ b/tests/integration/hooks_so.bats @@ -30,13 +30,8 @@ function teardown() { bundle=$(pwd) # To mount $HOOKLIBCR we need to do that in the container namespace - create_runtime_hook=$( - cat <<-EOF - pid=\$(cat - | jq -r '.pid') - touch "$LIBPATH/$HOOKLIBCR.1.0.0" - nsenter -m \$ns -t \$pid mount --bind "$bundle/$HOOKLIBCR.1.0.0" "$LIBPATH/$HOOKLIBCR.1.0.0" - EOF - ) + create_runtime_hook="pid=\$(cat - | jq -r '.pid'); touch "$LIBPATH/$HOOKLIBCR.1.0.0" && \ + nsenter -m \$ns -t \$pid mount --bind "$bundle/$HOOKLIBCR.1.0.0" "$LIBPATH/$HOOKLIBCR.1.0.0"" create_container_hook="touch ./lib/$HOOKLIBCC.1.0.0 && mount --bind $bundle/$HOOKLIBCC.1.0.0 ./lib/$HOOKLIBCC.1.0.0" diff --git a/tests/integration/tty.bats b/tests/integration/tty.bats index c95c19a1eea..53d3c23f17c 100644 --- a/tests/integration/tty.bats +++ b/tests/integration/tty.bats @@ -153,8 +153,7 @@ function teardown() { # make sure we're running testcontainer test_busybox running - tty_info_with_consize_size=$( - cat < Date: Wed, 8 Jan 2025 04:16:24 +0000 Subject: [PATCH 0775/1176] build(deps): bump google.golang.org/protobuf from 1.36.1 to 1.36.2 Bumps google.golang.org/protobuf from 1.36.1 to 1.36.2. --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- .../protobuf/internal/impl/message_opaque.go | 24 ++++++++++++++++--- .../protobuf/internal/version/version.go | 2 +- vendor/modules.txt | 2 +- 5 files changed, 26 insertions(+), 8 deletions(-) diff --git a/go.mod b/go.mod index 5c83e0bf7b8..5e27caf99dd 100644 --- a/go.mod +++ b/go.mod @@ -28,7 +28,7 @@ require ( github.com/vishvananda/netlink v1.3.0 golang.org/x/net v0.34.0 golang.org/x/sys v0.29.0 - google.golang.org/protobuf v1.36.1 + google.golang.org/protobuf v1.36.2 ) require ( diff --git a/go.sum b/go.sum index 86c7eb1a8de..86b0fdf4076 100644 --- a/go.sum +++ b/go.sum @@ -95,8 +95,8 @@ golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.36.1 h1:yBPeRvTftaleIgM3PZ/WBIZ7XM/eEYAaEyCwvyjq/gk= -google.golang.org/protobuf v1.36.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= +google.golang.org/protobuf v1.36.2 h1:R8FeyR1/eLmkutZOM5CWghmo5itiG9z0ktFlTVLuTmU= +google.golang.org/protobuf v1.36.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/vendor/google.golang.org/protobuf/internal/impl/message_opaque.go b/vendor/google.golang.org/protobuf/internal/impl/message_opaque.go index d407dd791e8..d7ec53f074a 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/message_opaque.go +++ b/vendor/google.golang.org/protobuf/internal/impl/message_opaque.go @@ -88,9 +88,7 @@ func opaqueInitHook(mi *MessageInfo) bool { mi.oneofs = map[protoreflect.Name]*oneofInfo{} for i := 0; i < mi.Desc.Oneofs().Len(); i++ { od := mi.Desc.Oneofs().Get(i) - if !od.IsSynthetic() { - mi.oneofs[od.Name()] = makeOneofInfo(od, si.structInfo, mi.Exporter) - } + mi.oneofs[od.Name()] = makeOneofInfoOpaque(mi, od, si.structInfo, mi.Exporter) } mi.denseFields = make([]*fieldInfo, fds.Len()*2) @@ -119,6 +117,26 @@ func opaqueInitHook(mi *MessageInfo) bool { return true } +func makeOneofInfoOpaque(mi *MessageInfo, od protoreflect.OneofDescriptor, si structInfo, x exporter) *oneofInfo { + oi := &oneofInfo{oneofDesc: od} + if od.IsSynthetic() { + fd := od.Fields().Get(0) + index, _ := presenceIndex(mi.Desc, fd) + oi.which = func(p pointer) protoreflect.FieldNumber { + if p.IsNil() { + return 0 + } + if !mi.present(p, index) { + return 0 + } + return od.Fields().Get(0).Number() + } + return oi + } + // Dispatch to non-opaque oneof implementation for non-synthetic oneofs. + return makeOneofInfo(od, si, x) +} + func (mi *MessageInfo) fieldInfoForMapOpaque(si opaqueStructInfo, fd protoreflect.FieldDescriptor, fs reflect.StructField) fieldInfo { ft := fs.Type if ft.Kind() != reflect.Map { diff --git a/vendor/google.golang.org/protobuf/internal/version/version.go b/vendor/google.golang.org/protobuf/internal/version/version.go index 3018450df79..386c823aa64 100644 --- a/vendor/google.golang.org/protobuf/internal/version/version.go +++ b/vendor/google.golang.org/protobuf/internal/version/version.go @@ -52,7 +52,7 @@ import ( const ( Major = 1 Minor = 36 - Patch = 1 + Patch = 2 PreRelease = "" ) diff --git a/vendor/modules.txt b/vendor/modules.txt index 25d8d639635..201cbbe2408 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -87,7 +87,7 @@ golang.org/x/net/bpf ## explicit; go 1.18 golang.org/x/sys/unix golang.org/x/sys/windows -# google.golang.org/protobuf v1.36.1 +# google.golang.org/protobuf v1.36.2 ## explicit; go 1.21 google.golang.org/protobuf/encoding/prototext google.golang.org/protobuf/encoding/protowire From 9a54594752e62f61465491a9011c0d8fa125f7a9 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 24 Jun 2024 00:13:56 -0700 Subject: [PATCH 0776/1176] libct/int: add BenchmarkExecInBigEnv MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Here's what it shows on my laptop (with -count 10 -benchtime 10s, summarized by benchstat): │ sec/op │ ExecTrue-20 8.477m ± 2% ExecInBigEnv-20 61.53m ± 1% Signed-off-by: Kir Kolyshkin --- libcontainer/integration/bench_test.go | 82 ++++++++++++++++++++++++-- 1 file changed, 77 insertions(+), 5 deletions(-) diff --git a/libcontainer/integration/bench_test.go b/libcontainer/integration/bench_test.go index da95b20b0b7..841d3aa06dd 100644 --- a/libcontainer/integration/bench_test.go +++ b/libcontainer/integration/bench_test.go @@ -1,7 +1,10 @@ package integration import ( + "bytes" + "math/rand" "os" + "strings" "testing" "github.com/opencontainers/runc/libcontainer" @@ -27,9 +30,7 @@ func BenchmarkExecTrue(b *testing.B) { _ = stdinR.Close() defer func() { _ = stdinW.Close() - if _, err := process.Wait(); err != nil { - b.Log(err) - } + waitProcess(process, b) }() ok(b, err) @@ -42,10 +43,81 @@ func BenchmarkExecTrue(b *testing.B) { LogLevel: "0", // Minimize forwardChildLogs involvement. } err := container.Run(exec) - if err != nil { - b.Fatal("exec failed:", err) + ok(b, err) + waitProcess(exec, b) + } + b.StopTimer() +} + +func genBigEnv(count int) []string { + randStr := func(length int) string { + const charset = "abcdefghijklmnopqrstuvwxyz0123456789_" + b := make([]byte, length) + for i := range b { + b[i] = charset[rand.Intn(len(charset))] } + return string(b) + } + + envs := make([]string, count) + for i := 0; i < count; i++ { + key := strings.ToUpper(randStr(10)) + value := randStr(20) + envs[i] = key + "=" + value + } + + return envs +} + +func BenchmarkExecInBigEnv(b *testing.B) { + config := newTemplateConfig(b, nil) + container, err := newContainer(b, config) + ok(b, err) + defer destroyContainer(container) + + // Execute a first process in the container + stdinR, stdinW, err := os.Pipe() + ok(b, err) + process := &libcontainer.Process{ + Cwd: "/", + Args: []string{"cat"}, + Env: standardEnvironment, + Stdin: stdinR, + Init: true, + } + err = container.Run(process) + _ = stdinR.Close() + defer func() { + _ = stdinW.Close() + waitProcess(process, b) + }() + ok(b, err) + + const numEnv = 5000 + env := append(standardEnvironment, genBigEnv(numEnv)...) + // Construct the expected output. + var wantOut bytes.Buffer + for _, e := range env { + wantOut.WriteString(e + "\n") + } + + b.ResetTimer() + for i := 0; i < b.N; i++ { + buffers := newStdBuffers() + exec := &libcontainer.Process{ + Cwd: "/", + Args: []string{"env"}, + Env: env, + Stdin: buffers.Stdin, + Stdout: buffers.Stdout, + Stderr: buffers.Stderr, + } + err = container.Run(exec) + ok(b, err) waitProcess(exec, b) + if !bytes.Equal(buffers.Stdout.Bytes(), wantOut.Bytes()) { + b.Fatalf("unexpected output: %s (stderr: %s)", buffers.Stdout, buffers.Stderr) + } } b.StopTimer() } From 390641d14885860238bf38d5e3953d8c01e6224f Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 20 Dec 2024 19:00:03 -0800 Subject: [PATCH 0777/1176] libct/int: improve TestExecInEnvironment This is a slight refactor of TestExecInEnvironment, making it more strict wrt checking the exec output. 1. Explain why DEBUG is added twice to the env. 2. Reuse the execEnv for the check. 3. Make the check more strict -- instead of looking for substrings, check line by line. 4. Add a check for extra environment variables. Signed-off-by: Kir Kolyshkin --- libcontainer/integration/execin_test.go | 47 ++++++++++++++++--------- 1 file changed, 31 insertions(+), 16 deletions(-) diff --git a/libcontainer/integration/execin_test.go b/libcontainer/integration/execin_test.go index b9683b76442..a81d11edb71 100644 --- a/libcontainer/integration/execin_test.go +++ b/libcontainer/integration/execin_test.go @@ -5,6 +5,7 @@ import ( "fmt" "io" "os" + "slices" "strconv" "strings" "testing" @@ -345,16 +346,20 @@ func TestExecInEnvironment(t *testing.T) { defer stdinW.Close() //nolint: errcheck ok(t, err) + execEnv := []string{ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + // The below line is added to check the deduplication feature: + // if a variable with the same name appears more than once, + // only the last value should be added to the environment. + "DEBUG=true", + "DEBUG=false", + "ENV=test", + } buffers := newStdBuffers() process2 := &libcontainer.Process{ - Cwd: "/", - Args: []string{"env"}, - Env: []string{ - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", - "DEBUG=true", - "DEBUG=false", - "ENV=test", - }, + Cwd: "/", + Args: []string{"/bin/env"}, + Env: execEnv, Stdin: buffers.Stdin, Stdout: buffers.Stdout, Stderr: buffers.Stderr, @@ -366,14 +371,24 @@ func TestExecInEnvironment(t *testing.T) { _ = stdinW.Close() waitProcess(process, t) - out := buffers.Stdout.String() - // check execin's process environment - if !strings.Contains(out, "DEBUG=false") || - !strings.Contains(out, "ENV=test") || - !strings.Contains(out, "HOME=/root") || - !strings.Contains(out, "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin") || - strings.Contains(out, "DEBUG=true") { - t.Fatalf("unexpected running process, output %q", out) + // Check exec process environment. + t.Logf("exec output:\n%s", buffers.Stdout.String()) + out := strings.Fields(buffers.Stdout.String()) + // If not present in the Process.Env, runc should add $HOME, + // which is deduced by parsing container's /etc/passwd. + // We use a known image in the test, so we know its value. + for _, e := range append(execEnv, "HOME=/root") { + if e == "DEBUG=true" { // This one should be dedup'ed out. + continue + } + if !slices.Contains(out, e) { + t.Errorf("Expected env %s not found in exec output", e) + } + } + // Check that there are no extra variables. We have 1 env ("DEBUG=true") + // removed and 1 env ("HOME=root") added, resulting in the same number. + if got, want := len(out), len(execEnv); want != got { + t.Errorf("Mismatched number of variables: want %d, got %d", want, got) } } From c49b89168140c70dc1badd17d5ed361788898fe9 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Sat, 21 Dec 2024 11:52:25 -0800 Subject: [PATCH 0778/1176] tests: add test to check StartContainer hook env This is to ensure that changes in Process.Env handling won't affect StartContainer hook. Reported-by: lfbzhm Signed-off-by: Kir Kolyshkin --- tests/integration/hooks.bats | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/tests/integration/hooks.bats b/tests/integration/hooks.bats index 099337a2b2c..e9d62b0e6c5 100644 --- a/tests/integration/hooks.bats +++ b/tests/integration/hooks.bats @@ -42,3 +42,24 @@ function teardown() { [[ "$output" == *"error running $hook hook #1:"* ]] done } + +# While runtime-spec does not say what environment variables hooks should have, +# if not explicitly specified, historically the StartContainer hook inherited +# the process environment specified for init. +# +# Check this behavior is preserved. +@test "runc run [startContainer hook should inherit process environment]" { + cat >"rootfs/check-env.sh" <<-'EOF' + #!/bin/sh -ue + test $ONE = two + test $FOO = bar + echo $HOME # Test HOME is set w/o checking the value. + EOF + chmod +x "rootfs/check-env.sh" + + update_config ' .process.args = ["/bin/true"] + | .process.env = ["ONE=two", "FOO=bar"] + | .hooks |= {"startContainer": [{"path": "/check-env.sh"}]}' + runc run ct1 + [ "$status" -eq 0 ] +} From 6171da60058fe58c6bd2f2a4ae8be381cfc12cce Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Sun, 22 Dec 2024 17:32:02 -0800 Subject: [PATCH 0779/1176] libct/configs: add HookList.SetDefaultEnv 1. Make CommandHook.Command a pointer, which reduces the amount of data being copied when using hooks, and allows to modify command hooks. 2. Add SetDefaultEnv, which is to be used by the next commit. Signed-off-by: Kir Kolyshkin --- CHANGELOG.md | 4 ++++ libcontainer/configs/config.go | 16 +++++++++++++--- libcontainer/configs/config_test.go | 10 +++++----- libcontainer/factory_linux_test.go | 6 +++--- libcontainer/integration/exec_test.go | 4 ++-- libcontainer/specconv/spec_linux.go | 4 ++-- 6 files changed, 29 insertions(+), 15 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3f42f11309e..92e1b23cfde 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### libcontainer API + * `configs.CommandHook` struct has changed, Command is now a pointer. + Also, `configs.NewCommandHook` now accepts a `*Command`. (#4325) + ## [1.2.0] - 2024-10-22 > ă§ăă‚‹ă¨ăă«ă§ăă‚‹ă“ă¨ă‚’ă‚„ă‚‹ă‚“ă ă€‚ăă‚ŒăŒä»ă ă€‚ diff --git a/libcontainer/configs/config.go b/libcontainer/configs/config.go index dbf34f120cc..0e0ba57b179 100644 --- a/libcontainer/configs/config.go +++ b/libcontainer/configs/config.go @@ -434,6 +434,16 @@ func (hooks Hooks) Run(name HookName, state *specs.State) error { return nil } +// SetDefaultEnv sets the environment for those CommandHook entries +// that do not have one set. +func (hooks HookList) SetDefaultEnv(env []string) { + for _, h := range hooks { + if ch, ok := h.(CommandHook); ok && len(ch.Env) == 0 { + ch.Env = env + } + } +} + type Hook interface { // Run executes the hook with the provided state. Run(*specs.State) error @@ -463,17 +473,17 @@ type Command struct { } // NewCommandHook will execute the provided command when the hook is run. -func NewCommandHook(cmd Command) CommandHook { +func NewCommandHook(cmd *Command) CommandHook { return CommandHook{ Command: cmd, } } type CommandHook struct { - Command + *Command } -func (c Command) Run(s *specs.State) error { +func (c *Command) Run(s *specs.State) error { b, err := json.Marshal(s) if err != nil { return err diff --git a/libcontainer/configs/config_test.go b/libcontainer/configs/config_test.go index ceabaca737f..644129941ce 100644 --- a/libcontainer/configs/config_test.go +++ b/libcontainer/configs/config_test.go @@ -15,7 +15,7 @@ import ( func TestUnmarshalHooks(t *testing.T) { timeout := time.Second - hookCmd := configs.NewCommandHook(configs.Command{ + hookCmd := configs.NewCommandHook(&configs.Command{ Path: "/var/vcap/hooks/hook", Args: []string{"--pid=123"}, Env: []string{"FOO=BAR"}, @@ -52,7 +52,7 @@ func TestUnmarshalHooksWithInvalidData(t *testing.T) { func TestMarshalHooks(t *testing.T) { timeout := time.Second - hookCmd := configs.NewCommandHook(configs.Command{ + hookCmd := configs.NewCommandHook(&configs.Command{ Path: "/var/vcap/hooks/hook", Args: []string{"--pid=123"}, Env: []string{"FOO=BAR"}, @@ -84,7 +84,7 @@ func TestMarshalHooks(t *testing.T) { func TestMarshalUnmarshalHooks(t *testing.T) { timeout := time.Second - hookCmd := configs.NewCommandHook(configs.Command{ + hookCmd := configs.NewCommandHook(&configs.Command{ Path: "/var/vcap/hooks/hook", Args: []string{"--pid=123"}, Env: []string{"FOO=BAR"}, @@ -194,7 +194,7 @@ exit 0 } defer os.Remove(filename) - cmdHook := configs.NewCommandHook(configs.Command{ + cmdHook := configs.NewCommandHook(&configs.Command{ Path: filename, Args: []string{filename, "testarg"}, Env: []string{"FOO=BAR"}, @@ -216,7 +216,7 @@ func TestCommandHookRunTimeout(t *testing.T) { } timeout := 100 * time.Millisecond - cmdHook := configs.NewCommandHook(configs.Command{ + cmdHook := configs.NewCommandHook(&configs.Command{ Path: "/bin/sleep", Args: []string{"/bin/sleep", "1"}, Timeout: &timeout, diff --git a/libcontainer/factory_linux_test.go b/libcontainer/factory_linux_test.go index dec21afb212..7e4fcecfde0 100644 --- a/libcontainer/factory_linux_test.go +++ b/libcontainer/factory_linux_test.go @@ -31,14 +31,14 @@ func TestFactoryLoadContainer(t *testing.T) { id = "1" expectedHooks = configs.Hooks{ configs.Prestart: configs.HookList{ - configs.CommandHook{Command: configs.Command{Path: "prestart-hook"}}, + configs.CommandHook{Command: &configs.Command{Path: "prestart-hook"}}, }, configs.Poststart: configs.HookList{ - configs.CommandHook{Command: configs.Command{Path: "poststart-hook"}}, + configs.CommandHook{Command: &configs.Command{Path: "poststart-hook"}}, }, configs.Poststop: configs.HookList{ unserializableHook{}, - configs.CommandHook{Command: configs.Command{Path: "poststop-hook"}}, + configs.CommandHook{Command: &configs.Command{Path: "poststop-hook"}}, }, } expectedConfig = &configs.Config{ diff --git a/libcontainer/integration/exec_test.go b/libcontainer/integration/exec_test.go index e3d26468dde..c9f37ada4c7 100644 --- a/libcontainer/integration/exec_test.go +++ b/libcontainer/integration/exec_test.go @@ -1022,13 +1022,13 @@ func TestHook(t *testing.T) { }), }, configs.CreateContainer: configs.HookList{ - configs.NewCommandHook(configs.Command{ + configs.NewCommandHook(&configs.Command{ Path: "/bin/bash", Args: []string{"/bin/bash", "-c", fmt.Sprintf("touch ./%s", hookFiles[configs.CreateContainer])}, }), }, configs.StartContainer: configs.HookList{ - configs.NewCommandHook(configs.Command{ + configs.NewCommandHook(&configs.Command{ Path: "/bin/sh", Args: []string{"/bin/sh", "-c", fmt.Sprintf("touch /%s", hookFiles[configs.StartContainer])}, }), diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go index 79a9a790049..6e3e5bde371 100644 --- a/libcontainer/specconv/spec_linux.go +++ b/libcontainer/specconv/spec_linux.go @@ -1256,8 +1256,8 @@ func createHooks(rspec *specs.Spec, config *configs.Config) { } } -func createCommandHook(h specs.Hook) configs.Command { - cmd := configs.Command{ +func createCommandHook(h specs.Hook) *configs.Command { + cmd := &configs.Command{ Path: h.Path, Args: h.Args, Env: h.Env, From 06f1e0765576dcf6d8c2ef5e56d309618310992c Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Sun, 23 Jun 2024 16:31:57 -0700 Subject: [PATCH 0780/1176] libct: speedup process.Env handling MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The current implementation sets all the environment variables passed in Process.Env in the current process, one by one, then uses os.Environ to read those back. As pointed out in [1], this is slow, as runc calls os.Setenv for every variable, and there may be a few thousands of those. Looking into how os.Setenv is implemented, it is indeed slow, especially when cgo is enabled. Looking into why it was implemented the way it is, I found commit 9744d72c and traced it to [2], which discusses the actual reasons. It boils down to these two: - HOME is not passed into container as it is set in setupUser by os.Setenv and has no effect on config.Env; - there is a need to deduplicate the environment variables. Yet it was decided in [2] to not go ahead with this patch, but later [3] was opened with the carry of this patch, and merged. Now, from what I see: 1. Passing environment to exec is way faster than using os.Setenv and os.Environ (tests show ~20x speed improvement in a simple Go test, and ~3x improvement in real-world test, see below). 2. Setting environment variables in the runc context may result is some ugly side effects (think GODEBUG, LD_PRELOAD, or _LIBCONTAINER_*). 3. Nothing in runtime spec says that the environment needs to be deduplicated, or the order of preference (whether the first or the last value of a variable with the same name is to be used). We should stick to what we have in order to maintain backward compatibility. So, this patch: - switches to passing env directly to exec; - adds deduplication mechanism to retain backward compatibility; - takes care to set PATH from process.Env in the current process (so that supplied PATH is used to find the binary to execute), also to retain backward compatibility; - adds HOME to process.Env if not set; - ensures any StartContainer CommandHook entries with no environment set explicitly are run with the same environment as before. Thanks to @lifubang who noticed that peculiarity. The benchmark added by the previous commit shows ~3x improvement: │ before │ after │ │ sec/op │ sec/op vs base │ ExecInBigEnv-20 61.53m ± 1% 21.87m ± 16% -64.46% (p=0.000 n=10) [1]: https://github.com/opencontainers/runc/pull/1983 [2]: https://github.com/docker-archive/libcontainer/pull/418 [3]: https://github.com/docker-archive/libcontainer/pull/432 Signed-off-by: Kir Kolyshkin --- libcontainer/env.go | 59 +++++++++++++++++++++++++++++ libcontainer/env_test.go | 40 +++++++++++++++++++ libcontainer/init_linux.go | 54 ++++++++------------------ libcontainer/setns_init_linux.go | 5 ++- libcontainer/standard_init_linux.go | 16 +++++++- 5 files changed, 132 insertions(+), 42 deletions(-) create mode 100644 libcontainer/env.go create mode 100644 libcontainer/env_test.go diff --git a/libcontainer/env.go b/libcontainer/env.go new file mode 100644 index 00000000000..d205cb65014 --- /dev/null +++ b/libcontainer/env.go @@ -0,0 +1,59 @@ +package libcontainer + +import ( + "errors" + "fmt" + "os" + "slices" + "strings" +) + +// prepareEnv processes a list of environment variables, preparing it +// for direct consumption by unix.Exec. In particular, it: +// - validates each variable is in the NAME=VALUE format and +// contains no \0 (nil) bytes; +// - removes any duplicates (keeping only the last value for each key) +// - sets PATH for the current process, if found in the list. +// +// It returns the deduplicated environment, a flag telling whether HOME +// is present in the input, and an error. +func prepareEnv(env []string) ([]string, bool, error) { + if env == nil { + return nil, false, nil + } + // Deduplication code based on dedupEnv from Go 1.22 os/exec. + + // Construct the output in reverse order, to preserve the + // last occurrence of each key. + out := make([]string, 0, len(env)) + saw := make(map[string]bool, len(env)) + for n := len(env); n > 0; n-- { + kv := env[n-1] + i := strings.IndexByte(kv, '=') + if i == -1 { + return nil, false, errors.New("invalid environment variable: missing '='") + } + if i == 0 { + return nil, false, errors.New("invalid environment variable: name cannot be empty") + } + key := kv[:i] + if saw[key] { // Duplicate. + continue + } + saw[key] = true + if strings.IndexByte(kv, 0) >= 0 { + return nil, false, fmt.Errorf("invalid environment variable %q: contains nul byte (\\x00)", key) + } + if key == "PATH" { + // Needs to be set as it is used for binary lookup. + if err := os.Setenv("PATH", kv[i+1:]); err != nil { + return nil, false, err + } + } + out = append(out, kv) + } + // Restore the original order. + slices.Reverse(out) + + return out, saw["HOME"], nil +} diff --git a/libcontainer/env_test.go b/libcontainer/env_test.go new file mode 100644 index 00000000000..72d63b4af23 --- /dev/null +++ b/libcontainer/env_test.go @@ -0,0 +1,40 @@ +package libcontainer + +import ( + "slices" + "testing" +) + +func TestPrepareEnvDedup(t *testing.T) { + tests := []struct { + env, wantEnv []string + }{ + { + env: []string{}, + wantEnv: []string{}, + }, + { + env: []string{"HOME=/root", "FOO=bar"}, + wantEnv: []string{"HOME=/root", "FOO=bar"}, + }, + { + env: []string{"A=a", "A=b", "A=c"}, + wantEnv: []string{"A=c"}, + }, + { + env: []string{"TERM=vt100", "HOME=/home/one", "HOME=/home/two", "TERM=xterm", "HOME=/home/three", "FOO=bar"}, + wantEnv: []string{"TERM=xterm", "HOME=/home/three", "FOO=bar"}, + }, + } + + for _, tc := range tests { + env, _, err := prepareEnv(tc.env) + if err != nil { + t.Error(err) + continue + } + if !slices.Equal(env, tc.wantEnv) { + t.Errorf("want %v, got %v", tc.wantEnv, env) + } + } +} diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go index b218a6cb126..af62c54e5df 100644 --- a/libcontainer/init_linux.go +++ b/libcontainer/init_linux.go @@ -11,7 +11,6 @@ import ( "runtime" "runtime/debug" "strconv" - "strings" "syscall" "github.com/containerd/console" @@ -185,8 +184,8 @@ func startInitialization() (retErr error) { defer pidfdSocket.Close() } - // clear the current process's environment to clean any libcontainer - // specific env vars. + // From here on, we don't need current process environment. It is not + // used directly anywhere below this point, but let's clear it anyway. os.Clearenv() defer func() { @@ -209,9 +208,11 @@ func startInitialization() (retErr error) { } func containerInit(t initType, config *initConfig, pipe *syncSocket, consoleSocket, pidfdSocket, fifoFile, logPipe *os.File) error { - if err := populateProcessEnvironment(config.Env); err != nil { + env, homeSet, err := prepareEnv(config.Env) + if err != nil { return err } + config.Env = env // Clean the RLIMIT_NOFILE cache in go runtime. // Issue: https://github.com/opencontainers/runc/issues/4195 @@ -225,6 +226,7 @@ func containerInit(t initType, config *initConfig, pipe *syncSocket, consoleSock pidfdSocket: pidfdSocket, config: config, logPipe: logPipe, + addHome: !homeSet, } return i.Init() case initStandard: @@ -236,36 +238,13 @@ func containerInit(t initType, config *initConfig, pipe *syncSocket, consoleSock config: config, fifoFile: fifoFile, logPipe: logPipe, + addHome: !homeSet, } return i.Init() } return fmt.Errorf("unknown init type %q", t) } -// populateProcessEnvironment loads the provided environment variables into the -// current processes's environment. -func populateProcessEnvironment(env []string) error { - for _, pair := range env { - name, val, ok := strings.Cut(pair, "=") - if !ok { - return errors.New("invalid environment variable: missing '='") - } - if name == "" { - return errors.New("invalid environment variable: name cannot be empty") - } - if strings.IndexByte(name, 0) >= 0 { - return fmt.Errorf("invalid environment variable %q: name contains nul byte (\\x00)", name) - } - if strings.IndexByte(val, 0) >= 0 { - return fmt.Errorf("invalid environment variable %q: value contains nul byte (\\x00)", name) - } - if err := os.Setenv(name, val); err != nil { - return err - } - } - return nil -} - // verifyCwd ensures that the current directory is actually inside the mount // namespace root of the current process. func verifyCwd() error { @@ -294,8 +273,8 @@ func verifyCwd() error { // finalizeNamespace drops the caps, sets the correct user // and working dir, and closes any leaked file descriptors -// before executing the command inside the namespace -func finalizeNamespace(config *initConfig) error { +// before executing the command inside the namespace. +func finalizeNamespace(config *initConfig, addHome bool) error { // Ensure that all unwanted fds we may have accidentally // inherited are marked close-on-exec so they stay out of the // container @@ -341,7 +320,7 @@ func finalizeNamespace(config *initConfig) error { if err := system.SetKeepCaps(); err != nil { return fmt.Errorf("unable to set keep caps: %w", err) } - if err := setupUser(config); err != nil { + if err := setupUser(config, addHome); err != nil { return fmt.Errorf("unable to setup user: %w", err) } // Change working directory AFTER the user has been set up, if we haven't done it yet. @@ -459,8 +438,9 @@ func syncParentSeccomp(pipe *syncSocket, seccompFd int) error { return readSync(pipe, procSeccompDone) } -// setupUser changes the groups, gid, and uid for the user inside the container -func setupUser(config *initConfig) error { +// setupUser changes the groups, gid, and uid for the user inside the container, +// and appends user's HOME to config.Env if addHome is true. +func setupUser(config *initConfig, addHome bool) error { // Set up defaults. defaultExecUser := user.ExecUser{ Uid: 0, @@ -541,11 +521,9 @@ func setupUser(config *initConfig) error { return err } - // if we didn't get HOME already, set it based on the user's HOME - if envHome := os.Getenv("HOME"); envHome == "" { - if err := os.Setenv("HOME", execUser.Home); err != nil { - return err - } + // If we didn't get HOME already, set it based on the user's HOME. + if addHome { + config.Env = append(config.Env, "HOME="+execUser.Home) } return nil } diff --git a/libcontainer/setns_init_linux.go b/libcontainer/setns_init_linux.go index 462662a84ed..b42b3be1a89 100644 --- a/libcontainer/setns_init_linux.go +++ b/libcontainer/setns_init_linux.go @@ -25,6 +25,7 @@ type linuxSetnsInit struct { pidfdSocket *os.File config *initConfig logPipe *os.File + addHome bool } func (l *linuxSetnsInit) getSessionRingName() string { @@ -101,7 +102,7 @@ func (l *linuxSetnsInit) Init() error { return err } } - if err := finalizeNamespace(l.config); err != nil { + if err := finalizeNamespace(l.config, l.addHome); err != nil { return err } if err := apparmor.ApplyProfile(l.config.AppArmorProfile); err != nil { @@ -154,5 +155,5 @@ func (l *linuxSetnsInit) Init() error { if err := utils.UnsafeCloseFrom(l.config.PassedFilesCount + 3); err != nil { return err } - return system.Exec(name, l.config.Args, os.Environ()) + return system.Exec(name, l.config.Args, l.config.Env) } diff --git a/libcontainer/standard_init_linux.go b/libcontainer/standard_init_linux.go index bb1eb300188..510f9483baa 100644 --- a/libcontainer/standard_init_linux.go +++ b/libcontainer/standard_init_linux.go @@ -27,6 +27,7 @@ type linuxStandardInit struct { fifoFile *os.File logPipe *os.File config *initConfig + addHome bool } func (l *linuxStandardInit) getSessionRingParams() (string, uint32, uint32) { @@ -186,7 +187,7 @@ func (l *linuxStandardInit) Init() error { return err } } - if err := finalizeNamespace(l.config); err != nil { + if err := finalizeNamespace(l.config, l.addHome); err != nil { return err } // finalizeNamespace can change user/group which clears the parent death @@ -194,6 +195,17 @@ func (l *linuxStandardInit) Init() error { if err := pdeath.Restore(); err != nil { return fmt.Errorf("can't restore pdeath signal: %w", err) } + + // In case we have any StartContainer hooks to run, and they don't + // have environment configured explicitly, make sure they will be run + // with the same environment as container's init. + // + // NOTE the above described behavior is not part of runtime-spec, but + // rather a de facto historical thing we afraid to change. + if h := l.config.Config.Hooks[configs.StartContainer]; len(h) > 0 { + h.SetDefaultEnv(l.config.Env) + } + // Compare the parent from the initial start of the init process and make // sure that it did not change. if the parent changes that means it died // and we were reparented to something else so we should just kill ourself @@ -285,5 +297,5 @@ func (l *linuxStandardInit) Init() error { if err := utils.UnsafeCloseFrom(l.config.PassedFilesCount + 3); err != nil { return err } - return system.Exec(name, l.config.Args, os.Environ()) + return system.Exec(name, l.config.Args, l.config.Env) } From 9af7952249a894213c88b8cc5392cc18cc05e759 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 16 Jan 2025 04:05:13 +0000 Subject: [PATCH 0781/1176] build(deps): bump google.golang.org/protobuf from 1.36.2 to 1.36.3 Bumps google.golang.org/protobuf from 1.36.2 to 1.36.3. --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 +- .../protobuf/encoding/prototext/decode.go | 2 +- .../protobuf/internal/flags/flags.go | 5 ++ .../protobuf/internal/impl/codec_map.go | 14 ++--- .../protobuf/internal/impl/codec_map_go111.go | 38 ------------- .../protobuf/internal/impl/codec_map_go112.go | 12 ---- .../protobuf/internal/impl/codec_message.go | 4 +- .../internal/impl/codec_message_opaque.go | 6 +- .../protobuf/internal/impl/convert_map.go | 2 +- .../protobuf/internal/impl/message.go | 12 ++-- .../protobuf/internal/impl/message_opaque.go | 12 ++-- .../internal/impl/message_reflect_field.go | 56 +++---------------- .../protobuf/internal/impl/pointer_unsafe.go | 2 +- .../protobuf/internal/version/version.go | 2 +- .../protobuf/proto/decode.go | 2 +- vendor/modules.txt | 2 +- 17 files changed, 47 insertions(+), 130 deletions(-) delete mode 100644 vendor/google.golang.org/protobuf/internal/impl/codec_map_go111.go delete mode 100644 vendor/google.golang.org/protobuf/internal/impl/codec_map_go112.go diff --git a/go.mod b/go.mod index 5e27caf99dd..3bbe1de11f6 100644 --- a/go.mod +++ b/go.mod @@ -28,7 +28,7 @@ require ( github.com/vishvananda/netlink v1.3.0 golang.org/x/net v0.34.0 golang.org/x/sys v0.29.0 - google.golang.org/protobuf v1.36.2 + google.golang.org/protobuf v1.36.3 ) require ( diff --git a/go.sum b/go.sum index 86b0fdf4076..7e070fb824e 100644 --- a/go.sum +++ b/go.sum @@ -95,8 +95,8 @@ golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.36.2 h1:R8FeyR1/eLmkutZOM5CWghmo5itiG9z0ktFlTVLuTmU= -google.golang.org/protobuf v1.36.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= +google.golang.org/protobuf v1.36.3 h1:82DV7MYdb8anAVi3qge1wSnMDrnKK7ebr+I0hHRN1BU= +google.golang.org/protobuf v1.36.3/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/vendor/google.golang.org/protobuf/encoding/prototext/decode.go b/vendor/google.golang.org/protobuf/encoding/prototext/decode.go index 24bc98ac422..d972a3d98ed 100644 --- a/vendor/google.golang.org/protobuf/encoding/prototext/decode.go +++ b/vendor/google.golang.org/protobuf/encoding/prototext/decode.go @@ -185,7 +185,7 @@ func (d decoder) unmarshalMessage(m protoreflect.Message, checkDelims bool) erro } else if xtErr != nil && xtErr != protoregistry.NotFound { return d.newError(tok.Pos(), "unable to resolve [%s]: %v", tok.RawString(), xtErr) } - if flags.ProtoLegacy { + if flags.ProtoLegacyWeak { if fd != nil && fd.IsWeak() && fd.Message().IsPlaceholder() { fd = nil // reset since the weak reference is not linked in } diff --git a/vendor/google.golang.org/protobuf/internal/flags/flags.go b/vendor/google.golang.org/protobuf/internal/flags/flags.go index 58372dd3485..5cb3ee70f91 100644 --- a/vendor/google.golang.org/protobuf/internal/flags/flags.go +++ b/vendor/google.golang.org/protobuf/internal/flags/flags.go @@ -22,3 +22,8 @@ const ProtoLegacy = protoLegacy // extension fields at unmarshal time, but defers creating the message // structure until the extension is first accessed. const LazyUnmarshalExtensions = ProtoLegacy + +// ProtoLegacyWeak specifies whether to enable support for weak fields. +// This flag was split out of ProtoLegacy in preparation for removing +// support for weak fields (independent of the other protolegacy features). +const ProtoLegacyWeak = ProtoLegacy diff --git a/vendor/google.golang.org/protobuf/internal/impl/codec_map.go b/vendor/google.golang.org/protobuf/internal/impl/codec_map.go index fb35f0bae9c..229c6980138 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/codec_map.go +++ b/vendor/google.golang.org/protobuf/internal/impl/codec_map.go @@ -94,7 +94,7 @@ func sizeMap(mapv reflect.Value, mapi *mapInfo, f *coderFieldInfo, opts marshalO return 0 } n := 0 - iter := mapRange(mapv) + iter := mapv.MapRange() for iter.Next() { key := mapi.conv.keyConv.PBValueOf(iter.Key()).MapKey() keySize := mapi.keyFuncs.size(key.Value(), mapKeyTagSize, opts) @@ -281,7 +281,7 @@ func appendMap(b []byte, mapv reflect.Value, mapi *mapInfo, f *coderFieldInfo, o if opts.Deterministic() { return appendMapDeterministic(b, mapv, mapi, f, opts) } - iter := mapRange(mapv) + iter := mapv.MapRange() for iter.Next() { var err error b = protowire.AppendVarint(b, f.wiretag) @@ -328,7 +328,7 @@ func isInitMap(mapv reflect.Value, mapi *mapInfo, f *coderFieldInfo) error { if !mi.needsInitCheck { return nil } - iter := mapRange(mapv) + iter := mapv.MapRange() for iter.Next() { val := pointerOfValue(iter.Value()) if err := mi.checkInitializedPointer(val); err != nil { @@ -336,7 +336,7 @@ func isInitMap(mapv reflect.Value, mapi *mapInfo, f *coderFieldInfo) error { } } } else { - iter := mapRange(mapv) + iter := mapv.MapRange() for iter.Next() { val := mapi.conv.valConv.PBValueOf(iter.Value()) if err := mapi.valFuncs.isInit(val); err != nil { @@ -356,7 +356,7 @@ func mergeMap(dst, src pointer, f *coderFieldInfo, opts mergeOptions) { if dstm.IsNil() { dstm.Set(reflect.MakeMap(f.ft)) } - iter := mapRange(srcm) + iter := srcm.MapRange() for iter.Next() { dstm.SetMapIndex(iter.Key(), iter.Value()) } @@ -371,7 +371,7 @@ func mergeMapOfBytes(dst, src pointer, f *coderFieldInfo, opts mergeOptions) { if dstm.IsNil() { dstm.Set(reflect.MakeMap(f.ft)) } - iter := mapRange(srcm) + iter := srcm.MapRange() for iter.Next() { dstm.SetMapIndex(iter.Key(), reflect.ValueOf(append(emptyBuf[:], iter.Value().Bytes()...))) } @@ -386,7 +386,7 @@ func mergeMapOfMessage(dst, src pointer, f *coderFieldInfo, opts mergeOptions) { if dstm.IsNil() { dstm.Set(reflect.MakeMap(f.ft)) } - iter := mapRange(srcm) + iter := srcm.MapRange() for iter.Next() { val := reflect.New(f.ft.Elem().Elem()) if f.mi != nil { diff --git a/vendor/google.golang.org/protobuf/internal/impl/codec_map_go111.go b/vendor/google.golang.org/protobuf/internal/impl/codec_map_go111.go deleted file mode 100644 index 4b15493f2f4..00000000000 --- a/vendor/google.golang.org/protobuf/internal/impl/codec_map_go111.go +++ /dev/null @@ -1,38 +0,0 @@ -// Copyright 2019 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -//go:build !go1.12 -// +build !go1.12 - -package impl - -import "reflect" - -type mapIter struct { - v reflect.Value - keys []reflect.Value -} - -// mapRange provides a less-efficient equivalent to -// the Go 1.12 reflect.Value.MapRange method. -func mapRange(v reflect.Value) *mapIter { - return &mapIter{v: v} -} - -func (i *mapIter) Next() bool { - if i.keys == nil { - i.keys = i.v.MapKeys() - } else { - i.keys = i.keys[1:] - } - return len(i.keys) > 0 -} - -func (i *mapIter) Key() reflect.Value { - return i.keys[0] -} - -func (i *mapIter) Value() reflect.Value { - return i.v.MapIndex(i.keys[0]) -} diff --git a/vendor/google.golang.org/protobuf/internal/impl/codec_map_go112.go b/vendor/google.golang.org/protobuf/internal/impl/codec_map_go112.go deleted file mode 100644 index 0b31b66eaf8..00000000000 --- a/vendor/google.golang.org/protobuf/internal/impl/codec_map_go112.go +++ /dev/null @@ -1,12 +0,0 @@ -// Copyright 2019 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -//go:build go1.12 -// +build go1.12 - -package impl - -import "reflect" - -func mapRange(v reflect.Value) *reflect.MapIter { return v.MapRange() } diff --git a/vendor/google.golang.org/protobuf/internal/impl/codec_message.go b/vendor/google.golang.org/protobuf/internal/impl/codec_message.go index 2f7b363ec4a..111d95833d4 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/codec_message.go +++ b/vendor/google.golang.org/protobuf/internal/impl/codec_message.go @@ -118,12 +118,12 @@ func (mi *MessageInfo) makeCoderMethods(t reflect.Type, si structInfo) { }, } case isOneof: - fieldOffset = offsetOf(fs, mi.Exporter) + fieldOffset = offsetOf(fs) case fd.IsWeak(): fieldOffset = si.weakOffset funcs = makeWeakMessageFieldCoder(fd) default: - fieldOffset = offsetOf(fs, mi.Exporter) + fieldOffset = offsetOf(fs) childMessage, funcs = fieldCoder(fd, ft) } cf := &preallocFields[i] diff --git a/vendor/google.golang.org/protobuf/internal/impl/codec_message_opaque.go b/vendor/google.golang.org/protobuf/internal/impl/codec_message_opaque.go index 88c16ae5b7c..f81d7d0db9a 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/codec_message_opaque.go +++ b/vendor/google.golang.org/protobuf/internal/impl/codec_message_opaque.go @@ -45,19 +45,19 @@ func (mi *MessageInfo) makeOpaqueCoderMethods(t reflect.Type, si opaqueStructInf var childMessage *MessageInfo switch { case fd.ContainingOneof() != nil && !fd.ContainingOneof().IsSynthetic(): - fieldOffset = offsetOf(fs, mi.Exporter) + fieldOffset = offsetOf(fs) case fd.IsWeak(): fieldOffset = si.weakOffset funcs = makeWeakMessageFieldCoder(fd) case fd.Message() != nil && !fd.IsMap(): - fieldOffset = offsetOf(fs, mi.Exporter) + fieldOffset = offsetOf(fs) if fd.IsList() { childMessage, funcs = makeOpaqueRepeatedMessageFieldCoder(fd, ft) } else { childMessage, funcs = makeOpaqueMessageFieldCoder(fd, ft) } default: - fieldOffset = offsetOf(fs, mi.Exporter) + fieldOffset = offsetOf(fs) childMessage, funcs = fieldCoder(fd, ft) } cf := &coderFieldInfo{ diff --git a/vendor/google.golang.org/protobuf/internal/impl/convert_map.go b/vendor/google.golang.org/protobuf/internal/impl/convert_map.go index 304244a651d..e4580b3ac2e 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/convert_map.go +++ b/vendor/google.golang.org/protobuf/internal/impl/convert_map.go @@ -101,7 +101,7 @@ func (ms *mapReflect) Mutable(k protoreflect.MapKey) protoreflect.Value { return v } func (ms *mapReflect) Range(f func(protoreflect.MapKey, protoreflect.Value) bool) { - iter := mapRange(ms.v) + iter := ms.v.MapRange() for iter.Next() { k := ms.keyConv.PBValueOf(iter.Key()).MapKey() v := ms.valConv.PBValueOf(iter.Value()) diff --git a/vendor/google.golang.org/protobuf/internal/impl/message.go b/vendor/google.golang.org/protobuf/internal/impl/message.go index fa10a0f5cc9..d1f79b4224f 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/message.go +++ b/vendor/google.golang.org/protobuf/internal/impl/message.go @@ -165,28 +165,28 @@ fieldLoop: switch f := t.Field(i); f.Name { case genid.SizeCache_goname, genid.SizeCacheA_goname: if f.Type == sizecacheType { - si.sizecacheOffset = offsetOf(f, mi.Exporter) + si.sizecacheOffset = offsetOf(f) si.sizecacheType = f.Type } case genid.WeakFields_goname, genid.WeakFieldsA_goname: if f.Type == weakFieldsType { - si.weakOffset = offsetOf(f, mi.Exporter) + si.weakOffset = offsetOf(f) si.weakType = f.Type } case genid.UnknownFields_goname, genid.UnknownFieldsA_goname: if f.Type == unknownFieldsAType || f.Type == unknownFieldsBType { - si.unknownOffset = offsetOf(f, mi.Exporter) + si.unknownOffset = offsetOf(f) si.unknownType = f.Type } case genid.ExtensionFields_goname, genid.ExtensionFieldsA_goname, genid.ExtensionFieldsB_goname: if f.Type == extensionFieldsType { - si.extensionOffset = offsetOf(f, mi.Exporter) + si.extensionOffset = offsetOf(f) si.extensionType = f.Type } case "lazyFields", "XXX_lazyUnmarshalInfo": - si.lazyOffset = offsetOf(f, mi.Exporter) + si.lazyOffset = offsetOf(f) case "XXX_presence": - si.presenceOffset = offsetOf(f, mi.Exporter) + si.presenceOffset = offsetOf(f) default: for _, s := range strings.Split(f.Tag.Get("protobuf"), ",") { if len(s) > 0 && strings.Trim(s, "0123456789") == "" { diff --git a/vendor/google.golang.org/protobuf/internal/impl/message_opaque.go b/vendor/google.golang.org/protobuf/internal/impl/message_opaque.go index d7ec53f074a..d8dcd788636 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/message_opaque.go +++ b/vendor/google.golang.org/protobuf/internal/impl/message_opaque.go @@ -142,7 +142,7 @@ func (mi *MessageInfo) fieldInfoForMapOpaque(si opaqueStructInfo, fd protoreflec if ft.Kind() != reflect.Map { panic(fmt.Sprintf("invalid type: got %v, want map kind", ft)) } - fieldOffset := offsetOf(fs, mi.Exporter) + fieldOffset := offsetOf(fs) conv := NewConverter(ft, fd) return fieldInfo{ fieldDesc: fd, @@ -196,7 +196,7 @@ func (mi *MessageInfo) fieldInfoForScalarListOpaque(si opaqueStructInfo, fd prot panic(fmt.Sprintf("invalid type: got %v, want slice kind", ft)) } conv := NewConverter(reflect.PtrTo(ft), fd) - fieldOffset := offsetOf(fs, mi.Exporter) + fieldOffset := offsetOf(fs) index, _ := presenceIndex(mi.Desc, fd) return fieldInfo{ fieldDesc: fd, @@ -246,7 +246,7 @@ func (mi *MessageInfo) fieldInfoForMessageListOpaque(si opaqueStructInfo, fd pro panic(fmt.Sprintf("invalid type: got %v, want slice kind", ft)) } conv := NewConverter(ft, fd) - fieldOffset := offsetOf(fs, mi.Exporter) + fieldOffset := offsetOf(fs) index, _ := presenceIndex(mi.Desc, fd) fieldNumber := fd.Number() return fieldInfo{ @@ -339,7 +339,7 @@ func (mi *MessageInfo) fieldInfoForMessageListOpaqueNoPresence(si opaqueStructIn panic(fmt.Sprintf("invalid type: got %v, want slice kind", ft)) } conv := NewConverter(ft, fd) - fieldOffset := offsetOf(fs, mi.Exporter) + fieldOffset := offsetOf(fs) return fieldInfo{ fieldDesc: fd, has: func(p pointer) bool { @@ -411,7 +411,7 @@ func (mi *MessageInfo) fieldInfoForScalarOpaque(si opaqueStructInfo, fd protoref deref = true } conv := NewConverter(ft, fd) - fieldOffset := offsetOf(fs, mi.Exporter) + fieldOffset := offsetOf(fs) index, _ := presenceIndex(mi.Desc, fd) var getter func(p pointer) protoreflect.Value if !nullable { @@ -480,7 +480,7 @@ func (mi *MessageInfo) fieldInfoForScalarOpaque(si opaqueStructInfo, fd protoref func (mi *MessageInfo) fieldInfoForMessageOpaque(si opaqueStructInfo, fd protoreflect.FieldDescriptor, fs reflect.StructField) fieldInfo { ft := fs.Type conv := NewConverter(ft, fd) - fieldOffset := offsetOf(fs, mi.Exporter) + fieldOffset := offsetOf(fs) index, _ := presenceIndex(mi.Desc, fd) fieldNumber := fd.Number() elemType := fs.Type.Elem() diff --git a/vendor/google.golang.org/protobuf/internal/impl/message_reflect_field.go b/vendor/google.golang.org/protobuf/internal/impl/message_reflect_field.go index a740646205c..3cd1fbc21fb 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/message_reflect_field.go +++ b/vendor/google.golang.org/protobuf/internal/impl/message_reflect_field.go @@ -76,7 +76,7 @@ func fieldInfoForOneof(fd protoreflect.FieldDescriptor, fs reflect.StructField, isMessage := fd.Message() != nil // TODO: Implement unsafe fast path? - fieldOffset := offsetOf(fs, x) + fieldOffset := offsetOf(fs) return fieldInfo{ // NOTE: The logic below intentionally assumes that oneof fields are // well-formatted. That is, the oneof interface never contains a @@ -152,7 +152,7 @@ func fieldInfoForMap(fd protoreflect.FieldDescriptor, fs reflect.StructField, x conv := NewConverter(ft, fd) // TODO: Implement unsafe fast path? - fieldOffset := offsetOf(fs, x) + fieldOffset := offsetOf(fs) return fieldInfo{ fieldDesc: fd, has: func(p pointer) bool { @@ -205,7 +205,7 @@ func fieldInfoForList(fd protoreflect.FieldDescriptor, fs reflect.StructField, x conv := NewConverter(reflect.PtrTo(ft), fd) // TODO: Implement unsafe fast path? - fieldOffset := offsetOf(fs, x) + fieldOffset := offsetOf(fs) return fieldInfo{ fieldDesc: fd, has: func(p pointer) bool { @@ -269,7 +269,7 @@ func fieldInfoForScalar(fd protoreflect.FieldDescriptor, fs reflect.StructField, } } conv := NewConverter(ft, fd) - fieldOffset := offsetOf(fs, x) + fieldOffset := offsetOf(fs) // Generate specialized getter functions to avoid going through reflect.Value if nullable { @@ -333,7 +333,7 @@ func fieldInfoForScalar(fd protoreflect.FieldDescriptor, fs reflect.StructField, } func fieldInfoForWeakMessage(fd protoreflect.FieldDescriptor, weakOffset offset) fieldInfo { - if !flags.ProtoLegacy { + if !flags.ProtoLegacyWeak { panic("no support for proto1 weak fields") } @@ -410,7 +410,7 @@ func fieldInfoForMessage(fd protoreflect.FieldDescriptor, fs reflect.StructField conv := NewConverter(ft, fd) // TODO: Implement unsafe fast path? - fieldOffset := offsetOf(fs, x) + fieldOffset := offsetOf(fs) return fieldInfo{ fieldDesc: fd, has: func(p pointer) bool { @@ -419,7 +419,7 @@ func fieldInfoForMessage(fd protoreflect.FieldDescriptor, fs reflect.StructField } rv := p.Apply(fieldOffset).AsValueOf(fs.Type).Elem() if fs.Type.Kind() != reflect.Ptr { - return !isZero(rv) + return !rv.IsZero() } return !rv.IsNil() }, @@ -466,7 +466,7 @@ func makeOneofInfo(od protoreflect.OneofDescriptor, si structInfo, x exporter) * oi := &oneofInfo{oneofDesc: od} if od.IsSynthetic() { fs := si.fieldsByNumber[od.Fields().Get(0).Number()] - fieldOffset := offsetOf(fs, x) + fieldOffset := offsetOf(fs) oi.which = func(p pointer) protoreflect.FieldNumber { if p.IsNil() { return 0 @@ -479,7 +479,7 @@ func makeOneofInfo(od protoreflect.OneofDescriptor, si structInfo, x exporter) * } } else { fs := si.oneofsByName[od.Name()] - fieldOffset := offsetOf(fs, x) + fieldOffset := offsetOf(fs) oi.which = func(p pointer) protoreflect.FieldNumber { if p.IsNil() { return 0 @@ -497,41 +497,3 @@ func makeOneofInfo(od protoreflect.OneofDescriptor, si structInfo, x exporter) * } return oi } - -// isZero is identical to reflect.Value.IsZero. -// TODO: Remove this when Go1.13 is the minimally supported Go version. -func isZero(v reflect.Value) bool { - switch v.Kind() { - case reflect.Bool: - return !v.Bool() - case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: - return v.Int() == 0 - case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr: - return v.Uint() == 0 - case reflect.Float32, reflect.Float64: - return math.Float64bits(v.Float()) == 0 - case reflect.Complex64, reflect.Complex128: - c := v.Complex() - return math.Float64bits(real(c)) == 0 && math.Float64bits(imag(c)) == 0 - case reflect.Array: - for i := 0; i < v.Len(); i++ { - if !isZero(v.Index(i)) { - return false - } - } - return true - case reflect.Chan, reflect.Func, reflect.Interface, reflect.Map, reflect.Ptr, reflect.Slice, reflect.UnsafePointer: - return v.IsNil() - case reflect.String: - return v.Len() == 0 - case reflect.Struct: - for i := 0; i < v.NumField(); i++ { - if !isZero(v.Field(i)) { - return false - } - } - return true - default: - panic(&reflect.ValueError{Method: "reflect.Value.IsZero", Kind: v.Kind()}) - } -} diff --git a/vendor/google.golang.org/protobuf/internal/impl/pointer_unsafe.go b/vendor/google.golang.org/protobuf/internal/impl/pointer_unsafe.go index 041ebde2de6..6bed45e35c2 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/pointer_unsafe.go +++ b/vendor/google.golang.org/protobuf/internal/impl/pointer_unsafe.go @@ -22,7 +22,7 @@ type Pointer unsafe.Pointer type offset uintptr // offsetOf returns a field offset for the struct field. -func offsetOf(f reflect.StructField, x exporter) offset { +func offsetOf(f reflect.StructField) offset { return offset(f.Offset) } diff --git a/vendor/google.golang.org/protobuf/internal/version/version.go b/vendor/google.golang.org/protobuf/internal/version/version.go index 386c823aa64..f5c06280fe3 100644 --- a/vendor/google.golang.org/protobuf/internal/version/version.go +++ b/vendor/google.golang.org/protobuf/internal/version/version.go @@ -52,7 +52,7 @@ import ( const ( Major = 1 Minor = 36 - Patch = 2 + Patch = 3 PreRelease = "" ) diff --git a/vendor/google.golang.org/protobuf/proto/decode.go b/vendor/google.golang.org/protobuf/proto/decode.go index a3b5e142d24..e28d7acb378 100644 --- a/vendor/google.golang.org/protobuf/proto/decode.go +++ b/vendor/google.golang.org/protobuf/proto/decode.go @@ -172,7 +172,7 @@ func (o UnmarshalOptions) unmarshalMessageSlow(b []byte, m protoreflect.Message) var err error if fd == nil { err = errUnknown - } else if flags.ProtoLegacy { + } else if flags.ProtoLegacyWeak { if fd.IsWeak() && fd.Message().IsPlaceholder() { err = errUnknown // weak referent is not linked in } diff --git a/vendor/modules.txt b/vendor/modules.txt index 201cbbe2408..affb452f085 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -87,7 +87,7 @@ golang.org/x/net/bpf ## explicit; go 1.18 golang.org/x/sys/unix golang.org/x/sys/windows -# google.golang.org/protobuf v1.36.2 +# google.golang.org/protobuf v1.36.3 ## explicit; go 1.21 google.golang.org/protobuf/encoding/prototext google.golang.org/protobuf/encoding/protowire From 7b26da9ee3abf274ac90b7bedcbf11c3df43127a Mon Sep 17 00:00:00 2001 From: Evan Phoenix Date: Tue, 21 Jan 2025 09:58:31 -0800 Subject: [PATCH 0782/1176] libcontainer: Prevent startup hang when CloseExecFrom errors The previous logic caused runc to hang if CloseExecFrom returned an error, as the defer waiting on logsDone never finished as the parent process was never started (and it controls the closing of logsDone via it's logsPipe). This moves the defer to after we have started the parent, with means all the logic related to managing the logsPipe should also be running. Signed-off-by: Evan Phoenix --- libcontainer/container_linux.go | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index c99c8a6eea5..2de3382f6a0 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -324,16 +324,6 @@ func (c *Container) start(process *Process) (retErr error) { defer process.closeClonedExes() logsDone := parent.forwardChildLogs() - if logsDone != nil { - defer func() { - // Wait for log forwarder to finish. This depends on - // runc init closing the _LIBCONTAINER_LOGPIPE log fd. - err := <-logsDone - if err != nil && retErr == nil { - retErr = fmt.Errorf("unable to forward init logs: %w", err) - } - }() - } // Before starting "runc init", mark all non-stdio open files as O_CLOEXEC // to make sure we don't leak any files into "runc init". Any files to be @@ -348,6 +338,17 @@ func (c *Container) start(process *Process) (retErr error) { return fmt.Errorf("unable to start container process: %w", err) } + if logsDone != nil { + defer func() { + // Wait for log forwarder to finish. This depends on + // runc init closing the _LIBCONTAINER_LOGPIPE log fd. + err := <-logsDone + if err != nil && retErr == nil { + retErr = fmt.Errorf("unable to forward init logs: %w", err) + } + }() + } + if process.Init { c.fifo.Close() if c.config.HasHook(configs.Poststart) { From 111e8dcc0d6e6739d31d247d00ef44d5f7d21ec4 Mon Sep 17 00:00:00 2001 From: Evan Phoenix Date: Fri, 24 Jan 2025 11:53:36 -0800 Subject: [PATCH 0783/1176] libcontainer: Use MaxInt32 as the last FD to match kernel size semantics Signed-off-by: Evan Phoenix --- libcontainer/utils/utils_unix.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libcontainer/utils/utils_unix.go b/libcontainer/utils/utils_unix.go index c8ad559d931..55933b7d43b 100644 --- a/libcontainer/utils/utils_unix.go +++ b/libcontainer/utils/utils_unix.go @@ -102,7 +102,7 @@ func fdRangeFrom(minFd int, fn fdFunc) error { func CloseExecFrom(minFd int) error { // Use close_range(CLOSE_RANGE_CLOEXEC) if possible. if haveCloseRangeCloexec() { - err := unix.CloseRange(uint(minFd), math.MaxUint, unix.CLOSE_RANGE_CLOEXEC) + err := unix.CloseRange(uint(minFd), math.MaxInt32, unix.CLOSE_RANGE_CLOEXEC) return os.NewSyscallError("close_range", err) } // Otherwise, fall back to the standard loop. From 33315a05485000f7168e80e82fd2d8be502a7c6a Mon Sep 17 00:00:00 2001 From: Evan Phoenix Date: Fri, 24 Jan 2025 11:54:37 -0800 Subject: [PATCH 0784/1176] libcontainer: if close_range fails, fall back to the old way Signed-off-by: Evan Phoenix --- libcontainer/utils/utils_unix.go | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/libcontainer/utils/utils_unix.go b/libcontainer/utils/utils_unix.go index 55933b7d43b..25384da805b 100644 --- a/libcontainer/utils/utils_unix.go +++ b/libcontainer/utils/utils_unix.go @@ -103,7 +103,13 @@ func CloseExecFrom(minFd int) error { // Use close_range(CLOSE_RANGE_CLOEXEC) if possible. if haveCloseRangeCloexec() { err := unix.CloseRange(uint(minFd), math.MaxInt32, unix.CLOSE_RANGE_CLOEXEC) - return os.NewSyscallError("close_range", err) + if err == nil { + return nil + } + + logrus.Debugf("close_range failed, closing range one at a time (error: %v)", err) + + // If close_range fails, we fall back to the standard loop. } // Otherwise, fall back to the standard loop. return fdRangeFrom(minFd, unix.CloseOnExec) From 24ec764a09c241b9bd67f4b53ccce257aee7b683 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Jan 2025 04:55:54 +0000 Subject: [PATCH 0785/1176] build(deps): bump google.golang.org/protobuf from 1.36.3 to 1.36.4 Bumps google.golang.org/protobuf from 1.36.3 to 1.36.4. --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- vendor/google.golang.org/protobuf/internal/version/version.go | 2 +- vendor/modules.txt | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/go.mod b/go.mod index 3bbe1de11f6..56efc31aa84 100644 --- a/go.mod +++ b/go.mod @@ -28,7 +28,7 @@ require ( github.com/vishvananda/netlink v1.3.0 golang.org/x/net v0.34.0 golang.org/x/sys v0.29.0 - google.golang.org/protobuf v1.36.3 + google.golang.org/protobuf v1.36.4 ) require ( diff --git a/go.sum b/go.sum index 7e070fb824e..f37ccb6c3e6 100644 --- a/go.sum +++ b/go.sum @@ -95,8 +95,8 @@ golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.36.3 h1:82DV7MYdb8anAVi3qge1wSnMDrnKK7ebr+I0hHRN1BU= -google.golang.org/protobuf v1.36.3/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= +google.golang.org/protobuf v1.36.4 h1:6A3ZDJHn/eNqc1i+IdefRzy/9PokBTPvcqMySR7NNIM= +google.golang.org/protobuf v1.36.4/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/vendor/google.golang.org/protobuf/internal/version/version.go b/vendor/google.golang.org/protobuf/internal/version/version.go index f5c06280fe3..4a39af0c635 100644 --- a/vendor/google.golang.org/protobuf/internal/version/version.go +++ b/vendor/google.golang.org/protobuf/internal/version/version.go @@ -52,7 +52,7 @@ import ( const ( Major = 1 Minor = 36 - Patch = 3 + Patch = 4 PreRelease = "" ) diff --git a/vendor/modules.txt b/vendor/modules.txt index affb452f085..dda78422a68 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -87,7 +87,7 @@ golang.org/x/net/bpf ## explicit; go 1.18 golang.org/x/sys/unix golang.org/x/sys/windows -# google.golang.org/protobuf v1.36.3 +# google.golang.org/protobuf v1.36.4 ## explicit; go 1.21 google.golang.org/protobuf/encoding/prototext google.golang.org/protobuf/encoding/protowire From 70e500e7d168fde23d673f3cdf7b7ed8d6a73e80 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Mon, 13 Jan 2025 18:54:47 +1100 Subject: [PATCH 0786/1176] deps: update to github.com/cyphar/filepath-securejoin@v0.4.1 This release includes a minor breaking API change that requires us to rework the types of our wrappers, but there is no practical behaviour change. Signed-off-by: Aleksa Sarai --- go.mod | 2 +- go.sum | 4 +- libcontainer/utils/utils_unix.go | 9 ++-- .../cyphar/filepath-securejoin/CHANGELOG.md | 49 ++++++++++++++++++- .../cyphar/filepath-securejoin/VERSION | 2 +- .../cyphar/filepath-securejoin/join.go | 49 +++++++++++++++++-- .../cyphar/filepath-securejoin/mkdir_linux.go | 49 +++++++++++++------ vendor/modules.txt | 2 +- 8 files changed, 136 insertions(+), 30 deletions(-) diff --git a/go.mod b/go.mod index 3bbe1de11f6..d5edf7826eb 100644 --- a/go.mod +++ b/go.mod @@ -12,7 +12,7 @@ require ( github.com/cilium/ebpf v0.17.1 github.com/containerd/console v1.0.4 github.com/coreos/go-systemd/v22 v22.5.0 - github.com/cyphar/filepath-securejoin v0.3.6 + github.com/cyphar/filepath-securejoin v0.4.1 github.com/docker/go-units v0.5.0 github.com/godbus/dbus/v5 v5.1.0 github.com/moby/sys/capability v0.4.0 diff --git a/go.sum b/go.sum index 7e070fb824e..f9ebc689a70 100644 --- a/go.sum +++ b/go.sum @@ -10,8 +10,8 @@ github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSV github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/cpuguy83/go-md2man/v2 v2.0.5 h1:ZtcqGrnekaHpVLArFSe4HK5DoKx1T0rq2DwVB0alcyc= github.com/cpuguy83/go-md2man/v2 v2.0.5/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= -github.com/cyphar/filepath-securejoin v0.3.6 h1:4d9N5ykBnSp5Xn2JkhocYDkOpURL/18CYMpo6xB9uWM= -github.com/cyphar/filepath-securejoin v0.3.6/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI= +github.com/cyphar/filepath-securejoin v0.4.1 h1:JyxxyPEaktOD+GAnqIqTf9A8tHyAG22rowi7HkoSU1s= +github.com/cyphar/filepath-securejoin v0.4.1/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= diff --git a/libcontainer/utils/utils_unix.go b/libcontainer/utils/utils_unix.go index c8ad559d931..8f179b6aa25 100644 --- a/libcontainer/utils/utils_unix.go +++ b/libcontainer/utils/utils_unix.go @@ -287,9 +287,6 @@ func IsLexicallyInRoot(root, path string) bool { // try to detect any symlink components in the path while we are doing the // MkdirAll. // -// NOTE: Unlike os.MkdirAll, mode is not Go's os.FileMode, it is the unix mode -// (the suid/sgid/sticky bits are not the same as for os.FileMode). -// // NOTE: If unsafePath is a subpath of root, we assume that you have already // called SecureJoin and so we use the provided path verbatim without resolving // any symlinks (this is done in a way that avoids symlink-exchange races). @@ -300,7 +297,7 @@ func IsLexicallyInRoot(root, path string) bool { // handling if unsafePath has already been scoped within the rootfs (this is // needed for a lot of runc callers and fixing this would require reworking a // lot of path logic). -func MkdirAllInRootOpen(root, unsafePath string, mode uint32) (_ *os.File, Err error) { +func MkdirAllInRootOpen(root, unsafePath string, mode os.FileMode) (_ *os.File, Err error) { // If the path is already "within" the root, get the path relative to the // root and use that as the unsafe path. This is necessary because a lot of // MkdirAllInRootOpen callers have already done SecureJoin, and refactoring @@ -334,12 +331,12 @@ func MkdirAllInRootOpen(root, unsafePath string, mode uint32) (_ *os.File, Err e } defer rootDir.Close() - return securejoin.MkdirAllHandle(rootDir, unsafePath, int(mode)) + return securejoin.MkdirAllHandle(rootDir, unsafePath, mode) } // MkdirAllInRoot is a wrapper around MkdirAllInRootOpen which closes the // returned handle, for callers that don't need to use it. -func MkdirAllInRoot(root, unsafePath string, mode uint32) error { +func MkdirAllInRoot(root, unsafePath string, mode os.FileMode) error { f, err := MkdirAllInRootOpen(root, unsafePath, mode) if err == nil { _ = f.Close() diff --git a/vendor/github.com/cyphar/filepath-securejoin/CHANGELOG.md b/vendor/github.com/cyphar/filepath-securejoin/CHANGELOG.md index cb1252b53ee..ca0e3c62c76 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/CHANGELOG.md +++ b/vendor/github.com/cyphar/filepath-securejoin/CHANGELOG.md @@ -6,6 +6,51 @@ and this project adheres to [Semantic Versioning](http://semver.org/). ## [Unreleased] ## +## [0.4.1] - 2025-01-28 ## + +### Fixed ### +- The restrictions added for `root` paths passed to `SecureJoin` in 0.4.0 was + found to be too strict and caused some regressions when folks tried to + update, so this restriction has been relaxed to only return an error if the + path contains a `..` component. We still recommend users use `filepath.Clean` + (and even `filepath.EvalSymlinks`) on the `root` path they are using, but at + least you will no longer be punished for "trivial" unclean paths. + +## [0.4.0] - 2025-01-13 ## + +### Breaking #### +- `SecureJoin(VFS)` will now return an error if the provided `root` is not a + `filepath.Clean`'d path. + + While it is ultimately the responsibility of the caller to ensure the root is + a safe path to use, passing a path like `/symlink/..` as a root would result + in the `SecureJoin`'d path being placed in `/` even though `/symlink/..` + might be a different directory, and so we should more strongly discourage + such usage. + + All major users of `securejoin.SecureJoin` already ensure that the paths they + provide are safe (and this is ultimately a question of user error), but + removing this foot-gun is probably a good idea. Of course, this is + necessarily a breaking API change (though we expect no real users to be + affected by it). + + Thanks to [Erik Sjölund](https://github.com/eriksjolund), who initially + reported this issue as a possible security issue. + +- `MkdirAll` and `MkdirHandle` now take an `os.FileMode`-style mode argument + instead of a raw `unix.S_*`-style mode argument, which may cause compile-time + type errors depending on how you use `filepath-securejoin`. For most users, + there will be no change in behaviour aside from the type change (as the + bottom `0o777` bits are the same in both formats, and most users are probably + only using those bits). + + However, if you were using `unix.S_ISVTX` to set the sticky bit with + `MkdirAll(Handle)` you will need to switch to `os.ModeSticky` otherwise you + will get a runtime error with this update. In addition, the error message you + will get from passing `unix.S_ISUID` and `unix.S_ISGID` will be different as + they are treated as invalid bits now (note that previously passing said bits + was also an error). + ## [0.3.6] - 2024-12-17 ## ### Compatibility ### @@ -193,7 +238,9 @@ This is our first release of `github.com/cyphar/filepath-securejoin`, containing a full implementation with a coverage of 93.5% (the only missing cases are the error cases, which are hard to mocktest at the moment). -[Unreleased]: https://github.com/cyphar/filepath-securejoin/compare/v0.3.6...HEAD +[Unreleased]: https://github.com/cyphar/filepath-securejoin/compare/v0.4.1...HEAD +[0.4.1]: https://github.com/cyphar/filepath-securejoin/compare/v0.4.0...v0.4.1 +[0.4.0]: https://github.com/cyphar/filepath-securejoin/compare/v0.3.6...v0.4.0 [0.3.6]: https://github.com/cyphar/filepath-securejoin/compare/v0.3.5...v0.3.6 [0.3.5]: https://github.com/cyphar/filepath-securejoin/compare/v0.3.4...v0.3.5 [0.3.4]: https://github.com/cyphar/filepath-securejoin/compare/v0.3.3...v0.3.4 diff --git a/vendor/github.com/cyphar/filepath-securejoin/VERSION b/vendor/github.com/cyphar/filepath-securejoin/VERSION index 449d7e73a96..267577d47e4 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/VERSION +++ b/vendor/github.com/cyphar/filepath-securejoin/VERSION @@ -1 +1 @@ -0.3.6 +0.4.1 diff --git a/vendor/github.com/cyphar/filepath-securejoin/join.go b/vendor/github.com/cyphar/filepath-securejoin/join.go index e0ee3f2b57a..e6634d4778f 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/join.go +++ b/vendor/github.com/cyphar/filepath-securejoin/join.go @@ -1,5 +1,5 @@ // Copyright (C) 2014-2015 Docker Inc & Go Authors. All rights reserved. -// Copyright (C) 2017-2024 SUSE LLC. All rights reserved. +// Copyright (C) 2017-2025 SUSE LLC. All rights reserved. // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. @@ -24,6 +24,31 @@ func IsNotExist(err error) bool { return errors.Is(err, os.ErrNotExist) || errors.Is(err, syscall.ENOTDIR) || errors.Is(err, syscall.ENOENT) } +// errUnsafeRoot is returned if the user provides SecureJoinVFS with a path +// that contains ".." components. +var errUnsafeRoot = errors.New("root path provided to SecureJoin contains '..' components") + +// stripVolume just gets rid of the Windows volume included in a path. Based on +// some godbolt tests, the Go compiler is smart enough to make this a no-op on +// Linux. +func stripVolume(path string) string { + return path[len(filepath.VolumeName(path)):] +} + +// hasDotDot checks if the path contains ".." components in a platform-agnostic +// way. +func hasDotDot(path string) bool { + // If we are on Windows, strip any volume letters. It turns out that + // C:..\foo may (or may not) be a valid pathname and we need to handle that + // leading "..". + path = stripVolume(path) + // Look for "/../" in the path, but we need to handle leading and trailing + // ".."s by adding separators. Doing this with filepath.Separator is ugly + // so just convert to Unix-style "/" first. + path = filepath.ToSlash(path) + return strings.Contains("/"+path+"/", "/../") +} + // SecureJoinVFS joins the two given path components (similar to [filepath.Join]) except // that the returned path is guaranteed to be scoped inside the provided root // path (when evaluated). Any symbolic links in the path are evaluated with the @@ -46,7 +71,22 @@ func IsNotExist(err error) bool { // provided via direct input or when evaluating symlinks. Therefore: // // "C:\Temp" + "D:\path\to\file.txt" results in "C:\Temp\path\to\file.txt" +// +// If the provided root is not [filepath.Clean] then an error will be returned, +// as such root paths are bordering on somewhat unsafe and using such paths is +// not best practice. We also strongly suggest that any root path is first +// fully resolved using [filepath.EvalSymlinks] or otherwise constructed to +// avoid containing symlink components. Of course, the root also *must not* be +// attacker-controlled. func SecureJoinVFS(root, unsafePath string, vfs VFS) (string, error) { + // The root path must not contain ".." components, otherwise when we join + // the subpath we will end up with a weird path. We could work around this + // in other ways but users shouldn't be giving us non-lexical root paths in + // the first place. + if hasDotDot(root) { + return "", errUnsafeRoot + } + // Use the os.* VFS implementation if none was specified. if vfs == nil { vfs = osVFS{} @@ -59,9 +99,10 @@ func SecureJoinVFS(root, unsafePath string, vfs VFS) (string, error) { linksWalked int ) for remainingPath != "" { - if v := filepath.VolumeName(remainingPath); v != "" { - remainingPath = remainingPath[len(v):] - } + // On Windows, if we managed to end up at a path referencing a volume, + // drop the volume to make sure we don't end up with broken paths or + // escaping the root volume. + remainingPath = stripVolume(remainingPath) // Get the next path component. var part string diff --git a/vendor/github.com/cyphar/filepath-securejoin/mkdir_linux.go b/vendor/github.com/cyphar/filepath-securejoin/mkdir_linux.go index 5e559bb7a89..a17ae3b0387 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/mkdir_linux.go +++ b/vendor/github.com/cyphar/filepath-securejoin/mkdir_linux.go @@ -21,6 +21,33 @@ var ( errPossibleAttack = errors.New("possible attack detected") ) +// modePermExt is like os.ModePerm except that it also includes the set[ug]id +// and sticky bits. +const modePermExt = os.ModePerm | os.ModeSetuid | os.ModeSetgid | os.ModeSticky + +//nolint:cyclop // this function needs to handle a lot of cases +func toUnixMode(mode os.FileMode) (uint32, error) { + sysMode := uint32(mode.Perm()) + if mode&os.ModeSetuid != 0 { + sysMode |= unix.S_ISUID + } + if mode&os.ModeSetgid != 0 { + sysMode |= unix.S_ISGID + } + if mode&os.ModeSticky != 0 { + sysMode |= unix.S_ISVTX + } + // We don't allow file type bits. + if mode&os.ModeType != 0 { + return 0, fmt.Errorf("%w %+.3o (%s): type bits not permitted", errInvalidMode, mode, mode) + } + // We don't allow other unknown modes. + if mode&^modePermExt != 0 || sysMode&unix.S_IFMT != 0 { + return 0, fmt.Errorf("%w %+.3o (%s): unknown mode bits", errInvalidMode, mode, mode) + } + return sysMode, nil +} + // MkdirAllHandle is equivalent to [MkdirAll], except that it is safer to use // in two respects: // @@ -39,17 +66,17 @@ var ( // a brand new lookup of unsafePath (such as with [SecureJoin] or openat2) after // doing [MkdirAll]. If you intend to open the directory after creating it, you // should use MkdirAllHandle. -func MkdirAllHandle(root *os.File, unsafePath string, mode int) (_ *os.File, Err error) { - // Make sure there are no os.FileMode bits set. - if mode&^0o7777 != 0 { - return nil, fmt.Errorf("%w for mkdir 0o%.3o", errInvalidMode, mode) +func MkdirAllHandle(root *os.File, unsafePath string, mode os.FileMode) (_ *os.File, Err error) { + unixMode, err := toUnixMode(mode) + if err != nil { + return nil, err } // On Linux, mkdirat(2) (and os.Mkdir) silently ignore the suid and sgid // bits. We could also silently ignore them but since we have very few // users it seems more prudent to return an error so users notice that // these bits will not be set. - if mode&^0o1777 != 0 { - return nil, fmt.Errorf("%w for mkdir 0o%.3o: suid and sgid are ignored by mkdir", errInvalidMode, mode) + if unixMode&^0o1777 != 0 { + return nil, fmt.Errorf("%w for mkdir %+.3o: suid and sgid are ignored by mkdir", errInvalidMode, mode) } // Try to open as much of the path as possible. @@ -104,9 +131,6 @@ func MkdirAllHandle(root *os.File, unsafePath string, mode int) (_ *os.File, Err return nil, fmt.Errorf("%w: yet-to-be-created path %q contains '..' components", unix.ENOENT, remainingPath) } - // Make sure the mode doesn't have any type bits. - mode &^= unix.S_IFMT - // Create the remaining components. for _, part := range remainingParts { switch part { @@ -123,7 +147,7 @@ func MkdirAllHandle(root *os.File, unsafePath string, mode int) (_ *os.File, Err // directory at the same time as us. In that case, just continue on as // if we created it (if the created inode is not a directory, the // following open call will fail). - if err := unix.Mkdirat(int(currentDir.Fd()), part, uint32(mode)); err != nil && !errors.Is(err, unix.EEXIST) { + if err := unix.Mkdirat(int(currentDir.Fd()), part, unixMode); err != nil && !errors.Is(err, unix.EEXIST) { err = &os.PathError{Op: "mkdirat", Path: currentDir.Name() + "/" + part, Err: err} // Make the error a bit nicer if the directory is dead. if deadErr := isDeadInode(currentDir); deadErr != nil { @@ -196,10 +220,7 @@ func MkdirAllHandle(root *os.File, unsafePath string, mode int) (_ *os.File, Err // If you plan to open the directory after you have created it or want to use // an open directory handle as the root, you should use [MkdirAllHandle] instead. // This function is a wrapper around [MkdirAllHandle]. -// -// NOTE: The mode argument must be set the unix mode bits (unix.S_I...), not -// the Go generic mode bits ([os.FileMode]...). -func MkdirAll(root, unsafePath string, mode int) error { +func MkdirAll(root, unsafePath string, mode os.FileMode) error { rootDir, err := os.OpenFile(root, unix.O_PATH|unix.O_DIRECTORY|unix.O_CLOEXEC, 0) if err != nil { return err diff --git a/vendor/modules.txt b/vendor/modules.txt index affb452f085..959c97fc43c 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -27,7 +27,7 @@ github.com/coreos/go-systemd/v22/dbus # github.com/cpuguy83/go-md2man/v2 v2.0.5 ## explicit; go 1.11 github.com/cpuguy83/go-md2man/v2/md2man -# github.com/cyphar/filepath-securejoin v0.3.6 +# github.com/cyphar/filepath-securejoin v0.4.1 ## explicit; go 1.18 github.com/cyphar/filepath-securejoin # github.com/docker/go-units v0.5.0 From 200f56315e7f104aa08c02fb6a218e7b6ededaad Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 3 Jan 2025 18:14:02 -0800 Subject: [PATCH 0787/1176] libct/devices: move config to libct/cg/devices/config Currently, libcontainer/devices contains two things: 1. Device-related configuration data structures and accompanying methods. Those are used by runc itself, mostly by libct/cgroups. 2. A few functions (HostDevices, DeviceFromPath, GetDevices). Those are not used by runc directly, but have some external users (cri-o, microsoft/hcsshim), and they also have a few forks (containerd/pkg/oci, podman/pkg/util). This commit moves (1) to a new separate package, config (under libcontainer/cgroups/devices), adding a backward-compatible aliases (marked as deprecated so we will be able to remove those later). Alas it's not possible to move this to libcontainer/cgroups directly because some IDs (Type, Rule, Permissions) are too generic, and renaming them (to DeviceType, DeviceRule, DevicePermissions) will break backward compatibility (mostly due to Rule being embedded into Device). Signed-off-by: Kir Kolyshkin --- .../devices/config}/device.go | 2 +- .../cgroups/devices/config/mknod_unix.go | 14 +++++++++++++ libcontainer/devices/device_deprecated.go | 20 +++++++++++++++++++ libcontainer/devices/device_unix.go | 7 ------- 4 files changed, 35 insertions(+), 8 deletions(-) rename libcontainer/{devices => cgroups/devices/config}/device.go (99%) create mode 100644 libcontainer/cgroups/devices/config/mknod_unix.go create mode 100644 libcontainer/devices/device_deprecated.go diff --git a/libcontainer/devices/device.go b/libcontainer/cgroups/devices/config/device.go similarity index 99% rename from libcontainer/devices/device.go rename to libcontainer/cgroups/devices/config/device.go index c2c2b3bb7c0..05ad3ef8cab 100644 --- a/libcontainer/devices/device.go +++ b/libcontainer/cgroups/devices/config/device.go @@ -1,4 +1,4 @@ -package devices +package config import ( "fmt" diff --git a/libcontainer/cgroups/devices/config/mknod_unix.go b/libcontainer/cgroups/devices/config/mknod_unix.go new file mode 100644 index 00000000000..98cdc6e2fa6 --- /dev/null +++ b/libcontainer/cgroups/devices/config/mknod_unix.go @@ -0,0 +1,14 @@ +package config + +import ( + "errors" + + "golang.org/x/sys/unix" +) + +func mkDev(d *Rule) (uint64, error) { + if d.Major == Wildcard || d.Minor == Wildcard { + return 0, errors.New("cannot mkdev() device with wildcards") + } + return unix.Mkdev(uint32(d.Major), uint32(d.Minor)), nil +} diff --git a/libcontainer/devices/device_deprecated.go b/libcontainer/devices/device_deprecated.go new file mode 100644 index 00000000000..6e960a4243e --- /dev/null +++ b/libcontainer/devices/device_deprecated.go @@ -0,0 +1,20 @@ +package devices + +import "github.com/opencontainers/runc/libcontainer/cgroups/devices/config" + +// Deprecated: use [github.com/opencontainers/runc/libcontainer/cgroups/devices/config]. +const ( + Wildcard = config.Wildcard + WildcardDevice = config.WildcardDevice + BlockDevice = config.BlockDevice + CharDevice = config.CharDevice + FifoDevice = config.FifoDevice +) + +// Deprecated: use [github.com/opencontainers/runc/libcontainer/cgroups/devices/config]. +type ( + Device = config.Device + Permissions = config.Permissions + Type = config.Type + Rule = config.Rule +) diff --git a/libcontainer/devices/device_unix.go b/libcontainer/devices/device_unix.go index d00775f5142..c533eb1c67a 100644 --- a/libcontainer/devices/device_unix.go +++ b/libcontainer/devices/device_unix.go @@ -19,13 +19,6 @@ var ( osReadDir = os.ReadDir ) -func mkDev(d *Rule) (uint64, error) { - if d.Major == Wildcard || d.Minor == Wildcard { - return 0, errors.New("cannot mkdev() device with wildcards") - } - return unix.Mkdev(uint32(d.Major), uint32(d.Minor)), nil -} - // DeviceFromPath takes the path to a device and its cgroup_permissions (which // cannot be easily queried) to look up the information about a linux device // and returns that information as a Device struct. From 6c9ddcc648948d9061b86da9694d0dd9b131134b Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 3 Jan 2025 19:11:16 -0800 Subject: [PATCH 0788/1176] libct: switch from libct/devices to libct/cgroups/devices/config Use the old package name as an alias to minimize the patch. No functional change; this just eliminates a bunch of deprecation warnings. Signed-off-by: Kir Kolyshkin --- libcontainer/cgroups/config_linux.go | 2 +- libcontainer/cgroups/devices/devicefilter.go | 2 +- libcontainer/cgroups/devices/devicefilter_test.go | 2 +- libcontainer/cgroups/devices/devices_emulator.go | 2 +- libcontainer/cgroups/devices/devices_emulator_test.go | 2 +- libcontainer/cgroups/devices/systemd.go | 2 +- libcontainer/cgroups/devices/systemd_test.go | 2 +- libcontainer/cgroups/devices/v1.go | 2 +- libcontainer/cgroups/devices/v1_test.go | 2 +- libcontainer/cgroups/devices/v2.go | 2 +- libcontainer/configs/config.go | 2 +- libcontainer/integration/template_test.go | 2 +- libcontainer/integration/update_test.go | 2 +- libcontainer/rootfs_linux.go | 2 +- libcontainer/specconv/spec_linux.go | 2 +- libcontainer/specconv/spec_linux_test.go | 2 +- 16 files changed, 16 insertions(+), 16 deletions(-) diff --git a/libcontainer/cgroups/config_linux.go b/libcontainer/cgroups/config_linux.go index f1e8a15782e..3052ef50da4 100644 --- a/libcontainer/cgroups/config_linux.go +++ b/libcontainer/cgroups/config_linux.go @@ -2,7 +2,7 @@ package cgroups import ( systemdDbus "github.com/coreos/go-systemd/v22/dbus" - "github.com/opencontainers/runc/libcontainer/devices" + devices "github.com/opencontainers/runc/libcontainer/cgroups/devices/config" ) type FreezerState string diff --git a/libcontainer/cgroups/devices/devicefilter.go b/libcontainer/cgroups/devices/devicefilter.go index 5f59352bb04..416c7f27a99 100644 --- a/libcontainer/cgroups/devices/devicefilter.go +++ b/libcontainer/cgroups/devices/devicefilter.go @@ -13,7 +13,7 @@ import ( "strconv" "github.com/cilium/ebpf/asm" - "github.com/opencontainers/runc/libcontainer/devices" + devices "github.com/opencontainers/runc/libcontainer/cgroups/devices/config" "golang.org/x/sys/unix" ) diff --git a/libcontainer/cgroups/devices/devicefilter_test.go b/libcontainer/cgroups/devices/devicefilter_test.go index 23ad92ea06e..197039a7c8e 100644 --- a/libcontainer/cgroups/devices/devicefilter_test.go +++ b/libcontainer/cgroups/devices/devicefilter_test.go @@ -4,7 +4,7 @@ import ( "strings" "testing" - "github.com/opencontainers/runc/libcontainer/devices" + devices "github.com/opencontainers/runc/libcontainer/cgroups/devices/config" "github.com/opencontainers/runc/libcontainer/specconv" ) diff --git a/libcontainer/cgroups/devices/devices_emulator.go b/libcontainer/cgroups/devices/devices_emulator.go index 3e1f49f0f7a..81ff206a9e1 100644 --- a/libcontainer/cgroups/devices/devices_emulator.go +++ b/libcontainer/cgroups/devices/devices_emulator.go @@ -26,7 +26,7 @@ import ( "strconv" "strings" - "github.com/opencontainers/runc/libcontainer/devices" + devices "github.com/opencontainers/runc/libcontainer/cgroups/devices/config" ) // deviceMeta is a Rule without the Allow or Permissions fields, and no diff --git a/libcontainer/cgroups/devices/devices_emulator_test.go b/libcontainer/cgroups/devices/devices_emulator_test.go index 51c1f521eb0..c107618cc17 100644 --- a/libcontainer/cgroups/devices/devices_emulator_test.go +++ b/libcontainer/cgroups/devices/devices_emulator_test.go @@ -25,7 +25,7 @@ import ( "strings" "testing" - "github.com/opencontainers/runc/libcontainer/devices" + devices "github.com/opencontainers/runc/libcontainer/cgroups/devices/config" ) func TestDeviceEmulatorLoad(t *testing.T) { diff --git a/libcontainer/cgroups/devices/systemd.go b/libcontainer/cgroups/devices/systemd.go index e1251c5ffb1..4851b56137d 100644 --- a/libcontainer/cgroups/devices/systemd.go +++ b/libcontainer/cgroups/devices/systemd.go @@ -12,7 +12,7 @@ import ( "github.com/sirupsen/logrus" "github.com/opencontainers/runc/libcontainer/cgroups" - "github.com/opencontainers/runc/libcontainer/devices" + devices "github.com/opencontainers/runc/libcontainer/cgroups/devices/config" ) // systemdProperties takes the configured device rules and generates a diff --git a/libcontainer/cgroups/devices/systemd_test.go b/libcontainer/cgroups/devices/systemd_test.go index ef802007b07..0b3e3d4e2b8 100644 --- a/libcontainer/cgroups/devices/systemd_test.go +++ b/libcontainer/cgroups/devices/systemd_test.go @@ -9,8 +9,8 @@ import ( "testing" "github.com/opencontainers/runc/libcontainer/cgroups" + devices "github.com/opencontainers/runc/libcontainer/cgroups/devices/config" "github.com/opencontainers/runc/libcontainer/cgroups/systemd" - "github.com/opencontainers/runc/libcontainer/devices" ) // TestPodSkipDevicesUpdate checks that updating a pod having SkipDevices: true diff --git a/libcontainer/cgroups/devices/v1.go b/libcontainer/cgroups/devices/v1.go index 17e11847724..27a7ab29494 100644 --- a/libcontainer/cgroups/devices/v1.go +++ b/libcontainer/cgroups/devices/v1.go @@ -7,7 +7,7 @@ import ( "github.com/moby/sys/userns" "github.com/opencontainers/runc/libcontainer/cgroups" - "github.com/opencontainers/runc/libcontainer/devices" + devices "github.com/opencontainers/runc/libcontainer/cgroups/devices/config" ) var testingSkipFinalCheck bool diff --git a/libcontainer/cgroups/devices/v1_test.go b/libcontainer/cgroups/devices/v1_test.go index 2deb56c6e6e..5781169bef9 100644 --- a/libcontainer/cgroups/devices/v1_test.go +++ b/libcontainer/cgroups/devices/v1_test.go @@ -8,8 +8,8 @@ import ( "github.com/moby/sys/userns" "github.com/opencontainers/runc/libcontainer/cgroups" + devices "github.com/opencontainers/runc/libcontainer/cgroups/devices/config" "github.com/opencontainers/runc/libcontainer/cgroups/fscommon" - "github.com/opencontainers/runc/libcontainer/devices" ) func init() { diff --git a/libcontainer/cgroups/devices/v2.go b/libcontainer/cgroups/devices/v2.go index 23ac09f70dd..911d1ce2fd6 100644 --- a/libcontainer/cgroups/devices/v2.go +++ b/libcontainer/cgroups/devices/v2.go @@ -7,7 +7,7 @@ import ( "golang.org/x/sys/unix" "github.com/opencontainers/runc/libcontainer/cgroups" - "github.com/opencontainers/runc/libcontainer/devices" + devices "github.com/opencontainers/runc/libcontainer/cgroups/devices/config" ) func isRWM(perms devices.Permissions) bool { diff --git a/libcontainer/configs/config.go b/libcontainer/configs/config.go index 0e0ba57b179..746c7190eb7 100644 --- a/libcontainer/configs/config.go +++ b/libcontainer/configs/config.go @@ -10,7 +10,7 @@ import ( "github.com/sirupsen/logrus" "golang.org/x/sys/unix" - "github.com/opencontainers/runc/libcontainer/devices" + devices "github.com/opencontainers/runc/libcontainer/cgroups/devices/config" "github.com/opencontainers/runtime-spec/specs-go" ) diff --git a/libcontainer/integration/template_test.go b/libcontainer/integration/template_test.go index 9c5e18c6923..4d31acb09e6 100644 --- a/libcontainer/integration/template_test.go +++ b/libcontainer/integration/template_test.go @@ -7,8 +7,8 @@ import ( "time" "github.com/opencontainers/runc/libcontainer/cgroups" + devices "github.com/opencontainers/runc/libcontainer/cgroups/devices/config" "github.com/opencontainers/runc/libcontainer/configs" - "github.com/opencontainers/runc/libcontainer/devices" "github.com/opencontainers/runc/libcontainer/specconv" "golang.org/x/sys/unix" ) diff --git a/libcontainer/integration/update_test.go b/libcontainer/integration/update_test.go index 5678b6f6364..68e77b5d91c 100644 --- a/libcontainer/integration/update_test.go +++ b/libcontainer/integration/update_test.go @@ -7,8 +7,8 @@ import ( "testing" "github.com/opencontainers/runc/libcontainer" + devices "github.com/opencontainers/runc/libcontainer/cgroups/devices/config" "github.com/opencontainers/runc/libcontainer/cgroups/systemd" - "github.com/opencontainers/runc/libcontainer/devices" ) func testUpdateDevices(t *testing.T, systemd bool) { diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index 158e03c56d9..012b0506713 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -22,9 +22,9 @@ import ( "golang.org/x/sys/unix" "github.com/opencontainers/runc/libcontainer/cgroups" + devices "github.com/opencontainers/runc/libcontainer/cgroups/devices/config" "github.com/opencontainers/runc/libcontainer/cgroups/fs2" "github.com/opencontainers/runc/libcontainer/configs" - "github.com/opencontainers/runc/libcontainer/devices" "github.com/opencontainers/runc/libcontainer/utils" ) diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go index 6e3e5bde371..c8446a56a10 100644 --- a/libcontainer/specconv/spec_linux.go +++ b/libcontainer/specconv/spec_linux.go @@ -15,8 +15,8 @@ import ( systemdDbus "github.com/coreos/go-systemd/v22/dbus" dbus "github.com/godbus/dbus/v5" "github.com/opencontainers/runc/libcontainer/cgroups" + devices "github.com/opencontainers/runc/libcontainer/cgroups/devices/config" "github.com/opencontainers/runc/libcontainer/configs" - "github.com/opencontainers/runc/libcontainer/devices" "github.com/opencontainers/runc/libcontainer/internal/userns" "github.com/opencontainers/runc/libcontainer/seccomp" libcontainerUtils "github.com/opencontainers/runc/libcontainer/utils" diff --git a/libcontainer/specconv/spec_linux_test.go b/libcontainer/specconv/spec_linux_test.go index 8c7fb774f97..c8d4ae464da 100644 --- a/libcontainer/specconv/spec_linux_test.go +++ b/libcontainer/specconv/spec_linux_test.go @@ -6,9 +6,9 @@ import ( "testing" dbus "github.com/godbus/dbus/v5" + devices "github.com/opencontainers/runc/libcontainer/cgroups/devices/config" "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/configs/validate" - "github.com/opencontainers/runc/libcontainer/devices" "github.com/opencontainers/runtime-spec/specs-go" "golang.org/x/sys/unix" ) From 8e5bb0d8c453f75f4c174a0c9ad2fafeab57ec51 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 31 Jan 2025 15:56:24 -0800 Subject: [PATCH 0789/1176] deps: roll back to cilium/ebpf v0.16.0 Also, exclude v0.17.x until there is a fix for runc issue 4594. Signed-off-by: Kir Kolyshkin --- go.mod | 10 +- go.sum | 6 +- vendor/github.com/cilium/ebpf/.golangci.yaml | 6 - vendor/github.com/cilium/ebpf/CODEOWNERS | 2 - vendor/github.com/cilium/ebpf/Makefile | 6 +- vendor/github.com/cilium/ebpf/README.md | 1 - .../github.com/cilium/ebpf/asm/instruction.go | 3 +- vendor/github.com/cilium/ebpf/btf/btf.go | 24 +- .../github.com/cilium/ebpf/btf/btf_types.go | 1 - vendor/github.com/cilium/ebpf/btf/ext_info.go | 150 +++---- vendor/github.com/cilium/ebpf/btf/feature.go | 55 +-- vendor/github.com/cilium/ebpf/btf/format.go | 3 - vendor/github.com/cilium/ebpf/btf/kernel.go | 6 +- vendor/github.com/cilium/ebpf/btf/marshal.go | 83 +--- .../github.com/cilium/ebpf/btf/traversal.go | 48 +-- vendor/github.com/cilium/ebpf/btf/types.go | 138 +------ .../github.com/cilium/ebpf/btf/workarounds.go | 2 +- vendor/github.com/cilium/ebpf/collection.go | 253 ++++-------- vendor/github.com/cilium/ebpf/elf_reader.go | 172 ++------ vendor/github.com/cilium/ebpf/info.go | 370 ++---------------- .../cilium/ebpf/internal/{linux => }/auxv.go | 2 +- .../github.com/cilium/ebpf/internal/errors.go | 6 +- .../cilium/ebpf/internal/feature.go | 55 +-- .../cilium/ebpf/internal/kallsyms/cache.go | 20 - .../cilium/ebpf/internal/kallsyms/kallsyms.go | 291 +++----------- .../cilium/ebpf/internal/kallsyms/reader.go | 118 ------ .../cilium/ebpf/internal/kconfig/kconfig.go | 45 ++- .../cilium/ebpf/internal/linux/doc.go | 2 - .../cilium/ebpf/internal/linux/kconfig.go | 31 -- .../cilium/ebpf/internal/linux/version.go | 34 -- .../github.com/cilium/ebpf/internal/math.go | 28 +- .../cilium/ebpf/internal/{sys => }/pinning.go | 16 +- .../ebpf/internal/{linux => }/platform.go | 2 +- .../ebpf/internal/{linux => }/statfs.go | 2 +- .../github.com/cilium/ebpf/internal/sys/fd.go | 74 +--- .../cilium/ebpf/internal/sys/fd_trace.go | 93 +++++ .../ebpf/internal/sys/mapflags_string.go | 53 +++ .../cilium/ebpf/internal/sys/ptr.go | 6 +- .../cilium/ebpf/internal/sys/syscall.go | 37 +- .../cilium/ebpf/internal/sys/types.go | 185 +-------- .../cilium/ebpf/internal/sysenc/buffer.go | 10 +- .../internal/testutils/fdtrace/fd_trace.go | 103 ----- .../ebpf/internal/testutils/fdtrace/main.go | 31 -- .../cilium/ebpf/internal/tracefs/kprobe.go | 8 +- .../cilium/ebpf/internal/unix/types_linux.go | 5 +- .../cilium/ebpf/internal/unix/types_other.go | 5 +- .../cilium/ebpf/internal/{linux => }/vdso.go | 9 +- .../cilium/ebpf/internal/version.go | 30 ++ vendor/github.com/cilium/ebpf/link/kprobe.go | 12 +- .../cilium/ebpf/link/kprobe_multi.go | 8 +- vendor/github.com/cilium/ebpf/link/link.go | 15 +- .../github.com/cilium/ebpf/link/netfilter.go | 2 +- .../github.com/cilium/ebpf/link/perf_event.go | 8 +- .../github.com/cilium/ebpf/link/syscalls.go | 24 +- vendor/github.com/cilium/ebpf/link/tracing.go | 2 +- vendor/github.com/cilium/ebpf/link/uprobe.go | 6 +- .../cilium/ebpf/link/uprobe_multi.go | 13 +- vendor/github.com/cilium/ebpf/linker.go | 41 -- vendor/github.com/cilium/ebpf/map.go | 127 ++---- vendor/github.com/cilium/ebpf/memory.go | 145 ------- vendor/github.com/cilium/ebpf/prog.go | 102 ++--- vendor/github.com/cilium/ebpf/syscalls.go | 80 ++-- vendor/github.com/cilium/ebpf/types.go | 28 +- vendor/github.com/cilium/ebpf/types_string.go | 8 +- vendor/github.com/cilium/ebpf/variable.go | 230 ----------- vendor/golang.org/x/exp/LICENSE | 27 ++ vendor/golang.org/x/exp/PATENTS | 22 ++ .../x/exp/constraints/constraints.go | 50 +++ vendor/modules.txt | 9 +- 69 files changed, 872 insertions(+), 2727 deletions(-) rename vendor/github.com/cilium/ebpf/internal/{linux => }/auxv.go (98%) delete mode 100644 vendor/github.com/cilium/ebpf/internal/kallsyms/cache.go delete mode 100644 vendor/github.com/cilium/ebpf/internal/kallsyms/reader.go delete mode 100644 vendor/github.com/cilium/ebpf/internal/linux/doc.go delete mode 100644 vendor/github.com/cilium/ebpf/internal/linux/kconfig.go delete mode 100644 vendor/github.com/cilium/ebpf/internal/linux/version.go rename vendor/github.com/cilium/ebpf/internal/{sys => }/pinning.go (77%) rename vendor/github.com/cilium/ebpf/internal/{linux => }/platform.go (97%) rename vendor/github.com/cilium/ebpf/internal/{linux => }/statfs.go (96%) create mode 100644 vendor/github.com/cilium/ebpf/internal/sys/fd_trace.go create mode 100644 vendor/github.com/cilium/ebpf/internal/sys/mapflags_string.go delete mode 100644 vendor/github.com/cilium/ebpf/internal/testutils/fdtrace/fd_trace.go delete mode 100644 vendor/github.com/cilium/ebpf/internal/testutils/fdtrace/main.go rename vendor/github.com/cilium/ebpf/internal/{linux => }/vdso.go (93%) delete mode 100644 vendor/github.com/cilium/ebpf/memory.go delete mode 100644 vendor/github.com/cilium/ebpf/variable.go create mode 100644 vendor/golang.org/x/exp/LICENSE create mode 100644 vendor/golang.org/x/exp/PATENTS create mode 100644 vendor/golang.org/x/exp/constraints/constraints.go diff --git a/go.mod b/go.mod index a25592b1c12..5fff44cc736 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,7 @@ toolchain go1.22.4 require ( github.com/checkpoint-restore/go-criu/v6 v6.3.0 - github.com/cilium/ebpf v0.17.1 + github.com/cilium/ebpf v0.16.0 github.com/containerd/console v1.0.4 github.com/coreos/go-systemd/v22 v22.5.0 github.com/cyphar/filepath-securejoin v0.4.1 @@ -31,8 +31,16 @@ require ( google.golang.org/protobuf v1.36.4 ) +// https://github.com/cilium/ebpf/pull/1660 +exclude ( + github.com/cilium/ebpf v0.17.0 + github.com/cilium/ebpf v0.17.1 + github.com/cilium/ebpf v0.17.2 +) + require ( github.com/cpuguy83/go-md2man/v2 v2.0.5 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/vishvananda/netns v0.0.4 // indirect + golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2 // indirect ) diff --git a/go.sum b/go.sum index aa8a64296ea..b7b2d42ce1e 100644 --- a/go.sum +++ b/go.sum @@ -1,8 +1,8 @@ github.com/BurntSushi/toml v1.4.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= github.com/checkpoint-restore/go-criu/v6 v6.3.0 h1:mIdrSO2cPNWQY1truPg6uHLXyKHk3Z5Odx4wjKOASzA= github.com/checkpoint-restore/go-criu/v6 v6.3.0/go.mod h1:rrRTN/uSwY2X+BPRl/gkulo9gsKOSAeVp9/K2tv7xZI= -github.com/cilium/ebpf v0.17.1 h1:G8mzU81R2JA1nE5/8SRubzqvBMmAmri2VL8BIZPWvV0= -github.com/cilium/ebpf v0.17.1/go.mod h1:vay2FaYSmIlv3r8dNACd4mW/OCaZLJKJOo+IHBvCIO8= +github.com/cilium/ebpf v0.16.0 h1:+BiEnHL6Z7lXnlGUsXQPPAE7+kenAd4ES8MQ5min0Ok= +github.com/cilium/ebpf v0.16.0/go.mod h1:L7u2Blt2jMM/vLAVgjxluxtBKlz3/GWjB0dMOEngfwE= github.com/containerd/console v1.0.4 h1:F2g4+oChYvBTsASRTz8NP6iIAi97J3TtSAsLbIFn4ro= github.com/containerd/console v1.0.4/go.mod h1:YynlIjWYF8myEu6sdkwKIvGQq+cOckRm6So2avqoYAk= github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs= @@ -81,6 +81,8 @@ github.com/vishvananda/netlink v1.3.0 h1:X7l42GfcV4S6E4vHTsw48qbrV+9PVojNfIhZcwQ github.com/vishvananda/netlink v1.3.0/go.mod h1:i6NetklAujEcC6fK0JPjT8qSwWyO0HLn4UKG+hGqeJs= github.com/vishvananda/netns v0.0.4 h1:Oeaw1EM2JMxD51g9uhtC0D7erkIjgmj8+JZc26m1YX8= github.com/vishvananda/netns v0.0.4/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM= +golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2 h1:Jvc7gsqn21cJHCmAWx0LiimpP18LZmUxkT5Mp7EZ1mI= +golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= golang.org/x/net v0.34.0 h1:Mb7Mrk043xzHgnRM88suvJFwzVrRfHEHJEl5/71CKw0= golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k= golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= diff --git a/vendor/github.com/cilium/ebpf/.golangci.yaml b/vendor/github.com/cilium/ebpf/.golangci.yaml index 366d4893f20..65f91b910bf 100644 --- a/vendor/github.com/cilium/ebpf/.golangci.yaml +++ b/vendor/github.com/cilium/ebpf/.golangci.yaml @@ -11,9 +11,3 @@ linters: - typecheck - unused - gofmt -linters-settings: - goimports: - # A comma-separated list of prefixes, which, if set, checks import paths - # with the given prefixes are grouped after 3rd-party packages. - # Default: "" - local-prefixes: github.com/cilium/ebpf diff --git a/vendor/github.com/cilium/ebpf/CODEOWNERS b/vendor/github.com/cilium/ebpf/CODEOWNERS index 0f76dce85c8..ca65d23c09d 100644 --- a/vendor/github.com/cilium/ebpf/CODEOWNERS +++ b/vendor/github.com/cilium/ebpf/CODEOWNERS @@ -9,5 +9,3 @@ ringbuf/ @florianl btf/ @dylandreimerink cmd/bpf2go/ @mejedi - -docs/ @ti-mo diff --git a/vendor/github.com/cilium/ebpf/Makefile b/vendor/github.com/cilium/ebpf/Makefile index e0fe9749206..d355eea71ca 100644 --- a/vendor/github.com/cilium/ebpf/Makefile +++ b/vendor/github.com/cilium/ebpf/Makefile @@ -39,18 +39,16 @@ TARGETS := \ testdata/subprog_reloc \ testdata/fwd_decl \ testdata/kconfig \ - testdata/ksym \ + testdata/kconfig_config \ testdata/kfunc \ testdata/invalid-kfunc \ testdata/kfunc-kmod \ testdata/constants \ testdata/errors \ - testdata/variables \ btf/testdata/relocs \ btf/testdata/relocs_read \ btf/testdata/relocs_read_tgt \ btf/testdata/relocs_enum \ - btf/testdata/tags \ cmd/bpf2go/testdata/minimal .PHONY: all clean container-all container-shell generate @@ -59,7 +57,7 @@ TARGETS := \ # Build all ELF binaries using a containerized LLVM toolchain. container-all: - +${CONTAINER_ENGINE} run --rm -ti ${CONTAINER_RUN_ARGS} \ + +${CONTAINER_ENGINE} run --rm -t ${CONTAINER_RUN_ARGS} \ -v "${REPODIR}":/ebpf -w /ebpf --env MAKEFLAGS \ --env HOME="/tmp" \ --env BPF2GO_CC="$(CLANG)" \ diff --git a/vendor/github.com/cilium/ebpf/README.md b/vendor/github.com/cilium/ebpf/README.md index 8238256c8ed..85871db1ae3 100644 --- a/vendor/github.com/cilium/ebpf/README.md +++ b/vendor/github.com/cilium/ebpf/README.md @@ -53,7 +53,6 @@ This library includes the following packages: * [rlimit](https://pkg.go.dev/github.com/cilium/ebpf/rlimit) provides a convenient API to lift the `RLIMIT_MEMLOCK` constraint on kernels before 5.11. * [btf](https://pkg.go.dev/github.com/cilium/ebpf/btf) allows reading the BPF Type Format. -* [pin](https://pkg.go.dev/github.com/cilium/ebpf/pin) provides APIs for working with pinned objects on bpffs. ## Requirements diff --git a/vendor/github.com/cilium/ebpf/asm/instruction.go b/vendor/github.com/cilium/ebpf/asm/instruction.go index 86b384c02a9..67cd39d6f67 100644 --- a/vendor/github.com/cilium/ebpf/asm/instruction.go +++ b/vendor/github.com/cilium/ebpf/asm/instruction.go @@ -12,6 +12,7 @@ import ( "strings" "github.com/cilium/ebpf/internal/sys" + "github.com/cilium/ebpf/internal/unix" ) // InstructionSize is the size of a BPF instruction in bytes @@ -803,7 +804,7 @@ func (insns Instructions) Tag(bo binary.ByteOrder) (string, error) { return "", fmt.Errorf("instruction %d: %w", i, err) } } - return hex.EncodeToString(h.Sum(nil)[:sys.BPF_TAG_SIZE]), nil + return hex.EncodeToString(h.Sum(nil)[:unix.BPF_TAG_SIZE]), nil } // encodeFunctionReferences populates the Offset (or Constant, depending on diff --git a/vendor/github.com/cilium/ebpf/btf/btf.go b/vendor/github.com/cilium/ebpf/btf/btf.go index 880c5ade0c1..671f680b2af 100644 --- a/vendor/github.com/cilium/ebpf/btf/btf.go +++ b/vendor/github.com/cilium/ebpf/btf/btf.go @@ -443,19 +443,13 @@ func fixupDatasec(types []Type, sectionSizes map[string]uint32, offsets map[symb // Some Datasecs are virtual and don't have corresponding ELF sections. switch name { case ".ksyms": - // .ksyms describes forward declarations of kfunc signatures, as well as - // references to kernel symbols. + // .ksyms describes forward declarations of kfunc signatures. // Nothing to fix up, all sizes and offsets are 0. for _, vsi := range ds.Vars { - switch t := vsi.Type.(type) { - case *Func: - continue - case *Var: - if _, ok := t.Type.(*Void); !ok { - return fmt.Errorf("data section %s: expected %s to be *Void, not %T: %w", name, vsi.Type.TypeName(), vsi.Type, ErrNotSupported) - } - default: - return fmt.Errorf("data section %s: expected to be either *btf.Func or *btf.Var, not %T: %w", name, vsi.Type, ErrNotSupported) + _, ok := vsi.Type.(*Func) + if !ok { + // Only Funcs are supported in the .ksyms Datasec. + return fmt.Errorf("data section %s: expected *btf.Func, not %T: %w", name, vsi.Type, ErrNotSupported) } } @@ -701,13 +695,5 @@ func (iter *TypesIterator) Next() bool { iter.Type, ok = iter.spec.typeByID(iter.id) iter.id++ iter.done = !ok - if !iter.done { - // Skip declTags, during unmarshaling declTags become `Tags` fields of other types. - // We keep them in the spec to avoid holes in the ID space, but for the purposes of - // iteration, they are not useful to the user. - if _, ok := iter.Type.(*declTag); ok { - return iter.Next() - } - } return !iter.done } diff --git a/vendor/github.com/cilium/ebpf/btf/btf_types.go b/vendor/github.com/cilium/ebpf/btf/btf_types.go index 320311b3320..f0e327abc0e 100644 --- a/vendor/github.com/cilium/ebpf/btf/btf_types.go +++ b/vendor/github.com/cilium/ebpf/btf/btf_types.go @@ -39,7 +39,6 @@ const ( kindFloat // Float // Added 5.16 kindDeclTag // DeclTag - // Added 5.17 kindTypeTag // TypeTag // Added 6.0 kindEnum64 // Enum64 diff --git a/vendor/github.com/cilium/ebpf/btf/ext_info.go b/vendor/github.com/cilium/ebpf/btf/ext_info.go index 2c684fe2a79..eb9044badf2 100644 --- a/vendor/github.com/cilium/ebpf/btf/ext_info.go +++ b/vendor/github.com/cilium/ebpf/btf/ext_info.go @@ -16,8 +16,8 @@ import ( // ExtInfos contains ELF section metadata. type ExtInfos struct { // The slices are sorted by offset in ascending order. - funcInfos map[string]FuncOffsets - lineInfos map[string]LineOffsets + funcInfos map[string]FuncInfos + lineInfos map[string]LineInfos relocationInfos map[string]CORERelocationInfos } @@ -58,9 +58,9 @@ func loadExtInfos(r io.ReaderAt, bo binary.ByteOrder, spec *Spec) (*ExtInfos, er return nil, fmt.Errorf("parsing BTF function info: %w", err) } - funcInfos := make(map[string]FuncOffsets, len(btfFuncInfos)) + funcInfos := make(map[string]FuncInfos, len(btfFuncInfos)) for section, bfis := range btfFuncInfos { - funcInfos[section], err = newFuncOffsets(bfis, spec) + funcInfos[section], err = newFuncInfos(bfis, spec) if err != nil { return nil, fmt.Errorf("section %s: func infos: %w", section, err) } @@ -72,7 +72,7 @@ func loadExtInfos(r io.ReaderAt, bo binary.ByteOrder, spec *Spec) (*ExtInfos, er return nil, fmt.Errorf("parsing BTF line info: %w", err) } - lineInfos := make(map[string]LineOffsets, len(btfLineInfos)) + lineInfos := make(map[string]LineInfos, len(btfLineInfos)) for section, blis := range btfLineInfos { lineInfos[section], err = newLineInfos(blis, spec.strings) if err != nil { @@ -102,10 +102,8 @@ func loadExtInfos(r io.ReaderAt, bo binary.ByteOrder, spec *Spec) (*ExtInfos, er return &ExtInfos{funcInfos, lineInfos, coreRelos}, nil } -type ( - funcInfoMeta struct{} - coreRelocationMeta struct{} -) +type funcInfoMeta struct{} +type coreRelocationMeta struct{} // Assign per-section metadata from BTF to a section's instructions. func (ei *ExtInfos) Assign(insns asm.Instructions, section string) { @@ -119,20 +117,20 @@ func (ei *ExtInfos) Assign(insns asm.Instructions, section string) { // Assign per-instruction metadata to the instructions in insns. func AssignMetadataToInstructions( insns asm.Instructions, - funcInfos FuncOffsets, - lineInfos LineOffsets, + funcInfos FuncInfos, + lineInfos LineInfos, reloInfos CORERelocationInfos, ) { iter := insns.Iterate() for iter.Next() { - if len(funcInfos) > 0 && funcInfos[0].Offset == iter.Offset { - *iter.Ins = WithFuncMetadata(*iter.Ins, funcInfos[0].Func) - funcInfos = funcInfos[1:] + if len(funcInfos.infos) > 0 && funcInfos.infos[0].offset == iter.Offset { + *iter.Ins = WithFuncMetadata(*iter.Ins, funcInfos.infos[0].fn) + funcInfos.infos = funcInfos.infos[1:] } - if len(lineInfos) > 0 && lineInfos[0].Offset == iter.Offset { - *iter.Ins = iter.Ins.WithSource(lineInfos[0].Line) - lineInfos = lineInfos[1:] + if len(lineInfos.infos) > 0 && lineInfos.infos[0].offset == iter.Offset { + *iter.Ins = iter.Ins.WithSource(lineInfos.infos[0].line) + lineInfos.infos = lineInfos.infos[1:] } if len(reloInfos.infos) > 0 && reloInfos.infos[0].offset == iter.Offset { @@ -161,9 +159,9 @@ marshal: var fiBuf, liBuf bytes.Buffer for { if fn := FuncMetadata(iter.Ins); fn != nil { - fi := &FuncOffset{ - Func: fn, - Offset: iter.Offset, + fi := &funcInfo{ + fn: fn, + offset: iter.Offset, } if err := fi.marshal(&fiBuf, b); err != nil { return nil, nil, fmt.Errorf("write func info: %w", err) @@ -180,9 +178,9 @@ marshal: } } - li := &LineOffset{ - Offset: iter.Offset, - Line: line, + li := &lineInfo{ + line: line, + offset: iter.Offset, } if err := li.marshal(&liBuf, b); err != nil { return nil, nil, fmt.Errorf("write line info: %w", err) @@ -335,17 +333,17 @@ func parseExtInfoRecordSize(r io.Reader, bo binary.ByteOrder) (uint32, error) { return recordSize, nil } -// FuncOffsets is a sorted slice of FuncOffset. -type FuncOffsets []FuncOffset +// FuncInfos contains a sorted list of func infos. +type FuncInfos struct { + infos []funcInfo +} // The size of a FuncInfo in BTF wire format. var FuncInfoSize = uint32(binary.Size(bpfFuncInfo{})) -// FuncOffset represents a [btf.Func] and its raw instruction offset within a -// BPF program. -type FuncOffset struct { - Offset asm.RawInstructionOffset - Func *Func +type funcInfo struct { + fn *Func + offset asm.RawInstructionOffset } type bpfFuncInfo struct { @@ -354,7 +352,7 @@ type bpfFuncInfo struct { TypeID TypeID } -func newFuncOffset(fi bpfFuncInfo, spec *Spec) (*FuncOffset, error) { +func newFuncInfo(fi bpfFuncInfo, spec *Spec) (*funcInfo, error) { typ, err := spec.TypeByID(fi.TypeID) if err != nil { return nil, err @@ -370,32 +368,31 @@ func newFuncOffset(fi bpfFuncInfo, spec *Spec) (*FuncOffset, error) { return nil, fmt.Errorf("func with type ID %d doesn't have a name", fi.TypeID) } - return &FuncOffset{ - asm.RawInstructionOffset(fi.InsnOff), + return &funcInfo{ fn, + asm.RawInstructionOffset(fi.InsnOff), }, nil } -func newFuncOffsets(bfis []bpfFuncInfo, spec *Spec) (FuncOffsets, error) { - fos := make(FuncOffsets, 0, len(bfis)) - +func newFuncInfos(bfis []bpfFuncInfo, spec *Spec) (FuncInfos, error) { + fis := FuncInfos{ + infos: make([]funcInfo, 0, len(bfis)), + } for _, bfi := range bfis { - fi, err := newFuncOffset(bfi, spec) + fi, err := newFuncInfo(bfi, spec) if err != nil { - return FuncOffsets{}, fmt.Errorf("offset %d: %w", bfi.InsnOff, err) + return FuncInfos{}, fmt.Errorf("offset %d: %w", bfi.InsnOff, err) } - fos = append(fos, *fi) + fis.infos = append(fis.infos, *fi) } - sort.Slice(fos, func(i, j int) bool { - return fos[i].Offset <= fos[j].Offset + sort.Slice(fis.infos, func(i, j int) bool { + return fis.infos[i].offset <= fis.infos[j].offset }) - return fos, nil + return fis, nil } -// LoadFuncInfos parses BTF func info from kernel wire format into a -// [FuncOffsets], a sorted slice of [btf.Func]s of (sub)programs within a BPF -// program with their corresponding raw instruction offsets. -func LoadFuncInfos(reader io.Reader, bo binary.ByteOrder, recordNum uint32, spec *Spec) (FuncOffsets, error) { +// LoadFuncInfos parses BTF func info in kernel wire format. +func LoadFuncInfos(reader io.Reader, bo binary.ByteOrder, recordNum uint32, spec *Spec) (FuncInfos, error) { fis, err := parseFuncInfoRecords( reader, bo, @@ -404,20 +401,20 @@ func LoadFuncInfos(reader io.Reader, bo binary.ByteOrder, recordNum uint32, spec false, ) if err != nil { - return FuncOffsets{}, fmt.Errorf("parsing BTF func info: %w", err) + return FuncInfos{}, fmt.Errorf("parsing BTF func info: %w", err) } - return newFuncOffsets(fis, spec) + return newFuncInfos(fis, spec) } // marshal into the BTF wire format. -func (fi *FuncOffset) marshal(w *bytes.Buffer, b *Builder) error { - id, err := b.Add(fi.Func) +func (fi *funcInfo) marshal(w *bytes.Buffer, b *Builder) error { + id, err := b.Add(fi.fn) if err != nil { return err } bfi := bpfFuncInfo{ - InsnOff: uint32(fi.Offset), + InsnOff: uint32(fi.offset), TypeID: id, } buf := make([]byte, FuncInfoSize) @@ -518,13 +515,14 @@ func (li *Line) String() string { return li.line } -// LineOffsets contains a sorted list of line infos. -type LineOffsets []LineOffset +// LineInfos contains a sorted list of line infos. +type LineInfos struct { + infos []lineInfo +} -// LineOffset represents a line info and its raw instruction offset. -type LineOffset struct { - Offset asm.RawInstructionOffset - Line *Line +type lineInfo struct { + line *Line + offset asm.RawInstructionOffset } // Constants for the format of bpfLineInfo.LineCol. @@ -543,7 +541,7 @@ type bpfLineInfo struct { } // LoadLineInfos parses BTF line info in kernel wire format. -func LoadLineInfos(reader io.Reader, bo binary.ByteOrder, recordNum uint32, spec *Spec) (LineOffsets, error) { +func LoadLineInfos(reader io.Reader, bo binary.ByteOrder, recordNum uint32, spec *Spec) (LineInfos, error) { lis, err := parseLineInfoRecords( reader, bo, @@ -552,55 +550,57 @@ func LoadLineInfos(reader io.Reader, bo binary.ByteOrder, recordNum uint32, spec false, ) if err != nil { - return LineOffsets{}, fmt.Errorf("parsing BTF line info: %w", err) + return LineInfos{}, fmt.Errorf("parsing BTF line info: %w", err) } return newLineInfos(lis, spec.strings) } -func newLineInfo(li bpfLineInfo, strings *stringTable) (LineOffset, error) { +func newLineInfo(li bpfLineInfo, strings *stringTable) (lineInfo, error) { line, err := strings.Lookup(li.LineOff) if err != nil { - return LineOffset{}, fmt.Errorf("lookup of line: %w", err) + return lineInfo{}, fmt.Errorf("lookup of line: %w", err) } fileName, err := strings.Lookup(li.FileNameOff) if err != nil { - return LineOffset{}, fmt.Errorf("lookup of filename: %w", err) + return lineInfo{}, fmt.Errorf("lookup of filename: %w", err) } lineNumber := li.LineCol >> bpfLineShift lineColumn := li.LineCol & bpfColumnMax - return LineOffset{ - asm.RawInstructionOffset(li.InsnOff), + return lineInfo{ &Line{ fileName, line, lineNumber, lineColumn, }, + asm.RawInstructionOffset(li.InsnOff), }, nil } -func newLineInfos(blis []bpfLineInfo, strings *stringTable) (LineOffsets, error) { - lis := make([]LineOffset, 0, len(blis)) +func newLineInfos(blis []bpfLineInfo, strings *stringTable) (LineInfos, error) { + lis := LineInfos{ + infos: make([]lineInfo, 0, len(blis)), + } for _, bli := range blis { li, err := newLineInfo(bli, strings) if err != nil { - return LineOffsets{}, fmt.Errorf("offset %d: %w", bli.InsnOff, err) + return LineInfos{}, fmt.Errorf("offset %d: %w", bli.InsnOff, err) } - lis = append(lis, li) + lis.infos = append(lis.infos, li) } - sort.Slice(lis, func(i, j int) bool { - return lis[i].Offset <= lis[j].Offset + sort.Slice(lis.infos, func(i, j int) bool { + return lis.infos[i].offset <= lis.infos[j].offset }) return lis, nil } // marshal writes the binary representation of the LineInfo to w. -func (li *LineOffset) marshal(w *bytes.Buffer, b *Builder) error { - line := li.Line +func (li *lineInfo) marshal(w *bytes.Buffer, b *Builder) error { + line := li.line if line.lineNumber > bpfLineMax { return fmt.Errorf("line %d exceeds %d", line.lineNumber, bpfLineMax) } @@ -620,7 +620,7 @@ func (li *LineOffset) marshal(w *bytes.Buffer, b *Builder) error { } bli := bpfLineInfo{ - uint32(li.Offset), + uint32(li.offset), fileNameOff, lineOff, (line.lineNumber << bpfLineShift) | line.lineColumn, @@ -799,7 +799,7 @@ func parseCORERelos(r io.Reader, bo binary.ByteOrder, strings *stringTable) (map return nil, err } - records, err := parseCOREReloRecords(r, bo, infoHeader.NumInfo) + records, err := parseCOREReloRecords(r, bo, recordSize, infoHeader.NumInfo) if err != nil { return nil, fmt.Errorf("section %v: %w", secName, err) } @@ -811,7 +811,7 @@ func parseCORERelos(r io.Reader, bo binary.ByteOrder, strings *stringTable) (map // parseCOREReloRecords parses a stream of CO-RE relocation entries into a // coreRelos. These records appear after a btf_ext_info_sec header in the // core_relos sub-section of .BTF.ext. -func parseCOREReloRecords(r io.Reader, bo binary.ByteOrder, recordNum uint32) ([]bpfCORERelo, error) { +func parseCOREReloRecords(r io.Reader, bo binary.ByteOrder, recordSize uint32, recordNum uint32) ([]bpfCORERelo, error) { var out []bpfCORERelo var relo bpfCORERelo diff --git a/vendor/github.com/cilium/ebpf/btf/feature.go b/vendor/github.com/cilium/ebpf/btf/feature.go index e71c707fe4d..6feb08dfbb0 100644 --- a/vendor/github.com/cilium/ebpf/btf/feature.go +++ b/vendor/github.com/cilium/ebpf/btf/feature.go @@ -11,19 +11,19 @@ import ( // haveBTF attempts to load a BTF blob containing an Int. It should pass on any // kernel that supports BPF_BTF_LOAD. -var haveBTF = internal.NewFeatureTest("BTF", func() error { +var haveBTF = internal.NewFeatureTest("BTF", "4.18", func() error { // 0-length anonymous integer err := probeBTF(&Int{}) if errors.Is(err, unix.EINVAL) || errors.Is(err, unix.EPERM) { return internal.ErrNotSupported } return err -}, "4.18") +}) // haveMapBTF attempts to load a minimal BTF blob containing a Var. It is // used as a proxy for .bss, .data and .rodata map support, which generally // come with a Var and Datasec. These were introduced in Linux 5.2. -var haveMapBTF = internal.NewFeatureTest("Map BTF (Var/Datasec)", func() error { +var haveMapBTF = internal.NewFeatureTest("Map BTF (Var/Datasec)", "5.2", func() error { if err := haveBTF(); err != nil { return err } @@ -40,12 +40,12 @@ var haveMapBTF = internal.NewFeatureTest("Map BTF (Var/Datasec)", func() error { return internal.ErrNotSupported } return err -}, "5.2") +}) // haveProgBTF attempts to load a BTF blob containing a Func and FuncProto. It // is used as a proxy for ext_info (func_info) support, which depends on // Func(Proto) by definition. -var haveProgBTF = internal.NewFeatureTest("Program BTF (func/line_info)", func() error { +var haveProgBTF = internal.NewFeatureTest("Program BTF (func/line_info)", "5.0", func() error { if err := haveBTF(); err != nil { return err } @@ -60,9 +60,9 @@ var haveProgBTF = internal.NewFeatureTest("Program BTF (func/line_info)", func() return internal.ErrNotSupported } return err -}, "5.0") +}) -var haveFuncLinkage = internal.NewFeatureTest("BTF func linkage", func() error { +var haveFuncLinkage = internal.NewFeatureTest("BTF func linkage", "5.6", func() error { if err := haveProgBTF(); err != nil { return err } @@ -78,44 +78,9 @@ var haveFuncLinkage = internal.NewFeatureTest("BTF func linkage", func() error { return internal.ErrNotSupported } return err -}, "5.6") +}) -var haveDeclTags = internal.NewFeatureTest("BTF decl tags", func() error { - if err := haveBTF(); err != nil { - return err - } - - t := &Typedef{ - Name: "a", - Type: &Int{}, - Tags: []string{"a"}, - } - - err := probeBTF(t) - if errors.Is(err, unix.EINVAL) { - return internal.ErrNotSupported - } - return err -}, "5.16") - -var haveTypeTags = internal.NewFeatureTest("BTF type tags", func() error { - if err := haveBTF(); err != nil { - return err - } - - t := &TypeTag{ - Type: &Int{}, - Value: "a", - } - - err := probeBTF(t) - if errors.Is(err, unix.EINVAL) { - return internal.ErrNotSupported - } - return err -}, "5.17") - -var haveEnum64 = internal.NewFeatureTest("ENUM64", func() error { +var haveEnum64 = internal.NewFeatureTest("ENUM64", "6.0", func() error { if err := haveBTF(); err != nil { return err } @@ -132,7 +97,7 @@ var haveEnum64 = internal.NewFeatureTest("ENUM64", func() error { return internal.ErrNotSupported } return err -}, "6.0") +}) func probeBTF(typ Type) error { b, err := NewBuilder([]Type{typ}) diff --git a/vendor/github.com/cilium/ebpf/btf/format.go b/vendor/github.com/cilium/ebpf/btf/format.go index 3e0dedaa2bd..5e581b4a851 100644 --- a/vendor/github.com/cilium/ebpf/btf/format.go +++ b/vendor/github.com/cilium/ebpf/btf/format.go @@ -161,9 +161,6 @@ func (gf *GoFormatter) writeTypeLit(typ Type, depth int) error { case *Datasec: err = gf.writeDatasecLit(v, depth) - case *Var: - err = gf.writeTypeLit(v.Type, depth) - default: return fmt.Errorf("type %T: %w", v, ErrNotSupported) } diff --git a/vendor/github.com/cilium/ebpf/btf/kernel.go b/vendor/github.com/cilium/ebpf/btf/kernel.go index 1a9321f054c..8584ebcb932 100644 --- a/vendor/github.com/cilium/ebpf/btf/kernel.go +++ b/vendor/github.com/cilium/ebpf/btf/kernel.go @@ -8,7 +8,7 @@ import ( "sync" "github.com/cilium/ebpf/internal" - "github.com/cilium/ebpf/internal/linux" + "github.com/cilium/ebpf/internal/kallsyms" ) var kernelBTF = struct { @@ -21,6 +21,8 @@ var kernelBTF = struct { // FlushKernelSpec removes any cached kernel type information. func FlushKernelSpec() { + kallsyms.FlushKernelModuleCache() + kernelBTF.Lock() defer kernelBTF.Unlock() @@ -128,7 +130,7 @@ func loadKernelModuleSpec(module string, base *Spec) (*Spec, error) { // findVMLinux scans multiple well-known paths for vmlinux kernel images. func findVMLinux() (*os.File, error) { - release, err := linux.KernelRelease() + release, err := internal.KernelRelease() if err != nil { return nil, err } diff --git a/vendor/github.com/cilium/ebpf/btf/marshal.go b/vendor/github.com/cilium/ebpf/btf/marshal.go index d7204e62476..f14cfa6e973 100644 --- a/vendor/github.com/cilium/ebpf/btf/marshal.go +++ b/vendor/github.com/cilium/ebpf/btf/marshal.go @@ -18,10 +18,6 @@ type MarshalOptions struct { Order binary.ByteOrder // Remove function linkage information for compatibility with <5.6 kernels. StripFuncLinkage bool - // Replace decl tags with a placeholder for compatibility with <5.16 kernels. - ReplaceDeclTags bool - // Replace TypeTags with a placeholder for compatibility with <5.17 kernels. - ReplaceTypeTags bool // Replace Enum64 with a placeholder for compatibility with <6.0 kernels. ReplaceEnum64 bool // Prevent the "No type found" error when loading BTF without any types. @@ -33,8 +29,6 @@ func KernelMarshalOptions() *MarshalOptions { return &MarshalOptions{ Order: internal.NativeEndian, StripFuncLinkage: haveFuncLinkage() != nil, - ReplaceDeclTags: haveDeclTags() != nil, - ReplaceTypeTags: haveTypeTags() != nil, ReplaceEnum64: haveEnum64() != nil, PreventNoTypeFound: true, // All current kernels require this. } @@ -324,7 +318,15 @@ func (e *encoder) deflateType(typ Type) (err error) { return errors.New("Void is implicit in BTF wire format") case *Int: - e.deflateInt(&raw, v) + raw.SetKind(kindInt) + raw.SetSize(v.Size) + + var bi btfInt + bi.SetEncoding(v.Encoding) + // We need to set bits in addition to size, since btf_type_int_is_regular + // otherwise flags this as a bitfield. + bi.SetBits(byte(v.Size) * 8) + raw.data = bi case *Pointer: raw.SetKind(kindPointer) @@ -366,7 +368,8 @@ func (e *encoder) deflateType(typ Type) (err error) { raw.SetType(e.id(v.Type)) case *Const: - e.deflateConst(&raw, v) + raw.SetKind(kindConst) + raw.SetType(e.id(v.Type)) case *Restrict: raw.SetKind(kindRestrict) @@ -401,10 +404,15 @@ func (e *encoder) deflateType(typ Type) (err error) { raw.SetSize(v.Size) case *declTag: - err = e.deflateDeclTag(&raw, v) + raw.SetKind(kindDeclTag) + raw.SetType(e.id(v.Type)) + raw.data = &btfDeclTag{uint32(v.Index)} + raw.NameOff, err = e.strings.Add(v.Value) - case *TypeTag: - err = e.deflateTypeTag(&raw, v) + case *typeTag: + raw.SetKind(kindTypeTag) + raw.SetType(e.id(v.Type)) + raw.NameOff, err = e.strings.Add(v.Value) default: return fmt.Errorf("don't know how to deflate %T", v) @@ -417,57 +425,6 @@ func (e *encoder) deflateType(typ Type) (err error) { return raw.Marshal(e.buf, e.Order) } -func (e *encoder) deflateInt(raw *rawType, i *Int) { - raw.SetKind(kindInt) - raw.SetSize(i.Size) - - var bi btfInt - bi.SetEncoding(i.Encoding) - // We need to set bits in addition to size, since btf_type_int_is_regular - // otherwise flags this as a bitfield. - bi.SetBits(byte(i.Size) * 8) - raw.data = bi -} - -func (e *encoder) deflateDeclTag(raw *rawType, tag *declTag) (err error) { - // Replace a decl tag with an integer for compatibility with <5.16 kernels, - // following libbpf behaviour. - if e.ReplaceDeclTags { - typ := &Int{"decl_tag_placeholder", 1, Unsigned} - e.deflateInt(raw, typ) - - // Add the placeholder type name to the string table. The encoder added the - // original type name before this call. - raw.NameOff, err = e.strings.Add(typ.TypeName()) - return - } - - raw.SetKind(kindDeclTag) - raw.SetType(e.id(tag.Type)) - raw.data = &btfDeclTag{uint32(tag.Index)} - raw.NameOff, err = e.strings.Add(tag.Value) - return -} - -func (e *encoder) deflateConst(raw *rawType, c *Const) { - raw.SetKind(kindConst) - raw.SetType(e.id(c.Type)) -} - -func (e *encoder) deflateTypeTag(raw *rawType, tag *TypeTag) (err error) { - // Replace a type tag with a const qualifier for compatibility with <5.17 - // kernels, following libbpf behaviour. - if e.ReplaceTypeTags { - e.deflateConst(raw, &Const{tag.Type}) - return - } - - raw.SetKind(kindTypeTag) - raw.SetType(e.id(tag.Type)) - raw.NameOff, err = e.strings.Add(tag.Value) - return -} - func (e *encoder) deflateUnion(raw *rawType, union *Union) (err error) { raw.SetKind(kindUnion) raw.SetSize(union.Size) @@ -564,7 +521,7 @@ func (e *encoder) deflateEnum64(raw *rawType, enum *Enum) (err error) { }) } - return e.deflateUnion(raw, &Union{enum.Name, enum.Size, members, nil}) + return e.deflateUnion(raw, &Union{enum.Name, enum.Size, members}) } raw.SetKind(kindEnum64) diff --git a/vendor/github.com/cilium/ebpf/btf/traversal.go b/vendor/github.com/cilium/ebpf/btf/traversal.go index 13647d931ff..c39dc66e46c 100644 --- a/vendor/github.com/cilium/ebpf/btf/traversal.go +++ b/vendor/github.com/cilium/ebpf/btf/traversal.go @@ -40,12 +40,9 @@ func children(typ Type, yield func(child *Type) bool) bool { // Explicitly type switch on the most common types to allow the inliner to // do its work. This avoids allocating intermediate slices from walk() on // the heap. - var tags []string switch v := typ.(type) { - case *Void, *Int, *Enum, *Fwd, *Float, *declTag: + case *Void, *Int, *Enum, *Fwd, *Float: // No children to traverse. - // declTags is declared as a leaf type since it's parsed into .Tags fields of other types - // during unmarshaling. case *Pointer: if !yield(&v.Target) { return false @@ -62,32 +59,17 @@ func children(typ Type, yield func(child *Type) bool) bool { if !yield(&v.Members[i].Type) { return false } - for _, t := range v.Members[i].Tags { - var tag Type = &declTag{v, t, i} - if !yield(&tag) { - return false - } - } } - tags = v.Tags case *Union: for i := range v.Members { if !yield(&v.Members[i].Type) { return false } - for _, t := range v.Members[i].Tags { - var tag Type = &declTag{v, t, i} - if !yield(&tag) { - return false - } - } } - tags = v.Tags case *Typedef: if !yield(&v.Type) { return false } - tags = v.Tags case *Volatile: if !yield(&v.Type) { return false @@ -104,20 +86,6 @@ func children(typ Type, yield func(child *Type) bool) bool { if !yield(&v.Type) { return false } - if fp, ok := v.Type.(*FuncProto); ok { - for i := range fp.Params { - if len(v.ParamTags) <= i { - continue - } - for _, t := range v.ParamTags[i] { - var tag Type = &declTag{v, t, i} - if !yield(&tag) { - return false - } - } - } - } - tags = v.Tags case *FuncProto: if !yield(&v.Return) { return false @@ -131,14 +99,17 @@ func children(typ Type, yield func(child *Type) bool) bool { if !yield(&v.Type) { return false } - tags = v.Tags case *Datasec: for i := range v.Vars { if !yield(&v.Vars[i].Type) { return false } } - case *TypeTag: + case *declTag: + if !yield(&v.Type) { + return false + } + case *typeTag: if !yield(&v.Type) { return false } @@ -148,12 +119,5 @@ func children(typ Type, yield func(child *Type) bool) bool { panic(fmt.Sprintf("don't know how to walk Type %T", v)) } - for _, t := range tags { - var tag Type = &declTag{typ, t, -1} - if !yield(&tag) { - return false - } - } - return true } diff --git a/vendor/github.com/cilium/ebpf/btf/types.go b/vendor/github.com/cilium/ebpf/btf/types.go index dbcdf9dd7aa..a3397460b9d 100644 --- a/vendor/github.com/cilium/ebpf/btf/types.go +++ b/vendor/github.com/cilium/ebpf/btf/types.go @@ -67,7 +67,7 @@ var ( _ Type = (*Datasec)(nil) _ Type = (*Float)(nil) _ Type = (*declTag)(nil) - _ Type = (*TypeTag)(nil) + _ Type = (*typeTag)(nil) _ Type = (*cycle)(nil) ) @@ -169,7 +169,6 @@ type Struct struct { // The size of the struct including padding, in bytes Size uint32 Members []Member - Tags []string } func (s *Struct) Format(fs fmt.State, verb rune) { @@ -183,7 +182,6 @@ func (s *Struct) size() uint32 { return s.Size } func (s *Struct) copy() Type { cpy := *s cpy.Members = copyMembers(s.Members) - cpy.Tags = copyTags(cpy.Tags) return &cpy } @@ -197,7 +195,6 @@ type Union struct { // The size of the union including padding, in bytes. Size uint32 Members []Member - Tags []string } func (u *Union) Format(fs fmt.State, verb rune) { @@ -211,7 +208,6 @@ func (u *Union) size() uint32 { return u.Size } func (u *Union) copy() Type { cpy := *u cpy.Members = copyMembers(u.Members) - cpy.Tags = copyTags(cpy.Tags) return &cpy } @@ -222,18 +218,6 @@ func (u *Union) members() []Member { func copyMembers(orig []Member) []Member { cpy := make([]Member, len(orig)) copy(cpy, orig) - for i, member := range cpy { - cpy[i].Tags = copyTags(member.Tags) - } - return cpy -} - -func copyTags(orig []string) []string { - if orig == nil { // preserve nil vs zero-len slice distinction - return nil - } - cpy := make([]string, len(orig)) - copy(cpy, orig) return cpy } @@ -263,7 +247,6 @@ type Member struct { Type Type Offset Bits BitfieldSize Bits - Tags []string } // Enum lists possible values. @@ -351,7 +334,6 @@ func (f *Fwd) matches(typ Type) bool { type Typedef struct { Name string Type Type - Tags []string } func (td *Typedef) Format(fs fmt.State, verb rune) { @@ -362,7 +344,6 @@ func (td *Typedef) TypeName() string { return td.Name } func (td *Typedef) copy() Type { cpy := *td - cpy.Tags = copyTags(td.Tags) return &cpy } @@ -422,12 +403,6 @@ type Func struct { Name string Type Type Linkage FuncLinkage - Tags []string - // ParamTags holds a list of tags for each parameter of the FuncProto to which `Type` points. - // If no tags are present for any param, the outer slice will be nil/len(ParamTags)==0. - // If at least 1 param has a tag, the outer slice will have the same length as the number of params. - // The inner slice contains the tags and may be nil/len(ParamTags[i])==0 if no tags are present for that param. - ParamTags [][]string } func FuncMetadata(ins *asm.Instruction) *Func { @@ -449,14 +424,6 @@ func (f *Func) TypeName() string { return f.Name } func (f *Func) copy() Type { cpy := *f - cpy.Tags = copyTags(f.Tags) - if f.ParamTags != nil { // preserve nil vs zero-len slice distinction - ptCopy := make([][]string, len(f.ParamTags)) - for i, tags := range f.ParamTags { - ptCopy[i] = copyTags(tags) - } - cpy.ParamTags = ptCopy - } return &cpy } @@ -489,7 +456,6 @@ type Var struct { Name string Type Type Linkage VarLinkage - Tags []string } func (v *Var) Format(fs fmt.State, verb rune) { @@ -500,7 +466,6 @@ func (v *Var) TypeName() string { return v.Name } func (v *Var) copy() Type { cpy := *v - cpy.Tags = copyTags(v.Tags) return &cpy } @@ -575,25 +540,19 @@ func (dt *declTag) copy() Type { return &cpy } -// TypeTag associates metadata with a pointer type. Tag types act as a custom -// modifier(const, restrict, volatile) for the target type. Unlike declTags, -// TypeTags are ordered so the order in which they are added matters. -// -// One of their uses is to mark pointers as `__kptr` meaning a pointer points -// to kernel memory. Adding a `__kptr` to pointers in map values allows you -// to store pointers to kernel memory in maps. -type TypeTag struct { +// typeTag associates metadata with a type. +type typeTag struct { Type Type Value string } -func (tt *TypeTag) Format(fs fmt.State, verb rune) { +func (tt *typeTag) Format(fs fmt.State, verb rune) { formatType(fs, verb, tt, "type=", tt.Type, "value=", tt.Value) } -func (tt *TypeTag) TypeName() string { return "" } -func (tt *TypeTag) qualify() Type { return tt.Type } -func (tt *TypeTag) copy() Type { +func (tt *typeTag) TypeName() string { return "" } +func (tt *typeTag) qualify() Type { return tt.Type } +func (tt *typeTag) copy() Type { cpy := *tt return &cpy } @@ -632,7 +591,7 @@ var ( _ qualifier = (*Const)(nil) _ qualifier = (*Restrict)(nil) _ qualifier = (*Volatile)(nil) - _ qualifier = (*TypeTag)(nil) + _ qualifier = (*typeTag)(nil) ) var errUnsizedType = errors.New("type is unsized") @@ -959,7 +918,7 @@ func readAndInflateTypes(r io.Reader, bo binary.ByteOrder, typeLen uint32, rawSt if err != nil { return nil, fmt.Errorf("struct %s (id %d): %w", name, id, err) } - typ = &Struct{name, header.Size(), members, nil} + typ = &Struct{name, header.Size(), members} case kindUnion: vlen := header.Vlen() @@ -976,7 +935,7 @@ func readAndInflateTypes(r io.Reader, bo binary.ByteOrder, typeLen uint32, rawSt if err != nil { return nil, fmt.Errorf("union %s (id %d): %w", name, id, err) } - typ = &Union{name, header.Size(), members, nil} + typ = &Union{name, header.Size(), members} case kindEnum: vlen := header.Vlen() @@ -1009,7 +968,7 @@ func readAndInflateTypes(r io.Reader, bo binary.ByteOrder, typeLen uint32, rawSt typ = &Fwd{name, header.FwdKind()} case kindTypedef: - typedef := &Typedef{name, nil, nil} + typedef := &Typedef{name, nil} fixup(header.Type(), &typedef.Type) typ = typedef @@ -1029,7 +988,7 @@ func readAndInflateTypes(r io.Reader, bo binary.ByteOrder, typeLen uint32, rawSt typ = restrict case kindFunc: - fn := &Func{name, nil, header.Linkage(), nil, nil} + fn := &Func{name, nil, header.Linkage()} fixup(header.Type(), &fn.Type) typ = fn @@ -1071,7 +1030,7 @@ func readAndInflateTypes(r io.Reader, bo binary.ByteOrder, typeLen uint32, rawSt return nil, fmt.Errorf("can't read btfVariable, id: %d: %w", id, err) } - v := &Var{name, nil, VarLinkage(bVariable.Linkage), nil} + v := &Var{name, nil, VarLinkage(bVariable.Linkage)} fixup(header.Type(), &v.Type) typ = v @@ -1122,7 +1081,7 @@ func readAndInflateTypes(r io.Reader, bo binary.ByteOrder, typeLen uint32, rawSt declTags = append(declTags, dt) case kindTypeTag: - tt := &TypeTag{nil, name} + tt := &typeTag{nil, name} fixup(header.Type(), &tt.Type) typ = tt @@ -1183,69 +1142,26 @@ func readAndInflateTypes(r io.Reader, bo binary.ByteOrder, typeLen uint32, rawSt for _, dt := range declTags { switch t := dt.Type.(type) { - case *Var: - if dt.Index != -1 { - return nil, fmt.Errorf("type %s: component idx %d is not -1", dt, dt.Index) - } - t.Tags = append(t.Tags, dt.Value) - - case *Typedef: + case *Var, *Typedef: if dt.Index != -1 { - return nil, fmt.Errorf("type %s: component idx %d is not -1", dt, dt.Index) + return nil, fmt.Errorf("type %s: index %d is not -1", dt, dt.Index) } - t.Tags = append(t.Tags, dt.Value) case composite: - if dt.Index >= 0 { - members := t.members() - if dt.Index >= len(members) { - return nil, fmt.Errorf("type %s: component idx %d exceeds members of %s", dt, dt.Index, t) - } - - members[dt.Index].Tags = append(members[dt.Index].Tags, dt.Value) - continue - } - - if dt.Index == -1 { - switch t2 := t.(type) { - case *Struct: - t2.Tags = append(t2.Tags, dt.Value) - case *Union: - t2.Tags = append(t2.Tags, dt.Value) - } - - continue + if dt.Index >= len(t.members()) { + return nil, fmt.Errorf("type %s: index %d exceeds members of %s", dt, dt.Index, t) } - return nil, fmt.Errorf("type %s: decl tag for type %s has invalid component idx", dt, t) - case *Func: fp, ok := t.Type.(*FuncProto) if !ok { return nil, fmt.Errorf("type %s: %s is not a FuncProto", dt, t.Type) } - // Ensure the number of argument tag lists equals the number of arguments - if len(t.ParamTags) == 0 { - t.ParamTags = make([][]string, len(fp.Params)) - } - - if dt.Index >= 0 { - if dt.Index >= len(fp.Params) { - return nil, fmt.Errorf("type %s: component idx %d exceeds params of %s", dt, dt.Index, t) - } - - t.ParamTags[dt.Index] = append(t.ParamTags[dt.Index], dt.Value) - continue + if dt.Index >= len(fp.Params) { + return nil, fmt.Errorf("type %s: index %d exceeds params of %s", dt, dt.Index, t) } - if dt.Index == -1 { - t.Tags = append(t.Tags, dt.Value) - continue - } - - return nil, fmt.Errorf("type %s: decl tag for type %s has invalid component idx", dt, t) - default: return nil, fmt.Errorf("type %s: decl tag for type %s is not supported", dt, t) } @@ -1291,20 +1207,6 @@ func UnderlyingType(typ Type) Type { return &cycle{typ} } -// QualifiedType returns the type with all qualifiers removed. -func QualifiedType(typ Type) Type { - result := typ - for depth := 0; depth <= maxResolveDepth; depth++ { - switch v := (result).(type) { - case qualifier: - result = v.qualify() - default: - return result - } - } - return &cycle{typ} -} - // As returns typ if is of type T. Otherwise it peels qualifiers and Typedefs // until it finds a T. // diff --git a/vendor/github.com/cilium/ebpf/btf/workarounds.go b/vendor/github.com/cilium/ebpf/btf/workarounds.go index eb09047fb30..12a89b87eed 100644 --- a/vendor/github.com/cilium/ebpf/btf/workarounds.go +++ b/vendor/github.com/cilium/ebpf/btf/workarounds.go @@ -12,7 +12,7 @@ func datasecResolveWorkaround(b *Builder, ds *Datasec) error { } switch v.Type.(type) { - case *Typedef, *Volatile, *Const, *Restrict, *TypeTag: + case *Typedef, *Volatile, *Const, *Restrict, *typeTag: // NB: We must never call Add on a Datasec, otherwise we risk // infinite recursion. _, err := b.Add(v.Type) diff --git a/vendor/github.com/cilium/ebpf/collection.go b/vendor/github.com/cilium/ebpf/collection.go index 1bda110a401..b2cb214adce 100644 --- a/vendor/github.com/cilium/ebpf/collection.go +++ b/vendor/github.com/cilium/ebpf/collection.go @@ -10,10 +10,8 @@ import ( "github.com/cilium/ebpf/asm" "github.com/cilium/ebpf/btf" "github.com/cilium/ebpf/internal" - "github.com/cilium/ebpf/internal/kallsyms" "github.com/cilium/ebpf/internal/kconfig" - "github.com/cilium/ebpf/internal/linux" - "github.com/cilium/ebpf/internal/sys" + "github.com/cilium/ebpf/internal/sysenc" ) // CollectionOptions control loading a collection into the kernel. @@ -40,11 +38,6 @@ type CollectionSpec struct { Maps map[string]*MapSpec Programs map[string]*ProgramSpec - // Variables refer to global variables declared in the ELF. They can be read - // and modified freely before loading the Collection. Modifying them after - // loading has no effect on a running eBPF program. - Variables map[string]*VariableSpec - // Types holds type information about Maps and Programs. // Modifications to Types are currently undefined behaviour. Types *btf.Spec @@ -63,7 +56,6 @@ func (cs *CollectionSpec) Copy() *CollectionSpec { cpy := CollectionSpec{ Maps: make(map[string]*MapSpec, len(cs.Maps)), Programs: make(map[string]*ProgramSpec, len(cs.Programs)), - Variables: make(map[string]*VariableSpec, len(cs.Variables)), ByteOrder: cs.ByteOrder, Types: cs.Types.Copy(), } @@ -76,10 +68,6 @@ func (cs *CollectionSpec) Copy() *CollectionSpec { cpy.Programs[name] = spec.Copy() } - for name, spec := range cs.Variables { - cpy.Variables[name] = spec.copy(&cpy) - } - return &cpy } @@ -146,24 +134,65 @@ func (m *MissingConstantsError) Error() string { // From Linux 5.5 the verifier will use constants to eliminate dead code. // // Returns an error wrapping [MissingConstantsError] if a constant doesn't exist. -// -// Deprecated: Use [CollectionSpec.Variables] to interact with constants instead. -// RewriteConstants is now a wrapper around the VariableSpec API. func (cs *CollectionSpec) RewriteConstants(consts map[string]interface{}) error { - var missing []string - for n, c := range consts { - v, ok := cs.Variables[n] - if !ok { - missing = append(missing, n) + replaced := make(map[string]bool) + + for name, spec := range cs.Maps { + if !strings.HasPrefix(name, ".rodata") { continue } - if !v.Constant() { - return fmt.Errorf("variable %s is not a constant", n) + b, ds, err := spec.dataSection() + if errors.Is(err, errMapNoBTFValue) { + // Data sections without a BTF Datasec are valid, but don't support + // constant replacements. + continue + } + if err != nil { + return fmt.Errorf("map %s: %w", name, err) } - if err := v.Set(c); err != nil { - return fmt.Errorf("rewriting constant %s: %w", n, err) + // MapSpec.Copy() performs a shallow copy. Fully copy the byte slice + // to avoid any changes affecting other copies of the MapSpec. + cpy := make([]byte, len(b)) + copy(cpy, b) + + for _, v := range ds.Vars { + vname := v.Type.TypeName() + replacement, ok := consts[vname] + if !ok { + continue + } + + if _, ok := v.Type.(*btf.Var); !ok { + return fmt.Errorf("section %s: unexpected type %T for variable %s", name, v.Type, vname) + } + + if replaced[vname] { + return fmt.Errorf("section %s: duplicate variable %s", name, vname) + } + + if int(v.Offset+v.Size) > len(cpy) { + return fmt.Errorf("section %s: offset %d(+%d) for variable %s is out of bounds", name, v.Offset, v.Size, vname) + } + + b, err := sysenc.Marshal(replacement, int(v.Size)) + if err != nil { + return fmt.Errorf("marshaling constant replacement %s: %w", vname, err) + } + + b.CopyTo(cpy[v.Offset : v.Offset+v.Size]) + + replaced[vname] = true + } + + spec.Contents[0] = MapKV{Key: uint32(0), Value: cpy} + } + + var missing []string + for c := range consts { + if !replaced[c] { + missing = append(missing, c) } } @@ -181,23 +210,25 @@ func (cs *CollectionSpec) RewriteConstants(consts map[string]interface{}) error // if this sounds useful. // // 'to' must be a pointer to a struct. A field of the -// struct is updated with values from Programs, Maps or Variables if it -// has an `ebpf` tag and its type is *ProgramSpec, *MapSpec or *VariableSpec. +// struct is updated with values from Programs or Maps if it +// has an `ebpf` tag and its type is *ProgramSpec or *MapSpec. // The tag's value specifies the name of the program or map as // found in the CollectionSpec. // // struct { -// Foo *ebpf.ProgramSpec `ebpf:"xdp_foo"` -// Bar *ebpf.MapSpec `ebpf:"bar_map"` -// Var *ebpf.VariableSpec `ebpf:"some_var"` +// Foo *ebpf.ProgramSpec `ebpf:"xdp_foo"` +// Bar *ebpf.MapSpec `ebpf:"bar_map"` // Ignored int // } // // Returns an error if any of the eBPF objects can't be found, or -// if the same Spec is assigned multiple times. +// if the same MapSpec or ProgramSpec is assigned multiple times. func (cs *CollectionSpec) Assign(to interface{}) error { + // Assign() only supports assigning ProgramSpecs and MapSpecs, + // so doesn't load any resources into the kernel. getValue := func(typ reflect.Type, name string) (interface{}, error) { switch typ { + case reflect.TypeOf((*ProgramSpec)(nil)): if p := cs.Programs[name]; p != nil { return p, nil @@ -210,12 +241,6 @@ func (cs *CollectionSpec) Assign(to interface{}) error { } return nil, fmt.Errorf("missing map %q", name) - case reflect.TypeOf((*VariableSpec)(nil)): - if v := cs.Variables[name]; v != nil { - return v, nil - } - return nil, fmt.Errorf("missing variable %q", name) - default: return nil, fmt.Errorf("unsupported type %s", typ) } @@ -261,7 +286,6 @@ func (cs *CollectionSpec) LoadAndAssign(to interface{}, opts *CollectionOptions) // Support assigning Programs and Maps, lazy-loading the required objects. assignedMaps := make(map[string]bool) assignedProgs := make(map[string]bool) - assignedVars := make(map[string]bool) getValue := func(typ reflect.Type, name string) (interface{}, error) { switch typ { @@ -274,10 +298,6 @@ func (cs *CollectionSpec) LoadAndAssign(to interface{}, opts *CollectionOptions) assignedMaps[name] = true return loader.loadMap(name) - case reflect.TypeOf((*Variable)(nil)): - assignedVars[name] = true - return loader.loadVariable(name) - default: return nil, fmt.Errorf("unsupported type %s", typ) } @@ -318,22 +338,15 @@ func (cs *CollectionSpec) LoadAndAssign(to interface{}, opts *CollectionOptions) for p := range assignedProgs { delete(loader.programs, p) } - for p := range assignedVars { - delete(loader.vars, p) - } return nil } -// Collection is a collection of live BPF resources present in the kernel. +// Collection is a collection of Programs and Maps associated +// with their symbols type Collection struct { Programs map[string]*Program Maps map[string]*Map - - // Variables contains global variables used by the Collection's program(s). On - // kernels older than 5.5, most interactions with Variables return - // [ErrNotSupported]. - Variables map[string]*Variable } // NewCollection creates a Collection from the given spec, creating and @@ -374,26 +387,19 @@ func NewCollectionWithOptions(spec *CollectionSpec, opts CollectionOptions) (*Co } } - for varName := range spec.Variables { - if _, err := loader.loadVariable(varName); err != nil { - return nil, err - } - } - // Maps can contain Program and Map stubs, so populate them after // all Maps and Programs have been successfully loaded. if err := loader.populateDeferredMaps(); err != nil { return nil, err } - // Prevent loader.cleanup from closing maps, programs and vars. - maps, progs, vars := loader.maps, loader.programs, loader.vars - loader.maps, loader.programs, loader.vars = nil, nil, nil + // Prevent loader.cleanup from closing maps and programs. + maps, progs := loader.maps, loader.programs + loader.maps, loader.programs = nil, nil return &Collection{ progs, maps, - vars, }, nil } @@ -402,7 +408,6 @@ type collectionLoader struct { opts *CollectionOptions maps map[string]*Map programs map[string]*Program - vars map[string]*Variable } func newCollectionLoader(coll *CollectionSpec, opts *CollectionOptions) (*collectionLoader, error) { @@ -422,58 +427,14 @@ func newCollectionLoader(coll *CollectionSpec, opts *CollectionOptions) (*collec } } - if err := populateKallsyms(coll.Programs); err != nil { - return nil, fmt.Errorf("populating kallsyms caches: %w", err) - } - return &collectionLoader{ coll, opts, make(map[string]*Map), make(map[string]*Program), - make(map[string]*Variable), }, nil } -// populateKallsyms populates kallsyms caches, making lookups cheaper later on -// during individual program loading. Since we have less context available -// at those stages, we batch the lookups here instead to avoid redundant work. -func populateKallsyms(progs map[string]*ProgramSpec) error { - // Look up associated kernel modules for all symbols referenced by - // ProgramSpec.AttachTo for program types that support attaching to kmods. - mods := make(map[string]string) - for _, p := range progs { - if p.AttachTo != "" && p.targetsKernelModule() { - mods[p.AttachTo] = "" - } - } - if len(mods) != 0 { - if err := kallsyms.AssignModules(mods); err != nil { - return fmt.Errorf("getting modules from kallsyms: %w", err) - } - } - - // Look up addresses of all kernel symbols referenced by all programs. - addrs := make(map[string]uint64) - for _, p := range progs { - iter := p.Instructions.Iterate() - for iter.Next() { - ins := iter.Ins - meta, _ := ins.Metadata.Get(ksymMetaKey{}).(*ksymMeta) - if meta != nil { - addrs[meta.Name] = 0 - } - } - } - if len(addrs) != 0 { - if err := kallsyms.AssignAddresses(addrs); err != nil { - return fmt.Errorf("getting addresses from kallsyms: %w", err) - } - } - - return nil -} - // close all resources left over in the collectionLoader. func (cl *collectionLoader) close() { for _, m := range cl.maps { @@ -505,13 +466,6 @@ func (cl *collectionLoader) loadMap(mapName string) (*Map, error) { return m, nil } - // Defer setting the mmapable flag on maps until load time. This avoids the - // MapSpec having different flags on some kernel versions. Also avoid running - // syscalls during ELF loading, so platforms like wasm can also parse an ELF. - if isDataSection(mapSpec.Name) && haveMmapableMaps() == nil { - mapSpec.Flags |= sys.BPF_F_MMAPABLE - } - m, err := newMapWithOptions(mapSpec, cl.opts.Maps) if err != nil { return nil, fmt.Errorf("map %s: %w", mapName, err) @@ -583,58 +537,6 @@ func (cl *collectionLoader) loadProgram(progName string) (*Program, error) { return prog, nil } -func (cl *collectionLoader) loadVariable(varName string) (*Variable, error) { - if v := cl.vars[varName]; v != nil { - return v, nil - } - - varSpec := cl.coll.Variables[varName] - if varSpec == nil { - return nil, fmt.Errorf("unknown variable %s", varName) - } - - // Get the key of the VariableSpec's MapSpec in the CollectionSpec. - var mapName string - for n, ms := range cl.coll.Maps { - if ms == varSpec.m { - mapName = n - break - } - } - if mapName == "" { - return nil, fmt.Errorf("variable %s: underlying MapSpec %s was removed from CollectionSpec", varName, varSpec.m.Name) - } - - m, err := cl.loadMap(mapName) - if err != nil { - return nil, fmt.Errorf("variable %s: %w", varName, err) - } - - // If the kernel is too old or the underlying map was created without - // BPF_F_MMAPABLE, [Map.Memory] will return ErrNotSupported. In this case, - // emit a Variable with a nil Memory. This keeps Collection{Spec}.Variables - // consistent across systems with different feature sets without breaking - // LoadAndAssign. - mm, err := m.Memory() - if err != nil && !errors.Is(err, ErrNotSupported) { - return nil, fmt.Errorf("variable %s: getting memory for map %s: %w", varName, mapName, err) - } - - v, err := newVariable( - varSpec.name, - varSpec.offset, - varSpec.size, - varSpec.t, - mm, - ) - if err != nil { - return nil, fmt.Errorf("variable %s: %w", varName, err) - } - - cl.vars[varName] = v - return v, nil -} - // populateDeferredMaps iterates maps holding programs or other maps and loads // any dependencies. Populates all maps in cl and freezes them if specified. func (cl *collectionLoader) populateDeferredMaps() error { @@ -701,7 +603,6 @@ func resolveKconfig(m *MapSpec) error { type configInfo struct { offset uint32 - size uint32 typ btf.Type } @@ -718,7 +619,7 @@ func resolveKconfig(m *MapSpec) error { return fmt.Errorf("variable %s must be a 32 bits integer, got %s", n, v.Type) } - kv, err := linux.KernelVersion() + kv, err := internal.KernelVersion() if err != nil { return fmt.Errorf("getting kernel version: %w", err) } @@ -743,7 +644,6 @@ func resolveKconfig(m *MapSpec) error { default: // Catch CONFIG_*. configs[n] = configInfo{ offset: vsi.Offset, - size: vsi.Size, typ: v.Type, } } @@ -751,7 +651,7 @@ func resolveKconfig(m *MapSpec) error { // We only parse kconfig file if a CONFIG_* variable was found. if len(configs) > 0 { - f, err := linux.FindKConfig() + f, err := kconfig.Find() if err != nil { return fmt.Errorf("cannot find a kconfig file: %w", err) } @@ -770,10 +670,10 @@ func resolveKconfig(m *MapSpec) error { for n, info := range configs { value, ok := kernelConfig[n] if !ok { - return fmt.Errorf("config option %q does not exist on this kernel", n) + return fmt.Errorf("config option %q does not exists for this kernel", n) } - err := kconfig.PutValue(data[info.offset:info.offset+info.size], info.typ, value) + err := kconfig.PutValue(data[info.offset:], info.typ, value) if err != nil { return fmt.Errorf("problem adding value for %s: %w", n, err) } @@ -823,7 +723,6 @@ func LoadCollection(file string) (*Collection, error) { func (coll *Collection) Assign(to interface{}) error { assignedMaps := make(map[string]bool) assignedProgs := make(map[string]bool) - assignedVars := make(map[string]bool) // Assign() only transfers already-loaded Maps and Programs. No extra // loading is done. @@ -844,13 +743,6 @@ func (coll *Collection) Assign(to interface{}) error { } return nil, fmt.Errorf("missing map %q", name) - case reflect.TypeOf((*Variable)(nil)): - if v := coll.Variables[name]; v != nil { - assignedVars[name] = true - return v, nil - } - return nil, fmt.Errorf("missing variable %q", name) - default: return nil, fmt.Errorf("unsupported type %s", typ) } @@ -867,9 +759,6 @@ func (coll *Collection) Assign(to interface{}) error { for m := range assignedMaps { delete(coll.Maps, m) } - for s := range assignedVars { - delete(coll.Variables, s) - } return nil } diff --git a/vendor/github.com/cilium/ebpf/elf_reader.go b/vendor/github.com/cilium/ebpf/elf_reader.go index 9e8dbc7ae5a..620037d80a8 100644 --- a/vendor/github.com/cilium/ebpf/elf_reader.go +++ b/vendor/github.com/cilium/ebpf/elf_reader.go @@ -16,6 +16,7 @@ import ( "github.com/cilium/ebpf/btf" "github.com/cilium/ebpf/internal" "github.com/cilium/ebpf/internal/sys" + "github.com/cilium/ebpf/internal/unix" ) type kconfigMetaKey struct{} @@ -32,13 +33,6 @@ type kfuncMeta struct { Func *btf.Func } -type ksymMetaKey struct{} - -type ksymMeta struct { - Binding elf.SymBind - Name string -} - // elfCode is a convenience to reduce the amount of arguments that have to // be passed around explicitly. You should treat its contents as immutable. type elfCode struct { @@ -49,9 +43,7 @@ type elfCode struct { btf *btf.Spec extInfo *btf.ExtInfos maps map[string]*MapSpec - vars map[string]*VariableSpec kfuncs map[string]*btf.Func - ksyms map[string]struct{} kconfig *MapSpec } @@ -79,7 +71,7 @@ func LoadCollectionSpecFromReader(rd io.ReaderAt) (*CollectionSpec, error) { // Checks if the ELF file is for BPF data. // Old LLVM versions set e_machine to EM_NONE. - if f.File.Machine != elf.EM_NONE && f.File.Machine != elf.EM_BPF { + if f.File.Machine != unix.EM_NONE && f.File.Machine != elf.EM_BPF { return nil, fmt.Errorf("unexpected machine type for BPF ELF: %s", f.File.Machine) } @@ -109,7 +101,7 @@ func LoadCollectionSpecFromReader(rd io.ReaderAt) (*CollectionSpec, error) { sections[idx] = newElfSection(sec, mapSection) case sec.Name == ".maps": sections[idx] = newElfSection(sec, btfMapSection) - case isDataSection(sec.Name): + case sec.Name == ".bss" || sec.Name == ".data" || strings.HasPrefix(sec.Name, ".rodata"): sections[idx] = newElfSection(sec, dataSection) case sec.Type == elf.SHT_REL: // Store relocations under the section index of the target @@ -142,9 +134,7 @@ func LoadCollectionSpecFromReader(rd io.ReaderAt) (*CollectionSpec, error) { btf: btfSpec, extInfo: btfExtInfo, maps: make(map[string]*MapSpec), - vars: make(map[string]*VariableSpec), kfuncs: make(map[string]*btf.Func), - ksyms: make(map[string]struct{}), } symbols, err := f.Symbols() @@ -184,7 +174,7 @@ func LoadCollectionSpecFromReader(rd io.ReaderAt) (*CollectionSpec, error) { return nil, fmt.Errorf("load programs: %w", err) } - return &CollectionSpec{ec.maps, progs, ec.vars, btfSpec, ec.ByteOrder}, nil + return &CollectionSpec{ec.maps, progs, btfSpec, ec.ByteOrder}, nil } func loadLicense(sec *elf.Section) (string, error) { @@ -211,18 +201,6 @@ func loadVersion(sec *elf.Section, bo binary.ByteOrder) (uint32, error) { return version, nil } -func isDataSection(name string) bool { - return name == ".bss" || strings.HasPrefix(name, ".data") || strings.HasPrefix(name, ".rodata") -} - -func isConstantDataSection(name string) bool { - return strings.HasPrefix(name, ".rodata") -} - -func isKconfigSection(name string) bool { - return name == ".kconfig" -} - type elfSectionKind int const ( @@ -528,7 +506,7 @@ func (ec *elfCode) relocateInstruction(ins *asm.Instruction, rel elf.Symbol) err case elf.STT_OBJECT: // LLVM 9 emits OBJECT-LOCAL symbols for anonymous constants. - if bind != elf.STB_GLOBAL && bind != elf.STB_LOCAL && bind != elf.STB_WEAK { + if bind != elf.STB_GLOBAL && bind != elf.STB_LOCAL { return fmt.Errorf("direct load: %s: %w: %s", name, errUnsupportedBinding, bind) } @@ -636,8 +614,6 @@ func (ec *elfCode) relocateInstruction(ins *asm.Instruction, rel elf.Symbol) err } kf := ec.kfuncs[name] - _, ks := ec.ksyms[name] - switch { // If a Call / DWordLoad instruction is found and the datasec has a btf.Func with a Name // that matches the symbol name we mark the instruction as a referencing a kfunc. @@ -658,15 +634,6 @@ func (ec *elfCode) relocateInstruction(ins *asm.Instruction, rel elf.Symbol) err ins.Constant = 0 - case ks && ins.OpCode.IsDWordLoad(): - if bind != elf.STB_GLOBAL && bind != elf.STB_WEAK { - return fmt.Errorf("asm relocation: %s: %w: %s", name, errUnsupportedBinding, bind) - } - ins.Metadata.Set(ksymMetaKey{}, &ksymMeta{ - Binding: bind, - Name: name, - }) - // If no kconfig map is found, this must be a symbol reference from inline // asm (see testdata/loader.c:asm_relocation()) or a call to a forward // function declaration (see testdata/fwd_decl.c). Don't interfere, These @@ -1013,13 +980,6 @@ func mapSpecFromBTF(es *elfSection, vs *btf.VarSecinfo, def *btf.Struct, spec *b } } - // Some maps don't support value sizes, but annotating their map definitions - // with __type macros can still be useful, especially to let bpf2go generate - // type definitions for them. - if value != nil && !mapType.canHaveValueSize() { - valueSize = 0 - } - return &MapSpec{ Name: SanitizeName(name, -1), Type: MapType(mapType), @@ -1132,21 +1092,12 @@ func (ec *elfCode) loadDataSections() error { continue } - // If a section has no references, it will be freed as soon as the - // Collection closes, so creating and populating it is wasteful. If it has - // no symbols, it is likely an ephemeral section used during compilation - // that wasn't sanitized by the bpf linker. (like .rodata.str1.1) - // - // No symbols means no VariableSpecs can be generated from it, making it - // pointless to emit a data section for. - if sec.references == 0 && len(sec.symbols) == 0 { + if sec.references == 0 { + // Prune data sections which are not referenced by any + // instructions. continue } - if sec.Size > math.MaxUint32 { - return fmt.Errorf("data section %s: contents exceed maximum size", sec.Name) - } - mapSpec := &MapSpec{ Name: SanitizeName(sec.Name, -1), Type: Array, @@ -1155,10 +1106,6 @@ func (ec *elfCode) loadDataSections() error { MaxEntries: 1, } - if isConstantDataSection(sec.Name) { - mapSpec.Flags = sys.BPF_F_RDONLY_PROG - } - switch sec.Type { // Only open the section if we know there's actual data to be read. case elf.SHT_PROGBITS: @@ -1166,56 +1113,20 @@ func (ec *elfCode) loadDataSections() error { if err != nil { return fmt.Errorf("data section %s: can't get contents: %w", sec.Name, err) } + + if uint64(len(data)) > math.MaxUint32 { + return fmt.Errorf("data section %s: contents exceed maximum size", sec.Name) + } mapSpec.Contents = []MapKV{{uint32(0), data}} case elf.SHT_NOBITS: - // NOBITS sections like .bss contain only zeroes and are not allocated in - // the ELF. Since data sections are Arrays, the kernel can preallocate - // them. Don't attempt reading zeroes from the ELF, instead allocate the - // zeroed memory to support getting and setting VariableSpecs for sections - // like .bss. - mapSpec.Contents = []MapKV{{uint32(0), make([]byte, sec.Size)}} - + // NOBITS sections like .bss contain only zeroes, and since data sections + // are Arrays, the kernel already preallocates them. Skip reading zeroes + // from the ELF. default: return fmt.Errorf("data section %s: unknown section type %s", sec.Name, sec.Type) } - for off, sym := range sec.symbols { - // Skip symbols marked with the 'hidden' attribute. - if elf.ST_VISIBILITY(sym.Other) == elf.STV_HIDDEN || - elf.ST_VISIBILITY(sym.Other) == elf.STV_INTERNAL { - continue - } - - // Only accept symbols with global or weak bindings. The common - // alternative is STB_LOCAL, which are either function-scoped or declared - // 'static'. - if elf.ST_BIND(sym.Info) != elf.STB_GLOBAL && - elf.ST_BIND(sym.Info) != elf.STB_WEAK { - continue - } - - if ec.vars[sym.Name] != nil { - return fmt.Errorf("data section %s: duplicate variable %s", sec.Name, sym.Name) - } - - // Skip symbols starting with a dot, they are compiler-internal symbols - // emitted by clang 11 and earlier and are not cleaned up by the bpf - // compiler backend (e.g. symbols named .Lconstinit.1 in sections like - // .rodata.cst32). Variables in C cannot start with a dot, so filter these - // out. - if strings.HasPrefix(sym.Name, ".") { - continue - } - - ec.vars[sym.Name] = &VariableSpec{ - name: sym.Name, - offset: off, - size: sym.Size, - m: mapSpec, - } - } - // It is possible for a data section to exist without a corresponding BTF Datasec // if it only contains anonymous values like macro-defined arrays. if ec.btf != nil { @@ -1224,40 +1135,14 @@ func (ec *elfCode) loadDataSections() error { // Assign the spec's key and BTF only if the Datasec lookup was successful. mapSpec.Key = &btf.Void{} mapSpec.Value = ds - - // Populate VariableSpecs with type information, if available. - for _, v := range ds.Vars { - name := v.Type.TypeName() - if name == "" { - return fmt.Errorf("data section %s: anonymous variable %v", sec.Name, v) - } - - vt, ok := v.Type.(*btf.Var) - if !ok { - return fmt.Errorf("data section %s: unexpected type %T for variable %s", sec.Name, v.Type, name) - } - - ev := ec.vars[name] - if ev == nil { - // Hidden symbols appear in the BTF Datasec but don't receive a VariableSpec. - continue - } - - if uint64(v.Offset) != ev.offset { - return fmt.Errorf("data section %s: variable %s datasec offset (%d) doesn't match ELF symbol offset (%d)", sec.Name, name, v.Offset, ev.offset) - } - - if uint64(v.Size) != ev.size { - return fmt.Errorf("data section %s: variable %s size in datasec (%d) doesn't match ELF symbol size (%d)", sec.Name, name, v.Size, ev.size) - } - - // Decouple the Var in the VariableSpec from the underlying DataSec in - // the MapSpec to avoid modifications from affecting map loads later on. - ev.t = btf.Copy(vt).(*btf.Var) - } } } + if strings.HasPrefix(sec.Name, ".rodata") { + mapSpec.Flags = unix.BPF_F_RDONLY_PROG + mapSpec.Freeze = true + } + ec.maps[sec.Name] = mapSpec } @@ -1290,7 +1175,8 @@ func (ec *elfCode) loadKconfigSection() error { KeySize: uint32(4), ValueSize: ds.Size, MaxEntries: 1, - Flags: sys.BPF_F_RDONLY_PROG, + Flags: unix.BPF_F_RDONLY_PROG, + Freeze: true, Key: &btf.Int{Size: 4}, Value: ds, } @@ -1315,14 +1201,8 @@ func (ec *elfCode) loadKsymsSection() error { } for _, v := range ds.Vars { - switch t := v.Type.(type) { - case *btf.Func: - ec.kfuncs[t.TypeName()] = t - case *btf.Var: - ec.ksyms[t.TypeName()] = struct{}{} - default: - return fmt.Errorf("unexpected variable type in .ksyms: %T", v) - } + // we have already checked the .ksyms Datasec to only contain Func Vars. + ec.kfuncs[v.Type.TypeName()] = v.Type.(*btf.Func) } return nil @@ -1386,10 +1266,10 @@ func getProgType(sectionName string) (ProgramType, AttachType, uint32, string) { var flags uint32 if t.flags&_SEC_SLEEPABLE > 0 { - flags |= sys.BPF_F_SLEEPABLE + flags |= unix.BPF_F_SLEEPABLE } if t.flags&_SEC_XDP_FRAGS > 0 { - flags |= sys.BPF_F_XDP_HAS_FRAGS + flags |= unix.BPF_F_XDP_HAS_FRAGS } if t.flags&_SEC_EXP_ATTACH_OPT > 0 { if programType == XDP { diff --git a/vendor/github.com/cilium/ebpf/info.go b/vendor/github.com/cilium/ebpf/info.go index 56a1f1e9a31..04c60c64b89 100644 --- a/vendor/github.com/cilium/ebpf/info.go +++ b/vendor/github.com/cilium/ebpf/info.go @@ -8,10 +8,10 @@ import ( "fmt" "io" "os" - "reflect" "strings" "syscall" "time" + "unsafe" "github.com/cilium/ebpf/asm" "github.com/cilium/ebpf/btf" @@ -39,83 +39,53 @@ import ( // MapInfo describes a map. type MapInfo struct { - // Type of the map. - Type MapType - // KeySize is the size of the map key in bytes. - KeySize uint32 - // ValueSize is the size of the map value in bytes. - ValueSize uint32 - // MaxEntries is the maximum number of entries the map can hold. Its meaning - // is map-specific. + Type MapType + id MapID + KeySize uint32 + ValueSize uint32 MaxEntries uint32 - // Flags used during map creation. - Flags uint32 + Flags uint32 // Name as supplied by user space at load time. Available from 4.15. Name string - id MapID - btf btf.ID - mapExtra uint64 - memlock uint64 - frozen bool + btf btf.ID } -// newMapInfoFromFd queries map information about the given fd. [sys.ObjInfo] is -// attempted first, supplementing any missing values with information from -// /proc/self/fdinfo. Ignores EINVAL from ObjInfo as well as ErrNotSupported -// from reading fdinfo (indicating the file exists, but no fields of interest -// were found). If both fail, an error is always returned. func newMapInfoFromFd(fd *sys.FD) (*MapInfo, error) { var info sys.MapInfo - err1 := sys.ObjInfo(fd, &info) - // EINVAL means the kernel doesn't support BPF_OBJ_GET_INFO_BY_FD. Continue - // with fdinfo if that's the case. - if err1 != nil && !errors.Is(err1, unix.EINVAL) { - return nil, fmt.Errorf("getting object info: %w", err1) + err := sys.ObjInfo(fd, &info) + if errors.Is(err, syscall.EINVAL) { + return newMapInfoFromProc(fd) + } + if err != nil { + return nil, err } - mi := &MapInfo{ + return &MapInfo{ MapType(info.Type), + MapID(info.Id), info.KeySize, info.ValueSize, info.MaxEntries, uint32(info.MapFlags), unix.ByteSliceToString(info.Name[:]), - MapID(info.Id), btf.ID(info.BtfId), - info.MapExtra, - 0, - false, - } - - // Supplement OBJ_INFO with data from /proc/self/fdinfo. It contains fields - // like memlock and frozen that are not present in OBJ_INFO. - err2 := readMapInfoFromProc(fd, mi) - if err2 != nil && !errors.Is(err2, ErrNotSupported) { - return nil, fmt.Errorf("getting map info from fdinfo: %w", err2) - } - - if err1 != nil && err2 != nil { - return nil, fmt.Errorf("ObjInfo and fdinfo both failed: objinfo: %w, fdinfo: %w", err1, err2) - } - - return mi, nil + }, nil } -// readMapInfoFromProc queries map information about the given fd from -// /proc/self/fdinfo. It only writes data into fields that have a zero value. -func readMapInfoFromProc(fd *sys.FD, mi *MapInfo) error { - return scanFdInfo(fd, map[string]interface{}{ +func newMapInfoFromProc(fd *sys.FD) (*MapInfo, error) { + var mi MapInfo + err := scanFdInfo(fd, map[string]interface{}{ "map_type": &mi.Type, - "map_id": &mi.id, "key_size": &mi.KeySize, "value_size": &mi.ValueSize, "max_entries": &mi.MaxEntries, "map_flags": &mi.Flags, - "map_extra": &mi.mapExtra, - "memlock": &mi.memlock, - "frozen": &mi.frozen, }) + if err != nil { + return nil, err + } + return &mi, nil } // ID returns the map ID. @@ -139,35 +109,6 @@ func (mi *MapInfo) BTFID() (btf.ID, bool) { return mi.btf, mi.btf > 0 } -// MapExtra returns an opaque field whose meaning is map-specific. -// -// Available from 5.16. -// -// The bool return value indicates whether this optional field is available and -// populated, if it was specified during Map creation. -func (mi *MapInfo) MapExtra() (uint64, bool) { - return mi.mapExtra, mi.mapExtra > 0 -} - -// Memlock returns an approximate number of bytes allocated to this map. -// -// Available from 4.10. -// -// The bool return value indicates whether this optional field is available. -func (mi *MapInfo) Memlock() (uint64, bool) { - return mi.memlock, mi.memlock > 0 -} - -// Frozen indicates whether [Map.Freeze] was called on this map. If true, -// modifications from user space are not allowed. -// -// Available from 5.2. Requires access to procfs. -// -// If the kernel doesn't support map freezing, this field will always be false. -func (mi *MapInfo) Frozen() bool { - return mi.frozen -} - // programStats holds statistics of a program. type programStats struct { // Total accumulated runtime of the program ins ns. @@ -179,40 +120,6 @@ type programStats struct { recursionMisses uint64 } -// programJitedInfo holds information about JITed info of a program. -type programJitedInfo struct { - // ksyms holds the ksym addresses of the BPF program, including those of its - // subprograms. - // - // Available from 4.18. - ksyms []uintptr - numKsyms uint32 - - // insns holds the JITed machine native instructions of the program, - // including those of its subprograms. - // - // Available from 4.13. - insns []byte - numInsns uint32 - - // lineInfos holds the JITed line infos, which are kernel addresses. - // - // Available from 5.0. - lineInfos []uint64 - numLineInfos uint32 - - // lineInfoRecSize is the size of a single line info record. - // - // Available from 5.0. - lineInfoRecSize uint32 - - // funcLens holds the insns length of each function. - // - // Available from 4.18. - funcLens []uint32 - numFuncLens uint32 -} - // ProgramInfo describes a program. type ProgramInfo struct { Type ProgramType @@ -226,14 +133,9 @@ type ProgramInfo struct { haveCreatedByUID bool btf btf.ID stats *programStats - loadTime time.Duration - - maps []MapID - insns []byte - jitedSize uint32 - verifiedInstructions uint32 - jitedInfo programJitedInfo + maps []MapID + insns []byte lineInfos []byte numLineInfos uint32 @@ -262,9 +164,6 @@ func newProgramInfoFromFd(fd *sys.FD) (*ProgramInfo, error) { runCount: info.RunCnt, recursionMisses: info.RecursionMisses, }, - jitedSize: info.JitedProgLen, - loadTime: time.Duration(info.LoadTime), - verifiedInstructions: info.VerifiedInsns, } // Start with a clean struct for the second call, otherwise we may get EFAULT. @@ -275,7 +174,7 @@ func newProgramInfoFromFd(fd *sys.FD) (*ProgramInfo, error) { if info.NrMapIds > 0 { pi.maps = make([]MapID, info.NrMapIds) info2.NrMapIds = info.NrMapIds - info2.MapIds = sys.NewSlicePointer(pi.maps) + info2.MapIds = sys.NewPointer(unsafe.Pointer(&pi.maps[0])) makeSecondCall = true } else if haveProgramInfoMapIDs() == nil { // This program really has no associated maps. @@ -316,40 +215,6 @@ func newProgramInfoFromFd(fd *sys.FD) (*ProgramInfo, error) { makeSecondCall = true } - pi.jitedInfo.lineInfoRecSize = info.JitedLineInfoRecSize - if info.JitedProgLen > 0 { - pi.jitedInfo.numInsns = info.JitedProgLen - pi.jitedInfo.insns = make([]byte, info.JitedProgLen) - info2.JitedProgLen = info.JitedProgLen - info2.JitedProgInsns = sys.NewSlicePointer(pi.jitedInfo.insns) - makeSecondCall = true - } - - if info.NrJitedFuncLens > 0 { - pi.jitedInfo.numFuncLens = info.NrJitedFuncLens - pi.jitedInfo.funcLens = make([]uint32, info.NrJitedFuncLens) - info2.NrJitedFuncLens = info.NrJitedFuncLens - info2.JitedFuncLens = sys.NewSlicePointer(pi.jitedInfo.funcLens) - makeSecondCall = true - } - - if info.NrJitedLineInfo > 0 { - pi.jitedInfo.numLineInfos = info.NrJitedLineInfo - pi.jitedInfo.lineInfos = make([]uint64, info.NrJitedLineInfo) - info2.NrJitedLineInfo = info.NrJitedLineInfo - info2.JitedLineInfo = sys.NewSlicePointer(pi.jitedInfo.lineInfos) - info2.JitedLineInfoRecSize = info.JitedLineInfoRecSize - makeSecondCall = true - } - - if info.NrJitedKsyms > 0 { - pi.jitedInfo.numKsyms = info.NrJitedKsyms - pi.jitedInfo.ksyms = make([]uintptr, info.NrJitedKsyms) - info2.JitedKsyms = sys.NewSlicePointer(pi.jitedInfo.ksyms) - info2.NrJitedKsyms = info.NrJitedKsyms - makeSecondCall = true - } - if makeSecondCall { if err := sys.ObjInfo(fd, &info2); err != nil { return nil, err @@ -365,7 +230,7 @@ func newProgramInfoFromProc(fd *sys.FD) (*ProgramInfo, error) { "prog_type": &info.Type, "prog_tag": &info.Tag, }) - if errors.Is(err, ErrNotSupported) { + if errors.Is(err, errMissingFields) { return nil, &internal.UnsupportedFeatureError{ Name: "reading program info from /proc/self/fdinfo", MinimumVersion: internal.Version{4, 10, 0}, @@ -440,52 +305,6 @@ func (pi *ProgramInfo) RecursionMisses() (uint64, bool) { return 0, false } -// btfSpec returns the BTF spec associated with the program. -func (pi *ProgramInfo) btfSpec() (*btf.Spec, error) { - id, ok := pi.BTFID() - if !ok { - return nil, fmt.Errorf("program created without BTF or unsupported kernel: %w", ErrNotSupported) - } - - h, err := btf.NewHandleFromID(id) - if err != nil { - return nil, fmt.Errorf("get BTF handle: %w", err) - } - defer h.Close() - - spec, err := h.Spec(nil) - if err != nil { - return nil, fmt.Errorf("get BTF spec: %w", err) - } - - return spec, nil -} - -// LineInfos returns the BTF line information of the program. -// -// Available from 5.0. -// -// Requires CAP_SYS_ADMIN or equivalent for reading BTF information. Returns -// ErrNotSupported if the program was created without BTF or if the kernel -// doesn't support the field. -func (pi *ProgramInfo) LineInfos() (btf.LineOffsets, error) { - if len(pi.lineInfos) == 0 { - return nil, fmt.Errorf("insufficient permissions or unsupported kernel: %w", ErrNotSupported) - } - - spec, err := pi.btfSpec() - if err != nil { - return nil, err - } - - return btf.LoadLineInfos( - bytes.NewReader(pi.lineInfos), - internal.NativeEndian, - pi.numLineInfos, - spec, - ) -} - // Instructions returns the 'xlated' instruction stream of the program // after it has been verified and rewritten by the kernel. These instructions // cannot be loaded back into the kernel as-is, this is mainly used for @@ -572,29 +391,6 @@ func (pi *ProgramInfo) Instructions() (asm.Instructions, error) { return insns, nil } -// JitedSize returns the size of the program's JIT-compiled machine code in bytes, which is the -// actual code executed on the host's CPU. This field requires the BPF JIT compiler to be enabled. -// -// Available from 4.13. Reading this metadata requires CAP_BPF or equivalent. -func (pi *ProgramInfo) JitedSize() (uint32, error) { - if pi.jitedSize == 0 { - return 0, fmt.Errorf("insufficient permissions, unsupported kernel, or JIT compiler disabled: %w", ErrNotSupported) - } - return pi.jitedSize, nil -} - -// TranslatedSize returns the size of the program's translated instructions in bytes, after it has -// been verified and rewritten by the kernel. -// -// Available from 4.13. Reading this metadata requires CAP_BPF or equivalent. -func (pi *ProgramInfo) TranslatedSize() (int, error) { - insns := len(pi.insns) - if insns == 0 { - return 0, fmt.Errorf("insufficient permissions or unsupported kernel: %w", ErrNotSupported) - } - return insns, nil -} - // MapIDs returns the maps related to the program. // // Available from 4.15. @@ -604,89 +400,6 @@ func (pi *ProgramInfo) MapIDs() ([]MapID, bool) { return pi.maps, pi.maps != nil } -// LoadTime returns when the program was loaded since boot time. -// -// Available from 4.15. -// -// The bool return value indicates whether this optional field is available. -func (pi *ProgramInfo) LoadTime() (time.Duration, bool) { - // loadTime and NrMapIds were introduced in the same kernel version. - return pi.loadTime, pi.loadTime > 0 -} - -// VerifiedInstructions returns the number verified instructions in the program. -// -// Available from 5.16. -// -// The bool return value indicates whether this optional field is available. -func (pi *ProgramInfo) VerifiedInstructions() (uint32, bool) { - return pi.verifiedInstructions, pi.verifiedInstructions > 0 -} - -// JitedKsymAddrs returns the ksym addresses of the BPF program, including its -// subprograms. The addresses correspond to their symbols in /proc/kallsyms. -// -// Available from 4.18. Note that before 5.x, this field can be empty for -// programs without subprograms (bpf2bpf calls). -// -// The bool return value indicates whether this optional field is available. -func (pi *ProgramInfo) JitedKsymAddrs() ([]uintptr, bool) { - return pi.jitedInfo.ksyms, len(pi.jitedInfo.ksyms) > 0 -} - -// JitedInsns returns the JITed machine native instructions of the program. -// -// Available from 4.13. -// -// The bool return value indicates whether this optional field is available. -func (pi *ProgramInfo) JitedInsns() ([]byte, bool) { - return pi.jitedInfo.insns, len(pi.jitedInfo.insns) > 0 -} - -// JitedLineInfos returns the JITed line infos of the program. -// -// Available from 5.0. -// -// The bool return value indicates whether this optional field is available. -func (pi *ProgramInfo) JitedLineInfos() ([]uint64, bool) { - return pi.jitedInfo.lineInfos, len(pi.jitedInfo.lineInfos) > 0 -} - -// JitedFuncLens returns the insns length of each function in the JITed program. -// -// Available from 4.18. -// -// The bool return value indicates whether this optional field is available. -func (pi *ProgramInfo) JitedFuncLens() ([]uint32, bool) { - return pi.jitedInfo.funcLens, len(pi.jitedInfo.funcLens) > 0 -} - -// FuncInfos returns the offset and function information of all (sub)programs in -// a BPF program. -// -// Available from 5.0. -// -// Requires CAP_SYS_ADMIN or equivalent for reading BTF information. Returns -// ErrNotSupported if the program was created without BTF or if the kernel -// doesn't support the field. -func (pi *ProgramInfo) FuncInfos() (btf.FuncOffsets, error) { - if len(pi.funcInfos) == 0 { - return nil, fmt.Errorf("insufficient permissions or unsupported kernel: %w", ErrNotSupported) - } - - spec, err := pi.btfSpec() - if err != nil { - return nil, err - } - - return btf.LoadFuncInfos( - bytes.NewReader(pi.funcInfos), - internal.NativeEndian, - pi.numFuncInfos, - spec, - ) -} - func scanFdInfo(fd *sys.FD, fields map[string]interface{}) error { fh, err := os.Open(fmt.Sprintf("/proc/self/fdinfo/%d", fd.Int())) if err != nil { @@ -700,6 +413,8 @@ func scanFdInfo(fd *sys.FD, fields map[string]interface{}) error { return nil } +var errMissingFields = errors.New("missing fields") + func scanFdInfoReader(r io.Reader, fields map[string]interface{}) error { var ( scanner = bufio.NewScanner(r) @@ -718,37 +433,26 @@ func scanFdInfoReader(r io.Reader, fields map[string]interface{}) error { continue } - // If field already contains a non-zero value, don't overwrite it with fdinfo. - if zero(field) { - if n, err := fmt.Sscanln(parts[1], field); err != nil || n != 1 { - return fmt.Errorf("can't parse field %s: %v", name, err) - } + if n, err := fmt.Sscanln(parts[1], field); err != nil || n != 1 { + return fmt.Errorf("can't parse field %s: %v", name, err) } scanned++ } if err := scanner.Err(); err != nil { - return fmt.Errorf("scanning fdinfo: %w", err) + return err } if len(fields) > 0 && scanned == 0 { return ErrNotSupported } - return nil -} - -func zero(arg any) bool { - v := reflect.ValueOf(arg) - - // Unwrap pointers and interfaces. - for v.Kind() == reflect.Pointer || - v.Kind() == reflect.Interface { - v = v.Elem() + if scanned != len(fields) { + return errMissingFields } - return v.IsZero() + return nil } // EnableStats starts the measuring of the runtime @@ -767,7 +471,7 @@ func EnableStats(which uint32) (io.Closer, error) { return fd, nil } -var haveProgramInfoMapIDs = internal.NewFeatureTest("map IDs in program info", func() error { +var haveProgramInfoMapIDs = internal.NewFeatureTest("map IDs in program info", "4.15", func() error { prog, err := progLoad(asm.Instructions{ asm.LoadImm(asm.R0, 0, asm.DWord), asm.Return(), @@ -792,4 +496,4 @@ var haveProgramInfoMapIDs = internal.NewFeatureTest("map IDs in program info", f } return err -}, "4.15") +}) diff --git a/vendor/github.com/cilium/ebpf/internal/linux/auxv.go b/vendor/github.com/cilium/ebpf/internal/auxv.go similarity index 98% rename from vendor/github.com/cilium/ebpf/internal/linux/auxv.go rename to vendor/github.com/cilium/ebpf/internal/auxv.go index 98bb5d83cad..45fd0d37f13 100644 --- a/vendor/github.com/cilium/ebpf/internal/linux/auxv.go +++ b/vendor/github.com/cilium/ebpf/internal/auxv.go @@ -1,4 +1,4 @@ -package linux +package internal import ( "errors" diff --git a/vendor/github.com/cilium/ebpf/internal/errors.go b/vendor/github.com/cilium/ebpf/internal/errors.go index 19d5294ca04..83a371ad35d 100644 --- a/vendor/github.com/cilium/ebpf/internal/errors.go +++ b/vendor/github.com/cilium/ebpf/internal/errors.go @@ -23,7 +23,7 @@ func ErrorWithLog(source string, err error, log []byte) *VerifierError { log = bytes.Trim(log, whitespace) if len(log) == 0 { - return &VerifierError{source, err, nil} + return &VerifierError{source, err, nil, false} } logLines := bytes.Split(log, []byte{'\n'}) @@ -34,7 +34,7 @@ func ErrorWithLog(source string, err error, log []byte) *VerifierError { lines = append(lines, string(bytes.TrimRight(line, whitespace))) } - return &VerifierError{source, err, lines} + return &VerifierError{source, err, lines, false} } // VerifierError includes information from the eBPF verifier. @@ -46,6 +46,8 @@ type VerifierError struct { Cause error // The verifier output split into lines. Log []string + // Deprecated: the log is never truncated anymore. + Truncated bool } func (le *VerifierError) Unwrap() error { diff --git a/vendor/github.com/cilium/ebpf/internal/feature.go b/vendor/github.com/cilium/ebpf/internal/feature.go index 6399be08514..2b856c735e7 100644 --- a/vendor/github.com/cilium/ebpf/internal/feature.go +++ b/vendor/github.com/cilium/ebpf/internal/feature.go @@ -3,25 +3,15 @@ package internal import ( "errors" "fmt" - "runtime" - "strings" "sync" ) -// ErrNotSupported indicates that a feature is not supported. +// ErrNotSupported indicates that a feature is not supported by the current kernel. var ErrNotSupported = errors.New("not supported") -// ErrNotSupportedOnOS indicates that a feature is not supported on the current -// operating system. -var ErrNotSupportedOnOS = fmt.Errorf("%w on %s", ErrNotSupported, runtime.GOOS) - // UnsupportedFeatureError is returned by FeatureTest() functions. type UnsupportedFeatureError struct { - // The minimum version required for this feature. - // - // On Linux this refers to the mainline kernel version, on other platforms - // to the version of the runtime. - // + // The minimum Linux mainline version required for this feature. // Used for the error string, and for sanity checking during testing. MinimumVersion Version @@ -68,44 +58,11 @@ type FeatureTest struct { type FeatureTestFn func() error // NewFeatureTest is a convenient way to create a single [FeatureTest]. -// -// versions specifies in which version of a BPF runtime a feature appeared. -// The format is "GOOS:Major.Minor[.Patch]". GOOS may be omitted when targeting -// Linux. Returns [ErrNotSupportedOnOS] if there is no version specified for the -// current OS. -func NewFeatureTest(name string, fn FeatureTestFn, versions ...string) func() error { - const nativePrefix = runtime.GOOS + ":" - - if len(versions) == 0 { - return func() error { - return fmt.Errorf("feature test %q: no versions specified", name) - } - } - +func NewFeatureTest(name, version string, fn FeatureTestFn) func() error { ft := &FeatureTest{ - Name: name, - Fn: fn, - } - - for _, version := range versions { - if strings.HasPrefix(version, nativePrefix) { - ft.Version = strings.TrimPrefix(version, nativePrefix) - break - } - - if runtime.GOOS == "linux" && !strings.ContainsRune(version, ':') { - // Allow version numbers without a GOOS prefix on Linux. - ft.Version = version - break - } - } - - if ft.Version == "" { - return func() error { - // We don't return an UnsupportedFeatureError here, since that will - // trigger version checks which don't make sense. - return fmt.Errorf("%s: %w", name, ErrNotSupportedOnOS) - } + Name: name, + Version: version, + Fn: fn, } return ft.execute diff --git a/vendor/github.com/cilium/ebpf/internal/kallsyms/cache.go b/vendor/github.com/cilium/ebpf/internal/kallsyms/cache.go deleted file mode 100644 index b7f3e0b7819..00000000000 --- a/vendor/github.com/cilium/ebpf/internal/kallsyms/cache.go +++ /dev/null @@ -1,20 +0,0 @@ -package kallsyms - -import "sync" - -type cache[K, V comparable] struct { - m sync.Map -} - -func (c *cache[K, V]) Load(key K) (value V, _ bool) { - v, ok := c.m.Load(key) - if !ok { - return value, false - } - value = v.(V) - return value, true -} - -func (c *cache[K, V]) Store(key K, value V) { - c.m.Store(key, value) -} diff --git a/vendor/github.com/cilium/ebpf/internal/kallsyms/kallsyms.go b/vendor/github.com/cilium/ebpf/internal/kallsyms/kallsyms.go index f93d785849c..776c7a10a28 100644 --- a/vendor/github.com/cilium/ebpf/internal/kallsyms/kallsyms.go +++ b/vendor/github.com/cilium/ebpf/internal/kallsyms/kallsyms.go @@ -1,277 +1,74 @@ package kallsyms import ( - "errors" - "fmt" + "bufio" + "bytes" "io" "os" - "slices" - "strconv" - "strings" + "sync" ) -var errAmbiguousKsym = errors.New("multiple kernel symbols with the same name") - -var symAddrs cache[string, uint64] -var symModules cache[string, string] - -// Module returns the kernel module providing the given symbol in the kernel, if -// any. Returns an empty string and no error if the symbol is not present in the -// kernel. Only function symbols are considered. Returns an error if multiple -// symbols with the same name were found. -// -// Consider [AssignModules] if you need to resolve multiple symbols, as it will -// only perform one iteration over /proc/kallsyms. -func Module(name string) (string, error) { - if name == "" { - return "", nil - } - - if mod, ok := symModules.Load(name); ok { - return mod, nil - } - - request := map[string]string{name: ""} - if err := AssignModules(request); err != nil { - return "", err - } - - return request[name], nil +var kernelModules struct { + sync.RWMutex + // function to kernel module mapping + kmods map[string]string } -// AssignModules looks up the kernel module providing each given symbol, if any, -// and assigns them to their corresponding values in the symbols map. Only -// function symbols are considered. Results of all lookups are cached, -// successful or otherwise. -// -// Any symbols missing in the kernel are ignored. Returns an error if multiple -// symbols with a given name were found. -func AssignModules(symbols map[string]string) error { - if len(symbols) == 0 { - return nil - } +// KernelModule returns the kernel module, if any, a probe-able function is contained in. +func KernelModule(fn string) (string, error) { + kernelModules.RLock() + kmods := kernelModules.kmods + kernelModules.RUnlock() - // Attempt to fetch symbols from cache. - request := make(map[string]string) - for name := range symbols { - if mod, ok := symModules.Load(name); ok { - symbols[name] = mod - continue - } - - // Mark the symbol to be read from /proc/kallsyms. - request[name] = "" + if kmods == nil { + kernelModules.Lock() + defer kernelModules.Unlock() + kmods = kernelModules.kmods } - if len(request) == 0 { - // All symbols satisfied from cache. - return nil + + if kmods != nil { + return kmods[fn], nil } f, err := os.Open("/proc/kallsyms") if err != nil { - return err - } - - if err := assignModules(f, request); err != nil { - return fmt.Errorf("assigning symbol modules: %w", err) - } - - // Update the cache with the new symbols. Cache all requested symbols, even if - // they're missing or don't belong to a module. - for name, mod := range request { - symModules.Store(name, mod) - symbols[name] = mod - } - - return nil -} - -// assignModules assigns kernel symbol modules read from f to values requested -// by symbols. Always scans the whole input to make sure the user didn't request -// an ambiguous symbol. -func assignModules(f io.Reader, symbols map[string]string) error { - if len(symbols) == 0 { - return nil - } - - found := make(map[string]struct{}) - r := newReader(f) - for r.Line() { - // Only look for function symbols in the kernel's text section (tT). - s, err, skip := parseSymbol(r, []rune{'t', 'T'}) - if err != nil { - return fmt.Errorf("parsing kallsyms line: %w", err) - } - if skip { - continue - } - - if _, requested := symbols[s.name]; !requested { - continue - } - - if _, ok := found[s.name]; ok { - // We've already seen this symbol. Return an error to avoid silently - // attaching to a symbol in the wrong module. libbpf also rejects - // referring to ambiguous symbols. - // - // We can't simply check if we already have a value for the given symbol, - // since many won't have an associated kernel module. - return fmt.Errorf("symbol %s: duplicate found at address 0x%x (module %q): %w", - s.name, s.addr, s.mod, errAmbiguousKsym) - } - - symbols[s.name] = s.mod - found[s.name] = struct{}{} + return "", err } - if err := r.Err(); err != nil { - return fmt.Errorf("reading kallsyms: %w", err) + defer f.Close() + kmods, err = loadKernelModuleMapping(f) + if err != nil { + return "", err } - return nil + kernelModules.kmods = kmods + return kmods[fn], nil } -// Address returns the address of the given symbol in the kernel. Returns 0 and -// no error if the symbol is not present. Returns an error if multiple addresses -// were found for a symbol. -// -// Consider [AssignAddresses] if you need to resolve multiple symbols, as it -// will only perform one iteration over /proc/kallsyms. -func Address(symbol string) (uint64, error) { - if symbol == "" { - return 0, nil - } - - if addr, ok := symAddrs.Load(symbol); ok { - return addr, nil - } - - request := map[string]uint64{symbol: 0} - if err := AssignAddresses(request); err != nil { - return 0, err - } +// FlushKernelModuleCache removes any cached information about function to kernel module mapping. +func FlushKernelModuleCache() { + kernelModules.Lock() + defer kernelModules.Unlock() - return request[symbol], nil + kernelModules.kmods = nil } -// AssignAddresses looks up the addresses of the requested symbols in the kernel -// and assigns them to their corresponding values in the symbols map. Results -// of all lookups are cached, successful or otherwise. -// -// Any symbols missing in the kernel are ignored. Returns an error if multiple -// addresses were found for a symbol. -func AssignAddresses(symbols map[string]uint64) error { - if len(symbols) == 0 { - return nil - } - - // Attempt to fetch symbols from cache. - request := make(map[string]uint64) - for name := range symbols { - if addr, ok := symAddrs.Load(name); ok { - symbols[name] = addr +func loadKernelModuleMapping(f io.Reader) (map[string]string, error) { + mods := make(map[string]string) + scanner := bufio.NewScanner(f) + for scanner.Scan() { + fields := bytes.Fields(scanner.Bytes()) + if len(fields) < 4 { continue } - - // Mark the symbol to be read from /proc/kallsyms. - request[name] = 0 - } - if len(request) == 0 { - // All symbols satisfied from cache. - return nil - } - - f, err := os.Open("/proc/kallsyms") - if err != nil { - return err - } - - if err := assignAddresses(f, request); err != nil { - return fmt.Errorf("loading symbol addresses: %w", err) - } - - // Update the cache with the new symbols. Cache all requested symbols even if - // they weren't found, to avoid repeated lookups. - for name, addr := range request { - symAddrs.Store(name, addr) - symbols[name] = addr - } - - return nil -} - -// assignAddresses assigns kernel symbol addresses read from f to values -// requested by symbols. Always scans the whole input to make sure the user -// didn't request an ambiguous symbol. -func assignAddresses(f io.Reader, symbols map[string]uint64) error { - if len(symbols) == 0 { - return nil - } - r := newReader(f) - for r.Line() { - s, err, skip := parseSymbol(r, nil) - if err != nil { - return fmt.Errorf("parsing kallsyms line: %w", err) - } - if skip { + switch string(fields[1]) { + case "t", "T": + mods[string(fields[2])] = string(bytes.Trim(fields[3], "[]")) + default: continue } - - existing, requested := symbols[s.name] - if existing != 0 { - // Multiple addresses for a symbol have been found. Return a friendly - // error to avoid silently attaching to the wrong symbol. libbpf also - // rejects referring to ambiguous symbols. - return fmt.Errorf("symbol %s(0x%x): duplicate found at address 0x%x: %w", s.name, existing, s.addr, errAmbiguousKsym) - } - if requested { - symbols[s.name] = s.addr - } } - if err := r.Err(); err != nil { - return fmt.Errorf("reading kallsyms: %w", err) + if scanner.Err() != nil { + return nil, scanner.Err() } - - return nil -} - -type ksym struct { - addr uint64 - name string - mod string -} - -// parseSymbol parses a line from /proc/kallsyms into an address, type, name and -// module. Skip will be true if the symbol doesn't match any of the given symbol -// types. See `man 1 nm` for all available types. -// -// Example line: `ffffffffc1682010 T nf_nat_init [nf_nat]` -func parseSymbol(r *reader, types []rune) (s ksym, err error, skip bool) { - for i := 0; r.Word(); i++ { - switch i { - // Address of the symbol. - case 0: - s.addr, err = strconv.ParseUint(r.Text(), 16, 64) - if err != nil { - return s, fmt.Errorf("parsing address: %w", err), false - } - // Type of the symbol. Assume the character is ASCII-encoded by converting - // it directly to a rune, since it's a fixed field controlled by the kernel. - case 1: - if len(types) > 0 && !slices.Contains(types, rune(r.Bytes()[0])) { - return s, nil, true - } - // Name of the symbol. - case 2: - s.name = r.Text() - // Kernel module the symbol is provided by. - case 3: - s.mod = strings.Trim(r.Text(), "[]") - // Ignore any future fields. - default: - break - } - } - - return + return mods, nil } diff --git a/vendor/github.com/cilium/ebpf/internal/kallsyms/reader.go b/vendor/github.com/cilium/ebpf/internal/kallsyms/reader.go deleted file mode 100644 index 2bd4f8eafcb..00000000000 --- a/vendor/github.com/cilium/ebpf/internal/kallsyms/reader.go +++ /dev/null @@ -1,118 +0,0 @@ -package kallsyms - -import ( - "bufio" - "io" - "unicode" - "unicode/utf8" -) - -// reader is a line and word-oriented reader built for reading /proc/kallsyms. -// It takes an io.Reader and iterates its contents line by line, then word by -// word. -// -// It's designed to allow partial reading of lines without paying the cost of -// allocating objects that will never be accessed, resulting in less work for -// the garbage collector. -type reader struct { - s *bufio.Scanner - line []byte - word []byte - - err error -} - -func newReader(r io.Reader) *reader { - return &reader{ - s: bufio.NewScanner(r), - } -} - -// Bytes returns the current word as a byte slice. -func (r *reader) Bytes() []byte { - return r.word -} - -// Text returns the output of Bytes as a string. -func (r *reader) Text() string { - return string(r.Bytes()) -} - -// Line advances the reader to the next line in the input. Calling Line resets -// the current word, making [reader.Bytes] and [reader.Text] return empty -// values. Follow this up with a call to [reader.Word]. -// -// Like [bufio.Scanner], [reader.Err] needs to be checked after Line returns -// false to determine if an error occurred during reading. -// -// Returns true if Line can be called again. Returns false if all lines in the -// input have been read. -func (r *reader) Line() bool { - for r.s.Scan() { - line := r.s.Bytes() - if len(line) == 0 { - continue - } - - r.line = line - r.word = nil - - return true - } - if err := r.s.Err(); err != nil { - r.err = err - } - - return false -} - -// Word advances the reader to the next word in the current line. -// -// Returns true if a word is found and Word should be called again. Returns -// false when all words on the line have been read. -func (r *reader) Word() bool { - if len(r.line) == 0 { - return false - } - - // Find next word start, skipping leading spaces. - start := 0 - for width := 0; start < len(r.line); start += width { - var c rune - c, width = utf8.DecodeRune(r.line[start:]) - if !unicode.IsSpace(c) { - break - } - } - - // Whitespace scanning reached the end of the line due to trailing whitespace, - // meaning there are no more words to read - if start == len(r.line) { - return false - } - - // Find next word end. - for width, i := 0, start; i < len(r.line); i += width { - var c rune - c, width = utf8.DecodeRune(r.line[i:]) - if unicode.IsSpace(c) { - r.word = r.line[start:i] - r.line = r.line[i:] - return true - } - } - - // The line contains data, but no end-of-word boundary was found. This is the - // last, unterminated word in the line. - if len(r.line) > start { - r.word = r.line[start:] - r.line = nil - return true - } - - return false -} - -func (r *reader) Err() error { - return r.err -} diff --git a/vendor/github.com/cilium/ebpf/internal/kconfig/kconfig.go b/vendor/github.com/cilium/ebpf/internal/kconfig/kconfig.go index 29c62b6266e..1921e4f15ad 100644 --- a/vendor/github.com/cilium/ebpf/internal/kconfig/kconfig.go +++ b/vendor/github.com/cilium/ebpf/internal/kconfig/kconfig.go @@ -1,4 +1,3 @@ -// Package kconfig implements a parser for the format of Linux's .config file. package kconfig import ( @@ -8,6 +7,7 @@ import ( "fmt" "io" "math" + "os" "strconv" "strings" @@ -15,6 +15,30 @@ import ( "github.com/cilium/ebpf/internal" ) +// Find find a kconfig file on the host. +// It first reads from /boot/config- of the current running kernel and tries +// /proc/config.gz if nothing was found in /boot. +// If none of the file provide a kconfig, it returns an error. +func Find() (*os.File, error) { + kernelRelease, err := internal.KernelRelease() + if err != nil { + return nil, fmt.Errorf("cannot get kernel release: %w", err) + } + + path := "/boot/config-" + kernelRelease + f, err := os.Open(path) + if err == nil { + return f, nil + } + + f, err = os.Open("/proc/config.gz") + if err == nil { + return f, nil + } + + return nil, fmt.Errorf("neither %s nor /proc/config.gz provide a kconfig", path) +} + // Parse parses the kconfig file for which a reader is given. // All the CONFIG_* which are in filter and which are set set will be // put in the returned map as key with their corresponding value as map value. @@ -103,13 +127,12 @@ func PutValue(data []byte, typ btf.Type, value string) error { switch value { case "y", "n", "m": return putValueTri(data, typ, value) + default: + if strings.HasPrefix(value, `"`) { + return putValueString(data, typ, value) + } + return putValueNumber(data, typ, value) } - - if strings.HasPrefix(value, `"`) { - return putValueString(data, typ, value) - } - - return putValueNumber(data, typ, value) } // Golang translation of libbpf_tristate enum: @@ -146,10 +169,6 @@ func putValueTri(data []byte, typ btf.Type, value string) error { return fmt.Errorf("cannot use enum %q, only libbpf_tristate is supported", v.Name) } - if len(data) != 4 { - return fmt.Errorf("expected enum value to occupy 4 bytes in datasec, got: %d", len(data)) - } - var tri triState switch value { case "y": @@ -159,10 +178,10 @@ func putValueTri(data []byte, typ btf.Type, value string) error { case "n": tri = TriNo default: - return fmt.Errorf("value %q is not supported for libbpf_tristate", value) + return fmt.Errorf("value %q is not support for libbpf_tristate", value) } - internal.NativeEndian.PutUint32(data, uint32(tri)) + internal.NativeEndian.PutUint64(data, uint64(tri)) default: return fmt.Errorf("cannot add number value, expected btf.Int or btf.Enum, got: %T", v) } diff --git a/vendor/github.com/cilium/ebpf/internal/linux/doc.go b/vendor/github.com/cilium/ebpf/internal/linux/doc.go deleted file mode 100644 index 064e75437d8..00000000000 --- a/vendor/github.com/cilium/ebpf/internal/linux/doc.go +++ /dev/null @@ -1,2 +0,0 @@ -// Package linux contains OS specific wrappers around package unix. -package linux diff --git a/vendor/github.com/cilium/ebpf/internal/linux/kconfig.go b/vendor/github.com/cilium/ebpf/internal/linux/kconfig.go deleted file mode 100644 index 1488ecb35c3..00000000000 --- a/vendor/github.com/cilium/ebpf/internal/linux/kconfig.go +++ /dev/null @@ -1,31 +0,0 @@ -package linux - -import ( - "fmt" - "os" -) - -// FindKConfig searches for a kconfig file on the host. -// -// It first reads from /boot/config- of the current running kernel and tries -// /proc/config.gz if nothing was found in /boot. -// If none of the file provide a kconfig, it returns an error. -func FindKConfig() (*os.File, error) { - kernelRelease, err := KernelRelease() - if err != nil { - return nil, fmt.Errorf("cannot get kernel release: %w", err) - } - - path := "/boot/config-" + kernelRelease - f, err := os.Open(path) - if err == nil { - return f, nil - } - - f, err = os.Open("/proc/config.gz") - if err == nil { - return f, nil - } - - return nil, fmt.Errorf("neither %s nor /proc/config.gz provide a kconfig", path) -} diff --git a/vendor/github.com/cilium/ebpf/internal/linux/version.go b/vendor/github.com/cilium/ebpf/internal/linux/version.go deleted file mode 100644 index 798dd3fed02..00000000000 --- a/vendor/github.com/cilium/ebpf/internal/linux/version.go +++ /dev/null @@ -1,34 +0,0 @@ -package linux - -import ( - "fmt" - "sync" - - "github.com/cilium/ebpf/internal" - "github.com/cilium/ebpf/internal/unix" -) - -// KernelVersion returns the version of the currently running kernel. -var KernelVersion = sync.OnceValues(detectKernelVersion) - -// detectKernelVersion returns the version of the running kernel. -func detectKernelVersion() (internal.Version, error) { - vc, err := vdsoVersion() - if err != nil { - return internal.Version{}, err - } - return internal.NewVersionFromCode(vc), nil -} - -// KernelRelease returns the release string of the running kernel. -// Its format depends on the Linux distribution and corresponds to directory -// names in /lib/modules by convention. Some examples are 5.15.17-1-lts and -// 4.19.0-16-amd64. -func KernelRelease() (string, error) { - var uname unix.Utsname - if err := unix.Uname(&uname); err != nil { - return "", fmt.Errorf("uname failed: %w", err) - } - - return unix.ByteSliceToString(uname.Release[:]), nil -} diff --git a/vendor/github.com/cilium/ebpf/internal/math.go b/vendor/github.com/cilium/ebpf/internal/math.go index 10cde66860d..e95c8efde51 100644 --- a/vendor/github.com/cilium/ebpf/internal/math.go +++ b/vendor/github.com/cilium/ebpf/internal/math.go @@ -1,33 +1,13 @@ package internal +import "golang.org/x/exp/constraints" + // Align returns 'n' updated to 'alignment' boundary. -func Align[I Integer](n, alignment I) I { +func Align[I constraints.Integer](n, alignment I) I { return (n + alignment - 1) / alignment * alignment } // IsPow returns true if n is a power of two. -func IsPow[I Integer](n I) bool { +func IsPow[I constraints.Integer](n I) bool { return n != 0 && (n&(n-1)) == 0 } - -// Between returns the value clamped between a and b. -func Between[I Integer](val, a, b I) I { - lower, upper := a, b - if lower > upper { - upper, lower = a, b - } - - val = min(val, upper) - return max(val, lower) -} - -// Integer represents all possible integer types. -// Remove when x/exp/constraints is moved to the standard library. -type Integer interface { - ~int | ~int8 | ~int16 | ~int32 | ~int64 | ~uint | ~uint8 | ~uint16 | ~uint32 | ~uint64 | ~uintptr -} - -// List of integer types known by the Go compiler. Used by TestIntegerConstraint -// to warn if a new integer type is introduced. Remove when x/exp/constraints -// is moved to the standard library. -var integers = []string{"int", "int8", "int16", "int32", "int64", "uint", "uint8", "uint16", "uint32", "uint64", "uintptr"} diff --git a/vendor/github.com/cilium/ebpf/internal/sys/pinning.go b/vendor/github.com/cilium/ebpf/internal/pinning.go similarity index 77% rename from vendor/github.com/cilium/ebpf/internal/sys/pinning.go rename to vendor/github.com/cilium/ebpf/internal/pinning.go index 9a4c6c7a153..01d892f9344 100644 --- a/vendor/github.com/cilium/ebpf/internal/sys/pinning.go +++ b/vendor/github.com/cilium/ebpf/internal/pinning.go @@ -1,4 +1,4 @@ -package sys +package internal import ( "errors" @@ -7,11 +7,11 @@ import ( "path/filepath" "runtime" - "github.com/cilium/ebpf/internal/linux" + "github.com/cilium/ebpf/internal/sys" "github.com/cilium/ebpf/internal/unix" ) -func Pin(currentPath, newPath string, fd *FD) error { +func Pin(currentPath, newPath string, fd *sys.FD) error { if newPath == "" { return errors.New("given pinning path cannot be empty") } @@ -19,7 +19,7 @@ func Pin(currentPath, newPath string, fd *FD) error { return nil } - fsType, err := linux.FSType(filepath.Dir(newPath)) + fsType, err := FSType(filepath.Dir(newPath)) if err != nil { return err } @@ -30,8 +30,8 @@ func Pin(currentPath, newPath string, fd *FD) error { defer runtime.KeepAlive(fd) if currentPath == "" { - return ObjPin(&ObjPinAttr{ - Pathname: NewStringPointer(newPath), + return sys.ObjPin(&sys.ObjPinAttr{ + Pathname: sys.NewStringPointer(newPath), BpfFd: fd.Uint(), }) } @@ -47,8 +47,8 @@ func Pin(currentPath, newPath string, fd *FD) error { return fmt.Errorf("unable to move pinned object to new path %v: %w", newPath, err) } // Internal state not in sync with the file system so let's fix it. - return ObjPin(&ObjPinAttr{ - Pathname: NewStringPointer(newPath), + return sys.ObjPin(&sys.ObjPinAttr{ + Pathname: sys.NewStringPointer(newPath), BpfFd: fd.Uint(), }) } diff --git a/vendor/github.com/cilium/ebpf/internal/linux/platform.go b/vendor/github.com/cilium/ebpf/internal/platform.go similarity index 97% rename from vendor/github.com/cilium/ebpf/internal/linux/platform.go rename to vendor/github.com/cilium/ebpf/internal/platform.go index 39bdcc51f9a..6e90f2ef714 100644 --- a/vendor/github.com/cilium/ebpf/internal/linux/platform.go +++ b/vendor/github.com/cilium/ebpf/internal/platform.go @@ -1,4 +1,4 @@ -package linux +package internal import ( "runtime" diff --git a/vendor/github.com/cilium/ebpf/internal/linux/statfs.go b/vendor/github.com/cilium/ebpf/internal/statfs.go similarity index 96% rename from vendor/github.com/cilium/ebpf/internal/linux/statfs.go rename to vendor/github.com/cilium/ebpf/internal/statfs.go index e268c06fab6..44c02d676e6 100644 --- a/vendor/github.com/cilium/ebpf/internal/linux/statfs.go +++ b/vendor/github.com/cilium/ebpf/internal/statfs.go @@ -1,4 +1,4 @@ -package linux +package internal import ( "unsafe" diff --git a/vendor/github.com/cilium/ebpf/internal/sys/fd.go b/vendor/github.com/cilium/ebpf/internal/sys/fd.go index e2ba43fd3b3..941a56fb91b 100644 --- a/vendor/github.com/cilium/ebpf/internal/sys/fd.go +++ b/vendor/github.com/cilium/ebpf/internal/sys/fd.go @@ -4,12 +4,9 @@ import ( "fmt" "math" "os" - "path/filepath" "runtime" "strconv" - "strings" - "github.com/cilium/ebpf/internal/testutils/fdtrace" "github.com/cilium/ebpf/internal/unix" ) @@ -20,7 +17,15 @@ type FD struct { } func newFD(value int) *FD { - fdtrace.TraceFD(value, 1) + if onLeakFD != nil { + // Attempt to store the caller's stack for the given fd value. + // Panic if fds contains an existing stack for the fd. + old, exist := fds.LoadOrStore(value, callersFrames()) + if exist { + f := old.(*runtime.Frames) + panic(fmt.Sprintf("found existing stack for fd %d:\n%s", value, FormatFrames(f))) + } + } fd := &FD{value} runtime.SetFinalizer(fd, (*FD).finalize) @@ -34,7 +39,13 @@ func (fd *FD) finalize() { return } - fdtrace.LeakFD(fd.raw) + // Invoke the fd leak callback. Calls LoadAndDelete to guarantee the callback + // is invoked at most once for one sys.FD allocation, runtime.Frames can only + // be unwound once. + f, ok := fds.LoadAndDelete(fd.Int()) + if ok && onLeakFD != nil { + onLeakFD(f.(*runtime.Frames)) + } _ = fd.Close() } @@ -81,15 +92,12 @@ func (fd *FD) Close() error { return nil } - return unix.Close(fd.Disown()) + return unix.Close(fd.disown()) } -// Disown destroys the FD and returns its raw file descriptor without closing -// it. After this call, the underlying fd is no longer tied to the FD's -// lifecycle. -func (fd *FD) Disown() int { - value := fd.raw - fdtrace.ForgetFD(value) +func (fd *FD) disown() int { + value := int(fd.raw) + fds.Delete(int(value)) fd.raw = -1 runtime.SetFinalizer(fd, nil) @@ -121,45 +129,5 @@ func (fd *FD) File(name string) *os.File { return nil } - return os.NewFile(uintptr(fd.Disown()), name) -} - -// ObjGetTyped wraps [ObjGet] with a readlink call to extract the type of the -// underlying bpf object. -func ObjGetTyped(attr *ObjGetAttr) (*FD, ObjType, error) { - fd, err := ObjGet(attr) - if err != nil { - return nil, 0, err - } - - typ, err := readType(fd) - if err != nil { - _ = fd.Close() - return nil, 0, fmt.Errorf("reading fd type: %w", err) - } - - return fd, typ, nil -} - -// readType returns the bpf object type of the file descriptor by calling -// readlink(3). Returns an error if the file descriptor does not represent a bpf -// object. -func readType(fd *FD) (ObjType, error) { - s, err := os.Readlink(filepath.Join("/proc/self/fd/", fd.String())) - if err != nil { - return 0, fmt.Errorf("readlink fd %d: %w", fd.Int(), err) - } - - s = strings.TrimPrefix(s, "anon_inode:") - - switch s { - case "bpf-map": - return BPF_TYPE_MAP, nil - case "bpf-prog": - return BPF_TYPE_PROG, nil - case "bpf-link": - return BPF_TYPE_LINK, nil - } - - return 0, fmt.Errorf("unknown type %s of fd %d", s, fd.Int()) + return os.NewFile(uintptr(fd.disown()), name) } diff --git a/vendor/github.com/cilium/ebpf/internal/sys/fd_trace.go b/vendor/github.com/cilium/ebpf/internal/sys/fd_trace.go new file mode 100644 index 00000000000..cd50dd1f642 --- /dev/null +++ b/vendor/github.com/cilium/ebpf/internal/sys/fd_trace.go @@ -0,0 +1,93 @@ +package sys + +import ( + "bytes" + "fmt" + "runtime" + "sync" +) + +// OnLeakFD controls tracing [FD] lifetime to detect resources that are not +// closed by Close(). +// +// If fn is not nil, tracing is enabled for all FDs created going forward. fn is +// invoked for all FDs that are closed by the garbage collector instead of an +// explicit Close() by a caller. Calling OnLeakFD twice with a non-nil fn +// (without disabling tracing in the meantime) will cause a panic. +// +// If fn is nil, tracing will be disabled. Any FDs that have not been closed are +// considered to be leaked, fn will be invoked for them, and the process will be +// terminated. +// +// fn will be invoked at most once for every unique sys.FD allocation since a +// runtime.Frames can only be unwound once. +func OnLeakFD(fn func(*runtime.Frames)) { + // Enable leak tracing if new fn is provided. + if fn != nil { + if onLeakFD != nil { + panic("OnLeakFD called twice with non-nil fn") + } + + onLeakFD = fn + return + } + + // fn is nil past this point. + + if onLeakFD == nil { + return + } + + // Call onLeakFD for all open fds. + if fs := flushFrames(); len(fs) != 0 { + for _, f := range fs { + onLeakFD(f) + } + } + + onLeakFD = nil +} + +var onLeakFD func(*runtime.Frames) + +// fds is a registry of all file descriptors wrapped into sys.fds that were +// created while an fd tracer was active. +var fds sync.Map // map[int]*runtime.Frames + +// flushFrames removes all elements from fds and returns them as a slice. This +// deals with the fact that a runtime.Frames can only be unwound once using +// Next(). +func flushFrames() []*runtime.Frames { + var frames []*runtime.Frames + fds.Range(func(key, value any) bool { + frames = append(frames, value.(*runtime.Frames)) + fds.Delete(key) + return true + }) + return frames +} + +func callersFrames() *runtime.Frames { + c := make([]uintptr, 32) + + // Skip runtime.Callers and this function. + i := runtime.Callers(2, c) + if i == 0 { + return nil + } + + return runtime.CallersFrames(c) +} + +// FormatFrames formats a runtime.Frames as a human-readable string. +func FormatFrames(fs *runtime.Frames) string { + var b bytes.Buffer + for { + f, more := fs.Next() + b.WriteString(fmt.Sprintf("\t%s+%#x\n\t\t%s:%d\n", f.Function, f.PC-f.Entry, f.File, f.Line)) + if !more { + break + } + } + return b.String() +} diff --git a/vendor/github.com/cilium/ebpf/internal/sys/mapflags_string.go b/vendor/github.com/cilium/ebpf/internal/sys/mapflags_string.go new file mode 100644 index 00000000000..d9fe217222b --- /dev/null +++ b/vendor/github.com/cilium/ebpf/internal/sys/mapflags_string.go @@ -0,0 +1,53 @@ +// Code generated by "stringer -type MapFlags"; DO NOT EDIT. + +package sys + +import "strconv" + +func _() { + // An "invalid array index" compiler error signifies that the constant values have changed. + // Re-run the stringer command to generate them again. + var x [1]struct{} + _ = x[BPF_F_NO_PREALLOC-1] + _ = x[BPF_F_NO_COMMON_LRU-2] + _ = x[BPF_F_NUMA_NODE-4] + _ = x[BPF_F_RDONLY-8] + _ = x[BPF_F_WRONLY-16] + _ = x[BPF_F_STACK_BUILD_ID-32] + _ = x[BPF_F_ZERO_SEED-64] + _ = x[BPF_F_RDONLY_PROG-128] + _ = x[BPF_F_WRONLY_PROG-256] + _ = x[BPF_F_CLONE-512] + _ = x[BPF_F_MMAPABLE-1024] + _ = x[BPF_F_PRESERVE_ELEMS-2048] + _ = x[BPF_F_INNER_MAP-4096] + _ = x[BPF_F_LINK-8192] + _ = x[BPF_F_PATH_FD-16384] +} + +const _MapFlags_name = "BPF_F_NO_PREALLOCBPF_F_NO_COMMON_LRUBPF_F_NUMA_NODEBPF_F_RDONLYBPF_F_WRONLYBPF_F_STACK_BUILD_IDBPF_F_ZERO_SEEDBPF_F_RDONLY_PROGBPF_F_WRONLY_PROGBPF_F_CLONEBPF_F_MMAPABLEBPF_F_PRESERVE_ELEMSBPF_F_INNER_MAPBPF_F_LINKBPF_F_PATH_FD" + +var _MapFlags_map = map[MapFlags]string{ + 1: _MapFlags_name[0:17], + 2: _MapFlags_name[17:36], + 4: _MapFlags_name[36:51], + 8: _MapFlags_name[51:63], + 16: _MapFlags_name[63:75], + 32: _MapFlags_name[75:95], + 64: _MapFlags_name[95:110], + 128: _MapFlags_name[110:127], + 256: _MapFlags_name[127:144], + 512: _MapFlags_name[144:155], + 1024: _MapFlags_name[155:169], + 2048: _MapFlags_name[169:189], + 4096: _MapFlags_name[189:204], + 8192: _MapFlags_name[204:214], + 16384: _MapFlags_name[214:227], +} + +func (i MapFlags) String() string { + if str, ok := _MapFlags_map[i]; ok { + return str + } + return "MapFlags(" + strconv.FormatInt(int64(i), 10) + ")" +} diff --git a/vendor/github.com/cilium/ebpf/internal/sys/ptr.go b/vendor/github.com/cilium/ebpf/internal/sys/ptr.go index af0c014e3b9..e9bb5905973 100644 --- a/vendor/github.com/cilium/ebpf/internal/sys/ptr.go +++ b/vendor/github.com/cilium/ebpf/internal/sys/ptr.go @@ -11,13 +11,13 @@ func NewPointer(ptr unsafe.Pointer) Pointer { return Pointer{ptr: ptr} } -// NewSlicePointer creates a 64-bit pointer from a slice. -func NewSlicePointer[T comparable](buf []T) Pointer { +// NewSlicePointer creates a 64-bit pointer from a byte slice. +func NewSlicePointer(buf []byte) Pointer { if len(buf) == 0 { return Pointer{} } - return Pointer{ptr: unsafe.Pointer(unsafe.SliceData(buf))} + return Pointer{ptr: unsafe.Pointer(&buf[0])} } // NewSlicePointerLen creates a 64-bit pointer from a byte slice. diff --git a/vendor/github.com/cilium/ebpf/internal/sys/syscall.go b/vendor/github.com/cilium/ebpf/internal/sys/syscall.go index e37f4cf6710..f6b6e934580 100644 --- a/vendor/github.com/cilium/ebpf/internal/sys/syscall.go +++ b/vendor/github.com/cilium/ebpf/internal/sys/syscall.go @@ -133,12 +133,12 @@ func ObjInfo(fd *FD, info Info) error { // BPFObjName is a null-terminated string made up of // 'A-Za-z0-9_' characters. -type ObjName [BPF_OBJ_NAME_LEN]byte +type ObjName [unix.BPF_OBJ_NAME_LEN]byte // NewObjName truncates the result if it is too long. func NewObjName(name string) ObjName { var result ObjName - copy(result[:BPF_OBJ_NAME_LEN-1], name) + copy(result[:unix.BPF_OBJ_NAME_LEN-1], name) return result } @@ -160,6 +160,29 @@ type BTFID uint32 // TypeID identifies a type in a BTF blob. type TypeID uint32 +// MapFlags control map behaviour. +type MapFlags uint32 + +//go:generate go run golang.org/x/tools/cmd/stringer@latest -type MapFlags + +const ( + BPF_F_NO_PREALLOC MapFlags = 1 << iota + BPF_F_NO_COMMON_LRU + BPF_F_NUMA_NODE + BPF_F_RDONLY + BPF_F_WRONLY + BPF_F_STACK_BUILD_ID + BPF_F_ZERO_SEED + BPF_F_RDONLY_PROG + BPF_F_WRONLY_PROG + BPF_F_CLONE + BPF_F_MMAPABLE + BPF_F_PRESERVE_ELEMS + BPF_F_INNER_MAP + BPF_F_LINK + BPF_F_PATH_FD +) + // Flags used by bpf_mprog. const ( BPF_F_REPLACE = 1 << (iota + 2) @@ -169,16 +192,6 @@ const ( BPF_F_LINK_MPROG = 1 << 13 // aka BPF_F_LINK ) -// Flags used by BPF_PROG_LOAD. -const ( - BPF_F_SLEEPABLE = 1 << 4 - BPF_F_XDP_HAS_FRAGS = 1 << 5 - BPF_F_XDP_DEV_BOUND_ONLY = 1 << 6 -) - -const BPF_TAG_SIZE = 8 -const BPF_OBJ_NAME_LEN = 16 - // wrappedErrno wraps syscall.Errno to prevent direct comparisons with // syscall.E* or unix.E* constants. // diff --git a/vendor/github.com/cilium/ebpf/internal/sys/types.go b/vendor/github.com/cilium/ebpf/internal/sys/types.go index 88001c319eb..70e754de71d 100644 --- a/vendor/github.com/cilium/ebpf/internal/sys/types.go +++ b/vendor/github.com/cilium/ebpf/internal/sys/types.go @@ -6,170 +6,6 @@ import ( "unsafe" ) -const ( - BPF_ADJ_ROOM_ENCAP_L2_MASK = 255 - BPF_ADJ_ROOM_ENCAP_L2_SHIFT = 56 - BPF_ANY = 0 - BPF_CSUM_LEVEL_DEC = 2 - BPF_CSUM_LEVEL_INC = 1 - BPF_CSUM_LEVEL_QUERY = 0 - BPF_CSUM_LEVEL_RESET = 3 - BPF_EXIST = 2 - BPF_FIB_LKUP_RET_BLACKHOLE = 1 - BPF_FIB_LKUP_RET_FRAG_NEEDED = 8 - BPF_FIB_LKUP_RET_FWD_DISABLED = 5 - BPF_FIB_LKUP_RET_NOT_FWDED = 4 - BPF_FIB_LKUP_RET_NO_NEIGH = 7 - BPF_FIB_LKUP_RET_NO_SRC_ADDR = 9 - BPF_FIB_LKUP_RET_PROHIBIT = 3 - BPF_FIB_LKUP_RET_SUCCESS = 0 - BPF_FIB_LKUP_RET_UNREACHABLE = 2 - BPF_FIB_LKUP_RET_UNSUPP_LWT = 6 - BPF_FIB_LOOKUP_DIRECT = 1 - BPF_FIB_LOOKUP_OUTPUT = 2 - BPF_FIB_LOOKUP_SKIP_NEIGH = 4 - BPF_FIB_LOOKUP_SRC = 16 - BPF_FIB_LOOKUP_TBID = 8 - BPF_FLOW_DISSECTOR_F_PARSE_1ST_FRAG = 1 - BPF_FLOW_DISSECTOR_F_STOP_AT_ENCAP = 4 - BPF_FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL = 2 - BPF_F_ADJ_ROOM_DECAP_L3_IPV4 = 128 - BPF_F_ADJ_ROOM_DECAP_L3_IPV6 = 256 - BPF_F_ADJ_ROOM_ENCAP_L2_ETH = 64 - BPF_F_ADJ_ROOM_ENCAP_L3_IPV4 = 2 - BPF_F_ADJ_ROOM_ENCAP_L3_IPV6 = 4 - BPF_F_ADJ_ROOM_ENCAP_L4_GRE = 8 - BPF_F_ADJ_ROOM_ENCAP_L4_UDP = 16 - BPF_F_ADJ_ROOM_FIXED_GSO = 1 - BPF_F_ADJ_ROOM_NO_CSUM_RESET = 32 - BPF_F_BPRM_SECUREEXEC = 1 - BPF_F_BROADCAST = 8 - BPF_F_CLONE = 512 - BPF_F_CTXLEN_MASK = 4503595332403200 - BPF_F_CURRENT_CPU = 4294967295 - BPF_F_CURRENT_NETNS = 18446744073709551615 - BPF_F_DONT_FRAGMENT = 4 - BPF_F_EXCLUDE_INGRESS = 16 - BPF_F_FAST_STACK_CMP = 512 - BPF_F_GET_BRANCH_RECORDS_SIZE = 1 - BPF_F_HDR_FIELD_MASK = 15 - BPF_F_INDEX_MASK = 4294967295 - BPF_F_INGRESS = 1 - BPF_F_INNER_MAP = 4096 - BPF_F_INVALIDATE_HASH = 2 - BPF_F_KPROBE_MULTI_RETURN = 1 - BPF_F_LINK = 8192 - BPF_F_LOCK = 4 - BPF_F_MARK_ENFORCE = 64 - BPF_F_MARK_MANGLED_0 = 32 - BPF_F_MMAPABLE = 1024 - BPF_F_NEIGH = 2 - BPF_F_NEXTHOP = 8 - BPF_F_NO_COMMON_LRU = 2 - BPF_F_NO_PREALLOC = 1 - BPF_F_NO_TUNNEL_KEY = 16 - BPF_F_NUMA_NODE = 4 - BPF_F_PATH_FD = 16384 - BPF_F_PEER = 4 - BPF_F_PRESERVE_ELEMS = 2048 - BPF_F_PSEUDO_HDR = 16 - BPF_F_RDONLY = 8 - BPF_F_RDONLY_PROG = 128 - BPF_F_RECOMPUTE_CSUM = 1 - BPF_F_REUSE_STACKID = 1024 - BPF_F_SEQ_NUMBER = 8 - BPF_F_SKIP_FIELD_MASK = 255 - BPF_F_STACK_BUILD_ID = 32 - BPF_F_SYSCTL_BASE_NAME = 1 - BPF_F_TIMER_ABS = 1 - BPF_F_TIMER_CPU_PIN = 2 - BPF_F_TUNINFO_FLAGS = 16 - BPF_F_TUNINFO_IPV6 = 1 - BPF_F_UPROBE_MULTI_RETURN = 1 - BPF_F_USER_BUILD_ID = 2048 - BPF_F_USER_STACK = 256 - BPF_F_WRONLY = 16 - BPF_F_WRONLY_PROG = 256 - BPF_F_ZERO_CSUM_TX = 2 - BPF_F_ZERO_SEED = 64 - BPF_LOAD_HDR_OPT_TCP_SYN = 1 - BPF_LOCAL_STORAGE_GET_F_CREATE = 1 - BPF_MAX_LOOPS = 8388608 - BPF_MAX_TRAMP_LINKS = 38 - BPF_NOEXIST = 1 - BPF_RB_AVAIL_DATA = 0 - BPF_RB_CONS_POS = 2 - BPF_RB_FORCE_WAKEUP = 2 - BPF_RB_NO_WAKEUP = 1 - BPF_RB_PROD_POS = 3 - BPF_RB_RING_SIZE = 1 - BPF_REG_0 = 0 - BPF_REG_1 = 1 - BPF_REG_10 = 10 - BPF_REG_2 = 2 - BPF_REG_3 = 3 - BPF_REG_4 = 4 - BPF_REG_5 = 5 - BPF_REG_6 = 6 - BPF_REG_7 = 7 - BPF_REG_8 = 8 - BPF_REG_9 = 9 - BPF_RINGBUF_BUSY_BIT = 2147483648 - BPF_RINGBUF_DISCARD_BIT = 1073741824 - BPF_RINGBUF_HDR_SZ = 8 - BPF_SKB_TSTAMP_DELIVERY_MONO = 1 - BPF_SKB_TSTAMP_UNSPEC = 0 - BPF_SK_LOOKUP_F_NO_REUSEPORT = 2 - BPF_SK_LOOKUP_F_REPLACE = 1 - BPF_SK_STORAGE_GET_F_CREATE = 1 - BPF_SOCK_OPS_ACTIVE_ESTABLISHED_CB = 4 - BPF_SOCK_OPS_ALL_CB_FLAGS = 127 - BPF_SOCK_OPS_BASE_RTT = 7 - BPF_SOCK_OPS_HDR_OPT_LEN_CB = 14 - BPF_SOCK_OPS_NEEDS_ECN = 6 - BPF_SOCK_OPS_PARSE_ALL_HDR_OPT_CB_FLAG = 16 - BPF_SOCK_OPS_PARSE_HDR_OPT_CB = 13 - BPF_SOCK_OPS_PARSE_UNKNOWN_HDR_OPT_CB_FLAG = 32 - BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB = 5 - BPF_SOCK_OPS_RETRANS_CB = 9 - BPF_SOCK_OPS_RETRANS_CB_FLAG = 2 - BPF_SOCK_OPS_RTO_CB = 8 - BPF_SOCK_OPS_RTO_CB_FLAG = 1 - BPF_SOCK_OPS_RTT_CB = 12 - BPF_SOCK_OPS_RTT_CB_FLAG = 8 - BPF_SOCK_OPS_RWND_INIT = 2 - BPF_SOCK_OPS_STATE_CB = 10 - BPF_SOCK_OPS_STATE_CB_FLAG = 4 - BPF_SOCK_OPS_TCP_CONNECT_CB = 3 - BPF_SOCK_OPS_TCP_LISTEN_CB = 11 - BPF_SOCK_OPS_TIMEOUT_INIT = 1 - BPF_SOCK_OPS_VOID = 0 - BPF_SOCK_OPS_WRITE_HDR_OPT_CB = 15 - BPF_SOCK_OPS_WRITE_HDR_OPT_CB_FLAG = 64 - BPF_STRUCT_OPS_TYPE_bpf_dummy_ops = 0 - BPF_STRUCT_OPS_TYPE_tcp_congestion_ops = 1 - BPF_TASK_ITER_ALL_PROCS = 0 - BPF_TASK_ITER_ALL_THREADS = 1 - BPF_TASK_ITER_PROC_THREADS = 2 - BPF_TCP_BOUND_INACTIVE = 13 - BPF_TCP_CLOSE = 7 - BPF_TCP_CLOSE_WAIT = 8 - BPF_TCP_CLOSING = 11 - BPF_TCP_ESTABLISHED = 1 - BPF_TCP_FIN_WAIT1 = 4 - BPF_TCP_FIN_WAIT2 = 5 - BPF_TCP_LAST_ACK = 9 - BPF_TCP_LISTEN = 10 - BPF_TCP_MAX_STATES = 14 - BPF_TCP_NEW_SYN_RECV = 12 - BPF_TCP_SYN_RECV = 3 - BPF_TCP_SYN_SENT = 2 - BPF_TCP_TIME_WAIT = 6 - BPF_WRITE_HDR_TCP_CURRENT_MSS = 1 - BPF_WRITE_HDR_TCP_SYNACK_COOKIE = 2 - BPF_XFRM_STATE_OPTS_SZ = 36 -) - type AdjRoomMode uint32 const ( @@ -566,15 +402,6 @@ const ( BPF_MAP_TYPE_CGRP_STORAGE MapType = 32 ) -type ObjType uint32 - -const ( - BPF_TYPE_UNSPEC ObjType = 0 - BPF_TYPE_PROG ObjType = 1 - BPF_TYPE_MAP ObjType = 2 - BPF_TYPE_LINK ObjType = 3 -) - type PerfEventType uint32 const ( @@ -710,7 +537,7 @@ type MapInfo struct { KeySize uint32 ValueSize uint32 MaxEntries uint32 - MapFlags uint32 + MapFlags MapFlags Name ObjName Ifindex uint32 BtfVmlinuxValueTypeId TypeID @@ -729,7 +556,7 @@ type ProgInfo struct { Tag [8]uint8 JitedProgLen uint32 XlatedProgLen uint32 - JitedProgInsns Pointer + JitedProgInsns uint64 XlatedProgInsns Pointer LoadTime uint64 CreatedByUid uint32 @@ -742,15 +569,15 @@ type ProgInfo struct { NetnsIno uint64 NrJitedKsyms uint32 NrJitedFuncLens uint32 - JitedKsyms Pointer - JitedFuncLens Pointer + JitedKsyms uint64 + JitedFuncLens uint64 BtfId BTFID FuncInfoRecSize uint32 FuncInfo Pointer NrFuncInfo uint32 NrLineInfo uint32 LineInfo Pointer - JitedLineInfo Pointer + JitedLineInfo uint64 NrJitedLineInfo uint32 LineInfoRecSize uint32 JitedLineInfoRecSize uint32 @@ -1059,7 +886,7 @@ type MapCreateAttr struct { KeySize uint32 ValueSize uint32 MaxEntries uint32 - MapFlags uint32 + MapFlags MapFlags InnerMapFd uint32 NumaNode uint32 MapName ObjName diff --git a/vendor/github.com/cilium/ebpf/internal/sysenc/buffer.go b/vendor/github.com/cilium/ebpf/internal/sysenc/buffer.go index 1b4f052ee2b..d184ea196ae 100644 --- a/vendor/github.com/cilium/ebpf/internal/sysenc/buffer.go +++ b/vendor/github.com/cilium/ebpf/internal/sysenc/buffer.go @@ -51,12 +51,12 @@ func SyscallOutput(dst any, size int) Buffer { // // Returns the number of copied bytes. func (b Buffer) CopyTo(dst []byte) int { - return copy(dst, b.Bytes()) + return copy(dst, b.unsafeBytes()) } // AppendTo appends the buffer onto dst. func (b Buffer) AppendTo(dst []byte) []byte { - return append(dst, b.Bytes()...) + return append(dst, b.unsafeBytes()...) } // Pointer returns the location where a syscall should write. @@ -72,12 +72,10 @@ func (b Buffer) Unmarshal(data any) error { return nil } - return Unmarshal(data, b.Bytes()) + return Unmarshal(data, b.unsafeBytes()) } -// Bytes returns the buffer as a byte slice. Returns nil if the Buffer was -// created using UnsafeBuffer or by zero-copy unmarshaling. -func (b Buffer) Bytes() []byte { +func (b Buffer) unsafeBytes() []byte { if b.size == syscallPointerOnly { return nil } diff --git a/vendor/github.com/cilium/ebpf/internal/testutils/fdtrace/fd_trace.go b/vendor/github.com/cilium/ebpf/internal/testutils/fdtrace/fd_trace.go deleted file mode 100644 index 562df2cc0c2..00000000000 --- a/vendor/github.com/cilium/ebpf/internal/testutils/fdtrace/fd_trace.go +++ /dev/null @@ -1,103 +0,0 @@ -package fdtrace - -import ( - "bytes" - "fmt" - "os" - "runtime" - "sync" - "sync/atomic" -) - -// foundLeak is atomic since the GC may collect objects in parallel. -var foundLeak atomic.Bool - -func onLeakFD(fs *runtime.Frames) { - foundLeak.Store(true) - fmt.Fprintln(os.Stderr, "leaked fd created at:") - fmt.Fprintln(os.Stderr, formatFrames(fs)) -} - -// fds is a registry of all file descriptors wrapped into sys.fds that were -// created while an fd tracer was active. -var fds *sync.Map // map[int]*runtime.Frames - -// TraceFD associates raw with the current execution stack. -// -// skip controls how many entries of the stack the function should skip. -func TraceFD(raw int, skip int) { - if fds == nil { - return - } - - // Attempt to store the caller's stack for the given fd value. - // Panic if fds contains an existing stack for the fd. - old, exist := fds.LoadOrStore(raw, callersFrames(skip)) - if exist { - f := old.(*runtime.Frames) - panic(fmt.Sprintf("found existing stack for fd %d:\n%s", raw, formatFrames(f))) - } -} - -// ForgetFD removes any existing association for raw. -func ForgetFD(raw int) { - if fds != nil { - fds.Delete(raw) - } -} - -// LeakFD indicates that raw was leaked. -// -// Calling the function with a value that was not passed to [TraceFD] before -// is undefined. -func LeakFD(raw int) { - if fds == nil { - return - } - - // Invoke the fd leak callback. Calls LoadAndDelete to guarantee the callback - // is invoked at most once for one sys.FD allocation, runtime.Frames can only - // be unwound once. - f, ok := fds.LoadAndDelete(raw) - if ok { - onLeakFD(f.(*runtime.Frames)) - } -} - -// flushFrames removes all elements from fds and returns them as a slice. This -// deals with the fact that a runtime.Frames can only be unwound once using -// Next(). -func flushFrames() []*runtime.Frames { - var frames []*runtime.Frames - fds.Range(func(key, value any) bool { - frames = append(frames, value.(*runtime.Frames)) - fds.Delete(key) - return true - }) - return frames -} - -func callersFrames(skip int) *runtime.Frames { - c := make([]uintptr, 32) - - // Skip runtime.Callers and this function. - i := runtime.Callers(skip+2, c) - if i == 0 { - return nil - } - - return runtime.CallersFrames(c) -} - -// formatFrames formats a runtime.Frames as a human-readable string. -func formatFrames(fs *runtime.Frames) string { - var b bytes.Buffer - for { - f, more := fs.Next() - b.WriteString(fmt.Sprintf("\t%s+%#x\n\t\t%s:%d\n", f.Function, f.PC-f.Entry, f.File, f.Line)) - if !more { - break - } - } - return b.String() -} diff --git a/vendor/github.com/cilium/ebpf/internal/testutils/fdtrace/main.go b/vendor/github.com/cilium/ebpf/internal/testutils/fdtrace/main.go deleted file mode 100644 index c1f7b42d91d..00000000000 --- a/vendor/github.com/cilium/ebpf/internal/testutils/fdtrace/main.go +++ /dev/null @@ -1,31 +0,0 @@ -package fdtrace - -import ( - "os" - "sync" -) - -type testingM interface { - Run() int -} - -// TestMain runs m with fd tracing enabled. -// -// The function calls [os.Exit] and does not return. -func TestMain(m testingM) { - fds = new(sync.Map) - - ret := m.Run() - - if fs := flushFrames(); len(fs) != 0 { - for _, f := range fs { - onLeakFD(f) - } - } - - if foundLeak.Load() { - ret = 99 - } - - os.Exit(ret) -} diff --git a/vendor/github.com/cilium/ebpf/internal/tracefs/kprobe.go b/vendor/github.com/cilium/ebpf/internal/tracefs/kprobe.go index 062bef9ec37..897740fec0c 100644 --- a/vendor/github.com/cilium/ebpf/internal/tracefs/kprobe.go +++ b/vendor/github.com/cilium/ebpf/internal/tracefs/kprobe.go @@ -12,7 +12,6 @@ import ( "syscall" "github.com/cilium/ebpf/internal" - "github.com/cilium/ebpf/internal/linux" "github.com/cilium/ebpf/internal/unix" ) @@ -122,7 +121,7 @@ var getTracefsPath = sync.OnceValues(func() (string, error) { // RHEL/CentOS {"/sys/kernel/debug/tracing", unix.DEBUGFS_MAGIC}, } { - if fsType, err := linux.FSType(p.path); err == nil && fsType == p.fsType { + if fsType, err := internal.FSType(p.path); err == nil && fsType == p.fsType { return p.path, nil } } @@ -214,10 +213,7 @@ func NewEvent(args ProbeArgs) (*Event, error) { if err == nil { return nil, fmt.Errorf("trace event %s/%s: %w", args.Group, eventName, os.ErrExist) } - if errors.Is(err, unix.EINVAL) { - return nil, fmt.Errorf("trace event %s/%s: %w (unknown symbol?)", args.Group, eventName, err) - } - if !errors.Is(err, os.ErrNotExist) { + if err != nil && !errors.Is(err, os.ErrNotExist) { return nil, fmt.Errorf("checking trace event %s/%s: %w", args.Group, eventName, err) } diff --git a/vendor/github.com/cilium/ebpf/internal/unix/types_linux.go b/vendor/github.com/cilium/ebpf/internal/unix/types_linux.go index 144e608d1c7..d725cfaa394 100644 --- a/vendor/github.com/cilium/ebpf/internal/unix/types_linux.go +++ b/vendor/github.com/cilium/ebpf/internal/unix/types_linux.go @@ -81,16 +81,15 @@ const ( SO_DETACH_BPF = linux.SO_DETACH_BPF SOL_SOCKET = linux.SOL_SOCKET SIGPROF = linux.SIGPROF - SIGUSR1 = linux.SIGUSR1 SIG_BLOCK = linux.SIG_BLOCK SIG_UNBLOCK = linux.SIG_UNBLOCK + EM_NONE = linux.EM_NONE + EM_BPF = linux.EM_BPF BPF_FS_MAGIC = linux.BPF_FS_MAGIC TRACEFS_MAGIC = linux.TRACEFS_MAGIC DEBUGFS_MAGIC = linux.DEBUGFS_MAGIC BPF_RB_NO_WAKEUP = linux.BPF_RB_NO_WAKEUP BPF_RB_FORCE_WAKEUP = linux.BPF_RB_FORCE_WAKEUP - AF_UNSPEC = linux.AF_UNSPEC - IFF_UP = linux.IFF_UP ) type Statfs_t = linux.Statfs_t diff --git a/vendor/github.com/cilium/ebpf/internal/unix/types_other.go b/vendor/github.com/cilium/ebpf/internal/unix/types_other.go index 06cc3a09663..3ff8962716a 100644 --- a/vendor/github.com/cilium/ebpf/internal/unix/types_other.go +++ b/vendor/github.com/cilium/ebpf/internal/unix/types_other.go @@ -84,17 +84,16 @@ const ( SO_DETACH_BPF SOL_SOCKET SIGPROF - SIGUSR1 SIG_BLOCK SIG_UNBLOCK + EM_NONE + EM_BPF BPF_FS_MAGIC TRACEFS_MAGIC DEBUGFS_MAGIC BPF_RB_NO_WAKEUP BPF_RB_FORCE_WAKEUP BPF_F_LOCK - AF_UNSPEC - IFF_UP ) type Statfs_t struct { diff --git a/vendor/github.com/cilium/ebpf/internal/linux/vdso.go b/vendor/github.com/cilium/ebpf/internal/vdso.go similarity index 93% rename from vendor/github.com/cilium/ebpf/internal/linux/vdso.go rename to vendor/github.com/cilium/ebpf/internal/vdso.go index 1d8d0ef6b11..1049278554e 100644 --- a/vendor/github.com/cilium/ebpf/internal/linux/vdso.go +++ b/vendor/github.com/cilium/ebpf/internal/vdso.go @@ -1,4 +1,4 @@ -package linux +package internal import ( "debug/elf" @@ -9,7 +9,6 @@ import ( "math" "os" - "github.com/cilium/ebpf/internal" "github.com/cilium/ebpf/internal/unix" ) @@ -83,7 +82,7 @@ type elfNoteHeader struct { // vdsoLinuxVersionCode returns the LINUX_VERSION_CODE embedded in // the ELF notes section of the binary provided by the reader. func vdsoLinuxVersionCode(r io.ReaderAt) (uint32, error) { - hdr, err := internal.NewSafeELFFile(r) + hdr, err := NewSafeELFFile(r) if err != nil { return 0, fmt.Errorf("reading vDSO ELF: %w", err) } @@ -111,7 +110,7 @@ func vdsoLinuxVersionCode(r io.ReaderAt) (uint32, error) { var name string if n.NameSize > 0 { // Read the note name, aligned to 4 bytes. - buf := make([]byte, internal.Align(n.NameSize, 4)) + buf := make([]byte, Align(n.NameSize, 4)) if err := binary.Read(sr, hdr.ByteOrder, &buf); err != nil { return 0, fmt.Errorf("reading note name: %w", err) } @@ -133,7 +132,7 @@ func vdsoLinuxVersionCode(r io.ReaderAt) (uint32, error) { } // Discard the note descriptor if it exists but we're not interested in it. - if _, err := io.CopyN(io.Discard, sr, int64(internal.Align(n.DescSize, 4))); err != nil { + if _, err := io.CopyN(io.Discard, sr, int64(Align(n.DescSize, 4))); err != nil { return 0, err } } diff --git a/vendor/github.com/cilium/ebpf/internal/version.go b/vendor/github.com/cilium/ebpf/internal/version.go index a230830b013..acd4650af73 100644 --- a/vendor/github.com/cilium/ebpf/internal/version.go +++ b/vendor/github.com/cilium/ebpf/internal/version.go @@ -2,6 +2,9 @@ package internal import ( "fmt" + "sync" + + "github.com/cilium/ebpf/internal/unix" ) const ( @@ -75,3 +78,30 @@ func (v Version) Kernel() uint32 { // each other when overflowing 8 bits. return uint32(uint8(v[0]))<<16 | uint32(uint8(v[1]))<<8 | uint32(uint8(s)) } + +// KernelVersion returns the version of the currently running kernel. +var KernelVersion = sync.OnceValues(func() (Version, error) { + return detectKernelVersion() +}) + +// detectKernelVersion returns the version of the running kernel. +func detectKernelVersion() (Version, error) { + vc, err := vdsoVersion() + if err != nil { + return Version{}, err + } + return NewVersionFromCode(vc), nil +} + +// KernelRelease returns the release string of the running kernel. +// Its format depends on the Linux distribution and corresponds to directory +// names in /lib/modules by convention. Some examples are 5.15.17-1-lts and +// 4.19.0-16-amd64. +func KernelRelease() (string, error) { + var uname unix.Utsname + if err := unix.Uname(&uname); err != nil { + return "", fmt.Errorf("uname failed: %w", err) + } + + return unix.ByteSliceToString(uname.Release[:]), nil +} diff --git a/vendor/github.com/cilium/ebpf/link/kprobe.go b/vendor/github.com/cilium/ebpf/link/kprobe.go index 6f93a27a254..fe3f17c3717 100644 --- a/vendor/github.com/cilium/ebpf/link/kprobe.go +++ b/vendor/github.com/cilium/ebpf/link/kprobe.go @@ -10,7 +10,6 @@ import ( "github.com/cilium/ebpf" "github.com/cilium/ebpf/internal" - "github.com/cilium/ebpf/internal/linux" "github.com/cilium/ebpf/internal/sys" "github.com/cilium/ebpf/internal/tracefs" "github.com/cilium/ebpf/internal/unix" @@ -61,9 +60,6 @@ func (ko *KprobeOptions) cookie() uint64 { // platform's syscall prefix (e.g. __x64_) to support attaching to syscalls // in a portable fashion. // -// On kernels 6.11 and later, setting a kprobe on a nonexistent symbol using -// tracefs incorrectly returns [unix.EINVAL] instead of [os.ErrNotExist]. -// // The returned Link may implement [PerfEvent]. func Kprobe(symbol string, prog *ebpf.Program, opts *KprobeOptions) (Link, error) { k, err := kprobe(symbol, prog, opts, false) @@ -95,7 +91,7 @@ func Kprobe(symbol string, prog *ebpf.Program, opts *KprobeOptions) (Link, error // in a portable fashion. // // On kernels 5.10 and earlier, setting a kretprobe on a nonexistent symbol -// incorrectly returns [unix.EINVAL] instead of [os.ErrNotExist]. +// incorrectly returns unix.EINVAL instead of os.ErrNotExist. // // The returned Link may implement [PerfEvent]. func Kretprobe(symbol string, prog *ebpf.Program, opts *KprobeOptions) (Link, error) { @@ -173,7 +169,7 @@ func kprobe(symbol string, prog *ebpf.Program, opts *KprobeOptions, ret bool) (* // Use kprobe PMU if the kernel has it available. tp, err := pmuProbe(args) if errors.Is(err, os.ErrNotExist) || errors.Is(err, unix.EINVAL) { - if prefix := linux.PlatformPrefix(); prefix != "" { + if prefix := internal.PlatformPrefix(); prefix != "" { args.Symbol = prefix + symbol tp, err = pmuProbe(args) } @@ -181,7 +177,7 @@ func kprobe(symbol string, prog *ebpf.Program, opts *KprobeOptions, ret bool) (* if err == nil { return tp, nil } - if !errors.Is(err, ErrNotSupported) { + if err != nil && !errors.Is(err, ErrNotSupported) { return nil, fmt.Errorf("creating perf_kprobe PMU (arch-specific fallback for %q): %w", symbol, err) } @@ -189,7 +185,7 @@ func kprobe(symbol string, prog *ebpf.Program, opts *KprobeOptions, ret bool) (* args.Symbol = symbol tp, err = tracefsProbe(args) if errors.Is(err, os.ErrNotExist) || errors.Is(err, unix.EINVAL) { - if prefix := linux.PlatformPrefix(); prefix != "" { + if prefix := internal.PlatformPrefix(); prefix != "" { args.Symbol = prefix + symbol tp, err = tracefsProbe(args) } diff --git a/vendor/github.com/cilium/ebpf/link/kprobe_multi.go b/vendor/github.com/cilium/ebpf/link/kprobe_multi.go index 094cb0538cb..f7a8291f945 100644 --- a/vendor/github.com/cilium/ebpf/link/kprobe_multi.go +++ b/vendor/github.com/cilium/ebpf/link/kprobe_multi.go @@ -60,7 +60,7 @@ func KprobeMulti(prog *ebpf.Program, opts KprobeMultiOptions) (Link, error) { // // Requires at least Linux 5.18. func KretprobeMulti(prog *ebpf.Program, opts KprobeMultiOptions) (Link, error) { - return kprobeMulti(prog, opts, sys.BPF_F_KPROBE_MULTI_RETURN) + return kprobeMulti(prog, opts, unix.BPF_F_KPROBE_MULTI_RETURN) } func kprobeMulti(prog *ebpf.Program, opts KprobeMultiOptions, flags uint32) (Link, error) { @@ -126,7 +126,7 @@ type kprobeMultiLink struct { var _ Link = (*kprobeMultiLink)(nil) -func (kml *kprobeMultiLink) Update(_ *ebpf.Program) error { +func (kml *kprobeMultiLink) Update(prog *ebpf.Program) error { return fmt.Errorf("update kprobe_multi: %w", ErrNotSupported) } @@ -149,7 +149,7 @@ func (kml *kprobeMultiLink) Info() (*Info, error) { }, nil } -var haveBPFLinkKprobeMulti = internal.NewFeatureTest("bpf_link_kprobe_multi", func() error { +var haveBPFLinkKprobeMulti = internal.NewFeatureTest("bpf_link_kprobe_multi", "5.18", func() error { prog, err := ebpf.NewProgram(&ebpf.ProgramSpec{ Name: "probe_kpm_link", Type: ebpf.Kprobe, @@ -188,4 +188,4 @@ var haveBPFLinkKprobeMulti = internal.NewFeatureTest("bpf_link_kprobe_multi", fu fd.Close() return nil -}, "5.18") +}) diff --git a/vendor/github.com/cilium/ebpf/link/link.go b/vendor/github.com/cilium/ebpf/link/link.go index 796769f8ea4..9c34616c9a9 100644 --- a/vendor/github.com/cilium/ebpf/link/link.go +++ b/vendor/github.com/cilium/ebpf/link/link.go @@ -78,9 +78,7 @@ func NewFromID(id ID) (Link, error) { return wrapRawLink(&RawLink{fd, ""}) } -// LoadPinnedLink loads a Link from a pin (file) on the BPF virtual filesystem. -// -// Requires at least Linux 5.7. +// LoadPinnedLink loads a link that was persisted into a bpffs. func LoadPinnedLink(fileName string, opts *ebpf.LoadPinOptions) (Link, error) { raw, err := loadPinnedRawLink(fileName, opts) if err != nil { @@ -352,7 +350,7 @@ func AttachRawLink(opts RawLinkOptions) (*RawLink, error) { } func loadPinnedRawLink(fileName string, opts *ebpf.LoadPinOptions) (*RawLink, error) { - fd, typ, err := sys.ObjGetTyped(&sys.ObjGetAttr{ + fd, err := sys.ObjGet(&sys.ObjGetAttr{ Pathname: sys.NewStringPointer(fileName), FileFlags: opts.Marshal(), }) @@ -360,11 +358,6 @@ func loadPinnedRawLink(fileName string, opts *ebpf.LoadPinOptions) (*RawLink, er return nil, fmt.Errorf("load pinned link: %w", err) } - if typ != sys.BPF_TYPE_LINK { - _ = fd.Close() - return nil, fmt.Errorf("%s is not a Link", fileName) - } - return &RawLink{fd, fileName}, nil } @@ -387,7 +380,7 @@ func (l *RawLink) Close() error { // Calling Close on a pinned Link will not break the link // until the pin is removed. func (l *RawLink) Pin(fileName string) error { - if err := sys.Pin(l.pinnedPath, fileName, l.fd); err != nil { + if err := internal.Pin(l.pinnedPath, fileName, l.fd); err != nil { return err } l.pinnedPath = fileName @@ -396,7 +389,7 @@ func (l *RawLink) Pin(fileName string) error { // Unpin implements the Link interface. func (l *RawLink) Unpin() error { - if err := sys.Unpin(l.pinnedPath); err != nil { + if err := internal.Unpin(l.pinnedPath); err != nil { return err } l.pinnedPath = "" diff --git a/vendor/github.com/cilium/ebpf/link/netfilter.go b/vendor/github.com/cilium/ebpf/link/netfilter.go index 9436d11df93..34be3908597 100644 --- a/vendor/github.com/cilium/ebpf/link/netfilter.go +++ b/vendor/github.com/cilium/ebpf/link/netfilter.go @@ -63,7 +63,7 @@ func AttachNetfilter(opts NetfilterOptions) (Link, error) { return &netfilterLink{RawLink{fd, ""}}, nil } -func (*netfilterLink) Update(_ *ebpf.Program) error { +func (*netfilterLink) Update(new *ebpf.Program) error { return fmt.Errorf("netfilter update: %w", ErrNotSupported) } diff --git a/vendor/github.com/cilium/ebpf/link/perf_event.go b/vendor/github.com/cilium/ebpf/link/perf_event.go index 7440e8b292a..1d8feb58c1c 100644 --- a/vendor/github.com/cilium/ebpf/link/perf_event.go +++ b/vendor/github.com/cilium/ebpf/link/perf_event.go @@ -115,7 +115,7 @@ func (pl *perfEventLink) Close() error { return nil } -func (pl *perfEventLink) Update(_ *ebpf.Program) error { +func (pl *perfEventLink) Update(prog *ebpf.Program) error { return fmt.Errorf("perf event link update: %w", ErrNotSupported) } @@ -185,7 +185,7 @@ func (pi *perfEventIoctl) isLink() {} // // Detaching a program from a perf event is currently not possible, so a // program replacement mechanism cannot be implemented for perf events. -func (pi *perfEventIoctl) Update(_ *ebpf.Program) error { +func (pi *perfEventIoctl) Update(prog *ebpf.Program) error { return fmt.Errorf("perf event ioctl update: %w", ErrNotSupported) } @@ -303,7 +303,7 @@ func openTracepointPerfEvent(tid uint64, pid int) (*sys.FD, error) { // // https://elixir.bootlin.com/linux/v5.16.8/source/kernel/bpf/syscall.c#L4307 // https://github.com/torvalds/linux/commit/b89fbfbb854c9afc3047e8273cc3a694650b802e -var haveBPFLinkPerfEvent = internal.NewFeatureTest("bpf_link_perf_event", func() error { +var haveBPFLinkPerfEvent = internal.NewFeatureTest("bpf_link_perf_event", "5.15", func() error { prog, err := ebpf.NewProgram(&ebpf.ProgramSpec{ Name: "probe_bpf_perf_link", Type: ebpf.Kprobe, @@ -329,4 +329,4 @@ var haveBPFLinkPerfEvent = internal.NewFeatureTest("bpf_link_perf_event", func() return nil } return err -}, "5.15") +}) diff --git a/vendor/github.com/cilium/ebpf/link/syscalls.go b/vendor/github.com/cilium/ebpf/link/syscalls.go index 25951b017dd..d09b5acb0f3 100644 --- a/vendor/github.com/cilium/ebpf/link/syscalls.go +++ b/vendor/github.com/cilium/ebpf/link/syscalls.go @@ -30,7 +30,7 @@ const ( NetkitType = sys.BPF_LINK_TYPE_NETKIT ) -var haveProgAttach = internal.NewFeatureTest("BPF_PROG_ATTACH", func() error { +var haveProgAttach = internal.NewFeatureTest("BPF_PROG_ATTACH", "4.10", func() error { prog, err := ebpf.NewProgram(&ebpf.ProgramSpec{ Type: ebpf.CGroupSKB, License: "MIT", @@ -48,9 +48,9 @@ var haveProgAttach = internal.NewFeatureTest("BPF_PROG_ATTACH", func() error { // have the syscall. prog.Close() return nil -}, "4.10") +}) -var haveProgAttachReplace = internal.NewFeatureTest("BPF_PROG_ATTACH atomic replacement of MULTI progs", func() error { +var haveProgAttachReplace = internal.NewFeatureTest("BPF_PROG_ATTACH atomic replacement of MULTI progs", "5.5", func() error { if err := haveProgAttach(); err != nil { return err } @@ -90,9 +90,9 @@ var haveProgAttachReplace = internal.NewFeatureTest("BPF_PROG_ATTACH atomic repl return nil } return err -}, "5.5") +}) -var haveBPFLink = internal.NewFeatureTest("bpf_link", func() error { +var haveBPFLink = internal.NewFeatureTest("bpf_link", "5.7", func() error { attr := sys.LinkCreateAttr{ // This is a hopefully invalid file descriptor, which triggers EBADF. TargetFd: ^uint32(0), @@ -107,9 +107,9 @@ var haveBPFLink = internal.NewFeatureTest("bpf_link", func() error { return nil } return err -}, "5.7") +}) -var haveProgQuery = internal.NewFeatureTest("BPF_PROG_QUERY", func() error { +var haveProgQuery = internal.NewFeatureTest("BPF_PROG_QUERY", "4.15", func() error { attr := sys.ProgQueryAttr{ // We rely on this being checked during the syscall. // With an otherwise correct payload we expect EBADF here @@ -127,9 +127,9 @@ var haveProgQuery = internal.NewFeatureTest("BPF_PROG_QUERY", func() error { return ErrNotSupported } return errors.New("syscall succeeded unexpectedly") -}, "4.15") +}) -var haveTCX = internal.NewFeatureTest("tcx", func() error { +var haveTCX = internal.NewFeatureTest("tcx", "6.6", func() error { prog, err := ebpf.NewProgram(&ebpf.ProgramSpec{ Type: ebpf.SchedCLS, License: "MIT", @@ -162,9 +162,9 @@ var haveTCX = internal.NewFeatureTest("tcx", func() error { return ErrNotSupported } return errors.New("syscall succeeded unexpectedly") -}, "6.6") +}) -var haveNetkit = internal.NewFeatureTest("netkit", func() error { +var haveNetkit = internal.NewFeatureTest("netkit", "6.7", func() error { prog, err := ebpf.NewProgram(&ebpf.ProgramSpec{ Type: ebpf.SchedCLS, License: "MIT", @@ -197,4 +197,4 @@ var haveNetkit = internal.NewFeatureTest("netkit", func() error { return ErrNotSupported } return errors.New("syscall succeeded unexpectedly") -}, "6.7") +}) diff --git a/vendor/github.com/cilium/ebpf/link/tracing.go b/vendor/github.com/cilium/ebpf/link/tracing.go index a461007f9f5..9e570afc96a 100644 --- a/vendor/github.com/cilium/ebpf/link/tracing.go +++ b/vendor/github.com/cilium/ebpf/link/tracing.go @@ -14,7 +14,7 @@ type tracing struct { RawLink } -func (f *tracing) Update(_ *ebpf.Program) error { +func (f *tracing) Update(new *ebpf.Program) error { return fmt.Errorf("tracing update: %w", ErrNotSupported) } diff --git a/vendor/github.com/cilium/ebpf/link/uprobe.go b/vendor/github.com/cilium/ebpf/link/uprobe.go index 1852a3fadd2..194d1d319a7 100644 --- a/vendor/github.com/cilium/ebpf/link/uprobe.go +++ b/vendor/github.com/cilium/ebpf/link/uprobe.go @@ -16,7 +16,7 @@ var ( uprobeRefCtrOffsetPMUPath = "/sys/bus/event_source/devices/uprobe/format/ref_ctr_offset" // elixir.bootlin.com/linux/v5.15-rc7/source/kernel/events/core.c#L9799 uprobeRefCtrOffsetShift = 32 - haveRefCtrOffsetPMU = internal.NewFeatureTest("RefCtrOffsetPMU", func() error { + haveRefCtrOffsetPMU = internal.NewFeatureTest("RefCtrOffsetPMU", "4.20", func() error { _, err := os.Stat(uprobeRefCtrOffsetPMUPath) if errors.Is(err, os.ErrNotExist) { return internal.ErrNotSupported @@ -25,7 +25,7 @@ var ( return err } return nil - }, "4.20") + }) // ErrNoSymbol indicates that the given symbol was not found // in the ELF symbols table. @@ -321,7 +321,7 @@ func (ex *Executable) uprobe(symbol string, prog *ebpf.Program, opts *UprobeOpti if err == nil { return tp, nil } - if !errors.Is(err, ErrNotSupported) { + if err != nil && !errors.Is(err, ErrNotSupported) { return nil, fmt.Errorf("creating perf_uprobe PMU: %w", err) } diff --git a/vendor/github.com/cilium/ebpf/link/uprobe_multi.go b/vendor/github.com/cilium/ebpf/link/uprobe_multi.go index 49dc18b4492..aea807b329a 100644 --- a/vendor/github.com/cilium/ebpf/link/uprobe_multi.go +++ b/vendor/github.com/cilium/ebpf/link/uprobe_multi.go @@ -47,7 +47,7 @@ func (ex *Executable) UretprobeMulti(symbols []string, prog *ebpf.Program, opts // The return probe is not limited for symbols entry, so there's no special // setup for return uprobes (other than the extra flag). The symbols, opts.Offsets // and opts.Addresses arrays follow the same logic as for entry uprobes. - return ex.uprobeMulti(symbols, prog, opts, sys.BPF_F_UPROBE_MULTI_RETURN) + return ex.uprobeMulti(symbols, prog, opts, unix.BPF_F_UPROBE_MULTI_RETURN) } func (ex *Executable) uprobeMulti(symbols []string, prog *ebpf.Program, opts *UprobeMultiOptions, flags uint32) (Link, error) { @@ -99,11 +99,8 @@ func (ex *Executable) uprobeMulti(symbols []string, prog *ebpf.Program, opts *Up if errors.Is(err, unix.ESRCH) { return nil, fmt.Errorf("%w (specified pid not found?)", os.ErrNotExist) } - // Since Linux commit 46ba0e49b642 ("bpf: fix multi-uprobe PID filtering - // logic"), if the provided pid overflows MaxInt32 (turning it negative), the - // kernel will return EINVAL instead of ESRCH. if errors.Is(err, unix.EINVAL) { - return nil, fmt.Errorf("%w (invalid pid, missing symbol or prog's AttachType not AttachTraceUprobeMulti?)", err) + return nil, fmt.Errorf("%w (missing symbol or prog's AttachType not AttachTraceUprobeMulti?)", err) } if err != nil { @@ -171,11 +168,11 @@ type uprobeMultiLink struct { var _ Link = (*uprobeMultiLink)(nil) -func (kml *uprobeMultiLink) Update(_ *ebpf.Program) error { +func (kml *uprobeMultiLink) Update(prog *ebpf.Program) error { return fmt.Errorf("update uprobe_multi: %w", ErrNotSupported) } -var haveBPFLinkUprobeMulti = internal.NewFeatureTest("bpf_link_uprobe_multi", func() error { +var haveBPFLinkUprobeMulti = internal.NewFeatureTest("bpf_link_uprobe_multi", "6.6", func() error { prog, err := ebpf.NewProgram(&ebpf.ProgramSpec{ Name: "probe_upm_link", Type: ebpf.Kprobe, @@ -216,4 +213,4 @@ var haveBPFLinkUprobeMulti = internal.NewFeatureTest("bpf_link_uprobe_multi", fu // should not happen fd.Close() return errors.New("successfully attached uprobe_multi to /, kernel bug?") -}, "6.6") +}) diff --git a/vendor/github.com/cilium/ebpf/linker.go b/vendor/github.com/cilium/ebpf/linker.go index 6f97af27840..788f21b7b6f 100644 --- a/vendor/github.com/cilium/ebpf/linker.go +++ b/vendor/github.com/cilium/ebpf/linker.go @@ -9,12 +9,10 @@ import ( "io/fs" "math" "slices" - "strings" "github.com/cilium/ebpf/asm" "github.com/cilium/ebpf/btf" "github.com/cilium/ebpf/internal" - "github.com/cilium/ebpf/internal/kallsyms" ) // handles stores handle objects to avoid gc cleanup @@ -459,42 +457,3 @@ func resolveKconfigReferences(insns asm.Instructions) (_ *Map, err error) { return kconfig, nil } - -func resolveKsymReferences(insns asm.Instructions) error { - var missing []string - - iter := insns.Iterate() - for iter.Next() { - ins := iter.Ins - meta, _ := ins.Metadata.Get(ksymMetaKey{}).(*ksymMeta) - if meta == nil { - continue - } - - addr, err := kallsyms.Address(meta.Name) - if err != nil { - return fmt.Errorf("resolve ksym %s: %w", meta.Name, err) - } - if addr != 0 { - ins.Constant = int64(addr) - continue - } - - if meta.Binding == elf.STB_WEAK { - // A weak ksym variable in eBPF C means its resolution is optional. - // Set a zero constant explicitly for clarity. - ins.Constant = 0 - continue - } - - if !slices.Contains(missing, meta.Name) { - missing = append(missing, meta.Name) - } - } - - if len(missing) > 0 { - return fmt.Errorf("kernel is missing symbol: %s", strings.Join(missing, ",")) - } - - return nil -} diff --git a/vendor/github.com/cilium/ebpf/map.go b/vendor/github.com/cilium/ebpf/map.go index e5d8bd78095..0b62101c3cb 100644 --- a/vendor/github.com/cilium/ebpf/map.go +++ b/vendor/github.com/cilium/ebpf/map.go @@ -66,13 +66,16 @@ type MapSpec struct { Pinning PinType // Specify numa node during map creation - // (effective only if sys.BPF_F_NUMA_NODE flag is set, + // (effective only if unix.BPF_F_NUMA_NODE flag is set, // which can be imported from golang.org/x/sys/unix) NumaNode uint32 // The initial contents of the map. May be nil. Contents []MapKV + // Whether to freeze a map after setting its initial contents. + Freeze bool + // InnerMap is used as a template for ArrayOfMaps and HashOfMaps InnerMap *MapSpec @@ -158,17 +161,6 @@ func (spec *MapSpec) fixupMagicFields() (*MapSpec, error) { // behaviour in the past. spec.MaxEntries = n } - - case CPUMap: - n, err := PossibleCPU() - if err != nil { - return nil, fmt.Errorf("fixup cpu map: %w", err) - } - - if n := uint32(n); spec.MaxEntries == 0 || spec.MaxEntries > n { - // Perform clamping similar to PerfEventArray. - spec.MaxEntries = n - } } return spec, nil @@ -198,14 +190,6 @@ func (ms *MapSpec) dataSection() ([]byte, *btf.Datasec, error) { return value, ds, nil } -func (ms *MapSpec) readOnly() bool { - return (ms.Flags & sys.BPF_F_RDONLY_PROG) > 0 -} - -func (ms *MapSpec) writeOnly() bool { - return (ms.Flags & sys.BPF_F_WRONLY_PROG) > 0 -} - // MapKV is used to initialize the contents of a Map. type MapKV struct { Key interface{} @@ -238,7 +222,7 @@ func (ms *MapSpec) Compatible(m *Map) error { // BPF_F_RDONLY_PROG is set unconditionally for devmaps. Explicitly allow this // mismatch. - if !((ms.Type == DevMap || ms.Type == DevMapHash) && m.flags^ms.Flags == sys.BPF_F_RDONLY_PROG) && + if !((ms.Type == DevMap || ms.Type == DevMapHash) && m.flags^ms.Flags == unix.BPF_F_RDONLY_PROG) && m.flags != ms.Flags { diffs = append(diffs, fmt.Sprintf("Flags: %d changed to %d", m.flags, ms.Flags)) } @@ -270,8 +254,6 @@ type Map struct { pinnedPath string // Per CPU maps return values larger than the size in the spec fullValueSize int - - memory *Memory } // NewMapFromFD creates a map from a raw fd. @@ -377,7 +359,7 @@ func newMapWithOptions(spec *MapSpec, opts MapOptions) (_ *Map, err error) { return nil, errors.New("inner maps cannot be pinned") } - template, err := spec.InnerMap.createMap(nil) + template, err := spec.InnerMap.createMap(nil, opts) if err != nil { return nil, fmt.Errorf("inner map: %w", err) } @@ -389,7 +371,7 @@ func newMapWithOptions(spec *MapSpec, opts MapOptions) (_ *Map, err error) { innerFd = template.fd } - m, err := spec.createMap(innerFd) + m, err := spec.createMap(innerFd, opts) if err != nil { return nil, err } @@ -405,54 +387,9 @@ func newMapWithOptions(spec *MapSpec, opts MapOptions) (_ *Map, err error) { return m, nil } -// Memory returns a memory-mapped region for the Map. The Map must have been -// created with the BPF_F_MMAPABLE flag. Repeated calls to Memory return the -// same mapping. Callers are responsible for coordinating access to Memory. -func (m *Map) Memory() (*Memory, error) { - if m.memory != nil { - return m.memory, nil - } - - if m.flags&sys.BPF_F_MMAPABLE == 0 { - return nil, fmt.Errorf("Map was not created with the BPF_F_MMAPABLE flag: %w", ErrNotSupported) - } - - size, err := m.memorySize() - if err != nil { - return nil, err - } - - mm, err := newMemory(m.FD(), size) - if err != nil { - return nil, fmt.Errorf("creating new Memory: %w", err) - } - - m.memory = mm - - return mm, nil -} - -func (m *Map) memorySize() (int, error) { - switch m.Type() { - case Array: - // In Arrays, values are always laid out on 8-byte boundaries regardless of - // architecture. Multiply by MaxEntries and align the result to the host's - // page size. - size := int(internal.Align(m.ValueSize(), 8) * m.MaxEntries()) - size = internal.Align(size, os.Getpagesize()) - return size, nil - case Arena: - // For Arenas, MaxEntries denotes the maximum number of pages available to - // the arena. - return int(m.MaxEntries()) * os.Getpagesize(), nil - } - - return 0, fmt.Errorf("determine memory size of map type %s: %w", m.Type(), ErrNotSupported) -} - // createMap validates the spec's properties and creates the map in the kernel // using the given opts. It does not populate or freeze the map. -func (spec *MapSpec) createMap(inner *sys.FD) (_ *Map, err error) { +func (spec *MapSpec) createMap(inner *sys.FD, opts MapOptions) (_ *Map, err error) { closeOnError := func(closer io.Closer) { if err != nil { closer.Close() @@ -479,7 +416,7 @@ func (spec *MapSpec) createMap(inner *sys.FD) (_ *Map, err error) { KeySize: spec.KeySize, ValueSize: spec.ValueSize, MaxEntries: spec.MaxEntries, - MapFlags: spec.Flags, + MapFlags: sys.MapFlags(spec.Flags), NumaNode: spec.NumaNode, } @@ -537,32 +474,32 @@ func handleMapCreateError(attr sys.MapCreateAttr, spec *MapSpec, err error) erro if errors.Is(err, unix.EINVAL) && spec.Type == UnspecifiedMap { return fmt.Errorf("map create: cannot use type %s", UnspecifiedMap) } - if errors.Is(err, unix.EINVAL) && spec.Flags&sys.BPF_F_NO_PREALLOC > 0 { + if errors.Is(err, unix.EINVAL) && spec.Flags&unix.BPF_F_NO_PREALLOC > 0 { return fmt.Errorf("map create: %w (noPrealloc flag may be incompatible with map type %s)", err, spec.Type) } - if spec.Type.canStoreMap() { + switch spec.Type { + case ArrayOfMaps, HashOfMaps: if haveFeatErr := haveNestedMaps(); haveFeatErr != nil { return fmt.Errorf("map create: %w", haveFeatErr) } } - - if spec.readOnly() || spec.writeOnly() { + if spec.Flags&(unix.BPF_F_RDONLY_PROG|unix.BPF_F_WRONLY_PROG) > 0 || spec.Freeze { if haveFeatErr := haveMapMutabilityModifiers(); haveFeatErr != nil { return fmt.Errorf("map create: %w", haveFeatErr) } } - if spec.Flags&sys.BPF_F_MMAPABLE > 0 { + if spec.Flags&unix.BPF_F_MMAPABLE > 0 { if haveFeatErr := haveMmapableMaps(); haveFeatErr != nil { return fmt.Errorf("map create: %w", haveFeatErr) } } - if spec.Flags&sys.BPF_F_INNER_MAP > 0 { + if spec.Flags&unix.BPF_F_INNER_MAP > 0 { if haveFeatErr := haveInnerMaps(); haveFeatErr != nil { return fmt.Errorf("map create: %w", haveFeatErr) } } - if spec.Flags&sys.BPF_F_NO_PREALLOC > 0 { + if spec.Flags&unix.BPF_F_NO_PREALLOC > 0 { if haveFeatErr := haveNoPreallocMaps(); haveFeatErr != nil { return fmt.Errorf("map create: %w", haveFeatErr) } @@ -593,7 +530,6 @@ func newMap(fd *sys.FD, name string, typ MapType, keySize, valueSize, maxEntries flags, "", int(valueSize), - nil, } if !typ.hasPerCPUValue() { @@ -641,12 +577,7 @@ func (m *Map) Flags() uint32 { return m.flags } -// Info returns metadata about the map. This was first introduced in Linux 4.5, -// but newer kernels support more MapInfo fields with the introduction of more -// features. See [MapInfo] and its methods for more details. -// -// Returns an error wrapping ErrNotSupported if the kernel supports neither -// BPF_OBJ_GET_INFO_BY_FD nor reading map information from /proc/self/fdinfo. +// Info returns metadata about the map. func (m *Map) Info() (*MapInfo, error) { return newMapInfoFromFd(m.fd) } @@ -673,7 +604,7 @@ func (m *Map) Handle() (*btf.Handle, error) { type MapLookupFlags uint64 // LookupLock look up the value of a spin-locked map. -const LookupLock MapLookupFlags = sys.BPF_F_LOCK +const LookupLock MapLookupFlags = unix.BPF_F_LOCK // Lookup retrieves a value from a Map. // @@ -1405,7 +1336,6 @@ func (m *Map) Clone() (*Map, error) { m.flags, "", m.fullValueSize, - nil, }, nil } @@ -1419,7 +1349,7 @@ func (m *Map) Clone() (*Map, error) { // This requires bpffs to be mounted above fileName. // See https://docs.cilium.io/en/stable/network/kubernetes/configuration/#mounting-bpffs-with-systemd func (m *Map) Pin(fileName string) error { - if err := sys.Pin(m.pinnedPath, fileName, m.fd); err != nil { + if err := internal.Pin(m.pinnedPath, fileName, m.fd); err != nil { return err } m.pinnedPath = fileName @@ -1432,7 +1362,7 @@ func (m *Map) Pin(fileName string) error { // // Unpinning an unpinned Map returns nil. func (m *Map) Unpin() error { - if err := sys.Unpin(m.pinnedPath); err != nil { + if err := internal.Unpin(m.pinnedPath); err != nil { return err } m.pinnedPath = "" @@ -1470,7 +1400,7 @@ func (m *Map) finalize(spec *MapSpec) error { } } - if isConstantDataSection(spec.Name) || isKconfigSection(spec.Name) { + if spec.Freeze { if err := m.Freeze(); err != nil { return fmt.Errorf("freezing map: %w", err) } @@ -1571,11 +1501,9 @@ func (m *Map) unmarshalValue(value any, buf sysenc.Buffer) error { return buf.Unmarshal(value) } -// LoadPinnedMap opens a Map from a pin (file) on the BPF virtual filesystem. -// -// Requires at least Linux 4.5. +// LoadPinnedMap loads a Map from a BPF file. func LoadPinnedMap(fileName string, opts *LoadPinOptions) (*Map, error) { - fd, typ, err := sys.ObjGetTyped(&sys.ObjGetAttr{ + fd, err := sys.ObjGet(&sys.ObjGetAttr{ Pathname: sys.NewStringPointer(fileName), FileFlags: opts.Marshal(), }) @@ -1583,11 +1511,6 @@ func LoadPinnedMap(fileName string, opts *LoadPinOptions) (*Map, error) { return nil, err } - if typ != sys.BPF_TYPE_MAP { - _ = fd.Close() - return nil, fmt.Errorf("%s is not a Map", fileName) - } - m, err := newMapFromFD(fd) if err == nil { m.pinnedPath = fileName @@ -1607,10 +1530,6 @@ func unmarshalMap(buf sysenc.Buffer) (*Map, error) { // marshalMap marshals the fd of a map into a buffer in host endianness. func marshalMap(m *Map, length int) ([]byte, error) { - if m == nil { - return nil, errors.New("can't marshal a nil Map") - } - if length != 4 { return nil, fmt.Errorf("can't marshal map to %d bytes", length) } diff --git a/vendor/github.com/cilium/ebpf/memory.go b/vendor/github.com/cilium/ebpf/memory.go deleted file mode 100644 index 312c967131a..00000000000 --- a/vendor/github.com/cilium/ebpf/memory.go +++ /dev/null @@ -1,145 +0,0 @@ -package ebpf - -import ( - "errors" - "fmt" - "io" - "runtime" - - "github.com/cilium/ebpf/internal/unix" -) - -// Memory is the building block for accessing the memory of specific bpf map -// types (Array and Arena at the time of writing) without going through the bpf -// syscall interface. -// -// Given the fd of a bpf map created with the BPF_F_MMAPABLE flag, a shared -// 'file'-based memory-mapped region can be allocated in the process' address -// space, exposing the bpf map's memory by simply accessing a memory location. - -var ErrReadOnly = errors.New("resource is read-only") - -// Memory implements accessing a Map's memory without making any syscalls. -// Pay attention to the difference between Go and C struct alignment rules. Use -// [structs.HostLayout] on supported Go versions to help with alignment. -// -// Note on memory coherence: avoid using packed structs in memory shared between -// user space and eBPF C programs. This drops a struct's memory alignment to 1, -// forcing the compiler to use single-byte loads and stores for field accesses. -// This may lead to partially-written data to be observed from user space. -// -// On most architectures, the memmove implementation used by Go's copy() will -// access data in word-sized chunks. If paired with a matching access pattern on -// the eBPF C side (and if using default memory alignment), accessing shared -// memory without atomics or other synchronization primitives should be sound -// for individual values. For accesses beyond a single value, the usual -// concurrent programming rules apply. -type Memory struct { - b []byte - ro bool -} - -func newMemory(fd, size int) (*Memory, error) { - // Typically, maps created with BPF_F_RDONLY_PROG remain writable from user - // space until frozen. As a security precaution, the kernel doesn't allow - // mapping bpf map memory as read-write into user space if the bpf map was - // frozen, or if it was created using the RDONLY_PROG flag. - // - // The user would be able to write to the map after freezing (since the kernel - // can't change the protection mode of an already-mapped page), while the - // verifier assumes the contents to be immutable. - b, err := unix.Mmap(fd, 0, size, unix.PROT_READ|unix.PROT_WRITE, unix.MAP_SHARED) - - // If the map is frozen when an rw mapping is requested, expect EPERM. If the - // map was created with BPF_F_RDONLY_PROG, expect EACCES. - var ro bool - if errors.Is(err, unix.EPERM) || errors.Is(err, unix.EACCES) { - ro = true - b, err = unix.Mmap(fd, 0, size, unix.PROT_READ, unix.MAP_SHARED) - } - if err != nil { - return nil, fmt.Errorf("setting up memory-mapped region: %w", err) - } - - mm := &Memory{ - b, - ro, - } - runtime.SetFinalizer(mm, (*Memory).close) - - return mm, nil -} - -func (mm *Memory) close() { - if err := unix.Munmap(mm.b); err != nil { - panic(fmt.Errorf("unmapping memory: %w", err)) - } - mm.b = nil -} - -// Size returns the size of the memory-mapped region in bytes. -func (mm *Memory) Size() int { - return len(mm.b) -} - -// ReadOnly returns true if the memory-mapped region is read-only. -func (mm *Memory) ReadOnly() bool { - return mm.ro -} - -// bounds returns true if an access at off of the given size is within bounds. -func (mm *Memory) bounds(off uint64, size uint64) bool { - return off+size < uint64(len(mm.b)) -} - -// ReadAt implements [io.ReaderAt]. Useful for creating a new [io.OffsetWriter]. -// -// See [Memory] for details around memory coherence. -func (mm *Memory) ReadAt(p []byte, off int64) (int, error) { - if mm.b == nil { - return 0, fmt.Errorf("memory-mapped region closed") - } - - if p == nil { - return 0, fmt.Errorf("input buffer p is nil") - } - - if off < 0 || off >= int64(len(mm.b)) { - return 0, fmt.Errorf("read offset out of range") - } - - n := copy(p, mm.b[off:]) - if n < len(p) { - return n, io.EOF - } - - return n, nil -} - -// WriteAt implements [io.WriterAt]. Useful for creating a new -// [io.SectionReader]. -// -// See [Memory] for details around memory coherence. -func (mm *Memory) WriteAt(p []byte, off int64) (int, error) { - if mm.b == nil { - return 0, fmt.Errorf("memory-mapped region closed") - } - if mm.ro { - return 0, fmt.Errorf("memory-mapped region not writable: %w", ErrReadOnly) - } - - if p == nil { - return 0, fmt.Errorf("output buffer p is nil") - } - - if off < 0 || off >= int64(len(mm.b)) { - return 0, fmt.Errorf("write offset out of range") - } - - n := copy(mm.b[off:], p) - if n < len(p) { - return n, io.EOF - } - - return n, nil -} diff --git a/vendor/github.com/cilium/ebpf/prog.go b/vendor/github.com/cilium/ebpf/prog.go index 4f3ce43bfae..9bc6325f887 100644 --- a/vendor/github.com/cilium/ebpf/prog.go +++ b/vendor/github.com/cilium/ebpf/prog.go @@ -16,7 +16,6 @@ import ( "github.com/cilium/ebpf/btf" "github.com/cilium/ebpf/internal" "github.com/cilium/ebpf/internal/kallsyms" - "github.com/cilium/ebpf/internal/linux" "github.com/cilium/ebpf/internal/sys" "github.com/cilium/ebpf/internal/sysenc" "github.com/cilium/ebpf/internal/unix" @@ -47,15 +46,14 @@ const ( outputPad = 256 + 2 ) +// Deprecated: the correct log size is now detected automatically and this +// constant is unused. +const DefaultVerifierLogSize = 64 * 1024 + // minVerifierLogSize is the default number of bytes allocated for the // verifier log. const minVerifierLogSize = 64 * 1024 -// maxVerifierLogSize is the maximum size of verifier log buffer the kernel -// will accept before returning EINVAL. May be increased to MaxUint32 in the -// future, but avoid the unnecessary EINVAL for now. -const maxVerifierLogSize = math.MaxUint32 >> 2 - // ProgramOptions control loading a program into the kernel. type ProgramOptions struct { // Bitmap controlling the detail emitted by the kernel's eBPF verifier log. @@ -75,10 +73,9 @@ type ProgramOptions struct { // attempt at loading the program. LogLevel LogLevel - // Starting size of the verifier log buffer. If the verifier log is larger - // than this size, the buffer will be grown to fit the entire log. Leave at - // its default value unless troubleshooting. - LogSizeStart uint32 + // Deprecated: the correct log buffer size is determined automatically + // and this field is ignored. + LogSize int // Disables the verifier log completely, regardless of other options. LogDisabled bool @@ -165,35 +162,26 @@ func (ps *ProgramSpec) Tag() (string, error) { return ps.Instructions.Tag(internal.NativeEndian) } -// kernelModule returns the kernel module providing the symbol in -// ProgramSpec.AttachTo, if any. Returns an empty string if the symbol is not -// present or not part of a kernel module. -func (ps *ProgramSpec) kernelModule() (string, error) { - if ps.AttachTo == "" && ps.targetsKernelModule() { - return kallsyms.Module(ps.AttachTo) - } - - return "", nil -} - -// targetsKernelModule returns true if the program supports being attached to a -// symbol provided by a kernel module. -func (ps *ProgramSpec) targetsKernelModule() bool { +// KernelModule returns the kernel module, if any, the AttachTo function is contained in. +func (ps *ProgramSpec) KernelModule() (string, error) { if ps.AttachTo == "" { - return false + return "", nil } switch ps.Type { + default: + return "", nil case Tracing: switch ps.AttachType { - case AttachTraceFEntry, AttachTraceFExit: - return true + default: + return "", nil + case AttachTraceFEntry: + case AttachTraceFExit: } + fallthrough case Kprobe: - return true + return kallsyms.KernelModule(ps.AttachTo) } - - return false } // VerifierError is returned by [NewProgram] and [NewProgramWithOptions] if a @@ -273,7 +261,7 @@ func newProgramWithOptions(spec *ProgramSpec, opts ProgramOptions) (*Program, er // Overwrite Kprobe program version if set to zero or the magic version constant. kv := spec.KernelVersion if spec.Type == Kprobe && (kv == 0 || kv == internal.MagicKernelVersion) { - v, err := linux.KernelVersion() + v, err := internal.KernelVersion() if err != nil { return nil, fmt.Errorf("detecting kernel version: %w", err) } @@ -295,7 +283,7 @@ func newProgramWithOptions(spec *ProgramSpec, opts ProgramOptions) (*Program, er insns := make(asm.Instructions, len(spec.Instructions)) copy(insns, spec.Instructions) - kmodName, err := spec.kernelModule() + kmodName, err := spec.KernelModule() if err != nil { return nil, fmt.Errorf("kernel module search: %w", err) } @@ -356,10 +344,6 @@ func newProgramWithOptions(spec *ProgramSpec, opts ProgramOptions) (*Program, er } defer kconfig.Close() - if err := resolveKsymReferences(insns); err != nil { - return nil, fmt.Errorf("resolve .ksyms: %w", err) - } - if err := fixupAndValidate(insns); err != nil { return nil, err } @@ -411,10 +395,9 @@ func newProgramWithOptions(spec *ProgramSpec, opts ProgramOptions) (*Program, er // The caller requested a specific verifier log level. Set up the log buffer // so that there is a chance of loading the program in a single shot. - logSize := internal.Between(opts.LogSizeStart, minVerifierLogSize, maxVerifierLogSize) var logBuf []byte if !opts.LogDisabled && opts.LogLevel != 0 { - logBuf = make([]byte, logSize) + logBuf = make([]byte, minVerifierLogSize) attr.LogLevel = opts.LogLevel attr.LogSize = uint32(len(logBuf)) attr.LogBuf = sys.NewSlicePointer(logBuf) @@ -448,11 +431,12 @@ func newProgramWithOptions(spec *ProgramSpec, opts ProgramOptions) (*Program, er attr.LogLevel = LogLevelBranch } - // Make an educated guess how large the buffer should be by multiplying. - // Ensure the size doesn't overflow. - const factor = 2 - logSize = internal.Between(logSize, minVerifierLogSize, maxVerifierLogSize/factor) - logSize *= factor + // Make an educated guess how large the buffer should be. Start + // at minVerifierLogSize and then double the size. + logSize := uint32(max(len(logBuf)*2, minVerifierLogSize)) + if int(logSize) < len(logBuf) { + return nil, errors.New("overflow while probing log buffer size") + } if attr.LogTrueSize != 0 { // The kernel has given us a hint how large the log buffer has to be. @@ -478,12 +462,6 @@ func newProgramWithOptions(spec *ProgramSpec, opts ProgramOptions) (*Program, er return nil, fmt.Errorf("load program: %w (MEMLOCK may be too low, consider rlimit.RemoveMemlock)", err) } - case errors.Is(err, unix.EFAULT): - // EFAULT is returned when the kernel hits a verifier bug, and always - // overrides ENOSPC, defeating the buffer growth strategy. Warn the user - // that they may need to increase the buffer size manually. - return nil, fmt.Errorf("load program: %w (hit verifier bug, increase LogSizeStart to fit the log and check dmesg)", err) - case errors.Is(err, unix.EINVAL): if bytes.Contains(tail, coreBadCall) { err = errBadRelocation @@ -620,7 +598,7 @@ func (p *Program) Clone() (*Program, error) { // This requires bpffs to be mounted above fileName. // See https://docs.cilium.io/en/stable/network/kubernetes/configuration/#mounting-bpffs-with-systemd func (p *Program) Pin(fileName string) error { - if err := sys.Pin(p.pinnedPath, fileName, p.fd); err != nil { + if err := internal.Pin(p.pinnedPath, fileName, p.fd); err != nil { return err } p.pinnedPath = fileName @@ -633,7 +611,7 @@ func (p *Program) Pin(fileName string) error { // // Unpinning an unpinned Program returns nil. func (p *Program) Unpin() error { - if err := sys.Unpin(p.pinnedPath); err != nil { + if err := internal.Unpin(p.pinnedPath); err != nil { return err } p.pinnedPath = "" @@ -721,10 +699,6 @@ func (p *Program) Test(in []byte) (uint32, []byte, error) { // // Note: the same restrictions from Test apply. func (p *Program) Run(opts *RunOptions) (uint32, error) { - if opts == nil { - opts = &RunOptions{} - } - ret, _, err := p.run(opts) if err != nil { return ret, fmt.Errorf("run program: %w", err) @@ -758,7 +732,7 @@ func (p *Program) Benchmark(in []byte, repeat int, reset func()) (uint32, time.D return ret, total, nil } -var haveProgRun = internal.NewFeatureTest("BPF_PROG_RUN", func() error { +var haveProgRun = internal.NewFeatureTest("BPF_PROG_RUN", "4.12", func() error { prog, err := NewProgram(&ProgramSpec{ // SocketFilter does not require privileges on newer kernels. Type: SocketFilter, @@ -800,7 +774,7 @@ var haveProgRun = internal.NewFeatureTest("BPF_PROG_RUN", func() error { } return err -}, "4.12") +}) func (p *Program) run(opts *RunOptions) (uint32, time.Duration, error) { if uint(len(opts.Data)) > math.MaxUint32 { @@ -909,10 +883,6 @@ func unmarshalProgram(buf sysenc.Buffer) (*Program, error) { } func marshalProgram(p *Program, length int) ([]byte, error) { - if p == nil { - return nil, errors.New("can't marshal a nil Program") - } - if length != 4 { return nil, fmt.Errorf("can't marshal program to %d bytes", length) } @@ -922,12 +892,11 @@ func marshalProgram(p *Program, length int) ([]byte, error) { return buf, nil } -// LoadPinnedProgram loads a Program from a pin (file) on the BPF virtual -// filesystem. +// LoadPinnedProgram loads a Program from a BPF file. // // Requires at least Linux 4.11. func LoadPinnedProgram(fileName string, opts *LoadPinOptions) (*Program, error) { - fd, typ, err := sys.ObjGetTyped(&sys.ObjGetAttr{ + fd, err := sys.ObjGet(&sys.ObjGetAttr{ Pathname: sys.NewStringPointer(fileName), FileFlags: opts.Marshal(), }) @@ -935,11 +904,6 @@ func LoadPinnedProgram(fileName string, opts *LoadPinOptions) (*Program, error) return nil, err } - if typ != sys.BPF_TYPE_PROG { - _ = fd.Close() - return nil, fmt.Errorf("%s is not a Program", fileName) - } - info, err := newProgramInfoFromFd(fd) if err != nil { _ = fd.Close() diff --git a/vendor/github.com/cilium/ebpf/syscalls.go b/vendor/github.com/cilium/ebpf/syscalls.go index 25c84c3c5c1..4aef7faebc8 100644 --- a/vendor/github.com/cilium/ebpf/syscalls.go +++ b/vendor/github.com/cilium/ebpf/syscalls.go @@ -10,7 +10,6 @@ import ( "github.com/cilium/ebpf/asm" "github.com/cilium/ebpf/internal" - "github.com/cilium/ebpf/internal/linux" "github.com/cilium/ebpf/internal/sys" "github.com/cilium/ebpf/internal/tracefs" "github.com/cilium/ebpf/internal/unix" @@ -61,7 +60,7 @@ func progLoad(insns asm.Instructions, typ ProgramType, license string) (*sys.FD, }) } -var haveNestedMaps = internal.NewFeatureTest("nested maps", func() error { +var haveNestedMaps = internal.NewFeatureTest("nested maps", "4.12", func() error { _, err := sys.MapCreate(&sys.MapCreateAttr{ MapType: sys.MapType(ArrayOfMaps), KeySize: 4, @@ -77,9 +76,9 @@ var haveNestedMaps = internal.NewFeatureTest("nested maps", func() error { return nil } return err -}, "4.12") +}) -var haveMapMutabilityModifiers = internal.NewFeatureTest("read- and write-only maps", func() error { +var haveMapMutabilityModifiers = internal.NewFeatureTest("read- and write-only maps", "5.2", func() error { // This checks BPF_F_RDONLY_PROG and BPF_F_WRONLY_PROG. Since // BPF_MAP_FREEZE appeared in 5.2 as well we don't do a separate check. m, err := sys.MapCreate(&sys.MapCreateAttr{ @@ -87,39 +86,39 @@ var haveMapMutabilityModifiers = internal.NewFeatureTest("read- and write-only m KeySize: 4, ValueSize: 4, MaxEntries: 1, - MapFlags: sys.BPF_F_RDONLY_PROG, + MapFlags: unix.BPF_F_RDONLY_PROG, }) if err != nil { return internal.ErrNotSupported } _ = m.Close() return nil -}, "5.2") +}) -var haveMmapableMaps = internal.NewFeatureTest("mmapable maps", func() error { +var haveMmapableMaps = internal.NewFeatureTest("mmapable maps", "5.5", func() error { // This checks BPF_F_MMAPABLE, which appeared in 5.5 for array maps. m, err := sys.MapCreate(&sys.MapCreateAttr{ MapType: sys.MapType(Array), KeySize: 4, ValueSize: 4, MaxEntries: 1, - MapFlags: sys.BPF_F_MMAPABLE, + MapFlags: unix.BPF_F_MMAPABLE, }) if err != nil { return internal.ErrNotSupported } _ = m.Close() return nil -}, "5.5") +}) -var haveInnerMaps = internal.NewFeatureTest("inner maps", func() error { +var haveInnerMaps = internal.NewFeatureTest("inner maps", "5.10", func() error { // This checks BPF_F_INNER_MAP, which appeared in 5.10. m, err := sys.MapCreate(&sys.MapCreateAttr{ MapType: sys.MapType(Array), KeySize: 4, ValueSize: 4, MaxEntries: 1, - MapFlags: sys.BPF_F_INNER_MAP, + MapFlags: unix.BPF_F_INNER_MAP, }) if err != nil { @@ -127,16 +126,16 @@ var haveInnerMaps = internal.NewFeatureTest("inner maps", func() error { } _ = m.Close() return nil -}, "5.10") +}) -var haveNoPreallocMaps = internal.NewFeatureTest("prealloc maps", func() error { +var haveNoPreallocMaps = internal.NewFeatureTest("prealloc maps", "4.6", func() error { // This checks BPF_F_NO_PREALLOC, which appeared in 4.6. m, err := sys.MapCreate(&sys.MapCreateAttr{ MapType: sys.MapType(Hash), KeySize: 4, ValueSize: 4, MaxEntries: 1, - MapFlags: sys.BPF_F_NO_PREALLOC, + MapFlags: unix.BPF_F_NO_PREALLOC, }) if err != nil { @@ -144,7 +143,7 @@ var haveNoPreallocMaps = internal.NewFeatureTest("prealloc maps", func() error { } _ = m.Close() return nil -}, "4.6") +}) func wrapMapError(err error) error { if err == nil { @@ -170,7 +169,7 @@ func wrapMapError(err error) error { return err } -var haveObjName = internal.NewFeatureTest("object names", func() error { +var haveObjName = internal.NewFeatureTest("object names", "4.15", func() error { attr := sys.MapCreateAttr{ MapType: sys.MapType(Array), KeySize: 4, @@ -179,24 +178,16 @@ var haveObjName = internal.NewFeatureTest("object names", func() error { MapName: sys.NewObjName("feature_test"), } - // Tolerate EPERM as this runs during ELF loading which is potentially - // unprivileged. Only EINVAL is conclusive, thrown from CHECK_ATTR. fd, err := sys.MapCreate(&attr) - if errors.Is(err, unix.EPERM) { - return nil - } - if errors.Is(err, unix.EINVAL) { - return internal.ErrNotSupported - } if err != nil { - return err + return internal.ErrNotSupported } _ = fd.Close() return nil -}, "4.15") +}) -var objNameAllowsDot = internal.NewFeatureTest("dot in object names", func() error { +var objNameAllowsDot = internal.NewFeatureTest("dot in object names", "5.2", func() error { if err := haveObjName(); err != nil { return err } @@ -209,25 +200,16 @@ var objNameAllowsDot = internal.NewFeatureTest("dot in object names", func() err MapName: sys.NewObjName(".test"), } - // Tolerate EPERM, otherwise MapSpec.Name has its dots removed when run by - // unprivileged tools. (bpf2go, other code gen). Only EINVAL is conclusive, - // thrown from bpf_obj_name_cpy(). fd, err := sys.MapCreate(&attr) - if errors.Is(err, unix.EPERM) { - return nil - } - if errors.Is(err, unix.EINVAL) { - return internal.ErrNotSupported - } if err != nil { - return err + return internal.ErrNotSupported } _ = fd.Close() return nil -}, "5.2") +}) -var haveBatchAPI = internal.NewFeatureTest("map batch api", func() error { +var haveBatchAPI = internal.NewFeatureTest("map batch api", "5.6", func() error { var maxEntries uint32 = 2 attr := sys.MapCreateAttr{ MapType: sys.MapType(Hash), @@ -257,9 +239,9 @@ var haveBatchAPI = internal.NewFeatureTest("map batch api", func() error { return internal.ErrNotSupported } return nil -}, "5.6") +}) -var haveProbeReadKernel = internal.NewFeatureTest("bpf_probe_read_kernel", func() error { +var haveProbeReadKernel = internal.NewFeatureTest("bpf_probe_read_kernel", "5.5", func() error { insns := asm.Instructions{ asm.Mov.Reg(asm.R1, asm.R10), asm.Add.Imm(asm.R1, -8), @@ -275,9 +257,9 @@ var haveProbeReadKernel = internal.NewFeatureTest("bpf_probe_read_kernel", func( } _ = fd.Close() return nil -}, "5.5") +}) -var haveBPFToBPFCalls = internal.NewFeatureTest("bpf2bpf calls", func() error { +var haveBPFToBPFCalls = internal.NewFeatureTest("bpf2bpf calls", "4.16", func() error { insns := asm.Instructions{ asm.Call.Label("prog2").WithSymbol("prog1"), asm.Return(), @@ -291,10 +273,10 @@ var haveBPFToBPFCalls = internal.NewFeatureTest("bpf2bpf calls", func() error { } _ = fd.Close() return nil -}, "4.16") +}) -var haveSyscallWrapper = internal.NewFeatureTest("syscall wrapper", func() error { - prefix := linux.PlatformPrefix() +var haveSyscallWrapper = internal.NewFeatureTest("syscall wrapper", "4.17", func() error { + prefix := internal.PlatformPrefix() if prefix == "" { return fmt.Errorf("unable to find the platform prefix for (%s)", runtime.GOARCH) } @@ -320,9 +302,9 @@ var haveSyscallWrapper = internal.NewFeatureTest("syscall wrapper", func() error } return evt.Close() -}, "4.17") +}) -var haveProgramExtInfos = internal.NewFeatureTest("program ext_infos", func() error { +var haveProgramExtInfos = internal.NewFeatureTest("program ext_infos", "5.0", func() error { insns := asm.Instructions{ asm.Mov.Imm(asm.R0, 0), asm.Return(), @@ -352,4 +334,4 @@ var haveProgramExtInfos = internal.NewFeatureTest("program ext_infos", func() er } return err -}, "5.0") +}) diff --git a/vendor/github.com/cilium/ebpf/types.go b/vendor/github.com/cilium/ebpf/types.go index 211b308bbc7..542c2397cab 100644 --- a/vendor/github.com/cilium/ebpf/types.go +++ b/vendor/github.com/cilium/ebpf/types.go @@ -2,6 +2,7 @@ package ebpf import ( "github.com/cilium/ebpf/internal/sys" + "github.com/cilium/ebpf/internal/unix" ) //go:generate go run golang.org/x/tools/cmd/stringer@latest -output types_string.go -type=MapType,ProgramType,PinType @@ -94,14 +95,6 @@ const ( InodeStorage // TaskStorage - Specialized local storage map for task_struct. TaskStorage - // BloomFilter - Space-efficient data structure to quickly test whether an element exists in a set. - BloomFilter - // UserRingbuf - The reverse of RingBuf, used to send messages from user space to BPF programs. - UserRingbuf - // CgroupStorage - Store data keyed on a cgroup. If the cgroup disappears, the key is automatically removed. - CgroupStorage - // Arena - Sparse shared memory region between a BPF program and user space. - Arena ) // hasPerCPUValue returns true if the Map stores a value per CPU. @@ -127,21 +120,6 @@ func (mt MapType) canStoreProgram() bool { return mt == ProgramArray } -// canHaveValueSize returns true if the map type supports setting a value size. -func (mt MapType) canHaveValueSize() bool { - switch mt { - case RingBuf, Arena: - return false - - // Special-case perf events since they require a value size of either 0 or 4 - // for historical reasons. Let the library fix this up later. - case PerfEventArray: - return false - } - - return true -} - // ProgramType of the eBPF program type ProgramType uint32 @@ -285,10 +263,10 @@ func (lpo *LoadPinOptions) Marshal() uint32 { flags := lpo.Flags if lpo.ReadOnly { - flags |= sys.BPF_F_RDONLY + flags |= unix.BPF_F_RDONLY } if lpo.WriteOnly { - flags |= sys.BPF_F_WRONLY + flags |= unix.BPF_F_WRONLY } return flags } diff --git a/vendor/github.com/cilium/ebpf/types_string.go b/vendor/github.com/cilium/ebpf/types_string.go index f06685112c2..ee60b5be5b6 100644 --- a/vendor/github.com/cilium/ebpf/types_string.go +++ b/vendor/github.com/cilium/ebpf/types_string.go @@ -38,15 +38,11 @@ func _() { _ = x[RingBuf-27] _ = x[InodeStorage-28] _ = x[TaskStorage-29] - _ = x[BloomFilter-30] - _ = x[UserRingbuf-31] - _ = x[CgroupStorage-32] - _ = x[Arena-33] } -const _MapType_name = "UnspecifiedMapHashArrayProgramArrayPerfEventArrayPerCPUHashPerCPUArrayStackTraceCGroupArrayLRUHashLRUCPUHashLPMTrieArrayOfMapsHashOfMapsDevMapSockMapCPUMapXSKMapSockHashCGroupStorageReusePortSockArrayPerCPUCGroupStorageQueueStackSkStorageDevMapHashStructOpsMapRingBufInodeStorageTaskStorageBloomFilterUserRingbufCgroupStorageArena" +const _MapType_name = "UnspecifiedMapHashArrayProgramArrayPerfEventArrayPerCPUHashPerCPUArrayStackTraceCGroupArrayLRUHashLRUCPUHashLPMTrieArrayOfMapsHashOfMapsDevMapSockMapCPUMapXSKMapSockHashCGroupStorageReusePortSockArrayPerCPUCGroupStorageQueueStackSkStorageDevMapHashStructOpsMapRingBufInodeStorageTaskStorage" -var _MapType_index = [...]uint16{0, 14, 18, 23, 35, 49, 59, 70, 80, 91, 98, 108, 115, 126, 136, 142, 149, 155, 161, 169, 182, 200, 219, 224, 229, 238, 248, 260, 267, 279, 290, 301, 312, 325, 330} +var _MapType_index = [...]uint16{0, 14, 18, 23, 35, 49, 59, 70, 80, 91, 98, 108, 115, 126, 136, 142, 149, 155, 161, 169, 182, 200, 219, 224, 229, 238, 248, 260, 267, 279, 290} func (i MapType) String() string { if i >= MapType(len(_MapType_index)-1) { diff --git a/vendor/github.com/cilium/ebpf/variable.go b/vendor/github.com/cilium/ebpf/variable.go deleted file mode 100644 index 288b173a115..00000000000 --- a/vendor/github.com/cilium/ebpf/variable.go +++ /dev/null @@ -1,230 +0,0 @@ -package ebpf - -import ( - "fmt" - "io" - - "github.com/cilium/ebpf/btf" - "github.com/cilium/ebpf/internal/sysenc" -) - -// VariableSpec is a convenience wrapper for modifying global variables of a -// CollectionSpec before loading it into the kernel. -// -// All operations on a VariableSpec's underlying MapSpec are performed in the -// host's native endianness. -type VariableSpec struct { - name string - offset uint64 - size uint64 - - m *MapSpec - t *btf.Var -} - -// Set sets the value of the VariableSpec to the provided input using the host's -// native endianness. -func (s *VariableSpec) Set(in any) error { - buf, err := sysenc.Marshal(in, int(s.size)) - if err != nil { - return fmt.Errorf("marshaling value %s: %w", s.name, err) - } - - b, _, err := s.m.dataSection() - if err != nil { - return fmt.Errorf("getting data section of map %s: %w", s.m.Name, err) - } - - if int(s.offset+s.size) > len(b) { - return fmt.Errorf("offset %d(+%d) for variable %s is out of bounds", s.offset, s.size, s.name) - } - - // MapSpec.Copy() performs a shallow copy. Fully copy the byte slice - // to avoid any changes affecting other copies of the MapSpec. - cpy := make([]byte, len(b)) - copy(cpy, b) - - buf.CopyTo(cpy[s.offset : s.offset+s.size]) - - s.m.Contents[0] = MapKV{Key: uint32(0), Value: cpy} - - return nil -} - -// Get writes the value of the VariableSpec to the provided output using the -// host's native endianness. -func (s *VariableSpec) Get(out any) error { - b, _, err := s.m.dataSection() - if err != nil { - return fmt.Errorf("getting data section of map %s: %w", s.m.Name, err) - } - - if int(s.offset+s.size) > len(b) { - return fmt.Errorf("offset %d(+%d) for variable %s is out of bounds", s.offset, s.size, s.name) - } - - if err := sysenc.Unmarshal(out, b[s.offset:s.offset+s.size]); err != nil { - return fmt.Errorf("unmarshaling value: %w", err) - } - - return nil -} - -// Size returns the size of the variable in bytes. -func (s *VariableSpec) Size() uint64 { - return s.size -} - -// MapName returns the name of the underlying MapSpec. -func (s *VariableSpec) MapName() string { - return s.m.Name -} - -// Offset returns the offset of the variable in the underlying MapSpec. -func (s *VariableSpec) Offset() uint64 { - return s.offset -} - -// Constant returns true if the VariableSpec represents a variable that is -// read-only from the perspective of the BPF program. -func (s *VariableSpec) Constant() bool { - return s.m.readOnly() -} - -// Type returns the [btf.Var] representing the variable in its data section. -// This is useful for inspecting the variable's decl tags and the type -// information of the inner type. -// -// Returns nil if the original ELF object did not contain BTF information. -func (s *VariableSpec) Type() *btf.Var { - return s.t -} - -func (s *VariableSpec) String() string { - return fmt.Sprintf("%s (type=%v, map=%s, offset=%d, size=%d)", s.name, s.t, s.m.Name, s.offset, s.size) -} - -// copy returns a new VariableSpec with the same values as the original, -// but with a different underlying MapSpec. This is useful when copying a -// CollectionSpec. Returns nil if a MapSpec with the same name is not found. -func (s *VariableSpec) copy(cpy *CollectionSpec) *VariableSpec { - out := &VariableSpec{ - name: s.name, - offset: s.offset, - size: s.size, - } - if s.t != nil { - out.t = btf.Copy(s.t).(*btf.Var) - } - - // Attempt to find a MapSpec with the same name in the copied CollectionSpec. - for _, m := range cpy.Maps { - if m.Name == s.m.Name { - out.m = m - return out - } - } - - return nil -} - -// Variable is a convenience wrapper for modifying global variables of a -// Collection after loading it into the kernel. Operations on a Variable are -// performed using direct memory access, bypassing the BPF map syscall API. -// -// On kernels older than 5.5, most interactions with Variable return -// [ErrNotSupported]. -type Variable struct { - name string - offset uint64 - size uint64 - t *btf.Var - - mm *Memory -} - -func newVariable(name string, offset, size uint64, t *btf.Var, mm *Memory) (*Variable, error) { - if mm != nil { - if int(offset+size) > mm.Size() { - return nil, fmt.Errorf("offset %d(+%d) is out of bounds", offset, size) - } - } - - return &Variable{ - name: name, - offset: offset, - size: size, - t: t, - mm: mm, - }, nil -} - -// Size returns the size of the variable. -func (v *Variable) Size() uint64 { - return v.size -} - -// ReadOnly returns true if the Variable represents a variable that is read-only -// after loading the Collection into the kernel. -// -// On systems without BPF_F_MMAPABLE support, ReadOnly always returns true. -func (v *Variable) ReadOnly() bool { - if v.mm == nil { - return true - } - return v.mm.ReadOnly() -} - -// Type returns the [btf.Var] representing the variable in its data section. -// This is useful for inspecting the variable's decl tags and the type -// information of the inner type. -// -// Returns nil if the original ELF object did not contain BTF information. -func (v *Variable) Type() *btf.Var { - return v.t -} - -func (v *Variable) String() string { - return fmt.Sprintf("%s (type=%v)", v.name, v.t) -} - -// Set the value of the Variable to the provided input. The input must marshal -// to the same length as the size of the Variable. -func (v *Variable) Set(in any) error { - if v.mm == nil { - return fmt.Errorf("variable %s: direct access requires Linux 5.5 or later: %w", v.name, ErrNotSupported) - } - - if v.ReadOnly() { - return fmt.Errorf("variable %s: %w", v.name, ErrReadOnly) - } - - buf, err := sysenc.Marshal(in, int(v.size)) - if err != nil { - return fmt.Errorf("marshaling value %s: %w", v.name, err) - } - - if _, err := v.mm.WriteAt(buf.Bytes(), int64(v.offset)); err != nil { - return fmt.Errorf("writing value to %s: %w", v.name, err) - } - - return nil -} - -// Get writes the value of the Variable to the provided output. The output must -// be a pointer to a value whose size matches the Variable. -func (v *Variable) Get(out any) error { - if v.mm == nil { - return fmt.Errorf("variable %s: direct access requires Linux 5.5 or later: %w", v.name, ErrNotSupported) - } - - if !v.mm.bounds(v.offset, v.size) { - return fmt.Errorf("variable %s: access out of bounds: %w", v.name, io.EOF) - } - - if err := sysenc.Unmarshal(out, v.mm.b[v.offset:v.offset+v.size]); err != nil { - return fmt.Errorf("unmarshaling value %s: %w", v.name, err) - } - - return nil -} diff --git a/vendor/golang.org/x/exp/LICENSE b/vendor/golang.org/x/exp/LICENSE new file mode 100644 index 00000000000..6a66aea5eaf --- /dev/null +++ b/vendor/golang.org/x/exp/LICENSE @@ -0,0 +1,27 @@ +Copyright (c) 2009 The Go Authors. All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: + + * Redistributions of source code must retain the above copyright +notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above +copyright notice, this list of conditions and the following disclaimer +in the documentation and/or other materials provided with the +distribution. + * Neither the name of Google Inc. nor the names of its +contributors may be used to endorse or promote products derived from +this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/vendor/golang.org/x/exp/PATENTS b/vendor/golang.org/x/exp/PATENTS new file mode 100644 index 00000000000..733099041f8 --- /dev/null +++ b/vendor/golang.org/x/exp/PATENTS @@ -0,0 +1,22 @@ +Additional IP Rights Grant (Patents) + +"This implementation" means the copyrightable works distributed by +Google as part of the Go project. + +Google hereby grants to You a perpetual, worldwide, non-exclusive, +no-charge, royalty-free, irrevocable (except as stated in this section) +patent license to make, have made, use, offer to sell, sell, import, +transfer and otherwise run, modify and propagate the contents of this +implementation of Go, where such license applies only to those patent +claims, both currently owned or controlled by Google and acquired in +the future, licensable by Google that are necessarily infringed by this +implementation of Go. This grant does not include claims that would be +infringed only as a consequence of further modification of this +implementation. If you or your agent or exclusive licensee institute or +order or agree to the institution of patent litigation against any +entity (including a cross-claim or counterclaim in a lawsuit) alleging +that this implementation of Go or any code incorporated within this +implementation of Go constitutes direct or contributory patent +infringement, or inducement of patent infringement, then any patent +rights granted to you under this License for this implementation of Go +shall terminate as of the date such litigation is filed. diff --git a/vendor/golang.org/x/exp/constraints/constraints.go b/vendor/golang.org/x/exp/constraints/constraints.go new file mode 100644 index 00000000000..2c033dff47e --- /dev/null +++ b/vendor/golang.org/x/exp/constraints/constraints.go @@ -0,0 +1,50 @@ +// Copyright 2021 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Package constraints defines a set of useful constraints to be used +// with type parameters. +package constraints + +// Signed is a constraint that permits any signed integer type. +// If future releases of Go add new predeclared signed integer types, +// this constraint will be modified to include them. +type Signed interface { + ~int | ~int8 | ~int16 | ~int32 | ~int64 +} + +// Unsigned is a constraint that permits any unsigned integer type. +// If future releases of Go add new predeclared unsigned integer types, +// this constraint will be modified to include them. +type Unsigned interface { + ~uint | ~uint8 | ~uint16 | ~uint32 | ~uint64 | ~uintptr +} + +// Integer is a constraint that permits any integer type. +// If future releases of Go add new predeclared integer types, +// this constraint will be modified to include them. +type Integer interface { + Signed | Unsigned +} + +// Float is a constraint that permits any floating-point type. +// If future releases of Go add new predeclared floating-point types, +// this constraint will be modified to include them. +type Float interface { + ~float32 | ~float64 +} + +// Complex is a constraint that permits any complex numeric type. +// If future releases of Go add new predeclared complex numeric types, +// this constraint will be modified to include them. +type Complex interface { + ~complex64 | ~complex128 +} + +// Ordered is a constraint that permits any ordered type: any type +// that supports the operators < <= >= >. +// If future releases of Go add new ordered types, +// this constraint will be modified to include them. +type Ordered interface { + Integer | Float | ~string +} diff --git a/vendor/modules.txt b/vendor/modules.txt index e514f0cee48..7037df9a4ef 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -2,18 +2,16 @@ ## explicit; go 1.16 github.com/checkpoint-restore/go-criu/v6 github.com/checkpoint-restore/go-criu/v6/rpc -# github.com/cilium/ebpf v0.17.1 -## explicit; go 1.22 +# github.com/cilium/ebpf v0.16.0 +## explicit; go 1.21 github.com/cilium/ebpf github.com/cilium/ebpf/asm github.com/cilium/ebpf/btf github.com/cilium/ebpf/internal github.com/cilium/ebpf/internal/kallsyms github.com/cilium/ebpf/internal/kconfig -github.com/cilium/ebpf/internal/linux github.com/cilium/ebpf/internal/sys github.com/cilium/ebpf/internal/sysenc -github.com/cilium/ebpf/internal/testutils/fdtrace github.com/cilium/ebpf/internal/tracefs github.com/cilium/ebpf/internal/unix github.com/cilium/ebpf/link @@ -80,6 +78,9 @@ github.com/vishvananda/netlink/nl # github.com/vishvananda/netns v0.0.4 ## explicit; go 1.17 github.com/vishvananda/netns +# golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2 +## explicit; go 1.18 +golang.org/x/exp/constraints # golang.org/x/net v0.34.0 ## explicit; go 1.18 golang.org/x/net/bpf From f414b5349a478eeaa0e5fd81c2eb27fbc76cb882 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 31 Jan 2025 14:51:06 -0800 Subject: [PATCH 0790/1176] CI: fix criu-dev compile As of [1], criu requires uuid library. [1]: https://github.com/checkpoint-restore/criu/pull/2550/commits/9a2b7d6b3baa2b3183489ed9cebece039f9f488f Signed-off-by: Kir Kolyshkin --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 754fd87f155..7f4c5b0fc2b 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -122,7 +122,7 @@ jobs: if: ${{ matrix.criu != '' }} run: | sudo apt -qy install \ - libcap-dev libnet1-dev libnl-3-dev \ + libcap-dev libnet1-dev libnl-3-dev uuid-dev \ libprotobuf-c-dev libprotobuf-dev protobuf-c-compiler protobuf-compiler git clone https://github.com/checkpoint-restore/criu.git ~/criu (cd ~/criu && git checkout ${{ matrix.criu }} && sudo make install-criu) From 54fa0c5577a3105ec1975f0e0133bc610a49b77c Mon Sep 17 00:00:00 2001 From: Evan Phoenix Date: Sun, 19 Jan 2025 19:45:59 -0800 Subject: [PATCH 0791/1176] capabilities: be more graceful in resetting ambient Similar to when SetAmbient() can fail, runc should be graceful about ResetAmbient failing. This functionality previously worked under gvisor, which doesn't implement ambient capabilities atm. The hard error on reset broke gvisor usage. Signed-off-by: Evan Phoenix --- libcontainer/capabilities/capabilities.go | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/libcontainer/capabilities/capabilities.go b/libcontainer/capabilities/capabilities.go index 4e63d97a201..8ed3cac0870 100644 --- a/libcontainer/capabilities/capabilities.go +++ b/libcontainer/capabilities/capabilities.go @@ -3,10 +3,12 @@ package capabilities import ( + "errors" "fmt" "sort" "strings" "sync" + "syscall" "github.com/moby/sys/capability" "github.com/opencontainers/runc/libcontainer/configs" @@ -129,9 +131,13 @@ func (c *Caps) ApplyCaps() error { // don't return any errors, only warn. ambs := c.caps[capability.AMBIENT] err := capability.ResetAmbient() - if err != nil { - return fmt.Errorf("can't reset ambient capabilities: %w", err) + + // EINVAL is returned when the kernel doesn't support ambient capabilities. + // We ignore this because runc supports running on older kernels. + if err != nil && !errors.Is(err, syscall.EINVAL) { + return err } + for _, a := range ambs { err := capability.SetAmbient(true, a) if err != nil { From a274d27598840bd1cad35157dbdf409851322442 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 5 Feb 2025 04:18:02 +0000 Subject: [PATCH 0792/1176] build(deps): bump golang.org/x/sys from 0.29.0 to 0.30.0 Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.29.0 to 0.30.0. - [Commits](https://github.com/golang/sys/compare/v0.29.0...v0.30.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 +- vendor/golang.org/x/sys/unix/auxv.go | 36 ++++++ .../golang.org/x/sys/unix/auxv_unsupported.go | 13 ++ .../golang.org/x/sys/unix/syscall_solaris.go | 87 +++++++++++++ vendor/golang.org/x/sys/unix/zerrors_linux.go | 20 ++- .../x/sys/unix/zerrors_linux_386.go | 3 + .../x/sys/unix/zerrors_linux_amd64.go | 3 + .../x/sys/unix/zerrors_linux_arm.go | 3 + .../x/sys/unix/zerrors_linux_arm64.go | 4 + .../x/sys/unix/zerrors_linux_loong64.go | 3 + .../x/sys/unix/zerrors_linux_mips.go | 3 + .../x/sys/unix/zerrors_linux_mips64.go | 3 + .../x/sys/unix/zerrors_linux_mips64le.go | 3 + .../x/sys/unix/zerrors_linux_mipsle.go | 3 + .../x/sys/unix/zerrors_linux_ppc.go | 3 + .../x/sys/unix/zerrors_linux_ppc64.go | 3 + .../x/sys/unix/zerrors_linux_ppc64le.go | 3 + .../x/sys/unix/zerrors_linux_riscv64.go | 3 + .../x/sys/unix/zerrors_linux_s390x.go | 3 + .../x/sys/unix/zerrors_linux_sparc64.go | 3 + .../x/sys/unix/zsyscall_solaris_amd64.go | 114 ++++++++++++++++++ .../x/sys/unix/zsysnum_linux_386.go | 4 + .../x/sys/unix/zsysnum_linux_amd64.go | 4 + .../x/sys/unix/zsysnum_linux_arm.go | 4 + .../x/sys/unix/zsysnum_linux_arm64.go | 4 + .../x/sys/unix/zsysnum_linux_loong64.go | 4 + .../x/sys/unix/zsysnum_linux_mips.go | 4 + .../x/sys/unix/zsysnum_linux_mips64.go | 4 + .../x/sys/unix/zsysnum_linux_mips64le.go | 4 + .../x/sys/unix/zsysnum_linux_mipsle.go | 4 + .../x/sys/unix/zsysnum_linux_ppc.go | 4 + .../x/sys/unix/zsysnum_linux_ppc64.go | 4 + .../x/sys/unix/zsysnum_linux_ppc64le.go | 4 + .../x/sys/unix/zsysnum_linux_riscv64.go | 4 + .../x/sys/unix/zsysnum_linux_s390x.go | 4 + .../x/sys/unix/zsysnum_linux_sparc64.go | 4 + vendor/golang.org/x/sys/unix/ztypes_linux.go | 6 +- vendor/modules.txt | 2 +- 39 files changed, 383 insertions(+), 7 deletions(-) create mode 100644 vendor/golang.org/x/sys/unix/auxv.go create mode 100644 vendor/golang.org/x/sys/unix/auxv_unsupported.go diff --git a/go.mod b/go.mod index 5fff44cc736..a2adf6dd9fa 100644 --- a/go.mod +++ b/go.mod @@ -27,7 +27,7 @@ require ( github.com/urfave/cli v1.22.16 github.com/vishvananda/netlink v1.3.0 golang.org/x/net v0.34.0 - golang.org/x/sys v0.29.0 + golang.org/x/sys v0.30.0 google.golang.org/protobuf v1.36.4 ) diff --git a/go.sum b/go.sum index b7b2d42ce1e..c7f88ccab2c 100644 --- a/go.sum +++ b/go.sum @@ -92,8 +92,8 @@ golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU= -golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc= +golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= diff --git a/vendor/golang.org/x/sys/unix/auxv.go b/vendor/golang.org/x/sys/unix/auxv.go new file mode 100644 index 00000000000..37a82528f58 --- /dev/null +++ b/vendor/golang.org/x/sys/unix/auxv.go @@ -0,0 +1,36 @@ +// Copyright 2025 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build go1.21 && (aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos) + +package unix + +import ( + "syscall" + "unsafe" +) + +//go:linkname runtime_getAuxv runtime.getAuxv +func runtime_getAuxv() []uintptr + +// Auxv returns the ELF auxiliary vector as a sequence of key/value pairs. +// The returned slice is always a fresh copy, owned by the caller. +// It returns an error on non-ELF platforms, or if the auxiliary vector cannot be accessed, +// which happens in some locked-down environments and build modes. +func Auxv() ([][2]uintptr, error) { + vec := runtime_getAuxv() + vecLen := len(vec) + + if vecLen == 0 { + return nil, syscall.ENOENT + } + + if vecLen%2 != 0 { + return nil, syscall.EINVAL + } + + result := make([]uintptr, vecLen) + copy(result, vec) + return unsafe.Slice((*[2]uintptr)(unsafe.Pointer(&result[0])), vecLen/2), nil +} diff --git a/vendor/golang.org/x/sys/unix/auxv_unsupported.go b/vendor/golang.org/x/sys/unix/auxv_unsupported.go new file mode 100644 index 00000000000..1200487f2e8 --- /dev/null +++ b/vendor/golang.org/x/sys/unix/auxv_unsupported.go @@ -0,0 +1,13 @@ +// Copyright 2025 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build !go1.21 && (aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos) + +package unix + +import "syscall" + +func Auxv() ([][2]uintptr, error) { + return nil, syscall.ENOTSUP +} diff --git a/vendor/golang.org/x/sys/unix/syscall_solaris.go b/vendor/golang.org/x/sys/unix/syscall_solaris.go index 21974af064d..abc3955477c 100644 --- a/vendor/golang.org/x/sys/unix/syscall_solaris.go +++ b/vendor/golang.org/x/sys/unix/syscall_solaris.go @@ -1102,3 +1102,90 @@ func (s *Strioctl) SetInt(i int) { func IoctlSetStrioctlRetInt(fd int, req int, s *Strioctl) (int, error) { return ioctlPtrRet(fd, req, unsafe.Pointer(s)) } + +// Ucred Helpers +// See ucred(3c) and getpeerucred(3c) + +//sys getpeerucred(fd uintptr, ucred *uintptr) (err error) +//sys ucredFree(ucred uintptr) = ucred_free +//sys ucredGet(pid int) (ucred uintptr, err error) = ucred_get +//sys ucredGeteuid(ucred uintptr) (uid int) = ucred_geteuid +//sys ucredGetegid(ucred uintptr) (gid int) = ucred_getegid +//sys ucredGetruid(ucred uintptr) (uid int) = ucred_getruid +//sys ucredGetrgid(ucred uintptr) (gid int) = ucred_getrgid +//sys ucredGetsuid(ucred uintptr) (uid int) = ucred_getsuid +//sys ucredGetsgid(ucred uintptr) (gid int) = ucred_getsgid +//sys ucredGetpid(ucred uintptr) (pid int) = ucred_getpid + +// Ucred is an opaque struct that holds user credentials. +type Ucred struct { + ucred uintptr +} + +// We need to ensure that ucredFree is called on the underlying ucred +// when the Ucred is garbage collected. +func ucredFinalizer(u *Ucred) { + ucredFree(u.ucred) +} + +func GetPeerUcred(fd uintptr) (*Ucred, error) { + var ucred uintptr + err := getpeerucred(fd, &ucred) + if err != nil { + return nil, err + } + result := &Ucred{ + ucred: ucred, + } + // set the finalizer on the result so that the ucred will be freed + runtime.SetFinalizer(result, ucredFinalizer) + return result, nil +} + +func UcredGet(pid int) (*Ucred, error) { + ucred, err := ucredGet(pid) + if err != nil { + return nil, err + } + result := &Ucred{ + ucred: ucred, + } + // set the finalizer on the result so that the ucred will be freed + runtime.SetFinalizer(result, ucredFinalizer) + return result, nil +} + +func (u *Ucred) Geteuid() int { + defer runtime.KeepAlive(u) + return ucredGeteuid(u.ucred) +} + +func (u *Ucred) Getruid() int { + defer runtime.KeepAlive(u) + return ucredGetruid(u.ucred) +} + +func (u *Ucred) Getsuid() int { + defer runtime.KeepAlive(u) + return ucredGetsuid(u.ucred) +} + +func (u *Ucred) Getegid() int { + defer runtime.KeepAlive(u) + return ucredGetegid(u.ucred) +} + +func (u *Ucred) Getrgid() int { + defer runtime.KeepAlive(u) + return ucredGetrgid(u.ucred) +} + +func (u *Ucred) Getsgid() int { + defer runtime.KeepAlive(u) + return ucredGetsgid(u.ucred) +} + +func (u *Ucred) Getpid() int { + defer runtime.KeepAlive(u) + return ucredGetpid(u.ucred) +} diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux.go b/vendor/golang.org/x/sys/unix/zerrors_linux.go index 6ebc48b3fec..4f432bfe8fe 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux.go @@ -1245,6 +1245,7 @@ const ( FAN_REPORT_DFID_NAME = 0xc00 FAN_REPORT_DFID_NAME_TARGET = 0x1e00 FAN_REPORT_DIR_FID = 0x400 + FAN_REPORT_FD_ERROR = 0x2000 FAN_REPORT_FID = 0x200 FAN_REPORT_NAME = 0x800 FAN_REPORT_PIDFD = 0x80 @@ -1330,8 +1331,10 @@ const ( FUSE_SUPER_MAGIC = 0x65735546 FUTEXFS_SUPER_MAGIC = 0xbad1dea F_ADD_SEALS = 0x409 + F_CREATED_QUERY = 0x404 F_DUPFD = 0x0 F_DUPFD_CLOEXEC = 0x406 + F_DUPFD_QUERY = 0x403 F_EXLCK = 0x4 F_GETFD = 0x1 F_GETFL = 0x3 @@ -1551,6 +1554,7 @@ const ( IPPROTO_ROUTING = 0x2b IPPROTO_RSVP = 0x2e IPPROTO_SCTP = 0x84 + IPPROTO_SMC = 0x100 IPPROTO_TCP = 0x6 IPPROTO_TP = 0x1d IPPROTO_UDP = 0x11 @@ -1623,6 +1627,8 @@ const ( IPV6_UNICAST_IF = 0x4c IPV6_USER_FLOW = 0xe IPV6_V6ONLY = 0x1a + IPV6_VERSION = 0x60 + IPV6_VERSION_MASK = 0xf0 IPV6_XFRM_POLICY = 0x23 IP_ADD_MEMBERSHIP = 0x23 IP_ADD_SOURCE_MEMBERSHIP = 0x27 @@ -1867,6 +1873,7 @@ const ( MADV_UNMERGEABLE = 0xd MADV_WILLNEED = 0x3 MADV_WIPEONFORK = 0x12 + MAP_DROPPABLE = 0x8 MAP_FILE = 0x0 MAP_FIXED = 0x10 MAP_FIXED_NOREPLACE = 0x100000 @@ -1967,6 +1974,7 @@ const ( MSG_PEEK = 0x2 MSG_PROXY = 0x10 MSG_RST = 0x1000 + MSG_SOCK_DEVMEM = 0x2000000 MSG_SYN = 0x400 MSG_TRUNC = 0x20 MSG_TRYHARD = 0x4 @@ -2083,6 +2091,7 @@ const ( NFC_ATR_REQ_MAXSIZE = 0x40 NFC_ATR_RES_GB_MAXSIZE = 0x2f NFC_ATR_RES_MAXSIZE = 0x40 + NFC_ATS_MAXSIZE = 0x14 NFC_COMM_ACTIVE = 0x0 NFC_COMM_PASSIVE = 0x1 NFC_DEVICE_NAME_MAXSIZE = 0x8 @@ -2163,6 +2172,7 @@ const ( NFNL_SUBSYS_QUEUE = 0x3 NFNL_SUBSYS_ULOG = 0x4 NFS_SUPER_MAGIC = 0x6969 + NFT_BITWISE_BOOL = 0x0 NFT_CHAIN_FLAGS = 0x7 NFT_CHAIN_MAXNAMELEN = 0x100 NFT_CT_MAX = 0x17 @@ -2491,6 +2501,7 @@ const ( PR_GET_PDEATHSIG = 0x2 PR_GET_SECCOMP = 0x15 PR_GET_SECUREBITS = 0x1b + PR_GET_SHADOW_STACK_STATUS = 0x4a PR_GET_SPECULATION_CTRL = 0x34 PR_GET_TAGGED_ADDR_CTRL = 0x38 PR_GET_THP_DISABLE = 0x2a @@ -2499,6 +2510,7 @@ const ( PR_GET_TIMING = 0xd PR_GET_TSC = 0x19 PR_GET_UNALIGN = 0x5 + PR_LOCK_SHADOW_STACK_STATUS = 0x4c PR_MCE_KILL = 0x21 PR_MCE_KILL_CLEAR = 0x0 PR_MCE_KILL_DEFAULT = 0x2 @@ -2525,6 +2537,8 @@ const ( PR_PAC_GET_ENABLED_KEYS = 0x3d PR_PAC_RESET_KEYS = 0x36 PR_PAC_SET_ENABLED_KEYS = 0x3c + PR_PMLEN_MASK = 0x7f000000 + PR_PMLEN_SHIFT = 0x18 PR_PPC_DEXCR_CTRL_CLEAR = 0x4 PR_PPC_DEXCR_CTRL_CLEAR_ONEXEC = 0x10 PR_PPC_DEXCR_CTRL_EDITABLE = 0x1 @@ -2592,6 +2606,7 @@ const ( PR_SET_PTRACER = 0x59616d61 PR_SET_SECCOMP = 0x16 PR_SET_SECUREBITS = 0x1c + PR_SET_SHADOW_STACK_STATUS = 0x4b PR_SET_SPECULATION_CTRL = 0x35 PR_SET_SYSCALL_USER_DISPATCH = 0x3b PR_SET_TAGGED_ADDR_CTRL = 0x37 @@ -2602,6 +2617,9 @@ const ( PR_SET_UNALIGN = 0x6 PR_SET_VMA = 0x53564d41 PR_SET_VMA_ANON_NAME = 0x0 + PR_SHADOW_STACK_ENABLE = 0x1 + PR_SHADOW_STACK_PUSH = 0x4 + PR_SHADOW_STACK_WRITE = 0x2 PR_SME_GET_VL = 0x40 PR_SME_SET_VL = 0x3f PR_SME_SET_VL_ONEXEC = 0x40000 @@ -2911,7 +2929,6 @@ const ( RTM_NEWNEXTHOP = 0x68 RTM_NEWNEXTHOPBUCKET = 0x74 RTM_NEWNSID = 0x58 - RTM_NEWNVLAN = 0x70 RTM_NEWPREFIX = 0x34 RTM_NEWQDISC = 0x24 RTM_NEWROUTE = 0x18 @@ -2920,6 +2937,7 @@ const ( RTM_NEWTCLASS = 0x28 RTM_NEWTFILTER = 0x2c RTM_NEWTUNNEL = 0x78 + RTM_NEWVLAN = 0x70 RTM_NR_FAMILIES = 0x1b RTM_NR_MSGTYPES = 0x6c RTM_SETDCB = 0x4f diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go index c0d45e32050..75207613c78 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go @@ -116,6 +116,8 @@ const ( IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x800 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x7b9 + IPV6_FLOWINFO_MASK = 0xffffff0f + IPV6_FLOWLABEL_MASK = 0xffff0f00 ISIG = 0x1 IUCLC = 0x200 IXOFF = 0x1000 @@ -304,6 +306,7 @@ const ( SCM_TIMESTAMPING_OPT_STATS = 0x36 SCM_TIMESTAMPING_PKTINFO = 0x3a SCM_TIMESTAMPNS = 0x23 + SCM_TS_OPT_ID = 0x51 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 SECCOMP_IOCTL_NOTIF_ADDFD = 0x40182103 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go index c731d24f025..c68acda5352 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go @@ -116,6 +116,8 @@ const ( IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x800 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x7b9 + IPV6_FLOWINFO_MASK = 0xffffff0f + IPV6_FLOWLABEL_MASK = 0xffff0f00 ISIG = 0x1 IUCLC = 0x200 IXOFF = 0x1000 @@ -305,6 +307,7 @@ const ( SCM_TIMESTAMPING_OPT_STATS = 0x36 SCM_TIMESTAMPING_PKTINFO = 0x3a SCM_TIMESTAMPNS = 0x23 + SCM_TS_OPT_ID = 0x51 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 SECCOMP_IOCTL_NOTIF_ADDFD = 0x40182103 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go index 680018a4a7c..a8c607ab86b 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go @@ -115,6 +115,8 @@ const ( IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x800 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x7b9 + IPV6_FLOWINFO_MASK = 0xffffff0f + IPV6_FLOWLABEL_MASK = 0xffff0f00 ISIG = 0x1 IUCLC = 0x200 IXOFF = 0x1000 @@ -310,6 +312,7 @@ const ( SCM_TIMESTAMPING_OPT_STATS = 0x36 SCM_TIMESTAMPING_PKTINFO = 0x3a SCM_TIMESTAMPNS = 0x23 + SCM_TS_OPT_ID = 0x51 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 SECCOMP_IOCTL_NOTIF_ADDFD = 0x40182103 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go index a63909f308d..18563dd8d33 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go @@ -109,6 +109,7 @@ const ( F_SETOWN = 0x8 F_UNLCK = 0x2 F_WRLCK = 0x1 + GCS_MAGIC = 0x47435300 HIDIOCGRAWINFO = 0x80084803 HIDIOCGRDESC = 0x90044802 HIDIOCGRDESCSIZE = 0x80044801 @@ -119,6 +120,8 @@ const ( IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x800 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x7b9 + IPV6_FLOWINFO_MASK = 0xffffff0f + IPV6_FLOWLABEL_MASK = 0xffff0f00 ISIG = 0x1 IUCLC = 0x200 IXOFF = 0x1000 @@ -302,6 +305,7 @@ const ( SCM_TIMESTAMPING_OPT_STATS = 0x36 SCM_TIMESTAMPING_PKTINFO = 0x3a SCM_TIMESTAMPNS = 0x23 + SCM_TS_OPT_ID = 0x51 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 SECCOMP_IOCTL_NOTIF_ADDFD = 0x40182103 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go index 9b0a2573fe3..22912cdaa94 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go @@ -116,6 +116,8 @@ const ( IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x800 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x7b9 + IPV6_FLOWINFO_MASK = 0xffffff0f + IPV6_FLOWLABEL_MASK = 0xffff0f00 ISIG = 0x1 IUCLC = 0x200 IXOFF = 0x1000 @@ -297,6 +299,7 @@ const ( SCM_TIMESTAMPING_OPT_STATS = 0x36 SCM_TIMESTAMPING_PKTINFO = 0x3a SCM_TIMESTAMPNS = 0x23 + SCM_TS_OPT_ID = 0x51 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 SECCOMP_IOCTL_NOTIF_ADDFD = 0x40182103 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go index 958e6e0645a..29344eb37ab 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go @@ -115,6 +115,8 @@ const ( IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x80 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x200007b9 + IPV6_FLOWINFO_MASK = 0xfffffff + IPV6_FLOWLABEL_MASK = 0xfffff ISIG = 0x1 IUCLC = 0x200 IXOFF = 0x1000 @@ -303,6 +305,7 @@ const ( SCM_TIMESTAMPING_OPT_STATS = 0x36 SCM_TIMESTAMPING_PKTINFO = 0x3a SCM_TIMESTAMPNS = 0x23 + SCM_TS_OPT_ID = 0x51 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 SECCOMP_IOCTL_NOTIF_ADDFD = 0x80182103 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go index 50c7f25bd16..20d51fb96a8 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go @@ -115,6 +115,8 @@ const ( IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x80 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x200007b9 + IPV6_FLOWINFO_MASK = 0xfffffff + IPV6_FLOWLABEL_MASK = 0xfffff ISIG = 0x1 IUCLC = 0x200 IXOFF = 0x1000 @@ -303,6 +305,7 @@ const ( SCM_TIMESTAMPING_OPT_STATS = 0x36 SCM_TIMESTAMPING_PKTINFO = 0x3a SCM_TIMESTAMPNS = 0x23 + SCM_TS_OPT_ID = 0x51 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 SECCOMP_IOCTL_NOTIF_ADDFD = 0x80182103 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go index ced21d66d95..321b60902ae 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go @@ -115,6 +115,8 @@ const ( IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x80 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x200007b9 + IPV6_FLOWINFO_MASK = 0xffffff0f + IPV6_FLOWLABEL_MASK = 0xffff0f00 ISIG = 0x1 IUCLC = 0x200 IXOFF = 0x1000 @@ -303,6 +305,7 @@ const ( SCM_TIMESTAMPING_OPT_STATS = 0x36 SCM_TIMESTAMPING_PKTINFO = 0x3a SCM_TIMESTAMPNS = 0x23 + SCM_TS_OPT_ID = 0x51 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 SECCOMP_IOCTL_NOTIF_ADDFD = 0x80182103 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go index 226c0441902..9bacdf1e279 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go @@ -115,6 +115,8 @@ const ( IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x80 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x200007b9 + IPV6_FLOWINFO_MASK = 0xffffff0f + IPV6_FLOWLABEL_MASK = 0xffff0f00 ISIG = 0x1 IUCLC = 0x200 IXOFF = 0x1000 @@ -303,6 +305,7 @@ const ( SCM_TIMESTAMPING_OPT_STATS = 0x36 SCM_TIMESTAMPING_PKTINFO = 0x3a SCM_TIMESTAMPNS = 0x23 + SCM_TS_OPT_ID = 0x51 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 SECCOMP_IOCTL_NOTIF_ADDFD = 0x80182103 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go index 3122737cd46..c2242726156 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go @@ -115,6 +115,8 @@ const ( IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x800 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x200007b9 + IPV6_FLOWINFO_MASK = 0xfffffff + IPV6_FLOWLABEL_MASK = 0xfffff ISIG = 0x80 IUCLC = 0x1000 IXOFF = 0x400 @@ -358,6 +360,7 @@ const ( SCM_TIMESTAMPING_OPT_STATS = 0x36 SCM_TIMESTAMPING_PKTINFO = 0x3a SCM_TIMESTAMPNS = 0x23 + SCM_TS_OPT_ID = 0x51 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 SECCOMP_IOCTL_NOTIF_ADDFD = 0x80182103 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go index eb5d3467edf..6270c8ee13e 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go @@ -115,6 +115,8 @@ const ( IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x800 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x200007b9 + IPV6_FLOWINFO_MASK = 0xfffffff + IPV6_FLOWLABEL_MASK = 0xfffff ISIG = 0x80 IUCLC = 0x1000 IXOFF = 0x400 @@ -362,6 +364,7 @@ const ( SCM_TIMESTAMPING_OPT_STATS = 0x36 SCM_TIMESTAMPING_PKTINFO = 0x3a SCM_TIMESTAMPNS = 0x23 + SCM_TS_OPT_ID = 0x51 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 SECCOMP_IOCTL_NOTIF_ADDFD = 0x80182103 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go index e921ebc60b7..9966c1941f8 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go @@ -115,6 +115,8 @@ const ( IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x800 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x200007b9 + IPV6_FLOWINFO_MASK = 0xffffff0f + IPV6_FLOWLABEL_MASK = 0xffff0f00 ISIG = 0x80 IUCLC = 0x1000 IXOFF = 0x400 @@ -362,6 +364,7 @@ const ( SCM_TIMESTAMPING_OPT_STATS = 0x36 SCM_TIMESTAMPING_PKTINFO = 0x3a SCM_TIMESTAMPNS = 0x23 + SCM_TS_OPT_ID = 0x51 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 SECCOMP_IOCTL_NOTIF_ADDFD = 0x80182103 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go index 38ba81c55c1..848e5fcc42e 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go @@ -115,6 +115,8 @@ const ( IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x800 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x7b9 + IPV6_FLOWINFO_MASK = 0xffffff0f + IPV6_FLOWLABEL_MASK = 0xffff0f00 ISIG = 0x1 IUCLC = 0x200 IXOFF = 0x1000 @@ -294,6 +296,7 @@ const ( SCM_TIMESTAMPING_OPT_STATS = 0x36 SCM_TIMESTAMPING_PKTINFO = 0x3a SCM_TIMESTAMPNS = 0x23 + SCM_TS_OPT_ID = 0x51 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 SECCOMP_IOCTL_NOTIF_ADDFD = 0x40182103 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go index 71f0400977b..669b2adb80b 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go @@ -115,6 +115,8 @@ const ( IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x800 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x7b9 + IPV6_FLOWINFO_MASK = 0xfffffff + IPV6_FLOWLABEL_MASK = 0xfffff ISIG = 0x1 IUCLC = 0x200 IXOFF = 0x1000 @@ -366,6 +368,7 @@ const ( SCM_TIMESTAMPING_OPT_STATS = 0x36 SCM_TIMESTAMPING_PKTINFO = 0x3a SCM_TIMESTAMPNS = 0x23 + SCM_TS_OPT_ID = 0x51 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 SECCOMP_IOCTL_NOTIF_ADDFD = 0x40182103 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go index c44a313322c..4834e57514e 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go @@ -119,6 +119,8 @@ const ( IN_CLOEXEC = 0x400000 IN_NONBLOCK = 0x4000 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x200007b9 + IPV6_FLOWINFO_MASK = 0xfffffff + IPV6_FLOWLABEL_MASK = 0xfffff ISIG = 0x1 IUCLC = 0x200 IXOFF = 0x1000 @@ -357,6 +359,7 @@ const ( SCM_TIMESTAMPING_OPT_STATS = 0x38 SCM_TIMESTAMPING_PKTINFO = 0x3c SCM_TIMESTAMPNS = 0x21 + SCM_TS_OPT_ID = 0x5a SCM_TXTIME = 0x3f SCM_WIFI_STATUS = 0x25 SECCOMP_IOCTL_NOTIF_ADDFD = 0x80182103 diff --git a/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go index 829b87feb8d..c6545413c45 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go @@ -141,6 +141,16 @@ import ( //go:cgo_import_dynamic libc_getpeername getpeername "libsocket.so" //go:cgo_import_dynamic libc_setsockopt setsockopt "libsocket.so" //go:cgo_import_dynamic libc_recvfrom recvfrom "libsocket.so" +//go:cgo_import_dynamic libc_getpeerucred getpeerucred "libc.so" +//go:cgo_import_dynamic libc_ucred_get ucred_get "libc.so" +//go:cgo_import_dynamic libc_ucred_geteuid ucred_geteuid "libc.so" +//go:cgo_import_dynamic libc_ucred_getegid ucred_getegid "libc.so" +//go:cgo_import_dynamic libc_ucred_getruid ucred_getruid "libc.so" +//go:cgo_import_dynamic libc_ucred_getrgid ucred_getrgid "libc.so" +//go:cgo_import_dynamic libc_ucred_getsuid ucred_getsuid "libc.so" +//go:cgo_import_dynamic libc_ucred_getsgid ucred_getsgid "libc.so" +//go:cgo_import_dynamic libc_ucred_getpid ucred_getpid "libc.so" +//go:cgo_import_dynamic libc_ucred_free ucred_free "libc.so" //go:cgo_import_dynamic libc_port_create port_create "libc.so" //go:cgo_import_dynamic libc_port_associate port_associate "libc.so" //go:cgo_import_dynamic libc_port_dissociate port_dissociate "libc.so" @@ -280,6 +290,16 @@ import ( //go:linkname procgetpeername libc_getpeername //go:linkname procsetsockopt libc_setsockopt //go:linkname procrecvfrom libc_recvfrom +//go:linkname procgetpeerucred libc_getpeerucred +//go:linkname procucred_get libc_ucred_get +//go:linkname procucred_geteuid libc_ucred_geteuid +//go:linkname procucred_getegid libc_ucred_getegid +//go:linkname procucred_getruid libc_ucred_getruid +//go:linkname procucred_getrgid libc_ucred_getrgid +//go:linkname procucred_getsuid libc_ucred_getsuid +//go:linkname procucred_getsgid libc_ucred_getsgid +//go:linkname procucred_getpid libc_ucred_getpid +//go:linkname procucred_free libc_ucred_free //go:linkname procport_create libc_port_create //go:linkname procport_associate libc_port_associate //go:linkname procport_dissociate libc_port_dissociate @@ -420,6 +440,16 @@ var ( procgetpeername, procsetsockopt, procrecvfrom, + procgetpeerucred, + procucred_get, + procucred_geteuid, + procucred_getegid, + procucred_getruid, + procucred_getrgid, + procucred_getsuid, + procucred_getsgid, + procucred_getpid, + procucred_free, procport_create, procport_associate, procport_dissociate, @@ -2029,6 +2059,90 @@ func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Sockl // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func getpeerucred(fd uintptr, ucred *uintptr) (err error) { + _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procgetpeerucred)), 2, uintptr(fd), uintptr(unsafe.Pointer(ucred)), 0, 0, 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func ucredGet(pid int) (ucred uintptr, err error) { + r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procucred_get)), 1, uintptr(pid), 0, 0, 0, 0, 0) + ucred = uintptr(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func ucredGeteuid(ucred uintptr) (uid int) { + r0, _, _ := sysvicall6(uintptr(unsafe.Pointer(&procucred_geteuid)), 1, uintptr(ucred), 0, 0, 0, 0, 0) + uid = int(r0) + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func ucredGetegid(ucred uintptr) (gid int) { + r0, _, _ := sysvicall6(uintptr(unsafe.Pointer(&procucred_getegid)), 1, uintptr(ucred), 0, 0, 0, 0, 0) + gid = int(r0) + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func ucredGetruid(ucred uintptr) (uid int) { + r0, _, _ := sysvicall6(uintptr(unsafe.Pointer(&procucred_getruid)), 1, uintptr(ucred), 0, 0, 0, 0, 0) + uid = int(r0) + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func ucredGetrgid(ucred uintptr) (gid int) { + r0, _, _ := sysvicall6(uintptr(unsafe.Pointer(&procucred_getrgid)), 1, uintptr(ucred), 0, 0, 0, 0, 0) + gid = int(r0) + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func ucredGetsuid(ucred uintptr) (uid int) { + r0, _, _ := sysvicall6(uintptr(unsafe.Pointer(&procucred_getsuid)), 1, uintptr(ucred), 0, 0, 0, 0, 0) + uid = int(r0) + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func ucredGetsgid(ucred uintptr) (gid int) { + r0, _, _ := sysvicall6(uintptr(unsafe.Pointer(&procucred_getsgid)), 1, uintptr(ucred), 0, 0, 0, 0, 0) + gid = int(r0) + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func ucredGetpid(ucred uintptr) (pid int) { + r0, _, _ := sysvicall6(uintptr(unsafe.Pointer(&procucred_getpid)), 1, uintptr(ucred), 0, 0, 0, 0, 0) + pid = int(r0) + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func ucredFree(ucred uintptr) { + sysvicall6(uintptr(unsafe.Pointer(&procucred_free)), 1, uintptr(ucred), 0, 0, 0, 0, 0) + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func port_create() (n int, err error) { r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procport_create)), 0, 0, 0, 0, 0, 0, 0) n = int(r0) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go index 524b0820cbc..c79aaff306a 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go @@ -458,4 +458,8 @@ const ( SYS_LSM_SET_SELF_ATTR = 460 SYS_LSM_LIST_MODULES = 461 SYS_MSEAL = 462 + SYS_SETXATTRAT = 463 + SYS_GETXATTRAT = 464 + SYS_LISTXATTRAT = 465 + SYS_REMOVEXATTRAT = 466 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go index f485dbf4565..5eb450695e9 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go @@ -381,4 +381,8 @@ const ( SYS_LSM_SET_SELF_ATTR = 460 SYS_LSM_LIST_MODULES = 461 SYS_MSEAL = 462 + SYS_SETXATTRAT = 463 + SYS_GETXATTRAT = 464 + SYS_LISTXATTRAT = 465 + SYS_REMOVEXATTRAT = 466 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go index 70b35bf3b09..05e50297445 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go @@ -422,4 +422,8 @@ const ( SYS_LSM_SET_SELF_ATTR = 460 SYS_LSM_LIST_MODULES = 461 SYS_MSEAL = 462 + SYS_SETXATTRAT = 463 + SYS_GETXATTRAT = 464 + SYS_LISTXATTRAT = 465 + SYS_REMOVEXATTRAT = 466 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go index 1893e2fe884..38c53ec51bb 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go @@ -325,4 +325,8 @@ const ( SYS_LSM_SET_SELF_ATTR = 460 SYS_LSM_LIST_MODULES = 461 SYS_MSEAL = 462 + SYS_SETXATTRAT = 463 + SYS_GETXATTRAT = 464 + SYS_LISTXATTRAT = 465 + SYS_REMOVEXATTRAT = 466 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go index 16a4017da0a..31d2e71a18e 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go @@ -321,4 +321,8 @@ const ( SYS_LSM_SET_SELF_ATTR = 460 SYS_LSM_LIST_MODULES = 461 SYS_MSEAL = 462 + SYS_SETXATTRAT = 463 + SYS_GETXATTRAT = 464 + SYS_LISTXATTRAT = 465 + SYS_REMOVEXATTRAT = 466 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go index 7e567f1efff..f4184a336b0 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go @@ -442,4 +442,8 @@ const ( SYS_LSM_SET_SELF_ATTR = 4460 SYS_LSM_LIST_MODULES = 4461 SYS_MSEAL = 4462 + SYS_SETXATTRAT = 4463 + SYS_GETXATTRAT = 4464 + SYS_LISTXATTRAT = 4465 + SYS_REMOVEXATTRAT = 4466 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go index 38ae55e5ef8..05b9962278f 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go @@ -372,4 +372,8 @@ const ( SYS_LSM_SET_SELF_ATTR = 5460 SYS_LSM_LIST_MODULES = 5461 SYS_MSEAL = 5462 + SYS_SETXATTRAT = 5463 + SYS_GETXATTRAT = 5464 + SYS_LISTXATTRAT = 5465 + SYS_REMOVEXATTRAT = 5466 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go index 55e92e60a82..43a256e9e67 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go @@ -372,4 +372,8 @@ const ( SYS_LSM_SET_SELF_ATTR = 5460 SYS_LSM_LIST_MODULES = 5461 SYS_MSEAL = 5462 + SYS_SETXATTRAT = 5463 + SYS_GETXATTRAT = 5464 + SYS_LISTXATTRAT = 5465 + SYS_REMOVEXATTRAT = 5466 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go index 60658d6a021..eea5ddfc220 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go @@ -442,4 +442,8 @@ const ( SYS_LSM_SET_SELF_ATTR = 4460 SYS_LSM_LIST_MODULES = 4461 SYS_MSEAL = 4462 + SYS_SETXATTRAT = 4463 + SYS_GETXATTRAT = 4464 + SYS_LISTXATTRAT = 4465 + SYS_REMOVEXATTRAT = 4466 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go index e203e8a7ed4..0d777bfbb14 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go @@ -449,4 +449,8 @@ const ( SYS_LSM_SET_SELF_ATTR = 460 SYS_LSM_LIST_MODULES = 461 SYS_MSEAL = 462 + SYS_SETXATTRAT = 463 + SYS_GETXATTRAT = 464 + SYS_LISTXATTRAT = 465 + SYS_REMOVEXATTRAT = 466 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go index 5944b97d546..b4463650256 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go @@ -421,4 +421,8 @@ const ( SYS_LSM_SET_SELF_ATTR = 460 SYS_LSM_LIST_MODULES = 461 SYS_MSEAL = 462 + SYS_SETXATTRAT = 463 + SYS_GETXATTRAT = 464 + SYS_LISTXATTRAT = 465 + SYS_REMOVEXATTRAT = 466 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go index c66d416dad1..0c7d21c1881 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go @@ -421,4 +421,8 @@ const ( SYS_LSM_SET_SELF_ATTR = 460 SYS_LSM_LIST_MODULES = 461 SYS_MSEAL = 462 + SYS_SETXATTRAT = 463 + SYS_GETXATTRAT = 464 + SYS_LISTXATTRAT = 465 + SYS_REMOVEXATTRAT = 466 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go index a5459e766f5..84053916987 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go @@ -326,4 +326,8 @@ const ( SYS_LSM_SET_SELF_ATTR = 460 SYS_LSM_LIST_MODULES = 461 SYS_MSEAL = 462 + SYS_SETXATTRAT = 463 + SYS_GETXATTRAT = 464 + SYS_LISTXATTRAT = 465 + SYS_REMOVEXATTRAT = 466 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go index 01d86825bb9..fcf1b790d6c 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go @@ -387,4 +387,8 @@ const ( SYS_LSM_SET_SELF_ATTR = 460 SYS_LSM_LIST_MODULES = 461 SYS_MSEAL = 462 + SYS_SETXATTRAT = 463 + SYS_GETXATTRAT = 464 + SYS_LISTXATTRAT = 465 + SYS_REMOVEXATTRAT = 466 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go index 7b703e77cda..52d15b5f9d4 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go @@ -400,4 +400,8 @@ const ( SYS_LSM_SET_SELF_ATTR = 460 SYS_LSM_LIST_MODULES = 461 SYS_MSEAL = 462 + SYS_SETXATTRAT = 463 + SYS_GETXATTRAT = 464 + SYS_LISTXATTRAT = 465 + SYS_REMOVEXATTRAT = 466 ) diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux.go b/vendor/golang.org/x/sys/unix/ztypes_linux.go index 5537148dcbb..a46abe64720 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux.go @@ -4747,7 +4747,7 @@ const ( NL80211_ATTR_MAC_HINT = 0xc8 NL80211_ATTR_MAC_MASK = 0xd7 NL80211_ATTR_MAX_AP_ASSOC_STA = 0xca - NL80211_ATTR_MAX = 0x14c + NL80211_ATTR_MAX = 0x14d NL80211_ATTR_MAX_CRIT_PROT_DURATION = 0xb4 NL80211_ATTR_MAX_CSA_COUNTERS = 0xce NL80211_ATTR_MAX_MATCH_SETS = 0x85 @@ -5519,7 +5519,7 @@ const ( NL80211_MNTR_FLAG_CONTROL = 0x3 NL80211_MNTR_FLAG_COOK_FRAMES = 0x5 NL80211_MNTR_FLAG_FCSFAIL = 0x1 - NL80211_MNTR_FLAG_MAX = 0x6 + NL80211_MNTR_FLAG_MAX = 0x7 NL80211_MNTR_FLAG_OTHER_BSS = 0x4 NL80211_MNTR_FLAG_PLCPFAIL = 0x2 NL80211_MPATH_FLAG_ACTIVE = 0x1 @@ -6174,3 +6174,5 @@ type SockDiagReq struct { Family uint8 Protocol uint8 } + +const RTM_NEWNVLAN = 0x70 diff --git a/vendor/modules.txt b/vendor/modules.txt index 7037df9a4ef..75b416b5520 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -84,7 +84,7 @@ golang.org/x/exp/constraints # golang.org/x/net v0.34.0 ## explicit; go 1.18 golang.org/x/net/bpf -# golang.org/x/sys v0.29.0 +# golang.org/x/sys v0.30.0 ## explicit; go 1.18 golang.org/x/sys/unix golang.org/x/sys/windows From d84388ae10370654f9320addf4c9e364862165d8 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 4 Feb 2025 16:51:43 -0800 Subject: [PATCH 0793/1176] libct/cg/sd: set the DeviceAllow property before DevicePolicy Every unit created by runc need daemon reload since systemd v230. This breaks support for NVIDIA GPUs, see https://github.com/opencontainers/runc/issues/3708#issuecomment-2216967210 A workaround is to set DeviceAllow before DevicePolicy. Also: - add a test case (which fails before the fix) by @kolyshkin - better explain why we need empty DeviceAllow (by @cyphar) Fixes 4568. Reported-by: Jian Wen Co-authored-by: Jian Wen Co-authored-by: Aleksa Sarai Signed-off-by: Kir Kolyshkin --- libcontainer/cgroups/devices/systemd.go | 14 +++++++++++--- tests/integration/dev.bats | 12 ++++++++++++ 2 files changed, 23 insertions(+), 3 deletions(-) diff --git a/libcontainer/cgroups/devices/systemd.go b/libcontainer/cgroups/devices/systemd.go index 4851b56137d..9627efd5262 100644 --- a/libcontainer/cgroups/devices/systemd.go +++ b/libcontainer/cgroups/devices/systemd.go @@ -23,10 +23,18 @@ func systemdProperties(r *cgroups.Resources, sdVer int) ([]systemdDbus.Property, } properties := []systemdDbus.Property{ + // When we later add DeviceAllow=/dev/foo properties, we are + // appending devices to the allow list for the unit. However, + // if this is an existing unit, it already has DeviceAllow= + // entries, and we need to clear them all before applying the + // new set. (We also do this for new units, mainly for safety + // to ensure we only enable the devices we expect.) + // + // To clear any existing DeviceAllow= rules, we have to add an + // empty DeviceAllow= property. + newProp("DeviceAllow", []deviceAllowEntry{}), // Always run in the strictest white-list mode. newProp("DevicePolicy", "strict"), - // Empty the DeviceAllow array before filling it. - newProp("DeviceAllow", []deviceAllowEntry{}), } // Figure out the set of rules. @@ -239,7 +247,7 @@ func allowAllDevices() []systemdDbus.Property { // Setting mode to auto and removing all DeviceAllow rules // results in allowing access to all devices. return []systemdDbus.Property{ - newProp("DevicePolicy", "auto"), newProp("DeviceAllow", []deviceAllowEntry{}), + newProp("DevicePolicy", "auto"), } } diff --git a/tests/integration/dev.bats b/tests/integration/dev.bats index 9da472d1acc..6493c1c0388 100644 --- a/tests/integration/dev.bats +++ b/tests/integration/dev.bats @@ -141,3 +141,15 @@ function teardown() { runc exec -t test_exec sh -c "ls -l /proc/self/fd/0; echo 123" [ "$status" -eq 0 ] } + +# https://github.com/opencontainers/runc/issues/4568 +@test "runc run [devices vs systemd NeedDaemonReload]" { + # The systemd bug is there since v230, see + # https://github.com/systemd/systemd/pull/3170/commits/ab932a622d57fd327ef95992c343fd4425324088 + # and https://github.com/systemd/systemd/issues/35710. + requires systemd_v230 + + set_cgroups_path + runc run -d --console-socket "$CONSOLE_SOCKET" test_need_reload + check_systemd_value "NeedDaemonReload" "no" +} From ccb589bd7de3be12ca81e3f903f9e7bea1107eb2 Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Sat, 14 Sep 2024 07:20:11 +0000 Subject: [PATCH 0794/1176] libc/int/userns: add build tag to C file This fixes k3s cross-compilation on Windows, broken by commit 1912d5988bbb37918 ("*: actually support joining a userns with a new container"). [@kolyshkin: commit message] Fixes: 1912d5988bbb37918 Signed-off-by: Brad Davidson Signed-off-by: Kir Kolyshkin --- .../internal/userns/{userns_maps.c => userns_maps_linux.c} | 2 ++ 1 file changed, 2 insertions(+) rename libcontainer/internal/userns/{userns_maps.c => userns_maps_linux.c} (99%) diff --git a/libcontainer/internal/userns/userns_maps.c b/libcontainer/internal/userns/userns_maps_linux.c similarity index 99% rename from libcontainer/internal/userns/userns_maps.c rename to libcontainer/internal/userns/userns_maps_linux.c index 84f2c6188c3..fdb20aecad8 100644 --- a/libcontainer/internal/userns/userns_maps.c +++ b/libcontainer/internal/userns/userns_maps_linux.c @@ -1,3 +1,5 @@ +//go:build linux + #define _GNU_SOURCE #include #include From b55167e04dd5a90dcbce61ea1f14867dbabea39b Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 9 Jan 2025 16:53:05 -0800 Subject: [PATCH 0795/1176] tests/int/exec --user: check default HOME Historically, when HOME is not explicitly set in process.Env, and UID to run as doesn't have a corresponding entry in container's /etc/passwd, runc sets HOME=/ as a fallback. Add the corresponding check, for the sake of backward compatibility preservation. Signed-off-by: Kir Kolyshkin --- tests/integration/exec.bats | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tests/integration/exec.bats b/tests/integration/exec.bats index a92a237809d..8e96f3dddff 100644 --- a/tests/integration/exec.bats +++ b/tests/integration/exec.bats @@ -126,6 +126,18 @@ function teardown() { runc exec --user 1000:1000 test_busybox id [ "$status" -eq 0 ] [[ "${output}" == "uid=1000 gid=1000"* ]] + + # Check the default value of HOME ("/") is set even in case when + # - HOME is not set in process.Env, and + # - there is no entry in container's /etc/passwd for a given UID. + # + # NOTE this is not a standard runtime feature, but rather + # a historical de facto behavior we're afraid to change. + + # shellcheck disable=SC2016 + runc exec --user 1000 test_busybox sh -u -c 'echo $HOME' + [ "$status" -eq 0 ] + [[ "$output" = "/" ]] } # https://github.com/opencontainers/runc/issues/3674. From 7dc2486889c1da1c07547330621ef6ea73f67bc4 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 28 Aug 2023 20:05:56 -0700 Subject: [PATCH 0796/1176] libct: switch to numeric UID/GID/groups This addresses the following TODO in the code (added back in 2015 by commit 845fc65e5): > // TODO: fix libcontainer's API to better support uid/gid in a typesafe way. Historically, libcontainer internally uses strings for user, group, and additional (aka supplementary) groups. Yet, runc receives those credentials as part of runtime-spec's process, which uses integers for all of them (see [1], [2]). What happens next is: 1. runc start/run/exec converts those credentials to strings (a User string containing "UID:GID", and a []string for additional GIDs) and passes those onto runc init. 2. runc init converts them back to int, in the most complicated way possible (parsing container's /etc/passwd and /etc/group). All this conversion and, especially, parsing is totally unnecessary, but is performed on every container exec (and start). The only benefit of all this is, a libcontainer user could use user and group names instead of numeric IDs (but runc itself is not using this feature, and we don't know if there are any other users of this). Let's remove this back and forth translation, hopefully increasing runc exec performance. The only remaining need to parse /etc/passwd is to set HOME environment variable for a specified UID, in case $HOME is not explicitly set in process.Env. This can now be done right in prepareEnv, which simplifies the code flow a lot. Alas, we can not use standard os/user.LookupId, as it could cache host's /etc/passwd or the current user (even with the osusergo tag). PS Note that the structures being changed (initConfig and Process) are never saved to disk as JSON by runc, so there is no compatibility issue for runc users. Still, this is a breaking change in libcontainer, but we never promised that libcontainer API will be stable (and there's a special package that can handle it -- github.com/moby/sys/user). Reflect this in CHANGELOG. For 3998. [1]: https://github.com/opencontainers/runtime-spec/blob/v1.0.2/config.md#posix-platform-user [2]: https://github.com/opencontainers/runtime-spec/blob/v1.0.2/specs-go/config.go#L86 Signed-off-by: Kir Kolyshkin --- CHANGELOG.md | 7 +++ libcontainer/container_linux.go | 3 +- libcontainer/env.go | 49 ++++++++++++--- libcontainer/env_test.go | 24 ++++++-- libcontainer/init_linux.go | 81 ++++++------------------- libcontainer/integration/exec_test.go | 14 ++--- libcontainer/integration/execin_test.go | 14 ++--- libcontainer/process.go | 6 +- libcontainer/setns_init_linux.go | 3 +- libcontainer/standard_init_linux.go | 3 +- utils_linux.go | 15 +++-- 11 files changed, 112 insertions(+), 107 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 92e1b23cfde..2ebb6072239 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### libcontainer API * `configs.CommandHook` struct has changed, Command is now a pointer. Also, `configs.NewCommandHook` now accepts a `*Command`. (#4325) + * The `Process` struct has `User` string field replaced with numeric + `UID` and `GID` fields, and `AdditionalGroups` changed its type from + `[]string` to `[]int`. Essentially, resolution of user and group + names to IDs is no longer performed by libcontainer, so if a libcontainer + user previously relied on this feature, now they have to convert names to + IDs before calling libcontainer; it is recommended to use Go package + github.com/moby/sys/user for that. (#3999) ## [1.2.0] - 2024-10-22 diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index 2de3382f6a0..b790c071443 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -686,7 +686,8 @@ func (c *Container) newInitConfig(process *Process) *initConfig { Config: c.config, Args: process.Args, Env: process.Env, - User: process.User, + UID: process.UID, + GID: process.GID, AdditionalGroups: process.AdditionalGroups, Cwd: process.Cwd, Capabilities: process.Capabilities, diff --git a/libcontainer/env.go b/libcontainer/env.go index d205cb65014..fe1abd500b0 100644 --- a/libcontainer/env.go +++ b/libcontainer/env.go @@ -6,6 +6,9 @@ import ( "os" "slices" "strings" + + "github.com/moby/sys/user" + "github.com/sirupsen/logrus" ) // prepareEnv processes a list of environment variables, preparing it @@ -13,13 +16,13 @@ import ( // - validates each variable is in the NAME=VALUE format and // contains no \0 (nil) bytes; // - removes any duplicates (keeping only the last value for each key) -// - sets PATH for the current process, if found in the list. +// - sets PATH for the current process, if found in the list; +// - adds HOME to returned environment, if not found in the list. // -// It returns the deduplicated environment, a flag telling whether HOME -// is present in the input, and an error. -func prepareEnv(env []string) ([]string, bool, error) { +// Returns the prepared environment. +func prepareEnv(env []string, uid int) ([]string, error) { if env == nil { - return nil, false, nil + return nil, nil } // Deduplication code based on dedupEnv from Go 1.22 os/exec. @@ -31,10 +34,10 @@ func prepareEnv(env []string) ([]string, bool, error) { kv := env[n-1] i := strings.IndexByte(kv, '=') if i == -1 { - return nil, false, errors.New("invalid environment variable: missing '='") + return nil, errors.New("invalid environment variable: missing '='") } if i == 0 { - return nil, false, errors.New("invalid environment variable: name cannot be empty") + return nil, errors.New("invalid environment variable: name cannot be empty") } key := kv[:i] if saw[key] { // Duplicate. @@ -42,12 +45,12 @@ func prepareEnv(env []string) ([]string, bool, error) { } saw[key] = true if strings.IndexByte(kv, 0) >= 0 { - return nil, false, fmt.Errorf("invalid environment variable %q: contains nul byte (\\x00)", key) + return nil, fmt.Errorf("invalid environment variable %q: contains nul byte (\\x00)", key) } if key == "PATH" { // Needs to be set as it is used for binary lookup. if err := os.Setenv("PATH", kv[i+1:]); err != nil { - return nil, false, err + return nil, err } } out = append(out, kv) @@ -55,5 +58,31 @@ func prepareEnv(env []string) ([]string, bool, error) { // Restore the original order. slices.Reverse(out) - return out, saw["HOME"], nil + // If HOME is not found in env, get it from container's /etc/passwd and add. + if !saw["HOME"] { + home, err := getUserHome(uid) + if err != nil { + // For backward compatibility, don't return an error, but merely log it. + logrus.WithError(err).Debugf("HOME not set in process.env, and getting UID %d homedir failed", uid) + } + + out = append(out, "HOME="+home) + } + + return out, nil +} + +func getUserHome(uid int) (string, error) { + const defaultHome = "/" // Default value, return this with any error. + + u, err := user.LookupUid(uid) + if err != nil { + // ErrNoPasswdEntries is kinda expected as any UID can be specified. + if errors.Is(err, user.ErrNoPasswdEntries) { + err = nil + } + return defaultHome, err + } + + return u.Home, nil } diff --git a/libcontainer/env_test.go b/libcontainer/env_test.go index 72d63b4af23..c917471670a 100644 --- a/libcontainer/env_test.go +++ b/libcontainer/env_test.go @@ -1,25 +1,37 @@ package libcontainer import ( + "os/user" "slices" + "strconv" "testing" ) -func TestPrepareEnvDedup(t *testing.T) { +func TestPrepareEnv(t *testing.T) { + u, err := user.Current() + if err != nil { + t.Fatal(err) + } + home := "HOME=" + u.HomeDir + uid, err := strconv.Atoi(u.Uid) + if err != nil { + t.Fatal(err) + } + tests := []struct { env, wantEnv []string }{ { env: []string{}, - wantEnv: []string{}, + wantEnv: []string{home}, }, { - env: []string{"HOME=/root", "FOO=bar"}, - wantEnv: []string{"HOME=/root", "FOO=bar"}, + env: []string{"HOME=/whoo", "FOO=bar"}, + wantEnv: []string{"HOME=/whoo", "FOO=bar"}, }, { env: []string{"A=a", "A=b", "A=c"}, - wantEnv: []string{"A=c"}, + wantEnv: []string{"A=c", home}, }, { env: []string{"TERM=vt100", "HOME=/home/one", "HOME=/home/two", "TERM=xterm", "HOME=/home/three", "FOO=bar"}, @@ -28,7 +40,7 @@ func TestPrepareEnvDedup(t *testing.T) { } for _, tc := range tests { - env, _, err := prepareEnv(tc.env) + env, err := prepareEnv(tc.env, uid) if err != nil { t.Error(err) continue diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go index af62c54e5df..75bef03157b 100644 --- a/libcontainer/init_linux.go +++ b/libcontainer/init_linux.go @@ -14,7 +14,6 @@ import ( "syscall" "github.com/containerd/console" - "github.com/moby/sys/user" "github.com/opencontainers/runtime-spec/specs-go" "github.com/sirupsen/logrus" "github.com/vishvananda/netlink" @@ -57,8 +56,9 @@ type initConfig struct { ProcessLabel string `json:"process_label"` AppArmorProfile string `json:"apparmor_profile"` NoNewPrivileges bool `json:"no_new_privileges"` - User string `json:"user"` - AdditionalGroups []string `json:"additional_groups"` + UID int `json:"uid"` + GID int `json:"gid"` + AdditionalGroups []int `json:"additional_groups"` Config *configs.Config `json:"config"` Networks []*network `json:"network"` PassedFilesCount int `json:"passed_files_count"` @@ -208,7 +208,7 @@ func startInitialization() (retErr error) { } func containerInit(t initType, config *initConfig, pipe *syncSocket, consoleSocket, pidfdSocket, fifoFile, logPipe *os.File) error { - env, homeSet, err := prepareEnv(config.Env) + env, err := prepareEnv(config.Env, config.UID) if err != nil { return err } @@ -226,7 +226,6 @@ func containerInit(t initType, config *initConfig, pipe *syncSocket, consoleSock pidfdSocket: pidfdSocket, config: config, logPipe: logPipe, - addHome: !homeSet, } return i.Init() case initStandard: @@ -238,7 +237,6 @@ func containerInit(t initType, config *initConfig, pipe *syncSocket, consoleSock config: config, fifoFile: fifoFile, logPipe: logPipe, - addHome: !homeSet, } return i.Init() } @@ -274,7 +272,7 @@ func verifyCwd() error { // finalizeNamespace drops the caps, sets the correct user // and working dir, and closes any leaked file descriptors // before executing the command inside the namespace. -func finalizeNamespace(config *initConfig, addHome bool) error { +func finalizeNamespace(config *initConfig) error { // Ensure that all unwanted fds we may have accidentally // inherited are marked close-on-exec so they stay out of the // container @@ -320,7 +318,7 @@ func finalizeNamespace(config *initConfig, addHome bool) error { if err := system.SetKeepCaps(); err != nil { return fmt.Errorf("unable to set keep caps: %w", err) } - if err := setupUser(config, addHome); err != nil { + if err := setupUser(config); err != nil { return fmt.Errorf("unable to setup user: %w", err) } // Change working directory AFTER the user has been set up, if we haven't done it yet. @@ -438,52 +436,19 @@ func syncParentSeccomp(pipe *syncSocket, seccompFd int) error { return readSync(pipe, procSeccompDone) } -// setupUser changes the groups, gid, and uid for the user inside the container, -// and appends user's HOME to config.Env if addHome is true. -func setupUser(config *initConfig, addHome bool) error { - // Set up defaults. - defaultExecUser := user.ExecUser{ - Uid: 0, - Gid: 0, - Home: "/", - } - - passwdPath, err := user.GetPasswdPath() - if err != nil { - return err - } - - groupPath, err := user.GetGroupPath() - if err != nil { - return err - } - - execUser, err := user.GetExecUserPath(config.User, &defaultExecUser, passwdPath, groupPath) - if err != nil { - return err - } - - var addGroups []int - if len(config.AdditionalGroups) > 0 { - addGroups, err = user.GetAdditionalGroupsPath(config.AdditionalGroups, groupPath) - if err != nil { - return err - } - } - - if config.RootlessEUID { +// setupUser changes the groups, gid, and uid for the user inside the container. +func setupUser(config *initConfig) error { + if config.RootlessEUID && len(config.AdditionalGroups) > 0 { // We cannot set any additional groups in a rootless container and thus // we bail if the user asked us to do so. TODO: We currently can't do // this check earlier, but if libcontainer.Process.User was typesafe // this might work. - if len(addGroups) > 0 { - return errors.New("cannot set any additional groups in a rootless container") - } + return errors.New("cannot set any additional groups in a rootless container") } // Before we change to the container's user make sure that the processes // STDIO is correctly owned by the user that we are switching to. - if err := fixStdioPermissions(execUser); err != nil { + if err := fixStdioPermissions(config.UID); err != nil { return err } @@ -502,36 +467,30 @@ func setupUser(config *initConfig, addHome bool) error { allowSupGroups := !config.RootlessEUID && string(bytes.TrimSpace(setgroups)) != "deny" if allowSupGroups { - suppGroups := append(execUser.Sgids, addGroups...) - if err := unix.Setgroups(suppGroups); err != nil { + if err := unix.Setgroups(config.AdditionalGroups); err != nil { return &os.SyscallError{Syscall: "setgroups", Err: err} } } - if err := unix.Setgid(execUser.Gid); err != nil { + if err := unix.Setgid(config.GID); err != nil { if err == unix.EINVAL { - return fmt.Errorf("cannot setgid to unmapped gid %d in user namespace", execUser.Gid) + return fmt.Errorf("cannot setgid to unmapped gid %d in user namespace", config.GID) } return err } - if err := unix.Setuid(execUser.Uid); err != nil { + if err := unix.Setuid(config.UID); err != nil { if err == unix.EINVAL { - return fmt.Errorf("cannot setuid to unmapped uid %d in user namespace", execUser.Uid) + return fmt.Errorf("cannot setuid to unmapped uid %d in user namespace", config.UID) } return err } - - // If we didn't get HOME already, set it based on the user's HOME. - if addHome { - config.Env = append(config.Env, "HOME="+execUser.Home) - } return nil } -// fixStdioPermissions fixes the permissions of PID 1's STDIO within the container to the specified user. +// fixStdioPermissions fixes the permissions of PID 1's STDIO within the container to the specified uid. // The ownership needs to match because it is created outside of the container and needs to be // localized. -func fixStdioPermissions(u *user.ExecUser) error { +func fixStdioPermissions(uid int) error { var null unix.Stat_t if err := unix.Stat("/dev/null", &null); err != nil { return &os.PathError{Op: "stat", Path: "/dev/null", Err: err} @@ -544,7 +503,7 @@ func fixStdioPermissions(u *user.ExecUser) error { // Skip chown if uid is already the one we want or any of the STDIO descriptors // were redirected to /dev/null. - if int(s.Uid) == u.Uid || s.Rdev == null.Rdev { + if int(s.Uid) == uid || s.Rdev == null.Rdev { continue } @@ -554,7 +513,7 @@ func fixStdioPermissions(u *user.ExecUser) error { // that users expect to be able to actually use their console. Without // this code, you couldn't effectively run as a non-root user inside a // container and also have a console set up. - if err := file.Chown(u.Uid, int(s.Gid)); err != nil { + if err := file.Chown(uid, int(s.Gid)); err != nil { // If we've hit an EINVAL then s.Gid isn't mapped in the user // namespace. If we've hit an EPERM then the inode's current owner // is not mapped in our user namespace (in particular, diff --git a/libcontainer/integration/exec_test.go b/libcontainer/integration/exec_test.go index c9f37ada4c7..c9a7cbc56f3 100644 --- a/libcontainer/integration/exec_test.go +++ b/libcontainer/integration/exec_test.go @@ -399,7 +399,7 @@ func TestAdditionalGroups(t *testing.T) { Env: standardEnvironment, Stdin: nil, Stdout: &stdout, - AdditionalGroups: []string{"plugdev", "audio"}, + AdditionalGroups: []int{3333, 99999}, Init: true, } err = container.Run(&pconfig) @@ -410,13 +410,11 @@ func TestAdditionalGroups(t *testing.T) { outputGroups := stdout.String() - // Check that the groups output has the groups that we specified - if !strings.Contains(outputGroups, "audio") { - t.Fatalf("Listed groups do not contain the audio group as expected: %v", outputGroups) - } - - if !strings.Contains(outputGroups, "plugdev") { - t.Fatalf("Listed groups do not contain the plugdev group as expected: %v", outputGroups) + // Check that the groups output has the groups that we specified. + for _, gid := range pconfig.AdditionalGroups { + if !strings.Contains(outputGroups, strconv.Itoa(gid)) { + t.Errorf("Listed groups do not contain gid %d as expected: %v", gid, outputGroups) + } } } diff --git a/libcontainer/integration/execin_test.go b/libcontainer/integration/execin_test.go index a81d11edb71..aa7c01548b6 100644 --- a/libcontainer/integration/execin_test.go +++ b/libcontainer/integration/execin_test.go @@ -162,7 +162,7 @@ func TestExecInAdditionalGroups(t *testing.T) { Env: standardEnvironment, Stdin: nil, Stdout: &stdout, - AdditionalGroups: []string{"plugdev", "audio"}, + AdditionalGroups: []int{4444, 87654}, } err = container.Run(&pconfig) ok(t, err) @@ -175,13 +175,11 @@ func TestExecInAdditionalGroups(t *testing.T) { outputGroups := stdout.String() - // Check that the groups output has the groups that we specified - if !strings.Contains(outputGroups, "audio") { - t.Fatalf("Listed groups do not contain the audio group as expected: %v", outputGroups) - } - - if !strings.Contains(outputGroups, "plugdev") { - t.Fatalf("Listed groups do not contain the plugdev group as expected: %v", outputGroups) + // Check that the groups output has the groups that we specified. + for _, gid := range pconfig.AdditionalGroups { + if !strings.Contains(outputGroups, strconv.Itoa(gid)) { + t.Errorf("Listed groups do not contain gid %d as expected: %v", gid, outputGroups) + } } } diff --git a/libcontainer/process.go b/libcontainer/process.go index 114b3f2b6cb..09162be9a40 100644 --- a/libcontainer/process.go +++ b/libcontainer/process.go @@ -26,13 +26,13 @@ type Process struct { // Env specifies the environment variables for the process. Env []string - // User will set the uid and gid of the executing process running inside the container + // UID and GID of the executing process running inside the container // local to the container's user and group configuration. - User string + UID, GID int // AdditionalGroups specifies the gids that should be added to supplementary groups // in addition to those that the user belongs to. - AdditionalGroups []string + AdditionalGroups []int // Cwd will change the processes current working directory inside the container's rootfs. Cwd string diff --git a/libcontainer/setns_init_linux.go b/libcontainer/setns_init_linux.go index b42b3be1a89..d1885b3fdda 100644 --- a/libcontainer/setns_init_linux.go +++ b/libcontainer/setns_init_linux.go @@ -25,7 +25,6 @@ type linuxSetnsInit struct { pidfdSocket *os.File config *initConfig logPipe *os.File - addHome bool } func (l *linuxSetnsInit) getSessionRingName() string { @@ -102,7 +101,7 @@ func (l *linuxSetnsInit) Init() error { return err } } - if err := finalizeNamespace(l.config, l.addHome); err != nil { + if err := finalizeNamespace(l.config); err != nil { return err } if err := apparmor.ApplyProfile(l.config.AppArmorProfile); err != nil { diff --git a/libcontainer/standard_init_linux.go b/libcontainer/standard_init_linux.go index 510f9483baa..9517820bcad 100644 --- a/libcontainer/standard_init_linux.go +++ b/libcontainer/standard_init_linux.go @@ -27,7 +27,6 @@ type linuxStandardInit struct { fifoFile *os.File logPipe *os.File config *initConfig - addHome bool } func (l *linuxStandardInit) getSessionRingParams() (string, uint32, uint32) { @@ -187,7 +186,7 @@ func (l *linuxStandardInit) Init() error { return err } } - if err := finalizeNamespace(l.config, l.addHome); err != nil { + if err := finalizeNamespace(l.config); err != nil { return err } // finalizeNamespace can change user/group which clears the parent death diff --git a/utils_linux.go b/utils_linux.go index eef78ea3845..95ba88af036 100644 --- a/utils_linux.go +++ b/utils_linux.go @@ -47,10 +47,10 @@ func getDefaultImagePath() string { // spec and stdio from the current process. func newProcess(p specs.Process) (*libcontainer.Process, error) { lp := &libcontainer.Process{ - Args: p.Args, - Env: p.Env, - // TODO: fix libcontainer's API to better support uid/gid in a typesafe way. - User: fmt.Sprintf("%d:%d", p.User.UID, p.User.GID), + Args: p.Args, + Env: p.Env, + UID: int(p.User.UID), + GID: int(p.User.GID), Cwd: p.Cwd, Label: p.SelinuxLabel, NoNewPrivileges: &p.NoNewPrivileges, @@ -72,8 +72,11 @@ func newProcess(p specs.Process) (*libcontainer.Process, error) { lp.Capabilities.Permitted = p.Capabilities.Permitted lp.Capabilities.Ambient = p.Capabilities.Ambient } - for _, gid := range p.User.AdditionalGids { - lp.AdditionalGroups = append(lp.AdditionalGroups, strconv.FormatUint(uint64(gid), 10)) + if l := len(p.User.AdditionalGids); l > 0 { + lp.AdditionalGroups = make([]int, l) + for i, g := range p.User.AdditionalGids { + lp.AdditionalGroups[i] = int(g) + } } for _, rlimit := range p.Rlimits { rl, err := createLibContainerRlimit(rlimit) From 52f702af565b65270681a11f934a8cb93be7a785 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 9 Jan 2025 12:15:23 -0800 Subject: [PATCH 0797/1176] libct: earlier Rootless vs AdditionalGroups check Since the UID/GID/AdditonalGroups fields are now numeric, we can address the following TODO item in the code (added by commit d2f49696 back in 2016): > TODO: We currently can't do > this check earlier, but if libcontainer.Process.User was typesafe > this might work. Move the check to much earlier phase, when we're preparing to start a process in a container. Signed-off-by: Kir Kolyshkin --- libcontainer/container_linux.go | 7 +++++++ libcontainer/init_linux.go | 8 -------- 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index b790c071443..26f523a90da 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -302,6 +302,13 @@ func (c *Container) start(process *Process) (retErr error) { if c.config.Cgroups.Resources.SkipDevices { return errors.New("can't start container with SkipDevices set") } + + if c.config.RootlessEUID && len(process.AdditionalGroups) > 0 { + // We cannot set any additional groups in a rootless container + // and thus we bail if the user asked us to do so. + return errors.New("cannot set any additional groups in a rootless container") + } + if process.Init { if c.initProcessStartTime != 0 { return errors.New("container already has init process") diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go index 75bef03157b..cff21e1bc66 100644 --- a/libcontainer/init_linux.go +++ b/libcontainer/init_linux.go @@ -438,14 +438,6 @@ func syncParentSeccomp(pipe *syncSocket, seccompFd int) error { // setupUser changes the groups, gid, and uid for the user inside the container. func setupUser(config *initConfig) error { - if config.RootlessEUID && len(config.AdditionalGroups) > 0 { - // We cannot set any additional groups in a rootless container and thus - // we bail if the user asked us to do so. TODO: We currently can't do - // this check earlier, but if libcontainer.Process.User was typesafe - // this might work. - return errors.New("cannot set any additional groups in a rootless container") - } - // Before we change to the container's user make sure that the processes // STDIO is correctly owned by the user that we are switching to. if err := fixStdioPermissions(config.UID); err != nil { From ec9b0b5f725924b6ec49bb2b53585e4d1e26371a Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 28 Aug 2023 17:55:28 -0700 Subject: [PATCH 0798/1176] runc list: use standard os/user Switch from github.com/moby/sys/user to Go stdlib os/user (which has both libc-backed and pure Go implementations). Signed-off-by: Kir Kolyshkin --- list.go | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/list.go b/list.go index 615f6271cb2..997cd88173b 100644 --- a/list.go +++ b/list.go @@ -5,11 +5,12 @@ import ( "errors" "fmt" "os" + "os/user" + "strconv" "syscall" "text/tabwriter" "time" - "github.com/moby/sys/user" "github.com/opencontainers/runc/libcontainer" "github.com/opencontainers/runc/libcontainer/utils" "github.com/urfave/cli" @@ -136,9 +137,10 @@ func getContainers(context *cli.Context) ([]containerState, error) { } // This cast is safe on Linux. uid := st.Sys().(*syscall.Stat_t).Uid - owner, err := user.LookupUid(int(uid)) - if err != nil { - owner.Name = fmt.Sprintf("#%d", uid) + owner := "#" + strconv.Itoa(int(uid)) + u, err := user.LookupId(owner[1:]) + if err == nil { + owner = u.Username } container, err := libcontainer.Load(root, item.Name()) @@ -170,7 +172,7 @@ func getContainers(context *cli.Context) ([]containerState, error) { Rootfs: state.BaseState.Config.Rootfs, Created: state.BaseState.Created, Annotations: annotations, - Owner: owner.Name, + Owner: owner, }) } return s, nil From 7149781fd091e76e1d45043088f1295148a6e884 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 22 Oct 2024 22:36:26 -0700 Subject: [PATCH 0799/1176] exec: use strings.Cut to parse --cgroup Using strings.Cut (added in Go 1.18, see [1]) results in faster and cleaner code with less allocations (as we're not using a slice). This part of code is covered by tests in tests/integration/exec.bats. [1]: https://github.com/golang/go/issues/46336 Signed-off-by: Kir Kolyshkin --- exec.go | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/exec.go b/exec.go index 16bbeebfbc2..b896b4b56d9 100644 --- a/exec.go +++ b/exec.go @@ -124,20 +124,17 @@ func getSubCgroupPaths(args []string) (map[string]string, error) { paths := make(map[string]string, len(args)) for _, c := range args { // Split into controller:path. - cs := strings.SplitN(c, ":", 3) - if len(cs) > 2 { - return nil, fmt.Errorf("invalid --cgroup argument: %s", c) - } - if len(cs) == 1 { // no controller: prefix + if ctr, path, ok := strings.Cut(c, ":"); ok { + // There may be a few comma-separated controllers. + for _, ctrl := range strings.Split(ctr, ",") { + paths[ctrl] = path + } + } else { + // No controller: prefix. if len(args) != 1 { return nil, fmt.Errorf("invalid --cgroup argument: %s (missing : prefix)", c) } paths[""] = c - } else { - // There may be a few comma-separated controllers. - for _, ctrl := range strings.Split(cs[0], ",") { - paths[ctrl] = cs[1] - } } } return paths, nil From 871d9186ee65b86526c6046442b86fe6411cf3d2 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 6 Jan 2025 15:02:59 -0800 Subject: [PATCH 0800/1176] exec: improve getSubCgroupPaths 1. Document the function. 2. Add sanity checks for empty and repeated controllers. Reported-by: Sebastiaan van Stijn Signed-off-by: Kir Kolyshkin --- exec.go | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/exec.go b/exec.go index b896b4b56d9..e33b8d44ae0 100644 --- a/exec.go +++ b/exec.go @@ -117,6 +117,12 @@ following will output a list of processes running in the container: SkipArgReorder: true, } +// getSubCgroupPaths parses --cgroup arguments, which can either be +// - a single "path" argument (for cgroup v2); +// - one or more controller[,controller[,...]]:path arguments (for cgroup v1). +// +// Returns a controller to path map. For cgroup v2, it's a single entity map +// with empty controller value. func getSubCgroupPaths(args []string) (map[string]string, error) { if len(args) == 0 { return nil, nil @@ -127,10 +133,16 @@ func getSubCgroupPaths(args []string) (map[string]string, error) { if ctr, path, ok := strings.Cut(c, ":"); ok { // There may be a few comma-separated controllers. for _, ctrl := range strings.Split(ctr, ",") { + if ctrl == "" { + return nil, fmt.Errorf("invalid --cgroup argument: %s (empty prefix)", c) + } + if _, ok := paths[ctrl]; ok { + return nil, fmt.Errorf("invalid --cgroup argument(s): controller %s specified multiple times", ctrl) + } paths[ctrl] = path } } else { - // No controller: prefix. + // No "controller:" prefix (cgroup v2, a single path). if len(args) != 1 { return nil, fmt.Errorf("invalid --cgroup argument: %s (missing : prefix)", c) } From bfcd479c5d78412da7c816bba1ac20995c71ee05 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 22 Oct 2024 22:38:00 -0700 Subject: [PATCH 0801/1176] libct/cg/fs: getPercpuUsage: rm TODO Nowadays strings.Fields are as fast as strings.SplitN so remove TODO. Signed-off-by: Kir Kolyshkin --- libcontainer/cgroups/fs/cpuacct.go | 1 - 1 file changed, 1 deletion(-) diff --git a/libcontainer/cgroups/fs/cpuacct.go b/libcontainer/cgroups/fs/cpuacct.go index 88af8c568a2..01a5bc336f5 100644 --- a/libcontainer/cgroups/fs/cpuacct.go +++ b/libcontainer/cgroups/fs/cpuacct.go @@ -112,7 +112,6 @@ func getPercpuUsage(path string) ([]uint64, error) { if err != nil { return percpuUsage, err } - // TODO: use strings.SplitN instead. for _, value := range strings.Fields(data) { value, err := strconv.ParseUint(value, 10, 64) if err != nil { From 4271ecf73fc3a7777c4898e8609554670f3e43c2 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 22 Oct 2024 22:58:00 -0700 Subject: [PATCH 0802/1176] libct/cg/fs: refactor getCpusetStat Using strings.Cut (added in Go 1.18, see [1]) results in faster and cleaner code with less allocations (as we're not using a slice). This also drops the check for extra dash (we're unlikely to get it from the kernel anyway). While at it, rename min/max -> from/to to avoid collision with Go min/max builtins. This code is tested by TestCPUSetStats* tests. [1]: https://github.com/golang/go/issues/46336 Signed-off-by: Kir Kolyshkin --- libcontainer/cgroups/fs/cpuset.go | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/libcontainer/cgroups/fs/cpuset.go b/libcontainer/cgroups/fs/cpuset.go index 4cf1f30ff6c..b51413ba811 100644 --- a/libcontainer/cgroups/fs/cpuset.go +++ b/libcontainer/cgroups/fs/cpuset.go @@ -48,26 +48,23 @@ func getCpusetStat(path string, file string) ([]uint16, error) { } for _, s := range strings.Split(fileContent, ",") { - sp := strings.SplitN(s, "-", 3) - switch len(sp) { - case 3: - return extracted, &parseError{Path: path, File: file, Err: errors.New("extra dash")} - case 2: - min, err := strconv.ParseUint(sp[0], 10, 16) + fromStr, toStr, ok := strings.Cut(s, "-") + if ok { + from, err := strconv.ParseUint(fromStr, 10, 16) if err != nil { return extracted, &parseError{Path: path, File: file, Err: err} } - max, err := strconv.ParseUint(sp[1], 10, 16) + to, err := strconv.ParseUint(toStr, 10, 16) if err != nil { return extracted, &parseError{Path: path, File: file, Err: err} } - if min > max { - return extracted, &parseError{Path: path, File: file, Err: errors.New("invalid values, min > max")} + if from > to { + return extracted, &parseError{Path: path, File: file, Err: errors.New("invalid values, from > to")} } - for i := min; i <= max; i++ { + for i := from; i <= to; i++ { extracted = append(extracted, uint16(i)) } - case 1: + } else { value, err := strconv.ParseUint(s, 10, 16) if err != nil { return extracted, &parseError{Path: path, File: file, Err: err} From 075cea3a4563966e122c11d9111d2696f7f5d01a Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 22 Oct 2024 23:13:41 -0700 Subject: [PATCH 0803/1176] libcontainer/cgroups/fs: some refactoring Remove extra global constants that are only used in a single place and make it harder to read the code. Rename nanosecondsInSecond -> nsInSec. This code is tested by unit tests. Signed-off-by: Kir Kolyshkin --- libcontainer/cgroups/fs/cpuacct.go | 28 ++++++++++--------------- libcontainer/cgroups/fs/cpuacct_test.go | 8 +++---- 2 files changed, 15 insertions(+), 21 deletions(-) diff --git a/libcontainer/cgroups/fs/cpuacct.go b/libcontainer/cgroups/fs/cpuacct.go index 01a5bc336f5..53ffbb8e617 100644 --- a/libcontainer/cgroups/fs/cpuacct.go +++ b/libcontainer/cgroups/fs/cpuacct.go @@ -11,14 +11,7 @@ import ( ) const ( - cgroupCpuacctStat = "cpuacct.stat" - cgroupCpuacctUsageAll = "cpuacct.usage_all" - - nanosecondsInSecond = 1000000000 - - userModeColumn = 1 - kernelModeColumn = 2 - cuacctUsageAllColumnsNumber = 3 + nsInSec = 1000000000 // The value comes from `C.sysconf(C._SC_CLK_TCK)`, and // on Linux it's a constant which is safe to be hard coded, @@ -80,7 +73,7 @@ func getCpuUsageBreakdown(path string) (uint64, uint64, error) { const ( userField = "user" systemField = "system" - file = cgroupCpuacctStat + file = "cpuacct.stat" ) // Expected format: @@ -102,7 +95,7 @@ func getCpuUsageBreakdown(path string) (uint64, uint64, error) { return 0, 0, &parseError{Path: path, File: file, Err: err} } - return (userModeUsage * nanosecondsInSecond) / clockTicks, (kernelModeUsage * nanosecondsInSecond) / clockTicks, nil + return (userModeUsage * nsInSec) / clockTicks, (kernelModeUsage * nsInSec) / clockTicks, nil } func getPercpuUsage(path string) ([]uint64, error) { @@ -125,7 +118,7 @@ func getPercpuUsage(path string) ([]uint64, error) { func getPercpuUsageInModes(path string) ([]uint64, []uint64, error) { usageKernelMode := []uint64{} usageUserMode := []uint64{} - const file = cgroupCpuacctUsageAll + const file = "cpuacct.usage_all" fd, err := cgroups.OpenFile(path, file, os.O_RDONLY) if os.IsNotExist(err) { @@ -139,22 +132,23 @@ func getPercpuUsageInModes(path string) ([]uint64, []uint64, error) { scanner.Scan() // skipping header line for scanner.Scan() { - lineFields := strings.SplitN(scanner.Text(), " ", cuacctUsageAllColumnsNumber+1) - if len(lineFields) != cuacctUsageAllColumnsNumber { + // Each line is: cpu user system + fields := strings.SplitN(scanner.Text(), " ", 3) + if len(fields) != 3 { continue } - usageInKernelMode, err := strconv.ParseUint(lineFields[kernelModeColumn], 10, 64) + user, err := strconv.ParseUint(fields[1], 10, 64) if err != nil { return nil, nil, &parseError{Path: path, File: file, Err: err} } - usageKernelMode = append(usageKernelMode, usageInKernelMode) + usageUserMode = append(usageUserMode, user) - usageInUserMode, err := strconv.ParseUint(lineFields[userModeColumn], 10, 64) + kernel, err := strconv.ParseUint(fields[2], 10, 64) if err != nil { return nil, nil, &parseError{Path: path, File: file, Err: err} } - usageUserMode = append(usageUserMode, usageInUserMode) + usageKernelMode = append(usageKernelMode, kernel) } if err := scanner.Err(); err != nil { return nil, nil, &parseError{Path: path, File: file, Err: err} diff --git a/libcontainer/cgroups/fs/cpuacct_test.go b/libcontainer/cgroups/fs/cpuacct_test.go index d7d926d505c..116454e4881 100644 --- a/libcontainer/cgroups/fs/cpuacct_test.go +++ b/libcontainer/cgroups/fs/cpuacct_test.go @@ -53,8 +53,8 @@ func TestCpuacctStats(t *testing.T) { 962250696038415, 981956408513304, 1002658817529022, 994937703492523, 874843781648690, 872544369885276, 870104915696359, 870202363887496, }, - UsageInKernelmode: (uint64(291429664) * nanosecondsInSecond) / clockTicks, - UsageInUsermode: (uint64(452278264) * nanosecondsInSecond) / clockTicks, + UsageInKernelmode: (uint64(291429664) * nsInSec) / clockTicks, + UsageInUsermode: (uint64(452278264) * nsInSec) / clockTicks, } if !reflect.DeepEqual(expectedStats, actualStats.CpuStats.CpuUsage) { @@ -86,8 +86,8 @@ func TestCpuacctStatsWithoutUsageAll(t *testing.T) { }, PercpuUsageInKernelmode: []uint64{}, PercpuUsageInUsermode: []uint64{}, - UsageInKernelmode: (uint64(291429664) * nanosecondsInSecond) / clockTicks, - UsageInUsermode: (uint64(452278264) * nanosecondsInSecond) / clockTicks, + UsageInKernelmode: (uint64(291429664) * nsInSec) / clockTicks, + UsageInUsermode: (uint64(452278264) * nsInSec) / clockTicks, } if !reflect.DeepEqual(expectedStats, actualStats.CpuStats.CpuUsage) { From 037668e501c4be1db03dce4bde8b0bab82c35f8a Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 22 Oct 2024 23:20:18 -0700 Subject: [PATCH 0804/1176] libct/cg/fs2: simplify parseCgroupFromReader For cgroup v2, we always expect /proc/$PID/cgroup contents like this: > 0::/user.slice/user-1000.slice/user@1000.service/app.slice/vte-spawn-f71c3fb8-519d-4e2d-b13e-9252594b1e05.scope So, it does not make sense to parse it using strings.Split, we can just cut the prefix and return the rest. Code tested by TestParseCgroupFromReader. Signed-off-by: Kir Kolyshkin --- libcontainer/cgroups/fs2/defaultpath.go | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/libcontainer/cgroups/fs2/defaultpath.go b/libcontainer/cgroups/fs2/defaultpath.go index 6637ef85c3c..6c44fd1972f 100644 --- a/libcontainer/cgroups/fs2/defaultpath.go +++ b/libcontainer/cgroups/fs2/defaultpath.go @@ -83,16 +83,9 @@ func parseCgroupFile(path string) (string, error) { func parseCgroupFromReader(r io.Reader) (string, error) { s := bufio.NewScanner(r) for s.Scan() { - var ( - text = s.Text() - parts = strings.SplitN(text, ":", 3) - ) - if len(parts) < 3 { - return "", fmt.Errorf("invalid cgroup entry: %q", text) - } - // text is like "0::/user.slice/user-1001.slice/session-1.scope" - if parts[0] == "0" && parts[1] == "" { - return parts[2], nil + // "0::/user.slice/user-1001.slice/session-1.scope" + if path, ok := strings.CutPrefix(s.Text(), "0::"); ok { + return path, nil } } if err := s.Err(); err != nil { From 40ce69cc9e155e794fcaa4501e3c6704aead9401 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 22 Oct 2024 23:25:41 -0700 Subject: [PATCH 0805/1176] libct/cg/fs2: use strings.Cut in setUnified Using strings.Cut (added in Go 1.18, see [1]) results in faster and cleaner code with less allocations (as we're not using a slice). The code is tested by testCgroupResourcesUnified. [1]: https://github.com/golang/go/issues/46336 Signed-off-by: Kir Kolyshkin --- libcontainer/cgroups/fs2/fs2.go | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/libcontainer/cgroups/fs2/fs2.go b/libcontainer/cgroups/fs2/fs2.go index 74dfcfdafcd..10e4a3ad80e 100644 --- a/libcontainer/cgroups/fs2/fs2.go +++ b/libcontainer/cgroups/fs2/fs2.go @@ -237,11 +237,10 @@ func (m *Manager) setUnified(res map[string]string) error { if errors.Is(err, os.ErrPermission) || errors.Is(err, os.ErrNotExist) { // Check if a controller is available, // to give more specific error if not. - sk := strings.SplitN(k, ".", 2) - if len(sk) != 2 { + c, _, ok := strings.Cut(k, ".") + if !ok { return fmt.Errorf("unified resource %q must be in the form CONTROLLER.PARAMETER", k) } - c := sk[0] if _, ok := m.controllers[c]; !ok && c != "cgroup" { return fmt.Errorf("unified resource %q can't be set: controller %q not available", k, c) } From 930cd4944ad8fc6273effbd3dd3f5f66a57ba9d5 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 22 Oct 2024 23:29:51 -0700 Subject: [PATCH 0806/1176] libct/cg/fs2: use strings.Cut in parsePSIData Using strings.Cut (added in Go 1.18, see [1]) results in faster and cleaner code with less allocations (as we're not using a slice). This code is tested by TestStatCPUPSI. [1]: https://github.com/golang/go/issues/46336 Signed-off-by: Kir Kolyshkin --- libcontainer/cgroups/fs2/psi.go | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/libcontainer/cgroups/fs2/psi.go b/libcontainer/cgroups/fs2/psi.go index 09f34888516..ac765affbaf 100644 --- a/libcontainer/cgroups/fs2/psi.go +++ b/libcontainer/cgroups/fs2/psi.go @@ -58,12 +58,12 @@ func statPSI(dirPath string, file string) (*cgroups.PSIStats, error) { func parsePSIData(psi []string) (cgroups.PSIData, error) { data := cgroups.PSIData{} for _, f := range psi { - kv := strings.SplitN(f, "=", 2) - if len(kv) != 2 { + key, val, ok := strings.Cut(f, "=") + if !ok { return data, fmt.Errorf("invalid psi data: %q", f) } var pv *float64 - switch kv[0] { + switch key { case "avg10": pv = &data.Avg10 case "avg60": @@ -71,16 +71,16 @@ func parsePSIData(psi []string) (cgroups.PSIData, error) { case "avg300": pv = &data.Avg300 case "total": - v, err := strconv.ParseUint(kv[1], 10, 64) + v, err := strconv.ParseUint(val, 10, 64) if err != nil { - return data, fmt.Errorf("invalid %s PSI value: %w", kv[0], err) + return data, fmt.Errorf("invalid %s PSI value: %w", key, err) } data.Total = v } if pv != nil { - v, err := strconv.ParseFloat(kv[1], 64) + v, err := strconv.ParseFloat(val, 64) if err != nil { - return data, fmt.Errorf("invalid %s PSI value: %w", kv[0], err) + return data, fmt.Errorf("invalid %s PSI value: %w", key, err) } *pv = v } From e9855bdae9918685048423c3a17d7a22b9797686 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 22 Oct 2024 23:34:03 -0700 Subject: [PATCH 0807/1176] libct/cg/fscommon: use strings.Cut in RDMA parser Using strings.Cut (added in Go 1.18, see [1]) results in faster and cleaner code with less allocations (as we're not using a slice). Also, use switch in parseRdmaKV. [1]: https://github.com/golang/go/issues/46336 Signed-off-by: Kir Kolyshkin --- libcontainer/cgroups/fscommon/rdma.go | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/libcontainer/cgroups/fscommon/rdma.go b/libcontainer/cgroups/fscommon/rdma.go index 93e05017cc7..70d92a00036 100644 --- a/libcontainer/cgroups/fscommon/rdma.go +++ b/libcontainer/cgroups/fscommon/rdma.go @@ -17,14 +17,12 @@ import ( func parseRdmaKV(raw string, entry *cgroups.RdmaEntry) error { var value uint32 - parts := strings.SplitN(raw, "=", 3) + k, v, ok := strings.Cut(raw, "=") - if len(parts) != 2 { + if !ok { return errors.New("Unable to parse RDMA entry") } - k, v := parts[0], parts[1] - if v == "max" { value = math.MaxUint32 } else { @@ -34,9 +32,10 @@ func parseRdmaKV(raw string, entry *cgroups.RdmaEntry) error { } value = uint32(val64) } - if k == "hca_handle" { + switch k { + case "hca_handle": entry.HcaHandles = value - } else if k == "hca_object" { + case "hca_object": entry.HcaObjects = value } From f134871206dc85bb104459f6b0f0439699973f3e Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 22 Oct 2024 23:39:20 -0700 Subject: [PATCH 0808/1176] libct/cg/fscommon: ParseKeyValue: use strings.Cut Using strings.Cut (added in Go 1.18, see [1]) results in faster and cleaner code with less allocations (as we're not using a slice). [1]: https://github.com/golang/go/issues/46336 Signed-off-by: Kir Kolyshkin --- libcontainer/cgroups/fscommon/utils.go | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/libcontainer/cgroups/fscommon/utils.go b/libcontainer/cgroups/fscommon/utils.go index f4a51c9e56f..d7cc23bfd14 100644 --- a/libcontainer/cgroups/fscommon/utils.go +++ b/libcontainer/cgroups/fscommon/utils.go @@ -54,22 +54,22 @@ func ParseUint(s string, base, bitSize int) (uint64, error) { return value, nil } -// ParseKeyValue parses a space-separated "name value" kind of cgroup +// ParseKeyValue parses a space-separated "key value" kind of cgroup // parameter and returns its key as a string, and its value as uint64 -// (ParseUint is used to convert the value). For example, +// (using [ParseUint] to convert the value). For example, // "io_service_bytes 1234" will be returned as "io_service_bytes", 1234. func ParseKeyValue(t string) (string, uint64, error) { - parts := strings.SplitN(t, " ", 3) - if len(parts) != 2 { + key, val, ok := strings.Cut(t, " ") + if !ok { return "", 0, fmt.Errorf("line %q is not in key value format", t) } - value, err := ParseUint(parts[1], 10, 64) + value, err := ParseUint(val, 10, 64) if err != nil { return "", 0, err } - return parts[0], value, nil + return key, value, nil } // GetValueByKey reads a key-value pairs from the specified cgroup file, From d83d533bba70ac094cd3a1ef8851fbfe3516e954 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 6 Jan 2025 13:58:24 -0800 Subject: [PATCH 0809/1176] libct/cg/fscommon: GetValueByKey: use strings.CutPrefix Using strings.CutPrefix (added in Go 1.20, see [1]) results in faster and cleaner code with less allocations (as the code only allocates memory for the value, and does it once). While at it, improve the function documentation. [1]: https://github.com/golang/go/issues/42537 Signed-off-by: Kir Kolyshkin --- libcontainer/cgroups/fscommon/utils.go | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/libcontainer/cgroups/fscommon/utils.go b/libcontainer/cgroups/fscommon/utils.go index d7cc23bfd14..76d06e49844 100644 --- a/libcontainer/cgroups/fscommon/utils.go +++ b/libcontainer/cgroups/fscommon/utils.go @@ -72,20 +72,21 @@ func ParseKeyValue(t string) (string, uint64, error) { return key, value, nil } -// GetValueByKey reads a key-value pairs from the specified cgroup file, -// and returns a value of the specified key. ParseUint is used for value -// conversion. +// GetValueByKey reads space-separated "key value" pairs from the specified +// cgroup file, looking for a specified key, and returns its value as uint64, +// using [ParseUint] for conversion. If the value is not found, 0 is returned. func GetValueByKey(path, file, key string) (uint64, error) { content, err := cgroups.ReadFile(path, file) if err != nil { return 0, err } + key += " " lines := strings.Split(content, "\n") for _, line := range lines { - arr := strings.Split(line, " ") - if len(arr) == 2 && arr[0] == key { - val, err := ParseUint(arr[1], 10, 64) + v, ok := strings.CutPrefix(line, key) + if ok { + val, err := ParseUint(v, 10, 64) if err != nil { err = &ParseError{Path: path, File: file, Err: err} } From ef983f5180ff5026646c8eae69b67f3f1d8beabc Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 6 Jan 2025 13:37:52 -0800 Subject: [PATCH 0810/1176] libct/cg/fscommon: ParseKeyValue: stricter check It makes sense to report an error if a key or a value is empty, as we don't expect anything like this. Reported-by: Sebastiaan van Stijn Signed-off-by: Kir Kolyshkin --- libcontainer/cgroups/fscommon/utils.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libcontainer/cgroups/fscommon/utils.go b/libcontainer/cgroups/fscommon/utils.go index 76d06e49844..9279c064a90 100644 --- a/libcontainer/cgroups/fscommon/utils.go +++ b/libcontainer/cgroups/fscommon/utils.go @@ -60,8 +60,8 @@ func ParseUint(s string, base, bitSize int) (uint64, error) { // "io_service_bytes 1234" will be returned as "io_service_bytes", 1234. func ParseKeyValue(t string) (string, uint64, error) { key, val, ok := strings.Cut(t, " ") - if !ok { - return "", 0, fmt.Errorf("line %q is not in key value format", t) + if !ok || key == "" || val == "" { + return "", 0, fmt.Errorf(`line %q is not in "key value" format`, t) } value, err := ParseUint(val, 10, 64) From ecf74300c0a3384dfbdf699f50e88a6aff53a934 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 6 Jan 2025 14:05:56 -0800 Subject: [PATCH 0811/1176] libct/cg/fscommon: GetCgroupParam*: unify 1. GetCgroupParamUint: drop strings.TrimSpace since it was already done by GetCgroupParamString. 2. GetCgroupParamInt: use GetCgroupParamString, drop strings.TrimSpace. Signed-off-by: Kir Kolyshkin --- libcontainer/cgroups/fscommon/utils.go | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/libcontainer/cgroups/fscommon/utils.go b/libcontainer/cgroups/fscommon/utils.go index 9279c064a90..e11e038f25b 100644 --- a/libcontainer/cgroups/fscommon/utils.go +++ b/libcontainer/cgroups/fscommon/utils.go @@ -104,7 +104,6 @@ func GetCgroupParamUint(path, file string) (uint64, error) { if err != nil { return 0, err } - contents = strings.TrimSpace(contents) if contents == "max" { return math.MaxUint64, nil } @@ -119,11 +118,10 @@ func GetCgroupParamUint(path, file string) (uint64, error) { // GetCgroupParamInt reads a single int64 value from specified cgroup file. // If the value read is "max", the math.MaxInt64 is returned. func GetCgroupParamInt(path, file string) (int64, error) { - contents, err := cgroups.ReadFile(path, file) + contents, err := GetCgroupParamString(path, file) if err != nil { return 0, err } - contents = strings.TrimSpace(contents) if contents == "max" { return math.MaxInt64, nil } From 259b71c042fead3b7c2e9f7569c06a4616989242 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 6 Jan 2025 20:16:41 -0800 Subject: [PATCH 0812/1176] libct/utils: stripRoot: rm useless HasPrefix Using strings.HasPrefix with strings.TrimPrefix results in doing the same thing (checking if prefix exists) twice. In this case, using strings.TrimPrefix right away is sufficient. Signed-off-by: Kir Kolyshkin --- libcontainer/utils/utils.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libcontainer/utils/utils.go b/libcontainer/utils/utils.go index db420ea688d..f3cae5030c8 100644 --- a/libcontainer/utils/utils.go +++ b/libcontainer/utils/utils.go @@ -77,7 +77,7 @@ func stripRoot(root, path string) string { path = "/" case root == "/": // do nothing - case strings.HasPrefix(path, root+"/"): + default: path = strings.TrimPrefix(path, root+"/") } return CleanPath("/" + path) From 055041e874c95946b50f70002a218a5dcc6d18c7 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 6 Jan 2025 19:48:47 -0800 Subject: [PATCH 0813/1176] libct: use strings.CutPrefix where possible Using strings.CutPrefix (available since Go 1.20) instead of strings.HasPrefix and/or strings.TrimPrefix makes the code a tad more straightforward. No functional change. Signed-off-by: Kir Kolyshkin --- libcontainer/cgroups/devices/systemd.go | 3 +-- libcontainer/cgroups/file.go | 4 ++-- libcontainer/cgroups/fs2/freezer.go | 4 +--- libcontainer/cgroups/systemd/user.go | 3 +-- libcontainer/cgroups/utils.go | 4 ++-- libcontainer/configs/validate/rootless.go | 6 +++--- libcontainer/specconv/spec_linux.go | 4 ++-- libcontainer/utils/utils.go | 4 ++-- 8 files changed, 14 insertions(+), 18 deletions(-) diff --git a/libcontainer/cgroups/devices/systemd.go b/libcontainer/cgroups/devices/systemd.go index 9627efd5262..47ba7182b3d 100644 --- a/libcontainer/cgroups/devices/systemd.go +++ b/libcontainer/cgroups/devices/systemd.go @@ -224,8 +224,7 @@ func findDeviceGroup(ruleType devices.Type, ruleMajor int64) (string, error) { continue } - group := strings.TrimPrefix(line, ruleMajorStr) - if len(group) < len(line) { // got it + if group, ok := strings.CutPrefix(line, ruleMajorStr); ok { return prefix + group, nil } } diff --git a/libcontainer/cgroups/file.go b/libcontainer/cgroups/file.go index 78c5bcf0d37..f37375f4ddb 100644 --- a/libcontainer/cgroups/file.go +++ b/libcontainer/cgroups/file.go @@ -151,8 +151,8 @@ func openFile(dir, file string, flags int) (*os.File, error) { if prepareOpenat2() != nil { return openFallback(path, flags, mode) } - relPath := strings.TrimPrefix(path, cgroupfsPrefix) - if len(relPath) == len(path) { // non-standard path, old system? + relPath, ok := strings.CutPrefix(path, cgroupfsPrefix) + if !ok { // Non-standard path, old system? return openFallback(path, flags, mode) } diff --git a/libcontainer/cgroups/fs2/freezer.go b/libcontainer/cgroups/fs2/freezer.go index 7396ac02814..1f831500f23 100644 --- a/libcontainer/cgroups/fs2/freezer.go +++ b/libcontainer/cgroups/fs2/freezer.go @@ -104,9 +104,7 @@ func waitFrozen(dirPath string) (cgroups.FreezerState, error) { if i == maxIter { return cgroups.Undefined, fmt.Errorf("timeout of %s reached waiting for the cgroup to freeze", waitTime*maxIter) } - line := scanner.Text() - val := strings.TrimPrefix(line, "frozen ") - if val != line { // got prefix + if val, ok := strings.CutPrefix(scanner.Text(), "frozen "); ok { if val[0] == '1' { return cgroups.Frozen, nil } diff --git a/libcontainer/cgroups/systemd/user.go b/libcontainer/cgroups/systemd/user.go index 1e18403bae1..4a4348e7070 100644 --- a/libcontainer/cgroups/systemd/user.go +++ b/libcontainer/cgroups/systemd/user.go @@ -61,8 +61,7 @@ func DetectUID() (int, error) { scanner := bufio.NewScanner(bytes.NewReader(b)) for scanner.Scan() { s := strings.TrimSpace(scanner.Text()) - if strings.HasPrefix(s, "OwnerUID=") { - uidStr := strings.TrimPrefix(s, "OwnerUID=") + if uidStr, ok := strings.CutPrefix(s, "OwnerUID="); ok { i, err := strconv.Atoi(uidStr) if err != nil { return -1, fmt.Errorf("could not detect the OwnerUID: %w", err) diff --git a/libcontainer/cgroups/utils.go b/libcontainer/cgroups/utils.go index d404647c8c0..9ef24b1ac6e 100644 --- a/libcontainer/cgroups/utils.go +++ b/libcontainer/cgroups/utils.go @@ -332,8 +332,8 @@ func getHugePageSizeFromFilenames(fileNames []string) ([]string, error) { for _, file := range fileNames { // example: hugepages-1048576kB - val := strings.TrimPrefix(file, "hugepages-") - if len(val) == len(file) { + val, ok := strings.CutPrefix(file, "hugepages-") + if !ok { // Unexpected file name: no prefix found, ignore it. continue } diff --git a/libcontainer/configs/validate/rootless.go b/libcontainer/configs/validate/rootless.go index 4507d4495e6..7a30f5c58c0 100644 --- a/libcontainer/configs/validate/rootless.go +++ b/libcontainer/configs/validate/rootless.go @@ -56,7 +56,7 @@ func rootlessEUIDMount(config *configs.Config) error { // Check that the options list doesn't contain any uid= or gid= entries // that don't resolve to root. for _, opt := range strings.Split(mount.Data, ",") { - if str := strings.TrimPrefix(opt, "uid="); len(str) < len(opt) { + if str, ok := strings.CutPrefix(opt, "uid="); ok { uid, err := strconv.Atoi(str) if err != nil { // Ignore unknown mount options. @@ -65,9 +65,9 @@ func rootlessEUIDMount(config *configs.Config) error { if _, err := config.HostUID(uid); err != nil { return fmt.Errorf("cannot specify uid=%d mount option for rootless container: %w", uid, err) } + continue } - - if str := strings.TrimPrefix(opt, "gid="); len(str) < len(opt) { + if str, ok := strings.CutPrefix(opt, "gid="); ok { gid, err := strconv.Atoi(str) if err != nil { // Ignore unknown mount options. diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go index c8446a56a10..f4f5f09952f 100644 --- a/libcontainer/specconv/spec_linux.go +++ b/libcontainer/specconv/spec_linux.go @@ -685,8 +685,8 @@ func initSystemdProps(spec *specs.Spec) ([]systemdDbus.Property, error) { var sp []systemdDbus.Property for k, v := range spec.Annotations { - name := strings.TrimPrefix(k, keyPrefix) - if len(name) == len(k) { // prefix not there + name, ok := strings.CutPrefix(k, keyPrefix) + if !ok { // prefix not there continue } if err := checkPropertyName(name); err != nil { diff --git a/libcontainer/utils/utils.go b/libcontainer/utils/utils.go index f3cae5030c8..d0243db870b 100644 --- a/libcontainer/utils/utils.go +++ b/libcontainer/utils/utils.go @@ -88,8 +88,8 @@ func stripRoot(root, path string) string { func SearchLabels(labels []string, key string) (string, bool) { key += "=" for _, s := range labels { - if strings.HasPrefix(s, key) { - return s[len(key):], true + if val, ok := strings.CutPrefix(s, key); ok { + return val, true } } return "", false From 746a5c23c949172d00cbcf1882e0cfac8c5adc1a Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 10 Jan 2025 13:56:09 -0800 Subject: [PATCH 0814/1176] libcontainer/configs/validate: improve rootlessEUIDMount 1. Avoid splitting mount data into []string if it does not contain options we're interested in. This should result in slightly less garbage to collect. 2. Use if / else if instead of continue, to make it clearer that we're processing one option at a time. 3. Print the whole option as a sting in an error message; practically this should not have any effect, it's just simpler. 4. Improve some comments. Signed-off-by: Kir Kolyshkin --- libcontainer/configs/validate/rootless.go | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/libcontainer/configs/validate/rootless.go b/libcontainer/configs/validate/rootless.go index 7a30f5c58c0..88cf1cd60fc 100644 --- a/libcontainer/configs/validate/rootless.go +++ b/libcontainer/configs/validate/rootless.go @@ -52,9 +52,14 @@ func rootlessEUIDMount(config *configs.Config) error { // convinced that's a good idea. The kernel is the best arbiter of // access control. + // Check that the options list doesn't contain any uid= or gid= entries + // that don't resolve to root. for _, mount := range config.Mounts { - // Check that the options list doesn't contain any uid= or gid= entries - // that don't resolve to root. + // Look for a common substring; skip further processing + // if there can't be any uid= or gid= options. + if !strings.Contains(mount.Data, "id=") { + continue + } for _, opt := range strings.Split(mount.Data, ",") { if str, ok := strings.CutPrefix(opt, "uid="); ok { uid, err := strconv.Atoi(str) @@ -63,18 +68,16 @@ func rootlessEUIDMount(config *configs.Config) error { continue } if _, err := config.HostUID(uid); err != nil { - return fmt.Errorf("cannot specify uid=%d mount option for rootless container: %w", uid, err) + return fmt.Errorf("cannot specify %s mount option for rootless container: %w", opt, err) } - continue - } - if str, ok := strings.CutPrefix(opt, "gid="); ok { + } else if str, ok := strings.CutPrefix(opt, "gid="); ok { gid, err := strconv.Atoi(str) if err != nil { // Ignore unknown mount options. continue } if _, err := config.HostGID(gid); err != nil { - return fmt.Errorf("cannot specify gid=%d mount option for rootless container: %w", gid, err) + return fmt.Errorf("cannot specify %s mount option for rootless container: %w", opt, err) } } } From 8529591ccb2237ab0d0f2ca2e6defcc6355c9e1a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 7 Feb 2025 04:09:32 +0000 Subject: [PATCH 0815/1176] build(deps): bump google.golang.org/protobuf from 1.36.4 to 1.36.5 Bumps google.golang.org/protobuf from 1.36.4 to 1.36.5. --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 +- .../protobuf/encoding/prototext/decode.go | 5 -- .../protobuf/internal/encoding/tag/tag.go | 8 +- .../protobuf/internal/filedesc/desc.go | 9 +-- .../protobuf/internal/filedesc/desc_lazy.go | 9 --- .../protobuf/internal/filetype/build.go | 2 +- .../protobuf/internal/flags/flags.go | 7 +- .../protobuf/internal/genid/goname.go | 5 -- .../protobuf/internal/impl/codec_field.go | 75 ------------------ .../protobuf/internal/impl/codec_message.go | 3 - .../internal/impl/codec_message_opaque.go | 3 - .../protobuf/internal/impl/lazy.go | 2 +- .../protobuf/internal/impl/legacy_message.go | 5 +- .../protobuf/internal/impl/message.go | 13 ---- .../protobuf/internal/impl/message_opaque.go | 5 -- .../protobuf/internal/impl/message_reflect.go | 5 -- .../internal/impl/message_reflect_field.go | 76 ------------------- .../protobuf/internal/impl/pointer_unsafe.go | 1 - .../protobuf/internal/impl/validate.go | 24 +----- .../protobuf/internal/impl/weak.go | 74 ------------------ .../protobuf/internal/version/version.go | 2 +- .../protobuf/proto/decode.go | 5 -- .../protobuf/reflect/protoreflect/type.go | 12 +-- vendor/modules.txt | 2 +- 25 files changed, 15 insertions(+), 343 deletions(-) delete mode 100644 vendor/google.golang.org/protobuf/internal/impl/weak.go diff --git a/go.mod b/go.mod index a2adf6dd9fa..9ee1cb1ab04 100644 --- a/go.mod +++ b/go.mod @@ -28,7 +28,7 @@ require ( github.com/vishvananda/netlink v1.3.0 golang.org/x/net v0.34.0 golang.org/x/sys v0.30.0 - google.golang.org/protobuf v1.36.4 + google.golang.org/protobuf v1.36.5 ) // https://github.com/cilium/ebpf/pull/1660 diff --git a/go.sum b/go.sum index c7f88ccab2c..da9060492d8 100644 --- a/go.sum +++ b/go.sum @@ -97,8 +97,8 @@ golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.36.4 h1:6A3ZDJHn/eNqc1i+IdefRzy/9PokBTPvcqMySR7NNIM= -google.golang.org/protobuf v1.36.4/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= +google.golang.org/protobuf v1.36.5 h1:tPhr+woSbjfYvY6/GPufUoYizxw1cF/yFoxJ2fmpwlM= +google.golang.org/protobuf v1.36.5/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/vendor/google.golang.org/protobuf/encoding/prototext/decode.go b/vendor/google.golang.org/protobuf/encoding/prototext/decode.go index d972a3d98ed..b53805056a9 100644 --- a/vendor/google.golang.org/protobuf/encoding/prototext/decode.go +++ b/vendor/google.golang.org/protobuf/encoding/prototext/decode.go @@ -185,11 +185,6 @@ func (d decoder) unmarshalMessage(m protoreflect.Message, checkDelims bool) erro } else if xtErr != nil && xtErr != protoregistry.NotFound { return d.newError(tok.Pos(), "unable to resolve [%s]: %v", tok.RawString(), xtErr) } - if flags.ProtoLegacyWeak { - if fd != nil && fd.IsWeak() && fd.Message().IsPlaceholder() { - fd = nil // reset since the weak reference is not linked in - } - } // Handle unknown fields. if fd == nil { diff --git a/vendor/google.golang.org/protobuf/internal/encoding/tag/tag.go b/vendor/google.golang.org/protobuf/internal/encoding/tag/tag.go index 7e87c760443..669133d04dc 100644 --- a/vendor/google.golang.org/protobuf/internal/encoding/tag/tag.go +++ b/vendor/google.golang.org/protobuf/internal/encoding/tag/tag.go @@ -26,7 +26,7 @@ var byteType = reflect.TypeOf(byte(0)) // The type is the underlying field type (e.g., a repeated field may be // represented by []T, but the Go type passed in is just T). // A list of enum value descriptors must be provided for enum fields. -// This does not populate the Enum or Message (except for weak message). +// This does not populate the Enum or Message. // // This function is a best effort attempt; parsing errors are ignored. func Unmarshal(tag string, goType reflect.Type, evs protoreflect.EnumValueDescriptors) protoreflect.FieldDescriptor { @@ -109,9 +109,6 @@ func Unmarshal(tag string, goType reflect.Type, evs protoreflect.EnumValueDescri } case s == "packed": f.L1.EditionFeatures.IsPacked = true - case strings.HasPrefix(s, "weak="): - f.L1.IsWeak = true - f.L1.Message = filedesc.PlaceholderMessage(protoreflect.FullName(s[len("weak="):])) case strings.HasPrefix(s, "def="): // The default tag is special in that everything afterwards is the // default regardless of the presence of commas. @@ -183,9 +180,6 @@ func Marshal(fd protoreflect.FieldDescriptor, enumName string) string { // the exact same semantics from the previous generator. tag = append(tag, "json="+jsonName) } - if fd.IsWeak() { - tag = append(tag, "weak="+string(fd.Message().FullName())) - } // The previous implementation does not tag extension fields as proto3, // even when the field is defined in a proto3 file. Match that behavior // for consistency. diff --git a/vendor/google.golang.org/protobuf/internal/filedesc/desc.go b/vendor/google.golang.org/protobuf/internal/filedesc/desc.go index 378b826faa6..688aabe434e 100644 --- a/vendor/google.golang.org/protobuf/internal/filedesc/desc.go +++ b/vendor/google.golang.org/protobuf/internal/filedesc/desc.go @@ -19,7 +19,6 @@ import ( "google.golang.org/protobuf/internal/pragma" "google.golang.org/protobuf/internal/strs" "google.golang.org/protobuf/reflect/protoreflect" - "google.golang.org/protobuf/reflect/protoregistry" ) // Edition is an Enum for proto2.Edition @@ -275,7 +274,6 @@ type ( Kind protoreflect.Kind StringName stringName IsProto3Optional bool // promoted from google.protobuf.FieldDescriptorProto - IsWeak bool // promoted from google.protobuf.FieldOptions IsLazy bool // promoted from google.protobuf.FieldOptions Default defaultValue ContainingOneof protoreflect.OneofDescriptor // must be consistent with Message.Oneofs.Fields @@ -369,7 +367,7 @@ func (fd *Field) IsPacked() bool { return fd.L1.EditionFeatures.IsPacked } func (fd *Field) IsExtension() bool { return false } -func (fd *Field) IsWeak() bool { return fd.L1.IsWeak } +func (fd *Field) IsWeak() bool { return false } func (fd *Field) IsLazy() bool { return fd.L1.IsLazy } func (fd *Field) IsList() bool { return fd.Cardinality() == protoreflect.Repeated && !fd.IsMap() } func (fd *Field) IsMap() bool { return fd.Message() != nil && fd.Message().IsMapEntry() } @@ -396,11 +394,6 @@ func (fd *Field) Enum() protoreflect.EnumDescriptor { return fd.L1.Enum } func (fd *Field) Message() protoreflect.MessageDescriptor { - if fd.L1.IsWeak { - if d, _ := protoregistry.GlobalFiles.FindDescriptorByName(fd.L1.Message.FullName()); d != nil { - return d.(protoreflect.MessageDescriptor) - } - } return fd.L1.Message } func (fd *Field) IsMapEntry() bool { diff --git a/vendor/google.golang.org/protobuf/internal/filedesc/desc_lazy.go b/vendor/google.golang.org/protobuf/internal/filedesc/desc_lazy.go index 67a51b327c5..d4c94458bd9 100644 --- a/vendor/google.golang.org/protobuf/internal/filedesc/desc_lazy.go +++ b/vendor/google.golang.org/protobuf/internal/filedesc/desc_lazy.go @@ -32,11 +32,6 @@ func (file *File) resolveMessages() { for j := range md.L2.Fields.List { fd := &md.L2.Fields.List[j] - // Weak fields are resolved upon actual use. - if fd.L1.IsWeak { - continue - } - // Resolve message field dependency. switch fd.L1.Kind { case protoreflect.EnumKind: @@ -150,8 +145,6 @@ func (fd *File) unmarshalFull(b []byte) { switch num { case genid.FileDescriptorProto_PublicDependency_field_number: fd.L2.Imports[v].IsPublic = true - case genid.FileDescriptorProto_WeakDependency_field_number: - fd.L2.Imports[v].IsWeak = true } case protowire.BytesType: v, m := protowire.ConsumeBytes(b) @@ -502,8 +495,6 @@ func (fd *Field) unmarshalOptions(b []byte) { switch num { case genid.FieldOptions_Packed_field_number: fd.L1.EditionFeatures.IsPacked = protowire.DecodeBool(v) - case genid.FieldOptions_Weak_field_number: - fd.L1.IsWeak = protowire.DecodeBool(v) case genid.FieldOptions_Lazy_field_number: fd.L1.IsLazy = protowire.DecodeBool(v) case FieldOptions_EnforceUTF8: diff --git a/vendor/google.golang.org/protobuf/internal/filetype/build.go b/vendor/google.golang.org/protobuf/internal/filetype/build.go index ba83fea44c3..e1b4130bd28 100644 --- a/vendor/google.golang.org/protobuf/internal/filetype/build.go +++ b/vendor/google.golang.org/protobuf/internal/filetype/build.go @@ -63,7 +63,7 @@ type Builder struct { // message declarations in "flattened ordering". // // Dependencies are Go types for enums or messages referenced by - // message fields (excluding weak fields), for parent extended messages of + // message fields, for parent extended messages of // extension fields, for enums or messages referenced by extension fields, // and for input and output messages referenced by service methods. // Dependencies must come after declarations, but the ordering of diff --git a/vendor/google.golang.org/protobuf/internal/flags/flags.go b/vendor/google.golang.org/protobuf/internal/flags/flags.go index 5cb3ee70f91..a06ccabc2fa 100644 --- a/vendor/google.golang.org/protobuf/internal/flags/flags.go +++ b/vendor/google.golang.org/protobuf/internal/flags/flags.go @@ -6,7 +6,7 @@ package flags // ProtoLegacy specifies whether to enable support for legacy functionality -// such as MessageSets, weak fields, and various other obscure behavior +// such as MessageSets, and various other obscure behavior // that is necessary to maintain backwards compatibility with proto1 or // the pre-release variants of proto2 and proto3. // @@ -22,8 +22,3 @@ const ProtoLegacy = protoLegacy // extension fields at unmarshal time, but defers creating the message // structure until the extension is first accessed. const LazyUnmarshalExtensions = ProtoLegacy - -// ProtoLegacyWeak specifies whether to enable support for weak fields. -// This flag was split out of ProtoLegacy in preparation for removing -// support for weak fields (independent of the other protolegacy features). -const ProtoLegacyWeak = ProtoLegacy diff --git a/vendor/google.golang.org/protobuf/internal/genid/goname.go b/vendor/google.golang.org/protobuf/internal/genid/goname.go index 693d2e9e1fe..99bb95bafd5 100644 --- a/vendor/google.golang.org/protobuf/internal/genid/goname.go +++ b/vendor/google.golang.org/protobuf/internal/genid/goname.go @@ -11,15 +11,10 @@ const ( SizeCache_goname = "sizeCache" SizeCacheA_goname = "XXX_sizecache" - WeakFields_goname = "weakFields" - WeakFieldsA_goname = "XXX_weak" - UnknownFields_goname = "unknownFields" UnknownFieldsA_goname = "XXX_unrecognized" ExtensionFields_goname = "extensionFields" ExtensionFieldsA_goname = "XXX_InternalExtensions" ExtensionFieldsB_goname = "XXX_extensions" - - WeakFieldPrefix_goname = "XXX_weak_" ) diff --git a/vendor/google.golang.org/protobuf/internal/impl/codec_field.go b/vendor/google.golang.org/protobuf/internal/impl/codec_field.go index 7c1f66c8c19..d14d7d93cca 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/codec_field.go +++ b/vendor/google.golang.org/protobuf/internal/impl/codec_field.go @@ -5,15 +5,12 @@ package impl import ( - "fmt" "reflect" - "sync" "google.golang.org/protobuf/encoding/protowire" "google.golang.org/protobuf/internal/errors" "google.golang.org/protobuf/proto" "google.golang.org/protobuf/reflect/protoreflect" - "google.golang.org/protobuf/reflect/protoregistry" "google.golang.org/protobuf/runtime/protoiface" ) @@ -121,78 +118,6 @@ func (mi *MessageInfo) initOneofFieldCoders(od protoreflect.OneofDescriptor, si } } -func makeWeakMessageFieldCoder(fd protoreflect.FieldDescriptor) pointerCoderFuncs { - var once sync.Once - var messageType protoreflect.MessageType - lazyInit := func() { - once.Do(func() { - messageName := fd.Message().FullName() - messageType, _ = protoregistry.GlobalTypes.FindMessageByName(messageName) - }) - } - - return pointerCoderFuncs{ - size: func(p pointer, f *coderFieldInfo, opts marshalOptions) int { - m, ok := p.WeakFields().get(f.num) - if !ok { - return 0 - } - lazyInit() - if messageType == nil { - panic(fmt.Sprintf("weak message %v is not linked in", fd.Message().FullName())) - } - return sizeMessage(m, f.tagsize, opts) - }, - marshal: func(b []byte, p pointer, f *coderFieldInfo, opts marshalOptions) ([]byte, error) { - m, ok := p.WeakFields().get(f.num) - if !ok { - return b, nil - } - lazyInit() - if messageType == nil { - panic(fmt.Sprintf("weak message %v is not linked in", fd.Message().FullName())) - } - return appendMessage(b, m, f.wiretag, opts) - }, - unmarshal: func(b []byte, p pointer, wtyp protowire.Type, f *coderFieldInfo, opts unmarshalOptions) (unmarshalOutput, error) { - fs := p.WeakFields() - m, ok := fs.get(f.num) - if !ok { - lazyInit() - if messageType == nil { - return unmarshalOutput{}, errUnknown - } - m = messageType.New().Interface() - fs.set(f.num, m) - } - return consumeMessage(b, m, wtyp, opts) - }, - isInit: func(p pointer, f *coderFieldInfo) error { - m, ok := p.WeakFields().get(f.num) - if !ok { - return nil - } - return proto.CheckInitialized(m) - }, - merge: func(dst, src pointer, f *coderFieldInfo, opts mergeOptions) { - sm, ok := src.WeakFields().get(f.num) - if !ok { - return - } - dm, ok := dst.WeakFields().get(f.num) - if !ok { - lazyInit() - if messageType == nil { - panic(fmt.Sprintf("weak message %v is not linked in", fd.Message().FullName())) - } - dm = messageType.New().Interface() - dst.WeakFields().set(f.num, dm) - } - opts.Merge(dm, sm) - }, - } -} - func makeMessageFieldCoder(fd protoreflect.FieldDescriptor, ft reflect.Type) pointerCoderFuncs { if mi := getMessageInfo(ft); mi != nil { funcs := pointerCoderFuncs{ diff --git a/vendor/google.golang.org/protobuf/internal/impl/codec_message.go b/vendor/google.golang.org/protobuf/internal/impl/codec_message.go index 111d95833d4..f78b57b0467 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/codec_message.go +++ b/vendor/google.golang.org/protobuf/internal/impl/codec_message.go @@ -119,9 +119,6 @@ func (mi *MessageInfo) makeCoderMethods(t reflect.Type, si structInfo) { } case isOneof: fieldOffset = offsetOf(fs) - case fd.IsWeak(): - fieldOffset = si.weakOffset - funcs = makeWeakMessageFieldCoder(fd) default: fieldOffset = offsetOf(fs) childMessage, funcs = fieldCoder(fd, ft) diff --git a/vendor/google.golang.org/protobuf/internal/impl/codec_message_opaque.go b/vendor/google.golang.org/protobuf/internal/impl/codec_message_opaque.go index f81d7d0db9a..41c1f74ef81 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/codec_message_opaque.go +++ b/vendor/google.golang.org/protobuf/internal/impl/codec_message_opaque.go @@ -46,9 +46,6 @@ func (mi *MessageInfo) makeOpaqueCoderMethods(t reflect.Type, si opaqueStructInf switch { case fd.ContainingOneof() != nil && !fd.ContainingOneof().IsSynthetic(): fieldOffset = offsetOf(fs) - case fd.IsWeak(): - fieldOffset = si.weakOffset - funcs = makeWeakMessageFieldCoder(fd) case fd.Message() != nil && !fd.IsMap(): fieldOffset = offsetOf(fs) if fd.IsList() { diff --git a/vendor/google.golang.org/protobuf/internal/impl/lazy.go b/vendor/google.golang.org/protobuf/internal/impl/lazy.go index e8fb6c35b4a..c7de31e243e 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/lazy.go +++ b/vendor/google.golang.org/protobuf/internal/impl/lazy.go @@ -131,7 +131,7 @@ func (mi *MessageInfo) skipField(b []byte, f *coderFieldInfo, wtyp protowire.Typ fmi := f.validation.mi if fmi == nil { fd := mi.Desc.Fields().ByNumber(f.num) - if fd == nil || !fd.IsWeak() { + if fd == nil { return out, ValidationUnknown } messageName := fd.Message().FullName() diff --git a/vendor/google.golang.org/protobuf/internal/impl/legacy_message.go b/vendor/google.golang.org/protobuf/internal/impl/legacy_message.go index bf0b6049b46..a51dffbe294 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/legacy_message.go +++ b/vendor/google.golang.org/protobuf/internal/impl/legacy_message.go @@ -310,12 +310,9 @@ func aberrantAppendField(md *filedesc.Message, goType reflect.Type, tag, tagKey, fd.L0.Parent = md fd.L0.Index = n - if fd.L1.IsWeak || fd.L1.EditionFeatures.IsPacked { + if fd.L1.EditionFeatures.IsPacked { fd.L1.Options = func() protoreflect.ProtoMessage { opts := descopts.Field.ProtoReflect().New() - if fd.L1.IsWeak { - opts.Set(opts.Descriptor().Fields().ByName("weak"), protoreflect.ValueOfBool(true)) - } if fd.L1.EditionFeatures.IsPacked { opts.Set(opts.Descriptor().Fields().ByName("packed"), protoreflect.ValueOfBool(fd.L1.EditionFeatures.IsPacked)) } diff --git a/vendor/google.golang.org/protobuf/internal/impl/message.go b/vendor/google.golang.org/protobuf/internal/impl/message.go index d1f79b4224f..d50423dcb77 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/message.go +++ b/vendor/google.golang.org/protobuf/internal/impl/message.go @@ -14,7 +14,6 @@ import ( "google.golang.org/protobuf/internal/genid" "google.golang.org/protobuf/reflect/protoreflect" - "google.golang.org/protobuf/reflect/protoregistry" ) // MessageInfo provides protobuf related functionality for a given Go type @@ -120,7 +119,6 @@ type ( var ( sizecacheType = reflect.TypeOf(SizeCache(0)) - weakFieldsType = reflect.TypeOf(WeakFields(nil)) unknownFieldsAType = reflect.TypeOf(unknownFieldsA(nil)) unknownFieldsBType = reflect.TypeOf(unknownFieldsB(nil)) extensionFieldsType = reflect.TypeOf(ExtensionFields(nil)) @@ -129,8 +127,6 @@ var ( type structInfo struct { sizecacheOffset offset sizecacheType reflect.Type - weakOffset offset - weakType reflect.Type unknownOffset offset unknownType reflect.Type extensionOffset offset @@ -148,7 +144,6 @@ type structInfo struct { func (mi *MessageInfo) makeStructInfo(t reflect.Type) structInfo { si := structInfo{ sizecacheOffset: invalidOffset, - weakOffset: invalidOffset, unknownOffset: invalidOffset, extensionOffset: invalidOffset, lazyOffset: invalidOffset, @@ -168,11 +163,6 @@ fieldLoop: si.sizecacheOffset = offsetOf(f) si.sizecacheType = f.Type } - case genid.WeakFields_goname, genid.WeakFieldsA_goname: - if f.Type == weakFieldsType { - si.weakOffset = offsetOf(f) - si.weakType = f.Type - } case genid.UnknownFields_goname, genid.UnknownFieldsA_goname: if f.Type == unknownFieldsAType || f.Type == unknownFieldsBType { si.unknownOffset = offsetOf(f) @@ -256,9 +246,6 @@ func (mi *MessageInfo) Message(i int) protoreflect.MessageType { mi.init() fd := mi.Desc.Fields().Get(i) switch { - case fd.IsWeak(): - mt, _ := protoregistry.GlobalTypes.FindMessageByName(fd.Message().FullName()) - return mt case fd.IsMap(): return mapEntryType{fd.Message(), mi.fieldTypes[fd.Number()]} default: diff --git a/vendor/google.golang.org/protobuf/internal/impl/message_opaque.go b/vendor/google.golang.org/protobuf/internal/impl/message_opaque.go index d8dcd788636..dd55e8e009c 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/message_opaque.go +++ b/vendor/google.golang.org/protobuf/internal/impl/message_opaque.go @@ -56,9 +56,6 @@ func opaqueInitHook(mi *MessageInfo) bool { usePresence, _ := usePresenceForField(si, fd) switch { - case fd.IsWeak(): - // Weak fields are no different for opaque. - fi = fieldInfoForWeakMessage(fd, si.weakOffset) case fd.ContainingOneof() != nil && !fd.ContainingOneof().IsSynthetic(): // Oneofs are no different for opaque. fi = fieldInfoForOneof(fd, si.oneofsByName[fd.ContainingOneof().Name()], mi.Exporter, si.oneofWrappersByNumber[fd.Number()]) @@ -620,8 +617,6 @@ func usePresenceForField(si opaqueStructInfo, fd protoreflect.FieldDescriptor) ( switch { case fd.ContainingOneof() != nil && !fd.ContainingOneof().IsSynthetic(): return false, false - case fd.IsWeak(): - return false, false case fd.IsMap(): return false, false case fd.Kind() == protoreflect.MessageKind || fd.Kind() == protoreflect.GroupKind: diff --git a/vendor/google.golang.org/protobuf/internal/impl/message_reflect.go b/vendor/google.golang.org/protobuf/internal/impl/message_reflect.go index 31c19b54f8d..0d20132fa24 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/message_reflect.go +++ b/vendor/google.golang.org/protobuf/internal/impl/message_reflect.go @@ -72,8 +72,6 @@ func (mi *MessageInfo) makeKnownFieldsFunc(si structInfo) { fi = fieldInfoForMap(fd, fs, mi.Exporter) case fd.IsList(): fi = fieldInfoForList(fd, fs, mi.Exporter) - case fd.IsWeak(): - fi = fieldInfoForWeakMessage(fd, si.weakOffset) case fd.Message() != nil: fi = fieldInfoForMessage(fd, fs, mi.Exporter) default: @@ -219,9 +217,6 @@ func (mi *MessageInfo) makeFieldTypes(si structInfo) { } case fd.Message() != nil: ft = fs.Type - if fd.IsWeak() { - ft = nil - } isMessage = true } if isMessage && ft != nil && ft.Kind() != reflect.Ptr { diff --git a/vendor/google.golang.org/protobuf/internal/impl/message_reflect_field.go b/vendor/google.golang.org/protobuf/internal/impl/message_reflect_field.go index 3cd1fbc21fb..68d4ae32ec9 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/message_reflect_field.go +++ b/vendor/google.golang.org/protobuf/internal/impl/message_reflect_field.go @@ -8,11 +8,8 @@ import ( "fmt" "math" "reflect" - "sync" - "google.golang.org/protobuf/internal/flags" "google.golang.org/protobuf/reflect/protoreflect" - "google.golang.org/protobuf/reflect/protoregistry" ) type fieldInfo struct { @@ -332,79 +329,6 @@ func fieldInfoForScalar(fd protoreflect.FieldDescriptor, fs reflect.StructField, } } -func fieldInfoForWeakMessage(fd protoreflect.FieldDescriptor, weakOffset offset) fieldInfo { - if !flags.ProtoLegacyWeak { - panic("no support for proto1 weak fields") - } - - var once sync.Once - var messageType protoreflect.MessageType - lazyInit := func() { - once.Do(func() { - messageName := fd.Message().FullName() - messageType, _ = protoregistry.GlobalTypes.FindMessageByName(messageName) - if messageType == nil { - panic(fmt.Sprintf("weak message %v for field %v is not linked in", messageName, fd.FullName())) - } - }) - } - - num := fd.Number() - return fieldInfo{ - fieldDesc: fd, - has: func(p pointer) bool { - if p.IsNil() { - return false - } - _, ok := p.Apply(weakOffset).WeakFields().get(num) - return ok - }, - clear: func(p pointer) { - p.Apply(weakOffset).WeakFields().clear(num) - }, - get: func(p pointer) protoreflect.Value { - lazyInit() - if p.IsNil() { - return protoreflect.ValueOfMessage(messageType.Zero()) - } - m, ok := p.Apply(weakOffset).WeakFields().get(num) - if !ok { - return protoreflect.ValueOfMessage(messageType.Zero()) - } - return protoreflect.ValueOfMessage(m.ProtoReflect()) - }, - set: func(p pointer, v protoreflect.Value) { - lazyInit() - m := v.Message() - if m.Descriptor() != messageType.Descriptor() { - if got, want := m.Descriptor().FullName(), messageType.Descriptor().FullName(); got != want { - panic(fmt.Sprintf("field %v has mismatching message descriptor: got %v, want %v", fd.FullName(), got, want)) - } - panic(fmt.Sprintf("field %v has mismatching message descriptor: %v", fd.FullName(), m.Descriptor().FullName())) - } - p.Apply(weakOffset).WeakFields().set(num, m.Interface()) - }, - mutable: func(p pointer) protoreflect.Value { - lazyInit() - fs := p.Apply(weakOffset).WeakFields() - m, ok := fs.get(num) - if !ok { - m = messageType.New().Interface() - fs.set(num, m) - } - return protoreflect.ValueOfMessage(m.ProtoReflect()) - }, - newMessage: func() protoreflect.Message { - lazyInit() - return messageType.New() - }, - newField: func() protoreflect.Value { - lazyInit() - return protoreflect.ValueOfMessage(messageType.New()) - }, - } -} - func fieldInfoForMessage(fd protoreflect.FieldDescriptor, fs reflect.StructField, x exporter) fieldInfo { ft := fs.Type conv := NewConverter(ft, fd) diff --git a/vendor/google.golang.org/protobuf/internal/impl/pointer_unsafe.go b/vendor/google.golang.org/protobuf/internal/impl/pointer_unsafe.go index 6bed45e35c2..62f8bf663ea 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/pointer_unsafe.go +++ b/vendor/google.golang.org/protobuf/internal/impl/pointer_unsafe.go @@ -111,7 +111,6 @@ func (p pointer) StringSlice() *[]string { return (*[]string)(p.p func (p pointer) Bytes() *[]byte { return (*[]byte)(p.p) } func (p pointer) BytesPtr() **[]byte { return (**[]byte)(p.p) } func (p pointer) BytesSlice() *[][]byte { return (*[][]byte)(p.p) } -func (p pointer) WeakFields() *weakFields { return (*weakFields)(p.p) } func (p pointer) Extensions() *map[int32]ExtensionField { return (*map[int32]ExtensionField)(p.p) } func (p pointer) LazyInfoPtr() **protolazy.XXX_lazyUnmarshalInfo { return (**protolazy.XXX_lazyUnmarshalInfo)(p.p) diff --git a/vendor/google.golang.org/protobuf/internal/impl/validate.go b/vendor/google.golang.org/protobuf/internal/impl/validate.go index b534a3d6dbb..7b2995dde5e 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/validate.go +++ b/vendor/google.golang.org/protobuf/internal/impl/validate.go @@ -211,9 +211,7 @@ func newValidationInfo(fd protoreflect.FieldDescriptor, ft reflect.Type) validat switch fd.Kind() { case protoreflect.MessageKind: vi.typ = validationTypeMessage - if !fd.IsWeak() { - vi.mi = getMessageInfo(ft) - } + vi.mi = getMessageInfo(ft) case protoreflect.GroupKind: vi.typ = validationTypeGroup vi.mi = getMessageInfo(ft) @@ -320,26 +318,6 @@ State: } if f != nil { vi = f.validation - if vi.typ == validationTypeMessage && vi.mi == nil { - // Probable weak field. - // - // TODO: Consider storing the results of this lookup somewhere - // rather than recomputing it on every validation. - fd := st.mi.Desc.Fields().ByNumber(num) - if fd == nil || !fd.IsWeak() { - break - } - messageName := fd.Message().FullName() - messageType, err := protoregistry.GlobalTypes.FindMessageByName(messageName) - switch err { - case nil: - vi.mi, _ = messageType.(*MessageInfo) - case protoregistry.NotFound: - vi.typ = validationTypeBytes - default: - return out, ValidationUnknown - } - } break } // Possible extension field. diff --git a/vendor/google.golang.org/protobuf/internal/impl/weak.go b/vendor/google.golang.org/protobuf/internal/impl/weak.go deleted file mode 100644 index eb79a7ba94c..00000000000 --- a/vendor/google.golang.org/protobuf/internal/impl/weak.go +++ /dev/null @@ -1,74 +0,0 @@ -// Copyright 2019 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package impl - -import ( - "fmt" - - "google.golang.org/protobuf/reflect/protoreflect" - "google.golang.org/protobuf/reflect/protoregistry" -) - -// weakFields adds methods to the exported WeakFields type for internal use. -// -// The exported type is an alias to an unnamed type, so methods can't be -// defined directly on it. -type weakFields WeakFields - -func (w weakFields) get(num protoreflect.FieldNumber) (protoreflect.ProtoMessage, bool) { - m, ok := w[int32(num)] - return m, ok -} - -func (w *weakFields) set(num protoreflect.FieldNumber, m protoreflect.ProtoMessage) { - if *w == nil { - *w = make(weakFields) - } - (*w)[int32(num)] = m -} - -func (w *weakFields) clear(num protoreflect.FieldNumber) { - delete(*w, int32(num)) -} - -func (Export) HasWeak(w WeakFields, num protoreflect.FieldNumber) bool { - _, ok := w[int32(num)] - return ok -} - -func (Export) ClearWeak(w *WeakFields, num protoreflect.FieldNumber) { - delete(*w, int32(num)) -} - -func (Export) GetWeak(w WeakFields, num protoreflect.FieldNumber, name protoreflect.FullName) protoreflect.ProtoMessage { - if m, ok := w[int32(num)]; ok { - return m - } - mt, _ := protoregistry.GlobalTypes.FindMessageByName(name) - if mt == nil { - panic(fmt.Sprintf("message %v for weak field is not linked in", name)) - } - return mt.Zero().Interface() -} - -func (Export) SetWeak(w *WeakFields, num protoreflect.FieldNumber, name protoreflect.FullName, m protoreflect.ProtoMessage) { - if m != nil { - mt, _ := protoregistry.GlobalTypes.FindMessageByName(name) - if mt == nil { - panic(fmt.Sprintf("message %v for weak field is not linked in", name)) - } - if mt != m.ProtoReflect().Type() { - panic(fmt.Sprintf("invalid message type for weak field: got %T, want %T", m, mt.Zero().Interface())) - } - } - if m == nil || !m.ProtoReflect().IsValid() { - delete(*w, int32(num)) - return - } - if *w == nil { - *w = make(weakFields) - } - (*w)[int32(num)] = m -} diff --git a/vendor/google.golang.org/protobuf/internal/version/version.go b/vendor/google.golang.org/protobuf/internal/version/version.go index 4a39af0c635..01efc33030d 100644 --- a/vendor/google.golang.org/protobuf/internal/version/version.go +++ b/vendor/google.golang.org/protobuf/internal/version/version.go @@ -52,7 +52,7 @@ import ( const ( Major = 1 Minor = 36 - Patch = 4 + Patch = 5 PreRelease = "" ) diff --git a/vendor/google.golang.org/protobuf/proto/decode.go b/vendor/google.golang.org/protobuf/proto/decode.go index e28d7acb378..4cbf1aeaf79 100644 --- a/vendor/google.golang.org/protobuf/proto/decode.go +++ b/vendor/google.golang.org/protobuf/proto/decode.go @@ -8,7 +8,6 @@ import ( "google.golang.org/protobuf/encoding/protowire" "google.golang.org/protobuf/internal/encoding/messageset" "google.golang.org/protobuf/internal/errors" - "google.golang.org/protobuf/internal/flags" "google.golang.org/protobuf/internal/genid" "google.golang.org/protobuf/internal/pragma" "google.golang.org/protobuf/reflect/protoreflect" @@ -172,10 +171,6 @@ func (o UnmarshalOptions) unmarshalMessageSlow(b []byte, m protoreflect.Message) var err error if fd == nil { err = errUnknown - } else if flags.ProtoLegacyWeak { - if fd.IsWeak() && fd.Message().IsPlaceholder() { - err = errUnknown // weak referent is not linked in - } } // Parse the field value. diff --git a/vendor/google.golang.org/protobuf/reflect/protoreflect/type.go b/vendor/google.golang.org/protobuf/reflect/protoreflect/type.go index cd8fadbaf8f..cd7fbc87a47 100644 --- a/vendor/google.golang.org/protobuf/reflect/protoreflect/type.go +++ b/vendor/google.golang.org/protobuf/reflect/protoreflect/type.go @@ -68,7 +68,7 @@ type Descriptor interface { // dependency is not resolved, in which case only name information is known. // // Placeholder types may only be returned by the following accessors - // as a result of unresolved dependencies or weak imports: + // as a result of unresolved dependencies: // // â•”â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•¤â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•â•— // â•‘ Accessor │ Descriptor â•‘ @@ -168,11 +168,7 @@ type FileImport struct { // The current file and the imported file must be within proto package. IsPublic bool - // IsWeak reports whether this is a weak import, which does not impose - // a direct dependency on the target file. - // - // Weak imports are a legacy proto1 feature. Equivalent behavior is - // achieved using proto2 extension fields or proto3 Any messages. + // Deprecated: support for weak fields has been removed. IsWeak bool } @@ -325,9 +321,7 @@ type FieldDescriptor interface { // specified in the source .proto file. HasOptionalKeyword() bool - // IsWeak reports whether this is a weak field, which does not impose a - // direct dependency on the target type. - // If true, then Message returns a placeholder type. + // Deprecated: support for weak fields has been removed. IsWeak() bool // IsPacked reports whether repeated primitive numeric kinds should be diff --git a/vendor/modules.txt b/vendor/modules.txt index 75b416b5520..cc23bf293c6 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -88,7 +88,7 @@ golang.org/x/net/bpf ## explicit; go 1.18 golang.org/x/sys/unix golang.org/x/sys/windows -# google.golang.org/protobuf v1.36.4 +# google.golang.org/protobuf v1.36.5 ## explicit; go 1.21 google.golang.org/protobuf/encoding/prototext google.golang.org/protobuf/encoding/protowire From c283ed102c0a63e23ca9fd9d28ca4a9dbc070a1f Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 15 Jan 2025 22:42:07 -0800 Subject: [PATCH 0816/1176] tests/int: add hooks argv[0] test Looking into old opened runc issues, I noticed #1663 is there without any resolution, and wrote this simple test checking if we mangle hook's argv[0] in any way. Apparently we're good, but the test actually makes sense to have. Signed-off-by: Kir Kolyshkin --- tests/integration/hooks.bats | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/tests/integration/hooks.bats b/tests/integration/hooks.bats index e9d62b0e6c5..8b53a780d67 100644 --- a/tests/integration/hooks.bats +++ b/tests/integration/hooks.bats @@ -63,3 +63,20 @@ function teardown() { runc run ct1 [ "$status" -eq 0 ] } + +# https://github.com/opencontainers/runc/issues/1663 +@test "runc run [hook's argv is preserved]" { + # Check that argv[0] and argv[1] passed to the hook's binary + # exactly as set in config.json. + update_config '.hooks |= {"startContainer": [{"path": "/bin/busybox", "args": ["cat", "/nosuchfile"]}]}' + runc run ct1 + [ "$status" -ne 0 ] + [[ "$output" == *"cat: can't open"*"/nosuchfile"* ]] + + # Busybox also accepts commands where argv[0] is "busybox", + # and argv[1] is applet name. Test this as well. + update_config '.hooks |= {"startContainer": [{"path": "/bin/busybox", "args": ["busybox", "cat", "/nosuchfile"]}]}' + runc run ct1 + [ "$status" -ne 0 ] + [[ "$output" == *"cat: can't open"*"/nosuchfile"* ]] +} From 5d2e24453fe8d0ac0a407b6f903a177ccebfd399 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 15 Jan 2025 19:20:41 -0800 Subject: [PATCH 0817/1176] execProcess: move some code to newProcess Let's move some code from execProcess to newProcess, fixing the following few issues: 1. container.State (which does quite a lot) is not needed -- we only need container.Config here. 2. utils.SearchLabels is not needed when "runc exec --process" is used. 3. Context.String("process") is called twice. 4. It is not very clear from the code why checking for len(context.Args()) is performed. Move the check to just before Args is used, to make it clear why. Signed-off-by: Kir Kolyshkin --- exec.go | 28 ++++++++++++---------------- 1 file changed, 12 insertions(+), 16 deletions(-) diff --git a/exec.go b/exec.go index 16bbeebfbc2..08e4bbc464e 100644 --- a/exec.go +++ b/exec.go @@ -158,19 +158,7 @@ func execProcess(context *cli.Context) (int, error) { if status == libcontainer.Paused && !context.Bool("ignore-paused") { return -1, errors.New("cannot exec in a paused container (use --ignore-paused to override)") } - path := context.String("process") - if path == "" && len(context.Args()) == 1 { - return -1, errors.New("process args cannot be empty") - } - state, err := container.State() - if err != nil { - return -1, err - } - bundle, ok := utils.SearchLabels(state.Config.Labels, "bundle") - if !ok { - return -1, errors.New("bundle not found in labels") - } - p, err := getProcess(context, bundle) + p, err := getProcess(context, container) if err != nil { return -1, err } @@ -196,7 +184,7 @@ func execProcess(context *cli.Context) (int, error) { return r.run(p) } -func getProcess(context *cli.Context, bundle string) (*specs.Process, error) { +func getProcess(context *cli.Context, c *libcontainer.Container) (*specs.Process, error) { if path := context.String("process"); path != "" { f, err := os.Open(path) if err != nil { @@ -209,7 +197,11 @@ func getProcess(context *cli.Context, bundle string) (*specs.Process, error) { } return &p, validateProcessSpec(&p) } - // process via cli flags + // Process from config.json and CLI flags. + bundle, ok := utils.SearchLabels(c.Config().Labels, "bundle") + if !ok { + return nil, errors.New("bundle not found in labels") + } if err := os.Chdir(bundle); err != nil { return nil, err } @@ -218,7 +210,11 @@ func getProcess(context *cli.Context, bundle string) (*specs.Process, error) { return nil, err } p := spec.Process - p.Args = context.Args()[1:] + args := context.Args() + if len(args) < 2 { + return nil, errors.New("exec args cannot be empty") + } + p.Args = args[1:] // Override the cwd, if passed. if cwd := context.String("cwd"); cwd != "" { p.Cwd = cwd From c4eb0c61e12fc0b47e4e0f0e1fb5fda0e7c0a91d Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 15 Jan 2025 19:41:51 -0800 Subject: [PATCH 0818/1176] libct: createExecFifo: optimize Every time we call container.Config(), a new copy of struct Config is created and returned, and we do it twice here. Accessing container.config directly fixes this. Fixes: 805b8c73d ("Do not create exec fifo in factory.Create") Signed-off-by: Kir Kolyshkin --- libcontainer/container_linux.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index 26f523a90da..a411d40813d 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -432,11 +432,11 @@ func (c *Container) signal(s os.Signal) error { } func (c *Container) createExecFifo() (retErr error) { - rootuid, err := c.Config().HostRootUID() + rootuid, err := c.config.HostRootUID() if err != nil { return err } - rootgid, err := c.Config().HostRootGID() + rootgid, err := c.config.HostRootGID() if err != nil { return err } From 8fbdb7e78e2db50f6c1f03b73683a04c2347a6f0 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 15 Jan 2025 19:58:13 -0800 Subject: [PATCH 0819/1176] setupIO: optimize The rootuid and rootgid are only needed when detach and createTTY are both false. We also call c.Config() twice, every time creating a copy of struct Config. Solve both issues by passing container pointer to setupIO, and get rootuid/rootgid only when we need those. Signed-off-by: Kir Kolyshkin --- utils_linux.go | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/utils_linux.go b/utils_linux.go index 95ba88af036..724d6bb7073 100644 --- a/utils_linux.go +++ b/utils_linux.go @@ -89,7 +89,7 @@ func newProcess(p specs.Process) (*libcontainer.Process, error) { } // setupIO modifies the given process config according to the options. -func setupIO(process *libcontainer.Process, rootuid, rootgid int, createTTY, detach bool, sockpath string) (*tty, error) { +func setupIO(process *libcontainer.Process, container *libcontainer.Container, createTTY, detach bool, sockpath string) (*tty, error) { if createTTY { process.Stdin = nil process.Stdout = nil @@ -135,6 +135,17 @@ func setupIO(process *libcontainer.Process, rootuid, rootgid int, createTTY, det inheritStdio(process) return &tty{}, nil } + + config := container.Config() + rootuid, err := config.HostRootUID() + if err != nil { + return nil, err + } + rootgid, err := config.HostRootGID() + if err != nil { + return nil, err + } + return setupProcessPipes(process, rootuid, rootgid) } @@ -232,20 +243,12 @@ func (r *runner) run(config *specs.Process) (int, error) { } process.ExtraFiles = append(process.ExtraFiles, os.NewFile(uintptr(i), "PreserveFD:"+strconv.Itoa(i))) } - rootuid, err := r.container.Config().HostRootUID() - if err != nil { - return -1, err - } - rootgid, err := r.container.Config().HostRootGID() - if err != nil { - return -1, err - } detach := r.detach || (r.action == CT_ACT_CREATE) // Setting up IO is a two stage process. We need to modify process to deal // with detaching containers, and then we get a tty after the container has // started. handler := newSignalHandler(r.enableSubreaper, r.notifySocket) - tty, err := setupIO(process, rootuid, rootgid, config.Terminal, detach, r.consoleSocket) + tty, err := setupIO(process, r.container, config.Terminal, detach, r.consoleSocket) if err != nil { return -1, err } From 4b87c7d4fd7d8f1de1a89f79491504781b0077d8 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 15 Jan 2025 18:37:09 -0800 Subject: [PATCH 0820/1176] Fixups for newProcess 1. Pass an argument as a pointer rather than copying the whole structure. It was a pointer initially, but this has changed in commit b2d9d996 without giving a reason why. 2. The newProcess description was added by commit 9fac18329 (yes, the very first one) and hasn't changed since. As of commit 29b139f7, the part of it which says "and stdio from the current process" is no longer valid. Remove it, and while at it, rewrite the description entirely. Signed-off-by: Kir Kolyshkin --- utils_linux.go | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/utils_linux.go b/utils_linux.go index 724d6bb7073..c13ed585bfa 100644 --- a/utils_linux.go +++ b/utils_linux.go @@ -43,9 +43,8 @@ func getDefaultImagePath() string { return filepath.Join(cwd, "checkpoint") } -// newProcess returns a new libcontainer Process with the arguments from the -// spec and stdio from the current process. -func newProcess(p specs.Process) (*libcontainer.Process, error) { +// newProcess converts [specs.Process] to [libcontainer.Process]. +func newProcess(p *specs.Process) (*libcontainer.Process, error) { lp := &libcontainer.Process{ Args: p.Args, Env: p.Env, @@ -221,7 +220,7 @@ func (r *runner) run(config *specs.Process) (int, error) { if err = r.checkTerminal(config); err != nil { return -1, err } - process, err := newProcess(*config) + process, err := newProcess(config) if err != nil { return -1, err } From 13277b2017c2572b8db36087d9c4d7cd092f227f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 11 Feb 2025 04:09:22 +0000 Subject: [PATCH 0821/1176] build(deps): bump golang.org/x/net from 0.34.0 to 0.35.0 Bumps [golang.org/x/net](https://github.com/golang/net) from 0.34.0 to 0.35.0. - [Commits](https://github.com/golang/net/compare/v0.34.0...v0.35.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- vendor/modules.txt | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index 9ee1cb1ab04..28ee713136e 100644 --- a/go.mod +++ b/go.mod @@ -26,7 +26,7 @@ require ( github.com/sirupsen/logrus v1.9.3 github.com/urfave/cli v1.22.16 github.com/vishvananda/netlink v1.3.0 - golang.org/x/net v0.34.0 + golang.org/x/net v0.35.0 golang.org/x/sys v0.30.0 google.golang.org/protobuf v1.36.5 ) diff --git a/go.sum b/go.sum index da9060492d8..4357239cb16 100644 --- a/go.sum +++ b/go.sum @@ -83,8 +83,8 @@ github.com/vishvananda/netns v0.0.4 h1:Oeaw1EM2JMxD51g9uhtC0D7erkIjgmj8+JZc26m1Y github.com/vishvananda/netns v0.0.4/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM= golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2 h1:Jvc7gsqn21cJHCmAWx0LiimpP18LZmUxkT5Mp7EZ1mI= golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= -golang.org/x/net v0.34.0 h1:Mb7Mrk043xzHgnRM88suvJFwzVrRfHEHJEl5/71CKw0= -golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k= +golang.org/x/net v0.35.0 h1:T5GQRQb2y08kTAByq9L4/bz8cipCdA8FbRTXewonqY8= +golang.org/x/net v0.35.0/go.mod h1:EglIi67kWsHKlRzzVMUD93VMSWGFOMSZgxFjparz1Qk= golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= diff --git a/vendor/modules.txt b/vendor/modules.txt index cc23bf293c6..9b592007dc3 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -81,7 +81,7 @@ github.com/vishvananda/netns # golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2 ## explicit; go 1.18 golang.org/x/exp/constraints -# golang.org/x/net v0.34.0 +# golang.org/x/net v0.35.0 ## explicit; go 1.18 golang.org/x/net/bpf # golang.org/x/sys v0.30.0 From 2a86c35768b6d9179ed3c3e83df44a5cd42d433f Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 7 Jan 2025 19:15:33 -0800 Subject: [PATCH 0822/1176] libct: document initConfig and friends This is one of the dark corners of runc / libcontainer, so let's shed some light on it. initConfig is a structure which is filled in [mostly] by newInitConfig, and one of its hidden aspects is it contains a process config which is the result of merge between the container and the process configs. Let's document how all this happens, where the fields are coming from, which one has a preference, and how it all works. Signed-off-by: Kir Kolyshkin --- libcontainer/container_linux.go | 9 ++++ libcontainer/init_linux.go | 74 +++++++++++++++++++++++---------- libcontainer/process.go | 43 ++++++++++++------- 3 files changed, 88 insertions(+), 38 deletions(-) diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index a411d40813d..15090fe2ebd 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -689,6 +689,9 @@ func (c *Container) newSetnsProcess(p *Process, cmd *exec.Cmd, comm *processComm } func (c *Container) newInitConfig(process *Process) *initConfig { + // Set initial properties. For those properties that exist + // both in the container config and the process, use the ones + // from the container config first, and override them later. cfg := &initConfig{ Config: c.config, Args: process.Args, @@ -710,6 +713,9 @@ func (c *Container) newInitConfig(process *Process) *initConfig { ConsoleWidth: process.ConsoleWidth, ConsoleHeight: process.ConsoleHeight, } + + // Overwrite config properties with ones from process. + if process.NoNewPrivileges != nil { cfg.NoNewPrivileges = *process.NoNewPrivileges } @@ -722,6 +728,9 @@ func (c *Container) newInitConfig(process *Process) *initConfig { if len(process.Rlimits) > 0 { cfg.Rlimits = process.Rlimits } + + // Set misc properties. + if cgroups.IsCgroup2UnifiedMode() { cfg.Cgroup2Path = c.cgroupManager.Path("") } diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go index cff21e1bc66..b2cae3a8478 100644 --- a/libcontainer/init_linux.go +++ b/libcontainer/init_linux.go @@ -47,30 +47,58 @@ type network struct { TempVethPeerName string `json:"temp_veth_peer_name"` } -// initConfig is used for transferring parameters from Exec() to Init() +// initConfig is used for transferring parameters from Exec() to Init(). +// It contains: +// - original container config; +// - some [Process] properties; +// - set of properties merged from the container config ([configs.Config]) +// and the process ([Process]); +// - some properties that come from the container. +// +// When adding new fields, please make sure they go into the relevant section. type initConfig struct { - Args []string `json:"args"` - Env []string `json:"env"` - Cwd string `json:"cwd"` - Capabilities *configs.Capabilities `json:"capabilities"` - ProcessLabel string `json:"process_label"` - AppArmorProfile string `json:"apparmor_profile"` - NoNewPrivileges bool `json:"no_new_privileges"` - UID int `json:"uid"` - GID int `json:"gid"` - AdditionalGroups []int `json:"additional_groups"` - Config *configs.Config `json:"config"` - Networks []*network `json:"network"` - PassedFilesCount int `json:"passed_files_count"` - ContainerID string `json:"containerid"` - Rlimits []configs.Rlimit `json:"rlimits"` - CreateConsole bool `json:"create_console"` - ConsoleWidth uint16 `json:"console_width"` - ConsoleHeight uint16 `json:"console_height"` - RootlessEUID bool `json:"rootless_euid,omitempty"` - RootlessCgroups bool `json:"rootless_cgroups,omitempty"` - SpecState *specs.State `json:"spec_state,omitempty"` - Cgroup2Path string `json:"cgroup2_path,omitempty"` + // Config is the original container config. + Config *configs.Config `json:"config"` + + // Properties that are unique to and come from [Process]. + + Args []string `json:"args"` + Env []string `json:"env"` + UID int `json:"uid"` + GID int `json:"gid"` + AdditionalGroups []int `json:"additional_groups"` + Cwd string `json:"cwd"` + CreateConsole bool `json:"create_console"` + ConsoleWidth uint16 `json:"console_width"` + ConsoleHeight uint16 `json:"console_height"` + PassedFilesCount int `json:"passed_files_count"` + + // Properties that exists both in the container config and the process, + // as merged by [Container.newInitConfig] (process properties has preference). + + AppArmorProfile string `json:"apparmor_profile"` + Capabilities *configs.Capabilities `json:"capabilities"` + NoNewPrivileges bool `json:"no_new_privileges"` + ProcessLabel string `json:"process_label"` + Rlimits []configs.Rlimit `json:"rlimits"` + + // Properties that only exist in container config. + // FIXME: they are also passed in Config above. + + RootlessEUID bool `json:"rootless_euid,omitempty"` + RootlessCgroups bool `json:"rootless_cgroups,omitempty"` + + // Miscellaneous properties, filled in by [Container.newInitConfig] + // unless documented otherwise. + + ContainerID string `json:"containerid"` + Cgroup2Path string `json:"cgroup2_path,omitempty"` + + // Networks is filled in from container config by [initProcess.createNetworkInterfaces]. + Networks []*network `json:"network"` + + // SpecState is filled in by [initProcess.Start]. + SpecState *specs.State `json:"spec_state,omitempty"` } // Init is part of "runc init" implementation. diff --git a/libcontainer/process.go b/libcontainer/process.go index 09162be9a40..5b2928be42c 100644 --- a/libcontainer/process.go +++ b/libcontainer/process.go @@ -17,8 +17,11 @@ type processOperations interface { pid() int } -// Process specifies the configuration and IO for a process inside -// a container. +// Process defines the configuration and IO for a process inside a container. +// +// Note that some Process properties are also present in container configuration +// ([configs.Config]). In all such cases, Process properties take precedence +// over container configuration ones. type Process struct { // The command to be run followed by any arguments. Args []string @@ -34,44 +37,54 @@ type Process struct { // in addition to those that the user belongs to. AdditionalGroups []int - // Cwd will change the processes current working directory inside the container's rootfs. + // Cwd will change the process's current working directory inside the container's rootfs. Cwd string - // Stdin is a pointer to a reader which provides the standard input stream. + // Stdin is a reader which provides the standard input stream. Stdin io.Reader - // Stdout is a pointer to a writer which receives the standard output stream. + // Stdout is a writer which receives the standard output stream. Stdout io.Writer - // Stderr is a pointer to a writer which receives the standard error stream. + // Stderr is a writer which receives the standard error stream. Stderr io.Writer - // ExtraFiles specifies additional open files to be inherited by the container + // ExtraFiles specifies additional open files to be inherited by the process. ExtraFiles []*os.File - // open handles to cloned binaries -- see dmz.CloneSelfExe for more details + // Open handles to cloned binaries -- see dmz.CloneSelfExe for more details. clonedExes []*os.File - // Initial sizings for the console + // Initial size for the console. ConsoleWidth uint16 ConsoleHeight uint16 - // Capabilities specify the capabilities to keep when executing the process inside the container - // All capabilities not specified will be dropped from the processes capability mask + // Capabilities specify the capabilities to keep when executing the process. + // All capabilities not specified will be dropped from the processes capability mask. + // + // If not nil, takes precedence over container's [configs.Config.Capabilities]. Capabilities *configs.Capabilities // AppArmorProfile specifies the profile to apply to the process and is - // changed at the time the process is execed + // changed at the time the process is executed. + // + // If not empty, takes precedence over container's [configs.Config.AppArmorProfile]. AppArmorProfile string - // Label specifies the label to apply to the process. It is commonly used by selinux + // Label specifies the label to apply to the process. It is commonly used by selinux. + // + // If not empty, takes precedence over container's [configs.Config.ProcessLabel]. Label string // NoNewPrivileges controls whether processes can gain additional privileges. + // + // If not nil, takes precedence over container's [configs.Config.NoNewPrivileges]. NoNewPrivileges *bool - // Rlimits specifies the resource limits, such as max open files, to set in the container - // If Rlimits are not set, the container will inherit rlimits from the parent process + // Rlimits specifies the resource limits, such as max open files, to set for the process. + // If unset, the process will inherit rlimits from the parent process. + // + // If not empty, takes precedence over container's [configs.Config.Rlimit]. Rlimits []configs.Rlimit // ConsoleSocket provides the masterfd console. From f26ec92221e68b2c81cbc0c72489a3f0135f4d6c Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 15 Jan 2025 23:28:08 -0800 Subject: [PATCH 0823/1176] libct: rm Rootless* properties from initConfig They are passed in initConfig twice, so it does not make sense. NB: the alternative to that would be to remove Config field from initConfig, but it results in a much bigger patch and more maintenance down the road. Signed-off-by: Kir Kolyshkin --- libcontainer/container_linux.go | 2 -- libcontainer/init_linux.go | 8 +------- libcontainer/rootfs_linux.go | 2 +- 3 files changed, 2 insertions(+), 10 deletions(-) diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index 15090fe2ebd..3ee0cb2c2a6 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -704,8 +704,6 @@ func (c *Container) newInitConfig(process *Process) *initConfig { PassedFilesCount: len(process.ExtraFiles), ContainerID: c.ID(), NoNewPrivileges: c.config.NoNewPrivileges, - RootlessEUID: c.config.RootlessEUID, - RootlessCgroups: c.config.RootlessCgroups, AppArmorProfile: c.config.AppArmorProfile, ProcessLabel: c.config.ProcessLabel, Rlimits: c.config.Rlimits, diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go index b2cae3a8478..fba9bb32ce8 100644 --- a/libcontainer/init_linux.go +++ b/libcontainer/init_linux.go @@ -82,12 +82,6 @@ type initConfig struct { ProcessLabel string `json:"process_label"` Rlimits []configs.Rlimit `json:"rlimits"` - // Properties that only exist in container config. - // FIXME: they are also passed in Config above. - - RootlessEUID bool `json:"rootless_euid,omitempty"` - RootlessCgroups bool `json:"rootless_cgroups,omitempty"` - // Miscellaneous properties, filled in by [Container.newInitConfig] // unless documented otherwise. @@ -484,7 +478,7 @@ func setupUser(config *initConfig) error { // There's nothing we can do about /etc/group entries, so we silently // ignore setting groups here (since the user didn't explicitly ask us to // set the group). - allowSupGroups := !config.RootlessEUID && string(bytes.TrimSpace(setgroups)) != "deny" + allowSupGroups := !config.Config.RootlessEUID && string(bytes.TrimSpace(setgroups)) != "deny" if allowSupGroups { if err := unix.Setgroups(config.AdditionalGroups); err != nil { diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index 012b0506713..68e16b7920b 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -106,7 +106,7 @@ func prepareRootfs(pipe *syncSocket, iConfig *initConfig) (err error) { root: config.Rootfs, label: config.MountLabel, cgroup2Path: iConfig.Cgroup2Path, - rootlessCgroups: iConfig.RootlessCgroups, + rootlessCgroups: config.RootlessCgroups, cgroupns: config.Namespaces.Contains(configs.NEWCGROUP), } for _, m := range config.Mounts { From 049a5f76cf969745fb9b7f647af536962e88251e Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 8 Jan 2025 12:25:42 -0800 Subject: [PATCH 0824/1176] libct/cap: allow New(nil) In runtime-spec, capabilities property is optional, but libcontainer/capabilities panics when New(nil) is called. Because of this, there's a kludge in finalizeNamespace to ensure capabilities.New is not called with nil argument, and there's a TestProcessEmptyCaps to ensure runc won't panic. Let's fix this at the source, allowing libct/cap to work with nil capabilities. (The caller is fixed by the next commit.) Signed-off-by: Kir Kolyshkin --- libcontainer/capabilities/capabilities.go | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/libcontainer/capabilities/capabilities.go b/libcontainer/capabilities/capabilities.go index 8ed3cac0870..8bddc0007b7 100644 --- a/libcontainer/capabilities/capabilities.go +++ b/libcontainer/capabilities/capabilities.go @@ -47,6 +47,9 @@ func KnownCapabilities() []string { // printing a warning instead. func New(capConfig *configs.Capabilities) (*Caps, error) { var c Caps + if capConfig == nil { + return &c, nil + } _, err := capMap() if err != nil { @@ -103,6 +106,9 @@ type Caps struct { // ApplyBoundingSet sets the capability bounding set to those specified in the whitelist. func (c *Caps) ApplyBoundingSet() error { + if c.pid == nil { + return nil + } c.pid.Clear(capability.BOUNDING) c.pid.Set(capability.BOUNDING, c.caps[capability.BOUNDING]...) return c.pid.Apply(capability.BOUNDING) @@ -110,6 +116,9 @@ func (c *Caps) ApplyBoundingSet() error { // Apply sets all the capabilities for the current process in the config. func (c *Caps) ApplyCaps() error { + if c.pid == nil { + return nil + } c.pid.Clear(capability.CAPS | capability.BOUNDS) for _, g := range []capability.CapType{ capability.EFFECTIVE, From 73849e797f993cabc4cba7ceb989fcbac57f64d8 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 7 Jan 2025 19:32:27 -0800 Subject: [PATCH 0825/1176] libct: simplify Caps inheritance For all other properties that are available in both Config and Process, the merging is performed by newInitConfig. Let's do the same for Capabilities for the sake of code uniformity. Also, thanks to the previous commit, we no longer have to make sure we do not call capabilities.New(nil). Signed-off-by: Kir Kolyshkin --- libcontainer/container_linux.go | 5 ++++- libcontainer/init_linux.go | 8 +------- 2 files changed, 5 insertions(+), 8 deletions(-) diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index 3ee0cb2c2a6..a0d2ec2606e 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -700,7 +700,7 @@ func (c *Container) newInitConfig(process *Process) *initConfig { GID: process.GID, AdditionalGroups: process.AdditionalGroups, Cwd: process.Cwd, - Capabilities: process.Capabilities, + Capabilities: c.config.Capabilities, PassedFilesCount: len(process.ExtraFiles), ContainerID: c.ID(), NoNewPrivileges: c.config.NoNewPrivileges, @@ -714,6 +714,9 @@ func (c *Container) newInitConfig(process *Process) *initConfig { // Overwrite config properties with ones from process. + if process.Capabilities != nil { + cfg.Capabilities = process.Capabilities + } if process.NoNewPrivileges != nil { cfg.NoNewPrivileges = *process.NoNewPrivileges } diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go index fba9bb32ce8..11a9069d8e7 100644 --- a/libcontainer/init_linux.go +++ b/libcontainer/init_linux.go @@ -322,13 +322,7 @@ func finalizeNamespace(config *initConfig) error { } } - caps := &configs.Capabilities{} - if config.Capabilities != nil { - caps = config.Capabilities - } else if config.Config.Capabilities != nil { - caps = config.Config.Capabilities - } - w, err := capabilities.New(caps) + w, err := capabilities.New(config.Capabilities) if err != nil { return err } From b9114d91e2ee50fd610b9fa201375763b64df121 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 7 Jan 2025 19:48:58 -0800 Subject: [PATCH 0826/1176] runc exec: fix setting process.ioPriority Commit bfbd0305b added IOPriority field into both Config and Process, but forgot to add a mechanism to actually use Process.IOPriority. As a result, runc exec does not set Process.IOPriority ever. Fix it, and a test case (which fails before the fix). Signed-off-by: Kir Kolyshkin --- CHANGELOG.md | 5 +++++ libcontainer/container_linux.go | 4 ++++ libcontainer/init_linux.go | 3 ++- libcontainer/process.go | 3 +++ libcontainer/setns_init_linux.go | 2 +- libcontainer/standard_init_linux.go | 2 +- tests/integration/ioprio.bats | 22 ++++++++++++++++++---- 7 files changed, 34 insertions(+), 7 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2ebb6072239..a810474ce9c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -17,6 +17,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 IDs before calling libcontainer; it is recommended to use Go package github.com/moby/sys/user for that. (#3999) +### Fixed + * `runc exec -p` no longer ignores specified `ioPriority` setting. + Similarly, libcontainer's `Container.Start` and `Container.Run` + methods no longer ignore `Process.IOPriority` setting. (#4585) + ## [1.2.0] - 2024-10-22 > ă§ăă‚‹ă¨ăă«ă§ăă‚‹ă“ă¨ă‚’ă‚„ă‚‹ă‚“ă ă€‚ăă‚ŒăŒä»ă ă€‚ diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index a0d2ec2606e..8a9cf078696 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -707,6 +707,7 @@ func (c *Container) newInitConfig(process *Process) *initConfig { AppArmorProfile: c.config.AppArmorProfile, ProcessLabel: c.config.ProcessLabel, Rlimits: c.config.Rlimits, + IOPriority: c.config.IOPriority, CreateConsole: process.ConsoleSocket != nil, ConsoleWidth: process.ConsoleWidth, ConsoleHeight: process.ConsoleHeight, @@ -729,6 +730,9 @@ func (c *Container) newInitConfig(process *Process) *initConfig { if len(process.Rlimits) > 0 { cfg.Rlimits = process.Rlimits } + if process.IOPriority != nil { + cfg.IOPriority = process.IOPriority + } // Set misc properties. diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go index 11a9069d8e7..5976b2933d3 100644 --- a/libcontainer/init_linux.go +++ b/libcontainer/init_linux.go @@ -81,6 +81,7 @@ type initConfig struct { NoNewPrivileges bool `json:"no_new_privileges"` ProcessLabel string `json:"process_label"` Rlimits []configs.Rlimit `json:"rlimits"` + IOPriority *configs.IOPriority `json:"io_priority,omitempty"` // Miscellaneous properties, filled in by [Container.newInitConfig] // unless documented otherwise. @@ -623,7 +624,7 @@ func setupScheduler(config *configs.Config) error { return nil } -func setupIOPriority(config *configs.Config) error { +func setupIOPriority(config *initConfig) error { const ioprioWhoPgrp = 1 ioprio := config.IOPriority diff --git a/libcontainer/process.go b/libcontainer/process.go index 5b2928be42c..09e57ae46c7 100644 --- a/libcontainer/process.go +++ b/libcontainer/process.go @@ -114,6 +114,9 @@ type Process struct { Scheduler *configs.Scheduler + // IOPriority is a process I/O priority. + // + // If not empty, takes precedence over container's [configs.Config.IOPriority]. IOPriority *configs.IOPriority } diff --git a/libcontainer/setns_init_linux.go b/libcontainer/setns_init_linux.go index d1885b3fdda..505af1d08a8 100644 --- a/libcontainer/setns_init_linux.go +++ b/libcontainer/setns_init_linux.go @@ -75,7 +75,7 @@ func (l *linuxSetnsInit) Init() error { return err } - if err := setupIOPriority(l.config.Config); err != nil { + if err := setupIOPriority(l.config); err != nil { return err } // Tell our parent that we're ready to exec. This must be done before the diff --git a/libcontainer/standard_init_linux.go b/libcontainer/standard_init_linux.go index 9517820bcad..0c83db30f79 100644 --- a/libcontainer/standard_init_linux.go +++ b/libcontainer/standard_init_linux.go @@ -159,7 +159,7 @@ func (l *linuxStandardInit) Init() error { return err } - if err := setupIOPriority(l.config.Config); err != nil { + if err := setupIOPriority(l.config); err != nil { return err } diff --git a/tests/integration/ioprio.bats b/tests/integration/ioprio.bats index a907d782f01..9faa72d61ab 100644 --- a/tests/integration/ioprio.bats +++ b/tests/integration/ioprio.bats @@ -20,11 +20,25 @@ function teardown() { # Check the init process. runc exec test_ioprio ionice -p 1 [ "$status" -eq 0 ] - [[ "$output" = *'best-effort: prio 4'* ]] + [ "${lines[0]}" = 'best-effort: prio 4' ] - # Check the process made from the exec command. + # Check an exec process, which should derive ioprio from config.json. runc exec test_ioprio ionice [ "$status" -eq 0 ] - - [[ "$output" = *'best-effort: prio 4'* ]] + [ "${lines[0]}" = 'best-effort: prio 4' ] + + # Check an exec with a priority taken from process.json, + # which should override the ioprio in config.json. + proc=' +{ + "terminal": false, + "ioPriority": { + "class": "IOPRIO_CLASS_IDLE" + }, + "args": [ "/usr/bin/ionice" ], + "cwd": "/" +}' + runc exec --process <(echo "$proc") test_ioprio + [ "$status" -eq 0 ] + [ "${lines[0]}" = 'idle' ] } From 99f9ed94dc6e12d6f921b63fc15d2d4d45d57224 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 8 Jan 2025 14:11:02 -0800 Subject: [PATCH 0827/1176] runc exec: fix setting process.Scheduler Commit 770728e1 added Scheduler field into both Config and Process, but forgot to add a mechanism to actually use Process.Scheduler. As a result, runc exec does not set Process.Scheduler ever. Fix it, and a test case (which fails before the fix). Signed-off-by: Kir Kolyshkin --- CHANGELOG.md | 7 +++--- libcontainer/container_linux.go | 4 +++ libcontainer/init_linux.go | 5 ++-- libcontainer/process.go | 3 +++ libcontainer/setns_init_linux.go | 2 +- libcontainer/standard_init_linux.go | 2 +- tests/integration/scheduler.bats | 38 ++++++++++++++++++++++++++--- 7 files changed, 51 insertions(+), 10 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a810474ce9c..aae5d9f46d6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -18,9 +18,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 github.com/moby/sys/user for that. (#3999) ### Fixed - * `runc exec -p` no longer ignores specified `ioPriority` setting. - Similarly, libcontainer's `Container.Start` and `Container.Run` - methods no longer ignore `Process.IOPriority` setting. (#4585) + * `runc exec -p` no longer ignores specified `ioPriority` and `scheduler` + settings. Similarly, libcontainer's `Container.Start` and `Container.Run` + methods no longer ignore `Process.IOPriority` and `Process.Scheduler` + settings. (#4585) ## [1.2.0] - 2024-10-22 diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index 8a9cf078696..54a0eaafe06 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -708,6 +708,7 @@ func (c *Container) newInitConfig(process *Process) *initConfig { ProcessLabel: c.config.ProcessLabel, Rlimits: c.config.Rlimits, IOPriority: c.config.IOPriority, + Scheduler: c.config.Scheduler, CreateConsole: process.ConsoleSocket != nil, ConsoleWidth: process.ConsoleWidth, ConsoleHeight: process.ConsoleHeight, @@ -733,6 +734,9 @@ func (c *Container) newInitConfig(process *Process) *initConfig { if process.IOPriority != nil { cfg.IOPriority = process.IOPriority } + if process.Scheduler != nil { + cfg.Scheduler = process.Scheduler + } // Set misc properties. diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go index 5976b2933d3..f78e561755f 100644 --- a/libcontainer/init_linux.go +++ b/libcontainer/init_linux.go @@ -82,6 +82,7 @@ type initConfig struct { ProcessLabel string `json:"process_label"` Rlimits []configs.Rlimit `json:"rlimits"` IOPriority *configs.IOPriority `json:"io_priority,omitempty"` + Scheduler *configs.Scheduler `json:"scheduler,omitempty"` // Miscellaneous properties, filled in by [Container.newInitConfig] // unless documented otherwise. @@ -607,7 +608,7 @@ func setupRlimits(limits []configs.Rlimit, pid int) error { return nil } -func setupScheduler(config *configs.Config) error { +func setupScheduler(config *initConfig) error { if config.Scheduler == nil { return nil } @@ -616,7 +617,7 @@ func setupScheduler(config *configs.Config) error { return err } if err := unix.SchedSetAttr(0, attr, 0); err != nil { - if errors.Is(err, unix.EPERM) && config.Cgroups.CpusetCpus != "" { + if errors.Is(err, unix.EPERM) && config.Config.Cgroups.CpusetCpus != "" { return errors.New("process scheduler can't be used together with AllowedCPUs") } return fmt.Errorf("error setting scheduler: %w", err) diff --git a/libcontainer/process.go b/libcontainer/process.go index 09e57ae46c7..0e24c548ed8 100644 --- a/libcontainer/process.go +++ b/libcontainer/process.go @@ -112,6 +112,9 @@ type Process struct { // For cgroup v2, the only key allowed is "". SubCgroupPaths map[string]string + // Scheduler represents the scheduling attributes for a process. + // + // If not empty, takes precedence over container's [configs.Config.Scheduler]. Scheduler *configs.Scheduler // IOPriority is a process I/O priority. diff --git a/libcontainer/setns_init_linux.go b/libcontainer/setns_init_linux.go index 505af1d08a8..0a79f197e6d 100644 --- a/libcontainer/setns_init_linux.go +++ b/libcontainer/setns_init_linux.go @@ -71,7 +71,7 @@ func (l *linuxSetnsInit) Init() error { unix.Umask(int(*l.config.Config.Umask)) } - if err := setupScheduler(l.config.Config); err != nil { + if err := setupScheduler(l.config); err != nil { return err } diff --git a/libcontainer/standard_init_linux.go b/libcontainer/standard_init_linux.go index 0c83db30f79..384750bf837 100644 --- a/libcontainer/standard_init_linux.go +++ b/libcontainer/standard_init_linux.go @@ -155,7 +155,7 @@ func (l *linuxStandardInit) Init() error { } } - if err := setupScheduler(l.config.Config); err != nil { + if err := setupScheduler(l.config); err != nil { return err } diff --git a/tests/integration/scheduler.bats b/tests/integration/scheduler.bats index b7cd96f8890..6c80d86426b 100644 --- a/tests/integration/scheduler.bats +++ b/tests/integration/scheduler.bats @@ -12,17 +12,49 @@ function teardown() { } @test "scheduler is applied" { - update_config ' .process.scheduler = {"policy": "SCHED_DEADLINE", "nice": 19, "priority": 0, "runtime": 42000, "deadline": 1000000, "period": 1000000, }' + update_config ' .process.scheduler = { + "policy": "SCHED_BATCH", + "priority": 0, + "nice": 19 + }' runc run -d --console-socket "$CONSOLE_SOCKET" test_scheduler [ "$status" -eq 0 ] + # Check init settings. runc exec test_scheduler chrt -p 1 [ "$status" -eq 0 ] + [[ "${lines[0]}" == *"scheduling policy: SCHED_BATCH" ]] + [[ "${lines[1]}" == *"priority: 0" ]] + + # Check exec settings derived from config.json. + runc exec test_scheduler sh -c 'chrt -p $$' + [ "$status" -eq 0 ] + [[ "${lines[0]}" == *"scheduling policy: SCHED_BATCH" ]] + [[ "${lines[1]}" == *"priority: 0" ]] + + # Another exec, with different scheduler settings. + proc=' +{ + "terminal": false, + "args": [ "/bin/sleep", "600" ], + "cwd": "/", + "scheduler": { + "policy": "SCHED_DEADLINE", + "flags": [ "SCHED_FLAG_RESET_ON_FORK" ], + "nice": 19, + "priority": 0, + "runtime": 42000, + "deadline": 100000, + "period": 1000000 + } +}' + __runc exec -d --pid-file pid.txt --process <(echo "$proc") test_scheduler - [[ "${lines[0]}" == *"scheduling policy: SCHED_DEADLINE" ]] + run chrt -p "$(cat pid.txt)" + [[ "${lines[0]}" == *"scheduling policy: SCHED_DEADLINE|SCHED_RESET_ON_FORK" ]] [[ "${lines[1]}" == *"priority: 0" ]] - [[ "${lines[2]}" == *"runtime/deadline/period parameters: 42000/1000000/1000000" ]] + [[ "${lines[2]}" == *"runtime/deadline/period parameters: 42000/100000/1000000" ]] } # Checks that runc emits a specific error when scheduling policy is used From 874207492e942eb566c358937de98fe8df16c14f Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 20 Jan 2025 16:51:04 -0800 Subject: [PATCH 0828/1176] CI: add Go 1.24, drop go1.22 Also, bump golangci-lint to v1.64 (v1.64.2 added Go 1.24 support). NOTE we still use Go 1.23.x for official builds. Signed-off-by: Kir Kolyshkin --- .github/workflows/test.yml | 2 +- .github/workflows/validate.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 7f4c5b0fc2b..620c77f2f52 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -24,7 +24,7 @@ jobs: fail-fast: false matrix: os: [ubuntu-20.04, ubuntu-24.04, actuated-arm64-6cpu-8gb] - go-version: [1.22.x, 1.23.x] + go-version: [1.23.x, 1.24.x] rootless: ["rootless", ""] race: ["-race", ""] criu: ["", "criu-dev"] diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index dad27d5b574..a5c8fbad67c 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -8,7 +8,7 @@ on: - release-* pull_request: env: - GO_VERSION: 1.23.x + GO_VERSION: 1.24 permissions: contents: read @@ -40,7 +40,7 @@ jobs: sudo apt -qy install libseccomp-dev - uses: golangci/golangci-lint-action@v6 with: - version: v1.62 + version: v1.64 # Extra linters, only checking new code from a pull request. - name: lint-extra if: github.event_name == 'pull_request' From 16d7336791d5ad854adfea390c1955641b368f5d Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 11 Feb 2025 17:45:03 -0800 Subject: [PATCH 0829/1176] Require Go 1.23.x, drop Go 1.22 support Signed-off-by: Kir Kolyshkin --- go.mod | 7 +----- libcontainer/system/rlimit_linux_go122.go | 27 ----------------------- 2 files changed, 1 insertion(+), 33 deletions(-) delete mode 100644 libcontainer/system/rlimit_linux_go122.go diff --git a/go.mod b/go.mod index 28ee713136e..f42a08e55b5 100644 --- a/go.mod +++ b/go.mod @@ -1,11 +1,6 @@ module github.com/opencontainers/runc -go 1.22 - -// Suggest toolchain 1.22.4 due to a fix in golang for libcontainer/nsenter/. -// For more info, see: #4233 -// Note that toolchain does not impose a requirement on other modules using runc. -toolchain go1.22.4 +go 1.23.0 require ( github.com/checkpoint-restore/go-criu/v6 v6.3.0 diff --git a/libcontainer/system/rlimit_linux_go122.go b/libcontainer/system/rlimit_linux_go122.go deleted file mode 100644 index 865d1802214..00000000000 --- a/libcontainer/system/rlimit_linux_go122.go +++ /dev/null @@ -1,27 +0,0 @@ -//go:build !go1.23 - -// TODO: remove this file once go 1.22 is no longer supported. - -package system - -import ( - "sync/atomic" - "syscall" - _ "unsafe" // Needed for go:linkname to work. -) - -//go:linkname syscallOrigRlimitNofile syscall.origRlimitNofile -var syscallOrigRlimitNofile atomic.Pointer[syscall.Rlimit] - -// ClearRlimitNofileCache clears go runtime's nofile rlimit cache. -// The argument is process RLIMIT_NOFILE values. -func ClearRlimitNofileCache(_ *syscall.Rlimit) { - // As reported in issue #4195, the new version of go runtime(since 1.19) - // will cache rlimit-nofile. Before executing execve, the rlimit-nofile - // of the process will be restored with the cache. In runc, this will - // cause the rlimit-nofile setting by the parent process for the container - // to become invalid. It can be solved by clearing this cache. But - // unfortunately, go stdlib doesn't provide such function, so we need to - // link to the private var `origRlimitNofile` in package syscall to hack. - syscallOrigRlimitNofile.Store(nil) -} From d237bc462aea7c9ee4e05cd3951585315418e82e Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 20 Jan 2025 16:56:42 -0800 Subject: [PATCH 0830/1176] .cirrus.yml: use Go 1.24 Also: 1. Change GO_VERSION to GO_VER_PREFIX, and move the "." from the jq argument to the variable value. It allows to use something like "1.25" to match "1.25rc" etc, but set to "1.24." for now to require a released 1.24.x version. 2. Change PREFIX to URL_PREFIX. Signed-off-by: Kir Kolyshkin --- .cirrus.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.cirrus.yml b/.cirrus.yml index e63ef51cf1a..65c70cd9a22 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -77,7 +77,7 @@ task: env: HOME: /root CIRRUS_WORKING_DIR: /home/runc - GO_VERSION: "1.23" + GO_VER_PREFIX: "1.24." BATS_VERSION: "v1.9.0" RPMS: gcc git iptables jq glibc-static libseccomp-devel make criu fuse-sshfs container-selinux # yamllint disable rule:key-duplicates @@ -117,10 +117,10 @@ task: [ $? -eq 0 ] # fail if yum failed # Install Go. - PREFIX="https://go.dev/dl/" + URL_PREFIX="https://go.dev/dl/" # Find out the latest minor release URL. - filename=$(curl -fsSL "${PREFIX}?mode=json&include=all" | jq -r --arg Ver "go$GO_VERSION." '. | map(select(.version | contains($Ver))) | first | .files[] | select(.os == "linux" and .arch == "amd64" and .kind == "archive") | .filename') - curl -fsSL "$PREFIX$filename" | tar Cxz /usr/local + filename=$(curl -fsSL "${URL_PREFIX}?mode=json&include=all" | jq -r --arg Ver "go$GO_VER_PREFIX" '. | map(select(.version | contains($Ver))) | first | .files[] | select(.os == "linux" and .arch == "amd64" and .kind == "archive") | .filename') + curl -fsSL "$URL_PREFIX$filename" | tar Cxz /usr/local # install bats cd /tmp git clone https://github.com/bats-core/bats-core From 6a3f8ea3b4f6cc6af8f2d413e1853e465b2ebbdc Mon Sep 17 00:00:00 2001 From: ningmingxiao Date: Fri, 19 Jul 2024 22:42:49 +0800 Subject: [PATCH 0831/1176] skip read /proc/filesystems if process_label is null Signed-off-by: ningmingxiao --- libcontainer/setns_init_linux.go | 17 ++++++++++------- libcontainer/standard_init_linux.go | 16 ++++++++++------ 2 files changed, 20 insertions(+), 13 deletions(-) diff --git a/libcontainer/setns_init_linux.go b/libcontainer/setns_init_linux.go index d1885b3fdda..e1cce121195 100644 --- a/libcontainer/setns_init_linux.go +++ b/libcontainer/setns_init_linux.go @@ -33,10 +33,12 @@ func (l *linuxSetnsInit) getSessionRingName() string { func (l *linuxSetnsInit) Init() error { if !l.config.Config.NoNewKeyring { - if err := selinux.SetKeyLabel(l.config.ProcessLabel); err != nil { - return err + if l.config.ProcessLabel != "" { + if err := selinux.SetKeyLabel(l.config.ProcessLabel); err != nil { + return err + } + defer selinux.SetKeyLabel("") //nolint: errcheck } - defer selinux.SetKeyLabel("") //nolint: errcheck // Do not inherit the parent's session keyring. if _, err := keys.JoinSessionKeyring(l.getSessionRingName()); err != nil { // Same justification as in standart_init_linux.go as to why we @@ -84,11 +86,12 @@ func (l *linuxSetnsInit) Init() error { if err := syncParentReady(l.pipe); err != nil { return fmt.Errorf("sync ready: %w", err) } - - if err := selinux.SetExecLabel(l.config.ProcessLabel); err != nil { - return err + if l.config.ProcessLabel != "" { + if err := selinux.SetExecLabel(l.config.ProcessLabel); err != nil { + return err + } + defer selinux.SetExecLabel("") //nolint: errcheck } - defer selinux.SetExecLabel("") //nolint: errcheck // Without NoNewPrivileges seccomp is a privileged operation, so we need to // do this before dropping capabilities; otherwise do it as late as possible // just before execve so as few syscalls take place after it as possible. diff --git a/libcontainer/standard_init_linux.go b/libcontainer/standard_init_linux.go index 9517820bcad..8ea9e94577e 100644 --- a/libcontainer/standard_init_linux.go +++ b/libcontainer/standard_init_linux.go @@ -47,10 +47,12 @@ func (l *linuxStandardInit) getSessionRingParams() (string, uint32, uint32) { func (l *linuxStandardInit) Init() error { if !l.config.Config.NoNewKeyring { - if err := selinux.SetKeyLabel(l.config.ProcessLabel); err != nil { - return err + if l.config.ProcessLabel != "" { + if err := selinux.SetKeyLabel(l.config.ProcessLabel); err != nil { + return err + } + defer selinux.SetKeyLabel("") //nolint: errcheck } - defer selinux.SetKeyLabel("") //nolint: errcheck ringname, keepperms, newperms := l.getSessionRingParams() // Do not inherit the parent's session keyring. @@ -169,10 +171,12 @@ func (l *linuxStandardInit) Init() error { if err := syncParentReady(l.pipe); err != nil { return fmt.Errorf("sync ready: %w", err) } - if err := selinux.SetExecLabel(l.config.ProcessLabel); err != nil { - return fmt.Errorf("can't set process label: %w", err) + if l.config.ProcessLabel != "" { + if err := selinux.SetExecLabel(l.config.ProcessLabel); err != nil { + return fmt.Errorf("can't set process label: %w", err) + } + defer selinux.SetExecLabel("") //nolint: errcheck } - defer selinux.SetExecLabel("") //nolint: errcheck // Without NoNewPrivileges seccomp is a privileged operation, so we need to // do this before dropping capabilities; otherwise do it as late as possible // just before execve so as few syscalls take place after it as possible. From 0e3b5d5b373ace111d91c4dead6c4c52db68791e Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 11 Feb 2025 17:58:52 -0800 Subject: [PATCH 0832/1176] build: bump libseccomp to v2.5.6 A new libseccomp releases (v2.5.6 and v2.6.0) were cut last month. Theoretically, we could use v2.6.0 but let's stay conservative for now. Signed-off-by: Kir Kolyshkin --- Dockerfile | 2 +- script/release_build.sh | 2 +- script/seccomp.sh | 2 ++ 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index f51f5956c85..692001a95bc 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ ARG GO_VERSION=1.23 ARG BATS_VERSION=v1.9.0 -ARG LIBSECCOMP_VERSION=2.5.5 +ARG LIBSECCOMP_VERSION=2.5.6 FROM golang:${GO_VERSION}-bookworm ARG DEBIAN_FRONTEND=noninteractive diff --git a/script/release_build.sh b/script/release_build.sh index 476f08fa72b..39ec3ab5ddf 100755 --- a/script/release_build.sh +++ b/script/release_build.sh @@ -19,7 +19,7 @@ set -e ## ---> # Project-specific options and functions. In *theory* you shouldn't need to # touch anything else in this script in order to use this elsewhere. -: "${LIBSECCOMP_VERSION:=2.5.5}" +: "${LIBSECCOMP_VERSION:=2.5.6}" project="runc" root="$(readlink -f "$(dirname "${BASH_SOURCE[0]}")/..")" diff --git a/script/seccomp.sh b/script/seccomp.sh index dcc0d7ca345..c4bbfac1f92 100755 --- a/script/seccomp.sh +++ b/script/seccomp.sh @@ -8,6 +8,8 @@ source "$(dirname "${BASH_SOURCE[0]}")/lib.sh" # sha256 checksums for seccomp release tarballs. declare -A SECCOMP_SHA256=( ["2.5.5"]=248a2c8a4d9b9858aa6baf52712c34afefcf9c9e94b76dce02c1c9aa25fb3375 + ["2.5.6"]=04c37d72965dce218a0c94519b056e1775cf786b5260ee2b7992956c4ee38633 + ["2.6.0"]=83b6085232d1588c379dc9b9cae47bb37407cf262e6e74993c61ba72d2a784dc ) # Due to libseccomp being LGPL we must include its sources, From 26cfe1423122799fe8a2ab1ed433df12825e6aa3 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Thu, 13 Feb 2025 14:36:50 +1100 Subject: [PATCH 0833/1176] release: explicitly set --keyserver in release signing scripts On my machine, the --recv-keys steps to get upstream keys started producing errors recently, and even setting a default keyserver in the global gpg configuration doesn't seem to help: + gpg --homedir=/tmp/runc-sign-tmpkeyring.qm0IP6 --no-default-keyring --keyring=seccomp.keyring --recv-keys 0x47A68FCE37C7D7024FD65E11356CE62C2B524099 gpg: keybox '/tmp/runc-sign-tmpkeyring.qm0IP6/seccomp.keyring' created gpg: keyserver receive failed: No keyserver available So just explicitly specify a reputable keyserver. Ideally we would use an .onion-address keyserver to avoid potential targeted attacks but not everybody runs a Tor proxy on their machine. Signed-off-by: Aleksa Sarai --- script/release_sign.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/script/release_sign.sh b/script/release_sign.sh index 39f806fa642..883d0169a35 100755 --- a/script/release_sign.sh +++ b/script/release_sign.sh @@ -108,7 +108,7 @@ trap 'rm -r "$tmp_gpgdir"' EXIT tmp_runc_gpgflags=("--homedir=$tmp_gpgdir" "--no-default-keyring" "--keyring=$project.keyring") gpg "${tmp_runc_gpgflags[@]}" --import <"$root/$project.keyring" -tmp_seccomp_gpgflags=("--homedir=$tmp_gpgdir" "--no-default-keyring" "--keyring=seccomp.keyring") +tmp_seccomp_gpgflags=("--homedir=$tmp_gpgdir" "--no-default-keyring" "--keyring=seccomp.keyring" "--keyserver=keys.openpgp.org") gpg "${tmp_seccomp_gpgflags[@]}" --recv-keys 0x47A68FCE37C7D7024FD65E11356CE62C2B524099 gpg "${tmp_seccomp_gpgflags[@]}" --recv-keys 0x7100AADFAE6E6E940D2E0AD655E45A5AE8CA7C8A From 8db6ffbeefe5e92aa213c498b48bcfb8c3d2972a Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 12 Feb 2025 19:56:00 -0800 Subject: [PATCH 0834/1176] libc/utils: simplify CleanPath This simplifies the code flow and basically removes the last filepath.Clean, which is not necessary in either case: - for absolute path, single filepath.Clean is enough (as it is guaranteed to remove all dot and dot-dot elements); - for relative path, filepath.Rel calls Clean at the end (which is even documented). Signed-off-by: Kir Kolyshkin --- libcontainer/utils/utils.go | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/libcontainer/utils/utils.go b/libcontainer/utils/utils.go index db420ea688d..42f2eb99fa0 100644 --- a/libcontainer/utils/utils.go +++ b/libcontainer/utils/utils.go @@ -50,19 +50,19 @@ func CleanPath(path string) string { // Ensure that all paths are cleaned (especially problematic ones like // "/../../../../../" which can cause lots of issues). - path = filepath.Clean(path) + + if filepath.IsAbs(path) { + return filepath.Clean(path) + } // If the path isn't absolute, we need to do more processing to fix paths // such as "../../../..//some/path". We also shouldn't convert absolute // paths to relative ones. - if !filepath.IsAbs(path) { - path = filepath.Clean(string(os.PathSeparator) + path) - // This can't fail, as (by definition) all paths are relative to root. - path, _ = filepath.Rel(string(os.PathSeparator), path) - } + path = filepath.Clean(string(os.PathSeparator) + path) + // This can't fail, as (by definition) all paths are relative to root. + path, _ = filepath.Rel(string(os.PathSeparator), path) - // Clean the path again for good measure. - return filepath.Clean(path) + return path } // stripRoot returns the passed path, stripping the root path if it was From 79a4ac05535a7674c9549add9e65fb62cd7092af Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 12 Feb 2025 19:27:20 -0800 Subject: [PATCH 0835/1176] deps: bump cilium/ebpf to v0.17.3 It has a fix for runc issue 4594. Signed-off-by: Kir Kolyshkin --- go.mod | 5 +- go.sum | 6 +- vendor/github.com/cilium/ebpf/.golangci.yaml | 18 + vendor/github.com/cilium/ebpf/CODEOWNERS | 2 + vendor/github.com/cilium/ebpf/Makefile | 6 +- vendor/github.com/cilium/ebpf/README.md | 1 + vendor/github.com/cilium/ebpf/asm/func.go | 6 - .../github.com/cilium/ebpf/asm/func_string.go | 5 +- .../github.com/cilium/ebpf/asm/instruction.go | 3 +- .../cilium/ebpf/attachtype_string.go | 5 +- vendor/github.com/cilium/ebpf/btf/btf.go | 32 +- .../github.com/cilium/ebpf/btf/btf_types.go | 1 + vendor/github.com/cilium/ebpf/btf/ext_info.go | 169 ++++---- vendor/github.com/cilium/ebpf/btf/feature.go | 55 ++- vendor/github.com/cilium/ebpf/btf/format.go | 3 + vendor/github.com/cilium/ebpf/btf/kernel.go | 6 +- vendor/github.com/cilium/ebpf/btf/marshal.go | 83 +++- .../github.com/cilium/ebpf/btf/traversal.go | 48 ++- vendor/github.com/cilium/ebpf/btf/types.go | 138 ++++++- .../github.com/cilium/ebpf/btf/workarounds.go | 2 +- vendor/github.com/cilium/ebpf/collection.go | 268 ++++++++---- vendor/github.com/cilium/ebpf/elf_reader.go | 172 ++++++-- vendor/github.com/cilium/ebpf/elf_sections.go | 2 + vendor/github.com/cilium/ebpf/info.go | 387 ++++++++++++++++-- .../github.com/cilium/ebpf/internal/errors.go | 6 +- .../cilium/ebpf/internal/feature.go | 55 ++- .../github.com/cilium/ebpf/internal/goos.go | 7 + .../cilium/ebpf/internal/kallsyms/cache.go | 20 + .../cilium/ebpf/internal/kallsyms/kallsyms.go | 299 ++++++++++++-- .../cilium/ebpf/internal/kallsyms/reader.go | 118 ++++++ .../cilium/ebpf/internal/kconfig/kconfig.go | 45 +- .../cilium/ebpf/internal/{ => linux}/auxv.go | 28 +- .../cilium/ebpf/internal/linux/doc.go | 2 + .../cilium/ebpf/internal/linux/kconfig.go | 31 ++ .../ebpf/internal/{ => linux}/platform.go | 2 +- .../ebpf/internal/{ => linux}/statfs.go | 2 +- .../cilium/ebpf/internal/{ => linux}/vdso.go | 9 +- .../cilium/ebpf/internal/linux/version.go | 34 ++ .../github.com/cilium/ebpf/internal/math.go | 28 +- .../github.com/cilium/ebpf/internal/sys/fd.go | 74 +++- .../cilium/ebpf/internal/sys/fd_trace.go | 93 ----- .../ebpf/internal/sys/mapflags_string.go | 53 --- .../cilium/ebpf/internal/{ => sys}/pinning.go | 16 +- .../cilium/ebpf/internal/sys/ptr.go | 6 +- .../cilium/ebpf/internal/sys/syscall.go | 48 +-- .../cilium/ebpf/internal/sys/types.go | 232 ++++++++++- .../cilium/ebpf/internal/sysenc/buffer.go | 10 +- .../internal/testutils/fdtrace/fd_trace.go | 103 +++++ .../ebpf/internal/testutils/fdtrace/main.go | 31 ++ .../cilium/ebpf/internal/tracefs/kprobe.go | 12 +- .../cilium/ebpf/internal/unix/errno_linux.go | 29 ++ .../cilium/ebpf/internal/unix/errno_other.go | 29 ++ .../internal/unix/errno_string_windows.go | 59 +++ .../ebpf/internal/unix/errno_windows.go | 78 ++++ .../cilium/ebpf/internal/unix/error.go | 23 ++ .../ebpf/internal/unix/strings_other.go | 11 + .../ebpf/internal/unix/strings_windows.go | 19 + .../cilium/ebpf/internal/unix/types_linux.go | 29 +- .../cilium/ebpf/internal/unix/types_other.go | 91 ++-- .../cilium/ebpf/internal/version.go | 30 -- vendor/github.com/cilium/ebpf/link/kprobe.go | 12 +- .../cilium/ebpf/link/kprobe_multi.go | 86 +++- vendor/github.com/cilium/ebpf/link/link.go | 15 +- .../github.com/cilium/ebpf/link/netfilter.go | 2 +- .../github.com/cilium/ebpf/link/perf_event.go | 8 +- .../github.com/cilium/ebpf/link/syscalls.go | 24 +- vendor/github.com/cilium/ebpf/link/tracing.go | 2 +- vendor/github.com/cilium/ebpf/link/uprobe.go | 6 +- .../cilium/ebpf/link/uprobe_multi.go | 13 +- vendor/github.com/cilium/ebpf/linker.go | 51 ++- vendor/github.com/cilium/ebpf/map.go | 127 ++++-- vendor/github.com/cilium/ebpf/memory.go | 145 +++++++ vendor/github.com/cilium/ebpf/netlify.toml | 1 + vendor/github.com/cilium/ebpf/prog.go | 102 +++-- vendor/github.com/cilium/ebpf/syscalls.go | 80 ++-- vendor/github.com/cilium/ebpf/types.go | 29 +- vendor/github.com/cilium/ebpf/types_string.go | 8 +- vendor/github.com/cilium/ebpf/variable.go | 230 +++++++++++ vendor/golang.org/x/exp/LICENSE | 27 -- vendor/golang.org/x/exp/PATENTS | 22 - .../x/exp/constraints/constraints.go | 50 --- vendor/modules.txt | 9 +- 82 files changed, 3221 insertions(+), 1013 deletions(-) create mode 100644 vendor/github.com/cilium/ebpf/internal/goos.go create mode 100644 vendor/github.com/cilium/ebpf/internal/kallsyms/cache.go create mode 100644 vendor/github.com/cilium/ebpf/internal/kallsyms/reader.go rename vendor/github.com/cilium/ebpf/internal/{ => linux}/auxv.go (67%) create mode 100644 vendor/github.com/cilium/ebpf/internal/linux/doc.go create mode 100644 vendor/github.com/cilium/ebpf/internal/linux/kconfig.go rename vendor/github.com/cilium/ebpf/internal/{ => linux}/platform.go (97%) rename vendor/github.com/cilium/ebpf/internal/{ => linux}/statfs.go (96%) rename vendor/github.com/cilium/ebpf/internal/{ => linux}/vdso.go (93%) create mode 100644 vendor/github.com/cilium/ebpf/internal/linux/version.go delete mode 100644 vendor/github.com/cilium/ebpf/internal/sys/fd_trace.go delete mode 100644 vendor/github.com/cilium/ebpf/internal/sys/mapflags_string.go rename vendor/github.com/cilium/ebpf/internal/{ => sys}/pinning.go (77%) create mode 100644 vendor/github.com/cilium/ebpf/internal/testutils/fdtrace/fd_trace.go create mode 100644 vendor/github.com/cilium/ebpf/internal/testutils/fdtrace/main.go create mode 100644 vendor/github.com/cilium/ebpf/internal/unix/errno_linux.go create mode 100644 vendor/github.com/cilium/ebpf/internal/unix/errno_other.go create mode 100644 vendor/github.com/cilium/ebpf/internal/unix/errno_string_windows.go create mode 100644 vendor/github.com/cilium/ebpf/internal/unix/errno_windows.go create mode 100644 vendor/github.com/cilium/ebpf/internal/unix/error.go create mode 100644 vendor/github.com/cilium/ebpf/internal/unix/strings_other.go create mode 100644 vendor/github.com/cilium/ebpf/internal/unix/strings_windows.go create mode 100644 vendor/github.com/cilium/ebpf/memory.go create mode 100644 vendor/github.com/cilium/ebpf/variable.go delete mode 100644 vendor/golang.org/x/exp/LICENSE delete mode 100644 vendor/golang.org/x/exp/PATENTS delete mode 100644 vendor/golang.org/x/exp/constraints/constraints.go diff --git a/go.mod b/go.mod index 28ee713136e..0874a500916 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,7 @@ toolchain go1.22.4 require ( github.com/checkpoint-restore/go-criu/v6 v6.3.0 - github.com/cilium/ebpf v0.16.0 + github.com/cilium/ebpf v0.17.3 github.com/containerd/console v1.0.4 github.com/coreos/go-systemd/v22 v22.5.0 github.com/cyphar/filepath-securejoin v0.4.1 @@ -31,7 +31,7 @@ require ( google.golang.org/protobuf v1.36.5 ) -// https://github.com/cilium/ebpf/pull/1660 +// https://github.com/opencontainers/runc/issues/4594 exclude ( github.com/cilium/ebpf v0.17.0 github.com/cilium/ebpf v0.17.1 @@ -42,5 +42,4 @@ require ( github.com/cpuguy83/go-md2man/v2 v2.0.5 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/vishvananda/netns v0.0.4 // indirect - golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2 // indirect ) diff --git a/go.sum b/go.sum index 4357239cb16..a525a61a579 100644 --- a/go.sum +++ b/go.sum @@ -1,8 +1,8 @@ github.com/BurntSushi/toml v1.4.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= github.com/checkpoint-restore/go-criu/v6 v6.3.0 h1:mIdrSO2cPNWQY1truPg6uHLXyKHk3Z5Odx4wjKOASzA= github.com/checkpoint-restore/go-criu/v6 v6.3.0/go.mod h1:rrRTN/uSwY2X+BPRl/gkulo9gsKOSAeVp9/K2tv7xZI= -github.com/cilium/ebpf v0.16.0 h1:+BiEnHL6Z7lXnlGUsXQPPAE7+kenAd4ES8MQ5min0Ok= -github.com/cilium/ebpf v0.16.0/go.mod h1:L7u2Blt2jMM/vLAVgjxluxtBKlz3/GWjB0dMOEngfwE= +github.com/cilium/ebpf v0.17.3 h1:FnP4r16PWYSE4ux6zN+//jMcW4nMVRvuTLVTvCjyyjg= +github.com/cilium/ebpf v0.17.3/go.mod h1:G5EDHij8yiLzaqn0WjyfJHvRa+3aDlReIaLVRMvOyJk= github.com/containerd/console v1.0.4 h1:F2g4+oChYvBTsASRTz8NP6iIAi97J3TtSAsLbIFn4ro= github.com/containerd/console v1.0.4/go.mod h1:YynlIjWYF8myEu6sdkwKIvGQq+cOckRm6So2avqoYAk= github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs= @@ -81,8 +81,6 @@ github.com/vishvananda/netlink v1.3.0 h1:X7l42GfcV4S6E4vHTsw48qbrV+9PVojNfIhZcwQ github.com/vishvananda/netlink v1.3.0/go.mod h1:i6NetklAujEcC6fK0JPjT8qSwWyO0HLn4UKG+hGqeJs= github.com/vishvananda/netns v0.0.4 h1:Oeaw1EM2JMxD51g9uhtC0D7erkIjgmj8+JZc26m1YX8= github.com/vishvananda/netns v0.0.4/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM= -golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2 h1:Jvc7gsqn21cJHCmAWx0LiimpP18LZmUxkT5Mp7EZ1mI= -golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= golang.org/x/net v0.35.0 h1:T5GQRQb2y08kTAByq9L4/bz8cipCdA8FbRTXewonqY8= golang.org/x/net v0.35.0/go.mod h1:EglIi67kWsHKlRzzVMUD93VMSWGFOMSZgxFjparz1Qk= golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= diff --git a/vendor/github.com/cilium/ebpf/.golangci.yaml b/vendor/github.com/cilium/ebpf/.golangci.yaml index 65f91b910bf..8298e59ed80 100644 --- a/vendor/github.com/cilium/ebpf/.golangci.yaml +++ b/vendor/github.com/cilium/ebpf/.golangci.yaml @@ -11,3 +11,21 @@ linters: - typecheck - unused - gofmt + - depguard +linters-settings: + goimports: + # A comma-separated list of prefixes, which, if set, checks import paths + # with the given prefixes are grouped after 3rd-party packages. + # Default: "" + local-prefixes: github.com/cilium/ebpf + depguard: + rules: + no-x-sys-unix: + files: + # Filenames are matched against absolute paths, include **/ at the start. + - '!**/internal/unix/*.go' + - '!**/examples/**/*.go' + - '!**/docs/**/*.go' + deny: + - pkg: golang.org/x/sys/unix + desc: use internal/unix instead diff --git a/vendor/github.com/cilium/ebpf/CODEOWNERS b/vendor/github.com/cilium/ebpf/CODEOWNERS index ca65d23c09d..0f76dce85c8 100644 --- a/vendor/github.com/cilium/ebpf/CODEOWNERS +++ b/vendor/github.com/cilium/ebpf/CODEOWNERS @@ -9,3 +9,5 @@ ringbuf/ @florianl btf/ @dylandreimerink cmd/bpf2go/ @mejedi + +docs/ @ti-mo diff --git a/vendor/github.com/cilium/ebpf/Makefile b/vendor/github.com/cilium/ebpf/Makefile index d355eea71ca..e0fe9749206 100644 --- a/vendor/github.com/cilium/ebpf/Makefile +++ b/vendor/github.com/cilium/ebpf/Makefile @@ -39,16 +39,18 @@ TARGETS := \ testdata/subprog_reloc \ testdata/fwd_decl \ testdata/kconfig \ - testdata/kconfig_config \ + testdata/ksym \ testdata/kfunc \ testdata/invalid-kfunc \ testdata/kfunc-kmod \ testdata/constants \ testdata/errors \ + testdata/variables \ btf/testdata/relocs \ btf/testdata/relocs_read \ btf/testdata/relocs_read_tgt \ btf/testdata/relocs_enum \ + btf/testdata/tags \ cmd/bpf2go/testdata/minimal .PHONY: all clean container-all container-shell generate @@ -57,7 +59,7 @@ TARGETS := \ # Build all ELF binaries using a containerized LLVM toolchain. container-all: - +${CONTAINER_ENGINE} run --rm -t ${CONTAINER_RUN_ARGS} \ + +${CONTAINER_ENGINE} run --rm -ti ${CONTAINER_RUN_ARGS} \ -v "${REPODIR}":/ebpf -w /ebpf --env MAKEFLAGS \ --env HOME="/tmp" \ --env BPF2GO_CC="$(CLANG)" \ diff --git a/vendor/github.com/cilium/ebpf/README.md b/vendor/github.com/cilium/ebpf/README.md index 85871db1ae3..8238256c8ed 100644 --- a/vendor/github.com/cilium/ebpf/README.md +++ b/vendor/github.com/cilium/ebpf/README.md @@ -53,6 +53,7 @@ This library includes the following packages: * [rlimit](https://pkg.go.dev/github.com/cilium/ebpf/rlimit) provides a convenient API to lift the `RLIMIT_MEMLOCK` constraint on kernels before 5.11. * [btf](https://pkg.go.dev/github.com/cilium/ebpf/btf) allows reading the BPF Type Format. +* [pin](https://pkg.go.dev/github.com/cilium/ebpf/pin) provides APIs for working with pinned objects on bpffs. ## Requirements diff --git a/vendor/github.com/cilium/ebpf/asm/func.go b/vendor/github.com/cilium/ebpf/asm/func.go index 84a40b2277f..7a59acf3830 100644 --- a/vendor/github.com/cilium/ebpf/asm/func.go +++ b/vendor/github.com/cilium/ebpf/asm/func.go @@ -5,10 +5,6 @@ package asm // BuiltinFunc is a built-in eBPF function. type BuiltinFunc int32 -func (_ BuiltinFunc) Max() BuiltinFunc { - return maxBuiltinFunc - 1 -} - // eBPF built-in functions // // You can regenerate this list using the following gawk script: @@ -237,8 +233,6 @@ const ( FnUserRingbufDrain FnCgrpStorageGet FnCgrpStorageDelete - - maxBuiltinFunc ) // Call emits a function call. diff --git a/vendor/github.com/cilium/ebpf/asm/func_string.go b/vendor/github.com/cilium/ebpf/asm/func_string.go index 47150bc4f2d..6c4ba378926 100644 --- a/vendor/github.com/cilium/ebpf/asm/func_string.go +++ b/vendor/github.com/cilium/ebpf/asm/func_string.go @@ -220,12 +220,11 @@ func _() { _ = x[FnUserRingbufDrain-209] _ = x[FnCgrpStorageGet-210] _ = x[FnCgrpStorageDelete-211] - _ = x[maxBuiltinFunc-212] } -const _BuiltinFunc_name = "FnUnspecFnMapLookupElemFnMapUpdateElemFnMapDeleteElemFnProbeReadFnKtimeGetNsFnTracePrintkFnGetPrandomU32FnGetSmpProcessorIdFnSkbStoreBytesFnL3CsumReplaceFnL4CsumReplaceFnTailCallFnCloneRedirectFnGetCurrentPidTgidFnGetCurrentUidGidFnGetCurrentCommFnGetCgroupClassidFnSkbVlanPushFnSkbVlanPopFnSkbGetTunnelKeyFnSkbSetTunnelKeyFnPerfEventReadFnRedirectFnGetRouteRealmFnPerfEventOutputFnSkbLoadBytesFnGetStackidFnCsumDiffFnSkbGetTunnelOptFnSkbSetTunnelOptFnSkbChangeProtoFnSkbChangeTypeFnSkbUnderCgroupFnGetHashRecalcFnGetCurrentTaskFnProbeWriteUserFnCurrentTaskUnderCgroupFnSkbChangeTailFnSkbPullDataFnCsumUpdateFnSetHashInvalidFnGetNumaNodeIdFnSkbChangeHeadFnXdpAdjustHeadFnProbeReadStrFnGetSocketCookieFnGetSocketUidFnSetHashFnSetsockoptFnSkbAdjustRoomFnRedirectMapFnSkRedirectMapFnSockMapUpdateFnXdpAdjustMetaFnPerfEventReadValueFnPerfProgReadValueFnGetsockoptFnOverrideReturnFnSockOpsCbFlagsSetFnMsgRedirectMapFnMsgApplyBytesFnMsgCorkBytesFnMsgPullDataFnBindFnXdpAdjustTailFnSkbGetXfrmStateFnGetStackFnSkbLoadBytesRelativeFnFibLookupFnSockHashUpdateFnMsgRedirectHashFnSkRedirectHashFnLwtPushEncapFnLwtSeg6StoreBytesFnLwtSeg6AdjustSrhFnLwtSeg6ActionFnRcRepeatFnRcKeydownFnSkbCgroupIdFnGetCurrentCgroupIdFnGetLocalStorageFnSkSelectReuseportFnSkbAncestorCgroupIdFnSkLookupTcpFnSkLookupUdpFnSkReleaseFnMapPushElemFnMapPopElemFnMapPeekElemFnMsgPushDataFnMsgPopDataFnRcPointerRelFnSpinLockFnSpinUnlockFnSkFullsockFnTcpSockFnSkbEcnSetCeFnGetListenerSockFnSkcLookupTcpFnTcpCheckSyncookieFnSysctlGetNameFnSysctlGetCurrentValueFnSysctlGetNewValueFnSysctlSetNewValueFnStrtolFnStrtoulFnSkStorageGetFnSkStorageDeleteFnSendSignalFnTcpGenSyncookieFnSkbOutputFnProbeReadUserFnProbeReadKernelFnProbeReadUserStrFnProbeReadKernelStrFnTcpSendAckFnSendSignalThreadFnJiffies64FnReadBranchRecordsFnGetNsCurrentPidTgidFnXdpOutputFnGetNetnsCookieFnGetCurrentAncestorCgroupIdFnSkAssignFnKtimeGetBootNsFnSeqPrintfFnSeqWriteFnSkCgroupIdFnSkAncestorCgroupIdFnRingbufOutputFnRingbufReserveFnRingbufSubmitFnRingbufDiscardFnRingbufQueryFnCsumLevelFnSkcToTcp6SockFnSkcToTcpSockFnSkcToTcpTimewaitSockFnSkcToTcpRequestSockFnSkcToUdp6SockFnGetTaskStackFnLoadHdrOptFnStoreHdrOptFnReserveHdrOptFnInodeStorageGetFnInodeStorageDeleteFnDPathFnCopyFromUserFnSnprintfBtfFnSeqPrintfBtfFnSkbCgroupClassidFnRedirectNeighFnPerCpuPtrFnThisCpuPtrFnRedirectPeerFnTaskStorageGetFnTaskStorageDeleteFnGetCurrentTaskBtfFnBprmOptsSetFnKtimeGetCoarseNsFnImaInodeHashFnSockFromFileFnCheckMtuFnForEachMapElemFnSnprintfFnSysBpfFnBtfFindByNameKindFnSysCloseFnTimerInitFnTimerSetCallbackFnTimerStartFnTimerCancelFnGetFuncIpFnGetAttachCookieFnTaskPtRegsFnGetBranchSnapshotFnTraceVprintkFnSkcToUnixSockFnKallsymsLookupNameFnFindVmaFnLoopFnStrncmpFnGetFuncArgFnGetFuncRetFnGetFuncArgCntFnGetRetvalFnSetRetvalFnXdpGetBuffLenFnXdpLoadBytesFnXdpStoreBytesFnCopyFromUserTaskFnSkbSetTstampFnImaFileHashFnKptrXchgFnMapLookupPercpuElemFnSkcToMptcpSockFnDynptrFromMemFnRingbufReserveDynptrFnRingbufSubmitDynptrFnRingbufDiscardDynptrFnDynptrReadFnDynptrWriteFnDynptrDataFnTcpRawGenSyncookieIpv4FnTcpRawGenSyncookieIpv6FnTcpRawCheckSyncookieIpv4FnTcpRawCheckSyncookieIpv6FnKtimeGetTaiNsFnUserRingbufDrainFnCgrpStorageGetFnCgrpStorageDeletemaxBuiltinFunc" +const _BuiltinFunc_name = "FnUnspecFnMapLookupElemFnMapUpdateElemFnMapDeleteElemFnProbeReadFnKtimeGetNsFnTracePrintkFnGetPrandomU32FnGetSmpProcessorIdFnSkbStoreBytesFnL3CsumReplaceFnL4CsumReplaceFnTailCallFnCloneRedirectFnGetCurrentPidTgidFnGetCurrentUidGidFnGetCurrentCommFnGetCgroupClassidFnSkbVlanPushFnSkbVlanPopFnSkbGetTunnelKeyFnSkbSetTunnelKeyFnPerfEventReadFnRedirectFnGetRouteRealmFnPerfEventOutputFnSkbLoadBytesFnGetStackidFnCsumDiffFnSkbGetTunnelOptFnSkbSetTunnelOptFnSkbChangeProtoFnSkbChangeTypeFnSkbUnderCgroupFnGetHashRecalcFnGetCurrentTaskFnProbeWriteUserFnCurrentTaskUnderCgroupFnSkbChangeTailFnSkbPullDataFnCsumUpdateFnSetHashInvalidFnGetNumaNodeIdFnSkbChangeHeadFnXdpAdjustHeadFnProbeReadStrFnGetSocketCookieFnGetSocketUidFnSetHashFnSetsockoptFnSkbAdjustRoomFnRedirectMapFnSkRedirectMapFnSockMapUpdateFnXdpAdjustMetaFnPerfEventReadValueFnPerfProgReadValueFnGetsockoptFnOverrideReturnFnSockOpsCbFlagsSetFnMsgRedirectMapFnMsgApplyBytesFnMsgCorkBytesFnMsgPullDataFnBindFnXdpAdjustTailFnSkbGetXfrmStateFnGetStackFnSkbLoadBytesRelativeFnFibLookupFnSockHashUpdateFnMsgRedirectHashFnSkRedirectHashFnLwtPushEncapFnLwtSeg6StoreBytesFnLwtSeg6AdjustSrhFnLwtSeg6ActionFnRcRepeatFnRcKeydownFnSkbCgroupIdFnGetCurrentCgroupIdFnGetLocalStorageFnSkSelectReuseportFnSkbAncestorCgroupIdFnSkLookupTcpFnSkLookupUdpFnSkReleaseFnMapPushElemFnMapPopElemFnMapPeekElemFnMsgPushDataFnMsgPopDataFnRcPointerRelFnSpinLockFnSpinUnlockFnSkFullsockFnTcpSockFnSkbEcnSetCeFnGetListenerSockFnSkcLookupTcpFnTcpCheckSyncookieFnSysctlGetNameFnSysctlGetCurrentValueFnSysctlGetNewValueFnSysctlSetNewValueFnStrtolFnStrtoulFnSkStorageGetFnSkStorageDeleteFnSendSignalFnTcpGenSyncookieFnSkbOutputFnProbeReadUserFnProbeReadKernelFnProbeReadUserStrFnProbeReadKernelStrFnTcpSendAckFnSendSignalThreadFnJiffies64FnReadBranchRecordsFnGetNsCurrentPidTgidFnXdpOutputFnGetNetnsCookieFnGetCurrentAncestorCgroupIdFnSkAssignFnKtimeGetBootNsFnSeqPrintfFnSeqWriteFnSkCgroupIdFnSkAncestorCgroupIdFnRingbufOutputFnRingbufReserveFnRingbufSubmitFnRingbufDiscardFnRingbufQueryFnCsumLevelFnSkcToTcp6SockFnSkcToTcpSockFnSkcToTcpTimewaitSockFnSkcToTcpRequestSockFnSkcToUdp6SockFnGetTaskStackFnLoadHdrOptFnStoreHdrOptFnReserveHdrOptFnInodeStorageGetFnInodeStorageDeleteFnDPathFnCopyFromUserFnSnprintfBtfFnSeqPrintfBtfFnSkbCgroupClassidFnRedirectNeighFnPerCpuPtrFnThisCpuPtrFnRedirectPeerFnTaskStorageGetFnTaskStorageDeleteFnGetCurrentTaskBtfFnBprmOptsSetFnKtimeGetCoarseNsFnImaInodeHashFnSockFromFileFnCheckMtuFnForEachMapElemFnSnprintfFnSysBpfFnBtfFindByNameKindFnSysCloseFnTimerInitFnTimerSetCallbackFnTimerStartFnTimerCancelFnGetFuncIpFnGetAttachCookieFnTaskPtRegsFnGetBranchSnapshotFnTraceVprintkFnSkcToUnixSockFnKallsymsLookupNameFnFindVmaFnLoopFnStrncmpFnGetFuncArgFnGetFuncRetFnGetFuncArgCntFnGetRetvalFnSetRetvalFnXdpGetBuffLenFnXdpLoadBytesFnXdpStoreBytesFnCopyFromUserTaskFnSkbSetTstampFnImaFileHashFnKptrXchgFnMapLookupPercpuElemFnSkcToMptcpSockFnDynptrFromMemFnRingbufReserveDynptrFnRingbufSubmitDynptrFnRingbufDiscardDynptrFnDynptrReadFnDynptrWriteFnDynptrDataFnTcpRawGenSyncookieIpv4FnTcpRawGenSyncookieIpv6FnTcpRawCheckSyncookieIpv4FnTcpRawCheckSyncookieIpv6FnKtimeGetTaiNsFnUserRingbufDrainFnCgrpStorageGetFnCgrpStorageDelete" -var _BuiltinFunc_index = [...]uint16{0, 8, 23, 38, 53, 64, 76, 89, 104, 123, 138, 153, 168, 178, 193, 212, 230, 246, 264, 277, 289, 306, 323, 338, 348, 363, 380, 394, 406, 416, 433, 450, 466, 481, 497, 512, 528, 544, 568, 583, 596, 608, 624, 639, 654, 669, 683, 700, 714, 723, 735, 750, 763, 778, 793, 808, 828, 847, 859, 875, 894, 910, 925, 939, 952, 958, 973, 990, 1000, 1022, 1033, 1049, 1066, 1082, 1096, 1115, 1133, 1148, 1158, 1169, 1182, 1202, 1219, 1238, 1259, 1272, 1285, 1296, 1309, 1321, 1334, 1347, 1359, 1373, 1383, 1395, 1407, 1416, 1429, 1446, 1460, 1479, 1494, 1517, 1536, 1555, 1563, 1572, 1586, 1603, 1615, 1632, 1643, 1658, 1675, 1693, 1713, 1725, 1743, 1754, 1773, 1794, 1805, 1821, 1849, 1859, 1875, 1886, 1896, 1908, 1928, 1943, 1959, 1974, 1990, 2004, 2015, 2030, 2044, 2066, 2087, 2102, 2116, 2128, 2141, 2156, 2173, 2193, 2200, 2214, 2227, 2241, 2259, 2274, 2285, 2297, 2311, 2327, 2346, 2365, 2378, 2396, 2410, 2424, 2434, 2450, 2460, 2468, 2487, 2497, 2508, 2526, 2538, 2551, 2562, 2579, 2591, 2610, 2624, 2639, 2659, 2668, 2674, 2683, 2695, 2707, 2722, 2733, 2744, 2759, 2773, 2788, 2806, 2820, 2833, 2843, 2864, 2880, 2895, 2917, 2938, 2960, 2972, 2985, 2997, 3021, 3045, 3071, 3097, 3112, 3130, 3146, 3165, 3179} +var _BuiltinFunc_index = [...]uint16{0, 8, 23, 38, 53, 64, 76, 89, 104, 123, 138, 153, 168, 178, 193, 212, 230, 246, 264, 277, 289, 306, 323, 338, 348, 363, 380, 394, 406, 416, 433, 450, 466, 481, 497, 512, 528, 544, 568, 583, 596, 608, 624, 639, 654, 669, 683, 700, 714, 723, 735, 750, 763, 778, 793, 808, 828, 847, 859, 875, 894, 910, 925, 939, 952, 958, 973, 990, 1000, 1022, 1033, 1049, 1066, 1082, 1096, 1115, 1133, 1148, 1158, 1169, 1182, 1202, 1219, 1238, 1259, 1272, 1285, 1296, 1309, 1321, 1334, 1347, 1359, 1373, 1383, 1395, 1407, 1416, 1429, 1446, 1460, 1479, 1494, 1517, 1536, 1555, 1563, 1572, 1586, 1603, 1615, 1632, 1643, 1658, 1675, 1693, 1713, 1725, 1743, 1754, 1773, 1794, 1805, 1821, 1849, 1859, 1875, 1886, 1896, 1908, 1928, 1943, 1959, 1974, 1990, 2004, 2015, 2030, 2044, 2066, 2087, 2102, 2116, 2128, 2141, 2156, 2173, 2193, 2200, 2214, 2227, 2241, 2259, 2274, 2285, 2297, 2311, 2327, 2346, 2365, 2378, 2396, 2410, 2424, 2434, 2450, 2460, 2468, 2487, 2497, 2508, 2526, 2538, 2551, 2562, 2579, 2591, 2610, 2624, 2639, 2659, 2668, 2674, 2683, 2695, 2707, 2722, 2733, 2744, 2759, 2773, 2788, 2806, 2820, 2833, 2843, 2864, 2880, 2895, 2917, 2938, 2960, 2972, 2985, 2997, 3021, 3045, 3071, 3097, 3112, 3130, 3146, 3165} func (i BuiltinFunc) String() string { if i < 0 || i >= BuiltinFunc(len(_BuiltinFunc_index)-1) { diff --git a/vendor/github.com/cilium/ebpf/asm/instruction.go b/vendor/github.com/cilium/ebpf/asm/instruction.go index 67cd39d6f67..86b384c02a9 100644 --- a/vendor/github.com/cilium/ebpf/asm/instruction.go +++ b/vendor/github.com/cilium/ebpf/asm/instruction.go @@ -12,7 +12,6 @@ import ( "strings" "github.com/cilium/ebpf/internal/sys" - "github.com/cilium/ebpf/internal/unix" ) // InstructionSize is the size of a BPF instruction in bytes @@ -804,7 +803,7 @@ func (insns Instructions) Tag(bo binary.ByteOrder) (string, error) { return "", fmt.Errorf("instruction %d: %w", i, err) } } - return hex.EncodeToString(h.Sum(nil)[:unix.BPF_TAG_SIZE]), nil + return hex.EncodeToString(h.Sum(nil)[:sys.BPF_TAG_SIZE]), nil } // encodeFunctionReferences populates the Offset (or Constant, depending on diff --git a/vendor/github.com/cilium/ebpf/attachtype_string.go b/vendor/github.com/cilium/ebpf/attachtype_string.go index bece896bb61..84445a32562 100644 --- a/vendor/github.com/cilium/ebpf/attachtype_string.go +++ b/vendor/github.com/cilium/ebpf/attachtype_string.go @@ -52,6 +52,7 @@ func _() { _ = x[AttachSkReuseportSelectOrMigrate-40] _ = x[AttachPerfEvent-41] _ = x[AttachTraceKprobeMulti-42] + _ = x[AttachTraceKprobeSession-56] _ = x[AttachLSMCgroup-43] _ = x[AttachStructOps-44] _ = x[AttachNetfilter-45] @@ -67,9 +68,9 @@ func _() { _ = x[AttachNetkitPeer-55] } -const _AttachType_name = "NoneCGroupInetEgressCGroupInetSockCreateCGroupSockOpsSkSKBStreamParserSkSKBStreamVerdictCGroupDeviceSkMsgVerdictCGroupInet4BindCGroupInet6BindCGroupInet4ConnectCGroupInet6ConnectCGroupInet4PostBindCGroupInet6PostBindCGroupUDP4SendmsgCGroupUDP6SendmsgLircMode2FlowDissectorCGroupSysctlCGroupUDP4RecvmsgCGroupUDP6RecvmsgCGroupGetsockoptCGroupSetsockoptTraceRawTpTraceFEntryTraceFExitModifyReturnLSMMacTraceIterCgroupInet4GetPeernameCgroupInet6GetPeernameCgroupInet4GetSocknameCgroupInet6GetSocknameXDPDevMapCgroupInetSockReleaseXDPCPUMapSkLookupXDPSkSKBVerdictSkReuseportSelectSkReuseportSelectOrMigratePerfEventTraceKprobeMultiLSMCgroupStructOpsNetfilterTCXIngressTCXEgressTraceUprobeMultiCgroupUnixConnectCgroupUnixSendmsgCgroupUnixRecvmsgCgroupUnixGetpeernameCgroupUnixGetsocknameNetkitPrimaryNetkitPeer" +const _AttachType_name = "NoneCGroupInetEgressCGroupInetSockCreateCGroupSockOpsSkSKBStreamParserSkSKBStreamVerdictCGroupDeviceSkMsgVerdictCGroupInet4BindCGroupInet6BindCGroupInet4ConnectCGroupInet6ConnectCGroupInet4PostBindCGroupInet6PostBindCGroupUDP4SendmsgCGroupUDP6SendmsgLircMode2FlowDissectorCGroupSysctlCGroupUDP4RecvmsgCGroupUDP6RecvmsgCGroupGetsockoptCGroupSetsockoptTraceRawTpTraceFEntryTraceFExitModifyReturnLSMMacTraceIterCgroupInet4GetPeernameCgroupInet6GetPeernameCgroupInet4GetSocknameCgroupInet6GetSocknameXDPDevMapCgroupInetSockReleaseXDPCPUMapSkLookupXDPSkSKBVerdictSkReuseportSelectSkReuseportSelectOrMigratePerfEventTraceKprobeMultiLSMCgroupStructOpsNetfilterTCXIngressTCXEgressTraceUprobeMultiCgroupUnixConnectCgroupUnixSendmsgCgroupUnixRecvmsgCgroupUnixGetpeernameCgroupUnixGetsocknameNetkitPrimaryNetkitPeerTraceKprobeSession" -var _AttachType_index = [...]uint16{0, 4, 20, 40, 53, 70, 88, 100, 112, 127, 142, 160, 178, 197, 216, 233, 250, 259, 272, 284, 301, 318, 334, 350, 360, 371, 381, 393, 399, 408, 430, 452, 474, 496, 505, 526, 535, 543, 546, 558, 575, 601, 610, 626, 635, 644, 653, 663, 672, 688, 705, 722, 739, 760, 781, 794, 804} +var _AttachType_index = [...]uint16{0, 4, 20, 40, 53, 70, 88, 100, 112, 127, 142, 160, 178, 197, 216, 233, 250, 259, 272, 284, 301, 318, 334, 350, 360, 371, 381, 393, 399, 408, 430, 452, 474, 496, 505, 526, 535, 543, 546, 558, 575, 601, 610, 626, 635, 644, 653, 663, 672, 688, 705, 722, 739, 760, 781, 794, 804, 822} func (i AttachType) String() string { if i >= AttachType(len(_AttachType_index)-1) { diff --git a/vendor/github.com/cilium/ebpf/btf/btf.go b/vendor/github.com/cilium/ebpf/btf/btf.go index 671f680b2af..e8f80c13997 100644 --- a/vendor/github.com/cilium/ebpf/btf/btf.go +++ b/vendor/github.com/cilium/ebpf/btf/btf.go @@ -99,6 +99,10 @@ func (mt *mutableTypes) copy() *mutableTypes { return nil } + // Prevent concurrent modification of mt.copiedTypeIDs. + mt.mu.RLock() + defer mt.mu.RUnlock() + mtCopy := &mutableTypes{ mt.imm, sync.RWMutex{}, @@ -106,10 +110,6 @@ func (mt *mutableTypes) copy() *mutableTypes { make(map[Type]TypeID, len(mt.copiedTypeIDs)), } - // Prevent concurrent modification of mt.copiedTypeIDs. - mt.mu.RLock() - defer mt.mu.RUnlock() - copiesOfCopies := make(map[Type]Type, len(mt.copies)) for orig, copy := range mt.copies { // NB: We make a copy of copy, not orig, so that changes to mutable types @@ -443,13 +443,19 @@ func fixupDatasec(types []Type, sectionSizes map[string]uint32, offsets map[symb // Some Datasecs are virtual and don't have corresponding ELF sections. switch name { case ".ksyms": - // .ksyms describes forward declarations of kfunc signatures. + // .ksyms describes forward declarations of kfunc signatures, as well as + // references to kernel symbols. // Nothing to fix up, all sizes and offsets are 0. for _, vsi := range ds.Vars { - _, ok := vsi.Type.(*Func) - if !ok { - // Only Funcs are supported in the .ksyms Datasec. - return fmt.Errorf("data section %s: expected *btf.Func, not %T: %w", name, vsi.Type, ErrNotSupported) + switch t := vsi.Type.(type) { + case *Func: + continue + case *Var: + if _, ok := t.Type.(*Void); !ok { + return fmt.Errorf("data section %s: expected %s to be *Void, not %T: %w", name, vsi.Type.TypeName(), vsi.Type, ErrNotSupported) + } + default: + return fmt.Errorf("data section %s: expected to be either *btf.Func or *btf.Var, not %T: %w", name, vsi.Type, ErrNotSupported) } } @@ -695,5 +701,13 @@ func (iter *TypesIterator) Next() bool { iter.Type, ok = iter.spec.typeByID(iter.id) iter.id++ iter.done = !ok + if !iter.done { + // Skip declTags, during unmarshaling declTags become `Tags` fields of other types. + // We keep them in the spec to avoid holes in the ID space, but for the purposes of + // iteration, they are not useful to the user. + if _, ok := iter.Type.(*declTag); ok { + return iter.Next() + } + } return !iter.done } diff --git a/vendor/github.com/cilium/ebpf/btf/btf_types.go b/vendor/github.com/cilium/ebpf/btf/btf_types.go index f0e327abc0e..320311b3320 100644 --- a/vendor/github.com/cilium/ebpf/btf/btf_types.go +++ b/vendor/github.com/cilium/ebpf/btf/btf_types.go @@ -39,6 +39,7 @@ const ( kindFloat // Float // Added 5.16 kindDeclTag // DeclTag + // Added 5.17 kindTypeTag // TypeTag // Added 6.0 kindEnum64 // Enum64 diff --git a/vendor/github.com/cilium/ebpf/btf/ext_info.go b/vendor/github.com/cilium/ebpf/btf/ext_info.go index eb9044badf2..71dbba8061b 100644 --- a/vendor/github.com/cilium/ebpf/btf/ext_info.go +++ b/vendor/github.com/cilium/ebpf/btf/ext_info.go @@ -16,8 +16,8 @@ import ( // ExtInfos contains ELF section metadata. type ExtInfos struct { // The slices are sorted by offset in ascending order. - funcInfos map[string]FuncInfos - lineInfos map[string]LineInfos + funcInfos map[string]FuncOffsets + lineInfos map[string]LineOffsets relocationInfos map[string]CORERelocationInfos } @@ -58,9 +58,9 @@ func loadExtInfos(r io.ReaderAt, bo binary.ByteOrder, spec *Spec) (*ExtInfos, er return nil, fmt.Errorf("parsing BTF function info: %w", err) } - funcInfos := make(map[string]FuncInfos, len(btfFuncInfos)) + funcInfos := make(map[string]FuncOffsets, len(btfFuncInfos)) for section, bfis := range btfFuncInfos { - funcInfos[section], err = newFuncInfos(bfis, spec) + funcInfos[section], err = newFuncOffsets(bfis, spec) if err != nil { return nil, fmt.Errorf("section %s: func infos: %w", section, err) } @@ -72,7 +72,7 @@ func loadExtInfos(r io.ReaderAt, bo binary.ByteOrder, spec *Spec) (*ExtInfos, er return nil, fmt.Errorf("parsing BTF line info: %w", err) } - lineInfos := make(map[string]LineInfos, len(btfLineInfos)) + lineInfos := make(map[string]LineOffsets, len(btfLineInfos)) for section, blis := range btfLineInfos { lineInfos[section], err = newLineInfos(blis, spec.strings) if err != nil { @@ -102,8 +102,10 @@ func loadExtInfos(r io.ReaderAt, bo binary.ByteOrder, spec *Spec) (*ExtInfos, er return &ExtInfos{funcInfos, lineInfos, coreRelos}, nil } -type funcInfoMeta struct{} -type coreRelocationMeta struct{} +type ( + funcInfoMeta struct{} + coreRelocationMeta struct{} +) // Assign per-section metadata from BTF to a section's instructions. func (ei *ExtInfos) Assign(insns asm.Instructions, section string) { @@ -117,20 +119,20 @@ func (ei *ExtInfos) Assign(insns asm.Instructions, section string) { // Assign per-instruction metadata to the instructions in insns. func AssignMetadataToInstructions( insns asm.Instructions, - funcInfos FuncInfos, - lineInfos LineInfos, + funcInfos FuncOffsets, + lineInfos LineOffsets, reloInfos CORERelocationInfos, ) { iter := insns.Iterate() for iter.Next() { - if len(funcInfos.infos) > 0 && funcInfos.infos[0].offset == iter.Offset { - *iter.Ins = WithFuncMetadata(*iter.Ins, funcInfos.infos[0].fn) - funcInfos.infos = funcInfos.infos[1:] + if len(funcInfos) > 0 && funcInfos[0].Offset == iter.Offset { + *iter.Ins = WithFuncMetadata(*iter.Ins, funcInfos[0].Func) + funcInfos = funcInfos[1:] } - if len(lineInfos.infos) > 0 && lineInfos.infos[0].offset == iter.Offset { - *iter.Ins = iter.Ins.WithSource(lineInfos.infos[0].line) - lineInfos.infos = lineInfos.infos[1:] + if len(lineInfos) > 0 && lineInfos[0].Offset == iter.Offset { + *iter.Ins = iter.Ins.WithSource(lineInfos[0].Line) + lineInfos = lineInfos[1:] } if len(reloInfos.infos) > 0 && reloInfos.infos[0].offset == iter.Offset { @@ -159,9 +161,9 @@ marshal: var fiBuf, liBuf bytes.Buffer for { if fn := FuncMetadata(iter.Ins); fn != nil { - fi := &funcInfo{ - fn: fn, - offset: iter.Offset, + fi := &FuncOffset{ + Func: fn, + Offset: iter.Offset, } if err := fi.marshal(&fiBuf, b); err != nil { return nil, nil, fmt.Errorf("write func info: %w", err) @@ -178,9 +180,9 @@ marshal: } } - li := &lineInfo{ - line: line, - offset: iter.Offset, + li := &LineOffset{ + Offset: iter.Offset, + Line: line, } if err := li.marshal(&liBuf, b); err != nil { return nil, nil, fmt.Errorf("write line info: %w", err) @@ -333,17 +335,17 @@ func parseExtInfoRecordSize(r io.Reader, bo binary.ByteOrder) (uint32, error) { return recordSize, nil } -// FuncInfos contains a sorted list of func infos. -type FuncInfos struct { - infos []funcInfo -} +// FuncOffsets is a sorted slice of FuncOffset. +type FuncOffsets []FuncOffset // The size of a FuncInfo in BTF wire format. var FuncInfoSize = uint32(binary.Size(bpfFuncInfo{})) -type funcInfo struct { - fn *Func - offset asm.RawInstructionOffset +// FuncOffset represents a [btf.Func] and its raw instruction offset within a +// BPF program. +type FuncOffset struct { + Offset asm.RawInstructionOffset + Func *Func } type bpfFuncInfo struct { @@ -352,7 +354,7 @@ type bpfFuncInfo struct { TypeID TypeID } -func newFuncInfo(fi bpfFuncInfo, spec *Spec) (*funcInfo, error) { +func newFuncOffset(fi bpfFuncInfo, spec *Spec) (*FuncOffset, error) { typ, err := spec.TypeByID(fi.TypeID) if err != nil { return nil, err @@ -368,31 +370,32 @@ func newFuncInfo(fi bpfFuncInfo, spec *Spec) (*funcInfo, error) { return nil, fmt.Errorf("func with type ID %d doesn't have a name", fi.TypeID) } - return &funcInfo{ - fn, + return &FuncOffset{ asm.RawInstructionOffset(fi.InsnOff), + fn, }, nil } -func newFuncInfos(bfis []bpfFuncInfo, spec *Spec) (FuncInfos, error) { - fis := FuncInfos{ - infos: make([]funcInfo, 0, len(bfis)), - } +func newFuncOffsets(bfis []bpfFuncInfo, spec *Spec) (FuncOffsets, error) { + fos := make(FuncOffsets, 0, len(bfis)) + for _, bfi := range bfis { - fi, err := newFuncInfo(bfi, spec) + fi, err := newFuncOffset(bfi, spec) if err != nil { - return FuncInfos{}, fmt.Errorf("offset %d: %w", bfi.InsnOff, err) + return FuncOffsets{}, fmt.Errorf("offset %d: %w", bfi.InsnOff, err) } - fis.infos = append(fis.infos, *fi) + fos = append(fos, *fi) } - sort.Slice(fis.infos, func(i, j int) bool { - return fis.infos[i].offset <= fis.infos[j].offset + sort.Slice(fos, func(i, j int) bool { + return fos[i].Offset <= fos[j].Offset }) - return fis, nil + return fos, nil } -// LoadFuncInfos parses BTF func info in kernel wire format. -func LoadFuncInfos(reader io.Reader, bo binary.ByteOrder, recordNum uint32, spec *Spec) (FuncInfos, error) { +// LoadFuncInfos parses BTF func info from kernel wire format into a +// [FuncOffsets], a sorted slice of [btf.Func]s of (sub)programs within a BPF +// program with their corresponding raw instruction offsets. +func LoadFuncInfos(reader io.Reader, bo binary.ByteOrder, recordNum uint32, spec *Spec) (FuncOffsets, error) { fis, err := parseFuncInfoRecords( reader, bo, @@ -401,20 +404,20 @@ func LoadFuncInfos(reader io.Reader, bo binary.ByteOrder, recordNum uint32, spec false, ) if err != nil { - return FuncInfos{}, fmt.Errorf("parsing BTF func info: %w", err) + return FuncOffsets{}, fmt.Errorf("parsing BTF func info: %w", err) } - return newFuncInfos(fis, spec) + return newFuncOffsets(fis, spec) } // marshal into the BTF wire format. -func (fi *funcInfo) marshal(w *bytes.Buffer, b *Builder) error { - id, err := b.Add(fi.fn) +func (fi *FuncOffset) marshal(w *bytes.Buffer, b *Builder) error { + id, err := b.Add(fi.Func) if err != nil { return err } bfi := bpfFuncInfo{ - InsnOff: uint32(fi.offset), + InsnOff: uint32(fi.Offset), TypeID: id, } buf := make([]byte, FuncInfoSize) @@ -515,14 +518,13 @@ func (li *Line) String() string { return li.line } -// LineInfos contains a sorted list of line infos. -type LineInfos struct { - infos []lineInfo -} +// LineOffsets contains a sorted list of line infos. +type LineOffsets []LineOffset -type lineInfo struct { - line *Line - offset asm.RawInstructionOffset +// LineOffset represents a line info and its raw instruction offset. +type LineOffset struct { + Offset asm.RawInstructionOffset + Line *Line } // Constants for the format of bpfLineInfo.LineCol. @@ -541,7 +543,7 @@ type bpfLineInfo struct { } // LoadLineInfos parses BTF line info in kernel wire format. -func LoadLineInfos(reader io.Reader, bo binary.ByteOrder, recordNum uint32, spec *Spec) (LineInfos, error) { +func LoadLineInfos(reader io.Reader, bo binary.ByteOrder, recordNum uint32, spec *Spec) (LineOffsets, error) { lis, err := parseLineInfoRecords( reader, bo, @@ -550,57 +552,55 @@ func LoadLineInfos(reader io.Reader, bo binary.ByteOrder, recordNum uint32, spec false, ) if err != nil { - return LineInfos{}, fmt.Errorf("parsing BTF line info: %w", err) + return LineOffsets{}, fmt.Errorf("parsing BTF line info: %w", err) } return newLineInfos(lis, spec.strings) } -func newLineInfo(li bpfLineInfo, strings *stringTable) (lineInfo, error) { +func newLineInfo(li bpfLineInfo, strings *stringTable) (LineOffset, error) { line, err := strings.Lookup(li.LineOff) if err != nil { - return lineInfo{}, fmt.Errorf("lookup of line: %w", err) + return LineOffset{}, fmt.Errorf("lookup of line: %w", err) } fileName, err := strings.Lookup(li.FileNameOff) if err != nil { - return lineInfo{}, fmt.Errorf("lookup of filename: %w", err) + return LineOffset{}, fmt.Errorf("lookup of filename: %w", err) } lineNumber := li.LineCol >> bpfLineShift lineColumn := li.LineCol & bpfColumnMax - return lineInfo{ + return LineOffset{ + asm.RawInstructionOffset(li.InsnOff), &Line{ fileName, line, lineNumber, lineColumn, }, - asm.RawInstructionOffset(li.InsnOff), }, nil } -func newLineInfos(blis []bpfLineInfo, strings *stringTable) (LineInfos, error) { - lis := LineInfos{ - infos: make([]lineInfo, 0, len(blis)), - } +func newLineInfos(blis []bpfLineInfo, strings *stringTable) (LineOffsets, error) { + lis := make([]LineOffset, 0, len(blis)) for _, bli := range blis { li, err := newLineInfo(bli, strings) if err != nil { - return LineInfos{}, fmt.Errorf("offset %d: %w", bli.InsnOff, err) + return LineOffsets{}, fmt.Errorf("offset %d: %w", bli.InsnOff, err) } - lis.infos = append(lis.infos, li) + lis = append(lis, li) } - sort.Slice(lis.infos, func(i, j int) bool { - return lis.infos[i].offset <= lis.infos[j].offset + sort.Slice(lis, func(i, j int) bool { + return lis[i].Offset <= lis[j].Offset }) return lis, nil } // marshal writes the binary representation of the LineInfo to w. -func (li *lineInfo) marshal(w *bytes.Buffer, b *Builder) error { - line := li.line +func (li *LineOffset) marshal(w *bytes.Buffer, b *Builder) error { + line := li.Line if line.lineNumber > bpfLineMax { return fmt.Errorf("line %d exceeds %d", line.lineNumber, bpfLineMax) } @@ -620,7 +620,7 @@ func (li *lineInfo) marshal(w *bytes.Buffer, b *Builder) error { } bli := bpfLineInfo{ - uint32(li.offset), + uint32(li.Offset), fileNameOff, lineOff, (line.lineNumber << bpfLineShift) | line.lineColumn, @@ -666,20 +666,19 @@ func parseLineInfos(r io.Reader, bo binary.ByteOrder, strings *stringTable) (map // These records appear after a btf_ext_info_sec header in the line_info // sub-section of .BTF.ext. func parseLineInfoRecords(r io.Reader, bo binary.ByteOrder, recordSize uint32, recordNum uint32, offsetInBytes bool) ([]bpfLineInfo, error) { - var li bpfLineInfo - - if exp, got := uint32(binary.Size(li)), recordSize; exp != got { + if exp, got := uint32(binary.Size(bpfLineInfo{})), recordSize; exp != got { // BTF blob's record size is longer than we know how to parse. return nil, fmt.Errorf("expected LineInfo record size %d, but BTF blob contains %d", exp, got) } - out := make([]bpfLineInfo, 0, recordNum) - for i := uint32(0); i < recordNum; i++ { - if err := binary.Read(r, bo, &li); err != nil { - return nil, fmt.Errorf("can't read line info: %v", err) - } + out := make([]bpfLineInfo, recordNum) + if err := binary.Read(r, bo, out); err != nil { + return nil, fmt.Errorf("can't read line info: %v", err) + } - if offsetInBytes { + if offsetInBytes { + for i := range out { + li := &out[i] if li.InsnOff%asm.InstructionSize != 0 { return nil, fmt.Errorf("offset %v is not aligned with instruction size", li.InsnOff) } @@ -688,8 +687,6 @@ func parseLineInfoRecords(r io.Reader, bo binary.ByteOrder, recordSize uint32, r // Convert as early as possible. li.InsnOff /= asm.InstructionSize } - - out = append(out, li) } return out, nil @@ -799,7 +796,7 @@ func parseCORERelos(r io.Reader, bo binary.ByteOrder, strings *stringTable) (map return nil, err } - records, err := parseCOREReloRecords(r, bo, recordSize, infoHeader.NumInfo) + records, err := parseCOREReloRecords(r, bo, infoHeader.NumInfo) if err != nil { return nil, fmt.Errorf("section %v: %w", secName, err) } @@ -811,7 +808,7 @@ func parseCORERelos(r io.Reader, bo binary.ByteOrder, strings *stringTable) (map // parseCOREReloRecords parses a stream of CO-RE relocation entries into a // coreRelos. These records appear after a btf_ext_info_sec header in the // core_relos sub-section of .BTF.ext. -func parseCOREReloRecords(r io.Reader, bo binary.ByteOrder, recordSize uint32, recordNum uint32) ([]bpfCORERelo, error) { +func parseCOREReloRecords(r io.Reader, bo binary.ByteOrder, recordNum uint32) ([]bpfCORERelo, error) { var out []bpfCORERelo var relo bpfCORERelo diff --git a/vendor/github.com/cilium/ebpf/btf/feature.go b/vendor/github.com/cilium/ebpf/btf/feature.go index 6feb08dfbb0..e71c707fe4d 100644 --- a/vendor/github.com/cilium/ebpf/btf/feature.go +++ b/vendor/github.com/cilium/ebpf/btf/feature.go @@ -11,19 +11,19 @@ import ( // haveBTF attempts to load a BTF blob containing an Int. It should pass on any // kernel that supports BPF_BTF_LOAD. -var haveBTF = internal.NewFeatureTest("BTF", "4.18", func() error { +var haveBTF = internal.NewFeatureTest("BTF", func() error { // 0-length anonymous integer err := probeBTF(&Int{}) if errors.Is(err, unix.EINVAL) || errors.Is(err, unix.EPERM) { return internal.ErrNotSupported } return err -}) +}, "4.18") // haveMapBTF attempts to load a minimal BTF blob containing a Var. It is // used as a proxy for .bss, .data and .rodata map support, which generally // come with a Var and Datasec. These were introduced in Linux 5.2. -var haveMapBTF = internal.NewFeatureTest("Map BTF (Var/Datasec)", "5.2", func() error { +var haveMapBTF = internal.NewFeatureTest("Map BTF (Var/Datasec)", func() error { if err := haveBTF(); err != nil { return err } @@ -40,12 +40,12 @@ var haveMapBTF = internal.NewFeatureTest("Map BTF (Var/Datasec)", "5.2", func() return internal.ErrNotSupported } return err -}) +}, "5.2") // haveProgBTF attempts to load a BTF blob containing a Func and FuncProto. It // is used as a proxy for ext_info (func_info) support, which depends on // Func(Proto) by definition. -var haveProgBTF = internal.NewFeatureTest("Program BTF (func/line_info)", "5.0", func() error { +var haveProgBTF = internal.NewFeatureTest("Program BTF (func/line_info)", func() error { if err := haveBTF(); err != nil { return err } @@ -60,9 +60,9 @@ var haveProgBTF = internal.NewFeatureTest("Program BTF (func/line_info)", "5.0", return internal.ErrNotSupported } return err -}) +}, "5.0") -var haveFuncLinkage = internal.NewFeatureTest("BTF func linkage", "5.6", func() error { +var haveFuncLinkage = internal.NewFeatureTest("BTF func linkage", func() error { if err := haveProgBTF(); err != nil { return err } @@ -78,9 +78,44 @@ var haveFuncLinkage = internal.NewFeatureTest("BTF func linkage", "5.6", func() return internal.ErrNotSupported } return err -}) +}, "5.6") -var haveEnum64 = internal.NewFeatureTest("ENUM64", "6.0", func() error { +var haveDeclTags = internal.NewFeatureTest("BTF decl tags", func() error { + if err := haveBTF(); err != nil { + return err + } + + t := &Typedef{ + Name: "a", + Type: &Int{}, + Tags: []string{"a"}, + } + + err := probeBTF(t) + if errors.Is(err, unix.EINVAL) { + return internal.ErrNotSupported + } + return err +}, "5.16") + +var haveTypeTags = internal.NewFeatureTest("BTF type tags", func() error { + if err := haveBTF(); err != nil { + return err + } + + t := &TypeTag{ + Type: &Int{}, + Value: "a", + } + + err := probeBTF(t) + if errors.Is(err, unix.EINVAL) { + return internal.ErrNotSupported + } + return err +}, "5.17") + +var haveEnum64 = internal.NewFeatureTest("ENUM64", func() error { if err := haveBTF(); err != nil { return err } @@ -97,7 +132,7 @@ var haveEnum64 = internal.NewFeatureTest("ENUM64", "6.0", func() error { return internal.ErrNotSupported } return err -}) +}, "6.0") func probeBTF(typ Type) error { b, err := NewBuilder([]Type{typ}) diff --git a/vendor/github.com/cilium/ebpf/btf/format.go b/vendor/github.com/cilium/ebpf/btf/format.go index 5e581b4a851..3e0dedaa2bd 100644 --- a/vendor/github.com/cilium/ebpf/btf/format.go +++ b/vendor/github.com/cilium/ebpf/btf/format.go @@ -161,6 +161,9 @@ func (gf *GoFormatter) writeTypeLit(typ Type, depth int) error { case *Datasec: err = gf.writeDatasecLit(v, depth) + case *Var: + err = gf.writeTypeLit(v.Type, depth) + default: return fmt.Errorf("type %T: %w", v, ErrNotSupported) } diff --git a/vendor/github.com/cilium/ebpf/btf/kernel.go b/vendor/github.com/cilium/ebpf/btf/kernel.go index 8584ebcb932..1a9321f054c 100644 --- a/vendor/github.com/cilium/ebpf/btf/kernel.go +++ b/vendor/github.com/cilium/ebpf/btf/kernel.go @@ -8,7 +8,7 @@ import ( "sync" "github.com/cilium/ebpf/internal" - "github.com/cilium/ebpf/internal/kallsyms" + "github.com/cilium/ebpf/internal/linux" ) var kernelBTF = struct { @@ -21,8 +21,6 @@ var kernelBTF = struct { // FlushKernelSpec removes any cached kernel type information. func FlushKernelSpec() { - kallsyms.FlushKernelModuleCache() - kernelBTF.Lock() defer kernelBTF.Unlock() @@ -130,7 +128,7 @@ func loadKernelModuleSpec(module string, base *Spec) (*Spec, error) { // findVMLinux scans multiple well-known paths for vmlinux kernel images. func findVMLinux() (*os.File, error) { - release, err := internal.KernelRelease() + release, err := linux.KernelRelease() if err != nil { return nil, err } diff --git a/vendor/github.com/cilium/ebpf/btf/marshal.go b/vendor/github.com/cilium/ebpf/btf/marshal.go index f14cfa6e973..d7204e62476 100644 --- a/vendor/github.com/cilium/ebpf/btf/marshal.go +++ b/vendor/github.com/cilium/ebpf/btf/marshal.go @@ -18,6 +18,10 @@ type MarshalOptions struct { Order binary.ByteOrder // Remove function linkage information for compatibility with <5.6 kernels. StripFuncLinkage bool + // Replace decl tags with a placeholder for compatibility with <5.16 kernels. + ReplaceDeclTags bool + // Replace TypeTags with a placeholder for compatibility with <5.17 kernels. + ReplaceTypeTags bool // Replace Enum64 with a placeholder for compatibility with <6.0 kernels. ReplaceEnum64 bool // Prevent the "No type found" error when loading BTF without any types. @@ -29,6 +33,8 @@ func KernelMarshalOptions() *MarshalOptions { return &MarshalOptions{ Order: internal.NativeEndian, StripFuncLinkage: haveFuncLinkage() != nil, + ReplaceDeclTags: haveDeclTags() != nil, + ReplaceTypeTags: haveTypeTags() != nil, ReplaceEnum64: haveEnum64() != nil, PreventNoTypeFound: true, // All current kernels require this. } @@ -318,15 +324,7 @@ func (e *encoder) deflateType(typ Type) (err error) { return errors.New("Void is implicit in BTF wire format") case *Int: - raw.SetKind(kindInt) - raw.SetSize(v.Size) - - var bi btfInt - bi.SetEncoding(v.Encoding) - // We need to set bits in addition to size, since btf_type_int_is_regular - // otherwise flags this as a bitfield. - bi.SetBits(byte(v.Size) * 8) - raw.data = bi + e.deflateInt(&raw, v) case *Pointer: raw.SetKind(kindPointer) @@ -368,8 +366,7 @@ func (e *encoder) deflateType(typ Type) (err error) { raw.SetType(e.id(v.Type)) case *Const: - raw.SetKind(kindConst) - raw.SetType(e.id(v.Type)) + e.deflateConst(&raw, v) case *Restrict: raw.SetKind(kindRestrict) @@ -404,15 +401,10 @@ func (e *encoder) deflateType(typ Type) (err error) { raw.SetSize(v.Size) case *declTag: - raw.SetKind(kindDeclTag) - raw.SetType(e.id(v.Type)) - raw.data = &btfDeclTag{uint32(v.Index)} - raw.NameOff, err = e.strings.Add(v.Value) + err = e.deflateDeclTag(&raw, v) - case *typeTag: - raw.SetKind(kindTypeTag) - raw.SetType(e.id(v.Type)) - raw.NameOff, err = e.strings.Add(v.Value) + case *TypeTag: + err = e.deflateTypeTag(&raw, v) default: return fmt.Errorf("don't know how to deflate %T", v) @@ -425,6 +417,57 @@ func (e *encoder) deflateType(typ Type) (err error) { return raw.Marshal(e.buf, e.Order) } +func (e *encoder) deflateInt(raw *rawType, i *Int) { + raw.SetKind(kindInt) + raw.SetSize(i.Size) + + var bi btfInt + bi.SetEncoding(i.Encoding) + // We need to set bits in addition to size, since btf_type_int_is_regular + // otherwise flags this as a bitfield. + bi.SetBits(byte(i.Size) * 8) + raw.data = bi +} + +func (e *encoder) deflateDeclTag(raw *rawType, tag *declTag) (err error) { + // Replace a decl tag with an integer for compatibility with <5.16 kernels, + // following libbpf behaviour. + if e.ReplaceDeclTags { + typ := &Int{"decl_tag_placeholder", 1, Unsigned} + e.deflateInt(raw, typ) + + // Add the placeholder type name to the string table. The encoder added the + // original type name before this call. + raw.NameOff, err = e.strings.Add(typ.TypeName()) + return + } + + raw.SetKind(kindDeclTag) + raw.SetType(e.id(tag.Type)) + raw.data = &btfDeclTag{uint32(tag.Index)} + raw.NameOff, err = e.strings.Add(tag.Value) + return +} + +func (e *encoder) deflateConst(raw *rawType, c *Const) { + raw.SetKind(kindConst) + raw.SetType(e.id(c.Type)) +} + +func (e *encoder) deflateTypeTag(raw *rawType, tag *TypeTag) (err error) { + // Replace a type tag with a const qualifier for compatibility with <5.17 + // kernels, following libbpf behaviour. + if e.ReplaceTypeTags { + e.deflateConst(raw, &Const{tag.Type}) + return + } + + raw.SetKind(kindTypeTag) + raw.SetType(e.id(tag.Type)) + raw.NameOff, err = e.strings.Add(tag.Value) + return +} + func (e *encoder) deflateUnion(raw *rawType, union *Union) (err error) { raw.SetKind(kindUnion) raw.SetSize(union.Size) @@ -521,7 +564,7 @@ func (e *encoder) deflateEnum64(raw *rawType, enum *Enum) (err error) { }) } - return e.deflateUnion(raw, &Union{enum.Name, enum.Size, members}) + return e.deflateUnion(raw, &Union{enum.Name, enum.Size, members, nil}) } raw.SetKind(kindEnum64) diff --git a/vendor/github.com/cilium/ebpf/btf/traversal.go b/vendor/github.com/cilium/ebpf/btf/traversal.go index c39dc66e46c..13647d931ff 100644 --- a/vendor/github.com/cilium/ebpf/btf/traversal.go +++ b/vendor/github.com/cilium/ebpf/btf/traversal.go @@ -40,9 +40,12 @@ func children(typ Type, yield func(child *Type) bool) bool { // Explicitly type switch on the most common types to allow the inliner to // do its work. This avoids allocating intermediate slices from walk() on // the heap. + var tags []string switch v := typ.(type) { - case *Void, *Int, *Enum, *Fwd, *Float: + case *Void, *Int, *Enum, *Fwd, *Float, *declTag: // No children to traverse. + // declTags is declared as a leaf type since it's parsed into .Tags fields of other types + // during unmarshaling. case *Pointer: if !yield(&v.Target) { return false @@ -59,17 +62,32 @@ func children(typ Type, yield func(child *Type) bool) bool { if !yield(&v.Members[i].Type) { return false } + for _, t := range v.Members[i].Tags { + var tag Type = &declTag{v, t, i} + if !yield(&tag) { + return false + } + } } + tags = v.Tags case *Union: for i := range v.Members { if !yield(&v.Members[i].Type) { return false } + for _, t := range v.Members[i].Tags { + var tag Type = &declTag{v, t, i} + if !yield(&tag) { + return false + } + } } + tags = v.Tags case *Typedef: if !yield(&v.Type) { return false } + tags = v.Tags case *Volatile: if !yield(&v.Type) { return false @@ -86,6 +104,20 @@ func children(typ Type, yield func(child *Type) bool) bool { if !yield(&v.Type) { return false } + if fp, ok := v.Type.(*FuncProto); ok { + for i := range fp.Params { + if len(v.ParamTags) <= i { + continue + } + for _, t := range v.ParamTags[i] { + var tag Type = &declTag{v, t, i} + if !yield(&tag) { + return false + } + } + } + } + tags = v.Tags case *FuncProto: if !yield(&v.Return) { return false @@ -99,17 +131,14 @@ func children(typ Type, yield func(child *Type) bool) bool { if !yield(&v.Type) { return false } + tags = v.Tags case *Datasec: for i := range v.Vars { if !yield(&v.Vars[i].Type) { return false } } - case *declTag: - if !yield(&v.Type) { - return false - } - case *typeTag: + case *TypeTag: if !yield(&v.Type) { return false } @@ -119,5 +148,12 @@ func children(typ Type, yield func(child *Type) bool) bool { panic(fmt.Sprintf("don't know how to walk Type %T", v)) } + for _, t := range tags { + var tag Type = &declTag{typ, t, -1} + if !yield(&tag) { + return false + } + } + return true } diff --git a/vendor/github.com/cilium/ebpf/btf/types.go b/vendor/github.com/cilium/ebpf/btf/types.go index a3397460b9d..dbcdf9dd7aa 100644 --- a/vendor/github.com/cilium/ebpf/btf/types.go +++ b/vendor/github.com/cilium/ebpf/btf/types.go @@ -67,7 +67,7 @@ var ( _ Type = (*Datasec)(nil) _ Type = (*Float)(nil) _ Type = (*declTag)(nil) - _ Type = (*typeTag)(nil) + _ Type = (*TypeTag)(nil) _ Type = (*cycle)(nil) ) @@ -169,6 +169,7 @@ type Struct struct { // The size of the struct including padding, in bytes Size uint32 Members []Member + Tags []string } func (s *Struct) Format(fs fmt.State, verb rune) { @@ -182,6 +183,7 @@ func (s *Struct) size() uint32 { return s.Size } func (s *Struct) copy() Type { cpy := *s cpy.Members = copyMembers(s.Members) + cpy.Tags = copyTags(cpy.Tags) return &cpy } @@ -195,6 +197,7 @@ type Union struct { // The size of the union including padding, in bytes. Size uint32 Members []Member + Tags []string } func (u *Union) Format(fs fmt.State, verb rune) { @@ -208,6 +211,7 @@ func (u *Union) size() uint32 { return u.Size } func (u *Union) copy() Type { cpy := *u cpy.Members = copyMembers(u.Members) + cpy.Tags = copyTags(cpy.Tags) return &cpy } @@ -218,6 +222,18 @@ func (u *Union) members() []Member { func copyMembers(orig []Member) []Member { cpy := make([]Member, len(orig)) copy(cpy, orig) + for i, member := range cpy { + cpy[i].Tags = copyTags(member.Tags) + } + return cpy +} + +func copyTags(orig []string) []string { + if orig == nil { // preserve nil vs zero-len slice distinction + return nil + } + cpy := make([]string, len(orig)) + copy(cpy, orig) return cpy } @@ -247,6 +263,7 @@ type Member struct { Type Type Offset Bits BitfieldSize Bits + Tags []string } // Enum lists possible values. @@ -334,6 +351,7 @@ func (f *Fwd) matches(typ Type) bool { type Typedef struct { Name string Type Type + Tags []string } func (td *Typedef) Format(fs fmt.State, verb rune) { @@ -344,6 +362,7 @@ func (td *Typedef) TypeName() string { return td.Name } func (td *Typedef) copy() Type { cpy := *td + cpy.Tags = copyTags(td.Tags) return &cpy } @@ -403,6 +422,12 @@ type Func struct { Name string Type Type Linkage FuncLinkage + Tags []string + // ParamTags holds a list of tags for each parameter of the FuncProto to which `Type` points. + // If no tags are present for any param, the outer slice will be nil/len(ParamTags)==0. + // If at least 1 param has a tag, the outer slice will have the same length as the number of params. + // The inner slice contains the tags and may be nil/len(ParamTags[i])==0 if no tags are present for that param. + ParamTags [][]string } func FuncMetadata(ins *asm.Instruction) *Func { @@ -424,6 +449,14 @@ func (f *Func) TypeName() string { return f.Name } func (f *Func) copy() Type { cpy := *f + cpy.Tags = copyTags(f.Tags) + if f.ParamTags != nil { // preserve nil vs zero-len slice distinction + ptCopy := make([][]string, len(f.ParamTags)) + for i, tags := range f.ParamTags { + ptCopy[i] = copyTags(tags) + } + cpy.ParamTags = ptCopy + } return &cpy } @@ -456,6 +489,7 @@ type Var struct { Name string Type Type Linkage VarLinkage + Tags []string } func (v *Var) Format(fs fmt.State, verb rune) { @@ -466,6 +500,7 @@ func (v *Var) TypeName() string { return v.Name } func (v *Var) copy() Type { cpy := *v + cpy.Tags = copyTags(v.Tags) return &cpy } @@ -540,19 +575,25 @@ func (dt *declTag) copy() Type { return &cpy } -// typeTag associates metadata with a type. -type typeTag struct { +// TypeTag associates metadata with a pointer type. Tag types act as a custom +// modifier(const, restrict, volatile) for the target type. Unlike declTags, +// TypeTags are ordered so the order in which they are added matters. +// +// One of their uses is to mark pointers as `__kptr` meaning a pointer points +// to kernel memory. Adding a `__kptr` to pointers in map values allows you +// to store pointers to kernel memory in maps. +type TypeTag struct { Type Type Value string } -func (tt *typeTag) Format(fs fmt.State, verb rune) { +func (tt *TypeTag) Format(fs fmt.State, verb rune) { formatType(fs, verb, tt, "type=", tt.Type, "value=", tt.Value) } -func (tt *typeTag) TypeName() string { return "" } -func (tt *typeTag) qualify() Type { return tt.Type } -func (tt *typeTag) copy() Type { +func (tt *TypeTag) TypeName() string { return "" } +func (tt *TypeTag) qualify() Type { return tt.Type } +func (tt *TypeTag) copy() Type { cpy := *tt return &cpy } @@ -591,7 +632,7 @@ var ( _ qualifier = (*Const)(nil) _ qualifier = (*Restrict)(nil) _ qualifier = (*Volatile)(nil) - _ qualifier = (*typeTag)(nil) + _ qualifier = (*TypeTag)(nil) ) var errUnsizedType = errors.New("type is unsized") @@ -918,7 +959,7 @@ func readAndInflateTypes(r io.Reader, bo binary.ByteOrder, typeLen uint32, rawSt if err != nil { return nil, fmt.Errorf("struct %s (id %d): %w", name, id, err) } - typ = &Struct{name, header.Size(), members} + typ = &Struct{name, header.Size(), members, nil} case kindUnion: vlen := header.Vlen() @@ -935,7 +976,7 @@ func readAndInflateTypes(r io.Reader, bo binary.ByteOrder, typeLen uint32, rawSt if err != nil { return nil, fmt.Errorf("union %s (id %d): %w", name, id, err) } - typ = &Union{name, header.Size(), members} + typ = &Union{name, header.Size(), members, nil} case kindEnum: vlen := header.Vlen() @@ -968,7 +1009,7 @@ func readAndInflateTypes(r io.Reader, bo binary.ByteOrder, typeLen uint32, rawSt typ = &Fwd{name, header.FwdKind()} case kindTypedef: - typedef := &Typedef{name, nil} + typedef := &Typedef{name, nil, nil} fixup(header.Type(), &typedef.Type) typ = typedef @@ -988,7 +1029,7 @@ func readAndInflateTypes(r io.Reader, bo binary.ByteOrder, typeLen uint32, rawSt typ = restrict case kindFunc: - fn := &Func{name, nil, header.Linkage()} + fn := &Func{name, nil, header.Linkage(), nil, nil} fixup(header.Type(), &fn.Type) typ = fn @@ -1030,7 +1071,7 @@ func readAndInflateTypes(r io.Reader, bo binary.ByteOrder, typeLen uint32, rawSt return nil, fmt.Errorf("can't read btfVariable, id: %d: %w", id, err) } - v := &Var{name, nil, VarLinkage(bVariable.Linkage)} + v := &Var{name, nil, VarLinkage(bVariable.Linkage), nil} fixup(header.Type(), &v.Type) typ = v @@ -1081,7 +1122,7 @@ func readAndInflateTypes(r io.Reader, bo binary.ByteOrder, typeLen uint32, rawSt declTags = append(declTags, dt) case kindTypeTag: - tt := &typeTag{nil, name} + tt := &TypeTag{nil, name} fixup(header.Type(), &tt.Type) typ = tt @@ -1142,26 +1183,69 @@ func readAndInflateTypes(r io.Reader, bo binary.ByteOrder, typeLen uint32, rawSt for _, dt := range declTags { switch t := dt.Type.(type) { - case *Var, *Typedef: + case *Var: + if dt.Index != -1 { + return nil, fmt.Errorf("type %s: component idx %d is not -1", dt, dt.Index) + } + t.Tags = append(t.Tags, dt.Value) + + case *Typedef: if dt.Index != -1 { - return nil, fmt.Errorf("type %s: index %d is not -1", dt, dt.Index) + return nil, fmt.Errorf("type %s: component idx %d is not -1", dt, dt.Index) } + t.Tags = append(t.Tags, dt.Value) case composite: - if dt.Index >= len(t.members()) { - return nil, fmt.Errorf("type %s: index %d exceeds members of %s", dt, dt.Index, t) + if dt.Index >= 0 { + members := t.members() + if dt.Index >= len(members) { + return nil, fmt.Errorf("type %s: component idx %d exceeds members of %s", dt, dt.Index, t) + } + + members[dt.Index].Tags = append(members[dt.Index].Tags, dt.Value) + continue + } + + if dt.Index == -1 { + switch t2 := t.(type) { + case *Struct: + t2.Tags = append(t2.Tags, dt.Value) + case *Union: + t2.Tags = append(t2.Tags, dt.Value) + } + + continue } + return nil, fmt.Errorf("type %s: decl tag for type %s has invalid component idx", dt, t) + case *Func: fp, ok := t.Type.(*FuncProto) if !ok { return nil, fmt.Errorf("type %s: %s is not a FuncProto", dt, t.Type) } - if dt.Index >= len(fp.Params) { - return nil, fmt.Errorf("type %s: index %d exceeds params of %s", dt, dt.Index, t) + // Ensure the number of argument tag lists equals the number of arguments + if len(t.ParamTags) == 0 { + t.ParamTags = make([][]string, len(fp.Params)) + } + + if dt.Index >= 0 { + if dt.Index >= len(fp.Params) { + return nil, fmt.Errorf("type %s: component idx %d exceeds params of %s", dt, dt.Index, t) + } + + t.ParamTags[dt.Index] = append(t.ParamTags[dt.Index], dt.Value) + continue } + if dt.Index == -1 { + t.Tags = append(t.Tags, dt.Value) + continue + } + + return nil, fmt.Errorf("type %s: decl tag for type %s has invalid component idx", dt, t) + default: return nil, fmt.Errorf("type %s: decl tag for type %s is not supported", dt, t) } @@ -1207,6 +1291,20 @@ func UnderlyingType(typ Type) Type { return &cycle{typ} } +// QualifiedType returns the type with all qualifiers removed. +func QualifiedType(typ Type) Type { + result := typ + for depth := 0; depth <= maxResolveDepth; depth++ { + switch v := (result).(type) { + case qualifier: + result = v.qualify() + default: + return result + } + } + return &cycle{typ} +} + // As returns typ if is of type T. Otherwise it peels qualifiers and Typedefs // until it finds a T. // diff --git a/vendor/github.com/cilium/ebpf/btf/workarounds.go b/vendor/github.com/cilium/ebpf/btf/workarounds.go index 12a89b87eed..eb09047fb30 100644 --- a/vendor/github.com/cilium/ebpf/btf/workarounds.go +++ b/vendor/github.com/cilium/ebpf/btf/workarounds.go @@ -12,7 +12,7 @@ func datasecResolveWorkaround(b *Builder, ds *Datasec) error { } switch v.Type.(type) { - case *Typedef, *Volatile, *Const, *Restrict, *typeTag: + case *Typedef, *Volatile, *Const, *Restrict, *TypeTag: // NB: We must never call Add on a Datasec, otherwise we risk // infinite recursion. _, err := b.Add(v.Type) diff --git a/vendor/github.com/cilium/ebpf/collection.go b/vendor/github.com/cilium/ebpf/collection.go index b2cb214adce..a7b6cb31bf5 100644 --- a/vendor/github.com/cilium/ebpf/collection.go +++ b/vendor/github.com/cilium/ebpf/collection.go @@ -10,8 +10,10 @@ import ( "github.com/cilium/ebpf/asm" "github.com/cilium/ebpf/btf" "github.com/cilium/ebpf/internal" + "github.com/cilium/ebpf/internal/kallsyms" "github.com/cilium/ebpf/internal/kconfig" - "github.com/cilium/ebpf/internal/sysenc" + "github.com/cilium/ebpf/internal/linux" + "github.com/cilium/ebpf/internal/sys" ) // CollectionOptions control loading a collection into the kernel. @@ -38,6 +40,11 @@ type CollectionSpec struct { Maps map[string]*MapSpec Programs map[string]*ProgramSpec + // Variables refer to global variables declared in the ELF. They can be read + // and modified freely before loading the Collection. Modifying them after + // loading has no effect on a running eBPF program. + Variables map[string]*VariableSpec + // Types holds type information about Maps and Programs. // Modifications to Types are currently undefined behaviour. Types *btf.Spec @@ -56,6 +63,7 @@ func (cs *CollectionSpec) Copy() *CollectionSpec { cpy := CollectionSpec{ Maps: make(map[string]*MapSpec, len(cs.Maps)), Programs: make(map[string]*ProgramSpec, len(cs.Programs)), + Variables: make(map[string]*VariableSpec, len(cs.Variables)), ByteOrder: cs.ByteOrder, Types: cs.Types.Copy(), } @@ -68,6 +76,10 @@ func (cs *CollectionSpec) Copy() *CollectionSpec { cpy.Programs[name] = spec.Copy() } + for name, spec := range cs.Variables { + cpy.Variables[name] = spec.copy(&cpy) + } + return &cpy } @@ -134,65 +146,24 @@ func (m *MissingConstantsError) Error() string { // From Linux 5.5 the verifier will use constants to eliminate dead code. // // Returns an error wrapping [MissingConstantsError] if a constant doesn't exist. +// +// Deprecated: Use [CollectionSpec.Variables] to interact with constants instead. +// RewriteConstants is now a wrapper around the VariableSpec API. func (cs *CollectionSpec) RewriteConstants(consts map[string]interface{}) error { - replaced := make(map[string]bool) - - for name, spec := range cs.Maps { - if !strings.HasPrefix(name, ".rodata") { + var missing []string + for n, c := range consts { + v, ok := cs.Variables[n] + if !ok { + missing = append(missing, n) continue } - b, ds, err := spec.dataSection() - if errors.Is(err, errMapNoBTFValue) { - // Data sections without a BTF Datasec are valid, but don't support - // constant replacements. - continue - } - if err != nil { - return fmt.Errorf("map %s: %w", name, err) + if !v.Constant() { + return fmt.Errorf("variable %s is not a constant", n) } - // MapSpec.Copy() performs a shallow copy. Fully copy the byte slice - // to avoid any changes affecting other copies of the MapSpec. - cpy := make([]byte, len(b)) - copy(cpy, b) - - for _, v := range ds.Vars { - vname := v.Type.TypeName() - replacement, ok := consts[vname] - if !ok { - continue - } - - if _, ok := v.Type.(*btf.Var); !ok { - return fmt.Errorf("section %s: unexpected type %T for variable %s", name, v.Type, vname) - } - - if replaced[vname] { - return fmt.Errorf("section %s: duplicate variable %s", name, vname) - } - - if int(v.Offset+v.Size) > len(cpy) { - return fmt.Errorf("section %s: offset %d(+%d) for variable %s is out of bounds", name, v.Offset, v.Size, vname) - } - - b, err := sysenc.Marshal(replacement, int(v.Size)) - if err != nil { - return fmt.Errorf("marshaling constant replacement %s: %w", vname, err) - } - - b.CopyTo(cpy[v.Offset : v.Offset+v.Size]) - - replaced[vname] = true - } - - spec.Contents[0] = MapKV{Key: uint32(0), Value: cpy} - } - - var missing []string - for c := range consts { - if !replaced[c] { - missing = append(missing, c) + if err := v.Set(c); err != nil { + return fmt.Errorf("rewriting constant %s: %w", n, err) } } @@ -210,25 +181,23 @@ func (cs *CollectionSpec) RewriteConstants(consts map[string]interface{}) error // if this sounds useful. // // 'to' must be a pointer to a struct. A field of the -// struct is updated with values from Programs or Maps if it -// has an `ebpf` tag and its type is *ProgramSpec or *MapSpec. +// struct is updated with values from Programs, Maps or Variables if it +// has an `ebpf` tag and its type is *ProgramSpec, *MapSpec or *VariableSpec. // The tag's value specifies the name of the program or map as // found in the CollectionSpec. // // struct { -// Foo *ebpf.ProgramSpec `ebpf:"xdp_foo"` -// Bar *ebpf.MapSpec `ebpf:"bar_map"` +// Foo *ebpf.ProgramSpec `ebpf:"xdp_foo"` +// Bar *ebpf.MapSpec `ebpf:"bar_map"` +// Var *ebpf.VariableSpec `ebpf:"some_var"` // Ignored int // } // // Returns an error if any of the eBPF objects can't be found, or -// if the same MapSpec or ProgramSpec is assigned multiple times. +// if the same Spec is assigned multiple times. func (cs *CollectionSpec) Assign(to interface{}) error { - // Assign() only supports assigning ProgramSpecs and MapSpecs, - // so doesn't load any resources into the kernel. getValue := func(typ reflect.Type, name string) (interface{}, error) { switch typ { - case reflect.TypeOf((*ProgramSpec)(nil)): if p := cs.Programs[name]; p != nil { return p, nil @@ -241,6 +210,12 @@ func (cs *CollectionSpec) Assign(to interface{}) error { } return nil, fmt.Errorf("missing map %q", name) + case reflect.TypeOf((*VariableSpec)(nil)): + if v := cs.Variables[name]; v != nil { + return v, nil + } + return nil, fmt.Errorf("missing variable %q", name) + default: return nil, fmt.Errorf("unsupported type %s", typ) } @@ -286,6 +261,7 @@ func (cs *CollectionSpec) LoadAndAssign(to interface{}, opts *CollectionOptions) // Support assigning Programs and Maps, lazy-loading the required objects. assignedMaps := make(map[string]bool) assignedProgs := make(map[string]bool) + assignedVars := make(map[string]bool) getValue := func(typ reflect.Type, name string) (interface{}, error) { switch typ { @@ -298,6 +274,10 @@ func (cs *CollectionSpec) LoadAndAssign(to interface{}, opts *CollectionOptions) assignedMaps[name] = true return loader.loadMap(name) + case reflect.TypeOf((*Variable)(nil)): + assignedVars[name] = true + return loader.loadVariable(name) + default: return nil, fmt.Errorf("unsupported type %s", typ) } @@ -338,15 +318,22 @@ func (cs *CollectionSpec) LoadAndAssign(to interface{}, opts *CollectionOptions) for p := range assignedProgs { delete(loader.programs, p) } + for p := range assignedVars { + delete(loader.vars, p) + } return nil } -// Collection is a collection of Programs and Maps associated -// with their symbols +// Collection is a collection of live BPF resources present in the kernel. type Collection struct { Programs map[string]*Program Maps map[string]*Map + + // Variables contains global variables used by the Collection's program(s). On + // kernels older than 5.5, most interactions with Variables return + // [ErrNotSupported]. + Variables map[string]*Variable } // NewCollection creates a Collection from the given spec, creating and @@ -387,19 +374,26 @@ func NewCollectionWithOptions(spec *CollectionSpec, opts CollectionOptions) (*Co } } + for varName := range spec.Variables { + if _, err := loader.loadVariable(varName); err != nil { + return nil, err + } + } + // Maps can contain Program and Map stubs, so populate them after // all Maps and Programs have been successfully loaded. if err := loader.populateDeferredMaps(); err != nil { return nil, err } - // Prevent loader.cleanup from closing maps and programs. - maps, progs := loader.maps, loader.programs - loader.maps, loader.programs = nil, nil + // Prevent loader.cleanup from closing maps, programs and vars. + maps, progs, vars := loader.maps, loader.programs, loader.vars + loader.maps, loader.programs, loader.vars = nil, nil, nil return &Collection{ progs, maps, + vars, }, nil } @@ -408,6 +402,7 @@ type collectionLoader struct { opts *CollectionOptions maps map[string]*Map programs map[string]*Program + vars map[string]*Variable } func newCollectionLoader(coll *CollectionSpec, opts *CollectionOptions) (*collectionLoader, error) { @@ -416,15 +411,14 @@ func newCollectionLoader(coll *CollectionSpec, opts *CollectionOptions) (*collec } // Check for existing MapSpecs in the CollectionSpec for all provided replacement maps. - for name, m := range opts.MapReplacements { - spec, ok := coll.Maps[name] - if !ok { + for name := range opts.MapReplacements { + if _, ok := coll.Maps[name]; !ok { return nil, fmt.Errorf("replacement map %s not found in CollectionSpec", name) } + } - if err := spec.Compatible(m); err != nil { - return nil, fmt.Errorf("using replacement map %s: %w", spec.Name, err) - } + if err := populateKallsyms(coll.Programs); err != nil { + return nil, fmt.Errorf("populating kallsyms caches: %w", err) } return &collectionLoader{ @@ -432,9 +426,49 @@ func newCollectionLoader(coll *CollectionSpec, opts *CollectionOptions) (*collec opts, make(map[string]*Map), make(map[string]*Program), + make(map[string]*Variable), }, nil } +// populateKallsyms populates kallsyms caches, making lookups cheaper later on +// during individual program loading. Since we have less context available +// at those stages, we batch the lookups here instead to avoid redundant work. +func populateKallsyms(progs map[string]*ProgramSpec) error { + // Look up associated kernel modules for all symbols referenced by + // ProgramSpec.AttachTo for program types that support attaching to kmods. + mods := make(map[string]string) + for _, p := range progs { + if p.AttachTo != "" && p.targetsKernelModule() { + mods[p.AttachTo] = "" + } + } + if len(mods) != 0 { + if err := kallsyms.AssignModules(mods); err != nil { + return fmt.Errorf("getting modules from kallsyms: %w", err) + } + } + + // Look up addresses of all kernel symbols referenced by all programs. + addrs := make(map[string]uint64) + for _, p := range progs { + iter := p.Instructions.Iterate() + for iter.Next() { + ins := iter.Ins + meta, _ := ins.Metadata.Get(ksymMetaKey{}).(*ksymMeta) + if meta != nil { + addrs[meta.Name] = 0 + } + } + } + if len(addrs) != 0 { + if err := kallsyms.AssignAddresses(addrs); err != nil { + return fmt.Errorf("getting addresses from kallsyms: %w", err) + } + } + + return nil +} + // close all resources left over in the collectionLoader. func (cl *collectionLoader) close() { for _, m := range cl.maps { @@ -455,7 +489,22 @@ func (cl *collectionLoader) loadMap(mapName string) (*Map, error) { return nil, fmt.Errorf("missing map %s", mapName) } + mapSpec = mapSpec.Copy() + + // Defer setting the mmapable flag on maps until load time. This avoids the + // MapSpec having different flags on some kernel versions. Also avoid running + // syscalls during ELF loading, so platforms like wasm can also parse an ELF. + if isDataSection(mapSpec.Name) && haveMmapableMaps() == nil { + mapSpec.Flags |= sys.BPF_F_MMAPABLE + } + if replaceMap, ok := cl.opts.MapReplacements[mapName]; ok { + // Check compatibility with the replacement map after setting + // feature-dependent map flags. + if err := mapSpec.Compatible(replaceMap); err != nil { + return nil, fmt.Errorf("using replacement map %s: %w", mapSpec.Name, err) + } + // Clone the map to avoid closing user's map later on. m, err := replaceMap.Clone() if err != nil { @@ -537,6 +586,58 @@ func (cl *collectionLoader) loadProgram(progName string) (*Program, error) { return prog, nil } +func (cl *collectionLoader) loadVariable(varName string) (*Variable, error) { + if v := cl.vars[varName]; v != nil { + return v, nil + } + + varSpec := cl.coll.Variables[varName] + if varSpec == nil { + return nil, fmt.Errorf("unknown variable %s", varName) + } + + // Get the key of the VariableSpec's MapSpec in the CollectionSpec. + var mapName string + for n, ms := range cl.coll.Maps { + if ms == varSpec.m { + mapName = n + break + } + } + if mapName == "" { + return nil, fmt.Errorf("variable %s: underlying MapSpec %s was removed from CollectionSpec", varName, varSpec.m.Name) + } + + m, err := cl.loadMap(mapName) + if err != nil { + return nil, fmt.Errorf("variable %s: %w", varName, err) + } + + // If the kernel is too old or the underlying map was created without + // BPF_F_MMAPABLE, [Map.Memory] will return ErrNotSupported. In this case, + // emit a Variable with a nil Memory. This keeps Collection{Spec}.Variables + // consistent across systems with different feature sets without breaking + // LoadAndAssign. + mm, err := m.Memory() + if err != nil && !errors.Is(err, ErrNotSupported) { + return nil, fmt.Errorf("variable %s: getting memory for map %s: %w", varName, mapName, err) + } + + v, err := newVariable( + varSpec.name, + varSpec.offset, + varSpec.size, + varSpec.t, + mm, + ) + if err != nil { + return nil, fmt.Errorf("variable %s: %w", varName, err) + } + + cl.vars[varName] = v + return v, nil +} + // populateDeferredMaps iterates maps holding programs or other maps and loads // any dependencies. Populates all maps in cl and freezes them if specified. func (cl *collectionLoader) populateDeferredMaps() error { @@ -603,6 +704,7 @@ func resolveKconfig(m *MapSpec) error { type configInfo struct { offset uint32 + size uint32 typ btf.Type } @@ -619,7 +721,7 @@ func resolveKconfig(m *MapSpec) error { return fmt.Errorf("variable %s must be a 32 bits integer, got %s", n, v.Type) } - kv, err := internal.KernelVersion() + kv, err := linux.KernelVersion() if err != nil { return fmt.Errorf("getting kernel version: %w", err) } @@ -644,6 +746,7 @@ func resolveKconfig(m *MapSpec) error { default: // Catch CONFIG_*. configs[n] = configInfo{ offset: vsi.Offset, + size: vsi.Size, typ: v.Type, } } @@ -651,7 +754,7 @@ func resolveKconfig(m *MapSpec) error { // We only parse kconfig file if a CONFIG_* variable was found. if len(configs) > 0 { - f, err := kconfig.Find() + f, err := linux.FindKConfig() if err != nil { return fmt.Errorf("cannot find a kconfig file: %w", err) } @@ -670,10 +773,10 @@ func resolveKconfig(m *MapSpec) error { for n, info := range configs { value, ok := kernelConfig[n] if !ok { - return fmt.Errorf("config option %q does not exists for this kernel", n) + return fmt.Errorf("config option %q does not exist on this kernel", n) } - err := kconfig.PutValue(data[info.offset:], info.typ, value) + err := kconfig.PutValue(data[info.offset:info.offset+info.size], info.typ, value) if err != nil { return fmt.Errorf("problem adding value for %s: %w", n, err) } @@ -723,6 +826,7 @@ func LoadCollection(file string) (*Collection, error) { func (coll *Collection) Assign(to interface{}) error { assignedMaps := make(map[string]bool) assignedProgs := make(map[string]bool) + assignedVars := make(map[string]bool) // Assign() only transfers already-loaded Maps and Programs. No extra // loading is done. @@ -743,6 +847,13 @@ func (coll *Collection) Assign(to interface{}) error { } return nil, fmt.Errorf("missing map %q", name) + case reflect.TypeOf((*Variable)(nil)): + if v := coll.Variables[name]; v != nil { + assignedVars[name] = true + return v, nil + } + return nil, fmt.Errorf("missing variable %q", name) + default: return nil, fmt.Errorf("unsupported type %s", typ) } @@ -759,6 +870,9 @@ func (coll *Collection) Assign(to interface{}) error { for m := range assignedMaps { delete(coll.Maps, m) } + for s := range assignedVars { + delete(coll.Variables, s) + } return nil } diff --git a/vendor/github.com/cilium/ebpf/elf_reader.go b/vendor/github.com/cilium/ebpf/elf_reader.go index 620037d80a8..9e8dbc7ae5a 100644 --- a/vendor/github.com/cilium/ebpf/elf_reader.go +++ b/vendor/github.com/cilium/ebpf/elf_reader.go @@ -16,7 +16,6 @@ import ( "github.com/cilium/ebpf/btf" "github.com/cilium/ebpf/internal" "github.com/cilium/ebpf/internal/sys" - "github.com/cilium/ebpf/internal/unix" ) type kconfigMetaKey struct{} @@ -33,6 +32,13 @@ type kfuncMeta struct { Func *btf.Func } +type ksymMetaKey struct{} + +type ksymMeta struct { + Binding elf.SymBind + Name string +} + // elfCode is a convenience to reduce the amount of arguments that have to // be passed around explicitly. You should treat its contents as immutable. type elfCode struct { @@ -43,7 +49,9 @@ type elfCode struct { btf *btf.Spec extInfo *btf.ExtInfos maps map[string]*MapSpec + vars map[string]*VariableSpec kfuncs map[string]*btf.Func + ksyms map[string]struct{} kconfig *MapSpec } @@ -71,7 +79,7 @@ func LoadCollectionSpecFromReader(rd io.ReaderAt) (*CollectionSpec, error) { // Checks if the ELF file is for BPF data. // Old LLVM versions set e_machine to EM_NONE. - if f.File.Machine != unix.EM_NONE && f.File.Machine != elf.EM_BPF { + if f.File.Machine != elf.EM_NONE && f.File.Machine != elf.EM_BPF { return nil, fmt.Errorf("unexpected machine type for BPF ELF: %s", f.File.Machine) } @@ -101,7 +109,7 @@ func LoadCollectionSpecFromReader(rd io.ReaderAt) (*CollectionSpec, error) { sections[idx] = newElfSection(sec, mapSection) case sec.Name == ".maps": sections[idx] = newElfSection(sec, btfMapSection) - case sec.Name == ".bss" || sec.Name == ".data" || strings.HasPrefix(sec.Name, ".rodata"): + case isDataSection(sec.Name): sections[idx] = newElfSection(sec, dataSection) case sec.Type == elf.SHT_REL: // Store relocations under the section index of the target @@ -134,7 +142,9 @@ func LoadCollectionSpecFromReader(rd io.ReaderAt) (*CollectionSpec, error) { btf: btfSpec, extInfo: btfExtInfo, maps: make(map[string]*MapSpec), + vars: make(map[string]*VariableSpec), kfuncs: make(map[string]*btf.Func), + ksyms: make(map[string]struct{}), } symbols, err := f.Symbols() @@ -174,7 +184,7 @@ func LoadCollectionSpecFromReader(rd io.ReaderAt) (*CollectionSpec, error) { return nil, fmt.Errorf("load programs: %w", err) } - return &CollectionSpec{ec.maps, progs, btfSpec, ec.ByteOrder}, nil + return &CollectionSpec{ec.maps, progs, ec.vars, btfSpec, ec.ByteOrder}, nil } func loadLicense(sec *elf.Section) (string, error) { @@ -201,6 +211,18 @@ func loadVersion(sec *elf.Section, bo binary.ByteOrder) (uint32, error) { return version, nil } +func isDataSection(name string) bool { + return name == ".bss" || strings.HasPrefix(name, ".data") || strings.HasPrefix(name, ".rodata") +} + +func isConstantDataSection(name string) bool { + return strings.HasPrefix(name, ".rodata") +} + +func isKconfigSection(name string) bool { + return name == ".kconfig" +} + type elfSectionKind int const ( @@ -506,7 +528,7 @@ func (ec *elfCode) relocateInstruction(ins *asm.Instruction, rel elf.Symbol) err case elf.STT_OBJECT: // LLVM 9 emits OBJECT-LOCAL symbols for anonymous constants. - if bind != elf.STB_GLOBAL && bind != elf.STB_LOCAL { + if bind != elf.STB_GLOBAL && bind != elf.STB_LOCAL && bind != elf.STB_WEAK { return fmt.Errorf("direct load: %s: %w: %s", name, errUnsupportedBinding, bind) } @@ -614,6 +636,8 @@ func (ec *elfCode) relocateInstruction(ins *asm.Instruction, rel elf.Symbol) err } kf := ec.kfuncs[name] + _, ks := ec.ksyms[name] + switch { // If a Call / DWordLoad instruction is found and the datasec has a btf.Func with a Name // that matches the symbol name we mark the instruction as a referencing a kfunc. @@ -634,6 +658,15 @@ func (ec *elfCode) relocateInstruction(ins *asm.Instruction, rel elf.Symbol) err ins.Constant = 0 + case ks && ins.OpCode.IsDWordLoad(): + if bind != elf.STB_GLOBAL && bind != elf.STB_WEAK { + return fmt.Errorf("asm relocation: %s: %w: %s", name, errUnsupportedBinding, bind) + } + ins.Metadata.Set(ksymMetaKey{}, &ksymMeta{ + Binding: bind, + Name: name, + }) + // If no kconfig map is found, this must be a symbol reference from inline // asm (see testdata/loader.c:asm_relocation()) or a call to a forward // function declaration (see testdata/fwd_decl.c). Don't interfere, These @@ -980,6 +1013,13 @@ func mapSpecFromBTF(es *elfSection, vs *btf.VarSecinfo, def *btf.Struct, spec *b } } + // Some maps don't support value sizes, but annotating their map definitions + // with __type macros can still be useful, especially to let bpf2go generate + // type definitions for them. + if value != nil && !mapType.canHaveValueSize() { + valueSize = 0 + } + return &MapSpec{ Name: SanitizeName(name, -1), Type: MapType(mapType), @@ -1092,12 +1132,21 @@ func (ec *elfCode) loadDataSections() error { continue } - if sec.references == 0 { - // Prune data sections which are not referenced by any - // instructions. + // If a section has no references, it will be freed as soon as the + // Collection closes, so creating and populating it is wasteful. If it has + // no symbols, it is likely an ephemeral section used during compilation + // that wasn't sanitized by the bpf linker. (like .rodata.str1.1) + // + // No symbols means no VariableSpecs can be generated from it, making it + // pointless to emit a data section for. + if sec.references == 0 && len(sec.symbols) == 0 { continue } + if sec.Size > math.MaxUint32 { + return fmt.Errorf("data section %s: contents exceed maximum size", sec.Name) + } + mapSpec := &MapSpec{ Name: SanitizeName(sec.Name, -1), Type: Array, @@ -1106,6 +1155,10 @@ func (ec *elfCode) loadDataSections() error { MaxEntries: 1, } + if isConstantDataSection(sec.Name) { + mapSpec.Flags = sys.BPF_F_RDONLY_PROG + } + switch sec.Type { // Only open the section if we know there's actual data to be read. case elf.SHT_PROGBITS: @@ -1113,20 +1166,56 @@ func (ec *elfCode) loadDataSections() error { if err != nil { return fmt.Errorf("data section %s: can't get contents: %w", sec.Name, err) } - - if uint64(len(data)) > math.MaxUint32 { - return fmt.Errorf("data section %s: contents exceed maximum size", sec.Name) - } mapSpec.Contents = []MapKV{{uint32(0), data}} case elf.SHT_NOBITS: - // NOBITS sections like .bss contain only zeroes, and since data sections - // are Arrays, the kernel already preallocates them. Skip reading zeroes - // from the ELF. + // NOBITS sections like .bss contain only zeroes and are not allocated in + // the ELF. Since data sections are Arrays, the kernel can preallocate + // them. Don't attempt reading zeroes from the ELF, instead allocate the + // zeroed memory to support getting and setting VariableSpecs for sections + // like .bss. + mapSpec.Contents = []MapKV{{uint32(0), make([]byte, sec.Size)}} + default: return fmt.Errorf("data section %s: unknown section type %s", sec.Name, sec.Type) } + for off, sym := range sec.symbols { + // Skip symbols marked with the 'hidden' attribute. + if elf.ST_VISIBILITY(sym.Other) == elf.STV_HIDDEN || + elf.ST_VISIBILITY(sym.Other) == elf.STV_INTERNAL { + continue + } + + // Only accept symbols with global or weak bindings. The common + // alternative is STB_LOCAL, which are either function-scoped or declared + // 'static'. + if elf.ST_BIND(sym.Info) != elf.STB_GLOBAL && + elf.ST_BIND(sym.Info) != elf.STB_WEAK { + continue + } + + if ec.vars[sym.Name] != nil { + return fmt.Errorf("data section %s: duplicate variable %s", sec.Name, sym.Name) + } + + // Skip symbols starting with a dot, they are compiler-internal symbols + // emitted by clang 11 and earlier and are not cleaned up by the bpf + // compiler backend (e.g. symbols named .Lconstinit.1 in sections like + // .rodata.cst32). Variables in C cannot start with a dot, so filter these + // out. + if strings.HasPrefix(sym.Name, ".") { + continue + } + + ec.vars[sym.Name] = &VariableSpec{ + name: sym.Name, + offset: off, + size: sym.Size, + m: mapSpec, + } + } + // It is possible for a data section to exist without a corresponding BTF Datasec // if it only contains anonymous values like macro-defined arrays. if ec.btf != nil { @@ -1135,12 +1224,38 @@ func (ec *elfCode) loadDataSections() error { // Assign the spec's key and BTF only if the Datasec lookup was successful. mapSpec.Key = &btf.Void{} mapSpec.Value = ds - } - } - if strings.HasPrefix(sec.Name, ".rodata") { - mapSpec.Flags = unix.BPF_F_RDONLY_PROG - mapSpec.Freeze = true + // Populate VariableSpecs with type information, if available. + for _, v := range ds.Vars { + name := v.Type.TypeName() + if name == "" { + return fmt.Errorf("data section %s: anonymous variable %v", sec.Name, v) + } + + vt, ok := v.Type.(*btf.Var) + if !ok { + return fmt.Errorf("data section %s: unexpected type %T for variable %s", sec.Name, v.Type, name) + } + + ev := ec.vars[name] + if ev == nil { + // Hidden symbols appear in the BTF Datasec but don't receive a VariableSpec. + continue + } + + if uint64(v.Offset) != ev.offset { + return fmt.Errorf("data section %s: variable %s datasec offset (%d) doesn't match ELF symbol offset (%d)", sec.Name, name, v.Offset, ev.offset) + } + + if uint64(v.Size) != ev.size { + return fmt.Errorf("data section %s: variable %s size in datasec (%d) doesn't match ELF symbol size (%d)", sec.Name, name, v.Size, ev.size) + } + + // Decouple the Var in the VariableSpec from the underlying DataSec in + // the MapSpec to avoid modifications from affecting map loads later on. + ev.t = btf.Copy(vt).(*btf.Var) + } + } } ec.maps[sec.Name] = mapSpec @@ -1175,8 +1290,7 @@ func (ec *elfCode) loadKconfigSection() error { KeySize: uint32(4), ValueSize: ds.Size, MaxEntries: 1, - Flags: unix.BPF_F_RDONLY_PROG, - Freeze: true, + Flags: sys.BPF_F_RDONLY_PROG, Key: &btf.Int{Size: 4}, Value: ds, } @@ -1201,8 +1315,14 @@ func (ec *elfCode) loadKsymsSection() error { } for _, v := range ds.Vars { - // we have already checked the .ksyms Datasec to only contain Func Vars. - ec.kfuncs[v.Type.TypeName()] = v.Type.(*btf.Func) + switch t := v.Type.(type) { + case *btf.Func: + ec.kfuncs[t.TypeName()] = t + case *btf.Var: + ec.ksyms[t.TypeName()] = struct{}{} + default: + return fmt.Errorf("unexpected variable type in .ksyms: %T", v) + } } return nil @@ -1266,10 +1386,10 @@ func getProgType(sectionName string) (ProgramType, AttachType, uint32, string) { var flags uint32 if t.flags&_SEC_SLEEPABLE > 0 { - flags |= unix.BPF_F_SLEEPABLE + flags |= sys.BPF_F_SLEEPABLE } if t.flags&_SEC_XDP_FRAGS > 0 { - flags |= unix.BPF_F_XDP_HAS_FRAGS + flags |= sys.BPF_F_XDP_HAS_FRAGS } if t.flags&_SEC_EXP_ATTACH_OPT > 0 { if programType == XDP { diff --git a/vendor/github.com/cilium/ebpf/elf_sections.go b/vendor/github.com/cilium/ebpf/elf_sections.go index 4b58251d9ab..43dcfb103ee 100644 --- a/vendor/github.com/cilium/ebpf/elf_sections.go +++ b/vendor/github.com/cilium/ebpf/elf_sections.go @@ -18,6 +18,7 @@ var elfSectionDefs = []libbpfElfSectionDef{ {"uretprobe.s+", sys.BPF_PROG_TYPE_KPROBE, 0, _SEC_SLEEPABLE}, {"kprobe.multi+", sys.BPF_PROG_TYPE_KPROBE, sys.BPF_TRACE_KPROBE_MULTI, _SEC_NONE}, {"kretprobe.multi+", sys.BPF_PROG_TYPE_KPROBE, sys.BPF_TRACE_KPROBE_MULTI, _SEC_NONE}, + {"kprobe.session+", sys.BPF_PROG_TYPE_KPROBE, sys.BPF_TRACE_KPROBE_SESSION, _SEC_NONE}, {"uprobe.multi+", sys.BPF_PROG_TYPE_KPROBE, sys.BPF_TRACE_UPROBE_MULTI, _SEC_NONE}, {"uretprobe.multi+", sys.BPF_PROG_TYPE_KPROBE, sys.BPF_TRACE_UPROBE_MULTI, _SEC_NONE}, {"uprobe.multi.s+", sys.BPF_PROG_TYPE_KPROBE, sys.BPF_TRACE_UPROBE_MULTI, _SEC_SLEEPABLE}, @@ -69,6 +70,7 @@ var elfSectionDefs = []libbpfElfSectionDef{ {"sockops", sys.BPF_PROG_TYPE_SOCK_OPS, sys.BPF_CGROUP_SOCK_OPS, _SEC_ATTACHABLE_OPT}, {"sk_skb/stream_parser", sys.BPF_PROG_TYPE_SK_SKB, sys.BPF_SK_SKB_STREAM_PARSER, _SEC_ATTACHABLE_OPT}, {"sk_skb/stream_verdict", sys.BPF_PROG_TYPE_SK_SKB, sys.BPF_SK_SKB_STREAM_VERDICT, _SEC_ATTACHABLE_OPT}, + {"sk_skb/verdict", sys.BPF_PROG_TYPE_SK_SKB, sys.BPF_SK_SKB_VERDICT, _SEC_ATTACHABLE_OPT}, {"sk_skb", sys.BPF_PROG_TYPE_SK_SKB, 0, _SEC_NONE}, {"sk_msg", sys.BPF_PROG_TYPE_SK_MSG, sys.BPF_SK_MSG_VERDICT, _SEC_ATTACHABLE_OPT}, {"lirc_mode2", sys.BPF_PROG_TYPE_LIRC_MODE2, sys.BPF_LIRC_MODE2, _SEC_ATTACHABLE_OPT}, diff --git a/vendor/github.com/cilium/ebpf/info.go b/vendor/github.com/cilium/ebpf/info.go index 04c60c64b89..676e8fa6e74 100644 --- a/vendor/github.com/cilium/ebpf/info.go +++ b/vendor/github.com/cilium/ebpf/info.go @@ -8,10 +8,10 @@ import ( "fmt" "io" "os" + "reflect" "strings" "syscall" "time" - "unsafe" "github.com/cilium/ebpf/asm" "github.com/cilium/ebpf/btf" @@ -39,53 +39,83 @@ import ( // MapInfo describes a map. type MapInfo struct { - Type MapType - id MapID - KeySize uint32 - ValueSize uint32 + // Type of the map. + Type MapType + // KeySize is the size of the map key in bytes. + KeySize uint32 + // ValueSize is the size of the map value in bytes. + ValueSize uint32 + // MaxEntries is the maximum number of entries the map can hold. Its meaning + // is map-specific. MaxEntries uint32 - Flags uint32 + // Flags used during map creation. + Flags uint32 // Name as supplied by user space at load time. Available from 4.15. Name string - btf btf.ID + id MapID + btf btf.ID + mapExtra uint64 + memlock uint64 + frozen bool } +// newMapInfoFromFd queries map information about the given fd. [sys.ObjInfo] is +// attempted first, supplementing any missing values with information from +// /proc/self/fdinfo. Ignores EINVAL from ObjInfo as well as ErrNotSupported +// from reading fdinfo (indicating the file exists, but no fields of interest +// were found). If both fail, an error is always returned. func newMapInfoFromFd(fd *sys.FD) (*MapInfo, error) { var info sys.MapInfo - err := sys.ObjInfo(fd, &info) - if errors.Is(err, syscall.EINVAL) { - return newMapInfoFromProc(fd) - } - if err != nil { - return nil, err + err1 := sys.ObjInfo(fd, &info) + // EINVAL means the kernel doesn't support BPF_OBJ_GET_INFO_BY_FD. Continue + // with fdinfo if that's the case. + if err1 != nil && !errors.Is(err1, unix.EINVAL) { + return nil, fmt.Errorf("getting object info: %w", err1) } - return &MapInfo{ + mi := &MapInfo{ MapType(info.Type), - MapID(info.Id), info.KeySize, info.ValueSize, info.MaxEntries, uint32(info.MapFlags), unix.ByteSliceToString(info.Name[:]), + MapID(info.Id), btf.ID(info.BtfId), - }, nil + info.MapExtra, + 0, + false, + } + + // Supplement OBJ_INFO with data from /proc/self/fdinfo. It contains fields + // like memlock and frozen that are not present in OBJ_INFO. + err2 := readMapInfoFromProc(fd, mi) + if err2 != nil && !errors.Is(err2, ErrNotSupported) { + return nil, fmt.Errorf("getting map info from fdinfo: %w", err2) + } + + if err1 != nil && err2 != nil { + return nil, fmt.Errorf("ObjInfo and fdinfo both failed: objinfo: %w, fdinfo: %w", err1, err2) + } + + return mi, nil } -func newMapInfoFromProc(fd *sys.FD) (*MapInfo, error) { - var mi MapInfo - err := scanFdInfo(fd, map[string]interface{}{ +// readMapInfoFromProc queries map information about the given fd from +// /proc/self/fdinfo. It only writes data into fields that have a zero value. +func readMapInfoFromProc(fd *sys.FD, mi *MapInfo) error { + return scanFdInfo(fd, map[string]interface{}{ "map_type": &mi.Type, + "map_id": &mi.id, "key_size": &mi.KeySize, "value_size": &mi.ValueSize, "max_entries": &mi.MaxEntries, "map_flags": &mi.Flags, + "map_extra": &mi.mapExtra, + "memlock": &mi.memlock, + "frozen": &mi.frozen, }) - if err != nil { - return nil, err - } - return &mi, nil } // ID returns the map ID. @@ -109,6 +139,35 @@ func (mi *MapInfo) BTFID() (btf.ID, bool) { return mi.btf, mi.btf > 0 } +// MapExtra returns an opaque field whose meaning is map-specific. +// +// Available from 5.16. +// +// The bool return value indicates whether this optional field is available and +// populated, if it was specified during Map creation. +func (mi *MapInfo) MapExtra() (uint64, bool) { + return mi.mapExtra, mi.mapExtra > 0 +} + +// Memlock returns an approximate number of bytes allocated to this map. +// +// Available from 4.10. +// +// The bool return value indicates whether this optional field is available. +func (mi *MapInfo) Memlock() (uint64, bool) { + return mi.memlock, mi.memlock > 0 +} + +// Frozen indicates whether [Map.Freeze] was called on this map. If true, +// modifications from user space are not allowed. +// +// Available from 5.2. Requires access to procfs. +// +// If the kernel doesn't support map freezing, this field will always be false. +func (mi *MapInfo) Frozen() bool { + return mi.frozen +} + // programStats holds statistics of a program. type programStats struct { // Total accumulated runtime of the program ins ns. @@ -120,6 +179,40 @@ type programStats struct { recursionMisses uint64 } +// programJitedInfo holds information about JITed info of a program. +type programJitedInfo struct { + // ksyms holds the ksym addresses of the BPF program, including those of its + // subprograms. + // + // Available from 4.18. + ksyms []uint64 + numKsyms uint32 + + // insns holds the JITed machine native instructions of the program, + // including those of its subprograms. + // + // Available from 4.13. + insns []byte + numInsns uint32 + + // lineInfos holds the JITed line infos, which are kernel addresses. + // + // Available from 5.0. + lineInfos []uint64 + numLineInfos uint32 + + // lineInfoRecSize is the size of a single line info record. + // + // Available from 5.0. + lineInfoRecSize uint32 + + // funcLens holds the insns length of each function. + // + // Available from 4.18. + funcLens []uint32 + numFuncLens uint32 +} + // ProgramInfo describes a program. type ProgramInfo struct { Type ProgramType @@ -133,9 +226,14 @@ type ProgramInfo struct { haveCreatedByUID bool btf btf.ID stats *programStats + loadTime time.Duration + + maps []MapID + insns []byte + jitedSize uint32 + verifiedInstructions uint32 - maps []MapID - insns []byte + jitedInfo programJitedInfo lineInfos []byte numLineInfos uint32 @@ -164,6 +262,9 @@ func newProgramInfoFromFd(fd *sys.FD) (*ProgramInfo, error) { runCount: info.RunCnt, recursionMisses: info.RecursionMisses, }, + jitedSize: info.JitedProgLen, + loadTime: time.Duration(info.LoadTime), + verifiedInstructions: info.VerifiedInsns, } // Start with a clean struct for the second call, otherwise we may get EFAULT. @@ -174,7 +275,7 @@ func newProgramInfoFromFd(fd *sys.FD) (*ProgramInfo, error) { if info.NrMapIds > 0 { pi.maps = make([]MapID, info.NrMapIds) info2.NrMapIds = info.NrMapIds - info2.MapIds = sys.NewPointer(unsafe.Pointer(&pi.maps[0])) + info2.MapIds = sys.NewSlicePointer(pi.maps) makeSecondCall = true } else if haveProgramInfoMapIDs() == nil { // This program really has no associated maps. @@ -215,6 +316,40 @@ func newProgramInfoFromFd(fd *sys.FD) (*ProgramInfo, error) { makeSecondCall = true } + pi.jitedInfo.lineInfoRecSize = info.JitedLineInfoRecSize + if info.JitedProgLen > 0 { + pi.jitedInfo.numInsns = info.JitedProgLen + pi.jitedInfo.insns = make([]byte, info.JitedProgLen) + info2.JitedProgLen = info.JitedProgLen + info2.JitedProgInsns = sys.NewSlicePointer(pi.jitedInfo.insns) + makeSecondCall = true + } + + if info.NrJitedFuncLens > 0 { + pi.jitedInfo.numFuncLens = info.NrJitedFuncLens + pi.jitedInfo.funcLens = make([]uint32, info.NrJitedFuncLens) + info2.NrJitedFuncLens = info.NrJitedFuncLens + info2.JitedFuncLens = sys.NewSlicePointer(pi.jitedInfo.funcLens) + makeSecondCall = true + } + + if info.NrJitedLineInfo > 0 { + pi.jitedInfo.numLineInfos = info.NrJitedLineInfo + pi.jitedInfo.lineInfos = make([]uint64, info.NrJitedLineInfo) + info2.NrJitedLineInfo = info.NrJitedLineInfo + info2.JitedLineInfo = sys.NewSlicePointer(pi.jitedInfo.lineInfos) + info2.JitedLineInfoRecSize = info.JitedLineInfoRecSize + makeSecondCall = true + } + + if info.NrJitedKsyms > 0 { + pi.jitedInfo.numKsyms = info.NrJitedKsyms + pi.jitedInfo.ksyms = make([]uint64, info.NrJitedKsyms) + info2.JitedKsyms = sys.NewSlicePointer(pi.jitedInfo.ksyms) + info2.NrJitedKsyms = info.NrJitedKsyms + makeSecondCall = true + } + if makeSecondCall { if err := sys.ObjInfo(fd, &info2); err != nil { return nil, err @@ -230,7 +365,7 @@ func newProgramInfoFromProc(fd *sys.FD) (*ProgramInfo, error) { "prog_type": &info.Type, "prog_tag": &info.Tag, }) - if errors.Is(err, errMissingFields) { + if errors.Is(err, ErrNotSupported) { return nil, &internal.UnsupportedFeatureError{ Name: "reading program info from /proc/self/fdinfo", MinimumVersion: internal.Version{4, 10, 0}, @@ -305,6 +440,52 @@ func (pi *ProgramInfo) RecursionMisses() (uint64, bool) { return 0, false } +// btfSpec returns the BTF spec associated with the program. +func (pi *ProgramInfo) btfSpec() (*btf.Spec, error) { + id, ok := pi.BTFID() + if !ok { + return nil, fmt.Errorf("program created without BTF or unsupported kernel: %w", ErrNotSupported) + } + + h, err := btf.NewHandleFromID(id) + if err != nil { + return nil, fmt.Errorf("get BTF handle: %w", err) + } + defer h.Close() + + spec, err := h.Spec(nil) + if err != nil { + return nil, fmt.Errorf("get BTF spec: %w", err) + } + + return spec, nil +} + +// LineInfos returns the BTF line information of the program. +// +// Available from 5.0. +// +// Requires CAP_SYS_ADMIN or equivalent for reading BTF information. Returns +// ErrNotSupported if the program was created without BTF or if the kernel +// doesn't support the field. +func (pi *ProgramInfo) LineInfos() (btf.LineOffsets, error) { + if len(pi.lineInfos) == 0 { + return nil, fmt.Errorf("insufficient permissions or unsupported kernel: %w", ErrNotSupported) + } + + spec, err := pi.btfSpec() + if err != nil { + return nil, err + } + + return btf.LoadLineInfos( + bytes.NewReader(pi.lineInfos), + internal.NativeEndian, + pi.numLineInfos, + spec, + ) +} + // Instructions returns the 'xlated' instruction stream of the program // after it has been verified and rewritten by the kernel. These instructions // cannot be loaded back into the kernel as-is, this is mainly used for @@ -391,6 +572,29 @@ func (pi *ProgramInfo) Instructions() (asm.Instructions, error) { return insns, nil } +// JitedSize returns the size of the program's JIT-compiled machine code in bytes, which is the +// actual code executed on the host's CPU. This field requires the BPF JIT compiler to be enabled. +// +// Available from 4.13. Reading this metadata requires CAP_BPF or equivalent. +func (pi *ProgramInfo) JitedSize() (uint32, error) { + if pi.jitedSize == 0 { + return 0, fmt.Errorf("insufficient permissions, unsupported kernel, or JIT compiler disabled: %w", ErrNotSupported) + } + return pi.jitedSize, nil +} + +// TranslatedSize returns the size of the program's translated instructions in bytes, after it has +// been verified and rewritten by the kernel. +// +// Available from 4.13. Reading this metadata requires CAP_BPF or equivalent. +func (pi *ProgramInfo) TranslatedSize() (int, error) { + insns := len(pi.insns) + if insns == 0 { + return 0, fmt.Errorf("insufficient permissions or unsupported kernel: %w", ErrNotSupported) + } + return insns, nil +} + // MapIDs returns the maps related to the program. // // Available from 4.15. @@ -400,6 +604,106 @@ func (pi *ProgramInfo) MapIDs() ([]MapID, bool) { return pi.maps, pi.maps != nil } +// LoadTime returns when the program was loaded since boot time. +// +// Available from 4.15. +// +// The bool return value indicates whether this optional field is available. +func (pi *ProgramInfo) LoadTime() (time.Duration, bool) { + // loadTime and NrMapIds were introduced in the same kernel version. + return pi.loadTime, pi.loadTime > 0 +} + +// VerifiedInstructions returns the number verified instructions in the program. +// +// Available from 5.16. +// +// The bool return value indicates whether this optional field is available. +func (pi *ProgramInfo) VerifiedInstructions() (uint32, bool) { + return pi.verifiedInstructions, pi.verifiedInstructions > 0 +} + +// JitedKsymAddrs returns the ksym addresses of the BPF program, including its +// subprograms. The addresses correspond to their symbols in /proc/kallsyms. +// +// Available from 4.18. Note that before 5.x, this field can be empty for +// programs without subprograms (bpf2bpf calls). +// +// The bool return value indicates whether this optional field is available. +// +// When a kernel address can't fit into uintptr (which is usually the case when +// running 32 bit program on a 64 bit kernel), this returns an empty slice and +// a false. +func (pi *ProgramInfo) JitedKsymAddrs() ([]uintptr, bool) { + ksyms := make([]uintptr, 0, len(pi.jitedInfo.ksyms)) + if cap(ksyms) == 0 { + return ksyms, false + } + // Check if a kernel address fits into uintptr (it might not when + // using a 32 bit binary on a 64 bit kernel). This check should work + // with any kernel address, since they have 1s at the highest bits. + if a := pi.jitedInfo.ksyms[0]; uint64(uintptr(a)) != a { + return nil, false + } + for _, ksym := range pi.jitedInfo.ksyms { + ksyms = append(ksyms, uintptr(ksym)) + } + return ksyms, true +} + +// JitedInsns returns the JITed machine native instructions of the program. +// +// Available from 4.13. +// +// The bool return value indicates whether this optional field is available. +func (pi *ProgramInfo) JitedInsns() ([]byte, bool) { + return pi.jitedInfo.insns, len(pi.jitedInfo.insns) > 0 +} + +// JitedLineInfos returns the JITed line infos of the program. +// +// Available from 5.0. +// +// The bool return value indicates whether this optional field is available. +func (pi *ProgramInfo) JitedLineInfos() ([]uint64, bool) { + return pi.jitedInfo.lineInfos, len(pi.jitedInfo.lineInfos) > 0 +} + +// JitedFuncLens returns the insns length of each function in the JITed program. +// +// Available from 4.18. +// +// The bool return value indicates whether this optional field is available. +func (pi *ProgramInfo) JitedFuncLens() ([]uint32, bool) { + return pi.jitedInfo.funcLens, len(pi.jitedInfo.funcLens) > 0 +} + +// FuncInfos returns the offset and function information of all (sub)programs in +// a BPF program. +// +// Available from 5.0. +// +// Requires CAP_SYS_ADMIN or equivalent for reading BTF information. Returns +// ErrNotSupported if the program was created without BTF or if the kernel +// doesn't support the field. +func (pi *ProgramInfo) FuncInfos() (btf.FuncOffsets, error) { + if len(pi.funcInfos) == 0 { + return nil, fmt.Errorf("insufficient permissions or unsupported kernel: %w", ErrNotSupported) + } + + spec, err := pi.btfSpec() + if err != nil { + return nil, err + } + + return btf.LoadFuncInfos( + bytes.NewReader(pi.funcInfos), + internal.NativeEndian, + pi.numFuncInfos, + spec, + ) +} + func scanFdInfo(fd *sys.FD, fields map[string]interface{}) error { fh, err := os.Open(fmt.Sprintf("/proc/self/fdinfo/%d", fd.Int())) if err != nil { @@ -413,8 +717,6 @@ func scanFdInfo(fd *sys.FD, fields map[string]interface{}) error { return nil } -var errMissingFields = errors.New("missing fields") - func scanFdInfoReader(r io.Reader, fields map[string]interface{}) error { var ( scanner = bufio.NewScanner(r) @@ -433,26 +735,37 @@ func scanFdInfoReader(r io.Reader, fields map[string]interface{}) error { continue } - if n, err := fmt.Sscanln(parts[1], field); err != nil || n != 1 { - return fmt.Errorf("can't parse field %s: %v", name, err) + // If field already contains a non-zero value, don't overwrite it with fdinfo. + if zero(field) { + if n, err := fmt.Sscanln(parts[1], field); err != nil || n != 1 { + return fmt.Errorf("can't parse field %s: %v", name, err) + } } scanned++ } if err := scanner.Err(); err != nil { - return err + return fmt.Errorf("scanning fdinfo: %w", err) } if len(fields) > 0 && scanned == 0 { return ErrNotSupported } - if scanned != len(fields) { - return errMissingFields + return nil +} + +func zero(arg any) bool { + v := reflect.ValueOf(arg) + + // Unwrap pointers and interfaces. + for v.Kind() == reflect.Pointer || + v.Kind() == reflect.Interface { + v = v.Elem() } - return nil + return v.IsZero() } // EnableStats starts the measuring of the runtime @@ -471,7 +784,7 @@ func EnableStats(which uint32) (io.Closer, error) { return fd, nil } -var haveProgramInfoMapIDs = internal.NewFeatureTest("map IDs in program info", "4.15", func() error { +var haveProgramInfoMapIDs = internal.NewFeatureTest("map IDs in program info", func() error { prog, err := progLoad(asm.Instructions{ asm.LoadImm(asm.R0, 0, asm.DWord), asm.Return(), @@ -496,4 +809,4 @@ var haveProgramInfoMapIDs = internal.NewFeatureTest("map IDs in program info", " } return err -}) +}, "4.15") diff --git a/vendor/github.com/cilium/ebpf/internal/errors.go b/vendor/github.com/cilium/ebpf/internal/errors.go index 83a371ad35d..19d5294ca04 100644 --- a/vendor/github.com/cilium/ebpf/internal/errors.go +++ b/vendor/github.com/cilium/ebpf/internal/errors.go @@ -23,7 +23,7 @@ func ErrorWithLog(source string, err error, log []byte) *VerifierError { log = bytes.Trim(log, whitespace) if len(log) == 0 { - return &VerifierError{source, err, nil, false} + return &VerifierError{source, err, nil} } logLines := bytes.Split(log, []byte{'\n'}) @@ -34,7 +34,7 @@ func ErrorWithLog(source string, err error, log []byte) *VerifierError { lines = append(lines, string(bytes.TrimRight(line, whitespace))) } - return &VerifierError{source, err, lines, false} + return &VerifierError{source, err, lines} } // VerifierError includes information from the eBPF verifier. @@ -46,8 +46,6 @@ type VerifierError struct { Cause error // The verifier output split into lines. Log []string - // Deprecated: the log is never truncated anymore. - Truncated bool } func (le *VerifierError) Unwrap() error { diff --git a/vendor/github.com/cilium/ebpf/internal/feature.go b/vendor/github.com/cilium/ebpf/internal/feature.go index 2b856c735e7..6f64822e11d 100644 --- a/vendor/github.com/cilium/ebpf/internal/feature.go +++ b/vendor/github.com/cilium/ebpf/internal/feature.go @@ -3,15 +3,25 @@ package internal import ( "errors" "fmt" + "runtime" + "strings" "sync" ) -// ErrNotSupported indicates that a feature is not supported by the current kernel. +// ErrNotSupported indicates that a feature is not supported. var ErrNotSupported = errors.New("not supported") +// ErrNotSupportedOnOS indicates that a feature is not supported on the current +// operating system. +var ErrNotSupportedOnOS = fmt.Errorf("%w on %s", ErrNotSupported, runtime.GOOS) + // UnsupportedFeatureError is returned by FeatureTest() functions. type UnsupportedFeatureError struct { - // The minimum Linux mainline version required for this feature. + // The minimum version required for this feature. + // + // On Linux this refers to the mainline kernel version, on other platforms + // to the version of the runtime. + // // Used for the error string, and for sanity checking during testing. MinimumVersion Version @@ -58,11 +68,44 @@ type FeatureTest struct { type FeatureTestFn func() error // NewFeatureTest is a convenient way to create a single [FeatureTest]. -func NewFeatureTest(name, version string, fn FeatureTestFn) func() error { +// +// versions specifies in which version of a BPF runtime a feature appeared. +// The format is "GOOS:Major.Minor[.Patch]". GOOS may be omitted when targeting +// Linux. Returns [ErrNotSupportedOnOS] if there is no version specified for the +// current OS. +func NewFeatureTest(name string, fn FeatureTestFn, versions ...string) func() error { + const nativePrefix = runtime.GOOS + ":" + + if len(versions) == 0 { + return func() error { + return fmt.Errorf("feature test %q: no versions specified", name) + } + } + ft := &FeatureTest{ - Name: name, - Version: version, - Fn: fn, + Name: name, + Fn: fn, + } + + for _, version := range versions { + if strings.HasPrefix(version, nativePrefix) { + ft.Version = strings.TrimPrefix(version, nativePrefix) + break + } + + if OnLinux && !strings.ContainsRune(version, ':') { + // Allow version numbers without a GOOS prefix on Linux. + ft.Version = version + break + } + } + + if ft.Version == "" { + return func() error { + // We don't return an UnsupportedFeatureError here, since that will + // trigger version checks which don't make sense. + return fmt.Errorf("%s: %w", name, ErrNotSupportedOnOS) + } } return ft.execute diff --git a/vendor/github.com/cilium/ebpf/internal/goos.go b/vendor/github.com/cilium/ebpf/internal/goos.go new file mode 100644 index 00000000000..0569d5ce0bc --- /dev/null +++ b/vendor/github.com/cilium/ebpf/internal/goos.go @@ -0,0 +1,7 @@ +package internal + +import "runtime" + +const ( + OnLinux = runtime.GOOS == "linux" +) diff --git a/vendor/github.com/cilium/ebpf/internal/kallsyms/cache.go b/vendor/github.com/cilium/ebpf/internal/kallsyms/cache.go new file mode 100644 index 00000000000..b7f3e0b7819 --- /dev/null +++ b/vendor/github.com/cilium/ebpf/internal/kallsyms/cache.go @@ -0,0 +1,20 @@ +package kallsyms + +import "sync" + +type cache[K, V comparable] struct { + m sync.Map +} + +func (c *cache[K, V]) Load(key K) (value V, _ bool) { + v, ok := c.m.Load(key) + if !ok { + return value, false + } + value = v.(V) + return value, true +} + +func (c *cache[K, V]) Store(key K, value V) { + c.m.Store(key, value) +} diff --git a/vendor/github.com/cilium/ebpf/internal/kallsyms/kallsyms.go b/vendor/github.com/cilium/ebpf/internal/kallsyms/kallsyms.go index 776c7a10a28..2cdfb56a584 100644 --- a/vendor/github.com/cilium/ebpf/internal/kallsyms/kallsyms.go +++ b/vendor/github.com/cilium/ebpf/internal/kallsyms/kallsyms.go @@ -1,74 +1,289 @@ package kallsyms import ( - "bufio" - "bytes" + "errors" + "fmt" "io" "os" - "sync" + "slices" + "strconv" + "strings" + + "github.com/cilium/ebpf/internal" ) -var kernelModules struct { - sync.RWMutex - // function to kernel module mapping - kmods map[string]string +var errAmbiguousKsym = errors.New("multiple kernel symbols with the same name") + +var symAddrs cache[string, uint64] +var symModules cache[string, string] + +// Module returns the kernel module providing the given symbol in the kernel, if +// any. Returns an empty string and no error if the symbol is not present in the +// kernel. Only function symbols are considered. Returns an error if multiple +// symbols with the same name were found. +// +// Consider [AssignModules] if you need to resolve multiple symbols, as it will +// only perform one iteration over /proc/kallsyms. +func Module(name string) (string, error) { + if name == "" { + return "", nil + } + + if mod, ok := symModules.Load(name); ok { + return mod, nil + } + + request := map[string]string{name: ""} + if err := AssignModules(request); err != nil { + return "", err + } + + return request[name], nil } -// KernelModule returns the kernel module, if any, a probe-able function is contained in. -func KernelModule(fn string) (string, error) { - kernelModules.RLock() - kmods := kernelModules.kmods - kernelModules.RUnlock() +// AssignModules looks up the kernel module providing each given symbol, if any, +// and assigns them to their corresponding values in the symbols map. Only +// function symbols are considered. Results of all lookups are cached, +// successful or otherwise. +// +// Any symbols missing in the kernel are ignored. Returns an error if multiple +// symbols with a given name were found. +func AssignModules(symbols map[string]string) error { + if !internal.OnLinux { + return fmt.Errorf("read /proc/kallsyms: %w", internal.ErrNotSupportedOnOS) + } - if kmods == nil { - kernelModules.Lock() - defer kernelModules.Unlock() - kmods = kernelModules.kmods + if len(symbols) == 0 { + return nil } - if kmods != nil { - return kmods[fn], nil + // Attempt to fetch symbols from cache. + request := make(map[string]string) + for name := range symbols { + if mod, ok := symModules.Load(name); ok { + symbols[name] = mod + continue + } + + // Mark the symbol to be read from /proc/kallsyms. + request[name] = "" + } + if len(request) == 0 { + // All symbols satisfied from cache. + return nil } f, err := os.Open("/proc/kallsyms") if err != nil { - return "", err + return err } defer f.Close() - kmods, err = loadKernelModuleMapping(f) - if err != nil { - return "", err + + if err := assignModules(f, request); err != nil { + return fmt.Errorf("assigning symbol modules: %w", err) } - kernelModules.kmods = kmods - return kmods[fn], nil + // Update the cache with the new symbols. Cache all requested symbols, even if + // they're missing or don't belong to a module. + for name, mod := range request { + symModules.Store(name, mod) + symbols[name] = mod + } + + return nil } -// FlushKernelModuleCache removes any cached information about function to kernel module mapping. -func FlushKernelModuleCache() { - kernelModules.Lock() - defer kernelModules.Unlock() +// assignModules assigns kernel symbol modules read from f to values requested +// by symbols. Always scans the whole input to make sure the user didn't request +// an ambiguous symbol. +func assignModules(f io.Reader, symbols map[string]string) error { + if len(symbols) == 0 { + return nil + } + + found := make(map[string]struct{}) + r := newReader(f) + for r.Line() { + // Only look for function symbols in the kernel's text section (tT). + s, err, skip := parseSymbol(r, []rune{'t', 'T'}) + if err != nil { + return fmt.Errorf("parsing kallsyms line: %w", err) + } + if skip { + continue + } + + if _, requested := symbols[s.name]; !requested { + continue + } + + if _, ok := found[s.name]; ok { + // We've already seen this symbol. Return an error to avoid silently + // attaching to a symbol in the wrong module. libbpf also rejects + // referring to ambiguous symbols. + // + // We can't simply check if we already have a value for the given symbol, + // since many won't have an associated kernel module. + return fmt.Errorf("symbol %s: duplicate found at address 0x%x (module %q): %w", + s.name, s.addr, s.mod, errAmbiguousKsym) + } + + symbols[s.name] = s.mod + found[s.name] = struct{}{} + } + if err := r.Err(); err != nil { + return fmt.Errorf("reading kallsyms: %w", err) + } + + return nil +} + +// Address returns the address of the given symbol in the kernel. Returns 0 and +// no error if the symbol is not present. Returns an error if multiple addresses +// were found for a symbol. +// +// Consider [AssignAddresses] if you need to resolve multiple symbols, as it +// will only perform one iteration over /proc/kallsyms. +func Address(symbol string) (uint64, error) { + if symbol == "" { + return 0, nil + } + + if addr, ok := symAddrs.Load(symbol); ok { + return addr, nil + } - kernelModules.kmods = nil + request := map[string]uint64{symbol: 0} + if err := AssignAddresses(request); err != nil { + return 0, err + } + + return request[symbol], nil } -func loadKernelModuleMapping(f io.Reader) (map[string]string, error) { - mods := make(map[string]string) - scanner := bufio.NewScanner(f) - for scanner.Scan() { - fields := bytes.Fields(scanner.Bytes()) - if len(fields) < 4 { +// AssignAddresses looks up the addresses of the requested symbols in the kernel +// and assigns them to their corresponding values in the symbols map. Results +// of all lookups are cached, successful or otherwise. +// +// Any symbols missing in the kernel are ignored. Returns an error if multiple +// addresses were found for a symbol. +func AssignAddresses(symbols map[string]uint64) error { + if !internal.OnLinux { + return fmt.Errorf("read /proc/kallsyms: %w", internal.ErrNotSupportedOnOS) + } + + if len(symbols) == 0 { + return nil + } + + // Attempt to fetch symbols from cache. + request := make(map[string]uint64) + for name := range symbols { + if addr, ok := symAddrs.Load(name); ok { + symbols[name] = addr continue } - switch string(fields[1]) { - case "t", "T": - mods[string(fields[2])] = string(bytes.Trim(fields[3], "[]")) - default: + + // Mark the symbol to be read from /proc/kallsyms. + request[name] = 0 + } + if len(request) == 0 { + // All symbols satisfied from cache. + return nil + } + + f, err := os.Open("/proc/kallsyms") + if err != nil { + return err + } + defer f.Close() + + if err := assignAddresses(f, request); err != nil { + return fmt.Errorf("loading symbol addresses: %w", err) + } + + // Update the cache with the new symbols. Cache all requested symbols even if + // they weren't found, to avoid repeated lookups. + for name, addr := range request { + symAddrs.Store(name, addr) + symbols[name] = addr + } + + return nil +} + +// assignAddresses assigns kernel symbol addresses read from f to values +// requested by symbols. Always scans the whole input to make sure the user +// didn't request an ambiguous symbol. +func assignAddresses(f io.Reader, symbols map[string]uint64) error { + if len(symbols) == 0 { + return nil + } + r := newReader(f) + for r.Line() { + s, err, skip := parseSymbol(r, nil) + if err != nil { + return fmt.Errorf("parsing kallsyms line: %w", err) + } + if skip { continue } + + existing, requested := symbols[s.name] + if existing != 0 { + // Multiple addresses for a symbol have been found. Return a friendly + // error to avoid silently attaching to the wrong symbol. libbpf also + // rejects referring to ambiguous symbols. + return fmt.Errorf("symbol %s(0x%x): duplicate found at address 0x%x: %w", s.name, existing, s.addr, errAmbiguousKsym) + } + if requested { + symbols[s.name] = s.addr + } } - if scanner.Err() != nil { - return nil, scanner.Err() + if err := r.Err(); err != nil { + return fmt.Errorf("reading kallsyms: %w", err) } - return mods, nil + + return nil +} + +type ksym struct { + addr uint64 + name string + mod string +} + +// parseSymbol parses a line from /proc/kallsyms into an address, type, name and +// module. Skip will be true if the symbol doesn't match any of the given symbol +// types. See `man 1 nm` for all available types. +// +// Example line: `ffffffffc1682010 T nf_nat_init [nf_nat]` +func parseSymbol(r *reader, types []rune) (s ksym, err error, skip bool) { + for i := 0; r.Word(); i++ { + switch i { + // Address of the symbol. + case 0: + s.addr, err = strconv.ParseUint(r.Text(), 16, 64) + if err != nil { + return s, fmt.Errorf("parsing address: %w", err), false + } + // Type of the symbol. Assume the character is ASCII-encoded by converting + // it directly to a rune, since it's a fixed field controlled by the kernel. + case 1: + if len(types) > 0 && !slices.Contains(types, rune(r.Bytes()[0])) { + return s, nil, true + } + // Name of the symbol. + case 2: + s.name = r.Text() + // Kernel module the symbol is provided by. + case 3: + s.mod = strings.Trim(r.Text(), "[]") + // Ignore any future fields. + default: + break + } + } + + return } diff --git a/vendor/github.com/cilium/ebpf/internal/kallsyms/reader.go b/vendor/github.com/cilium/ebpf/internal/kallsyms/reader.go new file mode 100644 index 00000000000..2bd4f8eafcb --- /dev/null +++ b/vendor/github.com/cilium/ebpf/internal/kallsyms/reader.go @@ -0,0 +1,118 @@ +package kallsyms + +import ( + "bufio" + "io" + "unicode" + "unicode/utf8" +) + +// reader is a line and word-oriented reader built for reading /proc/kallsyms. +// It takes an io.Reader and iterates its contents line by line, then word by +// word. +// +// It's designed to allow partial reading of lines without paying the cost of +// allocating objects that will never be accessed, resulting in less work for +// the garbage collector. +type reader struct { + s *bufio.Scanner + line []byte + word []byte + + err error +} + +func newReader(r io.Reader) *reader { + return &reader{ + s: bufio.NewScanner(r), + } +} + +// Bytes returns the current word as a byte slice. +func (r *reader) Bytes() []byte { + return r.word +} + +// Text returns the output of Bytes as a string. +func (r *reader) Text() string { + return string(r.Bytes()) +} + +// Line advances the reader to the next line in the input. Calling Line resets +// the current word, making [reader.Bytes] and [reader.Text] return empty +// values. Follow this up with a call to [reader.Word]. +// +// Like [bufio.Scanner], [reader.Err] needs to be checked after Line returns +// false to determine if an error occurred during reading. +// +// Returns true if Line can be called again. Returns false if all lines in the +// input have been read. +func (r *reader) Line() bool { + for r.s.Scan() { + line := r.s.Bytes() + if len(line) == 0 { + continue + } + + r.line = line + r.word = nil + + return true + } + if err := r.s.Err(); err != nil { + r.err = err + } + + return false +} + +// Word advances the reader to the next word in the current line. +// +// Returns true if a word is found and Word should be called again. Returns +// false when all words on the line have been read. +func (r *reader) Word() bool { + if len(r.line) == 0 { + return false + } + + // Find next word start, skipping leading spaces. + start := 0 + for width := 0; start < len(r.line); start += width { + var c rune + c, width = utf8.DecodeRune(r.line[start:]) + if !unicode.IsSpace(c) { + break + } + } + + // Whitespace scanning reached the end of the line due to trailing whitespace, + // meaning there are no more words to read + if start == len(r.line) { + return false + } + + // Find next word end. + for width, i := 0, start; i < len(r.line); i += width { + var c rune + c, width = utf8.DecodeRune(r.line[i:]) + if unicode.IsSpace(c) { + r.word = r.line[start:i] + r.line = r.line[i:] + return true + } + } + + // The line contains data, but no end-of-word boundary was found. This is the + // last, unterminated word in the line. + if len(r.line) > start { + r.word = r.line[start:] + r.line = nil + return true + } + + return false +} + +func (r *reader) Err() error { + return r.err +} diff --git a/vendor/github.com/cilium/ebpf/internal/kconfig/kconfig.go b/vendor/github.com/cilium/ebpf/internal/kconfig/kconfig.go index 1921e4f15ad..29c62b6266e 100644 --- a/vendor/github.com/cilium/ebpf/internal/kconfig/kconfig.go +++ b/vendor/github.com/cilium/ebpf/internal/kconfig/kconfig.go @@ -1,3 +1,4 @@ +// Package kconfig implements a parser for the format of Linux's .config file. package kconfig import ( @@ -7,7 +8,6 @@ import ( "fmt" "io" "math" - "os" "strconv" "strings" @@ -15,30 +15,6 @@ import ( "github.com/cilium/ebpf/internal" ) -// Find find a kconfig file on the host. -// It first reads from /boot/config- of the current running kernel and tries -// /proc/config.gz if nothing was found in /boot. -// If none of the file provide a kconfig, it returns an error. -func Find() (*os.File, error) { - kernelRelease, err := internal.KernelRelease() - if err != nil { - return nil, fmt.Errorf("cannot get kernel release: %w", err) - } - - path := "/boot/config-" + kernelRelease - f, err := os.Open(path) - if err == nil { - return f, nil - } - - f, err = os.Open("/proc/config.gz") - if err == nil { - return f, nil - } - - return nil, fmt.Errorf("neither %s nor /proc/config.gz provide a kconfig", path) -} - // Parse parses the kconfig file for which a reader is given. // All the CONFIG_* which are in filter and which are set set will be // put in the returned map as key with their corresponding value as map value. @@ -127,12 +103,13 @@ func PutValue(data []byte, typ btf.Type, value string) error { switch value { case "y", "n", "m": return putValueTri(data, typ, value) - default: - if strings.HasPrefix(value, `"`) { - return putValueString(data, typ, value) - } - return putValueNumber(data, typ, value) } + + if strings.HasPrefix(value, `"`) { + return putValueString(data, typ, value) + } + + return putValueNumber(data, typ, value) } // Golang translation of libbpf_tristate enum: @@ -169,6 +146,10 @@ func putValueTri(data []byte, typ btf.Type, value string) error { return fmt.Errorf("cannot use enum %q, only libbpf_tristate is supported", v.Name) } + if len(data) != 4 { + return fmt.Errorf("expected enum value to occupy 4 bytes in datasec, got: %d", len(data)) + } + var tri triState switch value { case "y": @@ -178,10 +159,10 @@ func putValueTri(data []byte, typ btf.Type, value string) error { case "n": tri = TriNo default: - return fmt.Errorf("value %q is not support for libbpf_tristate", value) + return fmt.Errorf("value %q is not supported for libbpf_tristate", value) } - internal.NativeEndian.PutUint64(data, uint64(tri)) + internal.NativeEndian.PutUint32(data, uint32(tri)) default: return fmt.Errorf("cannot add number value, expected btf.Int or btf.Enum, got: %T", v) } diff --git a/vendor/github.com/cilium/ebpf/internal/auxv.go b/vendor/github.com/cilium/ebpf/internal/linux/auxv.go similarity index 67% rename from vendor/github.com/cilium/ebpf/internal/auxv.go rename to vendor/github.com/cilium/ebpf/internal/linux/auxv.go index 45fd0d37f13..10508fd8fcd 100644 --- a/vendor/github.com/cilium/ebpf/internal/auxv.go +++ b/vendor/github.com/cilium/ebpf/internal/linux/auxv.go @@ -1,9 +1,11 @@ -package internal +package linux import ( - "errors" + "fmt" "io" - _ "unsafe" + + "github.com/cilium/ebpf/internal" + "github.com/cilium/ebpf/internal/unix" ) type auxvPairReader interface { @@ -17,11 +19,8 @@ const ( _AT_SYSINFO_EHDR = 33 // Offset to vDSO blob in process image ) -//go:linkname runtime_getAuxv runtime.getAuxv -func runtime_getAuxv() []uintptr - type auxvRuntimeReader struct { - data []uintptr + data [][2]uintptr index int } @@ -37,20 +36,23 @@ func (r *auxvRuntimeReader) ReadAuxvPair() (uint64, uint64, error) { // we manually add the (_AT_NULL, _AT_NULL) pair at the end // that is not provided by the go runtime var tag, value uintptr - if r.index+1 < len(r.data) { - tag, value = r.data[r.index], r.data[r.index+1] + if r.index < len(r.data) { + tag, value = r.data[r.index][0], r.data[r.index][1] } else { tag, value = _AT_NULL, _AT_NULL } - r.index += 2 + r.index += 1 return uint64(tag), uint64(value), nil } func newAuxvRuntimeReader() (auxvPairReader, error) { - data := runtime_getAuxv() + if !internal.OnLinux { + return nil, fmt.Errorf("read auxv from runtime: %w", internal.ErrNotSupportedOnOS) + } - if len(data)%2 != 0 { - return nil, errors.New("malformed auxv passed from runtime") + data, err := unix.Auxv() + if err != nil { + return nil, fmt.Errorf("read auxv from runtime: %w", err) } return &auxvRuntimeReader{ diff --git a/vendor/github.com/cilium/ebpf/internal/linux/doc.go b/vendor/github.com/cilium/ebpf/internal/linux/doc.go new file mode 100644 index 00000000000..064e75437d8 --- /dev/null +++ b/vendor/github.com/cilium/ebpf/internal/linux/doc.go @@ -0,0 +1,2 @@ +// Package linux contains OS specific wrappers around package unix. +package linux diff --git a/vendor/github.com/cilium/ebpf/internal/linux/kconfig.go b/vendor/github.com/cilium/ebpf/internal/linux/kconfig.go new file mode 100644 index 00000000000..1488ecb35c3 --- /dev/null +++ b/vendor/github.com/cilium/ebpf/internal/linux/kconfig.go @@ -0,0 +1,31 @@ +package linux + +import ( + "fmt" + "os" +) + +// FindKConfig searches for a kconfig file on the host. +// +// It first reads from /boot/config- of the current running kernel and tries +// /proc/config.gz if nothing was found in /boot. +// If none of the file provide a kconfig, it returns an error. +func FindKConfig() (*os.File, error) { + kernelRelease, err := KernelRelease() + if err != nil { + return nil, fmt.Errorf("cannot get kernel release: %w", err) + } + + path := "/boot/config-" + kernelRelease + f, err := os.Open(path) + if err == nil { + return f, nil + } + + f, err = os.Open("/proc/config.gz") + if err == nil { + return f, nil + } + + return nil, fmt.Errorf("neither %s nor /proc/config.gz provide a kconfig", path) +} diff --git a/vendor/github.com/cilium/ebpf/internal/platform.go b/vendor/github.com/cilium/ebpf/internal/linux/platform.go similarity index 97% rename from vendor/github.com/cilium/ebpf/internal/platform.go rename to vendor/github.com/cilium/ebpf/internal/linux/platform.go index 6e90f2ef714..39bdcc51f9a 100644 --- a/vendor/github.com/cilium/ebpf/internal/platform.go +++ b/vendor/github.com/cilium/ebpf/internal/linux/platform.go @@ -1,4 +1,4 @@ -package internal +package linux import ( "runtime" diff --git a/vendor/github.com/cilium/ebpf/internal/statfs.go b/vendor/github.com/cilium/ebpf/internal/linux/statfs.go similarity index 96% rename from vendor/github.com/cilium/ebpf/internal/statfs.go rename to vendor/github.com/cilium/ebpf/internal/linux/statfs.go index 44c02d676e6..e268c06fab6 100644 --- a/vendor/github.com/cilium/ebpf/internal/statfs.go +++ b/vendor/github.com/cilium/ebpf/internal/linux/statfs.go @@ -1,4 +1,4 @@ -package internal +package linux import ( "unsafe" diff --git a/vendor/github.com/cilium/ebpf/internal/vdso.go b/vendor/github.com/cilium/ebpf/internal/linux/vdso.go similarity index 93% rename from vendor/github.com/cilium/ebpf/internal/vdso.go rename to vendor/github.com/cilium/ebpf/internal/linux/vdso.go index 1049278554e..1d8d0ef6b11 100644 --- a/vendor/github.com/cilium/ebpf/internal/vdso.go +++ b/vendor/github.com/cilium/ebpf/internal/linux/vdso.go @@ -1,4 +1,4 @@ -package internal +package linux import ( "debug/elf" @@ -9,6 +9,7 @@ import ( "math" "os" + "github.com/cilium/ebpf/internal" "github.com/cilium/ebpf/internal/unix" ) @@ -82,7 +83,7 @@ type elfNoteHeader struct { // vdsoLinuxVersionCode returns the LINUX_VERSION_CODE embedded in // the ELF notes section of the binary provided by the reader. func vdsoLinuxVersionCode(r io.ReaderAt) (uint32, error) { - hdr, err := NewSafeELFFile(r) + hdr, err := internal.NewSafeELFFile(r) if err != nil { return 0, fmt.Errorf("reading vDSO ELF: %w", err) } @@ -110,7 +111,7 @@ func vdsoLinuxVersionCode(r io.ReaderAt) (uint32, error) { var name string if n.NameSize > 0 { // Read the note name, aligned to 4 bytes. - buf := make([]byte, Align(n.NameSize, 4)) + buf := make([]byte, internal.Align(n.NameSize, 4)) if err := binary.Read(sr, hdr.ByteOrder, &buf); err != nil { return 0, fmt.Errorf("reading note name: %w", err) } @@ -132,7 +133,7 @@ func vdsoLinuxVersionCode(r io.ReaderAt) (uint32, error) { } // Discard the note descriptor if it exists but we're not interested in it. - if _, err := io.CopyN(io.Discard, sr, int64(Align(n.DescSize, 4))); err != nil { + if _, err := io.CopyN(io.Discard, sr, int64(internal.Align(n.DescSize, 4))); err != nil { return 0, err } } diff --git a/vendor/github.com/cilium/ebpf/internal/linux/version.go b/vendor/github.com/cilium/ebpf/internal/linux/version.go new file mode 100644 index 00000000000..798dd3fed02 --- /dev/null +++ b/vendor/github.com/cilium/ebpf/internal/linux/version.go @@ -0,0 +1,34 @@ +package linux + +import ( + "fmt" + "sync" + + "github.com/cilium/ebpf/internal" + "github.com/cilium/ebpf/internal/unix" +) + +// KernelVersion returns the version of the currently running kernel. +var KernelVersion = sync.OnceValues(detectKernelVersion) + +// detectKernelVersion returns the version of the running kernel. +func detectKernelVersion() (internal.Version, error) { + vc, err := vdsoVersion() + if err != nil { + return internal.Version{}, err + } + return internal.NewVersionFromCode(vc), nil +} + +// KernelRelease returns the release string of the running kernel. +// Its format depends on the Linux distribution and corresponds to directory +// names in /lib/modules by convention. Some examples are 5.15.17-1-lts and +// 4.19.0-16-amd64. +func KernelRelease() (string, error) { + var uname unix.Utsname + if err := unix.Uname(&uname); err != nil { + return "", fmt.Errorf("uname failed: %w", err) + } + + return unix.ByteSliceToString(uname.Release[:]), nil +} diff --git a/vendor/github.com/cilium/ebpf/internal/math.go b/vendor/github.com/cilium/ebpf/internal/math.go index e95c8efde51..10cde66860d 100644 --- a/vendor/github.com/cilium/ebpf/internal/math.go +++ b/vendor/github.com/cilium/ebpf/internal/math.go @@ -1,13 +1,33 @@ package internal -import "golang.org/x/exp/constraints" - // Align returns 'n' updated to 'alignment' boundary. -func Align[I constraints.Integer](n, alignment I) I { +func Align[I Integer](n, alignment I) I { return (n + alignment - 1) / alignment * alignment } // IsPow returns true if n is a power of two. -func IsPow[I constraints.Integer](n I) bool { +func IsPow[I Integer](n I) bool { return n != 0 && (n&(n-1)) == 0 } + +// Between returns the value clamped between a and b. +func Between[I Integer](val, a, b I) I { + lower, upper := a, b + if lower > upper { + upper, lower = a, b + } + + val = min(val, upper) + return max(val, lower) +} + +// Integer represents all possible integer types. +// Remove when x/exp/constraints is moved to the standard library. +type Integer interface { + ~int | ~int8 | ~int16 | ~int32 | ~int64 | ~uint | ~uint8 | ~uint16 | ~uint32 | ~uint64 | ~uintptr +} + +// List of integer types known by the Go compiler. Used by TestIntegerConstraint +// to warn if a new integer type is introduced. Remove when x/exp/constraints +// is moved to the standard library. +var integers = []string{"int", "int8", "int16", "int32", "int64", "uint", "uint8", "uint16", "uint32", "uint64", "uintptr"} diff --git a/vendor/github.com/cilium/ebpf/internal/sys/fd.go b/vendor/github.com/cilium/ebpf/internal/sys/fd.go index 941a56fb91b..e2ba43fd3b3 100644 --- a/vendor/github.com/cilium/ebpf/internal/sys/fd.go +++ b/vendor/github.com/cilium/ebpf/internal/sys/fd.go @@ -4,9 +4,12 @@ import ( "fmt" "math" "os" + "path/filepath" "runtime" "strconv" + "strings" + "github.com/cilium/ebpf/internal/testutils/fdtrace" "github.com/cilium/ebpf/internal/unix" ) @@ -17,15 +20,7 @@ type FD struct { } func newFD(value int) *FD { - if onLeakFD != nil { - // Attempt to store the caller's stack for the given fd value. - // Panic if fds contains an existing stack for the fd. - old, exist := fds.LoadOrStore(value, callersFrames()) - if exist { - f := old.(*runtime.Frames) - panic(fmt.Sprintf("found existing stack for fd %d:\n%s", value, FormatFrames(f))) - } - } + fdtrace.TraceFD(value, 1) fd := &FD{value} runtime.SetFinalizer(fd, (*FD).finalize) @@ -39,13 +34,7 @@ func (fd *FD) finalize() { return } - // Invoke the fd leak callback. Calls LoadAndDelete to guarantee the callback - // is invoked at most once for one sys.FD allocation, runtime.Frames can only - // be unwound once. - f, ok := fds.LoadAndDelete(fd.Int()) - if ok && onLeakFD != nil { - onLeakFD(f.(*runtime.Frames)) - } + fdtrace.LeakFD(fd.raw) _ = fd.Close() } @@ -92,12 +81,15 @@ func (fd *FD) Close() error { return nil } - return unix.Close(fd.disown()) + return unix.Close(fd.Disown()) } -func (fd *FD) disown() int { - value := int(fd.raw) - fds.Delete(int(value)) +// Disown destroys the FD and returns its raw file descriptor without closing +// it. After this call, the underlying fd is no longer tied to the FD's +// lifecycle. +func (fd *FD) Disown() int { + value := fd.raw + fdtrace.ForgetFD(value) fd.raw = -1 runtime.SetFinalizer(fd, nil) @@ -129,5 +121,45 @@ func (fd *FD) File(name string) *os.File { return nil } - return os.NewFile(uintptr(fd.disown()), name) + return os.NewFile(uintptr(fd.Disown()), name) +} + +// ObjGetTyped wraps [ObjGet] with a readlink call to extract the type of the +// underlying bpf object. +func ObjGetTyped(attr *ObjGetAttr) (*FD, ObjType, error) { + fd, err := ObjGet(attr) + if err != nil { + return nil, 0, err + } + + typ, err := readType(fd) + if err != nil { + _ = fd.Close() + return nil, 0, fmt.Errorf("reading fd type: %w", err) + } + + return fd, typ, nil +} + +// readType returns the bpf object type of the file descriptor by calling +// readlink(3). Returns an error if the file descriptor does not represent a bpf +// object. +func readType(fd *FD) (ObjType, error) { + s, err := os.Readlink(filepath.Join("/proc/self/fd/", fd.String())) + if err != nil { + return 0, fmt.Errorf("readlink fd %d: %w", fd.Int(), err) + } + + s = strings.TrimPrefix(s, "anon_inode:") + + switch s { + case "bpf-map": + return BPF_TYPE_MAP, nil + case "bpf-prog": + return BPF_TYPE_PROG, nil + case "bpf-link": + return BPF_TYPE_LINK, nil + } + + return 0, fmt.Errorf("unknown type %s of fd %d", s, fd.Int()) } diff --git a/vendor/github.com/cilium/ebpf/internal/sys/fd_trace.go b/vendor/github.com/cilium/ebpf/internal/sys/fd_trace.go deleted file mode 100644 index cd50dd1f642..00000000000 --- a/vendor/github.com/cilium/ebpf/internal/sys/fd_trace.go +++ /dev/null @@ -1,93 +0,0 @@ -package sys - -import ( - "bytes" - "fmt" - "runtime" - "sync" -) - -// OnLeakFD controls tracing [FD] lifetime to detect resources that are not -// closed by Close(). -// -// If fn is not nil, tracing is enabled for all FDs created going forward. fn is -// invoked for all FDs that are closed by the garbage collector instead of an -// explicit Close() by a caller. Calling OnLeakFD twice with a non-nil fn -// (without disabling tracing in the meantime) will cause a panic. -// -// If fn is nil, tracing will be disabled. Any FDs that have not been closed are -// considered to be leaked, fn will be invoked for them, and the process will be -// terminated. -// -// fn will be invoked at most once for every unique sys.FD allocation since a -// runtime.Frames can only be unwound once. -func OnLeakFD(fn func(*runtime.Frames)) { - // Enable leak tracing if new fn is provided. - if fn != nil { - if onLeakFD != nil { - panic("OnLeakFD called twice with non-nil fn") - } - - onLeakFD = fn - return - } - - // fn is nil past this point. - - if onLeakFD == nil { - return - } - - // Call onLeakFD for all open fds. - if fs := flushFrames(); len(fs) != 0 { - for _, f := range fs { - onLeakFD(f) - } - } - - onLeakFD = nil -} - -var onLeakFD func(*runtime.Frames) - -// fds is a registry of all file descriptors wrapped into sys.fds that were -// created while an fd tracer was active. -var fds sync.Map // map[int]*runtime.Frames - -// flushFrames removes all elements from fds and returns them as a slice. This -// deals with the fact that a runtime.Frames can only be unwound once using -// Next(). -func flushFrames() []*runtime.Frames { - var frames []*runtime.Frames - fds.Range(func(key, value any) bool { - frames = append(frames, value.(*runtime.Frames)) - fds.Delete(key) - return true - }) - return frames -} - -func callersFrames() *runtime.Frames { - c := make([]uintptr, 32) - - // Skip runtime.Callers and this function. - i := runtime.Callers(2, c) - if i == 0 { - return nil - } - - return runtime.CallersFrames(c) -} - -// FormatFrames formats a runtime.Frames as a human-readable string. -func FormatFrames(fs *runtime.Frames) string { - var b bytes.Buffer - for { - f, more := fs.Next() - b.WriteString(fmt.Sprintf("\t%s+%#x\n\t\t%s:%d\n", f.Function, f.PC-f.Entry, f.File, f.Line)) - if !more { - break - } - } - return b.String() -} diff --git a/vendor/github.com/cilium/ebpf/internal/sys/mapflags_string.go b/vendor/github.com/cilium/ebpf/internal/sys/mapflags_string.go deleted file mode 100644 index d9fe217222b..00000000000 --- a/vendor/github.com/cilium/ebpf/internal/sys/mapflags_string.go +++ /dev/null @@ -1,53 +0,0 @@ -// Code generated by "stringer -type MapFlags"; DO NOT EDIT. - -package sys - -import "strconv" - -func _() { - // An "invalid array index" compiler error signifies that the constant values have changed. - // Re-run the stringer command to generate them again. - var x [1]struct{} - _ = x[BPF_F_NO_PREALLOC-1] - _ = x[BPF_F_NO_COMMON_LRU-2] - _ = x[BPF_F_NUMA_NODE-4] - _ = x[BPF_F_RDONLY-8] - _ = x[BPF_F_WRONLY-16] - _ = x[BPF_F_STACK_BUILD_ID-32] - _ = x[BPF_F_ZERO_SEED-64] - _ = x[BPF_F_RDONLY_PROG-128] - _ = x[BPF_F_WRONLY_PROG-256] - _ = x[BPF_F_CLONE-512] - _ = x[BPF_F_MMAPABLE-1024] - _ = x[BPF_F_PRESERVE_ELEMS-2048] - _ = x[BPF_F_INNER_MAP-4096] - _ = x[BPF_F_LINK-8192] - _ = x[BPF_F_PATH_FD-16384] -} - -const _MapFlags_name = "BPF_F_NO_PREALLOCBPF_F_NO_COMMON_LRUBPF_F_NUMA_NODEBPF_F_RDONLYBPF_F_WRONLYBPF_F_STACK_BUILD_IDBPF_F_ZERO_SEEDBPF_F_RDONLY_PROGBPF_F_WRONLY_PROGBPF_F_CLONEBPF_F_MMAPABLEBPF_F_PRESERVE_ELEMSBPF_F_INNER_MAPBPF_F_LINKBPF_F_PATH_FD" - -var _MapFlags_map = map[MapFlags]string{ - 1: _MapFlags_name[0:17], - 2: _MapFlags_name[17:36], - 4: _MapFlags_name[36:51], - 8: _MapFlags_name[51:63], - 16: _MapFlags_name[63:75], - 32: _MapFlags_name[75:95], - 64: _MapFlags_name[95:110], - 128: _MapFlags_name[110:127], - 256: _MapFlags_name[127:144], - 512: _MapFlags_name[144:155], - 1024: _MapFlags_name[155:169], - 2048: _MapFlags_name[169:189], - 4096: _MapFlags_name[189:204], - 8192: _MapFlags_name[204:214], - 16384: _MapFlags_name[214:227], -} - -func (i MapFlags) String() string { - if str, ok := _MapFlags_map[i]; ok { - return str - } - return "MapFlags(" + strconv.FormatInt(int64(i), 10) + ")" -} diff --git a/vendor/github.com/cilium/ebpf/internal/pinning.go b/vendor/github.com/cilium/ebpf/internal/sys/pinning.go similarity index 77% rename from vendor/github.com/cilium/ebpf/internal/pinning.go rename to vendor/github.com/cilium/ebpf/internal/sys/pinning.go index 01d892f9344..9a4c6c7a153 100644 --- a/vendor/github.com/cilium/ebpf/internal/pinning.go +++ b/vendor/github.com/cilium/ebpf/internal/sys/pinning.go @@ -1,4 +1,4 @@ -package internal +package sys import ( "errors" @@ -7,11 +7,11 @@ import ( "path/filepath" "runtime" - "github.com/cilium/ebpf/internal/sys" + "github.com/cilium/ebpf/internal/linux" "github.com/cilium/ebpf/internal/unix" ) -func Pin(currentPath, newPath string, fd *sys.FD) error { +func Pin(currentPath, newPath string, fd *FD) error { if newPath == "" { return errors.New("given pinning path cannot be empty") } @@ -19,7 +19,7 @@ func Pin(currentPath, newPath string, fd *sys.FD) error { return nil } - fsType, err := FSType(filepath.Dir(newPath)) + fsType, err := linux.FSType(filepath.Dir(newPath)) if err != nil { return err } @@ -30,8 +30,8 @@ func Pin(currentPath, newPath string, fd *sys.FD) error { defer runtime.KeepAlive(fd) if currentPath == "" { - return sys.ObjPin(&sys.ObjPinAttr{ - Pathname: sys.NewStringPointer(newPath), + return ObjPin(&ObjPinAttr{ + Pathname: NewStringPointer(newPath), BpfFd: fd.Uint(), }) } @@ -47,8 +47,8 @@ func Pin(currentPath, newPath string, fd *sys.FD) error { return fmt.Errorf("unable to move pinned object to new path %v: %w", newPath, err) } // Internal state not in sync with the file system so let's fix it. - return sys.ObjPin(&sys.ObjPinAttr{ - Pathname: sys.NewStringPointer(newPath), + return ObjPin(&ObjPinAttr{ + Pathname: NewStringPointer(newPath), BpfFd: fd.Uint(), }) } diff --git a/vendor/github.com/cilium/ebpf/internal/sys/ptr.go b/vendor/github.com/cilium/ebpf/internal/sys/ptr.go index e9bb5905973..af0c014e3b9 100644 --- a/vendor/github.com/cilium/ebpf/internal/sys/ptr.go +++ b/vendor/github.com/cilium/ebpf/internal/sys/ptr.go @@ -11,13 +11,13 @@ func NewPointer(ptr unsafe.Pointer) Pointer { return Pointer{ptr: ptr} } -// NewSlicePointer creates a 64-bit pointer from a byte slice. -func NewSlicePointer(buf []byte) Pointer { +// NewSlicePointer creates a 64-bit pointer from a slice. +func NewSlicePointer[T comparable](buf []T) Pointer { if len(buf) == 0 { return Pointer{} } - return Pointer{ptr: unsafe.Pointer(&buf[0])} + return Pointer{ptr: unsafe.Pointer(unsafe.SliceData(buf))} } // NewSlicePointerLen creates a 64-bit pointer from a byte slice. diff --git a/vendor/github.com/cilium/ebpf/internal/sys/syscall.go b/vendor/github.com/cilium/ebpf/internal/sys/syscall.go index f6b6e934580..4fdb74c57ad 100644 --- a/vendor/github.com/cilium/ebpf/internal/sys/syscall.go +++ b/vendor/github.com/cilium/ebpf/internal/sys/syscall.go @@ -2,7 +2,6 @@ package sys import ( "runtime" - "syscall" "unsafe" "github.com/cilium/ebpf/internal/unix" @@ -11,7 +10,7 @@ import ( // ENOTSUPP is a Linux internal error code that has leaked into UAPI. // // It is not the same as ENOTSUP or EOPNOTSUPP. -const ENOTSUPP = syscall.Errno(524) +const ENOTSUPP = unix.Errno(524) // BPF wraps SYS_BPF. // @@ -133,12 +132,12 @@ func ObjInfo(fd *FD, info Info) error { // BPFObjName is a null-terminated string made up of // 'A-Za-z0-9_' characters. -type ObjName [unix.BPF_OBJ_NAME_LEN]byte +type ObjName [BPF_OBJ_NAME_LEN]byte // NewObjName truncates the result if it is too long. func NewObjName(name string) ObjName { var result ObjName - copy(result[:unix.BPF_OBJ_NAME_LEN-1], name) + copy(result[:BPF_OBJ_NAME_LEN-1], name) return result } @@ -160,29 +159,6 @@ type BTFID uint32 // TypeID identifies a type in a BTF blob. type TypeID uint32 -// MapFlags control map behaviour. -type MapFlags uint32 - -//go:generate go run golang.org/x/tools/cmd/stringer@latest -type MapFlags - -const ( - BPF_F_NO_PREALLOC MapFlags = 1 << iota - BPF_F_NO_COMMON_LRU - BPF_F_NUMA_NODE - BPF_F_RDONLY - BPF_F_WRONLY - BPF_F_STACK_BUILD_ID - BPF_F_ZERO_SEED - BPF_F_RDONLY_PROG - BPF_F_WRONLY_PROG - BPF_F_CLONE - BPF_F_MMAPABLE - BPF_F_PRESERVE_ELEMS - BPF_F_INNER_MAP - BPF_F_LINK - BPF_F_PATH_FD -) - // Flags used by bpf_mprog. const ( BPF_F_REPLACE = 1 << (iota + 2) @@ -192,12 +168,22 @@ const ( BPF_F_LINK_MPROG = 1 << 13 // aka BPF_F_LINK ) -// wrappedErrno wraps syscall.Errno to prevent direct comparisons with +// Flags used by BPF_PROG_LOAD. +const ( + BPF_F_SLEEPABLE = 1 << 4 + BPF_F_XDP_HAS_FRAGS = 1 << 5 + BPF_F_XDP_DEV_BOUND_ONLY = 1 << 6 +) + +const BPF_TAG_SIZE = 8 +const BPF_OBJ_NAME_LEN = 16 + +// wrappedErrno wraps [unix.Errno] to prevent direct comparisons with // syscall.E* or unix.E* constants. // // You should never export an error of this type. type wrappedErrno struct { - syscall.Errno + unix.Errno } func (we wrappedErrno) Unwrap() error { @@ -213,10 +199,10 @@ func (we wrappedErrno) Error() string { type syscallError struct { error - errno syscall.Errno + errno unix.Errno } -func Error(err error, errno syscall.Errno) error { +func Error(err error, errno unix.Errno) error { return &syscallError{err, errno} } diff --git a/vendor/github.com/cilium/ebpf/internal/sys/types.go b/vendor/github.com/cilium/ebpf/internal/sys/types.go index 70e754de71d..82f3492a83d 100644 --- a/vendor/github.com/cilium/ebpf/internal/sys/types.go +++ b/vendor/github.com/cilium/ebpf/internal/sys/types.go @@ -6,6 +6,176 @@ import ( "unsafe" ) +const ( + BPF_ADJ_ROOM_ENCAP_L2_MASK = 255 + BPF_ADJ_ROOM_ENCAP_L2_SHIFT = 56 + BPF_ANY = 0 + BPF_CSUM_LEVEL_DEC = 2 + BPF_CSUM_LEVEL_INC = 1 + BPF_CSUM_LEVEL_QUERY = 0 + BPF_CSUM_LEVEL_RESET = 3 + BPF_EXIST = 2 + BPF_FIB_LKUP_RET_BLACKHOLE = 1 + BPF_FIB_LKUP_RET_FRAG_NEEDED = 8 + BPF_FIB_LKUP_RET_FWD_DISABLED = 5 + BPF_FIB_LKUP_RET_NOT_FWDED = 4 + BPF_FIB_LKUP_RET_NO_NEIGH = 7 + BPF_FIB_LKUP_RET_NO_SRC_ADDR = 9 + BPF_FIB_LKUP_RET_PROHIBIT = 3 + BPF_FIB_LKUP_RET_SUCCESS = 0 + BPF_FIB_LKUP_RET_UNREACHABLE = 2 + BPF_FIB_LKUP_RET_UNSUPP_LWT = 6 + BPF_FIB_LOOKUP_DIRECT = 1 + BPF_FIB_LOOKUP_MARK = 32 + BPF_FIB_LOOKUP_OUTPUT = 2 + BPF_FIB_LOOKUP_SKIP_NEIGH = 4 + BPF_FIB_LOOKUP_SRC = 16 + BPF_FIB_LOOKUP_TBID = 8 + BPF_FLOW_DISSECTOR_F_PARSE_1ST_FRAG = 1 + BPF_FLOW_DISSECTOR_F_STOP_AT_ENCAP = 4 + BPF_FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL = 2 + BPF_F_ADJ_ROOM_DECAP_L3_IPV4 = 128 + BPF_F_ADJ_ROOM_DECAP_L3_IPV6 = 256 + BPF_F_ADJ_ROOM_ENCAP_L2_ETH = 64 + BPF_F_ADJ_ROOM_ENCAP_L3_IPV4 = 2 + BPF_F_ADJ_ROOM_ENCAP_L3_IPV6 = 4 + BPF_F_ADJ_ROOM_ENCAP_L4_GRE = 8 + BPF_F_ADJ_ROOM_ENCAP_L4_UDP = 16 + BPF_F_ADJ_ROOM_FIXED_GSO = 1 + BPF_F_ADJ_ROOM_NO_CSUM_RESET = 32 + BPF_F_BPRM_SECUREEXEC = 1 + BPF_F_BROADCAST = 8 + BPF_F_CLONE = 512 + BPF_F_CTXLEN_MASK = 4503595332403200 + BPF_F_CURRENT_CPU = 4294967295 + BPF_F_CURRENT_NETNS = 18446744073709551615 + BPF_F_DONT_FRAGMENT = 4 + BPF_F_EXCLUDE_INGRESS = 16 + BPF_F_FAST_STACK_CMP = 512 + BPF_F_GET_BRANCH_RECORDS_SIZE = 1 + BPF_F_HDR_FIELD_MASK = 15 + BPF_F_INDEX_MASK = 4294967295 + BPF_F_INGRESS = 1 + BPF_F_INNER_MAP = 4096 + BPF_F_INVALIDATE_HASH = 2 + BPF_F_KPROBE_MULTI_RETURN = 1 + BPF_F_LINK = 8192 + BPF_F_LOCK = 4 + BPF_F_MARK_ENFORCE = 64 + BPF_F_MARK_MANGLED_0 = 32 + BPF_F_MMAPABLE = 1024 + BPF_F_NEIGH = 2 + BPF_F_NEXTHOP = 8 + BPF_F_NO_COMMON_LRU = 2 + BPF_F_NO_PREALLOC = 1 + BPF_F_NO_TUNNEL_KEY = 16 + BPF_F_NO_USER_CONV = 262144 + BPF_F_NUMA_NODE = 4 + BPF_F_PATH_FD = 16384 + BPF_F_PEER = 4 + BPF_F_PRESERVE_ELEMS = 2048 + BPF_F_PSEUDO_HDR = 16 + BPF_F_RDONLY = 8 + BPF_F_RDONLY_PROG = 128 + BPF_F_RECOMPUTE_CSUM = 1 + BPF_F_REUSE_STACKID = 1024 + BPF_F_SEGV_ON_FAULT = 131072 + BPF_F_SEQ_NUMBER = 8 + BPF_F_SKIP_FIELD_MASK = 255 + BPF_F_STACK_BUILD_ID = 32 + BPF_F_SYSCTL_BASE_NAME = 1 + BPF_F_TIMER_ABS = 1 + BPF_F_TIMER_CPU_PIN = 2 + BPF_F_TOKEN_FD = 65536 + BPF_F_TUNINFO_FLAGS = 16 + BPF_F_TUNINFO_IPV6 = 1 + BPF_F_UPROBE_MULTI_RETURN = 1 + BPF_F_USER_BUILD_ID = 2048 + BPF_F_USER_STACK = 256 + BPF_F_VTYPE_BTF_OBJ_FD = 32768 + BPF_F_WRONLY = 16 + BPF_F_WRONLY_PROG = 256 + BPF_F_ZERO_CSUM_TX = 2 + BPF_F_ZERO_SEED = 64 + BPF_LOAD_HDR_OPT_TCP_SYN = 1 + BPF_LOCAL_STORAGE_GET_F_CREATE = 1 + BPF_MAX_LOOPS = 8388608 + BPF_MAX_TRAMP_LINKS = 38 + BPF_NOEXIST = 1 + BPF_RB_AVAIL_DATA = 0 + BPF_RB_CONS_POS = 2 + BPF_RB_FORCE_WAKEUP = 2 + BPF_RB_NO_WAKEUP = 1 + BPF_RB_PROD_POS = 3 + BPF_RB_RING_SIZE = 1 + BPF_REG_0 = 0 + BPF_REG_1 = 1 + BPF_REG_10 = 10 + BPF_REG_2 = 2 + BPF_REG_3 = 3 + BPF_REG_4 = 4 + BPF_REG_5 = 5 + BPF_REG_6 = 6 + BPF_REG_7 = 7 + BPF_REG_8 = 8 + BPF_REG_9 = 9 + BPF_RINGBUF_BUSY_BIT = 2147483648 + BPF_RINGBUF_DISCARD_BIT = 1073741824 + BPF_RINGBUF_HDR_SZ = 8 + BPF_SKB_CLOCK_MONOTONIC = 1 + BPF_SKB_CLOCK_REALTIME = 0 + BPF_SKB_CLOCK_TAI = 2 + BPF_SKB_TSTAMP_DELIVERY_MONO = 1 + BPF_SKB_TSTAMP_UNSPEC = 0 + BPF_SK_LOOKUP_F_NO_REUSEPORT = 2 + BPF_SK_LOOKUP_F_REPLACE = 1 + BPF_SK_STORAGE_GET_F_CREATE = 1 + BPF_SOCK_OPS_ACTIVE_ESTABLISHED_CB = 4 + BPF_SOCK_OPS_ALL_CB_FLAGS = 127 + BPF_SOCK_OPS_BASE_RTT = 7 + BPF_SOCK_OPS_HDR_OPT_LEN_CB = 14 + BPF_SOCK_OPS_NEEDS_ECN = 6 + BPF_SOCK_OPS_PARSE_ALL_HDR_OPT_CB_FLAG = 16 + BPF_SOCK_OPS_PARSE_HDR_OPT_CB = 13 + BPF_SOCK_OPS_PARSE_UNKNOWN_HDR_OPT_CB_FLAG = 32 + BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB = 5 + BPF_SOCK_OPS_RETRANS_CB = 9 + BPF_SOCK_OPS_RETRANS_CB_FLAG = 2 + BPF_SOCK_OPS_RTO_CB = 8 + BPF_SOCK_OPS_RTO_CB_FLAG = 1 + BPF_SOCK_OPS_RTT_CB = 12 + BPF_SOCK_OPS_RTT_CB_FLAG = 8 + BPF_SOCK_OPS_RWND_INIT = 2 + BPF_SOCK_OPS_STATE_CB = 10 + BPF_SOCK_OPS_STATE_CB_FLAG = 4 + BPF_SOCK_OPS_TCP_CONNECT_CB = 3 + BPF_SOCK_OPS_TCP_LISTEN_CB = 11 + BPF_SOCK_OPS_TIMEOUT_INIT = 1 + BPF_SOCK_OPS_VOID = 0 + BPF_SOCK_OPS_WRITE_HDR_OPT_CB = 15 + BPF_SOCK_OPS_WRITE_HDR_OPT_CB_FLAG = 64 + BPF_TASK_ITER_ALL_PROCS = 0 + BPF_TASK_ITER_ALL_THREADS = 1 + BPF_TASK_ITER_PROC_THREADS = 2 + BPF_TCP_BOUND_INACTIVE = 13 + BPF_TCP_CLOSE = 7 + BPF_TCP_CLOSE_WAIT = 8 + BPF_TCP_CLOSING = 11 + BPF_TCP_ESTABLISHED = 1 + BPF_TCP_FIN_WAIT1 = 4 + BPF_TCP_FIN_WAIT2 = 5 + BPF_TCP_LAST_ACK = 9 + BPF_TCP_LISTEN = 10 + BPF_TCP_MAX_STATES = 14 + BPF_TCP_NEW_SYN_RECV = 12 + BPF_TCP_SYN_RECV = 3 + BPF_TCP_SYN_SENT = 2 + BPF_TCP_TIME_WAIT = 6 + BPF_WRITE_HDR_TCP_CURRENT_MSS = 1 + BPF_WRITE_HDR_TCP_SYNACK_COOKIE = 2 + BPF_XFRM_STATE_OPTS_SZ = 36 +) + type AdjRoomMode uint32 const ( @@ -72,7 +242,8 @@ const ( BPF_CGROUP_UNIX_GETSOCKNAME AttachType = 53 BPF_NETKIT_PRIMARY AttachType = 54 BPF_NETKIT_PEER AttachType = 55 - __MAX_BPF_ATTACH_TYPE AttachType = 56 + BPF_TRACE_KPROBE_SESSION AttachType = 56 + __MAX_BPF_ATTACH_TYPE AttachType = 57 ) type Cmd uint32 @@ -115,6 +286,8 @@ const ( BPF_ITER_CREATE Cmd = 33 BPF_LINK_DETACH Cmd = 34 BPF_PROG_BIND_MAP Cmd = 35 + BPF_TOKEN_CREATE Cmd = 36 + __MAX_BPF_CMD Cmd = 37 ) type FunctionId uint32 @@ -359,7 +532,8 @@ const ( BPF_LINK_TYPE_TCX LinkType = 11 BPF_LINK_TYPE_UPROBE_MULTI LinkType = 12 BPF_LINK_TYPE_NETKIT LinkType = 13 - __MAX_BPF_LINK_TYPE LinkType = 14 + BPF_LINK_TYPE_SOCKMAP LinkType = 14 + __MAX_BPF_LINK_TYPE LinkType = 15 ) type MapType uint32 @@ -400,6 +574,17 @@ const ( BPF_MAP_TYPE_BLOOM_FILTER MapType = 30 BPF_MAP_TYPE_USER_RINGBUF MapType = 31 BPF_MAP_TYPE_CGRP_STORAGE MapType = 32 + BPF_MAP_TYPE_ARENA MapType = 33 + __MAX_BPF_MAP_TYPE MapType = 34 +) + +type ObjType uint32 + +const ( + BPF_TYPE_UNSPEC ObjType = 0 + BPF_TYPE_PROG ObjType = 1 + BPF_TYPE_MAP ObjType = 2 + BPF_TYPE_LINK ObjType = 3 ) type PerfEventType uint32 @@ -450,6 +635,7 @@ const ( BPF_PROG_TYPE_SK_LOOKUP ProgType = 30 BPF_PROG_TYPE_SYSCALL ProgType = 31 BPF_PROG_TYPE_NETFILTER ProgType = 32 + __MAX_BPF_PROG_TYPE ProgType = 33 ) type RetCode uint32 @@ -537,7 +723,7 @@ type MapInfo struct { KeySize uint32 ValueSize uint32 MaxEntries uint32 - MapFlags MapFlags + MapFlags uint32 Name ObjName Ifindex uint32 BtfVmlinuxValueTypeId TypeID @@ -546,7 +732,7 @@ type MapInfo struct { BtfId uint32 BtfKeyTypeId TypeID BtfValueTypeId TypeID - _ [4]byte + BtfVmlinuxId uint32 MapExtra uint64 } @@ -556,7 +742,7 @@ type ProgInfo struct { Tag [8]uint8 JitedProgLen uint32 XlatedProgLen uint32 - JitedProgInsns uint64 + JitedProgInsns Pointer XlatedProgInsns Pointer LoadTime uint64 CreatedByUid uint32 @@ -569,15 +755,15 @@ type ProgInfo struct { NetnsIno uint64 NrJitedKsyms uint32 NrJitedFuncLens uint32 - JitedKsyms uint64 - JitedFuncLens uint64 + JitedKsyms Pointer + JitedFuncLens Pointer BtfId BTFID FuncInfoRecSize uint32 FuncInfo Pointer NrFuncInfo uint32 NrLineInfo uint32 LineInfo Pointer - JitedLineInfo uint64 + JitedLineInfo Pointer NrJitedLineInfo uint32 LineInfoRecSize uint32 JitedLineInfoRecSize uint32 @@ -643,6 +829,8 @@ type BtfLoadAttr struct { BtfLogSize uint32 BtfLogLevel uint32 BtfLogTrueSize uint32 + BtfFlags uint32 + BtfTokenFd int32 } func BtfLoad(attr *BtfLoadAttr) (*FD, error) { @@ -886,7 +1074,7 @@ type MapCreateAttr struct { KeySize uint32 ValueSize uint32 MaxEntries uint32 - MapFlags MapFlags + MapFlags uint32 InnerMapFd uint32 NumaNode uint32 MapName ObjName @@ -896,6 +1084,8 @@ type MapCreateAttr struct { BtfValueTypeId TypeID BtfVmlinuxValueTypeId TypeID MapExtra uint64 + ValueTypeBtfObjFd int32 + MapTokenFd int32 } func MapCreate(attr *MapCreateAttr) (*FD, error) { @@ -1189,6 +1379,8 @@ type ProgLoadAttr struct { CoreRelos Pointer CoreReloRecSize uint32 LogTrueSize uint32 + ProgTokenFd int32 + _ [4]byte } func ProgLoad(attr *ProgLoadAttr) (*FD, error) { @@ -1246,6 +1438,7 @@ type RawTracepointOpenAttr struct { Name Pointer ProgFd uint32 _ [4]byte + Cookie uint64 } func RawTracepointOpen(attr *RawTracepointOpenAttr) (*FD, error) { @@ -1287,19 +1480,20 @@ type KprobeLinkInfo struct { Offset uint32 Addr uint64 Missed uint64 - _ [8]byte + Cookie uint64 } type KprobeMultiLinkInfo struct { - Type LinkType - Id LinkID - ProgId uint32 - _ [4]byte - Addrs Pointer - Count uint32 - Flags uint32 - Missed uint64 - _ [24]byte + Type LinkType + Id LinkID + ProgId uint32 + _ [4]byte + Addrs Pointer + Count uint32 + Flags uint32 + Missed uint64 + Cookies uint64 + _ [16]byte } type NetNsLinkInfo struct { diff --git a/vendor/github.com/cilium/ebpf/internal/sysenc/buffer.go b/vendor/github.com/cilium/ebpf/internal/sysenc/buffer.go index d184ea196ae..1b4f052ee2b 100644 --- a/vendor/github.com/cilium/ebpf/internal/sysenc/buffer.go +++ b/vendor/github.com/cilium/ebpf/internal/sysenc/buffer.go @@ -51,12 +51,12 @@ func SyscallOutput(dst any, size int) Buffer { // // Returns the number of copied bytes. func (b Buffer) CopyTo(dst []byte) int { - return copy(dst, b.unsafeBytes()) + return copy(dst, b.Bytes()) } // AppendTo appends the buffer onto dst. func (b Buffer) AppendTo(dst []byte) []byte { - return append(dst, b.unsafeBytes()...) + return append(dst, b.Bytes()...) } // Pointer returns the location where a syscall should write. @@ -72,10 +72,12 @@ func (b Buffer) Unmarshal(data any) error { return nil } - return Unmarshal(data, b.unsafeBytes()) + return Unmarshal(data, b.Bytes()) } -func (b Buffer) unsafeBytes() []byte { +// Bytes returns the buffer as a byte slice. Returns nil if the Buffer was +// created using UnsafeBuffer or by zero-copy unmarshaling. +func (b Buffer) Bytes() []byte { if b.size == syscallPointerOnly { return nil } diff --git a/vendor/github.com/cilium/ebpf/internal/testutils/fdtrace/fd_trace.go b/vendor/github.com/cilium/ebpf/internal/testutils/fdtrace/fd_trace.go new file mode 100644 index 00000000000..562df2cc0c2 --- /dev/null +++ b/vendor/github.com/cilium/ebpf/internal/testutils/fdtrace/fd_trace.go @@ -0,0 +1,103 @@ +package fdtrace + +import ( + "bytes" + "fmt" + "os" + "runtime" + "sync" + "sync/atomic" +) + +// foundLeak is atomic since the GC may collect objects in parallel. +var foundLeak atomic.Bool + +func onLeakFD(fs *runtime.Frames) { + foundLeak.Store(true) + fmt.Fprintln(os.Stderr, "leaked fd created at:") + fmt.Fprintln(os.Stderr, formatFrames(fs)) +} + +// fds is a registry of all file descriptors wrapped into sys.fds that were +// created while an fd tracer was active. +var fds *sync.Map // map[int]*runtime.Frames + +// TraceFD associates raw with the current execution stack. +// +// skip controls how many entries of the stack the function should skip. +func TraceFD(raw int, skip int) { + if fds == nil { + return + } + + // Attempt to store the caller's stack for the given fd value. + // Panic if fds contains an existing stack for the fd. + old, exist := fds.LoadOrStore(raw, callersFrames(skip)) + if exist { + f := old.(*runtime.Frames) + panic(fmt.Sprintf("found existing stack for fd %d:\n%s", raw, formatFrames(f))) + } +} + +// ForgetFD removes any existing association for raw. +func ForgetFD(raw int) { + if fds != nil { + fds.Delete(raw) + } +} + +// LeakFD indicates that raw was leaked. +// +// Calling the function with a value that was not passed to [TraceFD] before +// is undefined. +func LeakFD(raw int) { + if fds == nil { + return + } + + // Invoke the fd leak callback. Calls LoadAndDelete to guarantee the callback + // is invoked at most once for one sys.FD allocation, runtime.Frames can only + // be unwound once. + f, ok := fds.LoadAndDelete(raw) + if ok { + onLeakFD(f.(*runtime.Frames)) + } +} + +// flushFrames removes all elements from fds and returns them as a slice. This +// deals with the fact that a runtime.Frames can only be unwound once using +// Next(). +func flushFrames() []*runtime.Frames { + var frames []*runtime.Frames + fds.Range(func(key, value any) bool { + frames = append(frames, value.(*runtime.Frames)) + fds.Delete(key) + return true + }) + return frames +} + +func callersFrames(skip int) *runtime.Frames { + c := make([]uintptr, 32) + + // Skip runtime.Callers and this function. + i := runtime.Callers(skip+2, c) + if i == 0 { + return nil + } + + return runtime.CallersFrames(c) +} + +// formatFrames formats a runtime.Frames as a human-readable string. +func formatFrames(fs *runtime.Frames) string { + var b bytes.Buffer + for { + f, more := fs.Next() + b.WriteString(fmt.Sprintf("\t%s+%#x\n\t\t%s:%d\n", f.Function, f.PC-f.Entry, f.File, f.Line)) + if !more { + break + } + } + return b.String() +} diff --git a/vendor/github.com/cilium/ebpf/internal/testutils/fdtrace/main.go b/vendor/github.com/cilium/ebpf/internal/testutils/fdtrace/main.go new file mode 100644 index 00000000000..c1f7b42d91d --- /dev/null +++ b/vendor/github.com/cilium/ebpf/internal/testutils/fdtrace/main.go @@ -0,0 +1,31 @@ +package fdtrace + +import ( + "os" + "sync" +) + +type testingM interface { + Run() int +} + +// TestMain runs m with fd tracing enabled. +// +// The function calls [os.Exit] and does not return. +func TestMain(m testingM) { + fds = new(sync.Map) + + ret := m.Run() + + if fs := flushFrames(); len(fs) != 0 { + for _, f := range fs { + onLeakFD(f) + } + } + + if foundLeak.Load() { + ret = 99 + } + + os.Exit(ret) +} diff --git a/vendor/github.com/cilium/ebpf/internal/tracefs/kprobe.go b/vendor/github.com/cilium/ebpf/internal/tracefs/kprobe.go index 897740fec0c..bdadf4d8ead 100644 --- a/vendor/github.com/cilium/ebpf/internal/tracefs/kprobe.go +++ b/vendor/github.com/cilium/ebpf/internal/tracefs/kprobe.go @@ -12,6 +12,7 @@ import ( "syscall" "github.com/cilium/ebpf/internal" + "github.com/cilium/ebpf/internal/linux" "github.com/cilium/ebpf/internal/unix" ) @@ -112,6 +113,10 @@ func sanitizeTracefsPath(path ...string) (string, error) { // but may be also be available at /sys/kernel/debug/tracing if debugfs is mounted. // The available tracefs paths will depends on distribution choices. var getTracefsPath = sync.OnceValues(func() (string, error) { + if !internal.OnLinux { + return "", fmt.Errorf("tracefs: %w", internal.ErrNotSupportedOnOS) + } + for _, p := range []struct { path string fsType int64 @@ -121,7 +126,7 @@ var getTracefsPath = sync.OnceValues(func() (string, error) { // RHEL/CentOS {"/sys/kernel/debug/tracing", unix.DEBUGFS_MAGIC}, } { - if fsType, err := internal.FSType(p.path); err == nil && fsType == p.fsType { + if fsType, err := linux.FSType(p.path); err == nil && fsType == p.fsType { return p.path, nil } } @@ -213,7 +218,10 @@ func NewEvent(args ProbeArgs) (*Event, error) { if err == nil { return nil, fmt.Errorf("trace event %s/%s: %w", args.Group, eventName, os.ErrExist) } - if err != nil && !errors.Is(err, os.ErrNotExist) { + if errors.Is(err, unix.EINVAL) { + return nil, fmt.Errorf("trace event %s/%s: %w (unknown symbol?)", args.Group, eventName, err) + } + if !errors.Is(err, os.ErrNotExist) { return nil, fmt.Errorf("checking trace event %s/%s: %w", args.Group, eventName, err) } diff --git a/vendor/github.com/cilium/ebpf/internal/unix/errno_linux.go b/vendor/github.com/cilium/ebpf/internal/unix/errno_linux.go new file mode 100644 index 00000000000..0c4886bd13a --- /dev/null +++ b/vendor/github.com/cilium/ebpf/internal/unix/errno_linux.go @@ -0,0 +1,29 @@ +package unix + +import ( + "syscall" + + linux "golang.org/x/sys/unix" +) + +type Errno = syscall.Errno + +const ( + E2BIG = linux.E2BIG + EACCES = linux.EACCES + EAGAIN = linux.EAGAIN + EBADF = linux.EBADF + EEXIST = linux.EEXIST + EFAULT = linux.EFAULT + EILSEQ = linux.EILSEQ + EINTR = linux.EINTR + EINVAL = linux.EINVAL + ENODEV = linux.ENODEV + ENOENT = linux.ENOENT + ENOSPC = linux.ENOSPC + EOPNOTSUPP = linux.EOPNOTSUPP + EPERM = linux.EPERM + EPOLLIN = linux.EPOLLIN + ESRCH = linux.ESRCH + ESTALE = linux.ESTALE +) diff --git a/vendor/github.com/cilium/ebpf/internal/unix/errno_other.go b/vendor/github.com/cilium/ebpf/internal/unix/errno_other.go new file mode 100644 index 00000000000..fc2b042b547 --- /dev/null +++ b/vendor/github.com/cilium/ebpf/internal/unix/errno_other.go @@ -0,0 +1,29 @@ +//go:build !linux && !windows + +package unix + +import "syscall" + +type Errno = syscall.Errno + +// Errnos are distinct and non-zero. +const ( + E2BIG Errno = iota + 1 + EACCES + EAGAIN + EBADF + EEXIST + EFAULT + EILSEQ + EINTR + EINVAL + ENODEV + ENOENT + ENOSPC + ENOTSUP + ENOTSUPP + EOPNOTSUPP + EPERM + ESRCH + ESTALE +) diff --git a/vendor/github.com/cilium/ebpf/internal/unix/errno_string_windows.go b/vendor/github.com/cilium/ebpf/internal/unix/errno_string_windows.go new file mode 100644 index 00000000000..6077e983f3f --- /dev/null +++ b/vendor/github.com/cilium/ebpf/internal/unix/errno_string_windows.go @@ -0,0 +1,59 @@ +// Code generated by "stringer -type=Errno -tags=windows -output=errno_string_windows.go"; DO NOT EDIT. + +package unix + +import "strconv" + +func _() { + // An "invalid array index" compiler error signifies that the constant values have changed. + // Re-run the stringer command to generate them again. + var x [1]struct{} + _ = x[EPERM-1] + _ = x[ENOENT-2] + _ = x[ESRCH-3] + _ = x[EINTR-4] + _ = x[E2BIG-7] + _ = x[EBADF-9] + _ = x[EAGAIN-11] + _ = x[EACCES-13] + _ = x[EFAULT-14] + _ = x[EEXIST-17] + _ = x[ENODEV-19] + _ = x[EINVAL-22] + _ = x[ENOSPC-28] + _ = x[EILSEQ-42] + _ = x[ENOTSUP-129] + _ = x[EOPNOTSUPP-130] + _ = x[ENOTSUPP-536870912] + _ = x[ESTALE-536870913] +} + +const _Errno_name = "EPERMENOENTESRCHEINTRE2BIGEBADFEAGAINEACCESEFAULTEEXISTENODEVEINVALENOSPCEILSEQENOTSUPEOPNOTSUPPENOTSUPPESTALE" + +var _Errno_map = map[Errno]string{ + 1: _Errno_name[0:5], + 2: _Errno_name[5:11], + 3: _Errno_name[11:16], + 4: _Errno_name[16:21], + 7: _Errno_name[21:26], + 9: _Errno_name[26:31], + 11: _Errno_name[31:37], + 13: _Errno_name[37:43], + 14: _Errno_name[43:49], + 17: _Errno_name[49:55], + 19: _Errno_name[55:61], + 22: _Errno_name[61:67], + 28: _Errno_name[67:73], + 42: _Errno_name[73:79], + 129: _Errno_name[79:86], + 130: _Errno_name[86:96], + 536870912: _Errno_name[96:104], + 536870913: _Errno_name[104:110], +} + +func (i Errno) String() string { + if str, ok := _Errno_map[i]; ok { + return str + } + return "Errno(" + strconv.FormatInt(int64(i), 10) + ")" +} diff --git a/vendor/github.com/cilium/ebpf/internal/unix/errno_windows.go b/vendor/github.com/cilium/ebpf/internal/unix/errno_windows.go new file mode 100644 index 00000000000..7500cd6d4ee --- /dev/null +++ b/vendor/github.com/cilium/ebpf/internal/unix/errno_windows.go @@ -0,0 +1,78 @@ +package unix + +// The code in this file is derived from syscall_unix.go in the Go source code, +// licensed under the MIT license. + +import ( + "errors" + "os" + "syscall" +) + +//go:generate go run golang.org/x/tools/cmd/stringer@latest -type=Errno -tags=windows -output=errno_string_windows.go + +// Windows specific constants for Unix errnos. +// +// The values do not always match Linux, for example EILSEQ and EOPNOTSUPP. +// +// See https://learn.microsoft.com/en-us/cpp/c-runtime-library/errno-constants?view=msvc-170 +const ( + EPERM Errno = 1 + ENOENT Errno = 2 + ESRCH Errno = 3 + EINTR Errno = 4 + E2BIG Errno = 7 + EBADF Errno = 9 + EAGAIN Errno = 11 + EACCES Errno = 13 + EFAULT Errno = 14 + EEXIST Errno = 17 + ENODEV Errno = 19 + EINVAL Errno = 22 + ENFILE Errno = 23 + EMFILE Errno = 24 + ENOSPC Errno = 28 + ENOSYS Errno = 40 + ENOTEMPTY Errno = 41 + EILSEQ Errno = 42 + ENOTSUP Errno = 129 + EOPNOTSUPP Errno = 130 + ETIMEDOUT Errno = 138 + EWOULDBLOCK Errno = 140 +) + +// These constants do not exist on Windows and therefore have a non-zero +// dummy value. +const ( + ENOTSUPP Errno = Errno(syscall.APPLICATION_ERROR) + iota + ESTALE +) + +// Errno is a Windows compatibility shim for Unix errnos. +type Errno uintptr + +func (e Errno) Error() string { + return e.String() +} + +func (e Errno) Is(target error) bool { + switch target { + case os.ErrPermission: + return e == EACCES || e == EPERM + case os.ErrExist: + return e == EEXIST || e == ENOTEMPTY + case os.ErrNotExist: + return e == ENOENT + case errors.ErrUnsupported: + return e == ENOSYS || e == ENOTSUP || e == EOPNOTSUPP + } + return false +} + +func (e Errno) Temporary() bool { + return e == EINTR || e == EMFILE || e == ENFILE || e.Timeout() +} + +func (e Errno) Timeout() bool { + return e == EAGAIN || e == EWOULDBLOCK || e == ETIMEDOUT +} diff --git a/vendor/github.com/cilium/ebpf/internal/unix/error.go b/vendor/github.com/cilium/ebpf/internal/unix/error.go new file mode 100644 index 00000000000..48017c1009c --- /dev/null +++ b/vendor/github.com/cilium/ebpf/internal/unix/error.go @@ -0,0 +1,23 @@ +package unix + +import ( + "fmt" + "runtime" + "strings" + + "github.com/cilium/ebpf/internal" +) + +// errNonLinux returns an error which wraps [internal.ErrNotSupportedOnOS] and +// includes the name of the calling function. +func errNonLinux() error { + name := "unknown" + pc, _, _, ok := runtime.Caller(1) + if ok { + name = runtime.FuncForPC(pc).Name() + if pos := strings.LastIndexByte(name, '.'); pos != -1 { + name = name[pos+1:] + } + } + return fmt.Errorf("unix: %s: %w", name, internal.ErrNotSupportedOnOS) +} diff --git a/vendor/github.com/cilium/ebpf/internal/unix/strings_other.go b/vendor/github.com/cilium/ebpf/internal/unix/strings_other.go new file mode 100644 index 00000000000..49e1fe21720 --- /dev/null +++ b/vendor/github.com/cilium/ebpf/internal/unix/strings_other.go @@ -0,0 +1,11 @@ +//go:build !linux && !windows + +package unix + +func BytePtrFromString(s string) (*byte, error) { + return nil, errNonLinux() +} + +func ByteSliceToString(s []byte) string { + return "" +} diff --git a/vendor/github.com/cilium/ebpf/internal/unix/strings_windows.go b/vendor/github.com/cilium/ebpf/internal/unix/strings_windows.go new file mode 100644 index 00000000000..7e3d4da7773 --- /dev/null +++ b/vendor/github.com/cilium/ebpf/internal/unix/strings_windows.go @@ -0,0 +1,19 @@ +package unix + +import ( + "syscall" + + "golang.org/x/sys/windows" +) + +func BytePtrFromString(s string) (*byte, error) { + p, err := windows.BytePtrFromString(s) + if err == syscall.EINVAL { + err = EINVAL + } + return p, err +} + +func ByteSliceToString(s []byte) string { + return windows.ByteSliceToString(s) +} diff --git a/vendor/github.com/cilium/ebpf/internal/unix/types_linux.go b/vendor/github.com/cilium/ebpf/internal/unix/types_linux.go index d725cfaa394..385adf08b86 100644 --- a/vendor/github.com/cilium/ebpf/internal/unix/types_linux.go +++ b/vendor/github.com/cilium/ebpf/internal/unix/types_linux.go @@ -8,26 +8,6 @@ import ( linux "golang.org/x/sys/unix" ) -const ( - ENOENT = linux.ENOENT - EEXIST = linux.EEXIST - EAGAIN = linux.EAGAIN - ENOSPC = linux.ENOSPC - EINVAL = linux.EINVAL - EPOLLIN = linux.EPOLLIN - EINTR = linux.EINTR - EPERM = linux.EPERM - ESRCH = linux.ESRCH - ENODEV = linux.ENODEV - EBADF = linux.EBADF - E2BIG = linux.E2BIG - EFAULT = linux.EFAULT - EACCES = linux.EACCES - EILSEQ = linux.EILSEQ - EOPNOTSUPP = linux.EOPNOTSUPP - ESTALE = linux.ESTALE -) - const ( BPF_F_NO_PREALLOC = linux.BPF_F_NO_PREALLOC BPF_F_NUMA_NODE = linux.BPF_F_NUMA_NODE @@ -81,15 +61,16 @@ const ( SO_DETACH_BPF = linux.SO_DETACH_BPF SOL_SOCKET = linux.SOL_SOCKET SIGPROF = linux.SIGPROF + SIGUSR1 = linux.SIGUSR1 SIG_BLOCK = linux.SIG_BLOCK SIG_UNBLOCK = linux.SIG_UNBLOCK - EM_NONE = linux.EM_NONE - EM_BPF = linux.EM_BPF BPF_FS_MAGIC = linux.BPF_FS_MAGIC TRACEFS_MAGIC = linux.TRACEFS_MAGIC DEBUGFS_MAGIC = linux.DEBUGFS_MAGIC BPF_RB_NO_WAKEUP = linux.BPF_RB_NO_WAKEUP BPF_RB_FORCE_WAKEUP = linux.BPF_RB_FORCE_WAKEUP + AF_UNSPEC = linux.AF_UNSPEC + IFF_UP = linux.IFF_UP ) type Statfs_t = linux.Statfs_t @@ -214,3 +195,7 @@ func SchedSetaffinity(pid int, set *CPUSet) error { func SchedGetaffinity(pid int, set *CPUSet) error { return linux.SchedGetaffinity(pid, set) } + +func Auxv() ([][2]uintptr, error) { + return linux.Auxv() +} diff --git a/vendor/github.com/cilium/ebpf/internal/unix/types_other.go b/vendor/github.com/cilium/ebpf/internal/unix/types_other.go index 3ff8962716a..323f7ff34ed 100644 --- a/vendor/github.com/cilium/ebpf/internal/unix/types_other.go +++ b/vendor/github.com/cilium/ebpf/internal/unix/types_other.go @@ -3,33 +3,9 @@ package unix import ( - "fmt" - "runtime" "syscall" ) -var errNonLinux = fmt.Errorf("unsupported platform %s/%s", runtime.GOOS, runtime.GOARCH) - -// Errnos are distinct and non-zero. -const ( - ENOENT syscall.Errno = iota + 1 - EEXIST - EAGAIN - ENOSPC - EINVAL - EINTR - EPERM - ESRCH - ENODEV - EBADF - E2BIG - EFAULT - EACCES - EILSEQ - EOPNOTSUPP - ESTALE -) - // Constants are distinct to avoid breaking switch statements. const ( BPF_F_NO_PREALLOC = iota @@ -84,16 +60,17 @@ const ( SO_DETACH_BPF SOL_SOCKET SIGPROF + SIGUSR1 SIG_BLOCK SIG_UNBLOCK - EM_NONE - EM_BPF BPF_FS_MAGIC TRACEFS_MAGIC DEBUGFS_MAGIC BPF_RB_NO_WAKEUP BPF_RB_FORCE_WAKEUP BPF_F_LOCK + AF_UNSPEC + IFF_UP ) type Statfs_t struct { @@ -136,28 +113,28 @@ type Sigset_t struct { Val [4]uint64 } -func Syscall(trap, a1, a2, a3 uintptr) (r1, r2 uintptr, err syscall.Errno) { - return 0, 0, syscall.ENOTSUP +func Syscall(trap, a1, a2, a3 uintptr) (r1, r2 uintptr, err Errno) { + return 0, 0, ENOTSUP } func PthreadSigmask(how int, set, oldset *Sigset_t) error { - return errNonLinux + return errNonLinux() } func FcntlInt(fd uintptr, cmd, arg int) (int, error) { - return -1, errNonLinux + return -1, errNonLinux() } func IoctlSetInt(fd int, req uint, value int) error { - return errNonLinux + return errNonLinux() } func Statfs(path string, buf *Statfs_t) error { - return errNonLinux + return errNonLinux() } func Close(fd int) (err error) { - return errNonLinux + return errNonLinux() } type EpollEvent struct { @@ -167,23 +144,23 @@ type EpollEvent struct { } func EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error) { - return 0, errNonLinux + return 0, errNonLinux() } func EpollCtl(epfd int, op int, fd int, event *EpollEvent) (err error) { - return errNonLinux + return errNonLinux() } func Eventfd(initval uint, flags int) (fd int, err error) { - return 0, errNonLinux + return 0, errNonLinux() } func Write(fd int, p []byte) (n int, err error) { - return 0, errNonLinux + return 0, errNonLinux() } func EpollCreate1(flag int) (fd int, err error) { - return 0, errNonLinux + return 0, errNonLinux() } type PerfEventMmapPage struct { @@ -213,15 +190,15 @@ type PerfEventMmapPage struct { } func SetNonblock(fd int, nonblocking bool) (err error) { - return errNonLinux + return errNonLinux() } func Mmap(fd int, offset int64, length int, prot int, flags int) (data []byte, err error) { - return []byte{}, errNonLinux + return []byte{}, errNonLinux() } func Munmap(b []byte) (err error) { - return errNonLinux + return errNonLinux() } type PerfEventAttr struct { @@ -246,7 +223,7 @@ type PerfEventAttr struct { } func PerfEventOpen(attr *PerfEventAttr, pid int, cpu int, groupFd int, flags int) (fd int, err error) { - return 0, errNonLinux + return 0, errNonLinux() } type Utsname struct { @@ -255,7 +232,7 @@ type Utsname struct { } func Uname(buf *Utsname) (err error) { - return errNonLinux + return errNonLinux() } func Getpid() int { @@ -267,35 +244,27 @@ func Gettid() int { } func Tgkill(tgid int, tid int, sig syscall.Signal) (err error) { - return errNonLinux -} - -func BytePtrFromString(s string) (*byte, error) { - return nil, errNonLinux -} - -func ByteSliceToString(s []byte) string { - return "" + return errNonLinux() } func Renameat2(olddirfd int, oldpath string, newdirfd int, newpath string, flags uint) error { - return errNonLinux + return errNonLinux() } func Prlimit(pid, resource int, new, old *Rlimit) error { - return errNonLinux + return errNonLinux() } func Open(path string, mode int, perm uint32) (int, error) { - return -1, errNonLinux + return -1, errNonLinux() } func Fstat(fd int, stat *Stat_t) error { - return errNonLinux + return errNonLinux() } func SetsockoptInt(fd, level, opt, value int) error { - return errNonLinux + return errNonLinux() } type CPUSet struct{} @@ -303,9 +272,13 @@ type CPUSet struct{} func (*CPUSet) Set(int) {} func SchedSetaffinity(pid int, set *CPUSet) error { - return errNonLinux + return errNonLinux() } func SchedGetaffinity(pid int, set *CPUSet) error { - return errNonLinux + return errNonLinux() +} + +func Auxv() ([][2]uintptr, error) { + return nil, errNonLinux() } diff --git a/vendor/github.com/cilium/ebpf/internal/version.go b/vendor/github.com/cilium/ebpf/internal/version.go index acd4650af73..a230830b013 100644 --- a/vendor/github.com/cilium/ebpf/internal/version.go +++ b/vendor/github.com/cilium/ebpf/internal/version.go @@ -2,9 +2,6 @@ package internal import ( "fmt" - "sync" - - "github.com/cilium/ebpf/internal/unix" ) const ( @@ -78,30 +75,3 @@ func (v Version) Kernel() uint32 { // each other when overflowing 8 bits. return uint32(uint8(v[0]))<<16 | uint32(uint8(v[1]))<<8 | uint32(uint8(s)) } - -// KernelVersion returns the version of the currently running kernel. -var KernelVersion = sync.OnceValues(func() (Version, error) { - return detectKernelVersion() -}) - -// detectKernelVersion returns the version of the running kernel. -func detectKernelVersion() (Version, error) { - vc, err := vdsoVersion() - if err != nil { - return Version{}, err - } - return NewVersionFromCode(vc), nil -} - -// KernelRelease returns the release string of the running kernel. -// Its format depends on the Linux distribution and corresponds to directory -// names in /lib/modules by convention. Some examples are 5.15.17-1-lts and -// 4.19.0-16-amd64. -func KernelRelease() (string, error) { - var uname unix.Utsname - if err := unix.Uname(&uname); err != nil { - return "", fmt.Errorf("uname failed: %w", err) - } - - return unix.ByteSliceToString(uname.Release[:]), nil -} diff --git a/vendor/github.com/cilium/ebpf/link/kprobe.go b/vendor/github.com/cilium/ebpf/link/kprobe.go index fe3f17c3717..6f93a27a254 100644 --- a/vendor/github.com/cilium/ebpf/link/kprobe.go +++ b/vendor/github.com/cilium/ebpf/link/kprobe.go @@ -10,6 +10,7 @@ import ( "github.com/cilium/ebpf" "github.com/cilium/ebpf/internal" + "github.com/cilium/ebpf/internal/linux" "github.com/cilium/ebpf/internal/sys" "github.com/cilium/ebpf/internal/tracefs" "github.com/cilium/ebpf/internal/unix" @@ -60,6 +61,9 @@ func (ko *KprobeOptions) cookie() uint64 { // platform's syscall prefix (e.g. __x64_) to support attaching to syscalls // in a portable fashion. // +// On kernels 6.11 and later, setting a kprobe on a nonexistent symbol using +// tracefs incorrectly returns [unix.EINVAL] instead of [os.ErrNotExist]. +// // The returned Link may implement [PerfEvent]. func Kprobe(symbol string, prog *ebpf.Program, opts *KprobeOptions) (Link, error) { k, err := kprobe(symbol, prog, opts, false) @@ -91,7 +95,7 @@ func Kprobe(symbol string, prog *ebpf.Program, opts *KprobeOptions) (Link, error // in a portable fashion. // // On kernels 5.10 and earlier, setting a kretprobe on a nonexistent symbol -// incorrectly returns unix.EINVAL instead of os.ErrNotExist. +// incorrectly returns [unix.EINVAL] instead of [os.ErrNotExist]. // // The returned Link may implement [PerfEvent]. func Kretprobe(symbol string, prog *ebpf.Program, opts *KprobeOptions) (Link, error) { @@ -169,7 +173,7 @@ func kprobe(symbol string, prog *ebpf.Program, opts *KprobeOptions, ret bool) (* // Use kprobe PMU if the kernel has it available. tp, err := pmuProbe(args) if errors.Is(err, os.ErrNotExist) || errors.Is(err, unix.EINVAL) { - if prefix := internal.PlatformPrefix(); prefix != "" { + if prefix := linux.PlatformPrefix(); prefix != "" { args.Symbol = prefix + symbol tp, err = pmuProbe(args) } @@ -177,7 +181,7 @@ func kprobe(symbol string, prog *ebpf.Program, opts *KprobeOptions, ret bool) (* if err == nil { return tp, nil } - if err != nil && !errors.Is(err, ErrNotSupported) { + if !errors.Is(err, ErrNotSupported) { return nil, fmt.Errorf("creating perf_kprobe PMU (arch-specific fallback for %q): %w", symbol, err) } @@ -185,7 +189,7 @@ func kprobe(symbol string, prog *ebpf.Program, opts *KprobeOptions, ret bool) (* args.Symbol = symbol tp, err = tracefsProbe(args) if errors.Is(err, os.ErrNotExist) || errors.Is(err, unix.EINVAL) { - if prefix := internal.PlatformPrefix(); prefix != "" { + if prefix := linux.PlatformPrefix(); prefix != "" { args.Symbol = prefix + symbol tp, err = tracefsProbe(args) } diff --git a/vendor/github.com/cilium/ebpf/link/kprobe_multi.go b/vendor/github.com/cilium/ebpf/link/kprobe_multi.go index f7a8291f945..f19f9f4c732 100644 --- a/vendor/github.com/cilium/ebpf/link/kprobe_multi.go +++ b/vendor/github.com/cilium/ebpf/link/kprobe_multi.go @@ -37,6 +37,14 @@ type KprobeMultiOptions struct { // Each Cookie is assigned to the Symbol or Address specified at the // corresponding slice index. Cookies []uint64 + + // Session must be true when attaching Programs with the + // [ebpf.AttachTraceKprobeSession] attach type. + // + // This makes a Kprobe execute on both function entry and return. The entry + // program can share a cookie value with the return program and can decide + // whether the return program gets executed. + Session bool } // KprobeMulti attaches the given eBPF program to the entry point of a given set @@ -60,7 +68,7 @@ func KprobeMulti(prog *ebpf.Program, opts KprobeMultiOptions) (Link, error) { // // Requires at least Linux 5.18. func KretprobeMulti(prog *ebpf.Program, opts KprobeMultiOptions) (Link, error) { - return kprobeMulti(prog, opts, unix.BPF_F_KPROBE_MULTI_RETURN) + return kprobeMulti(prog, opts, sys.BPF_F_KPROBE_MULTI_RETURN) } func kprobeMulti(prog *ebpf.Program, opts KprobeMultiOptions, flags uint32) (Link, error) { @@ -82,9 +90,14 @@ func kprobeMulti(prog *ebpf.Program, opts KprobeMultiOptions, flags uint32) (Lin return nil, fmt.Errorf("Cookies must be exactly Symbols or Addresses in length: %w", errInvalidInput) } + attachType := sys.BPF_TRACE_KPROBE_MULTI + if opts.Session { + attachType = sys.BPF_TRACE_KPROBE_SESSION + } + attr := &sys.LinkCreateKprobeMultiAttr{ ProgFd: uint32(prog.FD()), - AttachType: sys.BPF_TRACE_KPROBE_MULTI, + AttachType: attachType, KprobeMultiFlags: flags, } @@ -103,21 +116,31 @@ func kprobeMulti(prog *ebpf.Program, opts KprobeMultiOptions, flags uint32) (Lin } fd, err := sys.LinkCreateKprobeMulti(attr) + if err == nil { + return &kprobeMultiLink{RawLink{fd, ""}}, nil + } + if errors.Is(err, unix.ESRCH) { return nil, fmt.Errorf("couldn't find one or more symbols: %w", os.ErrNotExist) } - if errors.Is(err, unix.EINVAL) { - return nil, fmt.Errorf("%w (missing kernel symbol or prog's AttachType not AttachTraceKprobeMulti?)", err) - } - if err != nil { + if opts.Session { + if haveFeatErr := haveBPFLinkKprobeSession(); haveFeatErr != nil { + return nil, haveFeatErr + } + } else { if haveFeatErr := haveBPFLinkKprobeMulti(); haveFeatErr != nil { return nil, haveFeatErr } - return nil, err } - return &kprobeMultiLink{RawLink{fd, ""}}, nil + // Check EINVAL after running feature probes, since it's also returned when + // the kernel doesn't support the multi/session attach types. + if errors.Is(err, unix.EINVAL) { + return nil, fmt.Errorf("%w (missing kernel symbol or prog's AttachType not %s?)", err, ebpf.AttachType(attachType)) + } + + return nil, err } type kprobeMultiLink struct { @@ -126,7 +149,7 @@ type kprobeMultiLink struct { var _ Link = (*kprobeMultiLink)(nil) -func (kml *kprobeMultiLink) Update(prog *ebpf.Program) error { +func (kml *kprobeMultiLink) Update(_ *ebpf.Program) error { return fmt.Errorf("update kprobe_multi: %w", ErrNotSupported) } @@ -149,7 +172,7 @@ func (kml *kprobeMultiLink) Info() (*Info, error) { }, nil } -var haveBPFLinkKprobeMulti = internal.NewFeatureTest("bpf_link_kprobe_multi", "5.18", func() error { +var haveBPFLinkKprobeMulti = internal.NewFeatureTest("bpf_link_kprobe_multi", func() error { prog, err := ebpf.NewProgram(&ebpf.ProgramSpec{ Name: "probe_kpm_link", Type: ebpf.Kprobe, @@ -188,4 +211,45 @@ var haveBPFLinkKprobeMulti = internal.NewFeatureTest("bpf_link_kprobe_multi", "5 fd.Close() return nil -}) +}, "5.18") + +var haveBPFLinkKprobeSession = internal.NewFeatureTest("bpf_link_kprobe_session", func() error { + prog, err := ebpf.NewProgram(&ebpf.ProgramSpec{ + Name: "probe_kps_link", + Type: ebpf.Kprobe, + Instructions: asm.Instructions{ + asm.Mov.Imm(asm.R0, 0), + asm.Return(), + }, + AttachType: ebpf.AttachTraceKprobeSession, + License: "MIT", + }) + if errors.Is(err, unix.E2BIG) { + // Kernel doesn't support AttachType field. + return internal.ErrNotSupported + } + if err != nil { + return err + } + defer prog.Close() + + fd, err := sys.LinkCreateKprobeMulti(&sys.LinkCreateKprobeMultiAttr{ + ProgFd: uint32(prog.FD()), + AttachType: sys.BPF_TRACE_KPROBE_SESSION, + Count: 1, + Syms: sys.NewStringSlicePointer([]string{"vprintk"}), + }) + switch { + case errors.Is(err, unix.EINVAL): + return internal.ErrNotSupported + // If CONFIG_FPROBE isn't set. + case errors.Is(err, unix.EOPNOTSUPP): + return internal.ErrNotSupported + case err != nil: + return err + } + + fd.Close() + + return nil +}, "6.10") diff --git a/vendor/github.com/cilium/ebpf/link/link.go b/vendor/github.com/cilium/ebpf/link/link.go index 9c34616c9a9..796769f8ea4 100644 --- a/vendor/github.com/cilium/ebpf/link/link.go +++ b/vendor/github.com/cilium/ebpf/link/link.go @@ -78,7 +78,9 @@ func NewFromID(id ID) (Link, error) { return wrapRawLink(&RawLink{fd, ""}) } -// LoadPinnedLink loads a link that was persisted into a bpffs. +// LoadPinnedLink loads a Link from a pin (file) on the BPF virtual filesystem. +// +// Requires at least Linux 5.7. func LoadPinnedLink(fileName string, opts *ebpf.LoadPinOptions) (Link, error) { raw, err := loadPinnedRawLink(fileName, opts) if err != nil { @@ -350,7 +352,7 @@ func AttachRawLink(opts RawLinkOptions) (*RawLink, error) { } func loadPinnedRawLink(fileName string, opts *ebpf.LoadPinOptions) (*RawLink, error) { - fd, err := sys.ObjGet(&sys.ObjGetAttr{ + fd, typ, err := sys.ObjGetTyped(&sys.ObjGetAttr{ Pathname: sys.NewStringPointer(fileName), FileFlags: opts.Marshal(), }) @@ -358,6 +360,11 @@ func loadPinnedRawLink(fileName string, opts *ebpf.LoadPinOptions) (*RawLink, er return nil, fmt.Errorf("load pinned link: %w", err) } + if typ != sys.BPF_TYPE_LINK { + _ = fd.Close() + return nil, fmt.Errorf("%s is not a Link", fileName) + } + return &RawLink{fd, fileName}, nil } @@ -380,7 +387,7 @@ func (l *RawLink) Close() error { // Calling Close on a pinned Link will not break the link // until the pin is removed. func (l *RawLink) Pin(fileName string) error { - if err := internal.Pin(l.pinnedPath, fileName, l.fd); err != nil { + if err := sys.Pin(l.pinnedPath, fileName, l.fd); err != nil { return err } l.pinnedPath = fileName @@ -389,7 +396,7 @@ func (l *RawLink) Pin(fileName string) error { // Unpin implements the Link interface. func (l *RawLink) Unpin() error { - if err := internal.Unpin(l.pinnedPath); err != nil { + if err := sys.Unpin(l.pinnedPath); err != nil { return err } l.pinnedPath = "" diff --git a/vendor/github.com/cilium/ebpf/link/netfilter.go b/vendor/github.com/cilium/ebpf/link/netfilter.go index 34be3908597..9436d11df93 100644 --- a/vendor/github.com/cilium/ebpf/link/netfilter.go +++ b/vendor/github.com/cilium/ebpf/link/netfilter.go @@ -63,7 +63,7 @@ func AttachNetfilter(opts NetfilterOptions) (Link, error) { return &netfilterLink{RawLink{fd, ""}}, nil } -func (*netfilterLink) Update(new *ebpf.Program) error { +func (*netfilterLink) Update(_ *ebpf.Program) error { return fmt.Errorf("netfilter update: %w", ErrNotSupported) } diff --git a/vendor/github.com/cilium/ebpf/link/perf_event.go b/vendor/github.com/cilium/ebpf/link/perf_event.go index 1d8feb58c1c..7440e8b292a 100644 --- a/vendor/github.com/cilium/ebpf/link/perf_event.go +++ b/vendor/github.com/cilium/ebpf/link/perf_event.go @@ -115,7 +115,7 @@ func (pl *perfEventLink) Close() error { return nil } -func (pl *perfEventLink) Update(prog *ebpf.Program) error { +func (pl *perfEventLink) Update(_ *ebpf.Program) error { return fmt.Errorf("perf event link update: %w", ErrNotSupported) } @@ -185,7 +185,7 @@ func (pi *perfEventIoctl) isLink() {} // // Detaching a program from a perf event is currently not possible, so a // program replacement mechanism cannot be implemented for perf events. -func (pi *perfEventIoctl) Update(prog *ebpf.Program) error { +func (pi *perfEventIoctl) Update(_ *ebpf.Program) error { return fmt.Errorf("perf event ioctl update: %w", ErrNotSupported) } @@ -303,7 +303,7 @@ func openTracepointPerfEvent(tid uint64, pid int) (*sys.FD, error) { // // https://elixir.bootlin.com/linux/v5.16.8/source/kernel/bpf/syscall.c#L4307 // https://github.com/torvalds/linux/commit/b89fbfbb854c9afc3047e8273cc3a694650b802e -var haveBPFLinkPerfEvent = internal.NewFeatureTest("bpf_link_perf_event", "5.15", func() error { +var haveBPFLinkPerfEvent = internal.NewFeatureTest("bpf_link_perf_event", func() error { prog, err := ebpf.NewProgram(&ebpf.ProgramSpec{ Name: "probe_bpf_perf_link", Type: ebpf.Kprobe, @@ -329,4 +329,4 @@ var haveBPFLinkPerfEvent = internal.NewFeatureTest("bpf_link_perf_event", "5.15" return nil } return err -}) +}, "5.15") diff --git a/vendor/github.com/cilium/ebpf/link/syscalls.go b/vendor/github.com/cilium/ebpf/link/syscalls.go index d09b5acb0f3..25951b017dd 100644 --- a/vendor/github.com/cilium/ebpf/link/syscalls.go +++ b/vendor/github.com/cilium/ebpf/link/syscalls.go @@ -30,7 +30,7 @@ const ( NetkitType = sys.BPF_LINK_TYPE_NETKIT ) -var haveProgAttach = internal.NewFeatureTest("BPF_PROG_ATTACH", "4.10", func() error { +var haveProgAttach = internal.NewFeatureTest("BPF_PROG_ATTACH", func() error { prog, err := ebpf.NewProgram(&ebpf.ProgramSpec{ Type: ebpf.CGroupSKB, License: "MIT", @@ -48,9 +48,9 @@ var haveProgAttach = internal.NewFeatureTest("BPF_PROG_ATTACH", "4.10", func() e // have the syscall. prog.Close() return nil -}) +}, "4.10") -var haveProgAttachReplace = internal.NewFeatureTest("BPF_PROG_ATTACH atomic replacement of MULTI progs", "5.5", func() error { +var haveProgAttachReplace = internal.NewFeatureTest("BPF_PROG_ATTACH atomic replacement of MULTI progs", func() error { if err := haveProgAttach(); err != nil { return err } @@ -90,9 +90,9 @@ var haveProgAttachReplace = internal.NewFeatureTest("BPF_PROG_ATTACH atomic repl return nil } return err -}) +}, "5.5") -var haveBPFLink = internal.NewFeatureTest("bpf_link", "5.7", func() error { +var haveBPFLink = internal.NewFeatureTest("bpf_link", func() error { attr := sys.LinkCreateAttr{ // This is a hopefully invalid file descriptor, which triggers EBADF. TargetFd: ^uint32(0), @@ -107,9 +107,9 @@ var haveBPFLink = internal.NewFeatureTest("bpf_link", "5.7", func() error { return nil } return err -}) +}, "5.7") -var haveProgQuery = internal.NewFeatureTest("BPF_PROG_QUERY", "4.15", func() error { +var haveProgQuery = internal.NewFeatureTest("BPF_PROG_QUERY", func() error { attr := sys.ProgQueryAttr{ // We rely on this being checked during the syscall. // With an otherwise correct payload we expect EBADF here @@ -127,9 +127,9 @@ var haveProgQuery = internal.NewFeatureTest("BPF_PROG_QUERY", "4.15", func() err return ErrNotSupported } return errors.New("syscall succeeded unexpectedly") -}) +}, "4.15") -var haveTCX = internal.NewFeatureTest("tcx", "6.6", func() error { +var haveTCX = internal.NewFeatureTest("tcx", func() error { prog, err := ebpf.NewProgram(&ebpf.ProgramSpec{ Type: ebpf.SchedCLS, License: "MIT", @@ -162,9 +162,9 @@ var haveTCX = internal.NewFeatureTest("tcx", "6.6", func() error { return ErrNotSupported } return errors.New("syscall succeeded unexpectedly") -}) +}, "6.6") -var haveNetkit = internal.NewFeatureTest("netkit", "6.7", func() error { +var haveNetkit = internal.NewFeatureTest("netkit", func() error { prog, err := ebpf.NewProgram(&ebpf.ProgramSpec{ Type: ebpf.SchedCLS, License: "MIT", @@ -197,4 +197,4 @@ var haveNetkit = internal.NewFeatureTest("netkit", "6.7", func() error { return ErrNotSupported } return errors.New("syscall succeeded unexpectedly") -}) +}, "6.7") diff --git a/vendor/github.com/cilium/ebpf/link/tracing.go b/vendor/github.com/cilium/ebpf/link/tracing.go index 9e570afc96a..a461007f9f5 100644 --- a/vendor/github.com/cilium/ebpf/link/tracing.go +++ b/vendor/github.com/cilium/ebpf/link/tracing.go @@ -14,7 +14,7 @@ type tracing struct { RawLink } -func (f *tracing) Update(new *ebpf.Program) error { +func (f *tracing) Update(_ *ebpf.Program) error { return fmt.Errorf("tracing update: %w", ErrNotSupported) } diff --git a/vendor/github.com/cilium/ebpf/link/uprobe.go b/vendor/github.com/cilium/ebpf/link/uprobe.go index 194d1d319a7..1852a3fadd2 100644 --- a/vendor/github.com/cilium/ebpf/link/uprobe.go +++ b/vendor/github.com/cilium/ebpf/link/uprobe.go @@ -16,7 +16,7 @@ var ( uprobeRefCtrOffsetPMUPath = "/sys/bus/event_source/devices/uprobe/format/ref_ctr_offset" // elixir.bootlin.com/linux/v5.15-rc7/source/kernel/events/core.c#L9799 uprobeRefCtrOffsetShift = 32 - haveRefCtrOffsetPMU = internal.NewFeatureTest("RefCtrOffsetPMU", "4.20", func() error { + haveRefCtrOffsetPMU = internal.NewFeatureTest("RefCtrOffsetPMU", func() error { _, err := os.Stat(uprobeRefCtrOffsetPMUPath) if errors.Is(err, os.ErrNotExist) { return internal.ErrNotSupported @@ -25,7 +25,7 @@ var ( return err } return nil - }) + }, "4.20") // ErrNoSymbol indicates that the given symbol was not found // in the ELF symbols table. @@ -321,7 +321,7 @@ func (ex *Executable) uprobe(symbol string, prog *ebpf.Program, opts *UprobeOpti if err == nil { return tp, nil } - if err != nil && !errors.Is(err, ErrNotSupported) { + if !errors.Is(err, ErrNotSupported) { return nil, fmt.Errorf("creating perf_uprobe PMU: %w", err) } diff --git a/vendor/github.com/cilium/ebpf/link/uprobe_multi.go b/vendor/github.com/cilium/ebpf/link/uprobe_multi.go index aea807b329a..49dc18b4492 100644 --- a/vendor/github.com/cilium/ebpf/link/uprobe_multi.go +++ b/vendor/github.com/cilium/ebpf/link/uprobe_multi.go @@ -47,7 +47,7 @@ func (ex *Executable) UretprobeMulti(symbols []string, prog *ebpf.Program, opts // The return probe is not limited for symbols entry, so there's no special // setup for return uprobes (other than the extra flag). The symbols, opts.Offsets // and opts.Addresses arrays follow the same logic as for entry uprobes. - return ex.uprobeMulti(symbols, prog, opts, unix.BPF_F_UPROBE_MULTI_RETURN) + return ex.uprobeMulti(symbols, prog, opts, sys.BPF_F_UPROBE_MULTI_RETURN) } func (ex *Executable) uprobeMulti(symbols []string, prog *ebpf.Program, opts *UprobeMultiOptions, flags uint32) (Link, error) { @@ -99,8 +99,11 @@ func (ex *Executable) uprobeMulti(symbols []string, prog *ebpf.Program, opts *Up if errors.Is(err, unix.ESRCH) { return nil, fmt.Errorf("%w (specified pid not found?)", os.ErrNotExist) } + // Since Linux commit 46ba0e49b642 ("bpf: fix multi-uprobe PID filtering + // logic"), if the provided pid overflows MaxInt32 (turning it negative), the + // kernel will return EINVAL instead of ESRCH. if errors.Is(err, unix.EINVAL) { - return nil, fmt.Errorf("%w (missing symbol or prog's AttachType not AttachTraceUprobeMulti?)", err) + return nil, fmt.Errorf("%w (invalid pid, missing symbol or prog's AttachType not AttachTraceUprobeMulti?)", err) } if err != nil { @@ -168,11 +171,11 @@ type uprobeMultiLink struct { var _ Link = (*uprobeMultiLink)(nil) -func (kml *uprobeMultiLink) Update(prog *ebpf.Program) error { +func (kml *uprobeMultiLink) Update(_ *ebpf.Program) error { return fmt.Errorf("update uprobe_multi: %w", ErrNotSupported) } -var haveBPFLinkUprobeMulti = internal.NewFeatureTest("bpf_link_uprobe_multi", "6.6", func() error { +var haveBPFLinkUprobeMulti = internal.NewFeatureTest("bpf_link_uprobe_multi", func() error { prog, err := ebpf.NewProgram(&ebpf.ProgramSpec{ Name: "probe_upm_link", Type: ebpf.Kprobe, @@ -213,4 +216,4 @@ var haveBPFLinkUprobeMulti = internal.NewFeatureTest("bpf_link_uprobe_multi", "6 // should not happen fd.Close() return errors.New("successfully attached uprobe_multi to /, kernel bug?") -}) +}, "6.6") diff --git a/vendor/github.com/cilium/ebpf/linker.go b/vendor/github.com/cilium/ebpf/linker.go index 788f21b7b6f..024b72bbc82 100644 --- a/vendor/github.com/cilium/ebpf/linker.go +++ b/vendor/github.com/cilium/ebpf/linker.go @@ -9,10 +9,12 @@ import ( "io/fs" "math" "slices" + "strings" "github.com/cilium/ebpf/asm" "github.com/cilium/ebpf/btf" "github.com/cilium/ebpf/internal" + "github.com/cilium/ebpf/internal/kallsyms" ) // handles stores handle objects to avoid gc cleanup @@ -205,13 +207,19 @@ func flattenPrograms(progs map[string]*ProgramSpec, names []string) { // dependencies of each program. func flattenInstructions(name string, progs map[string]*ProgramSpec, refs map[*ProgramSpec][]string) asm.Instructions { prog := progs[name] + progRefs := refs[prog] + + if len(progRefs) == 0 { + // No references, nothing to do. + return prog.Instructions + } insns := make(asm.Instructions, len(prog.Instructions)) copy(insns, prog.Instructions) // Add all direct references of prog to the list of to be linked programs. - pending := make([]string, len(refs[prog])) - copy(pending, refs[prog]) + pending := make([]string, len(progRefs)) + copy(pending, progRefs) // All references for which we've appended instructions. linked := make(map[string]bool) @@ -457,3 +465,42 @@ func resolveKconfigReferences(insns asm.Instructions) (_ *Map, err error) { return kconfig, nil } + +func resolveKsymReferences(insns asm.Instructions) error { + var missing []string + + iter := insns.Iterate() + for iter.Next() { + ins := iter.Ins + meta, _ := ins.Metadata.Get(ksymMetaKey{}).(*ksymMeta) + if meta == nil { + continue + } + + addr, err := kallsyms.Address(meta.Name) + if err != nil { + return fmt.Errorf("resolve ksym %s: %w", meta.Name, err) + } + if addr != 0 { + ins.Constant = int64(addr) + continue + } + + if meta.Binding == elf.STB_WEAK { + // A weak ksym variable in eBPF C means its resolution is optional. + // Set a zero constant explicitly for clarity. + ins.Constant = 0 + continue + } + + if !slices.Contains(missing, meta.Name) { + missing = append(missing, meta.Name) + } + } + + if len(missing) > 0 { + return fmt.Errorf("kernel is missing symbol: %s", strings.Join(missing, ",")) + } + + return nil +} diff --git a/vendor/github.com/cilium/ebpf/map.go b/vendor/github.com/cilium/ebpf/map.go index 0b62101c3cb..e5d8bd78095 100644 --- a/vendor/github.com/cilium/ebpf/map.go +++ b/vendor/github.com/cilium/ebpf/map.go @@ -66,16 +66,13 @@ type MapSpec struct { Pinning PinType // Specify numa node during map creation - // (effective only if unix.BPF_F_NUMA_NODE flag is set, + // (effective only if sys.BPF_F_NUMA_NODE flag is set, // which can be imported from golang.org/x/sys/unix) NumaNode uint32 // The initial contents of the map. May be nil. Contents []MapKV - // Whether to freeze a map after setting its initial contents. - Freeze bool - // InnerMap is used as a template for ArrayOfMaps and HashOfMaps InnerMap *MapSpec @@ -161,6 +158,17 @@ func (spec *MapSpec) fixupMagicFields() (*MapSpec, error) { // behaviour in the past. spec.MaxEntries = n } + + case CPUMap: + n, err := PossibleCPU() + if err != nil { + return nil, fmt.Errorf("fixup cpu map: %w", err) + } + + if n := uint32(n); spec.MaxEntries == 0 || spec.MaxEntries > n { + // Perform clamping similar to PerfEventArray. + spec.MaxEntries = n + } } return spec, nil @@ -190,6 +198,14 @@ func (ms *MapSpec) dataSection() ([]byte, *btf.Datasec, error) { return value, ds, nil } +func (ms *MapSpec) readOnly() bool { + return (ms.Flags & sys.BPF_F_RDONLY_PROG) > 0 +} + +func (ms *MapSpec) writeOnly() bool { + return (ms.Flags & sys.BPF_F_WRONLY_PROG) > 0 +} + // MapKV is used to initialize the contents of a Map. type MapKV struct { Key interface{} @@ -222,7 +238,7 @@ func (ms *MapSpec) Compatible(m *Map) error { // BPF_F_RDONLY_PROG is set unconditionally for devmaps. Explicitly allow this // mismatch. - if !((ms.Type == DevMap || ms.Type == DevMapHash) && m.flags^ms.Flags == unix.BPF_F_RDONLY_PROG) && + if !((ms.Type == DevMap || ms.Type == DevMapHash) && m.flags^ms.Flags == sys.BPF_F_RDONLY_PROG) && m.flags != ms.Flags { diffs = append(diffs, fmt.Sprintf("Flags: %d changed to %d", m.flags, ms.Flags)) } @@ -254,6 +270,8 @@ type Map struct { pinnedPath string // Per CPU maps return values larger than the size in the spec fullValueSize int + + memory *Memory } // NewMapFromFD creates a map from a raw fd. @@ -359,7 +377,7 @@ func newMapWithOptions(spec *MapSpec, opts MapOptions) (_ *Map, err error) { return nil, errors.New("inner maps cannot be pinned") } - template, err := spec.InnerMap.createMap(nil, opts) + template, err := spec.InnerMap.createMap(nil) if err != nil { return nil, fmt.Errorf("inner map: %w", err) } @@ -371,7 +389,7 @@ func newMapWithOptions(spec *MapSpec, opts MapOptions) (_ *Map, err error) { innerFd = template.fd } - m, err := spec.createMap(innerFd, opts) + m, err := spec.createMap(innerFd) if err != nil { return nil, err } @@ -387,9 +405,54 @@ func newMapWithOptions(spec *MapSpec, opts MapOptions) (_ *Map, err error) { return m, nil } +// Memory returns a memory-mapped region for the Map. The Map must have been +// created with the BPF_F_MMAPABLE flag. Repeated calls to Memory return the +// same mapping. Callers are responsible for coordinating access to Memory. +func (m *Map) Memory() (*Memory, error) { + if m.memory != nil { + return m.memory, nil + } + + if m.flags&sys.BPF_F_MMAPABLE == 0 { + return nil, fmt.Errorf("Map was not created with the BPF_F_MMAPABLE flag: %w", ErrNotSupported) + } + + size, err := m.memorySize() + if err != nil { + return nil, err + } + + mm, err := newMemory(m.FD(), size) + if err != nil { + return nil, fmt.Errorf("creating new Memory: %w", err) + } + + m.memory = mm + + return mm, nil +} + +func (m *Map) memorySize() (int, error) { + switch m.Type() { + case Array: + // In Arrays, values are always laid out on 8-byte boundaries regardless of + // architecture. Multiply by MaxEntries and align the result to the host's + // page size. + size := int(internal.Align(m.ValueSize(), 8) * m.MaxEntries()) + size = internal.Align(size, os.Getpagesize()) + return size, nil + case Arena: + // For Arenas, MaxEntries denotes the maximum number of pages available to + // the arena. + return int(m.MaxEntries()) * os.Getpagesize(), nil + } + + return 0, fmt.Errorf("determine memory size of map type %s: %w", m.Type(), ErrNotSupported) +} + // createMap validates the spec's properties and creates the map in the kernel // using the given opts. It does not populate or freeze the map. -func (spec *MapSpec) createMap(inner *sys.FD, opts MapOptions) (_ *Map, err error) { +func (spec *MapSpec) createMap(inner *sys.FD) (_ *Map, err error) { closeOnError := func(closer io.Closer) { if err != nil { closer.Close() @@ -416,7 +479,7 @@ func (spec *MapSpec) createMap(inner *sys.FD, opts MapOptions) (_ *Map, err erro KeySize: spec.KeySize, ValueSize: spec.ValueSize, MaxEntries: spec.MaxEntries, - MapFlags: sys.MapFlags(spec.Flags), + MapFlags: spec.Flags, NumaNode: spec.NumaNode, } @@ -474,32 +537,32 @@ func handleMapCreateError(attr sys.MapCreateAttr, spec *MapSpec, err error) erro if errors.Is(err, unix.EINVAL) && spec.Type == UnspecifiedMap { return fmt.Errorf("map create: cannot use type %s", UnspecifiedMap) } - if errors.Is(err, unix.EINVAL) && spec.Flags&unix.BPF_F_NO_PREALLOC > 0 { + if errors.Is(err, unix.EINVAL) && spec.Flags&sys.BPF_F_NO_PREALLOC > 0 { return fmt.Errorf("map create: %w (noPrealloc flag may be incompatible with map type %s)", err, spec.Type) } - switch spec.Type { - case ArrayOfMaps, HashOfMaps: + if spec.Type.canStoreMap() { if haveFeatErr := haveNestedMaps(); haveFeatErr != nil { return fmt.Errorf("map create: %w", haveFeatErr) } } - if spec.Flags&(unix.BPF_F_RDONLY_PROG|unix.BPF_F_WRONLY_PROG) > 0 || spec.Freeze { + + if spec.readOnly() || spec.writeOnly() { if haveFeatErr := haveMapMutabilityModifiers(); haveFeatErr != nil { return fmt.Errorf("map create: %w", haveFeatErr) } } - if spec.Flags&unix.BPF_F_MMAPABLE > 0 { + if spec.Flags&sys.BPF_F_MMAPABLE > 0 { if haveFeatErr := haveMmapableMaps(); haveFeatErr != nil { return fmt.Errorf("map create: %w", haveFeatErr) } } - if spec.Flags&unix.BPF_F_INNER_MAP > 0 { + if spec.Flags&sys.BPF_F_INNER_MAP > 0 { if haveFeatErr := haveInnerMaps(); haveFeatErr != nil { return fmt.Errorf("map create: %w", haveFeatErr) } } - if spec.Flags&unix.BPF_F_NO_PREALLOC > 0 { + if spec.Flags&sys.BPF_F_NO_PREALLOC > 0 { if haveFeatErr := haveNoPreallocMaps(); haveFeatErr != nil { return fmt.Errorf("map create: %w", haveFeatErr) } @@ -530,6 +593,7 @@ func newMap(fd *sys.FD, name string, typ MapType, keySize, valueSize, maxEntries flags, "", int(valueSize), + nil, } if !typ.hasPerCPUValue() { @@ -577,7 +641,12 @@ func (m *Map) Flags() uint32 { return m.flags } -// Info returns metadata about the map. +// Info returns metadata about the map. This was first introduced in Linux 4.5, +// but newer kernels support more MapInfo fields with the introduction of more +// features. See [MapInfo] and its methods for more details. +// +// Returns an error wrapping ErrNotSupported if the kernel supports neither +// BPF_OBJ_GET_INFO_BY_FD nor reading map information from /proc/self/fdinfo. func (m *Map) Info() (*MapInfo, error) { return newMapInfoFromFd(m.fd) } @@ -604,7 +673,7 @@ func (m *Map) Handle() (*btf.Handle, error) { type MapLookupFlags uint64 // LookupLock look up the value of a spin-locked map. -const LookupLock MapLookupFlags = unix.BPF_F_LOCK +const LookupLock MapLookupFlags = sys.BPF_F_LOCK // Lookup retrieves a value from a Map. // @@ -1336,6 +1405,7 @@ func (m *Map) Clone() (*Map, error) { m.flags, "", m.fullValueSize, + nil, }, nil } @@ -1349,7 +1419,7 @@ func (m *Map) Clone() (*Map, error) { // This requires bpffs to be mounted above fileName. // See https://docs.cilium.io/en/stable/network/kubernetes/configuration/#mounting-bpffs-with-systemd func (m *Map) Pin(fileName string) error { - if err := internal.Pin(m.pinnedPath, fileName, m.fd); err != nil { + if err := sys.Pin(m.pinnedPath, fileName, m.fd); err != nil { return err } m.pinnedPath = fileName @@ -1362,7 +1432,7 @@ func (m *Map) Pin(fileName string) error { // // Unpinning an unpinned Map returns nil. func (m *Map) Unpin() error { - if err := internal.Unpin(m.pinnedPath); err != nil { + if err := sys.Unpin(m.pinnedPath); err != nil { return err } m.pinnedPath = "" @@ -1400,7 +1470,7 @@ func (m *Map) finalize(spec *MapSpec) error { } } - if spec.Freeze { + if isConstantDataSection(spec.Name) || isKconfigSection(spec.Name) { if err := m.Freeze(); err != nil { return fmt.Errorf("freezing map: %w", err) } @@ -1501,9 +1571,11 @@ func (m *Map) unmarshalValue(value any, buf sysenc.Buffer) error { return buf.Unmarshal(value) } -// LoadPinnedMap loads a Map from a BPF file. +// LoadPinnedMap opens a Map from a pin (file) on the BPF virtual filesystem. +// +// Requires at least Linux 4.5. func LoadPinnedMap(fileName string, opts *LoadPinOptions) (*Map, error) { - fd, err := sys.ObjGet(&sys.ObjGetAttr{ + fd, typ, err := sys.ObjGetTyped(&sys.ObjGetAttr{ Pathname: sys.NewStringPointer(fileName), FileFlags: opts.Marshal(), }) @@ -1511,6 +1583,11 @@ func LoadPinnedMap(fileName string, opts *LoadPinOptions) (*Map, error) { return nil, err } + if typ != sys.BPF_TYPE_MAP { + _ = fd.Close() + return nil, fmt.Errorf("%s is not a Map", fileName) + } + m, err := newMapFromFD(fd) if err == nil { m.pinnedPath = fileName @@ -1530,6 +1607,10 @@ func unmarshalMap(buf sysenc.Buffer) (*Map, error) { // marshalMap marshals the fd of a map into a buffer in host endianness. func marshalMap(m *Map, length int) ([]byte, error) { + if m == nil { + return nil, errors.New("can't marshal a nil Map") + } + if length != 4 { return nil, fmt.Errorf("can't marshal map to %d bytes", length) } diff --git a/vendor/github.com/cilium/ebpf/memory.go b/vendor/github.com/cilium/ebpf/memory.go new file mode 100644 index 00000000000..312c967131a --- /dev/null +++ b/vendor/github.com/cilium/ebpf/memory.go @@ -0,0 +1,145 @@ +package ebpf + +import ( + "errors" + "fmt" + "io" + "runtime" + + "github.com/cilium/ebpf/internal/unix" +) + +// Memory is the building block for accessing the memory of specific bpf map +// types (Array and Arena at the time of writing) without going through the bpf +// syscall interface. +// +// Given the fd of a bpf map created with the BPF_F_MMAPABLE flag, a shared +// 'file'-based memory-mapped region can be allocated in the process' address +// space, exposing the bpf map's memory by simply accessing a memory location. + +var ErrReadOnly = errors.New("resource is read-only") + +// Memory implements accessing a Map's memory without making any syscalls. +// Pay attention to the difference between Go and C struct alignment rules. Use +// [structs.HostLayout] on supported Go versions to help with alignment. +// +// Note on memory coherence: avoid using packed structs in memory shared between +// user space and eBPF C programs. This drops a struct's memory alignment to 1, +// forcing the compiler to use single-byte loads and stores for field accesses. +// This may lead to partially-written data to be observed from user space. +// +// On most architectures, the memmove implementation used by Go's copy() will +// access data in word-sized chunks. If paired with a matching access pattern on +// the eBPF C side (and if using default memory alignment), accessing shared +// memory without atomics or other synchronization primitives should be sound +// for individual values. For accesses beyond a single value, the usual +// concurrent programming rules apply. +type Memory struct { + b []byte + ro bool +} + +func newMemory(fd, size int) (*Memory, error) { + // Typically, maps created with BPF_F_RDONLY_PROG remain writable from user + // space until frozen. As a security precaution, the kernel doesn't allow + // mapping bpf map memory as read-write into user space if the bpf map was + // frozen, or if it was created using the RDONLY_PROG flag. + // + // The user would be able to write to the map after freezing (since the kernel + // can't change the protection mode of an already-mapped page), while the + // verifier assumes the contents to be immutable. + b, err := unix.Mmap(fd, 0, size, unix.PROT_READ|unix.PROT_WRITE, unix.MAP_SHARED) + + // If the map is frozen when an rw mapping is requested, expect EPERM. If the + // map was created with BPF_F_RDONLY_PROG, expect EACCES. + var ro bool + if errors.Is(err, unix.EPERM) || errors.Is(err, unix.EACCES) { + ro = true + b, err = unix.Mmap(fd, 0, size, unix.PROT_READ, unix.MAP_SHARED) + } + if err != nil { + return nil, fmt.Errorf("setting up memory-mapped region: %w", err) + } + + mm := &Memory{ + b, + ro, + } + runtime.SetFinalizer(mm, (*Memory).close) + + return mm, nil +} + +func (mm *Memory) close() { + if err := unix.Munmap(mm.b); err != nil { + panic(fmt.Errorf("unmapping memory: %w", err)) + } + mm.b = nil +} + +// Size returns the size of the memory-mapped region in bytes. +func (mm *Memory) Size() int { + return len(mm.b) +} + +// ReadOnly returns true if the memory-mapped region is read-only. +func (mm *Memory) ReadOnly() bool { + return mm.ro +} + +// bounds returns true if an access at off of the given size is within bounds. +func (mm *Memory) bounds(off uint64, size uint64) bool { + return off+size < uint64(len(mm.b)) +} + +// ReadAt implements [io.ReaderAt]. Useful for creating a new [io.OffsetWriter]. +// +// See [Memory] for details around memory coherence. +func (mm *Memory) ReadAt(p []byte, off int64) (int, error) { + if mm.b == nil { + return 0, fmt.Errorf("memory-mapped region closed") + } + + if p == nil { + return 0, fmt.Errorf("input buffer p is nil") + } + + if off < 0 || off >= int64(len(mm.b)) { + return 0, fmt.Errorf("read offset out of range") + } + + n := copy(p, mm.b[off:]) + if n < len(p) { + return n, io.EOF + } + + return n, nil +} + +// WriteAt implements [io.WriterAt]. Useful for creating a new +// [io.SectionReader]. +// +// See [Memory] for details around memory coherence. +func (mm *Memory) WriteAt(p []byte, off int64) (int, error) { + if mm.b == nil { + return 0, fmt.Errorf("memory-mapped region closed") + } + if mm.ro { + return 0, fmt.Errorf("memory-mapped region not writable: %w", ErrReadOnly) + } + + if p == nil { + return 0, fmt.Errorf("output buffer p is nil") + } + + if off < 0 || off >= int64(len(mm.b)) { + return 0, fmt.Errorf("write offset out of range") + } + + n := copy(mm.b[off:], p) + if n < len(p) { + return n, io.EOF + } + + return n, nil +} diff --git a/vendor/github.com/cilium/ebpf/netlify.toml b/vendor/github.com/cilium/ebpf/netlify.toml index 67c83f3b307..764c3b447b5 100644 --- a/vendor/github.com/cilium/ebpf/netlify.toml +++ b/vendor/github.com/cilium/ebpf/netlify.toml @@ -2,3 +2,4 @@ base = "docs/" publish = "site/" command = "mkdocs build" + environment = { PYTHON_VERSION = "3.13" } diff --git a/vendor/github.com/cilium/ebpf/prog.go b/vendor/github.com/cilium/ebpf/prog.go index 9bc6325f887..8fcae6a3fbe 100644 --- a/vendor/github.com/cilium/ebpf/prog.go +++ b/vendor/github.com/cilium/ebpf/prog.go @@ -16,6 +16,7 @@ import ( "github.com/cilium/ebpf/btf" "github.com/cilium/ebpf/internal" "github.com/cilium/ebpf/internal/kallsyms" + "github.com/cilium/ebpf/internal/linux" "github.com/cilium/ebpf/internal/sys" "github.com/cilium/ebpf/internal/sysenc" "github.com/cilium/ebpf/internal/unix" @@ -46,14 +47,15 @@ const ( outputPad = 256 + 2 ) -// Deprecated: the correct log size is now detected automatically and this -// constant is unused. -const DefaultVerifierLogSize = 64 * 1024 - // minVerifierLogSize is the default number of bytes allocated for the // verifier log. const minVerifierLogSize = 64 * 1024 +// maxVerifierLogSize is the maximum size of verifier log buffer the kernel +// will accept before returning EINVAL. May be increased to MaxUint32 in the +// future, but avoid the unnecessary EINVAL for now. +const maxVerifierLogSize = math.MaxUint32 >> 2 + // ProgramOptions control loading a program into the kernel. type ProgramOptions struct { // Bitmap controlling the detail emitted by the kernel's eBPF verifier log. @@ -73,9 +75,10 @@ type ProgramOptions struct { // attempt at loading the program. LogLevel LogLevel - // Deprecated: the correct log buffer size is determined automatically - // and this field is ignored. - LogSize int + // Starting size of the verifier log buffer. If the verifier log is larger + // than this size, the buffer will be grown to fit the entire log. Leave at + // its default value unless troubleshooting. + LogSizeStart uint32 // Disables the verifier log completely, regardless of other options. LogDisabled bool @@ -162,26 +165,35 @@ func (ps *ProgramSpec) Tag() (string, error) { return ps.Instructions.Tag(internal.NativeEndian) } -// KernelModule returns the kernel module, if any, the AttachTo function is contained in. -func (ps *ProgramSpec) KernelModule() (string, error) { +// kernelModule returns the kernel module providing the symbol in +// ProgramSpec.AttachTo, if any. Returns an empty string if the symbol is not +// present or not part of a kernel module. +func (ps *ProgramSpec) kernelModule() (string, error) { + if ps.targetsKernelModule() { + return kallsyms.Module(ps.AttachTo) + } + + return "", nil +} + +// targetsKernelModule returns true if the program supports being attached to a +// symbol provided by a kernel module. +func (ps *ProgramSpec) targetsKernelModule() bool { if ps.AttachTo == "" { - return "", nil + return false } switch ps.Type { - default: - return "", nil case Tracing: switch ps.AttachType { - default: - return "", nil - case AttachTraceFEntry: - case AttachTraceFExit: + case AttachTraceFEntry, AttachTraceFExit: + return true } - fallthrough case Kprobe: - return kallsyms.KernelModule(ps.AttachTo) + return true } + + return false } // VerifierError is returned by [NewProgram] and [NewProgramWithOptions] if a @@ -261,7 +273,7 @@ func newProgramWithOptions(spec *ProgramSpec, opts ProgramOptions) (*Program, er // Overwrite Kprobe program version if set to zero or the magic version constant. kv := spec.KernelVersion if spec.Type == Kprobe && (kv == 0 || kv == internal.MagicKernelVersion) { - v, err := internal.KernelVersion() + v, err := linux.KernelVersion() if err != nil { return nil, fmt.Errorf("detecting kernel version: %w", err) } @@ -283,7 +295,7 @@ func newProgramWithOptions(spec *ProgramSpec, opts ProgramOptions) (*Program, er insns := make(asm.Instructions, len(spec.Instructions)) copy(insns, spec.Instructions) - kmodName, err := spec.KernelModule() + kmodName, err := spec.kernelModule() if err != nil { return nil, fmt.Errorf("kernel module search: %w", err) } @@ -344,6 +356,10 @@ func newProgramWithOptions(spec *ProgramSpec, opts ProgramOptions) (*Program, er } defer kconfig.Close() + if err := resolveKsymReferences(insns); err != nil { + return nil, fmt.Errorf("resolve .ksyms: %w", err) + } + if err := fixupAndValidate(insns); err != nil { return nil, err } @@ -395,9 +411,10 @@ func newProgramWithOptions(spec *ProgramSpec, opts ProgramOptions) (*Program, er // The caller requested a specific verifier log level. Set up the log buffer // so that there is a chance of loading the program in a single shot. + logSize := internal.Between(opts.LogSizeStart, minVerifierLogSize, maxVerifierLogSize) var logBuf []byte if !opts.LogDisabled && opts.LogLevel != 0 { - logBuf = make([]byte, minVerifierLogSize) + logBuf = make([]byte, logSize) attr.LogLevel = opts.LogLevel attr.LogSize = uint32(len(logBuf)) attr.LogBuf = sys.NewSlicePointer(logBuf) @@ -431,12 +448,11 @@ func newProgramWithOptions(spec *ProgramSpec, opts ProgramOptions) (*Program, er attr.LogLevel = LogLevelBranch } - // Make an educated guess how large the buffer should be. Start - // at minVerifierLogSize and then double the size. - logSize := uint32(max(len(logBuf)*2, minVerifierLogSize)) - if int(logSize) < len(logBuf) { - return nil, errors.New("overflow while probing log buffer size") - } + // Make an educated guess how large the buffer should be by multiplying. + // Ensure the size doesn't overflow. + const factor = 2 + logSize = internal.Between(logSize, minVerifierLogSize, maxVerifierLogSize/factor) + logSize *= factor if attr.LogTrueSize != 0 { // The kernel has given us a hint how large the log buffer has to be. @@ -462,6 +478,12 @@ func newProgramWithOptions(spec *ProgramSpec, opts ProgramOptions) (*Program, er return nil, fmt.Errorf("load program: %w (MEMLOCK may be too low, consider rlimit.RemoveMemlock)", err) } + case errors.Is(err, unix.EFAULT): + // EFAULT is returned when the kernel hits a verifier bug, and always + // overrides ENOSPC, defeating the buffer growth strategy. Warn the user + // that they may need to increase the buffer size manually. + return nil, fmt.Errorf("load program: %w (hit verifier bug, increase LogSizeStart to fit the log and check dmesg)", err) + case errors.Is(err, unix.EINVAL): if bytes.Contains(tail, coreBadCall) { err = errBadRelocation @@ -598,7 +620,7 @@ func (p *Program) Clone() (*Program, error) { // This requires bpffs to be mounted above fileName. // See https://docs.cilium.io/en/stable/network/kubernetes/configuration/#mounting-bpffs-with-systemd func (p *Program) Pin(fileName string) error { - if err := internal.Pin(p.pinnedPath, fileName, p.fd); err != nil { + if err := sys.Pin(p.pinnedPath, fileName, p.fd); err != nil { return err } p.pinnedPath = fileName @@ -611,7 +633,7 @@ func (p *Program) Pin(fileName string) error { // // Unpinning an unpinned Program returns nil. func (p *Program) Unpin() error { - if err := internal.Unpin(p.pinnedPath); err != nil { + if err := sys.Unpin(p.pinnedPath); err != nil { return err } p.pinnedPath = "" @@ -699,6 +721,10 @@ func (p *Program) Test(in []byte) (uint32, []byte, error) { // // Note: the same restrictions from Test apply. func (p *Program) Run(opts *RunOptions) (uint32, error) { + if opts == nil { + opts = &RunOptions{} + } + ret, _, err := p.run(opts) if err != nil { return ret, fmt.Errorf("run program: %w", err) @@ -732,7 +758,7 @@ func (p *Program) Benchmark(in []byte, repeat int, reset func()) (uint32, time.D return ret, total, nil } -var haveProgRun = internal.NewFeatureTest("BPF_PROG_RUN", "4.12", func() error { +var haveProgRun = internal.NewFeatureTest("BPF_PROG_RUN", func() error { prog, err := NewProgram(&ProgramSpec{ // SocketFilter does not require privileges on newer kernels. Type: SocketFilter, @@ -774,7 +800,7 @@ var haveProgRun = internal.NewFeatureTest("BPF_PROG_RUN", "4.12", func() error { } return err -}) +}, "4.12") func (p *Program) run(opts *RunOptions) (uint32, time.Duration, error) { if uint(len(opts.Data)) > math.MaxUint32 { @@ -883,6 +909,10 @@ func unmarshalProgram(buf sysenc.Buffer) (*Program, error) { } func marshalProgram(p *Program, length int) ([]byte, error) { + if p == nil { + return nil, errors.New("can't marshal a nil Program") + } + if length != 4 { return nil, fmt.Errorf("can't marshal program to %d bytes", length) } @@ -892,11 +922,12 @@ func marshalProgram(p *Program, length int) ([]byte, error) { return buf, nil } -// LoadPinnedProgram loads a Program from a BPF file. +// LoadPinnedProgram loads a Program from a pin (file) on the BPF virtual +// filesystem. // // Requires at least Linux 4.11. func LoadPinnedProgram(fileName string, opts *LoadPinOptions) (*Program, error) { - fd, err := sys.ObjGet(&sys.ObjGetAttr{ + fd, typ, err := sys.ObjGetTyped(&sys.ObjGetAttr{ Pathname: sys.NewStringPointer(fileName), FileFlags: opts.Marshal(), }) @@ -904,6 +935,11 @@ func LoadPinnedProgram(fileName string, opts *LoadPinOptions) (*Program, error) return nil, err } + if typ != sys.BPF_TYPE_PROG { + _ = fd.Close() + return nil, fmt.Errorf("%s is not a Program", fileName) + } + info, err := newProgramInfoFromFd(fd) if err != nil { _ = fd.Close() diff --git a/vendor/github.com/cilium/ebpf/syscalls.go b/vendor/github.com/cilium/ebpf/syscalls.go index 4aef7faebc8..25c84c3c5c1 100644 --- a/vendor/github.com/cilium/ebpf/syscalls.go +++ b/vendor/github.com/cilium/ebpf/syscalls.go @@ -10,6 +10,7 @@ import ( "github.com/cilium/ebpf/asm" "github.com/cilium/ebpf/internal" + "github.com/cilium/ebpf/internal/linux" "github.com/cilium/ebpf/internal/sys" "github.com/cilium/ebpf/internal/tracefs" "github.com/cilium/ebpf/internal/unix" @@ -60,7 +61,7 @@ func progLoad(insns asm.Instructions, typ ProgramType, license string) (*sys.FD, }) } -var haveNestedMaps = internal.NewFeatureTest("nested maps", "4.12", func() error { +var haveNestedMaps = internal.NewFeatureTest("nested maps", func() error { _, err := sys.MapCreate(&sys.MapCreateAttr{ MapType: sys.MapType(ArrayOfMaps), KeySize: 4, @@ -76,9 +77,9 @@ var haveNestedMaps = internal.NewFeatureTest("nested maps", "4.12", func() error return nil } return err -}) +}, "4.12") -var haveMapMutabilityModifiers = internal.NewFeatureTest("read- and write-only maps", "5.2", func() error { +var haveMapMutabilityModifiers = internal.NewFeatureTest("read- and write-only maps", func() error { // This checks BPF_F_RDONLY_PROG and BPF_F_WRONLY_PROG. Since // BPF_MAP_FREEZE appeared in 5.2 as well we don't do a separate check. m, err := sys.MapCreate(&sys.MapCreateAttr{ @@ -86,39 +87,39 @@ var haveMapMutabilityModifiers = internal.NewFeatureTest("read- and write-only m KeySize: 4, ValueSize: 4, MaxEntries: 1, - MapFlags: unix.BPF_F_RDONLY_PROG, + MapFlags: sys.BPF_F_RDONLY_PROG, }) if err != nil { return internal.ErrNotSupported } _ = m.Close() return nil -}) +}, "5.2") -var haveMmapableMaps = internal.NewFeatureTest("mmapable maps", "5.5", func() error { +var haveMmapableMaps = internal.NewFeatureTest("mmapable maps", func() error { // This checks BPF_F_MMAPABLE, which appeared in 5.5 for array maps. m, err := sys.MapCreate(&sys.MapCreateAttr{ MapType: sys.MapType(Array), KeySize: 4, ValueSize: 4, MaxEntries: 1, - MapFlags: unix.BPF_F_MMAPABLE, + MapFlags: sys.BPF_F_MMAPABLE, }) if err != nil { return internal.ErrNotSupported } _ = m.Close() return nil -}) +}, "5.5") -var haveInnerMaps = internal.NewFeatureTest("inner maps", "5.10", func() error { +var haveInnerMaps = internal.NewFeatureTest("inner maps", func() error { // This checks BPF_F_INNER_MAP, which appeared in 5.10. m, err := sys.MapCreate(&sys.MapCreateAttr{ MapType: sys.MapType(Array), KeySize: 4, ValueSize: 4, MaxEntries: 1, - MapFlags: unix.BPF_F_INNER_MAP, + MapFlags: sys.BPF_F_INNER_MAP, }) if err != nil { @@ -126,16 +127,16 @@ var haveInnerMaps = internal.NewFeatureTest("inner maps", "5.10", func() error { } _ = m.Close() return nil -}) +}, "5.10") -var haveNoPreallocMaps = internal.NewFeatureTest("prealloc maps", "4.6", func() error { +var haveNoPreallocMaps = internal.NewFeatureTest("prealloc maps", func() error { // This checks BPF_F_NO_PREALLOC, which appeared in 4.6. m, err := sys.MapCreate(&sys.MapCreateAttr{ MapType: sys.MapType(Hash), KeySize: 4, ValueSize: 4, MaxEntries: 1, - MapFlags: unix.BPF_F_NO_PREALLOC, + MapFlags: sys.BPF_F_NO_PREALLOC, }) if err != nil { @@ -143,7 +144,7 @@ var haveNoPreallocMaps = internal.NewFeatureTest("prealloc maps", "4.6", func() } _ = m.Close() return nil -}) +}, "4.6") func wrapMapError(err error) error { if err == nil { @@ -169,7 +170,7 @@ func wrapMapError(err error) error { return err } -var haveObjName = internal.NewFeatureTest("object names", "4.15", func() error { +var haveObjName = internal.NewFeatureTest("object names", func() error { attr := sys.MapCreateAttr{ MapType: sys.MapType(Array), KeySize: 4, @@ -178,16 +179,24 @@ var haveObjName = internal.NewFeatureTest("object names", "4.15", func() error { MapName: sys.NewObjName("feature_test"), } + // Tolerate EPERM as this runs during ELF loading which is potentially + // unprivileged. Only EINVAL is conclusive, thrown from CHECK_ATTR. fd, err := sys.MapCreate(&attr) - if err != nil { + if errors.Is(err, unix.EPERM) { + return nil + } + if errors.Is(err, unix.EINVAL) { return internal.ErrNotSupported } + if err != nil { + return err + } _ = fd.Close() return nil -}) +}, "4.15") -var objNameAllowsDot = internal.NewFeatureTest("dot in object names", "5.2", func() error { +var objNameAllowsDot = internal.NewFeatureTest("dot in object names", func() error { if err := haveObjName(); err != nil { return err } @@ -200,16 +209,25 @@ var objNameAllowsDot = internal.NewFeatureTest("dot in object names", "5.2", fun MapName: sys.NewObjName(".test"), } + // Tolerate EPERM, otherwise MapSpec.Name has its dots removed when run by + // unprivileged tools. (bpf2go, other code gen). Only EINVAL is conclusive, + // thrown from bpf_obj_name_cpy(). fd, err := sys.MapCreate(&attr) - if err != nil { + if errors.Is(err, unix.EPERM) { + return nil + } + if errors.Is(err, unix.EINVAL) { return internal.ErrNotSupported } + if err != nil { + return err + } _ = fd.Close() return nil -}) +}, "5.2") -var haveBatchAPI = internal.NewFeatureTest("map batch api", "5.6", func() error { +var haveBatchAPI = internal.NewFeatureTest("map batch api", func() error { var maxEntries uint32 = 2 attr := sys.MapCreateAttr{ MapType: sys.MapType(Hash), @@ -239,9 +257,9 @@ var haveBatchAPI = internal.NewFeatureTest("map batch api", "5.6", func() error return internal.ErrNotSupported } return nil -}) +}, "5.6") -var haveProbeReadKernel = internal.NewFeatureTest("bpf_probe_read_kernel", "5.5", func() error { +var haveProbeReadKernel = internal.NewFeatureTest("bpf_probe_read_kernel", func() error { insns := asm.Instructions{ asm.Mov.Reg(asm.R1, asm.R10), asm.Add.Imm(asm.R1, -8), @@ -257,9 +275,9 @@ var haveProbeReadKernel = internal.NewFeatureTest("bpf_probe_read_kernel", "5.5" } _ = fd.Close() return nil -}) +}, "5.5") -var haveBPFToBPFCalls = internal.NewFeatureTest("bpf2bpf calls", "4.16", func() error { +var haveBPFToBPFCalls = internal.NewFeatureTest("bpf2bpf calls", func() error { insns := asm.Instructions{ asm.Call.Label("prog2").WithSymbol("prog1"), asm.Return(), @@ -273,10 +291,10 @@ var haveBPFToBPFCalls = internal.NewFeatureTest("bpf2bpf calls", "4.16", func() } _ = fd.Close() return nil -}) +}, "4.16") -var haveSyscallWrapper = internal.NewFeatureTest("syscall wrapper", "4.17", func() error { - prefix := internal.PlatformPrefix() +var haveSyscallWrapper = internal.NewFeatureTest("syscall wrapper", func() error { + prefix := linux.PlatformPrefix() if prefix == "" { return fmt.Errorf("unable to find the platform prefix for (%s)", runtime.GOARCH) } @@ -302,9 +320,9 @@ var haveSyscallWrapper = internal.NewFeatureTest("syscall wrapper", "4.17", func } return evt.Close() -}) +}, "4.17") -var haveProgramExtInfos = internal.NewFeatureTest("program ext_infos", "5.0", func() error { +var haveProgramExtInfos = internal.NewFeatureTest("program ext_infos", func() error { insns := asm.Instructions{ asm.Mov.Imm(asm.R0, 0), asm.Return(), @@ -334,4 +352,4 @@ var haveProgramExtInfos = internal.NewFeatureTest("program ext_infos", "5.0", fu } return err -}) +}, "5.0") diff --git a/vendor/github.com/cilium/ebpf/types.go b/vendor/github.com/cilium/ebpf/types.go index 542c2397cab..d7fb00509de 100644 --- a/vendor/github.com/cilium/ebpf/types.go +++ b/vendor/github.com/cilium/ebpf/types.go @@ -2,7 +2,6 @@ package ebpf import ( "github.com/cilium/ebpf/internal/sys" - "github.com/cilium/ebpf/internal/unix" ) //go:generate go run golang.org/x/tools/cmd/stringer@latest -output types_string.go -type=MapType,ProgramType,PinType @@ -95,6 +94,14 @@ const ( InodeStorage // TaskStorage - Specialized local storage map for task_struct. TaskStorage + // BloomFilter - Space-efficient data structure to quickly test whether an element exists in a set. + BloomFilter + // UserRingbuf - The reverse of RingBuf, used to send messages from user space to BPF programs. + UserRingbuf + // CgroupStorage - Store data keyed on a cgroup. If the cgroup disappears, the key is automatically removed. + CgroupStorage + // Arena - Sparse shared memory region between a BPF program and user space. + Arena ) // hasPerCPUValue returns true if the Map stores a value per CPU. @@ -120,6 +127,21 @@ func (mt MapType) canStoreProgram() bool { return mt == ProgramArray } +// canHaveValueSize returns true if the map type supports setting a value size. +func (mt MapType) canHaveValueSize() bool { + switch mt { + case RingBuf, Arena: + return false + + // Special-case perf events since they require a value size of either 0 or 4 + // for historical reasons. Let the library fix this up later. + case PerfEventArray: + return false + } + + return true +} + // ProgramType of the eBPF program type ProgramType uint32 @@ -214,6 +236,7 @@ const ( AttachSkReuseportSelectOrMigrate = AttachType(sys.BPF_SK_REUSEPORT_SELECT_OR_MIGRATE) AttachPerfEvent = AttachType(sys.BPF_PERF_EVENT) AttachTraceKprobeMulti = AttachType(sys.BPF_TRACE_KPROBE_MULTI) + AttachTraceKprobeSession = AttachType(sys.BPF_TRACE_KPROBE_SESSION) AttachLSMCgroup = AttachType(sys.BPF_LSM_CGROUP) AttachStructOps = AttachType(sys.BPF_STRUCT_OPS) AttachNetfilter = AttachType(sys.BPF_NETFILTER) @@ -263,10 +286,10 @@ func (lpo *LoadPinOptions) Marshal() uint32 { flags := lpo.Flags if lpo.ReadOnly { - flags |= unix.BPF_F_RDONLY + flags |= sys.BPF_F_RDONLY } if lpo.WriteOnly { - flags |= unix.BPF_F_WRONLY + flags |= sys.BPF_F_WRONLY } return flags } diff --git a/vendor/github.com/cilium/ebpf/types_string.go b/vendor/github.com/cilium/ebpf/types_string.go index ee60b5be5b6..f06685112c2 100644 --- a/vendor/github.com/cilium/ebpf/types_string.go +++ b/vendor/github.com/cilium/ebpf/types_string.go @@ -38,11 +38,15 @@ func _() { _ = x[RingBuf-27] _ = x[InodeStorage-28] _ = x[TaskStorage-29] + _ = x[BloomFilter-30] + _ = x[UserRingbuf-31] + _ = x[CgroupStorage-32] + _ = x[Arena-33] } -const _MapType_name = "UnspecifiedMapHashArrayProgramArrayPerfEventArrayPerCPUHashPerCPUArrayStackTraceCGroupArrayLRUHashLRUCPUHashLPMTrieArrayOfMapsHashOfMapsDevMapSockMapCPUMapXSKMapSockHashCGroupStorageReusePortSockArrayPerCPUCGroupStorageQueueStackSkStorageDevMapHashStructOpsMapRingBufInodeStorageTaskStorage" +const _MapType_name = "UnspecifiedMapHashArrayProgramArrayPerfEventArrayPerCPUHashPerCPUArrayStackTraceCGroupArrayLRUHashLRUCPUHashLPMTrieArrayOfMapsHashOfMapsDevMapSockMapCPUMapXSKMapSockHashCGroupStorageReusePortSockArrayPerCPUCGroupStorageQueueStackSkStorageDevMapHashStructOpsMapRingBufInodeStorageTaskStorageBloomFilterUserRingbufCgroupStorageArena" -var _MapType_index = [...]uint16{0, 14, 18, 23, 35, 49, 59, 70, 80, 91, 98, 108, 115, 126, 136, 142, 149, 155, 161, 169, 182, 200, 219, 224, 229, 238, 248, 260, 267, 279, 290} +var _MapType_index = [...]uint16{0, 14, 18, 23, 35, 49, 59, 70, 80, 91, 98, 108, 115, 126, 136, 142, 149, 155, 161, 169, 182, 200, 219, 224, 229, 238, 248, 260, 267, 279, 290, 301, 312, 325, 330} func (i MapType) String() string { if i >= MapType(len(_MapType_index)-1) { diff --git a/vendor/github.com/cilium/ebpf/variable.go b/vendor/github.com/cilium/ebpf/variable.go new file mode 100644 index 00000000000..288b173a115 --- /dev/null +++ b/vendor/github.com/cilium/ebpf/variable.go @@ -0,0 +1,230 @@ +package ebpf + +import ( + "fmt" + "io" + + "github.com/cilium/ebpf/btf" + "github.com/cilium/ebpf/internal/sysenc" +) + +// VariableSpec is a convenience wrapper for modifying global variables of a +// CollectionSpec before loading it into the kernel. +// +// All operations on a VariableSpec's underlying MapSpec are performed in the +// host's native endianness. +type VariableSpec struct { + name string + offset uint64 + size uint64 + + m *MapSpec + t *btf.Var +} + +// Set sets the value of the VariableSpec to the provided input using the host's +// native endianness. +func (s *VariableSpec) Set(in any) error { + buf, err := sysenc.Marshal(in, int(s.size)) + if err != nil { + return fmt.Errorf("marshaling value %s: %w", s.name, err) + } + + b, _, err := s.m.dataSection() + if err != nil { + return fmt.Errorf("getting data section of map %s: %w", s.m.Name, err) + } + + if int(s.offset+s.size) > len(b) { + return fmt.Errorf("offset %d(+%d) for variable %s is out of bounds", s.offset, s.size, s.name) + } + + // MapSpec.Copy() performs a shallow copy. Fully copy the byte slice + // to avoid any changes affecting other copies of the MapSpec. + cpy := make([]byte, len(b)) + copy(cpy, b) + + buf.CopyTo(cpy[s.offset : s.offset+s.size]) + + s.m.Contents[0] = MapKV{Key: uint32(0), Value: cpy} + + return nil +} + +// Get writes the value of the VariableSpec to the provided output using the +// host's native endianness. +func (s *VariableSpec) Get(out any) error { + b, _, err := s.m.dataSection() + if err != nil { + return fmt.Errorf("getting data section of map %s: %w", s.m.Name, err) + } + + if int(s.offset+s.size) > len(b) { + return fmt.Errorf("offset %d(+%d) for variable %s is out of bounds", s.offset, s.size, s.name) + } + + if err := sysenc.Unmarshal(out, b[s.offset:s.offset+s.size]); err != nil { + return fmt.Errorf("unmarshaling value: %w", err) + } + + return nil +} + +// Size returns the size of the variable in bytes. +func (s *VariableSpec) Size() uint64 { + return s.size +} + +// MapName returns the name of the underlying MapSpec. +func (s *VariableSpec) MapName() string { + return s.m.Name +} + +// Offset returns the offset of the variable in the underlying MapSpec. +func (s *VariableSpec) Offset() uint64 { + return s.offset +} + +// Constant returns true if the VariableSpec represents a variable that is +// read-only from the perspective of the BPF program. +func (s *VariableSpec) Constant() bool { + return s.m.readOnly() +} + +// Type returns the [btf.Var] representing the variable in its data section. +// This is useful for inspecting the variable's decl tags and the type +// information of the inner type. +// +// Returns nil if the original ELF object did not contain BTF information. +func (s *VariableSpec) Type() *btf.Var { + return s.t +} + +func (s *VariableSpec) String() string { + return fmt.Sprintf("%s (type=%v, map=%s, offset=%d, size=%d)", s.name, s.t, s.m.Name, s.offset, s.size) +} + +// copy returns a new VariableSpec with the same values as the original, +// but with a different underlying MapSpec. This is useful when copying a +// CollectionSpec. Returns nil if a MapSpec with the same name is not found. +func (s *VariableSpec) copy(cpy *CollectionSpec) *VariableSpec { + out := &VariableSpec{ + name: s.name, + offset: s.offset, + size: s.size, + } + if s.t != nil { + out.t = btf.Copy(s.t).(*btf.Var) + } + + // Attempt to find a MapSpec with the same name in the copied CollectionSpec. + for _, m := range cpy.Maps { + if m.Name == s.m.Name { + out.m = m + return out + } + } + + return nil +} + +// Variable is a convenience wrapper for modifying global variables of a +// Collection after loading it into the kernel. Operations on a Variable are +// performed using direct memory access, bypassing the BPF map syscall API. +// +// On kernels older than 5.5, most interactions with Variable return +// [ErrNotSupported]. +type Variable struct { + name string + offset uint64 + size uint64 + t *btf.Var + + mm *Memory +} + +func newVariable(name string, offset, size uint64, t *btf.Var, mm *Memory) (*Variable, error) { + if mm != nil { + if int(offset+size) > mm.Size() { + return nil, fmt.Errorf("offset %d(+%d) is out of bounds", offset, size) + } + } + + return &Variable{ + name: name, + offset: offset, + size: size, + t: t, + mm: mm, + }, nil +} + +// Size returns the size of the variable. +func (v *Variable) Size() uint64 { + return v.size +} + +// ReadOnly returns true if the Variable represents a variable that is read-only +// after loading the Collection into the kernel. +// +// On systems without BPF_F_MMAPABLE support, ReadOnly always returns true. +func (v *Variable) ReadOnly() bool { + if v.mm == nil { + return true + } + return v.mm.ReadOnly() +} + +// Type returns the [btf.Var] representing the variable in its data section. +// This is useful for inspecting the variable's decl tags and the type +// information of the inner type. +// +// Returns nil if the original ELF object did not contain BTF information. +func (v *Variable) Type() *btf.Var { + return v.t +} + +func (v *Variable) String() string { + return fmt.Sprintf("%s (type=%v)", v.name, v.t) +} + +// Set the value of the Variable to the provided input. The input must marshal +// to the same length as the size of the Variable. +func (v *Variable) Set(in any) error { + if v.mm == nil { + return fmt.Errorf("variable %s: direct access requires Linux 5.5 or later: %w", v.name, ErrNotSupported) + } + + if v.ReadOnly() { + return fmt.Errorf("variable %s: %w", v.name, ErrReadOnly) + } + + buf, err := sysenc.Marshal(in, int(v.size)) + if err != nil { + return fmt.Errorf("marshaling value %s: %w", v.name, err) + } + + if _, err := v.mm.WriteAt(buf.Bytes(), int64(v.offset)); err != nil { + return fmt.Errorf("writing value to %s: %w", v.name, err) + } + + return nil +} + +// Get writes the value of the Variable to the provided output. The output must +// be a pointer to a value whose size matches the Variable. +func (v *Variable) Get(out any) error { + if v.mm == nil { + return fmt.Errorf("variable %s: direct access requires Linux 5.5 or later: %w", v.name, ErrNotSupported) + } + + if !v.mm.bounds(v.offset, v.size) { + return fmt.Errorf("variable %s: access out of bounds: %w", v.name, io.EOF) + } + + if err := sysenc.Unmarshal(out, v.mm.b[v.offset:v.offset+v.size]); err != nil { + return fmt.Errorf("unmarshaling value %s: %w", v.name, err) + } + + return nil +} diff --git a/vendor/golang.org/x/exp/LICENSE b/vendor/golang.org/x/exp/LICENSE deleted file mode 100644 index 6a66aea5eaf..00000000000 --- a/vendor/golang.org/x/exp/LICENSE +++ /dev/null @@ -1,27 +0,0 @@ -Copyright (c) 2009 The Go Authors. All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are -met: - - * Redistributions of source code must retain the above copyright -notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above -copyright notice, this list of conditions and the following disclaimer -in the documentation and/or other materials provided with the -distribution. - * Neither the name of Google Inc. nor the names of its -contributors may be used to endorse or promote products derived from -this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/vendor/golang.org/x/exp/PATENTS b/vendor/golang.org/x/exp/PATENTS deleted file mode 100644 index 733099041f8..00000000000 --- a/vendor/golang.org/x/exp/PATENTS +++ /dev/null @@ -1,22 +0,0 @@ -Additional IP Rights Grant (Patents) - -"This implementation" means the copyrightable works distributed by -Google as part of the Go project. - -Google hereby grants to You a perpetual, worldwide, non-exclusive, -no-charge, royalty-free, irrevocable (except as stated in this section) -patent license to make, have made, use, offer to sell, sell, import, -transfer and otherwise run, modify and propagate the contents of this -implementation of Go, where such license applies only to those patent -claims, both currently owned or controlled by Google and acquired in -the future, licensable by Google that are necessarily infringed by this -implementation of Go. This grant does not include claims that would be -infringed only as a consequence of further modification of this -implementation. If you or your agent or exclusive licensee institute or -order or agree to the institution of patent litigation against any -entity (including a cross-claim or counterclaim in a lawsuit) alleging -that this implementation of Go or any code incorporated within this -implementation of Go constitutes direct or contributory patent -infringement, or inducement of patent infringement, then any patent -rights granted to you under this License for this implementation of Go -shall terminate as of the date such litigation is filed. diff --git a/vendor/golang.org/x/exp/constraints/constraints.go b/vendor/golang.org/x/exp/constraints/constraints.go deleted file mode 100644 index 2c033dff47e..00000000000 --- a/vendor/golang.org/x/exp/constraints/constraints.go +++ /dev/null @@ -1,50 +0,0 @@ -// Copyright 2021 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// Package constraints defines a set of useful constraints to be used -// with type parameters. -package constraints - -// Signed is a constraint that permits any signed integer type. -// If future releases of Go add new predeclared signed integer types, -// this constraint will be modified to include them. -type Signed interface { - ~int | ~int8 | ~int16 | ~int32 | ~int64 -} - -// Unsigned is a constraint that permits any unsigned integer type. -// If future releases of Go add new predeclared unsigned integer types, -// this constraint will be modified to include them. -type Unsigned interface { - ~uint | ~uint8 | ~uint16 | ~uint32 | ~uint64 | ~uintptr -} - -// Integer is a constraint that permits any integer type. -// If future releases of Go add new predeclared integer types, -// this constraint will be modified to include them. -type Integer interface { - Signed | Unsigned -} - -// Float is a constraint that permits any floating-point type. -// If future releases of Go add new predeclared floating-point types, -// this constraint will be modified to include them. -type Float interface { - ~float32 | ~float64 -} - -// Complex is a constraint that permits any complex numeric type. -// If future releases of Go add new predeclared complex numeric types, -// this constraint will be modified to include them. -type Complex interface { - ~complex64 | ~complex128 -} - -// Ordered is a constraint that permits any ordered type: any type -// that supports the operators < <= >= >. -// If future releases of Go add new ordered types, -// this constraint will be modified to include them. -type Ordered interface { - Integer | Float | ~string -} diff --git a/vendor/modules.txt b/vendor/modules.txt index 9b592007dc3..83e4c726fc1 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -2,16 +2,18 @@ ## explicit; go 1.16 github.com/checkpoint-restore/go-criu/v6 github.com/checkpoint-restore/go-criu/v6/rpc -# github.com/cilium/ebpf v0.16.0 -## explicit; go 1.21 +# github.com/cilium/ebpf v0.17.3 +## explicit; go 1.22 github.com/cilium/ebpf github.com/cilium/ebpf/asm github.com/cilium/ebpf/btf github.com/cilium/ebpf/internal github.com/cilium/ebpf/internal/kallsyms github.com/cilium/ebpf/internal/kconfig +github.com/cilium/ebpf/internal/linux github.com/cilium/ebpf/internal/sys github.com/cilium/ebpf/internal/sysenc +github.com/cilium/ebpf/internal/testutils/fdtrace github.com/cilium/ebpf/internal/tracefs github.com/cilium/ebpf/internal/unix github.com/cilium/ebpf/link @@ -78,9 +80,6 @@ github.com/vishvananda/netlink/nl # github.com/vishvananda/netns v0.0.4 ## explicit; go 1.17 github.com/vishvananda/netns -# golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2 -## explicit; go 1.18 -golang.org/x/exp/constraints # golang.org/x/net v0.35.0 ## explicit; go 1.18 golang.org/x/net/bpf From 42449786879cfb497d83d270723dac4112835990 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 13 Feb 2025 23:25:30 -0800 Subject: [PATCH 0836/1176] CI: gha: rm ubuntu-20.04 There is an announce that Ubuntu 20.04 will be removed in April, and in March there will be a few "brown-out" dates/times when it won't work. This leaves us with no other options than to remove ubuntu-20.04 from the testing matrix. As a result, cgroup v1 testing will only be done on AlmaLinux 8 running on CirrusCI. It is probably going to be sufficient for the time being (until we deprecate cgroup v1). If not, our options are - run Ubuntu 20.04 (or other cgroup v1 distro) in a VM on GHA; - switch to cirrus-ci. [1]: https://github.com/actions/runner-images/issues/11101 Signed-off-by: Kir Kolyshkin --- .github/workflows/test.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 620c77f2f52..255a1e2fe35 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -23,7 +23,7 @@ jobs: strategy: fail-fast: false matrix: - os: [ubuntu-20.04, ubuntu-24.04, actuated-arm64-6cpu-8gb] + os: [ubuntu-24.04, actuated-arm64-6cpu-8gb] go-version: [1.23.x, 1.24.x] rootless: ["rootless", ""] race: ["-race", ""] @@ -172,8 +172,6 @@ jobs: run: sudo -E PATH="$PATH" script -e -c 'make local${{ matrix.rootless }}integration' - name: integration test (systemd driver) - # Skip rootless+systemd for ubuntu 20.04 because of cgroup v1. - if: ${{ !(matrix.os == 'ubuntu-20.04' && matrix.rootless == 'rootless') }} run: | # Delegate all cgroup v2 controllers to rootless user via --systemd-cgroup. # The default (since systemd v252) is "pids memory cpu". From 7bebe68c7abc28f8973793f871c18a3dd7bd9dc4 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 12 Feb 2025 16:54:34 -0800 Subject: [PATCH 0837/1176] libct/cg: stop using utils.ProcThreadSelf We were using utils.ProcThreadSelf since commit 8e8b136c, which provides two things: 1. locking the OS tread; 2. fallback to /proc/self/task/$TID when /proc/thread-self is not available (kernel < 3.17). Now, (1) is not needed since we only call readlink and not perform any file data operation, and (2) is not needed here as this code is only running when openat2 syscall is available, meaning kernel >= v5.6. Also, check the error from readlink, so when it fails, we do not try to enhance the error message. Signed-off-by: Kir Kolyshkin --- libcontainer/cgroups/file.go | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/libcontainer/cgroups/file.go b/libcontainer/cgroups/file.go index f37375f4ddb..9d7f6d2e92d 100644 --- a/libcontainer/cgroups/file.go +++ b/libcontainer/cgroups/file.go @@ -171,10 +171,8 @@ func openFile(dir, file string, flags int) (*os.File, error) { // // TODO: if such usage will ever be common, amend this // to reopen cgroupRootHandle and retry openat2. - fdPath, closer := utils.ProcThreadSelf("fd/" + strconv.Itoa(int(cgroupRootHandle.Fd()))) - defer closer() - fdDest, _ := os.Readlink(fdPath) - if fdDest != cgroupfsDir { + fdDest, fdErr := os.Readlink("/proc/thread-self/fd/" + strconv.Itoa(int(cgroupRootHandle.Fd()))) + if fdErr == nil && fdDest != cgroupfsDir { // Wrap the error so it is clear that cgroupRootHandle // is opened to an unexpected/wrong directory. err = fmt.Errorf("cgroupRootHandle %d unexpectedly opened to %s != %s: %w", From 271aa88ed57a4be234df358f278bd7b1661e8ace Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 12 Feb 2025 23:21:09 -0800 Subject: [PATCH 0838/1176] libct/cg/fs2: rm _defaultDirPath The _defaultDirPath was only used for testing, and the test case is quite easy to adopt to defaultDirPath. Signed-off-by: Kir Kolyshkin --- libcontainer/cgroups/fs2/defaultpath.go | 20 ++++++-------------- libcontainer/cgroups/fs2/defaultpath_test.go | 8 +++++++- 2 files changed, 13 insertions(+), 15 deletions(-) diff --git a/libcontainer/cgroups/fs2/defaultpath.go b/libcontainer/cgroups/fs2/defaultpath.go index 6c44fd1972f..451f2e08d7f 100644 --- a/libcontainer/cgroups/fs2/defaultpath.go +++ b/libcontainer/cgroups/fs2/defaultpath.go @@ -19,7 +19,6 @@ package fs2 import ( "bufio" "errors" - "fmt" "io" "os" "path/filepath" @@ -33,26 +32,19 @@ const UnifiedMountpoint = "/sys/fs/cgroup" func defaultDirPath(c *cgroups.Cgroup) (string, error) { if (c.Name != "" || c.Parent != "") && c.Path != "" { - return "", fmt.Errorf("cgroup: either Path or Name and Parent should be used, got %+v", c) - } - - return _defaultDirPath(UnifiedMountpoint, c.Path, c.Parent, c.Name) -} - -func _defaultDirPath(root, cgPath, cgParent, cgName string) (string, error) { - if (cgName != "" || cgParent != "") && cgPath != "" { return "", errors.New("cgroup: either Path or Name and Parent should be used") } // XXX: Do not remove CleanPath. Path safety is important! -- cyphar - innerPath := utils.CleanPath(cgPath) + innerPath := utils.CleanPath(c.Path) if innerPath == "" { - cgParent := utils.CleanPath(cgParent) - cgName := utils.CleanPath(cgName) + cgParent := utils.CleanPath(c.Parent) + cgName := utils.CleanPath(c.Name) innerPath = filepath.Join(cgParent, cgName) } + if filepath.IsAbs(innerPath) { - return filepath.Join(root, innerPath), nil + return filepath.Join(UnifiedMountpoint, innerPath), nil } // we don't need to use /proc/thread-self here because runc always runs @@ -67,7 +59,7 @@ func _defaultDirPath(root, cgPath, cgParent, cgName string) (string, error) { // A parent cgroup (with no tasks in it) is what we need. ownCgroup = filepath.Dir(ownCgroup) - return filepath.Join(root, ownCgroup, innerPath), nil + return filepath.Join(UnifiedMountpoint, ownCgroup, innerPath), nil } // parseCgroupFile parses /proc/PID/cgroup file and return string diff --git a/libcontainer/cgroups/fs2/defaultpath_test.go b/libcontainer/cgroups/fs2/defaultpath_test.go index 30f1c622f09..6fcc19792b9 100644 --- a/libcontainer/cgroups/fs2/defaultpath_test.go +++ b/libcontainer/cgroups/fs2/defaultpath_test.go @@ -76,7 +76,13 @@ func TestDefaultDirPath(t *testing.T) { }, } for _, c := range cases { - got, err := _defaultDirPath(UnifiedMountpoint, c.cgPath, c.cgParent, c.cgName) + cg := &cgroups.Cgroup{ + Path: c.cgPath, + Parent: c.cgParent, + Name: c.cgName, + } + + got, err := defaultDirPath(cg) if err != nil { t.Fatal(err) } From 5e1dcdf564530598f986cdd3310354917fca9b02 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 13 Feb 2025 11:56:43 -0800 Subject: [PATCH 0839/1176] libct/cg: add internal/path.Inner The code which determines inner cgroup path from cgroup config is identical in fs and fs2 drivers, and it is using utils.CleanPath. In preparation to move libcontainer/cgroups to a separate repo, we have to get rid of libcontainer/utils dependency. So, - copy the utils.CleanPath implementation to internal/path; - consolidate the two innerPath implementations to internal/path. Signed-off-by: Kir Kolyshkin --- libcontainer/cgroups/fs/paths.go | 20 +-------- libcontainer/cgroups/fs/paths_test.go | 3 +- libcontainer/cgroups/fs2/defaultpath.go | 15 ++----- libcontainer/cgroups/internal/path/path.go | 52 ++++++++++++++++++++++ 4 files changed, 60 insertions(+), 30 deletions(-) create mode 100644 libcontainer/cgroups/internal/path/path.go diff --git a/libcontainer/cgroups/fs/paths.go b/libcontainer/cgroups/fs/paths.go index b8516865a86..59cd13d5cba 100644 --- a/libcontainer/cgroups/fs/paths.go +++ b/libcontainer/cgroups/fs/paths.go @@ -9,7 +9,7 @@ import ( "golang.org/x/sys/unix" "github.com/opencontainers/runc/libcontainer/cgroups" - "github.com/opencontainers/runc/libcontainer/utils" + "github.com/opencontainers/runc/libcontainer/cgroups/internal/path" ) // The absolute path to the root of the cgroup hierarchies. @@ -26,7 +26,7 @@ func initPaths(cg *cgroups.Cgroup) (map[string]string, error) { return nil, err } - inner, err := innerPath(cg) + inner, err := path.Inner(cg) if err != nil { return nil, err } @@ -135,22 +135,6 @@ func rootPath() (string, error) { return cgroupRoot, nil } -func innerPath(c *cgroups.Cgroup) (string, error) { - if (c.Name != "" || c.Parent != "") && c.Path != "" { - return "", errors.New("cgroup: either Path or Name and Parent should be used") - } - - // XXX: Do not remove CleanPath. Path safety is important! -- cyphar - innerPath := utils.CleanPath(c.Path) - if innerPath == "" { - cgParent := utils.CleanPath(c.Parent) - cgName := utils.CleanPath(c.Name) - innerPath = filepath.Join(cgParent, cgName) - } - - return innerPath, nil -} - func subsysPath(root, inner, subsystem string) (string, error) { // If the cgroup name/path is absolute do not look relative to the cgroup of the init process. if filepath.IsAbs(inner) { diff --git a/libcontainer/cgroups/fs/paths_test.go b/libcontainer/cgroups/fs/paths_test.go index 43dcfcbbb2b..692ff5e56a4 100644 --- a/libcontainer/cgroups/fs/paths_test.go +++ b/libcontainer/cgroups/fs/paths_test.go @@ -6,6 +6,7 @@ import ( "testing" "github.com/opencontainers/runc/libcontainer/cgroups" + "github.com/opencontainers/runc/libcontainer/cgroups/internal/path" ) func TestInvalidCgroupPath(t *testing.T) { @@ -66,7 +67,7 @@ func TestInvalidCgroupPath(t *testing.T) { t.Run(tc.test, func(t *testing.T) { config := &cgroups.Cgroup{Path: tc.path, Name: tc.name, Parent: tc.parent} - inner, err := innerPath(config) + inner, err := path.Inner(config) if err != nil { t.Fatalf("couldn't get cgroup data: %v", err) } diff --git a/libcontainer/cgroups/fs2/defaultpath.go b/libcontainer/cgroups/fs2/defaultpath.go index 451f2e08d7f..6a08cceaf4b 100644 --- a/libcontainer/cgroups/fs2/defaultpath.go +++ b/libcontainer/cgroups/fs2/defaultpath.go @@ -25,22 +25,15 @@ import ( "strings" "github.com/opencontainers/runc/libcontainer/cgroups" - "github.com/opencontainers/runc/libcontainer/utils" + "github.com/opencontainers/runc/libcontainer/cgroups/internal/path" ) const UnifiedMountpoint = "/sys/fs/cgroup" func defaultDirPath(c *cgroups.Cgroup) (string, error) { - if (c.Name != "" || c.Parent != "") && c.Path != "" { - return "", errors.New("cgroup: either Path or Name and Parent should be used") - } - - // XXX: Do not remove CleanPath. Path safety is important! -- cyphar - innerPath := utils.CleanPath(c.Path) - if innerPath == "" { - cgParent := utils.CleanPath(c.Parent) - cgName := utils.CleanPath(c.Name) - innerPath = filepath.Join(cgParent, cgName) + innerPath, err := path.Inner(c) + if err != nil { + return "", err } if filepath.IsAbs(innerPath) { diff --git a/libcontainer/cgroups/internal/path/path.go b/libcontainer/cgroups/internal/path/path.go new file mode 100644 index 00000000000..94e4917915f --- /dev/null +++ b/libcontainer/cgroups/internal/path/path.go @@ -0,0 +1,52 @@ +package path + +import ( + "errors" + "os" + "path/filepath" + + "github.com/opencontainers/runc/libcontainer/cgroups" +) + +// Inner returns a path to cgroup relative to a cgroup mount point, based +// on cgroup configuration, or an error, if cgroup configuration is invalid. +// To be used only by fs cgroup managers (systemd has different path rules). +func Inner(c *cgroups.Cgroup) (string, error) { + if (c.Name != "" || c.Parent != "") && c.Path != "" { + return "", errors.New("cgroup: either Path or Name and Parent should be used") + } + + // XXX: Do not remove cleanPath. Path safety is important! -- cyphar + innerPath := cleanPath(c.Path) + if innerPath == "" { + cgParent := cleanPath(c.Parent) + cgName := cleanPath(c.Name) + innerPath = filepath.Join(cgParent, cgName) + } + + return innerPath, nil +} + +// cleanPath is a copy of github.com/opencontainers/runc/libcontainer/utils.CleanPath. +func cleanPath(path string) string { + // Deal with empty strings nicely. + if path == "" { + return "" + } + + // Ensure that all paths are cleaned (especially problematic ones like + // "/../../../../../" which can cause lots of issues). + + if filepath.IsAbs(path) { + return filepath.Clean(path) + } + + // If the path isn't absolute, we need to do more processing to fix paths + // such as "../../../..//some/path". We also shouldn't convert absolute + // paths to relative ones. + path = filepath.Clean(string(os.PathSeparator) + path) + // This can't fail, as (by definition) all paths are relative to root. + path, _ = filepath.Rel(string(os.PathSeparator), path) + + return path +} From 69792827b4e80c2d8a6baf3a47fdbc24a8258bc0 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 13 Feb 2025 12:00:26 -0800 Subject: [PATCH 0840/1176] libct/cg: don't use utils.CleanPath Instead, we can just do filepath.Clean("/"+path) here. While at it, add a comment telling why this is needed and important. Signed-off-by: Kir Kolyshkin --- libcontainer/cgroups/file.go | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/libcontainer/cgroups/file.go b/libcontainer/cgroups/file.go index 9d7f6d2e92d..c1b8f5c15f8 100644 --- a/libcontainer/cgroups/file.go +++ b/libcontainer/cgroups/file.go @@ -5,12 +5,11 @@ import ( "errors" "fmt" "os" - "path" + "path/filepath" "strconv" "strings" "sync" - "github.com/opencontainers/runc/libcontainer/utils" "github.com/sirupsen/logrus" "golang.org/x/sys/unix" ) @@ -147,7 +146,10 @@ func openFile(dir, file string, flags int) (*os.File, error) { flags |= os.O_TRUNC | os.O_CREATE mode = 0o600 } - path := path.Join(dir, utils.CleanPath(file)) + // NOTE it is important to use filepath.Clean("/"+file) here + // (see https://github.com/opencontainers/runc/issues/4103)! + path := filepath.Join(dir, filepath.Clean("/"+file)) + if prepareOpenat2() != nil { return openFallback(path, flags, mode) } From 4e0f7a203d608470eeae9dfd21277a8a94bb7c29 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 13 Feb 2025 16:16:50 -0800 Subject: [PATCH 0841/1176] libct/cg/dev: remove specconv dependency This was needed for a test case only, but we can easily copy the data needed. The alternatives are: - keep things as is (and have cgroups depend on runc/libcontainer/specconv); - remove this test case; - move AllowedDevices to cgroups/devices/config. Signed-off-by: Kir Kolyshkin --- .../cgroups/devices/devicefilter_test.go | 87 +++++++++++++++++-- 1 file changed, 82 insertions(+), 5 deletions(-) diff --git a/libcontainer/cgroups/devices/devicefilter_test.go b/libcontainer/cgroups/devices/devicefilter_test.go index 197039a7c8e..912e8d8cdb4 100644 --- a/libcontainer/cgroups/devices/devicefilter_test.go +++ b/libcontainer/cgroups/devices/devicefilter_test.go @@ -5,7 +5,6 @@ import ( "testing" devices "github.com/opencontainers/runc/libcontainer/cgroups/devices/config" - "github.com/opencontainers/runc/libcontainer/specconv" ) func hash(s, comm string) string { @@ -53,6 +52,88 @@ block-0: } func TestDeviceFilter_BuiltInAllowList(t *testing.T) { + // This is a copy of all rules from + // github.com/opencontainers/runc/libcontainer/specconv.AllowedDevices. + devices := []*devices.Rule{ + { + Type: devices.CharDevice, + Major: devices.Wildcard, + Minor: devices.Wildcard, + Permissions: "m", + Allow: true, + }, + { + Type: devices.BlockDevice, + Major: devices.Wildcard, + Minor: devices.Wildcard, + Permissions: "m", + Allow: true, + }, + { + Type: devices.CharDevice, + Major: 1, + Minor: 3, + Permissions: "rwm", + Allow: true, + }, + { + Type: devices.CharDevice, + Major: 1, + Minor: 8, + Permissions: "rwm", + Allow: true, + }, + { + Type: devices.CharDevice, + Major: 1, + Minor: 7, + Permissions: "rwm", + Allow: true, + }, + { + Type: devices.CharDevice, + Major: 5, + Minor: 0, + Permissions: "rwm", + Allow: true, + }, + { + Type: devices.CharDevice, + Major: 1, + Minor: 5, + Permissions: "rwm", + Allow: true, + }, + { + Type: devices.CharDevice, + Major: 1, + Minor: 9, + Permissions: "rwm", + Allow: true, + }, + { + Type: devices.CharDevice, + Major: 136, + Minor: devices.Wildcard, + Permissions: "rwm", + Allow: true, + }, + { + Type: devices.CharDevice, + Major: 5, + Minor: 2, + Permissions: "rwm", + Allow: true, + }, + { + Type: devices.CharDevice, + Major: 10, + Minor: 200, + Permissions: "rwm", + Allow: true, + }, + } + expected := ` // load parameters into registers 0: LdXMemW dst: r2 src: r1 off: 0 imm: 0 @@ -136,10 +217,6 @@ block-11: 62: MovImm32 dst: r0 imm: 0 63: Exit ` - var devices []*devices.Rule - for _, device := range specconv.AllowedDevices { - devices = append(devices, &device.Rule) - } testDeviceFilter(t, devices, expected) } From 28475f12e3eeebdf5923bcf7e41bd25a80ea3af7 Mon Sep 17 00:00:00 2001 From: Evan Phoenix Date: Thu, 20 Feb 2025 12:52:55 -0800 Subject: [PATCH 0842/1176] Retry direct unix package calls if observing EINTR Retry Recvfrom, Sendmsg, Readmsg, and Read as they can return EINTR. Signed-off-by: Evan Phoenix --- libcontainer/notify_v2_linux.go | 5 +++++ libcontainer/sync_unix.go | 15 +++++++++++++-- libcontainer/utils/cmsg.go | 22 +++++++++++++++++++--- 3 files changed, 37 insertions(+), 5 deletions(-) diff --git a/libcontainer/notify_v2_linux.go b/libcontainer/notify_v2_linux.go index 821536c8da0..8d15833ab43 100644 --- a/libcontainer/notify_v2_linux.go +++ b/libcontainer/notify_v2_linux.go @@ -2,6 +2,7 @@ package libcontainer import ( "fmt" + "os" "path/filepath" "unsafe" @@ -40,7 +41,11 @@ func registerMemoryEventV2(cgDir, evName, cgEvName string) (<-chan struct{}, err for { n, err := unix.Read(fd, buffer[:]) + if err == unix.EINTR { //nolint:errorlint // unix errors are bare + continue + } if err != nil { + err = os.NewSyscallError("read", err) logrus.Warnf("unable to read event data from inotify, got error: %v", err) return } diff --git a/libcontainer/sync_unix.go b/libcontainer/sync_unix.go index c5d8f55ec95..69c0228dbe1 100644 --- a/libcontainer/sync_unix.go +++ b/libcontainer/sync_unix.go @@ -42,9 +42,20 @@ func (s *syncSocket) WritePacket(b []byte) (int, error) { } func (s *syncSocket) ReadPacket() ([]byte, error) { - size, _, err := unix.Recvfrom(int(s.f.Fd()), nil, unix.MSG_TRUNC|unix.MSG_PEEK) + var ( + size int + err error + ) + + for { + size, _, err = unix.Recvfrom(int(s.f.Fd()), nil, unix.MSG_TRUNC|unix.MSG_PEEK) + if err != unix.EINTR { //nolint:errorlint // unix errors are bare + break + } + } + if err != nil { - return nil, fmt.Errorf("fetch packet length from socket: %w", err) + return nil, fmt.Errorf("fetch packet length from socket: %w", os.NewSyscallError("recvfrom", err)) } // We will only get a zero size if the socket has been closed from the // other end (otherwise recvfrom(2) will block until a packet is ready). In diff --git a/libcontainer/utils/cmsg.go b/libcontainer/utils/cmsg.go index 2edd1417af3..3aca5bdaccd 100644 --- a/libcontainer/utils/cmsg.go +++ b/libcontainer/utils/cmsg.go @@ -42,9 +42,20 @@ func RecvFile(socket *os.File) (_ *os.File, Err error) { oob := make([]byte, oobSpace) sockfd := socket.Fd() - n, oobn, _, _, err := unix.Recvmsg(int(sockfd), name, oob, unix.MSG_CMSG_CLOEXEC) + var ( + n, oobn int + err error + ) + + for { + n, oobn, _, _, err = unix.Recvmsg(int(sockfd), name, oob, unix.MSG_CMSG_CLOEXEC) + if err != unix.EINTR { //nolint:errorlint // unix errors are bare + break + } + } + if err != nil { - return nil, err + return nil, os.NewSyscallError("recvmsg", err) } if n >= MaxNameLen || oobn != oobSpace { return nil, fmt.Errorf("recvfile: incorrect number of bytes read (n=%d oobn=%d)", n, oobn) @@ -115,5 +126,10 @@ func SendFile(socket *os.File, file *os.File) error { // SendRawFd sends a specific file descriptor over the given AF_UNIX socket. func SendRawFd(socket *os.File, msg string, fd uintptr) error { oob := unix.UnixRights(int(fd)) - return unix.Sendmsg(int(socket.Fd()), []byte(msg), oob, nil, 0) + for { + err := unix.Sendmsg(int(socket.Fd()), []byte(msg), oob, nil, 0) + if err != unix.EINTR { //nolint:errorlint // unix errors are bare + return os.NewSyscallError("sendmsg", err) + } + } } From 74619689ae087869f2e1550124fc553c135f2cb7 Mon Sep 17 00:00:00 2001 From: lfbzhm Date: Wed, 19 Feb 2025 15:37:19 +0000 Subject: [PATCH 0843/1176] test: exec into a container with private time ns Signed-off-by: lifubang --- tests/integration/timens.bats | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/tests/integration/timens.bats b/tests/integration/timens.bats index fb33e2b2783..10f3fc057d8 100644 --- a/tests/integration/timens.bats +++ b/tests/integration/timens.bats @@ -54,6 +54,26 @@ function teardown() { grep -E '^boottime\s+1337\s+3141519$' <<<"$output" } +# https://github.com/opencontainers/runc/issues/4635 +@test "runc exec [simple timens]" { + requires timens + + update_config '.process.args = ["sleep", "inf"]' + update_config '.linux.namespaces += [{"type": "time"}] + | .linux.timeOffsets = { + "monotonic": { "secs": 7881, "nanosecs": 2718281 }, + "boottime": { "secs": 1337, "nanosecs": 3141519 } + }' + + runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox + [ "$status" -eq 0 ] + + runc exec test_busybox cat /proc/self/timens_offsets + [ "$status" -eq 0 ] + grep -E '^monotonic\s+7881\s+2718281$' <<<"$output" + grep -E '^boottime\s+1337\s+3141519$' <<<"$output" +} + @test "runc run [simple timens + userns]" { requires root requires timens From ad09197e41ecf754ed89cdfc6557948561c3523f Mon Sep 17 00:00:00 2001 From: lifubang Date: Sat, 22 Feb 2025 16:40:18 +0000 Subject: [PATCH 0844/1176] libct: don't send config to nsexec when joining an existing timens We should configure the process's timens offset only when we need to create new time namespace, we shouldn't do it if we are joining an existing time namespace. (#4635) Signed-off-by: lifubang --- libcontainer/container_linux.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index 54a0eaafe06..e913fef0b2b 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -1146,8 +1146,9 @@ func (c *Container) bootstrapData(cloneFlags uintptr, nsMaps map[configs.Namespa Value: c.config.RootlessEUID, }) - // write boottime and monotonic time ns offsets. - if c.config.TimeOffsets != nil { + // write boottime and monotonic time ns offsets only when we are not joining an existing time ns + _, joinExistingTime := nsMaps[configs.NEWTIME] + if !joinExistingTime && c.config.TimeOffsets != nil { var offsetSpec bytes.Buffer for clock, offset := range c.config.TimeOffsets { fmt.Fprintf(&offsetSpec, "%s %d %d\n", clock, offset.Secs, offset.Nanosecs) From 559bd4ebdf56258cd10e241c205d6c9f6fea3f8e Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Tue, 25 Feb 2025 13:46:05 +1100 Subject: [PATCH 0845/1176] libcontainer: rename dmz -> exeseal The "dmz" name was originally used because the libcontainer/dmz package housed the runc-dmz binary, but since we removed it in commit 871057d863e8 ("drop runc-dmz solution according to overlay solution") the name is an anachronism and we should just give it a more self-explanatory name. So, call it libcontainer/exeseal because the purpose of the package is to provide tools to seal /proc/self/exe against attackers. Signed-off-by: Aleksa Sarai --- contrib/cmd/memfd-bind/memfd-bind.go | 8 ++++---- libcontainer/container_linux.go | 8 ++++---- libcontainer/{dmz => exeseal}/cloned_binary_linux.go | 4 ++-- libcontainer/{dmz => exeseal}/overlayfs_linux.go | 2 +- libcontainer/process.go | 2 +- tests/integration/run.bats | 4 ++-- 6 files changed, 14 insertions(+), 14 deletions(-) rename libcontainer/{dmz => exeseal}/cloned_binary_linux.go (98%) rename libcontainer/{dmz => exeseal}/overlayfs_linux.go (99%) diff --git a/contrib/cmd/memfd-bind/memfd-bind.go b/contrib/cmd/memfd-bind/memfd-bind.go index e73739f0c4d..c01aad74241 100644 --- a/contrib/cmd/memfd-bind/memfd-bind.go +++ b/contrib/cmd/memfd-bind/memfd-bind.go @@ -27,7 +27,7 @@ import ( "strings" "time" - "github.com/opencontainers/runc/libcontainer/dmz" + "github.com/opencontainers/runc/libcontainer/exeseal" "github.com/sirupsen/logrus" "github.com/urfave/cli" @@ -101,7 +101,7 @@ func cleanup(path string) error { return nil } -// memfdClone is a memfd-only implementation of dmz.CloneBinary. +// memfdClone is a memfd-only implementation of exeseal.CloneBinary. func memfdClone(path string) (*os.File, error) { binFile, err := os.Open(path) if err != nil { @@ -113,7 +113,7 @@ func memfdClone(path string) (*os.File, error) { return nil, fmt.Errorf("checking %s size: %w", path, err) } size := stat.Size() - memfd, sealFn, err := dmz.Memfd("/proc/self/exe") + memfd, sealFn, err := exeseal.Memfd("/proc/self/exe") if err != nil { return nil, fmt.Errorf("creating memfd failed: %w", err) } @@ -126,7 +126,7 @@ func memfdClone(path string) (*os.File, error) { if err := sealFn(&memfd); err != nil { return nil, fmt.Errorf("could not seal fd: %w", err) } - if !dmz.IsCloned(memfd) { + if !exeseal.IsCloned(memfd) { return nil, fmt.Errorf("cloned memfd is not properly sealed") } return memfd, nil diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index 54a0eaafe06..95fd86bf86c 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -22,7 +22,7 @@ import ( "github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/configs" - "github.com/opencontainers/runc/libcontainer/dmz" + "github.com/opencontainers/runc/libcontainer/exeseal" "github.com/opencontainers/runc/libcontainer/intelrdt" "github.com/opencontainers/runc/libcontainer/system" "github.com/opencontainers/runc/libcontainer/utils" @@ -496,7 +496,7 @@ func (c *Container) newParentProcess(p *Process) (parentProcess, error) { exePath string safeExe *os.File ) - if dmz.IsSelfExeCloned() { + if exeseal.IsSelfExeCloned() { // /proc/self/exe is already a cloned binary -- no need to do anything logrus.Debug("skipping binary cloning -- /proc/self/exe is already cloned!") // We don't need to use /proc/thread-self here because the exe mm of a @@ -505,13 +505,13 @@ func (c *Container) newParentProcess(p *Process) (parentProcess, error) { exePath = "/proc/self/exe" } else { var err error - safeExe, err = dmz.CloneSelfExe(c.stateDir) + safeExe, err = exeseal.CloneSelfExe(c.stateDir) if err != nil { return nil, fmt.Errorf("unable to create safe /proc/self/exe clone for runc init: %w", err) } exePath = "/proc/self/fd/" + strconv.Itoa(int(safeExe.Fd())) p.clonedExes = append(p.clonedExes, safeExe) - logrus.Debug("runc-dmz: using /proc/self/exe clone") // used for tests + logrus.Debug("runc exeseal: using /proc/self/exe clone") // used for tests } cmd := exec.Command(exePath, "init") diff --git a/libcontainer/dmz/cloned_binary_linux.go b/libcontainer/exeseal/cloned_binary_linux.go similarity index 98% rename from libcontainer/dmz/cloned_binary_linux.go rename to libcontainer/exeseal/cloned_binary_linux.go index 1c034e4e6e5..0c8231ee8e7 100644 --- a/libcontainer/dmz/cloned_binary_linux.go +++ b/libcontainer/exeseal/cloned_binary_linux.go @@ -1,4 +1,4 @@ -package dmz +package exeseal import ( "errors" @@ -224,7 +224,7 @@ func CloneSelfExe(tmpDir string) (*os.File, error) { // around ~60% overhead during container startup. overlayFile, err := sealedOverlayfs("/proc/self/exe", tmpDir) if err == nil { - logrus.Debug("runc-dmz: using overlayfs for sealed /proc/self/exe") // used for tests + logrus.Debug("runc exeseal: using overlayfs for sealed /proc/self/exe") // used for tests return overlayFile, nil } logrus.WithError(err).Debugf("could not use overlayfs for /proc/self/exe sealing -- falling back to making a temporary copy") diff --git a/libcontainer/dmz/overlayfs_linux.go b/libcontainer/exeseal/overlayfs_linux.go similarity index 99% rename from libcontainer/dmz/overlayfs_linux.go rename to libcontainer/exeseal/overlayfs_linux.go index b81b7025895..f585566b6d9 100644 --- a/libcontainer/dmz/overlayfs_linux.go +++ b/libcontainer/exeseal/overlayfs_linux.go @@ -1,4 +1,4 @@ -package dmz +package exeseal import ( "fmt" diff --git a/libcontainer/process.go b/libcontainer/process.go index 0e24c548ed8..73cdac9c7bc 100644 --- a/libcontainer/process.go +++ b/libcontainer/process.go @@ -52,7 +52,7 @@ type Process struct { // ExtraFiles specifies additional open files to be inherited by the process. ExtraFiles []*os.File - // Open handles to cloned binaries -- see dmz.CloneSelfExe for more details. + // Open handles to cloned binaries -- see exeseal.CloneSelfExe for more details. clonedExes []*os.File // Initial size for the console. diff --git a/tests/integration/run.bats b/tests/integration/run.bats index c6e30709402..8a96d55c276 100644 --- a/tests/integration/run.bats +++ b/tests/integration/run.bats @@ -131,10 +131,10 @@ function teardown() { runc --debug run test_hello [ "$status" -eq 0 ] [[ "$output" = *"Hello World"* ]] - [[ "$output" = *"runc-dmz: using /proc/self/exe clone"* ]] + [[ "$output" = *"runc exeseal: using /proc/self/exe clone"* ]] # runc will use fsopen("overlay") if it can. if can_fsopen overlay; then - [[ "$output" = *"runc-dmz: using overlayfs for sealed /proc/self/exe"* ]] + [[ "$output" = *"runc exeseal: using overlayfs for sealed /proc/self/exe"* ]] fi } From 1d047e44ed56735e9d678c59f930cee7f40facb7 Mon Sep 17 00:00:00 2001 From: Daniel Levi-Minzi Date: Fri, 21 Feb 2025 21:14:19 -0500 Subject: [PATCH 0846/1176] expose criu options for link remap and skip in flight Signed-off-by: Daniel Levi-Minzi --- checkpoint.go | 4 ++++ contrib/completions/bash/runc | 2 ++ libcontainer/criu_linux.go | 2 ++ libcontainer/criu_opts_linux.go | 2 ++ man/runc-checkpoint.8.md | 8 ++++++++ 5 files changed, 18 insertions(+) diff --git a/checkpoint.go b/checkpoint.go index ffc26a5f313..afd515abd43 100644 --- a/checkpoint.go +++ b/checkpoint.go @@ -31,6 +31,8 @@ checkpointed.`, cli.StringFlag{Name: "parent-path", Value: "", Usage: "path for previous criu image files in pre-dump"}, cli.BoolFlag{Name: "leave-running", Usage: "leave the process running after checkpointing"}, cli.BoolFlag{Name: "tcp-established", Usage: "allow open tcp connections"}, + cli.BoolFlag{Name: "tcp-skip-in-flight", Usage: "skip in-flight tcp connections"}, + cli.BoolFlag{Name: "link-remap", Usage: "allow one to link unlinked files back when possible"}, cli.BoolFlag{Name: "ext-unix-sk", Usage: "allow external unix sockets"}, cli.BoolFlag{Name: "shell-job", Usage: "allow shell jobs"}, cli.BoolFlag{Name: "lazy-pages", Usage: "use userfaultfd to lazily restore memory pages"}, @@ -122,6 +124,8 @@ func criuOptions(context *cli.Context) (*libcontainer.CriuOpts, error) { ParentImage: parentPath, LeaveRunning: context.Bool("leave-running"), TcpEstablished: context.Bool("tcp-established"), + TcpSkipInFlight: context.Bool("tcp-skip-in-flight"), + LinkRemap: context.Bool("link-remap"), ExternalUnixConnections: context.Bool("ext-unix-sk"), ShellJob: context.Bool("shell-job"), FileLocks: context.Bool("file-locks"), diff --git a/contrib/completions/bash/runc b/contrib/completions/bash/runc index 353c8ffdbbd..38945bf07d4 100644 --- a/contrib/completions/bash/runc +++ b/contrib/completions/bash/runc @@ -507,6 +507,8 @@ _runc_checkpoint() { -h --leave-running --tcp-established + --tcp-skip-in-flight + --link-remap --ext-unix-sk --shell-job --lazy-pages diff --git a/libcontainer/criu_linux.go b/libcontainer/criu_linux.go index ed08f5f40ed..4d2fa0569f8 100644 --- a/libcontainer/criu_linux.go +++ b/libcontainer/criu_linux.go @@ -327,6 +327,8 @@ func (c *Container) Checkpoint(criuOpts *CriuOpts) error { ShellJob: proto.Bool(criuOpts.ShellJob), LeaveRunning: proto.Bool(criuOpts.LeaveRunning), TcpEstablished: proto.Bool(criuOpts.TcpEstablished), + TcpSkipInFlight: proto.Bool(criuOpts.TcpSkipInFlight), + LinkRemap: proto.Bool(criuOpts.LinkRemap), ExtUnixSk: proto.Bool(criuOpts.ExternalUnixConnections), FileLocks: proto.Bool(criuOpts.FileLocks), EmptyNs: proto.Uint32(criuOpts.EmptyNs), diff --git a/libcontainer/criu_opts_linux.go b/libcontainer/criu_opts_linux.go index f26df7d8da7..67e5e3967ce 100644 --- a/libcontainer/criu_opts_linux.go +++ b/libcontainer/criu_opts_linux.go @@ -16,6 +16,8 @@ type CriuOpts struct { ParentImage string // directory for storing parent image files in pre-dump and dump LeaveRunning bool // leave container in running state after checkpoint TcpEstablished bool // checkpoint/restore established TCP connections + TcpSkipInFlight bool // skip in-flight TCP connections + LinkRemap bool // allow one to link unlinked files back when possible ExternalUnixConnections bool // allow external unix connections ShellJob bool // allow to dump and restore shell jobs FileLocks bool // handle file locks, for safety diff --git a/man/runc-checkpoint.8.md b/man/runc-checkpoint.8.md index a7dad29d3b3..78da7578fc8 100644 --- a/man/runc-checkpoint.8.md +++ b/man/runc-checkpoint.8.md @@ -28,6 +28,14 @@ image files directory. : Allow checkpoint/restore of established TCP connections. See [criu --tcp-establised option](https://criu.org/CLI/opt/--tcp-established). +**--tcp-skip-in-flight** +: Skip in-flight TCP connections. See +[criu --skip-in-flight option](https://criu.org/CLI/opt/--skip-in-flight). + +**--link-remap** +: Allow one to link unlinked files back when possible. See +[criu --link-remap option](https://criu.org/CLI/opt/--link-remap). + **--ext-unix-sk** : Allow checkpoint/restore of external unix sockets. See [criu --ext-unix-sk option](https://criu.org/CLI/opt/--ext-unix-sk). From c43ea7d629daf737c5d66b5d8f8ae5e163fe9e4b Mon Sep 17 00:00:00 2001 From: Tomasz Duda Date: Mon, 24 Feb 2025 23:53:01 +0100 Subject: [PATCH 0847/1176] exeseal: do not use F_SEAL_FUTURE_WRITE Prior to kernel Linux 5.5, F_SEAL_FUTURE_WRITE has a bug which maps memory as shared between processes even if it is set as private. See kernel commit 05d351102dbe ("mm, memfd: fix COW issue on MAP_PRIVATE and F_SEAL_FUTURE_WRITE mappings") for more details. According to the fcntl(2) man pages, F_SEAL_WRITE is enough: > Furthermore, trying to create new shared, writable memory-mappings via > mmap(2) will also fail with EPERM. > > Using the F_ADD_SEALS operation to set the F_SEAL_WRITE seal fails > with EBUSY if any writable, shared mapping exists. Such mappings must > be unmapped before you can add this seal. F_SEAL_FUTURE_WRITE only makes sense if a read-write shared mapping in one process should be read-only in another process. This is not case for runc, especially not for the /proc/self/exe we are protecting. Signed-off-by: Tomasz Duda (cyphar: improve the comment regarding F_SEAL_FUTURE_WRITE) (cyphar: improve commit message) Signed-off-by: Aleksa Sarai --- libcontainer/exeseal/cloned_binary_linux.go | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/libcontainer/exeseal/cloned_binary_linux.go b/libcontainer/exeseal/cloned_binary_linux.go index 0c8231ee8e7..3bafc96a613 100644 --- a/libcontainer/exeseal/cloned_binary_linux.go +++ b/libcontainer/exeseal/cloned_binary_linux.go @@ -47,11 +47,15 @@ func sealMemfd(f **os.File) error { // errors because they are not needed and we want to continue // to work on older kernels. fd := (*f).Fd() - // F_SEAL_FUTURE_WRITE -- Linux 5.1 - _, _ = unix.FcntlInt(fd, unix.F_ADD_SEALS, unix.F_SEAL_FUTURE_WRITE) + + // Skip F_SEAL_FUTURE_WRITE, it is not needed because we alreadu use the + // stronger F_SEAL_WRITE (and is buggy on Linux <5.5 -- see kernel commit + // 05d351102dbe and ). + // F_SEAL_EXEC -- Linux 6.3 const F_SEAL_EXEC = 0x20 //nolint:revive // this matches the unix.* name _, _ = unix.FcntlInt(fd, unix.F_ADD_SEALS, F_SEAL_EXEC) + // Apply all original memfd seals. _, err := unix.FcntlInt(fd, unix.F_ADD_SEALS, baseMemfdSeals) return os.NewSyscallError("fcntl(F_ADD_SEALS)", err) From 537a2276bb6e231cc9de4016fd314cc3956323ca Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 28 Feb 2025 04:52:38 +0000 Subject: [PATCH 0848/1176] build(deps): bump github.com/opencontainers/runtime-spec Bumps [github.com/opencontainers/runtime-spec](https://github.com/opencontainers/runtime-spec) from 1.2.0 to 1.2.1. - [Release notes](https://github.com/opencontainers/runtime-spec/releases) - [Changelog](https://github.com/opencontainers/runtime-spec/blob/main/ChangeLog) - [Commits](https://github.com/opencontainers/runtime-spec/compare/v1.2.0...v1.2.1) --- updated-dependencies: - dependency-name: github.com/opencontainers/runtime-spec dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 +- .../runtime-spec/specs-go/config.go | 68 +++++++++++++------ .../runtime-spec/specs-go/version.go | 2 +- vendor/modules.txt | 2 +- 5 files changed, 53 insertions(+), 25 deletions(-) diff --git a/go.mod b/go.mod index 8281bde6cc8..e14d042e4c8 100644 --- a/go.mod +++ b/go.mod @@ -15,7 +15,7 @@ require ( github.com/moby/sys/user v0.3.0 github.com/moby/sys/userns v0.1.0 github.com/mrunalp/fileutils v0.5.1 - github.com/opencontainers/runtime-spec v1.2.0 + github.com/opencontainers/runtime-spec v1.2.1 github.com/opencontainers/selinux v1.11.1 github.com/seccomp/libseccomp-golang v0.10.0 github.com/sirupsen/logrus v1.9.3 diff --git a/go.sum b/go.sum index a525a61a579..c3bcace2761 100644 --- a/go.sum +++ b/go.sum @@ -49,8 +49,8 @@ github.com/moby/sys/userns v0.1.0 h1:tVLXkFOxVu9A64/yh59slHVv9ahO9UIev4JZusOLG/g github.com/moby/sys/userns v0.1.0/go.mod h1:IHUYgu/kao6N8YZlp9Cf444ySSvCmDlmzUcYfDHOl28= github.com/mrunalp/fileutils v0.5.1 h1:F+S7ZlNKnrwHfSwdlgNSkKo67ReVf8o9fel6C3dkm/Q= github.com/mrunalp/fileutils v0.5.1/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ= -github.com/opencontainers/runtime-spec v1.2.0 h1:z97+pHb3uELt/yiAWD691HNHQIF07bE7dzrbT927iTk= -github.com/opencontainers/runtime-spec v1.2.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= +github.com/opencontainers/runtime-spec v1.2.1 h1:S4k4ryNgEpxW1dzyqffOmhI1BHYcjzU8lpJfSlR0xww= +github.com/opencontainers/runtime-spec v1.2.1/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/selinux v1.11.1 h1:nHFvthhM0qY8/m+vfhJylliSshm8G1jJ2jDMcgULaH8= github.com/opencontainers/selinux v1.11.1/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M586T4DlDRYpFkyec= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= diff --git a/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go b/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go index d1236ba7213..1aa0693b57d 100644 --- a/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go +++ b/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go @@ -83,7 +83,7 @@ type Process struct { // Rlimits specifies rlimit options to apply to the process. Rlimits []POSIXRlimit `json:"rlimits,omitempty" platform:"linux,solaris,zos"` // NoNewPrivileges controls whether additional privileges could be gained by processes in the container. - NoNewPrivileges bool `json:"noNewPrivileges,omitempty" platform:"linux"` + NoNewPrivileges bool `json:"noNewPrivileges,omitempty" platform:"linux,zos"` // ApparmorProfile specifies the apparmor profile for the container. ApparmorProfile string `json:"apparmorProfile,omitempty" platform:"linux"` // Specify an oom_score_adj for the container. @@ -94,10 +94,12 @@ type Process struct { SelinuxLabel string `json:"selinuxLabel,omitempty" platform:"linux"` // IOPriority contains the I/O priority settings for the cgroup. IOPriority *LinuxIOPriority `json:"ioPriority,omitempty" platform:"linux"` + // ExecCPUAffinity specifies CPU affinity for exec processes. + ExecCPUAffinity *CPUAffinity `json:"execCPUAffinity,omitempty" platform:"linux"` } // LinuxCapabilities specifies the list of allowed capabilities that are kept for a process. -// http://man7.org/linux/man-pages/man7/capabilities.7.html +// https://man7.org/linux/man-pages/man7/capabilities.7.html type LinuxCapabilities struct { // Bounding is the set of capabilities checked by the kernel. Bounding []string `json:"bounding,omitempty" platform:"linux"` @@ -127,6 +129,12 @@ const ( IOPRIO_CLASS_IDLE IOPriorityClass = "IOPRIO_CLASS_IDLE" ) +// CPUAffinity specifies process' CPU affinity. +type CPUAffinity struct { + Initial string `json:"initial,omitempty"` + Final string `json:"final,omitempty"` +} + // Box specifies dimensions of a rectangle. Used for specifying the size of a console. type Box struct { // Height is the vertical dimension of a box. @@ -627,6 +635,17 @@ type WindowsCPUResources struct { // cycles per 10,000 cycles. Set processor `maximum` to a percentage times // 100. Maximum *uint16 `json:"maximum,omitempty"` + // Set of CPUs to affinitize for this container. + Affinity []WindowsCPUGroupAffinity `json:"affinity,omitempty"` +} + +// Similar to _GROUP_AFFINITY struct defined in +// https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/miniport/ns-miniport-_group_affinity +type WindowsCPUGroupAffinity struct { + // CPU mask relative to this CPU group. + Mask uint64 `json:"mask,omitempty"` + // Processor group the mask refers to, as returned by GetLogicalProcessorInformationEx. + Group uint32 `json:"group,omitempty"` } // WindowsStorageResources contains storage resource management settings. @@ -751,6 +770,10 @@ const ( ArchPARISC Arch = "SCMP_ARCH_PARISC" ArchPARISC64 Arch = "SCMP_ARCH_PARISC64" ArchRISCV64 Arch = "SCMP_ARCH_RISCV64" + ArchLOONGARCH64 Arch = "SCMP_ARCH_LOONGARCH64" + ArchM68K Arch = "SCMP_ARCH_M68K" + ArchSH Arch = "SCMP_ARCH_SH" + ArchSHEB Arch = "SCMP_ARCH_SHEB" ) // LinuxSeccompAction taken upon Seccomp rule match @@ -826,28 +849,33 @@ type LinuxIntelRdt struct { // ZOS contains platform-specific configuration for z/OS based containers. type ZOS struct { - // Devices are a list of device nodes that are created for the container - Devices []ZOSDevice `json:"devices,omitempty"` + // Namespaces contains the namespaces that are created and/or joined by the container + Namespaces []ZOSNamespace `json:"namespaces,omitempty"` } -// ZOSDevice represents the mknod information for a z/OS special device file -type ZOSDevice struct { - // Path to the device. - Path string `json:"path"` - // Device type, block, char, etc. - Type string `json:"type"` - // Major is the device's major number. - Major int64 `json:"major"` - // Minor is the device's minor number. - Minor int64 `json:"minor"` - // FileMode permission bits for the device. - FileMode *os.FileMode `json:"fileMode,omitempty"` - // UID of the device. - UID *uint32 `json:"uid,omitempty"` - // Gid of the device. - GID *uint32 `json:"gid,omitempty"` +// ZOSNamespace is the configuration for a z/OS namespace +type ZOSNamespace struct { + // Type is the type of namespace + Type ZOSNamespaceType `json:"type"` + // Path is a path to an existing namespace persisted on disk that can be joined + // and is of the same type + Path string `json:"path,omitempty"` } +// ZOSNamespaceType is one of the z/OS namespaces +type ZOSNamespaceType string + +const ( + // PIDNamespace for isolating process IDs + ZOSPIDNamespace ZOSNamespaceType = "pid" + // MountNamespace for isolating mount points + ZOSMountNamespace ZOSNamespaceType = "mount" + // IPCNamespace for isolating System V IPC, POSIX message queues + ZOSIPCNamespace ZOSNamespaceType = "ipc" + // UTSNamespace for isolating hostname and NIS domain name + ZOSUTSNamespace ZOSNamespaceType = "uts" +) + // LinuxSchedulerPolicy represents different scheduling policies used with the Linux Scheduler type LinuxSchedulerPolicy string diff --git a/vendor/github.com/opencontainers/runtime-spec/specs-go/version.go b/vendor/github.com/opencontainers/runtime-spec/specs-go/version.go index 503971e058b..23234a9c583 100644 --- a/vendor/github.com/opencontainers/runtime-spec/specs-go/version.go +++ b/vendor/github.com/opencontainers/runtime-spec/specs-go/version.go @@ -8,7 +8,7 @@ const ( // VersionMinor is for functionality in a backwards-compatible manner VersionMinor = 2 // VersionPatch is for backwards-compatible bug fixes - VersionPatch = 0 + VersionPatch = 1 // VersionDev indicates development branch. Releases will be empty string. VersionDev = "" diff --git a/vendor/modules.txt b/vendor/modules.txt index 83e4c726fc1..16797f3ad6b 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -51,7 +51,7 @@ github.com/moby/sys/userns # github.com/mrunalp/fileutils v0.5.1 ## explicit; go 1.13 github.com/mrunalp/fileutils -# github.com/opencontainers/runtime-spec v1.2.0 +# github.com/opencontainers/runtime-spec v1.2.1 ## explicit github.com/opencontainers/runtime-spec/specs-go github.com/opencontainers/runtime-spec/specs-go/features From 6e01e850541315bd9ea2e6809091a15f7d205ac2 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 28 Feb 2025 11:40:56 -0800 Subject: [PATCH 0849/1176] CHANGELOG: fwd port 1.2.1 to 1.2.5 changes Signed-off-by: Kir Kolyshkin --- CHANGELOG.md | 96 +++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 95 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index aae5d9f46d6..e0bef883a83 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -23,6 +23,95 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 methods no longer ignore `Process.IOPriority` and `Process.Scheduler` settings. (#4585) +## [1.2.5] - 2025-02-13 + +> ĐœĐ¾Ñ€Đ¾Đ· и ÑĐ¾Đ»Đ½Ñ†Đµ; Đ´ĐµĐ½ÑŒ Ñ‡ÑƒĐ´ĐµÑĐ½Ñ‹Đ¹! + +### Fixed +* There was a regression in systemd v230 which made the way we define device + rule restrictions require a systemctl daemon-reload for our transient + units. This caused issues for workloads using NVIDIA GPUs. Workaround the + upstream regression by re-arranging how the unit properties are defined. + (#4568, #4612, #4615) + * Dependency github.com/cyphar/filepath-securejoin is updated to v0.4.1, + allowing projects that vendor runc to bump it as well. (#4608) + * CI: fixed criu-dev compilation. (#4611) + +### Changed + * Dependency golang.org/x/net is updated to 0.33.0. (#4632) + +## [1.2.4] - 2025-01-07 + +> Đ¥Ñ€Đ¸ÑÑ‚Đ¾Ñ Ñе Ñ€Đ¾Đ´Đ¸! + +### Fixed + * Re-add tun/tap devices to built-in allowed devices lists. + + In runc 1.2.0 we removed these devices from the default allow-list (which + were added seemingly by accident early in Docker's history) as a precaution + in order to try to reduce the attack surface of device inodes available to + most containers (#3468). At the time we thought that the vast majority of + users using tun/tap would already be specifying what devices they need (such + as by using `--device` with Docker/Podman) as opposed to doing the `mknod` + manually, and thus there would've been no user-visible change. + + Unfortunately, it seems that this regressed a noticeable number of users + (and not all higher-level tools provide easy ways to specify devices to + allow) and so this change needed to be reverted. Users that do not need + these devices are recommended to explicitly disable them by adding deny + rules in their container configuration. (#4555, #4556) + +## [1.2.3] - 2024-12-12 + +> Winter is not a season, it's a celebration. + +### Fixed + * Fixed a regression in use of securejoin.MkdirAll, where multiple + runc processes racing to create the same mountpoint in a shared rootfs + would result in spurious EEXIST errors. In particular, this regression + caused issues with BuildKit. (#4543, #4550) + * Fixed a regression in eBPF support for pre-5.6 kernels after upgrading + Cilium's eBPF library version to 0.16 in runc. (#3008, #4551) + +## [1.2.2] - 2024-11-15 + +> Specialization is for insects. + +### Fixed + * Fixed the failure of `runc delete` on a rootless container with no + dedicated cgroup on a system with read-only `/sys/fs/cgroup` mount. + This is a regression in runc 1.2.0, causing a failure when using + rootless buildkit. (#4518, #4531) + * Using runc on a system where /run/runc and /usr/bin are on different + filesystems no longer results in harmless but annoying messages + ("overlayfs: "xino" feature enabled using 3 upper inode bits") + appearing in the kernel log. (#4508, #4530) + +### Changed + * Better memfd-bind documentation. (#4530) + * CI: bump Fedora 40 -> 41. (#4528) + +## [1.2.1] - 2024-11-01 + +> No existe una escuela que enseñe a vivir. + +### Fixed + * Became root after joining an existing user namespace. Otherwise, runc + won't have permissions to configure some mounts when running under + SELinux and runc is not creating the user namespace. (#4466, #4477) + +### Removed + * Remove dependency on `golang.org/x/sys/execabs` from go.mod. (#4480) + * Remove runc-dmz, that had many limitations, and is mostly made obsolete by + the new protection mechanism added in v1.2.0. Note that runc-dmz was only + available only in the 1.2.0 release and required to set an environment variable + to opt-in. (#4488) + +### Added + * The `script/check-config.sh` script now checks for overlayfs support. (#4494) + * When using cgroups v2, allow to set or update memory limit to "unlimited" + and swap limit to a specific value. (#4501) + ## [1.2.0] - 2024-10-22 > ă§ăă‚‹ă¨ăă«ă§ăă‚‹ă“ă¨ă‚’ă‚„ă‚‹ă‚“ă ă€‚ăă‚ŒăŒä»ă ă€‚ @@ -917,7 +1006,12 @@ implementation (libcontainer) is *not* covered by this policy. [1.1.0-rc.1]: https://github.com/opencontainers/runc/compare/v1.0.0...v1.1.0-rc.1 -[Unreleased 1.2.z]: https://github.com/opencontainers/runc/compare/v1.2.0...release-1.2 +[Unreleased 1.2.z]: https://github.com/opencontainers/runc/compare/v1.2.5...release-1.2 +[1.2.5]: https://github.com/opencontainers/runc/compare/v1.2.4...v1.2.5 +[1.2.4]: https://github.com/opencontainers/runc/compare/v1.2.3...v1.2.4 +[1.2.3]: https://github.com/opencontainers/runc/compare/v1.2.2...v1.2.3 +[1.2.2]: https://github.com/opencontainers/runc/compare/v1.2.1...v1.2.2 +[1.2.1]: https://github.com/opencontainers/runc/compare/v1.2.0...v1.2.1 [1.2.0-rc.3]: https://github.com/opencontainers/runc/compare/v1.2.0-rc.2...v1.2.0-rc.3 [1.2.0-rc.2]: https://github.com/opencontainers/runc/compare/v1.2.0-rc.1...v1.2.0-rc.2 [1.2.0-rc.1]: https://github.com/opencontainers/runc/compare/v1.1.0...v1.2.0-rc.1 From a75076b4a413f628c4b6aa4c5568b159aa128a56 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 25 Feb 2025 17:32:28 -0800 Subject: [PATCH 0850/1176] Switch to opencontainers/cgroups This removes libcontainer/cgroups packages and starts using those from github.com/opencontainers/cgroups repo. Mostly generated by: git rm -f libcontainer/cgroups find . -type f -name "*.go" -exec sed -i \ 's|github.com/opencontainers/runc/libcontainer/cgroups|github.com/opencontainers/cgroups|g' \ {} + go get github.com/opencontainers/cgroups@v0.0.1 make vendor gofumpt -w . Signed-off-by: Kir Kolyshkin --- events.go | 2 +- go.mod | 3 +- go.sum | 2 + libcontainer/README.md | 2 +- libcontainer/cgroups/cgroups_test.go | 21 - .../cgroups/devices/devicefilter_test.go | 336 ----- .../cgroups/devices/devices_emulator_test.go | 1144 ----------------- libcontainer/cgroups/devices/systemd_test.go | 279 ---- libcontainer/cgroups/devices/v1_test.go | 68 - libcontainer/cgroups/file_test.go | 93 -- libcontainer/cgroups/fs/blkio_test.go | 862 ------------- libcontainer/cgroups/fs/cpu_test.go | 226 ---- libcontainer/cgroups/fs/cpuacct_test.go | 112 -- libcontainer/cgroups/fs/cpuset_test.go | 241 ---- libcontainer/cgroups/fs/freezer_test.go | 46 - libcontainer/cgroups/fs/fs_test.go | 49 - libcontainer/cgroups/fs/hugetlb_test.go | 176 --- libcontainer/cgroups/fs/memory_test.go | 506 -------- libcontainer/cgroups/fs/net_cls_test.go | 41 - libcontainer/cgroups/fs/net_prio_test.go | 36 - libcontainer/cgroups/fs/paths_test.go | 104 -- libcontainer/cgroups/fs/pids_test.go | 108 -- libcontainer/cgroups/fs/stats_util_test.go | 138 -- libcontainer/cgroups/fs/util_test.go | 39 - libcontainer/cgroups/fs2/defaultpath_test.go | 93 -- libcontainer/cgroups/fs2/io_test.go | 81 -- libcontainer/cgroups/fs2/memory_test.go | 155 --- libcontainer/cgroups/fs2/misc_test.go | 103 -- libcontainer/cgroups/fs2/psi_test.go | 47 - libcontainer/cgroups/fscommon/rdma_test.go | 57 - libcontainer/cgroups/fscommon/utils_test.go | 95 -- libcontainer/cgroups/getallpids_test.go | 17 - libcontainer/cgroups/manager/manager_test.go | 55 - libcontainer/cgroups/systemd/cpuset_test.go | 55 - libcontainer/cgroups/systemd/freeze_test.go | 354 ----- libcontainer/cgroups/systemd/systemd_test.go | 180 --- libcontainer/cgroups/utils_test.go | 691 ---------- libcontainer/configs/cgroup_deprecated.go | 4 +- libcontainer/configs/config.go | 2 +- libcontainer/configs/validate/validator.go | 2 +- libcontainer/container_linux.go | 2 +- libcontainer/container_linux_test.go | 2 +- libcontainer/criu_linux.go | 2 +- libcontainer/devices/device_deprecated.go | 6 +- libcontainer/factory_linux.go | 4 +- libcontainer/factory_linux_test.go | 2 +- libcontainer/init_linux.go | 2 +- libcontainer/integration/exec_test.go | 4 +- libcontainer/integration/init_test.go | 2 +- libcontainer/integration/template_test.go | 4 +- libcontainer/integration/update_test.go | 4 +- libcontainer/intelrdt/intelrdt.go | 2 +- libcontainer/notify_v2_linux.go | 2 +- libcontainer/process_linux.go | 4 +- libcontainer/rootfs_linux.go | 6 +- libcontainer/specconv/example.go | 2 +- libcontainer/specconv/spec_linux.go | 4 +- libcontainer/specconv/spec_linux_test.go | 2 +- libcontainer/state_linux.go | 2 +- libcontainer/stats_linux.go | 2 +- main.go | 2 +- rootless_linux.go | 2 +- tests/cmd/sd-helper/helper.go | 6 +- tests/integration/update.bats | 2 +- types/events.go | 2 +- update.go | 2 +- .../opencontainers/cgroups/CODEOWNERS | 1 + .../opencontainers/cgroups/CONTRIBUTING.md | 150 +++ .../opencontainers/cgroups/GOVERNANCE.md | 63 + .../github.com/opencontainers/cgroups/LICENSE | 201 +++ .../opencontainers/cgroups/MAINTAINERS | 8 + .../cgroups/MAINTAINERS_GUIDE.md | 92 ++ .../opencontainers/cgroups/README.md | 11 + .../opencontainers/cgroups/RELEASES.md | 51 + .../opencontainers}/cgroups/cgroups.go | 2 +- .../cgroups/config_blkio_device.go | 0 .../cgroups/config_hugepages.go | 0 .../cgroups/config_ifprio_map.go | 0 .../opencontainers}/cgroups/config_linux.go | 2 +- .../opencontainers}/cgroups/config_rdma.go | 0 .../cgroups/config_unsupported.go | 0 .../cgroups/devices/config/device.go | 0 .../cgroups/devices/config/mknod_unix.go | 0 .../cgroups/devices/devicefilter.go | 2 +- .../cgroups/devices/devices.go | 4 +- .../cgroups/devices/devices_emulator.go | 2 +- .../cgroups/devices/ebpf_linux.go | 0 .../cgroups/devices/systemd.go | 4 +- .../opencontainers}/cgroups/devices/v1.go | 4 +- .../opencontainers}/cgroups/devices/v2.go | 4 +- .../opencontainers}/cgroups/file.go | 0 .../opencontainers}/cgroups/fs/blkio.go | 2 +- .../opencontainers}/cgroups/fs/cpu.go | 4 +- .../opencontainers}/cgroups/fs/cpuacct.go | 4 +- .../opencontainers}/cgroups/fs/cpuset.go | 4 +- .../opencontainers}/cgroups/fs/devices.go | 2 +- .../opencontainers}/cgroups/fs/error.go | 2 +- .../opencontainers}/cgroups/fs/freezer.go | 2 +- .../opencontainers}/cgroups/fs/fs.go | 4 +- .../opencontainers}/cgroups/fs/hugetlb.go | 4 +- .../opencontainers}/cgroups/fs/memory.go | 4 +- .../opencontainers}/cgroups/fs/name.go | 2 +- .../opencontainers}/cgroups/fs/net_cls.go | 2 +- .../opencontainers}/cgroups/fs/net_prio.go | 2 +- .../opencontainers}/cgroups/fs/paths.go | 4 +- .../opencontainers}/cgroups/fs/perf_event.go | 2 +- .../opencontainers}/cgroups/fs/pids.go | 4 +- .../opencontainers}/cgroups/fs/rdma.go | 4 +- .../opencontainers}/cgroups/fs2/cpu.go | 4 +- .../opencontainers}/cgroups/fs2/cpuset.go | 2 +- .../opencontainers}/cgroups/fs2/create.go | 2 +- .../cgroups/fs2/defaultpath.go | 4 +- .../opencontainers}/cgroups/fs2/freezer.go | 2 +- .../opencontainers}/cgroups/fs2/fs2.go | 4 +- .../opencontainers}/cgroups/fs2/hugetlb.go | 4 +- .../opencontainers}/cgroups/fs2/io.go | 2 +- .../opencontainers}/cgroups/fs2/memory.go | 4 +- .../opencontainers}/cgroups/fs2/misc.go | 4 +- .../opencontainers}/cgroups/fs2/pids.go | 4 +- .../opencontainers}/cgroups/fs2/psi.go | 2 +- .../opencontainers}/cgroups/fscommon/rdma.go | 2 +- .../opencontainers}/cgroups/fscommon/utils.go | 2 +- .../opencontainers}/cgroups/getallpids.go | 0 .../cgroups/internal/path/path.go | 2 +- .../opencontainers}/cgroups/manager/new.go | 8 +- .../opencontainers}/cgroups/stats.go | 0 .../opencontainers}/cgroups/systemd/common.go | 4 +- .../opencontainers}/cgroups/systemd/cpuset.go | 0 .../opencontainers}/cgroups/systemd/dbus.go | 0 .../cgroups/systemd/devices.go | 2 +- .../opencontainers}/cgroups/systemd/user.go | 0 .../opencontainers}/cgroups/systemd/v1.go | 4 +- .../opencontainers}/cgroups/systemd/v2.go | 4 +- .../opencontainers}/cgroups/utils.go | 0 .../opencontainers}/cgroups/v1_utils.go | 0 vendor/modules.txt | 11 + 136 files changed, 707 insertions(+), 6724 deletions(-) delete mode 100644 libcontainer/cgroups/cgroups_test.go delete mode 100644 libcontainer/cgroups/devices/devicefilter_test.go delete mode 100644 libcontainer/cgroups/devices/devices_emulator_test.go delete mode 100644 libcontainer/cgroups/devices/systemd_test.go delete mode 100644 libcontainer/cgroups/devices/v1_test.go delete mode 100644 libcontainer/cgroups/file_test.go delete mode 100644 libcontainer/cgroups/fs/blkio_test.go delete mode 100644 libcontainer/cgroups/fs/cpu_test.go delete mode 100644 libcontainer/cgroups/fs/cpuacct_test.go delete mode 100644 libcontainer/cgroups/fs/cpuset_test.go delete mode 100644 libcontainer/cgroups/fs/freezer_test.go delete mode 100644 libcontainer/cgroups/fs/fs_test.go delete mode 100644 libcontainer/cgroups/fs/hugetlb_test.go delete mode 100644 libcontainer/cgroups/fs/memory_test.go delete mode 100644 libcontainer/cgroups/fs/net_cls_test.go delete mode 100644 libcontainer/cgroups/fs/net_prio_test.go delete mode 100644 libcontainer/cgroups/fs/paths_test.go delete mode 100644 libcontainer/cgroups/fs/pids_test.go delete mode 100644 libcontainer/cgroups/fs/stats_util_test.go delete mode 100644 libcontainer/cgroups/fs/util_test.go delete mode 100644 libcontainer/cgroups/fs2/defaultpath_test.go delete mode 100644 libcontainer/cgroups/fs2/io_test.go delete mode 100644 libcontainer/cgroups/fs2/memory_test.go delete mode 100644 libcontainer/cgroups/fs2/misc_test.go delete mode 100644 libcontainer/cgroups/fs2/psi_test.go delete mode 100644 libcontainer/cgroups/fscommon/rdma_test.go delete mode 100644 libcontainer/cgroups/fscommon/utils_test.go delete mode 100644 libcontainer/cgroups/getallpids_test.go delete mode 100644 libcontainer/cgroups/manager/manager_test.go delete mode 100644 libcontainer/cgroups/systemd/cpuset_test.go delete mode 100644 libcontainer/cgroups/systemd/freeze_test.go delete mode 100644 libcontainer/cgroups/systemd/systemd_test.go delete mode 100644 libcontainer/cgroups/utils_test.go create mode 100644 vendor/github.com/opencontainers/cgroups/CODEOWNERS create mode 100644 vendor/github.com/opencontainers/cgroups/CONTRIBUTING.md create mode 100644 vendor/github.com/opencontainers/cgroups/GOVERNANCE.md create mode 100644 vendor/github.com/opencontainers/cgroups/LICENSE create mode 100644 vendor/github.com/opencontainers/cgroups/MAINTAINERS create mode 100644 vendor/github.com/opencontainers/cgroups/MAINTAINERS_GUIDE.md create mode 100644 vendor/github.com/opencontainers/cgroups/README.md create mode 100644 vendor/github.com/opencontainers/cgroups/RELEASES.md rename {libcontainer => vendor/github.com/opencontainers}/cgroups/cgroups.go (97%) rename {libcontainer => vendor/github.com/opencontainers}/cgroups/config_blkio_device.go (100%) rename {libcontainer => vendor/github.com/opencontainers}/cgroups/config_hugepages.go (100%) rename {libcontainer => vendor/github.com/opencontainers}/cgroups/config_ifprio_map.go (100%) rename {libcontainer => vendor/github.com/opencontainers}/cgroups/config_linux.go (98%) rename {libcontainer => vendor/github.com/opencontainers}/cgroups/config_rdma.go (100%) rename {libcontainer => vendor/github.com/opencontainers}/cgroups/config_unsupported.go (100%) rename {libcontainer => vendor/github.com/opencontainers}/cgroups/devices/config/device.go (100%) rename {libcontainer => vendor/github.com/opencontainers}/cgroups/devices/config/mknod_unix.go (100%) rename {libcontainer => vendor/github.com/opencontainers}/cgroups/devices/devicefilter.go (98%) rename {libcontainer => vendor/github.com/opencontainers}/cgroups/devices/devices.go (75%) rename {libcontainer => vendor/github.com/opencontainers}/cgroups/devices/devices_emulator.go (99%) rename {libcontainer => vendor/github.com/opencontainers}/cgroups/devices/ebpf_linux.go (100%) rename {libcontainer => vendor/github.com/opencontainers}/cgroups/devices/systemd.go (98%) rename {libcontainer => vendor/github.com/opencontainers}/cgroups/devices/v1.go (94%) rename {libcontainer => vendor/github.com/opencontainers}/cgroups/devices/v2.go (93%) rename {libcontainer => vendor/github.com/opencontainers}/cgroups/file.go (100%) rename {libcontainer => vendor/github.com/opencontainers}/cgroups/fs/blkio.go (99%) rename {libcontainer => vendor/github.com/opencontainers}/cgroups/fs/cpu.go (97%) rename {libcontainer => vendor/github.com/opencontainers}/cgroups/fs/cpuacct.go (97%) rename {libcontainer => vendor/github.com/opencontainers}/cgroups/fs/cpuset.go (98%) rename {libcontainer => vendor/github.com/opencontainers}/cgroups/fs/devices.go (93%) rename {libcontainer => vendor/github.com/opencontainers}/cgroups/fs/error.go (84%) rename {libcontainer => vendor/github.com/opencontainers}/cgroups/fs/freezer.go (98%) rename {libcontainer => vendor/github.com/opencontainers}/cgroups/fs/fs.go (98%) rename {libcontainer => vendor/github.com/opencontainers}/cgroups/fs/hugetlb.go (93%) rename {libcontainer => vendor/github.com/opencontainers}/cgroups/fs/memory.go (98%) rename {libcontainer => vendor/github.com/opencontainers}/cgroups/fs/name.go (90%) rename {libcontainer => vendor/github.com/opencontainers}/cgroups/fs/net_cls.go (91%) rename {libcontainer => vendor/github.com/opencontainers}/cgroups/fs/net_prio.go (91%) rename {libcontainer => vendor/github.com/opencontainers}/cgroups/fs/paths.go (96%) rename {libcontainer => vendor/github.com/opencontainers}/cgroups/fs/perf_event.go (88%) rename {libcontainer => vendor/github.com/opencontainers}/cgroups/fs/pids.go (90%) rename {libcontainer => vendor/github.com/opencontainers}/cgroups/fs/rdma.go (78%) rename {libcontainer => vendor/github.com/opencontainers}/cgroups/fs2/cpu.go (95%) rename {libcontainer => vendor/github.com/opencontainers}/cgroups/fs2/cpuset.go (89%) rename {libcontainer => vendor/github.com/opencontainers}/cgroups/fs2/create.go (98%) rename {libcontainer => vendor/github.com/opencontainers}/cgroups/fs2/defaultpath.go (94%) rename {libcontainer => vendor/github.com/opencontainers}/cgroups/fs2/freezer.go (98%) rename {libcontainer => vendor/github.com/opencontainers}/cgroups/fs2/fs2.go (98%) rename {libcontainer => vendor/github.com/opencontainers}/cgroups/fs2/hugetlb.go (92%) rename {libcontainer => vendor/github.com/opencontainers}/cgroups/fs2/io.go (98%) rename {libcontainer => vendor/github.com/opencontainers}/cgroups/fs2/memory.go (98%) rename {libcontainer => vendor/github.com/opencontainers}/cgroups/fs2/misc.go (87%) rename {libcontainer => vendor/github.com/opencontainers}/cgroups/fs2/pids.go (92%) rename {libcontainer => vendor/github.com/opencontainers}/cgroups/fs2/psi.go (97%) rename {libcontainer => vendor/github.com/opencontainers}/cgroups/fscommon/rdma.go (97%) rename {libcontainer => vendor/github.com/opencontainers}/cgroups/fscommon/utils.go (98%) rename {libcontainer => vendor/github.com/opencontainers}/cgroups/getallpids.go (100%) rename {libcontainer => vendor/github.com/opencontainers}/cgroups/internal/path/path.go (96%) rename {libcontainer => vendor/github.com/opencontainers}/cgroups/manager/new.go (90%) rename {libcontainer => vendor/github.com/opencontainers}/cgroups/stats.go (100%) rename {libcontainer => vendor/github.com/opencontainers}/cgroups/systemd/common.go (98%) rename {libcontainer => vendor/github.com/opencontainers}/cgroups/systemd/cpuset.go (100%) rename {libcontainer => vendor/github.com/opencontainers}/cgroups/systemd/dbus.go (100%) rename {libcontainer => vendor/github.com/opencontainers}/cgroups/systemd/devices.go (97%) rename {libcontainer => vendor/github.com/opencontainers}/cgroups/systemd/user.go (100%) rename {libcontainer => vendor/github.com/opencontainers}/cgroups/systemd/v1.go (98%) rename {libcontainer => vendor/github.com/opencontainers}/cgroups/systemd/v2.go (99%) rename {libcontainer => vendor/github.com/opencontainers}/cgroups/utils.go (100%) rename {libcontainer => vendor/github.com/opencontainers}/cgroups/v1_utils.go (100%) diff --git a/events.go b/events.go index 47aa1abe22b..72a808a3d9d 100644 --- a/events.go +++ b/events.go @@ -8,8 +8,8 @@ import ( "sync" "time" + "github.com/opencontainers/cgroups" "github.com/opencontainers/runc/libcontainer" - "github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/intelrdt" "github.com/opencontainers/runc/types" diff --git a/go.mod b/go.mod index e14d042e4c8..ab77936b199 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,6 @@ go 1.23.0 require ( github.com/checkpoint-restore/go-criu/v6 v6.3.0 - github.com/cilium/ebpf v0.17.3 github.com/containerd/console v1.0.4 github.com/coreos/go-systemd/v22 v22.5.0 github.com/cyphar/filepath-securejoin v0.4.1 @@ -15,6 +14,7 @@ require ( github.com/moby/sys/user v0.3.0 github.com/moby/sys/userns v0.1.0 github.com/mrunalp/fileutils v0.5.1 + github.com/opencontainers/cgroups v0.0.1 github.com/opencontainers/runtime-spec v1.2.1 github.com/opencontainers/selinux v1.11.1 github.com/seccomp/libseccomp-golang v0.10.0 @@ -34,6 +34,7 @@ exclude ( ) require ( + github.com/cilium/ebpf v0.17.3 // indirect github.com/cpuguy83/go-md2man/v2 v2.0.5 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/vishvananda/netns v0.0.4 // indirect diff --git a/go.sum b/go.sum index c3bcace2761..1503380cef5 100644 --- a/go.sum +++ b/go.sum @@ -49,6 +49,8 @@ github.com/moby/sys/userns v0.1.0 h1:tVLXkFOxVu9A64/yh59slHVv9ahO9UIev4JZusOLG/g github.com/moby/sys/userns v0.1.0/go.mod h1:IHUYgu/kao6N8YZlp9Cf444ySSvCmDlmzUcYfDHOl28= github.com/mrunalp/fileutils v0.5.1 h1:F+S7ZlNKnrwHfSwdlgNSkKo67ReVf8o9fel6C3dkm/Q= github.com/mrunalp/fileutils v0.5.1/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ= +github.com/opencontainers/cgroups v0.0.1 h1:MXjMkkFpKv6kpuirUa4USFBas573sSAY082B4CiHEVA= +github.com/opencontainers/cgroups v0.0.1/go.mod h1:s8lktyhlGUqM7OSRL5P7eAW6Wb+kWPNvt4qvVfzA5vs= github.com/opencontainers/runtime-spec v1.2.1 h1:S4k4ryNgEpxW1dzyqffOmhI1BHYcjzU8lpJfSlR0xww= github.com/opencontainers/runtime-spec v1.2.1/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/selinux v1.11.1 h1:nHFvthhM0qY8/m+vfhJylliSshm8G1jJ2jDMcgULaH8= diff --git a/libcontainer/README.md b/libcontainer/README.md index b1e7b0cd15c..901351edb71 100644 --- a/libcontainer/README.md +++ b/libcontainer/README.md @@ -36,7 +36,7 @@ this package into your code: ```go import ( - _ "github.com/opencontainers/runc/libcontainer/cgroups/devices" + _ "github.com/opencontainers/cgroups/devices" ) ``` diff --git a/libcontainer/cgroups/cgroups_test.go b/libcontainer/cgroups/cgroups_test.go deleted file mode 100644 index b7ca7b1837a..00000000000 --- a/libcontainer/cgroups/cgroups_test.go +++ /dev/null @@ -1,21 +0,0 @@ -package cgroups - -import ( - "testing" -) - -func TestParseCgroups(t *testing.T) { - // We don't need to use /proc/thread-self here because runc always runs - // with every thread in the same cgroup. This lets us avoid having to do - // runtime.LockOSThread. - cgroups, err := ParseCgroupFile("/proc/self/cgroup") - if err != nil { - t.Fatal(err) - } - if IsCgroup2UnifiedMode() { - return - } - if _, ok := cgroups["cpu"]; !ok { - t.Fail() - } -} diff --git a/libcontainer/cgroups/devices/devicefilter_test.go b/libcontainer/cgroups/devices/devicefilter_test.go deleted file mode 100644 index 912e8d8cdb4..00000000000 --- a/libcontainer/cgroups/devices/devicefilter_test.go +++ /dev/null @@ -1,336 +0,0 @@ -package devices - -import ( - "strings" - "testing" - - devices "github.com/opencontainers/runc/libcontainer/cgroups/devices/config" -) - -func hash(s, comm string) string { - var res []string - for _, l := range strings.Split(s, "\n") { - trimmed := strings.TrimSpace(l) - if trimmed == "" || strings.HasPrefix(trimmed, comm) { - continue - } - res = append(res, trimmed) - } - return strings.Join(res, "\n") -} - -func testDeviceFilter(t testing.TB, devices []*devices.Rule, expectedStr string) { - insts, _, err := deviceFilter(devices) - if err != nil { - t.Fatalf("%s: %v (devices: %+v)", t.Name(), err, devices) - } - s := insts.String() - if expectedStr != "" { - hashed := hash(s, "//") - expectedHashed := hash(expectedStr, "//") - if expectedHashed != hashed { - t.Fatalf("expected:\n%q\ngot\n%q", expectedHashed, hashed) - } - } -} - -func TestDeviceFilter_Nil(t *testing.T) { - expected := ` -// load parameters into registers - 0: LdXMemW dst: r2 src: r1 off: 0 imm: 0 - 1: AndImm32 dst: r2 imm: 65535 - 2: LdXMemW dst: r3 src: r1 off: 0 imm: 0 - 3: RShImm32 dst: r3 imm: 16 - 4: LdXMemW dst: r4 src: r1 off: 4 imm: 0 - 5: LdXMemW dst: r5 src: r1 off: 8 imm: 0 -block-0: -// return 0 (reject) - 6: MovImm32 dst: r0 imm: 0 - 7: Exit - ` - testDeviceFilter(t, nil, expected) -} - -func TestDeviceFilter_BuiltInAllowList(t *testing.T) { - // This is a copy of all rules from - // github.com/opencontainers/runc/libcontainer/specconv.AllowedDevices. - devices := []*devices.Rule{ - { - Type: devices.CharDevice, - Major: devices.Wildcard, - Minor: devices.Wildcard, - Permissions: "m", - Allow: true, - }, - { - Type: devices.BlockDevice, - Major: devices.Wildcard, - Minor: devices.Wildcard, - Permissions: "m", - Allow: true, - }, - { - Type: devices.CharDevice, - Major: 1, - Minor: 3, - Permissions: "rwm", - Allow: true, - }, - { - Type: devices.CharDevice, - Major: 1, - Minor: 8, - Permissions: "rwm", - Allow: true, - }, - { - Type: devices.CharDevice, - Major: 1, - Minor: 7, - Permissions: "rwm", - Allow: true, - }, - { - Type: devices.CharDevice, - Major: 5, - Minor: 0, - Permissions: "rwm", - Allow: true, - }, - { - Type: devices.CharDevice, - Major: 1, - Minor: 5, - Permissions: "rwm", - Allow: true, - }, - { - Type: devices.CharDevice, - Major: 1, - Minor: 9, - Permissions: "rwm", - Allow: true, - }, - { - Type: devices.CharDevice, - Major: 136, - Minor: devices.Wildcard, - Permissions: "rwm", - Allow: true, - }, - { - Type: devices.CharDevice, - Major: 5, - Minor: 2, - Permissions: "rwm", - Allow: true, - }, - { - Type: devices.CharDevice, - Major: 10, - Minor: 200, - Permissions: "rwm", - Allow: true, - }, - } - - expected := ` -// load parameters into registers - 0: LdXMemW dst: r2 src: r1 off: 0 imm: 0 - 1: AndImm32 dst: r2 imm: 65535 - 2: LdXMemW dst: r3 src: r1 off: 0 imm: 0 - 3: RShImm32 dst: r3 imm: 16 - 4: LdXMemW dst: r4 src: r1 off: 4 imm: 0 - 5: LdXMemW dst: r5 src: r1 off: 8 imm: 0 -block-0: -// (b, wildcard, wildcard, m, true) - 6: JNEImm dst: r2 off: -1 imm: 1 - 7: MovReg32 dst: r1 src: r3 - 8: AndImm32 dst: r1 imm: 1 - 9: JNEReg dst: r1 off: -1 src: r3 - 10: MovImm32 dst: r0 imm: 1 - 11: Exit -block-1: -// (c, wildcard, wildcard, m, true) - 12: JNEImm dst: r2 off: -1 imm: 2 - 13: MovReg32 dst: r1 src: r3 - 14: AndImm32 dst: r1 imm: 1 - 15: JNEReg dst: r1 off: -1 src: r3 - 16: MovImm32 dst: r0 imm: 1 - 17: Exit -block-2: - 18: JNEImm dst: r2 off: -1 imm: 2 - 19: JNEImm dst: r4 off: -1 imm: 1 - 20: JNEImm dst: r5 off: -1 imm: 3 - 21: MovImm32 dst: r0 imm: 1 - 22: Exit -block-3: - 23: JNEImm dst: r2 off: -1 imm: 2 - 24: JNEImm dst: r4 off: -1 imm: 1 - 25: JNEImm dst: r5 off: -1 imm: 5 - 26: MovImm32 dst: r0 imm: 1 - 27: Exit -block-4: - 28: JNEImm dst: r2 off: -1 imm: 2 - 29: JNEImm dst: r4 off: -1 imm: 1 - 30: JNEImm dst: r5 off: -1 imm: 7 - 31: MovImm32 dst: r0 imm: 1 - 32: Exit -block-5: - 33: JNEImm dst: r2 off: -1 imm: 2 - 34: JNEImm dst: r4 off: -1 imm: 1 - 35: JNEImm dst: r5 off: -1 imm: 8 - 36: MovImm32 dst: r0 imm: 1 - 37: Exit -block-6: - 38: JNEImm dst: r2 off: -1 imm: 2 - 39: JNEImm dst: r4 off: -1 imm: 1 - 40: JNEImm dst: r5 off: -1 imm: 9 - 41: MovImm32 dst: r0 imm: 1 - 42: Exit -block-7: - 43: JNEImm dst: r2 off: -1 imm: 2 - 44: JNEImm dst: r4 off: -1 imm: 5 - 45: JNEImm dst: r5 off: -1 imm: 0 - 46: MovImm32 dst: r0 imm: 1 - 47: Exit -block-8: - 48: JNEImm dst: r2 off: -1 imm: 2 - 49: JNEImm dst: r4 off: -1 imm: 5 - 50: JNEImm dst: r5 off: -1 imm: 2 - 51: MovImm32 dst: r0 imm: 1 - 52: Exit -block-9: -// tuntap (c, 10, 200, rwm, true) - 53: JNEImm dst: r2 off: -1 imm: 2 - 54: JNEImm dst: r4 off: -1 imm: 10 - 55: JNEImm dst: r5 off: -1 imm: 200 - 56: MovImm32 dst: r0 imm: 1 - 57: Exit -block-10: -// /dev/pts (c, 136, wildcard, rwm, true) - 58: JNEImm dst: r2 off: -1 imm: 2 - 59: JNEImm dst: r4 off: -1 imm: 136 - 60: MovImm32 dst: r0 imm: 1 - 61: Exit -block-11: - 62: MovImm32 dst: r0 imm: 0 - 63: Exit -` - testDeviceFilter(t, devices, expected) -} - -func TestDeviceFilter_Privileged(t *testing.T) { - devices := []*devices.Rule{ - { - Type: 'a', - Major: -1, - Minor: -1, - Permissions: "rwm", - Allow: true, - }, - } - expected := ` -// load parameters into registers - 0: LdXMemW dst: r2 src: r1 off: 0 imm: 0 - 1: AndImm32 dst: r2 imm: 65535 - 2: LdXMemW dst: r3 src: r1 off: 0 imm: 0 - 3: RShImm32 dst: r3 imm: 16 - 4: LdXMemW dst: r4 src: r1 off: 4 imm: 0 - 5: LdXMemW dst: r5 src: r1 off: 8 imm: 0 -block-0: -// return 1 (accept) - 6: MovImm32 dst: r0 imm: 1 - 7: Exit - ` - testDeviceFilter(t, devices, expected) -} - -func TestDeviceFilter_PrivilegedExceptSingleDevice(t *testing.T) { - devices := []*devices.Rule{ - { - Type: 'a', - Major: -1, - Minor: -1, - Permissions: "rwm", - Allow: true, - }, - { - Type: 'b', - Major: 8, - Minor: 0, - Permissions: "rwm", - Allow: false, - }, - } - expected := ` -// load parameters into registers - 0: LdXMemW dst: r2 src: r1 off: 0 imm: 0 - 1: AndImm32 dst: r2 imm: 65535 - 2: LdXMemW dst: r3 src: r1 off: 0 imm: 0 - 3: RShImm32 dst: r3 imm: 16 - 4: LdXMemW dst: r4 src: r1 off: 4 imm: 0 - 5: LdXMemW dst: r5 src: r1 off: 8 imm: 0 -block-0: -// return 0 (reject) if type==b && major == 8 && minor == 0 - 6: JNEImm dst: r2 off: -1 imm: 1 - 7: JNEImm dst: r4 off: -1 imm: 8 - 8: JNEImm dst: r5 off: -1 imm: 0 - 9: MovImm32 dst: r0 imm: 0 - 10: Exit -block-1: -// return 1 (accept) - 11: MovImm32 dst: r0 imm: 1 - 12: Exit -` - testDeviceFilter(t, devices, expected) -} - -func TestDeviceFilter_Weird(t *testing.T) { - devices := []*devices.Rule{ - { - Type: 'b', - Major: 8, - Minor: 1, - Permissions: "rwm", - Allow: false, - }, - { - Type: 'a', - Major: -1, - Minor: -1, - Permissions: "rwm", - Allow: true, - }, - { - Type: 'b', - Major: 8, - Minor: 2, - Permissions: "rwm", - Allow: false, - }, - } - // 8/1 is allowed, 8/2 is not allowed. - // This conforms to runc v1.0.0-rc.9 (cgroup1) behavior. - expected := ` -// load parameters into registers - 0: LdXMemW dst: r2 src: r1 off: 0 imm: 0 - 1: AndImm32 dst: r2 imm: 65535 - 2: LdXMemW dst: r3 src: r1 off: 0 imm: 0 - 3: RShImm32 dst: r3 imm: 16 - 4: LdXMemW dst: r4 src: r1 off: 4 imm: 0 - 5: LdXMemW dst: r5 src: r1 off: 8 imm: 0 -block-0: -// return 0 (reject) if type==b && major == 8 && minor == 2 - 6: JNEImm dst: r2 off: -1 imm: 1 - 7: JNEImm dst: r4 off: -1 imm: 8 - 8: JNEImm dst: r5 off: -1 imm: 2 - 9: MovImm32 dst: r0 imm: 0 - 10: Exit -block-1: -// return 1 (accept) - 11: MovImm32 dst: r0 imm: 1 - 12: Exit -` - testDeviceFilter(t, devices, expected) -} diff --git a/libcontainer/cgroups/devices/devices_emulator_test.go b/libcontainer/cgroups/devices/devices_emulator_test.go deleted file mode 100644 index c107618cc17..00000000000 --- a/libcontainer/cgroups/devices/devices_emulator_test.go +++ /dev/null @@ -1,1144 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -/* - * Copyright (C) 2020 Aleksa Sarai - * Copyright (C) 2020 SUSE LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package devices - -import ( - "bufio" - "bytes" - "reflect" - "strings" - "testing" - - devices "github.com/opencontainers/runc/libcontainer/cgroups/devices/config" -) - -func TestDeviceEmulatorLoad(t *testing.T) { - tests := []struct { - name, list string - expected *emulator - }{ - { - name: "BlacklistMode", - list: `a *:* rwm`, - expected: &emulator{ - defaultAllow: true, - }, - }, - { - name: "WhitelistBasic", - list: `c 4:2 rw`, - expected: &emulator{ - defaultAllow: false, - rules: deviceRules{ - { - node: devices.CharDevice, - major: 4, - minor: 2, - }: devices.Permissions("rw"), - }, - }, - }, - { - name: "WhitelistWildcard", - list: `b 0:* m`, - expected: &emulator{ - defaultAllow: false, - rules: deviceRules{ - { - node: devices.BlockDevice, - major: 0, - minor: devices.Wildcard, - }: devices.Permissions("m"), - }, - }, - }, - { - name: "WhitelistDuplicate", - list: `c *:* rwm -c 1:1 r`, - expected: &emulator{ - defaultAllow: false, - rules: deviceRules{ - { - node: devices.CharDevice, - major: devices.Wildcard, - minor: devices.Wildcard, - }: devices.Permissions("rwm"), - // To match the kernel, we allow redundant rules. - { - node: devices.CharDevice, - major: 1, - minor: 1, - }: devices.Permissions("r"), - }, - }, - }, - { - name: "WhitelistComplicated", - list: `c *:* m -b *:* m -c 1:3 rwm -c 1:5 rwm -c 1:7 rwm -c 1:8 rwm -c 1:9 rwm -c 5:0 rwm -c 5:2 rwm -c 136:* rwm -c 10:200 rwm`, - expected: &emulator{ - defaultAllow: false, - rules: deviceRules{ - { - node: devices.CharDevice, - major: devices.Wildcard, - minor: devices.Wildcard, - }: devices.Permissions("m"), - { - node: devices.BlockDevice, - major: devices.Wildcard, - minor: devices.Wildcard, - }: devices.Permissions("m"), - { - node: devices.CharDevice, - major: 1, - minor: 3, - }: devices.Permissions("rwm"), - { - node: devices.CharDevice, - major: 1, - minor: 5, - }: devices.Permissions("rwm"), - { - node: devices.CharDevice, - major: 1, - minor: 7, - }: devices.Permissions("rwm"), - { - node: devices.CharDevice, - major: 1, - minor: 8, - }: devices.Permissions("rwm"), - { - node: devices.CharDevice, - major: 1, - minor: 9, - }: devices.Permissions("rwm"), - { - node: devices.CharDevice, - major: 5, - minor: 0, - }: devices.Permissions("rwm"), - { - node: devices.CharDevice, - major: 5, - minor: 2, - }: devices.Permissions("rwm"), - { - node: devices.CharDevice, - major: 136, - minor: devices.Wildcard, - }: devices.Permissions("rwm"), - { - node: devices.CharDevice, - major: 10, - minor: 200, - }: devices.Permissions("rwm"), - }, - }, - }, - // Some invalid lists. - { - name: "InvalidFieldNumber", - list: `b 1:0`, - expected: nil, - }, - { - name: "InvalidDeviceType", - list: `p *:* rwm`, - expected: nil, - }, - { - name: "InvalidMajorNumber1", - list: `p -1:3 rwm`, - expected: nil, - }, - { - name: "InvalidMajorNumber2", - list: `c foo:27 rwm`, - expected: nil, - }, - { - name: "InvalidMinorNumber1", - list: `b 1:-4 rwm`, - expected: nil, - }, - { - name: "InvalidMinorNumber2", - list: `b 1:foo rwm`, - expected: nil, - }, - { - name: "InvalidPermissions", - list: `b 1:7 rwk`, - expected: nil, - }, - } - - for _, test := range tests { - test := test // capture range variable - t.Run(test.name, func(t *testing.T) { - list := bytes.NewBufferString(test.list) - emu, err := emulatorFromList(list) - if err != nil && test.expected != nil { - t.Fatalf("unexpected failure when creating emulator: %v", err) - } else if err == nil && test.expected == nil { - t.Fatalf("unexpected success when creating emulator: %#v", emu) - } - - if !reflect.DeepEqual(emu, test.expected) { - t.Errorf("final emulator state mismatch: %#v != %#v", emu, test.expected) - } - }) - } -} - -func testDeviceEmulatorApply(t *testing.T, baseDefaultAllow bool) { - tests := []struct { - name string - rule devices.Rule - base, expected *emulator - }{ - // Switch between default modes. - { - name: "SwitchToOtherMode", - rule: devices.Rule{ - Type: devices.WildcardDevice, - Major: devices.Wildcard, - Minor: devices.Wildcard, - Permissions: devices.Permissions("rwm"), - Allow: !baseDefaultAllow, - }, - base: &emulator{ - defaultAllow: baseDefaultAllow, - rules: deviceRules{ - { - node: devices.CharDevice, - major: devices.Wildcard, - minor: devices.Wildcard, - }: devices.Permissions("rwm"), - { - node: devices.CharDevice, - major: 1, - minor: 1, - }: devices.Permissions("r"), - }, - }, - expected: &emulator{ - defaultAllow: !baseDefaultAllow, - rules: nil, - }, - }, - { - name: "SwitchToSameModeNoop", - rule: devices.Rule{ - Type: devices.WildcardDevice, - Major: devices.Wildcard, - Minor: devices.Wildcard, - Permissions: devices.Permissions("rwm"), - Allow: baseDefaultAllow, - }, - base: &emulator{ - defaultAllow: baseDefaultAllow, - rules: nil, - }, - expected: &emulator{ - defaultAllow: baseDefaultAllow, - rules: nil, - }, - }, - { - name: "SwitchToSameMode", - rule: devices.Rule{ - Type: devices.WildcardDevice, - Major: devices.Wildcard, - Minor: devices.Wildcard, - Permissions: devices.Permissions("rwm"), - Allow: baseDefaultAllow, - }, - base: &emulator{ - defaultAllow: baseDefaultAllow, - rules: deviceRules{ - { - node: devices.CharDevice, - major: devices.Wildcard, - minor: devices.Wildcard, - }: devices.Permissions("rwm"), - { - node: devices.CharDevice, - major: 1, - minor: 1, - }: devices.Permissions("r"), - }, - }, - expected: &emulator{ - defaultAllow: baseDefaultAllow, - rules: nil, - }, - }, - // Rule addition logic. - { - name: "RuleAdditionBasic", - rule: devices.Rule{ - Type: devices.CharDevice, - Major: 42, - Minor: 1337, - Permissions: devices.Permissions("rm"), - Allow: !baseDefaultAllow, - }, - base: &emulator{ - defaultAllow: baseDefaultAllow, - rules: deviceRules{ - { - node: devices.CharDevice, - major: 2, - minor: 1, - }: devices.Permissions("rwm"), - { - node: devices.BlockDevice, - major: 1, - minor: 5, - }: devices.Permissions("r"), - }, - }, - expected: &emulator{ - defaultAllow: baseDefaultAllow, - rules: deviceRules{ - { - node: devices.CharDevice, - major: 2, - minor: 1, - }: devices.Permissions("rwm"), - { - node: devices.BlockDevice, - major: 1, - minor: 5, - }: devices.Permissions("r"), - { - node: devices.CharDevice, - major: 42, - minor: 1337, - }: devices.Permissions("rm"), - }, - }, - }, - { - name: "RuleAdditionBasicDuplicate", - rule: devices.Rule{ - Type: devices.CharDevice, - Major: 42, - Minor: 1337, - Permissions: devices.Permissions("rm"), - Allow: !baseDefaultAllow, - }, - base: &emulator{ - defaultAllow: baseDefaultAllow, - rules: deviceRules{ - { - node: devices.CharDevice, - major: 42, - minor: devices.Wildcard, - }: devices.Permissions("rwm"), - }, - }, - expected: &emulator{ - defaultAllow: baseDefaultAllow, - rules: deviceRules{ - { - node: devices.CharDevice, - major: 42, - minor: devices.Wildcard, - }: devices.Permissions("rwm"), - // To match the kernel, we allow redundant rules. - { - node: devices.CharDevice, - major: 42, - minor: 1337, - }: devices.Permissions("rm"), - }, - }, - }, - { - name: "RuleAdditionBasicDuplicateNoop", - rule: devices.Rule{ - Type: devices.CharDevice, - Major: 42, - Minor: 1337, - Permissions: devices.Permissions("rm"), - Allow: !baseDefaultAllow, - }, - base: &emulator{ - defaultAllow: baseDefaultAllow, - rules: deviceRules{ - { - node: devices.CharDevice, - major: 42, - minor: 1337, - }: devices.Permissions("rm"), - }, - }, - expected: &emulator{ - defaultAllow: baseDefaultAllow, - rules: deviceRules{ - { - node: devices.CharDevice, - major: 42, - minor: 1337, - }: devices.Permissions("rm"), - }, - }, - }, - { - name: "RuleAdditionMerge", - rule: devices.Rule{ - Type: devices.BlockDevice, - Major: 5, - Minor: 12, - Permissions: devices.Permissions("rm"), - Allow: !baseDefaultAllow, - }, - base: &emulator{ - defaultAllow: baseDefaultAllow, - rules: deviceRules{ - { - node: devices.CharDevice, - major: 2, - minor: 1, - }: devices.Permissions("rwm"), - { - node: devices.BlockDevice, - major: 5, - minor: 12, - }: devices.Permissions("rw"), - }, - }, - expected: &emulator{ - defaultAllow: baseDefaultAllow, - rules: deviceRules{ - { - node: devices.CharDevice, - major: 2, - minor: 1, - }: devices.Permissions("rwm"), - { - node: devices.BlockDevice, - major: 5, - minor: 12, - }: devices.Permissions("rwm"), - }, - }, - }, - { - name: "RuleAdditionMergeWildcard", - rule: devices.Rule{ - Type: devices.BlockDevice, - Major: 5, - Minor: devices.Wildcard, - Permissions: devices.Permissions("rm"), - Allow: !baseDefaultAllow, - }, - base: &emulator{ - defaultAllow: baseDefaultAllow, - rules: deviceRules{ - { - node: devices.CharDevice, - major: 2, - minor: 1, - }: devices.Permissions("rwm"), - { - node: devices.BlockDevice, - major: 5, - minor: devices.Wildcard, - }: devices.Permissions("rw"), - }, - }, - expected: &emulator{ - defaultAllow: baseDefaultAllow, - rules: deviceRules{ - { - node: devices.CharDevice, - major: 2, - minor: 1, - }: devices.Permissions("rwm"), - { - node: devices.BlockDevice, - major: 5, - minor: devices.Wildcard, - }: devices.Permissions("rwm"), - }, - }, - }, - { - name: "RuleAdditionMergeNoop", - rule: devices.Rule{ - Type: devices.BlockDevice, - Major: 5, - Minor: 12, - Permissions: devices.Permissions("r"), - Allow: !baseDefaultAllow, - }, - base: &emulator{ - defaultAllow: baseDefaultAllow, - rules: deviceRules{ - { - node: devices.CharDevice, - major: 2, - minor: 1, - }: devices.Permissions("rwm"), - { - node: devices.BlockDevice, - major: 5, - minor: 12, - }: devices.Permissions("rw"), - }, - }, - expected: &emulator{ - defaultAllow: baseDefaultAllow, - rules: deviceRules{ - { - node: devices.CharDevice, - major: 2, - minor: 1, - }: devices.Permissions("rwm"), - { - node: devices.BlockDevice, - major: 5, - minor: 12, - }: devices.Permissions("rw"), - }, - }, - }, - // Rule removal logic. - { - name: "RuleRemovalBasic", - rule: devices.Rule{ - Type: devices.CharDevice, - Major: 42, - Minor: 1337, - Permissions: devices.Permissions("rm"), - Allow: baseDefaultAllow, - }, - base: &emulator{ - defaultAllow: baseDefaultAllow, - rules: deviceRules{ - { - node: devices.CharDevice, - major: 42, - minor: 1337, - }: devices.Permissions("rm"), - { - node: devices.BlockDevice, - major: 1, - minor: 5, - }: devices.Permissions("r"), - }, - }, - expected: &emulator{ - defaultAllow: baseDefaultAllow, - rules: deviceRules{ - { - node: devices.BlockDevice, - major: 1, - minor: 5, - }: devices.Permissions("r"), - }, - }, - }, - { - name: "RuleRemovalNonexistent", - rule: devices.Rule{ - Type: devices.CharDevice, - Major: 4, - Minor: 1, - Permissions: devices.Permissions("rw"), - Allow: baseDefaultAllow, - }, - base: &emulator{ - defaultAllow: baseDefaultAllow, - rules: deviceRules{ - { - node: devices.BlockDevice, - major: 1, - minor: 5, - }: devices.Permissions("r"), - }, - }, - expected: &emulator{ - defaultAllow: baseDefaultAllow, - rules: deviceRules{ - { - node: devices.BlockDevice, - major: 1, - minor: 5, - }: devices.Permissions("r"), - }, - }, - }, - { - name: "RuleRemovalFull", - rule: devices.Rule{ - Type: devices.CharDevice, - Major: 42, - Minor: 1337, - Permissions: devices.Permissions("rw"), - Allow: baseDefaultAllow, - }, - base: &emulator{ - defaultAllow: baseDefaultAllow, - rules: deviceRules{ - { - node: devices.CharDevice, - major: 42, - minor: 1337, - }: devices.Permissions("w"), - { - node: devices.BlockDevice, - major: 1, - minor: 5, - }: devices.Permissions("r"), - }, - }, - expected: &emulator{ - defaultAllow: baseDefaultAllow, - rules: deviceRules{ - { - node: devices.BlockDevice, - major: 1, - minor: 5, - }: devices.Permissions("r"), - }, - }, - }, - { - name: "RuleRemovalPartial", - rule: devices.Rule{ - Type: devices.CharDevice, - Major: 42, - Minor: 1337, - Permissions: devices.Permissions("r"), - Allow: baseDefaultAllow, - }, - base: &emulator{ - defaultAllow: baseDefaultAllow, - rules: deviceRules{ - { - node: devices.CharDevice, - major: 42, - minor: 1337, - }: devices.Permissions("rm"), - { - node: devices.BlockDevice, - major: 1, - minor: 5, - }: devices.Permissions("r"), - }, - }, - expected: &emulator{ - defaultAllow: baseDefaultAllow, - rules: deviceRules{ - { - node: devices.CharDevice, - major: 42, - minor: 1337, - }: devices.Permissions("m"), - { - node: devices.BlockDevice, - major: 1, - minor: 5, - }: devices.Permissions("r"), - }, - }, - }, - // Check our non-canonical behaviour when it comes to try to "punch - // out" holes in a wildcard rule. - { - name: "RuleRemovalWildcardPunchoutImpossible", - rule: devices.Rule{ - Type: devices.CharDevice, - Major: 42, - Minor: 1337, - Permissions: devices.Permissions("r"), - Allow: baseDefaultAllow, - }, - base: &emulator{ - defaultAllow: baseDefaultAllow, - rules: deviceRules{ - { - node: devices.CharDevice, - major: 42, - minor: devices.Wildcard, - }: devices.Permissions("rm"), - { - node: devices.CharDevice, - major: 42, - minor: 1337, - }: devices.Permissions("r"), - }, - }, - expected: nil, - }, - { - name: "RuleRemovalWildcardPunchoutPossible", - rule: devices.Rule{ - Type: devices.CharDevice, - Major: 42, - Minor: 1337, - Permissions: devices.Permissions("r"), - Allow: baseDefaultAllow, - }, - base: &emulator{ - defaultAllow: baseDefaultAllow, - rules: deviceRules{ - { - node: devices.CharDevice, - major: 42, - minor: devices.Wildcard, - }: devices.Permissions("wm"), - { - node: devices.CharDevice, - major: 42, - minor: 1337, - }: devices.Permissions("r"), - }, - }, - expected: &emulator{ - defaultAllow: baseDefaultAllow, - rules: deviceRules{ - { - node: devices.CharDevice, - major: 42, - minor: devices.Wildcard, - }: devices.Permissions("wm"), - }, - }, - }, - } - - for _, test := range tests { - test := test - t.Run(test.name, func(t *testing.T) { - err := test.base.Apply(test.rule) - if err != nil && test.expected != nil { - t.Fatalf("unexpected failure when applying apply rule: %v", err) - } else if err == nil && test.expected == nil { - t.Fatalf("unexpected success when applying apply rule: %#v", test.base) - } - - if test.expected != nil && !reflect.DeepEqual(test.base, test.expected) { - t.Errorf("final emulator state mismatch: %#v != %#v", test.base, test.expected) - } - }) - } -} - -func TestDeviceEmulatorWhitelistApply(t *testing.T) { - testDeviceEmulatorApply(t, false) -} - -func TestDeviceEmulatorBlacklistApply(t *testing.T) { - testDeviceEmulatorApply(t, true) -} - -func testDeviceEmulatorTransition(t *testing.T, sourceDefaultAllow bool) { - tests := []struct { - name string - source, target *emulator - expected []*devices.Rule - }{ - // No-op changes. - { - name: "Noop", - source: &emulator{ - defaultAllow: sourceDefaultAllow, - rules: deviceRules{ - { - node: devices.CharDevice, - major: 42, - minor: devices.Wildcard, - }: devices.Permissions("wm"), - }, - }, - target: &emulator{ - defaultAllow: sourceDefaultAllow, - rules: deviceRules{ - { - node: devices.CharDevice, - major: 42, - minor: devices.Wildcard, - }: devices.Permissions("wm"), - }, - }, - // Identical white-lists produce no extra rules. - expected: nil, - }, - // Switching modes. - { - name: "SwitchToOtherMode", - source: &emulator{ - defaultAllow: sourceDefaultAllow, - rules: deviceRules{ - { - node: devices.CharDevice, - major: 1, - minor: 2, - }: devices.Permissions("rwm"), - }, - }, - target: &emulator{ - defaultAllow: !sourceDefaultAllow, - rules: deviceRules{ - { - node: devices.BlockDevice, - major: 42, - minor: devices.Wildcard, - }: devices.Permissions("wm"), - }, - }, - expected: []*devices.Rule{ - // Clear-all rule. - { - Type: devices.WildcardDevice, - Major: devices.Wildcard, - Minor: devices.Wildcard, - Permissions: devices.Permissions("rwm"), - Allow: !sourceDefaultAllow, - }, - // The actual rule-set. - { - Type: devices.BlockDevice, - Major: 42, - Minor: devices.Wildcard, - Permissions: devices.Permissions("wm"), - Allow: sourceDefaultAllow, - }, - }, - }, - // Rule changes. - { - name: "RuleAddition", - source: &emulator{ - defaultAllow: sourceDefaultAllow, - rules: deviceRules{ - { - node: devices.CharDevice, - major: 1, - minor: 2, - }: devices.Permissions("rwm"), - }, - }, - target: &emulator{ - defaultAllow: sourceDefaultAllow, - rules: deviceRules{ - { - node: devices.CharDevice, - major: 1, - minor: 2, - }: devices.Permissions("rwm"), - { - node: devices.BlockDevice, - major: 42, - minor: 1337, - }: devices.Permissions("rwm"), - }, - }, - expected: []*devices.Rule{ - { - Type: devices.BlockDevice, - Major: 42, - Minor: 1337, - Permissions: devices.Permissions("rwm"), - Allow: !sourceDefaultAllow, - }, - }, - }, - { - name: "RuleRemoval", - source: &emulator{ - defaultAllow: sourceDefaultAllow, - rules: deviceRules{ - { - node: devices.CharDevice, - major: 1, - minor: 2, - }: devices.Permissions("rwm"), - { - node: devices.BlockDevice, - major: 42, - minor: 1337, - }: devices.Permissions("rwm"), - }, - }, - target: &emulator{ - defaultAllow: sourceDefaultAllow, - rules: deviceRules{ - { - node: devices.CharDevice, - major: 1, - minor: 2, - }: devices.Permissions("rwm"), - }, - }, - expected: []*devices.Rule{ - { - Type: devices.BlockDevice, - Major: 42, - Minor: 1337, - Permissions: devices.Permissions("rwm"), - Allow: sourceDefaultAllow, - }, - }, - }, - { - name: "RuleMultipleAdditionRemoval", - source: &emulator{ - defaultAllow: sourceDefaultAllow, - rules: deviceRules{ - { - node: devices.CharDevice, - major: 1, - minor: 2, - }: devices.Permissions("rwm"), - { - node: devices.BlockDevice, - major: 3, - minor: 9, - }: devices.Permissions("rw"), - }, - }, - target: &emulator{ - defaultAllow: sourceDefaultAllow, - rules: deviceRules{ - { - node: devices.CharDevice, - major: 1, - minor: 2, - }: devices.Permissions("rwm"), - }, - }, - expected: []*devices.Rule{ - { - Type: devices.BlockDevice, - Major: 3, - Minor: 9, - Permissions: devices.Permissions("rw"), - Allow: sourceDefaultAllow, - }, - }, - }, - // Modifying the access permissions. - { - name: "RulePartialAddition", - source: &emulator{ - defaultAllow: sourceDefaultAllow, - rules: deviceRules{ - { - node: devices.CharDevice, - major: 1, - minor: 2, - }: devices.Permissions("r"), - }, - }, - target: &emulator{ - defaultAllow: sourceDefaultAllow, - rules: deviceRules{ - { - node: devices.CharDevice, - major: 1, - minor: 2, - }: devices.Permissions("rwm"), - }, - }, - expected: []*devices.Rule{ - { - Type: devices.CharDevice, - Major: 1, - Minor: 2, - Permissions: devices.Permissions("wm"), - Allow: !sourceDefaultAllow, - }, - }, - }, - { - name: "RulePartialRemoval", - source: &emulator{ - defaultAllow: sourceDefaultAllow, - rules: deviceRules{ - { - node: devices.CharDevice, - major: 1, - minor: 2, - }: devices.Permissions("rw"), - }, - }, - target: &emulator{ - defaultAllow: sourceDefaultAllow, - rules: deviceRules{ - { - node: devices.CharDevice, - major: 1, - minor: 2, - }: devices.Permissions("w"), - }, - }, - expected: []*devices.Rule{ - { - Type: devices.CharDevice, - Major: 1, - Minor: 2, - Permissions: devices.Permissions("r"), - Allow: sourceDefaultAllow, - }, - }, - }, - { - name: "RulePartialBoth", - source: &emulator{ - defaultAllow: sourceDefaultAllow, - rules: deviceRules{ - { - node: devices.CharDevice, - major: 1, - minor: 2, - }: devices.Permissions("rw"), - }, - }, - target: &emulator{ - defaultAllow: sourceDefaultAllow, - rules: deviceRules{ - { - node: devices.CharDevice, - major: 1, - minor: 2, - }: devices.Permissions("rm"), - }, - }, - expected: []*devices.Rule{ - { - Type: devices.CharDevice, - Major: 1, - Minor: 2, - Permissions: devices.Permissions("w"), - Allow: sourceDefaultAllow, - }, - { - Type: devices.CharDevice, - Major: 1, - Minor: 2, - Permissions: devices.Permissions("m"), - Allow: !sourceDefaultAllow, - }, - }, - }, - } - - for _, test := range tests { - test := test - t.Run(test.name, func(t *testing.T) { - // If we are in black-list mode, we need to prepend the relevant - // clear-all rule (the expected rule lists are written with - // white-list mode in mind), and then make a full copy of the - // target rules. - if sourceDefaultAllow && test.source.defaultAllow == test.target.defaultAllow { - test.expected = []*devices.Rule{{ - Type: devices.WildcardDevice, - Major: devices.Wildcard, - Minor: devices.Wildcard, - Permissions: devices.Permissions("rwm"), - Allow: test.target.defaultAllow, - }} - for _, rule := range test.target.rules.orderedEntries() { - test.expected = append(test.expected, &devices.Rule{ - Type: rule.meta.node, - Major: rule.meta.major, - Minor: rule.meta.minor, - Permissions: rule.perms, - Allow: !test.target.defaultAllow, - }) - } - } - - rules, err := test.source.Transition(test.target) - if err != nil { - t.Fatalf("unexpected error while calculating transition rules: %#v", err) - } - - if !reflect.DeepEqual(rules, test.expected) { - t.Errorf("rules don't match expected set: %#v != %#v", rules, test.expected) - } - - // Apply the rules to the source to see if it actually transitions - // correctly. This is all emulated but it's a good thing to - // double-check. - for _, rule := range rules { - if err := test.source.Apply(*rule); err != nil { - t.Fatalf("error while applying transition rule [%#v]: %v", rule, err) - } - } - if !reflect.DeepEqual(test.source, test.target) { - t.Errorf("transition incomplete after applying all rules: %#v != %#v", test.source, test.target) - } - }) - } -} - -func TestDeviceEmulatorTransitionFromBlacklist(t *testing.T) { - testDeviceEmulatorTransition(t, true) -} - -func TestDeviceEmulatorTransitionFromWhitelist(t *testing.T) { - testDeviceEmulatorTransition(t, false) -} - -func BenchmarkParseLine(b *testing.B) { - list := `c *:* m -b *:* m -c 1:3 rwm -c 1:5 rwm -c 1:7 rwm -c 1:8 rwm -c 1:9 rwm -c 5:0 rwm -c 5:2 rwm -c 136:* rwm -c 10:200 rwm` - - var r *deviceRule - var err error - for i := 0; i < b.N; i++ { - s := bufio.NewScanner(strings.NewReader(list)) - for s.Scan() { - line := s.Text() - r, err = parseLine(line) - } - if err := s.Err(); err != nil { - b.Fatal(err) - } - } - b.Logf("rule: %v, err: %v", r, err) -} diff --git a/libcontainer/cgroups/devices/systemd_test.go b/libcontainer/cgroups/devices/systemd_test.go deleted file mode 100644 index 0b3e3d4e2b8..00000000000 --- a/libcontainer/cgroups/devices/systemd_test.go +++ /dev/null @@ -1,279 +0,0 @@ -package devices - -import ( - "bytes" - "fmt" - "os" - "os/exec" - "strings" - "testing" - - "github.com/opencontainers/runc/libcontainer/cgroups" - devices "github.com/opencontainers/runc/libcontainer/cgroups/devices/config" - "github.com/opencontainers/runc/libcontainer/cgroups/systemd" -) - -// TestPodSkipDevicesUpdate checks that updating a pod having SkipDevices: true -// does not result in spurious "permission denied" errors in a container -// running under the pod. The test is somewhat similar in nature to the -// @test "update devices [minimal transition rules]" in tests/integration, -// but uses a pod. -func TestPodSkipDevicesUpdate(t *testing.T) { - if !systemd.IsRunningSystemd() { - t.Skip("Test requires systemd.") - } - if os.Geteuid() != 0 { - t.Skip("Test requires root.") - } - - podName := "system-runc_test_pod" + t.Name() + ".slice" - podConfig := &cgroups.Cgroup{ - Systemd: true, - Parent: "system.slice", - Name: podName, - Resources: &cgroups.Resources{ - PidsLimit: 42, - Memory: 32 * 1024 * 1024, - SkipDevices: true, - }, - } - // Create "pod" cgroup (a systemd slice to hold containers). - pm := newManager(t, podConfig) - if err := pm.Apply(-1); err != nil { - t.Fatal(err) - } - if err := pm.Set(podConfig.Resources); err != nil { - t.Fatal(err) - } - - containerConfig := &cgroups.Cgroup{ - Parent: podName, - ScopePrefix: "test", - Name: "PodSkipDevicesUpdate", - Resources: &cgroups.Resources{ - Devices: []*devices.Rule{ - // Allow access to /dev/null. - { - Type: devices.CharDevice, - Major: 1, - Minor: 3, - Permissions: "rwm", - Allow: true, - }, - }, - }, - } - - // Create a "container" within the "pod" cgroup. - // This is not a real container, just a process in the cgroup. - cmd := exec.Command("sleep", "infinity") - cmd.Env = append(os.Environ(), "LANG=C") - var stderr bytes.Buffer - cmd.Stderr = &stderr - if err := cmd.Start(); err != nil { - t.Fatal(err) - } - // Make sure to not leave a zombie. - defer func() { - // These may fail, we don't care. - _ = cmd.Process.Kill() - _ = cmd.Wait() - }() - - // Put the process into a cgroup. - cm := newManager(t, containerConfig) - if err := cm.Apply(cmd.Process.Pid); err != nil { - t.Fatal(err) - } - // Check that we put the "container" into the "pod" cgroup. - if !strings.HasPrefix(cm.Path("devices"), pm.Path("devices")) { - t.Fatalf("expected container cgroup path %q to be under pod cgroup path %q", - cm.Path("devices"), pm.Path("devices")) - } - if err := cm.Set(containerConfig.Resources); err != nil { - t.Fatal(err) - } - - // Now update the pod a few times. - for i := 0; i < 42; i++ { - podConfig.Resources.PidsLimit++ - podConfig.Resources.Memory += 1024 * 1024 - if err := pm.Set(podConfig.Resources); err != nil { - t.Fatal(err) - } - } - // Kill the "container". - if err := cmd.Process.Kill(); err != nil { - t.Fatal(err) - } - - _ = cmd.Wait() - - // "Container" stderr should be empty. - if stderr.Len() != 0 { - t.Fatalf("container stderr not empty: %s", stderr.String()) - } -} - -func testSkipDevices(t *testing.T, skipDevices bool, expected []string) { - if !systemd.IsRunningSystemd() { - t.Skip("Test requires systemd.") - } - if os.Geteuid() != 0 { - t.Skip("Test requires root.") - } - - podConfig := &cgroups.Cgroup{ - Parent: "system.slice", - Name: "system-runc_test_pods.slice", - Resources: &cgroups.Resources{ - SkipDevices: skipDevices, - }, - } - // Create "pods" cgroup (a systemd slice to hold containers). - pm := newManager(t, podConfig) - if err := pm.Apply(-1); err != nil { - t.Fatal(err) - } - if err := pm.Set(podConfig.Resources); err != nil { - t.Fatal(err) - } - - config := &cgroups.Cgroup{ - Parent: "system-runc_test_pods.slice", - ScopePrefix: "test", - Name: "SkipDevices", - Resources: &cgroups.Resources{ - Devices: []*devices.Rule{ - // Allow access to /dev/full only. - { - Type: devices.CharDevice, - Major: 1, - Minor: 7, - Permissions: "rwm", - Allow: true, - }, - }, - }, - } - - // Create a "container" within the "pods" cgroup. - // This is not a real container, just a process in the cgroup. - cmd := exec.Command("bash", "-c", "read; echo > /dev/full; cat /dev/null; true") - cmd.Env = append(os.Environ(), "LANG=C") - stdinR, stdinW, err := os.Pipe() - if err != nil { - t.Fatal(err) - } - cmd.Stdin = stdinR - var stderr bytes.Buffer - cmd.Stderr = &stderr - err = cmd.Start() - stdinR.Close() - defer stdinW.Close() - if err != nil { - t.Fatal(err) - } - // Make sure to not leave a zombie. - defer func() { - // These may fail, we don't care. - _, _ = stdinW.WriteString("hey\n") - _ = cmd.Wait() - }() - - // Put the process into a cgroup. - m := newManager(t, config) - if err := m.Apply(cmd.Process.Pid); err != nil { - t.Fatal(err) - } - // Check that we put the "container" into the "pod" cgroup. - if !strings.HasPrefix(m.Path("devices"), pm.Path("devices")) { - t.Fatalf("expected container cgroup path %q to be under pod cgroup path %q", - m.Path("devices"), pm.Path("devices")) - } - if err := m.Set(config.Resources); err != nil { - // failed to write "c 1:7 rwm": write /sys/fs/cgroup/devices/system.slice/system-runc_test_pods.slice/test-SkipDevices.scope/devices.allow: operation not permitted - if skipDevices == false && strings.HasSuffix(err.Error(), "/devices.allow: operation not permitted") { - // Cgroup v1 devices controller gives EPERM on trying - // to enable devices that are not enabled - // (skipDevices=false) in a parent cgroup. - // If this happens, test is passing. - return - } - t.Fatal(err) - } - - // Check that we can access /dev/full but not /dev/zero. - if _, err := stdinW.WriteString("wow\n"); err != nil { - t.Fatal(err) - } - if err := cmd.Wait(); err != nil { - t.Fatal(err) - } - for _, exp := range expected { - if !strings.Contains(stderr.String(), exp) { - t.Errorf("expected %q, got: %s", exp, stderr.String()) - } - } -} - -func TestSkipDevicesTrue(t *testing.T) { - testSkipDevices(t, true, []string{ - "echo: write error: No space left on device", - "cat: /dev/null: Operation not permitted", - }) -} - -func TestSkipDevicesFalse(t *testing.T) { - // If SkipDevices is not set for the parent slice, access to both - // devices should fail. This is done to assess the test correctness. - // For cgroup v1, we check for m.Set returning EPERM. - // For cgroup v2, we check for the errors below. - testSkipDevices(t, false, []string{ - "/dev/full: Operation not permitted", - "cat: /dev/null: Operation not permitted", - }) -} - -func testFindDeviceGroup() error { - const ( - major = 136 - group = "char-pts" - ) - res, err := findDeviceGroup(devices.CharDevice, major) - if res != group || err != nil { - return fmt.Errorf("expected %v, nil, got %v, %w", group, res, err) - } - return nil -} - -func TestFindDeviceGroup(t *testing.T) { - if err := testFindDeviceGroup(); err != nil { - t.Fatal(err) - } -} - -func BenchmarkFindDeviceGroup(b *testing.B) { - for i := 0; i < b.N; i++ { - if err := testFindDeviceGroup(); err != nil { - b.Fatal(err) - } - } -} - -func newManager(t *testing.T, config *cgroups.Cgroup) (m cgroups.Manager) { - t.Helper() - var err error - - if cgroups.IsCgroup2UnifiedMode() { - m, err = systemd.NewUnifiedManager(config, "") - } else { - m, err = systemd.NewLegacyManager(config, nil) - } - if err != nil { - t.Fatal(err) - } - t.Cleanup(func() { _ = m.Destroy() }) - - return m -} diff --git a/libcontainer/cgroups/devices/v1_test.go b/libcontainer/cgroups/devices/v1_test.go deleted file mode 100644 index 5781169bef9..00000000000 --- a/libcontainer/cgroups/devices/v1_test.go +++ /dev/null @@ -1,68 +0,0 @@ -package devices - -import ( - "os" - "path" - "testing" - - "github.com/moby/sys/userns" - - "github.com/opencontainers/runc/libcontainer/cgroups" - devices "github.com/opencontainers/runc/libcontainer/cgroups/devices/config" - "github.com/opencontainers/runc/libcontainer/cgroups/fscommon" -) - -func init() { - testingSkipFinalCheck = true - cgroups.TestMode = true -} - -func TestSetV1Allow(t *testing.T) { - if userns.RunningInUserNS() { - t.Skip("userns detected; setV1 does nothing") - } - dir := t.TempDir() - - for file, contents := range map[string]string{ - "devices.allow": "", - "devices.deny": "", - "devices.list": "a *:* rwm", - } { - err := os.WriteFile(path.Join(dir, file), []byte(contents), 0o600) - if err != nil { - t.Fatal(err) - } - } - - r := &cgroups.Resources{ - Devices: []*devices.Rule{ - { - Type: devices.CharDevice, - Major: 1, - Minor: 5, - Permissions: devices.Permissions("rwm"), - Allow: true, - }, - }, - } - - if err := setV1(dir, r); err != nil { - t.Fatal(err) - } - - // The default deny rule must be written. - value, err := fscommon.GetCgroupParamString(dir, "devices.deny") - if err != nil { - t.Fatal(err) - } - if value[0] != 'a' { - t.Errorf("Got the wrong value (%q), set devices.deny failed.", value) - } - - // Permitted rule must be written. - if value, err := fscommon.GetCgroupParamString(dir, "devices.allow"); err != nil { - t.Fatal(err) - } else if value != "c 1:5 rwm" { - t.Errorf("Got the wrong value (%q), set devices.allow failed.", value) - } -} diff --git a/libcontainer/cgroups/file_test.go b/libcontainer/cgroups/file_test.go deleted file mode 100644 index 3a9fac32935..00000000000 --- a/libcontainer/cgroups/file_test.go +++ /dev/null @@ -1,93 +0,0 @@ -package cgroups - -import ( - "errors" - "fmt" - "os" - "path/filepath" - "strconv" - "testing" - "time" -) - -func TestWriteCgroupFileHandlesInterrupt(t *testing.T) { - const ( - memoryCgroupMount = "/sys/fs/cgroup/memory" - memoryLimit = "memory.limit_in_bytes" - ) - if _, err := os.Stat(memoryCgroupMount); err != nil { - // most probably cgroupv2 - t.Skip(err) - } - - cgroupName := fmt.Sprintf("test-eint-%d", time.Now().Nanosecond()) - cgroupPath := filepath.Join(memoryCgroupMount, cgroupName) - if err := os.MkdirAll(cgroupPath, 0o755); err != nil { - t.Fatal(err) - } - defer os.RemoveAll(cgroupPath) - - if _, err := os.Stat(filepath.Join(cgroupPath, memoryLimit)); err != nil { - // either cgroupv2, or memory controller is not available - t.Skip(err) - } - - for i := 0; i < 100000; i++ { - limit := 1024*1024 + i - if err := WriteFile(cgroupPath, memoryLimit, strconv.Itoa(limit)); err != nil { - t.Fatalf("Failed to write %d on attempt %d: %+v", limit, i, err) - } - } -} - -func TestOpenat2(t *testing.T) { - if !IsCgroup2UnifiedMode() { - // The reason is many test cases below test opening files from - // the top-level directory, where cgroup v1 has no files. - t.Skip("test requires cgroup v2") - } - - // Make sure we test openat2, not its fallback. - openFallback = func(_ string, _ int, _ os.FileMode) (*os.File, error) { - return nil, errors.New("fallback") - } - defer func() { openFallback = openAndCheck }() - - for _, tc := range []struct{ dir, file string }{ - {"/sys/fs/cgroup", "cgroup.controllers"}, - {"/sys/fs/cgroup", "/cgroup.controllers"}, - {"/sys/fs/cgroup/", "cgroup.controllers"}, - {"/sys/fs/cgroup/", "/cgroup.controllers"}, - {"/", "/sys/fs/cgroup/cgroup.controllers"}, - {"/", "sys/fs/cgroup/cgroup.controllers"}, - {"/sys/fs/cgroup/cgroup.controllers", ""}, - } { - fd, err := OpenFile(tc.dir, tc.file, os.O_RDONLY) - if err != nil { - t.Errorf("case %+v: %v", tc, err) - } - fd.Close() - } -} - -func BenchmarkWriteFile(b *testing.B) { - TestMode = true - defer func() { TestMode = false }() - - dir := b.TempDir() - tc := []string{ - "one", - "one\ntwo\nthree", - "10:200 foo=bar boo=far\n300:1200 something=other\ndefault 45000\n", - "\n\n\n\n\n\n\n\n", - } - - b.ResetTimer() - for i := 0; i < b.N; i++ { - for _, val := range tc { - if err := WriteFileByLine(dir, "file", val); err != nil { - b.Fatal(err) - } - } - } -} diff --git a/libcontainer/cgroups/fs/blkio_test.go b/libcontainer/cgroups/fs/blkio_test.go deleted file mode 100644 index 3e539656955..00000000000 --- a/libcontainer/cgroups/fs/blkio_test.go +++ /dev/null @@ -1,862 +0,0 @@ -package fs - -import ( - "strconv" - "testing" - - "github.com/opencontainers/runc/libcontainer/cgroups" - "github.com/opencontainers/runc/libcontainer/cgroups/fscommon" -) - -const ( - sectorsRecursiveContents = `8:0 1024` - sectorsRecursiveContentsBFQ = `8:0 2048` - serviceBytesRecursiveContents = `8:0 Read 100 -8:0 Write 200 -8:0 Sync 300 -8:0 Async 500 -8:0 Total 500 -Total 500` - - serviceBytesRecursiveContentsBFQ = `8:0 Read 1100 -8:0 Write 1200 -8:0 Sync 1300 -8:0 Async 1500 -8:0 Total 1500 -Total 1500` - servicedRecursiveContents = `8:0 Read 10 -8:0 Write 40 -8:0 Sync 20 -8:0 Async 30 -8:0 Total 50 -Total 50` - servicedRecursiveContentsBFQ = `8:0 Read 11 -8:0 Write 41 -8:0 Sync 21 -8:0 Async 31 -8:0 Total 51 -Total 51` - queuedRecursiveContents = `8:0 Read 1 -8:0 Write 4 -8:0 Sync 2 -8:0 Async 3 -8:0 Total 5 -Total 5` - queuedRecursiveContentsBFQ = `8:0 Read 2 -8:0 Write 3 -8:0 Sync 4 -8:0 Async 5 -8:0 Total 6 -Total 6` - serviceTimeRecursiveContents = `8:0 Read 173959 -8:0 Write 0 -8:0 Sync 0 -8:0 Async 173959 -8:0 Total 17395 -Total 17395` - serviceTimeRecursiveContentsBFQ = `8:0 Read 173959 -8:0 Write 0 -8:0 Sync 0 -8:0 Async 173 -8:0 Total 174 -Total 174` - waitTimeRecursiveContents = `8:0 Read 15571 -8:0 Write 0 -8:0 Sync 0 -8:0 Async 15571 -8:0 Total 15571` - waitTimeRecursiveContentsBFQ = `8:0 Read 1557 -8:0 Write 0 -8:0 Sync 0 -8:0 Async 1557 -8:0 Total 1557` - mergedRecursiveContents = `8:0 Read 5 -8:0 Write 10 -8:0 Sync 0 -8:0 Async 0 -8:0 Total 15 -Total 15` - mergedRecursiveContentsBFQ = `8:0 Read 51 -8:0 Write 101 -8:0 Sync 0 -8:0 Async 0 -8:0 Total 151 -Total 151` - timeRecursiveContents = `8:0 8` - timeRecursiveContentsBFQ = `8:0 16` - throttleServiceBytes = `8:0 Read 11030528 -8:0 Write 23 -8:0 Sync 42 -8:0 Async 11030528 -8:0 Total 11030528 -252:0 Read 11030528 -252:0 Write 23 -252:0 Sync 42 -252:0 Async 11030528 -252:0 Total 11030528 -Total 22061056` - throttleServiceBytesRecursive = `8:0 Read 110305281 -8:0 Write 231 -8:0 Sync 421 -8:0 Async 110305281 -8:0 Total 110305281 -252:0 Read 110305281 -252:0 Write 231 -252:0 Sync 421 -252:0 Async 110305281 -252:0 Total 110305281 -Total 220610561` - throttleServiced = `8:0 Read 164 -8:0 Write 23 -8:0 Sync 42 -8:0 Async 164 -8:0 Total 164 -252:0 Read 164 -252:0 Write 23 -252:0 Sync 42 -252:0 Async 164 -252:0 Total 164 -Total 328` - throttleServicedRecursive = `8:0 Read 1641 -8:0 Write 231 -8:0 Sync 421 -8:0 Async 1641 -8:0 Total 1641 -252:0 Read 1641 -252:0 Write 231 -252:0 Sync 421 -252:0 Async 1641 -252:0 Total 1641 -Total 3281` -) - -var blkioBFQDebugStatsTestFiles = map[string]string{ - "blkio.bfq.io_service_bytes_recursive": serviceBytesRecursiveContentsBFQ, - "blkio.bfq.io_serviced_recursive": servicedRecursiveContentsBFQ, - "blkio.bfq.io_queued_recursive": queuedRecursiveContentsBFQ, - "blkio.bfq.io_service_time_recursive": serviceTimeRecursiveContentsBFQ, - "blkio.bfq.io_wait_time_recursive": waitTimeRecursiveContentsBFQ, - "blkio.bfq.io_merged_recursive": mergedRecursiveContentsBFQ, - "blkio.bfq.time_recursive": timeRecursiveContentsBFQ, - "blkio.bfq.sectors_recursive": sectorsRecursiveContentsBFQ, -} - -var blkioBFQStatsTestFiles = map[string]string{ - "blkio.bfq.io_service_bytes_recursive": serviceBytesRecursiveContentsBFQ, - "blkio.bfq.io_serviced_recursive": servicedRecursiveContentsBFQ, -} - -var blkioCFQStatsTestFiles = map[string]string{ - "blkio.io_service_bytes_recursive": serviceBytesRecursiveContents, - "blkio.io_serviced_recursive": servicedRecursiveContents, - "blkio.io_queued_recursive": queuedRecursiveContents, - "blkio.io_service_time_recursive": serviceTimeRecursiveContents, - "blkio.io_wait_time_recursive": waitTimeRecursiveContents, - "blkio.io_merged_recursive": mergedRecursiveContents, - "blkio.time_recursive": timeRecursiveContents, - "blkio.sectors_recursive": sectorsRecursiveContents, -} - -type blkioStatFailureTestCase struct { - desc string - filename string -} - -func appendBlkioStatEntry(blkioStatEntries *[]cgroups.BlkioStatEntry, major, minor, value uint64, op string) { //nolint:unparam - *blkioStatEntries = append(*blkioStatEntries, cgroups.BlkioStatEntry{Major: major, Minor: minor, Value: value, Op: op}) -} - -func TestBlkioSetWeight(t *testing.T) { - const ( - weightBefore = 100 - weightAfter = 200 - ) - - for _, legacyIOScheduler := range []bool{false, true} { - // Populate cgroup - path := tempDir(t, "blkio") - weightFilename := "blkio.bfq.weight" - if legacyIOScheduler { - weightFilename = "blkio.weight" - } - writeFileContents(t, path, map[string]string{ - weightFilename: strconv.Itoa(weightBefore), - }) - // Apply new configuration - r := &cgroups.Resources{ - BlkioWeight: weightAfter, - } - blkio := &BlkioGroup{} - if err := blkio.Set(path, r); err != nil { - t.Fatal(err) - } - // Verify results - if weightFilename != blkio.weightFilename { - t.Fatalf("weight filename detection failed: expected %q, detected %q", weightFilename, blkio.weightFilename) - } - value, err := fscommon.GetCgroupParamUint(path, weightFilename) - if err != nil { - t.Fatal(err) - } - if value != weightAfter { - t.Fatalf("Got the wrong value, set %s failed.", weightFilename) - } - } -} - -func TestBlkioSetWeightDevice(t *testing.T) { - const ( - weightDeviceBefore = "8:0 400" - ) - - for _, legacyIOScheduler := range []bool{false, true} { - // Populate cgroup - path := tempDir(t, "blkio") - weightFilename := "blkio.bfq.weight" - weightDeviceFilename := "blkio.bfq.weight_device" - if legacyIOScheduler { - weightFilename = "blkio.weight" - weightDeviceFilename = "blkio.weight_device" - } - writeFileContents(t, path, map[string]string{ - weightFilename: "", - weightDeviceFilename: weightDeviceBefore, - }) - // Apply new configuration - wd := cgroups.NewWeightDevice(8, 0, 500, 0) - weightDeviceAfter := wd.WeightString() - r := &cgroups.Resources{ - BlkioWeightDevice: []*cgroups.WeightDevice{wd}, - } - blkio := &BlkioGroup{} - if err := blkio.Set(path, r); err != nil { - t.Fatal(err) - } - // Verify results - if weightDeviceFilename != blkio.weightDeviceFilename { - t.Fatalf("weight_device filename detection failed: expected %q, detected %q", weightDeviceFilename, blkio.weightDeviceFilename) - } - value, err := fscommon.GetCgroupParamString(path, weightDeviceFilename) - if err != nil { - t.Fatal(err) - } - if value != weightDeviceAfter { - t.Fatalf("Got the wrong value, set %s failed.", weightDeviceFilename) - } - } -} - -// regression #274 -func TestBlkioSetMultipleWeightDevice(t *testing.T) { - path := tempDir(t, "blkio") - - const ( - weightDeviceBefore = "8:0 400" - ) - - wd1 := cgroups.NewWeightDevice(8, 0, 500, 0) - wd2 := cgroups.NewWeightDevice(8, 16, 500, 0) - // we cannot actually set and check both because normal os.WriteFile - // when writing to cgroup file will overwrite the whole file content instead - // of updating it as the kernel is doing. Just check the second device - // is present will suffice for the test to ensure multiple writes are done. - weightDeviceAfter := wd2.WeightString() - - blkio := &BlkioGroup{} - blkio.detectWeightFilenames(path) - if blkio.weightDeviceFilename != "blkio.bfq.weight_device" { - t.Fatalf("when blkio controller is unavailable, expected to use \"blkio.bfq.weight_device\", tried to use %q", blkio.weightDeviceFilename) - } - writeFileContents(t, path, map[string]string{ - blkio.weightDeviceFilename: weightDeviceBefore, - }) - - r := &cgroups.Resources{ - BlkioWeightDevice: []*cgroups.WeightDevice{wd1, wd2}, - } - if err := blkio.Set(path, r); err != nil { - t.Fatal(err) - } - - value, err := fscommon.GetCgroupParamString(path, blkio.weightDeviceFilename) - if err != nil { - t.Fatal(err) - } - if value != weightDeviceAfter { - t.Fatalf("Got the wrong value, set %s failed.", blkio.weightDeviceFilename) - } -} - -func TestBlkioBFQDebugStats(t *testing.T) { - path := tempDir(t, "blkio") - writeFileContents(t, path, blkioBFQDebugStatsTestFiles) - blkio := &BlkioGroup{} - actualStats := *cgroups.NewStats() - err := blkio.GetStats(path, &actualStats) - if err != nil { - t.Fatal(err) - } - - expectedStats := cgroups.BlkioStats{} - appendBlkioStatEntry(&expectedStats.SectorsRecursive, 8, 0, 2048, "") - - appendBlkioStatEntry(&expectedStats.IoServiceBytesRecursive, 8, 0, 1100, "Read") - appendBlkioStatEntry(&expectedStats.IoServiceBytesRecursive, 8, 0, 1200, "Write") - appendBlkioStatEntry(&expectedStats.IoServiceBytesRecursive, 8, 0, 1300, "Sync") - appendBlkioStatEntry(&expectedStats.IoServiceBytesRecursive, 8, 0, 1500, "Async") - appendBlkioStatEntry(&expectedStats.IoServiceBytesRecursive, 8, 0, 1500, "Total") - - appendBlkioStatEntry(&expectedStats.IoServicedRecursive, 8, 0, 11, "Read") - appendBlkioStatEntry(&expectedStats.IoServicedRecursive, 8, 0, 41, "Write") - appendBlkioStatEntry(&expectedStats.IoServicedRecursive, 8, 0, 21, "Sync") - appendBlkioStatEntry(&expectedStats.IoServicedRecursive, 8, 0, 31, "Async") - appendBlkioStatEntry(&expectedStats.IoServicedRecursive, 8, 0, 51, "Total") - - appendBlkioStatEntry(&expectedStats.IoQueuedRecursive, 8, 0, 2, "Read") - appendBlkioStatEntry(&expectedStats.IoQueuedRecursive, 8, 0, 3, "Write") - appendBlkioStatEntry(&expectedStats.IoQueuedRecursive, 8, 0, 4, "Sync") - appendBlkioStatEntry(&expectedStats.IoQueuedRecursive, 8, 0, 5, "Async") - appendBlkioStatEntry(&expectedStats.IoQueuedRecursive, 8, 0, 6, "Total") - - appendBlkioStatEntry(&expectedStats.IoServiceTimeRecursive, 8, 0, 173959, "Read") - appendBlkioStatEntry(&expectedStats.IoServiceTimeRecursive, 8, 0, 0, "Write") - appendBlkioStatEntry(&expectedStats.IoServiceTimeRecursive, 8, 0, 0, "Sync") - appendBlkioStatEntry(&expectedStats.IoServiceTimeRecursive, 8, 0, 173, "Async") - appendBlkioStatEntry(&expectedStats.IoServiceTimeRecursive, 8, 0, 174, "Total") - - appendBlkioStatEntry(&expectedStats.IoWaitTimeRecursive, 8, 0, 1557, "Read") - appendBlkioStatEntry(&expectedStats.IoWaitTimeRecursive, 8, 0, 0, "Write") - appendBlkioStatEntry(&expectedStats.IoWaitTimeRecursive, 8, 0, 0, "Sync") - appendBlkioStatEntry(&expectedStats.IoWaitTimeRecursive, 8, 0, 1557, "Async") - appendBlkioStatEntry(&expectedStats.IoWaitTimeRecursive, 8, 0, 1557, "Total") - - appendBlkioStatEntry(&expectedStats.IoMergedRecursive, 8, 0, 51, "Read") - appendBlkioStatEntry(&expectedStats.IoMergedRecursive, 8, 0, 101, "Write") - appendBlkioStatEntry(&expectedStats.IoMergedRecursive, 8, 0, 0, "Sync") - appendBlkioStatEntry(&expectedStats.IoMergedRecursive, 8, 0, 0, "Async") - appendBlkioStatEntry(&expectedStats.IoMergedRecursive, 8, 0, 151, "Total") - - appendBlkioStatEntry(&expectedStats.IoTimeRecursive, 8, 0, 16, "") - - expectBlkioStatsEquals(t, expectedStats, actualStats.BlkioStats) -} - -func TestBlkioMultipleStatsFiles(t *testing.T) { - path := tempDir(t, "blkio") - writeFileContents(t, path, blkioBFQDebugStatsTestFiles) - writeFileContents(t, path, blkioCFQStatsTestFiles) - blkio := &BlkioGroup{} - actualStats := *cgroups.NewStats() - err := blkio.GetStats(path, &actualStats) - if err != nil { - t.Fatal(err) - } - - expectedStats := cgroups.BlkioStats{} - appendBlkioStatEntry(&expectedStats.SectorsRecursive, 8, 0, 2048, "") - - appendBlkioStatEntry(&expectedStats.IoServiceBytesRecursive, 8, 0, 1100, "Read") - appendBlkioStatEntry(&expectedStats.IoServiceBytesRecursive, 8, 0, 1200, "Write") - appendBlkioStatEntry(&expectedStats.IoServiceBytesRecursive, 8, 0, 1300, "Sync") - appendBlkioStatEntry(&expectedStats.IoServiceBytesRecursive, 8, 0, 1500, "Async") - appendBlkioStatEntry(&expectedStats.IoServiceBytesRecursive, 8, 0, 1500, "Total") - - appendBlkioStatEntry(&expectedStats.IoServicedRecursive, 8, 0, 11, "Read") - appendBlkioStatEntry(&expectedStats.IoServicedRecursive, 8, 0, 41, "Write") - appendBlkioStatEntry(&expectedStats.IoServicedRecursive, 8, 0, 21, "Sync") - appendBlkioStatEntry(&expectedStats.IoServicedRecursive, 8, 0, 31, "Async") - appendBlkioStatEntry(&expectedStats.IoServicedRecursive, 8, 0, 51, "Total") - - appendBlkioStatEntry(&expectedStats.IoQueuedRecursive, 8, 0, 2, "Read") - appendBlkioStatEntry(&expectedStats.IoQueuedRecursive, 8, 0, 3, "Write") - appendBlkioStatEntry(&expectedStats.IoQueuedRecursive, 8, 0, 4, "Sync") - appendBlkioStatEntry(&expectedStats.IoQueuedRecursive, 8, 0, 5, "Async") - appendBlkioStatEntry(&expectedStats.IoQueuedRecursive, 8, 0, 6, "Total") - - appendBlkioStatEntry(&expectedStats.IoServiceTimeRecursive, 8, 0, 173959, "Read") - appendBlkioStatEntry(&expectedStats.IoServiceTimeRecursive, 8, 0, 0, "Write") - appendBlkioStatEntry(&expectedStats.IoServiceTimeRecursive, 8, 0, 0, "Sync") - appendBlkioStatEntry(&expectedStats.IoServiceTimeRecursive, 8, 0, 173, "Async") - appendBlkioStatEntry(&expectedStats.IoServiceTimeRecursive, 8, 0, 174, "Total") - - appendBlkioStatEntry(&expectedStats.IoWaitTimeRecursive, 8, 0, 1557, "Read") - appendBlkioStatEntry(&expectedStats.IoWaitTimeRecursive, 8, 0, 0, "Write") - appendBlkioStatEntry(&expectedStats.IoWaitTimeRecursive, 8, 0, 0, "Sync") - appendBlkioStatEntry(&expectedStats.IoWaitTimeRecursive, 8, 0, 1557, "Async") - appendBlkioStatEntry(&expectedStats.IoWaitTimeRecursive, 8, 0, 1557, "Total") - - appendBlkioStatEntry(&expectedStats.IoMergedRecursive, 8, 0, 51, "Read") - appendBlkioStatEntry(&expectedStats.IoMergedRecursive, 8, 0, 101, "Write") - appendBlkioStatEntry(&expectedStats.IoMergedRecursive, 8, 0, 0, "Sync") - appendBlkioStatEntry(&expectedStats.IoMergedRecursive, 8, 0, 0, "Async") - appendBlkioStatEntry(&expectedStats.IoMergedRecursive, 8, 0, 151, "Total") - - appendBlkioStatEntry(&expectedStats.IoTimeRecursive, 8, 0, 16, "") - - expectBlkioStatsEquals(t, expectedStats, actualStats.BlkioStats) -} - -func TestBlkioBFQStats(t *testing.T) { - path := tempDir(t, "blkio") - writeFileContents(t, path, blkioBFQStatsTestFiles) - blkio := &BlkioGroup{} - actualStats := *cgroups.NewStats() - err := blkio.GetStats(path, &actualStats) - if err != nil { - t.Fatal(err) - } - - expectedStats := cgroups.BlkioStats{} - - appendBlkioStatEntry(&expectedStats.IoServiceBytesRecursive, 8, 0, 1100, "Read") - appendBlkioStatEntry(&expectedStats.IoServiceBytesRecursive, 8, 0, 1200, "Write") - appendBlkioStatEntry(&expectedStats.IoServiceBytesRecursive, 8, 0, 1300, "Sync") - appendBlkioStatEntry(&expectedStats.IoServiceBytesRecursive, 8, 0, 1500, "Async") - appendBlkioStatEntry(&expectedStats.IoServiceBytesRecursive, 8, 0, 1500, "Total") - - appendBlkioStatEntry(&expectedStats.IoServicedRecursive, 8, 0, 11, "Read") - appendBlkioStatEntry(&expectedStats.IoServicedRecursive, 8, 0, 41, "Write") - appendBlkioStatEntry(&expectedStats.IoServicedRecursive, 8, 0, 21, "Sync") - appendBlkioStatEntry(&expectedStats.IoServicedRecursive, 8, 0, 31, "Async") - appendBlkioStatEntry(&expectedStats.IoServicedRecursive, 8, 0, 51, "Total") - - expectBlkioStatsEquals(t, expectedStats, actualStats.BlkioStats) -} - -func TestBlkioStatsNoFilesBFQDebug(t *testing.T) { - if testing.Short() { - t.Skip("skipping test in short mode.") - } - testCases := []blkioStatFailureTestCase{ - { - desc: "missing blkio.bfq.io_service_bytes_recursive file", - filename: "blkio.bfq.io_service_bytes_recursive", - }, - { - desc: "missing blkio.bfq.io_serviced_recursive file", - filename: "blkio.bfq.io_serviced_recursive", - }, - { - desc: "missing blkio.bfq.io_queued_recursive file", - filename: "blkio.bfq.io_queued_recursive", - }, - { - desc: "missing blkio.bfq.sectors_recursive file", - filename: "blkio.bfq.sectors_recursive", - }, - { - desc: "missing blkio.bfq.io_service_time_recursive file", - filename: "blkio.bfq.io_service_time_recursive", - }, - { - desc: "missing blkio.bfq.io_wait_time_recursive file", - filename: "blkio.bfq.io_wait_time_recursive", - }, - { - desc: "missing blkio.bfq.io_merged_recursive file", - filename: "blkio.bfq.io_merged_recursive", - }, - { - desc: "missing blkio.bfq.time_recursive file", - filename: "blkio.bfq.time_recursive", - }, - } - - for _, testCase := range testCases { - path := tempDir(t, "cpuset") - - tempBlkioTestFiles := map[string]string{} - for i, v := range blkioBFQDebugStatsTestFiles { - tempBlkioTestFiles[i] = v - } - delete(tempBlkioTestFiles, testCase.filename) - - writeFileContents(t, path, tempBlkioTestFiles) - cpuset := &CpusetGroup{} - actualStats := *cgroups.NewStats() - err := cpuset.GetStats(path, &actualStats) - if err != nil { - t.Errorf("%s: want no error, got: %+v", testCase.desc, err) - } - } -} - -func TestBlkioCFQStats(t *testing.T) { - path := tempDir(t, "blkio") - writeFileContents(t, path, blkioCFQStatsTestFiles) - - blkio := &BlkioGroup{} - actualStats := *cgroups.NewStats() - err := blkio.GetStats(path, &actualStats) - if err != nil { - t.Fatal(err) - } - - // Verify expected stats. - expectedStats := cgroups.BlkioStats{} - appendBlkioStatEntry(&expectedStats.SectorsRecursive, 8, 0, 1024, "") - - appendBlkioStatEntry(&expectedStats.IoServiceBytesRecursive, 8, 0, 100, "Read") - appendBlkioStatEntry(&expectedStats.IoServiceBytesRecursive, 8, 0, 200, "Write") - appendBlkioStatEntry(&expectedStats.IoServiceBytesRecursive, 8, 0, 300, "Sync") - appendBlkioStatEntry(&expectedStats.IoServiceBytesRecursive, 8, 0, 500, "Async") - appendBlkioStatEntry(&expectedStats.IoServiceBytesRecursive, 8, 0, 500, "Total") - - appendBlkioStatEntry(&expectedStats.IoServicedRecursive, 8, 0, 10, "Read") - appendBlkioStatEntry(&expectedStats.IoServicedRecursive, 8, 0, 40, "Write") - appendBlkioStatEntry(&expectedStats.IoServicedRecursive, 8, 0, 20, "Sync") - appendBlkioStatEntry(&expectedStats.IoServicedRecursive, 8, 0, 30, "Async") - appendBlkioStatEntry(&expectedStats.IoServicedRecursive, 8, 0, 50, "Total") - - appendBlkioStatEntry(&expectedStats.IoQueuedRecursive, 8, 0, 1, "Read") - appendBlkioStatEntry(&expectedStats.IoQueuedRecursive, 8, 0, 4, "Write") - appendBlkioStatEntry(&expectedStats.IoQueuedRecursive, 8, 0, 2, "Sync") - appendBlkioStatEntry(&expectedStats.IoQueuedRecursive, 8, 0, 3, "Async") - appendBlkioStatEntry(&expectedStats.IoQueuedRecursive, 8, 0, 5, "Total") - - appendBlkioStatEntry(&expectedStats.IoServiceTimeRecursive, 8, 0, 173959, "Read") - appendBlkioStatEntry(&expectedStats.IoServiceTimeRecursive, 8, 0, 0, "Write") - appendBlkioStatEntry(&expectedStats.IoServiceTimeRecursive, 8, 0, 0, "Sync") - appendBlkioStatEntry(&expectedStats.IoServiceTimeRecursive, 8, 0, 173959, "Async") - appendBlkioStatEntry(&expectedStats.IoServiceTimeRecursive, 8, 0, 17395, "Total") - - appendBlkioStatEntry(&expectedStats.IoWaitTimeRecursive, 8, 0, 15571, "Read") - appendBlkioStatEntry(&expectedStats.IoWaitTimeRecursive, 8, 0, 0, "Write") - appendBlkioStatEntry(&expectedStats.IoWaitTimeRecursive, 8, 0, 0, "Sync") - appendBlkioStatEntry(&expectedStats.IoWaitTimeRecursive, 8, 0, 15571, "Async") - appendBlkioStatEntry(&expectedStats.IoWaitTimeRecursive, 8, 0, 15571, "Total") - - appendBlkioStatEntry(&expectedStats.IoMergedRecursive, 8, 0, 5, "Read") - appendBlkioStatEntry(&expectedStats.IoMergedRecursive, 8, 0, 10, "Write") - appendBlkioStatEntry(&expectedStats.IoMergedRecursive, 8, 0, 0, "Sync") - appendBlkioStatEntry(&expectedStats.IoMergedRecursive, 8, 0, 0, "Async") - appendBlkioStatEntry(&expectedStats.IoMergedRecursive, 8, 0, 15, "Total") - - appendBlkioStatEntry(&expectedStats.IoTimeRecursive, 8, 0, 8, "") - - expectBlkioStatsEquals(t, expectedStats, actualStats.BlkioStats) -} - -func TestBlkioStatsNoFilesCFQ(t *testing.T) { - if testing.Short() { - t.Skip("skipping test in short mode.") - } - testCases := []blkioStatFailureTestCase{ - { - desc: "missing blkio.io_service_bytes_recursive file", - filename: "blkio.io_service_bytes_recursive", - }, - { - desc: "missing blkio.io_serviced_recursive file", - filename: "blkio.io_serviced_recursive", - }, - { - desc: "missing blkio.io_queued_recursive file", - filename: "blkio.io_queued_recursive", - }, - { - desc: "missing blkio.sectors_recursive file", - filename: "blkio.sectors_recursive", - }, - { - desc: "missing blkio.io_service_time_recursive file", - filename: "blkio.io_service_time_recursive", - }, - { - desc: "missing blkio.io_wait_time_recursive file", - filename: "blkio.io_wait_time_recursive", - }, - { - desc: "missing blkio.io_merged_recursive file", - filename: "blkio.io_merged_recursive", - }, - { - desc: "missing blkio.time_recursive file", - filename: "blkio.time_recursive", - }, - } - - for _, testCase := range testCases { - path := tempDir(t, "cpuset") - - tempBlkioTestFiles := map[string]string{} - for i, v := range blkioCFQStatsTestFiles { - tempBlkioTestFiles[i] = v - } - delete(tempBlkioTestFiles, testCase.filename) - - writeFileContents(t, path, tempBlkioTestFiles) - cpuset := &CpusetGroup{} - actualStats := *cgroups.NewStats() - err := cpuset.GetStats(path, &actualStats) - if err != nil { - t.Errorf("%s: want no error, got %+v", testCase.desc, err) - } - } -} - -func TestBlkioStatsUnexpectedNumberOfFields(t *testing.T) { - path := tempDir(t, "blkio") - writeFileContents(t, path, map[string]string{ - "blkio.io_service_bytes_recursive": "8:0 Read 100 100", - "blkio.io_serviced_recursive": servicedRecursiveContents, - "blkio.io_queued_recursive": queuedRecursiveContents, - "blkio.sectors_recursive": sectorsRecursiveContents, - "blkio.io_service_time_recursive": serviceTimeRecursiveContents, - "blkio.io_wait_time_recursive": waitTimeRecursiveContents, - "blkio.io_merged_recursive": mergedRecursiveContents, - "blkio.time_recursive": timeRecursiveContents, - }) - - blkio := &BlkioGroup{} - actualStats := *cgroups.NewStats() - err := blkio.GetStats(path, &actualStats) - if err == nil { - t.Fatal("Expected to fail, but did not") - } -} - -func TestBlkioStatsUnexpectedFieldType(t *testing.T) { - path := tempDir(t, "blkio") - writeFileContents(t, path, map[string]string{ - "blkio.io_service_bytes_recursive": "8:0 Read Write", - "blkio.io_serviced_recursive": servicedRecursiveContents, - "blkio.io_queued_recursive": queuedRecursiveContents, - "blkio.sectors_recursive": sectorsRecursiveContents, - "blkio.io_service_time_recursive": serviceTimeRecursiveContents, - "blkio.io_wait_time_recursive": waitTimeRecursiveContents, - "blkio.io_merged_recursive": mergedRecursiveContents, - "blkio.time_recursive": timeRecursiveContents, - }) - - blkio := &BlkioGroup{} - actualStats := *cgroups.NewStats() - err := blkio.GetStats(path, &actualStats) - if err == nil { - t.Fatal("Expected to fail, but did not") - } -} - -func TestThrottleRecursiveBlkioStats(t *testing.T) { - path := tempDir(t, "blkio") - writeFileContents(t, path, map[string]string{ - "blkio.io_service_bytes_recursive": "", - "blkio.io_serviced_recursive": "", - "blkio.io_queued_recursive": "", - "blkio.sectors_recursive": "", - "blkio.io_service_time_recursive": "", - "blkio.io_wait_time_recursive": "", - "blkio.io_merged_recursive": "", - "blkio.time_recursive": "", - "blkio.throttle.io_service_bytes_recursive": throttleServiceBytesRecursive, - "blkio.throttle.io_serviced_recursive": throttleServicedRecursive, - }) - - blkio := &BlkioGroup{} - actualStats := *cgroups.NewStats() - err := blkio.GetStats(path, &actualStats) - if err != nil { - t.Fatal(err) - } - - // Verify expected stats. - expectedStats := cgroups.BlkioStats{} - - appendBlkioStatEntry(&expectedStats.IoServiceBytesRecursive, 8, 0, 110305281, "Read") - appendBlkioStatEntry(&expectedStats.IoServiceBytesRecursive, 8, 0, 231, "Write") - appendBlkioStatEntry(&expectedStats.IoServiceBytesRecursive, 8, 0, 421, "Sync") - appendBlkioStatEntry(&expectedStats.IoServiceBytesRecursive, 8, 0, 110305281, "Async") - appendBlkioStatEntry(&expectedStats.IoServiceBytesRecursive, 8, 0, 110305281, "Total") - appendBlkioStatEntry(&expectedStats.IoServiceBytesRecursive, 252, 0, 110305281, "Read") - appendBlkioStatEntry(&expectedStats.IoServiceBytesRecursive, 252, 0, 231, "Write") - appendBlkioStatEntry(&expectedStats.IoServiceBytesRecursive, 252, 0, 421, "Sync") - appendBlkioStatEntry(&expectedStats.IoServiceBytesRecursive, 252, 0, 110305281, "Async") - appendBlkioStatEntry(&expectedStats.IoServiceBytesRecursive, 252, 0, 110305281, "Total") - - appendBlkioStatEntry(&expectedStats.IoServicedRecursive, 8, 0, 1641, "Read") - appendBlkioStatEntry(&expectedStats.IoServicedRecursive, 8, 0, 231, "Write") - appendBlkioStatEntry(&expectedStats.IoServicedRecursive, 8, 0, 421, "Sync") - appendBlkioStatEntry(&expectedStats.IoServicedRecursive, 8, 0, 1641, "Async") - appendBlkioStatEntry(&expectedStats.IoServicedRecursive, 8, 0, 1641, "Total") - appendBlkioStatEntry(&expectedStats.IoServicedRecursive, 252, 0, 1641, "Read") - appendBlkioStatEntry(&expectedStats.IoServicedRecursive, 252, 0, 231, "Write") - appendBlkioStatEntry(&expectedStats.IoServicedRecursive, 252, 0, 421, "Sync") - appendBlkioStatEntry(&expectedStats.IoServicedRecursive, 252, 0, 1641, "Async") - appendBlkioStatEntry(&expectedStats.IoServicedRecursive, 252, 0, 1641, "Total") - - expectBlkioStatsEquals(t, expectedStats, actualStats.BlkioStats) -} - -func TestThrottleBlkioStats(t *testing.T) { - path := tempDir(t, "blkio") - writeFileContents(t, path, map[string]string{ - "blkio.io_service_bytes_recursive": "", - "blkio.io_serviced_recursive": "", - "blkio.io_queued_recursive": "", - "blkio.sectors_recursive": "", - "blkio.io_service_time_recursive": "", - "blkio.io_wait_time_recursive": "", - "blkio.io_merged_recursive": "", - "blkio.time_recursive": "", - "blkio.throttle.io_service_bytes": throttleServiceBytes, - "blkio.throttle.io_serviced": throttleServiced, - }) - - blkio := &BlkioGroup{} - actualStats := *cgroups.NewStats() - err := blkio.GetStats(path, &actualStats) - if err != nil { - t.Fatal(err) - } - - // Verify expected stats. - expectedStats := cgroups.BlkioStats{} - - appendBlkioStatEntry(&expectedStats.IoServiceBytesRecursive, 8, 0, 11030528, "Read") - appendBlkioStatEntry(&expectedStats.IoServiceBytesRecursive, 8, 0, 23, "Write") - appendBlkioStatEntry(&expectedStats.IoServiceBytesRecursive, 8, 0, 42, "Sync") - appendBlkioStatEntry(&expectedStats.IoServiceBytesRecursive, 8, 0, 11030528, "Async") - appendBlkioStatEntry(&expectedStats.IoServiceBytesRecursive, 8, 0, 11030528, "Total") - appendBlkioStatEntry(&expectedStats.IoServiceBytesRecursive, 252, 0, 11030528, "Read") - appendBlkioStatEntry(&expectedStats.IoServiceBytesRecursive, 252, 0, 23, "Write") - appendBlkioStatEntry(&expectedStats.IoServiceBytesRecursive, 252, 0, 42, "Sync") - appendBlkioStatEntry(&expectedStats.IoServiceBytesRecursive, 252, 0, 11030528, "Async") - appendBlkioStatEntry(&expectedStats.IoServiceBytesRecursive, 252, 0, 11030528, "Total") - - appendBlkioStatEntry(&expectedStats.IoServicedRecursive, 8, 0, 164, "Read") - appendBlkioStatEntry(&expectedStats.IoServicedRecursive, 8, 0, 23, "Write") - appendBlkioStatEntry(&expectedStats.IoServicedRecursive, 8, 0, 42, "Sync") - appendBlkioStatEntry(&expectedStats.IoServicedRecursive, 8, 0, 164, "Async") - appendBlkioStatEntry(&expectedStats.IoServicedRecursive, 8, 0, 164, "Total") - appendBlkioStatEntry(&expectedStats.IoServicedRecursive, 252, 0, 164, "Read") - appendBlkioStatEntry(&expectedStats.IoServicedRecursive, 252, 0, 23, "Write") - appendBlkioStatEntry(&expectedStats.IoServicedRecursive, 252, 0, 42, "Sync") - appendBlkioStatEntry(&expectedStats.IoServicedRecursive, 252, 0, 164, "Async") - appendBlkioStatEntry(&expectedStats.IoServicedRecursive, 252, 0, 164, "Total") - - expectBlkioStatsEquals(t, expectedStats, actualStats.BlkioStats) -} - -func TestBlkioSetThrottleReadBpsDevice(t *testing.T) { - path := tempDir(t, "blkio") - - const ( - throttleBefore = `8:0 1024` - ) - - td := cgroups.NewThrottleDevice(8, 0, 2048) - throttleAfter := td.String() - - writeFileContents(t, path, map[string]string{ - "blkio.throttle.read_bps_device": throttleBefore, - }) - - r := &cgroups.Resources{ - BlkioThrottleReadBpsDevice: []*cgroups.ThrottleDevice{td}, - } - blkio := &BlkioGroup{} - if err := blkio.Set(path, r); err != nil { - t.Fatal(err) - } - - value, err := fscommon.GetCgroupParamString(path, "blkio.throttle.read_bps_device") - if err != nil { - t.Fatal(err) - } - if value != throttleAfter { - t.Fatal("Got the wrong value, set blkio.throttle.read_bps_device failed.") - } -} - -func TestBlkioSetThrottleWriteBpsDevice(t *testing.T) { - path := tempDir(t, "blkio") - - const ( - throttleBefore = `8:0 1024` - ) - - td := cgroups.NewThrottleDevice(8, 0, 2048) - throttleAfter := td.String() - - writeFileContents(t, path, map[string]string{ - "blkio.throttle.write_bps_device": throttleBefore, - }) - - r := &cgroups.Resources{ - BlkioThrottleWriteBpsDevice: []*cgroups.ThrottleDevice{td}, - } - blkio := &BlkioGroup{} - if err := blkio.Set(path, r); err != nil { - t.Fatal(err) - } - - value, err := fscommon.GetCgroupParamString(path, "blkio.throttle.write_bps_device") - if err != nil { - t.Fatal(err) - } - if value != throttleAfter { - t.Fatal("Got the wrong value, set blkio.throttle.write_bps_device failed.") - } -} - -func TestBlkioSetThrottleReadIOpsDevice(t *testing.T) { - path := tempDir(t, "blkio") - - const ( - throttleBefore = `8:0 1024` - ) - - td := cgroups.NewThrottleDevice(8, 0, 2048) - throttleAfter := td.String() - - writeFileContents(t, path, map[string]string{ - "blkio.throttle.read_iops_device": throttleBefore, - }) - - r := &cgroups.Resources{ - BlkioThrottleReadIOPSDevice: []*cgroups.ThrottleDevice{td}, - } - blkio := &BlkioGroup{} - if err := blkio.Set(path, r); err != nil { - t.Fatal(err) - } - - value, err := fscommon.GetCgroupParamString(path, "blkio.throttle.read_iops_device") - if err != nil { - t.Fatal(err) - } - if value != throttleAfter { - t.Fatal("Got the wrong value, set blkio.throttle.read_iops_device failed.") - } -} - -func TestBlkioSetThrottleWriteIOpsDevice(t *testing.T) { - path := tempDir(t, "blkio") - - const ( - throttleBefore = `8:0 1024` - ) - - td := cgroups.NewThrottleDevice(8, 0, 2048) - throttleAfter := td.String() - - writeFileContents(t, path, map[string]string{ - "blkio.throttle.write_iops_device": throttleBefore, - }) - - r := &cgroups.Resources{ - BlkioThrottleWriteIOPSDevice: []*cgroups.ThrottleDevice{td}, - } - blkio := &BlkioGroup{} - if err := blkio.Set(path, r); err != nil { - t.Fatal(err) - } - - value, err := fscommon.GetCgroupParamString(path, "blkio.throttle.write_iops_device") - if err != nil { - t.Fatal(err) - } - if value != throttleAfter { - t.Fatal("Got the wrong value, set blkio.throttle.write_iops_device failed.") - } -} diff --git a/libcontainer/cgroups/fs/cpu_test.go b/libcontainer/cgroups/fs/cpu_test.go deleted file mode 100644 index 34b98f54369..00000000000 --- a/libcontainer/cgroups/fs/cpu_test.go +++ /dev/null @@ -1,226 +0,0 @@ -package fs - -import ( - "fmt" - "strconv" - "testing" - - "github.com/opencontainers/runc/libcontainer/cgroups" - "github.com/opencontainers/runc/libcontainer/cgroups/fscommon" -) - -func TestCpuSetShares(t *testing.T) { - path := tempDir(t, "cpu") - - const ( - sharesBefore = 1024 - sharesAfter = 512 - ) - - writeFileContents(t, path, map[string]string{ - "cpu.shares": strconv.Itoa(sharesBefore), - }) - - r := &cgroups.Resources{ - CpuShares: sharesAfter, - } - cpu := &CpuGroup{} - if err := cpu.Set(path, r); err != nil { - t.Fatal(err) - } - - value, err := fscommon.GetCgroupParamUint(path, "cpu.shares") - if err != nil { - t.Fatal(err) - } - if value != sharesAfter { - t.Fatal("Got the wrong value, set cpu.shares failed.") - } -} - -func TestCpuSetBandWidth(t *testing.T) { - path := tempDir(t, "cpu") - - const ( - quotaBefore = 8000 - quotaAfter = 5000 - burstBefore = 2000 - periodBefore = 10000 - periodAfter = 7000 - rtRuntimeBefore = 8000 - rtRuntimeAfter = 5000 - rtPeriodBefore = 10000 - rtPeriodAfter = 7000 - ) - burstAfter := uint64(1000) - - writeFileContents(t, path, map[string]string{ - "cpu.cfs_quota_us": strconv.Itoa(quotaBefore), - "cpu.cfs_burst_us": strconv.Itoa(burstBefore), - "cpu.cfs_period_us": strconv.Itoa(periodBefore), - "cpu.rt_runtime_us": strconv.Itoa(rtRuntimeBefore), - "cpu.rt_period_us": strconv.Itoa(rtPeriodBefore), - }) - - r := &cgroups.Resources{ - CpuQuota: quotaAfter, - CpuBurst: &burstAfter, - CpuPeriod: periodAfter, - CpuRtRuntime: rtRuntimeAfter, - CpuRtPeriod: rtPeriodAfter, - } - cpu := &CpuGroup{} - if err := cpu.Set(path, r); err != nil { - t.Fatal(err) - } - - quota, err := fscommon.GetCgroupParamUint(path, "cpu.cfs_quota_us") - if err != nil { - t.Fatal(err) - } - if quota != quotaAfter { - t.Fatal("Got the wrong value, set cpu.cfs_quota_us failed.") - } - - burst, err := fscommon.GetCgroupParamUint(path, "cpu.cfs_burst_us") - if err != nil { - t.Fatal(err) - } - if burst != burstAfter { - t.Fatal("Got the wrong value, set cpu.cfs_burst_us failed.") - } - - period, err := fscommon.GetCgroupParamUint(path, "cpu.cfs_period_us") - if err != nil { - t.Fatal(err) - } - if period != periodAfter { - t.Fatal("Got the wrong value, set cpu.cfs_period_us failed.") - } - - rtRuntime, err := fscommon.GetCgroupParamUint(path, "cpu.rt_runtime_us") - if err != nil { - t.Fatal(err) - } - if rtRuntime != rtRuntimeAfter { - t.Fatal("Got the wrong value, set cpu.rt_runtime_us failed.") - } - - rtPeriod, err := fscommon.GetCgroupParamUint(path, "cpu.rt_period_us") - if err != nil { - t.Fatal(err) - } - if rtPeriod != rtPeriodAfter { - t.Fatal("Got the wrong value, set cpu.rt_period_us failed.") - } -} - -func TestCpuStats(t *testing.T) { - path := tempDir(t, "cpu") - - const ( - nrPeriods = 2000 - nrThrottled = 200 - throttledTime = uint64(18446744073709551615) - ) - - cpuStatContent := fmt.Sprintf("nr_periods %d\nnr_throttled %d\nthrottled_time %d\n", - nrPeriods, nrThrottled, throttledTime) - writeFileContents(t, path, map[string]string{ - "cpu.stat": cpuStatContent, - }) - - cpu := &CpuGroup{} - actualStats := *cgroups.NewStats() - err := cpu.GetStats(path, &actualStats) - if err != nil { - t.Fatal(err) - } - - expectedStats := cgroups.ThrottlingData{ - Periods: nrPeriods, - ThrottledPeriods: nrThrottled, - ThrottledTime: throttledTime, - } - - expectThrottlingDataEquals(t, expectedStats, actualStats.CpuStats.ThrottlingData) -} - -func TestNoCpuStatFile(t *testing.T) { - path := tempDir(t, "cpu") - - cpu := &CpuGroup{} - actualStats := *cgroups.NewStats() - err := cpu.GetStats(path, &actualStats) - if err != nil { - t.Fatal("Expected not to fail, but did") - } -} - -func TestInvalidCpuStat(t *testing.T) { - path := tempDir(t, "cpu") - - cpuStatContent := `nr_periods 2000 - nr_throttled 200 - throttled_time fortytwo` - writeFileContents(t, path, map[string]string{ - "cpu.stat": cpuStatContent, - }) - - cpu := &CpuGroup{} - actualStats := *cgroups.NewStats() - err := cpu.GetStats(path, &actualStats) - if err == nil { - t.Fatal("Expected failed stat parsing.") - } -} - -func TestCpuSetRtSchedAtApply(t *testing.T) { - path := tempDir(t, "cpu") - - const ( - rtRuntimeBefore = 0 - rtRuntimeAfter = 5000 - rtPeriodBefore = 0 - rtPeriodAfter = 7000 - ) - - writeFileContents(t, path, map[string]string{ - "cpu.rt_runtime_us": strconv.Itoa(rtRuntimeBefore), - "cpu.rt_period_us": strconv.Itoa(rtPeriodBefore), - }) - - r := &cgroups.Resources{ - CpuRtRuntime: rtRuntimeAfter, - CpuRtPeriod: rtPeriodAfter, - } - cpu := &CpuGroup{} - - if err := cpu.Apply(path, r, 1234); err != nil { - t.Fatal(err) - } - - rtRuntime, err := fscommon.GetCgroupParamUint(path, "cpu.rt_runtime_us") - if err != nil { - t.Fatal(err) - } - if rtRuntime != rtRuntimeAfter { - t.Fatal("Got the wrong value, set cpu.rt_runtime_us failed.") - } - - rtPeriod, err := fscommon.GetCgroupParamUint(path, "cpu.rt_period_us") - if err != nil { - t.Fatal(err) - } - if rtPeriod != rtPeriodAfter { - t.Fatal("Got the wrong value, set cpu.rt_period_us failed.") - } - - pid, err := fscommon.GetCgroupParamUint(path, "cgroup.procs") - if err != nil { - t.Fatal(err) - } - if pid != 1234 { - t.Fatal("Got the wrong value, set cgroup.procs failed.") - } -} diff --git a/libcontainer/cgroups/fs/cpuacct_test.go b/libcontainer/cgroups/fs/cpuacct_test.go deleted file mode 100644 index 116454e4881..00000000000 --- a/libcontainer/cgroups/fs/cpuacct_test.go +++ /dev/null @@ -1,112 +0,0 @@ -package fs - -import ( - "reflect" - "testing" - - "github.com/opencontainers/runc/libcontainer/cgroups" -) - -const ( - cpuAcctUsageContents = "12262454190222160" - cpuAcctUsagePerCPUContents = "1564936537989058 1583937096487821 1604195415465681 1596445226820187 1481069084155629 1478735613864327 1477610593414743 1476362015778086" - cpuAcctStatContents = "user 452278264\nsystem 291429664" - cpuAcctUsageAll = `cpu user system - 0 962250696038415 637727786389114 - 1 981956408513304 638197595421064 - 2 1002658817529022 638956774598358 - 3 994937703492523 637985531181620 - 4 874843781648690 638837766495476 - 5 872544369885276 638763309884944 - 6 870104915696359 640081778921247 - 7 870202363887496 638716766259495 - ` -) - -func TestCpuacctStats(t *testing.T) { - path := tempDir(t, "cpuacct") - writeFileContents(t, path, map[string]string{ - "cpuacct.usage": cpuAcctUsageContents, - "cpuacct.usage_percpu": cpuAcctUsagePerCPUContents, - "cpuacct.stat": cpuAcctStatContents, - "cpuacct.usage_all": cpuAcctUsageAll, - }) - - cpuacct := &CpuacctGroup{} - actualStats := *cgroups.NewStats() - err := cpuacct.GetStats(path, &actualStats) - if err != nil { - t.Fatal(err) - } - - expectedStats := cgroups.CpuUsage{ - TotalUsage: uint64(12262454190222160), - PercpuUsage: []uint64{ - 1564936537989058, 1583937096487821, 1604195415465681, 1596445226820187, - 1481069084155629, 1478735613864327, 1477610593414743, 1476362015778086, - }, - PercpuUsageInKernelmode: []uint64{ - 637727786389114, 638197595421064, 638956774598358, 637985531181620, - 638837766495476, 638763309884944, 640081778921247, 638716766259495, - }, - PercpuUsageInUsermode: []uint64{ - 962250696038415, 981956408513304, 1002658817529022, 994937703492523, - 874843781648690, 872544369885276, 870104915696359, 870202363887496, - }, - UsageInKernelmode: (uint64(291429664) * nsInSec) / clockTicks, - UsageInUsermode: (uint64(452278264) * nsInSec) / clockTicks, - } - - if !reflect.DeepEqual(expectedStats, actualStats.CpuStats.CpuUsage) { - t.Errorf("Expected CPU usage %#v but found %#v\n", - expectedStats, actualStats.CpuStats.CpuUsage) - } -} - -func TestCpuacctStatsWithoutUsageAll(t *testing.T) { - path := tempDir(t, "cpuacct") - writeFileContents(t, path, map[string]string{ - "cpuacct.usage": cpuAcctUsageContents, - "cpuacct.usage_percpu": cpuAcctUsagePerCPUContents, - "cpuacct.stat": cpuAcctStatContents, - }) - - cpuacct := &CpuacctGroup{} - actualStats := *cgroups.NewStats() - err := cpuacct.GetStats(path, &actualStats) - if err != nil { - t.Fatal(err) - } - - expectedStats := cgroups.CpuUsage{ - TotalUsage: uint64(12262454190222160), - PercpuUsage: []uint64{ - 1564936537989058, 1583937096487821, 1604195415465681, 1596445226820187, - 1481069084155629, 1478735613864327, 1477610593414743, 1476362015778086, - }, - PercpuUsageInKernelmode: []uint64{}, - PercpuUsageInUsermode: []uint64{}, - UsageInKernelmode: (uint64(291429664) * nsInSec) / clockTicks, - UsageInUsermode: (uint64(452278264) * nsInSec) / clockTicks, - } - - if !reflect.DeepEqual(expectedStats, actualStats.CpuStats.CpuUsage) { - t.Errorf("Expected CPU usage %#v but found %#v\n", - expectedStats, actualStats.CpuStats.CpuUsage) - } -} - -func BenchmarkGetCpuUsageBreakdown(b *testing.B) { - path := tempDir(b, "cpuacct") - writeFileContents(b, path, map[string]string{ - "cpuacct.stat": cpuAcctStatContents, - }) - - b.ResetTimer() - for i := 0; i < b.N; i++ { - _, _, err := getCpuUsageBreakdown(path) - if err != nil { - b.Fatal(err) - } - } -} diff --git a/libcontainer/cgroups/fs/cpuset_test.go b/libcontainer/cgroups/fs/cpuset_test.go deleted file mode 100644 index ec1c86ca6e5..00000000000 --- a/libcontainer/cgroups/fs/cpuset_test.go +++ /dev/null @@ -1,241 +0,0 @@ -package fs - -import ( - "reflect" - "testing" - - "github.com/opencontainers/runc/libcontainer/cgroups" - "github.com/opencontainers/runc/libcontainer/cgroups/fscommon" -) - -const ( - cpus = "0-2,7,12-14\n" - cpuExclusive = "1\n" - mems = "1-4,6,9\n" - memHardwall = "0\n" - memExclusive = "0\n" - memoryMigrate = "1\n" - memorySpreadPage = "0\n" - memorySpeadSlab = "1\n" - memoryPressure = "34377\n" - schedLoadBalance = "1\n" - schedRelaxDomainLevel = "-1\n" -) - -var cpusetTestFiles = map[string]string{ - "cpuset.cpus": cpus, - "cpuset.cpu_exclusive": cpuExclusive, - "cpuset.mems": mems, - "cpuset.mem_hardwall": memHardwall, - "cpuset.mem_exclusive": memExclusive, - "cpuset.memory_migrate": memoryMigrate, - "cpuset.memory_spread_page": memorySpreadPage, - "cpuset.memory_spread_slab": memorySpeadSlab, - "cpuset.memory_pressure": memoryPressure, - "cpuset.sched_load_balance": schedLoadBalance, - "cpuset.sched_relax_domain_level": schedRelaxDomainLevel, -} - -func TestCPUSetSetCpus(t *testing.T) { - path := tempDir(t, "cpuset") - - const ( - cpusBefore = "0" - cpusAfter = "1-3" - ) - - writeFileContents(t, path, map[string]string{ - "cpuset.cpus": cpusBefore, - }) - - r := &cgroups.Resources{ - CpusetCpus: cpusAfter, - } - cpuset := &CpusetGroup{} - if err := cpuset.Set(path, r); err != nil { - t.Fatal(err) - } - - value, err := fscommon.GetCgroupParamString(path, "cpuset.cpus") - if err != nil { - t.Fatal(err) - } - if value != cpusAfter { - t.Fatal("Got the wrong value, set cpuset.cpus failed.") - } -} - -func TestCPUSetSetMems(t *testing.T) { - path := tempDir(t, "cpuset") - - const ( - memsBefore = "0" - memsAfter = "1" - ) - - writeFileContents(t, path, map[string]string{ - "cpuset.mems": memsBefore, - }) - - r := &cgroups.Resources{ - CpusetMems: memsAfter, - } - cpuset := &CpusetGroup{} - if err := cpuset.Set(path, r); err != nil { - t.Fatal(err) - } - - value, err := fscommon.GetCgroupParamString(path, "cpuset.mems") - if err != nil { - t.Fatal(err) - } - if value != memsAfter { - t.Fatal("Got the wrong value, set cpuset.mems failed.") - } -} - -func TestCPUSetStatsCorrect(t *testing.T) { - path := tempDir(t, "cpuset") - writeFileContents(t, path, cpusetTestFiles) - - cpuset := &CpusetGroup{} - actualStats := *cgroups.NewStats() - err := cpuset.GetStats(path, &actualStats) - if err != nil { - t.Fatal(err) - } - expectedStats := cgroups.CPUSetStats{ - CPUs: []uint16{0, 1, 2, 7, 12, 13, 14}, - CPUExclusive: 1, - Mems: []uint16{1, 2, 3, 4, 6, 9}, - MemoryMigrate: 1, - MemHardwall: 0, - MemExclusive: 0, - MemorySpreadPage: 0, - MemorySpreadSlab: 1, - MemoryPressure: 34377, - SchedLoadBalance: 1, - SchedRelaxDomainLevel: -1, - } - if !reflect.DeepEqual(expectedStats, actualStats.CPUSetStats) { - t.Fatalf("Expected Cpuset stats usage %#v but found %#v", - expectedStats, actualStats.CPUSetStats) - } -} - -func TestCPUSetStatsMissingFiles(t *testing.T) { - for _, testCase := range []struct { - desc string - filename, contents string - removeFile bool - }{ - { - desc: "empty cpus file", - filename: "cpuset.cpus", - contents: "", - removeFile: false, - }, - { - desc: "empty mems file", - filename: "cpuset.mems", - contents: "", - removeFile: false, - }, - { - desc: "corrupted cpus file", - filename: "cpuset.cpus", - contents: "0-3,*4^2", - removeFile: false, - }, - { - desc: "corrupted mems file", - filename: "cpuset.mems", - contents: "0,1,2-5,8-7", - removeFile: false, - }, - { - desc: "missing cpu_exclusive file", - filename: "cpuset.cpu_exclusive", - contents: "", - removeFile: true, - }, - { - desc: "missing memory_migrate file", - filename: "cpuset.memory_migrate", - contents: "", - removeFile: true, - }, - { - desc: "missing mem_hardwall file", - filename: "cpuset.mem_hardwall", - contents: "", - removeFile: true, - }, - { - desc: "missing mem_exclusive file", - filename: "cpuset.mem_exclusive", - contents: "", - removeFile: true, - }, - { - desc: "missing memory_spread_page file", - filename: "cpuset.memory_spread_page", - contents: "", - removeFile: true, - }, - { - desc: "missing memory_spread_slab file", - filename: "cpuset.memory_spread_slab", - contents: "", - removeFile: true, - }, - { - desc: "missing memory_pressure file", - filename: "cpuset.memory_pressure", - contents: "", - removeFile: true, - }, - { - desc: "missing sched_load_balance file", - filename: "cpuset.sched_load_balance", - contents: "", - removeFile: true, - }, - { - desc: "missing sched_relax_domain_level file", - filename: "cpuset.sched_relax_domain_level", - contents: "", - removeFile: true, - }, - } { - t.Run(testCase.desc, func(t *testing.T) { - path := tempDir(t, "cpuset") - - tempCpusetTestFiles := map[string]string{} - for i, v := range cpusetTestFiles { - tempCpusetTestFiles[i] = v - } - - if testCase.removeFile { - delete(tempCpusetTestFiles, testCase.filename) - writeFileContents(t, path, tempCpusetTestFiles) - cpuset := &CpusetGroup{} - actualStats := *cgroups.NewStats() - err := cpuset.GetStats(path, &actualStats) - if err != nil { - t.Errorf("failed unexpectedly: %q", err) - } - } else { - tempCpusetTestFiles[testCase.filename] = testCase.contents - writeFileContents(t, path, tempCpusetTestFiles) - cpuset := &CpusetGroup{} - actualStats := *cgroups.NewStats() - err := cpuset.GetStats(path, &actualStats) - - if err == nil { - t.Error("failed to return expected error") - } - } - }) - } -} diff --git a/libcontainer/cgroups/fs/freezer_test.go b/libcontainer/cgroups/fs/freezer_test.go deleted file mode 100644 index d905380840d..00000000000 --- a/libcontainer/cgroups/fs/freezer_test.go +++ /dev/null @@ -1,46 +0,0 @@ -package fs - -import ( - "testing" - - "github.com/opencontainers/runc/libcontainer/cgroups" - "github.com/opencontainers/runc/libcontainer/cgroups/fscommon" -) - -func TestFreezerSetState(t *testing.T) { - path := tempDir(t, "freezer") - - writeFileContents(t, path, map[string]string{ - "freezer.state": string(cgroups.Frozen), - }) - - r := &cgroups.Resources{ - Freezer: cgroups.Thawed, - } - freezer := &FreezerGroup{} - if err := freezer.Set(path, r); err != nil { - t.Fatal(err) - } - - value, err := fscommon.GetCgroupParamString(path, "freezer.state") - if err != nil { - t.Fatal(err) - } - if value != string(cgroups.Thawed) { - t.Fatal("Got the wrong value, set freezer.state failed.") - } -} - -func TestFreezerSetInvalidState(t *testing.T) { - path := tempDir(t, "freezer") - - const invalidArg cgroups.FreezerState = "Invalid" - - r := &cgroups.Resources{ - Freezer: invalidArg, - } - freezer := &FreezerGroup{} - if err := freezer.Set(path, r); err == nil { - t.Fatal("Failed to return invalid argument error") - } -} diff --git a/libcontainer/cgroups/fs/fs_test.go b/libcontainer/cgroups/fs/fs_test.go deleted file mode 100644 index 2d6cad1d50c..00000000000 --- a/libcontainer/cgroups/fs/fs_test.go +++ /dev/null @@ -1,49 +0,0 @@ -package fs - -import ( - "testing" - - "github.com/opencontainers/runc/libcontainer/cgroups" -) - -func BenchmarkGetStats(b *testing.B) { - if cgroups.IsCgroup2UnifiedMode() { - b.Skip("cgroup v2 is not supported") - } - - // Unset TestMode as we work with real cgroupfs here, - // and we want OpenFile to perform the fstype check. - cgroups.TestMode = false - defer func() { - cgroups.TestMode = true - }() - - cg := &cgroups.Cgroup{ - Path: "/some/kind/of/a/path/here", - Resources: &cgroups.Resources{}, - } - m, err := NewManager(cg, nil) - if err != nil { - b.Fatal(err) - } - err = m.Apply(-1) - if err != nil { - b.Fatal(err) - } - defer func() { - _ = m.Destroy() - }() - - var st *cgroups.Stats - - b.ResetTimer() - for i := 0; i < b.N; i++ { - st, err = m.GetStats() - if err != nil { - b.Fatal(err) - } - } - if st.CpuStats.CpuUsage.TotalUsage != 0 { - b.Fatalf("stats: %+v", st) - } -} diff --git a/libcontainer/cgroups/fs/hugetlb_test.go b/libcontainer/cgroups/fs/hugetlb_test.go deleted file mode 100644 index 92598709bfc..00000000000 --- a/libcontainer/cgroups/fs/hugetlb_test.go +++ /dev/null @@ -1,176 +0,0 @@ -package fs - -import ( - "fmt" - "strconv" - "testing" - - "github.com/opencontainers/runc/libcontainer/cgroups" - "github.com/opencontainers/runc/libcontainer/cgroups/fscommon" -) - -const ( - hugetlbUsageContents = "128\n" - hugetlbMaxUsageContents = "256\n" - hugetlbFailcnt = "100\n" -) - -const ( - usage = "hugetlb.%s.usage_in_bytes" - limit = "hugetlb.%s.limit_in_bytes" - maxUsage = "hugetlb.%s.max_usage_in_bytes" - failcnt = "hugetlb.%s.failcnt" - - rsvdUsage = "hugetlb.%s.rsvd.usage_in_bytes" - rsvdLimit = "hugetlb.%s.rsvd.limit_in_bytes" - rsvdMaxUsage = "hugetlb.%s.rsvd.max_usage_in_bytes" - rsvdFailcnt = "hugetlb.%s.rsvd.failcnt" -) - -func TestHugetlbSetHugetlb(t *testing.T) { - path := tempDir(t, "hugetlb") - - const ( - hugetlbBefore = 256 - hugetlbAfter = 512 - ) - - for _, pageSize := range cgroups.HugePageSizes() { - writeFileContents(t, path, map[string]string{ - fmt.Sprintf(limit, pageSize): strconv.Itoa(hugetlbBefore), - }) - } - - r := &cgroups.Resources{} - for _, pageSize := range cgroups.HugePageSizes() { - r.HugetlbLimit = []*cgroups.HugepageLimit{ - { - Pagesize: pageSize, - Limit: hugetlbAfter, - }, - } - hugetlb := &HugetlbGroup{} - if err := hugetlb.Set(path, r); err != nil { - t.Fatal(err) - } - } - - for _, pageSize := range cgroups.HugePageSizes() { - for _, f := range []string{limit, rsvdLimit} { - limit := fmt.Sprintf(f, pageSize) - value, err := fscommon.GetCgroupParamUint(path, limit) - if err != nil { - t.Fatal(err) - } - if value != hugetlbAfter { - t.Fatalf("Set %s failed. Expected: %v, Got: %v", limit, hugetlbAfter, value) - } - } - } -} - -func TestHugetlbStats(t *testing.T) { - path := tempDir(t, "hugetlb") - for _, pageSize := range cgroups.HugePageSizes() { - writeFileContents(t, path, map[string]string{ - fmt.Sprintf(usage, pageSize): hugetlbUsageContents, - fmt.Sprintf(maxUsage, pageSize): hugetlbMaxUsageContents, - fmt.Sprintf(failcnt, pageSize): hugetlbFailcnt, - }) - } - - hugetlb := &HugetlbGroup{} - actualStats := *cgroups.NewStats() - err := hugetlb.GetStats(path, &actualStats) - if err != nil { - t.Fatal(err) - } - expectedStats := cgroups.HugetlbStats{Usage: 128, MaxUsage: 256, Failcnt: 100} - for _, pageSize := range cgroups.HugePageSizes() { - expectHugetlbStatEquals(t, expectedStats, actualStats.HugetlbStats[pageSize]) - } -} - -func TestHugetlbRStatsRsvd(t *testing.T) { - path := tempDir(t, "hugetlb") - for _, pageSize := range cgroups.HugePageSizes() { - writeFileContents(t, path, map[string]string{ - fmt.Sprintf(rsvdUsage, pageSize): hugetlbUsageContents, - fmt.Sprintf(rsvdMaxUsage, pageSize): hugetlbMaxUsageContents, - fmt.Sprintf(rsvdFailcnt, pageSize): hugetlbFailcnt, - }) - } - - hugetlb := &HugetlbGroup{} - actualStats := *cgroups.NewStats() - err := hugetlb.GetStats(path, &actualStats) - if err != nil { - t.Fatal(err) - } - expectedStats := cgroups.HugetlbStats{Usage: 128, MaxUsage: 256, Failcnt: 100} - for _, pageSize := range cgroups.HugePageSizes() { - expectHugetlbStatEquals(t, expectedStats, actualStats.HugetlbStats[pageSize]) - } -} - -func TestHugetlbStatsNoUsageFile(t *testing.T) { - path := tempDir(t, "hugetlb") - writeFileContents(t, path, map[string]string{ - maxUsage: hugetlbMaxUsageContents, - }) - - hugetlb := &HugetlbGroup{} - actualStats := *cgroups.NewStats() - err := hugetlb.GetStats(path, &actualStats) - if err == nil { - t.Fatal("Expected failure") - } -} - -func TestHugetlbStatsNoMaxUsageFile(t *testing.T) { - path := tempDir(t, "hugetlb") - for _, pageSize := range cgroups.HugePageSizes() { - writeFileContents(t, path, map[string]string{ - fmt.Sprintf(usage, pageSize): hugetlbUsageContents, - }) - } - - hugetlb := &HugetlbGroup{} - actualStats := *cgroups.NewStats() - err := hugetlb.GetStats(path, &actualStats) - if err == nil { - t.Fatal("Expected failure") - } -} - -func TestHugetlbStatsBadUsageFile(t *testing.T) { - path := tempDir(t, "hugetlb") - for _, pageSize := range cgroups.HugePageSizes() { - writeFileContents(t, path, map[string]string{ - fmt.Sprintf(usage, pageSize): "bad", - maxUsage: hugetlbMaxUsageContents, - }) - } - - hugetlb := &HugetlbGroup{} - actualStats := *cgroups.NewStats() - err := hugetlb.GetStats(path, &actualStats) - if err == nil { - t.Fatal("Expected failure") - } -} - -func TestHugetlbStatsBadMaxUsageFile(t *testing.T) { - path := tempDir(t, "hugetlb") - writeFileContents(t, path, map[string]string{ - usage: hugetlbUsageContents, - maxUsage: "bad", - }) - - hugetlb := &HugetlbGroup{} - actualStats := *cgroups.NewStats() - err := hugetlb.GetStats(path, &actualStats) - if err == nil { - t.Fatal("Expected failure") - } -} diff --git a/libcontainer/cgroups/fs/memory_test.go b/libcontainer/cgroups/fs/memory_test.go deleted file mode 100644 index 25687b6f97e..00000000000 --- a/libcontainer/cgroups/fs/memory_test.go +++ /dev/null @@ -1,506 +0,0 @@ -package fs - -import ( - "strconv" - "testing" - - "github.com/opencontainers/runc/libcontainer/cgroups" - "github.com/opencontainers/runc/libcontainer/cgroups/fscommon" -) - -const ( - memoryStatContents = `cache 512 -rss 1024` - memoryUsageContents = "2048\n" - memoryMaxUsageContents = "4096\n" - memoryFailcnt = "100\n" - memoryLimitContents = "8192\n" - memoryUseHierarchyContents = "1\n" - memoryNUMAStatContents = `total=44611 N0=32631 N1=7501 N2=1982 N3=2497 -file=44428 N0=32614 N1=7335 N2=1982 N3=2497 -anon=183 N0=17 N1=166 N2=0 N3=0 -unevictable=0 N0=0 N1=0 N2=0 N3=0 -hierarchical_total=768133 N0=509113 N1=138887 N2=20464 N3=99669 -hierarchical_file=722017 N0=496516 N1=119997 N2=20181 N3=85323 -hierarchical_anon=46096 N0=12597 N1=18890 N2=283 N3=14326 -hierarchical_unevictable=20 N0=0 N1=0 N2=0 N3=20 -` - memoryNUMAStatNoHierarchyContents = `total=44611 N0=32631 N1=7501 N2=1982 N3=2497 -file=44428 N0=32614 N1=7335 N2=1982 N3=2497 -anon=183 N0=17 N1=166 N2=0 N3=0 -unevictable=0 N0=0 N1=0 N2=0 N3=0 -` - // Some custom kernels has extra fields that should be ignored - memoryNUMAStatExtraContents = `numa_locality 0 0 0 0 0 0 0 0 0 0 -numa_exectime 0 -whatever=100 N0=0 -` -) - -func TestMemorySetMemory(t *testing.T) { - path := tempDir(t, "memory") - - const ( - memoryBefore = 314572800 // 300M - memoryAfter = 524288000 // 500M - reservationBefore = 209715200 // 200M - reservationAfter = 314572800 // 300M - ) - - writeFileContents(t, path, map[string]string{ - "memory.limit_in_bytes": strconv.Itoa(memoryBefore), - "memory.soft_limit_in_bytes": strconv.Itoa(reservationBefore), - }) - - r := &cgroups.Resources{ - Memory: memoryAfter, - MemoryReservation: reservationAfter, - } - memory := &MemoryGroup{} - if err := memory.Set(path, r); err != nil { - t.Fatal(err) - } - - value, err := fscommon.GetCgroupParamUint(path, "memory.limit_in_bytes") - if err != nil { - t.Fatal(err) - } - if value != memoryAfter { - t.Fatal("Got the wrong value, set memory.limit_in_bytes failed.") - } - - value, err = fscommon.GetCgroupParamUint(path, "memory.soft_limit_in_bytes") - if err != nil { - t.Fatal(err) - } - if value != reservationAfter { - t.Fatal("Got the wrong value, set memory.soft_limit_in_bytes failed.") - } -} - -func TestMemorySetMemoryswap(t *testing.T) { - path := tempDir(t, "memory") - - const ( - memoryswapBefore = 314572800 // 300M - memoryswapAfter = 524288000 // 500M - ) - - writeFileContents(t, path, map[string]string{ - "memory.memsw.limit_in_bytes": strconv.Itoa(memoryswapBefore), - }) - - r := &cgroups.Resources{ - MemorySwap: memoryswapAfter, - } - memory := &MemoryGroup{} - if err := memory.Set(path, r); err != nil { - t.Fatal(err) - } - - value, err := fscommon.GetCgroupParamUint(path, "memory.memsw.limit_in_bytes") - if err != nil { - t.Fatal(err) - } - if value != memoryswapAfter { - t.Fatal("Got the wrong value, set memory.memsw.limit_in_bytes failed.") - } -} - -func TestMemorySetMemoryLargerThanSwap(t *testing.T) { - path := tempDir(t, "memory") - - const ( - memoryBefore = 314572800 // 300M - memoryswapBefore = 524288000 // 500M - memoryAfter = 629145600 // 600M - memoryswapAfter = 838860800 // 800M - ) - - writeFileContents(t, path, map[string]string{ - "memory.limit_in_bytes": strconv.Itoa(memoryBefore), - "memory.memsw.limit_in_bytes": strconv.Itoa(memoryswapBefore), - // Set will call getMemoryData when memory and swap memory are - // both set, fake these fields so we don't get error. - "memory.usage_in_bytes": "0", - "memory.max_usage_in_bytes": "0", - "memory.failcnt": "0", - }) - - r := &cgroups.Resources{ - Memory: memoryAfter, - MemorySwap: memoryswapAfter, - } - memory := &MemoryGroup{} - if err := memory.Set(path, r); err != nil { - t.Fatal(err) - } - - value, err := fscommon.GetCgroupParamUint(path, "memory.limit_in_bytes") - if err != nil { - t.Fatal(err) - } - if value != memoryAfter { - t.Fatal("Got the wrong value, set memory.limit_in_bytes failed.") - } - - value, err = fscommon.GetCgroupParamUint(path, "memory.memsw.limit_in_bytes") - if err != nil { - t.Fatal(err) - } - if value != memoryswapAfter { - t.Fatal("Got the wrong value, set memory.memsw.limit_in_bytes failed.") - } -} - -func TestMemorySetSwapSmallerThanMemory(t *testing.T) { - path := tempDir(t, "memory") - - const ( - memoryBefore = 629145600 // 600M - memoryswapBefore = 838860800 // 800M - memoryAfter = 314572800 // 300M - memoryswapAfter = 524288000 // 500M - ) - - writeFileContents(t, path, map[string]string{ - "memory.limit_in_bytes": strconv.Itoa(memoryBefore), - "memory.memsw.limit_in_bytes": strconv.Itoa(memoryswapBefore), - }) - - r := &cgroups.Resources{ - Memory: memoryAfter, - MemorySwap: memoryswapAfter, - } - memory := &MemoryGroup{} - if err := memory.Set(path, r); err != nil { - t.Fatal(err) - } - - value, err := fscommon.GetCgroupParamUint(path, "memory.limit_in_bytes") - if err != nil { - t.Fatal(err) - } - if value != memoryAfter { - t.Fatalf("Got the wrong value (%d != %d), set memory.limit_in_bytes failed", value, memoryAfter) - } - - value, err = fscommon.GetCgroupParamUint(path, "memory.memsw.limit_in_bytes") - if err != nil { - t.Fatal(err) - } - if value != memoryswapAfter { - t.Fatalf("Got the wrong value (%d != %d), set memory.memsw.limit_in_bytes failed", value, memoryswapAfter) - } -} - -func TestMemorySetMemorySwappinessDefault(t *testing.T) { - path := tempDir(t, "memory") - - swappinessBefore := 60 // default is 60 - swappinessAfter := uint64(0) - - writeFileContents(t, path, map[string]string{ - "memory.swappiness": strconv.Itoa(swappinessBefore), - }) - - r := &cgroups.Resources{ - MemorySwappiness: &swappinessAfter, - } - memory := &MemoryGroup{} - if err := memory.Set(path, r); err != nil { - t.Fatal(err) - } - - value, err := fscommon.GetCgroupParamUint(path, "memory.swappiness") - if err != nil { - t.Fatal(err) - } - if value != swappinessAfter { - t.Fatalf("Got the wrong value (%d), set memory.swappiness = %d failed.", value, swappinessAfter) - } -} - -func TestMemoryStats(t *testing.T) { - path := tempDir(t, "memory") - writeFileContents(t, path, map[string]string{ - "memory.stat": memoryStatContents, - "memory.usage_in_bytes": memoryUsageContents, - "memory.limit_in_bytes": memoryLimitContents, - "memory.max_usage_in_bytes": memoryMaxUsageContents, - "memory.failcnt": memoryFailcnt, - "memory.memsw.usage_in_bytes": memoryUsageContents, - "memory.memsw.max_usage_in_bytes": memoryMaxUsageContents, - "memory.memsw.failcnt": memoryFailcnt, - "memory.memsw.limit_in_bytes": memoryLimitContents, - "memory.kmem.usage_in_bytes": memoryUsageContents, - "memory.kmem.max_usage_in_bytes": memoryMaxUsageContents, - "memory.kmem.failcnt": memoryFailcnt, - "memory.kmem.limit_in_bytes": memoryLimitContents, - "memory.use_hierarchy": memoryUseHierarchyContents, - "memory.numa_stat": memoryNUMAStatContents + memoryNUMAStatExtraContents, - }) - - memory := &MemoryGroup{} - actualStats := *cgroups.NewStats() - err := memory.GetStats(path, &actualStats) - if err != nil { - t.Fatal(err) - } - expectedStats := cgroups.MemoryStats{ - Cache: 512, - Usage: cgroups.MemoryData{Usage: 2048, MaxUsage: 4096, Failcnt: 100, Limit: 8192}, - SwapUsage: cgroups.MemoryData{Usage: 2048, MaxUsage: 4096, Failcnt: 100, Limit: 8192}, - SwapOnlyUsage: cgroups.MemoryData{Usage: 0, MaxUsage: 0, Failcnt: 0, Limit: 0}, - KernelUsage: cgroups.MemoryData{Usage: 2048, MaxUsage: 4096, Failcnt: 100, Limit: 8192}, - Stats: map[string]uint64{"cache": 512, "rss": 1024}, - UseHierarchy: true, - PageUsageByNUMA: cgroups.PageUsageByNUMA{ - PageUsageByNUMAInner: cgroups.PageUsageByNUMAInner{ - Total: cgroups.PageStats{Total: 44611, Nodes: map[uint8]uint64{0: 32631, 1: 7501, 2: 1982, 3: 2497}}, - File: cgroups.PageStats{Total: 44428, Nodes: map[uint8]uint64{0: 32614, 1: 7335, 2: 1982, 3: 2497}}, - Anon: cgroups.PageStats{Total: 183, Nodes: map[uint8]uint64{0: 17, 1: 166, 2: 0, 3: 0}}, - Unevictable: cgroups.PageStats{Total: 0, Nodes: map[uint8]uint64{0: 0, 1: 0, 2: 0, 3: 0}}, - }, - Hierarchical: cgroups.PageUsageByNUMAInner{ - Total: cgroups.PageStats{Total: 768133, Nodes: map[uint8]uint64{0: 509113, 1: 138887, 2: 20464, 3: 99669}}, - File: cgroups.PageStats{Total: 722017, Nodes: map[uint8]uint64{0: 496516, 1: 119997, 2: 20181, 3: 85323}}, - Anon: cgroups.PageStats{Total: 46096, Nodes: map[uint8]uint64{0: 12597, 1: 18890, 2: 283, 3: 14326}}, - Unevictable: cgroups.PageStats{Total: 20, Nodes: map[uint8]uint64{0: 0, 1: 0, 2: 0, 3: 20}}, - }, - }, - } - expectMemoryStatEquals(t, expectedStats, actualStats.MemoryStats) -} - -func TestMemoryStatsNoStatFile(t *testing.T) { - path := tempDir(t, "memory") - writeFileContents(t, path, map[string]string{ - "memory.usage_in_bytes": memoryUsageContents, - "memory.max_usage_in_bytes": memoryMaxUsageContents, - "memory.limit_in_bytes": memoryLimitContents, - }) - - memory := &MemoryGroup{} - actualStats := *cgroups.NewStats() - err := memory.GetStats(path, &actualStats) - if err != nil { - t.Fatal(err) - } -} - -func TestMemoryStatsNoUsageFile(t *testing.T) { - path := tempDir(t, "memory") - writeFileContents(t, path, map[string]string{ - "memory.stat": memoryStatContents, - "memory.max_usage_in_bytes": memoryMaxUsageContents, - "memory.limit_in_bytes": memoryLimitContents, - }) - - memory := &MemoryGroup{} - actualStats := *cgroups.NewStats() - err := memory.GetStats(path, &actualStats) - if err == nil { - t.Fatal("Expected failure") - } -} - -func TestMemoryStatsNoMaxUsageFile(t *testing.T) { - path := tempDir(t, "memory") - writeFileContents(t, path, map[string]string{ - "memory.stat": memoryStatContents, - "memory.usage_in_bytes": memoryUsageContents, - "memory.limit_in_bytes": memoryLimitContents, - }) - - memory := &MemoryGroup{} - actualStats := *cgroups.NewStats() - err := memory.GetStats(path, &actualStats) - if err == nil { - t.Fatal("Expected failure") - } -} - -func TestMemoryStatsNoLimitInBytesFile(t *testing.T) { - path := tempDir(t, "memory") - writeFileContents(t, path, map[string]string{ - "memory.stat": memoryStatContents, - "memory.usage_in_bytes": memoryUsageContents, - "memory.max_usage_in_bytes": memoryMaxUsageContents, - }) - - memory := &MemoryGroup{} - actualStats := *cgroups.NewStats() - err := memory.GetStats(path, &actualStats) - if err == nil { - t.Fatal("Expected failure") - } -} - -func TestMemoryStatsBadStatFile(t *testing.T) { - path := tempDir(t, "memory") - writeFileContents(t, path, map[string]string{ - "memory.stat": "rss rss", - "memory.usage_in_bytes": memoryUsageContents, - "memory.max_usage_in_bytes": memoryMaxUsageContents, - "memory.limit_in_bytes": memoryLimitContents, - }) - - memory := &MemoryGroup{} - actualStats := *cgroups.NewStats() - err := memory.GetStats(path, &actualStats) - if err == nil { - t.Fatal("Expected failure") - } -} - -func TestMemoryStatsBadUsageFile(t *testing.T) { - path := tempDir(t, "memory") - writeFileContents(t, path, map[string]string{ - "memory.stat": memoryStatContents, - "memory.usage_in_bytes": "bad", - "memory.max_usage_in_bytes": memoryMaxUsageContents, - "memory.limit_in_bytes": memoryLimitContents, - }) - - memory := &MemoryGroup{} - actualStats := *cgroups.NewStats() - err := memory.GetStats(path, &actualStats) - if err == nil { - t.Fatal("Expected failure") - } -} - -func TestMemoryStatsBadMaxUsageFile(t *testing.T) { - path := tempDir(t, "memory") - writeFileContents(t, path, map[string]string{ - "memory.stat": memoryStatContents, - "memory.usage_in_bytes": memoryUsageContents, - "memory.max_usage_in_bytes": "bad", - "memory.limit_in_bytes": memoryLimitContents, - }) - - memory := &MemoryGroup{} - actualStats := *cgroups.NewStats() - err := memory.GetStats(path, &actualStats) - if err == nil { - t.Fatal("Expected failure") - } -} - -func TestMemoryStatsBadLimitInBytesFile(t *testing.T) { - path := tempDir(t, "memory") - writeFileContents(t, path, map[string]string{ - "memory.stat": memoryStatContents, - "memory.usage_in_bytes": memoryUsageContents, - "memory.max_usage_in_bytes": memoryMaxUsageContents, - "memory.limit_in_bytes": "bad", - }) - - memory := &MemoryGroup{} - actualStats := *cgroups.NewStats() - err := memory.GetStats(path, &actualStats) - if err == nil { - t.Fatal("Expected failure") - } -} - -func TestMemorySetOomControl(t *testing.T) { - path := tempDir(t, "memory") - - const ( - oomKillDisable = 1 // disable oom killer, default is 0 - ) - - writeFileContents(t, path, map[string]string{ - "memory.oom_control": strconv.Itoa(oomKillDisable), - }) - - memory := &MemoryGroup{} - r := &cgroups.Resources{} - if err := memory.Set(path, r); err != nil { - t.Fatal(err) - } - - value, err := fscommon.GetCgroupParamUint(path, "memory.oom_control") - if err != nil { - t.Fatal(err) - } - if value != oomKillDisable { - t.Fatalf("Got the wrong value, set memory.oom_control failed.") - } -} - -func TestNoHierarchicalNumaStat(t *testing.T) { - path := tempDir(t, "memory") - writeFileContents(t, path, map[string]string{ - "memory.numa_stat": memoryNUMAStatNoHierarchyContents + memoryNUMAStatExtraContents, - }) - - actualStats, err := getPageUsageByNUMA(path) - if err != nil { - t.Fatal(err) - } - pageUsageByNUMA := cgroups.PageUsageByNUMA{ - PageUsageByNUMAInner: cgroups.PageUsageByNUMAInner{ - Total: cgroups.PageStats{Total: 44611, Nodes: map[uint8]uint64{0: 32631, 1: 7501, 2: 1982, 3: 2497}}, - File: cgroups.PageStats{Total: 44428, Nodes: map[uint8]uint64{0: 32614, 1: 7335, 2: 1982, 3: 2497}}, - Anon: cgroups.PageStats{Total: 183, Nodes: map[uint8]uint64{0: 17, 1: 166, 2: 0, 3: 0}}, - Unevictable: cgroups.PageStats{Total: 0, Nodes: map[uint8]uint64{0: 0, 1: 0, 2: 0, 3: 0}}, - }, - Hierarchical: cgroups.PageUsageByNUMAInner{}, - } - expectPageUsageByNUMAEquals(t, pageUsageByNUMA, actualStats) -} - -func TestBadNumaStat(t *testing.T) { - memoryNUMAStatBadContents := []struct { - desc, contents string - }{ - { - desc: "Nx where x is not a number", - contents: `total=44611 N0=44611, -file=44428 Nx=0 -`, - }, { - desc: "Nx where x > 255", - contents: `total=44611 N333=444`, - }, { - desc: "Nx argument missing", - contents: `total=44611 N0=123 N1=`, - }, { - desc: "Nx argument is not a number", - contents: `total=44611 N0=123 N1=a`, - }, { - desc: "Missing = after Nx", - contents: `total=44611 N0=123 N1`, - }, { - desc: "No Nx at non-first position", - contents: `total=44611 N0=32631 -file=44428 N0=32614 -anon=183 N0=12 badone -`, - }, - } - path := tempDir(t, "memory") - for _, c := range memoryNUMAStatBadContents { - writeFileContents(t, path, map[string]string{ - "memory.numa_stat": c.contents, - }) - - _, err := getPageUsageByNUMA(path) - if err == nil { - t.Errorf("case %q: expected error, got nil", c.desc) - } - } -} - -func TestWithoutNumaStat(t *testing.T) { - path := tempDir(t, "memory") - - actualStats, err := getPageUsageByNUMA(path) - if err != nil { - t.Fatal(err) - } - expectPageUsageByNUMAEquals(t, cgroups.PageUsageByNUMA{}, actualStats) -} diff --git a/libcontainer/cgroups/fs/net_cls_test.go b/libcontainer/cgroups/fs/net_cls_test.go deleted file mode 100644 index ea051d99a1e..00000000000 --- a/libcontainer/cgroups/fs/net_cls_test.go +++ /dev/null @@ -1,41 +0,0 @@ -package fs - -import ( - "strconv" - "testing" - - "github.com/opencontainers/runc/libcontainer/cgroups" - "github.com/opencontainers/runc/libcontainer/cgroups/fscommon" -) - -const ( - classidBefore = 0x100002 - classidAfter = 0x100001 -) - -func TestNetClsSetClassid(t *testing.T) { - path := tempDir(t, "net_cls") - - writeFileContents(t, path, map[string]string{ - "net_cls.classid": strconv.FormatUint(classidBefore, 10), - }) - - r := &cgroups.Resources{ - NetClsClassid: classidAfter, - } - netcls := &NetClsGroup{} - if err := netcls.Set(path, r); err != nil { - t.Fatal(err) - } - - // As we are in mock environment, we can't get correct value of classid from - // net_cls.classid. - // So. we just judge if we successfully write classid into file - value, err := fscommon.GetCgroupParamUint(path, "net_cls.classid") - if err != nil { - t.Fatal(err) - } - if value != classidAfter { - t.Fatal("Got the wrong value, set net_cls.classid failed.") - } -} diff --git a/libcontainer/cgroups/fs/net_prio_test.go b/libcontainer/cgroups/fs/net_prio_test.go deleted file mode 100644 index 90115e99eb3..00000000000 --- a/libcontainer/cgroups/fs/net_prio_test.go +++ /dev/null @@ -1,36 +0,0 @@ -package fs - -import ( - "strings" - "testing" - - "github.com/opencontainers/runc/libcontainer/cgroups" - "github.com/opencontainers/runc/libcontainer/cgroups/fscommon" -) - -var prioMap = []*cgroups.IfPrioMap{ - { - Interface: "test", - Priority: 5, - }, -} - -func TestNetPrioSetIfPrio(t *testing.T) { - path := tempDir(t, "net_prio") - - r := &cgroups.Resources{ - NetPrioIfpriomap: prioMap, - } - netPrio := &NetPrioGroup{} - if err := netPrio.Set(path, r); err != nil { - t.Fatal(err) - } - - value, err := fscommon.GetCgroupParamString(path, "net_prio.ifpriomap") - if err != nil { - t.Fatal(err) - } - if !strings.Contains(value, "test 5") { - t.Fatal("Got the wrong value, set net_prio.ifpriomap failed.") - } -} diff --git a/libcontainer/cgroups/fs/paths_test.go b/libcontainer/cgroups/fs/paths_test.go deleted file mode 100644 index 692ff5e56a4..00000000000 --- a/libcontainer/cgroups/fs/paths_test.go +++ /dev/null @@ -1,104 +0,0 @@ -package fs - -import ( - "path/filepath" - "strings" - "testing" - - "github.com/opencontainers/runc/libcontainer/cgroups" - "github.com/opencontainers/runc/libcontainer/cgroups/internal/path" -) - -func TestInvalidCgroupPath(t *testing.T) { - if cgroups.IsCgroup2UnifiedMode() { - t.Skip("cgroup v2 is not supported") - } - - root, err := rootPath() - if err != nil { - t.Fatalf("couldn't get cgroup root: %v", err) - } - - testCases := []struct { - test string - path, name, parent string - }{ - { - test: "invalid cgroup path", - path: "../../../../../../../../../../some/path", - }, - { - test: "invalid absolute cgroup path", - path: "/../../../../../../../../../../some/path", - }, - { - test: "invalid cgroup parent", - parent: "../../../../../../../../../../some/path", - name: "name", - }, - { - test: "invalid absolute cgroup parent", - parent: "/../../../../../../../../../../some/path", - name: "name", - }, - { - test: "invalid cgroup name", - parent: "parent", - name: "../../../../../../../../../../some/path", - }, - { - test: "invalid absolute cgroup name", - parent: "parent", - name: "/../../../../../../../../../../some/path", - }, - { - test: "invalid cgroup name and parent", - parent: "../../../../../../../../../../some/path", - name: "../../../../../../../../../../some/path", - }, - { - test: "invalid absolute cgroup name and parent", - parent: "/../../../../../../../../../../some/path", - name: "/../../../../../../../../../../some/path", - }, - } - - for _, tc := range testCases { - t.Run(tc.test, func(t *testing.T) { - config := &cgroups.Cgroup{Path: tc.path, Name: tc.name, Parent: tc.parent} - - inner, err := path.Inner(config) - if err != nil { - t.Fatalf("couldn't get cgroup data: %v", err) - } - - // Make sure the final inner path doesn't go outside the cgroup mountpoint. - if strings.HasPrefix(inner, "..") { - t.Errorf("SECURITY: cgroup innerPath is outside cgroup mountpoint!") - } - - // Double-check, using an actual cgroup. - deviceRoot := filepath.Join(root, "devices") - devicePath, err := subsysPath(root, inner, "devices") - if err != nil { - t.Fatalf("couldn't get cgroup path: %v", err) - } - if !strings.HasPrefix(devicePath, deviceRoot) { - t.Errorf("SECURITY: cgroup path() is outside cgroup mountpoint!") - } - }) - } -} - -func TestTryDefaultCgroupRoot(t *testing.T) { - res := tryDefaultCgroupRoot() - exp := defaultCgroupRoot - if cgroups.IsCgroup2UnifiedMode() { - // checking that tryDefaultCgroupRoot does return "" - // in case /sys/fs/cgroup is not cgroup v1 root dir. - exp = "" - } - if res != exp { - t.Errorf("tryDefaultCgroupRoot: want %q, got %q", exp, res) - } -} diff --git a/libcontainer/cgroups/fs/pids_test.go b/libcontainer/cgroups/fs/pids_test.go deleted file mode 100644 index eb05511ff0d..00000000000 --- a/libcontainer/cgroups/fs/pids_test.go +++ /dev/null @@ -1,108 +0,0 @@ -package fs - -import ( - "strconv" - "testing" - - "github.com/opencontainers/runc/libcontainer/cgroups" - "github.com/opencontainers/runc/libcontainer/cgroups/fscommon" -) - -const ( - maxUnlimited = -1 - maxLimited = 1024 -) - -func TestPidsSetMax(t *testing.T) { - path := tempDir(t, "pids") - - writeFileContents(t, path, map[string]string{ - "pids.max": "max", - }) - - r := &cgroups.Resources{ - PidsLimit: maxLimited, - } - pids := &PidsGroup{} - if err := pids.Set(path, r); err != nil { - t.Fatal(err) - } - - value, err := fscommon.GetCgroupParamUint(path, "pids.max") - if err != nil { - t.Fatal(err) - } - if value != maxLimited { - t.Fatalf("Expected %d, got %d for setting pids.max - limited", maxLimited, value) - } -} - -func TestPidsSetUnlimited(t *testing.T) { - path := tempDir(t, "pids") - - writeFileContents(t, path, map[string]string{ - "pids.max": strconv.Itoa(maxLimited), - }) - - r := &cgroups.Resources{ - PidsLimit: maxUnlimited, - } - pids := &PidsGroup{} - if err := pids.Set(path, r); err != nil { - t.Fatal(err) - } - - value, err := fscommon.GetCgroupParamString(path, "pids.max") - if err != nil { - t.Fatal(err) - } - if value != "max" { - t.Fatalf("Expected %s, got %s for setting pids.max - unlimited", "max", value) - } -} - -func TestPidsStats(t *testing.T) { - path := tempDir(t, "pids") - - writeFileContents(t, path, map[string]string{ - "pids.current": strconv.Itoa(1337), - "pids.max": strconv.Itoa(maxLimited), - }) - - pids := &PidsGroup{} - stats := *cgroups.NewStats() - if err := pids.GetStats(path, &stats); err != nil { - t.Fatal(err) - } - - if stats.PidsStats.Current != 1337 { - t.Fatalf("Expected %d, got %d for pids.current", 1337, stats.PidsStats.Current) - } - - if stats.PidsStats.Limit != maxLimited { - t.Fatalf("Expected %d, got %d for pids.max", maxLimited, stats.PidsStats.Limit) - } -} - -func TestPidsStatsUnlimited(t *testing.T) { - path := tempDir(t, "pids") - - writeFileContents(t, path, map[string]string{ - "pids.current": strconv.Itoa(4096), - "pids.max": "max", - }) - - pids := &PidsGroup{} - stats := *cgroups.NewStats() - if err := pids.GetStats(path, &stats); err != nil { - t.Fatal(err) - } - - if stats.PidsStats.Current != 4096 { - t.Fatalf("Expected %d, got %d for pids.current", 4096, stats.PidsStats.Current) - } - - if stats.PidsStats.Limit != 0 { - t.Fatalf("Expected %d, got %d for pids.max", 0, stats.PidsStats.Limit) - } -} diff --git a/libcontainer/cgroups/fs/stats_util_test.go b/libcontainer/cgroups/fs/stats_util_test.go deleted file mode 100644 index 9b7d840a7c2..00000000000 --- a/libcontainer/cgroups/fs/stats_util_test.go +++ /dev/null @@ -1,138 +0,0 @@ -package fs - -import ( - "errors" - "fmt" - "reflect" - "testing" - - "github.com/opencontainers/runc/libcontainer/cgroups" -) - -func blkioStatEntryEquals(expected, actual []cgroups.BlkioStatEntry) error { - if len(expected) != len(actual) { - return errors.New("blkioStatEntries length do not match") - } - for i, expValue := range expected { - actValue := actual[i] - if expValue != actValue { - return fmt.Errorf("expected: %v, actual: %v", expValue, actValue) - } - } - return nil -} - -func expectBlkioStatsEquals(t *testing.T, expected, actual cgroups.BlkioStats) { - t.Helper() - if err := blkioStatEntryEquals(expected.IoServiceBytesRecursive, actual.IoServiceBytesRecursive); err != nil { - t.Errorf("blkio IoServiceBytesRecursive do not match: %s", err) - } - - if err := blkioStatEntryEquals(expected.IoServicedRecursive, actual.IoServicedRecursive); err != nil { - t.Errorf("blkio IoServicedRecursive do not match: %s", err) - } - - if err := blkioStatEntryEquals(expected.IoQueuedRecursive, actual.IoQueuedRecursive); err != nil { - t.Errorf("blkio IoQueuedRecursive do not match: %s", err) - } - - if err := blkioStatEntryEquals(expected.SectorsRecursive, actual.SectorsRecursive); err != nil { - t.Errorf("blkio SectorsRecursive do not match: %s", err) - } - - if err := blkioStatEntryEquals(expected.IoServiceTimeRecursive, actual.IoServiceTimeRecursive); err != nil { - t.Errorf("blkio IoServiceTimeRecursive do not match: %s", err) - } - - if err := blkioStatEntryEquals(expected.IoWaitTimeRecursive, actual.IoWaitTimeRecursive); err != nil { - t.Errorf("blkio IoWaitTimeRecursive do not match: %s", err) - } - - if err := blkioStatEntryEquals(expected.IoMergedRecursive, actual.IoMergedRecursive); err != nil { - t.Errorf("blkio IoMergedRecursive do not match: expected: %v, actual: %v", expected.IoMergedRecursive, actual.IoMergedRecursive) - } - - if err := blkioStatEntryEquals(expected.IoTimeRecursive, actual.IoTimeRecursive); err != nil { - t.Errorf("blkio IoTimeRecursive do not match: %s", err) - } -} - -func expectThrottlingDataEquals(t *testing.T, expected, actual cgroups.ThrottlingData) { - t.Helper() - if expected != actual { - t.Errorf("Expected throttling data: %v, actual: %v", expected, actual) - } -} - -func expectHugetlbStatEquals(t *testing.T, expected, actual cgroups.HugetlbStats) { - t.Helper() - if expected != actual { - t.Errorf("Expected hugetlb stats: %v, actual: %v", expected, actual) - } -} - -func expectMemoryStatEquals(t *testing.T, expected, actual cgroups.MemoryStats) { - t.Helper() - expectMemoryDataEquals(t, expected.Usage, actual.Usage) - expectMemoryDataEquals(t, expected.SwapUsage, actual.SwapUsage) - expectMemoryDataEquals(t, expected.KernelUsage, actual.KernelUsage) - expectPageUsageByNUMAEquals(t, expected.PageUsageByNUMA, actual.PageUsageByNUMA) - - if expected.UseHierarchy != actual.UseHierarchy { - t.Errorf("Expected memory use hierarchy: %v, actual: %v", expected.UseHierarchy, actual.UseHierarchy) - } - - for key, expValue := range expected.Stats { - actValue, ok := actual.Stats[key] - if !ok { - t.Errorf("Expected memory stat key %s not found", key) - } - if expValue != actValue { - t.Errorf("Expected memory stat value: %d, actual: %d", expValue, actValue) - } - } -} - -func expectMemoryDataEquals(t *testing.T, expected, actual cgroups.MemoryData) { - t.Helper() - if expected.Usage != actual.Usage { - t.Errorf("Expected memory usage: %d, actual: %d", expected.Usage, actual.Usage) - } - if expected.MaxUsage != actual.MaxUsage { - t.Errorf("Expected memory max usage: %d, actual: %d", expected.MaxUsage, actual.MaxUsage) - } - if expected.Failcnt != actual.Failcnt { - t.Errorf("Expected memory failcnt %d, actual: %d", expected.Failcnt, actual.Failcnt) - } - if expected.Limit != actual.Limit { - t.Errorf("Expected memory limit: %d, actual: %d", expected.Limit, actual.Limit) - } -} - -func expectPageUsageByNUMAEquals(t *testing.T, expected, actual cgroups.PageUsageByNUMA) { - t.Helper() - if !reflect.DeepEqual(expected.Total, actual.Total) { - t.Errorf("Expected total page usage by NUMA: %#v, actual: %#v", expected.Total, actual.Total) - } - if !reflect.DeepEqual(expected.File, actual.File) { - t.Errorf("Expected file page usage by NUMA: %#v, actual: %#v", expected.File, actual.File) - } - if !reflect.DeepEqual(expected.Anon, actual.Anon) { - t.Errorf("Expected anon page usage by NUMA: %#v, actual: %#v", expected.Anon, actual.Anon) - } - if !reflect.DeepEqual(expected.Unevictable, actual.Unevictable) { - t.Errorf("Expected unevictable page usage by NUMA: %#v, actual: %#v", expected.Unevictable, actual.Unevictable) - } - if !reflect.DeepEqual(expected.Hierarchical.Total, actual.Hierarchical.Total) { - t.Errorf("Expected hierarchical total page usage by NUMA: %#v, actual: %#v", expected.Hierarchical.Total, actual.Hierarchical.Total) - } - if !reflect.DeepEqual(expected.Hierarchical.File, actual.Hierarchical.File) { - t.Errorf("Expected hierarchical file page usage by NUMA: %#v, actual: %#v", expected.Hierarchical.File, actual.Hierarchical.File) - } - if !reflect.DeepEqual(expected.Hierarchical.Anon, actual.Hierarchical.Anon) { - t.Errorf("Expected hierarchical anon page usage by NUMA: %#v, actual: %#v", expected.Hierarchical.Anon, actual.Hierarchical.Anon) - } - if !reflect.DeepEqual(expected.Hierarchical.Unevictable, actual.Hierarchical.Unevictable) { - t.Errorf("Expected hierarchical total page usage by NUMA: %#v, actual: %#v", expected.Hierarchical.Unevictable, actual.Hierarchical.Unevictable) - } -} diff --git a/libcontainer/cgroups/fs/util_test.go b/libcontainer/cgroups/fs/util_test.go deleted file mode 100644 index 87c70ed1d9d..00000000000 --- a/libcontainer/cgroups/fs/util_test.go +++ /dev/null @@ -1,39 +0,0 @@ -/* -Utility for testing cgroup operations. - -Creates a mock of the cgroup filesystem for the duration of the test. -*/ -package fs - -import ( - "os" - "path/filepath" - "testing" - - "github.com/opencontainers/runc/libcontainer/cgroups" -) - -func init() { - cgroups.TestMode = true -} - -// tempDir creates a new test directory for the specified subsystem. -func tempDir(t testing.TB, subsystem string) string { - path := filepath.Join(t.TempDir(), subsystem) - // Ensure the full mock cgroup path exists. - if err := os.Mkdir(path, 0o755); err != nil { - t.Fatal(err) - } - return path -} - -// writeFileContents writes the specified contents on the mock of the specified -// cgroup files. -func writeFileContents(t testing.TB, path string, fileContents map[string]string) { - for file, contents := range fileContents { - err := cgroups.WriteFile(path, file, contents) - if err != nil { - t.Fatal(err) - } - } -} diff --git a/libcontainer/cgroups/fs2/defaultpath_test.go b/libcontainer/cgroups/fs2/defaultpath_test.go deleted file mode 100644 index 6fcc19792b9..00000000000 --- a/libcontainer/cgroups/fs2/defaultpath_test.go +++ /dev/null @@ -1,93 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package fs2 - -import ( - "path/filepath" - "strings" - "testing" - - "github.com/opencontainers/runc/libcontainer/cgroups" -) - -func TestParseCgroupFromReader(t *testing.T) { - cases := map[string]string{ - "0::/user.slice/user-1001.slice/session-1.scope\n": "/user.slice/user-1001.slice/session-1.scope", - "2:cpuset:/foo\n1:name=systemd:/\n": "", - "2:cpuset:/foo\n1:name=systemd:/\n0::/user.slice/user-1001.slice/session-1.scope\n": "/user.slice/user-1001.slice/session-1.scope", - } - for s, expected := range cases { - g, err := parseCgroupFromReader(strings.NewReader(s)) - if expected != "" { - if g != expected { - t.Errorf("expected %q, got %q", expected, g) - } - if err != nil { - t.Error(err) - } - } else { - if err == nil { - t.Error("error is expected") - } - } - } -} - -func TestDefaultDirPath(t *testing.T) { - if !cgroups.IsCgroup2UnifiedMode() { - t.Skip("need cgroupv2") - } - // same code as in defaultDirPath() - ownCgroup, err := parseCgroupFile("/proc/self/cgroup") - if err != nil { - // Not a test failure, but rather some weird - // environment so we can't run this test. - t.Skipf("can't get own cgroup: %v", err) - } - ownCgroup = filepath.Dir(ownCgroup) - - cases := []struct { - cgPath string - cgParent string - cgName string - expected string - }{ - { - cgPath: "/foo/bar", - expected: "/sys/fs/cgroup/foo/bar", - }, - { - cgPath: "foo/bar", - expected: filepath.Join(UnifiedMountpoint, ownCgroup, "foo/bar"), - }, - } - for _, c := range cases { - cg := &cgroups.Cgroup{ - Path: c.cgPath, - Parent: c.cgParent, - Name: c.cgName, - } - - got, err := defaultDirPath(cg) - if err != nil { - t.Fatal(err) - } - if got != c.expected { - t.Fatalf("expected %q, got %q", c.expected, got) - } - } -} diff --git a/libcontainer/cgroups/fs2/io_test.go b/libcontainer/cgroups/fs2/io_test.go deleted file mode 100644 index 15bb64a1d2d..00000000000 --- a/libcontainer/cgroups/fs2/io_test.go +++ /dev/null @@ -1,81 +0,0 @@ -package fs2 - -import ( - "os" - "path/filepath" - "reflect" - "sort" - "testing" - - "github.com/opencontainers/runc/libcontainer/cgroups" -) - -const exampleIoStatData = `254:1 rbytes=6901432320 wbytes=14245535744 rios=263278 wios=248603 dbytes=0 dios=0 -254:0 rbytes=2702336 wbytes=0 rios=97 wios=0 dbytes=0 dios=0 -259:0 rbytes=6911345664 wbytes=14245536256 rios=264538 wios=244914 dbytes=530485248 dios=2` - -var exampleIoStatsParsed = cgroups.BlkioStats{ - IoServiceBytesRecursive: []cgroups.BlkioStatEntry{ - {Major: 254, Minor: 1, Value: 6901432320, Op: "Read"}, - {Major: 254, Minor: 1, Value: 14245535744, Op: "Write"}, - {Major: 254, Minor: 0, Value: 2702336, Op: "Read"}, - {Major: 254, Minor: 0, Value: 0, Op: "Write"}, - {Major: 259, Minor: 0, Value: 6911345664, Op: "Read"}, - {Major: 259, Minor: 0, Value: 14245536256, Op: "Write"}, - }, - IoServicedRecursive: []cgroups.BlkioStatEntry{ - {Major: 254, Minor: 1, Value: 263278, Op: "Read"}, - {Major: 254, Minor: 1, Value: 248603, Op: "Write"}, - {Major: 254, Minor: 0, Value: 97, Op: "Read"}, - {Major: 254, Minor: 0, Value: 0, Op: "Write"}, - {Major: 259, Minor: 0, Value: 264538, Op: "Read"}, - {Major: 259, Minor: 0, Value: 244914, Op: "Write"}, - }, -} - -func lessBlkioStatEntry(a, b cgroups.BlkioStatEntry) bool { - if a.Major != b.Major { - return a.Major < b.Major - } - if a.Minor != b.Minor { - return a.Minor < b.Minor - } - if a.Op != b.Op { - return a.Op < b.Op - } - return a.Value < b.Value -} - -func sortBlkioStats(stats *cgroups.BlkioStats) { - for _, table := range []*[]cgroups.BlkioStatEntry{ - &stats.IoServicedRecursive, - &stats.IoServiceBytesRecursive, - } { - sort.SliceStable(*table, func(i, j int) bool { return lessBlkioStatEntry((*table)[i], (*table)[j]) }) - } -} - -func TestStatIo(t *testing.T) { - // We're using a fake cgroupfs. - cgroups.TestMode = true - - fakeCgroupDir := t.TempDir() - statPath := filepath.Join(fakeCgroupDir, "io.stat") - - if err := os.WriteFile(statPath, []byte(exampleIoStatData), 0o644); err != nil { - t.Fatal(err) - } - - var gotStats cgroups.Stats - if err := statIo(fakeCgroupDir, &gotStats); err != nil { - t.Error(err) - } - - // Sort the output since statIo uses a map internally. - sortBlkioStats(&gotStats.BlkioStats) - sortBlkioStats(&exampleIoStatsParsed) - - if !reflect.DeepEqual(gotStats.BlkioStats, exampleIoStatsParsed) { - t.Errorf("parsed cgroupv2 io.stat doesn't match expected result: \ngot %#v\nexpected %#v\n", gotStats.BlkioStats, exampleIoStatsParsed) - } -} diff --git a/libcontainer/cgroups/fs2/memory_test.go b/libcontainer/cgroups/fs2/memory_test.go deleted file mode 100644 index 89c999d0cee..00000000000 --- a/libcontainer/cgroups/fs2/memory_test.go +++ /dev/null @@ -1,155 +0,0 @@ -package fs2 - -import ( - "os" - "path/filepath" - "strings" - "testing" - - "github.com/opencontainers/runc/libcontainer/cgroups" -) - -const exampleMemoryStatData = `anon 790425600 -file 6502666240 -kernel_stack 7012352 -pagetables 8867840 -percpu 2445520 -sock 40960 -shmem 6721536 -file_mapped 656187392 -file_dirty 1122304 -file_writeback 0 -swapcached 10 -anon_thp 438304768 -file_thp 0 -shmem_thp 0 -inactive_anon 892223488 -active_anon 2973696 -inactive_file 5307346944 -active_file 1179316224 -unevictable 31477760 -slab_reclaimable 348866240 -slab_unreclaimable 10099808 -slab 358966048 -workingset_refault_anon 0 -workingset_refault_file 0 -workingset_activate_anon 0 -workingset_activate_file 0 -workingset_restore_anon 0 -workingset_restore_file 0 -workingset_nodereclaim 0 -pgfault 103216687 -pgmajfault 6879 -pgrefill 0 -pgscan 0 -pgsteal 0 -pgactivate 1110217 -pgdeactivate 292 -pglazyfree 267 -pglazyfreed 0 -thp_fault_alloc 57411 -thp_collapse_alloc 443` - -func TestStatMemoryPodCgroupNotFound(t *testing.T) { - // We're using a fake cgroupfs. - cgroups.TestMode = true - fakeCgroupDir := t.TempDir() - - // only write memory.stat to ensure pod cgroup usage - // still reads memory.current. - statPath := filepath.Join(fakeCgroupDir, "memory.stat") - if err := os.WriteFile(statPath, []byte(exampleMemoryStatData), 0o644); err != nil { - t.Fatal(err) - } - - gotStats := cgroups.NewStats() - - // use a fake root path to mismatch the file we wrote. - // this triggers the non-root path which should fail to find memory.current. - err := statMemory(fakeCgroupDir, gotStats) - if err == nil { - t.Errorf("expected error when statting memory for cgroupv2 root, but was nil") - } - - if !strings.Contains(err.Error(), "memory.current: no such file or directory") { - t.Errorf("expected error to contain 'memory.current: no such file or directory', but was %s", err.Error()) - } -} - -func TestStatMemoryPodCgroup(t *testing.T) { - // We're using a fake cgroupfs. - cgroups.TestMode = true - fakeCgroupDir := t.TempDir() - - statPath := filepath.Join(fakeCgroupDir, "memory.stat") - if err := os.WriteFile(statPath, []byte(exampleMemoryStatData), 0o644); err != nil { - t.Fatal(err) - } - - if err := os.WriteFile(filepath.Join(fakeCgroupDir, "memory.current"), []byte("123456789"), 0o644); err != nil { - t.Fatal(err) - } - - if err := os.WriteFile(filepath.Join(fakeCgroupDir, "memory.max"), []byte("999999999"), 0o644); err != nil { - t.Fatal(err) - } - - if err := os.WriteFile(filepath.Join(fakeCgroupDir, "memory.peak"), []byte("987654321"), 0o644); err != nil { - t.Fatal(err) - } - - gotStats := cgroups.NewStats() - - // use a fake root path to trigger the pod cgroup lookup. - err := statMemory(fakeCgroupDir, gotStats) - if err != nil { - t.Errorf("expected no error when statting memory for cgroupv2 root, but got %#+v", err) - } - - // result should be "memory.current" - var expectedUsageBytes uint64 = 123456789 - if gotStats.MemoryStats.Usage.Usage != expectedUsageBytes { - t.Errorf("parsed cgroupv2 memory.stat doesn't match expected result: \ngot %#v\nexpected %#v\n", gotStats.MemoryStats.Usage.Usage, expectedUsageBytes) - } - - // result should be "memory.max" - var expectedLimitBytes uint64 = 999999999 - if gotStats.MemoryStats.Usage.Limit != expectedLimitBytes { - t.Errorf("parsed cgroupv2 memory.stat doesn't match expected result: \ngot %#v\nexpected %#v\n", gotStats.MemoryStats.Usage.Limit, expectedLimitBytes) - } - - // result should be "memory.peak" - var expectedMaxUsageBytes uint64 = 987654321 - if gotStats.MemoryStats.Usage.MaxUsage != expectedMaxUsageBytes { - t.Errorf("parsed cgroupv2 memory.stat doesn't match expected result: \ngot %#v\nexpected %#v\n", gotStats.MemoryStats.Usage.MaxUsage, expectedMaxUsageBytes) - } -} - -func TestRootStatsFromMeminfo(t *testing.T) { - stats := &cgroups.Stats{ - MemoryStats: cgroups.MemoryStats{ - Stats: map[string]uint64{ - "anon": 790425600, - "file": 6502666240, - }, - }, - } - - if err := rootStatsFromMeminfo(stats); err != nil { - t.Fatal(err) - } - - // result is anon + file - var expectedUsageBytes uint64 = 7293091840 - if stats.MemoryStats.Usage.Usage != expectedUsageBytes { - t.Errorf("parsed cgroupv2 memory.stat doesn't match expected result: \ngot %d\nexpected %d\n", stats.MemoryStats.Usage.Usage, expectedUsageBytes) - } - - // swap is adjusted to mem+swap - if stats.MemoryStats.SwapUsage.Usage < stats.MemoryStats.Usage.Usage { - t.Errorf("swap usage %d should be at least mem usage %d", stats.MemoryStats.SwapUsage.Usage, stats.MemoryStats.Usage.Usage) - } - if stats.MemoryStats.SwapUsage.Limit < stats.MemoryStats.Usage.Limit { - t.Errorf("swap limit %d should be at least mem limit %d", stats.MemoryStats.SwapUsage.Limit, stats.MemoryStats.Usage.Limit) - } -} diff --git a/libcontainer/cgroups/fs2/misc_test.go b/libcontainer/cgroups/fs2/misc_test.go deleted file mode 100644 index a3f82395196..00000000000 --- a/libcontainer/cgroups/fs2/misc_test.go +++ /dev/null @@ -1,103 +0,0 @@ -package fs2 - -import ( - "os" - "path/filepath" - "strings" - "testing" - - "github.com/opencontainers/runc/libcontainer/cgroups" -) - -const exampleMiscCurrentData = `res_a 123 -res_b 456 -res_c 42` - -const exampleMiscEventsData = `res_a.max 1 -res_b.max 2 -res_c.max 3` - -func TestStatMiscPodCgroupEmpty(t *testing.T) { - // We're using a fake cgroupfs. - cgroups.TestMode = true - fakeCgroupDir := t.TempDir() - - // create empty misc.current and misc.events files to test the common case - // where no misc resource keys are available - for _, file := range []string{"misc.current", "misc.events"} { - if _, err := os.Create(filepath.Join(fakeCgroupDir, file)); err != nil { - t.Fatal(err) - } - } - - gotStats := cgroups.NewStats() - - err := statMisc(fakeCgroupDir, gotStats) - if err != nil { - t.Errorf("expected no error when statting empty misc.current/misc.events for cgroupv2, but got %#v", err) - } - - if len(gotStats.MiscStats) != 0 { - t.Errorf("parsed cgroupv2 misc.* returns unexpected resources: got %#v but expected nothing", gotStats.MiscStats) - } -} - -func TestStatMiscPodCgroupNotFound(t *testing.T) { - // We're using a fake cgroupfs. - cgroups.TestMode = true - fakeCgroupDir := t.TempDir() - - // only write misc.current to ensure pod cgroup usage - // still reads misc.events. - statPath := filepath.Join(fakeCgroupDir, "misc.current") - if err := os.WriteFile(statPath, []byte(exampleMiscCurrentData), 0o644); err != nil { - t.Fatal(err) - } - - gotStats := cgroups.NewStats() - - // use a fake root path to mismatch the file we wrote. - // this triggers the non-root path which should fail to find misc.events. - err := statMisc(fakeCgroupDir, gotStats) - if err == nil { - t.Errorf("expected error when statting misc.current for cgroupv2 root, but was nil") - } - - if !strings.Contains(err.Error(), "misc.events: no such file or directory") { - t.Errorf("expected error to contain 'misc.events: no such file or directory', but was %s", err.Error()) - } -} - -func TestStatMiscPodCgroup(t *testing.T) { - // We're using a fake cgroupfs. - cgroups.TestMode = true - fakeCgroupDir := t.TempDir() - - currentPath := filepath.Join(fakeCgroupDir, "misc.current") - if err := os.WriteFile(currentPath, []byte(exampleMiscCurrentData), 0o644); err != nil { - t.Fatal(err) - } - - eventsPath := filepath.Join(fakeCgroupDir, "misc.events") - if err := os.WriteFile(eventsPath, []byte(exampleMiscEventsData), 0o644); err != nil { - t.Fatal(err) - } - - gotStats := cgroups.NewStats() - - // use a fake root path to trigger the pod cgroup lookup. - err := statMisc(fakeCgroupDir, gotStats) - if err != nil { - t.Errorf("expected no error when statting misc for cgroupv2 root, but got %#+v", err) - } - - // make sure all res_* from exampleMisc*Data are returned - if len(gotStats.MiscStats) != 3 { - t.Errorf("parsed cgroupv2 misc doesn't return all expected resources: \ngot %#v\nexpected %#v\n", len(gotStats.MiscStats), 3) - } - - var expectedUsageBytes uint64 = 42 - if gotStats.MiscStats["res_c"].Usage != expectedUsageBytes { - t.Errorf("parsed cgroupv2 misc.current for res_c doesn't match expected result: \ngot %#v\nexpected %#v\n", gotStats.MiscStats["res_c"].Usage, expectedUsageBytes) - } -} diff --git a/libcontainer/cgroups/fs2/psi_test.go b/libcontainer/cgroups/fs2/psi_test.go deleted file mode 100644 index f70c19f7835..00000000000 --- a/libcontainer/cgroups/fs2/psi_test.go +++ /dev/null @@ -1,47 +0,0 @@ -package fs2 - -import ( - "os" - "path/filepath" - "reflect" - "testing" - - "github.com/opencontainers/runc/libcontainer/cgroups" -) - -func TestStatCPUPSI(t *testing.T) { - const examplePSIData = `some avg10=1.71 avg60=2.36 avg300=2.57 total=230548833 -full avg10=1.00 avg60=1.01 avg300=1.00 total=157622356` - - // We're using a fake cgroupfs. - cgroups.TestMode = true - - fakeCgroupDir := t.TempDir() - statPath := filepath.Join(fakeCgroupDir, "cpu.pressure") - - if err := os.WriteFile(statPath, []byte(examplePSIData), 0o644); err != nil { - t.Fatal(err) - } - - st, err := statPSI(fakeCgroupDir, "cpu.pressure") - if err != nil { - t.Fatal(err) - } - - if !reflect.DeepEqual(*st, cgroups.PSIStats{ - Some: cgroups.PSIData{ - Avg10: 1.71, - Avg60: 2.36, - Avg300: 2.57, - Total: 230548833, - }, - Full: cgroups.PSIData{ - Avg10: 1.00, - Avg60: 1.01, - Avg300: 1.00, - Total: 157622356, - }, - }) { - t.Errorf("unexpected PSI result: %+v", st) - } -} diff --git a/libcontainer/cgroups/fscommon/rdma_test.go b/libcontainer/cgroups/fscommon/rdma_test.go deleted file mode 100644 index ad15d515d02..00000000000 --- a/libcontainer/cgroups/fscommon/rdma_test.go +++ /dev/null @@ -1,57 +0,0 @@ -package fscommon - -import ( - "os" - "path/filepath" - "testing" - - "github.com/opencontainers/runc/libcontainer/cgroups" -) - -/* Roadmap for future */ -// (Low-priority) TODO: Check if it is possible to virtually mimic an actual RDMA device. -// TODO: Think of more edge-cases to add. - -// TestRdmaSet performs an E2E test of RdmaSet(), parseRdmaKV() using dummy device and a dummy cgroup file-system. -// Note: Following test does not guarantees that your host supports RDMA since this mocks underlying infrastructure. -func TestRdmaSet(t *testing.T) { - testCgroupPath := filepath.Join(t.TempDir(), "rdma") - - // Ensure the full mock cgroup path exists. - err := os.Mkdir(testCgroupPath, 0o755) - if err != nil { - t.Fatal(err) - } - - rdmaDevice := "mlx5_1" - maxHandles := uint32(100) - maxObjects := uint32(300) - - rdmaStubResource := &cgroups.Resources{ - Rdma: map[string]cgroups.LinuxRdma{ - rdmaDevice: { - HcaHandles: &maxHandles, - HcaObjects: &maxObjects, - }, - }, - } - - if err := RdmaSet(testCgroupPath, rdmaStubResource); err != nil { - t.Fatal(err) - } - - // The default rdma.max must be written. - rdmaEntries, err := readRdmaEntries(testCgroupPath, "rdma.max") - if err != nil { - t.Fatal(err) - } - if len(rdmaEntries) != 1 { - t.Fatal("rdma_test: Got the wrong values while parsing entries from rdma.max") - } - if rdmaEntries[0].HcaHandles != maxHandles { - t.Fatalf("rdma_test: Got the wrong value for hca_handles") - } - if rdmaEntries[0].HcaObjects != maxObjects { - t.Fatalf("rdma_test: Got the wrong value for hca_Objects") - } -} diff --git a/libcontainer/cgroups/fscommon/utils_test.go b/libcontainer/cgroups/fscommon/utils_test.go deleted file mode 100644 index 0339e998904..00000000000 --- a/libcontainer/cgroups/fscommon/utils_test.go +++ /dev/null @@ -1,95 +0,0 @@ -package fscommon - -import ( - "math" - "os" - "path/filepath" - "strconv" - "testing" - - "github.com/opencontainers/runc/libcontainer/cgroups" -) - -const ( - cgroupFile = "cgroup.file" - floatValue = 2048.0 - floatString = "2048" -) - -func init() { - cgroups.TestMode = true -} - -func TestGetCgroupParamsInt(t *testing.T) { - // Setup tempdir. - tempDir := t.TempDir() - tempFile := filepath.Join(tempDir, cgroupFile) - - // Success. - if err := os.WriteFile(tempFile, []byte(floatString), 0o755); err != nil { - t.Fatal(err) - } - value, err := GetCgroupParamUint(tempDir, cgroupFile) - if err != nil { - t.Fatal(err) - } else if value != floatValue { - t.Fatalf("Expected %d to equal %f", value, floatValue) - } - - // Success with new line. - err = os.WriteFile(tempFile, []byte(floatString+"\n"), 0o755) - if err != nil { - t.Fatal(err) - } - value, err = GetCgroupParamUint(tempDir, cgroupFile) - if err != nil { - t.Fatal(err) - } else if value != floatValue { - t.Fatalf("Expected %d to equal %f", value, floatValue) - } - - // Success with negative values - err = os.WriteFile(tempFile, []byte("-12345"), 0o755) - if err != nil { - t.Fatal(err) - } - value, err = GetCgroupParamUint(tempDir, cgroupFile) - if err != nil { - t.Fatal(err) - } else if value != 0 { - t.Fatalf("Expected %d to equal %d", value, 0) - } - - // Success with negative values lesser than min int64 - s := strconv.FormatFloat(math.MinInt64, 'f', -1, 64) - err = os.WriteFile(tempFile, []byte(s), 0o755) - if err != nil { - t.Fatal(err) - } - value, err = GetCgroupParamUint(tempDir, cgroupFile) - if err != nil { - t.Fatal(err) - } else if value != 0 { - t.Fatalf("Expected %d to equal %d", value, 0) - } - - // Not a float. - err = os.WriteFile(tempFile, []byte("not-a-float"), 0o755) - if err != nil { - t.Fatal(err) - } - _, err = GetCgroupParamUint(tempDir, cgroupFile) - if err == nil { - t.Fatal("Expecting error, got none") - } - - // Unknown file. - err = os.Remove(tempFile) - if err != nil { - t.Fatal(err) - } - _, err = GetCgroupParamUint(tempDir, cgroupFile) - if err == nil { - t.Fatal("Expecting error, got none") - } -} diff --git a/libcontainer/cgroups/getallpids_test.go b/libcontainer/cgroups/getallpids_test.go deleted file mode 100644 index e6b06323786..00000000000 --- a/libcontainer/cgroups/getallpids_test.go +++ /dev/null @@ -1,17 +0,0 @@ -package cgroups - -import ( - "testing" -) - -func BenchmarkGetAllPids(b *testing.B) { - total := 0 - for i := 0; i < b.N; i++ { - i, err := GetAllPids("/sys/fs/cgroup") - if err != nil { - b.Fatal(err) - } - total += len(i) - } - b.Logf("iter: %d, total: %d", b.N, total) -} diff --git a/libcontainer/cgroups/manager/manager_test.go b/libcontainer/cgroups/manager/manager_test.go deleted file mode 100644 index dc861bb423d..00000000000 --- a/libcontainer/cgroups/manager/manager_test.go +++ /dev/null @@ -1,55 +0,0 @@ -package manager - -import ( - "testing" - - "github.com/opencontainers/runc/libcontainer/cgroups" - "github.com/opencontainers/runc/libcontainer/cgroups/systemd" -) - -// TestNilResources checks that a cgroup manager do not panic when -// config.Resources is nil. While it does not make sense to use a -// manager with no resources, it should not result in a panic. -// -// This tests either v1 or v2 fs cgroup manager, depending on which -// cgroup version is available. -func TestNilResources(t *testing.T) { - testNilResources(t, false) -} - -// TestNilResourcesSystemd is the same as TestNilResources, -// only checking the systemd cgroup manager. -func TestNilResourcesSystemd(t *testing.T) { - if !systemd.IsRunningSystemd() { - t.Skip("requires systemd") - } - testNilResources(t, true) -} - -func testNilResources(t *testing.T, systemd bool) { - cg := &cgroups.Cgroup{} // .Resources is nil - cg.Systemd = systemd - mgr, err := New(cg) - if err != nil { - // Some managers require non-nil Resources during - // instantiation -- provide and retry. In such case - // we're mostly testing Set(nil) below. - cg.Resources = &cgroups.Resources{} - mgr, err = New(cg) - if err != nil { - t.Fatal(err) - } - } - _ = mgr.Apply(-1) - _ = mgr.Set(nil) - _ = mgr.Freeze(cgroups.Thawed) - _ = mgr.Exists() - _, _ = mgr.GetAllPids() - _, _ = mgr.GetCgroups() - _, _ = mgr.GetFreezerState() - _ = mgr.Path("") - _ = mgr.GetPaths() - _, _ = mgr.GetStats() - _, _ = mgr.OOMKillCount() - _ = mgr.Destroy() -} diff --git a/libcontainer/cgroups/systemd/cpuset_test.go b/libcontainer/cgroups/systemd/cpuset_test.go deleted file mode 100644 index bda31a5beca..00000000000 --- a/libcontainer/cgroups/systemd/cpuset_test.go +++ /dev/null @@ -1,55 +0,0 @@ -package systemd - -import ( - "bytes" - "testing" -) - -func TestRangeToBits(t *testing.T) { - testCases := []struct { - in string - out []byte - isErr bool - }{ - {in: "", isErr: true}, - {in: "0", out: []byte{1}}, - {in: "1", out: []byte{2}}, - {in: "0-1", out: []byte{3}}, - {in: "0,1", out: []byte{3}}, - {in: ",0,1,", out: []byte{3}}, - {in: "0-3", out: []byte{0x0f}}, - {in: "0,1,2-3", out: []byte{0x0f}}, - {in: "4-7", out: []byte{0xf0}}, - {in: "0-7", out: []byte{0xff}}, - {in: "0-15", out: []byte{0xff, 0xff}}, - {in: "16", out: []byte{0, 0, 1}}, - {in: "0-3,32-33", out: []byte{0x0f, 0, 0, 0, 3}}, - // extra spaces and tabs are ok - {in: "1, 2, 1-2", out: []byte{6}}, - {in: " , 1 , 3 , 5-7, ", out: []byte{0xea}}, - // somewhat large values - {in: "128-130,1", out: []byte{2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 7}}, - - {in: "-", isErr: true}, - {in: "1-", isErr: true}, - {in: "-3", isErr: true}, - // bad range (start > end) - {in: "54-53", isErr: true}, - // kernel does not allow extra spaces inside a range - {in: "1 - 2", isErr: true}, - } - - for _, tc := range testCases { - out, err := RangeToBits(tc.in) - if err != nil { - if !tc.isErr { - t.Errorf("case %q: unexpected error: %v", tc.in, err) - } - - continue - } - if !bytes.Equal(out, tc.out) { - t.Errorf("case %q: expected %v, got %v", tc.in, tc.out, out) - } - } -} diff --git a/libcontainer/cgroups/systemd/freeze_test.go b/libcontainer/cgroups/systemd/freeze_test.go deleted file mode 100644 index 8ecf5e6e649..00000000000 --- a/libcontainer/cgroups/systemd/freeze_test.go +++ /dev/null @@ -1,354 +0,0 @@ -package systemd - -import ( - "bufio" - "bytes" - "os" - "os/exec" - "strings" - "testing" - - "github.com/opencontainers/runc/libcontainer/cgroups" - "golang.org/x/sys/unix" -) - -func TestFreezeBeforeSet(t *testing.T) { - requireV1(t) - - testCases := []struct { - desc string - // Test input. - cg *cgroups.Cgroup - preFreeze bool - // Expected values. - // Before unit creation (Apply). - freeze0, thaw0 bool - // After unit creation. - freeze1, thaw1 bool - }{ - { - // A slice with SkipDevices. - desc: "slice,skip-devices", - cg: &cgroups.Cgroup{ - Name: "system-runc_test_freeze_1.slice", - Parent: "system.slice", - Resources: &cgroups.Resources{ - SkipDevices: true, - }, - }, - // Expected. - freeze0: false, - thaw0: false, - freeze1: false, - thaw1: false, - }, - { - // A scope with SkipDevices. Not a realistic scenario with runc - // (as container can't have SkipDevices == true), but possible - // for a standalone cgroup manager. - desc: "scope,skip-devices", - cg: &cgroups.Cgroup{ - ScopePrefix: "test", - Name: "testFreeze2", - Parent: "system.slice", - Resources: &cgroups.Resources{ - SkipDevices: true, - }, - }, - // Expected. - freeze0: false, - thaw0: false, - freeze1: false, - thaw1: false, - }, - { - // A slice that is about to be frozen in Set. - desc: "slice,will-freeze", - cg: &cgroups.Cgroup{ - Name: "system-runc_test_freeze_3.slice", - Parent: "system.slice", - Resources: &cgroups.Resources{ - Freezer: cgroups.Frozen, - }, - }, - // Expected. - freeze0: true, - thaw0: false, - freeze1: true, - thaw1: false, - }, - { - // A pre-frozen slice that should stay frozen. - desc: "slice,pre-frozen,will-freeze", - cg: &cgroups.Cgroup{ - Name: "system-runc_test_freeze_4.slice", - Parent: "system.slice", - Resources: &cgroups.Resources{ - Freezer: cgroups.Frozen, - }, - }, - preFreeze: true, - // Expected. - freeze0: true, // not actually frozen yet. - thaw0: false, - freeze1: false, - thaw1: false, - }, - { - // A pre-frozen scope with skip devices set. - desc: "scope,pre-frozen,skip-devices", - cg: &cgroups.Cgroup{ - ScopePrefix: "test", - Name: "testFreeze5", - Parent: "system.slice", - Resources: &cgroups.Resources{ - SkipDevices: true, - }, - }, - preFreeze: true, - // Expected. - freeze0: false, - thaw0: false, - freeze1: false, - thaw1: false, - }, - { - // A pre-frozen scope which will be thawed. - desc: "scope,pre-frozen", - cg: &cgroups.Cgroup{ - ScopePrefix: "test", - Name: "testFreeze6", - Parent: "system.slice", - Resources: &cgroups.Resources{}, - }, - preFreeze: true, - // Expected. - freeze0: true, // not actually frozen yet. - thaw0: true, - freeze1: false, - thaw1: false, - }, - } - - for _, tc := range testCases { - tc := tc - t.Run(tc.desc, func(t *testing.T) { - m, err := NewLegacyManager(tc.cg, nil) - if err != nil { - t.Fatal(err) - } - defer m.Destroy() //nolint:errcheck - - // Checks for a non-existent unit. - freeze, thaw, err := m.freezeBeforeSet(getUnitName(tc.cg), tc.cg.Resources) - if err != nil { - t.Fatal(err) - } - if freeze != tc.freeze0 || thaw != tc.thaw0 { - t.Errorf("before Apply (non-existent unit): expected freeze: %v, thaw: %v, got freeze: %v, thaw: %v", - tc.freeze0, tc.thaw0, freeze, thaw) - } - - // Create systemd unit. - pid := -1 - if strings.HasSuffix(getUnitName(tc.cg), ".scope") { - // Scopes require a process inside. - cmd := exec.Command("bash", "-c", "sleep 1m") - if err := cmd.Start(); err != nil { - t.Fatal(err) - } - pid = cmd.Process.Pid - // Make sure to not leave a zombie. - defer func() { - // These may fail, we don't care. - _ = cmd.Process.Kill() - _ = cmd.Wait() - }() - } - if err := m.Apply(pid); err != nil { - t.Fatal(err) - } - if tc.preFreeze { - if err := m.Freeze(cgroups.Frozen); err != nil { - t.Error(err) - return // no more checks - } - } - freeze, thaw, err = m.freezeBeforeSet(getUnitName(tc.cg), tc.cg.Resources) - if err != nil { - t.Error(err) - return // no more checks - } - if freeze != tc.freeze1 || thaw != tc.thaw1 { - t.Errorf("expected freeze: %v, thaw: %v, got freeze: %v, thaw: %v", - tc.freeze1, tc.thaw1, freeze, thaw) - } - // Destroy() timeouts on a frozen container, so we need to thaw it. - if tc.preFreeze { - if err := m.Freeze(cgroups.Thawed); err != nil { - t.Error(err) - } - } - // Destroy() does not kill processes in cgroup, so we should. - if pid != -1 { - if err = unix.Kill(pid, unix.SIGKILL); err != nil { - t.Errorf("unable to kill pid %d: %s", pid, err) - } - } - // Not really needed, but may help catch some bugs. - if err := m.Destroy(); err != nil { - t.Errorf("destroy: %s", err) - } - }) - } -} - -// requireV1 skips the test unless a set of requirements (cgroup v1, -// systemd, root) is met. -func requireV1(t *testing.T) { - t.Helper() - if cgroups.IsCgroup2UnifiedMode() { - t.Skip("Test requires cgroup v1.") - } - if !IsRunningSystemd() { - t.Skip("Test requires systemd.") - } - if os.Geteuid() != 0 { - t.Skip("Test requires root.") - } -} - -func TestFreezePodCgroup(t *testing.T) { - if !IsRunningSystemd() { - t.Skip("Test requires systemd.") - } - if os.Geteuid() != 0 { - t.Skip("Test requires root.") - } - - podConfig := &cgroups.Cgroup{ - Parent: "system.slice", - Name: "system-runc_test_pod.slice", - Resources: &cgroups.Resources{ - SkipDevices: true, - Freezer: cgroups.Frozen, - }, - } - // Create a "pod" cgroup (a systemd slice to hold containers), - // which is frozen initially. - pm := newManager(t, podConfig) - if err := pm.Apply(-1); err != nil { - t.Fatal(err) - } - - if err := pm.Set(podConfig.Resources); err != nil { - t.Fatal(err) - } - - // Check the pod is frozen. - pf, err := pm.GetFreezerState() - if err != nil { - t.Fatal(err) - } - if pf != cgroups.Frozen { - t.Fatalf("expected pod to be frozen, got %v", pf) - } - - // Create a "container" within the "pod" cgroup. - // This is not a real container, just a process in the cgroup. - containerConfig := &cgroups.Cgroup{ - Parent: "system-runc_test_pod.slice", - ScopePrefix: "test", - Name: "inner-container", - Resources: &cgroups.Resources{}, - } - - cmd := exec.Command("bash", "-c", "while read; do echo $REPLY; done") - cmd.Env = append(os.Environ(), "LANG=C") - - // Setup stdin. - stdinR, stdinW, err := os.Pipe() - if err != nil { - t.Fatal(err) - } - cmd.Stdin = stdinR - - // Setup stdout. - stdoutR, stdoutW, err := os.Pipe() - if err != nil { - t.Fatal(err) - } - cmd.Stdout = stdoutW - rdr := bufio.NewReader(stdoutR) - - // Setup stderr. - var stderr bytes.Buffer - cmd.Stderr = &stderr - - err = cmd.Start() - stdinR.Close() - stdoutW.Close() - defer func() { - _ = stdinW.Close() - _ = stdoutR.Close() - }() - if err != nil { - t.Fatal(err) - } - // Make sure to not leave a zombie. - defer func() { - // These may fail, we don't care. - _ = cmd.Process.Kill() - _ = cmd.Wait() - }() - - // Put the process into a cgroup. - cm := newManager(t, containerConfig) - - if err := cm.Apply(cmd.Process.Pid); err != nil { - t.Fatal(err) - } - if err := cm.Set(containerConfig.Resources); err != nil { - t.Fatal(err) - } - // Check that we put the "container" into the "pod" cgroup. - if !strings.HasPrefix(cm.Path("freezer"), pm.Path("freezer")) { - t.Fatalf("expected container cgroup path %q to be under pod cgroup path %q", - cm.Path("freezer"), pm.Path("freezer")) - } - // Check the container is not reported as frozen despite the frozen parent. - cf, err := cm.GetFreezerState() - if err != nil { - t.Fatal(err) - } - if cf != cgroups.Thawed { - t.Fatalf("expected container to be thawed, got %v", cf) - } - - // Unfreeze the pod. - if err := pm.Freeze(cgroups.Thawed); err != nil { - t.Fatal(err) - } - - cf, err = cm.GetFreezerState() - if err != nil { - t.Fatal(err) - } - if cf != cgroups.Thawed { - t.Fatalf("expected container to be thawed, got %v", cf) - } - - // Check the "container" works. - marker := "one two\n" - _, err = stdinW.WriteString(marker) - if err != nil { - t.Fatal(err) - } - reply, err := rdr.ReadString('\n') - if err != nil { - t.Fatalf("reading from container: %v", err) - } - if reply != marker { - t.Fatalf("expected %q, got %q", marker, reply) - } -} diff --git a/libcontainer/cgroups/systemd/systemd_test.go b/libcontainer/cgroups/systemd/systemd_test.go deleted file mode 100644 index 9980e780df3..00000000000 --- a/libcontainer/cgroups/systemd/systemd_test.go +++ /dev/null @@ -1,180 +0,0 @@ -package systemd - -import ( - "os" - "reflect" - "testing" - - systemdDbus "github.com/coreos/go-systemd/v22/dbus" - "github.com/opencontainers/runc/libcontainer/cgroups" -) - -func newManager(t *testing.T, config *cgroups.Cgroup) (m cgroups.Manager) { - t.Helper() - var err error - - if cgroups.IsCgroup2UnifiedMode() { - m, err = NewUnifiedManager(config, "") - } else { - m, err = NewLegacyManager(config, nil) - } - if err != nil { - t.Fatal(err) - } - t.Cleanup(func() { _ = m.Destroy() }) - - return m -} - -func TestSystemdVersion(t *testing.T) { - systemdVersionTests := []struct { - verStr string - expectedVer int - expectErr bool - }{ - {`"219"`, 219, false}, - {`"v245.4-1.fc32"`, 245, false}, - {`"241-1"`, 241, false}, - {`"v241-1"`, 241, false}, - {`333.45"`, 333, false}, - {`v321-0`, 321, false}, - {"NaN", -1, true}, - {"", -1, true}, - {"v", -1, true}, - } - for _, sdTest := range systemdVersionTests { - ver, err := systemdVersionAtoi(sdTest.verStr) - if !sdTest.expectErr && err != nil { - t.Errorf("systemdVersionAtoi(%s); want nil; got %v", sdTest.verStr, err) - } - if sdTest.expectErr && err == nil { - t.Errorf("systemdVersionAtoi(%s); wanted failure; got nil", sdTest.verStr) - } - if ver != sdTest.expectedVer { - t.Errorf("systemdVersionAtoi(%s); want %d; got %d", sdTest.verStr, sdTest.expectedVer, ver) - } - } -} - -func TestValidUnitTypes(t *testing.T) { - testCases := []struct { - unitName string - expectedUnitType string - }{ - {"system.slice", "Slice"}, - {"kubepods.slice", "Slice"}, - {"testing-container:ab.scope", "Scope"}, - } - for _, sdTest := range testCases { - unitType := getUnitType(sdTest.unitName) - if unitType != sdTest.expectedUnitType { - t.Errorf("getUnitType(%s); want %q; got %q", sdTest.unitName, sdTest.expectedUnitType, unitType) - } - } -} - -func TestUnitExistsIgnored(t *testing.T) { - if !IsRunningSystemd() { - t.Skip("Test requires systemd.") - } - if os.Geteuid() != 0 { - t.Skip("Test requires root.") - } - - podConfig := &cgroups.Cgroup{ - Parent: "system.slice", - Name: "system-runc_test_exists.slice", - Resources: &cgroups.Resources{}, - } - // Create "pods" cgroup (a systemd slice to hold containers). - pm := newManager(t, podConfig) - - // create twice to make sure "UnitExists" error is ignored. - for i := 0; i < 2; i++ { - if err := pm.Apply(-1); err != nil { - t.Fatal(err) - } - } -} - -func TestUnifiedResToSystemdProps(t *testing.T) { - if !IsRunningSystemd() { - t.Skip("Test requires systemd.") - } - if !cgroups.IsCgroup2UnifiedMode() { - t.Skip("cgroup v2 is required") - } - - cm := newDbusConnManager(os.Geteuid() != 0) - - testCases := []struct { - name string - minVer int - res map[string]string - expError bool - expProps []systemdDbus.Property - }{ - { - name: "empty map", - res: map[string]string{}, - }, - { - name: "only cpu.idle=1", - minVer: cpuIdleSupportedVersion, - res: map[string]string{ - "cpu.idle": "1", - }, - expProps: []systemdDbus.Property{ - newProp("CPUWeight", uint64(0)), - }, - }, - { - name: "only cpu.idle=0", - minVer: cpuIdleSupportedVersion, - res: map[string]string{ - "cpu.idle": "0", - }, - }, - { - name: "cpu.idle=1 and cpu.weight=1000", - minVer: cpuIdleSupportedVersion, - res: map[string]string{ - "cpu.idle": "1", - "cpu.weight": "1000", - }, - expProps: []systemdDbus.Property{ - newProp("CPUWeight", uint64(0)), - }, - }, - { - name: "cpu.idle=0 and cpu.weight=1000", - minVer: cpuIdleSupportedVersion, - res: map[string]string{ - "cpu.idle": "0", - "cpu.weight": "1000", - }, - expProps: []systemdDbus.Property{ - newProp("CPUWeight", uint64(1000)), - }, - }, - } - - for _, tc := range testCases { - tc := tc - t.Run(tc.name, func(t *testing.T) { - if tc.minVer != 0 && systemdVersion(cm) < tc.minVer { - t.Skipf("requires systemd >= %d", tc.minVer) - } - props, err := unifiedResToSystemdProps(cm, tc.res) - if err != nil && !tc.expError { - t.Fatalf("expected no error, got: %v", err) - } - if err == nil && tc.expError { - t.Fatal("expected error, got nil") - } - if !reflect.DeepEqual(tc.expProps, props) { - t.Errorf("wrong properties (exp %+v, got %+v)", tc.expProps, props) - } - }) - } -} diff --git a/libcontainer/cgroups/utils_test.go b/libcontainer/cgroups/utils_test.go deleted file mode 100644 index 58ac85a5864..00000000000 --- a/libcontainer/cgroups/utils_test.go +++ /dev/null @@ -1,691 +0,0 @@ -package cgroups - -import ( - "bytes" - "errors" - "path/filepath" - "reflect" - "strings" - "testing" - - "github.com/moby/sys/mountinfo" - "golang.org/x/sys/unix" -) - -const fedoraMountinfo = `15 35 0:3 / /proc rw,nosuid,nodev,noexec,relatime shared:5 - proc proc rw -16 35 0:14 / /sys rw,nosuid,nodev,noexec,relatime shared:6 - sysfs sysfs rw,seclabel -17 35 0:5 / /dev rw,nosuid shared:2 - devtmpfs devtmpfs rw,seclabel,size=8056484k,nr_inodes=2014121,mode=755 -18 16 0:15 / /sys/kernel/security rw,nosuid,nodev,noexec,relatime shared:7 - securityfs securityfs rw -19 16 0:13 / /sys/fs/selinux rw,relatime shared:8 - selinuxfs selinuxfs rw -20 17 0:16 / /dev/shm rw,nosuid,nodev shared:3 - tmpfs tmpfs rw,seclabel -21 17 0:10 / /dev/pts rw,nosuid,noexec,relatime shared:4 - devpts devpts rw,seclabel,gid=5,mode=620,ptmxmode=000 -22 35 0:17 / /run rw,nosuid,nodev shared:21 - tmpfs tmpfs rw,seclabel,mode=755 -23 16 0:18 / /sys/fs/cgroup rw,nosuid,nodev,noexec shared:9 - tmpfs tmpfs rw,seclabel,mode=755 -24 23 0:19 / /sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime shared:10 - cgroup cgroup rw,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd -25 16 0:20 / /sys/fs/pstore rw,nosuid,nodev,noexec,relatime shared:20 - pstore pstore rw -26 23 0:21 / /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime shared:11 - cgroup cgroup rw,cpuset,clone_children -27 23 0:22 / /sys/fs/cgroup/cpu,cpuacct rw,nosuid,nodev,noexec,relatime shared:12 - cgroup cgroup rw,cpuacct,cpu,clone_children -28 23 0:23 / /sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime shared:13 - cgroup cgroup rw,memory,clone_children -29 23 0:24 / /sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime shared:14 - cgroup cgroup rw,devices,clone_children -30 23 0:25 / /sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime shared:15 - cgroup cgroup rw,freezer,clone_children -31 23 0:26 / /sys/fs/cgroup/net_cls rw,nosuid,nodev,noexec,relatime shared:16 - cgroup cgroup rw,net_cls,clone_children -32 23 0:27 / /sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime shared:17 - cgroup cgroup rw,blkio,clone_children -33 23 0:28 / /sys/fs/cgroup/perf_event rw,nosuid,nodev,noexec,relatime shared:18 - cgroup cgroup rw,perf_event,clone_children -34 23 0:29 / /sys/fs/cgroup/hugetlb rw,nosuid,nodev,noexec,relatime shared:19 - cgroup cgroup rw,hugetlb,clone_children -35 1 253:2 / / rw,relatime shared:1 - ext4 /dev/mapper/ssd-root--f20 rw,seclabel,data=ordered -36 15 0:30 / /proc/sys/fs/binfmt_misc rw,relatime shared:22 - autofs systemd-1 rw,fd=38,pgrp=1,timeout=300,minproto=5,maxproto=5,direct -37 17 0:12 / /dev/mqueue rw,relatime shared:23 - mqueue mqueue rw,seclabel -38 35 0:31 / /tmp rw shared:24 - tmpfs tmpfs rw,seclabel -39 17 0:32 / /dev/hugepages rw,relatime shared:25 - hugetlbfs hugetlbfs rw,seclabel -40 16 0:7 / /sys/kernel/debug rw,relatime shared:26 - debugfs debugfs rw -41 16 0:33 / /sys/kernel/config rw,relatime shared:27 - configfs configfs rw -42 35 0:34 / /var/lib/nfs/rpc_pipefs rw,relatime shared:28 - rpc_pipefs sunrpc rw -43 15 0:35 / /proc/fs/nfsd rw,relatime shared:29 - nfsd sunrpc rw -45 35 8:17 / /boot rw,relatime shared:30 - ext4 /dev/sdb1 rw,seclabel,data=ordered -46 35 253:4 / /home rw,relatime shared:31 - ext4 /dev/mapper/ssd-home rw,seclabel,data=ordered -47 35 253:5 / /var/lib/libvirt/images rw,noatime,nodiratime shared:32 - ext4 /dev/mapper/ssd-virt rw,seclabel,discard,data=ordered -48 35 253:12 / /mnt/old rw,relatime shared:33 - ext4 /dev/mapper/HelpDeskRHEL6-FedoraRoot rw,seclabel,data=ordered -121 22 0:36 / /run/user/1000/gvfs rw,nosuid,nodev,relatime shared:104 - fuse.gvfsd-fuse gvfsd-fuse rw,user_id=1000,group_id=1000 -124 16 0:37 / /sys/fs/fuse/connections rw,relatime shared:107 - fusectl fusectl rw -165 38 253:3 / /tmp/mnt rw,relatime shared:147 - ext4 /dev/mapper/ssd-root rw,seclabel,data=ordered -167 35 253:15 / /var/lib/docker/devicemapper/mnt/aae4076022f0e2b80a2afbf8fc6df450c52080191fcef7fb679a73e6f073e5c2 rw,relatime shared:149 - ext4 /dev/mapper/docker-253:2-425882-aae4076022f0e2b80a2afbf8fc6df450c52080191fcef7fb679a73e6f073e5c2 rw,seclabel,discard,stripe=16,data=ordered -171 35 253:16 / /var/lib/docker/devicemapper/mnt/c71be651f114db95180e472f7871b74fa597ee70a58ccc35cb87139ddea15373 rw,relatime shared:153 - ext4 /dev/mapper/docker-253:2-425882-c71be651f114db95180e472f7871b74fa597ee70a58ccc35cb87139ddea15373 rw,seclabel,discard,stripe=16,data=ordered -175 35 253:17 / /var/lib/docker/devicemapper/mnt/1bac6ab72862d2d5626560df6197cf12036b82e258c53d981fa29adce6f06c3c rw,relatime shared:157 - ext4 /dev/mapper/docker-253:2-425882-1bac6ab72862d2d5626560df6197cf12036b82e258c53d981fa29adce6f06c3c rw,seclabel,discard,stripe=16,data=ordered -179 35 253:18 / /var/lib/docker/devicemapper/mnt/d710a357d77158e80d5b2c55710ae07c94e76d34d21ee7bae65ce5418f739b09 rw,relatime shared:161 - ext4 /dev/mapper/docker-253:2-425882-d710a357d77158e80d5b2c55710ae07c94e76d34d21ee7bae65ce5418f739b09 rw,seclabel,discard,stripe=16,data=ordered -183 35 253:19 / /var/lib/docker/devicemapper/mnt/6479f52366114d5f518db6837254baab48fab39f2ac38d5099250e9a6ceae6c7 rw,relatime shared:165 - ext4 /dev/mapper/docker-253:2-425882-6479f52366114d5f518db6837254baab48fab39f2ac38d5099250e9a6ceae6c7 rw,seclabel,discard,stripe=16,data=ordered -187 35 253:20 / /var/lib/docker/devicemapper/mnt/8d9df91c4cca5aef49eeb2725292aab324646f723a7feab56be34c2ad08268e1 rw,relatime shared:169 - ext4 /dev/mapper/docker-253:2-425882-8d9df91c4cca5aef49eeb2725292aab324646f723a7feab56be34c2ad08268e1 rw,seclabel,discard,stripe=16,data=ordered -191 35 253:21 / /var/lib/docker/devicemapper/mnt/c8240b768603d32e920d365dc9d1dc2a6af46cd23e7ae819947f969e1b4ec661 rw,relatime shared:173 - ext4 /dev/mapper/docker-253:2-425882-c8240b768603d32e920d365dc9d1dc2a6af46cd23e7ae819947f969e1b4ec661 rw,seclabel,discard,stripe=16,data=ordered -195 35 253:22 / /var/lib/docker/devicemapper/mnt/2eb3a01278380bbf3ed12d86ac629eaa70a4351301ee307a5cabe7b5f3b1615f rw,relatime shared:177 - ext4 /dev/mapper/docker-253:2-425882-2eb3a01278380bbf3ed12d86ac629eaa70a4351301ee307a5cabe7b5f3b1615f rw,seclabel,discard,stripe=16,data=ordered -199 35 253:23 / /var/lib/docker/devicemapper/mnt/37a17fb7c9d9b80821235d5f2662879bd3483915f245f9b49cdaa0e38779b70b rw,relatime shared:181 - ext4 /dev/mapper/docker-253:2-425882-37a17fb7c9d9b80821235d5f2662879bd3483915f245f9b49cdaa0e38779b70b rw,seclabel,discard,stripe=16,data=ordered -203 35 253:24 / /var/lib/docker/devicemapper/mnt/aea459ae930bf1de913e2f29428fd80ee678a1e962d4080019d9f9774331ee2b rw,relatime shared:185 - ext4 /dev/mapper/docker-253:2-425882-aea459ae930bf1de913e2f29428fd80ee678a1e962d4080019d9f9774331ee2b rw,seclabel,discard,stripe=16,data=ordered -207 35 253:25 / /var/lib/docker/devicemapper/mnt/928ead0bc06c454bd9f269e8585aeae0a6bd697f46dc8754c2a91309bc810882 rw,relatime shared:189 - ext4 /dev/mapper/docker-253:2-425882-928ead0bc06c454bd9f269e8585aeae0a6bd697f46dc8754c2a91309bc810882 rw,seclabel,discard,stripe=16,data=ordered -211 35 253:26 / /var/lib/docker/devicemapper/mnt/0f284d18481d671644706e7a7244cbcf63d590d634cc882cb8721821929d0420 rw,relatime shared:193 - ext4 /dev/mapper/docker-253:2-425882-0f284d18481d671644706e7a7244cbcf63d590d634cc882cb8721821929d0420 rw,seclabel,discard,stripe=16,data=ordered -215 35 253:27 / /var/lib/docker/devicemapper/mnt/d9dd16722ab34c38db2733e23f69e8f4803ce59658250dd63e98adff95d04919 rw,relatime shared:197 - ext4 /dev/mapper/docker-253:2-425882-d9dd16722ab34c38db2733e23f69e8f4803ce59658250dd63e98adff95d04919 rw,seclabel,discard,stripe=16,data=ordered -219 35 253:28 / /var/lib/docker/devicemapper/mnt/bc4500479f18c2c08c21ad5282e5f826a016a386177d9874c2764751c031d634 rw,relatime shared:201 - ext4 /dev/mapper/docker-253:2-425882-bc4500479f18c2c08c21ad5282e5f826a016a386177d9874c2764751c031d634 rw,seclabel,discard,stripe=16,data=ordered -223 35 253:29 / /var/lib/docker/devicemapper/mnt/7770c8b24eb3d5cc159a065910076938910d307ab2f5d94e1dc3b24c06ee2c8a rw,relatime shared:205 - ext4 /dev/mapper/docker-253:2-425882-7770c8b24eb3d5cc159a065910076938910d307ab2f5d94e1dc3b24c06ee2c8a rw,seclabel,discard,stripe=16,data=ordered -227 35 253:30 / /var/lib/docker/devicemapper/mnt/c280cd3d0bf0aa36b478b292279671624cceafc1a67eaa920fa1082601297adf rw,relatime shared:209 - ext4 /dev/mapper/docker-253:2-425882-c280cd3d0bf0aa36b478b292279671624cceafc1a67eaa920fa1082601297adf rw,seclabel,discard,stripe=16,data=ordered -231 35 253:31 / /var/lib/docker/devicemapper/mnt/8b59a7d9340279f09fea67fd6ad89ddef711e9e7050eb647984f8b5ef006335f rw,relatime shared:213 - ext4 /dev/mapper/docker-253:2-425882-8b59a7d9340279f09fea67fd6ad89ddef711e9e7050eb647984f8b5ef006335f rw,seclabel,discard,stripe=16,data=ordered -235 35 253:32 / /var/lib/docker/devicemapper/mnt/1a28059f29eda821578b1bb27a60cc71f76f846a551abefabce6efd0146dce9f rw,relatime shared:217 - ext4 /dev/mapper/docker-253:2-425882-1a28059f29eda821578b1bb27a60cc71f76f846a551abefabce6efd0146dce9f rw,seclabel,discard,stripe=16,data=ordered -239 35 253:33 / /var/lib/docker/devicemapper/mnt/e9aa60c60128cad1 rw,relatime shared:221 - ext4 /dev/mapper/docker-253:2-425882-e9aa60c60128cad1 rw,seclabel,discard,stripe=16,data=ordered -243 35 253:34 / /var/lib/docker/devicemapper/mnt/5fec11304b6f4713fea7b6ccdcc1adc0a1966187f590fe25a8227428a8df275d-init rw,relatime shared:225 - ext4 /dev/mapper/docker-253:2-425882-5fec11304b6f4713fea7b6ccdcc1adc0a1966187f590fe25a8227428a8df275d-init rw,seclabel,discard,stripe=16,data=ordered -247 35 253:35 / /var/lib/docker/devicemapper/mnt/5fec11304b6f4713fea7b6ccdcc1adc0a1966187f590fe25a8227428a8df275d rw,relatime shared:229 - ext4 /dev/mapper/docker-253:2-425882-5fec11304b6f4713fea7b6ccdcc1adc0a1966187f590fe25a8227428a8df275d rw,seclabel,discard,stripe=16,data=ordered -31 21 0:23 / /DATA/foo_bla_bla rw,relatime - cifs //foo/BLA\040BLA\040BLA/ rw,sec=ntlm,cache=loose,unc=\\foo\BLA BLA BLA,username=my_login,domain=mydomain.com,uid=12345678,forceuid,gid=12345678,forcegid,addr=10.1.30.10,file_mode=0755,dir_mode=0755,nounix,rsize=61440,wsize=65536,actimeo=1` - -const systemdMountinfo = `115 83 0:32 / / rw,relatime - aufs none rw,si=c0bd3d3,dio,dirperm1 -116 115 0:35 / /proc rw,nosuid,nodev,noexec,relatime - proc proc rw -117 115 0:36 / /dev rw,nosuid - tmpfs tmpfs rw,mode=755 -118 117 0:37 / /dev/pts rw,nosuid,noexec,relatime - devpts devpts rw,gid=5,mode=620,ptmxmode=666 -119 115 0:38 / /sys rw,nosuid,nodev,noexec,relatime - sysfs sysfs rw -120 119 0:39 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime - tmpfs tmpfs rw,mode=755 -121 120 0:19 /system.slice/docker-dc4eaa1a34ec4d593bc0125d31eea823a1d76ae483aeb1409cca80304e34da2e.scope /sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime - cgroup cgroup rw,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd -122 120 0:20 /system.slice/docker-dc4eaa1a34ec4d593bc0125d31eea823a1d76ae483aeb1409cca80304e34da2e.scope /sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime - cgroup cgroup rw,devices -123 120 0:21 /system.slice/docker-dc4eaa1a34ec4d593bc0125d31eea823a1d76ae483aeb1409cca80304e34da2e.scope /sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime - cgroup cgroup rw,freezer -124 120 0:22 /system.slice/docker-dc4eaa1a34ec4d593bc0125d31eea823a1d76ae483aeb1409cca80304e34da2e.scope /sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime - cgroup cgroup rw,memory -125 120 0:23 /system.slice/docker-dc4eaa1a34ec4d593bc0125d31eea823a1d76ae483aeb1409cca80304e34da2e.scope /sys/fs/cgroup/net_cls,net_prio rw,nosuid,nodev,noexec,relatime - cgroup cgroup rw,net_cls,net_prio -126 120 0:24 /system.slice/docker-dc4eaa1a34ec4d593bc0125d31eea823a1d76ae483aeb1409cca80304e34da2e.scope /sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime - cgroup cgroup rw,blkio -127 120 0:25 /system.slice/docker-dc4eaa1a34ec4d593bc0125d31eea823a1d76ae483aeb1409cca80304e34da2e.scope /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime - cgroup cgroup rw,cpuset,clone_children -128 120 0:26 /system.slice/docker-dc4eaa1a34ec4d593bc0125d31eea823a1d76ae483aeb1409cca80304e34da2e.scope /sys/fs/cgroup/cpu,cpuacct rw,nosuid,nodev,noexec,relatime - cgroup cgroup rw,cpu,cpuacct -129 120 0:27 /system.slice/docker-dc4eaa1a34ec4d593bc0125d31eea823a1d76ae483aeb1409cca80304e34da2e.scope /sys/fs/cgroup/perf_event rw,nosuid,nodev,noexec,relatime - cgroup cgroup rw,perf_event,release_agent=/run/cgmanager/agents/cgm-release-agent.perf_event -130 115 43:0 /var/lib/docker/volumes/a44a712176377f57c094397330ee04387284c478364eb25f4c3d25f775f25c26/_data /var/lib/docker rw,relatime - ext4 /dev/nbd0 rw,data=ordered -131 115 43:0 /var/lib/docker/containers/dc4eaa1a34ec4d593bc0125d31eea823a1d76ae483aeb1409cca80304e34da2e/resolv.conf /etc/resolv.conf rw,relatime - ext4 /dev/nbd0 rw,data=ordered -132 115 43:0 /var/lib/docker/containers/dc4eaa1a34ec4d593bc0125d31eea823a1d76ae483aeb1409cca80304e34da2e/hostname /etc/hostname rw,relatime - ext4 /dev/nbd0 rw,data=ordered -133 115 43:0 /var/lib/docker/containers/dc4eaa1a34ec4d593bc0125d31eea823a1d76ae483aeb1409cca80304e34da2e/hosts /etc/hosts rw,relatime - ext4 /dev/nbd0 rw,data=ordered -134 117 0:33 / /dev/shm rw,nosuid,nodev,noexec,relatime - tmpfs shm rw,size=65536k -135 117 0:13 / /dev/mqueue rw,nosuid,nodev,noexec,relatime - mqueue mqueue rw -136 117 0:12 /1 /dev/console rw,nosuid,noexec,relatime - devpts none rw,gid=5,mode=620,ptmxmode=000 -84 115 0:40 / /tmp rw,relatime - tmpfs none rw` - -const bedrockMountinfo = `120 17 0:28 / /sys/fs/cgroup ro,nosuid,nodev,noexec shared:16 - tmpfs tmpfs ro,mode=755 -124 28 0:28 / /bedrock/strata/arch/sys/fs/cgroup rw,nosuid,nodev,noexec shared:16 - tmpfs tmpfs ro,mode=755 -123 53 0:28 / /bedrock/strata/fallback/sys/fs/cgroup rw,nosuid,nodev,noexec shared:16 - tmpfs tmpfs ro,mode=755 -122 71 0:28 / /bedrock/strata/gentoo/sys/fs/cgroup rw,nosuid,nodev,noexec shared:16 - tmpfs tmpfs ro,mode=755 -121 89 0:28 / /bedrock/strata/kde/sys/fs/cgroup rw,nosuid,nodev,noexec shared:16 - tmpfs tmpfs ro,mode=755 -125 120 0:29 / /sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime shared:17 - cgroup cgroup rw,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd -129 124 0:29 / /bedrock/strata/arch/sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime shared:17 - cgroup cgroup rw,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd -128 123 0:29 / /bedrock/strata/fallback/sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime shared:17 - cgroup cgroup rw,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd -127 122 0:29 / /bedrock/strata/gentoo/sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime shared:17 - cgroup cgroup rw,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd -126 121 0:29 / /bedrock/strata/kde/sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime shared:17 - cgroup cgroup rw,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd -140 120 0:32 / /sys/fs/cgroup/net_cls,net_prio rw,nosuid,nodev,noexec,relatime shared:48 - cgroup cgroup rw,net_cls,net_prio -144 124 0:32 / /bedrock/strata/arch/sys/fs/cgroup/net_cls,net_prio rw,nosuid,nodev,noexec,relatime shared:48 - cgroup cgroup rw,net_cls,net_prio -143 123 0:32 / /bedrock/strata/fallback/sys/fs/cgroup/net_cls,net_prio rw,nosuid,nodev,noexec,relatime shared:48 - cgroup cgroup rw,net_cls,net_prio -142 122 0:32 / /bedrock/strata/gentoo/sys/fs/cgroup/net_cls,net_prio rw,nosuid,nodev,noexec,relatime shared:48 - cgroup cgroup rw,net_cls,net_prio -141 121 0:32 / /bedrock/strata/kde/sys/fs/cgroup/net_cls,net_prio rw,nosuid,nodev,noexec,relatime shared:48 - cgroup cgroup rw,net_cls,net_prio -145 120 0:33 / /sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime shared:49 - cgroup cgroup rw,blkio -149 124 0:33 / /bedrock/strata/arch/sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime shared:49 - cgroup cgroup rw,blkio -148 123 0:33 / /bedrock/strata/fallback/sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime shared:49 - cgroup cgroup rw,blkio -147 122 0:33 / /bedrock/strata/gentoo/sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime shared:49 - cgroup cgroup rw,blkio -146 121 0:33 / /bedrock/strata/kde/sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime shared:49 - cgroup cgroup rw,blkio -150 120 0:34 / /sys/fs/cgroup/cpu,cpuacct rw,nosuid,nodev,noexec,relatime shared:50 - cgroup cgroup rw,cpu,cpuacct -154 124 0:34 / /bedrock/strata/arch/sys/fs/cgroup/cpu,cpuacct rw,nosuid,nodev,noexec,relatime shared:50 - cgroup cgroup rw,cpu,cpuacct -153 123 0:34 / /bedrock/strata/fallback/sys/fs/cgroup/cpu,cpuacct rw,nosuid,nodev,noexec,relatime shared:50 - cgroup cgroup rw,cpu,cpuacct -152 122 0:34 / /bedrock/strata/gentoo/sys/fs/cgroup/cpu,cpuacct rw,nosuid,nodev,noexec,relatime shared:50 - cgroup cgroup rw,cpu,cpuacct -151 121 0:34 / /bedrock/strata/kde/sys/fs/cgroup/cpu,cpuacct rw,nosuid,nodev,noexec,relatime shared:50 - cgroup cgroup rw,cpu,cpuacct -155 120 0:35 / /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime shared:51 - cgroup cgroup rw,cpuset -159 124 0:35 / /bedrock/strata/arch/sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime shared:51 - cgroup cgroup rw,cpuset -158 123 0:35 / /bedrock/strata/fallback/sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime shared:51 - cgroup cgroup rw,cpuset -157 122 0:35 / /bedrock/strata/gentoo/sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime shared:51 - cgroup cgroup rw,cpuset -156 121 0:35 / /bedrock/strata/kde/sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime shared:51 - cgroup cgroup rw,cpuset -160 120 0:36 / /sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime shared:52 - cgroup cgroup rw,devices -164 124 0:36 / /bedrock/strata/arch/sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime shared:52 - cgroup cgroup rw,devices -163 123 0:36 / /bedrock/strata/fallback/sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime shared:52 - cgroup cgroup rw,devices -162 122 0:36 / /bedrock/strata/gentoo/sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime shared:52 - cgroup cgroup rw,devices -161 121 0:36 / /bedrock/strata/kde/sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime shared:52 - cgroup cgroup rw,devices -165 120 0:37 / /sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime shared:53 - cgroup cgroup rw,memory -169 124 0:37 / /bedrock/strata/arch/sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime shared:53 - cgroup cgroup rw,memory -168 123 0:37 / /bedrock/strata/fallback/sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime shared:53 - cgroup cgroup rw,memory -167 122 0:37 / /bedrock/strata/gentoo/sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime shared:53 - cgroup cgroup rw,memory -166 121 0:37 / /bedrock/strata/kde/sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime shared:53 - cgroup cgroup rw,memory -170 120 0:38 / /sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime shared:54 - cgroup cgroup rw,freezer -174 124 0:38 / /bedrock/strata/arch/sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime shared:54 - cgroup cgroup rw,freezer -173 123 0:38 / /bedrock/strata/fallback/sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime shared:54 - cgroup cgroup rw,freezer -172 122 0:38 / /bedrock/strata/gentoo/sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime shared:54 - cgroup cgroup rw,freezer -171 121 0:38 / /bedrock/strata/kde/sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime shared:54 - cgroup cgroup rw,freezer -175 120 0:39 / /sys/fs/cgroup/pids rw,nosuid,nodev,noexec,relatime shared:55 - cgroup cgroup rw,pids -179 124 0:39 / /bedrock/strata/arch/sys/fs/cgroup/pids rw,nosuid,nodev,noexec,relatime shared:55 - cgroup cgroup rw,pids -178 123 0:39 / /bedrock/strata/fallback/sys/fs/cgroup/pids rw,nosuid,nodev,noexec,relatime shared:55 - cgroup cgroup rw,pids -177 122 0:39 / /bedrock/strata/gentoo/sys/fs/cgroup/pids rw,nosuid,nodev,noexec,relatime shared:55 - cgroup cgroup rw,pids -176 121 0:39 / /bedrock/strata/kde/sys/fs/cgroup/pids rw,nosuid,nodev,noexec,relatime shared:55 - cgroup cgroup rw,pids -180 120 0:40 / /sys/fs/cgroup/perf_event rw,nosuid,nodev,noexec,relatime shared:56 - cgroup cgroup rw,perf_event -184 124 0:40 / /bedrock/strata/arch/sys/fs/cgroup/perf_event rw,nosuid,nodev,noexec,relatime shared:56 - cgroup cgroup rw,perf_event -183 123 0:40 / /bedrock/strata/fallback/sys/fs/cgroup/perf_event rw,nosuid,nodev,noexec,relatime shared:56 - cgroup cgroup rw,perf_event -182 122 0:40 / /bedrock/strata/gentoo/sys/fs/cgroup/perf_event rw,nosuid,nodev,noexec,relatime shared:56 - cgroup cgroup rw,perf_event -181 121 0:40 / /bedrock/strata/kde/sys/fs/cgroup/perf_event rw,nosuid,nodev,noexec,relatime shared:56 - cgroup cgroup rw,perf_event` - -const cgroup2Mountinfo = `18 64 0:18 / /sys rw,nosuid,nodev,noexec,relatime shared:6 - sysfs sysfs rw,seclabel -19 64 0:4 / /proc rw,nosuid,nodev,noexec,relatime shared:5 - proc proc rw -20 64 0:6 / /dev rw,nosuid shared:2 - devtmpfs devtmpfs rw,seclabel,size=8171204k,nr_inodes=2042801,mode=755 -21 18 0:19 / /sys/kernel/security rw,nosuid,nodev,noexec,relatime shared:7 - securityfs securityfs rw -22 20 0:20 / /dev/shm rw,nosuid,nodev shared:3 - tmpfs tmpfs rw,seclabel -23 20 0:21 / /dev/pts rw,nosuid,noexec,relatime shared:4 - devpts devpts rw,seclabel,gid=5,mode=620,ptmxmode=000 -24 64 0:22 / /run rw,nosuid,nodev shared:24 - tmpfs tmpfs rw,seclabel,mode=755 -25 18 0:23 / /sys/fs/cgroup ro,nosuid,nodev,noexec shared:8 - tmpfs tmpfs ro,seclabel,mode=755 -26 25 0:24 / /sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime shared:9 - cgroup2 cgroup rw -27 18 0:25 / /sys/fs/pstore rw,nosuid,nodev,noexec,relatime shared:20 - pstore pstore rw,seclabel -28 18 0:26 / /sys/firmware/efi/efivars rw,nosuid,nodev,noexec,relatime shared:21 - efivarfs efivarfs rw -29 25 0:27 / /sys/fs/cgroup/cpu,cpuacct rw,nosuid,nodev,noexec,relatime shared:10 - cgroup cgroup rw,cpu,cpuacct -30 25 0:28 / /sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime shared:11 - cgroup cgroup rw,memory -31 25 0:29 / /sys/fs/cgroup/net_cls,net_prio rw,nosuid,nodev,noexec,relatime shared:12 - cgroup cgroup rw,net_cls,net_prio -32 25 0:30 / /sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime shared:13 - cgroup cgroup rw,blkio -33 25 0:31 / /sys/fs/cgroup/perf_event rw,nosuid,nodev,noexec,relatime shared:14 - cgroup cgroup rw,perf_event -34 25 0:32 / /sys/fs/cgroup/hugetlb rw,nosuid,nodev,noexec,relatime shared:15 - cgroup cgroup rw,hugetlb -35 25 0:33 / /sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime shared:16 - cgroup cgroup rw,freezer -36 25 0:34 / /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime shared:17 - cgroup cgroup rw,cpuset -37 25 0:35 / /sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime shared:18 - cgroup cgroup rw,devices -38 25 0:36 / /sys/fs/cgroup/pids rw,nosuid,nodev,noexec,relatime shared:19 - cgroup cgroup rw,pids -61 18 0:37 / /sys/kernel/config rw,relatime shared:22 - configfs configfs rw -64 0 253:0 / / rw,relatime shared:1 - ext4 /dev/mapper/fedora_dhcp--16--129-root rw,seclabel,data=ordered -39 18 0:17 / /sys/fs/selinux rw,relatime shared:23 - selinuxfs selinuxfs rw -40 20 0:16 / /dev/mqueue rw,relatime shared:25 - mqueue mqueue rw,seclabel -41 20 0:39 / /dev/hugepages rw,relatime shared:26 - hugetlbfs hugetlbfs rw,seclabel -` - -func TestGetCgroupMounts(t *testing.T) { - type testData struct { - mountInfo string - root string - // all is the total number of records expected with all=true, - // or 0 for no extra records expected (most cases). - all int - subsystems map[string]bool - } - testTable := []testData{ - { - mountInfo: fedoraMountinfo, - root: "/", - subsystems: map[string]bool{ - "name=systemd": false, - "cpuset": false, - "cpu": false, - "cpuacct": false, - "memory": false, - "devices": false, - "freezer": false, - "net_cls": false, - "blkio": false, - "perf_event": false, - "hugetlb": false, - }, - }, - { - mountInfo: systemdMountinfo, - root: "/system.slice/docker-dc4eaa1a34ec4d593bc0125d31eea823a1d76ae483aeb1409cca80304e34da2e.scope", - subsystems: map[string]bool{ - "name=systemd": false, - "cpuset": false, - "cpu": false, - "cpuacct": false, - "memory": false, - "devices": false, - "freezer": false, - "net_cls": false, - "net_prio": false, - "blkio": false, - "perf_event": false, - }, - }, - { - mountInfo: bedrockMountinfo, - root: "/", - all: 50, - subsystems: map[string]bool{ - "name=systemd": false, - "cpuset": false, - "cpu": false, - "cpuacct": false, - "memory": false, - "devices": false, - "freezer": false, - "net_cls": false, - "net_prio": false, - "blkio": false, - "perf_event": false, - "pids": false, - }, - }, - } - for _, td := range testTable { - mi, err := mountinfo.GetMountsFromReader( - bytes.NewBufferString(td.mountInfo), - mountinfo.FSTypeFilter("cgroup"), - ) - if err != nil { - t.Fatal(err) - } - cgMounts, err := getCgroupMountsHelper(td.subsystems, mi, false) - if err != nil { - t.Fatal(err) - } - cgMap := make(map[string]Mount) - for _, m := range cgMounts { - for _, ss := range m.Subsystems { - cgMap[ss] = m - } - } - for ss := range td.subsystems { - ss = strings.TrimPrefix(ss, CgroupNamePrefix) - m, ok := cgMap[ss] - if !ok { - t.Fatalf("%s not found", ss) - } - if m.Root != td.root { - t.Fatalf("unexpected root for %s: %s", ss, m.Root) - } - if !strings.HasPrefix(m.Mountpoint, "/sys/fs/cgroup/") && !strings.Contains(m.Mountpoint, ss) { - t.Fatalf("unexpected mountpoint for %s: %s", ss, m.Mountpoint) - } - var ssFound bool - for _, mss := range m.Subsystems { - if mss == ss { - ssFound = true - break - } - } - if !ssFound { - t.Fatalf("subsystem %s not found in Subsystems field %v", ss, m.Subsystems) - } - } - // Test the all=true case. - - // Reset the test input. - for k := range td.subsystems { - td.subsystems[k] = false - } - cgMountsAll, err := getCgroupMountsHelper(td.subsystems, mi, true) - if err != nil { - t.Fatal(err) - } - if td.all == 0 { - // Results with and without "all" should be the same. - if len(cgMounts) != len(cgMountsAll) || !reflect.DeepEqual(cgMounts, cgMountsAll) { - t.Errorf("expected same results, got (all=false) %v, (all=true) %v", cgMounts, cgMountsAll) - } - } else { - // Make sure we got all records. - if len(cgMountsAll) != td.all { - t.Errorf("expected %d records, got %d (%+v)", td.all, len(cgMountsAll), cgMountsAll) - } - } - - } -} - -func BenchmarkGetCgroupMounts(b *testing.B) { - subsystems := map[string]bool{ - "cpuset": false, - "cpu": false, - "cpuacct": false, - "memory": false, - "devices": false, - "freezer": false, - "net_cls": false, - "blkio": false, - "perf_event": false, - "hugetlb": false, - } - mi, err := mountinfo.GetMountsFromReader( - bytes.NewBufferString(fedoraMountinfo), - mountinfo.FSTypeFilter("cgroup"), - ) - if err != nil { - b.Fatal(err) - } - b.ResetTimer() - for i := 0; i < b.N; i++ { - if _, err := getCgroupMountsHelper(subsystems, mi, false); err != nil { - b.Fatal(err) - } - } -} - -func TestParseCgroupString(t *testing.T) { - testCases := []struct { - input string - expectedError error - expectedOutput map[string]string - }{ - { - // Taken from a CoreOS instance running systemd 225 with CPU/Mem - // accounting enabled in systemd - input: `9:blkio:/ -8:freezer:/ -7:perf_event:/ -6:devices:/system.slice/system-sshd.slice -5:cpuset:/ -4:cpu,cpuacct:/system.slice/system-sshd.slice/sshd@126-10.240.0.15:22-xxx.yyy.zzz.aaa:33678.service -3:net_cls,net_prio:/ -2:memory:/system.slice/system-sshd.slice/sshd@126-10.240.0.15:22-xxx.yyy.zzz.aaa:33678.service -1:name=systemd:/system.slice/system-sshd.slice/sshd@126-10.240.0.15:22-xxx.yyy.zzz.aaa:33678.service`, - expectedOutput: map[string]string{ - "name=systemd": "/system.slice/system-sshd.slice/sshd@126-10.240.0.15:22-xxx.yyy.zzz.aaa:33678.service", - "blkio": "/", - "freezer": "/", - "perf_event": "/", - "devices": "/system.slice/system-sshd.slice", - "cpuset": "/", - "cpu": "/system.slice/system-sshd.slice/sshd@126-10.240.0.15:22-xxx.yyy.zzz.aaa:33678.service", - "cpuacct": "/system.slice/system-sshd.slice/sshd@126-10.240.0.15:22-xxx.yyy.zzz.aaa:33678.service", - "net_cls": "/", - "net_prio": "/", - "memory": "/system.slice/system-sshd.slice/sshd@126-10.240.0.15:22-xxx.yyy.zzz.aaa:33678.service", - }, - }, - { - input: `malformed input`, - expectedError: errors.New(`invalid cgroup entry: must contain at least two colons: malformed input`), - }, - } - - for ndx, testCase := range testCases { - out, err := parseCgroupFromReader(strings.NewReader(testCase.input)) - if err != nil { - if testCase.expectedError == nil || testCase.expectedError.Error() != err.Error() { - t.Errorf("%v: expected error %v, got error %v", ndx, testCase.expectedError, err) - } - } else { - if !reflect.DeepEqual(testCase.expectedOutput, out) { - t.Errorf("%v: expected output %v, got error %v", ndx, testCase.expectedOutput, out) - } - } - } -} - -func TestIgnoreCgroup2Mount(t *testing.T) { - subsystems := map[string]bool{ - "cpuset": false, - "cpu": false, - "cpuacct": false, - "memory": false, - "devices": false, - "freezer": false, - "net_cls": false, - "blkio": false, - "perf_event": false, - "pids": false, - "name=systemd": false, - } - - mi, err := mountinfo.GetMountsFromReader( - bytes.NewBufferString(cgroup2Mountinfo), - mountinfo.FSTypeFilter("cgroup"), - ) - if err != nil { - t.Fatal(err) - } - cgMounts, err := getCgroupMountsHelper(subsystems, mi, false) - if err != nil { - t.Fatal(err) - } - for _, m := range cgMounts { - if m.Mountpoint == "/sys/fs/cgroup/systemd" { - t.Errorf("parsed a cgroup2 mount at /sys/fs/cgroup/systemd instead of ignoring it") - } - } -} - -func TestFindCgroupMountpointAndRoot(t *testing.T) { - fakeMountInfo := `35 27 0:29 / /foo rw,nosuid,nodev,noexec,relatime shared:18 - cgroup cgroup rw,devices -35 27 0:29 / /sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime shared:18 - cgroup cgroup rw,devices` - testCases := []struct { - cgroupPath string - output string - }{ - {cgroupPath: "/sys/fs", output: "/sys/fs/cgroup/devices"}, - {cgroupPath: "", output: "/foo"}, - } - - mi, err := mountinfo.GetMountsFromReader( - bytes.NewBufferString(fakeMountInfo), - mountinfo.FSTypeFilter("cgroup"), - ) - if err != nil { - t.Fatal(err) - } - - for _, c := range testCases { - mountpoint, _, _ := findCgroupMountpointAndRootFromMI(mi, c.cgroupPath, "devices") - if mountpoint != c.output { - t.Errorf("expected %s, got %s", c.output, mountpoint) - } - } -} - -func BenchmarkGetHugePageSizeImpl(b *testing.B) { - var ( - input = []string{"hugepages-1048576kB", "hugepages-2048kB", "hugepages-32768kB", "hugepages-64kB"} - output []string - err error - ) - for i := 0; i < b.N; i++ { - output, err = getHugePageSizeFromFilenames(input) - } - if err != nil || len(output) != len(input) { - b.Fatal("unexpected results") - } -} - -func TestGetHugePageSizeImpl(t *testing.T) { - testCases := []struct { - doc string - input []string - output []string - isErr bool - }{ - { - doc: "normal input", - input: []string{"hugepages-1048576kB", "hugepages-2048kB", "hugepages-32768kB", "hugepages-64kB"}, - output: []string{"1GB", "2MB", "32MB", "64KB"}, - }, - { - doc: "empty input", - input: []string{}, - output: []string{}, - }, - { - doc: "not a number", - input: []string{"hugepages-akB"}, - isErr: true, - }, - { - doc: "no prefix (silently skipped)", - input: []string{"1024kB"}, - }, - { - doc: "invalid prefix (silently skipped)", - input: []string{"whatever-1024kB"}, - }, - { - doc: "invalid suffix", - input: []string{"hugepages-1024gB"}, - isErr: true, - }, - { - doc: "no suffix", - input: []string{"hugepages-1024"}, - isErr: true, - }, - { - doc: "mixed valid and invalid entries", - input: []string{"hugepages-4194304kB", "hugepages-2048kB", "hugepages-akB", "hugepages-64kB"}, - output: []string{"4GB", "2MB", "64KB"}, - isErr: true, - }, - { - doc: "more mixed valid and invalid entries", - input: []string{"hugepages-2048kB", "hugepages-kB", "hugepages-64kB"}, - output: []string{"2MB", "64KB"}, - isErr: true, - }, - } - - for _, c := range testCases { - c := c - t.Run(c.doc, func(t *testing.T) { - output, err := getHugePageSizeFromFilenames(c.input) - t.Log("input:", c.input, "; output:", output, "; err:", err) - if err != nil { - if !c.isErr { - t.Errorf("input %v, expected nil, got error: %v", c.input, err) - } - // no more checks - return - } - if c.isErr { - t.Errorf("input %v, expected error, got error: nil, output: %v", c.input, output) - } - // check output - if len(output) != len(c.output) || (len(output) > 0 && !reflect.DeepEqual(output, c.output)) { - t.Errorf("input %v, expected %v, got %v", c.input, c.output, output) - } - }) - } -} - -func TestConvertCPUSharesToCgroupV2Value(t *testing.T) { - cases := map[uint64]uint64{ - 0: 0, - 2: 1, - 262144: 10000, - } - for i, expected := range cases { - got := ConvertCPUSharesToCgroupV2Value(i) - if got != expected { - t.Errorf("expected ConvertCPUSharesToCgroupV2Value(%d) to be %d, got %d", i, expected, got) - } - } -} - -func TestConvertMemorySwapToCgroupV2Value(t *testing.T) { - cases := []struct { - descr string - memswap, memory int64 - expected int64 - expErr bool - }{ - { - descr: "all unset", - memswap: 0, - memory: 0, - expected: 0, - }, - { - descr: "unlimited memory+swap, unset memory", - memswap: -1, - memory: 0, - expected: -1, - }, - { - descr: "unlimited memory", - memswap: 300, - memory: -1, - expected: 300, - }, - { - descr: "all unlimited", - memswap: -1, - memory: -1, - expected: -1, - }, - { - descr: "negative memory+swap", - memswap: -2, - memory: 0, - expErr: true, - }, - { - descr: "unlimited memory+swap, set memory", - memswap: -1, - memory: 1000, - expected: -1, - }, - { - descr: "memory+swap == memory", - memswap: 1000, - memory: 1000, - expected: 0, - }, - { - descr: "memory+swap > memory", - memswap: 500, - memory: 200, - expected: 300, - }, - { - descr: "memory+swap < memory", - memswap: 300, - memory: 400, - expErr: true, - }, - { - descr: "unset memory", - memswap: 300, - memory: 0, - expErr: true, - }, - { - descr: "negative memory", - memswap: 300, - memory: -300, - expErr: true, - }, - } - - for _, c := range cases { - c := c - t.Run(c.descr, func(t *testing.T) { - swap, err := ConvertMemorySwapToCgroupV2Value(c.memswap, c.memory) - if c.expErr { - if err == nil { - t.Errorf("memswap: %d, memory %d, expected error, got %d, nil", c.memswap, c.memory, swap) - } - // No more checks. - return - } - if err != nil { - t.Errorf("memswap: %d, memory %d, expected success, got error %s", c.memswap, c.memory, err) - } - if swap != c.expected { - t.Errorf("memswap: %d, memory %d, expected %d, got %d", c.memswap, c.memory, c.expected, swap) - } - }) - } -} - -func TestConvertBlkIOToIOWeightValue(t *testing.T) { - cases := map[uint16]uint64{ - 0: 0, - 10: 1, - 1000: 10000, - } - for i, expected := range cases { - got := ConvertBlkIOToIOWeightValue(i) - if got != expected { - t.Errorf("expected ConvertBlkIOToIOWeightValue(%d) to be %d, got %d", i, expected, got) - } - } -} - -// TestRemovePathReadOnly is to test remove a non-existent dir in a ro mount point. -// The similar issue example: https://github.com/opencontainers/runc/issues/4518 -func TestRemovePathReadOnly(t *testing.T) { - dirTo := t.TempDir() - err := unix.Mount(t.TempDir(), dirTo, "", unix.MS_BIND, "") - if err != nil { - t.Skip("no permission of mount") - } - defer func() { - _ = unix.Unmount(dirTo, 0) - }() - err = unix.Mount("", dirTo, "", unix.MS_REMOUNT|unix.MS_BIND|unix.MS_RDONLY, "") - if err != nil { - t.Skip("no permission of mount") - } - nonExistentDir := filepath.Join(dirTo, "non-existent-dir") - err = rmdir(nonExistentDir, true) - if !errors.Is(err, unix.EROFS) { - t.Fatalf("expected the error of removing a non-existent dir %s in a ro mount point with rmdir to be unix.EROFS, but got: %v", nonExistentDir, err) - } - err = RemovePath(nonExistentDir) - if err != nil { - t.Fatalf("expected the error of removing a non-existent dir %s in a ro mount point with RemovePath to be nil, but got: %v", nonExistentDir, err) - } -} diff --git a/libcontainer/configs/cgroup_deprecated.go b/libcontainer/configs/cgroup_deprecated.go index 2277d326e2e..9a7a1a20118 100644 --- a/libcontainer/configs/cgroup_deprecated.go +++ b/libcontainer/configs/cgroup_deprecated.go @@ -1,6 +1,6 @@ -package configs // Deprecated: use [github.com/opencontainers/runc/libcontainer/cgroups]. +package configs // Deprecated: use [github.com/opencontainers/cgroups]. -import "github.com/opencontainers/runc/libcontainer/cgroups" +import "github.com/opencontainers/cgroups" type ( Cgroup = cgroups.Cgroup diff --git a/libcontainer/configs/config.go b/libcontainer/configs/config.go index 746c7190eb7..3cca1eef64b 100644 --- a/libcontainer/configs/config.go +++ b/libcontainer/configs/config.go @@ -10,7 +10,7 @@ import ( "github.com/sirupsen/logrus" "golang.org/x/sys/unix" - devices "github.com/opencontainers/runc/libcontainer/cgroups/devices/config" + devices "github.com/opencontainers/cgroups/devices/config" "github.com/opencontainers/runtime-spec/specs-go" ) diff --git a/libcontainer/configs/validate/validator.go b/libcontainer/configs/validate/validator.go index 7d17676ed18..e0052900f43 100644 --- a/libcontainer/configs/validate/validator.go +++ b/libcontainer/configs/validate/validator.go @@ -8,7 +8,7 @@ import ( "strings" "sync" - "github.com/opencontainers/runc/libcontainer/cgroups" + "github.com/opencontainers/cgroups" "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/intelrdt" "github.com/opencontainers/runtime-spec/specs-go" diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index ecb05a0d1e1..4bc117e513a 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -20,7 +20,7 @@ import ( "github.com/vishvananda/netlink/nl" "golang.org/x/sys/unix" - "github.com/opencontainers/runc/libcontainer/cgroups" + "github.com/opencontainers/cgroups" "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/exeseal" "github.com/opencontainers/runc/libcontainer/intelrdt" diff --git a/libcontainer/container_linux_test.go b/libcontainer/container_linux_test.go index 8d9920925a8..e6bdd86ba2a 100644 --- a/libcontainer/container_linux_test.go +++ b/libcontainer/container_linux_test.go @@ -5,7 +5,7 @@ import ( "os" "testing" - "github.com/opencontainers/runc/libcontainer/cgroups" + "github.com/opencontainers/cgroups" "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/system" ) diff --git a/libcontainer/criu_linux.go b/libcontainer/criu_linux.go index 4d2fa0569f8..93f628715e0 100644 --- a/libcontainer/criu_linux.go +++ b/libcontainer/criu_linux.go @@ -23,7 +23,7 @@ import ( "golang.org/x/sys/unix" "google.golang.org/protobuf/proto" - "github.com/opencontainers/runc/libcontainer/cgroups" + "github.com/opencontainers/cgroups" "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/utils" ) diff --git a/libcontainer/devices/device_deprecated.go b/libcontainer/devices/device_deprecated.go index 6e960a4243e..9483f054dcd 100644 --- a/libcontainer/devices/device_deprecated.go +++ b/libcontainer/devices/device_deprecated.go @@ -1,8 +1,8 @@ package devices -import "github.com/opencontainers/runc/libcontainer/cgroups/devices/config" +import "github.com/opencontainers/cgroups/devices/config" -// Deprecated: use [github.com/opencontainers/runc/libcontainer/cgroups/devices/config]. +// Deprecated: use [github.com/opencontainers/cgroups/devices/config]. const ( Wildcard = config.Wildcard WildcardDevice = config.WildcardDevice @@ -11,7 +11,7 @@ const ( FifoDevice = config.FifoDevice ) -// Deprecated: use [github.com/opencontainers/runc/libcontainer/cgroups/devices/config]. +// Deprecated: use [github.com/opencontainers/cgroups/devices/config]. type ( Device = config.Device Permissions = config.Permissions diff --git a/libcontainer/factory_linux.go b/libcontainer/factory_linux.go index 114cbf20e84..539726dfdc8 100644 --- a/libcontainer/factory_linux.go +++ b/libcontainer/factory_linux.go @@ -9,8 +9,8 @@ import ( securejoin "github.com/cyphar/filepath-securejoin" "golang.org/x/sys/unix" - "github.com/opencontainers/runc/libcontainer/cgroups" - "github.com/opencontainers/runc/libcontainer/cgroups/manager" + "github.com/opencontainers/cgroups" + "github.com/opencontainers/cgroups/manager" "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/configs/validate" "github.com/opencontainers/runc/libcontainer/intelrdt" diff --git a/libcontainer/factory_linux_test.go b/libcontainer/factory_linux_test.go index 7e4fcecfde0..bbbbd346534 100644 --- a/libcontainer/factory_linux_test.go +++ b/libcontainer/factory_linux_test.go @@ -7,7 +7,7 @@ import ( "reflect" "testing" - "github.com/opencontainers/runc/libcontainer/cgroups" + "github.com/opencontainers/cgroups" "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/utils" "github.com/opencontainers/runtime-spec/specs-go" diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go index f78e561755f..354f0c14902 100644 --- a/libcontainer/init_linux.go +++ b/libcontainer/init_linux.go @@ -19,8 +19,8 @@ import ( "github.com/vishvananda/netlink" "golang.org/x/sys/unix" + "github.com/opencontainers/cgroups" "github.com/opencontainers/runc/libcontainer/capabilities" - "github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/system" "github.com/opencontainers/runc/libcontainer/utils" diff --git a/libcontainer/integration/exec_test.go b/libcontainer/integration/exec_test.go index c9a7cbc56f3..f18dd50f225 100644 --- a/libcontainer/integration/exec_test.go +++ b/libcontainer/integration/exec_test.go @@ -14,9 +14,9 @@ import ( "syscall" "testing" + "github.com/opencontainers/cgroups" + "github.com/opencontainers/cgroups/systemd" "github.com/opencontainers/runc/libcontainer" - "github.com/opencontainers/runc/libcontainer/cgroups" - "github.com/opencontainers/runc/libcontainer/cgroups/systemd" "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/internal/userns" "github.com/opencontainers/runc/libcontainer/utils" diff --git a/libcontainer/integration/init_test.go b/libcontainer/integration/init_test.go index a79ffe5c36f..74f4dbcbe72 100644 --- a/libcontainer/integration/init_test.go +++ b/libcontainer/integration/init_test.go @@ -6,7 +6,7 @@ import ( "github.com/opencontainers/runc/libcontainer" //nolint:revive // Enable cgroup manager to manage devices - _ "github.com/opencontainers/runc/libcontainer/cgroups/devices" + _ "github.com/opencontainers/cgroups/devices" _ "github.com/opencontainers/runc/libcontainer/nsenter" ) diff --git a/libcontainer/integration/template_test.go b/libcontainer/integration/template_test.go index 4d31acb09e6..0c178f34e9f 100644 --- a/libcontainer/integration/template_test.go +++ b/libcontainer/integration/template_test.go @@ -6,8 +6,8 @@ import ( "testing" "time" - "github.com/opencontainers/runc/libcontainer/cgroups" - devices "github.com/opencontainers/runc/libcontainer/cgroups/devices/config" + "github.com/opencontainers/cgroups" + devices "github.com/opencontainers/cgroups/devices/config" "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/specconv" "golang.org/x/sys/unix" diff --git a/libcontainer/integration/update_test.go b/libcontainer/integration/update_test.go index 68e77b5d91c..eb864f7fe37 100644 --- a/libcontainer/integration/update_test.go +++ b/libcontainer/integration/update_test.go @@ -6,9 +6,9 @@ import ( "strings" "testing" + devices "github.com/opencontainers/cgroups/devices/config" + "github.com/opencontainers/cgroups/systemd" "github.com/opencontainers/runc/libcontainer" - devices "github.com/opencontainers/runc/libcontainer/cgroups/devices/config" - "github.com/opencontainers/runc/libcontainer/cgroups/systemd" ) func testUpdateDevices(t *testing.T, systemd bool) { diff --git a/libcontainer/intelrdt/intelrdt.go b/libcontainer/intelrdt/intelrdt.go index 0f5c457b099..97a9fe4d3e7 100644 --- a/libcontainer/intelrdt/intelrdt.go +++ b/libcontainer/intelrdt/intelrdt.go @@ -13,7 +13,7 @@ import ( "github.com/moby/sys/mountinfo" "golang.org/x/sys/unix" - "github.com/opencontainers/runc/libcontainer/cgroups/fscommon" + "github.com/opencontainers/cgroups/fscommon" "github.com/opencontainers/runc/libcontainer/configs" ) diff --git a/libcontainer/notify_v2_linux.go b/libcontainer/notify_v2_linux.go index 8d15833ab43..751f4c91db0 100644 --- a/libcontainer/notify_v2_linux.go +++ b/libcontainer/notify_v2_linux.go @@ -6,7 +6,7 @@ import ( "path/filepath" "unsafe" - "github.com/opencontainers/runc/libcontainer/cgroups/fscommon" + "github.com/opencontainers/cgroups/fscommon" "github.com/sirupsen/logrus" "golang.org/x/sys/unix" ) diff --git a/libcontainer/process_linux.go b/libcontainer/process_linux.go index 68a5fd7bcd4..320eff5fee2 100644 --- a/libcontainer/process_linux.go +++ b/libcontainer/process_linux.go @@ -19,8 +19,8 @@ import ( "github.com/sirupsen/logrus" "golang.org/x/sys/unix" - "github.com/opencontainers/runc/libcontainer/cgroups" - "github.com/opencontainers/runc/libcontainer/cgroups/fs2" + "github.com/opencontainers/cgroups" + "github.com/opencontainers/cgroups/fs2" "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/intelrdt" "github.com/opencontainers/runc/libcontainer/internal/userns" diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index 68e16b7920b..e46109a2ff9 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -21,9 +21,9 @@ import ( "github.com/sirupsen/logrus" "golang.org/x/sys/unix" - "github.com/opencontainers/runc/libcontainer/cgroups" - devices "github.com/opencontainers/runc/libcontainer/cgroups/devices/config" - "github.com/opencontainers/runc/libcontainer/cgroups/fs2" + "github.com/opencontainers/cgroups" + devices "github.com/opencontainers/cgroups/devices/config" + "github.com/opencontainers/cgroups/fs2" "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/utils" ) diff --git a/libcontainer/specconv/example.go b/libcontainer/specconv/example.go index 1e9cfa2dbfe..9e639f19784 100644 --- a/libcontainer/specconv/example.go +++ b/libcontainer/specconv/example.go @@ -5,7 +5,7 @@ import ( "path/filepath" "strings" - "github.com/opencontainers/runc/libcontainer/cgroups" + "github.com/opencontainers/cgroups" "github.com/opencontainers/runtime-spec/specs-go" ) diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go index f4f5f09952f..c12471de6d3 100644 --- a/libcontainer/specconv/spec_linux.go +++ b/libcontainer/specconv/spec_linux.go @@ -14,8 +14,8 @@ import ( systemdDbus "github.com/coreos/go-systemd/v22/dbus" dbus "github.com/godbus/dbus/v5" - "github.com/opencontainers/runc/libcontainer/cgroups" - devices "github.com/opencontainers/runc/libcontainer/cgroups/devices/config" + "github.com/opencontainers/cgroups" + devices "github.com/opencontainers/cgroups/devices/config" "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/internal/userns" "github.com/opencontainers/runc/libcontainer/seccomp" diff --git a/libcontainer/specconv/spec_linux_test.go b/libcontainer/specconv/spec_linux_test.go index c8d4ae464da..66359f79e6c 100644 --- a/libcontainer/specconv/spec_linux_test.go +++ b/libcontainer/specconv/spec_linux_test.go @@ -6,7 +6,7 @@ import ( "testing" dbus "github.com/godbus/dbus/v5" - devices "github.com/opencontainers/runc/libcontainer/cgroups/devices/config" + devices "github.com/opencontainers/cgroups/devices/config" "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/configs/validate" "github.com/opencontainers/runtime-spec/specs-go" diff --git a/libcontainer/state_linux.go b/libcontainer/state_linux.go index 64f43e8fbae..2b7b8b5bc36 100644 --- a/libcontainer/state_linux.go +++ b/libcontainer/state_linux.go @@ -5,7 +5,7 @@ import ( "os" "path/filepath" - "github.com/opencontainers/runc/libcontainer/cgroups" + "github.com/opencontainers/cgroups" "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runtime-spec/specs-go" "golang.org/x/sys/unix" diff --git a/libcontainer/stats_linux.go b/libcontainer/stats_linux.go index fff9dd37af3..e776aad4354 100644 --- a/libcontainer/stats_linux.go +++ b/libcontainer/stats_linux.go @@ -1,7 +1,7 @@ package libcontainer import ( - "github.com/opencontainers/runc/libcontainer/cgroups" + "github.com/opencontainers/cgroups" "github.com/opencontainers/runc/libcontainer/intelrdt" "github.com/opencontainers/runc/types" ) diff --git a/main.go b/main.go index cac34ce0346..2242f9301e1 100644 --- a/main.go +++ b/main.go @@ -11,7 +11,7 @@ import ( "strings" //nolint:revive // Enable cgroup manager to manage devices - _ "github.com/opencontainers/runc/libcontainer/cgroups/devices" + _ "github.com/opencontainers/cgroups/devices" "github.com/opencontainers/runc/libcontainer/seccomp" "github.com/opencontainers/runtime-spec/specs-go" diff --git a/rootless_linux.go b/rootless_linux.go index 6ba178b5392..f9d9a42ba0a 100644 --- a/rootless_linux.go +++ b/rootless_linux.go @@ -7,7 +7,7 @@ import ( "github.com/sirupsen/logrus" "github.com/urfave/cli" - "github.com/opencontainers/runc/libcontainer/cgroups/systemd" + "github.com/opencontainers/cgroups/systemd" ) func shouldUseRootlessCgroupManager(context *cli.Context) (bool, error) { diff --git a/tests/cmd/sd-helper/helper.go b/tests/cmd/sd-helper/helper.go index be7de3e5802..0820c2ef9d0 100644 --- a/tests/cmd/sd-helper/helper.go +++ b/tests/cmd/sd-helper/helper.go @@ -7,14 +7,14 @@ import ( "github.com/sirupsen/logrus" - "github.com/opencontainers/runc/libcontainer/cgroups" - "github.com/opencontainers/runc/libcontainer/cgroups/systemd" + "github.com/opencontainers/cgroups" + "github.com/opencontainers/cgroups/systemd" ) func usage() { fmt.Print(`Open Container Initiative tests/cmd/sd-helper -sd-helper is a tool that uses runc/libcontainer/cgroups/systemd package +sd-helper is a tool that uses github.com/opencontainers/groups/systemd package functionality to communicate to systemd in order to perform various operations. Currently this is limited to starting and stopping systemd transient slice units. diff --git a/tests/integration/update.bats b/tests/integration/update.bats index 22a92e8bd69..034e959fc15 100644 --- a/tests/integration/update.bats +++ b/tests/integration/update.bats @@ -221,7 +221,7 @@ EOF if [ -v HAVE_SWAP ]; then # Test case for https://github.com/opencontainers/runc/pull/592, - # checking libcontainer/cgroups/fs/memory.go:setMemoryAndSwap. + # checking github.com/opencontainers/cgroups/fs/memory.go:setMemoryAndSwap. runc update test_update --memory 30M --memory-swap 50M [ "$status" -eq 0 ] diff --git a/types/events.go b/types/events.go index e28ac8c3836..8af94236be5 100644 --- a/types/events.go +++ b/types/events.go @@ -1,7 +1,7 @@ package types import ( - "github.com/opencontainers/runc/libcontainer/cgroups" + "github.com/opencontainers/cgroups" "github.com/opencontainers/runc/libcontainer/intelrdt" ) diff --git a/update.go b/update.go index 4fef85f71fb..7a6ae70fec1 100644 --- a/update.go +++ b/update.go @@ -7,7 +7,7 @@ import ( "os" "strconv" - "github.com/opencontainers/runc/libcontainer/cgroups" + "github.com/opencontainers/cgroups" "github.com/sirupsen/logrus" "github.com/docker/go-units" diff --git a/vendor/github.com/opencontainers/cgroups/CODEOWNERS b/vendor/github.com/opencontainers/cgroups/CODEOWNERS new file mode 100644 index 00000000000..7201e35ac92 --- /dev/null +++ b/vendor/github.com/opencontainers/cgroups/CODEOWNERS @@ -0,0 +1 @@ +* @maintainer1 @maintainer2 @maintainer3 diff --git a/vendor/github.com/opencontainers/cgroups/CONTRIBUTING.md b/vendor/github.com/opencontainers/cgroups/CONTRIBUTING.md new file mode 100644 index 00000000000..135abcf02fd --- /dev/null +++ b/vendor/github.com/opencontainers/cgroups/CONTRIBUTING.md @@ -0,0 +1,150 @@ +# Contribution Guidelines + +Development happens on GitHub. +Issues are used for bugs and actionable items and longer discussions can happen on the [mailing list](#mailing-list). + +The content of this repository is licensed under the [Apache License, Version 2.0](LICENSE). + +## Code of Conduct + +Participation in the Open Container community is governed by [Open Container Code of Conduct][code-of-conduct]. + +## Meetings + +The contributors and maintainers of all OCI projects have monthly meetings at 2:00 PM (USA Pacific) on the first Wednesday of every month. +There is an [iCalendar][rfc5545] format for the meetings [here][meeting.ics]. +Everyone is welcome to participate via [UberConference web][UberConference] or audio-only: +1 415 968 0849 (no PIN needed). +An initial agenda will be posted to the [mailing list](#mailing-list) in the week before each meeting, and everyone is welcome to propose additional topics or suggest other agenda alterations there. +Minutes from past meetings are archived [here][minutes]. + +## Mailing list + +You can subscribe and browse the mailing list on [Google Groups][mailing-list]. + +## IRC + +OCI discussion happens on #opencontainers on [Freenode][] ([logs][irc-logs]). + +## Git + +### Security issues + +If you are reporting a security issue, do not create an issue or file a pull +request on GitHub. Instead, disclose the issue responsibly by sending an email +to security@opencontainers.org (which is inhabited only by the maintainers of +the various OCI projects). + +### Pull requests are always welcome + +We are always thrilled to receive pull requests, and do our best to +process them as fast as possible. Not sure if that typo is worth a pull +request? Do it! We will appreciate it. + +If your pull request is not accepted on the first try, don't be +discouraged! If there's a problem with the implementation, hopefully you +received feedback on what to improve. + +We're trying very hard to keep the project lean and focused. We don't want it +to do everything for everybody. This means that we might decide against +incorporating a new feature. + +### Conventions + +Fork the repo and make changes on your fork in a feature branch. +For larger bugs and enhancements, consider filing a leader issue or mailing-list thread for discussion that is independent of the implementation. +Small changes or changes that have been discussed on the [project mailing list](#mailing-list) may be submitted without a leader issue. + +If the project has a test suite, submit unit tests for your changes. Take a +look at existing tests for inspiration. Run the full test suite on your branch +before submitting a pull request. + +Update the documentation when creating or modifying features. Test +your documentation changes for clarity, concision, and correctness, as +well as a clean documentation build. + +Pull requests descriptions should be as clear as possible and include a +reference to all the issues that they address. + +Commit messages must start with a capitalized and short summary +written in the imperative, followed by an optional, more detailed +explanatory text which is separated from the summary by an empty line. + +Code review comments may be added to your pull request. Discuss, then make the +suggested modifications and push additional commits to your feature branch. Be +sure to post a comment after pushing. The new commits will show up in the pull +request automatically, but the reviewers will not be notified unless you +comment. + +Before the pull request is merged, make sure that you squash your commits into +logical units of work using `git rebase -i` and `git push -f`. After every +commit the test suite (if any) should be passing. Include documentation changes +in the same commit so that a revert would remove all traces of the feature or +fix. + +Commits that fix or close an issue should include a reference like `Closes #XXX` +or `Fixes #XXX`, which will automatically close the issue when merged. + +### Sign your work + +The sign-off is a simple line at the end of the explanation for the +patch, which certifies that you wrote it or otherwise have the right to +pass it on as an open-source patch. The rules are pretty simple: if you +can certify the below (from [developercertificate.org][]): + +``` +Developer Certificate of Origin +Version 1.1 + +Copyright (C) 2004, 2006 The Linux Foundation and its contributors. +1 Letterman Drive +Suite D4700 +San Francisco, CA, 94129 + +Everyone is permitted to copy and distribute verbatim copies of this +license document, but changing it is not allowed. + + +Developer's Certificate of Origin 1.1 + +By making a contribution to this project, I certify that: + +(a) The contribution was created in whole or in part by me and I + have the right to submit it under the open source license + indicated in the file; or + +(b) The contribution is based upon previous work that, to the best + of my knowledge, is covered under an appropriate open source + license and I have the right under that license to submit that + work with modifications, whether created in whole or in part + by me, under the same open source license (unless I am + permitted to submit under a different license), as indicated + in the file; or + +(c) The contribution was provided directly to me by some other + person who certified (a), (b) or (c) and I have not modified + it. + +(d) I understand and agree that this project and the contribution + are public and that a record of the contribution (including all + personal information I submit with it, including my sign-off) is + maintained indefinitely and may be redistributed consistent with + this project or the open source license(s) involved. +``` + +then you just add a line to every git commit message: + + Signed-off-by: Joe Smith + +using your real name (sorry, no pseudonyms or anonymous contributions.) + +You can add the sign off when creating the git commit via `git commit -s`. + +[code-of-conduct]: https://github.com/opencontainers/tob/blob/d2f9d68c1332870e40693fe077d311e0742bc73d/code-of-conduct.md +[developercertificate.org]: http://developercertificate.org/ +[Freenode]: https://freenode.net/ +[irc-logs]: http://ircbot.wl.linuxfoundation.org/eavesdrop/%23opencontainers/ +[mailing-list]: https://groups.google.com/a/opencontainers.org/forum/#!forum/dev +[meeting.ics]: https://github.com/opencontainers/runtime-spec/blob/master/meeting.ics +[minutes]: http://ircbot.wl.linuxfoundation.org/meetings/opencontainers/ +[rfc5545]: https://tools.ietf.org/html/rfc5545 +[UberConference]: https://www.uberconference.com/opencontainers diff --git a/vendor/github.com/opencontainers/cgroups/GOVERNANCE.md b/vendor/github.com/opencontainers/cgroups/GOVERNANCE.md new file mode 100644 index 00000000000..3b7b32f788c --- /dev/null +++ b/vendor/github.com/opencontainers/cgroups/GOVERNANCE.md @@ -0,0 +1,63 @@ +# Project governance + +The [OCI charter][charter] §5.b.viii tasks an OCI Project's maintainers (listed in the repository's MAINTAINERS file and sometimes referred to as "the TDC", [§5.e][charter]) with: + +> Creating, maintaining and enforcing governance guidelines for the TDC, approved by the maintainers, and which shall be posted visibly for the TDC. + +This section describes generic rules and procedures for fulfilling that mandate. + +## Proposing a motion + +A maintainer SHOULD propose a motion on the dev@opencontainers.org mailing list (except [security issues](#security-issues)) with another maintainer as a co-sponsor. + +## Voting + +Voting on a proposed motion SHOULD happen on the dev@opencontainers.org mailing list (except [security issues](#security-issues)) with maintainers posting LGTM or REJECT. +Maintainers MAY also explicitly not vote by posting ABSTAIN (which is useful to revert a previous vote). +Maintainers MAY post multiple times (e.g. as they revise their position based on feedback), but only their final post counts in the tally. +A proposed motion is adopted if two-thirds of votes cast, a quorum having voted, are in favor of the release. + +Voting SHOULD remain open for a week to collect feedback from the wider community and allow the maintainers to digest the proposed motion. +Under exceptional conditions (e.g. non-major security fix releases) proposals which reach quorum with unanimous support MAY be adopted earlier. + +A maintainer MAY choose to reply with REJECT. +A maintainer posting a REJECT MUST include a list of concerns or links to written documentation for those concerns (e.g. GitHub issues or mailing-list threads). +The maintainers SHOULD try to resolve the concerns and wait for the rejecting maintainer to change their opinion to LGTM. +However, a motion MAY be adopted with REJECTs, as outlined in the previous paragraphs. + +## Quorum + +A quorum is established when at least two-thirds of maintainers have voted. + +For projects that are not specifications, a [motion to release](#release-approval) MAY be adopted if the tally is at least three LGTMs and no REJECTs, even if three votes does not meet the usual two-thirds quorum. + +## Amendments + +The [project governance](#project-governance) rules and procedures MAY be amended or replaced using the procedures themselves. +The MAINTAINERS of this project governance document is the total set of MAINTAINERS from all Open Containers projects (go-digest, image-spec, image-tools, runC, runtime-spec, runtime-tools, and selinux). + +## Subject templates + +Maintainers are busy and get lots of email. +To make project proposals recognizable, proposed motions SHOULD use the following subject templates. + +### Proposing a motion + +> [{project} VOTE]: {motion description} (closes {end of voting window}) + +For example: + +> [runtime-spec VOTE]: Tag 0647920 as 1.0.0-rc (closes 2016-06-03 20:00 UTC) + +### Tallying results + +After voting closes, a maintainer SHOULD post a tally to the motion thread with a subject template like: + +> [{project} {status}]: {motion description} (+{LGTMs} -{REJECTs} #{ABSTAINs}) + +Where `{status}` is either `adopted` or `rejected`. +For example: + +> [runtime-spec adopted]: Tag 0647920 as 1.0.0-rc (+6 -0 #3) + +[charter]: https://www.opencontainers.org/about/governance diff --git a/vendor/github.com/opencontainers/cgroups/LICENSE b/vendor/github.com/opencontainers/cgroups/LICENSE new file mode 100644 index 00000000000..8dada3edaf5 --- /dev/null +++ b/vendor/github.com/opencontainers/cgroups/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/vendor/github.com/opencontainers/cgroups/MAINTAINERS b/vendor/github.com/opencontainers/cgroups/MAINTAINERS new file mode 100644 index 00000000000..413edcb7d33 --- /dev/null +++ b/vendor/github.com/opencontainers/cgroups/MAINTAINERS @@ -0,0 +1,8 @@ +Akihiro Suda (@AkihiroSuda) +Aleksa Sarai (@cyphar) +Kir Kolyshkin (@kolyshkin) +Mrunal Patel (@mrunalp) +Sebastiaan van Stijn (@thaJeztah) +Odin Ugedal (@odinuge) +Peter Hunt (@haircommander) +Davanum Srinivas (@dims) diff --git a/vendor/github.com/opencontainers/cgroups/MAINTAINERS_GUIDE.md b/vendor/github.com/opencontainers/cgroups/MAINTAINERS_GUIDE.md new file mode 100644 index 00000000000..8e96917473f --- /dev/null +++ b/vendor/github.com/opencontainers/cgroups/MAINTAINERS_GUIDE.md @@ -0,0 +1,92 @@ +## Introduction + +Dear maintainer. Thank you for investing the time and energy to help +make this project as useful as possible. Maintaining a project is difficult, +sometimes unrewarding work. Sure, you will get to contribute cool +features to the project. But most of your time will be spent reviewing, +cleaning up, documenting, answering questions, justifying design +decisions - while everyone has all the fun! But remember - the quality +of the maintainers work is what distinguishes the good projects from the +great. So please be proud of your work, even the unglamourous parts, +and encourage a culture of appreciation and respect for *every* aspect +of improving the project - not just the hot new features. + +This document is a manual for maintainers old and new. It explains what +is expected of maintainers, how they should work, and what tools are +available to them. + +This is a living document - if you see something out of date or missing, +speak up! + +## What are a maintainer's responsibilities? + +It is every maintainer's responsibility to: + +* Expose a clear roadmap for improving their component. +* Deliver prompt feedback and decisions on pull requests. +* Be available to anyone with questions, bug reports, criticism etc. on their component. + This includes IRC and GitHub issues and pull requests. +* Make sure their component respects the philosophy, design and roadmap of the project. + +## How are decisions made? + +This project is an open-source project with an open design philosophy. This +means that the repository is the source of truth for EVERY aspect of the +project, including its philosophy, design, roadmap and APIs. *If it's +part of the project, it's in the repo. It's in the repo, it's part of +the project.* + +As a result, all decisions can be expressed as changes to the +repository. An implementation change is a change to the source code. An +API change is a change to the API specification. A philosophy change is +a change to the philosophy manifesto. And so on. + +All decisions affecting this project, big and small, follow the same procedure: + +1. Discuss a proposal on the [mailing list](CONTRIBUTING.md#mailing-list). + Anyone can do this. +2. Open a pull request. + Anyone can do this. +3. Discuss the pull request. + Anyone can do this. +4. Endorse (`LGTM`) or oppose (`Rejected`) the pull request. + The relevant maintainers do this (see below [Who decides what?](#who-decides-what)). + Changes that affect project management (changing policy, cutting releases, etc.) are [proposed and voted on the mailing list](GOVERNANCE.md). +5. Merge or close the pull request. + The relevant maintainers do this. + +### I'm a maintainer, should I make pull requests too? + +Yes. Nobody should ever push to master directly. All changes should be +made through a pull request. + +## Who decides what? + +All decisions are pull requests, and the relevant maintainers make +decisions by accepting or refusing the pull request. Review and acceptance +by anyone is denoted by adding a comment in the pull request: `LGTM`. +However, only currently listed `MAINTAINERS` are counted towards the required +two LGTMs. In addition, if a maintainer has created a pull request, they cannot +count toward the two LGTM rule (to ensure equal amounts of review for every pull +request, no matter who wrote it). + +Overall the maintainer system works because of mutual respect. +The maintainers trust one another to act in the best interests of the project. +Sometimes maintainers can disagree and this is part of a healthy project to represent the points of view of various people. +In the case where maintainers cannot find agreement on a specific change, maintainers should use the [governance procedure](GOVERNANCE.md) to attempt to reach a consensus. + +### How are maintainers added? + +The best maintainers have a vested interest in the project. Maintainers +are first and foremost contributors that have shown they are committed to +the long term success of the project. Contributors wanting to become +maintainers are expected to be deeply involved in contributing code, +pull request review, and triage of issues in the project for more than two months. + +Just contributing does not make you a maintainer, it is about building trust with the current maintainers of the project and being a person that they can depend on to act in the best interest of the project. +The final vote to add a new maintainer should be approved by the [governance procedure](GOVERNANCE.md). + +### How are maintainers removed? + +When a maintainer is unable to perform the [required duties](#what-are-a-maintainers-responsibilities) they can be removed by the [governance procedure](GOVERNANCE.md). +Issues related to a maintainer's performance should be discussed with them among the other maintainers so that they are not surprised by a pull request removing them. diff --git a/vendor/github.com/opencontainers/cgroups/README.md b/vendor/github.com/opencontainers/cgroups/README.md new file mode 100644 index 00000000000..a8187da1e8c --- /dev/null +++ b/vendor/github.com/opencontainers/cgroups/README.md @@ -0,0 +1,11 @@ +# OCI Project Template + +Useful boilerplate and organizational information for all OCI projects. + +* README (this file) +* [The Apache License, Version 2.0](LICENSE) +* [A list of maintainers](MAINTAINERS) +* [Maintainer guidelines](MAINTAINERS_GUIDE.md) +* [Contributor guidelines](CONTRIBUTING.md) +* [Project governance](GOVERNANCE.md) +* [Release procedures](RELEASES.md) diff --git a/vendor/github.com/opencontainers/cgroups/RELEASES.md b/vendor/github.com/opencontainers/cgroups/RELEASES.md new file mode 100644 index 00000000000..028ec265df9 --- /dev/null +++ b/vendor/github.com/opencontainers/cgroups/RELEASES.md @@ -0,0 +1,51 @@ +# Releases + +The release process hopes to encourage early, consistent consensus-building during project development. +The mechanisms used are regular community communication on the mailing list about progress, scheduled meetings for issue resolution and release triage, and regularly paced and communicated releases. +Releases are proposed and adopted or rejected using the usual [project governance](GOVERNANCE.md) rules and procedures. + +An anti-pattern that we want to avoid is heavy development or discussions "late cycle" around major releases. +We want to build a community that is involved and communicates consistently through all releases instead of relying on "silent periods" as a judge of stability. + +## Parallel releases + +A single project MAY consider several motions to release in parallel. +However each motion to release after the initial 0.1.0 MUST be based on a previous release that has already landed. + +For example, runtime-spec maintainers may propose a v1.0.0-rc2 on the 1st of the month and a v0.9.1 bugfix on the 2nd of the month. +They may not propose a v1.0.0-rc3 until the v1.0.0-rc2 is accepted (on the 7th if the vote initiated on the 1st passes). + +## Specifications + +The OCI maintains three categories of projects: specifications, applications, and conformance-testing tools. +However, specification releases have special restrictions in the [OCI charter][charter]: + +* They are the target of backwards compatibility (§7.g), and +* They are subject to the OFWa patent grant (§8.d and e). + +To avoid unfortunate side effects (onerous backwards compatibity requirements or Member resignations), the following additional procedures apply to specification releases: + +### Planning a release + +Every OCI specification project SHOULD hold meetings that involve maintainers reviewing pull requests, debating outstanding issues, and planning releases. +This meeting MUST be advertised on the project README and MAY happen on a phone call, video conference, or on IRC. +Maintainers MUST send updates to the dev@opencontainers.org with results of these meetings. + +Before the specification reaches v1.0.0, the meetings SHOULD be weekly. +Once a specification has reached v1.0.0, the maintainers may alter the cadence, but a meeting MUST be held within four weeks of the previous meeting. + +The release plans, corresponding milestones and estimated due dates MUST be published on GitHub (e.g. https://github.com/opencontainers/runtime-spec/milestones). +GitHub milestones and issues are only used for community organization and all releases MUST follow the [project governance](GOVERNANCE.md) rules and procedures. + +### Timelines + +Specifications have a variety of different timelines in their lifecycle. + +* Pre-v1.0.0 specifications SHOULD release on a monthly cadence to garner feedback. +* Major specification releases MUST release at least three release candidates spaced a minimum of one week apart. + This means a major release like a v1.0.0 or v2.0.0 release will take 1 month at minimum: one week for rc1, one week for rc2, one week for rc3, and one week for the major release itself. + Maintainers SHOULD strive to make zero breaking changes during this cycle of release candidates and SHOULD restart the three-candidate count when a breaking change is introduced. + For example if a breaking change is introduced in v1.0.0-rc2 then the series would end with v1.0.0-rc4 and v1.0.0. +* Minor and patch releases SHOULD be made on an as-needed basis. + +[charter]: https://www.opencontainers.org/about/governance diff --git a/libcontainer/cgroups/cgroups.go b/vendor/github.com/opencontainers/cgroups/cgroups.go similarity index 97% rename from libcontainer/cgroups/cgroups.go rename to vendor/github.com/opencontainers/cgroups/cgroups.go index 719489c02ea..1f127550c08 100644 --- a/libcontainer/cgroups/cgroups.go +++ b/vendor/github.com/opencontainers/cgroups/cgroups.go @@ -16,7 +16,7 @@ var ( // DevicesSetV1 and DevicesSetV2 are functions to set devices for // cgroup v1 and v2, respectively. Unless - // [github.com/opencontainers/runc/libcontainer/cgroups/devices] + // [github.com/opencontainers/cgroups/devices] // package is imported, it is set to nil, so cgroup managers can't // manage devices. DevicesSetV1 func(path string, r *Resources) error diff --git a/libcontainer/cgroups/config_blkio_device.go b/vendor/github.com/opencontainers/cgroups/config_blkio_device.go similarity index 100% rename from libcontainer/cgroups/config_blkio_device.go rename to vendor/github.com/opencontainers/cgroups/config_blkio_device.go diff --git a/libcontainer/cgroups/config_hugepages.go b/vendor/github.com/opencontainers/cgroups/config_hugepages.go similarity index 100% rename from libcontainer/cgroups/config_hugepages.go rename to vendor/github.com/opencontainers/cgroups/config_hugepages.go diff --git a/libcontainer/cgroups/config_ifprio_map.go b/vendor/github.com/opencontainers/cgroups/config_ifprio_map.go similarity index 100% rename from libcontainer/cgroups/config_ifprio_map.go rename to vendor/github.com/opencontainers/cgroups/config_ifprio_map.go diff --git a/libcontainer/cgroups/config_linux.go b/vendor/github.com/opencontainers/cgroups/config_linux.go similarity index 98% rename from libcontainer/cgroups/config_linux.go rename to vendor/github.com/opencontainers/cgroups/config_linux.go index 3052ef50da4..ce98b3d7847 100644 --- a/libcontainer/cgroups/config_linux.go +++ b/vendor/github.com/opencontainers/cgroups/config_linux.go @@ -2,7 +2,7 @@ package cgroups import ( systemdDbus "github.com/coreos/go-systemd/v22/dbus" - devices "github.com/opencontainers/runc/libcontainer/cgroups/devices/config" + devices "github.com/opencontainers/cgroups/devices/config" ) type FreezerState string diff --git a/libcontainer/cgroups/config_rdma.go b/vendor/github.com/opencontainers/cgroups/config_rdma.go similarity index 100% rename from libcontainer/cgroups/config_rdma.go rename to vendor/github.com/opencontainers/cgroups/config_rdma.go diff --git a/libcontainer/cgroups/config_unsupported.go b/vendor/github.com/opencontainers/cgroups/config_unsupported.go similarity index 100% rename from libcontainer/cgroups/config_unsupported.go rename to vendor/github.com/opencontainers/cgroups/config_unsupported.go diff --git a/libcontainer/cgroups/devices/config/device.go b/vendor/github.com/opencontainers/cgroups/devices/config/device.go similarity index 100% rename from libcontainer/cgroups/devices/config/device.go rename to vendor/github.com/opencontainers/cgroups/devices/config/device.go diff --git a/libcontainer/cgroups/devices/config/mknod_unix.go b/vendor/github.com/opencontainers/cgroups/devices/config/mknod_unix.go similarity index 100% rename from libcontainer/cgroups/devices/config/mknod_unix.go rename to vendor/github.com/opencontainers/cgroups/devices/config/mknod_unix.go diff --git a/libcontainer/cgroups/devices/devicefilter.go b/vendor/github.com/opencontainers/cgroups/devices/devicefilter.go similarity index 98% rename from libcontainer/cgroups/devices/devicefilter.go rename to vendor/github.com/opencontainers/cgroups/devices/devicefilter.go index 416c7f27a99..aafa0d0b260 100644 --- a/libcontainer/cgroups/devices/devicefilter.go +++ b/vendor/github.com/opencontainers/cgroups/devices/devicefilter.go @@ -13,7 +13,7 @@ import ( "strconv" "github.com/cilium/ebpf/asm" - devices "github.com/opencontainers/runc/libcontainer/cgroups/devices/config" + devices "github.com/opencontainers/cgroups/devices/config" "golang.org/x/sys/unix" ) diff --git a/libcontainer/cgroups/devices/devices.go b/vendor/github.com/opencontainers/cgroups/devices/devices.go similarity index 75% rename from libcontainer/cgroups/devices/devices.go rename to vendor/github.com/opencontainers/cgroups/devices/devices.go index 844d0563b59..2cfd7d0ffef 100644 --- a/libcontainer/cgroups/devices/devices.go +++ b/vendor/github.com/opencontainers/cgroups/devices/devices.go @@ -5,8 +5,8 @@ package devices import ( - "github.com/opencontainers/runc/libcontainer/cgroups" - "github.com/opencontainers/runc/libcontainer/cgroups/systemd" + "github.com/opencontainers/cgroups" + "github.com/opencontainers/cgroups/systemd" ) func init() { diff --git a/libcontainer/cgroups/devices/devices_emulator.go b/vendor/github.com/opencontainers/cgroups/devices/devices_emulator.go similarity index 99% rename from libcontainer/cgroups/devices/devices_emulator.go rename to vendor/github.com/opencontainers/cgroups/devices/devices_emulator.go index 81ff206a9e1..ab1826826f6 100644 --- a/libcontainer/cgroups/devices/devices_emulator.go +++ b/vendor/github.com/opencontainers/cgroups/devices/devices_emulator.go @@ -26,7 +26,7 @@ import ( "strconv" "strings" - devices "github.com/opencontainers/runc/libcontainer/cgroups/devices/config" + devices "github.com/opencontainers/cgroups/devices/config" ) // deviceMeta is a Rule without the Allow or Permissions fields, and no diff --git a/libcontainer/cgroups/devices/ebpf_linux.go b/vendor/github.com/opencontainers/cgroups/devices/ebpf_linux.go similarity index 100% rename from libcontainer/cgroups/devices/ebpf_linux.go rename to vendor/github.com/opencontainers/cgroups/devices/ebpf_linux.go diff --git a/libcontainer/cgroups/devices/systemd.go b/vendor/github.com/opencontainers/cgroups/devices/systemd.go similarity index 98% rename from libcontainer/cgroups/devices/systemd.go rename to vendor/github.com/opencontainers/cgroups/devices/systemd.go index 47ba7182b3d..010f7f22ee2 100644 --- a/libcontainer/cgroups/devices/systemd.go +++ b/vendor/github.com/opencontainers/cgroups/devices/systemd.go @@ -11,8 +11,8 @@ import ( "github.com/godbus/dbus/v5" "github.com/sirupsen/logrus" - "github.com/opencontainers/runc/libcontainer/cgroups" - devices "github.com/opencontainers/runc/libcontainer/cgroups/devices/config" + "github.com/opencontainers/cgroups" + devices "github.com/opencontainers/cgroups/devices/config" ) // systemdProperties takes the configured device rules and generates a diff --git a/libcontainer/cgroups/devices/v1.go b/vendor/github.com/opencontainers/cgroups/devices/v1.go similarity index 94% rename from libcontainer/cgroups/devices/v1.go rename to vendor/github.com/opencontainers/cgroups/devices/v1.go index 27a7ab29494..8d0986dd379 100644 --- a/libcontainer/cgroups/devices/v1.go +++ b/vendor/github.com/opencontainers/cgroups/devices/v1.go @@ -6,8 +6,8 @@ import ( "reflect" "github.com/moby/sys/userns" - "github.com/opencontainers/runc/libcontainer/cgroups" - devices "github.com/opencontainers/runc/libcontainer/cgroups/devices/config" + "github.com/opencontainers/cgroups" + devices "github.com/opencontainers/cgroups/devices/config" ) var testingSkipFinalCheck bool diff --git a/libcontainer/cgroups/devices/v2.go b/vendor/github.com/opencontainers/cgroups/devices/v2.go similarity index 93% rename from libcontainer/cgroups/devices/v2.go rename to vendor/github.com/opencontainers/cgroups/devices/v2.go index 911d1ce2fd6..d54298f7e76 100644 --- a/libcontainer/cgroups/devices/v2.go +++ b/vendor/github.com/opencontainers/cgroups/devices/v2.go @@ -6,8 +6,8 @@ import ( "github.com/moby/sys/userns" "golang.org/x/sys/unix" - "github.com/opencontainers/runc/libcontainer/cgroups" - devices "github.com/opencontainers/runc/libcontainer/cgroups/devices/config" + "github.com/opencontainers/cgroups" + devices "github.com/opencontainers/cgroups/devices/config" ) func isRWM(perms devices.Permissions) bool { diff --git a/libcontainer/cgroups/file.go b/vendor/github.com/opencontainers/cgroups/file.go similarity index 100% rename from libcontainer/cgroups/file.go rename to vendor/github.com/opencontainers/cgroups/file.go diff --git a/libcontainer/cgroups/fs/blkio.go b/vendor/github.com/opencontainers/cgroups/fs/blkio.go similarity index 99% rename from libcontainer/cgroups/fs/blkio.go rename to vendor/github.com/opencontainers/cgroups/fs/blkio.go index 58d8ded6ae1..f3c4c5cf816 100644 --- a/libcontainer/cgroups/fs/blkio.go +++ b/vendor/github.com/opencontainers/cgroups/fs/blkio.go @@ -7,7 +7,7 @@ import ( "strconv" "strings" - "github.com/opencontainers/runc/libcontainer/cgroups" + "github.com/opencontainers/cgroups" ) type BlkioGroup struct { diff --git a/libcontainer/cgroups/fs/cpu.go b/vendor/github.com/opencontainers/cgroups/fs/cpu.go similarity index 97% rename from libcontainer/cgroups/fs/cpu.go rename to vendor/github.com/opencontainers/cgroups/fs/cpu.go index e3dd1ebe387..3e05788a3f6 100644 --- a/libcontainer/cgroups/fs/cpu.go +++ b/vendor/github.com/opencontainers/cgroups/fs/cpu.go @@ -7,8 +7,8 @@ import ( "os" "strconv" - "github.com/opencontainers/runc/libcontainer/cgroups" - "github.com/opencontainers/runc/libcontainer/cgroups/fscommon" + "github.com/opencontainers/cgroups" + "github.com/opencontainers/cgroups/fscommon" "golang.org/x/sys/unix" ) diff --git a/libcontainer/cgroups/fs/cpuacct.go b/vendor/github.com/opencontainers/cgroups/fs/cpuacct.go similarity index 97% rename from libcontainer/cgroups/fs/cpuacct.go rename to vendor/github.com/opencontainers/cgroups/fs/cpuacct.go index 53ffbb8e617..391a023c751 100644 --- a/libcontainer/cgroups/fs/cpuacct.go +++ b/vendor/github.com/opencontainers/cgroups/fs/cpuacct.go @@ -6,8 +6,8 @@ import ( "strconv" "strings" - "github.com/opencontainers/runc/libcontainer/cgroups" - "github.com/opencontainers/runc/libcontainer/cgroups/fscommon" + "github.com/opencontainers/cgroups" + "github.com/opencontainers/cgroups/fscommon" ) const ( diff --git a/libcontainer/cgroups/fs/cpuset.go b/vendor/github.com/opencontainers/cgroups/fs/cpuset.go similarity index 98% rename from libcontainer/cgroups/fs/cpuset.go rename to vendor/github.com/opencontainers/cgroups/fs/cpuset.go index f517c6b570b..ef6ff7da303 100644 --- a/libcontainer/cgroups/fs/cpuset.go +++ b/vendor/github.com/opencontainers/cgroups/fs/cpuset.go @@ -10,8 +10,8 @@ import ( "golang.org/x/sys/unix" - "github.com/opencontainers/runc/libcontainer/cgroups" - "github.com/opencontainers/runc/libcontainer/cgroups/fscommon" + "github.com/opencontainers/cgroups" + "github.com/opencontainers/cgroups/fscommon" ) var ( diff --git a/libcontainer/cgroups/fs/devices.go b/vendor/github.com/opencontainers/cgroups/fs/devices.go similarity index 93% rename from libcontainer/cgroups/fs/devices.go rename to vendor/github.com/opencontainers/cgroups/fs/devices.go index 305bb0dac58..26483ecb7dd 100644 --- a/libcontainer/cgroups/fs/devices.go +++ b/vendor/github.com/opencontainers/cgroups/fs/devices.go @@ -1,7 +1,7 @@ package fs import ( - "github.com/opencontainers/runc/libcontainer/cgroups" + "github.com/opencontainers/cgroups" ) type DevicesGroup struct{} diff --git a/libcontainer/cgroups/fs/error.go b/vendor/github.com/opencontainers/cgroups/fs/error.go similarity index 84% rename from libcontainer/cgroups/fs/error.go rename to vendor/github.com/opencontainers/cgroups/fs/error.go index f2ab6f130e3..f13033e3d8b 100644 --- a/libcontainer/cgroups/fs/error.go +++ b/vendor/github.com/opencontainers/cgroups/fs/error.go @@ -3,7 +3,7 @@ package fs import ( "fmt" - "github.com/opencontainers/runc/libcontainer/cgroups/fscommon" + "github.com/opencontainers/cgroups/fscommon" ) type parseError = fscommon.ParseError diff --git a/libcontainer/cgroups/fs/freezer.go b/vendor/github.com/opencontainers/cgroups/fs/freezer.go similarity index 98% rename from libcontainer/cgroups/fs/freezer.go rename to vendor/github.com/opencontainers/cgroups/fs/freezer.go index c959afde309..dae4a605894 100644 --- a/libcontainer/cgroups/fs/freezer.go +++ b/vendor/github.com/opencontainers/cgroups/fs/freezer.go @@ -7,7 +7,7 @@ import ( "strings" "time" - "github.com/opencontainers/runc/libcontainer/cgroups" + "github.com/opencontainers/cgroups" "github.com/sirupsen/logrus" "golang.org/x/sys/unix" ) diff --git a/libcontainer/cgroups/fs/fs.go b/vendor/github.com/opencontainers/cgroups/fs/fs.go similarity index 98% rename from libcontainer/cgroups/fs/fs.go rename to vendor/github.com/opencontainers/cgroups/fs/fs.go index 490847246e1..23a8fb8742f 100644 --- a/libcontainer/cgroups/fs/fs.go +++ b/vendor/github.com/opencontainers/cgroups/fs/fs.go @@ -8,8 +8,8 @@ import ( "golang.org/x/sys/unix" - "github.com/opencontainers/runc/libcontainer/cgroups" - "github.com/opencontainers/runc/libcontainer/cgroups/fscommon" + "github.com/opencontainers/cgroups" + "github.com/opencontainers/cgroups/fscommon" ) var subsystems = []subsystem{ diff --git a/libcontainer/cgroups/fs/hugetlb.go b/vendor/github.com/opencontainers/cgroups/fs/hugetlb.go similarity index 93% rename from libcontainer/cgroups/fs/hugetlb.go rename to vendor/github.com/opencontainers/cgroups/fs/hugetlb.go index 9800f627a33..698fd691e10 100644 --- a/libcontainer/cgroups/fs/hugetlb.go +++ b/vendor/github.com/opencontainers/cgroups/fs/hugetlb.go @@ -5,8 +5,8 @@ import ( "os" "strconv" - "github.com/opencontainers/runc/libcontainer/cgroups" - "github.com/opencontainers/runc/libcontainer/cgroups/fscommon" + "github.com/opencontainers/cgroups" + "github.com/opencontainers/cgroups/fscommon" ) type HugetlbGroup struct{} diff --git a/libcontainer/cgroups/fs/memory.go b/vendor/github.com/opencontainers/cgroups/fs/memory.go similarity index 98% rename from libcontainer/cgroups/fs/memory.go rename to vendor/github.com/opencontainers/cgroups/fs/memory.go index ad9190db130..d92f2322beb 100644 --- a/libcontainer/cgroups/fs/memory.go +++ b/vendor/github.com/opencontainers/cgroups/fs/memory.go @@ -12,8 +12,8 @@ import ( "golang.org/x/sys/unix" - "github.com/opencontainers/runc/libcontainer/cgroups" - "github.com/opencontainers/runc/libcontainer/cgroups/fscommon" + "github.com/opencontainers/cgroups" + "github.com/opencontainers/cgroups/fscommon" ) const ( diff --git a/libcontainer/cgroups/fs/name.go b/vendor/github.com/opencontainers/cgroups/fs/name.go similarity index 90% rename from libcontainer/cgroups/fs/name.go rename to vendor/github.com/opencontainers/cgroups/fs/name.go index bf51cd63244..28643519b58 100644 --- a/libcontainer/cgroups/fs/name.go +++ b/vendor/github.com/opencontainers/cgroups/fs/name.go @@ -1,7 +1,7 @@ package fs import ( - "github.com/opencontainers/runc/libcontainer/cgroups" + "github.com/opencontainers/cgroups" ) type NameGroup struct { diff --git a/libcontainer/cgroups/fs/net_cls.go b/vendor/github.com/opencontainers/cgroups/fs/net_cls.go similarity index 91% rename from libcontainer/cgroups/fs/net_cls.go rename to vendor/github.com/opencontainers/cgroups/fs/net_cls.go index ce3b3f3ae12..2bd6c5ab218 100644 --- a/libcontainer/cgroups/fs/net_cls.go +++ b/vendor/github.com/opencontainers/cgroups/fs/net_cls.go @@ -3,7 +3,7 @@ package fs import ( "strconv" - "github.com/opencontainers/runc/libcontainer/cgroups" + "github.com/opencontainers/cgroups" ) type NetClsGroup struct{} diff --git a/libcontainer/cgroups/fs/net_prio.go b/vendor/github.com/opencontainers/cgroups/fs/net_prio.go similarity index 91% rename from libcontainer/cgroups/fs/net_prio.go rename to vendor/github.com/opencontainers/cgroups/fs/net_prio.go index 3fb5050ab6a..b51682b6da0 100644 --- a/libcontainer/cgroups/fs/net_prio.go +++ b/vendor/github.com/opencontainers/cgroups/fs/net_prio.go @@ -1,7 +1,7 @@ package fs import ( - "github.com/opencontainers/runc/libcontainer/cgroups" + "github.com/opencontainers/cgroups" ) type NetPrioGroup struct{} diff --git a/libcontainer/cgroups/fs/paths.go b/vendor/github.com/opencontainers/cgroups/fs/paths.go similarity index 96% rename from libcontainer/cgroups/fs/paths.go rename to vendor/github.com/opencontainers/cgroups/fs/paths.go index 59cd13d5cba..edbe041ea8d 100644 --- a/libcontainer/cgroups/fs/paths.go +++ b/vendor/github.com/opencontainers/cgroups/fs/paths.go @@ -8,8 +8,8 @@ import ( "golang.org/x/sys/unix" - "github.com/opencontainers/runc/libcontainer/cgroups" - "github.com/opencontainers/runc/libcontainer/cgroups/internal/path" + "github.com/opencontainers/cgroups" + "github.com/opencontainers/cgroups/internal/path" ) // The absolute path to the root of the cgroup hierarchies. diff --git a/libcontainer/cgroups/fs/perf_event.go b/vendor/github.com/opencontainers/cgroups/fs/perf_event.go similarity index 88% rename from libcontainer/cgroups/fs/perf_event.go rename to vendor/github.com/opencontainers/cgroups/fs/perf_event.go index 3a04767a20f..929c412a3a7 100644 --- a/libcontainer/cgroups/fs/perf_event.go +++ b/vendor/github.com/opencontainers/cgroups/fs/perf_event.go @@ -1,7 +1,7 @@ package fs import ( - "github.com/opencontainers/runc/libcontainer/cgroups" + "github.com/opencontainers/cgroups" ) type PerfEventGroup struct{} diff --git a/libcontainer/cgroups/fs/pids.go b/vendor/github.com/opencontainers/cgroups/fs/pids.go similarity index 90% rename from libcontainer/cgroups/fs/pids.go rename to vendor/github.com/opencontainers/cgroups/fs/pids.go index 6ab094bc0bb..9319761e6ad 100644 --- a/libcontainer/cgroups/fs/pids.go +++ b/vendor/github.com/opencontainers/cgroups/fs/pids.go @@ -4,8 +4,8 @@ import ( "math" "strconv" - "github.com/opencontainers/runc/libcontainer/cgroups" - "github.com/opencontainers/runc/libcontainer/cgroups/fscommon" + "github.com/opencontainers/cgroups" + "github.com/opencontainers/cgroups/fscommon" ) type PidsGroup struct{} diff --git a/libcontainer/cgroups/fs/rdma.go b/vendor/github.com/opencontainers/cgroups/fs/rdma.go similarity index 78% rename from libcontainer/cgroups/fs/rdma.go rename to vendor/github.com/opencontainers/cgroups/fs/rdma.go index bc40c2d5bef..4b175365f27 100644 --- a/libcontainer/cgroups/fs/rdma.go +++ b/vendor/github.com/opencontainers/cgroups/fs/rdma.go @@ -1,8 +1,8 @@ package fs import ( - "github.com/opencontainers/runc/libcontainer/cgroups" - "github.com/opencontainers/runc/libcontainer/cgroups/fscommon" + "github.com/opencontainers/cgroups" + "github.com/opencontainers/cgroups/fscommon" ) type RdmaGroup struct{} diff --git a/libcontainer/cgroups/fs2/cpu.go b/vendor/github.com/opencontainers/cgroups/fs2/cpu.go similarity index 95% rename from libcontainer/cgroups/fs2/cpu.go rename to vendor/github.com/opencontainers/cgroups/fs2/cpu.go index 9734f6c459a..8eae67351cf 100644 --- a/libcontainer/cgroups/fs2/cpu.go +++ b/vendor/github.com/opencontainers/cgroups/fs2/cpu.go @@ -8,8 +8,8 @@ import ( "golang.org/x/sys/unix" - "github.com/opencontainers/runc/libcontainer/cgroups" - "github.com/opencontainers/runc/libcontainer/cgroups/fscommon" + "github.com/opencontainers/cgroups" + "github.com/opencontainers/cgroups/fscommon" ) func isCPUSet(r *cgroups.Resources) bool { diff --git a/libcontainer/cgroups/fs2/cpuset.go b/vendor/github.com/opencontainers/cgroups/fs2/cpuset.go similarity index 89% rename from libcontainer/cgroups/fs2/cpuset.go rename to vendor/github.com/opencontainers/cgroups/fs2/cpuset.go index 7c3326e37fe..9399919a062 100644 --- a/libcontainer/cgroups/fs2/cpuset.go +++ b/vendor/github.com/opencontainers/cgroups/fs2/cpuset.go @@ -1,7 +1,7 @@ package fs2 import ( - "github.com/opencontainers/runc/libcontainer/cgroups" + "github.com/opencontainers/cgroups" ) func isCpusetSet(r *cgroups.Resources) bool { diff --git a/libcontainer/cgroups/fs2/create.go b/vendor/github.com/opencontainers/cgroups/fs2/create.go similarity index 98% rename from libcontainer/cgroups/fs2/create.go rename to vendor/github.com/opencontainers/cgroups/fs2/create.go index 9427aae600a..565ca883079 100644 --- a/libcontainer/cgroups/fs2/create.go +++ b/vendor/github.com/opencontainers/cgroups/fs2/create.go @@ -6,7 +6,7 @@ import ( "path/filepath" "strings" - "github.com/opencontainers/runc/libcontainer/cgroups" + "github.com/opencontainers/cgroups" ) func supportedControllers() (string, error) { diff --git a/libcontainer/cgroups/fs2/defaultpath.go b/vendor/github.com/opencontainers/cgroups/fs2/defaultpath.go similarity index 94% rename from libcontainer/cgroups/fs2/defaultpath.go rename to vendor/github.com/opencontainers/cgroups/fs2/defaultpath.go index 6a08cceaf4b..0bc479de3a5 100644 --- a/libcontainer/cgroups/fs2/defaultpath.go +++ b/vendor/github.com/opencontainers/cgroups/fs2/defaultpath.go @@ -24,8 +24,8 @@ import ( "path/filepath" "strings" - "github.com/opencontainers/runc/libcontainer/cgroups" - "github.com/opencontainers/runc/libcontainer/cgroups/internal/path" + "github.com/opencontainers/cgroups" + "github.com/opencontainers/cgroups/internal/path" ) const UnifiedMountpoint = "/sys/fs/cgroup" diff --git a/libcontainer/cgroups/fs2/freezer.go b/vendor/github.com/opencontainers/cgroups/fs2/freezer.go similarity index 98% rename from libcontainer/cgroups/fs2/freezer.go rename to vendor/github.com/opencontainers/cgroups/fs2/freezer.go index 1f831500f23..f0192f0955d 100644 --- a/libcontainer/cgroups/fs2/freezer.go +++ b/vendor/github.com/opencontainers/cgroups/fs2/freezer.go @@ -10,7 +10,7 @@ import ( "golang.org/x/sys/unix" - "github.com/opencontainers/runc/libcontainer/cgroups" + "github.com/opencontainers/cgroups" ) func setFreezer(dirPath string, state cgroups.FreezerState) error { diff --git a/libcontainer/cgroups/fs2/fs2.go b/vendor/github.com/opencontainers/cgroups/fs2/fs2.go similarity index 98% rename from libcontainer/cgroups/fs2/fs2.go rename to vendor/github.com/opencontainers/cgroups/fs2/fs2.go index 10e4a3ad80e..c5d5a1f8ec3 100644 --- a/libcontainer/cgroups/fs2/fs2.go +++ b/vendor/github.com/opencontainers/cgroups/fs2/fs2.go @@ -6,8 +6,8 @@ import ( "os" "strings" - "github.com/opencontainers/runc/libcontainer/cgroups" - "github.com/opencontainers/runc/libcontainer/cgroups/fscommon" + "github.com/opencontainers/cgroups" + "github.com/opencontainers/cgroups/fscommon" ) type parseError = fscommon.ParseError diff --git a/libcontainer/cgroups/fs2/hugetlb.go b/vendor/github.com/opencontainers/cgroups/fs2/hugetlb.go similarity index 92% rename from libcontainer/cgroups/fs2/hugetlb.go rename to vendor/github.com/opencontainers/cgroups/fs2/hugetlb.go index 117b69f50bd..8e1ac874a58 100644 --- a/libcontainer/cgroups/fs2/hugetlb.go +++ b/vendor/github.com/opencontainers/cgroups/fs2/hugetlb.go @@ -5,8 +5,8 @@ import ( "os" "strconv" - "github.com/opencontainers/runc/libcontainer/cgroups" - "github.com/opencontainers/runc/libcontainer/cgroups/fscommon" + "github.com/opencontainers/cgroups" + "github.com/opencontainers/cgroups/fscommon" ) func isHugeTlbSet(r *cgroups.Resources) bool { diff --git a/libcontainer/cgroups/fs2/io.go b/vendor/github.com/opencontainers/cgroups/fs2/io.go similarity index 98% rename from libcontainer/cgroups/fs2/io.go rename to vendor/github.com/opencontainers/cgroups/fs2/io.go index 2da1449eba5..0f6ef7fea55 100644 --- a/libcontainer/cgroups/fs2/io.go +++ b/vendor/github.com/opencontainers/cgroups/fs2/io.go @@ -10,7 +10,7 @@ import ( "github.com/sirupsen/logrus" - "github.com/opencontainers/runc/libcontainer/cgroups" + "github.com/opencontainers/cgroups" ) func isIoSet(r *cgroups.Resources) bool { diff --git a/libcontainer/cgroups/fs2/memory.go b/vendor/github.com/opencontainers/cgroups/fs2/memory.go similarity index 98% rename from libcontainer/cgroups/fs2/memory.go rename to vendor/github.com/opencontainers/cgroups/fs2/memory.go index f314755f4de..d67fd8aba55 100644 --- a/libcontainer/cgroups/fs2/memory.go +++ b/vendor/github.com/opencontainers/cgroups/fs2/memory.go @@ -10,8 +10,8 @@ import ( "golang.org/x/sys/unix" - "github.com/opencontainers/runc/libcontainer/cgroups" - "github.com/opencontainers/runc/libcontainer/cgroups/fscommon" + "github.com/opencontainers/cgroups" + "github.com/opencontainers/cgroups/fscommon" ) // numToStr converts an int64 value to a string for writing to a diff --git a/libcontainer/cgroups/fs2/misc.go b/vendor/github.com/opencontainers/cgroups/fs2/misc.go similarity index 87% rename from libcontainer/cgroups/fs2/misc.go rename to vendor/github.com/opencontainers/cgroups/fs2/misc.go index f0b292aa015..f20136b66dc 100644 --- a/libcontainer/cgroups/fs2/misc.go +++ b/vendor/github.com/opencontainers/cgroups/fs2/misc.go @@ -5,8 +5,8 @@ import ( "os" "strings" - "github.com/opencontainers/runc/libcontainer/cgroups" - "github.com/opencontainers/runc/libcontainer/cgroups/fscommon" + "github.com/opencontainers/cgroups" + "github.com/opencontainers/cgroups/fscommon" ) func statMisc(dirPath string, stats *cgroups.Stats) error { diff --git a/libcontainer/cgroups/fs2/pids.go b/vendor/github.com/opencontainers/cgroups/fs2/pids.go similarity index 92% rename from libcontainer/cgroups/fs2/pids.go rename to vendor/github.com/opencontainers/cgroups/fs2/pids.go index 86d2f567309..9b82b90115e 100644 --- a/libcontainer/cgroups/fs2/pids.go +++ b/vendor/github.com/opencontainers/cgroups/fs2/pids.go @@ -8,8 +8,8 @@ import ( "golang.org/x/sys/unix" - "github.com/opencontainers/runc/libcontainer/cgroups" - "github.com/opencontainers/runc/libcontainer/cgroups/fscommon" + "github.com/opencontainers/cgroups" + "github.com/opencontainers/cgroups/fscommon" ) func isPidsSet(r *cgroups.Resources) bool { diff --git a/libcontainer/cgroups/fs2/psi.go b/vendor/github.com/opencontainers/cgroups/fs2/psi.go similarity index 97% rename from libcontainer/cgroups/fs2/psi.go rename to vendor/github.com/opencontainers/cgroups/fs2/psi.go index ac765affbaf..010fe0bff27 100644 --- a/libcontainer/cgroups/fs2/psi.go +++ b/vendor/github.com/opencontainers/cgroups/fs2/psi.go @@ -10,7 +10,7 @@ import ( "golang.org/x/sys/unix" - "github.com/opencontainers/runc/libcontainer/cgroups" + "github.com/opencontainers/cgroups" ) func statPSI(dirPath string, file string) (*cgroups.PSIStats, error) { diff --git a/libcontainer/cgroups/fscommon/rdma.go b/vendor/github.com/opencontainers/cgroups/fscommon/rdma.go similarity index 97% rename from libcontainer/cgroups/fscommon/rdma.go rename to vendor/github.com/opencontainers/cgroups/fscommon/rdma.go index 70d92a00036..86e38fdcbaa 100644 --- a/libcontainer/cgroups/fscommon/rdma.go +++ b/vendor/github.com/opencontainers/cgroups/fscommon/rdma.go @@ -10,7 +10,7 @@ import ( "golang.org/x/sys/unix" - "github.com/opencontainers/runc/libcontainer/cgroups" + "github.com/opencontainers/cgroups" ) // parseRdmaKV parses raw string to RdmaEntry. diff --git a/libcontainer/cgroups/fscommon/utils.go b/vendor/github.com/opencontainers/cgroups/fscommon/utils.go similarity index 98% rename from libcontainer/cgroups/fscommon/utils.go rename to vendor/github.com/opencontainers/cgroups/fscommon/utils.go index e11e038f25b..d8f8dfc0237 100644 --- a/libcontainer/cgroups/fscommon/utils.go +++ b/vendor/github.com/opencontainers/cgroups/fscommon/utils.go @@ -8,7 +8,7 @@ import ( "strconv" "strings" - "github.com/opencontainers/runc/libcontainer/cgroups" + "github.com/opencontainers/cgroups" ) var ( diff --git a/libcontainer/cgroups/getallpids.go b/vendor/github.com/opencontainers/cgroups/getallpids.go similarity index 100% rename from libcontainer/cgroups/getallpids.go rename to vendor/github.com/opencontainers/cgroups/getallpids.go diff --git a/libcontainer/cgroups/internal/path/path.go b/vendor/github.com/opencontainers/cgroups/internal/path/path.go similarity index 96% rename from libcontainer/cgroups/internal/path/path.go rename to vendor/github.com/opencontainers/cgroups/internal/path/path.go index 94e4917915f..a105a7cf48d 100644 --- a/libcontainer/cgroups/internal/path/path.go +++ b/vendor/github.com/opencontainers/cgroups/internal/path/path.go @@ -5,7 +5,7 @@ import ( "os" "path/filepath" - "github.com/opencontainers/runc/libcontainer/cgroups" + "github.com/opencontainers/cgroups" ) // Inner returns a path to cgroup relative to a cgroup mount point, based diff --git a/libcontainer/cgroups/manager/new.go b/vendor/github.com/opencontainers/cgroups/manager/new.go similarity index 90% rename from libcontainer/cgroups/manager/new.go rename to vendor/github.com/opencontainers/cgroups/manager/new.go index f6313b16bac..2df39e587ee 100644 --- a/libcontainer/cgroups/manager/new.go +++ b/vendor/github.com/opencontainers/cgroups/manager/new.go @@ -5,10 +5,10 @@ import ( "fmt" "path/filepath" - "github.com/opencontainers/runc/libcontainer/cgroups" - "github.com/opencontainers/runc/libcontainer/cgroups/fs" - "github.com/opencontainers/runc/libcontainer/cgroups/fs2" - "github.com/opencontainers/runc/libcontainer/cgroups/systemd" + "github.com/opencontainers/cgroups" + "github.com/opencontainers/cgroups/fs" + "github.com/opencontainers/cgroups/fs2" + "github.com/opencontainers/cgroups/systemd" ) // New returns the instance of a cgroup manager, which is chosen diff --git a/libcontainer/cgroups/stats.go b/vendor/github.com/opencontainers/cgroups/stats.go similarity index 100% rename from libcontainer/cgroups/stats.go rename to vendor/github.com/opencontainers/cgroups/stats.go diff --git a/libcontainer/cgroups/systemd/common.go b/vendor/github.com/opencontainers/cgroups/systemd/common.go similarity index 98% rename from libcontainer/cgroups/systemd/common.go rename to vendor/github.com/opencontainers/cgroups/systemd/common.go index bcd1f99eb0c..b3077bd37fa 100644 --- a/libcontainer/cgroups/systemd/common.go +++ b/vendor/github.com/opencontainers/cgroups/systemd/common.go @@ -15,7 +15,7 @@ import ( dbus "github.com/godbus/dbus/v5" "github.com/sirupsen/logrus" - "github.com/opencontainers/runc/libcontainer/cgroups" + "github.com/opencontainers/cgroups" ) const ( @@ -34,7 +34,7 @@ var ( // GenerateDeviceProps is a function to generate systemd device // properties, used by Set methods. Unless - // [github.com/opencontainers/runc/libcontainer/cgroups/devices] + // [github.com/opencontainers/cgroups/devices] // package is imported, it is set to nil, so cgroup managers can't // configure devices. GenerateDeviceProps func(r *cgroups.Resources, sdVer int) ([]systemdDbus.Property, error) diff --git a/libcontainer/cgroups/systemd/cpuset.go b/vendor/github.com/opencontainers/cgroups/systemd/cpuset.go similarity index 100% rename from libcontainer/cgroups/systemd/cpuset.go rename to vendor/github.com/opencontainers/cgroups/systemd/cpuset.go diff --git a/libcontainer/cgroups/systemd/dbus.go b/vendor/github.com/opencontainers/cgroups/systemd/dbus.go similarity index 100% rename from libcontainer/cgroups/systemd/dbus.go rename to vendor/github.com/opencontainers/cgroups/systemd/dbus.go diff --git a/libcontainer/cgroups/systemd/devices.go b/vendor/github.com/opencontainers/cgroups/systemd/devices.go similarity index 97% rename from libcontainer/cgroups/systemd/devices.go rename to vendor/github.com/opencontainers/cgroups/systemd/devices.go index 424d1c6eb81..51ca7fa11cb 100644 --- a/libcontainer/cgroups/systemd/devices.go +++ b/vendor/github.com/opencontainers/cgroups/systemd/devices.go @@ -5,7 +5,7 @@ import ( dbus "github.com/godbus/dbus/v5" - "github.com/opencontainers/runc/libcontainer/cgroups" + "github.com/opencontainers/cgroups" ) // freezeBeforeSet answers whether there is a need to freeze the cgroup before diff --git a/libcontainer/cgroups/systemd/user.go b/vendor/github.com/opencontainers/cgroups/systemd/user.go similarity index 100% rename from libcontainer/cgroups/systemd/user.go rename to vendor/github.com/opencontainers/cgroups/systemd/user.go diff --git a/libcontainer/cgroups/systemd/v1.go b/vendor/github.com/opencontainers/cgroups/systemd/v1.go similarity index 98% rename from libcontainer/cgroups/systemd/v1.go rename to vendor/github.com/opencontainers/cgroups/systemd/v1.go index cee76eb35cf..8453e9b4962 100644 --- a/libcontainer/cgroups/systemd/v1.go +++ b/vendor/github.com/opencontainers/cgroups/systemd/v1.go @@ -10,8 +10,8 @@ import ( systemdDbus "github.com/coreos/go-systemd/v22/dbus" "github.com/sirupsen/logrus" - "github.com/opencontainers/runc/libcontainer/cgroups" - "github.com/opencontainers/runc/libcontainer/cgroups/fs" + "github.com/opencontainers/cgroups" + "github.com/opencontainers/cgroups/fs" ) type LegacyManager struct { diff --git a/libcontainer/cgroups/systemd/v2.go b/vendor/github.com/opencontainers/cgroups/systemd/v2.go similarity index 99% rename from libcontainer/cgroups/systemd/v2.go rename to vendor/github.com/opencontainers/cgroups/systemd/v2.go index 7b16f528b9c..42a6e355119 100644 --- a/libcontainer/cgroups/systemd/v2.go +++ b/vendor/github.com/opencontainers/cgroups/systemd/v2.go @@ -15,8 +15,8 @@ import ( securejoin "github.com/cyphar/filepath-securejoin" "github.com/sirupsen/logrus" - "github.com/opencontainers/runc/libcontainer/cgroups" - "github.com/opencontainers/runc/libcontainer/cgroups/fs2" + "github.com/opencontainers/cgroups" + "github.com/opencontainers/cgroups/fs2" ) const ( diff --git a/libcontainer/cgroups/utils.go b/vendor/github.com/opencontainers/cgroups/utils.go similarity index 100% rename from libcontainer/cgroups/utils.go rename to vendor/github.com/opencontainers/cgroups/utils.go diff --git a/libcontainer/cgroups/v1_utils.go b/vendor/github.com/opencontainers/cgroups/v1_utils.go similarity index 100% rename from libcontainer/cgroups/v1_utils.go rename to vendor/github.com/opencontainers/cgroups/v1_utils.go diff --git a/vendor/modules.txt b/vendor/modules.txt index 16797f3ad6b..0ead139c0c5 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -51,6 +51,17 @@ github.com/moby/sys/userns # github.com/mrunalp/fileutils v0.5.1 ## explicit; go 1.13 github.com/mrunalp/fileutils +# github.com/opencontainers/cgroups v0.0.1 +## explicit; go 1.23.0 +github.com/opencontainers/cgroups +github.com/opencontainers/cgroups/devices +github.com/opencontainers/cgroups/devices/config +github.com/opencontainers/cgroups/fs +github.com/opencontainers/cgroups/fs2 +github.com/opencontainers/cgroups/fscommon +github.com/opencontainers/cgroups/internal/path +github.com/opencontainers/cgroups/manager +github.com/opencontainers/cgroups/systemd # github.com/opencontainers/runtime-spec v1.2.1 ## explicit github.com/opencontainers/runtime-spec/specs-go From d92dd2261123efcbad1ad22ffee78c61df654125 Mon Sep 17 00:00:00 2001 From: lifubang Date: Fri, 28 Feb 2025 15:09:36 +0000 Subject: [PATCH 0851/1176] performance improvement: setup signal notify in a new go routine There is a big loop(at least 65 times) in `signal.Notify`, it costs as much time as `runc init`, so we can call it in parallel ro reduce the container start time. In a general test, it can be reduced about 38.70%. Signed-off-by: lifubang (cyphar: move signal channel definition inside goroutine) Signed-off-by: Aleksa Sarai --- signals.go | 28 ++++++++++++++++++---------- utils_linux.go | 3 ++- 2 files changed, 20 insertions(+), 11 deletions(-) diff --git a/signals.go b/signals.go index e0bc7c61cab..a992dc4abeb 100644 --- a/signals.go +++ b/signals.go @@ -18,22 +18,30 @@ const signalBufferSize = 2048 // while still forwarding all other signals to the process. // If notifySocket is present, use it to read systemd notifications from the container and // forward them to notifySocketHost. -func newSignalHandler(enableSubreaper bool, notifySocket *notifySocket) *signalHandler { +func newSignalHandler(enableSubreaper bool, notifySocket *notifySocket) chan *signalHandler { if enableSubreaper { // set us as the subreaper before registering the signal handler for the container if err := system.SetSubreaper(1); err != nil { logrus.Warn(err) } } - // ensure that we have a large buffer size so that we do not miss any signals - // in case we are not processing them fast enough. - s := make(chan os.Signal, signalBufferSize) - // handle all signals for the process. - signal.Notify(s) - return &signalHandler{ - signals: s, - notifySocket: notifySocket, - } + handler := make(chan *signalHandler) + // signal.Notify is actually quite expensive, as it has to configure the + // signal mask and add signal handlers for all signals (all ~65 of them). + // So, defer this to a background thread while doing the rest of the io/tty + // setup. + go func() { + // ensure that we have a large buffer size so that we do not miss any + // signals in case we are not processing them fast enough. + s := make(chan os.Signal, signalBufferSize) + // handle all signals for the process. + signal.Notify(s) + handler <- &signalHandler{ + signals: s, + notifySocket: notifySocket, + } + }() + return handler } // exit models a process exit status with the pid and diff --git a/utils_linux.go b/utils_linux.go index c13ed585bfa..d1ac93f638b 100644 --- a/utils_linux.go +++ b/utils_linux.go @@ -246,7 +246,7 @@ func (r *runner) run(config *specs.Process) (int, error) { // Setting up IO is a two stage process. We need to modify process to deal // with detaching containers, and then we get a tty after the container has // started. - handler := newSignalHandler(r.enableSubreaper, r.notifySocket) + handlerCh := newSignalHandler(r.enableSubreaper, r.notifySocket) tty, err := setupIO(process, r.container, config.Terminal, detach, r.consoleSocket) if err != nil { return -1, err @@ -285,6 +285,7 @@ func (r *runner) run(config *specs.Process) (int, error) { return -1, err } } + handler := <-handlerCh status, err := handler.forward(process, tty, detach) if err != nil { r.terminate(process) From 10ca66bff51f5b2b360842b837848e2ec2fe930e Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 21 Oct 2024 15:50:38 -0700 Subject: [PATCH 0852/1176] runc exec: implement CPU affinity As per - https://github.com/opencontainers/runtime-spec/pull/1253 - https://github.com/opencontainers/runtime-spec/pull/1261 CPU affinity can be set in two ways: 1. When creating/starting a container, in config.json's Process.ExecCPUAffinity, which is when applied to all execs. 2. When running an exec, in process.json's CPUAffinity, which applied to a given exec and overrides the value from (1). Add some basic tests. Note that older kernels (RHEL8, Ubuntu 20.04) change CPU affinity of a process to that of a container's cgroup, as soon as it is moved to that cgroup, while newer kernels (Ubuntu 24.04, Fedora 41) don't do that. Because of the above, - it's impossible to really test initial CPU affinity without adding debug logging to libcontainer/nsenter; - for older kernels, there can be a brief moment when exec's affinity is different than either initial or final affinity being set; - exec's final CPU affinity, if not specified, can be different depending on the kernel, therefore we don't test it. Signed-off-by: Kir Kolyshkin --- CHANGELOG.md | 3 + libcontainer/configs/config.go | 91 +++++++++++++++++++++++ libcontainer/configs/tocpuset_test.go | 89 +++++++++++++++++++++++ libcontainer/container_linux.go | 4 + libcontainer/init_linux.go | 1 + libcontainer/nsenter/log.c | 9 ++- libcontainer/nsenter/log.h | 3 + libcontainer/nsenter/nsexec.c | 31 ++++++++ libcontainer/process.go | 2 + libcontainer/process_linux.go | 49 ++++++++++++- libcontainer/specconv/spec_linux.go | 5 ++ tests/integration/cpu_affinity.bats | 101 ++++++++++++++++++++++++++ utils_linux.go | 6 ++ 13 files changed, 389 insertions(+), 5 deletions(-) create mode 100644 libcontainer/configs/tocpuset_test.go create mode 100644 tests/integration/cpu_affinity.bats diff --git a/CHANGELOG.md b/CHANGELOG.md index e0bef883a83..cef1ddf5ae6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -23,6 +23,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 methods no longer ignore `Process.IOPriority` and `Process.Scheduler` settings. (#4585) +### Added + * CPU affinity support for `runc exec`. (#4327) + ## [1.2.5] - 2025-02-13 > ĐœĐ¾Ñ€Đ¾Đ· и ÑĐ¾Đ»Đ½Ñ†Đµ; Đ´ĐµĐ½ÑŒ Ñ‡ÑƒĐ´ĐµÑĐ½Ñ‹Đ¹! diff --git a/libcontainer/configs/config.go b/libcontainer/configs/config.go index 3cca1eef64b..e21971554bc 100644 --- a/libcontainer/configs/config.go +++ b/libcontainer/configs/config.go @@ -3,9 +3,13 @@ package configs import ( "bytes" "encoding/json" + "errors" "fmt" "os/exec" + "strconv" + "strings" "time" + "unsafe" "github.com/sirupsen/logrus" "golang.org/x/sys/unix" @@ -225,6 +229,9 @@ type Config struct { // IOPriority is the container's I/O priority. IOPriority *IOPriority `json:"io_priority,omitempty"` + + // ExecCPUAffinity is CPU affinity for a non-init process to be run in the container. + ExecCPUAffinity *CPUAffinity `json:"exec_cpu_affinity,omitempty"` } // Scheduler is based on the Linux sched_setattr(2) syscall. @@ -288,6 +295,90 @@ func ToSchedAttr(scheduler *Scheduler) (*unix.SchedAttr, error) { type IOPriority = specs.LinuxIOPriority +type CPUAffinity struct { + Initial, Final *unix.CPUSet +} + +func toCPUSet(str string) (*unix.CPUSet, error) { + if str == "" { + return nil, nil + } + s := new(unix.CPUSet) + + // Since (*CPUset).Set silently ignores too high CPU values, + // find out what the maximum is, and return an error. + maxCPU := uint64(unsafe.Sizeof(*s) * 8) + toInt := func(v string) (int, error) { + ret, err := strconv.ParseUint(v, 10, 32) + if err != nil { + return 0, err + } + if ret >= maxCPU { + return 0, fmt.Errorf("values larger than %d are not supported", maxCPU-1) + } + return int(ret), nil + } + + for _, r := range strings.Split(str, ",") { + // Allow extra spaces around. + r = strings.TrimSpace(r) + // Allow empty elements (extra commas). + if r == "" { + continue + } + if r0, r1, found := strings.Cut(r, "-"); found { + start, err := toInt(r0) + if err != nil { + return nil, err + } + end, err := toInt(r1) + if err != nil { + return nil, err + } + if start > end { + return nil, errors.New("invalid range: " + r) + } + for i := start; i <= end; i++ { + s.Set(i) + } + } else { + val, err := toInt(r) + if err != nil { + return nil, err + } + s.Set(val) + } + } + if s.Count() == 0 { + return nil, fmt.Errorf("no CPUs found in %q", str) + } + + return s, nil +} + +// ConvertCPUAffinity converts [specs.CPUAffinity] to [CPUAffinity]. +func ConvertCPUAffinity(sa *specs.CPUAffinity) (*CPUAffinity, error) { + if sa == nil { + return nil, nil + } + initial, err := toCPUSet(sa.Initial) + if err != nil { + return nil, fmt.Errorf("bad CPUAffinity.Initial: %w", err) + } + final, err := toCPUSet(sa.Final) + if err != nil { + return nil, fmt.Errorf("bad CPUAffinity.Final: %w", err) + } + if initial == nil && final == nil { + return nil, nil + } + + return &CPUAffinity{ + Initial: initial, + Final: final, + }, nil +} + type ( HookName string HookList []Hook diff --git a/libcontainer/configs/tocpuset_test.go b/libcontainer/configs/tocpuset_test.go new file mode 100644 index 00000000000..43fb11bf876 --- /dev/null +++ b/libcontainer/configs/tocpuset_test.go @@ -0,0 +1,89 @@ +package configs + +import ( + "testing" + + "golang.org/x/sys/unix" +) + +func TestToCPUSet(t *testing.T) { + set := func(cpus ...int) *unix.CPUSet { + r := &unix.CPUSet{} + for _, cpu := range cpus { + r.Set(cpu) + } + return r + } + + testCases := []struct { + in string + out *unix.CPUSet + isErr bool + }{ + {in: ""}, // Empty means unset. + + // Valid cases. + {in: "0", out: &unix.CPUSet{1}}, + {in: "1", out: &unix.CPUSet{2}}, + {in: "0-1", out: &unix.CPUSet{3}}, + {in: "0,1", out: &unix.CPUSet{3}}, + {in: ",0,1,", out: &unix.CPUSet{3}}, + {in: "0-3", out: &unix.CPUSet{0x0f}}, + {in: "0,1,2-3", out: &unix.CPUSet{0x0f}}, + {in: "4-7", out: &unix.CPUSet{0xf0}}, + {in: "0-7", out: &unix.CPUSet{0xff}}, + {in: "0-15", out: &unix.CPUSet{0xffff}}, + {in: "16", out: &unix.CPUSet{0x10000}}, + // Extra whitespace in between ranges are OK. + {in: "1, 2, 1-2", out: &unix.CPUSet{6}}, + {in: " , 1 , 3 , 5-7, ", out: &unix.CPUSet{0xea}}, + // Somewhat large values. The underlying type in unix.CPUSet + // can either be uint32 or uint64, so we have to use a helper. + {in: "0-3,32-33", out: set(0, 1, 2, 3, 32, 33)}, + {in: "127-129, 1", out: set(1, 127, 128, 129)}, + {in: "1023", out: set(1023)}, + + // Error cases. + {in: "-", isErr: true}, + {in: "1-", isErr: true}, + {in: "-3", isErr: true}, + {in: ",", isErr: true}, + {in: " ", isErr: true}, + // Bad range (start > end). + {in: "54-53", isErr: true}, + // Extra spaces inside a range is not OK. + {in: "1 - 2", isErr: true}, + {in: "1024", isErr: true}, // Too big for unix.CPUSet. + } + + for _, tc := range testCases { + tc := tc + t.Run(tc.in, func(t *testing.T) { + out, err := toCPUSet(tc.in) + t.Logf("toCPUSet(%q) = %v (error: %v)", tc.in, out, err) + // Check the error. + if tc.isErr { + if err == nil { + t.Error("want error, got nil") + } + return // No more checks. + } + if err != nil { + t.Fatalf("want no error, got %v", err) + } + // Check the value. + if tc.out == nil { + if out != nil { + t.Fatalf("want nil, got %v", out) + } + return // No more checks. + } + if out == nil { + t.Fatalf("want %v, got nil", tc.out) + } + if *out != *tc.out { + t.Errorf("case %q: want %v, got %v", tc.in, tc.out, out) + } + }) + } +} diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index 4bc117e513a..2dc2b86eb41 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -709,6 +709,7 @@ func (c *Container) newInitConfig(process *Process) *initConfig { Rlimits: c.config.Rlimits, IOPriority: c.config.IOPriority, Scheduler: c.config.Scheduler, + CPUAffinity: c.config.ExecCPUAffinity, CreateConsole: process.ConsoleSocket != nil, ConsoleWidth: process.ConsoleWidth, ConsoleHeight: process.ConsoleHeight, @@ -737,6 +738,9 @@ func (c *Container) newInitConfig(process *Process) *initConfig { if process.Scheduler != nil { cfg.Scheduler = process.Scheduler } + if process.CPUAffinity != nil { + cfg.CPUAffinity = process.CPUAffinity + } // Set misc properties. diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go index 354f0c14902..8c30aae9531 100644 --- a/libcontainer/init_linux.go +++ b/libcontainer/init_linux.go @@ -83,6 +83,7 @@ type initConfig struct { Rlimits []configs.Rlimit `json:"rlimits"` IOPriority *configs.IOPriority `json:"io_priority,omitempty"` Scheduler *configs.Scheduler `json:"scheduler,omitempty"` + CPUAffinity *configs.CPUAffinity `json:"cpu_affinity,omitempty"` // Miscellaneous properties, filled in by [Container.newInitConfig] // unless documented otherwise. diff --git a/libcontainer/nsenter/log.c b/libcontainer/nsenter/log.c index 086b539833c..72774cb097e 100644 --- a/libcontainer/nsenter/log.c +++ b/libcontainer/nsenter/log.c @@ -31,6 +31,11 @@ void setup_logpipe(void) loglevel = i; } +bool log_enabled_for(int level) +{ + return (logfd >= 0 && level <= loglevel); +} + /* Defined in nsexec.c */ extern int current_stage; @@ -40,8 +45,8 @@ void write_log(int level, const char *format, ...) va_list args; int ret; - if (logfd < 0 || level > loglevel) - goto out; + if (!log_enabled_for(level)) + return; va_start(args, format); ret = vasprintf(&message, format, args); diff --git a/libcontainer/nsenter/log.h b/libcontainer/nsenter/log.h index 1fe95a111f7..3e18de68764 100644 --- a/libcontainer/nsenter/log.h +++ b/libcontainer/nsenter/log.h @@ -1,6 +1,7 @@ #ifndef NSENTER_LOG_H #define NSENTER_LOG_H +#include #include /* @@ -20,6 +21,8 @@ */ void setup_logpipe(void); +bool log_enabled_for(int level); + void write_log(int level, const char *format, ...) __attribute__((format(printf, 2, 3))); extern int logfd; diff --git a/libcontainer/nsenter/nsexec.c b/libcontainer/nsenter/nsexec.c index 607d495a263..728e68bb048 100644 --- a/libcontainer/nsenter/nsexec.c +++ b/libcontainer/nsenter/nsexec.c @@ -673,6 +673,28 @@ static void update_timens_offsets(pid_t pid, char *map, size_t map_len) bail("failed to update /proc/%d/timens_offsets", pid); } +static void log_cpu_affinity() +{ + cpu_set_t cpus = { }; + size_t i, mask = 0; + + if (!log_enabled_for(DEBUG)) + return; + + if (sched_getaffinity(0, sizeof(cpus), &cpus) < 0) { + write_log(WARNING, "sched_getaffinity: %m"); + return; + } + + /* Do not print the complete mask, we only need a few first CPUs. */ + for (i = 0; i < sizeof(mask) * 8; i++) { + if (CPU_ISSET(i, &cpus)) + mask |= 1 << i; + } + + write_log(DEBUG, "affinity: 0x%zx", mask); +} + void nsexec(void) { int pipenum; @@ -699,6 +721,15 @@ void nsexec(void) write_log(DEBUG, "=> nsexec container setup"); + /* Log initial CPU affinity, this is solely for the tests in + * ../../tests/integration/cpu_affinity.bats. + * + * Logging this from Go code might be too late as some kernels + * change the process' CPU affinity to that of container's cpuset + * as soon as the process is moved into container's cgroup. + */ + log_cpu_affinity(); + /* Parse all of the netlink configuration. */ nl_parse(pipenum, &config); diff --git a/libcontainer/process.go b/libcontainer/process.go index 73cdac9c7bc..7fca1febce5 100644 --- a/libcontainer/process.go +++ b/libcontainer/process.go @@ -121,6 +121,8 @@ type Process struct { // // If not empty, takes precedence over container's [configs.Config.IOPriority]. IOPriority *configs.IOPriority + + CPUAffinity *configs.CPUAffinity } // Wait waits for the process to exit. diff --git a/libcontainer/process_linux.go b/libcontainer/process_linux.go index 320eff5fee2..88861f0a94d 100644 --- a/libcontainer/process_linux.go +++ b/libcontainer/process_linux.go @@ -163,13 +163,52 @@ type setnsProcess struct { initProcessPid int } +// Starts setns process with specified initial CPU affinity. +func (p *setnsProcess) startWithCPUAffinity() error { + aff := p.config.CPUAffinity + if aff == nil || aff.Initial == nil { + return p.cmd.Start() + } + errCh := make(chan error) + defer close(errCh) + + // Use a goroutine to dedicate an OS thread. + go func() { + runtime.LockOSThread() + // Command inherits the CPU affinity. + if err := unix.SchedSetaffinity(unix.Gettid(), aff.Initial); err != nil { + errCh <- fmt.Errorf("error setting initial CPU affinity: %w", err) + return + } + + errCh <- p.cmd.Start() + // Deliberately omit runtime.UnlockOSThread here. + // https://pkg.go.dev/runtime#LockOSThread says: + // "If the calling goroutine exits without unlocking the + // thread, the thread will be terminated". + }() + + return <-errCh +} + +func (p *setnsProcess) setFinalCPUAffinity() error { + aff := p.config.CPUAffinity + if aff == nil || aff.Final == nil { + return nil + } + if err := unix.SchedSetaffinity(p.pid(), aff.Final); err != nil { + return fmt.Errorf("error setting final CPU affinity: %w", err) + } + return nil +} + func (p *setnsProcess) start() (retErr error) { defer p.comm.closeParent() - // get the "before" value of oom kill count + // Get the "before" value of oom kill count. oom, _ := p.manager.OOMKillCount() - err := p.cmd.Start() - // close the child-side of the pipes (controlled by child) + err := p.startWithCPUAffinity() + // Close the child-side of the pipes (controlled by child). p.comm.closeChild() if err != nil { return fmt.Errorf("error starting setns process: %w", err) @@ -219,6 +258,10 @@ func (p *setnsProcess) start() (retErr error) { } } } + // Set final CPU affinity right after the process is moved into container's cgroup. + if err := p.setFinalCPUAffinity(); err != nil { + return err + } if p.intelRdtPath != "" { // if Intel RDT "resource control" filesystem path exists _, err := os.Stat(p.intelRdtPath) diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go index c12471de6d3..be1e3d8eaf6 100644 --- a/libcontainer/specconv/spec_linux.go +++ b/libcontainer/specconv/spec_linux.go @@ -556,6 +556,11 @@ func CreateLibcontainerConfig(opts *CreateOpts) (*configs.Config, error) { ioPriority := *spec.Process.IOPriority config.IOPriority = &ioPriority } + config.ExecCPUAffinity, err = configs.ConvertCPUAffinity(spec.Process.ExecCPUAffinity) + if err != nil { + return nil, err + } + } createHooks(spec, config) config.Version = specs.Version diff --git a/tests/integration/cpu_affinity.bats b/tests/integration/cpu_affinity.bats new file mode 100644 index 00000000000..f6adfa2aebd --- /dev/null +++ b/tests/integration/cpu_affinity.bats @@ -0,0 +1,101 @@ +#!/usr/bin/env bats +# Exec CPU affinity tests. For more details, see: +# - https://github.com/opencontainers/runtime-spec/pull/1253 + +load helpers + +function setup() { + requires smp cgroups_cpuset + setup_busybox +} + +function teardown() { + teardown_bundle +} + +function first_cpu() { + sed 's/[-,].*//g' "-". + cpus=${cpus//-/ } # 2. "-" --> " ". + + for c in $cpus; do + mask=$((mask | 1 << c)) + done + + printf "0x%x" $mask +} + +@test "runc exec [CPU affinity, only initial set from process.json]" { + first="$(first_cpu)" + second=$((first + 1)) # Hacky; might not work in all environments. + + runc run -d --console-socket "$CONSOLE_SOCKET" ct1 + [ "$status" -eq 0 ] + + for cpus in "$second" "$first-$second" "$first,$second" "$first"; do + proc=' +{ + "terminal": false, + "execCPUAffinity": { + "initial": "'$cpus'" + }, + "args": [ "/bin/true" ], + "cwd": "/" +}' + mask=$(cpus_to_mask "$cpus") + echo "CPUS: $cpus, mask: $mask" + runc --debug exec --process <(echo "$proc") ct1 + [[ "$output" == *"nsexec"*": affinity: $mask"* ]] + done +} + +@test "runc exec [CPU affinity, initial and final set from process.json]" { + first="$(first_cpu)" + second=$((first + 1)) # Hacky; might not work in all environments. + + runc run -d --console-socket "$CONSOLE_SOCKET" ct1 + [ "$status" -eq 0 ] + + for cpus in "$second" "$first-$second" "$first,$second" "$first"; do + proc=' +{ + "terminal": false, + "execCPUAffinity": { + "initial": "'$cpus'", + "final": "'$cpus'" + }, + "args": [ "/bin/grep", "-F", "Cpus_allowed_list:", "/proc/self/status" ], + "cwd": "/" +}' + mask=$(cpus_to_mask "$cpus") + exp=${cpus//,/-} # "," --> "-". + echo "CPUS: $cpus, mask: $mask, final: $exp" + runc --debug exec --process <(echo "$proc") ct1 + [[ "$output" == *"nsexec"*": affinity: $mask"* ]] + [[ "$output" == *"Cpus_allowed_list: $exp"* ]] # Mind the literal tab. + done +} + +@test "runc exec [CPU affinity, initial and final set from config.json]" { + initial="$(first_cpu)" + final=$((initial + 1)) # Hacky; might not work in all environments. + + update_config " .process.execCPUAffinity.initial = \"$initial\" + | .process.execCPUAffinity.final = \"$final\"" + + runc run -d --console-socket "$CONSOLE_SOCKET" ct1 + [ "$status" -eq 0 ] + + runc --debug exec ct1 grep "Cpus_allowed_list:" /proc/self/status + [ "$status" -eq 0 ] + mask=$(cpus_to_mask "$initial") + [[ "$output" == *"nsexec"*": affinity: $mask"* ]] + [[ "$output" == *"Cpus_allowed_list: $final"* ]] # Mind the literal tab. +} diff --git a/utils_linux.go b/utils_linux.go index d1ac93f638b..7de93340a94 100644 --- a/utils_linux.go +++ b/utils_linux.go @@ -84,6 +84,12 @@ func newProcess(p *specs.Process) (*libcontainer.Process, error) { } lp.Rlimits = append(lp.Rlimits, rl) } + aff, err := configs.ConvertCPUAffinity(p.ExecCPUAffinity) + if err != nil { + return nil, err + } + lp.CPUAffinity = aff + return lp, nil } From a00ce11e91eb54c9c1bdfd773d13d4cdd41bb206 Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Mon, 3 Mar 2025 17:19:23 +0100 Subject: [PATCH 0853/1176] VERSION: release v1.3.0-rc.1 Signed-off-by: Rodrigo Campos (cyphar: improve changelog) Signed-off-by: Aleksa Sarai --- CHANGELOG.md | 44 ++++++++++++++++++++++++++++++++++++++++++-- VERSION | 2 +- 2 files changed, 43 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index cef1ddf5ae6..cef3503b593 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +## [1.3.0-rc.1] - 2025-03-04 + +> No tengo miedo al invierno, con tu recuerdo lleno de sol. + ### libcontainer API * `configs.CommandHook` struct has changed, Command is now a pointer. Also, `configs.NewCommandHook` now accepts a `*Command`. (#4325) @@ -16,15 +20,48 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 user previously relied on this feature, now they have to convert names to IDs before calling libcontainer; it is recommended to use Go package github.com/moby/sys/user for that. (#3999) + * Move libcontainer/cgroups to a separate repository. (#4618) ### Fixed * `runc exec -p` no longer ignores specified `ioPriority` and `scheduler` settings. Similarly, libcontainer's `Container.Start` and `Container.Run` methods no longer ignore `Process.IOPriority` and `Process.Scheduler` settings. (#4585) + * We no longer use `F_SEAL_FUTURE_WRITE` when sealing the runc binary, as it + turns out this had some unfortunate bugs in older kernel versions and was + never necessary in the first place. (#4641, #4640) + * runc now uses a more flexible method of joining namespaces, which better + matches the behaviour of `nsenter(8)`. This is mainly useful for users that + create a container with a runc-managed user namespace but want the container + to join some externally-managed namespace as well. (#4492) + * `runc` now properly handles joining time namespaces (such as with `runc + exec`). Previously we would attempt to set the time offsets when joining, + which would fail. (#4635, #4636) + * Handle `EINTR` retries correctly for socket-related direct + `golang.org/x/sys/unix` system calls. (#4637) + * Handle `close_range(2)` errors more gracefully. (#4596) + * Fix a stall issue that would happen if setting `O_CLOEXEC` with + `CloseExecFrom` failed (#4599). + * Handle errors on older kernels when resetting ambient capabilities more + gracefully. (#4597) + +### Changed + * runc now has an official release policy to help provide more consistency + around our release schedules and better define our support policy for old + release branches. See `RELEASES.md` for more details. (#4557) + * Improved performance by switching to `strings.Cut` where appropriate. + (#4470) + * The minimum Go version of runc is now Go 1.23. (#4598) + * Updated builds to libseccomp v2.5.6. (#4625) ### Added + * runc has been updated to support OCI runtime-spec 1.2.1. (#4653) * CPU affinity support for `runc exec`. (#4327) + * CRIU support can be disabled using the build tag `runc_nocriu`. (#4546) + * Support to get the pidfd of the container via CLI flag `pidfd-socket`. + (#4045) + * Support `skip-in-flight` and `link-remap` options for CRIU. (#4627) + * Support cgroup v1 mounted with `noprefix`. (#4513) ## [1.2.5] - 2025-02-13 @@ -74,7 +111,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 would result in spurious EEXIST errors. In particular, this regression caused issues with BuildKit. (#4543, #4550) * Fixed a regression in eBPF support for pre-5.6 kernels after upgrading - Cilium's eBPF library version to 0.16 in runc. (#3008, #4551) + Cilium's eBPF library version to 0.16 in runc. (#3008, #4548, #4551) ## [1.2.2] - 2024-11-15 @@ -978,7 +1015,7 @@ implementation (libcontainer) is *not* covered by this policy. cgroups at all during `runc update`). (#2994) -[Unreleased]: https://github.com/opencontainers/runc/compare/v1.2.0...HEAD +[Unreleased]: https://github.com/opencontainers/runc/compare/v1.3.0-rc.1...HEAD [1.2.0]: https://github.com/opencontainers/runc/compare/v1.2.0-rc.1...v1.2.0 [1.1.0]: https://github.com/opencontainers/runc/compare/v1.1.0-rc.1...v1.1.0 [1.0.0]: https://github.com/opencontainers/runc/releases/tag/v1.0.0 @@ -1018,3 +1055,6 @@ implementation (libcontainer) is *not* covered by this policy. [1.2.0-rc.3]: https://github.com/opencontainers/runc/compare/v1.2.0-rc.2...v1.2.0-rc.3 [1.2.0-rc.2]: https://github.com/opencontainers/runc/compare/v1.2.0-rc.1...v1.2.0-rc.2 [1.2.0-rc.1]: https://github.com/opencontainers/runc/compare/v1.1.0...v1.2.0-rc.1 + + +[1.3.0-rc.1]: https://github.com/opencontainers/runc/compare/v1.2.0...v1.3.0-rc.1 diff --git a/VERSION b/VERSION index 2eefd601979..bf16dded095 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.2.0+dev +1.3.0-rc.1 From 5d6e7e12799244386d391271d0aea778427e2b3e Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Mon, 3 Mar 2025 17:20:06 +0100 Subject: [PATCH 0854/1176] VERSION: back to development Signed-off-by: Rodrigo Campos Signed-off-by: Aleksa Sarai --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index bf16dded095..b15bbb96b3b 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.3.0-rc.1 +1.3.0-rc.1+dev From 05e83fc600d4a560f8216a489d3e791c09acd684 Mon Sep 17 00:00:00 2001 From: Prajwal S N Date: Wed, 5 Mar 2025 01:02:53 +0530 Subject: [PATCH 0855/1176] deps: bump go-criu to v7 Signed-off-by: Prajwal S N --- go.mod | 2 +- go.sum | 14 +- libcontainer/criu_linux.go | 4 +- .../checkpoint-restore/go-criu/v6/.gitignore | 13 - .../go-criu/v6/.golangci.yml | 10 - .../checkpoint-restore/go-criu/v7/.gitignore | 18 + .../go-criu/v7/.golangci.yml | 22 + .../go-criu/{v6 => v7}/LICENSE | 0 .../checkpoint-restore/go-criu/v7/MAINTAINERS | 4 + .../go-criu/{v6 => v7}/Makefile | 15 +- .../go-criu/{v6 => v7}/README.md | 23 +- .../checkpoint-restore/go-criu/v7/codecov.yml | 2 + .../go-criu/{v6 => v7}/features.go | 6 +- .../go-criu/{v6 => v7}/main.go | 42 +- .../go-criu/{v6 => v7}/notify.go | 0 .../go-criu/{v6 => v7}/rpc/rpc.pb.go | 551 ++++++++++-------- .../go-criu/{v6 => v7}/rpc/rpc.proto | 9 +- vendor/modules.txt | 8 +- 18 files changed, 422 insertions(+), 321 deletions(-) delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/.gitignore delete mode 100644 vendor/github.com/checkpoint-restore/go-criu/v6/.golangci.yml create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v7/.gitignore create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v7/.golangci.yml rename vendor/github.com/checkpoint-restore/go-criu/{v6 => v7}/LICENSE (100%) create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v7/MAINTAINERS rename vendor/github.com/checkpoint-restore/go-criu/{v6 => v7}/Makefile (78%) rename vendor/github.com/checkpoint-restore/go-criu/{v6 => v7}/README.md (89%) create mode 100644 vendor/github.com/checkpoint-restore/go-criu/v7/codecov.yml rename vendor/github.com/checkpoint-restore/go-criu/{v6 => v7}/features.go (91%) rename vendor/github.com/checkpoint-restore/go-criu/{v6 => v7}/main.go (84%) rename vendor/github.com/checkpoint-restore/go-criu/{v6 => v7}/notify.go (100%) rename vendor/github.com/checkpoint-restore/go-criu/{v6 => v7}/rpc/rpc.pb.go (69%) rename vendor/github.com/checkpoint-restore/go-criu/{v6 => v7}/rpc/rpc.proto (94%) diff --git a/go.mod b/go.mod index ab77936b199..ee9d184cd64 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module github.com/opencontainers/runc go 1.23.0 require ( - github.com/checkpoint-restore/go-criu/v6 v6.3.0 + github.com/checkpoint-restore/go-criu/v7 v7.2.0 github.com/containerd/console v1.0.4 github.com/coreos/go-systemd/v22 v22.5.0 github.com/cyphar/filepath-securejoin v0.4.1 diff --git a/go.sum b/go.sum index 1503380cef5..37f1eb19224 100644 --- a/go.sum +++ b/go.sum @@ -1,13 +1,12 @@ github.com/BurntSushi/toml v1.4.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= -github.com/checkpoint-restore/go-criu/v6 v6.3.0 h1:mIdrSO2cPNWQY1truPg6uHLXyKHk3Z5Odx4wjKOASzA= -github.com/checkpoint-restore/go-criu/v6 v6.3.0/go.mod h1:rrRTN/uSwY2X+BPRl/gkulo9gsKOSAeVp9/K2tv7xZI= +github.com/checkpoint-restore/go-criu/v7 v7.2.0 h1:qGiWA4App1gGlEfIJ68WR9jbezV9J7yZdjzglezcqKo= +github.com/checkpoint-restore/go-criu/v7 v7.2.0/go.mod h1:u0LCWLg0w4yqqu14aXhiB4YD3a1qd8EcCEg7vda5dwo= github.com/cilium/ebpf v0.17.3 h1:FnP4r16PWYSE4ux6zN+//jMcW4nMVRvuTLVTvCjyyjg= github.com/cilium/ebpf v0.17.3/go.mod h1:G5EDHij8yiLzaqn0WjyfJHvRa+3aDlReIaLVRMvOyJk= github.com/containerd/console v1.0.4 h1:F2g4+oChYvBTsASRTz8NP6iIAi97J3TtSAsLbIFn4ro= github.com/containerd/console v1.0.4/go.mod h1:YynlIjWYF8myEu6sdkwKIvGQq+cOckRm6So2avqoYAk= github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs= github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= -github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/cpuguy83/go-md2man/v2 v2.0.5 h1:ZtcqGrnekaHpVLArFSe4HK5DoKx1T0rq2DwVB0alcyc= github.com/cpuguy83/go-md2man/v2 v2.0.5/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/cyphar/filepath-securejoin v0.4.1 h1:JyxxyPEaktOD+GAnqIqTf9A8tHyAG22rowi7HkoSU1s= @@ -22,11 +21,8 @@ github.com/go-quicktest/qt v1.101.0/go.mod h1:14Bz/f7NwaXPtdYEgzsx46kqSxVwTbzVZs github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk= github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= -github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= -github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/josharian/native v1.1.0 h1:uuaP0hAbW7Y4l0ZRQ6C9zfb7Mg1mbFKry/xzDAfmtLA= github.com/josharian/native v1.1.0/go.mod h1:7X/raswPFr05uY3HiLlYeyQntB6OO7E/d2Cu7qoaN2w= github.com/jsimonetti/rtnetlink/v2 v2.0.1 h1:xda7qaHDSVOsADNouv7ukSuicKZO7GgVUCXxpaIEIlM= @@ -65,8 +61,6 @@ github.com/seccomp/libseccomp-golang v0.10.0 h1:aA4bp+/Zzi0BnWZ2F1wgNBs5gTpm+na2 github.com/seccomp/libseccomp-golang v0.10.0/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= -github.com/spf13/cobra v1.5.0/go.mod h1:dWXEIy2H428czQCjInthrTRUg7yKbok+2Qi/yBIJoUM= -github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= @@ -87,16 +81,12 @@ golang.org/x/net v0.35.0 h1:T5GQRQb2y08kTAByq9L4/bz8cipCdA8FbRTXewonqY8= golang.org/x/net v0.35.0/go.mod h1:EglIi67kWsHKlRzzVMUD93VMSWGFOMSZgxFjparz1Qk= golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc= golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= -google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.36.5 h1:tPhr+woSbjfYvY6/GPufUoYizxw1cF/yFoxJ2fmpwlM= google.golang.org/protobuf v1.36.5/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/libcontainer/criu_linux.go b/libcontainer/criu_linux.go index 93f628715e0..468c5ba9ff4 100644 --- a/libcontainer/criu_linux.go +++ b/libcontainer/criu_linux.go @@ -16,8 +16,8 @@ import ( "strings" "time" - "github.com/checkpoint-restore/go-criu/v6" - criurpc "github.com/checkpoint-restore/go-criu/v6/rpc" + "github.com/checkpoint-restore/go-criu/v7" + criurpc "github.com/checkpoint-restore/go-criu/v7/rpc" securejoin "github.com/cyphar/filepath-securejoin" "github.com/sirupsen/logrus" "golang.org/x/sys/unix" diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/.gitignore b/vendor/github.com/checkpoint-restore/go-criu/v6/.gitignore deleted file mode 100644 index 5518060133d..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/.gitignore +++ /dev/null @@ -1,13 +0,0 @@ -test/test -test/test.coverage -test/piggie/piggie -test/phaul/phaul -test/phaul/phaul.coverage -test/loop/loop -test/crit/crit-test -test/crit/test-imgs -image -scripts/*.h -scripts/expected.go -scripts/output.go -crit/bin diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/.golangci.yml b/vendor/github.com/checkpoint-restore/go-criu/v6/.golangci.yml deleted file mode 100644 index c4515109b1f..00000000000 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/.golangci.yml +++ /dev/null @@ -1,10 +0,0 @@ -linters: - presets: - - bugs - - performance - - unused - - format - -linters-settings: - exhaustive: - default-signifies-exhaustive: true diff --git a/vendor/github.com/checkpoint-restore/go-criu/v7/.gitignore b/vendor/github.com/checkpoint-restore/go-criu/v7/.gitignore new file mode 100644 index 00000000000..eb1b08bc479 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v7/.gitignore @@ -0,0 +1,18 @@ +test/test +test/test.coverage +test/piggie/piggie +test/phaul/phaul +test/phaul/phaul.coverage +test/loop/loop +test/mmapper/mmapper +test/crit/crit-test +test/crit/test-imgs +test/crit/crit-test.coverage +test/.coverage/ +image +scripts/magic-gen/*.h +scripts/magic-gen/expected.go +scripts/magic-gen/output.go +crit/bin +crit/test-imgs/ +__pycache__ diff --git a/vendor/github.com/checkpoint-restore/go-criu/v7/.golangci.yml b/vendor/github.com/checkpoint-restore/go-criu/v7/.golangci.yml new file mode 100644 index 00000000000..a0d20be2144 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v7/.golangci.yml @@ -0,0 +1,22 @@ +linters: + presets: + - bugs + - performance + - unused + - format + disable: + - musttag + enable: + - whitespace + - misspell + - dupl + - gosimple + - stylecheck + +linters-settings: + exhaustive: + default-signifies-exhaustive: true + gosec: + excludes: + # https://github.com/securego/gosec/issues/1185 + - G115 diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/LICENSE b/vendor/github.com/checkpoint-restore/go-criu/v7/LICENSE similarity index 100% rename from vendor/github.com/checkpoint-restore/go-criu/v6/LICENSE rename to vendor/github.com/checkpoint-restore/go-criu/v7/LICENSE diff --git a/vendor/github.com/checkpoint-restore/go-criu/v7/MAINTAINERS b/vendor/github.com/checkpoint-restore/go-criu/v7/MAINTAINERS new file mode 100644 index 00000000000..4611c33bfb3 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v7/MAINTAINERS @@ -0,0 +1,4 @@ +Adrian Reber +Kir Kolyshkin +Prajwal S N +Radostin Stoyanov diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/Makefile b/vendor/github.com/checkpoint-restore/go-criu/v7/Makefile similarity index 78% rename from vendor/github.com/checkpoint-restore/go-criu/v6/Makefile rename to vendor/github.com/checkpoint-restore/go-criu/v7/Makefile index 0c2916001eb..12e064237a0 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/Makefile +++ b/vendor/github.com/checkpoint-restore/go-criu/v7/Makefile @@ -18,9 +18,6 @@ test: build coverage: $(MAKE) -C test coverage -codecov: - $(MAKE) -C test codecov - rpc/rpc.proto: curl -sSL https://raw.githubusercontent.com/checkpoint-restore/criu/master/images/rpc.proto -o $@ @@ -34,8 +31,12 @@ stats/stats.pb.go: stats/stats.proto protoc --go_out=. --go_opt=M$^=stats/ $^ vendor: - GO111MODULE=on $(GO) mod tidy - GO111MODULE=on $(GO) mod vendor - GO111MODULE=on $(GO) mod verify + $(GO) mod tidy + $(GO) mod vendor + $(GO) mod verify + +clean: + $(MAKE) -C crit/ clean + $(MAKE) -C test/ clean -.PHONY: build test lint vendor coverage codecov +.PHONY: build test lint vendor coverage clean diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/README.md b/vendor/github.com/checkpoint-restore/go-criu/v7/README.md similarity index 89% rename from vendor/github.com/checkpoint-restore/go-criu/v6/README.md rename to vendor/github.com/checkpoint-restore/go-criu/v7/README.md index d186cb8960c..14a08eb7c07 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/README.md +++ b/vendor/github.com/checkpoint-restore/go-criu/v7/README.md @@ -1,23 +1,27 @@ + +# go-criu -- Go bindings for CRIU + [![test](https://github.com/checkpoint-restore/go-criu/workflows/ci/badge.svg?branch=master)](https://github.com/checkpoint-restore/go-criu/actions?query=workflow%3Aci) [![verify](https://github.com/checkpoint-restore/go-criu/workflows/verify/badge.svg?branch=master)](https://github.com/checkpoint-restore/go-criu/actions?query=workflow%3Averify) [![Go Reference](https://pkg.go.dev/badge/github.com/checkpoint-restore/go-criu.svg)](https://pkg.go.dev/github.com/checkpoint-restore/go-criu) -## go-criu -- Go bindings for CRIU - This repository provides Go bindings for [CRIU](https://criu.org/). The code is based on the Go-based PHaul implementation from the CRIU repository. -For easier inclusion into other Go projects, the CRIU Go bindings have been moved to this repository. +For easier inclusion into other Go projects, the CRIU Go bindings have been +moved to this repository. + +## CRIU -### CRIU The Go bindings provide an easy way to use the CRIU RPC calls from Go without the need to set up all the infrastructure to make the actual RPC connection to CRIU. The following example would print the version of CRIU: + ```go import ( "log" - "github.com/checkpoint-restore/go-criu/v6" + "github.com/checkpoint-restore/go-criu/v7" ) func main() { @@ -37,12 +41,12 @@ or to just check if at least a certain CRIU version is installed: result, err := c.IsCriuAtLeast(31100) ``` -### CRIT +## CRIT The `crit` package provides bindings to decode, encode, and manipulate CRIU image files natively within Go. It also provides a CLI tool similar to the original CRIT Python tool. To get started with this, see the docs -at https://criu.org/CRIT_(Go_library). +at [CRIT (Go library)](https://criu.org/CRIT_%28Go_library%29). ## Releases @@ -58,7 +62,9 @@ The following table shows the relation between go-criu and criu versions: | Major version | Latest release | CRIU version | | -------------- | -------------- | ------------ | -| v6             | 6.2.0         | 3.17         | +| v7             | 7.2.0         | 3.19         | +| v7             | 7.0.0         | 3.18         | +| v6             | 6.3.0         | 3.17         | | v5             | 5.3.0         | 3.16         | | v5             | 5.0.0         | 3.15         | | v4             | 4.1.0         | 3.14         | @@ -75,6 +81,7 @@ break-up larger PRs into smaller ones - it's easier to review smaller code changes. But only if those smaller ones make sense as stand-alone PRs. Regardless of the type of PR, all PRs should include: + * well documented code changes * additional testcases. Ideally, they should fail w/o your code change applied * documentation changes diff --git a/vendor/github.com/checkpoint-restore/go-criu/v7/codecov.yml b/vendor/github.com/checkpoint-restore/go-criu/v7/codecov.yml new file mode 100644 index 00000000000..b52d0c49686 --- /dev/null +++ b/vendor/github.com/checkpoint-restore/go-criu/v7/codecov.yml @@ -0,0 +1,2 @@ +ignore: + - "test" diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/features.go b/vendor/github.com/checkpoint-restore/go-criu/v7/features.go similarity index 91% rename from vendor/github.com/checkpoint-restore/go-criu/v6/features.go rename to vendor/github.com/checkpoint-restore/go-criu/v7/features.go index 4e779d95bc9..c62e69e0646 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/features.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v7/features.go @@ -1,9 +1,9 @@ package criu import ( - "fmt" + "errors" - "github.com/checkpoint-restore/go-criu/v6/rpc" + "github.com/checkpoint-restore/go-criu/v7/rpc" ) // Feature checking in go-criu is based on the libcriu feature checking function. @@ -38,7 +38,7 @@ func (c *Criu) FeatureCheck(features *rpc.CriuFeatures) (*rpc.CriuFeatures, erro } if resp.GetType() != rpc.CriuReqType_FEATURE_CHECK { - return nil, fmt.Errorf("Unexpected CRIU RPC response") + return nil, errors.New("unexpected CRIU RPC response") } return features, nil diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/main.go b/vendor/github.com/checkpoint-restore/go-criu/v7/main.go similarity index 84% rename from vendor/github.com/checkpoint-restore/go-criu/v6/main.go rename to vendor/github.com/checkpoint-restore/go-criu/v7/main.go index 2e099c859cd..8f29d2ee2df 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/main.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v7/main.go @@ -8,7 +8,7 @@ import ( "strconv" "syscall" - "github.com/checkpoint-restore/go-criu/v6/rpc" + "github.com/checkpoint-restore/go-criu/v7/rpc" "google.golang.org/protobuf/proto" ) @@ -61,13 +61,19 @@ func (c *Criu) Prepare() error { } // Cleanup cleans up -func (c *Criu) Cleanup() { +func (c *Criu) Cleanup() error { + var errs []error if c.swrkCmd != nil { - c.swrkSk.Close() + if err := c.swrkSk.Close(); err != nil { + errs = append(errs, err) + } c.swrkSk = nil - _ = c.swrkCmd.Wait() + if err := c.swrkCmd.Wait(); err != nil { + errs = append(errs, fmt.Errorf("criu swrk failed: %w", err)) + } c.swrkCmd = nil } + return errors.Join(errs...) } func (c *Criu) sendAndRecv(reqB []byte) ([]byte, int, error) { @@ -99,9 +105,7 @@ func (c *Criu) doSwrk(reqType rpc.CriuReqType, opts *rpc.CriuOpts, nfy Notify) e return nil } -func (c *Criu) doSwrkWithResp(reqType rpc.CriuReqType, opts *rpc.CriuOpts, nfy Notify, features *rpc.CriuFeatures) (*rpc.CriuResp, error) { - var resp *rpc.CriuResp - +func (c *Criu) doSwrkWithResp(reqType rpc.CriuReqType, opts *rpc.CriuOpts, nfy Notify, features *rpc.CriuFeatures) (resp *rpc.CriuResp, retErr error) { req := rpc.CriuReq{ Type: &reqType, Opts: opts, @@ -121,7 +125,13 @@ func (c *Criu) doSwrkWithResp(reqType rpc.CriuReqType, opts *rpc.CriuOpts, nfy N return nil, err } - defer c.Cleanup() + defer func() { + // append any cleanup errors to the returned error + err := c.Cleanup() + if err != nil { + retErr = errors.Join(retErr, err) + } + }() } for { @@ -218,7 +228,7 @@ func (c *Criu) StartPageServerChld(opts *rpc.CriuOpts) (int, int, error) { return 0, 0, err } - return int(resp.Ps.GetPid()), int(resp.Ps.GetPort()), nil + return int(resp.GetPs().GetPid()), int(resp.GetPs().GetPort()), nil } // GetCriuVersion executes the VERSION RPC call and returns the version @@ -230,22 +240,22 @@ func (c *Criu) GetCriuVersion() (int, error) { } if resp.GetType() != rpc.CriuReqType_VERSION { - return 0, fmt.Errorf("Unexpected CRIU RPC response") + return 0, errors.New("unexpected CRIU RPC response") } - version := int(*resp.GetVersion().MajorNumber) * 10000 - version += int(*resp.GetVersion().MinorNumber) * 100 - if resp.GetVersion().Sublevel != nil { - version += int(*resp.GetVersion().Sublevel) + version := resp.GetVersion().GetMajorNumber() * 10000 + version += resp.GetVersion().GetMinorNumber() * 100 + if resp.GetVersion().GetSublevel() != 0 { + version += resp.GetVersion().GetSublevel() } - if resp.GetVersion().Gitid != nil { + if resp.GetVersion().GetGitid() != "" { // taken from runc: if it is a git release -> increase minor by 1 version -= (version % 100) version += 100 } - return version, nil + return int(version), nil } // IsCriuAtLeast checks if the version is at least the same diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/notify.go b/vendor/github.com/checkpoint-restore/go-criu/v7/notify.go similarity index 100% rename from vendor/github.com/checkpoint-restore/go-criu/v6/notify.go rename to vendor/github.com/checkpoint-restore/go-criu/v7/notify.go diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/rpc/rpc.pb.go b/vendor/github.com/checkpoint-restore/go-criu/v7/rpc/rpc.pb.go similarity index 69% rename from vendor/github.com/checkpoint-restore/go-criu/v6/rpc/rpc.pb.go rename to vendor/github.com/checkpoint-restore/go-criu/v7/rpc/rpc.pb.go index 67bd8593e85..730496b04f5 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/rpc/rpc.pb.go +++ b/vendor/github.com/checkpoint-restore/go-criu/v7/rpc/rpc.pb.go @@ -2,8 +2,8 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.19.4 +// protoc-gen-go v1.30.0 +// protoc v4.23.4 // source: rpc/rpc.proto package rpc @@ -98,6 +98,7 @@ type CriuNetworkLockMethod int32 const ( CriuNetworkLockMethod_IPTABLES CriuNetworkLockMethod = 1 CriuNetworkLockMethod_NFTABLES CriuNetworkLockMethod = 2 + CriuNetworkLockMethod_SKIP CriuNetworkLockMethod = 3 ) // Enum value maps for CriuNetworkLockMethod. @@ -105,10 +106,12 @@ var ( CriuNetworkLockMethod_name = map[int32]string{ 1: "IPTABLES", 2: "NFTABLES", + 3: "SKIP", } CriuNetworkLockMethod_value = map[string]int32{ "IPTABLES": 1, "NFTABLES": 2, + "SKIP": 3, } ) @@ -703,8 +706,9 @@ type CriuOpts struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - ImagesDirFd *int32 `protobuf:"varint,1,req,name=images_dir_fd,json=imagesDirFd" json:"images_dir_fd,omitempty"` - Pid *int32 `protobuf:"varint,2,opt,name=pid" json:"pid,omitempty"` // if not set on dump, will dump requesting process + ImagesDirFd *int32 `protobuf:"varint,1,req,name=images_dir_fd,json=imagesDirFd,def=-1" json:"images_dir_fd,omitempty"` + ImagesDir *string `protobuf:"bytes,68,opt,name=images_dir,json=imagesDir" json:"images_dir,omitempty"` // used only if images_dir_fd == -1 + Pid *int32 `protobuf:"varint,2,opt,name=pid" json:"pid,omitempty"` // if not set on dump, will dump requesting process LeaveRunning *bool `protobuf:"varint,3,opt,name=leave_running,json=leaveRunning" json:"leave_running,omitempty"` ExtUnixSk *bool `protobuf:"varint,4,opt,name=ext_unix_sk,json=extUnixSk" json:"ext_unix_sk,omitempty"` TcpEstablished *bool `protobuf:"varint,5,opt,name=tcp_established,json=tcpEstablished" json:"tcp_established,omitempty"` @@ -766,11 +770,17 @@ type CriuOpts struct { PidfdStoreSk *int32 `protobuf:"varint,62,opt,name=pidfd_store_sk,json=pidfdStoreSk" json:"pidfd_store_sk,omitempty"` LsmMountContext *string `protobuf:"bytes,63,opt,name=lsm_mount_context,json=lsmMountContext" json:"lsm_mount_context,omitempty"` NetworkLock *CriuNetworkLockMethod `protobuf:"varint,64,opt,name=network_lock,json=networkLock,enum=CriuNetworkLockMethod,def=1" json:"network_lock,omitempty"` - MntnsCompatMode *bool `protobuf:"varint,65,opt,name=mntns_compat_mode,json=mntnsCompatMode" json:"mntns_compat_mode,omitempty"` // optional bool check_mounts = 128; + MntnsCompatMode *bool `protobuf:"varint,65,opt,name=mntns_compat_mode,json=mntnsCompatMode" json:"mntns_compat_mode,omitempty"` + SkipFileRwxCheck *bool `protobuf:"varint,66,opt,name=skip_file_rwx_check,json=skipFileRwxCheck" json:"skip_file_rwx_check,omitempty"` + Unprivileged *bool `protobuf:"varint,67,opt,name=unprivileged" json:"unprivileged,omitempty"` + LeaveStopped *bool `protobuf:"varint,69,opt,name=leave_stopped,json=leaveStopped" json:"leave_stopped,omitempty"` + DisplayStats *bool `protobuf:"varint,70,opt,name=display_stats,json=displayStats" json:"display_stats,omitempty"` + LogToStderr *bool `protobuf:"varint,71,opt,name=log_to_stderr,json=logToStderr" json:"log_to_stderr,omitempty"` // optional bool check_mounts = 128; } // Default values for CriuOpts fields. const ( + Default_CriuOpts_ImagesDirFd = int32(-1) Default_CriuOpts_LogLevel = int32(2) Default_CriuOpts_CpuCap = uint32(4294967295) Default_CriuOpts_GhostLimit = uint32(1048576) @@ -814,7 +824,14 @@ func (x *CriuOpts) GetImagesDirFd() int32 { if x != nil && x.ImagesDirFd != nil { return *x.ImagesDirFd } - return 0 + return Default_CriuOpts_ImagesDirFd +} + +func (x *CriuOpts) GetImagesDir() string { + if x != nil && x.ImagesDir != nil { + return *x.ImagesDir + } + return "" } func (x *CriuOpts) GetPid() int32 { @@ -1258,6 +1275,41 @@ func (x *CriuOpts) GetMntnsCompatMode() bool { return false } +func (x *CriuOpts) GetSkipFileRwxCheck() bool { + if x != nil && x.SkipFileRwxCheck != nil { + return *x.SkipFileRwxCheck + } + return false +} + +func (x *CriuOpts) GetUnprivileged() bool { + if x != nil && x.Unprivileged != nil { + return *x.Unprivileged + } + return false +} + +func (x *CriuOpts) GetLeaveStopped() bool { + if x != nil && x.LeaveStopped != nil { + return *x.LeaveStopped + } + return false +} + +func (x *CriuOpts) GetDisplayStats() bool { + if x != nil && x.DisplayStats != nil { + return *x.DisplayStats + } + return false +} + +func (x *CriuOpts) GetLogToStderr() bool { + if x != nil && x.LogToStderr != nil { + return *x.LogToStderr + } + return false +} + type CriuDumpResp struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -1407,7 +1459,6 @@ func (x *CriuNotify) GetPid() int32 { return 0 } -// // List of features which can queried via // CRIU_REQ_TYPE__FEATURE_CHECK type CriuFeatures struct { @@ -1481,12 +1532,10 @@ type CriuReq struct { Type *CriuReqType `protobuf:"varint,1,req,name=type,enum=CriuReqType" json:"type,omitempty"` Opts *CriuOpts `protobuf:"bytes,2,opt,name=opts" json:"opts,omitempty"` NotifySuccess *bool `protobuf:"varint,3,opt,name=notify_success,json=notifySuccess" json:"notify_success,omitempty"` - // // When set service won't close the connection but // will wait for more req-s to appear. Works not // for all request types. KeepOpen *bool `protobuf:"varint,4,opt,name=keep_open,json=keepOpen" json:"keep_open,omitempty"` - // // 'features' can be used to query which features // are supported by the installed criu/kernel // via RPC. @@ -1815,244 +1864,258 @@ var file_rpc_rpc_proto_rawDesc = []byte{ 0x52, 0x04, 0x63, 0x74, 0x72, 0x6c, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x02, 0x20, 0x02, 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x22, 0x1f, 0x0a, 0x07, 0x75, 0x6e, 0x69, 0x78, 0x5f, 0x73, 0x6b, 0x12, 0x14, 0x0a, 0x05, 0x69, 0x6e, 0x6f, 0x64, 0x65, 0x18, 0x01, - 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x69, 0x6e, 0x6f, 0x64, 0x65, 0x22, 0x80, 0x12, 0x0a, 0x09, - 0x63, 0x72, 0x69, 0x75, 0x5f, 0x6f, 0x70, 0x74, 0x73, 0x12, 0x22, 0x0a, 0x0d, 0x69, 0x6d, 0x61, + 0x20, 0x02, 0x28, 0x0d, 0x52, 0x05, 0x69, 0x6e, 0x6f, 0x64, 0x65, 0x22, 0xe4, 0x13, 0x0a, 0x09, + 0x63, 0x72, 0x69, 0x75, 0x5f, 0x6f, 0x70, 0x74, 0x73, 0x12, 0x26, 0x0a, 0x0d, 0x69, 0x6d, 0x61, 0x67, 0x65, 0x73, 0x5f, 0x64, 0x69, 0x72, 0x5f, 0x66, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x05, - 0x52, 0x0b, 0x69, 0x6d, 0x61, 0x67, 0x65, 0x73, 0x44, 0x69, 0x72, 0x46, 0x64, 0x12, 0x10, 0x0a, - 0x03, 0x70, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x70, 0x69, 0x64, 0x12, - 0x23, 0x0a, 0x0d, 0x6c, 0x65, 0x61, 0x76, 0x65, 0x5f, 0x72, 0x75, 0x6e, 0x6e, 0x69, 0x6e, 0x67, - 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0c, 0x6c, 0x65, 0x61, 0x76, 0x65, 0x52, 0x75, 0x6e, - 0x6e, 0x69, 0x6e, 0x67, 0x12, 0x1e, 0x0a, 0x0b, 0x65, 0x78, 0x74, 0x5f, 0x75, 0x6e, 0x69, 0x78, - 0x5f, 0x73, 0x6b, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x65, 0x78, 0x74, 0x55, 0x6e, - 0x69, 0x78, 0x53, 0x6b, 0x12, 0x27, 0x0a, 0x0f, 0x74, 0x63, 0x70, 0x5f, 0x65, 0x73, 0x74, 0x61, - 0x62, 0x6c, 0x69, 0x73, 0x68, 0x65, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0e, 0x74, - 0x63, 0x70, 0x45, 0x73, 0x74, 0x61, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x65, 0x64, 0x12, 0x27, 0x0a, - 0x0f, 0x65, 0x76, 0x61, 0x73, 0x69, 0x76, 0x65, 0x5f, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x73, - 0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0e, 0x65, 0x76, 0x61, 0x73, 0x69, 0x76, 0x65, 0x44, - 0x65, 0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x73, 0x68, 0x65, 0x6c, 0x6c, 0x5f, - 0x6a, 0x6f, 0x62, 0x18, 0x07, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x73, 0x68, 0x65, 0x6c, 0x6c, - 0x4a, 0x6f, 0x62, 0x12, 0x1d, 0x0a, 0x0a, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x6c, 0x6f, 0x63, 0x6b, - 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x66, 0x69, 0x6c, 0x65, 0x4c, 0x6f, 0x63, - 0x6b, 0x73, 0x12, 0x1e, 0x0a, 0x09, 0x6c, 0x6f, 0x67, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x18, - 0x09, 0x20, 0x01, 0x28, 0x05, 0x3a, 0x01, 0x32, 0x52, 0x08, 0x6c, 0x6f, 0x67, 0x4c, 0x65, 0x76, - 0x65, 0x6c, 0x12, 0x19, 0x0a, 0x08, 0x6c, 0x6f, 0x67, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x0a, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x6c, 0x6f, 0x67, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x26, 0x0a, - 0x02, 0x70, 0x73, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x63, 0x72, 0x69, 0x75, - 0x5f, 0x70, 0x61, 0x67, 0x65, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x69, 0x6e, 0x66, - 0x6f, 0x52, 0x02, 0x70, 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x5f, - 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x73, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0d, 0x6e, - 0x6f, 0x74, 0x69, 0x66, 0x79, 0x53, 0x63, 0x72, 0x69, 0x70, 0x74, 0x73, 0x12, 0x12, 0x0a, 0x04, - 0x72, 0x6f, 0x6f, 0x74, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x72, 0x6f, 0x6f, 0x74, - 0x12, 0x1d, 0x0a, 0x0a, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x5f, 0x69, 0x6d, 0x67, 0x18, 0x0e, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x49, 0x6d, 0x67, 0x12, - 0x1b, 0x0a, 0x09, 0x74, 0x72, 0x61, 0x63, 0x6b, 0x5f, 0x6d, 0x65, 0x6d, 0x18, 0x0f, 0x20, 0x01, - 0x28, 0x08, 0x52, 0x08, 0x74, 0x72, 0x61, 0x63, 0x6b, 0x4d, 0x65, 0x6d, 0x12, 0x1d, 0x0a, 0x0a, - 0x61, 0x75, 0x74, 0x6f, 0x5f, 0x64, 0x65, 0x64, 0x75, 0x70, 0x18, 0x10, 0x20, 0x01, 0x28, 0x08, - 0x52, 0x09, 0x61, 0x75, 0x74, 0x6f, 0x44, 0x65, 0x64, 0x75, 0x70, 0x12, 0x1e, 0x0a, 0x0b, 0x77, - 0x6f, 0x72, 0x6b, 0x5f, 0x64, 0x69, 0x72, 0x5f, 0x66, 0x64, 0x18, 0x11, 0x20, 0x01, 0x28, 0x05, - 0x52, 0x09, 0x77, 0x6f, 0x72, 0x6b, 0x44, 0x69, 0x72, 0x46, 0x64, 0x12, 0x1d, 0x0a, 0x0a, 0x6c, - 0x69, 0x6e, 0x6b, 0x5f, 0x72, 0x65, 0x6d, 0x61, 0x70, 0x18, 0x12, 0x20, 0x01, 0x28, 0x08, 0x52, - 0x09, 0x6c, 0x69, 0x6e, 0x6b, 0x52, 0x65, 0x6d, 0x61, 0x70, 0x12, 0x25, 0x0a, 0x05, 0x76, 0x65, - 0x74, 0x68, 0x73, 0x18, 0x13, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x63, 0x72, 0x69, 0x75, - 0x5f, 0x76, 0x65, 0x74, 0x68, 0x5f, 0x70, 0x61, 0x69, 0x72, 0x52, 0x05, 0x76, 0x65, 0x74, 0x68, - 0x73, 0x12, 0x23, 0x0a, 0x07, 0x63, 0x70, 0x75, 0x5f, 0x63, 0x61, 0x70, 0x18, 0x14, 0x20, 0x01, - 0x28, 0x0d, 0x3a, 0x0a, 0x34, 0x32, 0x39, 0x34, 0x39, 0x36, 0x37, 0x32, 0x39, 0x35, 0x52, 0x06, - 0x63, 0x70, 0x75, 0x43, 0x61, 0x70, 0x12, 0x1f, 0x0a, 0x0b, 0x66, 0x6f, 0x72, 0x63, 0x65, 0x5f, - 0x69, 0x72, 0x6d, 0x61, 0x70, 0x18, 0x15, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x66, 0x6f, 0x72, - 0x63, 0x65, 0x49, 0x72, 0x6d, 0x61, 0x70, 0x12, 0x19, 0x0a, 0x08, 0x65, 0x78, 0x65, 0x63, 0x5f, - 0x63, 0x6d, 0x64, 0x18, 0x16, 0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x65, 0x78, 0x65, 0x63, 0x43, - 0x6d, 0x64, 0x12, 0x27, 0x0a, 0x07, 0x65, 0x78, 0x74, 0x5f, 0x6d, 0x6e, 0x74, 0x18, 0x17, 0x20, - 0x03, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x65, 0x78, 0x74, 0x5f, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x5f, - 0x6d, 0x61, 0x70, 0x52, 0x06, 0x65, 0x78, 0x74, 0x4d, 0x6e, 0x74, 0x12, 0x25, 0x0a, 0x0e, 0x6d, - 0x61, 0x6e, 0x61, 0x67, 0x65, 0x5f, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x18, 0x18, 0x20, - 0x01, 0x28, 0x08, 0x52, 0x0d, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x43, 0x67, 0x72, 0x6f, 0x75, - 0x70, 0x73, 0x12, 0x25, 0x0a, 0x07, 0x63, 0x67, 0x5f, 0x72, 0x6f, 0x6f, 0x74, 0x18, 0x19, 0x20, - 0x03, 0x28, 0x0b, 0x32, 0x0c, 0x2e, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x72, 0x6f, 0x6f, - 0x74, 0x52, 0x06, 0x63, 0x67, 0x52, 0x6f, 0x6f, 0x74, 0x12, 0x1f, 0x0a, 0x0b, 0x72, 0x73, 0x74, - 0x5f, 0x73, 0x69, 0x62, 0x6c, 0x69, 0x6e, 0x67, 0x18, 0x1a, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, - 0x72, 0x73, 0x74, 0x53, 0x69, 0x62, 0x6c, 0x69, 0x6e, 0x67, 0x12, 0x2a, 0x0a, 0x0a, 0x69, 0x6e, - 0x68, 0x65, 0x72, 0x69, 0x74, 0x5f, 0x66, 0x64, 0x18, 0x1b, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0b, - 0x2e, 0x69, 0x6e, 0x68, 0x65, 0x72, 0x69, 0x74, 0x5f, 0x66, 0x64, 0x52, 0x09, 0x69, 0x6e, 0x68, - 0x65, 0x72, 0x69, 0x74, 0x46, 0x64, 0x12, 0x20, 0x0a, 0x0c, 0x61, 0x75, 0x74, 0x6f, 0x5f, 0x65, - 0x78, 0x74, 0x5f, 0x6d, 0x6e, 0x74, 0x18, 0x1c, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x61, 0x75, - 0x74, 0x6f, 0x45, 0x78, 0x74, 0x4d, 0x6e, 0x74, 0x12, 0x1f, 0x0a, 0x0b, 0x65, 0x78, 0x74, 0x5f, - 0x73, 0x68, 0x61, 0x72, 0x69, 0x6e, 0x67, 0x18, 0x1d, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x65, - 0x78, 0x74, 0x53, 0x68, 0x61, 0x72, 0x69, 0x6e, 0x67, 0x12, 0x1f, 0x0a, 0x0b, 0x65, 0x78, 0x74, - 0x5f, 0x6d, 0x61, 0x73, 0x74, 0x65, 0x72, 0x73, 0x18, 0x1e, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, - 0x65, 0x78, 0x74, 0x4d, 0x61, 0x73, 0x74, 0x65, 0x72, 0x73, 0x12, 0x19, 0x0a, 0x08, 0x73, 0x6b, - 0x69, 0x70, 0x5f, 0x6d, 0x6e, 0x74, 0x18, 0x1f, 0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x73, 0x6b, - 0x69, 0x70, 0x4d, 0x6e, 0x74, 0x12, 0x1b, 0x0a, 0x09, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x5f, - 0x66, 0x73, 0x18, 0x20, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, - 0x46, 0x73, 0x12, 0x28, 0x0a, 0x0b, 0x75, 0x6e, 0x69, 0x78, 0x5f, 0x73, 0x6b, 0x5f, 0x69, 0x6e, - 0x6f, 0x18, 0x21, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x08, 0x2e, 0x75, 0x6e, 0x69, 0x78, 0x5f, 0x73, - 0x6b, 0x52, 0x09, 0x75, 0x6e, 0x69, 0x78, 0x53, 0x6b, 0x49, 0x6e, 0x6f, 0x12, 0x3d, 0x0a, 0x13, - 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x5f, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x5f, 0x6d, - 0x6f, 0x64, 0x65, 0x18, 0x22, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x0d, 0x2e, 0x63, 0x72, 0x69, 0x75, - 0x5f, 0x63, 0x67, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x52, 0x11, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, - 0x43, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x28, 0x0a, 0x0b, 0x67, - 0x68, 0x6f, 0x73, 0x74, 0x5f, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x18, 0x23, 0x20, 0x01, 0x28, 0x0d, - 0x3a, 0x07, 0x31, 0x30, 0x34, 0x38, 0x35, 0x37, 0x36, 0x52, 0x0a, 0x67, 0x68, 0x6f, 0x73, 0x74, - 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x12, 0x28, 0x0a, 0x10, 0x69, 0x72, 0x6d, 0x61, 0x70, 0x5f, 0x73, - 0x63, 0x61, 0x6e, 0x5f, 0x70, 0x61, 0x74, 0x68, 0x73, 0x18, 0x24, 0x20, 0x03, 0x28, 0x09, 0x52, - 0x0e, 0x69, 0x72, 0x6d, 0x61, 0x70, 0x53, 0x63, 0x61, 0x6e, 0x50, 0x61, 0x74, 0x68, 0x73, 0x12, - 0x1a, 0x0a, 0x08, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x18, 0x25, 0x20, 0x03, 0x28, - 0x09, 0x52, 0x08, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x12, 0x19, 0x0a, 0x08, 0x65, - 0x6d, 0x70, 0x74, 0x79, 0x5f, 0x6e, 0x73, 0x18, 0x26, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x07, 0x65, - 0x6d, 0x70, 0x74, 0x79, 0x4e, 0x73, 0x12, 0x28, 0x0a, 0x07, 0x6a, 0x6f, 0x69, 0x6e, 0x5f, 0x6e, - 0x73, 0x18, 0x27, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x6a, 0x6f, 0x69, 0x6e, 0x5f, 0x6e, - 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x52, 0x06, 0x6a, 0x6f, 0x69, 0x6e, 0x4e, 0x73, - 0x12, 0x21, 0x0a, 0x0c, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x70, 0x72, 0x6f, 0x70, 0x73, - 0x18, 0x29, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x50, 0x72, - 0x6f, 0x70, 0x73, 0x12, 0x2a, 0x0a, 0x11, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x70, 0x72, - 0x6f, 0x70, 0x73, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x2a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, - 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x50, 0x72, 0x6f, 0x70, 0x73, 0x46, 0x69, 0x6c, 0x65, 0x12, - 0x34, 0x0a, 0x16, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x64, 0x75, 0x6d, 0x70, 0x5f, 0x63, - 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x18, 0x2b, 0x20, 0x03, 0x28, 0x09, 0x52, - 0x14, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x44, 0x75, 0x6d, 0x70, 0x43, 0x6f, 0x6e, 0x74, 0x72, - 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x12, 0x23, 0x0a, 0x0d, 0x66, 0x72, 0x65, 0x65, 0x7a, 0x65, 0x5f, - 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x18, 0x2c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x66, 0x72, - 0x65, 0x65, 0x7a, 0x65, 0x43, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x18, 0x0a, 0x07, 0x74, 0x69, - 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x2d, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x07, 0x74, 0x69, 0x6d, - 0x65, 0x6f, 0x75, 0x74, 0x12, 0x2b, 0x0a, 0x12, 0x74, 0x63, 0x70, 0x5f, 0x73, 0x6b, 0x69, 0x70, - 0x5f, 0x69, 0x6e, 0x5f, 0x66, 0x6c, 0x69, 0x67, 0x68, 0x74, 0x18, 0x2e, 0x20, 0x01, 0x28, 0x08, - 0x52, 0x0f, 0x74, 0x63, 0x70, 0x53, 0x6b, 0x69, 0x70, 0x49, 0x6e, 0x46, 0x6c, 0x69, 0x67, 0x68, - 0x74, 0x12, 0x21, 0x0a, 0x0c, 0x77, 0x65, 0x61, 0x6b, 0x5f, 0x73, 0x79, 0x73, 0x63, 0x74, 0x6c, - 0x73, 0x18, 0x2f, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0b, 0x77, 0x65, 0x61, 0x6b, 0x53, 0x79, 0x73, - 0x63, 0x74, 0x6c, 0x73, 0x12, 0x1d, 0x0a, 0x0a, 0x6c, 0x61, 0x7a, 0x79, 0x5f, 0x70, 0x61, 0x67, - 0x65, 0x73, 0x18, 0x30, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x6c, 0x61, 0x7a, 0x79, 0x50, 0x61, - 0x67, 0x65, 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x5f, 0x66, 0x64, - 0x18, 0x31, 0x20, 0x01, 0x28, 0x05, 0x52, 0x08, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x46, 0x64, - 0x12, 0x2a, 0x0a, 0x11, 0x6f, 0x72, 0x70, 0x68, 0x61, 0x6e, 0x5f, 0x70, 0x74, 0x73, 0x5f, 0x6d, - 0x61, 0x73, 0x74, 0x65, 0x72, 0x18, 0x32, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0f, 0x6f, 0x72, 0x70, - 0x68, 0x61, 0x6e, 0x50, 0x74, 0x73, 0x4d, 0x61, 0x73, 0x74, 0x65, 0x72, 0x12, 0x1f, 0x0a, 0x0b, - 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x33, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x0a, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x1b, 0x0a, - 0x09, 0x74, 0x63, 0x70, 0x5f, 0x63, 0x6c, 0x6f, 0x73, 0x65, 0x18, 0x34, 0x20, 0x01, 0x28, 0x08, - 0x52, 0x08, 0x74, 0x63, 0x70, 0x43, 0x6c, 0x6f, 0x73, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x6c, 0x73, - 0x6d, 0x5f, 0x70, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x35, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x0a, 0x6c, 0x73, 0x6d, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x74, - 0x6c, 0x73, 0x5f, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x18, 0x36, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x09, 0x74, 0x6c, 0x73, 0x43, 0x61, 0x63, 0x65, 0x72, 0x74, 0x12, 0x1b, 0x0a, 0x09, 0x74, 0x6c, - 0x73, 0x5f, 0x63, 0x61, 0x63, 0x72, 0x6c, 0x18, 0x37, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x74, - 0x6c, 0x73, 0x43, 0x61, 0x63, 0x72, 0x6c, 0x12, 0x19, 0x0a, 0x08, 0x74, 0x6c, 0x73, 0x5f, 0x63, - 0x65, 0x72, 0x74, 0x18, 0x38, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x74, 0x6c, 0x73, 0x43, 0x65, - 0x72, 0x74, 0x12, 0x17, 0x0a, 0x07, 0x74, 0x6c, 0x73, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x39, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x06, 0x74, 0x6c, 0x73, 0x4b, 0x65, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x74, - 0x6c, 0x73, 0x18, 0x3a, 0x20, 0x01, 0x28, 0x08, 0x52, 0x03, 0x74, 0x6c, 0x73, 0x12, 0x27, 0x0a, - 0x10, 0x74, 0x6c, 0x73, 0x5f, 0x6e, 0x6f, 0x5f, 0x63, 0x6e, 0x5f, 0x76, 0x65, 0x72, 0x69, 0x66, - 0x79, 0x18, 0x3b, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0d, 0x74, 0x6c, 0x73, 0x4e, 0x6f, 0x43, 0x6e, - 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x12, 0x1f, 0x0a, 0x0b, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, - 0x5f, 0x79, 0x61, 0x72, 0x64, 0x18, 0x3c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x63, 0x67, 0x72, - 0x6f, 0x75, 0x70, 0x59, 0x61, 0x72, 0x64, 0x12, 0x3f, 0x0a, 0x0d, 0x70, 0x72, 0x65, 0x5f, 0x64, - 0x75, 0x6d, 0x70, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x3d, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x13, - 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x70, 0x72, 0x65, 0x5f, 0x64, 0x75, 0x6d, 0x70, 0x5f, 0x6d, - 0x6f, 0x64, 0x65, 0x3a, 0x06, 0x53, 0x50, 0x4c, 0x49, 0x43, 0x45, 0x52, 0x0b, 0x70, 0x72, 0x65, - 0x44, 0x75, 0x6d, 0x70, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x24, 0x0a, 0x0e, 0x70, 0x69, 0x64, 0x66, - 0x64, 0x5f, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x5f, 0x73, 0x6b, 0x18, 0x3e, 0x20, 0x01, 0x28, 0x05, - 0x52, 0x0c, 0x70, 0x69, 0x64, 0x66, 0x64, 0x53, 0x74, 0x6f, 0x72, 0x65, 0x53, 0x6b, 0x12, 0x2a, - 0x0a, 0x11, 0x6c, 0x73, 0x6d, 0x5f, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x63, 0x6f, 0x6e, 0x74, - 0x65, 0x78, 0x74, 0x18, 0x3f, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x6c, 0x73, 0x6d, 0x4d, 0x6f, - 0x75, 0x6e, 0x74, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x12, 0x46, 0x0a, 0x0c, 0x6e, 0x65, - 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x5f, 0x6c, 0x6f, 0x63, 0x6b, 0x18, 0x40, 0x20, 0x01, 0x28, 0x0e, - 0x32, 0x19, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x5f, - 0x6c, 0x6f, 0x63, 0x6b, 0x5f, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x3a, 0x08, 0x49, 0x50, 0x54, - 0x41, 0x42, 0x4c, 0x45, 0x53, 0x52, 0x0b, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x4c, 0x6f, - 0x63, 0x6b, 0x12, 0x2a, 0x0a, 0x11, 0x6d, 0x6e, 0x74, 0x6e, 0x73, 0x5f, 0x63, 0x6f, 0x6d, 0x70, - 0x61, 0x74, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x41, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0f, 0x6d, - 0x6e, 0x74, 0x6e, 0x73, 0x43, 0x6f, 0x6d, 0x70, 0x61, 0x74, 0x4d, 0x6f, 0x64, 0x65, 0x22, 0x2c, - 0x0a, 0x0e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x64, 0x75, 0x6d, 0x70, 0x5f, 0x72, 0x65, 0x73, 0x70, - 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x08, 0x52, 0x08, 0x72, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x64, 0x22, 0x25, 0x0a, 0x11, - 0x63, 0x72, 0x69, 0x75, 0x5f, 0x72, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x5f, 0x72, 0x65, 0x73, - 0x70, 0x12, 0x10, 0x0a, 0x03, 0x70, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, 0x28, 0x05, 0x52, 0x03, - 0x70, 0x69, 0x64, 0x22, 0x37, 0x0a, 0x0b, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x6e, 0x6f, 0x74, 0x69, - 0x66, 0x79, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x06, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x70, 0x69, - 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x70, 0x69, 0x64, 0x22, 0x6c, 0x0a, 0x0d, - 0x63, 0x72, 0x69, 0x75, 0x5f, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x12, 0x1b, 0x0a, - 0x09, 0x6d, 0x65, 0x6d, 0x5f, 0x74, 0x72, 0x61, 0x63, 0x6b, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, - 0x52, 0x08, 0x6d, 0x65, 0x6d, 0x54, 0x72, 0x61, 0x63, 0x6b, 0x12, 0x1d, 0x0a, 0x0a, 0x6c, 0x61, - 0x7a, 0x79, 0x5f, 0x70, 0x61, 0x67, 0x65, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, - 0x6c, 0x61, 0x7a, 0x79, 0x50, 0x61, 0x67, 0x65, 0x73, 0x12, 0x1f, 0x0a, 0x0b, 0x70, 0x69, 0x64, - 0x66, 0x64, 0x5f, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, - 0x70, 0x69, 0x64, 0x66, 0x64, 0x53, 0x74, 0x6f, 0x72, 0x65, 0x22, 0xd0, 0x01, 0x0a, 0x08, 0x63, - 0x72, 0x69, 0x75, 0x5f, 0x72, 0x65, 0x71, 0x12, 0x22, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, - 0x01, 0x20, 0x02, 0x28, 0x0e, 0x32, 0x0e, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x72, 0x65, 0x71, - 0x5f, 0x74, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x1e, 0x0a, 0x04, 0x6f, - 0x70, 0x74, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0a, 0x2e, 0x63, 0x72, 0x69, 0x75, - 0x5f, 0x6f, 0x70, 0x74, 0x73, 0x52, 0x04, 0x6f, 0x70, 0x74, 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x6e, - 0x6f, 0x74, 0x69, 0x66, 0x79, 0x5f, 0x73, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x18, 0x03, 0x20, - 0x01, 0x28, 0x08, 0x52, 0x0d, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x53, 0x75, 0x63, 0x63, 0x65, - 0x73, 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x6b, 0x65, 0x65, 0x70, 0x5f, 0x6f, 0x70, 0x65, 0x6e, 0x18, - 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x6b, 0x65, 0x65, 0x70, 0x4f, 0x70, 0x65, 0x6e, 0x12, - 0x2a, 0x0a, 0x08, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x0e, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, - 0x73, 0x52, 0x08, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x12, 0x10, 0x0a, 0x03, 0x70, - 0x69, 0x64, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x03, 0x70, 0x69, 0x64, 0x22, 0x8f, 0x03, - 0x0a, 0x09, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x12, 0x22, 0x0a, 0x04, 0x74, + 0x3a, 0x02, 0x2d, 0x31, 0x52, 0x0b, 0x69, 0x6d, 0x61, 0x67, 0x65, 0x73, 0x44, 0x69, 0x72, 0x46, + 0x64, 0x12, 0x1d, 0x0a, 0x0a, 0x69, 0x6d, 0x61, 0x67, 0x65, 0x73, 0x5f, 0x64, 0x69, 0x72, 0x18, + 0x44, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x69, 0x6d, 0x61, 0x67, 0x65, 0x73, 0x44, 0x69, 0x72, + 0x12, 0x10, 0x0a, 0x03, 0x70, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x70, + 0x69, 0x64, 0x12, 0x23, 0x0a, 0x0d, 0x6c, 0x65, 0x61, 0x76, 0x65, 0x5f, 0x72, 0x75, 0x6e, 0x6e, + 0x69, 0x6e, 0x67, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0c, 0x6c, 0x65, 0x61, 0x76, 0x65, + 0x52, 0x75, 0x6e, 0x6e, 0x69, 0x6e, 0x67, 0x12, 0x1e, 0x0a, 0x0b, 0x65, 0x78, 0x74, 0x5f, 0x75, + 0x6e, 0x69, 0x78, 0x5f, 0x73, 0x6b, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x65, 0x78, + 0x74, 0x55, 0x6e, 0x69, 0x78, 0x53, 0x6b, 0x12, 0x27, 0x0a, 0x0f, 0x74, 0x63, 0x70, 0x5f, 0x65, + 0x73, 0x74, 0x61, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x65, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, + 0x52, 0x0e, 0x74, 0x63, 0x70, 0x45, 0x73, 0x74, 0x61, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x65, 0x64, + 0x12, 0x27, 0x0a, 0x0f, 0x65, 0x76, 0x61, 0x73, 0x69, 0x76, 0x65, 0x5f, 0x64, 0x65, 0x76, 0x69, + 0x63, 0x65, 0x73, 0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0e, 0x65, 0x76, 0x61, 0x73, 0x69, + 0x76, 0x65, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x73, 0x68, 0x65, + 0x6c, 0x6c, 0x5f, 0x6a, 0x6f, 0x62, 0x18, 0x07, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x73, 0x68, + 0x65, 0x6c, 0x6c, 0x4a, 0x6f, 0x62, 0x12, 0x1d, 0x0a, 0x0a, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x6c, + 0x6f, 0x63, 0x6b, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x66, 0x69, 0x6c, 0x65, + 0x4c, 0x6f, 0x63, 0x6b, 0x73, 0x12, 0x1e, 0x0a, 0x09, 0x6c, 0x6f, 0x67, 0x5f, 0x6c, 0x65, 0x76, + 0x65, 0x6c, 0x18, 0x09, 0x20, 0x01, 0x28, 0x05, 0x3a, 0x01, 0x32, 0x52, 0x08, 0x6c, 0x6f, 0x67, + 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x12, 0x19, 0x0a, 0x08, 0x6c, 0x6f, 0x67, 0x5f, 0x66, 0x69, 0x6c, + 0x65, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x6c, 0x6f, 0x67, 0x46, 0x69, 0x6c, 0x65, + 0x12, 0x26, 0x0a, 0x02, 0x70, 0x73, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x63, + 0x72, 0x69, 0x75, 0x5f, 0x70, 0x61, 0x67, 0x65, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, + 0x69, 0x6e, 0x66, 0x6f, 0x52, 0x02, 0x70, 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x6e, 0x6f, 0x74, 0x69, + 0x66, 0x79, 0x5f, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x73, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x08, + 0x52, 0x0d, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x53, 0x63, 0x72, 0x69, 0x70, 0x74, 0x73, 0x12, + 0x12, 0x0a, 0x04, 0x72, 0x6f, 0x6f, 0x74, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x72, + 0x6f, 0x6f, 0x74, 0x12, 0x1d, 0x0a, 0x0a, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x5f, 0x69, 0x6d, + 0x67, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x49, + 0x6d, 0x67, 0x12, 0x1b, 0x0a, 0x09, 0x74, 0x72, 0x61, 0x63, 0x6b, 0x5f, 0x6d, 0x65, 0x6d, 0x18, + 0x0f, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x74, 0x72, 0x61, 0x63, 0x6b, 0x4d, 0x65, 0x6d, 0x12, + 0x1d, 0x0a, 0x0a, 0x61, 0x75, 0x74, 0x6f, 0x5f, 0x64, 0x65, 0x64, 0x75, 0x70, 0x18, 0x10, 0x20, + 0x01, 0x28, 0x08, 0x52, 0x09, 0x61, 0x75, 0x74, 0x6f, 0x44, 0x65, 0x64, 0x75, 0x70, 0x12, 0x1e, + 0x0a, 0x0b, 0x77, 0x6f, 0x72, 0x6b, 0x5f, 0x64, 0x69, 0x72, 0x5f, 0x66, 0x64, 0x18, 0x11, 0x20, + 0x01, 0x28, 0x05, 0x52, 0x09, 0x77, 0x6f, 0x72, 0x6b, 0x44, 0x69, 0x72, 0x46, 0x64, 0x12, 0x1d, + 0x0a, 0x0a, 0x6c, 0x69, 0x6e, 0x6b, 0x5f, 0x72, 0x65, 0x6d, 0x61, 0x70, 0x18, 0x12, 0x20, 0x01, + 0x28, 0x08, 0x52, 0x09, 0x6c, 0x69, 0x6e, 0x6b, 0x52, 0x65, 0x6d, 0x61, 0x70, 0x12, 0x25, 0x0a, + 0x05, 0x76, 0x65, 0x74, 0x68, 0x73, 0x18, 0x13, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x63, + 0x72, 0x69, 0x75, 0x5f, 0x76, 0x65, 0x74, 0x68, 0x5f, 0x70, 0x61, 0x69, 0x72, 0x52, 0x05, 0x76, + 0x65, 0x74, 0x68, 0x73, 0x12, 0x23, 0x0a, 0x07, 0x63, 0x70, 0x75, 0x5f, 0x63, 0x61, 0x70, 0x18, + 0x14, 0x20, 0x01, 0x28, 0x0d, 0x3a, 0x0a, 0x34, 0x32, 0x39, 0x34, 0x39, 0x36, 0x37, 0x32, 0x39, + 0x35, 0x52, 0x06, 0x63, 0x70, 0x75, 0x43, 0x61, 0x70, 0x12, 0x1f, 0x0a, 0x0b, 0x66, 0x6f, 0x72, + 0x63, 0x65, 0x5f, 0x69, 0x72, 0x6d, 0x61, 0x70, 0x18, 0x15, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, + 0x66, 0x6f, 0x72, 0x63, 0x65, 0x49, 0x72, 0x6d, 0x61, 0x70, 0x12, 0x19, 0x0a, 0x08, 0x65, 0x78, + 0x65, 0x63, 0x5f, 0x63, 0x6d, 0x64, 0x18, 0x16, 0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x65, 0x78, + 0x65, 0x63, 0x43, 0x6d, 0x64, 0x12, 0x27, 0x0a, 0x07, 0x65, 0x78, 0x74, 0x5f, 0x6d, 0x6e, 0x74, + 0x18, 0x17, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x65, 0x78, 0x74, 0x5f, 0x6d, 0x6f, 0x75, + 0x6e, 0x74, 0x5f, 0x6d, 0x61, 0x70, 0x52, 0x06, 0x65, 0x78, 0x74, 0x4d, 0x6e, 0x74, 0x12, 0x25, + 0x0a, 0x0e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x5f, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, + 0x18, 0x18, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0d, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x43, 0x67, + 0x72, 0x6f, 0x75, 0x70, 0x73, 0x12, 0x25, 0x0a, 0x07, 0x63, 0x67, 0x5f, 0x72, 0x6f, 0x6f, 0x74, + 0x18, 0x19, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0c, 0x2e, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, + 0x72, 0x6f, 0x6f, 0x74, 0x52, 0x06, 0x63, 0x67, 0x52, 0x6f, 0x6f, 0x74, 0x12, 0x1f, 0x0a, 0x0b, + 0x72, 0x73, 0x74, 0x5f, 0x73, 0x69, 0x62, 0x6c, 0x69, 0x6e, 0x67, 0x18, 0x1a, 0x20, 0x01, 0x28, + 0x08, 0x52, 0x0a, 0x72, 0x73, 0x74, 0x53, 0x69, 0x62, 0x6c, 0x69, 0x6e, 0x67, 0x12, 0x2a, 0x0a, + 0x0a, 0x69, 0x6e, 0x68, 0x65, 0x72, 0x69, 0x74, 0x5f, 0x66, 0x64, 0x18, 0x1b, 0x20, 0x03, 0x28, + 0x0b, 0x32, 0x0b, 0x2e, 0x69, 0x6e, 0x68, 0x65, 0x72, 0x69, 0x74, 0x5f, 0x66, 0x64, 0x52, 0x09, + 0x69, 0x6e, 0x68, 0x65, 0x72, 0x69, 0x74, 0x46, 0x64, 0x12, 0x20, 0x0a, 0x0c, 0x61, 0x75, 0x74, + 0x6f, 0x5f, 0x65, 0x78, 0x74, 0x5f, 0x6d, 0x6e, 0x74, 0x18, 0x1c, 0x20, 0x01, 0x28, 0x08, 0x52, + 0x0a, 0x61, 0x75, 0x74, 0x6f, 0x45, 0x78, 0x74, 0x4d, 0x6e, 0x74, 0x12, 0x1f, 0x0a, 0x0b, 0x65, + 0x78, 0x74, 0x5f, 0x73, 0x68, 0x61, 0x72, 0x69, 0x6e, 0x67, 0x18, 0x1d, 0x20, 0x01, 0x28, 0x08, + 0x52, 0x0a, 0x65, 0x78, 0x74, 0x53, 0x68, 0x61, 0x72, 0x69, 0x6e, 0x67, 0x12, 0x1f, 0x0a, 0x0b, + 0x65, 0x78, 0x74, 0x5f, 0x6d, 0x61, 0x73, 0x74, 0x65, 0x72, 0x73, 0x18, 0x1e, 0x20, 0x01, 0x28, + 0x08, 0x52, 0x0a, 0x65, 0x78, 0x74, 0x4d, 0x61, 0x73, 0x74, 0x65, 0x72, 0x73, 0x12, 0x19, 0x0a, + 0x08, 0x73, 0x6b, 0x69, 0x70, 0x5f, 0x6d, 0x6e, 0x74, 0x18, 0x1f, 0x20, 0x03, 0x28, 0x09, 0x52, + 0x07, 0x73, 0x6b, 0x69, 0x70, 0x4d, 0x6e, 0x74, 0x12, 0x1b, 0x0a, 0x09, 0x65, 0x6e, 0x61, 0x62, + 0x6c, 0x65, 0x5f, 0x66, 0x73, 0x18, 0x20, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x65, 0x6e, 0x61, + 0x62, 0x6c, 0x65, 0x46, 0x73, 0x12, 0x28, 0x0a, 0x0b, 0x75, 0x6e, 0x69, 0x78, 0x5f, 0x73, 0x6b, + 0x5f, 0x69, 0x6e, 0x6f, 0x18, 0x21, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x08, 0x2e, 0x75, 0x6e, 0x69, + 0x78, 0x5f, 0x73, 0x6b, 0x52, 0x09, 0x75, 0x6e, 0x69, 0x78, 0x53, 0x6b, 0x49, 0x6e, 0x6f, 0x12, + 0x3d, 0x0a, 0x13, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x5f, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, + 0x73, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x22, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x0d, 0x2e, 0x63, + 0x72, 0x69, 0x75, 0x5f, 0x63, 0x67, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x52, 0x11, 0x6d, 0x61, 0x6e, + 0x61, 0x67, 0x65, 0x43, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x28, + 0x0a, 0x0b, 0x67, 0x68, 0x6f, 0x73, 0x74, 0x5f, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x18, 0x23, 0x20, + 0x01, 0x28, 0x0d, 0x3a, 0x07, 0x31, 0x30, 0x34, 0x38, 0x35, 0x37, 0x36, 0x52, 0x0a, 0x67, 0x68, + 0x6f, 0x73, 0x74, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x12, 0x28, 0x0a, 0x10, 0x69, 0x72, 0x6d, 0x61, + 0x70, 0x5f, 0x73, 0x63, 0x61, 0x6e, 0x5f, 0x70, 0x61, 0x74, 0x68, 0x73, 0x18, 0x24, 0x20, 0x03, + 0x28, 0x09, 0x52, 0x0e, 0x69, 0x72, 0x6d, 0x61, 0x70, 0x53, 0x63, 0x61, 0x6e, 0x50, 0x61, 0x74, + 0x68, 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x18, 0x25, + 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x12, 0x19, + 0x0a, 0x08, 0x65, 0x6d, 0x70, 0x74, 0x79, 0x5f, 0x6e, 0x73, 0x18, 0x26, 0x20, 0x01, 0x28, 0x0d, + 0x52, 0x07, 0x65, 0x6d, 0x70, 0x74, 0x79, 0x4e, 0x73, 0x12, 0x28, 0x0a, 0x07, 0x6a, 0x6f, 0x69, + 0x6e, 0x5f, 0x6e, 0x73, 0x18, 0x27, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x6a, 0x6f, 0x69, + 0x6e, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x52, 0x06, 0x6a, 0x6f, 0x69, + 0x6e, 0x4e, 0x73, 0x12, 0x21, 0x0a, 0x0c, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x70, 0x72, + 0x6f, 0x70, 0x73, 0x18, 0x29, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x63, 0x67, 0x72, 0x6f, 0x75, + 0x70, 0x50, 0x72, 0x6f, 0x70, 0x73, 0x12, 0x2a, 0x0a, 0x11, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, + 0x5f, 0x70, 0x72, 0x6f, 0x70, 0x73, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x2a, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x0f, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x50, 0x72, 0x6f, 0x70, 0x73, 0x46, 0x69, + 0x6c, 0x65, 0x12, 0x34, 0x0a, 0x16, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x64, 0x75, 0x6d, + 0x70, 0x5f, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x18, 0x2b, 0x20, 0x03, + 0x28, 0x09, 0x52, 0x14, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x44, 0x75, 0x6d, 0x70, 0x43, 0x6f, + 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x12, 0x23, 0x0a, 0x0d, 0x66, 0x72, 0x65, 0x65, + 0x7a, 0x65, 0x5f, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x18, 0x2c, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x0c, 0x66, 0x72, 0x65, 0x65, 0x7a, 0x65, 0x43, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x18, 0x0a, + 0x07, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x2d, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x07, + 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x2b, 0x0a, 0x12, 0x74, 0x63, 0x70, 0x5f, 0x73, + 0x6b, 0x69, 0x70, 0x5f, 0x69, 0x6e, 0x5f, 0x66, 0x6c, 0x69, 0x67, 0x68, 0x74, 0x18, 0x2e, 0x20, + 0x01, 0x28, 0x08, 0x52, 0x0f, 0x74, 0x63, 0x70, 0x53, 0x6b, 0x69, 0x70, 0x49, 0x6e, 0x46, 0x6c, + 0x69, 0x67, 0x68, 0x74, 0x12, 0x21, 0x0a, 0x0c, 0x77, 0x65, 0x61, 0x6b, 0x5f, 0x73, 0x79, 0x73, + 0x63, 0x74, 0x6c, 0x73, 0x18, 0x2f, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0b, 0x77, 0x65, 0x61, 0x6b, + 0x53, 0x79, 0x73, 0x63, 0x74, 0x6c, 0x73, 0x12, 0x1d, 0x0a, 0x0a, 0x6c, 0x61, 0x7a, 0x79, 0x5f, + 0x70, 0x61, 0x67, 0x65, 0x73, 0x18, 0x30, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x6c, 0x61, 0x7a, + 0x79, 0x50, 0x61, 0x67, 0x65, 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, + 0x5f, 0x66, 0x64, 0x18, 0x31, 0x20, 0x01, 0x28, 0x05, 0x52, 0x08, 0x73, 0x74, 0x61, 0x74, 0x75, + 0x73, 0x46, 0x64, 0x12, 0x2a, 0x0a, 0x11, 0x6f, 0x72, 0x70, 0x68, 0x61, 0x6e, 0x5f, 0x70, 0x74, + 0x73, 0x5f, 0x6d, 0x61, 0x73, 0x74, 0x65, 0x72, 0x18, 0x32, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0f, + 0x6f, 0x72, 0x70, 0x68, 0x61, 0x6e, 0x50, 0x74, 0x73, 0x4d, 0x61, 0x73, 0x74, 0x65, 0x72, 0x12, + 0x1f, 0x0a, 0x0b, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x33, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x46, 0x69, 0x6c, 0x65, + 0x12, 0x1b, 0x0a, 0x09, 0x74, 0x63, 0x70, 0x5f, 0x63, 0x6c, 0x6f, 0x73, 0x65, 0x18, 0x34, 0x20, + 0x01, 0x28, 0x08, 0x52, 0x08, 0x74, 0x63, 0x70, 0x43, 0x6c, 0x6f, 0x73, 0x65, 0x12, 0x1f, 0x0a, + 0x0b, 0x6c, 0x73, 0x6d, 0x5f, 0x70, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x35, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x0a, 0x6c, 0x73, 0x6d, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x12, 0x1d, + 0x0a, 0x0a, 0x74, 0x6c, 0x73, 0x5f, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x18, 0x36, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x09, 0x74, 0x6c, 0x73, 0x43, 0x61, 0x63, 0x65, 0x72, 0x74, 0x12, 0x1b, 0x0a, + 0x09, 0x74, 0x6c, 0x73, 0x5f, 0x63, 0x61, 0x63, 0x72, 0x6c, 0x18, 0x37, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x08, 0x74, 0x6c, 0x73, 0x43, 0x61, 0x63, 0x72, 0x6c, 0x12, 0x19, 0x0a, 0x08, 0x74, 0x6c, + 0x73, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x18, 0x38, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x74, 0x6c, + 0x73, 0x43, 0x65, 0x72, 0x74, 0x12, 0x17, 0x0a, 0x07, 0x74, 0x6c, 0x73, 0x5f, 0x6b, 0x65, 0x79, + 0x18, 0x39, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x74, 0x6c, 0x73, 0x4b, 0x65, 0x79, 0x12, 0x10, + 0x0a, 0x03, 0x74, 0x6c, 0x73, 0x18, 0x3a, 0x20, 0x01, 0x28, 0x08, 0x52, 0x03, 0x74, 0x6c, 0x73, + 0x12, 0x27, 0x0a, 0x10, 0x74, 0x6c, 0x73, 0x5f, 0x6e, 0x6f, 0x5f, 0x63, 0x6e, 0x5f, 0x76, 0x65, + 0x72, 0x69, 0x66, 0x79, 0x18, 0x3b, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0d, 0x74, 0x6c, 0x73, 0x4e, + 0x6f, 0x43, 0x6e, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x12, 0x1f, 0x0a, 0x0b, 0x63, 0x67, 0x72, + 0x6f, 0x75, 0x70, 0x5f, 0x79, 0x61, 0x72, 0x64, 0x18, 0x3c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, + 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x59, 0x61, 0x72, 0x64, 0x12, 0x3f, 0x0a, 0x0d, 0x70, 0x72, + 0x65, 0x5f, 0x64, 0x75, 0x6d, 0x70, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x3d, 0x20, 0x01, 0x28, + 0x0e, 0x32, 0x13, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x70, 0x72, 0x65, 0x5f, 0x64, 0x75, 0x6d, + 0x70, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x3a, 0x06, 0x53, 0x50, 0x4c, 0x49, 0x43, 0x45, 0x52, 0x0b, + 0x70, 0x72, 0x65, 0x44, 0x75, 0x6d, 0x70, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x24, 0x0a, 0x0e, 0x70, + 0x69, 0x64, 0x66, 0x64, 0x5f, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x5f, 0x73, 0x6b, 0x18, 0x3e, 0x20, + 0x01, 0x28, 0x05, 0x52, 0x0c, 0x70, 0x69, 0x64, 0x66, 0x64, 0x53, 0x74, 0x6f, 0x72, 0x65, 0x53, + 0x6b, 0x12, 0x2a, 0x0a, 0x11, 0x6c, 0x73, 0x6d, 0x5f, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x63, + 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x18, 0x3f, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x6c, 0x73, + 0x6d, 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x12, 0x46, 0x0a, + 0x0c, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x5f, 0x6c, 0x6f, 0x63, 0x6b, 0x18, 0x40, 0x20, + 0x01, 0x28, 0x0e, 0x32, 0x19, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x6e, 0x65, 0x74, 0x77, 0x6f, + 0x72, 0x6b, 0x5f, 0x6c, 0x6f, 0x63, 0x6b, 0x5f, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x3a, 0x08, + 0x49, 0x50, 0x54, 0x41, 0x42, 0x4c, 0x45, 0x53, 0x52, 0x0b, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, + 0x6b, 0x4c, 0x6f, 0x63, 0x6b, 0x12, 0x2a, 0x0a, 0x11, 0x6d, 0x6e, 0x74, 0x6e, 0x73, 0x5f, 0x63, + 0x6f, 0x6d, 0x70, 0x61, 0x74, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x41, 0x20, 0x01, 0x28, 0x08, + 0x52, 0x0f, 0x6d, 0x6e, 0x74, 0x6e, 0x73, 0x43, 0x6f, 0x6d, 0x70, 0x61, 0x74, 0x4d, 0x6f, 0x64, + 0x65, 0x12, 0x2d, 0x0a, 0x13, 0x73, 0x6b, 0x69, 0x70, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x72, + 0x77, 0x78, 0x5f, 0x63, 0x68, 0x65, 0x63, 0x6b, 0x18, 0x42, 0x20, 0x01, 0x28, 0x08, 0x52, 0x10, + 0x73, 0x6b, 0x69, 0x70, 0x46, 0x69, 0x6c, 0x65, 0x52, 0x77, 0x78, 0x43, 0x68, 0x65, 0x63, 0x6b, + 0x12, 0x22, 0x0a, 0x0c, 0x75, 0x6e, 0x70, 0x72, 0x69, 0x76, 0x69, 0x6c, 0x65, 0x67, 0x65, 0x64, + 0x18, 0x43, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0c, 0x75, 0x6e, 0x70, 0x72, 0x69, 0x76, 0x69, 0x6c, + 0x65, 0x67, 0x65, 0x64, 0x12, 0x23, 0x0a, 0x0d, 0x6c, 0x65, 0x61, 0x76, 0x65, 0x5f, 0x73, 0x74, + 0x6f, 0x70, 0x70, 0x65, 0x64, 0x18, 0x45, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0c, 0x6c, 0x65, 0x61, + 0x76, 0x65, 0x53, 0x74, 0x6f, 0x70, 0x70, 0x65, 0x64, 0x12, 0x23, 0x0a, 0x0d, 0x64, 0x69, 0x73, + 0x70, 0x6c, 0x61, 0x79, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x73, 0x18, 0x46, 0x20, 0x01, 0x28, 0x08, + 0x52, 0x0c, 0x64, 0x69, 0x73, 0x70, 0x6c, 0x61, 0x79, 0x53, 0x74, 0x61, 0x74, 0x73, 0x12, 0x22, + 0x0a, 0x0d, 0x6c, 0x6f, 0x67, 0x5f, 0x74, 0x6f, 0x5f, 0x73, 0x74, 0x64, 0x65, 0x72, 0x72, 0x18, + 0x47, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0b, 0x6c, 0x6f, 0x67, 0x54, 0x6f, 0x53, 0x74, 0x64, 0x65, + 0x72, 0x72, 0x22, 0x2c, 0x0a, 0x0e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x64, 0x75, 0x6d, 0x70, 0x5f, + 0x72, 0x65, 0x73, 0x70, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x64, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x72, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x64, + 0x22, 0x25, 0x0a, 0x11, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x72, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, + 0x5f, 0x72, 0x65, 0x73, 0x70, 0x12, 0x10, 0x0a, 0x03, 0x70, 0x69, 0x64, 0x18, 0x01, 0x20, 0x02, + 0x28, 0x05, 0x52, 0x03, 0x70, 0x69, 0x64, 0x22, 0x37, 0x0a, 0x0b, 0x63, 0x72, 0x69, 0x75, 0x5f, + 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x12, 0x10, + 0x0a, 0x03, 0x70, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x70, 0x69, 0x64, + 0x22, 0x6c, 0x0a, 0x0d, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, + 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x6d, 0x65, 0x6d, 0x5f, 0x74, 0x72, 0x61, 0x63, 0x6b, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x6d, 0x65, 0x6d, 0x54, 0x72, 0x61, 0x63, 0x6b, 0x12, 0x1d, + 0x0a, 0x0a, 0x6c, 0x61, 0x7a, 0x79, 0x5f, 0x70, 0x61, 0x67, 0x65, 0x73, 0x18, 0x02, 0x20, 0x01, + 0x28, 0x08, 0x52, 0x09, 0x6c, 0x61, 0x7a, 0x79, 0x50, 0x61, 0x67, 0x65, 0x73, 0x12, 0x1f, 0x0a, + 0x0b, 0x70, 0x69, 0x64, 0x66, 0x64, 0x5f, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x18, 0x03, 0x20, 0x01, + 0x28, 0x08, 0x52, 0x0a, 0x70, 0x69, 0x64, 0x66, 0x64, 0x53, 0x74, 0x6f, 0x72, 0x65, 0x22, 0xd0, + 0x01, 0x0a, 0x08, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x72, 0x65, 0x71, 0x12, 0x22, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0e, 0x32, 0x0e, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x72, 0x65, 0x71, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, - 0x18, 0x0a, 0x07, 0x73, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x18, 0x02, 0x20, 0x02, 0x28, 0x08, - 0x52, 0x07, 0x73, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x23, 0x0a, 0x04, 0x64, 0x75, 0x6d, - 0x70, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x64, - 0x75, 0x6d, 0x70, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x52, 0x04, 0x64, 0x75, 0x6d, 0x70, 0x12, 0x2c, - 0x0a, 0x07, 0x72, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x12, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x72, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x5f, 0x72, - 0x65, 0x73, 0x70, 0x52, 0x07, 0x72, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x12, 0x24, 0x0a, 0x06, - 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0c, 0x2e, 0x63, - 0x72, 0x69, 0x75, 0x5f, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x52, 0x06, 0x6e, 0x6f, 0x74, 0x69, - 0x66, 0x79, 0x12, 0x26, 0x0a, 0x02, 0x70, 0x73, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, - 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x70, 0x61, 0x67, 0x65, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x65, - 0x72, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x52, 0x02, 0x70, 0x73, 0x12, 0x19, 0x0a, 0x08, 0x63, 0x72, - 0x5f, 0x65, 0x72, 0x72, 0x6e, 0x6f, 0x18, 0x07, 0x20, 0x01, 0x28, 0x05, 0x52, 0x07, 0x63, 0x72, - 0x45, 0x72, 0x72, 0x6e, 0x6f, 0x12, 0x2a, 0x0a, 0x08, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, - 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x66, - 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x52, 0x08, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, - 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x63, 0x72, 0x5f, 0x65, 0x72, 0x72, 0x6d, 0x73, 0x67, 0x18, 0x09, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x63, 0x72, 0x45, 0x72, 0x72, 0x6d, 0x73, 0x67, 0x12, 0x27, - 0x0a, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x0d, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x07, - 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, - 0x73, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x05, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x22, - 0xb0, 0x01, 0x0a, 0x0c, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, - 0x12, 0x21, 0x0a, 0x0c, 0x6d, 0x61, 0x6a, 0x6f, 0x72, 0x5f, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, - 0x18, 0x01, 0x20, 0x02, 0x28, 0x05, 0x52, 0x0b, 0x6d, 0x61, 0x6a, 0x6f, 0x72, 0x4e, 0x75, 0x6d, - 0x62, 0x65, 0x72, 0x12, 0x21, 0x0a, 0x0c, 0x6d, 0x69, 0x6e, 0x6f, 0x72, 0x5f, 0x6e, 0x75, 0x6d, - 0x62, 0x65, 0x72, 0x18, 0x02, 0x20, 0x02, 0x28, 0x05, 0x52, 0x0b, 0x6d, 0x69, 0x6e, 0x6f, 0x72, - 0x4e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, 0x14, 0x0a, 0x05, 0x67, 0x69, 0x74, 0x69, 0x64, 0x18, - 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x67, 0x69, 0x74, 0x69, 0x64, 0x12, 0x1a, 0x0a, 0x08, - 0x73, 0x75, 0x62, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x05, 0x52, 0x08, - 0x73, 0x75, 0x62, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x12, 0x14, 0x0a, 0x05, 0x65, 0x78, 0x74, 0x72, - 0x61, 0x18, 0x05, 0x20, 0x01, 0x28, 0x05, 0x52, 0x05, 0x65, 0x78, 0x74, 0x72, 0x61, 0x12, 0x12, - 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, - 0x6d, 0x65, 0x2a, 0x5f, 0x0a, 0x0c, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x63, 0x67, 0x5f, 0x6d, 0x6f, - 0x64, 0x65, 0x12, 0x0a, 0x0a, 0x06, 0x49, 0x47, 0x4e, 0x4f, 0x52, 0x45, 0x10, 0x00, 0x12, 0x0b, - 0x0a, 0x07, 0x43, 0x47, 0x5f, 0x4e, 0x4f, 0x4e, 0x45, 0x10, 0x01, 0x12, 0x09, 0x0a, 0x05, 0x50, - 0x52, 0x4f, 0x50, 0x53, 0x10, 0x02, 0x12, 0x08, 0x0a, 0x04, 0x53, 0x4f, 0x46, 0x54, 0x10, 0x03, - 0x12, 0x08, 0x0a, 0x04, 0x46, 0x55, 0x4c, 0x4c, 0x10, 0x04, 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x54, - 0x52, 0x49, 0x43, 0x54, 0x10, 0x05, 0x12, 0x0b, 0x0a, 0x07, 0x44, 0x45, 0x46, 0x41, 0x55, 0x4c, - 0x54, 0x10, 0x06, 0x2a, 0x36, 0x0a, 0x18, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x6e, 0x65, 0x74, 0x77, - 0x6f, 0x72, 0x6b, 0x5f, 0x6c, 0x6f, 0x63, 0x6b, 0x5f, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x12, - 0x0c, 0x0a, 0x08, 0x49, 0x50, 0x54, 0x41, 0x42, 0x4c, 0x45, 0x53, 0x10, 0x01, 0x12, 0x0c, 0x0a, - 0x08, 0x4e, 0x46, 0x54, 0x41, 0x42, 0x4c, 0x45, 0x53, 0x10, 0x02, 0x2a, 0x2d, 0x0a, 0x12, 0x63, - 0x72, 0x69, 0x75, 0x5f, 0x70, 0x72, 0x65, 0x5f, 0x64, 0x75, 0x6d, 0x70, 0x5f, 0x6d, 0x6f, 0x64, - 0x65, 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x50, 0x4c, 0x49, 0x43, 0x45, 0x10, 0x01, 0x12, 0x0b, 0x0a, - 0x07, 0x56, 0x4d, 0x5f, 0x52, 0x45, 0x41, 0x44, 0x10, 0x02, 0x2a, 0xe5, 0x01, 0x0a, 0x0d, 0x63, - 0x72, 0x69, 0x75, 0x5f, 0x72, 0x65, 0x71, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x12, 0x09, 0x0a, 0x05, - 0x45, 0x4d, 0x50, 0x54, 0x59, 0x10, 0x00, 0x12, 0x08, 0x0a, 0x04, 0x44, 0x55, 0x4d, 0x50, 0x10, - 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x52, 0x45, 0x53, 0x54, 0x4f, 0x52, 0x45, 0x10, 0x02, 0x12, 0x09, - 0x0a, 0x05, 0x43, 0x48, 0x45, 0x43, 0x4b, 0x10, 0x03, 0x12, 0x0c, 0x0a, 0x08, 0x50, 0x52, 0x45, - 0x5f, 0x44, 0x55, 0x4d, 0x50, 0x10, 0x04, 0x12, 0x0f, 0x0a, 0x0b, 0x50, 0x41, 0x47, 0x45, 0x5f, - 0x53, 0x45, 0x52, 0x56, 0x45, 0x52, 0x10, 0x05, 0x12, 0x0a, 0x0a, 0x06, 0x4e, 0x4f, 0x54, 0x49, - 0x46, 0x59, 0x10, 0x06, 0x12, 0x10, 0x0a, 0x0c, 0x43, 0x50, 0x55, 0x49, 0x4e, 0x46, 0x4f, 0x5f, - 0x44, 0x55, 0x4d, 0x50, 0x10, 0x07, 0x12, 0x11, 0x0a, 0x0d, 0x43, 0x50, 0x55, 0x49, 0x4e, 0x46, - 0x4f, 0x5f, 0x43, 0x48, 0x45, 0x43, 0x4b, 0x10, 0x08, 0x12, 0x11, 0x0a, 0x0d, 0x46, 0x45, 0x41, - 0x54, 0x55, 0x52, 0x45, 0x5f, 0x43, 0x48, 0x45, 0x43, 0x4b, 0x10, 0x09, 0x12, 0x0b, 0x0a, 0x07, - 0x56, 0x45, 0x52, 0x53, 0x49, 0x4f, 0x4e, 0x10, 0x0a, 0x12, 0x0c, 0x0a, 0x08, 0x57, 0x41, 0x49, - 0x54, 0x5f, 0x50, 0x49, 0x44, 0x10, 0x0b, 0x12, 0x14, 0x0a, 0x10, 0x50, 0x41, 0x47, 0x45, 0x5f, - 0x53, 0x45, 0x52, 0x56, 0x45, 0x52, 0x5f, 0x43, 0x48, 0x4c, 0x44, 0x10, 0x0c, 0x12, 0x13, 0x0a, - 0x0f, 0x53, 0x49, 0x4e, 0x47, 0x4c, 0x45, 0x5f, 0x50, 0x52, 0x45, 0x5f, 0x44, 0x55, 0x4d, 0x50, - 0x10, 0x0d, + 0x1e, 0x0a, 0x04, 0x6f, 0x70, 0x74, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0a, 0x2e, + 0x63, 0x72, 0x69, 0x75, 0x5f, 0x6f, 0x70, 0x74, 0x73, 0x52, 0x04, 0x6f, 0x70, 0x74, 0x73, 0x12, + 0x25, 0x0a, 0x0e, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x5f, 0x73, 0x75, 0x63, 0x63, 0x65, 0x73, + 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0d, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x53, + 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x6b, 0x65, 0x65, 0x70, 0x5f, 0x6f, + 0x70, 0x65, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x6b, 0x65, 0x65, 0x70, 0x4f, + 0x70, 0x65, 0x6e, 0x12, 0x2a, 0x0a, 0x08, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x18, + 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x66, 0x65, 0x61, + 0x74, 0x75, 0x72, 0x65, 0x73, 0x52, 0x08, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x12, + 0x10, 0x0a, 0x03, 0x70, 0x69, 0x64, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x03, 0x70, 0x69, + 0x64, 0x22, 0x8f, 0x03, 0x0a, 0x09, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x12, + 0x22, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x0e, 0x32, 0x0e, 0x2e, + 0x63, 0x72, 0x69, 0x75, 0x5f, 0x72, 0x65, 0x71, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, + 0x79, 0x70, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x73, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x18, 0x02, + 0x20, 0x02, 0x28, 0x08, 0x52, 0x07, 0x73, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x23, 0x0a, + 0x04, 0x64, 0x75, 0x6d, 0x70, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x63, 0x72, + 0x69, 0x75, 0x5f, 0x64, 0x75, 0x6d, 0x70, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x52, 0x04, 0x64, 0x75, + 0x6d, 0x70, 0x12, 0x2c, 0x0a, 0x07, 0x72, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x18, 0x04, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x72, 0x65, 0x73, 0x74, 0x6f, + 0x72, 0x65, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x52, 0x07, 0x72, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x65, + 0x12, 0x24, 0x0a, 0x06, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x0c, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x52, 0x06, + 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x12, 0x26, 0x0a, 0x02, 0x70, 0x73, 0x18, 0x06, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x70, 0x61, 0x67, 0x65, 0x5f, 0x73, + 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x52, 0x02, 0x70, 0x73, 0x12, 0x19, + 0x0a, 0x08, 0x63, 0x72, 0x5f, 0x65, 0x72, 0x72, 0x6e, 0x6f, 0x18, 0x07, 0x20, 0x01, 0x28, 0x05, + 0x52, 0x07, 0x63, 0x72, 0x45, 0x72, 0x72, 0x6e, 0x6f, 0x12, 0x2a, 0x0a, 0x08, 0x66, 0x65, 0x61, + 0x74, 0x75, 0x72, 0x65, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x63, 0x72, + 0x69, 0x75, 0x5f, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x52, 0x08, 0x66, 0x65, 0x61, + 0x74, 0x75, 0x72, 0x65, 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x63, 0x72, 0x5f, 0x65, 0x72, 0x72, 0x6d, + 0x73, 0x67, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x63, 0x72, 0x45, 0x72, 0x72, 0x6d, + 0x73, 0x67, 0x12, 0x27, 0x0a, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x0a, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x0d, 0x2e, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, + 0x6f, 0x6e, 0x52, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x16, 0x0a, 0x06, 0x73, + 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x05, 0x52, 0x06, 0x73, 0x74, 0x61, + 0x74, 0x75, 0x73, 0x22, 0xb0, 0x01, 0x0a, 0x0c, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x76, 0x65, 0x72, + 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x21, 0x0a, 0x0c, 0x6d, 0x61, 0x6a, 0x6f, 0x72, 0x5f, 0x6e, 0x75, + 0x6d, 0x62, 0x65, 0x72, 0x18, 0x01, 0x20, 0x02, 0x28, 0x05, 0x52, 0x0b, 0x6d, 0x61, 0x6a, 0x6f, + 0x72, 0x4e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, 0x21, 0x0a, 0x0c, 0x6d, 0x69, 0x6e, 0x6f, 0x72, + 0x5f, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x02, 0x20, 0x02, 0x28, 0x05, 0x52, 0x0b, 0x6d, + 0x69, 0x6e, 0x6f, 0x72, 0x4e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, 0x14, 0x0a, 0x05, 0x67, 0x69, + 0x74, 0x69, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x67, 0x69, 0x74, 0x69, 0x64, + 0x12, 0x1a, 0x0a, 0x08, 0x73, 0x75, 0x62, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x18, 0x04, 0x20, 0x01, + 0x28, 0x05, 0x52, 0x08, 0x73, 0x75, 0x62, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x12, 0x14, 0x0a, 0x05, + 0x65, 0x78, 0x74, 0x72, 0x61, 0x18, 0x05, 0x20, 0x01, 0x28, 0x05, 0x52, 0x05, 0x65, 0x78, 0x74, + 0x72, 0x61, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x2a, 0x5f, 0x0a, 0x0c, 0x63, 0x72, 0x69, 0x75, 0x5f, 0x63, + 0x67, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x0a, 0x0a, 0x06, 0x49, 0x47, 0x4e, 0x4f, 0x52, 0x45, + 0x10, 0x00, 0x12, 0x0b, 0x0a, 0x07, 0x43, 0x47, 0x5f, 0x4e, 0x4f, 0x4e, 0x45, 0x10, 0x01, 0x12, + 0x09, 0x0a, 0x05, 0x50, 0x52, 0x4f, 0x50, 0x53, 0x10, 0x02, 0x12, 0x08, 0x0a, 0x04, 0x53, 0x4f, + 0x46, 0x54, 0x10, 0x03, 0x12, 0x08, 0x0a, 0x04, 0x46, 0x55, 0x4c, 0x4c, 0x10, 0x04, 0x12, 0x0a, + 0x0a, 0x06, 0x53, 0x54, 0x52, 0x49, 0x43, 0x54, 0x10, 0x05, 0x12, 0x0b, 0x0a, 0x07, 0x44, 0x45, + 0x46, 0x41, 0x55, 0x4c, 0x54, 0x10, 0x06, 0x2a, 0x40, 0x0a, 0x18, 0x63, 0x72, 0x69, 0x75, 0x5f, + 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x5f, 0x6c, 0x6f, 0x63, 0x6b, 0x5f, 0x6d, 0x65, 0x74, + 0x68, 0x6f, 0x64, 0x12, 0x0c, 0x0a, 0x08, 0x49, 0x50, 0x54, 0x41, 0x42, 0x4c, 0x45, 0x53, 0x10, + 0x01, 0x12, 0x0c, 0x0a, 0x08, 0x4e, 0x46, 0x54, 0x41, 0x42, 0x4c, 0x45, 0x53, 0x10, 0x02, 0x12, + 0x08, 0x0a, 0x04, 0x53, 0x4b, 0x49, 0x50, 0x10, 0x03, 0x2a, 0x2d, 0x0a, 0x12, 0x63, 0x72, 0x69, + 0x75, 0x5f, 0x70, 0x72, 0x65, 0x5f, 0x64, 0x75, 0x6d, 0x70, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x12, + 0x0a, 0x0a, 0x06, 0x53, 0x50, 0x4c, 0x49, 0x43, 0x45, 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x56, + 0x4d, 0x5f, 0x52, 0x45, 0x41, 0x44, 0x10, 0x02, 0x2a, 0xe5, 0x01, 0x0a, 0x0d, 0x63, 0x72, 0x69, + 0x75, 0x5f, 0x72, 0x65, 0x71, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x12, 0x09, 0x0a, 0x05, 0x45, 0x4d, + 0x50, 0x54, 0x59, 0x10, 0x00, 0x12, 0x08, 0x0a, 0x04, 0x44, 0x55, 0x4d, 0x50, 0x10, 0x01, 0x12, + 0x0b, 0x0a, 0x07, 0x52, 0x45, 0x53, 0x54, 0x4f, 0x52, 0x45, 0x10, 0x02, 0x12, 0x09, 0x0a, 0x05, + 0x43, 0x48, 0x45, 0x43, 0x4b, 0x10, 0x03, 0x12, 0x0c, 0x0a, 0x08, 0x50, 0x52, 0x45, 0x5f, 0x44, + 0x55, 0x4d, 0x50, 0x10, 0x04, 0x12, 0x0f, 0x0a, 0x0b, 0x50, 0x41, 0x47, 0x45, 0x5f, 0x53, 0x45, + 0x52, 0x56, 0x45, 0x52, 0x10, 0x05, 0x12, 0x0a, 0x0a, 0x06, 0x4e, 0x4f, 0x54, 0x49, 0x46, 0x59, + 0x10, 0x06, 0x12, 0x10, 0x0a, 0x0c, 0x43, 0x50, 0x55, 0x49, 0x4e, 0x46, 0x4f, 0x5f, 0x44, 0x55, + 0x4d, 0x50, 0x10, 0x07, 0x12, 0x11, 0x0a, 0x0d, 0x43, 0x50, 0x55, 0x49, 0x4e, 0x46, 0x4f, 0x5f, + 0x43, 0x48, 0x45, 0x43, 0x4b, 0x10, 0x08, 0x12, 0x11, 0x0a, 0x0d, 0x46, 0x45, 0x41, 0x54, 0x55, + 0x52, 0x45, 0x5f, 0x43, 0x48, 0x45, 0x43, 0x4b, 0x10, 0x09, 0x12, 0x0b, 0x0a, 0x07, 0x56, 0x45, + 0x52, 0x53, 0x49, 0x4f, 0x4e, 0x10, 0x0a, 0x12, 0x0c, 0x0a, 0x08, 0x57, 0x41, 0x49, 0x54, 0x5f, + 0x50, 0x49, 0x44, 0x10, 0x0b, 0x12, 0x14, 0x0a, 0x10, 0x50, 0x41, 0x47, 0x45, 0x5f, 0x53, 0x45, + 0x52, 0x56, 0x45, 0x52, 0x5f, 0x43, 0x48, 0x4c, 0x44, 0x10, 0x0c, 0x12, 0x13, 0x0a, 0x0f, 0x53, + 0x49, 0x4e, 0x47, 0x4c, 0x45, 0x5f, 0x50, 0x52, 0x45, 0x5f, 0x44, 0x55, 0x4d, 0x50, 0x10, 0x0d, } var ( diff --git a/vendor/github.com/checkpoint-restore/go-criu/v6/rpc/rpc.proto b/vendor/github.com/checkpoint-restore/go-criu/v7/rpc/rpc.proto similarity index 94% rename from vendor/github.com/checkpoint-restore/go-criu/v6/rpc/rpc.proto rename to vendor/github.com/checkpoint-restore/go-criu/v7/rpc/rpc.proto index a6cc5da4873..1a4722a9ce7 100644 --- a/vendor/github.com/checkpoint-restore/go-criu/v6/rpc/rpc.proto +++ b/vendor/github.com/checkpoint-restore/go-criu/v7/rpc/rpc.proto @@ -52,6 +52,7 @@ enum criu_cg_mode { enum criu_network_lock_method { IPTABLES = 1; NFTABLES = 2; + SKIP = 3; }; enum criu_pre_dump_mode { @@ -60,7 +61,8 @@ enum criu_pre_dump_mode { }; message criu_opts { - required int32 images_dir_fd = 1; + required int32 images_dir_fd = 1 [default = -1]; + optional string images_dir = 68; /* used only if images_dir_fd == -1 */ optional int32 pid = 2; /* if not set on dump, will dump requesting process */ optional bool leave_running = 3; @@ -138,6 +140,11 @@ message criu_opts { optional string lsm_mount_context = 63; optional criu_network_lock_method network_lock = 64 [default = IPTABLES]; optional bool mntns_compat_mode = 65; + optional bool skip_file_rwx_check = 66; + optional bool unprivileged = 67; + optional bool leave_stopped = 69; + optional bool display_stats = 70; + optional bool log_to_stderr = 71; /* optional bool check_mounts = 128; */ } diff --git a/vendor/modules.txt b/vendor/modules.txt index 0ead139c0c5..b981371409c 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1,7 +1,7 @@ -# github.com/checkpoint-restore/go-criu/v6 v6.3.0 -## explicit; go 1.16 -github.com/checkpoint-restore/go-criu/v6 -github.com/checkpoint-restore/go-criu/v6/rpc +# github.com/checkpoint-restore/go-criu/v7 v7.2.0 +## explicit; go 1.20 +github.com/checkpoint-restore/go-criu/v7 +github.com/checkpoint-restore/go-criu/v7/rpc # github.com/cilium/ebpf v0.17.3 ## explicit; go 1.22 github.com/cilium/ebpf From 12c2e21f407529cbb67a5159b15716d0d21dc412 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 5 Mar 2025 04:26:18 +0000 Subject: [PATCH 0856/1176] build(deps): bump golang.org/x/net from 0.35.0 to 0.36.0 Bumps [golang.org/x/net](https://github.com/golang/net) from 0.35.0 to 0.36.0. - [Commits](https://github.com/golang/net/compare/v0.35.0...v0.36.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- vendor/modules.txt | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/go.mod b/go.mod index ab77936b199..bd31309d829 100644 --- a/go.mod +++ b/go.mod @@ -21,7 +21,7 @@ require ( github.com/sirupsen/logrus v1.9.3 github.com/urfave/cli v1.22.16 github.com/vishvananda/netlink v1.3.0 - golang.org/x/net v0.35.0 + golang.org/x/net v0.36.0 golang.org/x/sys v0.30.0 google.golang.org/protobuf v1.36.5 ) diff --git a/go.sum b/go.sum index 1503380cef5..4a321177ac6 100644 --- a/go.sum +++ b/go.sum @@ -83,8 +83,8 @@ github.com/vishvananda/netlink v1.3.0 h1:X7l42GfcV4S6E4vHTsw48qbrV+9PVojNfIhZcwQ github.com/vishvananda/netlink v1.3.0/go.mod h1:i6NetklAujEcC6fK0JPjT8qSwWyO0HLn4UKG+hGqeJs= github.com/vishvananda/netns v0.0.4 h1:Oeaw1EM2JMxD51g9uhtC0D7erkIjgmj8+JZc26m1YX8= github.com/vishvananda/netns v0.0.4/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM= -golang.org/x/net v0.35.0 h1:T5GQRQb2y08kTAByq9L4/bz8cipCdA8FbRTXewonqY8= -golang.org/x/net v0.35.0/go.mod h1:EglIi67kWsHKlRzzVMUD93VMSWGFOMSZgxFjparz1Qk= +golang.org/x/net v0.36.0 h1:vWF2fRbw4qslQsQzgFqZff+BItCvGFQqKzKIzx1rmoA= +golang.org/x/net v0.36.0/go.mod h1:bFmbeoIPfrw4sMHNhb4J9f6+tPziuGjq7Jk/38fxi1I= golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= diff --git a/vendor/modules.txt b/vendor/modules.txt index 0ead139c0c5..f5e337d8eeb 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -91,8 +91,8 @@ github.com/vishvananda/netlink/nl # github.com/vishvananda/netns v0.0.4 ## explicit; go 1.17 github.com/vishvananda/netns -# golang.org/x/net v0.35.0 -## explicit; go 1.18 +# golang.org/x/net v0.36.0 +## explicit; go 1.23.0 golang.org/x/net/bpf # golang.org/x/sys v0.30.0 ## explicit; go 1.18 From 79e9cf53e0e4ad723005e1b8c4cfd6a0a829e168 Mon Sep 17 00:00:00 2001 From: lifubang Date: Wed, 5 Mar 2025 09:40:34 +0000 Subject: [PATCH 0857/1176] doc: update spec-conformance.md Signed-off-by: lifubang --- docs/spec-conformance.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/spec-conformance.md b/docs/spec-conformance.md index 21c853822e3..ea2daca6986 100644 --- a/docs/spec-conformance.md +++ b/docs/spec-conformance.md @@ -1,6 +1,6 @@ # Spec conformance -This branch of runc implements the [OCI Runtime Spec v1.2.0](https://github.com/opencontainers/runtime-spec/tree/v1.2.0) +This branch of runc implements the [OCI Runtime Spec v1.2.1](https://github.com/opencontainers/runtime-spec/tree/v1.2.1) for the `linux` platform. The following features are not implemented yet: From 000cdef75de133ee3b7c045238eba8aabbe56d2d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 6 Mar 2025 04:49:01 +0000 Subject: [PATCH 0858/1176] build(deps): bump golang.org/x/sys from 0.30.0 to 0.31.0 Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.30.0 to 0.31.0. - [Commits](https://github.com/golang/sys/compare/v0.30.0...v0.31.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- vendor/modules.txt | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/go.mod b/go.mod index e6079221373..086300ed873 100644 --- a/go.mod +++ b/go.mod @@ -22,7 +22,7 @@ require ( github.com/urfave/cli v1.22.16 github.com/vishvananda/netlink v1.3.0 golang.org/x/net v0.36.0 - golang.org/x/sys v0.30.0 + golang.org/x/sys v0.31.0 google.golang.org/protobuf v1.36.5 ) diff --git a/go.sum b/go.sum index bd6f36805ce..6ecedcff5de 100644 --- a/go.sum +++ b/go.sum @@ -85,8 +85,8 @@ golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc= -golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik= +golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= google.golang.org/protobuf v1.36.5 h1:tPhr+woSbjfYvY6/GPufUoYizxw1cF/yFoxJ2fmpwlM= google.golang.org/protobuf v1.36.5/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/vendor/modules.txt b/vendor/modules.txt index 37fd141729e..9ae7f93b398 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -94,8 +94,8 @@ github.com/vishvananda/netns # golang.org/x/net v0.36.0 ## explicit; go 1.23.0 golang.org/x/net/bpf -# golang.org/x/sys v0.30.0 -## explicit; go 1.18 +# golang.org/x/sys v0.31.0 +## explicit; go 1.23.0 golang.org/x/sys/unix golang.org/x/sys/windows # google.golang.org/protobuf v1.36.5 From d5fe53030bd0a3a0996ffe7b8733cb7f5eeddc60 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 6 Mar 2025 09:52:25 +0000 Subject: [PATCH 0859/1176] build(deps): bump golang.org/x/net from 0.36.0 to 0.37.0 Bumps [golang.org/x/net](https://github.com/golang/net) from 0.36.0 to 0.37.0. - [Commits](https://github.com/golang/net/compare/v0.36.0...v0.37.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- vendor/modules.txt | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index 086300ed873..ee5edaa8618 100644 --- a/go.mod +++ b/go.mod @@ -21,7 +21,7 @@ require ( github.com/sirupsen/logrus v1.9.3 github.com/urfave/cli v1.22.16 github.com/vishvananda/netlink v1.3.0 - golang.org/x/net v0.36.0 + golang.org/x/net v0.37.0 golang.org/x/sys v0.31.0 google.golang.org/protobuf v1.36.5 ) diff --git a/go.sum b/go.sum index 6ecedcff5de..c71e0394f58 100644 --- a/go.sum +++ b/go.sum @@ -77,8 +77,8 @@ github.com/vishvananda/netlink v1.3.0 h1:X7l42GfcV4S6E4vHTsw48qbrV+9PVojNfIhZcwQ github.com/vishvananda/netlink v1.3.0/go.mod h1:i6NetklAujEcC6fK0JPjT8qSwWyO0HLn4UKG+hGqeJs= github.com/vishvananda/netns v0.0.4 h1:Oeaw1EM2JMxD51g9uhtC0D7erkIjgmj8+JZc26m1YX8= github.com/vishvananda/netns v0.0.4/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM= -golang.org/x/net v0.36.0 h1:vWF2fRbw4qslQsQzgFqZff+BItCvGFQqKzKIzx1rmoA= -golang.org/x/net v0.36.0/go.mod h1:bFmbeoIPfrw4sMHNhb4J9f6+tPziuGjq7Jk/38fxi1I= +golang.org/x/net v0.37.0 h1:1zLorHbz+LYj7MQlSf1+2tPIIgibq2eL5xkrGk6f+2c= +golang.org/x/net v0.37.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8= golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= diff --git a/vendor/modules.txt b/vendor/modules.txt index 9ae7f93b398..fef75a33656 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -91,7 +91,7 @@ github.com/vishvananda/netlink/nl # github.com/vishvananda/netns v0.0.4 ## explicit; go 1.17 github.com/vishvananda/netns -# golang.org/x/net v0.36.0 +# golang.org/x/net v0.37.0 ## explicit; go 1.23.0 golang.org/x/net/bpf # golang.org/x/sys v0.31.0 From 135552e5e41740c264c799b975d83776b2c3a36c Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Thu, 6 Mar 2025 16:02:35 +0900 Subject: [PATCH 0860/1176] CI: migrate Vagrant + Cirrus to Lima + GHA - Unlike proprietary Vagrant, Lima remains to be an open source project - GHA now natively supports nested virt on Linux runners Signed-off-by: Akihiro Suda --- .cirrus.yml | 70 ++----------------------------------- .github/workflows/test.yml | 62 ++++++++++++++++++++++++++++++++ Vagrantfile.fedora | 53 ---------------------------- script/setup_host_fedora.sh | 35 +++++++++++++++++++ 4 files changed, 99 insertions(+), 121 deletions(-) delete mode 100644 Vagrantfile.fedora create mode 100755 script/setup_host_fedora.sh diff --git a/.cirrus.yml b/.cirrus.yml index 65c70cd9a22..cae54569fc9 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -1,76 +1,10 @@ --- -# We use Cirrus for RHEL clones (native) and Fedora (in Vagrant), because -# neither is available on GHA natively, so the only option is VM. -# In GHA, nested virtualization is only supported on macOS instances, which -# are slow and flaky. +# We use Cirrus for RHEL clones because Cirrus can directly run them +# without depending on nested virtualization. # NOTE Cirrus execution environments lack a terminal, needed for # some integration tests. So we use `ssh -tt` command to fake a terminal. -task: - timeout_in: 30m - - env: - DEBIAN_FRONTEND: noninteractive - HOME: /root - # yamllint disable rule:key-duplicates - matrix: - DISTRO: fedora - - name: vagrant DISTRO:$DISTRO - - compute_engine_instance: - image_project: cirrus-images - image: family/docker-kvm - platform: linux - nested_virtualization: true - # CPU limit: `16 / NTASK`: see https://cirrus-ci.org/faq/#are-there-any-limits - cpu: 4 - # Memory limit: `4GB * NCPU` - memory: 16G - - host_info_script: | - uname -a - # ----- - cat /etc/os-release - # ----- - df -T - # ----- - cat /proc/cpuinfo - install_libvirt_vagrant_script: | - curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg - echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list - sudo sed -i 's/^# deb-src/deb-src/' /etc/apt/sources.list - apt-get update - apt-get install -y libvirt-daemon libvirt-daemon-system vagrant - systemctl enable --now libvirtd - apt-get build-dep -y vagrant ruby-libvirt - apt-get install -y --no-install-recommends libxslt-dev libxml2-dev libvirt-dev ruby-bundler ruby-dev zlib1g-dev - vagrant plugin install vagrant-libvirt - vagrant_cache: - fingerprint_script: cat Vagrantfile.$DISTRO - folder: /root/.vagrant.d/boxes - vagrant_up_script: | - ln -sf Vagrantfile.$DISTRO Vagrantfile - # Retry if it fails (download.fedoraproject.org returns 404 sometimes) - vagrant up --no-tty || vagrant up --no-tty - mkdir -p -m 0700 /root/.ssh - vagrant ssh-config >> /root/.ssh/config - guest_info_script: | - ssh default 'sh -exc "uname -a && systemctl --version && df -T && cat /etc/os-release && go version && sestatus && rpm -q container-selinux"' - check_config_script: | - ssh default /vagrant/script/check-config.sh - unit_tests_script: | - ssh default 'sudo -i make -C /vagrant localunittest' - integration_systemd_script: | - ssh -tt default "sudo -i make -C /vagrant localintegration RUNC_USE_SYSTEMD=yes" - integration_fs_script: | - ssh -tt default "sudo -i make -C /vagrant localintegration" - integration_systemd_rootless_script: | - ssh -tt default "sudo -i make -C /vagrant localrootlessintegration RUNC_USE_SYSTEMD=yes" - integration_fs_rootless_script: | - ssh -tt default "sudo -i make -C /vagrant localrootlessintegration" - task: timeout_in: 30m diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 255a1e2fe35..395dffc5d78 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -213,10 +213,72 @@ jobs: - name: unit test run: sudo -E PATH="$PATH" -- make GOARCH=386 localunittest + fedora: + timeout-minutes: 30 + runs-on: ubuntu-24.04 + steps: + - uses: actions/checkout@v4 + + - uses: lima-vm/lima-actions/setup@v1 + id: lima-actions-setup + + - uses: actions/cache@v4 + with: + path: ~/.cache/lima + key: lima-${{ steps.lima-actions-setup.outputs.version }} + + - name: "Start VM" + # --plain is set to disable file sharing, port forwarding, built-in containerd, etc. for faster start up + # + # CPUs: min(4, host CPU cores) + # RAM: min(4 GiB, half of host memory) + # Disk: 100 GiB + run: limactl start --plain --name=default template://fedora + + - name: "Initialize VM" + run: | + set -eux -o pipefail + limactl cp -r . default:/tmp/runc + lima sudo /tmp/runc/script/setup_host_fedora.sh + + - name: "Show guest info" + run: | + set -eux -o pipefail + lima uname -a + lima systemctl --version + lima df -T + lima cat /etc/os-release + lima go version + lima sestatus + lima rpm -q container-selinux + + - name: "Check config" + run: lima /tmp/runc/script/check-config.sh + + # NOTE the execution environment lacks a terminal, needed for + # some integration tests. So we use `ssh -tt` command to fake a terminal. + - uses: lima-vm/lima-actions/ssh@v1 + + - name: "Run unit tests" + run: ssh -tt lima-default sudo -i make -C /tmp/runc localunittest + + - name: "Run integration tests (systemd driver)" + run: ssh -tt lima-default sudo -i make -C /tmp/runc localintegration RUNC_USE_SYSTEMD=yes + + - name: "Run integration tests (fs driver)" + run: ssh -tt lima-default sudo -i make -C /tmp/runc localintegration + + - name: "Run integration tests (systemd driver, rootless)" + run: ssh -tt lima-default sudo -i make -C /tmp/runc localrootlessintegration RUNC_USE_SYSTEMD=yes + + - name: "Run integration tests (fs driver, rootless)" + run: ssh -tt lima-default sudo -i make -C /tmp/runc localrootlessintegration + all-done: needs: - test - cross-i386 + - fedora runs-on: ubuntu-24.04 steps: - run: echo "All jobs completed" diff --git a/Vagrantfile.fedora b/Vagrantfile.fedora deleted file mode 100644 index f0099721521..00000000000 --- a/Vagrantfile.fedora +++ /dev/null @@ -1,53 +0,0 @@ -# -*- mode: ruby -*- -# vi: set ft=ruby : - -Vagrant.configure("2") do |config| - config.vm.box = "fedora-41" - # For URL, check https://www.fedoraproject.org/cloud/download - config.vm.box_url = "https://download.fedoraproject.org/pub/fedora/linux/releases/41/Cloud/x86_64/images/Fedora-Cloud-Base-Vagrant-libvirt-41-1.4.x86_64.vagrant.libvirt.box" - config.vm.provider :virtualbox do |v| - v.memory = 2048 - v.cpus = 2 - end - config.vm.provider :libvirt do |v| - v.memory = 2048 - v.cpus = 2 - end - config.vm.provision "shell", inline: <<-SHELL - set -e -u -o pipefail - DNF_OPTS="-y --setopt=install_weak_deps=False --setopt=tsflags=nodocs --exclude=kernel,kernel-core" - RPMS="bats git-core glibc-static golang jq libseccomp-devel make" - # Work around dnf mirror failures by retrying a few times. - for i in $(seq 0 2); do - sleep $i - dnf $DNF_OPTS update && dnf $DNF_OPTS install $RPMS && break - done - dnf clean all - - # To avoid "avc: denied { nosuid_transition }" from SELinux as we run tests on /tmp. - mount -o remount,suid /tmp - - # Prevent the "fatal: unsafe repository" git complain during build. - git config --global --add safe.directory /vagrant - - # Add a user for rootless tests - useradd -u2000 -m -d/home/rootless -s/bin/bash rootless - - # Allow root and rootless itself to execute `ssh rootless@localhost` in tests/rootless.sh - ssh-keygen -t ecdsa -N "" -f /root/rootless.key - mkdir -m 0700 -p /home/rootless/.ssh - cp /root/rootless.key /home/rootless/.ssh/id_ecdsa - cat /root/rootless.key.pub >> /home/rootless/.ssh/authorized_keys - chown -R rootless.rootless /home/rootless - - # Delegate cgroup v2 controllers to rootless user via --systemd-cgroup - mkdir -p /etc/systemd/system/user@.service.d - cat > /etc/systemd/system/user@.service.d/delegate.conf << EOF -[Service] -# default: Delegate=pids memory -# NOTE: delegation of cpuset requires systemd >= 244 (Fedora >= 32, Ubuntu >= 20.04). -Delegate=yes -EOF - systemctl daemon-reload - SHELL -end diff --git a/script/setup_host_fedora.sh b/script/setup_host_fedora.sh new file mode 100755 index 00000000000..c5744324d05 --- /dev/null +++ b/script/setup_host_fedora.sh @@ -0,0 +1,35 @@ +#!/bin/bash +set -eux -o pipefail +DNF_OPTS="-y --setopt=install_weak_deps=False --setopt=tsflags=nodocs --exclude=kernel,kernel-core" +RPMS="bats git-core glibc-static golang jq libseccomp-devel make" +# Work around dnf mirror failures by retrying a few times. +for i in $(seq 0 2); do + sleep "$i" + # shellcheck disable=SC2086 + dnf $DNF_OPTS update && dnf $DNF_OPTS install $RPMS && break +done +dnf clean all + +# To avoid "avc: denied { nosuid_transition }" from SELinux as we run tests on /tmp. +mount -o remount,suid /tmp + +# Add a user for rootless tests +useradd -u2000 -m -d/home/rootless -s/bin/bash rootless + +# Allow root and rootless itself to execute `ssh rootless@localhost` in tests/rootless.sh +ssh-keygen -t ecdsa -N "" -f /root/rootless.key +# shellcheck disable=SC2174 +mkdir -m 0700 -p /home/rootless/.ssh +cp /root/rootless.key /home/rootless/.ssh/id_ecdsa +cat /root/rootless.key.pub >>/home/rootless/.ssh/authorized_keys +chown -R rootless.rootless /home/rootless + +# Delegate cgroup v2 controllers to rootless user via --systemd-cgroup +mkdir -p /etc/systemd/system/user@.service.d +cat >/etc/systemd/system/user@.service.d/delegate.conf <= 244 (Fedora >= 32, Ubuntu >= 20.04). +Delegate=yes +EOF +systemctl daemon-reload From 346c80d714c3445fc977a1b72293eac49adf1f5f Mon Sep 17 00:00:00 2001 From: lfbzhm Date: Fri, 8 Nov 2024 01:43:24 +0000 Subject: [PATCH 0861/1176] libct: replace unix.Kill with os.Process.Signal Because we should switch to unix.PidFDSendSignal in new kernels, it has been supported in go runtime. We don't need to add fall back to unix.Kill code here. Signed-off-by: lifubang Signed-off-by: Kir Kolyshkin --- libcontainer/process_linux.go | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/libcontainer/process_linux.go b/libcontainer/process_linux.go index 88861f0a94d..5ac574bdeff 100644 --- a/libcontainer/process_linux.go +++ b/libcontainer/process_linux.go @@ -116,11 +116,7 @@ func (p *containerProcess) startTime() (uint64, error) { } func (p *containerProcess) signal(sig os.Signal) error { - s, ok := sig.(unix.Signal) - if !ok { - return errors.New("os: unsupported signal type") - } - return unix.Kill(p.pid(), s) + return p.cmd.Process.Signal(sig) } func (p *containerProcess) externalDescriptors() []string { From 1afa1b8662349d4c1ec1f8159aa5f022596a651f Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 7 Mar 2025 13:10:54 -0800 Subject: [PATCH 0862/1176] signals: replace unix.Kill with process.Signal This way, given a recent Go and Linux version, pidfd_send_signal will be used under the hood. Keep unix.Signal and unix.SignalName for logging (it is way more readable than what os.Signal.String() provides). Signed-off-by: Kir Kolyshkin --- signals.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/signals.go b/signals.go index a992dc4abeb..936d751f61f 100644 --- a/signals.go +++ b/signals.go @@ -114,7 +114,7 @@ func (h *signalHandler) forward(process *libcontainer.Process, tty *tty, detach default: us := s.(unix.Signal) logrus.Debugf("forwarding signal %d (%s) to %d", int(us), unix.SignalName(us), pid1) - if err := unix.Kill(pid1, us); err != nil { + if err := process.Signal(s); err != nil { logrus.Error(err) } } From 1d9bea537812e3a1ac18b072bd3ef5faab5f17fb Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 10 Mar 2025 14:20:41 -0700 Subject: [PATCH 0863/1176] .cirrus.yml: install less dependencies In a nutshell: - use git-core instead of git; - do not install weak deps; - do not install docs. This results in less packages to install: - 25 instead of 72 for almalinux-8 - 24 instead of 90 for almalinux-9 Signed-off-by: Kir Kolyshkin --- .cirrus.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.cirrus.yml b/.cirrus.yml index cae54569fc9..9123e678906 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -13,7 +13,7 @@ task: CIRRUS_WORKING_DIR: /home/runc GO_VER_PREFIX: "1.24." BATS_VERSION: "v1.9.0" - RPMS: gcc git iptables jq glibc-static libseccomp-devel make criu fuse-sshfs container-selinux + RPMS: gcc git-core iptables jq glibc-static libseccomp-devel make criu fuse-sshfs container-selinux # yamllint disable rule:key-duplicates matrix: DISTRO: almalinux-8 @@ -46,7 +46,7 @@ task: # Work around dnf mirror failures by retrying a few times. for i in $(seq 0 2); do sleep $i - yum install -y $RPMS && break + yum install -y --setopt=install_weak_deps=False --setopt=tsflags=nodocs $RPMS && break done [ $? -eq 0 ] # fail if yum failed From 5ac77ed6d9451cd6c985f3959142e6968dc64f9f Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 12 Mar 2025 14:39:57 -0700 Subject: [PATCH 0864/1176] libct/int: add/use needUserNS helper Signed-off-by: Kir Kolyshkin --- libcontainer/integration/exec_test.go | 19 ++++--------------- libcontainer/integration/execin_test.go | 9 ++------- libcontainer/integration/utils_test.go | 8 ++++++++ 3 files changed, 14 insertions(+), 22 deletions(-) diff --git a/libcontainer/integration/exec_test.go b/libcontainer/integration/exec_test.go index f18dd50f225..2d58ccc4b01 100644 --- a/libcontainer/integration/exec_test.go +++ b/libcontainer/integration/exec_test.go @@ -3,7 +3,6 @@ package integration import ( "bytes" "encoding/json" - "errors" "fmt" "os" "os/exec" @@ -30,9 +29,7 @@ func TestExecPS(t *testing.T) { } func TestUsernsExecPS(t *testing.T) { - if _, err := os.Stat("/proc/self/ns/user"); os.IsNotExist(err) { - t.Skip("Test requires userns.") - } + needUserNS(t) testExecPS(t, true) } @@ -122,10 +119,7 @@ func TestRlimit(t *testing.T) { } func TestUsernsRlimit(t *testing.T) { - if _, err := os.Stat("/proc/self/ns/user"); os.IsNotExist(err) { - t.Skip("Test requires userns.") - } - + needUserNS(t) testRlimit(t, true) } @@ -1515,9 +1509,7 @@ func TestInitJoinPID(t *testing.T) { } func TestInitJoinNetworkAndUser(t *testing.T) { - if _, err := os.Stat("/proc/self/ns/user"); os.IsNotExist(err) { - t.Skip("Test requires userns.") - } + needUserNS(t) if testing.Short() { return } @@ -1764,10 +1756,7 @@ next_fd: // Test that a container using user namespaces is able to bind mount a folder // that does not have permissions for group/others. func TestBindMountAndUser(t *testing.T) { - if _, err := os.Stat("/proc/self/ns/user"); errors.Is(err, os.ErrNotExist) { - t.Skip("userns is unsupported") - } - + needUserNS(t) if testing.Short() { return } diff --git a/libcontainer/integration/execin_test.go b/libcontainer/integration/execin_test.go index aa7c01548b6..e6be1f54492 100644 --- a/libcontainer/integration/execin_test.go +++ b/libcontainer/integration/execin_test.go @@ -69,10 +69,7 @@ func TestExecIn(t *testing.T) { } func TestExecInUsernsRlimit(t *testing.T) { - if _, err := os.Stat("/proc/self/ns/user"); os.IsNotExist(err) { - t.Skip("Test requires userns.") - } - + needUserNS(t) testExecInRlimit(t, true) } @@ -502,9 +499,7 @@ func TestExecInOomScoreAdj(t *testing.T) { } func TestExecInUserns(t *testing.T) { - if _, err := os.Stat("/proc/self/ns/user"); os.IsNotExist(err) { - t.Skip("Test requires userns.") - } + needUserNS(t) if testing.Short() { return } diff --git a/libcontainer/integration/utils_test.go b/libcontainer/integration/utils_test.go index 9b4121bc5d6..d73fc68063b 100644 --- a/libcontainer/integration/utils_test.go +++ b/libcontainer/integration/utils_test.go @@ -2,6 +2,7 @@ package integration import ( "bytes" + "errors" "fmt" "os" "os/exec" @@ -231,3 +232,10 @@ func runContainerOk(t testing.TB, config *configs.Config, args ...string) *stdBu func destroyContainer(container *libcontainer.Container) { _ = container.Destroy() } + +func needUserNS(t testing.TB) { + t.Helper() + if _, err := os.Stat("/proc/self/ns/user"); errors.Is(err, os.ErrNotExist) { + t.Skip("Test requires userns.") + } +} From 9aeb7905cfa14656b52acd6a504edd769b60be66 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 13 Mar 2025 08:11:38 -0700 Subject: [PATCH 0865/1176] tests/int/selinux: fix skip message It was a mistake to say that SELinux need to be in the enforcing mode for these tests to run. It only needs to be enabled. Signed-off-by: Kir Kolyshkin --- tests/integration/selinux.bats | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/integration/selinux.bats b/tests/integration/selinux.bats index 84b2368b936..53a3ea7281e 100644 --- a/tests/integration/selinux.bats +++ b/tests/integration/selinux.bats @@ -5,7 +5,7 @@ load helpers function setup() { requires root # for chcon if ! selinuxenabled; then - skip "requires SELinux enabled and in enforcing mode" + skip "requires SELinux enabled" fi setup_busybox From 539315534ffaa94dd05f870f4e353a62bf4f779d Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 13 Mar 2025 08:27:47 -0700 Subject: [PATCH 0866/1176] libct: log a warning on join session keyring failure This addresses a TODO item added by commit 40f146841 ("keyring: handle ENOSYS with keyctl(KEYCTL_JOIN_SESSION_KEYRING)"), as we do have runc init logging working fine for quite some time. While at it, fix a typo in a comment (standart -> standard). Signed-off-by: Kir Kolyshkin --- libcontainer/setns_init_linux.go | 5 ++--- libcontainer/standard_init_linux.go | 4 +--- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/libcontainer/setns_init_linux.go b/libcontainer/setns_init_linux.go index 0a79f197e6d..cb5348731b2 100644 --- a/libcontainer/setns_init_linux.go +++ b/libcontainer/setns_init_linux.go @@ -39,10 +39,9 @@ func (l *linuxSetnsInit) Init() error { defer selinux.SetKeyLabel("") //nolint: errcheck // Do not inherit the parent's session keyring. if _, err := keys.JoinSessionKeyring(l.getSessionRingName()); err != nil { - // Same justification as in standart_init_linux.go as to why we + logrus.Warnf("KeyctlJoinSessionKeyring: %v", err) + // Same justification as in standard_init_linux.go as to why we // don't bail on ENOSYS. - // - // TODO(cyphar): And we should have logging here too. if !errors.Is(err, unix.ENOSYS) { return fmt.Errorf("unable to join session keyring: %w", err) } diff --git a/libcontainer/standard_init_linux.go b/libcontainer/standard_init_linux.go index 384750bf837..fb784ef4cc5 100644 --- a/libcontainer/standard_init_linux.go +++ b/libcontainer/standard_init_linux.go @@ -55,14 +55,12 @@ func (l *linuxStandardInit) Init() error { // Do not inherit the parent's session keyring. if sessKeyId, err := keys.JoinSessionKeyring(ringname); err != nil { + logrus.Warnf("KeyctlJoinSessionKeyring: %v", err) // If keyrings aren't supported then it is likely we are on an // older kernel (or inside an LXC container). While we could bail, // the security feature we are using here is best-effort (it only // really provides marginal protection since VFS credentials are // the only significant protection of keyrings). - // - // TODO(cyphar): Log this so people know what's going on, once we - // have proper logging in 'runc init'. if !errors.Is(err, unix.ENOSYS) { return fmt.Errorf("unable to join session keyring: %w", err) } From 6e5ffb7cbc57aae6ff80eeae78497d4f8c67d6f8 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 10 Mar 2025 11:58:23 -0700 Subject: [PATCH 0867/1176] Makefile: bump shfmt to v3.11.0 Signed-off-by: Kir Kolyshkin --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 39c1ef918d4..5c03dd760b6 100644 --- a/Makefile +++ b/Makefile @@ -221,7 +221,7 @@ shellcheck: shfmt: $(CONTAINER_ENGINE) run $(CONTAINER_ENGINE_RUN_FLAGS) \ --rm -v $(CURDIR):/src -w /src \ - mvdan/shfmt:v3.5.1 -d -w . + mvdan/shfmt:v3.11.0 -d -w . .PHONY: localshfmt localshfmt: From b48dd65114ea6c1fa4b8c42abbdf9ec055141feb Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 10 Mar 2025 12:43:08 -0700 Subject: [PATCH 0868/1176] ci: bump shellcheck to v0.10.0 Signed-off-by: Kir Kolyshkin --- .github/workflows/validate.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index a5c8fbad67c..b3ac384d337 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -108,9 +108,9 @@ jobs: - uses: actions/checkout@v4 - name: install shellcheck env: - VERSION: v0.9.0 + VERSION: v0.10.0 BASEURL: https://github.com/koalaman/shellcheck/releases/download - SHA256: 7087178d54de6652b404c306233264463cb9e7a9afeb259bb663cc4dbfd64149 + SHA256: f35ae15a4677945428bdfe61ccc297490d89dd1e544cc06317102637638c6deb run: | mkdir ~/bin curl -sSfL --retry 5 $BASEURL/$VERSION/shellcheck-$VERSION.linux.x86_64.tar.xz | From af386d1df13c1e4e8c2a626df5fa43c8dd126e38 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 10 Mar 2025 14:11:37 -0700 Subject: [PATCH 0869/1176] tests/int: rm some "shellcheck disable" annotations Those are no longer needed with shellcheck v0.10.0 (possibly with an earlier version, too, but I am too lazy to check that). While at it, fix a typo in the comment. Signed-off-by: Kir Kolyshkin --- tests/integration/hooks.bats | 2 -- tests/integration/run.bats | 4 ---- tests/integration/seccomp-notify.bats | 2 +- tests/integration/tty.bats | 1 - 4 files changed, 1 insertion(+), 8 deletions(-) diff --git a/tests/integration/hooks.bats b/tests/integration/hooks.bats index 8b53a780d67..854fc4b832a 100644 --- a/tests/integration/hooks.bats +++ b/tests/integration/hooks.bats @@ -21,7 +21,6 @@ function teardown() { @test "runc create [hook fails]" { for hook in prestart createRuntime createContainer; do echo "testing hook $hook" - # shellcheck disable=SC2016 update_config '.hooks |= {"'$hook'": [{"path": "/bin/true"}, {"path": "/bin/false"}]}' runc create --console-socket "$CONSOLE_SOCKET" test_hooks [ "$status" -ne 0 ] @@ -34,7 +33,6 @@ function teardown() { # All hooks except Poststop. for hook in prestart createRuntime createContainer startContainer poststart; do echo "testing hook $hook" - # shellcheck disable=SC2016 update_config '.hooks |= {"'$hook'": [{"path": "/bin/true"}, {"path": "/bin/false"}]}' runc run "test_hook-$hook" [[ "$output" != "Hello World" ]] diff --git a/tests/integration/run.bats b/tests/integration/run.bats index 8a96d55c276..86d016dc298 100644 --- a/tests/integration/run.bats +++ b/tests/integration/run.bats @@ -84,7 +84,6 @@ function teardown() { chmod 'a=rwx,ug+s,+t' rootfs/tmp # set all bits mode=$(stat -c %A rootfs/tmp) - # shellcheck disable=SC2016 update_config '.process.args = ["sh", "-c", "stat -c %A /tmp"]' update_config '.mounts += [{"destination": "/tmp", "type": "tmpfs", "source": "tmpfs", "options":["noexec","nosuid","nodev","rprivate"]}]' @@ -94,7 +93,6 @@ function teardown() { } @test "runc run with tmpfs perms" { - # shellcheck disable=SC2016 update_config '.process.args = ["sh", "-c", "stat -c %a /tmp/test"]' update_config '.mounts += [{"destination": "/tmp/test", "type": "tmpfs", "source": "tmpfs", "options": ["mode=0444"]}]' @@ -113,14 +111,12 @@ function teardown() { # so it should use the directory's perms. update_config '.mounts[-1].options = []' chmod 0710 rootfs/tmp/test - # shellcheck disable=SC2016 runc run test_tmpfs [ "$status" -eq 0 ] [ "${lines[0]}" = "710" ] # Add back the mode on the mount, and it should use that instead. # Just for fun, use different perms than was used earlier. - # shellcheck disable=SC2016 update_config '.mounts[-1].options = ["mode=0410"]' runc run test_tmpfs [ "$status" -eq 0 ] diff --git a/tests/integration/seccomp-notify.bats b/tests/integration/seccomp-notify.bats index fcbd5664907..b6992e5752a 100644 --- a/tests/integration/seccomp-notify.bats +++ b/tests/integration/seccomp-notify.bats @@ -183,7 +183,7 @@ function scmp_act_notify_template() { @test "runc run [seccomp] (SCMP_ACT_NOTIFY startContainer hook)" { # shellcheck disable=SC2016 # We use single quotes to properly delimit the $1 param to - # update_config(), but this shellshcheck is quite silly and fails if the + # update_config(), but shellcheck is quite silly and fails if the # multi-line string includes some $var (even when it is properly outside of the # single quotes) or when we use this syntax to execute commands in the # string: $(command). diff --git a/tests/integration/tty.bats b/tests/integration/tty.bats index 53d3c23f17c..d1180a6bc26 100644 --- a/tests/integration/tty.bats +++ b/tests/integration/tty.bats @@ -123,7 +123,6 @@ function teardown() { # replace "uid": 0 with "uid": 1000 # and do a similar thing for gid. - # shellcheck disable=SC2016 update_config ' (.. | select(.uid? == 0)) .uid |= 1000 | (.. | select(.gid? == 0)) .gid |= 100' From a76a1361b4fc5afc2029c8f54bae9e85e7af8a5c Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 10 Mar 2025 13:48:53 -0700 Subject: [PATCH 0870/1176] script/setup_host_fedora.sh: remove -p from mkdir 1. There is no need to have -p option in mkdir here, since /home/rootless was already created by useradd above. 2. When there is no -p, there is no need to suppress the shellcheck warning (which looked like this): > In script/setup_host_fedora.sh line 21: > mkdir -m 0700 -p /home/rootless/.ssh > ^-- SC2174 (warning): When used with -p, -m only applies to the deepest directory. Signed-off-by: Kir Kolyshkin --- script/setup_host_fedora.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/script/setup_host_fedora.sh b/script/setup_host_fedora.sh index c5744324d05..7a1cfa7a0ed 100755 --- a/script/setup_host_fedora.sh +++ b/script/setup_host_fedora.sh @@ -18,8 +18,7 @@ useradd -u2000 -m -d/home/rootless -s/bin/bash rootless # Allow root and rootless itself to execute `ssh rootless@localhost` in tests/rootless.sh ssh-keygen -t ecdsa -N "" -f /root/rootless.key -# shellcheck disable=SC2174 -mkdir -m 0700 -p /home/rootless/.ssh +mkdir -m 0700 /home/rootless/.ssh cp /root/rootless.key /home/rootless/.ssh/id_ecdsa cat /root/rootless.key.pub >>/home/rootless/.ssh/authorized_keys chown -R rootless.rootless /home/rootless From 8e653e40c6e4af12273155e73249f1b4e964eb71 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 10 Mar 2025 13:57:57 -0700 Subject: [PATCH 0871/1176] script/setup_host_fedora.sh: use bash arrays This makes the code more robust and allows to remove the "shellcheck disable=SC2086" annotation. Signed-off-by: Kir Kolyshkin --- script/setup_host_fedora.sh | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/script/setup_host_fedora.sh b/script/setup_host_fedora.sh index 7a1cfa7a0ed..46d24040980 100755 --- a/script/setup_host_fedora.sh +++ b/script/setup_host_fedora.sh @@ -1,12 +1,11 @@ #!/bin/bash set -eux -o pipefail -DNF_OPTS="-y --setopt=install_weak_deps=False --setopt=tsflags=nodocs --exclude=kernel,kernel-core" -RPMS="bats git-core glibc-static golang jq libseccomp-devel make" +DNF=(dnf -y --setopt=install_weak_deps=False --setopt=tsflags=nodocs --exclude="kernel,kernel-core") +RPMS=(bats git-core glibc-static golang jq libseccomp-devel make) # Work around dnf mirror failures by retrying a few times. for i in $(seq 0 2); do sleep "$i" - # shellcheck disable=SC2086 - dnf $DNF_OPTS update && dnf $DNF_OPTS install $RPMS && break + "${DNF[@]}" update && "${DNF[@]}" install "${RPMS[@]}" && break done dnf clean all From d31e6b87cad915c0792d2f54d21c09822885333f Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 10 Mar 2025 14:23:11 -0700 Subject: [PATCH 0872/1176] ci: bump bats to v0.11.0 This is the version available from Fedora 41. Signed-off-by: Kir Kolyshkin --- .cirrus.yml | 2 +- Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.cirrus.yml b/.cirrus.yml index 9123e678906..5904c7a59c2 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -12,7 +12,7 @@ task: HOME: /root CIRRUS_WORKING_DIR: /home/runc GO_VER_PREFIX: "1.24." - BATS_VERSION: "v1.9.0" + BATS_VERSION: "v1.11.0" RPMS: gcc git-core iptables jq glibc-static libseccomp-devel make criu fuse-sshfs container-selinux # yamllint disable rule:key-duplicates matrix: diff --git a/Dockerfile b/Dockerfile index 692001a95bc..5c3b933b38e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ ARG GO_VERSION=1.23 -ARG BATS_VERSION=v1.9.0 +ARG BATS_VERSION=v1.11.0 ARG LIBSECCOMP_VERSION=2.5.6 FROM golang:${GO_VERSION}-bookworm From 9c5e687b6ffed514b0b2c7504d90507be4037e98 Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Thu, 6 Mar 2025 15:02:50 +0100 Subject: [PATCH 0873/1176] libct: Use chown(uid, -1) to not change the gid There is no behavior change, it is just more readable to use -1 to mean don't touch this. Please note that if the GID is not mapped in the userns, by using -1 for that no error is returned. We just avoid dealing with it completely, as we want here. Signed-off-by: Rodrigo Campos --- libcontainer/init_linux.go | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go index 8c30aae9531..ef7b0cf136e 100644 --- a/libcontainer/init_linux.go +++ b/libcontainer/init_linux.go @@ -524,16 +524,17 @@ func fixStdioPermissions(uid int) error { // that users expect to be able to actually use their console. Without // this code, you couldn't effectively run as a non-root user inside a // container and also have a console set up. - if err := file.Chown(uid, int(s.Gid)); err != nil { - // If we've hit an EINVAL then s.Gid isn't mapped in the user - // namespace. If we've hit an EPERM then the inode's current owner + if err := file.Chown(uid, -1); err != nil { + // If we've hit an EPERM then the inode's current owner // is not mapped in our user namespace (in particular, // privileged_wrt_inode_uidgid() has failed). Read-only // /dev can result in EROFS error. In any case, it's // better for us to just not touch the stdio rather // than bail at this point. - - if errors.Is(err, unix.EINVAL) || errors.Is(err, unix.EPERM) || errors.Is(err, unix.EROFS) { + // EINVAL should never happen, as it would mean the uid + // is not mapped, we expect this function to be called + // with a mapped uid. + if errors.Is(err, unix.EPERM) || errors.Is(err, unix.EROFS) { continue } return err From 3a33b6a3df99fee4c5b7c421c6a893e8b9622bc0 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 19 Mar 2025 14:55:06 -0700 Subject: [PATCH 0874/1176] Make state.json 25% smaller This makes the state.json file 1303 bytes or almost 25% smaller (when using the default spec, YMMV) by omitting default values. Before: 5496 bytes After: 4193 bytes (With cgroups#9 applied, the new size is 3424, which is almost 40% savings, compared to the original). Signed-off-by: Kir Kolyshkin --- libcontainer/configs/config.go | 76 ++++++++++++------------ libcontainer/configs/mount_linux.go | 18 +++--- libcontainer/configs/namespaces_linux.go | 2 +- libcontainer/configs/network.go | 44 +++++++------- libcontainer/container_linux.go | 12 ++-- 5 files changed, 76 insertions(+), 76 deletions(-) diff --git a/libcontainer/configs/config.go b/libcontainer/configs/config.go index e21971554bc..346fb9e5e3c 100644 --- a/libcontainer/configs/config.go +++ b/libcontainer/configs/config.go @@ -92,69 +92,69 @@ type Syscall struct { // Config defines configuration options for executing a process inside a contained environment. type Config struct { // NoPivotRoot will use MS_MOVE and a chroot to jail the process into the container's rootfs - // This is a common option when the container is running in ramdisk - NoPivotRoot bool `json:"no_pivot_root"` + // This is a common option when the container is running in ramdisk. + NoPivotRoot bool `json:"no_pivot_root,omitempty"` // ParentDeathSignal specifies the signal that is sent to the container's process in the case // that the parent process dies. - ParentDeathSignal int `json:"parent_death_signal"` + ParentDeathSignal int `json:"parent_death_signal,omitempty"` // Path to a directory containing the container's root filesystem. Rootfs string `json:"rootfs"` // Umask is the umask to use inside of the container. - Umask *uint32 `json:"umask"` + Umask *uint32 `json:"umask,omitempty"` // Readonlyfs will remount the container's rootfs as readonly where only externally mounted // bind mounts are writtable. - Readonlyfs bool `json:"readonlyfs"` + Readonlyfs bool `json:"readonlyfs,omitempty"` // Specifies the mount propagation flags to be applied to /. - RootPropagation int `json:"rootPropagation"` + RootPropagation int `json:"rootPropagation,omitempty"` // Mounts specify additional source and destination paths that will be mounted inside the container's - // rootfs and mount namespace if specified + // rootfs and mount namespace if specified. Mounts []*Mount `json:"mounts"` // The device nodes that should be automatically created within the container upon container start. Note, make sure that the node is marked as allowed in the cgroup as well! Devices []*devices.Device `json:"devices"` - MountLabel string `json:"mount_label"` + MountLabel string `json:"mount_label,omitempty"` - // Hostname optionally sets the container's hostname if provided - Hostname string `json:"hostname"` + // Hostname optionally sets the container's hostname if provided. + Hostname string `json:"hostname,omitempty"` - // Domainname optionally sets the container's domainname if provided - Domainname string `json:"domainname"` + // Domainname optionally sets the container's domainname if provided. + Domainname string `json:"domainname,omitempty"` // Namespaces specifies the container's namespaces that it should setup when cloning the init process - // If a namespace is not provided that namespace is shared from the container's parent process + // If a namespace is not provided that namespace is shared from the container's parent process. Namespaces Namespaces `json:"namespaces"` // Capabilities specify the capabilities to keep when executing the process inside the container - // All capabilities not specified will be dropped from the processes capability mask - Capabilities *Capabilities `json:"capabilities"` + // All capabilities not specified will be dropped from the processes capability mask. + Capabilities *Capabilities `json:"capabilities,omitempty"` - // Networks specifies the container's network setup to be created - Networks []*Network `json:"networks"` + // Networks specifies the container's network setup to be created. + Networks []*Network `json:"networks,omitempty"` - // Routes can be specified to create entries in the route table as the container is started - Routes []*Route `json:"routes"` + // Routes can be specified to create entries in the route table as the container is started. + Routes []*Route `json:"routes,omitempty"` // Cgroups specifies specific cgroup settings for the various subsystems that the container is - // placed into to limit the resources the container has available + // placed into to limit the resources the container has available. Cgroups *Cgroup `json:"cgroups"` // AppArmorProfile specifies the profile to apply to the process running in the container and is - // change at the time the process is execed + // change at the time the process is executed. AppArmorProfile string `json:"apparmor_profile,omitempty"` // ProcessLabel specifies the label to apply to the process running in the container. It is - // commonly used by selinux + // commonly used by selinux. ProcessLabel string `json:"process_label,omitempty"` // Rlimits specifies the resource limits, such as max open files, to set in the container - // If Rlimits are not set, the container will inherit rlimits from the parent process + // If Rlimits are not set, the container will inherit rlimits from the parent process. Rlimits []Rlimit `json:"rlimits,omitempty"` // OomScoreAdj specifies the adjustment to be made by the kernel when calculating oom scores @@ -164,35 +164,35 @@ type Config struct { // More information about kernel oom score calculation here: https://lwn.net/Articles/317814/ OomScoreAdj *int `json:"oom_score_adj,omitempty"` - // UIDMappings is an array of User ID mappings for User Namespaces - UIDMappings []IDMap `json:"uid_mappings"` + // UIDMappings is an array of User ID mappings for User Namespaces. + UIDMappings []IDMap `json:"uid_mappings,omitempty"` - // GIDMappings is an array of Group ID mappings for User Namespaces - GIDMappings []IDMap `json:"gid_mappings"` + // GIDMappings is an array of Group ID mappings for User Namespaces. + GIDMappings []IDMap `json:"gid_mappings,omitempty"` // MaskPaths specifies paths within the container's rootfs to mask over with a bind // mount pointing to /dev/null as to prevent reads of the file. - MaskPaths []string `json:"mask_paths"` + MaskPaths []string `json:"mask_paths,omitempty"` // ReadonlyPaths specifies paths within the container's rootfs to remount as read-only // so that these files prevent any writes. - ReadonlyPaths []string `json:"readonly_paths"` + ReadonlyPaths []string `json:"readonly_paths,omitempty"` // Sysctl is a map of properties and their values. It is the equivalent of using // sysctl -w my.property.name value in Linux. - Sysctl map[string]string `json:"sysctl"` + Sysctl map[string]string `json:"sysctl,omitempty"` // Seccomp allows actions to be taken whenever a syscall is made within the container. // A number of rules are given, each having an action to be taken if a syscall matches it. // A default action to be taken if no rules match is also given. - Seccomp *Seccomp `json:"seccomp"` + Seccomp *Seccomp `json:"seccomp,omitempty"` // NoNewPrivileges controls whether processes in the container can gain additional privileges. NoNewPrivileges bool `json:"no_new_privileges,omitempty"` // Hooks are a collection of actions to perform at various container lifecycle events. // CommandHooks are serialized to JSON, but other hooks are not. - Hooks Hooks + Hooks Hooks `json:"Hooks,omitempty"` // Version is the version of opencontainer specification that is supported. Version string `json:"version"` @@ -202,7 +202,7 @@ type Config struct { // NoNewKeyring will not allocated a new session keyring for the container. It will use the // callers keyring in this case. - NoNewKeyring bool `json:"no_new_keyring"` + NoNewKeyring bool `json:"no_new_keyring,omitempty"` // IntelRdt specifies settings for Intel RDT group that the container is placed into // to limit the resources (e.g., L3 cache, memory bandwidth) the container has available @@ -445,15 +445,15 @@ func KnownHookNames() []string { type Capabilities struct { // Bounding is the set of capabilities checked by the kernel. - Bounding []string + Bounding []string `json:"Bounding,omitempty"` // Effective is the set of capabilities checked by the kernel. - Effective []string + Effective []string `json:"Effective,omitempty"` // Inheritable is the capabilities preserved across execve. - Inheritable []string + Inheritable []string `json:"Inheritable,omitempty"` // Permitted is the limiting superset for effective capabilities. - Permitted []string + Permitted []string `json:"Permitted,omitempty"` // Ambient is the ambient set of capabilities that are kept. - Ambient []string + Ambient []string `json:"Ambient,omitempty"` } // Deprecated: use (Hooks).Run instead. diff --git a/libcontainer/configs/mount_linux.go b/libcontainer/configs/mount_linux.go index b69e9ab238e..87b18bac3d2 100644 --- a/libcontainer/configs/mount_linux.go +++ b/libcontainer/configs/mount_linux.go @@ -4,7 +4,7 @@ import "golang.org/x/sys/unix" type MountIDMapping struct { // Recursive indicates if the mapping needs to be recursive. - Recursive bool `json:"recursive"` + Recursive bool `json:"recursive,omitempty"` // UserNSPath is a path to a user namespace that indicates the necessary // id-mappings for MOUNT_ATTR_IDMAP. If set to non-"", UIDMappings and @@ -31,26 +31,26 @@ type Mount struct { Device string `json:"device"` // Mount flags. - Flags int `json:"flags"` + Flags int `json:"flags,omitempty"` // Mount flags that were explicitly cleared in the configuration (meaning // the user explicitly requested that these flags *not* be set). - ClearedFlags int `json:"cleared_flags"` + ClearedFlags int `json:"cleared_flags,omitempty"` - // Propagation Flags - PropagationFlags []int `json:"propagation_flags"` + // Propagation flags. + PropagationFlags []int `json:"propagation_flags,omitempty"` // Mount data applied to the mount. - Data string `json:"data"` + Data string `json:"data,omitempty"` // Relabel source if set, "z" indicates shared, "Z" indicates unshared. - Relabel string `json:"relabel"` + Relabel string `json:"relabel,omitempty"` // RecAttr represents mount properties to be applied recursively (AT_RECURSIVE), see mount_setattr(2). - RecAttr *unix.MountAttr `json:"rec_attr"` + RecAttr *unix.MountAttr `json:"rec_attr,omitempty"` // Extensions are additional flags that are specific to runc. - Extensions int `json:"extensions"` + Extensions int `json:"extensions,omitempty"` // Mapping is the MOUNT_ATTR_IDMAP configuration for the mount. If non-nil, // the mount is configured to use MOUNT_ATTR_IDMAP-style id mappings. diff --git a/libcontainer/configs/namespaces_linux.go b/libcontainer/configs/namespaces_linux.go index 898f96fd0f5..5740fb79424 100644 --- a/libcontainer/configs/namespaces_linux.go +++ b/libcontainer/configs/namespaces_linux.go @@ -86,7 +86,7 @@ func NamespaceTypes() []NamespaceType { // alternate path that is able to be joined via setns. type Namespace struct { Type NamespaceType `json:"type"` - Path string `json:"path"` + Path string `json:"path,omitempty"` } func (n *Namespace) GetPath(pid int) string { diff --git a/libcontainer/configs/network.go b/libcontainer/configs/network.go index c44c3ea71b8..aeac2efb347 100644 --- a/libcontainer/configs/network.go +++ b/libcontainer/configs/network.go @@ -5,49 +5,49 @@ package configs // The network configuration can be omitted from a container causing the // container to be setup with the host's networking stack type Network struct { - // Type sets the networks type, commonly veth and loopback + // Type sets the networks type, commonly veth and loopback. Type string `json:"type"` - // Name of the network interface - Name string `json:"name"` + // Name of the network interface. + Name string `json:"name,omitempty"` // The bridge to use. - Bridge string `json:"bridge"` + Bridge string `json:"bridge,omitempty"` - // MacAddress contains the MAC address to set on the network interface - MacAddress string `json:"mac_address"` + // MacAddress contains the MAC address to set on the network interface. + MacAddress string `json:"mac_address,omitempty"` - // Address contains the IPv4 and mask to set on the network interface - Address string `json:"address"` + // Address contains the IPv4 and mask to set on the network interface. + Address string `json:"address,omitempty"` - // Gateway sets the gateway address that is used as the default for the interface - Gateway string `json:"gateway"` + // Gateway sets the gateway address that is used as the default for the interface. + Gateway string `json:"gateway,omitempty"` - // IPv6Address contains the IPv6 and mask to set on the network interface - IPv6Address string `json:"ipv6_address"` + // IPv6Address contains the IPv6 and mask to set on the network interface. + IPv6Address string `json:"ipv6_address,omitempty"` - // IPv6Gateway sets the ipv6 gateway address that is used as the default for the interface - IPv6Gateway string `json:"ipv6_gateway"` + // IPv6Gateway sets the ipv6 gateway address that is used as the default for the interface. + IPv6Gateway string `json:"ipv6_gateway,omitempty"` // Mtu sets the mtu value for the interface and will be mirrored on both the host and // container's interfaces if a pair is created, specifically in the case of type veth // Note: This does not apply to loopback interfaces. - Mtu int `json:"mtu"` + Mtu int `json:"mtu,omitempty"` // TxQueueLen sets the tx_queuelen value for the interface and will be mirrored on both the host and // container's interfaces if a pair is created, specifically in the case of type veth // Note: This does not apply to loopback interfaces. - TxQueueLen int `json:"txqueuelen"` + TxQueueLen int `json:"txqueuelen,omitempty"` // HostInterfaceName is a unique name of a veth pair that resides on in the host interface of the // container. - HostInterfaceName string `json:"host_interface_name"` + HostInterfaceName string `json:"host_interface_name,omitempty"` // HairpinMode specifies if hairpin NAT should be enabled on the virtual interface // bridge port in the case of type veth // Note: This is unsupported on some systems. // Note: This does not apply to loopback interfaces. - HairpinMode bool `json:"hairpin_mode"` + HairpinMode bool `json:"hairpin_mode,omitempty"` } // Route defines a routing table entry. @@ -62,14 +62,14 @@ type Network struct { // destination of 0.0.0.0(or *) when viewed in the route table. type Route struct { // Destination specifies the destination IP address and mask in the CIDR form. - Destination string `json:"destination"` + Destination string `json:"destination,omitempty"` // Source specifies the source IP address and mask in the CIDR form. - Source string `json:"source"` + Source string `json:"source,omitempty"` // Gateway specifies the gateway IP address. - Gateway string `json:"gateway"` + Gateway string `json:"gateway,omitempty"` // InterfaceName specifies the device to set this route up for, for example eth0. - InterfaceName string `json:"interface_name"` + InterfaceName string `json:"interface_name,omitempty"` } diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index 2dc2b86eb41..cfb3ccf5cd1 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -50,11 +50,11 @@ type Container struct { type State struct { BaseState - // Platform specific fields below here + // Platform specific fields below. // Specified if the container was started under the rootless mode. // Set to true if BaseState.Config.RootlessEUID && BaseState.Config.RootlessCgroups - Rootless bool `json:"rootless"` + Rootless bool `json:"rootless,omitempty"` // Paths to all the container's cgroups, as returned by (*cgroups.Manager).GetPaths // @@ -62,17 +62,17 @@ type State struct { // to the cgroup for this subsystem. // // For cgroup v2 unified hierarchy, a key is "", and the value is the unified path. - CgroupPaths map[string]string `json:"cgroup_paths"` + CgroupPaths map[string]string `json:"cgroup_paths,omitempty"` // NamespacePaths are filepaths to the container's namespaces. Key is the namespace type // with the value as the path. NamespacePaths map[configs.NamespaceType]string `json:"namespace_paths"` - // Container's standard descriptors (std{in,out,err}), needed for checkpoint and restore + // Container's standard descriptors (std{in,out,err}), needed for checkpoint and restore. ExternalDescriptors []string `json:"external_descriptors,omitempty"` - // Intel RDT "resource control" filesystem path - IntelRdtPath string `json:"intel_rdt_path"` + // Intel RDT "resource control" filesystem path. + IntelRdtPath string `json:"intel_rdt_path,omitempty"` } // ID returns the container's unique ID From 370733b7d993414e4a62da48fc2069c470a41e47 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 21 Mar 2025 15:50:15 -0700 Subject: [PATCH 0875/1176] libct/cap: rm mapKeys, use maps.Keys, slices.Sorted Since we've switched to Go 1.23 we can now use the new functionality of maps and slices packages. Signed-off-by: Kir Kolyshkin --- libcontainer/capabilities/capabilities.go | 15 +++------------ 1 file changed, 3 insertions(+), 12 deletions(-) diff --git a/libcontainer/capabilities/capabilities.go b/libcontainer/capabilities/capabilities.go index 8bddc0007b7..157d84cd94e 100644 --- a/libcontainer/capabilities/capabilities.go +++ b/libcontainer/capabilities/capabilities.go @@ -5,7 +5,8 @@ package capabilities import ( "errors" "fmt" - "sort" + "maps" + "slices" "strings" "sync" "syscall" @@ -67,7 +68,7 @@ func New(capConfig *configs.Capabilities) (*Caps, error) { return nil, err } if len(unknownCaps) > 0 { - logrus.Warn("ignoring unknown or unavailable capabilities: ", mapKeys(unknownCaps)) + logrus.Warn("ignoring unknown or unavailable capabilities: ", slices.Sorted(maps.Keys(unknownCaps))) } return &c, nil } @@ -88,16 +89,6 @@ func capSlice(caps []string, unknownCaps map[string]struct{}) []capability.Cap { return out } -// mapKeys returns the keys of input in sorted order -func mapKeys(input map[string]struct{}) []string { - keys := make([]string, 0, len(input)) - for c := range input { - keys = append(keys, c) - } - sort.Strings(keys) - return keys -} - // Caps holds the capabilities for a container. type Caps struct { pid capability.Capabilities From bc96bc8558aa0dfe8edbb691489a3487003d8112 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 21 Mar 2025 15:50:43 -0700 Subject: [PATCH 0876/1176] libct/seccomp: use maps and slices pkgs Since we have now switched to Go 1.23, we can use maps and slices pkgs Signed-off-by: Kir Kolyshkin --- libcontainer/seccomp/config.go | 24 +++++------------------- 1 file changed, 5 insertions(+), 19 deletions(-) diff --git a/libcontainer/seccomp/config.go b/libcontainer/seccomp/config.go index 3ca03ed8a30..06849c83c10 100644 --- a/libcontainer/seccomp/config.go +++ b/libcontainer/seccomp/config.go @@ -2,7 +2,8 @@ package seccomp import ( "fmt" - "sort" + "maps" + "slices" "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runtime-spec/specs-go" @@ -25,12 +26,7 @@ var operators = map[string]configs.Operator{ // KnownOperators returns the list of the known operations. // Used by `runc features`. func KnownOperators() []string { - var res []string - for k := range operators { - res = append(res, k) - } - sort.Strings(res) - return res + return slices.Sorted(maps.Keys(operators)) } var actions = map[string]configs.Action{ @@ -48,12 +44,7 @@ var actions = map[string]configs.Action{ // KnownActions returns the list of the known actions. // Used by `runc features`. func KnownActions() []string { - var res []string - for k := range actions { - res = append(res, k) - } - sort.Strings(res) - return res + return slices.Sorted(maps.Keys(actions)) } var archs = map[string]string{ @@ -79,12 +70,7 @@ var archs = map[string]string{ // KnownArchs returns the list of the known archs. // Used by `runc features`. func KnownArchs() []string { - var res []string - for k := range archs { - res = append(res, k) - } - sort.Strings(res) - return res + return slices.Sorted(maps.Keys(archs)) } // ConvertStringToOperator converts a string into a Seccomp comparison operator. From bac338256c16178fbafa37180787384346b7c351 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 24 Mar 2025 04:56:16 +0000 Subject: [PATCH 0877/1176] build(deps): bump github.com/opencontainers/selinux Bumps [github.com/opencontainers/selinux](https://github.com/opencontainers/selinux) from 1.11.1 to 1.12.0. - [Release notes](https://github.com/opencontainers/selinux/releases) - [Commits](https://github.com/opencontainers/selinux/compare/v1.11.1...v1.12.0) --- updated-dependencies: - dependency-name: github.com/opencontainers/selinux dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 +- .../selinux/go-selinux/label/label.go | 67 ------------------- .../selinux/go-selinux/label/label_linux.go | 11 --- .../selinux/go-selinux/label/label_stub.go | 6 -- .../selinux/go-selinux/selinux.go | 16 +++-- .../selinux/go-selinux/selinux_linux.go | 41 +++++++----- vendor/modules.txt | 2 +- 8 files changed, 39 insertions(+), 110 deletions(-) diff --git a/go.mod b/go.mod index ee5edaa8618..a46e1aef2d8 100644 --- a/go.mod +++ b/go.mod @@ -16,7 +16,7 @@ require ( github.com/mrunalp/fileutils v0.5.1 github.com/opencontainers/cgroups v0.0.1 github.com/opencontainers/runtime-spec v1.2.1 - github.com/opencontainers/selinux v1.11.1 + github.com/opencontainers/selinux v1.12.0 github.com/seccomp/libseccomp-golang v0.10.0 github.com/sirupsen/logrus v1.9.3 github.com/urfave/cli v1.22.16 diff --git a/go.sum b/go.sum index c71e0394f58..d08fb3a5af1 100644 --- a/go.sum +++ b/go.sum @@ -49,8 +49,8 @@ github.com/opencontainers/cgroups v0.0.1 h1:MXjMkkFpKv6kpuirUa4USFBas573sSAY082B github.com/opencontainers/cgroups v0.0.1/go.mod h1:s8lktyhlGUqM7OSRL5P7eAW6Wb+kWPNvt4qvVfzA5vs= github.com/opencontainers/runtime-spec v1.2.1 h1:S4k4ryNgEpxW1dzyqffOmhI1BHYcjzU8lpJfSlR0xww= github.com/opencontainers/runtime-spec v1.2.1/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= -github.com/opencontainers/selinux v1.11.1 h1:nHFvthhM0qY8/m+vfhJylliSshm8G1jJ2jDMcgULaH8= -github.com/opencontainers/selinux v1.11.1/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M586T4DlDRYpFkyec= +github.com/opencontainers/selinux v1.12.0 h1:6n5JV4Cf+4y0KNXW48TLj5DwfXpvWlxXplUkdTrmPb8= +github.com/opencontainers/selinux v1.12.0/go.mod h1:BTPX+bjVbWGXw7ZZWUbdENt8w0htPSrlgOOysQaU62U= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/label/label.go b/vendor/github.com/opencontainers/selinux/go-selinux/label/label.go index 07e0f77dc27..884a8b80593 100644 --- a/vendor/github.com/opencontainers/selinux/go-selinux/label/label.go +++ b/vendor/github.com/opencontainers/selinux/go-selinux/label/label.go @@ -6,78 +6,11 @@ import ( "github.com/opencontainers/selinux/go-selinux" ) -// Deprecated: use selinux.ROFileLabel -var ROMountLabel = selinux.ROFileLabel - -// SetProcessLabel takes a process label and tells the kernel to assign the -// label to the next program executed by the current process. -// Deprecated: use selinux.SetExecLabel -var SetProcessLabel = selinux.SetExecLabel - -// ProcessLabel returns the process label that the kernel will assign -// to the next program executed by the current process. If "" is returned -// this indicates that the default labeling will happen for the process. -// Deprecated: use selinux.ExecLabel -var ProcessLabel = selinux.ExecLabel - -// SetSocketLabel takes a process label and tells the kernel to assign the -// label to the next socket that gets created -// Deprecated: use selinux.SetSocketLabel -var SetSocketLabel = selinux.SetSocketLabel - -// SocketLabel retrieves the current default socket label setting -// Deprecated: use selinux.SocketLabel -var SocketLabel = selinux.SocketLabel - -// SetKeyLabel takes a process label and tells the kernel to assign the -// label to the next kernel keyring that gets created -// Deprecated: use selinux.SetKeyLabel -var SetKeyLabel = selinux.SetKeyLabel - -// KeyLabel retrieves the current default kernel keyring label setting -// Deprecated: use selinux.KeyLabel -var KeyLabel = selinux.KeyLabel - -// FileLabel returns the label for specified path -// Deprecated: use selinux.FileLabel -var FileLabel = selinux.FileLabel - -// PidLabel will return the label of the process running with the specified pid -// Deprecated: use selinux.PidLabel -var PidLabel = selinux.PidLabel - // Init initialises the labeling system func Init() { _ = selinux.GetEnabled() } -// ClearLabels will clear all reserved labels -// Deprecated: use selinux.ClearLabels -var ClearLabels = selinux.ClearLabels - -// ReserveLabel will record the fact that the MCS label has already been used. -// This will prevent InitLabels from using the MCS label in a newly created -// container -// Deprecated: use selinux.ReserveLabel -func ReserveLabel(label string) error { - selinux.ReserveLabel(label) - return nil -} - -// ReleaseLabel will remove the reservation of the MCS label. -// This will allow InitLabels to use the MCS label in a newly created -// containers -// Deprecated: use selinux.ReleaseLabel -func ReleaseLabel(label string) error { - selinux.ReleaseLabel(label) - return nil -} - -// DupSecOpt takes a process label and returns security options that -// can be used to set duplicate labels on future container processes -// Deprecated: use selinux.DupSecOpt -var DupSecOpt = selinux.DupSecOpt - // FormatMountLabel returns a string to be used by the mount command. Using // the SELinux `context` mount option. Changing labels of files on mount // points with this option can never be changed. diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/label/label_linux.go b/vendor/github.com/opencontainers/selinux/go-selinux/label/label_linux.go index e49e6d53f7d..1258c98ce71 100644 --- a/vendor/github.com/opencontainers/selinux/go-selinux/label/label_linux.go +++ b/vendor/github.com/opencontainers/selinux/go-selinux/label/label_linux.go @@ -79,12 +79,6 @@ func InitLabels(options []string) (plabel string, mlabel string, retErr error) { return processLabel, mountLabel, nil } -// Deprecated: The GenLabels function is only to be used during the transition -// to the official API. Use InitLabels(strings.Fields(options)) instead. -func GenLabels(options string) (string, string, error) { - return InitLabels(strings.Fields(options)) -} - // SetFileLabel modifies the "path" label to the specified file label func SetFileLabel(path string, fileLabel string) error { if !selinux.GetEnabled() || fileLabel == "" { @@ -123,11 +117,6 @@ func Relabel(path string, fileLabel string, shared bool) error { return selinux.Chcon(path, fileLabel, true) } -// DisableSecOpt returns a security opt that can disable labeling -// support for future container processes -// Deprecated: use selinux.DisableSecOpt -var DisableSecOpt = selinux.DisableSecOpt - // Validate checks that the label does not include unexpected options func Validate(label string) error { if strings.Contains(label, "z") && strings.Contains(label, "Z") { diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/label/label_stub.go b/vendor/github.com/opencontainers/selinux/go-selinux/label/label_stub.go index 1c260cb27d9..7a54afc5e6d 100644 --- a/vendor/github.com/opencontainers/selinux/go-selinux/label/label_stub.go +++ b/vendor/github.com/opencontainers/selinux/go-selinux/label/label_stub.go @@ -10,12 +10,6 @@ func InitLabels([]string) (string, string, error) { return "", "", nil } -// Deprecated: The GenLabels function is only to be used during the transition -// to the official API. Use InitLabels(strings.Fields(options)) instead. -func GenLabels(string) (string, string, error) { - return "", "", nil -} - func SetFileLabel(string, string) error { return nil } diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/selinux.go b/vendor/github.com/opencontainers/selinux/go-selinux/selinux.go index af058b84b13..9f0740ef6f8 100644 --- a/vendor/github.com/opencontainers/selinux/go-selinux/selinux.go +++ b/vendor/github.com/opencontainers/selinux/go-selinux/selinux.go @@ -41,6 +41,10 @@ var ( // ErrVerifierNil is returned when a context verifier function is nil. ErrVerifierNil = errors.New("verifier function is nil") + // ErrNotTGLeader is returned by [SetKeyLabel] if the calling thread + // is not the thread group leader. + ErrNotTGLeader = errors.New("calling thread is not the thread group leader") + // CategoryRange allows the upper bound on the category range to be adjusted CategoryRange = DefaultCategoryRange @@ -180,10 +184,14 @@ func PeerLabel(fd uintptr) (string, error) { } // SetKeyLabel takes a process label and tells the kernel to assign the -// label to the next kernel keyring that gets created. Calls to SetKeyLabel -// should be wrapped in runtime.LockOSThread()/runtime.UnlockOSThread() until -// the kernel keyring is created to guarantee another goroutine does not migrate -// to the current thread before execution is complete. +// label to the next kernel keyring that gets created. +// +// Calls to SetKeyLabel should be wrapped in +// runtime.LockOSThread()/runtime.UnlockOSThread() until the kernel keyring is +// created to guarantee another goroutine does not migrate to the current +// thread before execution is complete. +// +// Only the thread group leader can set key label. func SetKeyLabel(label string) error { return setKeyLabel(label) } diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go index c80c10971b9..a607980724c 100644 --- a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go +++ b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go @@ -45,7 +45,7 @@ type selinuxState struct { type level struct { cats *big.Int - sens uint + sens int } type mlsRange struct { @@ -138,6 +138,7 @@ func verifySELinuxfsMount(mnt string) bool { return false } + //#nosec G115 -- there is no overflow here. if uint32(buf.Type) != uint32(unix.SELINUX_MAGIC) { return false } @@ -501,14 +502,14 @@ func catsToBitset(cats string) (*big.Int, error) { return nil, err } for i := catstart; i <= catend; i++ { - bitset.SetBit(bitset, int(i), 1) + bitset.SetBit(bitset, i, 1) } } else { cat, err := parseLevelItem(ranges[0], category) if err != nil { return nil, err } - bitset.SetBit(bitset, int(cat), 1) + bitset.SetBit(bitset, cat, 1) } } @@ -516,16 +517,17 @@ func catsToBitset(cats string) (*big.Int, error) { } // parseLevelItem parses and verifies that a sensitivity or category are valid -func parseLevelItem(s string, sep levelItem) (uint, error) { +func parseLevelItem(s string, sep levelItem) (int, error) { if len(s) < minSensLen || levelItem(s[0]) != sep { return 0, ErrLevelSyntax } - val, err := strconv.ParseUint(s[1:], 10, 32) + const bitSize = 31 // Make sure the result fits into signed int32. + val, err := strconv.ParseUint(s[1:], 10, bitSize) if err != nil { return 0, err } - return uint(val), nil + return int(val), nil } // parseLevel fills a level from a string that contains @@ -582,7 +584,8 @@ func bitsetToStr(c *big.Int) string { var str string length := 0 - for i := int(c.TrailingZeroBits()); i < c.BitLen(); i++ { + i0 := int(c.TrailingZeroBits()) //#nosec G115 -- don't expect TralingZeroBits to return values with highest bit set. + for i := i0; i < c.BitLen(); i++ { if c.Bit(i) == 0 { continue } @@ -622,7 +625,7 @@ func (l *level) equal(l2 *level) bool { // String returns an mlsRange as a string. func (m mlsRange) String() string { - low := "s" + strconv.Itoa(int(m.low.sens)) + low := "s" + strconv.Itoa(m.low.sens) if m.low.cats != nil && m.low.cats.BitLen() > 0 { low += ":" + bitsetToStr(m.low.cats) } @@ -631,7 +634,7 @@ func (m mlsRange) String() string { return low } - high := "s" + strconv.Itoa(int(m.high.sens)) + high := "s" + strconv.Itoa(m.high.sens) if m.high.cats != nil && m.high.cats.BitLen() > 0 { high += ":" + bitsetToStr(m.high.cats) } @@ -639,15 +642,16 @@ func (m mlsRange) String() string { return low + "-" + high } -// TODO: remove min and max once Go < 1.21 is not supported. -func max(a, b uint) uint { +// TODO: remove these in favor of built-in min/max +// once we stop supporting Go < 1.21. +func maxInt(a, b int) int { if a > b { return a } return b } -func min(a, b uint) uint { +func minInt(a, b int) int { if a < b { return a } @@ -676,10 +680,10 @@ func calculateGlbLub(sourceRange, targetRange string) (string, error) { outrange := &mlsRange{low: &level{}, high: &level{}} /* take the greatest of the low */ - outrange.low.sens = max(s.low.sens, t.low.sens) + outrange.low.sens = maxInt(s.low.sens, t.low.sens) /* take the least of the high */ - outrange.high.sens = min(s.high.sens, t.high.sens) + outrange.high.sens = minInt(s.high.sens, t.high.sens) /* find the intersecting categories */ if s.low.cats != nil && t.low.cats != nil { @@ -731,6 +735,9 @@ func setKeyLabel(label string) error { if label == "" && errors.Is(err, os.ErrPermission) { return nil } + if errors.Is(err, unix.EACCES) && unix.Getuid() != unix.Gettid() { + return ErrNotTGLeader + } return err } @@ -809,8 +816,7 @@ func enforceMode() int { // setEnforceMode sets the current SELinux mode Enforcing, Permissive. // Disabled is not valid, since this needs to be set at boot time. func setEnforceMode(mode int) error { - //nolint:gosec // ignore G306: permissions to be 0600 or less. - return os.WriteFile(selinuxEnforcePath(), []byte(strconv.Itoa(mode)), 0o644) + return os.WriteFile(selinuxEnforcePath(), []byte(strconv.Itoa(mode)), 0) } // defaultEnforceMode returns the systems default SELinux mode Enforcing, @@ -1017,8 +1023,7 @@ func addMcs(processLabel, fileLabel string) (string, string) { // securityCheckContext validates that the SELinux label is understood by the kernel func securityCheckContext(val string) error { - //nolint:gosec // ignore G306: permissions to be 0600 or less. - return os.WriteFile(filepath.Join(getSelinuxMountPoint(), "context"), []byte(val), 0o644) + return os.WriteFile(filepath.Join(getSelinuxMountPoint(), "context"), []byte(val), 0) } // copyLevel returns a label with the MLS/MCS level from src label replaced on diff --git a/vendor/modules.txt b/vendor/modules.txt index fef75a33656..26d82e7c62f 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -66,7 +66,7 @@ github.com/opencontainers/cgroups/systemd ## explicit github.com/opencontainers/runtime-spec/specs-go github.com/opencontainers/runtime-spec/specs-go/features -# github.com/opencontainers/selinux v1.11.1 +# github.com/opencontainers/selinux v1.12.0 ## explicit; go 1.19 github.com/opencontainers/selinux/go-selinux github.com/opencontainers/selinux/go-selinux/label From f55400dce8f51915bd7ecc6dc16daed8ebffed01 Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Mon, 24 Mar 2025 12:22:07 +0100 Subject: [PATCH 0878/1176] .github: Improve issue template description We received several times issues that the repro steps are human readable text with ambiguous instructions. That usually ends up in maintainers asking questions so people provide clear steps. Let's just make the issue template more clear in that regard. Signed-off-by: Rodrigo Campos --- .github/ISSUE_TEMPLATE/bug_report.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/ISSUE_TEMPLATE/bug_report.yaml b/.github/ISSUE_TEMPLATE/bug_report.yaml index 3af44b54025..90b3e1dce1a 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.yaml +++ b/.github/ISSUE_TEMPLATE/bug_report.yaml @@ -25,6 +25,8 @@ body: - type: textarea attributes: label: Steps to reproduce the issue + description: | + As much as possible, try to make steps that would work in a script. This makes the repro unambiguous and easy to follow. value: | 1. 2. From 1aebfa3eab077c12c55452e78bb758067547a73f Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 21 Mar 2025 14:52:18 -0700 Subject: [PATCH 0879/1176] libct/int: don't use _ = runContainerOk There is no need to explicitly ignore returned value. Signed-off-by: Kir Kolyshkin --- libcontainer/integration/exec_test.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/libcontainer/integration/exec_test.go b/libcontainer/integration/exec_test.go index 2d58ccc4b01..c1362444682 100644 --- a/libcontainer/integration/exec_test.go +++ b/libcontainer/integration/exec_test.go @@ -534,12 +534,12 @@ func testPids(t *testing.T, systemd bool) { config.Cgroups.Resources.PidsLimit = -1 // Running multiple processes, expecting it to succeed with no pids limit. - _ = runContainerOk(t, config, "/bin/sh", "-c", "/bin/true | /bin/true | /bin/true | /bin/true") + runContainerOk(t, config, "/bin/sh", "-c", "/bin/true | /bin/true | /bin/true | /bin/true") // Enforce a permissive limit. This needs to be fairly hand-wavey due to the // issues with running Go binaries with pids restrictions (see below). config.Cgroups.Resources.PidsLimit = 64 - _ = runContainerOk(t, config, "/bin/sh", "-c", ` + runContainerOk(t, config, "/bin/sh", "-c", ` /bin/true | /bin/true | /bin/true | /bin/true | /bin/true | /bin/true | bin/true | /bin/true | /bin/true | /bin/true | /bin/true | /bin/true | /bin/true | /bin/true | bin/true | /bin/true | /bin/true | /bin/true | /bin/true | /bin/true | /bin/true | /bin/true | bin/true | /bin/true | @@ -1711,10 +1711,10 @@ func testFdLeaks(t *testing.T, systemd bool) { // Examples of this open-once file descriptors are: // - /sys/fs/cgroup dirfd opened by prepareOpenat2 in libct/cgroups; // - dbus connection opened by getConnection in libct/cgroups/systemd. - _ = runContainerOk(t, config, "true") + runContainerOk(t, config, "true") fds0 := fdList(t) - _ = runContainerOk(t, config, "true") + runContainerOk(t, config, "true") fds1 := fdList(t) if reflect.DeepEqual(fds0, fds1) { From 65e0f2b719fab2ca2b0ef8fbab154ed62fe709a4 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 21 Mar 2025 14:53:10 -0700 Subject: [PATCH 0880/1176] libct/int: use destroyContainer Signed-off-by: Kir Kolyshkin --- libcontainer/integration/exec_test.go | 6 ++---- libcontainer/integration/seccomp_test.go | 8 ++++---- 2 files changed, 6 insertions(+), 8 deletions(-) diff --git a/libcontainer/integration/exec_test.go b/libcontainer/integration/exec_test.go index c1362444682..5bfec5d7392 100644 --- a/libcontainer/integration/exec_test.go +++ b/libcontainer/integration/exec_test.go @@ -1373,9 +1373,7 @@ func testPidnsInitKill(t *testing.T, config *configs.Config) { // Run a container with two long-running processes. container, err := newContainer(t, config) ok(t, err) - defer func() { - _ = container.Destroy() - }() + defer destroyContainer(container) process1 := &libcontainer.Process{ Cwd: "/", @@ -1796,7 +1794,7 @@ func TestBindMountAndUser(t *testing.T) { container, err := newContainer(t, config) ok(t, err) - defer container.Destroy() //nolint: errcheck + defer destroyContainer(container) var stdout bytes.Buffer diff --git a/libcontainer/integration/seccomp_test.go b/libcontainer/integration/seccomp_test.go index 1ca13ebcf7d..4e8e0912aca 100644 --- a/libcontainer/integration/seccomp_test.go +++ b/libcontainer/integration/seccomp_test.go @@ -33,7 +33,7 @@ func TestSeccompDenySyslogWithErrno(t *testing.T) { container, err := newContainer(t, config) ok(t, err) - defer container.Destroy() //nolint:errcheck + defer destroyContainer(container) buffers := newStdBuffers() pwd := &libcontainer.Process{ @@ -81,7 +81,7 @@ func TestSeccompDenySyslog(t *testing.T) { container, err := newContainer(t, config) ok(t, err) - defer container.Destroy() //nolint:errcheck + defer destroyContainer(container) buffers := newStdBuffers() pwd := &libcontainer.Process{ @@ -136,7 +136,7 @@ func TestSeccompPermitWriteConditional(t *testing.T) { container, err := newContainer(t, config) ok(t, err) - defer container.Destroy() //nolint:errcheck + defer destroyContainer(container) buffers := newStdBuffers() dmesg := &libcontainer.Process{ @@ -188,7 +188,7 @@ func TestSeccompDenyWriteConditional(t *testing.T) { container, err := newContainer(t, config) ok(t, err) - defer container.Destroy() //nolint:errcheck + defer destroyContainer(container) buffers := newStdBuffers() dmesg := &libcontainer.Process{ From d00c3be986d011118b47735958423323b7fc7518 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 24 Mar 2025 10:05:22 -0700 Subject: [PATCH 0881/1176] ci: bump codespell to v2.4.1, fix some typos All but one were found by codespell. Signed-off-by: Kir Kolyshkin --- .github/workflows/validate.yml | 2 +- libcontainer/exeseal/cloned_binary_linux.go | 2 +- libcontainer/internal/userns/usernsfd_linux.go | 2 +- libcontainer/utils/utils_unix.go | 2 +- tests/integration/userns.bats | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index b3ac384d337..34e58dc0081 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -91,7 +91,7 @@ jobs: - uses: actions/checkout@v4 - name: install deps # Version of codespell bundled with Ubuntu is way old, so use pip. - run: pip install --break-system-packages codespell==v2.3.0 + run: pip install --break-system-packages codespell==v2.4.1 - name: run codespell run: codespell diff --git a/libcontainer/exeseal/cloned_binary_linux.go b/libcontainer/exeseal/cloned_binary_linux.go index 3bafc96a613..7e0957fc801 100644 --- a/libcontainer/exeseal/cloned_binary_linux.go +++ b/libcontainer/exeseal/cloned_binary_linux.go @@ -48,7 +48,7 @@ func sealMemfd(f **os.File) error { // to work on older kernels. fd := (*f).Fd() - // Skip F_SEAL_FUTURE_WRITE, it is not needed because we alreadu use the + // Skip F_SEAL_FUTURE_WRITE, it is not needed because we already use the // stronger F_SEAL_WRITE (and is buggy on Linux <5.5 -- see kernel commit // 05d351102dbe and ). diff --git a/libcontainer/internal/userns/usernsfd_linux.go b/libcontainer/internal/userns/usernsfd_linux.go index 2eb64cf76ca..773ba17cad6 100644 --- a/libcontainer/internal/userns/usernsfd_linux.go +++ b/libcontainer/internal/userns/usernsfd_linux.go @@ -61,7 +61,7 @@ type Handles struct { // Release all resources associated with this Handle. All existing files // returned from Get() will continue to work even after calling Release(). The -// same Handles can be re-used after calling Release(). +// same Handles can be reused after calling Release(). func (hs *Handles) Release() { hs.m.Lock() defer hs.m.Unlock() diff --git a/libcontainer/utils/utils_unix.go b/libcontainer/utils/utils_unix.go index f6b3fefb1eb..98caa3151d1 100644 --- a/libcontainer/utils/utils_unix.go +++ b/libcontainer/utils/utils_unix.go @@ -130,7 +130,7 @@ func runtime_IsPollDescriptor(fd uintptr) bool //nolint:revive // // NOTE: That this function is incredibly dangerous to use in most Go code, as // closing file descriptors from underneath *os.File handles can lead to very -// bad behaviour (the closed file descriptor can be re-used and then any +// bad behaviour (the closed file descriptor can be reused and then any // *os.File operations would apply to the wrong file). This function is only // intended to be called from the last stage of runc init. func UnsafeCloseFrom(minFd int) error { diff --git a/tests/integration/userns.bats b/tests/integration/userns.bats index 67766401693..1300dff9f7c 100644 --- a/tests/integration/userns.bats +++ b/tests/integration/userns.bats @@ -217,7 +217,7 @@ function teardown() { # Also create a network namespace that *is not owned* by the above userns. # NOTE: Having no permissions in a namespaces makes it necessary to modify # the config so that we don't get mount errors (for reference: no netns - # permissions == no sysfs mounts, no pidns permissoins == no procfs mounts, + # permissions == no sysfs mounts, no pidns permissions == no procfs mounts, # no utsns permissions == no sethostname(2), no ipc permissions == no # mqueue mounts, etc). netns_path="$(mktemp "$BATS_RUN_TMPDIR/netns.XXXXXX")" From a638f1330b75e2641e9bf43432f439d98b2166ce Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 21 Mar 2025 14:31:40 -0700 Subject: [PATCH 0882/1176] .golangci.yml: add nolintlint, fix found issues The errrolint linter can finally ignore errors from Close, and it also ignores direct comparisons of errors from x/sys/unix. Signed-off-by: Kir Kolyshkin --- .golangci.yml | 1 + libcontainer/factory_linux_test.go | 2 +- libcontainer/integration/checkpoint_test.go | 4 ++-- libcontainer/integration/exec_test.go | 24 ++++++++++----------- libcontainer/integration/execin_test.go | 14 ++++++------ libcontainer/rootfs_linux.go | 8 +++---- libcontainer/utils/cmsg.go | 4 ++-- 7 files changed, 29 insertions(+), 28 deletions(-) diff --git a/.golangci.yml b/.golangci.yml index c6959dd690f..64c285cd033 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -8,6 +8,7 @@ linters: enable: - gofumpt - errorlint + - nolintlint - unconvert - unparam diff --git a/libcontainer/factory_linux_test.go b/libcontainer/factory_linux_test.go index bbbbd346534..22dcd34125a 100644 --- a/libcontainer/factory_linux_test.go +++ b/libcontainer/factory_linux_test.go @@ -86,7 +86,7 @@ func marshal(path string, v interface{}) error { if err != nil { return err } - defer f.Close() //nolint: errcheck + defer f.Close() return utils.WriteJSON(f, v) } diff --git a/libcontainer/integration/checkpoint_test.go b/libcontainer/integration/checkpoint_test.go index 8d4d6fe4751..fa4a4975c80 100644 --- a/libcontainer/integration/checkpoint_test.go +++ b/libcontainer/integration/checkpoint_test.go @@ -67,7 +67,7 @@ func testCheckpoint(t *testing.T, userns bool) { err = container.Run(&pconfig) _ = stdinR.Close() - defer stdinW.Close() //nolint: errcheck + defer stdinW.Close() ok(t, err) pid, err := pconfig.Pid() @@ -141,7 +141,7 @@ func testCheckpoint(t *testing.T, userns bool) { err = container.Restore(restoreProcessConfig, checkpointOpts) _ = restoreStdinR.Close() - defer restoreStdinW.Close() //nolint: errcheck + defer restoreStdinW.Close() if err != nil { t.Fatal(err) } diff --git a/libcontainer/integration/exec_test.go b/libcontainer/integration/exec_test.go index 5bfec5d7392..17312563bfc 100644 --- a/libcontainer/integration/exec_test.go +++ b/libcontainer/integration/exec_test.go @@ -172,7 +172,7 @@ func TestEnter(t *testing.T) { } err = container.Run(&pconfig) _ = stdinR.Close() - defer stdinW.Close() //nolint: errcheck + defer stdinW.Close() ok(t, err) pid, err := pconfig.Pid() ok(t, err) @@ -190,7 +190,7 @@ func TestEnter(t *testing.T) { err = container.Run(&pconfig2) _ = stdinR2.Close() - defer stdinW2.Close() //nolint: errcheck + defer stdinW2.Close() ok(t, err) pid2, err := pconfig2.Pid() @@ -458,7 +458,7 @@ func testFreeze(t *testing.T, withSystemd bool, useSet bool) { } err = container.Run(pconfig) _ = stdinR.Close() - defer stdinW.Close() //nolint: errcheck + defer stdinW.Close() ok(t, err) if !useSet { @@ -738,7 +738,7 @@ func TestContainerState(t *testing.T) { err = container.Run(p) ok(t, err) _ = stdinR.Close() - defer stdinW.Close() //nolint: errcheck + defer stdinW.Close() st, err := container.State() ok(t, err) @@ -1164,7 +1164,7 @@ func TestRootfsPropagationSlaveMount(t *testing.T) { err = container.Run(pconfig) _ = stdinR.Close() - defer stdinW.Close() //nolint: errcheck + defer stdinW.Close() ok(t, err) // Create mnt2host under dir1host and bind mount itself on top of it. @@ -1194,7 +1194,7 @@ func TestRootfsPropagationSlaveMount(t *testing.T) { err = container.Run(pconfig2) _ = stdinR2.Close() - defer stdinW2.Close() //nolint: errcheck + defer stdinW2.Close() ok(t, err) _ = stdinW2.Close() @@ -1276,7 +1276,7 @@ func TestRootfsPropagationSharedMount(t *testing.T) { err = container.Run(pconfig) _ = stdinR.Close() - defer stdinW.Close() //nolint: errcheck + defer stdinW.Close() ok(t, err) // Create mnt2cont under dir1host. This will become visible inside container @@ -1311,7 +1311,7 @@ func TestRootfsPropagationSharedMount(t *testing.T) { err = container.Run(pconfig2) _ = stdinR2.Close() - defer stdinW2.Close() //nolint: errcheck + defer stdinW2.Close() ok(t, err) // Wait for process @@ -1430,7 +1430,7 @@ func TestInitJoinPID(t *testing.T) { } err = container1.Run(init1) _ = stdinR1.Close() - defer stdinW1.Close() //nolint: errcheck + defer stdinW1.Close() ok(t, err) // get the state of the first container @@ -1457,7 +1457,7 @@ func TestInitJoinPID(t *testing.T) { } err = container2.Run(init2) _ = stdinR2.Close() - defer stdinW2.Close() //nolint: errcheck + defer stdinW2.Close() ok(t, err) // get the state of the second container state2, err := container2.State() @@ -1529,7 +1529,7 @@ func TestInitJoinNetworkAndUser(t *testing.T) { } err = container1.Run(init1) _ = stdinR1.Close() - defer stdinW1.Close() //nolint: errcheck + defer stdinW1.Close() ok(t, err) // get the state of the first container @@ -1563,7 +1563,7 @@ func TestInitJoinNetworkAndUser(t *testing.T) { } err = container2.Run(init2) _ = stdinR2.Close() - defer stdinW2.Close() //nolint: errcheck + defer stdinW2.Close() ok(t, err) // get the state of the second container diff --git a/libcontainer/integration/execin_test.go b/libcontainer/integration/execin_test.go index e6be1f54492..831a4374404 100644 --- a/libcontainer/integration/execin_test.go +++ b/libcontainer/integration/execin_test.go @@ -40,7 +40,7 @@ func TestExecIn(t *testing.T) { } err = container.Run(process) _ = stdinR.Close() - defer stdinW.Close() //nolint: errcheck + defer stdinW.Close() ok(t, err) buffers := newStdBuffers() @@ -98,7 +98,7 @@ func testExecInRlimit(t *testing.T, userns bool) { } err = container.Run(process) _ = stdinR.Close() - defer stdinW.Close() //nolint: errcheck + defer stdinW.Close() ok(t, err) buffers := newStdBuffers() @@ -149,7 +149,7 @@ func TestExecInAdditionalGroups(t *testing.T) { } err = container.Run(process) _ = stdinR.Close() - defer stdinW.Close() //nolint: errcheck + defer stdinW.Close() ok(t, err) var stdout bytes.Buffer @@ -338,7 +338,7 @@ func TestExecInEnvironment(t *testing.T) { } err = container.Run(process) _ = stdinR.Close() - defer stdinW.Close() //nolint: errcheck + defer stdinW.Close() ok(t, err) execEnv := []string{ @@ -408,7 +408,7 @@ func TestExecinPassExtraFiles(t *testing.T) { } err = container.Run(process) _ = stdinR.Close() - defer stdinW.Close() //nolint: errcheck + defer stdinW.Close() ok(t, err) var stdout bytes.Buffer @@ -473,7 +473,7 @@ func TestExecInOomScoreAdj(t *testing.T) { } err = container.Run(process) _ = stdinR.Close() - defer stdinW.Close() //nolint: errcheck + defer stdinW.Close() ok(t, err) buffers := newStdBuffers() @@ -521,7 +521,7 @@ func TestExecInUserns(t *testing.T) { } err = container.Run(process) _ = stdinR.Close() - defer stdinW.Close() //nolint: errcheck + defer stdinW.Close() ok(t, err) initPID, err := process.Pid() diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index e46109a2ff9..3df948eeb69 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -873,7 +873,7 @@ func reOpenDevNull() error { if err != nil { return err } - defer file.Close() //nolint: errcheck + defer file.Close() if err := unix.Fstat(int(file.Fd()), &devNullStat); err != nil { return &os.PathError{Op: "fstat", Path: file.Name(), Err: err} } @@ -999,7 +999,7 @@ func rootfsParentMountPrivate(path string) error { if err == nil { return nil } - if err != unix.EINVAL || path == "/" { //nolint:errorlint // unix errors are bare + if err != unix.EINVAL || path == "/" { break } path = filepath.Dir(path) @@ -1067,13 +1067,13 @@ func pivotRoot(rootfs string) error { if err != nil { return &os.PathError{Op: "open", Path: "/", Err: err} } - defer unix.Close(oldroot) //nolint: errcheck + defer unix.Close(oldroot) newroot, err := unix.Open(rootfs, unix.O_DIRECTORY|unix.O_RDONLY, 0) if err != nil { return &os.PathError{Op: "open", Path: rootfs, Err: err} } - defer unix.Close(newroot) //nolint: errcheck + defer unix.Close(newroot) // Change to the new root so that the pivot_root actually acts on it. if err := unix.Fchdir(newroot); err != nil { diff --git a/libcontainer/utils/cmsg.go b/libcontainer/utils/cmsg.go index 3aca5bdaccd..8b63a129599 100644 --- a/libcontainer/utils/cmsg.go +++ b/libcontainer/utils/cmsg.go @@ -49,7 +49,7 @@ func RecvFile(socket *os.File) (_ *os.File, Err error) { for { n, oobn, _, _, err = unix.Recvmsg(int(sockfd), name, oob, unix.MSG_CMSG_CLOEXEC) - if err != unix.EINTR { //nolint:errorlint // unix errors are bare + if err != unix.EINTR { break } } @@ -128,7 +128,7 @@ func SendRawFd(socket *os.File, msg string, fd uintptr) error { oob := unix.UnixRights(int(fd)) for { err := unix.Sendmsg(int(socket.Fd()), []byte(msg), oob, nil, 0) - if err != unix.EINTR { //nolint:errorlint // unix errors are bare + if err != unix.EINTR { return os.NewSyscallError("sendmsg", err) } } From 4622bb87fdd816d3d093c607c01d54406904b25d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 25 Mar 2025 04:06:22 +0000 Subject: [PATCH 0883/1176] build(deps): bump google.golang.org/protobuf from 1.36.5 to 1.36.6 Bumps google.golang.org/protobuf from 1.36.5 to 1.36.6. --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 +- .../editiondefaults/editions_defaults.binpb | Bin 138 -> 146 bytes .../protobuf/internal/filedesc/editions.go | 3 + .../protobuf/internal/genid/descriptor_gen.go | 16 +++ ...ings_unsafe_go121.go => strings_unsafe.go} | 2 - .../internal/strs/strings_unsafe_go120.go | 94 ----------------- .../protobuf/internal/version/version.go | 2 +- .../google.golang.org/protobuf/proto/merge.go | 6 ++ .../reflect/protoreflect/source_gen.go | 2 + ...{value_unsafe_go121.go => value_unsafe.go} | 2 - .../protoreflect/value_unsafe_go120.go | 98 ------------------ vendor/modules.txt | 4 +- 13 files changed, 33 insertions(+), 202 deletions(-) rename vendor/google.golang.org/protobuf/internal/strs/{strings_unsafe_go121.go => strings_unsafe.go} (99%) delete mode 100644 vendor/google.golang.org/protobuf/internal/strs/strings_unsafe_go120.go rename vendor/google.golang.org/protobuf/reflect/protoreflect/{value_unsafe_go121.go => value_unsafe.go} (99%) delete mode 100644 vendor/google.golang.org/protobuf/reflect/protoreflect/value_unsafe_go120.go diff --git a/go.mod b/go.mod index a46e1aef2d8..2b1c85d88de 100644 --- a/go.mod +++ b/go.mod @@ -23,7 +23,7 @@ require ( github.com/vishvananda/netlink v1.3.0 golang.org/x/net v0.37.0 golang.org/x/sys v0.31.0 - google.golang.org/protobuf v1.36.5 + google.golang.org/protobuf v1.36.6 ) // https://github.com/opencontainers/runc/issues/4594 diff --git a/go.sum b/go.sum index d08fb3a5af1..b30dd69c816 100644 --- a/go.sum +++ b/go.sum @@ -87,8 +87,8 @@ golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik= golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= -google.golang.org/protobuf v1.36.5 h1:tPhr+woSbjfYvY6/GPufUoYizxw1cF/yFoxJ2fmpwlM= -google.golang.org/protobuf v1.36.5/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= +google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY= +google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/vendor/google.golang.org/protobuf/internal/editiondefaults/editions_defaults.binpb b/vendor/google.golang.org/protobuf/internal/editiondefaults/editions_defaults.binpb index 5a57ef6f3c80a4a930b7bdb33b039ea94d1eb5f2..323829da1477e4496d664b2a1092a9f9cec275d4 100644 GIT binary patch literal 146 zcmX}mF%Ezr3X5(&e%rBRTLK{CjOa+)E@2mYkk=mEF7 B6)FG# literal 138 zcmd;*muO*EV!mX@pe4$|D8MAaq`<7fXux#Ijt$6VkYMDJmv|0Wz$CyZ!KlClRKN&Q wzyMY7f?Y`%s2WL*1th1%ddZFnY{E-+C6MVz3P75fB^b3pHY+@1*LcYe04AXnGXMYp diff --git a/vendor/google.golang.org/protobuf/internal/filedesc/editions.go b/vendor/google.golang.org/protobuf/internal/filedesc/editions.go index 10132c9b384..b08b71830c6 100644 --- a/vendor/google.golang.org/protobuf/internal/filedesc/editions.go +++ b/vendor/google.golang.org/protobuf/internal/filedesc/editions.go @@ -69,6 +69,9 @@ func unmarshalFeatureSet(b []byte, parent EditionFeatures) EditionFeatures { parent.IsDelimitedEncoded = v == genid.FeatureSet_DELIMITED_enum_value case genid.FeatureSet_JsonFormat_field_number: parent.IsJSONCompliant = v == genid.FeatureSet_ALLOW_enum_value + case genid.FeatureSet_EnforceNamingStyle_field_number: + // EnforceNamingStyle is enforced in protoc, languages other than C++ + // are not supposed to do anything with this feature. default: panic(fmt.Sprintf("unkown field number %d while unmarshalling FeatureSet", num)) } diff --git a/vendor/google.golang.org/protobuf/internal/genid/descriptor_gen.go b/vendor/google.golang.org/protobuf/internal/genid/descriptor_gen.go index f30ab6b586f..39524782add 100644 --- a/vendor/google.golang.org/protobuf/internal/genid/descriptor_gen.go +++ b/vendor/google.golang.org/protobuf/internal/genid/descriptor_gen.go @@ -1014,6 +1014,7 @@ const ( FeatureSet_Utf8Validation_field_name protoreflect.Name = "utf8_validation" FeatureSet_MessageEncoding_field_name protoreflect.Name = "message_encoding" FeatureSet_JsonFormat_field_name protoreflect.Name = "json_format" + FeatureSet_EnforceNamingStyle_field_name protoreflect.Name = "enforce_naming_style" FeatureSet_FieldPresence_field_fullname protoreflect.FullName = "google.protobuf.FeatureSet.field_presence" FeatureSet_EnumType_field_fullname protoreflect.FullName = "google.protobuf.FeatureSet.enum_type" @@ -1021,6 +1022,7 @@ const ( FeatureSet_Utf8Validation_field_fullname protoreflect.FullName = "google.protobuf.FeatureSet.utf8_validation" FeatureSet_MessageEncoding_field_fullname protoreflect.FullName = "google.protobuf.FeatureSet.message_encoding" FeatureSet_JsonFormat_field_fullname protoreflect.FullName = "google.protobuf.FeatureSet.json_format" + FeatureSet_EnforceNamingStyle_field_fullname protoreflect.FullName = "google.protobuf.FeatureSet.enforce_naming_style" ) // Field numbers for google.protobuf.FeatureSet. @@ -1031,6 +1033,7 @@ const ( FeatureSet_Utf8Validation_field_number protoreflect.FieldNumber = 4 FeatureSet_MessageEncoding_field_number protoreflect.FieldNumber = 5 FeatureSet_JsonFormat_field_number protoreflect.FieldNumber = 6 + FeatureSet_EnforceNamingStyle_field_number protoreflect.FieldNumber = 7 ) // Full and short names for google.protobuf.FeatureSet.FieldPresence. @@ -1112,6 +1115,19 @@ const ( FeatureSet_LEGACY_BEST_EFFORT_enum_value = 2 ) +// Full and short names for google.protobuf.FeatureSet.EnforceNamingStyle. +const ( + FeatureSet_EnforceNamingStyle_enum_fullname = "google.protobuf.FeatureSet.EnforceNamingStyle" + FeatureSet_EnforceNamingStyle_enum_name = "EnforceNamingStyle" +) + +// Enum values for google.protobuf.FeatureSet.EnforceNamingStyle. +const ( + FeatureSet_ENFORCE_NAMING_STYLE_UNKNOWN_enum_value = 0 + FeatureSet_STYLE2024_enum_value = 1 + FeatureSet_STYLE_LEGACY_enum_value = 2 +) + // Names for google.protobuf.FeatureSetDefaults. const ( FeatureSetDefaults_message_name protoreflect.Name = "FeatureSetDefaults" diff --git a/vendor/google.golang.org/protobuf/internal/strs/strings_unsafe_go121.go b/vendor/google.golang.org/protobuf/internal/strs/strings_unsafe.go similarity index 99% rename from vendor/google.golang.org/protobuf/internal/strs/strings_unsafe_go121.go rename to vendor/google.golang.org/protobuf/internal/strs/strings_unsafe.go index 1ffddf6877a..42dd6f70c6f 100644 --- a/vendor/google.golang.org/protobuf/internal/strs/strings_unsafe_go121.go +++ b/vendor/google.golang.org/protobuf/internal/strs/strings_unsafe.go @@ -2,8 +2,6 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build go1.21 - package strs import ( diff --git a/vendor/google.golang.org/protobuf/internal/strs/strings_unsafe_go120.go b/vendor/google.golang.org/protobuf/internal/strs/strings_unsafe_go120.go deleted file mode 100644 index 832a7988f14..00000000000 --- a/vendor/google.golang.org/protobuf/internal/strs/strings_unsafe_go120.go +++ /dev/null @@ -1,94 +0,0 @@ -// Copyright 2018 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -//go:build !go1.21 - -package strs - -import ( - "unsafe" - - "google.golang.org/protobuf/reflect/protoreflect" -) - -type ( - stringHeader struct { - Data unsafe.Pointer - Len int - } - sliceHeader struct { - Data unsafe.Pointer - Len int - Cap int - } -) - -// UnsafeString returns an unsafe string reference of b. -// The caller must treat the input slice as immutable. -// -// WARNING: Use carefully. The returned result must not leak to the end user -// unless the input slice is provably immutable. -func UnsafeString(b []byte) (s string) { - src := (*sliceHeader)(unsafe.Pointer(&b)) - dst := (*stringHeader)(unsafe.Pointer(&s)) - dst.Data = src.Data - dst.Len = src.Len - return s -} - -// UnsafeBytes returns an unsafe bytes slice reference of s. -// The caller must treat returned slice as immutable. -// -// WARNING: Use carefully. The returned result must not leak to the end user. -func UnsafeBytes(s string) (b []byte) { - src := (*stringHeader)(unsafe.Pointer(&s)) - dst := (*sliceHeader)(unsafe.Pointer(&b)) - dst.Data = src.Data - dst.Len = src.Len - dst.Cap = src.Len - return b -} - -// Builder builds a set of strings with shared lifetime. -// This differs from strings.Builder, which is for building a single string. -type Builder struct { - buf []byte -} - -// AppendFullName is equivalent to protoreflect.FullName.Append, -// but optimized for large batches where each name has a shared lifetime. -func (sb *Builder) AppendFullName(prefix protoreflect.FullName, name protoreflect.Name) protoreflect.FullName { - n := len(prefix) + len(".") + len(name) - if len(prefix) == 0 { - n -= len(".") - } - sb.grow(n) - sb.buf = append(sb.buf, prefix...) - sb.buf = append(sb.buf, '.') - sb.buf = append(sb.buf, name...) - return protoreflect.FullName(sb.last(n)) -} - -// MakeString is equivalent to string(b), but optimized for large batches -// with a shared lifetime. -func (sb *Builder) MakeString(b []byte) string { - sb.grow(len(b)) - sb.buf = append(sb.buf, b...) - return sb.last(len(b)) -} - -func (sb *Builder) grow(n int) { - if cap(sb.buf)-len(sb.buf) >= n { - return - } - - // Unlike strings.Builder, we do not need to copy over the contents - // of the old buffer since our builder provides no API for - // retrieving previously created strings. - sb.buf = make([]byte, 0, 2*(cap(sb.buf)+n)) -} - -func (sb *Builder) last(n int) string { - return UnsafeString(sb.buf[len(sb.buf)-n:]) -} diff --git a/vendor/google.golang.org/protobuf/internal/version/version.go b/vendor/google.golang.org/protobuf/internal/version/version.go index 01efc33030d..aac1cb18a74 100644 --- a/vendor/google.golang.org/protobuf/internal/version/version.go +++ b/vendor/google.golang.org/protobuf/internal/version/version.go @@ -52,7 +52,7 @@ import ( const ( Major = 1 Minor = 36 - Patch = 5 + Patch = 6 PreRelease = "" ) diff --git a/vendor/google.golang.org/protobuf/proto/merge.go b/vendor/google.golang.org/protobuf/proto/merge.go index 3c6fe57807b..ef55b97dded 100644 --- a/vendor/google.golang.org/protobuf/proto/merge.go +++ b/vendor/google.golang.org/protobuf/proto/merge.go @@ -59,6 +59,12 @@ func Clone(m Message) Message { return dst.Interface() } +// CloneOf returns a deep copy of m. If the top-level message is invalid, +// it returns an invalid message as well. +func CloneOf[M Message](m M) M { + return Clone(m).(M) +} + // mergeOptions provides a namespace for merge functions, and can be // exported in the future if we add user-visible merge options. type mergeOptions struct{} diff --git a/vendor/google.golang.org/protobuf/reflect/protoreflect/source_gen.go b/vendor/google.golang.org/protobuf/reflect/protoreflect/source_gen.go index ea154eec44d..a4a0a2971dd 100644 --- a/vendor/google.golang.org/protobuf/reflect/protoreflect/source_gen.go +++ b/vendor/google.golang.org/protobuf/reflect/protoreflect/source_gen.go @@ -398,6 +398,8 @@ func (p *SourcePath) appendFeatureSet(b []byte) []byte { b = p.appendSingularField(b, "message_encoding", nil) case 6: b = p.appendSingularField(b, "json_format", nil) + case 7: + b = p.appendSingularField(b, "enforce_naming_style", nil) } return b } diff --git a/vendor/google.golang.org/protobuf/reflect/protoreflect/value_unsafe_go121.go b/vendor/google.golang.org/protobuf/reflect/protoreflect/value_unsafe.go similarity index 99% rename from vendor/google.golang.org/protobuf/reflect/protoreflect/value_unsafe_go121.go rename to vendor/google.golang.org/protobuf/reflect/protoreflect/value_unsafe.go index 479527b58dd..fe17f37220e 100644 --- a/vendor/google.golang.org/protobuf/reflect/protoreflect/value_unsafe_go121.go +++ b/vendor/google.golang.org/protobuf/reflect/protoreflect/value_unsafe.go @@ -2,8 +2,6 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build go1.21 - package protoreflect import ( diff --git a/vendor/google.golang.org/protobuf/reflect/protoreflect/value_unsafe_go120.go b/vendor/google.golang.org/protobuf/reflect/protoreflect/value_unsafe_go120.go deleted file mode 100644 index 0015fcb35d8..00000000000 --- a/vendor/google.golang.org/protobuf/reflect/protoreflect/value_unsafe_go120.go +++ /dev/null @@ -1,98 +0,0 @@ -// Copyright 2018 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -//go:build !go1.21 - -package protoreflect - -import ( - "unsafe" - - "google.golang.org/protobuf/internal/pragma" -) - -type ( - stringHeader struct { - Data unsafe.Pointer - Len int - } - sliceHeader struct { - Data unsafe.Pointer - Len int - Cap int - } - ifaceHeader struct { - Type unsafe.Pointer - Data unsafe.Pointer - } -) - -var ( - nilType = typeOf(nil) - boolType = typeOf(*new(bool)) - int32Type = typeOf(*new(int32)) - int64Type = typeOf(*new(int64)) - uint32Type = typeOf(*new(uint32)) - uint64Type = typeOf(*new(uint64)) - float32Type = typeOf(*new(float32)) - float64Type = typeOf(*new(float64)) - stringType = typeOf(*new(string)) - bytesType = typeOf(*new([]byte)) - enumType = typeOf(*new(EnumNumber)) -) - -// typeOf returns a pointer to the Go type information. -// The pointer is comparable and equal if and only if the types are identical. -func typeOf(t any) unsafe.Pointer { - return (*ifaceHeader)(unsafe.Pointer(&t)).Type -} - -// value is a union where only one type can be represented at a time. -// The struct is 24B large on 64-bit systems and requires the minimum storage -// necessary to represent each possible type. -// -// The Go GC needs to be able to scan variables containing pointers. -// As such, pointers and non-pointers cannot be intermixed. -type value struct { - pragma.DoNotCompare // 0B - - // typ stores the type of the value as a pointer to the Go type. - typ unsafe.Pointer // 8B - - // ptr stores the data pointer for a String, Bytes, or interface value. - ptr unsafe.Pointer // 8B - - // num stores a Bool, Int32, Int64, Uint32, Uint64, Float32, Float64, or - // Enum value as a raw uint64. - // - // It is also used to store the length of a String or Bytes value; - // the capacity is ignored. - num uint64 // 8B -} - -func valueOfString(v string) Value { - p := (*stringHeader)(unsafe.Pointer(&v)) - return Value{typ: stringType, ptr: p.Data, num: uint64(len(v))} -} -func valueOfBytes(v []byte) Value { - p := (*sliceHeader)(unsafe.Pointer(&v)) - return Value{typ: bytesType, ptr: p.Data, num: uint64(len(v))} -} -func valueOfIface(v any) Value { - p := (*ifaceHeader)(unsafe.Pointer(&v)) - return Value{typ: p.Type, ptr: p.Data} -} - -func (v Value) getString() (x string) { - *(*stringHeader)(unsafe.Pointer(&x)) = stringHeader{Data: v.ptr, Len: int(v.num)} - return x -} -func (v Value) getBytes() (x []byte) { - *(*sliceHeader)(unsafe.Pointer(&x)) = sliceHeader{Data: v.ptr, Len: int(v.num), Cap: int(v.num)} - return x -} -func (v Value) getIface() (x any) { - *(*ifaceHeader)(unsafe.Pointer(&x)) = ifaceHeader{Type: v.typ, Data: v.ptr} - return x -} diff --git a/vendor/modules.txt b/vendor/modules.txt index 26d82e7c62f..90be3a7f1fa 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -98,8 +98,8 @@ golang.org/x/net/bpf ## explicit; go 1.23.0 golang.org/x/sys/unix golang.org/x/sys/windows -# google.golang.org/protobuf v1.36.5 -## explicit; go 1.21 +# google.golang.org/protobuf v1.36.6 +## explicit; go 1.22 google.golang.org/protobuf/encoding/prototext google.golang.org/protobuf/encoding/protowire google.golang.org/protobuf/internal/descfmt From fdb691632d4ed319f8d0478beb15a58a5cb0e6f3 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 24 Mar 2025 11:10:04 -0700 Subject: [PATCH 0884/1176] notify_socket.go: fix staticcheck warning > notify_socket.go:44:24: ST1016: methods on the same type should have the same receiver name (seen 1x "n", 5x "s") (staticcheck) > func (s *notifySocket) Close() error { > ^ As reported by staticcheck from golangci-lint v2.0.0 Signed-off-by: Kir Kolyshkin --- notify_socket.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/notify_socket.go b/notify_socket.go index 34c31cc3ffb..50920c2f9a4 100644 --- a/notify_socket.go +++ b/notify_socket.go @@ -103,11 +103,11 @@ func (s *notifySocket) waitForContainer(container *libcontainer.Container) error return s.run(state.InitProcessPid) } -func (n *notifySocket) run(pid1 int) error { - if n.socket == nil { +func (s *notifySocket) run(pid1 int) error { + if s.socket == nil { return nil } - notifySocketHostAddr := net.UnixAddr{Name: n.host, Net: "unixgram"} + notifySocketHostAddr := net.UnixAddr{Name: s.host, Net: "unixgram"} client, err := net.DialUnix("unixgram", nil, ¬ifySocketHostAddr) if err != nil { return err @@ -120,7 +120,7 @@ func (n *notifySocket) run(pid1 int) error { go func() { for { buf := make([]byte, 4096) - r, err := n.socket.Read(buf) + r, err := s.socket.Read(buf) if err != nil { return } From 6405725ca2597a3d99c65a0f03ed251228ee3d4f Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 24 Mar 2025 11:28:23 -0700 Subject: [PATCH 0885/1176] libct: fix staticcheck QF1006 warning > libcontainer/rootfs_linux.go:1255:13: QF1004: could use strings.ReplaceAll instead (staticcheck) > keyPath := strings.Replace(key, ".", "/", -1) Signed-off-by: Kir Kolyshkin --- libcontainer/rootfs_linux.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index 3df948eeb69..c848fa773d7 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -1252,7 +1252,7 @@ func maskPath(path string, mountLabel string) error { // writeSystemProperty writes the value to a path under /proc/sys as determined from the key. // For e.g. net.ipv4.ip_forward translated to /proc/sys/net/ipv4/ip_forward. func writeSystemProperty(key, value string) error { - keyPath := strings.Replace(key, ".", "/", -1) + keyPath := strings.ReplaceAll(key, ".", "/") return os.WriteFile(path.Join("/proc/sys", keyPath), []byte(value), 0o644) } From 9510ffb658dddbcccde490d49c2b82f5064efd2d Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 24 Mar 2025 11:30:06 -0700 Subject: [PATCH 0886/1176] Fix a few staticcheck QF1001 warnings Like these: > libcontainer/criu_linux.go:959:3: QF1001: could apply De Morgan's law (staticcheck) > !(req.GetType() == criurpc.CriuReqType_FEATURE_CHECK || > ^ > libcontainer/rootfs_linux.go:360:19: QF1001: could apply De Morgan's law (staticcheck) > if err == nil || !(errors.Is(err, unix.EPERM) || errors.Is(err, unix.EBUSY)) { > ^ Signed-off-by: Kir Kolyshkin --- checkpoint.go | 2 +- libcontainer/criu_linux.go | 4 ++-- libcontainer/rootfs_linux.go | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/checkpoint.go b/checkpoint.go index afd515abd43..50046fb9357 100644 --- a/checkpoint.go +++ b/checkpoint.go @@ -70,7 +70,7 @@ checkpointed.`, } err = container.Checkpoint(options) - if err == nil && !(options.LeaveRunning || options.PreDump) { + if err == nil && !options.LeaveRunning && !options.PreDump { // Destroy the container unless we tell CRIU to keep it. if err := container.Destroy(); err != nil { logrus.Warn(err) diff --git a/libcontainer/criu_linux.go b/libcontainer/criu_linux.go index 468c5ba9ff4..30227289e94 100644 --- a/libcontainer/criu_linux.go +++ b/libcontainer/criu_linux.go @@ -956,8 +956,8 @@ func (c *Container) criuSwrk(process *Process, req *criurpc.CriuReq, opts *CriuO // available but empty. criurpc.CriuReqType_VERSION actually // has no req.GetOpts(). if logrus.GetLevel() >= logrus.DebugLevel && - !(req.GetType() == criurpc.CriuReqType_FEATURE_CHECK || - req.GetType() == criurpc.CriuReqType_VERSION) { + (req.GetType() != criurpc.CriuReqType_FEATURE_CHECK && + req.GetType() != criurpc.CriuReqType_VERSION) { val := reflect.ValueOf(req.GetOpts()) v := reflect.Indirect(val) diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index c848fa773d7..b411b0f1336 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -357,7 +357,7 @@ func mountCgroupV2(m *configs.Mount, c *mountConfig) error { err := utils.WithProcfd(c.root, m.Destination, func(dstFd string) error { return mountViaFds(m.Source, nil, m.Destination, dstFd, "cgroup2", uintptr(m.Flags), m.Data) }) - if err == nil || !(errors.Is(err, unix.EPERM) || errors.Is(err, unix.EBUSY)) { + if err == nil || (!errors.Is(err, unix.EPERM) && !errors.Is(err, unix.EBUSY)) { return err } From 30f8acabf6050be2c5e840259cbb5509de0849d9 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 24 Mar 2025 11:32:47 -0700 Subject: [PATCH 0887/1176] Fix staticcheck ST1020/ST1021 warnings I was pretty sure we have a linter for these but apparently we did not. > libcontainer/capabilities/capabilities.go:108:1: ST1020: comment on exported method ApplyCaps should be of the form "ApplyCaps ..." (staticcheck) > // Apply sets all the capabilities for the current process in the config. > ^ > > > types/events.go:15:1: ST1021: comment on exported type Stats should be of the form "Stats ..." (with optional leading article) (staticcheck) > // stats is the runc specific stats structure for stability when encoding and decoding stats. > ^ Signed-off-by: Kir Kolyshkin --- libcontainer/capabilities/capabilities.go | 2 +- types/events.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/libcontainer/capabilities/capabilities.go b/libcontainer/capabilities/capabilities.go index 157d84cd94e..b5963a32816 100644 --- a/libcontainer/capabilities/capabilities.go +++ b/libcontainer/capabilities/capabilities.go @@ -105,7 +105,7 @@ func (c *Caps) ApplyBoundingSet() error { return c.pid.Apply(capability.BOUNDING) } -// Apply sets all the capabilities for the current process in the config. +// ApplyCaps sets all the capabilities for the current process in the config. func (c *Caps) ApplyCaps() error { if c.pid == nil { return nil diff --git a/types/events.go b/types/events.go index 8af94236be5..ed7d2408fdc 100644 --- a/types/events.go +++ b/types/events.go @@ -12,7 +12,7 @@ type Event struct { Data interface{} `json:"data,omitempty"` } -// stats is the runc specific stats structure for stability when encoding and decoding stats. +// Stats is the runc specific stats structure for stability when encoding and decoding stats. type Stats struct { CPU Cpu `json:"cpu"` CPUSet CPUSet `json:"cpuset"` From 9b3ccc19a688ac2c55e8fc3f8ecdc66700e518eb Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 24 Mar 2025 11:37:35 -0700 Subject: [PATCH 0888/1176] libct/intelrdt: fix staticcheck ST1020 warnings > libcontainer/intelrdt/cmt.go:5:1: ST1020: comment on exported function IsCMTEnabled should be of the form "IsCMTEnabled ..." (staticcheck) > // Check if Intel RDT/CMT is enabled. > ^ > libcontainer/intelrdt/intelrdt.go:419:1: ST1020: comment on exported function IsCATEnabled should be of the form "IsCATEnabled ..." (staticcheck) > // Check if Intel RDT/CAT is enabled > ^ > libcontainer/intelrdt/intelrdt.go:425:1: ST1020: comment on exported function IsMBAEnabled should be of the form "IsMBAEnabled ..." (staticcheck) > // Check if Intel RDT/MBA is enabled > ^ > libcontainer/intelrdt/intelrdt.go:446:1: ST1020: comment on exported method Apply should be of the form "Apply ..." (staticcheck) > // Applies Intel RDT configuration to the process with the specified pid > ^ > libcontainer/intelrdt/intelrdt.go:481:1: ST1020: comment on exported method Destroy should be of the form "Destroy ..." (staticcheck) > // Destroys the Intel RDT container-specific 'container_id' group > ^ > libcontainer/intelrdt/intelrdt.go:497:1: ST1020: comment on exported method GetPath should be of the form "GetPath ..." (staticcheck) > // Returns Intel RDT path to save in a state file and to be able to > ^ > libcontainer/intelrdt/intelrdt.go:506:1: ST1020: comment on exported method GetStats should be of the form "GetStats ..." (staticcheck) > // Returns statistics for Intel RDT > ^ > libcontainer/intelrdt/mbm.go:6:1: ST1020: comment on exported function IsMBMEnabled should be of the form "IsMBMEnabled ..." (staticcheck) > // Check if Intel RDT/MBM is enabled. > ^ > 8 issues: > * staticcheck: 8 While at it, add missing periods. Signed-off-by: Kir Kolyshkin --- libcontainer/intelrdt/cmt.go | 2 +- libcontainer/intelrdt/intelrdt.go | 14 +++++++------- libcontainer/intelrdt/mbm.go | 2 +- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/libcontainer/intelrdt/cmt.go b/libcontainer/intelrdt/cmt.go index 6480a130697..56cb956ae76 100644 --- a/libcontainer/intelrdt/cmt.go +++ b/libcontainer/intelrdt/cmt.go @@ -2,7 +2,7 @@ package intelrdt var cmtEnabled bool -// Check if Intel RDT/CMT is enabled. +// IsCMTEnabled checks if Intel RDT/CMT is enabled. func IsCMTEnabled() bool { featuresInit() return cmtEnabled diff --git a/libcontainer/intelrdt/intelrdt.go b/libcontainer/intelrdt/intelrdt.go index 97a9fe4d3e7..7d4b4d38a60 100644 --- a/libcontainer/intelrdt/intelrdt.go +++ b/libcontainer/intelrdt/intelrdt.go @@ -416,13 +416,13 @@ func WriteIntelRdtTasks(dir string, pid int) error { return nil } -// Check if Intel RDT/CAT is enabled +// IsCATEnabled checks if Intel RDT/CAT is enabled. func IsCATEnabled() bool { featuresInit() return catEnabled } -// Check if Intel RDT/MBA is enabled +// IsMBAEnabled checks if Intel RDT/MBA is enabled. func IsMBAEnabled() bool { featuresInit() return mbaEnabled @@ -443,7 +443,7 @@ func (m *Manager) getIntelRdtPath() (string, error) { return filepath.Join(rootPath, clos), nil } -// Applies Intel RDT configuration to the process with the specified pid +// Apply applies Intel RDT configuration to the process with the specified pid. func (m *Manager) Apply(pid int) (err error) { // If intelRdt is not specified in config, we do nothing if m.config.IntelRdt == nil { @@ -478,7 +478,7 @@ func (m *Manager) Apply(pid int) (err error) { return nil } -// Destroys the Intel RDT container-specific 'container_id' group +// Destroy destroys the Intel RDT container-specific container_id group. func (m *Manager) Destroy() error { // Don't remove resctrl group if closid has been explicitly specified. The // group is likely externally managed, i.e. by some other entity than us. @@ -494,8 +494,8 @@ func (m *Manager) Destroy() error { return nil } -// Returns Intel RDT path to save in a state file and to be able to -// restore the object later +// GetPath returns Intel RDT path to save in a state file and to be able to +// restore the object later. func (m *Manager) GetPath() string { if m.path == "" { m.path, _ = m.getIntelRdtPath() @@ -503,7 +503,7 @@ func (m *Manager) GetPath() string { return m.path } -// Returns statistics for Intel RDT +// GetStats returns statistics for Intel RDT. func (m *Manager) GetStats() (*Stats, error) { // If intelRdt is not specified in config if m.config.IntelRdt == nil { diff --git a/libcontainer/intelrdt/mbm.go b/libcontainer/intelrdt/mbm.go index 13f31ac7a08..669168faf64 100644 --- a/libcontainer/intelrdt/mbm.go +++ b/libcontainer/intelrdt/mbm.go @@ -3,7 +3,7 @@ package intelrdt // The flag to indicate if Intel RDT/MBM is enabled var mbmEnabled bool -// Check if Intel RDT/MBM is enabled. +// IsMBMEnabled checks if Intel RDT/MBM is enabled. func IsMBMEnabled() bool { featuresInit() return mbmEnabled From 127e8e68d335aa7b908c7822fa985629d8fbe81d Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 24 Mar 2025 11:45:39 -0700 Subject: [PATCH 0889/1176] ci: bump to golangci-lint v2.0 The new configuration file was initially generated by golangci-lint migrate, when tweaked to minimize and simplify. golangci-lint v2 switches to a new version of staticcheck which shows much more warnings. Some of them were fixed by a few previous commits, and the rest of them are disabled. In particular, ST1005 had to be disabled (an attempt to fix it was made in https://github.com/opencontainers/runc/pull/3857 but it wasn't merged). Also, golangci-extra was modified to include ALL staticcheck linters. Signed-off-by: Kir Kolyshkin --- .github/workflows/validate.yml | 4 ++-- .golangci-extra.yml | 8 +++++++- .golangci.yml | 26 +++++++++++++++++++------- 3 files changed, 28 insertions(+), 10 deletions(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index b3ac384d337..8e2e0220caa 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -38,9 +38,9 @@ jobs: run: | sudo apt -q update sudo apt -qy install libseccomp-dev - - uses: golangci/golangci-lint-action@v6 + - uses: golangci/golangci-lint-action@v7 with: - version: v1.64 + version: v2.0 # Extra linters, only checking new code from a pull request. - name: lint-extra if: github.event_name == 'pull_request' diff --git a/.golangci-extra.yml b/.golangci-extra.yml index be33f90d7f9..0b27a1bf02b 100644 --- a/.golangci-extra.yml +++ b/.golangci-extra.yml @@ -3,13 +3,19 @@ # # For the default linter config, see .golangci.yml. This config should # only enable additional linters not enabled in the default config. +version: "2" run: build-tags: - seccomp linters: - disable-all: true + default: none enable: - godot - revive + - staticcheck + settings: + staticcheck: + checks: + - all diff --git a/.golangci.yml b/.golangci.yml index 64c285cd033..5d31ed92a9a 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -1,18 +1,30 @@ -# For documentation, see https://golangci-lint.run/usage/configuration/ +version: "2" run: build-tags: - seccomp -linters: +formatters: enable: - gofumpt + +linters: + enable: - errorlint - nolintlint - unconvert - unparam - -linters-settings: - govet: - enable: - - nilness + settings: + govet: + enable: + - nilness + staticcheck: + checks: + - all + - -ST1000 # https://staticcheck.dev/docs/checks/#ST1000 Incorrect or missing package comment. + - -ST1003 # https://staticcheck.dev/docs/checks/#ST1003 Poorly chosen identifier. + - -ST1005 # https://staticcheck.dev/docs/checks/#ST1005 Incorrectly formatted error string. + - -QF1008 # https://staticcheck.dev/docs/checks/#QF1008 Omit embedded fields from selector expression. + exclusions: + presets: + - std-error-handling From b68cbdff345fc196e8619164ebf40f1ebaeb6561 Mon Sep 17 00:00:00 2001 From: Andrei Vagin Date: Tue, 25 Mar 2025 18:55:39 +0000 Subject: [PATCH 0890/1176] criu: Add time namespace to container config after checkpoint/restore Since v3.14, CRIU always restores processes into a time namespace to prevent backward jumps of monotonic and boottime clocks. This change updates the container configuration to ensure that `runc exec` launches new processes within the container's time namespace. Fixes #2610 Signed-off-by: Andrei Vagin --- libcontainer/criu_linux.go | 7 +++++++ tests/integration/checkpoint.bats | 35 +++++++++++++++++++++++++++++++ 2 files changed, 42 insertions(+) diff --git a/libcontainer/criu_linux.go b/libcontainer/criu_linux.go index 468c5ba9ff4..59befe451ef 100644 --- a/libcontainer/criu_linux.go +++ b/libcontainer/criu_linux.go @@ -1151,6 +1151,13 @@ func (c *Container) criuNotifications(resp *criurpc.CriuResp, process *Process, } // create a timestamp indicating when the restored checkpoint was started c.created = time.Now().UTC() + if !c.config.Namespaces.Contains(configs.NEWTIME) && + configs.IsNamespaceSupported(configs.NEWTIME) && + c.checkCriuVersion(31400) == nil { + // CRIU restores processes into a time namespace. + c.config.Namespaces = append(c.config.Namespaces, + configs.Namespace{Type: configs.NEWTIME}) + } if _, err := c.updateState(r); err != nil { return err } diff --git a/tests/integration/checkpoint.bats b/tests/integration/checkpoint.bats index 9b8acedf35f..3db3406137c 100644 --- a/tests/integration/checkpoint.bats +++ b/tests/integration/checkpoint.bats @@ -441,3 +441,38 @@ function simple_cr() { pid=$(cat "pid") grep -q "${REL_CGROUPS_PATH}$" "/proc/$pid/cgroup" } + +@test "checkpoint/restore and exec" { + runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox + [ "$status" -eq 0 ] + + testcontainer test_busybox running + + local execed_pid="" + for _ in $(seq 2); do + # checkpoint the running container + runc checkpoint --work-path ./work-dir test_busybox + [ "$status" -eq 0 ] + + # after checkpoint busybox is no longer running + testcontainer test_busybox checkpointed + + # restore from checkpoint + runc restore -d --work-path ./work-dir --console-socket "$CONSOLE_SOCKET" test_busybox + [ "$status" -eq 0 ] + + # busybox should be back up and running + testcontainer test_busybox running + + # verify that previously exec'd process is restored. + if [ -n "$execed_pid" ]; then + runc exec test_busybox ls -ld "/proc/$execed_pid" + [ "$status" -eq 0 ] + fi + + # exec a new background process. + runc exec test_busybox sh -c 'sleep 1000 < /dev/null &> /dev/null & echo $!' + [ "$status" -eq 0 ] + execed_pid=$output + done +} From 8cc1eb379bb0422c9198723d1b49d83c7295212e Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 25 Mar 2025 14:24:20 -0700 Subject: [PATCH 0891/1176] Introduce and use internal/linux This package is to provide unix.* wrappers to ensure that: - they retry on EINTR; - a "rich" error is returned on failure. A first such wrapper, Sendmsg, is introduced. Signed-off-by: Kir Kolyshkin --- internal/linux/eintr.go | 18 ++++++++++++++++++ internal/linux/linux.go | 15 +++++++++++++++ libcontainer/utils/cmsg.go | 8 ++------ notify_socket.go | 7 ++++--- 4 files changed, 39 insertions(+), 9 deletions(-) create mode 100644 internal/linux/eintr.go create mode 100644 internal/linux/linux.go diff --git a/internal/linux/eintr.go b/internal/linux/eintr.go new file mode 100644 index 00000000000..4b3dd5197c5 --- /dev/null +++ b/internal/linux/eintr.go @@ -0,0 +1,18 @@ +package linux + +import ( + "errors" + + "golang.org/x/sys/unix" +) + +// retryOnEINTR takes a function that returns an error and calls it +// until the error returned is not EINTR. +func retryOnEINTR(fn func() error) error { + for { + err := fn() + if !errors.Is(err, unix.EINTR) { + return err + } + } +} diff --git a/internal/linux/linux.go b/internal/linux/linux.go new file mode 100644 index 00000000000..d5ce74d2a01 --- /dev/null +++ b/internal/linux/linux.go @@ -0,0 +1,15 @@ +package linux + +import ( + "os" + + "golang.org/x/sys/unix" +) + +// Sendmsg wraps [unix.Sendmsg]. +func Sendmsg(fd int, p, oob []byte, to unix.Sockaddr, flags int) error { + err := retryOnEINTR(func() error { + return unix.Sendmsg(fd, p, oob, to, flags) + }) + return os.NewSyscallError("sendmsg", err) +} diff --git a/libcontainer/utils/cmsg.go b/libcontainer/utils/cmsg.go index 8b63a129599..96aa3ccc98c 100644 --- a/libcontainer/utils/cmsg.go +++ b/libcontainer/utils/cmsg.go @@ -21,6 +21,7 @@ import ( "os" "runtime" + "github.com/opencontainers/runc/internal/linux" "golang.org/x/sys/unix" ) @@ -126,10 +127,5 @@ func SendFile(socket *os.File, file *os.File) error { // SendRawFd sends a specific file descriptor over the given AF_UNIX socket. func SendRawFd(socket *os.File, msg string, fd uintptr) error { oob := unix.UnixRights(int(fd)) - for { - err := unix.Sendmsg(int(socket.Fd()), []byte(msg), oob, nil, 0) - if err != unix.EINTR { - return os.NewSyscallError("sendmsg", err) - } - } + return linux.Sendmsg(int(socket.Fd()), []byte(msg), oob, nil, 0) } diff --git a/notify_socket.go b/notify_socket.go index 34c31cc3ffb..afe818b3abd 100644 --- a/notify_socket.go +++ b/notify_socket.go @@ -11,6 +11,7 @@ import ( "strconv" "time" + "github.com/opencontainers/runc/internal/linux" "github.com/opencontainers/runc/libcontainer" "github.com/opencontainers/runtime-spec/specs-go" "github.com/sirupsen/logrus" @@ -181,7 +182,7 @@ func sdNotifyBarrier(client *net.UnixConn) error { return err } - // Get the FD for the unix socket file to be able to do perform syscall.Sendmsg. + // Get the FD for the unix socket file to be able to use sendmsg. clientFd, err := client.File() if err != nil { return err @@ -189,9 +190,9 @@ func sdNotifyBarrier(client *net.UnixConn) error { // Send the write end of the pipe along with a BARRIER=1 message. fdRights := unix.UnixRights(int(pipeW.Fd())) - err = unix.Sendmsg(int(clientFd.Fd()), []byte("BARRIER=1"), fdRights, nil, 0) + err = linux.Sendmsg(int(clientFd.Fd()), []byte("BARRIER=1"), fdRights, nil, 0) if err != nil { - return &os.SyscallError{Syscall: "sendmsg", Err: err} + return err } // Close our copy of pipeW. From 431b8bb4d8dde8b6c96a280c950829481d617de2 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 25 Mar 2025 14:36:42 -0700 Subject: [PATCH 0892/1176] int/linux: add/use Getwd Signed-off-by: Kir Kolyshkin --- internal/linux/eintr.go | 10 ++++++++++ internal/linux/linux.go | 6 ++++++ libcontainer/init_linux.go | 5 +++-- libcontainer/specconv/spec_linux.go | 20 +++++--------------- 4 files changed, 24 insertions(+), 17 deletions(-) diff --git a/internal/linux/eintr.go b/internal/linux/eintr.go index 4b3dd5197c5..36a6e3e29ee 100644 --- a/internal/linux/eintr.go +++ b/internal/linux/eintr.go @@ -16,3 +16,13 @@ func retryOnEINTR(fn func() error) error { } } } + +// retryOnEINTR2 is like retryOnEINTR, but it returns 2 values. +func retryOnEINTR2[T any](fn func() (T, error)) (T, error) { + for { + val, err := fn() + if !errors.Is(err, unix.EINTR) { + return val, err + } + } +} diff --git a/internal/linux/linux.go b/internal/linux/linux.go index d5ce74d2a01..efcd985d428 100644 --- a/internal/linux/linux.go +++ b/internal/linux/linux.go @@ -6,6 +6,12 @@ import ( "golang.org/x/sys/unix" ) +// Getwd wraps [unix.Getwd]. +func Getwd() (wd string, err error) { + wd, err = retryOnEINTR2(unix.Getwd) + return wd, os.NewSyscallError("getwd", err) +} + // Sendmsg wraps [unix.Sendmsg]. func Sendmsg(fd int, p, oob []byte, to unix.Sockaddr, flags int) error { err := retryOnEINTR(func() error { diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go index ef7b0cf136e..4546af9da76 100644 --- a/libcontainer/init_linux.go +++ b/libcontainer/init_linux.go @@ -20,6 +20,7 @@ import ( "golang.org/x/sys/unix" "github.com/opencontainers/cgroups" + "github.com/opencontainers/runc/internal/linux" "github.com/opencontainers/runc/libcontainer/capabilities" "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/system" @@ -280,10 +281,10 @@ func verifyCwd() error { // details, and CVE-2024-21626 for the security issue that motivated this // check. // - // We have to use unix.Getwd() here because os.Getwd() has a workaround for + // We do not use os.Getwd() here because it has a workaround for // $PWD which involves doing stat(.), which can fail if the current // directory is inaccessible to the container process. - if wd, err := unix.Getwd(); errors.Is(err, unix.ENOENT) { + if wd, err := linux.Getwd(); errors.Is(err, unix.ENOENT) { return errors.New("current working directory is outside of container mount namespace root -- possible container breakout detected") } else if err != nil { return fmt.Errorf("failed to verify if current working directory is safe: %w", err) diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go index be1e3d8eaf6..37068da7f8f 100644 --- a/libcontainer/specconv/spec_linux.go +++ b/libcontainer/specconv/spec_linux.go @@ -16,6 +16,7 @@ import ( dbus "github.com/godbus/dbus/v5" "github.com/opencontainers/cgroups" devices "github.com/opencontainers/cgroups/devices/config" + "github.com/opencontainers/runc/internal/linux" "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/internal/userns" "github.com/opencontainers/runc/libcontainer/seccomp" @@ -344,24 +345,13 @@ type CreateOpts struct { RootlessCgroups bool } -// getwd is a wrapper similar to os.Getwd, except it always gets -// the value from the kernel, which guarantees the returned value -// to be absolute and clean. -func getwd() (wd string, err error) { - for { - wd, err = unix.Getwd() - if err != unix.EINTR { - break - } - } - return wd, os.NewSyscallError("getwd", err) -} - // CreateLibcontainerConfig creates a new libcontainer configuration from a // given specification and a cgroup name func CreateLibcontainerConfig(opts *CreateOpts) (*configs.Config, error) { - // runc's cwd will always be the bundle path - cwd, err := getwd() + // Runc's cwd will always be the bundle path. + // Use the value from the kernel, which guarantees the returned value + // to be absolute and clean. + cwd, err := linux.Getwd() if err != nil { return nil, err } From c690b66d7f75036ccf04ae73c27aa75aedec04e0 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 25 Mar 2025 14:41:41 -0700 Subject: [PATCH 0893/1176] int/linux: add/use Exec Drop the libcontainer/system/exec, and use the linux.Exec instead. Signed-off-by: Kir Kolyshkin --- internal/linux/linux.go | 11 +++++++++++ libcontainer/setns_init_linux.go | 3 ++- libcontainer/standard_init_linux.go | 3 ++- libcontainer/system/linux.go | 9 --------- 4 files changed, 15 insertions(+), 11 deletions(-) diff --git a/internal/linux/linux.go b/internal/linux/linux.go index efcd985d428..9c81a7434fc 100644 --- a/internal/linux/linux.go +++ b/internal/linux/linux.go @@ -6,6 +6,17 @@ import ( "golang.org/x/sys/unix" ) +// Exec wraps [unix.Exec]. +func Exec(cmd string, args []string, env []string) error { + err := retryOnEINTR(func() error { + return unix.Exec(cmd, args, env) + }) + if err != nil { + return &os.PathError{Op: "exec", Path: cmd, Err: err} + } + return nil +} + // Getwd wraps [unix.Getwd]. func Getwd() (wd string, err error) { wd, err = retryOnEINTR2(unix.Getwd) diff --git a/libcontainer/setns_init_linux.go b/libcontainer/setns_init_linux.go index 1c014d62e1b..a3d9a8d92af 100644 --- a/libcontainer/setns_init_linux.go +++ b/libcontainer/setns_init_linux.go @@ -10,6 +10,7 @@ import ( "github.com/sirupsen/logrus" "golang.org/x/sys/unix" + "github.com/opencontainers/runc/internal/linux" "github.com/opencontainers/runc/libcontainer/apparmor" "github.com/opencontainers/runc/libcontainer/keys" "github.com/opencontainers/runc/libcontainer/seccomp" @@ -156,5 +157,5 @@ func (l *linuxSetnsInit) Init() error { if err := utils.UnsafeCloseFrom(l.config.PassedFilesCount + 3); err != nil { return err } - return system.Exec(name, l.config.Args, l.config.Env) + return linux.Exec(name, l.config.Args, l.config.Env) } diff --git a/libcontainer/standard_init_linux.go b/libcontainer/standard_init_linux.go index 1b37190c038..cccb1d89ae8 100644 --- a/libcontainer/standard_init_linux.go +++ b/libcontainer/standard_init_linux.go @@ -11,6 +11,7 @@ import ( "github.com/sirupsen/logrus" "golang.org/x/sys/unix" + "github.com/opencontainers/runc/internal/linux" "github.com/opencontainers/runc/libcontainer/apparmor" "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/keys" @@ -298,5 +299,5 @@ func (l *linuxStandardInit) Init() error { if err := utils.UnsafeCloseFrom(l.config.PassedFilesCount + 3); err != nil { return err } - return system.Exec(name, l.config.Args, l.config.Env) + return linux.Exec(name, l.config.Args, l.config.Env) } diff --git a/libcontainer/system/linux.go b/libcontainer/system/linux.go index e8ce0ecac9d..48167bd62ed 100644 --- a/libcontainer/system/linux.go +++ b/libcontainer/system/linux.go @@ -32,15 +32,6 @@ func (p ParentDeathSignal) Set() error { return SetParentDeathSignal(uintptr(p)) } -func Exec(cmd string, args []string, env []string) error { - for { - err := unix.Exec(cmd, args, env) - if err != unix.EINTR { - return &os.PathError{Op: "exec", Path: cmd, Err: err} - } - } -} - func SetParentDeathSignal(sig uintptr) error { if err := unix.Prctl(unix.PR_SET_PDEATHSIG, sig, 0, 0, 0); err != nil { return err From e655abc0da9ba2c2c36579ccbdc845a9bcf356b7 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 25 Mar 2025 14:51:07 -0700 Subject: [PATCH 0894/1176] int/linux: add/use Dup3, Open, Openat Signed-off-by: Kir Kolyshkin --- internal/linux/linux.go | 30 ++++++++++++++++++++++++++ libcontainer/console_linux.go | 11 ++++------ libcontainer/rootfs_linux.go | 17 ++++++--------- libcontainer/standard_init_linux.go | 4 ++-- libcontainer/utils/utils_unix.go | 5 +++-- tests/cmd/seccompagent/seccompagent.go | 3 ++- 6 files changed, 48 insertions(+), 22 deletions(-) diff --git a/internal/linux/linux.go b/internal/linux/linux.go index 9c81a7434fc..b281a334793 100644 --- a/internal/linux/linux.go +++ b/internal/linux/linux.go @@ -6,6 +6,14 @@ import ( "golang.org/x/sys/unix" ) +// Dup3 wraps [unix.Dup3]. +func Dup3(oldfd, newfd, flags int) error { + err := retryOnEINTR(func() error { + return unix.Dup3(oldfd, newfd, flags) + }) + return os.NewSyscallError("dup3", err) +} + // Exec wraps [unix.Exec]. func Exec(cmd string, args []string, env []string) error { err := retryOnEINTR(func() error { @@ -23,6 +31,28 @@ func Getwd() (wd string, err error) { return wd, os.NewSyscallError("getwd", err) } +// Open wraps [unix.Open]. +func Open(path string, mode int, perm uint32) (fd int, err error) { + fd, err = retryOnEINTR2(func() (int, error) { + return unix.Open(path, mode, perm) + }) + if err != nil { + return -1, &os.PathError{Op: "open", Path: path, Err: err} + } + return fd, nil +} + +// Openat wraps [unix.Openat]. +func Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error) { + fd, err = retryOnEINTR2(func() (int, error) { + return unix.Openat(dirfd, path, mode, perm) + }) + if err != nil { + return -1, &os.PathError{Op: "openat", Path: path, Err: err} + } + return fd, nil +} + // Sendmsg wraps [unix.Sendmsg]. func Sendmsg(fd int, p, oob []byte, to unix.Sockaddr, flags int) error { err := retryOnEINTR(func() error { diff --git a/libcontainer/console_linux.go b/libcontainer/console_linux.go index e506853e45a..c42e60e3c52 100644 --- a/libcontainer/console_linux.go +++ b/libcontainer/console_linux.go @@ -3,6 +3,7 @@ package libcontainer import ( "os" + "github.com/opencontainers/runc/internal/linux" "golang.org/x/sys/unix" ) @@ -26,16 +27,12 @@ func mountConsole(slavePath string) error { // dupStdio opens the slavePath for the console and dups the fds to the current // processes stdio, fd 0,1,2. func dupStdio(slavePath string) error { - fd, err := unix.Open(slavePath, unix.O_RDWR, 0) + fd, err := linux.Open(slavePath, unix.O_RDWR, 0) if err != nil { - return &os.PathError{ - Op: "open", - Path: slavePath, - Err: err, - } + return err } for _, i := range []int{0, 1, 2} { - if err := unix.Dup3(fd, i, 0); err != nil { + if err := linux.Dup3(fd, i, 0); err != nil { return err } } diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index 3df948eeb69..ec2bef074af 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -24,6 +24,7 @@ import ( "github.com/opencontainers/cgroups" devices "github.com/opencontainers/cgroups/devices/config" "github.com/opencontainers/cgroups/fs2" + "github.com/opencontainers/runc/internal/linux" "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/utils" ) @@ -883,12 +884,8 @@ func reOpenDevNull() error { } if stat.Rdev == devNullStat.Rdev { // Close and re-open the fd. - if err := unix.Dup3(int(file.Fd()), fd, 0); err != nil { - return &os.PathError{ - Op: "dup3", - Path: "fd " + strconv.Itoa(int(file.Fd())), - Err: err, - } + if err := linux.Dup3(int(file.Fd()), fd, 0); err != nil { + return err } } } @@ -1063,15 +1060,15 @@ func pivotRoot(rootfs string) error { // with pivot_root this allows us to pivot without creating directories in // the rootfs. Shout-outs to the LXC developers for giving us this idea. - oldroot, err := unix.Open("/", unix.O_DIRECTORY|unix.O_RDONLY, 0) + oldroot, err := linux.Open("/", unix.O_DIRECTORY|unix.O_RDONLY, 0) if err != nil { - return &os.PathError{Op: "open", Path: "/", Err: err} + return err } defer unix.Close(oldroot) - newroot, err := unix.Open(rootfs, unix.O_DIRECTORY|unix.O_RDONLY, 0) + newroot, err := linux.Open(rootfs, unix.O_DIRECTORY|unix.O_RDONLY, 0) if err != nil { - return &os.PathError{Op: "open", Path: rootfs, Err: err} + return err } defer unix.Close(newroot) diff --git a/libcontainer/standard_init_linux.go b/libcontainer/standard_init_linux.go index cccb1d89ae8..6bf5ba39cc8 100644 --- a/libcontainer/standard_init_linux.go +++ b/libcontainer/standard_init_linux.go @@ -262,9 +262,9 @@ func (l *linuxStandardInit) Init() error { // user process. We open it through /proc/self/fd/$fd, because the fd that // was given to us was an O_PATH fd to the fifo itself. Linux allows us to // re-open an O_PATH fd through /proc. - fd, err := unix.Open(fifoPath, unix.O_WRONLY|unix.O_CLOEXEC, 0) + fd, err := linux.Open(fifoPath, unix.O_WRONLY|unix.O_CLOEXEC, 0) if err != nil { - return &os.PathError{Op: "open exec fifo", Path: fifoPath, Err: err} + return err } if _, err := unix.Write(fd, []byte("0")); err != nil { return &os.PathError{Op: "write exec fifo", Path: fifoPath, Err: err} diff --git a/libcontainer/utils/utils_unix.go b/libcontainer/utils/utils_unix.go index 98caa3151d1..3c32769dd7f 100644 --- a/libcontainer/utils/utils_unix.go +++ b/libcontainer/utils/utils_unix.go @@ -14,6 +14,7 @@ import ( _ "unsafe" // for go:linkname securejoin "github.com/cyphar/filepath-securejoin" + "github.com/opencontainers/runc/internal/linux" "github.com/sirupsen/logrus" "golang.org/x/sys/unix" ) @@ -358,9 +359,9 @@ func Openat(dir *os.File, path string, flags int, mode uint32) (*os.File, error) } flags |= unix.O_CLOEXEC - fd, err := unix.Openat(dirFd, path, flags, mode) + fd, err := linux.Openat(dirFd, path, flags, mode) if err != nil { - return nil, &os.PathError{Op: "openat", Path: path, Err: err} + return nil, err } return os.NewFile(uintptr(fd), dir.Name()+"/"+path), nil } diff --git a/tests/cmd/seccompagent/seccompagent.go b/tests/cmd/seccompagent/seccompagent.go index be1e6c25592..e9cc72303b3 100644 --- a/tests/cmd/seccompagent/seccompagent.go +++ b/tests/cmd/seccompagent/seccompagent.go @@ -14,6 +14,7 @@ import ( "strings" securejoin "github.com/cyphar/filepath-securejoin" + "github.com/opencontainers/runc/internal/linux" "github.com/opencontainers/runtime-spec/specs-go" libseccomp "github.com/seccomp/libseccomp-golang" "github.com/sirupsen/logrus" @@ -124,7 +125,7 @@ func handleNewMessage(sockfd int) (uintptr, string, error) { func readArgString(pid uint32, offset int64) (string, error) { buffer := make([]byte, 4096) // PATH_MAX - memfd, err := unix.Open(fmt.Sprintf("/proc/%d/mem", pid), unix.O_RDONLY, 0o777) + memfd, err := linux.Open(fmt.Sprintf("/proc/%d/mem", pid), unix.O_RDONLY, 0o777) if err != nil { return "", err } From 491326cdeb3762a8b5f926be9bb5ddd36115e31d Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 25 Mar 2025 14:55:33 -0700 Subject: [PATCH 0895/1176] int/linux: add/use Recvfrom Signed-off-by: Kir Kolyshkin --- internal/linux/linux.go | 12 ++++++++++++ libcontainer/sync_unix.go | 16 +++------------- 2 files changed, 15 insertions(+), 13 deletions(-) diff --git a/internal/linux/linux.go b/internal/linux/linux.go index b281a334793..9b049647903 100644 --- a/internal/linux/linux.go +++ b/internal/linux/linux.go @@ -53,6 +53,18 @@ func Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error) { return fd, nil } +// Recvfrom wraps [unix.Recvfrom]. +func Recvfrom(fd int, p []byte, flags int) (n int, from unix.Sockaddr, err error) { + err = retryOnEINTR(func() error { + n, from, err = unix.Recvfrom(fd, p, flags) + return err + }) + if err != nil { + return 0, nil, os.NewSyscallError("recvfrom", err) + } + return n, from, err +} + // Sendmsg wraps [unix.Sendmsg]. func Sendmsg(fd int, p, oob []byte, to unix.Sockaddr, flags int) error { err := retryOnEINTR(func() error { diff --git a/libcontainer/sync_unix.go b/libcontainer/sync_unix.go index 69c0228dbe1..2c6e4387d48 100644 --- a/libcontainer/sync_unix.go +++ b/libcontainer/sync_unix.go @@ -6,6 +6,7 @@ import ( "os" "sync/atomic" + "github.com/opencontainers/runc/internal/linux" "golang.org/x/sys/unix" ) @@ -42,20 +43,9 @@ func (s *syncSocket) WritePacket(b []byte) (int, error) { } func (s *syncSocket) ReadPacket() ([]byte, error) { - var ( - size int - err error - ) - - for { - size, _, err = unix.Recvfrom(int(s.f.Fd()), nil, unix.MSG_TRUNC|unix.MSG_PEEK) - if err != unix.EINTR { //nolint:errorlint // unix errors are bare - break - } - } - + size, _, err := linux.Recvfrom(int(s.f.Fd()), nil, unix.MSG_TRUNC|unix.MSG_PEEK) if err != nil { - return nil, fmt.Errorf("fetch packet length from socket: %w", os.NewSyscallError("recvfrom", err)) + return nil, fmt.Errorf("fetch packet length from socket: %w", err) } // We will only get a zero size if the socket has been closed from the // other end (otherwise recvfrom(2) will block until a packet is ready). In From c735c073490229d64062d5386db0fe09dc694340 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 11 Mar 2025 16:23:03 -0700 Subject: [PATCH 0896/1176] tests/integration/selinux: collect user_avc as well Signed-off-by: Kir Kolyshkin --- tests/integration/selinux.bats | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/integration/selinux.bats b/tests/integration/selinux.bats index 53a3ea7281e..f01f2c67959 100644 --- a/tests/integration/selinux.bats +++ b/tests/integration/selinux.bats @@ -27,7 +27,7 @@ function teardown() { teardown_bundle # Show any avc denials. if [[ -v AU_DD && -v AU_TT ]] && command -v ausearch &>/dev/null; then - ausearch -ts "$AU_DD" "$AU_TT" -i -m avc || true + ausearch -ts "$AU_DD" "$AU_TT" -i -m avc,user_avc || true fi } From 131bdac1f3cc7b5a14bc1fb80556f9a762140ccc Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 11 Mar 2025 15:50:23 -0700 Subject: [PATCH 0897/1176] tests/int/selinux: test keyring security label This tests the functionality added by commit cd96170c1 ("Need to setup labeling of kernel keyrings."), for both runc run and runc exec, with and without user namespace. Signed-off-by: Kir Kolyshkin --- Makefile | 2 +- tests/cmd/key_label/key_label.go | 34 ++++++++++++++++++ tests/integration/selinux.bats | 60 ++++++++++++++++++++++++++++++++ 3 files changed, 95 insertions(+), 1 deletion(-) create mode 100644 tests/cmd/key_label/key_label.go diff --git a/Makefile b/Makefile index 5c03dd760b6..bda0c3a0074 100644 --- a/Makefile +++ b/Makefile @@ -87,7 +87,7 @@ TESTBINDIR := tests/cmd/_bin $(TESTBINDIR): mkdir $(TESTBINDIR) -TESTBINS := recvtty sd-helper seccompagent fs-idmap pidfd-kill remap-rootfs +TESTBINS := recvtty sd-helper seccompagent fs-idmap pidfd-kill remap-rootfs key_label .PHONY: test-binaries $(TESTBINS) test-binaries: $(TESTBINS) $(TESTBINS): $(TESTBINDIR) diff --git a/tests/cmd/key_label/key_label.go b/tests/cmd/key_label/key_label.go new file mode 100644 index 00000000000..e12deca53f7 --- /dev/null +++ b/tests/cmd/key_label/key_label.go @@ -0,0 +1,34 @@ +package main + +import ( + "log" + "strings" + + "golang.org/x/sys/unix" +) + +// This is a simple program to print the current session keyring name and its +// security label, to be run inside container (see selinux.bats). Can be +// thought of poor man's keyctl. Written in Go so we can have a static binary +// (a program in C would require libkeyutils which is usually provided only as +// a dynamic library). +func main() { + id, err := unix.KeyctlGetKeyringID(unix.KEY_SPEC_SESSION_KEYRING, false) + if err != nil { + log.Fatalf("GetKeyringID: %v", err) + } + + desc, err := unix.KeyctlString(unix.KEYCTL_DESCRIBE, id) + if err != nil { + log.Fatalf("KeyctlDescribe: %v", err) + } + // keyring;1000;1000;3f030000;_ses + name := desc[strings.LastIndexByte(desc, ';')+1:] + + label, err := unix.KeyctlString(unix.KEYCTL_GET_SECURITY, id) + if err != nil { + log.Fatalf("KeyctlGetSecurity: %v", err) + } + + println(name, label) +} diff --git a/tests/integration/selinux.bats b/tests/integration/selinux.bats index f01f2c67959..40a122e06f6 100644 --- a/tests/integration/selinux.bats +++ b/tests/integration/selinux.bats @@ -31,6 +31,48 @@ function teardown() { fi } +# This needs to be placed at the top of the bats file to work around +# a shellcheck bug. See . +function run_check_label() { + HELPER="key_label" + cp "${TESTBINDIR}/${HELPER}" rootfs/bin/ + + LABEL="system_u:system_r:container_t:s0:c4,c5" + update_config ' .process.selinuxLabel |= "'"$LABEL"'" + | .process.args = ["/bin/'"$HELPER"'"]' + runc run tst + [ "$status" -eq 0 ] + # Key name is _ses.$CONTAINER_NAME. + KEY=_ses.tst + [ "$output" == "$KEY $LABEL" ] +} + +# This needs to be placed at the top of the bats file to work around +# a shellcheck bug. See . +function exec_check_label() { + HELPER="key_label" + cp "${TESTBINDIR}/${HELPER}" rootfs/bin/ + + LABEL="system_u:system_r:container_t:s0:c4,c5" + update_config ' .process.selinuxLabel |= "'"$LABEL"'" + | .process.args = ["/bin/sh"]' + runc run -d --console-socket "$CONSOLE_SOCKET" tst + [ "$status" -eq 0 ] + + runc exec tst "/bin/$HELPER" + [ "$status" -eq 0 ] + # Key name is _ses.$CONTAINER_NAME. + KEY=_ses.tst + [ "$output" == "$KEY $LABEL" ] +} + +function enable_userns() { + update_config ' .linux.namespaces += [{"type": "user"}] + | .linux.uidMappings += [{"hostID": 100000, "containerID": 0, "size": 65534}] + | .linux.gidMappings += [{"hostID": 200000, "containerID": 0, "size": 65534}]' + remap_rootfs +} + # Baseline test, to check that runc works with selinux enabled. @test "runc run (no selinux label)" { update_config ' .process.args = ["/bin/true"]' @@ -44,3 +86,21 @@ function teardown() { runc run tst [ "$status" -eq 0 ] } + +@test "runc run (session keyring security label)" { + run_check_label +} + +@test "runc exec (session keyring security label)" { + exec_check_label +} + +@test "runc run (session keyring security label + userns)" { + enable_userns + run_check_label +} + +@test "runc exec (session keyring security label + userns)" { + enable_userns + exec_check_label +} From 5cfd1a62b3d38f4d288c9037f0eb1bb9d3722255 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 28 Mar 2025 04:44:14 +0000 Subject: [PATCH 0898/1176] build(deps): bump bats-core/bats-action from 3.0.0 to 3.0.1 Bumps [bats-core/bats-action](https://github.com/bats-core/bats-action) from 3.0.0 to 3.0.1. - [Release notes](https://github.com/bats-core/bats-action/releases) - [Commits](https://github.com/bats-core/bats-action/compare/3.0.0...3.0.1) --- updated-dependencies: - dependency-name: bats-core/bats-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 395dffc5d78..ffa11278e0a 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -138,7 +138,7 @@ jobs: run: sudo -E PATH="$PATH" make EXTRA_FLAGS="${{ matrix.race }}" all - name: Setup Bats and bats libs - uses: bats-core/bats-action@3.0.0 + uses: bats-core/bats-action@3.0.1 with: bats-version: 1.9.0 support-install: false From 0b5362651f0e932725c9c935cae05835c7229ea1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 28 Mar 2025 13:00:18 +0000 Subject: [PATCH 0899/1176] build(deps): bump golang.org/x/net from 0.37.0 to 0.38.0 Bumps [golang.org/x/net](https://github.com/golang/net) from 0.37.0 to 0.38.0. - [Commits](https://github.com/golang/net/compare/v0.37.0...v0.38.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 4 +++- go.sum | 4 ++-- vendor/modules.txt | 2 +- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index 2b1c85d88de..0844bd46fdc 100644 --- a/go.mod +++ b/go.mod @@ -2,6 +2,8 @@ module github.com/opencontainers/runc go 1.23.0 +toolchain go1.24.1 + require ( github.com/checkpoint-restore/go-criu/v7 v7.2.0 github.com/containerd/console v1.0.4 @@ -21,7 +23,7 @@ require ( github.com/sirupsen/logrus v1.9.3 github.com/urfave/cli v1.22.16 github.com/vishvananda/netlink v1.3.0 - golang.org/x/net v0.37.0 + golang.org/x/net v0.38.0 golang.org/x/sys v0.31.0 google.golang.org/protobuf v1.36.6 ) diff --git a/go.sum b/go.sum index b30dd69c816..71cbbed91ba 100644 --- a/go.sum +++ b/go.sum @@ -77,8 +77,8 @@ github.com/vishvananda/netlink v1.3.0 h1:X7l42GfcV4S6E4vHTsw48qbrV+9PVojNfIhZcwQ github.com/vishvananda/netlink v1.3.0/go.mod h1:i6NetklAujEcC6fK0JPjT8qSwWyO0HLn4UKG+hGqeJs= github.com/vishvananda/netns v0.0.4 h1:Oeaw1EM2JMxD51g9uhtC0D7erkIjgmj8+JZc26m1YX8= github.com/vishvananda/netns v0.0.4/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM= -golang.org/x/net v0.37.0 h1:1zLorHbz+LYj7MQlSf1+2tPIIgibq2eL5xkrGk6f+2c= -golang.org/x/net v0.37.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8= +golang.org/x/net v0.38.0 h1:vRMAPTMaeGqVhG5QyLJHqNDwecKTomGeqbnfZyKlBI8= +golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8= golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= diff --git a/vendor/modules.txt b/vendor/modules.txt index 90be3a7f1fa..df54ad93c00 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -91,7 +91,7 @@ github.com/vishvananda/netlink/nl # github.com/vishvananda/netns v0.0.4 ## explicit; go 1.17 github.com/vishvananda/netns -# golang.org/x/net v0.37.0 +# golang.org/x/net v0.38.0 ## explicit; go 1.23.0 golang.org/x/net/bpf # golang.org/x/sys v0.31.0 From 7a58d8231f23098b3b4806dad0fe9f6c735b4a58 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 31 Mar 2025 17:13:26 -0700 Subject: [PATCH 0900/1176] .golanci-extra: disable staticcheck QF1008 That is, > QF1008: could remove embedded field "Resources" from selector (staticcheck) While occasionally useful, in other cases it actually decreases readability, so let's disable it even for "extra" (i.e. "new code") linters. Signed-off-by: Kir Kolyshkin --- .golangci-extra.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.golangci-extra.yml b/.golangci-extra.yml index 0b27a1bf02b..fdc20c774cb 100644 --- a/.golangci-extra.yml +++ b/.golangci-extra.yml @@ -19,3 +19,4 @@ linters: staticcheck: checks: - all + - -QF1008 # https://staticcheck.dev/docs/checks/#QF1008 Omit embedded fields from selector expression. From 0fc2338d597f95dd6ae4fca44552798cc76e1628 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 28 Mar 2025 18:47:56 -0700 Subject: [PATCH 0901/1176] libct/specconv: use maps.Clone Signed-off-by: Kir Kolyshkin --- libcontainer/specconv/spec_linux.go | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go index 37068da7f8f..1b6f71cd760 100644 --- a/libcontainer/specconv/spec_linux.go +++ b/libcontainer/specconv/spec_linux.go @@ -5,6 +5,7 @@ package specconv import ( "errors" "fmt" + "maps" "os" "path/filepath" "sort" @@ -916,11 +917,7 @@ func CreateCgroupConfig(opts *CreateOpts, defaultDevs []*devices.Device) (*cgrou } } if len(r.Unified) > 0 { - // copy the map - c.Resources.Unified = make(map[string]string, len(r.Unified)) - for k, v := range r.Unified { - c.Resources.Unified[k] = v - } + c.Resources.Unified = maps.Clone(r.Unified) } } } From ef5acfab4f827e27a0fc249e3d9b3f1824a5f5d3 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 28 Mar 2025 18:50:00 -0700 Subject: [PATCH 0902/1176] libct/configs: use slices.Delete Signed-off-by: Kir Kolyshkin --- libcontainer/configs/namespaces_linux.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libcontainer/configs/namespaces_linux.go b/libcontainer/configs/namespaces_linux.go index 5740fb79424..f9509004607 100644 --- a/libcontainer/configs/namespaces_linux.go +++ b/libcontainer/configs/namespaces_linux.go @@ -3,6 +3,7 @@ package configs import ( "fmt" "os" + "slices" "sync" ) @@ -98,7 +99,7 @@ func (n *Namespaces) Remove(t NamespaceType) bool { if i == -1 { return false } - *n = append((*n)[:i], (*n)[i+1:]...) + *n = slices.Delete((*n), i, i+1) return true } From f64edc4d6dbd02cda988fc1905c495c49c27324b Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 28 Mar 2025 18:50:44 -0700 Subject: [PATCH 0903/1176] ps: use slices.Contains Signed-off-by: Kir Kolyshkin --- ps.go | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/ps.go b/ps.go index 4083e559d75..0fca65d1259 100644 --- a/ps.go +++ b/ps.go @@ -6,6 +6,7 @@ import ( "fmt" "os" "os/exec" + "slices" "strconv" "strings" @@ -86,11 +87,8 @@ var psCommand = cli.Command{ return fmt.Errorf("unable to parse pid: %w", err) } - for _, pid := range pids { - if pid == p { - fmt.Println(line) - break - } + if slices.Contains(pids, p) { + fmt.Println(line) } } return nil From 17570625c02672cc9a0b9b4f007003ef5847452c Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 28 Mar 2025 18:52:42 -0700 Subject: [PATCH 0904/1176] Use for range over integers This appears in Go 1.22 (see https://tip.golang.org/ref/spec#For_range). Signed-off-by: Kir Kolyshkin --- delete.go | 2 +- libcontainer/criu_linux.go | 4 ++-- libcontainer/factory_linux.go | 2 +- libcontainer/integration/bench_test.go | 2 +- libcontainer/integration/execin_test.go | 4 ++-- libcontainer/integration/update_test.go | 2 +- libcontainer/process_linux.go | 2 +- libcontainer/rootfs_linux.go | 4 ++-- libcontainer/specconv/spec_linux.go | 2 +- 9 files changed, 12 insertions(+), 12 deletions(-) diff --git a/delete.go b/delete.go index fc8133438ea..dcb19be1b94 100644 --- a/delete.go +++ b/delete.go @@ -15,7 +15,7 @@ import ( func killContainer(container *libcontainer.Container) error { _ = container.Signal(unix.SIGKILL) - for i := 0; i < 100; i++ { + for range 100 { time.Sleep(100 * time.Millisecond) if err := container.Signal(unix.Signal(0)); err != nil { return container.Destroy() diff --git a/libcontainer/criu_linux.go b/libcontainer/criu_linux.go index 30227289e94..0a050bf797f 100644 --- a/libcontainer/criu_linux.go +++ b/libcontainer/criu_linux.go @@ -832,7 +832,7 @@ func logCriuErrors(dir, file string) { logrus.Warn("...") } // Print the last lines. - for add := 0; add < max; add++ { + for add := range max { i := (idx + add) % max s := lines[i] actLineNo := lineNo + add - max + 1 @@ -961,7 +961,7 @@ func (c *Container) criuSwrk(process *Process, req *criurpc.CriuReq, opts *CriuO val := reflect.ValueOf(req.GetOpts()) v := reflect.Indirect(val) - for i := 0; i < v.NumField(); i++ { + for i := range v.NumField() { st := v.Type() name := st.Field(i).Name if 'A' <= name[0] && name[0] <= 'Z' { diff --git a/libcontainer/factory_linux.go b/libcontainer/factory_linux.go index 539726dfdc8..d222d6b4230 100644 --- a/libcontainer/factory_linux.go +++ b/libcontainer/factory_linux.go @@ -191,7 +191,7 @@ func validateID(id string) error { } // Allowed characters: 0-9 A-Z a-z _ + - . - for i := 0; i < len(id); i++ { + for i := range len(id) { c := id[i] switch { case c >= 'a' && c <= 'z': diff --git a/libcontainer/integration/bench_test.go b/libcontainer/integration/bench_test.go index 841d3aa06dd..c10c57fda3c 100644 --- a/libcontainer/integration/bench_test.go +++ b/libcontainer/integration/bench_test.go @@ -60,7 +60,7 @@ func genBigEnv(count int) []string { } envs := make([]string, count) - for i := 0; i < count; i++ { + for i := range count { key := strings.ToUpper(randStr(10)) value := randStr(20) envs[i] = key + "=" + value diff --git a/libcontainer/integration/execin_test.go b/libcontainer/integration/execin_test.go index 831a4374404..be4142dc926 100644 --- a/libcontainer/integration/execin_test.go +++ b/libcontainer/integration/execin_test.go @@ -209,7 +209,7 @@ func TestExecInError(t *testing.T) { }() ok(t, err) - for i := 0; i < 42; i++ { + for range 42 { unexistent := &libcontainer.Process{ Cwd: "/", Args: []string{"unexistent"}, @@ -263,7 +263,7 @@ func TestExecInTTY(t *testing.T) { // Repeat to increase chances to catch a race; see // https://github.com/opencontainers/runc/issues/2425. - for i := 0; i < 300; i++ { + for range 300 { var stdout bytes.Buffer parent, child, err := utils.NewSockPair("console") diff --git a/libcontainer/integration/update_test.go b/libcontainer/integration/update_test.go index eb864f7fe37..3c0fa4b528b 100644 --- a/libcontainer/integration/update_test.go +++ b/libcontainer/integration/update_test.go @@ -60,7 +60,7 @@ func testUpdateDevices(t *testing.T, systemd bool) { } defaultDevices := config.Cgroups.Resources.Devices - for i := 0; i < 300; i++ { + for i := range 300 { // Check the access buf.Reset() err = container.Run(devCheck) diff --git a/libcontainer/process_linux.go b/libcontainer/process_linux.go index 5ac574bdeff..3fcc79df490 100644 --- a/libcontainer/process_linux.go +++ b/libcontainer/process_linux.go @@ -877,7 +877,7 @@ func getPipeFds(pid int) ([]string, error) { fds := make([]string, 3) dirPath := filepath.Join("/proc", strconv.Itoa(pid), "/fd") - for i := 0; i < 3; i++ { + for i := range 3 { // XXX: This breaks if the path is not a valid symlink (which can // happen in certain particularly unlucky mount namespace setups). f := filepath.Join(dirPath, strconv.Itoa(i)) diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index e1e2d7634b0..7d7e957ddeb 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -878,7 +878,7 @@ func reOpenDevNull() error { if err := unix.Fstat(int(file.Fd()), &devNullStat); err != nil { return &os.PathError{Op: "fstat", Path: file.Name(), Err: err} } - for fd := 0; fd < 3; fd++ { + for fd := range 3 { if err := unix.Fstat(fd, &stat); err != nil { return &os.PathError{Op: "fstat", Path: "fd " + strconv.Itoa(fd), Err: err} } @@ -1211,7 +1211,7 @@ func remountReadonly(m *configs.Mount) error { dest = m.Destination flags = m.Flags ) - for i := 0; i < 5; i++ { + for range 5 { // There is a special case in the kernel for // MS_REMOUNT | MS_BIND, which allows us to change only the // flags even as an unprivileged user (i.e. user namespace) diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go index 1b6f71cd760..c6bf02c98a3 100644 --- a/libcontainer/specconv/spec_linux.go +++ b/libcontainer/specconv/spec_linux.go @@ -626,7 +626,7 @@ func checkPropertyName(s string) error { } // Check ASCII characters rather than Unicode runes, // so we have to use indexes rather than range. - for i := 0; i < len(s); i++ { + for i := range len(s) { ch := s[i] if (ch >= 'A' && ch <= 'Z') || (ch >= 'a' && ch <= 'z') { continue From 7fdec327a08a0b216755dcf8185aa67618bae01e Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 28 Mar 2025 18:55:28 -0700 Subject: [PATCH 0905/1176] Use any instead of interface{} The keyword is available since Go 1.18 (see https://pkg.go.dev/builtin#any). Signed-off-by: Kir Kolyshkin --- libcontainer/configs/config.go | 2 +- libcontainer/factory_linux_test.go | 2 +- libcontainer/specconv/spec_linux_test.go | 2 +- libcontainer/state_linux_test.go | 2 +- libcontainer/sync.go | 2 +- libcontainer/utils/utils.go | 2 +- tty.go | 2 +- types/events.go | 6 +++--- 8 files changed, 10 insertions(+), 10 deletions(-) diff --git a/libcontainer/configs/config.go b/libcontainer/configs/config.go index 346fb9e5e3c..f88eb8b842e 100644 --- a/libcontainer/configs/config.go +++ b/libcontainer/configs/config.go @@ -503,7 +503,7 @@ func (hooks *Hooks) MarshalJSON() ([]byte, error) { return serializableHooks } - return json.Marshal(map[string]interface{}{ + return json.Marshal(map[string]any{ "prestart": serialize((*hooks)[Prestart]), "createRuntime": serialize((*hooks)[CreateRuntime]), "createContainer": serialize((*hooks)[CreateContainer]), diff --git a/libcontainer/factory_linux_test.go b/libcontainer/factory_linux_test.go index 22dcd34125a..1d822a1bd1b 100644 --- a/libcontainer/factory_linux_test.go +++ b/libcontainer/factory_linux_test.go @@ -81,7 +81,7 @@ func TestFactoryLoadContainer(t *testing.T) { } } -func marshal(path string, v interface{}) error { +func marshal(path string, v any) error { f, err := os.Create(path) if err != nil { return err diff --git a/libcontainer/specconv/spec_linux_test.go b/libcontainer/specconv/spec_linux_test.go index 66359f79e6c..0f8d1c18d77 100644 --- a/libcontainer/specconv/spec_linux_test.go +++ b/libcontainer/specconv/spec_linux_test.go @@ -676,7 +676,7 @@ func TestInitSystemdProps(t *testing.T) { type expT struct { isErr bool name string - value interface{} + value any } testCases := []struct { diff --git a/libcontainer/state_linux_test.go b/libcontainer/state_linux_test.go index b57e6eff716..0b0f49958f0 100644 --- a/libcontainer/state_linux_test.go +++ b/libcontainer/state_linux_test.go @@ -24,7 +24,7 @@ func TestStateStatus(t *testing.T) { } func testTransitions(t *testing.T, initialState containerState, valid []containerState) { - validMap := map[reflect.Type]interface{}{} + validMap := map[reflect.Type]any{} for _, validState := range valid { validMap[reflect.TypeOf(validState)] = nil t.Run(validState.status().String(), func(t *testing.T) { diff --git a/libcontainer/sync.go b/libcontainer/sync.go index 0a54a4b81e0..90cf49b86fa 100644 --- a/libcontainer/sync.go +++ b/libcontainer/sync.go @@ -113,7 +113,7 @@ func writeSync(pipe *syncSocket, sync syncType) error { return doWriteSync(pipe, syncT{Type: sync}) } -func writeSyncArg(pipe *syncSocket, sync syncType, arg interface{}) error { +func writeSyncArg(pipe *syncSocket, sync syncType, arg any) error { argJSON, err := json.Marshal(arg) if err != nil { return fmt.Errorf("writing sync %v: marshal argument failed: %w", sync, err) diff --git a/libcontainer/utils/utils.go b/libcontainer/utils/utils.go index 23003e17713..442c02685bf 100644 --- a/libcontainer/utils/utils.go +++ b/libcontainer/utils/utils.go @@ -27,7 +27,7 @@ func ExitStatus(status unix.WaitStatus) int { // without a trailing newline. This is used instead of json.Encoder because // there might be a problem in json decoder in some cases, see: // https://github.com/docker/docker/issues/14203#issuecomment-174177790 -func WriteJSON(w io.Writer, v interface{}) error { +func WriteJSON(w io.Writer, v any) error { data, err := json.Marshal(v) if err != nil { return err diff --git a/tty.go b/tty.go index c101aacb78b..f5e940975b9 100644 --- a/tty.go +++ b/tty.go @@ -44,7 +44,7 @@ func setupProcessPipes(p *libcontainer.Process, rootuid, rootgid int) (*tty, err }, } // add the process's io to the post start closers if they support close - for _, cc := range []interface{}{ + for _, cc := range []any{ p.Stdin, p.Stdout, p.Stderr, diff --git a/types/events.go b/types/events.go index ed7d2408fdc..fc741d2d9e2 100644 --- a/types/events.go +++ b/types/events.go @@ -7,9 +7,9 @@ import ( // Event struct for encoding the event data to json. type Event struct { - Type string `json:"type"` - ID string `json:"id"` - Data interface{} `json:"data,omitempty"` + Type string `json:"type"` + ID string `json:"id"` + Data any `json:"data,omitempty"` } // Stats is the runc specific stats structure for stability when encoding and decoding stats. From 4a0e282b09879b847dca81f34d3c36431f3221dc Mon Sep 17 00:00:00 2001 From: lifubang Date: Tue, 25 Mar 2025 02:34:22 +0000 Subject: [PATCH 0906/1176] test: check whether runc set a correct default home env or not Signed-off-by: lifubang --- tests/integration/exec.bats | 14 ++++++++++++++ tests/integration/run.bats | 16 ++++++++++++++++ 2 files changed, 30 insertions(+) diff --git a/tests/integration/exec.bats b/tests/integration/exec.bats index 8e96f3dddff..43fe4c3cde1 100644 --- a/tests/integration/exec.bats +++ b/tests/integration/exec.bats @@ -352,3 +352,17 @@ EOF [ ${#lines[@]} -eq 1 ] [[ ${lines[0]} = *"exec /run.sh: no such file or directory"* ]] } + +# https://github.com/opencontainers/runc/issues/4688 +@test "runc exec check default home" { + # --user can't work in rootless containers that don't have idmap. + [ $EUID -ne 0 ] && requires rootless_idmap + echo 'tempuser:x:2000:2000:tempuser:/home/tempuser:/bin/sh' >>rootfs/etc/passwd + + runc run -d --console-socket "$CONSOLE_SOCKET" test + [ "$status" -eq 0 ] + + runc exec -u 2000 test sh -c "echo \$HOME" + [ "$status" -eq 0 ] + [ "${lines[0]}" = "/home/tempuser" ] +} diff --git a/tests/integration/run.bats b/tests/integration/run.bats index 86d016dc298..d1143cfea32 100644 --- a/tests/integration/run.bats +++ b/tests/integration/run.bats @@ -219,3 +219,19 @@ EOF [ ${#lines[@]} -eq 1 ] [[ ${lines[0]} = "exec /run.sh: no such file or directory" ]] } + +# https://github.com/opencontainers/runc/issues/4688 +@test "runc run check default home" { + # cannot start containers as another user in rootless setup without idmap + [ $EUID -ne 0 ] && requires rootless_idmap + echo 'tempuser:x:2000:2000:tempuser:/home/tempuser:/bin/sh' >>rootfs/etc/passwd + + # shellcheck disable=SC2016 + update_config ' .process.cwd = "/root" + | .process.user.uid = 2000 + | .process.args |= ["sh", "-c", "echo $HOME"]' + + runc run test_busybox + [ "$status" -eq 0 ] + [ "${lines[0]}" = "/home/tempuser" ] +} From bf38646497586267776aa440323ebf4103338ffa Mon Sep 17 00:00:00 2001 From: lifubang Date: Tue, 25 Mar 2025 02:48:44 +0000 Subject: [PATCH 0907/1176] libct: we should set envs after we are in the jail of the container Because we have to set a default HOME env for the current container user, so we should set it after we are in the jail of the container, or else we'll use host's `/etc/passwd` to get a wrong HOME value. Please see: #4688. Signed-off-by: lifubang --- libcontainer/init_linux.go | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go index 4546af9da76..f9e88ad8d05 100644 --- a/libcontainer/init_linux.go +++ b/libcontainer/init_linux.go @@ -234,12 +234,6 @@ func startInitialization() (retErr error) { } func containerInit(t initType, config *initConfig, pipe *syncSocket, consoleSocket, pidfdSocket, fifoFile, logPipe *os.File) error { - env, err := prepareEnv(config.Env, config.UID) - if err != nil { - return err - } - config.Env = env - // Clean the RLIMIT_NOFILE cache in go runtime. // Issue: https://github.com/opencontainers/runc/issues/4195 maybeClearRlimitNofileCache(config.Rlimits) @@ -326,6 +320,14 @@ func finalizeNamespace(config *initConfig) error { } } + // We should set envs after we are in the jail of the container. + // Please see https://github.com/opencontainers/runc/issues/4688 + env, err := prepareEnv(config.Env, config.UID) + if err != nil { + return err + } + config.Env = env + w, err := capabilities.New(config.Capabilities) if err != nil { return err From bb5aa116221a31dd3b78abc3e4f477146dd41a83 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 4 Apr 2025 04:34:30 +0000 Subject: [PATCH 0908/1176] build(deps): bump github.com/moby/sys/user from 0.3.0 to 0.4.0 Bumps [github.com/moby/sys/user](https://github.com/moby/sys) from 0.3.0 to 0.4.0. - [Release notes](https://github.com/moby/sys/releases) - [Commits](https://github.com/moby/sys/compare/user/v0.3.0...user/v0.4.0) --- updated-dependencies: - dependency-name: github.com/moby/sys/user dependency-version: 0.4.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 +- vendor/github.com/moby/sys/user/idtools.go | 141 +++++++++++++++++ .../github.com/moby/sys/user/idtools_unix.go | 143 ++++++++++++++++++ .../moby/sys/user/idtools_windows.go | 13 ++ vendor/modules.txt | 2 +- 6 files changed, 301 insertions(+), 4 deletions(-) create mode 100644 vendor/github.com/moby/sys/user/idtools.go create mode 100644 vendor/github.com/moby/sys/user/idtools_unix.go create mode 100644 vendor/github.com/moby/sys/user/idtools_windows.go diff --git a/go.mod b/go.mod index 0844bd46fdc..91a46a84dd1 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/godbus/dbus/v5 v5.1.0 github.com/moby/sys/capability v0.4.0 github.com/moby/sys/mountinfo v0.7.2 - github.com/moby/sys/user v0.3.0 + github.com/moby/sys/user v0.4.0 github.com/moby/sys/userns v0.1.0 github.com/mrunalp/fileutils v0.5.1 github.com/opencontainers/cgroups v0.0.1 diff --git a/go.sum b/go.sum index 71cbbed91ba..c181bdfb574 100644 --- a/go.sum +++ b/go.sum @@ -39,8 +39,8 @@ github.com/moby/sys/capability v0.4.0 h1:4D4mI6KlNtWMCM1Z/K0i7RV1FkX+DBDHKVJpCnd github.com/moby/sys/capability v0.4.0/go.mod h1:4g9IK291rVkms3LKCDOoYlnV8xKwoDTpIrNEE35Wq0I= github.com/moby/sys/mountinfo v0.7.2 h1:1shs6aH5s4o5H2zQLn796ADW1wMrIwHsyJ2v9KouLrg= github.com/moby/sys/mountinfo v0.7.2/go.mod h1:1YOa8w8Ih7uW0wALDUgT1dTTSBrZ+HiBLGws92L2RU4= -github.com/moby/sys/user v0.3.0 h1:9ni5DlcW5an3SvRSx4MouotOygvzaXbaSrc/wGDFWPo= -github.com/moby/sys/user v0.3.0/go.mod h1:bG+tYYYJgaMtRKgEmuueC0hJEAZWwtIbZTB+85uoHjs= +github.com/moby/sys/user v0.4.0 h1:jhcMKit7SA80hivmFJcbB1vqmw//wU61Zdui2eQXuMs= +github.com/moby/sys/user v0.4.0/go.mod h1:bG+tYYYJgaMtRKgEmuueC0hJEAZWwtIbZTB+85uoHjs= github.com/moby/sys/userns v0.1.0 h1:tVLXkFOxVu9A64/yh59slHVv9ahO9UIev4JZusOLG/g= github.com/moby/sys/userns v0.1.0/go.mod h1:IHUYgu/kao6N8YZlp9Cf444ySSvCmDlmzUcYfDHOl28= github.com/mrunalp/fileutils v0.5.1 h1:F+S7ZlNKnrwHfSwdlgNSkKo67ReVf8o9fel6C3dkm/Q= diff --git a/vendor/github.com/moby/sys/user/idtools.go b/vendor/github.com/moby/sys/user/idtools.go new file mode 100644 index 00000000000..595b7a92726 --- /dev/null +++ b/vendor/github.com/moby/sys/user/idtools.go @@ -0,0 +1,141 @@ +package user + +import ( + "fmt" + "os" +) + +// MkdirOpt is a type for options to pass to Mkdir calls +type MkdirOpt func(*mkdirOptions) + +type mkdirOptions struct { + onlyNew bool +} + +// WithOnlyNew is an option for MkdirAllAndChown that will only change ownership and permissions +// on newly created directories. If the directory already exists, it will not be modified +func WithOnlyNew(o *mkdirOptions) { + o.onlyNew = true +} + +// MkdirAllAndChown creates a directory (include any along the path) and then modifies +// ownership to the requested uid/gid. By default, if the directory already exists, this +// function will still change ownership and permissions. If WithOnlyNew is passed as an +// option, then only the newly created directories will have ownership and permissions changed. +func MkdirAllAndChown(path string, mode os.FileMode, uid, gid int, opts ...MkdirOpt) error { + var options mkdirOptions + for _, opt := range opts { + opt(&options) + } + + return mkdirAs(path, mode, uid, gid, true, options.onlyNew) +} + +// MkdirAndChown creates a directory and then modifies ownership to the requested uid/gid. +// By default, if the directory already exists, this function still changes ownership and permissions. +// If WithOnlyNew is passed as an option, then only the newly created directory will have ownership +// and permissions changed. +// Note that unlike os.Mkdir(), this function does not return IsExist error +// in case path already exists. +func MkdirAndChown(path string, mode os.FileMode, uid, gid int, opts ...MkdirOpt) error { + var options mkdirOptions + for _, opt := range opts { + opt(&options) + } + return mkdirAs(path, mode, uid, gid, false, options.onlyNew) +} + +// getRootUIDGID retrieves the remapped root uid/gid pair from the set of maps. +// If the maps are empty, then the root uid/gid will default to "real" 0/0 +func getRootUIDGID(uidMap, gidMap []IDMap) (int, int, error) { + uid, err := toHost(0, uidMap) + if err != nil { + return -1, -1, err + } + gid, err := toHost(0, gidMap) + if err != nil { + return -1, -1, err + } + return uid, gid, nil +} + +// toContainer takes an id mapping, and uses it to translate a +// host ID to the remapped ID. If no map is provided, then the translation +// assumes a 1-to-1 mapping and returns the passed in id +func toContainer(hostID int, idMap []IDMap) (int, error) { + if idMap == nil { + return hostID, nil + } + for _, m := range idMap { + if (int64(hostID) >= m.ParentID) && (int64(hostID) <= (m.ParentID + m.Count - 1)) { + contID := int(m.ID + (int64(hostID) - m.ParentID)) + return contID, nil + } + } + return -1, fmt.Errorf("host ID %d cannot be mapped to a container ID", hostID) +} + +// toHost takes an id mapping and a remapped ID, and translates the +// ID to the mapped host ID. If no map is provided, then the translation +// assumes a 1-to-1 mapping and returns the passed in id # +func toHost(contID int, idMap []IDMap) (int, error) { + if idMap == nil { + return contID, nil + } + for _, m := range idMap { + if (int64(contID) >= m.ID) && (int64(contID) <= (m.ID + m.Count - 1)) { + hostID := int(m.ParentID + (int64(contID) - m.ID)) + return hostID, nil + } + } + return -1, fmt.Errorf("container ID %d cannot be mapped to a host ID", contID) +} + +// IdentityMapping contains a mappings of UIDs and GIDs. +// The zero value represents an empty mapping. +type IdentityMapping struct { + UIDMaps []IDMap `json:"UIDMaps"` + GIDMaps []IDMap `json:"GIDMaps"` +} + +// RootPair returns a uid and gid pair for the root user. The error is ignored +// because a root user always exists, and the defaults are correct when the uid +// and gid maps are empty. +func (i IdentityMapping) RootPair() (int, int) { + uid, gid, _ := getRootUIDGID(i.UIDMaps, i.GIDMaps) + return uid, gid +} + +// ToHost returns the host UID and GID for the container uid, gid. +// Remapping is only performed if the ids aren't already the remapped root ids +func (i IdentityMapping) ToHost(uid, gid int) (int, int, error) { + var err error + ruid, rgid := i.RootPair() + + if uid != ruid { + ruid, err = toHost(uid, i.UIDMaps) + if err != nil { + return ruid, rgid, err + } + } + + if gid != rgid { + rgid, err = toHost(gid, i.GIDMaps) + } + return ruid, rgid, err +} + +// ToContainer returns the container UID and GID for the host uid and gid +func (i IdentityMapping) ToContainer(uid, gid int) (int, int, error) { + ruid, err := toContainer(uid, i.UIDMaps) + if err != nil { + return -1, -1, err + } + rgid, err := toContainer(gid, i.GIDMaps) + return ruid, rgid, err +} + +// Empty returns true if there are no id mappings +func (i IdentityMapping) Empty() bool { + return len(i.UIDMaps) == 0 && len(i.GIDMaps) == 0 +} diff --git a/vendor/github.com/moby/sys/user/idtools_unix.go b/vendor/github.com/moby/sys/user/idtools_unix.go new file mode 100644 index 00000000000..4e39d2446b2 --- /dev/null +++ b/vendor/github.com/moby/sys/user/idtools_unix.go @@ -0,0 +1,143 @@ +//go:build !windows + +package user + +import ( + "fmt" + "os" + "path/filepath" + "strconv" + "syscall" +) + +func mkdirAs(path string, mode os.FileMode, uid, gid int, mkAll, onlyNew bool) error { + path, err := filepath.Abs(path) + if err != nil { + return err + } + + stat, err := os.Stat(path) + if err == nil { + if !stat.IsDir() { + return &os.PathError{Op: "mkdir", Path: path, Err: syscall.ENOTDIR} + } + if onlyNew { + return nil + } + + // short-circuit -- we were called with an existing directory and chown was requested + return setPermissions(path, mode, uid, gid, stat) + } + + // make an array containing the original path asked for, plus (for mkAll == true) + // all path components leading up to the complete path that don't exist before we MkdirAll + // so that we can chown all of them properly at the end. If onlyNew is true, we won't + // chown the full directory path if it exists + var paths []string + if os.IsNotExist(err) { + paths = append(paths, path) + } + + if mkAll { + // walk back to "/" looking for directories which do not exist + // and add them to the paths array for chown after creation + dirPath := path + for { + dirPath = filepath.Dir(dirPath) + if dirPath == "/" { + break + } + if _, err = os.Stat(dirPath); os.IsNotExist(err) { + paths = append(paths, dirPath) + } + } + if err = os.MkdirAll(path, mode); err != nil { + return err + } + } else if err = os.Mkdir(path, mode); err != nil { + return err + } + // even if it existed, we will chown the requested path + any subpaths that + // didn't exist when we called MkdirAll + for _, pathComponent := range paths { + if err = setPermissions(pathComponent, mode, uid, gid, nil); err != nil { + return err + } + } + return nil +} + +// setPermissions performs a chown/chmod only if the uid/gid don't match what's requested +// Normally a Chown is a no-op if uid/gid match, but in some cases this can still cause an error, e.g. if the +// dir is on an NFS share, so don't call chown unless we absolutely must. +// Likewise for setting permissions. +func setPermissions(p string, mode os.FileMode, uid, gid int, stat os.FileInfo) error { + if stat == nil { + var err error + stat, err = os.Stat(p) + if err != nil { + return err + } + } + if stat.Mode().Perm() != mode.Perm() { + if err := os.Chmod(p, mode.Perm()); err != nil { + return err + } + } + ssi := stat.Sys().(*syscall.Stat_t) + if ssi.Uid == uint32(uid) && ssi.Gid == uint32(gid) { + return nil + } + return os.Chown(p, uid, gid) +} + +// LoadIdentityMapping takes a requested username and +// using the data from /etc/sub{uid,gid} ranges, creates the +// proper uid and gid remapping ranges for that user/group pair +func LoadIdentityMapping(name string) (IdentityMapping, error) { + // TODO: Consider adding support for calling out to "getent" + usr, err := LookupUser(name) + if err != nil { + return IdentityMapping{}, fmt.Errorf("could not get user for username %s: %w", name, err) + } + + subuidRanges, err := lookupSubRangesFile("/etc/subuid", usr) + if err != nil { + return IdentityMapping{}, err + } + subgidRanges, err := lookupSubRangesFile("/etc/subgid", usr) + if err != nil { + return IdentityMapping{}, err + } + + return IdentityMapping{ + UIDMaps: subuidRanges, + GIDMaps: subgidRanges, + }, nil +} + +func lookupSubRangesFile(path string, usr User) ([]IDMap, error) { + uidstr := strconv.Itoa(usr.Uid) + rangeList, err := ParseSubIDFileFilter(path, func(sid SubID) bool { + return sid.Name == usr.Name || sid.Name == uidstr + }) + if err != nil { + return nil, err + } + if len(rangeList) == 0 { + return nil, fmt.Errorf("no subuid ranges found for user %q", usr.Name) + } + + idMap := []IDMap{} + + var containerID int64 + for _, idrange := range rangeList { + idMap = append(idMap, IDMap{ + ID: containerID, + ParentID: idrange.SubID, + Count: idrange.Count, + }) + containerID = containerID + idrange.Count + } + return idMap, nil +} diff --git a/vendor/github.com/moby/sys/user/idtools_windows.go b/vendor/github.com/moby/sys/user/idtools_windows.go new file mode 100644 index 00000000000..9de730cafbe --- /dev/null +++ b/vendor/github.com/moby/sys/user/idtools_windows.go @@ -0,0 +1,13 @@ +package user + +import ( + "os" +) + +// This is currently a wrapper around [os.MkdirAll] since currently +// permissions aren't set through this path, the identity isn't utilized. +// Ownership is handled elsewhere, but in the future could be support here +// too. +func mkdirAs(path string, _ os.FileMode, _, _ int, _, _ bool) error { + return os.MkdirAll(path, 0) +} diff --git a/vendor/modules.txt b/vendor/modules.txt index df54ad93c00..e49089bf1ea 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -42,7 +42,7 @@ github.com/moby/sys/capability # github.com/moby/sys/mountinfo v0.7.2 ## explicit; go 1.17 github.com/moby/sys/mountinfo -# github.com/moby/sys/user v0.3.0 +# github.com/moby/sys/user v0.4.0 ## explicit; go 1.17 github.com/moby/sys/user # github.com/moby/sys/userns v0.1.0 From 09501d96d2d72709223b50458ed569cca93247d8 Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Tue, 1 Apr 2025 17:13:08 +0200 Subject: [PATCH 0909/1176] libct: Override HOME if its set to the empty string Before commit 06f1e0765 ("libct: speedup process.Env handling") we were overriding HOME if it was set to "" too[1]. But now we only override it if it wasn't set at all. This patch restores the old behavior of overriding it if it was set to an empty value. Docker relies on this behaviour since ages[2]. [1]: https://github.com/opencontainers/runc/blob/1c508045727231e7342e258ab30add1478c1f981/libcontainer/init_linux.go#L544-L549 [2]: https://github.com/moby/moby/blob/843e51459f14ebc964d349eba1013dc8a3e9d52e/integration-cli/docker_cli_run_test.go#L822-L843 Signed-off-by: Rodrigo Campos --- libcontainer/env.go | 18 +++++++++++++++--- libcontainer/env_test.go | 12 ++++++++++++ 2 files changed, 27 insertions(+), 3 deletions(-) diff --git a/libcontainer/env.go b/libcontainer/env.go index fe1abd500b0..71b2f69d06d 100644 --- a/libcontainer/env.go +++ b/libcontainer/env.go @@ -17,13 +17,16 @@ import ( // contains no \0 (nil) bytes; // - removes any duplicates (keeping only the last value for each key) // - sets PATH for the current process, if found in the list; -// - adds HOME to returned environment, if not found in the list. +// - adds HOME to returned environment, if not found in the list, +// or the value is empty. // // Returns the prepared environment. func prepareEnv(env []string, uid int) ([]string, error) { if env == nil { return nil, nil } + var homeIsSet bool + // Deduplication code based on dedupEnv from Go 1.22 os/exec. // Construct the output in reverse order, to preserve the @@ -40,6 +43,7 @@ func prepareEnv(env []string, uid int) ([]string, error) { return nil, errors.New("invalid environment variable: name cannot be empty") } key := kv[:i] + val := kv[i+1:] if saw[key] { // Duplicate. continue } @@ -49,17 +53,25 @@ func prepareEnv(env []string, uid int) ([]string, error) { } if key == "PATH" { // Needs to be set as it is used for binary lookup. - if err := os.Setenv("PATH", kv[i+1:]); err != nil { + if err := os.Setenv("PATH", val); err != nil { return nil, err } } + if key == "HOME" { + if val != "" { + homeIsSet = true + } else { + // Don't add empty HOME to the environment, we will override it later. + continue + } + } out = append(out, kv) } // Restore the original order. slices.Reverse(out) // If HOME is not found in env, get it from container's /etc/passwd and add. - if !saw["HOME"] { + if !homeIsSet { home, err := getUserHome(uid) if err != nil { // For backward compatibility, don't return an error, but merely log it. diff --git a/libcontainer/env_test.go b/libcontainer/env_test.go index c917471670a..18dc52e887a 100644 --- a/libcontainer/env_test.go +++ b/libcontainer/env_test.go @@ -37,6 +37,18 @@ func TestPrepareEnv(t *testing.T) { env: []string{"TERM=vt100", "HOME=/home/one", "HOME=/home/two", "TERM=xterm", "HOME=/home/three", "FOO=bar"}, wantEnv: []string{"TERM=xterm", "HOME=/home/three", "FOO=bar"}, }, + { + env: []string{"HOME=", "HOME=/foo"}, + wantEnv: []string{"HOME=/foo"}, + }, + { + env: []string{"HOME="}, + wantEnv: []string{home}, + }, + { + env: []string{"HOME=/foo", "HOME="}, + wantEnv: []string{home}, + }, } for _, tc := range tests { From 19c65154712e46f8ce154b7972fe522fa3b9cc35 Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Wed, 2 Apr 2025 14:01:48 +0200 Subject: [PATCH 0910/1176] tests: Add env var tests This adds some e2e tests for environment variables set in the config.json. These were based on tests that failed on docker CI[1][2] after the refactor on 06f1e0765 ("libct: speedup process.Env handling") and some bugs that I had along the way trying to fix it. These tests pass with runc 1.2 too. [1]: https://github.com/moby/moby/blob/843e51459f14ebc964d349eba1013dc8a3e9d52e/integration-cli/docker_cli_run_test.go#L822-L843 [2]: https://github.com/moby/moby/blob/843e51459f14ebc964d349eba1013dc8a3e9d52e/integration-cli/docker_cli_links_test.go#L197-L204 Signed-off-by: Rodrigo Campos --- tests/integration/env.bats | 97 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 97 insertions(+) create mode 100644 tests/integration/env.bats diff --git a/tests/integration/env.bats b/tests/integration/env.bats new file mode 100644 index 00000000000..cb984942e70 --- /dev/null +++ b/tests/integration/env.bats @@ -0,0 +1,97 @@ +#!/usr/bin/env bats +# shellcheck disable=SC2016 +# This disables the check for shell variables inside single quotes +# We do that all the time in this file, as we are testing env vars. + +load helpers + +function setup() { + setup_busybox +} + +function teardown() { + teardown_bundle +} + +# Several of these tests are inspired on regressions caught by Docker, besides other tests that +# check the behavior we already had in runc: +# https://github.com/moby/moby/blob/843e51459f14ebc964d349eba1013dc8a3e9d52e/integration-cli/docker_cli_links_test.go#L197-L204 +# https://github.com/moby/moby/blob/843e51459f14ebc964d349eba1013dc8a3e9d52e/integration-cli/docker_cli_run_test.go#L822-L843 +# + +@test "non-empty HOME env is used" { + update_config ' .process.env += ["HOME=/override"]' + update_config ' .process.args += ["-c", "echo $HOME"]' + + runc run test_busybox + [ "$status" -eq 0 ] + [[ "${lines[0]}" == '/override' ]] +} + +@test "empty HOME env var is overridden" { + update_config ' .process.env += ["HOME="]' + update_config ' .process.args += ["-c", "echo $HOME"]' + + runc run test_busybox + [ "$status" -eq 0 ] + [[ "${lines[0]}" == '/root' ]] +} + +@test "empty HOME env var is overridden with multiple overrides" { + update_config ' .process.env += ["HOME=/override", "HOME="]' + update_config ' .process.args += ["-c", "echo $HOME"]' + + runc run test_busybox + [ "$status" -eq 0 ] + [[ "${lines[0]}" == '/root' ]] +} + +@test "env var HOME is set only once" { + # env will show if an env var is set multiple times. + update_config ' .process.args = ["env"]' + update_config ' .process.env = ["HOME=", "PATH=/usr/bin:/bin"]' + + runc run test_busybox + [ "$status" -eq 0 ] + + # There should be 2 words/env-vars: HOME and PATH. + [ "$(wc -w <<<"$output")" -eq 2 ] +} + +@test "env var override is set only once" { + # env will show if an env var is set multiple times. + update_config ' .process.args = ["env"]' + update_config ' .process.env = ["ONE=two", "ONE=", "PATH=/usr/bin:/bin"]' + + runc run test_busybox + [ "$status" -eq 0 ] + + # There should be 3 words/env-vars: ONE, PATH and HOME. + [ "$(wc -w <<<"$output")" -eq 3 ] +} + +@test "env var override" { + update_config ' .process.env += ["ONE=two", "ONE=three"]' + update_config ' .process.args += ["-c", "echo ONE=\"$ONE\""]' + + runc run test_busybox + [ "$status" -eq 0 ] + [[ "${lines[0]}" == "ONE=three" ]] +} + +@test "env var with new-line is honored" { + update_config ' .process.env = ["NEW_LINE_ENV=\n", "PATH=/usr/bin:/bin"]' + update_config ' .process.args = ["env"]' + + runc run test_busybox + [ "$status" -eq 0 ] + + # There should be 4 lines + # NEW_LINE is a \n and when printed, it takes another line: + # 1. HOME=... + # 2. PATH=... + # 3. NEW_LINE_ENV= + # 4. + # + [ "$(wc -l <<<"$output")" -eq 4 ] +} From c5e0ece494c890fd59b1ccfa3ef8d8c320df92ef Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 7 Apr 2025 04:09:11 +0000 Subject: [PATCH 0911/1176] build(deps): bump golang.org/x/sys from 0.31.0 to 0.32.0 Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.31.0 to 0.32.0. - [Commits](https://github.com/golang/sys/compare/v0.31.0...v0.32.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-version: 0.32.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 +- .../golang.org/x/sys/unix/syscall_darwin.go | 149 +++++++++++++++++- vendor/golang.org/x/sys/unix/syscall_linux.go | 42 ++--- .../x/sys/unix/zsyscall_darwin_amd64.go | 84 ++++++++++ .../x/sys/unix/zsyscall_darwin_amd64.s | 20 +++ .../x/sys/unix/zsyscall_darwin_arm64.go | 84 ++++++++++ .../x/sys/unix/zsyscall_darwin_arm64.s | 20 +++ .../golang.org/x/sys/windows/types_windows.go | 27 ++++ vendor/modules.txt | 2 +- 10 files changed, 403 insertions(+), 31 deletions(-) diff --git a/go.mod b/go.mod index 0844bd46fdc..3fe0a7b4973 100644 --- a/go.mod +++ b/go.mod @@ -24,7 +24,7 @@ require ( github.com/urfave/cli v1.22.16 github.com/vishvananda/netlink v1.3.0 golang.org/x/net v0.38.0 - golang.org/x/sys v0.31.0 + golang.org/x/sys v0.32.0 google.golang.org/protobuf v1.36.6 ) diff --git a/go.sum b/go.sum index 71cbbed91ba..f5f8df4d744 100644 --- a/go.sum +++ b/go.sum @@ -85,8 +85,8 @@ golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik= -golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= +golang.org/x/sys v0.32.0 h1:s77OFDvIQeibCmezSnk/q6iAfkdiQaJi4VzroCFrN20= +golang.org/x/sys v0.32.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY= google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/vendor/golang.org/x/sys/unix/syscall_darwin.go b/vendor/golang.org/x/sys/unix/syscall_darwin.go index 099867deede..798f61ad3bf 100644 --- a/vendor/golang.org/x/sys/unix/syscall_darwin.go +++ b/vendor/golang.org/x/sys/unix/syscall_darwin.go @@ -602,7 +602,150 @@ func Connectx(fd int, srcIf uint32, srcAddr, dstAddr Sockaddr, associd SaeAssocI return } -//sys connectx(fd int, endpoints *SaEndpoints, associd SaeAssocID, flags uint32, iov []Iovec, n *uintptr, connid *SaeConnID) (err error) +// sys connectx(fd int, endpoints *SaEndpoints, associd SaeAssocID, flags uint32, iov []Iovec, n *uintptr, connid *SaeConnID) (err error) +const minIovec = 8 + +func Readv(fd int, iovs [][]byte) (n int, err error) { + if !darwinKernelVersionMin(11, 0, 0) { + return 0, ENOSYS + } + + iovecs := make([]Iovec, 0, minIovec) + iovecs = appendBytes(iovecs, iovs) + n, err = readv(fd, iovecs) + readvRacedetect(iovecs, n, err) + return n, err +} + +func Preadv(fd int, iovs [][]byte, offset int64) (n int, err error) { + if !darwinKernelVersionMin(11, 0, 0) { + return 0, ENOSYS + } + iovecs := make([]Iovec, 0, minIovec) + iovecs = appendBytes(iovecs, iovs) + n, err = preadv(fd, iovecs, offset) + readvRacedetect(iovecs, n, err) + return n, err +} + +func Writev(fd int, iovs [][]byte) (n int, err error) { + if !darwinKernelVersionMin(11, 0, 0) { + return 0, ENOSYS + } + + iovecs := make([]Iovec, 0, minIovec) + iovecs = appendBytes(iovecs, iovs) + if raceenabled { + raceReleaseMerge(unsafe.Pointer(&ioSync)) + } + n, err = writev(fd, iovecs) + writevRacedetect(iovecs, n) + return n, err +} + +func Pwritev(fd int, iovs [][]byte, offset int64) (n int, err error) { + if !darwinKernelVersionMin(11, 0, 0) { + return 0, ENOSYS + } + + iovecs := make([]Iovec, 0, minIovec) + iovecs = appendBytes(iovecs, iovs) + if raceenabled { + raceReleaseMerge(unsafe.Pointer(&ioSync)) + } + n, err = pwritev(fd, iovecs, offset) + writevRacedetect(iovecs, n) + return n, err +} + +func appendBytes(vecs []Iovec, bs [][]byte) []Iovec { + for _, b := range bs { + var v Iovec + v.SetLen(len(b)) + if len(b) > 0 { + v.Base = &b[0] + } else { + v.Base = (*byte)(unsafe.Pointer(&_zero)) + } + vecs = append(vecs, v) + } + return vecs +} + +func writevRacedetect(iovecs []Iovec, n int) { + if !raceenabled { + return + } + for i := 0; n > 0 && i < len(iovecs); i++ { + m := int(iovecs[i].Len) + if m > n { + m = n + } + n -= m + if m > 0 { + raceReadRange(unsafe.Pointer(iovecs[i].Base), m) + } + } +} + +func readvRacedetect(iovecs []Iovec, n int, err error) { + if !raceenabled { + return + } + for i := 0; n > 0 && i < len(iovecs); i++ { + m := int(iovecs[i].Len) + if m > n { + m = n + } + n -= m + if m > 0 { + raceWriteRange(unsafe.Pointer(iovecs[i].Base), m) + } + } + if err == nil { + raceAcquire(unsafe.Pointer(&ioSync)) + } +} + +func darwinMajorMinPatch() (maj, min, patch int, err error) { + var un Utsname + err = Uname(&un) + if err != nil { + return + } + + var mmp [3]int + c := 0 +Loop: + for _, b := range un.Release[:] { + switch { + case b >= '0' && b <= '9': + mmp[c] = 10*mmp[c] + int(b-'0') + case b == '.': + c++ + if c > 2 { + return 0, 0, 0, ENOTSUP + } + case b == 0: + break Loop + default: + return 0, 0, 0, ENOTSUP + } + } + if c != 2 { + return 0, 0, 0, ENOTSUP + } + return mmp[0], mmp[1], mmp[2], nil +} + +func darwinKernelVersionMin(maj, min, patch int) bool { + actualMaj, actualMin, actualPatch, err := darwinMajorMinPatch() + if err != nil { + return false + } + return actualMaj > maj || actualMaj == maj && (actualMin > min || actualMin == min && actualPatch >= patch) +} + //sys sendfile(infd int, outfd int, offset int64, len *int64, hdtr unsafe.Pointer, flags int) (err error) //sys shmat(id int, addr uintptr, flag int) (ret uintptr, err error) @@ -705,3 +848,7 @@ func Connectx(fd int, srcIf uint32, srcAddr, dstAddr Sockaddr, associd SaeAssocI //sys write(fd int, p []byte) (n int, err error) //sys mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error) //sys munmap(addr uintptr, length uintptr) (err error) +//sys readv(fd int, iovecs []Iovec) (n int, err error) +//sys preadv(fd int, iovecs []Iovec, offset int64) (n int, err error) +//sys writev(fd int, iovecs []Iovec) (n int, err error) +//sys pwritev(fd int, iovecs []Iovec, offset int64) (n int, err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_linux.go b/vendor/golang.org/x/sys/unix/syscall_linux.go index 230a94549a7..4958a657085 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux.go @@ -13,6 +13,7 @@ package unix import ( "encoding/binary" + "slices" "strconv" "syscall" "time" @@ -417,7 +418,7 @@ func (sa *SockaddrUnix) sockaddr() (unsafe.Pointer, _Socklen, error) { return nil, 0, EINVAL } sa.raw.Family = AF_UNIX - for i := 0; i < n; i++ { + for i := range n { sa.raw.Path[i] = int8(name[i]) } // length is family (uint16), name, NUL. @@ -507,7 +508,7 @@ func (sa *SockaddrL2) sockaddr() (unsafe.Pointer, _Socklen, error) { psm := (*[2]byte)(unsafe.Pointer(&sa.raw.Psm)) psm[0] = byte(sa.PSM) psm[1] = byte(sa.PSM >> 8) - for i := 0; i < len(sa.Addr); i++ { + for i := range len(sa.Addr) { sa.raw.Bdaddr[i] = sa.Addr[len(sa.Addr)-1-i] } cid := (*[2]byte)(unsafe.Pointer(&sa.raw.Cid)) @@ -589,11 +590,11 @@ func (sa *SockaddrCAN) sockaddr() (unsafe.Pointer, _Socklen, error) { sa.raw.Family = AF_CAN sa.raw.Ifindex = int32(sa.Ifindex) rx := (*[4]byte)(unsafe.Pointer(&sa.RxID)) - for i := 0; i < 4; i++ { + for i := range 4 { sa.raw.Addr[i] = rx[i] } tx := (*[4]byte)(unsafe.Pointer(&sa.TxID)) - for i := 0; i < 4; i++ { + for i := range 4 { sa.raw.Addr[i+4] = tx[i] } return unsafe.Pointer(&sa.raw), SizeofSockaddrCAN, nil @@ -618,11 +619,11 @@ func (sa *SockaddrCANJ1939) sockaddr() (unsafe.Pointer, _Socklen, error) { sa.raw.Family = AF_CAN sa.raw.Ifindex = int32(sa.Ifindex) n := (*[8]byte)(unsafe.Pointer(&sa.Name)) - for i := 0; i < 8; i++ { + for i := range 8 { sa.raw.Addr[i] = n[i] } p := (*[4]byte)(unsafe.Pointer(&sa.PGN)) - for i := 0; i < 4; i++ { + for i := range 4 { sa.raw.Addr[i+8] = p[i] } sa.raw.Addr[12] = sa.Addr @@ -911,7 +912,7 @@ func (sa *SockaddrIUCV) sockaddr() (unsafe.Pointer, _Socklen, error) { // These are EBCDIC encoded by the kernel, but we still need to pad them // with blanks. Initializing with blanks allows the caller to feed in either // a padded or an unpadded string. - for i := 0; i < 8; i++ { + for i := range 8 { sa.raw.Nodeid[i] = ' ' sa.raw.User_id[i] = ' ' sa.raw.Name[i] = ' ' @@ -1148,7 +1149,7 @@ func anyToSockaddr(fd int, rsa *RawSockaddrAny) (Sockaddr, error) { var user [8]byte var name [8]byte - for i := 0; i < 8; i++ { + for i := range 8 { user[i] = byte(pp.User_id[i]) name[i] = byte(pp.Name[i]) } @@ -1173,11 +1174,11 @@ func anyToSockaddr(fd int, rsa *RawSockaddrAny) (Sockaddr, error) { Ifindex: int(pp.Ifindex), } name := (*[8]byte)(unsafe.Pointer(&sa.Name)) - for i := 0; i < 8; i++ { + for i := range 8 { name[i] = pp.Addr[i] } pgn := (*[4]byte)(unsafe.Pointer(&sa.PGN)) - for i := 0; i < 4; i++ { + for i := range 4 { pgn[i] = pp.Addr[i+8] } addr := (*[1]byte)(unsafe.Pointer(&sa.Addr)) @@ -1188,11 +1189,11 @@ func anyToSockaddr(fd int, rsa *RawSockaddrAny) (Sockaddr, error) { Ifindex: int(pp.Ifindex), } rx := (*[4]byte)(unsafe.Pointer(&sa.RxID)) - for i := 0; i < 4; i++ { + for i := range 4 { rx[i] = pp.Addr[i] } tx := (*[4]byte)(unsafe.Pointer(&sa.TxID)) - for i := 0; i < 4; i++ { + for i := range 4 { tx[i] = pp.Addr[i+4] } return sa, nil @@ -2216,10 +2217,7 @@ func readvRacedetect(iovecs []Iovec, n int, err error) { return } for i := 0; n > 0 && i < len(iovecs); i++ { - m := int(iovecs[i].Len) - if m > n { - m = n - } + m := min(int(iovecs[i].Len), n) n -= m if m > 0 { raceWriteRange(unsafe.Pointer(iovecs[i].Base), m) @@ -2270,10 +2268,7 @@ func writevRacedetect(iovecs []Iovec, n int) { return } for i := 0; n > 0 && i < len(iovecs); i++ { - m := int(iovecs[i].Len) - if m > n { - m = n - } + m := min(int(iovecs[i].Len), n) n -= m if m > 0 { raceReadRange(unsafe.Pointer(iovecs[i].Base), m) @@ -2320,12 +2315,7 @@ func isGroupMember(gid int) bool { return false } - for _, g := range groups { - if g == gid { - return true - } - } - return false + return slices.Contains(groups, gid) } func isCapDacOverrideSet() bool { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go index 24b346e1a35..813c05b6647 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go @@ -2512,6 +2512,90 @@ var libc_munmap_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func readv(fd int, iovecs []Iovec) (n int, err error) { + var _p0 unsafe.Pointer + if len(iovecs) > 0 { + _p0 = unsafe.Pointer(&iovecs[0]) + } else { + _p0 = unsafe.Pointer(&_zero) + } + r0, _, e1 := syscall_syscall(libc_readv_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(iovecs))) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_readv_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_readv readv "/usr/lib/libSystem.B.dylib" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func preadv(fd int, iovecs []Iovec, offset int64) (n int, err error) { + var _p0 unsafe.Pointer + if len(iovecs) > 0 { + _p0 = unsafe.Pointer(&iovecs[0]) + } else { + _p0 = unsafe.Pointer(&_zero) + } + r0, _, e1 := syscall_syscall6(libc_preadv_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(iovecs)), uintptr(offset), 0, 0) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_preadv_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_preadv preadv "/usr/lib/libSystem.B.dylib" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func writev(fd int, iovecs []Iovec) (n int, err error) { + var _p0 unsafe.Pointer + if len(iovecs) > 0 { + _p0 = unsafe.Pointer(&iovecs[0]) + } else { + _p0 = unsafe.Pointer(&_zero) + } + r0, _, e1 := syscall_syscall(libc_writev_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(iovecs))) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_writev_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_writev writev "/usr/lib/libSystem.B.dylib" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func pwritev(fd int, iovecs []Iovec, offset int64) (n int, err error) { + var _p0 unsafe.Pointer + if len(iovecs) > 0 { + _p0 = unsafe.Pointer(&iovecs[0]) + } else { + _p0 = unsafe.Pointer(&_zero) + } + r0, _, e1 := syscall_syscall6(libc_pwritev_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(iovecs)), uintptr(offset), 0, 0) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_pwritev_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_pwritev pwritev "/usr/lib/libSystem.B.dylib" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func Fstat(fd int, stat *Stat_t) (err error) { _, _, e1 := syscall_syscall(libc_fstat64_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s index ebd213100b3..fda328582b2 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s +++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s @@ -738,6 +738,26 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0 GLOBL ·libc_munmap_trampoline_addr(SB), RODATA, $8 DATA ·libc_munmap_trampoline_addr(SB)/8, $libc_munmap_trampoline<>(SB) +TEXT libc_readv_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_readv(SB) +GLOBL ·libc_readv_trampoline_addr(SB), RODATA, $8 +DATA ·libc_readv_trampoline_addr(SB)/8, $libc_readv_trampoline<>(SB) + +TEXT libc_preadv_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_preadv(SB) +GLOBL ·libc_preadv_trampoline_addr(SB), RODATA, $8 +DATA ·libc_preadv_trampoline_addr(SB)/8, $libc_preadv_trampoline<>(SB) + +TEXT libc_writev_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_writev(SB) +GLOBL ·libc_writev_trampoline_addr(SB), RODATA, $8 +DATA ·libc_writev_trampoline_addr(SB)/8, $libc_writev_trampoline<>(SB) + +TEXT libc_pwritev_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_pwritev(SB) +GLOBL ·libc_pwritev_trampoline_addr(SB), RODATA, $8 +DATA ·libc_pwritev_trampoline_addr(SB)/8, $libc_pwritev_trampoline<>(SB) + TEXT libc_fstat64_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fstat64(SB) GLOBL ·libc_fstat64_trampoline_addr(SB), RODATA, $8 diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go index 824b9c2d5e0..e6f58f3c6f4 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go @@ -2512,6 +2512,90 @@ var libc_munmap_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func readv(fd int, iovecs []Iovec) (n int, err error) { + var _p0 unsafe.Pointer + if len(iovecs) > 0 { + _p0 = unsafe.Pointer(&iovecs[0]) + } else { + _p0 = unsafe.Pointer(&_zero) + } + r0, _, e1 := syscall_syscall(libc_readv_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(iovecs))) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_readv_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_readv readv "/usr/lib/libSystem.B.dylib" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func preadv(fd int, iovecs []Iovec, offset int64) (n int, err error) { + var _p0 unsafe.Pointer + if len(iovecs) > 0 { + _p0 = unsafe.Pointer(&iovecs[0]) + } else { + _p0 = unsafe.Pointer(&_zero) + } + r0, _, e1 := syscall_syscall6(libc_preadv_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(iovecs)), uintptr(offset), 0, 0) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_preadv_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_preadv preadv "/usr/lib/libSystem.B.dylib" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func writev(fd int, iovecs []Iovec) (n int, err error) { + var _p0 unsafe.Pointer + if len(iovecs) > 0 { + _p0 = unsafe.Pointer(&iovecs[0]) + } else { + _p0 = unsafe.Pointer(&_zero) + } + r0, _, e1 := syscall_syscall(libc_writev_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(iovecs))) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_writev_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_writev writev "/usr/lib/libSystem.B.dylib" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func pwritev(fd int, iovecs []Iovec, offset int64) (n int, err error) { + var _p0 unsafe.Pointer + if len(iovecs) > 0 { + _p0 = unsafe.Pointer(&iovecs[0]) + } else { + _p0 = unsafe.Pointer(&_zero) + } + r0, _, e1 := syscall_syscall6(libc_pwritev_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(iovecs)), uintptr(offset), 0, 0) + n = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_pwritev_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_pwritev pwritev "/usr/lib/libSystem.B.dylib" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func Fstat(fd int, stat *Stat_t) (err error) { _, _, e1 := syscall_syscall(libc_fstat_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s index 4f178a22934..7f8998b905b 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s +++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s @@ -738,6 +738,26 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0 GLOBL ·libc_munmap_trampoline_addr(SB), RODATA, $8 DATA ·libc_munmap_trampoline_addr(SB)/8, $libc_munmap_trampoline<>(SB) +TEXT libc_readv_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_readv(SB) +GLOBL ·libc_readv_trampoline_addr(SB), RODATA, $8 +DATA ·libc_readv_trampoline_addr(SB)/8, $libc_readv_trampoline<>(SB) + +TEXT libc_preadv_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_preadv(SB) +GLOBL ·libc_preadv_trampoline_addr(SB), RODATA, $8 +DATA ·libc_preadv_trampoline_addr(SB)/8, $libc_preadv_trampoline<>(SB) + +TEXT libc_writev_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_writev(SB) +GLOBL ·libc_writev_trampoline_addr(SB), RODATA, $8 +DATA ·libc_writev_trampoline_addr(SB)/8, $libc_writev_trampoline<>(SB) + +TEXT libc_pwritev_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_pwritev(SB) +GLOBL ·libc_pwritev_trampoline_addr(SB), RODATA, $8 +DATA ·libc_pwritev_trampoline_addr(SB)/8, $libc_pwritev_trampoline<>(SB) + TEXT libc_fstat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_fstat(SB) GLOBL ·libc_fstat_trampoline_addr(SB), RODATA, $8 diff --git a/vendor/golang.org/x/sys/windows/types_windows.go b/vendor/golang.org/x/sys/windows/types_windows.go index 9d138de5fed..ad67df2fdb6 100644 --- a/vendor/golang.org/x/sys/windows/types_windows.go +++ b/vendor/golang.org/x/sys/windows/types_windows.go @@ -1074,6 +1074,7 @@ const ( IP_ADD_MEMBERSHIP = 0xc IP_DROP_MEMBERSHIP = 0xd IP_PKTINFO = 0x13 + IP_MTU_DISCOVER = 0x47 IPV6_V6ONLY = 0x1b IPV6_UNICAST_HOPS = 0x4 @@ -1083,6 +1084,7 @@ const ( IPV6_JOIN_GROUP = 0xc IPV6_LEAVE_GROUP = 0xd IPV6_PKTINFO = 0x13 + IPV6_MTU_DISCOVER = 0x47 MSG_OOB = 0x1 MSG_PEEK = 0x2 @@ -1132,6 +1134,15 @@ const ( WSASYS_STATUS_LEN = 128 ) +// enum PMTUD_STATE from ws2ipdef.h +const ( + IP_PMTUDISC_NOT_SET = 0 + IP_PMTUDISC_DO = 1 + IP_PMTUDISC_DONT = 2 + IP_PMTUDISC_PROBE = 3 + IP_PMTUDISC_MAX = 4 +) + type WSABuf struct { Len uint32 Buf *byte @@ -1146,6 +1157,22 @@ type WSAMsg struct { Flags uint32 } +type WSACMSGHDR struct { + Len uintptr + Level int32 + Type int32 +} + +type IN_PKTINFO struct { + Addr [4]byte + Ifindex uint32 +} + +type IN6_PKTINFO struct { + Addr [16]byte + Ifindex uint32 +} + // Flags for WSASocket const ( WSA_FLAG_OVERLAPPED = 0x01 diff --git a/vendor/modules.txt b/vendor/modules.txt index df54ad93c00..4506b1d87a0 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -94,7 +94,7 @@ github.com/vishvananda/netns # golang.org/x/net v0.38.0 ## explicit; go 1.23.0 golang.org/x/net/bpf -# golang.org/x/sys v0.31.0 +# golang.org/x/sys v0.32.0 ## explicit; go 1.23.0 golang.org/x/sys/unix golang.org/x/sys/windows From 0a9639e380c85b9421a0123736422f943528716b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 8 Apr 2025 04:41:06 +0000 Subject: [PATCH 0912/1176] build(deps): bump golang.org/x/net from 0.38.0 to 0.39.0 Bumps [golang.org/x/net](https://github.com/golang/net) from 0.38.0 to 0.39.0. - [Commits](https://github.com/golang/net/compare/v0.38.0...v0.39.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-version: 0.39.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- vendor/modules.txt | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index 8abe92ef87a..7b6d2ebf35e 100644 --- a/go.mod +++ b/go.mod @@ -23,7 +23,7 @@ require ( github.com/sirupsen/logrus v1.9.3 github.com/urfave/cli v1.22.16 github.com/vishvananda/netlink v1.3.0 - golang.org/x/net v0.38.0 + golang.org/x/net v0.39.0 golang.org/x/sys v0.32.0 google.golang.org/protobuf v1.36.6 ) diff --git a/go.sum b/go.sum index f2a3d9b422f..72037d3d5bc 100644 --- a/go.sum +++ b/go.sum @@ -77,8 +77,8 @@ github.com/vishvananda/netlink v1.3.0 h1:X7l42GfcV4S6E4vHTsw48qbrV+9PVojNfIhZcwQ github.com/vishvananda/netlink v1.3.0/go.mod h1:i6NetklAujEcC6fK0JPjT8qSwWyO0HLn4UKG+hGqeJs= github.com/vishvananda/netns v0.0.4 h1:Oeaw1EM2JMxD51g9uhtC0D7erkIjgmj8+JZc26m1YX8= github.com/vishvananda/netns v0.0.4/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM= -golang.org/x/net v0.38.0 h1:vRMAPTMaeGqVhG5QyLJHqNDwecKTomGeqbnfZyKlBI8= -golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8= +golang.org/x/net v0.39.0 h1:ZCu7HMWDxpXpaiKdhzIfaltL9Lp31x/3fCP11bc6/fY= +golang.org/x/net v0.39.0/go.mod h1:X7NRbYVEA+ewNkCNyJ513WmMdQ3BineSwVtN2zD/d+E= golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= diff --git a/vendor/modules.txt b/vendor/modules.txt index a4ab7346508..cbec776ca62 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -91,7 +91,7 @@ github.com/vishvananda/netlink/nl # github.com/vishvananda/netns v0.0.4 ## explicit; go 1.17 github.com/vishvananda/netns -# golang.org/x/net v0.38.0 +# golang.org/x/net v0.39.0 ## explicit; go 1.23.0 golang.org/x/net/bpf # golang.org/x/sys v0.32.0 From 75a4546b2bdd0a5f190cc8e1b6c636077c6e81f9 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 8 Apr 2025 12:30:30 -0700 Subject: [PATCH 0913/1176] go.mod: rm toolchain This was added by dependabot in commit 0b536265. Seems there is a bug about it: https://github.com/dependabot/dependabot-core/issues/11933. Having "toolchain" means instead of using installed go version to build/test, the version specified in toolchain is [downloaded and] used, which might not be what we actually want. For more details on toolchain directive, see https://go.dev/doc/toolchain. Signed-off-by: Kir Kolyshkin --- go.mod | 2 -- 1 file changed, 2 deletions(-) diff --git a/go.mod b/go.mod index 7b6d2ebf35e..7f1b5a55fc1 100644 --- a/go.mod +++ b/go.mod @@ -2,8 +2,6 @@ module github.com/opencontainers/runc go 1.23.0 -toolchain go1.24.1 - require ( github.com/checkpoint-restore/go-criu/v7 v7.2.0 github.com/containerd/console v1.0.4 From fda034c9ec72125a2f6c85caf676127b86b3c12d Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 7 Apr 2025 11:01:52 -0700 Subject: [PATCH 0914/1176] pause: refactor This is to simplify code review for the next commit. Signed-off-by: Kir Kolyshkin --- pause.go | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/pause.go b/pause.go index a7f0aaccc4e..4b5f54e9db8 100644 --- a/pause.go +++ b/pause.go @@ -30,7 +30,11 @@ Use runc list to identify instances of containers and their current status.`, if err != nil { return err } - return container.Pause() + err = container.Pause() + if err != nil { + return err + } + return nil }, } @@ -59,6 +63,10 @@ Use runc list to identify instances of containers and their current status.`, if err != nil { return err } - return container.Resume() + err = container.Resume() + if err != nil { + return err + } + return nil }, } From c5ab4b6e305adb8c3f846be06d30f68f99a01922 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Sat, 5 Apr 2025 14:22:53 -0700 Subject: [PATCH 0915/1176] runc pause/unpause/ps: get rid of excessive warning This issue was originally reported in podman PR 25792. When calling runc pause/unpause for an ordinary user, podman do not provide --systemd-cgroups option, and shouldUseRootlessCgroupManager returns true. This results in a warning: $ podman pause sleeper WARN[0000] runc pause may fail if you don't have the full access to cgroups sleeper Actually, it does not make sense to call shouldUseRootlessCgroupManager at this point, because we already know if we're rootless or not, from the container state.json (same for systemd). Also, busctl binary is not available either in this context, so shouldUseRootlessCgroupManager would not work properly. Finally, it doesn't really matter if we use systemd or not, because we use fs/fs2 manager to freeze/unfreeze, and it will return something like EPERM (or tell that cgroups is not configured, for a true rootless container). So, let's only print the warning after pause/unpause failed, if the error returned looks like a permission error. Same applies to "runc ps". Signed-off-by: Kir Kolyshkin --- pause.go | 17 ++--------------- ps.go | 9 +-------- utils_linux.go | 7 +++++++ 3 files changed, 10 insertions(+), 23 deletions(-) diff --git a/pause.go b/pause.go index 4b5f54e9db8..b5d354db6c9 100644 --- a/pause.go +++ b/pause.go @@ -1,7 +1,6 @@ package main import ( - "github.com/sirupsen/logrus" "github.com/urfave/cli" ) @@ -19,19 +18,13 @@ Use runc list to identify instances of containers and their current status.`, if err := checkArgs(context, 1, exactArgs); err != nil { return err } - rootlessCg, err := shouldUseRootlessCgroupManager(context) - if err != nil { - return err - } - if rootlessCg { - logrus.Warnf("runc pause may fail if you don't have the full access to cgroups") - } container, err := getContainer(context) if err != nil { return err } err = container.Pause() if err != nil { + maybeLogCgroupWarning("pause", err) return err } return nil @@ -52,19 +45,13 @@ Use runc list to identify instances of containers and their current status.`, if err := checkArgs(context, 1, exactArgs); err != nil { return err } - rootlessCg, err := shouldUseRootlessCgroupManager(context) - if err != nil { - return err - } - if rootlessCg { - logrus.Warn("runc resume may fail if you don't have the full access to cgroups") - } container, err := getContainer(context) if err != nil { return err } err = container.Resume() if err != nil { + maybeLogCgroupWarning("resume", err) return err } return nil diff --git a/ps.go b/ps.go index 0fca65d1259..4e79a9a0601 100644 --- a/ps.go +++ b/ps.go @@ -10,7 +10,6 @@ import ( "strconv" "strings" - "github.com/sirupsen/logrus" "github.com/urfave/cli" ) @@ -29,13 +28,6 @@ var psCommand = cli.Command{ if err := checkArgs(context, 1, minArgs); err != nil { return err } - rootlessCg, err := shouldUseRootlessCgroupManager(context) - if err != nil { - return err - } - if rootlessCg { - logrus.Warn("runc ps may fail if you don't have the full access to cgroups") - } container, err := getContainer(context) if err != nil { @@ -44,6 +36,7 @@ var psCommand = cli.Command{ pids, err := container.Processes() if err != nil { + maybeLogCgroupWarning("ps", err) return err } diff --git a/utils_linux.go b/utils_linux.go index 7de93340a94..9c9e1e83b74 100644 --- a/utils_linux.go +++ b/utils_linux.go @@ -3,6 +3,7 @@ package main import ( "errors" "fmt" + "io/fs" "net" "os" "path/filepath" @@ -448,3 +449,9 @@ func setupPidfdSocket(process *libcontainer.Process, sockpath string) (_clean fu conn.Close() }, nil } + +func maybeLogCgroupWarning(op string, err error) { + if errors.Is(err, fs.ErrPermission) { + logrus.Warn("runc " + op + " failure might be caused by lack of full access to cgroups") + } +} From e34c1a040862e692447109e5441ee3748ddb29db Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Tue, 8 Apr 2025 11:02:11 +0200 Subject: [PATCH 0916/1176] CHANGELOG: Port 1.2.x changes Signed-off-by: Rodrigo Campos --- CHANGELOG.md | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index cef3503b593..b5600ebd43e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -63,6 +63,31 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 * Support `skip-in-flight` and `link-remap` options for CRIU. (#4627) * Support cgroup v1 mounted with `noprefix`. (#4513) +## [1.2.6] - 2025-03-17 + +> Hasta la victoria, siempre. + +### Fixed + * Fix a stall issue that would happen if setting `O_CLOEXEC` with + `CloseExecFrom` failed (#4647). + * `runc` now properly handles joining time namespaces (such as with `runc + exec`). Previously we would attempt to set the time offsets when joining, + which would fail. (#4635, #4649) + * Handle `EINTR` retries correctly for socket-related direct + `golang.org/x/sys/unix` system calls. (#4650) + * We no longer use `F_SEAL_FUTURE_WRITE` when sealing the runc binary, as it + turns out this had some unfortunate bugs in older kernel versions and was + never necessary in the first place. (#4651, #4640) + +### Removed + * Remove `Fexecve` helper from `libcontainer/system`. Runc 1.2.1 removed + runc-dmz, but we forgot to remove this helper added only for that. (#4646) + +### Changed + * Use Go 1.23 for official builds, run CI with Go 1.24 and drop Ubuntu 20.04 + from CI. We need to drop Ubuntu 20.04 from CI because Github Actions + announced it's already deprecated and it will be discontinued soon. (#4648) + ## [1.2.5] - 2025-02-13 > ĐœĐ¾Ñ€Đ¾Đ· и ÑĐ¾Đ»Đ½Ñ†Đµ; Đ´ĐµĐ½ÑŒ Ñ‡ÑƒĐ´ĐµÑĐ½Ñ‹Đ¹! @@ -1046,7 +1071,8 @@ implementation (libcontainer) is *not* covered by this policy. [1.1.0-rc.1]: https://github.com/opencontainers/runc/compare/v1.0.0...v1.1.0-rc.1 -[Unreleased 1.2.z]: https://github.com/opencontainers/runc/compare/v1.2.5...release-1.2 +[Unreleased 1.2.z]: https://github.com/opencontainers/runc/compare/v1.2.6...release-1.2 +[1.2.6]: https://github.com/opencontainers/runc/compare/v1.2.5...v1.2.6 [1.2.5]: https://github.com/opencontainers/runc/compare/v1.2.4...v1.2.5 [1.2.4]: https://github.com/opencontainers/runc/compare/v1.2.3...v1.2.4 [1.2.3]: https://github.com/opencontainers/runc/compare/v1.2.2...v1.2.3 From c8991936433b9a48e6864f1242c3a54ffe6cd62f Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 9 Apr 2025 10:04:37 -0700 Subject: [PATCH 0917/1176] ci: add check for toolchain in go.mod Signed-off-by: Kir Kolyshkin --- .github/workflows/validate.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 0bbfd4a7153..90bd9357f36 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -144,6 +144,8 @@ jobs: check-latest: true - name: verify deps run: make verify-dependencies + - name: no toolchain in go.mod # See https://github.com/opencontainers/runc/pull/4717, https://github.com/dependabot/dependabot-core/issues/11933. + run: if grep -q '^toolchain ' go.mod; then echo "Error: go.mod must not have toolchain directive, please fix"; exit 1; fi commit: From 1d78cb2112280bd283fec3dd169b1df896f35b90 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 9 Apr 2025 10:10:50 -0700 Subject: [PATCH 0918/1176] Completely remove --criu option This option is ignored since commit 6e1d476a, it's now time to actually remove it. Signed-off-by: Kir Kolyshkin --- main.go | 9 --------- 1 file changed, 9 deletions(-) diff --git a/main.go b/main.go index 2242f9301e1..b9b402c2525 100644 --- a/main.go +++ b/main.go @@ -101,11 +101,6 @@ func main() { Value: root, Usage: "root directory for storage of container state (this should be located in tmpfs)", }, - cli.StringFlag{ - Name: "criu", - Usage: "(obsoleted; do not use)", - Hidden: true, - }, cli.BoolFlag{ Name: "systemd-cgroup", Usage: "enable systemd cgroup support, expects cgroupsPath to be of form \"slice:prefix:name\" for e.g. \"system.slice:runc:434234\"", @@ -152,10 +147,6 @@ func main() { if err := reviseRootDir(context); err != nil { return err } - // TODO: remove this in runc 1.3.0. - if context.IsSet("criu") { - fmt.Fprintln(os.Stderr, "WARNING: --criu ignored (criu binary from $PATH is used); do not use") - } return configLogrus(context) } From 08ebbfc8c75ffec81877ed76df9f51343351b788 Mon Sep 17 00:00:00 2001 From: Henry Chen Date: Thu, 10 Apr 2025 14:43:01 +0800 Subject: [PATCH 0919/1176] tests/cmd/remap-rootfs: fix mips builds Similar to #1824, we need to convert the device number to uint64 for mips. Signed-off-by: Henry Chen --- tests/cmd/remap-rootfs/remap-rootfs.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/cmd/remap-rootfs/remap-rootfs.go b/tests/cmd/remap-rootfs/remap-rootfs.go index 0c4eb2021b1..b0bfebfba94 100644 --- a/tests/cmd/remap-rootfs/remap-rootfs.go +++ b/tests/cmd/remap-rootfs/remap-rootfs.go @@ -49,7 +49,7 @@ type inodeID struct { } func toInodeID(st *syscall.Stat_t) inodeID { - return inodeID{Dev: st.Dev, Ino: st.Ino} + return inodeID{Dev: uint64(st.Dev), Ino: st.Ino} //nolint:unconvert // Dev is uint32 on e.g. MIPS. } func remapRootfs(root string, uidMap, gidMap []specs.LinuxIDMapping) error { From 5f4d3f3670a0fd4be5c9538e812839ec510e08a9 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 14 Apr 2025 13:59:39 -0700 Subject: [PATCH 0920/1176] libct/apparmor: don't use vars for public functions Unfortunately, Go documentation formatter does a sloppy job formatting documentation for variables -- it is rendered as comments (see [1]). Switch to using wrapper functions, solely for the sake of better documentation formatting. [1]: https://pkg.go.dev/github.com/opencontainers/runc@v1.3.0-rc.2/libcontainer/apparmor Signed-off-by: Kir Kolyshkin --- libcontainer/apparmor/apparmor.go | 22 ++++++++++++---------- libcontainer/apparmor/apparmor_linux.go | 7 +++---- 2 files changed, 15 insertions(+), 14 deletions(-) diff --git a/libcontainer/apparmor/apparmor.go b/libcontainer/apparmor/apparmor.go index 4b03d4c715c..e2a26488e03 100644 --- a/libcontainer/apparmor/apparmor.go +++ b/libcontainer/apparmor/apparmor.go @@ -2,15 +2,17 @@ package apparmor import "errors" -var ( - // IsEnabled returns true if apparmor is enabled for the host. - IsEnabled = isEnabled +// IsEnabled returns true if apparmor is enabled for the host. +func IsEnabled() bool { + return isEnabled() +} - // ApplyProfile will apply the profile with the specified name to the process after - // the next exec. It is only supported on Linux and produces an ErrApparmorNotEnabled - // on other platforms. - ApplyProfile = applyProfile +// ApplyProfile will apply the profile with the specified name to the process +// after the next exec. It is only supported on Linux and produces an +// [ErrApparmorNotEnabled] on other platforms. +func ApplyProfile(name string) error { + return applyProfile(name) +} - // ErrApparmorNotEnabled indicates that AppArmor is not enabled or not supported. - ErrApparmorNotEnabled = errors.New("apparmor: config provided but apparmor not supported") -) +// ErrApparmorNotEnabled indicates that AppArmor is not enabled or not supported. +var ErrApparmorNotEnabled = errors.New("apparmor: config provided but apparmor not supported") diff --git a/libcontainer/apparmor/apparmor_linux.go b/libcontainer/apparmor/apparmor_linux.go index 17d36ed15a3..10da91b3c37 100644 --- a/libcontainer/apparmor/apparmor_linux.go +++ b/libcontainer/apparmor/apparmor_linux.go @@ -53,7 +53,7 @@ func setProcAttr(attr, value string) error { return err } -// changeOnExec reimplements aa_change_onexec from libapparmor in Go +// changeOnExec reimplements aa_change_onexec from libapparmor in Go. func changeOnExec(name string) error { if err := setProcAttr("exec", "exec "+name); err != nil { return fmt.Errorf("apparmor failed to apply profile: %w", err) @@ -61,9 +61,8 @@ func changeOnExec(name string) error { return nil } -// applyProfile will apply the profile with the specified name to the process after -// the next exec. It is only supported on Linux and produces an error on other -// platforms. +// applyProfile will apply the profile with the specified name to the process +// after the next exec. func applyProfile(name string) error { if name == "" { return nil From d7285e46d8c990ed903a19b253ce499da1cc484b Mon Sep 17 00:00:00 2001 From: Antti Kervinen Date: Wed, 16 Apr 2025 13:02:56 +0300 Subject: [PATCH 0921/1176] Fix "invalid workflow file" github actions error The colon after "Error:" caused actionlint to report error on map in context where map is not allowed. Signed-off-by: Antti Kervinen --- .github/workflows/validate.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 90bd9357f36..d21df8bc4e5 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -145,7 +145,8 @@ jobs: - name: verify deps run: make verify-dependencies - name: no toolchain in go.mod # See https://github.com/opencontainers/runc/pull/4717, https://github.com/dependabot/dependabot-core/issues/11933. - run: if grep -q '^toolchain ' go.mod; then echo "Error: go.mod must not have toolchain directive, please fix"; exit 1; fi + run: | + if grep -q '^toolchain ' go.mod; then echo "Error: go.mod must not have toolchain directive, please fix"; exit 1; fi commit: From b520f750ef6fd2db9960c7a70c49f59d44a176a8 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 16 Apr 2025 12:10:28 -0700 Subject: [PATCH 0922/1176] ci: install newer criu for almalinux-8 We are seeing a ton on flakes on almalinux-8 CI job, all caused by criu inability to freeze a cgroup. This was worked around in criu [1], but obviously we can't rely on a distro vendor to update the package. Let's use a copr (thanks to Adrian Reber!) [1]: https://github.com/checkpoint-restore/criu/pull/2545 Signed-off-by: Kir Kolyshkin --- .cirrus.yml | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/.cirrus.yml b/.cirrus.yml index 5904c7a59c2..01f3e07d2ce 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -31,7 +31,7 @@ task: install_dependencies_script: | case $DISTRO in *-8) - yum config-manager --set-enabled powertools # for glibc-static + dnf config-manager --set-enabled powertools # for glibc-static ;; *-9) dnf config-manager --set-enabled crb # for glibc-static @@ -50,6 +50,15 @@ task: done [ $? -eq 0 ] # fail if yum failed + case $DISTRO in + *-8) + # Use newer criu (with https://github.com/checkpoint-restore/criu/pull/2545). + # Alas we have to disable container-tools for that. + dnf -y module disable container-tools + dnf -y copr enable adrian/criu-el8 + dnf -y install criu + esac + # Install Go. URL_PREFIX="https://go.dev/dl/" # Find out the latest minor release URL. From 87ae2f8466704af41a1ef767cfe019013c69a9e5 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 16 Apr 2025 12:48:58 -0700 Subject: [PATCH 0923/1176] Unify and fix rootless key setup MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit For some reason, ssh-keygen is unable to write to /root even as root on AlmaLinux 8: # id uid=0(root) gid=0(root) groups=0(root) context=system_u:system_r:initrc_t:s0 # id -Z ls -ld /root # ssh-keygen -t ecdsa -N "" -f /root/rootless.key || cat /var/log/audit/audit.log Saving key "/root/rootless.key" failed: Permission denied The audit.log shows: > type=AVC msg=audit(1744834995.352:546): avc: denied { dac_override } for pid=13471 comm="ssh-keygen" capability=1 scontext=system_u:system_r:ssh_keygen_t:s0 tcontext=system_u:system_r:ssh_keygen_t:s0 tclass=capability permissive=0 > type=SYSCALL msg=audit(1744834995.352:546): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=5641c7587520 a2=241 a3=180 items=0 ppid=4978 pid=13471 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ssh-keygen" exe="/usr/bin/ssh-keygen" subj=system_u:system_r:ssh_keygen_t:s0 key=(null)âARCH=x86_64 SYSCALL=openat AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root" A workaround is to use /root/.ssh directory instead of just /root. While at it, let's unify rootless user and key setup into a single place. Signed-off-by: Kir Kolyshkin --- .cirrus.yml | 10 ++-------- .github/workflows/test.yml | 8 +------- script/setup_host_fedora.sh | 11 ++--------- script/setup_rootless.sh | 15 +++++++++++++++ tests/rootless.sh | 2 +- 5 files changed, 21 insertions(+), 25 deletions(-) create mode 100755 script/setup_rootless.sh diff --git a/.cirrus.yml b/.cirrus.yml index 01f3e07d2ce..56453aaae54 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -71,14 +71,8 @@ task: git checkout $BATS_VERSION ./install.sh /usr/local cd - - # Add a user for rootless tests - useradd -u2000 -m -d/home/rootless -s/bin/bash rootless - # Allow root and rootless itself to execute `ssh rootless@localhost` in tests/rootless.sh - ssh-keygen -t ecdsa -N "" -f /root/rootless.key - mkdir -m 0700 -p /home/rootless/.ssh - cp /root/rootless.key /home/rootless/.ssh/id_ecdsa - cat /root/rootless.key.pub >> /home/rootless/.ssh/authorized_keys - chown -R rootless.rootless /home/rootless + # Setup rootless tests. + /home/runc/script/setup_rootless.sh # set PATH echo 'export PATH=/usr/local/go/bin:/usr/local/bin:$PATH' >> /root/.bashrc # Setup ssh localhost for terminal emulation (script -e did not work) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index ffa11278e0a..0ba494ce84e 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -159,13 +159,7 @@ jobs: - name: add rootless user if: matrix.rootless == 'rootless' run: | - sudo useradd -u2000 -m -d/home/rootless -s/bin/bash rootless - # Allow root and rootless itself to execute `ssh rootless@localhost` in tests/rootless.sh - ssh-keygen -t ecdsa -N "" -f $HOME/rootless.key - sudo mkdir -m 0700 -p /home/rootless/.ssh - sudo cp $HOME/rootless.key /home/rootless/.ssh/id_ecdsa - sudo cp $HOME/rootless.key.pub /home/rootless/.ssh/authorized_keys - sudo chown -R rootless.rootless /home/rootless + ./script/setup_rootless.sh sudo chmod a+X $HOME # for Ubuntu 22.04 and later - name: integration test (fs driver) diff --git a/script/setup_host_fedora.sh b/script/setup_host_fedora.sh index 46d24040980..919e89688ba 100755 --- a/script/setup_host_fedora.sh +++ b/script/setup_host_fedora.sh @@ -12,15 +12,8 @@ dnf clean all # To avoid "avc: denied { nosuid_transition }" from SELinux as we run tests on /tmp. mount -o remount,suid /tmp -# Add a user for rootless tests -useradd -u2000 -m -d/home/rootless -s/bin/bash rootless - -# Allow root and rootless itself to execute `ssh rootless@localhost` in tests/rootless.sh -ssh-keygen -t ecdsa -N "" -f /root/rootless.key -mkdir -m 0700 /home/rootless/.ssh -cp /root/rootless.key /home/rootless/.ssh/id_ecdsa -cat /root/rootless.key.pub >>/home/rootless/.ssh/authorized_keys -chown -R rootless.rootless /home/rootless +# Setup rootless user. +"$(dirname "${BASH_SOURCE[0]}")"/setup_rootless.sh # Delegate cgroup v2 controllers to rootless user via --systemd-cgroup mkdir -p /etc/systemd/system/user@.service.d diff --git a/script/setup_rootless.sh b/script/setup_rootless.sh new file mode 100755 index 00000000000..842d2ecf16b --- /dev/null +++ b/script/setup_rootless.sh @@ -0,0 +1,15 @@ +#!/bin/bash +set -eux -o pipefail + +# Add a user for rootless tests. +sudo useradd -u2000 -m -d/home/rootless -s/bin/bash rootless + +# Allow both the current user and rootless itself to use +# ssh rootless@localhost in tests/rootless.sh. +# shellcheck disable=SC2174 # Silence "-m only applies to the deepest directory". +mkdir -p -m 0700 "$HOME/.ssh" +ssh-keygen -t ecdsa -N "" -f "$HOME/.ssh/rootless.key" +sudo mkdir -p -m 0700 /home/rootless/.ssh +sudo cp "$HOME/.ssh/rootless.key" /home/rootless/.ssh/id_ecdsa +sudo cp "$HOME/.ssh/rootless.key.pub" /home/rootless/.ssh/authorized_keys +sudo chown -R rootless.rootless /home/rootless diff --git a/tests/rootless.sh b/tests/rootless.sh index 7f0408508ce..e54cf48bc2e 100755 --- a/tests/rootless.sh +++ b/tests/rootless.sh @@ -185,7 +185,7 @@ for enabled_features in $features_powerset; do # We use `ssh rootless@localhost` instead of `sudo -u rootless` for creating systemd user session. # Alternatively we could use `machinectl shell`, but it is known not to work well on SELinux-enabled hosts as of April 2020: # https://bugzilla.redhat.com/show_bug.cgi?id=1788616 - ssh -t -t -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i "$HOME/rootless.key" rootless@localhost -- PATH="$PATH" RUNC_USE_SYSTEMD="$RUNC_USE_SYSTEMD" bats -t "$ROOT/tests/integration$ROOTLESS_TESTPATH" + ssh -t -t -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i "$HOME/.ssh/rootless.key" rootless@localhost -- PATH="$PATH" RUNC_USE_SYSTEMD="$RUNC_USE_SYSTEMD" bats -t "$ROOT/tests/integration$ROOTLESS_TESTPATH" else sudo -HE -u rootless PATH="$PATH" "$(which bats)" -t "$ROOT/tests/integration$ROOTLESS_TESTPATH" fi From 30302a2850c2b64931bc725902361e1c53a7eacf Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Fri, 18 Apr 2025 14:10:03 +1000 Subject: [PATCH 0924/1176] mount: add string representation of mount flags When reading mount errors, it is quite hard to make sense of mount flags in their hex form. As this is the error path, the minor performance impact of constructing a string is probably not worth hyper-optimising. Signed-off-by: Aleksa Sarai --- libcontainer/mount_linux.go | 61 +++++++++++++++++++++++++++++++- libcontainer/mount_linux_test.go | 54 ++++++++++++++++++++++++++++ 2 files changed, 114 insertions(+), 1 deletion(-) create mode 100644 libcontainer/mount_linux_test.go diff --git a/libcontainer/mount_linux.go b/libcontainer/mount_linux.go index f2eaa937ee6..683b5e62425 100644 --- a/libcontainer/mount_linux.go +++ b/libcontainer/mount_linux.go @@ -6,6 +6,7 @@ import ( "io/fs" "os" "strconv" + "strings" "github.com/sirupsen/logrus" "golang.org/x/sys/unix" @@ -45,6 +46,64 @@ type mountError struct { err error } +// int32plus is a collection of int types with >=32 bits. +type int32plus interface { + int | uint | int32 | uint32 | int64 | uint64 | uintptr +} + +// stringifyMountFlags converts mount(2) flags to a string that you can use in +// error messages. +func stringifyMountFlags[Int int32plus](flags Int) string { + flagNames := []struct { + name string + bits Int + }{ + {"MS_RDONLY", unix.MS_RDONLY}, + {"MS_NOSUID", unix.MS_NOSUID}, + {"MS_NODEV", unix.MS_NODEV}, + {"MS_NOEXEC", unix.MS_NOEXEC}, + {"MS_SYNCHRONOUS", unix.MS_SYNCHRONOUS}, + {"MS_REMOUNT", unix.MS_REMOUNT}, + {"MS_MANDLOCK", unix.MS_MANDLOCK}, + {"MS_DIRSYNC", unix.MS_DIRSYNC}, + {"MS_NOSYMFOLLOW", unix.MS_NOSYMFOLLOW}, + // No (1 << 9) flag. + {"MS_NOATIME", unix.MS_NOATIME}, + {"MS_NODIRATIME", unix.MS_NODIRATIME}, + {"MS_BIND", unix.MS_BIND}, + {"MS_MOVE", unix.MS_MOVE}, + {"MS_REC", unix.MS_REC}, + // MS_VERBOSE was deprecated and swapped to MS_SILENT. + {"MS_SILENT", unix.MS_SILENT}, + {"MS_POSIXACL", unix.MS_POSIXACL}, + {"MS_UNBINDABLE", unix.MS_UNBINDABLE}, + {"MS_PRIVATE", unix.MS_PRIVATE}, + {"MS_SLAVE", unix.MS_SLAVE}, + {"MS_SHARED", unix.MS_SHARED}, + {"MS_RELATIME", unix.MS_RELATIME}, + // MS_KERNMOUNT (1 << 22) is internal to the kernel. + {"MS_I_VERSION", unix.MS_I_VERSION}, + {"MS_STRICTATIME", unix.MS_STRICTATIME}, + {"MS_LAZYTIME", unix.MS_LAZYTIME}, + } + var ( + flagSet []string + seenBits Int + ) + for _, flag := range flagNames { + if flags&flag.bits == flag.bits { + seenBits |= flag.bits + flagSet = append(flagSet, flag.name) + } + } + // If there were any remaining flags specified we don't know the name of, + // just add them in an 0x... format. + if remaining := flags &^ seenBits; remaining != 0 { + flagSet = append(flagSet, "0x"+strconv.FormatUint(uint64(remaining), 16)) + } + return strings.Join(flagSet, "|") +} + // Error provides a string error representation. func (e *mountError) Error() string { out := e.op + " " @@ -62,7 +121,7 @@ func (e *mountError) Error() string { } if e.flags != uintptr(0) { - out += ", flags=0x" + strconv.FormatUint(uint64(e.flags), 16) + out += ", flags=" + stringifyMountFlags(e.flags) } if e.data != "" { out += ", data=" + e.data diff --git a/libcontainer/mount_linux_test.go b/libcontainer/mount_linux_test.go new file mode 100644 index 00000000000..6bddfc2f08a --- /dev/null +++ b/libcontainer/mount_linux_test.go @@ -0,0 +1,54 @@ +package libcontainer + +import ( + "testing" + + "golang.org/x/sys/unix" +) + +func TestStringifyMountFlags(t *testing.T) { + for _, test := range []struct { + name string + flags uintptr + expected string + }{ + {"Empty", 0, ""}, + // Single valid flags. + {"Single-MS_RDONLY", unix.MS_RDONLY, "MS_RDONLY"}, + {"Single-MS_NOSUID", unix.MS_NOSUID, "MS_NOSUID"}, + {"Single-MS_NODEV", unix.MS_NODEV, "MS_NODEV"}, + {"Single-MS_NOEXEC", unix.MS_NOEXEC, "MS_NOEXEC"}, + {"Single-MS_SYNCHRONOUS", unix.MS_SYNCHRONOUS, "MS_SYNCHRONOUS"}, + {"Single-MS_REMOUNT", unix.MS_REMOUNT, "MS_REMOUNT"}, + {"Single-MS_MANDLOCK", unix.MS_MANDLOCK, "MS_MANDLOCK"}, + {"Single-MS_DIRSYNC", unix.MS_DIRSYNC, "MS_DIRSYNC"}, + {"Single-MS_NOSYMFOLLOW", unix.MS_NOSYMFOLLOW, "MS_NOSYMFOLLOW"}, + {"Single-MS_NOATIME", unix.MS_NOATIME, "MS_NOATIME"}, + {"Single-MS_NODIRATIME", unix.MS_NODIRATIME, "MS_NODIRATIME"}, + {"Single-MS_BIND", unix.MS_BIND, "MS_BIND"}, + {"Single-MS_MOVE", unix.MS_MOVE, "MS_MOVE"}, + {"Single-MS_REC", unix.MS_REC, "MS_REC"}, + {"Single-MS_SILENT", unix.MS_SILENT, "MS_SILENT"}, + {"Single-MS_POSIXACL", unix.MS_POSIXACL, "MS_POSIXACL"}, + {"Single-MS_UNBINDABLE", unix.MS_UNBINDABLE, "MS_UNBINDABLE"}, + {"Single-MS_PRIVATE", unix.MS_PRIVATE, "MS_PRIVATE"}, + {"Single-MS_SLAVE", unix.MS_SLAVE, "MS_SLAVE"}, + {"Single-MS_SHARED", unix.MS_SHARED, "MS_SHARED"}, + {"Single-MS_RELATIME", unix.MS_RELATIME, "MS_RELATIME"}, + {"Single-MS_KERNMOUNT", unix.MS_KERNMOUNT, "0x400000"}, + {"Single-MS_I_VERSION", unix.MS_I_VERSION, "MS_I_VERSION"}, + {"Single-MS_STRICTATIME", unix.MS_STRICTATIME, "MS_STRICTATIME"}, + {"Single-MS_LAZYTIME", unix.MS_LAZYTIME, "MS_LAZYTIME"}, + // Invalid flag value. + {"Unknown-512", 1 << 9, "0x200"}, + // Multiple flag values at the same time. + {"Multiple-Valid1", unix.MS_RDONLY | unix.MS_REC | unix.MS_BIND, "MS_RDONLY|MS_BIND|MS_REC"}, + {"Multiple-Valid2", unix.MS_NOSUID | unix.MS_NODEV | unix.MS_NOEXEC | unix.MS_REC | unix.MS_NODIRATIME | unix.MS_I_VERSION, "MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_NODIRATIME|MS_REC|MS_I_VERSION"}, + {"Multiple-Mixed", unix.MS_REC | unix.MS_BIND | (1 << 9) | (1 << 31), "MS_BIND|MS_REC|0x80000200"}, + } { + got := stringifyMountFlags(test.flags) + if got != test.expected { + t.Errorf("%s: stringifyMountFlags(0x%x) = %q, expected %q", test.name, test.flags, got, test.expected) + } + } +} From 58c3ab77b0ab39f25d38578a96e0ca36ea60be13 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Fri, 18 Apr 2025 14:11:28 +1000 Subject: [PATCH 0925/1176] rootfs: improve error messages for bind-mount vfs flag setting While debugging an issue involving failing mounts, I discovered that just returning the plain mount error message when we are in the fallback code for handling locked mounts leads to unnecessary confusion. It also doesn't help that podman currently forcefully sets "rw" on mounts, which means that rootless containers are likely to hit the locked mounts issue fairly often. So we should improve our error messages to explain why the mount is failing in the locked flags case. Fixes: 7c71a2270547 ("rootfs: remove --no-mount-fallback and finally fix MS_REMOUNT") Signed-off-by: Aleksa Sarai --- libcontainer/rootfs_linux.go | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index 7d7e957ddeb..51bfd12b9af 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -666,11 +666,17 @@ func mountToRootfs(c *mountConfig, m mountEntry) error { return err } srcFlags := statfsToMountFlags(*st) + + logrus.Debugf( + "working around failure to set vfs flags on bind-mount %s: srcFlags=%s flagsSet=%s flagsClr=%s: %v", + m.Destination, stringifyMountFlags(srcFlags), + stringifyMountFlags(m.Flags), stringifyMountFlags(m.ClearedFlags), mountErr) + // If the user explicitly request one of the locked flags *not* // be set, we need to return an error to avoid producing mounts // that don't match the user's request. - if srcFlags&m.ClearedFlags&mntLockFlags != 0 { - return mountErr + if cannotClearFlags := srcFlags & m.ClearedFlags & mntLockFlags; cannotClearFlags != 0 { + return fmt.Errorf("cannot clear locked flags %s: %w", stringifyMountFlags(cannotClearFlags), mountErr) } // If an MS_*ATIME flag was requested, it must match the @@ -691,17 +697,19 @@ func mountToRootfs(c *mountConfig, m mountEntry) error { // MS_STRICTATIME mounts even if the user requested MS_RELATIME // or MS_NOATIME. if m.Flags&mntAtimeFlags != 0 && m.Flags&mntAtimeFlags != srcFlags&mntAtimeFlags { - return mountErr + return fmt.Errorf("cannot change locked atime flags %s: %w", stringifyMountFlags(srcFlags&mntAtimeFlags), mountErr) } // Retry the mount with the existing lockable mount flags // applied. flags |= srcFlags & mntLockFlags mountErr = mountViaFds("", nil, m.Destination, dstFd, "", uintptr(flags), "") - logrus.Debugf("remount retry: srcFlags=0x%x flagsSet=0x%x flagsClr=0x%x: %v", srcFlags, m.Flags, m.ClearedFlags, mountErr) + if mountErr != nil { + mountErr = fmt.Errorf("remount with locked flags %s re-applied: %w", stringifyMountFlags(srcFlags&mntLockFlags), mountErr) + } return mountErr }); err != nil { - return err + return fmt.Errorf("failed to set user-requested vfs flags on bind-mount: %w", err) } } From 3e3e04824db87614d2f774595af97deb934e465d Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 21 Apr 2025 16:51:28 -0700 Subject: [PATCH 0926/1176] ci: upgrade to criu-4.1-2 in Fedora Package criu-4.1-1 has a known bug [1] which is fixed in criu-4.1-2 [2], which is currently only available in updates-testing. Add a kludge to install newer criu if necessary to fix CI. This will not be needed in ~2 weeks once the new package is promoted to updates. [1]: https://github.com/checkpoint-restore/criu/issues/2650 [2]: https://bodhi.fedoraproject.org/updates/FEDORA-2025-d374d8ce17 Signed-off-by: Kir Kolyshkin --- script/setup_host_fedora.sh | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/script/setup_host_fedora.sh b/script/setup_host_fedora.sh index 919e89688ba..efe6a001dc1 100755 --- a/script/setup_host_fedora.sh +++ b/script/setup_host_fedora.sh @@ -7,6 +7,13 @@ for i in $(seq 0 2); do sleep "$i" "${DNF[@]}" update && "${DNF[@]}" install "${RPMS[@]}" && break done + +# criu-4.1-1 has a known bug (https://github.com/checkpoint-restore/criu/issues/2650) +# which is fixed in criu-4.1-2 (currently in updates-testing). TODO: remove this later. +if [[ $(rpm -q criu) == "criu-4.1-1.fc"* ]]; then + "${DNF[@]}" --enablerepo=updates-testing update criu +fi + dnf clean all # To avoid "avc: denied { nosuid_transition }" from SELinux as we run tests on /tmp. From d54eaaf2c2204a4aae05a815879946bf965b1dbe Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 8 Apr 2025 18:46:39 -0700 Subject: [PATCH 0927/1176] runc --version: use a function Instead of setting cli.App.Version in main, let's set up cli.VersionPrinter. This way, we only get various versions when needed. Note it does not change the output of runc --version. It changes the output of runc --help though, and I think it's for the better. Before this patch: > $ runc help > ... > USAGE: > runc [global options] command [command options] [arguments...] > > VERSION: > 1.3.0-rc.1+dev > commit: v1.3.0-rc.1-93-g932e8342 > spec: 1.2.1 > go: go1.24.2 > libseccomp: 2.5.5 > > COMMANDS: > checkpoint checkpoint a running container > ... After: > $ runc help > ... > USAGE: > runc [global options] command [command options] [arguments...] > > VERSION: > 1.3.0-rc.1+dev > > COMMANDS: > checkpoint checkpoint a running container > ... Signed-off-by: Kir Kolyshkin --- main.go | 31 ++++++++++++++++++------------- 1 file changed, 18 insertions(+), 13 deletions(-) diff --git a/main.go b/main.go index b9b402c2525..5ccf8257d43 100644 --- a/main.go +++ b/main.go @@ -27,6 +27,22 @@ var version = "unknown" // and will be populated by the Makefile var gitCommit = "" +func printVersion(c *cli.Context) { + w := c.App.Writer + + fmt.Fprintln(w, "runc version", c.App.Version) + if gitCommit != "" { + fmt.Fprintln(w, "commit:", gitCommit) + } + fmt.Fprintln(w, "spec:", specs.Version) + fmt.Fprintln(w, "go:", runtime.Version()) + + major, minor, micro := seccomp.Version() + if major+minor+micro > 0 { + fmt.Fprintf(w, "libseccomp: %d.%d.%d\n", major, minor, micro) + } +} + const ( specConfig = "config.json" usage = `Open Container Initiative runtime @@ -57,21 +73,10 @@ value for "bundle" is the current directory.` func main() { app := cli.NewApp() app.Name = "runc" + app.Version = version app.Usage = usage - v := []string{version} - - if gitCommit != "" { - v = append(v, "commit: "+gitCommit) - } - v = append(v, "spec: "+specs.Version) - v = append(v, "go: "+runtime.Version()) - - major, minor, micro := seccomp.Version() - if major+minor+micro > 0 { - v = append(v, fmt.Sprintf("libseccomp: %d.%d.%d", major, minor, micro)) - } - app.Version = strings.Join(v, "\n") + cli.VersionPrinter = printVersion root := "/run/runc" xdgDirUsed := false From c12c99b7d2f05665e21543c369d8a81d9cddbddd Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 8 Apr 2025 19:00:59 -0700 Subject: [PATCH 0928/1176] runc: embed version from VERSION file This ensures that if runc is built without the provided Makefile, the version is still properly set. No change in the output. Signed-off-by: Kir Kolyshkin --- Makefile | 8 ++++---- main.go | 17 ++++++++++++----- 2 files changed, 16 insertions(+), 9 deletions(-) diff --git a/Makefile b/Makefile index bda0c3a0074..8369d9ac748 100644 --- a/Makefile +++ b/Makefile @@ -17,8 +17,8 @@ BUILDTAGS += $(EXTRA_BUILDTAGS) COMMIT := $(shell git describe --dirty --long --always) EXTRA_VERSION := -VERSION := $(shell cat ./VERSION)$(EXTRA_VERSION) -LDFLAGS_COMMON := -X main.gitCommit=$(COMMIT) -X main.version=$(VERSION) +LDFLAGS_COMMON := -X main.gitCommit=$(COMMIT) \ + $(if $(strip $(EXTRA_VERSION)),-X main.extraVersion=$(EXTRA_VERSION),) GOARCH := $(shell $(GO) env GOARCH) @@ -118,11 +118,11 @@ release: runcimage --rm -v $(CURDIR):/go/src/$(PROJECT) \ -e RELEASE_ARGS=$(RELEASE_ARGS) \ $(RUNC_IMAGE) make localrelease - script/release_sign.sh -S $(GPG_KEYID) -r release/$(VERSION) -v $(VERSION) + script/release_sign.sh -S $(GPG_KEYID) .PHONY: localrelease localrelease: verify-changelog - script/release_build.sh -r release/$(VERSION) -v $(VERSION) $(RELEASE_ARGS) + script/release_build.sh $(RELEASE_ARGS) .PHONY: dbuild dbuild: runcimage diff --git a/main.go b/main.go index 5ccf8257d43..eb64ee9b314 100644 --- a/main.go +++ b/main.go @@ -1,6 +1,7 @@ package main import ( + _ "embed" "errors" "fmt" "io" @@ -19,12 +20,18 @@ import ( "github.com/urfave/cli" ) -// version must be set from the contents of VERSION file by go build's -// -X main.version= option in the Makefile. -var version = "unknown" +// version is set from the contents of VERSION file. +// +//go:embed VERSION +var version string + +// extraVersion is an optional suffix appended to runc version. +// It can be set via Makefile ("make EXTRA_VERSION=xxx") or by +// adding -X main.extraVersion=xxx option to the go build command. +var extraVersion = "" // gitCommit will be the hash that the binary was built from -// and will be populated by the Makefile +// and will be populated by the Makefile. var gitCommit = "" func printVersion(c *cli.Context) { @@ -73,7 +80,7 @@ value for "bundle" is the current directory.` func main() { app := cli.NewApp() app.Name = "runc" - app.Version = version + app.Version = strings.TrimSpace(version) + extraVersion app.Usage = usage cli.VersionPrinter = printVersion From 8e3ee502c877c2dba93f9b9e06a5bc724b06365f Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 22 Apr 2025 20:04:57 -0700 Subject: [PATCH 0929/1176] ci/cross-i386: retry adding ppa For some reason, launchpad.net is frequently giving us Gateway Timeout. Let's retry adding the ppa once to mitigate that. (The alternative is not to install criu and thus run criu-related unit tests on i386 -- this might actually be better). Signed-off-by: Kir Kolyshkin --- .github/workflows/test.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 0ba494ce84e..60289a270f0 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -192,8 +192,8 @@ jobs: - name: install deps run: | sudo dpkg --add-architecture i386 - # add criu repo - sudo add-apt-repository -y ppa:criu/ppa + # Add criu repo. The web server returns gateway timeout, thus the retry. + sudo add-apt-repository -y ppa:criu/ppa || sudo add-apt-repository -y ppa:criu/ppa # apt-add-repository runs apt update so we don't have to. sudo apt -qy install libseccomp-dev libseccomp-dev:i386 gcc-multilib libgcc-s1:i386 criu From d920a72202ff28b7d6a5360104f2b14bafd8b9bb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 24 Apr 2025 04:50:34 +0000 Subject: [PATCH 0930/1176] build(deps): bump github.com/seccomp/libseccomp-golang Bumps [github.com/seccomp/libseccomp-golang](https://github.com/seccomp/libseccomp-golang) from 0.10.0 to 0.11.0. - [Release notes](https://github.com/seccomp/libseccomp-golang/releases) - [Changelog](https://github.com/seccomp/libseccomp-golang/blob/main/CHANGELOG) - [Commits](https://github.com/seccomp/libseccomp-golang/compare/v0.10.0...v0.11.0) --- updated-dependencies: - dependency-name: github.com/seccomp/libseccomp-golang dependency-version: 0.11.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 +- .../seccomp/libseccomp-golang/.golangci.yml | 10 +- .../seccomp/libseccomp-golang/CHANGELOG | 12 + .../seccomp/libseccomp-golang/seccomp.go | 242 +++++++++++++++--- .../libseccomp-golang/seccomp_internal.go | 78 +++--- vendor/modules.txt | 4 +- 7 files changed, 281 insertions(+), 71 deletions(-) diff --git a/go.mod b/go.mod index 7f1b5a55fc1..df493bebe93 100644 --- a/go.mod +++ b/go.mod @@ -17,7 +17,7 @@ require ( github.com/opencontainers/cgroups v0.0.1 github.com/opencontainers/runtime-spec v1.2.1 github.com/opencontainers/selinux v1.12.0 - github.com/seccomp/libseccomp-golang v0.10.0 + github.com/seccomp/libseccomp-golang v0.11.0 github.com/sirupsen/logrus v1.9.3 github.com/urfave/cli v1.22.16 github.com/vishvananda/netlink v1.3.0 diff --git a/go.sum b/go.sum index 72037d3d5bc..b66c64a467c 100644 --- a/go.sum +++ b/go.sum @@ -57,8 +57,8 @@ github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDN github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA= github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= -github.com/seccomp/libseccomp-golang v0.10.0 h1:aA4bp+/Zzi0BnWZ2F1wgNBs5gTpm+na2rWM6M9YjLpY= -github.com/seccomp/libseccomp-golang v0.10.0/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg= +github.com/seccomp/libseccomp-golang v0.11.0 h1:SDkcBRqGLP+sezmMACkxO1EfgbghxIxnRKfd6mHUEis= +github.com/seccomp/libseccomp-golang v0.11.0/go.mod h1:5m1Lk8E9OwgZTTVz4bBOer7JuazaBa+xTkM895tDiWc= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= diff --git a/vendor/github.com/seccomp/libseccomp-golang/.golangci.yml b/vendor/github.com/seccomp/libseccomp-golang/.golangci.yml index 7df8aa19838..10adc9bab78 100644 --- a/vendor/github.com/seccomp/libseccomp-golang/.golangci.yml +++ b/vendor/github.com/seccomp/libseccomp-golang/.golangci.yml @@ -1,4 +1,12 @@ # For documentation, see https://golangci-lint.run/usage/configuration/ -linters: +version: "2" + +formatters: enable: - gofumpt + +linters: + exclusions: + generated: disable + presets: + - std-error-handling diff --git a/vendor/github.com/seccomp/libseccomp-golang/CHANGELOG b/vendor/github.com/seccomp/libseccomp-golang/CHANGELOG index 905a9b5cdc8..db83e1c91e3 100644 --- a/vendor/github.com/seccomp/libseccomp-golang/CHANGELOG +++ b/vendor/github.com/seccomp/libseccomp-golang/CHANGELOG @@ -2,6 +2,18 @@ libseccomp-golang: Releases =============================================================================== https://github.com/seccomp/libseccomp-golang +* Version 0.11.0 - April 23, 2025 +- Add new architectures (LOONGARCH64, M68K, SH, SHEB) +- Add support for SCMP_FLTATR_CTL_WAITKILL (GetWaitKill, SetWaitKill) +- Add support for filter precompute (Precompute) +- Add support for transactions (Transaction{Start,Commit,Reject}) +- Add ExportBPFMem +- Improve documentation for struct fields +- Fix TestRuleAddAndLoad for ppc architecture +- Fix TestRuleAddAndLoad to not use magic number +- Remove unused get_*_version implementation +- Test against latest libseccomp and Go versions + * Version 0.10.0 - June 9, 2022 - Minimum supported version of libseccomp bumped to v2.3.1 - Add seccomp userspace notification API (ActNotify, filter.*Notif*) diff --git a/vendor/github.com/seccomp/libseccomp-golang/seccomp.go b/vendor/github.com/seccomp/libseccomp-golang/seccomp.go index c23406754c6..4ce3dd4e088 100644 --- a/vendor/github.com/seccomp/libseccomp-golang/seccomp.go +++ b/vendor/github.com/seccomp/libseccomp-golang/seccomp.go @@ -17,8 +17,28 @@ import ( "unsafe" ) -// #include -// #include +/* +#include +#include +#include + +// The following functions were added in libseccomp v2.6.0. +#if SCMP_VER_MAJOR == 2 && SCMP_VER_MINOR < 6 +int seccomp_precompute(scmp_filter_ctx ctx) { + return -EOPNOTSUPP; +} +int seccomp_export_bpf_mem(const scmp_filter_ctx ctx, void *buf, size_t *len) { + return -EOPNOTSUPP; +} +int seccomp_transaction_start(const scmp_filter_ctx ctx) { + return -EOPNOTSUPP; +} +int seccomp_transaction_commit(const scmp_filter_ctx ctx) { + return -EOPNOTSUPP; +} +void seccomp_transaction_reject(const scmp_filter_ctx ctx) {} +#endif +*/ import "C" // Exported types @@ -33,8 +53,9 @@ type VersionError struct { func init() { // This forces the cgo libseccomp to initialize its internal API support state, - // which is necessary on older versions of libseccomp in order to work + // which is necessary on older versions of libseccomp (< 2.5.0) in order to work // correctly. + // TODO: remove once libseccomp < v2.5.0 is not supported. _, _ = getAPI() } @@ -78,49 +99,44 @@ type ScmpSyscall int32 type ScmpFd int32 // ScmpNotifData describes the system call context that triggered a notification. -// -// Syscall: the syscall number -// Arch: the filter architecture -// InstrPointer: address of the instruction that triggered a notification -// Args: arguments (up to 6) for the syscall -// type ScmpNotifData struct { - Syscall ScmpSyscall `json:"syscall,omitempty"` - Arch ScmpArch `json:"arch,omitempty"` - InstrPointer uint64 `json:"instr_pointer,omitempty"` - Args []uint64 `json:"args,omitempty"` + // Syscall is the syscall number. + Syscall ScmpSyscall `json:"syscall,omitempty"` + // Arch is the filter architecture. + Arch ScmpArch `json:"arch,omitempty"` + // InstrPointer is the address of the instruction that triggered a notification. + InstrPointer uint64 `json:"instr_pointer,omitempty"` + // Args are the arguments (up to 6) for the syscall. + Args []uint64 `json:"args,omitempty"` } // ScmpNotifReq represents a seccomp userspace notification. See NotifReceive() for // info on how to pull such a notification. -// -// ID: notification ID -// Pid: process that triggered the notification event -// Flags: filter flags (see seccomp(2)) -// Data: system call context that triggered the notification -// type ScmpNotifReq struct { - ID uint64 `json:"id,omitempty"` - Pid uint32 `json:"pid,omitempty"` - Flags uint32 `json:"flags,omitempty"` - Data ScmpNotifData `json:"data,omitempty"` + // ID is the notification ID. + ID uint64 `json:"id,omitempty"` + // Pid is the process that triggered the notification event. + Pid uint32 `json:"pid,omitempty"` + // Flags is filter flags (see seccomp(2)). + Flags uint32 `json:"flags,omitempty"` + // Data is system call context that triggered the notification. + Data ScmpNotifData `json:"data,omitempty"` } // ScmpNotifResp represents a seccomp userspace notification response. See NotifRespond() // for info on how to push such a response. -// -// ID: notification ID (must match the corresponding ScmpNotifReq ID) -// Error: must be 0 if no error occurred, or an error constant from package -// syscall (e.g., syscall.EPERM, etc). In the latter case, it's used -// as an error return from the syscall that created the notification. -// Val: return value for the syscall that created the notification. Only -// relevant if Error is 0. -// Flags: userspace notification response flag (e.g., NotifRespFlagContinue) -// type ScmpNotifResp struct { - ID uint64 `json:"id,omitempty"` - Error int32 `json:"error,omitempty"` - Val uint64 `json:"val,omitempty"` + // ID is the notification ID (must match the corresponding ScmpNotifReq ID). + ID uint64 `json:"id,omitempty"` + // Error must be 0 if no error occurred, or an error constant from + // package syscall (e.g., syscall.EPERM, etc). In the latter case, it + // is used as an error return from the syscall that created the + // notification. + Error int32 `json:"error,omitempty"` + // Val is a return value for the syscall that created the notification. + // Only relevant if Error is 0. + Val uint64 `json:"val,omitempty"` + // Flags is userspace notification response flag (e.g., NotifRespFlagContinue). Flags uint32 `json:"flags,omitempty"` } @@ -175,6 +191,14 @@ const ( ArchPARISC64 // ArchRISCV64 represents RISCV64 ArchRISCV64 + // ArchLOONGARCH64 represents 64-bit LoongArch. + ArchLOONGARCH64 + // ArchM68K represents 32-bit Motorola 68000. + ArchM68K + // ArchSH represents SuperH. + ArchSH + // ArchSHEB represents Big-endian SuperH. + ArchSHEB ) const ( @@ -306,6 +330,14 @@ func GetArchFromString(arch string) (ScmpArch, error) { return ArchPARISC64, nil case "riscv64": return ArchRISCV64, nil + case "loongarch64": + return ArchLOONGARCH64, nil + case "m68k": + return ArchM68K, nil + case "sh": + return ArchSH, nil + case "sheb": + return ArchSHEB, nil default: return ArchInvalid, fmt.Errorf("cannot convert unrecognized string %q", arch) } @@ -352,6 +384,14 @@ func (a ScmpArch) String() string { return "parisc64" case ArchRISCV64: return "riscv64" + case ArchLOONGARCH64: + return "loong64" + case ArchM68K: + return "m68k" + case ArchSH: + return "sh" + case ArchSHEB: + return "sheb" case ArchNative: return "native" case ArchInvalid: @@ -798,6 +838,26 @@ func (f *ScmpFilter) RemoveArch(arch ScmpArch) error { return nil } +// Precompute precomputes the seccomp filter for later use by [Load] and +// similar functions. Not only does this improve performance of [Load], +// it also ensures that the seccomp filter can be loaded in an +// async-signal-safe manner if no changes have been made to the filter +// since it was precomputed. +func (f *ScmpFilter) Precompute() error { + f.lock.Lock() + defer f.lock.Unlock() + + if !f.valid { + return errBadFilter + } + + if retCode := C.seccomp_precompute(f.filterCtx); retCode != 0 { + return errRc(retCode) + } + + return nil +} + // Load loads a filter context into the kernel. // Returns an error if the filter context is invalid or the syscall failed. func (f *ScmpFilter) Load() error { @@ -941,6 +1001,25 @@ func (f *ScmpFilter) GetRawRC() (bool, error) { return true, nil } +// GetWaitKill returns the current state of WaitKill flag, +// or an error if an issue was encountered retrieving the value. +// See SetWaitKill for more details. +func (f *ScmpFilter) GetWaitKill() (bool, error) { + val, err := f.getFilterAttr(filterAttrWaitKill) + if err != nil { + if e := checkAPI("GetWaitKill", 7, 2, 6, 0); e != nil { + err = e + } + + return false, err + } + if val == 0 { + return false, nil + } + + return true, nil +} + // SetBadArchAction sets the default action taken on a syscall for an // architecture not in the filter, or an error if an issue was encountered // setting the value. @@ -1053,6 +1132,25 @@ func (f *ScmpFilter) SetRawRC(state bool) error { return err } +// SetWaitKill sets whether libseccomp should request wait killable semantics +// when possible. Defaults to false. +func (f *ScmpFilter) SetWaitKill(state bool) error { + var toSet C.uint32_t = 0x0 + + if state { + toSet = 0x1 + } + + err := f.setFilterAttr(filterAttrWaitKill, toSet) + if err != nil { + if e := checkAPI("SetWaitKill", 7, 2, 6, 0); e != nil { + err = e + } + } + + return err +} + // SetSyscallPriority sets a syscall's priority. // This provides a hint to the filter generator in libseccomp about the // importance of this syscall. High-priority syscalls are placed @@ -1154,6 +1252,30 @@ func (f *ScmpFilter) ExportBPF(file *os.File) error { return nil } +// ExportBPFMem is similar to [ExportBPF], except the data is written into +// a memory and returned as []byte. +func (f *ScmpFilter) ExportBPFMem() ([]byte, error) { + f.lock.Lock() + defer f.lock.Unlock() + + if !f.valid { + return nil, errBadFilter + } + + var len C.size_t + // Get the size required. + if retCode := C.seccomp_export_bpf_mem(f.filterCtx, unsafe.Pointer(nil), &len); retCode < 0 { + return nil, errRc(retCode) + } + // Get the data. + buf := make([]byte, int(len)) + if retCode := C.seccomp_export_bpf_mem(f.filterCtx, unsafe.Pointer(&buf[0]), &len); retCode < 0 { + return nil, errRc(retCode) + } + + return buf, nil +} + // Userspace Notification API // GetNotifFd returns the userspace notification file descriptor associated with the given @@ -1186,3 +1308,53 @@ func NotifRespond(fd ScmpFd, scmpResp *ScmpNotifResp) error { func NotifIDValid(fd ScmpFd, id uint64) error { return notifIDValid(fd, id) } + +// TransactionStart starts a new seccomp filter transaction that the caller can +// use to perform any number of filter modifications which can then be +// committed to the filter using [TransactionCommit] or rejected using +// [TransactionReject]. It is important to note that transactions only affect +// the seccomp filter state while it is being managed by libseccomp; seccomp +// filters which have been loaded into the kernel can not be modified, only new +// seccomp filters can be added on top of the existing loaded filter stack. +func (f *ScmpFilter) TransactionStart() error { + f.lock.Lock() + defer f.lock.Unlock() + + if !f.valid { + return errBadFilter + } + + if retCode := C.seccomp_transaction_start(f.filterCtx); retCode < 0 { + return errRc(retCode) + } + + return nil +} + +// TransactionReject rejects a transaction started by [TransactionStart]. +func (f *ScmpFilter) TransactionReject() { + f.lock.Lock() + defer f.lock.Unlock() + + if !f.valid { + return + } + + C.seccomp_transaction_reject(f.filterCtx) +} + +// TransactionCommit commits a transaction started by [TransactionStart]. +func (f *ScmpFilter) TransactionCommit() error { + f.lock.Lock() + defer f.lock.Unlock() + + if !f.valid { + return errBadFilter + } + + if retCode := C.seccomp_transaction_commit(f.filterCtx); retCode < 0 { + return errRc(retCode) + } + + return nil +} diff --git a/vendor/github.com/seccomp/libseccomp-golang/seccomp_internal.go b/vendor/github.com/seccomp/libseccomp-golang/seccomp_internal.go index 0a7fd34f510..cc905124c34 100644 --- a/vendor/github.com/seccomp/libseccomp-golang/seccomp_internal.go +++ b/vendor/github.com/seccomp/libseccomp-golang/seccomp_internal.go @@ -68,6 +68,22 @@ const uint32_t C_ARCH_BAD = ARCH_BAD; #define SCMP_ARCH_RISCV64 ARCH_BAD #endif +#ifndef SCMP_ARCH_LOONGARCH64 +#define SCMP_ARCH_LOONGARCH64 ARCH_BAD +#endif + +#ifndef SCMP_ARCH_M68K +#define SCMP_ARCH_M68K ARCH_BAD +#endif + +#ifndef SCMP_ARCH_SH +#define SCMP_ARCH_SH ARCH_BAD +#endif + +#ifndef SCMP_ARCH_SHEB +#define SCMP_ARCH_SHEB ARCH_BAD +#endif + const uint32_t C_ARCH_NATIVE = SCMP_ARCH_NATIVE; const uint32_t C_ARCH_X86 = SCMP_ARCH_X86; const uint32_t C_ARCH_X86_64 = SCMP_ARCH_X86_64; @@ -88,6 +104,10 @@ const uint32_t C_ARCH_S390X = SCMP_ARCH_S390X; const uint32_t C_ARCH_PARISC = SCMP_ARCH_PARISC; const uint32_t C_ARCH_PARISC64 = SCMP_ARCH_PARISC64; const uint32_t C_ARCH_RISCV64 = SCMP_ARCH_RISCV64; +const uint32_t C_ARCH_LOONGARCH64 = SCMP_ARCH_LOONGARCH64; +const uint32_t C_ARCH_M68K = SCMP_ARCH_M68K; +const uint32_t C_ARCH_SH = SCMP_ARCH_SH; +const uint32_t C_ARCH_SHEB = SCMP_ARCH_SHEB; #ifndef SCMP_ACT_LOG #define SCMP_ACT_LOG 0x7ffc0000U @@ -128,6 +148,11 @@ const uint32_t C_ACT_NOTIFY = SCMP_ACT_NOTIFY; #define SCMP_FLTATR_API_SYSRAWRC _SCMP_FLTATR_MIN #endif +// Added in libseccomp v2.6.0. +#if SCMP_VER_MAJOR == 2 && SCMP_VER_MINOR < 6 +#define SCMP_FLTATR_CTL_WAITKILL _SCMP_FLTATR_MIN +#endif + const uint32_t C_ATTRIBUTE_DEFAULT = (uint32_t)SCMP_FLTATR_ACT_DEFAULT; const uint32_t C_ATTRIBUTE_BADARCH = (uint32_t)SCMP_FLTATR_ACT_BADARCH; const uint32_t C_ATTRIBUTE_NNP = (uint32_t)SCMP_FLTATR_CTL_NNP; @@ -136,6 +161,7 @@ const uint32_t C_ATTRIBUTE_LOG = (uint32_t)SCMP_FLTATR_CTL_LOG; const uint32_t C_ATTRIBUTE_SSB = (uint32_t)SCMP_FLTATR_CTL_SSB; const uint32_t C_ATTRIBUTE_OPTIMIZE = (uint32_t)SCMP_FLTATR_CTL_OPTIMIZE; const uint32_t C_ATTRIBUTE_SYSRAWRC = (uint32_t)SCMP_FLTATR_API_SYSRAWRC; +const uint32_t C_ATTRIBUTE_WAITKILL = (uint32_t)SCMP_FLTATR_CTL_WAITKILL; const int C_CMP_NE = (int)SCMP_CMP_NE; const int C_CMP_LT = (int)SCMP_CMP_LT; @@ -145,11 +171,6 @@ const int C_CMP_GE = (int)SCMP_CMP_GE; const int C_CMP_GT = (int)SCMP_CMP_GT; const int C_CMP_MASKED_EQ = (int)SCMP_CMP_MASKED_EQ; -const int C_VERSION_MAJOR = SCMP_VER_MAJOR; -const int C_VERSION_MINOR = SCMP_VER_MINOR; -const int C_VERSION_MICRO = SCMP_VER_MICRO; - -#if SCMP_VER_MAJOR == 2 && SCMP_VER_MINOR >= 3 unsigned int get_major_version() { return seccomp_version()->major; @@ -164,22 +185,6 @@ unsigned int get_micro_version() { return seccomp_version()->micro; } -#else -unsigned int get_major_version() -{ - return (unsigned int)C_VERSION_MAJOR; -} - -unsigned int get_minor_version() -{ - return (unsigned int)C_VERSION_MINOR; -} - -unsigned int get_micro_version() -{ - return (unsigned int)C_VERSION_MICRO; -} -#endif // The libseccomp API level functions were added in v2.4.0 #if SCMP_VER_MAJOR == 2 && SCMP_VER_MINOR < 4 @@ -284,6 +289,7 @@ const ( filterAttrSSB filterAttrOptimize filterAttrRawRC + filterAttrWaitKill ) const ( @@ -291,7 +297,7 @@ const ( scmpError C.int = -1 // Comparison boundaries to check for architecture validity archStart ScmpArch = ArchNative - archEnd ScmpArch = ArchRISCV64 + archEnd ScmpArch = ArchSHEB // Comparison boundaries to check for action validity actionStart ScmpAction = ActKillThread actionEnd ScmpAction = ActKillProcess @@ -552,6 +558,14 @@ func archFromNative(a C.uint32_t) (ScmpArch, error) { return ArchPARISC64, nil case C.C_ARCH_RISCV64: return ArchRISCV64, nil + case C.C_ARCH_LOONGARCH64: + return ArchLOONGARCH64, nil + case C.C_ARCH_M68K: + return ArchM68K, nil + case C.C_ARCH_SH: + return ArchSH, nil + case C.C_ARCH_SHEB: + return ArchSHEB, nil default: return 0x0, fmt.Errorf("unrecognized architecture %#x", uint32(a)) } @@ -598,6 +612,14 @@ func (a ScmpArch) toNative() C.uint32_t { return C.C_ARCH_PARISC64 case ArchRISCV64: return C.C_ARCH_RISCV64 + case ArchLOONGARCH64: + return C.C_ARCH_LOONGARCH64 + case ArchM68K: + return C.C_ARCH_M68K + case ArchSH: + return C.C_ARCH_SH + case ArchSHEB: + return C.C_ARCH_SHEB case ArchNative: return C.C_ARCH_NATIVE default: @@ -694,6 +716,8 @@ func (a scmpFilterAttr) toNative() uint32 { return uint32(C.C_ATTRIBUTE_OPTIMIZE) case filterAttrRawRC: return uint32(C.C_ATTRIBUTE_SYSRAWRC) + case filterAttrWaitKill: + return uint32(C.C_ATTRIBUTE_WAITKILL) default: return 0x0 } @@ -794,10 +818,7 @@ func notifReceive(fd ScmpFd) (*ScmpNotifReq, error) { if retCode := C.seccomp_notify_alloc(&req, &resp); retCode != 0 { return nil, errRc(retCode) } - - defer func() { - C.seccomp_notify_free(req, resp) - }() + defer C.seccomp_notify_free(req, resp) for { retCode, errno := C.seccomp_notify_receive(C.int(fd), req) @@ -831,10 +852,7 @@ func notifRespond(fd ScmpFd, scmpResp *ScmpNotifResp) error { if retCode := C.seccomp_notify_alloc(&req, &resp); retCode != 0 { return errRc(retCode) } - - defer func() { - C.seccomp_notify_free(req, resp) - }() + defer C.seccomp_notify_free(req, resp) scmpResp.toNative(resp) diff --git a/vendor/modules.txt b/vendor/modules.txt index cbec776ca62..1ebab6dcc25 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -74,8 +74,8 @@ github.com/opencontainers/selinux/pkg/pwalkdir # github.com/russross/blackfriday/v2 v2.1.0 ## explicit github.com/russross/blackfriday/v2 -# github.com/seccomp/libseccomp-golang v0.10.0 -## explicit; go 1.14 +# github.com/seccomp/libseccomp-golang v0.11.0 +## explicit; go 1.19 github.com/seccomp/libseccomp-golang # github.com/sirupsen/logrus v1.9.3 ## explicit; go 1.13 From b0aa863fc86c4c52fbe40fdf596d31b3d03485a3 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 24 Apr 2025 17:57:50 -0700 Subject: [PATCH 0931/1176] ci: bump golangci-lint to v2.1 (The current v2.1 release is v2.1.5 as of today). Signed-off-by: Kir Kolyshkin --- .github/workflows/validate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index d21df8bc4e5..89ace14997a 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -40,7 +40,7 @@ jobs: sudo apt -qy install libseccomp-dev - uses: golangci/golangci-lint-action@v7 with: - version: v2.0 + version: v2.1 # Extra linters, only checking new code from a pull request. - name: lint-extra if: github.event_name == 'pull_request' From 67b8a6859925743480aaa2cda0171aee789bfb80 Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Mon, 28 Apr 2025 11:36:08 +0200 Subject: [PATCH 0932/1176] go.mod: Delete exclude directives We already have the indirect require for 1.17.3, that comes opencontainers/cgroups[1]. That module requires that version as min, so go can't use older versions. We can just remove the excludes. There might be cases where people can use runc as a dependency and use replace to override it (not sure, but probably). We were clear on what our dependencies are, so we can sleep fine. In the unlikely case that some project uses runc as a dependency and: * Uses a replace for cilium v0.17.x but not the latest patch release (0.17.3 is fixed) * they run with 32bits * and hit this (that didn't happen always on CI) * Ignore the changelog for 0.17.3 that mentions the buffer overflow on 32 bits platforms[2]. In that case, if we have a bug report, we can point them to the right place. But 0.17.3 was released for some months now (most people probably update) and 0.18.0 was released recently. I wouldn't worry about someone hitting this in real life. Also, the excludes directives prevent go install from working, so let's just remove them. [1]: https://github.com/opencontainers/cgroups/blob/9657f5a18b8d60a0f39fbb34d0cb7771e28e6278/go.mod#L6 [2]: https://github.com/cilium/ebpf/releases/tag/v0.17.3 Signed-off-by: Rodrigo Campos --- go.mod | 7 ------- 1 file changed, 7 deletions(-) diff --git a/go.mod b/go.mod index df493bebe93..5ef52592e11 100644 --- a/go.mod +++ b/go.mod @@ -26,13 +26,6 @@ require ( google.golang.org/protobuf v1.36.6 ) -// https://github.com/opencontainers/runc/issues/4594 -exclude ( - github.com/cilium/ebpf v0.17.0 - github.com/cilium/ebpf v0.17.1 - github.com/cilium/ebpf v0.17.2 -) - require ( github.com/cilium/ebpf v0.17.3 // indirect github.com/cpuguy83/go-md2man/v2 v2.0.5 // indirect From 9f86496c331a292fc409f2236db33d8ab5f5ad94 Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Mon, 28 Apr 2025 12:25:04 +0200 Subject: [PATCH 0933/1176] ci: Check for exclude/replace directives To not accidentally break `go install`, let's add CI to check it. If in the future we need those directives, we can remove the CI check. Signed-off-by: Rodrigo Campos --- .github/workflows/validate.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 89ace14997a..361e465a9dd 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -147,6 +147,9 @@ jobs: - name: no toolchain in go.mod # See https://github.com/opencontainers/runc/pull/4717, https://github.com/dependabot/dependabot-core/issues/11933. run: | if grep -q '^toolchain ' go.mod; then echo "Error: go.mod must not have toolchain directive, please fix"; exit 1; fi + - name: no exclude nor replace in go.mod + run: | + if grep -Eq '^\s*(exclude|replace) ' go.mod; then echo "Error: go.mod must not have exclude/replace directive, it breaks go install. Please fix"; exit 1; fi commit: From c1958d88443c6911a1274123005558a5977be884 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 5 May 2025 04:31:04 +0000 Subject: [PATCH 0934/1176] build(deps): bump golangci/golangci-lint-action from 7 to 8 Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 7 to 8. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/v7...v8) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-version: '8' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/validate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 361e465a9dd..296f45085bd 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -38,7 +38,7 @@ jobs: run: | sudo apt -q update sudo apt -qy install libseccomp-dev - - uses: golangci/golangci-lint-action@v7 + - uses: golangci/golangci-lint-action@v8 with: version: v2.1 # Extra linters, only checking new code from a pull request. From 0623ea108ad5d0e828967b1f3110483a53629d49 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 6 May 2025 04:31:36 +0000 Subject: [PATCH 0935/1176] build(deps): bump golang.org/x/net from 0.39.0 to 0.40.0 Bumps [golang.org/x/net](https://github.com/golang/net) from 0.39.0 to 0.40.0. - [Commits](https://github.com/golang/net/compare/v0.39.0...v0.40.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-version: 0.40.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 4 +- go.sum | 8 +- .../x/sys/windows/security_windows.go | 49 +++- .../x/sys/windows/syscall_windows.go | 6 +- .../golang.org/x/sys/windows/types_windows.go | 212 ++++++++++++++++++ .../x/sys/windows/zsyscall_windows.go | 9 + vendor/modules.txt | 4 +- 7 files changed, 277 insertions(+), 15 deletions(-) diff --git a/go.mod b/go.mod index 5ef52592e11..42c5260b5ff 100644 --- a/go.mod +++ b/go.mod @@ -21,8 +21,8 @@ require ( github.com/sirupsen/logrus v1.9.3 github.com/urfave/cli v1.22.16 github.com/vishvananda/netlink v1.3.0 - golang.org/x/net v0.39.0 - golang.org/x/sys v0.32.0 + golang.org/x/net v0.40.0 + golang.org/x/sys v0.33.0 google.golang.org/protobuf v1.36.6 ) diff --git a/go.sum b/go.sum index b66c64a467c..7aebac50527 100644 --- a/go.sum +++ b/go.sum @@ -77,16 +77,16 @@ github.com/vishvananda/netlink v1.3.0 h1:X7l42GfcV4S6E4vHTsw48qbrV+9PVojNfIhZcwQ github.com/vishvananda/netlink v1.3.0/go.mod h1:i6NetklAujEcC6fK0JPjT8qSwWyO0HLn4UKG+hGqeJs= github.com/vishvananda/netns v0.0.4 h1:Oeaw1EM2JMxD51g9uhtC0D7erkIjgmj8+JZc26m1YX8= github.com/vishvananda/netns v0.0.4/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM= -golang.org/x/net v0.39.0 h1:ZCu7HMWDxpXpaiKdhzIfaltL9Lp31x/3fCP11bc6/fY= -golang.org/x/net v0.39.0/go.mod h1:X7NRbYVEA+ewNkCNyJ513WmMdQ3BineSwVtN2zD/d+E= +golang.org/x/net v0.40.0 h1:79Xs7wF06Gbdcg4kdCCIQArK11Z1hr5POQ6+fIYHNuY= +golang.org/x/net v0.40.0/go.mod h1:y0hY0exeL2Pku80/zKK7tpntoX23cqL3Oa6njdgRtds= golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.32.0 h1:s77OFDvIQeibCmezSnk/q6iAfkdiQaJi4VzroCFrN20= -golang.org/x/sys v0.32.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= +golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw= +golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY= google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/vendor/golang.org/x/sys/windows/security_windows.go b/vendor/golang.org/x/sys/windows/security_windows.go index b6e1ab76f82..a8b0364c7c9 100644 --- a/vendor/golang.org/x/sys/windows/security_windows.go +++ b/vendor/golang.org/x/sys/windows/security_windows.go @@ -1303,7 +1303,10 @@ func (selfRelativeSD *SECURITY_DESCRIPTOR) ToAbsolute() (absoluteSD *SECURITY_DE return nil, err } if absoluteSDSize > 0 { - absoluteSD = (*SECURITY_DESCRIPTOR)(unsafe.Pointer(&make([]byte, absoluteSDSize)[0])) + absoluteSD = new(SECURITY_DESCRIPTOR) + if unsafe.Sizeof(*absoluteSD) < uintptr(absoluteSDSize) { + panic("sizeof(SECURITY_DESCRIPTOR) too small") + } } var ( dacl *ACL @@ -1312,19 +1315,55 @@ func (selfRelativeSD *SECURITY_DESCRIPTOR) ToAbsolute() (absoluteSD *SECURITY_DE group *SID ) if daclSize > 0 { - dacl = (*ACL)(unsafe.Pointer(&make([]byte, daclSize)[0])) + dacl = (*ACL)(unsafe.Pointer(unsafe.SliceData(make([]byte, daclSize)))) } if saclSize > 0 { - sacl = (*ACL)(unsafe.Pointer(&make([]byte, saclSize)[0])) + sacl = (*ACL)(unsafe.Pointer(unsafe.SliceData(make([]byte, saclSize)))) } if ownerSize > 0 { - owner = (*SID)(unsafe.Pointer(&make([]byte, ownerSize)[0])) + owner = (*SID)(unsafe.Pointer(unsafe.SliceData(make([]byte, ownerSize)))) } if groupSize > 0 { - group = (*SID)(unsafe.Pointer(&make([]byte, groupSize)[0])) + group = (*SID)(unsafe.Pointer(unsafe.SliceData(make([]byte, groupSize)))) } + // We call into Windows via makeAbsoluteSD, which sets up + // pointers within absoluteSD that point to other chunks of memory + // we pass into makeAbsoluteSD, and that happens outside the view of the GC. + // We therefore take some care here to then verify the pointers are as we expect + // and set them explicitly in view of the GC. See https://go.dev/issue/73199. + // TODO: consider weak pointers once Go 1.24 is appropriate. See suggestion in https://go.dev/cl/663575. err = makeAbsoluteSD(selfRelativeSD, absoluteSD, &absoluteSDSize, dacl, &daclSize, sacl, &saclSize, owner, &ownerSize, group, &groupSize) + if err != nil { + // Don't return absoluteSD, which might be partially initialized. + return nil, err + } + // Before using any fields, verify absoluteSD is in the format we expect according to Windows. + // See https://learn.microsoft.com/en-us/windows/win32/secauthz/absolute-and-self-relative-security-descriptors + absControl, _, err := absoluteSD.Control() + if err != nil { + panic("absoluteSD: " + err.Error()) + } + if absControl&SE_SELF_RELATIVE != 0 { + panic("absoluteSD not in absolute format") + } + if absoluteSD.dacl != dacl { + panic("dacl pointer mismatch") + } + if absoluteSD.sacl != sacl { + panic("sacl pointer mismatch") + } + if absoluteSD.owner != owner { + panic("owner pointer mismatch") + } + if absoluteSD.group != group { + panic("group pointer mismatch") + } + absoluteSD.dacl = dacl + absoluteSD.sacl = sacl + absoluteSD.owner = owner + absoluteSD.group = group + return } diff --git a/vendor/golang.org/x/sys/windows/syscall_windows.go b/vendor/golang.org/x/sys/windows/syscall_windows.go index 4a325438685..640f6b153f0 100644 --- a/vendor/golang.org/x/sys/windows/syscall_windows.go +++ b/vendor/golang.org/x/sys/windows/syscall_windows.go @@ -870,6 +870,7 @@ const socket_error = uintptr(^uint32(0)) //sys WSARecvFrom(s Handle, bufs *WSABuf, bufcnt uint32, recvd *uint32, flags *uint32, from *RawSockaddrAny, fromlen *int32, overlapped *Overlapped, croutine *byte) (err error) [failretval==socket_error] = ws2_32.WSARecvFrom //sys WSASendTo(s Handle, bufs *WSABuf, bufcnt uint32, sent *uint32, flags uint32, to *RawSockaddrAny, tolen int32, overlapped *Overlapped, croutine *byte) (err error) [failretval==socket_error] = ws2_32.WSASendTo //sys WSASocket(af int32, typ int32, protocol int32, protoInfo *WSAProtocolInfo, group uint32, flags uint32) (handle Handle, err error) [failretval==InvalidHandle] = ws2_32.WSASocketW +//sys WSADuplicateSocket(s Handle, processID uint32, info *WSAProtocolInfo) (err error) [failretval!=0] = ws2_32.WSADuplicateSocketW //sys GetHostByName(name string) (h *Hostent, err error) [failretval==nil] = ws2_32.gethostbyname //sys GetServByName(name string, proto string) (s *Servent, err error) [failretval==nil] = ws2_32.getservbyname //sys Ntohs(netshort uint16) (u uint16) = ws2_32.ntohs @@ -1698,8 +1699,9 @@ func NewNTUnicodeString(s string) (*NTUnicodeString, error) { // Slice returns a uint16 slice that aliases the data in the NTUnicodeString. func (s *NTUnicodeString) Slice() []uint16 { - slice := unsafe.Slice(s.Buffer, s.MaximumLength) - return slice[:s.Length] + // Note: this rounds the length down, if it happens + // to (incorrectly) be odd. Probably safer than rounding up. + return unsafe.Slice(s.Buffer, s.MaximumLength/2)[:s.Length/2] } func (s *NTUnicodeString) String() string { diff --git a/vendor/golang.org/x/sys/windows/types_windows.go b/vendor/golang.org/x/sys/windows/types_windows.go index ad67df2fdb6..958bcf47a38 100644 --- a/vendor/golang.org/x/sys/windows/types_windows.go +++ b/vendor/golang.org/x/sys/windows/types_windows.go @@ -2700,6 +2700,8 @@ type CommTimeouts struct { // NTUnicodeString is a UTF-16 string for NT native APIs, corresponding to UNICODE_STRING. type NTUnicodeString struct { + // Note: Length and MaximumLength are in *bytes*, not uint16s. + // They should always be even. Length uint16 MaximumLength uint16 Buffer *uint16 @@ -3628,3 +3630,213 @@ const ( KLF_NOTELLSHELL = 0x00000080 KLF_SETFORPROCESS = 0x00000100 ) + +// Virtual Key codes +// https://docs.microsoft.com/en-us/windows/win32/inputdev/virtual-key-codes +const ( + VK_LBUTTON = 0x01 + VK_RBUTTON = 0x02 + VK_CANCEL = 0x03 + VK_MBUTTON = 0x04 + VK_XBUTTON1 = 0x05 + VK_XBUTTON2 = 0x06 + VK_BACK = 0x08 + VK_TAB = 0x09 + VK_CLEAR = 0x0C + VK_RETURN = 0x0D + VK_SHIFT = 0x10 + VK_CONTROL = 0x11 + VK_MENU = 0x12 + VK_PAUSE = 0x13 + VK_CAPITAL = 0x14 + VK_KANA = 0x15 + VK_HANGEUL = 0x15 + VK_HANGUL = 0x15 + VK_IME_ON = 0x16 + VK_JUNJA = 0x17 + VK_FINAL = 0x18 + VK_HANJA = 0x19 + VK_KANJI = 0x19 + VK_IME_OFF = 0x1A + VK_ESCAPE = 0x1B + VK_CONVERT = 0x1C + VK_NONCONVERT = 0x1D + VK_ACCEPT = 0x1E + VK_MODECHANGE = 0x1F + VK_SPACE = 0x20 + VK_PRIOR = 0x21 + VK_NEXT = 0x22 + VK_END = 0x23 + VK_HOME = 0x24 + VK_LEFT = 0x25 + VK_UP = 0x26 + VK_RIGHT = 0x27 + VK_DOWN = 0x28 + VK_SELECT = 0x29 + VK_PRINT = 0x2A + VK_EXECUTE = 0x2B + VK_SNAPSHOT = 0x2C + VK_INSERT = 0x2D + VK_DELETE = 0x2E + VK_HELP = 0x2F + VK_LWIN = 0x5B + VK_RWIN = 0x5C + VK_APPS = 0x5D + VK_SLEEP = 0x5F + VK_NUMPAD0 = 0x60 + VK_NUMPAD1 = 0x61 + VK_NUMPAD2 = 0x62 + VK_NUMPAD3 = 0x63 + VK_NUMPAD4 = 0x64 + VK_NUMPAD5 = 0x65 + VK_NUMPAD6 = 0x66 + VK_NUMPAD7 = 0x67 + VK_NUMPAD8 = 0x68 + VK_NUMPAD9 = 0x69 + VK_MULTIPLY = 0x6A + VK_ADD = 0x6B + VK_SEPARATOR = 0x6C + VK_SUBTRACT = 0x6D + VK_DECIMAL = 0x6E + VK_DIVIDE = 0x6F + VK_F1 = 0x70 + VK_F2 = 0x71 + VK_F3 = 0x72 + VK_F4 = 0x73 + VK_F5 = 0x74 + VK_F6 = 0x75 + VK_F7 = 0x76 + VK_F8 = 0x77 + VK_F9 = 0x78 + VK_F10 = 0x79 + VK_F11 = 0x7A + VK_F12 = 0x7B + VK_F13 = 0x7C + VK_F14 = 0x7D + VK_F15 = 0x7E + VK_F16 = 0x7F + VK_F17 = 0x80 + VK_F18 = 0x81 + VK_F19 = 0x82 + VK_F20 = 0x83 + VK_F21 = 0x84 + VK_F22 = 0x85 + VK_F23 = 0x86 + VK_F24 = 0x87 + VK_NUMLOCK = 0x90 + VK_SCROLL = 0x91 + VK_OEM_NEC_EQUAL = 0x92 + VK_OEM_FJ_JISHO = 0x92 + VK_OEM_FJ_MASSHOU = 0x93 + VK_OEM_FJ_TOUROKU = 0x94 + VK_OEM_FJ_LOYA = 0x95 + VK_OEM_FJ_ROYA = 0x96 + VK_LSHIFT = 0xA0 + VK_RSHIFT = 0xA1 + VK_LCONTROL = 0xA2 + VK_RCONTROL = 0xA3 + VK_LMENU = 0xA4 + VK_RMENU = 0xA5 + VK_BROWSER_BACK = 0xA6 + VK_BROWSER_FORWARD = 0xA7 + VK_BROWSER_REFRESH = 0xA8 + VK_BROWSER_STOP = 0xA9 + VK_BROWSER_SEARCH = 0xAA + VK_BROWSER_FAVORITES = 0xAB + VK_BROWSER_HOME = 0xAC + VK_VOLUME_MUTE = 0xAD + VK_VOLUME_DOWN = 0xAE + VK_VOLUME_UP = 0xAF + VK_MEDIA_NEXT_TRACK = 0xB0 + VK_MEDIA_PREV_TRACK = 0xB1 + VK_MEDIA_STOP = 0xB2 + VK_MEDIA_PLAY_PAUSE = 0xB3 + VK_LAUNCH_MAIL = 0xB4 + VK_LAUNCH_MEDIA_SELECT = 0xB5 + VK_LAUNCH_APP1 = 0xB6 + VK_LAUNCH_APP2 = 0xB7 + VK_OEM_1 = 0xBA + VK_OEM_PLUS = 0xBB + VK_OEM_COMMA = 0xBC + VK_OEM_MINUS = 0xBD + VK_OEM_PERIOD = 0xBE + VK_OEM_2 = 0xBF + VK_OEM_3 = 0xC0 + VK_OEM_4 = 0xDB + VK_OEM_5 = 0xDC + VK_OEM_6 = 0xDD + VK_OEM_7 = 0xDE + VK_OEM_8 = 0xDF + VK_OEM_AX = 0xE1 + VK_OEM_102 = 0xE2 + VK_ICO_HELP = 0xE3 + VK_ICO_00 = 0xE4 + VK_PROCESSKEY = 0xE5 + VK_ICO_CLEAR = 0xE6 + VK_OEM_RESET = 0xE9 + VK_OEM_JUMP = 0xEA + VK_OEM_PA1 = 0xEB + VK_OEM_PA2 = 0xEC + VK_OEM_PA3 = 0xED + VK_OEM_WSCTRL = 0xEE + VK_OEM_CUSEL = 0xEF + VK_OEM_ATTN = 0xF0 + VK_OEM_FINISH = 0xF1 + VK_OEM_COPY = 0xF2 + VK_OEM_AUTO = 0xF3 + VK_OEM_ENLW = 0xF4 + VK_OEM_BACKTAB = 0xF5 + VK_ATTN = 0xF6 + VK_CRSEL = 0xF7 + VK_EXSEL = 0xF8 + VK_EREOF = 0xF9 + VK_PLAY = 0xFA + VK_ZOOM = 0xFB + VK_NONAME = 0xFC + VK_PA1 = 0xFD + VK_OEM_CLEAR = 0xFE +) + +// Mouse button constants. +// https://docs.microsoft.com/en-us/windows/console/mouse-event-record-str +const ( + FROM_LEFT_1ST_BUTTON_PRESSED = 0x0001 + RIGHTMOST_BUTTON_PRESSED = 0x0002 + FROM_LEFT_2ND_BUTTON_PRESSED = 0x0004 + FROM_LEFT_3RD_BUTTON_PRESSED = 0x0008 + FROM_LEFT_4TH_BUTTON_PRESSED = 0x0010 +) + +// Control key state constaints. +// https://docs.microsoft.com/en-us/windows/console/key-event-record-str +// https://docs.microsoft.com/en-us/windows/console/mouse-event-record-str +const ( + CAPSLOCK_ON = 0x0080 + ENHANCED_KEY = 0x0100 + LEFT_ALT_PRESSED = 0x0002 + LEFT_CTRL_PRESSED = 0x0008 + NUMLOCK_ON = 0x0020 + RIGHT_ALT_PRESSED = 0x0001 + RIGHT_CTRL_PRESSED = 0x0004 + SCROLLLOCK_ON = 0x0040 + SHIFT_PRESSED = 0x0010 +) + +// Mouse event record event flags. +// https://docs.microsoft.com/en-us/windows/console/mouse-event-record-str +const ( + MOUSE_MOVED = 0x0001 + DOUBLE_CLICK = 0x0002 + MOUSE_WHEELED = 0x0004 + MOUSE_HWHEELED = 0x0008 +) + +// Input Record Event Types +// https://learn.microsoft.com/en-us/windows/console/input-record-str +const ( + FOCUS_EVENT = 0x0010 + KEY_EVENT = 0x0001 + MENU_EVENT = 0x0008 + MOUSE_EVENT = 0x0002 + WINDOW_BUFFER_SIZE_EVENT = 0x0004 +) diff --git a/vendor/golang.org/x/sys/windows/zsyscall_windows.go b/vendor/golang.org/x/sys/windows/zsyscall_windows.go index 01c0716c2c4..a58bc48b8ed 100644 --- a/vendor/golang.org/x/sys/windows/zsyscall_windows.go +++ b/vendor/golang.org/x/sys/windows/zsyscall_windows.go @@ -511,6 +511,7 @@ var ( procFreeAddrInfoW = modws2_32.NewProc("FreeAddrInfoW") procGetAddrInfoW = modws2_32.NewProc("GetAddrInfoW") procWSACleanup = modws2_32.NewProc("WSACleanup") + procWSADuplicateSocketW = modws2_32.NewProc("WSADuplicateSocketW") procWSAEnumProtocolsW = modws2_32.NewProc("WSAEnumProtocolsW") procWSAGetOverlappedResult = modws2_32.NewProc("WSAGetOverlappedResult") procWSAIoctl = modws2_32.NewProc("WSAIoctl") @@ -4391,6 +4392,14 @@ func WSACleanup() (err error) { return } +func WSADuplicateSocket(s Handle, processID uint32, info *WSAProtocolInfo) (err error) { + r1, _, e1 := syscall.Syscall(procWSADuplicateSocketW.Addr(), 3, uintptr(s), uintptr(processID), uintptr(unsafe.Pointer(info))) + if r1 != 0 { + err = errnoErr(e1) + } + return +} + func WSAEnumProtocols(protocols *int32, protocolBuffer *WSAProtocolInfo, bufferLength *uint32) (n int32, err error) { r0, _, e1 := syscall.Syscall(procWSAEnumProtocolsW.Addr(), 3, uintptr(unsafe.Pointer(protocols)), uintptr(unsafe.Pointer(protocolBuffer)), uintptr(unsafe.Pointer(bufferLength))) n = int32(r0) diff --git a/vendor/modules.txt b/vendor/modules.txt index 1ebab6dcc25..24481379a74 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -91,10 +91,10 @@ github.com/vishvananda/netlink/nl # github.com/vishvananda/netns v0.0.4 ## explicit; go 1.17 github.com/vishvananda/netns -# golang.org/x/net v0.39.0 +# golang.org/x/net v0.40.0 ## explicit; go 1.23.0 golang.org/x/net/bpf -# golang.org/x/sys v0.32.0 +# golang.org/x/sys v0.33.0 ## explicit; go 1.23.0 golang.org/x/sys/unix golang.org/x/sys/windows From e0282287466f7b9269ab68c58996e941bcdfeb3a Mon Sep 17 00:00:00 2001 From: ningmingxiao Date: Tue, 22 Apr 2025 00:08:05 +0800 Subject: [PATCH 0936/1176] bug:fix runc delete run before delete exec.fifo Signed-off-by: ningmingxiao --- libcontainer/container_linux.go | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index cfb3ccf5cd1..7f0c51f31cf 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -290,7 +290,11 @@ func handleFifoResult(result openResult) error { if err := readFromExecFifo(f); err != nil { return err } - return os.Remove(f.Name()) + err := os.Remove(f.Name()) + if err == nil || os.IsNotExist(err) { + return nil + } + return err } type openResult struct { From 5cdfeea7c9d5c85171c7f52ef166520b23d14ca2 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Wed, 7 May 2025 16:39:48 +1000 Subject: [PATCH 0937/1176] CHANGELOG: forward-port entries from 1.3.0 Signed-off-by: Aleksa Sarai --- CHANGELOG.md | 45 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index b5600ebd43e..e390ab0ed4a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,48 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +## [1.3.0] - 2025-04-30 + +> Mr. President, we must not allow a mine shaft gap! + +### Fixed + * Removed preemptive "full access to cgroups" warning when calling `runc + pause` or `runc unpause` as an unprivileged user without + `--systemd-cgroups`. Now the warning is only emitted if an actual permission + error was encountered. (#4709) + * Several fixes to our CI, mainly related to AlmaLinux and CRIU. (#4670, + #4728, #4736) + +### Changed + * In runc 1.2, we changed our mount behaviour to correctly handle clearing + flags. However, the error messages we returned did not provide as much + information to users about what clearing flags were conflicting with locked + mount flags. We now provide more diagnostic information if there is an error + when in the fallback path to handle locked mount flags. (#4734) + * Upgrade our CI to use golangci-lint v2.0. (#4692) + * `runc version` information is now filled in using `//go:embed` rather than + being set through `Makefile`. This allows `go install` or other non-`make` + builds to contain the correct version information. Note that `make + EXTRA_VERSION=...` still works. (#418) + * Remove `exclude` directives from our `go.mod` for broken `cilium/ebpf` + versions. `v0.17.3` resolved the issue we had, and `exclude` directives are + incompatible with `go install`. (#4748) + +## [1.3.0-rc.2] - 2025-04-10 + +> Eppur si muove. + +### Fixed + * Use the container's `/etc/passwd` to set the `HOME` env var. After a refactor + for 1.3, we were setting it reading the host's `/etc/passwd` file instead. + (#4693, #4688) + * Override `HOME` env var if it's set to the empty string. This fixes a + regression after the same refactor for 1.3 and aligns the behavior with older + versions of runc. (#4711) + * Add time namespace to container config after checkpoint/restore. CRIU since + version 3.14 uses a time namespace for checkpoint/restore, however it was not + joining the time namespace in runc. (#4705) + ## [1.3.0-rc.1] - 2025-03-04 > No tengo miedo al invierno, con tu recuerdo lleno de sol. @@ -1083,4 +1125,7 @@ implementation (libcontainer) is *not* covered by this policy. [1.2.0-rc.1]: https://github.com/opencontainers/runc/compare/v1.1.0...v1.2.0-rc.1 +[Unreleased 1.3.z]: https://github.com/opencontainers/runc/compare/v1.3.0...release-1.3 +[1.3.0]: https://github.com/opencontainers/runc/compare/v1.3.0-rc.2...v1.3.0 +[1.3.0-rc.2]: https://github.com/opencontainers/runc/compare/v1.3.0-rc.1...v1.3.0-rc.2 [1.3.0-rc.1]: https://github.com/opencontainers/runc/compare/v1.2.0...v1.3.0-rc.1 From fbf1a320d8097d81286b30f7851cd10cbc31a07b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 12 May 2025 04:47:59 +0000 Subject: [PATCH 0938/1176] build(deps): bump github.com/vishvananda/netlink from 1.3.0 to 1.3.1 Bumps [github.com/vishvananda/netlink](https://github.com/vishvananda/netlink) from 1.3.0 to 1.3.1. - [Release notes](https://github.com/vishvananda/netlink/releases) - [Commits](https://github.com/vishvananda/netlink/compare/v1.3.0...v1.3.1) --- updated-dependencies: - dependency-name: github.com/vishvananda/netlink dependency-version: 1.3.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 4 +- go.sum | 8 +- .../vishvananda/netlink/addr_linux.go | 34 ++- .../vishvananda/netlink/bridge_linux.go | 200 ++++++++++-- .../vishvananda/netlink/chain_linux.go | 16 +- .../vishvananda/netlink/class_linux.go | 14 +- .../vishvananda/netlink/conntrack_linux.go | 43 ++- .../netlink/conntrack_unspecified.go | 2 +- .../vishvananda/netlink/devlink_linux.go | 40 ++- .../github.com/vishvananda/netlink/filter.go | 52 ++++ .../vishvananda/netlink/filter_linux.go | 157 ++++++++-- vendor/github.com/vishvananda/netlink/fou.go | 15 +- .../vishvananda/netlink/fou_linux.go | 66 ++-- .../vishvananda/netlink/fou_unspecified.go | 1 + .../vishvananda/netlink/genetlink_linux.go | 13 +- .../vishvananda/netlink/gtp_linux.go | 13 +- .../vishvananda/netlink/handle_unspecified.go | 5 + .../vishvananda/netlink/ioctl_linux.go | 2 +- .../vishvananda/netlink/ipset_linux.go | 113 ++++++- vendor/github.com/vishvananda/netlink/link.go | 75 +++-- .../vishvananda/netlink/link_linux.go | 288 ++++++++++++++++-- .../vishvananda/netlink/link_tuntap_linux.go | 137 +++++++++ .../github.com/vishvananda/netlink/neigh.go | 8 + .../vishvananda/netlink/neigh_linux.go | 38 ++- .../vishvananda/netlink/netlink_linux.go | 3 + .../netlink/netlink_unspecified.go | 5 + .../vishvananda/netlink/nl/bridge_linux.go | 13 + .../vishvananda/netlink/nl/link_linux.go | 24 ++ .../vishvananda/netlink/nl/nl_linux.go | 110 ++++++- .../netlink/nl/parse_attr_linux.go | 2 +- .../vishvananda/netlink/nl/rdma_link_linux.go | 58 ++-- .../vishvananda/netlink/nl/seg6local_linux.go | 1 + .../vishvananda/netlink/nl/tc_linux.go | 68 ++++- .../vishvananda/netlink/nl/xfrm_linux.go | 12 +- .../vishvananda/netlink/protinfo.go | 4 + .../vishvananda/netlink/protinfo_linux.go | 16 +- .../github.com/vishvananda/netlink/qdisc.go | 6 +- .../vishvananda/netlink/qdisc_linux.go | 19 +- .../vishvananda/netlink/rdma_link_linux.go | 239 ++++++++++++++- .../github.com/vishvananda/netlink/route.go | 4 +- .../vishvananda/netlink/route_linux.go | 70 ++++- .../vishvananda/netlink/rule_linux.go | 21 +- .../vishvananda/netlink/socket_linux.go | 111 ++++--- .../vishvananda/netlink/socket_xdp_linux.go | 18 +- .../vishvananda/netlink/vdpa_linux.go | 60 +++- .../vishvananda/netlink/xfrm_linux.go | 8 + .../vishvananda/netlink/xfrm_policy_linux.go | 15 +- .../vishvananda/netlink/xfrm_state_linux.go | 41 ++- .../vishvananda/netns/.golangci.yml | 24 ++ .../vishvananda/netns/.yamllint.yml | 9 + .../vishvananda/netns/netns_linux.go | 23 +- .../vishvananda/netns/netns_others.go | 16 +- vendor/modules.txt | 4 +- 53 files changed, 1973 insertions(+), 375 deletions(-) create mode 100644 vendor/github.com/vishvananda/netns/.yamllint.yml diff --git a/go.mod b/go.mod index 42c5260b5ff..ea5650bb0af 100644 --- a/go.mod +++ b/go.mod @@ -20,7 +20,7 @@ require ( github.com/seccomp/libseccomp-golang v0.11.0 github.com/sirupsen/logrus v1.9.3 github.com/urfave/cli v1.22.16 - github.com/vishvananda/netlink v1.3.0 + github.com/vishvananda/netlink v1.3.1 golang.org/x/net v0.40.0 golang.org/x/sys v0.33.0 google.golang.org/protobuf v1.36.6 @@ -30,5 +30,5 @@ require ( github.com/cilium/ebpf v0.17.3 // indirect github.com/cpuguy83/go-md2man/v2 v2.0.5 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect - github.com/vishvananda/netns v0.0.4 // indirect + github.com/vishvananda/netns v0.0.5 // indirect ) diff --git a/go.sum b/go.sum index 7aebac50527..e57a0f5a19e 100644 --- a/go.sum +++ b/go.sum @@ -73,10 +73,10 @@ github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsT github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/urfave/cli v1.22.16 h1:MH0k6uJxdwdeWQTwhSO42Pwr4YLrNLwBtg1MRgTqPdQ= github.com/urfave/cli v1.22.16/go.mod h1:EeJR6BKodywf4zciqrdw6hpCPk68JO9z5LazXZMn5Po= -github.com/vishvananda/netlink v1.3.0 h1:X7l42GfcV4S6E4vHTsw48qbrV+9PVojNfIhZcwQdrZk= -github.com/vishvananda/netlink v1.3.0/go.mod h1:i6NetklAujEcC6fK0JPjT8qSwWyO0HLn4UKG+hGqeJs= -github.com/vishvananda/netns v0.0.4 h1:Oeaw1EM2JMxD51g9uhtC0D7erkIjgmj8+JZc26m1YX8= -github.com/vishvananda/netns v0.0.4/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM= +github.com/vishvananda/netlink v1.3.1 h1:3AEMt62VKqz90r0tmNhog0r/PpWKmrEShJU0wJW6bV0= +github.com/vishvananda/netlink v1.3.1/go.mod h1:ARtKouGSTGchR8aMwmkzC0qiNPrrWO5JS/XMVl45+b4= +github.com/vishvananda/netns v0.0.5 h1:DfiHV+j8bA32MFM7bfEunvT8IAqQ/NzSJHtcmW5zdEY= +github.com/vishvananda/netns v0.0.5/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM= golang.org/x/net v0.40.0 h1:79Xs7wF06Gbdcg4kdCCIQArK11Z1hr5POQ6+fIYHNuY= golang.org/x/net v0.40.0/go.mod h1:y0hY0exeL2Pku80/zKK7tpntoX23cqL3Oa6njdgRtds= golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= diff --git a/vendor/github.com/vishvananda/netlink/addr_linux.go b/vendor/github.com/vishvananda/netlink/addr_linux.go index 218ab237965..9e312043bf3 100644 --- a/vendor/github.com/vishvananda/netlink/addr_linux.go +++ b/vendor/github.com/vishvananda/netlink/addr_linux.go @@ -1,9 +1,9 @@ package netlink import ( + "errors" "fmt" "net" - "strings" "syscall" "github.com/vishvananda/netlink/nl" @@ -17,6 +17,7 @@ import ( // // If `addr` is an IPv4 address and the broadcast address is not given, it // will be automatically computed based on the IP mask if /30 or larger. +// If `net.IPv4zero` is given as the broadcast address, broadcast is disabled. func AddrAdd(link Link, addr *Addr) error { return pkgHandle.AddrAdd(link, addr) } @@ -27,6 +28,7 @@ func AddrAdd(link Link, addr *Addr) error { // // If `addr` is an IPv4 address and the broadcast address is not given, it // will be automatically computed based on the IP mask if /30 or larger. +// If `net.IPv4zero` is given as the broadcast address, broadcast is disabled. func (h *Handle) AddrAdd(link Link, addr *Addr) error { req := h.newNetlinkRequest(unix.RTM_NEWADDR, unix.NLM_F_CREATE|unix.NLM_F_EXCL|unix.NLM_F_ACK) return h.addrHandle(link, addr, req) @@ -38,6 +40,7 @@ func (h *Handle) AddrAdd(link Link, addr *Addr) error { // // If `addr` is an IPv4 address and the broadcast address is not given, it // will be automatically computed based on the IP mask if /30 or larger. +// If `net.IPv4zero` is given as the broadcast address, broadcast is disabled. func AddrReplace(link Link, addr *Addr) error { return pkgHandle.AddrReplace(link, addr) } @@ -48,6 +51,7 @@ func AddrReplace(link Link, addr *Addr) error { // // If `addr` is an IPv4 address and the broadcast address is not given, it // will be automatically computed based on the IP mask if /30 or larger. +// If `net.IPv4zero` is given as the broadcast address, broadcast is disabled. func (h *Handle) AddrReplace(link Link, addr *Addr) error { req := h.newNetlinkRequest(unix.RTM_NEWADDR, unix.NLM_F_CREATE|unix.NLM_F_REPLACE|unix.NLM_F_ACK) return h.addrHandle(link, addr, req) @@ -56,18 +60,13 @@ func (h *Handle) AddrReplace(link Link, addr *Addr) error { // AddrDel will delete an IP address from a link device. // // Equivalent to: `ip addr del $addr dev $link` -// -// If `addr` is an IPv4 address and the broadcast address is not given, it -// will be automatically computed based on the IP mask if /30 or larger. func AddrDel(link Link, addr *Addr) error { return pkgHandle.AddrDel(link, addr) } // AddrDel will delete an IP address from a link device. -// Equivalent to: `ip addr del $addr dev $link` // -// If `addr` is an IPv4 address and the broadcast address is not given, it -// will be automatically computed based on the IP mask if /30 or larger. +// Equivalent to: `ip addr del $addr dev $link` func (h *Handle) AddrDel(link Link, addr *Addr) error { req := h.newNetlinkRequest(unix.RTM_DELADDR, unix.NLM_F_ACK) return h.addrHandle(link, addr, req) @@ -81,9 +80,6 @@ func (h *Handle) addrHandle(link Link, addr *Addr, req *nl.NetlinkRequest) error msg.Index = uint32(addr.LinkIndex) } else { base := link.Attrs() - if addr.Label != "" && !strings.HasPrefix(addr.Label, base.Name) { - return fmt.Errorf("label must begin with interface name") - } h.ensureIndex(base) msg.Index = uint32(base.Index) } @@ -141,6 +137,10 @@ func (h *Handle) addrHandle(link Link, addr *Addr, req *nl.NetlinkRequest) error addr.Broadcast = calcBroadcast } + if net.IPv4zero.Equal(addr.Broadcast) { + addr.Broadcast = nil + } + if addr.Broadcast != nil { req.AddData(nl.NewRtAttr(unix.IFA_BROADCAST, addr.Broadcast)) } @@ -169,6 +169,9 @@ func (h *Handle) addrHandle(link Link, addr *Addr, req *nl.NetlinkRequest) error // AddrList gets a list of IP addresses in the system. // Equivalent to: `ip addr show`. // The list can be filtered by link and ip family. +// +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func AddrList(link Link, family int) ([]Addr, error) { return pkgHandle.AddrList(link, family) } @@ -176,14 +179,17 @@ func AddrList(link Link, family int) ([]Addr, error) { // AddrList gets a list of IP addresses in the system. // Equivalent to: `ip addr show`. // The list can be filtered by link and ip family. +// +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func (h *Handle) AddrList(link Link, family int) ([]Addr, error) { req := h.newNetlinkRequest(unix.RTM_GETADDR, unix.NLM_F_DUMP) msg := nl.NewIfAddrmsg(family) req.AddData(msg) - msgs, err := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWADDR) - if err != nil { - return nil, err + msgs, executeErr := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWADDR) + if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) { + return nil, executeErr } indexFilter := 0 @@ -212,7 +218,7 @@ func (h *Handle) AddrList(link Link, family int) ([]Addr, error) { res = append(res, addr) } - return res, nil + return res, executeErr } func parseAddr(m []byte) (addr Addr, family int, err error) { diff --git a/vendor/github.com/vishvananda/netlink/bridge_linux.go b/vendor/github.com/vishvananda/netlink/bridge_linux.go index 6c340b0ce9a..ec941e5c78c 100644 --- a/vendor/github.com/vishvananda/netlink/bridge_linux.go +++ b/vendor/github.com/vishvananda/netlink/bridge_linux.go @@ -1,29 +1,127 @@ package netlink import ( + "errors" "fmt" + "syscall" "github.com/vishvananda/netlink/nl" "golang.org/x/sys/unix" ) +// BridgeVlanTunnelShow gets vlanid-tunnelid mapping. +// Equivalent to: `bridge vlan tunnelshow` +// +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. +func BridgeVlanTunnelShow() ([]nl.TunnelInfo, error) { + return pkgHandle.BridgeVlanTunnelShow() +} + +func (h *Handle) BridgeVlanTunnelShow() ([]nl.TunnelInfo, error) { + req := h.newNetlinkRequest(unix.RTM_GETLINK, unix.NLM_F_DUMP) + msg := nl.NewIfInfomsg(unix.AF_BRIDGE) + req.AddData(msg) + req.AddData(nl.NewRtAttr(unix.IFLA_EXT_MASK, nl.Uint32Attr(uint32(nl.RTEXT_FILTER_BRVLAN)))) + + msgs, executeErr := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWLINK) + if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) { + return nil, executeErr + } + ret := make([]nl.TunnelInfo, 0) + for _, m := range msgs { + msg := nl.DeserializeIfInfomsg(m) + + attrs, err := nl.ParseRouteAttr(m[msg.Len():]) + if err != nil { + return nil, err + } + for _, attr := range attrs { + switch attr.Attr.Type { + case unix.IFLA_AF_SPEC: + nestedAttrs, err := nl.ParseRouteAttr(attr.Value) + if err != nil { + return nil, fmt.Errorf("failed to parse nested attr %v", err) + } + for _, nestAttr := range nestedAttrs { + switch nestAttr.Attr.Type { + case nl.IFLA_BRIDGE_VLAN_TUNNEL_INFO: + ret, err = parseTunnelInfo(&nestAttr, ret) + if err != nil { + return nil, fmt.Errorf("failed to parse tunnelinfo %v", err) + } + } + } + } + } + } + return ret, executeErr +} + +func parseTunnelInfo(nestAttr *syscall.NetlinkRouteAttr, results []nl.TunnelInfo) ([]nl.TunnelInfo, error) { + tunnelInfos, err := nl.ParseRouteAttr(nestAttr.Value) + if err != nil { + return nil, fmt.Errorf("failed to parse nested attr %v", err) + } + var tunnelId uint32 + var vid uint16 + var flag uint16 + for _, tunnelInfo := range tunnelInfos { + switch tunnelInfo.Attr.Type { + case nl.IFLA_BRIDGE_VLAN_TUNNEL_ID: + tunnelId = native.Uint32(tunnelInfo.Value) + case nl.IFLA_BRIDGE_VLAN_TUNNEL_VID: + vid = native.Uint16(tunnelInfo.Value) + case nl.IFLA_BRIDGE_VLAN_TUNNEL_FLAGS: + flag = native.Uint16(tunnelInfo.Value) + } + } + + if flag == nl.BRIDGE_VLAN_INFO_RANGE_END { + lastTi := results[len(results)-1] + vni := lastTi.TunId + 1 + for i := lastTi.Vid + 1; i < vid; i++ { + t := nl.TunnelInfo{ + TunId: vni, + Vid: i, + } + results = append(results, t) + vni++ + } + } + + t := nl.TunnelInfo{ + TunId: tunnelId, + Vid: vid, + } + + results = append(results, t) + return results, nil +} + // BridgeVlanList gets a map of device id to bridge vlan infos. // Equivalent to: `bridge vlan show` +// +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func BridgeVlanList() (map[int32][]*nl.BridgeVlanInfo, error) { return pkgHandle.BridgeVlanList() } // BridgeVlanList gets a map of device id to bridge vlan infos. // Equivalent to: `bridge vlan show` +// +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func (h *Handle) BridgeVlanList() (map[int32][]*nl.BridgeVlanInfo, error) { req := h.newNetlinkRequest(unix.RTM_GETLINK, unix.NLM_F_DUMP) msg := nl.NewIfInfomsg(unix.AF_BRIDGE) req.AddData(msg) req.AddData(nl.NewRtAttr(unix.IFLA_EXT_MASK, nl.Uint32Attr(uint32(nl.RTEXT_FILTER_BRVLAN)))) - msgs, err := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWLINK) - if err != nil { - return nil, err + msgs, executeErr := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWLINK) + if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) { + return nil, executeErr } ret := make(map[int32][]*nl.BridgeVlanInfo) for _, m := range msgs { @@ -51,7 +149,39 @@ func (h *Handle) BridgeVlanList() (map[int32][]*nl.BridgeVlanInfo, error) { } } } - return ret, nil + return ret, executeErr +} + +// BridgeVlanAddTunnelInfo adds a new vlan filter entry +// Equivalent to: `bridge vlan add dev DEV vid VID tunnel_info id TUNID [ self ] [ master ]` +func BridgeVlanAddTunnelInfo(link Link, vid uint16, tunid uint32, self, master bool) error { + return pkgHandle.BridgeVlanAddTunnelInfo(link, vid, 0, tunid, 0, self, master) +} + +// BridgeVlanAddRangeTunnelInfoRange adds a new vlan filter entry +// Equivalent to: `bridge vlan add dev DEV vid VID-VIDEND tunnel_info id VIN-VINEND [ self ] [ master ]` +func BridgeVlanAddRangeTunnelInfoRange(link Link, vid, vidEnd uint16, tunid, tunidEnd uint32, self, master bool) error { + return pkgHandle.BridgeVlanAddTunnelInfo(link, vid, vidEnd, tunid, tunidEnd, self, master) +} + +func (h *Handle) BridgeVlanAddTunnelInfo(link Link, vid, vidEnd uint16, tunid, tunidEnd uint32, self, master bool) error { + return h.bridgeVlanModify(unix.RTM_SETLINK, link, vid, vidEnd, tunid, tunidEnd, false, false, self, master) +} + +// BridgeVlanDelTunnelInfo adds a new vlan filter entry +// Equivalent to: `bridge vlan del dev DEV vid VID tunnel_info id TUNID [ self ] [ master ]` +func BridgeVlanDelTunnelInfo(link Link, vid uint16, tunid uint32, self, master bool) error { + return pkgHandle.BridgeVlanDelTunnelInfo(link, vid, 0, tunid, 0, self, master) +} + +// BridgeVlanDelRangeTunnelInfoRange adds a new vlan filter entry +// Equivalent to: `bridge vlan del dev DEV vid VID-VIDEND tunnel_info id VIN-VINEND [ self ] [ master ]` +func BridgeVlanDelRangeTunnelInfoRange(link Link, vid, vidEnd uint16, tunid, tunidEnd uint32, self, master bool) error { + return pkgHandle.BridgeVlanDelTunnelInfo(link, vid, vidEnd, tunid, tunidEnd, self, master) +} + +func (h *Handle) BridgeVlanDelTunnelInfo(link Link, vid, vidEnd uint16, tunid, tunidEnd uint32, self, master bool) error { + return h.bridgeVlanModify(unix.RTM_DELLINK, link, vid, vidEnd, tunid, tunidEnd, false, false, self, master) } // BridgeVlanAdd adds a new vlan filter entry @@ -63,7 +193,7 @@ func BridgeVlanAdd(link Link, vid uint16, pvid, untagged, self, master bool) err // BridgeVlanAdd adds a new vlan filter entry // Equivalent to: `bridge vlan add dev DEV vid VID [ pvid ] [ untagged ] [ self ] [ master ]` func (h *Handle) BridgeVlanAdd(link Link, vid uint16, pvid, untagged, self, master bool) error { - return h.bridgeVlanModify(unix.RTM_SETLINK, link, vid, 0, pvid, untagged, self, master) + return h.bridgeVlanModify(unix.RTM_SETLINK, link, vid, 0, 0, 0, pvid, untagged, self, master) } // BridgeVlanAddRange adds a new vlan filter entry @@ -75,7 +205,7 @@ func BridgeVlanAddRange(link Link, vid, vidEnd uint16, pvid, untagged, self, mas // BridgeVlanAddRange adds a new vlan filter entry // Equivalent to: `bridge vlan add dev DEV vid VID-VIDEND [ pvid ] [ untagged ] [ self ] [ master ]` func (h *Handle) BridgeVlanAddRange(link Link, vid, vidEnd uint16, pvid, untagged, self, master bool) error { - return h.bridgeVlanModify(unix.RTM_SETLINK, link, vid, vidEnd, pvid, untagged, self, master) + return h.bridgeVlanModify(unix.RTM_SETLINK, link, vid, vidEnd, 0, 0, pvid, untagged, self, master) } // BridgeVlanDel adds a new vlan filter entry @@ -87,7 +217,7 @@ func BridgeVlanDel(link Link, vid uint16, pvid, untagged, self, master bool) err // BridgeVlanDel adds a new vlan filter entry // Equivalent to: `bridge vlan del dev DEV vid VID [ pvid ] [ untagged ] [ self ] [ master ]` func (h *Handle) BridgeVlanDel(link Link, vid uint16, pvid, untagged, self, master bool) error { - return h.bridgeVlanModify(unix.RTM_DELLINK, link, vid, 0, pvid, untagged, self, master) + return h.bridgeVlanModify(unix.RTM_DELLINK, link, vid, 0, 0, 0, pvid, untagged, self, master) } // BridgeVlanDelRange adds a new vlan filter entry @@ -99,10 +229,10 @@ func BridgeVlanDelRange(link Link, vid, vidEnd uint16, pvid, untagged, self, mas // BridgeVlanDelRange adds a new vlan filter entry // Equivalent to: `bridge vlan del dev DEV vid VID-VIDEND [ pvid ] [ untagged ] [ self ] [ master ]` func (h *Handle) BridgeVlanDelRange(link Link, vid, vidEnd uint16, pvid, untagged, self, master bool) error { - return h.bridgeVlanModify(unix.RTM_DELLINK, link, vid, vidEnd, pvid, untagged, self, master) + return h.bridgeVlanModify(unix.RTM_DELLINK, link, vid, vidEnd, 0, 0, pvid, untagged, self, master) } -func (h *Handle) bridgeVlanModify(cmd int, link Link, vid, vidEnd uint16, pvid, untagged, self, master bool) error { +func (h *Handle) bridgeVlanModify(cmd int, link Link, vid, vidEnd uint16, tunid, tunidEnd uint32, pvid, untagged, self, master bool) error { base := link.Attrs() h.ensureIndex(base) req := h.newNetlinkRequest(cmd, unix.NLM_F_ACK) @@ -122,25 +252,45 @@ func (h *Handle) bridgeVlanModify(cmd int, link Link, vid, vidEnd uint16, pvid, if flags > 0 { br.AddRtAttr(nl.IFLA_BRIDGE_FLAGS, nl.Uint16Attr(flags)) } - vlanInfo := &nl.BridgeVlanInfo{Vid: vid} - if pvid { - vlanInfo.Flags |= nl.BRIDGE_VLAN_INFO_PVID - } - if untagged { - vlanInfo.Flags |= nl.BRIDGE_VLAN_INFO_UNTAGGED - } - if vidEnd != 0 { - vlanEndInfo := &nl.BridgeVlanInfo{Vid: vidEnd} - vlanEndInfo.Flags = vlanInfo.Flags + if tunid != 0 { + if tunidEnd != 0 { + tiStart := br.AddRtAttr(nl.IFLA_BRIDGE_VLAN_TUNNEL_INFO, nil) + tiStart.AddRtAttr(nl.IFLA_BRIDGE_VLAN_TUNNEL_ID, nl.Uint32Attr(tunid)) + tiStart.AddRtAttr(nl.IFLA_BRIDGE_VLAN_TUNNEL_VID, nl.Uint16Attr(vid)) + tiStart.AddRtAttr(nl.IFLA_BRIDGE_VLAN_TUNNEL_FLAGS, nl.Uint16Attr(nl.BRIDGE_VLAN_INFO_RANGE_BEGIN)) - vlanInfo.Flags |= nl.BRIDGE_VLAN_INFO_RANGE_BEGIN - br.AddRtAttr(nl.IFLA_BRIDGE_VLAN_INFO, vlanInfo.Serialize()) + tiEnd := br.AddRtAttr(nl.IFLA_BRIDGE_VLAN_TUNNEL_INFO, nil) + tiEnd.AddRtAttr(nl.IFLA_BRIDGE_VLAN_TUNNEL_ID, nl.Uint32Attr(tunidEnd)) + tiEnd.AddRtAttr(nl.IFLA_BRIDGE_VLAN_TUNNEL_VID, nl.Uint16Attr(vidEnd)) + tiEnd.AddRtAttr(nl.IFLA_BRIDGE_VLAN_TUNNEL_FLAGS, nl.Uint16Attr(nl.BRIDGE_VLAN_INFO_RANGE_END)) + } else { + ti := br.AddRtAttr(nl.IFLA_BRIDGE_VLAN_TUNNEL_INFO, nil) + ti.AddRtAttr(nl.IFLA_BRIDGE_VLAN_TUNNEL_ID, nl.Uint32Attr(tunid)) + ti.AddRtAttr(nl.IFLA_BRIDGE_VLAN_TUNNEL_VID, nl.Uint16Attr(vid)) + ti.AddRtAttr(nl.IFLA_BRIDGE_VLAN_TUNNEL_FLAGS, nl.Uint16Attr(0)) + } + } else { + vlanInfo := &nl.BridgeVlanInfo{Vid: vid} + if pvid { + vlanInfo.Flags |= nl.BRIDGE_VLAN_INFO_PVID + } + if untagged { + vlanInfo.Flags |= nl.BRIDGE_VLAN_INFO_UNTAGGED + } - vlanEndInfo.Flags |= nl.BRIDGE_VLAN_INFO_RANGE_END - br.AddRtAttr(nl.IFLA_BRIDGE_VLAN_INFO, vlanEndInfo.Serialize()) - } else { - br.AddRtAttr(nl.IFLA_BRIDGE_VLAN_INFO, vlanInfo.Serialize()) + if vidEnd != 0 { + vlanEndInfo := &nl.BridgeVlanInfo{Vid: vidEnd} + vlanEndInfo.Flags = vlanInfo.Flags + + vlanInfo.Flags |= nl.BRIDGE_VLAN_INFO_RANGE_BEGIN + br.AddRtAttr(nl.IFLA_BRIDGE_VLAN_INFO, vlanInfo.Serialize()) + + vlanEndInfo.Flags |= nl.BRIDGE_VLAN_INFO_RANGE_END + br.AddRtAttr(nl.IFLA_BRIDGE_VLAN_INFO, vlanEndInfo.Serialize()) + } else { + br.AddRtAttr(nl.IFLA_BRIDGE_VLAN_INFO, vlanInfo.Serialize()) + } } req.AddData(br) diff --git a/vendor/github.com/vishvananda/netlink/chain_linux.go b/vendor/github.com/vishvananda/netlink/chain_linux.go index d9f441613cc..5008e7101f5 100644 --- a/vendor/github.com/vishvananda/netlink/chain_linux.go +++ b/vendor/github.com/vishvananda/netlink/chain_linux.go @@ -1,6 +1,8 @@ package netlink import ( + "errors" + "github.com/vishvananda/netlink/nl" "golang.org/x/sys/unix" ) @@ -56,6 +58,9 @@ func (h *Handle) chainModify(cmd, flags int, link Link, chain Chain) error { // ChainList gets a list of chains in the system. // Equivalent to: `tc chain list`. // The list can be filtered by link. +// +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func ChainList(link Link, parent uint32) ([]Chain, error) { return pkgHandle.ChainList(link, parent) } @@ -63,6 +68,9 @@ func ChainList(link Link, parent uint32) ([]Chain, error) { // ChainList gets a list of chains in the system. // Equivalent to: `tc chain list`. // The list can be filtered by link. +// +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func (h *Handle) ChainList(link Link, parent uint32) ([]Chain, error) { req := h.newNetlinkRequest(unix.RTM_GETCHAIN, unix.NLM_F_DUMP) index := int32(0) @@ -78,9 +86,9 @@ func (h *Handle) ChainList(link Link, parent uint32) ([]Chain, error) { } req.AddData(msg) - msgs, err := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWCHAIN) - if err != nil { - return nil, err + msgs, executeErr := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWCHAIN) + if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) { + return nil, executeErr } var res []Chain @@ -108,5 +116,5 @@ func (h *Handle) ChainList(link Link, parent uint32) ([]Chain, error) { res = append(res, chain) } - return res, nil + return res, executeErr } diff --git a/vendor/github.com/vishvananda/netlink/class_linux.go b/vendor/github.com/vishvananda/netlink/class_linux.go index a82eb09de24..08fb16c2bc2 100644 --- a/vendor/github.com/vishvananda/netlink/class_linux.go +++ b/vendor/github.com/vishvananda/netlink/class_linux.go @@ -201,14 +201,20 @@ func classPayload(req *nl.NetlinkRequest, class Class) error { // ClassList gets a list of classes in the system. // Equivalent to: `tc class show`. +// // Generally returns nothing if link and parent are not specified. +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func ClassList(link Link, parent uint32) ([]Class, error) { return pkgHandle.ClassList(link, parent) } // ClassList gets a list of classes in the system. // Equivalent to: `tc class show`. +// // Generally returns nothing if link and parent are not specified. +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func (h *Handle) ClassList(link Link, parent uint32) ([]Class, error) { req := h.newNetlinkRequest(unix.RTM_GETTCLASS, unix.NLM_F_DUMP) msg := &nl.TcMsg{ @@ -222,9 +228,9 @@ func (h *Handle) ClassList(link Link, parent uint32) ([]Class, error) { } req.AddData(msg) - msgs, err := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWTCLASS) - if err != nil { - return nil, err + msgs, executeErr := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWTCLASS) + if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) { + return nil, executeErr } var res []Class @@ -295,7 +301,7 @@ func (h *Handle) ClassList(link Link, parent uint32) ([]Class, error) { res = append(res, class) } - return res, nil + return res, executeErr } func parseHtbClassData(class Class, data []syscall.NetlinkRouteAttr) (bool, error) { diff --git a/vendor/github.com/vishvananda/netlink/conntrack_linux.go b/vendor/github.com/vishvananda/netlink/conntrack_linux.go index ba022453b3b..b3d354d75e7 100644 --- a/vendor/github.com/vishvananda/netlink/conntrack_linux.go +++ b/vendor/github.com/vishvananda/netlink/conntrack_linux.go @@ -5,6 +5,7 @@ import ( "encoding/binary" "errors" "fmt" + "io/fs" "net" "time" @@ -44,6 +45,9 @@ type InetFamily uint8 // ConntrackTableList returns the flow list of a table of a specific family // conntrack -L [table] [options] List conntrack or expectation table +// +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func ConntrackTableList(table ConntrackTableType, family InetFamily) ([]*ConntrackFlow, error) { return pkgHandle.ConntrackTableList(table, family) } @@ -70,7 +74,7 @@ func ConntrackUpdate(table ConntrackTableType, family InetFamily, flow *Conntrac // ConntrackDeleteFilter deletes entries on the specified table on the base of the filter // conntrack -D [table] parameters Delete conntrack or expectation // -// Deprecated: use [ConntrackDeleteFilter] instead. +// Deprecated: use [ConntrackDeleteFilters] instead. func ConntrackDeleteFilter(table ConntrackTableType, family InetFamily, filter CustomConntrackFilter) (uint, error) { return pkgHandle.ConntrackDeleteFilters(table, family, filter) } @@ -83,10 +87,13 @@ func ConntrackDeleteFilters(table ConntrackTableType, family InetFamily, filters // ConntrackTableList returns the flow list of a table of a specific family using the netlink handle passed // conntrack -L [table] [options] List conntrack or expectation table +// +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func (h *Handle) ConntrackTableList(table ConntrackTableType, family InetFamily) ([]*ConntrackFlow, error) { - res, err := h.dumpConntrackTable(table, family) - if err != nil { - return nil, err + res, executeErr := h.dumpConntrackTable(table, family) + if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) { + return nil, executeErr } // Deserialize all the flows @@ -95,7 +102,7 @@ func (h *Handle) ConntrackTableList(table ConntrackTableType, family InetFamily) result = append(result, parseRawData(dataRaw)) } - return result, nil + return result, executeErr } // ConntrackTableFlush flushes all the flows of a specified table using the netlink handle passed @@ -152,11 +159,18 @@ func (h *Handle) ConntrackDeleteFilter(table ConntrackTableType, family InetFami // ConntrackDeleteFilters deletes entries on the specified table matching any of the specified filters using the netlink handle passed // conntrack -D [table] parameters Delete conntrack or expectation func (h *Handle) ConntrackDeleteFilters(table ConntrackTableType, family InetFamily, filters ...CustomConntrackFilter) (uint, error) { + var finalErr error res, err := h.dumpConntrackTable(table, family) if err != nil { - return 0, err + if !errors.Is(err, ErrDumpInterrupted) { + return 0, err + } + // This allows us to at least do a best effort to try to clean the + // entries matching the filter. + finalErr = err } + var totalFilterErrors int var matched uint for _, dataRaw := range res { flow := parseRawData(dataRaw) @@ -165,15 +179,20 @@ func (h *Handle) ConntrackDeleteFilters(table ConntrackTableType, family InetFam req2 := h.newConntrackRequest(table, family, nl.IPCTNL_MSG_CT_DELETE, unix.NLM_F_ACK) // skip the first 4 byte that are the netfilter header, the newConntrackRequest is adding it already req2.AddRawData(dataRaw[4:]) - req2.Execute(unix.NETLINK_NETFILTER, 0) - matched++ - // flow is already deleted, no need to match on other filters and continue to the next flow. - break + if _, err = req2.Execute(unix.NETLINK_NETFILTER, 0); err == nil || errors.Is(err, fs.ErrNotExist) { + matched++ + // flow is already deleted, no need to match on other filters and continue to the next flow. + break + } else { + totalFilterErrors++ + } } } } - - return matched, nil + if totalFilterErrors > 0 { + finalErr = errors.Join(finalErr, fmt.Errorf("failed to delete %d conntrack flows with %d filters", totalFilterErrors, len(filters))) + } + return matched, finalErr } func (h *Handle) newConntrackRequest(table ConntrackTableType, family InetFamily, operation, flags int) *nl.NetlinkRequest { diff --git a/vendor/github.com/vishvananda/netlink/conntrack_unspecified.go b/vendor/github.com/vishvananda/netlink/conntrack_unspecified.go index 0bfdf422d1e..0049048dc34 100644 --- a/vendor/github.com/vishvananda/netlink/conntrack_unspecified.go +++ b/vendor/github.com/vishvananda/netlink/conntrack_unspecified.go @@ -33,7 +33,7 @@ func ConntrackTableFlush(table ConntrackTableType) error { // ConntrackDeleteFilter deletes entries on the specified table on the base of the filter // conntrack -D [table] parameters Delete conntrack or expectation // -// Deprecated: use [ConntrackDeleteFilter] instead. +// Deprecated: use [ConntrackDeleteFilters] instead. func ConntrackDeleteFilter(table ConntrackTableType, family InetFamily, filter *ConntrackFilter) (uint, error) { return 0, ErrNotImplemented } diff --git a/vendor/github.com/vishvananda/netlink/devlink_linux.go b/vendor/github.com/vishvananda/netlink/devlink_linux.go index d98801dbbe5..45d8ee4b6b0 100644 --- a/vendor/github.com/vishvananda/netlink/devlink_linux.go +++ b/vendor/github.com/vishvananda/netlink/devlink_linux.go @@ -1,6 +1,7 @@ package netlink import ( + "errors" "fmt" "net" "strings" @@ -466,6 +467,8 @@ func (h *Handle) getEswitchAttrs(family *GenlFamily, dev *DevlinkDevice) { // DevLinkGetDeviceList provides a pointer to devlink devices and nil error, // otherwise returns an error code. +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func (h *Handle) DevLinkGetDeviceList() ([]*DevlinkDevice, error) { f, err := h.GenlFamilyGet(nl.GENL_DEVLINK_NAME) if err != nil { @@ -478,9 +481,9 @@ func (h *Handle) DevLinkGetDeviceList() ([]*DevlinkDevice, error) { req := h.newNetlinkRequest(int(f.ID), unix.NLM_F_REQUEST|unix.NLM_F_ACK|unix.NLM_F_DUMP) req.AddData(msg) - msgs, err := req.Execute(unix.NETLINK_GENERIC, 0) - if err != nil { - return nil, err + msgs, executeErr := req.Execute(unix.NETLINK_GENERIC, 0) + if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) { + return nil, executeErr } devices, err := parseDevLinkDeviceList(msgs) if err != nil { @@ -489,11 +492,14 @@ func (h *Handle) DevLinkGetDeviceList() ([]*DevlinkDevice, error) { for _, d := range devices { h.getEswitchAttrs(f, d) } - return devices, nil + return devices, executeErr } // DevLinkGetDeviceList provides a pointer to devlink devices and nil error, // otherwise returns an error code. +// +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func DevLinkGetDeviceList() ([]*DevlinkDevice, error) { return pkgHandle.DevLinkGetDeviceList() } @@ -646,6 +652,8 @@ func parseDevLinkAllPortList(msgs [][]byte) ([]*DevlinkPort, error) { // DevLinkGetPortList provides a pointer to devlink ports and nil error, // otherwise returns an error code. +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func (h *Handle) DevLinkGetAllPortList() ([]*DevlinkPort, error) { f, err := h.GenlFamilyGet(nl.GENL_DEVLINK_NAME) if err != nil { @@ -658,19 +666,21 @@ func (h *Handle) DevLinkGetAllPortList() ([]*DevlinkPort, error) { req := h.newNetlinkRequest(int(f.ID), unix.NLM_F_REQUEST|unix.NLM_F_ACK|unix.NLM_F_DUMP) req.AddData(msg) - msgs, err := req.Execute(unix.NETLINK_GENERIC, 0) - if err != nil { - return nil, err + msgs, executeErr := req.Execute(unix.NETLINK_GENERIC, 0) + if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) { + return nil, executeErr } ports, err := parseDevLinkAllPortList(msgs) if err != nil { return nil, err } - return ports, nil + return ports, executeErr } // DevLinkGetPortList provides a pointer to devlink ports and nil error, // otherwise returns an error code. +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func DevLinkGetAllPortList() ([]*DevlinkPort, error) { return pkgHandle.DevLinkGetAllPortList() } @@ -738,15 +748,18 @@ func (h *Handle) DevlinkGetDeviceResources(bus string, device string) (*DevlinkR // DevlinkGetDeviceParams returns parameters for devlink device // Equivalent to: `devlink dev param show /` +// +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func (h *Handle) DevlinkGetDeviceParams(bus string, device string) ([]*DevlinkParam, error) { _, req, err := h.createCmdReq(nl.DEVLINK_CMD_PARAM_GET, bus, device) if err != nil { return nil, err } req.Flags |= unix.NLM_F_DUMP - respmsg, err := req.Execute(unix.NETLINK_GENERIC, 0) - if err != nil { - return nil, err + respmsg, executeErr := req.Execute(unix.NETLINK_GENERIC, 0) + if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) { + return nil, executeErr } var params []*DevlinkParam for _, m := range respmsg { @@ -761,11 +774,14 @@ func (h *Handle) DevlinkGetDeviceParams(bus string, device string) ([]*DevlinkPa params = append(params, p) } - return params, nil + return params, executeErr } // DevlinkGetDeviceParams returns parameters for devlink device // Equivalent to: `devlink dev param show /` +// +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func DevlinkGetDeviceParams(bus string, device string) ([]*DevlinkParam, error) { return pkgHandle.DevlinkGetDeviceParams(bus, device) } diff --git a/vendor/github.com/vishvananda/netlink/filter.go b/vendor/github.com/vishvananda/netlink/filter.go index 84e1ca7a49b..fbb3b6a5705 100644 --- a/vendor/github.com/vishvananda/netlink/filter.go +++ b/vendor/github.com/vishvananda/netlink/filter.go @@ -231,6 +231,35 @@ func NewCsumAction() *CsumAction { } } +type VlanAct int8 + +type VlanAction struct { + ActionAttrs + Action VlanAct + VlanID uint16 +} + +const ( + TCA_VLAN_ACT_POP VlanAct = 1 + TCA_VLAN_ACT_PUSH VlanAct = 2 +) + +func (action *VlanAction) Type() string { + return "vlan" +} + +func (action *VlanAction) Attrs() *ActionAttrs { + return &action.ActionAttrs +} + +func NewVlanAction() *VlanAction { + return &VlanAction{ + ActionAttrs: ActionAttrs{ + Action: TC_ACT_PIPE, + }, + } +} + type MirredAct uint8 func (a MirredAct) String() string { @@ -369,6 +398,29 @@ func NewPoliceAction() *PoliceAction { } } +type SampleAction struct { + ActionAttrs + Group uint32 + Rate uint32 + TruncSize uint32 +} + +func (action *SampleAction) Type() string { + return "sample" +} + +func (action *SampleAction) Attrs() *ActionAttrs { + return &action.ActionAttrs +} + +func NewSampleAction() *SampleAction { + return &SampleAction{ + ActionAttrs: ActionAttrs{ + Action: TC_ACT_PIPE, + }, + } +} + // MatchAll filters match all packets type MatchAll struct { FilterAttrs diff --git a/vendor/github.com/vishvananda/netlink/filter_linux.go b/vendor/github.com/vishvananda/netlink/filter_linux.go index 87cd18f8e41..255e591d81c 100644 --- a/vendor/github.com/vishvananda/netlink/filter_linux.go +++ b/vendor/github.com/vishvananda/netlink/filter_linux.go @@ -54,22 +54,30 @@ func (filter *U32) Type() string { type Flower struct { FilterAttrs - DestIP net.IP - DestIPMask net.IPMask - SrcIP net.IP - SrcIPMask net.IPMask - EthType uint16 - EncDestIP net.IP - EncDestIPMask net.IPMask - EncSrcIP net.IP - EncSrcIPMask net.IPMask - EncDestPort uint16 - EncKeyId uint32 - SkipHw bool - SkipSw bool - IPProto *nl.IPProto - DestPort uint16 - SrcPort uint16 + ClassId uint32 + DestIP net.IP + DestIPMask net.IPMask + SrcIP net.IP + SrcIPMask net.IPMask + EthType uint16 + EncDestIP net.IP + EncDestIPMask net.IPMask + EncSrcIP net.IP + EncSrcIPMask net.IPMask + EncDestPort uint16 + EncKeyId uint32 + SrcMac net.HardwareAddr + DestMac net.HardwareAddr + VlanId uint16 + SkipHw bool + SkipSw bool + IPProto *nl.IPProto + DestPort uint16 + SrcPort uint16 + SrcPortRangeMin uint16 + SrcPortRangeMax uint16 + DstPortRangeMin uint16 + DstPortRangeMax uint16 Actions []Action } @@ -135,6 +143,15 @@ func (filter *Flower) encode(parent *nl.RtAttr) error { if filter.EncKeyId != 0 { parent.AddRtAttr(nl.TCA_FLOWER_KEY_ENC_KEY_ID, htonl(filter.EncKeyId)) } + if filter.SrcMac != nil { + parent.AddRtAttr(nl.TCA_FLOWER_KEY_ETH_SRC, filter.SrcMac) + } + if filter.DestMac != nil { + parent.AddRtAttr(nl.TCA_FLOWER_KEY_ETH_DST, filter.DestMac) + } + if filter.VlanId != 0 { + parent.AddRtAttr(nl.TCA_FLOWER_KEY_VLAN_ID, nl.Uint16Attr(filter.VlanId)) + } if filter.IPProto != nil { ipproto := *filter.IPProto parent.AddRtAttr(nl.TCA_FLOWER_KEY_IP_PROTO, ipproto.Serialize()) @@ -159,6 +176,19 @@ func (filter *Flower) encode(parent *nl.RtAttr) error { } } } + if filter.SrcPortRangeMin != 0 && filter.SrcPortRangeMax != 0 { + parent.AddRtAttr(nl.TCA_FLOWER_KEY_PORT_SRC_MIN, htons(filter.SrcPortRangeMin)) + parent.AddRtAttr(nl.TCA_FLOWER_KEY_PORT_SRC_MAX, htons(filter.SrcPortRangeMax)) + } + + if filter.DstPortRangeMin != 0 && filter.DstPortRangeMax != 0 { + parent.AddRtAttr(nl.TCA_FLOWER_KEY_PORT_DST_MIN, htons(filter.DstPortRangeMin)) + parent.AddRtAttr(nl.TCA_FLOWER_KEY_PORT_DST_MAX, htons(filter.DstPortRangeMax)) + } + + if filter.ClassId != 0 { + parent.AddRtAttr(nl.TCA_FLOWER_CLASSID, nl.Uint32Attr(filter.ClassId)) + } var flags uint32 = 0 if filter.SkipHw { @@ -201,6 +231,13 @@ func (filter *Flower) decode(data []syscall.NetlinkRouteAttr) error { filter.EncDestPort = ntohs(datum.Value) case nl.TCA_FLOWER_KEY_ENC_KEY_ID: filter.EncKeyId = ntohl(datum.Value) + case nl.TCA_FLOWER_KEY_ETH_SRC: + filter.SrcMac = datum.Value + case nl.TCA_FLOWER_KEY_ETH_DST: + filter.DestMac = datum.Value + case nl.TCA_FLOWER_KEY_VLAN_ID: + filter.VlanId = native.Uint16(datum.Value[0:2]) + filter.EthType = unix.ETH_P_8021Q case nl.TCA_FLOWER_KEY_IP_PROTO: val := new(nl.IPProto) *val = nl.IPProto(datum.Value[0]) @@ -228,6 +265,16 @@ func (filter *Flower) decode(data []syscall.NetlinkRouteAttr) error { if skipHw != 0 { filter.SkipHw = true } + case nl.TCA_FLOWER_KEY_PORT_SRC_MIN: + filter.SrcPortRangeMin = ntohs(datum.Value) + case nl.TCA_FLOWER_KEY_PORT_SRC_MAX: + filter.SrcPortRangeMax = ntohs(datum.Value) + case nl.TCA_FLOWER_KEY_PORT_DST_MIN: + filter.DstPortRangeMin = ntohs(datum.Value) + case nl.TCA_FLOWER_KEY_PORT_DST_MAX: + filter.DstPortRangeMax = ntohs(datum.Value) + case nl.TCA_FLOWER_CLASSID: + filter.ClassId = native.Uint32(datum.Value) } } return nil @@ -405,14 +452,20 @@ func (h *Handle) filterModify(filter Filter, proto, flags int) error { // FilterList gets a list of filters in the system. // Equivalent to: `tc filter show`. +// // Generally returns nothing if link and parent are not specified. +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func FilterList(link Link, parent uint32) ([]Filter, error) { return pkgHandle.FilterList(link, parent) } // FilterList gets a list of filters in the system. // Equivalent to: `tc filter show`. +// // Generally returns nothing if link and parent are not specified. +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func (h *Handle) FilterList(link Link, parent uint32) ([]Filter, error) { req := h.newNetlinkRequest(unix.RTM_GETTFILTER, unix.NLM_F_DUMP) msg := &nl.TcMsg{ @@ -426,9 +479,9 @@ func (h *Handle) FilterList(link Link, parent uint32) ([]Filter, error) { } req.AddData(msg) - msgs, err := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWTFILTER) - if err != nil { - return nil, err + msgs, executeErr := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWTFILTER) + if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) { + return nil, executeErr } var res []Filter @@ -516,7 +569,7 @@ func (h *Handle) FilterList(link Link, parent uint32) ([]Filter, error) { } } - return res, nil + return res, executeErr } func toTcGen(attrs *ActionAttrs, tcgen *nl.TcGen) { @@ -616,6 +669,22 @@ func EncodeActions(attr *nl.RtAttr, actions []Action) error { } toTcGen(action.Attrs(), &mirred.TcGen) aopts.AddRtAttr(nl.TCA_MIRRED_PARMS, mirred.Serialize()) + case *VlanAction: + table := attr.AddRtAttr(tabIndex, nil) + tabIndex++ + table.AddRtAttr(nl.TCA_ACT_KIND, nl.ZeroTerminated("vlan")) + aopts := table.AddRtAttr(nl.TCA_ACT_OPTIONS, nil) + vlan := nl.TcVlan{ + Action: int32(action.Action), + } + toTcGen(action.Attrs(), &vlan.TcGen) + aopts.AddRtAttr(nl.TCA_VLAN_PARMS, vlan.Serialize()) + if action.Action == TCA_VLAN_ACT_PUSH && action.VlanID == 0 { + return fmt.Errorf("vlan id is required for push action") + } + if action.VlanID != 0 { + aopts.AddRtAttr(nl.TCA_VLAN_PUSH_VLAN_ID, nl.Uint16Attr(action.VlanID)) + } case *TunnelKeyAction: table := attr.AddRtAttr(tabIndex, nil) tabIndex++ @@ -699,6 +768,17 @@ func EncodeActions(attr *nl.RtAttr, actions []Action) error { aopts.AddRtAttr(nl.TCA_ACT_BPF_PARMS, gen.Serialize()) aopts.AddRtAttr(nl.TCA_ACT_BPF_FD, nl.Uint32Attr(uint32(action.Fd))) aopts.AddRtAttr(nl.TCA_ACT_BPF_NAME, nl.ZeroTerminated(action.Name)) + case *SampleAction: + table := attr.AddRtAttr(tabIndex, nil) + tabIndex++ + table.AddRtAttr(nl.TCA_ACT_KIND, nl.ZeroTerminated("sample")) + aopts := table.AddRtAttr(nl.TCA_ACT_OPTIONS, nil) + gen := nl.TcGen{} + toTcGen(action.Attrs(), &gen) + aopts.AddRtAttr(nl.TCA_ACT_SAMPLE_PARMS, gen.Serialize()) + aopts.AddRtAttr(nl.TCA_ACT_SAMPLE_RATE, nl.Uint32Attr(action.Rate)) + aopts.AddRtAttr(nl.TCA_ACT_SAMPLE_PSAMPLE_GROUP, nl.Uint32Attr(action.Group)) + aopts.AddRtAttr(nl.TCA_ACT_SAMPLE_TRUNC_SIZE, nl.Uint32Attr(action.TruncSize)) case *GenericAction: table := attr.AddRtAttr(tabIndex, nil) tabIndex++ @@ -711,6 +791,7 @@ func EncodeActions(attr *nl.RtAttr, actions []Action) error { table := attr.AddRtAttr(tabIndex, nil) tabIndex++ pedit := nl.TcPedit{} + toTcGen(action.Attrs(), &pedit.Sel.TcGen) if action.SrcMacAddr != nil { pedit.SetEthSrc(action.SrcMacAddr) } @@ -784,8 +865,12 @@ func parseActions(tables []syscall.NetlinkRouteAttr) ([]Action, error) { action = &ConnmarkAction{} case "csum": action = &CsumAction{} + case "sample": + action = &SampleAction{} case "gact": action = &GenericAction{} + case "vlan": + action = &VlanAction{} case "tunnel_key": action = &TunnelKeyAction{} case "skbedit": @@ -816,7 +901,17 @@ func parseActions(tables []syscall.NetlinkRouteAttr) ([]Action, error) { tcTs := nl.DeserializeTcf(adatum.Value) actionTimestamp = toTimeStamp(tcTs) } - + case "vlan": + switch adatum.Attr.Type { + case nl.TCA_VLAN_PARMS: + vlan := *nl.DeserializeTcVlan(adatum.Value) + action.(*VlanAction).ActionAttrs = ActionAttrs{} + toAttrs(&vlan.TcGen, action.Attrs()) + action.(*VlanAction).Action = VlanAct(vlan.Action) + case nl.TCA_VLAN_PUSH_VLAN_ID: + vlanId := native.Uint16(adatum.Value[0:2]) + action.(*VlanAction).VlanID = vlanId + } case "tunnel_key": switch adatum.Attr.Type { case nl.TCA_TUNNEL_KEY_PARMS: @@ -896,6 +991,18 @@ func parseActions(tables []syscall.NetlinkRouteAttr) ([]Action, error) { tcTs := nl.DeserializeTcf(adatum.Value) actionTimestamp = toTimeStamp(tcTs) } + case "sample": + switch adatum.Attr.Type { + case nl.TCA_ACT_SAMPLE_PARMS: + gen := *nl.DeserializeTcGen(adatum.Value) + toAttrs(&gen, action.Attrs()) + case nl.TCA_ACT_SAMPLE_RATE: + action.(*SampleAction).Rate = native.Uint32(adatum.Value[0:4]) + case nl.TCA_ACT_SAMPLE_PSAMPLE_GROUP: + action.(*SampleAction).Group = native.Uint32(adatum.Value[0:4]) + case nl.TCA_ACT_SAMPLE_TRUNC_SIZE: + action.(*SampleAction).TruncSize = native.Uint32(adatum.Value[0:4]) + } case "gact": switch adatum.Attr.Type { case nl.TCA_GACT_PARMS: @@ -920,9 +1027,11 @@ func parseActions(tables []syscall.NetlinkRouteAttr) ([]Action, error) { actionnStatistic = (*ActionStatistic)(s) } } - action.Attrs().Statistics = actionnStatistic - action.Attrs().Timestamp = actionTimestamp - actions = append(actions, action) + if action != nil { + action.Attrs().Statistics = actionnStatistic + action.Attrs().Timestamp = actionTimestamp + actions = append(actions, action) + } } return actions, nil } diff --git a/vendor/github.com/vishvananda/netlink/fou.go b/vendor/github.com/vishvananda/netlink/fou.go index 71e73c37a0a..ea9f6cf6737 100644 --- a/vendor/github.com/vishvananda/netlink/fou.go +++ b/vendor/github.com/vishvananda/netlink/fou.go @@ -1,16 +1,7 @@ package netlink import ( - "errors" -) - -var ( - // ErrAttrHeaderTruncated is returned when a netlink attribute's header is - // truncated. - ErrAttrHeaderTruncated = errors.New("attribute header truncated") - // ErrAttrBodyTruncated is returned when a netlink attribute's body is - // truncated. - ErrAttrBodyTruncated = errors.New("attribute body truncated") + "net" ) type Fou struct { @@ -18,4 +9,8 @@ type Fou struct { Port int Protocol int EncapType int + Local net.IP + Peer net.IP + PeerPort int + IfIndex int } diff --git a/vendor/github.com/vishvananda/netlink/fou_linux.go b/vendor/github.com/vishvananda/netlink/fou_linux.go index ed55b2b790d..7645a5a5c20 100644 --- a/vendor/github.com/vishvananda/netlink/fou_linux.go +++ b/vendor/github.com/vishvananda/netlink/fou_linux.go @@ -1,3 +1,4 @@ +//go:build linux // +build linux package netlink @@ -5,6 +6,8 @@ package netlink import ( "encoding/binary" "errors" + "log" + "net" "github.com/vishvananda/netlink/nl" "golang.org/x/sys/unix" @@ -29,6 +32,12 @@ const ( FOU_ATTR_IPPROTO FOU_ATTR_TYPE FOU_ATTR_REMCSUM_NOPARTIAL + FOU_ATTR_LOCAL_V4 + FOU_ATTR_LOCAL_V6 + FOU_ATTR_PEER_V4 + FOU_ATTR_PEER_V6 + FOU_ATTR_PEER_PORT + FOU_ATTR_IFINDEX FOU_ATTR_MAX = FOU_ATTR_REMCSUM_NOPARTIAL ) @@ -128,10 +137,14 @@ func (h *Handle) FouDel(f Fou) error { return nil } +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func FouList(fam int) ([]Fou, error) { return pkgHandle.FouList(fam) } +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func (h *Handle) FouList(fam int) ([]Fou, error) { fam_id, err := FouFamilyId() if err != nil { @@ -150,9 +163,9 @@ func (h *Handle) FouList(fam int) ([]Fou, error) { req.AddRawData(raw) - msgs, err := req.Execute(unix.NETLINK_GENERIC, 0) - if err != nil { - return nil, err + msgs, executeErr := req.Execute(unix.NETLINK_GENERIC, 0) + if executeErr != nil && !errors.Is(err, ErrDumpInterrupted) { + return nil, executeErr } fous := make([]Fou, 0, len(msgs)) @@ -165,45 +178,32 @@ func (h *Handle) FouList(fam int) ([]Fou, error) { fous = append(fous, f) } - return fous, nil + return fous, executeErr } func deserializeFouMsg(msg []byte) (Fou, error) { - // we'll skip to byte 4 to first attribute - msg = msg[3:] - var shift int fou := Fou{} - for { - // attribute header is at least 16 bits - if len(msg) < 4 { - return fou, ErrAttrHeaderTruncated - } - - lgt := int(binary.BigEndian.Uint16(msg[0:2])) - if len(msg) < lgt+4 { - return fou, ErrAttrBodyTruncated - } - attr := binary.BigEndian.Uint16(msg[2:4]) - - shift = lgt + 3 - switch attr { + for attr := range nl.ParseAttributes(msg[4:]) { + switch attr.Type { case FOU_ATTR_AF: - fou.Family = int(msg[5]) + fou.Family = int(attr.Value[0]) case FOU_ATTR_PORT: - fou.Port = int(binary.BigEndian.Uint16(msg[5:7])) - // port is 2 bytes - shift = lgt + 2 + fou.Port = int(networkOrder.Uint16(attr.Value)) case FOU_ATTR_IPPROTO: - fou.Protocol = int(msg[5]) + fou.Protocol = int(attr.Value[0]) case FOU_ATTR_TYPE: - fou.EncapType = int(msg[5]) - } - - msg = msg[shift:] - - if len(msg) < 4 { - break + fou.EncapType = int(attr.Value[0]) + case FOU_ATTR_LOCAL_V4, FOU_ATTR_LOCAL_V6: + fou.Local = net.IP(attr.Value) + case FOU_ATTR_PEER_V4, FOU_ATTR_PEER_V6: + fou.Peer = net.IP(attr.Value) + case FOU_ATTR_PEER_PORT: + fou.PeerPort = int(networkOrder.Uint16(attr.Value)) + case FOU_ATTR_IFINDEX: + fou.IfIndex = int(native.Uint16(attr.Value)) + default: + log.Printf("unknown fou attribute from kernel: %+v %v", attr, attr.Type&nl.NLA_TYPE_MASK) } } diff --git a/vendor/github.com/vishvananda/netlink/fou_unspecified.go b/vendor/github.com/vishvananda/netlink/fou_unspecified.go index 3a8365bfe62..7e550151adc 100644 --- a/vendor/github.com/vishvananda/netlink/fou_unspecified.go +++ b/vendor/github.com/vishvananda/netlink/fou_unspecified.go @@ -1,3 +1,4 @@ +//go:build !linux // +build !linux package netlink diff --git a/vendor/github.com/vishvananda/netlink/genetlink_linux.go b/vendor/github.com/vishvananda/netlink/genetlink_linux.go index 772e5834a26..7bdaad97b47 100644 --- a/vendor/github.com/vishvananda/netlink/genetlink_linux.go +++ b/vendor/github.com/vishvananda/netlink/genetlink_linux.go @@ -1,6 +1,7 @@ package netlink import ( + "errors" "fmt" "syscall" @@ -126,6 +127,8 @@ func parseFamilies(msgs [][]byte) ([]*GenlFamily, error) { return families, nil } +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func (h *Handle) GenlFamilyList() ([]*GenlFamily, error) { msg := &nl.Genlmsg{ Command: nl.GENL_CTRL_CMD_GETFAMILY, @@ -133,13 +136,19 @@ func (h *Handle) GenlFamilyList() ([]*GenlFamily, error) { } req := h.newNetlinkRequest(nl.GENL_ID_CTRL, unix.NLM_F_DUMP) req.AddData(msg) - msgs, err := req.Execute(unix.NETLINK_GENERIC, 0) + msgs, executeErr := req.Execute(unix.NETLINK_GENERIC, 0) + if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) { + return nil, executeErr + } + families, err := parseFamilies(msgs) if err != nil { return nil, err } - return parseFamilies(msgs) + return families, executeErr } +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func GenlFamilyList() ([]*GenlFamily, error) { return pkgHandle.GenlFamilyList() } diff --git a/vendor/github.com/vishvananda/netlink/gtp_linux.go b/vendor/github.com/vishvananda/netlink/gtp_linux.go index f5e160ba5c0..377dcae5c03 100644 --- a/vendor/github.com/vishvananda/netlink/gtp_linux.go +++ b/vendor/github.com/vishvananda/netlink/gtp_linux.go @@ -1,6 +1,7 @@ package netlink import ( + "errors" "fmt" "net" "strings" @@ -74,6 +75,8 @@ func parsePDP(msgs [][]byte) ([]*PDP, error) { return pdps, nil } +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func (h *Handle) GTPPDPList() ([]*PDP, error) { f, err := h.GenlFamilyGet(nl.GENL_GTP_NAME) if err != nil { @@ -85,13 +88,19 @@ func (h *Handle) GTPPDPList() ([]*PDP, error) { } req := h.newNetlinkRequest(int(f.ID), unix.NLM_F_DUMP) req.AddData(msg) - msgs, err := req.Execute(unix.NETLINK_GENERIC, 0) + msgs, executeErr := req.Execute(unix.NETLINK_GENERIC, 0) + if executeErr != nil && !errors.Is(err, ErrDumpInterrupted) { + return nil, executeErr + } + pdps, err := parsePDP(msgs) if err != nil { return nil, err } - return parsePDP(msgs) + return pdps, executeErr } +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func GTPPDPList() ([]*PDP, error) { return pkgHandle.GTPPDPList() } diff --git a/vendor/github.com/vishvananda/netlink/handle_unspecified.go b/vendor/github.com/vishvananda/netlink/handle_unspecified.go index 3fe03642e5b..185e671519a 100644 --- a/vendor/github.com/vishvananda/netlink/handle_unspecified.go +++ b/vendor/github.com/vishvananda/netlink/handle_unspecified.go @@ -1,3 +1,4 @@ +//go:build !linux // +build !linux package netlink @@ -183,6 +184,10 @@ func (h *Handle) LinkSetGROIPv4MaxSize(link Link, maxSize int) error { return ErrNotImplemented } +func (h *Handle) LinkSetIP6AddrGenMode(link Link, mode int) error { + return ErrNotImplemented +} + func (h *Handle) setProtinfoAttr(link Link, mode bool, attr int) error { return ErrNotImplemented } diff --git a/vendor/github.com/vishvananda/netlink/ioctl_linux.go b/vendor/github.com/vishvananda/netlink/ioctl_linux.go index 4d33db5da51..f8da92e2149 100644 --- a/vendor/github.com/vishvananda/netlink/ioctl_linux.go +++ b/vendor/github.com/vishvananda/netlink/ioctl_linux.go @@ -86,5 +86,5 @@ func newIocltStringSetReq(linkName string) (*Ifreq, *ethtoolSset) { // getSocketUDP returns file descriptor to new UDP socket // It is used for communication with ioctl interface. func getSocketUDP() (int, error) { - return syscall.Socket(unix.AF_INET, unix.SOCK_DGRAM, 0) + return syscall.Socket(unix.AF_INET, unix.SOCK_DGRAM|unix.SOCK_CLOEXEC, 0) } diff --git a/vendor/github.com/vishvananda/netlink/ipset_linux.go b/vendor/github.com/vishvananda/netlink/ipset_linux.go index f4c05229fa5..7730992ee3c 100644 --- a/vendor/github.com/vishvananda/netlink/ipset_linux.go +++ b/vendor/github.com/vishvananda/netlink/ipset_linux.go @@ -147,9 +147,11 @@ func (h *Handle) IpsetCreate(setname, typename string, options IpsetCreateOption req.AddData(nl.NewRtAttr(nl.IPSET_ATTR_SETNAME, nl.ZeroTerminated(setname))) req.AddData(nl.NewRtAttr(nl.IPSET_ATTR_TYPENAME, nl.ZeroTerminated(typename))) + cadtFlags := optionsToBitflag(options) + revision := options.Revision if revision == 0 { - revision = getIpsetDefaultWithTypeName(typename) + revision = getIpsetDefaultRevision(typename, cadtFlags) } req.AddData(nl.NewRtAttr(nl.IPSET_ATTR_REVISION, nl.Uint8Attr(revision))) @@ -181,18 +183,6 @@ func (h *Handle) IpsetCreate(setname, typename string, options IpsetCreateOption data.AddChild(&nl.Uint32Attribute{Type: nl.IPSET_ATTR_TIMEOUT | nl.NLA_F_NET_BYTEORDER, Value: *timeout}) } - var cadtFlags uint32 - - if options.Comments { - cadtFlags |= nl.IPSET_FLAG_WITH_COMMENT - } - if options.Counters { - cadtFlags |= nl.IPSET_FLAG_WITH_COUNTERS - } - if options.Skbinfo { - cadtFlags |= nl.IPSET_FLAG_WITH_SKBINFO - } - if cadtFlags != 0 { data.AddChild(&nl.Uint32Attribute{Type: nl.IPSET_ATTR_CADT_FLAGS | nl.NLA_F_NET_BYTEORDER, Value: cadtFlags}) } @@ -395,14 +385,89 @@ func (h *Handle) newIpsetRequest(cmd int) *nl.NetlinkRequest { return req } -func getIpsetDefaultWithTypeName(typename string) uint8 { +// NOTE: This can't just take typename into account, it also has to take desired +// feature support into account, on a per-set-type basis, to return the correct revision, see e.g. +// https://github.com/Olipro/ipset/blob/9f145b49100104d6570fe5c31a5236816ebb4f8f/kernel/net/netfilter/ipset/ip_set_hash_ipport.c#L30 +// +// This means that whenever a new "type" of ipset is added, returning the "correct" default revision +// requires adding a new case here for that type, and consulting the ipset C code to figure out the correct +// combination of type name, feature bit flags, and revision ranges. +// +// Care should be taken as some types share the same revision ranges for the same features, and others do not. +// When in doubt, mimic the C code. +func getIpsetDefaultRevision(typename string, featureFlags uint32) uint8 { switch typename { case "hash:ip,port", - "hash:ip,port,ip", - "hash:ip,port,net", + "hash:ip,port,ip": + // Taken from + // - ipset/kernel/net/netfilter/ipset/ip_set_hash_ipport.c + // - ipset/kernel/net/netfilter/ipset/ip_set_hash_ipportip.c + if (featureFlags & nl.IPSET_FLAG_WITH_SKBINFO) != 0 { + return 5 + } + + if (featureFlags & nl.IPSET_FLAG_WITH_FORCEADD) != 0 { + return 4 + } + + if (featureFlags & nl.IPSET_FLAG_WITH_COMMENT) != 0 { + return 3 + } + + if (featureFlags & nl.IPSET_FLAG_WITH_COUNTERS) != 0 { + return 2 + } + + // the min revision this library supports for this type + return 1 + + case "hash:ip,port,net", "hash:net,port": + // Taken from + // - ipset/kernel/net/netfilter/ipset/ip_set_hash_ipportnet.c + // - ipset/kernel/net/netfilter/ipset/ip_set_hash_netport.c + if (featureFlags & nl.IPSET_FLAG_WITH_SKBINFO) != 0 { + return 7 + } + + if (featureFlags & nl.IPSET_FLAG_WITH_FORCEADD) != 0 { + return 6 + } + + if (featureFlags & nl.IPSET_FLAG_WITH_COMMENT) != 0 { + return 5 + } + + if (featureFlags & nl.IPSET_FLAG_WITH_COUNTERS) != 0 { + return 4 + } + + if (featureFlags & nl.IPSET_FLAG_NOMATCH) != 0 { + return 3 + } + // the min revision this library supports for this type + return 2 + + case "hash:ip": + // Taken from + // - ipset/kernel/net/netfilter/ipset/ip_set_hash_ip.c + if (featureFlags & nl.IPSET_FLAG_WITH_SKBINFO) != 0 { + return 4 + } + + if (featureFlags & nl.IPSET_FLAG_WITH_FORCEADD) != 0 { + return 3 + } + + if (featureFlags & nl.IPSET_FLAG_WITH_COMMENT) != 0 { + return 2 + } + + // the min revision this library supports for this type return 1 } + + // can't map the correct revision for this type. return 0 } @@ -579,3 +644,19 @@ func parseIPSetEntry(data []byte) (entry IPSetEntry) { } return } + +func optionsToBitflag(options IpsetCreateOptions) uint32 { + var cadtFlags uint32 + + if options.Comments { + cadtFlags |= nl.IPSET_FLAG_WITH_COMMENT + } + if options.Counters { + cadtFlags |= nl.IPSET_FLAG_WITH_COUNTERS + } + if options.Skbinfo { + cadtFlags |= nl.IPSET_FLAG_WITH_SKBINFO + } + + return cadtFlags +} diff --git a/vendor/github.com/vishvananda/netlink/link.go b/vendor/github.com/vishvananda/netlink/link.go index f820cdb678d..42cb38bddb9 100644 --- a/vendor/github.com/vishvananda/netlink/link.go +++ b/vendor/github.com/vishvananda/netlink/link.go @@ -56,6 +56,8 @@ type LinkAttrs struct { Vfs []VfInfo // virtual functions available on link Group uint32 PermHWAddr net.HardwareAddr + ParentDev string + ParentDevBus string Slave LinkSlave } @@ -288,8 +290,15 @@ func (bridge *Bridge) Type() string { // Vlan links have ParentIndex set in their Attrs() type Vlan struct { LinkAttrs - VlanId int - VlanProtocol VlanProtocol + VlanId int + VlanProtocol VlanProtocol + IngressQosMap map[uint32]uint32 + EgressQosMap map[uint32]uint32 + ReorderHdr *bool + Gvrp *bool + LooseBinding *bool + Mvrp *bool + BridgeBinding *bool } func (vlan *Vlan) Attrs() *LinkAttrs { @@ -346,13 +355,14 @@ type TuntapFlag uint16 // Tuntap links created via /dev/tun/tap, but can be destroyed via netlink type Tuntap struct { LinkAttrs - Mode TuntapMode - Flags TuntapFlag - NonPersist bool - Queues int - Fds []*os.File - Owner uint32 - Group uint32 + Mode TuntapMode + Flags TuntapFlag + NonPersist bool + Queues int + DisabledQueues int + Fds []*os.File + Owner uint32 + Group uint32 } func (tuntap *Tuntap) Attrs() *LinkAttrs { @@ -377,6 +387,13 @@ const ( NETKIT_POLICY_BLACKHOLE NetkitPolicy = 2 ) +type NetkitScrub int + +const ( + NETKIT_SCRUB_NONE NetkitScrub = 0 + NETKIT_SCRUB_DEFAULT NetkitScrub = 1 +) + func (n *Netkit) IsPrimary() bool { return n.isPrimary } @@ -391,6 +408,9 @@ type Netkit struct { Mode NetkitMode Policy NetkitPolicy PeerPolicy NetkitPolicy + Scrub NetkitScrub + PeerScrub NetkitScrub + supportsScrub bool isPrimary bool peerLinkAttrs LinkAttrs } @@ -403,12 +423,27 @@ func (n *Netkit) Type() string { return "netkit" } +func (n *Netkit) SupportsScrub() bool { + return n.supportsScrub +} + // Veth devices must specify PeerName on create type Veth struct { LinkAttrs PeerName string // veth on create only PeerHardwareAddr net.HardwareAddr PeerNamespace interface{} + PeerTxQLen int + PeerNumTxQueues uint32 + PeerNumRxQueues uint32 + PeerMTU uint32 +} + +func NewVeth(attr LinkAttrs) *Veth { + return &Veth{ + LinkAttrs: attr, + PeerTxQLen: -1, + } } func (veth *Veth) Attrs() *LinkAttrs { @@ -761,19 +796,19 @@ const ( ) var bondXmitHashPolicyToString = map[BondXmitHashPolicy]string{ - BOND_XMIT_HASH_POLICY_LAYER2: "layer2", - BOND_XMIT_HASH_POLICY_LAYER3_4: "layer3+4", - BOND_XMIT_HASH_POLICY_LAYER2_3: "layer2+3", - BOND_XMIT_HASH_POLICY_ENCAP2_3: "encap2+3", - BOND_XMIT_HASH_POLICY_ENCAP3_4: "encap3+4", + BOND_XMIT_HASH_POLICY_LAYER2: "layer2", + BOND_XMIT_HASH_POLICY_LAYER3_4: "layer3+4", + BOND_XMIT_HASH_POLICY_LAYER2_3: "layer2+3", + BOND_XMIT_HASH_POLICY_ENCAP2_3: "encap2+3", + BOND_XMIT_HASH_POLICY_ENCAP3_4: "encap3+4", BOND_XMIT_HASH_POLICY_VLAN_SRCMAC: "vlan+srcmac", } var StringToBondXmitHashPolicyMap = map[string]BondXmitHashPolicy{ - "layer2": BOND_XMIT_HASH_POLICY_LAYER2, - "layer3+4": BOND_XMIT_HASH_POLICY_LAYER3_4, - "layer2+3": BOND_XMIT_HASH_POLICY_LAYER2_3, - "encap2+3": BOND_XMIT_HASH_POLICY_ENCAP2_3, - "encap3+4": BOND_XMIT_HASH_POLICY_ENCAP3_4, + "layer2": BOND_XMIT_HASH_POLICY_LAYER2, + "layer3+4": BOND_XMIT_HASH_POLICY_LAYER3_4, + "layer2+3": BOND_XMIT_HASH_POLICY_LAYER2_3, + "encap2+3": BOND_XMIT_HASH_POLICY_ENCAP2_3, + "encap3+4": BOND_XMIT_HASH_POLICY_ENCAP3_4, "vlan+srcmac": BOND_XMIT_HASH_POLICY_VLAN_SRCMAC, } @@ -1042,6 +1077,8 @@ type Geneve struct { FlowBased bool InnerProtoInherit bool Df GeneveDf + PortLow int + PortHigh int } func (geneve *Geneve) Attrs() *LinkAttrs { diff --git a/vendor/github.com/vishvananda/netlink/link_linux.go b/vendor/github.com/vishvananda/netlink/link_linux.go index d713612a907..e26efb449a3 100644 --- a/vendor/github.com/vishvananda/netlink/link_linux.go +++ b/vendor/github.com/vishvananda/netlink/link_linux.go @@ -3,6 +3,7 @@ package netlink import ( "bytes" "encoding/binary" + "errors" "fmt" "io/ioutil" "net" @@ -1682,6 +1683,73 @@ func (h *Handle) linkModify(link Link, flags int) error { native.PutUint16(b, uint16(link.VlanId)) data := linkInfo.AddRtAttr(nl.IFLA_INFO_DATA, nil) data.AddRtAttr(nl.IFLA_VLAN_ID, b) + var vlanFlags uint32 + var vlanFlagsMask uint32 + if link.ReorderHdr != nil { + vlanFlagsMask |= nl.VLAN_FLAG_REORDER_HDR + if *link.ReorderHdr { + vlanFlags |= nl.VLAN_FLAG_REORDER_HDR + } else { + vlanFlags &= ^uint32(nl.VLAN_FLAG_REORDER_HDR) + } + } + if link.Gvrp != nil { + vlanFlagsMask |= nl.VLAN_FLAG_GVRP + if *link.Gvrp { + vlanFlags |= nl.VLAN_FLAG_GVRP + } else { + vlanFlags &= ^uint32(nl.VLAN_FLAG_GVRP) + } + } + if link.Mvrp != nil { + vlanFlagsMask |= nl.VLAN_FLAG_MVRP + if *link.Mvrp { + vlanFlags |= nl.VLAN_FLAG_MVRP + } else { + vlanFlags &= ^uint32(nl.VLAN_FLAG_MVRP) + } + } + if link.LooseBinding != nil { + vlanFlagsMask |= nl.VLAN_FLAG_LOOSE_BINDING + if *link.LooseBinding { + vlanFlags |= nl.VLAN_FLAG_LOOSE_BINDING + } else { + vlanFlags &= ^uint32(nl.VLAN_FLAG_LOOSE_BINDING) + } + } + if link.BridgeBinding != nil { + vlanFlagsMask |= nl.VLAN_FLAG_BRIDGE_BINDING + if *link.BridgeBinding { + vlanFlags |= nl.VLAN_FLAG_BRIDGE_BINDING + } else { + vlanFlags &= ^uint32(nl.VLAN_FLAG_BRIDGE_BINDING) + } + } + + buf := &bytes.Buffer{} + buf.Write(nl.Uint32Attr(vlanFlags)) + buf.Write(nl.Uint32Attr(vlanFlagsMask)) + data.AddRtAttr(nl.IFLA_VLAN_FLAGS, buf.Bytes()) + + if link.IngressQosMap != nil { + ingressMap := data.AddRtAttr(nl.IFLA_VLAN_INGRESS_QOS, nil) + for from, to := range link.IngressQosMap { + buf := &bytes.Buffer{} + buf.Write(nl.Uint32Attr(from)) + buf.Write(nl.Uint32Attr(to)) + ingressMap.AddRtAttr(nl.IFLA_VLAN_QOS_MAPPING, buf.Bytes()) + } + } + + if link.EgressQosMap != nil { + egressMap := data.AddRtAttr(nl.IFLA_VLAN_EGRESS_QOS, nil) + for from, to := range link.EgressQosMap { + buf := &bytes.Buffer{} + buf.Write(nl.Uint32Attr(from)) + buf.Write(nl.Uint32Attr(to)) + egressMap.AddRtAttr(nl.IFLA_VLAN_QOS_MAPPING, buf.Bytes()) + } + } if link.VlanProtocol != VLAN_PROTOCOL_UNKNOWN { data.AddRtAttr(nl.IFLA_VLAN_PROTOCOL, htons(uint16(link.VlanProtocol))) @@ -1695,16 +1763,25 @@ func (h *Handle) linkModify(link Link, flags int) error { peer := data.AddRtAttr(nl.VETH_INFO_PEER, nil) nl.NewIfInfomsgChild(peer, unix.AF_UNSPEC) peer.AddRtAttr(unix.IFLA_IFNAME, nl.ZeroTerminated(link.PeerName)) - if base.TxQLen >= 0 { + + if link.PeerTxQLen >= 0 { + peer.AddRtAttr(unix.IFLA_TXQLEN, nl.Uint32Attr(uint32(link.PeerTxQLen))) + } else if base.TxQLen >= 0 { peer.AddRtAttr(unix.IFLA_TXQLEN, nl.Uint32Attr(uint32(base.TxQLen))) } - if base.NumTxQueues > 0 { + if link.PeerNumTxQueues > 0 { + peer.AddRtAttr(unix.IFLA_NUM_TX_QUEUES, nl.Uint32Attr(link.PeerNumTxQueues)) + } else if base.NumTxQueues > 0 { peer.AddRtAttr(unix.IFLA_NUM_TX_QUEUES, nl.Uint32Attr(uint32(base.NumTxQueues))) } - if base.NumRxQueues > 0 { + if link.PeerNumRxQueues > 0 { + peer.AddRtAttr(unix.IFLA_NUM_RX_QUEUES, nl.Uint32Attr(link.PeerNumRxQueues)) + } else if base.NumRxQueues > 0 { peer.AddRtAttr(unix.IFLA_NUM_RX_QUEUES, nl.Uint32Attr(uint32(base.NumRxQueues))) } - if base.MTU > 0 { + if link.PeerMTU > 0 { + peer.AddRtAttr(unix.IFLA_MTU, nl.Uint32Attr(link.PeerMTU)) + } else if base.MTU > 0 { peer.AddRtAttr(unix.IFLA_MTU, nl.Uint32Attr(uint32(base.MTU))) } if link.PeerHardwareAddr != nil { @@ -1807,20 +1884,20 @@ func (h *Handle) LinkDel(link Link) error { } func (h *Handle) linkByNameDump(name string) (Link, error) { - links, err := h.LinkList() - if err != nil { - return nil, err + links, executeErr := h.LinkList() + if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) { + return nil, executeErr } for _, link := range links { if link.Attrs().Name == name { - return link, nil + return link, executeErr } // support finding interfaces also via altnames for _, altName := range link.Attrs().AltNames { if altName == name { - return link, nil + return link, executeErr } } } @@ -1828,25 +1905,33 @@ func (h *Handle) linkByNameDump(name string) (Link, error) { } func (h *Handle) linkByAliasDump(alias string) (Link, error) { - links, err := h.LinkList() - if err != nil { - return nil, err + links, executeErr := h.LinkList() + if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) { + return nil, executeErr } for _, link := range links { if link.Attrs().Alias == alias { - return link, nil + return link, executeErr } } return nil, LinkNotFoundError{fmt.Errorf("Link alias %s not found", alias)} } // LinkByName finds a link by name and returns a pointer to the object. +// +// If the kernel doesn't support IFLA_IFNAME, this method will fall back to +// filtering a dump of all link names. In this case, if the returned error is +// [ErrDumpInterrupted] the result may be missing or outdated. func LinkByName(name string) (Link, error) { return pkgHandle.LinkByName(name) } // LinkByName finds a link by name and returns a pointer to the object. +// +// If the kernel doesn't support IFLA_IFNAME, this method will fall back to +// filtering a dump of all link names. In this case, if the returned error is +// [ErrDumpInterrupted] the result may be missing or outdated. func (h *Handle) LinkByName(name string) (Link, error) { if h.lookupByDump { return h.linkByNameDump(name) @@ -1879,12 +1964,20 @@ func (h *Handle) LinkByName(name string) (Link, error) { // LinkByAlias finds a link by its alias and returns a pointer to the object. // If there are multiple links with the alias it returns the first one +// +// If the kernel doesn't support IFLA_IFALIAS, this method will fall back to +// filtering a dump of all link names. In this case, if the returned error is +// [ErrDumpInterrupted] the result may be missing or outdated. func LinkByAlias(alias string) (Link, error) { return pkgHandle.LinkByAlias(alias) } // LinkByAlias finds a link by its alias and returns a pointer to the object. // If there are multiple links with the alias it returns the first one +// +// If the kernel doesn't support IFLA_IFALIAS, this method will fall back to +// filtering a dump of all link names. In this case, if the returned error is +// [ErrDumpInterrupted] the result may be missing or outdated. func (h *Handle) LinkByAlias(alias string) (Link, error) { if h.lookupByDump { return h.linkByAliasDump(alias) @@ -2246,6 +2339,10 @@ func LinkDeserialize(hdr *unix.NlMsghdr, m []byte) (Link, error) { break } } + case unix.IFLA_PARENT_DEV_NAME: + base.ParentDev = string(attr.Value[:len(attr.Value)-1]) + case unix.IFLA_PARENT_DEV_BUS_NAME: + base.ParentDevBus = string(attr.Value[:len(attr.Value)-1]) } } @@ -2321,6 +2418,9 @@ func LinkList() ([]Link, error) { // LinkList gets a list of link devices. // Equivalent to: `ip link show` +// +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func (h *Handle) LinkList() ([]Link, error) { // NOTE(vish): This duplicates functionality in net/iface_linux.go, but we need // to get the message ourselves to parse link type. @@ -2331,9 +2431,9 @@ func (h *Handle) LinkList() ([]Link, error) { attr := nl.NewRtAttr(unix.IFLA_EXT_MASK, nl.Uint32Attr(nl.RTEXT_FILTER_VF)) req.AddData(attr) - msgs, err := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWLINK) - if err != nil { - return nil, err + msgs, executeErr := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWLINK) + if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) { + return nil, executeErr } var res []Link @@ -2345,7 +2445,7 @@ func (h *Handle) LinkList() ([]Link, error) { res = append(res, link) } - return res, nil + return res, executeErr } // LinkUpdate is used to pass information back from LinkSubscribe() @@ -2381,6 +2481,10 @@ type LinkSubscribeOptions struct { // LinkSubscribeWithOptions work like LinkSubscribe but enable to // provide additional options to modify the behavior. Currently, the // namespace can be provided as well as an error callback. +// +// When options.ListExisting is true, options.ErrorCallback may be +// called with [ErrDumpInterrupted] to indicate that results from +// the initial dump of links may be inconsistent or incomplete. func LinkSubscribeWithOptions(ch chan<- LinkUpdate, done <-chan struct{}, options LinkSubscribeOptions) error { if options.Namespace == nil { none := netns.None() @@ -2440,6 +2544,9 @@ func linkSubscribeAt(newNs, curNs netns.NsHandle, ch chan<- LinkUpdate, done <-c continue } for _, m := range msgs { + if m.Header.Flags&unix.NLM_F_DUMP_INTR != 0 && cberr != nil { + cberr(ErrDumpInterrupted) + } if m.Header.Type == unix.NLMSG_DONE { continue } @@ -2513,6 +2620,14 @@ func (h *Handle) LinkSetLearning(link Link, mode bool) error { return h.setProtinfoAttr(link, mode, nl.IFLA_BRPORT_LEARNING) } +func LinkSetVlanTunnel(link Link, mode bool) error { + return pkgHandle.LinkSetVlanTunnel(link, mode) +} + +func (h *Handle) LinkSetVlanTunnel(link Link, mode bool) error { + return h.setProtinfoAttr(link, mode, nl.IFLA_BRPORT_VLAN_TUNNEL) +} + func LinkSetRootBlock(link Link, mode bool) error { return pkgHandle.LinkSetRootBlock(link, mode) } @@ -2639,9 +2754,38 @@ func (h *Handle) LinkSetGroup(link Link, group int) error { return err } +// LinkSetIP6AddrGenMode sets the IPv6 address generation mode of the link device. +// Equivalent to: `ip link set $link addrgenmode $mode` +func LinkSetIP6AddrGenMode(link Link, mode int) error { + return pkgHandle.LinkSetIP6AddrGenMode(link, mode) +} + +// LinkSetIP6AddrGenMode sets the IPv6 address generation mode of the link device. +// Equivalent to: `ip link set $link addrgenmode $mode` +func (h *Handle) LinkSetIP6AddrGenMode(link Link, mode int) error { + base := link.Attrs() + h.ensureIndex(base) + req := h.newNetlinkRequest(unix.RTM_SETLINK, unix.NLM_F_ACK) + + msg := nl.NewIfInfomsg(unix.AF_UNSPEC) + msg.Index = int32(base.Index) + req.AddData(msg) + + b := make([]byte, 1) + b[0] = uint8(mode) + + data := nl.NewRtAttr(unix.IFLA_INET6_ADDR_GEN_MODE, b) + af := nl.NewRtAttr(unix.AF_INET6, data.Serialize()) + spec := nl.NewRtAttr(unix.IFLA_AF_SPEC, af.Serialize()) + req.AddData(spec) + + _, err := req.Execute(unix.NETLINK_ROUTE, 0) + return err +} + func addNetkitAttrs(nk *Netkit, linkInfo *nl.RtAttr, flag int) error { - if nk.peerLinkAttrs.HardwareAddr != nil || nk.HardwareAddr != nil { - return fmt.Errorf("netkit doesn't support setting Ethernet") + if nk.Mode != NETKIT_MODE_L2 && (nk.LinkAttrs.HardwareAddr != nil || nk.peerLinkAttrs.HardwareAddr != nil) { + return fmt.Errorf("netkit only allows setting Ethernet in L2 mode") } data := linkInfo.AddRtAttr(nl.IFLA_INFO_DATA, nil) @@ -2649,6 +2793,8 @@ func addNetkitAttrs(nk *Netkit, linkInfo *nl.RtAttr, flag int) error { data.AddRtAttr(nl.IFLA_NETKIT_MODE, nl.Uint32Attr(uint32(nk.Mode))) data.AddRtAttr(nl.IFLA_NETKIT_POLICY, nl.Uint32Attr(uint32(nk.Policy))) data.AddRtAttr(nl.IFLA_NETKIT_PEER_POLICY, nl.Uint32Attr(uint32(nk.PeerPolicy))) + data.AddRtAttr(nl.IFLA_NETKIT_SCRUB, nl.Uint32Attr(uint32(nk.Scrub))) + data.AddRtAttr(nl.IFLA_NETKIT_PEER_SCRUB, nl.Uint32Attr(uint32(nk.PeerScrub))) if (flag & unix.NLM_F_EXCL) == 0 { // Modifying peer link attributes will not take effect @@ -2691,6 +2837,9 @@ func addNetkitAttrs(nk *Netkit, linkInfo *nl.RtAttr, flag int) error { peer.AddRtAttr(unix.IFLA_NET_NS_FD, nl.Uint32Attr(uint32(ns))) } } + if nk.peerLinkAttrs.HardwareAddr != nil { + peer.AddRtAttr(unix.IFLA_ADDRESS, []byte(nk.peerLinkAttrs.HardwareAddr)) + } return nil } @@ -2709,16 +2858,75 @@ func parseNetkitData(link Link, data []syscall.NetlinkRouteAttr) { netkit.Policy = NetkitPolicy(native.Uint32(datum.Value[0:4])) case nl.IFLA_NETKIT_PEER_POLICY: netkit.PeerPolicy = NetkitPolicy(native.Uint32(datum.Value[0:4])) + case nl.IFLA_NETKIT_SCRUB: + netkit.supportsScrub = true + netkit.Scrub = NetkitScrub(native.Uint32(datum.Value[0:4])) + case nl.IFLA_NETKIT_PEER_SCRUB: + netkit.supportsScrub = true + netkit.PeerScrub = NetkitScrub(native.Uint32(datum.Value[0:4])) } } } +func parseVlanQosMap(data []byte) map[uint32]uint32 { + values, err := nl.ParseRouteAttr(data) + if err != nil { + return nil + } + + qosMap := make(map[uint32]uint32) + + for _, value := range values { + switch value.Attr.Type { + case nl.IFLA_VLAN_QOS_MAPPING: + from := native.Uint32(value.Value[:4]) + to := native.Uint32(value.Value[4:]) + qosMap[from] = to + } + } + + return qosMap +} + func parseVlanData(link Link, data []syscall.NetlinkRouteAttr) { vlan := link.(*Vlan) for _, datum := range data { switch datum.Attr.Type { case nl.IFLA_VLAN_ID: vlan.VlanId = int(native.Uint16(datum.Value[0:2])) + case nl.IFLA_VLAN_FLAGS: + flags := native.Uint32(datum.Value[0:4]) + trueVal := true + falseVal := false + if flags&nl.VLAN_FLAG_REORDER_HDR != 0 { + vlan.ReorderHdr = &trueVal + } else { + vlan.ReorderHdr = &falseVal + } + if flags&nl.VLAN_FLAG_GVRP != 0 { + vlan.Gvrp = &trueVal + } else { + vlan.Gvrp = &falseVal + } + if flags&nl.VLAN_FLAG_LOOSE_BINDING != 0 { + vlan.LooseBinding = &trueVal + } else { + vlan.LooseBinding = &falseVal + } + if flags&nl.VLAN_FLAG_MVRP != 0 { + vlan.Mvrp = &trueVal + } else { + vlan.Mvrp = &falseVal + } + if flags&nl.VLAN_FLAG_BRIDGE_BINDING != 0 { + vlan.BridgeBinding = &trueVal + } else { + vlan.BridgeBinding = &falseVal + } + case nl.IFLA_VLAN_EGRESS_QOS: + vlan.EgressQosMap = parseVlanQosMap(datum.Value) + case nl.IFLA_VLAN_INGRESS_QOS: + vlan.IngressQosMap = parseVlanQosMap(datum.Value) case nl.IFLA_VLAN_PROTOCOL: vlan.VlanProtocol = VlanProtocol(int(ntohs(datum.Value[0:2]))) } @@ -2782,7 +2990,7 @@ func parseVxlanData(link Link, data []syscall.NetlinkRouteAttr) { case nl.IFLA_VXLAN_PORT_RANGE: buf := bytes.NewBuffer(datum.Value[0:4]) var pr vxlanPortRange - if binary.Read(buf, binary.BigEndian, &pr) != nil { + if binary.Read(buf, binary.BigEndian, &pr) == nil { vxlan.PortLow = int(pr.Lo) vxlan.PortHigh = int(pr.Hi) } @@ -3006,7 +3214,6 @@ func parseMacvlanData(link Link, data []syscall.NetlinkRouteAttr) { } } -// copied from pkg/net_linux.go func linkFlags(rawFlags uint32) net.Flags { var f net.Flags if rawFlags&unix.IFF_UP != 0 { @@ -3024,9 +3231,16 @@ func linkFlags(rawFlags uint32) net.Flags { if rawFlags&unix.IFF_MULTICAST != 0 { f |= net.FlagMulticast } + if rawFlags&unix.IFF_RUNNING != 0 { + f |= net.FlagRunning + } return f } +type genevePortRange struct { + Lo, Hi uint16 +} + func addGeneveAttrs(geneve *Geneve, linkInfo *nl.RtAttr) { data := linkInfo.AddRtAttr(nl.IFLA_INFO_DATA, nil) @@ -3063,6 +3277,15 @@ func addGeneveAttrs(geneve *Geneve, linkInfo *nl.RtAttr) { data.AddRtAttr(nl.IFLA_GENEVE_TOS, nl.Uint8Attr(geneve.Tos)) } + if geneve.PortLow > 0 || geneve.PortHigh > 0 { + pr := genevePortRange{uint16(geneve.PortLow), uint16(geneve.PortHigh)} + + buf := new(bytes.Buffer) + binary.Write(buf, binary.BigEndian, &pr) + + data.AddRtAttr(nl.IFLA_GENEVE_PORT_RANGE, buf.Bytes()) + } + data.AddRtAttr(nl.IFLA_GENEVE_DF, nl.Uint8Attr(uint8(geneve.Df))) } @@ -3084,6 +3307,13 @@ func parseGeneveData(link Link, data []syscall.NetlinkRouteAttr) { geneve.FlowBased = true case nl.IFLA_GENEVE_INNER_PROTO_INHERIT: geneve.InnerProtoInherit = true + case nl.IFLA_GENEVE_PORT_RANGE: + buf := bytes.NewBuffer(datum.Value[0:4]) + var pr genevePortRange + if binary.Read(buf, binary.BigEndian, &pr) == nil { + geneve.PortLow = int(pr.Lo) + geneve.PortHigh = int(pr.Hi) + } } } } @@ -3859,11 +4089,27 @@ func parseTuntapData(link Link, data []syscall.NetlinkRouteAttr) { tuntap.Group = native.Uint32(datum.Value) case nl.IFLA_TUN_TYPE: tuntap.Mode = TuntapMode(uint8(datum.Value[0])) + case nl.IFLA_TUN_PI: + if datum.Value[0] == 0 { + tuntap.Flags |= TUNTAP_NO_PI + } + case nl.IFLA_TUN_VNET_HDR: + if datum.Value[0] == 1 { + tuntap.Flags |= TUNTAP_VNET_HDR + } case nl.IFLA_TUN_PERSIST: tuntap.NonPersist = false if uint8(datum.Value[0]) == 0 { tuntap.NonPersist = true } + case nl.IFLA_TUN_MULTI_QUEUE: + if datum.Value[0] == 1 { + tuntap.Flags |= TUNTAP_MULTI_QUEUE + } + case nl.IFLA_TUN_NUM_QUEUES: + tuntap.Queues = int(native.Uint32(datum.Value)) + case nl.IFLA_TUN_NUM_DISABLED_QUEUES: + tuntap.DisabledQueues = int(native.Uint32(datum.Value)) } } } diff --git a/vendor/github.com/vishvananda/netlink/link_tuntap_linux.go b/vendor/github.com/vishvananda/netlink/link_tuntap_linux.go index 310bd33d8d4..1a5da82c2fa 100644 --- a/vendor/github.com/vishvananda/netlink/link_tuntap_linux.go +++ b/vendor/github.com/vishvananda/netlink/link_tuntap_linux.go @@ -1,5 +1,14 @@ package netlink +import ( + "fmt" + "os" + "strings" + "syscall" + + "golang.org/x/sys/unix" +) + // ideally golang.org/x/sys/unix would define IfReq but it only has // IFNAMSIZ, hence this minimalistic implementation const ( @@ -7,8 +16,136 @@ const ( IFNAMSIZ = 16 ) +const TUN = "/dev/net/tun" + type ifReq struct { Name [IFNAMSIZ]byte Flags uint16 pad [SizeOfIfReq - IFNAMSIZ - 2]byte } + +// AddQueues opens and attaches multiple queue file descriptors to an existing +// TUN/TAP interface in multi-queue mode. +// +// It performs TUNSETIFF ioctl on each opened file descriptor with the current +// tuntap configuration. Each resulting fd is set to non-blocking mode and +// returned as *os.File. +// +// If the interface was created with a name pattern (e.g. "tap%d"), +// the first successful TUNSETIFF call will return the resolved name, +// which is saved back into tuntap.Name. +// +// This method assumes that the interface already exists and is in multi-queue mode. +// The returned FDs are also appended to tuntap.Fds and tuntap.Queues is updated. +// +// It is the caller's responsibility to close the FDs when they are no longer needed. +func (tuntap *Tuntap) AddQueues(count int) ([]*os.File, error) { + if tuntap.Mode < unix.IFF_TUN || tuntap.Mode > unix.IFF_TAP { + return nil, fmt.Errorf("Tuntap.Mode %v unknown", tuntap.Mode) + } + if tuntap.Flags&TUNTAP_MULTI_QUEUE == 0 { + return nil, fmt.Errorf("TUNTAP_MULTI_QUEUE not set") + } + if count < 1 { + return nil, fmt.Errorf("count must be >= 1") + } + + req, err := unix.NewIfreq(tuntap.Name) + if err != nil { + return nil, err + } + req.SetUint16(uint16(tuntap.Mode) | uint16(tuntap.Flags)) + + var fds []*os.File + for i := 0; i < count; i++ { + localReq := req + fd, err := unix.Open(TUN, os.O_RDWR|syscall.O_CLOEXEC, 0) + if err != nil { + cleanupFds(fds) + return nil, err + } + + err = unix.IoctlIfreq(fd, unix.TUNSETIFF, req) + if err != nil { + // close the new fd + unix.Close(fd) + // and the already opened ones + cleanupFds(fds) + return nil, fmt.Errorf("tuntap IOCTL TUNSETIFF failed [%d]: %w", i, err) + } + + // Set the tun device to non-blocking before use. The below comment + // taken from: + // + // https://github.com/mistsys/tuntap/commit/161418c25003bbee77d085a34af64d189df62bea + // + // Note there is a complication because in go, if a device node is + // opened, go sets it to use nonblocking I/O. However a /dev/net/tun + // doesn't work with epoll until after the TUNSETIFF ioctl has been + // done. So we open the unix fd directly, do the ioctl, then put the + // fd in nonblocking mode, an then finally wrap it in a os.File, + // which will see the nonblocking mode and add the fd to the + // pollable set, so later on when we Read() from it blocked the + // calling thread in the kernel. + // + // See + // https://github.com/golang/go/issues/30426 + // which got exposed in go 1.13 by the fix to + // https://github.com/golang/go/issues/30624 + err = unix.SetNonblock(fd, true) + if err != nil { + cleanupFds(fds) + return nil, fmt.Errorf("tuntap set to non-blocking failed [%d]: %w", i, err) + } + + // create the file from the file descriptor and store it + file := os.NewFile(uintptr(fd), TUN) + fds = append(fds, file) + + // 1) we only care for the name of the first tap in the multi queue set + // 2) if the original name was empty, the localReq has now the actual name + // + // In addition: + // This ensures that the link name is always identical to what the kernel returns. + // Not only in case of an empty name, but also when using name templates. + // e.g. when the provided name is "tap%d", the kernel replaces %d with the next available number. + if i == 0 { + tuntap.Name = strings.Trim(localReq.Name(), "\x00") + } + } + + tuntap.Fds = append(tuntap.Fds, fds...) + tuntap.Queues = len(tuntap.Fds) + return fds, nil +} + +// RemoveQueues closes the given TAP queue file descriptors and removes them +// from the tuntap.Fds list. +// +// This is a logical counterpart to AddQueues and allows releasing specific queues +// (e.g., to simulate queue failure or perform partial detach). +// +// The method updates tuntap.Queues to reflect the number of remaining active queues. +// +// It is safe to call with a subset of tuntap.Fds, but the caller must ensure +// that the passed *os.File descriptors belong to this interface. +func (tuntap *Tuntap) RemoveQueues(fds ...*os.File) error { + toClose := make(map[uintptr]struct{}, len(fds)) + for _, fd := range fds { + toClose[fd.Fd()] = struct{}{} + } + + var newFds []*os.File + for _, fd := range tuntap.Fds { + if _, shouldClose := toClose[fd.Fd()]; shouldClose { + if err := fd.Close(); err != nil { + return fmt.Errorf("failed to close queue fd %d: %w", fd.Fd(), err) + } + tuntap.Queues-- + } else { + newFds = append(newFds, fd) + } + } + tuntap.Fds = newFds + return nil +} diff --git a/vendor/github.com/vishvananda/netlink/neigh.go b/vendor/github.com/vishvananda/netlink/neigh.go index 32d722e8858..a96e5846e6c 100644 --- a/vendor/github.com/vishvananda/netlink/neigh.go +++ b/vendor/github.com/vishvananda/netlink/neigh.go @@ -19,6 +19,14 @@ type Neigh struct { Vlan int VNI int MasterIndex int + + // These values are expressed as "clock ticks ago". To + // convert these clock ticks to seconds divide by sysconf(_SC_CLK_TCK). + // When _SC_CLK_TCK is 100, for example, the ndm_* times are expressed + // in centiseconds. + Confirmed uint32 // The last time ARP/ND succeeded OR higher layer confirmation was received + Used uint32 // The last time ARP/ND took place for this neighbor + Updated uint32 // The time when the current NUD state was entered } // String returns $ip/$hwaddr $label diff --git a/vendor/github.com/vishvananda/netlink/neigh_linux.go b/vendor/github.com/vishvananda/netlink/neigh_linux.go index 2d93044a6ea..f4dd83532e6 100644 --- a/vendor/github.com/vishvananda/netlink/neigh_linux.go +++ b/vendor/github.com/vishvananda/netlink/neigh_linux.go @@ -1,6 +1,7 @@ package netlink import ( + "errors" "fmt" "net" "syscall" @@ -206,6 +207,9 @@ func neighHandle(neigh *Neigh, req *nl.NetlinkRequest) error { // NeighList returns a list of IP-MAC mappings in the system (ARP table). // Equivalent to: `ip neighbor show`. // The list can be filtered by link and ip family. +// +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func NeighList(linkIndex, family int) ([]Neigh, error) { return pkgHandle.NeighList(linkIndex, family) } @@ -213,6 +217,9 @@ func NeighList(linkIndex, family int) ([]Neigh, error) { // NeighProxyList returns a list of neighbor proxies in the system. // Equivalent to: `ip neighbor show proxy`. // The list can be filtered by link and ip family. +// +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func NeighProxyList(linkIndex, family int) ([]Neigh, error) { return pkgHandle.NeighProxyList(linkIndex, family) } @@ -220,6 +227,9 @@ func NeighProxyList(linkIndex, family int) ([]Neigh, error) { // NeighList returns a list of IP-MAC mappings in the system (ARP table). // Equivalent to: `ip neighbor show`. // The list can be filtered by link and ip family. +// +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func (h *Handle) NeighList(linkIndex, family int) ([]Neigh, error) { return h.NeighListExecute(Ndmsg{ Family: uint8(family), @@ -230,6 +240,9 @@ func (h *Handle) NeighList(linkIndex, family int) ([]Neigh, error) { // NeighProxyList returns a list of neighbor proxies in the system. // Equivalent to: `ip neighbor show proxy`. // The list can be filtered by link, ip family. +// +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func (h *Handle) NeighProxyList(linkIndex, family int) ([]Neigh, error) { return h.NeighListExecute(Ndmsg{ Family: uint8(family), @@ -239,18 +252,24 @@ func (h *Handle) NeighProxyList(linkIndex, family int) ([]Neigh, error) { } // NeighListExecute returns a list of neighbour entries filtered by link, ip family, flag and state. +// +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func NeighListExecute(msg Ndmsg) ([]Neigh, error) { return pkgHandle.NeighListExecute(msg) } // NeighListExecute returns a list of neighbour entries filtered by link, ip family, flag and state. +// +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func (h *Handle) NeighListExecute(msg Ndmsg) ([]Neigh, error) { req := h.newNetlinkRequest(unix.RTM_GETNEIGH, unix.NLM_F_DUMP) req.AddData(&msg) - msgs, err := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWNEIGH) - if err != nil { - return nil, err + msgs, executeErr := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWNEIGH) + if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) { + return nil, executeErr } var res []Neigh @@ -281,7 +300,7 @@ func (h *Handle) NeighListExecute(msg Ndmsg) ([]Neigh, error) { res = append(res, *neigh) } - return res, nil + return res, executeErr } func NeighDeserialize(m []byte) (*Neigh, error) { @@ -330,6 +349,10 @@ func NeighDeserialize(m []byte) (*Neigh, error) { neigh.VNI = int(native.Uint32(attr.Value[0:4])) case NDA_MASTER: neigh.MasterIndex = int(native.Uint32(attr.Value[0:4])) + case NDA_CACHEINFO: + neigh.Confirmed = native.Uint32(attr.Value[0:4]) + neigh.Used = native.Uint32(attr.Value[4:8]) + neigh.Updated = native.Uint32(attr.Value[8:12]) } } @@ -364,6 +387,10 @@ type NeighSubscribeOptions struct { // NeighSubscribeWithOptions work like NeighSubscribe but enable to // provide additional options to modify the behavior. Currently, the // namespace can be provided as well as an error callback. +// +// When options.ListExisting is true, options.ErrorCallback may be +// called with [ErrDumpInterrupted] to indicate that results from +// the initial dump of links may be inconsistent or incomplete. func NeighSubscribeWithOptions(ch chan<- NeighUpdate, done <-chan struct{}, options NeighSubscribeOptions) error { if options.Namespace == nil { none := netns.None() @@ -428,6 +455,9 @@ func neighSubscribeAt(newNs, curNs netns.NsHandle, ch chan<- NeighUpdate, done < continue } for _, m := range msgs { + if m.Header.Flags&unix.NLM_F_DUMP_INTR != 0 && cberr != nil { + cberr(ErrDumpInterrupted) + } if m.Header.Type == unix.NLMSG_DONE { if listExisting { // This will be called after handling AF_UNSPEC diff --git a/vendor/github.com/vishvananda/netlink/netlink_linux.go b/vendor/github.com/vishvananda/netlink/netlink_linux.go index a20d293d870..7416e305104 100644 --- a/vendor/github.com/vishvananda/netlink/netlink_linux.go +++ b/vendor/github.com/vishvananda/netlink/netlink_linux.go @@ -9,3 +9,6 @@ const ( FAMILY_V6 = nl.FAMILY_V6 FAMILY_MPLS = nl.FAMILY_MPLS ) + +// ErrDumpInterrupted is an alias for [nl.ErrDumpInterrupted]. +var ErrDumpInterrupted = nl.ErrDumpInterrupted diff --git a/vendor/github.com/vishvananda/netlink/netlink_unspecified.go b/vendor/github.com/vishvananda/netlink/netlink_unspecified.go index da12c42a560..9961e158ab2 100644 --- a/vendor/github.com/vishvananda/netlink/netlink_unspecified.go +++ b/vendor/github.com/vishvananda/netlink/netlink_unspecified.go @@ -1,3 +1,4 @@ +//go:build !linux // +build !linux package netlink @@ -144,6 +145,10 @@ func LinkSetGROIPv4MaxSize(link Link, maxSize int) error { return ErrNotImplemented } +func LinkSetIP6AddrGenMode(link Link, mode int) error { + return ErrNotImplemented +} + func LinkAdd(link Link) error { return ErrNotImplemented } diff --git a/vendor/github.com/vishvananda/netlink/nl/bridge_linux.go b/vendor/github.com/vishvananda/netlink/nl/bridge_linux.go index 34e78ba8daf..2441d1ca968 100644 --- a/vendor/github.com/vishvananda/netlink/nl/bridge_linux.go +++ b/vendor/github.com/vishvananda/netlink/nl/bridge_linux.go @@ -26,6 +26,14 @@ const ( IFLA_BRIDGE_FLAGS = iota IFLA_BRIDGE_MODE IFLA_BRIDGE_VLAN_INFO + IFLA_BRIDGE_VLAN_TUNNEL_INFO +) + +const ( + IFLA_BRIDGE_VLAN_TUNNEL_UNSPEC = iota + IFLA_BRIDGE_VLAN_TUNNEL_ID + IFLA_BRIDGE_VLAN_TUNNEL_VID + IFLA_BRIDGE_VLAN_TUNNEL_FLAGS ) const ( @@ -41,6 +49,11 @@ const ( // __u16 vid; // }; +type TunnelInfo struct { + TunId uint32 + Vid uint16 +} + type BridgeVlanInfo struct { Flags uint16 Vid uint16 diff --git a/vendor/github.com/vishvananda/netlink/nl/link_linux.go b/vendor/github.com/vishvananda/netlink/nl/link_linux.go index 0b5be470cb0..716c2a9a134 100644 --- a/vendor/github.com/vishvananda/netlink/nl/link_linux.go +++ b/vendor/github.com/vishvananda/netlink/nl/link_linux.go @@ -31,6 +31,20 @@ const ( IFLA_VLAN_MAX = IFLA_VLAN_PROTOCOL ) +const ( + IFLA_VLAN_QOS_UNSPEC = iota + IFLA_VLAN_QOS_MAPPING + IFLA_VLAN_QOS_MAX = IFLA_VLAN_QOS_MAPPING +) + +const ( + VLAN_FLAG_REORDER_HDR = 1 << iota + VLAN_FLAG_GVRP + VLAN_FLAG_LOOSE_BINDING + VLAN_FLAG_MVRP + VLAN_FLAG_BRIDGE_BINDING +) + const ( IFLA_NETKIT_UNSPEC = iota IFLA_NETKIT_PEER_INFO @@ -38,6 +52,8 @@ const ( IFLA_NETKIT_POLICY IFLA_NETKIT_PEER_POLICY IFLA_NETKIT_MODE + IFLA_NETKIT_SCRUB + IFLA_NETKIT_PEER_SCRUB IFLA_NETKIT_MAX = IFLA_NETKIT_MODE ) @@ -232,6 +248,7 @@ const ( IFLA_GENEVE_TTL_INHERIT IFLA_GENEVE_DF IFLA_GENEVE_INNER_PROTO_INHERIT + IFLA_GENEVE_PORT_RANGE IFLA_GENEVE_MAX = IFLA_GENEVE_INNER_PROTO_INHERIT ) @@ -816,3 +833,10 @@ const ( IFLA_BAREUDP_MULTIPROTO_MODE IFLA_BAREUDP_MAX = IFLA_BAREUDP_MULTIPROTO_MODE ) + +const ( + IN6_ADDR_GEN_MODE_EUI64 = iota + IN6_ADDR_GEN_MODE_NONE + IN6_ADDR_GEN_MODE_STABLE_PRIVACY + IN6_ADDR_GEN_MODE_RANDOM +) diff --git a/vendor/github.com/vishvananda/netlink/nl/nl_linux.go b/vendor/github.com/vishvananda/netlink/nl/nl_linux.go index 6cecc4517a5..f2dc7abb875 100644 --- a/vendor/github.com/vishvananda/netlink/nl/nl_linux.go +++ b/vendor/github.com/vishvananda/netlink/nl/nl_linux.go @@ -4,6 +4,7 @@ package nl import ( "bytes" "encoding/binary" + "errors" "fmt" "net" "os" @@ -11,6 +12,7 @@ import ( "sync" "sync/atomic" "syscall" + "time" "unsafe" "github.com/vishvananda/netns" @@ -43,6 +45,26 @@ var SocketTimeoutTv = unix.Timeval{Sec: 60, Usec: 0} // ErrorMessageReporting is the default error message reporting configuration for the new netlink sockets var EnableErrorMessageReporting bool = false +// ErrDumpInterrupted is an instance of errDumpInterrupted, used to report that +// a netlink function has set the NLM_F_DUMP_INTR flag in a response message, +// indicating that the results may be incomplete or inconsistent. +var ErrDumpInterrupted = errDumpInterrupted{} + +// errDumpInterrupted is an error type, used to report that NLM_F_DUMP_INTR was +// set in a netlink response. +type errDumpInterrupted struct{} + +func (errDumpInterrupted) Error() string { + return "results may be incomplete or inconsistent" +} + +// Before errDumpInterrupted was introduced, EINTR was returned when a netlink +// response had NLM_F_DUMP_INTR. Retain backward compatibility with code that +// may be checking for EINTR using Is. +func (e errDumpInterrupted) Is(target error) bool { + return target == unix.EINTR +} + // GetIPFamily returns the family type of a net.IP. func GetIPFamily(ip net.IP) int { if len(ip) <= net.IPv4len { @@ -492,22 +514,26 @@ func (req *NetlinkRequest) AddRawData(data []byte) { // Execute the request against the given sockType. // Returns a list of netlink messages in serialized format, optionally filtered // by resType. +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func (req *NetlinkRequest) Execute(sockType int, resType uint16) ([][]byte, error) { var res [][]byte err := req.ExecuteIter(sockType, resType, func(msg []byte) bool { res = append(res, msg) return true }) - if err != nil { + if err != nil && !errors.Is(err, ErrDumpInterrupted) { return nil, err } - return res, nil + return res, err } // ExecuteIter executes the request against the given sockType. // Calls the provided callback func once for each netlink message. // If the callback returns false, it is not called again, but // the remaining messages are consumed/discarded. +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. // // Thread safety: ExecuteIter holds a lock on the socket until // it finishes iteration so the callback must not call back into @@ -559,6 +585,8 @@ func (req *NetlinkRequest) ExecuteIter(sockType int, resType uint16, f func(msg return err } + dumpIntr := false + done: for { msgs, from, err := s.Receive() @@ -580,7 +608,7 @@ done: } if m.Header.Flags&unix.NLM_F_DUMP_INTR != 0 { - return syscall.Errno(unix.EINTR) + dumpIntr = true } if m.Header.Type == unix.NLMSG_DONE || m.Header.Type == unix.NLMSG_ERROR { @@ -634,6 +662,9 @@ done: } } } + if dumpIntr { + return ErrDumpInterrupted + } return nil } @@ -656,9 +687,11 @@ func NewNetlinkRequest(proto, flags int) *NetlinkRequest { } type NetlinkSocket struct { - fd int32 - file *os.File - lsa unix.SockaddrNetlink + fd int32 + file *os.File + lsa unix.SockaddrNetlink + sendTimeout int64 // Access using atomic.Load/StoreInt64 + receiveTimeout int64 // Access using atomic.Load/StoreInt64 sync.Mutex } @@ -756,7 +789,7 @@ func executeInNetns(newNs, curNs netns.NsHandle) (func(), error) { // Returns the netlink socket on which Receive() method can be called // to retrieve the messages from the kernel. func Subscribe(protocol int, groups ...uint) (*NetlinkSocket, error) { - fd, err := unix.Socket(unix.AF_NETLINK, unix.SOCK_RAW, protocol) + fd, err := unix.Socket(unix.AF_NETLINK, unix.SOCK_RAW|unix.SOCK_CLOEXEC, protocol) if err != nil { return nil, err } @@ -802,8 +835,44 @@ func (s *NetlinkSocket) GetFd() int { return int(s.fd) } +func (s *NetlinkSocket) GetTimeouts() (send, receive time.Duration) { + return time.Duration(atomic.LoadInt64(&s.sendTimeout)), + time.Duration(atomic.LoadInt64(&s.receiveTimeout)) +} + func (s *NetlinkSocket) Send(request *NetlinkRequest) error { - return unix.Sendto(int(s.fd), request.Serialize(), 0, &s.lsa) + rawConn, err := s.file.SyscallConn() + if err != nil { + return err + } + var ( + deadline time.Time + innerErr error + ) + sendTimeout := atomic.LoadInt64(&s.sendTimeout) + if sendTimeout != 0 { + deadline = time.Now().Add(time.Duration(sendTimeout)) + } + if err := s.file.SetWriteDeadline(deadline); err != nil { + return err + } + serializedReq := request.Serialize() + err = rawConn.Write(func(fd uintptr) (done bool) { + innerErr = unix.Sendto(int(s.fd), serializedReq, 0, &s.lsa) + return innerErr != unix.EWOULDBLOCK + }) + if innerErr != nil { + return innerErr + } + if err != nil { + // The timeout was previously implemented using SO_SNDTIMEO on a blocking + // socket. So, continue to return EAGAIN when the timeout is reached. + if errors.Is(err, os.ErrDeadlineExceeded) { + return unix.EAGAIN + } + return err + } + return nil } func (s *NetlinkSocket) Receive() ([]syscall.NetlinkMessage, *unix.SockaddrNetlink, error) { @@ -812,20 +881,33 @@ func (s *NetlinkSocket) Receive() ([]syscall.NetlinkMessage, *unix.SockaddrNetli return nil, nil, err } var ( + deadline time.Time fromAddr *unix.SockaddrNetlink rb [RECEIVE_BUFFER_SIZE]byte nr int from unix.Sockaddr innerErr error ) + receiveTimeout := atomic.LoadInt64(&s.receiveTimeout) + if receiveTimeout != 0 { + deadline = time.Now().Add(time.Duration(receiveTimeout)) + } + if err := s.file.SetReadDeadline(deadline); err != nil { + return nil, nil, err + } err = rawConn.Read(func(fd uintptr) (done bool) { nr, from, innerErr = unix.Recvfrom(int(fd), rb[:], 0) return innerErr != unix.EWOULDBLOCK }) if innerErr != nil { - err = innerErr + return nil, nil, innerErr } if err != nil { + // The timeout was previously implemented using SO_RCVTIMEO on a blocking + // socket. So, continue to return EAGAIN when the timeout is reached. + if errors.Is(err, os.ErrDeadlineExceeded) { + return nil, nil, unix.EAGAIN + } return nil, nil, err } fromAddr, ok := from.(*unix.SockaddrNetlink) @@ -847,16 +929,14 @@ func (s *NetlinkSocket) Receive() ([]syscall.NetlinkMessage, *unix.SockaddrNetli // SetSendTimeout allows to set a send timeout on the socket func (s *NetlinkSocket) SetSendTimeout(timeout *unix.Timeval) error { - // Set a send timeout of SOCKET_SEND_TIMEOUT, this will allow the Send to periodically unblock and avoid that a routine - // remains stuck on a send on a closed fd - return unix.SetsockoptTimeval(int(s.fd), unix.SOL_SOCKET, unix.SO_SNDTIMEO, timeout) + atomic.StoreInt64(&s.sendTimeout, timeout.Nano()) + return nil } // SetReceiveTimeout allows to set a receive timeout on the socket func (s *NetlinkSocket) SetReceiveTimeout(timeout *unix.Timeval) error { - // Set a read timeout of SOCKET_READ_TIMEOUT, this will allow the Read to periodically unblock and avoid that a routine - // remains stuck on a recvmsg on a closed fd - return unix.SetsockoptTimeval(int(s.fd), unix.SOL_SOCKET, unix.SO_RCVTIMEO, timeout) + atomic.StoreInt64(&s.receiveTimeout, timeout.Nano()) + return nil } // SetReceiveBufferSize allows to set a receive buffer size on the socket diff --git a/vendor/github.com/vishvananda/netlink/nl/parse_attr_linux.go b/vendor/github.com/vishvananda/netlink/nl/parse_attr_linux.go index 7f49125cffa..8ee0428db81 100644 --- a/vendor/github.com/vishvananda/netlink/nl/parse_attr_linux.go +++ b/vendor/github.com/vishvananda/netlink/nl/parse_attr_linux.go @@ -17,7 +17,7 @@ func ParseAttributes(data []byte) <-chan Attribute { go func() { i := 0 - for i+4 < len(data) { + for i+4 <= len(data) { length := int(native.Uint16(data[i : i+2])) attrType := native.Uint16(data[i+2 : i+4]) diff --git a/vendor/github.com/vishvananda/netlink/nl/rdma_link_linux.go b/vendor/github.com/vishvananda/netlink/nl/rdma_link_linux.go index ce43ee1550c..02448362887 100644 --- a/vendor/github.com/vishvananda/netlink/nl/rdma_link_linux.go +++ b/vendor/github.com/vishvananda/netlink/nl/rdma_link_linux.go @@ -9,31 +9,41 @@ const ( ) const ( - RDMA_NLDEV_CMD_GET = 1 - RDMA_NLDEV_CMD_SET = 2 - RDMA_NLDEV_CMD_NEWLINK = 3 - RDMA_NLDEV_CMD_DELLINK = 4 - RDMA_NLDEV_CMD_SYS_GET = 6 - RDMA_NLDEV_CMD_SYS_SET = 7 + RDMA_NLDEV_CMD_GET = 1 + RDMA_NLDEV_CMD_SET = 2 + RDMA_NLDEV_CMD_NEWLINK = 3 + RDMA_NLDEV_CMD_DELLINK = 4 + RDMA_NLDEV_CMD_SYS_GET = 6 + RDMA_NLDEV_CMD_SYS_SET = 7 + RDMA_NLDEV_CMD_RES_GET = 9 + RDMA_NLDEV_CMD_STAT_GET = 17 ) const ( - RDMA_NLDEV_ATTR_DEV_INDEX = 1 - RDMA_NLDEV_ATTR_DEV_NAME = 2 - RDMA_NLDEV_ATTR_PORT_INDEX = 3 - RDMA_NLDEV_ATTR_CAP_FLAGS = 4 - RDMA_NLDEV_ATTR_FW_VERSION = 5 - RDMA_NLDEV_ATTR_NODE_GUID = 6 - RDMA_NLDEV_ATTR_SYS_IMAGE_GUID = 7 - RDMA_NLDEV_ATTR_SUBNET_PREFIX = 8 - RDMA_NLDEV_ATTR_LID = 9 - RDMA_NLDEV_ATTR_SM_LID = 10 - RDMA_NLDEV_ATTR_LMC = 11 - RDMA_NLDEV_ATTR_PORT_STATE = 12 - RDMA_NLDEV_ATTR_PORT_PHYS_STATE = 13 - RDMA_NLDEV_ATTR_DEV_NODE_TYPE = 14 - RDMA_NLDEV_ATTR_NDEV_NAME = 51 - RDMA_NLDEV_ATTR_LINK_TYPE = 65 - RDMA_NLDEV_SYS_ATTR_NETNS_MODE = 66 - RDMA_NLDEV_NET_NS_FD = 68 + RDMA_NLDEV_ATTR_DEV_INDEX = 1 + RDMA_NLDEV_ATTR_DEV_NAME = 2 + RDMA_NLDEV_ATTR_PORT_INDEX = 3 + RDMA_NLDEV_ATTR_CAP_FLAGS = 4 + RDMA_NLDEV_ATTR_FW_VERSION = 5 + RDMA_NLDEV_ATTR_NODE_GUID = 6 + RDMA_NLDEV_ATTR_SYS_IMAGE_GUID = 7 + RDMA_NLDEV_ATTR_SUBNET_PREFIX = 8 + RDMA_NLDEV_ATTR_LID = 9 + RDMA_NLDEV_ATTR_SM_LID = 10 + RDMA_NLDEV_ATTR_LMC = 11 + RDMA_NLDEV_ATTR_PORT_STATE = 12 + RDMA_NLDEV_ATTR_PORT_PHYS_STATE = 13 + RDMA_NLDEV_ATTR_DEV_NODE_TYPE = 14 + RDMA_NLDEV_ATTR_RES_SUMMARY = 15 + RDMA_NLDEV_ATTR_RES_SUMMARY_ENTRY = 16 + RDMA_NLDEV_ATTR_RES_SUMMARY_ENTRY_NAME = 17 + RDMA_NLDEV_ATTR_RES_SUMMARY_ENTRY_CURR = 18 + RDMA_NLDEV_ATTR_NDEV_NAME = 51 + RDMA_NLDEV_ATTR_LINK_TYPE = 65 + RDMA_NLDEV_SYS_ATTR_NETNS_MODE = 66 + RDMA_NLDEV_NET_NS_FD = 68 + RDMA_NLDEV_ATTR_STAT_HWCOUNTERS = 80 + RDMA_NLDEV_ATTR_STAT_HWCOUNTER_ENTRY = 81 + RDMA_NLDEV_ATTR_STAT_HWCOUNTER_ENTRY_NAME = 82 + RDMA_NLDEV_ATTR_STAT_HWCOUNTER_ENTRY_VALUE = 83 ) diff --git a/vendor/github.com/vishvananda/netlink/nl/seg6local_linux.go b/vendor/github.com/vishvananda/netlink/nl/seg6local_linux.go index 8172b8471f2..b92991de71e 100644 --- a/vendor/github.com/vishvananda/netlink/nl/seg6local_linux.go +++ b/vendor/github.com/vishvananda/netlink/nl/seg6local_linux.go @@ -13,6 +13,7 @@ const ( SEG6_LOCAL_IIF SEG6_LOCAL_OIF SEG6_LOCAL_BPF + SEG6_LOCAL_VRFTABLE __SEG6_LOCAL_MAX ) const ( diff --git a/vendor/github.com/vishvananda/netlink/nl/tc_linux.go b/vendor/github.com/vishvananda/netlink/nl/tc_linux.go index 0720729a900..67666816e0c 100644 --- a/vendor/github.com/vishvananda/netlink/nl/tc_linux.go +++ b/vendor/github.com/vishvananda/netlink/nl/tc_linux.go @@ -77,6 +77,17 @@ const ( TCA_ACT_MAX ) +const ( + TCA_ACT_SAMPLE_UNSPEC = iota + TCA_ACT_SAMPLE_TM + TCA_ACT_SAMPLE_PARMS + TCA_ACT_SAMPLE_RATE + TCA_ACT_SAMPLE_TRUNC_SIZE + TCA_ACT_SAMPLE_PSAMPLE_GROUP + TCA_ACT_SAMPLE_PAD + TCA_ACT_SAMPLE_MAX +) + const ( TCA_PRIO_UNSPEC = iota TCA_PRIO_MQ @@ -115,6 +126,7 @@ const ( SizeofTcConnmark = SizeofTcGen + 0x04 SizeofTcCsum = SizeofTcGen + 0x04 SizeofTcMirred = SizeofTcGen + 0x08 + SizeofTcVlan = SizeofTcGen + 0x04 SizeofTcTunnelKey = SizeofTcGen + 0x04 SizeofTcSkbEdit = SizeofTcGen SizeofTcPolice = 2*SizeofTcRateSpec + 0x20 @@ -816,6 +828,41 @@ func (x *TcMirred) Serialize() []byte { return (*(*[SizeofTcMirred]byte)(unsafe.Pointer(x)))[:] } +const ( + TCA_VLAN_UNSPEC = iota + TCA_VLAN_TM + TCA_VLAN_PARMS + TCA_VLAN_PUSH_VLAN_ID + TCA_VLAN_PUSH_VLAN_PROTOCOL + TCA_VLAN_PAD + TCA_VLAN_PUSH_VLAN_PRIORITY + TCA_VLAN_PUSH_ETH_DST + TCA_VLAN_PUSH_ETH_SRC + TCA_VLAN_MAX +) + +//struct tc_vlan { +// tc_gen; +// int v_action; +//}; + +type TcVlan struct { + TcGen + Action int32 +} + +func (msg *TcVlan) Len() int { + return SizeofTcVlan +} + +func DeserializeTcVlan(b []byte) *TcVlan { + return (*TcVlan)(unsafe.Pointer(&b[0:SizeofTcVlan][0])) +} + +func (x *TcVlan) Serialize() []byte { + return (*(*[SizeofTcVlan]byte)(unsafe.Pointer(x)))[:] +} + const ( TCA_TUNNEL_KEY_UNSPEC = iota TCA_TUNNEL_KEY_TM @@ -1076,6 +1123,13 @@ const ( TCA_FLOWER_KEY_ENC_OPTS TCA_FLOWER_KEY_ENC_OPTS_MASK + TCA_FLOWER_IN_HW_COUNT + + TCA_FLOWER_KEY_PORT_SRC_MIN /* be16 */ + TCA_FLOWER_KEY_PORT_SRC_MAX /* be16 */ + TCA_FLOWER_KEY_PORT_DST_MIN /* be16 */ + TCA_FLOWER_KEY_PORT_DST_MAX /* be16 */ + __TCA_FLOWER_MAX ) @@ -1091,11 +1145,11 @@ const TCA_CLS_FLAGS_SKIP_SW = 1 << 1 /* don't use filter in SW */ // }; type TcSfqQopt struct { - Quantum uint8 + Quantum uint32 Perturb int32 Limit uint32 - Divisor uint8 - Flows uint8 + Divisor uint32 + Flows uint32 } func (x *TcSfqQopt) Len() int { @@ -1239,8 +1293,8 @@ const ( ) // /* TCA_PEDIT_KEY_EX_HDR_TYPE_NETWROK is a special case for legacy users. It -// * means no specific header type - offset is relative to the network layer -// */ +// - means no specific header type - offset is relative to the network layer +// */ type PeditHeaderType uint16 const ( @@ -1533,7 +1587,7 @@ func (p *TcPedit) SetIPv6Dst(ip6 net.IP) { } func (p *TcPedit) SetIPv4Src(ip net.IP) { - u32 := NativeEndian().Uint32(ip[:4]) + u32 := NativeEndian().Uint32(ip.To4()) tKey := TcPeditKey{} tKeyEx := TcPeditKeyEx{} @@ -1549,7 +1603,7 @@ func (p *TcPedit) SetIPv4Src(ip net.IP) { } func (p *TcPedit) SetIPv4Dst(ip net.IP) { - u32 := NativeEndian().Uint32(ip[:4]) + u32 := NativeEndian().Uint32(ip.To4()) tKey := TcPeditKey{} tKeyEx := TcPeditKeyEx{} diff --git a/vendor/github.com/vishvananda/netlink/nl/xfrm_linux.go b/vendor/github.com/vishvananda/netlink/nl/xfrm_linux.go index cdb318ba557..6cfd8f9e0c6 100644 --- a/vendor/github.com/vishvananda/netlink/nl/xfrm_linux.go +++ b/vendor/github.com/vishvananda/netlink/nl/xfrm_linux.go @@ -78,10 +78,14 @@ const ( XFRMA_PROTO /* __u8 */ XFRMA_ADDRESS_FILTER /* struct xfrm_address_filter */ XFRMA_PAD - XFRMA_OFFLOAD_DEV /* struct xfrm_state_offload */ - XFRMA_SET_MARK /* __u32 */ - XFRMA_SET_MARK_MASK /* __u32 */ - XFRMA_IF_ID /* __u32 */ + XFRMA_OFFLOAD_DEV /* struct xfrm_state_offload */ + XFRMA_SET_MARK /* __u32 */ + XFRMA_SET_MARK_MASK /* __u32 */ + XFRMA_IF_ID /* __u32 */ + XFRMA_MTIMER_THRESH /* __u32 in seconds for input SA */ + XFRMA_SA_DIR /* __u8 */ + XFRMA_NAT_KEEPALIVE_INTERVAL /* __u32 in seconds for NAT keepalive */ + XFRMA_SA_PCPU /* __u32 */ XFRMA_MAX = iota - 1 ) diff --git a/vendor/github.com/vishvananda/netlink/protinfo.go b/vendor/github.com/vishvananda/netlink/protinfo.go index 0163cba3a8b..02f066e0a0c 100644 --- a/vendor/github.com/vishvananda/netlink/protinfo.go +++ b/vendor/github.com/vishvananda/netlink/protinfo.go @@ -16,6 +16,7 @@ type Protinfo struct { ProxyArpWiFi bool Isolated bool NeighSuppress bool + VlanTunnel bool } // String returns a list of enabled flags @@ -55,6 +56,9 @@ func (prot *Protinfo) String() string { if prot.NeighSuppress { boolStrings = append(boolStrings, "NeighSuppress") } + if prot.VlanTunnel { + boolStrings = append(boolStrings, "VlanTunnel") + } return strings.Join(boolStrings, " ") } diff --git a/vendor/github.com/vishvananda/netlink/protinfo_linux.go b/vendor/github.com/vishvananda/netlink/protinfo_linux.go index 1ba25d3cd47..c7d7b566e2e 100644 --- a/vendor/github.com/vishvananda/netlink/protinfo_linux.go +++ b/vendor/github.com/vishvananda/netlink/protinfo_linux.go @@ -1,6 +1,7 @@ package netlink import ( + "errors" "fmt" "syscall" @@ -8,10 +9,14 @@ import ( "golang.org/x/sys/unix" ) +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func LinkGetProtinfo(link Link) (Protinfo, error) { return pkgHandle.LinkGetProtinfo(link) } +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func (h *Handle) LinkGetProtinfo(link Link) (Protinfo, error) { base := link.Attrs() h.ensureIndex(base) @@ -19,9 +24,9 @@ func (h *Handle) LinkGetProtinfo(link Link) (Protinfo, error) { req := h.newNetlinkRequest(unix.RTM_GETLINK, unix.NLM_F_DUMP) msg := nl.NewIfInfomsg(unix.AF_BRIDGE) req.AddData(msg) - msgs, err := req.Execute(unix.NETLINK_ROUTE, 0) - if err != nil { - return pi, err + msgs, executeErr := req.Execute(unix.NETLINK_ROUTE, 0) + if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) { + return pi, executeErr } for _, m := range msgs { @@ -43,7 +48,7 @@ func (h *Handle) LinkGetProtinfo(link Link) (Protinfo, error) { } pi = parseProtinfo(infos) - return pi, nil + return pi, executeErr } } return pi, fmt.Errorf("Device with index %d not found", base.Index) @@ -72,7 +77,10 @@ func parseProtinfo(infos []syscall.NetlinkRouteAttr) (pi Protinfo) { pi.Isolated = byteToBool(info.Value[0]) case nl.IFLA_BRPORT_NEIGH_SUPPRESS: pi.NeighSuppress = byteToBool(info.Value[0]) + case nl.IFLA_BRPORT_VLAN_TUNNEL: + pi.VlanTunnel = byteToBool(info.Value[0]) } + } return } diff --git a/vendor/github.com/vishvananda/netlink/qdisc.go b/vendor/github.com/vishvananda/netlink/qdisc.go index 067743d390d..1cde43c94d2 100644 --- a/vendor/github.com/vishvananda/netlink/qdisc.go +++ b/vendor/github.com/vishvananda/netlink/qdisc.go @@ -374,10 +374,10 @@ func (qdisc *FqCodel) Type() string { type Sfq struct { QdiscAttrs // TODO: Only the simplified options for SFQ are handled here. Support for the extended one can be added later. - Quantum uint8 - Perturb uint8 + Quantum uint32 + Perturb int32 Limit uint32 - Divisor uint8 + Divisor uint32 } func (sfq *Sfq) String() string { diff --git a/vendor/github.com/vishvananda/netlink/qdisc_linux.go b/vendor/github.com/vishvananda/netlink/qdisc_linux.go index e732ae3bd64..0a2a5891ccd 100644 --- a/vendor/github.com/vishvananda/netlink/qdisc_linux.go +++ b/vendor/github.com/vishvananda/netlink/qdisc_linux.go @@ -1,6 +1,7 @@ package netlink import ( + "errors" "fmt" "io/ioutil" "strconv" @@ -320,7 +321,7 @@ func qdiscPayload(req *nl.NetlinkRequest, qdisc Qdisc) error { case *Sfq: opt := nl.TcSfqQoptV1{} opt.TcSfqQopt.Quantum = qdisc.Quantum - opt.TcSfqQopt.Perturb = int32(qdisc.Perturb) + opt.TcSfqQopt.Perturb = qdisc.Perturb opt.TcSfqQopt.Limit = qdisc.Limit opt.TcSfqQopt.Divisor = qdisc.Divisor @@ -338,6 +339,9 @@ func qdiscPayload(req *nl.NetlinkRequest, qdisc Qdisc) error { // QdiscList gets a list of qdiscs in the system. // Equivalent to: `tc qdisc show`. // The list can be filtered by link. +// +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func QdiscList(link Link) ([]Qdisc, error) { return pkgHandle.QdiscList(link) } @@ -345,6 +349,9 @@ func QdiscList(link Link) ([]Qdisc, error) { // QdiscList gets a list of qdiscs in the system. // Equivalent to: `tc qdisc show`. // The list can be filtered by link. +// +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func (h *Handle) QdiscList(link Link) ([]Qdisc, error) { req := h.newNetlinkRequest(unix.RTM_GETQDISC, unix.NLM_F_DUMP) index := int32(0) @@ -359,9 +366,9 @@ func (h *Handle) QdiscList(link Link) ([]Qdisc, error) { } req.AddData(msg) - msgs, err := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWQDISC) - if err != nil { - return nil, err + msgs, executeErr := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWQDISC) + if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) { + return nil, executeErr } var res []Qdisc @@ -497,7 +504,7 @@ func (h *Handle) QdiscList(link Link) ([]Qdisc, error) { res = append(res, qdisc) } - return res, nil + return res, executeErr } func parsePfifoFastData(qdisc Qdisc, value []byte) error { @@ -676,7 +683,7 @@ func parseSfqData(qdisc Qdisc, value []byte) error { sfq := qdisc.(*Sfq) opt := nl.DeserializeTcSfqQoptV1(value) sfq.Quantum = opt.TcSfqQopt.Quantum - sfq.Perturb = uint8(opt.TcSfqQopt.Perturb) + sfq.Perturb = opt.TcSfqQopt.Perturb sfq.Limit = opt.TcSfqQopt.Limit sfq.Divisor = opt.TcSfqQopt.Divisor diff --git a/vendor/github.com/vishvananda/netlink/rdma_link_linux.go b/vendor/github.com/vishvananda/netlink/rdma_link_linux.go index 036399db6b0..2e774e5aef6 100644 --- a/vendor/github.com/vishvananda/netlink/rdma_link_linux.go +++ b/vendor/github.com/vishvananda/netlink/rdma_link_linux.go @@ -3,6 +3,7 @@ package netlink import ( "bytes" "encoding/binary" + "errors" "fmt" "net" @@ -17,6 +18,7 @@ type RdmaLinkAttrs struct { FirmwareVersion string NodeGuid string SysImageGuid string + NumPorts uint32 } // Link represents a rdma device from netlink. @@ -68,6 +70,11 @@ func executeOneGetRdmaLink(data []byte) (*RdmaLink, error) { r := bytes.NewReader(value) binary.Read(r, nl.NativeEndian(), &sysGuid) link.Attrs.SysImageGuid = uint64ToGuidString(sysGuid) + case nl.RDMA_NLDEV_ATTR_PORT_INDEX: + var availablePort uint32 + r := bytes.NewReader(value) + binary.Read(r, nl.NativeEndian(), &availablePort) + link.Attrs.NumPorts = availablePort } if (len % 4) != 0 { // Skip pad bytes @@ -85,19 +92,25 @@ func execRdmaSetLink(req *nl.NetlinkRequest) error { // RdmaLinkList gets a list of RDMA link devices. // Equivalent to: `rdma dev show` +// +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func RdmaLinkList() ([]*RdmaLink, error) { return pkgHandle.RdmaLinkList() } // RdmaLinkList gets a list of RDMA link devices. // Equivalent to: `rdma dev show` +// +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func (h *Handle) RdmaLinkList() ([]*RdmaLink, error) { proto := getProtoField(nl.RDMA_NL_NLDEV, nl.RDMA_NLDEV_CMD_GET) req := h.newNetlinkRequest(proto, unix.NLM_F_ACK|unix.NLM_F_DUMP) - msgs, err := req.Execute(unix.NETLINK_RDMA, 0) - if err != nil { - return nil, err + msgs, executeErr := req.Execute(unix.NETLINK_RDMA, 0) + if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) { + return nil, executeErr } var res []*RdmaLink @@ -109,17 +122,23 @@ func (h *Handle) RdmaLinkList() ([]*RdmaLink, error) { res = append(res, link) } - return res, nil + return res, executeErr } // RdmaLinkByName finds a link by name and returns a pointer to the object if // found and nil error, otherwise returns error code. +// +// If the returned error is [ErrDumpInterrupted], the result may be missing or +// outdated and the caller should retry. func RdmaLinkByName(name string) (*RdmaLink, error) { return pkgHandle.RdmaLinkByName(name) } // RdmaLinkByName finds a link by name and returns a pointer to the object if // found and nil error, otherwise returns error code. +// +// If the returned error is [ErrDumpInterrupted], the result may be missing or +// outdated and the caller should retry. func (h *Handle) RdmaLinkByName(name string) (*RdmaLink, error) { links, err := h.RdmaLinkList() if err != nil { @@ -288,6 +307,8 @@ func RdmaLinkDel(name string) error { } // RdmaLinkDel deletes an rdma link. +// +// If the returned error is [ErrDumpInterrupted], the caller should retry. func (h *Handle) RdmaLinkDel(name string) error { link, err := h.RdmaLinkByName(name) if err != nil { @@ -307,6 +328,7 @@ func (h *Handle) RdmaLinkDel(name string) error { // RdmaLinkAdd adds an rdma link for the specified type to the network device. // Similar to: rdma link add NAME type TYPE netdev NETDEV +// // NAME - specifies the new name of the rdma link to add // TYPE - specifies which rdma type to use. Link types: // rxe - Soft RoCE driver @@ -329,3 +351,212 @@ func (h *Handle) RdmaLinkAdd(linkName string, linkType string, netdev string) er _, err := req.Execute(unix.NETLINK_RDMA, 0) return err } + +// RdmaResource represents a rdma device resource tracking summaries +type RdmaResource struct { + Index uint32 + Name string + RdmaResourceSummaryEntries map[string]uint64 +} + +// RdmaResourceList list rdma resource tracking information +// Returns all rdma devices resource tracking summary on success or returns error +// otherwise. +// Equivalent to: `rdma resource' +func RdmaResourceList() ([]*RdmaResource, error) { + return pkgHandle.RdmaResourceList() +} + +// RdmaResourceList list rdma resource tracking information +// Returns all rdma devices resource tracking summary on success or returns error +// otherwise. +// Equivalent to: `rdma resource' +func (h *Handle) RdmaResourceList() ([]*RdmaResource, error) { + proto := getProtoField(nl.RDMA_NL_NLDEV, nl.RDMA_NLDEV_CMD_RES_GET) + req := h.newNetlinkRequest(proto, unix.NLM_F_ACK|unix.NLM_F_DUMP) + + msgs, err := req.Execute(unix.NETLINK_RDMA, 0) + if err != nil { + return nil, err + } + if len(msgs) == 0 { + return nil, fmt.Errorf("No valid response from kernel") + } + var rdmaResources []*RdmaResource + for _, msg := range msgs { + res, err := executeOneGetRdmaResourceList(msg) + if err != nil { + return nil, err + } + rdmaResources = append(rdmaResources, res) + } + return rdmaResources, nil +} + +func parseRdmaCounters(counterType uint16, data []byte) (map[string]uint64, error) { + var counterKeyType, counterValueType uint16 + switch counterType { + case nl.RDMA_NLDEV_ATTR_RES_SUMMARY_ENTRY: + counterKeyType = nl.RDMA_NLDEV_ATTR_RES_SUMMARY_ENTRY_NAME + counterValueType = nl.RDMA_NLDEV_ATTR_RES_SUMMARY_ENTRY_CURR + case nl.RDMA_NLDEV_ATTR_STAT_HWCOUNTER_ENTRY: + counterKeyType = nl.RDMA_NLDEV_ATTR_STAT_HWCOUNTER_ENTRY_NAME + counterValueType = nl.RDMA_NLDEV_ATTR_STAT_HWCOUNTER_ENTRY_VALUE + default: + return nil, fmt.Errorf("Invalid counter type: %d", counterType) + } + counters := make(map[string]uint64) + reader := bytes.NewReader(data) + + for reader.Len() >= 4 { + _, attrType, _, value := parseNfAttrTLV(reader) + if attrType != counterType { + return nil, fmt.Errorf("Invalid resource summary entry type; %d", attrType) + } + + summaryReader := bytes.NewReader(value) + for summaryReader.Len() >= 4 { + _, attrType, len, value := parseNfAttrTLV(summaryReader) + if attrType != counterKeyType { + return nil, fmt.Errorf("Invalid resource summary entry name type; %d", attrType) + } + name := string(value[0 : len-1]) + // Skip pad bytes + if (len % 4) != 0 { + summaryReader.Seek(int64(4-(len%4)), seekCurrent) + } + _, attrType, len, value = parseNfAttrTLV(summaryReader) + if attrType != counterValueType { + return nil, fmt.Errorf("Invalid resource summary entry value type; %d", attrType) + } + counters[name] = native.Uint64(value) + } + } + return counters, nil +} + +func executeOneGetRdmaResourceList(data []byte) (*RdmaResource, error) { + var res RdmaResource + reader := bytes.NewReader(data) + for reader.Len() >= 4 { + _, attrType, len, value := parseNfAttrTLV(reader) + + switch attrType { + case nl.RDMA_NLDEV_ATTR_DEV_INDEX: + var Index uint32 + r := bytes.NewReader(value) + binary.Read(r, nl.NativeEndian(), &Index) + res.Index = Index + case nl.RDMA_NLDEV_ATTR_DEV_NAME: + res.Name = string(value[0 : len-1]) + case nl.RDMA_NLDEV_ATTR_RES_SUMMARY: + var err error + res.RdmaResourceSummaryEntries, err = parseRdmaCounters(nl.RDMA_NLDEV_ATTR_RES_SUMMARY_ENTRY, value) + if err != nil { + return nil, err + } + } + if (len % 4) != 0 { + // Skip pad bytes + reader.Seek(int64(4-(len%4)), seekCurrent) + } + } + return &res, nil +} + +// RdmaPortStatistic represents a rdma port statistic counter +type RdmaPortStatistic struct { + PortIndex uint32 + Statistics map[string]uint64 +} + +// RdmaDeviceStatistic represents a rdma device statistic counter +type RdmaDeviceStatistic struct { + RdmaPortStatistics []*RdmaPortStatistic +} + +// RdmaStatistic get rdma device statistic counters +// Returns rdma device statistic counters on success or returns error +// otherwise. +// Equivalent to: `rdma statistic show link [DEV]' +func RdmaStatistic(link *RdmaLink) (*RdmaDeviceStatistic, error) { + return pkgHandle.RdmaStatistic(link) +} + +// RdmaStatistic get rdma device statistic counters +// Returns rdma device statistic counters on success or returns error +// otherwise. +// Equivalent to: `rdma statistic show link [DEV]' +func (h *Handle) RdmaStatistic(link *RdmaLink) (*RdmaDeviceStatistic, error) { + rdmaLinkStatistic := make([]*RdmaPortStatistic, 0) + for portIndex := uint32(1); portIndex <= link.Attrs.NumPorts; portIndex++ { + portStatistic, err := h.RdmaPortStatisticList(link, portIndex) + if err != nil { + return nil, err + } + rdmaLinkStatistic = append(rdmaLinkStatistic, portStatistic) + } + return &RdmaDeviceStatistic{RdmaPortStatistics: rdmaLinkStatistic}, nil +} + +// RdmaPortStatisticList get rdma device port statistic counters +// Returns rdma device port statistic counters on success or returns error +// otherwise. +// Equivalent to: `rdma statistic show link [DEV/PORT]' +func RdmaPortStatisticList(link *RdmaLink, port uint32) (*RdmaPortStatistic, error) { + return pkgHandle.RdmaPortStatisticList(link, port) +} + +// RdmaPortStatisticList get rdma device port statistic counters +// Returns rdma device port statistic counters on success or returns error +// otherwise. +// Equivalent to: `rdma statistic show link [DEV/PORT]' +func (h *Handle) RdmaPortStatisticList(link *RdmaLink, port uint32) (*RdmaPortStatistic, error) { + proto := getProtoField(nl.RDMA_NL_NLDEV, nl.RDMA_NLDEV_CMD_STAT_GET) + req := h.newNetlinkRequest(proto, unix.NLM_F_ACK|unix.NLM_F_REQUEST) + b := make([]byte, 4) + native.PutUint32(b, link.Attrs.Index) + data := nl.NewRtAttr(nl.RDMA_NLDEV_ATTR_DEV_INDEX, b) + req.AddData(data) + + b = make([]byte, 4) + native.PutUint32(b, port) + data = nl.NewRtAttr(nl.RDMA_NLDEV_ATTR_PORT_INDEX, b) + req.AddData(data) + + msgs, err := req.Execute(unix.NETLINK_RDMA, 0) + if err != nil { + return nil, err + } + if len(msgs) != 1 { + return nil, fmt.Errorf("No valid response from kernel") + } + return executeOneGetRdmaPortStatistics(msgs[0]) +} + +func executeOneGetRdmaPortStatistics(data []byte) (*RdmaPortStatistic, error) { + var stat RdmaPortStatistic + reader := bytes.NewReader(data) + for reader.Len() >= 4 { + _, attrType, len, value := parseNfAttrTLV(reader) + + switch attrType { + case nl.RDMA_NLDEV_ATTR_PORT_INDEX: + var Index uint32 + r := bytes.NewReader(value) + binary.Read(r, nl.NativeEndian(), &Index) + stat.PortIndex = Index + case nl.RDMA_NLDEV_ATTR_STAT_HWCOUNTERS: + var err error + stat.Statistics, err = parseRdmaCounters(nl.RDMA_NLDEV_ATTR_STAT_HWCOUNTER_ENTRY, value) + if err != nil { + return nil, err + } + } + if (len % 4) != 0 { + // Skip pad bytes + reader.Seek(int64(4-(len%4)), seekCurrent) + } + } + return &stat, nil +} diff --git a/vendor/github.com/vishvananda/netlink/route.go b/vendor/github.com/vishvananda/netlink/route.go index 1b4555d5c51..47a57c24c80 100644 --- a/vendor/github.com/vishvananda/netlink/route.go +++ b/vendor/github.com/vishvananda/netlink/route.go @@ -45,7 +45,7 @@ type Encap interface { Equal(Encap) bool } -//Protocol describe what was the originator of the route +// Protocol describe what was the originator of the route type RouteProtocol int // Route represents a netlink route. @@ -70,6 +70,7 @@ type Route struct { Via Destination Realm int MTU int + MTULock bool Window int Rtt int RttVar int @@ -81,6 +82,7 @@ type Route struct { InitCwnd int Features int RtoMin int + RtoMinLock bool InitRwnd int QuickACK int Congctl string diff --git a/vendor/github.com/vishvananda/netlink/route_linux.go b/vendor/github.com/vishvananda/netlink/route_linux.go index 0cd4f8363a7..9f06673a459 100644 --- a/vendor/github.com/vishvananda/netlink/route_linux.go +++ b/vendor/github.com/vishvananda/netlink/route_linux.go @@ -3,6 +3,7 @@ package netlink import ( "bytes" "encoding/binary" + "errors" "fmt" "net" "strconv" @@ -269,6 +270,7 @@ type SEG6LocalEncap struct { Action int Segments []net.IP // from SRH in seg6_local_lwt Table int // table id for End.T and End.DT6 + VrfTable int // vrftable id for END.DT4 and END.DT6 InAddr net.IP In6Addr net.IP Iif int @@ -304,6 +306,9 @@ func (e *SEG6LocalEncap) Decode(buf []byte) error { case nl.SEG6_LOCAL_TABLE: e.Table = int(native.Uint32(attr.Value[0:4])) e.Flags[nl.SEG6_LOCAL_TABLE] = true + case nl.SEG6_LOCAL_VRFTABLE: + e.VrfTable = int(native.Uint32(attr.Value[0:4])) + e.Flags[nl.SEG6_LOCAL_VRFTABLE] = true case nl.SEG6_LOCAL_NH4: e.InAddr = net.IP(attr.Value[0:4]) e.Flags[nl.SEG6_LOCAL_NH4] = true @@ -360,6 +365,15 @@ func (e *SEG6LocalEncap) Encode() ([]byte, error) { native.PutUint32(attr[4:], uint32(e.Table)) res = append(res, attr...) } + + if e.Flags[nl.SEG6_LOCAL_VRFTABLE] { + attr := make([]byte, 8) + native.PutUint16(attr, 8) + native.PutUint16(attr[2:], nl.SEG6_LOCAL_VRFTABLE) + native.PutUint32(attr[4:], uint32(e.VrfTable)) + res = append(res, attr...) + } + if e.Flags[nl.SEG6_LOCAL_NH4] { attr := make([]byte, 4) native.PutUint16(attr, 8) @@ -412,6 +426,11 @@ func (e *SEG6LocalEncap) String() string { if e.Flags[nl.SEG6_LOCAL_TABLE] { strs = append(strs, fmt.Sprintf("table %d", e.Table)) } + + if e.Flags[nl.SEG6_LOCAL_VRFTABLE] { + strs = append(strs, fmt.Sprintf("vrftable %d", e.VrfTable)) + } + if e.Flags[nl.SEG6_LOCAL_NH4] { strs = append(strs, fmt.Sprintf("nh4 %s", e.InAddr)) } @@ -476,7 +495,7 @@ func (e *SEG6LocalEncap) Equal(x Encap) bool { if !e.InAddr.Equal(o.InAddr) || !e.In6Addr.Equal(o.In6Addr) { return false } - if e.Action != o.Action || e.Table != o.Table || e.Iif != o.Iif || e.Oif != o.Oif || e.bpf != o.bpf { + if e.Action != o.Action || e.Table != o.Table || e.Iif != o.Iif || e.Oif != o.Oif || e.bpf != o.bpf || e.VrfTable != o.VrfTable { return false } return true @@ -1071,6 +1090,10 @@ func (h *Handle) prepareRouteReq(route *Route, req *nl.NetlinkRequest, msg *nl.R if route.MTU > 0 { b := nl.Uint32Attr(uint32(route.MTU)) metrics = append(metrics, nl.NewRtAttr(unix.RTAX_MTU, b)) + if route.MTULock { + b := nl.Uint32Attr(uint32(1 << unix.RTAX_MTU)) + metrics = append(metrics, nl.NewRtAttr(unix.RTAX_LOCK, b)) + } } if route.Window > 0 { b := nl.Uint32Attr(uint32(route.Window)) @@ -1115,6 +1138,10 @@ func (h *Handle) prepareRouteReq(route *Route, req *nl.NetlinkRequest, msg *nl.R if route.RtoMin > 0 { b := nl.Uint32Attr(uint32(route.RtoMin)) metrics = append(metrics, nl.NewRtAttr(unix.RTAX_RTO_MIN, b)) + if route.RtoMinLock { + b := nl.Uint32Attr(uint32(1 << unix.RTAX_RTO_MIN)) + metrics = append(metrics, nl.NewRtAttr(unix.RTAX_LOCK, b)) + } } if route.InitRwnd > 0 { b := nl.Uint32Attr(uint32(route.InitRwnd)) @@ -1163,6 +1190,9 @@ func (h *Handle) prepareRouteReq(route *Route, req *nl.NetlinkRequest, msg *nl.R // RouteList gets a list of routes in the system. // Equivalent to: `ip route show`. // The list can be filtered by link and ip family. +// +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func RouteList(link Link, family int) ([]Route, error) { return pkgHandle.RouteList(link, family) } @@ -1170,6 +1200,9 @@ func RouteList(link Link, family int) ([]Route, error) { // RouteList gets a list of routes in the system. // Equivalent to: `ip route show`. // The list can be filtered by link and ip family. +// +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func (h *Handle) RouteList(link Link, family int) ([]Route, error) { routeFilter := &Route{} if link != nil { @@ -1188,6 +1221,9 @@ func RouteListFiltered(family int, filter *Route, filterMask uint64) ([]Route, e // RouteListFiltered gets a list of routes in the system filtered with specified rules. // All rules must be defined in RouteFilter struct +// +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func (h *Handle) RouteListFiltered(family int, filter *Route, filterMask uint64) ([]Route, error) { var res []Route err := h.RouteListFilteredIter(family, filter, filterMask, func(route Route) (cont bool) { @@ -1202,17 +1238,22 @@ func (h *Handle) RouteListFiltered(family int, filter *Route, filterMask uint64) // RouteListFilteredIter passes each route that matches the filter to the given iterator func. Iteration continues // until all routes are loaded or the func returns false. +// +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func RouteListFilteredIter(family int, filter *Route, filterMask uint64, f func(Route) (cont bool)) error { return pkgHandle.RouteListFilteredIter(family, filter, filterMask, f) } +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func (h *Handle) RouteListFilteredIter(family int, filter *Route, filterMask uint64, f func(Route) (cont bool)) error { req := h.newNetlinkRequest(unix.RTM_GETROUTE, unix.NLM_F_DUMP) rtmsg := &nl.RtMsg{} rtmsg.Family = uint8(family) var parseErr error - err := h.routeHandleIter(filter, req, rtmsg, func(m []byte) bool { + executeErr := h.routeHandleIter(filter, req, rtmsg, func(m []byte) bool { msg := nl.DeserializeRtMsg(m) if family != FAMILY_ALL && msg.Family != uint8(family) { // Ignore routes not matching requested family @@ -1270,13 +1311,13 @@ func (h *Handle) RouteListFilteredIter(family int, filter *Route, filterMask uin } return f(route) }) - if err != nil { - return err + if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) { + return executeErr } if parseErr != nil { return parseErr } - return nil + return executeErr } // deserializeRoute decodes a binary netlink message into a Route struct @@ -1425,6 +1466,9 @@ func deserializeRoute(m []byte) (Route, error) { switch metric.Attr.Type { case unix.RTAX_MTU: route.MTU = int(native.Uint32(metric.Value[0:4])) + case unix.RTAX_LOCK: + route.MTULock = native.Uint32(metric.Value[0:4]) == uint32(1< 0 { link, err := h.LinkByName(options.Oif) if err != nil { return nil, err } + oifIndex = uint32(link.Attrs().Index) + } else if options.OifIndex > 0 { + oifIndex = uint32(options.OifIndex) + } + if oifIndex > 0 { b := make([]byte, 4) - native.PutUint32(b, uint32(link.Attrs().Index)) + native.PutUint32(b, oifIndex) req.AddData(nl.NewRtAttr(unix.RTA_OIF, b)) } @@ -1684,6 +1735,10 @@ type RouteSubscribeOptions struct { // RouteSubscribeWithOptions work like RouteSubscribe but enable to // provide additional options to modify the behavior. Currently, the // namespace can be provided as well as an error callback. +// +// When options.ListExisting is true, options.ErrorCallback may be +// called with [ErrDumpInterrupted] to indicate that results from +// the initial dump of links may be inconsistent or incomplete. func RouteSubscribeWithOptions(ch chan<- RouteUpdate, done <-chan struct{}, options RouteSubscribeOptions) error { if options.Namespace == nil { none := netns.None() @@ -1743,6 +1798,9 @@ func routeSubscribeAt(newNs, curNs netns.NsHandle, ch chan<- RouteUpdate, done < continue } for _, m := range msgs { + if m.Header.Flags&unix.NLM_F_DUMP_INTR != 0 && cberr != nil { + cberr(ErrDumpInterrupted) + } if m.Header.Type == unix.NLMSG_DONE { continue } diff --git a/vendor/github.com/vishvananda/netlink/rule_linux.go b/vendor/github.com/vishvananda/netlink/rule_linux.go index ddff99cfad2..dba99147b2d 100644 --- a/vendor/github.com/vishvananda/netlink/rule_linux.go +++ b/vendor/github.com/vishvananda/netlink/rule_linux.go @@ -2,6 +2,7 @@ package netlink import ( "bytes" + "errors" "fmt" "net" @@ -183,12 +184,18 @@ func ruleHandle(rule *Rule, req *nl.NetlinkRequest) error { // RuleList lists rules in the system. // Equivalent to: ip rule list +// +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func RuleList(family int) ([]Rule, error) { return pkgHandle.RuleList(family) } // RuleList lists rules in the system. // Equivalent to: ip rule list +// +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func (h *Handle) RuleList(family int) ([]Rule, error) { return h.RuleListFiltered(family, nil, 0) } @@ -196,20 +203,26 @@ func (h *Handle) RuleList(family int) ([]Rule, error) { // RuleListFiltered gets a list of rules in the system filtered by the // specified rule template `filter`. // Equivalent to: ip rule list +// +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func RuleListFiltered(family int, filter *Rule, filterMask uint64) ([]Rule, error) { return pkgHandle.RuleListFiltered(family, filter, filterMask) } // RuleListFiltered lists rules in the system. // Equivalent to: ip rule list +// +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func (h *Handle) RuleListFiltered(family int, filter *Rule, filterMask uint64) ([]Rule, error) { req := h.newNetlinkRequest(unix.RTM_GETRULE, unix.NLM_F_DUMP|unix.NLM_F_REQUEST) msg := nl.NewIfInfomsg(family) req.AddData(msg) - msgs, err := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWRULE) - if err != nil { - return nil, err + msgs, executeErr := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWRULE) + if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) { + return nil, executeErr } var res = make([]Rule, 0) @@ -306,7 +319,7 @@ func (h *Handle) RuleListFiltered(family int, filter *Rule, filterMask uint64) ( res = append(res, *rule) } - return res, nil + return res, executeErr } func (pr *RulePortRange) toRtAttrData() []byte { diff --git a/vendor/github.com/vishvananda/netlink/socket_linux.go b/vendor/github.com/vishvananda/netlink/socket_linux.go index 4eb4aeafbdf..ebda532a884 100644 --- a/vendor/github.com/vishvananda/netlink/socket_linux.go +++ b/vendor/github.com/vishvananda/netlink/socket_linux.go @@ -157,6 +157,9 @@ func (u *UnixSocket) deserialize(b []byte) error { } // SocketGet returns the Socket identified by its local and remote addresses. +// +// If the returned error is [ErrDumpInterrupted], the search for a result may +// be incomplete and the caller should retry. func (h *Handle) SocketGet(local, remote net.Addr) (*Socket, error) { var protocol uint8 var localIP, remoteIP net.IP @@ -232,6 +235,9 @@ func (h *Handle) SocketGet(local, remote net.Addr) (*Socket, error) { } // SocketGet returns the Socket identified by its local and remote addresses. +// +// If the returned error is [ErrDumpInterrupted], the search for a result may +// be incomplete and the caller should retry. func SocketGet(local, remote net.Addr) (*Socket, error) { return pkgHandle.SocketGet(local, remote) } @@ -283,6 +289,9 @@ func SocketDestroy(local, remote net.Addr) error { } // SocketDiagTCPInfo requests INET_DIAG_INFO for TCP protocol for specified family type and return with extension TCP info. +// +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func (h *Handle) SocketDiagTCPInfo(family uint8) ([]*InetDiagTCPInfoResp, error) { // Construct the request req := h.newNetlinkRequest(nl.SOCK_DIAG_BY_FAMILY, unix.NLM_F_DUMP) @@ -295,9 +304,9 @@ func (h *Handle) SocketDiagTCPInfo(family uint8) ([]*InetDiagTCPInfoResp, error) // Do the query and parse the result var result []*InetDiagTCPInfoResp - var err error - err = req.ExecuteIter(unix.NETLINK_INET_DIAG, nl.SOCK_DIAG_BY_FAMILY, func(msg []byte) bool { + executeErr := req.ExecuteIter(unix.NETLINK_INET_DIAG, nl.SOCK_DIAG_BY_FAMILY, func(msg []byte) bool { sockInfo := &Socket{} + var err error if err = sockInfo.deserialize(msg); err != nil { return false } @@ -315,18 +324,24 @@ func (h *Handle) SocketDiagTCPInfo(family uint8) ([]*InetDiagTCPInfoResp, error) return true }) - if err != nil { - return nil, err + if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) { + return nil, executeErr } - return result, nil + return result, executeErr } // SocketDiagTCPInfo requests INET_DIAG_INFO for TCP protocol for specified family type and return with extension TCP info. +// +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func SocketDiagTCPInfo(family uint8) ([]*InetDiagTCPInfoResp, error) { return pkgHandle.SocketDiagTCPInfo(family) } // SocketDiagTCP requests INET_DIAG_INFO for TCP protocol for specified family type and return related socket. +// +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func (h *Handle) SocketDiagTCP(family uint8) ([]*Socket, error) { // Construct the request req := h.newNetlinkRequest(nl.SOCK_DIAG_BY_FAMILY, unix.NLM_F_DUMP) @@ -339,27 +354,32 @@ func (h *Handle) SocketDiagTCP(family uint8) ([]*Socket, error) { // Do the query and parse the result var result []*Socket - var err error - err = req.ExecuteIter(unix.NETLINK_INET_DIAG, nl.SOCK_DIAG_BY_FAMILY, func(msg []byte) bool { + executeErr := req.ExecuteIter(unix.NETLINK_INET_DIAG, nl.SOCK_DIAG_BY_FAMILY, func(msg []byte) bool { sockInfo := &Socket{} - if err = sockInfo.deserialize(msg); err != nil { + if err := sockInfo.deserialize(msg); err != nil { return false } result = append(result, sockInfo) return true }) - if err != nil { - return nil, err + if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) { + return nil, executeErr } - return result, nil + return result, executeErr } // SocketDiagTCP requests INET_DIAG_INFO for TCP protocol for specified family type and return related socket. +// +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func SocketDiagTCP(family uint8) ([]*Socket, error) { return pkgHandle.SocketDiagTCP(family) } // SocketDiagUDPInfo requests INET_DIAG_INFO for UDP protocol for specified family type and return with extension info. +// +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func (h *Handle) SocketDiagUDPInfo(family uint8) ([]*InetDiagUDPInfoResp, error) { // Construct the request var extensions uint8 @@ -377,14 +397,14 @@ func (h *Handle) SocketDiagUDPInfo(family uint8) ([]*InetDiagUDPInfoResp, error) // Do the query and parse the result var result []*InetDiagUDPInfoResp - var err error - err = req.ExecuteIter(unix.NETLINK_INET_DIAG, nl.SOCK_DIAG_BY_FAMILY, func(msg []byte) bool { + executeErr := req.ExecuteIter(unix.NETLINK_INET_DIAG, nl.SOCK_DIAG_BY_FAMILY, func(msg []byte) bool { sockInfo := &Socket{} - if err = sockInfo.deserialize(msg); err != nil { + if err := sockInfo.deserialize(msg); err != nil { return false } var attrs []syscall.NetlinkRouteAttr + var err error if attrs, err = nl.ParseRouteAttr(msg[sizeofSocket:]); err != nil { return false } @@ -397,18 +417,24 @@ func (h *Handle) SocketDiagUDPInfo(family uint8) ([]*InetDiagUDPInfoResp, error) result = append(result, res) return true }) - if err != nil { - return nil, err + if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) { + return nil, executeErr } - return result, nil + return result, executeErr } // SocketDiagUDPInfo requests INET_DIAG_INFO for UDP protocol for specified family type and return with extension info. +// +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func SocketDiagUDPInfo(family uint8) ([]*InetDiagUDPInfoResp, error) { return pkgHandle.SocketDiagUDPInfo(family) } // SocketDiagUDP requests INET_DIAG_INFO for UDP protocol for specified family type and return related socket. +// +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func (h *Handle) SocketDiagUDP(family uint8) ([]*Socket, error) { // Construct the request req := h.newNetlinkRequest(nl.SOCK_DIAG_BY_FAMILY, unix.NLM_F_DUMP) @@ -421,27 +447,32 @@ func (h *Handle) SocketDiagUDP(family uint8) ([]*Socket, error) { // Do the query and parse the result var result []*Socket - var err error - err = req.ExecuteIter(unix.NETLINK_INET_DIAG, nl.SOCK_DIAG_BY_FAMILY, func(msg []byte) bool { + executeErr := req.ExecuteIter(unix.NETLINK_INET_DIAG, nl.SOCK_DIAG_BY_FAMILY, func(msg []byte) bool { sockInfo := &Socket{} - if err = sockInfo.deserialize(msg); err != nil { + if err := sockInfo.deserialize(msg); err != nil { return false } result = append(result, sockInfo) return true }) - if err != nil { - return nil, err + if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) { + return nil, executeErr } - return result, nil + return result, executeErr } // SocketDiagUDP requests INET_DIAG_INFO for UDP protocol for specified family type and return related socket. +// +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func SocketDiagUDP(family uint8) ([]*Socket, error) { return pkgHandle.SocketDiagUDP(family) } // UnixSocketDiagInfo requests UNIX_DIAG_INFO for unix sockets and return with extension info. +// +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func (h *Handle) UnixSocketDiagInfo() ([]*UnixDiagInfoResp, error) { // Construct the request var extensions uint8 @@ -456,10 +487,9 @@ func (h *Handle) UnixSocketDiagInfo() ([]*UnixDiagInfoResp, error) { }) var result []*UnixDiagInfoResp - var err error - err = req.ExecuteIter(unix.NETLINK_INET_DIAG, nl.SOCK_DIAG_BY_FAMILY, func(msg []byte) bool { + executeErr := req.ExecuteIter(unix.NETLINK_INET_DIAG, nl.SOCK_DIAG_BY_FAMILY, func(msg []byte) bool { sockInfo := &UnixSocket{} - if err = sockInfo.deserialize(msg); err != nil { + if err := sockInfo.deserialize(msg); err != nil { return false } @@ -469,7 +499,8 @@ func (h *Handle) UnixSocketDiagInfo() ([]*UnixDiagInfoResp, error) { } var attrs []syscall.NetlinkRouteAttr - if attrs, err = nl.ParseRouteAttr(msg[sizeofSocket:]); err != nil { + var err error + if attrs, err = nl.ParseRouteAttr(msg[sizeofUnixSocket:]); err != nil { return false } @@ -480,18 +511,24 @@ func (h *Handle) UnixSocketDiagInfo() ([]*UnixDiagInfoResp, error) { result = append(result, res) return true }) - if err != nil { - return nil, err + if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) { + return nil, executeErr } - return result, nil + return result, executeErr } // UnixSocketDiagInfo requests UNIX_DIAG_INFO for unix sockets and return with extension info. +// +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func UnixSocketDiagInfo() ([]*UnixDiagInfoResp, error) { return pkgHandle.UnixSocketDiagInfo() } // UnixSocketDiag requests UNIX_DIAG_INFO for unix sockets. +// +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func (h *Handle) UnixSocketDiag() ([]*UnixSocket, error) { // Construct the request req := h.newNetlinkRequest(nl.SOCK_DIAG_BY_FAMILY, unix.NLM_F_DUMP) @@ -501,10 +538,9 @@ func (h *Handle) UnixSocketDiag() ([]*UnixSocket, error) { }) var result []*UnixSocket - var err error - err = req.ExecuteIter(unix.NETLINK_INET_DIAG, nl.SOCK_DIAG_BY_FAMILY, func(msg []byte) bool { + executeErr := req.ExecuteIter(unix.NETLINK_INET_DIAG, nl.SOCK_DIAG_BY_FAMILY, func(msg []byte) bool { sockInfo := &UnixSocket{} - if err = sockInfo.deserialize(msg); err != nil { + if err := sockInfo.deserialize(msg); err != nil { return false } @@ -514,13 +550,16 @@ func (h *Handle) UnixSocketDiag() ([]*UnixSocket, error) { } return true }) - if err != nil { - return nil, err + if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) { + return nil, executeErr } - return result, nil + return result, executeErr } // UnixSocketDiag requests UNIX_DIAG_INFO for unix sockets. +// +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func UnixSocketDiag() ([]*UnixSocket, error) { return pkgHandle.UnixSocketDiag() } diff --git a/vendor/github.com/vishvananda/netlink/socket_xdp_linux.go b/vendor/github.com/vishvananda/netlink/socket_xdp_linux.go index 20c82f9c766..c1dd00a8647 100644 --- a/vendor/github.com/vishvananda/netlink/socket_xdp_linux.go +++ b/vendor/github.com/vishvananda/netlink/socket_xdp_linux.go @@ -52,8 +52,10 @@ func (s *XDPSocket) deserialize(b []byte) error { return nil } -// XDPSocketGet returns the XDP socket identified by its inode number and/or +// SocketXDPGetInfo returns the XDP socket identified by its inode number and/or // socket cookie. Specify the cookie as SOCK_ANY_COOKIE if +// +// If the returned error is [ErrDumpInterrupted], the caller should retry. func SocketXDPGetInfo(ino uint32, cookie uint64) (*XDPDiagInfoResp, error) { // We have a problem here: dumping AF_XDP sockets currently does not support // filtering. We thus need to dump all XSKs and then only filter afterwards @@ -85,6 +87,9 @@ func SocketXDPGetInfo(ino uint32, cookie uint64) (*XDPDiagInfoResp, error) { } // SocketDiagXDP requests XDP_DIAG_INFO for XDP family sockets. +// +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func SocketDiagXDP() ([]*XDPDiagInfoResp, error) { var result []*XDPDiagInfoResp err := socketDiagXDPExecutor(func(m syscall.NetlinkMessage) error { @@ -105,10 +110,10 @@ func SocketDiagXDP() ([]*XDPDiagInfoResp, error) { result = append(result, res) return nil }) - if err != nil { + if err != nil && !errors.Is(err, ErrDumpInterrupted) { return nil, err } - return result, nil + return result, err } // socketDiagXDPExecutor requests XDP_DIAG_INFO for XDP family sockets. @@ -128,6 +133,7 @@ func socketDiagXDPExecutor(receiver func(syscall.NetlinkMessage) error) error { return err } + dumpIntr := false loop: for { msgs, from, err := s.Receive() @@ -142,6 +148,9 @@ loop: } for _, m := range msgs { + if m.Header.Flags&unix.NLM_F_DUMP_INTR != 0 { + dumpIntr = true + } switch m.Header.Type { case unix.NLMSG_DONE: break loop @@ -154,6 +163,9 @@ loop: } } } + if dumpIntr { + return ErrDumpInterrupted + } return nil } diff --git a/vendor/github.com/vishvananda/netlink/vdpa_linux.go b/vendor/github.com/vishvananda/netlink/vdpa_linux.go index 7c15986d0f9..c14877a295d 100644 --- a/vendor/github.com/vishvananda/netlink/vdpa_linux.go +++ b/vendor/github.com/vishvananda/netlink/vdpa_linux.go @@ -1,6 +1,7 @@ package netlink import ( + "errors" "fmt" "net" "syscall" @@ -118,6 +119,9 @@ func VDPADelDev(name string) error { // VDPAGetDevList returns list of VDPA devices // Equivalent to: `vdpa dev show` +// +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func VDPAGetDevList() ([]*VDPADev, error) { return pkgHandle.VDPAGetDevList() } @@ -130,6 +134,9 @@ func VDPAGetDevByName(name string) (*VDPADev, error) { // VDPAGetDevConfigList returns list of VDPA devices configurations // Equivalent to: `vdpa dev config show` +// +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func VDPAGetDevConfigList() ([]*VDPADevConfig, error) { return pkgHandle.VDPAGetDevConfigList() } @@ -148,6 +155,9 @@ func VDPAGetDevVStats(name string, queueIndex uint32) (*VDPADevVStats, error) { // VDPAGetMGMTDevList returns list of mgmt devices // Equivalent to: `vdpa mgmtdev show` +// +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func VDPAGetMGMTDevList() ([]*VDPAMGMTDev, error) { return pkgHandle.VDPAGetMGMTDevList() } @@ -261,9 +271,9 @@ func (h *Handle) vdpaRequest(command uint8, extraFlags int, attrs []*nl.RtAttr) req.AddData(a) } - resp, err := req.Execute(unix.NETLINK_GENERIC, 0) - if err != nil { - return nil, err + resp, executeErr := req.Execute(unix.NETLINK_GENERIC, 0) + if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) { + return nil, executeErr } messages := make([]vdpaNetlinkMessage, 0, len(resp)) for _, m := range resp { @@ -273,10 +283,13 @@ func (h *Handle) vdpaRequest(command uint8, extraFlags int, attrs []*nl.RtAttr) } messages = append(messages, attrs) } - return messages, nil + return messages, executeErr } // dump all devices if dev is nil +// +// If dev is nil and the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func (h *Handle) vdpaDevGet(dev *string) ([]*VDPADev, error) { var extraFlags int var attrs []*nl.RtAttr @@ -285,9 +298,9 @@ func (h *Handle) vdpaDevGet(dev *string) ([]*VDPADev, error) { } else { extraFlags = extraFlags | unix.NLM_F_DUMP } - messages, err := h.vdpaRequest(nl.VDPA_CMD_DEV_GET, extraFlags, attrs) - if err != nil { - return nil, err + messages, executeErr := h.vdpaRequest(nl.VDPA_CMD_DEV_GET, extraFlags, attrs) + if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) { + return nil, executeErr } devs := make([]*VDPADev, 0, len(messages)) for _, m := range messages { @@ -295,10 +308,13 @@ func (h *Handle) vdpaDevGet(dev *string) ([]*VDPADev, error) { d.parseAttributes(m) devs = append(devs, d) } - return devs, nil + return devs, executeErr } // dump all devices if dev is nil +// +// If dev is nil, and the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func (h *Handle) vdpaDevConfigGet(dev *string) ([]*VDPADevConfig, error) { var extraFlags int var attrs []*nl.RtAttr @@ -307,9 +323,9 @@ func (h *Handle) vdpaDevConfigGet(dev *string) ([]*VDPADevConfig, error) { } else { extraFlags = extraFlags | unix.NLM_F_DUMP } - messages, err := h.vdpaRequest(nl.VDPA_CMD_DEV_CONFIG_GET, extraFlags, attrs) - if err != nil { - return nil, err + messages, executeErr := h.vdpaRequest(nl.VDPA_CMD_DEV_CONFIG_GET, extraFlags, attrs) + if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) { + return nil, executeErr } cfgs := make([]*VDPADevConfig, 0, len(messages)) for _, m := range messages { @@ -317,10 +333,13 @@ func (h *Handle) vdpaDevConfigGet(dev *string) ([]*VDPADevConfig, error) { cfg.parseAttributes(m) cfgs = append(cfgs, cfg) } - return cfgs, nil + return cfgs, executeErr } // dump all devices if dev is nil +// +// If dev is nil and the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func (h *Handle) vdpaMGMTDevGet(bus, dev *string) ([]*VDPAMGMTDev, error) { var extraFlags int var attrs []*nl.RtAttr @@ -336,9 +355,9 @@ func (h *Handle) vdpaMGMTDevGet(bus, dev *string) ([]*VDPAMGMTDev, error) { } else { extraFlags = extraFlags | unix.NLM_F_DUMP } - messages, err := h.vdpaRequest(nl.VDPA_CMD_MGMTDEV_GET, extraFlags, attrs) - if err != nil { - return nil, err + messages, executeErr := h.vdpaRequest(nl.VDPA_CMD_MGMTDEV_GET, extraFlags, attrs) + if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) { + return nil, executeErr } cfgs := make([]*VDPAMGMTDev, 0, len(messages)) for _, m := range messages { @@ -346,7 +365,7 @@ func (h *Handle) vdpaMGMTDevGet(bus, dev *string) ([]*VDPAMGMTDev, error) { cfg.parseAttributes(m) cfgs = append(cfgs, cfg) } - return cfgs, nil + return cfgs, executeErr } // VDPANewDev adds new VDPA device @@ -385,6 +404,9 @@ func (h *Handle) VDPADelDev(name string) error { // VDPAGetDevList returns list of VDPA devices // Equivalent to: `vdpa dev show` +// +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func (h *Handle) VDPAGetDevList() ([]*VDPADev, error) { return h.vdpaDevGet(nil) } @@ -404,6 +426,9 @@ func (h *Handle) VDPAGetDevByName(name string) (*VDPADev, error) { // VDPAGetDevConfigList returns list of VDPA devices configurations // Equivalent to: `vdpa dev config show` +// +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func (h *Handle) VDPAGetDevConfigList() ([]*VDPADevConfig, error) { return h.vdpaDevConfigGet(nil) } @@ -441,6 +466,9 @@ func (h *Handle) VDPAGetDevVStats(name string, queueIndex uint32) (*VDPADevVStat // VDPAGetMGMTDevList returns list of mgmt devices // Equivalent to: `vdpa mgmtdev show` +// +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func (h *Handle) VDPAGetMGMTDevList() ([]*VDPAMGMTDev, error) { return h.vdpaMGMTDevGet(nil, nil) } diff --git a/vendor/github.com/vishvananda/netlink/xfrm_linux.go b/vendor/github.com/vishvananda/netlink/xfrm_linux.go index dd38ed8e082..b603e4c15a7 100644 --- a/vendor/github.com/vishvananda/netlink/xfrm_linux.go +++ b/vendor/github.com/vishvananda/netlink/xfrm_linux.go @@ -48,6 +48,14 @@ const ( XFRM_MODE_MAX ) +// SADir is an enum representing an ipsec template direction. +type SADir uint8 + +const ( + XFRM_SA_DIR_IN SADir = iota + 1 + XFRM_SA_DIR_OUT +) + func (m Mode) String() string { switch m { case XFRM_MODE_TRANSPORT: diff --git a/vendor/github.com/vishvananda/netlink/xfrm_policy_linux.go b/vendor/github.com/vishvananda/netlink/xfrm_policy_linux.go index d526739cebf..bf143a1b13f 100644 --- a/vendor/github.com/vishvananda/netlink/xfrm_policy_linux.go +++ b/vendor/github.com/vishvananda/netlink/xfrm_policy_linux.go @@ -1,6 +1,7 @@ package netlink import ( + "errors" "fmt" "net" @@ -215,6 +216,9 @@ func (h *Handle) XfrmPolicyDel(policy *XfrmPolicy) error { // XfrmPolicyList gets a list of xfrm policies in the system. // Equivalent to: `ip xfrm policy show`. // The list can be filtered by ip family. +// +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func XfrmPolicyList(family int) ([]XfrmPolicy, error) { return pkgHandle.XfrmPolicyList(family) } @@ -222,15 +226,18 @@ func XfrmPolicyList(family int) ([]XfrmPolicy, error) { // XfrmPolicyList gets a list of xfrm policies in the system. // Equivalent to: `ip xfrm policy show`. // The list can be filtered by ip family. +// +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func (h *Handle) XfrmPolicyList(family int) ([]XfrmPolicy, error) { req := h.newNetlinkRequest(nl.XFRM_MSG_GETPOLICY, unix.NLM_F_DUMP) msg := nl.NewIfInfomsg(family) req.AddData(msg) - msgs, err := req.Execute(unix.NETLINK_XFRM, nl.XFRM_MSG_NEWPOLICY) - if err != nil { - return nil, err + msgs, executeErr := req.Execute(unix.NETLINK_XFRM, nl.XFRM_MSG_NEWPOLICY) + if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) { + return nil, executeErr } var res []XfrmPolicy @@ -243,7 +250,7 @@ func (h *Handle) XfrmPolicyList(family int) ([]XfrmPolicy, error) { return nil, err } } - return res, nil + return res, executeErr } // XfrmPolicyGet gets a the policy described by the index or selector, if found. diff --git a/vendor/github.com/vishvananda/netlink/xfrm_state_linux.go b/vendor/github.com/vishvananda/netlink/xfrm_state_linux.go index 554f2498c2c..092ffe97b9b 100644 --- a/vendor/github.com/vishvananda/netlink/xfrm_state_linux.go +++ b/vendor/github.com/vishvananda/netlink/xfrm_state_linux.go @@ -1,6 +1,7 @@ package netlink import ( + "errors" "fmt" "net" "time" @@ -112,7 +113,9 @@ type XfrmState struct { Statistics XfrmStateStats Mark *XfrmMark OutputMark *XfrmMark + SADir SADir Ifid int + Pcpunum *uint32 Auth *XfrmStateAlgo Crypt *XfrmStateAlgo Aead *XfrmStateAlgo @@ -125,8 +128,8 @@ type XfrmState struct { } func (sa XfrmState) String() string { - return fmt.Sprintf("Dst: %v, Src: %v, Proto: %s, Mode: %s, SPI: 0x%x, ReqID: 0x%x, ReplayWindow: %d, Mark: %v, OutputMark: %v, Ifid: %d, Auth: %v, Crypt: %v, Aead: %v, Encap: %v, ESN: %t, DontEncapDSCP: %t, OSeqMayWrap: %t, Replay: %v", - sa.Dst, sa.Src, sa.Proto, sa.Mode, sa.Spi, sa.Reqid, sa.ReplayWindow, sa.Mark, sa.OutputMark, sa.Ifid, sa.Auth, sa.Crypt, sa.Aead, sa.Encap, sa.ESN, sa.DontEncapDSCP, sa.OSeqMayWrap, sa.Replay) + return fmt.Sprintf("Dst: %v, Src: %v, Proto: %s, Mode: %s, SPI: 0x%x, ReqID: 0x%x, ReplayWindow: %d, Mark: %v, OutputMark: %v, SADir: %d, Ifid: %d, Pcpunum: %d, Auth: %v, Crypt: %v, Aead: %v, Encap: %v, ESN: %t, DontEncapDSCP: %t, OSeqMayWrap: %t, Replay: %v", + sa.Dst, sa.Src, sa.Proto, sa.Mode, sa.Spi, sa.Reqid, sa.ReplayWindow, sa.Mark, sa.OutputMark, sa.SADir, sa.Ifid, *sa.Pcpunum, sa.Auth, sa.Crypt, sa.Aead, sa.Encap, sa.ESN, sa.DontEncapDSCP, sa.OSeqMayWrap, sa.Replay) } func (sa XfrmState) Print(stats bool) string { if !stats { @@ -332,11 +335,21 @@ func (h *Handle) xfrmStateAddOrUpdate(state *XfrmState, nlProto int) error { req.AddData(out) } + if state.SADir != 0 { + saDir := nl.NewRtAttr(nl.XFRMA_SA_DIR, nl.Uint8Attr(uint8(state.SADir))) + req.AddData(saDir) + } + if state.Ifid != 0 { ifId := nl.NewRtAttr(nl.XFRMA_IF_ID, nl.Uint32Attr(uint32(state.Ifid))) req.AddData(ifId) } + if state.Pcpunum != nil { + pcpuNum := nl.NewRtAttr(nl.XFRMA_SA_PCPU, nl.Uint32Attr(uint32(*state.Pcpunum))) + req.AddData(pcpuNum) + } + _, err := req.Execute(unix.NETLINK_XFRM, 0) return err } @@ -382,6 +395,9 @@ func (h *Handle) XfrmStateDel(state *XfrmState) error { // XfrmStateList gets a list of xfrm states in the system. // Equivalent to: `ip [-4|-6] xfrm state show`. // The list can be filtered by ip family. +// +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func XfrmStateList(family int) ([]XfrmState, error) { return pkgHandle.XfrmStateList(family) } @@ -389,12 +405,15 @@ func XfrmStateList(family int) ([]XfrmState, error) { // XfrmStateList gets a list of xfrm states in the system. // Equivalent to: `ip xfrm state show`. // The list can be filtered by ip family. +// +// If the returned error is [ErrDumpInterrupted], results may be inconsistent +// or incomplete. func (h *Handle) XfrmStateList(family int) ([]XfrmState, error) { req := h.newNetlinkRequest(nl.XFRM_MSG_GETSA, unix.NLM_F_DUMP) - msgs, err := req.Execute(unix.NETLINK_XFRM, nl.XFRM_MSG_NEWSA) - if err != nil { - return nil, err + msgs, executeErr := req.Execute(unix.NETLINK_XFRM, nl.XFRM_MSG_NEWSA) + if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) { + return nil, executeErr } var res []XfrmState @@ -407,7 +426,7 @@ func (h *Handle) XfrmStateList(family int) ([]XfrmState, error) { return nil, err } } - return res, nil + return res, executeErr } // XfrmStateGet gets the xfrm state described by the ID, if found. @@ -452,6 +471,11 @@ func (h *Handle) xfrmStateGetOrDelete(state *XfrmState, nlProto int) (*XfrmState req.AddData(ifId) } + if state.Pcpunum != nil { + pcpuNum := nl.NewRtAttr(nl.XFRMA_SA_PCPU, nl.Uint32Attr(uint32(*state.Pcpunum))) + req.AddData(pcpuNum) + } + resType := nl.XFRM_MSG_NEWSA if nlProto == nl.XFRM_MSG_DELSA { resType = 0 @@ -574,8 +598,13 @@ func parseXfrmState(m []byte, family int) (*XfrmState, error) { if state.OutputMark.Mask == 0xffffffff { state.OutputMark.Mask = 0 } + case nl.XFRMA_SA_DIR: + state.SADir = SADir(attr.Value[0]) case nl.XFRMA_IF_ID: state.Ifid = int(native.Uint32(attr.Value)) + case nl.XFRMA_SA_PCPU: + pcpuNum := native.Uint32(attr.Value) + state.Pcpunum = &pcpuNum case nl.XFRMA_REPLAY_VAL: if state.Replay == nil { state.Replay = new(XfrmReplayState) diff --git a/vendor/github.com/vishvananda/netns/.golangci.yml b/vendor/github.com/vishvananda/netns/.golangci.yml index 600bef78e2b..2b6988f286a 100644 --- a/vendor/github.com/vishvananda/netns/.golangci.yml +++ b/vendor/github.com/vishvananda/netns/.golangci.yml @@ -1,2 +1,26 @@ +linters: + enable: + - errcheck + - errorlint + - gocritic + - gosec + - gosimple + - govet + - gci + - misspell + - nonamedreturns + - staticcheck + - unconvert + - unparam + - unused + - whitespace + +linters-settings: + gci: + sections: + - standard + - default + - prefix(github.com/vishvananda) + run: timeout: 5m diff --git a/vendor/github.com/vishvananda/netns/.yamllint.yml b/vendor/github.com/vishvananda/netns/.yamllint.yml new file mode 100644 index 00000000000..1b2830cc999 --- /dev/null +++ b/vendor/github.com/vishvananda/netns/.yamllint.yml @@ -0,0 +1,9 @@ +--- +extends: default + +rules: + document-start: disable + line-length: disable + truthy: + ignore: | + .github/workflows/*.yml diff --git a/vendor/github.com/vishvananda/netns/netns_linux.go b/vendor/github.com/vishvananda/netns/netns_linux.go index 2ed7c7e2fa4..51c8f4b8690 100644 --- a/vendor/github.com/vishvananda/netns/netns_linux.go +++ b/vendor/github.com/vishvananda/netns/netns_linux.go @@ -26,19 +26,19 @@ const bindMountPath = "/run/netns" /* Bind mount path for named netns */ // Setns sets namespace using golang.org/x/sys/unix.Setns. // // Deprecated: Use golang.org/x/sys/unix.Setns instead. -func Setns(ns NsHandle, nstype int) (err error) { +func Setns(ns NsHandle, nstype int) error { return unix.Setns(int(ns), nstype) } // Set sets the current network namespace to the namespace represented // by NsHandle. -func Set(ns NsHandle) (err error) { +func Set(ns NsHandle) error { return unix.Setns(int(ns), unix.CLONE_NEWNET) } // New creates a new network namespace, sets it as current and returns // a handle to it. -func New() (ns NsHandle, err error) { +func New() (NsHandle, error) { if err := unix.Unshare(unix.CLONE_NEWNET); err != nil { return -1, err } @@ -49,7 +49,7 @@ func New() (ns NsHandle, err error) { // and returns a handle to it func NewNamed(name string) (NsHandle, error) { if _, err := os.Stat(bindMountPath); os.IsNotExist(err) { - err = os.MkdirAll(bindMountPath, 0755) + err = os.MkdirAll(bindMountPath, 0o755) if err != nil { return None(), err } @@ -62,7 +62,7 @@ func NewNamed(name string) (NsHandle, error) { namedPath := path.Join(bindMountPath, name) - f, err := os.OpenFile(namedPath, os.O_CREATE|os.O_EXCL, 0444) + f, err := os.OpenFile(namedPath, os.O_CREATE|os.O_EXCL, 0o444) if err != nil { newNs.Close() return None(), err @@ -217,11 +217,12 @@ func getPidForContainer(id string) (int, error) { id += "*" var pidFile string - if cgroupVer == 1 { + switch cgroupVer { + case 1: pidFile = "tasks" - } else if cgroupVer == 2 { + case 2: pidFile = "cgroup.procs" - } else { + default: return -1, fmt.Errorf("Invalid cgroup version '%d'", cgroupVer) } @@ -247,6 +248,10 @@ func getPidForContainer(id string) (int, error) { filepath.Join(cgroupRoot, "kubepods.slice", "*.slice", "*", "docker-"+id+".scope", pidFile), // Same as above but for Guaranteed QoS filepath.Join(cgroupRoot, "kubepods.slice", "*", "docker-"+id+".scope", pidFile), + // Support for nerdctl + filepath.Join(cgroupRoot, "system.slice", "nerdctl-"+id+".scope", pidFile), + // Support for finch + filepath.Join(cgroupRoot, "..", "systemd", "finch", id, pidFile), } var filename string @@ -276,7 +281,7 @@ func getPidForContainer(id string) (int, error) { pid, err = strconv.Atoi(result[0]) if err != nil { - return pid, fmt.Errorf("Invalid pid '%s': %s", result[0], err) + return pid, fmt.Errorf("Invalid pid '%s': %w", result[0], err) } return pid, nil diff --git a/vendor/github.com/vishvananda/netns/netns_others.go b/vendor/github.com/vishvananda/netns/netns_others.go index 0489837741b..f444f6e77f2 100644 --- a/vendor/github.com/vishvananda/netns/netns_others.go +++ b/vendor/github.com/vishvananda/netns/netns_others.go @@ -3,27 +3,23 @@ package netns -import ( - "errors" -) +import "errors" -var ( - ErrNotImplemented = errors.New("not implemented") -) +var ErrNotImplemented = errors.New("not implemented") // Setns sets namespace using golang.org/x/sys/unix.Setns on Linux. It // is not implemented on other platforms. // // Deprecated: Use golang.org/x/sys/unix.Setns instead. -func Setns(ns NsHandle, nstype int) (err error) { +func Setns(ns NsHandle, nstype int) error { return ErrNotImplemented } -func Set(ns NsHandle) (err error) { +func Set(ns NsHandle) error { return ErrNotImplemented } -func New() (ns NsHandle, err error) { +func New() (NsHandle, error) { return -1, ErrNotImplemented } @@ -51,7 +47,7 @@ func GetFromPid(pid int) (NsHandle, error) { return -1, ErrNotImplemented } -func GetFromThread(pid, tid int) (NsHandle, error) { +func GetFromThread(pid int, tid int) (NsHandle, error) { return -1, ErrNotImplemented } diff --git a/vendor/modules.txt b/vendor/modules.txt index 24481379a74..babbfecb0ef 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -84,11 +84,11 @@ github.com/sirupsen/logrus/hooks/test # github.com/urfave/cli v1.22.16 ## explicit; go 1.11 github.com/urfave/cli -# github.com/vishvananda/netlink v1.3.0 +# github.com/vishvananda/netlink v1.3.1 ## explicit; go 1.12 github.com/vishvananda/netlink github.com/vishvananda/netlink/nl -# github.com/vishvananda/netns v0.0.4 +# github.com/vishvananda/netns v0.0.5 ## explicit; go 1.17 github.com/vishvananda/netns # golang.org/x/net v0.40.0 From ae00c2bd095d5be257748c28dc1e5a8fe8951c4b Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 29 Apr 2025 12:50:26 -0700 Subject: [PATCH 0939/1176] tests/int: simplify using check_cpu_quota Instead of providing systemd CPU quota value (CPUQuotaPerSec), calculate it based on how opencontainers/cgroups/systemd handles it (see addCPUQuota). Signed-off-by: Kir Kolyshkin --- tests/integration/cgroups.bats | 4 +-- tests/integration/helpers.bash | 25 +++++++++++++-- tests/integration/update.bats | 56 +++++++++++++++++----------------- 3 files changed, 52 insertions(+), 33 deletions(-) diff --git a/tests/integration/cgroups.bats b/tests/integration/cgroups.bats index 70e3ee9f5e0..106b15faca6 100644 --- a/tests/integration/cgroups.bats +++ b/tests/integration/cgroups.bats @@ -328,7 +328,7 @@ convert_hugetlb_size() { check_systemd_value "MemoryHigh" 5242880 check_systemd_value "MemoryMax" 10485760 check_systemd_value "TasksMax" 99 - check_cpu_quota 10000 100000 "100ms" + check_cpu_quota 10000 100000 check_cpu_weight 42 } @@ -390,7 +390,7 @@ convert_hugetlb_size() { [ "$output" = '42' ] check_systemd_value "TasksMax" 42 - check_cpu_quota 5000 50000 "100ms" + check_cpu_quota 5000 50000 check_cpu_weight 42 } diff --git a/tests/integration/helpers.bash b/tests/integration/helpers.bash index f370e9b5a82..a5e303a2c0d 100755 --- a/tests/integration/helpers.bash +++ b/tests/integration/helpers.bash @@ -286,7 +286,28 @@ function check_systemd_value() { function check_cpu_quota() { local quota=$1 local period=$2 - local sd_quota=$3 + local sd_quota + + if [ -v RUNC_USE_SYSTEMD ]; then + if [ "$quota" = "-1" ]; then + sd_quota="infinity" + else + # In systemd world, quota (CPUQuotaPerSec) is measured in ms + # (per second), and systemd rounds it up to 10ms. For example, + # given quota=4000 and period=10000, systemd value is 400ms. + # + # Calculate milliseconds (quota/period * 1000). + # First multiply by 1000 to get milliseconds, + # then add half of period for proper rounding. + local ms=$(((quota * 1000 + period / 2) / period)) + # Round up to nearest 10ms. + ms=$(((ms + 5) / 10 * 10)) + sd_quota="${ms}ms" + fi + + # Systemd values are the same for v1 and v2. + check_systemd_value "CPUQuotaPerSecUSec" "$sd_quota" + fi if [ -v CGROUP_V2 ]; then if [ "$quota" = "-1" ]; then @@ -297,8 +318,6 @@ function check_cpu_quota() { check_cgroup_value "cpu.cfs_quota_us" "$quota" check_cgroup_value "cpu.cfs_period_us" "$period" fi - # systemd values are the same for v1 and v2 - check_systemd_value "CPUQuotaPerSecUSec" "$sd_quota" # CPUQuotaPeriodUSec requires systemd >= v242 [ "$(systemd_version)" -lt 242 ] && return diff --git a/tests/integration/update.bats b/tests/integration/update.bats index 034e959fc15..27af565b7bf 100644 --- a/tests/integration/update.bats +++ b/tests/integration/update.bats @@ -263,26 +263,26 @@ EOF runc run -d --console-socket "$CONSOLE_SOCKET" test_update [ "$status" -eq 0 ] - # check that initial values were properly set - check_cpu_quota 500000 1000000 "500ms" + # Check that initial values were properly set. + check_cpu_quota 500000 1000000 check_cpu_shares 100 - # update cpu period + # Update cpu period. runc update test_update --cpu-period 900000 [ "$status" -eq 0 ] - check_cpu_quota 500000 900000 "560ms" + check_cpu_quota 500000 900000 - # update cpu quota + # Update cpu quota. runc update test_update --cpu-quota 600000 [ "$status" -eq 0 ] - check_cpu_quota 600000 900000 "670ms" + check_cpu_quota 600000 900000 - # remove cpu quota + # Remove cpu quota. runc update test_update --cpu-quota -1 [ "$status" -eq 0 ] - check_cpu_quota -1 900000 "infinity" + check_cpu_quota -1 900000 - # update cpu-shares + # Update cpu-shares. runc update test_update --cpu-share 200 [ "$status" -eq 0 ] check_cpu_shares 200 @@ -298,21 +298,21 @@ EOF } EOF [ "$status" -eq 0 ] - check_cpu_quota 500000 1000000 "500ms" + check_cpu_quota 500000 1000000 - # redo all the changes at once + # Redo all the changes at once. runc update test_update \ --cpu-period 900000 --cpu-quota 600000 --cpu-share 200 [ "$status" -eq 0 ] - check_cpu_quota 600000 900000 "670ms" + check_cpu_quota 600000 900000 check_cpu_shares 200 - # remove cpu quota and reset the period + # Remove cpu quota and reset the period. runc update test_update --cpu-quota -1 --cpu-period 100000 [ "$status" -eq 0 ] - check_cpu_quota -1 100000 "infinity" + check_cpu_quota -1 100000 - # reset to initial test value via json file + # Reset to initial test values via json file. cat <"$BATS_RUN_TMPDIR"/runc-cgroups-integration-test.json { "cpu": { @@ -326,7 +326,7 @@ EOF runc update -r "$BATS_RUN_TMPDIR"/runc-cgroups-integration-test.json test_update [ "$status" -eq 0 ] - check_cpu_quota 500000 1000000 "500ms" + check_cpu_quota 500000 1000000 check_cpu_shares 100 } @@ -363,7 +363,7 @@ EOF runc run -d --console-socket "$CONSOLE_SOCKET" test_update [ "$status" -eq 0 ] - check_cpu_quota -1 1000000 "infinity" + check_cpu_quota -1 1000000 } @test "set cpu period with no quota (invalid period)" { @@ -382,7 +382,7 @@ EOF runc run -d --console-socket "$CONSOLE_SOCKET" test_update [ "$status" -eq 0 ] - check_cpu_quota 5000 100000 "50ms" + check_cpu_quota 5000 100000 } @test "update cpu period with no previous period/quota set" { @@ -393,10 +393,10 @@ EOF runc run -d --console-socket "$CONSOLE_SOCKET" test_update [ "$status" -eq 0 ] - # update the period alone, no old values were set + # Update the period alone, no old values were set. runc update --cpu-period 50000 test_update [ "$status" -eq 0 ] - check_cpu_quota -1 50000 "infinity" + check_cpu_quota -1 50000 } @test "update cpu quota with no previous period/quota set" { @@ -407,10 +407,10 @@ EOF runc run -d --console-socket "$CONSOLE_SOCKET" test_update [ "$status" -eq 0 ] - # update the quota alone, no old values were set + # Update the quota alone, no old values were set. runc update --cpu-quota 30000 test_update [ "$status" -eq 0 ] - check_cpu_quota 30000 100000 "300ms" + check_cpu_quota 30000 100000 } @test "update cpu period in a pod cgroup with pod limit set" { @@ -445,7 +445,7 @@ EOF # Finally, the test itself: set 30% limit but with lower period. runc update --cpu-period 10000 --cpu-quota 3000 test_update [ "$status" -eq 0 ] - check_cpu_quota 3000 10000 "300ms" + check_cpu_quota 3000 10000 } @test "update cgroup cpu.idle" { @@ -545,9 +545,9 @@ EOF runc run -d --console-socket "$CONSOLE_SOCKET" test_update [ "$status" -eq 0 ] - # check that initial values were properly set - check_cpu_quota 500000 1000000 "500ms" - # initial cpu shares of 100 corresponds to weight of 4 + # Check that initial values were properly set. + check_cpu_quota 500000 1000000 + # Initial cpu shares of 100 corresponds to weight of 4. check_cpu_weight 4 check_systemd_value "TasksMax" 20 @@ -561,8 +561,8 @@ EOF } EOF - # check the updated systemd unit properties - check_cpu_quota -1 100000 "infinity" + # Check the updated systemd unit properties. + check_cpu_quota -1 100000 check_cpu_weight 16 check_systemd_value "TasksMax" 10 } From b206a015b3d6d27a5c8d416a2ca1e3593e95fcf2 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 28 Apr 2025 15:21:40 -0700 Subject: [PATCH 0940/1176] deps: bump opencontainers/cgroups to v0.0.2 For changes, see https://github.com/opencontainers/cgroups/releases/tag/v0.0.2 Fix integration tests according to changes in [1] (now the CPU quota value set is rounded the same way systemd does it). [1]: https://github.com/opencontainers/cgroups/pull/4 Signed-off-by: Kir Kolyshkin --- go.mod | 2 +- go.sum | 4 +- tests/integration/helpers.bash | 5 + .../cgroups/.golangci-extra.yml | 21 ++++ .../opencontainers/cgroups/.golangci.yml | 31 ++++++ .../opencontainers/cgroups/RELEASES.md | 2 +- .../opencontainers/cgroups/config_linux.go | 104 +++++++++--------- .../cgroups/devices/config/device.go | 4 +- .../cgroups/devices/devices_emulator.go | 7 +- .../opencontainers/cgroups/devices/systemd.go | 2 +- .../opencontainers/cgroups/fs/freezer.go | 2 +- .../opencontainers/cgroups/fs2/cpu.go | 6 + .../opencontainers/cgroups/fs2/memory.go | 21 ++-- .../opencontainers/cgroups/fscommon/rdma.go | 2 +- .../opencontainers/cgroups/stats.go | 9 ++ .../opencontainers/cgroups/systemd/common.go | 16 ++- .../opencontainers/cgroups/systemd/v1.go | 5 +- .../opencontainers/cgroups/systemd/v2.go | 7 +- .../opencontainers/cgroups/utils.go | 4 +- .../opencontainers/cgroups/v1_utils.go | 7 +- vendor/modules.txt | 2 +- 21 files changed, 171 insertions(+), 92 deletions(-) create mode 100644 vendor/github.com/opencontainers/cgroups/.golangci-extra.yml create mode 100644 vendor/github.com/opencontainers/cgroups/.golangci.yml diff --git a/go.mod b/go.mod index ea5650bb0af..a71cfbb08a4 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/moby/sys/user v0.4.0 github.com/moby/sys/userns v0.1.0 github.com/mrunalp/fileutils v0.5.1 - github.com/opencontainers/cgroups v0.0.1 + github.com/opencontainers/cgroups v0.0.2 github.com/opencontainers/runtime-spec v1.2.1 github.com/opencontainers/selinux v1.12.0 github.com/seccomp/libseccomp-golang v0.11.0 diff --git a/go.sum b/go.sum index e57a0f5a19e..0a20bcb2500 100644 --- a/go.sum +++ b/go.sum @@ -45,8 +45,8 @@ github.com/moby/sys/userns v0.1.0 h1:tVLXkFOxVu9A64/yh59slHVv9ahO9UIev4JZusOLG/g github.com/moby/sys/userns v0.1.0/go.mod h1:IHUYgu/kao6N8YZlp9Cf444ySSvCmDlmzUcYfDHOl28= github.com/mrunalp/fileutils v0.5.1 h1:F+S7ZlNKnrwHfSwdlgNSkKo67ReVf8o9fel6C3dkm/Q= github.com/mrunalp/fileutils v0.5.1/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ= -github.com/opencontainers/cgroups v0.0.1 h1:MXjMkkFpKv6kpuirUa4USFBas573sSAY082B4CiHEVA= -github.com/opencontainers/cgroups v0.0.1/go.mod h1:s8lktyhlGUqM7OSRL5P7eAW6Wb+kWPNvt4qvVfzA5vs= +github.com/opencontainers/cgroups v0.0.2 h1:A+mAPPMfgKNCEZUUtibESFx06uvhAmvo8sSz3Abwk7o= +github.com/opencontainers/cgroups v0.0.2/go.mod h1:s8lktyhlGUqM7OSRL5P7eAW6Wb+kWPNvt4qvVfzA5vs= github.com/opencontainers/runtime-spec v1.2.1 h1:S4k4ryNgEpxW1dzyqffOmhI1BHYcjzU8lpJfSlR0xww= github.com/opencontainers/runtime-spec v1.2.1/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/selinux v1.12.0 h1:6n5JV4Cf+4y0KNXW48TLj5DwfXpvWlxXplUkdTrmPb8= diff --git a/tests/integration/helpers.bash b/tests/integration/helpers.bash index a5e303a2c0d..669bbb16c2a 100755 --- a/tests/integration/helpers.bash +++ b/tests/integration/helpers.bash @@ -303,6 +303,11 @@ function check_cpu_quota() { # Round up to nearest 10ms. ms=$(((ms + 5) / 10 * 10)) sd_quota="${ms}ms" + + # Recalculate quota based on systemd value. + # Convert ms back to quota units. + quota=$((ms * period / 1000)) + fi # Systemd values are the same for v1 and v2. diff --git a/vendor/github.com/opencontainers/cgroups/.golangci-extra.yml b/vendor/github.com/opencontainers/cgroups/.golangci-extra.yml new file mode 100644 index 00000000000..b98dba1ba15 --- /dev/null +++ b/vendor/github.com/opencontainers/cgroups/.golangci-extra.yml @@ -0,0 +1,21 @@ +# This is golangci-lint config file which is used to check NEW code in +# github PRs only (see lint-extra in .github/workflows/validate.yml). +# +# For the default linter config, see .golangci.yml. This config should +# only enable additional linters and/or linter settings not enabled +# in the default config. +version: "2" + +linters: + default: none + enable: + - godot + - revive + - staticcheck + settings: + staticcheck: + checks: + - all + - -QF1008 # https://staticcheck.dev/docs/checks/#QF1008 Omit embedded fields from selector expression. + exclusions: + generated: strict diff --git a/vendor/github.com/opencontainers/cgroups/.golangci.yml b/vendor/github.com/opencontainers/cgroups/.golangci.yml new file mode 100644 index 00000000000..90799883cad --- /dev/null +++ b/vendor/github.com/opencontainers/cgroups/.golangci.yml @@ -0,0 +1,31 @@ +# For documentation, see https://golangci-lint.run/usage/configuration/ +version: "2" + +formatters: + enable: + - gofumpt + exclusions: + generated: strict + +linters: + enable: + - errorlint + - nolintlint + - unconvert + - unparam + settings: + govet: + enable: + - nilness + staticcheck: + checks: + - all + - -ST1000 # https://staticcheck.dev/docs/checks/#ST1000 Incorrect or missing package comment. + - -ST1003 # https://staticcheck.dev/docs/checks/#ST1003 Poorly chosen identifier. + - -ST1005 # https://staticcheck.dev/docs/checks/#ST1005 Incorrectly formatted error string. + - -QF1008 # https://staticcheck.dev/docs/checks/#QF1008 Omit embedded fields from selector expression. + exclusions: + generated: strict + presets: + - comments + - std-error-handling diff --git a/vendor/github.com/opencontainers/cgroups/RELEASES.md b/vendor/github.com/opencontainers/cgroups/RELEASES.md index 028ec265df9..e3802706f57 100644 --- a/vendor/github.com/opencontainers/cgroups/RELEASES.md +++ b/vendor/github.com/opencontainers/cgroups/RELEASES.md @@ -23,7 +23,7 @@ However, specification releases have special restrictions in the [OCI charter][c * They are the target of backwards compatibility (§7.g), and * They are subject to the OFWa patent grant (§8.d and e). -To avoid unfortunate side effects (onerous backwards compatibity requirements or Member resignations), the following additional procedures apply to specification releases: +To avoid unfortunate side effects (onerous backwards compatibility requirements or Member resignations), the following additional procedures apply to specification releases: ### Planning a release diff --git a/vendor/github.com/opencontainers/cgroups/config_linux.go b/vendor/github.com/opencontainers/cgroups/config_linux.go index ce98b3d7847..9f1d44537b0 100644 --- a/vendor/github.com/opencontainers/cgroups/config_linux.go +++ b/vendor/github.com/opencontainers/cgroups/config_linux.go @@ -23,16 +23,16 @@ type Cgroup struct { // Path specifies the path to cgroups that are created and/or joined by the container. // The path is assumed to be relative to the host system cgroup mountpoint. - Path string `json:"path"` + Path string `json:"path,omitempty"` - // ScopePrefix describes prefix for the scope name - ScopePrefix string `json:"scope_prefix"` + // ScopePrefix describes prefix for the scope name. + ScopePrefix string `json:"scope_prefix,omitempty"` - // Resources contains various cgroups settings to apply - *Resources + // Resources contains various cgroups settings to apply. + *Resources `json:"Resources,omitempty"` // Systemd tells if systemd should be used to manage cgroups. - Systemd bool + Systemd bool `json:"Systemd,omitempty"` // SystemdProps are any additional properties for systemd, // derived from org.systemd.property.xxx annotations. @@ -40,7 +40,7 @@ type Cgroup struct { SystemdProps []systemdDbus.Property `json:"-"` // Rootless tells if rootless cgroups should be used. - Rootless bool + Rootless bool `json:"Rootless,omitempty"` // The host UID that should own the cgroup, or nil to accept // the default ownership. This should only be set when the @@ -52,96 +52,96 @@ type Cgroup struct { type Resources struct { // Devices is the set of access rules for devices in the container. - Devices []*devices.Rule `json:"devices"` + Devices []*devices.Rule `json:"devices,omitempty"` - // Memory limit (in bytes) - Memory int64 `json:"memory"` + // Memory limit (in bytes). + Memory int64 `json:"memory,omitempty"` - // Memory reservation or soft_limit (in bytes) - MemoryReservation int64 `json:"memory_reservation"` + // Memory reservation or soft_limit (in bytes). + MemoryReservation int64 `json:"memory_reservation,omitempty"` - // Total memory usage (memory + swap); set `-1` to enable unlimited swap - MemorySwap int64 `json:"memory_swap"` + // Total memory usage (memory+swap); use -1 for unlimited swap. + MemorySwap int64 `json:"memory_swap,omitempty"` - // CPU shares (relative weight vs. other containers) - CpuShares uint64 `json:"cpu_shares"` + // CPU shares (relative weight vs. other containers). + CpuShares uint64 `json:"cpu_shares,omitempty"` //nolint:revive // Suppress "var-naming: struct field CpuShares should be CPUShares". // CPU hardcap limit (in usecs). Allowed cpu time in a given period. - CpuQuota int64 `json:"cpu_quota"` + CpuQuota int64 `json:"cpu_quota,omitempty"` //nolint:revive // Suppress "var-naming: struct field CpuQuota should be CPUQuota". // CPU hardcap burst limit (in usecs). Allowed accumulated cpu time additionally for burst in a given period. - CpuBurst *uint64 `json:"cpu_burst"` //nolint:revive + CpuBurst *uint64 `json:"cpu_burst,omitempty"` //nolint:revive // Suppress "var-naming: struct field CpuBurst should be CPUBurst". // CPU period to be used for hardcapping (in usecs). 0 to use system default. - CpuPeriod uint64 `json:"cpu_period"` + CpuPeriod uint64 `json:"cpu_period,omitempty"` //nolint:revive // Suppress "var-naming: struct field CpuPeriod should be CPUPeriod". // How many time CPU will use in realtime scheduling (in usecs). - CpuRtRuntime int64 `json:"cpu_rt_quota"` + CpuRtRuntime int64 `json:"cpu_rt_quota,omitempty"` //nolint:revive // Suppress "var-naming: struct field CpuRtRuntime should be CPURtRuntime". // CPU period to be used for realtime scheduling (in usecs). - CpuRtPeriod uint64 `json:"cpu_rt_period"` + CpuRtPeriod uint64 `json:"cpu_rt_period,omitempty"` //nolint:revive // Suppress "var-naming: struct field CpuQuota should be CPUQuota". - // CPU to use - CpusetCpus string `json:"cpuset_cpus"` + // Cpuset CPUs to use. + CpusetCpus string `json:"cpuset_cpus,omitempty"` - // MEM to use - CpusetMems string `json:"cpuset_mems"` + // Cpuset memory nodes to use. + CpusetMems string `json:"cpuset_mems,omitempty"` - // cgroup SCHED_IDLE + // Cgroup's SCHED_IDLE value. CPUIdle *int64 `json:"cpu_idle,omitempty"` // Process limit; set <= `0' to disable limit. - PidsLimit int64 `json:"pids_limit"` + PidsLimit int64 `json:"pids_limit,omitempty"` // Specifies per cgroup weight, range is from 10 to 1000. - BlkioWeight uint16 `json:"blkio_weight"` + BlkioWeight uint16 `json:"blkio_weight,omitempty"` - // Specifies tasks' weight in the given cgroup while competing with the cgroup's child cgroups, range is from 10 to 1000, cfq scheduler only - BlkioLeafWeight uint16 `json:"blkio_leaf_weight"` + // Tasks' weight in the given cgroup while competing with the cgroup's child cgroups, range is from 10 to 1000, cfq scheduler only. + BlkioLeafWeight uint16 `json:"blkio_leaf_weight,omitempty"` // Weight per cgroup per device, can override BlkioWeight. - BlkioWeightDevice []*WeightDevice `json:"blkio_weight_device"` + BlkioWeightDevice []*WeightDevice `json:"blkio_weight_device,omitempty"` // IO read rate limit per cgroup per device, bytes per second. - BlkioThrottleReadBpsDevice []*ThrottleDevice `json:"blkio_throttle_read_bps_device"` + BlkioThrottleReadBpsDevice []*ThrottleDevice `json:"blkio_throttle_read_bps_device,omitempty"` // IO write rate limit per cgroup per device, bytes per second. - BlkioThrottleWriteBpsDevice []*ThrottleDevice `json:"blkio_throttle_write_bps_device"` + BlkioThrottleWriteBpsDevice []*ThrottleDevice `json:"blkio_throttle_write_bps_device,omitempty"` // IO read rate limit per cgroup per device, IO per second. - BlkioThrottleReadIOPSDevice []*ThrottleDevice `json:"blkio_throttle_read_iops_device"` + BlkioThrottleReadIOPSDevice []*ThrottleDevice `json:"blkio_throttle_read_iops_device,omitempty"` // IO write rate limit per cgroup per device, IO per second. - BlkioThrottleWriteIOPSDevice []*ThrottleDevice `json:"blkio_throttle_write_iops_device"` + BlkioThrottleWriteIOPSDevice []*ThrottleDevice `json:"blkio_throttle_write_iops_device,omitempty"` - // set the freeze value for the process - Freezer FreezerState `json:"freezer"` + // Freeze value for the process. + Freezer FreezerState `json:"freezer,omitempty"` - // Hugetlb limit (in bytes) - HugetlbLimit []*HugepageLimit `json:"hugetlb_limit"` + // Hugetlb limit (in bytes). + HugetlbLimit []*HugepageLimit `json:"hugetlb_limit,omitempty"` - // Whether to disable OOM Killer - OomKillDisable bool `json:"oom_kill_disable"` + // Whether to disable OOM killer. + OomKillDisable bool `json:"oom_kill_disable,omitempty"` - // Tuning swappiness behaviour per cgroup - MemorySwappiness *uint64 `json:"memory_swappiness"` + // Tuning swappiness behaviour per cgroup. + MemorySwappiness *uint64 `json:"memory_swappiness,omitempty"` - // Set priority of network traffic for container - NetPrioIfpriomap []*IfPrioMap `json:"net_prio_ifpriomap"` + // Set priority of network traffic for container. + NetPrioIfpriomap []*IfPrioMap `json:"net_prio_ifpriomap,omitempty"` - // Set class identifier for container's network packets - NetClsClassid uint32 `json:"net_cls_classid_u"` + // Set class identifier for container's network packets. + NetClsClassid uint32 `json:"net_cls_classid_u,omitempty"` - // Rdma resource restriction configuration - Rdma map[string]LinuxRdma `json:"rdma"` + // Rdma resource restriction configuration. + Rdma map[string]LinuxRdma `json:"rdma,omitempty"` // Used on cgroups v2: // CpuWeight sets a proportional bandwidth limit. - CpuWeight uint64 `json:"cpu_weight"` + CpuWeight uint64 `json:"cpu_weight,omitempty"` //nolint:revive // Suppress "var-naming: struct field CpuWeight should be CPUWeight". // Unified is cgroupv2-only key-value map. - Unified map[string]string `json:"unified"` + Unified map[string]string `json:"unified,omitempty"` // SkipDevices allows to skip configuring device permissions. // Used by e.g. kubelet while creating a parent cgroup (kubepods) @@ -165,5 +165,5 @@ type Resources struct { // MemoryCheckBeforeUpdate is a flag for cgroup v2 managers to check // if the new memory limits (Memory and MemorySwap) being set are lower // than the current memory usage, and reject if so. - MemoryCheckBeforeUpdate bool `json:"memory_check_before_update"` + MemoryCheckBeforeUpdate bool `json:"memory_check_before_update,omitempty"` } diff --git a/vendor/github.com/opencontainers/cgroups/devices/config/device.go b/vendor/github.com/opencontainers/cgroups/devices/config/device.go index 05ad3ef8cab..295575cbfa7 100644 --- a/vendor/github.com/opencontainers/cgroups/devices/config/device.go +++ b/vendor/github.com/opencontainers/cgroups/devices/config/device.go @@ -20,10 +20,10 @@ type Device struct { FileMode os.FileMode `json:"file_mode"` // Uid of the device. - Uid uint32 `json:"uid"` + Uid uint32 `json:"uid,omitempty"` //nolint:revive // Suppress "var-naming: struct field Uid should be UID". // Gid of the device. - Gid uint32 `json:"gid"` + Gid uint32 `json:"gid,omitempty"` //nolint:revive // Suppress "var-naming: struct field Gid should be GID". } // Permissions is a cgroupv1-style string to represent device access. It diff --git a/vendor/github.com/opencontainers/cgroups/devices/devices_emulator.go b/vendor/github.com/opencontainers/cgroups/devices/devices_emulator.go index ab1826826f6..df258fb85d6 100644 --- a/vendor/github.com/opencontainers/cgroups/devices/devices_emulator.go +++ b/vendor/github.com/opencontainers/cgroups/devices/devices_emulator.go @@ -261,7 +261,7 @@ func (e *emulator) Apply(rule devices.Rule) error { } // emulatorFromList takes a reader to a "devices.list"-like source, and returns -// a new Emulator that represents the state of the devices cgroup. Note that +// a new emulator that represents the state of the devices cgroup. Note that // black-list devices cgroups cannot be fully reconstructed, due to limitations // in the devices cgroup API. Instead, such cgroups are always treated as // "allow all" cgroups. @@ -301,11 +301,12 @@ func emulatorFromList(list io.Reader) (*emulator, error) { // disruptive rules (like denying all device access) will only be applied if // necessary. // -// This function is the sole reason for all of Emulator -- to allow us +// This function is the sole reason for all of emulator -- to allow us // to figure out how to update a containers' cgroups without causing spurious // device errors (if possible). -func (source *emulator) Transition(target *emulator) ([]*devices.Rule, error) { //nolint:revive // Ignore receiver-naming warning. +func (e *emulator) Transition(target *emulator) ([]*devices.Rule, error) { var transitionRules []*devices.Rule + source := e oldRules := source.rules // If the default policy doesn't match, we need to include a "disruptive" diff --git a/vendor/github.com/opencontainers/cgroups/devices/systemd.go b/vendor/github.com/opencontainers/cgroups/devices/systemd.go index 010f7f22ee2..3f5fdceba77 100644 --- a/vendor/github.com/opencontainers/cgroups/devices/systemd.go +++ b/vendor/github.com/opencontainers/cgroups/devices/systemd.go @@ -166,7 +166,7 @@ func systemdProperties(r *cgroups.Resources, sdVer int) ([]systemdDbus.Property, return properties, nil } -func newProp(name string, units interface{}) systemdDbus.Property { +func newProp(name string, units any) systemdDbus.Property { return systemdDbus.Property{ Name: name, Value: dbus.MakeVariant(units), diff --git a/vendor/github.com/opencontainers/cgroups/fs/freezer.go b/vendor/github.com/opencontainers/cgroups/fs/freezer.go index dae4a605894..fe0f0dde482 100644 --- a/vendor/github.com/opencontainers/cgroups/fs/freezer.go +++ b/vendor/github.com/opencontainers/cgroups/fs/freezer.go @@ -57,7 +57,7 @@ func (s *FreezerGroup) Set(path string, r *cgroups.Resources) (Err error) { // Alas, this is still a game of chances, since the real fix // belong to the kernel (cgroup v2 do not have this bug). - for i := 0; i < 1000; i++ { + for i := range 1000 { if i%50 == 49 { // Occasional thaw and sleep improves // the chances to succeed in freezing diff --git a/vendor/github.com/opencontainers/cgroups/fs2/cpu.go b/vendor/github.com/opencontainers/cgroups/fs2/cpu.go index 8eae67351cf..8a22a32c45b 100644 --- a/vendor/github.com/opencontainers/cgroups/fs2/cpu.go +++ b/vendor/github.com/opencontainers/cgroups/fs2/cpu.go @@ -108,6 +108,12 @@ func statCpu(dirPath string, stats *cgroups.Stats) error { case "throttled_usec": stats.CpuStats.ThrottlingData.ThrottledTime = v * 1000 + + case "nr_bursts": + stats.CpuStats.BurstData.BurstsPeriods = v + + case "burst_usec": + stats.CpuStats.BurstData.BurstTime = v * 1000 } } if err := sc.Err(); err != nil { diff --git a/vendor/github.com/opencontainers/cgroups/fs2/memory.go b/vendor/github.com/opencontainers/cgroups/fs2/memory.go index d67fd8aba55..761330756f6 100644 --- a/vendor/github.com/opencontainers/cgroups/fs2/memory.go +++ b/vendor/github.com/opencontainers/cgroups/fs2/memory.go @@ -18,17 +18,14 @@ import ( // cgroupv2 files with .min, .max, .low, or .high suffix. // The value of -1 is converted to "max" for cgroupv1 compatibility // (which used to write -1 to remove the limit). -func numToStr(value int64) (ret string) { - switch { - case value == 0: - ret = "" - case value == -1: - ret = "max" - default: - ret = strconv.FormatInt(value, 10) - } - - return ret +func numToStr(value int64) string { + switch value { + case 0: + return "" + case -1: + return "max" + } + return strconv.FormatInt(value, 10) } func isMemorySet(r *cgroups.Resources) bool { @@ -57,7 +54,7 @@ func setMemory(dirPath string, r *cgroups.Resources) error { if swapStr != "" { if err := cgroups.WriteFile(dirPath, "memory.swap.max", swapStr); err != nil { // If swap is not enabled, silently ignore setting to max or disabling it. - if !(errors.Is(err, os.ErrNotExist) && (swapStr == "max" || swapStr == "0")) { + if !(errors.Is(err, os.ErrNotExist) && (swapStr == "max" || swapStr == "0")) { //nolint:staticcheck // Ignore "QF1001: could apply De Morgan's law". return err } } diff --git a/vendor/github.com/opencontainers/cgroups/fscommon/rdma.go b/vendor/github.com/opencontainers/cgroups/fscommon/rdma.go index 86e38fdcbaa..960126ce7ce 100644 --- a/vendor/github.com/opencontainers/cgroups/fscommon/rdma.go +++ b/vendor/github.com/opencontainers/cgroups/fscommon/rdma.go @@ -50,7 +50,7 @@ func readRdmaEntries(dir, file string) ([]cgroups.RdmaEntry, error) { if err != nil { return nil, err } - defer fd.Close() //nolint:errorlint + defer fd.Close() scanner := bufio.NewScanner(fd) for scanner.Scan() { parts := strings.SplitN(scanner.Text(), " ", 4) diff --git a/vendor/github.com/opencontainers/cgroups/stats.go b/vendor/github.com/opencontainers/cgroups/stats.go index b475567d821..6cd6253ee0a 100644 --- a/vendor/github.com/opencontainers/cgroups/stats.go +++ b/vendor/github.com/opencontainers/cgroups/stats.go @@ -9,6 +9,14 @@ type ThrottlingData struct { ThrottledTime uint64 `json:"throttled_time,omitempty"` } +type BurstData struct { + // Number of periods bandwidth burst occurs + BurstsPeriods uint64 `json:"bursts_periods,omitempty"` + // Cumulative wall-time that any cpus has used above quota in respective periods + // Units: nanoseconds. + BurstTime uint64 `json:"burst_time,omitempty"` +} + // CpuUsage denotes the usage of a CPU. // All CPU stats are aggregate since container inception. type CpuUsage struct { @@ -48,6 +56,7 @@ type CpuStats struct { CpuUsage CpuUsage `json:"cpu_usage,omitempty"` ThrottlingData ThrottlingData `json:"throttling_data,omitempty"` PSI *PSIStats `json:"psi,omitempty"` + BurstData BurstData `json:"burst_data,omitempty"` } type CPUSetStats struct { diff --git a/vendor/github.com/opencontainers/cgroups/systemd/common.go b/vendor/github.com/opencontainers/cgroups/systemd/common.go index b3077bd37fa..875a589e3d8 100644 --- a/vendor/github.com/opencontainers/cgroups/systemd/common.go +++ b/vendor/github.com/opencontainers/cgroups/systemd/common.go @@ -89,7 +89,7 @@ func ExpandSlice(slice string) (string, error) { return path, nil } -func newProp(name string, units interface{}) systemdDbus.Property { +func newProp(name string, units any) systemdDbus.Property { return systemdDbus.Property{ Name: name, Value: dbus.MakeVariant(units), @@ -266,7 +266,7 @@ func systemdVersionAtoi(str string) (int, error) { // Unconditionally remove the leading prefix ("v). str = strings.TrimLeft(str, `"v`) // Match on the first integer we can grab. - for i := 0; i < len(str); i++ { + for i := range len(str) { if str[i] < '0' || str[i] > '9' { // First non-digit: cut the tail. str = str[:i] @@ -280,7 +280,9 @@ func systemdVersionAtoi(str string) (int, error) { return ver, nil } -func addCpuQuota(cm *dbusConnManager, properties *[]systemdDbus.Property, quota int64, period uint64) { +// addCPUQuota adds CPUQuotaPeriodUSec and CPUQuotaPerSecUSec to the properties. The passed quota may be modified +// along with round-up during calculation in order to write the same value to cgroupfs later. +func addCPUQuota(cm *dbusConnManager, properties *[]systemdDbus.Property, quota *int64, period uint64) { if period != 0 { // systemd only supports CPUQuotaPeriodUSec since v242 sdVer := systemdVersion(cm) @@ -292,10 +294,10 @@ func addCpuQuota(cm *dbusConnManager, properties *[]systemdDbus.Property, quota " (setting will still be applied to cgroupfs)", sdVer) } } - if quota != 0 || period != 0 { + if *quota != 0 || period != 0 { // corresponds to USEC_INFINITY in systemd cpuQuotaPerSecUSec := uint64(math.MaxUint64) - if quota > 0 { + if *quota > 0 { if period == 0 { // assume the default period = defCPUQuotaPeriod @@ -304,9 +306,11 @@ func addCpuQuota(cm *dbusConnManager, properties *[]systemdDbus.Property, quota // (integer percentage of CPU) internally. This means that if a fractional percent of // CPU is indicated by Resources.CpuQuota, we need to round up to the nearest // 10ms (1% of a second) such that child cgroups can set the cpu.cfs_quota_us they expect. - cpuQuotaPerSecUSec = uint64(quota*1000000) / period + cpuQuotaPerSecUSec = uint64(*quota*1000000) / period if cpuQuotaPerSecUSec%10000 != 0 { cpuQuotaPerSecUSec = ((cpuQuotaPerSecUSec / 10000) + 1) * 10000 + // Update the requested quota along with the round-up in order to write the same value to cgroupfs. + *quota = int64(cpuQuotaPerSecUSec) * int64(period) / 1000000 } } *properties = append(*properties, diff --git a/vendor/github.com/opencontainers/cgroups/systemd/v1.go b/vendor/github.com/opencontainers/cgroups/systemd/v1.go index 8453e9b4962..b8959adbfa6 100644 --- a/vendor/github.com/opencontainers/cgroups/systemd/v1.go +++ b/vendor/github.com/opencontainers/cgroups/systemd/v1.go @@ -90,7 +90,7 @@ func genV1ResourcesProperties(r *cgroups.Resources, cm *dbusConnManager) ([]syst newProp("CPUShares", r.CpuShares)) } - addCpuQuota(cm, &properties, r.CpuQuota, r.CpuPeriod) + addCPUQuota(cm, &properties, &r.CpuQuota, r.CpuPeriod) if r.BlkioWeight != 0 { properties = append(properties, @@ -334,6 +334,9 @@ func (m *LegacyManager) Set(r *cgroups.Resources) error { if r.Unified != nil { return cgroups.ErrV1NoUnified } + // Use a copy since CpuQuota in r may be modified. + rCopy := *r + r = &rCopy properties, err := genV1ResourcesProperties(r, m.dbus) if err != nil { return err diff --git a/vendor/github.com/opencontainers/cgroups/systemd/v2.go b/vendor/github.com/opencontainers/cgroups/systemd/v2.go index 42a6e355119..636b9cb01b5 100644 --- a/vendor/github.com/opencontainers/cgroups/systemd/v2.go +++ b/vendor/github.com/opencontainers/cgroups/systemd/v2.go @@ -113,7 +113,7 @@ func unifiedResToSystemdProps(cm *dbusConnManager, res map[string]string) (props return nil, fmt.Errorf("unified resource %q quota value conversion error: %w", k, err) } } - addCpuQuota(cm, &props, quota, period) + addCPUQuota(cm, &props, "a, period) case "cpu.weight": if shouldSetCPUIdle(cm, strings.TrimSpace(res["cpu.idle"])) { @@ -254,7 +254,7 @@ func genV2ResourcesProperties(dirPath string, r *cgroups.Resources, cm *dbusConn } } - addCpuQuota(cm, &properties, r.CpuQuota, r.CpuPeriod) + addCPUQuota(cm, &properties, &r.CpuQuota, r.CpuPeriod) if r.PidsLimit > 0 || r.PidsLimit == -1 { properties = append(properties, @@ -480,6 +480,9 @@ func (m *UnifiedManager) Set(r *cgroups.Resources) error { if r == nil { return nil } + // Use a copy since CpuQuota in r may be modified. + rCopy := *r + r = &rCopy properties, err := genV2ResourcesProperties(m.fsMgr.Path(""), r, m.dbus) if err != nil { return err diff --git a/vendor/github.com/opencontainers/cgroups/utils.go b/vendor/github.com/opencontainers/cgroups/utils.go index 9ef24b1ac6e..98b6a07fab8 100644 --- a/vendor/github.com/opencontainers/cgroups/utils.go +++ b/vendor/github.com/opencontainers/cgroups/utils.go @@ -231,7 +231,7 @@ func rmdir(path string, retry bool) error { again: err := unix.Rmdir(path) - switch err { // nolint:errorlint // unix errors are bare + switch err { case nil, unix.ENOENT: return nil case unix.EINTR: @@ -395,7 +395,7 @@ func WriteCgroupProc(dir string, pid int) error { } defer file.Close() - for i := 0; i < 5; i++ { + for range 5 { _, err = file.WriteString(strconv.Itoa(pid)) if err == nil { return nil diff --git a/vendor/github.com/opencontainers/cgroups/v1_utils.go b/vendor/github.com/opencontainers/cgroups/v1_utils.go index 81193e20983..19b8af1344b 100644 --- a/vendor/github.com/opencontainers/cgroups/v1_utils.go +++ b/vendor/github.com/opencontainers/cgroups/v1_utils.go @@ -5,6 +5,7 @@ import ( "fmt" "os" "path/filepath" + "slices" "strings" "sync" "syscall" @@ -144,10 +145,8 @@ func FindCgroupMountpointAndRoot(cgroupPath, subsystem string) (string, string, func findCgroupMountpointAndRootFromMI(mounts []*mountinfo.Info, cgroupPath, subsystem string) (string, string, error) { for _, mi := range mounts { if strings.HasPrefix(mi.Mountpoint, cgroupPath) { - for _, opt := range strings.Split(mi.VFSOptions, ",") { - if opt == subsystem { - return mi.Mountpoint, mi.Root, nil - } + if slices.Contains(strings.Split(mi.VFSOptions, ","), subsystem) { + return mi.Mountpoint, mi.Root, nil } } } diff --git a/vendor/modules.txt b/vendor/modules.txt index babbfecb0ef..8d7a5aa5ea2 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -51,7 +51,7 @@ github.com/moby/sys/userns # github.com/mrunalp/fileutils v0.5.1 ## explicit; go 1.13 github.com/mrunalp/fileutils -# github.com/opencontainers/cgroups v0.0.1 +# github.com/opencontainers/cgroups v0.0.2 ## explicit; go 1.23.0 github.com/opencontainers/cgroups github.com/opencontainers/cgroups/devices From b39bd105908f9c8bfbf1a9a5356b161dfaa9ccb1 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 7 May 2025 21:48:48 -0700 Subject: [PATCH 0941/1176] ci/gha: fix exclusion rules Commit 874207492 neglects to update the exclusion rules when bumping Go releases, and so we no longer exclude running on actuated with older Go release, or running with criu-dev with older Go release. Fixes: 874207492 ("CI: add Go 1.24, drop go1.22") Signed-off-by: Kir Kolyshkin --- .github/workflows/test.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 60289a270f0..a5d9347d38c 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -32,12 +32,12 @@ jobs: # Disable most of criu-dev jobs, as they are expensive # (need to compile criu) and don't add much value/coverage. - criu: criu-dev - go-version: 1.22.x + go-version: 1.23.x - criu: criu-dev rootless: rootless - criu: criu-dev race: -race - - go-version: 1.22.x + - go-version: 1.23.x os: actuated-arm64-6cpu-8gb - race: "-race" os: actuated-arm64-6cpu-8gb From 62e6ab6dda2da97a7c81a346213ac7f3f3300b02 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 7 May 2025 20:21:22 -0700 Subject: [PATCH 0942/1176] gha/ci: allow validate/all-done to succeed for non-PRs When we run CI not on a pull request, the commit job is skipped, as a result, all-done is also skipped. To allow all-done to succeed, modify the commit job to succeed for non-PRs. Signed-off-by: Kir Kolyshkin --- .github/workflows/validate.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 296f45085bd..f1ac3536bdc 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -157,22 +157,26 @@ jobs: contents: read pull-requests: read runs-on: ubuntu-24.04 - # Only check commits on pull requests. - if: github.event_name == 'pull_request' steps: - name: get pr commits + if: github.event_name == 'pull_request' # Only check commits on pull requests. id: 'get-pr-commits' uses: tim-actions/get-pr-commits@v1.3.1 with: token: ${{ secrets.GITHUB_TOKEN }} - name: check subject line length + if: github.event_name == 'pull_request' # Only check commits on pull requests. uses: tim-actions/commit-message-checker-with-regex@v0.3.2 with: commits: ${{ steps.get-pr-commits.outputs.commits }} pattern: '^.{0,72}(\n.*)*$' error: 'Subject too long (max 72)' + - name: succeed (not a PR) # Allow all-done to succeed for non-PRs. + if: github.event_name != 'pull_request' + run: echo "Nothing to check here." + cfmt: runs-on: ubuntu-24.04 steps: From 74209b739dba0b03fefb4698760c6b3602adb4f9 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 7 May 2025 21:56:16 -0700 Subject: [PATCH 0943/1176] ci/gha: allow to run jobs manually ... or from another job. Signed-off-by: Kir Kolyshkin --- .github/workflows/test.yml | 1 + .github/workflows/validate.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index a5d9347d38c..2b2ddf6bcde 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -10,6 +10,7 @@ on: - main - release-* pull_request: + workflow_dispatch: permissions: contents: read diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index f1ac3536bdc..8532d0fc410 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -7,6 +7,7 @@ on: - main - release-* pull_request: + workflow_dispatch: env: GO_VERSION: 1.24 permissions: From 995a39a4cb0f611c1973b3af7753cee8c7a61511 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 6 May 2025 15:22:08 -0700 Subject: [PATCH 0944/1176] ci: add scheduled run of GHA CI This is to ensure that our CI is not rotting away even if there are no new PRs or merges. This is especially useful for release branches which tend to cease working over time due to some external reasons. Signed-off-by: Kir Kolyshkin --- .github/workflows/scheduled.yml | 35 +++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 .github/workflows/scheduled.yml diff --git a/.github/workflows/scheduled.yml b/.github/workflows/scheduled.yml new file mode 100644 index 00000000000..f310503c5d6 --- /dev/null +++ b/.github/workflows/scheduled.yml @@ -0,0 +1,35 @@ +# This enables periodical execution of CI jobs in branches we maintain. +# +# CI jobs are triggered through here (instead of adding "schedule:" to the +# appropriate files) because scheduled jobs are only run on the main branch. +# In other words, it's a way to run periodical CI for other branches. + +name: scheduled +on: + schedule: + # Runs at 00:00 UTC every Sunday, Tuesday, Thursday. + - cron: '0 0 * * 0,2,4' + workflow_dispatch: +permissions: + contents: read + actions: write + +jobs: + trigger-workflow: + strategy: + matrix: + branch: ["main", "release-1.3"] + wf_id: ["validate.yml", "test.yml"] + runs-on: ubuntu-latest + steps: + - name: Trigger ${{ matrix.wf_id }} workflow on ${{ matrix.branch}} branch + uses: actions/github-script@v7 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + await github.rest.actions.createWorkflowDispatch({ + owner: context.repo.owner, + repo: context.repo.repo, + workflow_id: '${{ matrix.wf_id }}', + ref: '${{ matrix.branch }}' + }); From 04be81b6a3db3e9967ea83b39d8742f130110914 Mon Sep 17 00:00:00 2001 From: Yusuke Sakurai Date: Sun, 13 Apr 2025 09:59:05 +0900 Subject: [PATCH 0945/1176] fix rootfs propagation mode Signed-off-by: Yusuke Sakurai --- libcontainer/rootfs_linux.go | 12 ++++++++++++ tests/integration/mounts_propagation.bats | 22 ++++++++++++++++++++++ 2 files changed, 34 insertions(+) create mode 100644 tests/integration/mounts_propagation.bats diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index 51bfd12b9af..7bff07b5916 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -215,6 +215,18 @@ func prepareRootfs(pipe *syncSocket, iConfig *initConfig) (err error) { return fmt.Errorf("error jailing process inside rootfs: %w", err) } + // Apply root mount propagation flags. + // This must be done after pivot_root/chroot because the mount propagation flag is applied + // to the current root ("/"), and not to the old rootfs before it becomes "/". Applying the + // flag in prepareRoot would affect the host mount namespace if the container's + // root mount is shared. + // MS_PRIVATE is skipped as rootfsParentMountPrivate() is already called. + if config.RootPropagation != 0 && config.RootPropagation&unix.MS_PRIVATE == 0 { + if err := mount("", "/", "", uintptr(config.RootPropagation), ""); err != nil { + return fmt.Errorf("unable to apply root propagation flags: %w", err) + } + } + if setupDev { if err := reOpenDevNull(); err != nil { return fmt.Errorf("error reopening /dev/null inside container: %w", err) diff --git a/tests/integration/mounts_propagation.bats b/tests/integration/mounts_propagation.bats new file mode 100644 index 00000000000..909b0d9d514 --- /dev/null +++ b/tests/integration/mounts_propagation.bats @@ -0,0 +1,22 @@ +#!/usr/bin/env bats + +load helpers + +function setup() { + requires root + setup_debian +} + +function teardown() { + teardown_bundle +} + +@test "runc run [rootfsPropagation shared]" { + update_config ' .linux.rootfsPropagation = "shared" ' + + update_config ' .process.args = ["findmnt", "--noheadings", "-o", "PROPAGATION", "/"] ' + + runc run test_shared_rootfs + [ "$status" -eq 0 ] + [ "$output" = "shared" ] +} From 0c93d41c65b6a1055e945d1d3e56943b07b8405b Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 13 May 2025 19:46:28 -0700 Subject: [PATCH 0946/1176] criu: improve prepareCriuRestoreMounts 1. Replace the big "if !" block with the if block and continue, simplifying the code flow. 2. Move comments closer to the code, improving readability. This commit is best reviewed with --ignore-all-space or similar. Signed-off-by: Kir Kolyshkin --- libcontainer/criu_linux.go | 45 +++++++++++++++++++------------------- 1 file changed, 23 insertions(+), 22 deletions(-) diff --git a/libcontainer/criu_linux.go b/libcontainer/criu_linux.go index dbeb722a2eb..1629ba5fc3c 100644 --- a/libcontainer/criu_linux.go +++ b/libcontainer/criu_linux.go @@ -572,9 +572,6 @@ func (c *Container) prepareCriuRestoreMounts(mounts []*configs.Mount) error { tmpfs = append(tmpfs, m.Destination) } } - // Now go through all mounts and create the mountpoints - // if the mountpoints are not on a tmpfs, as CRIU will - // restore the complete tmpfs content from its checkpoint. umounts := []string{} defer func() { for _, u := range umounts { @@ -590,28 +587,32 @@ func (c *Container) prepareCriuRestoreMounts(mounts []*configs.Mount) error { }) } }() + // Now go through all mounts and create the required mountpoints. for _, m := range mounts { - if !isPathInPrefixList(m.Destination, tmpfs) { - if err := c.makeCriuRestoreMountpoints(m); err != nil { + // If the mountpoint is on a tmpfs, skip it as CRIU will + // restore the complete tmpfs content from its checkpoint. + if isPathInPrefixList(m.Destination, tmpfs) { + continue + } + if err := c.makeCriuRestoreMountpoints(m); err != nil { + return err + } + // If the mount point is a bind mount, we need to mount + // it now so that runc can create the necessary mount + // points for mounts in bind mounts. + // This also happens during initial container creation. + // Without this CRIU restore will fail + // See: https://github.com/opencontainers/runc/issues/2748 + // It is also not necessary to order the mount points + // because during initial container creation mounts are + // set up in the order they are configured. + if m.Device == "bind" { + if err := utils.WithProcfd(c.config.Rootfs, m.Destination, func(dstFd string) error { + return mountViaFds(m.Source, nil, m.Destination, dstFd, "", unix.MS_BIND|unix.MS_REC, "") + }); err != nil { return err } - // If the mount point is a bind mount, we need to mount - // it now so that runc can create the necessary mount - // points for mounts in bind mounts. - // This also happens during initial container creation. - // Without this CRIU restore will fail - // See: https://github.com/opencontainers/runc/issues/2748 - // It is also not necessary to order the mount points - // because during initial container creation mounts are - // set up in the order they are configured. - if m.Device == "bind" { - if err := utils.WithProcfd(c.config.Rootfs, m.Destination, func(dstFd string) error { - return mountViaFds(m.Source, nil, m.Destination, dstFd, "", unix.MS_BIND|unix.MS_REC, "") - }); err != nil { - return err - } - umounts = append(umounts, m.Destination) - } + umounts = append(umounts, m.Destination) } } return nil From b8aa5481db42b5222b1725e5af939bec829937c5 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 13 May 2025 19:50:20 -0700 Subject: [PATCH 0947/1176] criu: ignore cgroup early in prepareCriuRestoreMounts It makes sense to ignore cgroup mounts much early in the code, saving some time on unnecessary operations. Signed-off-by: Kir Kolyshkin --- libcontainer/criu_linux.go | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/libcontainer/criu_linux.go b/libcontainer/criu_linux.go index 1629ba5fc3c..af7e2eed268 100644 --- a/libcontainer/criu_linux.go +++ b/libcontainer/criu_linux.go @@ -527,19 +527,8 @@ func (c *Container) restoreNetwork(req *criurpc.CriuReq, criuOpts *CriuOpts) { // restore using CRIU. This function is inspired from the code in // rootfs_linux.go. func (c *Container) makeCriuRestoreMountpoints(m *configs.Mount) error { - if m.Device == "cgroup" { - // No mount point(s) need to be created: - // - // * for v1, mount points are saved by CRIU because - // /sys/fs/cgroup is a tmpfs mount - // - // * for v2, /sys/fs/cgroup is a real mount, but - // the mountpoint appears as soon as /sys is mounted - return nil - } // TODO: pass srcFD? Not sure if criu is impacted by issue #2484. me := mountEntry{Mount: m} - // For all other filesystems, just make the target. if _, err := createMountpoint(c.config.Rootfs, me); err != nil { return fmt.Errorf("create criu restore mountpoint for %s mount: %w", me.Destination, err) } @@ -589,6 +578,14 @@ func (c *Container) prepareCriuRestoreMounts(mounts []*configs.Mount) error { }() // Now go through all mounts and create the required mountpoints. for _, m := range mounts { + // No cgroup mount point(s) need to be created: + // * for v1, mount points are saved by CRIU because + // /sys/fs/cgroup is a tmpfs mount; + // * for v2, /sys/fs/cgroup is a real mount, but + // the mountpoint appears as soon as /sys is mounted. + if m.Device == "cgroup" { + continue + } // If the mountpoint is on a tmpfs, skip it as CRIU will // restore the complete tmpfs content from its checkpoint. if isPathInPrefixList(m.Destination, tmpfs) { From f91fbd34d9e819a833c7da00c6c88f5371a82ac5 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 13 May 2025 19:52:18 -0700 Subject: [PATCH 0948/1176] criu: inline makeCriuRestoreMountpoints Since its code is now trivial, and it is only called from a single place, it does not make sense to have it as a separate function. Signed-off-by: Kir Kolyshkin --- libcontainer/criu_linux.go | 16 ++-------------- 1 file changed, 2 insertions(+), 14 deletions(-) diff --git a/libcontainer/criu_linux.go b/libcontainer/criu_linux.go index af7e2eed268..92a93e75f95 100644 --- a/libcontainer/criu_linux.go +++ b/libcontainer/criu_linux.go @@ -523,18 +523,6 @@ func (c *Container) restoreNetwork(req *criurpc.CriuReq, criuOpts *CriuOpts) { } } -// makeCriuRestoreMountpoints makes the actual mountpoints for the -// restore using CRIU. This function is inspired from the code in -// rootfs_linux.go. -func (c *Container) makeCriuRestoreMountpoints(m *configs.Mount) error { - // TODO: pass srcFD? Not sure if criu is impacted by issue #2484. - me := mountEntry{Mount: m} - if _, err := createMountpoint(c.config.Rootfs, me); err != nil { - return fmt.Errorf("create criu restore mountpoint for %s mount: %w", me.Destination, err) - } - return nil -} - // isPathInPrefixList is a small function for CRIU restore to make sure // mountpoints, which are on a tmpfs, are not created in the roofs. func isPathInPrefixList(path string, prefix []string) bool { @@ -591,8 +579,8 @@ func (c *Container) prepareCriuRestoreMounts(mounts []*configs.Mount) error { if isPathInPrefixList(m.Destination, tmpfs) { continue } - if err := c.makeCriuRestoreMountpoints(m); err != nil { - return err + if _, err := createMountpoint(c.config.Rootfs, mountEntry{Mount: m}); err != nil { + return fmt.Errorf("create criu restore mountpoint for %s mount: %w", m.Destination, err) } // If the mount point is a bind mount, we need to mount // it now so that runc can create the necessary mount From ce3cd4234c9cd90f8109a33ab86f3456c2edf947 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 13 May 2025 20:00:06 -0700 Subject: [PATCH 0949/1176] criu: simplify isOnTmpfs check in prepareCriuRestoreMounts Instead of generating a list of tmpfs mount and have a special function to check whether the path is in the list, let's go over the list of mounts directly. This simplifies the code and improves readability. Signed-off-by: Kir Kolyshkin --- libcontainer/criu_linux.go | 18 ++++-------------- 1 file changed, 4 insertions(+), 14 deletions(-) diff --git a/libcontainer/criu_linux.go b/libcontainer/criu_linux.go index 92a93e75f95..a86e53fd785 100644 --- a/libcontainer/criu_linux.go +++ b/libcontainer/criu_linux.go @@ -523,11 +523,9 @@ func (c *Container) restoreNetwork(req *criurpc.CriuReq, criuOpts *CriuOpts) { } } -// isPathInPrefixList is a small function for CRIU restore to make sure -// mountpoints, which are on a tmpfs, are not created in the roofs. -func isPathInPrefixList(path string, prefix []string) bool { - for _, p := range prefix { - if strings.HasPrefix(path, p+"/") { +func isOnTmpfs(path string, mounts []*configs.Mount) bool { + for _, m := range mounts { + if m.Device == "tmpfs" && strings.HasPrefix(path, m.Destination+"/") { return true } } @@ -541,14 +539,6 @@ func isPathInPrefixList(path string, prefix []string) bool { // This function also creates missing mountpoints as long as they // are not on top of a tmpfs, as CRIU will restore tmpfs content anyway. func (c *Container) prepareCriuRestoreMounts(mounts []*configs.Mount) error { - // First get a list of a all tmpfs mounts - tmpfs := []string{} - for _, m := range mounts { - switch m.Device { - case "tmpfs": - tmpfs = append(tmpfs, m.Destination) - } - } umounts := []string{} defer func() { for _, u := range umounts { @@ -576,7 +566,7 @@ func (c *Container) prepareCriuRestoreMounts(mounts []*configs.Mount) error { } // If the mountpoint is on a tmpfs, skip it as CRIU will // restore the complete tmpfs content from its checkpoint. - if isPathInPrefixList(m.Destination, tmpfs) { + if isOnTmpfs(m.Destination, mounts) { continue } if _, err := createMountpoint(c.config.Rootfs, mountEntry{Mount: m}); err != nil { From 8b0e7511cf9207d06803fe8658956f960e13968e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 21 May 2025 04:22:38 +0000 Subject: [PATCH 0950/1176] build(deps): bump github.com/containerd/console from 1.0.4 to 1.0.5 Bumps [github.com/containerd/console](https://github.com/containerd/console) from 1.0.4 to 1.0.5. - [Release notes](https://github.com/containerd/console/releases) - [Commits](https://github.com/containerd/console/compare/v1.0.4...v1.0.5) --- updated-dependencies: - dependency-name: github.com/containerd/console dependency-version: 1.0.5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- vendor/github.com/containerd/console/console_other.go | 4 ++-- vendor/github.com/containerd/console/console_unix.go | 9 +++++++++ vendor/github.com/containerd/console/tc_darwin.go | 5 ++--- vendor/github.com/containerd/console/tc_freebsd_cgo.go | 5 ++--- vendor/github.com/containerd/console/tc_freebsd_nocgo.go | 5 ++--- vendor/github.com/containerd/console/tc_linux.go | 5 ++--- vendor/github.com/containerd/console/tc_netbsd.go | 5 ++--- vendor/github.com/containerd/console/tc_openbsd_cgo.go | 6 ++---- vendor/github.com/containerd/console/tc_openbsd_nocgo.go | 6 ++---- vendor/github.com/containerd/console/tc_zos.go | 5 ++--- vendor/modules.txt | 2 +- 13 files changed, 31 insertions(+), 32 deletions(-) diff --git a/go.mod b/go.mod index ea5650bb0af..9cabd88eae9 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.23.0 require ( github.com/checkpoint-restore/go-criu/v7 v7.2.0 - github.com/containerd/console v1.0.4 + github.com/containerd/console v1.0.5 github.com/coreos/go-systemd/v22 v22.5.0 github.com/cyphar/filepath-securejoin v0.4.1 github.com/docker/go-units v0.5.0 diff --git a/go.sum b/go.sum index e57a0f5a19e..03a4f74f8e3 100644 --- a/go.sum +++ b/go.sum @@ -3,8 +3,8 @@ github.com/checkpoint-restore/go-criu/v7 v7.2.0 h1:qGiWA4App1gGlEfIJ68WR9jbezV9J github.com/checkpoint-restore/go-criu/v7 v7.2.0/go.mod h1:u0LCWLg0w4yqqu14aXhiB4YD3a1qd8EcCEg7vda5dwo= github.com/cilium/ebpf v0.17.3 h1:FnP4r16PWYSE4ux6zN+//jMcW4nMVRvuTLVTvCjyyjg= github.com/cilium/ebpf v0.17.3/go.mod h1:G5EDHij8yiLzaqn0WjyfJHvRa+3aDlReIaLVRMvOyJk= -github.com/containerd/console v1.0.4 h1:F2g4+oChYvBTsASRTz8NP6iIAi97J3TtSAsLbIFn4ro= -github.com/containerd/console v1.0.4/go.mod h1:YynlIjWYF8myEu6sdkwKIvGQq+cOckRm6So2avqoYAk= +github.com/containerd/console v1.0.5 h1:R0ymNeydRqH2DmakFNdmjR2k0t7UPuiOV/N/27/qqsc= +github.com/containerd/console v1.0.5/go.mod h1:YynlIjWYF8myEu6sdkwKIvGQq+cOckRm6So2avqoYAk= github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs= github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/cpuguy83/go-md2man/v2 v2.0.5 h1:ZtcqGrnekaHpVLArFSe4HK5DoKx1T0rq2DwVB0alcyc= diff --git a/vendor/github.com/containerd/console/console_other.go b/vendor/github.com/containerd/console/console_other.go index 933dfadddae..968c5771c8d 100644 --- a/vendor/github.com/containerd/console/console_other.go +++ b/vendor/github.com/containerd/console/console_other.go @@ -1,5 +1,5 @@ -//go:build !darwin && !freebsd && !linux && !netbsd && !openbsd && !solaris && !windows && !zos -// +build !darwin,!freebsd,!linux,!netbsd,!openbsd,!solaris,!windows,!zos +//go:build !darwin && !freebsd && !linux && !netbsd && !openbsd && !windows && !zos +// +build !darwin,!freebsd,!linux,!netbsd,!openbsd,!windows,!zos /* Copyright The containerd Authors. diff --git a/vendor/github.com/containerd/console/console_unix.go b/vendor/github.com/containerd/console/console_unix.go index 161f5d126cb..aa4c696234a 100644 --- a/vendor/github.com/containerd/console/console_unix.go +++ b/vendor/github.com/containerd/console/console_unix.go @@ -31,6 +31,15 @@ func NewPty() (Console, string, error) { if err != nil { return nil, "", err } + return NewPtyFromFile(f) +} + +// NewPtyFromFile creates a new pty pair, just like [NewPty] except that the +// provided [os.File] is used as the master rather than automatically creating +// a new master from /dev/ptmx. The ownership of [os.File] is passed to the +// returned [Console], so the caller must be careful to not call Close on the +// underlying file. +func NewPtyFromFile(f File) (Console, string, error) { slave, err := ptsname(f) if err != nil { return nil, "", err diff --git a/vendor/github.com/containerd/console/tc_darwin.go b/vendor/github.com/containerd/console/tc_darwin.go index 787154580f6..77c695a40fb 100644 --- a/vendor/github.com/containerd/console/tc_darwin.go +++ b/vendor/github.com/containerd/console/tc_darwin.go @@ -18,7 +18,6 @@ package console import ( "fmt" - "os" "golang.org/x/sys/unix" ) @@ -30,12 +29,12 @@ const ( // unlockpt unlocks the slave pseudoterminal device corresponding to the master pseudoterminal referred to by f. // unlockpt should be called before opening the slave side of a pty. -func unlockpt(f *os.File) error { +func unlockpt(f File) error { return unix.IoctlSetPointerInt(int(f.Fd()), unix.TIOCPTYUNLK, 0) } // ptsname retrieves the name of the first available pts for the given master. -func ptsname(f *os.File) (string, error) { +func ptsname(f File) (string, error) { n, err := unix.IoctlGetInt(int(f.Fd()), unix.TIOCPTYGNAME) if err != nil { return "", err diff --git a/vendor/github.com/containerd/console/tc_freebsd_cgo.go b/vendor/github.com/containerd/console/tc_freebsd_cgo.go index 33282579411..627f7d55a99 100644 --- a/vendor/github.com/containerd/console/tc_freebsd_cgo.go +++ b/vendor/github.com/containerd/console/tc_freebsd_cgo.go @@ -21,7 +21,6 @@ package console import ( "fmt" - "os" "golang.org/x/sys/unix" ) @@ -39,7 +38,7 @@ const ( // unlockpt unlocks the slave pseudoterminal device corresponding to the master pseudoterminal referred to by f. // unlockpt should be called before opening the slave side of a pty. -func unlockpt(f *os.File) error { +func unlockpt(f File) error { fd := C.int(f.Fd()) if _, err := C.unlockpt(fd); err != nil { C.close(fd) @@ -49,7 +48,7 @@ func unlockpt(f *os.File) error { } // ptsname retrieves the name of the first available pts for the given master. -func ptsname(f *os.File) (string, error) { +func ptsname(f File) (string, error) { n, err := unix.IoctlGetInt(int(f.Fd()), unix.TIOCGPTN) if err != nil { return "", err diff --git a/vendor/github.com/containerd/console/tc_freebsd_nocgo.go b/vendor/github.com/containerd/console/tc_freebsd_nocgo.go index 18a9b9cbea9..434ba46efc1 100644 --- a/vendor/github.com/containerd/console/tc_freebsd_nocgo.go +++ b/vendor/github.com/containerd/console/tc_freebsd_nocgo.go @@ -21,7 +21,6 @@ package console import ( "fmt" - "os" "golang.org/x/sys/unix" ) @@ -42,12 +41,12 @@ const ( // unlockpt unlocks the slave pseudoterminal device corresponding to the master pseudoterminal referred to by f. // unlockpt should be called before opening the slave side of a pty. -func unlockpt(f *os.File) error { +func unlockpt(f File) error { panic("unlockpt() support requires cgo.") } // ptsname retrieves the name of the first available pts for the given master. -func ptsname(f *os.File) (string, error) { +func ptsname(f File) (string, error) { n, err := unix.IoctlGetInt(int(f.Fd()), unix.TIOCGPTN) if err != nil { return "", err diff --git a/vendor/github.com/containerd/console/tc_linux.go b/vendor/github.com/containerd/console/tc_linux.go index 7d552ea4ba1..e98dc022dc6 100644 --- a/vendor/github.com/containerd/console/tc_linux.go +++ b/vendor/github.com/containerd/console/tc_linux.go @@ -18,7 +18,6 @@ package console import ( "fmt" - "os" "unsafe" "golang.org/x/sys/unix" @@ -31,7 +30,7 @@ const ( // unlockpt unlocks the slave pseudoterminal device corresponding to the master pseudoterminal referred to by f. // unlockpt should be called before opening the slave side of a pty. -func unlockpt(f *os.File) error { +func unlockpt(f File) error { var u int32 // XXX do not use unix.IoctlSetPointerInt here, see commit dbd69c59b81. if _, _, err := unix.Syscall(unix.SYS_IOCTL, f.Fd(), unix.TIOCSPTLCK, uintptr(unsafe.Pointer(&u))); err != 0 { @@ -41,7 +40,7 @@ func unlockpt(f *os.File) error { } // ptsname retrieves the name of the first available pts for the given master. -func ptsname(f *os.File) (string, error) { +func ptsname(f File) (string, error) { var u uint32 // XXX do not use unix.IoctlGetInt here, see commit dbd69c59b81. if _, _, err := unix.Syscall(unix.SYS_IOCTL, f.Fd(), unix.TIOCGPTN, uintptr(unsafe.Pointer(&u))); err != 0 { diff --git a/vendor/github.com/containerd/console/tc_netbsd.go b/vendor/github.com/containerd/console/tc_netbsd.go index 71227aefdff..73cf4397772 100644 --- a/vendor/github.com/containerd/console/tc_netbsd.go +++ b/vendor/github.com/containerd/console/tc_netbsd.go @@ -18,7 +18,6 @@ package console import ( "bytes" - "os" "golang.org/x/sys/unix" ) @@ -31,12 +30,12 @@ const ( // unlockpt unlocks the slave pseudoterminal device corresponding to the master pseudoterminal referred to by f. // unlockpt should be called before opening the slave side of a pty. // This does not exist on NetBSD, it does not allocate controlling terminals on open -func unlockpt(f *os.File) error { +func unlockpt(f File) error { return nil } // ptsname retrieves the name of the first available pts for the given master. -func ptsname(f *os.File) (string, error) { +func ptsname(f File) (string, error) { ptm, err := unix.IoctlGetPtmget(int(f.Fd()), unix.TIOCPTSNAME) if err != nil { return "", err diff --git a/vendor/github.com/containerd/console/tc_openbsd_cgo.go b/vendor/github.com/containerd/console/tc_openbsd_cgo.go index 0e76f6cc3e0..46f4250c4d6 100644 --- a/vendor/github.com/containerd/console/tc_openbsd_cgo.go +++ b/vendor/github.com/containerd/console/tc_openbsd_cgo.go @@ -20,8 +20,6 @@ package console import ( - "os" - "golang.org/x/sys/unix" ) @@ -34,7 +32,7 @@ const ( ) // ptsname retrieves the name of the first available pts for the given master. -func ptsname(f *os.File) (string, error) { +func ptsname(f File) (string, error) { ptspath, err := C.ptsname(C.int(f.Fd())) if err != nil { return "", err @@ -44,7 +42,7 @@ func ptsname(f *os.File) (string, error) { // unlockpt unlocks the slave pseudoterminal device corresponding to the master pseudoterminal referred to by f. // unlockpt should be called before opening the slave side of a pty. -func unlockpt(f *os.File) error { +func unlockpt(f File) error { if _, err := C.grantpt(C.int(f.Fd())); err != nil { return err } diff --git a/vendor/github.com/containerd/console/tc_openbsd_nocgo.go b/vendor/github.com/containerd/console/tc_openbsd_nocgo.go index dca92418b0e..a8f9f6c25cb 100644 --- a/vendor/github.com/containerd/console/tc_openbsd_nocgo.go +++ b/vendor/github.com/containerd/console/tc_openbsd_nocgo.go @@ -29,8 +29,6 @@ package console import ( - "os" - "golang.org/x/sys/unix" ) @@ -39,10 +37,10 @@ const ( cmdTcSet = unix.TIOCSETA ) -func ptsname(f *os.File) (string, error) { +func ptsname(f File) (string, error) { panic("ptsname() support requires cgo.") } -func unlockpt(f *os.File) error { +func unlockpt(f File) error { panic("unlockpt() support requires cgo.") } diff --git a/vendor/github.com/containerd/console/tc_zos.go b/vendor/github.com/containerd/console/tc_zos.go index fc90ba5fb86..23b0bd2820b 100644 --- a/vendor/github.com/containerd/console/tc_zos.go +++ b/vendor/github.com/containerd/console/tc_zos.go @@ -17,7 +17,6 @@ package console import ( - "os" "strings" "golang.org/x/sys/unix" @@ -29,11 +28,11 @@ const ( ) // unlockpt is a no-op on zos. -func unlockpt(_ *os.File) error { +func unlockpt(File) error { return nil } // ptsname retrieves the name of the first available pts for the given master. -func ptsname(f *os.File) (string, error) { +func ptsname(f File) (string, error) { return "/dev/ttyp" + strings.TrimPrefix(f.Name(), "/dev/ptyp"), nil } diff --git a/vendor/modules.txt b/vendor/modules.txt index babbfecb0ef..6d79df1b4d3 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -17,7 +17,7 @@ github.com/cilium/ebpf/internal/testutils/fdtrace github.com/cilium/ebpf/internal/tracefs github.com/cilium/ebpf/internal/unix github.com/cilium/ebpf/link -# github.com/containerd/console v1.0.4 +# github.com/containerd/console v1.0.5 ## explicit; go 1.13 github.com/containerd/console # github.com/coreos/go-systemd/v22 v22.5.0 From 31d141e2e7e3a2cdb1fb867bf7ccaba594a3a53e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 6 Jun 2025 04:56:47 +0000 Subject: [PATCH 0951/1176] build(deps): bump golang.org/x/net from 0.40.0 to 0.41.0 Bumps [golang.org/x/net](https://github.com/golang/net) from 0.40.0 to 0.41.0. - [Commits](https://github.com/golang/net/compare/v0.40.0...v0.41.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-version: 0.41.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- vendor/modules.txt | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index 257d8b874b7..6ee3fa5a1df 100644 --- a/go.mod +++ b/go.mod @@ -21,7 +21,7 @@ require ( github.com/sirupsen/logrus v1.9.3 github.com/urfave/cli v1.22.16 github.com/vishvananda/netlink v1.3.1 - golang.org/x/net v0.40.0 + golang.org/x/net v0.41.0 golang.org/x/sys v0.33.0 google.golang.org/protobuf v1.36.6 ) diff --git a/go.sum b/go.sum index 9bb7740ee6d..17e4195910b 100644 --- a/go.sum +++ b/go.sum @@ -77,8 +77,8 @@ github.com/vishvananda/netlink v1.3.1 h1:3AEMt62VKqz90r0tmNhog0r/PpWKmrEShJU0wJW github.com/vishvananda/netlink v1.3.1/go.mod h1:ARtKouGSTGchR8aMwmkzC0qiNPrrWO5JS/XMVl45+b4= github.com/vishvananda/netns v0.0.5 h1:DfiHV+j8bA32MFM7bfEunvT8IAqQ/NzSJHtcmW5zdEY= github.com/vishvananda/netns v0.0.5/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM= -golang.org/x/net v0.40.0 h1:79Xs7wF06Gbdcg4kdCCIQArK11Z1hr5POQ6+fIYHNuY= -golang.org/x/net v0.40.0/go.mod h1:y0hY0exeL2Pku80/zKK7tpntoX23cqL3Oa6njdgRtds= +golang.org/x/net v0.41.0 h1:vBTly1HeNPEn3wtREYfy4GZ/NECgw2Cnl+nK6Nz3uvw= +golang.org/x/net v0.41.0/go.mod h1:B/K4NNqkfmg07DQYrbwvSluqCJOOXwUjeb/5lOisjbA= golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= diff --git a/vendor/modules.txt b/vendor/modules.txt index 5db78dab2a7..bf0f05159b1 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -91,7 +91,7 @@ github.com/vishvananda/netlink/nl # github.com/vishvananda/netns v0.0.5 ## explicit; go 1.17 github.com/vishvananda/netns -# golang.org/x/net v0.40.0 +# golang.org/x/net v0.41.0 ## explicit; go 1.23.0 golang.org/x/net/bpf # golang.org/x/sys v0.33.0 From 99a4f1983d1a8128d19b49ca62286d35d32dc449 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 16 Jun 2025 04:36:33 +0000 Subject: [PATCH 0952/1176] build(deps): bump github.com/urfave/cli from 1.22.16 to 1.22.17 Bumps [github.com/urfave/cli](https://github.com/urfave/cli) from 1.22.16 to 1.22.17. - [Release notes](https://github.com/urfave/cli/releases) - [Changelog](https://github.com/urfave/cli/blob/main/docs/CHANGELOG.md) - [Commits](https://github.com/urfave/cli/compare/v1.22.16...v1.22.17) --- updated-dependencies: - dependency-name: github.com/urfave/cli dependency-version: 1.22.17 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 4 +-- go.sum | 14 +++++----- .../cpuguy83/go-md2man/v2/md2man/md2man.go | 1 + .../cpuguy83/go-md2man/v2/md2man/roff.go | 26 ++++++++++++------- vendor/modules.txt | 6 ++--- 5 files changed, 30 insertions(+), 21 deletions(-) diff --git a/go.mod b/go.mod index 6ee3fa5a1df..f28a5dfc55f 100644 --- a/go.mod +++ b/go.mod @@ -19,7 +19,7 @@ require ( github.com/opencontainers/selinux v1.12.0 github.com/seccomp/libseccomp-golang v0.11.0 github.com/sirupsen/logrus v1.9.3 - github.com/urfave/cli v1.22.16 + github.com/urfave/cli v1.22.17 github.com/vishvananda/netlink v1.3.1 golang.org/x/net v0.41.0 golang.org/x/sys v0.33.0 @@ -28,7 +28,7 @@ require ( require ( github.com/cilium/ebpf v0.17.3 // indirect - github.com/cpuguy83/go-md2man/v2 v2.0.5 // indirect + github.com/cpuguy83/go-md2man/v2 v2.0.7 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/vishvananda/netns v0.0.5 // indirect ) diff --git a/go.sum b/go.sum index 17e4195910b..2c7f5ba3867 100644 --- a/go.sum +++ b/go.sum @@ -1,4 +1,4 @@ -github.com/BurntSushi/toml v1.4.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= +github.com/BurntSushi/toml v1.5.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= github.com/checkpoint-restore/go-criu/v7 v7.2.0 h1:qGiWA4App1gGlEfIJ68WR9jbezV9J7yZdjzglezcqKo= github.com/checkpoint-restore/go-criu/v7 v7.2.0/go.mod h1:u0LCWLg0w4yqqu14aXhiB4YD3a1qd8EcCEg7vda5dwo= github.com/cilium/ebpf v0.17.3 h1:FnP4r16PWYSE4ux6zN+//jMcW4nMVRvuTLVTvCjyyjg= @@ -7,8 +7,8 @@ github.com/containerd/console v1.0.5 h1:R0ymNeydRqH2DmakFNdmjR2k0t7UPuiOV/N/27/q github.com/containerd/console v1.0.5/go.mod h1:YynlIjWYF8myEu6sdkwKIvGQq+cOckRm6So2avqoYAk= github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs= github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= -github.com/cpuguy83/go-md2man/v2 v2.0.5 h1:ZtcqGrnekaHpVLArFSe4HK5DoKx1T0rq2DwVB0alcyc= -github.com/cpuguy83/go-md2man/v2 v2.0.5/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= +github.com/cpuguy83/go-md2man/v2 v2.0.7 h1:zbFlGlXEAKlwXpmvle3d8Oe3YnkKIK4xSRTd3sHPnBo= +github.com/cpuguy83/go-md2man/v2 v2.0.7/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g= github.com/cyphar/filepath-securejoin v0.4.1 h1:JyxxyPEaktOD+GAnqIqTf9A8tHyAG22rowi7HkoSU1s= github.com/cyphar/filepath-securejoin v0.4.1/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -69,10 +69,10 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= -github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= -github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= -github.com/urfave/cli v1.22.16 h1:MH0k6uJxdwdeWQTwhSO42Pwr4YLrNLwBtg1MRgTqPdQ= -github.com/urfave/cli v1.22.16/go.mod h1:EeJR6BKodywf4zciqrdw6hpCPk68JO9z5LazXZMn5Po= +github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= +github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/urfave/cli v1.22.17 h1:SYzXoiPfQjHBbkYxbew5prZHS1TOLT3ierW8SYLqtVQ= +github.com/urfave/cli v1.22.17/go.mod h1:b0ht0aqgH/6pBYzzxURyrM4xXNgsoT/n2ZzwQiEhNVo= github.com/vishvananda/netlink v1.3.1 h1:3AEMt62VKqz90r0tmNhog0r/PpWKmrEShJU0wJW6bV0= github.com/vishvananda/netlink v1.3.1/go.mod h1:ARtKouGSTGchR8aMwmkzC0qiNPrrWO5JS/XMVl45+b4= github.com/vishvananda/netns v0.0.5 h1:DfiHV+j8bA32MFM7bfEunvT8IAqQ/NzSJHtcmW5zdEY= diff --git a/vendor/github.com/cpuguy83/go-md2man/v2/md2man/md2man.go b/vendor/github.com/cpuguy83/go-md2man/v2/md2man/md2man.go index 62d91b77d58..5673f5c0bc6 100644 --- a/vendor/github.com/cpuguy83/go-md2man/v2/md2man/md2man.go +++ b/vendor/github.com/cpuguy83/go-md2man/v2/md2man/md2man.go @@ -1,3 +1,4 @@ +// Package md2man aims in converting markdown into roff (man pages). package md2man import ( diff --git a/vendor/github.com/cpuguy83/go-md2man/v2/md2man/roff.go b/vendor/github.com/cpuguy83/go-md2man/v2/md2man/roff.go index 9d6c473fdc0..4f1070fc5b7 100644 --- a/vendor/github.com/cpuguy83/go-md2man/v2/md2man/roff.go +++ b/vendor/github.com/cpuguy83/go-md2man/v2/md2man/roff.go @@ -47,13 +47,13 @@ const ( tableStart = "\n.TS\nallbox;\n" tableEnd = ".TE\n" tableCellStart = "T{\n" - tableCellEnd = "\nT}\n" + tableCellEnd = "\nT}" tablePreprocessor = `'\" t` ) // NewRoffRenderer creates a new blackfriday Renderer for generating roff documents // from markdown -func NewRoffRenderer() *roffRenderer { // nolint: golint +func NewRoffRenderer() *roffRenderer { return &roffRenderer{} } @@ -104,7 +104,7 @@ func (r *roffRenderer) RenderNode(w io.Writer, node *blackfriday.Node, entering node.Parent.Prev.Type == blackfriday.Heading && node.Parent.Prev.FirstChild != nil && bytes.EqualFold(node.Parent.Prev.FirstChild.Literal, []byte("NAME")) { - before, after, found := bytes.Cut(node.Literal, []byte(" - ")) + before, after, found := bytesCut(node.Literal, []byte(" - ")) escapeSpecialChars(w, before) if found { out(w, ` \- `) @@ -316,9 +316,8 @@ func (r *roffRenderer) handleTableCell(w io.Writer, node *blackfriday.Node, ente } else if nodeLiteralSize(node) > 30 { end = tableCellEnd } - if node.Next == nil && end != tableCellEnd { - // Last cell: need to carriage return if we are at the end of the - // header row and content isn't wrapped in a "tablecell" + if node.Next == nil { + // Last cell: need to carriage return if we are at the end of the header row. end += crTag } out(w, end) @@ -356,7 +355,7 @@ func countColumns(node *blackfriday.Node) int { } func out(w io.Writer, output string) { - io.WriteString(w, output) // nolint: errcheck + io.WriteString(w, output) //nolint:errcheck } func escapeSpecialChars(w io.Writer, text []byte) { @@ -395,7 +394,7 @@ func escapeSpecialCharsLine(w io.Writer, text []byte) { i++ } if i > org { - w.Write(text[org:i]) // nolint: errcheck + w.Write(text[org:i]) //nolint:errcheck } // escape a character @@ -403,6 +402,15 @@ func escapeSpecialCharsLine(w io.Writer, text []byte) { break } - w.Write([]byte{'\\', text[i]}) // nolint: errcheck + w.Write([]byte{'\\', text[i]}) //nolint:errcheck } } + +// bytesCut is a copy of [bytes.Cut] to provide compatibility with go1.17 +// and older. We can remove this once we drop support for go1.17 and older. +func bytesCut(s, sep []byte) (before, after []byte, found bool) { + if i := bytes.Index(s, sep); i >= 0 { + return s[:i], s[i+len(sep):], true + } + return s, nil, false +} diff --git a/vendor/modules.txt b/vendor/modules.txt index bf0f05159b1..064ee9a8579 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -24,8 +24,8 @@ github.com/containerd/console ## explicit; go 1.12 github.com/coreos/go-systemd/v22/activation github.com/coreos/go-systemd/v22/dbus -# github.com/cpuguy83/go-md2man/v2 v2.0.5 -## explicit; go 1.11 +# github.com/cpuguy83/go-md2man/v2 v2.0.7 +## explicit; go 1.12 github.com/cpuguy83/go-md2man/v2/md2man # github.com/cyphar/filepath-securejoin v0.4.1 ## explicit; go 1.18 @@ -81,7 +81,7 @@ github.com/seccomp/libseccomp-golang ## explicit; go 1.13 github.com/sirupsen/logrus github.com/sirupsen/logrus/hooks/test -# github.com/urfave/cli v1.22.16 +# github.com/urfave/cli v1.22.17 ## explicit; go 1.11 github.com/urfave/cli # github.com/vishvananda/netlink v1.3.1 From 7696402dac66a1468f6269c1afc48c5d6b6e9115 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 30 May 2025 15:08:21 -0700 Subject: [PATCH 0953/1176] runc update: support per-device weight and iops This support was missing from runc, and thus the example from the podman-update wasn't working. To fix, introduce a function to either update or insert new weights and iops. Add integration tests. Signed-off-by: Kir Kolyshkin --- tests/integration/cgroups.bats | 35 +++++++++++++++++---- tests/integration/helpers.bash | 16 ++++++++++ tests/integration/update.bats | 54 ++++++++++++++++++++++++++++++++ update.go | 57 ++++++++++++++++++++++++++++++++++ 4 files changed, 156 insertions(+), 6 deletions(-) diff --git a/tests/integration/cgroups.bats b/tests/integration/cgroups.bats index 106b15faca6..88d2eb89e35 100644 --- a/tests/integration/cgroups.bats +++ b/tests/integration/cgroups.bats @@ -174,17 +174,40 @@ function setup() { runc run -d --console-socket "$CONSOLE_SOCKET" test_dev_weight [ "$status" -eq 0 ] - # The loop device itself is no longer needed. - losetup -d "$dev" - if [ -v CGROUP_V2 ]; then file="io.bfq.weight" else file="blkio.bfq.weight_device" fi - weights=$(get_cgroup_value $file) - [[ "$weights" == *"default 333"* ]] - [[ "$weights" == *"$major:$minor 444"* ]] + weights1=$(get_cgroup_value $file) + + # Check that runc update works. + runc update -r - test_dev_weight < Date: Thu, 12 Jun 2025 13:52:17 -0700 Subject: [PATCH 0954/1176] runc update: handle duplicated devs properly In case there's a duplicate in the device list, the latter entry overrides the former one. So, we need to modify the last entry, not the first one. To do that, use slices.Backward. Amend the test case to test the fix. Reported-by: lifubang Signed-off-by: Kir Kolyshkin --- tests/integration/update.bats | 8 ++++++++ update.go | 9 +++++++-- 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/tests/integration/update.bats b/tests/integration/update.bats index 9e0c64bdf0f..9651ff93c1e 100644 --- a/tests/integration/update.bats +++ b/tests/integration/update.bats @@ -905,6 +905,14 @@ EOF echo "===" skip "can't get device major number from /proc/partitions (got $major)" fi + # Add an entry to check that + # - existing devices can be updated; + # - duplicates are handled properly; + # (see func upsert* in update.go). + update_config ' .linux.resources.blockIO.throttleReadBpsDevice |= [ + { major: '"$major"', minor: 0, rate: 485760 }, + { major: '"$major"', minor: 0, rate: 485760 } + ]' runc run -d --console-socket "$CONSOLE_SOCKET" test_update [ "$status" -eq 0 ] diff --git a/update.go b/update.go index 0a352b7b9f9..bc8ed13181d 100644 --- a/update.go +++ b/update.go @@ -5,6 +5,7 @@ import ( "errors" "fmt" "os" + "slices" "strconv" "github.com/opencontainers/cgroups" @@ -402,7 +403,9 @@ other options are ignored. } func upsertWeightDevice(devices []*cgroups.WeightDevice, wd specs.LinuxWeightDevice) []*cgroups.WeightDevice { - for i, dev := range devices { + // Iterate backwards because in case of a duplicate + // the last one will be used. + for i, dev := range slices.Backward(devices) { if dev.Major != wd.Major || dev.Minor != wd.Minor { continue } @@ -429,7 +432,9 @@ func upsertWeightDevice(devices []*cgroups.WeightDevice, wd specs.LinuxWeightDev } func upsertThrottleDevice(devices []*cgroups.ThrottleDevice, td specs.LinuxThrottleDevice) []*cgroups.ThrottleDevice { - for i, dev := range devices { + // Iterate backwards because in case of a duplicate + // the last one will be used. + for i, dev := range slices.Backward(devices) { if dev.Major == td.Major && dev.Minor == td.Minor { devices[i].Rate = td.Rate return devices From ed5df5f96f5f782b3b3adb9d1b5cabe357489713 Mon Sep 17 00:00:00 2001 From: Antonio Ojea Date: Wed, 21 May 2025 07:07:26 +0000 Subject: [PATCH 0955/1176] libcontainer/configs package doc Signed-off-by: Antonio Ojea --- libcontainer/configs/doc.go | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 libcontainer/configs/doc.go diff --git a/libcontainer/configs/doc.go b/libcontainer/configs/doc.go new file mode 100644 index 00000000000..2d3ae0b27d2 --- /dev/null +++ b/libcontainer/configs/doc.go @@ -0,0 +1,2 @@ +// Package configs defines the structures and constants used for configuring a container +package configs From 889c7b272f142a75a5a0461a5184e54bee5e0e60 Mon Sep 17 00:00:00 2001 From: Antonio Ojea Date: Tue, 1 Apr 2025 11:20:04 +0000 Subject: [PATCH 0956/1176] update runtime-spec Signed-off-by: Antonio Ojea --- go.mod | 2 +- go.sum | 4 ++-- .../opencontainers/runtime-spec/specs-go/config.go | 8 ++++++++ .../runtime-spec/specs-go/features/features.go | 8 ++++++++ .../opencontainers/runtime-spec/specs-go/version.go | 2 +- vendor/modules.txt | 2 +- 6 files changed, 21 insertions(+), 5 deletions(-) diff --git a/go.mod b/go.mod index f28a5dfc55f..34c3e60a02e 100644 --- a/go.mod +++ b/go.mod @@ -15,7 +15,7 @@ require ( github.com/moby/sys/userns v0.1.0 github.com/mrunalp/fileutils v0.5.1 github.com/opencontainers/cgroups v0.0.2 - github.com/opencontainers/runtime-spec v1.2.1 + github.com/opencontainers/runtime-spec v1.2.2-0.20250401095657-e935f995dd67 github.com/opencontainers/selinux v1.12.0 github.com/seccomp/libseccomp-golang v0.11.0 github.com/sirupsen/logrus v1.9.3 diff --git a/go.sum b/go.sum index 2c7f5ba3867..f09a27ac74f 100644 --- a/go.sum +++ b/go.sum @@ -47,8 +47,8 @@ github.com/mrunalp/fileutils v0.5.1 h1:F+S7ZlNKnrwHfSwdlgNSkKo67ReVf8o9fel6C3dkm github.com/mrunalp/fileutils v0.5.1/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ= github.com/opencontainers/cgroups v0.0.2 h1:A+mAPPMfgKNCEZUUtibESFx06uvhAmvo8sSz3Abwk7o= github.com/opencontainers/cgroups v0.0.2/go.mod h1:s8lktyhlGUqM7OSRL5P7eAW6Wb+kWPNvt4qvVfzA5vs= -github.com/opencontainers/runtime-spec v1.2.1 h1:S4k4ryNgEpxW1dzyqffOmhI1BHYcjzU8lpJfSlR0xww= -github.com/opencontainers/runtime-spec v1.2.1/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= +github.com/opencontainers/runtime-spec v1.2.2-0.20250401095657-e935f995dd67 h1:Q+KewUGTMamIe6Q39xCD/T1NC1POmaTlWnhjikCrZHA= +github.com/opencontainers/runtime-spec v1.2.2-0.20250401095657-e935f995dd67/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/selinux v1.12.0 h1:6n5JV4Cf+4y0KNXW48TLj5DwfXpvWlxXplUkdTrmPb8= github.com/opencontainers/selinux v1.12.0/go.mod h1:BTPX+bjVbWGXw7ZZWUbdENt8w0htPSrlgOOysQaU62U= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= diff --git a/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go b/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go index 1aa0693b57d..854290da205 100644 --- a/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go +++ b/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go @@ -236,6 +236,8 @@ type Linux struct { Namespaces []LinuxNamespace `json:"namespaces,omitempty"` // Devices are a list of device nodes that are created for the container Devices []LinuxDevice `json:"devices,omitempty"` + // NetDevices are key-value pairs, keyed by network device name on the host, moved to the container's network namespace. + NetDevices map[string]LinuxNetDevice `json:"netDevices,omitempty"` // Seccomp specifies the seccomp security settings for the container. Seccomp *LinuxSeccomp `json:"seccomp,omitempty"` // RootfsPropagation is the rootfs mount propagation mode for the container. @@ -491,6 +493,12 @@ type LinuxDevice struct { GID *uint32 `json:"gid,omitempty"` } +// LinuxNetDevice represents a single network device to be added to the container's network namespace +type LinuxNetDevice struct { + // Name of the device in the container namespace + Name string `json:"name,omitempty"` +} + // LinuxDeviceCgroup represents a device rule for the devices specified to // the device controller type LinuxDeviceCgroup struct { diff --git a/vendor/github.com/opencontainers/runtime-spec/specs-go/features/features.go b/vendor/github.com/opencontainers/runtime-spec/specs-go/features/features.go index 949f532b65a..d8eb169dc39 100644 --- a/vendor/github.com/opencontainers/runtime-spec/specs-go/features/features.go +++ b/vendor/github.com/opencontainers/runtime-spec/specs-go/features/features.go @@ -48,6 +48,7 @@ type Linux struct { Selinux *Selinux `json:"selinux,omitempty"` IntelRdt *IntelRdt `json:"intelRdt,omitempty"` MountExtensions *MountExtensions `json:"mountExtensions,omitempty"` + NetDevices *NetDevices `json:"netDevices,omitempty"` } // Cgroup represents the "cgroup" field. @@ -143,3 +144,10 @@ type IDMap struct { // Nil value means "unknown", not "false". Enabled *bool `json:"enabled,omitempty"` } + +// NetDevices represents the "netDevices" field. +type NetDevices struct { + // Enabled is true if network devices support is compiled in. + // Nil value means "unknown", not "false". + Enabled *bool `json:"enabled,omitempty"` +} diff --git a/vendor/github.com/opencontainers/runtime-spec/specs-go/version.go b/vendor/github.com/opencontainers/runtime-spec/specs-go/version.go index 23234a9c583..b0a00466b61 100644 --- a/vendor/github.com/opencontainers/runtime-spec/specs-go/version.go +++ b/vendor/github.com/opencontainers/runtime-spec/specs-go/version.go @@ -11,7 +11,7 @@ const ( VersionPatch = 1 // VersionDev indicates development branch. Releases will be empty string. - VersionDev = "" + VersionDev = "+dev" ) // Version is the specification version that the package types support. diff --git a/vendor/modules.txt b/vendor/modules.txt index 064ee9a8579..a08b66fdce3 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -62,7 +62,7 @@ github.com/opencontainers/cgroups/fscommon github.com/opencontainers/cgroups/internal/path github.com/opencontainers/cgroups/manager github.com/opencontainers/cgroups/systemd -# github.com/opencontainers/runtime-spec v1.2.1 +# github.com/opencontainers/runtime-spec v1.2.2-0.20250401095657-e935f995dd67 ## explicit github.com/opencontainers/runtime-spec/specs-go github.com/opencontainers/runtime-spec/specs-go/features From 8d180e9658a2a4de9b87ab32e0c20f6b52955b6a Mon Sep 17 00:00:00 2001 From: Antonio Ojea Date: Thu, 6 Feb 2025 08:43:32 +0000 Subject: [PATCH 0957/1176] Add support for Linux Network Devices Implement support for passing Linux Network Devices to the container network namespace. The network device is passed during the creation of the container, before the process is started. It implements the logic defined in the OCI runtime specification. Signed-off-by: Antonio Ojea --- features.go | 3 + go.mod | 2 +- libcontainer/configs/config.go | 3 + libcontainer/configs/netdevices.go | 7 + libcontainer/configs/validate/validator.go | 38 +++ .../configs/validate/validator_test.go | 166 ++++++++++++++ libcontainer/network_linux.go | 132 +++++++++++ libcontainer/process_linux.go | 28 +++ libcontainer/specconv/spec_linux.go | 8 + libcontainer/specconv/spec_linux_test.go | 61 +++++ tests/integration/checkpoint.bats | 95 ++++++++ tests/integration/netdev.bats | 216 ++++++++++++++++++ tests/integration/userns.bats | 36 +++ 13 files changed, 794 insertions(+), 1 deletion(-) create mode 100644 libcontainer/configs/netdevices.go create mode 100644 tests/integration/netdev.bats diff --git a/features.go b/features.go index b636466bfe4..c5dff4a2d17 100644 --- a/features.go +++ b/features.go @@ -63,6 +63,9 @@ var featuresCommand = cli.Command{ Enabled: &t, }, }, + NetDevices: &features.NetDevices{ + Enabled: &t, + }, }, PotentiallyUnsafeConfigAnnotations: []string{ "bundle", diff --git a/go.mod b/go.mod index 34c3e60a02e..3544a1b6a1b 100644 --- a/go.mod +++ b/go.mod @@ -21,6 +21,7 @@ require ( github.com/sirupsen/logrus v1.9.3 github.com/urfave/cli v1.22.17 github.com/vishvananda/netlink v1.3.1 + github.com/vishvananda/netns v0.0.5 golang.org/x/net v0.41.0 golang.org/x/sys v0.33.0 google.golang.org/protobuf v1.36.6 @@ -30,5 +31,4 @@ require ( github.com/cilium/ebpf v0.17.3 // indirect github.com/cpuguy83/go-md2man/v2 v2.0.7 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect - github.com/vishvananda/netns v0.0.5 // indirect ) diff --git a/libcontainer/configs/config.go b/libcontainer/configs/config.go index f88eb8b842e..411012549d0 100644 --- a/libcontainer/configs/config.go +++ b/libcontainer/configs/config.go @@ -119,6 +119,9 @@ type Config struct { // The device nodes that should be automatically created within the container upon container start. Note, make sure that the node is marked as allowed in the cgroup as well! Devices []*devices.Device `json:"devices"` + // NetDevices are key-value pairs, keyed by network device name, moved to the container's network namespace. + NetDevices map[string]*LinuxNetDevice `json:"netDevices,omitempty"` + MountLabel string `json:"mount_label,omitempty"` // Hostname optionally sets the container's hostname if provided. diff --git a/libcontainer/configs/netdevices.go b/libcontainer/configs/netdevices.go new file mode 100644 index 00000000000..09c38649e4e --- /dev/null +++ b/libcontainer/configs/netdevices.go @@ -0,0 +1,7 @@ +package configs + +// LinuxNetDevice represents a single network device to be added to the container's network namespace. +type LinuxNetDevice struct { + // Name of the device in the container namespace. + Name string `json:"name,omitempty"` +} diff --git a/libcontainer/configs/validate/validator.go b/libcontainer/configs/validate/validator.go index e0052900f43..a9d03a2e202 100644 --- a/libcontainer/configs/validate/validator.go +++ b/libcontainer/configs/validate/validator.go @@ -24,6 +24,7 @@ func Validate(config *configs.Config) error { cgroupsCheck, rootfs, network, + netdevices, uts, security, namespaces, @@ -70,6 +71,43 @@ func rootfs(config *configs.Config) error { return nil } +// https://elixir.bootlin.com/linux/v6.12/source/net/core/dev.c#L1066 +func devValidName(name string) bool { + if len(name) == 0 || len(name) > unix.IFNAMSIZ { + return false + } + if name == "." || name == ".." { + return false + } + if strings.ContainsAny(name, "/: ") { + return false + } + return true +} + +func netdevices(config *configs.Config) error { + if len(config.NetDevices) == 0 { + return nil + } + if !config.Namespaces.Contains(configs.NEWNET) { + return errors.New("unable to move network devices without a NET namespace") + } + + if config.RootlessEUID || config.RootlessCgroups { + return errors.New("network devices are not supported for rootless containers") + } + + for name, netdev := range config.NetDevices { + if !devValidName(name) { + return fmt.Errorf("invalid network device name %q", name) + } + if netdev.Name != "" && !devValidName(netdev.Name) { + return fmt.Errorf("invalid network device name %q", netdev.Name) + } + } + return nil +} + func network(config *configs.Config) error { if !config.Namespaces.Contains(configs.NEWNET) { if len(config.Networks) > 0 || len(config.Routes) > 0 { diff --git a/libcontainer/configs/validate/validator_test.go b/libcontainer/configs/validate/validator_test.go index d157feea5bc..99e189c6590 100644 --- a/libcontainer/configs/validate/validator_test.go +++ b/libcontainer/configs/validate/validator_test.go @@ -3,6 +3,7 @@ package validate import ( "os" "path/filepath" + "strings" "testing" "github.com/opencontainers/runc/libcontainer/configs" @@ -877,3 +878,168 @@ func TestValidateIOPriority(t *testing.T) { } } } + +func TestValidateNetDevices(t *testing.T) { + testCases := []struct { + name string + isErr bool + config *configs.Config + }{ + { + name: "network device with configured network namespace", + config: &configs.Config{ + Namespaces: configs.Namespaces( + []configs.Namespace{ + { + Type: configs.NEWNET, + Path: "/var/run/netns/blue", + }, + }, + ), + NetDevices: map[string]*configs.LinuxNetDevice{ + "eth0": {}, + }, + }, + }, + { + name: "network device rename", + config: &configs.Config{ + Namespaces: configs.Namespaces( + []configs.Namespace{ + { + Type: configs.NEWNET, + Path: "/var/run/netns/blue", + }, + }, + ), + NetDevices: map[string]*configs.LinuxNetDevice{ + "eth0": { + Name: "c0", + }, + }, + }, + }, + { + name: "network device network namespace created by runc", + config: &configs.Config{ + Namespaces: configs.Namespaces( + []configs.Namespace{ + { + Type: configs.NEWNET, + }, + }, + ), + NetDevices: map[string]*configs.LinuxNetDevice{ + "eth0": {}, + }, + }, + }, + { + name: "network device network namespace empty", + isErr: true, + config: &configs.Config{ + Namespaces: configs.Namespaces( + []configs.Namespace{}, + ), + NetDevices: map[string]*configs.LinuxNetDevice{ + "eth0": {}, + }, + }, + }, + { + name: "network device rootless EUID", + isErr: true, + config: &configs.Config{ + Namespaces: configs.Namespaces( + []configs.Namespace{ + { + Type: configs.NEWNET, + Path: "/var/run/netns/blue", + }, + }, + ), + RootlessEUID: true, + NetDevices: map[string]*configs.LinuxNetDevice{ + "eth0": {}, + }, + }, + }, + { + name: "network device rootless", + isErr: true, + config: &configs.Config{ + Namespaces: configs.Namespaces( + []configs.Namespace{ + { + Type: configs.NEWNET, + Path: "/var/run/netns/blue", + }, + }, + ), + RootlessCgroups: true, + NetDevices: map[string]*configs.LinuxNetDevice{ + "eth0": {}, + }, + }, + }, + { + name: "network device bad name", + isErr: true, + config: &configs.Config{ + Namespaces: configs.Namespaces( + []configs.Namespace{ + { + Type: configs.NEWNET, + Path: "/var/run/netns/blue", + }, + }, + ), + NetDevices: map[string]*configs.LinuxNetDevice{ + "eth0": { + Name: "eth0/", + }, + }, + }, + }, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + config := tc.config + config.Rootfs = "/var" + + err := Validate(config) + if tc.isErr && err == nil { + t.Error("expected error, got nil") + } + + if !tc.isErr && err != nil { + t.Error(err) + } + }) + } +} + +func TestDevValidName(t *testing.T) { + testCases := []struct { + name string + valid bool + }{ + {name: "", valid: false}, + {name: "a", valid: true}, + {name: strings.Repeat("a", unix.IFNAMSIZ), valid: true}, + {name: strings.Repeat("a", unix.IFNAMSIZ+1), valid: false}, + {name: ".", valid: false}, + {name: "..", valid: false}, + {name: "dev/null", valid: false}, + {name: "valid:name", valid: false}, + {name: "valid name", valid: false}, + } + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + if devValidName(tc.name) != tc.valid { + t.Fatalf("name %q, expected valid: %v", tc.name, tc.valid) + } + }) + } +} diff --git a/libcontainer/network_linux.go b/libcontainer/network_linux.go index 8915548b3bc..c645fbeb3ee 100644 --- a/libcontainer/network_linux.go +++ b/libcontainer/network_linux.go @@ -2,6 +2,7 @@ package libcontainer import ( "bytes" + "errors" "fmt" "os" "path/filepath" @@ -9,7 +10,12 @@ import ( "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/types" + "github.com/sirupsen/logrus" "github.com/vishvananda/netlink" + "github.com/vishvananda/netlink/nl" + "github.com/vishvananda/netns" + + "golang.org/x/sys/unix" ) var strategies = map[string]networkStrategy{ @@ -98,3 +104,129 @@ func (l *loopback) attach(n *configs.Network) (err error) { func (l *loopback) detach(n *configs.Network) (err error) { return nil } + +// devChangeNetNamespace allows to move a device given by name to a network namespace given by nsPath +// and optionally change the device name. +// The device name will be kept the same if device.Name is the zero value. +// This function ensures that the move and rename operations occur atomically. +// It preserves existing interface attributes, including global IP addresses. +func devChangeNetNamespace(name string, nsPath string, device configs.LinuxNetDevice) error { + logrus.Debugf("attaching network device %s with attrs %+v to network namespace %s", name, device, nsPath) + link, err := netlink.LinkByName(name) + // recover same behavior on vishvananda/netlink@1.2.1 and do not fail when the kernel returns NLM_F_DUMP_INTR. + if err != nil && !errors.Is(err, netlink.ErrDumpInterrupted) { + return fmt.Errorf("link not found for interface %s on runtime namespace: %w", name, err) + } + + // Set the interface link state to DOWN before modifying attributes like namespace or name. + // This prevents potential conflicts or disruptions on the host network during the transition, + // particularly if other host components depend on this specific interface or its properties. + err = netlink.LinkSetDown(link) + if err != nil { + return fmt.Errorf("fail to set link down: %w", err) + } + + // Get the existing IP addresses on the interface. + addresses, err := netlink.AddrList(link, netlink.FAMILY_ALL) + // recover same behavior on vishvananda/netlink@1.2.1 and do not fail when the kernel returns NLM_F_DUMP_INTR. + if err != nil && !errors.Is(err, netlink.ErrDumpInterrupted) { + return fmt.Errorf("fail to get ip addresses: %w", err) + } + + // Do interface rename and namespace change in the same operation to avoid + // possible conflicts with the interface name. + // NLM_F_REQUEST: "It must be set on all request messages." + // NLM_F_ACK: "Request for an acknowledgment on success." + // netlink(7) man page: https://man7.org/linux/man-pages/man7/netlink.7.html + flags := unix.NLM_F_REQUEST | unix.NLM_F_ACK + req := nl.NewNetlinkRequest(unix.RTM_NEWLINK, flags) + + // Get a netlink socket in current namespace + nlSock, err := nl.GetNetlinkSocketAt(netns.None(), netns.None(), unix.NETLINK_ROUTE) + if err != nil { + return fmt.Errorf("could not get network namespace handle: %w", err) + } + defer nlSock.Close() + + req.Sockets = map[int]*nl.SocketHandle{ + unix.NETLINK_ROUTE: {Socket: nlSock}, + } + + // Set the interface index. + msg := nl.NewIfInfomsg(unix.AF_UNSPEC) + msg.Index = int32(link.Attrs().Index) + req.AddData(msg) + + // Set the interface name, also rename if requested. + newName := name + if device.Name != "" { + newName = device.Name + } + nameData := nl.NewRtAttr(unix.IFLA_IFNAME, nl.ZeroTerminated(newName)) + req.AddData(nameData) + + // Get the new network namespace. + ns, err := netns.GetFromPath(nsPath) + if err != nil { + return fmt.Errorf("could not get network namespace from path %s for network device %s : %w", nsPath, name, err) + } + defer ns.Close() + + val := nl.Uint32Attr(uint32(ns)) + attr := nl.NewRtAttr(unix.IFLA_NET_NS_FD, val) + req.AddData(attr) + + _, err = req.Execute(unix.NETLINK_ROUTE, 0) + // recover same behavior on vishvananda/netlink@1.2.1 and do not fail when the kernel returns NLM_F_DUMP_INTR. + if err != nil && !errors.Is(err, netlink.ErrDumpInterrupted) { + return fmt.Errorf("fail to move network device %s to network namespace %s: %w", name, nsPath, err) + } + + // To avoid us the husle with goroutines when joining a netns, + // we let the library create the socket in the namespace for us. + nhNs, err := netlink.NewHandleAt(ns) + if err != nil { + return err + } + defer nhNs.Close() + + nsLink, err := nhNs.LinkByName(newName) + // recover same behavior on vishvananda/netlink@1.2.1 and do not fail when the kernel returns NLM_F_DUMP_INTR. + if err != nil && !errors.Is(err, netlink.ErrDumpInterrupted) { + return fmt.Errorf("link not found for interface %s on namespace %s : %w", newName, nsPath, err) + } + + // Re-add the original IP addresses to the interface in the new namespace. + // The kernel removes IP addresses when an interface is moved between network namespaces. + for _, address := range addresses { + logrus.Debugf("processing address %s from network device %s", address.String(), name) + // Only move permanent IP addresses configured by the user, dynamic addresses are excluded because + // their validity may rely on the original network namespace's context and they may have limited + // lifetimes and are not guaranteed to be available in a new namespace. + // Ref: https://www.ietf.org/rfc/rfc3549.txt + if address.Flags&unix.IFA_F_PERMANENT == 0 { + logrus.Debugf("skipping address %s from network device %s: not a permanent address", address.String(), name) + continue + } + // Only move IP addresses with global scope because those are not host-specific, auto-configured, + // or have limited network scope, making them unsuitable inside the container namespace. + // Ref: https://www.ietf.org/rfc/rfc3549.txt + if address.Scope != unix.RT_SCOPE_UNIVERSE { + logrus.Debugf("skipping address %s from network device %s: not an address with global scope", address.String(), name) + continue + } + // Remove the interface attribute of the original address + // to avoid issues when the interface is renamed. + err = nhNs.AddrAdd(nsLink, &netlink.Addr{IPNet: address.IPNet}) + if err != nil { + return fmt.Errorf("fail to set up address %s on namespace %s: %w", address.String(), nsPath, err) + } + } + + err = nhNs.LinkSetUp(nsLink) + if err != nil { + return fmt.Errorf("fail to set up interface %s on namespace %s: %w", nsLink.Attrs().Name, nsPath, err) + } + + return nil +} diff --git a/libcontainer/process_linux.go b/libcontainer/process_linux.go index 3fcc79df490..82f121fb2b5 100644 --- a/libcontainer/process_linux.go +++ b/libcontainer/process_linux.go @@ -649,6 +649,10 @@ func (p *initProcess) start() (retErr error) { return fmt.Errorf("error creating network interfaces: %w", err) } + if err := p.setupNetworkDevices(); err != nil { + return fmt.Errorf("error creating network interfaces: %w", err) + } + // initConfig.SpecState is only needed to run hooks that are executed // inside a container, i.e. CreateContainer and StartContainer. if p.config.Config.HasHook(configs.CreateContainer, configs.StartContainer) { @@ -836,6 +840,30 @@ func (p *initProcess) createNetworkInterfaces() error { return nil } +// setupNetworkDevices sets up and initializes any defined network interface inside the container. +func (p *initProcess) setupNetworkDevices() error { + // host network pods does not move network devices. + if !p.config.Config.Namespaces.Contains(configs.NEWNET) { + return nil + } + // the container init process has already joined the provided net namespace, + // so we can use the process's net ns path directly. + nsPath := fmt.Sprintf("/proc/%d/ns/net", p.pid()) + + // If moving any of the network devices fails, we return an error immediately. + // The runtime spec requires that the kernel handles moving back any devices + // that were successfully moved before the failure occurred. + // See: https://github.com/opencontainers/runtime-spec/blob/27cb0027fd92ef81eda1ea3a8153b8337f56d94a/config-linux.md#namespace-lifecycle-and-container-termination + for name, netDevice := range p.config.Config.NetDevices { + err := devChangeNetNamespace(name, nsPath, *netDevice) + if err != nil { + return fmt.Errorf("move netDevice %s to namespace %s: %w", name, nsPath, err) + } + } + + return nil +} + func pidGetFd(pid, srcFd int) (*os.File, error) { pidFd, err := unix.PidfdOpen(pid, 0) if err != nil { diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go index c6bf02c98a3..ec417ed37e2 100644 --- a/libcontainer/specconv/spec_linux.go +++ b/libcontainer/specconv/spec_linux.go @@ -480,6 +480,14 @@ func CreateLibcontainerConfig(opts *CreateOpts) (*configs.Config, error) { } } + for name, netdev := range spec.Linux.NetDevices { + if config.NetDevices == nil { + config.NetDevices = make(map[string]*configs.LinuxNetDevice) + } + config.NetDevices[name] = &configs.LinuxNetDevice{ + Name: netdev.Name, + } + } } // Set the host UID that should own the container's cgroup. diff --git a/libcontainer/specconv/spec_linux_test.go b/libcontainer/specconv/spec_linux_test.go index 0f8d1c18d77..77219496243 100644 --- a/libcontainer/specconv/spec_linux_test.go +++ b/libcontainer/specconv/spec_linux_test.go @@ -956,3 +956,64 @@ func TestCreateDevices(t *testing.T) { t.Errorf("device /dev/ram0 not found in config devices; got %v", conf.Devices) } } + +func TestCreateNetDevices(t *testing.T) { + testCases := []struct { + name string + netDevices map[string]specs.LinuxNetDevice + }{ + { + name: "no network devices", + }, + { + name: "one network devices", + netDevices: map[string]specs.LinuxNetDevice{ + "eth1": {}, + }, + }, + { + name: "multiple network devices", + netDevices: map[string]specs.LinuxNetDevice{ + "eth1": {}, + "eth2": {}, + }, + }, + { + name: "multiple network devices and rename", + netDevices: map[string]specs.LinuxNetDevice{ + "eth1": {}, + "eth2": { + Name: "ctr_eth2", + }, + }, + }, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + spec := Example() + spec.Linux.NetDevices = tc.netDevices + opts := &CreateOpts{ + CgroupName: "ContainerID", + UseSystemdCgroup: false, + Spec: spec, + } + config, err := CreateLibcontainerConfig(opts) + if err != nil { + t.Errorf("Couldn't create libcontainer config: %v", err) + } + if len(config.NetDevices) != len(opts.Spec.Linux.NetDevices) { + t.Fatalf("expected %d network devices and got %d", len(config.NetDevices), len(opts.Spec.Linux.NetDevices)) + } + for name, netdev := range config.NetDevices { + ctrNetDev, ok := config.NetDevices[name] + if !ok { + t.Fatalf("network device %s not found in the configuration", name) + } + if ctrNetDev.Name != netdev.Name { + t.Fatalf("expected %s got %s", ctrNetDev.Name, netdev.Name) + } + } + }) + } +} diff --git a/tests/integration/checkpoint.bats b/tests/integration/checkpoint.bats index 3db3406137c..eb7557f5acb 100644 --- a/tests/integration/checkpoint.bats +++ b/tests/integration/checkpoint.bats @@ -2,14 +2,34 @@ load helpers +function create_netns() { + # Create a temporary name for the test network namespace. + tmp=$(mktemp -u) + ns_name=$(basename "$tmp") + + # Create the network namespace. + ip netns add "$ns_name" + ns_path=$(ip netns add "$ns_name" 2>&1 | sed -e 's/.*"\(.*\)".*/\1/') +} + +function delete_netns() { + # Delete the namespace only if the ns_name variable is set. + [ -v ns_name ] && ip netns del "$ns_name" +} + function setup() { # XXX: currently criu require root containers. requires criu root setup_busybox + + # Create a dummy interface to move to the container. + ip link add dummy0 type dummy } function teardown() { + ip link del dev dummy0 + delete_netns teardown_bundle } @@ -122,6 +142,52 @@ function simple_cr() { done } +function simple_cr_with_netdevice() { + # Set custom parameters to the netdevice to validate those are respected + mtu_value=1789 + mac_address="00:11:22:33:44:55" + global_ip="169.254.169.77/32" + + ip link set mtu "$mtu_value" dev dummy0 + ip link set address "$mac_address" dev dummy0 + ip address add "$global_ip" dev dummy0 + + # Tell runc which network namespace to use. + create_netns + update_config '(.. | select(.type? == "network")) .path |= "'"$ns_path"'"' + update_config ' .linux.netDevices |= {"dummy0": {} }' + runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox_netdevice + [ "$status" -eq 0 ] + + testcontainer test_busybox_netdevice running + run runc exec test_busybox_netdevice ip address show dev dummy0 + [ "$status" -eq 0 ] + [[ "$output" == *" $global_ip "* ]] + [[ "$output" == *"ether $mac_address "* ]] + [[ "$output" == *"mtu $mtu_value "* ]] + + for _ in $(seq 2); do + # checkpoint the running container + runc "$@" checkpoint --work-path ./work-dir test_busybox_netdevice + [ "$status" -eq 0 ] + + # after checkpoint busybox is no longer running + testcontainer test_busybox_netdevice checkpointed + + # restore from checkpoint + runc "$@" restore -d --work-path ./work-dir --console-socket "$CONSOLE_SOCKET" test_busybox_netdevice + [ "$status" -eq 0 ] + + # busybox should be back up and running + testcontainer test_busybox_netdevice running + run runc exec test_busybox_netdevice ip address show dev dummy0 + [ "$status" -eq 0 ] + [[ "$output" == *" $global_ip "* ]] + [[ "$output" == *"ether $mac_address "* ]] + [[ "$output" == *"mtu $mtu_value "* ]] + done +} + @test "checkpoint and restore" { simple_cr } @@ -151,6 +217,35 @@ function simple_cr() { simple_cr } +@test "checkpoint and restore with netdevice" { + simple_cr_with_netdevice +} + +@test "checkpoint and restore with netdevice (bind mount, destination is symlink)" { + mkdir -p rootfs/real/conf + ln -s /real/conf rootfs/conf + update_config ' .mounts += [{ + source: ".", + destination: "/conf", + options: ["bind"] + }]' + simple_cr_with_netdevice +} + +@test "checkpoint and restore with netdevice (with --debug)" { + simple_cr_with_netdevice --debug +} + +@test "checkpoint and restore with netdevice (cgroupns)" { + # cgroupv2 already enables cgroupns so this case was tested above already + requires cgroups_v1 cgroupns + + # enable CGROUPNS + update_config '.linux.namespaces += [{"type": "cgroup"}]' + + simple_cr_with_netdevice +} + @test "checkpoint --pre-dump (bad --parent-path)" { runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox [ "$status" -eq 0 ] diff --git a/tests/integration/netdev.bats b/tests/integration/netdev.bats new file mode 100644 index 00000000000..6eec8c88cab --- /dev/null +++ b/tests/integration/netdev.bats @@ -0,0 +1,216 @@ +#!/usr/bin/env bats + +load helpers + +function create_netns() { + # Create a temporary name for the test network namespace. + tmp=$(mktemp -u) + ns_name=$(basename "$tmp") + + # Create the network namespace. + ip netns add "$ns_name" + ns_path=$(ip netns add "$ns_name" 2>&1 | sed -e 's/.*"\(.*\)".*/\1/') +} + +function delete_netns() { + # Delete the namespace only if the ns_name variable is set. + [ -v ns_name ] && ip netns del "$ns_name" +} + +function setup() { + requires root + setup_busybox + + # Create a dummy interface to move to the container. + ip link add dummy0 type dummy +} + +function teardown() { + ip link del dev dummy0 + delete_netns + teardown_bundle +} + +@test "move network device to container network namespace" { + update_config ' .linux.netDevices |= {"dummy0": {} } + | .process.args |= ["ip", "address", "show", "dev", "dummy0"]' + + runc run test_busybox + [ "$status" -eq 0 ] +} + +@test "move network device to container network namespace and restore it back" { + # Tell runc which network namespace to use. + create_netns + update_config '(.. | select(.type? == "network")) .path |= "'"$ns_path"'"' + + update_config ' .linux.netDevices |= {"dummy0": {} }' + + runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox + [ "$status" -eq 0 ] + + # The network namespace owner controls the lifecycle of the interface. + # The interface should remain on the namespace after the container was killed. + runc delete --force test_busybox + + # Move back the interface to the root namespace (pid 1). + ip netns exec "$ns_name" ip link set dev dummy0 netns 1 + + # Verify the interface is back in the root network namespace. + ip address show dev dummy0 +} + +@test "move network device to precreated container network namespace" { + update_config ' .linux.netDevices |= {"dummy0": {} } + | .process.args |= ["ip", "address", "show", "dev", "dummy0"]' + + # Tell runc which network namespace to use. + create_netns + update_config '(.. | select(.type? == "network")) .path |= "'"$ns_path"'"' + + runc run test_busybox + [ "$status" -eq 0 ] + + # Verify the interface is still present in the network namespace. + ip netns exec "$ns_name" ip address show dev dummy0 +} + +@test "move network device to precreated container network namespace and set ip address with global scope" { + update_config ' .linux.netDevices |= {"dummy0": {} } + | .process.args |= ["ip", "address", "show", "dev", "dummy0"]' + + # Tell runc which network namespace to use. + create_netns + update_config '(.. | select(.type? == "network")) .path |= "'"$ns_path"'"' + + global_ip="169.254.169.77/32" + + # Set the interface down to avoid possible network problems. + # Set a custom address to the interface. + ip link set down dev dummy0 + ip address add "$global_ip" dev dummy0 + + runc run test_busybox + [ "$status" -eq 0 ] + [[ "$output" == *"$global_ip "* ]] + + # Verify the interface is still present in the network namespace. + run ip netns exec "$ns_name" ip address show dev dummy0 + [ "$status" -eq 0 ] + [[ "$output" == *"$global_ip "* ]] +} + +@test "move network device to precreated container network namespace and set ip address without global scope" { + update_config ' .linux.netDevices |= {"dummy0": {} } + | .process.args |= ["ip", "address", "show", "dev", "dummy0"]' + + # Tell runc which network namespace to use. + create_netns + update_config '(.. | select(.type? == "network")) .path |= "'"$ns_path"'"' + + non_global_ip="127.0.0.33" + + # Set the interface down to avoid possible network problems. + # Set a custom address to the interface. + ip link set down dev dummy0 + ip address add "$non_global_ip" dev dummy0 + + runc run test_busybox + [ "$status" -eq 0 ] + [[ "$output" != *" $non_global_ip "* ]] + + # Verify the interface is still present in the network namespace. + ip netns exec "$ns_name" ip address show dev dummy0 +} + +@test "move network device to precreated container network namespace and set mtu" { + update_config ' .linux.netDevices |= {"dummy0": {} } + | .process.args |= ["ip", "address", "show", "dev", "dummy0"]' + + # Tell runc which network namespace to use. + create_netns + update_config '(.. | select(.type? == "network")) .path |= "'"$ns_path"'"' + + mtu_value=1789 + # Cet a custom mtu to the interface. + ip link set mtu "$mtu_value" dev dummy0 + + runc run test_busybox + [ "$status" -eq 0 ] + [[ "$output" == *"mtu $mtu_value "* ]] + + # Verify the interface is still present in the network namespace. + run ip netns exec "$ns_name" ip address show dev dummy0 + [ "$status" -eq 0 ] + [[ "$output" == *"mtu $mtu_value "* ]] +} + +@test "move network device to precreated container network namespace and set mac address" { + update_config ' .linux.netDevices |= {"dummy0": {} } + | .process.args |= ["ip", "address", "show", "dev", "dummy0"]' + + # Tell runc which network namespace to use. + create_netns + update_config '(.. | select(.type? == "network")) .path |= "'"$ns_path"'"' + + mac_address="00:11:22:33:44:55" + # set a custom mac address to the interface + ip link set address "$mac_address" dev dummy0 + + runc run test_busybox + [ "$status" -eq 0 ] + [[ "$output" == *"ether $mac_address "* ]] + + # Verify the interface is still present in the network namespace. + run ip netns exec "$ns_name" ip address show dev dummy0 + [ "$status" -eq 0 ] + [[ "$output" == *"ether $mac_address "* ]] +} + +@test "move network device to precreated container network namespace and rename" { + update_config ' .linux.netDevices |= { "dummy0": { "name" : "ctr_dummy0" } } + | .process.args |= ["ip", "address", "show", "dev", "ctr_dummy0"]' + + # Tell runc which network namespace to use. + create_netns + update_config '(.. | select(.type? == "network")) .path |= "'"$ns_path"'"' + + runc run test_busybox + [ "$status" -eq 0 ] + + # Verify the interface is still present in the network namespace. + ip netns exec "$ns_name" ip address show dev ctr_dummy0 +} + +@test "move network device to precreated container network namespace and rename and set mtu and mac and ip address" { + update_config ' .linux.netDevices |= { "dummy0": { "name" : "ctr_dummy0" } } + | .process.args |= ["ip", "address", "show", "dev", "ctr_dummy0"]' + + # Tell runc which network namespace to use. + create_netns + update_config '(.. | select(.type? == "network")) .path |= "'"$ns_path"'"' + + mtu_value=1789 + mac_address="00:11:22:33:44:55" + global_ip="169.254.169.77/32" + + # Set a custom mtu to the interface. + ip link set mtu "$mtu_value" dev dummy0 + # Set a custom mac address to the interface. + ip link set address "$mac_address" dev dummy0 + # Set a custom ip address to the interface. + ip address add "$global_ip" dev dummy0 + + runc run test_busybox + [ "$status" -eq 0 ] + [[ "$output" == *" $global_ip "* ]] + [[ "$output" == *"ether $mac_address "* ]] + [[ "$output" == *"mtu $mtu_value "* ]] + + # Verify the interface is still present in the network namespace. + run ip netns exec "$ns_name" ip address show dev ctr_dummy0 + [ "$status" -eq 0 ] + [[ "$output" == *" $global_ip "* ]] + [[ "$output" == *"ether $mac_address "* ]] + [[ "$output" == *"mtu $mtu_value "* ]] +} diff --git a/tests/integration/userns.bats b/tests/integration/userns.bats index 1300dff9f7c..16afa30f805 100644 --- a/tests/integration/userns.bats +++ b/tests/integration/userns.bats @@ -246,3 +246,39 @@ function teardown() { [ "$status" -eq 0 ] [[ "$output" == "$netns_id" ]] } + +@test "userns with network interface" { + requires root + + # Create a dummy interface to move to the container. + ip link add dummy0 type dummy + + update_config ' .linux.netDevices |= {"dummy0": {} } + | .process.args |= ["ip", "address", "show", "dev", "dummy0"]' + + runc run test_busybox + [ "$status" -eq 0 ] + + # The interface is virtual and should not exist because + # is deleted during the namespace cleanup. + run ip link del dummy0 + [ "$status" -ne 0 ] +} + +@test "userns with network interface renamed" { + requires root + + # Create a dummy interface to move to the container. + ip link add dummy0 type dummy + + update_config ' .linux.netDevices |= { "dummy0": { "name" : "ctr_dummy0" } } + | .process.args |= ["ip", "address", "show", "dev", "ctr_dummy0"]' + + runc run test_busybox + [ "$status" -eq 0 ] + + # The interface is virtual and should not exist because + # is deleted during the namespace cleanup. + run ip link del dummy0 + [ "$status" -ne 0 ] +} From a10d338eb2ce83b1753bc5e961766588accedc36 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 18 Jun 2025 09:44:29 -0700 Subject: [PATCH 0958/1176] libct/configs: add package docstring Signed-off-by: Kir Kolyshkin --- libcontainer/configs/config.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libcontainer/configs/config.go b/libcontainer/configs/config.go index f88eb8b842e..59a85128b2d 100644 --- a/libcontainer/configs/config.go +++ b/libcontainer/configs/config.go @@ -1,3 +1,5 @@ +// Package configs provides various container-related configuration types +// used by libcontainer. package configs import ( From b25bcaa8b39d33f46e032e8d980d57358b40d2bd Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 17 Jun 2025 15:30:04 -0700 Subject: [PATCH 0959/1176] libct/configs: fix/improve deprecation notices The per-file deprecation in cgroup_deprecated.go is not working, let's replace it. Link to Hooks.Run in Hook.Run deprecation notice. Signed-off-by: Kir Kolyshkin --- libcontainer/configs/cgroup_deprecated.go | 5 ++++- libcontainer/configs/config.go | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/libcontainer/configs/cgroup_deprecated.go b/libcontainer/configs/cgroup_deprecated.go index 9a7a1a20118..7836b240aba 100644 --- a/libcontainer/configs/cgroup_deprecated.go +++ b/libcontainer/configs/cgroup_deprecated.go @@ -1,7 +1,8 @@ -package configs // Deprecated: use [github.com/opencontainers/cgroups]. +package configs import "github.com/opencontainers/cgroups" +// Deprecated: use [github.com/opencontainers/cgroups]. type ( Cgroup = cgroups.Cgroup Resources = cgroups.Resources @@ -14,12 +15,14 @@ type ( IfPrioMap = cgroups.IfPrioMap ) +// Deprecated: use [github.com/opencontainers/cgroups]. const ( Undefined = cgroups.Undefined Frozen = cgroups.Frozen Thawed = cgroups.Thawed ) +// Deprecated: use [github.com/opencontainers/cgroups]. var ( NewWeightDevice = cgroups.NewWeightDevice NewThrottleDevice = cgroups.NewThrottleDevice diff --git a/libcontainer/configs/config.go b/libcontainer/configs/config.go index 59a85128b2d..b7d545beaa0 100644 --- a/libcontainer/configs/config.go +++ b/libcontainer/configs/config.go @@ -458,7 +458,7 @@ type Capabilities struct { Ambient []string `json:"Ambient,omitempty"` } -// Deprecated: use (Hooks).Run instead. +// Deprecated: use [Hooks.Run] instead. func (hooks HookList) RunHooks(state *specs.State) error { for i, h := range hooks { if err := h.Run(state); err != nil { From d22a42113dc01c0e0ee19a8073f784ca83f1a8af Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 17 Jun 2025 15:35:29 -0700 Subject: [PATCH 0960/1176] libct/configs: stop using deprecated id Signed-off-by: Kir Kolyshkin --- libcontainer/configs/config.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libcontainer/configs/config.go b/libcontainer/configs/config.go index b7d545beaa0..3c0dfc0a7da 100644 --- a/libcontainer/configs/config.go +++ b/libcontainer/configs/config.go @@ -16,6 +16,7 @@ import ( "github.com/sirupsen/logrus" "golang.org/x/sys/unix" + "github.com/opencontainers/cgroups" devices "github.com/opencontainers/cgroups/devices/config" "github.com/opencontainers/runtime-spec/specs-go" ) @@ -145,7 +146,7 @@ type Config struct { // Cgroups specifies specific cgroup settings for the various subsystems that the container is // placed into to limit the resources the container has available. - Cgroups *Cgroup `json:"cgroups"` + Cgroups *cgroups.Cgroup `json:"cgroups"` // AppArmorProfile specifies the profile to apply to the process running in the container and is // change at the time the process is executed. From 1b39997e73a14f1d8a39efbbf2ec44b89ef6cab3 Mon Sep 17 00:00:00 2001 From: HirazawaUi <695097494plus@gmail.com> Date: Wed, 18 Jun 2025 22:40:08 +0800 Subject: [PATCH 0961/1176] Preventing containers from being unable to be deleted Signed-off-by: HirazawaUi <695097494plus@gmail.com> --- libcontainer/process_linux.go | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/libcontainer/process_linux.go b/libcontainer/process_linux.go index 82f121fb2b5..fc09041d78c 100644 --- a/libcontainer/process_linux.go +++ b/libcontainer/process_linux.go @@ -550,6 +550,20 @@ func (p *initProcess) start() (retErr error) { return fmt.Errorf("unable to start init: %w", err) } + // If the runc-create process is terminated due to receiving SIGKILL signal, + // it may lead to the runc-init process leaking due + // to issues like cgroup freezing, + // and it cannot be cleaned up by runc delete/stop + // because the container lacks a state.json file. + // This typically occurs when higher-level + // container runtimes terminate the runc create process due to context cancellation or timeout. + // If the runc-create process terminates due to SIGKILL before + // reaching this line of code, we won't encounter the cgroup freezing issue. + _, err = p.container.updateState(nil) + if err != nil { + return fmt.Errorf("unable to store init state before creating cgroup: %w", err) + } + defer func() { if retErr != nil { // Find out if init is killed by the kernel's OOM killer. From f24aa06ef6accfc3912e172df06abcf2b7c59fed Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 18 Jun 2025 16:56:00 -0700 Subject: [PATCH 0962/1176] libct: State: ensure Resources is not nil Since opencontainers/cgroups v0.0.2 (commit b206a015), all stuct Resources fields are annotated with "omitempty" attribute. As a result, the loaded configuration may have Resources == nil. It is totally OK (rootless containers may have no resources configured) except since commit 6c5441e5, cgroup v1 fs manager requires Resources to be set in the call to NewManager (this is a cgroup v1 deficiency, or maybe our implementation deficiency, or both). To work around this, let's add code to ensure Resources is never nil after loading from state.json. Signed-off-by: Kir Kolyshkin --- libcontainer/factory_linux.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libcontainer/factory_linux.go b/libcontainer/factory_linux.go index d222d6b4230..b799e4a98a9 100644 --- a/libcontainer/factory_linux.go +++ b/libcontainer/factory_linux.go @@ -164,6 +164,10 @@ func loadState(root string) (*State, error) { if err := json.NewDecoder(f).Decode(&state); err != nil { return nil, err } + // Cgroup v1 fs manager expect Resources to never be nil. + if state.Config.Cgroups.Resources == nil { + state.Config.Cgroups.Resources = &cgroups.Resources{} + } return state, nil } From da90947848788dd65e8a766723bca85ec452662a Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 18 Jun 2025 15:00:34 -0700 Subject: [PATCH 0963/1176] deps: bump cgroups to v0.0.3, fix tests For changelog, see https://github.com/opencontainers/cgroups/releases/tag/v0.0.3 This fixes two runc issues: 1. JSON incompatibility introduced in cgroups v0.0.2 (see https://github.com/opencontainers/cgroups/pull/22). 2. Bad CPU shares to CPU weight conversion (see https://github.com/opencontainers/runc/issues/4772). Due to item 2, modify some tests accordingly. Signed-off-by: Kir Kolyshkin --- go.mod | 2 +- go.sum | 4 +-- tests/integration/helpers.bash | 13 ++++++++- tests/integration/update.bats | 5 ++-- .../opencontainers/cgroups/config_linux.go | 2 +- .../opencontainers/cgroups/utils.go | 27 ++++++++++++++----- vendor/modules.txt | 2 +- 7 files changed, 40 insertions(+), 15 deletions(-) diff --git a/go.mod b/go.mod index 3544a1b6a1b..25a62ca6599 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/moby/sys/user v0.4.0 github.com/moby/sys/userns v0.1.0 github.com/mrunalp/fileutils v0.5.1 - github.com/opencontainers/cgroups v0.0.2 + github.com/opencontainers/cgroups v0.0.3 github.com/opencontainers/runtime-spec v1.2.2-0.20250401095657-e935f995dd67 github.com/opencontainers/selinux v1.12.0 github.com/seccomp/libseccomp-golang v0.11.0 diff --git a/go.sum b/go.sum index f09a27ac74f..5878e5bb1f3 100644 --- a/go.sum +++ b/go.sum @@ -45,8 +45,8 @@ github.com/moby/sys/userns v0.1.0 h1:tVLXkFOxVu9A64/yh59slHVv9ahO9UIev4JZusOLG/g github.com/moby/sys/userns v0.1.0/go.mod h1:IHUYgu/kao6N8YZlp9Cf444ySSvCmDlmzUcYfDHOl28= github.com/mrunalp/fileutils v0.5.1 h1:F+S7ZlNKnrwHfSwdlgNSkKo67ReVf8o9fel6C3dkm/Q= github.com/mrunalp/fileutils v0.5.1/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ= -github.com/opencontainers/cgroups v0.0.2 h1:A+mAPPMfgKNCEZUUtibESFx06uvhAmvo8sSz3Abwk7o= -github.com/opencontainers/cgroups v0.0.2/go.mod h1:s8lktyhlGUqM7OSRL5P7eAW6Wb+kWPNvt4qvVfzA5vs= +github.com/opencontainers/cgroups v0.0.3 h1:Jc9dWh/0YLGjdy6J/9Ln8NM5BfTA4W2BY0GMozy3aDU= +github.com/opencontainers/cgroups v0.0.3/go.mod h1:s8lktyhlGUqM7OSRL5P7eAW6Wb+kWPNvt4qvVfzA5vs= github.com/opencontainers/runtime-spec v1.2.2-0.20250401095657-e935f995dd67 h1:Q+KewUGTMamIe6Q39xCD/T1NC1POmaTlWnhjikCrZHA= github.com/opencontainers/runtime-spec v1.2.2-0.20250401095657-e935f995dd67/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/selinux v1.12.0 h1:6n5JV4Cf+4y0KNXW48TLj5DwfXpvWlxXplUkdTrmPb8= diff --git a/tests/integration/helpers.bash b/tests/integration/helpers.bash index 669bbb16c2a..da279c7cfc2 100755 --- a/tests/integration/helpers.bash +++ b/tests/integration/helpers.bash @@ -352,7 +352,18 @@ function check_cpu_shares() { local shares=$1 if [ -v CGROUP_V2 ]; then - local weight=$((1 + ((shares - 2) * 9999) / 262142)) + # Same formula as ConvertCPUSharesToCgroupV2Value. + local weight + weight=$(awk -v shares="$shares" ' + BEGIN { + if (shares == 0) { print 0; exit } + if (shares <= 2) { print 1; exit } + if (shares >= 262144) { print 10000; exit } + l = log(shares) / log(2) + exponent = (l*l + 125*l) / 612.0 - 7.0/34.0 + print int(exp(exponent * log(10)) + 0.99) + }') + check_cpu_weight "$weight" else check_cgroup_value "cpu.shares" "$shares" diff --git a/tests/integration/update.bats b/tests/integration/update.bats index 27af565b7bf..461fac479e3 100644 --- a/tests/integration/update.bats +++ b/tests/integration/update.bats @@ -545,10 +545,9 @@ EOF runc run -d --console-socket "$CONSOLE_SOCKET" test_update [ "$status" -eq 0 ] - # Check that initial values were properly set. + # Check that initial values (from setup) were properly set. check_cpu_quota 500000 1000000 - # Initial cpu shares of 100 corresponds to weight of 4. - check_cpu_weight 4 + check_cpu_shares 100 check_systemd_value "TasksMax" 20 runc update -r - test_update <= 262144 { + return 10000 + } + l := math.Log2(float64(cpuShares)) + // Quadratic function which fits min, max, and default. + exponent := (l*l+125*l)/612.0 - 7.0/34.0 + + return uint64(math.Ceil(math.Pow(10, exponent))) } // ConvertMemorySwapToCgroupV2Value converts MemorySwap value from OCI spec diff --git a/vendor/modules.txt b/vendor/modules.txt index a08b66fdce3..86aaddac8cb 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -51,7 +51,7 @@ github.com/moby/sys/userns # github.com/mrunalp/fileutils v0.5.1 ## explicit; go 1.13 github.com/mrunalp/fileutils -# github.com/opencontainers/cgroups v0.0.2 +# github.com/opencontainers/cgroups v0.0.3 ## explicit; go 1.23.0 github.com/opencontainers/cgroups github.com/opencontainers/cgroups/devices From aa0e7989c474063408e1aafeec7e4e8de2ccd659 Mon Sep 17 00:00:00 2001 From: Pavel Liubimov Date: Tue, 1 Jul 2025 12:22:07 +0300 Subject: [PATCH 0964/1176] libcontainer: close seccomp agent connection to prevent resource leaks Add missing defer conn.Close(). Signed-off-by: Pavel Liubimov --- libcontainer/process_linux.go | 1 + 1 file changed, 1 insertion(+) diff --git a/libcontainer/process_linux.go b/libcontainer/process_linux.go index 3fcc79df490..bd1c1195f27 100644 --- a/libcontainer/process_linux.go +++ b/libcontainer/process_linux.go @@ -854,6 +854,7 @@ func sendContainerProcessState(listenerPath string, state *specs.ContainerProces if err != nil { return fmt.Errorf("failed to connect with seccomp agent specified in the seccomp profile: %w", err) } + defer conn.Close() socket, err := conn.(*net.UnixConn).File() if err != nil { From a09e703853ca02ad3d0f37d864ed225420ff3fd2 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 1 Jul 2025 18:15:05 -0700 Subject: [PATCH 0965/1176] docs/systemd.md: amend Include some important previously missed detail about how linux.cgroupsPath works. Signed-off-by: Kir Kolyshkin --- docs/systemd.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/systemd.md b/docs/systemd.md index 1381709d111..965b0c852c7 100644 --- a/docs/systemd.md +++ b/docs/systemd.md @@ -31,6 +31,7 @@ runtime spec in the following way: Next, `prefix` and `name` are used to compose the unit name, which is `-.scope`, unless `name` has `.slice` suffix, in which case `prefix` is ignored and the `name` is used as is. + The default value for both `prefix` and `name` is empty string. 2. If `Linux.CgroupsPath` is not set or empty, it works the same way as if it would be set to `:runc:`. See the description above to see From 4a6ef6b9fa69ee7211a2cdfde2398be140c66831 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 10 Jul 2025 04:54:21 +0000 Subject: [PATCH 0966/1176] build(deps): bump golang.org/x/sys from 0.33.0 to 0.34.0 Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.33.0 to 0.34.0. - [Commits](https://github.com/golang/sys/compare/v0.33.0...v0.34.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 +- vendor/golang.org/x/sys/unix/zerrors_linux.go | 25 +++- .../x/sys/unix/zerrors_linux_386.go | 1 + .../x/sys/unix/zerrors_linux_amd64.go | 1 + .../x/sys/unix/zerrors_linux_arm.go | 1 + .../x/sys/unix/zerrors_linux_arm64.go | 1 + .../x/sys/unix/zerrors_linux_loong64.go | 1 + .../x/sys/unix/zerrors_linux_mips.go | 1 + .../x/sys/unix/zerrors_linux_mips64.go | 1 + .../x/sys/unix/zerrors_linux_mips64le.go | 1 + .../x/sys/unix/zerrors_linux_mipsle.go | 1 + .../x/sys/unix/zerrors_linux_ppc.go | 1 + .../x/sys/unix/zerrors_linux_ppc64.go | 1 + .../x/sys/unix/zerrors_linux_ppc64le.go | 1 + .../x/sys/unix/zerrors_linux_riscv64.go | 1 + .../x/sys/unix/zerrors_linux_s390x.go | 1 + .../x/sys/unix/zerrors_linux_sparc64.go | 1 + vendor/golang.org/x/sys/unix/ztypes_linux.go | 108 ++++++++++++++++-- .../golang.org/x/sys/unix/ztypes_linux_386.go | 16 +++ .../x/sys/unix/ztypes_linux_amd64.go | 16 +++ .../golang.org/x/sys/unix/ztypes_linux_arm.go | 16 +++ .../x/sys/unix/ztypes_linux_arm64.go | 16 +++ .../x/sys/unix/ztypes_linux_loong64.go | 16 +++ .../x/sys/unix/ztypes_linux_mips.go | 16 +++ .../x/sys/unix/ztypes_linux_mips64.go | 16 +++ .../x/sys/unix/ztypes_linux_mips64le.go | 16 +++ .../x/sys/unix/ztypes_linux_mipsle.go | 16 +++ .../golang.org/x/sys/unix/ztypes_linux_ppc.go | 16 +++ .../x/sys/unix/ztypes_linux_ppc64.go | 16 +++ .../x/sys/unix/ztypes_linux_ppc64le.go | 16 +++ .../x/sys/unix/ztypes_linux_riscv64.go | 16 +++ .../x/sys/unix/ztypes_linux_s390x.go | 16 +++ .../x/sys/unix/ztypes_linux_sparc64.go | 16 +++ vendor/modules.txt | 2 +- 35 files changed, 380 insertions(+), 16 deletions(-) diff --git a/go.mod b/go.mod index 25a62ca6599..7924f69f3c1 100644 --- a/go.mod +++ b/go.mod @@ -23,7 +23,7 @@ require ( github.com/vishvananda/netlink v1.3.1 github.com/vishvananda/netns v0.0.5 golang.org/x/net v0.41.0 - golang.org/x/sys v0.33.0 + golang.org/x/sys v0.34.0 google.golang.org/protobuf v1.36.6 ) diff --git a/go.sum b/go.sum index 5878e5bb1f3..91fdf138b16 100644 --- a/go.sum +++ b/go.sum @@ -85,8 +85,8 @@ golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw= -golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= +golang.org/x/sys v0.34.0 h1:H5Y5sJ2L2JRdyv7ROF1he/lPdvFsd0mJHFw2ThKHxLA= +golang.org/x/sys v0.34.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY= google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux.go b/vendor/golang.org/x/sys/unix/zerrors_linux.go index 4f432bfe8fe..9e7a6c5a4fc 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux.go @@ -319,6 +319,7 @@ const ( AUDIT_INTEGRITY_POLICY_RULE = 0x70f AUDIT_INTEGRITY_RULE = 0x70d AUDIT_INTEGRITY_STATUS = 0x70a + AUDIT_INTEGRITY_USERSPACE = 0x710 AUDIT_IPC = 0x517 AUDIT_IPC_SET_PERM = 0x51f AUDIT_IPE_ACCESS = 0x58c @@ -843,9 +844,9 @@ const ( DM_UUID_FLAG = 0x4000 DM_UUID_LEN = 0x81 DM_VERSION = 0xc138fd00 - DM_VERSION_EXTRA = "-ioctl (2023-03-01)" + DM_VERSION_EXTRA = "-ioctl (2025-01-17)" DM_VERSION_MAJOR = 0x4 - DM_VERSION_MINOR = 0x30 + DM_VERSION_MINOR = 0x31 DM_VERSION_PATCHLEVEL = 0x0 DT_BLK = 0x6 DT_CHR = 0x2 @@ -941,6 +942,8 @@ const ( ETHER_FLOW = 0x12 ETHTOOL_BUSINFO_LEN = 0x20 ETHTOOL_EROMVERS_LEN = 0x20 + ETHTOOL_FAMILY_NAME = "ethtool" + ETHTOOL_FAMILY_VERSION = 0x1 ETHTOOL_FEC_AUTO = 0x2 ETHTOOL_FEC_BASER = 0x10 ETHTOOL_FEC_LLRS = 0x20 @@ -1203,6 +1206,9 @@ const ( FAN_DENY = 0x2 FAN_ENABLE_AUDIT = 0x40 FAN_EPIDFD = -0x2 + FAN_ERRNO_BITS = 0x8 + FAN_ERRNO_MASK = 0xff + FAN_ERRNO_SHIFT = 0x18 FAN_EVENT_INFO_TYPE_DFID = 0x3 FAN_EVENT_INFO_TYPE_DFID_NAME = 0x2 FAN_EVENT_INFO_TYPE_ERROR = 0x5 @@ -1210,6 +1216,7 @@ const ( FAN_EVENT_INFO_TYPE_NEW_DFID_NAME = 0xc FAN_EVENT_INFO_TYPE_OLD_DFID_NAME = 0xa FAN_EVENT_INFO_TYPE_PIDFD = 0x4 + FAN_EVENT_INFO_TYPE_RANGE = 0x6 FAN_EVENT_METADATA_LEN = 0x18 FAN_EVENT_ON_CHILD = 0x8000000 FAN_FS_ERROR = 0x8000 @@ -1240,6 +1247,7 @@ const ( FAN_OPEN_EXEC = 0x1000 FAN_OPEN_EXEC_PERM = 0x40000 FAN_OPEN_PERM = 0x10000 + FAN_PRE_ACCESS = 0x100000 FAN_Q_OVERFLOW = 0x4000 FAN_RENAME = 0x10000000 FAN_REPORT_DFID_NAME = 0xc00 @@ -2787,7 +2795,7 @@ const ( RTAX_UNSPEC = 0x0 RTAX_WINDOW = 0x3 RTA_ALIGNTO = 0x4 - RTA_MAX = 0x1e + RTA_MAX = 0x1f RTCF_DIRECTSRC = 0x4000000 RTCF_DOREDIRECT = 0x1000000 RTCF_LOG = 0x2000000 @@ -2864,10 +2872,12 @@ const ( RTM_DELACTION = 0x31 RTM_DELADDR = 0x15 RTM_DELADDRLABEL = 0x49 + RTM_DELANYCAST = 0x3d RTM_DELCHAIN = 0x65 RTM_DELLINK = 0x11 RTM_DELLINKPROP = 0x6d RTM_DELMDB = 0x55 + RTM_DELMULTICAST = 0x39 RTM_DELNEIGH = 0x1d RTM_DELNETCONF = 0x51 RTM_DELNEXTHOP = 0x69 @@ -2917,11 +2927,13 @@ const ( RTM_NEWACTION = 0x30 RTM_NEWADDR = 0x14 RTM_NEWADDRLABEL = 0x48 + RTM_NEWANYCAST = 0x3c RTM_NEWCACHEREPORT = 0x60 RTM_NEWCHAIN = 0x64 RTM_NEWLINK = 0x10 RTM_NEWLINKPROP = 0x6c RTM_NEWMDB = 0x54 + RTM_NEWMULTICAST = 0x38 RTM_NEWNDUSEROPT = 0x44 RTM_NEWNEIGH = 0x1c RTM_NEWNEIGHTBL = 0x40 @@ -2987,11 +2999,12 @@ const ( RUSAGE_THREAD = 0x1 RWF_APPEND = 0x10 RWF_ATOMIC = 0x40 + RWF_DONTCACHE = 0x80 RWF_DSYNC = 0x2 RWF_HIPRI = 0x1 RWF_NOAPPEND = 0x20 RWF_NOWAIT = 0x8 - RWF_SUPPORTED = 0x7f + RWF_SUPPORTED = 0xff RWF_SYNC = 0x4 RWF_WRITE_LIFE_NOT_SET = 0x0 SCHED_BATCH = 0x3 @@ -3271,6 +3284,7 @@ const ( STATX_BTIME = 0x800 STATX_CTIME = 0x80 STATX_DIOALIGN = 0x2000 + STATX_DIO_READ_ALIGN = 0x20000 STATX_GID = 0x10 STATX_INO = 0x100 STATX_MNT_ID = 0x1000 @@ -3322,7 +3336,7 @@ const ( TASKSTATS_GENL_NAME = "TASKSTATS" TASKSTATS_GENL_VERSION = 0x1 TASKSTATS_TYPE_MAX = 0x6 - TASKSTATS_VERSION = 0xe + TASKSTATS_VERSION = 0xf TCIFLUSH = 0x0 TCIOFF = 0x2 TCIOFLUSH = 0x2 @@ -3503,6 +3517,7 @@ const ( TP_STATUS_WRONG_FORMAT = 0x4 TRACEFS_MAGIC = 0x74726163 TS_COMM_LEN = 0x20 + UBI_IOCECNFO = 0xc01c6f06 UDF_SUPER_MAGIC = 0x15013346 UDP_CORK = 0x1 UDP_ENCAP = 0x64 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go index 75207613c78..a8c421e29b5 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go @@ -372,6 +372,7 @@ const ( SO_RCVBUFFORCE = 0x21 SO_RCVLOWAT = 0x12 SO_RCVMARK = 0x4b + SO_RCVPRIORITY = 0x52 SO_RCVTIMEO = 0x14 SO_RCVTIMEO_NEW = 0x42 SO_RCVTIMEO_OLD = 0x14 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go index c68acda5352..9a88d18130f 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go @@ -373,6 +373,7 @@ const ( SO_RCVBUFFORCE = 0x21 SO_RCVLOWAT = 0x12 SO_RCVMARK = 0x4b + SO_RCVPRIORITY = 0x52 SO_RCVTIMEO = 0x14 SO_RCVTIMEO_NEW = 0x42 SO_RCVTIMEO_OLD = 0x14 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go index a8c607ab86b..7cb6a867efd 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go @@ -378,6 +378,7 @@ const ( SO_RCVBUFFORCE = 0x21 SO_RCVLOWAT = 0x12 SO_RCVMARK = 0x4b + SO_RCVPRIORITY = 0x52 SO_RCVTIMEO = 0x14 SO_RCVTIMEO_NEW = 0x42 SO_RCVTIMEO_OLD = 0x14 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go index 18563dd8d33..d0ecd2c583b 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go @@ -371,6 +371,7 @@ const ( SO_RCVBUFFORCE = 0x21 SO_RCVLOWAT = 0x12 SO_RCVMARK = 0x4b + SO_RCVPRIORITY = 0x52 SO_RCVTIMEO = 0x14 SO_RCVTIMEO_NEW = 0x42 SO_RCVTIMEO_OLD = 0x14 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go index 22912cdaa94..7a2940ae0a3 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go @@ -365,6 +365,7 @@ const ( SO_RCVBUFFORCE = 0x21 SO_RCVLOWAT = 0x12 SO_RCVMARK = 0x4b + SO_RCVPRIORITY = 0x52 SO_RCVTIMEO = 0x14 SO_RCVTIMEO_NEW = 0x42 SO_RCVTIMEO_OLD = 0x14 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go index 29344eb37ab..d14ca8f2ecf 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go @@ -371,6 +371,7 @@ const ( SO_RCVBUFFORCE = 0x21 SO_RCVLOWAT = 0x1004 SO_RCVMARK = 0x4b + SO_RCVPRIORITY = 0x52 SO_RCVTIMEO = 0x1006 SO_RCVTIMEO_NEW = 0x42 SO_RCVTIMEO_OLD = 0x1006 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go index 20d51fb96a8..2da1bac1e3d 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go @@ -371,6 +371,7 @@ const ( SO_RCVBUFFORCE = 0x21 SO_RCVLOWAT = 0x1004 SO_RCVMARK = 0x4b + SO_RCVPRIORITY = 0x52 SO_RCVTIMEO = 0x1006 SO_RCVTIMEO_NEW = 0x42 SO_RCVTIMEO_OLD = 0x1006 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go index 321b60902ae..28727514b5f 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go @@ -371,6 +371,7 @@ const ( SO_RCVBUFFORCE = 0x21 SO_RCVLOWAT = 0x1004 SO_RCVMARK = 0x4b + SO_RCVPRIORITY = 0x52 SO_RCVTIMEO = 0x1006 SO_RCVTIMEO_NEW = 0x42 SO_RCVTIMEO_OLD = 0x1006 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go index 9bacdf1e279..7f287b54b5d 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go @@ -371,6 +371,7 @@ const ( SO_RCVBUFFORCE = 0x21 SO_RCVLOWAT = 0x1004 SO_RCVMARK = 0x4b + SO_RCVPRIORITY = 0x52 SO_RCVTIMEO = 0x1006 SO_RCVTIMEO_NEW = 0x42 SO_RCVTIMEO_OLD = 0x1006 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go index c2242726156..7e5f9e6aa8d 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go @@ -426,6 +426,7 @@ const ( SO_RCVBUFFORCE = 0x21 SO_RCVLOWAT = 0x10 SO_RCVMARK = 0x4b + SO_RCVPRIORITY = 0x52 SO_RCVTIMEO = 0x12 SO_RCVTIMEO_NEW = 0x42 SO_RCVTIMEO_OLD = 0x12 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go index 6270c8ee13e..37c87952fcb 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go @@ -430,6 +430,7 @@ const ( SO_RCVBUFFORCE = 0x21 SO_RCVLOWAT = 0x10 SO_RCVMARK = 0x4b + SO_RCVPRIORITY = 0x52 SO_RCVTIMEO = 0x12 SO_RCVTIMEO_NEW = 0x42 SO_RCVTIMEO_OLD = 0x12 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go index 9966c1941f8..5220133613a 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go @@ -430,6 +430,7 @@ const ( SO_RCVBUFFORCE = 0x21 SO_RCVLOWAT = 0x10 SO_RCVMARK = 0x4b + SO_RCVPRIORITY = 0x52 SO_RCVTIMEO = 0x12 SO_RCVTIMEO_NEW = 0x42 SO_RCVTIMEO_OLD = 0x12 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go index 848e5fcc42e..4bfe2b5b6e6 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go @@ -362,6 +362,7 @@ const ( SO_RCVBUFFORCE = 0x21 SO_RCVLOWAT = 0x12 SO_RCVMARK = 0x4b + SO_RCVPRIORITY = 0x52 SO_RCVTIMEO = 0x14 SO_RCVTIMEO_NEW = 0x42 SO_RCVTIMEO_OLD = 0x14 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go index 669b2adb80b..e3cffb869a3 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go @@ -434,6 +434,7 @@ const ( SO_RCVBUFFORCE = 0x21 SO_RCVLOWAT = 0x12 SO_RCVMARK = 0x4b + SO_RCVPRIORITY = 0x52 SO_RCVTIMEO = 0x14 SO_RCVTIMEO_NEW = 0x42 SO_RCVTIMEO_OLD = 0x14 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go index 4834e57514e..c219c8db396 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go @@ -473,6 +473,7 @@ const ( SO_RCVBUFFORCE = 0x100b SO_RCVLOWAT = 0x800 SO_RCVMARK = 0x54 + SO_RCVPRIORITY = 0x5b SO_RCVTIMEO = 0x2000 SO_RCVTIMEO_NEW = 0x44 SO_RCVTIMEO_OLD = 0x2000 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux.go b/vendor/golang.org/x/sys/unix/ztypes_linux.go index a46abe64720..8bcac2835f6 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux.go @@ -114,7 +114,7 @@ type Statx_t struct { Atomic_write_unit_min uint32 Atomic_write_unit_max uint32 Atomic_write_segments_max uint32 - _ [1]uint32 + Dio_read_offset_align uint32 _ [9]uint64 } @@ -2226,8 +2226,11 @@ const ( NFT_PAYLOAD_LL_HEADER = 0x0 NFT_PAYLOAD_NETWORK_HEADER = 0x1 NFT_PAYLOAD_TRANSPORT_HEADER = 0x2 + NFT_PAYLOAD_INNER_HEADER = 0x3 + NFT_PAYLOAD_TUN_HEADER = 0x4 NFT_PAYLOAD_CSUM_NONE = 0x0 NFT_PAYLOAD_CSUM_INET = 0x1 + NFT_PAYLOAD_CSUM_SCTP = 0x2 NFT_PAYLOAD_L4CSUM_PSEUDOHDR = 0x1 NFTA_PAYLOAD_UNSPEC = 0x0 NFTA_PAYLOAD_DREG = 0x1 @@ -3802,7 +3805,16 @@ const ( ETHTOOL_MSG_PSE_GET = 0x24 ETHTOOL_MSG_PSE_SET = 0x25 ETHTOOL_MSG_RSS_GET = 0x26 - ETHTOOL_MSG_USER_MAX = 0x2d + ETHTOOL_MSG_PLCA_GET_CFG = 0x27 + ETHTOOL_MSG_PLCA_SET_CFG = 0x28 + ETHTOOL_MSG_PLCA_GET_STATUS = 0x29 + ETHTOOL_MSG_MM_GET = 0x2a + ETHTOOL_MSG_MM_SET = 0x2b + ETHTOOL_MSG_MODULE_FW_FLASH_ACT = 0x2c + ETHTOOL_MSG_PHY_GET = 0x2d + ETHTOOL_MSG_TSCONFIG_GET = 0x2e + ETHTOOL_MSG_TSCONFIG_SET = 0x2f + ETHTOOL_MSG_USER_MAX = 0x2f ETHTOOL_MSG_KERNEL_NONE = 0x0 ETHTOOL_MSG_STRSET_GET_REPLY = 0x1 ETHTOOL_MSG_LINKINFO_GET_REPLY = 0x2 @@ -3842,7 +3854,17 @@ const ( ETHTOOL_MSG_MODULE_NTF = 0x24 ETHTOOL_MSG_PSE_GET_REPLY = 0x25 ETHTOOL_MSG_RSS_GET_REPLY = 0x26 - ETHTOOL_MSG_KERNEL_MAX = 0x2e + ETHTOOL_MSG_PLCA_GET_CFG_REPLY = 0x27 + ETHTOOL_MSG_PLCA_GET_STATUS_REPLY = 0x28 + ETHTOOL_MSG_PLCA_NTF = 0x29 + ETHTOOL_MSG_MM_GET_REPLY = 0x2a + ETHTOOL_MSG_MM_NTF = 0x2b + ETHTOOL_MSG_MODULE_FW_FLASH_NTF = 0x2c + ETHTOOL_MSG_PHY_GET_REPLY = 0x2d + ETHTOOL_MSG_PHY_NTF = 0x2e + ETHTOOL_MSG_TSCONFIG_GET_REPLY = 0x2f + ETHTOOL_MSG_TSCONFIG_SET_REPLY = 0x30 + ETHTOOL_MSG_KERNEL_MAX = 0x30 ETHTOOL_FLAG_COMPACT_BITSETS = 0x1 ETHTOOL_FLAG_OMIT_REPLY = 0x2 ETHTOOL_FLAG_STATS = 0x4 @@ -3949,7 +3971,12 @@ const ( ETHTOOL_A_RINGS_TCP_DATA_SPLIT = 0xb ETHTOOL_A_RINGS_CQE_SIZE = 0xc ETHTOOL_A_RINGS_TX_PUSH = 0xd - ETHTOOL_A_RINGS_MAX = 0x10 + ETHTOOL_A_RINGS_RX_PUSH = 0xe + ETHTOOL_A_RINGS_TX_PUSH_BUF_LEN = 0xf + ETHTOOL_A_RINGS_TX_PUSH_BUF_LEN_MAX = 0x10 + ETHTOOL_A_RINGS_HDS_THRESH = 0x11 + ETHTOOL_A_RINGS_HDS_THRESH_MAX = 0x12 + ETHTOOL_A_RINGS_MAX = 0x12 ETHTOOL_A_CHANNELS_UNSPEC = 0x0 ETHTOOL_A_CHANNELS_HEADER = 0x1 ETHTOOL_A_CHANNELS_RX_MAX = 0x2 @@ -4015,7 +4042,9 @@ const ( ETHTOOL_A_TSINFO_TX_TYPES = 0x3 ETHTOOL_A_TSINFO_RX_FILTERS = 0x4 ETHTOOL_A_TSINFO_PHC_INDEX = 0x5 - ETHTOOL_A_TSINFO_MAX = 0x6 + ETHTOOL_A_TSINFO_STATS = 0x6 + ETHTOOL_A_TSINFO_HWTSTAMP_PROVIDER = 0x7 + ETHTOOL_A_TSINFO_MAX = 0x7 ETHTOOL_A_CABLE_TEST_UNSPEC = 0x0 ETHTOOL_A_CABLE_TEST_HEADER = 0x1 ETHTOOL_A_CABLE_TEST_MAX = 0x1 @@ -4613,6 +4642,7 @@ const ( NL80211_ATTR_AKM_SUITES = 0x4c NL80211_ATTR_AP_ISOLATE = 0x60 NL80211_ATTR_AP_SETTINGS_FLAGS = 0x135 + NL80211_ATTR_ASSOC_SPP_AMSDU = 0x14a NL80211_ATTR_AUTH_DATA = 0x9c NL80211_ATTR_AUTH_TYPE = 0x35 NL80211_ATTR_BANDS = 0xef @@ -4623,6 +4653,7 @@ const ( NL80211_ATTR_BSS_BASIC_RATES = 0x24 NL80211_ATTR_BSS = 0x2f NL80211_ATTR_BSS_CTS_PROT = 0x1c + NL80211_ATTR_BSS_DUMP_INCLUDE_USE_DATA = 0x147 NL80211_ATTR_BSS_HT_OPMODE = 0x6d NL80211_ATTR_BSSID = 0xf5 NL80211_ATTR_BSS_SELECT = 0xe3 @@ -4682,6 +4713,7 @@ const ( NL80211_ATTR_DTIM_PERIOD = 0xd NL80211_ATTR_DURATION = 0x57 NL80211_ATTR_EHT_CAPABILITY = 0x136 + NL80211_ATTR_EMA_RNR_ELEMS = 0x145 NL80211_ATTR_EML_CAPABILITY = 0x13d NL80211_ATTR_EXT_CAPA = 0xa9 NL80211_ATTR_EXT_CAPA_MASK = 0xaa @@ -4717,6 +4749,7 @@ const ( NL80211_ATTR_HIDDEN_SSID = 0x7e NL80211_ATTR_HT_CAPABILITY = 0x1f NL80211_ATTR_HT_CAPABILITY_MASK = 0x94 + NL80211_ATTR_HW_TIMESTAMP_ENABLED = 0x144 NL80211_ATTR_IE_ASSOC_RESP = 0x80 NL80211_ATTR_IE = 0x2a NL80211_ATTR_IE_PROBE_RESP = 0x7f @@ -4747,9 +4780,10 @@ const ( NL80211_ATTR_MAC_HINT = 0xc8 NL80211_ATTR_MAC_MASK = 0xd7 NL80211_ATTR_MAX_AP_ASSOC_STA = 0xca - NL80211_ATTR_MAX = 0x14d + NL80211_ATTR_MAX = 0x150 NL80211_ATTR_MAX_CRIT_PROT_DURATION = 0xb4 NL80211_ATTR_MAX_CSA_COUNTERS = 0xce + NL80211_ATTR_MAX_HW_TIMESTAMP_PEERS = 0x143 NL80211_ATTR_MAX_MATCH_SETS = 0x85 NL80211_ATTR_MAX_NUM_AKM_SUITES = 0x13c NL80211_ATTR_MAX_NUM_PMKIDS = 0x56 @@ -4774,9 +4808,12 @@ const ( NL80211_ATTR_MGMT_SUBTYPE = 0x29 NL80211_ATTR_MLD_ADDR = 0x13a NL80211_ATTR_MLD_CAPA_AND_OPS = 0x13e + NL80211_ATTR_MLO_LINK_DISABLED = 0x146 NL80211_ATTR_MLO_LINK_ID = 0x139 NL80211_ATTR_MLO_LINKS = 0x138 NL80211_ATTR_MLO_SUPPORT = 0x13b + NL80211_ATTR_MLO_TTLM_DLINK = 0x148 + NL80211_ATTR_MLO_TTLM_ULINK = 0x149 NL80211_ATTR_MNTR_FLAGS = 0x17 NL80211_ATTR_MPATH_INFO = 0x1b NL80211_ATTR_MPATH_NEXT_HOP = 0x1a @@ -4809,12 +4846,14 @@ const ( NL80211_ATTR_PORT_AUTHORIZED = 0x103 NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN = 0x5 NL80211_ATTR_POWER_RULE_MAX_EIRP = 0x6 + NL80211_ATTR_POWER_RULE_PSD = 0x8 NL80211_ATTR_PREV_BSSID = 0x4f NL80211_ATTR_PRIVACY = 0x46 NL80211_ATTR_PROBE_RESP = 0x91 NL80211_ATTR_PROBE_RESP_OFFLOAD = 0x90 NL80211_ATTR_PROTOCOL_FEATURES = 0xad NL80211_ATTR_PS_STATE = 0x5d + NL80211_ATTR_PUNCT_BITMAP = 0x142 NL80211_ATTR_QOS_MAP = 0xc7 NL80211_ATTR_RADAR_BACKGROUND = 0x134 NL80211_ATTR_RADAR_EVENT = 0xa8 @@ -4943,7 +4982,9 @@ const ( NL80211_ATTR_WIPHY_FREQ = 0x26 NL80211_ATTR_WIPHY_FREQ_HINT = 0xc9 NL80211_ATTR_WIPHY_FREQ_OFFSET = 0x122 + NL80211_ATTR_WIPHY_INTERFACE_COMBINATIONS = 0x14c NL80211_ATTR_WIPHY_NAME = 0x2 + NL80211_ATTR_WIPHY_RADIOS = 0x14b NL80211_ATTR_WIPHY_RETRY_LONG = 0x3e NL80211_ATTR_WIPHY_RETRY_SHORT = 0x3d NL80211_ATTR_WIPHY_RTS_THRESHOLD = 0x40 @@ -4978,6 +5019,8 @@ const ( NL80211_BAND_ATTR_IFTYPE_DATA = 0x9 NL80211_BAND_ATTR_MAX = 0xd NL80211_BAND_ATTR_RATES = 0x2 + NL80211_BAND_ATTR_S1G_CAPA = 0xd + NL80211_BAND_ATTR_S1G_MCS_NSS_SET = 0xc NL80211_BAND_ATTR_VHT_CAPA = 0x8 NL80211_BAND_ATTR_VHT_MCS_SET = 0x7 NL80211_BAND_IFTYPE_ATTR_EHT_CAP_MAC = 0x8 @@ -5001,6 +5044,10 @@ const ( NL80211_BSS_BEACON_INTERVAL = 0x4 NL80211_BSS_BEACON_TSF = 0xd NL80211_BSS_BSSID = 0x1 + NL80211_BSS_CANNOT_USE_6GHZ_PWR_MISMATCH = 0x2 + NL80211_BSS_CANNOT_USE_NSTR_NONPRIMARY = 0x1 + NL80211_BSS_CANNOT_USE_REASONS = 0x18 + NL80211_BSS_CANNOT_USE_UHB_PWR_MISMATCH = 0x2 NL80211_BSS_CAPABILITY = 0x5 NL80211_BSS_CHAIN_SIGNAL = 0x13 NL80211_BSS_CHAN_WIDTH_10 = 0x1 @@ -5032,6 +5079,9 @@ const ( NL80211_BSS_STATUS = 0x9 NL80211_BSS_STATUS_IBSS_JOINED = 0x2 NL80211_BSS_TSF = 0x3 + NL80211_BSS_USE_FOR = 0x17 + NL80211_BSS_USE_FOR_MLD_LINK = 0x2 + NL80211_BSS_USE_FOR_NORMAL = 0x1 NL80211_CHAN_HT20 = 0x1 NL80211_CHAN_HT40MINUS = 0x2 NL80211_CHAN_HT40PLUS = 0x3 @@ -5117,7 +5167,8 @@ const ( NL80211_CMD_LEAVE_IBSS = 0x2c NL80211_CMD_LEAVE_MESH = 0x45 NL80211_CMD_LEAVE_OCB = 0x6d - NL80211_CMD_MAX = 0x9b + NL80211_CMD_LINKS_REMOVED = 0x9a + NL80211_CMD_MAX = 0x9d NL80211_CMD_MICHAEL_MIC_FAILURE = 0x29 NL80211_CMD_MODIFY_LINK_STA = 0x97 NL80211_CMD_NAN_MATCH = 0x78 @@ -5161,6 +5212,7 @@ const ( NL80211_CMD_SET_COALESCE = 0x65 NL80211_CMD_SET_CQM = 0x3f NL80211_CMD_SET_FILS_AAD = 0x92 + NL80211_CMD_SET_HW_TIMESTAMP = 0x99 NL80211_CMD_SET_INTERFACE = 0x6 NL80211_CMD_SET_KEY = 0xa NL80211_CMD_SET_MAC_ACL = 0x5d @@ -5180,6 +5232,7 @@ const ( NL80211_CMD_SET_SAR_SPECS = 0x8c NL80211_CMD_SET_STATION = 0x12 NL80211_CMD_SET_TID_CONFIG = 0x89 + NL80211_CMD_SET_TID_TO_LINK_MAPPING = 0x9b NL80211_CMD_SET_TX_BITRATE_MASK = 0x39 NL80211_CMD_SET_WDS_PEER = 0x42 NL80211_CMD_SET_WIPHY = 0x2 @@ -5247,6 +5300,7 @@ const ( NL80211_EXT_FEATURE_AIRTIME_FAIRNESS = 0x21 NL80211_EXT_FEATURE_AP_PMKSA_CACHING = 0x22 NL80211_EXT_FEATURE_AQL = 0x28 + NL80211_EXT_FEATURE_AUTH_AND_DEAUTH_RANDOM_TA = 0x40 NL80211_EXT_FEATURE_BEACON_PROTECTION_CLIENT = 0x2e NL80211_EXT_FEATURE_BEACON_PROTECTION = 0x29 NL80211_EXT_FEATURE_BEACON_RATE_HE = 0x36 @@ -5262,6 +5316,7 @@ const ( NL80211_EXT_FEATURE_CQM_RSSI_LIST = 0xd NL80211_EXT_FEATURE_DATA_ACK_SIGNAL_SUPPORT = 0x1b NL80211_EXT_FEATURE_DEL_IBSS_STA = 0x2c + NL80211_EXT_FEATURE_DFS_CONCURRENT = 0x43 NL80211_EXT_FEATURE_DFS_OFFLOAD = 0x19 NL80211_EXT_FEATURE_ENABLE_FTM_RESPONDER = 0x20 NL80211_EXT_FEATURE_EXT_KEY_ID = 0x24 @@ -5281,9 +5336,12 @@ const ( NL80211_EXT_FEATURE_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION = 0x14 NL80211_EXT_FEATURE_OCE_PROBE_REQ_HIGH_TX_RATE = 0x13 NL80211_EXT_FEATURE_OPERATING_CHANNEL_VALIDATION = 0x31 + NL80211_EXT_FEATURE_OWE_OFFLOAD_AP = 0x42 + NL80211_EXT_FEATURE_OWE_OFFLOAD = 0x41 NL80211_EXT_FEATURE_POWERED_ADDR_CHANGE = 0x3d NL80211_EXT_FEATURE_PROTECTED_TWT = 0x2b NL80211_EXT_FEATURE_PROT_RANGE_NEGO_AND_MEASURE = 0x39 + NL80211_EXT_FEATURE_PUNCT = 0x3e NL80211_EXT_FEATURE_RADAR_BACKGROUND = 0x3c NL80211_EXT_FEATURE_RRM = 0x1 NL80211_EXT_FEATURE_SAE_OFFLOAD_AP = 0x33 @@ -5295,8 +5353,10 @@ const ( NL80211_EXT_FEATURE_SCHED_SCAN_BAND_SPECIFIC_RSSI_THOLD = 0x23 NL80211_EXT_FEATURE_SCHED_SCAN_RELATIVE_RSSI = 0xc NL80211_EXT_FEATURE_SECURE_LTF = 0x37 + NL80211_EXT_FEATURE_SECURE_NAN = 0x3f NL80211_EXT_FEATURE_SECURE_RTT = 0x38 NL80211_EXT_FEATURE_SET_SCAN_DWELL = 0x5 + NL80211_EXT_FEATURE_SPP_AMSDU_SUPPORT = 0x44 NL80211_EXT_FEATURE_STA_TX_PWR = 0x25 NL80211_EXT_FEATURE_TXQS = 0x1c NL80211_EXT_FEATURE_UNSOL_BCAST_PROBE_RESP = 0x35 @@ -5343,7 +5403,10 @@ const ( NL80211_FREQUENCY_ATTR_2MHZ = 0x16 NL80211_FREQUENCY_ATTR_4MHZ = 0x17 NL80211_FREQUENCY_ATTR_8MHZ = 0x18 + NL80211_FREQUENCY_ATTR_ALLOW_6GHZ_VLP_AP = 0x21 + NL80211_FREQUENCY_ATTR_CAN_MONITOR = 0x20 NL80211_FREQUENCY_ATTR_DFS_CAC_TIME = 0xd + NL80211_FREQUENCY_ATTR_DFS_CONCURRENT = 0x1d NL80211_FREQUENCY_ATTR_DFS_STATE = 0x7 NL80211_FREQUENCY_ATTR_DFS_TIME = 0x8 NL80211_FREQUENCY_ATTR_DISABLED = 0x2 @@ -5357,6 +5420,8 @@ const ( NL80211_FREQUENCY_ATTR_NO_160MHZ = 0xc NL80211_FREQUENCY_ATTR_NO_20MHZ = 0x10 NL80211_FREQUENCY_ATTR_NO_320MHZ = 0x1a + NL80211_FREQUENCY_ATTR_NO_6GHZ_AFC_CLIENT = 0x1f + NL80211_FREQUENCY_ATTR_NO_6GHZ_VLP_CLIENT = 0x1e NL80211_FREQUENCY_ATTR_NO_80MHZ = 0xb NL80211_FREQUENCY_ATTR_NO_EHT = 0x1b NL80211_FREQUENCY_ATTR_NO_HE = 0x13 @@ -5364,8 +5429,11 @@ const ( NL80211_FREQUENCY_ATTR_NO_HT40_PLUS = 0xa NL80211_FREQUENCY_ATTR_NO_IBSS = 0x3 NL80211_FREQUENCY_ATTR_NO_IR = 0x3 + NL80211_FREQUENCY_ATTR_NO_UHB_AFC_CLIENT = 0x1f + NL80211_FREQUENCY_ATTR_NO_UHB_VLP_CLIENT = 0x1e NL80211_FREQUENCY_ATTR_OFFSET = 0x14 NL80211_FREQUENCY_ATTR_PASSIVE_SCAN = 0x3 + NL80211_FREQUENCY_ATTR_PSD = 0x1c NL80211_FREQUENCY_ATTR_RADAR = 0x5 NL80211_FREQUENCY_ATTR_WMM = 0x12 NL80211_FTM_RESP_ATTR_CIVICLOC = 0x3 @@ -5430,6 +5498,7 @@ const ( NL80211_IFTYPE_STATION = 0x2 NL80211_IFTYPE_UNSPECIFIED = 0x0 NL80211_IFTYPE_WDS = 0x5 + NL80211_KCK_EXT_LEN_32 = 0x20 NL80211_KCK_EXT_LEN = 0x18 NL80211_KCK_LEN = 0x10 NL80211_KEK_EXT_LEN = 0x20 @@ -5458,6 +5527,7 @@ const ( NL80211_MAX_SUPP_HT_RATES = 0x4d NL80211_MAX_SUPP_RATES = 0x20 NL80211_MAX_SUPP_REG_RULES = 0x80 + NL80211_MAX_SUPP_SELECTORS = 0x80 NL80211_MBSSID_CONFIG_ATTR_EMA = 0x5 NL80211_MBSSID_CONFIG_ATTR_INDEX = 0x3 NL80211_MBSSID_CONFIG_ATTR_MAX = 0x5 @@ -5703,11 +5773,16 @@ const ( NL80211_RADAR_PRE_CAC_EXPIRED = 0x4 NL80211_RATE_INFO_10_MHZ_WIDTH = 0xb NL80211_RATE_INFO_160_MHZ_WIDTH = 0xa + NL80211_RATE_INFO_16_MHZ_WIDTH = 0x1d + NL80211_RATE_INFO_1_MHZ_WIDTH = 0x19 + NL80211_RATE_INFO_2_MHZ_WIDTH = 0x1a NL80211_RATE_INFO_320_MHZ_WIDTH = 0x12 NL80211_RATE_INFO_40_MHZ_WIDTH = 0x3 + NL80211_RATE_INFO_4_MHZ_WIDTH = 0x1b NL80211_RATE_INFO_5_MHZ_WIDTH = 0xc NL80211_RATE_INFO_80_MHZ_WIDTH = 0x8 NL80211_RATE_INFO_80P80_MHZ_WIDTH = 0x9 + NL80211_RATE_INFO_8_MHZ_WIDTH = 0x1c NL80211_RATE_INFO_BITRATE32 = 0x5 NL80211_RATE_INFO_BITRATE = 0x1 NL80211_RATE_INFO_EHT_GI_0_8 = 0x0 @@ -5753,6 +5828,8 @@ const ( NL80211_RATE_INFO_HE_RU_ALLOC = 0x11 NL80211_RATE_INFO_MAX = 0x1d NL80211_RATE_INFO_MCS = 0x2 + NL80211_RATE_INFO_S1G_MCS = 0x17 + NL80211_RATE_INFO_S1G_NSS = 0x18 NL80211_RATE_INFO_SHORT_GI = 0x4 NL80211_RATE_INFO_VHT_MCS = 0x6 NL80211_RATE_INFO_VHT_NSS = 0x7 @@ -5770,14 +5847,19 @@ const ( NL80211_REKEY_DATA_KEK = 0x1 NL80211_REKEY_DATA_REPLAY_CTR = 0x3 NL80211_REPLAY_CTR_LEN = 0x8 + NL80211_RRF_ALLOW_6GHZ_VLP_AP = 0x1000000 NL80211_RRF_AUTO_BW = 0x800 NL80211_RRF_DFS = 0x10 + NL80211_RRF_DFS_CONCURRENT = 0x200000 NL80211_RRF_GO_CONCURRENT = 0x1000 NL80211_RRF_IR_CONCURRENT = 0x1000 NL80211_RRF_NO_160MHZ = 0x10000 NL80211_RRF_NO_320MHZ = 0x40000 + NL80211_RRF_NO_6GHZ_AFC_CLIENT = 0x800000 + NL80211_RRF_NO_6GHZ_VLP_CLIENT = 0x400000 NL80211_RRF_NO_80MHZ = 0x8000 NL80211_RRF_NO_CCK = 0x2 + NL80211_RRF_NO_EHT = 0x80000 NL80211_RRF_NO_HE = 0x20000 NL80211_RRF_NO_HT40 = 0x6000 NL80211_RRF_NO_HT40MINUS = 0x2000 @@ -5788,7 +5870,10 @@ const ( NL80211_RRF_NO_IR = 0x80 NL80211_RRF_NO_OFDM = 0x1 NL80211_RRF_NO_OUTDOOR = 0x8 + NL80211_RRF_NO_UHB_AFC_CLIENT = 0x800000 + NL80211_RRF_NO_UHB_VLP_CLIENT = 0x400000 NL80211_RRF_PASSIVE_SCAN = 0x80 + NL80211_RRF_PSD = 0x100000 NL80211_RRF_PTMP_ONLY = 0x40 NL80211_RRF_PTP_ONLY = 0x20 NL80211_RXMGMT_FLAG_ANSWERED = 0x1 @@ -5849,6 +5934,7 @@ const ( NL80211_STA_FLAG_MAX_OLD_API = 0x6 NL80211_STA_FLAG_MFP = 0x4 NL80211_STA_FLAG_SHORT_PREAMBLE = 0x2 + NL80211_STA_FLAG_SPP_AMSDU = 0x8 NL80211_STA_FLAG_TDLS_PEER = 0x6 NL80211_STA_FLAG_WME = 0x3 NL80211_STA_INFO_ACK_SIGNAL_AVG = 0x23 @@ -6007,6 +6093,13 @@ const ( NL80211_VHT_CAPABILITY_LEN = 0xc NL80211_VHT_NSS_MAX = 0x8 NL80211_WIPHY_NAME_MAXLEN = 0x40 + NL80211_WIPHY_RADIO_ATTR_FREQ_RANGE = 0x2 + NL80211_WIPHY_RADIO_ATTR_INDEX = 0x1 + NL80211_WIPHY_RADIO_ATTR_INTERFACE_COMBINATION = 0x3 + NL80211_WIPHY_RADIO_ATTR_MAX = 0x4 + NL80211_WIPHY_RADIO_FREQ_ATTR_END = 0x2 + NL80211_WIPHY_RADIO_FREQ_ATTR_MAX = 0x2 + NL80211_WIPHY_RADIO_FREQ_ATTR_START = 0x1 NL80211_WMMR_AIFSN = 0x3 NL80211_WMMR_CW_MAX = 0x2 NL80211_WMMR_CW_MIN = 0x1 @@ -6038,6 +6131,7 @@ const ( NL80211_WOWLAN_TRIG_PKT_PATTERN = 0x4 NL80211_WOWLAN_TRIG_RFKILL_RELEASE = 0x9 NL80211_WOWLAN_TRIG_TCP_CONNECTION = 0xe + NL80211_WOWLAN_TRIG_UNPROTECTED_DEAUTH_DISASSOC = 0x14 NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211 = 0xa NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211_LEN = 0xb NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023 = 0xc diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_386.go b/vendor/golang.org/x/sys/unix/ztypes_linux_386.go index fd402da43fc..62db85f6cb7 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_386.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_386.go @@ -285,10 +285,16 @@ type Taskstats struct { _ [4]byte Cpu_count uint64 Cpu_delay_total uint64 + Cpu_delay_max uint64 + Cpu_delay_min uint64 Blkio_count uint64 Blkio_delay_total uint64 + Blkio_delay_max uint64 + Blkio_delay_min uint64 Swapin_count uint64 Swapin_delay_total uint64 + Swapin_delay_max uint64 + Swapin_delay_min uint64 Cpu_run_real_total uint64 Cpu_run_virtual_total uint64 Ac_comm [32]int8 @@ -324,11 +330,17 @@ type Taskstats struct { Cpu_scaled_run_real_total uint64 Freepages_count uint64 Freepages_delay_total uint64 + Freepages_delay_max uint64 + Freepages_delay_min uint64 Thrashing_count uint64 Thrashing_delay_total uint64 + Thrashing_delay_max uint64 + Thrashing_delay_min uint64 Ac_btime64 uint64 Compact_count uint64 Compact_delay_total uint64 + Compact_delay_max uint64 + Compact_delay_min uint64 Ac_tgid uint32 _ [4]byte Ac_tgetime uint64 @@ -336,8 +348,12 @@ type Taskstats struct { Ac_exe_inode uint64 Wpcopy_count uint64 Wpcopy_delay_total uint64 + Wpcopy_delay_max uint64 + Wpcopy_delay_min uint64 Irq_count uint64 Irq_delay_total uint64 + Irq_delay_max uint64 + Irq_delay_min uint64 } type cpuMask uint32 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go index eb7a5e1864a..7d89d648d9a 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go @@ -300,10 +300,16 @@ type Taskstats struct { Ac_nice uint8 Cpu_count uint64 Cpu_delay_total uint64 + Cpu_delay_max uint64 + Cpu_delay_min uint64 Blkio_count uint64 Blkio_delay_total uint64 + Blkio_delay_max uint64 + Blkio_delay_min uint64 Swapin_count uint64 Swapin_delay_total uint64 + Swapin_delay_max uint64 + Swapin_delay_min uint64 Cpu_run_real_total uint64 Cpu_run_virtual_total uint64 Ac_comm [32]int8 @@ -338,19 +344,29 @@ type Taskstats struct { Cpu_scaled_run_real_total uint64 Freepages_count uint64 Freepages_delay_total uint64 + Freepages_delay_max uint64 + Freepages_delay_min uint64 Thrashing_count uint64 Thrashing_delay_total uint64 + Thrashing_delay_max uint64 + Thrashing_delay_min uint64 Ac_btime64 uint64 Compact_count uint64 Compact_delay_total uint64 + Compact_delay_max uint64 + Compact_delay_min uint64 Ac_tgid uint32 Ac_tgetime uint64 Ac_exe_dev uint64 Ac_exe_inode uint64 Wpcopy_count uint64 Wpcopy_delay_total uint64 + Wpcopy_delay_max uint64 + Wpcopy_delay_min uint64 Irq_count uint64 Irq_delay_total uint64 + Irq_delay_max uint64 + Irq_delay_min uint64 } type cpuMask uint64 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go b/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go index d78ac108b6c..9c0b39eec76 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go @@ -276,10 +276,16 @@ type Taskstats struct { _ [4]byte Cpu_count uint64 Cpu_delay_total uint64 + Cpu_delay_max uint64 + Cpu_delay_min uint64 Blkio_count uint64 Blkio_delay_total uint64 + Blkio_delay_max uint64 + Blkio_delay_min uint64 Swapin_count uint64 Swapin_delay_total uint64 + Swapin_delay_max uint64 + Swapin_delay_min uint64 Cpu_run_real_total uint64 Cpu_run_virtual_total uint64 Ac_comm [32]uint8 @@ -315,11 +321,17 @@ type Taskstats struct { Cpu_scaled_run_real_total uint64 Freepages_count uint64 Freepages_delay_total uint64 + Freepages_delay_max uint64 + Freepages_delay_min uint64 Thrashing_count uint64 Thrashing_delay_total uint64 + Thrashing_delay_max uint64 + Thrashing_delay_min uint64 Ac_btime64 uint64 Compact_count uint64 Compact_delay_total uint64 + Compact_delay_max uint64 + Compact_delay_min uint64 Ac_tgid uint32 _ [4]byte Ac_tgetime uint64 @@ -327,8 +339,12 @@ type Taskstats struct { Ac_exe_inode uint64 Wpcopy_count uint64 Wpcopy_delay_total uint64 + Wpcopy_delay_max uint64 + Wpcopy_delay_min uint64 Irq_count uint64 Irq_delay_total uint64 + Irq_delay_max uint64 + Irq_delay_min uint64 } type cpuMask uint32 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go index cd06d47f1f7..de9c7ff36cf 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go @@ -279,10 +279,16 @@ type Taskstats struct { Ac_nice uint8 Cpu_count uint64 Cpu_delay_total uint64 + Cpu_delay_max uint64 + Cpu_delay_min uint64 Blkio_count uint64 Blkio_delay_total uint64 + Blkio_delay_max uint64 + Blkio_delay_min uint64 Swapin_count uint64 Swapin_delay_total uint64 + Swapin_delay_max uint64 + Swapin_delay_min uint64 Cpu_run_real_total uint64 Cpu_run_virtual_total uint64 Ac_comm [32]int8 @@ -317,19 +323,29 @@ type Taskstats struct { Cpu_scaled_run_real_total uint64 Freepages_count uint64 Freepages_delay_total uint64 + Freepages_delay_max uint64 + Freepages_delay_min uint64 Thrashing_count uint64 Thrashing_delay_total uint64 + Thrashing_delay_max uint64 + Thrashing_delay_min uint64 Ac_btime64 uint64 Compact_count uint64 Compact_delay_total uint64 + Compact_delay_max uint64 + Compact_delay_min uint64 Ac_tgid uint32 Ac_tgetime uint64 Ac_exe_dev uint64 Ac_exe_inode uint64 Wpcopy_count uint64 Wpcopy_delay_total uint64 + Wpcopy_delay_max uint64 + Wpcopy_delay_min uint64 Irq_count uint64 Irq_delay_total uint64 + Irq_delay_max uint64 + Irq_delay_min uint64 } type cpuMask uint64 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go index 2f28fe26c1a..2336bd2bf09 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go @@ -280,10 +280,16 @@ type Taskstats struct { Ac_nice uint8 Cpu_count uint64 Cpu_delay_total uint64 + Cpu_delay_max uint64 + Cpu_delay_min uint64 Blkio_count uint64 Blkio_delay_total uint64 + Blkio_delay_max uint64 + Blkio_delay_min uint64 Swapin_count uint64 Swapin_delay_total uint64 + Swapin_delay_max uint64 + Swapin_delay_min uint64 Cpu_run_real_total uint64 Cpu_run_virtual_total uint64 Ac_comm [32]int8 @@ -318,19 +324,29 @@ type Taskstats struct { Cpu_scaled_run_real_total uint64 Freepages_count uint64 Freepages_delay_total uint64 + Freepages_delay_max uint64 + Freepages_delay_min uint64 Thrashing_count uint64 Thrashing_delay_total uint64 + Thrashing_delay_max uint64 + Thrashing_delay_min uint64 Ac_btime64 uint64 Compact_count uint64 Compact_delay_total uint64 + Compact_delay_max uint64 + Compact_delay_min uint64 Ac_tgid uint32 Ac_tgetime uint64 Ac_exe_dev uint64 Ac_exe_inode uint64 Wpcopy_count uint64 Wpcopy_delay_total uint64 + Wpcopy_delay_max uint64 + Wpcopy_delay_min uint64 Irq_count uint64 Irq_delay_total uint64 + Irq_delay_max uint64 + Irq_delay_min uint64 } type cpuMask uint64 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go index 71d6cac2f1a..4711f0be16d 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go @@ -281,10 +281,16 @@ type Taskstats struct { _ [4]byte Cpu_count uint64 Cpu_delay_total uint64 + Cpu_delay_max uint64 + Cpu_delay_min uint64 Blkio_count uint64 Blkio_delay_total uint64 + Blkio_delay_max uint64 + Blkio_delay_min uint64 Swapin_count uint64 Swapin_delay_total uint64 + Swapin_delay_max uint64 + Swapin_delay_min uint64 Cpu_run_real_total uint64 Cpu_run_virtual_total uint64 Ac_comm [32]int8 @@ -320,11 +326,17 @@ type Taskstats struct { Cpu_scaled_run_real_total uint64 Freepages_count uint64 Freepages_delay_total uint64 + Freepages_delay_max uint64 + Freepages_delay_min uint64 Thrashing_count uint64 Thrashing_delay_total uint64 + Thrashing_delay_max uint64 + Thrashing_delay_min uint64 Ac_btime64 uint64 Compact_count uint64 Compact_delay_total uint64 + Compact_delay_max uint64 + Compact_delay_min uint64 Ac_tgid uint32 _ [4]byte Ac_tgetime uint64 @@ -332,8 +344,12 @@ type Taskstats struct { Ac_exe_inode uint64 Wpcopy_count uint64 Wpcopy_delay_total uint64 + Wpcopy_delay_max uint64 + Wpcopy_delay_min uint64 Irq_count uint64 Irq_delay_total uint64 + Irq_delay_max uint64 + Irq_delay_min uint64 } type cpuMask uint32 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go index 8596d453563..ab99a34b996 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go @@ -282,10 +282,16 @@ type Taskstats struct { Ac_nice uint8 Cpu_count uint64 Cpu_delay_total uint64 + Cpu_delay_max uint64 + Cpu_delay_min uint64 Blkio_count uint64 Blkio_delay_total uint64 + Blkio_delay_max uint64 + Blkio_delay_min uint64 Swapin_count uint64 Swapin_delay_total uint64 + Swapin_delay_max uint64 + Swapin_delay_min uint64 Cpu_run_real_total uint64 Cpu_run_virtual_total uint64 Ac_comm [32]int8 @@ -320,19 +326,29 @@ type Taskstats struct { Cpu_scaled_run_real_total uint64 Freepages_count uint64 Freepages_delay_total uint64 + Freepages_delay_max uint64 + Freepages_delay_min uint64 Thrashing_count uint64 Thrashing_delay_total uint64 + Thrashing_delay_max uint64 + Thrashing_delay_min uint64 Ac_btime64 uint64 Compact_count uint64 Compact_delay_total uint64 + Compact_delay_max uint64 + Compact_delay_min uint64 Ac_tgid uint32 Ac_tgetime uint64 Ac_exe_dev uint64 Ac_exe_inode uint64 Wpcopy_count uint64 Wpcopy_delay_total uint64 + Wpcopy_delay_max uint64 + Wpcopy_delay_min uint64 Irq_count uint64 Irq_delay_total uint64 + Irq_delay_max uint64 + Irq_delay_min uint64 } type cpuMask uint64 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go index cd60ea18662..04c9866e3cf 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go @@ -282,10 +282,16 @@ type Taskstats struct { Ac_nice uint8 Cpu_count uint64 Cpu_delay_total uint64 + Cpu_delay_max uint64 + Cpu_delay_min uint64 Blkio_count uint64 Blkio_delay_total uint64 + Blkio_delay_max uint64 + Blkio_delay_min uint64 Swapin_count uint64 Swapin_delay_total uint64 + Swapin_delay_max uint64 + Swapin_delay_min uint64 Cpu_run_real_total uint64 Cpu_run_virtual_total uint64 Ac_comm [32]int8 @@ -320,19 +326,29 @@ type Taskstats struct { Cpu_scaled_run_real_total uint64 Freepages_count uint64 Freepages_delay_total uint64 + Freepages_delay_max uint64 + Freepages_delay_min uint64 Thrashing_count uint64 Thrashing_delay_total uint64 + Thrashing_delay_max uint64 + Thrashing_delay_min uint64 Ac_btime64 uint64 Compact_count uint64 Compact_delay_total uint64 + Compact_delay_max uint64 + Compact_delay_min uint64 Ac_tgid uint32 Ac_tgetime uint64 Ac_exe_dev uint64 Ac_exe_inode uint64 Wpcopy_count uint64 Wpcopy_delay_total uint64 + Wpcopy_delay_max uint64 + Wpcopy_delay_min uint64 Irq_count uint64 Irq_delay_total uint64 + Irq_delay_max uint64 + Irq_delay_min uint64 } type cpuMask uint64 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go index b0ae420c489..60aa69f618c 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go @@ -281,10 +281,16 @@ type Taskstats struct { _ [4]byte Cpu_count uint64 Cpu_delay_total uint64 + Cpu_delay_max uint64 + Cpu_delay_min uint64 Blkio_count uint64 Blkio_delay_total uint64 + Blkio_delay_max uint64 + Blkio_delay_min uint64 Swapin_count uint64 Swapin_delay_total uint64 + Swapin_delay_max uint64 + Swapin_delay_min uint64 Cpu_run_real_total uint64 Cpu_run_virtual_total uint64 Ac_comm [32]int8 @@ -320,11 +326,17 @@ type Taskstats struct { Cpu_scaled_run_real_total uint64 Freepages_count uint64 Freepages_delay_total uint64 + Freepages_delay_max uint64 + Freepages_delay_min uint64 Thrashing_count uint64 Thrashing_delay_total uint64 + Thrashing_delay_max uint64 + Thrashing_delay_min uint64 Ac_btime64 uint64 Compact_count uint64 Compact_delay_total uint64 + Compact_delay_max uint64 + Compact_delay_min uint64 Ac_tgid uint32 _ [4]byte Ac_tgetime uint64 @@ -332,8 +344,12 @@ type Taskstats struct { Ac_exe_inode uint64 Wpcopy_count uint64 Wpcopy_delay_total uint64 + Wpcopy_delay_max uint64 + Wpcopy_delay_min uint64 Irq_count uint64 Irq_delay_total uint64 + Irq_delay_max uint64 + Irq_delay_min uint64 } type cpuMask uint32 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go index 8359728759b..cb4fad785d1 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go @@ -288,10 +288,16 @@ type Taskstats struct { _ [4]byte Cpu_count uint64 Cpu_delay_total uint64 + Cpu_delay_max uint64 + Cpu_delay_min uint64 Blkio_count uint64 Blkio_delay_total uint64 + Blkio_delay_max uint64 + Blkio_delay_min uint64 Swapin_count uint64 Swapin_delay_total uint64 + Swapin_delay_max uint64 + Swapin_delay_min uint64 Cpu_run_real_total uint64 Cpu_run_virtual_total uint64 Ac_comm [32]uint8 @@ -327,11 +333,17 @@ type Taskstats struct { Cpu_scaled_run_real_total uint64 Freepages_count uint64 Freepages_delay_total uint64 + Freepages_delay_max uint64 + Freepages_delay_min uint64 Thrashing_count uint64 Thrashing_delay_total uint64 + Thrashing_delay_max uint64 + Thrashing_delay_min uint64 Ac_btime64 uint64 Compact_count uint64 Compact_delay_total uint64 + Compact_delay_max uint64 + Compact_delay_min uint64 Ac_tgid uint32 _ [4]byte Ac_tgetime uint64 @@ -339,8 +351,12 @@ type Taskstats struct { Ac_exe_inode uint64 Wpcopy_count uint64 Wpcopy_delay_total uint64 + Wpcopy_delay_max uint64 + Wpcopy_delay_min uint64 Irq_count uint64 Irq_delay_total uint64 + Irq_delay_max uint64 + Irq_delay_min uint64 } type cpuMask uint32 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go index 69eb6a5c689..60272cfce86 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go @@ -289,10 +289,16 @@ type Taskstats struct { Ac_nice uint8 Cpu_count uint64 Cpu_delay_total uint64 + Cpu_delay_max uint64 + Cpu_delay_min uint64 Blkio_count uint64 Blkio_delay_total uint64 + Blkio_delay_max uint64 + Blkio_delay_min uint64 Swapin_count uint64 Swapin_delay_total uint64 + Swapin_delay_max uint64 + Swapin_delay_min uint64 Cpu_run_real_total uint64 Cpu_run_virtual_total uint64 Ac_comm [32]uint8 @@ -327,19 +333,29 @@ type Taskstats struct { Cpu_scaled_run_real_total uint64 Freepages_count uint64 Freepages_delay_total uint64 + Freepages_delay_max uint64 + Freepages_delay_min uint64 Thrashing_count uint64 Thrashing_delay_total uint64 + Thrashing_delay_max uint64 + Thrashing_delay_min uint64 Ac_btime64 uint64 Compact_count uint64 Compact_delay_total uint64 + Compact_delay_max uint64 + Compact_delay_min uint64 Ac_tgid uint32 Ac_tgetime uint64 Ac_exe_dev uint64 Ac_exe_inode uint64 Wpcopy_count uint64 Wpcopy_delay_total uint64 + Wpcopy_delay_max uint64 + Wpcopy_delay_min uint64 Irq_count uint64 Irq_delay_total uint64 + Irq_delay_max uint64 + Irq_delay_min uint64 } type cpuMask uint64 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go index 5f583cb62bf..3f5b91bc0d5 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go @@ -289,10 +289,16 @@ type Taskstats struct { Ac_nice uint8 Cpu_count uint64 Cpu_delay_total uint64 + Cpu_delay_max uint64 + Cpu_delay_min uint64 Blkio_count uint64 Blkio_delay_total uint64 + Blkio_delay_max uint64 + Blkio_delay_min uint64 Swapin_count uint64 Swapin_delay_total uint64 + Swapin_delay_max uint64 + Swapin_delay_min uint64 Cpu_run_real_total uint64 Cpu_run_virtual_total uint64 Ac_comm [32]uint8 @@ -327,19 +333,29 @@ type Taskstats struct { Cpu_scaled_run_real_total uint64 Freepages_count uint64 Freepages_delay_total uint64 + Freepages_delay_max uint64 + Freepages_delay_min uint64 Thrashing_count uint64 Thrashing_delay_total uint64 + Thrashing_delay_max uint64 + Thrashing_delay_min uint64 Ac_btime64 uint64 Compact_count uint64 Compact_delay_total uint64 + Compact_delay_max uint64 + Compact_delay_min uint64 Ac_tgid uint32 Ac_tgetime uint64 Ac_exe_dev uint64 Ac_exe_inode uint64 Wpcopy_count uint64 Wpcopy_delay_total uint64 + Wpcopy_delay_max uint64 + Wpcopy_delay_min uint64 Irq_count uint64 Irq_delay_total uint64 + Irq_delay_max uint64 + Irq_delay_min uint64 } type cpuMask uint64 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go index ad05b51a603..51550f15a63 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go @@ -307,10 +307,16 @@ type Taskstats struct { Ac_nice uint8 Cpu_count uint64 Cpu_delay_total uint64 + Cpu_delay_max uint64 + Cpu_delay_min uint64 Blkio_count uint64 Blkio_delay_total uint64 + Blkio_delay_max uint64 + Blkio_delay_min uint64 Swapin_count uint64 Swapin_delay_total uint64 + Swapin_delay_max uint64 + Swapin_delay_min uint64 Cpu_run_real_total uint64 Cpu_run_virtual_total uint64 Ac_comm [32]uint8 @@ -345,19 +351,29 @@ type Taskstats struct { Cpu_scaled_run_real_total uint64 Freepages_count uint64 Freepages_delay_total uint64 + Freepages_delay_max uint64 + Freepages_delay_min uint64 Thrashing_count uint64 Thrashing_delay_total uint64 + Thrashing_delay_max uint64 + Thrashing_delay_min uint64 Ac_btime64 uint64 Compact_count uint64 Compact_delay_total uint64 + Compact_delay_max uint64 + Compact_delay_min uint64 Ac_tgid uint32 Ac_tgetime uint64 Ac_exe_dev uint64 Ac_exe_inode uint64 Wpcopy_count uint64 Wpcopy_delay_total uint64 + Wpcopy_delay_max uint64 + Wpcopy_delay_min uint64 Irq_count uint64 Irq_delay_total uint64 + Irq_delay_max uint64 + Irq_delay_min uint64 } type cpuMask uint64 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go b/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go index cf3ce900377..3239e50e0e2 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go @@ -302,10 +302,16 @@ type Taskstats struct { Ac_nice uint8 Cpu_count uint64 Cpu_delay_total uint64 + Cpu_delay_max uint64 + Cpu_delay_min uint64 Blkio_count uint64 Blkio_delay_total uint64 + Blkio_delay_max uint64 + Blkio_delay_min uint64 Swapin_count uint64 Swapin_delay_total uint64 + Swapin_delay_max uint64 + Swapin_delay_min uint64 Cpu_run_real_total uint64 Cpu_run_virtual_total uint64 Ac_comm [32]int8 @@ -340,19 +346,29 @@ type Taskstats struct { Cpu_scaled_run_real_total uint64 Freepages_count uint64 Freepages_delay_total uint64 + Freepages_delay_max uint64 + Freepages_delay_min uint64 Thrashing_count uint64 Thrashing_delay_total uint64 + Thrashing_delay_max uint64 + Thrashing_delay_min uint64 Ac_btime64 uint64 Compact_count uint64 Compact_delay_total uint64 + Compact_delay_max uint64 + Compact_delay_min uint64 Ac_tgid uint32 Ac_tgetime uint64 Ac_exe_dev uint64 Ac_exe_inode uint64 Wpcopy_count uint64 Wpcopy_delay_total uint64 + Wpcopy_delay_max uint64 + Wpcopy_delay_min uint64 Irq_count uint64 Irq_delay_total uint64 + Irq_delay_max uint64 + Irq_delay_min uint64 } type cpuMask uint64 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go index 590b56739c5..faf20027831 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go @@ -284,10 +284,16 @@ type Taskstats struct { Ac_nice uint8 Cpu_count uint64 Cpu_delay_total uint64 + Cpu_delay_max uint64 + Cpu_delay_min uint64 Blkio_count uint64 Blkio_delay_total uint64 + Blkio_delay_max uint64 + Blkio_delay_min uint64 Swapin_count uint64 Swapin_delay_total uint64 + Swapin_delay_max uint64 + Swapin_delay_min uint64 Cpu_run_real_total uint64 Cpu_run_virtual_total uint64 Ac_comm [32]int8 @@ -322,19 +328,29 @@ type Taskstats struct { Cpu_scaled_run_real_total uint64 Freepages_count uint64 Freepages_delay_total uint64 + Freepages_delay_max uint64 + Freepages_delay_min uint64 Thrashing_count uint64 Thrashing_delay_total uint64 + Thrashing_delay_max uint64 + Thrashing_delay_min uint64 Ac_btime64 uint64 Compact_count uint64 Compact_delay_total uint64 + Compact_delay_max uint64 + Compact_delay_min uint64 Ac_tgid uint32 Ac_tgetime uint64 Ac_exe_dev uint64 Ac_exe_inode uint64 Wpcopy_count uint64 Wpcopy_delay_total uint64 + Wpcopy_delay_max uint64 + Wpcopy_delay_min uint64 Irq_count uint64 Irq_delay_total uint64 + Irq_delay_max uint64 + Irq_delay_min uint64 } type cpuMask uint64 diff --git a/vendor/modules.txt b/vendor/modules.txt index 86aaddac8cb..0d039051384 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -94,7 +94,7 @@ github.com/vishvananda/netns # golang.org/x/net v0.41.0 ## explicit; go 1.23.0 golang.org/x/net/bpf -# golang.org/x/sys v0.33.0 +# golang.org/x/sys v0.34.0 ## explicit; go 1.23.0 golang.org/x/sys/unix golang.org/x/sys/windows From b3432118edfd9b600a68ed1a01c0ae98fb195871 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 14 Jul 2025 15:06:24 -0700 Subject: [PATCH 0967/1176] tests/int/cgroups.bats: exclude dmem controller The dmem controller is added into kernel v6.13 and is now enabled in Fedora 42 kernels. Yet, systemd is not aware of dmem. This fixes the test case failure on Fedora. For the initial test case, see commit 27515719. For earlier commits similar to this one, see commits 601cf582, 05272718, e83ca519. Signed-off-by: Kir Kolyshkin --- tests/integration/cgroups.bats | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/integration/cgroups.bats b/tests/integration/cgroups.bats index 88d2eb89e35..8ef7d081169 100644 --- a/tests/integration/cgroups.bats +++ b/tests/integration/cgroups.bats @@ -50,7 +50,7 @@ function setup() { check_cgroup_value "cgroup.controllers" "$(cat /sys/fs/cgroup/machine.slice/cgroup.controllers)" else # Filter out controllers that systemd is unable to delegate. - check_cgroup_value "cgroup.controllers" "$(sed 's/ \(hugetlb\|misc\|rdma\)//g' Date: Tue, 15 Jul 2025 06:35:26 +0000 Subject: [PATCH 0968/1176] build(deps): bump github.com/opencontainers/cgroups from 0.0.3 to 0.0.4 Bumps [github.com/opencontainers/cgroups](https://github.com/opencontainers/cgroups) from 0.0.3 to 0.0.4. - [Release notes](https://github.com/opencontainers/cgroups/releases) - [Changelog](https://github.com/opencontainers/cgroups/blob/main/RELEASES.md) - [Commits](https://github.com/opencontainers/cgroups/compare/v0.0.3...v0.0.4) --- updated-dependencies: - dependency-name: github.com/opencontainers/cgroups dependency-version: 0.0.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 +-- .../opencontainers/cgroups/fs2/freezer.go | 32 ++++++++++++++----- .../opencontainers/cgroups/fs2/hugetlb.go | 5 +-- vendor/modules.txt | 2 +- 5 files changed, 31 insertions(+), 14 deletions(-) diff --git a/go.mod b/go.mod index 7924f69f3c1..16502de7b3e 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/moby/sys/user v0.4.0 github.com/moby/sys/userns v0.1.0 github.com/mrunalp/fileutils v0.5.1 - github.com/opencontainers/cgroups v0.0.3 + github.com/opencontainers/cgroups v0.0.4 github.com/opencontainers/runtime-spec v1.2.2-0.20250401095657-e935f995dd67 github.com/opencontainers/selinux v1.12.0 github.com/seccomp/libseccomp-golang v0.11.0 diff --git a/go.sum b/go.sum index 91fdf138b16..87bb5a7f060 100644 --- a/go.sum +++ b/go.sum @@ -45,8 +45,8 @@ github.com/moby/sys/userns v0.1.0 h1:tVLXkFOxVu9A64/yh59slHVv9ahO9UIev4JZusOLG/g github.com/moby/sys/userns v0.1.0/go.mod h1:IHUYgu/kao6N8YZlp9Cf444ySSvCmDlmzUcYfDHOl28= github.com/mrunalp/fileutils v0.5.1 h1:F+S7ZlNKnrwHfSwdlgNSkKo67ReVf8o9fel6C3dkm/Q= github.com/mrunalp/fileutils v0.5.1/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ= -github.com/opencontainers/cgroups v0.0.3 h1:Jc9dWh/0YLGjdy6J/9Ln8NM5BfTA4W2BY0GMozy3aDU= -github.com/opencontainers/cgroups v0.0.3/go.mod h1:s8lktyhlGUqM7OSRL5P7eAW6Wb+kWPNvt4qvVfzA5vs= +github.com/opencontainers/cgroups v0.0.4 h1:XVj8P/IHVms/j+7eh8ggdkTLAxjz84ZzuFyGoE28DR4= +github.com/opencontainers/cgroups v0.0.4/go.mod h1:s8lktyhlGUqM7OSRL5P7eAW6Wb+kWPNvt4qvVfzA5vs= github.com/opencontainers/runtime-spec v1.2.2-0.20250401095657-e935f995dd67 h1:Q+KewUGTMamIe6Q39xCD/T1NC1POmaTlWnhjikCrZHA= github.com/opencontainers/runtime-spec v1.2.2-0.20250401095657-e935f995dd67/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/selinux v1.12.0 h1:6n5JV4Cf+4y0KNXW48TLj5DwfXpvWlxXplUkdTrmPb8= diff --git a/vendor/github.com/opencontainers/cgroups/fs2/freezer.go b/vendor/github.com/opencontainers/cgroups/fs2/freezer.go index f0192f0955d..6307e68db7e 100644 --- a/vendor/github.com/opencontainers/cgroups/fs2/freezer.go +++ b/vendor/github.com/opencontainers/cgroups/fs2/freezer.go @@ -53,12 +53,9 @@ func setFreezer(dirPath string, state cgroups.FreezerState) error { func getFreezer(dirPath string) (cgroups.FreezerState, error) { fd, err := cgroups.OpenFile(dirPath, "cgroup.freeze", unix.O_RDONLY) if err != nil { - // If the kernel is too old, then we just treat the freezer as being in - // an "undefined" state. - if os.IsNotExist(err) || errors.Is(err, unix.ENODEV) { - err = nil - } - return cgroups.Undefined, err + // If the kernel is too old, then we just treat the freezer as + // being in an "undefined" state and ignore the error. + return cgroups.Undefined, ignoreNotExistOrNoDeviceError(err) } defer fd.Close() @@ -67,11 +64,15 @@ func getFreezer(dirPath string) (cgroups.FreezerState, error) { func readFreezer(dirPath string, fd *os.File) (cgroups.FreezerState, error) { if _, err := fd.Seek(0, 0); err != nil { - return cgroups.Undefined, err + // If the cgroup path is deleted at this point, then we just treat the freezer as + // being in an "undefined" state and ignore the error. + return cgroups.Undefined, ignoreNotExistOrNoDeviceError(err) } state := make([]byte, 2) if _, err := fd.Read(state); err != nil { - return cgroups.Undefined, err + // If the cgroup path is deleted at this point, then we just treat the freezer as + // being in an "undefined" state and ignore the error. + return cgroups.Undefined, ignoreNotExistOrNoDeviceError(err) } switch string(state) { case "0\n": @@ -83,6 +84,21 @@ func readFreezer(dirPath string, fd *os.File) (cgroups.FreezerState, error) { } } +// ignoreNotExistOrNoDeviceError checks if the error is either a "not exist" error +// or a "no device" error, and returns nil in those cases. Otherwise, it returns the error. +func ignoreNotExistOrNoDeviceError(err error) error { + // We can safely ignore the error in the following two common situations: + // 1. The cgroup path does not exist at the time of opening(eg: the kernel is too old) + // — indicated by os.IsNotExist. + // 2. The cgroup path is deleted during the seek/read operation — indicated by + // errors.Is(err, unix.ENODEV). + // These conditions are expected and do not require special handling. + if os.IsNotExist(err) || errors.Is(err, unix.ENODEV) { + return nil + } + return err +} + // waitFrozen polls cgroup.events until it sees "frozen 1" in it. func waitFrozen(dirPath string) (cgroups.FreezerState, error) { fd, err := cgroups.OpenFile(dirPath, "cgroup.events", unix.O_RDONLY) diff --git a/vendor/github.com/opencontainers/cgroups/fs2/hugetlb.go b/vendor/github.com/opencontainers/cgroups/fs2/hugetlb.go index 8e1ac874a58..bab9b556872 100644 --- a/vendor/github.com/opencontainers/cgroups/fs2/hugetlb.go +++ b/vendor/github.com/opencontainers/cgroups/fs2/hugetlb.go @@ -43,10 +43,11 @@ func setHugeTlb(dirPath string, r *cgroups.Resources) error { func statHugeTlb(dirPath string, stats *cgroups.Stats) error { hugetlbStats := cgroups.HugetlbStats{} rsvd := ".rsvd" + for _, pagesize := range cgroups.HugePageSizes() { + prefix := "hugetlb." + pagesize again: - prefix := "hugetlb." + pagesize + rsvd - value, err := fscommon.GetCgroupParamUint(dirPath, prefix+".current") + value, err := fscommon.GetCgroupParamUint(dirPath, prefix+rsvd+".current") if err != nil { if rsvd != "" && errors.Is(err, os.ErrNotExist) { rsvd = "" diff --git a/vendor/modules.txt b/vendor/modules.txt index 0d039051384..d7990d2a80f 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -51,7 +51,7 @@ github.com/moby/sys/userns # github.com/mrunalp/fileutils v0.5.1 ## explicit; go 1.13 github.com/mrunalp/fileutils -# github.com/opencontainers/cgroups v0.0.3 +# github.com/opencontainers/cgroups v0.0.4 ## explicit; go 1.23.0 github.com/opencontainers/cgroups github.com/opencontainers/cgroups/devices From 859feb8e449c6fc65e0405b35eb6b07a667037d2 Mon Sep 17 00:00:00 2001 From: jokemanfire Date: Thu, 15 May 2025 20:11:49 +0800 Subject: [PATCH 0969/1176] build(seccomp): Add audit support for loong64 Co-authored-by: Rodrigo Campos Signed-off-by: jokemanfire --- libcontainer/seccomp/patchbpf/enosys_linux.go | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/libcontainer/seccomp/patchbpf/enosys_linux.go b/libcontainer/seccomp/patchbpf/enosys_linux.go index 86de3137855..e663fda3306 100644 --- a/libcontainer/seccomp/patchbpf/enosys_linux.go +++ b/libcontainer/seccomp/patchbpf/enosys_linux.go @@ -58,6 +58,14 @@ const uintptr_t C_FILTER_FLAG_NEW_LISTENER = SECCOMP_FILTER_FLAG_NEW_LISTENER; #define AUDIT_ARCH_RISCV64 (EM_RISCV|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) #endif +// TODO: If loongarch support is not fully merged, at some point we will want to remove this. +#ifndef AUDIT_ARCH_LOONGARCH64 +#ifndef EM_LOONGARCH +#define EM_LOONGARCH 258 +#endif +#define AUDIT_ARCH_LOONGARCH64 (EM_LOONGARCH|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) +#endif + // We use the AUDIT_ARCH_* values because those are the ones used by the kernel // and SCMP_ARCH_* sometimes has fake values (such as SCMP_ARCH_X32). But we // use so we get libseccomp's fallback definitions of AUDIT_ARCH_*. @@ -78,6 +86,7 @@ const uint32_t C_AUDIT_ARCH_PPC64LE = AUDIT_ARCH_PPC64LE; const uint32_t C_AUDIT_ARCH_S390 = AUDIT_ARCH_S390; const uint32_t C_AUDIT_ARCH_S390X = AUDIT_ARCH_S390X; const uint32_t C_AUDIT_ARCH_RISCV64 = AUDIT_ARCH_RISCV64; +const uint32_t C_AUDIT_ARCH_LOONGARCH64 = AUDIT_ARCH_LOONGARCH64; //nolint:godot // C code, not Go comment. */ import "C" @@ -217,6 +226,8 @@ func scmpArchToAuditArch(arch libseccomp.ScmpArch) (linuxAuditArch, error) { return linuxAuditArch(C.C_AUDIT_ARCH_S390X), nil case libseccomp.ArchRISCV64: return linuxAuditArch(C.C_AUDIT_ARCH_RISCV64), nil + case libseccomp.ArchLOONGARCH64: + return linuxAuditArch(C.C_AUDIT_ARCH_LOONGARCH64), nil default: return invalidArch, fmt.Errorf("unknown architecture: %v", arch) } From 6a0644df63c5d6dbb2e6acfbeb4bf8c52a77b787 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 16 Jul 2025 10:31:31 +0000 Subject: [PATCH 0970/1176] build(deps): bump golang.org/x/net from 0.41.0 to 0.42.0 Bumps [golang.org/x/net](https://github.com/golang/net) from 0.41.0 to 0.42.0. - [Commits](https://github.com/golang/net/compare/v0.41.0...v0.42.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-version: 0.42.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- vendor/modules.txt | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index 16502de7b3e..0016a75adbc 100644 --- a/go.mod +++ b/go.mod @@ -22,7 +22,7 @@ require ( github.com/urfave/cli v1.22.17 github.com/vishvananda/netlink v1.3.1 github.com/vishvananda/netns v0.0.5 - golang.org/x/net v0.41.0 + golang.org/x/net v0.42.0 golang.org/x/sys v0.34.0 google.golang.org/protobuf v1.36.6 ) diff --git a/go.sum b/go.sum index 87bb5a7f060..1e99cc4278f 100644 --- a/go.sum +++ b/go.sum @@ -77,8 +77,8 @@ github.com/vishvananda/netlink v1.3.1 h1:3AEMt62VKqz90r0tmNhog0r/PpWKmrEShJU0wJW github.com/vishvananda/netlink v1.3.1/go.mod h1:ARtKouGSTGchR8aMwmkzC0qiNPrrWO5JS/XMVl45+b4= github.com/vishvananda/netns v0.0.5 h1:DfiHV+j8bA32MFM7bfEunvT8IAqQ/NzSJHtcmW5zdEY= github.com/vishvananda/netns v0.0.5/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM= -golang.org/x/net v0.41.0 h1:vBTly1HeNPEn3wtREYfy4GZ/NECgw2Cnl+nK6Nz3uvw= -golang.org/x/net v0.41.0/go.mod h1:B/K4NNqkfmg07DQYrbwvSluqCJOOXwUjeb/5lOisjbA= +golang.org/x/net v0.42.0 h1:jzkYrhi3YQWD6MLBJcsklgQsoAcw89EcZbJw8Z614hs= +golang.org/x/net v0.42.0/go.mod h1:FF1RA5d3u7nAYA4z2TkclSCKh68eSXtiFwcWQpPXdt8= golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= diff --git a/vendor/modules.txt b/vendor/modules.txt index d7990d2a80f..a3b537e6348 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -91,7 +91,7 @@ github.com/vishvananda/netlink/nl # github.com/vishvananda/netns v0.0.5 ## explicit; go 1.17 github.com/vishvananda/netns -# golang.org/x/net v0.41.0 +# golang.org/x/net v0.42.0 ## explicit; go 1.23.0 golang.org/x/net/bpf # golang.org/x/sys v0.34.0 From 46dac589c1ed4b61c04660249f9a764735489260 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 14 Jul 2025 17:05:20 -0700 Subject: [PATCH 0971/1176] tests/int/update: fix getting block major Apparently, having a minor of 0 does not always mean it's the whole device (not a partition): === /proc/partitions (using major: 259) === major minor #blocks name 8 16 78643200 sdb 8 17 77593583 sdb1 8 30 4096 sdb14 8 31 108544 sdb15 259 0 934912 sdb16 8 0 78643200 sda 8 1 78641152 sda1 Rewrite the test to not assume minor is 0, and use lsblk -d to find out whole devices. This fixes a test case which was added in commit 7696402da. Signed-off-by: Kir Kolyshkin --- tests/integration/update.bats | 31 ++++++++++++++++--------------- 1 file changed, 16 insertions(+), 15 deletions(-) diff --git a/tests/integration/update.bats b/tests/integration/update.bats index 7ed1d8d206a..e3d1922efba 100644 --- a/tests/integration/update.bats +++ b/tests/integration/update.bats @@ -895,22 +895,23 @@ EOF @test "update per-device iops/bps values" { [ $EUID -ne 0 ] && requires rootless_cgroup - # We need a major number of any disk device. Usually those are partitioned, - # with the device itself having minor of 0, and partitions are 1, 2... - major=$(awk '$2 == 0 {print $1; exit}' /proc/partitions) - if [ "$major" = "0" ] || [ "$major" = "" ]; then - echo "=== /proc/partitions ===" - cat /proc/partitions - echo "===" - skip "can't get device major number from /proc/partitions (got $major)" + # Need major:minor for any block device (but not a partition). + dev=$(lsblk -dno MAJ:MIN | head -1 | tr -d ' \t\n') + if [ -z "$dev" ]; then + echo "=== lsblk -d ===" >&2 + lsblk -d >&2 + echo "===" >&2 + fail "can't get device from lsblk" fi + IFS=':' read -r major minor <<<"$dev" + # Add an entry to check that # - existing devices can be updated; # - duplicates are handled properly; # (see func upsert* in update.go). update_config ' .linux.resources.blockIO.throttleReadBpsDevice |= [ - { major: '"$major"', minor: 0, rate: 485760 }, - { major: '"$major"', minor: 0, rate: 485760 } + { major: '"$major"', minor: '"$minor"', rate: 485760 }, + { major: '"$major"', minor: '"$minor"', rate: 485760 } ]' runc run -d --console-socket "$CONSOLE_SOCKET" test_update @@ -922,28 +923,28 @@ EOF "throttleReadBpsDevice": [ { "major": $major, - "minor": 0, + "minor": $minor, "rate": 10485760 } ], "throttleWriteBpsDevice": [ { "major": $major, - "minor": 0, + "minor": $minor, "rate": 9437184 } ], "throttleReadIOPSDevice": [ { "major": $major, - "minor": 0, + "minor": $minor, "rate": 1000 } ], "throttleWriteIOPSDevice": [ { "major": $major, - "minor": 0, + "minor": $minor, "rate": 900 } ] @@ -951,5 +952,5 @@ EOF } EOF [ "$status" -eq 0 ] - check_cgroup_dev_iops "$major:0" 10485760 9437184 1000 900 + check_cgroup_dev_iops "$dev" 10485760 9437184 1000 900 } From 3620185d06b79da836559b75161027c6273fff7b Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Sun, 20 Jul 2025 15:30:28 +1000 Subject: [PATCH 0972/1176] rootfs: remove /proc/net/dev from allowed overmount list This was added in 2ee9cbbd120d ("It's /proc/stat, not /proc/stats") with no actual justification, and doesn't really make much sense on further inspection: * /proc/net is a symlink to "self/net", which means that /proc/net/dev is a per-process file, and so overmounting it would only affect pid1. Any other program that cares about /proc/net/dev would see their own process's configuration, and unprivileged processes wouldn't be able to see /proc/1/... data anyway. In addition, the fact that this is a symlink means that runc will deny the overmount because /proc/1/net/dev is not in the proc overmount allowlist. This means that this has not worked for many years, and probably never worked in the first place. * /proc/self/net is already namespaced with network namespaces, so the primary argument for allowing /proc overmounts (lxcfs-like masking of procfs files to emulate namespacing for files that are not properly namespaced for containers -- such as /proc/cpuinfo) is moot. It goes without saying that lxcfs has never overmounted /proc/self/net/... files, so the general "because lxcfs" justification doesn't hold water either. * The kernel has slowly been moving towards blocking overmounts in /proc/self/. Linux 6.12 blocked overmounts for fd, fdinfo, and map_files; future Linux versions will probably end up blocking everything under /proc/self/. Fixes: 2ee9cbbd120d ("It's /proc/stat, not /proc/stats") Signed-off-by: Aleksa Sarai --- libcontainer/rootfs_linux.go | 1 - 1 file changed, 1 deletion(-) diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index 7bff07b5916..fd9fdddcd05 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -840,7 +840,6 @@ func checkProcMount(rootfs, dest string, m mountEntry) error { "/proc/uptime", "/proc/loadavg", "/proc/slabinfo", - "/proc/net/dev", "/proc/sys/kernel/ns_last_pid", "/proc/sys/crypto/fips_enabled", } From 66a533eb3ef774e7c812960fb8d515a8c46ae249 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 10 Jul 2025 17:29:56 -0700 Subject: [PATCH 0973/1176] tests/int/events.bats: don't require root These tests should work as rootless as long as cgroup access works. Signed-off-by: Kir Kolyshkin --- tests/integration/events.bats | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/tests/integration/events.bats b/tests/integration/events.bats index cf42eaf55cd..ce37c04b73e 100644 --- a/tests/integration/events.bats +++ b/tests/integration/events.bats @@ -13,9 +13,8 @@ function teardown() { # This needs to be placed at the top of the bats file to work around # a shellcheck bug. See . function test_events() { - # XXX: currently cgroups require root containers. - requires root - init_cgroup_paths + [ $EUID -ne 0 ] && requires rootless_cgroup + set_cgroups_path local status interval retry_every=1 if [ $# -eq 2 ]; then @@ -45,8 +44,7 @@ function test_events() { } @test "events --stats" { - # XXX: currently cgroups require root containers. - requires root + [ $EUID -ne 0 ] && requires rootless_cgroup init_cgroup_paths # run busybox detached @@ -61,6 +59,7 @@ function test_events() { } @test "events --stats with psi data" { + # XXX: CPU PSI avg data only available to root. requires root cgroups_v2 psi init_cgroup_paths @@ -101,7 +100,7 @@ function test_events() { } @test "events oom" { - # XXX: currently cgroups require root containers. + # XXX: oom is not triggered for rootless containers. requires root cgroups_swap init_cgroup_paths From 1c2810be9e1277219fd6b181eb17870f5248ab3c Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 15 Jul 2025 19:14:44 -0700 Subject: [PATCH 0974/1176] ci: bump golangci-lint to v2.3.x Signed-off-by: Kir Kolyshkin --- .github/workflows/validate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 8532d0fc410..de47a2f5b25 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -41,7 +41,7 @@ jobs: sudo apt -qy install libseccomp-dev - uses: golangci/golangci-lint-action@v8 with: - version: v2.1 + version: v2.3 # Extra linters, only checking new code from a pull request. - name: lint-extra if: github.event_name == 'pull_request' From 1a26cf3a2360c0b4612ee1eadba738ce4750f414 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 24 Jul 2025 12:51:54 -0700 Subject: [PATCH 0975/1176] ci: speed up criu-dev install Employ shallow git clone and parallel build, speeding up build. Signed-off-by: Kir Kolyshkin --- .github/workflows/test.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 2b2ddf6bcde..d61efd151e1 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -125,8 +125,9 @@ jobs: sudo apt -qy install \ libcap-dev libnet1-dev libnl-3-dev uuid-dev \ libprotobuf-c-dev libprotobuf-dev protobuf-c-compiler protobuf-compiler - git clone https://github.com/checkpoint-restore/criu.git ~/criu - (cd ~/criu && git checkout ${{ matrix.criu }} && sudo make install-criu) + git clone --depth 1 --branch ${{ matrix.criu }} --single-branch \ + https://github.com/checkpoint-restore/criu.git ~/criu + (cd ~/criu && sudo make -j $(nproc) install-criu) rm -rf ~/criu - name: install go ${{ matrix.go-version }} From 7d2161f807773f3ef00a5b6b91d3e6ff2125116c Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 28 Jul 2025 16:55:52 -0700 Subject: [PATCH 0976/1176] setupIO: simplify getting net.UnixConn The typecast can't fail, so it doesn't make sense checking for errors here. Signed-off-by: Kir Kolyshkin --- utils_linux.go | 16 +++------------- 1 file changed, 3 insertions(+), 13 deletions(-) diff --git a/utils_linux.go b/utils_linux.go index 9c9e1e83b74..557aeee5bc9 100644 --- a/utils_linux.go +++ b/utils_linux.go @@ -121,12 +121,8 @@ func setupIO(process *libcontainer.Process, container *libcontainer.Container, c if err != nil { return nil, err } - uc, ok := conn.(*net.UnixConn) - if !ok { - return nil, errors.New("casting to UnixConn failed") - } - t.postStart = append(t.postStart, uc) - socket, err := uc.File() + t.postStart = append(t.postStart, conn) + socket, err := conn.(*net.UnixConn).File() if err != nil { return nil, err } @@ -432,13 +428,7 @@ func setupPidfdSocket(process *libcontainer.Process, sockpath string) (_clean fu return nil, fmt.Errorf("failed to dail %s: %w", sockpath, err) } - uc, ok := conn.(*net.UnixConn) - if !ok { - conn.Close() - return nil, errors.New("failed to cast to UnixConn") - } - - socket, err := uc.File() + socket, err := conn.(*net.UnixConn).File() if err != nil { conn.Close() return nil, fmt.Errorf("failed to dup socket: %w", err) From 87b8f974c8cfac25a9d4f8dd5fdef63f050a965b Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 28 Jul 2025 17:05:49 -0700 Subject: [PATCH 0977/1176] setupIO: close conn on error While it does not make much sense practically, as runc is going to exit soon and all fds will be closed anyway, various linters (including SVACE) keep reporting this. Let's make them happy. Reported-by: Tigran Sogomonian Reported-by: Mikhail Dmitrichenko Signed-off-by: Kir Kolyshkin --- utils_linux.go | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/utils_linux.go b/utils_linux.go index 557aeee5bc9..bd45bf05937 100644 --- a/utils_linux.go +++ b/utils_linux.go @@ -95,7 +95,7 @@ func newProcess(p *specs.Process) (*libcontainer.Process, error) { } // setupIO modifies the given process config according to the options. -func setupIO(process *libcontainer.Process, container *libcontainer.Container, createTTY, detach bool, sockpath string) (*tty, error) { +func setupIO(process *libcontainer.Process, container *libcontainer.Container, createTTY, detach bool, sockpath string) (_ *tty, Err error) { if createTTY { process.Stdin = nil process.Stdout = nil @@ -121,6 +121,11 @@ func setupIO(process *libcontainer.Process, container *libcontainer.Container, c if err != nil { return nil, err } + defer func() { + if Err != nil { + conn.Close() + } + }() t.postStart = append(t.postStart, conn) socket, err := conn.(*net.UnixConn).File() if err != nil { From 314dd812f520b5be5683f6282fb9d67161bc7f40 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 28 Jul 2025 16:57:03 -0700 Subject: [PATCH 0978/1176] tests/cmd: simplify getting net.UnixConn The typecast can't fail, so it doesn't make sense checking for errors here. Signed-off-by: Kir Kolyshkin --- tests/cmd/pidfd-kill/pidfd-kill.go | 7 +------ tests/cmd/recvtty/recvtty.go | 16 ++-------------- 2 files changed, 3 insertions(+), 20 deletions(-) diff --git a/tests/cmd/pidfd-kill/pidfd-kill.go b/tests/cmd/pidfd-kill/pidfd-kill.go index ea9a9df8d77..764fa883a2e 100644 --- a/tests/cmd/pidfd-kill/pidfd-kill.go +++ b/tests/cmd/pidfd-kill/pidfd-kill.go @@ -99,12 +99,7 @@ func recvPidfd(socketFile string) (*os.File, error) { } defer conn.Close() - unixconn, ok := conn.(*net.UnixConn) - if !ok { - return nil, errors.New("failed to cast to unixconn") - } - - socket, err := unixconn.File() + socket, err := conn.(*net.UnixConn).File() if err != nil { return nil, err } diff --git a/tests/cmd/recvtty/recvtty.go b/tests/cmd/recvtty/recvtty.go index 2c82665ab09..5e5720cc521 100644 --- a/tests/cmd/recvtty/recvtty.go +++ b/tests/cmd/recvtty/recvtty.go @@ -85,13 +85,7 @@ func handleSingle(path string, noStdin bool) error { // Close ln, to allow for other instances to take over. ln.Close() - // Get the fd of the connection. - unixconn, ok := conn.(*net.UnixConn) - if !ok { - return errors.New("failed to cast to unixconn") - } - - socket, err := unixconn.File() + socket, err := conn.(*net.UnixConn).File() if err != nil { return err } @@ -158,13 +152,7 @@ func handleNull(path string) error { // Don't leave references lying around. defer conn.Close() - // Get the fd of the connection. - unixconn, ok := conn.(*net.UnixConn) - if !ok { - return - } - - socket, err := unixconn.File() + socket, err := conn.(*net.UnixConn).File() if err != nil { return } From 57b6a317bb0ed7c7d2937b477ba9fb8a2ba50bae Mon Sep 17 00:00:00 2001 From: Markus Lehtonen Date: Thu, 31 Jul 2025 17:28:31 +0300 Subject: [PATCH 0979/1176] runc update: don't lose intelRdt state Prevent --l3-cache-schema from clearing the intel_rdt.memBwSchema state and --mem-bw-schema clearing l3_cache_schema, respectively. Signed-off-by: Markus Lehtonen --- update.go | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/update.go b/update.go index bc8ed13181d..d1697a6a7d0 100644 --- a/update.go +++ b/update.go @@ -387,8 +387,12 @@ other options are ignored. return err } } - config.IntelRdt.L3CacheSchema = l3CacheSchema - config.IntelRdt.MemBwSchema = memBwSchema + if l3CacheSchema != "" { + config.IntelRdt.L3CacheSchema = l3CacheSchema + } + if memBwSchema != "" { + config.IntelRdt.MemBwSchema = memBwSchema + } } // XXX(kolyshkin@): currently "runc update" is unable to change From e846add595b1d71a2792ce2a6cdfc05b4a57d853 Mon Sep 17 00:00:00 2001 From: Markus Lehtonen Date: Fri, 1 Aug 2025 09:57:00 +0300 Subject: [PATCH 0980/1176] libcontainer/configs/validate: check that intelrdt is enabled If intelRdt is specified in the spec, check that the resctrl fs is actually mounted. Fixes e.g. the case where "intelRdt.closID" is specified but runc silently ignores this if resctrl is not mounted. Signed-off-by: Markus Lehtonen --- libcontainer/configs/validate/validator.go | 4 ++++ libcontainer/intelrdt/intelrdt.go | 6 ++++++ 2 files changed, 10 insertions(+) diff --git a/libcontainer/configs/validate/validator.go b/libcontainer/configs/validate/validator.go index a9d03a2e202..9be17ba05a0 100644 --- a/libcontainer/configs/validate/validator.go +++ b/libcontainer/configs/validate/validator.go @@ -283,6 +283,10 @@ func sysctl(config *configs.Config) error { func intelrdtCheck(config *configs.Config) error { if config.IntelRdt != nil { + if !intelrdt.IsEnabled() { + return fmt.Errorf("intelRdt is specified in config, but Intel RDT is not enabled") + } + if config.IntelRdt.ClosID == "." || config.IntelRdt.ClosID == ".." || strings.Contains(config.IntelRdt.ClosID, "/") { return fmt.Errorf("invalid intelRdt.ClosID %q", config.IntelRdt.ClosID) } diff --git a/libcontainer/intelrdt/intelrdt.go b/libcontainer/intelrdt/intelrdt.go index 7d4b4d38a60..963ae28c35a 100644 --- a/libcontainer/intelrdt/intelrdt.go +++ b/libcontainer/intelrdt/intelrdt.go @@ -416,6 +416,12 @@ func WriteIntelRdtTasks(dir string, pid int) error { return nil } +// IsEnabled checks if Intel RDT is enabled. +func IsEnabled() bool { + fsroot, err := Root() + return err == nil && fsroot != "" +} + // IsCATEnabled checks if Intel RDT/CAT is enabled. func IsCATEnabled() bool { featuresInit() From 85801e845edcf594d0147c6746e655b2b23925df Mon Sep 17 00:00:00 2001 From: Markus Lehtonen Date: Thu, 31 Jul 2025 16:52:33 +0300 Subject: [PATCH 0981/1176] runc update: refuse to create new rdt group Error out --l3-cache-schema and --mem-bw-schema if the original spec didn't specify intelRdt which also means that no CLOS (resctrl group) was created for the container. This prevents serious issues in this corner case. First, a CLOS was created but the schemata of the CLOS was not correctly updated. Confusingly, calling runc update twice did the job: the first call created the resctrl group and the seccond call was able to update the schemata. This issue would be relatively easily fixable, though. Second, more severe issue is that creating new CLOSes this way caused them to be orphaned, not being removed when the container exists. This is caused by runc not capturing the updated state (original spec was intelRdt=nil -> no CLOS but after update this is not the case). The most severe problem is that the update only move (or tried to move) the original init process pid but all children escaped the update. Doing this (i.e. migrating all processes of a container from CLOS to another CLOS) reliably, race-free, would probably require freezing the container. Signed-off-by: Markus Lehtonen --- update.go | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/update.go b/update.go index d1697a6a7d0..8510c217cd5 100644 --- a/update.go +++ b/update.go @@ -12,7 +12,6 @@ import ( "github.com/sirupsen/logrus" "github.com/docker/go-units" - "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/intelrdt" "github.com/opencontainers/runtime-spec/specs-go" "github.com/urfave/cli" @@ -377,15 +376,7 @@ other options are ignored. // In update command, we could re-enable through IntelRdtManager.Apply() // and then update intelrdt constraint. if config.IntelRdt == nil { - state, err := container.State() - if err != nil { - return err - } - config.IntelRdt = &configs.IntelRdt{} - intelRdtManager := intelrdt.NewManager(&config, container.ID(), state.IntelRdtPath) - if err := intelRdtManager.Apply(state.InitProcessPid); err != nil { - return err - } + return errors.New("updating a non-existent Intel RDT configuration is not supported") } if l3CacheSchema != "" { config.IntelRdt.L3CacheSchema = l3CacheSchema From f73e28371f2886ba2d7fd9a563035330e3d18fec Mon Sep 17 00:00:00 2001 From: Markus Lehtonen Date: Fri, 1 Aug 2025 12:54:25 +0300 Subject: [PATCH 0982/1176] libcontainer/intelrdt: refactor path handling Also, use GetPath() in Apply to get the resctrl group path, similar to other methods of intelRdtManager. Signed-off-by: Markus Lehtonen --- libcontainer/intelrdt/intelrdt.go | 40 +++++++++++--------------- libcontainer/intelrdt/intelrdt_test.go | 5 ++-- 2 files changed, 19 insertions(+), 26 deletions(-) diff --git a/libcontainer/intelrdt/intelrdt.go b/libcontainer/intelrdt/intelrdt.go index 7d4b4d38a60..6e9bc3c8fac 100644 --- a/libcontainer/intelrdt/intelrdt.go +++ b/libcontainer/intelrdt/intelrdt.go @@ -159,10 +159,23 @@ func NewManager(config *configs.Config, id string, path string) *Manager { if config.IntelRdt == nil { return nil } - if _, err := Root(); err != nil { - // Intel RDT is not available. + + rootPath, err := Root() + if err != nil { return nil } + // NOTE: Should we check if the path provided as arg matches the path + // constructed below? If not, we're screwed as we've effectively lost resctrl + // control of the container (e.g. because the resctrl fs was unmounted or + // remounted elsewhere). All operations are deemed to fail. + if path == "" { + clos := id + if config.IntelRdt.ClosID != "" { + clos = config.IntelRdt.ClosID + } + path = filepath.Join(rootPath, clos) + } + return newManager(config, id, path) } @@ -428,21 +441,6 @@ func IsMBAEnabled() bool { return mbaEnabled } -// Get the path of the clos group in "resource control" filesystem that the container belongs to -func (m *Manager) getIntelRdtPath() (string, error) { - rootPath, err := Root() - if err != nil { - return "", err - } - - clos := m.id - if m.config.IntelRdt != nil && m.config.IntelRdt.ClosID != "" { - clos = m.config.IntelRdt.ClosID - } - - return filepath.Join(rootPath, clos), nil -} - // Apply applies Intel RDT configuration to the process with the specified pid. func (m *Manager) Apply(pid int) (err error) { // If intelRdt is not specified in config, we do nothing @@ -450,10 +448,7 @@ func (m *Manager) Apply(pid int) (err error) { return nil } - path, err := m.getIntelRdtPath() - if err != nil { - return err - } + path := m.GetPath() m.mu.Lock() defer m.mu.Unlock() @@ -497,9 +492,6 @@ func (m *Manager) Destroy() error { // GetPath returns Intel RDT path to save in a state file and to be able to // restore the object later. func (m *Manager) GetPath() string { - if m.path == "" { - m.path, _ = m.getIntelRdtPath() - } return m.path } diff --git a/libcontainer/intelrdt/intelrdt_test.go b/libcontainer/intelrdt/intelrdt_test.go index c127cd8f7c6..114499f82f3 100644 --- a/libcontainer/intelrdt/intelrdt_test.go +++ b/libcontainer/intelrdt/intelrdt_test.go @@ -101,13 +101,14 @@ func TestApply(t *testing.T) { helper := NewIntelRdtTestUtil(t) const closID = "test-clos" + closPath := filepath.Join(helper.IntelRdtPath, closID) helper.config.IntelRdt.ClosID = closID - intelrdt := newManager(helper.config, "", helper.IntelRdtPath) + intelrdt := newManager(helper.config, "container-1", closPath) if err := intelrdt.Apply(1234); err == nil { t.Fatal("unexpected success when applying pid") } - if _, err := os.Stat(filepath.Join(helper.IntelRdtPath, closID)); err == nil { + if _, err := os.Stat(closPath); err == nil { t.Fatal("closid dir should not exist") } From ceef984fb3b2baa7ec54ff4e5092fe2db123bcf5 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Thu, 31 Jul 2025 10:23:59 +1000 Subject: [PATCH 0983/1176] tests: clean up loopback devices properly If an error occurs during a test which sets up loopback devices, the loopback device is not freed. Since most systems have very conservative limits on the number of loopback devices, re-running a failing test locally to debug it often ends up erroring out due to loopback device exhaustion. So let's just move the "losetup -d" to teardown, where it belongs. Signed-off-by: Aleksa Sarai --- tests/integration/cgroups.bats | 20 ++++---------------- tests/integration/helpers.bash | 23 +++++++++++++++++++++++ 2 files changed, 27 insertions(+), 16 deletions(-) diff --git a/tests/integration/cgroups.bats b/tests/integration/cgroups.bats index 8ef7d081169..c2b1b84604b 100644 --- a/tests/integration/cgroups.bats +++ b/tests/integration/cgroups.bats @@ -4,6 +4,7 @@ load helpers function teardown() { teardown_bundle + teardown_loopdevs } function setup() { @@ -153,13 +154,11 @@ function setup() { @test "runc run (per-device io weight for bfq)" { requires root # to create a loop device - dd if=/dev/zero of=backing.img bs=4096 count=1 - dev=$(losetup --find --show backing.img) || skip "unable to create a loop device" + dev="$(setup_loopdev)" # See if BFQ scheduler is available. if ! { grep -qw bfq "/sys/block/${dev#/dev/}/queue/scheduler" && echo bfq >"/sys/block/${dev#/dev/}/queue/scheduler"; }; then - losetup -d "$dev" skip "BFQ scheduler not available" fi @@ -198,9 +197,6 @@ function setup() { EOF weights2=$(get_cgroup_value $file) - # The loop device itself is no longer needed. - losetup -d "$dev" - # Check original values. grep '^default 333$' <<<"$weights1" grep "^$major:$minor 444$" <<<"$weights1" @@ -213,12 +209,8 @@ EOF @test "runc run (per-device multiple iops via unified)" { requires root cgroups_v2 - dd if=/dev/zero of=backing1.img bs=4096 count=1 - dev1=$(losetup --find --show backing1.img) || skip "unable to create a loop device" - - # Second device. - dd if=/dev/zero of=backing2.img bs=4096 count=1 - dev2=$(losetup --find --show backing2.img) || skip "unable to create a loop device" + dev1="$(setup_loopdev)" + dev2="$(setup_loopdev)" set_cgroups_path @@ -233,10 +225,6 @@ EOF runc run -d --console-socket "$CONSOLE_SOCKET" test_dev_weight [ "$status" -eq 0 ] - # The loop devices are no longer needed. - losetup -d "$dev1" - losetup -d "$dev2" - weights=$(get_cgroup_value "io.max") grep "^$major1:$minor1 .* riops=333 wiops=444$" <<<"$weights" grep "^$major2:$minor2 .* riops=555 wiops=666$" <<<"$weights" diff --git a/tests/integration/helpers.bash b/tests/integration/helpers.bash index e0397bcc6d4..4e8e070628e 100755 --- a/tests/integration/helpers.bash +++ b/tests/integration/helpers.bash @@ -791,6 +791,29 @@ function teardown_seccompagent() { rm -f "$SECCCOMP_AGENT_SOCKET" } +LOOPBACK_DEVICE_LIST="$(mktemp "$BATS_TMPDIR/losetup.XXXXXX")" + +function setup_loopdev() { + local backing dev + backing="$(mktemp "$BATS_RUN_TMPDIR/backing.img.XXXXXX")" + truncate --size=4K "$backing" + + dev="$(losetup --find --show "$backing")" || skip "unable to create a loop device" + echo "$dev" >>"$LOOPBACK_DEVICE_LIST" + + unlink "$backing" + echo "$dev" +} + +function teardown_loopdevs() { + [ -s "$LOOPBACK_DEVICE_LIST" ] || return 0 + while IFS= read -r dev; do + echo "losetup -d '$dev'" >&2 + losetup -d "$dev" + done <"$LOOPBACK_DEVICE_LIST" + truncate --size=0 "$LOOPBACK_DEVICE_LIST" +} + function setup_bundle() { local image="$1" From e6b4b5a12843ed5ea82fb2c24d1a1a028ea9a63b Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Thu, 31 Jul 2025 13:26:41 +1000 Subject: [PATCH 0984/1176] tests: bfq: skip tests on misbehaving udev systems openSUSE has an unfortunate default udev setup which forcefully sets all loop devices to use the "none" scheduler, even if you manually set it. As this is a property of the host configuration (and udev is monitoring from the host) we cannot really change this behaviour from inside our test container. So we should just skip the test in this (hopefully unusual) case. Ideally tools running the test suite should disable this behaviour when running our test suite. Signed-off-by: Aleksa Sarai --- tests/integration/cgroups.bats | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/tests/integration/cgroups.bats b/tests/integration/cgroups.bats index c2b1b84604b..082d48cc745 100644 --- a/tests/integration/cgroups.bats +++ b/tests/integration/cgroups.bats @@ -156,12 +156,26 @@ function setup() { dev="$(setup_loopdev)" + # Some distributions (like openSUSE) have udev configured to forcefully + # reset the scheduler for loopN devices to be "none", which breaks this + # test. We cannot modify the udev behaviour of the host, but since this is + # usually triggered by the "change" event from losetup, we can wait for a + # little bit before continuing the test. For more details, see + # . + sleep 2s + # See if BFQ scheduler is available. if ! { grep -qw bfq "/sys/block/${dev#/dev/}/queue/scheduler" && echo bfq >"/sys/block/${dev#/dev/}/queue/scheduler"; }; then skip "BFQ scheduler not available" fi + # Check that the device still has the right scheduler, in case we lost the + # race above... + if ! grep -qw '\[bfq\]' "/sys/block/${dev#/dev/}/queue/scheduler"; then + skip "udev is configured to reset loop device io scheduler" + fi + set_cgroups_path IFS=$' \t:' read -r major minor <<<"$(lsblk -nd -o MAJ:MIN "$dev")" From 3a962655f88bd123bd4027f06323a3184d2fd8a8 Mon Sep 17 00:00:00 2001 From: Markus Lehtonen Date: Mon, 4 Aug 2025 09:40:18 +0300 Subject: [PATCH 0985/1176] libcontainer/intelrdt: use SecureJoin in NewManager Protects against invalid (non-validated) CLOS names. Signed-off-by: Markus Lehtonen --- libcontainer/intelrdt/intelrdt.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libcontainer/intelrdt/intelrdt.go b/libcontainer/intelrdt/intelrdt.go index 6e9bc3c8fac..d9c1b7234fc 100644 --- a/libcontainer/intelrdt/intelrdt.go +++ b/libcontainer/intelrdt/intelrdt.go @@ -10,6 +10,7 @@ import ( "strings" "sync" + securejoin "github.com/cyphar/filepath-securejoin" "github.com/moby/sys/mountinfo" "golang.org/x/sys/unix" @@ -173,7 +174,9 @@ func NewManager(config *configs.Config, id string, path string) *Manager { if config.IntelRdt.ClosID != "" { clos = config.IntelRdt.ClosID } - path = filepath.Join(rootPath, clos) + if path, err = securejoin.SecureJoin(rootPath, clos); err != nil { + return nil + } } return newManager(config, id, path) From 3b533b23a674694872490e3cfbc5b76a12368b38 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 4 Aug 2025 16:46:26 -0700 Subject: [PATCH 0986/1176] script/lib.sh: remove obsoleted comment Since commit 871057d8 we no longer have cc_platform.mk. Signed-off-by: Kir Kolyshkin --- script/lib.sh | 2 -- 1 file changed, 2 deletions(-) diff --git a/script/lib.sh b/script/lib.sh index 8ba99a995d3..9e4139756a3 100644 --- a/script/lib.sh +++ b/script/lib.sh @@ -1,7 +1,5 @@ #!/bin/bash -# NOTE: Make sure you keep this file in sync with cc_platform.mk. - # set_cross_vars sets a few environment variables used for cross-compiling, # based on the architecture specified in $1. function set_cross_vars() { From f6a52d7f5f0f28e8204e7fb3e86d582d07e48cda Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 6 Aug 2025 03:34:49 +0000 Subject: [PATCH 0987/1176] build(deps): bump github.com/seccomp/libseccomp-golang Bumps [github.com/seccomp/libseccomp-golang](https://github.com/seccomp/libseccomp-golang) from 0.11.0 to 0.11.1. - [Release notes](https://github.com/seccomp/libseccomp-golang/releases) - [Changelog](https://github.com/seccomp/libseccomp-golang/blob/main/CHANGELOG) - [Commits](https://github.com/seccomp/libseccomp-golang/compare/v0.11.0...v0.11.1) --- updated-dependencies: - dependency-name: github.com/seccomp/libseccomp-golang dependency-version: 0.11.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- vendor/github.com/seccomp/libseccomp-golang/CHANGELOG | 3 +++ vendor/github.com/seccomp/libseccomp-golang/seccomp.go | 2 +- vendor/modules.txt | 2 +- 5 files changed, 8 insertions(+), 5 deletions(-) diff --git a/go.mod b/go.mod index 0016a75adbc..6abf46cf02b 100644 --- a/go.mod +++ b/go.mod @@ -17,7 +17,7 @@ require ( github.com/opencontainers/cgroups v0.0.4 github.com/opencontainers/runtime-spec v1.2.2-0.20250401095657-e935f995dd67 github.com/opencontainers/selinux v1.12.0 - github.com/seccomp/libseccomp-golang v0.11.0 + github.com/seccomp/libseccomp-golang v0.11.1 github.com/sirupsen/logrus v1.9.3 github.com/urfave/cli v1.22.17 github.com/vishvananda/netlink v1.3.1 diff --git a/go.sum b/go.sum index 1e99cc4278f..c7871f71a38 100644 --- a/go.sum +++ b/go.sum @@ -57,8 +57,8 @@ github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDN github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA= github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= -github.com/seccomp/libseccomp-golang v0.11.0 h1:SDkcBRqGLP+sezmMACkxO1EfgbghxIxnRKfd6mHUEis= -github.com/seccomp/libseccomp-golang v0.11.0/go.mod h1:5m1Lk8E9OwgZTTVz4bBOer7JuazaBa+xTkM895tDiWc= +github.com/seccomp/libseccomp-golang v0.11.1 h1:wuk4ZjSx6kyQII4rj6G6fvVzRHQaSiPvccJazDagu4g= +github.com/seccomp/libseccomp-golang v0.11.1/go.mod h1:5m1Lk8E9OwgZTTVz4bBOer7JuazaBa+xTkM895tDiWc= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= diff --git a/vendor/github.com/seccomp/libseccomp-golang/CHANGELOG b/vendor/github.com/seccomp/libseccomp-golang/CHANGELOG index db83e1c91e3..9e108660e54 100644 --- a/vendor/github.com/seccomp/libseccomp-golang/CHANGELOG +++ b/vendor/github.com/seccomp/libseccomp-golang/CHANGELOG @@ -2,6 +2,9 @@ libseccomp-golang: Releases =============================================================================== https://github.com/seccomp/libseccomp-golang +* Version 0.11.1 - August 5, 2025 +- Make GetArchFromString recognize "loong64" + * Version 0.11.0 - April 23, 2025 - Add new architectures (LOONGARCH64, M68K, SH, SHEB) - Add support for SCMP_FLTATR_CTL_WAITKILL (GetWaitKill, SetWaitKill) diff --git a/vendor/github.com/seccomp/libseccomp-golang/seccomp.go b/vendor/github.com/seccomp/libseccomp-golang/seccomp.go index 4ce3dd4e088..6f09b336db5 100644 --- a/vendor/github.com/seccomp/libseccomp-golang/seccomp.go +++ b/vendor/github.com/seccomp/libseccomp-golang/seccomp.go @@ -330,7 +330,7 @@ func GetArchFromString(arch string) (ScmpArch, error) { return ArchPARISC64, nil case "riscv64": return ArchRISCV64, nil - case "loongarch64": + case "loong64", "loongarch64": return ArchLOONGARCH64, nil case "m68k": return ArchM68K, nil diff --git a/vendor/modules.txt b/vendor/modules.txt index a3b537e6348..0fe34b46a41 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -74,7 +74,7 @@ github.com/opencontainers/selinux/pkg/pwalkdir # github.com/russross/blackfriday/v2 v2.1.0 ## explicit github.com/russross/blackfriday/v2 -# github.com/seccomp/libseccomp-golang v0.11.0 +# github.com/seccomp/libseccomp-golang v0.11.1 ## explicit; go 1.19 github.com/seccomp/libseccomp-golang # github.com/sirupsen/logrus v1.9.3 From 620956c21c9449710c44eb582b7b5c0c60a5a061 Mon Sep 17 00:00:00 2001 From: Markus Lehtonen Date: Wed, 6 Aug 2025 09:22:11 +0300 Subject: [PATCH 0988/1176] libcontainer/intelrdt: use Mkdir/Remove instead of MkdirAll/RemoveAll The more restricted Mkdir and Rmdir are sufficient in resctrl fs. Signed-off-by: Markus Lehtonen --- libcontainer/intelrdt/intelrdt.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libcontainer/intelrdt/intelrdt.go b/libcontainer/intelrdt/intelrdt.go index 963ae28c35a..3a1521cc0f8 100644 --- a/libcontainer/intelrdt/intelrdt.go +++ b/libcontainer/intelrdt/intelrdt.go @@ -472,7 +472,7 @@ func (m *Manager) Apply(pid int) (err error) { } } - if err := os.MkdirAll(path, 0o755); err != nil { + if err := os.Mkdir(path, 0o755); err != nil && !os.IsExist(err) { return newLastCmdError(err) } @@ -492,7 +492,7 @@ func (m *Manager) Destroy() error { if m.config.IntelRdt != nil && m.config.IntelRdt.ClosID == "" { m.mu.Lock() defer m.mu.Unlock() - if err := os.RemoveAll(m.GetPath()); err != nil { + if err := os.Remove(m.GetPath()); err != nil && !os.IsNotExist(err) { return err } m.path = "" From bf33fe5fdb5c83704854cf7ecd63301a73a5b314 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 8 Aug 2025 04:33:24 +0000 Subject: [PATCH 0989/1176] build(deps): bump google.golang.org/protobuf from 1.36.6 to 1.36.7 Bumps google.golang.org/protobuf from 1.36.6 to 1.36.7. --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-version: 1.36.7 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 +- .../protobuf/encoding/protowire/wire.go | 26 ++++- .../editiondefaults/editions_defaults.binpb | Bin 146 -> 154 bytes .../protobuf/internal/filedesc/editions.go | 3 + .../protobuf/internal/filedesc/presence.go | 33 +++++++ .../protobuf/internal/genid/descriptor_gen.go | 90 +++++++++++++----- .../internal/impl/codec_message_opaque.go | 3 +- .../protobuf/internal/impl/message_opaque.go | 45 ++------- .../protobuf/internal/impl/presence.go | 3 - .../protobuf/internal/version/version.go | 2 +- .../reflect/protoreflect/source_gen.go | 8 ++ vendor/modules.txt | 2 +- 13 files changed, 152 insertions(+), 69 deletions(-) create mode 100644 vendor/google.golang.org/protobuf/internal/filedesc/presence.go diff --git a/go.mod b/go.mod index 6abf46cf02b..5ab9d344d7b 100644 --- a/go.mod +++ b/go.mod @@ -24,7 +24,7 @@ require ( github.com/vishvananda/netns v0.0.5 golang.org/x/net v0.42.0 golang.org/x/sys v0.34.0 - google.golang.org/protobuf v1.36.6 + google.golang.org/protobuf v1.36.7 ) require ( diff --git a/go.sum b/go.sum index c7871f71a38..6c468d94caa 100644 --- a/go.sum +++ b/go.sum @@ -87,8 +87,8 @@ golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.34.0 h1:H5Y5sJ2L2JRdyv7ROF1he/lPdvFsd0mJHFw2ThKHxLA= golang.org/x/sys v0.34.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= -google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY= -google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY= +google.golang.org/protobuf v1.36.7 h1:IgrO7UwFQGJdRNXH/sQux4R1Dj1WAKcLElzeeRaXV2A= +google.golang.org/protobuf v1.36.7/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/vendor/google.golang.org/protobuf/encoding/protowire/wire.go b/vendor/google.golang.org/protobuf/encoding/protowire/wire.go index e942bc983ee..743bfb81d6c 100644 --- a/vendor/google.golang.org/protobuf/encoding/protowire/wire.go +++ b/vendor/google.golang.org/protobuf/encoding/protowire/wire.go @@ -371,7 +371,31 @@ func ConsumeVarint(b []byte) (v uint64, n int) { func SizeVarint(v uint64) int { // This computes 1 + (bits.Len64(v)-1)/7. // 9/64 is a good enough approximation of 1/7 - return int(9*uint32(bits.Len64(v))+64) / 64 + // + // The Go compiler can translate the bits.LeadingZeros64 call into the LZCNT + // instruction, which is very fast on CPUs from the last few years. The + // specific way of expressing the calculation matches C++ Protobuf, see + // https://godbolt.org/z/4P3h53oM4 for the C++ code and how gcc/clang + // optimize that function for GOAMD64=v1 and GOAMD64=v3 (-march=haswell). + + // By OR'ing v with 1, we guarantee that v is never 0, without changing the + // result of SizeVarint. LZCNT is not defined for 0, meaning the compiler + // needs to add extra instructions to handle that case. + // + // The Go compiler currently (go1.24.4) does not make use of this knowledge. + // This opportunity (removing the XOR instruction, which handles the 0 case) + // results in a small (1%) performance win across CPU architectures. + // + // Independently of avoiding the 0 case, we need the v |= 1 line because + // it allows the Go compiler to eliminate an extra XCHGL barrier. + v |= 1 + + // It would be clearer to write log2value := 63 - uint32(...), but + // writing uint32(...) ^ 63 is much more efficient (-14% ARM, -20% Intel). + // Proof of identity for our value range [0..63]: + // https://go.dev/play/p/Pdn9hEWYakX + log2value := uint32(bits.LeadingZeros64(v)) ^ 63 + return int((log2value*9 + (64 + 9)) / 64) } // AppendFixed32 appends v to b as a little-endian uint32. diff --git a/vendor/google.golang.org/protobuf/internal/editiondefaults/editions_defaults.binpb b/vendor/google.golang.org/protobuf/internal/editiondefaults/editions_defaults.binpb index 323829da1477e4496d664b2a1092a9f9cec275d4..04696351eeeef14cbbd69fd1f4250530b1fbfd56 100644 GIT binary patch literal 154 zcmX}mI}(5(3Eat$;}$;v literal 146 zcmX}mF%Ezr3X5(&e%rBRTLK{CjOa+)E@2mYkk=mEF7 B6)FG# diff --git a/vendor/google.golang.org/protobuf/internal/filedesc/editions.go b/vendor/google.golang.org/protobuf/internal/filedesc/editions.go index b08b71830c6..a0aad2777f3 100644 --- a/vendor/google.golang.org/protobuf/internal/filedesc/editions.go +++ b/vendor/google.golang.org/protobuf/internal/filedesc/editions.go @@ -72,6 +72,9 @@ func unmarshalFeatureSet(b []byte, parent EditionFeatures) EditionFeatures { case genid.FeatureSet_EnforceNamingStyle_field_number: // EnforceNamingStyle is enforced in protoc, languages other than C++ // are not supposed to do anything with this feature. + case genid.FeatureSet_DefaultSymbolVisibility_field_number: + // DefaultSymbolVisibility is enforced in protoc, runtimes should not + // inspect this value. default: panic(fmt.Sprintf("unkown field number %d while unmarshalling FeatureSet", num)) } diff --git a/vendor/google.golang.org/protobuf/internal/filedesc/presence.go b/vendor/google.golang.org/protobuf/internal/filedesc/presence.go new file mode 100644 index 00000000000..a12ec9791cb --- /dev/null +++ b/vendor/google.golang.org/protobuf/internal/filedesc/presence.go @@ -0,0 +1,33 @@ +// Copyright 2025 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package filedesc + +import "google.golang.org/protobuf/reflect/protoreflect" + +// UsePresenceForField reports whether the presence bitmap should be used for +// the specified field. +func UsePresenceForField(fd protoreflect.FieldDescriptor) (usePresence, canBeLazy bool) { + switch { + case fd.ContainingOneof() != nil && !fd.ContainingOneof().IsSynthetic(): + // Oneof fields never use the presence bitmap. + // + // Synthetic oneofs are an exception: Those are used to implement proto3 + // optional fields and hence should follow non-oneof field semantics. + return false, false + + case fd.IsMap(): + // Map-typed fields never use the presence bitmap. + return false, false + + case fd.Kind() == protoreflect.MessageKind || fd.Kind() == protoreflect.GroupKind: + // Lazy fields always use the presence bitmap (only messages can be lazy). + isLazy := fd.(interface{ IsLazy() bool }).IsLazy() + return isLazy, isLazy + + default: + // If the field has presence, use the presence bitmap. + return fd.HasPresence(), false + } +} diff --git a/vendor/google.golang.org/protobuf/internal/genid/descriptor_gen.go b/vendor/google.golang.org/protobuf/internal/genid/descriptor_gen.go index 39524782add..950a6a325a4 100644 --- a/vendor/google.golang.org/protobuf/internal/genid/descriptor_gen.go +++ b/vendor/google.golang.org/protobuf/internal/genid/descriptor_gen.go @@ -34,6 +34,19 @@ const ( Edition_EDITION_MAX_enum_value = 2147483647 ) +// Full and short names for google.protobuf.SymbolVisibility. +const ( + SymbolVisibility_enum_fullname = "google.protobuf.SymbolVisibility" + SymbolVisibility_enum_name = "SymbolVisibility" +) + +// Enum values for google.protobuf.SymbolVisibility. +const ( + SymbolVisibility_VISIBILITY_UNSET_enum_value = 0 + SymbolVisibility_VISIBILITY_LOCAL_enum_value = 1 + SymbolVisibility_VISIBILITY_EXPORT_enum_value = 2 +) + // Names for google.protobuf.FileDescriptorSet. const ( FileDescriptorSet_message_name protoreflect.Name = "FileDescriptorSet" @@ -65,6 +78,7 @@ const ( FileDescriptorProto_Dependency_field_name protoreflect.Name = "dependency" FileDescriptorProto_PublicDependency_field_name protoreflect.Name = "public_dependency" FileDescriptorProto_WeakDependency_field_name protoreflect.Name = "weak_dependency" + FileDescriptorProto_OptionDependency_field_name protoreflect.Name = "option_dependency" FileDescriptorProto_MessageType_field_name protoreflect.Name = "message_type" FileDescriptorProto_EnumType_field_name protoreflect.Name = "enum_type" FileDescriptorProto_Service_field_name protoreflect.Name = "service" @@ -79,6 +93,7 @@ const ( FileDescriptorProto_Dependency_field_fullname protoreflect.FullName = "google.protobuf.FileDescriptorProto.dependency" FileDescriptorProto_PublicDependency_field_fullname protoreflect.FullName = "google.protobuf.FileDescriptorProto.public_dependency" FileDescriptorProto_WeakDependency_field_fullname protoreflect.FullName = "google.protobuf.FileDescriptorProto.weak_dependency" + FileDescriptorProto_OptionDependency_field_fullname protoreflect.FullName = "google.protobuf.FileDescriptorProto.option_dependency" FileDescriptorProto_MessageType_field_fullname protoreflect.FullName = "google.protobuf.FileDescriptorProto.message_type" FileDescriptorProto_EnumType_field_fullname protoreflect.FullName = "google.protobuf.FileDescriptorProto.enum_type" FileDescriptorProto_Service_field_fullname protoreflect.FullName = "google.protobuf.FileDescriptorProto.service" @@ -96,6 +111,7 @@ const ( FileDescriptorProto_Dependency_field_number protoreflect.FieldNumber = 3 FileDescriptorProto_PublicDependency_field_number protoreflect.FieldNumber = 10 FileDescriptorProto_WeakDependency_field_number protoreflect.FieldNumber = 11 + FileDescriptorProto_OptionDependency_field_number protoreflect.FieldNumber = 15 FileDescriptorProto_MessageType_field_number protoreflect.FieldNumber = 4 FileDescriptorProto_EnumType_field_number protoreflect.FieldNumber = 5 FileDescriptorProto_Service_field_number protoreflect.FieldNumber = 6 @@ -124,6 +140,7 @@ const ( DescriptorProto_Options_field_name protoreflect.Name = "options" DescriptorProto_ReservedRange_field_name protoreflect.Name = "reserved_range" DescriptorProto_ReservedName_field_name protoreflect.Name = "reserved_name" + DescriptorProto_Visibility_field_name protoreflect.Name = "visibility" DescriptorProto_Name_field_fullname protoreflect.FullName = "google.protobuf.DescriptorProto.name" DescriptorProto_Field_field_fullname protoreflect.FullName = "google.protobuf.DescriptorProto.field" @@ -135,6 +152,7 @@ const ( DescriptorProto_Options_field_fullname protoreflect.FullName = "google.protobuf.DescriptorProto.options" DescriptorProto_ReservedRange_field_fullname protoreflect.FullName = "google.protobuf.DescriptorProto.reserved_range" DescriptorProto_ReservedName_field_fullname protoreflect.FullName = "google.protobuf.DescriptorProto.reserved_name" + DescriptorProto_Visibility_field_fullname protoreflect.FullName = "google.protobuf.DescriptorProto.visibility" ) // Field numbers for google.protobuf.DescriptorProto. @@ -149,6 +167,7 @@ const ( DescriptorProto_Options_field_number protoreflect.FieldNumber = 7 DescriptorProto_ReservedRange_field_number protoreflect.FieldNumber = 9 DescriptorProto_ReservedName_field_number protoreflect.FieldNumber = 10 + DescriptorProto_Visibility_field_number protoreflect.FieldNumber = 11 ) // Names for google.protobuf.DescriptorProto.ExtensionRange. @@ -388,12 +407,14 @@ const ( EnumDescriptorProto_Options_field_name protoreflect.Name = "options" EnumDescriptorProto_ReservedRange_field_name protoreflect.Name = "reserved_range" EnumDescriptorProto_ReservedName_field_name protoreflect.Name = "reserved_name" + EnumDescriptorProto_Visibility_field_name protoreflect.Name = "visibility" EnumDescriptorProto_Name_field_fullname protoreflect.FullName = "google.protobuf.EnumDescriptorProto.name" EnumDescriptorProto_Value_field_fullname protoreflect.FullName = "google.protobuf.EnumDescriptorProto.value" EnumDescriptorProto_Options_field_fullname protoreflect.FullName = "google.protobuf.EnumDescriptorProto.options" EnumDescriptorProto_ReservedRange_field_fullname protoreflect.FullName = "google.protobuf.EnumDescriptorProto.reserved_range" EnumDescriptorProto_ReservedName_field_fullname protoreflect.FullName = "google.protobuf.EnumDescriptorProto.reserved_name" + EnumDescriptorProto_Visibility_field_fullname protoreflect.FullName = "google.protobuf.EnumDescriptorProto.visibility" ) // Field numbers for google.protobuf.EnumDescriptorProto. @@ -403,6 +424,7 @@ const ( EnumDescriptorProto_Options_field_number protoreflect.FieldNumber = 3 EnumDescriptorProto_ReservedRange_field_number protoreflect.FieldNumber = 4 EnumDescriptorProto_ReservedName_field_number protoreflect.FieldNumber = 5 + EnumDescriptorProto_Visibility_field_number protoreflect.FieldNumber = 6 ) // Names for google.protobuf.EnumDescriptorProto.EnumReservedRange. @@ -1008,32 +1030,35 @@ const ( // Field names for google.protobuf.FeatureSet. const ( - FeatureSet_FieldPresence_field_name protoreflect.Name = "field_presence" - FeatureSet_EnumType_field_name protoreflect.Name = "enum_type" - FeatureSet_RepeatedFieldEncoding_field_name protoreflect.Name = "repeated_field_encoding" - FeatureSet_Utf8Validation_field_name protoreflect.Name = "utf8_validation" - FeatureSet_MessageEncoding_field_name protoreflect.Name = "message_encoding" - FeatureSet_JsonFormat_field_name protoreflect.Name = "json_format" - FeatureSet_EnforceNamingStyle_field_name protoreflect.Name = "enforce_naming_style" - - FeatureSet_FieldPresence_field_fullname protoreflect.FullName = "google.protobuf.FeatureSet.field_presence" - FeatureSet_EnumType_field_fullname protoreflect.FullName = "google.protobuf.FeatureSet.enum_type" - FeatureSet_RepeatedFieldEncoding_field_fullname protoreflect.FullName = "google.protobuf.FeatureSet.repeated_field_encoding" - FeatureSet_Utf8Validation_field_fullname protoreflect.FullName = "google.protobuf.FeatureSet.utf8_validation" - FeatureSet_MessageEncoding_field_fullname protoreflect.FullName = "google.protobuf.FeatureSet.message_encoding" - FeatureSet_JsonFormat_field_fullname protoreflect.FullName = "google.protobuf.FeatureSet.json_format" - FeatureSet_EnforceNamingStyle_field_fullname protoreflect.FullName = "google.protobuf.FeatureSet.enforce_naming_style" + FeatureSet_FieldPresence_field_name protoreflect.Name = "field_presence" + FeatureSet_EnumType_field_name protoreflect.Name = "enum_type" + FeatureSet_RepeatedFieldEncoding_field_name protoreflect.Name = "repeated_field_encoding" + FeatureSet_Utf8Validation_field_name protoreflect.Name = "utf8_validation" + FeatureSet_MessageEncoding_field_name protoreflect.Name = "message_encoding" + FeatureSet_JsonFormat_field_name protoreflect.Name = "json_format" + FeatureSet_EnforceNamingStyle_field_name protoreflect.Name = "enforce_naming_style" + FeatureSet_DefaultSymbolVisibility_field_name protoreflect.Name = "default_symbol_visibility" + + FeatureSet_FieldPresence_field_fullname protoreflect.FullName = "google.protobuf.FeatureSet.field_presence" + FeatureSet_EnumType_field_fullname protoreflect.FullName = "google.protobuf.FeatureSet.enum_type" + FeatureSet_RepeatedFieldEncoding_field_fullname protoreflect.FullName = "google.protobuf.FeatureSet.repeated_field_encoding" + FeatureSet_Utf8Validation_field_fullname protoreflect.FullName = "google.protobuf.FeatureSet.utf8_validation" + FeatureSet_MessageEncoding_field_fullname protoreflect.FullName = "google.protobuf.FeatureSet.message_encoding" + FeatureSet_JsonFormat_field_fullname protoreflect.FullName = "google.protobuf.FeatureSet.json_format" + FeatureSet_EnforceNamingStyle_field_fullname protoreflect.FullName = "google.protobuf.FeatureSet.enforce_naming_style" + FeatureSet_DefaultSymbolVisibility_field_fullname protoreflect.FullName = "google.protobuf.FeatureSet.default_symbol_visibility" ) // Field numbers for google.protobuf.FeatureSet. const ( - FeatureSet_FieldPresence_field_number protoreflect.FieldNumber = 1 - FeatureSet_EnumType_field_number protoreflect.FieldNumber = 2 - FeatureSet_RepeatedFieldEncoding_field_number protoreflect.FieldNumber = 3 - FeatureSet_Utf8Validation_field_number protoreflect.FieldNumber = 4 - FeatureSet_MessageEncoding_field_number protoreflect.FieldNumber = 5 - FeatureSet_JsonFormat_field_number protoreflect.FieldNumber = 6 - FeatureSet_EnforceNamingStyle_field_number protoreflect.FieldNumber = 7 + FeatureSet_FieldPresence_field_number protoreflect.FieldNumber = 1 + FeatureSet_EnumType_field_number protoreflect.FieldNumber = 2 + FeatureSet_RepeatedFieldEncoding_field_number protoreflect.FieldNumber = 3 + FeatureSet_Utf8Validation_field_number protoreflect.FieldNumber = 4 + FeatureSet_MessageEncoding_field_number protoreflect.FieldNumber = 5 + FeatureSet_JsonFormat_field_number protoreflect.FieldNumber = 6 + FeatureSet_EnforceNamingStyle_field_number protoreflect.FieldNumber = 7 + FeatureSet_DefaultSymbolVisibility_field_number protoreflect.FieldNumber = 8 ) // Full and short names for google.protobuf.FeatureSet.FieldPresence. @@ -1128,6 +1153,27 @@ const ( FeatureSet_STYLE_LEGACY_enum_value = 2 ) +// Names for google.protobuf.FeatureSet.VisibilityFeature. +const ( + FeatureSet_VisibilityFeature_message_name protoreflect.Name = "VisibilityFeature" + FeatureSet_VisibilityFeature_message_fullname protoreflect.FullName = "google.protobuf.FeatureSet.VisibilityFeature" +) + +// Full and short names for google.protobuf.FeatureSet.VisibilityFeature.DefaultSymbolVisibility. +const ( + FeatureSet_VisibilityFeature_DefaultSymbolVisibility_enum_fullname = "google.protobuf.FeatureSet.VisibilityFeature.DefaultSymbolVisibility" + FeatureSet_VisibilityFeature_DefaultSymbolVisibility_enum_name = "DefaultSymbolVisibility" +) + +// Enum values for google.protobuf.FeatureSet.VisibilityFeature.DefaultSymbolVisibility. +const ( + FeatureSet_VisibilityFeature_DEFAULT_SYMBOL_VISIBILITY_UNKNOWN_enum_value = 0 + FeatureSet_VisibilityFeature_EXPORT_ALL_enum_value = 1 + FeatureSet_VisibilityFeature_EXPORT_TOP_LEVEL_enum_value = 2 + FeatureSet_VisibilityFeature_LOCAL_ALL_enum_value = 3 + FeatureSet_VisibilityFeature_STRICT_enum_value = 4 +) + // Names for google.protobuf.FeatureSetDefaults. const ( FeatureSetDefaults_message_name protoreflect.Name = "FeatureSetDefaults" diff --git a/vendor/google.golang.org/protobuf/internal/impl/codec_message_opaque.go b/vendor/google.golang.org/protobuf/internal/impl/codec_message_opaque.go index 41c1f74ef81..bdad12a9bbc 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/codec_message_opaque.go +++ b/vendor/google.golang.org/protobuf/internal/impl/codec_message_opaque.go @@ -11,6 +11,7 @@ import ( "google.golang.org/protobuf/encoding/protowire" "google.golang.org/protobuf/internal/encoding/messageset" + "google.golang.org/protobuf/internal/filedesc" "google.golang.org/protobuf/internal/order" "google.golang.org/protobuf/reflect/protoreflect" piface "google.golang.org/protobuf/runtime/protoiface" @@ -80,7 +81,7 @@ func (mi *MessageInfo) makeOpaqueCoderMethods(t reflect.Type, si opaqueStructInf // permit us to skip over definitely-unset fields at marshal time. var hasPresence bool - hasPresence, cf.isLazy = usePresenceForField(si, fd) + hasPresence, cf.isLazy = filedesc.UsePresenceForField(fd) if hasPresence { cf.presenceIndex, mi.presenceSize = presenceIndex(mi.Desc, fd) diff --git a/vendor/google.golang.org/protobuf/internal/impl/message_opaque.go b/vendor/google.golang.org/protobuf/internal/impl/message_opaque.go index dd55e8e009c..5a439daacb7 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/message_opaque.go +++ b/vendor/google.golang.org/protobuf/internal/impl/message_opaque.go @@ -11,6 +11,7 @@ import ( "strings" "sync/atomic" + "google.golang.org/protobuf/internal/filedesc" "google.golang.org/protobuf/reflect/protoreflect" ) @@ -53,7 +54,7 @@ func opaqueInitHook(mi *MessageInfo) bool { fd := fds.Get(i) fs := si.fieldsByNumber[fd.Number()] var fi fieldInfo - usePresence, _ := usePresenceForField(si, fd) + usePresence, _ := filedesc.UsePresenceForField(fd) switch { case fd.ContainingOneof() != nil && !fd.ContainingOneof().IsSynthetic(): @@ -343,17 +344,15 @@ func (mi *MessageInfo) fieldInfoForMessageListOpaqueNoPresence(si opaqueStructIn if p.IsNil() { return false } - sp := p.Apply(fieldOffset).AtomicGetPointer() - if sp.IsNil() { + rv := p.Apply(fieldOffset).AsValueOf(fs.Type).Elem() + if rv.IsNil() { return false } - rv := sp.AsValueOf(fs.Type.Elem()) return rv.Elem().Len() > 0 }, clear: func(p pointer) { - sp := p.Apply(fieldOffset).AtomicGetPointer() - if !sp.IsNil() { - rv := sp.AsValueOf(fs.Type.Elem()) + rv := p.Apply(fieldOffset).AsValueOf(fs.Type).Elem() + if !rv.IsNil() { rv.Elem().Set(reflect.Zero(rv.Type().Elem())) } }, @@ -361,11 +360,10 @@ func (mi *MessageInfo) fieldInfoForMessageListOpaqueNoPresence(si opaqueStructIn if p.IsNil() { return conv.Zero() } - sp := p.Apply(fieldOffset).AtomicGetPointer() - if sp.IsNil() { + rv := p.Apply(fieldOffset).AsValueOf(fs.Type).Elem() + if rv.IsNil() { return conv.Zero() } - rv := sp.AsValueOf(fs.Type.Elem()) if rv.Elem().Len() == 0 { return conv.Zero() } @@ -598,30 +596,3 @@ func (mi *MessageInfo) clearPresent(p pointer, index uint32) { func (mi *MessageInfo) present(p pointer, index uint32) bool { return p.Apply(mi.presenceOffset).PresenceInfo().Present(index) } - -// usePresenceForField implements the somewhat intricate logic of when -// the presence bitmap is used for a field. The main logic is that a -// field that is optional or that can be lazy will use the presence -// bit, but for proto2, also maps have a presence bit. It also records -// if the field can ever be lazy, which is true if we have a -// lazyOffset and the field is a message or a slice of messages. A -// field that is lazy will always need a presence bit. Oneofs are not -// lazy and do not use presence, unless they are a synthetic oneof, -// which is a proto3 optional field. For proto3 optionals, we use the -// presence and they can also be lazy when applicable (a message). -func usePresenceForField(si opaqueStructInfo, fd protoreflect.FieldDescriptor) (usePresence, canBeLazy bool) { - hasLazyField := fd.(interface{ IsLazy() bool }).IsLazy() - - // Non-oneof scalar fields with explicit field presence use the presence array. - usesPresenceArray := fd.HasPresence() && fd.Message() == nil && (fd.ContainingOneof() == nil || fd.ContainingOneof().IsSynthetic()) - switch { - case fd.ContainingOneof() != nil && !fd.ContainingOneof().IsSynthetic(): - return false, false - case fd.IsMap(): - return false, false - case fd.Kind() == protoreflect.MessageKind || fd.Kind() == protoreflect.GroupKind: - return hasLazyField, hasLazyField - default: - return usesPresenceArray || (hasLazyField && fd.HasPresence()), false - } -} diff --git a/vendor/google.golang.org/protobuf/internal/impl/presence.go b/vendor/google.golang.org/protobuf/internal/impl/presence.go index 914cb1deda2..443afe81cda 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/presence.go +++ b/vendor/google.golang.org/protobuf/internal/impl/presence.go @@ -32,9 +32,6 @@ func (p presence) toElem(num uint32) (ret *uint32) { // Present checks for the presence of a specific field number in a presence set. func (p presence) Present(num uint32) bool { - if p.P == nil { - return false - } return Export{}.Present(p.toElem(num), num) } diff --git a/vendor/google.golang.org/protobuf/internal/version/version.go b/vendor/google.golang.org/protobuf/internal/version/version.go index aac1cb18a74..a53364c5992 100644 --- a/vendor/google.golang.org/protobuf/internal/version/version.go +++ b/vendor/google.golang.org/protobuf/internal/version/version.go @@ -52,7 +52,7 @@ import ( const ( Major = 1 Minor = 36 - Patch = 6 + Patch = 7 PreRelease = "" ) diff --git a/vendor/google.golang.org/protobuf/reflect/protoreflect/source_gen.go b/vendor/google.golang.org/protobuf/reflect/protoreflect/source_gen.go index a4a0a2971dd..730331e6668 100644 --- a/vendor/google.golang.org/protobuf/reflect/protoreflect/source_gen.go +++ b/vendor/google.golang.org/protobuf/reflect/protoreflect/source_gen.go @@ -21,6 +21,8 @@ func (p *SourcePath) appendFileDescriptorProto(b []byte) []byte { b = p.appendRepeatedField(b, "public_dependency", nil) case 11: b = p.appendRepeatedField(b, "weak_dependency", nil) + case 15: + b = p.appendRepeatedField(b, "option_dependency", nil) case 4: b = p.appendRepeatedField(b, "message_type", (*SourcePath).appendDescriptorProto) case 5: @@ -66,6 +68,8 @@ func (p *SourcePath) appendDescriptorProto(b []byte) []byte { b = p.appendRepeatedField(b, "reserved_range", (*SourcePath).appendDescriptorProto_ReservedRange) case 10: b = p.appendRepeatedField(b, "reserved_name", nil) + case 11: + b = p.appendSingularField(b, "visibility", nil) } return b } @@ -85,6 +89,8 @@ func (p *SourcePath) appendEnumDescriptorProto(b []byte) []byte { b = p.appendRepeatedField(b, "reserved_range", (*SourcePath).appendEnumDescriptorProto_EnumReservedRange) case 5: b = p.appendRepeatedField(b, "reserved_name", nil) + case 6: + b = p.appendSingularField(b, "visibility", nil) } return b } @@ -400,6 +406,8 @@ func (p *SourcePath) appendFeatureSet(b []byte) []byte { b = p.appendSingularField(b, "json_format", nil) case 7: b = p.appendSingularField(b, "enforce_naming_style", nil) + case 8: + b = p.appendSingularField(b, "default_symbol_visibility", nil) } return b } diff --git a/vendor/modules.txt b/vendor/modules.txt index 0fe34b46a41..7cdf1bd9e0c 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -98,7 +98,7 @@ golang.org/x/net/bpf ## explicit; go 1.23.0 golang.org/x/sys/unix golang.org/x/sys/windows -# google.golang.org/protobuf v1.36.6 +# google.golang.org/protobuf v1.36.7 ## explicit; go 1.22 google.golang.org/protobuf/encoding/prototext google.golang.org/protobuf/encoding/protowire From 8f0bb8774866abcbcbd1213a35ab6067b51e5d45 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 9 Aug 2025 06:55:58 +0000 Subject: [PATCH 0990/1176] build(deps): bump golang.org/x/sys from 0.34.0 to 0.35.0 Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.34.0 to 0.35.0. - [Commits](https://github.com/golang/sys/compare/v0.34.0...v0.35.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-version: 0.35.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 +- vendor/golang.org/x/sys/unix/mkerrors.sh | 3 + .../golang.org/x/sys/unix/syscall_darwin.go | 56 +------------------ vendor/golang.org/x/sys/unix/zerrors_linux.go | 44 ++++++++++----- .../x/sys/unix/zerrors_linux_386.go | 2 + .../x/sys/unix/zerrors_linux_amd64.go | 2 + .../x/sys/unix/zerrors_linux_arm.go | 2 + .../x/sys/unix/zerrors_linux_arm64.go | 2 + .../x/sys/unix/zerrors_linux_loong64.go | 2 + .../x/sys/unix/zerrors_linux_mips.go | 2 + .../x/sys/unix/zerrors_linux_mips64.go | 2 + .../x/sys/unix/zerrors_linux_mips64le.go | 2 + .../x/sys/unix/zerrors_linux_mipsle.go | 2 + .../x/sys/unix/zerrors_linux_ppc.go | 2 + .../x/sys/unix/zerrors_linux_ppc64.go | 2 + .../x/sys/unix/zerrors_linux_ppc64le.go | 2 + .../x/sys/unix/zerrors_linux_riscv64.go | 2 + .../x/sys/unix/zerrors_linux_s390x.go | 2 + .../x/sys/unix/zerrors_linux_sparc64.go | 2 + .../x/sys/unix/zsysnum_linux_386.go | 1 + .../x/sys/unix/zsysnum_linux_amd64.go | 1 + .../x/sys/unix/zsysnum_linux_arm.go | 1 + .../x/sys/unix/zsysnum_linux_arm64.go | 1 + .../x/sys/unix/zsysnum_linux_loong64.go | 1 + .../x/sys/unix/zsysnum_linux_mips.go | 1 + .../x/sys/unix/zsysnum_linux_mips64.go | 1 + .../x/sys/unix/zsysnum_linux_mips64le.go | 1 + .../x/sys/unix/zsysnum_linux_mipsle.go | 1 + .../x/sys/unix/zsysnum_linux_ppc.go | 1 + .../x/sys/unix/zsysnum_linux_ppc64.go | 1 + .../x/sys/unix/zsysnum_linux_ppc64le.go | 1 + .../x/sys/unix/zsysnum_linux_riscv64.go | 1 + .../x/sys/unix/zsysnum_linux_s390x.go | 1 + .../x/sys/unix/zsysnum_linux_sparc64.go | 1 + vendor/golang.org/x/sys/unix/ztypes_linux.go | 37 +++++++++--- .../golang.org/x/sys/unix/ztypes_linux_386.go | 30 +++++----- .../x/sys/unix/ztypes_linux_amd64.go | 28 +++++----- .../golang.org/x/sys/unix/ztypes_linux_arm.go | 32 +++++------ .../x/sys/unix/ztypes_linux_arm64.go | 28 +++++----- .../x/sys/unix/ztypes_linux_loong64.go | 28 +++++----- .../x/sys/unix/ztypes_linux_mips.go | 30 +++++----- .../x/sys/unix/ztypes_linux_mips64.go | 28 +++++----- .../x/sys/unix/ztypes_linux_mips64le.go | 28 +++++----- .../x/sys/unix/ztypes_linux_mipsle.go | 30 +++++----- .../golang.org/x/sys/unix/ztypes_linux_ppc.go | 32 +++++------ .../x/sys/unix/ztypes_linux_ppc64.go | 28 +++++----- .../x/sys/unix/ztypes_linux_ppc64le.go | 28 +++++----- .../x/sys/unix/ztypes_linux_riscv64.go | 28 +++++----- .../x/sys/unix/ztypes_linux_s390x.go | 28 +++++----- .../x/sys/unix/ztypes_linux_sparc64.go | 28 +++++----- vendor/modules.txt | 2 +- 52 files changed, 329 insertions(+), 298 deletions(-) diff --git a/go.mod b/go.mod index 5ab9d344d7b..1e8d72af12d 100644 --- a/go.mod +++ b/go.mod @@ -23,7 +23,7 @@ require ( github.com/vishvananda/netlink v1.3.1 github.com/vishvananda/netns v0.0.5 golang.org/x/net v0.42.0 - golang.org/x/sys v0.34.0 + golang.org/x/sys v0.35.0 google.golang.org/protobuf v1.36.7 ) diff --git a/go.sum b/go.sum index 6c468d94caa..33c4ef37023 100644 --- a/go.sum +++ b/go.sum @@ -85,8 +85,8 @@ golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.34.0 h1:H5Y5sJ2L2JRdyv7ROF1he/lPdvFsd0mJHFw2ThKHxLA= -golang.org/x/sys v0.34.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= +golang.org/x/sys v0.35.0 h1:vz1N37gP5bs89s7He8XuIYXpyY0+QlsKmzipCbUtyxI= +golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= google.golang.org/protobuf v1.36.7 h1:IgrO7UwFQGJdRNXH/sQux4R1Dj1WAKcLElzeeRaXV2A= google.golang.org/protobuf v1.36.7/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/vendor/golang.org/x/sys/unix/mkerrors.sh b/vendor/golang.org/x/sys/unix/mkerrors.sh index 6ab02b6c312..d1c8b2640eb 100644 --- a/vendor/golang.org/x/sys/unix/mkerrors.sh +++ b/vendor/golang.org/x/sys/unix/mkerrors.sh @@ -349,6 +349,9 @@ struct ltchars { #define _HIDIOCGRAWPHYS HIDIOCGRAWPHYS(_HIDIOCGRAWPHYS_LEN) #define _HIDIOCGRAWUNIQ HIDIOCGRAWUNIQ(_HIDIOCGRAWUNIQ_LEN) +// Renamed in v6.16, commit c6d732c38f93 ("net: ethtool: remove duplicate defines for family info") +#define ETHTOOL_FAMILY_NAME ETHTOOL_GENL_NAME +#define ETHTOOL_FAMILY_VERSION ETHTOOL_GENL_VERSION ' includes_NetBSD=' diff --git a/vendor/golang.org/x/sys/unix/syscall_darwin.go b/vendor/golang.org/x/sys/unix/syscall_darwin.go index 798f61ad3bf..7838ca5db20 100644 --- a/vendor/golang.org/x/sys/unix/syscall_darwin.go +++ b/vendor/golang.org/x/sys/unix/syscall_darwin.go @@ -602,14 +602,9 @@ func Connectx(fd int, srcIf uint32, srcAddr, dstAddr Sockaddr, associd SaeAssocI return } -// sys connectx(fd int, endpoints *SaEndpoints, associd SaeAssocID, flags uint32, iov []Iovec, n *uintptr, connid *SaeConnID) (err error) const minIovec = 8 func Readv(fd int, iovs [][]byte) (n int, err error) { - if !darwinKernelVersionMin(11, 0, 0) { - return 0, ENOSYS - } - iovecs := make([]Iovec, 0, minIovec) iovecs = appendBytes(iovecs, iovs) n, err = readv(fd, iovecs) @@ -618,9 +613,6 @@ func Readv(fd int, iovs [][]byte) (n int, err error) { } func Preadv(fd int, iovs [][]byte, offset int64) (n int, err error) { - if !darwinKernelVersionMin(11, 0, 0) { - return 0, ENOSYS - } iovecs := make([]Iovec, 0, minIovec) iovecs = appendBytes(iovecs, iovs) n, err = preadv(fd, iovecs, offset) @@ -629,10 +621,6 @@ func Preadv(fd int, iovs [][]byte, offset int64) (n int, err error) { } func Writev(fd int, iovs [][]byte) (n int, err error) { - if !darwinKernelVersionMin(11, 0, 0) { - return 0, ENOSYS - } - iovecs := make([]Iovec, 0, minIovec) iovecs = appendBytes(iovecs, iovs) if raceenabled { @@ -644,10 +632,6 @@ func Writev(fd int, iovs [][]byte) (n int, err error) { } func Pwritev(fd int, iovs [][]byte, offset int64) (n int, err error) { - if !darwinKernelVersionMin(11, 0, 0) { - return 0, ENOSYS - } - iovecs := make([]Iovec, 0, minIovec) iovecs = appendBytes(iovecs, iovs) if raceenabled { @@ -707,45 +691,7 @@ func readvRacedetect(iovecs []Iovec, n int, err error) { } } -func darwinMajorMinPatch() (maj, min, patch int, err error) { - var un Utsname - err = Uname(&un) - if err != nil { - return - } - - var mmp [3]int - c := 0 -Loop: - for _, b := range un.Release[:] { - switch { - case b >= '0' && b <= '9': - mmp[c] = 10*mmp[c] + int(b-'0') - case b == '.': - c++ - if c > 2 { - return 0, 0, 0, ENOTSUP - } - case b == 0: - break Loop - default: - return 0, 0, 0, ENOTSUP - } - } - if c != 2 { - return 0, 0, 0, ENOTSUP - } - return mmp[0], mmp[1], mmp[2], nil -} - -func darwinKernelVersionMin(maj, min, patch int) bool { - actualMaj, actualMin, actualPatch, err := darwinMajorMinPatch() - if err != nil { - return false - } - return actualMaj > maj || actualMaj == maj && (actualMin > min || actualMin == min && actualPatch >= patch) -} - +//sys connectx(fd int, endpoints *SaEndpoints, associd SaeAssocID, flags uint32, iov []Iovec, n *uintptr, connid *SaeConnID) (err error) //sys sendfile(infd int, outfd int, offset int64, len *int64, hdtr unsafe.Pointer, flags int) (err error) //sys shmat(id int, addr uintptr, flag int) (ret uintptr, err error) diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux.go b/vendor/golang.org/x/sys/unix/zerrors_linux.go index 9e7a6c5a4fc..b6db27d937c 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux.go @@ -328,6 +328,8 @@ const ( AUDIT_KERNEL = 0x7d0 AUDIT_KERNEL_OTHER = 0x524 AUDIT_KERN_MODULE = 0x532 + AUDIT_LANDLOCK_ACCESS = 0x58f + AUDIT_LANDLOCK_DOMAIN = 0x590 AUDIT_LAST_FEATURE = 0x1 AUDIT_LAST_KERN_ANOM_MSG = 0x707 AUDIT_LAST_USER_MSG = 0x4af @@ -492,6 +494,7 @@ const ( BPF_F_BEFORE = 0x8 BPF_F_ID = 0x20 BPF_F_NETFILTER_IP_DEFRAG = 0x1 + BPF_F_PREORDER = 0x40 BPF_F_QUERY_EFFECTIVE = 0x1 BPF_F_REDIRECT_FLAGS = 0x19 BPF_F_REPLACE = 0x4 @@ -528,6 +531,7 @@ const ( BPF_LDX = 0x1 BPF_LEN = 0x80 BPF_LL_OFF = -0x200000 + BPF_LOAD_ACQ = 0x100 BPF_LSH = 0x60 BPF_MAJOR_VERSION = 0x1 BPF_MAXINSNS = 0x1000 @@ -555,6 +559,7 @@ const ( BPF_RET = 0x6 BPF_RSH = 0x70 BPF_ST = 0x2 + BPF_STORE_REL = 0x110 BPF_STX = 0x3 BPF_SUB = 0x10 BPF_TAG_SIZE = 0x8 @@ -844,9 +849,9 @@ const ( DM_UUID_FLAG = 0x4000 DM_UUID_LEN = 0x81 DM_VERSION = 0xc138fd00 - DM_VERSION_EXTRA = "-ioctl (2025-01-17)" + DM_VERSION_EXTRA = "-ioctl (2025-04-28)" DM_VERSION_MAJOR = 0x4 - DM_VERSION_MINOR = 0x31 + DM_VERSION_MINOR = 0x32 DM_VERSION_PATCHLEVEL = 0x0 DT_BLK = 0x6 DT_CHR = 0x2 @@ -937,9 +942,6 @@ const ( EPOLL_CTL_MOD = 0x3 EPOLL_IOC_TYPE = 0x8a EROFS_SUPER_MAGIC_V1 = 0xe0f5e1e2 - ESP_V4_FLOW = 0xa - ESP_V6_FLOW = 0xc - ETHER_FLOW = 0x12 ETHTOOL_BUSINFO_LEN = 0x20 ETHTOOL_EROMVERS_LEN = 0x20 ETHTOOL_FAMILY_NAME = "ethtool" @@ -1213,6 +1215,7 @@ const ( FAN_EVENT_INFO_TYPE_DFID_NAME = 0x2 FAN_EVENT_INFO_TYPE_ERROR = 0x5 FAN_EVENT_INFO_TYPE_FID = 0x1 + FAN_EVENT_INFO_TYPE_MNT = 0x7 FAN_EVENT_INFO_TYPE_NEW_DFID_NAME = 0xc FAN_EVENT_INFO_TYPE_OLD_DFID_NAME = 0xa FAN_EVENT_INFO_TYPE_PIDFD = 0x4 @@ -1231,9 +1234,12 @@ const ( FAN_MARK_IGNORED_SURV_MODIFY = 0x40 FAN_MARK_IGNORE_SURV = 0x440 FAN_MARK_INODE = 0x0 + FAN_MARK_MNTNS = 0x110 FAN_MARK_MOUNT = 0x10 FAN_MARK_ONLYDIR = 0x8 FAN_MARK_REMOVE = 0x2 + FAN_MNT_ATTACH = 0x1000000 + FAN_MNT_DETACH = 0x2000000 FAN_MODIFY = 0x2 FAN_MOVE = 0xc0 FAN_MOVED_FROM = 0x40 @@ -1255,6 +1261,7 @@ const ( FAN_REPORT_DIR_FID = 0x400 FAN_REPORT_FD_ERROR = 0x2000 FAN_REPORT_FID = 0x200 + FAN_REPORT_MNT = 0x4000 FAN_REPORT_NAME = 0x800 FAN_REPORT_PIDFD = 0x80 FAN_REPORT_TARGET_FID = 0x1000 @@ -1274,6 +1281,7 @@ const ( FIB_RULE_PERMANENT = 0x1 FIB_RULE_UNRESOLVED = 0x4 FIDEDUPERANGE = 0xc0189436 + FSCRYPT_ADD_KEY_FLAG_HW_WRAPPED = 0x1 FSCRYPT_KEY_DESCRIPTOR_SIZE = 0x8 FSCRYPT_KEY_DESC_PREFIX = "fscrypt:" FSCRYPT_KEY_DESC_PREFIX_SIZE = 0x8 @@ -1582,7 +1590,6 @@ const ( IPV6_DONTFRAG = 0x3e IPV6_DROP_MEMBERSHIP = 0x15 IPV6_DSTOPTS = 0x3b - IPV6_FLOW = 0x11 IPV6_FREEBIND = 0x4e IPV6_HDRINCL = 0x24 IPV6_HOPLIMIT = 0x34 @@ -1633,7 +1640,6 @@ const ( IPV6_TRANSPARENT = 0x4b IPV6_UNICAST_HOPS = 0x10 IPV6_UNICAST_IF = 0x4c - IPV6_USER_FLOW = 0xe IPV6_V6ONLY = 0x1a IPV6_VERSION = 0x60 IPV6_VERSION_MASK = 0xf0 @@ -1695,7 +1701,6 @@ const ( IP_TTL = 0x2 IP_UNBLOCK_SOURCE = 0x25 IP_UNICAST_IF = 0x32 - IP_USER_FLOW = 0xd IP_XFRM_POLICY = 0x11 ISOFS_SUPER_MAGIC = 0x9660 ISTRIP = 0x20 @@ -1817,7 +1822,11 @@ const ( LANDLOCK_ACCESS_FS_WRITE_FILE = 0x2 LANDLOCK_ACCESS_NET_BIND_TCP = 0x1 LANDLOCK_ACCESS_NET_CONNECT_TCP = 0x2 + LANDLOCK_CREATE_RULESET_ERRATA = 0x2 LANDLOCK_CREATE_RULESET_VERSION = 0x1 + LANDLOCK_RESTRICT_SELF_LOG_NEW_EXEC_ON = 0x2 + LANDLOCK_RESTRICT_SELF_LOG_SAME_EXEC_OFF = 0x1 + LANDLOCK_RESTRICT_SELF_LOG_SUBDOMAINS_OFF = 0x4 LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET = 0x1 LANDLOCK_SCOPE_SIGNAL = 0x2 LINUX_REBOOT_CMD_CAD_OFF = 0x0 @@ -2493,6 +2502,10 @@ const ( PR_FP_EXC_UND = 0x40000 PR_FP_MODE_FR = 0x1 PR_FP_MODE_FRE = 0x2 + PR_FUTEX_HASH = 0x4e + PR_FUTEX_HASH_GET_IMMUTABLE = 0x3 + PR_FUTEX_HASH_GET_SLOTS = 0x2 + PR_FUTEX_HASH_SET_SLOTS = 0x1 PR_GET_AUXV = 0x41555856 PR_GET_CHILD_SUBREAPER = 0x25 PR_GET_DUMPABLE = 0x3 @@ -2652,6 +2665,10 @@ const ( PR_TAGGED_ADDR_ENABLE = 0x1 PR_TASK_PERF_EVENTS_DISABLE = 0x1f PR_TASK_PERF_EVENTS_ENABLE = 0x20 + PR_TIMER_CREATE_RESTORE_IDS = 0x4d + PR_TIMER_CREATE_RESTORE_IDS_GET = 0x2 + PR_TIMER_CREATE_RESTORE_IDS_OFF = 0x0 + PR_TIMER_CREATE_RESTORE_IDS_ON = 0x1 PR_TIMING_STATISTICAL = 0x0 PR_TIMING_TIMESTAMP = 0x1 PR_TSC_ENABLE = 0x1 @@ -2732,6 +2749,7 @@ const ( PTRACE_SETREGSET = 0x4205 PTRACE_SETSIGINFO = 0x4203 PTRACE_SETSIGMASK = 0x420b + PTRACE_SET_SYSCALL_INFO = 0x4212 PTRACE_SET_SYSCALL_USER_DISPATCH_CONFIG = 0x4210 PTRACE_SINGLESTEP = 0x9 PTRACE_SYSCALL = 0x18 @@ -2982,6 +3000,7 @@ const ( RTPROT_NTK = 0xf RTPROT_OPENR = 0x63 RTPROT_OSPF = 0xbc + RTPROT_OVN = 0x54 RTPROT_RA = 0x9 RTPROT_REDIRECT = 0x1 RTPROT_RIP = 0xbd @@ -3336,7 +3355,7 @@ const ( TASKSTATS_GENL_NAME = "TASKSTATS" TASKSTATS_GENL_VERSION = 0x1 TASKSTATS_TYPE_MAX = 0x6 - TASKSTATS_VERSION = 0xf + TASKSTATS_VERSION = 0x10 TCIFLUSH = 0x0 TCIOFF = 0x2 TCIOFLUSH = 0x2 @@ -3406,8 +3425,6 @@ const ( TCP_TX_DELAY = 0x25 TCP_ULP = 0x1f TCP_USER_TIMEOUT = 0x12 - TCP_V4_FLOW = 0x1 - TCP_V6_FLOW = 0x5 TCP_WINDOW_CLAMP = 0xa TCP_ZEROCOPY_RECEIVE = 0x23 TFD_TIMER_ABSTIME = 0x1 @@ -3530,8 +3547,6 @@ const ( UDP_NO_CHECK6_RX = 0x66 UDP_NO_CHECK6_TX = 0x65 UDP_SEGMENT = 0x67 - UDP_V4_FLOW = 0x2 - UDP_V6_FLOW = 0x6 UMOUNT_NOFOLLOW = 0x8 USBDEVICE_SUPER_MAGIC = 0x9fa2 UTIME_NOW = 0x3fffffff @@ -3574,7 +3589,7 @@ const ( WDIOS_TEMPPANIC = 0x4 WDIOS_UNKNOWN = -0x1 WEXITED = 0x4 - WGALLOWEDIP_A_MAX = 0x3 + WGALLOWEDIP_A_MAX = 0x4 WGDEVICE_A_MAX = 0x8 WGPEER_A_MAX = 0xa WG_CMD_MAX = 0x1 @@ -3688,6 +3703,7 @@ const ( XDP_SHARED_UMEM = 0x1 XDP_STATISTICS = 0x7 XDP_TXMD_FLAGS_CHECKSUM = 0x2 + XDP_TXMD_FLAGS_LAUNCH_TIME = 0x4 XDP_TXMD_FLAGS_TIMESTAMP = 0x1 XDP_TX_METADATA = 0x2 XDP_TX_RING = 0x3 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go index a8c421e29b5..1c37f9fbc45 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go @@ -68,6 +68,7 @@ const ( CS8 = 0x30 CSIZE = 0x30 CSTOPB = 0x40 + DM_MPATH_PROBE_PATHS = 0xfd12 ECCGETLAYOUT = 0x81484d11 ECCGETSTATS = 0x80104d12 ECHOCTL = 0x200 @@ -360,6 +361,7 @@ const ( SO_OOBINLINE = 0xa SO_PASSCRED = 0x10 SO_PASSPIDFD = 0x4c + SO_PASSRIGHTS = 0x53 SO_PASSSEC = 0x22 SO_PEEK_OFF = 0x2a SO_PEERCRED = 0x11 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go index 9a88d18130f..6f54d34aefc 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go @@ -68,6 +68,7 @@ const ( CS8 = 0x30 CSIZE = 0x30 CSTOPB = 0x40 + DM_MPATH_PROBE_PATHS = 0xfd12 ECCGETLAYOUT = 0x81484d11 ECCGETSTATS = 0x80104d12 ECHOCTL = 0x200 @@ -361,6 +362,7 @@ const ( SO_OOBINLINE = 0xa SO_PASSCRED = 0x10 SO_PASSPIDFD = 0x4c + SO_PASSRIGHTS = 0x53 SO_PASSSEC = 0x22 SO_PEEK_OFF = 0x2a SO_PEERCRED = 0x11 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go index 7cb6a867efd..783ec5c126f 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go @@ -68,6 +68,7 @@ const ( CS8 = 0x30 CSIZE = 0x30 CSTOPB = 0x40 + DM_MPATH_PROBE_PATHS = 0xfd12 ECCGETLAYOUT = 0x81484d11 ECCGETSTATS = 0x80104d12 ECHOCTL = 0x200 @@ -366,6 +367,7 @@ const ( SO_OOBINLINE = 0xa SO_PASSCRED = 0x10 SO_PASSPIDFD = 0x4c + SO_PASSRIGHTS = 0x53 SO_PASSSEC = 0x22 SO_PEEK_OFF = 0x2a SO_PEERCRED = 0x11 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go index d0ecd2c583b..ca83d3ba162 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go @@ -68,6 +68,7 @@ const ( CS8 = 0x30 CSIZE = 0x30 CSTOPB = 0x40 + DM_MPATH_PROBE_PATHS = 0xfd12 ECCGETLAYOUT = 0x81484d11 ECCGETSTATS = 0x80104d12 ECHOCTL = 0x200 @@ -359,6 +360,7 @@ const ( SO_OOBINLINE = 0xa SO_PASSCRED = 0x10 SO_PASSPIDFD = 0x4c + SO_PASSRIGHTS = 0x53 SO_PASSSEC = 0x22 SO_PEEK_OFF = 0x2a SO_PEERCRED = 0x11 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go index 7a2940ae0a3..607e611c0cb 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go @@ -68,6 +68,7 @@ const ( CS8 = 0x30 CSIZE = 0x30 CSTOPB = 0x40 + DM_MPATH_PROBE_PATHS = 0xfd12 ECCGETLAYOUT = 0x81484d11 ECCGETSTATS = 0x80104d12 ECHOCTL = 0x200 @@ -353,6 +354,7 @@ const ( SO_OOBINLINE = 0xa SO_PASSCRED = 0x10 SO_PASSPIDFD = 0x4c + SO_PASSRIGHTS = 0x53 SO_PASSSEC = 0x22 SO_PEEK_OFF = 0x2a SO_PEERCRED = 0x11 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go index d14ca8f2ecf..b9cb5bd3c09 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go @@ -68,6 +68,7 @@ const ( CS8 = 0x30 CSIZE = 0x30 CSTOPB = 0x40 + DM_MPATH_PROBE_PATHS = 0x2000fd12 ECCGETLAYOUT = 0x41484d11 ECCGETSTATS = 0x40104d12 ECHOCTL = 0x200 @@ -359,6 +360,7 @@ const ( SO_OOBINLINE = 0x100 SO_PASSCRED = 0x11 SO_PASSPIDFD = 0x4c + SO_PASSRIGHTS = 0x53 SO_PASSSEC = 0x22 SO_PEEK_OFF = 0x2a SO_PEERCRED = 0x12 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go index 2da1bac1e3d..65b078a6382 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go @@ -68,6 +68,7 @@ const ( CS8 = 0x30 CSIZE = 0x30 CSTOPB = 0x40 + DM_MPATH_PROBE_PATHS = 0x2000fd12 ECCGETLAYOUT = 0x41484d11 ECCGETSTATS = 0x40104d12 ECHOCTL = 0x200 @@ -359,6 +360,7 @@ const ( SO_OOBINLINE = 0x100 SO_PASSCRED = 0x11 SO_PASSPIDFD = 0x4c + SO_PASSRIGHTS = 0x53 SO_PASSSEC = 0x22 SO_PEEK_OFF = 0x2a SO_PEERCRED = 0x12 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go index 28727514b5f..5298a3033d0 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go @@ -68,6 +68,7 @@ const ( CS8 = 0x30 CSIZE = 0x30 CSTOPB = 0x40 + DM_MPATH_PROBE_PATHS = 0x2000fd12 ECCGETLAYOUT = 0x41484d11 ECCGETSTATS = 0x40104d12 ECHOCTL = 0x200 @@ -359,6 +360,7 @@ const ( SO_OOBINLINE = 0x100 SO_PASSCRED = 0x11 SO_PASSPIDFD = 0x4c + SO_PASSRIGHTS = 0x53 SO_PASSSEC = 0x22 SO_PEEK_OFF = 0x2a SO_PEERCRED = 0x12 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go index 7f287b54b5d..7bc557c8761 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go @@ -68,6 +68,7 @@ const ( CS8 = 0x30 CSIZE = 0x30 CSTOPB = 0x40 + DM_MPATH_PROBE_PATHS = 0x2000fd12 ECCGETLAYOUT = 0x41484d11 ECCGETSTATS = 0x40104d12 ECHOCTL = 0x200 @@ -359,6 +360,7 @@ const ( SO_OOBINLINE = 0x100 SO_PASSCRED = 0x11 SO_PASSPIDFD = 0x4c + SO_PASSRIGHTS = 0x53 SO_PASSSEC = 0x22 SO_PEEK_OFF = 0x2a SO_PEERCRED = 0x12 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go index 7e5f9e6aa8d..152399bb04a 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go @@ -68,6 +68,7 @@ const ( CS8 = 0x300 CSIZE = 0x300 CSTOPB = 0x400 + DM_MPATH_PROBE_PATHS = 0x2000fd12 ECCGETLAYOUT = 0x41484d11 ECCGETSTATS = 0x40104d12 ECHOCTL = 0x40 @@ -414,6 +415,7 @@ const ( SO_OOBINLINE = 0xa SO_PASSCRED = 0x14 SO_PASSPIDFD = 0x4c + SO_PASSRIGHTS = 0x53 SO_PASSSEC = 0x22 SO_PEEK_OFF = 0x2a SO_PEERCRED = 0x15 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go index 37c87952fcb..1a1ce2409cf 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go @@ -68,6 +68,7 @@ const ( CS8 = 0x300 CSIZE = 0x300 CSTOPB = 0x400 + DM_MPATH_PROBE_PATHS = 0x2000fd12 ECCGETLAYOUT = 0x41484d11 ECCGETSTATS = 0x40104d12 ECHOCTL = 0x40 @@ -418,6 +419,7 @@ const ( SO_OOBINLINE = 0xa SO_PASSCRED = 0x14 SO_PASSPIDFD = 0x4c + SO_PASSRIGHTS = 0x53 SO_PASSSEC = 0x22 SO_PEEK_OFF = 0x2a SO_PEERCRED = 0x15 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go index 5220133613a..4231a1fb578 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go @@ -68,6 +68,7 @@ const ( CS8 = 0x300 CSIZE = 0x300 CSTOPB = 0x400 + DM_MPATH_PROBE_PATHS = 0x2000fd12 ECCGETLAYOUT = 0x41484d11 ECCGETSTATS = 0x40104d12 ECHOCTL = 0x40 @@ -418,6 +419,7 @@ const ( SO_OOBINLINE = 0xa SO_PASSCRED = 0x14 SO_PASSPIDFD = 0x4c + SO_PASSRIGHTS = 0x53 SO_PASSSEC = 0x22 SO_PEEK_OFF = 0x2a SO_PEERCRED = 0x15 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go index 4bfe2b5b6e6..21c0e952665 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go @@ -68,6 +68,7 @@ const ( CS8 = 0x30 CSIZE = 0x30 CSTOPB = 0x40 + DM_MPATH_PROBE_PATHS = 0xfd12 ECCGETLAYOUT = 0x81484d11 ECCGETSTATS = 0x80104d12 ECHOCTL = 0x200 @@ -350,6 +351,7 @@ const ( SO_OOBINLINE = 0xa SO_PASSCRED = 0x10 SO_PASSPIDFD = 0x4c + SO_PASSRIGHTS = 0x53 SO_PASSSEC = 0x22 SO_PEEK_OFF = 0x2a SO_PEERCRED = 0x11 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go index e3cffb869a3..f00d1cd7cf4 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go @@ -68,6 +68,7 @@ const ( CS8 = 0x30 CSIZE = 0x30 CSTOPB = 0x40 + DM_MPATH_PROBE_PATHS = 0xfd12 ECCGETLAYOUT = 0x81484d11 ECCGETSTATS = 0x80104d12 ECHOCTL = 0x200 @@ -422,6 +423,7 @@ const ( SO_OOBINLINE = 0xa SO_PASSCRED = 0x10 SO_PASSPIDFD = 0x4c + SO_PASSRIGHTS = 0x53 SO_PASSSEC = 0x22 SO_PEEK_OFF = 0x2a SO_PEERCRED = 0x11 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go index c219c8db396..bc8d539e6af 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go @@ -71,6 +71,7 @@ const ( CS8 = 0x30 CSIZE = 0x30 CSTOPB = 0x40 + DM_MPATH_PROBE_PATHS = 0x2000fd12 ECCGETLAYOUT = 0x41484d11 ECCGETSTATS = 0x40104d12 ECHOCTL = 0x200 @@ -461,6 +462,7 @@ const ( SO_OOBINLINE = 0x100 SO_PASSCRED = 0x2 SO_PASSPIDFD = 0x55 + SO_PASSRIGHTS = 0x5c SO_PASSSEC = 0x1f SO_PEEK_OFF = 0x26 SO_PEERCRED = 0x40 diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go index c79aaff306a..aca56ee4947 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go @@ -462,4 +462,5 @@ const ( SYS_GETXATTRAT = 464 SYS_LISTXATTRAT = 465 SYS_REMOVEXATTRAT = 466 + SYS_OPEN_TREE_ATTR = 467 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go index 5eb450695e9..2ea1ef58c3e 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go @@ -385,4 +385,5 @@ const ( SYS_GETXATTRAT = 464 SYS_LISTXATTRAT = 465 SYS_REMOVEXATTRAT = 466 + SYS_OPEN_TREE_ATTR = 467 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go index 05e50297445..d22c8af3196 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go @@ -426,4 +426,5 @@ const ( SYS_GETXATTRAT = 464 SYS_LISTXATTRAT = 465 SYS_REMOVEXATTRAT = 466 + SYS_OPEN_TREE_ATTR = 467 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go index 38c53ec51bb..5ee264ae974 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go @@ -329,4 +329,5 @@ const ( SYS_GETXATTRAT = 464 SYS_LISTXATTRAT = 465 SYS_REMOVEXATTRAT = 466 + SYS_OPEN_TREE_ATTR = 467 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go index 31d2e71a18e..f9f03ebf5fa 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go @@ -325,4 +325,5 @@ const ( SYS_GETXATTRAT = 464 SYS_LISTXATTRAT = 465 SYS_REMOVEXATTRAT = 466 + SYS_OPEN_TREE_ATTR = 467 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go index f4184a336b0..87c2118e849 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go @@ -446,4 +446,5 @@ const ( SYS_GETXATTRAT = 4464 SYS_LISTXATTRAT = 4465 SYS_REMOVEXATTRAT = 4466 + SYS_OPEN_TREE_ATTR = 4467 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go index 05b9962278f..391ad102fb6 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go @@ -376,4 +376,5 @@ const ( SYS_GETXATTRAT = 5464 SYS_LISTXATTRAT = 5465 SYS_REMOVEXATTRAT = 5466 + SYS_OPEN_TREE_ATTR = 5467 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go index 43a256e9e67..5656157757a 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go @@ -376,4 +376,5 @@ const ( SYS_GETXATTRAT = 5464 SYS_LISTXATTRAT = 5465 SYS_REMOVEXATTRAT = 5466 + SYS_OPEN_TREE_ATTR = 5467 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go index eea5ddfc220..0482b52e3c3 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go @@ -446,4 +446,5 @@ const ( SYS_GETXATTRAT = 4464 SYS_LISTXATTRAT = 4465 SYS_REMOVEXATTRAT = 4466 + SYS_OPEN_TREE_ATTR = 4467 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go index 0d777bfbb14..71806f08f38 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go @@ -453,4 +453,5 @@ const ( SYS_GETXATTRAT = 464 SYS_LISTXATTRAT = 465 SYS_REMOVEXATTRAT = 466 + SYS_OPEN_TREE_ATTR = 467 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go index b4463650256..e35a7105829 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go @@ -425,4 +425,5 @@ const ( SYS_GETXATTRAT = 464 SYS_LISTXATTRAT = 465 SYS_REMOVEXATTRAT = 466 + SYS_OPEN_TREE_ATTR = 467 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go index 0c7d21c1881..2aea476705e 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go @@ -425,4 +425,5 @@ const ( SYS_GETXATTRAT = 464 SYS_LISTXATTRAT = 465 SYS_REMOVEXATTRAT = 466 + SYS_OPEN_TREE_ATTR = 467 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go index 84053916987..6c9bb4e5607 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go @@ -330,4 +330,5 @@ const ( SYS_GETXATTRAT = 464 SYS_LISTXATTRAT = 465 SYS_REMOVEXATTRAT = 466 + SYS_OPEN_TREE_ATTR = 467 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go index fcf1b790d6c..680bc9915a3 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go @@ -391,4 +391,5 @@ const ( SYS_GETXATTRAT = 464 SYS_LISTXATTRAT = 465 SYS_REMOVEXATTRAT = 466 + SYS_OPEN_TREE_ATTR = 467 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go index 52d15b5f9d4..620f271052f 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go @@ -404,4 +404,5 @@ const ( SYS_GETXATTRAT = 464 SYS_LISTXATTRAT = 465 SYS_REMOVEXATTRAT = 466 + SYS_OPEN_TREE_ATTR = 467 ) diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux.go b/vendor/golang.org/x/sys/unix/ztypes_linux.go index 8bcac2835f6..cd236443f64 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux.go @@ -115,7 +115,9 @@ type Statx_t struct { Atomic_write_unit_max uint32 Atomic_write_segments_max uint32 Dio_read_offset_align uint32 - _ [9]uint64 + Atomic_write_unit_max_opt uint32 + _ [1]uint32 + _ [8]uint64 } type Fsid struct { @@ -199,7 +201,8 @@ type FscryptAddKeyArg struct { Key_spec FscryptKeySpecifier Raw_size uint32 Key_id uint32 - _ [8]uint32 + Flags uint32 + _ [7]uint32 } type FscryptRemoveKeyArg struct { @@ -2317,6 +2320,11 @@ const ( NFT_CT_AVGPKT = 0x10 NFT_CT_ZONE = 0x11 NFT_CT_EVENTMASK = 0x12 + NFT_CT_SRC_IP = 0x13 + NFT_CT_DST_IP = 0x14 + NFT_CT_SRC_IP6 = 0x15 + NFT_CT_DST_IP6 = 0x16 + NFT_CT_ID = 0x17 NFTA_CT_UNSPEC = 0x0 NFTA_CT_DREG = 0x1 NFTA_CT_KEY = 0x2 @@ -2597,8 +2605,8 @@ const ( SOF_TIMESTAMPING_BIND_PHC = 0x8000 SOF_TIMESTAMPING_OPT_ID_TCP = 0x10000 - SOF_TIMESTAMPING_LAST = 0x20000 - SOF_TIMESTAMPING_MASK = 0x3ffff + SOF_TIMESTAMPING_LAST = 0x40000 + SOF_TIMESTAMPING_MASK = 0x7ffff SCM_TSTAMP_SND = 0x0 SCM_TSTAMP_SCHED = 0x1 @@ -4044,7 +4052,7 @@ const ( ETHTOOL_A_TSINFO_PHC_INDEX = 0x5 ETHTOOL_A_TSINFO_STATS = 0x6 ETHTOOL_A_TSINFO_HWTSTAMP_PROVIDER = 0x7 - ETHTOOL_A_TSINFO_MAX = 0x7 + ETHTOOL_A_TSINFO_MAX = 0x9 ETHTOOL_A_CABLE_TEST_UNSPEC = 0x0 ETHTOOL_A_CABLE_TEST_HEADER = 0x1 ETHTOOL_A_CABLE_TEST_MAX = 0x1 @@ -4130,6 +4138,19 @@ const ( ETHTOOL_A_TUNNEL_INFO_MAX = 0x2 ) +const ( + TCP_V4_FLOW = 0x1 + UDP_V4_FLOW = 0x2 + TCP_V6_FLOW = 0x5 + UDP_V6_FLOW = 0x6 + ESP_V4_FLOW = 0xa + ESP_V6_FLOW = 0xc + IP_USER_FLOW = 0xd + IPV6_USER_FLOW = 0xe + IPV6_FLOW = 0x11 + ETHER_FLOW = 0x12 +) + const SPEED_UNKNOWN = -0x1 type EthtoolDrvinfo struct { @@ -4780,7 +4801,7 @@ const ( NL80211_ATTR_MAC_HINT = 0xc8 NL80211_ATTR_MAC_MASK = 0xd7 NL80211_ATTR_MAX_AP_ASSOC_STA = 0xca - NL80211_ATTR_MAX = 0x150 + NL80211_ATTR_MAX = 0x151 NL80211_ATTR_MAX_CRIT_PROT_DURATION = 0xb4 NL80211_ATTR_MAX_CSA_COUNTERS = 0xce NL80211_ATTR_MAX_HW_TIMESTAMP_PEERS = 0x143 @@ -5414,7 +5435,7 @@ const ( NL80211_FREQUENCY_ATTR_GO_CONCURRENT = 0xf NL80211_FREQUENCY_ATTR_INDOOR_ONLY = 0xe NL80211_FREQUENCY_ATTR_IR_CONCURRENT = 0xf - NL80211_FREQUENCY_ATTR_MAX = 0x21 + NL80211_FREQUENCY_ATTR_MAX = 0x22 NL80211_FREQUENCY_ATTR_MAX_TX_POWER = 0x6 NL80211_FREQUENCY_ATTR_NO_10MHZ = 0x11 NL80211_FREQUENCY_ATTR_NO_160MHZ = 0xc @@ -5530,7 +5551,7 @@ const ( NL80211_MAX_SUPP_SELECTORS = 0x80 NL80211_MBSSID_CONFIG_ATTR_EMA = 0x5 NL80211_MBSSID_CONFIG_ATTR_INDEX = 0x3 - NL80211_MBSSID_CONFIG_ATTR_MAX = 0x5 + NL80211_MBSSID_CONFIG_ATTR_MAX = 0x6 NL80211_MBSSID_CONFIG_ATTR_MAX_EMA_PROFILE_PERIODICITY = 0x2 NL80211_MBSSID_CONFIG_ATTR_MAX_INTERFACES = 0x1 NL80211_MBSSID_CONFIG_ATTR_TX_IFINDEX = 0x4 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_386.go b/vendor/golang.org/x/sys/unix/ztypes_linux_386.go index 62db85f6cb7..485f2d3a1bc 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_386.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_386.go @@ -282,19 +282,13 @@ type Taskstats struct { Ac_exitcode uint32 Ac_flag uint8 Ac_nice uint8 - _ [4]byte + _ [6]byte Cpu_count uint64 Cpu_delay_total uint64 - Cpu_delay_max uint64 - Cpu_delay_min uint64 Blkio_count uint64 Blkio_delay_total uint64 - Blkio_delay_max uint64 - Blkio_delay_min uint64 Swapin_count uint64 Swapin_delay_total uint64 - Swapin_delay_max uint64 - Swapin_delay_min uint64 Cpu_run_real_total uint64 Cpu_run_virtual_total uint64 Ac_comm [32]int8 @@ -330,17 +324,11 @@ type Taskstats struct { Cpu_scaled_run_real_total uint64 Freepages_count uint64 Freepages_delay_total uint64 - Freepages_delay_max uint64 - Freepages_delay_min uint64 Thrashing_count uint64 Thrashing_delay_total uint64 - Thrashing_delay_max uint64 - Thrashing_delay_min uint64 Ac_btime64 uint64 Compact_count uint64 Compact_delay_total uint64 - Compact_delay_max uint64 - Compact_delay_min uint64 Ac_tgid uint32 _ [4]byte Ac_tgetime uint64 @@ -348,10 +336,22 @@ type Taskstats struct { Ac_exe_inode uint64 Wpcopy_count uint64 Wpcopy_delay_total uint64 - Wpcopy_delay_max uint64 - Wpcopy_delay_min uint64 Irq_count uint64 Irq_delay_total uint64 + Cpu_delay_max uint64 + Cpu_delay_min uint64 + Blkio_delay_max uint64 + Blkio_delay_min uint64 + Swapin_delay_max uint64 + Swapin_delay_min uint64 + Freepages_delay_max uint64 + Freepages_delay_min uint64 + Thrashing_delay_max uint64 + Thrashing_delay_min uint64 + Compact_delay_max uint64 + Compact_delay_min uint64 + Wpcopy_delay_max uint64 + Wpcopy_delay_min uint64 Irq_delay_max uint64 Irq_delay_min uint64 } diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go index 7d89d648d9a..ecbd1ad8bc5 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go @@ -300,16 +300,10 @@ type Taskstats struct { Ac_nice uint8 Cpu_count uint64 Cpu_delay_total uint64 - Cpu_delay_max uint64 - Cpu_delay_min uint64 Blkio_count uint64 Blkio_delay_total uint64 - Blkio_delay_max uint64 - Blkio_delay_min uint64 Swapin_count uint64 Swapin_delay_total uint64 - Swapin_delay_max uint64 - Swapin_delay_min uint64 Cpu_run_real_total uint64 Cpu_run_virtual_total uint64 Ac_comm [32]int8 @@ -344,27 +338,33 @@ type Taskstats struct { Cpu_scaled_run_real_total uint64 Freepages_count uint64 Freepages_delay_total uint64 - Freepages_delay_max uint64 - Freepages_delay_min uint64 Thrashing_count uint64 Thrashing_delay_total uint64 - Thrashing_delay_max uint64 - Thrashing_delay_min uint64 Ac_btime64 uint64 Compact_count uint64 Compact_delay_total uint64 - Compact_delay_max uint64 - Compact_delay_min uint64 Ac_tgid uint32 Ac_tgetime uint64 Ac_exe_dev uint64 Ac_exe_inode uint64 Wpcopy_count uint64 Wpcopy_delay_total uint64 - Wpcopy_delay_max uint64 - Wpcopy_delay_min uint64 Irq_count uint64 Irq_delay_total uint64 + Cpu_delay_max uint64 + Cpu_delay_min uint64 + Blkio_delay_max uint64 + Blkio_delay_min uint64 + Swapin_delay_max uint64 + Swapin_delay_min uint64 + Freepages_delay_max uint64 + Freepages_delay_min uint64 + Thrashing_delay_max uint64 + Thrashing_delay_min uint64 + Compact_delay_max uint64 + Compact_delay_min uint64 + Wpcopy_delay_max uint64 + Wpcopy_delay_min uint64 Irq_delay_max uint64 Irq_delay_min uint64 } diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go b/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go index 9c0b39eec76..02f0463a44b 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go @@ -91,7 +91,7 @@ type Stat_t struct { Gid uint32 Rdev uint64 _ uint16 - _ [4]byte + _ [6]byte Size int64 Blksize int32 _ [4]byte @@ -273,19 +273,13 @@ type Taskstats struct { Ac_exitcode uint32 Ac_flag uint8 Ac_nice uint8 - _ [4]byte + _ [6]byte Cpu_count uint64 Cpu_delay_total uint64 - Cpu_delay_max uint64 - Cpu_delay_min uint64 Blkio_count uint64 Blkio_delay_total uint64 - Blkio_delay_max uint64 - Blkio_delay_min uint64 Swapin_count uint64 Swapin_delay_total uint64 - Swapin_delay_max uint64 - Swapin_delay_min uint64 Cpu_run_real_total uint64 Cpu_run_virtual_total uint64 Ac_comm [32]uint8 @@ -321,17 +315,11 @@ type Taskstats struct { Cpu_scaled_run_real_total uint64 Freepages_count uint64 Freepages_delay_total uint64 - Freepages_delay_max uint64 - Freepages_delay_min uint64 Thrashing_count uint64 Thrashing_delay_total uint64 - Thrashing_delay_max uint64 - Thrashing_delay_min uint64 Ac_btime64 uint64 Compact_count uint64 Compact_delay_total uint64 - Compact_delay_max uint64 - Compact_delay_min uint64 Ac_tgid uint32 _ [4]byte Ac_tgetime uint64 @@ -339,10 +327,22 @@ type Taskstats struct { Ac_exe_inode uint64 Wpcopy_count uint64 Wpcopy_delay_total uint64 - Wpcopy_delay_max uint64 - Wpcopy_delay_min uint64 Irq_count uint64 Irq_delay_total uint64 + Cpu_delay_max uint64 + Cpu_delay_min uint64 + Blkio_delay_max uint64 + Blkio_delay_min uint64 + Swapin_delay_max uint64 + Swapin_delay_min uint64 + Freepages_delay_max uint64 + Freepages_delay_min uint64 + Thrashing_delay_max uint64 + Thrashing_delay_min uint64 + Compact_delay_max uint64 + Compact_delay_min uint64 + Wpcopy_delay_max uint64 + Wpcopy_delay_min uint64 Irq_delay_max uint64 Irq_delay_min uint64 } diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go index de9c7ff36cf..6f4d400d241 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go @@ -279,16 +279,10 @@ type Taskstats struct { Ac_nice uint8 Cpu_count uint64 Cpu_delay_total uint64 - Cpu_delay_max uint64 - Cpu_delay_min uint64 Blkio_count uint64 Blkio_delay_total uint64 - Blkio_delay_max uint64 - Blkio_delay_min uint64 Swapin_count uint64 Swapin_delay_total uint64 - Swapin_delay_max uint64 - Swapin_delay_min uint64 Cpu_run_real_total uint64 Cpu_run_virtual_total uint64 Ac_comm [32]int8 @@ -323,27 +317,33 @@ type Taskstats struct { Cpu_scaled_run_real_total uint64 Freepages_count uint64 Freepages_delay_total uint64 - Freepages_delay_max uint64 - Freepages_delay_min uint64 Thrashing_count uint64 Thrashing_delay_total uint64 - Thrashing_delay_max uint64 - Thrashing_delay_min uint64 Ac_btime64 uint64 Compact_count uint64 Compact_delay_total uint64 - Compact_delay_max uint64 - Compact_delay_min uint64 Ac_tgid uint32 Ac_tgetime uint64 Ac_exe_dev uint64 Ac_exe_inode uint64 Wpcopy_count uint64 Wpcopy_delay_total uint64 - Wpcopy_delay_max uint64 - Wpcopy_delay_min uint64 Irq_count uint64 Irq_delay_total uint64 + Cpu_delay_max uint64 + Cpu_delay_min uint64 + Blkio_delay_max uint64 + Blkio_delay_min uint64 + Swapin_delay_max uint64 + Swapin_delay_min uint64 + Freepages_delay_max uint64 + Freepages_delay_min uint64 + Thrashing_delay_max uint64 + Thrashing_delay_min uint64 + Compact_delay_max uint64 + Compact_delay_min uint64 + Wpcopy_delay_max uint64 + Wpcopy_delay_min uint64 Irq_delay_max uint64 Irq_delay_min uint64 } diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go index 2336bd2bf09..cd532cfa558 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go @@ -280,16 +280,10 @@ type Taskstats struct { Ac_nice uint8 Cpu_count uint64 Cpu_delay_total uint64 - Cpu_delay_max uint64 - Cpu_delay_min uint64 Blkio_count uint64 Blkio_delay_total uint64 - Blkio_delay_max uint64 - Blkio_delay_min uint64 Swapin_count uint64 Swapin_delay_total uint64 - Swapin_delay_max uint64 - Swapin_delay_min uint64 Cpu_run_real_total uint64 Cpu_run_virtual_total uint64 Ac_comm [32]int8 @@ -324,27 +318,33 @@ type Taskstats struct { Cpu_scaled_run_real_total uint64 Freepages_count uint64 Freepages_delay_total uint64 - Freepages_delay_max uint64 - Freepages_delay_min uint64 Thrashing_count uint64 Thrashing_delay_total uint64 - Thrashing_delay_max uint64 - Thrashing_delay_min uint64 Ac_btime64 uint64 Compact_count uint64 Compact_delay_total uint64 - Compact_delay_max uint64 - Compact_delay_min uint64 Ac_tgid uint32 Ac_tgetime uint64 Ac_exe_dev uint64 Ac_exe_inode uint64 Wpcopy_count uint64 Wpcopy_delay_total uint64 - Wpcopy_delay_max uint64 - Wpcopy_delay_min uint64 Irq_count uint64 Irq_delay_total uint64 + Cpu_delay_max uint64 + Cpu_delay_min uint64 + Blkio_delay_max uint64 + Blkio_delay_min uint64 + Swapin_delay_max uint64 + Swapin_delay_min uint64 + Freepages_delay_max uint64 + Freepages_delay_min uint64 + Thrashing_delay_max uint64 + Thrashing_delay_min uint64 + Compact_delay_max uint64 + Compact_delay_min uint64 + Wpcopy_delay_max uint64 + Wpcopy_delay_min uint64 Irq_delay_max uint64 Irq_delay_min uint64 } diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go index 4711f0be16d..41336208517 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go @@ -278,19 +278,13 @@ type Taskstats struct { Ac_exitcode uint32 Ac_flag uint8 Ac_nice uint8 - _ [4]byte + _ [6]byte Cpu_count uint64 Cpu_delay_total uint64 - Cpu_delay_max uint64 - Cpu_delay_min uint64 Blkio_count uint64 Blkio_delay_total uint64 - Blkio_delay_max uint64 - Blkio_delay_min uint64 Swapin_count uint64 Swapin_delay_total uint64 - Swapin_delay_max uint64 - Swapin_delay_min uint64 Cpu_run_real_total uint64 Cpu_run_virtual_total uint64 Ac_comm [32]int8 @@ -326,17 +320,11 @@ type Taskstats struct { Cpu_scaled_run_real_total uint64 Freepages_count uint64 Freepages_delay_total uint64 - Freepages_delay_max uint64 - Freepages_delay_min uint64 Thrashing_count uint64 Thrashing_delay_total uint64 - Thrashing_delay_max uint64 - Thrashing_delay_min uint64 Ac_btime64 uint64 Compact_count uint64 Compact_delay_total uint64 - Compact_delay_max uint64 - Compact_delay_min uint64 Ac_tgid uint32 _ [4]byte Ac_tgetime uint64 @@ -344,10 +332,22 @@ type Taskstats struct { Ac_exe_inode uint64 Wpcopy_count uint64 Wpcopy_delay_total uint64 - Wpcopy_delay_max uint64 - Wpcopy_delay_min uint64 Irq_count uint64 Irq_delay_total uint64 + Cpu_delay_max uint64 + Cpu_delay_min uint64 + Blkio_delay_max uint64 + Blkio_delay_min uint64 + Swapin_delay_max uint64 + Swapin_delay_min uint64 + Freepages_delay_max uint64 + Freepages_delay_min uint64 + Thrashing_delay_max uint64 + Thrashing_delay_min uint64 + Compact_delay_max uint64 + Compact_delay_min uint64 + Wpcopy_delay_max uint64 + Wpcopy_delay_min uint64 Irq_delay_max uint64 Irq_delay_min uint64 } diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go index ab99a34b996..eaa37eb718e 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go @@ -282,16 +282,10 @@ type Taskstats struct { Ac_nice uint8 Cpu_count uint64 Cpu_delay_total uint64 - Cpu_delay_max uint64 - Cpu_delay_min uint64 Blkio_count uint64 Blkio_delay_total uint64 - Blkio_delay_max uint64 - Blkio_delay_min uint64 Swapin_count uint64 Swapin_delay_total uint64 - Swapin_delay_max uint64 - Swapin_delay_min uint64 Cpu_run_real_total uint64 Cpu_run_virtual_total uint64 Ac_comm [32]int8 @@ -326,27 +320,33 @@ type Taskstats struct { Cpu_scaled_run_real_total uint64 Freepages_count uint64 Freepages_delay_total uint64 - Freepages_delay_max uint64 - Freepages_delay_min uint64 Thrashing_count uint64 Thrashing_delay_total uint64 - Thrashing_delay_max uint64 - Thrashing_delay_min uint64 Ac_btime64 uint64 Compact_count uint64 Compact_delay_total uint64 - Compact_delay_max uint64 - Compact_delay_min uint64 Ac_tgid uint32 Ac_tgetime uint64 Ac_exe_dev uint64 Ac_exe_inode uint64 Wpcopy_count uint64 Wpcopy_delay_total uint64 - Wpcopy_delay_max uint64 - Wpcopy_delay_min uint64 Irq_count uint64 Irq_delay_total uint64 + Cpu_delay_max uint64 + Cpu_delay_min uint64 + Blkio_delay_max uint64 + Blkio_delay_min uint64 + Swapin_delay_max uint64 + Swapin_delay_min uint64 + Freepages_delay_max uint64 + Freepages_delay_min uint64 + Thrashing_delay_max uint64 + Thrashing_delay_min uint64 + Compact_delay_max uint64 + Compact_delay_min uint64 + Wpcopy_delay_max uint64 + Wpcopy_delay_min uint64 Irq_delay_max uint64 Irq_delay_min uint64 } diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go index 04c9866e3cf..98ae6a1e4ac 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go @@ -282,16 +282,10 @@ type Taskstats struct { Ac_nice uint8 Cpu_count uint64 Cpu_delay_total uint64 - Cpu_delay_max uint64 - Cpu_delay_min uint64 Blkio_count uint64 Blkio_delay_total uint64 - Blkio_delay_max uint64 - Blkio_delay_min uint64 Swapin_count uint64 Swapin_delay_total uint64 - Swapin_delay_max uint64 - Swapin_delay_min uint64 Cpu_run_real_total uint64 Cpu_run_virtual_total uint64 Ac_comm [32]int8 @@ -326,27 +320,33 @@ type Taskstats struct { Cpu_scaled_run_real_total uint64 Freepages_count uint64 Freepages_delay_total uint64 - Freepages_delay_max uint64 - Freepages_delay_min uint64 Thrashing_count uint64 Thrashing_delay_total uint64 - Thrashing_delay_max uint64 - Thrashing_delay_min uint64 Ac_btime64 uint64 Compact_count uint64 Compact_delay_total uint64 - Compact_delay_max uint64 - Compact_delay_min uint64 Ac_tgid uint32 Ac_tgetime uint64 Ac_exe_dev uint64 Ac_exe_inode uint64 Wpcopy_count uint64 Wpcopy_delay_total uint64 - Wpcopy_delay_max uint64 - Wpcopy_delay_min uint64 Irq_count uint64 Irq_delay_total uint64 + Cpu_delay_max uint64 + Cpu_delay_min uint64 + Blkio_delay_max uint64 + Blkio_delay_min uint64 + Swapin_delay_max uint64 + Swapin_delay_min uint64 + Freepages_delay_max uint64 + Freepages_delay_min uint64 + Thrashing_delay_max uint64 + Thrashing_delay_min uint64 + Compact_delay_max uint64 + Compact_delay_min uint64 + Wpcopy_delay_max uint64 + Wpcopy_delay_min uint64 Irq_delay_max uint64 Irq_delay_min uint64 } diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go index 60aa69f618c..cae1961594d 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go @@ -278,19 +278,13 @@ type Taskstats struct { Ac_exitcode uint32 Ac_flag uint8 Ac_nice uint8 - _ [4]byte + _ [6]byte Cpu_count uint64 Cpu_delay_total uint64 - Cpu_delay_max uint64 - Cpu_delay_min uint64 Blkio_count uint64 Blkio_delay_total uint64 - Blkio_delay_max uint64 - Blkio_delay_min uint64 Swapin_count uint64 Swapin_delay_total uint64 - Swapin_delay_max uint64 - Swapin_delay_min uint64 Cpu_run_real_total uint64 Cpu_run_virtual_total uint64 Ac_comm [32]int8 @@ -326,17 +320,11 @@ type Taskstats struct { Cpu_scaled_run_real_total uint64 Freepages_count uint64 Freepages_delay_total uint64 - Freepages_delay_max uint64 - Freepages_delay_min uint64 Thrashing_count uint64 Thrashing_delay_total uint64 - Thrashing_delay_max uint64 - Thrashing_delay_min uint64 Ac_btime64 uint64 Compact_count uint64 Compact_delay_total uint64 - Compact_delay_max uint64 - Compact_delay_min uint64 Ac_tgid uint32 _ [4]byte Ac_tgetime uint64 @@ -344,10 +332,22 @@ type Taskstats struct { Ac_exe_inode uint64 Wpcopy_count uint64 Wpcopy_delay_total uint64 - Wpcopy_delay_max uint64 - Wpcopy_delay_min uint64 Irq_count uint64 Irq_delay_total uint64 + Cpu_delay_max uint64 + Cpu_delay_min uint64 + Blkio_delay_max uint64 + Blkio_delay_min uint64 + Swapin_delay_max uint64 + Swapin_delay_min uint64 + Freepages_delay_max uint64 + Freepages_delay_min uint64 + Thrashing_delay_max uint64 + Thrashing_delay_min uint64 + Compact_delay_max uint64 + Compact_delay_min uint64 + Wpcopy_delay_max uint64 + Wpcopy_delay_min uint64 Irq_delay_max uint64 Irq_delay_min uint64 } diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go index cb4fad785d1..6ce3b4e0283 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go @@ -90,7 +90,7 @@ type Stat_t struct { Gid uint32 Rdev uint64 _ uint16 - _ [4]byte + _ [6]byte Size int64 Blksize int32 _ [4]byte @@ -285,19 +285,13 @@ type Taskstats struct { Ac_exitcode uint32 Ac_flag uint8 Ac_nice uint8 - _ [4]byte + _ [6]byte Cpu_count uint64 Cpu_delay_total uint64 - Cpu_delay_max uint64 - Cpu_delay_min uint64 Blkio_count uint64 Blkio_delay_total uint64 - Blkio_delay_max uint64 - Blkio_delay_min uint64 Swapin_count uint64 Swapin_delay_total uint64 - Swapin_delay_max uint64 - Swapin_delay_min uint64 Cpu_run_real_total uint64 Cpu_run_virtual_total uint64 Ac_comm [32]uint8 @@ -333,17 +327,11 @@ type Taskstats struct { Cpu_scaled_run_real_total uint64 Freepages_count uint64 Freepages_delay_total uint64 - Freepages_delay_max uint64 - Freepages_delay_min uint64 Thrashing_count uint64 Thrashing_delay_total uint64 - Thrashing_delay_max uint64 - Thrashing_delay_min uint64 Ac_btime64 uint64 Compact_count uint64 Compact_delay_total uint64 - Compact_delay_max uint64 - Compact_delay_min uint64 Ac_tgid uint32 _ [4]byte Ac_tgetime uint64 @@ -351,10 +339,22 @@ type Taskstats struct { Ac_exe_inode uint64 Wpcopy_count uint64 Wpcopy_delay_total uint64 - Wpcopy_delay_max uint64 - Wpcopy_delay_min uint64 Irq_count uint64 Irq_delay_total uint64 + Cpu_delay_max uint64 + Cpu_delay_min uint64 + Blkio_delay_max uint64 + Blkio_delay_min uint64 + Swapin_delay_max uint64 + Swapin_delay_min uint64 + Freepages_delay_max uint64 + Freepages_delay_min uint64 + Thrashing_delay_max uint64 + Thrashing_delay_min uint64 + Compact_delay_max uint64 + Compact_delay_min uint64 + Wpcopy_delay_max uint64 + Wpcopy_delay_min uint64 Irq_delay_max uint64 Irq_delay_min uint64 } diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go index 60272cfce86..c7429c6a146 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go @@ -289,16 +289,10 @@ type Taskstats struct { Ac_nice uint8 Cpu_count uint64 Cpu_delay_total uint64 - Cpu_delay_max uint64 - Cpu_delay_min uint64 Blkio_count uint64 Blkio_delay_total uint64 - Blkio_delay_max uint64 - Blkio_delay_min uint64 Swapin_count uint64 Swapin_delay_total uint64 - Swapin_delay_max uint64 - Swapin_delay_min uint64 Cpu_run_real_total uint64 Cpu_run_virtual_total uint64 Ac_comm [32]uint8 @@ -333,27 +327,33 @@ type Taskstats struct { Cpu_scaled_run_real_total uint64 Freepages_count uint64 Freepages_delay_total uint64 - Freepages_delay_max uint64 - Freepages_delay_min uint64 Thrashing_count uint64 Thrashing_delay_total uint64 - Thrashing_delay_max uint64 - Thrashing_delay_min uint64 Ac_btime64 uint64 Compact_count uint64 Compact_delay_total uint64 - Compact_delay_max uint64 - Compact_delay_min uint64 Ac_tgid uint32 Ac_tgetime uint64 Ac_exe_dev uint64 Ac_exe_inode uint64 Wpcopy_count uint64 Wpcopy_delay_total uint64 - Wpcopy_delay_max uint64 - Wpcopy_delay_min uint64 Irq_count uint64 Irq_delay_total uint64 + Cpu_delay_max uint64 + Cpu_delay_min uint64 + Blkio_delay_max uint64 + Blkio_delay_min uint64 + Swapin_delay_max uint64 + Swapin_delay_min uint64 + Freepages_delay_max uint64 + Freepages_delay_min uint64 + Thrashing_delay_max uint64 + Thrashing_delay_min uint64 + Compact_delay_max uint64 + Compact_delay_min uint64 + Wpcopy_delay_max uint64 + Wpcopy_delay_min uint64 Irq_delay_max uint64 Irq_delay_min uint64 } diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go index 3f5b91bc0d5..4bf4baf4cac 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go @@ -289,16 +289,10 @@ type Taskstats struct { Ac_nice uint8 Cpu_count uint64 Cpu_delay_total uint64 - Cpu_delay_max uint64 - Cpu_delay_min uint64 Blkio_count uint64 Blkio_delay_total uint64 - Blkio_delay_max uint64 - Blkio_delay_min uint64 Swapin_count uint64 Swapin_delay_total uint64 - Swapin_delay_max uint64 - Swapin_delay_min uint64 Cpu_run_real_total uint64 Cpu_run_virtual_total uint64 Ac_comm [32]uint8 @@ -333,27 +327,33 @@ type Taskstats struct { Cpu_scaled_run_real_total uint64 Freepages_count uint64 Freepages_delay_total uint64 - Freepages_delay_max uint64 - Freepages_delay_min uint64 Thrashing_count uint64 Thrashing_delay_total uint64 - Thrashing_delay_max uint64 - Thrashing_delay_min uint64 Ac_btime64 uint64 Compact_count uint64 Compact_delay_total uint64 - Compact_delay_max uint64 - Compact_delay_min uint64 Ac_tgid uint32 Ac_tgetime uint64 Ac_exe_dev uint64 Ac_exe_inode uint64 Wpcopy_count uint64 Wpcopy_delay_total uint64 - Wpcopy_delay_max uint64 - Wpcopy_delay_min uint64 Irq_count uint64 Irq_delay_total uint64 + Cpu_delay_max uint64 + Cpu_delay_min uint64 + Blkio_delay_max uint64 + Blkio_delay_min uint64 + Swapin_delay_max uint64 + Swapin_delay_min uint64 + Freepages_delay_max uint64 + Freepages_delay_min uint64 + Thrashing_delay_max uint64 + Thrashing_delay_min uint64 + Compact_delay_max uint64 + Compact_delay_min uint64 + Wpcopy_delay_max uint64 + Wpcopy_delay_min uint64 Irq_delay_max uint64 Irq_delay_min uint64 } diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go index 51550f15a63..e9709d70afb 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go @@ -307,16 +307,10 @@ type Taskstats struct { Ac_nice uint8 Cpu_count uint64 Cpu_delay_total uint64 - Cpu_delay_max uint64 - Cpu_delay_min uint64 Blkio_count uint64 Blkio_delay_total uint64 - Blkio_delay_max uint64 - Blkio_delay_min uint64 Swapin_count uint64 Swapin_delay_total uint64 - Swapin_delay_max uint64 - Swapin_delay_min uint64 Cpu_run_real_total uint64 Cpu_run_virtual_total uint64 Ac_comm [32]uint8 @@ -351,27 +345,33 @@ type Taskstats struct { Cpu_scaled_run_real_total uint64 Freepages_count uint64 Freepages_delay_total uint64 - Freepages_delay_max uint64 - Freepages_delay_min uint64 Thrashing_count uint64 Thrashing_delay_total uint64 - Thrashing_delay_max uint64 - Thrashing_delay_min uint64 Ac_btime64 uint64 Compact_count uint64 Compact_delay_total uint64 - Compact_delay_max uint64 - Compact_delay_min uint64 Ac_tgid uint32 Ac_tgetime uint64 Ac_exe_dev uint64 Ac_exe_inode uint64 Wpcopy_count uint64 Wpcopy_delay_total uint64 - Wpcopy_delay_max uint64 - Wpcopy_delay_min uint64 Irq_count uint64 Irq_delay_total uint64 + Cpu_delay_max uint64 + Cpu_delay_min uint64 + Blkio_delay_max uint64 + Blkio_delay_min uint64 + Swapin_delay_max uint64 + Swapin_delay_min uint64 + Freepages_delay_max uint64 + Freepages_delay_min uint64 + Thrashing_delay_max uint64 + Thrashing_delay_min uint64 + Compact_delay_max uint64 + Compact_delay_min uint64 + Wpcopy_delay_max uint64 + Wpcopy_delay_min uint64 Irq_delay_max uint64 Irq_delay_min uint64 } diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go b/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go index 3239e50e0e2..fb44268ca7d 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go @@ -302,16 +302,10 @@ type Taskstats struct { Ac_nice uint8 Cpu_count uint64 Cpu_delay_total uint64 - Cpu_delay_max uint64 - Cpu_delay_min uint64 Blkio_count uint64 Blkio_delay_total uint64 - Blkio_delay_max uint64 - Blkio_delay_min uint64 Swapin_count uint64 Swapin_delay_total uint64 - Swapin_delay_max uint64 - Swapin_delay_min uint64 Cpu_run_real_total uint64 Cpu_run_virtual_total uint64 Ac_comm [32]int8 @@ -346,27 +340,33 @@ type Taskstats struct { Cpu_scaled_run_real_total uint64 Freepages_count uint64 Freepages_delay_total uint64 - Freepages_delay_max uint64 - Freepages_delay_min uint64 Thrashing_count uint64 Thrashing_delay_total uint64 - Thrashing_delay_max uint64 - Thrashing_delay_min uint64 Ac_btime64 uint64 Compact_count uint64 Compact_delay_total uint64 - Compact_delay_max uint64 - Compact_delay_min uint64 Ac_tgid uint32 Ac_tgetime uint64 Ac_exe_dev uint64 Ac_exe_inode uint64 Wpcopy_count uint64 Wpcopy_delay_total uint64 - Wpcopy_delay_max uint64 - Wpcopy_delay_min uint64 Irq_count uint64 Irq_delay_total uint64 + Cpu_delay_max uint64 + Cpu_delay_min uint64 + Blkio_delay_max uint64 + Blkio_delay_min uint64 + Swapin_delay_max uint64 + Swapin_delay_min uint64 + Freepages_delay_max uint64 + Freepages_delay_min uint64 + Thrashing_delay_max uint64 + Thrashing_delay_min uint64 + Compact_delay_max uint64 + Compact_delay_min uint64 + Wpcopy_delay_max uint64 + Wpcopy_delay_min uint64 Irq_delay_max uint64 Irq_delay_min uint64 } diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go index faf20027831..9c38265c74a 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go @@ -284,16 +284,10 @@ type Taskstats struct { Ac_nice uint8 Cpu_count uint64 Cpu_delay_total uint64 - Cpu_delay_max uint64 - Cpu_delay_min uint64 Blkio_count uint64 Blkio_delay_total uint64 - Blkio_delay_max uint64 - Blkio_delay_min uint64 Swapin_count uint64 Swapin_delay_total uint64 - Swapin_delay_max uint64 - Swapin_delay_min uint64 Cpu_run_real_total uint64 Cpu_run_virtual_total uint64 Ac_comm [32]int8 @@ -328,27 +322,33 @@ type Taskstats struct { Cpu_scaled_run_real_total uint64 Freepages_count uint64 Freepages_delay_total uint64 - Freepages_delay_max uint64 - Freepages_delay_min uint64 Thrashing_count uint64 Thrashing_delay_total uint64 - Thrashing_delay_max uint64 - Thrashing_delay_min uint64 Ac_btime64 uint64 Compact_count uint64 Compact_delay_total uint64 - Compact_delay_max uint64 - Compact_delay_min uint64 Ac_tgid uint32 Ac_tgetime uint64 Ac_exe_dev uint64 Ac_exe_inode uint64 Wpcopy_count uint64 Wpcopy_delay_total uint64 - Wpcopy_delay_max uint64 - Wpcopy_delay_min uint64 Irq_count uint64 Irq_delay_total uint64 + Cpu_delay_max uint64 + Cpu_delay_min uint64 + Blkio_delay_max uint64 + Blkio_delay_min uint64 + Swapin_delay_max uint64 + Swapin_delay_min uint64 + Freepages_delay_max uint64 + Freepages_delay_min uint64 + Thrashing_delay_max uint64 + Thrashing_delay_min uint64 + Compact_delay_max uint64 + Compact_delay_min uint64 + Wpcopy_delay_max uint64 + Wpcopy_delay_min uint64 Irq_delay_max uint64 Irq_delay_min uint64 } diff --git a/vendor/modules.txt b/vendor/modules.txt index 7cdf1bd9e0c..185390912b3 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -94,7 +94,7 @@ github.com/vishvananda/netns # golang.org/x/net v0.42.0 ## explicit; go 1.23.0 golang.org/x/net/bpf -# golang.org/x/sys v0.34.0 +# golang.org/x/sys v0.35.0 ## explicit; go 1.23.0 golang.org/x/sys/unix golang.org/x/sys/windows From db26a717b920787bad32fa5f720c474814b9ab6e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 9 Aug 2025 07:19:22 +0000 Subject: [PATCH 0991/1176] build(deps): bump golang.org/x/net from 0.42.0 to 0.43.0 Bumps [golang.org/x/net](https://github.com/golang/net) from 0.42.0 to 0.43.0. - [Commits](https://github.com/golang/net/compare/v0.42.0...v0.43.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-version: 0.43.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- vendor/modules.txt | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index 1e8d72af12d..bf28e63b986 100644 --- a/go.mod +++ b/go.mod @@ -22,7 +22,7 @@ require ( github.com/urfave/cli v1.22.17 github.com/vishvananda/netlink v1.3.1 github.com/vishvananda/netns v0.0.5 - golang.org/x/net v0.42.0 + golang.org/x/net v0.43.0 golang.org/x/sys v0.35.0 google.golang.org/protobuf v1.36.7 ) diff --git a/go.sum b/go.sum index 33c4ef37023..00a6f65b121 100644 --- a/go.sum +++ b/go.sum @@ -77,8 +77,8 @@ github.com/vishvananda/netlink v1.3.1 h1:3AEMt62VKqz90r0tmNhog0r/PpWKmrEShJU0wJW github.com/vishvananda/netlink v1.3.1/go.mod h1:ARtKouGSTGchR8aMwmkzC0qiNPrrWO5JS/XMVl45+b4= github.com/vishvananda/netns v0.0.5 h1:DfiHV+j8bA32MFM7bfEunvT8IAqQ/NzSJHtcmW5zdEY= github.com/vishvananda/netns v0.0.5/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM= -golang.org/x/net v0.42.0 h1:jzkYrhi3YQWD6MLBJcsklgQsoAcw89EcZbJw8Z614hs= -golang.org/x/net v0.42.0/go.mod h1:FF1RA5d3u7nAYA4z2TkclSCKh68eSXtiFwcWQpPXdt8= +golang.org/x/net v0.43.0 h1:lat02VYK2j4aLzMzecihNvTlJNQUq316m2Mr9rnM6YE= +golang.org/x/net v0.43.0/go.mod h1:vhO1fvI4dGsIjh73sWfUVjj3N7CA9WkKJNQm2svM6Jg= golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= diff --git a/vendor/modules.txt b/vendor/modules.txt index 185390912b3..c82c992879a 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -91,7 +91,7 @@ github.com/vishvananda/netlink/nl # github.com/vishvananda/netns v0.0.5 ## explicit; go 1.17 github.com/vishvananda/netns -# golang.org/x/net v0.42.0 +# golang.org/x/net v0.43.0 ## explicit; go 1.23.0 golang.org/x/net/bpf # golang.org/x/sys v0.35.0 From 1cf096803abb770c414ce0a1e2e0be283b09001d Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 7 Aug 2025 11:34:41 -0700 Subject: [PATCH 0992/1176] CI: switch to GHA for arm Since GHA now provides ARM, we can switch away from actuated. Many thanks to @alexellis (@self-actuated) for being the sponsor of this project. Signed-off-by: Kir Kolyshkin --- .github/workflows/test.yml | 47 +++++--------------------------------- README.md | 1 - 2 files changed, 6 insertions(+), 42 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index d61efd151e1..e1b485b24ec 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -24,7 +24,7 @@ jobs: strategy: fail-fast: false matrix: - os: [ubuntu-24.04, actuated-arm64-6cpu-8gb] + os: [ubuntu-24.04, ubuntu-24.04-arm] go-version: [1.23.x, 1.24.x] rootless: ["rootless", ""] race: ["-race", ""] @@ -36,37 +36,13 @@ jobs: go-version: 1.23.x - criu: criu-dev rootless: rootless - - criu: criu-dev - race: -race - - go-version: 1.23.x - os: actuated-arm64-6cpu-8gb - - race: "-race" - os: actuated-arm64-6cpu-8gb - - criu: criu-dev - os: actuated-arm64-6cpu-8gb + # Do race detection only on latest Go. + - race: -race + go-version: 1.23.x runs-on: ${{ matrix.os }} steps: -# https://gist.github.com/alexellis/1f33e581c75e11e161fe613c46180771#file-metering-gha-md -# vmmeter start - - name: Prepare arkade - uses: alexellis/arkade-get@master - if: matrix.os == 'actuated-arm64-6cpu-8gb' - with: - crane: latest - print-summary: false - - - name: Install vmmeter - if: matrix.os == 'actuated-arm64-6cpu-8gb' - run: | - crane export --platform linux/arm64 ghcr.io/openfaasltd/vmmeter:latest | sudo tar -xvf - -C /usr/local/bin - - - name: Run vmmeter - uses: self-actuated/vmmeter-action@master - if: matrix.os == 'actuated-arm64-6cpu-8gb' -# vmmeter end - - name: checkout uses: actions/checkout@v4 @@ -92,17 +68,6 @@ jobs: # kernel config script/check-config.sh - - name: start sshd (used for testing rootless with systemd user session) - if: ${{ matrix.os == 'actuated-arm64-6cpu-8gb' && matrix.rootless == 'rootless' }} - run: | - # Generate new keys to fix "sshd: no hostkeys available -- exiting." - sudo ssh-keygen -A - if ! sudo systemctl start ssh.service; then - sudo journalctl -xeu ssh.service - exit 1 - fi - ps auxw | grep sshd - - name: install deps run: | sudo apt update @@ -119,7 +84,7 @@ jobs: sudo apt update sudo apt -y install criu - - name: install CRIU (criu ${{ matrix.criu }}) + - name: install CRIU (${{ matrix.criu }}) if: ${{ matrix.criu != '' }} run: | sudo apt -qy install \ @@ -150,7 +115,7 @@ jobs: - name: Allow userns for runc # https://discourse.ubuntu.com/t/ubuntu-24-04-lts-noble-numbat-release-notes/39890#unprivileged-user-namespace-restrictions-15 - if: matrix.os == 'ubuntu-24.04' + if: startsWith(matrix.os, 'ubuntu-24.04') run: | sed "s;^profile runc /usr/sbin/;profile runc-test $PWD/;" < /etc/apparmor.d/runc | sudo apparmor_parser diff --git a/README.md b/README.md index bd946dea6ea..70e64a18b64 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,6 @@ [![gha/validate](https://github.com/opencontainers/runc/workflows/validate/badge.svg)](https://github.com/opencontainers/runc/actions?query=workflow%3Avalidate) [![gha/ci](https://github.com/opencontainers/runc/workflows/ci/badge.svg)](https://github.com/opencontainers/runc/actions?query=workflow%3Aci) [![CirrusCI](https://api.cirrus-ci.com/github/opencontainers/runc.svg)](https://cirrus-ci.com/github/opencontainers/runc) -Arm CI sponsored by Actuated ## Introduction From 105674844eaaf24bf14135ef0c64703e511882ab Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 12 Aug 2025 14:42:58 -0700 Subject: [PATCH 0993/1176] ci: use criu built from source on gha arm Currently, criu package from opensuse build farm times out on GHA arm, so let's only use criu-dev (i.e. compiled from source on CI machine). Once this is fixed, this patch can be reverted. Related to criu issue 2709. Signed-off-by: Kir Kolyshkin --- .github/workflows/test.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index e1b485b24ec..aa4fa9469f7 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -34,11 +34,16 @@ jobs: # (need to compile criu) and don't add much value/coverage. - criu: criu-dev go-version: 1.23.x + os: ubuntu-24.04 - criu: criu-dev rootless: rootless + os: ubuntu-24.04 # Do race detection only on latest Go. - race: -race go-version: 1.23.x + # CRIU package 4.1-1 from opensuse build farm doesn't work on arm. + - os: ubuntu-24.04-arm + criu: "" runs-on: ${{ matrix.os }} From cfb22c9a0f0c250e6fc3323d49c5163a078cd6a2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 15 Aug 2025 16:40:45 +0000 Subject: [PATCH 0994/1176] build(deps): bump actions/checkout from 4 to 5 Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/test.yml | 6 +++--- .github/workflows/validate.yml | 24 ++++++++++++------------ 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index aa4fa9469f7..09e382e8dd0 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -49,7 +49,7 @@ jobs: steps: - name: checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Show host info run: | @@ -159,7 +159,7 @@ jobs: steps: - name: checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: install deps run: | @@ -183,7 +183,7 @@ jobs: timeout-minutes: 30 runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - uses: lima-vm/lima-actions/setup@v1 id: lima-actions-setup diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index de47a2f5b25..6117577d548 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -17,7 +17,7 @@ jobs: keyring: runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - name: check runc.keyring run: make validate-keyring @@ -29,7 +29,7 @@ jobs: checks: write # to allow the action to annotate code in the PR. runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: fetch-depth: 2 - uses: actions/setup-go@v5 @@ -51,7 +51,7 @@ jobs: go-fix: runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: fetch-depth: 2 - uses: actions/setup-go@v5 @@ -72,7 +72,7 @@ jobs: # Don't ignore C warnings. Note that the output of "go env CGO_CFLAGS" by default is "-g -O2", so we keep them. CGO_CFLAGS: -g -O2 -Werror steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - name: install go uses: actions/setup-go@v5 with: @@ -89,7 +89,7 @@ jobs: codespell: runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - name: install deps # Version of codespell bundled with Ubuntu is way old, so use pip. run: pip install --break-system-packages codespell==v2.4.1 @@ -99,14 +99,14 @@ jobs: shfmt: runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - name: shfmt run: make shfmt shellcheck: runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - name: install shellcheck env: VERSION: v0.10.0 @@ -130,14 +130,14 @@ jobs: space-at-eol: runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - run: rm -fr vendor - run: if git -P grep -I -n '\s$'; then echo "^^^ extra whitespace at EOL, please fix"; exit 1; fi deps: runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - name: install go uses: actions/setup-go@v5 with: @@ -182,7 +182,7 @@ jobs: runs-on: ubuntu-24.04 steps: - name: checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: fetch-depth: 0 - name: install deps @@ -200,7 +200,7 @@ jobs: runs-on: ubuntu-24.04 steps: - name: checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: fetch-depth: 0 @@ -230,7 +230,7 @@ jobs: get-images: runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: fetch-depth: 0 - name: install bashbrew From 9e0f9890150316ddc7c6fcf7c69a79b087ece8b7 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 13 Aug 2025 22:54:42 -0700 Subject: [PATCH 0995/1176] ci: bump golangci-lint to v2.4.x Signed-off-by: Kir Kolyshkin --- .github/workflows/validate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 6117577d548..c7b37452a29 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -41,7 +41,7 @@ jobs: sudo apt -qy install libseccomp-dev - uses: golangci/golangci-lint-action@v8 with: - version: v2.3 + version: v2.4 # Extra linters, only checking new code from a pull request. - name: lint-extra if: github.event_name == 'pull_request' From 96f4a90a6b1ca9e3f2011ebaeffb7dc52db2ca32 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 18 Aug 2025 10:46:13 -0700 Subject: [PATCH 0996/1176] Switch to packaged criu on arm The issue on arm [1] is now fixed, so let's get back to using the packaged criu version for most of the CI matrix. This reverts commit 105674844eaaf24bf14135ef0c64703e511882ab ("ci: use criu built from source on gha arm"). [1]: https://github.com/checkpoint-restore/criu/issues/2709 Signed-off-by: Kir Kolyshkin --- .github/workflows/test.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 09e382e8dd0..11c2db2f523 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -34,16 +34,11 @@ jobs: # (need to compile criu) and don't add much value/coverage. - criu: criu-dev go-version: 1.23.x - os: ubuntu-24.04 - criu: criu-dev rootless: rootless - os: ubuntu-24.04 # Do race detection only on latest Go. - race: -race go-version: 1.23.x - # CRIU package 4.1-1 from opensuse build farm doesn't work on arm. - - os: ubuntu-24.04-arm - criu: "" runs-on: ${{ matrix.os }} From eedec9c5f0ce88fb63b8dff215821862d190e88b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 21 Aug 2025 04:38:43 +0000 Subject: [PATCH 0997/1176] build(deps): bump google.golang.org/protobuf from 1.36.7 to 1.36.8 Bumps google.golang.org/protobuf from 1.36.7 to 1.36.8. --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-version: 1.36.8 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- vendor/google.golang.org/protobuf/internal/genid/api_gen.go | 6 ++++++ .../google.golang.org/protobuf/internal/version/version.go | 2 +- vendor/modules.txt | 4 ++-- 5 files changed, 12 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index bf28e63b986..256e3aba091 100644 --- a/go.mod +++ b/go.mod @@ -24,7 +24,7 @@ require ( github.com/vishvananda/netns v0.0.5 golang.org/x/net v0.43.0 golang.org/x/sys v0.35.0 - google.golang.org/protobuf v1.36.7 + google.golang.org/protobuf v1.36.8 ) require ( diff --git a/go.sum b/go.sum index 00a6f65b121..7b27461f8b3 100644 --- a/go.sum +++ b/go.sum @@ -87,8 +87,8 @@ golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.35.0 h1:vz1N37gP5bs89s7He8XuIYXpyY0+QlsKmzipCbUtyxI= golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= -google.golang.org/protobuf v1.36.7 h1:IgrO7UwFQGJdRNXH/sQux4R1Dj1WAKcLElzeeRaXV2A= -google.golang.org/protobuf v1.36.7/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY= +google.golang.org/protobuf v1.36.8 h1:xHScyCOEuuwZEc6UtSOvPbAT4zRh0xcNRYekJwfqyMc= +google.golang.org/protobuf v1.36.8/go.mod h1:fuxRtAxBytpl4zzqUh6/eyUujkJdNiuEkXntxiD/uRU= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/vendor/google.golang.org/protobuf/internal/genid/api_gen.go b/vendor/google.golang.org/protobuf/internal/genid/api_gen.go index df8f9185013..3ceb6fa7f5e 100644 --- a/vendor/google.golang.org/protobuf/internal/genid/api_gen.go +++ b/vendor/google.golang.org/protobuf/internal/genid/api_gen.go @@ -27,6 +27,7 @@ const ( Api_SourceContext_field_name protoreflect.Name = "source_context" Api_Mixins_field_name protoreflect.Name = "mixins" Api_Syntax_field_name protoreflect.Name = "syntax" + Api_Edition_field_name protoreflect.Name = "edition" Api_Name_field_fullname protoreflect.FullName = "google.protobuf.Api.name" Api_Methods_field_fullname protoreflect.FullName = "google.protobuf.Api.methods" @@ -35,6 +36,7 @@ const ( Api_SourceContext_field_fullname protoreflect.FullName = "google.protobuf.Api.source_context" Api_Mixins_field_fullname protoreflect.FullName = "google.protobuf.Api.mixins" Api_Syntax_field_fullname protoreflect.FullName = "google.protobuf.Api.syntax" + Api_Edition_field_fullname protoreflect.FullName = "google.protobuf.Api.edition" ) // Field numbers for google.protobuf.Api. @@ -46,6 +48,7 @@ const ( Api_SourceContext_field_number protoreflect.FieldNumber = 5 Api_Mixins_field_number protoreflect.FieldNumber = 6 Api_Syntax_field_number protoreflect.FieldNumber = 7 + Api_Edition_field_number protoreflect.FieldNumber = 8 ) // Names for google.protobuf.Method. @@ -63,6 +66,7 @@ const ( Method_ResponseStreaming_field_name protoreflect.Name = "response_streaming" Method_Options_field_name protoreflect.Name = "options" Method_Syntax_field_name protoreflect.Name = "syntax" + Method_Edition_field_name protoreflect.Name = "edition" Method_Name_field_fullname protoreflect.FullName = "google.protobuf.Method.name" Method_RequestTypeUrl_field_fullname protoreflect.FullName = "google.protobuf.Method.request_type_url" @@ -71,6 +75,7 @@ const ( Method_ResponseStreaming_field_fullname protoreflect.FullName = "google.protobuf.Method.response_streaming" Method_Options_field_fullname protoreflect.FullName = "google.protobuf.Method.options" Method_Syntax_field_fullname protoreflect.FullName = "google.protobuf.Method.syntax" + Method_Edition_field_fullname protoreflect.FullName = "google.protobuf.Method.edition" ) // Field numbers for google.protobuf.Method. @@ -82,6 +87,7 @@ const ( Method_ResponseStreaming_field_number protoreflect.FieldNumber = 5 Method_Options_field_number protoreflect.FieldNumber = 6 Method_Syntax_field_number protoreflect.FieldNumber = 7 + Method_Edition_field_number protoreflect.FieldNumber = 8 ) // Names for google.protobuf.Mixin. diff --git a/vendor/google.golang.org/protobuf/internal/version/version.go b/vendor/google.golang.org/protobuf/internal/version/version.go index a53364c5992..697d1c14f3c 100644 --- a/vendor/google.golang.org/protobuf/internal/version/version.go +++ b/vendor/google.golang.org/protobuf/internal/version/version.go @@ -52,7 +52,7 @@ import ( const ( Major = 1 Minor = 36 - Patch = 7 + Patch = 8 PreRelease = "" ) diff --git a/vendor/modules.txt b/vendor/modules.txt index c82c992879a..03a561878ba 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -98,8 +98,8 @@ golang.org/x/net/bpf ## explicit; go 1.23.0 golang.org/x/sys/unix golang.org/x/sys/windows -# google.golang.org/protobuf v1.36.7 -## explicit; go 1.22 +# google.golang.org/protobuf v1.36.8 +## explicit; go 1.23 google.golang.org/protobuf/encoding/prototext google.golang.org/protobuf/encoding/protowire google.golang.org/protobuf/internal/descfmt From a876347d08a067175057a79e22eb9318fea2e9ef Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 21 Aug 2025 04:38:46 +0000 Subject: [PATCH 0998/1176] build(deps): bump github.com/coreos/go-systemd/v22 from 22.5.0 to 22.6.0 Bumps [github.com/coreos/go-systemd/v22](https://github.com/coreos/go-systemd) from 22.5.0 to 22.6.0. - [Release notes](https://github.com/coreos/go-systemd/releases) - [Commits](https://github.com/coreos/go-systemd/compare/v22.5.0...v22.6.0) --- updated-dependencies: - dependency-name: github.com/coreos/go-systemd/v22 dependency-version: 22.6.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 5 +- .../go-systemd/v22/activation/files_unix.go | 10 +- .../coreos/go-systemd/v22/dbus/dbus.go | 3 +- .../coreos/go-systemd/v22/dbus/methods.go | 112 ++++++++++-------- .../go-systemd/v22/dbus/subscription.go | 4 +- .../go-systemd/v22/dbus/subscription_set.go | 4 +- vendor/modules.txt | 4 +- 8 files changed, 79 insertions(+), 65 deletions(-) diff --git a/go.mod b/go.mod index bf28e63b986..75e74570539 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.23.0 require ( github.com/checkpoint-restore/go-criu/v7 v7.2.0 github.com/containerd/console v1.0.5 - github.com/coreos/go-systemd/v22 v22.5.0 + github.com/coreos/go-systemd/v22 v22.6.0 github.com/cyphar/filepath-securejoin v0.4.1 github.com/docker/go-units v0.5.0 github.com/godbus/dbus/v5 v5.1.0 diff --git a/go.sum b/go.sum index 00a6f65b121..6c0bd443868 100644 --- a/go.sum +++ b/go.sum @@ -5,8 +5,8 @@ github.com/cilium/ebpf v0.17.3 h1:FnP4r16PWYSE4ux6zN+//jMcW4nMVRvuTLVTvCjyyjg= github.com/cilium/ebpf v0.17.3/go.mod h1:G5EDHij8yiLzaqn0WjyfJHvRa+3aDlReIaLVRMvOyJk= github.com/containerd/console v1.0.5 h1:R0ymNeydRqH2DmakFNdmjR2k0t7UPuiOV/N/27/qqsc= github.com/containerd/console v1.0.5/go.mod h1:YynlIjWYF8myEu6sdkwKIvGQq+cOckRm6So2avqoYAk= -github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs= -github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= +github.com/coreos/go-systemd/v22 v22.6.0 h1:aGVa/v8B7hpb0TKl0MWoAavPDmHvobFe5R5zn0bCJWo= +github.com/coreos/go-systemd/v22 v22.6.0/go.mod h1:iG+pp635Fo7ZmV/j14KUcmEyWF+0X7Lua8rrTWzYgWU= github.com/cpuguy83/go-md2man/v2 v2.0.7 h1:zbFlGlXEAKlwXpmvle3d8Oe3YnkKIK4xSRTd3sHPnBo= github.com/cpuguy83/go-md2man/v2 v2.0.7/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g= github.com/cyphar/filepath-securejoin v0.4.1 h1:JyxxyPEaktOD+GAnqIqTf9A8tHyAG22rowi7HkoSU1s= @@ -18,7 +18,6 @@ github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4 github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= github.com/go-quicktest/qt v1.101.0 h1:O1K29Txy5P2OK0dGo59b7b0LR6wKfIhttaAhHUyn7eI= github.com/go-quicktest/qt v1.101.0/go.mod h1:14Bz/f7NwaXPtdYEgzsx46kqSxVwTbzVZsDC26tQJow= -github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk= github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= diff --git a/vendor/github.com/coreos/go-systemd/v22/activation/files_unix.go b/vendor/github.com/coreos/go-systemd/v22/activation/files_unix.go index bf7671dd2b2..7031f281a07 100644 --- a/vendor/github.com/coreos/go-systemd/v22/activation/files_unix.go +++ b/vendor/github.com/coreos/go-systemd/v22/activation/files_unix.go @@ -13,7 +13,6 @@ // limitations under the License. //go:build !windows -// +build !windows // Package activation implements primitives for systemd socket activation. package activation @@ -38,9 +37,12 @@ const ( // fd usage and to avoid leaking environment flags to child processes. func Files(unsetEnv bool) []*os.File { if unsetEnv { - defer os.Unsetenv("LISTEN_PID") - defer os.Unsetenv("LISTEN_FDS") - defer os.Unsetenv("LISTEN_FDNAMES") + defer func() { + // Unsetenv implementation for unix never returns an error. + _ = os.Unsetenv("LISTEN_PID") + _ = os.Unsetenv("LISTEN_FDS") + _ = os.Unsetenv("LISTEN_FDNAMES") + }() } pid, err := strconv.Atoi(os.Getenv("LISTEN_PID")) diff --git a/vendor/github.com/coreos/go-systemd/v22/dbus/dbus.go b/vendor/github.com/coreos/go-systemd/v22/dbus/dbus.go index 147f756fe24..22ce8f1df18 100644 --- a/vendor/github.com/coreos/go-systemd/v22/dbus/dbus.go +++ b/vendor/github.com/coreos/go-systemd/v22/dbus/dbus.go @@ -12,7 +12,8 @@ // See the License for the specific language governing permissions and // limitations under the License. -// Integration with the systemd D-Bus API. See http://www.freedesktop.org/wiki/Software/systemd/dbus/ +// Package dbus provides integration with the systemd D-Bus API. +// See http://www.freedesktop.org/wiki/Software/systemd/dbus/ package dbus import ( diff --git a/vendor/github.com/coreos/go-systemd/v22/dbus/methods.go b/vendor/github.com/coreos/go-systemd/v22/dbus/methods.go index 074148cb4d6..a64f0b3eae7 100644 --- a/vendor/github.com/coreos/go-systemd/v22/dbus/methods.go +++ b/vendor/github.com/coreos/go-systemd/v22/dbus/methods.go @@ -24,15 +24,15 @@ import ( "github.com/godbus/dbus/v5" ) -// Who can be used to specify which process to kill in the unit via the KillUnitWithTarget API +// Who specifies which process to send a signal to via the [KillUnitWithTarget]. type Who string const ( - // All sends the signal to all processes in the unit + // All sends the signal to all processes in the unit. All Who = "all" - // Main sends the signal to the main process of the unit + // Main sends the signal to the main process of the unit. Main Who = "main" - // Control sends the signal to the control process of the unit + // Control sends the signal to the control process of the unit. Control Who = "control" ) @@ -41,7 +41,8 @@ func (c *Conn) jobComplete(signal *dbus.Signal) { var job dbus.ObjectPath var unit string var result string - dbus.Store(signal.Body, &id, &job, &unit, &result) + + _ = dbus.Store(signal.Body, &id, &job, &unit, &result) c.jobListener.Lock() out, ok := c.jobListener.jobs[job] if ok { @@ -51,7 +52,7 @@ func (c *Conn) jobComplete(signal *dbus.Signal) { c.jobListener.Unlock() } -func (c *Conn) startJob(ctx context.Context, ch chan<- string, job string, args ...interface{}) (int, error) { +func (c *Conn) startJob(ctx context.Context, ch chan<- string, job string, args ...any) (int, error) { if ch != nil { c.jobListener.Lock() defer c.jobListener.Unlock() @@ -102,6 +103,10 @@ func (c *Conn) StartUnit(name string, mode string, ch chan<- string) (int, error // has been removed too. skipped indicates that a job was skipped because it // didn't apply to the units current state. // +// Important: It is the caller's responsibility to unblock the provided channel write, +// either by reading from the channel or by using a buffered channel. Until the write +// is unblocked, the Conn object cannot handle other jobs. +// // If no error occurs, the ID of the underlying systemd job will be returned. There // does exist the possibility for no error to be returned, but for the returned job // ID to be 0. In this case, the actual underlying ID is not 0 and this datapoint @@ -192,19 +197,21 @@ func (c *Conn) StartTransientUnitContext(ctx context.Context, name string, mode return c.startJob(ctx, ch, "org.freedesktop.systemd1.Manager.StartTransientUnit", name, mode, properties, make([]PropertyCollection, 0)) } -// Deprecated: use KillUnitContext instead. +// Deprecated: use [KillUnitWithTarget] instead. func (c *Conn) KillUnit(name string, signal int32) { c.KillUnitContext(context.Background(), name, signal) } // KillUnitContext takes the unit name and a UNIX signal number to send. // All of the unit's processes are killed. +// +// Deprecated: use [KillUnitWithTarget] instead, with target argument set to [All]. func (c *Conn) KillUnitContext(ctx context.Context, name string, signal int32) { - c.KillUnitWithTarget(ctx, name, All, signal) + _ = c.KillUnitWithTarget(ctx, name, All, signal) } -// KillUnitWithTarget is like KillUnitContext, but allows you to specify which -// process in the unit to send the signal to. +// KillUnitWithTarget sends a signal to the specified unit. +// The target argument can be one of [All], [Main], or [Control]. func (c *Conn) KillUnitWithTarget(ctx context.Context, name string, target Who, signal int32) error { return c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.KillUnit", 0, name, string(target), signal).Store() } @@ -240,7 +247,7 @@ func (c *Conn) SystemStateContext(ctx context.Context) (*Property, error) { } // getProperties takes the unit path and returns all of its dbus object properties, for the given dbus interface. -func (c *Conn) getProperties(ctx context.Context, path dbus.ObjectPath, dbusInterface string) (map[string]interface{}, error) { +func (c *Conn) getProperties(ctx context.Context, path dbus.ObjectPath, dbusInterface string) (map[string]any, error) { var err error var props map[string]dbus.Variant @@ -254,7 +261,7 @@ func (c *Conn) getProperties(ctx context.Context, path dbus.ObjectPath, dbusInte return nil, err } - out := make(map[string]interface{}, len(props)) + out := make(map[string]any, len(props)) for k, v := range props { out[k] = v.Value() } @@ -263,36 +270,36 @@ func (c *Conn) getProperties(ctx context.Context, path dbus.ObjectPath, dbusInte } // Deprecated: use GetUnitPropertiesContext instead. -func (c *Conn) GetUnitProperties(unit string) (map[string]interface{}, error) { +func (c *Conn) GetUnitProperties(unit string) (map[string]any, error) { return c.GetUnitPropertiesContext(context.Background(), unit) } // GetUnitPropertiesContext takes the (unescaped) unit name and returns all of // its dbus object properties. -func (c *Conn) GetUnitPropertiesContext(ctx context.Context, unit string) (map[string]interface{}, error) { +func (c *Conn) GetUnitPropertiesContext(ctx context.Context, unit string) (map[string]any, error) { path := unitPath(unit) return c.getProperties(ctx, path, "org.freedesktop.systemd1.Unit") } // Deprecated: use GetUnitPathPropertiesContext instead. -func (c *Conn) GetUnitPathProperties(path dbus.ObjectPath) (map[string]interface{}, error) { +func (c *Conn) GetUnitPathProperties(path dbus.ObjectPath) (map[string]any, error) { return c.GetUnitPathPropertiesContext(context.Background(), path) } // GetUnitPathPropertiesContext takes the (escaped) unit path and returns all // of its dbus object properties. -func (c *Conn) GetUnitPathPropertiesContext(ctx context.Context, path dbus.ObjectPath) (map[string]interface{}, error) { +func (c *Conn) GetUnitPathPropertiesContext(ctx context.Context, path dbus.ObjectPath) (map[string]any, error) { return c.getProperties(ctx, path, "org.freedesktop.systemd1.Unit") } // Deprecated: use GetAllPropertiesContext instead. -func (c *Conn) GetAllProperties(unit string) (map[string]interface{}, error) { +func (c *Conn) GetAllProperties(unit string) (map[string]any, error) { return c.GetAllPropertiesContext(context.Background(), unit) } // GetAllPropertiesContext takes the (unescaped) unit name and returns all of // its dbus object properties. -func (c *Conn) GetAllPropertiesContext(ctx context.Context, unit string) (map[string]interface{}, error) { +func (c *Conn) GetAllPropertiesContext(ctx context.Context, unit string) (map[string]any, error) { path := unitPath(unit) return c.getProperties(ctx, path, "") } @@ -331,20 +338,20 @@ func (c *Conn) GetServiceProperty(service string, propertyName string) (*Propert return c.GetServicePropertyContext(context.Background(), service, propertyName) } -// GetServiceProperty returns property for given service name and property name. +// GetServicePropertyContext returns property for given service name and property name. func (c *Conn) GetServicePropertyContext(ctx context.Context, service string, propertyName string) (*Property, error) { return c.getProperty(ctx, service, "org.freedesktop.systemd1.Service", propertyName) } // Deprecated: use GetUnitTypePropertiesContext instead. -func (c *Conn) GetUnitTypeProperties(unit string, unitType string) (map[string]interface{}, error) { +func (c *Conn) GetUnitTypeProperties(unit string, unitType string) (map[string]any, error) { return c.GetUnitTypePropertiesContext(context.Background(), unit, unitType) } // GetUnitTypePropertiesContext returns the extra properties for a unit, specific to the unit type. // Valid values for unitType: Service, Socket, Target, Device, Mount, Automount, Snapshot, Timer, Swap, Path, Slice, Scope. // Returns "dbus.Error: Unknown interface" error if the unitType is not the correct type of the unit. -func (c *Conn) GetUnitTypePropertiesContext(ctx context.Context, unit string, unitType string) (map[string]interface{}, error) { +func (c *Conn) GetUnitTypePropertiesContext(ctx context.Context, unit string, unitType string) (map[string]any, error) { path := unitPath(unit) return c.getProperties(ctx, path, "org.freedesktop.systemd1."+unitType) } @@ -389,22 +396,22 @@ type UnitStatus struct { JobPath dbus.ObjectPath // The job object path } -type storeFunc func(retvalues ...interface{}) error +type storeFunc func(retvalues ...any) error func (c *Conn) listUnitsInternal(f storeFunc) ([]UnitStatus, error) { - result := make([][]interface{}, 0) + result := make([][]any, 0) err := f(&result) if err != nil { return nil, err } - resultInterface := make([]interface{}, len(result)) + resultInterface := make([]any, len(result)) for i := range result { resultInterface[i] = result[i] } status := make([]UnitStatus, len(result)) - statusInterface := make([]interface{}, len(status)) + statusInterface := make([]any, len(status)) for i := range status { statusInterface[i] = &status[i] } @@ -499,19 +506,19 @@ type UnitFile struct { } func (c *Conn) listUnitFilesInternal(f storeFunc) ([]UnitFile, error) { - result := make([][]interface{}, 0) + result := make([][]any, 0) err := f(&result) if err != nil { return nil, err } - resultInterface := make([]interface{}, len(result)) + resultInterface := make([]any, len(result)) for i := range result { resultInterface[i] = result[i] } files := make([]UnitFile, len(result)) - fileInterface := make([]interface{}, len(files)) + fileInterface := make([]any, len(files)) for i := range files { fileInterface[i] = &files[i] } @@ -529,7 +536,7 @@ func (c *Conn) ListUnitFiles() ([]UnitFile, error) { return c.ListUnitFilesContext(context.Background()) } -// ListUnitFiles returns an array of all available units on disk. +// ListUnitFilesContext returns an array of all available units on disk. func (c *Conn) ListUnitFilesContext(ctx context.Context) ([]UnitFile, error) { return c.listUnitFilesInternal(c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.ListUnitFiles", 0).Store) } @@ -569,19 +576,19 @@ func (c *Conn) LinkUnitFiles(files []string, runtime bool, force bool) ([]LinkUn // or unlink), the file name of the symlink and the destination of the // symlink. func (c *Conn) LinkUnitFilesContext(ctx context.Context, files []string, runtime bool, force bool) ([]LinkUnitFileChange, error) { - result := make([][]interface{}, 0) + result := make([][]any, 0) err := c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.LinkUnitFiles", 0, files, runtime, force).Store(&result) if err != nil { return nil, err } - resultInterface := make([]interface{}, len(result)) + resultInterface := make([]any, len(result)) for i := range result { resultInterface[i] = result[i] } changes := make([]LinkUnitFileChange, len(result)) - changesInterface := make([]interface{}, len(changes)) + changesInterface := make([]any, len(changes)) for i := range changes { changesInterface[i] = &changes[i] } @@ -618,19 +625,19 @@ func (c *Conn) EnableUnitFiles(files []string, runtime bool, force bool) (bool, func (c *Conn) EnableUnitFilesContext(ctx context.Context, files []string, runtime bool, force bool) (bool, []EnableUnitFileChange, error) { var carries_install_info bool - result := make([][]interface{}, 0) + result := make([][]any, 0) err := c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.EnableUnitFiles", 0, files, runtime, force).Store(&carries_install_info, &result) if err != nil { return false, nil, err } - resultInterface := make([]interface{}, len(result)) + resultInterface := make([]any, len(result)) for i := range result { resultInterface[i] = result[i] } changes := make([]EnableUnitFileChange, len(result)) - changesInterface := make([]interface{}, len(changes)) + changesInterface := make([]any, len(changes)) for i := range changes { changesInterface[i] = &changes[i] } @@ -667,19 +674,19 @@ func (c *Conn) DisableUnitFiles(files []string, runtime bool) ([]DisableUnitFile // symlink or unlink), the file name of the symlink and the destination of the // symlink. func (c *Conn) DisableUnitFilesContext(ctx context.Context, files []string, runtime bool) ([]DisableUnitFileChange, error) { - result := make([][]interface{}, 0) + result := make([][]any, 0) err := c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.DisableUnitFiles", 0, files, runtime).Store(&result) if err != nil { return nil, err } - resultInterface := make([]interface{}, len(result)) + resultInterface := make([]any, len(result)) for i := range result { resultInterface[i] = result[i] } changes := make([]DisableUnitFileChange, len(result)) - changesInterface := make([]interface{}, len(changes)) + changesInterface := make([]any, len(changes)) for i := range changes { changesInterface[i] = &changes[i] } @@ -713,19 +720,19 @@ func (c *Conn) MaskUnitFiles(files []string, runtime bool, force bool) ([]MaskUn // runtime only (true, /run/systemd/..), or persistently (false, // /etc/systemd/..). func (c *Conn) MaskUnitFilesContext(ctx context.Context, files []string, runtime bool, force bool) ([]MaskUnitFileChange, error) { - result := make([][]interface{}, 0) + result := make([][]any, 0) err := c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.MaskUnitFiles", 0, files, runtime, force).Store(&result) if err != nil { return nil, err } - resultInterface := make([]interface{}, len(result)) + resultInterface := make([]any, len(result)) for i := range result { resultInterface[i] = result[i] } changes := make([]MaskUnitFileChange, len(result)) - changesInterface := make([]interface{}, len(changes)) + changesInterface := make([]any, len(changes)) for i := range changes { changesInterface[i] = &changes[i] } @@ -757,19 +764,19 @@ func (c *Conn) UnmaskUnitFiles(files []string, runtime bool) ([]UnmaskUnitFileCh // for runtime only (true, /run/systemd/..), or persistently (false, // /etc/systemd/..). func (c *Conn) UnmaskUnitFilesContext(ctx context.Context, files []string, runtime bool) ([]UnmaskUnitFileChange, error) { - result := make([][]interface{}, 0) + result := make([][]any, 0) err := c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.UnmaskUnitFiles", 0, files, runtime).Store(&result) if err != nil { return nil, err } - resultInterface := make([]interface{}, len(result)) + resultInterface := make([]any, len(result)) for i := range result { resultInterface[i] = result[i] } changes := make([]UnmaskUnitFileChange, len(result)) - changesInterface := make([]interface{}, len(changes)) + changesInterface := make([]any, len(changes)) for i := range changes { changesInterface[i] = &changes[i] } @@ -829,18 +836,18 @@ func (c *Conn) ListJobsContext(ctx context.Context) ([]JobStatus, error) { } func (c *Conn) listJobsInternal(ctx context.Context) ([]JobStatus, error) { - result := make([][]interface{}, 0) + result := make([][]any, 0) if err := c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.ListJobs", 0).Store(&result); err != nil { return nil, err } - resultInterface := make([]interface{}, len(result)) + resultInterface := make([]any, len(result)) for i := range result { resultInterface[i] = result[i] } status := make([]JobStatus, len(result)) - statusInterface := make([]interface{}, len(status)) + statusInterface := make([]any, len(status)) for i := range status { statusInterface[i] = &status[i] } @@ -852,13 +859,18 @@ func (c *Conn) listJobsInternal(ctx context.Context) ([]JobStatus, error) { return status, nil } -// Freeze the cgroup associated with the unit. -// Note that FreezeUnit and ThawUnit are only supported on systems running with cgroup v2. +// FreezeUnit freezes the cgroup associated with the unit. +// Note that FreezeUnit and [ThawUnit] are only supported on systems running with cgroup v2. func (c *Conn) FreezeUnit(ctx context.Context, unit string) error { return c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.FreezeUnit", 0, unit).Store() } -// Unfreeze the cgroup associated with the unit. +// ThawUnit unfreezes the cgroup associated with the unit. func (c *Conn) ThawUnit(ctx context.Context, unit string) error { return c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.ThawUnit", 0, unit).Store() } + +// AttachProcessesToUnit moves existing processes, identified by pids, into an existing systemd unit. +func (c *Conn) AttachProcessesToUnit(ctx context.Context, unit, subcgroup string, pids []uint32) error { + return c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.AttachProcessesToUnit", 0, unit, subcgroup, pids).Store() +} diff --git a/vendor/github.com/coreos/go-systemd/v22/dbus/subscription.go b/vendor/github.com/coreos/go-systemd/v22/dbus/subscription.go index 7e370fea212..f0f6aad9d11 100644 --- a/vendor/github.com/coreos/go-systemd/v22/dbus/subscription.go +++ b/vendor/github.com/coreos/go-systemd/v22/dbus/subscription.go @@ -70,7 +70,7 @@ func (c *Conn) dispatch() { switch signal.Name { case "org.freedesktop.systemd1.Manager.JobRemoved": unitName := signal.Body[2].(string) - c.sysobj.Call("org.freedesktop.systemd1.Manager.GetUnit", 0, unitName).Store(&unitPath) + _ = c.sysobj.Call("org.freedesktop.systemd1.Manager.GetUnit", 0, unitName).Store(&unitPath) case "org.freedesktop.systemd1.Manager.UnitNew": unitPath = signal.Body[1].(dbus.ObjectPath) case "org.freedesktop.DBus.Properties.PropertiesChanged": @@ -262,7 +262,7 @@ func (c *Conn) shouldIgnore(path dbus.ObjectPath) bool { return ok && t >= time.Now().UnixNano() } -func (c *Conn) updateIgnore(path dbus.ObjectPath, info map[string]interface{}) { +func (c *Conn) updateIgnore(path dbus.ObjectPath, info map[string]any) { loadState, ok := info["LoadState"].(string) if !ok { return diff --git a/vendor/github.com/coreos/go-systemd/v22/dbus/subscription_set.go b/vendor/github.com/coreos/go-systemd/v22/dbus/subscription_set.go index 5b408d5847a..dbe4aa887b9 100644 --- a/vendor/github.com/coreos/go-systemd/v22/dbus/subscription_set.go +++ b/vendor/github.com/coreos/go-systemd/v22/dbus/subscription_set.go @@ -40,8 +40,8 @@ func (s *SubscriptionSet) Subscribe() (<-chan map[string]*UnitStatus, <-chan err } // NewSubscriptionSet returns a new subscription set. -func (conn *Conn) NewSubscriptionSet() *SubscriptionSet { - return &SubscriptionSet{newSet(), conn} +func (c *Conn) NewSubscriptionSet() *SubscriptionSet { + return &SubscriptionSet{newSet(), c} } // mismatchUnitStatus returns true if the provided UnitStatus objects diff --git a/vendor/modules.txt b/vendor/modules.txt index c82c992879a..8de3012dcbb 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -20,8 +20,8 @@ github.com/cilium/ebpf/link # github.com/containerd/console v1.0.5 ## explicit; go 1.13 github.com/containerd/console -# github.com/coreos/go-systemd/v22 v22.5.0 -## explicit; go 1.12 +# github.com/coreos/go-systemd/v22 v22.6.0 +## explicit; go 1.23 github.com/coreos/go-systemd/v22/activation github.com/coreos/go-systemd/v22/dbus # github.com/cpuguy83/go-md2man/v2 v2.0.7 From a8faf92551e996403b563621b541e663bb8b5946 Mon Sep 17 00:00:00 2001 From: Markus Lehtonen Date: Mon, 11 Aug 2025 10:20:33 +0300 Subject: [PATCH 0999/1176] CHANGELOG: document breaking change of runc update Co-authored-by: lfbzhm Signed-off-by: Markus Lehtonen --- CHANGELOG.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index e390ab0ed4a..ae6cead0b6b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,20 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Breaking + +- runc update no longer allows `--l3-cache-schema` or `--mem-bw-schema` if + `linux.intelRdt` was not present in the container’s original `config.json`. + + Without `linux.intelRdt` no CLOS (resctrl group) is created at container + creation, so it is not possible to apply the updated options with `runc + update`. + + Previously, this scenario did not work as expected. The `runc update` would + create a new CLOS but fail to apply the schema, move only the init process + (omitting children) to the new group, and leave the CLOS orphaned after + container exit. (#4827) + ## [1.3.0] - 2025-04-30 > Mr. President, we must not allow a mine shaft gap! From 74c5436b7d81bc4352b16269d644cecfbbbb4f3a Mon Sep 17 00:00:00 2001 From: Markus Lehtonen Date: Wed, 30 Jul 2025 14:36:24 +0300 Subject: [PATCH 1000/1176] Update runtime-spec Signed-off-by: Markus Lehtonen --- go.mod | 2 +- go.sum | 4 +- .../runtime-spec/specs-go/config.go | 52 ++++++++++++++++--- .../specs-go/features/features.go | 16 ++++++ vendor/modules.txt | 2 +- 5 files changed, 66 insertions(+), 10 deletions(-) diff --git a/go.mod b/go.mod index 3c4eb535991..2518ac642ac 100644 --- a/go.mod +++ b/go.mod @@ -15,7 +15,7 @@ require ( github.com/moby/sys/userns v0.1.0 github.com/mrunalp/fileutils v0.5.1 github.com/opencontainers/cgroups v0.0.4 - github.com/opencontainers/runtime-spec v1.2.2-0.20250401095657-e935f995dd67 + github.com/opencontainers/runtime-spec v1.2.2-0.20250818071321-383cadbf08c0 github.com/opencontainers/selinux v1.12.0 github.com/seccomp/libseccomp-golang v0.11.1 github.com/sirupsen/logrus v1.9.3 diff --git a/go.sum b/go.sum index c9c14135eb3..2e61b704ff1 100644 --- a/go.sum +++ b/go.sum @@ -46,8 +46,8 @@ github.com/mrunalp/fileutils v0.5.1 h1:F+S7ZlNKnrwHfSwdlgNSkKo67ReVf8o9fel6C3dkm github.com/mrunalp/fileutils v0.5.1/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ= github.com/opencontainers/cgroups v0.0.4 h1:XVj8P/IHVms/j+7eh8ggdkTLAxjz84ZzuFyGoE28DR4= github.com/opencontainers/cgroups v0.0.4/go.mod h1:s8lktyhlGUqM7OSRL5P7eAW6Wb+kWPNvt4qvVfzA5vs= -github.com/opencontainers/runtime-spec v1.2.2-0.20250401095657-e935f995dd67 h1:Q+KewUGTMamIe6Q39xCD/T1NC1POmaTlWnhjikCrZHA= -github.com/opencontainers/runtime-spec v1.2.2-0.20250401095657-e935f995dd67/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= +github.com/opencontainers/runtime-spec v1.2.2-0.20250818071321-383cadbf08c0 h1:RLn0YfUWkiqPGtgUANvJrcjIkCHGRl3jcz/c557M28M= +github.com/opencontainers/runtime-spec v1.2.2-0.20250818071321-383cadbf08c0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/selinux v1.12.0 h1:6n5JV4Cf+4y0KNXW48TLj5DwfXpvWlxXplUkdTrmPb8= github.com/opencontainers/selinux v1.12.0/go.mod h1:BTPX+bjVbWGXw7ZZWUbdENt8w0htPSrlgOOysQaU62U= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= diff --git a/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go b/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go index 854290da205..36d28032e66 100644 --- a/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go +++ b/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go @@ -251,6 +251,8 @@ type Linux struct { // IntelRdt contains Intel Resource Director Technology (RDT) information for // handling resource constraints and monitoring metrics (e.g., L3 cache, memory bandwidth) for the container IntelRdt *LinuxIntelRdt `json:"intelRdt,omitempty"` + // MemoryPolicy contains NUMA memory policy for the container. + MemoryPolicy *LinuxMemoryPolicy `json:"memoryPolicy,omitempty"` // Personality contains configuration for the Linux personality syscall Personality *LinuxPersonality `json:"personality,omitempty"` // TimeOffsets specifies the offset for supporting time namespaces. @@ -836,23 +838,41 @@ type LinuxSyscall struct { type LinuxIntelRdt struct { // The identity for RDT Class of Service ClosID string `json:"closID,omitempty"` + + // Schemata specifies the complete schemata to be written as is to the + // schemata file in resctrl fs. Each element represents a single line in the schemata file. + // NOTE: This will overwrite schemas specified in the L3CacheSchema and/or + // MemBwSchema fields. + Schemata []string `json:"schemata,omitempty"` + // The schema for L3 cache id and capacity bitmask (CBM) // Format: "L3:=;=;..." + // NOTE: Should not be specified if Schemata is non-empty. L3CacheSchema string `json:"l3CacheSchema,omitempty"` // The schema of memory bandwidth per L3 cache id // Format: "MB:=bandwidth0;=bandwidth1;..." // The unit of memory bandwidth is specified in "percentages" by // default, and in "MBps" if MBA Software Controller is enabled. + // NOTE: Should not be specified if Schemata is non-empty. MemBwSchema string `json:"memBwSchema,omitempty"` - // EnableCMT is the flag to indicate if the Intel RDT CMT is enabled. CMT (Cache Monitoring Technology) supports monitoring of - // the last-level cache (LLC) occupancy for the container. - EnableCMT bool `json:"enableCMT,omitempty"` + // EnableMonitoring enables resctrl monitoring for the container. This will + // create a dedicated resctrl monitoring group for the container. + EnableMonitoring bool `json:"enableMonitoring,omitempty"` +} + +// LinuxMemoryPolicy represents input for the set_mempolicy syscall. +type LinuxMemoryPolicy struct { + // Mode for the set_mempolicy syscall. + Mode MemoryPolicyModeType `json:"mode"` - // EnableMBM is the flag to indicate if the Intel RDT MBM is enabled. MBM (Memory Bandwidth Monitoring) supports monitoring of - // total and local memory bandwidth for the container. - EnableMBM bool `json:"enableMBM,omitempty"` + // Nodes representing the nodemask for the set_mempolicy syscall in comma separated ranges format. + // Format: "-,,-,..." + Nodes string `json:"nodes"` + + // Flags for the set_mempolicy syscall. + Flags []MemoryPolicyFlagType `json:"flags,omitempty"` } // ZOS contains platform-specific configuration for z/OS based containers. @@ -884,6 +904,26 @@ const ( ZOSUTSNamespace ZOSNamespaceType = "uts" ) +type MemoryPolicyModeType string + +const ( + MpolDefault MemoryPolicyModeType = "MPOL_DEFAULT" + MpolBind MemoryPolicyModeType = "MPOL_BIND" + MpolInterleave MemoryPolicyModeType = "MPOL_INTERLEAVE" + MpolWeightedInterleave MemoryPolicyModeType = "MPOL_WEIGHTED_INTERLEAVE" + MpolPreferred MemoryPolicyModeType = "MPOL_PREFERRED" + MpolPreferredMany MemoryPolicyModeType = "MPOL_PREFERRED_MANY" + MpolLocal MemoryPolicyModeType = "MPOL_LOCAL" +) + +type MemoryPolicyFlagType string + +const ( + MpolFNumaBalancing MemoryPolicyFlagType = "MPOL_F_NUMA_BALANCING" + MpolFRelativeNodes MemoryPolicyFlagType = "MPOL_F_RELATIVE_NODES" + MpolFStaticNodes MemoryPolicyFlagType = "MPOL_F_STATIC_NODES" +) + // LinuxSchedulerPolicy represents different scheduling policies used with the Linux Scheduler type LinuxSchedulerPolicy string diff --git a/vendor/github.com/opencontainers/runtime-spec/specs-go/features/features.go b/vendor/github.com/opencontainers/runtime-spec/specs-go/features/features.go index d8eb169dc39..7b4c40640bd 100644 --- a/vendor/github.com/opencontainers/runtime-spec/specs-go/features/features.go +++ b/vendor/github.com/opencontainers/runtime-spec/specs-go/features/features.go @@ -47,6 +47,7 @@ type Linux struct { Apparmor *Apparmor `json:"apparmor,omitempty"` Selinux *Selinux `json:"selinux,omitempty"` IntelRdt *IntelRdt `json:"intelRdt,omitempty"` + MemoryPolicy *MemoryPolicy `json:"memoryPolicy,omitempty"` MountExtensions *MountExtensions `json:"mountExtensions,omitempty"` NetDevices *NetDevices `json:"netDevices,omitempty"` } @@ -130,6 +131,21 @@ type IntelRdt struct { // Unrelated to whether the host supports Intel RDT or not. // Nil value means "unknown", not "false". Enabled *bool `json:"enabled,omitempty"` + // Schemata is true if the "linux.intelRdt.enableMonitoring" field of the + // spec is implemented. + Schemata *bool `json:"schemata,omitempty"` + // Monitoring is true if the "linux.intelRdt.enableMonitoring" field of the + // spec is implemented. + // Nil value means "unknown", not "false". + Monitoring *bool `json:"monitoring,omitempty"` +} + +// MemoryPolicy represents the "memoryPolicy" field. +type MemoryPolicy struct { + // modes is the list of known memory policy modes, e.g., "MPOL_INTERLEAVE". + Modes []string `json:"modes,omitempty"` + // flags is the list of known memory policy mode flags, e.g., "MPOL_F_STATIC_NODES". + Flags []string `json:"flags,omitempty"` } // MountExtensions represents the "mountExtensions" field. diff --git a/vendor/modules.txt b/vendor/modules.txt index 56c8177ebbc..6ddefd60b84 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -62,7 +62,7 @@ github.com/opencontainers/cgroups/fscommon github.com/opencontainers/cgroups/internal/path github.com/opencontainers/cgroups/manager github.com/opencontainers/cgroups/systemd -# github.com/opencontainers/runtime-spec v1.2.2-0.20250401095657-e935f995dd67 +# github.com/opencontainers/runtime-spec v1.2.2-0.20250818071321-383cadbf08c0 ## explicit github.com/opencontainers/runtime-spec/specs-go github.com/opencontainers/runtime-spec/specs-go/features From ea385de40c9a006737399bc72918a19e5d038736 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Tue, 19 Aug 2025 16:53:03 +1000 Subject: [PATCH 1001/1176] tests: add sane_run helper "runc" was a special wrapper around bats's "run" which output some very useful diagnostic information to the bats log, but this was not usable for other commands. So let's make it a more generic helper that we can use for other commands. Signed-off-by: Aleksa Sarai --- tests/integration/helpers.bash | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/tests/integration/helpers.bash b/tests/integration/helpers.bash index 4e8e070628e..5677e32e66a 100755 --- a/tests/integration/helpers.bash +++ b/tests/integration/helpers.bash @@ -36,18 +36,27 @@ ARCH=$(uname -m) # Seccomp agent socket. SECCCOMP_AGENT_SOCKET="$BATS_TMPDIR/seccomp-agent.sock" -# Wrapper for runc. -function runc() { - run __runc "$@" +# Wrapper around "run" that logs output to make tests easier to debug. +function sane_run() { + local cmd="$1" + local cmdname="${CMDNAME:-$(basename "$cmd")}" + shift + + run "$cmd" "$@" # Some debug information to make life easier. bats will only print it if the # test failed, in which case the output is useful. # shellcheck disable=SC2154 - echo "$(basename "$RUNC") $* (status=$status):" >&2 + echo "$cmdname $* (status=$status)" >&2 # shellcheck disable=SC2154 echo "$output" >&2 } +# Wrapper for runc. +function runc() { + CMDNAME="$(basename "$RUNC")" sane_run __runc "$@" +} + # Raw wrapper for runc. function __runc() { "$RUNC" ${RUNC_USE_SYSTEMD+--systemd-cgroup} \ From d1f6acfab06e6f5eb15b7edfaa704f50907907b1 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Tue, 19 Aug 2025 17:42:24 +1000 Subject: [PATCH 1002/1176] tests: add RUNC_CMDLINE for tests incompatible with functions Sometimes we need to run runc through some wrapper (like nohup), but because "__runc" and "runc" are bash functions in our test suite this doesn't work trivially -- and you cannot just pass "$RUNC" because you you need to set --root for rootless tests. So create a setup_runc_cmdline helper which sets $RUNC_CMDLINE to the beginning cmdline used by __runc (and switch __runc to use that). Signed-off-by: Aleksa Sarai --- tests/integration/helpers.bash | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/tests/integration/helpers.bash b/tests/integration/helpers.bash index 5677e32e66a..24035eb6486 100755 --- a/tests/integration/helpers.bash +++ b/tests/integration/helpers.bash @@ -57,10 +57,17 @@ function runc() { CMDNAME="$(basename "$RUNC")" sane_run __runc "$@" } +function setup_runc_cmdline() { + RUNC_CMDLINE=("$RUNC") + [[ -v RUNC_USE_SYSTEMD ]] && RUNC_CMDLINE+=("--systemd-cgroup") + [[ -n "${ROOT:-}" ]] && RUNC_CMDLINE+=("--root" "$ROOT/state") + export RUNC_CMDLINE +} + # Raw wrapper for runc. function __runc() { - "$RUNC" ${RUNC_USE_SYSTEMD+--systemd-cgroup} \ - ${ROOT:+--root "$ROOT/state"} "$@" + setup_runc_cmdline + "${RUNC_CMDLINE[@]}" "$@" } # Wrapper for runc spec. From 121192ade6c55f949d32ba486219e2b1d86898b2 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Tue, 19 Aug 2025 06:57:23 +1000 Subject: [PATCH 1003/1176] libct: reset CPU affinity by default In certain deployments, it's possible for runc to be spawned by a process with a restrictive cpumask (such as from a systemd unit with CPUAffinity=... configured) which will be inherited by runc and thus the container process by default. The cpuset cgroup used to reconfigure the cpumask automatically for joining processes, but kcommit da019032819a ("sched: Enforce user requested affinity") changed this behaviour in Linux 6.2. The solution is to try to emulate the expected behaviour by resetting our cpumask to correspond with the configured cpuset (in the case of "runc exec", if the user did not configure an alternative one). Normally we would have to parse /proc/stat and /sys/fs/cgroup, but luckily sched_setaffinity(2) will transparently convert an all-set cpumask (even if it has more entries than the number of CPUs on the system) to the correct value for our usecase. For some reason, in our CI it seems that rootless --systemd-cgroup results in the cpuset (presumably temporarily?) being configured such that sched_setaffinity(2) will allow the full set of CPUs. For this particular case, all we care about is that it is different to the original set, so include some special-casing (but we should probably investigate this further...). Reported-by: ningmingxiao Reported-by: Martin Sivak Reported-by: Peter Hunt Signed-off-by: Aleksa Sarai --- CHANGELOG.md | 6 ++ libcontainer/process_linux.go | 51 ++++++++++++- tests/integration/cpu_affinity.bats | 109 ++++++++++++++++++++++++++++ 3 files changed, 165 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ae6cead0b6b..ea586dc0911 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -20,6 +20,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 (omitting children) to the new group, and leave the CLOS orphaned after container exit. (#4827) +### Fixed + * Container processes will no longer inherit the CPU affinity of runc by + default. Instead, the default CPU affinity of container processes will be + the largest set of CPUs permitted by the container's cpuset cgroup and any + other system restrictions (such as isolated CPUs). (#4041, #4815, #4858) + ## [1.3.0] - 2025-04-30 > Mr. President, we must not allow a mine shaft gap! diff --git a/libcontainer/process_linux.go b/libcontainer/process_linux.go index 386b5f76200..d8acb275193 100644 --- a/libcontainer/process_linux.go +++ b/libcontainer/process_linux.go @@ -159,6 +159,46 @@ type setnsProcess struct { initProcessPid int } +// tryResetCPUAffinity tries to reset the CPU affinity of the process +// identified by pid to include all possible CPUs (notwithstanding cgroup +// cpuset restrictions and isolated CPUs). +func tryResetCPUAffinity(pid int) { + // When resetting the CPU affinity, we want to match the configured cgroup + // cpuset (or the default set of all CPUs, if no cpuset is configured) + // rather than some more restrictive affinity we were spawned in (such as + // one that may have been inherited from systemd). The cpuset cgroup used + // to reconfigure the cpumask automatically for joining processes, but + // kcommit da019032819a ("sched: Enforce user requested affinity") changed + // this behaviour in Linux 6.2. + // + // Parsing cpuset.cpus.effective is quite inefficient (and looking at + // things like /proc/stat would be wrong for most nested containers), but + // luckily sched_setaffinity(2) will implicitly: + // + // * Clamp the cpumask so that it matches the current number of CPUs on + // the system. + // * Mask out any CPUs that are not a member of the target task's + // configured cgroup cpuset. + // + // So we can just pass a very large array of set cpumask bits and the + // kernel will silently convert that to the correct value very cheaply. + + // Ideally, we would just set the array to 0xFF...FF. Unfortunately, the + // size depends on the architecture. It is also a private newtype, so we + // can't use (^0) or generics since those require us to be able to name the + // type. However, we can just underflow the zero value instead. + // TODO: Once is merged, switch to that. + cpuset := unix.CPUSet{} + for i := range cpuset { + cpuset[i]-- // underflow to 0xFF..FF + } + if err := unix.SchedSetaffinity(pid, &cpuset); err != nil { + logrus.WithError( + os.NewSyscallError("sched_setaffinity", err), + ).Warnf("resetting the CPU affinity of pid %d failed -- the container process may inherit runc's CPU affinity", pid) + } +} + // Starts setns process with specified initial CPU affinity. func (p *setnsProcess) startWithCPUAffinity() error { aff := p.config.CPUAffinity @@ -189,7 +229,13 @@ func (p *setnsProcess) startWithCPUAffinity() error { func (p *setnsProcess) setFinalCPUAffinity() error { aff := p.config.CPUAffinity - if aff == nil || aff.Final == nil { + // If there was no affinity configured at all, we want to reset + // the affinity to make sure we don't inherit an unexpected one. + if aff == nil || aff.Final == nil && aff.Initial == nil { + tryResetCPUAffinity(p.pid()) + return nil + } + if aff.Final == nil { return nil } if err := unix.SchedSetaffinity(p.pid(), aff.Final); err != nil { @@ -615,6 +661,9 @@ func (p *initProcess) start() (retErr error) { return fmt.Errorf("unable to apply cgroup configuration: %w", err) } } + // Reset the CPU affinity after cgroups are configured to make sure it + // matches any configured cpuset. + tryResetCPUAffinity(p.pid()) if p.intelRdtManager != nil { if err := p.intelRdtManager.Apply(p.pid()); err != nil { return fmt.Errorf("unable to apply Intel RDT configuration: %w", err) diff --git a/tests/integration/cpu_affinity.bats b/tests/integration/cpu_affinity.bats index f6adfa2aebd..1b4958a4732 100644 --- a/tests/integration/cpu_affinity.bats +++ b/tests/integration/cpu_affinity.bats @@ -4,9 +4,14 @@ load helpers +INITIAL_CPU_MASK="$(grep -F Cpus_allowed_list: /proc/self/status | awk '{ print $2 }')" + function setup() { requires smp cgroups_cpuset setup_busybox + + echo "Initial CPU mask: $INITIAL_CPU_MASK" >&2 + echo "---" >&2 } function teardown() { @@ -99,3 +104,107 @@ function cpus_to_mask() { [[ "$output" == *"nsexec"*": affinity: $mask"* ]] [[ "$output" == *"Cpus_allowed_list: $final"* ]] # Mind the literal tab. } + +@test "runc run [CPU affinity should reset]" { + # We need to use RUNC_CMDLINE since taskset requires a proper binary, not a + # bash function (which is what runc and __runc are). + setup_runc_cmdline + + first="$(first_cpu)" + + # Running without cpuset should result in an affinity for all CPUs. + update_config '.process.args = [ "/bin/grep", "-F", "Cpus_allowed_list:", "/proc/self/status" ]' + update_config 'del(.linux.resources.cpu)' + sane_run taskset -c "$first" "${RUNC_CMDLINE[@]}" run ctr + [ "$status" -eq 0 ] + [[ "$output" != $'Cpus_allowed_list:\t'"$first" ]] + [[ "$output" == $'Cpus_allowed_list:\t'"$INITIAL_CPU_MASK" ]] +} + +@test "runc run [CPU affinity should reset to cgroup cpuset]" { + [ $EUID -ne 0 ] && requires rootless_cgroup + set_cgroups_path + + # We need to use RUNC_CMDLINE since taskset requires a proper binary, not a + # bash function (which is what runc and __runc are). + setup_runc_cmdline + + first="$(first_cpu)" + second="$((first + 1))" # Hacky; might not work in all environments. + + # Running with a cpuset should result in an affinity that matches. + update_config '.process.args = [ "/bin/grep", "-F", "Cpus_allowed_list:", "/proc/self/status" ]' + update_config '.linux.resources.cpu = {"mems": "0", "cpus": "'"$first-$second"'"}' + sane_run taskset -c "$first" "${RUNC_CMDLINE[@]}" run ctr + [ "$status" -eq 0 ] + [[ "$output" != $'Cpus_allowed_list:\t'"$first" ]] + # XXX: For some reason, systemd-cgroup leads to us using the all-set + # cpumask rather than the cpuset we configured? + [ -v RUNC_USE_SYSTEMD ] || [[ "$output" == $'Cpus_allowed_list:\t'"$first-$second" ]] + + # Ditto for a cpuset that has no overlap with the original cpumask. + update_config '.linux.resources.cpu = {"mems": "0", "cpus": "'"$second"'"}' + sane_run taskset -c "$first" "${RUNC_CMDLINE[@]}" run ctr + [ "$status" -eq 0 ] + [[ "$output" != $'Cpus_allowed_list:\t'"$first" ]] + # XXX: For some reason, systemd-cgroup leads to us using the all-set + # cpumask rather than the cpuset we configured? + [ -v RUNC_USE_SYSTEMD ] || [[ "$output" == $'Cpus_allowed_list:\t'"$second" ]] +} + +@test "runc exec [default CPU affinity should reset]" { + # We need to use RUNC_CMDLINE since taskset requires a proper binary, not a + # bash function (which is what runc and __runc are). + setup_runc_cmdline + + first="$(first_cpu)" + + # Running without cpuset should result in an affinity for all CPUs. + update_config '.process.args = [ "/bin/sleep", "infinity" ]' + update_config 'del(.linux.resources.cpu)' + sane_run taskset -c "$first" "${RUNC_CMDLINE[@]}" run -d --console-socket "$CONSOLE_SOCKET" ctr3 + [ "$status" -eq 0 ] + sane_run taskset -c "$first" "${RUNC_CMDLINE[@]}" exec ctr3 grep -F Cpus_allowed_list: /proc/self/status + [ "$status" -eq 0 ] + [[ "$output" != $'Cpus_allowed_list:\t'"$first" ]] + [[ "$output" == $'Cpus_allowed_list:\t'"$INITIAL_CPU_MASK" ]] +} + +@test "runc exec [default CPU affinity should reset to cgroup cpuset]" { + [ $EUID -ne 0 ] && requires rootless_cgroup + set_cgroups_path + + # We need to use RUNC_CMDLINE since taskset requires a proper binary, not a + # bash function (which is what runc and __runc are). + setup_runc_cmdline + + first="$(first_cpu)" + second="$((first + 1))" # Hacky; might not work in all environments. + + # Running with a cpuset should result in an affinity that matches. + update_config '.process.args = [ "/bin/sleep", "infinity" ]' + update_config '.linux.resources.cpu = {"mems": "0", "cpus": "'"$first-$second"'"}' + sane_run taskset -c "$first" "${RUNC_CMDLINE[@]}" run -d --console-socket "$CONSOLE_SOCKET" ctr + [ "$status" -eq 0 ] + sane_run taskset -c "$first" "${RUNC_CMDLINE[@]}" exec ctr grep -F Cpus_allowed_list: /proc/self/status + [ "$status" -eq 0 ] + [[ "$output" != $'Cpus_allowed_list:\t'"$first" ]] + # XXX: For some reason, systemd-cgroup leads to us using the all-set + # cpumask rather than the cpuset we configured? + [ -v RUNC_USE_SYSTEMD ] || [[ "$output" == $'Cpus_allowed_list:\t'"$first-$second" ]] + + # Stop the container so we can reconfigure it. + runc delete -f ctr + [ "$status" -eq 0 ] + + # Ditto for a cpuset that has no overlap with the original cpumask. + update_config '.linux.resources.cpu = {"mems": "0", "cpus": "'"$second"'"}' + sane_run taskset -c "$first" "${RUNC_CMDLINE[@]}" run -d --console-socket "$CONSOLE_SOCKET" ctr + [ "$status" -eq 0 ] + sane_run taskset -c "$first" "${RUNC_CMDLINE[@]}" exec ctr grep -F Cpus_allowed_list: /proc/self/status + [ "$status" -eq 0 ] + [[ "$output" != $'Cpus_allowed_list:\t'"$first" ]] + # XXX: For some reason, systemd-cgroup leads to us using the all-set + # cpumask rather than the cpuset we configured? + [ -v RUNC_USE_SYSTEMD ] || [[ "$output" == $'Cpus_allowed_list:\t'"$second" ]] +} From c5e7bc8710c43b12b3a621e28c5fa037a3d6f653 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 27 Aug 2025 17:43:38 -0700 Subject: [PATCH 1004/1176] tests/int/selinux: fix for non-standard binary name The setup in selinux.bats assumes $RUNC binary name ends in runc, and thus it fails when we run it like this: sudo -E RUNC=$(pwd)/runc.patched bats tests/integration/selinux.bats Fix is easy. Fixes: b39781b06 ("tests/int: add selinux test case") Signed-off-by: Kir Kolyshkin --- tests/integration/selinux.bats | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/integration/selinux.bats b/tests/integration/selinux.bats index 40a122e06f6..66665c45059 100644 --- a/tests/integration/selinux.bats +++ b/tests/integration/selinux.bats @@ -11,7 +11,7 @@ function setup() { setup_busybox # Use a copy of runc binary with proper selinux label set. - cp "$RUNC" . + cp "$RUNC" ./runc export RUNC="$PWD/runc" chcon -u system_u -r object_r -t container_runtime_exec_t "$RUNC" From a38f42ab879a28bc8150cd4214120eb0dd58591b Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 27 Aug 2025 17:58:01 -0700 Subject: [PATCH 1005/1176] tests/int/help: simplify and fix MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 1. In case runc binary file name is not runc, the test fails like below. The fix is to get the binary name from $RUNC. ✗ runc command -h (in test file tests/integration/help.bats, line 27) `[[ ${lines[1]} =~ runc\ checkpoint+ ]]' failed runc-go1.25.0-main checkpoint -h (status=0): NAME: runc-go1.25.0-main checkpoint - checkpoint a running container 2. Simplify the test by adding a loop for all commands. While at it, add a loop for -h --help as well. 3. Add missing commands (create, ps, features). Signed-off-by: Kir Kolyshkin --- tests/integration/help.bats | 94 ++++++++++++------------------------- 1 file changed, 31 insertions(+), 63 deletions(-) diff --git a/tests/integration/help.bats b/tests/integration/help.bats index 04bbc80cf42..64cc66f674a 100644 --- a/tests/integration/help.bats +++ b/tests/integration/help.bats @@ -22,69 +22,37 @@ function setup() { } @test "runc command -h" { - runc checkpoint -h - [ "$status" -eq 0 ] - [[ ${lines[1]} =~ runc\ checkpoint+ ]] - - runc delete -h - [ "$status" -eq 0 ] - [[ ${lines[1]} =~ runc\ delete+ ]] - - runc events -h - [ "$status" -eq 0 ] - [[ ${lines[1]} =~ runc\ events+ ]] - - runc exec -h - [ "$status" -eq 0 ] - [[ ${lines[1]} =~ runc\ exec+ ]] - - runc kill -h - [ "$status" -eq 0 ] - [[ ${lines[1]} =~ runc\ kill+ ]] - - runc list -h - [ "$status" -eq 0 ] - [[ ${lines[0]} =~ NAME:+ ]] - [[ ${lines[1]} =~ runc\ list+ ]] - - runc list --help - [ "$status" -eq 0 ] - [[ ${lines[0]} =~ NAME:+ ]] - [[ ${lines[1]} =~ runc\ list+ ]] - - runc pause -h - [ "$status" -eq 0 ] - [[ ${lines[1]} =~ runc\ pause+ ]] - - runc restore -h - [ "$status" -eq 0 ] - [[ ${lines[1]} =~ runc\ restore+ ]] - - runc resume -h - [ "$status" -eq 0 ] - [[ ${lines[1]} =~ runc\ resume+ ]] - - # We don't use runc_spec here, because we're just testing the help page. - runc spec -h - [ "$status" -eq 0 ] - [[ ${lines[1]} =~ runc\ spec+ ]] - - runc start -h - [ "$status" -eq 0 ] - [[ ${lines[1]} =~ runc\ start+ ]] - - runc run -h - [ "$status" -eq 0 ] - [[ ${lines[1]} =~ runc\ run+ ]] - - runc state -h - [ "$status" -eq 0 ] - [[ ${lines[1]} =~ runc\ state+ ]] - - runc update -h - [ "$status" -eq 0 ] - [[ ${lines[1]} =~ runc\ update+ ]] - + local runc + # shellcheck disable=SC2153 + runc="$(basename "$RUNC")" + local cmds=( + checkpoint + create + delete + events + exec + kill + list + pause + ps + restore + resume + run + spec + start + state + update + features + ) + + for cmd in "${cmds[@]}"; do + for arg in "-h" "--help"; do + runc "$cmd" "$arg" + [ "$status" -eq 0 ] + [[ ${lines[0]} =~ NAME:+ ]] + [[ ${lines[1]} =~ $runc\ $cmd+ ]] + done + done } @test "runc foo -h" { From 237cc9806a3616ec7c4dbf7d4a24582190d763d3 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 13 Aug 2025 20:11:10 -0700 Subject: [PATCH 1006/1176] libct/sys/rlimit_linux: drop go:build tag This is not needed since commit 16d73367 which sets 1.23 to be a minimally required Go version. Signed-off-by: Kir Kolyshkin --- libcontainer/system/rlimit_linux.go | 2 -- 1 file changed, 2 deletions(-) diff --git a/libcontainer/system/rlimit_linux.go b/libcontainer/system/rlimit_linux.go index 4595fa82aa1..8add993c22e 100644 --- a/libcontainer/system/rlimit_linux.go +++ b/libcontainer/system/rlimit_linux.go @@ -1,5 +1,3 @@ -//go:build go1.23 - package system import ( From 26602650adf2ce42ee8f38e0de66653c507d4d38 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 13 Aug 2025 20:01:09 -0700 Subject: [PATCH 1007/1176] Add go 1.25, require go 1.24 Now that Go 1.25 is out, let's switch to go 1.24.0 as a minimally supported version, drop Go 1.23 and add Go 1.25 to CI matrix. Signed-off-by: Kir Kolyshkin --- .github/workflows/test.yml | 6 +++--- Dockerfile | 2 +- README.md | 2 +- go.mod | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 11c2db2f523..68e32b07471 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -25,7 +25,7 @@ jobs: fail-fast: false matrix: os: [ubuntu-24.04, ubuntu-24.04-arm] - go-version: [1.23.x, 1.24.x] + go-version: [1.24.x, 1.25.x] rootless: ["rootless", ""] race: ["-race", ""] criu: ["", "criu-dev"] @@ -33,12 +33,12 @@ jobs: # Disable most of criu-dev jobs, as they are expensive # (need to compile criu) and don't add much value/coverage. - criu: criu-dev - go-version: 1.23.x + go-version: 1.24.x - criu: criu-dev rootless: rootless # Do race detection only on latest Go. - race: -race - go-version: 1.23.x + go-version: 1.24.x runs-on: ${{ matrix.os }} diff --git a/Dockerfile b/Dockerfile index 5c3b933b38e..26f124ede8e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -ARG GO_VERSION=1.23 +ARG GO_VERSION=1.24 ARG BATS_VERSION=v1.11.0 ARG LIBSECCOMP_VERSION=2.5.6 diff --git a/README.md b/README.md index 70e64a18b64..2d0f13bd03d 100644 --- a/README.md +++ b/README.md @@ -26,7 +26,7 @@ A third party security audit was performed by Cure53, you can see the full repor ## Building -`runc` only supports Linux. See the header of [`go.mod`](./go.mod) for the required Go version. +`runc` only supports Linux. See the header of [`go.mod`](./go.mod) for the minimally required Go version. ### Pre-Requisites diff --git a/go.mod b/go.mod index 3c4eb535991..756837fbb9b 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/opencontainers/runc -go 1.23.0 +go 1.24.0 require ( github.com/checkpoint-restore/go-criu/v7 v7.2.0 From b042b6d455c4e52931e46994b13efe579d37dbd5 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 13 Aug 2025 20:14:12 -0700 Subject: [PATCH 1008/1176] types/events: use omitzero where appropriate In these cases, omitempty doesn't really work so it is useless, but omitzero actually works. As a result, output of `runc events` may omit these fields if all they contain are zeroes. NOTE this might be a breaking change. Signed-off-by: Kir Kolyshkin --- types/events.go | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/types/events.go b/types/events.go index fc741d2d9e2..e9dc5443a8a 100644 --- a/types/events.go +++ b/types/events.go @@ -75,8 +75,8 @@ type CpuUsage struct { } type Cpu struct { - Usage CpuUsage `json:"usage,omitempty"` - Throttling Throttling `json:"throttling,omitempty"` + Usage CpuUsage `json:"usage,omitzero"` + Throttling Throttling `json:"throttling,omitzero"` PSI *PSIStats `json:"psi,omitempty"` } @@ -103,10 +103,10 @@ type MemoryEntry struct { type Memory struct { Cache uint64 `json:"cache,omitempty"` - Usage MemoryEntry `json:"usage,omitempty"` - Swap MemoryEntry `json:"swap,omitempty"` - Kernel MemoryEntry `json:"kernel,omitempty"` - KernelTCP MemoryEntry `json:"kernelTCP,omitempty"` + Usage MemoryEntry `json:"usage,omitzero"` + Swap MemoryEntry `json:"swap,omitzero"` + Kernel MemoryEntry `json:"kernel,omitzero"` + KernelTCP MemoryEntry `json:"kernelTCP,omitzero"` Raw map[string]uint64 `json:"raw,omitempty"` PSI *PSIStats `json:"psi,omitempty"` } From 89e59902c4b9279a2d72f39d86b8d266e58c5b7b Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 13 Aug 2025 20:17:05 -0700 Subject: [PATCH 1009/1176] Modernize code for Go 1.24 Brought to you by modernize -fix -test ./... Signed-off-by: Kir Kolyshkin --- exec.go | 2 +- libcontainer/configs/config.go | 2 +- libcontainer/configs/config_test.go | 2 +- libcontainer/configs/tocpuset_test.go | 1 - libcontainer/configs/validate/rootless.go | 2 +- libcontainer/configs/validate/rootless_test.go | 3 +-- libcontainer/configs/validate/validator_test.go | 1 - libcontainer/integration/bench_test.go | 6 ++---- libcontainer/integration/exec_test.go | 12 ++++++------ libcontainer/internal/userns/usernsfd_linux_test.go | 2 +- libcontainer/rootfs_linux.go | 2 +- libcontainer/specconv/spec_linux_test.go | 3 +-- .../system/kernelversion/kernel_linux_test.go | 2 -- notify_socket.go | 2 +- 14 files changed, 17 insertions(+), 25 deletions(-) diff --git a/exec.go b/exec.go index ff8e8ee1582..cd5a9d17154 100644 --- a/exec.go +++ b/exec.go @@ -132,7 +132,7 @@ func getSubCgroupPaths(args []string) (map[string]string, error) { // Split into controller:path. if ctr, path, ok := strings.Cut(c, ":"); ok { // There may be a few comma-separated controllers. - for _, ctrl := range strings.Split(ctr, ",") { + for ctrl := range strings.SplitSeq(ctr, ",") { if ctrl == "" { return nil, fmt.Errorf("invalid --cgroup argument: %s (empty prefix)", c) } diff --git a/libcontainer/configs/config.go b/libcontainer/configs/config.go index 07216cb81cd..a0cdaec6a19 100644 --- a/libcontainer/configs/config.go +++ b/libcontainer/configs/config.go @@ -325,7 +325,7 @@ func toCPUSet(str string) (*unix.CPUSet, error) { return int(ret), nil } - for _, r := range strings.Split(str, ",") { + for r := range strings.SplitSeq(str, ",") { // Allow extra spaces around. r = strings.TrimSpace(r) // Allow empty elements (extra commas). diff --git a/libcontainer/configs/config_test.go b/libcontainer/configs/config_test.go index 644129941ce..70dcb799531 100644 --- a/libcontainer/configs/config_test.go +++ b/libcontainer/configs/config_test.go @@ -30,7 +30,7 @@ func TestUnmarshalHooks(t *testing.T) { for _, hookName := range configs.HookNameList { hooks := configs.Hooks{} - err = hooks.UnmarshalJSON([]byte(fmt.Sprintf(`{"%s" :[%s]}`, hookName, hookJson))) + err = hooks.UnmarshalJSON(fmt.Appendf(nil, `{"%s" :[%s]}`, hookName, hookJson)) if err != nil { t.Fatal(err) } diff --git a/libcontainer/configs/tocpuset_test.go b/libcontainer/configs/tocpuset_test.go index 43fb11bf876..8af2ab57726 100644 --- a/libcontainer/configs/tocpuset_test.go +++ b/libcontainer/configs/tocpuset_test.go @@ -57,7 +57,6 @@ func TestToCPUSet(t *testing.T) { } for _, tc := range testCases { - tc := tc t.Run(tc.in, func(t *testing.T) { out, err := toCPUSet(tc.in) t.Logf("toCPUSet(%q) = %v (error: %v)", tc.in, out, err) diff --git a/libcontainer/configs/validate/rootless.go b/libcontainer/configs/validate/rootless.go index 88cf1cd60fc..ef9c8e6f948 100644 --- a/libcontainer/configs/validate/rootless.go +++ b/libcontainer/configs/validate/rootless.go @@ -60,7 +60,7 @@ func rootlessEUIDMount(config *configs.Config) error { if !strings.Contains(mount.Data, "id=") { continue } - for _, opt := range strings.Split(mount.Data, ",") { + for opt := range strings.SplitSeq(mount.Data, ",") { if str, ok := strings.CutPrefix(opt, "uid="); ok { uid, err := strconv.Atoi(str) if err != nil { diff --git a/libcontainer/configs/validate/rootless_test.go b/libcontainer/configs/validate/rootless_test.go index 7b088739910..f725b541f81 100644 --- a/libcontainer/configs/validate/rootless_test.go +++ b/libcontainer/configs/validate/rootless_test.go @@ -154,8 +154,7 @@ func BenchmarkRootlessEUIDMount(b *testing.B) { }, } - b.ResetTimer() - for i := 0; i < b.N; i++ { + for b.Loop() { err := rootlessEUIDMount(config) if err != nil { b.Fatal(err) diff --git a/libcontainer/configs/validate/validator_test.go b/libcontainer/configs/validate/validator_test.go index 99e189c6590..2dd47a198d3 100644 --- a/libcontainer/configs/validate/validator_test.go +++ b/libcontainer/configs/validate/validator_test.go @@ -774,7 +774,6 @@ func TestValidateIDMapMounts(t *testing.T) { } for _, tc := range testCases { - tc := tc t.Run(tc.name, func(t *testing.T) { config := tc.config config.Rootfs = "/var" diff --git a/libcontainer/integration/bench_test.go b/libcontainer/integration/bench_test.go index c10c57fda3c..0375ee7f7cc 100644 --- a/libcontainer/integration/bench_test.go +++ b/libcontainer/integration/bench_test.go @@ -34,8 +34,7 @@ func BenchmarkExecTrue(b *testing.B) { }() ok(b, err) - b.ResetTimer() - for i := 0; i < b.N; i++ { + for b.Loop() { exec := &libcontainer.Process{ Cwd: "/", Args: []string{"/bin/true"}, @@ -101,8 +100,7 @@ func BenchmarkExecInBigEnv(b *testing.B) { wantOut.WriteString(e + "\n") } - b.ResetTimer() - for i := 0; i < b.N; i++ { + for b.Loop() { buffers := newStdBuffers() exec := &libcontainer.Process{ Cwd: "/", diff --git a/libcontainer/integration/exec_test.go b/libcontainer/integration/exec_test.go index 17312563bfc..f5a24777edf 100644 --- a/libcontainer/integration/exec_test.go +++ b/libcontainer/integration/exec_test.go @@ -850,8 +850,8 @@ func TestMountCgroupRO(t *testing.T) { buffers := runContainerOk(t, config, "mount") mountInfo := buffers.Stdout.String() - lines := strings.Split(mountInfo, "\n") - for _, l := range lines { + lines := strings.SplitSeq(mountInfo, "\n") + for l := range lines { if strings.HasPrefix(l, "tmpfs on /sys/fs/cgroup") { if !strings.Contains(l, "ro") || !strings.Contains(l, "nosuid") || @@ -892,8 +892,8 @@ func TestMountCgroupRW(t *testing.T) { buffers := runContainerOk(t, config, "mount") mountInfo := buffers.Stdout.String() - lines := strings.Split(mountInfo, "\n") - for _, l := range lines { + lines := strings.SplitSeq(mountInfo, "\n") + for l := range lines { if strings.HasPrefix(l, "tmpfs on /sys/fs/cgroup") { if !strings.Contains(l, "rw") || !strings.Contains(l, "nosuid") || @@ -1206,8 +1206,8 @@ func TestRootfsPropagationSlaveMount(t *testing.T) { dir2cont = filepath.Join(dir1cont, filepath.Base(dir2host)) propagationInfo := stdout2.String() - lines := strings.Split(propagationInfo, "\n") - for _, l := range lines { + lines := strings.SplitSeq(propagationInfo, "\n") + for l := range lines { linefields := strings.Split(l, " ") if len(linefields) < 5 { continue diff --git a/libcontainer/internal/userns/usernsfd_linux_test.go b/libcontainer/internal/userns/usernsfd_linux_test.go index 23a3419fcae..0065b7f839d 100644 --- a/libcontainer/internal/userns/usernsfd_linux_test.go +++ b/libcontainer/internal/userns/usernsfd_linux_test.go @@ -42,7 +42,7 @@ func BenchmarkSpawnProc(b *testing.B) { } }) - for i := 0; i < b.N; i++ { + for b.Loop() { proc, err := spawnProc(mapping) if err != nil { b.Error(err) diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index fd9fdddcd05..a7a72b8bb19 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -354,7 +354,7 @@ func mountCgroupV1(m *configs.Mount, c *mountConfig) error { } } for _, mc := range merged { - for _, ss := range strings.Split(mc, ",") { + for ss := range strings.SplitSeq(mc, ",") { // symlink(2) is very dumb, it will just shove the path into // the link and doesn't do any checks or relative path // conversion. Also, don't error out if the cgroup already exists. diff --git a/libcontainer/specconv/spec_linux_test.go b/libcontainer/specconv/spec_linux_test.go index 77219496243..4c3c4769348 100644 --- a/libcontainer/specconv/spec_linux_test.go +++ b/libcontainer/specconv/spec_linux_test.go @@ -777,7 +777,6 @@ func TestInitSystemdProps(t *testing.T) { spec := &specs.Spec{} for _, tc := range testCases { - tc := tc spec.Annotations = map[string]string{tc.in.name: tc.in.value} outMap, err := initSystemdProps(spec) @@ -834,7 +833,7 @@ func TestCheckPropertyName(t *testing.T) { } func BenchmarkCheckPropertyName(b *testing.B) { - for i := 0; i < b.N; i++ { + for b.Loop() { for _, s := range []string{"", "xx", "xxx", "someValidName", "A name", "ĐĐ¸Ñ€", "მáƒáƒ“áƒáƒáƒ‘áƒ", "åˆă„言葉"} { _ = checkPropertyName(s) } diff --git a/libcontainer/system/kernelversion/kernel_linux_test.go b/libcontainer/system/kernelversion/kernel_linux_test.go index a18f1f2226f..7a5df8421b1 100644 --- a/libcontainer/system/kernelversion/kernel_linux_test.go +++ b/libcontainer/system/kernelversion/kernel_linux_test.go @@ -67,7 +67,6 @@ func TestParseRelease(t *testing.T) { {in: "3.-8", expectedErr: fmt.Errorf(`failed to parse kernel version "3.-8": expected integer`)}, } for _, tc := range tests { - tc := tc t.Run(tc.in, func(t *testing.T) { version, err := parseRelease(tc.in) if tc.expectedErr != nil { @@ -126,7 +125,6 @@ func TestGreaterEqualThan(t *testing.T) { }, } for _, tc := range tests { - tc := tc t.Run(tc.doc+": "+tc.in.String(), func(t *testing.T) { ok, err := GreaterEqualThan(tc.in) if err != nil { diff --git a/notify_socket.go b/notify_socket.go index a3aa8d2b208..afebf4e77e4 100644 --- a/notify_socket.go +++ b/notify_socket.go @@ -128,7 +128,7 @@ func (s *notifySocket) run(pid1 int) error { got := buf[0:r] // systemd-ready sends a single datagram with the state string as payload, // so we don't need to worry about partial messages. - for _, line := range bytes.Split(got, []byte{'\n'}) { + for line := range bytes.SplitSeq(got, []byte{'\n'}) { if bytes.HasPrefix(got, []byte("READY=")) { fileChan <- line return From 3867f826dabdc4f87bef87fc56583637479ae371 Mon Sep 17 00:00:00 2001 From: Markus Lehtonen Date: Wed, 30 Jul 2025 14:52:55 +0300 Subject: [PATCH 1010/1176] libcontainer/intelrdt: refactor tests Signed-off-by: Markus Lehtonen --- libcontainer/intelrdt/intelrdt_test.go | 140 ++++++++++--------------- 1 file changed, 55 insertions(+), 85 deletions(-) diff --git a/libcontainer/intelrdt/intelrdt_test.go b/libcontainer/intelrdt/intelrdt_test.go index 114499f82f3..06c734c5452 100644 --- a/libcontainer/intelrdt/intelrdt_test.go +++ b/libcontainer/intelrdt/intelrdt_test.go @@ -3,97 +3,67 @@ package intelrdt import ( "os" "path/filepath" + "slices" "strings" "testing" -) - -func TestIntelRdtSetL3CacheSchema(t *testing.T) { - helper := NewIntelRdtTestUtil(t) - - const ( - l3CacheSchemaBefore = "L3:0=f;1=f0" - l3CacheSchemeAfter = "L3:0=f0;1=f" - ) - - helper.writeFileContents(map[string]string{ - "schemata": l3CacheSchemaBefore + "\n", - }) - - helper.config.IntelRdt.L3CacheSchema = l3CacheSchemeAfter - intelrdt := newManager(helper.config, "", helper.IntelRdtPath) - if err := intelrdt.Set(helper.config); err != nil { - t.Fatal(err) - } - - tmpStrings, err := getIntelRdtParamString(helper.IntelRdtPath, "schemata") - if err != nil { - t.Fatalf("Failed to parse file 'schemata' - %s", err) - } - values := strings.Split(tmpStrings, "\n") - value := values[0] - - if value != l3CacheSchemeAfter { - t.Fatal("Got the wrong value, set 'schemata' failed.") - } -} - -func TestIntelRdtSetMemBwSchema(t *testing.T) { - helper := NewIntelRdtTestUtil(t) - - const ( - memBwSchemaBefore = "MB:0=20;1=70" - memBwSchemeAfter = "MB:0=70;1=20" - ) - helper.writeFileContents(map[string]string{ - "schemata": memBwSchemaBefore + "\n", - }) - - helper.config.IntelRdt.MemBwSchema = memBwSchemeAfter - intelrdt := newManager(helper.config, "", helper.IntelRdtPath) - if err := intelrdt.Set(helper.config); err != nil { - t.Fatal(err) - } - - tmpStrings, err := getIntelRdtParamString(helper.IntelRdtPath, "schemata") - if err != nil { - t.Fatalf("Failed to parse file 'schemata' - %s", err) - } - values := strings.Split(tmpStrings, "\n") - value := values[0] - - if value != memBwSchemeAfter { - t.Fatal("Got the wrong value, set 'schemata' failed.") - } -} - -func TestIntelRdtSetMemBwScSchema(t *testing.T) { - helper := NewIntelRdtTestUtil(t) - - const ( - memBwScSchemaBefore = "MB:0=5000;1=7000" - memBwScSchemeAfter = "MB:0=9000;1=4000" - ) - - helper.writeFileContents(map[string]string{ - "schemata": memBwScSchemaBefore + "\n", - }) - - helper.config.IntelRdt.MemBwSchema = memBwScSchemeAfter - intelrdt := newManager(helper.config, "", helper.IntelRdtPath) - if err := intelrdt.Set(helper.config); err != nil { - t.Fatal(err) - } + "github.com/opencontainers/runc/libcontainer/configs" +) - tmpStrings, err := getIntelRdtParamString(helper.IntelRdtPath, "schemata") - if err != nil { - t.Fatalf("Failed to parse file 'schemata' - %s", err) +func TestIntelRdtSet(t *testing.T) { + tcs := []struct { + name string + config *configs.IntelRdt + schemataAfter []string + }{ + { + name: "L3", + config: &configs.IntelRdt{ + L3CacheSchema: "L3:0=f0;1=f", + }, + schemataAfter: []string{"L3:0=f0;1=f"}, + }, + { + name: "MemBw", + config: &configs.IntelRdt{ + MemBwSchema: "MB:0=70;1=20", + }, + schemataAfter: []string{"MB:0=70;1=20"}, + }, + { + name: "MemBwSc", + config: &configs.IntelRdt{ + MemBwSchema: "MB:0=9000;1=4000", + }, + schemataAfter: []string{"MB:0=9000;1=4000"}, + }, } - values := strings.Split(tmpStrings, "\n") - value := values[0] - if value != memBwScSchemeAfter { - t.Fatal("Got the wrong value, set 'schemata' failed.") + for _, tc := range tcs { + t.Run(tc.name, func(t *testing.T) { + helper := NewIntelRdtTestUtil(t) + helper.config.IntelRdt = tc.config + + helper.writeFileContents(map[string]string{ + /* Common initial value for all test cases */ + "schemata": "MB:0=100\nL3:0=ffff\nL2:0=ffffffff\n", + }) + + intelrdt := newManager(helper.config, "", helper.IntelRdtPath) + if err := intelrdt.Set(helper.config); err != nil { + t.Fatal(err) + } + + tmpStrings, err := getIntelRdtParamString(helper.IntelRdtPath, "schemata") + if err != nil { + t.Fatalf("Failed to parse file 'schemata' - %s", err) + } + values := strings.Split(tmpStrings, "\n") + + if slices.Compare(values, tc.schemataAfter) != 0 { + t.Fatalf("Got the wrong value, expected %v, got %v", tc.schemataAfter, values) + } + }) } } From b8a83ac255fab9129e895210490b8ee9d0f10413 Mon Sep 17 00:00:00 2001 From: Markus Lehtonen Date: Fri, 15 Aug 2025 15:06:48 +0300 Subject: [PATCH 1011/1176] libcontainer/intelrdt: support explicit assignment to root CLOS Makes it possible e.g. to enable monitoring (linux.intelRdt.enableMonitoring) without creating a CLOS (resctrl group) for the container. Implements https://github.com/opencontainers/runtime-spec/pull/1289. Signed-off-by: Markus Lehtonen --- libcontainer/configs/validate/validator.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libcontainer/configs/validate/validator.go b/libcontainer/configs/validate/validator.go index 9be17ba05a0..e9a33a2184e 100644 --- a/libcontainer/configs/validate/validator.go +++ b/libcontainer/configs/validate/validator.go @@ -287,8 +287,9 @@ func intelrdtCheck(config *configs.Config) error { return fmt.Errorf("intelRdt is specified in config, but Intel RDT is not enabled") } - if config.IntelRdt.ClosID == "." || config.IntelRdt.ClosID == ".." || strings.Contains(config.IntelRdt.ClosID, "/") { - return fmt.Errorf("invalid intelRdt.ClosID %q", config.IntelRdt.ClosID) + switch clos := config.IntelRdt.ClosID; { + case clos == ".", clos == "..", len(clos) > 1 && strings.Contains(clos, "/"): + return fmt.Errorf("invalid intelRdt.ClosID %q", clos) } if !intelrdt.IsCATEnabled() && config.IntelRdt.L3CacheSchema != "" { From ba68a17ad1bc68a44450c686d6f01a89a3e69c75 Mon Sep 17 00:00:00 2001 From: Markus Lehtonen Date: Wed, 27 Aug 2025 15:23:17 +0300 Subject: [PATCH 1012/1176] libcontainer/configs: add validator unit tests for intelRdt Signed-off-by: Markus Lehtonen --- libcontainer/configs/validate/intelrdt.go | 41 ++++++ .../configs/validate/intelrdt_test.go | 122 ++++++++++++++++++ libcontainer/configs/validate/validator.go | 7 +- 3 files changed, 166 insertions(+), 4 deletions(-) create mode 100644 libcontainer/configs/validate/intelrdt.go create mode 100644 libcontainer/configs/validate/intelrdt_test.go diff --git a/libcontainer/configs/validate/intelrdt.go b/libcontainer/configs/validate/intelrdt.go new file mode 100644 index 00000000000..7b6015b826f --- /dev/null +++ b/libcontainer/configs/validate/intelrdt.go @@ -0,0 +1,41 @@ +package validate + +import ( + "sync" + + "github.com/opencontainers/runc/libcontainer/intelrdt" +) + +// Cache the result of intelrdt IsEnabled functions to avoid repeated sysfs +// access and enable mocking for unit tests. +type intelRdtStatus struct { + sync.Once + rdtEnabled bool + catEnabled bool + mbaEnabled bool +} + +var intelRdt = &intelRdtStatus{} + +func (i *intelRdtStatus) init() { + i.Do(func() { + i.rdtEnabled = intelrdt.IsEnabled() + i.catEnabled = intelrdt.IsCATEnabled() + i.mbaEnabled = intelrdt.IsMBAEnabled() + }) +} + +func (i *intelRdtStatus) isEnabled() bool { + i.init() + return i.rdtEnabled +} + +func (i *intelRdtStatus) isCATEnabled() bool { + i.init() + return i.catEnabled +} + +func (i *intelRdtStatus) isMBAEnabled() bool { + i.init() + return i.mbaEnabled +} diff --git a/libcontainer/configs/validate/intelrdt_test.go b/libcontainer/configs/validate/intelrdt_test.go new file mode 100644 index 00000000000..d8672225fda --- /dev/null +++ b/libcontainer/configs/validate/intelrdt_test.go @@ -0,0 +1,122 @@ +package validate + +import ( + "testing" + + "github.com/opencontainers/runc/libcontainer/configs" +) + +func TestValidateIntelRdt(t *testing.T) { + // Call init to trigger the sync.Once and enable overriding the rdt status + intelRdt.init() + + testCases := []struct { + name string + rdtEnabled bool + catEnabled bool + mbaEnabled bool + config *configs.IntelRdt + isErr bool + }{ + { + name: "rdt not supported, no config", + rdtEnabled: false, + config: nil, + isErr: false, + }, + { + name: "rdt not supported, with config", + rdtEnabled: false, + config: &configs.IntelRdt{}, + isErr: true, + }, + { + name: "empty config", + rdtEnabled: true, + config: &configs.IntelRdt{}, + isErr: false, + }, + { + name: "root clos", + rdtEnabled: true, + config: &configs.IntelRdt{ + ClosID: "/", + }, + isErr: false, + }, + { + name: "invalid ClosID (.)", + rdtEnabled: true, + config: &configs.IntelRdt{ + ClosID: ".", + }, + isErr: true, + }, + { + name: "invalid ClosID (..)", + rdtEnabled: true, + config: &configs.IntelRdt{ + ClosID: "..", + }, + isErr: true, + }, + { + name: "invalid ClosID (contains /)", + rdtEnabled: true, + config: &configs.IntelRdt{ + ClosID: "foo/bar", + }, + isErr: true, + }, + { + name: "cat not supported", + rdtEnabled: true, + catEnabled: false, + config: &configs.IntelRdt{ + L3CacheSchema: "0=ff", + }, + isErr: true, + }, + { + name: "mba not supported", + rdtEnabled: true, + mbaEnabled: false, + config: &configs.IntelRdt{ + MemBwSchema: "0=100", + }, + isErr: true, + }, + { + name: "valid config", + rdtEnabled: true, + catEnabled: true, + mbaEnabled: true, + config: &configs.IntelRdt{ + ClosID: "clos-1", + L3CacheSchema: "0=ff", + MemBwSchema: "0=100", + }, + isErr: false, + }, + } + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + intelRdt.rdtEnabled = tc.rdtEnabled + intelRdt.catEnabled = tc.catEnabled + intelRdt.mbaEnabled = tc.mbaEnabled + + config := &configs.Config{ + Rootfs: "/var", + IntelRdt: tc.config, + } + + err := Validate(config) + if tc.isErr && err == nil { + t.Error("expected error, got nil") + } + if !tc.isErr && err != nil { + t.Error(err) + } + }) + } +} diff --git a/libcontainer/configs/validate/validator.go b/libcontainer/configs/validate/validator.go index e9a33a2184e..1fe66e148b4 100644 --- a/libcontainer/configs/validate/validator.go +++ b/libcontainer/configs/validate/validator.go @@ -10,7 +10,6 @@ import ( "github.com/opencontainers/cgroups" "github.com/opencontainers/runc/libcontainer/configs" - "github.com/opencontainers/runc/libcontainer/intelrdt" "github.com/opencontainers/runtime-spec/specs-go" selinux "github.com/opencontainers/selinux/go-selinux" "github.com/sirupsen/logrus" @@ -283,7 +282,7 @@ func sysctl(config *configs.Config) error { func intelrdtCheck(config *configs.Config) error { if config.IntelRdt != nil { - if !intelrdt.IsEnabled() { + if !intelRdt.isEnabled() { return fmt.Errorf("intelRdt is specified in config, but Intel RDT is not enabled") } @@ -292,10 +291,10 @@ func intelrdtCheck(config *configs.Config) error { return fmt.Errorf("invalid intelRdt.ClosID %q", clos) } - if !intelrdt.IsCATEnabled() && config.IntelRdt.L3CacheSchema != "" { + if !intelRdt.isCATEnabled() && config.IntelRdt.L3CacheSchema != "" { return errors.New("intelRdt.l3CacheSchema is specified in config, but Intel RDT/CAT is not enabled") } - if !intelrdt.IsMBAEnabled() && config.IntelRdt.MemBwSchema != "" { + if !intelRdt.isMBAEnabled() && config.IntelRdt.MemBwSchema != "" { return errors.New("intelRdt.memBwSchema is specified in config, but Intel RDT/MBA is not enabled") } } From 762819496e97a785136631bd8fc1272db8d27e96 Mon Sep 17 00:00:00 2001 From: Markus Lehtonen Date: Fri, 29 Aug 2025 12:34:51 +0300 Subject: [PATCH 1013/1176] libcontainer/configs/validate: add doc.go Add package comment to make revive pass muster. Signed-off-by: Markus Lehtonen --- libcontainer/configs/validate/doc.go | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 libcontainer/configs/validate/doc.go diff --git a/libcontainer/configs/validate/doc.go b/libcontainer/configs/validate/doc.go new file mode 100644 index 00000000000..8819c8806cd --- /dev/null +++ b/libcontainer/configs/validate/doc.go @@ -0,0 +1,2 @@ +// Package validate provides helpers for validating configuration. +package validate From c04d9c446d47facd232ca5df2ab53e0f4542d004 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 29 Aug 2025 15:24:04 -0700 Subject: [PATCH 1014/1176] ci/validate: add modernize run Modernize tool [1] basically ensures that the new language features and packages are used across the code. The reason to run it in CI is to ensure that - PR authors use modern code; - our code is modern whether we bump Go version in go.mod. Shove it into go-fix job which already does a similar thing but for 'go-fix' and rename the whole job to modernize. [1]: https://pkg.go.dev/golang.org/x/tools/gopls/internal/analysis/modernize Signed-off-by: Kir Kolyshkin --- .github/workflows/validate.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index c7b37452a29..e73a9e317b0 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -48,7 +48,7 @@ jobs: run: | golangci-lint run --config .golangci-extra.yml --new-from-rev=HEAD~1 - go-fix: + modernize: runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v5 @@ -65,6 +65,10 @@ jobs: run: | go fix ./... git diff --exit-code + - name: run modernize + run: | + go run golang.org/x/tools/gopls/internal/analysis/modernize/cmd/modernize@latest -fix -test ./... + git diff --exit-code compile-buildtags: runs-on: ubuntu-24.04 @@ -260,9 +264,9 @@ jobs: - compile-buildtags - deps - get-images - - go-fix - keyring - lint + - modernize - release - shellcheck - shfmt From 779c9e1d9acbc889ea7ab55e2f153bb575c614ff Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Wed, 3 Sep 2025 00:39:48 +1000 Subject: [PATCH 1015/1176] libct: user: remove deprecated module libcontainer/user was marked as deprecated in d9ea71bf9686 ("deprecate libcontainer/user") and users have had plenty of time to migrate to github.com/moby/sys/user. Signed-off-by: Aleksa Sarai --- CHANGELOG.md | 5 +- libcontainer/user/lookup_deprecated.go | 81 -------------- libcontainer/user/user_deprecated.go | 146 ------------------------- 3 files changed, 4 insertions(+), 228 deletions(-) delete mode 100644 libcontainer/user/lookup_deprecated.go delete mode 100644 libcontainer/user/user_deprecated.go diff --git a/CHANGELOG.md b/CHANGELOG.md index ea586dc0911..755648d6d92 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,8 +6,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] -### Breaking +### libcontainer API +- The deprecated `libcontainer/user` package has been removed; use + `github.com/moby/sys/user` instead. (#3999, #4617) +### Breaking - runc update no longer allows `--l3-cache-schema` or `--mem-bw-schema` if `linux.intelRdt` was not present in the container’s original `config.json`. diff --git a/libcontainer/user/lookup_deprecated.go b/libcontainer/user/lookup_deprecated.go deleted file mode 100644 index c6cd4434551..00000000000 --- a/libcontainer/user/lookup_deprecated.go +++ /dev/null @@ -1,81 +0,0 @@ -package user - -import ( - "io" - - "github.com/moby/sys/user" -) - -// LookupUser looks up a user by their username in /etc/passwd. If the user -// cannot be found (or there is no /etc/passwd file on the filesystem), then -// LookupUser returns an error. -func LookupUser(username string) (user.User, error) { - return user.LookupUser(username) -} - -// LookupUid looks up a user by their user id in /etc/passwd. If the user cannot -// be found (or there is no /etc/passwd file on the filesystem), then LookupId -// returns an error. -func LookupUid(uid int) (user.User, error) { //nolint:revive // ignore var-naming: func LookupUid should be LookupUID - return user.LookupUid(uid) -} - -// LookupGroup looks up a group by its name in /etc/group. If the group cannot -// be found (or there is no /etc/group file on the filesystem), then LookupGroup -// returns an error. -func LookupGroup(groupname string) (user.Group, error) { - return user.LookupGroup(groupname) -} - -// LookupGid looks up a group by its group id in /etc/group. If the group cannot -// be found (or there is no /etc/group file on the filesystem), then LookupGid -// returns an error. -func LookupGid(gid int) (user.Group, error) { - return user.LookupGid(gid) -} - -func GetPasswdPath() (string, error) { - return user.GetPasswdPath() -} - -func GetPasswd() (io.ReadCloser, error) { - return user.GetPasswd() -} - -func GetGroupPath() (string, error) { - return user.GetGroupPath() -} - -func GetGroup() (io.ReadCloser, error) { - return user.GetGroup() -} - -// CurrentUser looks up the current user by their user id in /etc/passwd. If the -// user cannot be found (or there is no /etc/passwd file on the filesystem), -// then CurrentUser returns an error. -func CurrentUser() (user.User, error) { - return user.CurrentUser() -} - -// CurrentGroup looks up the current user's group by their primary group id's -// entry in /etc/passwd. If the group cannot be found (or there is no -// /etc/group file on the filesystem), then CurrentGroup returns an error. -func CurrentGroup() (user.Group, error) { - return user.CurrentGroup() -} - -func CurrentUserSubUIDs() ([]user.SubID, error) { - return user.CurrentUserSubUIDs() -} - -func CurrentUserSubGIDs() ([]user.SubID, error) { - return user.CurrentUserSubGIDs() -} - -func CurrentProcessUIDMap() ([]user.IDMap, error) { - return user.CurrentProcessUIDMap() -} - -func CurrentProcessGIDMap() ([]user.IDMap, error) { - return user.CurrentProcessGIDMap() -} diff --git a/libcontainer/user/user_deprecated.go b/libcontainer/user/user_deprecated.go deleted file mode 100644 index 3c29f3d1d86..00000000000 --- a/libcontainer/user/user_deprecated.go +++ /dev/null @@ -1,146 +0,0 @@ -// Package user is an alias for [github.com/moby/sys/user]. -// -// Deprecated: use [github.com/moby/sys/user]. -package user - -import ( - "io" - - "github.com/moby/sys/user" -) - -var ( - // ErrNoPasswdEntries is returned if no matching entries were found in /etc/group. - ErrNoPasswdEntries = user.ErrNoPasswdEntries - // ErrNoGroupEntries is returned if no matching entries were found in /etc/passwd. - ErrNoGroupEntries = user.ErrNoGroupEntries - // ErrRange is returned if a UID or GID is outside of the valid range. - ErrRange = user.ErrRange -) - -type ( - User = user.User - - Group = user.Group - - // SubID represents an entry in /etc/sub{u,g}id. - SubID = user.SubID - - // IDMap represents an entry in /proc/PID/{u,g}id_map. - IDMap = user.IDMap - - ExecUser = user.ExecUser -) - -func ParsePasswdFile(path string) ([]user.User, error) { - return user.ParsePasswdFile(path) -} - -func ParsePasswd(passwd io.Reader) ([]user.User, error) { - return user.ParsePasswd(passwd) -} - -func ParsePasswdFileFilter(path string, filter func(user.User) bool) ([]user.User, error) { - return user.ParsePasswdFileFilter(path, filter) -} - -func ParsePasswdFilter(r io.Reader, filter func(user.User) bool) ([]user.User, error) { - return user.ParsePasswdFilter(r, filter) -} - -func ParseGroupFile(path string) ([]user.Group, error) { - return user.ParseGroupFile(path) -} - -func ParseGroup(group io.Reader) ([]user.Group, error) { - return user.ParseGroup(group) -} - -func ParseGroupFileFilter(path string, filter func(user.Group) bool) ([]user.Group, error) { - return user.ParseGroupFileFilter(path, filter) -} - -func ParseGroupFilter(r io.Reader, filter func(user.Group) bool) ([]user.Group, error) { - return user.ParseGroupFilter(r, filter) -} - -// GetExecUserPath is a wrapper for GetExecUser. It reads data from each of the -// given file paths and uses that data as the arguments to GetExecUser. If the -// files cannot be opened for any reason, the error is ignored and a nil -// io.Reader is passed instead. -func GetExecUserPath(userSpec string, defaults *user.ExecUser, passwdPath, groupPath string) (*user.ExecUser, error) { - return user.GetExecUserPath(userSpec, defaults, passwdPath, groupPath) -} - -// GetExecUser parses a user specification string (using the passwd and group -// readers as sources for /etc/passwd and /etc/group data, respectively). In -// the case of blank fields or missing data from the sources, the values in -// defaults is used. -// -// GetExecUser will return an error if a user or group literal could not be -// found in any entry in passwd and group respectively. -// -// Examples of valid user specifications are: -// - "" -// - "user" -// - "uid" -// - "user:group" -// - "uid:gid -// - "user:gid" -// - "uid:group" -// -// It should be noted that if you specify a numeric user or group id, they will -// not be evaluated as usernames (only the metadata will be filled). So attempting -// to parse a user with user.Name = "1337" will produce the user with a UID of -// 1337. -func GetExecUser(userSpec string, defaults *user.ExecUser, passwd, group io.Reader) (*user.ExecUser, error) { - return user.GetExecUser(userSpec, defaults, passwd, group) -} - -// GetAdditionalGroups looks up a list of groups by name or group id -// against the given /etc/group formatted data. If a group name cannot -// be found, an error will be returned. If a group id cannot be found, -// or the given group data is nil, the id will be returned as-is -// provided it is in the legal range. -func GetAdditionalGroups(additionalGroups []string, group io.Reader) ([]int, error) { - return user.GetAdditionalGroups(additionalGroups, group) -} - -// GetAdditionalGroupsPath is a wrapper around GetAdditionalGroups -// that opens the groupPath given and gives it as an argument to -// GetAdditionalGroups. -func GetAdditionalGroupsPath(additionalGroups []string, groupPath string) ([]int, error) { - return user.GetAdditionalGroupsPath(additionalGroups, groupPath) -} - -func ParseSubIDFile(path string) ([]user.SubID, error) { - return user.ParseSubIDFile(path) -} - -func ParseSubID(subid io.Reader) ([]user.SubID, error) { - return user.ParseSubID(subid) -} - -func ParseSubIDFileFilter(path string, filter func(user.SubID) bool) ([]user.SubID, error) { - return user.ParseSubIDFileFilter(path, filter) -} - -func ParseSubIDFilter(r io.Reader, filter func(user.SubID) bool) ([]user.SubID, error) { - return user.ParseSubIDFilter(r, filter) -} - -func ParseIDMapFile(path string) ([]user.IDMap, error) { - return user.ParseIDMapFile(path) -} - -func ParseIDMap(r io.Reader) ([]user.IDMap, error) { - return user.ParseIDMap(r) -} - -func ParseIDMapFileFilter(path string, filter func(user.IDMap) bool) ([]user.IDMap, error) { - return user.ParseIDMapFileFilter(path, filter) -} - -func ParseIDMapFilter(r io.Reader, filter func(user.IDMap) bool) ([]user.IDMap, error) { - return user.ParseIDMapFilter(r, filter) -} From edc2eb60f3eadb340b394a6b436a469862f6e74a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 5 Sep 2025 04:02:34 +0000 Subject: [PATCH 1016/1176] build(deps): bump actions/setup-go from 5 to 6 Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5 to 6. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/v5...v6) --- updated-dependencies: - dependency-name: actions/setup-go dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/test.yml | 4 ++-- .github/workflows/validate.yml | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 68e32b07471..16cab969f5c 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -96,7 +96,7 @@ jobs: rm -rf ~/criu - name: install go ${{ matrix.go-version }} - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version: ${{ matrix.go-version }} check-latest: true @@ -166,7 +166,7 @@ jobs: sudo apt -qy install libseccomp-dev libseccomp-dev:i386 gcc-multilib libgcc-s1:i386 criu - name: install go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version: 1.x # Latest stable check-latest: true diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index e73a9e317b0..38b43e422ca 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -32,7 +32,7 @@ jobs: - uses: actions/checkout@v5 with: fetch-depth: 2 - - uses: actions/setup-go@v5 + - uses: actions/setup-go@v6 with: go-version: "${{ env.GO_VERSION }}" - name: install deps @@ -54,7 +54,7 @@ jobs: - uses: actions/checkout@v5 with: fetch-depth: 2 - - uses: actions/setup-go@v5 + - uses: actions/setup-go@v6 with: go-version: "${{ env.GO_VERSION }}" - name: install deps @@ -78,7 +78,7 @@ jobs: steps: - uses: actions/checkout@v5 - name: install go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version: "${{ env.GO_VERSION }}" - name: install deps @@ -143,7 +143,7 @@ jobs: steps: - uses: actions/checkout@v5 - name: install go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version: "${{ env.GO_VERSION }}" check-latest: true From 9408f6643d8bc3490cd9b24fadc83e421bafdb58 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 5 Sep 2025 04:02:37 +0000 Subject: [PATCH 1017/1176] build(deps): bump actions/github-script from 7 to 8 Bumps [actions/github-script](https://github.com/actions/github-script) from 7 to 8. - [Release notes](https://github.com/actions/github-script/releases) - [Commits](https://github.com/actions/github-script/compare/v7...v8) --- updated-dependencies: - dependency-name: actions/github-script dependency-version: '8' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/scheduled.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scheduled.yml b/.github/workflows/scheduled.yml index f310503c5d6..5ad5e898e1e 100644 --- a/.github/workflows/scheduled.yml +++ b/.github/workflows/scheduled.yml @@ -23,7 +23,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Trigger ${{ matrix.wf_id }} workflow on ${{ matrix.branch}} branch - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | From 1931ebf739fa3d904e730a7afd309e4196ec5d97 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Fri, 5 Sep 2025 13:42:32 +1000 Subject: [PATCH 1018/1176] CHANGELOG: forward-port v1.2.7 changelog Signed-off-by: Aleksa Sarai --- CHANGELOG.md | 44 +++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 43 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 755648d6d92..8086799e3a2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -128,6 +128,47 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 * Support `skip-in-flight` and `link-remap` options for CRIU. (#4627) * Support cgroup v1 mounted with `noprefix`. (#4513) +## [1.2.7] - 2025-09-05 + +> ă•ă‚“ă‚’ă¤ă‘ă‚ă‚ˆăƒ‡ă‚³å©é‡éƒï¼ + +### Fixed + * Removed preemptive "full access to cgroups" warning when calling `runc + pause` or `runc unpause` as an unprivileged user without + `--systemd-cgroups`. Now the warning is only emitted if an actual permission + error was encountered. (#4709, #4720) + * Add time namespace to container config after checkpoint/restore. CRIU since + version 3.14 uses a time namespace for checkpoint/restore, however it was + not joining the time namespace in runc. (#4696, #4714) + * Container processes will no longer inherit the CPU affinity of runc by + default. Instead, the default CPU affinity of container processes will be + the largest set of CPUs permitted by the container's cpuset cgroup and any + other system restrictions (such as isolated CPUs). (#4041, #4815, #4858) + * Close seccomp agent connection to prevent resource leaks. (#4796, #4800) + * Several fixes to our CI, mainly related to AlmaLinux and CRIU. (#4670, + #4728, #4736, #4742) + * Setting `linux.rootfsPropagation` to `shared` or `unbindable` now functions + properly. (#1755, #1815, #4724, #4791) + * `runc update` will no longer clear intelRdt state information. (#4828, + #4834) + +### Changed + * In runc 1.2, we changed our mount behaviour to correctly handle clearing + flags. However, the error messages we returned did not provide as much + information to users about what clearing flags were conflicting with locked + mount flags. We now provide more diagnostic information if there is an error + when in the fallback path to handle locked mount flags. (#4734, #4740) + * Ignore the dmem controller in our cgroup tests, as systemd does not yet + support it. (#4806, #4811) + * `/proc/net/dev` is no longer included in the permitted procfs overmount + list. Its inclusion was almost certainly an error, and because `/proc/net` + is a symlink to `/proc/self/net`, overmounting this was almost certainly + never useful (and will be blocked by future kernel versions). (#4817, #4820) + * CI: Switch to GitHub-hosted ARM runners. Thanks again to @alexellis for + supporting runc's ARM CI up until now. (#4844, #4856, #4867) + * Simplify the `prepareCriuRestoreMounts` logic for checkpoint-restore. + (#4765, #4872) + ## [1.2.6] - 2025-03-17 > Hasta la victoria, siempre. @@ -1136,7 +1177,8 @@ implementation (libcontainer) is *not* covered by this policy. [1.1.0-rc.1]: https://github.com/opencontainers/runc/compare/v1.0.0...v1.1.0-rc.1 -[Unreleased 1.2.z]: https://github.com/opencontainers/runc/compare/v1.2.6...release-1.2 +[Unreleased 1.2.z]: https://github.com/opencontainers/runc/compare/v1.2.7...release-1.2 +[1.2.7]: https://github.com/opencontainers/runc/compare/v1.2.6...v1.2.7 [1.2.6]: https://github.com/opencontainers/runc/compare/v1.2.5...v1.2.6 [1.2.5]: https://github.com/opencontainers/runc/compare/v1.2.4...v1.2.5 [1.2.4]: https://github.com/opencontainers/runc/compare/v1.2.3...v1.2.4 From 081b8c25b3618bb8547c864639e9fc1305977937 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Fri, 5 Sep 2025 13:42:45 +1000 Subject: [PATCH 1019/1176] CHANGELOG: forward-port v1.3.1 changelog Signed-off-by: Aleksa Sarai --- CHANGELOG.md | 41 +++++++++++++++++++++++++++++++++++++++-- 1 file changed, 39 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8086799e3a2..9c00e9d6df0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -29,6 +29,42 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 the largest set of CPUs permitted by the container's cpuset cgroup and any other system restrictions (such as isolated CPUs). (#4041, #4815, #4858) +## [1.3.1] - 2025-09-05 + +> ă“ă®ç“¦ç¤«ă®å±±ă§ă‚ˆă‰ + +### Fixed + * Container processes will no longer inherit the CPU affinity of runc by + default. Instead, the default CPU affinity of container processes will be + the largest set of CPUs permitted by the container's cpuset cgroup and any + other system restrictions (such as isolated CPUs). (#4041, #4815, #4858) + * Setting `linux.rootfsPropagation` to `shared` or `unbindable` now functions + properly. (#1755, #1815, #4724, #4789) + * Close seccomp agent connection to prevent resource leaks. (#4796, #4799) + * `runc delete` and `runc stop` can now correctly handle cases where `runc + create` was killed during setup. Previously it was possible for the + container to be in such a state that neither `runc stop` nor `runc delete` + would be unable to kill or delete the container. (#4534, #4645, #4757, + #4793) + * `runc update` will no longer clear intelRdt state information. (#4828, + #4833) + * CI: Fix exclusion rules and allow us to run jobs manually. (#4760, #4763) + +### Changed + * Improvements to the deprecation warnings as part of the + `github.com/opencontainers/cgroups` split. (#4784, #4788) + * Ignore the dmem controller in our cgroup tests, as systemd does not yet + support it. (#4806, #4811) + * `/proc/net/dev` is no longer included in the permitted procfs overmount + list. Its inclusion was almost certainly an error, and because `/proc/net` + is a symlink to `/proc/self/net`, overmounting this was almost certainly + never useful (and will be blocked by future kernel versions). (#4817, #4820) + * Simplify the `prepareCriuRestoreMounts` logic for checkpoint-restore. + (#4765, #4871) + * CI: Bump `golangci-lint` to v2.1. (#4747, #4754) + * CI: Switch to GitHub-hosted ARM runners. Thanks again to @alexellis for + supporting runc's ARM CI up until now. (#4844, #4856, #4866) + ## [1.3.0] - 2025-04-30 > Mr. President, we must not allow a mine shaft gap! @@ -1147,6 +1183,7 @@ implementation (libcontainer) is *not* covered by this policy. [Unreleased]: https://github.com/opencontainers/runc/compare/v1.3.0-rc.1...HEAD +[1.3.0]: https://github.com/opencontainers/runc/compare/v1.3.0-rc.2...v1.3.0 [1.2.0]: https://github.com/opencontainers/runc/compare/v1.2.0-rc.1...v1.2.0 [1.1.0]: https://github.com/opencontainers/runc/compare/v1.1.0-rc.1...v1.1.0 [1.0.0]: https://github.com/opencontainers/runc/releases/tag/v1.0.0 @@ -1190,7 +1227,7 @@ implementation (libcontainer) is *not* covered by this policy. [1.2.0-rc.1]: https://github.com/opencontainers/runc/compare/v1.1.0...v1.2.0-rc.1 -[Unreleased 1.3.z]: https://github.com/opencontainers/runc/compare/v1.3.0...release-1.3 -[1.3.0]: https://github.com/opencontainers/runc/compare/v1.3.0-rc.2...v1.3.0 +[Unreleased 1.3.z]: https://github.com/opencontainers/runc/compare/v1.3.1...release-1.3 +[1.3.1]: https://github.com/opencontainers/runc/compare/v1.3.0...v1.3.1 [1.3.0-rc.2]: https://github.com/opencontainers/runc/compare/v1.3.0-rc.1...v1.3.0-rc.2 [1.3.0-rc.1]: https://github.com/opencontainers/runc/compare/v1.2.0...v1.3.0-rc.1 From b2ec7f9201cd52f0e3a8d83bc0b25da41239cb2c Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Thu, 4 Sep 2025 17:46:16 +1000 Subject: [PATCH 1020/1176] VERSION: release v1.4.0-rc.1 Signed-off-by: Aleksa Sarai --- CHANGELOG.md | 73 ++++++++++++++++++++++++++++++++++++++++++++++++++++ VERSION | 2 +- 2 files changed, 74 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9c00e9d6df0..eb5cae31a72 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,9 +6,17 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +## [1.4.0-rc.1] - 2025-09-05 + +> ăă‚ă‚§ă‚‚ăƒœă‚¹ă«ăªă£ăŸă‚“ă ă‚ă‰ï¼Ÿ + +This version of runc requires Go 1.24 to build. + ### libcontainer API - The deprecated `libcontainer/user` package has been removed; use `github.com/moby/sys/user` instead. (#3999, #4617) +- `libcontainer/apparmor` variables containing public functions have been + switched to wrapper functions. (#4725) ### Breaking - runc update no longer allows `--l3-cache-schema` or `--mem-bw-schema` if @@ -22,12 +30,74 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 create a new CLOS but fail to apply the schema, move only the init process (omitting children) to the new group, and leave the CLOS orphaned after container exit. (#4827) +- The deprecated `--criu` flag has been removed entirely, instead the `criu` + binary in `$PATH` will be used. (#4722) + +### Added + * runc now supports the `linux.netDevices` field to allow for devices to be + moved into container network namespaces seamlessly. (#4538) + * `runc update` now supports per-device weight and iops cgroup limits. (#4775) + * intel rdt: allow explicit assignment to root CLOS. (#4854) ### Fixed * Container processes will no longer inherit the CPU affinity of runc by default. Instead, the default CPU affinity of container processes will be the largest set of CPUs permitted by the container's cpuset cgroup and any other system restrictions (such as isolated CPUs). (#4041, #4815, #4858) + * Use `chown(uid, -1)` when configuring the console inode, to avoid issues + with unmapped GIDs. (#4679) + * Add logging for the cases where failed keyring operations are ignored during + setup. (#4676) + * Optimise `runc exec` by avoiding calling into SELinux's `Set.*Label` when + `processLabel` is not set. (#4354) + * Fix mips64 builds for remap-rootfs. (#4723) + * Setting `linux.rootfsPropagation` to `shared` or `unbindable` now functions + properly. (#1755, #1815, #4724) + * runc delete and runc stop can now correctly handle cases where runc + create was killed during setup. Previously it was possible for the + container to be in such a state that neither runc stop nor runc + delete would be unable to kill or delete the container. (#4534, + #4645, #4757) + * Close seccomp agent connection to prevent resource leaks. (#4796) + * `runc update` will no longer clear intelRdt state information. (#4828) + * runc will now error out earlier if intelRdt is not enabled. (#4829) + * Improve filesystem operations within intelRdt manager. (#4840, #4831) + * Resolve a certain race between `runc create` and `runc delete` that would + previously result in spurious errors. (#4735) + * CI: skip bpf tests on misbehaving udev systems. (#4825) + +### Changes + * Use Go's built-in `pidfd_send_signal(2)` support when available. (#4666) + * Make `state.json` 25% smaller. (#4685) + * Migrate to Go 1.22+ features. (#4687, #4703) + * Provide private wrappers around common syscalls to make `-EINTR` handling + less cumbersome for the rest of runc. (#4697) + * Ignore the dmem controller in our cgroup tests, as systemd does not + yet support it. (#4806) + * `/proc/net/dev` is no longer included in the permitted procfs overmount + list. Its inclusion was almost certainly an error, and because + `/proc/net` is a symlink to `/proc/self/net`, overmounting this was + almost certainly never useful (and will be blocked by future kernel + versions). (#4817) + * Simplify the prepareCriuRestoreMounts logic for checkpoint-restore. + (#4765) + * Bump minimum Go version to 1.24. (#4851) + * CI: migrate virtualised Fedora tests from Vagrant + Cirrus to Lima + GHA. We + still use Cirrus for the AlmaLinux tests, since they can be run without + virtualisation. (#4664) + * CI: install fewer dependencies (#4671), bump shellcheck and bats versions + (#4670). + * CI: remove `toolchain` from `go.mod` and add a CI check to make sure it's + never added accidentally. (#4717, #4721) + * CI: do not allow `exclude` or `replace` directives in `go.mod`, to make sure + that `go install` doesn't get accidentally broken. (#4750) + * CI: fix exclusion rules and allow us to run jobs manually. (#4760) + * CI: Switch to GitHub-hosted ARM runners. Thanks again to @alexellis + for supporting runc's ARM CI up until now. (#4844, #4856) + * Various dependency updates. (#4659, #4658, #4662, #4663, #4689, #4694, + #4702, #4701, #4707, #4710, #4746, #4756, #4751, #4758, #4764, #4768, #4779, + #4783, #4785, #4801, #4808, #4803, #4839, #4846, #4847, #4845, #4850, #4861, + #4860) ## [1.3.1] - 2025-09-05 @@ -1231,3 +1301,6 @@ implementation (libcontainer) is *not* covered by this policy. [1.3.1]: https://github.com/opencontainers/runc/compare/v1.3.0...v1.3.1 [1.3.0-rc.2]: https://github.com/opencontainers/runc/compare/v1.3.0-rc.1...v1.3.0-rc.2 [1.3.0-rc.1]: https://github.com/opencontainers/runc/compare/v1.2.0...v1.3.0-rc.1 + + +[1.4.0-rc.1]: https://github.com/opencontainers/runc/compare/v1.3.0...v1.4.0-rc.1 diff --git a/VERSION b/VERSION index b15bbb96b3b..0aed980ae60 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.3.0-rc.1+dev +1.4.0-rc.1 From 77367fca1f5ef1e1ea604c1ed821b0794080b0a0 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Thu, 4 Sep 2025 20:11:32 +1000 Subject: [PATCH 1021/1176] VERSION: back to development Signed-off-by: Aleksa Sarai --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index 0aed980ae60..7293a77ece3 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.4.0-rc.1 +1.4.0-rc.1+dev From 527d2e668f8b6c849d29e0a63799404829cfd5f9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Sep 2025 04:02:59 +0000 Subject: [PATCH 1022/1176] build(deps): bump golang.org/x/sys from 0.35.0 to 0.36.0 Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.35.0 to 0.36.0. - [Commits](https://github.com/golang/sys/compare/v0.35.0...v0.36.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-version: 0.36.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 +- .../golang.org/x/sys/unix/affinity_linux.go | 4 +- .../golang.org/x/sys/unix/syscall_solaris.go | 2 +- .../x/sys/unix/zsyscall_solaris_amd64.go | 8 +- vendor/golang.org/x/sys/unix/ztypes_linux.go | 41 + .../golang.org/x/sys/windows/types_windows.go | 6 + .../x/sys/windows/zsyscall_windows.go | 966 +++++++++--------- vendor/modules.txt | 4 +- 9 files changed, 541 insertions(+), 496 deletions(-) diff --git a/go.mod b/go.mod index 756837fbb9b..530cf19b80e 100644 --- a/go.mod +++ b/go.mod @@ -23,7 +23,7 @@ require ( github.com/vishvananda/netlink v1.3.1 github.com/vishvananda/netns v0.0.5 golang.org/x/net v0.43.0 - golang.org/x/sys v0.35.0 + golang.org/x/sys v0.36.0 google.golang.org/protobuf v1.36.8 ) diff --git a/go.sum b/go.sum index c9c14135eb3..10d00105a5a 100644 --- a/go.sum +++ b/go.sum @@ -84,8 +84,8 @@ golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.35.0 h1:vz1N37gP5bs89s7He8XuIYXpyY0+QlsKmzipCbUtyxI= -golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= +golang.org/x/sys v0.36.0 h1:KVRy2GtZBrk1cBYA7MKu5bEZFxQk4NIDV6RLVcC8o0k= +golang.org/x/sys v0.36.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= google.golang.org/protobuf v1.36.8 h1:xHScyCOEuuwZEc6UtSOvPbAT4zRh0xcNRYekJwfqyMc= google.golang.org/protobuf v1.36.8/go.mod h1:fuxRtAxBytpl4zzqUh6/eyUujkJdNiuEkXntxiD/uRU= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/vendor/golang.org/x/sys/unix/affinity_linux.go b/vendor/golang.org/x/sys/unix/affinity_linux.go index 6e5c81acd04..3c7a6d6e2f1 100644 --- a/vendor/golang.org/x/sys/unix/affinity_linux.go +++ b/vendor/golang.org/x/sys/unix/affinity_linux.go @@ -38,9 +38,7 @@ func SchedSetaffinity(pid int, set *CPUSet) error { // Zero clears the set s, so that it contains no CPUs. func (s *CPUSet) Zero() { - for i := range s { - s[i] = 0 - } + clear(s[:]) } func cpuBitsIndex(cpu int) int { diff --git a/vendor/golang.org/x/sys/unix/syscall_solaris.go b/vendor/golang.org/x/sys/unix/syscall_solaris.go index abc3955477c..18a3d9bdabc 100644 --- a/vendor/golang.org/x/sys/unix/syscall_solaris.go +++ b/vendor/golang.org/x/sys/unix/syscall_solaris.go @@ -629,7 +629,7 @@ func Sendfile(outfd int, infd int, offset *int64, count int) (written int, err e //sys Kill(pid int, signum syscall.Signal) (err error) //sys Lchown(path string, uid int, gid int) (err error) //sys Link(path string, link string) (err error) -//sys Listen(s int, backlog int) (err error) = libsocket.__xnet_llisten +//sys Listen(s int, backlog int) (err error) = libsocket.__xnet_listen //sys Lstat(path string, stat *Stat_t) (err error) //sys Madvise(b []byte, advice int) (err error) //sys Mkdir(path string, mode uint32) (err error) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go index c6545413c45..b4609c20c24 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go @@ -72,7 +72,7 @@ import ( //go:cgo_import_dynamic libc_kill kill "libc.so" //go:cgo_import_dynamic libc_lchown lchown "libc.so" //go:cgo_import_dynamic libc_link link "libc.so" -//go:cgo_import_dynamic libc___xnet_llisten __xnet_llisten "libsocket.so" +//go:cgo_import_dynamic libc___xnet_listen __xnet_listen "libsocket.so" //go:cgo_import_dynamic libc_lstat lstat "libc.so" //go:cgo_import_dynamic libc_madvise madvise "libc.so" //go:cgo_import_dynamic libc_mkdir mkdir "libc.so" @@ -221,7 +221,7 @@ import ( //go:linkname procKill libc_kill //go:linkname procLchown libc_lchown //go:linkname procLink libc_link -//go:linkname proc__xnet_llisten libc___xnet_llisten +//go:linkname proc__xnet_listen libc___xnet_listen //go:linkname procLstat libc_lstat //go:linkname procMadvise libc_madvise //go:linkname procMkdir libc_mkdir @@ -371,7 +371,7 @@ var ( procKill, procLchown, procLink, - proc__xnet_llisten, + proc__xnet_listen, procLstat, procMadvise, procMkdir, @@ -1178,7 +1178,7 @@ func Link(path string, link string) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT func Listen(s int, backlog int) (err error) { - _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&proc__xnet_llisten)), 2, uintptr(s), uintptr(backlog), 0, 0, 0, 0) + _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&proc__xnet_listen)), 2, uintptr(s), uintptr(backlog), 0, 0, 0, 0) if e1 != 0 { err = errnoErr(e1) } diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux.go b/vendor/golang.org/x/sys/unix/ztypes_linux.go index cd236443f64..944e75a11cb 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux.go @@ -632,6 +632,8 @@ const ( IFA_FLAGS = 0x8 IFA_RT_PRIORITY = 0x9 IFA_TARGET_NETNSID = 0xa + IFAL_LABEL = 0x2 + IFAL_ADDRESS = 0x1 RT_SCOPE_UNIVERSE = 0x0 RT_SCOPE_SITE = 0xc8 RT_SCOPE_LINK = 0xfd @@ -689,6 +691,7 @@ const ( SizeofRtAttr = 0x4 SizeofIfInfomsg = 0x10 SizeofIfAddrmsg = 0x8 + SizeofIfAddrlblmsg = 0xc SizeofIfaCacheinfo = 0x10 SizeofRtMsg = 0xc SizeofRtNexthop = 0x8 @@ -740,6 +743,15 @@ type IfAddrmsg struct { Index uint32 } +type IfAddrlblmsg struct { + Family uint8 + _ uint8 + Prefixlen uint8 + Flags uint8 + Index uint32 + Seq uint32 +} + type IfaCacheinfo struct { Prefered uint32 Valid uint32 @@ -3052,6 +3064,23 @@ const ( ) const ( + TCA_UNSPEC = 0x0 + TCA_KIND = 0x1 + TCA_OPTIONS = 0x2 + TCA_STATS = 0x3 + TCA_XSTATS = 0x4 + TCA_RATE = 0x5 + TCA_FCNT = 0x6 + TCA_STATS2 = 0x7 + TCA_STAB = 0x8 + TCA_PAD = 0x9 + TCA_DUMP_INVISIBLE = 0xa + TCA_CHAIN = 0xb + TCA_HW_OFFLOAD = 0xc + TCA_INGRESS_BLOCK = 0xd + TCA_EGRESS_BLOCK = 0xe + TCA_DUMP_FLAGS = 0xf + TCA_EXT_WARN_MSG = 0x10 RTNLGRP_NONE = 0x0 RTNLGRP_LINK = 0x1 RTNLGRP_NOTIFY = 0x2 @@ -3086,6 +3115,18 @@ const ( RTNLGRP_IPV6_MROUTE_R = 0x1f RTNLGRP_NEXTHOP = 0x20 RTNLGRP_BRVLAN = 0x21 + RTNLGRP_MCTP_IFADDR = 0x22 + RTNLGRP_TUNNEL = 0x23 + RTNLGRP_STATS = 0x24 + RTNLGRP_IPV4_MCADDR = 0x25 + RTNLGRP_IPV6_MCADDR = 0x26 + RTNLGRP_IPV6_ACADDR = 0x27 + TCA_ROOT_UNSPEC = 0x0 + TCA_ROOT_TAB = 0x1 + TCA_ROOT_FLAGS = 0x2 + TCA_ROOT_COUNT = 0x3 + TCA_ROOT_TIME_DELTA = 0x4 + TCA_ROOT_EXT_WARN_MSG = 0x5 ) type CapUserHeader struct { diff --git a/vendor/golang.org/x/sys/windows/types_windows.go b/vendor/golang.org/x/sys/windows/types_windows.go index 958bcf47a38..993a2297dbe 100644 --- a/vendor/golang.org/x/sys/windows/types_windows.go +++ b/vendor/golang.org/x/sys/windows/types_windows.go @@ -1976,6 +1976,12 @@ const ( SYMBOLIC_LINK_FLAG_DIRECTORY = 0x1 ) +// FILE_ZERO_DATA_INFORMATION from winioctl.h +type FileZeroDataInformation struct { + FileOffset int64 + BeyondFinalZero int64 +} + const ( ComputerNameNetBIOS = 0 ComputerNameDnsHostname = 1 diff --git a/vendor/golang.org/x/sys/windows/zsyscall_windows.go b/vendor/golang.org/x/sys/windows/zsyscall_windows.go index a58bc48b8ed..641a5f4b775 100644 --- a/vendor/golang.org/x/sys/windows/zsyscall_windows.go +++ b/vendor/golang.org/x/sys/windows/zsyscall_windows.go @@ -546,25 +546,25 @@ var ( ) func cm_Get_DevNode_Status(status *uint32, problemNumber *uint32, devInst DEVINST, flags uint32) (ret CONFIGRET) { - r0, _, _ := syscall.Syscall6(procCM_Get_DevNode_Status.Addr(), 4, uintptr(unsafe.Pointer(status)), uintptr(unsafe.Pointer(problemNumber)), uintptr(devInst), uintptr(flags), 0, 0) + r0, _, _ := syscall.SyscallN(procCM_Get_DevNode_Status.Addr(), uintptr(unsafe.Pointer(status)), uintptr(unsafe.Pointer(problemNumber)), uintptr(devInst), uintptr(flags)) ret = CONFIGRET(r0) return } func cm_Get_Device_Interface_List(interfaceClass *GUID, deviceID *uint16, buffer *uint16, bufferLen uint32, flags uint32) (ret CONFIGRET) { - r0, _, _ := syscall.Syscall6(procCM_Get_Device_Interface_ListW.Addr(), 5, uintptr(unsafe.Pointer(interfaceClass)), uintptr(unsafe.Pointer(deviceID)), uintptr(unsafe.Pointer(buffer)), uintptr(bufferLen), uintptr(flags), 0) + r0, _, _ := syscall.SyscallN(procCM_Get_Device_Interface_ListW.Addr(), uintptr(unsafe.Pointer(interfaceClass)), uintptr(unsafe.Pointer(deviceID)), uintptr(unsafe.Pointer(buffer)), uintptr(bufferLen), uintptr(flags)) ret = CONFIGRET(r0) return } func cm_Get_Device_Interface_List_Size(len *uint32, interfaceClass *GUID, deviceID *uint16, flags uint32) (ret CONFIGRET) { - r0, _, _ := syscall.Syscall6(procCM_Get_Device_Interface_List_SizeW.Addr(), 4, uintptr(unsafe.Pointer(len)), uintptr(unsafe.Pointer(interfaceClass)), uintptr(unsafe.Pointer(deviceID)), uintptr(flags), 0, 0) + r0, _, _ := syscall.SyscallN(procCM_Get_Device_Interface_List_SizeW.Addr(), uintptr(unsafe.Pointer(len)), uintptr(unsafe.Pointer(interfaceClass)), uintptr(unsafe.Pointer(deviceID)), uintptr(flags)) ret = CONFIGRET(r0) return } func cm_MapCrToWin32Err(configRet CONFIGRET, defaultWin32Error Errno) (ret Errno) { - r0, _, _ := syscall.Syscall(procCM_MapCrToWin32Err.Addr(), 2, uintptr(configRet), uintptr(defaultWin32Error), 0) + r0, _, _ := syscall.SyscallN(procCM_MapCrToWin32Err.Addr(), uintptr(configRet), uintptr(defaultWin32Error)) ret = Errno(r0) return } @@ -574,7 +574,7 @@ func AdjustTokenGroups(token Token, resetToDefault bool, newstate *Tokengroups, if resetToDefault { _p0 = 1 } - r1, _, e1 := syscall.Syscall6(procAdjustTokenGroups.Addr(), 6, uintptr(token), uintptr(_p0), uintptr(unsafe.Pointer(newstate)), uintptr(buflen), uintptr(unsafe.Pointer(prevstate)), uintptr(unsafe.Pointer(returnlen))) + r1, _, e1 := syscall.SyscallN(procAdjustTokenGroups.Addr(), uintptr(token), uintptr(_p0), uintptr(unsafe.Pointer(newstate)), uintptr(buflen), uintptr(unsafe.Pointer(prevstate)), uintptr(unsafe.Pointer(returnlen))) if r1 == 0 { err = errnoErr(e1) } @@ -586,7 +586,7 @@ func AdjustTokenPrivileges(token Token, disableAllPrivileges bool, newstate *Tok if disableAllPrivileges { _p0 = 1 } - r1, _, e1 := syscall.Syscall6(procAdjustTokenPrivileges.Addr(), 6, uintptr(token), uintptr(_p0), uintptr(unsafe.Pointer(newstate)), uintptr(buflen), uintptr(unsafe.Pointer(prevstate)), uintptr(unsafe.Pointer(returnlen))) + r1, _, e1 := syscall.SyscallN(procAdjustTokenPrivileges.Addr(), uintptr(token), uintptr(_p0), uintptr(unsafe.Pointer(newstate)), uintptr(buflen), uintptr(unsafe.Pointer(prevstate)), uintptr(unsafe.Pointer(returnlen))) if r1 == 0 { err = errnoErr(e1) } @@ -594,7 +594,7 @@ func AdjustTokenPrivileges(token Token, disableAllPrivileges bool, newstate *Tok } func AllocateAndInitializeSid(identAuth *SidIdentifierAuthority, subAuth byte, subAuth0 uint32, subAuth1 uint32, subAuth2 uint32, subAuth3 uint32, subAuth4 uint32, subAuth5 uint32, subAuth6 uint32, subAuth7 uint32, sid **SID) (err error) { - r1, _, e1 := syscall.Syscall12(procAllocateAndInitializeSid.Addr(), 11, uintptr(unsafe.Pointer(identAuth)), uintptr(subAuth), uintptr(subAuth0), uintptr(subAuth1), uintptr(subAuth2), uintptr(subAuth3), uintptr(subAuth4), uintptr(subAuth5), uintptr(subAuth6), uintptr(subAuth7), uintptr(unsafe.Pointer(sid)), 0) + r1, _, e1 := syscall.SyscallN(procAllocateAndInitializeSid.Addr(), uintptr(unsafe.Pointer(identAuth)), uintptr(subAuth), uintptr(subAuth0), uintptr(subAuth1), uintptr(subAuth2), uintptr(subAuth3), uintptr(subAuth4), uintptr(subAuth5), uintptr(subAuth6), uintptr(subAuth7), uintptr(unsafe.Pointer(sid))) if r1 == 0 { err = errnoErr(e1) } @@ -602,7 +602,7 @@ func AllocateAndInitializeSid(identAuth *SidIdentifierAuthority, subAuth byte, s } func buildSecurityDescriptor(owner *TRUSTEE, group *TRUSTEE, countAccessEntries uint32, accessEntries *EXPLICIT_ACCESS, countAuditEntries uint32, auditEntries *EXPLICIT_ACCESS, oldSecurityDescriptor *SECURITY_DESCRIPTOR, sizeNewSecurityDescriptor *uint32, newSecurityDescriptor **SECURITY_DESCRIPTOR) (ret error) { - r0, _, _ := syscall.Syscall9(procBuildSecurityDescriptorW.Addr(), 9, uintptr(unsafe.Pointer(owner)), uintptr(unsafe.Pointer(group)), uintptr(countAccessEntries), uintptr(unsafe.Pointer(accessEntries)), uintptr(countAuditEntries), uintptr(unsafe.Pointer(auditEntries)), uintptr(unsafe.Pointer(oldSecurityDescriptor)), uintptr(unsafe.Pointer(sizeNewSecurityDescriptor)), uintptr(unsafe.Pointer(newSecurityDescriptor))) + r0, _, _ := syscall.SyscallN(procBuildSecurityDescriptorW.Addr(), uintptr(unsafe.Pointer(owner)), uintptr(unsafe.Pointer(group)), uintptr(countAccessEntries), uintptr(unsafe.Pointer(accessEntries)), uintptr(countAuditEntries), uintptr(unsafe.Pointer(auditEntries)), uintptr(unsafe.Pointer(oldSecurityDescriptor)), uintptr(unsafe.Pointer(sizeNewSecurityDescriptor)), uintptr(unsafe.Pointer(newSecurityDescriptor))) if r0 != 0 { ret = syscall.Errno(r0) } @@ -610,7 +610,7 @@ func buildSecurityDescriptor(owner *TRUSTEE, group *TRUSTEE, countAccessEntries } func ChangeServiceConfig2(service Handle, infoLevel uint32, info *byte) (err error) { - r1, _, e1 := syscall.Syscall(procChangeServiceConfig2W.Addr(), 3, uintptr(service), uintptr(infoLevel), uintptr(unsafe.Pointer(info))) + r1, _, e1 := syscall.SyscallN(procChangeServiceConfig2W.Addr(), uintptr(service), uintptr(infoLevel), uintptr(unsafe.Pointer(info))) if r1 == 0 { err = errnoErr(e1) } @@ -618,7 +618,7 @@ func ChangeServiceConfig2(service Handle, infoLevel uint32, info *byte) (err err } func ChangeServiceConfig(service Handle, serviceType uint32, startType uint32, errorControl uint32, binaryPathName *uint16, loadOrderGroup *uint16, tagId *uint32, dependencies *uint16, serviceStartName *uint16, password *uint16, displayName *uint16) (err error) { - r1, _, e1 := syscall.Syscall12(procChangeServiceConfigW.Addr(), 11, uintptr(service), uintptr(serviceType), uintptr(startType), uintptr(errorControl), uintptr(unsafe.Pointer(binaryPathName)), uintptr(unsafe.Pointer(loadOrderGroup)), uintptr(unsafe.Pointer(tagId)), uintptr(unsafe.Pointer(dependencies)), uintptr(unsafe.Pointer(serviceStartName)), uintptr(unsafe.Pointer(password)), uintptr(unsafe.Pointer(displayName)), 0) + r1, _, e1 := syscall.SyscallN(procChangeServiceConfigW.Addr(), uintptr(service), uintptr(serviceType), uintptr(startType), uintptr(errorControl), uintptr(unsafe.Pointer(binaryPathName)), uintptr(unsafe.Pointer(loadOrderGroup)), uintptr(unsafe.Pointer(tagId)), uintptr(unsafe.Pointer(dependencies)), uintptr(unsafe.Pointer(serviceStartName)), uintptr(unsafe.Pointer(password)), uintptr(unsafe.Pointer(displayName))) if r1 == 0 { err = errnoErr(e1) } @@ -626,7 +626,7 @@ func ChangeServiceConfig(service Handle, serviceType uint32, startType uint32, e } func checkTokenMembership(tokenHandle Token, sidToCheck *SID, isMember *int32) (err error) { - r1, _, e1 := syscall.Syscall(procCheckTokenMembership.Addr(), 3, uintptr(tokenHandle), uintptr(unsafe.Pointer(sidToCheck)), uintptr(unsafe.Pointer(isMember))) + r1, _, e1 := syscall.SyscallN(procCheckTokenMembership.Addr(), uintptr(tokenHandle), uintptr(unsafe.Pointer(sidToCheck)), uintptr(unsafe.Pointer(isMember))) if r1 == 0 { err = errnoErr(e1) } @@ -634,7 +634,7 @@ func checkTokenMembership(tokenHandle Token, sidToCheck *SID, isMember *int32) ( } func CloseServiceHandle(handle Handle) (err error) { - r1, _, e1 := syscall.Syscall(procCloseServiceHandle.Addr(), 1, uintptr(handle), 0, 0) + r1, _, e1 := syscall.SyscallN(procCloseServiceHandle.Addr(), uintptr(handle)) if r1 == 0 { err = errnoErr(e1) } @@ -642,7 +642,7 @@ func CloseServiceHandle(handle Handle) (err error) { } func ControlService(service Handle, control uint32, status *SERVICE_STATUS) (err error) { - r1, _, e1 := syscall.Syscall(procControlService.Addr(), 3, uintptr(service), uintptr(control), uintptr(unsafe.Pointer(status))) + r1, _, e1 := syscall.SyscallN(procControlService.Addr(), uintptr(service), uintptr(control), uintptr(unsafe.Pointer(status))) if r1 == 0 { err = errnoErr(e1) } @@ -650,7 +650,7 @@ func ControlService(service Handle, control uint32, status *SERVICE_STATUS) (err } func convertSecurityDescriptorToStringSecurityDescriptor(sd *SECURITY_DESCRIPTOR, revision uint32, securityInformation SECURITY_INFORMATION, str **uint16, strLen *uint32) (err error) { - r1, _, e1 := syscall.Syscall6(procConvertSecurityDescriptorToStringSecurityDescriptorW.Addr(), 5, uintptr(unsafe.Pointer(sd)), uintptr(revision), uintptr(securityInformation), uintptr(unsafe.Pointer(str)), uintptr(unsafe.Pointer(strLen)), 0) + r1, _, e1 := syscall.SyscallN(procConvertSecurityDescriptorToStringSecurityDescriptorW.Addr(), uintptr(unsafe.Pointer(sd)), uintptr(revision), uintptr(securityInformation), uintptr(unsafe.Pointer(str)), uintptr(unsafe.Pointer(strLen))) if r1 == 0 { err = errnoErr(e1) } @@ -658,7 +658,7 @@ func convertSecurityDescriptorToStringSecurityDescriptor(sd *SECURITY_DESCRIPTOR } func ConvertSidToStringSid(sid *SID, stringSid **uint16) (err error) { - r1, _, e1 := syscall.Syscall(procConvertSidToStringSidW.Addr(), 2, uintptr(unsafe.Pointer(sid)), uintptr(unsafe.Pointer(stringSid)), 0) + r1, _, e1 := syscall.SyscallN(procConvertSidToStringSidW.Addr(), uintptr(unsafe.Pointer(sid)), uintptr(unsafe.Pointer(stringSid))) if r1 == 0 { err = errnoErr(e1) } @@ -675,7 +675,7 @@ func convertStringSecurityDescriptorToSecurityDescriptor(str string, revision ui } func _convertStringSecurityDescriptorToSecurityDescriptor(str *uint16, revision uint32, sd **SECURITY_DESCRIPTOR, size *uint32) (err error) { - r1, _, e1 := syscall.Syscall6(procConvertStringSecurityDescriptorToSecurityDescriptorW.Addr(), 4, uintptr(unsafe.Pointer(str)), uintptr(revision), uintptr(unsafe.Pointer(sd)), uintptr(unsafe.Pointer(size)), 0, 0) + r1, _, e1 := syscall.SyscallN(procConvertStringSecurityDescriptorToSecurityDescriptorW.Addr(), uintptr(unsafe.Pointer(str)), uintptr(revision), uintptr(unsafe.Pointer(sd)), uintptr(unsafe.Pointer(size))) if r1 == 0 { err = errnoErr(e1) } @@ -683,7 +683,7 @@ func _convertStringSecurityDescriptorToSecurityDescriptor(str *uint16, revision } func ConvertStringSidToSid(stringSid *uint16, sid **SID) (err error) { - r1, _, e1 := syscall.Syscall(procConvertStringSidToSidW.Addr(), 2, uintptr(unsafe.Pointer(stringSid)), uintptr(unsafe.Pointer(sid)), 0) + r1, _, e1 := syscall.SyscallN(procConvertStringSidToSidW.Addr(), uintptr(unsafe.Pointer(stringSid)), uintptr(unsafe.Pointer(sid))) if r1 == 0 { err = errnoErr(e1) } @@ -691,7 +691,7 @@ func ConvertStringSidToSid(stringSid *uint16, sid **SID) (err error) { } func CopySid(destSidLen uint32, destSid *SID, srcSid *SID) (err error) { - r1, _, e1 := syscall.Syscall(procCopySid.Addr(), 3, uintptr(destSidLen), uintptr(unsafe.Pointer(destSid)), uintptr(unsafe.Pointer(srcSid))) + r1, _, e1 := syscall.SyscallN(procCopySid.Addr(), uintptr(destSidLen), uintptr(unsafe.Pointer(destSid)), uintptr(unsafe.Pointer(srcSid))) if r1 == 0 { err = errnoErr(e1) } @@ -703,7 +703,7 @@ func CreateProcessAsUser(token Token, appName *uint16, commandLine *uint16, proc if inheritHandles { _p0 = 1 } - r1, _, e1 := syscall.Syscall12(procCreateProcessAsUserW.Addr(), 11, uintptr(token), uintptr(unsafe.Pointer(appName)), uintptr(unsafe.Pointer(commandLine)), uintptr(unsafe.Pointer(procSecurity)), uintptr(unsafe.Pointer(threadSecurity)), uintptr(_p0), uintptr(creationFlags), uintptr(unsafe.Pointer(env)), uintptr(unsafe.Pointer(currentDir)), uintptr(unsafe.Pointer(startupInfo)), uintptr(unsafe.Pointer(outProcInfo)), 0) + r1, _, e1 := syscall.SyscallN(procCreateProcessAsUserW.Addr(), uintptr(token), uintptr(unsafe.Pointer(appName)), uintptr(unsafe.Pointer(commandLine)), uintptr(unsafe.Pointer(procSecurity)), uintptr(unsafe.Pointer(threadSecurity)), uintptr(_p0), uintptr(creationFlags), uintptr(unsafe.Pointer(env)), uintptr(unsafe.Pointer(currentDir)), uintptr(unsafe.Pointer(startupInfo)), uintptr(unsafe.Pointer(outProcInfo))) if r1 == 0 { err = errnoErr(e1) } @@ -711,7 +711,7 @@ func CreateProcessAsUser(token Token, appName *uint16, commandLine *uint16, proc } func CreateService(mgr Handle, serviceName *uint16, displayName *uint16, access uint32, srvType uint32, startType uint32, errCtl uint32, pathName *uint16, loadOrderGroup *uint16, tagId *uint32, dependencies *uint16, serviceStartName *uint16, password *uint16) (handle Handle, err error) { - r0, _, e1 := syscall.Syscall15(procCreateServiceW.Addr(), 13, uintptr(mgr), uintptr(unsafe.Pointer(serviceName)), uintptr(unsafe.Pointer(displayName)), uintptr(access), uintptr(srvType), uintptr(startType), uintptr(errCtl), uintptr(unsafe.Pointer(pathName)), uintptr(unsafe.Pointer(loadOrderGroup)), uintptr(unsafe.Pointer(tagId)), uintptr(unsafe.Pointer(dependencies)), uintptr(unsafe.Pointer(serviceStartName)), uintptr(unsafe.Pointer(password)), 0, 0) + r0, _, e1 := syscall.SyscallN(procCreateServiceW.Addr(), uintptr(mgr), uintptr(unsafe.Pointer(serviceName)), uintptr(unsafe.Pointer(displayName)), uintptr(access), uintptr(srvType), uintptr(startType), uintptr(errCtl), uintptr(unsafe.Pointer(pathName)), uintptr(unsafe.Pointer(loadOrderGroup)), uintptr(unsafe.Pointer(tagId)), uintptr(unsafe.Pointer(dependencies)), uintptr(unsafe.Pointer(serviceStartName)), uintptr(unsafe.Pointer(password))) handle = Handle(r0) if handle == 0 { err = errnoErr(e1) @@ -720,7 +720,7 @@ func CreateService(mgr Handle, serviceName *uint16, displayName *uint16, access } func createWellKnownSid(sidType WELL_KNOWN_SID_TYPE, domainSid *SID, sid *SID, sizeSid *uint32) (err error) { - r1, _, e1 := syscall.Syscall6(procCreateWellKnownSid.Addr(), 4, uintptr(sidType), uintptr(unsafe.Pointer(domainSid)), uintptr(unsafe.Pointer(sid)), uintptr(unsafe.Pointer(sizeSid)), 0, 0) + r1, _, e1 := syscall.SyscallN(procCreateWellKnownSid.Addr(), uintptr(sidType), uintptr(unsafe.Pointer(domainSid)), uintptr(unsafe.Pointer(sid)), uintptr(unsafe.Pointer(sizeSid))) if r1 == 0 { err = errnoErr(e1) } @@ -728,7 +728,7 @@ func createWellKnownSid(sidType WELL_KNOWN_SID_TYPE, domainSid *SID, sid *SID, s } func CryptAcquireContext(provhandle *Handle, container *uint16, provider *uint16, provtype uint32, flags uint32) (err error) { - r1, _, e1 := syscall.Syscall6(procCryptAcquireContextW.Addr(), 5, uintptr(unsafe.Pointer(provhandle)), uintptr(unsafe.Pointer(container)), uintptr(unsafe.Pointer(provider)), uintptr(provtype), uintptr(flags), 0) + r1, _, e1 := syscall.SyscallN(procCryptAcquireContextW.Addr(), uintptr(unsafe.Pointer(provhandle)), uintptr(unsafe.Pointer(container)), uintptr(unsafe.Pointer(provider)), uintptr(provtype), uintptr(flags)) if r1 == 0 { err = errnoErr(e1) } @@ -736,7 +736,7 @@ func CryptAcquireContext(provhandle *Handle, container *uint16, provider *uint16 } func CryptGenRandom(provhandle Handle, buflen uint32, buf *byte) (err error) { - r1, _, e1 := syscall.Syscall(procCryptGenRandom.Addr(), 3, uintptr(provhandle), uintptr(buflen), uintptr(unsafe.Pointer(buf))) + r1, _, e1 := syscall.SyscallN(procCryptGenRandom.Addr(), uintptr(provhandle), uintptr(buflen), uintptr(unsafe.Pointer(buf))) if r1 == 0 { err = errnoErr(e1) } @@ -744,7 +744,7 @@ func CryptGenRandom(provhandle Handle, buflen uint32, buf *byte) (err error) { } func CryptReleaseContext(provhandle Handle, flags uint32) (err error) { - r1, _, e1 := syscall.Syscall(procCryptReleaseContext.Addr(), 2, uintptr(provhandle), uintptr(flags), 0) + r1, _, e1 := syscall.SyscallN(procCryptReleaseContext.Addr(), uintptr(provhandle), uintptr(flags)) if r1 == 0 { err = errnoErr(e1) } @@ -752,7 +752,7 @@ func CryptReleaseContext(provhandle Handle, flags uint32) (err error) { } func DeleteService(service Handle) (err error) { - r1, _, e1 := syscall.Syscall(procDeleteService.Addr(), 1, uintptr(service), 0, 0) + r1, _, e1 := syscall.SyscallN(procDeleteService.Addr(), uintptr(service)) if r1 == 0 { err = errnoErr(e1) } @@ -760,7 +760,7 @@ func DeleteService(service Handle) (err error) { } func DeregisterEventSource(handle Handle) (err error) { - r1, _, e1 := syscall.Syscall(procDeregisterEventSource.Addr(), 1, uintptr(handle), 0, 0) + r1, _, e1 := syscall.SyscallN(procDeregisterEventSource.Addr(), uintptr(handle)) if r1 == 0 { err = errnoErr(e1) } @@ -768,7 +768,7 @@ func DeregisterEventSource(handle Handle) (err error) { } func DuplicateTokenEx(existingToken Token, desiredAccess uint32, tokenAttributes *SecurityAttributes, impersonationLevel uint32, tokenType uint32, newToken *Token) (err error) { - r1, _, e1 := syscall.Syscall6(procDuplicateTokenEx.Addr(), 6, uintptr(existingToken), uintptr(desiredAccess), uintptr(unsafe.Pointer(tokenAttributes)), uintptr(impersonationLevel), uintptr(tokenType), uintptr(unsafe.Pointer(newToken))) + r1, _, e1 := syscall.SyscallN(procDuplicateTokenEx.Addr(), uintptr(existingToken), uintptr(desiredAccess), uintptr(unsafe.Pointer(tokenAttributes)), uintptr(impersonationLevel), uintptr(tokenType), uintptr(unsafe.Pointer(newToken))) if r1 == 0 { err = errnoErr(e1) } @@ -776,7 +776,7 @@ func DuplicateTokenEx(existingToken Token, desiredAccess uint32, tokenAttributes } func EnumDependentServices(service Handle, activityState uint32, services *ENUM_SERVICE_STATUS, buffSize uint32, bytesNeeded *uint32, servicesReturned *uint32) (err error) { - r1, _, e1 := syscall.Syscall6(procEnumDependentServicesW.Addr(), 6, uintptr(service), uintptr(activityState), uintptr(unsafe.Pointer(services)), uintptr(buffSize), uintptr(unsafe.Pointer(bytesNeeded)), uintptr(unsafe.Pointer(servicesReturned))) + r1, _, e1 := syscall.SyscallN(procEnumDependentServicesW.Addr(), uintptr(service), uintptr(activityState), uintptr(unsafe.Pointer(services)), uintptr(buffSize), uintptr(unsafe.Pointer(bytesNeeded)), uintptr(unsafe.Pointer(servicesReturned))) if r1 == 0 { err = errnoErr(e1) } @@ -784,7 +784,7 @@ func EnumDependentServices(service Handle, activityState uint32, services *ENUM_ } func EnumServicesStatusEx(mgr Handle, infoLevel uint32, serviceType uint32, serviceState uint32, services *byte, bufSize uint32, bytesNeeded *uint32, servicesReturned *uint32, resumeHandle *uint32, groupName *uint16) (err error) { - r1, _, e1 := syscall.Syscall12(procEnumServicesStatusExW.Addr(), 10, uintptr(mgr), uintptr(infoLevel), uintptr(serviceType), uintptr(serviceState), uintptr(unsafe.Pointer(services)), uintptr(bufSize), uintptr(unsafe.Pointer(bytesNeeded)), uintptr(unsafe.Pointer(servicesReturned)), uintptr(unsafe.Pointer(resumeHandle)), uintptr(unsafe.Pointer(groupName)), 0, 0) + r1, _, e1 := syscall.SyscallN(procEnumServicesStatusExW.Addr(), uintptr(mgr), uintptr(infoLevel), uintptr(serviceType), uintptr(serviceState), uintptr(unsafe.Pointer(services)), uintptr(bufSize), uintptr(unsafe.Pointer(bytesNeeded)), uintptr(unsafe.Pointer(servicesReturned)), uintptr(unsafe.Pointer(resumeHandle)), uintptr(unsafe.Pointer(groupName))) if r1 == 0 { err = errnoErr(e1) } @@ -792,13 +792,13 @@ func EnumServicesStatusEx(mgr Handle, infoLevel uint32, serviceType uint32, serv } func EqualSid(sid1 *SID, sid2 *SID) (isEqual bool) { - r0, _, _ := syscall.Syscall(procEqualSid.Addr(), 2, uintptr(unsafe.Pointer(sid1)), uintptr(unsafe.Pointer(sid2)), 0) + r0, _, _ := syscall.SyscallN(procEqualSid.Addr(), uintptr(unsafe.Pointer(sid1)), uintptr(unsafe.Pointer(sid2))) isEqual = r0 != 0 return } func FreeSid(sid *SID) (err error) { - r1, _, e1 := syscall.Syscall(procFreeSid.Addr(), 1, uintptr(unsafe.Pointer(sid)), 0, 0) + r1, _, e1 := syscall.SyscallN(procFreeSid.Addr(), uintptr(unsafe.Pointer(sid))) if r1 != 0 { err = errnoErr(e1) } @@ -806,7 +806,7 @@ func FreeSid(sid *SID) (err error) { } func GetAce(acl *ACL, aceIndex uint32, pAce **ACCESS_ALLOWED_ACE) (err error) { - r1, _, e1 := syscall.Syscall(procGetAce.Addr(), 3, uintptr(unsafe.Pointer(acl)), uintptr(aceIndex), uintptr(unsafe.Pointer(pAce))) + r1, _, e1 := syscall.SyscallN(procGetAce.Addr(), uintptr(unsafe.Pointer(acl)), uintptr(aceIndex), uintptr(unsafe.Pointer(pAce))) if r1 == 0 { err = errnoErr(e1) } @@ -814,7 +814,7 @@ func GetAce(acl *ACL, aceIndex uint32, pAce **ACCESS_ALLOWED_ACE) (err error) { } func GetLengthSid(sid *SID) (len uint32) { - r0, _, _ := syscall.Syscall(procGetLengthSid.Addr(), 1, uintptr(unsafe.Pointer(sid)), 0, 0) + r0, _, _ := syscall.SyscallN(procGetLengthSid.Addr(), uintptr(unsafe.Pointer(sid))) len = uint32(r0) return } @@ -829,7 +829,7 @@ func getNamedSecurityInfo(objectName string, objectType SE_OBJECT_TYPE, security } func _getNamedSecurityInfo(objectName *uint16, objectType SE_OBJECT_TYPE, securityInformation SECURITY_INFORMATION, owner **SID, group **SID, dacl **ACL, sacl **ACL, sd **SECURITY_DESCRIPTOR) (ret error) { - r0, _, _ := syscall.Syscall9(procGetNamedSecurityInfoW.Addr(), 8, uintptr(unsafe.Pointer(objectName)), uintptr(objectType), uintptr(securityInformation), uintptr(unsafe.Pointer(owner)), uintptr(unsafe.Pointer(group)), uintptr(unsafe.Pointer(dacl)), uintptr(unsafe.Pointer(sacl)), uintptr(unsafe.Pointer(sd)), 0) + r0, _, _ := syscall.SyscallN(procGetNamedSecurityInfoW.Addr(), uintptr(unsafe.Pointer(objectName)), uintptr(objectType), uintptr(securityInformation), uintptr(unsafe.Pointer(owner)), uintptr(unsafe.Pointer(group)), uintptr(unsafe.Pointer(dacl)), uintptr(unsafe.Pointer(sacl)), uintptr(unsafe.Pointer(sd))) if r0 != 0 { ret = syscall.Errno(r0) } @@ -837,7 +837,7 @@ func _getNamedSecurityInfo(objectName *uint16, objectType SE_OBJECT_TYPE, securi } func getSecurityDescriptorControl(sd *SECURITY_DESCRIPTOR, control *SECURITY_DESCRIPTOR_CONTROL, revision *uint32) (err error) { - r1, _, e1 := syscall.Syscall(procGetSecurityDescriptorControl.Addr(), 3, uintptr(unsafe.Pointer(sd)), uintptr(unsafe.Pointer(control)), uintptr(unsafe.Pointer(revision))) + r1, _, e1 := syscall.SyscallN(procGetSecurityDescriptorControl.Addr(), uintptr(unsafe.Pointer(sd)), uintptr(unsafe.Pointer(control)), uintptr(unsafe.Pointer(revision))) if r1 == 0 { err = errnoErr(e1) } @@ -853,7 +853,7 @@ func getSecurityDescriptorDacl(sd *SECURITY_DESCRIPTOR, daclPresent *bool, dacl if *daclDefaulted { _p1 = 1 } - r1, _, e1 := syscall.Syscall6(procGetSecurityDescriptorDacl.Addr(), 4, uintptr(unsafe.Pointer(sd)), uintptr(unsafe.Pointer(&_p0)), uintptr(unsafe.Pointer(dacl)), uintptr(unsafe.Pointer(&_p1)), 0, 0) + r1, _, e1 := syscall.SyscallN(procGetSecurityDescriptorDacl.Addr(), uintptr(unsafe.Pointer(sd)), uintptr(unsafe.Pointer(&_p0)), uintptr(unsafe.Pointer(dacl)), uintptr(unsafe.Pointer(&_p1))) *daclPresent = _p0 != 0 *daclDefaulted = _p1 != 0 if r1 == 0 { @@ -867,7 +867,7 @@ func getSecurityDescriptorGroup(sd *SECURITY_DESCRIPTOR, group **SID, groupDefau if *groupDefaulted { _p0 = 1 } - r1, _, e1 := syscall.Syscall(procGetSecurityDescriptorGroup.Addr(), 3, uintptr(unsafe.Pointer(sd)), uintptr(unsafe.Pointer(group)), uintptr(unsafe.Pointer(&_p0))) + r1, _, e1 := syscall.SyscallN(procGetSecurityDescriptorGroup.Addr(), uintptr(unsafe.Pointer(sd)), uintptr(unsafe.Pointer(group)), uintptr(unsafe.Pointer(&_p0))) *groupDefaulted = _p0 != 0 if r1 == 0 { err = errnoErr(e1) @@ -876,7 +876,7 @@ func getSecurityDescriptorGroup(sd *SECURITY_DESCRIPTOR, group **SID, groupDefau } func getSecurityDescriptorLength(sd *SECURITY_DESCRIPTOR) (len uint32) { - r0, _, _ := syscall.Syscall(procGetSecurityDescriptorLength.Addr(), 1, uintptr(unsafe.Pointer(sd)), 0, 0) + r0, _, _ := syscall.SyscallN(procGetSecurityDescriptorLength.Addr(), uintptr(unsafe.Pointer(sd))) len = uint32(r0) return } @@ -886,7 +886,7 @@ func getSecurityDescriptorOwner(sd *SECURITY_DESCRIPTOR, owner **SID, ownerDefau if *ownerDefaulted { _p0 = 1 } - r1, _, e1 := syscall.Syscall(procGetSecurityDescriptorOwner.Addr(), 3, uintptr(unsafe.Pointer(sd)), uintptr(unsafe.Pointer(owner)), uintptr(unsafe.Pointer(&_p0))) + r1, _, e1 := syscall.SyscallN(procGetSecurityDescriptorOwner.Addr(), uintptr(unsafe.Pointer(sd)), uintptr(unsafe.Pointer(owner)), uintptr(unsafe.Pointer(&_p0))) *ownerDefaulted = _p0 != 0 if r1 == 0 { err = errnoErr(e1) @@ -895,7 +895,7 @@ func getSecurityDescriptorOwner(sd *SECURITY_DESCRIPTOR, owner **SID, ownerDefau } func getSecurityDescriptorRMControl(sd *SECURITY_DESCRIPTOR, rmControl *uint8) (ret error) { - r0, _, _ := syscall.Syscall(procGetSecurityDescriptorRMControl.Addr(), 2, uintptr(unsafe.Pointer(sd)), uintptr(unsafe.Pointer(rmControl)), 0) + r0, _, _ := syscall.SyscallN(procGetSecurityDescriptorRMControl.Addr(), uintptr(unsafe.Pointer(sd)), uintptr(unsafe.Pointer(rmControl))) if r0 != 0 { ret = syscall.Errno(r0) } @@ -911,7 +911,7 @@ func getSecurityDescriptorSacl(sd *SECURITY_DESCRIPTOR, saclPresent *bool, sacl if *saclDefaulted { _p1 = 1 } - r1, _, e1 := syscall.Syscall6(procGetSecurityDescriptorSacl.Addr(), 4, uintptr(unsafe.Pointer(sd)), uintptr(unsafe.Pointer(&_p0)), uintptr(unsafe.Pointer(sacl)), uintptr(unsafe.Pointer(&_p1)), 0, 0) + r1, _, e1 := syscall.SyscallN(procGetSecurityDescriptorSacl.Addr(), uintptr(unsafe.Pointer(sd)), uintptr(unsafe.Pointer(&_p0)), uintptr(unsafe.Pointer(sacl)), uintptr(unsafe.Pointer(&_p1))) *saclPresent = _p0 != 0 *saclDefaulted = _p1 != 0 if r1 == 0 { @@ -921,7 +921,7 @@ func getSecurityDescriptorSacl(sd *SECURITY_DESCRIPTOR, saclPresent *bool, sacl } func getSecurityInfo(handle Handle, objectType SE_OBJECT_TYPE, securityInformation SECURITY_INFORMATION, owner **SID, group **SID, dacl **ACL, sacl **ACL, sd **SECURITY_DESCRIPTOR) (ret error) { - r0, _, _ := syscall.Syscall9(procGetSecurityInfo.Addr(), 8, uintptr(handle), uintptr(objectType), uintptr(securityInformation), uintptr(unsafe.Pointer(owner)), uintptr(unsafe.Pointer(group)), uintptr(unsafe.Pointer(dacl)), uintptr(unsafe.Pointer(sacl)), uintptr(unsafe.Pointer(sd)), 0) + r0, _, _ := syscall.SyscallN(procGetSecurityInfo.Addr(), uintptr(handle), uintptr(objectType), uintptr(securityInformation), uintptr(unsafe.Pointer(owner)), uintptr(unsafe.Pointer(group)), uintptr(unsafe.Pointer(dacl)), uintptr(unsafe.Pointer(sacl)), uintptr(unsafe.Pointer(sd))) if r0 != 0 { ret = syscall.Errno(r0) } @@ -929,25 +929,25 @@ func getSecurityInfo(handle Handle, objectType SE_OBJECT_TYPE, securityInformati } func getSidIdentifierAuthority(sid *SID) (authority *SidIdentifierAuthority) { - r0, _, _ := syscall.Syscall(procGetSidIdentifierAuthority.Addr(), 1, uintptr(unsafe.Pointer(sid)), 0, 0) + r0, _, _ := syscall.SyscallN(procGetSidIdentifierAuthority.Addr(), uintptr(unsafe.Pointer(sid))) authority = (*SidIdentifierAuthority)(unsafe.Pointer(r0)) return } func getSidSubAuthority(sid *SID, index uint32) (subAuthority *uint32) { - r0, _, _ := syscall.Syscall(procGetSidSubAuthority.Addr(), 2, uintptr(unsafe.Pointer(sid)), uintptr(index), 0) + r0, _, _ := syscall.SyscallN(procGetSidSubAuthority.Addr(), uintptr(unsafe.Pointer(sid)), uintptr(index)) subAuthority = (*uint32)(unsafe.Pointer(r0)) return } func getSidSubAuthorityCount(sid *SID) (count *uint8) { - r0, _, _ := syscall.Syscall(procGetSidSubAuthorityCount.Addr(), 1, uintptr(unsafe.Pointer(sid)), 0, 0) + r0, _, _ := syscall.SyscallN(procGetSidSubAuthorityCount.Addr(), uintptr(unsafe.Pointer(sid))) count = (*uint8)(unsafe.Pointer(r0)) return } func GetTokenInformation(token Token, infoClass uint32, info *byte, infoLen uint32, returnedLen *uint32) (err error) { - r1, _, e1 := syscall.Syscall6(procGetTokenInformation.Addr(), 5, uintptr(token), uintptr(infoClass), uintptr(unsafe.Pointer(info)), uintptr(infoLen), uintptr(unsafe.Pointer(returnedLen)), 0) + r1, _, e1 := syscall.SyscallN(procGetTokenInformation.Addr(), uintptr(token), uintptr(infoClass), uintptr(unsafe.Pointer(info)), uintptr(infoLen), uintptr(unsafe.Pointer(returnedLen))) if r1 == 0 { err = errnoErr(e1) } @@ -955,7 +955,7 @@ func GetTokenInformation(token Token, infoClass uint32, info *byte, infoLen uint } func ImpersonateSelf(impersonationlevel uint32) (err error) { - r1, _, e1 := syscall.Syscall(procImpersonateSelf.Addr(), 1, uintptr(impersonationlevel), 0, 0) + r1, _, e1 := syscall.SyscallN(procImpersonateSelf.Addr(), uintptr(impersonationlevel)) if r1 == 0 { err = errnoErr(e1) } @@ -963,7 +963,7 @@ func ImpersonateSelf(impersonationlevel uint32) (err error) { } func initializeSecurityDescriptor(absoluteSD *SECURITY_DESCRIPTOR, revision uint32) (err error) { - r1, _, e1 := syscall.Syscall(procInitializeSecurityDescriptor.Addr(), 2, uintptr(unsafe.Pointer(absoluteSD)), uintptr(revision), 0) + r1, _, e1 := syscall.SyscallN(procInitializeSecurityDescriptor.Addr(), uintptr(unsafe.Pointer(absoluteSD)), uintptr(revision)) if r1 == 0 { err = errnoErr(e1) } @@ -979,7 +979,7 @@ func InitiateSystemShutdownEx(machineName *uint16, message *uint16, timeout uint if rebootAfterShutdown { _p1 = 1 } - r1, _, e1 := syscall.Syscall6(procInitiateSystemShutdownExW.Addr(), 6, uintptr(unsafe.Pointer(machineName)), uintptr(unsafe.Pointer(message)), uintptr(timeout), uintptr(_p0), uintptr(_p1), uintptr(reason)) + r1, _, e1 := syscall.SyscallN(procInitiateSystemShutdownExW.Addr(), uintptr(unsafe.Pointer(machineName)), uintptr(unsafe.Pointer(message)), uintptr(timeout), uintptr(_p0), uintptr(_p1), uintptr(reason)) if r1 == 0 { err = errnoErr(e1) } @@ -987,7 +987,7 @@ func InitiateSystemShutdownEx(machineName *uint16, message *uint16, timeout uint } func isTokenRestricted(tokenHandle Token) (ret bool, err error) { - r0, _, e1 := syscall.Syscall(procIsTokenRestricted.Addr(), 1, uintptr(tokenHandle), 0, 0) + r0, _, e1 := syscall.SyscallN(procIsTokenRestricted.Addr(), uintptr(tokenHandle)) ret = r0 != 0 if !ret { err = errnoErr(e1) @@ -996,25 +996,25 @@ func isTokenRestricted(tokenHandle Token) (ret bool, err error) { } func isValidSecurityDescriptor(sd *SECURITY_DESCRIPTOR) (isValid bool) { - r0, _, _ := syscall.Syscall(procIsValidSecurityDescriptor.Addr(), 1, uintptr(unsafe.Pointer(sd)), 0, 0) + r0, _, _ := syscall.SyscallN(procIsValidSecurityDescriptor.Addr(), uintptr(unsafe.Pointer(sd))) isValid = r0 != 0 return } func isValidSid(sid *SID) (isValid bool) { - r0, _, _ := syscall.Syscall(procIsValidSid.Addr(), 1, uintptr(unsafe.Pointer(sid)), 0, 0) + r0, _, _ := syscall.SyscallN(procIsValidSid.Addr(), uintptr(unsafe.Pointer(sid))) isValid = r0 != 0 return } func isWellKnownSid(sid *SID, sidType WELL_KNOWN_SID_TYPE) (isWellKnown bool) { - r0, _, _ := syscall.Syscall(procIsWellKnownSid.Addr(), 2, uintptr(unsafe.Pointer(sid)), uintptr(sidType), 0) + r0, _, _ := syscall.SyscallN(procIsWellKnownSid.Addr(), uintptr(unsafe.Pointer(sid)), uintptr(sidType)) isWellKnown = r0 != 0 return } func LookupAccountName(systemName *uint16, accountName *uint16, sid *SID, sidLen *uint32, refdDomainName *uint16, refdDomainNameLen *uint32, use *uint32) (err error) { - r1, _, e1 := syscall.Syscall9(procLookupAccountNameW.Addr(), 7, uintptr(unsafe.Pointer(systemName)), uintptr(unsafe.Pointer(accountName)), uintptr(unsafe.Pointer(sid)), uintptr(unsafe.Pointer(sidLen)), uintptr(unsafe.Pointer(refdDomainName)), uintptr(unsafe.Pointer(refdDomainNameLen)), uintptr(unsafe.Pointer(use)), 0, 0) + r1, _, e1 := syscall.SyscallN(procLookupAccountNameW.Addr(), uintptr(unsafe.Pointer(systemName)), uintptr(unsafe.Pointer(accountName)), uintptr(unsafe.Pointer(sid)), uintptr(unsafe.Pointer(sidLen)), uintptr(unsafe.Pointer(refdDomainName)), uintptr(unsafe.Pointer(refdDomainNameLen)), uintptr(unsafe.Pointer(use))) if r1 == 0 { err = errnoErr(e1) } @@ -1022,7 +1022,7 @@ func LookupAccountName(systemName *uint16, accountName *uint16, sid *SID, sidLen } func LookupAccountSid(systemName *uint16, sid *SID, name *uint16, nameLen *uint32, refdDomainName *uint16, refdDomainNameLen *uint32, use *uint32) (err error) { - r1, _, e1 := syscall.Syscall9(procLookupAccountSidW.Addr(), 7, uintptr(unsafe.Pointer(systemName)), uintptr(unsafe.Pointer(sid)), uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(nameLen)), uintptr(unsafe.Pointer(refdDomainName)), uintptr(unsafe.Pointer(refdDomainNameLen)), uintptr(unsafe.Pointer(use)), 0, 0) + r1, _, e1 := syscall.SyscallN(procLookupAccountSidW.Addr(), uintptr(unsafe.Pointer(systemName)), uintptr(unsafe.Pointer(sid)), uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(nameLen)), uintptr(unsafe.Pointer(refdDomainName)), uintptr(unsafe.Pointer(refdDomainNameLen)), uintptr(unsafe.Pointer(use))) if r1 == 0 { err = errnoErr(e1) } @@ -1030,7 +1030,7 @@ func LookupAccountSid(systemName *uint16, sid *SID, name *uint16, nameLen *uint3 } func LookupPrivilegeValue(systemname *uint16, name *uint16, luid *LUID) (err error) { - r1, _, e1 := syscall.Syscall(procLookupPrivilegeValueW.Addr(), 3, uintptr(unsafe.Pointer(systemname)), uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(luid))) + r1, _, e1 := syscall.SyscallN(procLookupPrivilegeValueW.Addr(), uintptr(unsafe.Pointer(systemname)), uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(luid))) if r1 == 0 { err = errnoErr(e1) } @@ -1038,7 +1038,7 @@ func LookupPrivilegeValue(systemname *uint16, name *uint16, luid *LUID) (err err } func makeAbsoluteSD(selfRelativeSD *SECURITY_DESCRIPTOR, absoluteSD *SECURITY_DESCRIPTOR, absoluteSDSize *uint32, dacl *ACL, daclSize *uint32, sacl *ACL, saclSize *uint32, owner *SID, ownerSize *uint32, group *SID, groupSize *uint32) (err error) { - r1, _, e1 := syscall.Syscall12(procMakeAbsoluteSD.Addr(), 11, uintptr(unsafe.Pointer(selfRelativeSD)), uintptr(unsafe.Pointer(absoluteSD)), uintptr(unsafe.Pointer(absoluteSDSize)), uintptr(unsafe.Pointer(dacl)), uintptr(unsafe.Pointer(daclSize)), uintptr(unsafe.Pointer(sacl)), uintptr(unsafe.Pointer(saclSize)), uintptr(unsafe.Pointer(owner)), uintptr(unsafe.Pointer(ownerSize)), uintptr(unsafe.Pointer(group)), uintptr(unsafe.Pointer(groupSize)), 0) + r1, _, e1 := syscall.SyscallN(procMakeAbsoluteSD.Addr(), uintptr(unsafe.Pointer(selfRelativeSD)), uintptr(unsafe.Pointer(absoluteSD)), uintptr(unsafe.Pointer(absoluteSDSize)), uintptr(unsafe.Pointer(dacl)), uintptr(unsafe.Pointer(daclSize)), uintptr(unsafe.Pointer(sacl)), uintptr(unsafe.Pointer(saclSize)), uintptr(unsafe.Pointer(owner)), uintptr(unsafe.Pointer(ownerSize)), uintptr(unsafe.Pointer(group)), uintptr(unsafe.Pointer(groupSize))) if r1 == 0 { err = errnoErr(e1) } @@ -1046,7 +1046,7 @@ func makeAbsoluteSD(selfRelativeSD *SECURITY_DESCRIPTOR, absoluteSD *SECURITY_DE } func makeSelfRelativeSD(absoluteSD *SECURITY_DESCRIPTOR, selfRelativeSD *SECURITY_DESCRIPTOR, selfRelativeSDSize *uint32) (err error) { - r1, _, e1 := syscall.Syscall(procMakeSelfRelativeSD.Addr(), 3, uintptr(unsafe.Pointer(absoluteSD)), uintptr(unsafe.Pointer(selfRelativeSD)), uintptr(unsafe.Pointer(selfRelativeSDSize))) + r1, _, e1 := syscall.SyscallN(procMakeSelfRelativeSD.Addr(), uintptr(unsafe.Pointer(absoluteSD)), uintptr(unsafe.Pointer(selfRelativeSD)), uintptr(unsafe.Pointer(selfRelativeSDSize))) if r1 == 0 { err = errnoErr(e1) } @@ -1054,7 +1054,7 @@ func makeSelfRelativeSD(absoluteSD *SECURITY_DESCRIPTOR, selfRelativeSD *SECURIT } func NotifyServiceStatusChange(service Handle, notifyMask uint32, notifier *SERVICE_NOTIFY) (ret error) { - r0, _, _ := syscall.Syscall(procNotifyServiceStatusChangeW.Addr(), 3, uintptr(service), uintptr(notifyMask), uintptr(unsafe.Pointer(notifier))) + r0, _, _ := syscall.SyscallN(procNotifyServiceStatusChangeW.Addr(), uintptr(service), uintptr(notifyMask), uintptr(unsafe.Pointer(notifier))) if r0 != 0 { ret = syscall.Errno(r0) } @@ -1062,7 +1062,7 @@ func NotifyServiceStatusChange(service Handle, notifyMask uint32, notifier *SERV } func OpenProcessToken(process Handle, access uint32, token *Token) (err error) { - r1, _, e1 := syscall.Syscall(procOpenProcessToken.Addr(), 3, uintptr(process), uintptr(access), uintptr(unsafe.Pointer(token))) + r1, _, e1 := syscall.SyscallN(procOpenProcessToken.Addr(), uintptr(process), uintptr(access), uintptr(unsafe.Pointer(token))) if r1 == 0 { err = errnoErr(e1) } @@ -1070,7 +1070,7 @@ func OpenProcessToken(process Handle, access uint32, token *Token) (err error) { } func OpenSCManager(machineName *uint16, databaseName *uint16, access uint32) (handle Handle, err error) { - r0, _, e1 := syscall.Syscall(procOpenSCManagerW.Addr(), 3, uintptr(unsafe.Pointer(machineName)), uintptr(unsafe.Pointer(databaseName)), uintptr(access)) + r0, _, e1 := syscall.SyscallN(procOpenSCManagerW.Addr(), uintptr(unsafe.Pointer(machineName)), uintptr(unsafe.Pointer(databaseName)), uintptr(access)) handle = Handle(r0) if handle == 0 { err = errnoErr(e1) @@ -1079,7 +1079,7 @@ func OpenSCManager(machineName *uint16, databaseName *uint16, access uint32) (ha } func OpenService(mgr Handle, serviceName *uint16, access uint32) (handle Handle, err error) { - r0, _, e1 := syscall.Syscall(procOpenServiceW.Addr(), 3, uintptr(mgr), uintptr(unsafe.Pointer(serviceName)), uintptr(access)) + r0, _, e1 := syscall.SyscallN(procOpenServiceW.Addr(), uintptr(mgr), uintptr(unsafe.Pointer(serviceName)), uintptr(access)) handle = Handle(r0) if handle == 0 { err = errnoErr(e1) @@ -1092,7 +1092,7 @@ func OpenThreadToken(thread Handle, access uint32, openAsSelf bool, token *Token if openAsSelf { _p0 = 1 } - r1, _, e1 := syscall.Syscall6(procOpenThreadToken.Addr(), 4, uintptr(thread), uintptr(access), uintptr(_p0), uintptr(unsafe.Pointer(token)), 0, 0) + r1, _, e1 := syscall.SyscallN(procOpenThreadToken.Addr(), uintptr(thread), uintptr(access), uintptr(_p0), uintptr(unsafe.Pointer(token))) if r1 == 0 { err = errnoErr(e1) } @@ -1100,7 +1100,7 @@ func OpenThreadToken(thread Handle, access uint32, openAsSelf bool, token *Token } func QueryServiceConfig2(service Handle, infoLevel uint32, buff *byte, buffSize uint32, bytesNeeded *uint32) (err error) { - r1, _, e1 := syscall.Syscall6(procQueryServiceConfig2W.Addr(), 5, uintptr(service), uintptr(infoLevel), uintptr(unsafe.Pointer(buff)), uintptr(buffSize), uintptr(unsafe.Pointer(bytesNeeded)), 0) + r1, _, e1 := syscall.SyscallN(procQueryServiceConfig2W.Addr(), uintptr(service), uintptr(infoLevel), uintptr(unsafe.Pointer(buff)), uintptr(buffSize), uintptr(unsafe.Pointer(bytesNeeded))) if r1 == 0 { err = errnoErr(e1) } @@ -1108,7 +1108,7 @@ func QueryServiceConfig2(service Handle, infoLevel uint32, buff *byte, buffSize } func QueryServiceConfig(service Handle, serviceConfig *QUERY_SERVICE_CONFIG, bufSize uint32, bytesNeeded *uint32) (err error) { - r1, _, e1 := syscall.Syscall6(procQueryServiceConfigW.Addr(), 4, uintptr(service), uintptr(unsafe.Pointer(serviceConfig)), uintptr(bufSize), uintptr(unsafe.Pointer(bytesNeeded)), 0, 0) + r1, _, e1 := syscall.SyscallN(procQueryServiceConfigW.Addr(), uintptr(service), uintptr(unsafe.Pointer(serviceConfig)), uintptr(bufSize), uintptr(unsafe.Pointer(bytesNeeded))) if r1 == 0 { err = errnoErr(e1) } @@ -1120,7 +1120,7 @@ func QueryServiceDynamicInformation(service Handle, infoLevel uint32, dynamicInf if err != nil { return } - r1, _, e1 := syscall.Syscall(procQueryServiceDynamicInformation.Addr(), 3, uintptr(service), uintptr(infoLevel), uintptr(dynamicInfo)) + r1, _, e1 := syscall.SyscallN(procQueryServiceDynamicInformation.Addr(), uintptr(service), uintptr(infoLevel), uintptr(dynamicInfo)) if r1 == 0 { err = errnoErr(e1) } @@ -1128,7 +1128,7 @@ func QueryServiceDynamicInformation(service Handle, infoLevel uint32, dynamicInf } func QueryServiceLockStatus(mgr Handle, lockStatus *QUERY_SERVICE_LOCK_STATUS, bufSize uint32, bytesNeeded *uint32) (err error) { - r1, _, e1 := syscall.Syscall6(procQueryServiceLockStatusW.Addr(), 4, uintptr(mgr), uintptr(unsafe.Pointer(lockStatus)), uintptr(bufSize), uintptr(unsafe.Pointer(bytesNeeded)), 0, 0) + r1, _, e1 := syscall.SyscallN(procQueryServiceLockStatusW.Addr(), uintptr(mgr), uintptr(unsafe.Pointer(lockStatus)), uintptr(bufSize), uintptr(unsafe.Pointer(bytesNeeded))) if r1 == 0 { err = errnoErr(e1) } @@ -1136,7 +1136,7 @@ func QueryServiceLockStatus(mgr Handle, lockStatus *QUERY_SERVICE_LOCK_STATUS, b } func QueryServiceStatus(service Handle, status *SERVICE_STATUS) (err error) { - r1, _, e1 := syscall.Syscall(procQueryServiceStatus.Addr(), 2, uintptr(service), uintptr(unsafe.Pointer(status)), 0) + r1, _, e1 := syscall.SyscallN(procQueryServiceStatus.Addr(), uintptr(service), uintptr(unsafe.Pointer(status))) if r1 == 0 { err = errnoErr(e1) } @@ -1144,7 +1144,7 @@ func QueryServiceStatus(service Handle, status *SERVICE_STATUS) (err error) { } func QueryServiceStatusEx(service Handle, infoLevel uint32, buff *byte, buffSize uint32, bytesNeeded *uint32) (err error) { - r1, _, e1 := syscall.Syscall6(procQueryServiceStatusEx.Addr(), 5, uintptr(service), uintptr(infoLevel), uintptr(unsafe.Pointer(buff)), uintptr(buffSize), uintptr(unsafe.Pointer(bytesNeeded)), 0) + r1, _, e1 := syscall.SyscallN(procQueryServiceStatusEx.Addr(), uintptr(service), uintptr(infoLevel), uintptr(unsafe.Pointer(buff)), uintptr(buffSize), uintptr(unsafe.Pointer(bytesNeeded))) if r1 == 0 { err = errnoErr(e1) } @@ -1152,7 +1152,7 @@ func QueryServiceStatusEx(service Handle, infoLevel uint32, buff *byte, buffSize } func RegCloseKey(key Handle) (regerrno error) { - r0, _, _ := syscall.Syscall(procRegCloseKey.Addr(), 1, uintptr(key), 0, 0) + r0, _, _ := syscall.SyscallN(procRegCloseKey.Addr(), uintptr(key)) if r0 != 0 { regerrno = syscall.Errno(r0) } @@ -1160,7 +1160,7 @@ func RegCloseKey(key Handle) (regerrno error) { } func RegEnumKeyEx(key Handle, index uint32, name *uint16, nameLen *uint32, reserved *uint32, class *uint16, classLen *uint32, lastWriteTime *Filetime) (regerrno error) { - r0, _, _ := syscall.Syscall9(procRegEnumKeyExW.Addr(), 8, uintptr(key), uintptr(index), uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(nameLen)), uintptr(unsafe.Pointer(reserved)), uintptr(unsafe.Pointer(class)), uintptr(unsafe.Pointer(classLen)), uintptr(unsafe.Pointer(lastWriteTime)), 0) + r0, _, _ := syscall.SyscallN(procRegEnumKeyExW.Addr(), uintptr(key), uintptr(index), uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(nameLen)), uintptr(unsafe.Pointer(reserved)), uintptr(unsafe.Pointer(class)), uintptr(unsafe.Pointer(classLen)), uintptr(unsafe.Pointer(lastWriteTime))) if r0 != 0 { regerrno = syscall.Errno(r0) } @@ -1176,7 +1176,7 @@ func RegNotifyChangeKeyValue(key Handle, watchSubtree bool, notifyFilter uint32, if asynchronous { _p1 = 1 } - r0, _, _ := syscall.Syscall6(procRegNotifyChangeKeyValue.Addr(), 5, uintptr(key), uintptr(_p0), uintptr(notifyFilter), uintptr(event), uintptr(_p1), 0) + r0, _, _ := syscall.SyscallN(procRegNotifyChangeKeyValue.Addr(), uintptr(key), uintptr(_p0), uintptr(notifyFilter), uintptr(event), uintptr(_p1)) if r0 != 0 { regerrno = syscall.Errno(r0) } @@ -1184,7 +1184,7 @@ func RegNotifyChangeKeyValue(key Handle, watchSubtree bool, notifyFilter uint32, } func RegOpenKeyEx(key Handle, subkey *uint16, options uint32, desiredAccess uint32, result *Handle) (regerrno error) { - r0, _, _ := syscall.Syscall6(procRegOpenKeyExW.Addr(), 5, uintptr(key), uintptr(unsafe.Pointer(subkey)), uintptr(options), uintptr(desiredAccess), uintptr(unsafe.Pointer(result)), 0) + r0, _, _ := syscall.SyscallN(procRegOpenKeyExW.Addr(), uintptr(key), uintptr(unsafe.Pointer(subkey)), uintptr(options), uintptr(desiredAccess), uintptr(unsafe.Pointer(result))) if r0 != 0 { regerrno = syscall.Errno(r0) } @@ -1192,7 +1192,7 @@ func RegOpenKeyEx(key Handle, subkey *uint16, options uint32, desiredAccess uint } func RegQueryInfoKey(key Handle, class *uint16, classLen *uint32, reserved *uint32, subkeysLen *uint32, maxSubkeyLen *uint32, maxClassLen *uint32, valuesLen *uint32, maxValueNameLen *uint32, maxValueLen *uint32, saLen *uint32, lastWriteTime *Filetime) (regerrno error) { - r0, _, _ := syscall.Syscall12(procRegQueryInfoKeyW.Addr(), 12, uintptr(key), uintptr(unsafe.Pointer(class)), uintptr(unsafe.Pointer(classLen)), uintptr(unsafe.Pointer(reserved)), uintptr(unsafe.Pointer(subkeysLen)), uintptr(unsafe.Pointer(maxSubkeyLen)), uintptr(unsafe.Pointer(maxClassLen)), uintptr(unsafe.Pointer(valuesLen)), uintptr(unsafe.Pointer(maxValueNameLen)), uintptr(unsafe.Pointer(maxValueLen)), uintptr(unsafe.Pointer(saLen)), uintptr(unsafe.Pointer(lastWriteTime))) + r0, _, _ := syscall.SyscallN(procRegQueryInfoKeyW.Addr(), uintptr(key), uintptr(unsafe.Pointer(class)), uintptr(unsafe.Pointer(classLen)), uintptr(unsafe.Pointer(reserved)), uintptr(unsafe.Pointer(subkeysLen)), uintptr(unsafe.Pointer(maxSubkeyLen)), uintptr(unsafe.Pointer(maxClassLen)), uintptr(unsafe.Pointer(valuesLen)), uintptr(unsafe.Pointer(maxValueNameLen)), uintptr(unsafe.Pointer(maxValueLen)), uintptr(unsafe.Pointer(saLen)), uintptr(unsafe.Pointer(lastWriteTime))) if r0 != 0 { regerrno = syscall.Errno(r0) } @@ -1200,7 +1200,7 @@ func RegQueryInfoKey(key Handle, class *uint16, classLen *uint32, reserved *uint } func RegQueryValueEx(key Handle, name *uint16, reserved *uint32, valtype *uint32, buf *byte, buflen *uint32) (regerrno error) { - r0, _, _ := syscall.Syscall6(procRegQueryValueExW.Addr(), 6, uintptr(key), uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(reserved)), uintptr(unsafe.Pointer(valtype)), uintptr(unsafe.Pointer(buf)), uintptr(unsafe.Pointer(buflen))) + r0, _, _ := syscall.SyscallN(procRegQueryValueExW.Addr(), uintptr(key), uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(reserved)), uintptr(unsafe.Pointer(valtype)), uintptr(unsafe.Pointer(buf)), uintptr(unsafe.Pointer(buflen))) if r0 != 0 { regerrno = syscall.Errno(r0) } @@ -1208,7 +1208,7 @@ func RegQueryValueEx(key Handle, name *uint16, reserved *uint32, valtype *uint32 } func RegisterEventSource(uncServerName *uint16, sourceName *uint16) (handle Handle, err error) { - r0, _, e1 := syscall.Syscall(procRegisterEventSourceW.Addr(), 2, uintptr(unsafe.Pointer(uncServerName)), uintptr(unsafe.Pointer(sourceName)), 0) + r0, _, e1 := syscall.SyscallN(procRegisterEventSourceW.Addr(), uintptr(unsafe.Pointer(uncServerName)), uintptr(unsafe.Pointer(sourceName))) handle = Handle(r0) if handle == 0 { err = errnoErr(e1) @@ -1217,7 +1217,7 @@ func RegisterEventSource(uncServerName *uint16, sourceName *uint16) (handle Hand } func RegisterServiceCtrlHandlerEx(serviceName *uint16, handlerProc uintptr, context uintptr) (handle Handle, err error) { - r0, _, e1 := syscall.Syscall(procRegisterServiceCtrlHandlerExW.Addr(), 3, uintptr(unsafe.Pointer(serviceName)), uintptr(handlerProc), uintptr(context)) + r0, _, e1 := syscall.SyscallN(procRegisterServiceCtrlHandlerExW.Addr(), uintptr(unsafe.Pointer(serviceName)), uintptr(handlerProc), uintptr(context)) handle = Handle(r0) if handle == 0 { err = errnoErr(e1) @@ -1226,7 +1226,7 @@ func RegisterServiceCtrlHandlerEx(serviceName *uint16, handlerProc uintptr, cont } func ReportEvent(log Handle, etype uint16, category uint16, eventId uint32, usrSId uintptr, numStrings uint16, dataSize uint32, strings **uint16, rawData *byte) (err error) { - r1, _, e1 := syscall.Syscall9(procReportEventW.Addr(), 9, uintptr(log), uintptr(etype), uintptr(category), uintptr(eventId), uintptr(usrSId), uintptr(numStrings), uintptr(dataSize), uintptr(unsafe.Pointer(strings)), uintptr(unsafe.Pointer(rawData))) + r1, _, e1 := syscall.SyscallN(procReportEventW.Addr(), uintptr(log), uintptr(etype), uintptr(category), uintptr(eventId), uintptr(usrSId), uintptr(numStrings), uintptr(dataSize), uintptr(unsafe.Pointer(strings)), uintptr(unsafe.Pointer(rawData))) if r1 == 0 { err = errnoErr(e1) } @@ -1234,7 +1234,7 @@ func ReportEvent(log Handle, etype uint16, category uint16, eventId uint32, usrS } func RevertToSelf() (err error) { - r1, _, e1 := syscall.Syscall(procRevertToSelf.Addr(), 0, 0, 0, 0) + r1, _, e1 := syscall.SyscallN(procRevertToSelf.Addr()) if r1 == 0 { err = errnoErr(e1) } @@ -1242,7 +1242,7 @@ func RevertToSelf() (err error) { } func setEntriesInAcl(countExplicitEntries uint32, explicitEntries *EXPLICIT_ACCESS, oldACL *ACL, newACL **ACL) (ret error) { - r0, _, _ := syscall.Syscall6(procSetEntriesInAclW.Addr(), 4, uintptr(countExplicitEntries), uintptr(unsafe.Pointer(explicitEntries)), uintptr(unsafe.Pointer(oldACL)), uintptr(unsafe.Pointer(newACL)), 0, 0) + r0, _, _ := syscall.SyscallN(procSetEntriesInAclW.Addr(), uintptr(countExplicitEntries), uintptr(unsafe.Pointer(explicitEntries)), uintptr(unsafe.Pointer(oldACL)), uintptr(unsafe.Pointer(newACL))) if r0 != 0 { ret = syscall.Errno(r0) } @@ -1250,7 +1250,7 @@ func setEntriesInAcl(countExplicitEntries uint32, explicitEntries *EXPLICIT_ACCE } func SetKernelObjectSecurity(handle Handle, securityInformation SECURITY_INFORMATION, securityDescriptor *SECURITY_DESCRIPTOR) (err error) { - r1, _, e1 := syscall.Syscall(procSetKernelObjectSecurity.Addr(), 3, uintptr(handle), uintptr(securityInformation), uintptr(unsafe.Pointer(securityDescriptor))) + r1, _, e1 := syscall.SyscallN(procSetKernelObjectSecurity.Addr(), uintptr(handle), uintptr(securityInformation), uintptr(unsafe.Pointer(securityDescriptor))) if r1 == 0 { err = errnoErr(e1) } @@ -1267,7 +1267,7 @@ func SetNamedSecurityInfo(objectName string, objectType SE_OBJECT_TYPE, security } func _SetNamedSecurityInfo(objectName *uint16, objectType SE_OBJECT_TYPE, securityInformation SECURITY_INFORMATION, owner *SID, group *SID, dacl *ACL, sacl *ACL) (ret error) { - r0, _, _ := syscall.Syscall9(procSetNamedSecurityInfoW.Addr(), 7, uintptr(unsafe.Pointer(objectName)), uintptr(objectType), uintptr(securityInformation), uintptr(unsafe.Pointer(owner)), uintptr(unsafe.Pointer(group)), uintptr(unsafe.Pointer(dacl)), uintptr(unsafe.Pointer(sacl)), 0, 0) + r0, _, _ := syscall.SyscallN(procSetNamedSecurityInfoW.Addr(), uintptr(unsafe.Pointer(objectName)), uintptr(objectType), uintptr(securityInformation), uintptr(unsafe.Pointer(owner)), uintptr(unsafe.Pointer(group)), uintptr(unsafe.Pointer(dacl)), uintptr(unsafe.Pointer(sacl))) if r0 != 0 { ret = syscall.Errno(r0) } @@ -1275,7 +1275,7 @@ func _SetNamedSecurityInfo(objectName *uint16, objectType SE_OBJECT_TYPE, securi } func setSecurityDescriptorControl(sd *SECURITY_DESCRIPTOR, controlBitsOfInterest SECURITY_DESCRIPTOR_CONTROL, controlBitsToSet SECURITY_DESCRIPTOR_CONTROL) (err error) { - r1, _, e1 := syscall.Syscall(procSetSecurityDescriptorControl.Addr(), 3, uintptr(unsafe.Pointer(sd)), uintptr(controlBitsOfInterest), uintptr(controlBitsToSet)) + r1, _, e1 := syscall.SyscallN(procSetSecurityDescriptorControl.Addr(), uintptr(unsafe.Pointer(sd)), uintptr(controlBitsOfInterest), uintptr(controlBitsToSet)) if r1 == 0 { err = errnoErr(e1) } @@ -1291,7 +1291,7 @@ func setSecurityDescriptorDacl(sd *SECURITY_DESCRIPTOR, daclPresent bool, dacl * if daclDefaulted { _p1 = 1 } - r1, _, e1 := syscall.Syscall6(procSetSecurityDescriptorDacl.Addr(), 4, uintptr(unsafe.Pointer(sd)), uintptr(_p0), uintptr(unsafe.Pointer(dacl)), uintptr(_p1), 0, 0) + r1, _, e1 := syscall.SyscallN(procSetSecurityDescriptorDacl.Addr(), uintptr(unsafe.Pointer(sd)), uintptr(_p0), uintptr(unsafe.Pointer(dacl)), uintptr(_p1)) if r1 == 0 { err = errnoErr(e1) } @@ -1303,7 +1303,7 @@ func setSecurityDescriptorGroup(sd *SECURITY_DESCRIPTOR, group *SID, groupDefaul if groupDefaulted { _p0 = 1 } - r1, _, e1 := syscall.Syscall(procSetSecurityDescriptorGroup.Addr(), 3, uintptr(unsafe.Pointer(sd)), uintptr(unsafe.Pointer(group)), uintptr(_p0)) + r1, _, e1 := syscall.SyscallN(procSetSecurityDescriptorGroup.Addr(), uintptr(unsafe.Pointer(sd)), uintptr(unsafe.Pointer(group)), uintptr(_p0)) if r1 == 0 { err = errnoErr(e1) } @@ -1315,7 +1315,7 @@ func setSecurityDescriptorOwner(sd *SECURITY_DESCRIPTOR, owner *SID, ownerDefaul if ownerDefaulted { _p0 = 1 } - r1, _, e1 := syscall.Syscall(procSetSecurityDescriptorOwner.Addr(), 3, uintptr(unsafe.Pointer(sd)), uintptr(unsafe.Pointer(owner)), uintptr(_p0)) + r1, _, e1 := syscall.SyscallN(procSetSecurityDescriptorOwner.Addr(), uintptr(unsafe.Pointer(sd)), uintptr(unsafe.Pointer(owner)), uintptr(_p0)) if r1 == 0 { err = errnoErr(e1) } @@ -1323,7 +1323,7 @@ func setSecurityDescriptorOwner(sd *SECURITY_DESCRIPTOR, owner *SID, ownerDefaul } func setSecurityDescriptorRMControl(sd *SECURITY_DESCRIPTOR, rmControl *uint8) { - syscall.Syscall(procSetSecurityDescriptorRMControl.Addr(), 2, uintptr(unsafe.Pointer(sd)), uintptr(unsafe.Pointer(rmControl)), 0) + syscall.SyscallN(procSetSecurityDescriptorRMControl.Addr(), uintptr(unsafe.Pointer(sd)), uintptr(unsafe.Pointer(rmControl))) return } @@ -1336,7 +1336,7 @@ func setSecurityDescriptorSacl(sd *SECURITY_DESCRIPTOR, saclPresent bool, sacl * if saclDefaulted { _p1 = 1 } - r1, _, e1 := syscall.Syscall6(procSetSecurityDescriptorSacl.Addr(), 4, uintptr(unsafe.Pointer(sd)), uintptr(_p0), uintptr(unsafe.Pointer(sacl)), uintptr(_p1), 0, 0) + r1, _, e1 := syscall.SyscallN(procSetSecurityDescriptorSacl.Addr(), uintptr(unsafe.Pointer(sd)), uintptr(_p0), uintptr(unsafe.Pointer(sacl)), uintptr(_p1)) if r1 == 0 { err = errnoErr(e1) } @@ -1344,7 +1344,7 @@ func setSecurityDescriptorSacl(sd *SECURITY_DESCRIPTOR, saclPresent bool, sacl * } func SetSecurityInfo(handle Handle, objectType SE_OBJECT_TYPE, securityInformation SECURITY_INFORMATION, owner *SID, group *SID, dacl *ACL, sacl *ACL) (ret error) { - r0, _, _ := syscall.Syscall9(procSetSecurityInfo.Addr(), 7, uintptr(handle), uintptr(objectType), uintptr(securityInformation), uintptr(unsafe.Pointer(owner)), uintptr(unsafe.Pointer(group)), uintptr(unsafe.Pointer(dacl)), uintptr(unsafe.Pointer(sacl)), 0, 0) + r0, _, _ := syscall.SyscallN(procSetSecurityInfo.Addr(), uintptr(handle), uintptr(objectType), uintptr(securityInformation), uintptr(unsafe.Pointer(owner)), uintptr(unsafe.Pointer(group)), uintptr(unsafe.Pointer(dacl)), uintptr(unsafe.Pointer(sacl))) if r0 != 0 { ret = syscall.Errno(r0) } @@ -1352,7 +1352,7 @@ func SetSecurityInfo(handle Handle, objectType SE_OBJECT_TYPE, securityInformati } func SetServiceStatus(service Handle, serviceStatus *SERVICE_STATUS) (err error) { - r1, _, e1 := syscall.Syscall(procSetServiceStatus.Addr(), 2, uintptr(service), uintptr(unsafe.Pointer(serviceStatus)), 0) + r1, _, e1 := syscall.SyscallN(procSetServiceStatus.Addr(), uintptr(service), uintptr(unsafe.Pointer(serviceStatus))) if r1 == 0 { err = errnoErr(e1) } @@ -1360,7 +1360,7 @@ func SetServiceStatus(service Handle, serviceStatus *SERVICE_STATUS) (err error) } func SetThreadToken(thread *Handle, token Token) (err error) { - r1, _, e1 := syscall.Syscall(procSetThreadToken.Addr(), 2, uintptr(unsafe.Pointer(thread)), uintptr(token), 0) + r1, _, e1 := syscall.SyscallN(procSetThreadToken.Addr(), uintptr(unsafe.Pointer(thread)), uintptr(token)) if r1 == 0 { err = errnoErr(e1) } @@ -1368,7 +1368,7 @@ func SetThreadToken(thread *Handle, token Token) (err error) { } func SetTokenInformation(token Token, infoClass uint32, info *byte, infoLen uint32) (err error) { - r1, _, e1 := syscall.Syscall6(procSetTokenInformation.Addr(), 4, uintptr(token), uintptr(infoClass), uintptr(unsafe.Pointer(info)), uintptr(infoLen), 0, 0) + r1, _, e1 := syscall.SyscallN(procSetTokenInformation.Addr(), uintptr(token), uintptr(infoClass), uintptr(unsafe.Pointer(info)), uintptr(infoLen)) if r1 == 0 { err = errnoErr(e1) } @@ -1376,7 +1376,7 @@ func SetTokenInformation(token Token, infoClass uint32, info *byte, infoLen uint } func StartServiceCtrlDispatcher(serviceTable *SERVICE_TABLE_ENTRY) (err error) { - r1, _, e1 := syscall.Syscall(procStartServiceCtrlDispatcherW.Addr(), 1, uintptr(unsafe.Pointer(serviceTable)), 0, 0) + r1, _, e1 := syscall.SyscallN(procStartServiceCtrlDispatcherW.Addr(), uintptr(unsafe.Pointer(serviceTable))) if r1 == 0 { err = errnoErr(e1) } @@ -1384,7 +1384,7 @@ func StartServiceCtrlDispatcher(serviceTable *SERVICE_TABLE_ENTRY) (err error) { } func StartService(service Handle, numArgs uint32, argVectors **uint16) (err error) { - r1, _, e1 := syscall.Syscall(procStartServiceW.Addr(), 3, uintptr(service), uintptr(numArgs), uintptr(unsafe.Pointer(argVectors))) + r1, _, e1 := syscall.SyscallN(procStartServiceW.Addr(), uintptr(service), uintptr(numArgs), uintptr(unsafe.Pointer(argVectors))) if r1 == 0 { err = errnoErr(e1) } @@ -1392,7 +1392,7 @@ func StartService(service Handle, numArgs uint32, argVectors **uint16) (err erro } func CertAddCertificateContextToStore(store Handle, certContext *CertContext, addDisposition uint32, storeContext **CertContext) (err error) { - r1, _, e1 := syscall.Syscall6(procCertAddCertificateContextToStore.Addr(), 4, uintptr(store), uintptr(unsafe.Pointer(certContext)), uintptr(addDisposition), uintptr(unsafe.Pointer(storeContext)), 0, 0) + r1, _, e1 := syscall.SyscallN(procCertAddCertificateContextToStore.Addr(), uintptr(store), uintptr(unsafe.Pointer(certContext)), uintptr(addDisposition), uintptr(unsafe.Pointer(storeContext))) if r1 == 0 { err = errnoErr(e1) } @@ -1400,7 +1400,7 @@ func CertAddCertificateContextToStore(store Handle, certContext *CertContext, ad } func CertCloseStore(store Handle, flags uint32) (err error) { - r1, _, e1 := syscall.Syscall(procCertCloseStore.Addr(), 2, uintptr(store), uintptr(flags), 0) + r1, _, e1 := syscall.SyscallN(procCertCloseStore.Addr(), uintptr(store), uintptr(flags)) if r1 == 0 { err = errnoErr(e1) } @@ -1408,7 +1408,7 @@ func CertCloseStore(store Handle, flags uint32) (err error) { } func CertCreateCertificateContext(certEncodingType uint32, certEncoded *byte, encodedLen uint32) (context *CertContext, err error) { - r0, _, e1 := syscall.Syscall(procCertCreateCertificateContext.Addr(), 3, uintptr(certEncodingType), uintptr(unsafe.Pointer(certEncoded)), uintptr(encodedLen)) + r0, _, e1 := syscall.SyscallN(procCertCreateCertificateContext.Addr(), uintptr(certEncodingType), uintptr(unsafe.Pointer(certEncoded)), uintptr(encodedLen)) context = (*CertContext)(unsafe.Pointer(r0)) if context == nil { err = errnoErr(e1) @@ -1417,7 +1417,7 @@ func CertCreateCertificateContext(certEncodingType uint32, certEncoded *byte, en } func CertDeleteCertificateFromStore(certContext *CertContext) (err error) { - r1, _, e1 := syscall.Syscall(procCertDeleteCertificateFromStore.Addr(), 1, uintptr(unsafe.Pointer(certContext)), 0, 0) + r1, _, e1 := syscall.SyscallN(procCertDeleteCertificateFromStore.Addr(), uintptr(unsafe.Pointer(certContext))) if r1 == 0 { err = errnoErr(e1) } @@ -1425,13 +1425,13 @@ func CertDeleteCertificateFromStore(certContext *CertContext) (err error) { } func CertDuplicateCertificateContext(certContext *CertContext) (dupContext *CertContext) { - r0, _, _ := syscall.Syscall(procCertDuplicateCertificateContext.Addr(), 1, uintptr(unsafe.Pointer(certContext)), 0, 0) + r0, _, _ := syscall.SyscallN(procCertDuplicateCertificateContext.Addr(), uintptr(unsafe.Pointer(certContext))) dupContext = (*CertContext)(unsafe.Pointer(r0)) return } func CertEnumCertificatesInStore(store Handle, prevContext *CertContext) (context *CertContext, err error) { - r0, _, e1 := syscall.Syscall(procCertEnumCertificatesInStore.Addr(), 2, uintptr(store), uintptr(unsafe.Pointer(prevContext)), 0) + r0, _, e1 := syscall.SyscallN(procCertEnumCertificatesInStore.Addr(), uintptr(store), uintptr(unsafe.Pointer(prevContext))) context = (*CertContext)(unsafe.Pointer(r0)) if context == nil { err = errnoErr(e1) @@ -1440,7 +1440,7 @@ func CertEnumCertificatesInStore(store Handle, prevContext *CertContext) (contex } func CertFindCertificateInStore(store Handle, certEncodingType uint32, findFlags uint32, findType uint32, findPara unsafe.Pointer, prevCertContext *CertContext) (cert *CertContext, err error) { - r0, _, e1 := syscall.Syscall6(procCertFindCertificateInStore.Addr(), 6, uintptr(store), uintptr(certEncodingType), uintptr(findFlags), uintptr(findType), uintptr(findPara), uintptr(unsafe.Pointer(prevCertContext))) + r0, _, e1 := syscall.SyscallN(procCertFindCertificateInStore.Addr(), uintptr(store), uintptr(certEncodingType), uintptr(findFlags), uintptr(findType), uintptr(findPara), uintptr(unsafe.Pointer(prevCertContext))) cert = (*CertContext)(unsafe.Pointer(r0)) if cert == nil { err = errnoErr(e1) @@ -1449,7 +1449,7 @@ func CertFindCertificateInStore(store Handle, certEncodingType uint32, findFlags } func CertFindChainInStore(store Handle, certEncodingType uint32, findFlags uint32, findType uint32, findPara unsafe.Pointer, prevChainContext *CertChainContext) (certchain *CertChainContext, err error) { - r0, _, e1 := syscall.Syscall6(procCertFindChainInStore.Addr(), 6, uintptr(store), uintptr(certEncodingType), uintptr(findFlags), uintptr(findType), uintptr(findPara), uintptr(unsafe.Pointer(prevChainContext))) + r0, _, e1 := syscall.SyscallN(procCertFindChainInStore.Addr(), uintptr(store), uintptr(certEncodingType), uintptr(findFlags), uintptr(findType), uintptr(findPara), uintptr(unsafe.Pointer(prevChainContext))) certchain = (*CertChainContext)(unsafe.Pointer(r0)) if certchain == nil { err = errnoErr(e1) @@ -1458,18 +1458,18 @@ func CertFindChainInStore(store Handle, certEncodingType uint32, findFlags uint3 } func CertFindExtension(objId *byte, countExtensions uint32, extensions *CertExtension) (ret *CertExtension) { - r0, _, _ := syscall.Syscall(procCertFindExtension.Addr(), 3, uintptr(unsafe.Pointer(objId)), uintptr(countExtensions), uintptr(unsafe.Pointer(extensions))) + r0, _, _ := syscall.SyscallN(procCertFindExtension.Addr(), uintptr(unsafe.Pointer(objId)), uintptr(countExtensions), uintptr(unsafe.Pointer(extensions))) ret = (*CertExtension)(unsafe.Pointer(r0)) return } func CertFreeCertificateChain(ctx *CertChainContext) { - syscall.Syscall(procCertFreeCertificateChain.Addr(), 1, uintptr(unsafe.Pointer(ctx)), 0, 0) + syscall.SyscallN(procCertFreeCertificateChain.Addr(), uintptr(unsafe.Pointer(ctx))) return } func CertFreeCertificateContext(ctx *CertContext) (err error) { - r1, _, e1 := syscall.Syscall(procCertFreeCertificateContext.Addr(), 1, uintptr(unsafe.Pointer(ctx)), 0, 0) + r1, _, e1 := syscall.SyscallN(procCertFreeCertificateContext.Addr(), uintptr(unsafe.Pointer(ctx))) if r1 == 0 { err = errnoErr(e1) } @@ -1477,7 +1477,7 @@ func CertFreeCertificateContext(ctx *CertContext) (err error) { } func CertGetCertificateChain(engine Handle, leaf *CertContext, time *Filetime, additionalStore Handle, para *CertChainPara, flags uint32, reserved uintptr, chainCtx **CertChainContext) (err error) { - r1, _, e1 := syscall.Syscall9(procCertGetCertificateChain.Addr(), 8, uintptr(engine), uintptr(unsafe.Pointer(leaf)), uintptr(unsafe.Pointer(time)), uintptr(additionalStore), uintptr(unsafe.Pointer(para)), uintptr(flags), uintptr(reserved), uintptr(unsafe.Pointer(chainCtx)), 0) + r1, _, e1 := syscall.SyscallN(procCertGetCertificateChain.Addr(), uintptr(engine), uintptr(unsafe.Pointer(leaf)), uintptr(unsafe.Pointer(time)), uintptr(additionalStore), uintptr(unsafe.Pointer(para)), uintptr(flags), uintptr(reserved), uintptr(unsafe.Pointer(chainCtx))) if r1 == 0 { err = errnoErr(e1) } @@ -1485,13 +1485,13 @@ func CertGetCertificateChain(engine Handle, leaf *CertContext, time *Filetime, a } func CertGetNameString(certContext *CertContext, nameType uint32, flags uint32, typePara unsafe.Pointer, name *uint16, size uint32) (chars uint32) { - r0, _, _ := syscall.Syscall6(procCertGetNameStringW.Addr(), 6, uintptr(unsafe.Pointer(certContext)), uintptr(nameType), uintptr(flags), uintptr(typePara), uintptr(unsafe.Pointer(name)), uintptr(size)) + r0, _, _ := syscall.SyscallN(procCertGetNameStringW.Addr(), uintptr(unsafe.Pointer(certContext)), uintptr(nameType), uintptr(flags), uintptr(typePara), uintptr(unsafe.Pointer(name)), uintptr(size)) chars = uint32(r0) return } func CertOpenStore(storeProvider uintptr, msgAndCertEncodingType uint32, cryptProv uintptr, flags uint32, para uintptr) (handle Handle, err error) { - r0, _, e1 := syscall.Syscall6(procCertOpenStore.Addr(), 5, uintptr(storeProvider), uintptr(msgAndCertEncodingType), uintptr(cryptProv), uintptr(flags), uintptr(para), 0) + r0, _, e1 := syscall.SyscallN(procCertOpenStore.Addr(), uintptr(storeProvider), uintptr(msgAndCertEncodingType), uintptr(cryptProv), uintptr(flags), uintptr(para)) handle = Handle(r0) if handle == 0 { err = errnoErr(e1) @@ -1500,7 +1500,7 @@ func CertOpenStore(storeProvider uintptr, msgAndCertEncodingType uint32, cryptPr } func CertOpenSystemStore(hprov Handle, name *uint16) (store Handle, err error) { - r0, _, e1 := syscall.Syscall(procCertOpenSystemStoreW.Addr(), 2, uintptr(hprov), uintptr(unsafe.Pointer(name)), 0) + r0, _, e1 := syscall.SyscallN(procCertOpenSystemStoreW.Addr(), uintptr(hprov), uintptr(unsafe.Pointer(name))) store = Handle(r0) if store == 0 { err = errnoErr(e1) @@ -1509,7 +1509,7 @@ func CertOpenSystemStore(hprov Handle, name *uint16) (store Handle, err error) { } func CertVerifyCertificateChainPolicy(policyOID uintptr, chain *CertChainContext, para *CertChainPolicyPara, status *CertChainPolicyStatus) (err error) { - r1, _, e1 := syscall.Syscall6(procCertVerifyCertificateChainPolicy.Addr(), 4, uintptr(policyOID), uintptr(unsafe.Pointer(chain)), uintptr(unsafe.Pointer(para)), uintptr(unsafe.Pointer(status)), 0, 0) + r1, _, e1 := syscall.SyscallN(procCertVerifyCertificateChainPolicy.Addr(), uintptr(policyOID), uintptr(unsafe.Pointer(chain)), uintptr(unsafe.Pointer(para)), uintptr(unsafe.Pointer(status))) if r1 == 0 { err = errnoErr(e1) } @@ -1521,7 +1521,7 @@ func CryptAcquireCertificatePrivateKey(cert *CertContext, flags uint32, paramete if *callerFreeProvOrNCryptKey { _p0 = 1 } - r1, _, e1 := syscall.Syscall6(procCryptAcquireCertificatePrivateKey.Addr(), 6, uintptr(unsafe.Pointer(cert)), uintptr(flags), uintptr(parameters), uintptr(unsafe.Pointer(cryptProvOrNCryptKey)), uintptr(unsafe.Pointer(keySpec)), uintptr(unsafe.Pointer(&_p0))) + r1, _, e1 := syscall.SyscallN(procCryptAcquireCertificatePrivateKey.Addr(), uintptr(unsafe.Pointer(cert)), uintptr(flags), uintptr(parameters), uintptr(unsafe.Pointer(cryptProvOrNCryptKey)), uintptr(unsafe.Pointer(keySpec)), uintptr(unsafe.Pointer(&_p0))) *callerFreeProvOrNCryptKey = _p0 != 0 if r1 == 0 { err = errnoErr(e1) @@ -1530,7 +1530,7 @@ func CryptAcquireCertificatePrivateKey(cert *CertContext, flags uint32, paramete } func CryptDecodeObject(encodingType uint32, structType *byte, encodedBytes *byte, lenEncodedBytes uint32, flags uint32, decoded unsafe.Pointer, decodedLen *uint32) (err error) { - r1, _, e1 := syscall.Syscall9(procCryptDecodeObject.Addr(), 7, uintptr(encodingType), uintptr(unsafe.Pointer(structType)), uintptr(unsafe.Pointer(encodedBytes)), uintptr(lenEncodedBytes), uintptr(flags), uintptr(decoded), uintptr(unsafe.Pointer(decodedLen)), 0, 0) + r1, _, e1 := syscall.SyscallN(procCryptDecodeObject.Addr(), uintptr(encodingType), uintptr(unsafe.Pointer(structType)), uintptr(unsafe.Pointer(encodedBytes)), uintptr(lenEncodedBytes), uintptr(flags), uintptr(decoded), uintptr(unsafe.Pointer(decodedLen))) if r1 == 0 { err = errnoErr(e1) } @@ -1538,7 +1538,7 @@ func CryptDecodeObject(encodingType uint32, structType *byte, encodedBytes *byte } func CryptProtectData(dataIn *DataBlob, name *uint16, optionalEntropy *DataBlob, reserved uintptr, promptStruct *CryptProtectPromptStruct, flags uint32, dataOut *DataBlob) (err error) { - r1, _, e1 := syscall.Syscall9(procCryptProtectData.Addr(), 7, uintptr(unsafe.Pointer(dataIn)), uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(optionalEntropy)), uintptr(reserved), uintptr(unsafe.Pointer(promptStruct)), uintptr(flags), uintptr(unsafe.Pointer(dataOut)), 0, 0) + r1, _, e1 := syscall.SyscallN(procCryptProtectData.Addr(), uintptr(unsafe.Pointer(dataIn)), uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(optionalEntropy)), uintptr(reserved), uintptr(unsafe.Pointer(promptStruct)), uintptr(flags), uintptr(unsafe.Pointer(dataOut))) if r1 == 0 { err = errnoErr(e1) } @@ -1546,7 +1546,7 @@ func CryptProtectData(dataIn *DataBlob, name *uint16, optionalEntropy *DataBlob, } func CryptQueryObject(objectType uint32, object unsafe.Pointer, expectedContentTypeFlags uint32, expectedFormatTypeFlags uint32, flags uint32, msgAndCertEncodingType *uint32, contentType *uint32, formatType *uint32, certStore *Handle, msg *Handle, context *unsafe.Pointer) (err error) { - r1, _, e1 := syscall.Syscall12(procCryptQueryObject.Addr(), 11, uintptr(objectType), uintptr(object), uintptr(expectedContentTypeFlags), uintptr(expectedFormatTypeFlags), uintptr(flags), uintptr(unsafe.Pointer(msgAndCertEncodingType)), uintptr(unsafe.Pointer(contentType)), uintptr(unsafe.Pointer(formatType)), uintptr(unsafe.Pointer(certStore)), uintptr(unsafe.Pointer(msg)), uintptr(unsafe.Pointer(context)), 0) + r1, _, e1 := syscall.SyscallN(procCryptQueryObject.Addr(), uintptr(objectType), uintptr(object), uintptr(expectedContentTypeFlags), uintptr(expectedFormatTypeFlags), uintptr(flags), uintptr(unsafe.Pointer(msgAndCertEncodingType)), uintptr(unsafe.Pointer(contentType)), uintptr(unsafe.Pointer(formatType)), uintptr(unsafe.Pointer(certStore)), uintptr(unsafe.Pointer(msg)), uintptr(unsafe.Pointer(context))) if r1 == 0 { err = errnoErr(e1) } @@ -1554,7 +1554,7 @@ func CryptQueryObject(objectType uint32, object unsafe.Pointer, expectedContentT } func CryptUnprotectData(dataIn *DataBlob, name **uint16, optionalEntropy *DataBlob, reserved uintptr, promptStruct *CryptProtectPromptStruct, flags uint32, dataOut *DataBlob) (err error) { - r1, _, e1 := syscall.Syscall9(procCryptUnprotectData.Addr(), 7, uintptr(unsafe.Pointer(dataIn)), uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(optionalEntropy)), uintptr(reserved), uintptr(unsafe.Pointer(promptStruct)), uintptr(flags), uintptr(unsafe.Pointer(dataOut)), 0, 0) + r1, _, e1 := syscall.SyscallN(procCryptUnprotectData.Addr(), uintptr(unsafe.Pointer(dataIn)), uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(optionalEntropy)), uintptr(reserved), uintptr(unsafe.Pointer(promptStruct)), uintptr(flags), uintptr(unsafe.Pointer(dataOut))) if r1 == 0 { err = errnoErr(e1) } @@ -1562,7 +1562,7 @@ func CryptUnprotectData(dataIn *DataBlob, name **uint16, optionalEntropy *DataBl } func PFXImportCertStore(pfx *CryptDataBlob, password *uint16, flags uint32) (store Handle, err error) { - r0, _, e1 := syscall.Syscall(procPFXImportCertStore.Addr(), 3, uintptr(unsafe.Pointer(pfx)), uintptr(unsafe.Pointer(password)), uintptr(flags)) + r0, _, e1 := syscall.SyscallN(procPFXImportCertStore.Addr(), uintptr(unsafe.Pointer(pfx)), uintptr(unsafe.Pointer(password)), uintptr(flags)) store = Handle(r0) if store == 0 { err = errnoErr(e1) @@ -1571,7 +1571,7 @@ func PFXImportCertStore(pfx *CryptDataBlob, password *uint16, flags uint32) (sto } func DnsNameCompare(name1 *uint16, name2 *uint16) (same bool) { - r0, _, _ := syscall.Syscall(procDnsNameCompare_W.Addr(), 2, uintptr(unsafe.Pointer(name1)), uintptr(unsafe.Pointer(name2)), 0) + r0, _, _ := syscall.SyscallN(procDnsNameCompare_W.Addr(), uintptr(unsafe.Pointer(name1)), uintptr(unsafe.Pointer(name2))) same = r0 != 0 return } @@ -1586,7 +1586,7 @@ func DnsQuery(name string, qtype uint16, options uint32, extra *byte, qrs **DNSR } func _DnsQuery(name *uint16, qtype uint16, options uint32, extra *byte, qrs **DNSRecord, pr *byte) (status error) { - r0, _, _ := syscall.Syscall6(procDnsQuery_W.Addr(), 6, uintptr(unsafe.Pointer(name)), uintptr(qtype), uintptr(options), uintptr(unsafe.Pointer(extra)), uintptr(unsafe.Pointer(qrs)), uintptr(unsafe.Pointer(pr))) + r0, _, _ := syscall.SyscallN(procDnsQuery_W.Addr(), uintptr(unsafe.Pointer(name)), uintptr(qtype), uintptr(options), uintptr(unsafe.Pointer(extra)), uintptr(unsafe.Pointer(qrs)), uintptr(unsafe.Pointer(pr))) if r0 != 0 { status = syscall.Errno(r0) } @@ -1594,12 +1594,12 @@ func _DnsQuery(name *uint16, qtype uint16, options uint32, extra *byte, qrs **DN } func DnsRecordListFree(rl *DNSRecord, freetype uint32) { - syscall.Syscall(procDnsRecordListFree.Addr(), 2, uintptr(unsafe.Pointer(rl)), uintptr(freetype), 0) + syscall.SyscallN(procDnsRecordListFree.Addr(), uintptr(unsafe.Pointer(rl)), uintptr(freetype)) return } func DwmGetWindowAttribute(hwnd HWND, attribute uint32, value unsafe.Pointer, size uint32) (ret error) { - r0, _, _ := syscall.Syscall6(procDwmGetWindowAttribute.Addr(), 4, uintptr(hwnd), uintptr(attribute), uintptr(value), uintptr(size), 0, 0) + r0, _, _ := syscall.SyscallN(procDwmGetWindowAttribute.Addr(), uintptr(hwnd), uintptr(attribute), uintptr(value), uintptr(size)) if r0 != 0 { ret = syscall.Errno(r0) } @@ -1607,7 +1607,7 @@ func DwmGetWindowAttribute(hwnd HWND, attribute uint32, value unsafe.Pointer, si } func DwmSetWindowAttribute(hwnd HWND, attribute uint32, value unsafe.Pointer, size uint32) (ret error) { - r0, _, _ := syscall.Syscall6(procDwmSetWindowAttribute.Addr(), 4, uintptr(hwnd), uintptr(attribute), uintptr(value), uintptr(size), 0, 0) + r0, _, _ := syscall.SyscallN(procDwmSetWindowAttribute.Addr(), uintptr(hwnd), uintptr(attribute), uintptr(value), uintptr(size)) if r0 != 0 { ret = syscall.Errno(r0) } @@ -1615,7 +1615,7 @@ func DwmSetWindowAttribute(hwnd HWND, attribute uint32, value unsafe.Pointer, si } func CancelMibChangeNotify2(notificationHandle Handle) (errcode error) { - r0, _, _ := syscall.Syscall(procCancelMibChangeNotify2.Addr(), 1, uintptr(notificationHandle), 0, 0) + r0, _, _ := syscall.SyscallN(procCancelMibChangeNotify2.Addr(), uintptr(notificationHandle)) if r0 != 0 { errcode = syscall.Errno(r0) } @@ -1623,7 +1623,7 @@ func CancelMibChangeNotify2(notificationHandle Handle) (errcode error) { } func GetAdaptersAddresses(family uint32, flags uint32, reserved uintptr, adapterAddresses *IpAdapterAddresses, sizePointer *uint32) (errcode error) { - r0, _, _ := syscall.Syscall6(procGetAdaptersAddresses.Addr(), 5, uintptr(family), uintptr(flags), uintptr(reserved), uintptr(unsafe.Pointer(adapterAddresses)), uintptr(unsafe.Pointer(sizePointer)), 0) + r0, _, _ := syscall.SyscallN(procGetAdaptersAddresses.Addr(), uintptr(family), uintptr(flags), uintptr(reserved), uintptr(unsafe.Pointer(adapterAddresses)), uintptr(unsafe.Pointer(sizePointer))) if r0 != 0 { errcode = syscall.Errno(r0) } @@ -1631,7 +1631,7 @@ func GetAdaptersAddresses(family uint32, flags uint32, reserved uintptr, adapter } func GetAdaptersInfo(ai *IpAdapterInfo, ol *uint32) (errcode error) { - r0, _, _ := syscall.Syscall(procGetAdaptersInfo.Addr(), 2, uintptr(unsafe.Pointer(ai)), uintptr(unsafe.Pointer(ol)), 0) + r0, _, _ := syscall.SyscallN(procGetAdaptersInfo.Addr(), uintptr(unsafe.Pointer(ai)), uintptr(unsafe.Pointer(ol))) if r0 != 0 { errcode = syscall.Errno(r0) } @@ -1639,7 +1639,7 @@ func GetAdaptersInfo(ai *IpAdapterInfo, ol *uint32) (errcode error) { } func getBestInterfaceEx(sockaddr unsafe.Pointer, pdwBestIfIndex *uint32) (errcode error) { - r0, _, _ := syscall.Syscall(procGetBestInterfaceEx.Addr(), 2, uintptr(sockaddr), uintptr(unsafe.Pointer(pdwBestIfIndex)), 0) + r0, _, _ := syscall.SyscallN(procGetBestInterfaceEx.Addr(), uintptr(sockaddr), uintptr(unsafe.Pointer(pdwBestIfIndex))) if r0 != 0 { errcode = syscall.Errno(r0) } @@ -1647,7 +1647,7 @@ func getBestInterfaceEx(sockaddr unsafe.Pointer, pdwBestIfIndex *uint32) (errcod } func GetIfEntry(pIfRow *MibIfRow) (errcode error) { - r0, _, _ := syscall.Syscall(procGetIfEntry.Addr(), 1, uintptr(unsafe.Pointer(pIfRow)), 0, 0) + r0, _, _ := syscall.SyscallN(procGetIfEntry.Addr(), uintptr(unsafe.Pointer(pIfRow))) if r0 != 0 { errcode = syscall.Errno(r0) } @@ -1655,7 +1655,7 @@ func GetIfEntry(pIfRow *MibIfRow) (errcode error) { } func GetIfEntry2Ex(level uint32, row *MibIfRow2) (errcode error) { - r0, _, _ := syscall.Syscall(procGetIfEntry2Ex.Addr(), 2, uintptr(level), uintptr(unsafe.Pointer(row)), 0) + r0, _, _ := syscall.SyscallN(procGetIfEntry2Ex.Addr(), uintptr(level), uintptr(unsafe.Pointer(row))) if r0 != 0 { errcode = syscall.Errno(r0) } @@ -1663,7 +1663,7 @@ func GetIfEntry2Ex(level uint32, row *MibIfRow2) (errcode error) { } func GetUnicastIpAddressEntry(row *MibUnicastIpAddressRow) (errcode error) { - r0, _, _ := syscall.Syscall(procGetUnicastIpAddressEntry.Addr(), 1, uintptr(unsafe.Pointer(row)), 0, 0) + r0, _, _ := syscall.SyscallN(procGetUnicastIpAddressEntry.Addr(), uintptr(unsafe.Pointer(row))) if r0 != 0 { errcode = syscall.Errno(r0) } @@ -1675,7 +1675,7 @@ func NotifyIpInterfaceChange(family uint16, callback uintptr, callerContext unsa if initialNotification { _p0 = 1 } - r0, _, _ := syscall.Syscall6(procNotifyIpInterfaceChange.Addr(), 5, uintptr(family), uintptr(callback), uintptr(callerContext), uintptr(_p0), uintptr(unsafe.Pointer(notificationHandle)), 0) + r0, _, _ := syscall.SyscallN(procNotifyIpInterfaceChange.Addr(), uintptr(family), uintptr(callback), uintptr(callerContext), uintptr(_p0), uintptr(unsafe.Pointer(notificationHandle))) if r0 != 0 { errcode = syscall.Errno(r0) } @@ -1687,7 +1687,7 @@ func NotifyUnicastIpAddressChange(family uint16, callback uintptr, callerContext if initialNotification { _p0 = 1 } - r0, _, _ := syscall.Syscall6(procNotifyUnicastIpAddressChange.Addr(), 5, uintptr(family), uintptr(callback), uintptr(callerContext), uintptr(_p0), uintptr(unsafe.Pointer(notificationHandle)), 0) + r0, _, _ := syscall.SyscallN(procNotifyUnicastIpAddressChange.Addr(), uintptr(family), uintptr(callback), uintptr(callerContext), uintptr(_p0), uintptr(unsafe.Pointer(notificationHandle))) if r0 != 0 { errcode = syscall.Errno(r0) } @@ -1695,7 +1695,7 @@ func NotifyUnicastIpAddressChange(family uint16, callback uintptr, callerContext } func AddDllDirectory(path *uint16) (cookie uintptr, err error) { - r0, _, e1 := syscall.Syscall(procAddDllDirectory.Addr(), 1, uintptr(unsafe.Pointer(path)), 0, 0) + r0, _, e1 := syscall.SyscallN(procAddDllDirectory.Addr(), uintptr(unsafe.Pointer(path))) cookie = uintptr(r0) if cookie == 0 { err = errnoErr(e1) @@ -1704,7 +1704,7 @@ func AddDllDirectory(path *uint16) (cookie uintptr, err error) { } func AssignProcessToJobObject(job Handle, process Handle) (err error) { - r1, _, e1 := syscall.Syscall(procAssignProcessToJobObject.Addr(), 2, uintptr(job), uintptr(process), 0) + r1, _, e1 := syscall.SyscallN(procAssignProcessToJobObject.Addr(), uintptr(job), uintptr(process)) if r1 == 0 { err = errnoErr(e1) } @@ -1712,7 +1712,7 @@ func AssignProcessToJobObject(job Handle, process Handle) (err error) { } func CancelIo(s Handle) (err error) { - r1, _, e1 := syscall.Syscall(procCancelIo.Addr(), 1, uintptr(s), 0, 0) + r1, _, e1 := syscall.SyscallN(procCancelIo.Addr(), uintptr(s)) if r1 == 0 { err = errnoErr(e1) } @@ -1720,7 +1720,7 @@ func CancelIo(s Handle) (err error) { } func CancelIoEx(s Handle, o *Overlapped) (err error) { - r1, _, e1 := syscall.Syscall(procCancelIoEx.Addr(), 2, uintptr(s), uintptr(unsafe.Pointer(o)), 0) + r1, _, e1 := syscall.SyscallN(procCancelIoEx.Addr(), uintptr(s), uintptr(unsafe.Pointer(o))) if r1 == 0 { err = errnoErr(e1) } @@ -1728,7 +1728,7 @@ func CancelIoEx(s Handle, o *Overlapped) (err error) { } func ClearCommBreak(handle Handle) (err error) { - r1, _, e1 := syscall.Syscall(procClearCommBreak.Addr(), 1, uintptr(handle), 0, 0) + r1, _, e1 := syscall.SyscallN(procClearCommBreak.Addr(), uintptr(handle)) if r1 == 0 { err = errnoErr(e1) } @@ -1736,7 +1736,7 @@ func ClearCommBreak(handle Handle) (err error) { } func ClearCommError(handle Handle, lpErrors *uint32, lpStat *ComStat) (err error) { - r1, _, e1 := syscall.Syscall(procClearCommError.Addr(), 3, uintptr(handle), uintptr(unsafe.Pointer(lpErrors)), uintptr(unsafe.Pointer(lpStat))) + r1, _, e1 := syscall.SyscallN(procClearCommError.Addr(), uintptr(handle), uintptr(unsafe.Pointer(lpErrors)), uintptr(unsafe.Pointer(lpStat))) if r1 == 0 { err = errnoErr(e1) } @@ -1744,7 +1744,7 @@ func ClearCommError(handle Handle, lpErrors *uint32, lpStat *ComStat) (err error } func CloseHandle(handle Handle) (err error) { - r1, _, e1 := syscall.Syscall(procCloseHandle.Addr(), 1, uintptr(handle), 0, 0) + r1, _, e1 := syscall.SyscallN(procCloseHandle.Addr(), uintptr(handle)) if r1 == 0 { err = errnoErr(e1) } @@ -1752,12 +1752,12 @@ func CloseHandle(handle Handle) (err error) { } func ClosePseudoConsole(console Handle) { - syscall.Syscall(procClosePseudoConsole.Addr(), 1, uintptr(console), 0, 0) + syscall.SyscallN(procClosePseudoConsole.Addr(), uintptr(console)) return } func ConnectNamedPipe(pipe Handle, overlapped *Overlapped) (err error) { - r1, _, e1 := syscall.Syscall(procConnectNamedPipe.Addr(), 2, uintptr(pipe), uintptr(unsafe.Pointer(overlapped)), 0) + r1, _, e1 := syscall.SyscallN(procConnectNamedPipe.Addr(), uintptr(pipe), uintptr(unsafe.Pointer(overlapped))) if r1 == 0 { err = errnoErr(e1) } @@ -1765,7 +1765,7 @@ func ConnectNamedPipe(pipe Handle, overlapped *Overlapped) (err error) { } func CreateDirectory(path *uint16, sa *SecurityAttributes) (err error) { - r1, _, e1 := syscall.Syscall(procCreateDirectoryW.Addr(), 2, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(sa)), 0) + r1, _, e1 := syscall.SyscallN(procCreateDirectoryW.Addr(), uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(sa))) if r1 == 0 { err = errnoErr(e1) } @@ -1773,7 +1773,7 @@ func CreateDirectory(path *uint16, sa *SecurityAttributes) (err error) { } func CreateEventEx(eventAttrs *SecurityAttributes, name *uint16, flags uint32, desiredAccess uint32) (handle Handle, err error) { - r0, _, e1 := syscall.Syscall6(procCreateEventExW.Addr(), 4, uintptr(unsafe.Pointer(eventAttrs)), uintptr(unsafe.Pointer(name)), uintptr(flags), uintptr(desiredAccess), 0, 0) + r0, _, e1 := syscall.SyscallN(procCreateEventExW.Addr(), uintptr(unsafe.Pointer(eventAttrs)), uintptr(unsafe.Pointer(name)), uintptr(flags), uintptr(desiredAccess)) handle = Handle(r0) if handle == 0 || e1 == ERROR_ALREADY_EXISTS { err = errnoErr(e1) @@ -1782,7 +1782,7 @@ func CreateEventEx(eventAttrs *SecurityAttributes, name *uint16, flags uint32, d } func CreateEvent(eventAttrs *SecurityAttributes, manualReset uint32, initialState uint32, name *uint16) (handle Handle, err error) { - r0, _, e1 := syscall.Syscall6(procCreateEventW.Addr(), 4, uintptr(unsafe.Pointer(eventAttrs)), uintptr(manualReset), uintptr(initialState), uintptr(unsafe.Pointer(name)), 0, 0) + r0, _, e1 := syscall.SyscallN(procCreateEventW.Addr(), uintptr(unsafe.Pointer(eventAttrs)), uintptr(manualReset), uintptr(initialState), uintptr(unsafe.Pointer(name))) handle = Handle(r0) if handle == 0 || e1 == ERROR_ALREADY_EXISTS { err = errnoErr(e1) @@ -1791,7 +1791,7 @@ func CreateEvent(eventAttrs *SecurityAttributes, manualReset uint32, initialStat } func CreateFileMapping(fhandle Handle, sa *SecurityAttributes, prot uint32, maxSizeHigh uint32, maxSizeLow uint32, name *uint16) (handle Handle, err error) { - r0, _, e1 := syscall.Syscall6(procCreateFileMappingW.Addr(), 6, uintptr(fhandle), uintptr(unsafe.Pointer(sa)), uintptr(prot), uintptr(maxSizeHigh), uintptr(maxSizeLow), uintptr(unsafe.Pointer(name))) + r0, _, e1 := syscall.SyscallN(procCreateFileMappingW.Addr(), uintptr(fhandle), uintptr(unsafe.Pointer(sa)), uintptr(prot), uintptr(maxSizeHigh), uintptr(maxSizeLow), uintptr(unsafe.Pointer(name))) handle = Handle(r0) if handle == 0 || e1 == ERROR_ALREADY_EXISTS { err = errnoErr(e1) @@ -1800,7 +1800,7 @@ func CreateFileMapping(fhandle Handle, sa *SecurityAttributes, prot uint32, maxS } func CreateFile(name *uint16, access uint32, mode uint32, sa *SecurityAttributes, createmode uint32, attrs uint32, templatefile Handle) (handle Handle, err error) { - r0, _, e1 := syscall.Syscall9(procCreateFileW.Addr(), 7, uintptr(unsafe.Pointer(name)), uintptr(access), uintptr(mode), uintptr(unsafe.Pointer(sa)), uintptr(createmode), uintptr(attrs), uintptr(templatefile), 0, 0) + r0, _, e1 := syscall.SyscallN(procCreateFileW.Addr(), uintptr(unsafe.Pointer(name)), uintptr(access), uintptr(mode), uintptr(unsafe.Pointer(sa)), uintptr(createmode), uintptr(attrs), uintptr(templatefile)) handle = Handle(r0) if handle == InvalidHandle { err = errnoErr(e1) @@ -1809,7 +1809,7 @@ func CreateFile(name *uint16, access uint32, mode uint32, sa *SecurityAttributes } func CreateHardLink(filename *uint16, existingfilename *uint16, reserved uintptr) (err error) { - r1, _, e1 := syscall.Syscall(procCreateHardLinkW.Addr(), 3, uintptr(unsafe.Pointer(filename)), uintptr(unsafe.Pointer(existingfilename)), uintptr(reserved)) + r1, _, e1 := syscall.SyscallN(procCreateHardLinkW.Addr(), uintptr(unsafe.Pointer(filename)), uintptr(unsafe.Pointer(existingfilename)), uintptr(reserved)) if r1&0xff == 0 { err = errnoErr(e1) } @@ -1817,7 +1817,7 @@ func CreateHardLink(filename *uint16, existingfilename *uint16, reserved uintptr } func CreateIoCompletionPort(filehandle Handle, cphandle Handle, key uintptr, threadcnt uint32) (handle Handle, err error) { - r0, _, e1 := syscall.Syscall6(procCreateIoCompletionPort.Addr(), 4, uintptr(filehandle), uintptr(cphandle), uintptr(key), uintptr(threadcnt), 0, 0) + r0, _, e1 := syscall.SyscallN(procCreateIoCompletionPort.Addr(), uintptr(filehandle), uintptr(cphandle), uintptr(key), uintptr(threadcnt)) handle = Handle(r0) if handle == 0 { err = errnoErr(e1) @@ -1826,7 +1826,7 @@ func CreateIoCompletionPort(filehandle Handle, cphandle Handle, key uintptr, thr } func CreateJobObject(jobAttr *SecurityAttributes, name *uint16) (handle Handle, err error) { - r0, _, e1 := syscall.Syscall(procCreateJobObjectW.Addr(), 2, uintptr(unsafe.Pointer(jobAttr)), uintptr(unsafe.Pointer(name)), 0) + r0, _, e1 := syscall.SyscallN(procCreateJobObjectW.Addr(), uintptr(unsafe.Pointer(jobAttr)), uintptr(unsafe.Pointer(name))) handle = Handle(r0) if handle == 0 { err = errnoErr(e1) @@ -1835,7 +1835,7 @@ func CreateJobObject(jobAttr *SecurityAttributes, name *uint16) (handle Handle, } func CreateMutexEx(mutexAttrs *SecurityAttributes, name *uint16, flags uint32, desiredAccess uint32) (handle Handle, err error) { - r0, _, e1 := syscall.Syscall6(procCreateMutexExW.Addr(), 4, uintptr(unsafe.Pointer(mutexAttrs)), uintptr(unsafe.Pointer(name)), uintptr(flags), uintptr(desiredAccess), 0, 0) + r0, _, e1 := syscall.SyscallN(procCreateMutexExW.Addr(), uintptr(unsafe.Pointer(mutexAttrs)), uintptr(unsafe.Pointer(name)), uintptr(flags), uintptr(desiredAccess)) handle = Handle(r0) if handle == 0 || e1 == ERROR_ALREADY_EXISTS { err = errnoErr(e1) @@ -1848,7 +1848,7 @@ func CreateMutex(mutexAttrs *SecurityAttributes, initialOwner bool, name *uint16 if initialOwner { _p0 = 1 } - r0, _, e1 := syscall.Syscall(procCreateMutexW.Addr(), 3, uintptr(unsafe.Pointer(mutexAttrs)), uintptr(_p0), uintptr(unsafe.Pointer(name))) + r0, _, e1 := syscall.SyscallN(procCreateMutexW.Addr(), uintptr(unsafe.Pointer(mutexAttrs)), uintptr(_p0), uintptr(unsafe.Pointer(name))) handle = Handle(r0) if handle == 0 || e1 == ERROR_ALREADY_EXISTS { err = errnoErr(e1) @@ -1857,7 +1857,7 @@ func CreateMutex(mutexAttrs *SecurityAttributes, initialOwner bool, name *uint16 } func CreateNamedPipe(name *uint16, flags uint32, pipeMode uint32, maxInstances uint32, outSize uint32, inSize uint32, defaultTimeout uint32, sa *SecurityAttributes) (handle Handle, err error) { - r0, _, e1 := syscall.Syscall9(procCreateNamedPipeW.Addr(), 8, uintptr(unsafe.Pointer(name)), uintptr(flags), uintptr(pipeMode), uintptr(maxInstances), uintptr(outSize), uintptr(inSize), uintptr(defaultTimeout), uintptr(unsafe.Pointer(sa)), 0) + r0, _, e1 := syscall.SyscallN(procCreateNamedPipeW.Addr(), uintptr(unsafe.Pointer(name)), uintptr(flags), uintptr(pipeMode), uintptr(maxInstances), uintptr(outSize), uintptr(inSize), uintptr(defaultTimeout), uintptr(unsafe.Pointer(sa))) handle = Handle(r0) if handle == InvalidHandle { err = errnoErr(e1) @@ -1866,7 +1866,7 @@ func CreateNamedPipe(name *uint16, flags uint32, pipeMode uint32, maxInstances u } func CreatePipe(readhandle *Handle, writehandle *Handle, sa *SecurityAttributes, size uint32) (err error) { - r1, _, e1 := syscall.Syscall6(procCreatePipe.Addr(), 4, uintptr(unsafe.Pointer(readhandle)), uintptr(unsafe.Pointer(writehandle)), uintptr(unsafe.Pointer(sa)), uintptr(size), 0, 0) + r1, _, e1 := syscall.SyscallN(procCreatePipe.Addr(), uintptr(unsafe.Pointer(readhandle)), uintptr(unsafe.Pointer(writehandle)), uintptr(unsafe.Pointer(sa)), uintptr(size)) if r1 == 0 { err = errnoErr(e1) } @@ -1878,7 +1878,7 @@ func CreateProcess(appName *uint16, commandLine *uint16, procSecurity *SecurityA if inheritHandles { _p0 = 1 } - r1, _, e1 := syscall.Syscall12(procCreateProcessW.Addr(), 10, uintptr(unsafe.Pointer(appName)), uintptr(unsafe.Pointer(commandLine)), uintptr(unsafe.Pointer(procSecurity)), uintptr(unsafe.Pointer(threadSecurity)), uintptr(_p0), uintptr(creationFlags), uintptr(unsafe.Pointer(env)), uintptr(unsafe.Pointer(currentDir)), uintptr(unsafe.Pointer(startupInfo)), uintptr(unsafe.Pointer(outProcInfo)), 0, 0) + r1, _, e1 := syscall.SyscallN(procCreateProcessW.Addr(), uintptr(unsafe.Pointer(appName)), uintptr(unsafe.Pointer(commandLine)), uintptr(unsafe.Pointer(procSecurity)), uintptr(unsafe.Pointer(threadSecurity)), uintptr(_p0), uintptr(creationFlags), uintptr(unsafe.Pointer(env)), uintptr(unsafe.Pointer(currentDir)), uintptr(unsafe.Pointer(startupInfo)), uintptr(unsafe.Pointer(outProcInfo))) if r1 == 0 { err = errnoErr(e1) } @@ -1886,7 +1886,7 @@ func CreateProcess(appName *uint16, commandLine *uint16, procSecurity *SecurityA } func createPseudoConsole(size uint32, in Handle, out Handle, flags uint32, pconsole *Handle) (hr error) { - r0, _, _ := syscall.Syscall6(procCreatePseudoConsole.Addr(), 5, uintptr(size), uintptr(in), uintptr(out), uintptr(flags), uintptr(unsafe.Pointer(pconsole)), 0) + r0, _, _ := syscall.SyscallN(procCreatePseudoConsole.Addr(), uintptr(size), uintptr(in), uintptr(out), uintptr(flags), uintptr(unsafe.Pointer(pconsole))) if r0 != 0 { hr = syscall.Errno(r0) } @@ -1894,7 +1894,7 @@ func createPseudoConsole(size uint32, in Handle, out Handle, flags uint32, pcons } func CreateSymbolicLink(symlinkfilename *uint16, targetfilename *uint16, flags uint32) (err error) { - r1, _, e1 := syscall.Syscall(procCreateSymbolicLinkW.Addr(), 3, uintptr(unsafe.Pointer(symlinkfilename)), uintptr(unsafe.Pointer(targetfilename)), uintptr(flags)) + r1, _, e1 := syscall.SyscallN(procCreateSymbolicLinkW.Addr(), uintptr(unsafe.Pointer(symlinkfilename)), uintptr(unsafe.Pointer(targetfilename)), uintptr(flags)) if r1&0xff == 0 { err = errnoErr(e1) } @@ -1902,7 +1902,7 @@ func CreateSymbolicLink(symlinkfilename *uint16, targetfilename *uint16, flags u } func CreateToolhelp32Snapshot(flags uint32, processId uint32) (handle Handle, err error) { - r0, _, e1 := syscall.Syscall(procCreateToolhelp32Snapshot.Addr(), 2, uintptr(flags), uintptr(processId), 0) + r0, _, e1 := syscall.SyscallN(procCreateToolhelp32Snapshot.Addr(), uintptr(flags), uintptr(processId)) handle = Handle(r0) if handle == InvalidHandle { err = errnoErr(e1) @@ -1911,7 +1911,7 @@ func CreateToolhelp32Snapshot(flags uint32, processId uint32) (handle Handle, er } func DefineDosDevice(flags uint32, deviceName *uint16, targetPath *uint16) (err error) { - r1, _, e1 := syscall.Syscall(procDefineDosDeviceW.Addr(), 3, uintptr(flags), uintptr(unsafe.Pointer(deviceName)), uintptr(unsafe.Pointer(targetPath))) + r1, _, e1 := syscall.SyscallN(procDefineDosDeviceW.Addr(), uintptr(flags), uintptr(unsafe.Pointer(deviceName)), uintptr(unsafe.Pointer(targetPath))) if r1 == 0 { err = errnoErr(e1) } @@ -1919,7 +1919,7 @@ func DefineDosDevice(flags uint32, deviceName *uint16, targetPath *uint16) (err } func DeleteFile(path *uint16) (err error) { - r1, _, e1 := syscall.Syscall(procDeleteFileW.Addr(), 1, uintptr(unsafe.Pointer(path)), 0, 0) + r1, _, e1 := syscall.SyscallN(procDeleteFileW.Addr(), uintptr(unsafe.Pointer(path))) if r1 == 0 { err = errnoErr(e1) } @@ -1927,12 +1927,12 @@ func DeleteFile(path *uint16) (err error) { } func deleteProcThreadAttributeList(attrlist *ProcThreadAttributeList) { - syscall.Syscall(procDeleteProcThreadAttributeList.Addr(), 1, uintptr(unsafe.Pointer(attrlist)), 0, 0) + syscall.SyscallN(procDeleteProcThreadAttributeList.Addr(), uintptr(unsafe.Pointer(attrlist))) return } func DeleteVolumeMountPoint(volumeMountPoint *uint16) (err error) { - r1, _, e1 := syscall.Syscall(procDeleteVolumeMountPointW.Addr(), 1, uintptr(unsafe.Pointer(volumeMountPoint)), 0, 0) + r1, _, e1 := syscall.SyscallN(procDeleteVolumeMountPointW.Addr(), uintptr(unsafe.Pointer(volumeMountPoint))) if r1 == 0 { err = errnoErr(e1) } @@ -1940,7 +1940,7 @@ func DeleteVolumeMountPoint(volumeMountPoint *uint16) (err error) { } func DeviceIoControl(handle Handle, ioControlCode uint32, inBuffer *byte, inBufferSize uint32, outBuffer *byte, outBufferSize uint32, bytesReturned *uint32, overlapped *Overlapped) (err error) { - r1, _, e1 := syscall.Syscall9(procDeviceIoControl.Addr(), 8, uintptr(handle), uintptr(ioControlCode), uintptr(unsafe.Pointer(inBuffer)), uintptr(inBufferSize), uintptr(unsafe.Pointer(outBuffer)), uintptr(outBufferSize), uintptr(unsafe.Pointer(bytesReturned)), uintptr(unsafe.Pointer(overlapped)), 0) + r1, _, e1 := syscall.SyscallN(procDeviceIoControl.Addr(), uintptr(handle), uintptr(ioControlCode), uintptr(unsafe.Pointer(inBuffer)), uintptr(inBufferSize), uintptr(unsafe.Pointer(outBuffer)), uintptr(outBufferSize), uintptr(unsafe.Pointer(bytesReturned)), uintptr(unsafe.Pointer(overlapped))) if r1 == 0 { err = errnoErr(e1) } @@ -1948,7 +1948,7 @@ func DeviceIoControl(handle Handle, ioControlCode uint32, inBuffer *byte, inBuff } func DisconnectNamedPipe(pipe Handle) (err error) { - r1, _, e1 := syscall.Syscall(procDisconnectNamedPipe.Addr(), 1, uintptr(pipe), 0, 0) + r1, _, e1 := syscall.SyscallN(procDisconnectNamedPipe.Addr(), uintptr(pipe)) if r1 == 0 { err = errnoErr(e1) } @@ -1960,7 +1960,7 @@ func DuplicateHandle(hSourceProcessHandle Handle, hSourceHandle Handle, hTargetP if bInheritHandle { _p0 = 1 } - r1, _, e1 := syscall.Syscall9(procDuplicateHandle.Addr(), 7, uintptr(hSourceProcessHandle), uintptr(hSourceHandle), uintptr(hTargetProcessHandle), uintptr(unsafe.Pointer(lpTargetHandle)), uintptr(dwDesiredAccess), uintptr(_p0), uintptr(dwOptions), 0, 0) + r1, _, e1 := syscall.SyscallN(procDuplicateHandle.Addr(), uintptr(hSourceProcessHandle), uintptr(hSourceHandle), uintptr(hTargetProcessHandle), uintptr(unsafe.Pointer(lpTargetHandle)), uintptr(dwDesiredAccess), uintptr(_p0), uintptr(dwOptions)) if r1 == 0 { err = errnoErr(e1) } @@ -1968,7 +1968,7 @@ func DuplicateHandle(hSourceProcessHandle Handle, hSourceHandle Handle, hTargetP } func EscapeCommFunction(handle Handle, dwFunc uint32) (err error) { - r1, _, e1 := syscall.Syscall(procEscapeCommFunction.Addr(), 2, uintptr(handle), uintptr(dwFunc), 0) + r1, _, e1 := syscall.SyscallN(procEscapeCommFunction.Addr(), uintptr(handle), uintptr(dwFunc)) if r1 == 0 { err = errnoErr(e1) } @@ -1976,12 +1976,12 @@ func EscapeCommFunction(handle Handle, dwFunc uint32) (err error) { } func ExitProcess(exitcode uint32) { - syscall.Syscall(procExitProcess.Addr(), 1, uintptr(exitcode), 0, 0) + syscall.SyscallN(procExitProcess.Addr(), uintptr(exitcode)) return } func ExpandEnvironmentStrings(src *uint16, dst *uint16, size uint32) (n uint32, err error) { - r0, _, e1 := syscall.Syscall(procExpandEnvironmentStringsW.Addr(), 3, uintptr(unsafe.Pointer(src)), uintptr(unsafe.Pointer(dst)), uintptr(size)) + r0, _, e1 := syscall.SyscallN(procExpandEnvironmentStringsW.Addr(), uintptr(unsafe.Pointer(src)), uintptr(unsafe.Pointer(dst)), uintptr(size)) n = uint32(r0) if n == 0 { err = errnoErr(e1) @@ -1990,7 +1990,7 @@ func ExpandEnvironmentStrings(src *uint16, dst *uint16, size uint32) (n uint32, } func FindClose(handle Handle) (err error) { - r1, _, e1 := syscall.Syscall(procFindClose.Addr(), 1, uintptr(handle), 0, 0) + r1, _, e1 := syscall.SyscallN(procFindClose.Addr(), uintptr(handle)) if r1 == 0 { err = errnoErr(e1) } @@ -1998,7 +1998,7 @@ func FindClose(handle Handle) (err error) { } func FindCloseChangeNotification(handle Handle) (err error) { - r1, _, e1 := syscall.Syscall(procFindCloseChangeNotification.Addr(), 1, uintptr(handle), 0, 0) + r1, _, e1 := syscall.SyscallN(procFindCloseChangeNotification.Addr(), uintptr(handle)) if r1 == 0 { err = errnoErr(e1) } @@ -2019,7 +2019,7 @@ func _FindFirstChangeNotification(path *uint16, watchSubtree bool, notifyFilter if watchSubtree { _p1 = 1 } - r0, _, e1 := syscall.Syscall(procFindFirstChangeNotificationW.Addr(), 3, uintptr(unsafe.Pointer(path)), uintptr(_p1), uintptr(notifyFilter)) + r0, _, e1 := syscall.SyscallN(procFindFirstChangeNotificationW.Addr(), uintptr(unsafe.Pointer(path)), uintptr(_p1), uintptr(notifyFilter)) handle = Handle(r0) if handle == InvalidHandle { err = errnoErr(e1) @@ -2028,7 +2028,7 @@ func _FindFirstChangeNotification(path *uint16, watchSubtree bool, notifyFilter } func findFirstFile1(name *uint16, data *win32finddata1) (handle Handle, err error) { - r0, _, e1 := syscall.Syscall(procFindFirstFileW.Addr(), 2, uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(data)), 0) + r0, _, e1 := syscall.SyscallN(procFindFirstFileW.Addr(), uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(data))) handle = Handle(r0) if handle == InvalidHandle { err = errnoErr(e1) @@ -2037,7 +2037,7 @@ func findFirstFile1(name *uint16, data *win32finddata1) (handle Handle, err erro } func FindFirstVolumeMountPoint(rootPathName *uint16, volumeMountPoint *uint16, bufferLength uint32) (handle Handle, err error) { - r0, _, e1 := syscall.Syscall(procFindFirstVolumeMountPointW.Addr(), 3, uintptr(unsafe.Pointer(rootPathName)), uintptr(unsafe.Pointer(volumeMountPoint)), uintptr(bufferLength)) + r0, _, e1 := syscall.SyscallN(procFindFirstVolumeMountPointW.Addr(), uintptr(unsafe.Pointer(rootPathName)), uintptr(unsafe.Pointer(volumeMountPoint)), uintptr(bufferLength)) handle = Handle(r0) if handle == InvalidHandle { err = errnoErr(e1) @@ -2046,7 +2046,7 @@ func FindFirstVolumeMountPoint(rootPathName *uint16, volumeMountPoint *uint16, b } func FindFirstVolume(volumeName *uint16, bufferLength uint32) (handle Handle, err error) { - r0, _, e1 := syscall.Syscall(procFindFirstVolumeW.Addr(), 2, uintptr(unsafe.Pointer(volumeName)), uintptr(bufferLength), 0) + r0, _, e1 := syscall.SyscallN(procFindFirstVolumeW.Addr(), uintptr(unsafe.Pointer(volumeName)), uintptr(bufferLength)) handle = Handle(r0) if handle == InvalidHandle { err = errnoErr(e1) @@ -2055,7 +2055,7 @@ func FindFirstVolume(volumeName *uint16, bufferLength uint32) (handle Handle, er } func FindNextChangeNotification(handle Handle) (err error) { - r1, _, e1 := syscall.Syscall(procFindNextChangeNotification.Addr(), 1, uintptr(handle), 0, 0) + r1, _, e1 := syscall.SyscallN(procFindNextChangeNotification.Addr(), uintptr(handle)) if r1 == 0 { err = errnoErr(e1) } @@ -2063,7 +2063,7 @@ func FindNextChangeNotification(handle Handle) (err error) { } func findNextFile1(handle Handle, data *win32finddata1) (err error) { - r1, _, e1 := syscall.Syscall(procFindNextFileW.Addr(), 2, uintptr(handle), uintptr(unsafe.Pointer(data)), 0) + r1, _, e1 := syscall.SyscallN(procFindNextFileW.Addr(), uintptr(handle), uintptr(unsafe.Pointer(data))) if r1 == 0 { err = errnoErr(e1) } @@ -2071,7 +2071,7 @@ func findNextFile1(handle Handle, data *win32finddata1) (err error) { } func FindNextVolumeMountPoint(findVolumeMountPoint Handle, volumeMountPoint *uint16, bufferLength uint32) (err error) { - r1, _, e1 := syscall.Syscall(procFindNextVolumeMountPointW.Addr(), 3, uintptr(findVolumeMountPoint), uintptr(unsafe.Pointer(volumeMountPoint)), uintptr(bufferLength)) + r1, _, e1 := syscall.SyscallN(procFindNextVolumeMountPointW.Addr(), uintptr(findVolumeMountPoint), uintptr(unsafe.Pointer(volumeMountPoint)), uintptr(bufferLength)) if r1 == 0 { err = errnoErr(e1) } @@ -2079,7 +2079,7 @@ func FindNextVolumeMountPoint(findVolumeMountPoint Handle, volumeMountPoint *uin } func FindNextVolume(findVolume Handle, volumeName *uint16, bufferLength uint32) (err error) { - r1, _, e1 := syscall.Syscall(procFindNextVolumeW.Addr(), 3, uintptr(findVolume), uintptr(unsafe.Pointer(volumeName)), uintptr(bufferLength)) + r1, _, e1 := syscall.SyscallN(procFindNextVolumeW.Addr(), uintptr(findVolume), uintptr(unsafe.Pointer(volumeName)), uintptr(bufferLength)) if r1 == 0 { err = errnoErr(e1) } @@ -2087,7 +2087,7 @@ func FindNextVolume(findVolume Handle, volumeName *uint16, bufferLength uint32) } func findResource(module Handle, name uintptr, resType uintptr) (resInfo Handle, err error) { - r0, _, e1 := syscall.Syscall(procFindResourceW.Addr(), 3, uintptr(module), uintptr(name), uintptr(resType)) + r0, _, e1 := syscall.SyscallN(procFindResourceW.Addr(), uintptr(module), uintptr(name), uintptr(resType)) resInfo = Handle(r0) if resInfo == 0 { err = errnoErr(e1) @@ -2096,7 +2096,7 @@ func findResource(module Handle, name uintptr, resType uintptr) (resInfo Handle, } func FindVolumeClose(findVolume Handle) (err error) { - r1, _, e1 := syscall.Syscall(procFindVolumeClose.Addr(), 1, uintptr(findVolume), 0, 0) + r1, _, e1 := syscall.SyscallN(procFindVolumeClose.Addr(), uintptr(findVolume)) if r1 == 0 { err = errnoErr(e1) } @@ -2104,7 +2104,7 @@ func FindVolumeClose(findVolume Handle) (err error) { } func FindVolumeMountPointClose(findVolumeMountPoint Handle) (err error) { - r1, _, e1 := syscall.Syscall(procFindVolumeMountPointClose.Addr(), 1, uintptr(findVolumeMountPoint), 0, 0) + r1, _, e1 := syscall.SyscallN(procFindVolumeMountPointClose.Addr(), uintptr(findVolumeMountPoint)) if r1 == 0 { err = errnoErr(e1) } @@ -2112,7 +2112,7 @@ func FindVolumeMountPointClose(findVolumeMountPoint Handle) (err error) { } func FlushFileBuffers(handle Handle) (err error) { - r1, _, e1 := syscall.Syscall(procFlushFileBuffers.Addr(), 1, uintptr(handle), 0, 0) + r1, _, e1 := syscall.SyscallN(procFlushFileBuffers.Addr(), uintptr(handle)) if r1 == 0 { err = errnoErr(e1) } @@ -2120,7 +2120,7 @@ func FlushFileBuffers(handle Handle) (err error) { } func FlushViewOfFile(addr uintptr, length uintptr) (err error) { - r1, _, e1 := syscall.Syscall(procFlushViewOfFile.Addr(), 2, uintptr(addr), uintptr(length), 0) + r1, _, e1 := syscall.SyscallN(procFlushViewOfFile.Addr(), uintptr(addr), uintptr(length)) if r1 == 0 { err = errnoErr(e1) } @@ -2132,7 +2132,7 @@ func FormatMessage(flags uint32, msgsrc uintptr, msgid uint32, langid uint32, bu if len(buf) > 0 { _p0 = &buf[0] } - r0, _, e1 := syscall.Syscall9(procFormatMessageW.Addr(), 7, uintptr(flags), uintptr(msgsrc), uintptr(msgid), uintptr(langid), uintptr(unsafe.Pointer(_p0)), uintptr(len(buf)), uintptr(unsafe.Pointer(args)), 0, 0) + r0, _, e1 := syscall.SyscallN(procFormatMessageW.Addr(), uintptr(flags), uintptr(msgsrc), uintptr(msgid), uintptr(langid), uintptr(unsafe.Pointer(_p0)), uintptr(len(buf)), uintptr(unsafe.Pointer(args))) n = uint32(r0) if n == 0 { err = errnoErr(e1) @@ -2141,7 +2141,7 @@ func FormatMessage(flags uint32, msgsrc uintptr, msgid uint32, langid uint32, bu } func FreeEnvironmentStrings(envs *uint16) (err error) { - r1, _, e1 := syscall.Syscall(procFreeEnvironmentStringsW.Addr(), 1, uintptr(unsafe.Pointer(envs)), 0, 0) + r1, _, e1 := syscall.SyscallN(procFreeEnvironmentStringsW.Addr(), uintptr(unsafe.Pointer(envs))) if r1 == 0 { err = errnoErr(e1) } @@ -2149,7 +2149,7 @@ func FreeEnvironmentStrings(envs *uint16) (err error) { } func FreeLibrary(handle Handle) (err error) { - r1, _, e1 := syscall.Syscall(procFreeLibrary.Addr(), 1, uintptr(handle), 0, 0) + r1, _, e1 := syscall.SyscallN(procFreeLibrary.Addr(), uintptr(handle)) if r1 == 0 { err = errnoErr(e1) } @@ -2157,7 +2157,7 @@ func FreeLibrary(handle Handle) (err error) { } func GenerateConsoleCtrlEvent(ctrlEvent uint32, processGroupID uint32) (err error) { - r1, _, e1 := syscall.Syscall(procGenerateConsoleCtrlEvent.Addr(), 2, uintptr(ctrlEvent), uintptr(processGroupID), 0) + r1, _, e1 := syscall.SyscallN(procGenerateConsoleCtrlEvent.Addr(), uintptr(ctrlEvent), uintptr(processGroupID)) if r1 == 0 { err = errnoErr(e1) } @@ -2165,19 +2165,19 @@ func GenerateConsoleCtrlEvent(ctrlEvent uint32, processGroupID uint32) (err erro } func GetACP() (acp uint32) { - r0, _, _ := syscall.Syscall(procGetACP.Addr(), 0, 0, 0, 0) + r0, _, _ := syscall.SyscallN(procGetACP.Addr()) acp = uint32(r0) return } func GetActiveProcessorCount(groupNumber uint16) (ret uint32) { - r0, _, _ := syscall.Syscall(procGetActiveProcessorCount.Addr(), 1, uintptr(groupNumber), 0, 0) + r0, _, _ := syscall.SyscallN(procGetActiveProcessorCount.Addr(), uintptr(groupNumber)) ret = uint32(r0) return } func GetCommModemStatus(handle Handle, lpModemStat *uint32) (err error) { - r1, _, e1 := syscall.Syscall(procGetCommModemStatus.Addr(), 2, uintptr(handle), uintptr(unsafe.Pointer(lpModemStat)), 0) + r1, _, e1 := syscall.SyscallN(procGetCommModemStatus.Addr(), uintptr(handle), uintptr(unsafe.Pointer(lpModemStat))) if r1 == 0 { err = errnoErr(e1) } @@ -2185,7 +2185,7 @@ func GetCommModemStatus(handle Handle, lpModemStat *uint32) (err error) { } func GetCommState(handle Handle, lpDCB *DCB) (err error) { - r1, _, e1 := syscall.Syscall(procGetCommState.Addr(), 2, uintptr(handle), uintptr(unsafe.Pointer(lpDCB)), 0) + r1, _, e1 := syscall.SyscallN(procGetCommState.Addr(), uintptr(handle), uintptr(unsafe.Pointer(lpDCB))) if r1 == 0 { err = errnoErr(e1) } @@ -2193,7 +2193,7 @@ func GetCommState(handle Handle, lpDCB *DCB) (err error) { } func GetCommTimeouts(handle Handle, timeouts *CommTimeouts) (err error) { - r1, _, e1 := syscall.Syscall(procGetCommTimeouts.Addr(), 2, uintptr(handle), uintptr(unsafe.Pointer(timeouts)), 0) + r1, _, e1 := syscall.SyscallN(procGetCommTimeouts.Addr(), uintptr(handle), uintptr(unsafe.Pointer(timeouts))) if r1 == 0 { err = errnoErr(e1) } @@ -2201,13 +2201,13 @@ func GetCommTimeouts(handle Handle, timeouts *CommTimeouts) (err error) { } func GetCommandLine() (cmd *uint16) { - r0, _, _ := syscall.Syscall(procGetCommandLineW.Addr(), 0, 0, 0, 0) + r0, _, _ := syscall.SyscallN(procGetCommandLineW.Addr()) cmd = (*uint16)(unsafe.Pointer(r0)) return } func GetComputerNameEx(nametype uint32, buf *uint16, n *uint32) (err error) { - r1, _, e1 := syscall.Syscall(procGetComputerNameExW.Addr(), 3, uintptr(nametype), uintptr(unsafe.Pointer(buf)), uintptr(unsafe.Pointer(n))) + r1, _, e1 := syscall.SyscallN(procGetComputerNameExW.Addr(), uintptr(nametype), uintptr(unsafe.Pointer(buf)), uintptr(unsafe.Pointer(n))) if r1 == 0 { err = errnoErr(e1) } @@ -2215,7 +2215,7 @@ func GetComputerNameEx(nametype uint32, buf *uint16, n *uint32) (err error) { } func GetComputerName(buf *uint16, n *uint32) (err error) { - r1, _, e1 := syscall.Syscall(procGetComputerNameW.Addr(), 2, uintptr(unsafe.Pointer(buf)), uintptr(unsafe.Pointer(n)), 0) + r1, _, e1 := syscall.SyscallN(procGetComputerNameW.Addr(), uintptr(unsafe.Pointer(buf)), uintptr(unsafe.Pointer(n))) if r1 == 0 { err = errnoErr(e1) } @@ -2223,7 +2223,7 @@ func GetComputerName(buf *uint16, n *uint32) (err error) { } func GetConsoleCP() (cp uint32, err error) { - r0, _, e1 := syscall.Syscall(procGetConsoleCP.Addr(), 0, 0, 0, 0) + r0, _, e1 := syscall.SyscallN(procGetConsoleCP.Addr()) cp = uint32(r0) if cp == 0 { err = errnoErr(e1) @@ -2232,7 +2232,7 @@ func GetConsoleCP() (cp uint32, err error) { } func GetConsoleMode(console Handle, mode *uint32) (err error) { - r1, _, e1 := syscall.Syscall(procGetConsoleMode.Addr(), 2, uintptr(console), uintptr(unsafe.Pointer(mode)), 0) + r1, _, e1 := syscall.SyscallN(procGetConsoleMode.Addr(), uintptr(console), uintptr(unsafe.Pointer(mode))) if r1 == 0 { err = errnoErr(e1) } @@ -2240,7 +2240,7 @@ func GetConsoleMode(console Handle, mode *uint32) (err error) { } func GetConsoleOutputCP() (cp uint32, err error) { - r0, _, e1 := syscall.Syscall(procGetConsoleOutputCP.Addr(), 0, 0, 0, 0) + r0, _, e1 := syscall.SyscallN(procGetConsoleOutputCP.Addr()) cp = uint32(r0) if cp == 0 { err = errnoErr(e1) @@ -2249,7 +2249,7 @@ func GetConsoleOutputCP() (cp uint32, err error) { } func GetConsoleScreenBufferInfo(console Handle, info *ConsoleScreenBufferInfo) (err error) { - r1, _, e1 := syscall.Syscall(procGetConsoleScreenBufferInfo.Addr(), 2, uintptr(console), uintptr(unsafe.Pointer(info)), 0) + r1, _, e1 := syscall.SyscallN(procGetConsoleScreenBufferInfo.Addr(), uintptr(console), uintptr(unsafe.Pointer(info))) if r1 == 0 { err = errnoErr(e1) } @@ -2257,7 +2257,7 @@ func GetConsoleScreenBufferInfo(console Handle, info *ConsoleScreenBufferInfo) ( } func GetCurrentDirectory(buflen uint32, buf *uint16) (n uint32, err error) { - r0, _, e1 := syscall.Syscall(procGetCurrentDirectoryW.Addr(), 2, uintptr(buflen), uintptr(unsafe.Pointer(buf)), 0) + r0, _, e1 := syscall.SyscallN(procGetCurrentDirectoryW.Addr(), uintptr(buflen), uintptr(unsafe.Pointer(buf))) n = uint32(r0) if n == 0 { err = errnoErr(e1) @@ -2266,19 +2266,19 @@ func GetCurrentDirectory(buflen uint32, buf *uint16) (n uint32, err error) { } func GetCurrentProcessId() (pid uint32) { - r0, _, _ := syscall.Syscall(procGetCurrentProcessId.Addr(), 0, 0, 0, 0) + r0, _, _ := syscall.SyscallN(procGetCurrentProcessId.Addr()) pid = uint32(r0) return } func GetCurrentThreadId() (id uint32) { - r0, _, _ := syscall.Syscall(procGetCurrentThreadId.Addr(), 0, 0, 0, 0) + r0, _, _ := syscall.SyscallN(procGetCurrentThreadId.Addr()) id = uint32(r0) return } func GetDiskFreeSpaceEx(directoryName *uint16, freeBytesAvailableToCaller *uint64, totalNumberOfBytes *uint64, totalNumberOfFreeBytes *uint64) (err error) { - r1, _, e1 := syscall.Syscall6(procGetDiskFreeSpaceExW.Addr(), 4, uintptr(unsafe.Pointer(directoryName)), uintptr(unsafe.Pointer(freeBytesAvailableToCaller)), uintptr(unsafe.Pointer(totalNumberOfBytes)), uintptr(unsafe.Pointer(totalNumberOfFreeBytes)), 0, 0) + r1, _, e1 := syscall.SyscallN(procGetDiskFreeSpaceExW.Addr(), uintptr(unsafe.Pointer(directoryName)), uintptr(unsafe.Pointer(freeBytesAvailableToCaller)), uintptr(unsafe.Pointer(totalNumberOfBytes)), uintptr(unsafe.Pointer(totalNumberOfFreeBytes))) if r1 == 0 { err = errnoErr(e1) } @@ -2286,13 +2286,13 @@ func GetDiskFreeSpaceEx(directoryName *uint16, freeBytesAvailableToCaller *uint6 } func GetDriveType(rootPathName *uint16) (driveType uint32) { - r0, _, _ := syscall.Syscall(procGetDriveTypeW.Addr(), 1, uintptr(unsafe.Pointer(rootPathName)), 0, 0) + r0, _, _ := syscall.SyscallN(procGetDriveTypeW.Addr(), uintptr(unsafe.Pointer(rootPathName))) driveType = uint32(r0) return } func GetEnvironmentStrings() (envs *uint16, err error) { - r0, _, e1 := syscall.Syscall(procGetEnvironmentStringsW.Addr(), 0, 0, 0, 0) + r0, _, e1 := syscall.SyscallN(procGetEnvironmentStringsW.Addr()) envs = (*uint16)(unsafe.Pointer(r0)) if envs == nil { err = errnoErr(e1) @@ -2301,7 +2301,7 @@ func GetEnvironmentStrings() (envs *uint16, err error) { } func GetEnvironmentVariable(name *uint16, buffer *uint16, size uint32) (n uint32, err error) { - r0, _, e1 := syscall.Syscall(procGetEnvironmentVariableW.Addr(), 3, uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(buffer)), uintptr(size)) + r0, _, e1 := syscall.SyscallN(procGetEnvironmentVariableW.Addr(), uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(buffer)), uintptr(size)) n = uint32(r0) if n == 0 { err = errnoErr(e1) @@ -2310,7 +2310,7 @@ func GetEnvironmentVariable(name *uint16, buffer *uint16, size uint32) (n uint32 } func GetExitCodeProcess(handle Handle, exitcode *uint32) (err error) { - r1, _, e1 := syscall.Syscall(procGetExitCodeProcess.Addr(), 2, uintptr(handle), uintptr(unsafe.Pointer(exitcode)), 0) + r1, _, e1 := syscall.SyscallN(procGetExitCodeProcess.Addr(), uintptr(handle), uintptr(unsafe.Pointer(exitcode))) if r1 == 0 { err = errnoErr(e1) } @@ -2318,7 +2318,7 @@ func GetExitCodeProcess(handle Handle, exitcode *uint32) (err error) { } func GetFileAttributesEx(name *uint16, level uint32, info *byte) (err error) { - r1, _, e1 := syscall.Syscall(procGetFileAttributesExW.Addr(), 3, uintptr(unsafe.Pointer(name)), uintptr(level), uintptr(unsafe.Pointer(info))) + r1, _, e1 := syscall.SyscallN(procGetFileAttributesExW.Addr(), uintptr(unsafe.Pointer(name)), uintptr(level), uintptr(unsafe.Pointer(info))) if r1 == 0 { err = errnoErr(e1) } @@ -2326,7 +2326,7 @@ func GetFileAttributesEx(name *uint16, level uint32, info *byte) (err error) { } func GetFileAttributes(name *uint16) (attrs uint32, err error) { - r0, _, e1 := syscall.Syscall(procGetFileAttributesW.Addr(), 1, uintptr(unsafe.Pointer(name)), 0, 0) + r0, _, e1 := syscall.SyscallN(procGetFileAttributesW.Addr(), uintptr(unsafe.Pointer(name))) attrs = uint32(r0) if attrs == INVALID_FILE_ATTRIBUTES { err = errnoErr(e1) @@ -2335,7 +2335,7 @@ func GetFileAttributes(name *uint16) (attrs uint32, err error) { } func GetFileInformationByHandle(handle Handle, data *ByHandleFileInformation) (err error) { - r1, _, e1 := syscall.Syscall(procGetFileInformationByHandle.Addr(), 2, uintptr(handle), uintptr(unsafe.Pointer(data)), 0) + r1, _, e1 := syscall.SyscallN(procGetFileInformationByHandle.Addr(), uintptr(handle), uintptr(unsafe.Pointer(data))) if r1 == 0 { err = errnoErr(e1) } @@ -2343,7 +2343,7 @@ func GetFileInformationByHandle(handle Handle, data *ByHandleFileInformation) (e } func GetFileInformationByHandleEx(handle Handle, class uint32, outBuffer *byte, outBufferLen uint32) (err error) { - r1, _, e1 := syscall.Syscall6(procGetFileInformationByHandleEx.Addr(), 4, uintptr(handle), uintptr(class), uintptr(unsafe.Pointer(outBuffer)), uintptr(outBufferLen), 0, 0) + r1, _, e1 := syscall.SyscallN(procGetFileInformationByHandleEx.Addr(), uintptr(handle), uintptr(class), uintptr(unsafe.Pointer(outBuffer)), uintptr(outBufferLen)) if r1 == 0 { err = errnoErr(e1) } @@ -2351,7 +2351,7 @@ func GetFileInformationByHandleEx(handle Handle, class uint32, outBuffer *byte, } func GetFileTime(handle Handle, ctime *Filetime, atime *Filetime, wtime *Filetime) (err error) { - r1, _, e1 := syscall.Syscall6(procGetFileTime.Addr(), 4, uintptr(handle), uintptr(unsafe.Pointer(ctime)), uintptr(unsafe.Pointer(atime)), uintptr(unsafe.Pointer(wtime)), 0, 0) + r1, _, e1 := syscall.SyscallN(procGetFileTime.Addr(), uintptr(handle), uintptr(unsafe.Pointer(ctime)), uintptr(unsafe.Pointer(atime)), uintptr(unsafe.Pointer(wtime))) if r1 == 0 { err = errnoErr(e1) } @@ -2359,7 +2359,7 @@ func GetFileTime(handle Handle, ctime *Filetime, atime *Filetime, wtime *Filetim } func GetFileType(filehandle Handle) (n uint32, err error) { - r0, _, e1 := syscall.Syscall(procGetFileType.Addr(), 1, uintptr(filehandle), 0, 0) + r0, _, e1 := syscall.SyscallN(procGetFileType.Addr(), uintptr(filehandle)) n = uint32(r0) if n == 0 { err = errnoErr(e1) @@ -2368,7 +2368,7 @@ func GetFileType(filehandle Handle) (n uint32, err error) { } func GetFinalPathNameByHandle(file Handle, filePath *uint16, filePathSize uint32, flags uint32) (n uint32, err error) { - r0, _, e1 := syscall.Syscall6(procGetFinalPathNameByHandleW.Addr(), 4, uintptr(file), uintptr(unsafe.Pointer(filePath)), uintptr(filePathSize), uintptr(flags), 0, 0) + r0, _, e1 := syscall.SyscallN(procGetFinalPathNameByHandleW.Addr(), uintptr(file), uintptr(unsafe.Pointer(filePath)), uintptr(filePathSize), uintptr(flags)) n = uint32(r0) if n == 0 { err = errnoErr(e1) @@ -2377,7 +2377,7 @@ func GetFinalPathNameByHandle(file Handle, filePath *uint16, filePathSize uint32 } func GetFullPathName(path *uint16, buflen uint32, buf *uint16, fname **uint16) (n uint32, err error) { - r0, _, e1 := syscall.Syscall6(procGetFullPathNameW.Addr(), 4, uintptr(unsafe.Pointer(path)), uintptr(buflen), uintptr(unsafe.Pointer(buf)), uintptr(unsafe.Pointer(fname)), 0, 0) + r0, _, e1 := syscall.SyscallN(procGetFullPathNameW.Addr(), uintptr(unsafe.Pointer(path)), uintptr(buflen), uintptr(unsafe.Pointer(buf)), uintptr(unsafe.Pointer(fname))) n = uint32(r0) if n == 0 { err = errnoErr(e1) @@ -2386,13 +2386,13 @@ func GetFullPathName(path *uint16, buflen uint32, buf *uint16, fname **uint16) ( } func GetLargePageMinimum() (size uintptr) { - r0, _, _ := syscall.Syscall(procGetLargePageMinimum.Addr(), 0, 0, 0, 0) + r0, _, _ := syscall.SyscallN(procGetLargePageMinimum.Addr()) size = uintptr(r0) return } func GetLastError() (lasterr error) { - r0, _, _ := syscall.Syscall(procGetLastError.Addr(), 0, 0, 0, 0) + r0, _, _ := syscall.SyscallN(procGetLastError.Addr()) if r0 != 0 { lasterr = syscall.Errno(r0) } @@ -2400,7 +2400,7 @@ func GetLastError() (lasterr error) { } func GetLogicalDriveStrings(bufferLength uint32, buffer *uint16) (n uint32, err error) { - r0, _, e1 := syscall.Syscall(procGetLogicalDriveStringsW.Addr(), 2, uintptr(bufferLength), uintptr(unsafe.Pointer(buffer)), 0) + r0, _, e1 := syscall.SyscallN(procGetLogicalDriveStringsW.Addr(), uintptr(bufferLength), uintptr(unsafe.Pointer(buffer))) n = uint32(r0) if n == 0 { err = errnoErr(e1) @@ -2409,7 +2409,7 @@ func GetLogicalDriveStrings(bufferLength uint32, buffer *uint16) (n uint32, err } func GetLogicalDrives() (drivesBitMask uint32, err error) { - r0, _, e1 := syscall.Syscall(procGetLogicalDrives.Addr(), 0, 0, 0, 0) + r0, _, e1 := syscall.SyscallN(procGetLogicalDrives.Addr()) drivesBitMask = uint32(r0) if drivesBitMask == 0 { err = errnoErr(e1) @@ -2418,7 +2418,7 @@ func GetLogicalDrives() (drivesBitMask uint32, err error) { } func GetLongPathName(path *uint16, buf *uint16, buflen uint32) (n uint32, err error) { - r0, _, e1 := syscall.Syscall(procGetLongPathNameW.Addr(), 3, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(buf)), uintptr(buflen)) + r0, _, e1 := syscall.SyscallN(procGetLongPathNameW.Addr(), uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(buf)), uintptr(buflen)) n = uint32(r0) if n == 0 { err = errnoErr(e1) @@ -2427,13 +2427,13 @@ func GetLongPathName(path *uint16, buf *uint16, buflen uint32) (n uint32, err er } func GetMaximumProcessorCount(groupNumber uint16) (ret uint32) { - r0, _, _ := syscall.Syscall(procGetMaximumProcessorCount.Addr(), 1, uintptr(groupNumber), 0, 0) + r0, _, _ := syscall.SyscallN(procGetMaximumProcessorCount.Addr(), uintptr(groupNumber)) ret = uint32(r0) return } func GetModuleFileName(module Handle, filename *uint16, size uint32) (n uint32, err error) { - r0, _, e1 := syscall.Syscall(procGetModuleFileNameW.Addr(), 3, uintptr(module), uintptr(unsafe.Pointer(filename)), uintptr(size)) + r0, _, e1 := syscall.SyscallN(procGetModuleFileNameW.Addr(), uintptr(module), uintptr(unsafe.Pointer(filename)), uintptr(size)) n = uint32(r0) if n == 0 { err = errnoErr(e1) @@ -2442,7 +2442,7 @@ func GetModuleFileName(module Handle, filename *uint16, size uint32) (n uint32, } func GetModuleHandleEx(flags uint32, moduleName *uint16, module *Handle) (err error) { - r1, _, e1 := syscall.Syscall(procGetModuleHandleExW.Addr(), 3, uintptr(flags), uintptr(unsafe.Pointer(moduleName)), uintptr(unsafe.Pointer(module))) + r1, _, e1 := syscall.SyscallN(procGetModuleHandleExW.Addr(), uintptr(flags), uintptr(unsafe.Pointer(moduleName)), uintptr(unsafe.Pointer(module))) if r1 == 0 { err = errnoErr(e1) } @@ -2450,7 +2450,7 @@ func GetModuleHandleEx(flags uint32, moduleName *uint16, module *Handle) (err er } func GetNamedPipeClientProcessId(pipe Handle, clientProcessID *uint32) (err error) { - r1, _, e1 := syscall.Syscall(procGetNamedPipeClientProcessId.Addr(), 2, uintptr(pipe), uintptr(unsafe.Pointer(clientProcessID)), 0) + r1, _, e1 := syscall.SyscallN(procGetNamedPipeClientProcessId.Addr(), uintptr(pipe), uintptr(unsafe.Pointer(clientProcessID))) if r1 == 0 { err = errnoErr(e1) } @@ -2458,7 +2458,7 @@ func GetNamedPipeClientProcessId(pipe Handle, clientProcessID *uint32) (err erro } func GetNamedPipeHandleState(pipe Handle, state *uint32, curInstances *uint32, maxCollectionCount *uint32, collectDataTimeout *uint32, userName *uint16, maxUserNameSize uint32) (err error) { - r1, _, e1 := syscall.Syscall9(procGetNamedPipeHandleStateW.Addr(), 7, uintptr(pipe), uintptr(unsafe.Pointer(state)), uintptr(unsafe.Pointer(curInstances)), uintptr(unsafe.Pointer(maxCollectionCount)), uintptr(unsafe.Pointer(collectDataTimeout)), uintptr(unsafe.Pointer(userName)), uintptr(maxUserNameSize), 0, 0) + r1, _, e1 := syscall.SyscallN(procGetNamedPipeHandleStateW.Addr(), uintptr(pipe), uintptr(unsafe.Pointer(state)), uintptr(unsafe.Pointer(curInstances)), uintptr(unsafe.Pointer(maxCollectionCount)), uintptr(unsafe.Pointer(collectDataTimeout)), uintptr(unsafe.Pointer(userName)), uintptr(maxUserNameSize)) if r1 == 0 { err = errnoErr(e1) } @@ -2466,7 +2466,7 @@ func GetNamedPipeHandleState(pipe Handle, state *uint32, curInstances *uint32, m } func GetNamedPipeInfo(pipe Handle, flags *uint32, outSize *uint32, inSize *uint32, maxInstances *uint32) (err error) { - r1, _, e1 := syscall.Syscall6(procGetNamedPipeInfo.Addr(), 5, uintptr(pipe), uintptr(unsafe.Pointer(flags)), uintptr(unsafe.Pointer(outSize)), uintptr(unsafe.Pointer(inSize)), uintptr(unsafe.Pointer(maxInstances)), 0) + r1, _, e1 := syscall.SyscallN(procGetNamedPipeInfo.Addr(), uintptr(pipe), uintptr(unsafe.Pointer(flags)), uintptr(unsafe.Pointer(outSize)), uintptr(unsafe.Pointer(inSize)), uintptr(unsafe.Pointer(maxInstances))) if r1 == 0 { err = errnoErr(e1) } @@ -2474,7 +2474,7 @@ func GetNamedPipeInfo(pipe Handle, flags *uint32, outSize *uint32, inSize *uint3 } func GetNamedPipeServerProcessId(pipe Handle, serverProcessID *uint32) (err error) { - r1, _, e1 := syscall.Syscall(procGetNamedPipeServerProcessId.Addr(), 2, uintptr(pipe), uintptr(unsafe.Pointer(serverProcessID)), 0) + r1, _, e1 := syscall.SyscallN(procGetNamedPipeServerProcessId.Addr(), uintptr(pipe), uintptr(unsafe.Pointer(serverProcessID))) if r1 == 0 { err = errnoErr(e1) } @@ -2486,7 +2486,7 @@ func GetOverlappedResult(handle Handle, overlapped *Overlapped, done *uint32, wa if wait { _p0 = 1 } - r1, _, e1 := syscall.Syscall6(procGetOverlappedResult.Addr(), 4, uintptr(handle), uintptr(unsafe.Pointer(overlapped)), uintptr(unsafe.Pointer(done)), uintptr(_p0), 0, 0) + r1, _, e1 := syscall.SyscallN(procGetOverlappedResult.Addr(), uintptr(handle), uintptr(unsafe.Pointer(overlapped)), uintptr(unsafe.Pointer(done)), uintptr(_p0)) if r1 == 0 { err = errnoErr(e1) } @@ -2494,7 +2494,7 @@ func GetOverlappedResult(handle Handle, overlapped *Overlapped, done *uint32, wa } func GetPriorityClass(process Handle) (ret uint32, err error) { - r0, _, e1 := syscall.Syscall(procGetPriorityClass.Addr(), 1, uintptr(process), 0, 0) + r0, _, e1 := syscall.SyscallN(procGetPriorityClass.Addr(), uintptr(process)) ret = uint32(r0) if ret == 0 { err = errnoErr(e1) @@ -2512,7 +2512,7 @@ func GetProcAddress(module Handle, procname string) (proc uintptr, err error) { } func _GetProcAddress(module Handle, procname *byte) (proc uintptr, err error) { - r0, _, e1 := syscall.Syscall(procGetProcAddress.Addr(), 2, uintptr(module), uintptr(unsafe.Pointer(procname)), 0) + r0, _, e1 := syscall.SyscallN(procGetProcAddress.Addr(), uintptr(module), uintptr(unsafe.Pointer(procname))) proc = uintptr(r0) if proc == 0 { err = errnoErr(e1) @@ -2521,7 +2521,7 @@ func _GetProcAddress(module Handle, procname *byte) (proc uintptr, err error) { } func GetProcessId(process Handle) (id uint32, err error) { - r0, _, e1 := syscall.Syscall(procGetProcessId.Addr(), 1, uintptr(process), 0, 0) + r0, _, e1 := syscall.SyscallN(procGetProcessId.Addr(), uintptr(process)) id = uint32(r0) if id == 0 { err = errnoErr(e1) @@ -2530,7 +2530,7 @@ func GetProcessId(process Handle) (id uint32, err error) { } func getProcessPreferredUILanguages(flags uint32, numLanguages *uint32, buf *uint16, bufSize *uint32) (err error) { - r1, _, e1 := syscall.Syscall6(procGetProcessPreferredUILanguages.Addr(), 4, uintptr(flags), uintptr(unsafe.Pointer(numLanguages)), uintptr(unsafe.Pointer(buf)), uintptr(unsafe.Pointer(bufSize)), 0, 0) + r1, _, e1 := syscall.SyscallN(procGetProcessPreferredUILanguages.Addr(), uintptr(flags), uintptr(unsafe.Pointer(numLanguages)), uintptr(unsafe.Pointer(buf)), uintptr(unsafe.Pointer(bufSize))) if r1 == 0 { err = errnoErr(e1) } @@ -2538,7 +2538,7 @@ func getProcessPreferredUILanguages(flags uint32, numLanguages *uint32, buf *uin } func GetProcessShutdownParameters(level *uint32, flags *uint32) (err error) { - r1, _, e1 := syscall.Syscall(procGetProcessShutdownParameters.Addr(), 2, uintptr(unsafe.Pointer(level)), uintptr(unsafe.Pointer(flags)), 0) + r1, _, e1 := syscall.SyscallN(procGetProcessShutdownParameters.Addr(), uintptr(unsafe.Pointer(level)), uintptr(unsafe.Pointer(flags))) if r1 == 0 { err = errnoErr(e1) } @@ -2546,7 +2546,7 @@ func GetProcessShutdownParameters(level *uint32, flags *uint32) (err error) { } func GetProcessTimes(handle Handle, creationTime *Filetime, exitTime *Filetime, kernelTime *Filetime, userTime *Filetime) (err error) { - r1, _, e1 := syscall.Syscall6(procGetProcessTimes.Addr(), 5, uintptr(handle), uintptr(unsafe.Pointer(creationTime)), uintptr(unsafe.Pointer(exitTime)), uintptr(unsafe.Pointer(kernelTime)), uintptr(unsafe.Pointer(userTime)), 0) + r1, _, e1 := syscall.SyscallN(procGetProcessTimes.Addr(), uintptr(handle), uintptr(unsafe.Pointer(creationTime)), uintptr(unsafe.Pointer(exitTime)), uintptr(unsafe.Pointer(kernelTime)), uintptr(unsafe.Pointer(userTime))) if r1 == 0 { err = errnoErr(e1) } @@ -2554,12 +2554,12 @@ func GetProcessTimes(handle Handle, creationTime *Filetime, exitTime *Filetime, } func GetProcessWorkingSetSizeEx(hProcess Handle, lpMinimumWorkingSetSize *uintptr, lpMaximumWorkingSetSize *uintptr, flags *uint32) { - syscall.Syscall6(procGetProcessWorkingSetSizeEx.Addr(), 4, uintptr(hProcess), uintptr(unsafe.Pointer(lpMinimumWorkingSetSize)), uintptr(unsafe.Pointer(lpMaximumWorkingSetSize)), uintptr(unsafe.Pointer(flags)), 0, 0) + syscall.SyscallN(procGetProcessWorkingSetSizeEx.Addr(), uintptr(hProcess), uintptr(unsafe.Pointer(lpMinimumWorkingSetSize)), uintptr(unsafe.Pointer(lpMaximumWorkingSetSize)), uintptr(unsafe.Pointer(flags))) return } func GetQueuedCompletionStatus(cphandle Handle, qty *uint32, key *uintptr, overlapped **Overlapped, timeout uint32) (err error) { - r1, _, e1 := syscall.Syscall6(procGetQueuedCompletionStatus.Addr(), 5, uintptr(cphandle), uintptr(unsafe.Pointer(qty)), uintptr(unsafe.Pointer(key)), uintptr(unsafe.Pointer(overlapped)), uintptr(timeout), 0) + r1, _, e1 := syscall.SyscallN(procGetQueuedCompletionStatus.Addr(), uintptr(cphandle), uintptr(unsafe.Pointer(qty)), uintptr(unsafe.Pointer(key)), uintptr(unsafe.Pointer(overlapped)), uintptr(timeout)) if r1 == 0 { err = errnoErr(e1) } @@ -2567,7 +2567,7 @@ func GetQueuedCompletionStatus(cphandle Handle, qty *uint32, key *uintptr, overl } func GetShortPathName(longpath *uint16, shortpath *uint16, buflen uint32) (n uint32, err error) { - r0, _, e1 := syscall.Syscall(procGetShortPathNameW.Addr(), 3, uintptr(unsafe.Pointer(longpath)), uintptr(unsafe.Pointer(shortpath)), uintptr(buflen)) + r0, _, e1 := syscall.SyscallN(procGetShortPathNameW.Addr(), uintptr(unsafe.Pointer(longpath)), uintptr(unsafe.Pointer(shortpath)), uintptr(buflen)) n = uint32(r0) if n == 0 { err = errnoErr(e1) @@ -2576,12 +2576,12 @@ func GetShortPathName(longpath *uint16, shortpath *uint16, buflen uint32) (n uin } func getStartupInfo(startupInfo *StartupInfo) { - syscall.Syscall(procGetStartupInfoW.Addr(), 1, uintptr(unsafe.Pointer(startupInfo)), 0, 0) + syscall.SyscallN(procGetStartupInfoW.Addr(), uintptr(unsafe.Pointer(startupInfo))) return } func GetStdHandle(stdhandle uint32) (handle Handle, err error) { - r0, _, e1 := syscall.Syscall(procGetStdHandle.Addr(), 1, uintptr(stdhandle), 0, 0) + r0, _, e1 := syscall.SyscallN(procGetStdHandle.Addr(), uintptr(stdhandle)) handle = Handle(r0) if handle == InvalidHandle { err = errnoErr(e1) @@ -2590,7 +2590,7 @@ func GetStdHandle(stdhandle uint32) (handle Handle, err error) { } func getSystemDirectory(dir *uint16, dirLen uint32) (len uint32, err error) { - r0, _, e1 := syscall.Syscall(procGetSystemDirectoryW.Addr(), 2, uintptr(unsafe.Pointer(dir)), uintptr(dirLen), 0) + r0, _, e1 := syscall.SyscallN(procGetSystemDirectoryW.Addr(), uintptr(unsafe.Pointer(dir)), uintptr(dirLen)) len = uint32(r0) if len == 0 { err = errnoErr(e1) @@ -2599,7 +2599,7 @@ func getSystemDirectory(dir *uint16, dirLen uint32) (len uint32, err error) { } func getSystemPreferredUILanguages(flags uint32, numLanguages *uint32, buf *uint16, bufSize *uint32) (err error) { - r1, _, e1 := syscall.Syscall6(procGetSystemPreferredUILanguages.Addr(), 4, uintptr(flags), uintptr(unsafe.Pointer(numLanguages)), uintptr(unsafe.Pointer(buf)), uintptr(unsafe.Pointer(bufSize)), 0, 0) + r1, _, e1 := syscall.SyscallN(procGetSystemPreferredUILanguages.Addr(), uintptr(flags), uintptr(unsafe.Pointer(numLanguages)), uintptr(unsafe.Pointer(buf)), uintptr(unsafe.Pointer(bufSize))) if r1 == 0 { err = errnoErr(e1) } @@ -2607,17 +2607,17 @@ func getSystemPreferredUILanguages(flags uint32, numLanguages *uint32, buf *uint } func GetSystemTimeAsFileTime(time *Filetime) { - syscall.Syscall(procGetSystemTimeAsFileTime.Addr(), 1, uintptr(unsafe.Pointer(time)), 0, 0) + syscall.SyscallN(procGetSystemTimeAsFileTime.Addr(), uintptr(unsafe.Pointer(time))) return } func GetSystemTimePreciseAsFileTime(time *Filetime) { - syscall.Syscall(procGetSystemTimePreciseAsFileTime.Addr(), 1, uintptr(unsafe.Pointer(time)), 0, 0) + syscall.SyscallN(procGetSystemTimePreciseAsFileTime.Addr(), uintptr(unsafe.Pointer(time))) return } func getSystemWindowsDirectory(dir *uint16, dirLen uint32) (len uint32, err error) { - r0, _, e1 := syscall.Syscall(procGetSystemWindowsDirectoryW.Addr(), 2, uintptr(unsafe.Pointer(dir)), uintptr(dirLen), 0) + r0, _, e1 := syscall.SyscallN(procGetSystemWindowsDirectoryW.Addr(), uintptr(unsafe.Pointer(dir)), uintptr(dirLen)) len = uint32(r0) if len == 0 { err = errnoErr(e1) @@ -2626,7 +2626,7 @@ func getSystemWindowsDirectory(dir *uint16, dirLen uint32) (len uint32, err erro } func GetTempPath(buflen uint32, buf *uint16) (n uint32, err error) { - r0, _, e1 := syscall.Syscall(procGetTempPathW.Addr(), 2, uintptr(buflen), uintptr(unsafe.Pointer(buf)), 0) + r0, _, e1 := syscall.SyscallN(procGetTempPathW.Addr(), uintptr(buflen), uintptr(unsafe.Pointer(buf))) n = uint32(r0) if n == 0 { err = errnoErr(e1) @@ -2635,7 +2635,7 @@ func GetTempPath(buflen uint32, buf *uint16) (n uint32, err error) { } func getThreadPreferredUILanguages(flags uint32, numLanguages *uint32, buf *uint16, bufSize *uint32) (err error) { - r1, _, e1 := syscall.Syscall6(procGetThreadPreferredUILanguages.Addr(), 4, uintptr(flags), uintptr(unsafe.Pointer(numLanguages)), uintptr(unsafe.Pointer(buf)), uintptr(unsafe.Pointer(bufSize)), 0, 0) + r1, _, e1 := syscall.SyscallN(procGetThreadPreferredUILanguages.Addr(), uintptr(flags), uintptr(unsafe.Pointer(numLanguages)), uintptr(unsafe.Pointer(buf)), uintptr(unsafe.Pointer(bufSize))) if r1 == 0 { err = errnoErr(e1) } @@ -2643,13 +2643,13 @@ func getThreadPreferredUILanguages(flags uint32, numLanguages *uint32, buf *uint } func getTickCount64() (ms uint64) { - r0, _, _ := syscall.Syscall(procGetTickCount64.Addr(), 0, 0, 0, 0) + r0, _, _ := syscall.SyscallN(procGetTickCount64.Addr()) ms = uint64(r0) return } func GetTimeZoneInformation(tzi *Timezoneinformation) (rc uint32, err error) { - r0, _, e1 := syscall.Syscall(procGetTimeZoneInformation.Addr(), 1, uintptr(unsafe.Pointer(tzi)), 0, 0) + r0, _, e1 := syscall.SyscallN(procGetTimeZoneInformation.Addr(), uintptr(unsafe.Pointer(tzi))) rc = uint32(r0) if rc == 0xffffffff { err = errnoErr(e1) @@ -2658,7 +2658,7 @@ func GetTimeZoneInformation(tzi *Timezoneinformation) (rc uint32, err error) { } func getUserPreferredUILanguages(flags uint32, numLanguages *uint32, buf *uint16, bufSize *uint32) (err error) { - r1, _, e1 := syscall.Syscall6(procGetUserPreferredUILanguages.Addr(), 4, uintptr(flags), uintptr(unsafe.Pointer(numLanguages)), uintptr(unsafe.Pointer(buf)), uintptr(unsafe.Pointer(bufSize)), 0, 0) + r1, _, e1 := syscall.SyscallN(procGetUserPreferredUILanguages.Addr(), uintptr(flags), uintptr(unsafe.Pointer(numLanguages)), uintptr(unsafe.Pointer(buf)), uintptr(unsafe.Pointer(bufSize))) if r1 == 0 { err = errnoErr(e1) } @@ -2666,7 +2666,7 @@ func getUserPreferredUILanguages(flags uint32, numLanguages *uint32, buf *uint16 } func GetVersion() (ver uint32, err error) { - r0, _, e1 := syscall.Syscall(procGetVersion.Addr(), 0, 0, 0, 0) + r0, _, e1 := syscall.SyscallN(procGetVersion.Addr()) ver = uint32(r0) if ver == 0 { err = errnoErr(e1) @@ -2675,7 +2675,7 @@ func GetVersion() (ver uint32, err error) { } func GetVolumeInformationByHandle(file Handle, volumeNameBuffer *uint16, volumeNameSize uint32, volumeNameSerialNumber *uint32, maximumComponentLength *uint32, fileSystemFlags *uint32, fileSystemNameBuffer *uint16, fileSystemNameSize uint32) (err error) { - r1, _, e1 := syscall.Syscall9(procGetVolumeInformationByHandleW.Addr(), 8, uintptr(file), uintptr(unsafe.Pointer(volumeNameBuffer)), uintptr(volumeNameSize), uintptr(unsafe.Pointer(volumeNameSerialNumber)), uintptr(unsafe.Pointer(maximumComponentLength)), uintptr(unsafe.Pointer(fileSystemFlags)), uintptr(unsafe.Pointer(fileSystemNameBuffer)), uintptr(fileSystemNameSize), 0) + r1, _, e1 := syscall.SyscallN(procGetVolumeInformationByHandleW.Addr(), uintptr(file), uintptr(unsafe.Pointer(volumeNameBuffer)), uintptr(volumeNameSize), uintptr(unsafe.Pointer(volumeNameSerialNumber)), uintptr(unsafe.Pointer(maximumComponentLength)), uintptr(unsafe.Pointer(fileSystemFlags)), uintptr(unsafe.Pointer(fileSystemNameBuffer)), uintptr(fileSystemNameSize)) if r1 == 0 { err = errnoErr(e1) } @@ -2683,7 +2683,7 @@ func GetVolumeInformationByHandle(file Handle, volumeNameBuffer *uint16, volumeN } func GetVolumeInformation(rootPathName *uint16, volumeNameBuffer *uint16, volumeNameSize uint32, volumeNameSerialNumber *uint32, maximumComponentLength *uint32, fileSystemFlags *uint32, fileSystemNameBuffer *uint16, fileSystemNameSize uint32) (err error) { - r1, _, e1 := syscall.Syscall9(procGetVolumeInformationW.Addr(), 8, uintptr(unsafe.Pointer(rootPathName)), uintptr(unsafe.Pointer(volumeNameBuffer)), uintptr(volumeNameSize), uintptr(unsafe.Pointer(volumeNameSerialNumber)), uintptr(unsafe.Pointer(maximumComponentLength)), uintptr(unsafe.Pointer(fileSystemFlags)), uintptr(unsafe.Pointer(fileSystemNameBuffer)), uintptr(fileSystemNameSize), 0) + r1, _, e1 := syscall.SyscallN(procGetVolumeInformationW.Addr(), uintptr(unsafe.Pointer(rootPathName)), uintptr(unsafe.Pointer(volumeNameBuffer)), uintptr(volumeNameSize), uintptr(unsafe.Pointer(volumeNameSerialNumber)), uintptr(unsafe.Pointer(maximumComponentLength)), uintptr(unsafe.Pointer(fileSystemFlags)), uintptr(unsafe.Pointer(fileSystemNameBuffer)), uintptr(fileSystemNameSize)) if r1 == 0 { err = errnoErr(e1) } @@ -2691,7 +2691,7 @@ func GetVolumeInformation(rootPathName *uint16, volumeNameBuffer *uint16, volume } func GetVolumeNameForVolumeMountPoint(volumeMountPoint *uint16, volumeName *uint16, bufferlength uint32) (err error) { - r1, _, e1 := syscall.Syscall(procGetVolumeNameForVolumeMountPointW.Addr(), 3, uintptr(unsafe.Pointer(volumeMountPoint)), uintptr(unsafe.Pointer(volumeName)), uintptr(bufferlength)) + r1, _, e1 := syscall.SyscallN(procGetVolumeNameForVolumeMountPointW.Addr(), uintptr(unsafe.Pointer(volumeMountPoint)), uintptr(unsafe.Pointer(volumeName)), uintptr(bufferlength)) if r1 == 0 { err = errnoErr(e1) } @@ -2699,7 +2699,7 @@ func GetVolumeNameForVolumeMountPoint(volumeMountPoint *uint16, volumeName *uint } func GetVolumePathName(fileName *uint16, volumePathName *uint16, bufferLength uint32) (err error) { - r1, _, e1 := syscall.Syscall(procGetVolumePathNameW.Addr(), 3, uintptr(unsafe.Pointer(fileName)), uintptr(unsafe.Pointer(volumePathName)), uintptr(bufferLength)) + r1, _, e1 := syscall.SyscallN(procGetVolumePathNameW.Addr(), uintptr(unsafe.Pointer(fileName)), uintptr(unsafe.Pointer(volumePathName)), uintptr(bufferLength)) if r1 == 0 { err = errnoErr(e1) } @@ -2707,7 +2707,7 @@ func GetVolumePathName(fileName *uint16, volumePathName *uint16, bufferLength ui } func GetVolumePathNamesForVolumeName(volumeName *uint16, volumePathNames *uint16, bufferLength uint32, returnLength *uint32) (err error) { - r1, _, e1 := syscall.Syscall6(procGetVolumePathNamesForVolumeNameW.Addr(), 4, uintptr(unsafe.Pointer(volumeName)), uintptr(unsafe.Pointer(volumePathNames)), uintptr(bufferLength), uintptr(unsafe.Pointer(returnLength)), 0, 0) + r1, _, e1 := syscall.SyscallN(procGetVolumePathNamesForVolumeNameW.Addr(), uintptr(unsafe.Pointer(volumeName)), uintptr(unsafe.Pointer(volumePathNames)), uintptr(bufferLength), uintptr(unsafe.Pointer(returnLength))) if r1 == 0 { err = errnoErr(e1) } @@ -2715,7 +2715,7 @@ func GetVolumePathNamesForVolumeName(volumeName *uint16, volumePathNames *uint16 } func getWindowsDirectory(dir *uint16, dirLen uint32) (len uint32, err error) { - r0, _, e1 := syscall.Syscall(procGetWindowsDirectoryW.Addr(), 2, uintptr(unsafe.Pointer(dir)), uintptr(dirLen), 0) + r0, _, e1 := syscall.SyscallN(procGetWindowsDirectoryW.Addr(), uintptr(unsafe.Pointer(dir)), uintptr(dirLen)) len = uint32(r0) if len == 0 { err = errnoErr(e1) @@ -2724,7 +2724,7 @@ func getWindowsDirectory(dir *uint16, dirLen uint32) (len uint32, err error) { } func initializeProcThreadAttributeList(attrlist *ProcThreadAttributeList, attrcount uint32, flags uint32, size *uintptr) (err error) { - r1, _, e1 := syscall.Syscall6(procInitializeProcThreadAttributeList.Addr(), 4, uintptr(unsafe.Pointer(attrlist)), uintptr(attrcount), uintptr(flags), uintptr(unsafe.Pointer(size)), 0, 0) + r1, _, e1 := syscall.SyscallN(procInitializeProcThreadAttributeList.Addr(), uintptr(unsafe.Pointer(attrlist)), uintptr(attrcount), uintptr(flags), uintptr(unsafe.Pointer(size))) if r1 == 0 { err = errnoErr(e1) } @@ -2736,7 +2736,7 @@ func IsWow64Process(handle Handle, isWow64 *bool) (err error) { if *isWow64 { _p0 = 1 } - r1, _, e1 := syscall.Syscall(procIsWow64Process.Addr(), 2, uintptr(handle), uintptr(unsafe.Pointer(&_p0)), 0) + r1, _, e1 := syscall.SyscallN(procIsWow64Process.Addr(), uintptr(handle), uintptr(unsafe.Pointer(&_p0))) *isWow64 = _p0 != 0 if r1 == 0 { err = errnoErr(e1) @@ -2749,7 +2749,7 @@ func IsWow64Process2(handle Handle, processMachine *uint16, nativeMachine *uint1 if err != nil { return } - r1, _, e1 := syscall.Syscall(procIsWow64Process2.Addr(), 3, uintptr(handle), uintptr(unsafe.Pointer(processMachine)), uintptr(unsafe.Pointer(nativeMachine))) + r1, _, e1 := syscall.SyscallN(procIsWow64Process2.Addr(), uintptr(handle), uintptr(unsafe.Pointer(processMachine)), uintptr(unsafe.Pointer(nativeMachine))) if r1 == 0 { err = errnoErr(e1) } @@ -2766,7 +2766,7 @@ func LoadLibraryEx(libname string, zero Handle, flags uintptr) (handle Handle, e } func _LoadLibraryEx(libname *uint16, zero Handle, flags uintptr) (handle Handle, err error) { - r0, _, e1 := syscall.Syscall(procLoadLibraryExW.Addr(), 3, uintptr(unsafe.Pointer(libname)), uintptr(zero), uintptr(flags)) + r0, _, e1 := syscall.SyscallN(procLoadLibraryExW.Addr(), uintptr(unsafe.Pointer(libname)), uintptr(zero), uintptr(flags)) handle = Handle(r0) if handle == 0 { err = errnoErr(e1) @@ -2784,7 +2784,7 @@ func LoadLibrary(libname string) (handle Handle, err error) { } func _LoadLibrary(libname *uint16) (handle Handle, err error) { - r0, _, e1 := syscall.Syscall(procLoadLibraryW.Addr(), 1, uintptr(unsafe.Pointer(libname)), 0, 0) + r0, _, e1 := syscall.SyscallN(procLoadLibraryW.Addr(), uintptr(unsafe.Pointer(libname))) handle = Handle(r0) if handle == 0 { err = errnoErr(e1) @@ -2793,7 +2793,7 @@ func _LoadLibrary(libname *uint16) (handle Handle, err error) { } func LoadResource(module Handle, resInfo Handle) (resData Handle, err error) { - r0, _, e1 := syscall.Syscall(procLoadResource.Addr(), 2, uintptr(module), uintptr(resInfo), 0) + r0, _, e1 := syscall.SyscallN(procLoadResource.Addr(), uintptr(module), uintptr(resInfo)) resData = Handle(r0) if resData == 0 { err = errnoErr(e1) @@ -2802,7 +2802,7 @@ func LoadResource(module Handle, resInfo Handle) (resData Handle, err error) { } func LocalAlloc(flags uint32, length uint32) (ptr uintptr, err error) { - r0, _, e1 := syscall.Syscall(procLocalAlloc.Addr(), 2, uintptr(flags), uintptr(length), 0) + r0, _, e1 := syscall.SyscallN(procLocalAlloc.Addr(), uintptr(flags), uintptr(length)) ptr = uintptr(r0) if ptr == 0 { err = errnoErr(e1) @@ -2811,7 +2811,7 @@ func LocalAlloc(flags uint32, length uint32) (ptr uintptr, err error) { } func LocalFree(hmem Handle) (handle Handle, err error) { - r0, _, e1 := syscall.Syscall(procLocalFree.Addr(), 1, uintptr(hmem), 0, 0) + r0, _, e1 := syscall.SyscallN(procLocalFree.Addr(), uintptr(hmem)) handle = Handle(r0) if handle != 0 { err = errnoErr(e1) @@ -2820,7 +2820,7 @@ func LocalFree(hmem Handle) (handle Handle, err error) { } func LockFileEx(file Handle, flags uint32, reserved uint32, bytesLow uint32, bytesHigh uint32, overlapped *Overlapped) (err error) { - r1, _, e1 := syscall.Syscall6(procLockFileEx.Addr(), 6, uintptr(file), uintptr(flags), uintptr(reserved), uintptr(bytesLow), uintptr(bytesHigh), uintptr(unsafe.Pointer(overlapped))) + r1, _, e1 := syscall.SyscallN(procLockFileEx.Addr(), uintptr(file), uintptr(flags), uintptr(reserved), uintptr(bytesLow), uintptr(bytesHigh), uintptr(unsafe.Pointer(overlapped))) if r1 == 0 { err = errnoErr(e1) } @@ -2828,7 +2828,7 @@ func LockFileEx(file Handle, flags uint32, reserved uint32, bytesLow uint32, byt } func LockResource(resData Handle) (addr uintptr, err error) { - r0, _, e1 := syscall.Syscall(procLockResource.Addr(), 1, uintptr(resData), 0, 0) + r0, _, e1 := syscall.SyscallN(procLockResource.Addr(), uintptr(resData)) addr = uintptr(r0) if addr == 0 { err = errnoErr(e1) @@ -2837,7 +2837,7 @@ func LockResource(resData Handle) (addr uintptr, err error) { } func MapViewOfFile(handle Handle, access uint32, offsetHigh uint32, offsetLow uint32, length uintptr) (addr uintptr, err error) { - r0, _, e1 := syscall.Syscall6(procMapViewOfFile.Addr(), 5, uintptr(handle), uintptr(access), uintptr(offsetHigh), uintptr(offsetLow), uintptr(length), 0) + r0, _, e1 := syscall.SyscallN(procMapViewOfFile.Addr(), uintptr(handle), uintptr(access), uintptr(offsetHigh), uintptr(offsetLow), uintptr(length)) addr = uintptr(r0) if addr == 0 { err = errnoErr(e1) @@ -2846,7 +2846,7 @@ func MapViewOfFile(handle Handle, access uint32, offsetHigh uint32, offsetLow ui } func Module32First(snapshot Handle, moduleEntry *ModuleEntry32) (err error) { - r1, _, e1 := syscall.Syscall(procModule32FirstW.Addr(), 2, uintptr(snapshot), uintptr(unsafe.Pointer(moduleEntry)), 0) + r1, _, e1 := syscall.SyscallN(procModule32FirstW.Addr(), uintptr(snapshot), uintptr(unsafe.Pointer(moduleEntry))) if r1 == 0 { err = errnoErr(e1) } @@ -2854,7 +2854,7 @@ func Module32First(snapshot Handle, moduleEntry *ModuleEntry32) (err error) { } func Module32Next(snapshot Handle, moduleEntry *ModuleEntry32) (err error) { - r1, _, e1 := syscall.Syscall(procModule32NextW.Addr(), 2, uintptr(snapshot), uintptr(unsafe.Pointer(moduleEntry)), 0) + r1, _, e1 := syscall.SyscallN(procModule32NextW.Addr(), uintptr(snapshot), uintptr(unsafe.Pointer(moduleEntry))) if r1 == 0 { err = errnoErr(e1) } @@ -2862,7 +2862,7 @@ func Module32Next(snapshot Handle, moduleEntry *ModuleEntry32) (err error) { } func MoveFileEx(from *uint16, to *uint16, flags uint32) (err error) { - r1, _, e1 := syscall.Syscall(procMoveFileExW.Addr(), 3, uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(to)), uintptr(flags)) + r1, _, e1 := syscall.SyscallN(procMoveFileExW.Addr(), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(to)), uintptr(flags)) if r1 == 0 { err = errnoErr(e1) } @@ -2870,7 +2870,7 @@ func MoveFileEx(from *uint16, to *uint16, flags uint32) (err error) { } func MoveFile(from *uint16, to *uint16) (err error) { - r1, _, e1 := syscall.Syscall(procMoveFileW.Addr(), 2, uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(to)), 0) + r1, _, e1 := syscall.SyscallN(procMoveFileW.Addr(), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(to))) if r1 == 0 { err = errnoErr(e1) } @@ -2878,7 +2878,7 @@ func MoveFile(from *uint16, to *uint16) (err error) { } func MultiByteToWideChar(codePage uint32, dwFlags uint32, str *byte, nstr int32, wchar *uint16, nwchar int32) (nwrite int32, err error) { - r0, _, e1 := syscall.Syscall6(procMultiByteToWideChar.Addr(), 6, uintptr(codePage), uintptr(dwFlags), uintptr(unsafe.Pointer(str)), uintptr(nstr), uintptr(unsafe.Pointer(wchar)), uintptr(nwchar)) + r0, _, e1 := syscall.SyscallN(procMultiByteToWideChar.Addr(), uintptr(codePage), uintptr(dwFlags), uintptr(unsafe.Pointer(str)), uintptr(nstr), uintptr(unsafe.Pointer(wchar)), uintptr(nwchar)) nwrite = int32(r0) if nwrite == 0 { err = errnoErr(e1) @@ -2891,7 +2891,7 @@ func OpenEvent(desiredAccess uint32, inheritHandle bool, name *uint16) (handle H if inheritHandle { _p0 = 1 } - r0, _, e1 := syscall.Syscall(procOpenEventW.Addr(), 3, uintptr(desiredAccess), uintptr(_p0), uintptr(unsafe.Pointer(name))) + r0, _, e1 := syscall.SyscallN(procOpenEventW.Addr(), uintptr(desiredAccess), uintptr(_p0), uintptr(unsafe.Pointer(name))) handle = Handle(r0) if handle == 0 { err = errnoErr(e1) @@ -2904,7 +2904,7 @@ func OpenMutex(desiredAccess uint32, inheritHandle bool, name *uint16) (handle H if inheritHandle { _p0 = 1 } - r0, _, e1 := syscall.Syscall(procOpenMutexW.Addr(), 3, uintptr(desiredAccess), uintptr(_p0), uintptr(unsafe.Pointer(name))) + r0, _, e1 := syscall.SyscallN(procOpenMutexW.Addr(), uintptr(desiredAccess), uintptr(_p0), uintptr(unsafe.Pointer(name))) handle = Handle(r0) if handle == 0 { err = errnoErr(e1) @@ -2917,7 +2917,7 @@ func OpenProcess(desiredAccess uint32, inheritHandle bool, processId uint32) (ha if inheritHandle { _p0 = 1 } - r0, _, e1 := syscall.Syscall(procOpenProcess.Addr(), 3, uintptr(desiredAccess), uintptr(_p0), uintptr(processId)) + r0, _, e1 := syscall.SyscallN(procOpenProcess.Addr(), uintptr(desiredAccess), uintptr(_p0), uintptr(processId)) handle = Handle(r0) if handle == 0 { err = errnoErr(e1) @@ -2930,7 +2930,7 @@ func OpenThread(desiredAccess uint32, inheritHandle bool, threadId uint32) (hand if inheritHandle { _p0 = 1 } - r0, _, e1 := syscall.Syscall(procOpenThread.Addr(), 3, uintptr(desiredAccess), uintptr(_p0), uintptr(threadId)) + r0, _, e1 := syscall.SyscallN(procOpenThread.Addr(), uintptr(desiredAccess), uintptr(_p0), uintptr(threadId)) handle = Handle(r0) if handle == 0 { err = errnoErr(e1) @@ -2939,7 +2939,7 @@ func OpenThread(desiredAccess uint32, inheritHandle bool, threadId uint32) (hand } func PostQueuedCompletionStatus(cphandle Handle, qty uint32, key uintptr, overlapped *Overlapped) (err error) { - r1, _, e1 := syscall.Syscall6(procPostQueuedCompletionStatus.Addr(), 4, uintptr(cphandle), uintptr(qty), uintptr(key), uintptr(unsafe.Pointer(overlapped)), 0, 0) + r1, _, e1 := syscall.SyscallN(procPostQueuedCompletionStatus.Addr(), uintptr(cphandle), uintptr(qty), uintptr(key), uintptr(unsafe.Pointer(overlapped))) if r1 == 0 { err = errnoErr(e1) } @@ -2947,7 +2947,7 @@ func PostQueuedCompletionStatus(cphandle Handle, qty uint32, key uintptr, overla } func Process32First(snapshot Handle, procEntry *ProcessEntry32) (err error) { - r1, _, e1 := syscall.Syscall(procProcess32FirstW.Addr(), 2, uintptr(snapshot), uintptr(unsafe.Pointer(procEntry)), 0) + r1, _, e1 := syscall.SyscallN(procProcess32FirstW.Addr(), uintptr(snapshot), uintptr(unsafe.Pointer(procEntry))) if r1 == 0 { err = errnoErr(e1) } @@ -2955,7 +2955,7 @@ func Process32First(snapshot Handle, procEntry *ProcessEntry32) (err error) { } func Process32Next(snapshot Handle, procEntry *ProcessEntry32) (err error) { - r1, _, e1 := syscall.Syscall(procProcess32NextW.Addr(), 2, uintptr(snapshot), uintptr(unsafe.Pointer(procEntry)), 0) + r1, _, e1 := syscall.SyscallN(procProcess32NextW.Addr(), uintptr(snapshot), uintptr(unsafe.Pointer(procEntry))) if r1 == 0 { err = errnoErr(e1) } @@ -2963,7 +2963,7 @@ func Process32Next(snapshot Handle, procEntry *ProcessEntry32) (err error) { } func ProcessIdToSessionId(pid uint32, sessionid *uint32) (err error) { - r1, _, e1 := syscall.Syscall(procProcessIdToSessionId.Addr(), 2, uintptr(pid), uintptr(unsafe.Pointer(sessionid)), 0) + r1, _, e1 := syscall.SyscallN(procProcessIdToSessionId.Addr(), uintptr(pid), uintptr(unsafe.Pointer(sessionid))) if r1 == 0 { err = errnoErr(e1) } @@ -2971,7 +2971,7 @@ func ProcessIdToSessionId(pid uint32, sessionid *uint32) (err error) { } func PulseEvent(event Handle) (err error) { - r1, _, e1 := syscall.Syscall(procPulseEvent.Addr(), 1, uintptr(event), 0, 0) + r1, _, e1 := syscall.SyscallN(procPulseEvent.Addr(), uintptr(event)) if r1 == 0 { err = errnoErr(e1) } @@ -2979,7 +2979,7 @@ func PulseEvent(event Handle) (err error) { } func PurgeComm(handle Handle, dwFlags uint32) (err error) { - r1, _, e1 := syscall.Syscall(procPurgeComm.Addr(), 2, uintptr(handle), uintptr(dwFlags), 0) + r1, _, e1 := syscall.SyscallN(procPurgeComm.Addr(), uintptr(handle), uintptr(dwFlags)) if r1 == 0 { err = errnoErr(e1) } @@ -2987,7 +2987,7 @@ func PurgeComm(handle Handle, dwFlags uint32) (err error) { } func QueryDosDevice(deviceName *uint16, targetPath *uint16, max uint32) (n uint32, err error) { - r0, _, e1 := syscall.Syscall(procQueryDosDeviceW.Addr(), 3, uintptr(unsafe.Pointer(deviceName)), uintptr(unsafe.Pointer(targetPath)), uintptr(max)) + r0, _, e1 := syscall.SyscallN(procQueryDosDeviceW.Addr(), uintptr(unsafe.Pointer(deviceName)), uintptr(unsafe.Pointer(targetPath)), uintptr(max)) n = uint32(r0) if n == 0 { err = errnoErr(e1) @@ -2996,7 +2996,7 @@ func QueryDosDevice(deviceName *uint16, targetPath *uint16, max uint32) (n uint3 } func QueryFullProcessImageName(proc Handle, flags uint32, exeName *uint16, size *uint32) (err error) { - r1, _, e1 := syscall.Syscall6(procQueryFullProcessImageNameW.Addr(), 4, uintptr(proc), uintptr(flags), uintptr(unsafe.Pointer(exeName)), uintptr(unsafe.Pointer(size)), 0, 0) + r1, _, e1 := syscall.SyscallN(procQueryFullProcessImageNameW.Addr(), uintptr(proc), uintptr(flags), uintptr(unsafe.Pointer(exeName)), uintptr(unsafe.Pointer(size))) if r1 == 0 { err = errnoErr(e1) } @@ -3004,7 +3004,7 @@ func QueryFullProcessImageName(proc Handle, flags uint32, exeName *uint16, size } func QueryInformationJobObject(job Handle, JobObjectInformationClass int32, JobObjectInformation uintptr, JobObjectInformationLength uint32, retlen *uint32) (err error) { - r1, _, e1 := syscall.Syscall6(procQueryInformationJobObject.Addr(), 5, uintptr(job), uintptr(JobObjectInformationClass), uintptr(JobObjectInformation), uintptr(JobObjectInformationLength), uintptr(unsafe.Pointer(retlen)), 0) + r1, _, e1 := syscall.SyscallN(procQueryInformationJobObject.Addr(), uintptr(job), uintptr(JobObjectInformationClass), uintptr(JobObjectInformation), uintptr(JobObjectInformationLength), uintptr(unsafe.Pointer(retlen))) if r1 == 0 { err = errnoErr(e1) } @@ -3012,7 +3012,7 @@ func QueryInformationJobObject(job Handle, JobObjectInformationClass int32, JobO } func ReadConsole(console Handle, buf *uint16, toread uint32, read *uint32, inputControl *byte) (err error) { - r1, _, e1 := syscall.Syscall6(procReadConsoleW.Addr(), 5, uintptr(console), uintptr(unsafe.Pointer(buf)), uintptr(toread), uintptr(unsafe.Pointer(read)), uintptr(unsafe.Pointer(inputControl)), 0) + r1, _, e1 := syscall.SyscallN(procReadConsoleW.Addr(), uintptr(console), uintptr(unsafe.Pointer(buf)), uintptr(toread), uintptr(unsafe.Pointer(read)), uintptr(unsafe.Pointer(inputControl))) if r1 == 0 { err = errnoErr(e1) } @@ -3024,7 +3024,7 @@ func ReadDirectoryChanges(handle Handle, buf *byte, buflen uint32, watchSubTree if watchSubTree { _p0 = 1 } - r1, _, e1 := syscall.Syscall9(procReadDirectoryChangesW.Addr(), 8, uintptr(handle), uintptr(unsafe.Pointer(buf)), uintptr(buflen), uintptr(_p0), uintptr(mask), uintptr(unsafe.Pointer(retlen)), uintptr(unsafe.Pointer(overlapped)), uintptr(completionRoutine), 0) + r1, _, e1 := syscall.SyscallN(procReadDirectoryChangesW.Addr(), uintptr(handle), uintptr(unsafe.Pointer(buf)), uintptr(buflen), uintptr(_p0), uintptr(mask), uintptr(unsafe.Pointer(retlen)), uintptr(unsafe.Pointer(overlapped)), uintptr(completionRoutine)) if r1 == 0 { err = errnoErr(e1) } @@ -3036,7 +3036,7 @@ func readFile(handle Handle, buf []byte, done *uint32, overlapped *Overlapped) ( if len(buf) > 0 { _p0 = &buf[0] } - r1, _, e1 := syscall.Syscall6(procReadFile.Addr(), 5, uintptr(handle), uintptr(unsafe.Pointer(_p0)), uintptr(len(buf)), uintptr(unsafe.Pointer(done)), uintptr(unsafe.Pointer(overlapped)), 0) + r1, _, e1 := syscall.SyscallN(procReadFile.Addr(), uintptr(handle), uintptr(unsafe.Pointer(_p0)), uintptr(len(buf)), uintptr(unsafe.Pointer(done)), uintptr(unsafe.Pointer(overlapped))) if r1 == 0 { err = errnoErr(e1) } @@ -3044,7 +3044,7 @@ func readFile(handle Handle, buf []byte, done *uint32, overlapped *Overlapped) ( } func ReadProcessMemory(process Handle, baseAddress uintptr, buffer *byte, size uintptr, numberOfBytesRead *uintptr) (err error) { - r1, _, e1 := syscall.Syscall6(procReadProcessMemory.Addr(), 5, uintptr(process), uintptr(baseAddress), uintptr(unsafe.Pointer(buffer)), uintptr(size), uintptr(unsafe.Pointer(numberOfBytesRead)), 0) + r1, _, e1 := syscall.SyscallN(procReadProcessMemory.Addr(), uintptr(process), uintptr(baseAddress), uintptr(unsafe.Pointer(buffer)), uintptr(size), uintptr(unsafe.Pointer(numberOfBytesRead))) if r1 == 0 { err = errnoErr(e1) } @@ -3052,7 +3052,7 @@ func ReadProcessMemory(process Handle, baseAddress uintptr, buffer *byte, size u } func ReleaseMutex(mutex Handle) (err error) { - r1, _, e1 := syscall.Syscall(procReleaseMutex.Addr(), 1, uintptr(mutex), 0, 0) + r1, _, e1 := syscall.SyscallN(procReleaseMutex.Addr(), uintptr(mutex)) if r1 == 0 { err = errnoErr(e1) } @@ -3060,7 +3060,7 @@ func ReleaseMutex(mutex Handle) (err error) { } func RemoveDirectory(path *uint16) (err error) { - r1, _, e1 := syscall.Syscall(procRemoveDirectoryW.Addr(), 1, uintptr(unsafe.Pointer(path)), 0, 0) + r1, _, e1 := syscall.SyscallN(procRemoveDirectoryW.Addr(), uintptr(unsafe.Pointer(path))) if r1 == 0 { err = errnoErr(e1) } @@ -3068,7 +3068,7 @@ func RemoveDirectory(path *uint16) (err error) { } func RemoveDllDirectory(cookie uintptr) (err error) { - r1, _, e1 := syscall.Syscall(procRemoveDllDirectory.Addr(), 1, uintptr(cookie), 0, 0) + r1, _, e1 := syscall.SyscallN(procRemoveDllDirectory.Addr(), uintptr(cookie)) if r1 == 0 { err = errnoErr(e1) } @@ -3076,7 +3076,7 @@ func RemoveDllDirectory(cookie uintptr) (err error) { } func ResetEvent(event Handle) (err error) { - r1, _, e1 := syscall.Syscall(procResetEvent.Addr(), 1, uintptr(event), 0, 0) + r1, _, e1 := syscall.SyscallN(procResetEvent.Addr(), uintptr(event)) if r1 == 0 { err = errnoErr(e1) } @@ -3084,7 +3084,7 @@ func ResetEvent(event Handle) (err error) { } func resizePseudoConsole(pconsole Handle, size uint32) (hr error) { - r0, _, _ := syscall.Syscall(procResizePseudoConsole.Addr(), 2, uintptr(pconsole), uintptr(size), 0) + r0, _, _ := syscall.SyscallN(procResizePseudoConsole.Addr(), uintptr(pconsole), uintptr(size)) if r0 != 0 { hr = syscall.Errno(r0) } @@ -3092,7 +3092,7 @@ func resizePseudoConsole(pconsole Handle, size uint32) (hr error) { } func ResumeThread(thread Handle) (ret uint32, err error) { - r0, _, e1 := syscall.Syscall(procResumeThread.Addr(), 1, uintptr(thread), 0, 0) + r0, _, e1 := syscall.SyscallN(procResumeThread.Addr(), uintptr(thread)) ret = uint32(r0) if ret == 0xffffffff { err = errnoErr(e1) @@ -3101,7 +3101,7 @@ func ResumeThread(thread Handle) (ret uint32, err error) { } func SetCommBreak(handle Handle) (err error) { - r1, _, e1 := syscall.Syscall(procSetCommBreak.Addr(), 1, uintptr(handle), 0, 0) + r1, _, e1 := syscall.SyscallN(procSetCommBreak.Addr(), uintptr(handle)) if r1 == 0 { err = errnoErr(e1) } @@ -3109,7 +3109,7 @@ func SetCommBreak(handle Handle) (err error) { } func SetCommMask(handle Handle, dwEvtMask uint32) (err error) { - r1, _, e1 := syscall.Syscall(procSetCommMask.Addr(), 2, uintptr(handle), uintptr(dwEvtMask), 0) + r1, _, e1 := syscall.SyscallN(procSetCommMask.Addr(), uintptr(handle), uintptr(dwEvtMask)) if r1 == 0 { err = errnoErr(e1) } @@ -3117,7 +3117,7 @@ func SetCommMask(handle Handle, dwEvtMask uint32) (err error) { } func SetCommState(handle Handle, lpDCB *DCB) (err error) { - r1, _, e1 := syscall.Syscall(procSetCommState.Addr(), 2, uintptr(handle), uintptr(unsafe.Pointer(lpDCB)), 0) + r1, _, e1 := syscall.SyscallN(procSetCommState.Addr(), uintptr(handle), uintptr(unsafe.Pointer(lpDCB))) if r1 == 0 { err = errnoErr(e1) } @@ -3125,7 +3125,7 @@ func SetCommState(handle Handle, lpDCB *DCB) (err error) { } func SetCommTimeouts(handle Handle, timeouts *CommTimeouts) (err error) { - r1, _, e1 := syscall.Syscall(procSetCommTimeouts.Addr(), 2, uintptr(handle), uintptr(unsafe.Pointer(timeouts)), 0) + r1, _, e1 := syscall.SyscallN(procSetCommTimeouts.Addr(), uintptr(handle), uintptr(unsafe.Pointer(timeouts))) if r1 == 0 { err = errnoErr(e1) } @@ -3133,7 +3133,7 @@ func SetCommTimeouts(handle Handle, timeouts *CommTimeouts) (err error) { } func SetConsoleCP(cp uint32) (err error) { - r1, _, e1 := syscall.Syscall(procSetConsoleCP.Addr(), 1, uintptr(cp), 0, 0) + r1, _, e1 := syscall.SyscallN(procSetConsoleCP.Addr(), uintptr(cp)) if r1 == 0 { err = errnoErr(e1) } @@ -3141,7 +3141,7 @@ func SetConsoleCP(cp uint32) (err error) { } func setConsoleCursorPosition(console Handle, position uint32) (err error) { - r1, _, e1 := syscall.Syscall(procSetConsoleCursorPosition.Addr(), 2, uintptr(console), uintptr(position), 0) + r1, _, e1 := syscall.SyscallN(procSetConsoleCursorPosition.Addr(), uintptr(console), uintptr(position)) if r1 == 0 { err = errnoErr(e1) } @@ -3149,7 +3149,7 @@ func setConsoleCursorPosition(console Handle, position uint32) (err error) { } func SetConsoleMode(console Handle, mode uint32) (err error) { - r1, _, e1 := syscall.Syscall(procSetConsoleMode.Addr(), 2, uintptr(console), uintptr(mode), 0) + r1, _, e1 := syscall.SyscallN(procSetConsoleMode.Addr(), uintptr(console), uintptr(mode)) if r1 == 0 { err = errnoErr(e1) } @@ -3157,7 +3157,7 @@ func SetConsoleMode(console Handle, mode uint32) (err error) { } func SetConsoleOutputCP(cp uint32) (err error) { - r1, _, e1 := syscall.Syscall(procSetConsoleOutputCP.Addr(), 1, uintptr(cp), 0, 0) + r1, _, e1 := syscall.SyscallN(procSetConsoleOutputCP.Addr(), uintptr(cp)) if r1 == 0 { err = errnoErr(e1) } @@ -3165,7 +3165,7 @@ func SetConsoleOutputCP(cp uint32) (err error) { } func SetCurrentDirectory(path *uint16) (err error) { - r1, _, e1 := syscall.Syscall(procSetCurrentDirectoryW.Addr(), 1, uintptr(unsafe.Pointer(path)), 0, 0) + r1, _, e1 := syscall.SyscallN(procSetCurrentDirectoryW.Addr(), uintptr(unsafe.Pointer(path))) if r1 == 0 { err = errnoErr(e1) } @@ -3173,7 +3173,7 @@ func SetCurrentDirectory(path *uint16) (err error) { } func SetDefaultDllDirectories(directoryFlags uint32) (err error) { - r1, _, e1 := syscall.Syscall(procSetDefaultDllDirectories.Addr(), 1, uintptr(directoryFlags), 0, 0) + r1, _, e1 := syscall.SyscallN(procSetDefaultDllDirectories.Addr(), uintptr(directoryFlags)) if r1 == 0 { err = errnoErr(e1) } @@ -3190,7 +3190,7 @@ func SetDllDirectory(path string) (err error) { } func _SetDllDirectory(path *uint16) (err error) { - r1, _, e1 := syscall.Syscall(procSetDllDirectoryW.Addr(), 1, uintptr(unsafe.Pointer(path)), 0, 0) + r1, _, e1 := syscall.SyscallN(procSetDllDirectoryW.Addr(), uintptr(unsafe.Pointer(path))) if r1 == 0 { err = errnoErr(e1) } @@ -3198,7 +3198,7 @@ func _SetDllDirectory(path *uint16) (err error) { } func SetEndOfFile(handle Handle) (err error) { - r1, _, e1 := syscall.Syscall(procSetEndOfFile.Addr(), 1, uintptr(handle), 0, 0) + r1, _, e1 := syscall.SyscallN(procSetEndOfFile.Addr(), uintptr(handle)) if r1 == 0 { err = errnoErr(e1) } @@ -3206,7 +3206,7 @@ func SetEndOfFile(handle Handle) (err error) { } func SetEnvironmentVariable(name *uint16, value *uint16) (err error) { - r1, _, e1 := syscall.Syscall(procSetEnvironmentVariableW.Addr(), 2, uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(value)), 0) + r1, _, e1 := syscall.SyscallN(procSetEnvironmentVariableW.Addr(), uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(value))) if r1 == 0 { err = errnoErr(e1) } @@ -3214,13 +3214,13 @@ func SetEnvironmentVariable(name *uint16, value *uint16) (err error) { } func SetErrorMode(mode uint32) (ret uint32) { - r0, _, _ := syscall.Syscall(procSetErrorMode.Addr(), 1, uintptr(mode), 0, 0) + r0, _, _ := syscall.SyscallN(procSetErrorMode.Addr(), uintptr(mode)) ret = uint32(r0) return } func SetEvent(event Handle) (err error) { - r1, _, e1 := syscall.Syscall(procSetEvent.Addr(), 1, uintptr(event), 0, 0) + r1, _, e1 := syscall.SyscallN(procSetEvent.Addr(), uintptr(event)) if r1 == 0 { err = errnoErr(e1) } @@ -3228,7 +3228,7 @@ func SetEvent(event Handle) (err error) { } func SetFileAttributes(name *uint16, attrs uint32) (err error) { - r1, _, e1 := syscall.Syscall(procSetFileAttributesW.Addr(), 2, uintptr(unsafe.Pointer(name)), uintptr(attrs), 0) + r1, _, e1 := syscall.SyscallN(procSetFileAttributesW.Addr(), uintptr(unsafe.Pointer(name)), uintptr(attrs)) if r1 == 0 { err = errnoErr(e1) } @@ -3236,7 +3236,7 @@ func SetFileAttributes(name *uint16, attrs uint32) (err error) { } func SetFileCompletionNotificationModes(handle Handle, flags uint8) (err error) { - r1, _, e1 := syscall.Syscall(procSetFileCompletionNotificationModes.Addr(), 2, uintptr(handle), uintptr(flags), 0) + r1, _, e1 := syscall.SyscallN(procSetFileCompletionNotificationModes.Addr(), uintptr(handle), uintptr(flags)) if r1 == 0 { err = errnoErr(e1) } @@ -3244,7 +3244,7 @@ func SetFileCompletionNotificationModes(handle Handle, flags uint8) (err error) } func SetFileInformationByHandle(handle Handle, class uint32, inBuffer *byte, inBufferLen uint32) (err error) { - r1, _, e1 := syscall.Syscall6(procSetFileInformationByHandle.Addr(), 4, uintptr(handle), uintptr(class), uintptr(unsafe.Pointer(inBuffer)), uintptr(inBufferLen), 0, 0) + r1, _, e1 := syscall.SyscallN(procSetFileInformationByHandle.Addr(), uintptr(handle), uintptr(class), uintptr(unsafe.Pointer(inBuffer)), uintptr(inBufferLen)) if r1 == 0 { err = errnoErr(e1) } @@ -3252,7 +3252,7 @@ func SetFileInformationByHandle(handle Handle, class uint32, inBuffer *byte, inB } func SetFilePointer(handle Handle, lowoffset int32, highoffsetptr *int32, whence uint32) (newlowoffset uint32, err error) { - r0, _, e1 := syscall.Syscall6(procSetFilePointer.Addr(), 4, uintptr(handle), uintptr(lowoffset), uintptr(unsafe.Pointer(highoffsetptr)), uintptr(whence), 0, 0) + r0, _, e1 := syscall.SyscallN(procSetFilePointer.Addr(), uintptr(handle), uintptr(lowoffset), uintptr(unsafe.Pointer(highoffsetptr)), uintptr(whence)) newlowoffset = uint32(r0) if newlowoffset == 0xffffffff { err = errnoErr(e1) @@ -3261,7 +3261,7 @@ func SetFilePointer(handle Handle, lowoffset int32, highoffsetptr *int32, whence } func SetFileTime(handle Handle, ctime *Filetime, atime *Filetime, wtime *Filetime) (err error) { - r1, _, e1 := syscall.Syscall6(procSetFileTime.Addr(), 4, uintptr(handle), uintptr(unsafe.Pointer(ctime)), uintptr(unsafe.Pointer(atime)), uintptr(unsafe.Pointer(wtime)), 0, 0) + r1, _, e1 := syscall.SyscallN(procSetFileTime.Addr(), uintptr(handle), uintptr(unsafe.Pointer(ctime)), uintptr(unsafe.Pointer(atime)), uintptr(unsafe.Pointer(wtime))) if r1 == 0 { err = errnoErr(e1) } @@ -3269,7 +3269,7 @@ func SetFileTime(handle Handle, ctime *Filetime, atime *Filetime, wtime *Filetim } func SetFileValidData(handle Handle, validDataLength int64) (err error) { - r1, _, e1 := syscall.Syscall(procSetFileValidData.Addr(), 2, uintptr(handle), uintptr(validDataLength), 0) + r1, _, e1 := syscall.SyscallN(procSetFileValidData.Addr(), uintptr(handle), uintptr(validDataLength)) if r1 == 0 { err = errnoErr(e1) } @@ -3277,7 +3277,7 @@ func SetFileValidData(handle Handle, validDataLength int64) (err error) { } func SetHandleInformation(handle Handle, mask uint32, flags uint32) (err error) { - r1, _, e1 := syscall.Syscall(procSetHandleInformation.Addr(), 3, uintptr(handle), uintptr(mask), uintptr(flags)) + r1, _, e1 := syscall.SyscallN(procSetHandleInformation.Addr(), uintptr(handle), uintptr(mask), uintptr(flags)) if r1 == 0 { err = errnoErr(e1) } @@ -3285,7 +3285,7 @@ func SetHandleInformation(handle Handle, mask uint32, flags uint32) (err error) } func SetInformationJobObject(job Handle, JobObjectInformationClass uint32, JobObjectInformation uintptr, JobObjectInformationLength uint32) (ret int, err error) { - r0, _, e1 := syscall.Syscall6(procSetInformationJobObject.Addr(), 4, uintptr(job), uintptr(JobObjectInformationClass), uintptr(JobObjectInformation), uintptr(JobObjectInformationLength), 0, 0) + r0, _, e1 := syscall.SyscallN(procSetInformationJobObject.Addr(), uintptr(job), uintptr(JobObjectInformationClass), uintptr(JobObjectInformation), uintptr(JobObjectInformationLength)) ret = int(r0) if ret == 0 { err = errnoErr(e1) @@ -3294,7 +3294,7 @@ func SetInformationJobObject(job Handle, JobObjectInformationClass uint32, JobOb } func SetNamedPipeHandleState(pipe Handle, state *uint32, maxCollectionCount *uint32, collectDataTimeout *uint32) (err error) { - r1, _, e1 := syscall.Syscall6(procSetNamedPipeHandleState.Addr(), 4, uintptr(pipe), uintptr(unsafe.Pointer(state)), uintptr(unsafe.Pointer(maxCollectionCount)), uintptr(unsafe.Pointer(collectDataTimeout)), 0, 0) + r1, _, e1 := syscall.SyscallN(procSetNamedPipeHandleState.Addr(), uintptr(pipe), uintptr(unsafe.Pointer(state)), uintptr(unsafe.Pointer(maxCollectionCount)), uintptr(unsafe.Pointer(collectDataTimeout))) if r1 == 0 { err = errnoErr(e1) } @@ -3302,7 +3302,7 @@ func SetNamedPipeHandleState(pipe Handle, state *uint32, maxCollectionCount *uin } func SetPriorityClass(process Handle, priorityClass uint32) (err error) { - r1, _, e1 := syscall.Syscall(procSetPriorityClass.Addr(), 2, uintptr(process), uintptr(priorityClass), 0) + r1, _, e1 := syscall.SyscallN(procSetPriorityClass.Addr(), uintptr(process), uintptr(priorityClass)) if r1 == 0 { err = errnoErr(e1) } @@ -3314,7 +3314,7 @@ func SetProcessPriorityBoost(process Handle, disable bool) (err error) { if disable { _p0 = 1 } - r1, _, e1 := syscall.Syscall(procSetProcessPriorityBoost.Addr(), 2, uintptr(process), uintptr(_p0), 0) + r1, _, e1 := syscall.SyscallN(procSetProcessPriorityBoost.Addr(), uintptr(process), uintptr(_p0)) if r1 == 0 { err = errnoErr(e1) } @@ -3322,7 +3322,7 @@ func SetProcessPriorityBoost(process Handle, disable bool) (err error) { } func SetProcessShutdownParameters(level uint32, flags uint32) (err error) { - r1, _, e1 := syscall.Syscall(procSetProcessShutdownParameters.Addr(), 2, uintptr(level), uintptr(flags), 0) + r1, _, e1 := syscall.SyscallN(procSetProcessShutdownParameters.Addr(), uintptr(level), uintptr(flags)) if r1 == 0 { err = errnoErr(e1) } @@ -3330,7 +3330,7 @@ func SetProcessShutdownParameters(level uint32, flags uint32) (err error) { } func SetProcessWorkingSetSizeEx(hProcess Handle, dwMinimumWorkingSetSize uintptr, dwMaximumWorkingSetSize uintptr, flags uint32) (err error) { - r1, _, e1 := syscall.Syscall6(procSetProcessWorkingSetSizeEx.Addr(), 4, uintptr(hProcess), uintptr(dwMinimumWorkingSetSize), uintptr(dwMaximumWorkingSetSize), uintptr(flags), 0, 0) + r1, _, e1 := syscall.SyscallN(procSetProcessWorkingSetSizeEx.Addr(), uintptr(hProcess), uintptr(dwMinimumWorkingSetSize), uintptr(dwMaximumWorkingSetSize), uintptr(flags)) if r1 == 0 { err = errnoErr(e1) } @@ -3338,7 +3338,7 @@ func SetProcessWorkingSetSizeEx(hProcess Handle, dwMinimumWorkingSetSize uintptr } func SetStdHandle(stdhandle uint32, handle Handle) (err error) { - r1, _, e1 := syscall.Syscall(procSetStdHandle.Addr(), 2, uintptr(stdhandle), uintptr(handle), 0) + r1, _, e1 := syscall.SyscallN(procSetStdHandle.Addr(), uintptr(stdhandle), uintptr(handle)) if r1 == 0 { err = errnoErr(e1) } @@ -3346,7 +3346,7 @@ func SetStdHandle(stdhandle uint32, handle Handle) (err error) { } func SetVolumeLabel(rootPathName *uint16, volumeName *uint16) (err error) { - r1, _, e1 := syscall.Syscall(procSetVolumeLabelW.Addr(), 2, uintptr(unsafe.Pointer(rootPathName)), uintptr(unsafe.Pointer(volumeName)), 0) + r1, _, e1 := syscall.SyscallN(procSetVolumeLabelW.Addr(), uintptr(unsafe.Pointer(rootPathName)), uintptr(unsafe.Pointer(volumeName))) if r1 == 0 { err = errnoErr(e1) } @@ -3354,7 +3354,7 @@ func SetVolumeLabel(rootPathName *uint16, volumeName *uint16) (err error) { } func SetVolumeMountPoint(volumeMountPoint *uint16, volumeName *uint16) (err error) { - r1, _, e1 := syscall.Syscall(procSetVolumeMountPointW.Addr(), 2, uintptr(unsafe.Pointer(volumeMountPoint)), uintptr(unsafe.Pointer(volumeName)), 0) + r1, _, e1 := syscall.SyscallN(procSetVolumeMountPointW.Addr(), uintptr(unsafe.Pointer(volumeMountPoint)), uintptr(unsafe.Pointer(volumeName))) if r1 == 0 { err = errnoErr(e1) } @@ -3362,7 +3362,7 @@ func SetVolumeMountPoint(volumeMountPoint *uint16, volumeName *uint16) (err erro } func SetupComm(handle Handle, dwInQueue uint32, dwOutQueue uint32) (err error) { - r1, _, e1 := syscall.Syscall(procSetupComm.Addr(), 3, uintptr(handle), uintptr(dwInQueue), uintptr(dwOutQueue)) + r1, _, e1 := syscall.SyscallN(procSetupComm.Addr(), uintptr(handle), uintptr(dwInQueue), uintptr(dwOutQueue)) if r1 == 0 { err = errnoErr(e1) } @@ -3370,7 +3370,7 @@ func SetupComm(handle Handle, dwInQueue uint32, dwOutQueue uint32) (err error) { } func SizeofResource(module Handle, resInfo Handle) (size uint32, err error) { - r0, _, e1 := syscall.Syscall(procSizeofResource.Addr(), 2, uintptr(module), uintptr(resInfo), 0) + r0, _, e1 := syscall.SyscallN(procSizeofResource.Addr(), uintptr(module), uintptr(resInfo)) size = uint32(r0) if size == 0 { err = errnoErr(e1) @@ -3383,13 +3383,13 @@ func SleepEx(milliseconds uint32, alertable bool) (ret uint32) { if alertable { _p0 = 1 } - r0, _, _ := syscall.Syscall(procSleepEx.Addr(), 2, uintptr(milliseconds), uintptr(_p0), 0) + r0, _, _ := syscall.SyscallN(procSleepEx.Addr(), uintptr(milliseconds), uintptr(_p0)) ret = uint32(r0) return } func TerminateJobObject(job Handle, exitCode uint32) (err error) { - r1, _, e1 := syscall.Syscall(procTerminateJobObject.Addr(), 2, uintptr(job), uintptr(exitCode), 0) + r1, _, e1 := syscall.SyscallN(procTerminateJobObject.Addr(), uintptr(job), uintptr(exitCode)) if r1 == 0 { err = errnoErr(e1) } @@ -3397,7 +3397,7 @@ func TerminateJobObject(job Handle, exitCode uint32) (err error) { } func TerminateProcess(handle Handle, exitcode uint32) (err error) { - r1, _, e1 := syscall.Syscall(procTerminateProcess.Addr(), 2, uintptr(handle), uintptr(exitcode), 0) + r1, _, e1 := syscall.SyscallN(procTerminateProcess.Addr(), uintptr(handle), uintptr(exitcode)) if r1 == 0 { err = errnoErr(e1) } @@ -3405,7 +3405,7 @@ func TerminateProcess(handle Handle, exitcode uint32) (err error) { } func Thread32First(snapshot Handle, threadEntry *ThreadEntry32) (err error) { - r1, _, e1 := syscall.Syscall(procThread32First.Addr(), 2, uintptr(snapshot), uintptr(unsafe.Pointer(threadEntry)), 0) + r1, _, e1 := syscall.SyscallN(procThread32First.Addr(), uintptr(snapshot), uintptr(unsafe.Pointer(threadEntry))) if r1 == 0 { err = errnoErr(e1) } @@ -3413,7 +3413,7 @@ func Thread32First(snapshot Handle, threadEntry *ThreadEntry32) (err error) { } func Thread32Next(snapshot Handle, threadEntry *ThreadEntry32) (err error) { - r1, _, e1 := syscall.Syscall(procThread32Next.Addr(), 2, uintptr(snapshot), uintptr(unsafe.Pointer(threadEntry)), 0) + r1, _, e1 := syscall.SyscallN(procThread32Next.Addr(), uintptr(snapshot), uintptr(unsafe.Pointer(threadEntry))) if r1 == 0 { err = errnoErr(e1) } @@ -3421,7 +3421,7 @@ func Thread32Next(snapshot Handle, threadEntry *ThreadEntry32) (err error) { } func UnlockFileEx(file Handle, reserved uint32, bytesLow uint32, bytesHigh uint32, overlapped *Overlapped) (err error) { - r1, _, e1 := syscall.Syscall6(procUnlockFileEx.Addr(), 5, uintptr(file), uintptr(reserved), uintptr(bytesLow), uintptr(bytesHigh), uintptr(unsafe.Pointer(overlapped)), 0) + r1, _, e1 := syscall.SyscallN(procUnlockFileEx.Addr(), uintptr(file), uintptr(reserved), uintptr(bytesLow), uintptr(bytesHigh), uintptr(unsafe.Pointer(overlapped))) if r1 == 0 { err = errnoErr(e1) } @@ -3429,7 +3429,7 @@ func UnlockFileEx(file Handle, reserved uint32, bytesLow uint32, bytesHigh uint3 } func UnmapViewOfFile(addr uintptr) (err error) { - r1, _, e1 := syscall.Syscall(procUnmapViewOfFile.Addr(), 1, uintptr(addr), 0, 0) + r1, _, e1 := syscall.SyscallN(procUnmapViewOfFile.Addr(), uintptr(addr)) if r1 == 0 { err = errnoErr(e1) } @@ -3437,7 +3437,7 @@ func UnmapViewOfFile(addr uintptr) (err error) { } func updateProcThreadAttribute(attrlist *ProcThreadAttributeList, flags uint32, attr uintptr, value unsafe.Pointer, size uintptr, prevvalue unsafe.Pointer, returnedsize *uintptr) (err error) { - r1, _, e1 := syscall.Syscall9(procUpdateProcThreadAttribute.Addr(), 7, uintptr(unsafe.Pointer(attrlist)), uintptr(flags), uintptr(attr), uintptr(value), uintptr(size), uintptr(prevvalue), uintptr(unsafe.Pointer(returnedsize)), 0, 0) + r1, _, e1 := syscall.SyscallN(procUpdateProcThreadAttribute.Addr(), uintptr(unsafe.Pointer(attrlist)), uintptr(flags), uintptr(attr), uintptr(value), uintptr(size), uintptr(prevvalue), uintptr(unsafe.Pointer(returnedsize))) if r1 == 0 { err = errnoErr(e1) } @@ -3445,7 +3445,7 @@ func updateProcThreadAttribute(attrlist *ProcThreadAttributeList, flags uint32, } func VirtualAlloc(address uintptr, size uintptr, alloctype uint32, protect uint32) (value uintptr, err error) { - r0, _, e1 := syscall.Syscall6(procVirtualAlloc.Addr(), 4, uintptr(address), uintptr(size), uintptr(alloctype), uintptr(protect), 0, 0) + r0, _, e1 := syscall.SyscallN(procVirtualAlloc.Addr(), uintptr(address), uintptr(size), uintptr(alloctype), uintptr(protect)) value = uintptr(r0) if value == 0 { err = errnoErr(e1) @@ -3454,7 +3454,7 @@ func VirtualAlloc(address uintptr, size uintptr, alloctype uint32, protect uint3 } func VirtualFree(address uintptr, size uintptr, freetype uint32) (err error) { - r1, _, e1 := syscall.Syscall(procVirtualFree.Addr(), 3, uintptr(address), uintptr(size), uintptr(freetype)) + r1, _, e1 := syscall.SyscallN(procVirtualFree.Addr(), uintptr(address), uintptr(size), uintptr(freetype)) if r1 == 0 { err = errnoErr(e1) } @@ -3462,7 +3462,7 @@ func VirtualFree(address uintptr, size uintptr, freetype uint32) (err error) { } func VirtualLock(addr uintptr, length uintptr) (err error) { - r1, _, e1 := syscall.Syscall(procVirtualLock.Addr(), 2, uintptr(addr), uintptr(length), 0) + r1, _, e1 := syscall.SyscallN(procVirtualLock.Addr(), uintptr(addr), uintptr(length)) if r1 == 0 { err = errnoErr(e1) } @@ -3470,7 +3470,7 @@ func VirtualLock(addr uintptr, length uintptr) (err error) { } func VirtualProtect(address uintptr, size uintptr, newprotect uint32, oldprotect *uint32) (err error) { - r1, _, e1 := syscall.Syscall6(procVirtualProtect.Addr(), 4, uintptr(address), uintptr(size), uintptr(newprotect), uintptr(unsafe.Pointer(oldprotect)), 0, 0) + r1, _, e1 := syscall.SyscallN(procVirtualProtect.Addr(), uintptr(address), uintptr(size), uintptr(newprotect), uintptr(unsafe.Pointer(oldprotect))) if r1 == 0 { err = errnoErr(e1) } @@ -3478,7 +3478,7 @@ func VirtualProtect(address uintptr, size uintptr, newprotect uint32, oldprotect } func VirtualProtectEx(process Handle, address uintptr, size uintptr, newProtect uint32, oldProtect *uint32) (err error) { - r1, _, e1 := syscall.Syscall6(procVirtualProtectEx.Addr(), 5, uintptr(process), uintptr(address), uintptr(size), uintptr(newProtect), uintptr(unsafe.Pointer(oldProtect)), 0) + r1, _, e1 := syscall.SyscallN(procVirtualProtectEx.Addr(), uintptr(process), uintptr(address), uintptr(size), uintptr(newProtect), uintptr(unsafe.Pointer(oldProtect))) if r1 == 0 { err = errnoErr(e1) } @@ -3486,7 +3486,7 @@ func VirtualProtectEx(process Handle, address uintptr, size uintptr, newProtect } func VirtualQuery(address uintptr, buffer *MemoryBasicInformation, length uintptr) (err error) { - r1, _, e1 := syscall.Syscall(procVirtualQuery.Addr(), 3, uintptr(address), uintptr(unsafe.Pointer(buffer)), uintptr(length)) + r1, _, e1 := syscall.SyscallN(procVirtualQuery.Addr(), uintptr(address), uintptr(unsafe.Pointer(buffer)), uintptr(length)) if r1 == 0 { err = errnoErr(e1) } @@ -3494,7 +3494,7 @@ func VirtualQuery(address uintptr, buffer *MemoryBasicInformation, length uintpt } func VirtualQueryEx(process Handle, address uintptr, buffer *MemoryBasicInformation, length uintptr) (err error) { - r1, _, e1 := syscall.Syscall6(procVirtualQueryEx.Addr(), 4, uintptr(process), uintptr(address), uintptr(unsafe.Pointer(buffer)), uintptr(length), 0, 0) + r1, _, e1 := syscall.SyscallN(procVirtualQueryEx.Addr(), uintptr(process), uintptr(address), uintptr(unsafe.Pointer(buffer)), uintptr(length)) if r1 == 0 { err = errnoErr(e1) } @@ -3502,7 +3502,7 @@ func VirtualQueryEx(process Handle, address uintptr, buffer *MemoryBasicInformat } func VirtualUnlock(addr uintptr, length uintptr) (err error) { - r1, _, e1 := syscall.Syscall(procVirtualUnlock.Addr(), 2, uintptr(addr), uintptr(length), 0) + r1, _, e1 := syscall.SyscallN(procVirtualUnlock.Addr(), uintptr(addr), uintptr(length)) if r1 == 0 { err = errnoErr(e1) } @@ -3510,13 +3510,13 @@ func VirtualUnlock(addr uintptr, length uintptr) (err error) { } func WTSGetActiveConsoleSessionId() (sessionID uint32) { - r0, _, _ := syscall.Syscall(procWTSGetActiveConsoleSessionId.Addr(), 0, 0, 0, 0) + r0, _, _ := syscall.SyscallN(procWTSGetActiveConsoleSessionId.Addr()) sessionID = uint32(r0) return } func WaitCommEvent(handle Handle, lpEvtMask *uint32, lpOverlapped *Overlapped) (err error) { - r1, _, e1 := syscall.Syscall(procWaitCommEvent.Addr(), 3, uintptr(handle), uintptr(unsafe.Pointer(lpEvtMask)), uintptr(unsafe.Pointer(lpOverlapped))) + r1, _, e1 := syscall.SyscallN(procWaitCommEvent.Addr(), uintptr(handle), uintptr(unsafe.Pointer(lpEvtMask)), uintptr(unsafe.Pointer(lpOverlapped))) if r1 == 0 { err = errnoErr(e1) } @@ -3528,7 +3528,7 @@ func waitForMultipleObjects(count uint32, handles uintptr, waitAll bool, waitMil if waitAll { _p0 = 1 } - r0, _, e1 := syscall.Syscall6(procWaitForMultipleObjects.Addr(), 4, uintptr(count), uintptr(handles), uintptr(_p0), uintptr(waitMilliseconds), 0, 0) + r0, _, e1 := syscall.SyscallN(procWaitForMultipleObjects.Addr(), uintptr(count), uintptr(handles), uintptr(_p0), uintptr(waitMilliseconds)) event = uint32(r0) if event == 0xffffffff { err = errnoErr(e1) @@ -3537,7 +3537,7 @@ func waitForMultipleObjects(count uint32, handles uintptr, waitAll bool, waitMil } func WaitForSingleObject(handle Handle, waitMilliseconds uint32) (event uint32, err error) { - r0, _, e1 := syscall.Syscall(procWaitForSingleObject.Addr(), 2, uintptr(handle), uintptr(waitMilliseconds), 0) + r0, _, e1 := syscall.SyscallN(procWaitForSingleObject.Addr(), uintptr(handle), uintptr(waitMilliseconds)) event = uint32(r0) if event == 0xffffffff { err = errnoErr(e1) @@ -3546,7 +3546,7 @@ func WaitForSingleObject(handle Handle, waitMilliseconds uint32) (event uint32, } func WriteConsole(console Handle, buf *uint16, towrite uint32, written *uint32, reserved *byte) (err error) { - r1, _, e1 := syscall.Syscall6(procWriteConsoleW.Addr(), 5, uintptr(console), uintptr(unsafe.Pointer(buf)), uintptr(towrite), uintptr(unsafe.Pointer(written)), uintptr(unsafe.Pointer(reserved)), 0) + r1, _, e1 := syscall.SyscallN(procWriteConsoleW.Addr(), uintptr(console), uintptr(unsafe.Pointer(buf)), uintptr(towrite), uintptr(unsafe.Pointer(written)), uintptr(unsafe.Pointer(reserved))) if r1 == 0 { err = errnoErr(e1) } @@ -3558,7 +3558,7 @@ func writeFile(handle Handle, buf []byte, done *uint32, overlapped *Overlapped) if len(buf) > 0 { _p0 = &buf[0] } - r1, _, e1 := syscall.Syscall6(procWriteFile.Addr(), 5, uintptr(handle), uintptr(unsafe.Pointer(_p0)), uintptr(len(buf)), uintptr(unsafe.Pointer(done)), uintptr(unsafe.Pointer(overlapped)), 0) + r1, _, e1 := syscall.SyscallN(procWriteFile.Addr(), uintptr(handle), uintptr(unsafe.Pointer(_p0)), uintptr(len(buf)), uintptr(unsafe.Pointer(done)), uintptr(unsafe.Pointer(overlapped))) if r1 == 0 { err = errnoErr(e1) } @@ -3566,7 +3566,7 @@ func writeFile(handle Handle, buf []byte, done *uint32, overlapped *Overlapped) } func WriteProcessMemory(process Handle, baseAddress uintptr, buffer *byte, size uintptr, numberOfBytesWritten *uintptr) (err error) { - r1, _, e1 := syscall.Syscall6(procWriteProcessMemory.Addr(), 5, uintptr(process), uintptr(baseAddress), uintptr(unsafe.Pointer(buffer)), uintptr(size), uintptr(unsafe.Pointer(numberOfBytesWritten)), 0) + r1, _, e1 := syscall.SyscallN(procWriteProcessMemory.Addr(), uintptr(process), uintptr(baseAddress), uintptr(unsafe.Pointer(buffer)), uintptr(size), uintptr(unsafe.Pointer(numberOfBytesWritten))) if r1 == 0 { err = errnoErr(e1) } @@ -3574,7 +3574,7 @@ func WriteProcessMemory(process Handle, baseAddress uintptr, buffer *byte, size } func AcceptEx(ls Handle, as Handle, buf *byte, rxdatalen uint32, laddrlen uint32, raddrlen uint32, recvd *uint32, overlapped *Overlapped) (err error) { - r1, _, e1 := syscall.Syscall9(procAcceptEx.Addr(), 8, uintptr(ls), uintptr(as), uintptr(unsafe.Pointer(buf)), uintptr(rxdatalen), uintptr(laddrlen), uintptr(raddrlen), uintptr(unsafe.Pointer(recvd)), uintptr(unsafe.Pointer(overlapped)), 0) + r1, _, e1 := syscall.SyscallN(procAcceptEx.Addr(), uintptr(ls), uintptr(as), uintptr(unsafe.Pointer(buf)), uintptr(rxdatalen), uintptr(laddrlen), uintptr(raddrlen), uintptr(unsafe.Pointer(recvd)), uintptr(unsafe.Pointer(overlapped))) if r1 == 0 { err = errnoErr(e1) } @@ -3582,12 +3582,12 @@ func AcceptEx(ls Handle, as Handle, buf *byte, rxdatalen uint32, laddrlen uint32 } func GetAcceptExSockaddrs(buf *byte, rxdatalen uint32, laddrlen uint32, raddrlen uint32, lrsa **RawSockaddrAny, lrsalen *int32, rrsa **RawSockaddrAny, rrsalen *int32) { - syscall.Syscall9(procGetAcceptExSockaddrs.Addr(), 8, uintptr(unsafe.Pointer(buf)), uintptr(rxdatalen), uintptr(laddrlen), uintptr(raddrlen), uintptr(unsafe.Pointer(lrsa)), uintptr(unsafe.Pointer(lrsalen)), uintptr(unsafe.Pointer(rrsa)), uintptr(unsafe.Pointer(rrsalen)), 0) + syscall.SyscallN(procGetAcceptExSockaddrs.Addr(), uintptr(unsafe.Pointer(buf)), uintptr(rxdatalen), uintptr(laddrlen), uintptr(raddrlen), uintptr(unsafe.Pointer(lrsa)), uintptr(unsafe.Pointer(lrsalen)), uintptr(unsafe.Pointer(rrsa)), uintptr(unsafe.Pointer(rrsalen))) return } func TransmitFile(s Handle, handle Handle, bytesToWrite uint32, bytsPerSend uint32, overlapped *Overlapped, transmitFileBuf *TransmitFileBuffers, flags uint32) (err error) { - r1, _, e1 := syscall.Syscall9(procTransmitFile.Addr(), 7, uintptr(s), uintptr(handle), uintptr(bytesToWrite), uintptr(bytsPerSend), uintptr(unsafe.Pointer(overlapped)), uintptr(unsafe.Pointer(transmitFileBuf)), uintptr(flags), 0, 0) + r1, _, e1 := syscall.SyscallN(procTransmitFile.Addr(), uintptr(s), uintptr(handle), uintptr(bytesToWrite), uintptr(bytsPerSend), uintptr(unsafe.Pointer(overlapped)), uintptr(unsafe.Pointer(transmitFileBuf)), uintptr(flags)) if r1 == 0 { err = errnoErr(e1) } @@ -3595,7 +3595,7 @@ func TransmitFile(s Handle, handle Handle, bytesToWrite uint32, bytsPerSend uint } func NetApiBufferFree(buf *byte) (neterr error) { - r0, _, _ := syscall.Syscall(procNetApiBufferFree.Addr(), 1, uintptr(unsafe.Pointer(buf)), 0, 0) + r0, _, _ := syscall.SyscallN(procNetApiBufferFree.Addr(), uintptr(unsafe.Pointer(buf))) if r0 != 0 { neterr = syscall.Errno(r0) } @@ -3603,7 +3603,7 @@ func NetApiBufferFree(buf *byte) (neterr error) { } func NetGetJoinInformation(server *uint16, name **uint16, bufType *uint32) (neterr error) { - r0, _, _ := syscall.Syscall(procNetGetJoinInformation.Addr(), 3, uintptr(unsafe.Pointer(server)), uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(bufType))) + r0, _, _ := syscall.SyscallN(procNetGetJoinInformation.Addr(), uintptr(unsafe.Pointer(server)), uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(bufType))) if r0 != 0 { neterr = syscall.Errno(r0) } @@ -3611,7 +3611,7 @@ func NetGetJoinInformation(server *uint16, name **uint16, bufType *uint32) (nete } func NetUserEnum(serverName *uint16, level uint32, filter uint32, buf **byte, prefMaxLen uint32, entriesRead *uint32, totalEntries *uint32, resumeHandle *uint32) (neterr error) { - r0, _, _ := syscall.Syscall9(procNetUserEnum.Addr(), 8, uintptr(unsafe.Pointer(serverName)), uintptr(level), uintptr(filter), uintptr(unsafe.Pointer(buf)), uintptr(prefMaxLen), uintptr(unsafe.Pointer(entriesRead)), uintptr(unsafe.Pointer(totalEntries)), uintptr(unsafe.Pointer(resumeHandle)), 0) + r0, _, _ := syscall.SyscallN(procNetUserEnum.Addr(), uintptr(unsafe.Pointer(serverName)), uintptr(level), uintptr(filter), uintptr(unsafe.Pointer(buf)), uintptr(prefMaxLen), uintptr(unsafe.Pointer(entriesRead)), uintptr(unsafe.Pointer(totalEntries)), uintptr(unsafe.Pointer(resumeHandle))) if r0 != 0 { neterr = syscall.Errno(r0) } @@ -3619,7 +3619,7 @@ func NetUserEnum(serverName *uint16, level uint32, filter uint32, buf **byte, pr } func NetUserGetInfo(serverName *uint16, userName *uint16, level uint32, buf **byte) (neterr error) { - r0, _, _ := syscall.Syscall6(procNetUserGetInfo.Addr(), 4, uintptr(unsafe.Pointer(serverName)), uintptr(unsafe.Pointer(userName)), uintptr(level), uintptr(unsafe.Pointer(buf)), 0, 0) + r0, _, _ := syscall.SyscallN(procNetUserGetInfo.Addr(), uintptr(unsafe.Pointer(serverName)), uintptr(unsafe.Pointer(userName)), uintptr(level), uintptr(unsafe.Pointer(buf))) if r0 != 0 { neterr = syscall.Errno(r0) } @@ -3627,7 +3627,7 @@ func NetUserGetInfo(serverName *uint16, userName *uint16, level uint32, buf **by } func NtCreateFile(handle *Handle, access uint32, oa *OBJECT_ATTRIBUTES, iosb *IO_STATUS_BLOCK, allocationSize *int64, attributes uint32, share uint32, disposition uint32, options uint32, eabuffer uintptr, ealength uint32) (ntstatus error) { - r0, _, _ := syscall.Syscall12(procNtCreateFile.Addr(), 11, uintptr(unsafe.Pointer(handle)), uintptr(access), uintptr(unsafe.Pointer(oa)), uintptr(unsafe.Pointer(iosb)), uintptr(unsafe.Pointer(allocationSize)), uintptr(attributes), uintptr(share), uintptr(disposition), uintptr(options), uintptr(eabuffer), uintptr(ealength), 0) + r0, _, _ := syscall.SyscallN(procNtCreateFile.Addr(), uintptr(unsafe.Pointer(handle)), uintptr(access), uintptr(unsafe.Pointer(oa)), uintptr(unsafe.Pointer(iosb)), uintptr(unsafe.Pointer(allocationSize)), uintptr(attributes), uintptr(share), uintptr(disposition), uintptr(options), uintptr(eabuffer), uintptr(ealength)) if r0 != 0 { ntstatus = NTStatus(r0) } @@ -3635,7 +3635,7 @@ func NtCreateFile(handle *Handle, access uint32, oa *OBJECT_ATTRIBUTES, iosb *IO } func NtCreateNamedPipeFile(pipe *Handle, access uint32, oa *OBJECT_ATTRIBUTES, iosb *IO_STATUS_BLOCK, share uint32, disposition uint32, options uint32, typ uint32, readMode uint32, completionMode uint32, maxInstances uint32, inboundQuota uint32, outputQuota uint32, timeout *int64) (ntstatus error) { - r0, _, _ := syscall.Syscall15(procNtCreateNamedPipeFile.Addr(), 14, uintptr(unsafe.Pointer(pipe)), uintptr(access), uintptr(unsafe.Pointer(oa)), uintptr(unsafe.Pointer(iosb)), uintptr(share), uintptr(disposition), uintptr(options), uintptr(typ), uintptr(readMode), uintptr(completionMode), uintptr(maxInstances), uintptr(inboundQuota), uintptr(outputQuota), uintptr(unsafe.Pointer(timeout)), 0) + r0, _, _ := syscall.SyscallN(procNtCreateNamedPipeFile.Addr(), uintptr(unsafe.Pointer(pipe)), uintptr(access), uintptr(unsafe.Pointer(oa)), uintptr(unsafe.Pointer(iosb)), uintptr(share), uintptr(disposition), uintptr(options), uintptr(typ), uintptr(readMode), uintptr(completionMode), uintptr(maxInstances), uintptr(inboundQuota), uintptr(outputQuota), uintptr(unsafe.Pointer(timeout))) if r0 != 0 { ntstatus = NTStatus(r0) } @@ -3643,7 +3643,7 @@ func NtCreateNamedPipeFile(pipe *Handle, access uint32, oa *OBJECT_ATTRIBUTES, i } func NtQueryInformationProcess(proc Handle, procInfoClass int32, procInfo unsafe.Pointer, procInfoLen uint32, retLen *uint32) (ntstatus error) { - r0, _, _ := syscall.Syscall6(procNtQueryInformationProcess.Addr(), 5, uintptr(proc), uintptr(procInfoClass), uintptr(procInfo), uintptr(procInfoLen), uintptr(unsafe.Pointer(retLen)), 0) + r0, _, _ := syscall.SyscallN(procNtQueryInformationProcess.Addr(), uintptr(proc), uintptr(procInfoClass), uintptr(procInfo), uintptr(procInfoLen), uintptr(unsafe.Pointer(retLen))) if r0 != 0 { ntstatus = NTStatus(r0) } @@ -3651,7 +3651,7 @@ func NtQueryInformationProcess(proc Handle, procInfoClass int32, procInfo unsafe } func NtQuerySystemInformation(sysInfoClass int32, sysInfo unsafe.Pointer, sysInfoLen uint32, retLen *uint32) (ntstatus error) { - r0, _, _ := syscall.Syscall6(procNtQuerySystemInformation.Addr(), 4, uintptr(sysInfoClass), uintptr(sysInfo), uintptr(sysInfoLen), uintptr(unsafe.Pointer(retLen)), 0, 0) + r0, _, _ := syscall.SyscallN(procNtQuerySystemInformation.Addr(), uintptr(sysInfoClass), uintptr(sysInfo), uintptr(sysInfoLen), uintptr(unsafe.Pointer(retLen))) if r0 != 0 { ntstatus = NTStatus(r0) } @@ -3659,7 +3659,7 @@ func NtQuerySystemInformation(sysInfoClass int32, sysInfo unsafe.Pointer, sysInf } func NtSetInformationFile(handle Handle, iosb *IO_STATUS_BLOCK, inBuffer *byte, inBufferLen uint32, class uint32) (ntstatus error) { - r0, _, _ := syscall.Syscall6(procNtSetInformationFile.Addr(), 5, uintptr(handle), uintptr(unsafe.Pointer(iosb)), uintptr(unsafe.Pointer(inBuffer)), uintptr(inBufferLen), uintptr(class), 0) + r0, _, _ := syscall.SyscallN(procNtSetInformationFile.Addr(), uintptr(handle), uintptr(unsafe.Pointer(iosb)), uintptr(unsafe.Pointer(inBuffer)), uintptr(inBufferLen), uintptr(class)) if r0 != 0 { ntstatus = NTStatus(r0) } @@ -3667,7 +3667,7 @@ func NtSetInformationFile(handle Handle, iosb *IO_STATUS_BLOCK, inBuffer *byte, } func NtSetInformationProcess(proc Handle, procInfoClass int32, procInfo unsafe.Pointer, procInfoLen uint32) (ntstatus error) { - r0, _, _ := syscall.Syscall6(procNtSetInformationProcess.Addr(), 4, uintptr(proc), uintptr(procInfoClass), uintptr(procInfo), uintptr(procInfoLen), 0, 0) + r0, _, _ := syscall.SyscallN(procNtSetInformationProcess.Addr(), uintptr(proc), uintptr(procInfoClass), uintptr(procInfo), uintptr(procInfoLen)) if r0 != 0 { ntstatus = NTStatus(r0) } @@ -3675,7 +3675,7 @@ func NtSetInformationProcess(proc Handle, procInfoClass int32, procInfo unsafe.P } func NtSetSystemInformation(sysInfoClass int32, sysInfo unsafe.Pointer, sysInfoLen uint32) (ntstatus error) { - r0, _, _ := syscall.Syscall(procNtSetSystemInformation.Addr(), 3, uintptr(sysInfoClass), uintptr(sysInfo), uintptr(sysInfoLen)) + r0, _, _ := syscall.SyscallN(procNtSetSystemInformation.Addr(), uintptr(sysInfoClass), uintptr(sysInfo), uintptr(sysInfoLen)) if r0 != 0 { ntstatus = NTStatus(r0) } @@ -3683,13 +3683,13 @@ func NtSetSystemInformation(sysInfoClass int32, sysInfo unsafe.Pointer, sysInfoL } func RtlAddFunctionTable(functionTable *RUNTIME_FUNCTION, entryCount uint32, baseAddress uintptr) (ret bool) { - r0, _, _ := syscall.Syscall(procRtlAddFunctionTable.Addr(), 3, uintptr(unsafe.Pointer(functionTable)), uintptr(entryCount), uintptr(baseAddress)) + r0, _, _ := syscall.SyscallN(procRtlAddFunctionTable.Addr(), uintptr(unsafe.Pointer(functionTable)), uintptr(entryCount), uintptr(baseAddress)) ret = r0 != 0 return } func RtlDefaultNpAcl(acl **ACL) (ntstatus error) { - r0, _, _ := syscall.Syscall(procRtlDefaultNpAcl.Addr(), 1, uintptr(unsafe.Pointer(acl)), 0, 0) + r0, _, _ := syscall.SyscallN(procRtlDefaultNpAcl.Addr(), uintptr(unsafe.Pointer(acl))) if r0 != 0 { ntstatus = NTStatus(r0) } @@ -3697,13 +3697,13 @@ func RtlDefaultNpAcl(acl **ACL) (ntstatus error) { } func RtlDeleteFunctionTable(functionTable *RUNTIME_FUNCTION) (ret bool) { - r0, _, _ := syscall.Syscall(procRtlDeleteFunctionTable.Addr(), 1, uintptr(unsafe.Pointer(functionTable)), 0, 0) + r0, _, _ := syscall.SyscallN(procRtlDeleteFunctionTable.Addr(), uintptr(unsafe.Pointer(functionTable))) ret = r0 != 0 return } func RtlDosPathNameToNtPathName(dosName *uint16, ntName *NTUnicodeString, ntFileNamePart *uint16, relativeName *RTL_RELATIVE_NAME) (ntstatus error) { - r0, _, _ := syscall.Syscall6(procRtlDosPathNameToNtPathName_U_WithStatus.Addr(), 4, uintptr(unsafe.Pointer(dosName)), uintptr(unsafe.Pointer(ntName)), uintptr(unsafe.Pointer(ntFileNamePart)), uintptr(unsafe.Pointer(relativeName)), 0, 0) + r0, _, _ := syscall.SyscallN(procRtlDosPathNameToNtPathName_U_WithStatus.Addr(), uintptr(unsafe.Pointer(dosName)), uintptr(unsafe.Pointer(ntName)), uintptr(unsafe.Pointer(ntFileNamePart)), uintptr(unsafe.Pointer(relativeName))) if r0 != 0 { ntstatus = NTStatus(r0) } @@ -3711,7 +3711,7 @@ func RtlDosPathNameToNtPathName(dosName *uint16, ntName *NTUnicodeString, ntFile } func RtlDosPathNameToRelativeNtPathName(dosName *uint16, ntName *NTUnicodeString, ntFileNamePart *uint16, relativeName *RTL_RELATIVE_NAME) (ntstatus error) { - r0, _, _ := syscall.Syscall6(procRtlDosPathNameToRelativeNtPathName_U_WithStatus.Addr(), 4, uintptr(unsafe.Pointer(dosName)), uintptr(unsafe.Pointer(ntName)), uintptr(unsafe.Pointer(ntFileNamePart)), uintptr(unsafe.Pointer(relativeName)), 0, 0) + r0, _, _ := syscall.SyscallN(procRtlDosPathNameToRelativeNtPathName_U_WithStatus.Addr(), uintptr(unsafe.Pointer(dosName)), uintptr(unsafe.Pointer(ntName)), uintptr(unsafe.Pointer(ntFileNamePart)), uintptr(unsafe.Pointer(relativeName))) if r0 != 0 { ntstatus = NTStatus(r0) } @@ -3719,18 +3719,18 @@ func RtlDosPathNameToRelativeNtPathName(dosName *uint16, ntName *NTUnicodeString } func RtlGetCurrentPeb() (peb *PEB) { - r0, _, _ := syscall.Syscall(procRtlGetCurrentPeb.Addr(), 0, 0, 0, 0) + r0, _, _ := syscall.SyscallN(procRtlGetCurrentPeb.Addr()) peb = (*PEB)(unsafe.Pointer(r0)) return } func rtlGetNtVersionNumbers(majorVersion *uint32, minorVersion *uint32, buildNumber *uint32) { - syscall.Syscall(procRtlGetNtVersionNumbers.Addr(), 3, uintptr(unsafe.Pointer(majorVersion)), uintptr(unsafe.Pointer(minorVersion)), uintptr(unsafe.Pointer(buildNumber))) + syscall.SyscallN(procRtlGetNtVersionNumbers.Addr(), uintptr(unsafe.Pointer(majorVersion)), uintptr(unsafe.Pointer(minorVersion)), uintptr(unsafe.Pointer(buildNumber))) return } func rtlGetVersion(info *OsVersionInfoEx) (ntstatus error) { - r0, _, _ := syscall.Syscall(procRtlGetVersion.Addr(), 1, uintptr(unsafe.Pointer(info)), 0, 0) + r0, _, _ := syscall.SyscallN(procRtlGetVersion.Addr(), uintptr(unsafe.Pointer(info))) if r0 != 0 { ntstatus = NTStatus(r0) } @@ -3738,23 +3738,23 @@ func rtlGetVersion(info *OsVersionInfoEx) (ntstatus error) { } func RtlInitString(destinationString *NTString, sourceString *byte) { - syscall.Syscall(procRtlInitString.Addr(), 2, uintptr(unsafe.Pointer(destinationString)), uintptr(unsafe.Pointer(sourceString)), 0) + syscall.SyscallN(procRtlInitString.Addr(), uintptr(unsafe.Pointer(destinationString)), uintptr(unsafe.Pointer(sourceString))) return } func RtlInitUnicodeString(destinationString *NTUnicodeString, sourceString *uint16) { - syscall.Syscall(procRtlInitUnicodeString.Addr(), 2, uintptr(unsafe.Pointer(destinationString)), uintptr(unsafe.Pointer(sourceString)), 0) + syscall.SyscallN(procRtlInitUnicodeString.Addr(), uintptr(unsafe.Pointer(destinationString)), uintptr(unsafe.Pointer(sourceString))) return } func rtlNtStatusToDosErrorNoTeb(ntstatus NTStatus) (ret syscall.Errno) { - r0, _, _ := syscall.Syscall(procRtlNtStatusToDosErrorNoTeb.Addr(), 1, uintptr(ntstatus), 0, 0) + r0, _, _ := syscall.SyscallN(procRtlNtStatusToDosErrorNoTeb.Addr(), uintptr(ntstatus)) ret = syscall.Errno(r0) return } func clsidFromString(lpsz *uint16, pclsid *GUID) (ret error) { - r0, _, _ := syscall.Syscall(procCLSIDFromString.Addr(), 2, uintptr(unsafe.Pointer(lpsz)), uintptr(unsafe.Pointer(pclsid)), 0) + r0, _, _ := syscall.SyscallN(procCLSIDFromString.Addr(), uintptr(unsafe.Pointer(lpsz)), uintptr(unsafe.Pointer(pclsid))) if r0 != 0 { ret = syscall.Errno(r0) } @@ -3762,7 +3762,7 @@ func clsidFromString(lpsz *uint16, pclsid *GUID) (ret error) { } func coCreateGuid(pguid *GUID) (ret error) { - r0, _, _ := syscall.Syscall(procCoCreateGuid.Addr(), 1, uintptr(unsafe.Pointer(pguid)), 0, 0) + r0, _, _ := syscall.SyscallN(procCoCreateGuid.Addr(), uintptr(unsafe.Pointer(pguid))) if r0 != 0 { ret = syscall.Errno(r0) } @@ -3770,7 +3770,7 @@ func coCreateGuid(pguid *GUID) (ret error) { } func CoGetObject(name *uint16, bindOpts *BIND_OPTS3, guid *GUID, functionTable **uintptr) (ret error) { - r0, _, _ := syscall.Syscall6(procCoGetObject.Addr(), 4, uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(bindOpts)), uintptr(unsafe.Pointer(guid)), uintptr(unsafe.Pointer(functionTable)), 0, 0) + r0, _, _ := syscall.SyscallN(procCoGetObject.Addr(), uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(bindOpts)), uintptr(unsafe.Pointer(guid)), uintptr(unsafe.Pointer(functionTable))) if r0 != 0 { ret = syscall.Errno(r0) } @@ -3778,7 +3778,7 @@ func CoGetObject(name *uint16, bindOpts *BIND_OPTS3, guid *GUID, functionTable * } func CoInitializeEx(reserved uintptr, coInit uint32) (ret error) { - r0, _, _ := syscall.Syscall(procCoInitializeEx.Addr(), 2, uintptr(reserved), uintptr(coInit), 0) + r0, _, _ := syscall.SyscallN(procCoInitializeEx.Addr(), uintptr(reserved), uintptr(coInit)) if r0 != 0 { ret = syscall.Errno(r0) } @@ -3786,23 +3786,23 @@ func CoInitializeEx(reserved uintptr, coInit uint32) (ret error) { } func CoTaskMemFree(address unsafe.Pointer) { - syscall.Syscall(procCoTaskMemFree.Addr(), 1, uintptr(address), 0, 0) + syscall.SyscallN(procCoTaskMemFree.Addr(), uintptr(address)) return } func CoUninitialize() { - syscall.Syscall(procCoUninitialize.Addr(), 0, 0, 0, 0) + syscall.SyscallN(procCoUninitialize.Addr()) return } func stringFromGUID2(rguid *GUID, lpsz *uint16, cchMax int32) (chars int32) { - r0, _, _ := syscall.Syscall(procStringFromGUID2.Addr(), 3, uintptr(unsafe.Pointer(rguid)), uintptr(unsafe.Pointer(lpsz)), uintptr(cchMax)) + r0, _, _ := syscall.SyscallN(procStringFromGUID2.Addr(), uintptr(unsafe.Pointer(rguid)), uintptr(unsafe.Pointer(lpsz)), uintptr(cchMax)) chars = int32(r0) return } func EnumProcessModules(process Handle, module *Handle, cb uint32, cbNeeded *uint32) (err error) { - r1, _, e1 := syscall.Syscall6(procEnumProcessModules.Addr(), 4, uintptr(process), uintptr(unsafe.Pointer(module)), uintptr(cb), uintptr(unsafe.Pointer(cbNeeded)), 0, 0) + r1, _, e1 := syscall.SyscallN(procEnumProcessModules.Addr(), uintptr(process), uintptr(unsafe.Pointer(module)), uintptr(cb), uintptr(unsafe.Pointer(cbNeeded))) if r1 == 0 { err = errnoErr(e1) } @@ -3810,7 +3810,7 @@ func EnumProcessModules(process Handle, module *Handle, cb uint32, cbNeeded *uin } func EnumProcessModulesEx(process Handle, module *Handle, cb uint32, cbNeeded *uint32, filterFlag uint32) (err error) { - r1, _, e1 := syscall.Syscall6(procEnumProcessModulesEx.Addr(), 5, uintptr(process), uintptr(unsafe.Pointer(module)), uintptr(cb), uintptr(unsafe.Pointer(cbNeeded)), uintptr(filterFlag), 0) + r1, _, e1 := syscall.SyscallN(procEnumProcessModulesEx.Addr(), uintptr(process), uintptr(unsafe.Pointer(module)), uintptr(cb), uintptr(unsafe.Pointer(cbNeeded)), uintptr(filterFlag)) if r1 == 0 { err = errnoErr(e1) } @@ -3818,7 +3818,7 @@ func EnumProcessModulesEx(process Handle, module *Handle, cb uint32, cbNeeded *u } func enumProcesses(processIds *uint32, nSize uint32, bytesReturned *uint32) (err error) { - r1, _, e1 := syscall.Syscall(procEnumProcesses.Addr(), 3, uintptr(unsafe.Pointer(processIds)), uintptr(nSize), uintptr(unsafe.Pointer(bytesReturned))) + r1, _, e1 := syscall.SyscallN(procEnumProcesses.Addr(), uintptr(unsafe.Pointer(processIds)), uintptr(nSize), uintptr(unsafe.Pointer(bytesReturned))) if r1 == 0 { err = errnoErr(e1) } @@ -3826,7 +3826,7 @@ func enumProcesses(processIds *uint32, nSize uint32, bytesReturned *uint32) (err } func GetModuleBaseName(process Handle, module Handle, baseName *uint16, size uint32) (err error) { - r1, _, e1 := syscall.Syscall6(procGetModuleBaseNameW.Addr(), 4, uintptr(process), uintptr(module), uintptr(unsafe.Pointer(baseName)), uintptr(size), 0, 0) + r1, _, e1 := syscall.SyscallN(procGetModuleBaseNameW.Addr(), uintptr(process), uintptr(module), uintptr(unsafe.Pointer(baseName)), uintptr(size)) if r1 == 0 { err = errnoErr(e1) } @@ -3834,7 +3834,7 @@ func GetModuleBaseName(process Handle, module Handle, baseName *uint16, size uin } func GetModuleFileNameEx(process Handle, module Handle, filename *uint16, size uint32) (err error) { - r1, _, e1 := syscall.Syscall6(procGetModuleFileNameExW.Addr(), 4, uintptr(process), uintptr(module), uintptr(unsafe.Pointer(filename)), uintptr(size), 0, 0) + r1, _, e1 := syscall.SyscallN(procGetModuleFileNameExW.Addr(), uintptr(process), uintptr(module), uintptr(unsafe.Pointer(filename)), uintptr(size)) if r1 == 0 { err = errnoErr(e1) } @@ -3842,7 +3842,7 @@ func GetModuleFileNameEx(process Handle, module Handle, filename *uint16, size u } func GetModuleInformation(process Handle, module Handle, modinfo *ModuleInfo, cb uint32) (err error) { - r1, _, e1 := syscall.Syscall6(procGetModuleInformation.Addr(), 4, uintptr(process), uintptr(module), uintptr(unsafe.Pointer(modinfo)), uintptr(cb), 0, 0) + r1, _, e1 := syscall.SyscallN(procGetModuleInformation.Addr(), uintptr(process), uintptr(module), uintptr(unsafe.Pointer(modinfo)), uintptr(cb)) if r1 == 0 { err = errnoErr(e1) } @@ -3850,7 +3850,7 @@ func GetModuleInformation(process Handle, module Handle, modinfo *ModuleInfo, cb } func QueryWorkingSetEx(process Handle, pv uintptr, cb uint32) (err error) { - r1, _, e1 := syscall.Syscall(procQueryWorkingSetEx.Addr(), 3, uintptr(process), uintptr(pv), uintptr(cb)) + r1, _, e1 := syscall.SyscallN(procQueryWorkingSetEx.Addr(), uintptr(process), uintptr(pv), uintptr(cb)) if r1 == 0 { err = errnoErr(e1) } @@ -3862,7 +3862,7 @@ func SubscribeServiceChangeNotifications(service Handle, eventType uint32, callb if ret != nil { return } - r0, _, _ := syscall.Syscall6(procSubscribeServiceChangeNotifications.Addr(), 5, uintptr(service), uintptr(eventType), uintptr(callback), uintptr(callbackCtx), uintptr(unsafe.Pointer(subscription)), 0) + r0, _, _ := syscall.SyscallN(procSubscribeServiceChangeNotifications.Addr(), uintptr(service), uintptr(eventType), uintptr(callback), uintptr(callbackCtx), uintptr(unsafe.Pointer(subscription))) if r0 != 0 { ret = syscall.Errno(r0) } @@ -3874,12 +3874,12 @@ func UnsubscribeServiceChangeNotifications(subscription uintptr) (err error) { if err != nil { return } - syscall.Syscall(procUnsubscribeServiceChangeNotifications.Addr(), 1, uintptr(subscription), 0, 0) + syscall.SyscallN(procUnsubscribeServiceChangeNotifications.Addr(), uintptr(subscription)) return } func GetUserNameEx(nameFormat uint32, nameBuffre *uint16, nSize *uint32) (err error) { - r1, _, e1 := syscall.Syscall(procGetUserNameExW.Addr(), 3, uintptr(nameFormat), uintptr(unsafe.Pointer(nameBuffre)), uintptr(unsafe.Pointer(nSize))) + r1, _, e1 := syscall.SyscallN(procGetUserNameExW.Addr(), uintptr(nameFormat), uintptr(unsafe.Pointer(nameBuffre)), uintptr(unsafe.Pointer(nSize))) if r1&0xff == 0 { err = errnoErr(e1) } @@ -3887,7 +3887,7 @@ func GetUserNameEx(nameFormat uint32, nameBuffre *uint16, nSize *uint32) (err er } func TranslateName(accName *uint16, accNameFormat uint32, desiredNameFormat uint32, translatedName *uint16, nSize *uint32) (err error) { - r1, _, e1 := syscall.Syscall6(procTranslateNameW.Addr(), 5, uintptr(unsafe.Pointer(accName)), uintptr(accNameFormat), uintptr(desiredNameFormat), uintptr(unsafe.Pointer(translatedName)), uintptr(unsafe.Pointer(nSize)), 0) + r1, _, e1 := syscall.SyscallN(procTranslateNameW.Addr(), uintptr(unsafe.Pointer(accName)), uintptr(accNameFormat), uintptr(desiredNameFormat), uintptr(unsafe.Pointer(translatedName)), uintptr(unsafe.Pointer(nSize))) if r1&0xff == 0 { err = errnoErr(e1) } @@ -3895,7 +3895,7 @@ func TranslateName(accName *uint16, accNameFormat uint32, desiredNameFormat uint } func SetupDiBuildDriverInfoList(deviceInfoSet DevInfo, deviceInfoData *DevInfoData, driverType SPDIT) (err error) { - r1, _, e1 := syscall.Syscall(procSetupDiBuildDriverInfoList.Addr(), 3, uintptr(deviceInfoSet), uintptr(unsafe.Pointer(deviceInfoData)), uintptr(driverType)) + r1, _, e1 := syscall.SyscallN(procSetupDiBuildDriverInfoList.Addr(), uintptr(deviceInfoSet), uintptr(unsafe.Pointer(deviceInfoData)), uintptr(driverType)) if r1 == 0 { err = errnoErr(e1) } @@ -3903,7 +3903,7 @@ func SetupDiBuildDriverInfoList(deviceInfoSet DevInfo, deviceInfoData *DevInfoDa } func SetupDiCallClassInstaller(installFunction DI_FUNCTION, deviceInfoSet DevInfo, deviceInfoData *DevInfoData) (err error) { - r1, _, e1 := syscall.Syscall(procSetupDiCallClassInstaller.Addr(), 3, uintptr(installFunction), uintptr(deviceInfoSet), uintptr(unsafe.Pointer(deviceInfoData))) + r1, _, e1 := syscall.SyscallN(procSetupDiCallClassInstaller.Addr(), uintptr(installFunction), uintptr(deviceInfoSet), uintptr(unsafe.Pointer(deviceInfoData))) if r1 == 0 { err = errnoErr(e1) } @@ -3911,7 +3911,7 @@ func SetupDiCallClassInstaller(installFunction DI_FUNCTION, deviceInfoSet DevInf } func SetupDiCancelDriverInfoSearch(deviceInfoSet DevInfo) (err error) { - r1, _, e1 := syscall.Syscall(procSetupDiCancelDriverInfoSearch.Addr(), 1, uintptr(deviceInfoSet), 0, 0) + r1, _, e1 := syscall.SyscallN(procSetupDiCancelDriverInfoSearch.Addr(), uintptr(deviceInfoSet)) if r1 == 0 { err = errnoErr(e1) } @@ -3919,7 +3919,7 @@ func SetupDiCancelDriverInfoSearch(deviceInfoSet DevInfo) (err error) { } func setupDiClassGuidsFromNameEx(className *uint16, classGuidList *GUID, classGuidListSize uint32, requiredSize *uint32, machineName *uint16, reserved uintptr) (err error) { - r1, _, e1 := syscall.Syscall6(procSetupDiClassGuidsFromNameExW.Addr(), 6, uintptr(unsafe.Pointer(className)), uintptr(unsafe.Pointer(classGuidList)), uintptr(classGuidListSize), uintptr(unsafe.Pointer(requiredSize)), uintptr(unsafe.Pointer(machineName)), uintptr(reserved)) + r1, _, e1 := syscall.SyscallN(procSetupDiClassGuidsFromNameExW.Addr(), uintptr(unsafe.Pointer(className)), uintptr(unsafe.Pointer(classGuidList)), uintptr(classGuidListSize), uintptr(unsafe.Pointer(requiredSize)), uintptr(unsafe.Pointer(machineName)), uintptr(reserved)) if r1 == 0 { err = errnoErr(e1) } @@ -3927,7 +3927,7 @@ func setupDiClassGuidsFromNameEx(className *uint16, classGuidList *GUID, classGu } func setupDiClassNameFromGuidEx(classGUID *GUID, className *uint16, classNameSize uint32, requiredSize *uint32, machineName *uint16, reserved uintptr) (err error) { - r1, _, e1 := syscall.Syscall6(procSetupDiClassNameFromGuidExW.Addr(), 6, uintptr(unsafe.Pointer(classGUID)), uintptr(unsafe.Pointer(className)), uintptr(classNameSize), uintptr(unsafe.Pointer(requiredSize)), uintptr(unsafe.Pointer(machineName)), uintptr(reserved)) + r1, _, e1 := syscall.SyscallN(procSetupDiClassNameFromGuidExW.Addr(), uintptr(unsafe.Pointer(classGUID)), uintptr(unsafe.Pointer(className)), uintptr(classNameSize), uintptr(unsafe.Pointer(requiredSize)), uintptr(unsafe.Pointer(machineName)), uintptr(reserved)) if r1 == 0 { err = errnoErr(e1) } @@ -3935,7 +3935,7 @@ func setupDiClassNameFromGuidEx(classGUID *GUID, className *uint16, classNameSiz } func setupDiCreateDeviceInfoListEx(classGUID *GUID, hwndParent uintptr, machineName *uint16, reserved uintptr) (handle DevInfo, err error) { - r0, _, e1 := syscall.Syscall6(procSetupDiCreateDeviceInfoListExW.Addr(), 4, uintptr(unsafe.Pointer(classGUID)), uintptr(hwndParent), uintptr(unsafe.Pointer(machineName)), uintptr(reserved), 0, 0) + r0, _, e1 := syscall.SyscallN(procSetupDiCreateDeviceInfoListExW.Addr(), uintptr(unsafe.Pointer(classGUID)), uintptr(hwndParent), uintptr(unsafe.Pointer(machineName)), uintptr(reserved)) handle = DevInfo(r0) if handle == DevInfo(InvalidHandle) { err = errnoErr(e1) @@ -3944,7 +3944,7 @@ func setupDiCreateDeviceInfoListEx(classGUID *GUID, hwndParent uintptr, machineN } func setupDiCreateDeviceInfo(deviceInfoSet DevInfo, DeviceName *uint16, classGUID *GUID, DeviceDescription *uint16, hwndParent uintptr, CreationFlags DICD, deviceInfoData *DevInfoData) (err error) { - r1, _, e1 := syscall.Syscall9(procSetupDiCreateDeviceInfoW.Addr(), 7, uintptr(deviceInfoSet), uintptr(unsafe.Pointer(DeviceName)), uintptr(unsafe.Pointer(classGUID)), uintptr(unsafe.Pointer(DeviceDescription)), uintptr(hwndParent), uintptr(CreationFlags), uintptr(unsafe.Pointer(deviceInfoData)), 0, 0) + r1, _, e1 := syscall.SyscallN(procSetupDiCreateDeviceInfoW.Addr(), uintptr(deviceInfoSet), uintptr(unsafe.Pointer(DeviceName)), uintptr(unsafe.Pointer(classGUID)), uintptr(unsafe.Pointer(DeviceDescription)), uintptr(hwndParent), uintptr(CreationFlags), uintptr(unsafe.Pointer(deviceInfoData))) if r1 == 0 { err = errnoErr(e1) } @@ -3952,7 +3952,7 @@ func setupDiCreateDeviceInfo(deviceInfoSet DevInfo, DeviceName *uint16, classGUI } func SetupDiDestroyDeviceInfoList(deviceInfoSet DevInfo) (err error) { - r1, _, e1 := syscall.Syscall(procSetupDiDestroyDeviceInfoList.Addr(), 1, uintptr(deviceInfoSet), 0, 0) + r1, _, e1 := syscall.SyscallN(procSetupDiDestroyDeviceInfoList.Addr(), uintptr(deviceInfoSet)) if r1 == 0 { err = errnoErr(e1) } @@ -3960,7 +3960,7 @@ func SetupDiDestroyDeviceInfoList(deviceInfoSet DevInfo) (err error) { } func SetupDiDestroyDriverInfoList(deviceInfoSet DevInfo, deviceInfoData *DevInfoData, driverType SPDIT) (err error) { - r1, _, e1 := syscall.Syscall(procSetupDiDestroyDriverInfoList.Addr(), 3, uintptr(deviceInfoSet), uintptr(unsafe.Pointer(deviceInfoData)), uintptr(driverType)) + r1, _, e1 := syscall.SyscallN(procSetupDiDestroyDriverInfoList.Addr(), uintptr(deviceInfoSet), uintptr(unsafe.Pointer(deviceInfoData)), uintptr(driverType)) if r1 == 0 { err = errnoErr(e1) } @@ -3968,7 +3968,7 @@ func SetupDiDestroyDriverInfoList(deviceInfoSet DevInfo, deviceInfoData *DevInfo } func setupDiEnumDeviceInfo(deviceInfoSet DevInfo, memberIndex uint32, deviceInfoData *DevInfoData) (err error) { - r1, _, e1 := syscall.Syscall(procSetupDiEnumDeviceInfo.Addr(), 3, uintptr(deviceInfoSet), uintptr(memberIndex), uintptr(unsafe.Pointer(deviceInfoData))) + r1, _, e1 := syscall.SyscallN(procSetupDiEnumDeviceInfo.Addr(), uintptr(deviceInfoSet), uintptr(memberIndex), uintptr(unsafe.Pointer(deviceInfoData))) if r1 == 0 { err = errnoErr(e1) } @@ -3976,7 +3976,7 @@ func setupDiEnumDeviceInfo(deviceInfoSet DevInfo, memberIndex uint32, deviceInfo } func setupDiEnumDriverInfo(deviceInfoSet DevInfo, deviceInfoData *DevInfoData, driverType SPDIT, memberIndex uint32, driverInfoData *DrvInfoData) (err error) { - r1, _, e1 := syscall.Syscall6(procSetupDiEnumDriverInfoW.Addr(), 5, uintptr(deviceInfoSet), uintptr(unsafe.Pointer(deviceInfoData)), uintptr(driverType), uintptr(memberIndex), uintptr(unsafe.Pointer(driverInfoData)), 0) + r1, _, e1 := syscall.SyscallN(procSetupDiEnumDriverInfoW.Addr(), uintptr(deviceInfoSet), uintptr(unsafe.Pointer(deviceInfoData)), uintptr(driverType), uintptr(memberIndex), uintptr(unsafe.Pointer(driverInfoData))) if r1 == 0 { err = errnoErr(e1) } @@ -3984,7 +3984,7 @@ func setupDiEnumDriverInfo(deviceInfoSet DevInfo, deviceInfoData *DevInfoData, d } func setupDiGetClassDevsEx(classGUID *GUID, Enumerator *uint16, hwndParent uintptr, Flags DIGCF, deviceInfoSet DevInfo, machineName *uint16, reserved uintptr) (handle DevInfo, err error) { - r0, _, e1 := syscall.Syscall9(procSetupDiGetClassDevsExW.Addr(), 7, uintptr(unsafe.Pointer(classGUID)), uintptr(unsafe.Pointer(Enumerator)), uintptr(hwndParent), uintptr(Flags), uintptr(deviceInfoSet), uintptr(unsafe.Pointer(machineName)), uintptr(reserved), 0, 0) + r0, _, e1 := syscall.SyscallN(procSetupDiGetClassDevsExW.Addr(), uintptr(unsafe.Pointer(classGUID)), uintptr(unsafe.Pointer(Enumerator)), uintptr(hwndParent), uintptr(Flags), uintptr(deviceInfoSet), uintptr(unsafe.Pointer(machineName)), uintptr(reserved)) handle = DevInfo(r0) if handle == DevInfo(InvalidHandle) { err = errnoErr(e1) @@ -3993,7 +3993,7 @@ func setupDiGetClassDevsEx(classGUID *GUID, Enumerator *uint16, hwndParent uintp } func SetupDiGetClassInstallParams(deviceInfoSet DevInfo, deviceInfoData *DevInfoData, classInstallParams *ClassInstallHeader, classInstallParamsSize uint32, requiredSize *uint32) (err error) { - r1, _, e1 := syscall.Syscall6(procSetupDiGetClassInstallParamsW.Addr(), 5, uintptr(deviceInfoSet), uintptr(unsafe.Pointer(deviceInfoData)), uintptr(unsafe.Pointer(classInstallParams)), uintptr(classInstallParamsSize), uintptr(unsafe.Pointer(requiredSize)), 0) + r1, _, e1 := syscall.SyscallN(procSetupDiGetClassInstallParamsW.Addr(), uintptr(deviceInfoSet), uintptr(unsafe.Pointer(deviceInfoData)), uintptr(unsafe.Pointer(classInstallParams)), uintptr(classInstallParamsSize), uintptr(unsafe.Pointer(requiredSize))) if r1 == 0 { err = errnoErr(e1) } @@ -4001,7 +4001,7 @@ func SetupDiGetClassInstallParams(deviceInfoSet DevInfo, deviceInfoData *DevInfo } func setupDiGetDeviceInfoListDetail(deviceInfoSet DevInfo, deviceInfoSetDetailData *DevInfoListDetailData) (err error) { - r1, _, e1 := syscall.Syscall(procSetupDiGetDeviceInfoListDetailW.Addr(), 2, uintptr(deviceInfoSet), uintptr(unsafe.Pointer(deviceInfoSetDetailData)), 0) + r1, _, e1 := syscall.SyscallN(procSetupDiGetDeviceInfoListDetailW.Addr(), uintptr(deviceInfoSet), uintptr(unsafe.Pointer(deviceInfoSetDetailData))) if r1 == 0 { err = errnoErr(e1) } @@ -4009,7 +4009,7 @@ func setupDiGetDeviceInfoListDetail(deviceInfoSet DevInfo, deviceInfoSetDetailDa } func setupDiGetDeviceInstallParams(deviceInfoSet DevInfo, deviceInfoData *DevInfoData, deviceInstallParams *DevInstallParams) (err error) { - r1, _, e1 := syscall.Syscall(procSetupDiGetDeviceInstallParamsW.Addr(), 3, uintptr(deviceInfoSet), uintptr(unsafe.Pointer(deviceInfoData)), uintptr(unsafe.Pointer(deviceInstallParams))) + r1, _, e1 := syscall.SyscallN(procSetupDiGetDeviceInstallParamsW.Addr(), uintptr(deviceInfoSet), uintptr(unsafe.Pointer(deviceInfoData)), uintptr(unsafe.Pointer(deviceInstallParams))) if r1 == 0 { err = errnoErr(e1) } @@ -4017,7 +4017,7 @@ func setupDiGetDeviceInstallParams(deviceInfoSet DevInfo, deviceInfoData *DevInf } func setupDiGetDeviceInstanceId(deviceInfoSet DevInfo, deviceInfoData *DevInfoData, instanceId *uint16, instanceIdSize uint32, instanceIdRequiredSize *uint32) (err error) { - r1, _, e1 := syscall.Syscall6(procSetupDiGetDeviceInstanceIdW.Addr(), 5, uintptr(deviceInfoSet), uintptr(unsafe.Pointer(deviceInfoData)), uintptr(unsafe.Pointer(instanceId)), uintptr(instanceIdSize), uintptr(unsafe.Pointer(instanceIdRequiredSize)), 0) + r1, _, e1 := syscall.SyscallN(procSetupDiGetDeviceInstanceIdW.Addr(), uintptr(deviceInfoSet), uintptr(unsafe.Pointer(deviceInfoData)), uintptr(unsafe.Pointer(instanceId)), uintptr(instanceIdSize), uintptr(unsafe.Pointer(instanceIdRequiredSize))) if r1 == 0 { err = errnoErr(e1) } @@ -4025,7 +4025,7 @@ func setupDiGetDeviceInstanceId(deviceInfoSet DevInfo, deviceInfoData *DevInfoDa } func setupDiGetDeviceProperty(deviceInfoSet DevInfo, deviceInfoData *DevInfoData, propertyKey *DEVPROPKEY, propertyType *DEVPROPTYPE, propertyBuffer *byte, propertyBufferSize uint32, requiredSize *uint32, flags uint32) (err error) { - r1, _, e1 := syscall.Syscall9(procSetupDiGetDevicePropertyW.Addr(), 8, uintptr(deviceInfoSet), uintptr(unsafe.Pointer(deviceInfoData)), uintptr(unsafe.Pointer(propertyKey)), uintptr(unsafe.Pointer(propertyType)), uintptr(unsafe.Pointer(propertyBuffer)), uintptr(propertyBufferSize), uintptr(unsafe.Pointer(requiredSize)), uintptr(flags), 0) + r1, _, e1 := syscall.SyscallN(procSetupDiGetDevicePropertyW.Addr(), uintptr(deviceInfoSet), uintptr(unsafe.Pointer(deviceInfoData)), uintptr(unsafe.Pointer(propertyKey)), uintptr(unsafe.Pointer(propertyType)), uintptr(unsafe.Pointer(propertyBuffer)), uintptr(propertyBufferSize), uintptr(unsafe.Pointer(requiredSize)), uintptr(flags)) if r1 == 0 { err = errnoErr(e1) } @@ -4033,7 +4033,7 @@ func setupDiGetDeviceProperty(deviceInfoSet DevInfo, deviceInfoData *DevInfoData } func setupDiGetDeviceRegistryProperty(deviceInfoSet DevInfo, deviceInfoData *DevInfoData, property SPDRP, propertyRegDataType *uint32, propertyBuffer *byte, propertyBufferSize uint32, requiredSize *uint32) (err error) { - r1, _, e1 := syscall.Syscall9(procSetupDiGetDeviceRegistryPropertyW.Addr(), 7, uintptr(deviceInfoSet), uintptr(unsafe.Pointer(deviceInfoData)), uintptr(property), uintptr(unsafe.Pointer(propertyRegDataType)), uintptr(unsafe.Pointer(propertyBuffer)), uintptr(propertyBufferSize), uintptr(unsafe.Pointer(requiredSize)), 0, 0) + r1, _, e1 := syscall.SyscallN(procSetupDiGetDeviceRegistryPropertyW.Addr(), uintptr(deviceInfoSet), uintptr(unsafe.Pointer(deviceInfoData)), uintptr(property), uintptr(unsafe.Pointer(propertyRegDataType)), uintptr(unsafe.Pointer(propertyBuffer)), uintptr(propertyBufferSize), uintptr(unsafe.Pointer(requiredSize))) if r1 == 0 { err = errnoErr(e1) } @@ -4041,7 +4041,7 @@ func setupDiGetDeviceRegistryProperty(deviceInfoSet DevInfo, deviceInfoData *Dev } func setupDiGetDriverInfoDetail(deviceInfoSet DevInfo, deviceInfoData *DevInfoData, driverInfoData *DrvInfoData, driverInfoDetailData *DrvInfoDetailData, driverInfoDetailDataSize uint32, requiredSize *uint32) (err error) { - r1, _, e1 := syscall.Syscall6(procSetupDiGetDriverInfoDetailW.Addr(), 6, uintptr(deviceInfoSet), uintptr(unsafe.Pointer(deviceInfoData)), uintptr(unsafe.Pointer(driverInfoData)), uintptr(unsafe.Pointer(driverInfoDetailData)), uintptr(driverInfoDetailDataSize), uintptr(unsafe.Pointer(requiredSize))) + r1, _, e1 := syscall.SyscallN(procSetupDiGetDriverInfoDetailW.Addr(), uintptr(deviceInfoSet), uintptr(unsafe.Pointer(deviceInfoData)), uintptr(unsafe.Pointer(driverInfoData)), uintptr(unsafe.Pointer(driverInfoDetailData)), uintptr(driverInfoDetailDataSize), uintptr(unsafe.Pointer(requiredSize))) if r1 == 0 { err = errnoErr(e1) } @@ -4049,7 +4049,7 @@ func setupDiGetDriverInfoDetail(deviceInfoSet DevInfo, deviceInfoData *DevInfoDa } func setupDiGetSelectedDevice(deviceInfoSet DevInfo, deviceInfoData *DevInfoData) (err error) { - r1, _, e1 := syscall.Syscall(procSetupDiGetSelectedDevice.Addr(), 2, uintptr(deviceInfoSet), uintptr(unsafe.Pointer(deviceInfoData)), 0) + r1, _, e1 := syscall.SyscallN(procSetupDiGetSelectedDevice.Addr(), uintptr(deviceInfoSet), uintptr(unsafe.Pointer(deviceInfoData))) if r1 == 0 { err = errnoErr(e1) } @@ -4057,7 +4057,7 @@ func setupDiGetSelectedDevice(deviceInfoSet DevInfo, deviceInfoData *DevInfoData } func setupDiGetSelectedDriver(deviceInfoSet DevInfo, deviceInfoData *DevInfoData, driverInfoData *DrvInfoData) (err error) { - r1, _, e1 := syscall.Syscall(procSetupDiGetSelectedDriverW.Addr(), 3, uintptr(deviceInfoSet), uintptr(unsafe.Pointer(deviceInfoData)), uintptr(unsafe.Pointer(driverInfoData))) + r1, _, e1 := syscall.SyscallN(procSetupDiGetSelectedDriverW.Addr(), uintptr(deviceInfoSet), uintptr(unsafe.Pointer(deviceInfoData)), uintptr(unsafe.Pointer(driverInfoData))) if r1 == 0 { err = errnoErr(e1) } @@ -4065,7 +4065,7 @@ func setupDiGetSelectedDriver(deviceInfoSet DevInfo, deviceInfoData *DevInfoData } func SetupDiOpenDevRegKey(deviceInfoSet DevInfo, deviceInfoData *DevInfoData, Scope DICS_FLAG, HwProfile uint32, KeyType DIREG, samDesired uint32) (key Handle, err error) { - r0, _, e1 := syscall.Syscall6(procSetupDiOpenDevRegKey.Addr(), 6, uintptr(deviceInfoSet), uintptr(unsafe.Pointer(deviceInfoData)), uintptr(Scope), uintptr(HwProfile), uintptr(KeyType), uintptr(samDesired)) + r0, _, e1 := syscall.SyscallN(procSetupDiOpenDevRegKey.Addr(), uintptr(deviceInfoSet), uintptr(unsafe.Pointer(deviceInfoData)), uintptr(Scope), uintptr(HwProfile), uintptr(KeyType), uintptr(samDesired)) key = Handle(r0) if key == InvalidHandle { err = errnoErr(e1) @@ -4074,7 +4074,7 @@ func SetupDiOpenDevRegKey(deviceInfoSet DevInfo, deviceInfoData *DevInfoData, Sc } func SetupDiSetClassInstallParams(deviceInfoSet DevInfo, deviceInfoData *DevInfoData, classInstallParams *ClassInstallHeader, classInstallParamsSize uint32) (err error) { - r1, _, e1 := syscall.Syscall6(procSetupDiSetClassInstallParamsW.Addr(), 4, uintptr(deviceInfoSet), uintptr(unsafe.Pointer(deviceInfoData)), uintptr(unsafe.Pointer(classInstallParams)), uintptr(classInstallParamsSize), 0, 0) + r1, _, e1 := syscall.SyscallN(procSetupDiSetClassInstallParamsW.Addr(), uintptr(deviceInfoSet), uintptr(unsafe.Pointer(deviceInfoData)), uintptr(unsafe.Pointer(classInstallParams)), uintptr(classInstallParamsSize)) if r1 == 0 { err = errnoErr(e1) } @@ -4082,7 +4082,7 @@ func SetupDiSetClassInstallParams(deviceInfoSet DevInfo, deviceInfoData *DevInfo } func SetupDiSetDeviceInstallParams(deviceInfoSet DevInfo, deviceInfoData *DevInfoData, deviceInstallParams *DevInstallParams) (err error) { - r1, _, e1 := syscall.Syscall(procSetupDiSetDeviceInstallParamsW.Addr(), 3, uintptr(deviceInfoSet), uintptr(unsafe.Pointer(deviceInfoData)), uintptr(unsafe.Pointer(deviceInstallParams))) + r1, _, e1 := syscall.SyscallN(procSetupDiSetDeviceInstallParamsW.Addr(), uintptr(deviceInfoSet), uintptr(unsafe.Pointer(deviceInfoData)), uintptr(unsafe.Pointer(deviceInstallParams))) if r1 == 0 { err = errnoErr(e1) } @@ -4090,7 +4090,7 @@ func SetupDiSetDeviceInstallParams(deviceInfoSet DevInfo, deviceInfoData *DevInf } func setupDiSetDeviceRegistryProperty(deviceInfoSet DevInfo, deviceInfoData *DevInfoData, property SPDRP, propertyBuffer *byte, propertyBufferSize uint32) (err error) { - r1, _, e1 := syscall.Syscall6(procSetupDiSetDeviceRegistryPropertyW.Addr(), 5, uintptr(deviceInfoSet), uintptr(unsafe.Pointer(deviceInfoData)), uintptr(property), uintptr(unsafe.Pointer(propertyBuffer)), uintptr(propertyBufferSize), 0) + r1, _, e1 := syscall.SyscallN(procSetupDiSetDeviceRegistryPropertyW.Addr(), uintptr(deviceInfoSet), uintptr(unsafe.Pointer(deviceInfoData)), uintptr(property), uintptr(unsafe.Pointer(propertyBuffer)), uintptr(propertyBufferSize)) if r1 == 0 { err = errnoErr(e1) } @@ -4098,7 +4098,7 @@ func setupDiSetDeviceRegistryProperty(deviceInfoSet DevInfo, deviceInfoData *Dev } func SetupDiSetSelectedDevice(deviceInfoSet DevInfo, deviceInfoData *DevInfoData) (err error) { - r1, _, e1 := syscall.Syscall(procSetupDiSetSelectedDevice.Addr(), 2, uintptr(deviceInfoSet), uintptr(unsafe.Pointer(deviceInfoData)), 0) + r1, _, e1 := syscall.SyscallN(procSetupDiSetSelectedDevice.Addr(), uintptr(deviceInfoSet), uintptr(unsafe.Pointer(deviceInfoData))) if r1 == 0 { err = errnoErr(e1) } @@ -4106,7 +4106,7 @@ func SetupDiSetSelectedDevice(deviceInfoSet DevInfo, deviceInfoData *DevInfoData } func SetupDiSetSelectedDriver(deviceInfoSet DevInfo, deviceInfoData *DevInfoData, driverInfoData *DrvInfoData) (err error) { - r1, _, e1 := syscall.Syscall(procSetupDiSetSelectedDriverW.Addr(), 3, uintptr(deviceInfoSet), uintptr(unsafe.Pointer(deviceInfoData)), uintptr(unsafe.Pointer(driverInfoData))) + r1, _, e1 := syscall.SyscallN(procSetupDiSetSelectedDriverW.Addr(), uintptr(deviceInfoSet), uintptr(unsafe.Pointer(deviceInfoData)), uintptr(unsafe.Pointer(driverInfoData))) if r1 == 0 { err = errnoErr(e1) } @@ -4114,7 +4114,7 @@ func SetupDiSetSelectedDriver(deviceInfoSet DevInfo, deviceInfoData *DevInfoData } func setupUninstallOEMInf(infFileName *uint16, flags SUOI, reserved uintptr) (err error) { - r1, _, e1 := syscall.Syscall(procSetupUninstallOEMInfW.Addr(), 3, uintptr(unsafe.Pointer(infFileName)), uintptr(flags), uintptr(reserved)) + r1, _, e1 := syscall.SyscallN(procSetupUninstallOEMInfW.Addr(), uintptr(unsafe.Pointer(infFileName)), uintptr(flags), uintptr(reserved)) if r1 == 0 { err = errnoErr(e1) } @@ -4122,7 +4122,7 @@ func setupUninstallOEMInf(infFileName *uint16, flags SUOI, reserved uintptr) (er } func commandLineToArgv(cmd *uint16, argc *int32) (argv **uint16, err error) { - r0, _, e1 := syscall.Syscall(procCommandLineToArgvW.Addr(), 2, uintptr(unsafe.Pointer(cmd)), uintptr(unsafe.Pointer(argc)), 0) + r0, _, e1 := syscall.SyscallN(procCommandLineToArgvW.Addr(), uintptr(unsafe.Pointer(cmd)), uintptr(unsafe.Pointer(argc))) argv = (**uint16)(unsafe.Pointer(r0)) if argv == nil { err = errnoErr(e1) @@ -4131,7 +4131,7 @@ func commandLineToArgv(cmd *uint16, argc *int32) (argv **uint16, err error) { } func shGetKnownFolderPath(id *KNOWNFOLDERID, flags uint32, token Token, path **uint16) (ret error) { - r0, _, _ := syscall.Syscall6(procSHGetKnownFolderPath.Addr(), 4, uintptr(unsafe.Pointer(id)), uintptr(flags), uintptr(token), uintptr(unsafe.Pointer(path)), 0, 0) + r0, _, _ := syscall.SyscallN(procSHGetKnownFolderPath.Addr(), uintptr(unsafe.Pointer(id)), uintptr(flags), uintptr(token), uintptr(unsafe.Pointer(path))) if r0 != 0 { ret = syscall.Errno(r0) } @@ -4139,7 +4139,7 @@ func shGetKnownFolderPath(id *KNOWNFOLDERID, flags uint32, token Token, path **u } func ShellExecute(hwnd Handle, verb *uint16, file *uint16, args *uint16, cwd *uint16, showCmd int32) (err error) { - r1, _, e1 := syscall.Syscall6(procShellExecuteW.Addr(), 6, uintptr(hwnd), uintptr(unsafe.Pointer(verb)), uintptr(unsafe.Pointer(file)), uintptr(unsafe.Pointer(args)), uintptr(unsafe.Pointer(cwd)), uintptr(showCmd)) + r1, _, e1 := syscall.SyscallN(procShellExecuteW.Addr(), uintptr(hwnd), uintptr(unsafe.Pointer(verb)), uintptr(unsafe.Pointer(file)), uintptr(unsafe.Pointer(args)), uintptr(unsafe.Pointer(cwd)), uintptr(showCmd)) if r1 <= 32 { err = errnoErr(e1) } @@ -4147,12 +4147,12 @@ func ShellExecute(hwnd Handle, verb *uint16, file *uint16, args *uint16, cwd *ui } func EnumChildWindows(hwnd HWND, enumFunc uintptr, param unsafe.Pointer) { - syscall.Syscall(procEnumChildWindows.Addr(), 3, uintptr(hwnd), uintptr(enumFunc), uintptr(param)) + syscall.SyscallN(procEnumChildWindows.Addr(), uintptr(hwnd), uintptr(enumFunc), uintptr(param)) return } func EnumWindows(enumFunc uintptr, param unsafe.Pointer) (err error) { - r1, _, e1 := syscall.Syscall(procEnumWindows.Addr(), 2, uintptr(enumFunc), uintptr(param), 0) + r1, _, e1 := syscall.SyscallN(procEnumWindows.Addr(), uintptr(enumFunc), uintptr(param)) if r1 == 0 { err = errnoErr(e1) } @@ -4160,7 +4160,7 @@ func EnumWindows(enumFunc uintptr, param unsafe.Pointer) (err error) { } func ExitWindowsEx(flags uint32, reason uint32) (err error) { - r1, _, e1 := syscall.Syscall(procExitWindowsEx.Addr(), 2, uintptr(flags), uintptr(reason), 0) + r1, _, e1 := syscall.SyscallN(procExitWindowsEx.Addr(), uintptr(flags), uintptr(reason)) if r1 == 0 { err = errnoErr(e1) } @@ -4168,7 +4168,7 @@ func ExitWindowsEx(flags uint32, reason uint32) (err error) { } func GetClassName(hwnd HWND, className *uint16, maxCount int32) (copied int32, err error) { - r0, _, e1 := syscall.Syscall(procGetClassNameW.Addr(), 3, uintptr(hwnd), uintptr(unsafe.Pointer(className)), uintptr(maxCount)) + r0, _, e1 := syscall.SyscallN(procGetClassNameW.Addr(), uintptr(hwnd), uintptr(unsafe.Pointer(className)), uintptr(maxCount)) copied = int32(r0) if copied == 0 { err = errnoErr(e1) @@ -4177,19 +4177,19 @@ func GetClassName(hwnd HWND, className *uint16, maxCount int32) (copied int32, e } func GetDesktopWindow() (hwnd HWND) { - r0, _, _ := syscall.Syscall(procGetDesktopWindow.Addr(), 0, 0, 0, 0) + r0, _, _ := syscall.SyscallN(procGetDesktopWindow.Addr()) hwnd = HWND(r0) return } func GetForegroundWindow() (hwnd HWND) { - r0, _, _ := syscall.Syscall(procGetForegroundWindow.Addr(), 0, 0, 0, 0) + r0, _, _ := syscall.SyscallN(procGetForegroundWindow.Addr()) hwnd = HWND(r0) return } func GetGUIThreadInfo(thread uint32, info *GUIThreadInfo) (err error) { - r1, _, e1 := syscall.Syscall(procGetGUIThreadInfo.Addr(), 2, uintptr(thread), uintptr(unsafe.Pointer(info)), 0) + r1, _, e1 := syscall.SyscallN(procGetGUIThreadInfo.Addr(), uintptr(thread), uintptr(unsafe.Pointer(info))) if r1 == 0 { err = errnoErr(e1) } @@ -4197,19 +4197,19 @@ func GetGUIThreadInfo(thread uint32, info *GUIThreadInfo) (err error) { } func GetKeyboardLayout(tid uint32) (hkl Handle) { - r0, _, _ := syscall.Syscall(procGetKeyboardLayout.Addr(), 1, uintptr(tid), 0, 0) + r0, _, _ := syscall.SyscallN(procGetKeyboardLayout.Addr(), uintptr(tid)) hkl = Handle(r0) return } func GetShellWindow() (shellWindow HWND) { - r0, _, _ := syscall.Syscall(procGetShellWindow.Addr(), 0, 0, 0, 0) + r0, _, _ := syscall.SyscallN(procGetShellWindow.Addr()) shellWindow = HWND(r0) return } func GetWindowThreadProcessId(hwnd HWND, pid *uint32) (tid uint32, err error) { - r0, _, e1 := syscall.Syscall(procGetWindowThreadProcessId.Addr(), 2, uintptr(hwnd), uintptr(unsafe.Pointer(pid)), 0) + r0, _, e1 := syscall.SyscallN(procGetWindowThreadProcessId.Addr(), uintptr(hwnd), uintptr(unsafe.Pointer(pid))) tid = uint32(r0) if tid == 0 { err = errnoErr(e1) @@ -4218,25 +4218,25 @@ func GetWindowThreadProcessId(hwnd HWND, pid *uint32) (tid uint32, err error) { } func IsWindow(hwnd HWND) (isWindow bool) { - r0, _, _ := syscall.Syscall(procIsWindow.Addr(), 1, uintptr(hwnd), 0, 0) + r0, _, _ := syscall.SyscallN(procIsWindow.Addr(), uintptr(hwnd)) isWindow = r0 != 0 return } func IsWindowUnicode(hwnd HWND) (isUnicode bool) { - r0, _, _ := syscall.Syscall(procIsWindowUnicode.Addr(), 1, uintptr(hwnd), 0, 0) + r0, _, _ := syscall.SyscallN(procIsWindowUnicode.Addr(), uintptr(hwnd)) isUnicode = r0 != 0 return } func IsWindowVisible(hwnd HWND) (isVisible bool) { - r0, _, _ := syscall.Syscall(procIsWindowVisible.Addr(), 1, uintptr(hwnd), 0, 0) + r0, _, _ := syscall.SyscallN(procIsWindowVisible.Addr(), uintptr(hwnd)) isVisible = r0 != 0 return } func LoadKeyboardLayout(name *uint16, flags uint32) (hkl Handle, err error) { - r0, _, e1 := syscall.Syscall(procLoadKeyboardLayoutW.Addr(), 2, uintptr(unsafe.Pointer(name)), uintptr(flags), 0) + r0, _, e1 := syscall.SyscallN(procLoadKeyboardLayoutW.Addr(), uintptr(unsafe.Pointer(name)), uintptr(flags)) hkl = Handle(r0) if hkl == 0 { err = errnoErr(e1) @@ -4245,7 +4245,7 @@ func LoadKeyboardLayout(name *uint16, flags uint32) (hkl Handle, err error) { } func MessageBox(hwnd HWND, text *uint16, caption *uint16, boxtype uint32) (ret int32, err error) { - r0, _, e1 := syscall.Syscall6(procMessageBoxW.Addr(), 4, uintptr(hwnd), uintptr(unsafe.Pointer(text)), uintptr(unsafe.Pointer(caption)), uintptr(boxtype), 0, 0) + r0, _, e1 := syscall.SyscallN(procMessageBoxW.Addr(), uintptr(hwnd), uintptr(unsafe.Pointer(text)), uintptr(unsafe.Pointer(caption)), uintptr(boxtype)) ret = int32(r0) if ret == 0 { err = errnoErr(e1) @@ -4254,13 +4254,13 @@ func MessageBox(hwnd HWND, text *uint16, caption *uint16, boxtype uint32) (ret i } func ToUnicodeEx(vkey uint32, scancode uint32, keystate *byte, pwszBuff *uint16, cchBuff int32, flags uint32, hkl Handle) (ret int32) { - r0, _, _ := syscall.Syscall9(procToUnicodeEx.Addr(), 7, uintptr(vkey), uintptr(scancode), uintptr(unsafe.Pointer(keystate)), uintptr(unsafe.Pointer(pwszBuff)), uintptr(cchBuff), uintptr(flags), uintptr(hkl), 0, 0) + r0, _, _ := syscall.SyscallN(procToUnicodeEx.Addr(), uintptr(vkey), uintptr(scancode), uintptr(unsafe.Pointer(keystate)), uintptr(unsafe.Pointer(pwszBuff)), uintptr(cchBuff), uintptr(flags), uintptr(hkl)) ret = int32(r0) return } func UnloadKeyboardLayout(hkl Handle) (err error) { - r1, _, e1 := syscall.Syscall(procUnloadKeyboardLayout.Addr(), 1, uintptr(hkl), 0, 0) + r1, _, e1 := syscall.SyscallN(procUnloadKeyboardLayout.Addr(), uintptr(hkl)) if r1 == 0 { err = errnoErr(e1) } @@ -4272,7 +4272,7 @@ func CreateEnvironmentBlock(block **uint16, token Token, inheritExisting bool) ( if inheritExisting { _p0 = 1 } - r1, _, e1 := syscall.Syscall(procCreateEnvironmentBlock.Addr(), 3, uintptr(unsafe.Pointer(block)), uintptr(token), uintptr(_p0)) + r1, _, e1 := syscall.SyscallN(procCreateEnvironmentBlock.Addr(), uintptr(unsafe.Pointer(block)), uintptr(token), uintptr(_p0)) if r1 == 0 { err = errnoErr(e1) } @@ -4280,7 +4280,7 @@ func CreateEnvironmentBlock(block **uint16, token Token, inheritExisting bool) ( } func DestroyEnvironmentBlock(block *uint16) (err error) { - r1, _, e1 := syscall.Syscall(procDestroyEnvironmentBlock.Addr(), 1, uintptr(unsafe.Pointer(block)), 0, 0) + r1, _, e1 := syscall.SyscallN(procDestroyEnvironmentBlock.Addr(), uintptr(unsafe.Pointer(block))) if r1 == 0 { err = errnoErr(e1) } @@ -4288,7 +4288,7 @@ func DestroyEnvironmentBlock(block *uint16) (err error) { } func GetUserProfileDirectory(t Token, dir *uint16, dirLen *uint32) (err error) { - r1, _, e1 := syscall.Syscall(procGetUserProfileDirectoryW.Addr(), 3, uintptr(t), uintptr(unsafe.Pointer(dir)), uintptr(unsafe.Pointer(dirLen))) + r1, _, e1 := syscall.SyscallN(procGetUserProfileDirectoryW.Addr(), uintptr(t), uintptr(unsafe.Pointer(dir)), uintptr(unsafe.Pointer(dirLen))) if r1 == 0 { err = errnoErr(e1) } @@ -4305,7 +4305,7 @@ func GetFileVersionInfoSize(filename string, zeroHandle *Handle) (bufSize uint32 } func _GetFileVersionInfoSize(filename *uint16, zeroHandle *Handle) (bufSize uint32, err error) { - r0, _, e1 := syscall.Syscall(procGetFileVersionInfoSizeW.Addr(), 2, uintptr(unsafe.Pointer(filename)), uintptr(unsafe.Pointer(zeroHandle)), 0) + r0, _, e1 := syscall.SyscallN(procGetFileVersionInfoSizeW.Addr(), uintptr(unsafe.Pointer(filename)), uintptr(unsafe.Pointer(zeroHandle))) bufSize = uint32(r0) if bufSize == 0 { err = errnoErr(e1) @@ -4323,7 +4323,7 @@ func GetFileVersionInfo(filename string, handle uint32, bufSize uint32, buffer u } func _GetFileVersionInfo(filename *uint16, handle uint32, bufSize uint32, buffer unsafe.Pointer) (err error) { - r1, _, e1 := syscall.Syscall6(procGetFileVersionInfoW.Addr(), 4, uintptr(unsafe.Pointer(filename)), uintptr(handle), uintptr(bufSize), uintptr(buffer), 0, 0) + r1, _, e1 := syscall.SyscallN(procGetFileVersionInfoW.Addr(), uintptr(unsafe.Pointer(filename)), uintptr(handle), uintptr(bufSize), uintptr(buffer)) if r1 == 0 { err = errnoErr(e1) } @@ -4340,7 +4340,7 @@ func VerQueryValue(block unsafe.Pointer, subBlock string, pointerToBufferPointer } func _VerQueryValue(block unsafe.Pointer, subBlock *uint16, pointerToBufferPointer unsafe.Pointer, bufSize *uint32) (err error) { - r1, _, e1 := syscall.Syscall6(procVerQueryValueW.Addr(), 4, uintptr(block), uintptr(unsafe.Pointer(subBlock)), uintptr(pointerToBufferPointer), uintptr(unsafe.Pointer(bufSize)), 0, 0) + r1, _, e1 := syscall.SyscallN(procVerQueryValueW.Addr(), uintptr(block), uintptr(unsafe.Pointer(subBlock)), uintptr(pointerToBufferPointer), uintptr(unsafe.Pointer(bufSize))) if r1 == 0 { err = errnoErr(e1) } @@ -4348,7 +4348,7 @@ func _VerQueryValue(block unsafe.Pointer, subBlock *uint16, pointerToBufferPoint } func TimeBeginPeriod(period uint32) (err error) { - r1, _, e1 := syscall.Syscall(proctimeBeginPeriod.Addr(), 1, uintptr(period), 0, 0) + r1, _, e1 := syscall.SyscallN(proctimeBeginPeriod.Addr(), uintptr(period)) if r1 != 0 { err = errnoErr(e1) } @@ -4356,7 +4356,7 @@ func TimeBeginPeriod(period uint32) (err error) { } func TimeEndPeriod(period uint32) (err error) { - r1, _, e1 := syscall.Syscall(proctimeEndPeriod.Addr(), 1, uintptr(period), 0, 0) + r1, _, e1 := syscall.SyscallN(proctimeEndPeriod.Addr(), uintptr(period)) if r1 != 0 { err = errnoErr(e1) } @@ -4364,7 +4364,7 @@ func TimeEndPeriod(period uint32) (err error) { } func WinVerifyTrustEx(hwnd HWND, actionId *GUID, data *WinTrustData) (ret error) { - r0, _, _ := syscall.Syscall(procWinVerifyTrustEx.Addr(), 3, uintptr(hwnd), uintptr(unsafe.Pointer(actionId)), uintptr(unsafe.Pointer(data))) + r0, _, _ := syscall.SyscallN(procWinVerifyTrustEx.Addr(), uintptr(hwnd), uintptr(unsafe.Pointer(actionId)), uintptr(unsafe.Pointer(data))) if r0 != 0 { ret = syscall.Errno(r0) } @@ -4372,12 +4372,12 @@ func WinVerifyTrustEx(hwnd HWND, actionId *GUID, data *WinTrustData) (ret error) } func FreeAddrInfoW(addrinfo *AddrinfoW) { - syscall.Syscall(procFreeAddrInfoW.Addr(), 1, uintptr(unsafe.Pointer(addrinfo)), 0, 0) + syscall.SyscallN(procFreeAddrInfoW.Addr(), uintptr(unsafe.Pointer(addrinfo))) return } func GetAddrInfoW(nodename *uint16, servicename *uint16, hints *AddrinfoW, result **AddrinfoW) (sockerr error) { - r0, _, _ := syscall.Syscall6(procGetAddrInfoW.Addr(), 4, uintptr(unsafe.Pointer(nodename)), uintptr(unsafe.Pointer(servicename)), uintptr(unsafe.Pointer(hints)), uintptr(unsafe.Pointer(result)), 0, 0) + r0, _, _ := syscall.SyscallN(procGetAddrInfoW.Addr(), uintptr(unsafe.Pointer(nodename)), uintptr(unsafe.Pointer(servicename)), uintptr(unsafe.Pointer(hints)), uintptr(unsafe.Pointer(result))) if r0 != 0 { sockerr = syscall.Errno(r0) } @@ -4385,7 +4385,7 @@ func GetAddrInfoW(nodename *uint16, servicename *uint16, hints *AddrinfoW, resul } func WSACleanup() (err error) { - r1, _, e1 := syscall.Syscall(procWSACleanup.Addr(), 0, 0, 0, 0) + r1, _, e1 := syscall.SyscallN(procWSACleanup.Addr()) if r1 == socket_error { err = errnoErr(e1) } @@ -4393,7 +4393,7 @@ func WSACleanup() (err error) { } func WSADuplicateSocket(s Handle, processID uint32, info *WSAProtocolInfo) (err error) { - r1, _, e1 := syscall.Syscall(procWSADuplicateSocketW.Addr(), 3, uintptr(s), uintptr(processID), uintptr(unsafe.Pointer(info))) + r1, _, e1 := syscall.SyscallN(procWSADuplicateSocketW.Addr(), uintptr(s), uintptr(processID), uintptr(unsafe.Pointer(info))) if r1 != 0 { err = errnoErr(e1) } @@ -4401,7 +4401,7 @@ func WSADuplicateSocket(s Handle, processID uint32, info *WSAProtocolInfo) (err } func WSAEnumProtocols(protocols *int32, protocolBuffer *WSAProtocolInfo, bufferLength *uint32) (n int32, err error) { - r0, _, e1 := syscall.Syscall(procWSAEnumProtocolsW.Addr(), 3, uintptr(unsafe.Pointer(protocols)), uintptr(unsafe.Pointer(protocolBuffer)), uintptr(unsafe.Pointer(bufferLength))) + r0, _, e1 := syscall.SyscallN(procWSAEnumProtocolsW.Addr(), uintptr(unsafe.Pointer(protocols)), uintptr(unsafe.Pointer(protocolBuffer)), uintptr(unsafe.Pointer(bufferLength))) n = int32(r0) if n == -1 { err = errnoErr(e1) @@ -4414,7 +4414,7 @@ func WSAGetOverlappedResult(h Handle, o *Overlapped, bytes *uint32, wait bool, f if wait { _p0 = 1 } - r1, _, e1 := syscall.Syscall6(procWSAGetOverlappedResult.Addr(), 5, uintptr(h), uintptr(unsafe.Pointer(o)), uintptr(unsafe.Pointer(bytes)), uintptr(_p0), uintptr(unsafe.Pointer(flags)), 0) + r1, _, e1 := syscall.SyscallN(procWSAGetOverlappedResult.Addr(), uintptr(h), uintptr(unsafe.Pointer(o)), uintptr(unsafe.Pointer(bytes)), uintptr(_p0), uintptr(unsafe.Pointer(flags))) if r1 == 0 { err = errnoErr(e1) } @@ -4422,7 +4422,7 @@ func WSAGetOverlappedResult(h Handle, o *Overlapped, bytes *uint32, wait bool, f } func WSAIoctl(s Handle, iocc uint32, inbuf *byte, cbif uint32, outbuf *byte, cbob uint32, cbbr *uint32, overlapped *Overlapped, completionRoutine uintptr) (err error) { - r1, _, e1 := syscall.Syscall9(procWSAIoctl.Addr(), 9, uintptr(s), uintptr(iocc), uintptr(unsafe.Pointer(inbuf)), uintptr(cbif), uintptr(unsafe.Pointer(outbuf)), uintptr(cbob), uintptr(unsafe.Pointer(cbbr)), uintptr(unsafe.Pointer(overlapped)), uintptr(completionRoutine)) + r1, _, e1 := syscall.SyscallN(procWSAIoctl.Addr(), uintptr(s), uintptr(iocc), uintptr(unsafe.Pointer(inbuf)), uintptr(cbif), uintptr(unsafe.Pointer(outbuf)), uintptr(cbob), uintptr(unsafe.Pointer(cbbr)), uintptr(unsafe.Pointer(overlapped)), uintptr(completionRoutine)) if r1 == socket_error { err = errnoErr(e1) } @@ -4430,7 +4430,7 @@ func WSAIoctl(s Handle, iocc uint32, inbuf *byte, cbif uint32, outbuf *byte, cbo } func WSALookupServiceBegin(querySet *WSAQUERYSET, flags uint32, handle *Handle) (err error) { - r1, _, e1 := syscall.Syscall(procWSALookupServiceBeginW.Addr(), 3, uintptr(unsafe.Pointer(querySet)), uintptr(flags), uintptr(unsafe.Pointer(handle))) + r1, _, e1 := syscall.SyscallN(procWSALookupServiceBeginW.Addr(), uintptr(unsafe.Pointer(querySet)), uintptr(flags), uintptr(unsafe.Pointer(handle))) if r1 == socket_error { err = errnoErr(e1) } @@ -4438,7 +4438,7 @@ func WSALookupServiceBegin(querySet *WSAQUERYSET, flags uint32, handle *Handle) } func WSALookupServiceEnd(handle Handle) (err error) { - r1, _, e1 := syscall.Syscall(procWSALookupServiceEnd.Addr(), 1, uintptr(handle), 0, 0) + r1, _, e1 := syscall.SyscallN(procWSALookupServiceEnd.Addr(), uintptr(handle)) if r1 == socket_error { err = errnoErr(e1) } @@ -4446,7 +4446,7 @@ func WSALookupServiceEnd(handle Handle) (err error) { } func WSALookupServiceNext(handle Handle, flags uint32, size *int32, querySet *WSAQUERYSET) (err error) { - r1, _, e1 := syscall.Syscall6(procWSALookupServiceNextW.Addr(), 4, uintptr(handle), uintptr(flags), uintptr(unsafe.Pointer(size)), uintptr(unsafe.Pointer(querySet)), 0, 0) + r1, _, e1 := syscall.SyscallN(procWSALookupServiceNextW.Addr(), uintptr(handle), uintptr(flags), uintptr(unsafe.Pointer(size)), uintptr(unsafe.Pointer(querySet))) if r1 == socket_error { err = errnoErr(e1) } @@ -4454,7 +4454,7 @@ func WSALookupServiceNext(handle Handle, flags uint32, size *int32, querySet *WS } func WSARecv(s Handle, bufs *WSABuf, bufcnt uint32, recvd *uint32, flags *uint32, overlapped *Overlapped, croutine *byte) (err error) { - r1, _, e1 := syscall.Syscall9(procWSARecv.Addr(), 7, uintptr(s), uintptr(unsafe.Pointer(bufs)), uintptr(bufcnt), uintptr(unsafe.Pointer(recvd)), uintptr(unsafe.Pointer(flags)), uintptr(unsafe.Pointer(overlapped)), uintptr(unsafe.Pointer(croutine)), 0, 0) + r1, _, e1 := syscall.SyscallN(procWSARecv.Addr(), uintptr(s), uintptr(unsafe.Pointer(bufs)), uintptr(bufcnt), uintptr(unsafe.Pointer(recvd)), uintptr(unsafe.Pointer(flags)), uintptr(unsafe.Pointer(overlapped)), uintptr(unsafe.Pointer(croutine))) if r1 == socket_error { err = errnoErr(e1) } @@ -4462,7 +4462,7 @@ func WSARecv(s Handle, bufs *WSABuf, bufcnt uint32, recvd *uint32, flags *uint32 } func WSARecvFrom(s Handle, bufs *WSABuf, bufcnt uint32, recvd *uint32, flags *uint32, from *RawSockaddrAny, fromlen *int32, overlapped *Overlapped, croutine *byte) (err error) { - r1, _, e1 := syscall.Syscall9(procWSARecvFrom.Addr(), 9, uintptr(s), uintptr(unsafe.Pointer(bufs)), uintptr(bufcnt), uintptr(unsafe.Pointer(recvd)), uintptr(unsafe.Pointer(flags)), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)), uintptr(unsafe.Pointer(overlapped)), uintptr(unsafe.Pointer(croutine))) + r1, _, e1 := syscall.SyscallN(procWSARecvFrom.Addr(), uintptr(s), uintptr(unsafe.Pointer(bufs)), uintptr(bufcnt), uintptr(unsafe.Pointer(recvd)), uintptr(unsafe.Pointer(flags)), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)), uintptr(unsafe.Pointer(overlapped)), uintptr(unsafe.Pointer(croutine))) if r1 == socket_error { err = errnoErr(e1) } @@ -4470,7 +4470,7 @@ func WSARecvFrom(s Handle, bufs *WSABuf, bufcnt uint32, recvd *uint32, flags *ui } func WSASend(s Handle, bufs *WSABuf, bufcnt uint32, sent *uint32, flags uint32, overlapped *Overlapped, croutine *byte) (err error) { - r1, _, e1 := syscall.Syscall9(procWSASend.Addr(), 7, uintptr(s), uintptr(unsafe.Pointer(bufs)), uintptr(bufcnt), uintptr(unsafe.Pointer(sent)), uintptr(flags), uintptr(unsafe.Pointer(overlapped)), uintptr(unsafe.Pointer(croutine)), 0, 0) + r1, _, e1 := syscall.SyscallN(procWSASend.Addr(), uintptr(s), uintptr(unsafe.Pointer(bufs)), uintptr(bufcnt), uintptr(unsafe.Pointer(sent)), uintptr(flags), uintptr(unsafe.Pointer(overlapped)), uintptr(unsafe.Pointer(croutine))) if r1 == socket_error { err = errnoErr(e1) } @@ -4478,7 +4478,7 @@ func WSASend(s Handle, bufs *WSABuf, bufcnt uint32, sent *uint32, flags uint32, } func WSASendTo(s Handle, bufs *WSABuf, bufcnt uint32, sent *uint32, flags uint32, to *RawSockaddrAny, tolen int32, overlapped *Overlapped, croutine *byte) (err error) { - r1, _, e1 := syscall.Syscall9(procWSASendTo.Addr(), 9, uintptr(s), uintptr(unsafe.Pointer(bufs)), uintptr(bufcnt), uintptr(unsafe.Pointer(sent)), uintptr(flags), uintptr(unsafe.Pointer(to)), uintptr(tolen), uintptr(unsafe.Pointer(overlapped)), uintptr(unsafe.Pointer(croutine))) + r1, _, e1 := syscall.SyscallN(procWSASendTo.Addr(), uintptr(s), uintptr(unsafe.Pointer(bufs)), uintptr(bufcnt), uintptr(unsafe.Pointer(sent)), uintptr(flags), uintptr(unsafe.Pointer(to)), uintptr(tolen), uintptr(unsafe.Pointer(overlapped)), uintptr(unsafe.Pointer(croutine))) if r1 == socket_error { err = errnoErr(e1) } @@ -4486,7 +4486,7 @@ func WSASendTo(s Handle, bufs *WSABuf, bufcnt uint32, sent *uint32, flags uint32 } func WSASocket(af int32, typ int32, protocol int32, protoInfo *WSAProtocolInfo, group uint32, flags uint32) (handle Handle, err error) { - r0, _, e1 := syscall.Syscall6(procWSASocketW.Addr(), 6, uintptr(af), uintptr(typ), uintptr(protocol), uintptr(unsafe.Pointer(protoInfo)), uintptr(group), uintptr(flags)) + r0, _, e1 := syscall.SyscallN(procWSASocketW.Addr(), uintptr(af), uintptr(typ), uintptr(protocol), uintptr(unsafe.Pointer(protoInfo)), uintptr(group), uintptr(flags)) handle = Handle(r0) if handle == InvalidHandle { err = errnoErr(e1) @@ -4495,7 +4495,7 @@ func WSASocket(af int32, typ int32, protocol int32, protoInfo *WSAProtocolInfo, } func WSAStartup(verreq uint32, data *WSAData) (sockerr error) { - r0, _, _ := syscall.Syscall(procWSAStartup.Addr(), 2, uintptr(verreq), uintptr(unsafe.Pointer(data)), 0) + r0, _, _ := syscall.SyscallN(procWSAStartup.Addr(), uintptr(verreq), uintptr(unsafe.Pointer(data))) if r0 != 0 { sockerr = syscall.Errno(r0) } @@ -4503,7 +4503,7 @@ func WSAStartup(verreq uint32, data *WSAData) (sockerr error) { } func bind(s Handle, name unsafe.Pointer, namelen int32) (err error) { - r1, _, e1 := syscall.Syscall(procbind.Addr(), 3, uintptr(s), uintptr(name), uintptr(namelen)) + r1, _, e1 := syscall.SyscallN(procbind.Addr(), uintptr(s), uintptr(name), uintptr(namelen)) if r1 == socket_error { err = errnoErr(e1) } @@ -4511,7 +4511,7 @@ func bind(s Handle, name unsafe.Pointer, namelen int32) (err error) { } func Closesocket(s Handle) (err error) { - r1, _, e1 := syscall.Syscall(procclosesocket.Addr(), 1, uintptr(s), 0, 0) + r1, _, e1 := syscall.SyscallN(procclosesocket.Addr(), uintptr(s)) if r1 == socket_error { err = errnoErr(e1) } @@ -4519,7 +4519,7 @@ func Closesocket(s Handle) (err error) { } func connect(s Handle, name unsafe.Pointer, namelen int32) (err error) { - r1, _, e1 := syscall.Syscall(procconnect.Addr(), 3, uintptr(s), uintptr(name), uintptr(namelen)) + r1, _, e1 := syscall.SyscallN(procconnect.Addr(), uintptr(s), uintptr(name), uintptr(namelen)) if r1 == socket_error { err = errnoErr(e1) } @@ -4536,7 +4536,7 @@ func GetHostByName(name string) (h *Hostent, err error) { } func _GetHostByName(name *byte) (h *Hostent, err error) { - r0, _, e1 := syscall.Syscall(procgethostbyname.Addr(), 1, uintptr(unsafe.Pointer(name)), 0, 0) + r0, _, e1 := syscall.SyscallN(procgethostbyname.Addr(), uintptr(unsafe.Pointer(name))) h = (*Hostent)(unsafe.Pointer(r0)) if h == nil { err = errnoErr(e1) @@ -4545,7 +4545,7 @@ func _GetHostByName(name *byte) (h *Hostent, err error) { } func getpeername(s Handle, rsa *RawSockaddrAny, addrlen *int32) (err error) { - r1, _, e1 := syscall.Syscall(procgetpeername.Addr(), 3, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) + r1, _, e1 := syscall.SyscallN(procgetpeername.Addr(), uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) if r1 == socket_error { err = errnoErr(e1) } @@ -4562,7 +4562,7 @@ func GetProtoByName(name string) (p *Protoent, err error) { } func _GetProtoByName(name *byte) (p *Protoent, err error) { - r0, _, e1 := syscall.Syscall(procgetprotobyname.Addr(), 1, uintptr(unsafe.Pointer(name)), 0, 0) + r0, _, e1 := syscall.SyscallN(procgetprotobyname.Addr(), uintptr(unsafe.Pointer(name))) p = (*Protoent)(unsafe.Pointer(r0)) if p == nil { err = errnoErr(e1) @@ -4585,7 +4585,7 @@ func GetServByName(name string, proto string) (s *Servent, err error) { } func _GetServByName(name *byte, proto *byte) (s *Servent, err error) { - r0, _, e1 := syscall.Syscall(procgetservbyname.Addr(), 2, uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(proto)), 0) + r0, _, e1 := syscall.SyscallN(procgetservbyname.Addr(), uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(proto))) s = (*Servent)(unsafe.Pointer(r0)) if s == nil { err = errnoErr(e1) @@ -4594,7 +4594,7 @@ func _GetServByName(name *byte, proto *byte) (s *Servent, err error) { } func getsockname(s Handle, rsa *RawSockaddrAny, addrlen *int32) (err error) { - r1, _, e1 := syscall.Syscall(procgetsockname.Addr(), 3, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) + r1, _, e1 := syscall.SyscallN(procgetsockname.Addr(), uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) if r1 == socket_error { err = errnoErr(e1) } @@ -4602,7 +4602,7 @@ func getsockname(s Handle, rsa *RawSockaddrAny, addrlen *int32) (err error) { } func Getsockopt(s Handle, level int32, optname int32, optval *byte, optlen *int32) (err error) { - r1, _, e1 := syscall.Syscall6(procgetsockopt.Addr(), 5, uintptr(s), uintptr(level), uintptr(optname), uintptr(unsafe.Pointer(optval)), uintptr(unsafe.Pointer(optlen)), 0) + r1, _, e1 := syscall.SyscallN(procgetsockopt.Addr(), uintptr(s), uintptr(level), uintptr(optname), uintptr(unsafe.Pointer(optval)), uintptr(unsafe.Pointer(optlen))) if r1 == socket_error { err = errnoErr(e1) } @@ -4610,7 +4610,7 @@ func Getsockopt(s Handle, level int32, optname int32, optval *byte, optlen *int3 } func listen(s Handle, backlog int32) (err error) { - r1, _, e1 := syscall.Syscall(proclisten.Addr(), 2, uintptr(s), uintptr(backlog), 0) + r1, _, e1 := syscall.SyscallN(proclisten.Addr(), uintptr(s), uintptr(backlog)) if r1 == socket_error { err = errnoErr(e1) } @@ -4618,7 +4618,7 @@ func listen(s Handle, backlog int32) (err error) { } func Ntohs(netshort uint16) (u uint16) { - r0, _, _ := syscall.Syscall(procntohs.Addr(), 1, uintptr(netshort), 0, 0) + r0, _, _ := syscall.SyscallN(procntohs.Addr(), uintptr(netshort)) u = uint16(r0) return } @@ -4628,7 +4628,7 @@ func recvfrom(s Handle, buf []byte, flags int32, from *RawSockaddrAny, fromlen * if len(buf) > 0 { _p0 = &buf[0] } - r0, _, e1 := syscall.Syscall6(procrecvfrom.Addr(), 6, uintptr(s), uintptr(unsafe.Pointer(_p0)), uintptr(len(buf)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen))) + r0, _, e1 := syscall.SyscallN(procrecvfrom.Addr(), uintptr(s), uintptr(unsafe.Pointer(_p0)), uintptr(len(buf)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen))) n = int32(r0) if n == -1 { err = errnoErr(e1) @@ -4641,7 +4641,7 @@ func sendto(s Handle, buf []byte, flags int32, to unsafe.Pointer, tolen int32) ( if len(buf) > 0 { _p0 = &buf[0] } - r1, _, e1 := syscall.Syscall6(procsendto.Addr(), 6, uintptr(s), uintptr(unsafe.Pointer(_p0)), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(tolen)) + r1, _, e1 := syscall.SyscallN(procsendto.Addr(), uintptr(s), uintptr(unsafe.Pointer(_p0)), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(tolen)) if r1 == socket_error { err = errnoErr(e1) } @@ -4649,7 +4649,7 @@ func sendto(s Handle, buf []byte, flags int32, to unsafe.Pointer, tolen int32) ( } func Setsockopt(s Handle, level int32, optname int32, optval *byte, optlen int32) (err error) { - r1, _, e1 := syscall.Syscall6(procsetsockopt.Addr(), 5, uintptr(s), uintptr(level), uintptr(optname), uintptr(unsafe.Pointer(optval)), uintptr(optlen), 0) + r1, _, e1 := syscall.SyscallN(procsetsockopt.Addr(), uintptr(s), uintptr(level), uintptr(optname), uintptr(unsafe.Pointer(optval)), uintptr(optlen)) if r1 == socket_error { err = errnoErr(e1) } @@ -4657,7 +4657,7 @@ func Setsockopt(s Handle, level int32, optname int32, optval *byte, optlen int32 } func shutdown(s Handle, how int32) (err error) { - r1, _, e1 := syscall.Syscall(procshutdown.Addr(), 2, uintptr(s), uintptr(how), 0) + r1, _, e1 := syscall.SyscallN(procshutdown.Addr(), uintptr(s), uintptr(how)) if r1 == socket_error { err = errnoErr(e1) } @@ -4665,7 +4665,7 @@ func shutdown(s Handle, how int32) (err error) { } func socket(af int32, typ int32, protocol int32) (handle Handle, err error) { - r0, _, e1 := syscall.Syscall(procsocket.Addr(), 3, uintptr(af), uintptr(typ), uintptr(protocol)) + r0, _, e1 := syscall.SyscallN(procsocket.Addr(), uintptr(af), uintptr(typ), uintptr(protocol)) handle = Handle(r0) if handle == InvalidHandle { err = errnoErr(e1) @@ -4674,7 +4674,7 @@ func socket(af int32, typ int32, protocol int32) (handle Handle, err error) { } func WTSEnumerateSessions(handle Handle, reserved uint32, version uint32, sessions **WTS_SESSION_INFO, count *uint32) (err error) { - r1, _, e1 := syscall.Syscall6(procWTSEnumerateSessionsW.Addr(), 5, uintptr(handle), uintptr(reserved), uintptr(version), uintptr(unsafe.Pointer(sessions)), uintptr(unsafe.Pointer(count)), 0) + r1, _, e1 := syscall.SyscallN(procWTSEnumerateSessionsW.Addr(), uintptr(handle), uintptr(reserved), uintptr(version), uintptr(unsafe.Pointer(sessions)), uintptr(unsafe.Pointer(count))) if r1 == 0 { err = errnoErr(e1) } @@ -4682,12 +4682,12 @@ func WTSEnumerateSessions(handle Handle, reserved uint32, version uint32, sessio } func WTSFreeMemory(ptr uintptr) { - syscall.Syscall(procWTSFreeMemory.Addr(), 1, uintptr(ptr), 0, 0) + syscall.SyscallN(procWTSFreeMemory.Addr(), uintptr(ptr)) return } func WTSQueryUserToken(session uint32, token *Token) (err error) { - r1, _, e1 := syscall.Syscall(procWTSQueryUserToken.Addr(), 2, uintptr(session), uintptr(unsafe.Pointer(token)), 0) + r1, _, e1 := syscall.SyscallN(procWTSQueryUserToken.Addr(), uintptr(session), uintptr(unsafe.Pointer(token))) if r1 == 0 { err = errnoErr(e1) } diff --git a/vendor/modules.txt b/vendor/modules.txt index 56c8177ebbc..4728393cd9f 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -94,8 +94,8 @@ github.com/vishvananda/netns # golang.org/x/net v0.43.0 ## explicit; go 1.23.0 golang.org/x/net/bpf -# golang.org/x/sys v0.35.0 -## explicit; go 1.23.0 +# golang.org/x/sys v0.36.0 +## explicit; go 1.24.0 golang.org/x/sys/unix golang.org/x/sys/windows # google.golang.org/protobuf v1.36.8 From cbf8a4d933930103994e67b93c614bd1d249d5c0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 10 Sep 2025 04:02:44 +0000 Subject: [PATCH 1023/1176] build(deps): bump google.golang.org/protobuf from 1.36.8 to 1.36.9 Bumps google.golang.org/protobuf from 1.36.8 to 1.36.9. --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-version: 1.36.9 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- .../protobuf/internal/filedesc/editions.go | 12 +++++++----- .../protobuf/internal/version/version.go | 2 +- vendor/modules.txt | 2 +- 5 files changed, 12 insertions(+), 10 deletions(-) diff --git a/go.mod b/go.mod index 530cf19b80e..e12e9aa6d93 100644 --- a/go.mod +++ b/go.mod @@ -24,7 +24,7 @@ require ( github.com/vishvananda/netns v0.0.5 golang.org/x/net v0.43.0 golang.org/x/sys v0.36.0 - google.golang.org/protobuf v1.36.8 + google.golang.org/protobuf v1.36.9 ) require ( diff --git a/go.sum b/go.sum index 10d00105a5a..ef79c7787bf 100644 --- a/go.sum +++ b/go.sum @@ -86,8 +86,8 @@ golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.36.0 h1:KVRy2GtZBrk1cBYA7MKu5bEZFxQk4NIDV6RLVcC8o0k= golang.org/x/sys v0.36.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= -google.golang.org/protobuf v1.36.8 h1:xHScyCOEuuwZEc6UtSOvPbAT4zRh0xcNRYekJwfqyMc= -google.golang.org/protobuf v1.36.8/go.mod h1:fuxRtAxBytpl4zzqUh6/eyUujkJdNiuEkXntxiD/uRU= +google.golang.org/protobuf v1.36.9 h1:w2gp2mA27hUeUzj9Ex9FBjsBm40zfaDtEWow293U7Iw= +google.golang.org/protobuf v1.36.9/go.mod h1:fuxRtAxBytpl4zzqUh6/eyUujkJdNiuEkXntxiD/uRU= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/vendor/google.golang.org/protobuf/internal/filedesc/editions.go b/vendor/google.golang.org/protobuf/internal/filedesc/editions.go index a0aad2777f3..66ba906806f 100644 --- a/vendor/google.golang.org/protobuf/internal/filedesc/editions.go +++ b/vendor/google.golang.org/protobuf/internal/filedesc/editions.go @@ -13,8 +13,10 @@ import ( "google.golang.org/protobuf/reflect/protoreflect" ) -var defaultsCache = make(map[Edition]EditionFeatures) -var defaultsKeys = []Edition{} +var ( + defaultsCache = make(map[Edition]EditionFeatures) + defaultsKeys = []Edition{} +) func init() { unmarshalEditionDefaults(editiondefaults.Defaults) @@ -41,7 +43,7 @@ func unmarshalGoFeature(b []byte, parent EditionFeatures) EditionFeatures { b = b[m:] parent.StripEnumPrefix = int(v) default: - panic(fmt.Sprintf("unkown field number %d while unmarshalling GoFeatures", num)) + panic(fmt.Sprintf("unknown field number %d while unmarshalling GoFeatures", num)) } } return parent @@ -76,7 +78,7 @@ func unmarshalFeatureSet(b []byte, parent EditionFeatures) EditionFeatures { // DefaultSymbolVisibility is enforced in protoc, runtimes should not // inspect this value. default: - panic(fmt.Sprintf("unkown field number %d while unmarshalling FeatureSet", num)) + panic(fmt.Sprintf("unknown field number %d while unmarshalling FeatureSet", num)) } case protowire.BytesType: v, m := protowire.ConsumeBytes(b) @@ -150,7 +152,7 @@ func unmarshalEditionDefaults(b []byte) { _, m := protowire.ConsumeVarint(b) b = b[m:] default: - panic(fmt.Sprintf("unkown field number %d while unmarshalling EditionDefault", num)) + panic(fmt.Sprintf("unknown field number %d while unmarshalling EditionDefault", num)) } } } diff --git a/vendor/google.golang.org/protobuf/internal/version/version.go b/vendor/google.golang.org/protobuf/internal/version/version.go index 697d1c14f3c..31e79a6535a 100644 --- a/vendor/google.golang.org/protobuf/internal/version/version.go +++ b/vendor/google.golang.org/protobuf/internal/version/version.go @@ -52,7 +52,7 @@ import ( const ( Major = 1 Minor = 36 - Patch = 8 + Patch = 9 PreRelease = "" ) diff --git a/vendor/modules.txt b/vendor/modules.txt index 4728393cd9f..72266b95efd 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -98,7 +98,7 @@ golang.org/x/net/bpf ## explicit; go 1.24.0 golang.org/x/sys/unix golang.org/x/sys/windows -# google.golang.org/protobuf v1.36.8 +# google.golang.org/protobuf v1.36.9 ## explicit; go 1.23 google.golang.org/protobuf/encoding/prototext google.golang.org/protobuf/encoding/protowire From ffe6d3a3c865ca0fc6100e11e4562d9e87f52765 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 10 Sep 2025 06:50:38 +0000 Subject: [PATCH 1024/1176] build(deps): bump golang.org/x/net from 0.43.0 to 0.44.0 Bumps [golang.org/x/net](https://github.com/golang/net) from 0.43.0 to 0.44.0. - [Commits](https://github.com/golang/net/compare/v0.43.0...v0.44.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-version: 0.44.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- vendor/modules.txt | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/go.mod b/go.mod index e12e9aa6d93..658eb78e23d 100644 --- a/go.mod +++ b/go.mod @@ -22,7 +22,7 @@ require ( github.com/urfave/cli v1.22.17 github.com/vishvananda/netlink v1.3.1 github.com/vishvananda/netns v0.0.5 - golang.org/x/net v0.43.0 + golang.org/x/net v0.44.0 golang.org/x/sys v0.36.0 google.golang.org/protobuf v1.36.9 ) diff --git a/go.sum b/go.sum index ef79c7787bf..40fbb798dc4 100644 --- a/go.sum +++ b/go.sum @@ -76,8 +76,8 @@ github.com/vishvananda/netlink v1.3.1 h1:3AEMt62VKqz90r0tmNhog0r/PpWKmrEShJU0wJW github.com/vishvananda/netlink v1.3.1/go.mod h1:ARtKouGSTGchR8aMwmkzC0qiNPrrWO5JS/XMVl45+b4= github.com/vishvananda/netns v0.0.5 h1:DfiHV+j8bA32MFM7bfEunvT8IAqQ/NzSJHtcmW5zdEY= github.com/vishvananda/netns v0.0.5/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM= -golang.org/x/net v0.43.0 h1:lat02VYK2j4aLzMzecihNvTlJNQUq316m2Mr9rnM6YE= -golang.org/x/net v0.43.0/go.mod h1:vhO1fvI4dGsIjh73sWfUVjj3N7CA9WkKJNQm2svM6Jg= +golang.org/x/net v0.44.0 h1:evd8IRDyfNBMBTTY5XRF1vaZlD+EmWx6x8PkhR04H/I= +golang.org/x/net v0.44.0/go.mod h1:ECOoLqd5U3Lhyeyo/QDCEVQ4sNgYsqvCZ722XogGieY= golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= diff --git a/vendor/modules.txt b/vendor/modules.txt index 72266b95efd..19065d06f09 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -91,8 +91,8 @@ github.com/vishvananda/netlink/nl # github.com/vishvananda/netns v0.0.5 ## explicit; go 1.17 github.com/vishvananda/netns -# golang.org/x/net v0.43.0 -## explicit; go 1.23.0 +# golang.org/x/net v0.44.0 +## explicit; go 1.24.0 golang.org/x/net/bpf # golang.org/x/sys v0.36.0 ## explicit; go 1.24.0 From 70d88bc449535c0b87174034ecf013d405cf39fa Mon Sep 17 00:00:00 2001 From: Tycho Andersen Date: Fri, 5 Sep 2025 11:13:09 -0600 Subject: [PATCH 1025/1176] libcontainer/validator: allow setting user.* sysctls inside userns These sysctls are all per-userns (termed `ucounts` in the kernel code) are settable with CAP_SYS_RESOURCE in the user namespace. Signed-off-by: Tycho Andersen --- libcontainer/configs/validate/validator.go | 24 +++++++++++++ .../configs/validate/validator_test.go | 34 +++++++++++++++++++ 2 files changed, 58 insertions(+) diff --git a/libcontainer/configs/validate/validator.go b/libcontainer/configs/validate/validator.go index 1fe66e148b4..605286c1874 100644 --- a/libcontainer/configs/validate/validator.go +++ b/libcontainer/configs/validate/validator.go @@ -274,6 +274,30 @@ func sysctl(config *configs.Config) error { return fmt.Errorf("sysctl %q is not allowed as it conflicts with the OCI %q field", s, "hostname") } } + + if strings.HasPrefix(s, "user.") { + + // while it is technically true that a non-userns + // container can write to /proc/sys/user on behalf of + // the init_user_ns, it was not previously supported, + // and doesn't guarantee that someone else spawns a + // different container and writes there, changing the + // values. in particular, setting something like + // max_user_namespaces to non-zero could be a vector to + // use 0-days where the admin had previously disabled + // them. + // + // additionally, this setting affects other host + // processes that are not container related. + // + // so let's refuse this unless we know for sure it + // won't touch anything else. + if !config.Namespaces.Contains(configs.NEWUSER) { + return fmt.Errorf("setting ucounts without a user namespace not allowed: %v", s) + } + continue + } + return fmt.Errorf("sysctl %q is not in a separate kernel namespace", s) } diff --git a/libcontainer/configs/validate/validator_test.go b/libcontainer/configs/validate/validator_test.go index 2dd47a198d3..160679efef1 100644 --- a/libcontainer/configs/validate/validator_test.go +++ b/libcontainer/configs/validate/validator_test.go @@ -1019,6 +1019,40 @@ func TestValidateNetDevices(t *testing.T) { } } +func TestValidateUserSysctlWithUserNamespace(t *testing.T) { + if _, err := os.Stat("/proc/self/ns/user"); os.IsNotExist(err) { + t.Skip("Test requires userns.") + } + config := &configs.Config{ + Rootfs: "/var", + Sysctl: map[string]string{"user.max_inotify_watches": "8192"}, + Namespaces: configs.Namespaces( + []configs.Namespace{ + {Type: configs.NEWUSER}, + }, + ), + UIDMappings: []configs.IDMap{{HostID: 0, ContainerID: 123, Size: 100}}, + GIDMappings: []configs.IDMap{{HostID: 0, ContainerID: 123, Size: 100}}, + } + + err := Validate(config) + if err != nil { + t.Errorf("Expected error to not occur with user.* sysctl and NEWUSER namespace: %+v", err) + } +} + +func TestValidateUserSysctlWithoutUserNamespace(t *testing.T) { + config := &configs.Config{ + Rootfs: "/var", + Sysctl: map[string]string{"user.max_inotify_watches": "8192"}, + } + + err := Validate(config) + if err == nil { + t.Error("Expected error to occur with user.* sysctl without NEWUSER namespace but it was nil") + } +} + func TestDevValidName(t *testing.T) { testCases := []struct { name string From 41553216ee2ea6c0b37cf756c19254ad7b2a3833 Mon Sep 17 00:00:00 2001 From: Markus Lehtonen Date: Wed, 30 Jul 2025 16:02:23 +0300 Subject: [PATCH 1026/1176] libcontainer/intelrdt: add support for Schemata field Implement support for the linux.intelRdt.schemata field of the spec. This allows management of the "schemata" file in the resctrl group in a generic way. Signed-off-by: Markus Lehtonen --- features.go | 3 +- libcontainer/configs/intelrdt.go | 4 ++ libcontainer/intelrdt/intelrdt.go | 45 +++++------------ libcontainer/intelrdt/intelrdt_test.go | 68 ++++++++++++++++++++++++-- libcontainer/intelrdt/util_test.go | 10 ---- libcontainer/specconv/spec_linux.go | 1 + 6 files changed, 82 insertions(+), 49 deletions(-) diff --git a/features.go b/features.go index c5dff4a2d17..72aef5c3c51 100644 --- a/features.go +++ b/features.go @@ -56,7 +56,8 @@ var featuresCommand = cli.Command{ Enabled: &t, }, IntelRdt: &features.IntelRdt{ - Enabled: &t, + Enabled: &t, + Schemata: &t, }, MountExtensions: &features.MountExtensions{ IDMap: &features.IDMap{ diff --git a/libcontainer/configs/intelrdt.go b/libcontainer/configs/intelrdt.go index f8d951ab8b9..ddf1bb3a855 100644 --- a/libcontainer/configs/intelrdt.go +++ b/libcontainer/configs/intelrdt.go @@ -4,6 +4,10 @@ type IntelRdt struct { // The identity for RDT Class of Service ClosID string `json:"closID,omitempty"` + // Schemata is a generic field to specify schemata file in the resctrl + // filesystem. Each element represents one line written to the schemata file. + Schemata []string `json:"schemata,omitempty"` + // The schema for L3 cache id and capacity bitmask (CBM) // Format: "L3:=;=;..." L3CacheSchema string `json:"l3_cache_schema,omitempty"` diff --git a/libcontainer/intelrdt/intelrdt.go b/libcontainer/intelrdt/intelrdt.go index ac05f2252c5..f5fde0f83b6 100644 --- a/libcontainer/intelrdt/intelrdt.go +++ b/libcontainer/intelrdt/intelrdt.go @@ -326,16 +326,6 @@ func getIntelRdtParamString(path, file string) (string, error) { return string(bytes.TrimSpace(contents)), nil } -func writeFile(dir, file, data string) error { - if dir == "" { - return fmt.Errorf("no such directory for %s", file) - } - if err := os.WriteFile(filepath.Join(dir, file), []byte(data+"\n"), 0o600); err != nil { - return newLastCmdError(fmt.Errorf("intelrdt: unable to write %v: %w", data, err)) - } - return nil -} - // Get the read-only L3 cache information func getL3CacheInfo() (*L3CacheInfo, error) { l3CacheInfo := &L3CacheInfo{} @@ -462,11 +452,11 @@ func (m *Manager) Apply(pid int) (err error) { m.mu.Lock() defer m.mu.Unlock() - if m.config.IntelRdt.ClosID != "" && m.config.IntelRdt.L3CacheSchema == "" && m.config.IntelRdt.MemBwSchema == "" { + if m.config.IntelRdt.ClosID != "" && m.config.IntelRdt.L3CacheSchema == "" && m.config.IntelRdt.MemBwSchema == "" && len(m.config.IntelRdt.Schemata) == 0 { // Check that the CLOS exists, i.e. it has been pre-configured to // conform with the runtime spec if _, err := os.Stat(path); err != nil { - return fmt.Errorf("clos dir not accessible (must be pre-created when l3CacheSchema and memBwSchema are empty): %w", err) + return fmt.Errorf("clos dir not accessible (must be pre-created when schemata, l3CacheSchema and memBwSchema are empty): %w", err) } } @@ -637,35 +627,24 @@ func (m *Manager) Set(container *configs.Config) error { // For example, on a two-socket machine, the schema line could be // "MB:0=5000;1=7000" which means 5000 MBps memory bandwidth limit on // socket 0 and 7000 MBps memory bandwidth limit on socket 1. - if container.IntelRdt != nil { - path := m.GetPath() - l3CacheSchema := container.IntelRdt.L3CacheSchema - memBwSchema := container.IntelRdt.MemBwSchema - + if r := container.IntelRdt; r != nil { // TODO: verify that l3CacheSchema and/or memBwSchema match the // existing schemata if ClosID has been specified. This is a more // involved than reading the file and doing plain string comparison as // the value written in does not necessarily match what gets read out // (leading zeros, cache id ordering etc). - - // Write a single joint schema string to schemata file - if l3CacheSchema != "" && memBwSchema != "" { - if err := writeFile(path, "schemata", l3CacheSchema+"\n"+memBwSchema); err != nil { - return err - } - } - - // Write only L3 cache schema string to schemata file - if l3CacheSchema != "" && memBwSchema == "" { - if err := writeFile(path, "schemata", l3CacheSchema); err != nil { - return err + var schemata strings.Builder + for _, s := range append([]string{r.L3CacheSchema, r.MemBwSchema}, r.Schemata...) { + if s != "" { + schemata.WriteString(s) + schemata.WriteString("\n") } } - // Write only memory bandwidth schema string to schemata file - if l3CacheSchema == "" && memBwSchema != "" { - if err := writeFile(path, "schemata", memBwSchema); err != nil { - return err + if schemata.Len() > 0 { + path := filepath.Join(m.GetPath(), "schemata") + if err := os.WriteFile(path, []byte(schemata.String()), 0o600); err != nil { + return newLastCmdError(fmt.Errorf("intelrdt: unable to write %q: %w", schemata.String(), err)) } } } diff --git a/libcontainer/intelrdt/intelrdt_test.go b/libcontainer/intelrdt/intelrdt_test.go index 06c734c5452..209424d554c 100644 --- a/libcontainer/intelrdt/intelrdt_test.go +++ b/libcontainer/intelrdt/intelrdt_test.go @@ -37,6 +37,69 @@ func TestIntelRdtSet(t *testing.T) { }, schemataAfter: []string{"MB:0=9000;1=4000"}, }, + { + name: "L3 and MemBw", + config: &configs.IntelRdt{ + L3CacheSchema: "L3:0=f0;1=f", + MemBwSchema: "MB:0=9000;1=4000", + }, + schemataAfter: []string{ + "L3:0=f0;1=f", + "MB:0=9000;1=4000", + }, + }, + { + name: "Schemata", + config: &configs.IntelRdt{ + Schemata: []string{ + "L3CODE:0=ff;1=ff", + "L3DATA:0=f;1=f0", + }, + }, + schemataAfter: []string{ + "L3CODE:0=ff;1=ff", + "L3DATA:0=f;1=f0", + }, + }, + { + name: "Schemata and L3", + config: &configs.IntelRdt{ + L3CacheSchema: "L3:0=f0;1=f", + Schemata: []string{"L2:0=ff00;1=ff"}, + }, + schemataAfter: []string{ + "L3:0=f0;1=f", + "L2:0=ff00;1=ff", + }, + }, + { + name: "Schemata and MemBw", + config: &configs.IntelRdt{ + MemBwSchema: "MB:0=2000;1=4000", + Schemata: []string{"L3:0=ff;1=ff"}, + }, + schemataAfter: []string{ + "MB:0=2000;1=4000", + "L3:0=ff;1=ff", + }, + }, + { + name: "Schemata, L3 and MemBw", + config: &configs.IntelRdt{ + L3CacheSchema: "L3:0=80;1=7f", + MemBwSchema: "MB:0=2000;1=4000", + Schemata: []string{ + "L2:0=ff00;1=ff", + "L3:0=c0;1=3f", + }, + }, + schemataAfter: []string{ + "L3:0=80;1=7f", + "MB:0=2000;1=4000", + "L2:0=ff00;1=ff", + "L3:0=c0;1=3f", + }, + }, } for _, tc := range tcs { @@ -44,11 +107,6 @@ func TestIntelRdtSet(t *testing.T) { helper := NewIntelRdtTestUtil(t) helper.config.IntelRdt = tc.config - helper.writeFileContents(map[string]string{ - /* Common initial value for all test cases */ - "schemata": "MB:0=100\nL3:0=ffff\nL2:0=ffffffff\n", - }) - intelrdt := newManager(helper.config, "", helper.IntelRdtPath) if err := intelrdt.Set(helper.config); err != nil { t.Fatal(err) diff --git a/libcontainer/intelrdt/util_test.go b/libcontainer/intelrdt/util_test.go index b29d685e981..1771a231b4a 100644 --- a/libcontainer/intelrdt/util_test.go +++ b/libcontainer/intelrdt/util_test.go @@ -40,13 +40,3 @@ func NewIntelRdtTestUtil(t *testing.T) *intelRdtTestUtil { } return &intelRdtTestUtil{config: config, IntelRdtPath: testIntelRdtPath, t: t} } - -// Write the specified contents on the mock of the specified Intel RDT "resource control" files -func (c *intelRdtTestUtil) writeFileContents(fileContents map[string]string) { - for file, contents := range fileContents { - err := writeFile(c.IntelRdtPath, file, contents) - if err != nil { - c.t.Fatal(err) - } - } -} diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go index ec417ed37e2..b19ba358bc5 100644 --- a/libcontainer/specconv/spec_linux.go +++ b/libcontainer/specconv/spec_linux.go @@ -463,6 +463,7 @@ func CreateLibcontainerConfig(opts *CreateOpts) (*configs.Config, error) { if spec.Linux.IntelRdt != nil { config.IntelRdt = &configs.IntelRdt{ ClosID: spec.Linux.IntelRdt.ClosID, + Schemata: spec.Linux.IntelRdt.Schemata, L3CacheSchema: spec.Linux.IntelRdt.L3CacheSchema, MemBwSchema: spec.Linux.IntelRdt.MemBwSchema, } From 7be025fff3e4e7abdc6cd4d502681ee166adc2b2 Mon Sep 17 00:00:00 2001 From: Markus Lehtonen Date: Wed, 30 Jul 2025 17:41:25 +0300 Subject: [PATCH 1027/1176] events/intelrdt: report full schemata Signed-off-by: Markus Lehtonen --- events.go | 2 ++ libcontainer/intelrdt/intelrdt.go | 2 ++ libcontainer/intelrdt/stats.go | 3 +++ types/events.go | 3 +++ 4 files changed, 10 insertions(+) diff --git a/events.go b/events.go index 72a808a3d9d..53e8c028f72 100644 --- a/events.go +++ b/events.go @@ -173,6 +173,8 @@ func convertLibcontainerStats(ls *libcontainer.Stats) *types.Stats { if intelrdt.IsCMTEnabled() { s.IntelRdt.CMTStats = is.CMTStats } + + s.IntelRdt.Schemata = is.Schemata } s.NetworkInterfaces = ls.Interfaces diff --git a/libcontainer/intelrdt/intelrdt.go b/libcontainer/intelrdt/intelrdt.go index f5fde0f83b6..c3cd9ef2372 100644 --- a/libcontainer/intelrdt/intelrdt.go +++ b/libcontainer/intelrdt/intelrdt.go @@ -524,6 +524,8 @@ func (m *Manager) GetStats() (*Stats, error) { } schemaStrings := strings.Split(tmpStrings, "\n") + stats.Schemata = schemaStrings + if IsCATEnabled() { // The read-only L3 cache information l3CacheInfo, err := getL3CacheInfo() diff --git a/libcontainer/intelrdt/stats.go b/libcontainer/intelrdt/stats.go index a5eb2541e81..d725af77313 100644 --- a/libcontainer/intelrdt/stats.go +++ b/libcontainer/intelrdt/stats.go @@ -45,6 +45,9 @@ type Stats struct { // The memory bandwidth schema in 'container_id' group MemBwSchema string `json:"mem_bw_schema,omitempty"` + // Schemata contains the full schemata of the ClosID (resctrl group) that the container is assigned to. + Schemata []string `json:"schemata,omitempty"` + // The memory bandwidth monitoring statistics from NUMA nodes in 'container_id' group MBMStats *[]MBMNumaNodeStats `json:"mbm_stats,omitempty"` diff --git a/types/events.go b/types/events.go index fc741d2d9e2..6822c4dafce 100644 --- a/types/events.go +++ b/types/events.go @@ -143,6 +143,9 @@ type IntelRdt struct { // The memory bandwidth schema in 'container_id' group MemBwSchema string `json:"mem_bw_schema,omitempty"` + // Schemata contains the full schemata of the ClosID (resctrl group) that the container is assigned to. + Schemata []string `json:"schemata,omitempty"` + // The memory bandwidth monitoring statistics from NUMA nodes in 'container_id' group MBMStats *[]intelrdt.MBMNumaNodeStats `json:"mbm_stats,omitempty"` From 830c479ae2a027ce671816a8f353a1264973dd25 Mon Sep 17 00:00:00 2001 From: donettom-1 Date: Tue, 16 Sep 2025 17:17:40 +0530 Subject: [PATCH 1028/1176] tests/int/cgroups: Use 64K aligned limits for memory.max MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When a non–page-aligned value is written to memory.max, the kernel aligns it down to the nearest page boundary. On systems with a page size greater than 4K (e.g., 64K), this caused failures because the configured memory.max value was not 64K aligned. This patch fixes the issue by explicitly aligning the memory.max value to 64K. Since 64K is also a multiple of 4K, the value is correctly aligned on both 4K and 64K page size systems. However, this approach will still fail on systems where the hardcoded memory.max value is not aligned to the system page size. Fixes: https://github.com/opencontainers/runc/issues/4841 Signed-off-by: Vishal Chourasia Signed-off-by: Donet Tom --- tests/integration/cgroups.bats | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/integration/cgroups.bats b/tests/integration/cgroups.bats index 082d48cc745..b21c0efc58f 100644 --- a/tests/integration/cgroups.bats +++ b/tests/integration/cgroups.bats @@ -362,7 +362,7 @@ convert_hugetlb_size() { set_cgroups_path update_config ' .linux.resources.unified |= { - "memory.max": "20484096", + "memory.max": "20512768", "memory.swap.max": "20971520" }' @@ -373,10 +373,10 @@ convert_hugetlb_size() { [ "$status" -eq 0 ] echo "$output" - echo "$output" | grep -q '^memory.max:20484096$' + echo "$output" | grep -q '^memory.max:20512768$' echo "$output" | grep -q '^memory.swap.max:20971520$' - check_systemd_value "MemoryMax" 20484096 + check_systemd_value "MemoryMax" 20512768 check_systemd_value "MemorySwapMax" 20971520 } From 7d6848f883ff80884276b6deaf9a00f3a89cbc17 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 16 Jul 2025 11:10:55 -0700 Subject: [PATCH 1029/1176] script/setup_rootless.sh: chown nit MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This fixes the following warning (seen on Fedora 42 and Ubuntu 24.04): + sudo chown -R rootless.rootless /home/rootless chown: warning: '.' should be ':': ‘rootless.rootless’ Signed-off-by: Kir Kolyshkin --- script/setup_rootless.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/script/setup_rootless.sh b/script/setup_rootless.sh index 842d2ecf16b..6ecdbc4d04f 100755 --- a/script/setup_rootless.sh +++ b/script/setup_rootless.sh @@ -12,4 +12,4 @@ ssh-keygen -t ecdsa -N "" -f "$HOME/.ssh/rootless.key" sudo mkdir -p -m 0700 /home/rootless/.ssh sudo cp "$HOME/.ssh/rootless.key" /home/rootless/.ssh/id_ecdsa sudo cp "$HOME/.ssh/rootless.key.pub" /home/rootless/.ssh/authorized_keys -sudo chown -R rootless.rootless /home/rootless +sudo chown -R rootless:rootless /home/rootless From b39e0d6468fe3438d9e88920a3f290f3223c58fd Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 15 Jul 2025 16:37:34 -0700 Subject: [PATCH 1030/1176] libct: factor out addIntoCgroup from setnsProcess.start Signed-off-by: Kir Kolyshkin --- libcontainer/process_linux.go | 52 ++++++++++++++++++++--------------- 1 file changed, 30 insertions(+), 22 deletions(-) diff --git a/libcontainer/process_linux.go b/libcontainer/process_linux.go index d8acb275193..ba39ad9eed4 100644 --- a/libcontainer/process_linux.go +++ b/libcontainer/process_linux.go @@ -244,6 +244,34 @@ func (p *setnsProcess) setFinalCPUAffinity() error { return nil } +func (p *setnsProcess) addIntoCgroup() error { + for _, path := range p.cgroupPaths { + if err := cgroups.WriteCgroupProc(path, p.pid()); err != nil && !p.rootlessCgroups { + // On cgroup v2 + nesting + domain controllers, WriteCgroupProc may fail with EBUSY. + // https://github.com/opencontainers/runc/issues/2356#issuecomment-621277643 + // Try to join the cgroup of InitProcessPid. + if cgroups.IsCgroup2UnifiedMode() && p.initProcessPid != 0 { + initProcCgroupFile := fmt.Sprintf("/proc/%d/cgroup", p.initProcessPid) + initCg, initCgErr := cgroups.ParseCgroupFile(initProcCgroupFile) + if initCgErr == nil { + if initCgPath, ok := initCg[""]; ok { + initCgDirpath := filepath.Join(fs2.UnifiedMountpoint, initCgPath) + logrus.Debugf("adding pid %d to cgroups %v failed (%v), attempting to join %q (obtained from %s)", + p.pid(), p.cgroupPaths, err, initCg, initCgDirpath) + // NOTE: initCgDirPath is not guaranteed to exist because we didn't pause the container. + err = cgroups.WriteCgroupProc(initCgDirpath, p.pid()) + } + } + } + if err != nil { + return fmt.Errorf("error adding pid %d to cgroups: %w", p.pid(), err) + } + } + } + + return nil +} + func (p *setnsProcess) start() (retErr error) { defer p.comm.closeParent() @@ -277,28 +305,8 @@ func (p *setnsProcess) start() (retErr error) { if err := p.execSetns(); err != nil { return fmt.Errorf("error executing setns process: %w", err) } - for _, path := range p.cgroupPaths { - if err := cgroups.WriteCgroupProc(path, p.pid()); err != nil && !p.rootlessCgroups { - // On cgroup v2 + nesting + domain controllers, WriteCgroupProc may fail with EBUSY. - // https://github.com/opencontainers/runc/issues/2356#issuecomment-621277643 - // Try to join the cgroup of InitProcessPid. - if cgroups.IsCgroup2UnifiedMode() && p.initProcessPid != 0 { - initProcCgroupFile := fmt.Sprintf("/proc/%d/cgroup", p.initProcessPid) - initCg, initCgErr := cgroups.ParseCgroupFile(initProcCgroupFile) - if initCgErr == nil { - if initCgPath, ok := initCg[""]; ok { - initCgDirpath := filepath.Join(fs2.UnifiedMountpoint, initCgPath) - logrus.Debugf("adding pid %d to cgroups %v failed (%v), attempting to join %q (obtained from %s)", - p.pid(), p.cgroupPaths, err, initCg, initCgDirpath) - // NOTE: initCgDirPath is not guaranteed to exist because we didn't pause the container. - err = cgroups.WriteCgroupProc(initCgDirpath, p.pid()) - } - } - } - if err != nil { - return fmt.Errorf("error adding pid %d to cgroups: %w", p.pid(), err) - } - } + if err := p.addIntoCgroup(); err != nil { + return err } // Set final CPU affinity right after the process is moved into container's cgroup. if err := p.setFinalCPUAffinity(); err != nil { From 5560020cbbfcd25ec5b9cab17f094697fbfae162 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 25 Jul 2025 17:00:45 -0700 Subject: [PATCH 1031/1176] libct: split addIntoCgroup into V1 and V2 The main idea is to maintain the code separately (and eventually kill V1 implementation). Signed-off-by: Kir Kolyshkin --- libcontainer/process_linux.go | 52 +++++++++++++++++++++++------------ 1 file changed, 34 insertions(+), 18 deletions(-) diff --git a/libcontainer/process_linux.go b/libcontainer/process_linux.go index ba39ad9eed4..5b4b4def622 100644 --- a/libcontainer/process_linux.go +++ b/libcontainer/process_linux.go @@ -244,34 +244,50 @@ func (p *setnsProcess) setFinalCPUAffinity() error { return nil } -func (p *setnsProcess) addIntoCgroup() error { +func (p *setnsProcess) addIntoCgroupV1() error { for _, path := range p.cgroupPaths { if err := cgroups.WriteCgroupProc(path, p.pid()); err != nil && !p.rootlessCgroups { - // On cgroup v2 + nesting + domain controllers, WriteCgroupProc may fail with EBUSY. - // https://github.com/opencontainers/runc/issues/2356#issuecomment-621277643 - // Try to join the cgroup of InitProcessPid. - if cgroups.IsCgroup2UnifiedMode() && p.initProcessPid != 0 { - initProcCgroupFile := fmt.Sprintf("/proc/%d/cgroup", p.initProcessPid) - initCg, initCgErr := cgroups.ParseCgroupFile(initProcCgroupFile) - if initCgErr == nil { - if initCgPath, ok := initCg[""]; ok { - initCgDirpath := filepath.Join(fs2.UnifiedMountpoint, initCgPath) - logrus.Debugf("adding pid %d to cgroups %v failed (%v), attempting to join %q (obtained from %s)", - p.pid(), p.cgroupPaths, err, initCg, initCgDirpath) - // NOTE: initCgDirPath is not guaranteed to exist because we didn't pause the container. - err = cgroups.WriteCgroupProc(initCgDirpath, p.pid()) - } + return fmt.Errorf("error adding pid %d to cgroups: %w", p.pid(), err) + } + } + + return nil +} + +func (p *setnsProcess) addIntoCgroupV2() error { + path := p.cgroupPaths[""] + if err := cgroups.WriteCgroupProc(path, p.pid()); err != nil && !p.rootlessCgroups { + // On cgroup v2 + nesting + domain controllers, WriteCgroupProc may fail with EBUSY. + // https://github.com/opencontainers/runc/issues/2356#issuecomment-621277643 + // Try to join the cgroup of InitProcessPid. + if p.initProcessPid != 0 { + initProcCgroupFile := fmt.Sprintf("/proc/%d/cgroup", p.initProcessPid) + initCg, initCgErr := cgroups.ParseCgroupFile(initProcCgroupFile) + if initCgErr == nil { + if initCgPath, ok := initCg[""]; ok { + initCgDirpath := filepath.Join(fs2.UnifiedMountpoint, initCgPath) + logrus.Debugf("adding pid %d to cgroups %v failed (%v), attempting to join %q (obtained from %s)", + p.pid(), p.cgroupPaths, err, initCg, initCgDirpath) + // NOTE: initCgDirPath is not guaranteed to exist because we didn't pause the container. + err = cgroups.WriteCgroupProc(initCgDirpath, p.pid()) } } - if err != nil { - return fmt.Errorf("error adding pid %d to cgroups: %w", p.pid(), err) - } + } + if err != nil { + return fmt.Errorf("error adding pid %d to cgroups: %w", p.pid(), err) } } return nil } +func (p *setnsProcess) addIntoCgroup() error { + if cgroups.IsCgroup2UnifiedMode() { + return p.addIntoCgroupV2() + } + return p.addIntoCgroupV1() +} + func (p *setnsProcess) start() (retErr error) { defer p.comm.closeParent() From 5730a141f1702dc60682620d4815e1cd194dda06 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 25 Jul 2025 17:19:00 -0700 Subject: [PATCH 1032/1176] libct: move exec sub-cgroup handling down the line Remove cgroupPaths field from struct setnsProcess, because: - we can get base cgroup paths from p.manager.GetPaths(); - we can get sub-cgroup paths from p.process.SubCgroupPaths. But mostly because we are going to need separate cgroup paths when adopting cgroups.AddPid. Signed-off-by: Kir Kolyshkin --- libcontainer/container_linux.go | 31 ------------------------- libcontainer/process_linux.go | 40 ++++++++++++++++++++++++++------- 2 files changed, 32 insertions(+), 39 deletions(-) diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index 7f0c51f31cf..554ca9b6e50 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -7,7 +7,6 @@ import ( "io" "os" "os/exec" - "path" "path/filepath" "reflect" "strconv" @@ -655,40 +654,10 @@ func (c *Container) newSetnsProcess(p *Process, cmd *exec.Cmd, comm *processComm bootstrapData: data, container: c, }, - cgroupPaths: state.CgroupPaths, rootlessCgroups: c.config.RootlessCgroups, intelRdtPath: state.IntelRdtPath, initProcessPid: state.InitProcessPid, } - if len(p.SubCgroupPaths) > 0 { - if add, ok := p.SubCgroupPaths[""]; ok { - // cgroup v1: using the same path for all controllers. - // cgroup v2: the only possible way. - for k := range proc.cgroupPaths { - subPath := path.Join(proc.cgroupPaths[k], add) - if !strings.HasPrefix(subPath, proc.cgroupPaths[k]) { - return nil, fmt.Errorf("%s is not a sub cgroup path", add) - } - proc.cgroupPaths[k] = subPath - } - // cgroup v2: do not try to join init process's cgroup - // as a fallback (see (*setnsProcess).start). - proc.initProcessPid = 0 - } else { - // Per-controller paths. - for ctrl, add := range p.SubCgroupPaths { - if val, ok := proc.cgroupPaths[ctrl]; ok { - subPath := path.Join(val, add) - if !strings.HasPrefix(subPath, val) { - return nil, fmt.Errorf("%s is not a sub cgroup path", add) - } - proc.cgroupPaths[ctrl] = subPath - } else { - return nil, fmt.Errorf("unknown controller %s in SubCgroupPaths", ctrl) - } - } - } - } return proc, nil } diff --git a/libcontainer/process_linux.go b/libcontainer/process_linux.go index 5b4b4def622..9e68022702f 100644 --- a/libcontainer/process_linux.go +++ b/libcontainer/process_linux.go @@ -6,12 +6,15 @@ import ( "errors" "fmt" "io" + "maps" "net" "os" "os/exec" + "path" "path/filepath" "runtime" "strconv" + "strings" "sync" "time" @@ -153,7 +156,6 @@ func (p *containerProcess) wait() (*os.ProcessState, error) { //nolint:unparam type setnsProcess struct { containerProcess - cgroupPaths map[string]string rootlessCgroups bool intelRdtPath string initProcessPid int @@ -245,7 +247,20 @@ func (p *setnsProcess) setFinalCPUAffinity() error { } func (p *setnsProcess) addIntoCgroupV1() error { - for _, path := range p.cgroupPaths { + paths := maps.Clone(p.manager.GetPaths()) + for ctrl, sub := range p.process.SubCgroupPaths { + base, ok := paths[ctrl] + if !ok { + return fmt.Errorf("unknown controller %s in SubCgroupPaths", ctrl) + } + cgPath := path.Join(base, sub) + if !strings.HasPrefix(cgPath, base) { + return fmt.Errorf("%s is not a sub cgroup path", sub) + } + paths[ctrl] = cgPath + } + + for _, path := range paths { if err := cgroups.WriteCgroupProc(path, p.pid()); err != nil && !p.rootlessCgroups { return fmt.Errorf("error adding pid %d to cgroups: %w", p.pid(), err) } @@ -255,19 +270,28 @@ func (p *setnsProcess) addIntoCgroupV1() error { } func (p *setnsProcess) addIntoCgroupV2() error { - path := p.cgroupPaths[""] - if err := cgroups.WriteCgroupProc(path, p.pid()); err != nil && !p.rootlessCgroups { + base := p.manager.Path("") + sub := "" + if p.process.SubCgroupPaths != nil { + sub = p.process.SubCgroupPaths[""] + } + cgPath := path.Join(base, sub) + if !strings.HasPrefix(cgPath, base) { + return fmt.Errorf("%s is not a sub cgroup path", sub) + } + + if err := cgroups.WriteCgroupProc(cgPath, p.pid()); err != nil && !p.rootlessCgroups { // On cgroup v2 + nesting + domain controllers, WriteCgroupProc may fail with EBUSY. // https://github.com/opencontainers/runc/issues/2356#issuecomment-621277643 - // Try to join the cgroup of InitProcessPid. - if p.initProcessPid != 0 { + // Try to join the cgroup of InitProcessPid, unless sub-cgroup is explicitly set. + if p.initProcessPid != 0 && sub == "" { initProcCgroupFile := fmt.Sprintf("/proc/%d/cgroup", p.initProcessPid) initCg, initCgErr := cgroups.ParseCgroupFile(initProcCgroupFile) if initCgErr == nil { if initCgPath, ok := initCg[""]; ok { initCgDirpath := filepath.Join(fs2.UnifiedMountpoint, initCgPath) - logrus.Debugf("adding pid %d to cgroups %v failed (%v), attempting to join %q (obtained from %s)", - p.pid(), p.cgroupPaths, err, initCg, initCgDirpath) + logrus.Debugf("adding pid %d to cgroup %s failed (%v), attempting to join %s", + p.pid(), cgPath, err, initCgDirpath) // NOTE: initCgDirPath is not guaranteed to exist because we didn't pause the container. err = cgroups.WriteCgroupProc(initCgDirpath, p.pid()) } From 37b5acc2d7af7a0a098e3f6543ee05c0bd4417fb Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 25 Jul 2025 17:34:35 -0700 Subject: [PATCH 1033/1176] libct: use manager.AddPid to add exec to cgroup The main benefit here is when we are using a systemd cgroup driver, we actually ask systemd to add a PID, rather than doing it ourselves. This way, we can add rootless exec PID to a cgroup. This requires newer opencontainers/cgroups and coreos/go-systemd. Signed-off-by: Kir Kolyshkin --- go.mod | 2 +- go.sum | 4 +-- libcontainer/container_linux_test.go | 4 +++ libcontainer/process_linux.go | 34 +++++++++++-------- tests/integration/exec.bats | 12 +++---- .../opencontainers/cgroups/cgroups.go | 5 +++ .../opencontainers/cgroups/fs/fs.go | 29 ++++++++++++++++ .../opencontainers/cgroups/fs2/fs2.go | 13 +++++++ .../opencontainers/cgroups/systemd/common.go | 15 ++++++++ .../opencontainers/cgroups/systemd/v1.go | 19 +++++++++++ .../opencontainers/cgroups/systemd/v2.go | 10 ++++++ vendor/modules.txt | 2 +- 12 files changed, 124 insertions(+), 25 deletions(-) diff --git a/go.mod b/go.mod index 978207c5397..6f1188b2847 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/moby/sys/user v0.4.0 github.com/moby/sys/userns v0.1.0 github.com/mrunalp/fileutils v0.5.1 - github.com/opencontainers/cgroups v0.0.4 + github.com/opencontainers/cgroups v0.0.5 github.com/opencontainers/runtime-spec v1.2.2-0.20250818071321-383cadbf08c0 github.com/opencontainers/selinux v1.12.0 github.com/seccomp/libseccomp-golang v0.11.1 diff --git a/go.sum b/go.sum index 8b3857e42ba..b72da610ad9 100644 --- a/go.sum +++ b/go.sum @@ -44,8 +44,8 @@ github.com/moby/sys/userns v0.1.0 h1:tVLXkFOxVu9A64/yh59slHVv9ahO9UIev4JZusOLG/g github.com/moby/sys/userns v0.1.0/go.mod h1:IHUYgu/kao6N8YZlp9Cf444ySSvCmDlmzUcYfDHOl28= github.com/mrunalp/fileutils v0.5.1 h1:F+S7ZlNKnrwHfSwdlgNSkKo67ReVf8o9fel6C3dkm/Q= github.com/mrunalp/fileutils v0.5.1/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ= -github.com/opencontainers/cgroups v0.0.4 h1:XVj8P/IHVms/j+7eh8ggdkTLAxjz84ZzuFyGoE28DR4= -github.com/opencontainers/cgroups v0.0.4/go.mod h1:s8lktyhlGUqM7OSRL5P7eAW6Wb+kWPNvt4qvVfzA5vs= +github.com/opencontainers/cgroups v0.0.5 h1:DRITAqcOnY0uSBzIpt1RYWLjh5DPDiqUs4fY6Y0ktls= +github.com/opencontainers/cgroups v0.0.5/go.mod h1:oWVzJsKK0gG9SCRBfTpnn16WcGEqDI8PAcpMGbqWxcs= github.com/opencontainers/runtime-spec v1.2.2-0.20250818071321-383cadbf08c0 h1:RLn0YfUWkiqPGtgUANvJrcjIkCHGRl3jcz/c557M28M= github.com/opencontainers/runtime-spec v1.2.2-0.20250818071321-383cadbf08c0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/selinux v1.12.0 h1:6n5JV4Cf+4y0KNXW48TLj5DwfXpvWlxXplUkdTrmPb8= diff --git a/libcontainer/container_linux_test.go b/libcontainer/container_linux_test.go index e6bdd86ba2a..0d0dc4451d3 100644 --- a/libcontainer/container_linux_test.go +++ b/libcontainer/container_linux_test.go @@ -32,6 +32,10 @@ func (m *mockCgroupManager) Apply(pid int) error { return nil } +func (m *mockCgroupManager) AddPid(_ string, _ int) error { + return nil +} + func (m *mockCgroupManager) Set(_ *cgroups.Resources) error { return nil } diff --git a/libcontainer/process_linux.go b/libcontainer/process_linux.go index 9e68022702f..852633d7dad 100644 --- a/libcontainer/process_linux.go +++ b/libcontainer/process_linux.go @@ -247,6 +247,18 @@ func (p *setnsProcess) setFinalCPUAffinity() error { } func (p *setnsProcess) addIntoCgroupV1() error { + if sub, ok := p.process.SubCgroupPaths[""]; ok || len(p.process.SubCgroupPaths) == 0 { + // Either same sub-cgroup for all paths, or no sub-cgroup. + err := p.manager.AddPid(sub, p.pid()) + if err != nil && !p.rootlessCgroups { + return fmt.Errorf("error adding pid %d to cgroups: %w", p.pid(), err) + } + return nil + } + + // Per-controller sub-cgroup paths. Not supported by AddPid (or systemd), + // so we have to calculate and check all sub-cgroup paths, and write + // directly to cgroupfs. paths := maps.Clone(p.manager.GetPaths()) for ctrl, sub := range p.process.SubCgroupPaths { base, ok := paths[ctrl] @@ -255,7 +267,7 @@ func (p *setnsProcess) addIntoCgroupV1() error { } cgPath := path.Join(base, sub) if !strings.HasPrefix(cgPath, base) { - return fmt.Errorf("%s is not a sub cgroup path", sub) + return fmt.Errorf("bad sub cgroup path: %s", sub) } paths[ctrl] = cgPath } @@ -270,18 +282,10 @@ func (p *setnsProcess) addIntoCgroupV1() error { } func (p *setnsProcess) addIntoCgroupV2() error { - base := p.manager.Path("") - sub := "" - if p.process.SubCgroupPaths != nil { - sub = p.process.SubCgroupPaths[""] - } - cgPath := path.Join(base, sub) - if !strings.HasPrefix(cgPath, base) { - return fmt.Errorf("%s is not a sub cgroup path", sub) - } - - if err := cgroups.WriteCgroupProc(cgPath, p.pid()); err != nil && !p.rootlessCgroups { - // On cgroup v2 + nesting + domain controllers, WriteCgroupProc may fail with EBUSY. + sub := p.process.SubCgroupPaths[""] + err := p.manager.AddPid(sub, p.pid()) + if err != nil && !p.rootlessCgroups { + // On cgroup v2 + nesting + domain controllers, adding to initial cgroup may fail with EBUSY. // https://github.com/opencontainers/runc/issues/2356#issuecomment-621277643 // Try to join the cgroup of InitProcessPid, unless sub-cgroup is explicitly set. if p.initProcessPid != 0 && sub == "" { @@ -290,8 +294,8 @@ func (p *setnsProcess) addIntoCgroupV2() error { if initCgErr == nil { if initCgPath, ok := initCg[""]; ok { initCgDirpath := filepath.Join(fs2.UnifiedMountpoint, initCgPath) - logrus.Debugf("adding pid %d to cgroup %s failed (%v), attempting to join %s", - p.pid(), cgPath, err, initCgDirpath) + logrus.Debugf("adding pid %d to cgroup failed (%v), attempting to join %s", + p.pid(), err, initCgDirpath) // NOTE: initCgDirPath is not guaranteed to exist because we didn't pause the container. err = cgroups.WriteCgroupProc(initCgDirpath, p.pid()) } diff --git a/tests/integration/exec.bats b/tests/integration/exec.bats index 43fe4c3cde1..35e1cad285e 100644 --- a/tests/integration/exec.bats +++ b/tests/integration/exec.bats @@ -226,17 +226,17 @@ function check_exec_debug() { # Check we can't join parent cgroup. runc exec --cgroup ".." test_busybox cat /proc/self/cgroup [ "$status" -ne 0 ] - [[ "$output" == *" .. is not a sub cgroup path"* ]] + [[ "$output" == *"bad sub cgroup path"* ]] # Check we can't join non-existing subcgroup. runc exec --cgroup nonexistent test_busybox cat /proc/self/cgroup [ "$status" -ne 0 ] - [[ "$output" == *" adding pid "*"/nonexistent/cgroup.procs: no such file "* ]] + [[ "$output" == *" adding pid "*"o such file or directory"* ]] # Check we can't join non-existing subcgroup (for a particular controller). runc exec --cgroup cpu:nonexistent test_busybox cat /proc/self/cgroup [ "$status" -ne 0 ] - [[ "$output" == *" adding pid "*"/nonexistent/cgroup.procs: no such file "* ]] + [[ "$output" == *" adding pid "*"o such file or directory"* ]] # Check we can't specify non-existent controller. runc exec --cgroup whaaat:/ test_busybox true @@ -277,12 +277,12 @@ function check_exec_debug() { # Check we can't join parent cgroup. runc exec --cgroup ".." test_busybox cat /proc/self/cgroup [ "$status" -ne 0 ] - [[ "$output" == *" .. is not a sub cgroup path"* ]] + [[ "$output" == *"bad sub cgroup path"* ]] # Check we can't join non-existing subcgroup. runc exec --cgroup nonexistent test_busybox cat /proc/self/cgroup [ "$status" -ne 0 ] - [[ "$output" == *" adding pid "*"/nonexistent/cgroup.procs: no such file "* ]] + [[ "$output" == *" adding pid "*"o such file or directory"* ]] # Check we can join top-level cgroup (implicit). runc exec test_busybox grep '^0::/$' /proc/self/cgroup @@ -318,7 +318,7 @@ function check_exec_debug() { # Check that --cgroup / disables the init cgroup fallback. runc exec --cgroup / test_busybox true [ "$status" -ne 0 ] - [[ "$output" == *" adding pid "*" to cgroups"*"/cgroup.procs: device or resource busy"* ]] + [[ "$output" == *" adding pid "*" to cgroups"*"evice or resource busy"* ]] # Check that explicit --cgroup foobar works. runc exec --cgroup foobar test_busybox grep '^0::/foobar$' /proc/self/cgroup diff --git a/vendor/github.com/opencontainers/cgroups/cgroups.go b/vendor/github.com/opencontainers/cgroups/cgroups.go index 1f127550c08..5a97bd36b71 100644 --- a/vendor/github.com/opencontainers/cgroups/cgroups.go +++ b/vendor/github.com/opencontainers/cgroups/cgroups.go @@ -29,6 +29,11 @@ type Manager interface { // can be used to merely create a cgroup. Apply(pid int) error + // AddPid adds a process with a given pid to an existing cgroup. + // The subcgroup argument is either empty, or a path relative to + // a cgroup under under the manager's cgroup. + AddPid(subcgroup string, pid int) error + // GetPids returns the PIDs of all processes inside the cgroup. GetPids() ([]int, error) diff --git a/vendor/github.com/opencontainers/cgroups/fs/fs.go b/vendor/github.com/opencontainers/cgroups/fs/fs.go index 23a8fb8742f..625931193ec 100644 --- a/vendor/github.com/opencontainers/cgroups/fs/fs.go +++ b/vendor/github.com/opencontainers/cgroups/fs/fs.go @@ -4,6 +4,8 @@ import ( "errors" "fmt" "os" + "path" + "strings" "sync" "golang.org/x/sys/unix" @@ -139,6 +141,33 @@ func (m *Manager) Apply(pid int) (retErr error) { return retErr } +// AddPid adds a process with a given pid to an existing cgroup. +// The subcgroup argument is either empty, or a path relative to +// a cgroup under under the manager's cgroup. +func (m *Manager) AddPid(subcgroup string, pid int) (retErr error) { + m.mu.Lock() + defer m.mu.Unlock() + + c := m.cgroups + + for _, dir := range m.paths { + path := path.Join(dir, subcgroup) + if !strings.HasPrefix(path, dir) { + return fmt.Errorf("bad sub cgroup path: %s", subcgroup) + } + + if err := cgroups.WriteCgroupProc(path, pid); err != nil { + if isIgnorableError(c.Rootless, err) && c.Path == "" { + retErr = cgroups.ErrRootless + continue + } + return err + } + } + + return retErr +} + func (m *Manager) Destroy() error { m.mu.Lock() defer m.mu.Unlock() diff --git a/vendor/github.com/opencontainers/cgroups/fs2/fs2.go b/vendor/github.com/opencontainers/cgroups/fs2/fs2.go index c5d5a1f8ec3..356d087985c 100644 --- a/vendor/github.com/opencontainers/cgroups/fs2/fs2.go +++ b/vendor/github.com/opencontainers/cgroups/fs2/fs2.go @@ -4,6 +4,7 @@ import ( "errors" "fmt" "os" + "path/filepath" "strings" "github.com/opencontainers/cgroups" @@ -83,6 +84,18 @@ func (m *Manager) Apply(pid int) error { return nil } +// AddPid adds a process with a given pid to an existing cgroup. +// The subcgroup argument is either empty, or a path relative to +// a cgroup under under the manager's cgroup. +func (m *Manager) AddPid(subcgroup string, pid int) error { + path := filepath.Join(m.dirPath, subcgroup) + if !strings.HasPrefix(path, m.dirPath) { + return fmt.Errorf("bad sub cgroup path: %s", subcgroup) + } + + return cgroups.WriteCgroupProc(path, pid) +} + func (m *Manager) GetPids() ([]int, error) { return cgroups.GetPids(m.dirPath) } diff --git a/vendor/github.com/opencontainers/cgroups/systemd/common.go b/vendor/github.com/opencontainers/cgroups/systemd/common.go index 875a589e3d8..537defbf2d1 100644 --- a/vendor/github.com/opencontainers/cgroups/systemd/common.go +++ b/vendor/github.com/opencontainers/cgroups/systemd/common.go @@ -6,6 +6,7 @@ import ( "fmt" "math" "os" + "path" "strconv" "strings" "sync" @@ -208,6 +209,20 @@ func stopUnit(cm *dbusConnManager, unitName string) error { return nil } +func addPid(cm *dbusConnManager, unitName, subcgroup string, pid int) error { + absSubcgroup := subcgroup + if !path.IsAbs(absSubcgroup) { + absSubcgroup = "/" + subcgroup + } + if absSubcgroup != path.Clean(absSubcgroup) { + return fmt.Errorf("bad sub cgroup path: %s", subcgroup) + } + + return cm.retryOnDisconnect(func(c *systemdDbus.Conn) error { + return c.AttachProcessesToUnit(context.TODO(), unitName, absSubcgroup, []uint32{uint32(pid)}) + }) +} + func resetFailedUnit(cm *dbusConnManager, name string) error { return cm.retryOnDisconnect(func(c *systemdDbus.Conn) error { return c.ResetFailedUnitContext(context.TODO(), name) diff --git a/vendor/github.com/opencontainers/cgroups/systemd/v1.go b/vendor/github.com/opencontainers/cgroups/systemd/v1.go index b8959adbfa6..5500a53ac0f 100644 --- a/vendor/github.com/opencontainers/cgroups/systemd/v1.go +++ b/vendor/github.com/opencontainers/cgroups/systemd/v1.go @@ -215,6 +215,25 @@ func (m *LegacyManager) Apply(pid int) error { return nil } +// AddPid adds a process with a given pid to an existing cgroup. +// The subcgroup argument is either empty, or a path relative to +// a cgroup under under the manager's cgroup. +func (m *LegacyManager) AddPid(subcgroup string, pid int) error { + m.mu.Lock() + defer m.mu.Unlock() + + if err := addPid(m.dbus, getUnitName(m.cgroups), subcgroup, pid); err != nil { + return err + } + + // Since systemd only joins controllers it knows, use cgroupfs for the rest. + fsMgr, err := fs.NewManager(m.cgroups, m.paths) + if err != nil { + return err + } + return fsMgr.AddPid(subcgroup, pid) +} + func (m *LegacyManager) Destroy() error { m.mu.Lock() defer m.mu.Unlock() diff --git a/vendor/github.com/opencontainers/cgroups/systemd/v2.go b/vendor/github.com/opencontainers/cgroups/systemd/v2.go index 636b9cb01b5..c2f2e87f3ba 100644 --- a/vendor/github.com/opencontainers/cgroups/systemd/v2.go +++ b/vendor/github.com/opencontainers/cgroups/systemd/v2.go @@ -383,6 +383,16 @@ func cgroupFilesToChown() ([]string, error) { return filesToChown, nil } +// AddPid adds a process with a given pid to an existing cgroup. +// The subcgroup argument is either empty, or a path relative to +// a cgroup under under the manager's cgroup. +func (m *UnifiedManager) AddPid(subcgroup string, pid int) error { + m.mu.Lock() + defer m.mu.Unlock() + + return addPid(m.dbus, getUnitName(m.cgroups), subcgroup, pid) +} + func (m *UnifiedManager) Destroy() error { m.mu.Lock() defer m.mu.Unlock() diff --git a/vendor/modules.txt b/vendor/modules.txt index a86e8a19419..95a463ebb31 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -51,7 +51,7 @@ github.com/moby/sys/userns # github.com/mrunalp/fileutils v0.5.1 ## explicit; go 1.13 github.com/mrunalp/fileutils -# github.com/opencontainers/cgroups v0.0.4 +# github.com/opencontainers/cgroups v0.0.5 ## explicit; go 1.23.0 github.com/opencontainers/cgroups github.com/opencontainers/cgroups/devices From 7aa4e1a63df265d62478313e7b8ff40d6e10783b Mon Sep 17 00:00:00 2001 From: Markus Lehtonen Date: Fri, 1 Aug 2025 11:07:31 +0300 Subject: [PATCH 1034/1176] libcontainer/intelrdt: add support for EnableMonitoring field The linux.intelRdt.enableMonitoring field enables the creation of a per-container monitoring group. The monitoring group is removed when the container is destroyed. Signed-off-by: Markus Lehtonen --- features.go | 5 +- libcontainer/configs/intelrdt.go | 3 + .../configs/validate/intelrdt_test.go | 17 +- libcontainer/container_linux.go | 8 + libcontainer/intelrdt/intelrdt.go | 47 ++++- libcontainer/intelrdt/intelrdt_test.go | 186 ++++++++++++++++-- libcontainer/specconv/spec_linux.go | 9 +- 7 files changed, 234 insertions(+), 41 deletions(-) diff --git a/features.go b/features.go index 72aef5c3c51..292f9bde26e 100644 --- a/features.go +++ b/features.go @@ -56,8 +56,9 @@ var featuresCommand = cli.Command{ Enabled: &t, }, IntelRdt: &features.IntelRdt{ - Enabled: &t, - Schemata: &t, + Enabled: &t, + Schemata: &t, + Monitoring: &t, }, MountExtensions: &features.MountExtensions{ IDMap: &features.IDMap{ diff --git a/libcontainer/configs/intelrdt.go b/libcontainer/configs/intelrdt.go index ddf1bb3a855..11ccc2d1f59 100644 --- a/libcontainer/configs/intelrdt.go +++ b/libcontainer/configs/intelrdt.go @@ -17,4 +17,7 @@ type IntelRdt struct { // The unit of memory bandwidth is specified in "percentages" by // default, and in "MBps" if MBA Software Controller is enabled. MemBwSchema string `json:"memBwSchema,omitempty"` + + // Create a monitoring group for the container. + EnableMonitoring bool `json:"enableMonitoring,omitempty"` } diff --git a/libcontainer/configs/validate/intelrdt_test.go b/libcontainer/configs/validate/intelrdt_test.go index d8672225fda..ddee2562559 100644 --- a/libcontainer/configs/validate/intelrdt_test.go +++ b/libcontainer/configs/validate/intelrdt_test.go @@ -19,22 +19,17 @@ func TestValidateIntelRdt(t *testing.T) { isErr bool }{ { - name: "rdt not supported, no config", - rdtEnabled: false, - config: nil, - isErr: false, + name: "rdt not supported, no config", }, { - name: "rdt not supported, with config", - rdtEnabled: false, - config: &configs.IntelRdt{}, - isErr: true, + name: "rdt not supported, with config", + config: &configs.IntelRdt{}, + isErr: true, }, { name: "empty config", rdtEnabled: true, config: &configs.IntelRdt{}, - isErr: false, }, { name: "root clos", @@ -42,7 +37,6 @@ func TestValidateIntelRdt(t *testing.T) { config: &configs.IntelRdt{ ClosID: "/", }, - isErr: false, }, { name: "invalid ClosID (.)", @@ -71,7 +65,6 @@ func TestValidateIntelRdt(t *testing.T) { { name: "cat not supported", rdtEnabled: true, - catEnabled: false, config: &configs.IntelRdt{ L3CacheSchema: "0=ff", }, @@ -80,7 +73,6 @@ func TestValidateIntelRdt(t *testing.T) { { name: "mba not supported", rdtEnabled: true, - mbaEnabled: false, config: &configs.IntelRdt{ MemBwSchema: "0=100", }, @@ -96,7 +88,6 @@ func TestValidateIntelRdt(t *testing.T) { L3CacheSchema: "0=ff", MemBwSchema: "0=100", }, - isErr: false, }, } for _, tc := range testCases { diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index 7f0c51f31cf..ec417b66d08 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -73,6 +73,11 @@ type State struct { // Intel RDT "resource control" filesystem path. IntelRdtPath string `json:"intel_rdt_path,omitempty"` + + // Path of the container specific monitoring group in resctrl filesystem. + // Empty if the container does not have aindividual dedicated monitoring + // group. + IntelRdtMonPath string `json:"intel_rdt_mon_path,omitempty"` } // ID returns the container's unique ID @@ -942,8 +947,10 @@ func (c *Container) currentState() *State { } intelRdtPath := "" + intelRdtMonPath := "" if c.intelRdtManager != nil { intelRdtPath = c.intelRdtManager.GetPath() + intelRdtMonPath = c.intelRdtManager.GetMonPath() } state := &State{ BaseState: BaseState{ @@ -956,6 +963,7 @@ func (c *Container) currentState() *State { Rootless: c.config.RootlessEUID && c.config.RootlessCgroups, CgroupPaths: c.cgroupManager.GetPaths(), IntelRdtPath: intelRdtPath, + IntelRdtMonPath: intelRdtMonPath, NamespacePaths: make(map[configs.NamespaceType]string), ExternalDescriptors: externalDescriptors, } diff --git a/libcontainer/intelrdt/intelrdt.go b/libcontainer/intelrdt/intelrdt.go index c3cd9ef2372..aa935231154 100644 --- a/libcontainer/intelrdt/intelrdt.go +++ b/libcontainer/intelrdt/intelrdt.go @@ -468,22 +468,41 @@ func (m *Manager) Apply(pid int) (err error) { return newLastCmdError(err) } + // Create MON group + if monPath := m.GetMonPath(); monPath != "" { + if err := os.Mkdir(monPath, 0o755); err != nil && !os.IsExist(err) { + return newLastCmdError(err) + } + if err := WriteIntelRdtTasks(monPath, pid); err != nil { + return newLastCmdError(err) + } + } + m.path = path return nil } // Destroy destroys the Intel RDT container-specific container_id group. func (m *Manager) Destroy() error { + if m.config.IntelRdt == nil { + return nil + } // Don't remove resctrl group if closid has been explicitly specified. The // group is likely externally managed, i.e. by some other entity than us. // There are probably other containers/tasks sharing the same group. - if m.config.IntelRdt != nil && m.config.IntelRdt.ClosID == "" { + if m.config.IntelRdt.ClosID == "" { m.mu.Lock() defer m.mu.Unlock() if err := os.Remove(m.GetPath()); err != nil && !os.IsNotExist(err) { return err } m.path = "" + } else if monPath := m.GetMonPath(); monPath != "" { + // If ClosID is not specified the possible monintoring group was + // removed with the CLOS above. + if err := os.Remove(monPath); err != nil && !os.IsNotExist(err) { + return err + } } return nil } @@ -494,6 +513,21 @@ func (m *Manager) GetPath() string { return m.path } +// GetMonPath returns path of the monitoring group of the container. Returns an +// empty string if the container does not have a individual dedicated +// monitoring group. +func (m *Manager) GetMonPath() string { + if !m.config.IntelRdt.EnableMonitoring { + return "" + } + closPath := m.GetPath() + if closPath == "" { + return "" + } + + return filepath.Join(closPath, "mon_groups", m.id) +} + // GetStats returns statistics for Intel RDT. func (m *Manager) GetStats() (*Stats, error) { // If intelRdt is not specified in config @@ -573,7 +607,16 @@ func (m *Manager) GetStats() (*Stats, error) { } if IsMBMEnabled() || IsCMTEnabled() { - err = getMonitoringStats(containerPath, stats) + monPath := m.GetMonPath() + if monPath == "" { + // NOTE: If per-container monitoring is not enabled, the monitoring + // data we get here might have little to do with this container as + // there might be anything from this single container to the half + // of the system assigned in the group. Should consider not + // exposing stats in this case(?) + monPath = containerPath + } + err = getMonitoringStats(monPath, stats) if err != nil { return nil, err } diff --git a/libcontainer/intelrdt/intelrdt_test.go b/libcontainer/intelrdt/intelrdt_test.go index 209424d554c..1ed05860e38 100644 --- a/libcontainer/intelrdt/intelrdt_test.go +++ b/libcontainer/intelrdt/intelrdt_test.go @@ -4,6 +4,7 @@ import ( "os" "path/filepath" "slices" + "strconv" "strings" "testing" @@ -126,31 +127,176 @@ func TestIntelRdtSet(t *testing.T) { } func TestApply(t *testing.T) { - helper := NewIntelRdtTestUtil(t) + const pid = 1234 + tests := []struct { + name string + config configs.IntelRdt + precreateClos bool + isError bool + postApplyAssert func(*Manager) + }{ + { + name: "failure because non-pre-existing CLOS", + config: configs.IntelRdt{ + ClosID: "non-existing-clos", + }, + isError: true, + postApplyAssert: func(m *Manager) { + if _, err := os.Stat(m.path); err == nil { + t.Fatal("closid dir should not exist") + } + }, + }, + { + name: "CLOS dir should be created if some schema has been specified", + config: configs.IntelRdt{ + ClosID: "clos-to-be-created", + L3CacheSchema: "L3:0=f", + }, + postApplyAssert: func(m *Manager) { + pids, err := getIntelRdtParamString(m.path, "tasks") + if err != nil { + t.Fatalf("failed to read tasks file: %v", err) + } + if pids != strconv.Itoa(pid) { + t.Fatalf("unexpected tasks file, expected '%d', got %q", pid, pids) + } + }, + }, + { + name: "clos and monitoring group should be created if EnableMonitoring is true", + config: configs.IntelRdt{ + EnableMonitoring: true, + }, + precreateClos: true, + postApplyAssert: func(m *Manager) { + pids, err := getIntelRdtParamString(m.path, "tasks") + if err != nil { + t.Fatalf("failed to read tasks file: %v", err) + } + if pids != strconv.Itoa(pid) { + t.Fatalf("unexpected tasks file, expected '%d', got %q", pid, pids) + } + }, + }, + } - const closID = "test-clos" - closPath := filepath.Join(helper.IntelRdtPath, closID) + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + NewIntelRdtTestUtil(t) + id := "abcd-1234" + closPath := filepath.Join(intelRdtRoot, id) + if tt.config.ClosID != "" { + closPath = filepath.Join(intelRdtRoot, tt.config.ClosID) + } - helper.config.IntelRdt.ClosID = closID - intelrdt := newManager(helper.config, "container-1", closPath) - if err := intelrdt.Apply(1234); err == nil { - t.Fatal("unexpected success when applying pid") - } - if _, err := os.Stat(closPath); err == nil { - t.Fatal("closid dir should not exist") + if tt.precreateClos { + if err := os.MkdirAll(filepath.Join(closPath, "mon_groups"), 0o755); err != nil { + t.Fatal(err) + } + } + m := newManager(&configs.Config{IntelRdt: &tt.config}, id, closPath) + err := m.Apply(pid) + if tt.isError && err == nil { + t.Fatal("expected error, got nil") + } else if !tt.isError && err != nil { + t.Fatalf("unexpected error: %v", err) + } + tt.postApplyAssert(m) + }) } +} - // Dir should be created if some schema has been specified - intelrdt.config.IntelRdt.L3CacheSchema = "L3:0=f" - if err := intelrdt.Apply(1235); err != nil { - t.Fatalf("Apply() failed: %v", err) - } +func TestDestroy(t *testing.T) { + tests := []struct { + name string + config configs.IntelRdt + testFunc func(*Manager) + }{ + { + name: "per-container CLOS dir should be removed", + testFunc: func(m *Manager) { + closPath := m.path + if _, err := os.Stat(closPath); err != nil { + t.Fatal("CLOS dir should exist") + } + // Need to delete the tasks file so that the dir is empty + if err := os.Remove(filepath.Join(closPath, "tasks")); err != nil { + t.Fatalf("failed to remove tasks file: %v", err) + } + if err := m.Destroy(); err != nil { + t.Fatalf("Destroy() failed: %v", err) + } + if _, err := os.Stat(closPath); err == nil { + t.Fatal("CLOS dir should not exist") + } + }, + }, + { + name: "pre-existing CLOS should not be removed", + config: configs.IntelRdt{ + ClosID: "pre-existing-clos", + }, + testFunc: func(m *Manager) { + closPath := m.path - pids, err := getIntelRdtParamString(intelrdt.GetPath(), "tasks") - if err != nil { - t.Fatalf("failed to read tasks file: %v", err) + if _, err := os.Stat(closPath); err != nil { + t.Fatal("CLOS dir should exist") + } + if err := m.Destroy(); err != nil { + t.Fatalf("Destroy() failed: %v", err) + } + if _, err := os.Stat(closPath); err != nil { + t.Fatal("CLOS dir should exist") + } + }, + }, + { + name: "per-container MON dir in pre-existing CLOS should be removed", + config: configs.IntelRdt{ + ClosID: "pre-existing-clos", + EnableMonitoring: true, + }, + testFunc: func(m *Manager) { + closPath := m.path + + monPath := filepath.Join(closPath, "mon_groups", m.id) + if _, err := os.Stat(monPath); err != nil { + t.Fatal("MON dir should exist") + } + // Need to delete the tasks file so that the dir is empty + os.Remove(filepath.Join(monPath, "tasks")) + if err := m.Destroy(); err != nil { + t.Fatalf("Destroy() failed: %v", err) + } + if _, err := os.Stat(closPath); err != nil { + t.Fatalf("CLOS dir should exist: %f", err) + } + if _, err := os.Stat(monPath); err == nil { + t.Fatal("MON dir should not exist") + } + }, + }, } - if pids != "1235" { - t.Fatalf("unexpected tasks file, expected '1235', got %q", pids) + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + NewIntelRdtTestUtil(t) + + id := "abcd-1234" + closPath := filepath.Join(intelRdtRoot, id) + if tt.config.ClosID != "" { + closPath = filepath.Join(intelRdtRoot, tt.config.ClosID) + // Pre-create the CLOS directory + if err := os.MkdirAll(filepath.Join(closPath, "mon_groups"), 0o755); err != nil { + t.Fatal(err) + } + } + m := newManager(&configs.Config{IntelRdt: &tt.config}, id, closPath) + if err := m.Apply(1234); err != nil { + t.Fatalf("Apply() failed: %v", err) + } + tt.testFunc(m) + }) } } diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go index b19ba358bc5..d06ed756463 100644 --- a/libcontainer/specconv/spec_linux.go +++ b/libcontainer/specconv/spec_linux.go @@ -462,10 +462,11 @@ func CreateLibcontainerConfig(opts *CreateOpts) (*configs.Config, error) { } if spec.Linux.IntelRdt != nil { config.IntelRdt = &configs.IntelRdt{ - ClosID: spec.Linux.IntelRdt.ClosID, - Schemata: spec.Linux.IntelRdt.Schemata, - L3CacheSchema: spec.Linux.IntelRdt.L3CacheSchema, - MemBwSchema: spec.Linux.IntelRdt.MemBwSchema, + ClosID: spec.Linux.IntelRdt.ClosID, + Schemata: spec.Linux.IntelRdt.Schemata, + L3CacheSchema: spec.Linux.IntelRdt.L3CacheSchema, + MemBwSchema: spec.Linux.IntelRdt.MemBwSchema, + EnableMonitoring: spec.Linux.IntelRdt.EnableMonitoring, } } if spec.Linux.Personality != nil { From f7dda6e6dc4ccfb69c5e2a1cbae9b25cf60d7ac6 Mon Sep 17 00:00:00 2001 From: lifubang Date: Thu, 25 Sep 2025 09:39:29 +0000 Subject: [PATCH 1035/1176] libct: setup personality before initializing seccomp Set the process personality early to ensure it takes effect before seccomp is initialized. If seccomp filters are applied first and they block personality-related system calls (e.g., `personality(2)`), subsequent attempts to set the personality will fail. Signed-off-by: lifubang --- libcontainer/setns_init_linux.go | 13 ++++++++----- libcontainer/standard_init_linux.go | 14 +++++++------- 2 files changed, 15 insertions(+), 12 deletions(-) diff --git a/libcontainer/setns_init_linux.go b/libcontainer/setns_init_linux.go index a3d9a8d92af..2bdaa4de8d5 100644 --- a/libcontainer/setns_init_linux.go +++ b/libcontainer/setns_init_linux.go @@ -80,6 +80,14 @@ func (l *linuxSetnsInit) Init() error { if err := setupIOPriority(l.config); err != nil { return err } + + // Set personality if specified. + if l.config.Config.Personality != nil { + if err := setupPersonality(l.config.Config); err != nil { + return err + } + } + // Tell our parent that we're ready to exec. This must be done before the // Seccomp rules have been applied, because we need to be able to read and // write to a socket. @@ -110,11 +118,6 @@ func (l *linuxSetnsInit) Init() error { if err := apparmor.ApplyProfile(l.config.AppArmorProfile); err != nil { return err } - if l.config.Config.Personality != nil { - if err := setupPersonality(l.config.Config); err != nil { - return err - } - } // Check for the arg early to make sure it exists. name, err := exec.LookPath(l.config.Args[0]) if err != nil { diff --git a/libcontainer/standard_init_linux.go b/libcontainer/standard_init_linux.go index 6bf5ba39cc8..901bd394e6a 100644 --- a/libcontainer/standard_init_linux.go +++ b/libcontainer/standard_init_linux.go @@ -164,6 +164,13 @@ func (l *linuxStandardInit) Init() error { return err } + // Set personality if specified. + if l.config.Config.Personality != nil { + if err := setupPersonality(l.config.Config); err != nil { + return err + } + } + // Tell our parent that we're ready to exec. This must be done before the // Seccomp rules have been applied, because we need to be able to read and // write to a socket. @@ -238,13 +245,6 @@ func (l *linuxStandardInit) Init() error { } } - // Set personality if specified. - if l.config.Config.Personality != nil { - if err := setupPersonality(l.config.Config); err != nil { - return err - } - } - // Close the pipe to signal that we have completed our init. logrus.Debugf("init: closing the pipe to signal completion") _ = l.pipe.Close() From 57f1bef4226e0bc94189610d4cccb1d5aafca19e Mon Sep 17 00:00:00 2001 From: lifubang Date: Thu, 25 Sep 2025 09:41:27 +0000 Subject: [PATCH 1036/1176] test: runc run with personality syscall blocked by seccomp Signed-off-by: lifubang --- tests/integration/personality.bats | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/tests/integration/personality.bats b/tests/integration/personality.bats index 37aa8e86fda..94e2ac1b25e 100644 --- a/tests/integration/personality.bats +++ b/tests/integration/personality.bats @@ -62,3 +62,21 @@ function teardown() { [ "$status" -eq 0 ] [[ "$output" == *"x86_64"* ]] } + +# check that personality can be set when the personality syscall is blocked by seccomp +@test "runc run with personality syscall blocked by seccomp" { + update_config ' + .linux.personality = { + "domain": "LINUX", + } + | .linux.seccomp = { + "defaultAction":"SCMP_ACT_ALLOW", + "syscalls":[{"names":["personality"], "action":"SCMP_ACT_ERRNO"}] + }' + + runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox + [ "$status" -eq 0 ] + runc exec test_busybox /bin/sh -c "uname -a" + [ "$status" -eq 0 ] + [[ "$output" == *"x86_64"* ]] +} From ce5400da08f59001c2906be781dfee2a0f6183ba Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Wed, 6 Aug 2025 23:08:13 -0700 Subject: [PATCH 1037/1176] Update `busybox:glibc` in integration tests to latest (1.37.0) builds This removes `mips64le` (no longer supported by the image / upstream in Debian Trixie+) and adds `riscv64`. Signed-off-by: Tianon Gravi --- tests/integration/bootstrap-get-images.sh | 6 ++-- tests/integration/get-images.sh | 40 +++++++++++------------ 2 files changed, 23 insertions(+), 23 deletions(-) diff --git a/tests/integration/bootstrap-get-images.sh b/tests/integration/bootstrap-get-images.sh index 78d512cfc68..c826d0ab959 100755 --- a/tests/integration/bootstrap-get-images.sh +++ b/tests/integration/bootstrap-get-images.sh @@ -9,8 +9,8 @@ set -Eeuo pipefail # https://github.com/docker-library/bashbrew/releases images=( - # pinned to an older BusyBox (prior to 1.36 becoming "latest") because 1.36.0 has some unresolved bugs, especially around sha256sum - 'https://github.com/docker-library/official-images/raw/eaed422a86b43c885a0f980d48f4bbf346086a4a/library/busybox:glibc' + # https://github.com/docker-library/official-images/commits/HEAD/library/busybox + 'https://github.com/docker-library/official-images/raw/67f09d75e7915359c2216cb12cf6fc1150d42a26/library/busybox:glibc' # pinned to an older Debian Buster which has more architectures than the latest does (Buster transitioned from the Debian Security Team to the LTS Team which supports a smaller set) 'https://github.com/docker-library/official-images/raw/ce10f6b60289c0c0b5de6f785528b8725f225a58/library/debian:buster-slim' @@ -76,7 +76,7 @@ bashbrew cat --format ' {{- $branch := $.TagEntry.ArchGitFetch . | trimPrefixes "refs/heads/" -}} {{- $commit := $.TagEntry.ArchGitCommit . -}} {{- $dir := $.TagEntry.ArchDirectory . -}} - {{- $tarball := eq $.RepoName "debian" | ternary "rootfs.tar.xz" "busybox.tar.xz" -}} + {{- $tarball := eq $.RepoName "debian" | ternary "rootfs.tar.xz" "rootfs.tar.gz" -}} {{ . | replace "arm64v8" "arm64" "arm32" "arm" "i386" "386" }} {{- ")\n" -}} {{- "\t" -}}# {{ $repo }}/tree/{{ $branch }}{{- "\n" -}} diff --git a/tests/integration/get-images.sh b/tests/integration/get-images.sh index 5fc20cf1b5e..09d2809affa 100755 --- a/tests/integration/get-images.sh +++ b/tests/integration/get-images.sh @@ -49,50 +49,50 @@ fi case $arch in amd64) # https://github.com/docker-library/busybox/tree/dist-amd64 - # https://github.com/docker-library/busybox/tree/31d342ad033e27c18723a516a2274ab39547be27/stable/glibc - url="https://github.com/docker-library/busybox/raw/31d342ad033e27c18723a516a2274ab39547be27/stable/glibc/busybox.tar.xz" + # https://github.com/docker-library/busybox/tree/9c2d0c6fbaaf2ca1b4c19027fa515d9e797e7199/latest/glibc/amd64 + url="https://github.com/docker-library/busybox/raw/9c2d0c6fbaaf2ca1b4c19027fa515d9e797e7199/latest/glibc/amd64/rootfs.tar.gz" ;; armv5) # https://github.com/docker-library/busybox/tree/dist-arm32v5 - # https://github.com/docker-library/busybox/tree/96ea82ea25565f78b50bd032d5768d64985d6e11/stable/glibc - url="https://github.com/docker-library/busybox/raw/96ea82ea25565f78b50bd032d5768d64985d6e11/stable/glibc/busybox.tar.xz" + # https://github.com/docker-library/busybox/tree/d687cd5484009bdf2ee3e79a78600f01a7edc912/latest/glibc/arm32v5 + url="https://github.com/docker-library/busybox/raw/d687cd5484009bdf2ee3e79a78600f01a7edc912/latest/glibc/arm32v5/rootfs.tar.gz" ;; armv7) # https://github.com/docker-library/busybox/tree/dist-arm32v7 - # https://github.com/docker-library/busybox/tree/5cb6c347469e86e4468e5e248de751b3598bb577/stable/glibc - url="https://github.com/docker-library/busybox/raw/5cb6c347469e86e4468e5e248de751b3598bb577/stable/glibc/busybox.tar.xz" + # https://github.com/docker-library/busybox/tree/c773a028ec0e18dc92e89e0bc57898883897ef8d/latest/glibc/arm32v7 + url="https://github.com/docker-library/busybox/raw/c773a028ec0e18dc92e89e0bc57898883897ef8d/latest/glibc/arm32v7/rootfs.tar.gz" ;; arm64) # https://github.com/docker-library/busybox/tree/dist-arm64v8 - # https://github.com/docker-library/busybox/tree/94c664b5ca464546266bce54be0082874a44c7b2/stable/glibc - url="https://github.com/docker-library/busybox/raw/94c664b5ca464546266bce54be0082874a44c7b2/stable/glibc/busybox.tar.xz" + # https://github.com/docker-library/busybox/tree/8141f5b047a1fbeefd842388244c045825a61c90/latest/glibc/arm64v8 + url="https://github.com/docker-library/busybox/raw/8141f5b047a1fbeefd842388244c045825a61c90/latest/glibc/arm64v8/rootfs.tar.gz" ;; 386) # https://github.com/docker-library/busybox/tree/dist-i386 - # https://github.com/docker-library/busybox/tree/461a473aef31b7726ea99909a24551bf44565c05/stable/glibc - url="https://github.com/docker-library/busybox/raw/461a473aef31b7726ea99909a24551bf44565c05/stable/glibc/busybox.tar.xz" - ;; - -mips64le) - # https://github.com/docker-library/busybox/tree/dist-mips64le - # https://github.com/docker-library/busybox/tree/47f73f7c735dcd6760a976bfe0012d251b6ef0a9/stable/glibc - url="https://github.com/docker-library/busybox/raw/47f73f7c735dcd6760a976bfe0012d251b6ef0a9/stable/glibc/busybox.tar.xz" + # https://github.com/docker-library/busybox/tree/ddcda848177fffa1df68fbed9cda06bd17757dad/latest/glibc/i386 + url="https://github.com/docker-library/busybox/raw/ddcda848177fffa1df68fbed9cda06bd17757dad/latest/glibc/i386/rootfs.tar.gz" ;; ppc64le) # https://github.com/docker-library/busybox/tree/dist-ppc64le - # https://github.com/docker-library/busybox/tree/9ca13bc214717966383cf97e08606b444b7300e4/stable/glibc - url="https://github.com/docker-library/busybox/raw/9ca13bc214717966383cf97e08606b444b7300e4/stable/glibc/busybox.tar.xz" + # https://github.com/docker-library/busybox/tree/ddb1ced9350261eb7aa6d117052d04a5ad8dd1b7/latest/glibc/ppc64le + url="https://github.com/docker-library/busybox/raw/ddb1ced9350261eb7aa6d117052d04a5ad8dd1b7/latest/glibc/ppc64le/rootfs.tar.gz" + ;; + +riscv64) + # https://github.com/docker-library/busybox/tree/dist-riscv64 + # https://github.com/docker-library/busybox/tree/aa4b2b5fc1583c52a2806f38772d2f684f3c3185/latest/glibc/riscv64 + url="https://github.com/docker-library/busybox/raw/aa4b2b5fc1583c52a2806f38772d2f684f3c3185/latest/glibc/riscv64/rootfs.tar.gz" ;; s390x) # https://github.com/docker-library/busybox/tree/dist-s390x - # https://github.com/docker-library/busybox/tree/a03814d21bcf97767121bb9422a742ec237a09e2/stable/glibc - url="https://github.com/docker-library/busybox/raw/a03814d21bcf97767121bb9422a742ec237a09e2/stable/glibc/busybox.tar.xz" + # https://github.com/docker-library/busybox/tree/52d5ab6b9089780aaa39f36c7d4562ee0f7ce3d5/latest/glibc/s390x + url="https://github.com/docker-library/busybox/raw/52d5ab6b9089780aaa39f36c7d4562ee0f7ce3d5/latest/glibc/s390x/rootfs.tar.gz" ;; *) From 5af4dd4e644519330686b4d6543b2beca59328ab Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 15 Jul 2025 16:31:49 -0700 Subject: [PATCH 1038/1176] runc exec: use CLONE_INTO_CGROUP when available It makes sense to make runc exec benefit from clone2(CLONE_INTO_CGROUP), if it is available. Since it requires a recent kernel and might not work, implement a fallback to older way of joining the cgroup. Based on: - https://go-review.googlesource.com/c/go/+/417695 - https://github.com/coreos/go-systemd/pull/458 - https://github.com/opencontainers/cgroups/pull/26 - https://github.com/opencontainers/runc/pull/4822 Signed-off-by: Kir Kolyshkin --- libcontainer/process_linux.go | 63 ++++++++++++++++++++++++++++++++++- tests/integration/exec.bats | 2 +- 2 files changed, 63 insertions(+), 2 deletions(-) diff --git a/libcontainer/process_linux.go b/libcontainer/process_linux.go index 852633d7dad..c8661ee69c4 100644 --- a/libcontainer/process_linux.go +++ b/libcontainer/process_linux.go @@ -16,6 +16,7 @@ import ( "strconv" "strings" "sync" + "syscall" "time" "github.com/opencontainers/runtime-spec/specs-go" @@ -310,18 +311,78 @@ func (p *setnsProcess) addIntoCgroupV2() error { } func (p *setnsProcess) addIntoCgroup() error { + if p.cmd.SysProcAttr.UseCgroupFD { + // We've used cgroupfd successfully, so the process is + // already in the proper cgroup, nothing to do here. + return nil + } if cgroups.IsCgroup2UnifiedMode() { return p.addIntoCgroupV2() } return p.addIntoCgroupV1() } +// prepareCgroupFD sets up p.cmd to use clone3 with CLONE_INTO_CGROUP +// to join cgroup early, in p.cmd.Start. Returns an *os.File which +// must be closed by the caller after p.Cmd.Start return. +func (p *setnsProcess) prepareCgroupFD() (*os.File, error) { + if !cgroups.IsCgroup2UnifiedMode() { + return nil, nil + } + + base := p.manager.Path("") + if base == "" { // No cgroup to join. + return nil, nil + } + sub := "" + if p.process.SubCgroupPaths != nil { + sub = p.process.SubCgroupPaths[""] + } + cgroup := path.Join(base, sub) + if !strings.HasPrefix(cgroup, base) { + return nil, fmt.Errorf("bad sub cgroup path: %s", sub) + } + + fd, err := cgroups.OpenFile(base, sub, unix.O_PATH|unix.O_DIRECTORY|unix.O_CLOEXEC) + if err != nil { + if p.rootlessCgroups { + return nil, nil + } + return nil, fmt.Errorf("can't open cgroup: %w", err) + } + + logrus.Debugf("using CLONE_INTO_CGROUP %q", cgroup) + if p.cmd.SysProcAttr == nil { + p.cmd.SysProcAttr = &syscall.SysProcAttr{} + } + p.cmd.SysProcAttr.UseCgroupFD = true + p.cmd.SysProcAttr.CgroupFD = int(fd.Fd()) + + return fd, nil +} + func (p *setnsProcess) start() (retErr error) { defer p.comm.closeParent() + fd, err := p.prepareCgroupFD() + if err != nil { + return err + } + // Get the "before" value of oom kill count. oom, _ := p.manager.OOMKillCount() - err := p.startWithCPUAffinity() + + err = p.startWithCPUAffinity() + if fd != nil { + fd.Close() + } + if err != nil && p.cmd.SysProcAttr.UseCgroupFD { + logrus.Debugf("exec with CLONE_INTO_CGROUP failed: %v; retrying without", err) + // SysProcAttr.CgroupFD is never used when UseCgroupFD is unset. + p.cmd.SysProcAttr.UseCgroupFD = false + err = p.startWithCPUAffinity() + } + // Close the child-side of the pipes (controlled by child). p.comm.closeChild() if err != nil { diff --git a/tests/integration/exec.bats b/tests/integration/exec.bats index 35e1cad285e..1426e198269 100644 --- a/tests/integration/exec.bats +++ b/tests/integration/exec.bats @@ -282,7 +282,7 @@ function check_exec_debug() { # Check we can't join non-existing subcgroup. runc exec --cgroup nonexistent test_busybox cat /proc/self/cgroup [ "$status" -ne 0 ] - [[ "$output" == *" adding pid "*"o such file or directory"* ]] + [[ "$output" == *" cgroup"*"o such file or directory"* ]] # Check we can join top-level cgroup (implicit). runc exec test_busybox grep '^0::/$' /proc/self/cgroup From 4404cdf94b5ca193e143b653c6b3685c0b4469ce Mon Sep 17 00:00:00 2001 From: Ariel Otilibili Date: Thu, 2 Oct 2025 11:10:08 +0200 Subject: [PATCH 1039/1176] libcontainer: switch goCreateMountSources() to ctx.AfterFunc ba0b5e26 ("libcontainer: remove all mount logic from nsexec") introduced a request function that handles two tasks: - the exchanges with the request and response channels - the closing of the request channel. From 1.21, the closing of the request channel may be done with context.AfterFunc(). Moreover, context.AfterFunc() is guaranteed to run once. Link: https://pkg.go.dev/context#AfterFunc Suggested-by: Aleksa Sarai Signed-off-by: Ariel Otilibili --- libcontainer/process_linux.go | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/libcontainer/process_linux.go b/libcontainer/process_linux.go index c8661ee69c4..6c885ace45e 100644 --- a/libcontainer/process_linux.go +++ b/libcontainer/process_linux.go @@ -15,7 +15,6 @@ import ( "runtime" "strconv" "strings" - "sync" "syscall" "time" @@ -613,6 +612,8 @@ func (p *initProcess) goCreateMountSources(ctx context.Context) (mountSourceRequ responseCh := make(chan response) ctx, cancelFn := context.WithTimeout(ctx, 1*time.Minute) + context.AfterFunc(ctx, func() { close(requestCh) }) + go func() { // We lock this thread because we need to setns(2) here. There is no // UnlockOSThread() here, to ensure that the Go runtime will kill this @@ -675,8 +676,6 @@ func (p *initProcess) goCreateMountSources(ctx context.Context) (mountSourceRequ return nil, nil, err } - // TODO: Switch to context.AfterFunc when we switch to Go 1.21. - var requestChCloseOnce sync.Once requestFn := func(m *configs.Mount) (*mountSource, error) { var err error select { @@ -686,13 +685,13 @@ func (p *initProcess) goCreateMountSources(ctx context.Context) (mountSourceRequ if ok { return resp.src, resp.err } + err = fmt.Errorf("response channel closed unexpectedly") case <-ctx.Done(): err = fmt.Errorf("receive mount source context cancelled: %w", ctx.Err()) } case <-ctx.Done(): err = fmt.Errorf("send mount request cancelled: %w", ctx.Err()) } - requestChCloseOnce.Do(func() { close(requestCh) }) return nil, err } return requestFn, cancelFn, nil From dbffd5cd080222979a57da637060e3cd686fce81 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 3 Oct 2025 04:02:51 +0000 Subject: [PATCH 1040/1176] build(deps): bump google.golang.org/protobuf from 1.36.9 to 1.36.10 Bumps google.golang.org/protobuf from 1.36.9 to 1.36.10. --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-version: 1.36.10 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 8 +-- .../protobuf/internal/filedesc/desc.go | 52 +++++++++++++------ .../protobuf/internal/filedesc/desc_init.go | 14 +++++ .../protobuf/internal/filedesc/desc_lazy.go | 20 +++++++ .../protobuf/internal/version/version.go | 2 +- vendor/modules.txt | 2 +- 7 files changed, 76 insertions(+), 24 deletions(-) diff --git a/go.mod b/go.mod index 6f1188b2847..8205c84eac1 100644 --- a/go.mod +++ b/go.mod @@ -24,7 +24,7 @@ require ( github.com/vishvananda/netns v0.0.5 golang.org/x/net v0.44.0 golang.org/x/sys v0.36.0 - google.golang.org/protobuf v1.36.9 + google.golang.org/protobuf v1.36.10 ) require ( diff --git a/go.sum b/go.sum index b72da610ad9..1087ad699a4 100644 --- a/go.sum +++ b/go.sum @@ -20,8 +20,8 @@ github.com/go-quicktest/qt v1.101.0 h1:O1K29Txy5P2OK0dGo59b7b0LR6wKfIhttaAhHUyn7 github.com/go-quicktest/qt v1.101.0/go.mod h1:14Bz/f7NwaXPtdYEgzsx46kqSxVwTbzVZsDC26tQJow= github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk= github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= -github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= -github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= +github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= github.com/josharian/native v1.1.0 h1:uuaP0hAbW7Y4l0ZRQ6C9zfb7Mg1mbFKry/xzDAfmtLA= github.com/josharian/native v1.1.0/go.mod h1:7X/raswPFr05uY3HiLlYeyQntB6OO7E/d2Cu7qoaN2w= github.com/jsimonetti/rtnetlink/v2 v2.0.1 h1:xda7qaHDSVOsADNouv7ukSuicKZO7GgVUCXxpaIEIlM= @@ -86,8 +86,8 @@ golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.36.0 h1:KVRy2GtZBrk1cBYA7MKu5bEZFxQk4NIDV6RLVcC8o0k= golang.org/x/sys v0.36.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= -google.golang.org/protobuf v1.36.9 h1:w2gp2mA27hUeUzj9Ex9FBjsBm40zfaDtEWow293U7Iw= -google.golang.org/protobuf v1.36.9/go.mod h1:fuxRtAxBytpl4zzqUh6/eyUujkJdNiuEkXntxiD/uRU= +google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE= +google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/vendor/google.golang.org/protobuf/internal/filedesc/desc.go b/vendor/google.golang.org/protobuf/internal/filedesc/desc.go index 688aabe434e..dbcf90b871f 100644 --- a/vendor/google.golang.org/protobuf/internal/filedesc/desc.go +++ b/vendor/google.golang.org/protobuf/internal/filedesc/desc.go @@ -72,9 +72,10 @@ type ( EditionFeatures EditionFeatures } FileL2 struct { - Options func() protoreflect.ProtoMessage - Imports FileImports - Locations SourceLocations + Options func() protoreflect.ProtoMessage + Imports FileImports + OptionImports func() protoreflect.FileImports + Locations SourceLocations } // EditionFeatures is a frequently-instantiated struct, so please take care @@ -126,12 +127,9 @@ func (fd *File) ParentFile() protoreflect.FileDescriptor { return fd } func (fd *File) Parent() protoreflect.Descriptor { return nil } func (fd *File) Index() int { return 0 } func (fd *File) Syntax() protoreflect.Syntax { return fd.L1.Syntax } - -// Not exported and just used to reconstruct the original FileDescriptor proto -func (fd *File) Edition() int32 { return int32(fd.L1.Edition) } -func (fd *File) Name() protoreflect.Name { return fd.L1.Package.Name() } -func (fd *File) FullName() protoreflect.FullName { return fd.L1.Package } -func (fd *File) IsPlaceholder() bool { return false } +func (fd *File) Name() protoreflect.Name { return fd.L1.Package.Name() } +func (fd *File) FullName() protoreflect.FullName { return fd.L1.Package } +func (fd *File) IsPlaceholder() bool { return false } func (fd *File) Options() protoreflect.ProtoMessage { if f := fd.lazyInit().Options; f != nil { return f() @@ -150,6 +148,16 @@ func (fd *File) Format(s fmt.State, r rune) { descfmt.FormatD func (fd *File) ProtoType(protoreflect.FileDescriptor) {} func (fd *File) ProtoInternal(pragma.DoNotImplement) {} +// The next two are not part of the FileDescriptor interface. They are just used to reconstruct +// the original FileDescriptor proto. +func (fd *File) Edition() int32 { return int32(fd.L1.Edition) } +func (fd *File) OptionImports() protoreflect.FileImports { + if f := fd.lazyInit().OptionImports; f != nil { + return f() + } + return emptyFiles +} + func (fd *File) lazyInit() *FileL2 { if atomic.LoadUint32(&fd.once) == 0 { fd.lazyInitOnce() @@ -182,9 +190,9 @@ type ( L2 *EnumL2 // protected by fileDesc.once } EnumL1 struct { - eagerValues bool // controls whether EnumL2.Values is already populated - EditionFeatures EditionFeatures + Visibility int32 + eagerValues bool // controls whether EnumL2.Values is already populated } EnumL2 struct { Options func() protoreflect.ProtoMessage @@ -219,6 +227,11 @@ func (ed *Enum) ReservedNames() protoreflect.Names { return &ed.lazyInit() func (ed *Enum) ReservedRanges() protoreflect.EnumRanges { return &ed.lazyInit().ReservedRanges } func (ed *Enum) Format(s fmt.State, r rune) { descfmt.FormatDesc(s, r, ed) } func (ed *Enum) ProtoType(protoreflect.EnumDescriptor) {} + +// This is not part of the EnumDescriptor interface. It is just used to reconstruct +// the original FileDescriptor proto. +func (ed *Enum) Visibility() int32 { return ed.L1.Visibility } + func (ed *Enum) lazyInit() *EnumL2 { ed.L0.ParentFile.lazyInit() // implicitly initializes L2 return ed.L2 @@ -244,13 +257,13 @@ type ( L2 *MessageL2 // protected by fileDesc.once } MessageL1 struct { - Enums Enums - Messages Messages - Extensions Extensions - IsMapEntry bool // promoted from google.protobuf.MessageOptions - IsMessageSet bool // promoted from google.protobuf.MessageOptions - + Enums Enums + Messages Messages + Extensions Extensions EditionFeatures EditionFeatures + Visibility int32 + IsMapEntry bool // promoted from google.protobuf.MessageOptions + IsMessageSet bool // promoted from google.protobuf.MessageOptions } MessageL2 struct { Options func() protoreflect.ProtoMessage @@ -319,6 +332,11 @@ func (md *Message) Messages() protoreflect.MessageDescriptors { return &md.L func (md *Message) Extensions() protoreflect.ExtensionDescriptors { return &md.L1.Extensions } func (md *Message) ProtoType(protoreflect.MessageDescriptor) {} func (md *Message) Format(s fmt.State, r rune) { descfmt.FormatDesc(s, r, md) } + +// This is not part of the MessageDescriptor interface. It is just used to reconstruct +// the original FileDescriptor proto. +func (md *Message) Visibility() int32 { return md.L1.Visibility } + func (md *Message) lazyInit() *MessageL2 { md.L0.ParentFile.lazyInit() // implicitly initializes L2 return md.L2 diff --git a/vendor/google.golang.org/protobuf/internal/filedesc/desc_init.go b/vendor/google.golang.org/protobuf/internal/filedesc/desc_init.go index d2f549497eb..e91860f5a21 100644 --- a/vendor/google.golang.org/protobuf/internal/filedesc/desc_init.go +++ b/vendor/google.golang.org/protobuf/internal/filedesc/desc_init.go @@ -284,6 +284,13 @@ func (ed *Enum) unmarshalSeed(b []byte, sb *strs.Builder, pf *File, pd protorefl case genid.EnumDescriptorProto_Value_field_number: numValues++ } + case protowire.VarintType: + v, m := protowire.ConsumeVarint(b) + b = b[m:] + switch num { + case genid.EnumDescriptorProto_Visibility_field_number: + ed.L1.Visibility = int32(v) + } default: m := protowire.ConsumeFieldValue(num, typ, b) b = b[m:] @@ -365,6 +372,13 @@ func (md *Message) unmarshalSeed(b []byte, sb *strs.Builder, pf *File, pd protor md.unmarshalSeedOptions(v) } prevField = num + case protowire.VarintType: + v, m := protowire.ConsumeVarint(b) + b = b[m:] + switch num { + case genid.DescriptorProto_Visibility_field_number: + md.L1.Visibility = int32(v) + } default: m := protowire.ConsumeFieldValue(num, typ, b) b = b[m:] diff --git a/vendor/google.golang.org/protobuf/internal/filedesc/desc_lazy.go b/vendor/google.golang.org/protobuf/internal/filedesc/desc_lazy.go index d4c94458bd9..dd31faaeb0a 100644 --- a/vendor/google.golang.org/protobuf/internal/filedesc/desc_lazy.go +++ b/vendor/google.golang.org/protobuf/internal/filedesc/desc_lazy.go @@ -134,6 +134,7 @@ func (fd *File) unmarshalFull(b []byte) { var enumIdx, messageIdx, extensionIdx, serviceIdx int var rawOptions []byte + var optionImports []string fd.L2 = new(FileL2) for len(b) > 0 { num, typ, n := protowire.ConsumeTag(b) @@ -157,6 +158,8 @@ func (fd *File) unmarshalFull(b []byte) { imp = PlaceholderFile(path) } fd.L2.Imports = append(fd.L2.Imports, protoreflect.FileImport{FileDescriptor: imp}) + case genid.FileDescriptorProto_OptionDependency_field_number: + optionImports = append(optionImports, sb.MakeString(v)) case genid.FileDescriptorProto_EnumType_field_number: fd.L1.Enums.List[enumIdx].unmarshalFull(v, sb) enumIdx++ @@ -178,6 +181,23 @@ func (fd *File) unmarshalFull(b []byte) { } } fd.L2.Options = fd.builder.optionsUnmarshaler(&descopts.File, rawOptions) + if len(optionImports) > 0 { + var imps FileImports + var once sync.Once + fd.L2.OptionImports = func() protoreflect.FileImports { + once.Do(func() { + imps = make(FileImports, len(optionImports)) + for i, path := range optionImports { + imp, _ := fd.builder.FileRegistry.FindFileByPath(path) + if imp == nil { + imp = PlaceholderFile(path) + } + imps[i] = protoreflect.FileImport{FileDescriptor: imp} + } + }) + return &imps + } + } } func (ed *Enum) unmarshalFull(b []byte, sb *strs.Builder) { diff --git a/vendor/google.golang.org/protobuf/internal/version/version.go b/vendor/google.golang.org/protobuf/internal/version/version.go index 31e79a6535a..77de0f238ce 100644 --- a/vendor/google.golang.org/protobuf/internal/version/version.go +++ b/vendor/google.golang.org/protobuf/internal/version/version.go @@ -52,7 +52,7 @@ import ( const ( Major = 1 Minor = 36 - Patch = 9 + Patch = 10 PreRelease = "" ) diff --git a/vendor/modules.txt b/vendor/modules.txt index 95a463ebb31..96c0f49261b 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -98,7 +98,7 @@ golang.org/x/net/bpf ## explicit; go 1.24.0 golang.org/x/sys/unix golang.org/x/sys/windows -# google.golang.org/protobuf v1.36.9 +# google.golang.org/protobuf v1.36.10 ## explicit; go 1.23 google.golang.org/protobuf/encoding/prototext google.golang.org/protobuf/encoding/protowire From 627054d246ea79ba5aa4e0cc222f3b99fb878d09 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Mon, 29 Sep 2025 16:41:54 +1000 Subject: [PATCH 1041/1176] lint/revive: add package doc comments This silences all of the "should have a package comment" lint warnings from golangci-lint. Signed-off-by: Aleksa Sarai --- contrib/cmd/memfd-bind/memfd-bind.go | 11 +++++++++++ internal/linux/doc.go | 3 +++ libcontainer/apparmor/apparmor.go | 3 +++ libcontainer/capabilities/capabilities.go | 1 + libcontainer/devices/doc.go | 4 ++++ libcontainer/exeseal/doc.go | 3 +++ libcontainer/integration/doc.go | 2 +- libcontainer/internal/userns/doc.go | 2 ++ libcontainer/keys/keyctl.go | 1 + libcontainer/logs/logs.go | 2 ++ libcontainer/nsenter/nsenter.go | 5 +++++ libcontainer/nsenter/test/escape.go | 7 +++---- libcontainer/seccomp/doc.go | 3 +++ libcontainer/seccomp/patchbpf/doc.go | 3 +++ libcontainer/system/doc.go | 2 ++ libcontainer/system/kernelversion/kernel_linux.go | 2 ++ libcontainer/userns/userns_deprecated.go | 2 ++ libcontainer/utils/utils.go | 1 + main.go | 7 +++++-- tests/cmd/fs-idmap/fs-idmap.go | 4 ++++ tests/cmd/key_label/key_label.go | 12 +++++++----- tests/cmd/pidfd-kill/pidfd-kill.go | 4 ++++ tests/cmd/recvtty/recvtty.go | 8 ++++++++ tests/cmd/remap-rootfs/remap-rootfs.go | 5 +++++ tests/cmd/sd-helper/helper.go | 4 ++++ tests/cmd/seccompagent/seccompagent.go | 5 +++++ types/events.go | 2 ++ 27 files changed, 96 insertions(+), 12 deletions(-) create mode 100644 internal/linux/doc.go create mode 100644 libcontainer/devices/doc.go create mode 100644 libcontainer/exeseal/doc.go create mode 100644 libcontainer/internal/userns/doc.go create mode 100644 libcontainer/seccomp/doc.go create mode 100644 libcontainer/seccomp/patchbpf/doc.go create mode 100644 libcontainer/system/doc.go diff --git a/contrib/cmd/memfd-bind/memfd-bind.go b/contrib/cmd/memfd-bind/memfd-bind.go index c01aad74241..7bc57b0b38d 100644 --- a/contrib/cmd/memfd-bind/memfd-bind.go +++ b/contrib/cmd/memfd-bind/memfd-bind.go @@ -15,6 +15,17 @@ * limitations under the License. */ +// memfd-bind is a command-line tool to construct a persistent +// sealed-memfd-copy of a binary, to allow administrators to amortise the cost +// of memfd cloning for runc. runc will not make its own copy of the binary if +// it detects that the binary is already a sealed-memfd-copy. +// +// Usage of this tool has a lot of caveats -- see this package's README for +// more details on what restrictions apply when using this tool. +// +// Deprecated: runc 1.2 and later use a different mechanism for protecting the +// runc binary that obviates the need for this tool. Unless you are on an old +// kernel or need to use an older runc version, this tool is no longer needed. package main import ( diff --git a/internal/linux/doc.go b/internal/linux/doc.go new file mode 100644 index 00000000000..4d1eb900108 --- /dev/null +++ b/internal/linux/doc.go @@ -0,0 +1,3 @@ +// Package linux provides minimal wrappers around Linux system calls, primarily +// to provide support for automatic EINTR-retries. +package linux diff --git a/libcontainer/apparmor/apparmor.go b/libcontainer/apparmor/apparmor.go index e2a26488e03..e58f22825f1 100644 --- a/libcontainer/apparmor/apparmor.go +++ b/libcontainer/apparmor/apparmor.go @@ -1,3 +1,6 @@ +// Package apparmor provides a minimal set of helpers to configure the AppArmor +// profile of the current process, effectively acting as a very stripped-down +// version of libapparmor. package apparmor import "errors" diff --git a/libcontainer/capabilities/capabilities.go b/libcontainer/capabilities/capabilities.go index b5963a32816..6ac6dc9663a 100644 --- a/libcontainer/capabilities/capabilities.go +++ b/libcontainer/capabilities/capabilities.go @@ -1,5 +1,6 @@ //go:build linux +// Package capabilities provides helpers for managing Linux capabilities. package capabilities import ( diff --git a/libcontainer/devices/doc.go b/libcontainer/devices/doc.go new file mode 100644 index 00000000000..a590f4495a2 --- /dev/null +++ b/libcontainer/devices/doc.go @@ -0,0 +1,4 @@ +// Package devices provides some helper functions for constructing device +// configurations for runc. These are exclusively used by higher-level runtimes +// that need to configure runc's device list based on existing devices. +package devices diff --git a/libcontainer/exeseal/doc.go b/libcontainer/exeseal/doc.go new file mode 100644 index 00000000000..56fe697a64e --- /dev/null +++ b/libcontainer/exeseal/doc.go @@ -0,0 +1,3 @@ +// Package exeseal provides mechanisms for sealing /proc/self/exe and thus +// protecting the runc binary against CVE-2019-5736-style attacks. +package exeseal diff --git a/libcontainer/integration/doc.go b/libcontainer/integration/doc.go index 87545bc99c3..843e4c9edaa 100644 --- a/libcontainer/integration/doc.go +++ b/libcontainer/integration/doc.go @@ -1,2 +1,2 @@ -// integration is used for integration testing of libcontainer +// Package integration is used for integration testing of libcontainer. package integration diff --git a/libcontainer/internal/userns/doc.go b/libcontainer/internal/userns/doc.go new file mode 100644 index 00000000000..431d65cd5ab --- /dev/null +++ b/libcontainer/internal/userns/doc.go @@ -0,0 +1,2 @@ +// Package userns provides helpers for interacting with Linux user namespaces. +package userns diff --git a/libcontainer/keys/keyctl.go b/libcontainer/keys/keyctl.go index f3a6c5343fa..ea3ee9f97f6 100644 --- a/libcontainer/keys/keyctl.go +++ b/libcontainer/keys/keyctl.go @@ -1,3 +1,4 @@ +// Package keys provides helpers for Linux keyrings. package keys import ( diff --git a/libcontainer/logs/logs.go b/libcontainer/logs/logs.go index 95deb0d6ca7..db12b851820 100644 --- a/libcontainer/logs/logs.go +++ b/libcontainer/logs/logs.go @@ -1,3 +1,5 @@ +// Package logs provides helpers for logging used within runc (specifically for +// forwarding logs from "runc init" to the main runc process). package logs import ( diff --git a/libcontainer/nsenter/nsenter.go b/libcontainer/nsenter/nsenter.go index f767864c3ff..6df410f835f 100644 --- a/libcontainer/nsenter/nsenter.go +++ b/libcontainer/nsenter/nsenter.go @@ -1,5 +1,10 @@ //go:build linux && !gccgo +// Package nsenter implements the namespace creation and joining logic of runc. +// +// This package registers a special CGo constructor that will run before the Go +// runtime boots in order to provide a mechanism for runc to operate on +// namespaces that require single-threaded program execution to work. package nsenter /* diff --git a/libcontainer/nsenter/test/escape.go b/libcontainer/nsenter/test/escape.go index f85d9e211fe..c8fffa95102 100644 --- a/libcontainer/nsenter/test/escape.go +++ b/libcontainer/nsenter/test/escape.go @@ -1,9 +1,8 @@ +// Package escapetest is part of the escape_json_string unit test. It is in a +// separate package so cgo can be used together with go test. Do not use this +// package. package escapetest -// This file is part of escape_json_string unit test. -// It is in a separate package so cgo can be used together -// with go test. - // #include // extern char *escape_json_string(char *str); // #cgo CFLAGS: -DESCAPE_TEST=1 diff --git a/libcontainer/seccomp/doc.go b/libcontainer/seccomp/doc.go new file mode 100644 index 00000000000..4e71750a3fc --- /dev/null +++ b/libcontainer/seccomp/doc.go @@ -0,0 +1,3 @@ +// Package seccomp provides runc-specific helpers for loading and managing +// seccomp profiles. +package seccomp diff --git a/libcontainer/seccomp/patchbpf/doc.go b/libcontainer/seccomp/patchbpf/doc.go new file mode 100644 index 00000000000..f2bf6e69fa9 --- /dev/null +++ b/libcontainer/seccomp/patchbpf/doc.go @@ -0,0 +1,3 @@ +// Package patchbpf provides utilities for patching libseccomp-generated cBPF +// programs in order to handle unknown syscalls and ENOSYS more gracefully. +package patchbpf diff --git a/libcontainer/system/doc.go b/libcontainer/system/doc.go new file mode 100644 index 00000000000..0326601f472 --- /dev/null +++ b/libcontainer/system/doc.go @@ -0,0 +1,2 @@ +// Package system provides wrappers for Linux system operations. +package system diff --git a/libcontainer/system/kernelversion/kernel_linux.go b/libcontainer/system/kernelversion/kernel_linux.go index ca5d4130d0c..dfbc38505b4 100644 --- a/libcontainer/system/kernelversion/kernel_linux.go +++ b/libcontainer/system/kernelversion/kernel_linux.go @@ -20,6 +20,8 @@ https://github.com/containerd/containerd/blob/v1.7.5/contrib/seccomp/kernelversion/kernel_linux.go */ +// Package kernelversion provides a method to check whether the running kernel +// version is at least a minimum kernel version. package kernelversion import ( diff --git a/libcontainer/userns/userns_deprecated.go b/libcontainer/userns/userns_deprecated.go index 31107f87295..4d328d0f254 100644 --- a/libcontainer/userns/userns_deprecated.go +++ b/libcontainer/userns/userns_deprecated.go @@ -1,3 +1,5 @@ +// Package userns provides tools for dealing with user namespaces. +// // Deprecated: use github.com/moby/sys/userns package userns diff --git a/libcontainer/utils/utils.go b/libcontainer/utils/utils.go index 442c02685bf..ee9e255e7e2 100644 --- a/libcontainer/utils/utils.go +++ b/libcontainer/utils/utils.go @@ -1,3 +1,4 @@ +// Package utils provides general helper utilities used in libcontainer. package utils import ( diff --git a/main.go b/main.go index eb64ee9b314..e9ed5a47ded 100644 --- a/main.go +++ b/main.go @@ -1,3 +1,6 @@ +// runc is a command line client for running applications packaged according to +// the Open Container Initiative (OCI) format and is a compliant implementation +// of the Open Container Initiative specification. package main import ( @@ -55,8 +58,8 @@ const ( usage = `Open Container Initiative runtime runc is a command line client for running applications packaged according to -the Open Container Initiative (OCI) format and is a compliant implementation of the -Open Container Initiative specification. +the Open Container Initiative (OCI) format and is a compliant implementation of +the Open Container Initiative specification. runc integrates well with existing process supervisors to provide a production container runtime environment for applications. It can be used with your diff --git a/tests/cmd/fs-idmap/fs-idmap.go b/tests/cmd/fs-idmap/fs-idmap.go index 4593490f371..70068bc09f7 100644 --- a/tests/cmd/fs-idmap/fs-idmap.go +++ b/tests/cmd/fs-idmap/fs-idmap.go @@ -1,3 +1,7 @@ +// fs-idmap is a command-line tool to detect if a filesystem associated with a +// given path supports id-mapped mounts. +// +// This tool is only intended to be used within runc's integration tests. package main import ( diff --git a/tests/cmd/key_label/key_label.go b/tests/cmd/key_label/key_label.go index e12deca53f7..bd1ba7d1503 100644 --- a/tests/cmd/key_label/key_label.go +++ b/tests/cmd/key_label/key_label.go @@ -1,3 +1,10 @@ +// key_label is a simple program to print the current session keyring name and +// its security label, to be run inside container (see selinux.bats). Can be +// thought of poor man's keyctl. Written in Go so we can have a static binary +// (a program in C would require libkeyutils which is usually provided only as +// a dynamic library). +// +// This tool is only intended to be used within runc's integration tests. package main import ( @@ -7,11 +14,6 @@ import ( "golang.org/x/sys/unix" ) -// This is a simple program to print the current session keyring name and its -// security label, to be run inside container (see selinux.bats). Can be -// thought of poor man's keyctl. Written in Go so we can have a static binary -// (a program in C would require libkeyutils which is usually provided only as -// a dynamic library). func main() { id, err := unix.KeyctlGetKeyringID(unix.KEY_SPEC_SESSION_KEYRING, false) if err != nil { diff --git a/tests/cmd/pidfd-kill/pidfd-kill.go b/tests/cmd/pidfd-kill/pidfd-kill.go index 764fa883a2e..f609ee272a6 100644 --- a/tests/cmd/pidfd-kill/pidfd-kill.go +++ b/tests/cmd/pidfd-kill/pidfd-kill.go @@ -1,3 +1,7 @@ +// pidfd-kill is a command-line tool to send signals to processes using pidfds +// passed through a unix socket. +// +// This tool is only intended to be used within runc's integration tests. package main import ( diff --git a/tests/cmd/recvtty/recvtty.go b/tests/cmd/recvtty/recvtty.go index 5e5720cc521..135ad2290c9 100644 --- a/tests/cmd/recvtty/recvtty.go +++ b/tests/cmd/recvtty/recvtty.go @@ -14,6 +14,14 @@ * limitations under the License. */ +// recvtty is a sample implementation of the consumer side of the +// --console-socket interface for runc. It supports forwarding console events +// to and from the container process, as well as acting like a /dev/null +// black-hole. +// +// This tool is only really intended to be used within runc's integration +// tests, but can be used as an example of how the --console-socket protocol +// works. package main import ( diff --git a/tests/cmd/remap-rootfs/remap-rootfs.go b/tests/cmd/remap-rootfs/remap-rootfs.go index b0bfebfba94..a9439b70cbc 100644 --- a/tests/cmd/remap-rootfs/remap-rootfs.go +++ b/tests/cmd/remap-rootfs/remap-rootfs.go @@ -1,3 +1,8 @@ +// remap-rootfs is a command-line tool to remap the ownership of an OCI +// bundle's rootfs to match the user namespace id-mapping of the bundle's +// config.json. +// +// This tool is only intended to be used within runc's integration tests. package main import ( diff --git a/tests/cmd/sd-helper/helper.go b/tests/cmd/sd-helper/helper.go index 0820c2ef9d0..ee24f4eb869 100644 --- a/tests/cmd/sd-helper/helper.go +++ b/tests/cmd/sd-helper/helper.go @@ -1,3 +1,7 @@ +// sd-helper is a command-line tool to provide some very minimal helpers to +// communicate with systemd. +// +// This tool is only intended to be used within runc's integration tests. package main import ( diff --git a/tests/cmd/seccompagent/seccompagent.go b/tests/cmd/seccompagent/seccompagent.go index e9cc72303b3..eeb00e82563 100644 --- a/tests/cmd/seccompagent/seccompagent.go +++ b/tests/cmd/seccompagent/seccompagent.go @@ -1,5 +1,10 @@ //go:build linux && seccomp +// seccompagent is an example implementation of a seccomp-agent for the seccomp +// user notification feature. It intercepts a handful of system calls and +// emulates them. +// +// This tool is only intended to be used within runc's integration tests. package main import ( diff --git a/types/events.go b/types/events.go index 4d8782782ec..9dac1cd5d77 100644 --- a/types/events.go +++ b/types/events.go @@ -1,3 +1,5 @@ +// Package types defines the types used for the cgroup-related events APIs +// provided by "runc events". package types import ( From e4f99b5c95b8f49434452edff82e73547c7a8252 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Fri, 3 Oct 2025 16:24:18 +1000 Subject: [PATCH 1042/1176] libcontainer: remove deprecated package "userns" This package was marked deprecated in commit 9b60a93cf33c ("libcontainer/userns: migrate to github.com/moby/sys/userns"), which was included in runc 1.2. Users have thus had a year to migrate to github.com/moby/sys/userns and it's okay for us to remove this wrapper package. Signed-off-by: Aleksa Sarai --- CHANGELOG.md | 4 ++++ libcontainer/userns/userns_deprecated.go | 15 --------------- 2 files changed, 4 insertions(+), 15 deletions(-) delete mode 100644 libcontainer/userns/userns_deprecated.go diff --git a/CHANGELOG.md b/CHANGELOG.md index eb5cae31a72..1aeb57e3890 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### libcontainer API +- The deprecated `libcontainer/userns` package has been removed; use + `github.com/moby/sys/userns` instead. + ## [1.4.0-rc.1] - 2025-09-05 > ăă‚ă‚§ă‚‚ăƒœă‚¹ă«ăªă£ăŸă‚“ă ă‚ă‰ï¼Ÿ diff --git a/libcontainer/userns/userns_deprecated.go b/libcontainer/userns/userns_deprecated.go deleted file mode 100644 index 4d328d0f254..00000000000 --- a/libcontainer/userns/userns_deprecated.go +++ /dev/null @@ -1,15 +0,0 @@ -// Package userns provides tools for dealing with user namespaces. -// -// Deprecated: use github.com/moby/sys/userns -package userns - -import "github.com/moby/sys/userns" - -// RunningInUserNS detects whether we are currently running in a Linux -// user namespace and memoizes the result. It returns false on non-Linux -// platforms. -// -// Deprecated: use [userns.RunningInUserNS]. -func RunningInUserNS() bool { - return userns.RunningInUserNS() -} From 918de6824a6391626d739875b92e7f593a0711c9 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Sat, 4 Oct 2025 21:17:35 +1000 Subject: [PATCH 1043/1176] CHANGELOG: add v1.3.2 entry Signed-off-by: Aleksa Sarai --- CHANGELOG.md | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1aeb57e3890..720e27a9f40 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -103,6 +103,22 @@ This version of runc requires Go 1.24 to build. #4783, #4785, #4801, #4808, #4803, #4839, #4846, #4847, #4845, #4850, #4861, #4860) +## [1.3.2] - 2025-10-02 + +> ĐĐ¾Ñ‡ÑŒ, ÑƒĐ»Đ¸Ñ†Đ°, Ñ„Đ¾Đ½Đ°Ñ€ÑŒ, Đ°Đ¿Ñ‚ĐµĐºĐ°... + +### Changed + * The conversion from cgroup v1 CPU shares to cgroup v2 CPU weight is + improved to better fit default v1 and v2 values. (#4772, #4785, #4897) + * Dependency github.com/opencontainers/cgroups updated from v0.0.1 to + v0.0.4. (#4897) + +### Fixed + * runc state: fix occasional "cgroup.freeze: no such device" error. + (#4798, #4808, #4897) + * Fixed integration test failure on ppc64, caused by 64K page size so the + kernel was rounding memory limit to 64K. (#4841, #4895, #4893) + ## [1.3.1] - 2025-09-05 > ă“ă®ç“¦ç¤«ă®å±±ă§ă‚ˆă‰ @@ -1301,7 +1317,8 @@ implementation (libcontainer) is *not* covered by this policy. [1.2.0-rc.1]: https://github.com/opencontainers/runc/compare/v1.1.0...v1.2.0-rc.1 -[Unreleased 1.3.z]: https://github.com/opencontainers/runc/compare/v1.3.1...release-1.3 +[Unreleased 1.3.z]: https://github.com/opencontainers/runc/compare/v1.3.2...release-1.3 +[1.3.2]: https://github.com/opencontainers/runc/compare/v1.3.1...v1.3.2 [1.3.1]: https://github.com/opencontainers/runc/compare/v1.3.0...v1.3.1 [1.3.0-rc.2]: https://github.com/opencontainers/runc/compare/v1.3.0-rc.1...v1.3.0-rc.2 [1.3.0-rc.1]: https://github.com/opencontainers/runc/compare/v1.2.0...v1.3.0-rc.1 From 8c1b3f9608736a326532d81a4ca84d2b264adf10 Mon Sep 17 00:00:00 2001 From: Joshua Rogers Date: Mon, 6 Oct 2025 06:13:20 +0800 Subject: [PATCH 1044/1176] fix(seccompagent): close received FDs, not loop index Prevents accidentally closing 0/1/2 on error paths. Signed-off-by: Joshua Rogers --- tests/cmd/seccompagent/seccompagent.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/cmd/seccompagent/seccompagent.go b/tests/cmd/seccompagent/seccompagent.go index eeb00e82563..b2b3f637921 100644 --- a/tests/cmd/seccompagent/seccompagent.go +++ b/tests/cmd/seccompagent/seccompagent.go @@ -32,8 +32,8 @@ var ( ) func closeStateFds(recvFds []int) { - for i := range recvFds { - unix.Close(i) + for _, fd := range recvFds { + _ = unix.Close(fd) } } From eda7bdf80ccaadb77e85e4fb7357c133f81ea6ef Mon Sep 17 00:00:00 2001 From: Antti Kervinen Date: Thu, 27 Mar 2025 15:42:24 +0200 Subject: [PATCH 1045/1176] Add memory policy support Implement support for Linux memory policy in OCI spec PR: https://github.com/opencontainers/runtime-spec/pull/1282 Signed-off-by: Antti Kervinen --- features.go | 4 + internal/linux/linux.go | 13 ++ libcontainer/configs/config.go | 12 +- libcontainer/configs/memorypolicy.go | 31 +++++ libcontainer/configs/tocpuset_test.go | 4 +- libcontainer/configs/validate/validator.go | 24 ++++ libcontainer/init_linux.go | 8 ++ libcontainer/setns_init_linux.go | 4 + libcontainer/specconv/spec_linux.go | 55 +++++++++ libcontainer/standard_init_linux.go | 4 + tests/integration/memorypolicy.bats | 133 +++++++++++++++++++++ 11 files changed, 286 insertions(+), 6 deletions(-) create mode 100644 libcontainer/configs/memorypolicy.go create mode 100644 tests/integration/memorypolicy.bats diff --git a/features.go b/features.go index 72aef5c3c51..f3e8ed6e87f 100644 --- a/features.go +++ b/features.go @@ -59,6 +59,10 @@ var featuresCommand = cli.Command{ Enabled: &t, Schemata: &t, }, + MemoryPolicy: &features.MemoryPolicy{ + Modes: specconv.KnownMemoryPolicyModes(), + Flags: specconv.KnownMemoryPolicyFlags(), + }, MountExtensions: &features.MountExtensions{ IDMap: &features.IDMap{ Enabled: &t, diff --git a/internal/linux/linux.go b/internal/linux/linux.go index 9b049647903..1cf479f4124 100644 --- a/internal/linux/linux.go +++ b/internal/linux/linux.go @@ -2,6 +2,7 @@ package linux import ( "os" + "unsafe" "golang.org/x/sys/unix" ) @@ -72,3 +73,15 @@ func Sendmsg(fd int, p, oob []byte, to unix.Sockaddr, flags int) error { }) return os.NewSyscallError("sendmsg", err) } + +// SetMempolicy wraps set_mempolicy. +func SetMempolicy(mode uint, mask *unix.CPUSet) error { + err := retryOnEINTR(func() error { + _, _, errno := unix.Syscall(unix.SYS_SET_MEMPOLICY, uintptr(mode), uintptr(unsafe.Pointer(mask)), unsafe.Sizeof(*mask)*8) + if errno != 0 { + return errno + } + return nil + }) + return os.NewSyscallError("set_mempolicy", err) +} diff --git a/libcontainer/configs/config.go b/libcontainer/configs/config.go index a0cdaec6a19..6141c018fbd 100644 --- a/libcontainer/configs/config.go +++ b/libcontainer/configs/config.go @@ -214,6 +214,9 @@ type Config struct { // to limit the resources (e.g., L3 cache, memory bandwidth) the container has available IntelRdt *IntelRdt `json:"intel_rdt,omitempty"` + // MemoryPolicy specifies NUMA memory policy for the container. + MemoryPolicy *LinuxMemoryPolicy `json:"memory_policy,omitempty"` + // RootlessEUID is set when the runc was launched with non-zero EUID. // Note that RootlessEUID is set to false when launched with EUID=0 in userns. // When RootlessEUID is set, runc creates a new userns for the container. @@ -305,7 +308,8 @@ type CPUAffinity struct { Initial, Final *unix.CPUSet } -func toCPUSet(str string) (*unix.CPUSet, error) { +// ToCPUSet parses a string in list format into a unix.CPUSet, e.g. "0-3,5,7-9". +func ToCPUSet(str string) (*unix.CPUSet, error) { if str == "" { return nil, nil } @@ -356,7 +360,7 @@ func toCPUSet(str string) (*unix.CPUSet, error) { } } if s.Count() == 0 { - return nil, fmt.Errorf("no CPUs found in %q", str) + return nil, fmt.Errorf("no members found in set %q", str) } return s, nil @@ -367,11 +371,11 @@ func ConvertCPUAffinity(sa *specs.CPUAffinity) (*CPUAffinity, error) { if sa == nil { return nil, nil } - initial, err := toCPUSet(sa.Initial) + initial, err := ToCPUSet(sa.Initial) if err != nil { return nil, fmt.Errorf("bad CPUAffinity.Initial: %w", err) } - final, err := toCPUSet(sa.Final) + final, err := ToCPUSet(sa.Final) if err != nil { return nil, fmt.Errorf("bad CPUAffinity.Final: %w", err) } diff --git a/libcontainer/configs/memorypolicy.go b/libcontainer/configs/memorypolicy.go new file mode 100644 index 00000000000..8c34609006d --- /dev/null +++ b/libcontainer/configs/memorypolicy.go @@ -0,0 +1,31 @@ +package configs + +import "golang.org/x/sys/unix" + +// Memory policy modes and flags as defined in /usr/include/linux/mempolicy.h + +//nolint:revive,staticcheck,nolintlint // ignore ALL_CAPS errors in consts from numaif.h, will match unix.* in the future +const ( + MPOL_DEFAULT = 0 + MPOL_PREFERRED = 1 + MPOL_BIND = 2 + MPOL_INTERLEAVE = 3 + MPOL_LOCAL = 4 + MPOL_PREFERRED_MANY = 5 + MPOL_WEIGHTED_INTERLEAVE = 6 + + MPOL_F_STATIC_NODES = 1 << 15 + MPOL_F_RELATIVE_NODES = 1 << 14 + MPOL_F_NUMA_BALANCING = 1 << 13 +) + +// LinuxMemoryPolicy contains memory policy configuration. +type LinuxMemoryPolicy struct { + // Mode specifies memory policy mode without mode flags. See + // set_mempolicy() documentation for details. + Mode uint `json:"mode,omitempty"` + // Flags contains mode flags. + Flags uint `json:"flags,omitempty"` + // Nodes contains NUMA nodes to which the mode applies. + Nodes *unix.CPUSet `json:"nodes,omitempty"` +} diff --git a/libcontainer/configs/tocpuset_test.go b/libcontainer/configs/tocpuset_test.go index 8af2ab57726..bd0f1e047dd 100644 --- a/libcontainer/configs/tocpuset_test.go +++ b/libcontainer/configs/tocpuset_test.go @@ -58,8 +58,8 @@ func TestToCPUSet(t *testing.T) { for _, tc := range testCases { t.Run(tc.in, func(t *testing.T) { - out, err := toCPUSet(tc.in) - t.Logf("toCPUSet(%q) = %v (error: %v)", tc.in, out, err) + out, err := ToCPUSet(tc.in) + t.Logf("ToCPUSet(%q) = %v (error: %v)", tc.in, out, err) // Check the error. if tc.isErr { if err == nil { diff --git a/libcontainer/configs/validate/validator.go b/libcontainer/configs/validate/validator.go index 605286c1874..9851e4057d3 100644 --- a/libcontainer/configs/validate/validator.go +++ b/libcontainer/configs/validate/validator.go @@ -33,6 +33,7 @@ func Validate(config *configs.Config) error { mountsStrict, scheduler, ioPriority, + memoryPolicy, } for _, c := range checks { if err := c(config); err != nil { @@ -482,3 +483,26 @@ func ioPriority(config *configs.Config) error { return nil } + +func memoryPolicy(config *configs.Config) error { + mpol := config.MemoryPolicy + if mpol == nil { + return nil + } + switch mpol.Mode { + case configs.MPOL_DEFAULT, configs.MPOL_LOCAL: + if mpol.Nodes != nil && mpol.Nodes.Count() != 0 { + return fmt.Errorf("memory policy mode requires 0 nodes but got %d", mpol.Nodes.Count()) + } + case configs.MPOL_BIND, configs.MPOL_INTERLEAVE, + configs.MPOL_PREFERRED_MANY, configs.MPOL_WEIGHTED_INTERLEAVE: + if mpol.Nodes == nil || mpol.Nodes.Count() == 0 { + return fmt.Errorf("memory policy mode requires at least one node but got 0") + } + case configs.MPOL_PREFERRED: + // Zero or more nodes are allowed by the kernel. + default: + return fmt.Errorf("invalid memory policy mode: %d", mpol.Mode) + } + return nil +} diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go index f9e88ad8d05..e4daf2c8f9a 100644 --- a/libcontainer/init_linux.go +++ b/libcontainer/init_linux.go @@ -659,6 +659,14 @@ func setupIOPriority(config *initConfig) error { return nil } +func setupMemoryPolicy(config *configs.Config) error { + mpol := config.MemoryPolicy + if mpol == nil { + return nil + } + return linux.SetMempolicy(mpol.Mode|mpol.Flags, config.MemoryPolicy.Nodes) +} + func setupPersonality(config *configs.Config) error { return system.SetLinuxPersonality(config.Personality.Domain) } diff --git a/libcontainer/setns_init_linux.go b/libcontainer/setns_init_linux.go index 2bdaa4de8d5..7f7c0771754 100644 --- a/libcontainer/setns_init_linux.go +++ b/libcontainer/setns_init_linux.go @@ -88,6 +88,10 @@ func (l *linuxSetnsInit) Init() error { } } + if err := setupMemoryPolicy(l.config.Config); err != nil { + return err + } + // Tell our parent that we're ready to exec. This must be done before the // Seccomp rules have been applied, because we need to be able to read and // write to a socket. diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go index b19ba358bc5..923ad67ce49 100644 --- a/libcontainer/specconv/spec_linux.go +++ b/libcontainer/specconv/spec_linux.go @@ -8,6 +8,7 @@ import ( "maps" "os" "path/filepath" + "slices" "sort" "strings" "sync" @@ -41,6 +42,8 @@ var ( flag int } complexFlags map[string]func(*configs.Mount) + mpolModeMap map[string]uint + mpolModeFMap map[string]uint ) func initMaps() { @@ -148,6 +151,22 @@ func initMaps() { m.IDMapping.Recursive = true }, } + + mpolModeMap = map[string]uint{ + string(specs.MpolDefault): configs.MPOL_DEFAULT, + string(specs.MpolPreferred): configs.MPOL_PREFERRED, + string(specs.MpolBind): configs.MPOL_BIND, + string(specs.MpolInterleave): configs.MPOL_INTERLEAVE, + string(specs.MpolLocal): configs.MPOL_LOCAL, + string(specs.MpolPreferredMany): configs.MPOL_PREFERRED_MANY, + string(specs.MpolWeightedInterleave): configs.MPOL_WEIGHTED_INTERLEAVE, + } + + mpolModeFMap = map[string]uint{ + string(specs.MpolFStaticNodes): configs.MPOL_F_STATIC_NODES, + string(specs.MpolFRelativeNodes): configs.MPOL_F_RELATIVE_NODES, + string(specs.MpolFNumaBalancing): configs.MPOL_F_NUMA_BALANCING, + } }) } @@ -184,6 +203,20 @@ func KnownMountOptions() []string { return res } +// KnownMemoryPolicyModes returns the list of the known memory policy modes. +// Used by `runc features`. +func KnownMemoryPolicyModes() []string { + initMaps() + return slices.Sorted(maps.Keys(mpolModeMap)) +} + +// KnownMemoryPolicyFlags returns the list of the known memory policy mode flags. +// Used by `runc features`. +func KnownMemoryPolicyFlags() []string { + initMaps() + return slices.Sorted(maps.Keys(mpolModeFMap)) +} + // AllowedDevices is the set of devices which are automatically included for // all containers. // @@ -468,6 +501,28 @@ func CreateLibcontainerConfig(opts *CreateOpts) (*configs.Config, error) { MemBwSchema: spec.Linux.IntelRdt.MemBwSchema, } } + if spec.Linux.MemoryPolicy != nil { + var ok bool + var err error + specMp := spec.Linux.MemoryPolicy + confMp := &configs.LinuxMemoryPolicy{} + confMp.Mode, ok = mpolModeMap[string(specMp.Mode)] + if !ok { + return nil, fmt.Errorf("invalid memory policy mode %q", specMp.Mode) + } + confMp.Nodes, err = configs.ToCPUSet(specMp.Nodes) + if err != nil { + return nil, fmt.Errorf("invalid memory policy nodes %q: %w", specMp.Nodes, err) + } + for _, specFlag := range specMp.Flags { + confFlag, ok := mpolModeFMap[string(specFlag)] + if !ok { + return nil, fmt.Errorf("invalid memory policy flag %q", specFlag) + } + confMp.Flags |= confFlag + } + config.MemoryPolicy = confMp + } if spec.Linux.Personality != nil { if len(spec.Linux.Personality.Flags) > 0 { logrus.Warnf("ignoring unsupported personality flags: %+v because personality flag has not supported at this time", spec.Linux.Personality.Flags) diff --git a/libcontainer/standard_init_linux.go b/libcontainer/standard_init_linux.go index 901bd394e6a..15a4fcb577f 100644 --- a/libcontainer/standard_init_linux.go +++ b/libcontainer/standard_init_linux.go @@ -171,6 +171,10 @@ func (l *linuxStandardInit) Init() error { } } + if err := setupMemoryPolicy(l.config.Config); err != nil { + return err + } + // Tell our parent that we're ready to exec. This must be done before the // Seccomp rules have been applied, because we need to be able to read and // write to a socket. diff --git a/tests/integration/memorypolicy.bats b/tests/integration/memorypolicy.bats new file mode 100644 index 00000000000..77ccd427cc9 --- /dev/null +++ b/tests/integration/memorypolicy.bats @@ -0,0 +1,133 @@ +#!/usr/bin/env bats + +load helpers + +function setup() { + setup_busybox +} + +function teardown() { + teardown_bundle +} + +@test "runc run memory policy interleave without flags" { + update_config ' + .process.args = ["/bin/sh", "-c", "head -n 1 /proc/self/numa_maps | cut -d \" \" -f 2"] + | .linux.memoryPolicy = { + "mode": "MPOL_INTERLEAVE", + "nodes": "0" + }' + runc run test_busybox + [ "$status" -eq 0 ] + [[ "${lines[0]}" == "interleave:0" ]] +} + +@test "runc run memory policy bind static" { + update_config ' + .process.args = ["/bin/sh", "-c", "head -n 1 /proc/self/numa_maps | cut -d \" \" -f 2"] + | .linux.memoryPolicy = { + "mode": "MPOL_BIND", + "nodes": "0", + "flags": ["MPOL_F_STATIC_NODES"] + }' + runc run test_busybox + [ "$status" -eq 0 ] + [[ "${lines[0]}" == "bind"*"static"*"0" ]] +} + +@test "runc run and exec memory policy prefer relative" { + update_config ' + .linux.memoryPolicy = { + "mode": "MPOL_PREFERRED", + "nodes": "0", + "flags": ["MPOL_F_RELATIVE_NODES"] + }' + runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox + [ "$status" -eq 0 ] + + runc exec test_busybox /bin/sh -c "head -n 1 /proc/self/numa_maps | cut -d \" \" -f 2" + [ "$status" -eq 0 ] + [[ "${lines[0]}" == "prefer"*"relative"*"0" ]] +} + +@test "runc run empty memory policy" { + update_config ' + .process.args = ["/bin/sh", "-c", "head -n 1 /proc/self/numa_maps | cut -d \" \" -f 2"] + | .linux.memoryPolicy = { + }' + runc run test_busybox + [ "$status" -eq 1 ] + [[ "${lines[0]}" == *"invalid memory policy"* ]] +} + +@test "runc run memory policy with non-existing mode" { + update_config ' + .process.args = ["/bin/sh", "-c", "head -n 1 /proc/self/numa_maps | cut -d \" \" -f 2"] + | .linux.memoryPolicy = { + "mode": "INTERLEAVE", + "nodes": "0" + }' + runc run test_busybox + [ "$status" -eq 1 ] + [[ "${lines[0]}" == *"invalid memory policy"* ]] +} + +@test "runc run memory policy with invalid flag" { + update_config ' + .process.args = ["/bin/sh", "-c", "head -n 1 /proc/self/numa_maps | cut -d \" \" -f 2"] + | .linux.memoryPolicy = { + "mode": "MPOL_PREFERRED", + "nodes": "0", + "flags": ["MPOL_F_RELATIVE_NODES", "badflag"] + }' + runc run test_busybox + [ "$status" -eq 1 ] + [[ "${lines[0]}" == *"invalid memory policy flag"* ]] +} + +@test "runc run memory policy default with missing nodes" { + update_config ' + .process.args = ["/bin/sh", "-c", "head -n 1 /proc/self/numa_maps | cut -d \" \" -f 2"] + | .linux.memoryPolicy = { + "mode": "MPOL_DEFAULT" + }' + runc run test_busybox + [ "$status" -eq 0 ] + [[ "${lines[0]}" == *"default"* ]] +} + +@test "runc run memory policy with missing mode" { + update_config ' + .process.args = ["/bin/sh", "-c", "head -n 1 /proc/self/numa_maps | cut -d \" \" -f 2"] + | .linux.memoryPolicy = { + "nodes": "0-7" + }' + runc run test_busybox + [ "$status" -eq 1 ] + [[ "${lines[0]}" == *"invalid memory policy mode"* ]] +} + +@test "runc run memory policy calls syscall with invalid arguments" { + update_config ' + .process.args = ["/bin/sh", "-c", "head -n 1 /proc/self/numa_maps | cut -d \" \" -f 2"] + | .linux.memoryPolicy = { + "mode": "MPOL_DEFAULT", + "nodes": "0-7", + }' + runc run test_busybox + [ "$status" -eq 1 ] + [[ "${lines[*]}" == *"mode requires 0 nodes but got 8"* ]] +} + +@test "runc run memory policy bind way too large a node number" { + update_config ' + .process.args = ["/bin/sh", "-c", "head -n 1 /proc/self/numa_maps | cut -d \" \" -f 2"] + | .linux.memoryPolicy = { + "mode": "MPOL_BIND", + "nodes": "0-9876543210", + "flags": [] + }' + runc run test_busybox + [ "$status" -eq 1 ] + [[ "${lines[0]}" == *"invalid memory policy node"* ]] +} From b2f8a74de58e69a1cf92997f50f9a4be1bfd1462 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 7 Oct 2025 17:07:50 -0700 Subject: [PATCH 1046/1176] all: format sources with gofumpt v0.9.1 Since gofumpt v0.9.0 there's a new formatting rule to "clothe" any naked returns. Signed-off-by: Kir Kolyshkin --- libcontainer/exeseal/cloned_binary_linux.go | 6 +++--- libcontainer/integration/utils_test.go | 2 +- libcontainer/internal/userns/usernsfd_linux.go | 2 +- libcontainer/mount_linux.go | 2 +- libcontainer/nsenter/nsenter_test.go | 2 +- libcontainer/rootfs_linux.go | 2 +- libcontainer/seccomp/patchbpf/enosys_linux.go | 4 ++-- libcontainer/utils/utils.go | 2 +- 8 files changed, 11 insertions(+), 11 deletions(-) diff --git a/libcontainer/exeseal/cloned_binary_linux.go b/libcontainer/exeseal/cloned_binary_linux.go index 7e0957fc801..cfe03da46f7 100644 --- a/libcontainer/exeseal/cloned_binary_linux.go +++ b/libcontainer/exeseal/cloned_binary_linux.go @@ -125,7 +125,7 @@ func getSealableFile(comment, tmpDir string) (file *os.File, sealFn SealFunc, er // First, try an executable memfd (supported since Linux 3.17). file, sealFn, err = Memfd(comment) if err == nil { - return + return file, sealFn, err } logrus.Debugf("memfd cloned binary failed, falling back to O_TMPFILE: %v", err) @@ -154,7 +154,7 @@ func getSealableFile(comment, tmpDir string) (file *os.File, sealFn SealFunc, er file.Close() continue } - return + return file, sealFn, err } logrus.Debugf("O_TMPFILE cloned binary failed, falling back to mktemp(): %v", err) // Finally, try a classic unlinked temporary file. @@ -168,7 +168,7 @@ func getSealableFile(comment, tmpDir string) (file *os.File, sealFn SealFunc, er file.Close() continue } - return + return file, sealFn, err } return nil, nil, fmt.Errorf("could not create sealable file for cloned binary: %w", err) } diff --git a/libcontainer/integration/utils_test.go b/libcontainer/integration/utils_test.go index d73fc68063b..8fb8f86638a 100644 --- a/libcontainer/integration/utils_test.go +++ b/libcontainer/integration/utils_test.go @@ -210,7 +210,7 @@ func runContainer(t testing.TB, config *configs.Config, args ...string) (buffers } else { return buffers, -1, err } - return + return buffers, exitCode, err } // runContainerOk is a wrapper for runContainer, simplifying its use for cases diff --git a/libcontainer/internal/userns/usernsfd_linux.go b/libcontainer/internal/userns/usernsfd_linux.go index 773ba17cad6..a1151a3fb35 100644 --- a/libcontainer/internal/userns/usernsfd_linux.go +++ b/libcontainer/internal/userns/usernsfd_linux.go @@ -34,7 +34,7 @@ func (m Mapping) toSys() (uids, gids []syscall.SysProcIDMap) { Size: int(gid.Size), }) } - return + return uids, gids } // id returns a unique identifier for this mapping, agnostic of the order of diff --git a/libcontainer/mount_linux.go b/libcontainer/mount_linux.go index 683b5e62425..9d4b5dcef55 100644 --- a/libcontainer/mount_linux.go +++ b/libcontainer/mount_linux.go @@ -236,7 +236,7 @@ func syscallMode(i fs.FileMode) (o uint32) { o |= unix.S_ISVTX } // No mapping for Go's ModeTemporary (plan9 only). - return + return o } // mountFd creates a "mount source fd" (either through open_tree(2) or just diff --git a/libcontainer/nsenter/nsenter_test.go b/libcontainer/nsenter/nsenter_test.go index c0b4e9b47e4..123448bc253 100644 --- a/libcontainer/nsenter/nsenter_test.go +++ b/libcontainer/nsenter/nsenter_test.go @@ -199,7 +199,7 @@ func newPipe(t *testing.T) (parent *os.File, child *os.File) { parent.Close() child.Close() }) - return + return parent, child } func reapChildren(t *testing.T, parent *os.File) { diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index a7a72b8bb19..aa1f68b94f4 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -1155,7 +1155,7 @@ func msMoveRoot(rootfs string) error { strings.HasPrefix(info.Mountpoint, rootfs) { skip = true } - return + return skip, stop }) if err != nil { return err diff --git a/libcontainer/seccomp/patchbpf/enosys_linux.go b/libcontainer/seccomp/patchbpf/enosys_linux.go index e663fda3306..035d0c0d834 100644 --- a/libcontainer/seccomp/patchbpf/enosys_linux.go +++ b/libcontainer/seccomp/patchbpf/enosys_linux.go @@ -676,7 +676,7 @@ func filterFlags(config *configs.Seccomp, filter *libseccomp.ScmpFilter) (flags } } - return + return flags, noNewPrivs, err } func sysSeccompSetFilter(flags uint, filter []unix.SockFilter) (fd int, err error) { @@ -706,7 +706,7 @@ func sysSeccompSetFilter(flags uint, filter []unix.SockFilter) (fd int, err erro } runtime.KeepAlive(filter) runtime.KeepAlive(fprog) - return + return fd, err } // PatchAndLoad takes a seccomp configuration and a libseccomp filter which has diff --git a/libcontainer/utils/utils.go b/libcontainer/utils/utils.go index ee9e255e7e2..1467d17eb20 100644 --- a/libcontainer/utils/utils.go +++ b/libcontainer/utils/utils.go @@ -112,5 +112,5 @@ func Annotations(labels []string) (bundle string, userAnnotations map[string]str userAnnotations[name] = value } } - return + return bundle, userAnnotations } From 2aea8617ea5079a7b9a63eb3e6aa2401803e9067 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 7 Oct 2025 16:59:48 -0700 Subject: [PATCH 1047/1176] ci: bump golangci-lint to v2.5 Signed-off-by: Kir Kolyshkin --- .github/workflows/validate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 38b43e422ca..43bfc293c8e 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -41,7 +41,7 @@ jobs: sudo apt -qy install libseccomp-dev - uses: golangci/golangci-lint-action@v8 with: - version: v2.4 + version: v2.5 # Extra linters, only checking new code from a pull request. - name: lint-extra if: github.event_name == 'pull_request' From a35a0e0276c3a35d092a3ccffb568edb1178ec4a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 8 Oct 2025 04:02:33 +0000 Subject: [PATCH 1048/1176] build(deps): bump golang.org/x/net from 0.44.0 to 0.45.0 Bumps [golang.org/x/net](https://github.com/golang/net) from 0.44.0 to 0.45.0. - [Commits](https://github.com/golang/net/compare/v0.44.0...v0.45.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-version: 0.45.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- vendor/modules.txt | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index 8205c84eac1..551b9abf2e6 100644 --- a/go.mod +++ b/go.mod @@ -22,7 +22,7 @@ require ( github.com/urfave/cli v1.22.17 github.com/vishvananda/netlink v1.3.1 github.com/vishvananda/netns v0.0.5 - golang.org/x/net v0.44.0 + golang.org/x/net v0.45.0 golang.org/x/sys v0.36.0 google.golang.org/protobuf v1.36.10 ) diff --git a/go.sum b/go.sum index 1087ad699a4..0e29d465540 100644 --- a/go.sum +++ b/go.sum @@ -76,8 +76,8 @@ github.com/vishvananda/netlink v1.3.1 h1:3AEMt62VKqz90r0tmNhog0r/PpWKmrEShJU0wJW github.com/vishvananda/netlink v1.3.1/go.mod h1:ARtKouGSTGchR8aMwmkzC0qiNPrrWO5JS/XMVl45+b4= github.com/vishvananda/netns v0.0.5 h1:DfiHV+j8bA32MFM7bfEunvT8IAqQ/NzSJHtcmW5zdEY= github.com/vishvananda/netns v0.0.5/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM= -golang.org/x/net v0.44.0 h1:evd8IRDyfNBMBTTY5XRF1vaZlD+EmWx6x8PkhR04H/I= -golang.org/x/net v0.44.0/go.mod h1:ECOoLqd5U3Lhyeyo/QDCEVQ4sNgYsqvCZ722XogGieY= +golang.org/x/net v0.45.0 h1:RLBg5JKixCy82FtLJpeNlVM0nrSqpCRYzVU1n8kj0tM= +golang.org/x/net v0.45.0/go.mod h1:ECOoLqd5U3Lhyeyo/QDCEVQ4sNgYsqvCZ722XogGieY= golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= diff --git a/vendor/modules.txt b/vendor/modules.txt index 96c0f49261b..8425f39e6e7 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -91,7 +91,7 @@ github.com/vishvananda/netlink/nl # github.com/vishvananda/netns v0.0.5 ## explicit; go 1.17 github.com/vishvananda/netns -# golang.org/x/net v0.44.0 +# golang.org/x/net v0.45.0 ## explicit; go 1.24.0 golang.org/x/net/bpf # golang.org/x/sys v0.36.0 From ef61b7f0be2c5d0050af5312d1541eb304752697 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 23 Sep 2025 17:30:38 -0700 Subject: [PATCH 1049/1176] tests/int: add check for hugetlb stats As promised in https://github.com/opencontainers/cgroups/pull/24#pullrequestreview-3007872832 Signed-off-by: Kir Kolyshkin --- tests/integration/events.bats | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/tests/integration/events.bats b/tests/integration/events.bats index ce37c04b73e..ab5b320b99e 100644 --- a/tests/integration/events.bats +++ b/tests/integration/events.bats @@ -87,6 +87,20 @@ function test_events() { done } +# See https://github.com/opencontainers/cgroups/pull/24 +@test "events --stats with hugetlb" { + requires cgroups_v2 cgroups_hugetlb + init_cgroup_paths + + runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox + [ "$status" -eq 0 ] + + runc events --stats test_busybox + [ "$status" -eq 0 ] + # Ensure hugetlb node is present. + jq -e '.data.hugetlb // empty' <<<"${lines[0]}" +} + @test "events --interval default" { test_events } From e59062cec953a582d07d2d03b6f8605fc7e5e4a9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 9 Oct 2025 04:02:50 +0000 Subject: [PATCH 1050/1176] build(deps): bump golang.org/x/net from 0.45.0 to 0.46.0 Bumps [golang.org/x/net](https://github.com/golang/net) from 0.45.0 to 0.46.0. - [Commits](https://github.com/golang/net/compare/v0.45.0...v0.46.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-version: 0.46.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 4 ++-- go.sum | 8 ++++---- vendor/golang.org/x/sys/unix/affinity_linux.go | 9 +++++++++ vendor/golang.org/x/sys/unix/fdset.go | 4 +--- vendor/golang.org/x/sys/unix/ifreq_linux.go | 4 +--- vendor/golang.org/x/sys/unix/mkall.sh | 1 + vendor/golang.org/x/sys/unix/syscall_linux.go | 4 +--- vendor/golang.org/x/sys/unix/syscall_netbsd.go | 17 +++++++++++++++++ .../x/sys/windows/syscall_windows.go | 2 ++ .../golang.org/x/sys/windows/types_windows.go | 16 ++++++++++++++++ .../x/sys/windows/zsyscall_windows.go | 18 ++++++++++++++++++ vendor/modules.txt | 4 ++-- 12 files changed, 74 insertions(+), 17 deletions(-) diff --git a/go.mod b/go.mod index 551b9abf2e6..a53e86b369c 100644 --- a/go.mod +++ b/go.mod @@ -22,8 +22,8 @@ require ( github.com/urfave/cli v1.22.17 github.com/vishvananda/netlink v1.3.1 github.com/vishvananda/netns v0.0.5 - golang.org/x/net v0.45.0 - golang.org/x/sys v0.36.0 + golang.org/x/net v0.46.0 + golang.org/x/sys v0.37.0 google.golang.org/protobuf v1.36.10 ) diff --git a/go.sum b/go.sum index 0e29d465540..45bc4513954 100644 --- a/go.sum +++ b/go.sum @@ -76,16 +76,16 @@ github.com/vishvananda/netlink v1.3.1 h1:3AEMt62VKqz90r0tmNhog0r/PpWKmrEShJU0wJW github.com/vishvananda/netlink v1.3.1/go.mod h1:ARtKouGSTGchR8aMwmkzC0qiNPrrWO5JS/XMVl45+b4= github.com/vishvananda/netns v0.0.5 h1:DfiHV+j8bA32MFM7bfEunvT8IAqQ/NzSJHtcmW5zdEY= github.com/vishvananda/netns v0.0.5/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM= -golang.org/x/net v0.45.0 h1:RLBg5JKixCy82FtLJpeNlVM0nrSqpCRYzVU1n8kj0tM= -golang.org/x/net v0.45.0/go.mod h1:ECOoLqd5U3Lhyeyo/QDCEVQ4sNgYsqvCZ722XogGieY= +golang.org/x/net v0.46.0 h1:giFlY12I07fugqwPuWJi68oOnpfqFnJIJzaIIm2JVV4= +golang.org/x/net v0.46.0/go.mod h1:Q9BGdFy1y4nkUwiLvT5qtyhAnEHgnQ/zd8PfU6nc210= golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.36.0 h1:KVRy2GtZBrk1cBYA7MKu5bEZFxQk4NIDV6RLVcC8o0k= -golang.org/x/sys v0.36.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= +golang.org/x/sys v0.37.0 h1:fdNQudmxPjkdUTPnLn5mdQv7Zwvbvpaxqs831goi9kQ= +golang.org/x/sys v0.37.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE= google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/vendor/golang.org/x/sys/unix/affinity_linux.go b/vendor/golang.org/x/sys/unix/affinity_linux.go index 3c7a6d6e2f1..3ea470387bc 100644 --- a/vendor/golang.org/x/sys/unix/affinity_linux.go +++ b/vendor/golang.org/x/sys/unix/affinity_linux.go @@ -41,6 +41,15 @@ func (s *CPUSet) Zero() { clear(s[:]) } +// Fill adds all possible CPU bits to the set s. On Linux, [SchedSetaffinity] +// will silently ignore any invalid CPU bits in [CPUSet] so this is an +// efficient way of resetting the CPU affinity of a process. +func (s *CPUSet) Fill() { + for i := range s { + s[i] = ^cpuMask(0) + } +} + func cpuBitsIndex(cpu int) int { return cpu / _NCPUBITS } diff --git a/vendor/golang.org/x/sys/unix/fdset.go b/vendor/golang.org/x/sys/unix/fdset.go index 9e83d18cd04..62ed12645f4 100644 --- a/vendor/golang.org/x/sys/unix/fdset.go +++ b/vendor/golang.org/x/sys/unix/fdset.go @@ -23,7 +23,5 @@ func (fds *FdSet) IsSet(fd int) bool { // Zero clears the set fds. func (fds *FdSet) Zero() { - for i := range fds.Bits { - fds.Bits[i] = 0 - } + clear(fds.Bits[:]) } diff --git a/vendor/golang.org/x/sys/unix/ifreq_linux.go b/vendor/golang.org/x/sys/unix/ifreq_linux.go index 848840ae4c7..309f5a2b0c7 100644 --- a/vendor/golang.org/x/sys/unix/ifreq_linux.go +++ b/vendor/golang.org/x/sys/unix/ifreq_linux.go @@ -111,9 +111,7 @@ func (ifr *Ifreq) SetUint32(v uint32) { // clear zeroes the ifreq's union field to prevent trailing garbage data from // being sent to the kernel if an ifreq is reused. func (ifr *Ifreq) clear() { - for i := range ifr.raw.Ifru { - ifr.raw.Ifru[i] = 0 - } + clear(ifr.raw.Ifru[:]) } // TODO(mdlayher): export as IfreqData? For now we can provide helpers such as diff --git a/vendor/golang.org/x/sys/unix/mkall.sh b/vendor/golang.org/x/sys/unix/mkall.sh index e6f31d374df..d0ed6119129 100644 --- a/vendor/golang.org/x/sys/unix/mkall.sh +++ b/vendor/golang.org/x/sys/unix/mkall.sh @@ -49,6 +49,7 @@ esac if [[ "$GOOS" = "linux" ]]; then # Use the Docker-based build system # Files generated through docker (use $cmd so you can Ctl-C the build or run) + set -e $cmd docker build --tag generate:$GOOS $GOOS $cmd docker run --interactive --tty --volume $(cd -- "$(dirname -- "$0")/.." && pwd):/build generate:$GOOS exit diff --git a/vendor/golang.org/x/sys/unix/syscall_linux.go b/vendor/golang.org/x/sys/unix/syscall_linux.go index 4958a657085..9439af961d9 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux.go @@ -801,9 +801,7 @@ func (sa *SockaddrPPPoE) sockaddr() (unsafe.Pointer, _Socklen, error) { // one. The kernel expects SID to be in network byte order. binary.BigEndian.PutUint16(sa.raw[6:8], sa.SID) copy(sa.raw[8:14], sa.Remote) - for i := 14; i < 14+IFNAMSIZ; i++ { - sa.raw[i] = 0 - } + clear(sa.raw[14 : 14+IFNAMSIZ]) copy(sa.raw[14:], sa.Dev) return unsafe.Pointer(&sa.raw), SizeofSockaddrPPPoX, nil } diff --git a/vendor/golang.org/x/sys/unix/syscall_netbsd.go b/vendor/golang.org/x/sys/unix/syscall_netbsd.go index 88162099af5..34a46769730 100644 --- a/vendor/golang.org/x/sys/unix/syscall_netbsd.go +++ b/vendor/golang.org/x/sys/unix/syscall_netbsd.go @@ -248,6 +248,23 @@ func Statvfs(path string, buf *Statvfs_t) (err error) { return Statvfs1(path, buf, ST_WAIT) } +func Getvfsstat(buf []Statvfs_t, flags int) (n int, err error) { + var ( + _p0 unsafe.Pointer + bufsize uintptr + ) + if len(buf) > 0 { + _p0 = unsafe.Pointer(&buf[0]) + bufsize = unsafe.Sizeof(Statvfs_t{}) * uintptr(len(buf)) + } + r0, _, e1 := Syscall(SYS_GETVFSSTAT, uintptr(_p0), bufsize, uintptr(flags)) + n = int(r0) + if e1 != 0 { + err = e1 + } + return +} + /* * Exposed directly */ diff --git a/vendor/golang.org/x/sys/windows/syscall_windows.go b/vendor/golang.org/x/sys/windows/syscall_windows.go index 640f6b153f0..bd513373060 100644 --- a/vendor/golang.org/x/sys/windows/syscall_windows.go +++ b/vendor/golang.org/x/sys/windows/syscall_windows.go @@ -321,6 +321,8 @@ func NewCallbackCDecl(fn interface{}) uintptr { //sys SetConsoleOutputCP(cp uint32) (err error) = kernel32.SetConsoleOutputCP //sys WriteConsole(console Handle, buf *uint16, towrite uint32, written *uint32, reserved *byte) (err error) = kernel32.WriteConsoleW //sys ReadConsole(console Handle, buf *uint16, toread uint32, read *uint32, inputControl *byte) (err error) = kernel32.ReadConsoleW +//sys GetNumberOfConsoleInputEvents(console Handle, numevents *uint32) (err error) = kernel32.GetNumberOfConsoleInputEvents +//sys FlushConsoleInputBuffer(console Handle) (err error) = kernel32.FlushConsoleInputBuffer //sys resizePseudoConsole(pconsole Handle, size uint32) (hr error) = kernel32.ResizePseudoConsole //sys CreateToolhelp32Snapshot(flags uint32, processId uint32) (handle Handle, err error) [failretval==InvalidHandle] = kernel32.CreateToolhelp32Snapshot //sys Module32First(snapshot Handle, moduleEntry *ModuleEntry32) (err error) = kernel32.Module32FirstW diff --git a/vendor/golang.org/x/sys/windows/types_windows.go b/vendor/golang.org/x/sys/windows/types_windows.go index 993a2297dbe..358be3c7f5e 100644 --- a/vendor/golang.org/x/sys/windows/types_windows.go +++ b/vendor/golang.org/x/sys/windows/types_windows.go @@ -65,6 +65,22 @@ var signals = [...]string{ 15: "terminated", } +// File flags for [os.OpenFile]. The O_ prefix is used to indicate +// that these flags are specific to the OpenFile function. +const ( + O_FILE_FLAG_OPEN_NO_RECALL = FILE_FLAG_OPEN_NO_RECALL + O_FILE_FLAG_OPEN_REPARSE_POINT = FILE_FLAG_OPEN_REPARSE_POINT + O_FILE_FLAG_SESSION_AWARE = FILE_FLAG_SESSION_AWARE + O_FILE_FLAG_POSIX_SEMANTICS = FILE_FLAG_POSIX_SEMANTICS + O_FILE_FLAG_BACKUP_SEMANTICS = FILE_FLAG_BACKUP_SEMANTICS + O_FILE_FLAG_DELETE_ON_CLOSE = FILE_FLAG_DELETE_ON_CLOSE + O_FILE_FLAG_SEQUENTIAL_SCAN = FILE_FLAG_SEQUENTIAL_SCAN + O_FILE_FLAG_RANDOM_ACCESS = FILE_FLAG_RANDOM_ACCESS + O_FILE_FLAG_NO_BUFFERING = FILE_FLAG_NO_BUFFERING + O_FILE_FLAG_OVERLAPPED = FILE_FLAG_OVERLAPPED + O_FILE_FLAG_WRITE_THROUGH = FILE_FLAG_WRITE_THROUGH +) + const ( FILE_READ_DATA = 0x00000001 FILE_READ_ATTRIBUTES = 0x00000080 diff --git a/vendor/golang.org/x/sys/windows/zsyscall_windows.go b/vendor/golang.org/x/sys/windows/zsyscall_windows.go index 641a5f4b775..426151a0193 100644 --- a/vendor/golang.org/x/sys/windows/zsyscall_windows.go +++ b/vendor/golang.org/x/sys/windows/zsyscall_windows.go @@ -238,6 +238,7 @@ var ( procFindResourceW = modkernel32.NewProc("FindResourceW") procFindVolumeClose = modkernel32.NewProc("FindVolumeClose") procFindVolumeMountPointClose = modkernel32.NewProc("FindVolumeMountPointClose") + procFlushConsoleInputBuffer = modkernel32.NewProc("FlushConsoleInputBuffer") procFlushFileBuffers = modkernel32.NewProc("FlushFileBuffers") procFlushViewOfFile = modkernel32.NewProc("FlushViewOfFile") procFormatMessageW = modkernel32.NewProc("FormatMessageW") @@ -284,6 +285,7 @@ var ( procGetNamedPipeHandleStateW = modkernel32.NewProc("GetNamedPipeHandleStateW") procGetNamedPipeInfo = modkernel32.NewProc("GetNamedPipeInfo") procGetNamedPipeServerProcessId = modkernel32.NewProc("GetNamedPipeServerProcessId") + procGetNumberOfConsoleInputEvents = modkernel32.NewProc("GetNumberOfConsoleInputEvents") procGetOverlappedResult = modkernel32.NewProc("GetOverlappedResult") procGetPriorityClass = modkernel32.NewProc("GetPriorityClass") procGetProcAddress = modkernel32.NewProc("GetProcAddress") @@ -2111,6 +2113,14 @@ func FindVolumeMountPointClose(findVolumeMountPoint Handle) (err error) { return } +func FlushConsoleInputBuffer(console Handle) (err error) { + r1, _, e1 := syscall.SyscallN(procFlushConsoleInputBuffer.Addr(), uintptr(console)) + if r1 == 0 { + err = errnoErr(e1) + } + return +} + func FlushFileBuffers(handle Handle) (err error) { r1, _, e1 := syscall.SyscallN(procFlushFileBuffers.Addr(), uintptr(handle)) if r1 == 0 { @@ -2481,6 +2491,14 @@ func GetNamedPipeServerProcessId(pipe Handle, serverProcessID *uint32) (err erro return } +func GetNumberOfConsoleInputEvents(console Handle, numevents *uint32) (err error) { + r1, _, e1 := syscall.SyscallN(procGetNumberOfConsoleInputEvents.Addr(), uintptr(console), uintptr(unsafe.Pointer(numevents))) + if r1 == 0 { + err = errnoErr(e1) + } + return +} + func GetOverlappedResult(handle Handle, overlapped *Overlapped, done *uint32, wait bool) (err error) { var _p0 uint32 if wait { diff --git a/vendor/modules.txt b/vendor/modules.txt index 8425f39e6e7..3633df7018e 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -91,10 +91,10 @@ github.com/vishvananda/netlink/nl # github.com/vishvananda/netns v0.0.5 ## explicit; go 1.17 github.com/vishvananda/netns -# golang.org/x/net v0.45.0 +# golang.org/x/net v0.46.0 ## explicit; go 1.24.0 golang.org/x/net/bpf -# golang.org/x/sys v0.36.0 +# golang.org/x/sys v0.37.0 ## explicit; go 1.24.0 golang.org/x/sys/unix golang.org/x/sys/windows From 93f9a392cf2996204af340f6bdac78b82eaefc26 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Thu, 9 Oct 2025 15:14:50 +1100 Subject: [PATCH 1051/1176] libct: switch to (*CPUSet).Fill Now that we've updated to golang.org/x/sys@v0.37.0, CPUSet has a Fill helper that does the equivalent to our underflow trick to make setting all CPUs efficient. Signed-off-by: Aleksa Sarai --- libcontainer/process_linux.go | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/libcontainer/process_linux.go b/libcontainer/process_linux.go index 6c885ace45e..c91bf5515ca 100644 --- a/libcontainer/process_linux.go +++ b/libcontainer/process_linux.go @@ -184,16 +184,8 @@ func tryResetCPUAffinity(pid int) { // // So we can just pass a very large array of set cpumask bits and the // kernel will silently convert that to the correct value very cheaply. - - // Ideally, we would just set the array to 0xFF...FF. Unfortunately, the - // size depends on the architecture. It is also a private newtype, so we - // can't use (^0) or generics since those require us to be able to name the - // type. However, we can just underflow the zero value instead. - // TODO: Once is merged, switch to that. - cpuset := unix.CPUSet{} - for i := range cpuset { - cpuset[i]-- // underflow to 0xFF..FF - } + var cpuset unix.CPUSet + cpuset.Fill() // set all bits if err := unix.SchedSetaffinity(pid, &cpuset); err != nil { logrus.WithError( os.NewSyscallError("sched_setaffinity", err), From 1adb070b58713c973534ecee6715384583ee008f Mon Sep 17 00:00:00 2001 From: Osama Abdelkader Date: Mon, 6 Oct 2025 15:20:33 +0300 Subject: [PATCH 1052/1176] criu: replace deprecated strings.Title strings.Title is deprecated since Go 1.18. Replace it with a simple manual capitalization of the first character in criuNsToKey(). Signed-off-by: Osama Abdelkader Co-authored-by: Kir Kolyshkin --- libcontainer/criu_linux.go | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/libcontainer/criu_linux.go b/libcontainer/criu_linux.go index a86e53fd785..fb435e11112 100644 --- a/libcontainer/criu_linux.go +++ b/libcontainer/criu_linux.go @@ -15,6 +15,7 @@ import ( "reflect" "strings" "time" + "unicode" "github.com/checkpoint-restore/go-criu/v7" criurpc "github.com/checkpoint-restore/go-criu/v7/rpc" @@ -183,7 +184,19 @@ func (c *Container) criuSupportsExtNS(t configs.NamespaceType) bool { } func criuNsToKey(t configs.NamespaceType) string { - return "extRoot" + strings.Title(configs.NsName(t)) + "NS" //nolint:staticcheck // SA1019: strings.Title is deprecated + // Construct "extRoot" + capitalize(nsName) + "NS" without allocations. + // Result format: "extRootNetNS", "extRootPidNS", etc. + nsName := configs.NsName(t) + out := make([]byte, 0, 32) + out = append(out, "extRoot"...) + // Capitalize the first character (this assumes it's in the a-z range). + if len(nsName) > 0 { + out = append(out, byte(unicode.ToUpper(rune(nsName[0])))) + out = append(out, nsName[1:]...) + } + out = append(out, "NS"...) + + return string(out) } func (c *Container) handleCheckpointingExternalNamespaces(rpcOpts *criurpc.CriuOpts, t configs.NamespaceType) error { From e0632ccd1cde3f6a70b75f0b10b3b265e45c2502 Mon Sep 17 00:00:00 2001 From: Osama Abdelkader Date: Fri, 26 Sep 2025 22:50:57 +0300 Subject: [PATCH 1053/1176] docs: update seccomp documentation Replace outdated TODO comment with updated information about runc's seccomp support. Signed-off-by: Osama Abdelkader --- libcontainer/SPEC.md | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/libcontainer/SPEC.md b/libcontainer/SPEC.md index c6fe4eaa8a0..e81005c6c16 100644 --- a/libcontainer/SPEC.md +++ b/libcontainer/SPEC.md @@ -367,7 +367,25 @@ profile flags=(attach_disconnected,mediate_deleted) { } ``` -*TODO: seccomp work is being done to find a good default config* +[seccomp](https://en.wikipedia.org/wiki/Seccomp) can be used to apply filters +to the system calls used in a container. The set of filter expressions allows +you to match against syscall numbers (automatically resolved from syscall +names) and apply various comparison operators to syscall arguments. + +When a filter rule matches, the associated action is executed - such as killing +the process or thread, returning an errno value without executing the syscall, +forwarding the request to a user-space agent to handle, emitting a log entry, +or permitting the syscall to execute. + +The primary use-case is to provide an explicit allow-list of syscalls for a +container, to reduce the kernel API attack surface exposed to the container. +Historically, seccomp has protected containers against various kernel 0-day +vulnerabilities, so a strong seccomp filter is highly recommended. + +libcontainer does not provide a default filter, but higher-level +runtimes tend to define their own filters for use with runc (see +[oci-runtime-seccomp](https://github.com/opencontainers/runtime-spec/blob/v1.2.1/config-linux.md#seccomp) +for more information on how to write your own filters). ### Runtime and Init Process From c0e6f42427ff66a60e12c89eeec8741f3d463dc3 Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Tue, 14 Oct 2025 14:41:27 +0900 Subject: [PATCH 1054/1176] CI: remove deprecated lima-vm/lima-actions/ssh `lima-vm/lima-actions/ssh` is now merged into `lima-vm/lima-actions/setup`. https://github.com/lima-vm/lima-actions/releases/tag/v1.1.0 Signed-off-by: Akihiro Suda --- .github/workflows/test.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 16cab969f5c..4962993c0a0 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -218,8 +218,6 @@ jobs: # NOTE the execution environment lacks a terminal, needed for # some integration tests. So we use `ssh -tt` command to fake a terminal. - - uses: lima-vm/lima-actions/ssh@v1 - - name: "Run unit tests" run: ssh -tt lima-default sudo -i make -C /tmp/runc localunittest From 4e262509b8bc584bf4a57afbb6c21e2e74cdd5e0 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 13 Oct 2025 15:54:45 -0700 Subject: [PATCH 1055/1176] libct: close child fds on prepareCgroupFD error The (*setns).start is supposed to close child fds once the child has started, or upon an error. Commit 5af4dd4e6 added a bug -- child fds are not closed if prepareCgroupFD fails. Fix by adding a missing call to closeChild. I'm not sure how to write a good test case for it. Found when working on PR 4928 (and tested in there). Fixes: 5af4dd4e6 Signed-off-by: Kir Kolyshkin --- libcontainer/process_linux.go | 1 + 1 file changed, 1 insertion(+) diff --git a/libcontainer/process_linux.go b/libcontainer/process_linux.go index c91bf5515ca..7d0a6b5dd97 100644 --- a/libcontainer/process_linux.go +++ b/libcontainer/process_linux.go @@ -357,6 +357,7 @@ func (p *setnsProcess) start() (retErr error) { fd, err := p.prepareCgroupFD() if err != nil { + p.comm.closeChild() return err } From 871052b791dfb4ade71329424fd0c683aeed4d21 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 14 Oct 2025 11:30:28 -0700 Subject: [PATCH 1056/1176] libct: refactor setnsProcess.start Factor startWithCgroupFD out of start to reduce the start complexity. This also implements a more future-proof way of calling p.comm.closeChild. Co-authored-by: lifubang Signed-off-by: Kir Kolyshkin --- libcontainer/process_linux.go | 30 ++++++++++++++++++------------ 1 file changed, 18 insertions(+), 12 deletions(-) diff --git a/libcontainer/process_linux.go b/libcontainer/process_linux.go index 7d0a6b5dd97..c1c27494fd6 100644 --- a/libcontainer/process_linux.go +++ b/libcontainer/process_linux.go @@ -352,22 +352,21 @@ func (p *setnsProcess) prepareCgroupFD() (*os.File, error) { return fd, nil } -func (p *setnsProcess) start() (retErr error) { - defer p.comm.closeParent() +// startWithCgroupFD starts a process via clone3 with CLONE_INTO_CGROUP, +// with a fallback if it fails (e.g. not available). +func (p *setnsProcess) startWithCgroupFD() error { + // Close the child side of the pipes. + defer p.comm.closeChild() fd, err := p.prepareCgroupFD() if err != nil { - p.comm.closeChild() return err } - - // Get the "before" value of oom kill count. - oom, _ := p.manager.OOMKillCount() - - err = p.startWithCPUAffinity() if fd != nil { - fd.Close() + defer fd.Close() } + + err = p.startWithCPUAffinity() if err != nil && p.cmd.SysProcAttr.UseCgroupFD { logrus.Debugf("exec with CLONE_INTO_CGROUP failed: %v; retrying without", err) // SysProcAttr.CgroupFD is never used when UseCgroupFD is unset. @@ -375,9 +374,16 @@ func (p *setnsProcess) start() (retErr error) { err = p.startWithCPUAffinity() } - // Close the child-side of the pipes (controlled by child). - p.comm.closeChild() - if err != nil { + return err +} + +func (p *setnsProcess) start() (retErr error) { + defer p.comm.closeParent() + + // Get the "before" value of oom kill count. + oom, _ := p.manager.OOMKillCount() + + if err := p.startWithCgroupFD(); err != nil { return fmt.Errorf("error starting setns process: %w", err) } From 1c4dba693ffc843086781e456f5cb3aae1426430 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 14 Oct 2025 16:15:13 -0700 Subject: [PATCH 1057/1176] ci: only run lint-extra job on PRs to main All the new code appears in main (not in the release branches), and we only want extra linter rules to apply to new code. Disable lint-extra job if the PR is not to the main branch. Signed-off-by: Kir Kolyshkin --- .github/workflows/validate.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 43bfc293c8e..c3a8452fd1d 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -42,9 +42,9 @@ jobs: - uses: golangci/golangci-lint-action@v8 with: version: v2.5 - # Extra linters, only checking new code from a pull request. + # Extra linters, only checking new code from a pull request to main. - name: lint-extra - if: github.event_name == 'pull_request' + if: github.event_name == 'pull_request' && github.base_ref == 'main' run: | golangci-lint run --config .golangci-extra.yml --new-from-rev=HEAD~1 From 6af1d637bace0493fdb4dad4177da7624ce22ab4 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 16 Oct 2025 12:02:01 -0700 Subject: [PATCH 1058/1176] ci: bump bats to 1.11.1 Bump bats to the version from Fedora 42 (used in "fedora" job), so we have the same version everywhere. This also fixes an issue introduced by commit d31e6b87 (which forgot to bump bats in GHA CI), and adds a note to the yaml in order to avoid the same issue in the future. Signed-off-by: Kir Kolyshkin --- .cirrus.yml | 2 +- .github/workflows/test.yml | 2 +- Dockerfile | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.cirrus.yml b/.cirrus.yml index 56453aaae54..e2f552cbd20 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -12,7 +12,7 @@ task: HOME: /root CIRRUS_WORKING_DIR: /home/runc GO_VER_PREFIX: "1.24." - BATS_VERSION: "v1.11.0" + BATS_VERSION: "v1.11.1" RPMS: gcc git-core iptables jq glibc-static libseccomp-devel make criu fuse-sshfs container-selinux # yamllint disable rule:key-duplicates matrix: diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 4962993c0a0..4237ef1b58a 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -107,7 +107,7 @@ jobs: - name: Setup Bats and bats libs uses: bats-core/bats-action@3.0.1 with: - bats-version: 1.9.0 + bats-version: 1.11.1 # Known as BATS_VERSION in other places. support-install: false assert-install: false detik-install: false diff --git a/Dockerfile b/Dockerfile index 26f124ede8e..ae10e34661f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ ARG GO_VERSION=1.24 -ARG BATS_VERSION=v1.11.0 +ARG BATS_VERSION=v1.11.1 ARG LIBSECCOMP_VERSION=2.5.6 FROM golang:${GO_VERSION}-bookworm From 2a7ce15e68c34e2730958d2169f3205a305323ab Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 16 Oct 2025 12:09:46 -0700 Subject: [PATCH 1059/1176] ci: show criu version in criu-dev testing Signed-off-by: Kir Kolyshkin --- .github/workflows/test.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 4237ef1b58a..1d8ab5cb03d 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -94,6 +94,7 @@ jobs: https://github.com/checkpoint-restore/criu.git ~/criu (cd ~/criu && sudo make -j $(nproc) install-criu) rm -rf ~/criu + criu --version - name: install go ${{ matrix.go-version }} uses: actions/setup-go@v6 From 772e91062dc53f62a63926b824d99eb3259358bb Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 17 Oct 2025 12:39:36 -0700 Subject: [PATCH 1060/1176] tests/int/README: update 1. Remove the devicemapper driver mentions, and is it no longer supported by docker (or podman). 2. Remove the test example -- we have plenty of real ones. 3. Add a link to (well written and extensive) bats documentation. 4. Fix capitalization in a sentence. Signed-off-by: Kir Kolyshkin --- tests/integration/README.md | 37 +++++-------------------------------- 1 file changed, 5 insertions(+), 32 deletions(-) diff --git a/tests/integration/README.md b/tests/integration/README.md index 6f934c620e9..aec65961716 100644 --- a/tests/integration/README.md +++ b/tests/integration/README.md @@ -10,7 +10,9 @@ to end. Integration tests are written in *bash* using the [bats (Bash Automated Testing System)](https://github.com/bats-core/bats-core) -framework. +framework. Please see +[bats documentation](https://bats-core.readthedocs.io/en/stable/index.html) +for more details. ## Running integration tests @@ -43,38 +45,9 @@ cd bats-core ./install.sh /usr/local ``` -> **Note**: There are known issues running the integration tests using -> **devicemapper** as a storage driver, make sure that your docker daemon -> is using **aufs** if you want to successfully run the integration tests. - ## Writing integration tests -[helper functions](https://github.com/opencontainers/runc/blob/master/tests/integration/helpers.bash) +[Helper functions](https://github.com/opencontainers/runc/blob/master/tests/integration/helpers.bash) are provided in order to facilitate writing tests. -```sh -#!/usr/bin/env bats - -# This will load the helpers. -load helpers - -# setup is called at the beginning of every test. -function setup() { - setup_busybox -} - -# teardown is called at the end of every test. -function teardown() { - teardown_bundle -} - -@test "this is a simple test" { - runc run containerid - # "The runc macro" automatically populates $status, $output and $lines. - # Please refer to bats documentation to find out more. - [ "$status" -eq 0 ] - - # check expected output - [[ "${output}" == *"Hello"* ]] -} -``` +Please see existing tests for examples. From 0eb03ef86fc54ab41e3d0dcb822ce42b6b40f8f4 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 16 Oct 2025 14:06:22 -0700 Subject: [PATCH 1061/1176] tests/int: remove useless/obvious comments This is a bit opinionated, but some comments in integration tests do not really help to understand the nature of the tests being performed by stating something very obvious, like # run busybox detached runc run -d busybox To make things worse, these not-so-helpful messages are being copy/pasted over and over, and that is the main reason to remove them. Signed-off-by: Kir Kolyshkin --- tests/integration/checkpoint.bats | 28 +-------------------------- tests/integration/create.bats | 9 --------- tests/integration/debug.bats | 4 ---- tests/integration/delete.bats | 5 ----- tests/integration/events.bats | 2 -- tests/integration/exec.bats | 14 -------------- tests/integration/kill.bats | 2 -- tests/integration/list.bats | 1 - tests/integration/mask.bats | 2 -- tests/integration/pause.bats | 11 ----------- tests/integration/start.bats | 2 -- tests/integration/start_detached.bats | 14 -------------- tests/integration/start_hello.bats | 10 ---------- tests/integration/state.bats | 9 --------- tests/integration/tty.bats | 21 -------------------- tests/integration/umask.bats | 1 - tests/integration/update.bats | 3 --- 17 files changed, 1 insertion(+), 137 deletions(-) diff --git a/tests/integration/checkpoint.bats b/tests/integration/checkpoint.bats index eb7557f5acb..503f5a8f460 100644 --- a/tests/integration/checkpoint.bats +++ b/tests/integration/checkpoint.bats @@ -126,18 +126,14 @@ function simple_cr() { testcontainer test_busybox running for _ in $(seq 2); do - # checkpoint the running container runc "$@" checkpoint --work-path ./work-dir test_busybox [ "$status" -eq 0 ] - # after checkpoint busybox is no longer running testcontainer test_busybox checkpointed - # restore from checkpoint runc "$@" restore -d --work-path ./work-dir --console-socket "$CONSOLE_SOCKET" test_busybox [ "$status" -eq 0 ] - # busybox should be back up and running testcontainer test_busybox running done } @@ -167,18 +163,14 @@ function simple_cr_with_netdevice() { [[ "$output" == *"mtu $mtu_value "* ]] for _ in $(seq 2); do - # checkpoint the running container runc "$@" checkpoint --work-path ./work-dir test_busybox_netdevice [ "$status" -eq 0 ] - # after checkpoint busybox is no longer running testcontainer test_busybox_netdevice checkpointed - # restore from checkpoint runc "$@" restore -d --work-path ./work-dir --console-socket "$CONSOLE_SOCKET" test_busybox_netdevice [ "$status" -eq 0 ] - # busybox should be back up and running testcontainer test_busybox_netdevice running run runc exec test_busybox_netdevice ip address show dev dummy0 [ "$status" -eq 0 ] @@ -271,15 +263,12 @@ function simple_cr_with_netdevice() { setup_pipes runc_run_with_pipes test_busybox - #test checkpoint pre-dump mkdir parent-dir runc checkpoint --pre-dump --image-path ./parent-dir test_busybox [ "$status" -eq 0 ] - # busybox should still be running testcontainer test_busybox running - # checkpoint the running container mkdir image-dir mkdir work-dir runc checkpoint --parent-path ../parent-dir --work-path ./work-dir --image-path ./image-dir test_busybox @@ -288,7 +277,6 @@ function simple_cr_with_netdevice() { # check parent path is valid [ -e ./image-dir/parent ] - # after checkpoint busybox is no longer running testcontainer test_busybox checkpointed runc_restore_with_pipes ./work-dir test_busybox @@ -302,7 +290,6 @@ function simple_cr_with_netdevice() { setup_pipes runc_run_with_pipes test_busybox - # checkpoint the running container mkdir image-dir mkdir work-dir @@ -391,14 +378,12 @@ function simple_cr_with_netdevice() { runc checkpoint --work-path ./work-dir test_busybox [ "$status" -eq 0 ] - # after checkpoint busybox is no longer running testcontainer test_busybox checkpointed # restore from checkpoint; this should restore the container into the existing network namespace runc restore -d --work-path ./work-dir --console-socket "$CONSOLE_SOCKET" test_busybox [ "$status" -eq 0 ] - # busybox should be back up and running testcontainer test_busybox running # container should be running in same network namespace as before @@ -436,23 +421,20 @@ function simple_cr_with_netdevice() { testcontainer test_busybox running - # checkpoint the running container runc checkpoint --work-path ./work-dir test_busybox [ "$status" -eq 0 ] run ! test -f ./work-dir/"$tmplog1" test -f ./work-dir/"$tmplog2" - # after checkpoint busybox is no longer running testcontainer test_busybox checkpointed test -f ./work-dir/"$tmplog2" && unlink ./work-dir/"$tmplog2" - # restore from checkpoint + runc restore -d --work-path ./work-dir --console-socket "$CONSOLE_SOCKET" test_busybox [ "$status" -eq 0 ] run ! test -f ./work-dir/"$tmplog1" test -f ./work-dir/"$tmplog2" - # busybox should be back up and running testcontainer test_busybox running unlink "$tmp" test -f ./work-dir/"$tmplog2" && unlink ./work-dir/"$tmplog2" @@ -479,22 +461,18 @@ function simple_cr_with_netdevice() { testcontainer test_busybox running - # checkpoint the running container runc checkpoint --work-path ./work-dir test_busybox [ "$status" -eq 0 ] - # after checkpoint busybox is no longer running testcontainer test_busybox checkpointed # cleanup mountpoints created by runc during creation # the mountpoints should be recreated during restore - that is the actual thing tested here rm -rf "${bind1:?}"/* - # restore from checkpoint runc restore -d --work-path ./work-dir --console-socket "$CONSOLE_SOCKET" test_busybox [ "$status" -eq 0 ] - # busybox should be back up and running testcontainer test_busybox running } @@ -545,18 +523,14 @@ function simple_cr_with_netdevice() { local execed_pid="" for _ in $(seq 2); do - # checkpoint the running container runc checkpoint --work-path ./work-dir test_busybox [ "$status" -eq 0 ] - # after checkpoint busybox is no longer running testcontainer test_busybox checkpointed - # restore from checkpoint runc restore -d --work-path ./work-dir --console-socket "$CONSOLE_SOCKET" test_busybox [ "$status" -eq 0 ] - # busybox should be back up and running testcontainer test_busybox running # verify that previously exec'd process is restored. diff --git a/tests/integration/create.bats b/tests/integration/create.bats index f12291ca9d9..b1693518a99 100644 --- a/tests/integration/create.bats +++ b/tests/integration/create.bats @@ -16,7 +16,6 @@ function teardown() { testcontainer test_busybox created - # start the command runc start test_busybox [ "$status" -eq 0 ] @@ -34,7 +33,6 @@ function teardown() { testcontainer test_busybox created - # start the command runc start test_busybox [ "$status" -eq 0 ] @@ -47,12 +45,9 @@ function teardown() { testcontainer test_busybox created - # check pid.txt was generated [ -e pid.txt ] - [[ $(cat pid.txt) = $(__runc state test_busybox | jq '.pid') ]] - # start the command runc start test_busybox [ "$status" -eq 0 ] @@ -61,7 +56,6 @@ function teardown() { @test "runc create --pid-file with new CWD" { bundle="$(pwd)" - # create pid_file directory as the CWD mkdir pid_file cd pid_file @@ -70,12 +64,9 @@ function teardown() { testcontainer test_busybox created - # check pid.txt was generated [ -e pid.txt ] - [[ $(cat pid.txt) = $(__runc state test_busybox | jq '.pid') ]] - # start the command runc start test_busybox [ "$status" -eq 0 ] diff --git a/tests/integration/debug.bats b/tests/integration/debug.bats index 9db676b89b2..cb9276a4afd 100644 --- a/tests/integration/debug.bats +++ b/tests/integration/debug.bats @@ -18,7 +18,6 @@ function check_debug() { } @test "global --debug" { - # run hello-world runc --debug run test_hello [ "$status" -eq 0 ] @@ -28,7 +27,6 @@ function check_debug() { } @test "global --debug to --log" { - # run hello-world runc --log log.out --debug run test_hello [ "$status" -eq 0 ] @@ -43,7 +41,6 @@ function check_debug() { } @test "global --debug to --log --log-format 'text'" { - # run hello-world runc --log log.out --log-format "text" --debug run test_hello [ "$status" -eq 0 ] @@ -58,7 +55,6 @@ function check_debug() { } @test "global --debug to --log --log-format 'json'" { - # run hello-world runc --log log.out --log-format "json" --debug run test_hello [ "$status" -eq 0 ] diff --git a/tests/integration/delete.bats b/tests/integration/delete.bats index bdb94516b9e..967f8e25ff1 100644 --- a/tests/integration/delete.bats +++ b/tests/integration/delete.bats @@ -115,14 +115,11 @@ function test_runc_delete_host_pidns() { } @test "runc delete --force" { - # run busybox detached runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox [ "$status" -eq 0 ] - # check state testcontainer test_busybox running - # force delete test_busybox runc delete --force test_busybox runc state test_busybox @@ -209,11 +206,9 @@ EOF set_cgroups_path set_cgroup_mount_writable - # run busybox detached runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox [ "$status" -eq 0 ] - # check state testcontainer test_busybox running # create a sub process diff --git a/tests/integration/events.bats b/tests/integration/events.bats index ab5b320b99e..2076e8e95b8 100644 --- a/tests/integration/events.bats +++ b/tests/integration/events.bats @@ -47,7 +47,6 @@ function test_events() { [ $EUID -ne 0 ] && requires rootless_cgroup init_cgroup_paths - # run busybox detached runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox [ "$status" -eq 0 ] @@ -121,7 +120,6 @@ function test_events() { # we need the container to hit OOM, so disable swap update_config '(.. | select(.resources? != null)) .resources.memory |= {"limit": 33554432, "swap": 33554432}' - # run busybox detached runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox [ "$status" -eq 0 ] diff --git a/tests/integration/exec.bats b/tests/integration/exec.bats index 1426e198269..056c53545df 100644 --- a/tests/integration/exec.bats +++ b/tests/integration/exec.bats @@ -11,7 +11,6 @@ function teardown() { } @test "runc exec" { - # run busybox detached runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox [ "$status" -eq 0 ] @@ -42,7 +41,6 @@ function teardown() { } @test "runc exec --pid-file" { - # run busybox detached runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox [ "$status" -eq 0 ] @@ -51,9 +49,7 @@ function teardown() { echo text echoed = "'""${output}""'" [[ "${output}" == *"Hello from exec"* ]] - # check pid.txt was generated [ -e pid.txt ] - output=$(cat pid.txt) [[ "$output" =~ [0-9]+ ]] [[ "$output" != $(__runc state test_busybox | jq '.pid') ]] @@ -61,11 +57,9 @@ function teardown() { @test "runc exec --pid-file with new CWD" { bundle="$(pwd)" - # create pid_file directory as the CWD mkdir pid_file cd pid_file - # run busybox detached runc run -d -b "$bundle" --console-socket "$CONSOLE_SOCKET" test_busybox [ "$status" -eq 0 ] @@ -74,16 +68,13 @@ function teardown() { echo text echoed = "'""${output}""'" [[ "${output}" == *"Hello from exec"* ]] - # check pid.txt was generated [ -e pid.txt ] - output=$(cat pid.txt) [[ "$output" =~ [0-9]+ ]] [[ "$output" != $(__runc state test_busybox | jq '.pid') ]] } @test "runc exec ls -la" { - # run busybox detached runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox [ "$status" -eq 0 ] @@ -95,7 +86,6 @@ function teardown() { } @test "runc exec ls -la with --cwd" { - # run busybox detached runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox [ "$status" -eq 0 ] @@ -105,7 +95,6 @@ function teardown() { } @test "runc exec --env" { - # run busybox detached runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox [ "$status" -eq 0 ] @@ -119,7 +108,6 @@ function teardown() { # --user can't work in rootless containers that don't have idmap. [ $EUID -ne 0 ] && requires rootless_idmap - # run busybox detached runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox [ "$status" -eq 0 ] @@ -159,7 +147,6 @@ function teardown() { @test "runc exec --additional-gids" { requires root - # run busybox detached runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox [ "$status" -eq 0 ] @@ -171,7 +158,6 @@ function teardown() { } @test "runc exec --preserve-fds" { - # run busybox detached runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox [ "$status" -eq 0 ] diff --git a/tests/integration/kill.bats b/tests/integration/kill.bats index 355407eccdb..f8fdd328b7d 100644 --- a/tests/integration/kill.bats +++ b/tests/integration/kill.bats @@ -76,11 +76,9 @@ test_host_pidns_kill() { } @test "kill detached busybox" { - # run busybox detached runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox [ "$status" -eq 0 ] - # check state testcontainer test_busybox running runc kill test_busybox KILL diff --git a/tests/integration/list.bats b/tests/integration/list.bats index b8821bc706f..2d23b8afef0 100644 --- a/tests/integration/list.bats +++ b/tests/integration/list.bats @@ -16,7 +16,6 @@ function teardown() { @test "list" { bundle=$(pwd) - # run a few busyboxes detached ROOT=$ALT_ROOT runc run -d --console-socket "$CONSOLE_SOCKET" test_box1 [ "$status" -eq 0 ] diff --git a/tests/integration/mask.bats b/tests/integration/mask.bats index d324eb32524..5783332ea18 100644 --- a/tests/integration/mask.bats +++ b/tests/integration/mask.bats @@ -18,7 +18,6 @@ function teardown() { } @test "mask paths [file]" { - # run busybox detached runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox [ "$status" -eq 0 ] @@ -36,7 +35,6 @@ function teardown() { } @test "mask paths [directory]" { - # run busybox detached runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox [ "$status" -eq 0 ] diff --git a/tests/integration/pause.bats b/tests/integration/pause.bats index 787d2d0d0b1..398788c2382 100644 --- a/tests/integration/pause.bats +++ b/tests/integration/pause.bats @@ -17,24 +17,19 @@ function teardown() { set_cgroups_path fi - # run busybox detached runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox [ "$status" -eq 0 ] testcontainer test_busybox running - # pause busybox runc pause test_busybox [ "$status" -eq 0 ] - # test state of busybox is paused testcontainer test_busybox paused - # resume busybox runc resume test_busybox [ "$status" -eq 0 ] - # test state of busybox is back to running testcontainer test_busybox running } @@ -45,31 +40,25 @@ function teardown() { set_cgroups_path fi - # run test_busybox detached runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox [ "$status" -eq 0 ] testcontainer test_busybox running - # pause test_busybox and nonexistent container runc pause test_busybox [ "$status" -eq 0 ] runc pause nonexistent [ "$status" -ne 0 ] - # test state of test_busybox is paused testcontainer test_busybox paused - # resume test_busybox and nonexistent container runc resume test_busybox [ "$status" -eq 0 ] runc resume nonexistent [ "$status" -ne 0 ] - # test state of test_busybox is back to running testcontainer test_busybox running - # delete test_busybox runc delete --force test_busybox runc state test_busybox diff --git a/tests/integration/start.bats b/tests/integration/start.bats index 1c844b25148..10609102974 100644 --- a/tests/integration/start.bats +++ b/tests/integration/start.bats @@ -16,13 +16,11 @@ function teardown() { testcontainer test_busybox created - # start container test_busybox runc start test_busybox [ "$status" -eq 0 ] testcontainer test_busybox running - # delete test_busybox runc delete --force test_busybox runc state test_busybox diff --git a/tests/integration/start_detached.bats b/tests/integration/start_detached.bats index 73e10c8cb65..25a5f364205 100644 --- a/tests/integration/start_detached.bats +++ b/tests/integration/start_detached.bats @@ -11,11 +11,8 @@ function teardown() { } @test "runc run detached" { - # run busybox detached runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox [ "$status" -eq 0 ] - - # check state testcontainer test_busybox running } @@ -28,43 +25,32 @@ function teardown() { update_config ' (.. | select(.uid? == 0)) .uid |= 1000 | (.. | select(.gid? == 0)) .gid |= 100' - # run busybox detached runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox [ "$status" -eq 0 ] - # check state testcontainer test_busybox running } @test "runc run detached --pid-file" { - # run busybox detached runc run --pid-file pid.txt -d --console-socket "$CONSOLE_SOCKET" test_busybox [ "$status" -eq 0 ] - # check state testcontainer test_busybox running - # check pid.txt was generated [ -e pid.txt ] - [[ "$(cat pid.txt)" == $(__runc state test_busybox | jq '.pid') ]] } @test "runc run detached --pid-file with new CWD" { bundle="$(pwd)" - # create pid_file directory as the CWD mkdir pid_file cd pid_file - # run busybox detached runc run --pid-file pid.txt -d -b "$bundle" --console-socket "$CONSOLE_SOCKET" test_busybox [ "$status" -eq 0 ] - # check state testcontainer test_busybox running - # check pid.txt was generated [ -e pid.txt ] - [[ "$(cat pid.txt)" == $(__runc state test_busybox | jq '.pid') ]] } diff --git a/tests/integration/start_hello.bats b/tests/integration/start_hello.bats index 6fbb893e695..77cd5dcd1ae 100644 --- a/tests/integration/start_hello.bats +++ b/tests/integration/start_hello.bats @@ -12,11 +12,8 @@ function teardown() { } @test "runc run" { - # run hello-world runc run test_hello [ "$status" -eq 0 ] - - # check expected output [[ "${output}" == *"Hello"* ]] } @@ -29,11 +26,8 @@ function teardown() { update_config ' (.. | select(.uid? == 0)) .uid |= 1000 | (.. | select(.gid? == 0)) .gid |= 100' - # run hello-world runc run test_hello [ "$status" -eq 0 ] - - # check expected output [[ "${output}" == *"Hello"* ]] } @@ -72,21 +66,17 @@ function teardown() { cd rootfs update_config '(.. | select(. == "rootfs")) |= "."' - # run hello-world runc run test_hello [ "$status" -eq 0 ] [[ "${output}" == *"Hello"* ]] } @test "runc run --pid-file" { - # run hello-world runc run --pid-file pid.txt test_hello [ "$status" -eq 0 ] [[ "${output}" == *"Hello"* ]] - # check pid.txt was generated [ -e pid.txt ] - [[ "$(cat pid.txt)" =~ [0-9]+ ]] } diff --git a/tests/integration/state.bats b/tests/integration/state.bats index 5e88a3e2830..4a8da0579b0 100644 --- a/tests/integration/state.bats +++ b/tests/integration/state.bats @@ -14,18 +14,15 @@ function teardown() { runc state test_busybox [ "$status" -ne 0 ] - # run busybox detached runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox [ "$status" -eq 0 ] - # check state testcontainer test_busybox running runc kill test_busybox KILL [ "$status" -eq 0 ] wait_for_container 10 1 test_busybox stopped - # delete test_busybox runc delete test_busybox [ "$status" -eq 0 ] @@ -40,24 +37,18 @@ function teardown() { runc state test_busybox [ "$status" -ne 0 ] - # run busybox detached runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox [ "$status" -eq 0 ] - # check state testcontainer test_busybox running - # pause busybox runc pause test_busybox [ "$status" -eq 0 ] - # test state of busybox is paused testcontainer test_busybox paused - # resume busybox runc resume test_busybox [ "$status" -eq 0 ] - # test state of busybox is back to running testcontainer test_busybox running } diff --git a/tests/integration/tty.bats b/tests/integration/tty.bats index d1180a6bc26..9e8e4c14c0f 100644 --- a/tests/integration/tty.bats +++ b/tests/integration/tty.bats @@ -23,7 +23,6 @@ function teardown() { # shellcheck disable=SC2016 update_config '(.. | select(.[]? == "sh")) += ["-c", "for file in /proc/self/fd/[012]; do readlink $file; done"]' - # run busybox runc run test_busybox [ "$status" -eq 0 ] [[ ${lines[0]} =~ /dev/pts/+ ]] @@ -40,7 +39,6 @@ function teardown() { # shellcheck disable=SC2016 update_config '(.. | select(.[]? == "sh")) += ["-c", "stat -c %u:%g $(tty) | tr : \\\\n"]' - # run busybox runc run test_busybox [ "$status" -eq 0 ] [[ ${lines[0]} =~ 0 ]] @@ -60,7 +58,6 @@ function teardown() { | (.. | select(.gid? == 0)) .gid |= 100 | (.. | select(.[]? == "sh")) += ["-c", "stat -c %u:%g $(tty) | tr : \\\\n"]' - # run busybox runc run test_busybox [ "$status" -eq 0 ] [[ ${lines[0]} =~ 1000 ]] @@ -72,7 +69,6 @@ function teardown() { runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox [ "$status" -eq 0 ] - # make sure we're running testcontainer test_busybox running # note that stdout/stderr are already redirected by bats' run @@ -81,14 +77,11 @@ function teardown() { } @test "runc exec [tty ptsname]" { - # run busybox detached runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox [ "$status" -eq 0 ] - # make sure we're running testcontainer test_busybox running - # run the exec # shellcheck disable=SC2016 runc exec -t test_busybox sh -c 'for file in /proc/self/fd/[012]; do readlink $file; done' [ "$status" -eq 0 ] @@ -102,14 +95,11 @@ function teardown() { # TODO: this can be made as a change to the gid test. [ $EUID -ne 0 ] && requires rootless_idmap - # run busybox detached runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox [ "$status" -eq 0 ] - # make sure we're running testcontainer test_busybox running - # run the exec # shellcheck disable=SC2016 runc exec -t test_busybox sh -c 'stat -c %u:%g $(tty) | tr : \\n' [ "$status" -eq 0 ] @@ -126,14 +116,11 @@ function teardown() { update_config ' (.. | select(.uid? == 0)) .uid |= 1000 | (.. | select(.gid? == 0)) .gid |= 100' - # run busybox detached runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox [ "$status" -eq 0 ] - # make sure we're running testcontainer test_busybox running - # run the exec # shellcheck disable=SC2016 runc exec -t test_busybox sh -c 'stat -c %u:%g $(tty) | tr : \\n' [ "$status" -eq 0 ] @@ -145,11 +132,9 @@ function teardown() { # allow writing to filesystem update_config '(.. | select(.readonly? != null)) .readonly |= false' - # run busybox detached runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox [ "$status" -eq 0 ] - # make sure we're running testcontainer test_busybox running tty_info_with_consize_size=' @@ -184,7 +169,6 @@ function teardown() { "cwd": "/" }' - # run the exec runc exec -t -p <(echo "$tty_info") test_busybox [ "$status" -eq 0 ] @@ -202,13 +186,11 @@ function teardown() { # Make sure that the handling of detached IO is done properly. See #1354. __runc create test_busybox - # Start the command. runc start test_busybox [ "$status" -eq 0 ] testcontainer test_busybox running - # Kill the container. runc kill test_busybox KILL [ "$status" -eq 0 ] } @@ -216,7 +198,6 @@ function teardown() { @test "runc run [terminal=false]" { # Disable terminal creation. # Replace sh script with sleep. - update_config ' (.. | select(.terminal? != null)) .terminal |= false | (.. | select(.[]? == "sh")) += ["sleep", "1000s"] | del(.. | select(.? == "sh"))' @@ -229,7 +210,6 @@ function teardown() { wait_for_container 15 1 test_busybox running testcontainer test_busybox running - # Kill the container. runc kill test_busybox KILL [ "$status" -eq 0 ] } @@ -246,7 +226,6 @@ function teardown() { testcontainer test_busybox running - # Kill the container. runc kill test_busybox KILL [ "$status" -eq 0 ] } diff --git a/tests/integration/umask.bats b/tests/integration/umask.bats index 38e8f62160c..a90b2e80c97 100644 --- a/tests/integration/umask.bats +++ b/tests/integration/umask.bats @@ -13,7 +13,6 @@ function teardown() { @test "umask" { update_config '.process.user += {"umask":63}' - # run busybox detached runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox [ "$status" -eq 0 ] diff --git a/tests/integration/update.bats b/tests/integration/update.bats index e3d1922efba..0509be43426 100644 --- a/tests/integration/update.bats +++ b/tests/integration/update.bats @@ -25,7 +25,6 @@ function setup() { requires cgroups_memory cgroups_pids cgroups_cpuset init_cgroup_paths - # run a few busyboxes detached runc run -d --console-socket "$CONSOLE_SOCKET" test_update [ "$status" -eq 0 ] @@ -259,7 +258,6 @@ EOF @test "update cgroup cpu limits" { [ $EUID -ne 0 ] && requires rootless_cgroup - # run a few busyboxes detached runc run -d --console-socket "$CONSOLE_SOCKET" test_update [ "$status" -eq 0 ] @@ -732,7 +730,6 @@ EOF echo "$root_runtime" >"$target_runtime" done - # run a detached busybox runc run -d --console-socket "$CONSOLE_SOCKET" test_update_rt [ "$status" -eq 0 ] From 773a44cc1df46fbfc01bba092df94d87f4d1985e Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Sat, 18 Oct 2025 13:22:13 -0700 Subject: [PATCH 1062/1176] tests/int/netdev: slight refactoring Move the repetitive code and comment into setup_netns. Signed-off-by: Kir Kolyshkin --- tests/integration/netdev.bats | 49 +++++++++++------------------------ 1 file changed, 15 insertions(+), 34 deletions(-) diff --git a/tests/integration/netdev.bats b/tests/integration/netdev.bats index 6eec8c88cab..ef2176702bb 100644 --- a/tests/integration/netdev.bats +++ b/tests/integration/netdev.bats @@ -2,7 +2,9 @@ load helpers -function create_netns() { +function setup_netns() { + local tmp + # Create a temporary name for the test network namespace. tmp=$(mktemp -u) ns_name=$(basename "$tmp") @@ -10,6 +12,9 @@ function create_netns() { # Create the network namespace. ip netns add "$ns_name" ns_path=$(ip netns add "$ns_name" 2>&1 | sed -e 's/.*"\(.*\)".*/\1/') + + # Tell runc to use it. + update_config '(.. | select(.type? == "network")) .path |= "'"$ns_path"'"' } function delete_netns() { @@ -40,10 +45,7 @@ function teardown() { } @test "move network device to container network namespace and restore it back" { - # Tell runc which network namespace to use. - create_netns - update_config '(.. | select(.type? == "network")) .path |= "'"$ns_path"'"' - + setup_netns update_config ' .linux.netDevices |= {"dummy0": {} }' runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox @@ -61,13 +63,10 @@ function teardown() { } @test "move network device to precreated container network namespace" { + setup_netns update_config ' .linux.netDevices |= {"dummy0": {} } | .process.args |= ["ip", "address", "show", "dev", "dummy0"]' - # Tell runc which network namespace to use. - create_netns - update_config '(.. | select(.type? == "network")) .path |= "'"$ns_path"'"' - runc run test_busybox [ "$status" -eq 0 ] @@ -76,13 +75,10 @@ function teardown() { } @test "move network device to precreated container network namespace and set ip address with global scope" { + setup_netns update_config ' .linux.netDevices |= {"dummy0": {} } | .process.args |= ["ip", "address", "show", "dev", "dummy0"]' - # Tell runc which network namespace to use. - create_netns - update_config '(.. | select(.type? == "network")) .path |= "'"$ns_path"'"' - global_ip="169.254.169.77/32" # Set the interface down to avoid possible network problems. @@ -101,13 +97,10 @@ function teardown() { } @test "move network device to precreated container network namespace and set ip address without global scope" { + setup_netns update_config ' .linux.netDevices |= {"dummy0": {} } | .process.args |= ["ip", "address", "show", "dev", "dummy0"]' - # Tell runc which network namespace to use. - create_netns - update_config '(.. | select(.type? == "network")) .path |= "'"$ns_path"'"' - non_global_ip="127.0.0.33" # Set the interface down to avoid possible network problems. @@ -124,15 +117,12 @@ function teardown() { } @test "move network device to precreated container network namespace and set mtu" { + setup_netns update_config ' .linux.netDevices |= {"dummy0": {} } | .process.args |= ["ip", "address", "show", "dev", "dummy0"]' - # Tell runc which network namespace to use. - create_netns - update_config '(.. | select(.type? == "network")) .path |= "'"$ns_path"'"' - mtu_value=1789 - # Cet a custom mtu to the interface. + # Set a custom mtu to the interface. ip link set mtu "$mtu_value" dev dummy0 runc run test_busybox @@ -146,13 +136,10 @@ function teardown() { } @test "move network device to precreated container network namespace and set mac address" { + setup_netns update_config ' .linux.netDevices |= {"dummy0": {} } | .process.args |= ["ip", "address", "show", "dev", "dummy0"]' - # Tell runc which network namespace to use. - create_netns - update_config '(.. | select(.type? == "network")) .path |= "'"$ns_path"'"' - mac_address="00:11:22:33:44:55" # set a custom mac address to the interface ip link set address "$mac_address" dev dummy0 @@ -168,13 +155,10 @@ function teardown() { } @test "move network device to precreated container network namespace and rename" { + setup_netns update_config ' .linux.netDevices |= { "dummy0": { "name" : "ctr_dummy0" } } | .process.args |= ["ip", "address", "show", "dev", "ctr_dummy0"]' - # Tell runc which network namespace to use. - create_netns - update_config '(.. | select(.type? == "network")) .path |= "'"$ns_path"'"' - runc run test_busybox [ "$status" -eq 0 ] @@ -183,13 +167,10 @@ function teardown() { } @test "move network device to precreated container network namespace and rename and set mtu and mac and ip address" { + setup_netns update_config ' .linux.netDevices |= { "dummy0": { "name" : "ctr_dummy0" } } | .process.args |= ["ip", "address", "show", "dev", "ctr_dummy0"]' - # Tell runc which network namespace to use. - create_netns - update_config '(.. | select(.type? == "network")) .path |= "'"$ns_path"'"' - mtu_value=1789 mac_address="00:11:22:33:44:55" global_ip="169.254.169.77/32" From 693a471af890469b1ae97af7774efcea609216c3 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 16 Oct 2025 16:28:51 -0700 Subject: [PATCH 1063/1176] tests/int: use run with a status check ...instead of an explicit or absent status check. Signed-off-by: Kir Kolyshkin --- tests/integration/netdev.bats | 12 ++++-------- tests/integration/scheduler.bats | 2 +- tests/integration/update.bats | 4 ++-- tests/integration/userns.bats | 6 ++---- 4 files changed, 9 insertions(+), 15 deletions(-) diff --git a/tests/integration/netdev.bats b/tests/integration/netdev.bats index ef2176702bb..b14ad834a65 100644 --- a/tests/integration/netdev.bats +++ b/tests/integration/netdev.bats @@ -91,8 +91,7 @@ function teardown() { [[ "$output" == *"$global_ip "* ]] # Verify the interface is still present in the network namespace. - run ip netns exec "$ns_name" ip address show dev dummy0 - [ "$status" -eq 0 ] + run -0 ip netns exec "$ns_name" ip address show dev dummy0 [[ "$output" == *"$global_ip "* ]] } @@ -130,8 +129,7 @@ function teardown() { [[ "$output" == *"mtu $mtu_value "* ]] # Verify the interface is still present in the network namespace. - run ip netns exec "$ns_name" ip address show dev dummy0 - [ "$status" -eq 0 ] + run -0 ip netns exec "$ns_name" ip address show dev dummy0 [[ "$output" == *"mtu $mtu_value "* ]] } @@ -149,8 +147,7 @@ function teardown() { [[ "$output" == *"ether $mac_address "* ]] # Verify the interface is still present in the network namespace. - run ip netns exec "$ns_name" ip address show dev dummy0 - [ "$status" -eq 0 ] + run -0 ip netns exec "$ns_name" ip address show dev dummy0 [[ "$output" == *"ether $mac_address "* ]] } @@ -189,8 +186,7 @@ function teardown() { [[ "$output" == *"mtu $mtu_value "* ]] # Verify the interface is still present in the network namespace. - run ip netns exec "$ns_name" ip address show dev ctr_dummy0 - [ "$status" -eq 0 ] + run -0 ip netns exec "$ns_name" ip address show dev ctr_dummy0 [[ "$output" == *" $global_ip "* ]] [[ "$output" == *"ether $mac_address "* ]] [[ "$output" == *"mtu $mtu_value "* ]] diff --git a/tests/integration/scheduler.bats b/tests/integration/scheduler.bats index 6c80d86426b..853f36f60c6 100644 --- a/tests/integration/scheduler.bats +++ b/tests/integration/scheduler.bats @@ -51,7 +51,7 @@ function teardown() { }' __runc exec -d --pid-file pid.txt --process <(echo "$proc") test_scheduler - run chrt -p "$(cat pid.txt)" + run -0 chrt -p "$(cat pid.txt)" [[ "${lines[0]}" == *"scheduling policy: SCHED_DEADLINE|SCHED_RESET_ON_FORK" ]] [[ "${lines[1]}" == *"priority: 0" ]] [[ "${lines[2]}" == *"runtime/deadline/period parameters: 42000/100000/1000000" ]] diff --git a/tests/integration/update.bats b/tests/integration/update.bats index 0509be43426..dee7250e2cd 100644 --- a/tests/integration/update.bats +++ b/tests/integration/update.bats @@ -424,9 +424,9 @@ EOF echo 50000 >"/sys/fs/cgroup/cpu/$REL_PARENT_PATH/cpu.cfs_quota_us" fi # Sanity checks. - run cat "/sys/fs/cgroup/cpu$REL_PARENT_PATH/cpu.cfs_period_us" + run -0 cat "/sys/fs/cgroup/cpu$REL_PARENT_PATH/cpu.cfs_period_us" [ "$output" -eq 100000 ] - run cat "/sys/fs/cgroup/cpu$REL_PARENT_PATH/cpu.cfs_quota_us" + run -0 cat "/sys/fs/cgroup/cpu$REL_PARENT_PATH/cpu.cfs_quota_us" [ "$output" -eq 50000 ] runc run -d --console-socket "$CONSOLE_SOCKET" test_update diff --git a/tests/integration/userns.bats b/tests/integration/userns.bats index 16afa30f805..1f2e83400e8 100644 --- a/tests/integration/userns.bats +++ b/tests/integration/userns.bats @@ -261,8 +261,7 @@ function teardown() { # The interface is virtual and should not exist because # is deleted during the namespace cleanup. - run ip link del dummy0 - [ "$status" -ne 0 ] + run ! ip link del dummy0 } @test "userns with network interface renamed" { @@ -279,6 +278,5 @@ function teardown() { # The interface is virtual and should not exist because # is deleted during the namespace cleanup. - run ip link del dummy0 - [ "$status" -ne 0 ] + run ! ip link del dummy0 } From b3a9f423b9788147710ce6e73d97b77fb42a6d72 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 16 Oct 2025 16:31:01 -0700 Subject: [PATCH 1064/1176] tests/int: remove bogus $status checks Commands that are not run via "run" helper (cat, mkdir, __runc) do not set $status, so it makes no sense to check it. Fixes: 94505a04, ed548376 Signed-off-by: Kir Kolyshkin --- tests/integration/pidfd-socket.bats | 4 ---- tests/integration/update.bats | 1 - 2 files changed, 5 deletions(-) diff --git a/tests/integration/pidfd-socket.bats b/tests/integration/pidfd-socket.bats index 9c10f26e1df..5dbd8660bb8 100644 --- a/tests/integration/pidfd-socket.bats +++ b/tests/integration/pidfd-socket.bats @@ -48,12 +48,10 @@ function teardown() { # Use sub-cgroup to ensure that exec process has been killed test_pidfd_cgroup_path=$(get_cgroup_path "pids") mkdir "${test_pidfd_cgroup_path}/exec_pidfd" - [ "$status" -eq 0 ] setup_pidfd_kill "SIGKILL" __runc exec -d --cgroup "pids:exec_pidfd" --pid-file "exec_pid.txt" --pidfd-socket "${PIDFD_SOCKET}" test_pidfd sleep 1d - [ "$status" -eq 0 ] exec_pid=$(cat exec_pid.txt) exec_pid_in_cgroup=$(cat "${test_pidfd_cgroup_path}/exec_pidfd/cgroup.procs") @@ -79,12 +77,10 @@ function teardown() { # Use sub-cgroup to ensure that exec process has been killed test_pidfd_cgroup_path=$(get_cgroup_path "pids") mkdir "${test_pidfd_cgroup_path}/exec_pidfd" - [ "$status" -eq 0 ] setup_pidfd_kill "SIGKILL" __runc exec -d --cgroup "exec_pidfd" --pid-file "exec_pid.txt" --pidfd-socket "${PIDFD_SOCKET}" test_pidfd sleep 1d - [ "$status" -eq 0 ] exec_pid=$(cat exec_pid.txt) exec_pid_in_cgroup=$(cat "${test_pidfd_cgroup_path}/exec_pidfd/cgroup.procs") diff --git a/tests/integration/update.bats b/tests/integration/update.bats index dee7250e2cd..29d36fdfa2a 100644 --- a/tests/integration/update.bats +++ b/tests/integration/update.bats @@ -320,7 +320,6 @@ EOF } } EOF - [ "$status" -eq 0 ] runc update -r "$BATS_RUN_TMPDIR"/runc-cgroups-integration-test.json test_update [ "$status" -eq 0 ] From 92f3d1b22511fd54ab4efc2baa25e8ece6ca8935 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 17 Oct 2025 15:41:32 -0700 Subject: [PATCH 1065/1176] tests/int/cgroups.bats: fix a wrong comment This misleading comment is obviously a copy/paste from the previous test. Fix it. Fixes: dd696235 Signed-off-by: Kir Kolyshkin --- tests/integration/cgroups.bats | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/integration/cgroups.bats b/tests/integration/cgroups.bats index b21c0efc58f..7c2129a6d60 100644 --- a/tests/integration/cgroups.bats +++ b/tests/integration/cgroups.bats @@ -490,7 +490,7 @@ convert_hugetlb_size() { runc resume ct1 ) & - # Exec should not timeout or succeed. + # Exec should succeed (once the container is resumed). runc exec --ignore-paused ct1 echo ok [ "$status" -eq 0 ] [ "$output" = "ok" ] From ad72eab6c7451c6931c0633a7c872e22f3fba9eb Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 17 Oct 2025 16:24:11 -0700 Subject: [PATCH 1066/1176] tests/int/checkpoint: fix using run twice In our bats tests, runc itself is a wrapper which calls bats run helper, so using "run runc" is wrong as it results in calling run helper twice. Fixes: 8d180e965 Signed-off-by: Kir Kolyshkin --- tests/integration/checkpoint.bats | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/integration/checkpoint.bats b/tests/integration/checkpoint.bats index 503f5a8f460..c694cebe035 100644 --- a/tests/integration/checkpoint.bats +++ b/tests/integration/checkpoint.bats @@ -156,7 +156,7 @@ function simple_cr_with_netdevice() { [ "$status" -eq 0 ] testcontainer test_busybox_netdevice running - run runc exec test_busybox_netdevice ip address show dev dummy0 + runc exec test_busybox_netdevice ip address show dev dummy0 [ "$status" -eq 0 ] [[ "$output" == *" $global_ip "* ]] [[ "$output" == *"ether $mac_address "* ]] @@ -172,7 +172,7 @@ function simple_cr_with_netdevice() { [ "$status" -eq 0 ] testcontainer test_busybox_netdevice running - run runc exec test_busybox_netdevice ip address show dev dummy0 + runc exec test_busybox_netdevice ip address show dev dummy0 [ "$status" -eq 0 ] [[ "$output" == *" $global_ip "* ]] [[ "$output" == *"ether $mac_address "* ]] From b82ae3afdc8be7b26d454f85d2dbd3f3081a495a Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Sat, 18 Oct 2025 12:52:17 -0700 Subject: [PATCH 1067/1176] tests/int/delete: fix pause test for rootless case The "runc delete --force [paused container]" test case does not check runc pause exit code, and if added, the test fails in rootless tests, because: - not all rootless tests have access to cgroups; - rootless containers doesn't have default cgroups path. To fix, add: - setup for rootless case; - require cgroups_freezer; - runc pause exit code check. Signed-off-by: Kir Kolyshkin --- tests/integration/delete.bats | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/tests/integration/delete.bats b/tests/integration/delete.bats index 967f8e25ff1..78321c3b433 100644 --- a/tests/integration/delete.bats +++ b/tests/integration/delete.bats @@ -142,11 +142,19 @@ function test_runc_delete_host_pidns() { } @test "runc delete --force [paused container]" { + requires cgroups_freezer + if [ $EUID -ne 0 ]; then + requires rootless_cgroup + # Rootless containers have no default cgroup path. + set_cgroups_path + fi + runc run -d --console-socket "$CONSOLE_SOCKET" ct1 [ "$status" -eq 0 ] testcontainer ct1 running runc pause ct1 + [ "$status" -eq 0 ] runc delete --force ct1 [ "$status" -eq 0 ] } From 3c2683f52fa1bc4f58b928ec541d13ef848583df Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Sat, 18 Oct 2025 13:04:06 -0700 Subject: [PATCH 1068/1176] tests/int/cgroups: use heredoc to break a long line This is mostly to improve readability. While at it, make the script more robust by adding -e option to shell. The exception is echo $pid which is opportunistic and may fail depending on the order of pids in the file. Also, remove the empty comment and a shellcheck annotation. Fixes: c91fe9ae Signed-off-by: Kir Kolyshkin --- tests/integration/cgroups.bats | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/tests/integration/cgroups.bats b/tests/integration/cgroups.bats index 7c2129a6d60..a2df63e8002 100644 --- a/tests/integration/cgroups.bats +++ b/tests/integration/cgroups.bats @@ -113,11 +113,15 @@ function setup() { [[ ${lines[0]} = "0::/foo" ]] # teardown: remove "/foo" - # shellcheck disable=SC2016 - runc exec test_cgroups_group sh -uxc 'echo -memory > /sys/fs/cgroup/cgroup.subtree_control; for f in $(cat /sys/fs/cgroup/foo/cgroup.procs); do echo $f > /sys/fs/cgroup/cgroup.procs; done; rmdir /sys/fs/cgroup/foo' + cat <<'EOF' | runc exec test_cgroups_group sh -eux +echo -memory > /sys/fs/cgroup/cgroup.subtree_control +for pid in $(cat /sys/fs/cgroup/foo/cgroup.procs); do + echo $pid > /sys/fs/cgroup/cgroup.procs || true +done +rmdir /sys/fs/cgroup/foo +EOF runc exec test_cgroups_group test ! -d /sys/fs/cgroup/foo [ "$status" -eq 0 ] - # } @test "runc run (cgroup v1 + unified resources should fail)" { From 885509afdf200d793d557274f870420b53db085c Mon Sep 17 00:00:00 2001 From: zhaixiaojuan Date: Thu, 16 Oct 2025 09:50:37 +0800 Subject: [PATCH 1069/1176] Add loong64 support in seccomp and PIE Signed-off-by: zhaixiaojuan --- Makefile | 2 +- docs/spec-conformance.md | 1 + libcontainer/seccomp/config.go | 1 + 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 8369d9ac748..dba7d7a8f81 100644 --- a/Makefile +++ b/Makefile @@ -31,7 +31,7 @@ TRIMPATH := -trimpath GO_BUILDMODE := # Enable dynamic PIE executables on supported platforms. -ifneq (,$(filter $(GOARCH),386 amd64 arm arm64 ppc64le riscv64 s390x)) +ifneq (,$(filter $(GOARCH),386 amd64 arm arm64 loong64 ppc64le riscv64 s390x)) ifeq (,$(findstring -race,$(EXTRA_FLAGS))) GO_BUILDMODE := "-buildmode=pie" endif diff --git a/docs/spec-conformance.md b/docs/spec-conformance.md index ea2daca6986..2eb7fc4e64b 100644 --- a/docs/spec-conformance.md +++ b/docs/spec-conformance.md @@ -22,6 +22,7 @@ runc binary | seccomp `ppc64le` | `SCMP_ARCH_PPC64LE` `riscv64` | `SCMP_ARCH_RISCV64` `s390x` | `SCMP_ARCH_S390`, `SCMP_ARCH_S390X` +`loong64` | `SCMP_ARCH_LOONGARCH64` The runc binary might be compilable for i386, big-endian PPC64, and several MIPS variants too, but these architectures are not officially supported. diff --git a/libcontainer/seccomp/config.go b/libcontainer/seccomp/config.go index 06849c83c10..476f51d5887 100644 --- a/libcontainer/seccomp/config.go +++ b/libcontainer/seccomp/config.go @@ -65,6 +65,7 @@ var archs = map[string]string{ "SCMP_ARCH_RISCV64": "riscv64", "SCMP_ARCH_S390": "s390", "SCMP_ARCH_S390X": "s390x", + "SCMP_ARCH_LOONGARCH64": "loong64", } // KnownArchs returns the list of the known archs. From 34da991298a2b91f7f10526c5d44ade621229b35 Mon Sep 17 00:00:00 2001 From: Ariel Otilibili Date: Thu, 23 Oct 2025 10:53:54 +0200 Subject: [PATCH 1070/1176] libcontainer/seccomp: Use for range over integers The commit mentioned below has missed these changes. Fixes: 17570625 ("Use for range over integers") Signed-off-by: Ariel Otilibili --- libcontainer/seccomp/patchbpf/enosys_linux_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libcontainer/seccomp/patchbpf/enosys_linux_test.go b/libcontainer/seccomp/patchbpf/enosys_linux_test.go index cb8458929e6..91f337da74d 100644 --- a/libcontainer/seccomp/patchbpf/enosys_linux_test.go +++ b/libcontainer/seccomp/patchbpf/enosys_linux_test.go @@ -299,8 +299,8 @@ func TestEnosysStub_SingleArch(t *testing.T) { } func TestEnosysStub_MultiArch(t *testing.T) { - for end := 0; end < len(testArches); end++ { - for start := 0; start < end; start++ { + for end := range len(testArches) { + for start := range end { var arches []string for _, arch := range testArches[start:end] { // "native" indicates a blank architecture field for seccomp, to test From f5f60562191ac6add3e26a7807f6b24381d0321e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Oct 2025 04:09:57 +0000 Subject: [PATCH 1071/1176] build(deps): bump actions/upload-artifact from 4 to 5 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 5. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/validate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index c3a8452fd1d..c085a9193f5 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -225,7 +225,7 @@ jobs: - name: make releaseall run: make releaseall - name: upload artifacts - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v5 with: name: release-${{ github.run_id }} path: release/* From 9c8f476cb6d2944dddeae873de92562a73e6faa2 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Sat, 11 Oct 2025 17:36:54 -0700 Subject: [PATCH 1072/1176] libct/nsenter: save errno in sane_kill Since sane_kill after a failed read or write, but before reporting the error from that read or write, it may change the errno value in case kill(2) fails. Save and restore the errno around the call to kill. While at it, - change the code to return early; - don't return kill return value as no one is using it, and the errno value no longer correlates. Signed-off-by: Kir Kolyshkin --- libcontainer/nsenter/nsexec.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/libcontainer/nsenter/nsexec.c b/libcontainer/nsenter/nsexec.c index 728e68bb048..ad5f42ffe2e 100644 --- a/libcontainer/nsenter/nsexec.c +++ b/libcontainer/nsenter/nsexec.c @@ -637,12 +637,14 @@ void join_namespaces(char *nsspec) __close_namespaces(to_join, joined, ns_list, ns_len); } -static inline int sane_kill(pid_t pid, int signum) +static inline void sane_kill(pid_t pid, int signum) { - if (pid > 0) - return kill(pid, signum); - else - return 0; + if (pid <= 0) + return; + + int saved_errno = errno; + kill(pid, signum); + errno = saved_errno; } void try_unshare(int flags, const char *msg) From 067b8335e7add56e64f4b8397fbf775afcfec43d Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Sat, 11 Oct 2025 17:40:48 -0700 Subject: [PATCH 1073/1176] libct/nsenter: add and use bailx We use bail to report fatal errors, and bail always append %m (aka strerror(errno)). In case an error condition did not set errno, the log message will end up with ": Success" or an error from a stale errno value. Either case is confusing for users. Introduce bailx which is the same as bail except it does not append %m, and use it where appropriate. The naming follows libc's err(3) and errx(3). PS we still use bail in a few cases after read or write, even if that read/write did not return an error, because the code does not distinguish between short read/write and error (-1). This will be addressed by the next commit. Signed-off-by: Kir Kolyshkin --- libcontainer/nsenter/log.h | 21 ++++++++++------- libcontainer/nsenter/nsexec.c | 44 +++++++++++++++++++---------------- 2 files changed, 37 insertions(+), 28 deletions(-) diff --git a/libcontainer/nsenter/log.h b/libcontainer/nsenter/log.h index 3e18de68764..264e32667c3 100644 --- a/libcontainer/nsenter/log.h +++ b/libcontainer/nsenter/log.h @@ -26,15 +26,20 @@ bool log_enabled_for(int level); void write_log(int level, const char *format, ...) __attribute__((format(printf, 2, 3))); extern int logfd; -#define bail(fmt, ...) \ - do { \ - if (logfd < 0) \ - fprintf(stderr, "FATAL: " fmt ": %m\n", \ - ##__VA_ARGS__); \ - else \ - write_log(FATAL, fmt ": %m", ##__VA_ARGS__); \ - exit(1); \ + +/* bailx logs a message to logfd (or stderr, if logfd is not available) + * and terminates the program. + */ +#define bailx(fmt, ...) \ + do { \ + if (logfd < 0) \ + fprintf(stderr, "FATAL: " fmt "\n", ##__VA_ARGS__); \ + else \ + write_log(FATAL, fmt, ##__VA_ARGS__); \ + exit(1); \ } while(0) +/* bail is the same as bailx, except it also adds ": %m" (errno). */ +#define bail(fmt, ...) bailx(fmt ": %m", ##__VA_ARGS__) #endif /* NSENTER_LOG_H */ diff --git a/libcontainer/nsenter/nsexec.c b/libcontainer/nsenter/nsexec.c index ad5f42ffe2e..c923c9743ac 100644 --- a/libcontainer/nsenter/nsexec.c +++ b/libcontainer/nsenter/nsexec.c @@ -208,7 +208,7 @@ static int try_mapping_tool(const char *app, int pid, char *map, size_t map_len) * or programming issue. */ if (!app) - bail("mapping tool not present"); + bailx("mapping tool not present"); child = fork(); if (child < 0) @@ -274,7 +274,7 @@ static void update_uidmap(const char *path, int pid, char *map, size_t map_len) bail("failed to update /proc/%d/uid_map", pid); write_log(DEBUG, "update /proc/%d/uid_map got -EPERM (trying %s)", pid, path); if (try_mapping_tool(path, pid, map, map_len)) - bail("failed to use newuid map on %d", pid); + bailx("failed to use newuid map on %d", pid); } } @@ -289,7 +289,7 @@ static void update_gidmap(const char *path, int pid, char *map, size_t map_len) bail("failed to update /proc/%d/gid_map", pid); write_log(DEBUG, "update /proc/%d/gid_map got -EPERM (trying %s)", pid, path); if (try_mapping_tool(path, pid, map, map_len)) - bail("failed to use newgid map on %d", pid); + bailx("failed to use newgid map on %d", pid); } } @@ -340,14 +340,16 @@ static void nl_parse(int fd, struct nlconfig_t *config) /* Retrieve the netlink header. */ len = read(fd, &hdr, NLMSG_HDRLEN); + if (len < 0) + bail("failed to read netlink header"); if (len != NLMSG_HDRLEN) - bail("invalid netlink header length %zu", len); + bailx("invalid netlink header length %zu", len); if (hdr.nlmsg_type == NLMSG_ERROR) - bail("failed to read netlink message"); + bailx("failed to read netlink message"); if (hdr.nlmsg_type != INIT_MSG) - bail("unexpected msg type %d", hdr.nlmsg_type); + bailx("unexpected msg type %d", hdr.nlmsg_type); /* Retrieve data. */ size = NLMSG_PAYLOAD(&hdr, 0); @@ -356,8 +358,10 @@ static void nl_parse(int fd, struct nlconfig_t *config) bail("failed to allocate %zu bytes of memory for nl_payload", size); len = read(fd, data, size); + if (len < 0) + bail("failed to read netlink payload"); if (len != size) - bail("failed to read netlink payload, %zu != %zu", len, size); + bailx("failed to read netlink payload, %zu != %zu", len, size); /* Parse the netlink payload. */ config->data = data; @@ -456,7 +460,7 @@ static int nstype(char *name) * without corresponding handling could result in broken behaviour) and * the rest of runc doesn't allow unknown namespace types anyway. */ - bail("unknown namespace type %s", name); + bailx("unknown namespace type %s", name); } static nsset_t __open_namespaces(char *nsspec, struct namespace_t **ns_list, size_t *ns_len) @@ -469,7 +473,7 @@ static nsset_t __open_namespaces(char *nsspec, struct namespace_t **ns_list, siz namespace = strtok_r(nsspec, ",", &saveptr); if (!namespace || !strlen(namespace) || !strlen(nsspec)) - bail("ns paths are empty"); + bailx("ns paths are empty"); do { int fd; @@ -485,7 +489,7 @@ static nsset_t __open_namespaces(char *nsspec, struct namespace_t **ns_list, siz /* Split 'ns:path'. */ path = strstr(namespace, ":"); if (!path) - bail("failed to parse %s", namespace); + bailx("failed to parse %s", namespace); *path++ = '\0'; fd = open(path, O_RDONLY); @@ -530,7 +534,7 @@ static nsset_t __join_namespaces(nsset_t allow, struct namespace_t *ns_list, siz /* Skip permission errors. */ if (saved_errno == EPERM) continue; - bail("failed to setns into %s namespace", ns->type); + bailx("failed to setns into %s namespace: %s", ns->type, strerror(saved_errno)); } joined |= type; @@ -597,7 +601,7 @@ static void __close_namespaces(nsset_t to_join, nsset_t joined, struct namespace /* Make sure we joined the namespaces we planned to. */ if (failed_to_join) - bail("failed to join {%s} namespaces: %s", nsset_to_str(failed_to_join), strerror(EPERM)); + bailx("failed to join {%s} namespaces: %s", nsset_to_str(failed_to_join), strerror(EPERM)); free(ns_list); } @@ -936,7 +940,7 @@ void nsexec(void) stage1_complete = true; break; default: - bail("unexpected sync value: %u", s); + bailx("unexpected sync value: %u", s); } } write_log(DEBUG, "<- stage-1 synchronisation loop"); @@ -967,7 +971,7 @@ void nsexec(void) stage2_complete = true; break; default: - bail("unexpected sync value: %u", s); + bailx("unexpected sync value: %u", s); } } write_log(DEBUG, "<- stage-2 synchronisation loop"); @@ -1058,7 +1062,7 @@ void nsexec(void) if (read(syncfd, &s, sizeof(s)) != sizeof(s)) bail("failed to sync with parent: read(SYNC_USERMAP_ACK)"); if (s != SYNC_USERMAP_ACK) - bail("failed to sync with parent: SYNC_USERMAP_ACK: got %u", s); + bailx("failed to sync with parent: SYNC_USERMAP_ACK: got %u", s); /* Revert temporary re-dumpable setting. */ if (config.namespaces) { @@ -1094,7 +1098,7 @@ void nsexec(void) if (read(syncfd, &s, sizeof(s)) != sizeof(s)) bail("failed to sync with parent: read(SYNC_TIMEOFFSETS_ACK)"); if (s != SYNC_TIMEOFFSETS_ACK) - bail("failed to sync with parent: SYNC_TIMEOFFSETS_ACK: got %u", s); + bailx("failed to sync with parent: SYNC_TIMEOFFSETS_ACK: got %u", s); } /* @@ -1130,7 +1134,7 @@ void nsexec(void) } if (s != SYNC_RECVPID_ACK) { sane_kill(stage2_pid, SIGKILL); - bail("failed to sync with parent: SYNC_RECVPID_ACK: got %u", s); + bailx("failed to sync with parent: SYNC_RECVPID_ACK: got %u", s); } write_log(DEBUG, "signal completion to stage-0"); @@ -1177,7 +1181,7 @@ void nsexec(void) if (read(syncfd, &s, sizeof(s)) != sizeof(s)) bail("failed to sync with parent: read(SYNC_GRANDCHILD)"); if (s != SYNC_GRANDCHILD) - bail("failed to sync with parent: SYNC_GRANDCHILD: got %u", s); + bailx("failed to sync with parent: SYNC_GRANDCHILD: got %u", s); if (setsid() < 0) bail("setsid failed"); @@ -1212,9 +1216,9 @@ void nsexec(void) } break; default: - bail("unexpected jump value"); + bailx("unexpected jump value"); } /* Should never be reached. */ - bail("should never be reached"); + bailx("should never be reached"); } From aea52d0ab0ea320dfee33cfb830d75ba32bef991 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Sun, 26 Oct 2025 15:58:44 -0700 Subject: [PATCH 1074/1176] libct/nsenter: sprinkle missing sane_kill Add a few missing sane_kill calls where they make sense. Remove one useless sane_kill of stage2_pid, as during SYNC_USERMAP stage2 is not yet started. It is harmless yet it makes the code slightly harder to read. Set the child pid to -1 upon receiving SYNC_CHILD_FINISH to minimize the chances of killing an unrelated process. When a child sends SYNC_CHILD_FINISH it is about to exit (although theoretically it could be stuck during debug logging). Signed-off-by: Kir Kolyshkin --- libcontainer/nsenter/nsexec.c | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/libcontainer/nsenter/nsexec.c b/libcontainer/nsenter/nsexec.c index c923c9743ac..8283ebb4bfb 100644 --- a/libcontainer/nsenter/nsexec.c +++ b/libcontainer/nsenter/nsexec.c @@ -848,8 +848,10 @@ void nsexec(void) bail("unable to spawn stage-1"); syncfd = sync_child_pipe[1]; - if (close(sync_child_pipe[0]) < 0) + if (close(sync_child_pipe[0]) < 0) { + sane_kill(stage1_pid, SIGKILL); bail("failed to close sync_child_pipe[0] fd"); + } /* * State machine for synchronisation with the children. We only @@ -860,8 +862,11 @@ void nsexec(void) while (!stage1_complete) { enum sync_t s; - if (read(syncfd, &s, sizeof(s)) != sizeof(s)) + if (read(syncfd, &s, sizeof(s)) != sizeof(s)) { + sane_kill(stage1_pid, SIGKILL); + sane_kill(stage2_pid, SIGKILL); bail("failed to sync with stage-1: next state"); + } switch (s) { case SYNC_USERMAP_PLS: @@ -887,7 +892,6 @@ void nsexec(void) s = SYNC_USERMAP_ACK; if (write(syncfd, &s, sizeof(s)) != sizeof(s)) { sane_kill(stage1_pid, SIGKILL); - sane_kill(stage2_pid, SIGKILL); bail("failed to sync with stage-1: write(SYNC_USERMAP_ACK)"); } break; @@ -938,8 +942,11 @@ void nsexec(void) case SYNC_CHILD_FINISH: write_log(DEBUG, "stage-1 complete"); stage1_complete = true; + stage1_pid = -1; break; default: + sane_kill(stage1_pid, SIGKILL); + sane_kill(stage2_pid, SIGKILL); bailx("unexpected sync value: %u", s); } } @@ -947,8 +954,10 @@ void nsexec(void) /* Now sync with grandchild. */ syncfd = sync_grandchild_pipe[1]; - if (close(sync_grandchild_pipe[0]) < 0) + if (close(sync_grandchild_pipe[0]) < 0) { + sane_kill(stage2_pid, SIGKILL); bail("failed to close sync_grandchild_pipe[0] fd"); + } write_log(DEBUG, "-> stage-2 synchronisation loop"); stage2_complete = false; @@ -962,15 +971,19 @@ void nsexec(void) bail("failed to sync with child: write(SYNC_GRANDCHILD)"); } - if (read(syncfd, &s, sizeof(s)) != sizeof(s)) + if (read(syncfd, &s, sizeof(s)) != sizeof(s)) { + sane_kill(stage2_pid, SIGKILL); bail("failed to sync with child: next state"); + } switch (s) { case SYNC_CHILD_FINISH: write_log(DEBUG, "stage-2 complete"); stage2_complete = true; + stage2_pid = -1; break; default: + sane_kill(stage2_pid, SIGKILL); bailx("unexpected sync value: %u", s); } } From 6c18b25cdcf170f7a2020e1725926f51e55752f8 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Sat, 11 Oct 2025 19:07:25 -0700 Subject: [PATCH 1075/1176] libct/nsenter: better read/write errors Introduce and use iobail, xread, and xwrite wrappers so that we can properly check read/write return value and call either bail or bailx on error, with proper diagnostics (distinguishing failed read/write from a short read/write). This prevents the "Success" prefix in errors like: failed to sync with stage-1: next state: Success Signed-off-by: Kir Kolyshkin --- libcontainer/nsenter/nsexec.c | 163 ++++++++++++++++------------------ 1 file changed, 79 insertions(+), 84 deletions(-) diff --git a/libcontainer/nsenter/nsexec.c b/libcontainer/nsenter/nsexec.c index 8283ebb4bfb..59b785109e0 100644 --- a/libcontainer/nsenter/nsexec.c +++ b/libcontainer/nsenter/nsexec.c @@ -332,18 +332,53 @@ static uint8_t readint8(char *buf) return *(uint8_t *) buf; } +static inline void sane_kill(pid_t pid, int signum) +{ + if (pid <= 0) + return; + + int saved_errno = errno; + kill(pid, signum); + errno = saved_errno; +} + +__attribute__((noreturn)) +static void iobail(int got, int want, const char *errmsg, int pid1, int pid2) +{ + sane_kill(pid1, SIGKILL); + sane_kill(pid2, SIGKILL); + if (got < 0) + bail("%s", errmsg); + /* Short read or write. */ + bailx("%s (got %d of %d bytes)", errmsg, got, want); +} + +static void xread(int fd, void *buf, size_t nbytes, const char *errmsg, int pid1, int pid2) +{ + ssize_t len; + + len = read(fd, buf, nbytes); + if (len != nbytes) + iobail(len, nbytes, errmsg, pid1, pid2); +} + +static void xwrite(int fd, void *buf, size_t nbytes, const char *errmsg, int pid1, int pid2) +{ + ssize_t len; + + len = write(fd, buf, nbytes); + if (len != nbytes) + iobail(len, nbytes, errmsg, pid1, pid2); +} + static void nl_parse(int fd, struct nlconfig_t *config) { - size_t len, size; + size_t size; struct nlmsghdr hdr; char *data, *current; /* Retrieve the netlink header. */ - len = read(fd, &hdr, NLMSG_HDRLEN); - if (len < 0) - bail("failed to read netlink header"); - if (len != NLMSG_HDRLEN) - bailx("invalid netlink header length %zu", len); + xread(fd, &hdr, NLMSG_HDRLEN, "failed to read netlink header", -1, -1); if (hdr.nlmsg_type == NLMSG_ERROR) bailx("failed to read netlink message"); @@ -357,11 +392,7 @@ static void nl_parse(int fd, struct nlconfig_t *config) if (!data) bail("failed to allocate %zu bytes of memory for nl_payload", size); - len = read(fd, data, size); - if (len < 0) - bail("failed to read netlink payload"); - if (len != size) - bailx("failed to read netlink payload, %zu != %zu", len, size); + xread(fd, data, size, "failed to read netlink payload", -1, -1); /* Parse the netlink payload. */ config->data = data; @@ -641,16 +672,6 @@ void join_namespaces(char *nsspec) __close_namespaces(to_join, joined, ns_list, ns_len); } -static inline void sane_kill(pid_t pid, int signum) -{ - if (pid <= 0) - return; - - int saved_errno = errno; - kill(pid, signum); - errno = saved_errno; -} - void try_unshare(int flags, const char *msg) { write_log(DEBUG, "unshare %s", msg); @@ -862,11 +883,8 @@ void nsexec(void) while (!stage1_complete) { enum sync_t s; - if (read(syncfd, &s, sizeof(s)) != sizeof(s)) { - sane_kill(stage1_pid, SIGKILL); - sane_kill(stage2_pid, SIGKILL); - bail("failed to sync with stage-1: next state"); - } + xread(syncfd, &s, sizeof(s), + "failed to sync with stage-1: next state", stage1_pid, stage2_pid); switch (s) { case SYNC_USERMAP_PLS: @@ -890,27 +908,21 @@ void nsexec(void) update_gidmap(config.gidmappath, stage1_pid, config.gidmap, config.gidmap_len); s = SYNC_USERMAP_ACK; - if (write(syncfd, &s, sizeof(s)) != sizeof(s)) { - sane_kill(stage1_pid, SIGKILL); - bail("failed to sync with stage-1: write(SYNC_USERMAP_ACK)"); - } + xwrite(syncfd, &s, sizeof(s), + "failed to sync with stage-1: write(SYNC_USERMAP_ACK)", stage1_pid, -1); break; case SYNC_RECVPID_PLS: write_log(DEBUG, "stage-1 requested pid to be forwarded"); /* Get the stage-2 pid. */ - if (read(syncfd, &stage2_pid, sizeof(stage2_pid)) != sizeof(stage2_pid)) { - sane_kill(stage1_pid, SIGKILL); - bail("failed to sync with stage-1: read(stage2_pid)"); - } + xread(syncfd, &stage2_pid, sizeof(stage2_pid), + "failed to sync with stage-1: read(stage2_pid)", stage1_pid, -1); /* Send ACK. */ s = SYNC_RECVPID_ACK; - if (write(syncfd, &s, sizeof(s)) != sizeof(s)) { - sane_kill(stage1_pid, SIGKILL); - sane_kill(stage2_pid, SIGKILL); - bail("failed to sync with stage-1: write(SYNC_RECVPID_ACK)"); - } + xwrite(syncfd, &s, sizeof(s), + "failed to sync with stage-1: write(SYNC_RECVPID_ACK)", + stage1_pid, stage2_pid); /* * Send both the stage-1 and stage-2 pids back to runc. @@ -924,20 +936,18 @@ void nsexec(void) len = dprintf(pipenum, "{\"stage1_pid\":%d,\"stage2_pid\":%d}\n", stage1_pid, stage2_pid); - if (len < 0) { - sane_kill(stage1_pid, SIGKILL); - sane_kill(stage2_pid, SIGKILL); - bail("failed to sync with runc: write(pid-JSON)"); - } + if (len < 0) + iobail(len, len, + "failed to sync with runc: write(pid-JSON)", + stage1_pid, stage2_pid); break; case SYNC_TIMEOFFSETS_PLS: write_log(DEBUG, "stage-1 requested timens offsets to be configured"); update_timens_offsets(stage1_pid, config.timensoffset, config.timensoffset_len); s = SYNC_TIMEOFFSETS_ACK; - if (write(syncfd, &s, sizeof(s)) != sizeof(s)) { - sane_kill(stage1_pid, SIGKILL); - bail("failed to sync with child: write(SYNC_TIMEOFFSETS_ACK)"); - } + xwrite(syncfd, &s, sizeof(s), + "failed to sync with child: write(SYNC_TIMEOFFSETS_ACK)", + stage1_pid, -1); break; case SYNC_CHILD_FINISH: write_log(DEBUG, "stage-1 complete"); @@ -966,15 +976,10 @@ void nsexec(void) write_log(DEBUG, "signalling stage-2 to run"); s = SYNC_GRANDCHILD; - if (write(syncfd, &s, sizeof(s)) != sizeof(s)) { - sane_kill(stage2_pid, SIGKILL); - bail("failed to sync with child: write(SYNC_GRANDCHILD)"); - } + xwrite(syncfd, &s, sizeof(s), + "failed to sync with child: write(SYNC_GRANDCHILD)", -1, stage2_pid); - if (read(syncfd, &s, sizeof(s)) != sizeof(s)) { - sane_kill(stage2_pid, SIGKILL); - bail("failed to sync with child: next state"); - } + xread(syncfd, &s, sizeof(s), "failed to sync with child: next state", -1, stage2_pid); switch (s) { case SYNC_CHILD_FINISH: @@ -1067,13 +1072,13 @@ void nsexec(void) */ write_log(DEBUG, "request stage-0 to map user namespace"); s = SYNC_USERMAP_PLS; - if (write(syncfd, &s, sizeof(s)) != sizeof(s)) - bail("failed to sync with parent: write(SYNC_USERMAP_PLS)"); + xwrite(syncfd, &s, sizeof(s), + "failed to sync with parent: write(SYNC_USERMAP_PLS)", -1, -1); /* ... wait for mapping ... */ write_log(DEBUG, "waiting stage-0 to complete the mapping of user namespace"); - if (read(syncfd, &s, sizeof(s)) != sizeof(s)) - bail("failed to sync with parent: read(SYNC_USERMAP_ACK)"); + xread(syncfd, &s, sizeof(s), + "failed to sync with parent: read(SYNC_USERMAP_ACK)", -1, -1); if (s != SYNC_USERMAP_ACK) bailx("failed to sync with parent: SYNC_USERMAP_ACK: got %u", s); @@ -1105,11 +1110,11 @@ void nsexec(void) write_log(DEBUG, "request stage-0 to write timens offsets"); s = SYNC_TIMEOFFSETS_PLS; - if (write(syncfd, &s, sizeof(s)) != sizeof(s)) - bail("failed to sync with parent: write(SYNC_TIMEOFFSETS_PLS)"); + xwrite(syncfd, &s, sizeof(s), + "failed to sync with parent: write(SYNC_TIMEOFFSETS_PLS)", -1, -1); - if (read(syncfd, &s, sizeof(s)) != sizeof(s)) - bail("failed to sync with parent: read(SYNC_TIMEOFFSETS_ACK)"); + xread(syncfd, &s, sizeof(s), + "failed to sync with parent: read(SYNC_TIMEOFFSETS_ACK)", -1, -1); if (s != SYNC_TIMEOFFSETS_ACK) bailx("failed to sync with parent: SYNC_TIMEOFFSETS_ACK: got %u", s); } @@ -1131,20 +1136,14 @@ void nsexec(void) /* Send the child to our parent, which knows what it's doing. */ write_log(DEBUG, "request stage-0 to forward stage-2 pid (%d)", stage2_pid); s = SYNC_RECVPID_PLS; - if (write(syncfd, &s, sizeof(s)) != sizeof(s)) { - sane_kill(stage2_pid, SIGKILL); - bail("failed to sync with parent: write(SYNC_RECVPID_PLS)"); - } - if (write(syncfd, &stage2_pid, sizeof(stage2_pid)) != sizeof(stage2_pid)) { - sane_kill(stage2_pid, SIGKILL); - bail("failed to sync with parent: write(stage2_pid)"); - } + xwrite(syncfd, &s, sizeof(s), + "failed to sync with parent: write(SYNC_RECVPID_PLS)", -1, stage2_pid); + xwrite(syncfd, &stage2_pid, sizeof(stage2_pid), + "failed to sync with parent: write(stage2_pid)", -1, stage2_pid); /* ... wait for parent to get the pid ... */ - if (read(syncfd, &s, sizeof(s)) != sizeof(s)) { - sane_kill(stage2_pid, SIGKILL); - bail("failed to sync with parent: read(SYNC_RECVPID_ACK)"); - } + xread(syncfd, &s, sizeof(s), + "failed to sync with parent: read(SYNC_RECVPID_ACK)", -1, stage2_pid); if (s != SYNC_RECVPID_ACK) { sane_kill(stage2_pid, SIGKILL); bailx("failed to sync with parent: SYNC_RECVPID_ACK: got %u", s); @@ -1152,10 +1151,8 @@ void nsexec(void) write_log(DEBUG, "signal completion to stage-0"); s = SYNC_CHILD_FINISH; - if (write(syncfd, &s, sizeof(s)) != sizeof(s)) { - sane_kill(stage2_pid, SIGKILL); - bail("failed to sync with parent: write(SYNC_CHILD_FINISH)"); - } + xwrite(syncfd, &s, sizeof(s), + "failed to sync with parent: write(SYNC_CHILD_FINISH)", -1, stage2_pid); /* Our work is done. [Stage 2: STAGE_INIT] is doing the rest of the work. */ write_log(DEBUG, "<~ nsexec stage-1"); @@ -1191,8 +1188,7 @@ void nsexec(void) prctl(PR_SET_NAME, (unsigned long)"runc:[2:INIT]", 0, 0, 0); write_log(DEBUG, "~> nsexec stage-2"); - if (read(syncfd, &s, sizeof(s)) != sizeof(s)) - bail("failed to sync with parent: read(SYNC_GRANDCHILD)"); + xread(syncfd, &s, sizeof(s), "failed to sync with parent: read(SYNC_GRANDCHILD)", -1, -1); if (s != SYNC_GRANDCHILD) bailx("failed to sync with parent: SYNC_GRANDCHILD: got %u", s); @@ -1212,8 +1208,7 @@ void nsexec(void) write_log(DEBUG, "signal completion to stage-0"); s = SYNC_CHILD_FINISH; - if (write(syncfd, &s, sizeof(s)) != sizeof(s)) - bail("failed to sync with parent: write(SYNC_CHILD_FINISH)"); + xwrite(syncfd, &s, sizeof(s), "failed to sync with parent: write(SYNC_CHILD_FINISH)", -1, -1); /* Close sync pipes. */ if (close(sync_grandchild_pipe[0]) < 0) From 1cdfc0def9c95be031ffa3f2b208c15d04f8a37e Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Sat, 1 Nov 2025 00:17:49 +0900 Subject: [PATCH 1076/1176] Deprecate cgroup v1 For issue 4955 Signed-off-by: Akihiro Suda --- README.md | 1 + docs/deprecated.md | 11 +++++++++++ 2 files changed, 12 insertions(+) create mode 100644 docs/deprecated.md diff --git a/README.md b/README.md index 2d0f13bd03d..bca08c2d284 100644 --- a/README.md +++ b/README.md @@ -352,6 +352,7 @@ WantedBy=multi-user.target * [systemd cgroup driver](./docs/systemd.md) * [Terminals and standard IO](./docs/terminals.md) * [Experimental features](./docs/experimental.md) +* [Deprecated features](./docs/deprecated.md) ## License diff --git a/docs/deprecated.md b/docs/deprecated.md new file mode 100644 index 00000000000..fed0b61ec12 --- /dev/null +++ b/docs/deprecated.md @@ -0,0 +1,11 @@ +# Deprecated features + +The following features are deprecated: + +Feature | Deprecation release | Removal release +---------------------------------------- | -------------------- | ------------------ +cgroup v1 | v1.4.0 | (May 2029) + + + +- The latest release in May 2029 may not necessarily support cgroup v1, but there will be at least one maintained branch with the support for cgroup v1. From db19bbed5348847da433faa9d69e9f90192bfa64 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Tue, 22 Jul 2025 16:23:28 +1000 Subject: [PATCH 1077/1176] internal/sys: add VerifyInode helper This will be used for a few security patches in later patches in this patchset. The need to verify what kind of inode we are operating on in a race-free way turns out to be quite a common pattern... Signed-off-by: Aleksa Sarai --- internal/sys/doc.go | 5 +++++ internal/sys/verify_inode_unix.go | 30 ++++++++++++++++++++++++++++++ 2 files changed, 35 insertions(+) create mode 100644 internal/sys/doc.go create mode 100644 internal/sys/verify_inode_unix.go diff --git a/internal/sys/doc.go b/internal/sys/doc.go new file mode 100644 index 00000000000..075387f7a3b --- /dev/null +++ b/internal/sys/doc.go @@ -0,0 +1,5 @@ +// Package sys is an internal package that contains helper methods for dealing +// with Linux that are more complicated than basic wrappers. Basic wrappers +// usually belong in internal/linux. If you feel something belongs in +// libcontainer/utils or libcontainer/system, it probably belongs here instead. +package sys diff --git a/internal/sys/verify_inode_unix.go b/internal/sys/verify_inode_unix.go new file mode 100644 index 00000000000..d5019db57e0 --- /dev/null +++ b/internal/sys/verify_inode_unix.go @@ -0,0 +1,30 @@ +package sys + +import ( + "fmt" + "os" + "runtime" + + "golang.org/x/sys/unix" +) + +// VerifyInodeFunc is the callback passed to [VerifyInode] to check if the +// inode is the expected type (and on the correct filesystem type, in the case +// of filesystem-specific inodes). +type VerifyInodeFunc func(stat *unix.Stat_t, statfs *unix.Statfs_t) error + +// VerifyInode verifies that the underlying inode for the given file matches an +// expected inode type (possibly on a particular kind of filesystem). This is +// mainly a wrapper around [VerifyInodeFunc]. +func VerifyInode(file *os.File, checkFunc VerifyInodeFunc) error { + var stat unix.Stat_t + if err := unix.Fstat(int(file.Fd()), &stat); err != nil { + return fmt.Errorf("fstat %q: %w", file.Name(), err) + } + var statfs unix.Statfs_t + if err := unix.Fstatfs(int(file.Fd()), &statfs); err != nil { + return fmt.Errorf("fstatfs %q: %w", file.Name(), err) + } + runtime.KeepAlive(file) + return checkFunc(&stat, &statfs) +} From 6fc191449109ea14bb7d61238f24a33fe08c651f Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Fri, 18 Jul 2025 13:18:53 +1000 Subject: [PATCH 1078/1176] internal: move utils.MkdirAllInRoot to internal/pathrs We will have more wrappers around filepath-securejoin, and so move them to their own specific package so that we can eventually use libpathrs fairly cleanly (by swapping out the implementation). Signed-off-by: Aleksa Sarai --- internal/pathrs/doc.go | 23 ++++++ internal/pathrs/mkdirall_securejoin.go | 97 ++++++++++++++++++++++++++ internal/pathrs/path.go | 34 +++++++++ internal/pathrs/path_test.go | 53 ++++++++++++++ libcontainer/rootfs_linux.go | 13 ++-- libcontainer/utils/utils_unix.go | 83 ---------------------- 6 files changed, 214 insertions(+), 89 deletions(-) create mode 100644 internal/pathrs/doc.go create mode 100644 internal/pathrs/mkdirall_securejoin.go create mode 100644 internal/pathrs/path.go create mode 100644 internal/pathrs/path_test.go diff --git a/internal/pathrs/doc.go b/internal/pathrs/doc.go new file mode 100644 index 00000000000..496ca59510d --- /dev/null +++ b/internal/pathrs/doc.go @@ -0,0 +1,23 @@ +// SPDX-License-Identifier: Apache-2.0 +/* + * Copyright (C) 2024-2025 Aleksa Sarai + * Copyright (C) 2024-2025 SUSE LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +// Package pathrs provides wrappers around filepath-securejoin to add the +// minimum set of features needed from libpathrs that are not provided by +// filepath-securejoin, with the eventual goal being that these can be used to +// ease the transition by converting them stubs when enabling libpathrs builds. +package pathrs diff --git a/internal/pathrs/mkdirall_securejoin.go b/internal/pathrs/mkdirall_securejoin.go new file mode 100644 index 00000000000..7fec8d21e75 --- /dev/null +++ b/internal/pathrs/mkdirall_securejoin.go @@ -0,0 +1,97 @@ +// SPDX-License-Identifier: Apache-2.0 +/* + * Copyright (C) 2024-2025 Aleksa Sarai + * Copyright (C) 2024-2025 SUSE LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package pathrs + +import ( + "fmt" + "os" + "path/filepath" + + securejoin "github.com/cyphar/filepath-securejoin" + "github.com/sirupsen/logrus" + "golang.org/x/sys/unix" +) + +// MkdirAllInRootOpen attempts to make +// +// path, _ := securejoin.SecureJoin(root, unsafePath) +// os.MkdirAll(path, mode) +// os.Open(path) +// +// safer against attacks where components in the path are changed between +// SecureJoin returning and MkdirAll (or Open) being called. In particular, we +// try to detect any symlink components in the path while we are doing the +// MkdirAll. +// +// NOTE: If unsafePath is a subpath of root, we assume that you have already +// called SecureJoin and so we use the provided path verbatim without resolving +// any symlinks (this is done in a way that avoids symlink-exchange races). +// This means that the path also must not contain ".." elements, otherwise an +// error will occur. +// +// This uses securejoin.MkdirAllHandle under the hood, but it has special +// handling if unsafePath has already been scoped within the rootfs (this is +// needed for a lot of runc callers and fixing this would require reworking a +// lot of path logic). +func MkdirAllInRootOpen(root, unsafePath string, mode os.FileMode) (*os.File, error) { + // If the path is already "within" the root, get the path relative to the + // root and use that as the unsafe path. This is necessary because a lot of + // MkdirAllInRootOpen callers have already done SecureJoin, and refactoring + // all of them to stop using these SecureJoin'd paths would require a fair + // amount of work. + // TODO(cyphar): Do the refactor to libpathrs once it's ready. + if IsLexicallyInRoot(root, unsafePath) { + subPath, err := filepath.Rel(root, unsafePath) + if err != nil { + return nil, err + } + unsafePath = subPath + } + + // Check for any silly mode bits. + if mode&^0o7777 != 0 { + return nil, fmt.Errorf("tried to include non-mode bits in MkdirAll mode: 0o%.3o", mode) + } + // Linux (and thus os.MkdirAll) silently ignores the suid and sgid bits if + // passed. While it would make sense to return an error in that case (since + // the user has asked for a mode that won't be applied), for compatibility + // reasons we have to ignore these bits. + if ignoredBits := mode &^ 0o1777; ignoredBits != 0 { + logrus.Warnf("MkdirAll called with no-op mode bits that are ignored by Linux: 0o%.3o", ignoredBits) + mode &= 0o1777 + } + + rootDir, err := os.OpenFile(root, unix.O_DIRECTORY|unix.O_CLOEXEC, 0) + if err != nil { + return nil, fmt.Errorf("open root handle: %w", err) + } + defer rootDir.Close() + + return securejoin.MkdirAllHandle(rootDir, unsafePath, mode) +} + +// MkdirAllInRoot is a wrapper around MkdirAllInRootOpen which closes the +// returned handle, for callers that don't need to use it. +func MkdirAllInRoot(root, unsafePath string, mode os.FileMode) error { + f, err := MkdirAllInRootOpen(root, unsafePath, mode) + if err == nil { + _ = f.Close() + } + return err +} diff --git a/internal/pathrs/path.go b/internal/pathrs/path.go new file mode 100644 index 00000000000..1ee7c795d5b --- /dev/null +++ b/internal/pathrs/path.go @@ -0,0 +1,34 @@ +// SPDX-License-Identifier: Apache-2.0 +/* + * Copyright (C) 2024-2025 Aleksa Sarai + * Copyright (C) 2024-2025 SUSE LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package pathrs + +import ( + "strings" +) + +// IsLexicallyInRoot is shorthand for strings.HasPrefix(path+"/", root+"/"), +// but properly handling the case where path or root have a "/" suffix. +// +// NOTE: The return value only make sense if the path is already mostly cleaned +// (i.e., doesn't contain "..", ".", nor unneeded "/"s). +func IsLexicallyInRoot(root, path string) bool { + root = strings.TrimRight(root, "/") + path = strings.TrimRight(path, "/") + return strings.HasPrefix(path+"/", root+"/") +} diff --git a/internal/pathrs/path_test.go b/internal/pathrs/path_test.go new file mode 100644 index 00000000000..19d577fba3b --- /dev/null +++ b/internal/pathrs/path_test.go @@ -0,0 +1,53 @@ +// SPDX-License-Identifier: Apache-2.0 +/* + * Copyright (C) 2024-2025 Aleksa Sarai + * Copyright (C) 2024-2025 SUSE LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package pathrs + +import "testing" + +func TestIsLexicallyInRoot(t *testing.T) { + for _, test := range []struct { + name string + root, path string + expected bool + }{ + {"Equal1", "/foo", "/foo", true}, + {"Equal2", "/bar/baz", "/bar/baz", true}, + {"Equal3", "/bar/baz/", "/bar/baz/", true}, + {"Root", "/", "/foo/bar", true}, + {"Root-Equal", "/", "/", true}, + {"InRoot-Basic1", "/foo/bar", "/foo/bar/baz/abcd", true}, + {"InRoot-Basic2", "/a/b/c/d", "/a/b/c/d/e/f/g/h", true}, + {"InRoot-Long", "/var/lib/docker/container/1234abcde/rootfs", "/var/lib/docker/container/1234abcde/rootfs/a/b/c", true}, + {"InRoot-TrailingSlash1", "/foo/bar/", "/foo/bar", true}, + {"InRoot-TrailingSlash2", "/foo/", "/foo/bar/baz/boop", true}, + {"NotInRoot-Basic1", "/foo", "/bar", false}, + {"NotInRoot-Basic2", "/foo", "/bar", false}, + {"NotInRoot-Basic3", "/foo/bar/baz", "/foo/boo/baz/abc", false}, + {"NotInRoot-Long", "/var/lib/docker/container/1234abcde/rootfs", "/a/b/c", false}, + {"NotInRoot-Tricky1", "/foo/bar", "/foo/bara", false}, + {"NotInRoot-Tricky2", "/foo/bar", "/foo/ba/r", false}, + } { + t.Run(test.name, func(t *testing.T) { + got := IsLexicallyInRoot(test.root, test.path) + if test.expected != got { + t.Errorf("IsLexicallyInRoot(%q, %q) = %v (expected %v)", test.root, test.path, got, test.expected) + } + }) + } +} diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index aa1f68b94f4..dddd709b8bc 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -25,6 +25,7 @@ import ( devices "github.com/opencontainers/cgroups/devices/config" "github.com/opencontainers/cgroups/fs2" "github.com/opencontainers/runc/internal/linux" + "github.com/opencontainers/runc/internal/pathrs" "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/utils" ) @@ -327,7 +328,7 @@ func mountCgroupV1(m *configs.Mount, c *mountConfig) error { // inside the tmpfs, so we don't want to resolve symlinks). subsystemPath := filepath.Join(c.root, b.Destination) subsystemName := filepath.Base(b.Destination) - if err := utils.MkdirAllInRoot(c.root, subsystemPath, 0o755); err != nil { + if err := pathrs.MkdirAllInRoot(c.root, subsystemPath, 0o755); err != nil { return err } if err := utils.WithProcfd(c.root, b.Destination, func(dstFd string) error { @@ -520,7 +521,7 @@ func createMountpoint(rootfs string, m mountEntry) (string, error) { } // Make the parent directory. destDir, destBase := filepath.Split(dest) - destDirFd, err := utils.MkdirAllInRootOpen(rootfs, destDir, 0o755) + destDirFd, err := pathrs.MkdirAllInRootOpen(rootfs, destDir, 0o755) if err != nil { return "", fmt.Errorf("make parent dir of file bind-mount: %w", err) } @@ -557,7 +558,7 @@ func createMountpoint(rootfs string, m mountEntry) (string, error) { } } - if err := utils.MkdirAllInRoot(rootfs, dest, 0o755); err != nil { + if err := pathrs.MkdirAllInRoot(rootfs, dest, 0o755); err != nil { return "", err } return dest, nil @@ -576,7 +577,7 @@ func mountToRootfs(c *mountConfig, m mountEntry) error { // TODO: This won't be necessary once we switch to libpathrs and we can // stop all of these symlink-exchange attacks. dest := filepath.Clean(m.Destination) - if !utils.IsLexicallyInRoot(rootfs, dest) { + if !pathrs.IsLexicallyInRoot(rootfs, dest) { // Do not use securejoin as it resolves symlinks. dest = filepath.Join(rootfs, dest) } @@ -590,7 +591,7 @@ func mountToRootfs(c *mountConfig, m mountEntry) error { } else if !fi.IsDir() { return fmt.Errorf("filesystem %q must be mounted on ordinary directory", m.Device) } - if err := utils.MkdirAllInRoot(rootfs, dest, 0o755); err != nil { + if err := pathrs.MkdirAllInRoot(rootfs, dest, 0o755); err != nil { return err } // Selinux kernels do not support labeling of /proc or /sys. @@ -956,7 +957,7 @@ func createDeviceNode(rootfs string, node *devices.Device, bind bool) error { if dest == rootfs { return fmt.Errorf("%w: mknod over rootfs", errRootfsToFile) } - if err := utils.MkdirAllInRoot(rootfs, filepath.Dir(dest), 0o755); err != nil { + if err := pathrs.MkdirAllInRoot(rootfs, filepath.Dir(dest), 0o755); err != nil { return err } if bind { diff --git a/libcontainer/utils/utils_unix.go b/libcontainer/utils/utils_unix.go index 3c32769dd7f..f2c1e1f2b45 100644 --- a/libcontainer/utils/utils_unix.go +++ b/libcontainer/utils/utils_unix.go @@ -9,7 +9,6 @@ import ( "path/filepath" "runtime" "strconv" - "strings" "sync" _ "unsafe" // for go:linkname @@ -269,88 +268,6 @@ func ProcThreadSelfFd(fd uintptr) (string, ProcThreadSelfCloser) { return ProcThreadSelf("fd/" + strconv.FormatUint(uint64(fd), 10)) } -// IsLexicallyInRoot is shorthand for strings.HasPrefix(path+"/", root+"/"), -// but properly handling the case where path or root are "/". -// -// NOTE: The return value only make sense if the path doesn't contain "..". -func IsLexicallyInRoot(root, path string) bool { - if root != "/" { - root += "/" - } - if path != "/" { - path += "/" - } - return strings.HasPrefix(path, root) -} - -// MkdirAllInRootOpen attempts to make -// -// path, _ := securejoin.SecureJoin(root, unsafePath) -// os.MkdirAll(path, mode) -// os.Open(path) -// -// safer against attacks where components in the path are changed between -// SecureJoin returning and MkdirAll (or Open) being called. In particular, we -// try to detect any symlink components in the path while we are doing the -// MkdirAll. -// -// NOTE: If unsafePath is a subpath of root, we assume that you have already -// called SecureJoin and so we use the provided path verbatim without resolving -// any symlinks (this is done in a way that avoids symlink-exchange races). -// This means that the path also must not contain ".." elements, otherwise an -// error will occur. -// -// This uses securejoin.MkdirAllHandle under the hood, but it has special -// handling if unsafePath has already been scoped within the rootfs (this is -// needed for a lot of runc callers and fixing this would require reworking a -// lot of path logic). -func MkdirAllInRootOpen(root, unsafePath string, mode os.FileMode) (_ *os.File, Err error) { - // If the path is already "within" the root, get the path relative to the - // root and use that as the unsafe path. This is necessary because a lot of - // MkdirAllInRootOpen callers have already done SecureJoin, and refactoring - // all of them to stop using these SecureJoin'd paths would require a fair - // amount of work. - // TODO(cyphar): Do the refactor to libpathrs once it's ready. - if IsLexicallyInRoot(root, unsafePath) { - subPath, err := filepath.Rel(root, unsafePath) - if err != nil { - return nil, err - } - unsafePath = subPath - } - - // Check for any silly mode bits. - if mode&^0o7777 != 0 { - return nil, fmt.Errorf("tried to include non-mode bits in MkdirAll mode: 0o%.3o", mode) - } - // Linux (and thus os.MkdirAll) silently ignores the suid and sgid bits if - // passed. While it would make sense to return an error in that case (since - // the user has asked for a mode that won't be applied), for compatibility - // reasons we have to ignore these bits. - if ignoredBits := mode &^ 0o1777; ignoredBits != 0 { - logrus.Warnf("MkdirAll called with no-op mode bits that are ignored by Linux: 0o%.3o", ignoredBits) - mode &= 0o1777 - } - - rootDir, err := os.OpenFile(root, unix.O_DIRECTORY|unix.O_CLOEXEC, 0) - if err != nil { - return nil, fmt.Errorf("open root handle: %w", err) - } - defer rootDir.Close() - - return securejoin.MkdirAllHandle(rootDir, unsafePath, mode) -} - -// MkdirAllInRoot is a wrapper around MkdirAllInRootOpen which closes the -// returned handle, for callers that don't need to use it. -func MkdirAllInRoot(root, unsafePath string, mode os.FileMode) error { - f, err := MkdirAllInRootOpen(root, unsafePath, mode) - if err == nil { - _ = f.Close() - } - return err -} - // Openat is a Go-friendly openat(2) wrapper. func Openat(dir *os.File, path string, flags int, mode uint32) (*os.File, error) { dirFd := unix.AT_FDCWD From ff94f9991bd32076c871ef0ad8bc1b763458e480 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Thu, 19 Jun 2025 10:19:41 +1000 Subject: [PATCH 1079/1176] *: switch to safer securejoin.Reopen filepath-securejoin v0.3 gave us a much safer re-open primitive, we should use it to avoid any theoretical attacks. Rather than using it direcly, add a small pathrs wrapper to make libpathrs migrations in the future easier... Signed-off-by: Aleksa Sarai --- internal/pathrs/procfs_securejoin.go | 30 +++++++++++++++++++++ libcontainer/exeseal/cloned_binary_linux.go | 3 ++- libcontainer/standard_init_linux.go | 14 +++++----- 3 files changed, 39 insertions(+), 8 deletions(-) create mode 100644 internal/pathrs/procfs_securejoin.go diff --git a/internal/pathrs/procfs_securejoin.go b/internal/pathrs/procfs_securejoin.go new file mode 100644 index 00000000000..77335e7efce --- /dev/null +++ b/internal/pathrs/procfs_securejoin.go @@ -0,0 +1,30 @@ +// SPDX-License-Identifier: Apache-2.0 +/* + * Copyright (C) 2025 Aleksa Sarai + * Copyright (C) 2025 SUSE LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package pathrs + +import ( + "os" + + securejoin "github.com/cyphar/filepath-securejoin" +) + +// Reopen is a wrapper around securejoin.Reopen. +func Reopen(file *os.File, flags int) (*os.File, error) { + return securejoin.Reopen(file, flags) +} diff --git a/libcontainer/exeseal/cloned_binary_linux.go b/libcontainer/exeseal/cloned_binary_linux.go index cfe03da46f7..1c5c60872f7 100644 --- a/libcontainer/exeseal/cloned_binary_linux.go +++ b/libcontainer/exeseal/cloned_binary_linux.go @@ -10,6 +10,7 @@ import ( "github.com/sirupsen/logrus" "golang.org/x/sys/unix" + "github.com/opencontainers/runc/internal/pathrs" "github.com/opencontainers/runc/libcontainer/system" ) @@ -71,7 +72,7 @@ func sealFile(f **os.File) error { // When sealing an O_TMPFILE-style descriptor we need to // re-open the path as O_PATH to clear the existing write // handle we have. - opath, err := os.OpenFile(fmt.Sprintf("/proc/self/fd/%d", (*f).Fd()), unix.O_PATH|unix.O_CLOEXEC, 0) + opath, err := pathrs.Reopen(*f, unix.O_PATH|unix.O_CLOEXEC) if err != nil { return fmt.Errorf("reopen tmpfile: %w", err) } diff --git a/libcontainer/standard_init_linux.go b/libcontainer/standard_init_linux.go index 15a4fcb577f..f8023f3913a 100644 --- a/libcontainer/standard_init_linux.go +++ b/libcontainer/standard_init_linux.go @@ -12,6 +12,7 @@ import ( "golang.org/x/sys/unix" "github.com/opencontainers/runc/internal/linux" + "github.com/opencontainers/runc/internal/pathrs" "github.com/opencontainers/runc/libcontainer/apparmor" "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/keys" @@ -259,19 +260,17 @@ func (l *linuxStandardInit) Init() error { return fmt.Errorf("close log pipe: %w", err) } - fifoPath, closer := utils.ProcThreadSelfFd(l.fifoFile.Fd()) - defer closer() - // Wait for the FIFO to be opened on the other side before exec-ing the // user process. We open it through /proc/self/fd/$fd, because the fd that // was given to us was an O_PATH fd to the fifo itself. Linux allows us to // re-open an O_PATH fd through /proc. - fd, err := linux.Open(fifoPath, unix.O_WRONLY|unix.O_CLOEXEC, 0) + fifoFile, err := pathrs.Reopen(l.fifoFile, unix.O_WRONLY|unix.O_CLOEXEC) if err != nil { - return err + return fmt.Errorf("reopen exec fifo: %w", err) } - if _, err := unix.Write(fd, []byte("0")); err != nil { - return &os.PathError{Op: "write exec fifo", Path: fifoPath, Err: err} + defer fifoFile.Close() + if _, err := fifoFile.Write([]byte("0")); err != nil { + return &os.PathError{Op: "write exec fifo", Path: fifoFile.Name(), Err: err} } // Close the O_PATH fifofd fd before exec because the kernel resets @@ -280,6 +279,7 @@ func (l *linuxStandardInit) Init() error { // N.B. the core issue itself (passing dirfds to the host filesystem) has // since been resolved. // https://github.com/torvalds/linux/blob/v4.9/fs/exec.c#L1290-L1318 + _ = fifoFile.Close() _ = l.fifoFile.Close() if s := l.config.SpecState; s != nil { From 8476df83b534a2522b878c0507b3491def48db9f Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 6 Mar 2025 08:19:45 -0800 Subject: [PATCH 1080/1176] libct: add/use isDevNull, verifyDevNull The /dev/null in a container should not be trusted, because when /dev is a bind mount, /dev/null is not created by runc itself. 1. Add isDevNull which checks the fd minor/major and device type, and verifyDevNull which does the stat and the check. 2. Rewrite maskPath to open and check /dev/null, and use its fd to perform mounts. Move the loop over the MaskPaths into the function, and rename it to maskPaths. 3. reOpenDevNull: use verifyDevNull and isDevNull. 4. fixStdioPermissions: use isDevNull instead of stat. Fixes: GHSA-9493-h29p-rfm2 CVE-2025-31133 Co-authored-by: Rodrigo Campos Signed-off-by: Kir Kolyshkin Signed-off-by: Aleksa Sarai --- libcontainer/init_linux.go | 11 +++--- libcontainer/rootfs_linux.go | 53 +++++++++++++++++++++++------ libcontainer/standard_init_linux.go | 7 ++-- 3 files changed, 49 insertions(+), 22 deletions(-) diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go index e4daf2c8f9a..95a4d7f7826 100644 --- a/libcontainer/init_linux.go +++ b/libcontainer/init_linux.go @@ -505,19 +505,16 @@ func setupUser(config *initConfig) error { // The ownership needs to match because it is created outside of the container and needs to be // localized. func fixStdioPermissions(uid int) error { - var null unix.Stat_t - if err := unix.Stat("/dev/null", &null); err != nil { - return &os.PathError{Op: "stat", Path: "/dev/null", Err: err} - } for _, file := range []*os.File{os.Stdin, os.Stdout, os.Stderr} { var s unix.Stat_t if err := unix.Fstat(int(file.Fd()), &s); err != nil { return &os.PathError{Op: "fstat", Path: file.Name(), Err: err} } - // Skip chown if uid is already the one we want or any of the STDIO descriptors - // were redirected to /dev/null. - if int(s.Uid) == uid || s.Rdev == null.Rdev { + // Skip chown if: + // - uid is already the one we want, or + // - fd is opened to /dev/null. + if int(s.Uid) == uid || isDevNull(&s) { continue } diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index dddd709b8bc..552734f564d 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -26,6 +26,7 @@ import ( "github.com/opencontainers/cgroups/fs2" "github.com/opencontainers/runc/internal/linux" "github.com/opencontainers/runc/internal/pathrs" + "github.com/opencontainers/runc/internal/sys" "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/utils" ) @@ -398,7 +399,7 @@ func mountCgroupV2(m *configs.Mount, c *mountConfig) error { // Mask `/sys/fs/cgroup` to ensure it is read-only, even when `/sys` is mounted // with `rbind,ro` (`runc spec --rootless` produces `rbind,ro` for `/sys`). err = utils.WithProcfd(c.root, m.Destination, func(procfd string) error { - return maskPath(procfd, c.label) + return maskPaths([]string{procfd}, c.label) }) } return err @@ -889,20 +890,20 @@ func setupDevSymlinks(rootfs string) error { // needs to be called after we chroot/pivot into the container's rootfs so that any // symlinks are resolved locally. func reOpenDevNull() error { - var stat, devNullStat unix.Stat_t file, err := os.OpenFile("/dev/null", os.O_RDWR, 0) if err != nil { return err } defer file.Close() - if err := unix.Fstat(int(file.Fd()), &devNullStat); err != nil { - return &os.PathError{Op: "fstat", Path: file.Name(), Err: err} + if err := verifyDevNull(file); err != nil { + return fmt.Errorf("can't reopen /dev/null: %w", err) } for fd := range 3 { + var stat unix.Stat_t if err := unix.Fstat(fd, &stat); err != nil { return &os.PathError{Op: "fstat", Path: "fd " + strconv.Itoa(fd), Err: err} } - if stat.Rdev == devNullStat.Rdev { + if isDevNull(&stat) { // Close and re-open the fd. if err := linux.Dup3(int(file.Fd()), fd, 0); err != nil { return err @@ -1251,18 +1252,48 @@ func remountReadonly(m *configs.Mount) error { return fmt.Errorf("unable to mount %s as readonly max retries reached", dest) } -// maskPath masks the top of the specified path inside a container to avoid +func isDevNull(st *unix.Stat_t) bool { + return st.Mode&unix.S_IFMT == unix.S_IFCHR && st.Rdev == unix.Mkdev(1, 3) +} + +func verifyDevNull(f *os.File) error { + return sys.VerifyInode(f, func(st *unix.Stat_t, _ *unix.Statfs_t) error { + if !isDevNull(st) { + return errors.New("container's /dev/null is invalid") + } + return nil + }) +} + +// maskPaths masks the top of the specified paths inside a container to avoid // security issues from processes reading information from non-namespace aware // mounts ( proc/kcore ). // For files, maskPath bind mounts /dev/null over the top of the specified path. // For directories, maskPath mounts read-only tmpfs over the top of the specified path. -func maskPath(path string, mountLabel string) error { - if err := mount("/dev/null", path, "", unix.MS_BIND, ""); err != nil && !errors.Is(err, os.ErrNotExist) { - if errors.Is(err, unix.ENOTDIR) { - return mount("tmpfs", path, "tmpfs", unix.MS_RDONLY, label.FormatMountLabel("", mountLabel)) +func maskPaths(paths []string, mountLabel string) error { + devNull, err := os.OpenFile("/dev/null", unix.O_PATH, 0) + if err != nil { + return fmt.Errorf("can't mask paths: %w", err) + } + defer devNull.Close() + if err := verifyDevNull(devNull); err != nil { + return fmt.Errorf("can't mask paths: %w", err) + } + devNullSrc := &mountSource{Type: mountSourcePlain, file: devNull} + + for _, path := range paths { + if err := mountViaFds("", devNullSrc, path, "", "", unix.MS_BIND, ""); err != nil && !errors.Is(err, os.ErrNotExist) { + if !errors.Is(err, unix.ENOTDIR) { + return fmt.Errorf("can't mask path %q: %w", path, err) + } + // Destination is a directory: bind mount a ro tmpfs over it. + err := mount("tmpfs", path, "tmpfs", unix.MS_RDONLY, label.FormatMountLabel("", mountLabel)) + if err != nil { + return fmt.Errorf("can't mask dir %q: %w", path, err) + } } - return err } + return nil } diff --git a/libcontainer/standard_init_linux.go b/libcontainer/standard_init_linux.go index f8023f3913a..d3e519593d1 100644 --- a/libcontainer/standard_init_linux.go +++ b/libcontainer/standard_init_linux.go @@ -142,10 +142,9 @@ func (l *linuxStandardInit) Init() error { return fmt.Errorf("can't make %q read-only: %w", path, err) } } - for _, path := range l.config.Config.MaskPaths { - if err := maskPath(path, l.config.Config.MountLabel); err != nil { - return fmt.Errorf("can't mask path %s: %w", path, err) - } + + if err := maskPaths(l.config.Config.MaskPaths, l.config.Config.MountLabel); err != nil { + return err } pdeath, err := system.GetParentDeathSignal() if err != nil { From 1a30a8f3d921acbbb6a4bb7e99da2c05f8d48522 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 21 Apr 2025 15:33:52 -0700 Subject: [PATCH 1081/1176] libct: maskPaths: only ignore ENOENT on mount dest When mounting a path being masked, the /dev/null might disappear from under us, and mount (even on an opened /dev/null file descriptor) will return ENOENT, which we deliberately ignore, as there's no need to mask non-existent paths. Let's open the destination path and ignore ENOENT during open, then mount via the destination file descriptor, not ignoring ENOENT. Reported-by: lifubang Signed-off-by: Kir Kolyshkin --- libcontainer/rootfs_linux.go | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index 552734f564d..04b568f486b 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -1280,9 +1280,23 @@ func maskPaths(paths []string, mountLabel string) error { return fmt.Errorf("can't mask paths: %w", err) } devNullSrc := &mountSource{Type: mountSourcePlain, file: devNull} + procSelfFd, closer := utils.ProcThreadSelf("fd/") + defer closer() for _, path := range paths { - if err := mountViaFds("", devNullSrc, path, "", "", unix.MS_BIND, ""); err != nil && !errors.Is(err, os.ErrNotExist) { + // Open the target path; skip if it doesn't exist. + dstFh, err := os.OpenFile(path, unix.O_PATH|unix.O_CLOEXEC, 0) + if err != nil { + if errors.Is(err, os.ErrNotExist) { + continue + } + return fmt.Errorf("can't mask path %q: %w", path, err) + } + + dstFd := filepath.Join(procSelfFd, strconv.Itoa(int(dstFh.Fd()))) + err = mountViaFds("", devNullSrc, path, dstFd, "", unix.MS_BIND, "") + dstFh.Close() + if err != nil { if !errors.Is(err, unix.ENOTDIR) { return fmt.Errorf("can't mask path %q: %w", path, err) } From 5d7b2424072449872d1cd0c937f2ca25f418eb66 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 22 Apr 2025 18:02:13 -0700 Subject: [PATCH 1082/1176] libct: maskPaths: don't rely on ENOTDIR for mount Currently, we rely on mount returning ENOTDIR when the destination is a directory (and so mount tells us that the source is not), and fall back to read-only tmpfs bind mount for such cases. Theoretically, ENOTDIR can also be returned in some other cases, resulting in the wrong type of mount being used. Let's be more straightforward here -- call fstat on destination file descriptor, and use the proper mount depending on whether it is a directory. Reported-by: Rodrigo Campos Signed-off-by: Kir Kolyshkin --- libcontainer/rootfs_linux.go | 28 +++++++++++++++++----------- 1 file changed, 17 insertions(+), 11 deletions(-) diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index 04b568f486b..cb4c4562f27 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -1292,19 +1292,25 @@ func maskPaths(paths []string, mountLabel string) error { } return fmt.Errorf("can't mask path %q: %w", path, err) } - - dstFd := filepath.Join(procSelfFd, strconv.Itoa(int(dstFh.Fd()))) - err = mountViaFds("", devNullSrc, path, dstFd, "", unix.MS_BIND, "") - dstFh.Close() + st, err := dstFh.Stat() if err != nil { - if !errors.Is(err, unix.ENOTDIR) { - return fmt.Errorf("can't mask path %q: %w", path, err) - } + dstFh.Close() + return fmt.Errorf("can't mask path %q: %w", path, err) + } + var dstType string + if st.IsDir() { // Destination is a directory: bind mount a ro tmpfs over it. - err := mount("tmpfs", path, "tmpfs", unix.MS_RDONLY, label.FormatMountLabel("", mountLabel)) - if err != nil { - return fmt.Errorf("can't mask dir %q: %w", path, err) - } + dstType = "dir" + err = mount("tmpfs", path, "tmpfs", unix.MS_RDONLY, label.FormatMountLabel("", mountLabel)) + } else { + // Destination is a file: mount it to /dev/null. + dstType = "path" + dstFd := filepath.Join(procSelfFd, strconv.Itoa(int(dstFh.Fd()))) + err = mountViaFds("", devNullSrc, path, dstFd, "", unix.MS_BIND, "") + } + dstFh.Close() + if err != nil { + return fmt.Errorf("can't mask %s %q: %w", dstType, path, err) } } From 531ef794e4ecd628006a865ad334a048ee2b4b2e Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Thu, 15 May 2025 16:12:21 +1000 Subject: [PATCH 1083/1176] console: use TIOCGPTPEER when allocating peer PTY When opening the peer end of a pty, the old kernel API required us to open /dev/pts/$num inside the container (at least since we fixed console handling many years ago in commit 244c9fc426ae ("*: console rewrite")). The problem is that in a hostile container it is possible for /dev/pts/$num to be an attacker-controlled symlink that runc can be tricked into resolving when doing bind-mounts. This allows the attacker to (among other things) persist /proc/... entries that are later masked by runc, allowing an attacker to escape through the kernel.core_pattern sysctl (/proc/sys/kernel/core_pattern). This is the original issue reported by Lei Wang and Li Fu Bang in CVE-2025-52565. However, it should be noted that this is not entirely a newly-discovered problem. Way back in Linux 4.13 (2017), I added the TIOCGPTPEER ioctl, which allows us to get a pty peer without touching the /dev/pts inside the container. The original threat model was around an attacker replacing /dev/pts/$n or /dev/pts/ptmx with some malicious inode (a DoS inode, or possibly a PTY they wanted a confused deputy to operate on). Unfortunately, there was no practical way for runc to cache a safe O_PATH handle to /dev/pts/ptmx (unlike other runtimes like LXC, which switched to TIOCGPTPEER way back in 2017). Since it wasn't clear how we could protect against the main attack TIOCGPTPEER was meant to protect against, we never switched to it (even though I implemented it specifically to harden container runtimes). Unfortunately, It turns out that mount *sources* are a threat we didn't fully consider. Since TIOCGPTPEER already solves this problem entirely for us in a race free way, we should just use that. In a later patch, we will add some hardening for /dev/pts/$num opening to maintain support for very old kernels (Linux 4.13 is very old at this point, but RHEL 7 is still kicking and is stuck on Linux 3.10). Fixes: GHSA-qw9x-cqr3-wc7r CVE-2025-52565 Reported-by: Lei Wang (CVE-2025-52565) Reported-by: lfbzhm (CVE-2025-52565) Reported-by: Aleksa Sarai (TIOCGPTPEER) Signed-off-by: Aleksa Sarai --- internal/linux/linux.go | 20 ++++++++++++++ libcontainer/console_linux.go | 50 ++++++++++++++++++++++++++--------- libcontainer/init_linux.go | 7 ++--- 3 files changed, 61 insertions(+), 16 deletions(-) diff --git a/internal/linux/linux.go b/internal/linux/linux.go index 1cf479f4124..ef230b1331f 100644 --- a/internal/linux/linux.go +++ b/internal/linux/linux.go @@ -85,3 +85,23 @@ func SetMempolicy(mode uint, mask *unix.CPUSet) error { }) return os.NewSyscallError("set_mempolicy", err) } + +// GetPtyPeer is a wrapper for ioctl(TIOCGPTPEER). +func GetPtyPeer(ptyFd uintptr, unsafePeerPath string, flags int) (*os.File, error) { + // Make sure O_NOCTTY is always set -- otherwise runc might accidentally + // gain it as a controlling terminal. O_CLOEXEC also needs to be set to + // make sure we don't leak the handle either. + flags |= unix.O_NOCTTY | unix.O_CLOEXEC + + // There is no nice wrapper for this kind of ioctl in unix. + peerFd, _, errno := unix.Syscall( + unix.SYS_IOCTL, + ptyFd, + uintptr(unix.TIOCGPTPEER), + uintptr(flags), + ) + if errno != 0 { + return nil, os.NewSyscallError("ioctl TIOCGPTPEER", errno) + } + return os.NewFile(peerFd, unsafePeerPath), nil +} diff --git a/libcontainer/console_linux.go b/libcontainer/console_linux.go index c42e60e3c52..36db6d69bcd 100644 --- a/libcontainer/console_linux.go +++ b/libcontainer/console_linux.go @@ -1,15 +1,39 @@ package libcontainer import ( + "fmt" "os" + "runtime" - "github.com/opencontainers/runc/internal/linux" + "github.com/containerd/console" "golang.org/x/sys/unix" + + "github.com/opencontainers/runc/internal/linux" ) -// mount initializes the console inside the rootfs mounting with the specified mount label -// and applying the correct ownership of the console. -func mountConsole(slavePath string) error { +// safeAllocPty returns a new (ptmx, peer pty) allocation for use inside a +// container. +func safeAllocPty() (pty console.Console, peer *os.File, Err error) { + pty, unsafePeerPath, err := console.NewPty() + if err != nil { + return nil, nil, err + } + defer func() { + if Err != nil { + _ = pty.Close() + } + }() + + peer, err = linux.GetPtyPeer(pty.Fd(), unsafePeerPath, unix.O_RDWR|unix.O_NOCTTY) + if err != nil { + return nil, nil, fmt.Errorf("failed to get peer end of newly-allocated console: %w", err) + } + return pty, peer, nil +} + +// mountConsole bind-mounts the provided pty on top of /dev/console so programs +// that operate on /dev/console operate on the correct container pty. +func mountConsole(peerPty *os.File) error { f, err := os.Create("/dev/console") if err != nil && !os.IsExist(err) { return err @@ -21,20 +45,20 @@ func mountConsole(slavePath string) error { } f.Close() } - return mount(slavePath, "/dev/console", "bind", unix.MS_BIND, "") + mntSrc := &mountSource{ + Type: mountSourcePlain, + file: peerPty, + } + return mountViaFds(peerPty.Name(), mntSrc, "/dev/console", "", "bind", unix.MS_BIND, "") } -// dupStdio opens the slavePath for the console and dups the fds to the current -// processes stdio, fd 0,1,2. -func dupStdio(slavePath string) error { - fd, err := linux.Open(slavePath, unix.O_RDWR, 0) - if err != nil { - return err - } +// dupStdio replaces stdio with the given peerPty. +func dupStdio(peerPty *os.File) error { for _, i := range []int{0, 1, 2} { - if err := linux.Dup3(fd, i, 0); err != nil { + if err := linux.Dup3(int(peerPty.Fd()), i, 0); err != nil { return err } } + runtime.KeepAlive(peerPty) return nil } diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go index 95a4d7f7826..9672b037a0f 100644 --- a/libcontainer/init_linux.go +++ b/libcontainer/init_linux.go @@ -377,12 +377,13 @@ func setupConsole(socket *os.File, config *initConfig, mount bool) error { // the UID owner of the console to be the user the process will run as (so // they can actually control their console). - pty, slavePath, err := console.NewPty() + pty, peerPty, err := safeAllocPty() if err != nil { return err } // After we return from here, we don't need the console anymore. defer pty.Close() + defer peerPty.Close() if config.ConsoleHeight != 0 && config.ConsoleWidth != 0 { err = pty.Resize(console.WinSize{ @@ -396,7 +397,7 @@ func setupConsole(socket *os.File, config *initConfig, mount bool) error { // Mount the console inside our rootfs. if mount { - if err := mountConsole(slavePath); err != nil { + if err := mountConsole(peerPty); err != nil { return err } } @@ -407,7 +408,7 @@ func setupConsole(socket *os.File, config *initConfig, mount bool) error { runtime.KeepAlive(pty) // Now, dup over all the things. - return dupStdio(slavePath) + return dupStdio(peerPty) } // syncParentReady sends to the given pipe a JSON payload which indicates that From 398955bccb7f20565c224a3064d331c19e422398 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Fri, 1 Aug 2025 19:33:12 +1000 Subject: [PATCH 1084/1176] console: add fallback for pre-TIOCGPTPEER kernels The pty driver has very consistent allocation rules for the major:minor numbers of /dev/pts/$n inodes, so it is possible to somewhat safely open /dev/pts/* paths if we validate that the inode is the one we expect. It is possible for an attacker to have over-mounted a pts peer from a different devpts instance, but to fix this would require more tracking of devpts instances than runc currently can do. This means runc should continue to work on very old kernels. Signed-off-by: Aleksa Sarai --- libcontainer/console_linux.go | 55 ++++++++++++++++++++++++++++++++++- 1 file changed, 54 insertions(+), 1 deletion(-) diff --git a/libcontainer/console_linux.go b/libcontainer/console_linux.go index 36db6d69bcd..418c27f25e3 100644 --- a/libcontainer/console_linux.go +++ b/libcontainer/console_linux.go @@ -1,6 +1,7 @@ package libcontainer import ( + "errors" "fmt" "os" "runtime" @@ -9,8 +10,60 @@ import ( "golang.org/x/sys/unix" "github.com/opencontainers/runc/internal/linux" + "github.com/opencontainers/runc/internal/pathrs" + "github.com/opencontainers/runc/internal/sys" ) +func isPtyNoIoctlError(err error) bool { + // The kernel converts -ENOIOCTLCMD to -ENOTTY automatically, but handle + // -EINVAL just in case (which some drivers do, include pty). + return errors.Is(err, unix.EINVAL) || errors.Is(err, unix.ENOTTY) +} + +func getPtyPeer(pty console.Console, unsafePeerPath string, flags int) (*os.File, error) { + peer, err := linux.GetPtyPeer(pty.Fd(), unsafePeerPath, flags) + if err == nil || !isPtyNoIoctlError(err) { + return peer, err + } + + // On pre-TIOCGPTPEER kernels (Linux < 4.13), we need to fallback to using + // the /dev/pts/$n path generated using TIOCGPTN. We can do some validation + // that the inode is correct because the Unix-98 pty has a consistent + // numbering scheme for the device number of the peer. + + peerNum, err := unix.IoctlGetUint32(int(pty.Fd()), unix.TIOCGPTN) + if err != nil { + return nil, fmt.Errorf("get peer number of pty: %w", err) + } + //nolint:revive,staticcheck,nolintlint // ignore "don't use ALL_CAPS" warning // nolintlint is needed to work around the different lint configs + const ( + UNIX98_PTY_SLAVE_MAJOR = 136 // from + ) + wantPeerDev := unix.Mkdev(UNIX98_PTY_SLAVE_MAJOR, peerNum) + + // Use O_PATH to avoid opening a bad inode before we validate it. + peerHandle, err := os.OpenFile(unsafePeerPath, unix.O_PATH|unix.O_CLOEXEC, 0) + if err != nil { + return nil, err + } + defer peerHandle.Close() + + if err := sys.VerifyInode(peerHandle, func(stat *unix.Stat_t, statfs *unix.Statfs_t) error { + if statfs.Type != unix.DEVPTS_SUPER_MAGIC { + return fmt.Errorf("pty peer handle is not on a real devpts mount: super magic is %#x", statfs.Type) + } + if stat.Mode&unix.S_IFMT != unix.S_IFCHR || stat.Rdev != wantPeerDev { + return fmt.Errorf("pty peer handle is not the real char device for pty %d: ftype %#x %d:%d", + peerNum, stat.Mode&unix.S_IFMT, unix.Major(stat.Rdev), unix.Minor(stat.Rdev)) + } + return nil + }); err != nil { + return nil, err + } + + return pathrs.Reopen(peerHandle, flags) +} + // safeAllocPty returns a new (ptmx, peer pty) allocation for use inside a // container. func safeAllocPty() (pty console.Console, peer *os.File, Err error) { @@ -24,7 +77,7 @@ func safeAllocPty() (pty console.Console, peer *os.File, Err error) { } }() - peer, err = linux.GetPtyPeer(pty.Fd(), unsafePeerPath, unix.O_RDWR|unix.O_NOCTTY) + peer, err = getPtyPeer(pty, unsafePeerPath, unix.O_RDWR|unix.O_NOCTTY) if err != nil { return nil, nil, fmt.Errorf("failed to get peer end of newly-allocated console: %w", err) } From 9be1dbf4ac67d9840a043ebd2df5c68f36705d1d Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Thu, 15 May 2025 17:32:01 +1000 Subject: [PATCH 1085/1176] console: avoid trivial symlink attacks for /dev/console An attacker could make /dev/console a symlink. This presents two possible issues: 1. os.Create will happily truncate targets, which could have resulted in a worse version of CVE-2024-4531. Luckily, this all happens after pivot_root(2) so the scope of that particular attack is fairly limited (you are unlikely to be able to easily access host rootfs files -- though it might be possible to take advantage of leaks such as in CVE-2024-21626). However, O_CREAT|O_NOFOLLOW is what we should be doing for all file creations. 2. Because we passed /dev/console as the only mount path (as opposed to using a /proc/self/fd/$n path), an attacker could swap the symlink to point to any other path and thus cause us to mount over some other path. This is not as big of a problem because all the mounts are in the container namespace after pivot_root(2), and users usually can create arbitrary mount targets inside the container. These issues don't seem particularly exploitable, but they deserve to be hardened regardless. Signed-off-by: Aleksa Sarai --- libcontainer/console_linux.go | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/libcontainer/console_linux.go b/libcontainer/console_linux.go index 418c27f25e3..461ae8e98d1 100644 --- a/libcontainer/console_linux.go +++ b/libcontainer/console_linux.go @@ -12,6 +12,7 @@ import ( "github.com/opencontainers/runc/internal/linux" "github.com/opencontainers/runc/internal/pathrs" "github.com/opencontainers/runc/internal/sys" + "github.com/opencontainers/runc/libcontainer/utils" ) func isPtyNoIoctlError(err error) bool { @@ -87,22 +88,20 @@ func safeAllocPty() (pty console.Console, peer *os.File, Err error) { // mountConsole bind-mounts the provided pty on top of /dev/console so programs // that operate on /dev/console operate on the correct container pty. func mountConsole(peerPty *os.File) error { - f, err := os.Create("/dev/console") - if err != nil && !os.IsExist(err) { - return err - } - if f != nil { - // Ensure permission bits (can be different because of umask). - if err := f.Chmod(0o666); err != nil { - return err - } - f.Close() + console, err := os.OpenFile("/dev/console", unix.O_NOFOLLOW|unix.O_CREAT|unix.O_CLOEXEC, 0o666) + if err != nil { + return fmt.Errorf("create /dev/console mount target: %w", err) } + defer console.Close() + + dstFd, closer := utils.ProcThreadSelfFd(console.Fd()) + defer closer() + mntSrc := &mountSource{ Type: mountSourcePlain, file: peerPty, } - return mountViaFds(peerPty.Name(), mntSrc, "/dev/console", "", "bind", unix.MS_BIND, "") + return mountViaFds(peerPty.Name(), mntSrc, "/dev/console", dstFd, "bind", unix.MS_BIND, "") } // dupStdio replaces stdio with the given peerPty. From de87203e625cd7a27141fb5f2ad00a320c69c5e8 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Thu, 15 May 2025 23:56:45 +1000 Subject: [PATCH 1086/1176] console: verify /dev/pts/ptmx before use This is primarily done out of an abudance of caution against runc exec being attacked by a container where /dev/pts/ptmx has been replaced with some other bad inode (a disconnected NFS handle, a symlink that goes through a leaked runc file descriptor to reference a host ptmx, etc). Unfortunately, we cannot trivially verify that /dev/pts/ptmx is actually the /dev/pts from the container without storing stuff like the fsid in the runc state.json, which is probably not worth the extra effort. This should at least avoid the most concerning cases. Reported-by: Aleksa Sarai Signed-off-by: Aleksa Sarai --- libcontainer/console_linux.go | 50 ++++++++++++++++++++++++++++++++++- 1 file changed, 49 insertions(+), 1 deletion(-) diff --git a/libcontainer/console_linux.go b/libcontainer/console_linux.go index 461ae8e98d1..6ce171f09e7 100644 --- a/libcontainer/console_linux.go +++ b/libcontainer/console_linux.go @@ -15,6 +15,32 @@ import ( "github.com/opencontainers/runc/libcontainer/utils" ) +// checkPtmxHandle checks that the given file handle points to a real +// /dev/pts/ptmx device inode on a real devpts mount. We cannot (trivially) +// check that it is *the* /dev/pts for the container itself, but this is good +// enough. +func checkPtmxHandle(ptmx *os.File) error { + //nolint:revive,staticcheck,nolintlint // ignore "don't use ALL_CAPS" warning // nolintlint is needed to work around the different lint configs + const ( + PTMX_MAJOR = 5 // from TTYAUX_MAJOR in + PTMX_MINOR = 2 // from mknod_ptmx in fs/devpts/inode.c + PTMX_INO = 2 // from mknod_ptmx in fs/devpts/inode.c + ) + return sys.VerifyInode(ptmx, func(stat *unix.Stat_t, statfs *unix.Statfs_t) error { + if statfs.Type != unix.DEVPTS_SUPER_MAGIC { + return fmt.Errorf("ptmx handle is not on a real devpts mount: super magic is %#x", statfs.Type) + } + if stat.Ino != PTMX_INO { + return fmt.Errorf("ptmx handle has wrong inode number: %v", stat.Ino) + } + if stat.Mode&unix.S_IFMT != unix.S_IFCHR || stat.Rdev != unix.Mkdev(PTMX_MAJOR, PTMX_MINOR) { + return fmt.Errorf("ptmx handle is not a real char ptmx device: ftype %#x %d:%d", + stat.Mode&unix.S_IFMT, unix.Major(stat.Rdev), unix.Minor(stat.Rdev)) + } + return nil + }) +} + func isPtyNoIoctlError(err error) bool { // The kernel converts -ENOIOCTLCMD to -ENOTTY automatically, but handle // -EINVAL just in case (which some drivers do, include pty). @@ -68,7 +94,29 @@ func getPtyPeer(pty console.Console, unsafePeerPath string, flags int) (*os.File // safeAllocPty returns a new (ptmx, peer pty) allocation for use inside a // container. func safeAllocPty() (pty console.Console, peer *os.File, Err error) { - pty, unsafePeerPath, err := console.NewPty() + // TODO: Use openat2(RESOLVE_NO_SYMLINKS|RESOLVE_NO_XDEV). + ptmxHandle, err := os.OpenFile("/dev/pts/ptmx", unix.O_PATH|unix.O_NOFOLLOW|unix.O_CLOEXEC, 0) + if err != nil { + return nil, nil, err + } + defer ptmxHandle.Close() + + if err := checkPtmxHandle(ptmxHandle); err != nil { + return nil, nil, fmt.Errorf("verify ptmx handle: %w", err) + } + + ptyFile, err := pathrs.Reopen(ptmxHandle, unix.O_RDWR|unix.O_NOCTTY) + if err != nil { + return nil, nil, fmt.Errorf("reopen ptmx to get new pty pair: %w", err) + } + // On success, the ownership is transferred to pty. + defer func() { + if Err != nil { + _ = ptyFile.Close() + } + }() + + pty, unsafePeerPath, err := console.NewPtyFromFile(ptyFile) if err != nil { return nil, nil, err } From 44a0fcf685db051c80b8c269812bb177f5802c58 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Tue, 6 May 2025 11:23:40 +1000 Subject: [PATCH 1087/1176] go.mod: update to github.com/cyphar/filepath-securejoin@v0.5.0 In order to avoid lint errors due to the deprecation of the top-level securejoin methods ported from libpathrs, we need to adjust internal/pathrs to use the new pathrs-lite subpackage instead. Signed-off-by: Aleksa Sarai --- go.mod | 2 +- go.sum | 4 +- ...l_securejoin.go => mkdirall_pathrslite.go} | 6 +- ...cfs_securejoin.go => procfs_pathrslite.go} | 6 +- .../cyphar/filepath-securejoin/.golangci.yml | 56 ++ .../cyphar/filepath-securejoin/CHANGELOG.md | 121 +++- .../cyphar/filepath-securejoin/COPYING.md | 447 ++++++++++++++ .../{LICENSE => LICENSE.BSD} | 0 .../filepath-securejoin/LICENSE.MPL-2.0 | 373 ++++++++++++ .../cyphar/filepath-securejoin/README.md | 21 +- .../cyphar/filepath-securejoin/VERSION | 2 +- .../cyphar/filepath-securejoin/codecov.yml | 29 + .../filepath-securejoin/deprecated_linux.go | 48 ++ .../cyphar/filepath-securejoin/doc.go | 34 +- .../gocompat_generics_go121.go | 32 -- .../gocompat_generics_unsupported.go | 124 ---- .../internal/consts/consts.go | 15 + .../cyphar/filepath-securejoin/join.go | 23 +- .../filepath-securejoin/openat2_linux.go | 127 ---- .../filepath-securejoin/openat_linux.go | 59 -- .../filepath-securejoin/pathrs-lite/README.md | 33 ++ .../filepath-securejoin/pathrs-lite/doc.go | 14 + .../pathrs-lite/internal/assert/assert.go | 30 + .../pathrs-lite/internal/errors.go | 30 + .../pathrs-lite/internal/fd/at_linux.go | 148 +++++ .../pathrs-lite/internal/fd/fd.go | 55 ++ .../pathrs-lite/internal/fd/fd_linux.go | 78 +++ .../pathrs-lite/internal/fd/mount_linux.go | 54 ++ .../pathrs-lite/internal/fd/openat2_linux.go | 62 ++ .../pathrs-lite/internal/gocompat/README.md | 10 + .../pathrs-lite/internal/gocompat/doc.go | 13 + .../gocompat}/gocompat_errors_go120.go | 7 +- .../gocompat}/gocompat_errors_unsupported.go | 8 +- .../gocompat/gocompat_generics_go121.go | 53 ++ .../gocompat/gocompat_generics_unsupported.go | 187 ++++++ .../internal/kernelversion/kernel_linux.go | 123 ++++ .../pathrs-lite/internal/linux/doc.go | 12 + .../pathrs-lite/internal/linux/mount_linux.go | 47 ++ .../internal/linux/openat2_linux.go | 31 + .../internal/procfs/procfs_linux.go | 544 ++++++++++++++++++ .../internal/procfs/procfs_lookup_linux.go | 222 +++++++ .../{ => pathrs-lite}/lookup_linux.go | 61 +- .../{ => pathrs-lite}/mkdir_linux.go | 46 +- .../{ => pathrs-lite}/open_linux.go | 59 +- .../pathrs-lite/openat2_linux.go | 101 ++++ .../pathrs-lite/procfs/procfs_linux.go | 157 +++++ .../filepath-securejoin/procfs_linux.go | 452 --------------- .../cyphar/filepath-securejoin/vfs.go | 2 + vendor/modules.txt | 12 +- 49 files changed, 3254 insertions(+), 926 deletions(-) rename internal/pathrs/{mkdirall_securejoin.go => mkdirall_pathrslite.go} (94%) rename internal/pathrs/{procfs_securejoin.go => procfs_pathrslite.go} (84%) create mode 100644 vendor/github.com/cyphar/filepath-securejoin/.golangci.yml create mode 100644 vendor/github.com/cyphar/filepath-securejoin/COPYING.md rename vendor/github.com/cyphar/filepath-securejoin/{LICENSE => LICENSE.BSD} (100%) create mode 100644 vendor/github.com/cyphar/filepath-securejoin/LICENSE.MPL-2.0 create mode 100644 vendor/github.com/cyphar/filepath-securejoin/codecov.yml create mode 100644 vendor/github.com/cyphar/filepath-securejoin/deprecated_linux.go delete mode 100644 vendor/github.com/cyphar/filepath-securejoin/gocompat_generics_go121.go delete mode 100644 vendor/github.com/cyphar/filepath-securejoin/gocompat_generics_unsupported.go create mode 100644 vendor/github.com/cyphar/filepath-securejoin/internal/consts/consts.go delete mode 100644 vendor/github.com/cyphar/filepath-securejoin/openat2_linux.go delete mode 100644 vendor/github.com/cyphar/filepath-securejoin/openat_linux.go create mode 100644 vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/README.md create mode 100644 vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/doc.go create mode 100644 vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/assert/assert.go create mode 100644 vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/errors.go create mode 100644 vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/fd/at_linux.go create mode 100644 vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/fd/fd.go create mode 100644 vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/fd/fd_linux.go create mode 100644 vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/fd/mount_linux.go create mode 100644 vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/fd/openat2_linux.go create mode 100644 vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gocompat/README.md create mode 100644 vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gocompat/doc.go rename vendor/github.com/cyphar/filepath-securejoin/{ => pathrs-lite/internal/gocompat}/gocompat_errors_go120.go (69%) rename vendor/github.com/cyphar/filepath-securejoin/{ => pathrs-lite/internal/gocompat}/gocompat_errors_unsupported.go (80%) create mode 100644 vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gocompat/gocompat_generics_go121.go create mode 100644 vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gocompat/gocompat_generics_unsupported.go create mode 100644 vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/kernelversion/kernel_linux.go create mode 100644 vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/linux/doc.go create mode 100644 vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/linux/mount_linux.go create mode 100644 vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/linux/openat2_linux.go create mode 100644 vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/procfs/procfs_linux.go create mode 100644 vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/procfs/procfs_lookup_linux.go rename vendor/github.com/cyphar/filepath-securejoin/{ => pathrs-lite}/lookup_linux.go (86%) rename vendor/github.com/cyphar/filepath-securejoin/{ => pathrs-lite}/mkdir_linux.go (86%) rename vendor/github.com/cyphar/filepath-securejoin/{ => pathrs-lite}/open_linux.go (56%) create mode 100644 vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/openat2_linux.go create mode 100644 vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/procfs/procfs_linux.go delete mode 100644 vendor/github.com/cyphar/filepath-securejoin/procfs_linux.go diff --git a/go.mod b/go.mod index a53e86b369c..723c66db448 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( github.com/checkpoint-restore/go-criu/v7 v7.2.0 github.com/containerd/console v1.0.5 github.com/coreos/go-systemd/v22 v22.6.0 - github.com/cyphar/filepath-securejoin v0.4.1 + github.com/cyphar/filepath-securejoin v0.5.0 github.com/docker/go-units v0.5.0 github.com/godbus/dbus/v5 v5.1.0 github.com/moby/sys/capability v0.4.0 diff --git a/go.sum b/go.sum index 45bc4513954..3a01584407e 100644 --- a/go.sum +++ b/go.sum @@ -9,8 +9,8 @@ github.com/coreos/go-systemd/v22 v22.6.0 h1:aGVa/v8B7hpb0TKl0MWoAavPDmHvobFe5R5z github.com/coreos/go-systemd/v22 v22.6.0/go.mod h1:iG+pp635Fo7ZmV/j14KUcmEyWF+0X7Lua8rrTWzYgWU= github.com/cpuguy83/go-md2man/v2 v2.0.7 h1:zbFlGlXEAKlwXpmvle3d8Oe3YnkKIK4xSRTd3sHPnBo= github.com/cpuguy83/go-md2man/v2 v2.0.7/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g= -github.com/cyphar/filepath-securejoin v0.4.1 h1:JyxxyPEaktOD+GAnqIqTf9A8tHyAG22rowi7HkoSU1s= -github.com/cyphar/filepath-securejoin v0.4.1/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI= +github.com/cyphar/filepath-securejoin v0.5.0 h1:hIAhkRBMQ8nIeuVwcAoymp7MY4oherZdAxD+m0u9zaw= +github.com/cyphar/filepath-securejoin v0.5.0/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= diff --git a/internal/pathrs/mkdirall_securejoin.go b/internal/pathrs/mkdirall_pathrslite.go similarity index 94% rename from internal/pathrs/mkdirall_securejoin.go rename to internal/pathrs/mkdirall_pathrslite.go index 7fec8d21e75..fb4f7842d49 100644 --- a/internal/pathrs/mkdirall_securejoin.go +++ b/internal/pathrs/mkdirall_pathrslite.go @@ -23,7 +23,7 @@ import ( "os" "path/filepath" - securejoin "github.com/cyphar/filepath-securejoin" + "github.com/cyphar/filepath-securejoin/pathrs-lite" "github.com/sirupsen/logrus" "golang.org/x/sys/unix" ) @@ -45,7 +45,7 @@ import ( // This means that the path also must not contain ".." elements, otherwise an // error will occur. // -// This uses securejoin.MkdirAllHandle under the hood, but it has special +// This uses (pathrs-lite).MkdirAllHandle under the hood, but it has special // handling if unsafePath has already been scoped within the rootfs (this is // needed for a lot of runc callers and fixing this would require reworking a // lot of path logic). @@ -83,7 +83,7 @@ func MkdirAllInRootOpen(root, unsafePath string, mode os.FileMode) (*os.File, er } defer rootDir.Close() - return securejoin.MkdirAllHandle(rootDir, unsafePath, mode) + return pathrs.MkdirAllHandle(rootDir, unsafePath, mode) } // MkdirAllInRoot is a wrapper around MkdirAllInRootOpen which closes the diff --git a/internal/pathrs/procfs_securejoin.go b/internal/pathrs/procfs_pathrslite.go similarity index 84% rename from internal/pathrs/procfs_securejoin.go rename to internal/pathrs/procfs_pathrslite.go index 77335e7efce..74556db6437 100644 --- a/internal/pathrs/procfs_securejoin.go +++ b/internal/pathrs/procfs_pathrslite.go @@ -21,10 +21,10 @@ package pathrs import ( "os" - securejoin "github.com/cyphar/filepath-securejoin" + "github.com/cyphar/filepath-securejoin/pathrs-lite" ) -// Reopen is a wrapper around securejoin.Reopen. +// Reopen is a wrapper around pathrs.Reopen. func Reopen(file *os.File, flags int) (*os.File, error) { - return securejoin.Reopen(file, flags) + return pathrs.Reopen(file, flags) } diff --git a/vendor/github.com/cyphar/filepath-securejoin/.golangci.yml b/vendor/github.com/cyphar/filepath-securejoin/.golangci.yml new file mode 100644 index 00000000000..e965034ed36 --- /dev/null +++ b/vendor/github.com/cyphar/filepath-securejoin/.golangci.yml @@ -0,0 +1,56 @@ +# SPDX-License-Identifier: MPL-2.0 + +# Copyright (C) 2025 Aleksa Sarai +# Copyright (C) 2025 SUSE LLC +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at https://mozilla.org/MPL/2.0/. + +version: "2" + +linters: + enable: + - asasalint + - asciicheck + - containedctx + - contextcheck + - errcheck + - errorlint + - exhaustive + - forcetypeassert + - godot + - goprintffuncname + - govet + - importas + - ineffassign + - makezero + - misspell + - musttag + - nilerr + - nilnesserr + - nilnil + - noctx + - prealloc + - revive + - staticcheck + - testifylint + - unconvert + - unparam + - unused + - usetesting + settings: + govet: + enable: + - nilness + testifylint: + enable-all: true + +formatters: + enable: + - gofumpt + - goimports + settings: + goimports: + local-prefixes: + - github.com/cyphar/filepath-securejoin diff --git a/vendor/github.com/cyphar/filepath-securejoin/CHANGELOG.md b/vendor/github.com/cyphar/filepath-securejoin/CHANGELOG.md index ca0e3c62c76..6862467c288 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/CHANGELOG.md +++ b/vendor/github.com/cyphar/filepath-securejoin/CHANGELOG.md @@ -6,6 +6,122 @@ and this project adheres to [Semantic Versioning](http://semver.org/). ## [Unreleased] ## +## [0.5.0] - 2025-09-26 ## + +> Let the past die. Kill it if you have to. + +> **NOTE**: With this release, some parts of +> `github.com/cyphar/filepath-securejoin` are now licensed under the Mozilla +> Public License (version 2). Please see [COPYING.md][] as well as the the +> license header in each file for more details. + +[COPYING.md]: ./COPYING.md + +### Breaking ### +- The new API introduced in the [0.3.0][] release has been moved to a new + subpackage called `pathrs-lite`. This was primarily done to better indicate + the split between the new and old APIs, as well as indicate to users the + purpose of this subpackage (it is a less complete version of [libpathrs][]). + + We have added some wrappers to the top-level package to ease the transition, + but those are deprecated and will be removed in the next minor release of + filepath-securejoin. Users should update their import paths. + + This new subpackage has also been relicensed under the Mozilla Public License + (version 2), please see [COPYING.md][] for more details. + +### Added ### +- Most of the key bits the safe `procfs` API have now been exported and are + available in `github.com/cyphar/filepath-securejoin/pathrs-lite/procfs`. At + the moment this primarily consists of a new `procfs.Handle` API: + + * `OpenProcRoot` returns a new handle to `/proc`, endeavouring to make it + safe if possible (`subset=pid` to protect against mistaken write attacks + and leaks, as well as using `fsopen(2)` to avoid racing mount attacks). + + `OpenUnsafeProcRoot` returns a handle without attempting to create one + with `subset=pid`, which makes it more dangerous to leak. Most users + should use `OpenProcRoot` (even if you need to use `ProcRoot` as the base + of an operation, as filepath-securejoin will internally open a handle when + necessary). + + * The `(*procfs.Handle).Open*` family of methods lets you get a safe + `O_PATH` handle to subpaths within `/proc` for certain subpaths. + + For `OpenThreadSelf`, the returned `ProcThreadSelfCloser` needs to be + called after you completely finish using the handle (this is necessary + because Go is multi-threaded and `ProcThreadSelf` references + `/proc/thread-self` which may disappear if we do not + `runtime.LockOSThread` -- `ProcThreadSelfCloser` is currently equivalent + to `runtime.UnlockOSThread`). + + Note that you cannot open any `procfs` symlinks (most notably magic-links) + using this API. At the moment, filepath-securejoin does not support this + feature (but [libpathrs][] does). + + * `ProcSelfFdReadlink` lets you get the in-kernel path representation of a + file descriptor (think `readlink("/proc/self/fd/...")`), except that we + verify that there aren't any tricky overmounts that could fool the + process. + + Please be aware that the returned string is simply a snapshot at that + particular moment, and an attacker could move the file being pointed to. + In addition, complex namespace configurations could result in non-sensical + or confusing paths to be returned. The value received from this function + should only be used as secondary verification of some security property, + not as proof that a particular handle has a particular path. + + The procfs handle used internally by the API is the same as the rest of + `filepath-securejoin` (for privileged programs this is usually a private + in-process `procfs` instance created with `fsopen(2)`). + + As before, this is intended as a stop-gap before users migrate to + [libpathrs][], which provides a far more extensive safe `procfs` API and is + generally more robust. + +- Previously, the hardened procfs implementation (used internally within + `Reopen` and `Open(at)InRoot`) only protected against overmount attacks on + systems with `openat2(2)` (Linux 5.6) or systems with `fsopen(2)` or + `open_tree(2)` (Linux 5.2) and programs with privileges to use them (with + some caveats about locked mounts that probably affect very few users). For + other users, an attacker with the ability to create malicious mounts (on most + systems, a sysadmin) could trick you into operating on files you didn't + expect. This attack only really makes sense in the context of container + runtime implementations. + + This was considered a reasonable trade-off, as the long-term intention was to + get all users to just switch to [libpathrs][] if they wanted to use the safe + `procfs` API (which had more extensive protections, and is what these new + protections in `filepath-securejoin` are based on). However, as the API + is now being exported it seems unwise to advertise the API as "safe" if we do + not protect against known attacks. + + The procfs API is now more protected against attackers on systems lacking the + aforementioned protections. However, the most comprehensive of these + protections effectively rely on [`statx(STATX_MNT_ID)`][statx.2] (Linux 5.8). + On older kernel versions, there is no effective protection (there is some + minimal protection against non-`procfs` filesystem components but a + sufficiently clever attacker can work around those). In addition, + `STATX_MNT_ID` is vulnerable to mount ID reuse attacks by sufficiently + motivated and privileged attackers -- this problem is mitigated with + `STATX_MNT_ID_UNIQUE` (Linux 6.8) but that raises the minimum kernel version + for more protection. + + The fact that these protections are quite limited despite needing a fair bit + of extra code to handle was one of the primary reasons we did not initially + implement this in `filepath-securejoin` ([libpathrs][] supports all of this, + of course). + +### Fixed ### +- RHEL 8 kernels have backports of `fsopen(2)` but in some testing we've found + that it has very bad (and very difficult to debug) performance issues, and so + we will explicitly refuse to use `fsopen(2)` if the running kernel version is + pre-5.2 and will instead fallback to `open("/proc")`. + +[CVE-2024-21626]: https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv +[libpathrs]: https://github.com/cyphar/libpathrs +[statx.2]: https://www.man7.org/linux/man-pages/man2/statx.2.html + ## [0.4.1] - 2025-01-28 ## ### Fixed ### @@ -173,7 +289,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/). safe to start migrating to as we have extensive tests ensuring they behave correctly and are safe against various races and other attacks. -[libpathrs]: https://github.com/openSUSE/libpathrs +[libpathrs]: https://github.com/cyphar/libpathrs [open.2]: https://www.man7.org/linux/man-pages/man2/open.2.html ## [0.2.5] - 2024-05-03 ## @@ -238,7 +354,8 @@ This is our first release of `github.com/cyphar/filepath-securejoin`, containing a full implementation with a coverage of 93.5% (the only missing cases are the error cases, which are hard to mocktest at the moment). -[Unreleased]: https://github.com/cyphar/filepath-securejoin/compare/v0.4.1...HEAD +[Unreleased]: https://github.com/cyphar/filepath-securejoin/compare/v0.5.0...HEAD +[0.5.0]: https://github.com/cyphar/filepath-securejoin/compare/v0.4.1...v0.5.0 [0.4.1]: https://github.com/cyphar/filepath-securejoin/compare/v0.4.0...v0.4.1 [0.4.0]: https://github.com/cyphar/filepath-securejoin/compare/v0.3.6...v0.4.0 [0.3.6]: https://github.com/cyphar/filepath-securejoin/compare/v0.3.5...v0.3.6 diff --git a/vendor/github.com/cyphar/filepath-securejoin/COPYING.md b/vendor/github.com/cyphar/filepath-securejoin/COPYING.md new file mode 100644 index 00000000000..520e822b184 --- /dev/null +++ b/vendor/github.com/cyphar/filepath-securejoin/COPYING.md @@ -0,0 +1,447 @@ +## COPYING ## + +`SPDX-License-Identifier: BSD-3-Clause AND MPL-2.0` + +This project is made up of code licensed under different licenses. Which code +you use will have an impact on whether only one or both licenses apply to your +usage of this library. + +Note that **each file** in this project individually has a code comment at the +start describing the license of that particular file -- this is the most +accurate license information of this project; in case there is any conflict +between this document and the comment at the start of a file, the comment shall +take precedence. The only purpose of this document is to work around [a known +technical limitation of pkg.go.dev's license checking tool when dealing with +non-trivial project licenses][go75067]. + +[go75067]: https://go.dev/issue/75067 + +### `BSD-3-Clause` ### + +At time of writing, the following files and directories are licensed under the +BSD-3-Clause license: + + * `doc.go` + * `join*.go` + * `vfs.go` + * `internal/consts/*.go` + * `pathrs-lite/internal/gocompat/*.go` + * `pathrs-lite/internal/kernelversion/*.go` + +The text of the BSD-3-Clause license used by this project is the following (the +text is also available from the [`LICENSE.BSD`](./LICENSE.BSD) file): + +``` +Copyright (C) 2014-2015 Docker Inc & Go Authors. All rights reserved. +Copyright (C) 2017-2024 SUSE LLC. All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: + + * Redistributions of source code must retain the above copyright +notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above +copyright notice, this list of conditions and the following disclaimer +in the documentation and/or other materials provided with the +distribution. + * Neither the name of Google Inc. nor the names of its +contributors may be used to endorse or promote products derived from +this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +``` + +### `MPL-2.0` ### + +All other files (unless otherwise marked) are licensed under the Mozilla Public +License (version 2.0). + +The text of the Mozilla Public License (version 2.0) is the following (the text +is also available from the [`LICENSE.MPL-2.0`](./LICENSE.MPL-2.0) file): + +``` +Mozilla Public License Version 2.0 +================================== + +1. Definitions +-------------- + +1.1. "Contributor" + means each individual or legal entity that creates, contributes to + the creation of, or owns Covered Software. + +1.2. "Contributor Version" + means the combination of the Contributions of others (if any) used + by a Contributor and that particular Contributor's Contribution. + +1.3. "Contribution" + means Covered Software of a particular Contributor. + +1.4. "Covered Software" + means Source Code Form to which the initial Contributor has attached + the notice in Exhibit A, the Executable Form of such Source Code + Form, and Modifications of such Source Code Form, in each case + including portions thereof. + +1.5. "Incompatible With Secondary Licenses" + means + + (a) that the initial Contributor has attached the notice described + in Exhibit B to the Covered Software; or + + (b) that the Covered Software was made available under the terms of + version 1.1 or earlier of the License, but not also under the + terms of a Secondary License. + +1.6. "Executable Form" + means any form of the work other than Source Code Form. + +1.7. "Larger Work" + means a work that combines Covered Software with other material, in + a separate file or files, that is not Covered Software. + +1.8. "License" + means this document. + +1.9. "Licensable" + means having the right to grant, to the maximum extent possible, + whether at the time of the initial grant or subsequently, any and + all of the rights conveyed by this License. + +1.10. "Modifications" + means any of the following: + + (a) any file in Source Code Form that results from an addition to, + deletion from, or modification of the contents of Covered + Software; or + + (b) any new file in Source Code Form that contains any Covered + Software. + +1.11. "Patent Claims" of a Contributor + means any patent claim(s), including without limitation, method, + process, and apparatus claims, in any patent Licensable by such + Contributor that would be infringed, but for the grant of the + License, by the making, using, selling, offering for sale, having + made, import, or transfer of either its Contributions or its + Contributor Version. + +1.12. "Secondary License" + means either the GNU General Public License, Version 2.0, the GNU + Lesser General Public License, Version 2.1, the GNU Affero General + Public License, Version 3.0, or any later versions of those + licenses. + +1.13. "Source Code Form" + means the form of the work preferred for making modifications. + +1.14. "You" (or "Your") + means an individual or a legal entity exercising rights under this + License. For legal entities, "You" includes any entity that + controls, is controlled by, or is under common control with You. For + purposes of this definition, "control" means (a) the power, direct + or indirect, to cause the direction or management of such entity, + whether by contract or otherwise, or (b) ownership of more than + fifty percent (50%) of the outstanding shares or beneficial + ownership of such entity. + +2. License Grants and Conditions +-------------------------------- + +2.1. Grants + +Each Contributor hereby grants You a world-wide, royalty-free, +non-exclusive license: + +(a) under intellectual property rights (other than patent or trademark) + Licensable by such Contributor to use, reproduce, make available, + modify, display, perform, distribute, and otherwise exploit its + Contributions, either on an unmodified basis, with Modifications, or + as part of a Larger Work; and + +(b) under Patent Claims of such Contributor to make, use, sell, offer + for sale, have made, import, and otherwise transfer either its + Contributions or its Contributor Version. + +2.2. Effective Date + +The licenses granted in Section 2.1 with respect to any Contribution +become effective for each Contribution on the date the Contributor first +distributes such Contribution. + +2.3. Limitations on Grant Scope + +The licenses granted in this Section 2 are the only rights granted under +this License. No additional rights or licenses will be implied from the +distribution or licensing of Covered Software under this License. +Notwithstanding Section 2.1(b) above, no patent license is granted by a +Contributor: + +(a) for any code that a Contributor has removed from Covered Software; + or + +(b) for infringements caused by: (i) Your and any other third party's + modifications of Covered Software, or (ii) the combination of its + Contributions with other software (except as part of its Contributor + Version); or + +(c) under Patent Claims infringed by Covered Software in the absence of + its Contributions. + +This License does not grant any rights in the trademarks, service marks, +or logos of any Contributor (except as may be necessary to comply with +the notice requirements in Section 3.4). + +2.4. Subsequent Licenses + +No Contributor makes additional grants as a result of Your choice to +distribute the Covered Software under a subsequent version of this +License (see Section 10.2) or under the terms of a Secondary License (if +permitted under the terms of Section 3.3). + +2.5. Representation + +Each Contributor represents that the Contributor believes its +Contributions are its original creation(s) or it has sufficient rights +to grant the rights to its Contributions conveyed by this License. + +2.6. Fair Use + +This License is not intended to limit any rights You have under +applicable copyright doctrines of fair use, fair dealing, or other +equivalents. + +2.7. Conditions + +Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted +in Section 2.1. + +3. Responsibilities +------------------- + +3.1. Distribution of Source Form + +All distribution of Covered Software in Source Code Form, including any +Modifications that You create or to which You contribute, must be under +the terms of this License. You must inform recipients that the Source +Code Form of the Covered Software is governed by the terms of this +License, and how they can obtain a copy of this License. You may not +attempt to alter or restrict the recipients' rights in the Source Code +Form. + +3.2. Distribution of Executable Form + +If You distribute Covered Software in Executable Form then: + +(a) such Covered Software must also be made available in Source Code + Form, as described in Section 3.1, and You must inform recipients of + the Executable Form how they can obtain a copy of such Source Code + Form by reasonable means in a timely manner, at a charge no more + than the cost of distribution to the recipient; and + +(b) You may distribute such Executable Form under the terms of this + License, or sublicense it under different terms, provided that the + license for the Executable Form does not attempt to limit or alter + the recipients' rights in the Source Code Form under this License. + +3.3. Distribution of a Larger Work + +You may create and distribute a Larger Work under terms of Your choice, +provided that You also comply with the requirements of this License for +the Covered Software. If the Larger Work is a combination of Covered +Software with a work governed by one or more Secondary Licenses, and the +Covered Software is not Incompatible With Secondary Licenses, this +License permits You to additionally distribute such Covered Software +under the terms of such Secondary License(s), so that the recipient of +the Larger Work may, at their option, further distribute the Covered +Software under the terms of either this License or such Secondary +License(s). + +3.4. Notices + +You may not remove or alter the substance of any license notices +(including copyright notices, patent notices, disclaimers of warranty, +or limitations of liability) contained within the Source Code Form of +the Covered Software, except that You may alter any license notices to +the extent required to remedy known factual inaccuracies. + +3.5. Application of Additional Terms + +You may choose to offer, and to charge a fee for, warranty, support, +indemnity or liability obligations to one or more recipients of Covered +Software. However, You may do so only on Your own behalf, and not on +behalf of any Contributor. You must make it absolutely clear that any +such warranty, support, indemnity, or liability obligation is offered by +You alone, and You hereby agree to indemnify every Contributor for any +liability incurred by such Contributor as a result of warranty, support, +indemnity or liability terms You offer. You may include additional +disclaimers of warranty and limitations of liability specific to any +jurisdiction. + +4. Inability to Comply Due to Statute or Regulation +--------------------------------------------------- + +If it is impossible for You to comply with any of the terms of this +License with respect to some or all of the Covered Software due to +statute, judicial order, or regulation then You must: (a) comply with +the terms of this License to the maximum extent possible; and (b) +describe the limitations and the code they affect. Such description must +be placed in a text file included with all distributions of the Covered +Software under this License. Except to the extent prohibited by statute +or regulation, such description must be sufficiently detailed for a +recipient of ordinary skill to be able to understand it. + +5. Termination +-------------- + +5.1. The rights granted under this License will terminate automatically +if You fail to comply with any of its terms. However, if You become +compliant, then the rights granted under this License from a particular +Contributor are reinstated (a) provisionally, unless and until such +Contributor explicitly and finally terminates Your grants, and (b) on an +ongoing basis, if such Contributor fails to notify You of the +non-compliance by some reasonable means prior to 60 days after You have +come back into compliance. Moreover, Your grants from a particular +Contributor are reinstated on an ongoing basis if such Contributor +notifies You of the non-compliance by some reasonable means, this is the +first time You have received notice of non-compliance with this License +from such Contributor, and You become compliant prior to 30 days after +Your receipt of the notice. + +5.2. If You initiate litigation against any entity by asserting a patent +infringement claim (excluding declaratory judgment actions, +counter-claims, and cross-claims) alleging that a Contributor Version +directly or indirectly infringes any patent, then the rights granted to +You by any and all Contributors for the Covered Software under Section +2.1 of this License shall terminate. + +5.3. In the event of termination under Sections 5.1 or 5.2 above, all +end user license agreements (excluding distributors and resellers) which +have been validly granted by You or Your distributors under this License +prior to termination shall survive termination. + +************************************************************************ +* * +* 6. Disclaimer of Warranty * +* ------------------------- * +* * +* Covered Software is provided under this License on an "as is" * +* basis, without warranty of any kind, either expressed, implied, or * +* statutory, including, without limitation, warranties that the * +* Covered Software is free of defects, merchantable, fit for a * +* particular purpose or non-infringing. The entire risk as to the * +* quality and performance of the Covered Software is with You. * +* Should any Covered Software prove defective in any respect, You * +* (not any Contributor) assume the cost of any necessary servicing, * +* repair, or correction. This disclaimer of warranty constitutes an * +* essential part of this License. No use of any Covered Software is * +* authorized under this License except under this disclaimer. * +* * +************************************************************************ + +************************************************************************ +* * +* 7. Limitation of Liability * +* -------------------------- * +* * +* Under no circumstances and under no legal theory, whether tort * +* (including negligence), contract, or otherwise, shall any * +* Contributor, or anyone who distributes Covered Software as * +* permitted above, be liable to You for any direct, indirect, * +* special, incidental, or consequential damages of any character * +* including, without limitation, damages for lost profits, loss of * +* goodwill, work stoppage, computer failure or malfunction, or any * +* and all other commercial damages or losses, even if such party * +* shall have been informed of the possibility of such damages. This * +* limitation of liability shall not apply to liability for death or * +* personal injury resulting from such party's negligence to the * +* extent applicable law prohibits such limitation. Some * +* jurisdictions do not allow the exclusion or limitation of * +* incidental or consequential damages, so this exclusion and * +* limitation may not apply to You. * +* * +************************************************************************ + +8. Litigation +------------- + +Any litigation relating to this License may be brought only in the +courts of a jurisdiction where the defendant maintains its principal +place of business and such litigation shall be governed by laws of that +jurisdiction, without reference to its conflict-of-law provisions. +Nothing in this Section shall prevent a party's ability to bring +cross-claims or counter-claims. + +9. Miscellaneous +---------------- + +This License represents the complete agreement concerning the subject +matter hereof. If any provision of this License is held to be +unenforceable, such provision shall be reformed only to the extent +necessary to make it enforceable. Any law or regulation which provides +that the language of a contract shall be construed against the drafter +shall not be used to construe this License against a Contributor. + +10. Versions of the License +--------------------------- + +10.1. New Versions + +Mozilla Foundation is the license steward. Except as provided in Section +10.3, no one other than the license steward has the right to modify or +publish new versions of this License. Each version will be given a +distinguishing version number. + +10.2. Effect of New Versions + +You may distribute the Covered Software under the terms of the version +of the License under which You originally received the Covered Software, +or under the terms of any subsequent version published by the license +steward. + +10.3. Modified Versions + +If you create software not governed by this License, and you want to +create a new license for such software, you may create and use a +modified version of this License if you rename the license and remove +any references to the name of the license steward (except to note that +such modified license differs from this License). + +10.4. Distributing Source Code Form that is Incompatible With Secondary +Licenses + +If You choose to distribute Source Code Form that is Incompatible With +Secondary Licenses under the terms of this version of the License, the +notice described in Exhibit B of this License must be attached. + +Exhibit A - Source Code Form License Notice +------------------------------------------- + + This Source Code Form is subject to the terms of the Mozilla Public + License, v. 2.0. If a copy of the MPL was not distributed with this + file, You can obtain one at https://mozilla.org/MPL/2.0/. + +If it is not possible or desirable to put the notice in a particular +file, then You may include the notice in a location (such as a LICENSE +file in a relevant directory) where a recipient would be likely to look +for such a notice. + +You may add additional accurate notices of copyright ownership. + +Exhibit B - "Incompatible With Secondary Licenses" Notice +--------------------------------------------------------- + + This Source Code Form is "Incompatible With Secondary Licenses", as + defined by the Mozilla Public License, v. 2.0. +``` diff --git a/vendor/github.com/cyphar/filepath-securejoin/LICENSE b/vendor/github.com/cyphar/filepath-securejoin/LICENSE.BSD similarity index 100% rename from vendor/github.com/cyphar/filepath-securejoin/LICENSE rename to vendor/github.com/cyphar/filepath-securejoin/LICENSE.BSD diff --git a/vendor/github.com/cyphar/filepath-securejoin/LICENSE.MPL-2.0 b/vendor/github.com/cyphar/filepath-securejoin/LICENSE.MPL-2.0 new file mode 100644 index 00000000000..d0a1fa1482e --- /dev/null +++ b/vendor/github.com/cyphar/filepath-securejoin/LICENSE.MPL-2.0 @@ -0,0 +1,373 @@ +Mozilla Public License Version 2.0 +================================== + +1. Definitions +-------------- + +1.1. "Contributor" + means each individual or legal entity that creates, contributes to + the creation of, or owns Covered Software. + +1.2. "Contributor Version" + means the combination of the Contributions of others (if any) used + by a Contributor and that particular Contributor's Contribution. + +1.3. "Contribution" + means Covered Software of a particular Contributor. + +1.4. "Covered Software" + means Source Code Form to which the initial Contributor has attached + the notice in Exhibit A, the Executable Form of such Source Code + Form, and Modifications of such Source Code Form, in each case + including portions thereof. + +1.5. "Incompatible With Secondary Licenses" + means + + (a) that the initial Contributor has attached the notice described + in Exhibit B to the Covered Software; or + + (b) that the Covered Software was made available under the terms of + version 1.1 or earlier of the License, but not also under the + terms of a Secondary License. + +1.6. "Executable Form" + means any form of the work other than Source Code Form. + +1.7. "Larger Work" + means a work that combines Covered Software with other material, in + a separate file or files, that is not Covered Software. + +1.8. "License" + means this document. + +1.9. "Licensable" + means having the right to grant, to the maximum extent possible, + whether at the time of the initial grant or subsequently, any and + all of the rights conveyed by this License. + +1.10. "Modifications" + means any of the following: + + (a) any file in Source Code Form that results from an addition to, + deletion from, or modification of the contents of Covered + Software; or + + (b) any new file in Source Code Form that contains any Covered + Software. + +1.11. "Patent Claims" of a Contributor + means any patent claim(s), including without limitation, method, + process, and apparatus claims, in any patent Licensable by such + Contributor that would be infringed, but for the grant of the + License, by the making, using, selling, offering for sale, having + made, import, or transfer of either its Contributions or its + Contributor Version. + +1.12. "Secondary License" + means either the GNU General Public License, Version 2.0, the GNU + Lesser General Public License, Version 2.1, the GNU Affero General + Public License, Version 3.0, or any later versions of those + licenses. + +1.13. "Source Code Form" + means the form of the work preferred for making modifications. + +1.14. "You" (or "Your") + means an individual or a legal entity exercising rights under this + License. For legal entities, "You" includes any entity that + controls, is controlled by, or is under common control with You. For + purposes of this definition, "control" means (a) the power, direct + or indirect, to cause the direction or management of such entity, + whether by contract or otherwise, or (b) ownership of more than + fifty percent (50%) of the outstanding shares or beneficial + ownership of such entity. + +2. License Grants and Conditions +-------------------------------- + +2.1. Grants + +Each Contributor hereby grants You a world-wide, royalty-free, +non-exclusive license: + +(a) under intellectual property rights (other than patent or trademark) + Licensable by such Contributor to use, reproduce, make available, + modify, display, perform, distribute, and otherwise exploit its + Contributions, either on an unmodified basis, with Modifications, or + as part of a Larger Work; and + +(b) under Patent Claims of such Contributor to make, use, sell, offer + for sale, have made, import, and otherwise transfer either its + Contributions or its Contributor Version. + +2.2. Effective Date + +The licenses granted in Section 2.1 with respect to any Contribution +become effective for each Contribution on the date the Contributor first +distributes such Contribution. + +2.3. Limitations on Grant Scope + +The licenses granted in this Section 2 are the only rights granted under +this License. No additional rights or licenses will be implied from the +distribution or licensing of Covered Software under this License. +Notwithstanding Section 2.1(b) above, no patent license is granted by a +Contributor: + +(a) for any code that a Contributor has removed from Covered Software; + or + +(b) for infringements caused by: (i) Your and any other third party's + modifications of Covered Software, or (ii) the combination of its + Contributions with other software (except as part of its Contributor + Version); or + +(c) under Patent Claims infringed by Covered Software in the absence of + its Contributions. + +This License does not grant any rights in the trademarks, service marks, +or logos of any Contributor (except as may be necessary to comply with +the notice requirements in Section 3.4). + +2.4. Subsequent Licenses + +No Contributor makes additional grants as a result of Your choice to +distribute the Covered Software under a subsequent version of this +License (see Section 10.2) or under the terms of a Secondary License (if +permitted under the terms of Section 3.3). + +2.5. Representation + +Each Contributor represents that the Contributor believes its +Contributions are its original creation(s) or it has sufficient rights +to grant the rights to its Contributions conveyed by this License. + +2.6. Fair Use + +This License is not intended to limit any rights You have under +applicable copyright doctrines of fair use, fair dealing, or other +equivalents. + +2.7. Conditions + +Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted +in Section 2.1. + +3. Responsibilities +------------------- + +3.1. Distribution of Source Form + +All distribution of Covered Software in Source Code Form, including any +Modifications that You create or to which You contribute, must be under +the terms of this License. You must inform recipients that the Source +Code Form of the Covered Software is governed by the terms of this +License, and how they can obtain a copy of this License. You may not +attempt to alter or restrict the recipients' rights in the Source Code +Form. + +3.2. Distribution of Executable Form + +If You distribute Covered Software in Executable Form then: + +(a) such Covered Software must also be made available in Source Code + Form, as described in Section 3.1, and You must inform recipients of + the Executable Form how they can obtain a copy of such Source Code + Form by reasonable means in a timely manner, at a charge no more + than the cost of distribution to the recipient; and + +(b) You may distribute such Executable Form under the terms of this + License, or sublicense it under different terms, provided that the + license for the Executable Form does not attempt to limit or alter + the recipients' rights in the Source Code Form under this License. + +3.3. Distribution of a Larger Work + +You may create and distribute a Larger Work under terms of Your choice, +provided that You also comply with the requirements of this License for +the Covered Software. If the Larger Work is a combination of Covered +Software with a work governed by one or more Secondary Licenses, and the +Covered Software is not Incompatible With Secondary Licenses, this +License permits You to additionally distribute such Covered Software +under the terms of such Secondary License(s), so that the recipient of +the Larger Work may, at their option, further distribute the Covered +Software under the terms of either this License or such Secondary +License(s). + +3.4. Notices + +You may not remove or alter the substance of any license notices +(including copyright notices, patent notices, disclaimers of warranty, +or limitations of liability) contained within the Source Code Form of +the Covered Software, except that You may alter any license notices to +the extent required to remedy known factual inaccuracies. + +3.5. Application of Additional Terms + +You may choose to offer, and to charge a fee for, warranty, support, +indemnity or liability obligations to one or more recipients of Covered +Software. However, You may do so only on Your own behalf, and not on +behalf of any Contributor. You must make it absolutely clear that any +such warranty, support, indemnity, or liability obligation is offered by +You alone, and You hereby agree to indemnify every Contributor for any +liability incurred by such Contributor as a result of warranty, support, +indemnity or liability terms You offer. You may include additional +disclaimers of warranty and limitations of liability specific to any +jurisdiction. + +4. Inability to Comply Due to Statute or Regulation +--------------------------------------------------- + +If it is impossible for You to comply with any of the terms of this +License with respect to some or all of the Covered Software due to +statute, judicial order, or regulation then You must: (a) comply with +the terms of this License to the maximum extent possible; and (b) +describe the limitations and the code they affect. Such description must +be placed in a text file included with all distributions of the Covered +Software under this License. Except to the extent prohibited by statute +or regulation, such description must be sufficiently detailed for a +recipient of ordinary skill to be able to understand it. + +5. Termination +-------------- + +5.1. The rights granted under this License will terminate automatically +if You fail to comply with any of its terms. However, if You become +compliant, then the rights granted under this License from a particular +Contributor are reinstated (a) provisionally, unless and until such +Contributor explicitly and finally terminates Your grants, and (b) on an +ongoing basis, if such Contributor fails to notify You of the +non-compliance by some reasonable means prior to 60 days after You have +come back into compliance. Moreover, Your grants from a particular +Contributor are reinstated on an ongoing basis if such Contributor +notifies You of the non-compliance by some reasonable means, this is the +first time You have received notice of non-compliance with this License +from such Contributor, and You become compliant prior to 30 days after +Your receipt of the notice. + +5.2. If You initiate litigation against any entity by asserting a patent +infringement claim (excluding declaratory judgment actions, +counter-claims, and cross-claims) alleging that a Contributor Version +directly or indirectly infringes any patent, then the rights granted to +You by any and all Contributors for the Covered Software under Section +2.1 of this License shall terminate. + +5.3. In the event of termination under Sections 5.1 or 5.2 above, all +end user license agreements (excluding distributors and resellers) which +have been validly granted by You or Your distributors under this License +prior to termination shall survive termination. + +************************************************************************ +* * +* 6. Disclaimer of Warranty * +* ------------------------- * +* * +* Covered Software is provided under this License on an "as is" * +* basis, without warranty of any kind, either expressed, implied, or * +* statutory, including, without limitation, warranties that the * +* Covered Software is free of defects, merchantable, fit for a * +* particular purpose or non-infringing. The entire risk as to the * +* quality and performance of the Covered Software is with You. * +* Should any Covered Software prove defective in any respect, You * +* (not any Contributor) assume the cost of any necessary servicing, * +* repair, or correction. This disclaimer of warranty constitutes an * +* essential part of this License. No use of any Covered Software is * +* authorized under this License except under this disclaimer. * +* * +************************************************************************ + +************************************************************************ +* * +* 7. Limitation of Liability * +* -------------------------- * +* * +* Under no circumstances and under no legal theory, whether tort * +* (including negligence), contract, or otherwise, shall any * +* Contributor, or anyone who distributes Covered Software as * +* permitted above, be liable to You for any direct, indirect, * +* special, incidental, or consequential damages of any character * +* including, without limitation, damages for lost profits, loss of * +* goodwill, work stoppage, computer failure or malfunction, or any * +* and all other commercial damages or losses, even if such party * +* shall have been informed of the possibility of such damages. This * +* limitation of liability shall not apply to liability for death or * +* personal injury resulting from such party's negligence to the * +* extent applicable law prohibits such limitation. Some * +* jurisdictions do not allow the exclusion or limitation of * +* incidental or consequential damages, so this exclusion and * +* limitation may not apply to You. * +* * +************************************************************************ + +8. Litigation +------------- + +Any litigation relating to this License may be brought only in the +courts of a jurisdiction where the defendant maintains its principal +place of business and such litigation shall be governed by laws of that +jurisdiction, without reference to its conflict-of-law provisions. +Nothing in this Section shall prevent a party's ability to bring +cross-claims or counter-claims. + +9. Miscellaneous +---------------- + +This License represents the complete agreement concerning the subject +matter hereof. If any provision of this License is held to be +unenforceable, such provision shall be reformed only to the extent +necessary to make it enforceable. Any law or regulation which provides +that the language of a contract shall be construed against the drafter +shall not be used to construe this License against a Contributor. + +10. Versions of the License +--------------------------- + +10.1. New Versions + +Mozilla Foundation is the license steward. Except as provided in Section +10.3, no one other than the license steward has the right to modify or +publish new versions of this License. Each version will be given a +distinguishing version number. + +10.2. Effect of New Versions + +You may distribute the Covered Software under the terms of the version +of the License under which You originally received the Covered Software, +or under the terms of any subsequent version published by the license +steward. + +10.3. Modified Versions + +If you create software not governed by this License, and you want to +create a new license for such software, you may create and use a +modified version of this License if you rename the license and remove +any references to the name of the license steward (except to note that +such modified license differs from this License). + +10.4. Distributing Source Code Form that is Incompatible With Secondary +Licenses + +If You choose to distribute Source Code Form that is Incompatible With +Secondary Licenses under the terms of this version of the License, the +notice described in Exhibit B of this License must be attached. + +Exhibit A - Source Code Form License Notice +------------------------------------------- + + This Source Code Form is subject to the terms of the Mozilla Public + License, v. 2.0. If a copy of the MPL was not distributed with this + file, You can obtain one at https://mozilla.org/MPL/2.0/. + +If it is not possible or desirable to put the notice in a particular +file, then You may include the notice in a location (such as a LICENSE +file in a relevant directory) where a recipient would be likely to look +for such a notice. + +You may add additional accurate notices of copyright ownership. + +Exhibit B - "Incompatible With Secondary Licenses" Notice +--------------------------------------------------------- + + This Source Code Form is "Incompatible With Secondary Licenses", as + defined by the Mozilla Public License, v. 2.0. diff --git a/vendor/github.com/cyphar/filepath-securejoin/README.md b/vendor/github.com/cyphar/filepath-securejoin/README.md index eaeb53fcd0a..6673abfc842 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/README.md +++ b/vendor/github.com/cyphar/filepath-securejoin/README.md @@ -67,7 +67,8 @@ func SecureJoin(root, unsafePath string) (string, error) { [libpathrs]: https://github.com/openSUSE/libpathrs [go#20126]: https://github.com/golang/go/issues/20126 -### New API ### +### New API ### +[#new-api]: #new-api While we recommend users switch to [libpathrs][libpathrs] as soon as it has a stable release, some methods implemented by libpathrs have been ported to this @@ -165,5 +166,19 @@ after `MkdirAll`). ### License ### -The license of this project is the same as Go, which is a BSD 3-clause license -available in the `LICENSE` file. +`SPDX-License-Identifier: BSD-3-Clause AND MPL-2.0` + +Some of the code in this project is derived from Go, and is licensed under a +BSD 3-clause license (available in `LICENSE.BSD`). Other files (many of which +are derived from [libpathrs][libpathrs]) are licensed under the Mozilla Public +License version 2.0 (available in `LICENSE.MPL-2.0`). If you are using the +["New API" described above][#new-api], you are probably using code from files +released under this license. + +Every source file in this project has a copyright header describing its +license. Please check the license headers of each file to see what license +applies to it. + +See [COPYING.md](./COPYING.md) for some more details. + +[umoci]: https://github.com/opencontainers/umoci diff --git a/vendor/github.com/cyphar/filepath-securejoin/VERSION b/vendor/github.com/cyphar/filepath-securejoin/VERSION index 267577d47e4..8f0916f768f 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/VERSION +++ b/vendor/github.com/cyphar/filepath-securejoin/VERSION @@ -1 +1 @@ -0.4.1 +0.5.0 diff --git a/vendor/github.com/cyphar/filepath-securejoin/codecov.yml b/vendor/github.com/cyphar/filepath-securejoin/codecov.yml new file mode 100644 index 00000000000..ff284dbfaf9 --- /dev/null +++ b/vendor/github.com/cyphar/filepath-securejoin/codecov.yml @@ -0,0 +1,29 @@ +# SPDX-License-Identifier: MPL-2.0 + +# Copyright (C) 2025 Aleksa Sarai +# Copyright (C) 2025 SUSE LLC +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at https://mozilla.org/MPL/2.0/. + +comment: + layout: "condensed_header, reach, diff, components, condensed_files, condensed_footer" + require_changes: true + branches: + - main + +coverage: + range: 60..100 + status: + project: + default: + target: 85% + threshold: 0% + patch: + default: + target: auto + informational: true + +github_checks: + annotations: false diff --git a/vendor/github.com/cyphar/filepath-securejoin/deprecated_linux.go b/vendor/github.com/cyphar/filepath-securejoin/deprecated_linux.go new file mode 100644 index 00000000000..3e427b16409 --- /dev/null +++ b/vendor/github.com/cyphar/filepath-securejoin/deprecated_linux.go @@ -0,0 +1,48 @@ +// SPDX-License-Identifier: MPL-2.0 + +//go:build linux + +// Copyright (C) 2024-2025 Aleksa Sarai +// Copyright (C) 2024-2025 SUSE LLC +// +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at https://mozilla.org/MPL/2.0/. + +package securejoin + +import ( + "github.com/cyphar/filepath-securejoin/pathrs-lite" +) + +var ( + // MkdirAll is a wrapper around [pathrs.MkdirAll]. + // + // Deprecated: You should use [pathrs.MkdirAll] directly instead. This + // wrapper will be removed in filepath-securejoin v0.6. + MkdirAll = pathrs.MkdirAll + + // MkdirAllHandle is a wrapper around [pathrs.MkdirAllHandle]. + // + // Deprecated: You should use [pathrs.MkdirAllHandle] directly instead. + // This wrapper will be removed in filepath-securejoin v0.6. + MkdirAllHandle = pathrs.MkdirAllHandle + + // OpenInRoot is a wrapper around [pathrs.OpenInRoot]. + // + // Deprecated: You should use [pathrs.OpenInRoot] directly instead. This + // wrapper will be removed in filepath-securejoin v0.6. + OpenInRoot = pathrs.OpenInRoot + + // OpenatInRoot is a wrapper around [pathrs.OpenatInRoot]. + // + // Deprecated: You should use [pathrs.OpenatInRoot] directly instead. This + // wrapper will be removed in filepath-securejoin v0.6. + OpenatInRoot = pathrs.OpenatInRoot + + // Reopen is a wrapper around [pathrs.Reopen]. + // + // Deprecated: You should use [pathrs.Reopen] directly instead. This + // wrapper will be removed in filepath-securejoin v0.6. + Reopen = pathrs.Reopen +) diff --git a/vendor/github.com/cyphar/filepath-securejoin/doc.go b/vendor/github.com/cyphar/filepath-securejoin/doc.go index 1ec7d065ef4..1438fc9c09c 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/doc.go +++ b/vendor/github.com/cyphar/filepath-securejoin/doc.go @@ -1,3 +1,5 @@ +// SPDX-License-Identifier: BSD-3-Clause + // Copyright (C) 2014-2015 Docker Inc & Go Authors. All rights reserved. // Copyright (C) 2017-2024 SUSE LLC. All rights reserved. // Use of this source code is governed by a BSD-style @@ -14,14 +16,13 @@ // **not** safe against race conditions where an attacker changes the // filesystem after (or during) the [SecureJoin] operation. // -// The new API is made up of [OpenInRoot] and [MkdirAll] (and derived -// functions). These are safe against racing attackers and have several other -// protections that are not provided by the legacy API. There are many more -// operations that most programs expect to be able to do safely, but we do not -// provide explicit support for them because we want to encourage users to -// switch to [libpathrs](https://github.com/openSUSE/libpathrs) which is a -// cross-language next-generation library that is entirely designed around -// operating on paths safely. +// The new API is available in the [pathrs-lite] subpackage, and provide +// protections against racing attackers as well as several other key +// protections against attacks often seen by container runtimes. As the name +// suggests, [pathrs-lite] is a stripped down (pure Go) reimplementation of +// [libpathrs]. The main APIs provided are [OpenInRoot], [MkdirAll], and +// [procfs.Handle] -- other APIs are not planned to be ported. The long-term +// goal is for users to migrate to [libpathrs] which is more fully-featured. // // securejoin has been used by several container runtimes (Docker, runc, // Kubernetes, etc) for quite a few years as a de-facto standard for operating @@ -31,9 +32,16 @@ // API as soon as possible (or even better, switch to libpathrs). // // This project was initially intended to be included in the Go standard -// library, but [it was rejected](https://go.dev/issue/20126). There is now a -// [new Go proposal](https://go.dev/issue/67002) for a safe path resolution API -// that shares some of the goals of filepath-securejoin. However, that design -// is intended to work like `openat2(RESOLVE_BENEATH)` which does not fit the -// usecase of container runtimes and most system tools. +// library, but it was rejected (see https://go.dev/issue/20126). Much later, +// [os.Root] was added to the Go stdlib that shares some of the goals of +// filepath-securejoin. However, its design is intended to work like +// openat2(RESOLVE_BENEATH) which does not fit the usecase of container +// runtimes and most system tools. +// +// [pathrs-lite]: https://pkg.go.dev/github.com/cyphar/filepath-securejoin/pathrs-lite +// [libpathrs]: https://github.com/openSUSE/libpathrs +// [OpenInRoot]: https://pkg.go.dev/github.com/cyphar/filepath-securejoin/pathrs-lite#OpenInRoot +// [MkdirAll]: https://pkg.go.dev/github.com/cyphar/filepath-securejoin/pathrs-lite#MkdirAll +// [procfs.Handle]: https://pkg.go.dev/github.com/cyphar/filepath-securejoin/pathrs-lite/procfs#Handle +// [os.Root]: https:///pkg.go.dev/os#Root package securejoin diff --git a/vendor/github.com/cyphar/filepath-securejoin/gocompat_generics_go121.go b/vendor/github.com/cyphar/filepath-securejoin/gocompat_generics_go121.go deleted file mode 100644 index ddd6fa9a41c..00000000000 --- a/vendor/github.com/cyphar/filepath-securejoin/gocompat_generics_go121.go +++ /dev/null @@ -1,32 +0,0 @@ -//go:build linux && go1.21 - -// Copyright (C) 2024 SUSE LLC. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package securejoin - -import ( - "slices" - "sync" -) - -func slices_DeleteFunc[S ~[]E, E any](slice S, delFn func(E) bool) S { - return slices.DeleteFunc(slice, delFn) -} - -func slices_Contains[S ~[]E, E comparable](slice S, val E) bool { - return slices.Contains(slice, val) -} - -func slices_Clone[S ~[]E, E any](slice S) S { - return slices.Clone(slice) -} - -func sync_OnceValue[T any](f func() T) func() T { - return sync.OnceValue(f) -} - -func sync_OnceValues[T1, T2 any](f func() (T1, T2)) func() (T1, T2) { - return sync.OnceValues(f) -} diff --git a/vendor/github.com/cyphar/filepath-securejoin/gocompat_generics_unsupported.go b/vendor/github.com/cyphar/filepath-securejoin/gocompat_generics_unsupported.go deleted file mode 100644 index f1e6fe7e717..00000000000 --- a/vendor/github.com/cyphar/filepath-securejoin/gocompat_generics_unsupported.go +++ /dev/null @@ -1,124 +0,0 @@ -//go:build linux && !go1.21 - -// Copyright (C) 2024 SUSE LLC. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package securejoin - -import ( - "sync" -) - -// These are very minimal implementations of functions that appear in Go 1.21's -// stdlib, included so that we can build on older Go versions. Most are -// borrowed directly from the stdlib, and a few are modified to be "obviously -// correct" without needing to copy too many other helpers. - -// clearSlice is equivalent to the builtin clear from Go 1.21. -// Copied from the Go 1.24 stdlib implementation. -func clearSlice[S ~[]E, E any](slice S) { - var zero E - for i := range slice { - slice[i] = zero - } -} - -// Copied from the Go 1.24 stdlib implementation. -func slices_IndexFunc[S ~[]E, E any](s S, f func(E) bool) int { - for i := range s { - if f(s[i]) { - return i - } - } - return -1 -} - -// Copied from the Go 1.24 stdlib implementation. -func slices_DeleteFunc[S ~[]E, E any](s S, del func(E) bool) S { - i := slices_IndexFunc(s, del) - if i == -1 { - return s - } - // Don't start copying elements until we find one to delete. - for j := i + 1; j < len(s); j++ { - if v := s[j]; !del(v) { - s[i] = v - i++ - } - } - clearSlice(s[i:]) // zero/nil out the obsolete elements, for GC - return s[:i] -} - -// Similar to the stdlib slices.Contains, except that we don't have -// slices.Index so we need to use slices.IndexFunc for this non-Func helper. -func slices_Contains[S ~[]E, E comparable](s S, v E) bool { - return slices_IndexFunc(s, func(e E) bool { return e == v }) >= 0 -} - -// Copied from the Go 1.24 stdlib implementation. -func slices_Clone[S ~[]E, E any](s S) S { - // Preserve nil in case it matters. - if s == nil { - return nil - } - return append(S([]E{}), s...) -} - -// Copied from the Go 1.24 stdlib implementation. -func sync_OnceValue[T any](f func() T) func() T { - var ( - once sync.Once - valid bool - p any - result T - ) - g := func() { - defer func() { - p = recover() - if !valid { - panic(p) - } - }() - result = f() - f = nil - valid = true - } - return func() T { - once.Do(g) - if !valid { - panic(p) - } - return result - } -} - -// Copied from the Go 1.24 stdlib implementation. -func sync_OnceValues[T1, T2 any](f func() (T1, T2)) func() (T1, T2) { - var ( - once sync.Once - valid bool - p any - r1 T1 - r2 T2 - ) - g := func() { - defer func() { - p = recover() - if !valid { - panic(p) - } - }() - r1, r2 = f() - f = nil - valid = true - } - return func() (T1, T2) { - once.Do(g) - if !valid { - panic(p) - } - return r1, r2 - } -} diff --git a/vendor/github.com/cyphar/filepath-securejoin/internal/consts/consts.go b/vendor/github.com/cyphar/filepath-securejoin/internal/consts/consts.go new file mode 100644 index 00000000000..c69c4da91ee --- /dev/null +++ b/vendor/github.com/cyphar/filepath-securejoin/internal/consts/consts.go @@ -0,0 +1,15 @@ +// SPDX-License-Identifier: BSD-3-Clause + +// Copyright (C) 2014-2015 Docker Inc & Go Authors. All rights reserved. +// Copyright (C) 2017-2025 SUSE LLC. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Package consts contains the definitions of internal constants used +// throughout filepath-securejoin. +package consts + +// MaxSymlinkLimit is the maximum number of symlinks that can be encountered +// during a single lookup before returning -ELOOP. At time of writing, Linux +// has an internal limit of 40. +const MaxSymlinkLimit = 255 diff --git a/vendor/github.com/cyphar/filepath-securejoin/join.go b/vendor/github.com/cyphar/filepath-securejoin/join.go index e6634d4778f..199c1d83924 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/join.go +++ b/vendor/github.com/cyphar/filepath-securejoin/join.go @@ -1,3 +1,5 @@ +// SPDX-License-Identifier: BSD-3-Clause + // Copyright (C) 2014-2015 Docker Inc & Go Authors. All rights reserved. // Copyright (C) 2017-2025 SUSE LLC. All rights reserved. // Use of this source code is governed by a BSD-style @@ -11,9 +13,9 @@ import ( "path/filepath" "strings" "syscall" -) -const maxSymlinkLimit = 255 + "github.com/cyphar/filepath-securejoin/internal/consts" +) // IsNotExist tells you if err is an error that implies that either the path // accessed does not exist (or path components don't exist). This is @@ -49,12 +51,13 @@ func hasDotDot(path string) bool { return strings.Contains("/"+path+"/", "/../") } -// SecureJoinVFS joins the two given path components (similar to [filepath.Join]) except -// that the returned path is guaranteed to be scoped inside the provided root -// path (when evaluated). Any symbolic links in the path are evaluated with the -// given root treated as the root of the filesystem, similar to a chroot. The -// filesystem state is evaluated through the given [VFS] interface (if nil, the -// standard [os].* family of functions are used). +// SecureJoinVFS joins the two given path components (similar to +// [filepath.Join]) except that the returned path is guaranteed to be scoped +// inside the provided root path (when evaluated). Any symbolic links in the +// path are evaluated with the given root treated as the root of the +// filesystem, similar to a chroot. The filesystem state is evaluated through +// the given [VFS] interface (if nil, the standard [os].* family of functions +// are used). // // Note that the guarantees provided by this function only apply if the path // components in the returned string are not modified (in other words are not @@ -78,7 +81,7 @@ func hasDotDot(path string) bool { // fully resolved using [filepath.EvalSymlinks] or otherwise constructed to // avoid containing symlink components. Of course, the root also *must not* be // attacker-controlled. -func SecureJoinVFS(root, unsafePath string, vfs VFS) (string, error) { +func SecureJoinVFS(root, unsafePath string, vfs VFS) (string, error) { //nolint:revive // name is part of public API // The root path must not contain ".." components, otherwise when we join // the subpath we will end up with a weird path. We could work around this // in other ways but users shouldn't be giving us non-lexical root paths in @@ -138,7 +141,7 @@ func SecureJoinVFS(root, unsafePath string, vfs VFS) (string, error) { // It's a symlink, so get its contents and expand it by prepending it // to the yet-unparsed path. linksWalked++ - if linksWalked > maxSymlinkLimit { + if linksWalked > consts.MaxSymlinkLimit { return "", &os.PathError{Op: "SecureJoin", Path: root + string(filepath.Separator) + unsafePath, Err: syscall.ELOOP} } diff --git a/vendor/github.com/cyphar/filepath-securejoin/openat2_linux.go b/vendor/github.com/cyphar/filepath-securejoin/openat2_linux.go deleted file mode 100644 index f7a13e69ce8..00000000000 --- a/vendor/github.com/cyphar/filepath-securejoin/openat2_linux.go +++ /dev/null @@ -1,127 +0,0 @@ -//go:build linux - -// Copyright (C) 2024 SUSE LLC. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package securejoin - -import ( - "errors" - "fmt" - "os" - "path/filepath" - "strings" - - "golang.org/x/sys/unix" -) - -var hasOpenat2 = sync_OnceValue(func() bool { - fd, err := unix.Openat2(unix.AT_FDCWD, ".", &unix.OpenHow{ - Flags: unix.O_PATH | unix.O_CLOEXEC, - Resolve: unix.RESOLVE_NO_SYMLINKS | unix.RESOLVE_IN_ROOT, - }) - if err != nil { - return false - } - _ = unix.Close(fd) - return true -}) - -func scopedLookupShouldRetry(how *unix.OpenHow, err error) bool { - // RESOLVE_IN_ROOT (and RESOLVE_BENEATH) can return -EAGAIN if we resolve - // ".." while a mount or rename occurs anywhere on the system. This could - // happen spuriously, or as the result of an attacker trying to mess with - // us during lookup. - // - // In addition, scoped lookups have a "safety check" at the end of - // complete_walk which will return -EXDEV if the final path is not in the - // root. - return how.Resolve&(unix.RESOLVE_IN_ROOT|unix.RESOLVE_BENEATH) != 0 && - (errors.Is(err, unix.EAGAIN) || errors.Is(err, unix.EXDEV)) -} - -const scopedLookupMaxRetries = 10 - -func openat2File(dir *os.File, path string, how *unix.OpenHow) (*os.File, error) { - fullPath := dir.Name() + "/" + path - // Make sure we always set O_CLOEXEC. - how.Flags |= unix.O_CLOEXEC - var tries int - for tries < scopedLookupMaxRetries { - fd, err := unix.Openat2(int(dir.Fd()), path, how) - if err != nil { - if scopedLookupShouldRetry(how, err) { - // We retry a couple of times to avoid the spurious errors, and - // if we are being attacked then returning -EAGAIN is the best - // we can do. - tries++ - continue - } - return nil, &os.PathError{Op: "openat2", Path: fullPath, Err: err} - } - // If we are using RESOLVE_IN_ROOT, the name we generated may be wrong. - // NOTE: The procRoot code MUST NOT use RESOLVE_IN_ROOT, otherwise - // you'll get infinite recursion here. - if how.Resolve&unix.RESOLVE_IN_ROOT == unix.RESOLVE_IN_ROOT { - if actualPath, err := rawProcSelfFdReadlink(fd); err == nil { - fullPath = actualPath - } - } - return os.NewFile(uintptr(fd), fullPath), nil - } - return nil, &os.PathError{Op: "openat2", Path: fullPath, Err: errPossibleAttack} -} - -func lookupOpenat2(root *os.File, unsafePath string, partial bool) (*os.File, string, error) { - if !partial { - file, err := openat2File(root, unsafePath, &unix.OpenHow{ - Flags: unix.O_PATH | unix.O_CLOEXEC, - Resolve: unix.RESOLVE_IN_ROOT | unix.RESOLVE_NO_MAGICLINKS, - }) - return file, "", err - } - return partialLookupOpenat2(root, unsafePath) -} - -// partialLookupOpenat2 is an alternative implementation of -// partialLookupInRoot, using openat2(RESOLVE_IN_ROOT) to more safely get a -// handle to the deepest existing child of the requested path within the root. -func partialLookupOpenat2(root *os.File, unsafePath string) (*os.File, string, error) { - // TODO: Implement this as a git-bisect-like binary search. - - unsafePath = filepath.ToSlash(unsafePath) // noop - endIdx := len(unsafePath) - var lastError error - for endIdx > 0 { - subpath := unsafePath[:endIdx] - - handle, err := openat2File(root, subpath, &unix.OpenHow{ - Flags: unix.O_PATH | unix.O_CLOEXEC, - Resolve: unix.RESOLVE_IN_ROOT | unix.RESOLVE_NO_MAGICLINKS, - }) - if err == nil { - // Jump over the slash if we have a non-"" remainingPath. - if endIdx < len(unsafePath) { - endIdx += 1 - } - // We found a subpath! - return handle, unsafePath[endIdx:], lastError - } - if errors.Is(err, unix.ENOENT) || errors.Is(err, unix.ENOTDIR) { - // That path doesn't exist, let's try the next directory up. - endIdx = strings.LastIndexByte(subpath, '/') - lastError = err - continue - } - return nil, "", fmt.Errorf("open subpath: %w", err) - } - // If we couldn't open anything, the whole subpath is missing. Return a - // copy of the root fd so that the caller doesn't close this one by - // accident. - rootClone, err := dupFile(root) - if err != nil { - return nil, "", err - } - return rootClone, unsafePath, lastError -} diff --git a/vendor/github.com/cyphar/filepath-securejoin/openat_linux.go b/vendor/github.com/cyphar/filepath-securejoin/openat_linux.go deleted file mode 100644 index 949fb5f2d82..00000000000 --- a/vendor/github.com/cyphar/filepath-securejoin/openat_linux.go +++ /dev/null @@ -1,59 +0,0 @@ -//go:build linux - -// Copyright (C) 2024 SUSE LLC. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package securejoin - -import ( - "os" - "path/filepath" - - "golang.org/x/sys/unix" -) - -func dupFile(f *os.File) (*os.File, error) { - fd, err := unix.FcntlInt(f.Fd(), unix.F_DUPFD_CLOEXEC, 0) - if err != nil { - return nil, os.NewSyscallError("fcntl(F_DUPFD_CLOEXEC)", err) - } - return os.NewFile(uintptr(fd), f.Name()), nil -} - -func openatFile(dir *os.File, path string, flags int, mode int) (*os.File, error) { - // Make sure we always set O_CLOEXEC. - flags |= unix.O_CLOEXEC - fd, err := unix.Openat(int(dir.Fd()), path, flags, uint32(mode)) - if err != nil { - return nil, &os.PathError{Op: "openat", Path: dir.Name() + "/" + path, Err: err} - } - // All of the paths we use with openatFile(2) are guaranteed to be - // lexically safe, so we can use path.Join here. - fullPath := filepath.Join(dir.Name(), path) - return os.NewFile(uintptr(fd), fullPath), nil -} - -func fstatatFile(dir *os.File, path string, flags int) (unix.Stat_t, error) { - var stat unix.Stat_t - if err := unix.Fstatat(int(dir.Fd()), path, &stat, flags); err != nil { - return stat, &os.PathError{Op: "fstatat", Path: dir.Name() + "/" + path, Err: err} - } - return stat, nil -} - -func readlinkatFile(dir *os.File, path string) (string, error) { - size := 4096 - for { - linkBuf := make([]byte, size) - n, err := unix.Readlinkat(int(dir.Fd()), path, linkBuf) - if err != nil { - return "", &os.PathError{Op: "readlinkat", Path: dir.Name() + "/" + path, Err: err} - } - if n != size { - return string(linkBuf[:n]), nil - } - // Possible truncation, resize the buffer. - size *= 2 - } -} diff --git a/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/README.md b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/README.md new file mode 100644 index 00000000000..1be727e75b3 --- /dev/null +++ b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/README.md @@ -0,0 +1,33 @@ +## `pathrs-lite` ## + +`github.com/cyphar/filepath-securejoin/pathrs-lite` provides a minimal **pure +Go** implementation of the core bits of [libpathrs][]. This is not intended to +be a complete replacement for libpathrs, instead it is mainly intended to be +useful as a transition tool for existing Go projects. + +The long-term plan for `pathrs-lite` is to provide a build tag that will cause +all `pathrs-lite` operations to call into libpathrs directly, thus removing +code duplication for projects that wish to make use of libpathrs (and providing +the ability for software packagers to opt-in to libpathrs support without +needing to patch upstream). + +[libpathrs]: https://github.com/cyphar/libpathrs + +### License ### + +Most of this subpackage is licensed under the Mozilla Public License (version +2.0). For more information, see the top-level [COPYING.md][] and +[LICENSE.MPL-2.0][] files, as well as the individual license headers for each +file. + +``` +Copyright (C) 2024-2025 Aleksa Sarai +Copyright (C) 2024-2025 SUSE LLC + +This Source Code Form is subject to the terms of the Mozilla Public +License, v. 2.0. If a copy of the MPL was not distributed with this +file, You can obtain one at https://mozilla.org/MPL/2.0/. +``` + +[COPYING.md]: ../COPYING.md +[LICENSE.MPL-2.0]: ../LICENSE.MPL-2.0 diff --git a/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/doc.go b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/doc.go new file mode 100644 index 00000000000..d3d74517500 --- /dev/null +++ b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/doc.go @@ -0,0 +1,14 @@ +// SPDX-License-Identifier: MPL-2.0 + +//go:build linux + +// Copyright (C) 2024-2025 Aleksa Sarai +// Copyright (C) 2024-2025 SUSE LLC +// +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at https://mozilla.org/MPL/2.0/. + +// Package pathrs (pathrs-lite) is a less complete pure Go implementation of +// some of the APIs provided by [libpathrs]. +package pathrs diff --git a/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/assert/assert.go b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/assert/assert.go new file mode 100644 index 00000000000..595dfbf1acf --- /dev/null +++ b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/assert/assert.go @@ -0,0 +1,30 @@ +// SPDX-License-Identifier: MPL-2.0 + +// Copyright (C) 2025 Aleksa Sarai +// Copyright (C) 2025 SUSE LLC +// +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at https://mozilla.org/MPL/2.0/. + +// Package assert provides some basic assertion helpers for Go. +package assert + +import ( + "fmt" +) + +// Assert panics if the predicate is false with the provided argument. +func Assert(predicate bool, msg any) { + if !predicate { + panic(msg) + } +} + +// Assertf panics if the predicate is false and formats the message using the +// same formatting as [fmt.Printf]. +// +// [fmt.Printf]: https://pkg.go.dev/fmt#Printf +func Assertf(predicate bool, fmtMsg string, args ...any) { + Assert(predicate, fmt.Sprintf(fmtMsg, args...)) +} diff --git a/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/errors.go b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/errors.go new file mode 100644 index 00000000000..c26e440e9e7 --- /dev/null +++ b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/errors.go @@ -0,0 +1,30 @@ +// SPDX-License-Identifier: MPL-2.0 + +// Copyright (C) 2024-2025 Aleksa Sarai +// Copyright (C) 2024-2025 SUSE LLC +// +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at https://mozilla.org/MPL/2.0/. + +// Package internal contains unexported common code for filepath-securejoin. +package internal + +import ( + "errors" +) + +var ( + // ErrPossibleAttack indicates that some attack was detected. + ErrPossibleAttack = errors.New("possible attack detected") + + // ErrPossibleBreakout indicates that during an operation we ended up in a + // state that could be a breakout but we detected it. + ErrPossibleBreakout = errors.New("possible breakout detected") + + // ErrInvalidDirectory indicates an unlinked directory. + ErrInvalidDirectory = errors.New("wandered into deleted directory") + + // ErrDeletedInode indicates an unlinked file (non-directory). + ErrDeletedInode = errors.New("cannot verify path of deleted inode") +) diff --git a/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/fd/at_linux.go b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/fd/at_linux.go new file mode 100644 index 00000000000..09105491304 --- /dev/null +++ b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/fd/at_linux.go @@ -0,0 +1,148 @@ +// SPDX-License-Identifier: MPL-2.0 + +//go:build linux + +// Copyright (C) 2024-2025 Aleksa Sarai +// Copyright (C) 2024-2025 SUSE LLC +// +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at https://mozilla.org/MPL/2.0/. + +package fd + +import ( + "fmt" + "os" + "path/filepath" + "runtime" + + "golang.org/x/sys/unix" + + "github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gocompat" +) + +// prepareAtWith returns -EBADF (an invalid fd) if dir is nil, otherwise using +// the dir.Fd(). We use -EBADF because in filepath-securejoin we generally +// don't want to allow relative-to-cwd paths. The returned path is an +// *informational* string that describes a reasonable pathname for the given +// *at(2) arguments. You must not use the full path for any actual filesystem +// operations. +func prepareAt(dir Fd, path string) (dirFd int, unsafeUnmaskedPath string) { + dirFd, dirPath := -int(unix.EBADF), "." + if dir != nil { + dirFd, dirPath = int(dir.Fd()), dir.Name() + } + if !filepath.IsAbs(path) { + // only prepend the dirfd path for relative paths + path = dirPath + "/" + path + } + // NOTE: If path is "." or "", the returned path won't be filepath.Clean, + // but that's okay since this path is either used for errors (in which case + // a trailing "/" or "/." is important information) or will be + // filepath.Clean'd later (in the case of fd.Openat). + return dirFd, path +} + +// Openat is an [Fd]-based wrapper around unix.Openat. +func Openat(dir Fd, path string, flags int, mode int) (*os.File, error) { //nolint:unparam // wrapper func + dirFd, fullPath := prepareAt(dir, path) + // Make sure we always set O_CLOEXEC. + flags |= unix.O_CLOEXEC + fd, err := unix.Openat(dirFd, path, flags, uint32(mode)) + if err != nil { + return nil, &os.PathError{Op: "openat", Path: fullPath, Err: err} + } + runtime.KeepAlive(dir) + // openat is only used with lexically-safe paths so we can use + // filepath.Clean here, and also the path itself is not going to be used + // for actual path operations. + fullPath = filepath.Clean(fullPath) + return os.NewFile(uintptr(fd), fullPath), nil +} + +// Fstatat is an [Fd]-based wrapper around unix.Fstatat. +func Fstatat(dir Fd, path string, flags int) (unix.Stat_t, error) { + dirFd, fullPath := prepareAt(dir, path) + var stat unix.Stat_t + if err := unix.Fstatat(dirFd, path, &stat, flags); err != nil { + return stat, &os.PathError{Op: "fstatat", Path: fullPath, Err: err} + } + runtime.KeepAlive(dir) + return stat, nil +} + +// Faccessat is an [Fd]-based wrapper around unix.Faccessat. +func Faccessat(dir Fd, path string, mode uint32, flags int) error { + dirFd, fullPath := prepareAt(dir, path) + err := unix.Faccessat(dirFd, path, mode, flags) + if err != nil { + err = &os.PathError{Op: "faccessat", Path: fullPath, Err: err} + } + runtime.KeepAlive(dir) + return err +} + +// Readlinkat is an [Fd]-based wrapper around unix.Readlinkat. +func Readlinkat(dir Fd, path string) (string, error) { + dirFd, fullPath := prepareAt(dir, path) + size := 4096 + for { + linkBuf := make([]byte, size) + n, err := unix.Readlinkat(dirFd, path, linkBuf) + if err != nil { + return "", &os.PathError{Op: "readlinkat", Path: fullPath, Err: err} + } + runtime.KeepAlive(dir) + if n != size { + return string(linkBuf[:n]), nil + } + // Possible truncation, resize the buffer. + size *= 2 + } +} + +const ( + // STATX_MNT_ID_UNIQUE is provided in golang.org/x/sys@v0.20.0, but in order to + // avoid bumping the requirement for a single constant we can just define it + // ourselves. + _STATX_MNT_ID_UNIQUE = 0x4000 //nolint:revive // unix.* name + + // We don't care which mount ID we get. The kernel will give us the unique + // one if it is supported. If the kernel doesn't support + // STATX_MNT_ID_UNIQUE, the bit is ignored and the returned request mask + // will only contain STATX_MNT_ID (if supported). + wantStatxMntMask = _STATX_MNT_ID_UNIQUE | unix.STATX_MNT_ID +) + +var hasStatxMountID = gocompat.SyncOnceValue(func() bool { + var stx unix.Statx_t + err := unix.Statx(-int(unix.EBADF), "/", 0, wantStatxMntMask, &stx) + return err == nil && stx.Mask&wantStatxMntMask != 0 +}) + +// GetMountID gets the mount identifier associated with the fd and path +// combination. It is effectively a wrapper around fetching +// STATX_MNT_ID{,_UNIQUE} with unix.Statx, but with a fallback to 0 if the +// kernel doesn't support the feature. +func GetMountID(dir Fd, path string) (uint64, error) { + // If we don't have statx(STATX_MNT_ID*) support, we can't do anything. + if !hasStatxMountID() { + return 0, nil + } + + dirFd, fullPath := prepareAt(dir, path) + + var stx unix.Statx_t + err := unix.Statx(dirFd, path, unix.AT_EMPTY_PATH|unix.AT_SYMLINK_NOFOLLOW, wantStatxMntMask, &stx) + if stx.Mask&wantStatxMntMask == 0 { + // It's not a kernel limitation, for some reason we couldn't get a + // mount ID. Assume it's some kind of attack. + err = fmt.Errorf("could not get mount id: %w", err) + } + if err != nil { + return 0, &os.PathError{Op: "statx(STATX_MNT_ID_...)", Path: fullPath, Err: err} + } + runtime.KeepAlive(dir) + return stx.Mnt_id, nil +} diff --git a/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/fd/fd.go b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/fd/fd.go new file mode 100644 index 00000000000..d2206a386f9 --- /dev/null +++ b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/fd/fd.go @@ -0,0 +1,55 @@ +// SPDX-License-Identifier: MPL-2.0 + +// Copyright (C) 2025 Aleksa Sarai +// Copyright (C) 2025 SUSE LLC +// +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at https://mozilla.org/MPL/2.0/. + +// Package fd provides a drop-in interface-based replacement of [*os.File] that +// allows for things like noop-Close wrappers to be used. +// +// [*os.File]: https://pkg.go.dev/os#File +package fd + +import ( + "io" + "os" +) + +// Fd is an interface that mirrors most of the API of [*os.File], allowing you +// to create wrappers that can be used in place of [*os.File]. +// +// [*os.File]: https://pkg.go.dev/os#File +type Fd interface { + io.Closer + Name() string + Fd() uintptr +} + +// Compile-time interface checks. +var ( + _ Fd = (*os.File)(nil) + _ Fd = noClose{} +) + +type noClose struct{ inner Fd } + +func (f noClose) Name() string { return f.inner.Name() } +func (f noClose) Fd() uintptr { return f.inner.Fd() } + +func (f noClose) Close() error { return nil } + +// NopCloser returns an [*os.File]-like object where the [Close] method is now +// a no-op. +// +// Note that for [*os.File] and similar objects, the Go garbage collector will +// still call [Close] on the underlying file unless you use +// [runtime.SetFinalizer] to disable this behaviour. This is up to the caller +// to do (if necessary). +// +// [*os.File]: https://pkg.go.dev/os#File +// [Close]: https://pkg.go.dev/io#Closer +// [runtime.SetFinalizer]: https://pkg.go.dev/runtime#SetFinalizer +func NopCloser(f Fd) Fd { return noClose{inner: f} } diff --git a/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/fd/fd_linux.go b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/fd/fd_linux.go new file mode 100644 index 00000000000..e1ec3c0b8e4 --- /dev/null +++ b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/fd/fd_linux.go @@ -0,0 +1,78 @@ +// SPDX-License-Identifier: MPL-2.0 + +//go:build linux + +// Copyright (C) 2024-2025 Aleksa Sarai +// Copyright (C) 2024-2025 SUSE LLC +// +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at https://mozilla.org/MPL/2.0/. + +package fd + +import ( + "fmt" + "os" + "runtime" + + "golang.org/x/sys/unix" + + "github.com/cyphar/filepath-securejoin/pathrs-lite/internal" +) + +// DupWithName creates a new file descriptor referencing the same underlying +// file, but with the provided name instead of fd.Name(). +func DupWithName(fd Fd, name string) (*os.File, error) { + fd2, err := unix.FcntlInt(fd.Fd(), unix.F_DUPFD_CLOEXEC, 0) + if err != nil { + return nil, os.NewSyscallError("fcntl(F_DUPFD_CLOEXEC)", err) + } + runtime.KeepAlive(fd) + return os.NewFile(uintptr(fd2), name), nil +} + +// Dup creates a new file description referencing the same underlying file. +func Dup(fd Fd) (*os.File, error) { + return DupWithName(fd, fd.Name()) +} + +// Fstat is an [Fd]-based wrapper around unix.Fstat. +func Fstat(fd Fd) (unix.Stat_t, error) { + var stat unix.Stat_t + if err := unix.Fstat(int(fd.Fd()), &stat); err != nil { + return stat, &os.PathError{Op: "fstat", Path: fd.Name(), Err: err} + } + runtime.KeepAlive(fd) + return stat, nil +} + +// Fstatfs is an [Fd]-based wrapper around unix.Fstatfs. +func Fstatfs(fd Fd) (unix.Statfs_t, error) { + var statfs unix.Statfs_t + if err := unix.Fstatfs(int(fd.Fd()), &statfs); err != nil { + return statfs, &os.PathError{Op: "fstatfs", Path: fd.Name(), Err: err} + } + runtime.KeepAlive(fd) + return statfs, nil +} + +// IsDeadInode detects whether the file has been unlinked from a filesystem and +// is thus a "dead inode" from the kernel's perspective. +func IsDeadInode(file Fd) error { + // If the nlink of a file drops to 0, there is an attacker deleting + // directories during our walk, which could result in weird /proc values. + // It's better to error out in this case. + stat, err := Fstat(file) + if err != nil { + return fmt.Errorf("check for dead inode: %w", err) + } + if stat.Nlink == 0 { + err := internal.ErrDeletedInode + if stat.Mode&unix.S_IFMT == unix.S_IFDIR { + err = internal.ErrInvalidDirectory + } + return fmt.Errorf("%w %q", err, file.Name()) + } + return nil +} diff --git a/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/fd/mount_linux.go b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/fd/mount_linux.go new file mode 100644 index 00000000000..77549c7a993 --- /dev/null +++ b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/fd/mount_linux.go @@ -0,0 +1,54 @@ +// SPDX-License-Identifier: MPL-2.0 + +//go:build linux + +// Copyright (C) 2024-2025 Aleksa Sarai +// Copyright (C) 2024-2025 SUSE LLC +// +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at https://mozilla.org/MPL/2.0/. + +package fd + +import ( + "os" + "runtime" + + "golang.org/x/sys/unix" +) + +// Fsopen is an [Fd]-based wrapper around unix.Fsopen. +func Fsopen(fsName string, flags int) (*os.File, error) { + // Make sure we always set O_CLOEXEC. + flags |= unix.FSOPEN_CLOEXEC + fd, err := unix.Fsopen(fsName, flags) + if err != nil { + return nil, os.NewSyscallError("fsopen "+fsName, err) + } + return os.NewFile(uintptr(fd), "fscontext:"+fsName), nil +} + +// Fsmount is an [Fd]-based wrapper around unix.Fsmount. +func Fsmount(ctx Fd, flags, mountAttrs int) (*os.File, error) { + // Make sure we always set O_CLOEXEC. + flags |= unix.FSMOUNT_CLOEXEC + fd, err := unix.Fsmount(int(ctx.Fd()), flags, mountAttrs) + if err != nil { + return nil, os.NewSyscallError("fsmount "+ctx.Name(), err) + } + return os.NewFile(uintptr(fd), "fsmount:"+ctx.Name()), nil +} + +// OpenTree is an [Fd]-based wrapper around unix.OpenTree. +func OpenTree(dir Fd, path string, flags uint) (*os.File, error) { + dirFd, fullPath := prepareAt(dir, path) + // Make sure we always set O_CLOEXEC. + flags |= unix.OPEN_TREE_CLOEXEC + fd, err := unix.OpenTree(dirFd, path, flags) + if err != nil { + return nil, &os.PathError{Op: "open_tree", Path: fullPath, Err: err} + } + runtime.KeepAlive(dir) + return os.NewFile(uintptr(fd), fullPath), nil +} diff --git a/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/fd/openat2_linux.go b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/fd/openat2_linux.go new file mode 100644 index 00000000000..2305308350c --- /dev/null +++ b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/fd/openat2_linux.go @@ -0,0 +1,62 @@ +// SPDX-License-Identifier: MPL-2.0 + +//go:build linux + +// Copyright (C) 2024-2025 Aleksa Sarai +// Copyright (C) 2024-2025 SUSE LLC +// +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at https://mozilla.org/MPL/2.0/. + +package fd + +import ( + "errors" + "os" + "runtime" + + "golang.org/x/sys/unix" + + "github.com/cyphar/filepath-securejoin/pathrs-lite/internal" +) + +func scopedLookupShouldRetry(how *unix.OpenHow, err error) bool { + // RESOLVE_IN_ROOT (and RESOLVE_BENEATH) can return -EAGAIN if we resolve + // ".." while a mount or rename occurs anywhere on the system. This could + // happen spuriously, or as the result of an attacker trying to mess with + // us during lookup. + // + // In addition, scoped lookups have a "safety check" at the end of + // complete_walk which will return -EXDEV if the final path is not in the + // root. + return how.Resolve&(unix.RESOLVE_IN_ROOT|unix.RESOLVE_BENEATH) != 0 && + (errors.Is(err, unix.EAGAIN) || errors.Is(err, unix.EXDEV)) +} + +const scopedLookupMaxRetries = 32 + +// Openat2 is an [Fd]-based wrapper around unix.Openat2, but with some retry +// logic in case of EAGAIN errors. +func Openat2(dir Fd, path string, how *unix.OpenHow) (*os.File, error) { + dirFd, fullPath := prepareAt(dir, path) + // Make sure we always set O_CLOEXEC. + how.Flags |= unix.O_CLOEXEC + var tries int + for tries < scopedLookupMaxRetries { + fd, err := unix.Openat2(dirFd, path, how) + if err != nil { + if scopedLookupShouldRetry(how, err) { + // We retry a couple of times to avoid the spurious errors, and + // if we are being attacked then returning -EAGAIN is the best + // we can do. + tries++ + continue + } + return nil, &os.PathError{Op: "openat2", Path: fullPath, Err: err} + } + runtime.KeepAlive(dir) + return os.NewFile(uintptr(fd), fullPath), nil + } + return nil, &os.PathError{Op: "openat2", Path: fullPath, Err: internal.ErrPossibleAttack} +} diff --git a/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gocompat/README.md b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gocompat/README.md new file mode 100644 index 00000000000..5dcb6ae0070 --- /dev/null +++ b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gocompat/README.md @@ -0,0 +1,10 @@ +## gocompat ## + +This directory contains backports of stdlib functions from later Go versions so +the filepath-securejoin can continue to be used by projects that are stuck with +Go 1.18 support. Note that often filepath-securejoin is added in security +patches for old releases, so avoiding the need to bump Go compiler requirements +is a huge plus to downstreams. + +The source code is licensed under the same license as the Go stdlib. See the +source files for the precise license information. diff --git a/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gocompat/doc.go b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gocompat/doc.go new file mode 100644 index 00000000000..4b1803f580a --- /dev/null +++ b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gocompat/doc.go @@ -0,0 +1,13 @@ +// SPDX-License-Identifier: BSD-3-Clause +//go:build linux && go1.20 + +// Copyright (C) 2025 SUSE LLC. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Package gocompat includes compatibility shims (backported from future Go +// stdlib versions) to permit filepath-securejoin to be used with older Go +// versions (often filepath-securejoin is added in security patches for old +// releases, so avoiding the need to bump Go compiler requirements is a huge +// plus to downstreams). +package gocompat diff --git a/vendor/github.com/cyphar/filepath-securejoin/gocompat_errors_go120.go b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gocompat/gocompat_errors_go120.go similarity index 69% rename from vendor/github.com/cyphar/filepath-securejoin/gocompat_errors_go120.go rename to vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gocompat/gocompat_errors_go120.go index 42452bbf9b0..4a114bd3da9 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/gocompat_errors_go120.go +++ b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gocompat/gocompat_errors_go120.go @@ -1,18 +1,19 @@ +// SPDX-License-Identifier: BSD-3-Clause //go:build linux && go1.20 // Copyright (C) 2024 SUSE LLC. All rights reserved. // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -package securejoin +package gocompat import ( "fmt" ) -// wrapBaseError is a helper that is equivalent to fmt.Errorf("%w: %w"), except +// WrapBaseError is a helper that is equivalent to fmt.Errorf("%w: %w"), except // that on pre-1.20 Go versions only errors.Is() works properly (errors.Unwrap) // is only guaranteed to give you baseErr. -func wrapBaseError(baseErr, extraErr error) error { +func WrapBaseError(baseErr, extraErr error) error { return fmt.Errorf("%w: %w", extraErr, baseErr) } diff --git a/vendor/github.com/cyphar/filepath-securejoin/gocompat_errors_unsupported.go b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gocompat/gocompat_errors_unsupported.go similarity index 80% rename from vendor/github.com/cyphar/filepath-securejoin/gocompat_errors_unsupported.go rename to vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gocompat/gocompat_errors_unsupported.go index e7adca3fd12..3061016a6a6 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/gocompat_errors_unsupported.go +++ b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gocompat/gocompat_errors_unsupported.go @@ -1,10 +1,12 @@ +// SPDX-License-Identifier: BSD-3-Clause + //go:build linux && !go1.20 // Copyright (C) 2024 SUSE LLC. All rights reserved. // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -package securejoin +package gocompat import ( "fmt" @@ -27,10 +29,10 @@ func (err wrappedError) Error() string { return fmt.Sprintf("%v: %v", err.isError, err.inner) } -// wrapBaseError is a helper that is equivalent to fmt.Errorf("%w: %w"), except +// WrapBaseError is a helper that is equivalent to fmt.Errorf("%w: %w"), except // that on pre-1.20 Go versions only errors.Is() works properly (errors.Unwrap) // is only guaranteed to give you baseErr. -func wrapBaseError(baseErr, extraErr error) error { +func WrapBaseError(baseErr, extraErr error) error { return wrappedError{ inner: baseErr, isError: extraErr, diff --git a/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gocompat/gocompat_generics_go121.go b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gocompat/gocompat_generics_go121.go new file mode 100644 index 00000000000..d4a938186e4 --- /dev/null +++ b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gocompat/gocompat_generics_go121.go @@ -0,0 +1,53 @@ +// SPDX-License-Identifier: BSD-3-Clause + +//go:build linux && go1.21 + +// Copyright (C) 2024-2025 SUSE LLC. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package gocompat + +import ( + "cmp" + "slices" + "sync" +) + +// SlicesDeleteFunc is equivalent to Go 1.21's slices.DeleteFunc. +func SlicesDeleteFunc[S ~[]E, E any](slice S, delFn func(E) bool) S { + return slices.DeleteFunc(slice, delFn) +} + +// SlicesContains is equivalent to Go 1.21's slices.Contains. +func SlicesContains[S ~[]E, E comparable](slice S, val E) bool { + return slices.Contains(slice, val) +} + +// SlicesClone is equivalent to Go 1.21's slices.Clone. +func SlicesClone[S ~[]E, E any](slice S) S { + return slices.Clone(slice) +} + +// SyncOnceValue is equivalent to Go 1.21's sync.OnceValue. +func SyncOnceValue[T any](f func() T) func() T { + return sync.OnceValue(f) +} + +// SyncOnceValues is equivalent to Go 1.21's sync.OnceValues. +func SyncOnceValues[T1, T2 any](f func() (T1, T2)) func() (T1, T2) { + return sync.OnceValues(f) +} + +// CmpOrdered is equivalent to Go 1.21's cmp.Ordered generic type definition. +type CmpOrdered = cmp.Ordered + +// CmpCompare is equivalent to Go 1.21's cmp.Compare. +func CmpCompare[T CmpOrdered](x, y T) int { + return cmp.Compare(x, y) +} + +// Max2 is equivalent to Go 1.21's max builtin (but only for two parameters). +func Max2[T CmpOrdered](x, y T) T { + return max(x, y) +} diff --git a/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gocompat/gocompat_generics_unsupported.go b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gocompat/gocompat_generics_unsupported.go new file mode 100644 index 00000000000..0ea6218aa6c --- /dev/null +++ b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gocompat/gocompat_generics_unsupported.go @@ -0,0 +1,187 @@ +// SPDX-License-Identifier: BSD-3-Clause + +//go:build linux && !go1.21 + +// Copyright (C) 2021, 2022 The Go Authors. All rights reserved. +// Copyright (C) 2024-2025 SUSE LLC. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE.BSD file. + +package gocompat + +import ( + "sync" +) + +// These are very minimal implementations of functions that appear in Go 1.21's +// stdlib, included so that we can build on older Go versions. Most are +// borrowed directly from the stdlib, and a few are modified to be "obviously +// correct" without needing to copy too many other helpers. + +// clearSlice is equivalent to Go 1.21's builtin clear. +// Copied from the Go 1.24 stdlib implementation. +func clearSlice[S ~[]E, E any](slice S) { + var zero E + for i := range slice { + slice[i] = zero + } +} + +// slicesIndexFunc is equivalent to Go 1.21's slices.IndexFunc. +// Copied from the Go 1.24 stdlib implementation. +func slicesIndexFunc[S ~[]E, E any](s S, f func(E) bool) int { + for i := range s { + if f(s[i]) { + return i + } + } + return -1 +} + +// SlicesDeleteFunc is equivalent to Go 1.21's slices.DeleteFunc. +// Copied from the Go 1.24 stdlib implementation. +func SlicesDeleteFunc[S ~[]E, E any](s S, del func(E) bool) S { + i := slicesIndexFunc(s, del) + if i == -1 { + return s + } + // Don't start copying elements until we find one to delete. + for j := i + 1; j < len(s); j++ { + if v := s[j]; !del(v) { + s[i] = v + i++ + } + } + clearSlice(s[i:]) // zero/nil out the obsolete elements, for GC + return s[:i] +} + +// SlicesContains is equivalent to Go 1.21's slices.Contains. +// Similar to the stdlib slices.Contains, except that we don't have +// slices.Index so we need to use slices.IndexFunc for this non-Func helper. +func SlicesContains[S ~[]E, E comparable](s S, v E) bool { + return slicesIndexFunc(s, func(e E) bool { return e == v }) >= 0 +} + +// SlicesClone is equivalent to Go 1.21's slices.Clone. +// Copied from the Go 1.24 stdlib implementation. +func SlicesClone[S ~[]E, E any](s S) S { + // Preserve nil in case it matters. + if s == nil { + return nil + } + return append(S([]E{}), s...) +} + +// SyncOnceValue is equivalent to Go 1.21's sync.OnceValue. +// Copied from the Go 1.25 stdlib implementation. +func SyncOnceValue[T any](f func() T) func() T { + // Use a struct so that there's a single heap allocation. + d := struct { + f func() T + once sync.Once + valid bool + p any + result T + }{ + f: f, + } + return func() T { + d.once.Do(func() { + defer func() { + d.f = nil + d.p = recover() + if !d.valid { + panic(d.p) + } + }() + d.result = d.f() + d.valid = true + }) + if !d.valid { + panic(d.p) + } + return d.result + } +} + +// SyncOnceValues is equivalent to Go 1.21's sync.OnceValues. +// Copied from the Go 1.25 stdlib implementation. +func SyncOnceValues[T1, T2 any](f func() (T1, T2)) func() (T1, T2) { + // Use a struct so that there's a single heap allocation. + d := struct { + f func() (T1, T2) + once sync.Once + valid bool + p any + r1 T1 + r2 T2 + }{ + f: f, + } + return func() (T1, T2) { + d.once.Do(func() { + defer func() { + d.f = nil + d.p = recover() + if !d.valid { + panic(d.p) + } + }() + d.r1, d.r2 = d.f() + d.valid = true + }) + if !d.valid { + panic(d.p) + } + return d.r1, d.r2 + } +} + +// CmpOrdered is equivalent to Go 1.21's cmp.Ordered generic type definition. +// Copied from the Go 1.25 stdlib implementation. +type CmpOrdered interface { + ~int | ~int8 | ~int16 | ~int32 | ~int64 | + ~uint | ~uint8 | ~uint16 | ~uint32 | ~uint64 | ~uintptr | + ~float32 | ~float64 | + ~string +} + +// isNaN reports whether x is a NaN without requiring the math package. +// This will always return false if T is not floating-point. +// Copied from the Go 1.25 stdlib implementation. +func isNaN[T CmpOrdered](x T) bool { + return x != x +} + +// CmpCompare is equivalent to Go 1.21's cmp.Compare. +// Copied from the Go 1.25 stdlib implementation. +func CmpCompare[T CmpOrdered](x, y T) int { + xNaN := isNaN(x) + yNaN := isNaN(y) + if xNaN { + if yNaN { + return 0 + } + return -1 + } + if yNaN { + return +1 + } + if x < y { + return -1 + } + if x > y { + return +1 + } + return 0 +} + +// Max2 is equivalent to Go 1.21's max builtin for two parameters. +func Max2[T CmpOrdered](x, y T) T { + m := x + if y > m { + m = y + } + return m +} diff --git a/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/kernelversion/kernel_linux.go b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/kernelversion/kernel_linux.go new file mode 100644 index 00000000000..cb6de41861f --- /dev/null +++ b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/kernelversion/kernel_linux.go @@ -0,0 +1,123 @@ +// SPDX-License-Identifier: BSD-3-Clause + +// Copyright (C) 2022 The Go Authors. All rights reserved. +// Copyright (C) 2025 SUSE LLC. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE.BSD file. + +// The parsing logic is very loosely based on the Go stdlib's +// src/internal/syscall/unix/kernel_version_linux.go but with an API that looks +// a bit like runc's libcontainer/system/kernelversion. +// +// TODO(cyphar): This API has been copied around to a lot of different projects +// (Docker, containerd, runc, and now filepath-securejoin) -- maybe we should +// put it in a separate project? + +// Package kernelversion provides a simple mechanism for checking whether the +// running kernel is at least as new as some baseline kernel version. This is +// often useful when checking for features that would be too complicated to +// test support for (or in cases where we know that some kernel features in +// backport-heavy kernels are broken and need to be avoided). +package kernelversion + +import ( + "bytes" + "errors" + "fmt" + "strconv" + "strings" + + "golang.org/x/sys/unix" + + "github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gocompat" +) + +// KernelVersion is a numeric representation of the key numerical elements of a +// kernel version (for instance, "4.1.2-default-1" would be represented as +// KernelVersion{4, 1, 2}). +type KernelVersion []uint64 + +func (kver KernelVersion) String() string { + var str strings.Builder + for idx, elem := range kver { + if idx != 0 { + _, _ = str.WriteRune('.') + } + _, _ = str.WriteString(strconv.FormatUint(elem, 10)) + } + return str.String() +} + +var errInvalidKernelVersion = errors.New("invalid kernel version") + +// parseKernelVersion parses a string and creates a KernelVersion based on it. +func parseKernelVersion(kverStr string) (KernelVersion, error) { + kver := make(KernelVersion, 1, 3) + for idx, ch := range kverStr { + if '0' <= ch && ch <= '9' { + v := &kver[len(kver)-1] + *v = (*v * 10) + uint64(ch-'0') + } else { + if idx == 0 || kverStr[idx-1] < '0' || '9' < kverStr[idx-1] { + // "." must be preceded by a digit while in version section + return nil, fmt.Errorf("%w %q: kernel version has dot(s) followed by non-digit in version section", errInvalidKernelVersion, kverStr) + } + if ch != '.' { + break + } + kver = append(kver, 0) + } + } + if len(kver) < 2 { + return nil, fmt.Errorf("%w %q: kernel versions must contain at least two components", errInvalidKernelVersion, kverStr) + } + return kver, nil +} + +// getKernelVersion gets the current kernel version. +var getKernelVersion = gocompat.SyncOnceValues(func() (KernelVersion, error) { + var uts unix.Utsname + if err := unix.Uname(&uts); err != nil { + return nil, err + } + // Remove the \x00 from the release. + release := uts.Release[:] + return parseKernelVersion(string(release[:bytes.IndexByte(release, 0)])) +}) + +// GreaterEqualThan returns true if the the host kernel version is greater than +// or equal to the provided [KernelVersion]. When doing this comparison, any +// non-numerical suffixes of the host kernel version are ignored. +// +// If the number of components provided is not equal to the number of numerical +// components of the host kernel version, any missing components are treated as +// 0. This means that GreaterEqualThan(KernelVersion{4}) will be treated the +// same as GreaterEqualThan(KernelVersion{4, 0, 0, ..., 0, 0}), and that if the +// host kernel version is "4" then GreaterEqualThan(KernelVersion{4, 1}) will +// return false (because the host version will be treated as "4.0"). +func GreaterEqualThan(wantKver KernelVersion) (bool, error) { + hostKver, err := getKernelVersion() + if err != nil { + return false, err + } + + // Pad out the kernel version lengths to match one another. + cmpLen := gocompat.Max2(len(hostKver), len(wantKver)) + hostKver = append(hostKver, make(KernelVersion, cmpLen-len(hostKver))...) + wantKver = append(wantKver, make(KernelVersion, cmpLen-len(wantKver))...) + + for i := 0; i < cmpLen; i++ { + switch gocompat.CmpCompare(hostKver[i], wantKver[i]) { + case -1: + // host < want + return false, nil + case +1: + // host > want + return true, nil + case 0: + continue + } + } + // equal version values + return true, nil +} diff --git a/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/linux/doc.go b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/linux/doc.go new file mode 100644 index 00000000000..4635714f626 --- /dev/null +++ b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/linux/doc.go @@ -0,0 +1,12 @@ +// SPDX-License-Identifier: MPL-2.0 + +// Copyright (C) 2024-2025 Aleksa Sarai +// Copyright (C) 2024-2025 SUSE LLC +// +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at https://mozilla.org/MPL/2.0/. + +// Package linux returns information about what features are supported on the +// running kernel. +package linux diff --git a/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/linux/mount_linux.go b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/linux/mount_linux.go new file mode 100644 index 00000000000..b29905bff66 --- /dev/null +++ b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/linux/mount_linux.go @@ -0,0 +1,47 @@ +// SPDX-License-Identifier: MPL-2.0 + +//go:build linux + +// Copyright (C) 2024-2025 Aleksa Sarai +// Copyright (C) 2024-2025 SUSE LLC +// +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at https://mozilla.org/MPL/2.0/. + +package linux + +import ( + "golang.org/x/sys/unix" + + "github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gocompat" + "github.com/cyphar/filepath-securejoin/pathrs-lite/internal/kernelversion" +) + +// HasNewMountAPI returns whether the new fsopen(2) mount API is supported on +// the running kernel. +var HasNewMountAPI = gocompat.SyncOnceValue(func() bool { + // All of the pieces of the new mount API we use (fsopen, fsconfig, + // fsmount, open_tree) were added together in Linux 5.2[1,2], so we can + // just check for one of the syscalls and the others should also be + // available. + // + // Just try to use open_tree(2) to open a file without OPEN_TREE_CLONE. + // This is equivalent to openat(2), but tells us if open_tree is + // available (and thus all of the other basic new mount API syscalls). + // open_tree(2) is most light-weight syscall to test here. + // + // [1]: merge commit 400913252d09 + // [2]: + fd, err := unix.OpenTree(-int(unix.EBADF), "/", unix.OPEN_TREE_CLOEXEC) + if err != nil { + return false + } + _ = unix.Close(fd) + + // RHEL 8 has a backport of fsopen(2) that appears to have some very + // difficult to debug performance pathology. As such, it seems prudent to + // simply reject pre-5.2 kernels. + isNotBackport, _ := kernelversion.GreaterEqualThan(kernelversion.KernelVersion{5, 2}) + return isNotBackport +}) diff --git a/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/linux/openat2_linux.go b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/linux/openat2_linux.go new file mode 100644 index 00000000000..399609dc361 --- /dev/null +++ b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/linux/openat2_linux.go @@ -0,0 +1,31 @@ +// SPDX-License-Identifier: MPL-2.0 + +//go:build linux + +// Copyright (C) 2024-2025 Aleksa Sarai +// Copyright (C) 2024-2025 SUSE LLC +// +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at https://mozilla.org/MPL/2.0/. + +package linux + +import ( + "golang.org/x/sys/unix" + + "github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gocompat" +) + +// HasOpenat2 returns whether openat2(2) is supported on the running kernel. +var HasOpenat2 = gocompat.SyncOnceValue(func() bool { + fd, err := unix.Openat2(unix.AT_FDCWD, ".", &unix.OpenHow{ + Flags: unix.O_PATH | unix.O_CLOEXEC, + Resolve: unix.RESOLVE_NO_SYMLINKS | unix.RESOLVE_IN_ROOT, + }) + if err != nil { + return false + } + _ = unix.Close(fd) + return true +}) diff --git a/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/procfs/procfs_linux.go b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/procfs/procfs_linux.go new file mode 100644 index 00000000000..21e0a62e8ec --- /dev/null +++ b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/procfs/procfs_linux.go @@ -0,0 +1,544 @@ +// SPDX-License-Identifier: MPL-2.0 + +//go:build linux + +// Copyright (C) 2024-2025 Aleksa Sarai +// Copyright (C) 2024-2025 SUSE LLC +// +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at https://mozilla.org/MPL/2.0/. + +// Package procfs provides a safe API for operating on /proc on Linux. Note +// that this is the *internal* procfs API, mainy needed due to Go's +// restrictions on cyclic dependencies and its incredibly minimal visibility +// system without making a separate internal/ package. +package procfs + +import ( + "errors" + "fmt" + "io" + "os" + "runtime" + "strconv" + + "golang.org/x/sys/unix" + + "github.com/cyphar/filepath-securejoin/pathrs-lite/internal" + "github.com/cyphar/filepath-securejoin/pathrs-lite/internal/assert" + "github.com/cyphar/filepath-securejoin/pathrs-lite/internal/fd" + "github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gocompat" + "github.com/cyphar/filepath-securejoin/pathrs-lite/internal/linux" +) + +// The kernel guarantees that the root inode of a procfs mount has an +// f_type of PROC_SUPER_MAGIC and st_ino of PROC_ROOT_INO. +const ( + procSuperMagic = 0x9fa0 // PROC_SUPER_MAGIC + procRootIno = 1 // PROC_ROOT_INO +) + +// verifyProcHandle checks that the handle is from a procfs filesystem. +// Contrast this to [verifyProcRoot], which also verifies that the handle is +// the root of a procfs mount. +func verifyProcHandle(procHandle fd.Fd) error { + if statfs, err := fd.Fstatfs(procHandle); err != nil { + return err + } else if statfs.Type != procSuperMagic { + return fmt.Errorf("%w: incorrect procfs root filesystem type 0x%x", errUnsafeProcfs, statfs.Type) + } + return nil +} + +// verifyProcRoot verifies that the handle is the root of a procfs filesystem. +// Contrast this to [verifyProcHandle], which only verifies if the handle is +// some file on procfs (regardless of what file it is). +func verifyProcRoot(procRoot fd.Fd) error { + if err := verifyProcHandle(procRoot); err != nil { + return err + } + if stat, err := fd.Fstat(procRoot); err != nil { + return err + } else if stat.Ino != procRootIno { + return fmt.Errorf("%w: incorrect procfs root inode number %d", errUnsafeProcfs, stat.Ino) + } + return nil +} + +type procfsFeatures struct { + // hasSubsetPid was added in Linux 5.8, along with hidepid=ptraceable (and + // string-based hidepid= values). Before this patchset, it was not really + // safe to try to modify procfs superblock flags because the superblock was + // shared -- so if this feature is not available, **you should not set any + // superblock flags**. + // + // 6814ef2d992a ("proc: add option to mount only a pids subset") + // fa10fed30f25 ("proc: allow to mount many instances of proc in one pid namespace") + // 24a71ce5c47f ("proc: instantiate only pids that we can ptrace on 'hidepid=4' mount option") + // 1c6c4d112e81 ("proc: use human-readable values for hidepid") + // 9ff7258575d5 ("Merge branch 'proc-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace") + hasSubsetPid bool +} + +var getProcfsFeatures = gocompat.SyncOnceValue(func() procfsFeatures { + if !linux.HasNewMountAPI() { + return procfsFeatures{} + } + procfsCtx, err := fd.Fsopen("proc", unix.FSOPEN_CLOEXEC) + if err != nil { + return procfsFeatures{} + } + defer procfsCtx.Close() //nolint:errcheck // close failures aren't critical here + + return procfsFeatures{ + hasSubsetPid: unix.FsconfigSetString(int(procfsCtx.Fd()), "subset", "pid") == nil, + } +}) + +func newPrivateProcMount(subset bool) (_ *Handle, Err error) { + procfsCtx, err := fd.Fsopen("proc", unix.FSOPEN_CLOEXEC) + if err != nil { + return nil, err + } + defer procfsCtx.Close() //nolint:errcheck // close failures aren't critical here + + if subset && getProcfsFeatures().hasSubsetPid { + // Try to configure hidepid=ptraceable,subset=pid if possible, but + // ignore errors. + _ = unix.FsconfigSetString(int(procfsCtx.Fd()), "hidepid", "ptraceable") + _ = unix.FsconfigSetString(int(procfsCtx.Fd()), "subset", "pid") + } + + // Get an actual handle. + if err := unix.FsconfigCreate(int(procfsCtx.Fd())); err != nil { + return nil, os.NewSyscallError("fsconfig create procfs", err) + } + // TODO: Output any information from the fscontext log to debug logs. + procRoot, err := fd.Fsmount(procfsCtx, unix.FSMOUNT_CLOEXEC, unix.MS_NODEV|unix.MS_NOEXEC|unix.MS_NOSUID) + if err != nil { + return nil, err + } + defer func() { + if Err != nil { + _ = procRoot.Close() + } + }() + return newHandle(procRoot) +} + +func clonePrivateProcMount() (_ *Handle, Err error) { + // Try to make a clone without using AT_RECURSIVE if we can. If this works, + // we can be sure there are no over-mounts and so if the root is valid then + // we're golden. Otherwise, we have to deal with over-mounts. + procRoot, err := fd.OpenTree(nil, "/proc", unix.OPEN_TREE_CLONE) + if err != nil || hookForcePrivateProcRootOpenTreeAtRecursive(procRoot) { + procRoot, err = fd.OpenTree(nil, "/proc", unix.OPEN_TREE_CLONE|unix.AT_RECURSIVE) + } + if err != nil { + return nil, fmt.Errorf("creating a detached procfs clone: %w", err) + } + defer func() { + if Err != nil { + _ = procRoot.Close() + } + }() + return newHandle(procRoot) +} + +func privateProcRoot(subset bool) (*Handle, error) { + if !linux.HasNewMountAPI() || hookForceGetProcRootUnsafe() { + return nil, fmt.Errorf("new mount api: %w", unix.ENOTSUP) + } + // Try to create a new procfs mount from scratch if we can. This ensures we + // can get a procfs mount even if /proc is fake (for whatever reason). + procRoot, err := newPrivateProcMount(subset) + if err != nil || hookForcePrivateProcRootOpenTree(procRoot) { + // Try to clone /proc then... + procRoot, err = clonePrivateProcMount() + } + return procRoot, err +} + +func unsafeHostProcRoot() (_ *Handle, Err error) { + procRoot, err := os.OpenFile("/proc", unix.O_PATH|unix.O_NOFOLLOW|unix.O_DIRECTORY|unix.O_CLOEXEC, 0) + if err != nil { + return nil, err + } + defer func() { + if Err != nil { + _ = procRoot.Close() + } + }() + return newHandle(procRoot) +} + +// Handle is a wrapper around an *os.File handle to "/proc", which can be used +// to do further procfs-related operations in a safe way. +type Handle struct { + Inner fd.Fd + // Does this handle have subset=pid set? + isSubset bool +} + +func newHandle(procRoot fd.Fd) (*Handle, error) { + if err := verifyProcRoot(procRoot); err != nil { + // This is only used in methods that + _ = procRoot.Close() + return nil, err + } + proc := &Handle{Inner: procRoot} + // With subset=pid we can be sure that /proc/uptime will not exist. + if err := fd.Faccessat(proc.Inner, "uptime", unix.F_OK, unix.AT_SYMLINK_NOFOLLOW); err != nil { + proc.isSubset = errors.Is(err, os.ErrNotExist) + } + return proc, nil +} + +// Close closes the underlying file for the Handle. +func (proc *Handle) Close() error { return proc.Inner.Close() } + +var getCachedProcRoot = gocompat.SyncOnceValue(func() *Handle { + procRoot, err := getProcRoot(true) + if err != nil { + return nil // just don't cache if we see an error + } + if !procRoot.isSubset { + return nil // we only cache verified subset=pid handles + } + + // Disarm (*Handle).Close() to stop someone from accidentally closing + // the global handle. + procRoot.Inner = fd.NopCloser(procRoot.Inner) + return procRoot +}) + +// OpenProcRoot tries to open a "safer" handle to "/proc". +func OpenProcRoot() (*Handle, error) { + if proc := getCachedProcRoot(); proc != nil { + return proc, nil + } + return getProcRoot(true) +} + +// OpenUnsafeProcRoot opens a handle to "/proc" without any overmounts or +// masked paths (but also without "subset=pid"). +func OpenUnsafeProcRoot() (*Handle, error) { return getProcRoot(false) } + +func getProcRoot(subset bool) (*Handle, error) { + proc, err := privateProcRoot(subset) + if err != nil { + // Fall back to using a /proc handle if making a private mount failed. + // If we have openat2, at least we can avoid some kinds of over-mount + // attacks, but without openat2 there's not much we can do. + proc, err = unsafeHostProcRoot() + } + return proc, err +} + +var hasProcThreadSelf = gocompat.SyncOnceValue(func() bool { + return unix.Access("/proc/thread-self/", unix.F_OK) == nil +}) + +var errUnsafeProcfs = errors.New("unsafe procfs detected") + +// lookup is a very minimal wrapper around [procfsLookupInRoot] which is +// intended to be called from the external API. +func (proc *Handle) lookup(subpath string) (*os.File, error) { + handle, err := procfsLookupInRoot(proc.Inner, subpath) + if err != nil { + return nil, err + } + return handle, nil +} + +// procfsBase is an enum indicating the prefix of a subpath in operations +// involving [Handle]s. +type procfsBase string + +const ( + // ProcRoot refers to the root of the procfs (i.e., "/proc/"). + ProcRoot procfsBase = "/proc" + // ProcSelf refers to the current process' subdirectory (i.e., + // "/proc/self/"). + ProcSelf procfsBase = "/proc/self" + // ProcThreadSelf refers to the current thread's subdirectory (i.e., + // "/proc/thread-self/"). In multi-threaded programs (i.e., all Go + // programs) where one thread has a different CLONE_FS, it is possible for + // "/proc/self" to point the wrong thread and so "/proc/thread-self" may be + // necessary. Note that on pre-3.17 kernels, "/proc/thread-self" doesn't + // exist and so a fallback will be used in that case. + ProcThreadSelf procfsBase = "/proc/thread-self" + // TODO: Switch to an interface setup so we can have a more type-safe + // version of ProcPid and remove the need to worry about invalid string + // values. +) + +// prefix returns a prefix that can be used with the given [Handle]. +func (base procfsBase) prefix(proc *Handle) (string, error) { + switch base { + case ProcRoot: + return ".", nil + case ProcSelf: + return "self", nil + case ProcThreadSelf: + threadSelf := "thread-self" + if !hasProcThreadSelf() || hookForceProcSelfTask() { + // Pre-3.17 kernels don't have /proc/thread-self, so do it + // manually. + threadSelf = "self/task/" + strconv.Itoa(unix.Gettid()) + if err := fd.Faccessat(proc.Inner, threadSelf, unix.F_OK, unix.AT_SYMLINK_NOFOLLOW); err != nil || hookForceProcSelf() { + // In this case, we running in a pid namespace that doesn't + // match the /proc mount we have. This can happen inside runc. + // + // Unfortunately, there is no nice way to get the correct TID + // to use here because of the age of the kernel, so we have to + // just use /proc/self and hope that it works. + threadSelf = "self" + } + } + return threadSelf, nil + } + return "", fmt.Errorf("invalid procfs base %q", base) +} + +// ProcThreadSelfCloser is a callback that needs to be called when you are done +// operating on an [os.File] fetched using [ProcThreadSelf]. +// +// [os.File]: https://pkg.go.dev/os#File +type ProcThreadSelfCloser func() + +// open is the core lookup operation for [Handle]. It returns a handle to +// "/proc//". If the returned [ProcThreadSelfCloser] is non-nil, +// you should call it after you are done interacting with the returned handle. +// +// In general you should use prefer to use the other helpers, as they remove +// the need to interact with [procfsBase] and do not return a nil +// [ProcThreadSelfCloser] for [procfsBase] values other than [ProcThreadSelf] +// where it is necessary. +func (proc *Handle) open(base procfsBase, subpath string) (_ *os.File, closer ProcThreadSelfCloser, Err error) { + prefix, err := base.prefix(proc) + if err != nil { + return nil, nil, err + } + subpath = prefix + "/" + subpath + + switch base { + case ProcRoot: + file, err := proc.lookup(subpath) + if errors.Is(err, os.ErrNotExist) { + // The Handle handle in use might be a subset=pid one, which will + // result in spurious errors. In this case, just open a temporary + // unmasked procfs handle for this operation. + proc, err2 := OpenUnsafeProcRoot() // !subset=pid + if err2 != nil { + return nil, nil, err + } + defer proc.Close() //nolint:errcheck // close failures aren't critical here + + file, err = proc.lookup(subpath) + } + return file, nil, err + + case ProcSelf: + file, err := proc.lookup(subpath) + return file, nil, err + + case ProcThreadSelf: + // We need to lock our thread until the caller is done with the handle + // because between getting the handle and using it we could get + // interrupted by the Go runtime and hit the case where the underlying + // thread is swapped out and the original thread is killed, resulting + // in pull-your-hair-out-hard-to-debug issues in the caller. + runtime.LockOSThread() + defer func() { + if Err != nil { + runtime.UnlockOSThread() + closer = nil + } + }() + + file, err := proc.lookup(subpath) + return file, runtime.UnlockOSThread, err + } + // should never be reached + return nil, nil, fmt.Errorf("[internal error] invalid procfs base %q", base) +} + +// OpenThreadSelf returns a handle to "/proc/thread-self/" (or an +// equivalent handle on older kernels where "/proc/thread-self" doesn't exist). +// Once finished with the handle, you must call the returned closer function +// (runtime.UnlockOSThread). You must not pass the returned *os.File to other +// Go threads or use the handle after calling the closer. +func (proc *Handle) OpenThreadSelf(subpath string) (_ *os.File, _ ProcThreadSelfCloser, Err error) { + return proc.open(ProcThreadSelf, subpath) +} + +// OpenSelf returns a handle to /proc/self/. +func (proc *Handle) OpenSelf(subpath string) (*os.File, error) { + file, closer, err := proc.open(ProcSelf, subpath) + assert.Assert(closer == nil, "closer for ProcSelf must be nil") + return file, err +} + +// OpenRoot returns a handle to /proc/. +func (proc *Handle) OpenRoot(subpath string) (*os.File, error) { + file, closer, err := proc.open(ProcRoot, subpath) + assert.Assert(closer == nil, "closer for ProcRoot must be nil") + return file, err +} + +// OpenPid returns a handle to /proc/$pid/ (pid can be a pid or tid). +// This is mainly intended for usage when operating on other processes. +func (proc *Handle) OpenPid(pid int, subpath string) (*os.File, error) { + return proc.OpenRoot(strconv.Itoa(pid) + "/" + subpath) +} + +// checkSubpathOvermount checks if the dirfd and path combination is on the +// same mount as the given root. +func checkSubpathOvermount(root, dir fd.Fd, path string) error { + // Get the mntID of our procfs handle. + expectedMountID, err := fd.GetMountID(root, "") + if err != nil { + return fmt.Errorf("get root mount id: %w", err) + } + // Get the mntID of the target magic-link. + gotMountID, err := fd.GetMountID(dir, path) + if err != nil { + return fmt.Errorf("get subpath mount id: %w", err) + } + // As long as the directory mount is alive, even with wrapping mount IDs, + // we would expect to see a different mount ID here. (Of course, if we're + // using unsafeHostProcRoot() then an attaker could change this after we + // did this check.) + if expectedMountID != gotMountID { + return fmt.Errorf("%w: subpath %s/%s has an overmount obscuring the real path (mount ids do not match %d != %d)", + errUnsafeProcfs, dir.Name(), path, expectedMountID, gotMountID) + } + return nil +} + +// Readlink performs a readlink operation on "/proc//" in a way +// that should be free from race attacks. This is most commonly used to get the +// real path of a file by looking at "/proc/self/fd/$n", with the same safety +// protections as [Open] (as well as some additional checks against +// overmounts). +func (proc *Handle) Readlink(base procfsBase, subpath string) (string, error) { + link, closer, err := proc.open(base, subpath) + if closer != nil { + defer closer() + } + if err != nil { + return "", fmt.Errorf("get safe %s/%s handle: %w", base, subpath, err) + } + defer link.Close() //nolint:errcheck // close failures aren't critical here + + // Try to detect if there is a mount on top of the magic-link. This should + // be safe in general (a mount on top of the path afterwards would not + // affect the handle itself) and will definitely be safe if we are using + // privateProcRoot() (at least since Linux 5.12[1], when anonymous mount + // namespaces were completely isolated from external mounts including mount + // propagation events). + // + // [1]: Linux commit ee2e3f50629f ("mount: fix mounting of detached mounts + // onto targets that reside on shared mounts"). + if err := checkSubpathOvermount(proc.Inner, link, ""); err != nil { + return "", fmt.Errorf("check safety of %s/%s magiclink: %w", base, subpath, err) + } + + // readlinkat implies AT_EMPTY_PATH since Linux 2.6.39. See Linux commit + // 65cfc6722361 ("readlinkat(), fchownat() and fstatat() with empty + // relative pathnames"). + return fd.Readlinkat(link, "") +} + +// ProcSelfFdReadlink gets the real path of the given file by looking at +// readlink(/proc/thread-self/fd/$n). +// +// This is just a wrapper around [Handle.Readlink]. +func ProcSelfFdReadlink(fd fd.Fd) (string, error) { + procRoot, err := OpenProcRoot() // subset=pid + if err != nil { + return "", err + } + defer procRoot.Close() //nolint:errcheck // close failures aren't critical here + + fdPath := "fd/" + strconv.Itoa(int(fd.Fd())) + return procRoot.Readlink(ProcThreadSelf, fdPath) +} + +// CheckProcSelfFdPath returns whether the given file handle matches the +// expected path. (This is inherently racy.) +func CheckProcSelfFdPath(path string, file fd.Fd) error { + if err := fd.IsDeadInode(file); err != nil { + return err + } + actualPath, err := ProcSelfFdReadlink(file) + if err != nil { + return fmt.Errorf("get path of handle: %w", err) + } + if actualPath != path { + return fmt.Errorf("%w: handle path %q doesn't match expected path %q", internal.ErrPossibleBreakout, actualPath, path) + } + return nil +} + +// ReopenFd takes an existing file descriptor and "re-opens" it through +// /proc/thread-self/fd/. This allows for O_PATH file descriptors to be +// upgraded to regular file descriptors, as well as changing the open mode of a +// regular file descriptor. Some filesystems have unique handling of open(2) +// which make this incredibly useful (such as /dev/ptmx). +func ReopenFd(handle fd.Fd, flags int) (*os.File, error) { + procRoot, err := OpenProcRoot() // subset=pid + if err != nil { + return nil, err + } + defer procRoot.Close() //nolint:errcheck // close failures aren't critical here + + // We can't operate on /proc/thread-self/fd/$n directly when doing a + // re-open, so we need to open /proc/thread-self/fd and then open a single + // final component. + procFdDir, closer, err := procRoot.OpenThreadSelf("fd/") + if err != nil { + return nil, fmt.Errorf("get safe /proc/thread-self/fd handle: %w", err) + } + defer procFdDir.Close() //nolint:errcheck // close failures aren't critical here + defer closer() + + // Try to detect if there is a mount on top of the magic-link we are about + // to open. If we are using unsafeHostProcRoot(), this could change after + // we check it (and there's nothing we can do about that) but for + // privateProcRoot() this should be guaranteed to be safe (at least since + // Linux 5.12[1], when anonymous mount namespaces were completely isolated + // from external mounts including mount propagation events). + // + // [1]: Linux commit ee2e3f50629f ("mount: fix mounting of detached mounts + // onto targets that reside on shared mounts"). + fdStr := strconv.Itoa(int(handle.Fd())) + if err := checkSubpathOvermount(procRoot.Inner, procFdDir, fdStr); err != nil { + return nil, fmt.Errorf("check safety of /proc/thread-self/fd/%s magiclink: %w", fdStr, err) + } + + flags |= unix.O_CLOEXEC + // Rather than just wrapping fd.Openat, open-code it so we can copy + // handle.Name(). + reopenFd, err := unix.Openat(int(procFdDir.Fd()), fdStr, flags, 0) + if err != nil { + return nil, fmt.Errorf("reopen fd %d: %w", handle.Fd(), err) + } + return os.NewFile(uintptr(reopenFd), handle.Name()), nil +} + +// Test hooks used in the procfs tests to verify that the fallback logic works. +// See testing_mocks_linux_test.go and procfs_linux_test.go for more details. +var ( + hookForcePrivateProcRootOpenTree = hookDummyFile + hookForcePrivateProcRootOpenTreeAtRecursive = hookDummyFile + hookForceGetProcRootUnsafe = hookDummy + + hookForceProcSelfTask = hookDummy + hookForceProcSelf = hookDummy +) + +func hookDummy() bool { return false } +func hookDummyFile(_ io.Closer) bool { return false } diff --git a/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/procfs/procfs_lookup_linux.go b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/procfs/procfs_lookup_linux.go new file mode 100644 index 00000000000..1ad1f18eee6 --- /dev/null +++ b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/procfs/procfs_lookup_linux.go @@ -0,0 +1,222 @@ +// SPDX-License-Identifier: MPL-2.0 + +//go:build linux + +// Copyright (C) 2024-2025 Aleksa Sarai +// Copyright (C) 2024-2025 SUSE LLC +// +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at https://mozilla.org/MPL/2.0/. + +// This code is adapted to be a minimal version of the libpathrs proc resolver +// . +// As we only need O_PATH|O_NOFOLLOW support, this is not too much to port. + +package procfs + +import ( + "fmt" + "os" + "path" + "path/filepath" + "strings" + + "golang.org/x/sys/unix" + + "github.com/cyphar/filepath-securejoin/internal/consts" + "github.com/cyphar/filepath-securejoin/pathrs-lite/internal" + "github.com/cyphar/filepath-securejoin/pathrs-lite/internal/fd" + "github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gocompat" + "github.com/cyphar/filepath-securejoin/pathrs-lite/internal/linux" +) + +// procfsLookupInRoot is a stripped down version of completeLookupInRoot, +// entirely designed to support the very small set of features necessary to +// make procfs handling work. Unlike completeLookupInRoot, we always have +// O_PATH|O_NOFOLLOW behaviour for trailing symlinks. +// +// The main restrictions are: +// +// - ".." is not supported (as it requires either os.Root-style replays, +// which is more bug-prone; or procfs verification, which is not possible +// due to re-entrancy issues). +// - Absolute symlinks for the same reason (and all absolute symlinks in +// procfs are magic-links, which we want to skip anyway). +// - If statx is supported (checkSymlinkOvermount), any mount-point crossings +// (which is the main attack of concern against /proc). +// - Partial lookups are not supported, so the symlink stack is not needed. +// - Trailing slash special handling is not necessary in most cases (if we +// operating on procfs, it's usually with programmer-controlled strings +// that will then be re-opened), so we skip it since whatever re-opens it +// can deal with it. It's a creature comfort anyway. +// +// If the system supports openat2(), this is implemented using equivalent flags +// (RESOLVE_BENEATH | RESOLVE_NO_XDEV | RESOLVE_NO_MAGICLINKS). +func procfsLookupInRoot(procRoot fd.Fd, unsafePath string) (Handle *os.File, _ error) { + unsafePath = filepath.ToSlash(unsafePath) // noop + + // Make sure that an empty unsafe path still returns something sane, even + // with openat2 (which doesn't have AT_EMPTY_PATH semantics yet). + if unsafePath == "" { + unsafePath = "." + } + + // This is already checked by getProcRoot, but make sure here since the + // core security of this lookup is based on this assumption. + if err := verifyProcRoot(procRoot); err != nil { + return nil, err + } + + if linux.HasOpenat2() { + // We prefer being able to use RESOLVE_NO_XDEV if we can, to be + // absolutely sure we are operating on a clean /proc handle that + // doesn't have any cheeky overmounts that could trick us (including + // symlink mounts on top of /proc/thread-self). RESOLVE_BENEATH isn't + // strictly needed, but just use it since we have it. + // + // NOTE: /proc/self is technically a magic-link (the contents of the + // symlink are generated dynamically), but it doesn't use + // nd_jump_link() so RESOLVE_NO_MAGICLINKS allows it. + // + // TODO: It would be nice to have RESOLVE_NO_DOTDOT, purely for + // self-consistency with the backup O_PATH resolver. + handle, err := fd.Openat2(procRoot, unsafePath, &unix.OpenHow{ + Flags: unix.O_PATH | unix.O_NOFOLLOW | unix.O_CLOEXEC, + Resolve: unix.RESOLVE_BENEATH | unix.RESOLVE_NO_XDEV | unix.RESOLVE_NO_MAGICLINKS, + }) + if err != nil { + // TODO: Once we bump the minimum Go version to 1.20, we can use + // multiple %w verbs for this wrapping. For now we need to use a + // compatibility shim for older Go versions. + // err = fmt.Errorf("%w: %w", errUnsafeProcfs, err) + return nil, gocompat.WrapBaseError(err, errUnsafeProcfs) + } + return handle, nil + } + + // To mirror openat2(RESOLVE_BENEATH), we need to return an error if the + // path is absolute. + if path.IsAbs(unsafePath) { + return nil, fmt.Errorf("%w: cannot resolve absolute paths in procfs resolver", internal.ErrPossibleBreakout) + } + + currentDir, err := fd.Dup(procRoot) + if err != nil { + return nil, fmt.Errorf("clone root fd: %w", err) + } + defer func() { + // If a handle is not returned, close the internal handle. + if Handle == nil { + _ = currentDir.Close() + } + }() + + var ( + linksWalked int + currentPath string + remainingPath = unsafePath + ) + for remainingPath != "" { + // Get the next path component. + var part string + if i := strings.IndexByte(remainingPath, '/'); i == -1 { + part, remainingPath = remainingPath, "" + } else { + part, remainingPath = remainingPath[:i], remainingPath[i+1:] + } + if part == "" { + // no-op component, but treat it the same as "." + part = "." + } + if part == ".." { + // not permitted + return nil, fmt.Errorf("%w: cannot walk into '..' in procfs resolver", internal.ErrPossibleBreakout) + } + + // Apply the component lexically to the path we are building. + // currentPath does not contain any symlinks, and we are lexically + // dealing with a single component, so it's okay to do a filepath.Clean + // here. (Not to mention that ".." isn't allowed.) + nextPath := path.Join("/", currentPath, part) + // If we logically hit the root, just clone the root rather than + // opening the part and doing all of the other checks. + if nextPath == "/" { + // Jump to root. + rootClone, err := fd.Dup(procRoot) + if err != nil { + return nil, fmt.Errorf("clone root fd: %w", err) + } + _ = currentDir.Close() + currentDir = rootClone + currentPath = nextPath + continue + } + + // Try to open the next component. + nextDir, err := fd.Openat(currentDir, part, unix.O_PATH|unix.O_NOFOLLOW|unix.O_CLOEXEC, 0) + if err != nil { + return nil, err + } + + // Make sure we are still on procfs and haven't crossed mounts. + if err := verifyProcHandle(nextDir); err != nil { + _ = nextDir.Close() + return nil, fmt.Errorf("check %q component is on procfs: %w", part, err) + } + if err := checkSubpathOvermount(procRoot, nextDir, ""); err != nil { + _ = nextDir.Close() + return nil, fmt.Errorf("check %q component is not overmounted: %w", part, err) + } + + // We are emulating O_PATH|O_NOFOLLOW, so we only need to traverse into + // trailing symlinks if we are not the final component. Otherwise we + // can just return the currentDir. + if remainingPath != "" { + st, err := nextDir.Stat() + if err != nil { + _ = nextDir.Close() + return nil, fmt.Errorf("stat component %q: %w", part, err) + } + + if st.Mode()&os.ModeType == os.ModeSymlink { + // readlinkat implies AT_EMPTY_PATH since Linux 2.6.39. See + // Linux commit 65cfc6722361 ("readlinkat(), fchownat() and + // fstatat() with empty relative pathnames"). + linkDest, err := fd.Readlinkat(nextDir, "") + // We don't need the handle anymore. + _ = nextDir.Close() + if err != nil { + return nil, err + } + + linksWalked++ + if linksWalked > consts.MaxSymlinkLimit { + return nil, &os.PathError{Op: "securejoin.procfsLookupInRoot", Path: "/proc/" + unsafePath, Err: unix.ELOOP} + } + + // Update our logical remaining path. + remainingPath = linkDest + "/" + remainingPath + // Absolute symlinks are probably magiclinks, we reject them. + if path.IsAbs(linkDest) { + return nil, fmt.Errorf("%w: cannot jump to / in procfs resolver -- possible magiclink", internal.ErrPossibleBreakout) + } + continue + } + } + + // Walk into the next component. + _ = currentDir.Close() + currentDir = nextDir + currentPath = nextPath + } + + // One final sanity-check. + if err := verifyProcHandle(currentDir); err != nil { + return nil, fmt.Errorf("check final handle is on procfs: %w", err) + } + if err := checkSubpathOvermount(procRoot, currentDir, ""); err != nil { + return nil, fmt.Errorf("check final handle is not overmounted: %w", err) + } + return currentDir, nil +} diff --git a/vendor/github.com/cyphar/filepath-securejoin/lookup_linux.go b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/lookup_linux.go similarity index 86% rename from vendor/github.com/cyphar/filepath-securejoin/lookup_linux.go rename to vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/lookup_linux.go index be81e498d72..f47504e663c 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/lookup_linux.go +++ b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/lookup_linux.go @@ -1,10 +1,15 @@ +// SPDX-License-Identifier: MPL-2.0 + //go:build linux -// Copyright (C) 2024 SUSE LLC. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. +// Copyright (C) 2024-2025 Aleksa Sarai +// Copyright (C) 2024-2025 SUSE LLC +// +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at https://mozilla.org/MPL/2.0/. -package securejoin +package pathrs import ( "errors" @@ -15,6 +20,12 @@ import ( "strings" "golang.org/x/sys/unix" + + "github.com/cyphar/filepath-securejoin/internal/consts" + "github.com/cyphar/filepath-securejoin/pathrs-lite/internal/fd" + "github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gocompat" + "github.com/cyphar/filepath-securejoin/pathrs-lite/internal/linux" + "github.com/cyphar/filepath-securejoin/pathrs-lite/internal/procfs" ) type symlinkStackEntry struct { @@ -112,12 +123,12 @@ func (s *symlinkStack) push(dir *os.File, remainingPath, linkTarget string) erro return nil } // Split the link target and clean up any "" parts. - linkTargetParts := slices_DeleteFunc( + linkTargetParts := gocompat.SlicesDeleteFunc( strings.Split(linkTarget, "/"), func(part string) bool { return part == "" || part == "." }) // Copy the directory so the caller doesn't close our copy. - dirCopy, err := dupFile(dir) + dirCopy, err := fd.Dup(dir) if err != nil { return err } @@ -159,11 +170,11 @@ func (s *symlinkStack) PopTopSymlink() (*os.File, string, bool) { // within the provided root (a-la RESOLVE_IN_ROOT) and opens the final existing // component of the requested path, returning a file handle to the final // existing component and a string containing the remaining path components. -func partialLookupInRoot(root *os.File, unsafePath string) (*os.File, string, error) { +func partialLookupInRoot(root fd.Fd, unsafePath string) (*os.File, string, error) { return lookupInRoot(root, unsafePath, true) } -func completeLookupInRoot(root *os.File, unsafePath string) (*os.File, error) { +func completeLookupInRoot(root fd.Fd, unsafePath string) (*os.File, error) { handle, remainingPath, err := lookupInRoot(root, unsafePath, false) if remainingPath != "" && err == nil { // should never happen @@ -174,7 +185,7 @@ func completeLookupInRoot(root *os.File, unsafePath string) (*os.File, error) { return handle, err } -func lookupInRoot(root *os.File, unsafePath string, partial bool) (Handle *os.File, _ string, _ error) { +func lookupInRoot(root fd.Fd, unsafePath string, partial bool) (Handle *os.File, _ string, _ error) { unsafePath = filepath.ToSlash(unsafePath) // noop // This is very similar to SecureJoin, except that we operate on the @@ -182,20 +193,20 @@ func lookupInRoot(root *os.File, unsafePath string, partial bool) (Handle *os.Fi // managed open, along with the remaining path components not opened. // Try to use openat2 if possible. - if hasOpenat2() { + if linux.HasOpenat2() { return lookupOpenat2(root, unsafePath, partial) } // Get the "actual" root path from /proc/self/fd. This is necessary if the // root is some magic-link like /proc/$pid/root, in which case we want to - // make sure when we do checkProcSelfFdPath that we are using the correct - // root path. - logicalRootPath, err := procSelfFdReadlink(root) + // make sure when we do procfs.CheckProcSelfFdPath that we are using the + // correct root path. + logicalRootPath, err := procfs.ProcSelfFdReadlink(root) if err != nil { return nil, "", fmt.Errorf("get real root path: %w", err) } - currentDir, err := dupFile(root) + currentDir, err := fd.Dup(root) if err != nil { return nil, "", fmt.Errorf("clone root fd: %w", err) } @@ -260,7 +271,7 @@ func lookupInRoot(root *os.File, unsafePath string, partial bool) (Handle *os.Fi return nil, "", fmt.Errorf("walking into root with part %q failed: %w", part, err) } // Jump to root. - rootClone, err := dupFile(root) + rootClone, err := fd.Dup(root) if err != nil { return nil, "", fmt.Errorf("clone root fd: %w", err) } @@ -271,21 +282,21 @@ func lookupInRoot(root *os.File, unsafePath string, partial bool) (Handle *os.Fi } // Try to open the next component. - nextDir, err := openatFile(currentDir, part, unix.O_PATH|unix.O_NOFOLLOW|unix.O_CLOEXEC, 0) - switch { - case err == nil: + nextDir, err := fd.Openat(currentDir, part, unix.O_PATH|unix.O_NOFOLLOW|unix.O_CLOEXEC, 0) + switch err { + case nil: st, err := nextDir.Stat() if err != nil { _ = nextDir.Close() return nil, "", fmt.Errorf("stat component %q: %w", part, err) } - switch st.Mode() & os.ModeType { + switch st.Mode() & os.ModeType { //nolint:exhaustive // just a glorified if statement case os.ModeSymlink: // readlinkat implies AT_EMPTY_PATH since Linux 2.6.39. See // Linux commit 65cfc6722361 ("readlinkat(), fchownat() and // fstatat() with empty relative pathnames"). - linkDest, err := readlinkatFile(nextDir, "") + linkDest, err := fd.Readlinkat(nextDir, "") // We don't need the handle anymore. _ = nextDir.Close() if err != nil { @@ -293,7 +304,7 @@ func lookupInRoot(root *os.File, unsafePath string, partial bool) (Handle *os.Fi } linksWalked++ - if linksWalked > maxSymlinkLimit { + if linksWalked > consts.MaxSymlinkLimit { return nil, "", &os.PathError{Op: "securejoin.lookupInRoot", Path: logicalRootPath + "/" + unsafePath, Err: unix.ELOOP} } @@ -307,7 +318,7 @@ func lookupInRoot(root *os.File, unsafePath string, partial bool) (Handle *os.Fi // Absolute symlinks reset any work we've already done. if path.IsAbs(linkDest) { // Jump to root. - rootClone, err := dupFile(root) + rootClone, err := fd.Dup(root) if err != nil { return nil, "", fmt.Errorf("clone root fd: %w", err) } @@ -335,12 +346,12 @@ func lookupInRoot(root *os.File, unsafePath string, partial bool) (Handle *os.Fi // rename or mount on the system. if part == ".." { // Make sure the root hasn't moved. - if err := checkProcSelfFdPath(logicalRootPath, root); err != nil { + if err := procfs.CheckProcSelfFdPath(logicalRootPath, root); err != nil { return nil, "", fmt.Errorf("root path moved during lookup: %w", err) } // Make sure the path is what we expect. fullPath := logicalRootPath + nextPath - if err := checkProcSelfFdPath(fullPath, currentDir); err != nil { + if err := procfs.CheckProcSelfFdPath(fullPath, currentDir); err != nil { return nil, "", fmt.Errorf("walking into %q had unexpected result: %w", part, err) } } @@ -371,7 +382,7 @@ func lookupInRoot(root *os.File, unsafePath string, partial bool) (Handle *os.Fi // context of openat2, a trailing slash and a trailing "/." are completely // equivalent. if strings.HasSuffix(unsafePath, "/") { - nextDir, err := openatFile(currentDir, ".", unix.O_PATH|unix.O_NOFOLLOW|unix.O_CLOEXEC, 0) + nextDir, err := fd.Openat(currentDir, ".", unix.O_PATH|unix.O_NOFOLLOW|unix.O_CLOEXEC, 0) if err != nil { if !partial { _ = currentDir.Close() diff --git a/vendor/github.com/cyphar/filepath-securejoin/mkdir_linux.go b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/mkdir_linux.go similarity index 86% rename from vendor/github.com/cyphar/filepath-securejoin/mkdir_linux.go rename to vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/mkdir_linux.go index a17ae3b0387..f3c62b0dac6 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/mkdir_linux.go +++ b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/mkdir_linux.go @@ -1,10 +1,15 @@ +// SPDX-License-Identifier: MPL-2.0 + //go:build linux -// Copyright (C) 2024 SUSE LLC. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. +// Copyright (C) 2024-2025 Aleksa Sarai +// Copyright (C) 2024-2025 SUSE LLC +// +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at https://mozilla.org/MPL/2.0/. -package securejoin +package pathrs import ( "errors" @@ -14,13 +19,14 @@ import ( "strings" "golang.org/x/sys/unix" -) -var ( - errInvalidMode = errors.New("invalid permission mode") - errPossibleAttack = errors.New("possible attack detected") + "github.com/cyphar/filepath-securejoin/pathrs-lite/internal/fd" + "github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gocompat" + "github.com/cyphar/filepath-securejoin/pathrs-lite/internal/linux" ) +var errInvalidMode = errors.New("invalid permission mode") + // modePermExt is like os.ModePerm except that it also includes the set[ug]id // and sticky bits. const modePermExt = os.ModePerm | os.ModeSetuid | os.ModeSetgid | os.ModeSticky @@ -66,6 +72,8 @@ func toUnixMode(mode os.FileMode) (uint32, error) { // a brand new lookup of unsafePath (such as with [SecureJoin] or openat2) after // doing [MkdirAll]. If you intend to open the directory after creating it, you // should use MkdirAllHandle. +// +// [SecureJoin]: https://pkg.go.dev/github.com/cyphar/filepath-securejoin#SecureJoin func MkdirAllHandle(root *os.File, unsafePath string, mode os.FileMode) (_ *os.File, Err error) { unixMode, err := toUnixMode(mode) if err != nil { @@ -102,7 +110,7 @@ func MkdirAllHandle(root *os.File, unsafePath string, mode os.FileMode) (_ *os.F // // This is mostly a quality-of-life check, because mkdir will simply fail // later if the attacker deletes the tree after this check. - if err := isDeadInode(currentDir); err != nil { + if err := fd.IsDeadInode(currentDir); err != nil { return nil, fmt.Errorf("finding existing subpath of %q: %w", unsafePath, err) } @@ -113,13 +121,13 @@ func MkdirAllHandle(root *os.File, unsafePath string, mode os.FileMode) (_ *os.F return nil, fmt.Errorf("cannot create subdirectories in %q: %w", currentDir.Name(), unix.ENOTDIR) } else if err != nil { return nil, fmt.Errorf("re-opening handle to %q: %w", currentDir.Name(), err) - } else { + } else { //nolint:revive // indent-error-flow lint doesn't make sense here _ = currentDir.Close() currentDir = reopenDir } remainingParts := strings.Split(remainingPath, string(filepath.Separator)) - if slices_Contains(remainingParts, "..") { + if gocompat.SlicesContains(remainingParts, "..") { // The path contained ".." components after the end of the "real" // components. We could try to safely resolve ".." here but that would // add a bunch of extra logic for something that it's not clear even @@ -150,12 +158,12 @@ func MkdirAllHandle(root *os.File, unsafePath string, mode os.FileMode) (_ *os.F if err := unix.Mkdirat(int(currentDir.Fd()), part, unixMode); err != nil && !errors.Is(err, unix.EEXIST) { err = &os.PathError{Op: "mkdirat", Path: currentDir.Name() + "/" + part, Err: err} // Make the error a bit nicer if the directory is dead. - if deadErr := isDeadInode(currentDir); deadErr != nil { + if deadErr := fd.IsDeadInode(currentDir); deadErr != nil { // TODO: Once we bump the minimum Go version to 1.20, we can use // multiple %w verbs for this wrapping. For now we need to use a // compatibility shim for older Go versions. - //err = fmt.Errorf("%w (%w)", err, deadErr) - err = wrapBaseError(err, deadErr) + // err = fmt.Errorf("%w (%w)", err, deadErr) + err = gocompat.WrapBaseError(err, deadErr) } return nil, err } @@ -163,13 +171,13 @@ func MkdirAllHandle(root *os.File, unsafePath string, mode os.FileMode) (_ *os.F // Get a handle to the next component. O_DIRECTORY means we don't need // to use O_PATH. var nextDir *os.File - if hasOpenat2() { - nextDir, err = openat2File(currentDir, part, &unix.OpenHow{ + if linux.HasOpenat2() { + nextDir, err = openat2(currentDir, part, &unix.OpenHow{ Flags: unix.O_NOFOLLOW | unix.O_DIRECTORY | unix.O_CLOEXEC, Resolve: unix.RESOLVE_BENEATH | unix.RESOLVE_NO_SYMLINKS | unix.RESOLVE_NO_XDEV, }) } else { - nextDir, err = openatFile(currentDir, part, unix.O_NOFOLLOW|unix.O_DIRECTORY|unix.O_CLOEXEC, 0) + nextDir, err = fd.Openat(currentDir, part, unix.O_NOFOLLOW|unix.O_DIRECTORY|unix.O_CLOEXEC, 0) } if err != nil { return nil, err @@ -220,12 +228,14 @@ func MkdirAllHandle(root *os.File, unsafePath string, mode os.FileMode) (_ *os.F // If you plan to open the directory after you have created it or want to use // an open directory handle as the root, you should use [MkdirAllHandle] instead. // This function is a wrapper around [MkdirAllHandle]. +// +// [SecureJoin]: https://pkg.go.dev/github.com/cyphar/filepath-securejoin#SecureJoin func MkdirAll(root, unsafePath string, mode os.FileMode) error { rootDir, err := os.OpenFile(root, unix.O_PATH|unix.O_DIRECTORY|unix.O_CLOEXEC, 0) if err != nil { return err } - defer rootDir.Close() + defer rootDir.Close() //nolint:errcheck // close failures aren't critical here f, err := MkdirAllHandle(rootDir, unsafePath, mode) if err != nil { diff --git a/vendor/github.com/cyphar/filepath-securejoin/open_linux.go b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/open_linux.go similarity index 56% rename from vendor/github.com/cyphar/filepath-securejoin/open_linux.go rename to vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/open_linux.go index 230be73f0eb..7492d8cfa06 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/open_linux.go +++ b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/open_linux.go @@ -1,17 +1,22 @@ +// SPDX-License-Identifier: MPL-2.0 + //go:build linux -// Copyright (C) 2024 SUSE LLC. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. +// Copyright (C) 2024-2025 Aleksa Sarai +// Copyright (C) 2024-2025 SUSE LLC +// +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at https://mozilla.org/MPL/2.0/. -package securejoin +package pathrs import ( - "fmt" "os" - "strconv" "golang.org/x/sys/unix" + + "github.com/cyphar/filepath-securejoin/pathrs-lite/internal/procfs" ) // OpenatInRoot is equivalent to [OpenInRoot], except that the root is provided @@ -40,12 +45,14 @@ func OpenatInRoot(root *os.File, unsafePath string) (*os.File, error) { // disconnected TTY that could cause a DoS, or some other issue). In order to // use the returned handle, you can "upgrade" it to a proper handle using // [Reopen]. +// +// [SecureJoin]: https://pkg.go.dev/github.com/cyphar/filepath-securejoin#SecureJoin func OpenInRoot(root, unsafePath string) (*os.File, error) { rootDir, err := os.OpenFile(root, unix.O_PATH|unix.O_DIRECTORY|unix.O_CLOEXEC, 0) if err != nil { return nil, err } - defer rootDir.Close() + defer rootDir.Close() //nolint:errcheck // close failures aren't critical here return OpenatInRoot(rootDir, unsafePath) } @@ -63,41 +70,5 @@ func OpenInRoot(root, unsafePath string) (*os.File, error) { // // [CVE-2019-19921]: https://github.com/advisories/GHSA-fh74-hm69-rqjw func Reopen(handle *os.File, flags int) (*os.File, error) { - procRoot, err := getProcRoot() - if err != nil { - return nil, err - } - - // We can't operate on /proc/thread-self/fd/$n directly when doing a - // re-open, so we need to open /proc/thread-self/fd and then open a single - // final component. - procFdDir, closer, err := procThreadSelf(procRoot, "fd/") - if err != nil { - return nil, fmt.Errorf("get safe /proc/thread-self/fd handle: %w", err) - } - defer procFdDir.Close() - defer closer() - - // Try to detect if there is a mount on top of the magic-link we are about - // to open. If we are using unsafeHostProcRoot(), this could change after - // we check it (and there's nothing we can do about that) but for - // privateProcRoot() this should be guaranteed to be safe (at least since - // Linux 5.12[1], when anonymous mount namespaces were completely isolated - // from external mounts including mount propagation events). - // - // [1]: Linux commit ee2e3f50629f ("mount: fix mounting of detached mounts - // onto targets that reside on shared mounts"). - fdStr := strconv.Itoa(int(handle.Fd())) - if err := checkSymlinkOvermount(procRoot, procFdDir, fdStr); err != nil { - return nil, fmt.Errorf("check safety of /proc/thread-self/fd/%s magiclink: %w", fdStr, err) - } - - flags |= unix.O_CLOEXEC - // Rather than just wrapping openatFile, open-code it so we can copy - // handle.Name(). - reopenFd, err := unix.Openat(int(procFdDir.Fd()), fdStr, flags, 0) - if err != nil { - return nil, fmt.Errorf("reopen fd %d: %w", handle.Fd(), err) - } - return os.NewFile(uintptr(reopenFd), handle.Name()), nil + return procfs.ReopenFd(handle, flags) } diff --git a/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/openat2_linux.go b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/openat2_linux.go new file mode 100644 index 00000000000..937bc435f2b --- /dev/null +++ b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/openat2_linux.go @@ -0,0 +1,101 @@ +// SPDX-License-Identifier: MPL-2.0 + +//go:build linux + +// Copyright (C) 2024-2025 Aleksa Sarai +// Copyright (C) 2024-2025 SUSE LLC +// +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at https://mozilla.org/MPL/2.0/. + +package pathrs + +import ( + "errors" + "fmt" + "os" + "path/filepath" + "strings" + + "golang.org/x/sys/unix" + + "github.com/cyphar/filepath-securejoin/pathrs-lite/internal/fd" + "github.com/cyphar/filepath-securejoin/pathrs-lite/procfs" +) + +func openat2(dir fd.Fd, path string, how *unix.OpenHow) (*os.File, error) { + file, err := fd.Openat2(dir, path, how) + if err != nil { + return nil, err + } + // If we are using RESOLVE_IN_ROOT, the name we generated may be wrong. + if how.Resolve&unix.RESOLVE_IN_ROOT == unix.RESOLVE_IN_ROOT { + if actualPath, err := procfs.ProcSelfFdReadlink(file); err == nil { + // TODO: Ideally we would not need to dup the fd, but you cannot + // easily just swap an *os.File with one from the same fd + // (the GC will close the old one, and you cannot clear the + // finaliser easily because it is associated with an internal + // field of *os.File not *os.File itself). + newFile, err := fd.DupWithName(file, actualPath) + if err != nil { + return nil, err + } + file = newFile + } + } + return file, nil +} + +func lookupOpenat2(root fd.Fd, unsafePath string, partial bool) (*os.File, string, error) { + if !partial { + file, err := openat2(root, unsafePath, &unix.OpenHow{ + Flags: unix.O_PATH | unix.O_CLOEXEC, + Resolve: unix.RESOLVE_IN_ROOT | unix.RESOLVE_NO_MAGICLINKS, + }) + return file, "", err + } + return partialLookupOpenat2(root, unsafePath) +} + +// partialLookupOpenat2 is an alternative implementation of +// partialLookupInRoot, using openat2(RESOLVE_IN_ROOT) to more safely get a +// handle to the deepest existing child of the requested path within the root. +func partialLookupOpenat2(root fd.Fd, unsafePath string) (*os.File, string, error) { + // TODO: Implement this as a git-bisect-like binary search. + + unsafePath = filepath.ToSlash(unsafePath) // noop + endIdx := len(unsafePath) + var lastError error + for endIdx > 0 { + subpath := unsafePath[:endIdx] + + handle, err := openat2(root, subpath, &unix.OpenHow{ + Flags: unix.O_PATH | unix.O_CLOEXEC, + Resolve: unix.RESOLVE_IN_ROOT | unix.RESOLVE_NO_MAGICLINKS, + }) + if err == nil { + // Jump over the slash if we have a non-"" remainingPath. + if endIdx < len(unsafePath) { + endIdx++ + } + // We found a subpath! + return handle, unsafePath[endIdx:], lastError + } + if errors.Is(err, unix.ENOENT) || errors.Is(err, unix.ENOTDIR) { + // That path doesn't exist, let's try the next directory up. + endIdx = strings.LastIndexByte(subpath, '/') + lastError = err + continue + } + return nil, "", fmt.Errorf("open subpath: %w", err) + } + // If we couldn't open anything, the whole subpath is missing. Return a + // copy of the root fd so that the caller doesn't close this one by + // accident. + rootClone, err := fd.Dup(root) + if err != nil { + return nil, "", err + } + return rootClone, unsafePath, lastError +} diff --git a/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/procfs/procfs_linux.go b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/procfs/procfs_linux.go new file mode 100644 index 00000000000..ec187a414c5 --- /dev/null +++ b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/procfs/procfs_linux.go @@ -0,0 +1,157 @@ +// SPDX-License-Identifier: MPL-2.0 + +//go:build linux + +// Copyright (C) 2024-2025 Aleksa Sarai +// Copyright (C) 2024-2025 SUSE LLC +// +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at https://mozilla.org/MPL/2.0/. + +// Package procfs provides a safe API for operating on /proc on Linux. +package procfs + +import ( + "os" + + "github.com/cyphar/filepath-securejoin/pathrs-lite/internal/procfs" +) + +// This package mostly just wraps internal/procfs APIs. This is necessary +// because we are forced to export some things from internal/procfs in order to +// avoid some dependency cycle issues, but we don't want users to see or use +// them. + +// ProcThreadSelfCloser is a callback that needs to be called when you are done +// operating on an [os.File] fetched using [Handle.OpenThreadSelf]. +// +// [os.File]: https://pkg.go.dev/os#File +type ProcThreadSelfCloser = procfs.ProcThreadSelfCloser + +// Handle is a wrapper around an *os.File handle to "/proc", which can be used +// to do further procfs-related operations in a safe way. +type Handle struct { + inner *procfs.Handle +} + +// Close close the resources associated with this [Handle]. Note that if this +// [Handle] was created with [OpenProcRoot], on some kernels the underlying +// procfs handle is cached and so this Close operation may be a no-op. However, +// you should always call Close on [Handle]s once you are done with them. +func (proc *Handle) Close() error { return proc.inner.Close() } + +// OpenProcRoot tries to open a "safer" handle to "/proc" (i.e., one with the +// "subset=pid" mount option applied, available from Linux 5.8). Unless you +// plan to do many [Handle.OpenRoot] operations, users should prefer to use +// this over [OpenUnsafeProcRoot] which is far more dangerous to keep open. +// +// If a safe handle cannot be opened, OpenProcRoot will fall back to opening a +// regular "/proc" handle. +// +// Note that using [Handle.OpenRoot] will still work with handles returned by +// this function. If a subpath cannot be operated on with a safe "/proc" +// handle, then [OpenUnsafeProcRoot] will be called internally and a temporary +// unsafe handle will be used. +func OpenProcRoot() (*Handle, error) { + proc, err := procfs.OpenProcRoot() + if err != nil { + return nil, err + } + return &Handle{inner: proc}, nil +} + +// OpenUnsafeProcRoot opens a handle to "/proc" without any overmounts or +// masked paths. You must be extremely careful to make sure this handle is +// never leaked to a container and that you program cannot be tricked into +// writing to arbitrary paths within it. +// +// This is not necessary if you just wish to use [Handle.OpenRoot], as handles +// returned by [OpenProcRoot] will fall back to using a *temporary* unsafe +// handle in that case. You should only really use this if you need to do many +// operations with [Handle.OpenRoot] and the performance overhead of making +// many procfs handles is an issue. If you do use OpenUnsafeProcRoot, you +// should make sure to close the handle as soon as possible to avoid +// known-fd-number attacks. +func OpenUnsafeProcRoot() (*Handle, error) { + proc, err := procfs.OpenUnsafeProcRoot() + if err != nil { + return nil, err + } + return &Handle{inner: proc}, nil +} + +// OpenThreadSelf returns a handle to "/proc/thread-self/" (or an +// equivalent handle on older kernels where "/proc/thread-self" doesn't exist). +// Once finished with the handle, you must call the returned closer function +// ([runtime.UnlockOSThread]). You must not pass the returned *os.File to other +// Go threads or use the handle after calling the closer. +// +// [runtime.UnlockOSThread]: https://pkg.go.dev/runtime#UnlockOSThread +func (proc *Handle) OpenThreadSelf(subpath string) (*os.File, ProcThreadSelfCloser, error) { + return proc.inner.OpenThreadSelf(subpath) +} + +// OpenSelf returns a handle to /proc/self/. +// +// Note that in Go programs with non-homogenous threads, this may result in +// spurious errors. If you are monkeying around with APIs that are +// thread-specific, you probably want to use [Handle.OpenThreadSelf] instead +// which will guarantee that the handle refers to the same thread as the caller +// is executing on. +func (proc *Handle) OpenSelf(subpath string) (*os.File, error) { + return proc.inner.OpenSelf(subpath) +} + +// OpenRoot returns a handle to /proc/. +// +// You should only use this when you need to operate on global procfs files +// (such as sysctls in /proc/sys). Unlike [Handle.OpenThreadSelf], +// [Handle.OpenSelf], and [Handle.OpenPid], the procfs handle used internally +// for this operation will never use "subset=pid", which makes it a more juicy +// target for [CVE-2024-21626]-style attacks (and doing something like opening +// a directory with OpenRoot effectively leaks [OpenUnsafeProcRoot] as long as +// the file descriptor is open). +// +// [CVE-2024-21626]: https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv +func (proc *Handle) OpenRoot(subpath string) (*os.File, error) { + return proc.inner.OpenRoot(subpath) +} + +// OpenPid returns a handle to /proc/$pid/ (pid can be a pid or tid). +// This is mainly intended for usage when operating on other processes. +// +// You should not use this for the current thread, as special handling is +// needed for /proc/thread-self (or /proc/self/task/) when dealing with +// goroutine scheduling -- use [Handle.OpenThreadSelf] instead. +// +// To refer to the current thread-group, you should use prefer +// [Handle.OpenSelf] to passing os.Getpid as the pid argument. +func (proc *Handle) OpenPid(pid int, subpath string) (*os.File, error) { + return proc.inner.OpenPid(pid, subpath) +} + +// ProcSelfFdReadlink gets the real path of the given file by looking at +// /proc/self/fd/ with [readlink]. It is effectively just shorthand for +// something along the lines of: +// +// proc, err := procfs.OpenProcRoot() +// if err != nil { +// return err +// } +// link, err := proc.OpenThreadSelf(fmt.Sprintf("fd/%d", f.Fd())) +// if err != nil { +// return err +// } +// defer link.Close() +// var buf [4096]byte +// n, err := unix.Readlinkat(int(link.Fd()), "", buf[:]) +// if err != nil { +// return err +// } +// pathname := buf[:n] +// +// [readlink]: https://pkg.go.dev/golang.org/x/sys/unix#Readlinkat +func ProcSelfFdReadlink(f *os.File) (string, error) { + return procfs.ProcSelfFdReadlink(f) +} diff --git a/vendor/github.com/cyphar/filepath-securejoin/procfs_linux.go b/vendor/github.com/cyphar/filepath-securejoin/procfs_linux.go deleted file mode 100644 index 809a579cbdb..00000000000 --- a/vendor/github.com/cyphar/filepath-securejoin/procfs_linux.go +++ /dev/null @@ -1,452 +0,0 @@ -//go:build linux - -// Copyright (C) 2024 SUSE LLC. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package securejoin - -import ( - "errors" - "fmt" - "os" - "runtime" - "strconv" - - "golang.org/x/sys/unix" -) - -func fstat(f *os.File) (unix.Stat_t, error) { - var stat unix.Stat_t - if err := unix.Fstat(int(f.Fd()), &stat); err != nil { - return stat, &os.PathError{Op: "fstat", Path: f.Name(), Err: err} - } - return stat, nil -} - -func fstatfs(f *os.File) (unix.Statfs_t, error) { - var statfs unix.Statfs_t - if err := unix.Fstatfs(int(f.Fd()), &statfs); err != nil { - return statfs, &os.PathError{Op: "fstatfs", Path: f.Name(), Err: err} - } - return statfs, nil -} - -// The kernel guarantees that the root inode of a procfs mount has an -// f_type of PROC_SUPER_MAGIC and st_ino of PROC_ROOT_INO. -const ( - procSuperMagic = 0x9fa0 // PROC_SUPER_MAGIC - procRootIno = 1 // PROC_ROOT_INO -) - -func verifyProcRoot(procRoot *os.File) error { - if statfs, err := fstatfs(procRoot); err != nil { - return err - } else if statfs.Type != procSuperMagic { - return fmt.Errorf("%w: incorrect procfs root filesystem type 0x%x", errUnsafeProcfs, statfs.Type) - } - if stat, err := fstat(procRoot); err != nil { - return err - } else if stat.Ino != procRootIno { - return fmt.Errorf("%w: incorrect procfs root inode number %d", errUnsafeProcfs, stat.Ino) - } - return nil -} - -var hasNewMountApi = sync_OnceValue(func() bool { - // All of the pieces of the new mount API we use (fsopen, fsconfig, - // fsmount, open_tree) were added together in Linux 5.1[1,2], so we can - // just check for one of the syscalls and the others should also be - // available. - // - // Just try to use open_tree(2) to open a file without OPEN_TREE_CLONE. - // This is equivalent to openat(2), but tells us if open_tree is - // available (and thus all of the other basic new mount API syscalls). - // open_tree(2) is most light-weight syscall to test here. - // - // [1]: merge commit 400913252d09 - // [2]: - fd, err := unix.OpenTree(-int(unix.EBADF), "/", unix.OPEN_TREE_CLOEXEC) - if err != nil { - return false - } - _ = unix.Close(fd) - return true -}) - -func fsopen(fsName string, flags int) (*os.File, error) { - // Make sure we always set O_CLOEXEC. - flags |= unix.FSOPEN_CLOEXEC - fd, err := unix.Fsopen(fsName, flags) - if err != nil { - return nil, os.NewSyscallError("fsopen "+fsName, err) - } - return os.NewFile(uintptr(fd), "fscontext:"+fsName), nil -} - -func fsmount(ctx *os.File, flags, mountAttrs int) (*os.File, error) { - // Make sure we always set O_CLOEXEC. - flags |= unix.FSMOUNT_CLOEXEC - fd, err := unix.Fsmount(int(ctx.Fd()), flags, mountAttrs) - if err != nil { - return nil, os.NewSyscallError("fsmount "+ctx.Name(), err) - } - return os.NewFile(uintptr(fd), "fsmount:"+ctx.Name()), nil -} - -func newPrivateProcMount() (*os.File, error) { - procfsCtx, err := fsopen("proc", unix.FSOPEN_CLOEXEC) - if err != nil { - return nil, err - } - defer procfsCtx.Close() - - // Try to configure hidepid=ptraceable,subset=pid if possible, but ignore errors. - _ = unix.FsconfigSetString(int(procfsCtx.Fd()), "hidepid", "ptraceable") - _ = unix.FsconfigSetString(int(procfsCtx.Fd()), "subset", "pid") - - // Get an actual handle. - if err := unix.FsconfigCreate(int(procfsCtx.Fd())); err != nil { - return nil, os.NewSyscallError("fsconfig create procfs", err) - } - return fsmount(procfsCtx, unix.FSMOUNT_CLOEXEC, unix.MS_RDONLY|unix.MS_NODEV|unix.MS_NOEXEC|unix.MS_NOSUID) -} - -func openTree(dir *os.File, path string, flags uint) (*os.File, error) { - dirFd := -int(unix.EBADF) - dirName := "." - if dir != nil { - dirFd = int(dir.Fd()) - dirName = dir.Name() - } - // Make sure we always set O_CLOEXEC. - flags |= unix.OPEN_TREE_CLOEXEC - fd, err := unix.OpenTree(dirFd, path, flags) - if err != nil { - return nil, &os.PathError{Op: "open_tree", Path: path, Err: err} - } - return os.NewFile(uintptr(fd), dirName+"/"+path), nil -} - -func clonePrivateProcMount() (_ *os.File, Err error) { - // Try to make a clone without using AT_RECURSIVE if we can. If this works, - // we can be sure there are no over-mounts and so if the root is valid then - // we're golden. Otherwise, we have to deal with over-mounts. - procfsHandle, err := openTree(nil, "/proc", unix.OPEN_TREE_CLONE) - if err != nil || hookForcePrivateProcRootOpenTreeAtRecursive(procfsHandle) { - procfsHandle, err = openTree(nil, "/proc", unix.OPEN_TREE_CLONE|unix.AT_RECURSIVE) - } - if err != nil { - return nil, fmt.Errorf("creating a detached procfs clone: %w", err) - } - defer func() { - if Err != nil { - _ = procfsHandle.Close() - } - }() - if err := verifyProcRoot(procfsHandle); err != nil { - return nil, err - } - return procfsHandle, nil -} - -func privateProcRoot() (*os.File, error) { - if !hasNewMountApi() || hookForceGetProcRootUnsafe() { - return nil, fmt.Errorf("new mount api: %w", unix.ENOTSUP) - } - // Try to create a new procfs mount from scratch if we can. This ensures we - // can get a procfs mount even if /proc is fake (for whatever reason). - procRoot, err := newPrivateProcMount() - if err != nil || hookForcePrivateProcRootOpenTree(procRoot) { - // Try to clone /proc then... - procRoot, err = clonePrivateProcMount() - } - return procRoot, err -} - -func unsafeHostProcRoot() (_ *os.File, Err error) { - procRoot, err := os.OpenFile("/proc", unix.O_PATH|unix.O_NOFOLLOW|unix.O_DIRECTORY|unix.O_CLOEXEC, 0) - if err != nil { - return nil, err - } - defer func() { - if Err != nil { - _ = procRoot.Close() - } - }() - if err := verifyProcRoot(procRoot); err != nil { - return nil, err - } - return procRoot, nil -} - -func doGetProcRoot() (*os.File, error) { - procRoot, err := privateProcRoot() - if err != nil { - // Fall back to using a /proc handle if making a private mount failed. - // If we have openat2, at least we can avoid some kinds of over-mount - // attacks, but without openat2 there's not much we can do. - procRoot, err = unsafeHostProcRoot() - } - return procRoot, err -} - -var getProcRoot = sync_OnceValues(func() (*os.File, error) { - return doGetProcRoot() -}) - -var hasProcThreadSelf = sync_OnceValue(func() bool { - return unix.Access("/proc/thread-self/", unix.F_OK) == nil -}) - -var errUnsafeProcfs = errors.New("unsafe procfs detected") - -type procThreadSelfCloser func() - -// procThreadSelf returns a handle to /proc/thread-self/ (or an -// equivalent handle on older kernels where /proc/thread-self doesn't exist). -// Once finished with the handle, you must call the returned closer function -// (runtime.UnlockOSThread). You must not pass the returned *os.File to other -// Go threads or use the handle after calling the closer. -// -// This is similar to ProcThreadSelf from runc, but with extra hardening -// applied and using *os.File. -func procThreadSelf(procRoot *os.File, subpath string) (_ *os.File, _ procThreadSelfCloser, Err error) { - // We need to lock our thread until the caller is done with the handle - // because between getting the handle and using it we could get interrupted - // by the Go runtime and hit the case where the underlying thread is - // swapped out and the original thread is killed, resulting in - // pull-your-hair-out-hard-to-debug issues in the caller. - runtime.LockOSThread() - defer func() { - if Err != nil { - runtime.UnlockOSThread() - } - }() - - // Figure out what prefix we want to use. - threadSelf := "thread-self/" - if !hasProcThreadSelf() || hookForceProcSelfTask() { - /// Pre-3.17 kernels don't have /proc/thread-self, so do it manually. - threadSelf = "self/task/" + strconv.Itoa(unix.Gettid()) + "/" - if _, err := fstatatFile(procRoot, threadSelf, unix.AT_SYMLINK_NOFOLLOW); err != nil || hookForceProcSelf() { - // In this case, we running in a pid namespace that doesn't match - // the /proc mount we have. This can happen inside runc. - // - // Unfortunately, there is no nice way to get the correct TID to - // use here because of the age of the kernel, so we have to just - // use /proc/self and hope that it works. - threadSelf = "self/" - } - } - - // Grab the handle. - var ( - handle *os.File - err error - ) - if hasOpenat2() { - // We prefer being able to use RESOLVE_NO_XDEV if we can, to be - // absolutely sure we are operating on a clean /proc handle that - // doesn't have any cheeky overmounts that could trick us (including - // symlink mounts on top of /proc/thread-self). RESOLVE_BENEATH isn't - // strictly needed, but just use it since we have it. - // - // NOTE: /proc/self is technically a magic-link (the contents of the - // symlink are generated dynamically), but it doesn't use - // nd_jump_link() so RESOLVE_NO_MAGICLINKS allows it. - // - // NOTE: We MUST NOT use RESOLVE_IN_ROOT here, as openat2File uses - // procSelfFdReadlink to clean up the returned f.Name() if we use - // RESOLVE_IN_ROOT (which would lead to an infinite recursion). - handle, err = openat2File(procRoot, threadSelf+subpath, &unix.OpenHow{ - Flags: unix.O_PATH | unix.O_NOFOLLOW | unix.O_CLOEXEC, - Resolve: unix.RESOLVE_BENEATH | unix.RESOLVE_NO_XDEV | unix.RESOLVE_NO_MAGICLINKS, - }) - if err != nil { - // TODO: Once we bump the minimum Go version to 1.20, we can use - // multiple %w verbs for this wrapping. For now we need to use a - // compatibility shim for older Go versions. - //err = fmt.Errorf("%w: %w", errUnsafeProcfs, err) - return nil, nil, wrapBaseError(err, errUnsafeProcfs) - } - } else { - handle, err = openatFile(procRoot, threadSelf+subpath, unix.O_PATH|unix.O_NOFOLLOW|unix.O_CLOEXEC, 0) - if err != nil { - // TODO: Once we bump the minimum Go version to 1.20, we can use - // multiple %w verbs for this wrapping. For now we need to use a - // compatibility shim for older Go versions. - //err = fmt.Errorf("%w: %w", errUnsafeProcfs, err) - return nil, nil, wrapBaseError(err, errUnsafeProcfs) - } - defer func() { - if Err != nil { - _ = handle.Close() - } - }() - // We can't detect bind-mounts of different parts of procfs on top of - // /proc (a-la RESOLVE_NO_XDEV), but we can at least be sure that we - // aren't on the wrong filesystem here. - if statfs, err := fstatfs(handle); err != nil { - return nil, nil, err - } else if statfs.Type != procSuperMagic { - return nil, nil, fmt.Errorf("%w: incorrect /proc/self/fd filesystem type 0x%x", errUnsafeProcfs, statfs.Type) - } - } - return handle, runtime.UnlockOSThread, nil -} - -// STATX_MNT_ID_UNIQUE is provided in golang.org/x/sys@v0.20.0, but in order to -// avoid bumping the requirement for a single constant we can just define it -// ourselves. -const STATX_MNT_ID_UNIQUE = 0x4000 - -var hasStatxMountId = sync_OnceValue(func() bool { - var ( - stx unix.Statx_t - // We don't care which mount ID we get. The kernel will give us the - // unique one if it is supported. - wantStxMask uint32 = STATX_MNT_ID_UNIQUE | unix.STATX_MNT_ID - ) - err := unix.Statx(-int(unix.EBADF), "/", 0, int(wantStxMask), &stx) - return err == nil && stx.Mask&wantStxMask != 0 -}) - -func getMountId(dir *os.File, path string) (uint64, error) { - // If we don't have statx(STATX_MNT_ID*) support, we can't do anything. - if !hasStatxMountId() { - return 0, nil - } - - var ( - stx unix.Statx_t - // We don't care which mount ID we get. The kernel will give us the - // unique one if it is supported. - wantStxMask uint32 = STATX_MNT_ID_UNIQUE | unix.STATX_MNT_ID - ) - - err := unix.Statx(int(dir.Fd()), path, unix.AT_EMPTY_PATH|unix.AT_SYMLINK_NOFOLLOW, int(wantStxMask), &stx) - if stx.Mask&wantStxMask == 0 { - // It's not a kernel limitation, for some reason we couldn't get a - // mount ID. Assume it's some kind of attack. - err = fmt.Errorf("%w: could not get mount id", errUnsafeProcfs) - } - if err != nil { - return 0, &os.PathError{Op: "statx(STATX_MNT_ID_...)", Path: dir.Name() + "/" + path, Err: err} - } - return stx.Mnt_id, nil -} - -func checkSymlinkOvermount(procRoot *os.File, dir *os.File, path string) error { - // Get the mntId of our procfs handle. - expectedMountId, err := getMountId(procRoot, "") - if err != nil { - return err - } - // Get the mntId of the target magic-link. - gotMountId, err := getMountId(dir, path) - if err != nil { - return err - } - // As long as the directory mount is alive, even with wrapping mount IDs, - // we would expect to see a different mount ID here. (Of course, if we're - // using unsafeHostProcRoot() then an attaker could change this after we - // did this check.) - if expectedMountId != gotMountId { - return fmt.Errorf("%w: symlink %s/%s has an overmount obscuring the real link (mount ids do not match %d != %d)", errUnsafeProcfs, dir.Name(), path, expectedMountId, gotMountId) - } - return nil -} - -func doRawProcSelfFdReadlink(procRoot *os.File, fd int) (string, error) { - fdPath := fmt.Sprintf("fd/%d", fd) - procFdLink, closer, err := procThreadSelf(procRoot, fdPath) - if err != nil { - return "", fmt.Errorf("get safe /proc/thread-self/%s handle: %w", fdPath, err) - } - defer procFdLink.Close() - defer closer() - - // Try to detect if there is a mount on top of the magic-link. Since we use the handle directly - // provide to the closure. If the closure uses the handle directly, this - // should be safe in general (a mount on top of the path afterwards would - // not affect the handle itself) and will definitely be safe if we are - // using privateProcRoot() (at least since Linux 5.12[1], when anonymous - // mount namespaces were completely isolated from external mounts including - // mount propagation events). - // - // [1]: Linux commit ee2e3f50629f ("mount: fix mounting of detached mounts - // onto targets that reside on shared mounts"). - if err := checkSymlinkOvermount(procRoot, procFdLink, ""); err != nil { - return "", fmt.Errorf("check safety of /proc/thread-self/fd/%d magiclink: %w", fd, err) - } - - // readlinkat implies AT_EMPTY_PATH since Linux 2.6.39. See Linux commit - // 65cfc6722361 ("readlinkat(), fchownat() and fstatat() with empty - // relative pathnames"). - return readlinkatFile(procFdLink, "") -} - -func rawProcSelfFdReadlink(fd int) (string, error) { - procRoot, err := getProcRoot() - if err != nil { - return "", err - } - return doRawProcSelfFdReadlink(procRoot, fd) -} - -func procSelfFdReadlink(f *os.File) (string, error) { - return rawProcSelfFdReadlink(int(f.Fd())) -} - -var ( - errPossibleBreakout = errors.New("possible breakout detected") - errInvalidDirectory = errors.New("wandered into deleted directory") - errDeletedInode = errors.New("cannot verify path of deleted inode") -) - -func isDeadInode(file *os.File) error { - // If the nlink of a file drops to 0, there is an attacker deleting - // directories during our walk, which could result in weird /proc values. - // It's better to error out in this case. - stat, err := fstat(file) - if err != nil { - return fmt.Errorf("check for dead inode: %w", err) - } - if stat.Nlink == 0 { - err := errDeletedInode - if stat.Mode&unix.S_IFMT == unix.S_IFDIR { - err = errInvalidDirectory - } - return fmt.Errorf("%w %q", err, file.Name()) - } - return nil -} - -func checkProcSelfFdPath(path string, file *os.File) error { - if err := isDeadInode(file); err != nil { - return err - } - actualPath, err := procSelfFdReadlink(file) - if err != nil { - return fmt.Errorf("get path of handle: %w", err) - } - if actualPath != path { - return fmt.Errorf("%w: handle path %q doesn't match expected path %q", errPossibleBreakout, actualPath, path) - } - return nil -} - -// Test hooks used in the procfs tests to verify that the fallback logic works. -// See testing_mocks_linux_test.go and procfs_linux_test.go for more details. -var ( - hookForcePrivateProcRootOpenTree = hookDummyFile - hookForcePrivateProcRootOpenTreeAtRecursive = hookDummyFile - hookForceGetProcRootUnsafe = hookDummy - - hookForceProcSelfTask = hookDummy - hookForceProcSelf = hookDummy -) - -func hookDummy() bool { return false } -func hookDummyFile(_ *os.File) bool { return false } diff --git a/vendor/github.com/cyphar/filepath-securejoin/vfs.go b/vendor/github.com/cyphar/filepath-securejoin/vfs.go index 36373f8c517..4d89a481ca7 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/vfs.go +++ b/vendor/github.com/cyphar/filepath-securejoin/vfs.go @@ -1,3 +1,5 @@ +// SPDX-License-Identifier: BSD-3-Clause + // Copyright (C) 2017-2024 SUSE LLC. All rights reserved. // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. diff --git a/vendor/modules.txt b/vendor/modules.txt index 3633df7018e..91eef3d4b55 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -27,9 +27,19 @@ github.com/coreos/go-systemd/v22/dbus # github.com/cpuguy83/go-md2man/v2 v2.0.7 ## explicit; go 1.12 github.com/cpuguy83/go-md2man/v2/md2man -# github.com/cyphar/filepath-securejoin v0.4.1 +# github.com/cyphar/filepath-securejoin v0.5.0 ## explicit; go 1.18 github.com/cyphar/filepath-securejoin +github.com/cyphar/filepath-securejoin/internal/consts +github.com/cyphar/filepath-securejoin/pathrs-lite +github.com/cyphar/filepath-securejoin/pathrs-lite/internal +github.com/cyphar/filepath-securejoin/pathrs-lite/internal/assert +github.com/cyphar/filepath-securejoin/pathrs-lite/internal/fd +github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gocompat +github.com/cyphar/filepath-securejoin/pathrs-lite/internal/kernelversion +github.com/cyphar/filepath-securejoin/pathrs-lite/internal/linux +github.com/cyphar/filepath-securejoin/pathrs-lite/internal/procfs +github.com/cyphar/filepath-securejoin/pathrs-lite/procfs # github.com/docker/go-units v0.5.0 ## explicit github.com/docker/go-units From 77889b56db939c323d29d1130f28f9aea2edb544 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Fri, 18 Jul 2025 13:24:31 +1000 Subject: [PATCH 1088/1176] internal: add wrappers for securejoin.Proc* Signed-off-by: Aleksa Sarai --- internal/pathrs/procfs_pathrslite.go | 72 ++++++++++++++++++++++++++++ 1 file changed, 72 insertions(+) diff --git a/internal/pathrs/procfs_pathrslite.go b/internal/pathrs/procfs_pathrslite.go index 74556db6437..a02b0d39a92 100644 --- a/internal/pathrs/procfs_pathrslite.go +++ b/internal/pathrs/procfs_pathrslite.go @@ -19,11 +19,83 @@ package pathrs import ( + "fmt" "os" "github.com/cyphar/filepath-securejoin/pathrs-lite" + "github.com/cyphar/filepath-securejoin/pathrs-lite/procfs" ) +func procOpenReopen(openFn func(subpath string) (*os.File, error), subpath string, flags int) (*os.File, error) { + handle, err := openFn(subpath) + if err != nil { + return nil, err + } + defer handle.Close() + + f, err := pathrs.Reopen(handle, flags) + if err != nil { + return nil, fmt.Errorf("reopen %s: %w", handle.Name(), err) + } + return f, nil +} + +// ProcSelfOpen is a wrapper around [procfs.Handle.OpenSelf] and +// [pathrs.Reopen], to let you one-shot open a procfs file with the given +// flags. +func ProcSelfOpen(subpath string, flags int) (*os.File, error) { + proc, err := procfs.OpenProcRoot() + if err != nil { + return nil, err + } + defer proc.Close() + return procOpenReopen(proc.OpenSelf, subpath, flags) +} + +// ProcPidOpen is a wrapper around [procfs.Handle.OpenPid] and [pathrs.Reopen], +// to let you one-shot open a procfs file with the given flags. +func ProcPidOpen(pid int, subpath string, flags int) (*os.File, error) { + proc, err := procfs.OpenProcRoot() + if err != nil { + return nil, err + } + defer proc.Close() + return procOpenReopen(func(subpath string) (*os.File, error) { + return proc.OpenPid(pid, subpath) + }, subpath, flags) +} + +// ProcThreadSelfOpen is a wrapper around [procfs.Handle.OpenThreadSelf] and +// [pathrs.Reopen], to let you one-shot open a procfs file with the given +// flags. The returned [procfs.ProcThreadSelfCloser] needs the same handling as +// when using pathrs-lite. +func ProcThreadSelfOpen(subpath string, flags int) (_ *os.File, _ procfs.ProcThreadSelfCloser, Err error) { + proc, err := procfs.OpenProcRoot() + if err != nil { + return nil, nil, err + } + defer proc.Close() + + handle, closer, err := proc.OpenThreadSelf(subpath) + if err != nil { + return nil, nil, err + } + if closer != nil { + defer func() { + if Err != nil { + closer() + } + }() + } + defer handle.Close() + + f, err := pathrs.Reopen(handle, flags) + if err != nil { + return nil, nil, fmt.Errorf("reopen %s: %w", handle.Name(), err) + } + return f, closer, nil +} + // Reopen is a wrapper around pathrs.Reopen. func Reopen(file *os.File, flags int) (*os.File, error) { return pathrs.Reopen(file, flags) From 01de9d65dc72f67b256ef03f9bfb795a2bf143b4 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Thu, 15 May 2025 21:38:32 +1000 Subject: [PATCH 1089/1176] rootfs: avoid using os.Create for new device inodes If an attacker were to make the target of a device inode creation be a symlink to some host path, os.Create would happily truncate the target which could lead to all sorts of issues. This exploit is probably not as exploitable because device inodes are usually only bind-mounted for rootless containers, which cannot overwrite important host files (though user files would still be up for grabs). The regular inode creation logic could also theoretically be tricked into changing the access mode and ownership of host files if the newly-created device inode was swapped with a symlink to a host path. Signed-off-by: Aleksa Sarai --- internal/sys/opath_linux.go | 53 ++++++++++++++++++++++++ libcontainer/rootfs_linux.go | 80 +++++++++++++++++++++++++----------- libcontainer/system/linux.go | 20 +++++++++ 3 files changed, 130 insertions(+), 23 deletions(-) create mode 100644 internal/sys/opath_linux.go diff --git a/internal/sys/opath_linux.go b/internal/sys/opath_linux.go new file mode 100644 index 00000000000..17a216bc505 --- /dev/null +++ b/internal/sys/opath_linux.go @@ -0,0 +1,53 @@ +package sys + +import ( + "fmt" + "os" + "runtime" + "strconv" + + "golang.org/x/sys/unix" + + "github.com/opencontainers/runc/internal/pathrs" +) + +// FchmodFile is a wrapper around fchmodat2(AT_EMPTY_PATH) with fallbacks for +// older kernels. This is distinct from [File.Chmod] and [unix.Fchmod] in that +// it works on O_PATH file descriptors. +func FchmodFile(f *os.File, mode uint32) error { + err := unix.Fchmodat(int(f.Fd()), "", mode, unix.AT_EMPTY_PATH) + // If fchmodat2(2) is not available at all, golang.org/x/unix (probably + // in order to mirror glibc) returns EOPNOTSUPP rather than EINVAL + // (what the kernel actually returns for invalid flags, which is being + // emulated) or ENOSYS (which is what glibc actually sees). + if err != unix.EINVAL && err != unix.EOPNOTSUPP { //nolint:errorlint // unix errors are bare + // err == nil is implicitly handled + return os.NewSyscallError("fchmodat2 AT_EMPTY_PATH", err) + } + + // AT_EMPTY_PATH support was added to fchmodat2 in Linux 6.6 + // (5daeb41a6fc9d0d81cb2291884b7410e062d8fa1). The alternative for + // older kernels is to go through /proc. + fdDir, closer, err2 := pathrs.ProcThreadSelfOpen("fd/", unix.O_DIRECTORY) + if err2 != nil { + return fmt.Errorf("fchmodat2 AT_EMPTY_PATH fallback: %w", err2) + } + defer closer() + defer fdDir.Close() + + err = unix.Fchmodat(int(fdDir.Fd()), strconv.Itoa(int(f.Fd())), mode, 0) + if err != nil { + err = fmt.Errorf("fchmodat /proc/self/fd/%d: %w", f.Fd(), err) + } + runtime.KeepAlive(f) + return err +} + +// FchownFile is a wrapper around fchownat(AT_EMPTY_PATH). This is distinct +// from [File.Chown] and [unix.Fchown] in that it works on O_PATH file +// descriptors. +func FchownFile(f *os.File, uid, gid int) error { + err := unix.Fchownat(int(f.Fd()), "", uid, gid, unix.AT_EMPTY_PATH) + runtime.KeepAlive(f) + return os.NewSyscallError("fchownat AT_EMPTY_PATH", err) +} diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index cb4c4562f27..8788f1d3fff 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -7,6 +7,7 @@ import ( "os" "path" "path/filepath" + "runtime" "strconv" "strings" "syscall" @@ -932,17 +933,18 @@ func createDevices(config *configs.Config) error { return nil } -func bindMountDeviceNode(rootfs, dest string, node *devices.Device) error { - f, err := os.Create(dest) - if err != nil && !os.IsExist(err) { - return err - } - if f != nil { - _ = f.Close() +func bindMountDeviceNode(destDir *os.File, destName string, node *devices.Device) error { + dstFile, err := utils.Openat(destDir, destName, unix.O_CREAT|unix.O_NOFOLLOW|unix.O_CLOEXEC, 0o000) + if err != nil { + return fmt.Errorf("create device inode %s: %w", node.Path, err) } - return utils.WithProcfd(rootfs, dest, func(dstFd string) error { - return mountViaFds(node.Path, nil, dest, dstFd, "bind", unix.MS_BIND, "") - }) + defer dstFile.Close() + + dstFd, closer := utils.ProcThreadSelfFd(dstFile.Fd()) + defer closer() + + dstPath := filepath.Join(destDir.Name(), destName) + return mountViaFds(node.Path, nil, dstPath, dstFd, "bind", unix.MS_BIND, "") } // Creates the device node in the rootfs of the container. @@ -951,31 +953,33 @@ func createDeviceNode(rootfs string, node *devices.Device, bind bool) error { // The node only exists for cgroup reasons, ignore it here. return nil } - dest, err := securejoin.SecureJoin(rootfs, node.Path) + destPath, err := securejoin.SecureJoin(rootfs, node.Path) if err != nil { return err } - if dest == rootfs { + if destPath == rootfs { return fmt.Errorf("%w: mknod over rootfs", errRootfsToFile) } - if err := pathrs.MkdirAllInRoot(rootfs, filepath.Dir(dest), 0o755); err != nil { - return err + destDirPath, destName := filepath.Split(destPath) + destDir, err := pathrs.MkdirAllInRootOpen(rootfs, destDirPath, 0o755) + if err != nil { + return fmt.Errorf("mkdir parent of device inode %q: %w", node.Path, err) } if bind { - return bindMountDeviceNode(rootfs, dest, node) + return bindMountDeviceNode(destDir, destName, node) } - if err := mknodDevice(dest, node); err != nil { + if err := mknodDevice(destDir, destName, node); err != nil { if errors.Is(err, os.ErrExist) { return nil } else if errors.Is(err, os.ErrPermission) { - return bindMountDeviceNode(rootfs, dest, node) + return bindMountDeviceNode(destDir, destName, node) } return err } return nil } -func mknodDevice(dest string, node *devices.Device) error { +func mknodDevice(destDir *os.File, destName string, node *devices.Device) error { fileMode := node.FileMode switch node.Type { case devices.BlockDevice: @@ -991,14 +995,44 @@ func mknodDevice(dest string, node *devices.Device) error { if err != nil { return err } - if err := unix.Mknod(dest, uint32(fileMode), int(dev)); err != nil { - return &os.PathError{Op: "mknod", Path: dest, Err: err} + if err := unix.Mknodat(int(destDir.Fd()), destName, uint32(fileMode), int(dev)); err != nil { + return &os.PathError{Op: "mknodat", Path: filepath.Join(destDir.Name(), destName), Err: err} } - // Ensure permission bits (can be different because of umask). - if err := os.Chmod(dest, fileMode); err != nil { + + // Get a handle and verify that it matches the expected inode type and + // major:minor before we operate on it. + devFile, err := utils.Openat(destDir, destName, unix.O_NOFOLLOW|unix.O_PATH, 0) + if err != nil { + return fmt.Errorf("open new %c device inode %s: %w", node.Type, node.Path, err) + } + defer devFile.Close() + + if err := sys.VerifyInode(devFile, func(stat *unix.Stat_t, _ *unix.Statfs_t) error { + if stat.Mode&unix.S_IFMT != uint32(fileMode)&unix.S_IFMT { + return fmt.Errorf("new %c device inode %s has incorrect ftype: %#x doesn't match expected %#v", + node.Type, node.Path, + stat.Mode&unix.S_IFMT, fileMode&unix.S_IFMT) + } + if stat.Rdev != dev { + return fmt.Errorf("new %c device inode %s has incorrect major:minor: %d:%d doesn't match expected %d:%d", + node.Type, node.Path, + unix.Major(stat.Rdev), unix.Minor(stat.Rdev), + unix.Major(dev), unix.Minor(dev)) + } + return nil + }); err != nil { return err } - return os.Chown(dest, int(node.Uid), int(node.Gid)) + + // Ensure permission bits (can be different because of umask). + if err := sys.FchmodFile(devFile, uint32(fileMode)); err != nil { + return fmt.Errorf("update new %c device inode %s file mode: %w", node.Type, node.Path, err) + } + if err := sys.FchownFile(devFile, int(node.Uid), int(node.Gid)); err != nil { + return fmt.Errorf("update new %c device inode %s owner: %w", node.Type, node.Path, err) + } + runtime.KeepAlive(devFile) + return nil } // rootfsParentMountPrivate ensures rootfs parent mount is private. diff --git a/libcontainer/system/linux.go b/libcontainer/system/linux.go index 48167bd62ed..eaaf13e63a0 100644 --- a/libcontainer/system/linux.go +++ b/libcontainer/system/linux.go @@ -160,3 +160,23 @@ func SetLinuxPersonality(personality int) error { } return nil } + +// GetPtyPeer is a wrapper for ioctl(TIOCGPTPEER). +func GetPtyPeer(ptyFd uintptr, unsafePeerPath string, flags int) (*os.File, error) { + // Make sure O_NOCTTY is always set -- otherwise runc might accidentally + // gain it as a controlling terminal. O_CLOEXEC also needs to be set to + // make sure we don't leak the handle either. + flags |= unix.O_NOCTTY | unix.O_CLOEXEC + + // There is no nice wrapper for this kind of ioctl in unix. + peerFd, _, errno := unix.Syscall( + unix.SYS_IOCTL, + ptyFd, + uintptr(unix.TIOCGPTPEER), + uintptr(flags), + ) + if errno != 0 { + return nil, os.NewSyscallError("ioctl TIOCGPTPEER", errno) + } + return os.NewFile(peerFd, unsafePeerPath), nil +} From aee7d3fe355dd02939d44155e308ea0052e0d53a Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Thu, 15 May 2025 17:40:25 +1000 Subject: [PATCH 1090/1176] ci: add lint to forbid the usage of os.Create os.Create is shorthand for open(O_CREAT|O_TRUNC) *without* O_EXCL, which is incredibly unsafe for us to do when interacting with a container rootfs (especially before pivot_root) as an attacker could swap the target path with a symlink that points to the host filesystem, causing us to delete the contents of or create host files. We did have a similar bug in CVE-2024-45310, but in that case we (luckily) didn't have O_TRUNC set which avoided the worst possible case. However, os.Create does set O_TRUNC and we were using it in scenarios that may have been exploitable. Because of how easy it us for us to accidentally introduce this kind of bug, we should simply not allow the usage of os.Create in our entire codebase. Signed-off-by: Aleksa Sarai --- .golangci.yml | 15 +++++++++++++++ libcontainer/criu_linux.go | 2 +- 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/.golangci.yml b/.golangci.yml index 5d31ed92a9a..b9a5bc7bf05 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -11,6 +11,7 @@ formatters: linters: enable: - errorlint + - forbidigo - nolintlint - unconvert - unparam @@ -25,6 +26,20 @@ linters: - -ST1003 # https://staticcheck.dev/docs/checks/#ST1003 Poorly chosen identifier. - -ST1005 # https://staticcheck.dev/docs/checks/#ST1005 Incorrectly formatted error string. - -QF1008 # https://staticcheck.dev/docs/checks/#QF1008 Omit embedded fields from selector expression. + forbidigo: + forbid: + # os.Create implies O_TRUNC without O_CREAT|O_EXCL, which can lead to + # an even more severe attacks than CVE-2024-45310, where host files + # could be wiped. Always use O_EXCL or otherwise ensure we are not + # going to be tricked into overwriting host files. + - pattern: ^os\.Create$ + pkg: ^os$ + analyze-types: true exclusions: + rules: + # forbidigo lints are only relevant for main code. + - path: '(.+)_test\.go' + linters: + - forbidigo presets: - std-error-handling diff --git a/libcontainer/criu_linux.go b/libcontainer/criu_linux.go index fb435e11112..e96873923bc 100644 --- a/libcontainer/criu_linux.go +++ b/libcontainer/criu_linux.go @@ -1090,7 +1090,7 @@ func (c *Container) criuNotifications(resp *criurpc.CriuResp, process *Process, logrus.Debugf("notify: %s\n", script) switch script { case "post-dump": - f, err := os.Create(filepath.Join(c.stateDir, "checkpoint")) + f, err := os.Create(filepath.Join(c.stateDir, "checkpoint")) //nolint:forbidigo // this is a host-side operation in a runc-controlled directory if err != nil { return err } From fdcc9d3cad2f85954a241ccb910a61aaa1ef47f3 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Fri, 20 Jun 2025 15:41:51 +1000 Subject: [PATCH 1091/1176] apparmor: use safe procfs API for labels EnsureProcHandle only protects us against a tmpfs mount, but the risk of a procfs path being used (such as /proc/self/sched) has been known for a while. Now that filepath-securejoin has a reasonably safe procfs API, switch to it. Fixes: GHSA-cgrx-mc8f-2prm CVE-2025-52881 Signed-off-by: Aleksa Sarai --- libcontainer/apparmor/apparmor_linux.go | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/libcontainer/apparmor/apparmor_linux.go b/libcontainer/apparmor/apparmor_linux.go index 10da91b3c37..9f0f7b9aace 100644 --- a/libcontainer/apparmor/apparmor_linux.go +++ b/libcontainer/apparmor/apparmor_linux.go @@ -6,6 +6,9 @@ import ( "os" "sync" + "golang.org/x/sys/unix" + + "github.com/opencontainers/runc/internal/pathrs" "github.com/opencontainers/runc/libcontainer/utils" ) @@ -36,15 +39,15 @@ func setProcAttr(attr, value string) error { // Under AppArmor you can only change your own attr, so there's no reason // to not use /proc/thread-self/ (instead of /proc//, like libapparmor // does). - attrPath, closer := utils.ProcThreadSelf(attrSubPath) - defer closer() - - f, err := os.OpenFile(attrPath, os.O_WRONLY, 0) + f, closer, err := pathrs.ProcThreadSelfOpen(attrSubPath, unix.O_WRONLY|unix.O_CLOEXEC) if err != nil { return err } + defer closer() defer f.Close() + // NOTE: This is not really necessary since securejoin.ProcThreadSelf + // verifies this in a far stricter sense than EnsureProcHandle. if err := utils.EnsureProcHandle(f); err != nil { return err } From ff6fe1324663538167eca8b3d3eec61e1bd4fa51 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Fri, 20 Jun 2025 15:43:49 +1000 Subject: [PATCH 1092/1176] utils: use safe procfs for /proc/self/fd loop code From a safety perspective this might not be strictly required, but it paves the way for us to remove utils.ProcThreadSelf. Signed-off-by: Aleksa Sarai --- internal/linux/linux.go | 19 +++++++++++++++++++ libcontainer/integration/exec_test.go | 15 ++++++++------- libcontainer/utils/utils_unix.go | 11 ++++++----- utils_linux.go | 9 +++++++-- 4 files changed, 40 insertions(+), 14 deletions(-) diff --git a/internal/linux/linux.go b/internal/linux/linux.go index ef230b1331f..88fe5e0dfdf 100644 --- a/internal/linux/linux.go +++ b/internal/linux/linux.go @@ -86,6 +86,25 @@ func SetMempolicy(mode uint, mask *unix.CPUSet) error { return os.NewSyscallError("set_mempolicy", err) } +// Readlinkat wraps [unix.Readlinkat]. +func Readlinkat(dir *os.File, path string) (string, error) { + size := 4096 + for { + linkBuf := make([]byte, size) + n, err := retryOnEINTR2(func() (int, error) { + return unix.Readlinkat(int(dir.Fd()), path, linkBuf) + }) + if err != nil { + return "", &os.PathError{Op: "readlinkat", Path: dir.Name() + "/" + path, Err: err} + } + if n != size { + return string(linkBuf[:n]), nil + } + // Possible truncation, resize the buffer. + size *= 2 + } +} + // GetPtyPeer is a wrapper for ioctl(TIOCGPTPEER). func GetPtyPeer(ptyFd uintptr, unsafePeerPath string, flags int) (*os.File, error) { // Make sure O_NOCTTY is always set -- otherwise runc might accidentally diff --git a/libcontainer/integration/exec_test.go b/libcontainer/integration/exec_test.go index f5a24777edf..c46a576eaab 100644 --- a/libcontainer/integration/exec_test.go +++ b/libcontainer/integration/exec_test.go @@ -15,10 +15,11 @@ import ( "github.com/opencontainers/cgroups" "github.com/opencontainers/cgroups/systemd" + "github.com/opencontainers/runc/internal/linux" + "github.com/opencontainers/runc/internal/pathrs" "github.com/opencontainers/runc/libcontainer" "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/internal/userns" - "github.com/opencontainers/runc/libcontainer/utils" "github.com/opencontainers/runtime-spec/specs-go" "golang.org/x/sys/unix" @@ -1683,11 +1684,9 @@ func TestFdLeaksSystemd(t *testing.T) { } func fdList(t *testing.T) []string { - procSelfFd, closer := utils.ProcThreadSelf("fd") - defer closer() - - fdDir, err := os.Open(procSelfFd) + fdDir, closer, err := pathrs.ProcThreadSelfOpen("fd/", unix.O_DIRECTORY|unix.O_CLOEXEC) ok(t, err) + defer closer() defer fdDir.Close() fds, err := fdDir.Readdirnames(-1) @@ -1726,8 +1725,10 @@ func testFdLeaks(t *testing.T, systemd bool) { count := 0 - procSelfFd, closer := utils.ProcThreadSelf("fd/") + procSelfFd, closer, err := pathrs.ProcThreadSelfOpen("fd/", unix.O_DIRECTORY|unix.O_CLOEXEC) + ok(t, err) defer closer() + defer procSelfFd.Close() next_fd: for _, fd1 := range fds1 { @@ -1736,7 +1737,7 @@ next_fd: continue next_fd } } - dst, _ := os.Readlink(filepath.Join(procSelfFd, fd1)) + dst, _ := linux.Readlinkat(procSelfFd, fd1) for _, ex := range excludedPaths { if ex == dst { continue next_fd diff --git a/libcontainer/utils/utils_unix.go b/libcontainer/utils/utils_unix.go index f2c1e1f2b45..c07d2e7d915 100644 --- a/libcontainer/utils/utils_unix.go +++ b/libcontainer/utils/utils_unix.go @@ -14,6 +14,7 @@ import ( securejoin "github.com/cyphar/filepath-securejoin" "github.com/opencontainers/runc/internal/linux" + "github.com/opencontainers/runc/internal/pathrs" "github.com/sirupsen/logrus" "golang.org/x/sys/unix" ) @@ -59,15 +60,15 @@ type fdFunc func(fd int) // fdRangeFrom calls the passed fdFunc for each file descriptor that is open in // the current process. func fdRangeFrom(minFd int, fn fdFunc) error { - procSelfFd, closer := ProcThreadSelf("fd") - defer closer() - - fdDir, err := os.Open(procSelfFd) + fdDir, closer, err := pathrs.ProcThreadSelfOpen("fd/", unix.O_DIRECTORY|unix.O_CLOEXEC) if err != nil { - return err + return fmt.Errorf("get handle to /proc/thread-self/fd: %w", err) } + defer closer() defer fdDir.Close() + // NOTE: This is not really necessary since securejoin.ProcThreadSelf + // verifies this in a far stricter sense than EnsureProcHandle. if err := EnsureProcHandle(fdDir); err != nil { return err } diff --git a/utils_linux.go b/utils_linux.go index bd45bf05937..6195a589851 100644 --- a/utils_linux.go +++ b/utils_linux.go @@ -16,6 +16,7 @@ import ( "github.com/urfave/cli" "golang.org/x/sys/unix" + "github.com/opencontainers/runc/internal/pathrs" "github.com/opencontainers/runc/libcontainer" "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/specconv" @@ -241,10 +242,14 @@ func (r *runner) run(config *specs.Process) (int, error) { process.ExtraFiles = append(process.ExtraFiles, r.listenFDs...) } baseFd := 3 + len(process.ExtraFiles) - procSelfFd, closer := utils.ProcThreadSelf("fd/") + procSelfFd, closer, err := pathrs.ProcThreadSelfOpen("fd/", unix.O_DIRECTORY|unix.O_CLOEXEC) + if err != nil { + return -1, err + } defer closer() + defer procSelfFd.Close() for i := baseFd; i < baseFd+r.preserveFDs; i++ { - _, err = os.Stat(filepath.Join(procSelfFd, strconv.Itoa(i))) + err := unix.Faccessat(int(procSelfFd.Fd()), strconv.Itoa(i), unix.F_OK, 0) if err != nil { return -1, fmt.Errorf("unable to stat preserved-fd %d (of %d): %w", i-baseFd, r.preserveFDs, err) } From b3dd1bc562ed9996d1a0f249e056c16624046d28 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Fri, 20 Jun 2025 16:23:38 +1000 Subject: [PATCH 1093/1176] utils: remove unneeded EnsureProcHandle All of the callers of EnsureProcHandle now use filepath-securejoin's ProcThreadSelf to get a file handle, which has much stricter verification to avoid procfs attacks than EnsureProcHandle's very simplistic filesystem type check. Signed-off-by: Aleksa Sarai --- libcontainer/apparmor/apparmor_linux.go | 6 ------ libcontainer/utils/utils_unix.go | 18 ------------------ 2 files changed, 24 deletions(-) diff --git a/libcontainer/apparmor/apparmor_linux.go b/libcontainer/apparmor/apparmor_linux.go index 9f0f7b9aace..2cde88bae7d 100644 --- a/libcontainer/apparmor/apparmor_linux.go +++ b/libcontainer/apparmor/apparmor_linux.go @@ -46,12 +46,6 @@ func setProcAttr(attr, value string) error { defer closer() defer f.Close() - // NOTE: This is not really necessary since securejoin.ProcThreadSelf - // verifies this in a far stricter sense than EnsureProcHandle. - if err := utils.EnsureProcHandle(f); err != nil { - return err - } - _, err = f.WriteString(value) return err } diff --git a/libcontainer/utils/utils_unix.go b/libcontainer/utils/utils_unix.go index c07d2e7d915..6c7dfa7d934 100644 --- a/libcontainer/utils/utils_unix.go +++ b/libcontainer/utils/utils_unix.go @@ -19,18 +19,6 @@ import ( "golang.org/x/sys/unix" ) -// EnsureProcHandle returns whether or not the given file handle is on procfs. -func EnsureProcHandle(fh *os.File) error { - var buf unix.Statfs_t - if err := unix.Fstatfs(int(fh.Fd()), &buf); err != nil { - return fmt.Errorf("ensure %s is on procfs: %w", fh.Name(), err) - } - if buf.Type != unix.PROC_SUPER_MAGIC { - return fmt.Errorf("%s is not on procfs", fh.Name()) - } - return nil -} - var ( haveCloseRangeCloexecBool bool haveCloseRangeCloexecOnce sync.Once @@ -67,12 +55,6 @@ func fdRangeFrom(minFd int, fn fdFunc) error { defer closer() defer fdDir.Close() - // NOTE: This is not really necessary since securejoin.ProcThreadSelf - // verifies this in a far stricter sense than EnsureProcHandle. - if err := EnsureProcHandle(fdDir); err != nil { - return err - } - fdList, err := fdDir.Readdirnames(-1) if err != nil { return err From 77d217c7c3775d8ca5af89e477e81568ef4572db Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Thu, 17 Jul 2025 11:31:50 +1000 Subject: [PATCH 1094/1176] init: write sysctls using safe procfs API sysctls could in principle also be used as a write gadget for arbitrary procfs files. As this requires getting a non-subset=pid /proc handle we amortise this by only allocating a single procfs handle for all sysctl writes. Fixes: GHSA-cgrx-mc8f-2prm CVE-2025-52881 Signed-off-by: Aleksa Sarai --- internal/sys/sysctl_linux.go | 54 +++++++++++++++++++++++++++++ libcontainer/rootfs_linux.go | 8 ----- libcontainer/standard_init_linux.go | 7 ++-- 3 files changed, 57 insertions(+), 12 deletions(-) create mode 100644 internal/sys/sysctl_linux.go diff --git a/internal/sys/sysctl_linux.go b/internal/sys/sysctl_linux.go new file mode 100644 index 00000000000..96876a55fff --- /dev/null +++ b/internal/sys/sysctl_linux.go @@ -0,0 +1,54 @@ +package sys + +import ( + "fmt" + "io" + "os" + "strings" + + "golang.org/x/sys/unix" + + "github.com/cyphar/filepath-securejoin/pathrs-lite" + "github.com/cyphar/filepath-securejoin/pathrs-lite/procfs" +) + +func procfsOpenRoot(proc *procfs.Handle, subpath string, flags int) (*os.File, error) { + handle, err := proc.OpenRoot(subpath) + if err != nil { + return nil, err + } + defer handle.Close() + + return pathrs.Reopen(handle, flags) +} + +// WriteSysctls sets the given sysctls to the requested values. +func WriteSysctls(sysctls map[string]string) error { + // We are going to write multiple sysctls, which require writing to an + // unmasked procfs which is not going to be cached. To avoid creating a new + // procfs instance for each one, just allocate one handle for all of them. + proc, err := procfs.OpenUnsafeProcRoot() + if err != nil { + return err + } + defer proc.Close() + + for key, value := range sysctls { + keyPath := strings.ReplaceAll(key, ".", "/") + + sysctlFile, err := procfsOpenRoot(proc, "sys/"+keyPath, unix.O_WRONLY|unix.O_TRUNC|unix.O_CLOEXEC) + if err != nil { + return fmt.Errorf("open sysctl %s file: %w", key, err) + } + defer sysctlFile.Close() + + n, err := io.WriteString(sysctlFile, value) + if n != len(value) && err == nil { + err = fmt.Errorf("short write to file (%d bytes != %d bytes)", n, len(value)) + } + if err != nil { + return fmt.Errorf("failed to write sysctl %s = %q: %w", key, value, err) + } + } + return nil +} diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index 8788f1d3fff..398b40c3dbd 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -5,7 +5,6 @@ import ( "errors" "fmt" "os" - "path" "path/filepath" "runtime" "strconv" @@ -1351,13 +1350,6 @@ func maskPaths(paths []string, mountLabel string) error { return nil } -// writeSystemProperty writes the value to a path under /proc/sys as determined from the key. -// For e.g. net.ipv4.ip_forward translated to /proc/sys/net/ipv4/ip_forward. -func writeSystemProperty(key, value string) error { - keyPath := strings.ReplaceAll(key, ".", "/") - return os.WriteFile(path.Join("/proc/sys", keyPath), []byte(value), 0o644) -} - // Do the mount operation followed by additional mounts required to take care // of propagation flags. This will always be scoped inside the container rootfs. func mountPropagate(m mountEntry, rootfs string, mountLabel string) error { diff --git a/libcontainer/standard_init_linux.go b/libcontainer/standard_init_linux.go index d3e519593d1..570472bd41f 100644 --- a/libcontainer/standard_init_linux.go +++ b/libcontainer/standard_init_linux.go @@ -13,6 +13,7 @@ import ( "github.com/opencontainers/runc/internal/linux" "github.com/opencontainers/runc/internal/pathrs" + "github.com/opencontainers/runc/internal/sys" "github.com/opencontainers/runc/libcontainer/apparmor" "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/keys" @@ -132,10 +133,8 @@ func (l *linuxStandardInit) Init() error { return fmt.Errorf("unable to apply apparmor profile: %w", err) } - for key, value := range l.config.Config.Sysctl { - if err := writeSystemProperty(key, value); err != nil { - return err - } + if err := sys.WriteSysctls(l.config.Config.Sysctl); err != nil { + return err } for _, path := range l.config.Config.ReadonlyPaths { if err := readonlyPath(path); err != nil { From 435cc81be6b79cdec73b4002c0dae549b2f6ae6d Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Fri, 18 Jul 2025 15:33:56 +1000 Subject: [PATCH 1095/1176] init: use securejoin for /proc/self/setgroups Signed-off-by: Aleksa Sarai --- libcontainer/init_linux.go | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go index 9672b037a0f..31166170eb6 100644 --- a/libcontainer/init_linux.go +++ b/libcontainer/init_linux.go @@ -5,6 +5,7 @@ import ( "encoding/json" "errors" "fmt" + "io" "net" "os" "path/filepath" @@ -21,6 +22,7 @@ import ( "github.com/opencontainers/cgroups" "github.com/opencontainers/runc/internal/linux" + "github.com/opencontainers/runc/internal/pathrs" "github.com/opencontainers/runc/libcontainer/capabilities" "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/system" @@ -470,7 +472,12 @@ func setupUser(config *initConfig) error { // We don't need to use /proc/thread-self here because setgroups is a // per-userns file and thus is global to all threads in a thread-group. // This lets us avoid having to do runtime.LockOSThread. - setgroups, err := os.ReadFile("/proc/self/setgroups") + var setgroups []byte + setgroupsFile, err := pathrs.ProcSelfOpen("setgroups", unix.O_RDONLY) + if err == nil { + setgroups, err = io.ReadAll(setgroupsFile) + _ = setgroupsFile.Close() + } if err != nil && !os.IsNotExist(err) { return err } From d61fd29d854b416feaaf128bf650325cd2182165 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Sat, 19 Jul 2025 16:30:26 +1000 Subject: [PATCH 1096/1176] libct/system: use securejoin for /proc/$pid/stat Signed-off-by: Aleksa Sarai --- libcontainer/system/proc.go | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/libcontainer/system/proc.go b/libcontainer/system/proc.go index 774443ec9d2..34850dd8317 100644 --- a/libcontainer/system/proc.go +++ b/libcontainer/system/proc.go @@ -2,10 +2,12 @@ package system import ( "fmt" + "io" "os" - "path/filepath" "strconv" "strings" + + "github.com/opencontainers/runc/internal/pathrs" ) // State is the status of a process. @@ -66,8 +68,16 @@ type Stat_t struct { } // Stat returns a Stat_t instance for the specified process. -func Stat(pid int) (stat Stat_t, err error) { - bytes, err := os.ReadFile(filepath.Join("/proc", strconv.Itoa(pid), "stat")) +func Stat(pid int) (Stat_t, error) { + var stat Stat_t + + statFile, err := pathrs.ProcPidOpen(pid, "stat", os.O_RDONLY) + if err != nil { + return stat, err + } + defer statFile.Close() + + bytes, err := io.ReadAll(statFile) if err != nil { return stat, err } From 4b37cd93f86e72feac866442988b549b5b7bf3e6 Mon Sep 17 00:00:00 2001 From: lifubang Date: Thu, 8 May 2025 15:13:04 +0000 Subject: [PATCH 1097/1176] libct: align param type for mountCgroupV1/V2 functions Signed-off-by: lifubang --- libcontainer/rootfs_linux.go | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index 398b40c3dbd..ec3c772327b 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -297,8 +297,8 @@ func cleanupTmp(tmpdir string) { _ = os.RemoveAll(tmpdir) } -func mountCgroupV1(m *configs.Mount, c *mountConfig) error { - binds, err := getCgroupMounts(m) +func mountCgroupV1(m mountEntry, c *mountConfig) error { + binds, err := getCgroupMounts(m.Mount) if err != nil { return err } @@ -368,7 +368,7 @@ func mountCgroupV1(m *configs.Mount, c *mountConfig) error { return nil } -func mountCgroupV2(m *configs.Mount, c *mountConfig) error { +func mountCgroupV2(m mountEntry, c *mountConfig) error { err := utils.WithProcfd(c.root, m.Destination, func(dstFd string) error { return mountViaFds(m.Source, nil, m.Destination, dstFd, "cgroup2", uintptr(m.Flags), m.Data) }) @@ -739,9 +739,9 @@ func mountToRootfs(c *mountConfig, m mountEntry) error { return setRecAttr(m.Mount, rootfs) case "cgroup": if cgroups.IsCgroup2UnifiedMode() { - return mountCgroupV2(m.Mount, c) + return mountCgroupV2(m, c) } - return mountCgroupV1(m.Mount, c) + return mountCgroupV1(m, c) default: return mountPropagate(m, rootfs, mountLabel) } From d40b3439a9614a86e87b81a94c6811ec6fa2d7d2 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Sat, 10 May 2025 23:46:55 +0000 Subject: [PATCH 1098/1176] rootfs: switch to fd-based handling of mountpoint targets An attacker could race with us during mount configuration in order to trick us into mounting over an unexpected path. This would bypass checkProcMount() and would allow for security profiles to be left unapplied by mounting over /proc/self/attr/... (or even more serious outcomes such as killing the entire system by tricking runc into writing strings to /proc/sysrq-trigger). This is a larger issue with our current mount infrastructure, and the ideal solution would be to rewrite it all to be fd-based (which would also allow us to support the "new" mount API, which also avoids a bunch of other issues with mount(8)). However, such a rewrite is not really workable as a security fix, so this patch is a bit of a compromise approach to fix the issue while also moving us a bit towards that eventual end-goal. The core issue in CVE-2025-52881 is that we currently use the (insecure) SecureJoin to re-resolve mountpoint target paths multiple times during mounting. Rather than generating a string from createMountpoint(), we instead open an *os.File handle to the target mountpoint directly and then operate on that handle. This will make it easier to remove utils.WithProcfd() and rework mountViaFds() in the future. The only real issue we need to work around is that we need to re-open the mount target after doing the mount in order to get a handle to the mountpoint -- pathrs.Reopen() doesn't work in this case (it just re-opens the inode under the mountpoint) so we need to do a naive re-open using the full path. Note that if we used move_mount(2) this wouldn't be a problem because we would have a handle to the mountpoint itself. Note that this is still somewhat of a temporary solution -- ideally mountViaFds would use *os.File directly to let us avoid some other issues with using bare /proc/... paths, as well as also letting us more easily use the new mount API on modern kernels. Fixes: GHSA-cgrx-mc8f-2prm CVE-2025-52881 Co-developed-by: lifubang Signed-off-by: Aleksa Sarai --- internal/pathrs/root_pathrslite.go | 71 ++++++++ libcontainer/criu_linux.go | 17 +- libcontainer/rootfs_linux.go | 257 ++++++++++++++++++----------- libcontainer/utils/utils.go | 4 +- libcontainer/utils/utils_test.go | 4 +- libcontainer/utils/utils_unix.go | 19 ++- 6 files changed, 267 insertions(+), 105 deletions(-) create mode 100644 internal/pathrs/root_pathrslite.go diff --git a/internal/pathrs/root_pathrslite.go b/internal/pathrs/root_pathrslite.go new file mode 100644 index 00000000000..2dd73b1600c --- /dev/null +++ b/internal/pathrs/root_pathrslite.go @@ -0,0 +1,71 @@ +// SPDX-License-Identifier: Apache-2.0 +/* + * Copyright (C) 2024-2025 Aleksa Sarai + * Copyright (C) 2024-2025 SUSE LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package pathrs + +import ( + "fmt" + "os" + "path/filepath" + + "github.com/cyphar/filepath-securejoin/pathrs-lite" + "golang.org/x/sys/unix" + + "github.com/opencontainers/runc/internal/linux" +) + +// OpenInRoot opens the given path inside the root with the provided flags. It +// is effectively shorthand for [securejoin.OpenInRoot] followed by +// [securejoin.Reopen]. +func OpenInRoot(root, subpath string, flags int) (*os.File, error) { + handle, err := pathrs.OpenInRoot(root, subpath) + if err != nil { + return nil, err + } + defer handle.Close() + return pathrs.Reopen(handle, flags) +} + +// CreateInRoot creates a new file inside a root (as well as any missing parent +// directories) and returns a handle to said file. This effectively has +// open(O_CREAT|O_NOFOLLOW) semantics. If you want the creation to use O_EXCL, +// include it in the passed flags. The fileMode argument uses unix.* mode bits, +// *not* os.FileMode. +func CreateInRoot(root, subpath string, flags int, fileMode uint32) (*os.File, error) { + dir, filename := filepath.Split(subpath) + if filepath.Join("/", filename) == "/" { + return nil, fmt.Errorf("create in root subpath %q has bad trailing component %q", subpath, filename) + } + + dirFd, err := MkdirAllInRootOpen(root, dir, 0o755) + if err != nil { + return nil, err + } + defer dirFd.Close() + + // We know that the filename does not have any "/" components, and that + // dirFd is inside the root. O_NOFOLLOW will stop us from following + // trailing symlinks, so this is safe to do. libpathrs's Root::create_file + // works the same way. + flags |= unix.O_CREAT | unix.O_NOFOLLOW + fd, err := linux.Openat(int(dirFd.Fd()), filename, flags, fileMode) + if err != nil { + return nil, err + } + return os.NewFile(uintptr(fd), root+"/"+subpath), nil +} diff --git a/libcontainer/criu_linux.go b/libcontainer/criu_linux.go index e96873923bc..04e0d5f640f 100644 --- a/libcontainer/criu_linux.go +++ b/libcontainer/criu_linux.go @@ -582,8 +582,12 @@ func (c *Container) prepareCriuRestoreMounts(mounts []*configs.Mount) error { if isOnTmpfs(m.Destination, mounts) { continue } - if _, err := createMountpoint(c.config.Rootfs, mountEntry{Mount: m}); err != nil { - return fmt.Errorf("create criu restore mountpoint for %s mount: %w", m.Destination, err) + me := mountEntry{Mount: m} + if err := me.createOpenMountpoint(c.config.Rootfs); err != nil { + return fmt.Errorf("create criu restore mountpoint for %s mount: %w", me.Destination, err) + } + if me.dstFile != nil { + defer me.dstFile.Close() } // If the mount point is a bind mount, we need to mount // it now so that runc can create the necessary mount @@ -595,13 +599,20 @@ func (c *Container) prepareCriuRestoreMounts(mounts []*configs.Mount) error { // because during initial container creation mounts are // set up in the order they are configured. if m.Device == "bind" { - if err := utils.WithProcfd(c.config.Rootfs, m.Destination, func(dstFd string) error { + if err := utils.WithProcfdFile(me.dstFile, func(dstFd string) error { return mountViaFds(m.Source, nil, m.Destination, dstFd, "", unix.MS_BIND|unix.MS_REC, "") }); err != nil { return err } umounts = append(umounts, m.Destination) } + if me.dstFile != nil { + // As this is being done in a loop, the defer earlier will be + // delayed until all mountpoints are handled -- for a config with + // many mountpoints this could result in a lot of open files. So we + // opportunistically close the file as well as deferring it. + _ = me.dstFile.Close() + } } return nil } diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index ec3c772327b..018fafda554 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -13,6 +13,7 @@ import ( "time" securejoin "github.com/cyphar/filepath-securejoin" + "github.com/cyphar/filepath-securejoin/pathrs-lite/procfs" "github.com/moby/sys/mountinfo" "github.com/moby/sys/userns" "github.com/mrunalp/fileutils" @@ -46,6 +47,7 @@ type mountConfig struct { type mountEntry struct { *configs.Mount srcFile *mountSource + dstFile *os.File } // srcName is only meant for error messages, it returns a "friendly" name. @@ -369,7 +371,7 @@ func mountCgroupV1(m mountEntry, c *mountConfig) error { } func mountCgroupV2(m mountEntry, c *mountConfig) error { - err := utils.WithProcfd(c.root, m.Destination, func(dstFd string) error { + err := utils.WithProcfdFile(m.dstFile, func(dstFd string) error { return mountViaFds(m.Source, nil, m.Destination, dstFd, "cgroup2", uintptr(m.Flags), m.Data) }) if err == nil || (!errors.Is(err, unix.EPERM) && !errors.Is(err, unix.EBUSY)) { @@ -398,14 +400,14 @@ func mountCgroupV2(m mountEntry, c *mountConfig) error { // // Mask `/sys/fs/cgroup` to ensure it is read-only, even when `/sys` is mounted // with `rbind,ro` (`runc spec --rootless` produces `rbind,ro` for `/sys`). - err = utils.WithProcfd(c.root, m.Destination, func(procfd string) error { + err = utils.WithProcfdFile(m.dstFile, func(procfd string) error { return maskPaths([]string{procfd}, c.label) }) } return err } -func doTmpfsCopyUp(m mountEntry, rootfs, mountLabel string) (Err error) { +func doTmpfsCopyUp(m mountEntry, mountLabel string) (Err error) { // Set up a scratch dir for the tmpfs on the host. tmpdir, err := prepareTmp("/tmp") if err != nil { @@ -418,13 +420,19 @@ func doTmpfsCopyUp(m mountEntry, rootfs, mountLabel string) (Err error) { } defer os.RemoveAll(tmpDir) - // Configure the *host* tmpdir as if it's the container mount. We change - // m.Destination since we are going to mount *on the host*. - oldDest := m.Destination - m.Destination = tmpDir - err = mountPropagate(m, "/", mountLabel) - m.Destination = oldDest + tmpDirFile, err := os.OpenFile(tmpDir, unix.O_DIRECTORY|unix.O_CLOEXEC, 0) if err != nil { + return fmt.Errorf("tmpcopyup: %w", err) + } + defer tmpDirFile.Close() + + // Configure the *host* tmpdir as if it's the container mount. We change + // m.dstFile since we are going to mount *on the host*. + hostMount := mountEntry{ + Mount: m.Mount, + dstFile: tmpDirFile, + } + if err := hostMount.mountPropagate("/", mountLabel); err != nil { return err } defer func() { @@ -435,7 +443,7 @@ func doTmpfsCopyUp(m mountEntry, rootfs, mountLabel string) (Err error) { } }() - return utils.WithProcfd(rootfs, m.Destination, func(dstFd string) (Err error) { + return utils.WithProcfdFile(m.dstFile, func(dstFd string) (Err error) { // Copy the container data to the host tmpdir. We append "/" to force // CopyDirectory to resolve the symlink rather than trying to copy the // symlink itself. @@ -497,72 +505,76 @@ func statfsToMountFlags(st unix.Statfs_t) int { var errRootfsToFile = errors.New("config tries to change rootfs to file") -func createMountpoint(rootfs string, m mountEntry) (string, error) { - dest, err := securejoin.SecureJoin(rootfs, m.Destination) +func (m *mountEntry) createOpenMountpoint(rootfs string) (Err error) { + unsafePath := utils.StripRoot(rootfs, m.Destination) + dstFile, err := pathrs.OpenInRoot(rootfs, unsafePath, unix.O_PATH) + defer func() { + if dstFile != nil && Err != nil { + _ = dstFile.Close() + } + }() if err != nil { - return "", err - } - if err := checkProcMount(rootfs, dest, m); err != nil { - return "", fmt.Errorf("check proc-safety of %s mount: %w", m.Destination, err) - } + if !errors.Is(err, unix.ENOENT) { + return fmt.Errorf("lookup mountpoint target: %w", err) + } - switch m.Device { - case "bind": - fi, _, err := m.srcStat() - if err != nil { - // Error out if the source of a bind mount does not exist as we - // will be unable to bind anything to it. - return "", err - } - // If the original source is not a directory, make the target a file. - if !fi.IsDir() { - // Make sure we aren't tricked into trying to make the root a file. - if rootfs == dest { - return "", fmt.Errorf("%w: file bind mount over rootfs", errRootfsToFile) - } - // Make the parent directory. - destDir, destBase := filepath.Split(dest) - destDirFd, err := pathrs.MkdirAllInRootOpen(rootfs, destDir, 0o755) + // If the mountpoint doesn't already exist, we want to create a mountpoint + // that makes sense for the source. For file bind-mounts this is an empty + // file, for everything else it's a directory. + dstIsFile := false + if m.Device == "bind" { + fi, _, err := m.srcStat() if err != nil { - return "", fmt.Errorf("make parent dir of file bind-mount: %w", err) - } - defer destDirFd.Close() - // Make the target file. We want to avoid opening any file that is - // already there because it could be a "bad" file like an invalid - // device or hung tty that might cause a DoS, so we use mknodat. - // destBase does not contain any "/" components, and mknodat does - // not follow trailing symlinks, so we can safely just call mknodat - // here. - if err := unix.Mknodat(int(destDirFd.Fd()), destBase, unix.S_IFREG|0o644, 0); err != nil { - // If we get EEXIST, there was already an inode there and - // we can consider that a success. - if !errors.Is(err, unix.EEXIST) { - err = &os.PathError{Op: "mknod regular file", Path: dest, Err: err} - return "", fmt.Errorf("create target of file bind-mount: %w", err) - } + // Error out if the source of a bind mount does not exist as we + // will be unable to bind anything to it. + return err } - // Nothing left to do. - return dest, nil + dstIsFile = !fi.IsDir() } - case "tmpfs": - // If the original target exists, copy the mode for the tmpfs mount. - if stat, err := os.Stat(dest); err == nil { - dt := fmt.Sprintf("mode=%04o", syscallMode(stat.Mode())) - if m.Data != "" { - dt = dt + "," + m.Data - } - m.Data = dt + if dstIsFile { + dstFile, err = pathrs.CreateInRoot(rootfs, unsafePath, unix.O_CREAT|unix.O_EXCL|unix.O_NOFOLLOW, 0o644) + } else { + dstFile, err = pathrs.MkdirAllInRootOpen(rootfs, unsafePath, 0o755) + } + if err != nil { + return fmt.Errorf("make mountpoint %q: %w", m.Destination, err) + } + } - // Nothing left to do. - return dest, nil + if m.Device == "tmpfs" { + // If the original target exists, copy the mode for the tmpfs mount. + stat, err := dstFile.Stat() + if err != nil { + return fmt.Errorf("check tmpfs source mode: %w", err) } + dt := fmt.Sprintf("mode=%04o", syscallMode(stat.Mode())) + if m.Data != "" { + dt = dt + "," + m.Data + } + m.Data = dt } - if err := pathrs.MkdirAllInRoot(rootfs, dest, 0o755); err != nil { - return "", err + dstFullPath, err := procfs.ProcSelfFdReadlink(dstFile) + if err != nil { + return fmt.Errorf("get mount destination real path: %w", err) + } + if !pathrs.IsLexicallyInRoot(rootfs, dstFullPath) { + return fmt.Errorf("mountpoint %q is outside of rootfs %q", dstFullPath, rootfs) + } + if relPath, err := filepath.Rel(rootfs, dstFullPath); err != nil { + return fmt.Errorf("get relative path of %q: %w", dstFullPath, err) + } else if relPath == "." { + return fmt.Errorf("mountpoint %q is on the top of rootfs %q", dstFullPath, rootfs) + } + // TODO: Make checkProcMount use dstFile directly to avoid the need to + // operate on paths here. + if err := checkProcMount(rootfs, dstFullPath, *m); err != nil { + return fmt.Errorf("check proc-safety of %s mount: %w", m.Destination, err) } - return dest, nil + // Update mountEntry. + m.dstFile = dstFile + return nil } func mountToRootfs(c *mountConfig, m mountEntry) error { @@ -592,36 +604,47 @@ func mountToRootfs(c *mountConfig, m mountEntry) error { } else if !fi.IsDir() { return fmt.Errorf("filesystem %q must be mounted on ordinary directory", m.Device) } - if err := pathrs.MkdirAllInRoot(rootfs, dest, 0o755); err != nil { + dstFile, err := pathrs.MkdirAllInRootOpen(rootfs, dest, 0o755) + if err != nil { return err } - // Selinux kernels do not support labeling of /proc or /sys. - return mountPropagate(m, rootfs, "") + defer dstFile.Close() + // "proc" and "sys" mounts need special handling (without resolving the + // destination) to avoid attacks. + m.dstFile = dstFile + return m.mountPropagate(rootfs, "") } - dest, err := createMountpoint(rootfs, m) - if err != nil { + mountLabel := c.label + if err := m.createOpenMountpoint(rootfs); err != nil { return fmt.Errorf("create mountpoint for %s mount: %w", m.Destination, err) } - mountLabel := c.label + defer func() { + if m.dstFile != nil { + _ = m.dstFile.Close() + m.dstFile = nil + } + }() switch m.Device { case "mqueue": - if err := mountPropagate(m, rootfs, ""); err != nil { + if err := m.mountPropagate(rootfs, ""); err != nil { return err } - return label.SetFileLabel(dest, mountLabel) + return utils.WithProcfdFile(m.dstFile, func(dstFd string) error { + return label.SetFileLabel(dstFd, mountLabel) + }) case "tmpfs": + var err error if m.Extensions&configs.EXT_COPYUP == configs.EXT_COPYUP { - err = doTmpfsCopyUp(m, rootfs, mountLabel) + err = doTmpfsCopyUp(m, mountLabel) } else { - err = mountPropagate(m, rootfs, mountLabel) + err = m.mountPropagate(rootfs, mountLabel) } - return err case "bind": // open_tree()-related shenanigans are all handled in mountViaFds. - if err := mountPropagate(m, rootfs, mountLabel); err != nil { + if err := m.mountPropagate(rootfs, mountLabel); err != nil { return err } @@ -635,7 +658,7 @@ func mountToRootfs(c *mountConfig, m mountEntry) error { // contrast to mount(8)'s current behaviour, but is what users probably // expect. See . if m.Flags & ^(unix.MS_BIND|unix.MS_REC|unix.MS_REMOUNT) != 0 || m.ClearedFlags != 0 { - if err := utils.WithProcfd(rootfs, m.Destination, func(dstFd string) error { + if err := utils.WithProcfdFile(m.dstFile, func(dstFd string) error { flags := m.Flags | unix.MS_BIND | unix.MS_REMOUNT // The runtime-spec says we SHOULD map to the relevant mount(8) // behaviour. However, it's not clear whether we want the @@ -736,14 +759,14 @@ func mountToRootfs(c *mountConfig, m mountEntry) error { return err } } - return setRecAttr(m.Mount, rootfs) + return setRecAttr(m) case "cgroup": if cgroups.IsCgroup2UnifiedMode() { return mountCgroupV2(m, c) } return mountCgroupV1(m, c) default: - return mountPropagate(m, rootfs, mountLabel) + return m.mountPropagate(rootfs, mountLabel) } } @@ -939,11 +962,9 @@ func bindMountDeviceNode(destDir *os.File, destName string, node *devices.Device } defer dstFile.Close() - dstFd, closer := utils.ProcThreadSelfFd(dstFile.Fd()) - defer closer() - - dstPath := filepath.Join(destDir.Name(), destName) - return mountViaFds(node.Path, nil, dstPath, dstFd, "bind", unix.MS_BIND, "") + return utils.WithProcfdFile(dstFile, func(dstFd string) error { + return mountViaFds(node.Path, nil, dstFile.Name(), dstFd, "bind", unix.MS_BIND, "") + }) } // Creates the device node in the rootfs of the container. @@ -1350,9 +1371,46 @@ func maskPaths(paths []string, mountLabel string) error { return nil } +func reopenAfterMount(rootfs string, f *os.File, flags int) (_ *os.File, Err error) { + fullPath, err := procfs.ProcSelfFdReadlink(f) + if err != nil { + return nil, fmt.Errorf("get full path: %w", err) + } + if !pathrs.IsLexicallyInRoot(rootfs, fullPath) { + return nil, fmt.Errorf("mountpoint %q is outside of rootfs %q", fullPath, rootfs) + } + unsafePath := utils.StripRoot(rootfs, fullPath) + reopened, err := pathrs.OpenInRoot(rootfs, unsafePath, flags) + if err != nil { + return nil, fmt.Errorf("re-open mountpoint %q: %w", unsafePath, err) + } + defer func() { + if Err != nil { + _ = reopened.Close() + } + }() + + // NOTE: The best we can do here is confirm that the new mountpoint handle + // matches the original target handle, but an attacker could've swapped a + // different path to replace it. In the worst case this could result in us + // applying later vfsmount flags onto the wrong mount. + // + // This is far from ideal, but the only way of doing this in a race-free + // way is to switch the new mount API (move_mount(2) does not require this + // re-opening step, and thus no such races are possible). + reopenedFullPath, err := procfs.ProcSelfFdReadlink(reopened) + if err != nil { + return nil, fmt.Errorf("check full path of re-opened mountpoint: %w", err) + } + if reopenedFullPath != fullPath { + return nil, fmt.Errorf("mountpoint %q was moved while re-opening", unsafePath) + } + return reopened, nil +} + // Do the mount operation followed by additional mounts required to take care // of propagation flags. This will always be scoped inside the container rootfs. -func mountPropagate(m mountEntry, rootfs string, mountLabel string) error { +func (m *mountEntry) mountPropagate(rootfs string, mountLabel string) error { var ( data = label.FormatMountLabel(m.Data, mountLabel) flags = m.Flags @@ -1365,19 +1423,30 @@ func mountPropagate(m mountEntry, rootfs string, mountLabel string) error { flags &= ^unix.MS_RDONLY } - // Because the destination is inside a container path which might be - // mutating underneath us, we verify that we are actually going to mount - // inside the container with WithProcfd() -- mounting through a procfd - // mounts on the target. - if err := utils.WithProcfd(rootfs, m.Destination, func(dstFd string) error { + if err := utils.WithProcfdFile(m.dstFile, func(dstFd string) error { return mountViaFds(m.Source, m.srcFile, m.Destination, dstFd, m.Device, uintptr(flags), data) }); err != nil { return err } + + // We need to re-open the mountpoint after doing the mount, in order for us + // to operate on the new mount we just created. However, we cannot use + // pathrs.Reopen because we need to re-resolve from the parent directory to + // get a new handle to the top mount. + // + // TODO: Use move_mount(2) on newer kernels so that this is no longer + // necessary on modern systems. + newDstFile, err := reopenAfterMount(rootfs, m.dstFile, unix.O_PATH) + if err != nil { + return fmt.Errorf("reopen mountpoint after mount: %w", err) + } + _ = m.dstFile.Close() + m.dstFile = newDstFile + // We have to apply mount propagation flags in a separate WithProcfd() call // because the previous call invalidates the passed procfd -- the mount // target needs to be re-opened. - if err := utils.WithProcfd(rootfs, m.Destination, func(dstFd string) error { + if err := utils.WithProcfdFile(m.dstFile, func(dstFd string) error { for _, pflag := range m.PropagationFlags { if err := mountViaFds("", nil, m.Destination, dstFd, "", uintptr(pflag), ""); err != nil { return err @@ -1390,11 +1459,11 @@ func mountPropagate(m mountEntry, rootfs string, mountLabel string) error { return nil } -func setRecAttr(m *configs.Mount, rootfs string) error { +func setRecAttr(m mountEntry) error { if m.RecAttr == nil { return nil } - return utils.WithProcfd(rootfs, m.Destination, func(procfd string) error { + return utils.WithProcfdFile(m.dstFile, func(procfd string) error { return unix.MountSetattr(-1, procfd, unix.AT_RECURSIVE, m.RecAttr) }) } diff --git a/libcontainer/utils/utils.go b/libcontainer/utils/utils.go index 1467d17eb20..88291a0feb6 100644 --- a/libcontainer/utils/utils.go +++ b/libcontainer/utils/utils.go @@ -66,11 +66,11 @@ func CleanPath(path string) string { return path } -// stripRoot returns the passed path, stripping the root path if it was +// StripRoot returns the passed path, stripping the root path if it was // (lexicially) inside it. Note that both passed paths will always be treated // as absolute, and the returned path will also always be absolute. In // addition, the paths are cleaned before stripping the root. -func stripRoot(root, path string) string { +func StripRoot(root, path string) string { // Make the paths clean and absolute. root, path = CleanPath("/"+root), CleanPath("/"+path) switch { diff --git a/libcontainer/utils/utils_test.go b/libcontainer/utils/utils_test.go index 06c042f5fe3..4b5fd833cdf 100644 --- a/libcontainer/utils/utils_test.go +++ b/libcontainer/utils/utils_test.go @@ -131,9 +131,9 @@ func TestStripRoot(t *testing.T) { {"/foo/bar", "foo/bar/baz/beef", "/baz/beef"}, {"foo/bar", "foo/bar/baz/beets", "/baz/beets"}, } { - got := stripRoot(test.root, test.path) + got := StripRoot(test.root, test.path) if got != test.out { - t.Errorf("stripRoot(%q, %q) -- got %q, expected %q", test.root, test.path, got, test.out) + t.Errorf("StripRoot(%q, %q) -- got %q, expected %q", test.root, test.path, got, test.out) } } } diff --git a/libcontainer/utils/utils_unix.go b/libcontainer/utils/utils_unix.go index 6c7dfa7d934..a457a09b00e 100644 --- a/libcontainer/utils/utils_unix.go +++ b/libcontainer/utils/utils_unix.go @@ -153,8 +153,8 @@ func NewSockPair(name string) (parent, child *os.File, err error) { // the passed closure (the file handle will be freed once the closure returns). func WithProcfd(root, unsafePath string, fn func(procfd string) error) error { // Remove the root then forcefully resolve inside the root. - unsafePath = stripRoot(root, unsafePath) - path, err := securejoin.SecureJoin(root, unsafePath) + unsafePath = StripRoot(root, unsafePath) + fullPath, err := securejoin.SecureJoin(root, unsafePath) if err != nil { return fmt.Errorf("resolving path inside rootfs failed: %w", err) } @@ -163,7 +163,7 @@ func WithProcfd(root, unsafePath string, fn func(procfd string) error) error { defer closer() // Open the target path. - fh, err := os.OpenFile(path, unix.O_PATH|unix.O_CLOEXEC, 0) + fh, err := os.OpenFile(fullPath, unix.O_PATH|unix.O_CLOEXEC, 0) if err != nil { return fmt.Errorf("open o_path procfd: %w", err) } @@ -173,13 +173,24 @@ func WithProcfd(root, unsafePath string, fn func(procfd string) error) error { // Double-check the path is the one we expected. if realpath, err := os.Readlink(procfd); err != nil { return fmt.Errorf("procfd verification failed: %w", err) - } else if realpath != path { + } else if realpath != fullPath { return fmt.Errorf("possibly malicious path detected -- refusing to operate on %s", realpath) } return fn(procfd) } +// WithProcfdFile is a very minimal wrapper around [ProcThreadSelfFd], intended +// to make migrating from [WithProcfd] and [WithProcfdPath] usage easier. The +// caller is responsible for making sure that the provided file handle is +// actually safe to operate on. +func WithProcfdFile(file *os.File, fn func(procfd string) error) error { + fdpath, closer := ProcThreadSelfFd(file.Fd()) + defer closer() + + return fn(fdpath) +} + type ProcThreadSelfCloser func() var ( From ed6b1693b8b3ae7eb0250a7e76fc888cdacf98c1 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Tue, 7 Oct 2025 22:48:50 +1100 Subject: [PATCH 1099/1176] selinux: use safe procfs API for labels Due to the sensitive nature of these fixes, it was not possible to submit these upstream and vendor the upstream library. Instead, this patch uses a fork of github.com/opencontainers/selinux, branched at commit opencontainers/selinux@879a755db558501df06f4ea59461ebc2d0c4a991. In order to permit downstreams to build with this patched version, a snapshot of the forked version has been included in internal/third_party/selinux. Note that since we use "go mod vendor", the patched code is usable even without being "go get"-able. Once the embargo for this issue is lifted we can submit the patches upstream and switch back to a proper upstream go.mod entry. Also, this requires us to temporarily disable the CI job we have that disallows "replace" directives. Fixes: GHSA-cgrx-mc8f-2prm CVE-2025-52881 Signed-off-by: Aleksa Sarai --- .github/workflows/validate.yml | 9 +- go.mod | 5 + go.sum | 2 - internal/third_party/selinux/.codespellrc | 2 + .../selinux/.github/dependabot.yml | 10 + .../selinux/.github/workflows/validate.yml | 163 ++ internal/third_party/selinux/.gitignore | 1 + internal/third_party/selinux/.golangci.yml | 44 + internal/third_party/selinux/CODEOWNERS | 1 + internal/third_party/selinux/CONTRIBUTING.md | 119 ++ internal/third_party/selinux/LICENSE | 201 +++ internal/third_party/selinux/MAINTAINERS | 5 + internal/third_party/selinux/Makefile | 37 + internal/third_party/selinux/README.md | 23 + .../third_party/selinux/go-selinux/doc.go | 13 + .../selinux/go-selinux/label/label.go | 48 + .../selinux/go-selinux/label/label_linux.go | 136 ++ .../go-selinux/label/label_linux_test.go | 130 ++ .../selinux/go-selinux/label/label_stub.go | 44 + .../go-selinux/label/label_stub_test.go | 76 + .../selinux/go-selinux/label/label_test.go | 35 + .../third_party/selinux/go-selinux/selinux.go | 322 ++++ .../selinux/go-selinux/selinux_linux.go | 1405 +++++++++++++++++ .../selinux/go-selinux/selinux_linux_test.go | 711 +++++++++ .../selinux/go-selinux/selinux_stub.go | 159 ++ .../selinux/go-selinux/selinux_stub_test.go | 127 ++ .../selinux/go-selinux/xattrs_linux.go | 71 + internal/third_party/selinux/go.mod | 8 + internal/third_party/selinux/go.sum | 8 + .../third_party/selinux/pkg/pwalk/README.md | 52 + .../third_party/selinux/pkg/pwalk/pwalk.go | 131 ++ .../selinux/pkg/pwalk/pwalk_test.go | 236 +++ .../selinux/pkg/pwalkdir/README.md | 56 + .../selinux/pkg/pwalkdir/pwalkdir.go | 123 ++ .../selinux/pkg/pwalkdir/pwalkdir_test.go | 239 +++ .../selinux/go-selinux/label/label_linux.go | 6 +- .../selinux/go-selinux/selinux.go | 10 +- .../selinux/go-selinux/selinux_linux.go | 272 +++- .../selinux/go-selinux/selinux_stub.go | 8 +- vendor/modules.txt | 3 +- 40 files changed, 4951 insertions(+), 100 deletions(-) create mode 100644 internal/third_party/selinux/.codespellrc create mode 100644 internal/third_party/selinux/.github/dependabot.yml create mode 100644 internal/third_party/selinux/.github/workflows/validate.yml create mode 100644 internal/third_party/selinux/.gitignore create mode 100644 internal/third_party/selinux/.golangci.yml create mode 100644 internal/third_party/selinux/CODEOWNERS create mode 100644 internal/third_party/selinux/CONTRIBUTING.md create mode 100644 internal/third_party/selinux/LICENSE create mode 100644 internal/third_party/selinux/MAINTAINERS create mode 100644 internal/third_party/selinux/Makefile create mode 100644 internal/third_party/selinux/README.md create mode 100644 internal/third_party/selinux/go-selinux/doc.go create mode 100644 internal/third_party/selinux/go-selinux/label/label.go create mode 100644 internal/third_party/selinux/go-selinux/label/label_linux.go create mode 100644 internal/third_party/selinux/go-selinux/label/label_linux_test.go create mode 100644 internal/third_party/selinux/go-selinux/label/label_stub.go create mode 100644 internal/third_party/selinux/go-selinux/label/label_stub_test.go create mode 100644 internal/third_party/selinux/go-selinux/label/label_test.go create mode 100644 internal/third_party/selinux/go-selinux/selinux.go create mode 100644 internal/third_party/selinux/go-selinux/selinux_linux.go create mode 100644 internal/third_party/selinux/go-selinux/selinux_linux_test.go create mode 100644 internal/third_party/selinux/go-selinux/selinux_stub.go create mode 100644 internal/third_party/selinux/go-selinux/selinux_stub_test.go create mode 100644 internal/third_party/selinux/go-selinux/xattrs_linux.go create mode 100644 internal/third_party/selinux/go.mod create mode 100644 internal/third_party/selinux/go.sum create mode 100644 internal/third_party/selinux/pkg/pwalk/README.md create mode 100644 internal/third_party/selinux/pkg/pwalk/pwalk.go create mode 100644 internal/third_party/selinux/pkg/pwalk/pwalk_test.go create mode 100644 internal/third_party/selinux/pkg/pwalkdir/README.md create mode 100644 internal/third_party/selinux/pkg/pwalkdir/pwalkdir.go create mode 100644 internal/third_party/selinux/pkg/pwalkdir/pwalkdir_test.go diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index c085a9193f5..971705fe050 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -152,9 +152,12 @@ jobs: - name: no toolchain in go.mod # See https://github.com/opencontainers/runc/pull/4717, https://github.com/dependabot/dependabot-core/issues/11933. run: | if grep -q '^toolchain ' go.mod; then echo "Error: go.mod must not have toolchain directive, please fix"; exit 1; fi - - name: no exclude nor replace in go.mod - run: | - if grep -Eq '^\s*(exclude|replace) ' go.mod; then echo "Error: go.mod must not have exclude/replace directive, it breaks go install. Please fix"; exit 1; fi + # FIXME: This check needed to be disabled for the go-selinux patch addded + # when patching CVE-2025-52881. This needs to be removed as soon as + # the embargo is lifted, along with the replace directive in go.mod. + #- name: no exclude nor replace in go.mod + # run: | + # if grep -Eq '^\s*(exclude|replace) ' go.mod; then echo "Error: go.mod must not have exclude/replace directive, it breaks go install. Please fix"; exit 1; fi commit: diff --git a/go.mod b/go.mod index 723c66db448..ee82b16c04a 100644 --- a/go.mod +++ b/go.mod @@ -32,3 +32,8 @@ require ( github.com/cpuguy83/go-md2man/v2 v2.0.7 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect ) + +// FIXME: This is only intended as a short-term solution to include a patch for +// CVE-2025-52881 in go-selinux without pushing the patches upstream. This +// should be removed as soon as possible after the embargo is lifted. +replace github.com/opencontainers/selinux => ./internal/third_party/selinux diff --git a/go.sum b/go.sum index 3a01584407e..f417a82784f 100644 --- a/go.sum +++ b/go.sum @@ -48,8 +48,6 @@ github.com/opencontainers/cgroups v0.0.5 h1:DRITAqcOnY0uSBzIpt1RYWLjh5DPDiqUs4fY github.com/opencontainers/cgroups v0.0.5/go.mod h1:oWVzJsKK0gG9SCRBfTpnn16WcGEqDI8PAcpMGbqWxcs= github.com/opencontainers/runtime-spec v1.2.2-0.20250818071321-383cadbf08c0 h1:RLn0YfUWkiqPGtgUANvJrcjIkCHGRl3jcz/c557M28M= github.com/opencontainers/runtime-spec v1.2.2-0.20250818071321-383cadbf08c0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= -github.com/opencontainers/selinux v1.12.0 h1:6n5JV4Cf+4y0KNXW48TLj5DwfXpvWlxXplUkdTrmPb8= -github.com/opencontainers/selinux v1.12.0/go.mod h1:BTPX+bjVbWGXw7ZZWUbdENt8w0htPSrlgOOysQaU62U= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= diff --git a/internal/third_party/selinux/.codespellrc b/internal/third_party/selinux/.codespellrc new file mode 100644 index 00000000000..8f0866a3e67 --- /dev/null +++ b/internal/third_party/selinux/.codespellrc @@ -0,0 +1,2 @@ +[codespell] +skip = ./.git,./go.sum,./go-selinux/testdata diff --git a/internal/third_party/selinux/.github/dependabot.yml b/internal/third_party/selinux/.github/dependabot.yml new file mode 100644 index 00000000000..b534a2b9ff0 --- /dev/null +++ b/internal/third_party/selinux/.github/dependabot.yml @@ -0,0 +1,10 @@ +# Please see the documentation for all configuration options: +# https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file + +version: 2 +updates: + # Dependencies listed in .github/workflows/*.yml + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "daily" diff --git a/internal/third_party/selinux/.github/workflows/validate.yml b/internal/third_party/selinux/.github/workflows/validate.yml new file mode 100644 index 00000000000..fab1cb49422 --- /dev/null +++ b/internal/third_party/selinux/.github/workflows/validate.yml @@ -0,0 +1,163 @@ +name: validate +on: + push: + tags: + - v* + branches: + - master + pull_request: + +jobs: + + commit: + runs-on: ubuntu-24.04 + # Only check commits on pull requests. + if: github.event_name == 'pull_request' + steps: + - name: get pr commits + id: 'get-pr-commits' + uses: tim-actions/get-pr-commits@v1.3.1 + with: + token: ${{ secrets.GITHUB_TOKEN }} + + - name: check subject line length + uses: tim-actions/commit-message-checker-with-regex@v0.3.2 + with: + commits: ${{ steps.get-pr-commits.outputs.commits }} + pattern: '^.{0,72}(\n.*)*$' + error: 'Subject too long (max 72)' + + lint: + runs-on: ubuntu-24.04 + steps: + - uses: actions/checkout@v5 + - uses: actions/setup-go@v6 + with: + go-version: 1.24.x + - uses: golangci/golangci-lint-action@v7 + with: + version: v2.0 + + codespell: + runs-on: ubuntu-24.04 + steps: + - uses: actions/checkout@v5 + - name: install deps + # Version of codespell bundled with Ubuntu is way old, so use pip. + run: pip install codespell + - name: run codespell + run: codespell + + cross: + runs-on: ubuntu-24.04 + steps: + - uses: actions/checkout@v5 + - name: cross + run: make build-cross + + test-stubs: + runs-on: macos-latest + steps: + - uses: actions/checkout@v5 + - uses: actions/setup-go@v6 + with: + go-version: 1.24.x + - uses: golangci/golangci-lint-action@v7 + with: + version: v2.0 + - name: test-stubs + run: make test + + test: + strategy: + fail-fast: false + matrix: + go-version: [1.19.x, 1.23.x, 1.24.x] + race: ["-race", ""] + runs-on: ubuntu-24.04 + steps: + - uses: actions/checkout@v5 + + - name: install go ${{ matrix.go-version }} + uses: actions/setup-go@v6 + with: + go-version: ${{ matrix.go-version }} + + - name: build + run: make BUILDFLAGS="${{ matrix.race }}" build + + - name: test + run: make TESTFLAGS="${{ matrix.race }}" test + + vm: + name: "VM" + strategy: + fail-fast: false + matrix: + template: + - template://almalinux-8 + - template://centos-stream-9 + - template://fedora + - template://experimental/opensuse-tumbleweed + runs-on: ubuntu-24.04 + steps: + - uses: actions/checkout@v5 + + - name: "Install Lima" + uses: lima-vm/lima-actions/setup@v1 + id: lima-actions-setup + + - name: "Cache ~/.cache/lima" + uses: actions/cache@v4 + with: + path: ~/.cache/lima + key: lima-${{ steps.lima-actions-setup.outputs.version }}-${{ matrix.template }} + + - name: "Start VM" + # --plain is set to disable file sharing, port forwarding, built-in containerd, etc. for faster start up + run: limactl start --plain --name=default ${{ matrix.template }} + + - name: "Initialize VM" + run: | + set -eux -o pipefail + # Sync the current directory to /tmp/selinux in the guest + limactl cp -r . default:/tmp/selinux + # Install packages + if lima command -v dnf >/dev/null; then + lima sudo dnf install --setopt=install_weak_deps=false --setopt=tsflags=nodocs -y git-core make golang + elif lima command -v zypper >/dev/null; then + lima sudo zypper install -y git make go + else + echo >&2 "Unsupported distribution" + exit 1 + fi + + - name: "make test" + continue-on-error: true + run: lima make -C /tmp/selinux test + + - name: "32-bit test" + continue-on-error: true + run: lima make -C /tmp/selinux GOARCH=386 test + + # https://github.com/opencontainers/selinux/issues/222 + # https://github.com/opencontainers/selinux/issues/225 + - name: "racy test" + continue-on-error: true + run: lima bash -c 'cd /tmp/selinux && go test -timeout 10m -count 100000 ./go-selinux' + + - name: "Show AVC denials" + run: lima sudo ausearch -m AVC,USER_AVC || true + + all-done: + needs: + - commit + - lint + - codespell + - cross + - test-stubs + - test + - vm + runs-on: ubuntu-24.04 + steps: + - run: echo "All jobs completed" diff --git a/internal/third_party/selinux/.gitignore b/internal/third_party/selinux/.gitignore new file mode 100644 index 00000000000..378eac25d31 --- /dev/null +++ b/internal/third_party/selinux/.gitignore @@ -0,0 +1 @@ +build diff --git a/internal/third_party/selinux/.golangci.yml b/internal/third_party/selinux/.golangci.yml new file mode 100644 index 00000000000..b1b98925140 --- /dev/null +++ b/internal/third_party/selinux/.golangci.yml @@ -0,0 +1,44 @@ +version: "2" + +formatters: + enable: + - gofumpt + +linters: + enable: + # - copyloopvar # Detects places where loop variables are copied. TODO enable for Go 1.22+ + - dupword # Detects duplicate words. + - errorlint # Detects code that may cause problems with Go 1.13 error wrapping. + - gocritic # Metalinter; detects bugs, performance, and styling issues. + - gosec # Detects security problems. + - misspell # Detects commonly misspelled English words in comments. + - nilerr # Detects code that returns nil even if it checks that the error is not nil. + - nolintlint # Detects ill-formed or insufficient nolint directives. + - prealloc # Detects slice declarations that could potentially be pre-allocated. + - predeclared # Detects code that shadows one of Go's predeclared identifiers + - revive # Metalinter; drop-in replacement for golint. + - thelper # Detects test helpers without t.Helper(). + - tparallel # Detects inappropriate usage of t.Parallel(). + - unconvert # Detects unnecessary type conversions. + - usetesting # Reports uses of functions with replacement inside the testing package. + settings: + govet: + enable-all: true + settings: + shadow: + strict: true + exclusions: + generated: strict + presets: + - comments + - common-false-positives + - legacy + - std-error-handling + rules: + - linters: + - govet + text: '^shadow: declaration of "err" shadows declaration' + +issues: + max-issues-per-linter: 0 + max-same-issues: 0 diff --git a/internal/third_party/selinux/CODEOWNERS b/internal/third_party/selinux/CODEOWNERS new file mode 100644 index 00000000000..14392178a11 --- /dev/null +++ b/internal/third_party/selinux/CODEOWNERS @@ -0,0 +1 @@ +* @kolyshkin @mrunalp @rhatdan @runcom @thajeztah diff --git a/internal/third_party/selinux/CONTRIBUTING.md b/internal/third_party/selinux/CONTRIBUTING.md new file mode 100644 index 00000000000..dc3ff6a516e --- /dev/null +++ b/internal/third_party/selinux/CONTRIBUTING.md @@ -0,0 +1,119 @@ +## Contribution Guidelines + +### Security issues + +If you are reporting a security issue, do not create an issue or file a pull +request on GitHub. Instead, disclose the issue responsibly by sending an email +to security@opencontainers.org (which is inhabited only by the maintainers of +the various OCI projects). + +### Pull requests are always welcome + +We are always thrilled to receive pull requests, and do our best to +process them as fast as possible. Not sure if that typo is worth a pull +request? Do it! We will appreciate it. + +If your pull request is not accepted on the first try, don't be +discouraged! If there's a problem with the implementation, hopefully you +received feedback on what to improve. + +We're trying very hard to keep the project lean and focused. We don't want it +to do everything for everybody. This means that we might decide against +incorporating a new feature. + + +### Conventions + +Fork the repo and make changes on your fork in a feature branch. +For larger bugs and enhancements, consider filing a leader issue or mailing-list thread for discussion that is independent of the implementation. +Small changes or changes that have been discussed on the project mailing list may be submitted without a leader issue. + +If the project has a test suite, submit unit tests for your changes. Take a +look at existing tests for inspiration. Run the full test suite on your branch +before submitting a pull request. + +Update the documentation when creating or modifying features. Test +your documentation changes for clarity, concision, and correctness, as +well as a clean documentation build. See ``docs/README.md`` for more +information on building the docs and how docs get released. + +Write clean code. Universally formatted code promotes ease of writing, reading, +and maintenance. Always run `gofmt -s -w file.go` on each changed file before +committing your changes. Most editors have plugins that do this automatically. + +Pull requests descriptions should be as clear as possible and include a +reference to all the issues that they address. + +Commit messages must start with a capitalized and short summary +written in the imperative, followed by an optional, more detailed +explanatory text which is separated from the summary by an empty line. + +Code review comments may be added to your pull request. Discuss, then make the +suggested modifications and push additional commits to your feature branch. Be +sure to post a comment after pushing. The new commits will show up in the pull +request automatically, but the reviewers will not be notified unless you +comment. + +Before the pull request is merged, make sure that you squash your commits into +logical units of work using `git rebase -i` and `git push -f`. After every +commit the test suite (if any) should be passing. Include documentation changes +in the same commit so that a revert would remove all traces of the feature or +fix. + +Commits that fix or close an issue should include a reference like `Closes #XXX` +or `Fixes #XXX`, which will automatically close the issue when merged. + +### Sign your work + +The sign-off is a simple line at the end of the explanation for the +patch, which certifies that you wrote it or otherwise have the right to +pass it on as an open-source patch. The rules are pretty simple: if you +can certify the below (from +[developercertificate.org](http://developercertificate.org/)): + +``` +Developer Certificate of Origin +Version 1.1 + +Copyright (C) 2004, 2006 The Linux Foundation and its contributors. +660 York Street, Suite 102, +San Francisco, CA 94110 USA + +Everyone is permitted to copy and distribute verbatim copies of this +license document, but changing it is not allowed. + + +Developer's Certificate of Origin 1.1 + +By making a contribution to this project, I certify that: + +(a) The contribution was created in whole or in part by me and I + have the right to submit it under the open source license + indicated in the file; or + +(b) The contribution is based upon previous work that, to the best + of my knowledge, is covered under an appropriate open source + license and I have the right under that license to submit that + work with modifications, whether created in whole or in part + by me, under the same open source license (unless I am + permitted to submit under a different license), as indicated + in the file; or + +(c) The contribution was provided directly to me by some other + person who certified (a), (b) or (c) and I have not modified + it. + +(d) I understand and agree that this project and the contribution + are public and that a record of the contribution (including all + personal information I submit with it, including my sign-off) is + maintained indefinitely and may be redistributed consistent with + this project or the open source license(s) involved. +``` + +then you just add a line to every git commit message: + + Signed-off-by: Joe Smith + +using your real name (sorry, no pseudonyms or anonymous contributions.) + +You can add the sign off when creating the git commit via `git commit -s`. diff --git a/internal/third_party/selinux/LICENSE b/internal/third_party/selinux/LICENSE new file mode 100644 index 00000000000..8dada3edaf5 --- /dev/null +++ b/internal/third_party/selinux/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/internal/third_party/selinux/MAINTAINERS b/internal/third_party/selinux/MAINTAINERS new file mode 100644 index 00000000000..748c18b4cd3 --- /dev/null +++ b/internal/third_party/selinux/MAINTAINERS @@ -0,0 +1,5 @@ +Antonio Murdaca (@runcom) +Daniel J Walsh (@rhatdan) +Mrunal Patel (@mrunalp) +Sebastiaan van Stijn (@thaJeztah) +Kirill Kolyshikin (@kolyshkin) diff --git a/internal/third_party/selinux/Makefile b/internal/third_party/selinux/Makefile new file mode 100644 index 00000000000..f7b9c3dac56 --- /dev/null +++ b/internal/third_party/selinux/Makefile @@ -0,0 +1,37 @@ +GO ?= go + +all: build build-cross + +define go-build + GOOS=$(1) GOARCH=$(2) $(GO) build ${BUILDFLAGS} ./... +endef + +.PHONY: build +build: + $(call go-build,linux,amd64) + +.PHONY: build-cross +build-cross: + $(call go-build,linux,386) + $(call go-build,linux,arm) + $(call go-build,linux,arm64) + $(call go-build,linux,ppc64le) + $(call go-build,linux,s390x) + $(call go-build,linux,mips64le) + $(call go-build,linux,riscv64) + $(call go-build,windows,amd64) + $(call go-build,windows,386) + + +.PHONY: test +test: + $(GO) test -timeout 3m ${TESTFLAGS} -v ./... + +.PHONY: lint +lint: + golangci-lint run + +.PHONY: vendor +vendor: + $(GO) mod tidy + $(GO) mod verify diff --git a/internal/third_party/selinux/README.md b/internal/third_party/selinux/README.md new file mode 100644 index 00000000000..cd6a60f805d --- /dev/null +++ b/internal/third_party/selinux/README.md @@ -0,0 +1,23 @@ +# selinux + +[![GoDoc](https://godoc.org/github.com/opencontainers/selinux?status.svg)](https://godoc.org/github.com/opencontainers/selinux) [![Go Report Card](https://goreportcard.com/badge/github.com/opencontainers/selinux)](https://goreportcard.com/report/github.com/opencontainers/selinux) [![Build Status](https://travis-ci.org/opencontainers/selinux.svg?branch=master)](https://travis-ci.org/opencontainers/selinux) + +Common SELinux package used across the container ecosystem. + +## Usage + +Prior to v1.8.0, the `selinux` build tag had to be used to enable selinux functionality for compiling consumers of this project. +Starting with v1.8.0, the `selinux` build tag is no longer needed. + +For complete documentation, see [godoc](https://godoc.org/github.com/opencontainers/selinux). + +## Code of Conduct + +Participation in the OpenContainers community is governed by [OpenContainer's Code of Conduct][code-of-conduct]. + +## Security + +If you find an issue, please follow the [security][security] protocol to report it. + +[security]: https://github.com/opencontainers/org/blob/master/SECURITY.md +[code-of-conduct]: https://github.com/opencontainers/org/blob/master/CODE_OF_CONDUCT.md diff --git a/internal/third_party/selinux/go-selinux/doc.go b/internal/third_party/selinux/go-selinux/doc.go new file mode 100644 index 00000000000..57a15c9a11e --- /dev/null +++ b/internal/third_party/selinux/go-selinux/doc.go @@ -0,0 +1,13 @@ +/* +Package selinux provides a high-level interface for interacting with selinux. + +Usage: + + import "github.com/opencontainers/selinux/go-selinux" + + // Ensure that selinux is enforcing mode. + if selinux.EnforceMode() != selinux.Enforcing { + selinux.SetEnforceMode(selinux.Enforcing) + } +*/ +package selinux diff --git a/internal/third_party/selinux/go-selinux/label/label.go b/internal/third_party/selinux/go-selinux/label/label.go new file mode 100644 index 00000000000..884a8b80593 --- /dev/null +++ b/internal/third_party/selinux/go-selinux/label/label.go @@ -0,0 +1,48 @@ +package label + +import ( + "fmt" + + "github.com/opencontainers/selinux/go-selinux" +) + +// Init initialises the labeling system +func Init() { + _ = selinux.GetEnabled() +} + +// FormatMountLabel returns a string to be used by the mount command. Using +// the SELinux `context` mount option. Changing labels of files on mount +// points with this option can never be changed. +// FormatMountLabel returns a string to be used by the mount command. +// The format of this string will be used to alter the labeling of the mountpoint. +// The string returned is suitable to be used as the options field of the mount command. +// If you need to have additional mount point options, you can pass them in as +// the first parameter. Second parameter is the label that you wish to apply +// to all content in the mount point. +func FormatMountLabel(src, mountLabel string) string { + return FormatMountLabelByType(src, mountLabel, "context") +} + +// FormatMountLabelByType returns a string to be used by the mount command. +// Allow caller to specify the mount options. For example using the SELinux +// `fscontext` mount option would allow certain container processes to change +// labels of files created on the mount points, where as `context` option does +// not. +// FormatMountLabelByType returns a string to be used by the mount command. +// The format of this string will be used to alter the labeling of the mountpoint. +// The string returned is suitable to be used as the options field of the mount command. +// If you need to have additional mount point options, you can pass them in as +// the first parameter. Second parameter is the label that you wish to apply +// to all content in the mount point. +func FormatMountLabelByType(src, mountLabel, contextType string) string { + if mountLabel != "" { + switch src { + case "": + src = fmt.Sprintf("%s=%q", contextType, mountLabel) + default: + src = fmt.Sprintf("%s,%s=%q", src, contextType, mountLabel) + } + } + return src +} diff --git a/internal/third_party/selinux/go-selinux/label/label_linux.go b/internal/third_party/selinux/go-selinux/label/label_linux.go new file mode 100644 index 00000000000..95f29e21f4e --- /dev/null +++ b/internal/third_party/selinux/go-selinux/label/label_linux.go @@ -0,0 +1,136 @@ +package label + +import ( + "errors" + "fmt" + "strings" + + "github.com/opencontainers/selinux/go-selinux" +) + +// Valid Label Options +var validOptions = map[string]bool{ + "disable": true, + "type": true, + "filetype": true, + "user": true, + "role": true, + "level": true, +} + +var ErrIncompatibleLabel = errors.New("bad SELinux option: z and Z can not be used together") + +// InitLabels returns the process label and file labels to be used within +// the container. A list of options can be passed into this function to alter +// the labels. The labels returned will include a random MCS String, that is +// guaranteed to be unique. +// If the disabled flag is passed in, the process label will not be set, but the mount label will be set +// to the container_file label with the maximum category. This label is not usable by any confined label. +func InitLabels(options []string) (plabel string, mlabel string, retErr error) { + if !selinux.GetEnabled() { + return "", "", nil + } + processLabel, mountLabel := selinux.ContainerLabels() + if processLabel != "" { + defer func() { + if retErr != nil { + selinux.ReleaseLabel(mountLabel) + } + }() + pcon, err := selinux.NewContext(processLabel) + if err != nil { + return "", "", err + } + mcsLevel := pcon["level"] + mcon, err := selinux.NewContext(mountLabel) + if err != nil { + return "", "", err + } + for _, opt := range options { + if opt == "disable" { + selinux.ReleaseLabel(mountLabel) + return "", selinux.PrivContainerMountLabel(), nil + } + if i := strings.Index(opt, ":"); i == -1 { + return "", "", fmt.Errorf("bad label option %q, valid options 'disable' or \n'user, role, level, type, filetype' followed by ':' and a value", opt) + } + con := strings.SplitN(opt, ":", 2) + if !validOptions[con[0]] { + return "", "", fmt.Errorf("bad label option %q, valid options 'disable, user, role, level, type, filetype'", con[0]) + } + if con[0] == "filetype" { + mcon["type"] = con[1] + continue + } + pcon[con[0]] = con[1] + if con[0] == "level" || con[0] == "user" { + mcon[con[0]] = con[1] + } + } + if pcon.Get() != processLabel { + if pcon["level"] != mcsLevel { + selinux.ReleaseLabel(processLabel) + } + processLabel = pcon.Get() + selinux.ReserveLabel(processLabel) + } + mountLabel = mcon.Get() + } + return processLabel, mountLabel, nil +} + +// SetFileLabel modifies the "path" label to the specified file label +func SetFileLabel(path string, fileLabel string) error { + if !selinux.GetEnabled() || fileLabel == "" { + return nil + } + return selinux.SetFileLabel(path, fileLabel) +} + +// SetFileCreateLabel tells the kernel the label for all files to be created +func SetFileCreateLabel(fileLabel string) error { + if !selinux.GetEnabled() { + return nil + } + return selinux.SetFSCreateLabel(fileLabel) +} + +// Relabel changes the label of path and all the entries beneath the path. +// It changes the MCS label to s0 if shared is true. +// This will allow all containers to share the content. +// +// The path itself is guaranteed to be relabeled last. +func Relabel(path string, fileLabel string, shared bool) error { + if !selinux.GetEnabled() || fileLabel == "" { + return nil + } + + if shared { + c, err := selinux.NewContext(fileLabel) + if err != nil { + return err + } + + c["level"] = "s0" + fileLabel = c.Get() + } + return selinux.Chcon(path, fileLabel, true) +} + +// Validate checks that the label does not include unexpected options +func Validate(label string) error { + if strings.Contains(label, "z") && strings.Contains(label, "Z") { + return ErrIncompatibleLabel + } + return nil +} + +// RelabelNeeded checks whether the user requested a relabel +func RelabelNeeded(label string) bool { + return strings.Contains(label, "z") || strings.Contains(label, "Z") +} + +// IsShared checks that the label includes a "shared" mark +func IsShared(label string) bool { + return strings.Contains(label, "z") +} diff --git a/internal/third_party/selinux/go-selinux/label/label_linux_test.go b/internal/third_party/selinux/go-selinux/label/label_linux_test.go new file mode 100644 index 00000000000..e25ead7951b --- /dev/null +++ b/internal/third_party/selinux/go-selinux/label/label_linux_test.go @@ -0,0 +1,130 @@ +package label + +import ( + "errors" + "os" + "testing" + + "github.com/opencontainers/selinux/go-selinux" +) + +func needSELinux(t *testing.T) { + t.Helper() + if !selinux.GetEnabled() { + t.Skip("SELinux not enabled, skipping.") + } +} + +func TestInit(t *testing.T) { + needSELinux(t) + + var testNull []string + _, _, err := InitLabels(testNull) + if err != nil { + t.Fatalf("InitLabels failed: %v:", err) + } + testDisabled := []string{"disable"} + if selinux.ROFileLabel() == "" { + t.Fatal("selinux.ROFileLabel: empty") + } + plabel, mlabel, err := InitLabels(testDisabled) + if err != nil { + t.Fatalf("InitLabels(disabled) failed: %v", err) + } + if plabel != "" { + t.Fatalf("InitLabels(disabled): %q not empty", plabel) + } + if mlabel != "system_u:object_r:container_file_t:s0:c1022,c1023" { + t.Fatalf("InitLabels Disabled mlabel Failed, %s", mlabel) + } + + testUser := []string{"user:user_u", "role:user_r", "type:user_t", "level:s0:c1,c15"} + plabel, mlabel, err = InitLabels(testUser) + if err != nil { + t.Fatalf("InitLabels(user) failed: %v", err) + } + if plabel != "user_u:user_r:user_t:s0:c1,c15" || (mlabel != "user_u:object_r:container_file_t:s0:c1,c15" && mlabel != "user_u:object_r:svirt_sandbox_file_t:s0:c1,c15") { + t.Fatalf("InitLabels(user) failed (plabel=%q, mlabel=%q)", plabel, mlabel) + } + + testBadData := []string{"user", "role:user_r", "type:user_t", "level:s0:c1,c15"} + if _, _, err = InitLabels(testBadData); err == nil { + t.Fatal("InitLabels(bad): expected error, got nil") + } +} + +func TestRelabel(t *testing.T) { + needSELinux(t) + + testdir := t.TempDir() + label := "system_u:object_r:container_file_t:s0:c1,c2" + if err := Relabel(testdir, "", true); err != nil { + t.Fatalf("Relabel with no label failed: %v", err) + } + if err := Relabel(testdir, label, true); err != nil { + t.Fatalf("Relabel shared failed: %v", err) + } + if err := Relabel(testdir, label, false); err != nil { + t.Fatalf("Relabel unshared failed: %v", err) + } + if err := Relabel("/etc", label, false); err == nil { + t.Fatalf("Relabel /etc succeeded") + } + if err := Relabel("/", label, false); err == nil { + t.Fatalf("Relabel / succeeded") + } + if err := Relabel("/usr", label, false); err == nil { + t.Fatalf("Relabel /usr succeeded") + } + if err := Relabel("/usr/", label, false); err == nil { + t.Fatalf("Relabel /usr/ succeeded") + } + if err := Relabel("/etc/passwd", label, false); err == nil { + t.Fatalf("Relabel /etc/passwd succeeded") + } + if home := os.Getenv("HOME"); home != "" { + if err := Relabel(home, label, false); err == nil { + t.Fatalf("Relabel %s succeeded", home) + } + } +} + +func TestValidate(t *testing.T) { + if err := Validate("zZ"); !errors.Is(err, ErrIncompatibleLabel) { + t.Fatalf("Expected incompatible error, got %v", err) + } + if err := Validate("Z"); err != nil { + t.Fatal(err) + } + if err := Validate("z"); err != nil { + t.Fatal(err) + } + if err := Validate(""); err != nil { + t.Fatal(err) + } +} + +func TestIsShared(t *testing.T) { + if shared := IsShared("Z"); shared { + t.Fatalf("Expected label `Z` to not be shared, got %v", shared) + } + if shared := IsShared("z"); !shared { + t.Fatalf("Expected label `z` to be shared, got %v", shared) + } + if shared := IsShared("Zz"); !shared { + t.Fatalf("Expected label `Zz` to be shared, got %v", shared) + } +} + +func TestFileLabel(t *testing.T) { + needSELinux(t) + + testUser := []string{"filetype:test_file_t", "level:s0:c1,c15"} + _, mlabel, err := InitLabels(testUser) + if err != nil { + t.Fatalf("InitLabels(user) failed: %v", err) + } + if mlabel != "system_u:object_r:test_file_t:s0:c1,c15" { + t.Fatalf("InitLabels(filetype) failed: %v", err) + } +} diff --git a/internal/third_party/selinux/go-selinux/label/label_stub.go b/internal/third_party/selinux/go-selinux/label/label_stub.go new file mode 100644 index 00000000000..7a54afc5e6d --- /dev/null +++ b/internal/third_party/selinux/go-selinux/label/label_stub.go @@ -0,0 +1,44 @@ +//go:build !linux +// +build !linux + +package label + +// InitLabels returns the process label and file labels to be used within +// the container. A list of options can be passed into this function to alter +// the labels. +func InitLabels([]string) (string, string, error) { + return "", "", nil +} + +func SetFileLabel(string, string) error { + return nil +} + +func SetFileCreateLabel(string) error { + return nil +} + +func Relabel(string, string, bool) error { + return nil +} + +// DisableSecOpt returns a security opt that can disable labeling +// support for future container processes +func DisableSecOpt() []string { + return nil +} + +// Validate checks that the label does not include unexpected options +func Validate(string) error { + return nil +} + +// RelabelNeeded checks whether the user requested a relabel +func RelabelNeeded(string) bool { + return false +} + +// IsShared checks that the label includes a "shared" mark +func IsShared(string) bool { + return false +} diff --git a/internal/third_party/selinux/go-selinux/label/label_stub_test.go b/internal/third_party/selinux/go-selinux/label/label_stub_test.go new file mode 100644 index 00000000000..e92cc8b9455 --- /dev/null +++ b/internal/third_party/selinux/go-selinux/label/label_stub_test.go @@ -0,0 +1,76 @@ +//go:build !linux +// +build !linux + +package label + +import ( + "testing" + + "github.com/opencontainers/selinux/go-selinux" +) + +const testLabel = "system_u:object_r:container_file_t:s0:c1,c2" + +func TestInit(t *testing.T) { + var testNull []string + _, _, err := InitLabels(testNull) + if err != nil { + t.Log("InitLabels Failed") + t.Fatal(err) + } + testDisabled := []string{"disable"} + if selinux.ROFileLabel() != "" { + t.Error("selinux.ROFileLabel Failed") + } + plabel, mlabel, err := InitLabels(testDisabled) + if err != nil { + t.Log("InitLabels Disabled Failed") + t.Fatal(err) + } + if plabel != "" { + t.Fatal("InitLabels Disabled Failed") + } + if mlabel != "" { + t.Fatal("InitLabels Disabled mlabel Failed") + } + testUser := []string{"user:user_u", "role:user_r", "type:user_t", "level:s0:c1,c15"} + _, _, err = InitLabels(testUser) + if err != nil { + t.Log("InitLabels User Failed") + t.Fatal(err) + } +} + +func TestRelabel(t *testing.T) { + if err := Relabel("/etc", testLabel, false); err != nil { + t.Fatalf("Relabel /etc succeeded") + } +} + +func TestCheckLabelCompile(t *testing.T) { + if _, _, err := InitLabels(nil); err != nil { + t.Fatal(err) + } + + tmpDir := t.TempDir() + + if err := SetFileLabel(tmpDir, "foobar"); err != nil { + t.Fatal(err) + } + + if err := SetFileCreateLabel("foobar"); err != nil { + t.Fatal(err) + } + + DisableSecOpt() + + if err := Validate("foobar"); err != nil { + t.Fatal(err) + } + if relabel := RelabelNeeded("foobar"); relabel { + t.Fatal("Relabel failed") + } + if shared := IsShared("foobar"); shared { + t.Fatal("isshared failed") + } +} diff --git a/internal/third_party/selinux/go-selinux/label/label_test.go b/internal/third_party/selinux/go-selinux/label/label_test.go new file mode 100644 index 00000000000..fb172f3ff23 --- /dev/null +++ b/internal/third_party/selinux/go-selinux/label/label_test.go @@ -0,0 +1,35 @@ +package label + +import "testing" + +func TestFormatMountLabel(t *testing.T) { + expected := `context="foobar"` + if test := FormatMountLabel("", "foobar"); test != expected { + t.Fatalf("Format failed. Expected %s, got %s", expected, test) + } + + expected = `src,context="foobar"` + if test := FormatMountLabel("src", "foobar"); test != expected { + t.Fatalf("Format failed. Expected %s, got %s", expected, test) + } + + expected = `src` + if test := FormatMountLabel("src", ""); test != expected { + t.Fatalf("Format failed. Expected %s, got %s", expected, test) + } + + expected = `fscontext="foobar"` + if test := FormatMountLabelByType("", "foobar", "fscontext"); test != expected { + t.Fatalf("Format failed. Expected %s, got %s", expected, test) + } + + expected = `src,fscontext="foobar"` + if test := FormatMountLabelByType("src", "foobar", "fscontext"); test != expected { + t.Fatalf("Format failed. Expected %s, got %s", expected, test) + } + + expected = `src` + if test := FormatMountLabelByType("src", "", "rootcontext"); test != expected { + t.Fatalf("Format failed. Expected %s, got %s", expected, test) + } +} diff --git a/internal/third_party/selinux/go-selinux/selinux.go b/internal/third_party/selinux/go-selinux/selinux.go new file mode 100644 index 00000000000..15150d47528 --- /dev/null +++ b/internal/third_party/selinux/go-selinux/selinux.go @@ -0,0 +1,322 @@ +package selinux + +import ( + "errors" +) + +const ( + // Enforcing constant indicate SELinux is in enforcing mode + Enforcing = 1 + // Permissive constant to indicate SELinux is in permissive mode + Permissive = 0 + // Disabled constant to indicate SELinux is disabled + Disabled = -1 + // maxCategory is the maximum number of categories used within containers + maxCategory = 1024 + // DefaultCategoryRange is the upper bound on the category range + DefaultCategoryRange = uint32(maxCategory) +) + +var ( + // ErrMCSAlreadyExists is returned when trying to allocate a duplicate MCS. + ErrMCSAlreadyExists = errors.New("MCS label already exists") + // ErrEmptyPath is returned when an empty path has been specified. + ErrEmptyPath = errors.New("empty path") + + // ErrInvalidLabel is returned when an invalid label is specified. + ErrInvalidLabel = errors.New("invalid Label") + + // InvalidLabel is returned when an invalid label is specified. + // + // Deprecated: use [ErrInvalidLabel]. + InvalidLabel = ErrInvalidLabel + + // ErrIncomparable is returned two levels are not comparable + ErrIncomparable = errors.New("incomparable levels") + // ErrLevelSyntax is returned when a sensitivity or category do not have correct syntax in a level + ErrLevelSyntax = errors.New("invalid level syntax") + + // ErrContextMissing is returned if a requested context is not found in a file. + ErrContextMissing = errors.New("context does not have a match") + // ErrVerifierNil is returned when a context verifier function is nil. + ErrVerifierNil = errors.New("verifier function is nil") + + // ErrNotTGLeader is returned by [SetKeyLabel] if the calling thread + // is not the thread group leader. + ErrNotTGLeader = errors.New("calling thread is not the thread group leader") + + // CategoryRange allows the upper bound on the category range to be adjusted + CategoryRange = DefaultCategoryRange + + privContainerMountLabel string +) + +// Context is a representation of the SELinux label broken into 4 parts +type Context map[string]string + +// SetDisabled disables SELinux support for the package +func SetDisabled() { + setDisabled() +} + +// GetEnabled returns whether SELinux is currently enabled. +func GetEnabled() bool { + return getEnabled() +} + +// ClassIndex returns the int index for an object class in the loaded policy, +// or -1 and an error +func ClassIndex(class string) (int, error) { + return classIndex(class) +} + +// SetFileLabel sets the SELinux label for this path, following symlinks, +// or returns an error. +func SetFileLabel(fpath string, label string) error { + return setFileLabel(fpath, label) +} + +// LsetFileLabel sets the SELinux label for this path, not following symlinks, +// or returns an error. +func LsetFileLabel(fpath string, label string) error { + return lSetFileLabel(fpath, label) +} + +// FileLabel returns the SELinux label for this path, following symlinks, +// or returns an error. +func FileLabel(fpath string) (string, error) { + return fileLabel(fpath) +} + +// LfileLabel returns the SELinux label for this path, not following symlinks, +// or returns an error. +func LfileLabel(fpath string) (string, error) { + return lFileLabel(fpath) +} + +// SetFSCreateLabel tells the kernel what label to use for all file system objects +// created by this task. +// Set the label to an empty string to return to the default label. Calls to SetFSCreateLabel +// should be wrapped in runtime.LockOSThread()/runtime.UnlockOSThread() until file system +// objects created by this task are finished to guarantee another goroutine does not migrate +// to the current thread before execution is complete. +func SetFSCreateLabel(label string) error { + return setFSCreateLabel(label) +} + +// FSCreateLabel returns the default label the kernel which the kernel is using +// for file system objects created by this task. "" indicates default. +func FSCreateLabel() (string, error) { + return fsCreateLabel() +} + +// CurrentLabel returns the SELinux label of the current process thread, or an error. +func CurrentLabel() (string, error) { + return currentLabel() +} + +// PidLabel returns the SELinux label of the given pid, or an error. +func PidLabel(pid int) (string, error) { + return pidLabel(pid) +} + +// ExecLabel returns the SELinux label that the kernel will use for any programs +// that are executed by the current process thread, or an error. +func ExecLabel() (string, error) { + return execLabel() +} + +// CanonicalizeContext takes a context string and writes it to the kernel +// the function then returns the context that the kernel will use. Use this +// function to check if two contexts are equivalent +func CanonicalizeContext(val string) (string, error) { + return canonicalizeContext(val) +} + +// ComputeCreateContext requests the type transition from source to target for +// class from the kernel. +func ComputeCreateContext(source string, target string, class string) (string, error) { + return computeCreateContext(source, target, class) +} + +// CalculateGlbLub computes the glb (greatest lower bound) and lub (least upper bound) +// of a source and target range. +// The glblub is calculated as the greater of the low sensitivities and +// the lower of the high sensitivities and the and of each category bitset. +func CalculateGlbLub(sourceRange, targetRange string) (string, error) { + return calculateGlbLub(sourceRange, targetRange) +} + +// SetExecLabel sets the SELinux label that the kernel will use for any programs +// that are executed by the current process thread, or an error. Calls to SetExecLabel +// should be wrapped in runtime.LockOSThread()/runtime.UnlockOSThread() until execution +// of the program is finished to guarantee another goroutine does not migrate to the current +// thread before execution is complete. +func SetExecLabel(label string) error { + return writeConThreadSelf("attr/exec", label) +} + +// SetTaskLabel sets the SELinux label for the current thread, or an error. +// This requires the dyntransition permission. Calls to SetTaskLabel should +// be wrapped in runtime.LockOSThread()/runtime.UnlockOSThread() to guarantee +// the current thread does not run in a new mislabeled thread. +func SetTaskLabel(label string) error { + return writeConThreadSelf("attr/current", label) +} + +// SetSocketLabel takes a process label and tells the kernel to assign the +// label to the next socket that gets created. Calls to SetSocketLabel +// should be wrapped in runtime.LockOSThread()/runtime.UnlockOSThread() until +// the socket is created to guarantee another goroutine does not migrate +// to the current thread before execution is complete. +func SetSocketLabel(label string) error { + return writeConThreadSelf("attr/sockcreate", label) +} + +// SocketLabel retrieves the current socket label setting +func SocketLabel() (string, error) { + return readConThreadSelf("attr/sockcreate") +} + +// PeerLabel retrieves the label of the client on the other side of a socket +func PeerLabel(fd uintptr) (string, error) { + return peerLabel(fd) +} + +// SetKeyLabel takes a process label and tells the kernel to assign the +// label to the next kernel keyring that gets created. +// +// Calls to SetKeyLabel should be wrapped in +// runtime.LockOSThread()/runtime.UnlockOSThread() until the kernel keyring is +// created to guarantee another goroutine does not migrate to the current +// thread before execution is complete. +// +// Only the thread group leader can set key label. +func SetKeyLabel(label string) error { + return setKeyLabel(label) +} + +// KeyLabel retrieves the current kernel keyring label setting +func KeyLabel() (string, error) { + return keyLabel() +} + +// Get returns the Context as a string +func (c Context) Get() string { + return c.get() +} + +// NewContext creates a new Context struct from the specified label +func NewContext(label string) (Context, error) { + return newContext(label) +} + +// ClearLabels clears all reserved labels +func ClearLabels() { + clearLabels() +} + +// ReserveLabel reserves the MLS/MCS level component of the specified label +func ReserveLabel(label string) { + reserveLabel(label) +} + +// MLSEnabled checks if MLS is enabled. +func MLSEnabled() bool { + return isMLSEnabled() +} + +// EnforceMode returns the current SELinux mode Enforcing, Permissive, Disabled +func EnforceMode() int { + return enforceMode() +} + +// SetEnforceMode sets the current SELinux mode Enforcing, Permissive. +// Disabled is not valid, since this needs to be set at boot time. +func SetEnforceMode(mode int) error { + return setEnforceMode(mode) +} + +// DefaultEnforceMode returns the systems default SELinux mode Enforcing, +// Permissive or Disabled. Note this is just the default at boot time. +// EnforceMode tells you the systems current mode. +func DefaultEnforceMode() int { + return defaultEnforceMode() +} + +// ReleaseLabel un-reserves the MLS/MCS Level field of the specified label, +// allowing it to be used by another process. +func ReleaseLabel(label string) { + releaseLabel(label) +} + +// ROFileLabel returns the specified SELinux readonly file label +func ROFileLabel() string { + return roFileLabel() +} + +// KVMContainerLabels returns the default processLabel and mountLabel to be used +// for kvm containers by the calling process. +func KVMContainerLabels() (string, string) { + return kvmContainerLabels() +} + +// InitContainerLabels returns the default processLabel and file labels to be +// used for containers running an init system like systemd by the calling process. +func InitContainerLabels() (string, string) { + return initContainerLabels() +} + +// ContainerLabels returns an allocated processLabel and fileLabel to be used for +// container labeling by the calling process. +func ContainerLabels() (processLabel string, fileLabel string) { + return containerLabels() +} + +// SecurityCheckContext validates that the SELinux label is understood by the kernel +func SecurityCheckContext(val string) error { + return securityCheckContext(val) +} + +// CopyLevel returns a label with the MLS/MCS level from src label replaced on +// the dest label. +func CopyLevel(src, dest string) (string, error) { + return copyLevel(src, dest) +} + +// Chcon changes the fpath file object to the SELinux label. +// If fpath is a directory and recurse is true, then Chcon walks the +// directory tree setting the label. +// +// The fpath itself is guaranteed to be relabeled last. +func Chcon(fpath string, label string, recurse bool) error { + return chcon(fpath, label, recurse) +} + +// DupSecOpt takes an SELinux process label and returns security options that +// can be used to set the SELinux Type and Level for future container processes. +func DupSecOpt(src string) ([]string, error) { + return dupSecOpt(src) +} + +// DisableSecOpt returns a security opt that can be used to disable SELinux +// labeling support for future container processes. +func DisableSecOpt() []string { + return []string{"disable"} +} + +// GetDefaultContextWithLevel gets a single context for the specified SELinux user +// identity that is reachable from the specified scon context. The context is based +// on the per-user /etc/selinux/{SELINUXTYPE}/contexts/users/ if it exists, +// and falls back to the global /etc/selinux/{SELINUXTYPE}/contexts/default_contexts +// file. +func GetDefaultContextWithLevel(user, level, scon string) (string, error) { + return getDefaultContextWithLevel(user, level, scon) +} + +// PrivContainerMountLabel returns mount label for privileged containers +func PrivContainerMountLabel() string { + // Make sure label is initialized. + _ = label("") + return privContainerMountLabel +} diff --git a/internal/third_party/selinux/go-selinux/selinux_linux.go b/internal/third_party/selinux/go-selinux/selinux_linux.go new file mode 100644 index 00000000000..70392d98904 --- /dev/null +++ b/internal/third_party/selinux/go-selinux/selinux_linux.go @@ -0,0 +1,1405 @@ +package selinux + +import ( + "bufio" + "bytes" + "crypto/rand" + "encoding/binary" + "errors" + "fmt" + "io" + "io/fs" + "math/big" + "os" + "os/user" + "path/filepath" + "strconv" + "strings" + "sync" + + "github.com/cyphar/filepath-securejoin/pathrs-lite" + "github.com/cyphar/filepath-securejoin/pathrs-lite/procfs" + "golang.org/x/sys/unix" + + "github.com/opencontainers/selinux/pkg/pwalkdir" +) + +const ( + minSensLen = 2 + contextFile = "/usr/share/containers/selinux/contexts" + selinuxDir = "/etc/selinux/" + selinuxUsersDir = "contexts/users" + defaultContexts = "contexts/default_contexts" + selinuxConfig = selinuxDir + "config" + selinuxfsMount = "/sys/fs/selinux" + selinuxTypeTag = "SELINUXTYPE" + selinuxTag = "SELINUX" + xattrNameSelinux = "security.selinux" +) + +type selinuxState struct { + mcsList map[string]bool + selinuxfs string + selinuxfsOnce sync.Once + enabledSet bool + enabled bool + sync.Mutex +} + +type level struct { + cats *big.Int + sens int +} + +type mlsRange struct { + low *level + high *level +} + +type defaultSECtx struct { + userRdr io.Reader + verifier func(string) error + defaultRdr io.Reader + user, level, scon string +} + +type levelItem byte + +const ( + sensitivity levelItem = 's' + category levelItem = 'c' +) + +var ( + readOnlyFileLabel string + state = selinuxState{ + mcsList: make(map[string]bool), + } + + // for policyRoot() + policyRootOnce sync.Once + policyRootVal string + + // for label() + loadLabelsOnce sync.Once + labels map[string]string +) + +func policyRoot() string { + policyRootOnce.Do(func() { + policyRootVal = filepath.Join(selinuxDir, readConfig(selinuxTypeTag)) + }) + + return policyRootVal +} + +func (s *selinuxState) setEnable(enabled bool) bool { + s.Lock() + defer s.Unlock() + s.enabledSet = true + s.enabled = enabled + return s.enabled +} + +func (s *selinuxState) getEnabled() bool { + s.Lock() + enabled := s.enabled + enabledSet := s.enabledSet + s.Unlock() + if enabledSet { + return enabled + } + + enabled = false + if fs := getSelinuxMountPoint(); fs != "" { + if con, _ := CurrentLabel(); con != "kernel" { + enabled = true + } + } + return s.setEnable(enabled) +} + +// setDisabled disables SELinux support for the package +func setDisabled() { + state.setEnable(false) +} + +func verifySELinuxfsMount(mnt string) bool { + var buf unix.Statfs_t + for { + err := unix.Statfs(mnt, &buf) + if err == nil { + break + } + if err == unix.EAGAIN || err == unix.EINTR { + continue + } + return false + } + + //#nosec G115 -- there is no overflow here. + if uint32(buf.Type) != uint32(unix.SELINUX_MAGIC) { + return false + } + if (buf.Flags & unix.ST_RDONLY) != 0 { + return false + } + + return true +} + +func findSELinuxfs() string { + // fast path: check the default mount first + if verifySELinuxfsMount(selinuxfsMount) { + return selinuxfsMount + } + + // check if selinuxfs is available before going the slow path + fs, err := os.ReadFile("/proc/filesystems") + if err != nil { + return "" + } + if !bytes.Contains(fs, []byte("\tselinuxfs\n")) { + return "" + } + + // slow path: try to find among the mounts + f, err := os.Open("/proc/self/mountinfo") + if err != nil { + return "" + } + defer f.Close() + + scanner := bufio.NewScanner(f) + for { + mnt := findSELinuxfsMount(scanner) + if mnt == "" { // error or not found + return "" + } + if verifySELinuxfsMount(mnt) { + return mnt + } + } +} + +// findSELinuxfsMount returns a next selinuxfs mount point found, +// if there is one, or an empty string in case of EOF or error. +func findSELinuxfsMount(s *bufio.Scanner) string { + for s.Scan() { + txt := s.Bytes() + // The first field after - is fs type. + // Safe as spaces in mountpoints are encoded as \040 + if !bytes.Contains(txt, []byte(" - selinuxfs ")) { + continue + } + const mPos = 5 // mount point is 5th field + fields := bytes.SplitN(txt, []byte(" "), mPos+1) + if len(fields) < mPos+1 { + continue + } + return string(fields[mPos-1]) + } + + return "" +} + +func (s *selinuxState) getSELinuxfs() string { + s.selinuxfsOnce.Do(func() { + s.selinuxfs = findSELinuxfs() + }) + + return s.selinuxfs +} + +// getSelinuxMountPoint returns the path to the mountpoint of an selinuxfs +// filesystem or an empty string if no mountpoint is found. Selinuxfs is +// a proc-like pseudo-filesystem that exposes the SELinux policy API to +// processes. The existence of an selinuxfs mount is used to determine +// whether SELinux is currently enabled or not. +func getSelinuxMountPoint() string { + return state.getSELinuxfs() +} + +// getEnabled returns whether SELinux is currently enabled. +func getEnabled() bool { + return state.getEnabled() +} + +func readConfig(target string) string { + in, err := os.Open(selinuxConfig) + if err != nil { + return "" + } + defer in.Close() + + scanner := bufio.NewScanner(in) + + for scanner.Scan() { + line := bytes.TrimSpace(scanner.Bytes()) + if len(line) == 0 { + // Skip blank lines + continue + } + if line[0] == ';' || line[0] == '#' { + // Skip comments + continue + } + fields := bytes.SplitN(line, []byte{'='}, 2) + if len(fields) != 2 { + continue + } + if bytes.Equal(fields[0], []byte(target)) { + return string(bytes.Trim(fields[1], `"`)) + } + } + return "" +} + +func readConFd(in *os.File) (string, error) { + data, err := io.ReadAll(in) + if err != nil { + return "", err + } + return string(bytes.TrimSuffix(data, []byte{0})), nil +} + +func writeConFd(out *os.File, val string) error { + var err error + if val != "" { + _, err = out.Write([]byte(val)) + } else { + _, err = out.Write(nil) + } + return err +} + +// openProcThreadSelf is a small wrapper around [OpenThreadSelf] and +// [pathrs.Reopen] to make "one-shot opens" slightly more ergonomic. The +// provided mode must be os.O_* flags to indicate what mode the returned file +// should be opened with (flags like os.O_CREAT and os.O_EXCL are not +// supported). +// +// If no error occurred, the returned handle is guaranteed to be exactly +// /proc/thread-self/ with no tricky mounts or symlinks causing you to +// operate on an unexpected path (with some caveats on pre-openat2 or +// pre-fsopen kernels). +// +// [OpenThreadSelf]: https://pkg.go.dev/github.com/cyphar/filepath-securejoin/pathrs-lite/procfs#Handle.OpenThreadSelf +func openProcThreadSelf(subpath string, mode int) (*os.File, procfs.ProcThreadSelfCloser, error) { + if subpath == "" { + return nil, nil, ErrEmptyPath + } + + proc, err := procfs.OpenProcRoot() + if err != nil { + return nil, nil, err + } + defer proc.Close() + + handle, closer, err := proc.OpenThreadSelf(subpath) + if err != nil { + return nil, nil, fmt.Errorf("open /proc/thread-self/%s handle: %w", subpath, err) + } + defer handle.Close() // we will return a re-opened handle + + file, err := pathrs.Reopen(handle, mode) + if err != nil { + closer() + return nil, nil, fmt.Errorf("reopen /proc/thread-self/%s handle (%#x): %w", subpath, mode, err) + } + return file, closer, nil +} + +// Read the contents of /proc/thread-self/. +func readConThreadSelf(fpath string) (string, error) { + in, closer, err := openProcThreadSelf(fpath, os.O_RDONLY|unix.O_CLOEXEC) + if err != nil { + return "", err + } + defer closer() + defer in.Close() + + return readConFd(in) +} + +// Write to /proc/thread-self/. +func writeConThreadSelf(fpath, val string) error { + if val == "" { + if !getEnabled() { + return nil + } + } + + out, closer, err := openProcThreadSelf(fpath, os.O_WRONLY|unix.O_CLOEXEC) + if err != nil { + return err + } + defer closer() + defer out.Close() + + return writeConFd(out, val) +} + +// openProcSelf is a small wrapper around [OpenSelf] and [pathrs.Reopen] to +// make "one-shot opens" slightly more ergonomic. The provided mode must be +// os.O_* flags to indicate what mode the returned file should be opened with +// (flags like os.O_CREAT and os.O_EXCL are not supported). +// +// If no error occurred, the returned handle is guaranteed to be exactly +// /proc/self/ with no tricky mounts or symlinks causing you to +// operate on an unexpected path (with some caveats on pre-openat2 or +// pre-fsopen kernels). +// +// [OpenSelf]: https://pkg.go.dev/github.com/cyphar/filepath-securejoin/pathrs-lite/procfs#Handle.OpenSelf +func openProcSelf(subpath string, mode int) (*os.File, error) { + if subpath == "" { + return nil, ErrEmptyPath + } + + proc, err := procfs.OpenProcRoot() + if err != nil { + return nil, err + } + defer proc.Close() + + handle, err := proc.OpenSelf(subpath) + if err != nil { + return nil, fmt.Errorf("open /proc/self/%s handle: %w", subpath, err) + } + defer handle.Close() // we will return a re-opened handle + + file, err := pathrs.Reopen(handle, mode) + if err != nil { + return nil, fmt.Errorf("reopen /proc/self/%s handle (%#x): %w", subpath, mode, err) + } + return file, nil +} + +// Read the contents of /proc/self/. +func readConSelf(fpath string) (string, error) { + in, err := openProcSelf(fpath, os.O_RDONLY|unix.O_CLOEXEC) + if err != nil { + return "", err + } + defer in.Close() + + return readConFd(in) +} + +// Write to /proc/self/. +func writeConSelf(fpath, val string) error { + if val == "" { + if !getEnabled() { + return nil + } + } + + out, err := openProcSelf(fpath, os.O_WRONLY|unix.O_CLOEXEC) + if err != nil { + return err + } + defer out.Close() + + return writeConFd(out, val) +} + +// openProcPid is a small wrapper around [OpenPid] and [pathrs.Reopen] to make +// "one-shot opens" slightly more ergonomic. The provided mode must be os.O_* +// flags to indicate what mode the returned file should be opened with (flags +// like os.O_CREAT and os.O_EXCL are not supported). +// +// If no error occurred, the returned handle is guaranteed to be exactly +// /proc/self/ with no tricky mounts or symlinks causing you to +// operate on an unexpected path (with some caveats on pre-openat2 or +// pre-fsopen kernels). +// +// [OpenPid]: https://pkg.go.dev/github.com/cyphar/filepath-securejoin/pathrs-lite/procfs#Handle.OpenPid +func openProcPid(pid int, subpath string, mode int) (*os.File, error) { + if subpath == "" { + return nil, ErrEmptyPath + } + + proc, err := procfs.OpenProcRoot() + if err != nil { + return nil, err + } + defer proc.Close() + + handle, err := proc.OpenPid(pid, subpath) + if err != nil { + return nil, fmt.Errorf("open /proc/%d/%s handle: %w", pid, subpath, err) + } + defer handle.Close() // we will return a re-opened handle + + file, err := pathrs.Reopen(handle, mode) + if err != nil { + return nil, fmt.Errorf("reopen /proc/%d/%s handle (%#x): %w", pid, subpath, mode, err) + } + return file, nil +} + +// classIndex returns the int index for an object class in the loaded policy, +// or -1 and an error +func classIndex(class string) (int, error) { + permpath := fmt.Sprintf("class/%s/index", class) + indexpath := filepath.Join(getSelinuxMountPoint(), permpath) + + indexB, err := os.ReadFile(indexpath) + if err != nil { + return -1, err + } + index, err := strconv.Atoi(string(indexB)) + if err != nil { + return -1, err + } + + return index, nil +} + +// lSetFileLabel sets the SELinux label for this path, not following symlinks, +// or returns an error. +func lSetFileLabel(fpath string, label string) error { + if fpath == "" { + return ErrEmptyPath + } + for { + err := unix.Lsetxattr(fpath, xattrNameSelinux, []byte(label), 0) + if err == nil { + break + } + if err != unix.EINTR { + return &os.PathError{Op: fmt.Sprintf("lsetxattr(label=%s)", label), Path: fpath, Err: err} + } + } + + return nil +} + +// setFileLabel sets the SELinux label for this path, following symlinks, +// or returns an error. +func setFileLabel(fpath string, label string) error { + if fpath == "" { + return ErrEmptyPath + } + for { + err := unix.Setxattr(fpath, xattrNameSelinux, []byte(label), 0) + if err == nil { + break + } + if err != unix.EINTR { + return &os.PathError{Op: fmt.Sprintf("setxattr(label=%s)", label), Path: fpath, Err: err} + } + } + + return nil +} + +// fileLabel returns the SELinux label for this path, following symlinks, +// or returns an error. +func fileLabel(fpath string) (string, error) { + if fpath == "" { + return "", ErrEmptyPath + } + + label, err := getxattr(fpath, xattrNameSelinux) + if err != nil { + return "", &os.PathError{Op: "getxattr", Path: fpath, Err: err} + } + // Trim the NUL byte at the end of the byte buffer, if present. + if len(label) > 0 && label[len(label)-1] == '\x00' { + label = label[:len(label)-1] + } + return string(label), nil +} + +// lFileLabel returns the SELinux label for this path, not following symlinks, +// or returns an error. +func lFileLabel(fpath string) (string, error) { + if fpath == "" { + return "", ErrEmptyPath + } + + label, err := lgetxattr(fpath, xattrNameSelinux) + if err != nil { + return "", &os.PathError{Op: "lgetxattr", Path: fpath, Err: err} + } + // Trim the NUL byte at the end of the byte buffer, if present. + if len(label) > 0 && label[len(label)-1] == '\x00' { + label = label[:len(label)-1] + } + return string(label), nil +} + +func setFSCreateLabel(label string) error { + return writeConThreadSelf("attr/fscreate", label) +} + +// fsCreateLabel returns the default label the kernel which the kernel is using +// for file system objects created by this task. "" indicates default. +func fsCreateLabel() (string, error) { + return readConThreadSelf("attr/fscreate") +} + +// currentLabel returns the SELinux label of the current process thread, or an error. +func currentLabel() (string, error) { + return readConThreadSelf("attr/current") +} + +// pidLabel returns the SELinux label of the given pid, or an error. +func pidLabel(pid int) (string, error) { + it, err := openProcPid(pid, "attr/current", os.O_RDONLY|unix.O_CLOEXEC) + if err != nil { + return "", nil + } + defer it.Close() + return readConFd(it) +} + +// ExecLabel returns the SELinux label that the kernel will use for any programs +// that are executed by the current process thread, or an error. +func execLabel() (string, error) { + return readConThreadSelf("exec") +} + +// canonicalizeContext takes a context string and writes it to the kernel +// the function then returns the context that the kernel will use. Use this +// function to check if two contexts are equivalent +func canonicalizeContext(val string) (string, error) { + return readWriteCon(filepath.Join(getSelinuxMountPoint(), "context"), val) +} + +// computeCreateContext requests the type transition from source to target for +// class from the kernel. +func computeCreateContext(source string, target string, class string) (string, error) { + classidx, err := classIndex(class) + if err != nil { + return "", err + } + + return readWriteCon(filepath.Join(getSelinuxMountPoint(), "create"), fmt.Sprintf("%s %s %d", source, target, classidx)) +} + +// catsToBitset stores categories in a bitset. +func catsToBitset(cats string) (*big.Int, error) { + bitset := new(big.Int) + + catlist := strings.Split(cats, ",") + for _, r := range catlist { + ranges := strings.SplitN(r, ".", 2) + if len(ranges) > 1 { + catstart, err := parseLevelItem(ranges[0], category) + if err != nil { + return nil, err + } + catend, err := parseLevelItem(ranges[1], category) + if err != nil { + return nil, err + } + for i := catstart; i <= catend; i++ { + bitset.SetBit(bitset, i, 1) + } + } else { + cat, err := parseLevelItem(ranges[0], category) + if err != nil { + return nil, err + } + bitset.SetBit(bitset, cat, 1) + } + } + + return bitset, nil +} + +// parseLevelItem parses and verifies that a sensitivity or category are valid +func parseLevelItem(s string, sep levelItem) (int, error) { + if len(s) < minSensLen || levelItem(s[0]) != sep { + return 0, ErrLevelSyntax + } + const bitSize = 31 // Make sure the result fits into signed int32. + val, err := strconv.ParseUint(s[1:], 10, bitSize) + if err != nil { + return 0, err + } + + return int(val), nil +} + +// parseLevel fills a level from a string that contains +// a sensitivity and categories +func (l *level) parseLevel(levelStr string) error { + lvl := strings.SplitN(levelStr, ":", 2) + sens, err := parseLevelItem(lvl[0], sensitivity) + if err != nil { + return fmt.Errorf("failed to parse sensitivity: %w", err) + } + l.sens = sens + if len(lvl) > 1 { + cats, err := catsToBitset(lvl[1]) + if err != nil { + return fmt.Errorf("failed to parse categories: %w", err) + } + l.cats = cats + } + + return nil +} + +// rangeStrToMLSRange marshals a string representation of a range. +func rangeStrToMLSRange(rangeStr string) (*mlsRange, error) { + r := &mlsRange{} + l := strings.SplitN(rangeStr, "-", 2) + + switch len(l) { + // rangeStr that has a low and a high level, e.g. s4:c0.c1023-s6:c0.c1023 + case 2: + r.high = &level{} + if err := r.high.parseLevel(l[1]); err != nil { + return nil, fmt.Errorf("failed to parse high level %q: %w", l[1], err) + } + fallthrough + // rangeStr that is single level, e.g. s6:c0,c3,c5,c30.c1023 + case 1: + r.low = &level{} + if err := r.low.parseLevel(l[0]); err != nil { + return nil, fmt.Errorf("failed to parse low level %q: %w", l[0], err) + } + } + + if r.high == nil { + r.high = r.low + } + + return r, nil +} + +// bitsetToStr takes a category bitset and returns it in the +// canonical selinux syntax +func bitsetToStr(c *big.Int) string { + var str string + + length := 0 + i0 := int(c.TrailingZeroBits()) //#nosec G115 -- don't expect TralingZeroBits to return values with highest bit set. + for i := i0; i < c.BitLen(); i++ { + if c.Bit(i) == 0 { + continue + } + if length == 0 { + if str != "" { + str += "," + } + str += "c" + strconv.Itoa(i) + } + if c.Bit(i+1) == 1 { + length++ + continue + } + if length == 1 { + str += ",c" + strconv.Itoa(i) + } else if length > 1 { + str += ".c" + strconv.Itoa(i) + } + length = 0 + } + + return str +} + +func (l *level) equal(l2 *level) bool { + if l2 == nil || l == nil { + return l == l2 + } + if l2.sens != l.sens { + return false + } + if l2.cats == nil || l.cats == nil { + return l2.cats == l.cats + } + return l.cats.Cmp(l2.cats) == 0 +} + +// String returns an mlsRange as a string. +func (m mlsRange) String() string { + low := "s" + strconv.Itoa(m.low.sens) + if m.low.cats != nil && m.low.cats.BitLen() > 0 { + low += ":" + bitsetToStr(m.low.cats) + } + + if m.low.equal(m.high) { + return low + } + + high := "s" + strconv.Itoa(m.high.sens) + if m.high.cats != nil && m.high.cats.BitLen() > 0 { + high += ":" + bitsetToStr(m.high.cats) + } + + return low + "-" + high +} + +// TODO: remove these in favor of built-in min/max +// once we stop supporting Go < 1.21. +func maxInt(a, b int) int { + if a > b { + return a + } + return b +} + +func minInt(a, b int) int { + if a < b { + return a + } + return b +} + +// calculateGlbLub computes the glb (greatest lower bound) and lub (least upper bound) +// of a source and target range. +// The glblub is calculated as the greater of the low sensitivities and +// the lower of the high sensitivities and the and of each category bitset. +func calculateGlbLub(sourceRange, targetRange string) (string, error) { + s, err := rangeStrToMLSRange(sourceRange) + if err != nil { + return "", err + } + t, err := rangeStrToMLSRange(targetRange) + if err != nil { + return "", err + } + + if s.high.sens < t.low.sens || t.high.sens < s.low.sens { + /* these ranges have no common sensitivities */ + return "", ErrIncomparable + } + + outrange := &mlsRange{low: &level{}, high: &level{}} + + /* take the greatest of the low */ + outrange.low.sens = maxInt(s.low.sens, t.low.sens) + + /* take the least of the high */ + outrange.high.sens = minInt(s.high.sens, t.high.sens) + + /* find the intersecting categories */ + if s.low.cats != nil && t.low.cats != nil { + outrange.low.cats = new(big.Int) + outrange.low.cats.And(s.low.cats, t.low.cats) + } + if s.high.cats != nil && t.high.cats != nil { + outrange.high.cats = new(big.Int) + outrange.high.cats.And(s.high.cats, t.high.cats) + } + + return outrange.String(), nil +} + +func readWriteCon(fpath string, val string) (string, error) { + if fpath == "" { + return "", ErrEmptyPath + } + f, err := os.OpenFile(fpath, os.O_RDWR, 0) + if err != nil { + return "", err + } + defer f.Close() + + _, err = f.Write([]byte(val)) + if err != nil { + return "", err + } + + return readConFd(f) +} + +// peerLabel retrieves the label of the client on the other side of a socket +func peerLabel(fd uintptr) (string, error) { + l, err := unix.GetsockoptString(int(fd), unix.SOL_SOCKET, unix.SO_PEERSEC) + if err != nil { + return "", &os.PathError{Op: "getsockopt", Path: "fd " + strconv.Itoa(int(fd)), Err: err} + } + return l, nil +} + +// setKeyLabel takes a process label and tells the kernel to assign the +// label to the next kernel keyring that gets created +func setKeyLabel(label string) error { + // Rather than using /proc/thread-self, we want to use /proc/self to + // operate on the thread-group leader. + err := writeConSelf("attr/keycreate", label) + if errors.Is(err, os.ErrNotExist) { + return nil + } + if label == "" && errors.Is(err, os.ErrPermission) { + return nil + } + if errors.Is(err, unix.EACCES) && unix.Getpid() != unix.Gettid() { + return ErrNotTGLeader + } + return err +} + +// KeyLabel retrieves the current kernel keyring label setting for this +// thread-group. +func keyLabel() (string, error) { + // Rather than using /proc/thread-self, we want to use /proc/self to + // operate on the thread-group leader. + return readConSelf("attr/keycreate") +} + +// get returns the Context as a string +func (c Context) get() string { + if l := c["level"]; l != "" { + return c["user"] + ":" + c["role"] + ":" + c["type"] + ":" + l + } + return c["user"] + ":" + c["role"] + ":" + c["type"] +} + +// newContext creates a new Context struct from the specified label +func newContext(label string) (Context, error) { + c := make(Context) + + if len(label) != 0 { + con := strings.SplitN(label, ":", 4) + if len(con) < 3 { + return c, ErrInvalidLabel + } + c["user"] = con[0] + c["role"] = con[1] + c["type"] = con[2] + if len(con) > 3 { + c["level"] = con[3] + } + } + return c, nil +} + +// clearLabels clears all reserved labels +func clearLabels() { + state.Lock() + state.mcsList = make(map[string]bool) + state.Unlock() +} + +// reserveLabel reserves the MLS/MCS level component of the specified label +func reserveLabel(label string) { + if len(label) != 0 { + con := strings.SplitN(label, ":", 4) + if len(con) > 3 { + _ = mcsAdd(con[3]) + } + } +} + +func selinuxEnforcePath() string { + return filepath.Join(getSelinuxMountPoint(), "enforce") +} + +// isMLSEnabled checks if MLS is enabled. +func isMLSEnabled() bool { + enabledB, err := os.ReadFile(filepath.Join(getSelinuxMountPoint(), "mls")) + if err != nil { + return false + } + return bytes.Equal(enabledB, []byte{'1'}) +} + +// enforceMode returns the current SELinux mode Enforcing, Permissive, Disabled +func enforceMode() int { + var enforce int + + enforceB, err := os.ReadFile(selinuxEnforcePath()) + if err != nil { + return -1 + } + enforce, err = strconv.Atoi(string(enforceB)) + if err != nil { + return -1 + } + return enforce +} + +// setEnforceMode sets the current SELinux mode Enforcing, Permissive. +// Disabled is not valid, since this needs to be set at boot time. +func setEnforceMode(mode int) error { + return os.WriteFile(selinuxEnforcePath(), []byte(strconv.Itoa(mode)), 0) +} + +// defaultEnforceMode returns the systems default SELinux mode Enforcing, +// Permissive or Disabled. Note this is just the default at boot time. +// EnforceMode tells you the systems current mode. +func defaultEnforceMode() int { + switch readConfig(selinuxTag) { + case "enforcing": + return Enforcing + case "permissive": + return Permissive + } + return Disabled +} + +func mcsAdd(mcs string) error { + if mcs == "" { + return nil + } + state.Lock() + defer state.Unlock() + if state.mcsList[mcs] { + return ErrMCSAlreadyExists + } + state.mcsList[mcs] = true + return nil +} + +func mcsDelete(mcs string) { + if mcs == "" { + return + } + state.Lock() + defer state.Unlock() + state.mcsList[mcs] = false +} + +func intToMcs(id int, catRange uint32) string { + var ( + SETSIZE = int(catRange) + TIER = SETSIZE + ORD = id + ) + + if id < 1 || id > 523776 { + return "" + } + + for ORD > TIER { + ORD -= TIER + TIER-- + } + TIER = SETSIZE - TIER + ORD += TIER + return fmt.Sprintf("s0:c%d,c%d", TIER, ORD) +} + +func uniqMcs(catRange uint32) string { + var ( + n uint32 + c1, c2 uint32 + mcs string + ) + + for { + _ = binary.Read(rand.Reader, binary.LittleEndian, &n) + c1 = n % catRange + _ = binary.Read(rand.Reader, binary.LittleEndian, &n) + c2 = n % catRange + if c1 == c2 { + continue + } else if c1 > c2 { + c1, c2 = c2, c1 + } + mcs = fmt.Sprintf("s0:c%d,c%d", c1, c2) + if err := mcsAdd(mcs); err != nil { + continue + } + break + } + return mcs +} + +// releaseLabel un-reserves the MLS/MCS Level field of the specified label, +// allowing it to be used by another process. +func releaseLabel(label string) { + if len(label) != 0 { + con := strings.SplitN(label, ":", 4) + if len(con) > 3 { + mcsDelete(con[3]) + } + } +} + +// roFileLabel returns the specified SELinux readonly file label +func roFileLabel() string { + return readOnlyFileLabel +} + +func openContextFile() (*os.File, error) { + if f, err := os.Open(contextFile); err == nil { + return f, nil + } + return os.Open(filepath.Join(policyRoot(), "contexts", "lxc_contexts")) +} + +func loadLabels() { + labels = make(map[string]string) + in, err := openContextFile() + if err != nil { + return + } + defer in.Close() + + scanner := bufio.NewScanner(in) + + for scanner.Scan() { + line := bytes.TrimSpace(scanner.Bytes()) + if len(line) == 0 { + // Skip blank lines + continue + } + if line[0] == ';' || line[0] == '#' { + // Skip comments + continue + } + fields := bytes.SplitN(line, []byte{'='}, 2) + if len(fields) != 2 { + continue + } + key, val := bytes.TrimSpace(fields[0]), bytes.TrimSpace(fields[1]) + labels[string(key)] = string(bytes.Trim(val, `"`)) + } + + con, _ := NewContext(labels["file"]) + con["level"] = fmt.Sprintf("s0:c%d,c%d", maxCategory-2, maxCategory-1) + privContainerMountLabel = con.get() + reserveLabel(privContainerMountLabel) +} + +func label(key string) string { + loadLabelsOnce.Do(func() { + loadLabels() + }) + return labels[key] +} + +// kvmContainerLabels returns the default processLabel and mountLabel to be used +// for kvm containers by the calling process. +func kvmContainerLabels() (string, string) { + processLabel := label("kvm_process") + if processLabel == "" { + processLabel = label("process") + } + + return addMcs(processLabel, label("file")) +} + +// initContainerLabels returns the default processLabel and file labels to be +// used for containers running an init system like systemd by the calling process. +func initContainerLabels() (string, string) { + processLabel := label("init_process") + if processLabel == "" { + processLabel = label("process") + } + + return addMcs(processLabel, label("file")) +} + +// containerLabels returns an allocated processLabel and fileLabel to be used for +// container labeling by the calling process. +func containerLabels() (processLabel string, fileLabel string) { + if !getEnabled() { + return "", "" + } + + processLabel = label("process") + fileLabel = label("file") + readOnlyFileLabel = label("ro_file") + + if processLabel == "" || fileLabel == "" { + return "", fileLabel + } + + if readOnlyFileLabel == "" { + readOnlyFileLabel = fileLabel + } + + return addMcs(processLabel, fileLabel) +} + +func addMcs(processLabel, fileLabel string) (string, string) { + scon, _ := NewContext(processLabel) + if scon["level"] != "" { + mcs := uniqMcs(CategoryRange) + scon["level"] = mcs + processLabel = scon.Get() + scon, _ = NewContext(fileLabel) + scon["level"] = mcs + fileLabel = scon.Get() + } + return processLabel, fileLabel +} + +// securityCheckContext validates that the SELinux label is understood by the kernel +func securityCheckContext(val string) error { + return os.WriteFile(filepath.Join(getSelinuxMountPoint(), "context"), []byte(val), 0) +} + +// copyLevel returns a label with the MLS/MCS level from src label replaced on +// the dest label. +func copyLevel(src, dest string) (string, error) { + if src == "" { + return "", nil + } + if err := SecurityCheckContext(src); err != nil { + return "", err + } + if err := SecurityCheckContext(dest); err != nil { + return "", err + } + scon, err := NewContext(src) + if err != nil { + return "", err + } + tcon, err := NewContext(dest) + if err != nil { + return "", err + } + mcsDelete(tcon["level"]) + _ = mcsAdd(scon["level"]) + tcon["level"] = scon["level"] + return tcon.Get(), nil +} + +// chcon changes the fpath file object to the SELinux label. +// If fpath is a directory and recurse is true, then chcon walks the +// directory tree setting the label. +func chcon(fpath string, label string, recurse bool) error { + if fpath == "" { + return ErrEmptyPath + } + if label == "" { + return nil + } + + excludePaths := map[string]bool{ + "/": true, + "/bin": true, + "/boot": true, + "/dev": true, + "/etc": true, + "/etc/passwd": true, + "/etc/pki": true, + "/etc/shadow": true, + "/home": true, + "/lib": true, + "/lib64": true, + "/media": true, + "/opt": true, + "/proc": true, + "/root": true, + "/run": true, + "/sbin": true, + "/srv": true, + "/sys": true, + "/tmp": true, + "/usr": true, + "/var": true, + "/var/lib": true, + "/var/log": true, + } + + if home := os.Getenv("HOME"); home != "" { + excludePaths[home] = true + } + + if sudoUser := os.Getenv("SUDO_USER"); sudoUser != "" { + if usr, err := user.Lookup(sudoUser); err == nil { + excludePaths[usr.HomeDir] = true + } + } + + if fpath != "/" { + fpath = strings.TrimSuffix(fpath, "/") + } + if excludePaths[fpath] { + return fmt.Errorf("SELinux relabeling of %s is not allowed", fpath) + } + + if !recurse { + err := lSetFileLabel(fpath, label) + if err != nil { + // Check if file doesn't exist, must have been removed + if errors.Is(err, os.ErrNotExist) { + return nil + } + // Check if current label is correct on disk + flabel, nerr := lFileLabel(fpath) + if nerr == nil && flabel == label { + return nil + } + // Check if file doesn't exist, must have been removed + if errors.Is(nerr, os.ErrNotExist) { + return nil + } + return err + } + return nil + } + + return rchcon(fpath, label) +} + +func rchcon(fpath, label string) error { //revive:disable:cognitive-complexity + fastMode := false + // If the current label matches the new label, assume + // other labels are correct. + if cLabel, err := lFileLabel(fpath); err == nil && cLabel == label { + fastMode = true + } + return pwalkdir.Walk(fpath, func(p string, _ fs.DirEntry, _ error) error { + if fastMode { + if cLabel, err := lFileLabel(p); err == nil && cLabel == label { + return nil + } + } + err := lSetFileLabel(p, label) + // Walk a file tree can race with removal, so ignore ENOENT. + if errors.Is(err, os.ErrNotExist) { + return nil + } + return err + }) +} + +// dupSecOpt takes an SELinux process label and returns security options that +// can be used to set the SELinux Type and Level for future container processes. +func dupSecOpt(src string) ([]string, error) { + if src == "" { + return nil, nil + } + con, err := NewContext(src) + if err != nil { + return nil, err + } + if con["user"] == "" || + con["role"] == "" || + con["type"] == "" { + return nil, nil + } + dup := []string{ + "user:" + con["user"], + "role:" + con["role"], + "type:" + con["type"], + } + + if con["level"] != "" { + dup = append(dup, "level:"+con["level"]) + } + + return dup, nil +} + +// findUserInContext scans the reader for a valid SELinux context +// match that is verified with the verifier. Invalid contexts are +// skipped. It returns a matched context or an empty string if no +// match is found. If a scanner error occurs, it is returned. +func findUserInContext(context Context, r io.Reader, verifier func(string) error) (string, error) { + fromRole := context["role"] + fromType := context["type"] + scanner := bufio.NewScanner(r) + + for scanner.Scan() { + fromConns := strings.Fields(scanner.Text()) + if len(fromConns) == 0 { + // Skip blank lines + continue + } + + line := fromConns[0] + + if line[0] == ';' || line[0] == '#' { + // Skip comments + continue + } + + // user context files contexts are formatted as + // role_r:type_t:s0 where the user is missing. + lineArr := strings.SplitN(line, ":", 4) + // skip context with typo, or role and type do not match + if len(lineArr) != 3 || + lineArr[0] != fromRole || + lineArr[1] != fromType { + continue + } + + for _, cc := range fromConns[1:] { + toConns := strings.SplitN(cc, ":", 4) + if len(toConns) != 3 { + continue + } + + context["role"] = toConns[0] + context["type"] = toConns[1] + + outConn := context.get() + if err := verifier(outConn); err != nil { + continue + } + + return outConn, nil + } + } + if err := scanner.Err(); err != nil { + return "", fmt.Errorf("failed to scan for context: %w", err) + } + + return "", nil +} + +func getDefaultContextFromReaders(c *defaultSECtx) (string, error) { + if c.verifier == nil { + return "", ErrVerifierNil + } + + context, err := newContext(c.scon) + if err != nil { + return "", fmt.Errorf("failed to create label for %s: %w", c.scon, err) + } + + // set so the verifier validates the matched context with the provided user and level. + context["user"] = c.user + context["level"] = c.level + + conn, err := findUserInContext(context, c.userRdr, c.verifier) + if err != nil { + return "", err + } + + if conn != "" { + return conn, nil + } + + conn, err = findUserInContext(context, c.defaultRdr, c.verifier) + if err != nil { + return "", err + } + + if conn != "" { + return conn, nil + } + + return "", fmt.Errorf("context %q not found: %w", c.scon, ErrContextMissing) +} + +func getDefaultContextWithLevel(user, level, scon string) (string, error) { + userPath := filepath.Join(policyRoot(), selinuxUsersDir, user) + fu, err := os.Open(userPath) + if err != nil { + return "", err + } + defer fu.Close() + + defaultPath := filepath.Join(policyRoot(), defaultContexts) + fd, err := os.Open(defaultPath) + if err != nil { + return "", err + } + defer fd.Close() + + c := defaultSECtx{ + user: user, + level: level, + scon: scon, + userRdr: fu, + defaultRdr: fd, + verifier: securityCheckContext, + } + + return getDefaultContextFromReaders(&c) +} diff --git a/internal/third_party/selinux/go-selinux/selinux_linux_test.go b/internal/third_party/selinux/go-selinux/selinux_linux_test.go new file mode 100644 index 00000000000..71aa0b82cc6 --- /dev/null +++ b/internal/third_party/selinux/go-selinux/selinux_linux_test.go @@ -0,0 +1,711 @@ +package selinux + +import ( + "bufio" + "bytes" + "errors" + "fmt" + "os" + "path/filepath" + "runtime" + "strconv" + "strings" + "testing" + + "golang.org/x/sys/unix" +) + +func TestSetFileLabel(t *testing.T) { + if !GetEnabled() { + t.Skip("SELinux not enabled, skipping.") + } + + const ( + tmpFile = "selinux_test" + tmpLink = "selinux_test_link" + con = "system_u:object_r:bin_t:s0:c1,c2" + con2 = "system_u:object_r:bin_t:s0:c3,c4" + ) + + _ = os.Remove(tmpFile) + out, err := os.OpenFile(tmpFile, os.O_WRONLY|os.O_CREATE, 0) + if err != nil { + t.Fatal(err) + } + out.Close() + defer os.Remove(tmpFile) + + _ = os.Remove(tmpLink) + if err := os.Symlink(tmpFile, tmpLink); err != nil { + t.Fatal(err) + } + defer os.Remove(tmpLink) + + if err := SetFileLabel(tmpLink, con); err != nil { + t.Fatalf("SetFileLabel failed: %s", err) + } + filelabel, err := FileLabel(tmpLink) + if err != nil { + t.Fatalf("FileLabel failed: %s", err) + } + if filelabel != con { + t.Fatalf("FileLabel failed, returned %s expected %s", filelabel, con) + } + + // Using LfileLabel to verify that the symlink itself is not labeled. + linkLabel, err := LfileLabel(tmpLink) + if err != nil { + t.Fatalf("LfileLabel failed: %s", err) + } + if linkLabel == con { + t.Fatalf("Label on symlink should not be set, got: %q", linkLabel) + } + + // Use LsetFileLabel to set a label on the symlink itself. + if err := LsetFileLabel(tmpLink, con2); err != nil { + t.Fatalf("LsetFileLabel failed: %s", err) + } + filelabel, err = FileLabel(tmpFile) + if err != nil { + t.Fatalf("FileLabel failed: %s", err) + } + if filelabel != con { + t.Fatalf("FileLabel was updated, returned %s expected %s", filelabel, con) + } + + linkLabel, err = LfileLabel(tmpLink) + if err != nil { + t.Fatalf("LfileLabel failed: %s", err) + } + if linkLabel != con2 { + t.Fatalf("LfileLabel failed: returned %s expected %s", linkLabel, con2) + } +} + +func TestKVMLabels(t *testing.T) { + if !GetEnabled() { + t.Skip("SELinux not enabled, skipping.") + } + + plabel, flabel := KVMContainerLabels() + if plabel == "" { + t.Log("Failed to read kvm label") + } + t.Log(plabel) + t.Log(flabel) + if _, err := CanonicalizeContext(plabel); err != nil { + t.Fatal(err) + } + if _, err := CanonicalizeContext(flabel); err != nil { + t.Fatal(err) + } + + ReleaseLabel(plabel) +} + +func TestInitLabels(t *testing.T) { + if !GetEnabled() { + t.Skip("SELinux not enabled, skipping.") + } + + plabel, flabel := InitContainerLabels() + if plabel == "" { + t.Log("Failed to read init label") + } + t.Log(plabel) + t.Log(flabel) + if _, err := CanonicalizeContext(plabel); err != nil { + t.Fatal(err) + } + if _, err := CanonicalizeContext(flabel); err != nil { + t.Fatal(err) + } + ReleaseLabel(plabel) +} + +func TestDuplicateLabel(t *testing.T) { + secopt, err := DupSecOpt("system_u:system_r:container_t:s0:c1,c2") + if err != nil { + t.Fatalf("DupSecOpt: %v", err) + } + for _, opt := range secopt { + con := strings.SplitN(opt, ":", 2) + if con[0] == "user" { + if con[1] != "system_u" { + t.Errorf("DupSecOpt Failed user incorrect") + } + continue + } + if con[0] == "role" { + if con[1] != "system_r" { + t.Errorf("DupSecOpt Failed role incorrect") + } + continue + } + if con[0] == "type" { + if con[1] != "container_t" { + t.Errorf("DupSecOpt Failed type incorrect") + } + continue + } + if con[0] == "level" { + if con[1] != "s0:c1,c2" { + t.Errorf("DupSecOpt Failed level incorrect") + } + continue + } + t.Errorf("DupSecOpt failed: invalid field %q", con[0]) + } + secopt = DisableSecOpt() + if secopt[0] != "disable" { + t.Errorf(`DisableSecOpt failed: want "disable", got %q`, secopt[0]) + } +} + +func TestSELinuxNoLevel(t *testing.T) { + if !GetEnabled() { + t.Skip("SELinux not enabled, skipping.") + } + + tlabel := "system_u:system_r:container_t" + dup, err := DupSecOpt(tlabel) + if err != nil { + t.Fatal(err) + } + + if len(dup) != 3 { + t.Errorf("DupSecOpt failed on non mls label: want 3, got %d", len(dup)) + } + con, err := NewContext(tlabel) + if err != nil { + t.Fatal(err) + } + if con.Get() != tlabel { + t.Errorf("NewContext and con.Get() failed on non mls label: want %q, got %q", tlabel, con.Get()) + } +} + +func TestSocketLabel(t *testing.T) { + if !GetEnabled() { + t.Skip("SELinux not enabled, skipping.") + } + + // Ensure the thread stays the same for duration of the test. + // Otherwise Go runtime can switch this to a different thread, + // which results in EACCES in call to SetSocketLabel. + runtime.LockOSThread() + defer runtime.UnlockOSThread() + + label := "system_u:object_r:container_t:s0:c1,c2" + if err := SetSocketLabel(label); err != nil { + t.Fatal(err) + } + nlabel, err := SocketLabel() + if err != nil { + t.Fatal(err) + } + if label != nlabel { + t.Errorf("SocketLabel %s != %s", nlabel, label) + } +} + +func TestKeyLabel(t *testing.T) { + if !GetEnabled() { + t.Skip("SELinux not enabled, skipping.") + } + + // Ensure the thread stays the same for duration of the test. + // Otherwise Go runtime can switch this to a different thread, + // which results in EACCES in call to SetKeyLabel. + runtime.LockOSThread() + defer runtime.UnlockOSThread() + + if unix.Getpid() != unix.Gettid() { + t.Skip(ErrNotTGLeader) + } + + label := "system_u:object_r:container_t:s0:c1,c2" + if err := SetKeyLabel(label); err != nil { + t.Fatal(err) + } + nlabel, err := KeyLabel() + if err != nil { + t.Fatal(err) + } + if label != nlabel { + t.Errorf("KeyLabel: want %q, got %q", label, nlabel) + } +} + +func BenchmarkContextGet(b *testing.B) { + ctx, err := NewContext("system_u:object_r:container_file_t:s0:c1022,c1023") + if err != nil { + b.Fatal(err) + } + str := "" + for i := 0; i < b.N; i++ { + str = ctx.get() + } + b.Log(str) +} + +func TestSELinux(t *testing.T) { + if !GetEnabled() { + t.Skip("SELinux not enabled, skipping.") + } + + // Ensure the thread stays the same for duration of the test. + // Otherwise Go runtime can switch this to a different thread, + // which results in EACCES in call to SetFSCreateLabel. + runtime.LockOSThread() + defer runtime.UnlockOSThread() + + var ( + err error + plabel, flabel string + ) + + plabel, flabel = ContainerLabels() + t.Log(plabel) + t.Log(flabel) + plabel, flabel = ContainerLabels() + t.Log(plabel) + t.Log(flabel) + ReleaseLabel(plabel) + + plabel, flabel = ContainerLabels() + t.Log(plabel) + t.Log(flabel) + ClearLabels() + t.Log("ClearLabels") + plabel, flabel = ContainerLabels() + t.Log(plabel) + t.Log(flabel) + ReleaseLabel(plabel) + + pid := os.Getpid() + t.Logf("PID:%d MCS:%s", pid, intToMcs(pid, 1023)) + err = SetFSCreateLabel("unconfined_u:unconfined_r:unconfined_t:s0") + if err != nil { + t.Fatal("SetFSCreateLabel failed:", err) + } + t.Log(FSCreateLabel()) + err = SetFSCreateLabel("") + if err != nil { + t.Fatal("SetFSCreateLabel failed:", err) + } + t.Log(FSCreateLabel()) + t.Log(PidLabel(1)) +} + +func TestSetEnforceMode(t *testing.T) { + if !GetEnabled() { + t.Skip("SELinux not enabled, skipping.") + } + if os.Geteuid() != 0 { + t.Skip("root required, skipping") + } + + t.Log("Enforcing Mode:", EnforceMode()) + mode := DefaultEnforceMode() + t.Log("Default Enforce Mode:", mode) + defer func() { + _ = SetEnforceMode(mode) + }() + + if err := SetEnforceMode(Enforcing); err != nil { + t.Fatalf("setting selinux mode to enforcing failed: %v", err) + } + if err := SetEnforceMode(Permissive); err != nil { + t.Fatalf("setting selinux mode to permissive failed: %v", err) + } +} + +func TestCanonicalizeContext(t *testing.T) { + if !GetEnabled() { + t.Skip("SELinux not enabled, skipping.") + } + + con := "system_u:object_r:bin_t:s0:c1,c2,c3" + checkcon := "system_u:object_r:bin_t:s0:c1.c3" + newcon, err := CanonicalizeContext(con) + if err != nil { + t.Fatal(err) + } + if newcon != checkcon { + t.Fatalf("CanonicalizeContext(%s) returned %s expected %s", con, newcon, checkcon) + } + con = "system_u:object_r:bin_t:s0:c5,c2" + checkcon = "system_u:object_r:bin_t:s0:c2,c5" + newcon, err = CanonicalizeContext(con) + if err != nil { + t.Fatal(err) + } + if newcon != checkcon { + t.Fatalf("CanonicalizeContext(%s) returned %s expected %s", con, newcon, checkcon) + } +} + +func TestFindSELinuxfsInMountinfo(t *testing.T) { + //nolint:dupword // ignore duplicate words (sysfs sysfs) + const mountinfo = `18 62 0:17 / /sys rw,nosuid,nodev,noexec,relatime shared:6 - sysfs sysfs rw,seclabel +19 62 0:3 / /proc rw,nosuid,nodev,noexec,relatime shared:5 - proc proc rw +20 62 0:5 / /dev rw,nosuid shared:2 - devtmpfs devtmpfs rw,seclabel,size=3995472k,nr_inodes=998868,mode=755 +21 18 0:16 / /sys/kernel/security rw,nosuid,nodev,noexec,relatime shared:7 - securityfs securityfs rw +22 20 0:18 / /dev/shm rw,nosuid,nodev shared:3 - tmpfs tmpfs rw,seclabel +23 20 0:11 / /dev/pts rw,nosuid,noexec,relatime shared:4 - devpts devpts rw,seclabel,gid=5,mode=620,ptmxmode=000 +24 62 0:19 / /run rw,nosuid,nodev shared:23 - tmpfs tmpfs rw,seclabel,mode=755 +25 18 0:20 / /sys/fs/cgroup ro,nosuid,nodev,noexec shared:8 - tmpfs tmpfs ro,seclabel,mode=755 +26 25 0:21 / /sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime shared:9 - cgroup cgroup rw,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd +27 18 0:22 / /sys/fs/pstore rw,nosuid,nodev,noexec,relatime shared:20 - pstore pstore rw +28 25 0:23 / /sys/fs/cgroup/perf_event rw,nosuid,nodev,noexec,relatime shared:10 - cgroup cgroup rw,perf_event +29 25 0:24 / /sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime shared:11 - cgroup cgroup rw,devices +30 25 0:25 / /sys/fs/cgroup/cpu,cpuacct rw,nosuid,nodev,noexec,relatime shared:12 - cgroup cgroup rw,cpuacct,cpu +31 25 0:26 / /sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime shared:13 - cgroup cgroup rw,freezer +32 25 0:27 / /sys/fs/cgroup/net_cls,net_prio rw,nosuid,nodev,noexec,relatime shared:14 - cgroup cgroup rw,net_prio,net_cls +33 25 0:28 / /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime shared:15 - cgroup cgroup rw,cpuset +34 25 0:29 / /sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime shared:16 - cgroup cgroup rw,memory +35 25 0:30 / /sys/fs/cgroup/pids rw,nosuid,nodev,noexec,relatime shared:17 - cgroup cgroup rw,pids +36 25 0:31 / /sys/fs/cgroup/hugetlb rw,nosuid,nodev,noexec,relatime shared:18 - cgroup cgroup rw,hugetlb +37 25 0:32 / /sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime shared:19 - cgroup cgroup rw,blkio +59 18 0:33 / /sys/kernel/config rw,relatime shared:21 - configfs configfs rw +62 1 253:1 / / rw,relatime shared:1 - ext4 /dev/vda1 rw,seclabel,data=ordered +38 18 0:15 / /sys/fs/selinux rw,relatime shared:22 - selinuxfs selinuxfs rw +39 19 0:35 / /proc/sys/fs/binfmt_misc rw,relatime shared:24 - autofs systemd-1 rw,fd=29,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=11601 +40 20 0:36 / /dev/hugepages rw,relatime shared:25 - hugetlbfs hugetlbfs rw,seclabel +41 20 0:14 / /dev/mqueue rw,relatime shared:26 - mqueue mqueue rw,seclabel +42 18 0:6 / /sys/kernel/debug rw,relatime shared:27 - debugfs debugfs rw +112 62 253:1 /var/lib/docker/plugins /var/lib/docker/plugins rw,relatime - ext4 /dev/vda1 rw,seclabel,data=ordered +115 62 253:1 /var/lib/docker/overlay2 /var/lib/docker/overlay2 rw,relatime - ext4 /dev/vda1 rw,seclabel,data=ordered +118 62 7:0 / /root/mnt rw,relatime shared:66 - ext4 /dev/loop0 rw,seclabel,data=ordered +121 115 0:38 / /var/lib/docker/overlay2/8cdbabf81bc89b14ea54eaf418c1922068f06917fff57e184aa26541ff291073/merged rw,relatime - overlay overlay rw,seclabel,lowerdir=/var/lib/docker/overlay2/l/CPD4XI7UD4GGTGSJVPQSHWZKTK:/var/lib/docker/overlay2/l/NQKORR3IS7KNQDER35AZECLH4Z,upperdir=/var/lib/docker/overlay2/8cdbabf81bc89b14ea54eaf418c1922068f06917fff57e184aa26541ff291073/diff,workdir=/var/lib/docker/overlay2/8cdbabf81bc89b14ea54eaf418c1922068f06917fff57e184aa26541ff291073/work +125 62 0:39 / /var/lib/docker/containers/5e3fce422957c291a5b502c2cf33d512fc1fcac424e4113136c808360e5b7215/shm rw,nosuid,nodev,noexec,relatime shared:68 - tmpfs shm rw,seclabel,size=65536k +186 24 0:3 / /run/docker/netns/0a08e7496c6d rw,nosuid,nodev,noexec,relatime shared:5 - proc proc rw +130 62 0:15 / /root/chroot/selinux rw,relatime shared:22 - selinuxfs selinuxfs rw +109 24 0:37 / /run/user/0 rw,nosuid,nodev,relatime shared:62 - tmpfs tmpfs rw,seclabel,size=801032k,mode=700 +` + s := bufio.NewScanner(bytes.NewBuffer([]byte(mountinfo))) + for _, expected := range []string{"/sys/fs/selinux", "/root/chroot/selinux", ""} { + mnt := findSELinuxfsMount(s) + t.Logf("found %q", mnt) + if mnt != expected { + t.Fatalf("expected %q, got %q", expected, mnt) + } + } +} + +func TestSecurityCheckContext(t *testing.T) { + if !GetEnabled() { + t.Skip("SELinux not enabled, skipping.") + } + + // check with valid context + context, err := CurrentLabel() + if err != nil { + t.Fatalf("CurrentLabel() error: %v", err) + } + if context != "" { + t.Logf("SecurityCheckContext(%q)", context) + err = SecurityCheckContext(context) + if err != nil { + t.Errorf("SecurityCheckContext(%q) error: %v", context, err) + } + } + + context = "not-syntactically-valid" + err = SecurityCheckContext(context) + if err == nil { + t.Errorf("SecurityCheckContext(%q) succeeded, expected to fail", context) + } +} + +func TestClassIndex(t *testing.T) { + if !GetEnabled() { + t.Skip("SELinux not enabled, skipping.") + } + + idx, err := ClassIndex("process") + if err != nil { + t.Errorf("Classindex error: %v", err) + } + // Every known policy has process as index 2, but it isn't guaranteed + if idx != 2 { + t.Errorf("ClassIndex unexpected answer %d, possibly not reference policy", idx) + } + + _, err = ClassIndex("foobar") + if err == nil { + t.Errorf("ClassIndex(\"foobar\") succeeded, expected to fail:") + } +} + +func TestComputeCreateContext(t *testing.T) { + if !GetEnabled() { + t.Skip("SELinux not enabled, skipping.") + } + + // This may or may not be in the loaded policy but any refpolicy based policy should have it + init := "system_u:system_r:init_t:s0" + tmp := "system_u:object_r:tmp_t:s0" + file := "file" + t.Logf("ComputeCreateContext(%s, %s, %s)", init, tmp, file) + context, err := ComputeCreateContext(init, tmp, file) + if err != nil { + t.Errorf("ComputeCreateContext error: %v", err) + } + if context != "system_u:object_r:init_tmp_t:s0" { + t.Errorf("ComputeCreateContext unexpected answer %s, possibly not reference policy", context) + } + + badcon := "badcon" + process := "process" + // Test to ensure that a bad context returns an error + t.Logf("ComputeCreateContext(%s, %s, %s)", badcon, tmp, process) + _, err = ComputeCreateContext(badcon, tmp, process) + if err == nil { + t.Errorf("ComputeCreateContext(%s, %s, %s) succeeded, expected failure", badcon, tmp, process) + } +} + +func TestGlbLub(t *testing.T) { + tests := []struct { + expectedErr error + sourceRange string + targetRange string + expectedRange string + }{ + { + sourceRange: "s0:c0.c100-s10:c0.c150", + targetRange: "s5:c50.c100-s15:c0.c149", + expectedRange: "s5:c50.c100-s10:c0.c149", + }, + { + sourceRange: "s5:c50.c100-s15:c0.c149", + targetRange: "s0:c0.c100-s10:c0.c150", + expectedRange: "s5:c50.c100-s10:c0.c149", + }, + { + sourceRange: "s0:c0.c100-s10:c0.c150", + targetRange: "s0", + expectedRange: "s0", + }, + { + sourceRange: "s6:c0.c1023", + targetRange: "s6:c0,c2,c11,c201.c429,c431.c511", + expectedRange: "s6:c0,c2,c11,c201.c429,c431.c511", + }, + { + sourceRange: "s0-s15:c0.c1023", + targetRange: "s6:c0,c2,c11,c201.c429,c431.c511", + expectedRange: "s6-s6:c0,c2,c11,c201.c429,c431.c511", + }, + { + sourceRange: "s0:c0.c100,c125,c140,c150-s10", + targetRange: "s4:c0.c50,c140", + expectedRange: "s4:c0.c50,c140-s4", + }, + { + sourceRange: "s5:c512.c550,c552.c1023-s5:c0.c550,c552.c1023", + targetRange: "s5:c512.c550,c553.c1023-s5:c0,c1,c4,c5,c6,c512.c550,c553.c1023", + expectedRange: "s5:c512.c550,c553.c1023-s5:c0,c1,c4.c6,c512.c550,c553.c1023", + }, + { + sourceRange: "s5:c512.c540,c542,c543,c552.c1023-s5:c0.c550,c552.c1023", + targetRange: "s5:c512.c550,c553.c1023-s5:c0,c1,c4,c5,c6,c512.c550,c553.c1023", + expectedRange: "s5:c512.c540,c542,c543,c553.c1023-s5:c0,c1,c4.c6,c512.c550,c553.c1023", + }, + { + sourceRange: "s5:c50.c100-s15:c0.c149", + targetRange: "s5:c512.c550,c552.c1023-s5:c0.c550,c552.c1023", + expectedRange: "s5-s5:c0.c149", + }, + { + sourceRange: "s5-s15", + targetRange: "s6-s7", + expectedRange: "s6-s7", + }, + { + sourceRange: "s5:c50.c100-s15:c0.c149", + targetRange: "s4-s4:c0.c1023", + expectedErr: ErrIncomparable, + }, + { + sourceRange: "s4-s4:c0.c1023", + targetRange: "s5:c50.c100-s15:c0.c149", + expectedErr: ErrIncomparable, + }, + { + sourceRange: "s4-s4:c0.c1023.c10000", + targetRange: "s5:c50.c100-s15:c0.c149", + expectedErr: strconv.ErrSyntax, + }, + { + sourceRange: "s4-s4:c0.c1023.c10000-s4", + targetRange: "s5:c50.c100-s15:c0.c149-s5", + expectedErr: strconv.ErrSyntax, + }, + { + sourceRange: "4-4", + targetRange: "s5:c50.c100-s15:c0.c149", + expectedErr: ErrLevelSyntax, + }, + { + sourceRange: "t4-t4", + targetRange: "s5:c50.c100-s15:c0.c149", + expectedErr: ErrLevelSyntax, + }, + { + sourceRange: "s5:x50.x100-s15:c0.c149", + targetRange: "s5:c50.c100-s15:c0.c149", + expectedErr: ErrLevelSyntax, + }, + } + + for _, tt := range tests { + got, err := CalculateGlbLub(tt.sourceRange, tt.targetRange) + if !errors.Is(err, tt.expectedErr) { + // Go 1.13 strconv errors are not unwrappable, + // so do that manually. + // TODO remove this once we stop supporting Go 1.13. + var numErr *strconv.NumError + if errors.As(err, &numErr) && numErr.Err == tt.expectedErr { //nolint:errorlint // see above + continue + } + t.Fatalf("want %q got %q: src: %q tgt: %q", tt.expectedErr, err, tt.sourceRange, tt.targetRange) + } + + if got != tt.expectedRange { + t.Errorf("want %q got %q", tt.expectedRange, got) + } + } +} + +func TestContextWithLevel(t *testing.T) { + want := "bob:sysadm_r:sysadm_t:SystemLow-SystemHigh" + + goodDefaultBuff := ` +foo_r:foo_t:s0 sysadm_r:sysadm_t:s0 +staff_r:staff_t:s0 baz_r:baz_t:s0 sysadm_r:sysadm_t:s0 +` + + verifier := func(con string) error { + if con != want { + return fmt.Errorf("invalid context %s", con) + } + + return nil + } + + tests := []struct { + name, userBuff, defaultBuff string + }{ + { + name: "match exists in user context file", + userBuff: `# COMMENT +foo_r:foo_t:s0 sysadm_r:sysadm_t:s0 + +staff_r:staff_t:s0 baz_r:baz_t:s0 sysadm_r:sysadm_t:s0 +`, + defaultBuff: goodDefaultBuff, + }, + { + name: "match exists in default context file, but not in user file", + userBuff: `# COMMENT +foo_r:foo_t:s0 sysadm_r:sysadm_t:s0 +fake_r:fake_t:s0 baz_r:baz_t:s0 sysadm_r:sysadm_t:s0 +`, + defaultBuff: goodDefaultBuff, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + c := defaultSECtx{ + user: "bob", + level: "SystemLow-SystemHigh", + scon: "system_u:staff_r:staff_t:s0", + userRdr: bytes.NewBufferString(tt.userBuff), + defaultRdr: bytes.NewBufferString(tt.defaultBuff), + verifier: verifier, + } + + got, err := getDefaultContextFromReaders(&c) + if err != nil { + t.Fatalf("err should not exist but is: %v", err) + } + + if got != want { + t.Fatalf("got context: %q but expected %q", got, want) + } + }) + } + + t.Run("no match in user or default context files", func(t *testing.T) { + badUserBuff := "" + + badDefaultBuff := ` + foo_r:foo_t:s0 sysadm_r:sysadm_t:s0 + dne_r:dne_t:s0 baz_r:baz_t:s0 sysadm_r:sysadm_t:s0 + ` + c := defaultSECtx{ + user: "bob", + level: "SystemLow-SystemHigh", + scon: "system_u:staff_r:staff_t:s0", + userRdr: bytes.NewBufferString(badUserBuff), + defaultRdr: bytes.NewBufferString(badDefaultBuff), + verifier: verifier, + } + + _, err := getDefaultContextFromReaders(&c) + if err == nil { + t.Fatalf("err was expected") + } + }) +} + +func BenchmarkChcon(b *testing.B) { + file, err := filepath.Abs(os.Args[0]) + if err != nil { + b.Fatalf("filepath.Abs: %v", err) + } + dir := filepath.Dir(file) + con, err := FileLabel(file) + if err != nil { + b.Fatalf("FileLabel(%q): %v", file, err) + } + b.Logf("Chcon(%q, %q)", dir, con) + b.ResetTimer() + for n := 0; n < b.N; n++ { + if err := Chcon(dir, con, true); err != nil { + b.Fatal(err) + } + } +} + +func BenchmarkCurrentLabel(b *testing.B) { + var ( + l string + err error + ) + for n := 0; n < b.N; n++ { + l, err = CurrentLabel() + if err != nil { + b.Fatal(err) + } + } + b.Log(l) +} + +func BenchmarkReadConfig(b *testing.B) { + str := "" + for n := 0; n < b.N; n++ { + str = readConfig(selinuxTypeTag) + } + b.Log(str) +} + +func BenchmarkLoadLabels(b *testing.B) { + for n := 0; n < b.N; n++ { + loadLabels() + } +} diff --git a/internal/third_party/selinux/go-selinux/selinux_stub.go b/internal/third_party/selinux/go-selinux/selinux_stub.go new file mode 100644 index 00000000000..267921239c2 --- /dev/null +++ b/internal/third_party/selinux/go-selinux/selinux_stub.go @@ -0,0 +1,159 @@ +//go:build !linux +// +build !linux + +package selinux + +func attrPath(string) string { + return "" +} + +func readConThreadSelf(string) (string, error) { + return "", nil +} + +func writeConThreadSelf(string, string) error { + return nil +} + +func setDisabled() {} + +func getEnabled() bool { + return false +} + +func classIndex(string) (int, error) { + return -1, nil +} + +func setFileLabel(string, string) error { + return nil +} + +func lSetFileLabel(string, string) error { + return nil +} + +func fileLabel(string) (string, error) { + return "", nil +} + +func lFileLabel(string) (string, error) { + return "", nil +} + +func setFSCreateLabel(string) error { + return nil +} + +func fsCreateLabel() (string, error) { + return "", nil +} + +func currentLabel() (string, error) { + return "", nil +} + +func pidLabel(int) (string, error) { + return "", nil +} + +func execLabel() (string, error) { + return "", nil +} + +func canonicalizeContext(string) (string, error) { + return "", nil +} + +func computeCreateContext(string, string, string) (string, error) { + return "", nil +} + +func calculateGlbLub(string, string) (string, error) { + return "", nil +} + +func peerLabel(uintptr) (string, error) { + return "", nil +} + +func setKeyLabel(string) error { + return nil +} + +func keyLabel() (string, error) { + return "", nil +} + +func (c Context) get() string { + return "" +} + +func newContext(string) (Context, error) { + return Context{}, nil +} + +func clearLabels() { +} + +func reserveLabel(string) { +} + +func isMLSEnabled() bool { + return false +} + +func enforceMode() int { + return Disabled +} + +func setEnforceMode(int) error { + return nil +} + +func defaultEnforceMode() int { + return Disabled +} + +func releaseLabel(string) { +} + +func roFileLabel() string { + return "" +} + +func kvmContainerLabels() (string, string) { + return "", "" +} + +func initContainerLabels() (string, string) { + return "", "" +} + +func containerLabels() (string, string) { + return "", "" +} + +func securityCheckContext(string) error { + return nil +} + +func copyLevel(string, string) (string, error) { + return "", nil +} + +func chcon(string, string, bool) error { + return nil +} + +func dupSecOpt(string) ([]string, error) { + return nil, nil +} + +func getDefaultContextWithLevel(string, string, string) (string, error) { + return "", nil +} + +func label(_ string) string { + return "" +} diff --git a/internal/third_party/selinux/go-selinux/selinux_stub_test.go b/internal/third_party/selinux/go-selinux/selinux_stub_test.go new file mode 100644 index 00000000000..19ea636a49a --- /dev/null +++ b/internal/third_party/selinux/go-selinux/selinux_stub_test.go @@ -0,0 +1,127 @@ +//go:build !linux +// +build !linux + +package selinux + +import ( + "testing" +) + +const testLabel = "foobar" + +func TestSELinuxStubs(t *testing.T) { + if GetEnabled() { + t.Error("SELinux enabled on non-linux.") + } + + tmpDir := t.TempDir() + if _, err := FileLabel(tmpDir); err != nil { + t.Error(err) + } + + if err := SetFileLabel(tmpDir, testLabel); err != nil { + t.Error(err) + } + + if _, err := LfileLabel(tmpDir); err != nil { + t.Error(err) + } + if err := LsetFileLabel(tmpDir, testLabel); err != nil { + t.Error(err) + } + + if err := SetFSCreateLabel(testLabel); err != nil { + t.Error(err) + } + + if _, err := FSCreateLabel(); err != nil { + t.Error(err) + } + if _, err := CurrentLabel(); err != nil { + t.Error(err) + } + + if _, err := PidLabel(0); err != nil { + t.Error(err) + } + + ClearLabels() + + ReserveLabel(testLabel) + ReleaseLabel(testLabel) + if _, err := DupSecOpt(testLabel); err != nil { + t.Error(err) + } + if v := DisableSecOpt(); len(v) != 1 || v[0] != "disable" { + t.Errorf(`expected "disabled", got %v`, v) + } + SetDisabled() + if enabled := GetEnabled(); enabled { + t.Error("Should not be enabled") + } + if err := SetExecLabel(testLabel); err != nil { + t.Error(err) + } + if err := SetTaskLabel(testLabel); err != nil { + t.Error(err) + } + if _, err := ExecLabel(); err != nil { + t.Error(err) + } + if _, err := CanonicalizeContext(testLabel); err != nil { + t.Error(err) + } + if _, err := ComputeCreateContext("foo", "bar", testLabel); err != nil { + t.Error(err) + } + if err := SetSocketLabel(testLabel); err != nil { + t.Error(err) + } + if _, err := ClassIndex(testLabel); err != nil { + t.Error(err) + } + if _, err := SocketLabel(); err != nil { + t.Error(err) + } + if _, err := PeerLabel(0); err != nil { + t.Error(err) + } + if err := SetKeyLabel(testLabel); err != nil { + t.Error(err) + } + if _, err := KeyLabel(); err != nil { + t.Error(err) + } + if err := SetExecLabel(testLabel); err != nil { + t.Error(err) + } + if _, err := ExecLabel(); err != nil { + t.Error(err) + } + con, err := NewContext(testLabel) + if err != nil { + t.Error(err) + } + con.Get() + if err = SetEnforceMode(1); err != nil { + t.Error(err) + } + if v := DefaultEnforceMode(); v != Disabled { + t.Errorf("expected %d, got %d", Disabled, v) + } + if v := EnforceMode(); v != Disabled { + t.Errorf("expected %d, got %d", Disabled, v) + } + if v := ROFileLabel(); v != "" { + t.Errorf(`expected "", got %q`, v) + } + if processLbl, fileLbl := ContainerLabels(); processLbl != "" || fileLbl != "" { + t.Errorf(`expected fileLbl="", fileLbl="" got processLbl=%q, fileLbl=%q`, processLbl, fileLbl) + } + if err = SecurityCheckContext(testLabel); err != nil { + t.Error(err) + } + if _, err = CopyLevel("foo", "bar"); err != nil { + t.Error(err) + } +} diff --git a/internal/third_party/selinux/go-selinux/xattrs_linux.go b/internal/third_party/selinux/go-selinux/xattrs_linux.go new file mode 100644 index 00000000000..559c851075e --- /dev/null +++ b/internal/third_party/selinux/go-selinux/xattrs_linux.go @@ -0,0 +1,71 @@ +package selinux + +import ( + "golang.org/x/sys/unix" +) + +// lgetxattr returns a []byte slice containing the value of +// an extended attribute attr set for path. +func lgetxattr(path, attr string) ([]byte, error) { + // Start with a 128 length byte array + dest := make([]byte, 128) + sz, errno := doLgetxattr(path, attr, dest) + for errno == unix.ERANGE { //nolint:errorlint // unix errors are bare + // Buffer too small, use zero-sized buffer to get the actual size + sz, errno = doLgetxattr(path, attr, []byte{}) + if errno != nil { + return nil, errno + } + + dest = make([]byte, sz) + sz, errno = doLgetxattr(path, attr, dest) + } + if errno != nil { + return nil, errno + } + + return dest[:sz], nil +} + +// doLgetxattr is a wrapper that retries on EINTR +func doLgetxattr(path, attr string, dest []byte) (int, error) { + for { + sz, err := unix.Lgetxattr(path, attr, dest) + if err != unix.EINTR { + return sz, err + } + } +} + +// getxattr returns a []byte slice containing the value of +// an extended attribute attr set for path. +func getxattr(path, attr string) ([]byte, error) { + // Start with a 128 length byte array + dest := make([]byte, 128) + sz, errno := dogetxattr(path, attr, dest) + for errno == unix.ERANGE { //nolint:errorlint // unix errors are bare + // Buffer too small, use zero-sized buffer to get the actual size + sz, errno = dogetxattr(path, attr, []byte{}) + if errno != nil { + return nil, errno + } + + dest = make([]byte, sz) + sz, errno = dogetxattr(path, attr, dest) + } + if errno != nil { + return nil, errno + } + + return dest[:sz], nil +} + +// dogetxattr is a wrapper that retries on EINTR +func dogetxattr(path, attr string, dest []byte) (int, error) { + for { + sz, err := unix.Getxattr(path, attr, dest) + if err != unix.EINTR { + return sz, err + } + } +} diff --git a/internal/third_party/selinux/go.mod b/internal/third_party/selinux/go.mod new file mode 100644 index 00000000000..24d3261a942 --- /dev/null +++ b/internal/third_party/selinux/go.mod @@ -0,0 +1,8 @@ +module github.com/opencontainers/selinux + +go 1.19 + +require ( + github.com/cyphar/filepath-securejoin v0.5.0 + golang.org/x/sys v0.18.0 +) diff --git a/internal/third_party/selinux/go.sum b/internal/third_party/selinux/go.sum new file mode 100644 index 00000000000..b9ae09877a4 --- /dev/null +++ b/internal/third_party/selinux/go.sum @@ -0,0 +1,8 @@ +github.com/cyphar/filepath-securejoin v0.5.0 h1:hIAhkRBMQ8nIeuVwcAoymp7MY4oherZdAxD+m0u9zaw= +github.com/cyphar/filepath-securejoin v0.5.0/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/stretchr/testify v1.7.1 h1:5TQK59W5E3v0r2duFAb7P95B6hEeOyEnHRa8MjYSMTY= +golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= +golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= diff --git a/internal/third_party/selinux/pkg/pwalk/README.md b/internal/third_party/selinux/pkg/pwalk/README.md new file mode 100644 index 00000000000..a060ad364cd --- /dev/null +++ b/internal/third_party/selinux/pkg/pwalk/README.md @@ -0,0 +1,52 @@ +## pwalk: parallel implementation of filepath.Walk + +This is a wrapper for [filepath.Walk](https://pkg.go.dev/path/filepath?tab=doc#Walk) +which may speed it up by calling multiple callback functions (WalkFunc) in parallel, +utilizing goroutines. + +By default, it utilizes 2\*runtime.NumCPU() goroutines for callbacks. +This can be changed by using WalkN function which has the additional +parameter, specifying the number of goroutines (concurrency). + +### pwalk vs pwalkdir + +This package is deprecated in favor of +[pwalkdir](https://pkg.go.dev/github.com/opencontainers/selinux/pkg/pwalkdir), +which is faster, but requires at least Go 1.16. + +### Caveats + +Please note the following limitations of this code: + +* Unlike filepath.Walk, the order of calls is non-deterministic; + +* Only primitive error handling is supported: + + * filepath.SkipDir is not supported; + + * ErrNotExist errors from filepath.Walk are silently ignored for any path + except the top directory (Walk argument); any other error is returned to + the caller of Walk; + + * no errors are ever passed to WalkFunc; + + * once any error is returned from any WalkFunc instance, no more new calls + to WalkFunc are made, and the error is returned to the caller of Walk; + + * if more than one walkFunc instance will return an error, only one + of such errors will be propagated and returned by Walk, others + will be silently discarded. + +### Documentation + +For the official documentation, see +https://pkg.go.dev/github.com/opencontainers/selinux/pkg/pwalk?tab=doc + +### Benchmarks + +For a WalkFunc that consists solely of the return statement, this +implementation is about 10% slower than the standard library's +filepath.Walk. + +Otherwise (if a WalkFunc is doing something) this is usually faster, +except when the WalkN(..., 1) is used. diff --git a/internal/third_party/selinux/pkg/pwalk/pwalk.go b/internal/third_party/selinux/pkg/pwalk/pwalk.go new file mode 100644 index 00000000000..686c8bac32c --- /dev/null +++ b/internal/third_party/selinux/pkg/pwalk/pwalk.go @@ -0,0 +1,131 @@ +package pwalk + +import ( + "errors" + "fmt" + "os" + "path/filepath" + "runtime" + "sync" +) + +// WalkFunc is the type of the function called by Walk to visit each +// file or directory. It is an alias for [filepath.WalkFunc]. +// +// Deprecated: use [github.com/opencontainers/selinux/pkg/pwalkdir] and [fs.WalkDirFunc]. +type WalkFunc = filepath.WalkFunc + +// Walk is a wrapper for filepath.Walk which can call multiple walkFn +// in parallel, allowing to handle each item concurrently. A maximum of +// twice the runtime.NumCPU() walkFn will be called at any one time. +// If you want to change the maximum, use WalkN instead. +// +// The order of calls is non-deterministic. +// +// Note that this implementation only supports primitive error handling: +// +// - no errors are ever passed to walkFn; +// +// - once a walkFn returns any error, all further processing stops +// and the error is returned to the caller of Walk; +// +// - filepath.SkipDir is not supported; +// +// - if more than one walkFn instance will return an error, only one +// of such errors will be propagated and returned by Walk, others +// will be silently discarded. +// +// Deprecated: use [github.com/opencontainers/selinux/pkg/pwalkdir.Walk] +func Walk(root string, walkFn WalkFunc) error { + return WalkN(root, walkFn, runtime.NumCPU()*2) +} + +// WalkN is a wrapper for filepath.Walk which can call multiple walkFn +// in parallel, allowing to handle each item concurrently. A maximum of +// num walkFn will be called at any one time. +// +// Please see Walk documentation for caveats of using this function. +// +// Deprecated: use [github.com/opencontainers/selinux/pkg/pwalkdir.WalkN] +func WalkN(root string, walkFn WalkFunc, num int) error { + // make sure limit is sensible + if num < 1 { + return fmt.Errorf("walk(%q): num must be > 0", root) + } + + files := make(chan *walkArgs, 2*num) + errCh := make(chan error, 1) // get the first error, ignore others + + // Start walking a tree asap + var ( + err error + wg sync.WaitGroup + + rootLen = len(root) + rootEntry *walkArgs + ) + wg.Add(1) + go func() { + err = filepath.Walk(root, func(p string, info os.FileInfo, err error) error { + if err != nil { + // Walking a file tree can race with removal, + // so ignore ENOENT, except for root. + // https://github.com/opencontainers/selinux/issues/199. + if errors.Is(err, os.ErrNotExist) && len(p) != rootLen { + return nil + } + + close(files) + return err + } + if len(p) == rootLen { + // Root entry is processed separately below. + rootEntry = &walkArgs{path: p, info: &info} + return nil + } + // add a file to the queue unless a callback sent an error + select { + case e := <-errCh: + close(files) + return e + default: + files <- &walkArgs{path: p, info: &info} + return nil + } + }) + if err == nil { + close(files) + } + wg.Done() + }() + + wg.Add(num) + for i := 0; i < num; i++ { + go func() { + for file := range files { + if e := walkFn(file.path, *file.info, nil); e != nil { + select { + case errCh <- e: // sent ok + default: // buffer full + } + } + } + wg.Done() + }() + } + + wg.Wait() + + if err == nil { + err = walkFn(rootEntry.path, *rootEntry.info, nil) + } + + return err +} + +// walkArgs holds the arguments that were passed to the Walk or WalkN +// functions. +type walkArgs struct { + info *os.FileInfo + path string +} diff --git a/internal/third_party/selinux/pkg/pwalk/pwalk_test.go b/internal/third_party/selinux/pkg/pwalk/pwalk_test.go new file mode 100644 index 00000000000..9cca3b6b15a --- /dev/null +++ b/internal/third_party/selinux/pkg/pwalk/pwalk_test.go @@ -0,0 +1,236 @@ +package pwalk + +import ( + "errors" + "math/rand" + "os" + "path/filepath" + "runtime" + "sync/atomic" + "testing" + "time" +) + +func TestWalk(t *testing.T) { + var ac atomic.Uint32 + concurrency := runtime.NumCPU() * 2 + + dir, total := prepareTestSet(t, 3, 2, 1) + + err := WalkN(dir, + func(_ string, _ os.FileInfo, _ error) error { + ac.Add(1) + return nil + }, + concurrency) + if err != nil { + t.Errorf("Walk failed: %v", err) + } + count := ac.Load() + if count != total { + t.Errorf("File count mismatch: found %d, expected %d", count, total) + } + + t.Logf("concurrency: %d, files found: %d", concurrency, count) +} + +func TestWalkTopLevelErrNotExistNotIgnored(t *testing.T) { + if WalkN("non-existent-directory", cbEmpty, 8) == nil { + t.Fatal("expected ErrNotExist, got nil") + } +} + +// https://github.com/opencontainers/selinux/issues/199 +func TestWalkRaceWithRemoval(t *testing.T) { + var ac atomic.Uint32 + concurrency := runtime.NumCPU() * 2 + // This test is still on a best-effort basis, meaning it can still pass + // when there is a bug in the code, but the larger the test set is, the + // higher the probability that this test fails (without a fix). + // + // With this set (4, 5, 6), and the fix commented out, it fails + // 100 out of 100 runs on my machine. + dir, total := prepareTestSet(t, 4, 5, 6) + + // Race walk with removal. + go os.RemoveAll(dir) + err := WalkN(dir, + func(_ string, _ os.FileInfo, _ error) error { + ac.Add(1) + return nil + }, + concurrency) + count := int(ac.Load()) + t.Logf("found %d of %d files", count, total) + if err != nil { + t.Fatalf("expected nil, got %v", err) + } +} + +func TestWalkDirManyErrors(t *testing.T) { + var ac atomic.Uint32 + + dir, total := prepareTestSet(t, 3, 3, 2) + + maxFiles := total / 2 + e42 := errors.New("42") + err := Walk(dir, + func(_ string, _ os.FileInfo, _ error) error { + if ac.Add(1) > maxFiles { + return e42 + } + return nil + }) + count := ac.Load() + t.Logf("found %d of %d files", count, total) + + if err == nil { + t.Errorf("Walk succeeded, but error is expected") + if count != total { + t.Errorf("File count mismatch: found %d, expected %d", count, total) + } + } +} + +func makeManyDirs(prefix string, levels, dirs, files int) (count uint32, err error) { + for d := 0; d < dirs; d++ { + var dir string + dir, err = os.MkdirTemp(prefix, "d-") + if err != nil { + return count, err + } + count++ + for f := 0; f < files; f++ { + var fi *os.File + fi, err = os.CreateTemp(dir, "f-") + if err != nil { + return count, err + } + _ = fi.Close() + count++ + } + if levels == 0 { + continue + } + var c uint32 + if c, err = makeManyDirs(dir, levels-1, dirs, files); err != nil { + return count, err + } + count += c + } + + return count, err +} + +// prepareTestSet() creates a directory tree of shallow files, +// to be used for testing or benchmarking. +// +// Total dirs: dirs^levels + dirs^(levels-1) + ... + dirs^1 +// Total files: total_dirs * files +func prepareTestSet(tb testing.TB, levels, dirs, files int) (dir string, total uint32) { + tb.Helper() + var err error + + dir = tb.TempDir() + total, err = makeManyDirs(dir, levels, dirs, files) + if err != nil { + tb.Fatal(err) + } + total++ // this dir + + return dir, total +} + +type walkerFunc func(root string, walkFn WalkFunc) error + +func genWalkN(n int) walkerFunc { + return func(root string, walkFn WalkFunc) error { + return WalkN(root, walkFn, n) + } +} + +func BenchmarkWalk(b *testing.B) { + const ( + levels = 5 // how deep + dirs = 3 // dirs on each levels + files = 8 // files on each levels + ) + + benchmarks := []struct { + walk filepath.WalkFunc + name string + }{ + {name: "Empty", walk: cbEmpty}, + {name: "ReadFile", walk: cbReadFile}, + {name: "ChownChmod", walk: cbChownChmod}, + {name: "RandomSleep", walk: cbRandomSleep}, + } + + walkers := []struct { + walker walkerFunc + name string + }{ + {name: "filepath.Walk", walker: filepath.Walk}, + {name: "pwalk.Walk", walker: Walk}, + // test WalkN with various values of N + {name: "pwalk.Walk1", walker: genWalkN(1)}, + {name: "pwalk.Walk2", walker: genWalkN(2)}, + {name: "pwalk.Walk4", walker: genWalkN(4)}, + {name: "pwalk.Walk8", walker: genWalkN(8)}, + {name: "pwalk.Walk16", walker: genWalkN(16)}, + {name: "pwalk.Walk32", walker: genWalkN(32)}, + {name: "pwalk.Walk64", walker: genWalkN(64)}, + {name: "pwalk.Walk128", walker: genWalkN(128)}, + {name: "pwalk.Walk256", walker: genWalkN(256)}, + } + + dir, total := prepareTestSet(b, levels, dirs, files) + b.Logf("dataset: %d levels x %d dirs x %d files, total entries: %d", levels, dirs, files, total) + + for _, bm := range benchmarks { + for _, w := range walkers { + walker := w.walker + walkFn := bm.walk + // preheat + if err := w.walker(dir, bm.walk); err != nil { + b.Errorf("walk failed: %v", err) + } + // benchmark + b.Run(bm.name+"/"+w.name, func(b *testing.B) { + for i := 0; i < b.N; i++ { + if err := walker(dir, walkFn); err != nil { + b.Errorf("walk failed: %v", err) + } + } + }) + } + } +} + +func cbEmpty(_ string, _ os.FileInfo, _ error) error { + return nil +} + +func cbChownChmod(path string, info os.FileInfo, _ error) error { + _ = os.Chown(path, 0, 0) + mode := os.FileMode(0o644) + if info.Mode().IsDir() { + mode = os.FileMode(0o755) + } + _ = os.Chmod(path, mode) + + return nil +} + +func cbReadFile(path string, info os.FileInfo, _ error) error { + var err error + if info.Mode().IsRegular() { + _, err = os.ReadFile(path) + } + return err +} + +func cbRandomSleep(_ string, _ os.FileInfo, _ error) error { + time.Sleep(time.Duration(rand.Intn(500)) * time.Microsecond) //nolint:gosec // ignore G404: Use of weak random number generator + return nil +} diff --git a/internal/third_party/selinux/pkg/pwalkdir/README.md b/internal/third_party/selinux/pkg/pwalkdir/README.md new file mode 100644 index 00000000000..b827e7dd73f --- /dev/null +++ b/internal/third_party/selinux/pkg/pwalkdir/README.md @@ -0,0 +1,56 @@ +## pwalkdir: parallel implementation of filepath.WalkDir + +This is a wrapper for [filepath.WalkDir](https://pkg.go.dev/path/filepath#WalkDir) +which may speed it up by calling multiple callback functions (WalkDirFunc) +in parallel, utilizing goroutines. + +By default, it utilizes 2\*runtime.NumCPU() goroutines for callbacks. +This can be changed by using WalkN function which has the additional +parameter, specifying the number of goroutines (concurrency). + +### pwalk vs pwalkdir + +This package is very similar to +[pwalk](https://pkg.go.dev/github.com/opencontainers/selinux/pkg/pwalkdir), +but utilizes `filepath.WalkDir` (added to Go 1.16), which does not call stat(2) +on every entry and is therefore faster (up to 3x, depending on usage scenario). + +Users who are OK with requiring Go 1.16+ should switch to this +implementation. + +### Caveats + +Please note the following limitations of this code: + +* Unlike filepath.WalkDir, the order of calls is non-deterministic; + +* Only primitive error handling is supported: + + * fs.SkipDir is not supported; + + * ErrNotExist errors from filepath.WalkDir are silently ignored for any path + except the top directory (WalkDir argument); any other error is returned to + the caller of WalkDir; + + * once any error is returned from any walkDirFunc instance, no more calls + to WalkDirFunc are made, and the error is returned to the caller of WalkDir; + + * if more than one WalkDirFunc instance will return an error, only one + of such errors will be propagated to and returned by WalkDir, others + will be silently discarded. + +### Documentation + +For the official documentation, see +https://pkg.go.dev/github.com/opencontainers/selinux/pkg/pwalkdir + +### Benchmarks + +For a WalkDirFunc that consists solely of the return statement, this +implementation is about 15% slower than the standard library's +filepath.WalkDir. + +Otherwise (if a WalkDirFunc is actually doing something) this is usually +faster, except when the WalkDirN(..., 1) is used. Run `go test -bench .` +to see how different operations can benefit from it, as well as how the +level of parallelism affects the speed. diff --git a/internal/third_party/selinux/pkg/pwalkdir/pwalkdir.go b/internal/third_party/selinux/pkg/pwalkdir/pwalkdir.go new file mode 100644 index 00000000000..5d2d09a2985 --- /dev/null +++ b/internal/third_party/selinux/pkg/pwalkdir/pwalkdir.go @@ -0,0 +1,123 @@ +//go:build go1.16 +// +build go1.16 + +package pwalkdir + +import ( + "errors" + "fmt" + "io/fs" + "path/filepath" + "runtime" + "sync" +) + +// Walk is a wrapper for filepath.WalkDir which can call multiple walkFn +// in parallel, allowing to handle each item concurrently. A maximum of +// twice the runtime.NumCPU() walkFn will be called at any one time. +// If you want to change the maximum, use WalkN instead. +// +// The order of calls is non-deterministic. +// +// Note that this implementation only supports primitive error handling: +// +// - no errors are ever passed to walkFn; +// +// - once a walkFn returns any error, all further processing stops +// and the error is returned to the caller of Walk; +// +// - filepath.SkipDir is not supported; +// +// - if more than one walkFn instance will return an error, only one +// of such errors will be propagated and returned by Walk, others +// will be silently discarded. +func Walk(root string, walkFn fs.WalkDirFunc) error { + return WalkN(root, walkFn, runtime.NumCPU()*2) +} + +// WalkN is a wrapper for filepath.WalkDir which can call multiple walkFn +// in parallel, allowing to handle each item concurrently. A maximum of +// num walkFn will be called at any one time. +// +// Please see Walk documentation for caveats of using this function. +func WalkN(root string, walkFn fs.WalkDirFunc, num int) error { + // make sure limit is sensible + if num < 1 { + return fmt.Errorf("walk(%q): num must be > 0", root) + } + + files := make(chan *walkArgs, 2*num) + errCh := make(chan error, 1) // Get the first error, ignore others. + + // Start walking a tree asap. + var ( + err error + wg sync.WaitGroup + + rootLen = len(root) + rootEntry *walkArgs + ) + wg.Add(1) + go func() { + err = filepath.WalkDir(root, func(p string, entry fs.DirEntry, err error) error { + if err != nil { + // Walking a file tree can race with removal, + // so ignore ENOENT, except for root. + // https://github.com/opencontainers/selinux/issues/199. + if errors.Is(err, fs.ErrNotExist) && len(p) != rootLen { + return nil + } + close(files) + return err + } + if len(p) == rootLen { + // Root entry is processed separately below. + rootEntry = &walkArgs{path: p, entry: entry} + return nil + } + // Add a file to the queue unless a callback sent an error. + select { + case e := <-errCh: + close(files) + return e + default: + files <- &walkArgs{path: p, entry: entry} + return nil + } + }) + if err == nil { + close(files) + } + wg.Done() + }() + + wg.Add(num) + for i := 0; i < num; i++ { + go func() { + for file := range files { + if e := walkFn(file.path, file.entry, nil); e != nil { + select { + case errCh <- e: // sent ok + default: // buffer full + } + } + } + wg.Done() + }() + } + + wg.Wait() + + if err == nil { + err = walkFn(rootEntry.path, rootEntry.entry, nil) + } + + return err +} + +// walkArgs holds the arguments that were passed to the Walk or WalkN +// functions. +type walkArgs struct { + entry fs.DirEntry + path string +} diff --git a/internal/third_party/selinux/pkg/pwalkdir/pwalkdir_test.go b/internal/third_party/selinux/pkg/pwalkdir/pwalkdir_test.go new file mode 100644 index 00000000000..e66a80d1ab3 --- /dev/null +++ b/internal/third_party/selinux/pkg/pwalkdir/pwalkdir_test.go @@ -0,0 +1,239 @@ +//go:build go1.16 +// +build go1.16 + +package pwalkdir + +import ( + "errors" + "io/fs" + "math/rand" + "os" + "path/filepath" + "runtime" + "sync/atomic" + "testing" + "time" +) + +func TestWalkDir(t *testing.T) { + var ac atomic.Uint32 + concurrency := runtime.NumCPU() * 2 + dir, total := prepareTestSet(t, 3, 2, 1) + + err := WalkN(dir, + func(_ string, _ fs.DirEntry, _ error) error { + ac.Add(1) + return nil + }, + concurrency) + if err != nil { + t.Errorf("Walk failed: %v", err) + } + count := ac.Load() + if count != total { + t.Errorf("File count mismatch: found %d, expected %d", count, total) + } + + t.Logf("concurrency: %d, files found: %d", concurrency, count) +} + +func TestWalkDirTopLevelErrNotExistNotIgnored(t *testing.T) { + err := WalkN("non-existent-directory", cbEmpty, 8) + if err == nil { + t.Fatal("expected ErrNotExist, got nil") + } +} + +// https://github.com/opencontainers/selinux/issues/199 +func TestWalkDirRaceWithRemoval(t *testing.T) { + var ac atomic.Uint32 + concurrency := runtime.NumCPU() * 2 + // This test is still on a best-effort basis, meaning it can still pass + // when there is a bug in the code, but the larger the test set is, the + // higher the probability that this test fails (without a fix). + // + // With this set (4, 5, 6), and the fix commented out, it fails + // about 90 out of 100 runs on my machine. + dir, total := prepareTestSet(t, 4, 5, 6) + + // Make walk race with removal. + go os.RemoveAll(dir) + err := WalkN(dir, + func(_ string, _ fs.DirEntry, _ error) error { + ac.Add(1) + return nil + }, + concurrency) + count := ac.Load() + t.Logf("found %d of %d files", count, total) + if err != nil { + t.Fatalf("expected nil, got %v", err) + } +} + +func TestWalkDirManyErrors(t *testing.T) { + var ac atomic.Uint32 + dir, total := prepareTestSet(t, 3, 3, 2) + + maxFiles := total / 2 + e42 := errors.New("42") + err := Walk(dir, + func(_ string, _ fs.DirEntry, _ error) error { + if ac.Add(1) > maxFiles { + return e42 + } + return nil + }) + count := ac.Load() + t.Logf("found %d of %d files", count, total) + + if err == nil { + t.Error("Walk succeeded, but error is expected") + if count != total { + t.Errorf("File count mismatch: found %d, expected %d", count, total) + } + } +} + +func makeManyDirs(prefix string, levels, dirs, files int) (count uint32, err error) { + for d := 0; d < dirs; d++ { + var dir string + dir, err = os.MkdirTemp(prefix, "d-") + if err != nil { + return count, err + } + count++ + for f := 0; f < files; f++ { + var fi *os.File + fi, err = os.CreateTemp(dir, "f-") + if err != nil { + return count, err + } + fi.Close() + count++ + } + if levels == 0 { + continue + } + var c uint32 + if c, err = makeManyDirs(dir, levels-1, dirs, files); err != nil { + return count, err + } + count += c + } + + return count, err +} + +// prepareTestSet() creates a directory tree of shallow files, +// to be used for testing or benchmarking. +// +// Total dirs: dirs^levels + dirs^(levels-1) + ... + dirs^1 +// Total files: total_dirs * files +func prepareTestSet(tb testing.TB, levels, dirs, files int) (dir string, total uint32) { + tb.Helper() + var err error + + dir = tb.TempDir() + total, err = makeManyDirs(dir, levels, dirs, files) + if err != nil { + tb.Fatal(err) + } + total++ // this dir + + return dir, total +} + +type walkerFunc func(root string, walkFn fs.WalkDirFunc) error + +func genWalkN(n int) walkerFunc { + return func(root string, walkFn fs.WalkDirFunc) error { + return WalkN(root, walkFn, n) + } +} + +func BenchmarkWalk(b *testing.B) { + const ( + levels = 5 // how deep + dirs = 3 // dirs on each levels + files = 8 // files on each levels + ) + + benchmarks := []struct { + walk fs.WalkDirFunc + name string + }{ + {name: "Empty", walk: cbEmpty}, + {name: "ReadFile", walk: cbReadFile}, + {name: "ChownChmod", walk: cbChownChmod}, + {name: "RandomSleep", walk: cbRandomSleep}, + } + + walkers := []struct { + walker walkerFunc + name string + }{ + {name: "filepath.WalkDir", walker: filepath.WalkDir}, + {name: "pwalkdir.Walk", walker: Walk}, + // test WalkN with various values of N + {name: "pwalkdir.Walk1", walker: genWalkN(1)}, + {name: "pwalkdir.Walk2", walker: genWalkN(2)}, + {name: "pwalkdir.Walk4", walker: genWalkN(4)}, + {name: "pwalkdir.Walk8", walker: genWalkN(8)}, + {name: "pwalkdir.Walk16", walker: genWalkN(16)}, + {name: "pwalkdir.Walk32", walker: genWalkN(32)}, + {name: "pwalkdir.Walk64", walker: genWalkN(64)}, + {name: "pwalkdir.Walk128", walker: genWalkN(128)}, + {name: "pwalkdir.Walk256", walker: genWalkN(256)}, + } + + dir, total := prepareTestSet(b, levels, dirs, files) + b.Logf("dataset: %d levels x %d dirs x %d files, total entries: %d", levels, dirs, files, total) + + for _, bm := range benchmarks { + for _, w := range walkers { + walker := w.walker + walkFn := bm.walk + // preheat + if err := w.walker(dir, bm.walk); err != nil { + b.Errorf("walk failed: %v", err) + } + // benchmark + b.Run(bm.name+"/"+w.name, func(b *testing.B) { + for i := 0; i < b.N; i++ { + if err := walker(dir, walkFn); err != nil { + b.Errorf("walk failed: %v", err) + } + } + }) + } + } +} + +func cbEmpty(_ string, _ fs.DirEntry, _ error) error { + return nil +} + +func cbChownChmod(path string, e fs.DirEntry, _ error) error { + _ = os.Chown(path, 0, 0) + mode := os.FileMode(0o644) + if e.IsDir() { + mode = os.FileMode(0o755) + } + _ = os.Chmod(path, mode) + + return nil +} + +func cbReadFile(path string, e fs.DirEntry, _ error) error { + var err error + if e.Type().IsRegular() { + _, err = os.ReadFile(path) + } + return err +} + +func cbRandomSleep(_ string, _ fs.DirEntry, _ error) error { + time.Sleep(time.Duration(rand.Intn(500)) * time.Microsecond) //nolint:gosec // ignore G404: Use of weak random number generator + return nil +} diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/label/label_linux.go b/vendor/github.com/opencontainers/selinux/go-selinux/label/label_linux.go index 1258c98ce71..95f29e21f4e 100644 --- a/vendor/github.com/opencontainers/selinux/go-selinux/label/label_linux.go +++ b/vendor/github.com/opencontainers/selinux/go-selinux/label/label_linux.go @@ -18,7 +18,7 @@ var validOptions = map[string]bool{ "level": true, } -var ErrIncompatibleLabel = errors.New("Bad SELinux option z and Z can not be used together") +var ErrIncompatibleLabel = errors.New("bad SELinux option: z and Z can not be used together") // InitLabels returns the process label and file labels to be used within // the container. A list of options can be passed into this function to alter @@ -52,11 +52,11 @@ func InitLabels(options []string) (plabel string, mlabel string, retErr error) { return "", selinux.PrivContainerMountLabel(), nil } if i := strings.Index(opt, ":"); i == -1 { - return "", "", fmt.Errorf("Bad label option %q, valid options 'disable' or \n'user, role, level, type, filetype' followed by ':' and a value", opt) + return "", "", fmt.Errorf("bad label option %q, valid options 'disable' or \n'user, role, level, type, filetype' followed by ':' and a value", opt) } con := strings.SplitN(opt, ":", 2) if !validOptions[con[0]] { - return "", "", fmt.Errorf("Bad label option %q, valid options 'disable, user, role, level, type, filetype'", con[0]) + return "", "", fmt.Errorf("bad label option %q, valid options 'disable, user, role, level, type, filetype'", con[0]) } if con[0] == "filetype" { mcon["type"] = con[1] diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/selinux.go b/vendor/github.com/opencontainers/selinux/go-selinux/selinux.go index 9f0740ef6f8..15150d47528 100644 --- a/vendor/github.com/opencontainers/selinux/go-selinux/selinux.go +++ b/vendor/github.com/opencontainers/selinux/go-selinux/selinux.go @@ -153,7 +153,7 @@ func CalculateGlbLub(sourceRange, targetRange string) (string, error) { // of the program is finished to guarantee another goroutine does not migrate to the current // thread before execution is complete. func SetExecLabel(label string) error { - return writeCon(attrPath("exec"), label) + return writeConThreadSelf("attr/exec", label) } // SetTaskLabel sets the SELinux label for the current thread, or an error. @@ -161,7 +161,7 @@ func SetExecLabel(label string) error { // be wrapped in runtime.LockOSThread()/runtime.UnlockOSThread() to guarantee // the current thread does not run in a new mislabeled thread. func SetTaskLabel(label string) error { - return writeCon(attrPath("current"), label) + return writeConThreadSelf("attr/current", label) } // SetSocketLabel takes a process label and tells the kernel to assign the @@ -170,12 +170,12 @@ func SetTaskLabel(label string) error { // the socket is created to guarantee another goroutine does not migrate // to the current thread before execution is complete. func SetSocketLabel(label string) error { - return writeCon(attrPath("sockcreate"), label) + return writeConThreadSelf("attr/sockcreate", label) } // SocketLabel retrieves the current socket label setting func SocketLabel() (string, error) { - return readCon(attrPath("sockcreate")) + return readConThreadSelf("attr/sockcreate") } // PeerLabel retrieves the label of the client on the other side of a socket @@ -198,7 +198,7 @@ func SetKeyLabel(label string) error { // KeyLabel retrieves the current kernel keyring label setting func KeyLabel() (string, error) { - return readCon("/proc/self/attr/keycreate") + return keyLabel() } // Get returns the Context as a string diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go index a607980724c..70392d98904 100644 --- a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go +++ b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go @@ -17,8 +17,11 @@ import ( "strings" "sync" - "github.com/opencontainers/selinux/pkg/pwalkdir" + "github.com/cyphar/filepath-securejoin/pathrs-lite" + "github.com/cyphar/filepath-securejoin/pathrs-lite/procfs" "golang.org/x/sys/unix" + + "github.com/opencontainers/selinux/pkg/pwalkdir" ) const ( @@ -73,10 +76,6 @@ var ( mcsList: make(map[string]bool), } - // for attrPath() - attrPathOnce sync.Once - haveThreadSelf bool - // for policyRoot() policyRootOnce sync.Once policyRootVal string @@ -256,48 +255,187 @@ func readConfig(target string) string { return "" } -func isProcHandle(fh *os.File) error { - var buf unix.Statfs_t +func readConFd(in *os.File) (string, error) { + data, err := io.ReadAll(in) + if err != nil { + return "", err + } + return string(bytes.TrimSuffix(data, []byte{0})), nil +} - for { - err := unix.Fstatfs(int(fh.Fd()), &buf) - if err == nil { - break - } - if err != unix.EINTR { - return &os.PathError{Op: "fstatfs", Path: fh.Name(), Err: err} - } +func writeConFd(out *os.File, val string) error { + var err error + if val != "" { + _, err = out.Write([]byte(val)) + } else { + _, err = out.Write(nil) } - if buf.Type != unix.PROC_SUPER_MAGIC { - return fmt.Errorf("file %q is not on procfs", fh.Name()) + return err +} + +// openProcThreadSelf is a small wrapper around [OpenThreadSelf] and +// [pathrs.Reopen] to make "one-shot opens" slightly more ergonomic. The +// provided mode must be os.O_* flags to indicate what mode the returned file +// should be opened with (flags like os.O_CREAT and os.O_EXCL are not +// supported). +// +// If no error occurred, the returned handle is guaranteed to be exactly +// /proc/thread-self/ with no tricky mounts or symlinks causing you to +// operate on an unexpected path (with some caveats on pre-openat2 or +// pre-fsopen kernels). +// +// [OpenThreadSelf]: https://pkg.go.dev/github.com/cyphar/filepath-securejoin/pathrs-lite/procfs#Handle.OpenThreadSelf +func openProcThreadSelf(subpath string, mode int) (*os.File, procfs.ProcThreadSelfCloser, error) { + if subpath == "" { + return nil, nil, ErrEmptyPath + } + + proc, err := procfs.OpenProcRoot() + if err != nil { + return nil, nil, err } + defer proc.Close() - return nil -} + handle, closer, err := proc.OpenThreadSelf(subpath) + if err != nil { + return nil, nil, fmt.Errorf("open /proc/thread-self/%s handle: %w", subpath, err) + } + defer handle.Close() // we will return a re-opened handle -func readCon(fpath string) (string, error) { - if fpath == "" { - return "", ErrEmptyPath + file, err := pathrs.Reopen(handle, mode) + if err != nil { + closer() + return nil, nil, fmt.Errorf("reopen /proc/thread-self/%s handle (%#x): %w", subpath, mode, err) } + return file, closer, nil +} - in, err := os.Open(fpath) +// Read the contents of /proc/thread-self/. +func readConThreadSelf(fpath string) (string, error) { + in, closer, err := openProcThreadSelf(fpath, os.O_RDONLY|unix.O_CLOEXEC) if err != nil { return "", err } + defer closer() defer in.Close() - if err := isProcHandle(in); err != nil { + return readConFd(in) +} + +// Write to /proc/thread-self/. +func writeConThreadSelf(fpath, val string) error { + if val == "" { + if !getEnabled() { + return nil + } + } + + out, closer, err := openProcThreadSelf(fpath, os.O_WRONLY|unix.O_CLOEXEC) + if err != nil { + return err + } + defer closer() + defer out.Close() + + return writeConFd(out, val) +} + +// openProcSelf is a small wrapper around [OpenSelf] and [pathrs.Reopen] to +// make "one-shot opens" slightly more ergonomic. The provided mode must be +// os.O_* flags to indicate what mode the returned file should be opened with +// (flags like os.O_CREAT and os.O_EXCL are not supported). +// +// If no error occurred, the returned handle is guaranteed to be exactly +// /proc/self/ with no tricky mounts or symlinks causing you to +// operate on an unexpected path (with some caveats on pre-openat2 or +// pre-fsopen kernels). +// +// [OpenSelf]: https://pkg.go.dev/github.com/cyphar/filepath-securejoin/pathrs-lite/procfs#Handle.OpenSelf +func openProcSelf(subpath string, mode int) (*os.File, error) { + if subpath == "" { + return nil, ErrEmptyPath + } + + proc, err := procfs.OpenProcRoot() + if err != nil { + return nil, err + } + defer proc.Close() + + handle, err := proc.OpenSelf(subpath) + if err != nil { + return nil, fmt.Errorf("open /proc/self/%s handle: %w", subpath, err) + } + defer handle.Close() // we will return a re-opened handle + + file, err := pathrs.Reopen(handle, mode) + if err != nil { + return nil, fmt.Errorf("reopen /proc/self/%s handle (%#x): %w", subpath, mode, err) + } + return file, nil +} + +// Read the contents of /proc/self/. +func readConSelf(fpath string) (string, error) { + in, err := openProcSelf(fpath, os.O_RDONLY|unix.O_CLOEXEC) + if err != nil { return "", err } + defer in.Close() + return readConFd(in) } -func readConFd(in *os.File) (string, error) { - data, err := io.ReadAll(in) +// Write to /proc/self/. +func writeConSelf(fpath, val string) error { + if val == "" { + if !getEnabled() { + return nil + } + } + + out, err := openProcSelf(fpath, os.O_WRONLY|unix.O_CLOEXEC) if err != nil { - return "", err + return err } - return string(bytes.TrimSuffix(data, []byte{0})), nil + defer out.Close() + + return writeConFd(out, val) +} + +// openProcPid is a small wrapper around [OpenPid] and [pathrs.Reopen] to make +// "one-shot opens" slightly more ergonomic. The provided mode must be os.O_* +// flags to indicate what mode the returned file should be opened with (flags +// like os.O_CREAT and os.O_EXCL are not supported). +// +// If no error occurred, the returned handle is guaranteed to be exactly +// /proc/self/ with no tricky mounts or symlinks causing you to +// operate on an unexpected path (with some caveats on pre-openat2 or +// pre-fsopen kernels). +// +// [OpenPid]: https://pkg.go.dev/github.com/cyphar/filepath-securejoin/pathrs-lite/procfs#Handle.OpenPid +func openProcPid(pid int, subpath string, mode int) (*os.File, error) { + if subpath == "" { + return nil, ErrEmptyPath + } + + proc, err := procfs.OpenProcRoot() + if err != nil { + return nil, err + } + defer proc.Close() + + handle, err := proc.OpenPid(pid, subpath) + if err != nil { + return nil, fmt.Errorf("open /proc/%d/%s handle: %w", pid, subpath, err) + } + defer handle.Close() // we will return a re-opened handle + + file, err := pathrs.Reopen(handle, mode) + if err != nil { + return nil, fmt.Errorf("reopen /proc/%d/%s handle (%#x): %w", pid, subpath, mode, err) + } + return file, nil } // classIndex returns the int index for an object class in the loaded policy, @@ -393,78 +531,34 @@ func lFileLabel(fpath string) (string, error) { } func setFSCreateLabel(label string) error { - return writeCon(attrPath("fscreate"), label) + return writeConThreadSelf("attr/fscreate", label) } // fsCreateLabel returns the default label the kernel which the kernel is using // for file system objects created by this task. "" indicates default. func fsCreateLabel() (string, error) { - return readCon(attrPath("fscreate")) + return readConThreadSelf("attr/fscreate") } // currentLabel returns the SELinux label of the current process thread, or an error. func currentLabel() (string, error) { - return readCon(attrPath("current")) + return readConThreadSelf("attr/current") } // pidLabel returns the SELinux label of the given pid, or an error. func pidLabel(pid int) (string, error) { - return readCon(fmt.Sprintf("/proc/%d/attr/current", pid)) + it, err := openProcPid(pid, "attr/current", os.O_RDONLY|unix.O_CLOEXEC) + if err != nil { + return "", nil + } + defer it.Close() + return readConFd(it) } // ExecLabel returns the SELinux label that the kernel will use for any programs // that are executed by the current process thread, or an error. func execLabel() (string, error) { - return readCon(attrPath("exec")) -} - -func writeCon(fpath, val string) error { - if fpath == "" { - return ErrEmptyPath - } - if val == "" { - if !getEnabled() { - return nil - } - } - - out, err := os.OpenFile(fpath, os.O_WRONLY, 0) - if err != nil { - return err - } - defer out.Close() - - if err := isProcHandle(out); err != nil { - return err - } - - if val != "" { - _, err = out.Write([]byte(val)) - } else { - _, err = out.Write(nil) - } - if err != nil { - return err - } - return nil -} - -func attrPath(attr string) string { - // Linux >= 3.17 provides this - const threadSelfPrefix = "/proc/thread-self/attr" - - attrPathOnce.Do(func() { - st, err := os.Stat(threadSelfPrefix) - if err == nil && st.Mode().IsDir() { - haveThreadSelf = true - } - }) - - if haveThreadSelf { - return filepath.Join(threadSelfPrefix, attr) - } - - return filepath.Join("/proc/self/task", strconv.Itoa(unix.Gettid()), "attr", attr) + return readConThreadSelf("exec") } // canonicalizeContext takes a context string and writes it to the kernel @@ -728,19 +822,29 @@ func peerLabel(fd uintptr) (string, error) { // setKeyLabel takes a process label and tells the kernel to assign the // label to the next kernel keyring that gets created func setKeyLabel(label string) error { - err := writeCon("/proc/self/attr/keycreate", label) + // Rather than using /proc/thread-self, we want to use /proc/self to + // operate on the thread-group leader. + err := writeConSelf("attr/keycreate", label) if errors.Is(err, os.ErrNotExist) { return nil } if label == "" && errors.Is(err, os.ErrPermission) { return nil } - if errors.Is(err, unix.EACCES) && unix.Getuid() != unix.Gettid() { + if errors.Is(err, unix.EACCES) && unix.Getpid() != unix.Gettid() { return ErrNotTGLeader } return err } +// KeyLabel retrieves the current kernel keyring label setting for this +// thread-group. +func keyLabel() (string, error) { + // Rather than using /proc/thread-self, we want to use /proc/self to + // operate on the thread-group leader. + return readConSelf("attr/keycreate") +} + // get returns the Context as a string func (c Context) get() string { if l := c["level"]; l != "" { diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go index 0889fbe0e07..267921239c2 100644 --- a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go +++ b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go @@ -7,11 +7,11 @@ func attrPath(string) string { return "" } -func readCon(string) (string, error) { +func readConThreadSelf(string) (string, error) { return "", nil } -func writeCon(string, string) error { +func writeConThreadSelf(string, string) error { return nil } @@ -81,6 +81,10 @@ func setKeyLabel(string) error { return nil } +func keyLabel() (string, error) { + return "", nil +} + func (c Context) get() string { return "" } diff --git a/vendor/modules.txt b/vendor/modules.txt index 91eef3d4b55..c0f707f1099 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -76,7 +76,7 @@ github.com/opencontainers/cgroups/systemd ## explicit github.com/opencontainers/runtime-spec/specs-go github.com/opencontainers/runtime-spec/specs-go/features -# github.com/opencontainers/selinux v1.12.0 +# github.com/opencontainers/selinux v1.12.0 => ./internal/third_party/selinux ## explicit; go 1.19 github.com/opencontainers/selinux/go-selinux github.com/opencontainers/selinux/go-selinux/label @@ -137,3 +137,4 @@ google.golang.org/protobuf/reflect/protoreflect google.golang.org/protobuf/reflect/protoregistry google.golang.org/protobuf/runtime/protoiface google.golang.org/protobuf/runtime/protoimpl +# github.com/opencontainers/selinux => ./internal/third_party/selinux From a41366e74080fa9f26a2cd3544e2801449697322 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Sat, 1 Nov 2025 17:21:36 +1100 Subject: [PATCH 1100/1176] openat2: improve resilience on busy systems Previously, we would see a ~3% failure rate when starting containers with mounts that contain ".." (which can trigger -EAGAIN). To counteract this, filepath-securejoin v0.5.1 includes a bump of the internal retry limit from 32 to 128, which lowers the failure rate to 0.12%. However, there is still a risk of spurious failure on regular systems. In order to try to provide more resilience (while avoiding DoS attacks), this patch also includes an additional retry loop that terminates based on a deadline rather than retry count. The deadline is 2ms, as my testing found that ~800us for a single pathrs operation was the longest latency due to -EAGAIN retries, and that was an outlier compared to the more common ~400us latencies -- so 2ms should be more than enough for any real system. The failure rates above were based on more 50k runs of runc with an attack script (from libpathrs) running a rename attack on all cores of a 16-core system, which is arguably a worst-case but heavily utilised servers could likely approach similar results. Tested-by: Phil Estes Signed-off-by: Aleksa Sarai --- go.mod | 2 +- go.sum | 4 +- internal/pathrs/mkdirall_pathrslite.go | 4 +- internal/pathrs/procfs_pathrslite.go | 22 ++++--- internal/pathrs/retry.go | 66 +++++++++++++++++++ internal/pathrs/root_pathrslite.go | 7 +- .../cyphar/filepath-securejoin/CHANGELOG.md | 34 +++++++++- .../cyphar/filepath-securejoin/VERSION | 2 +- .../internal/{errors.go => errors_linux.go} | 15 ++++- .../pathrs-lite/internal/fd/openat2_linux.go | 12 ++-- vendor/modules.txt | 2 +- 11 files changed, 144 insertions(+), 26 deletions(-) create mode 100644 internal/pathrs/retry.go rename vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/{errors.go => errors_linux.go} (70%) diff --git a/go.mod b/go.mod index ee82b16c04a..dab09f0090c 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( github.com/checkpoint-restore/go-criu/v7 v7.2.0 github.com/containerd/console v1.0.5 github.com/coreos/go-systemd/v22 v22.6.0 - github.com/cyphar/filepath-securejoin v0.5.0 + github.com/cyphar/filepath-securejoin v0.5.1 github.com/docker/go-units v0.5.0 github.com/godbus/dbus/v5 v5.1.0 github.com/moby/sys/capability v0.4.0 diff --git a/go.sum b/go.sum index f417a82784f..28fe8a2caa6 100644 --- a/go.sum +++ b/go.sum @@ -9,8 +9,8 @@ github.com/coreos/go-systemd/v22 v22.6.0 h1:aGVa/v8B7hpb0TKl0MWoAavPDmHvobFe5R5z github.com/coreos/go-systemd/v22 v22.6.0/go.mod h1:iG+pp635Fo7ZmV/j14KUcmEyWF+0X7Lua8rrTWzYgWU= github.com/cpuguy83/go-md2man/v2 v2.0.7 h1:zbFlGlXEAKlwXpmvle3d8Oe3YnkKIK4xSRTd3sHPnBo= github.com/cpuguy83/go-md2man/v2 v2.0.7/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g= -github.com/cyphar/filepath-securejoin v0.5.0 h1:hIAhkRBMQ8nIeuVwcAoymp7MY4oherZdAxD+m0u9zaw= -github.com/cyphar/filepath-securejoin v0.5.0/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI= +github.com/cyphar/filepath-securejoin v0.5.1 h1:eYgfMq5yryL4fbWfkLpFFy2ukSELzaJOTaUTuh+oF48= +github.com/cyphar/filepath-securejoin v0.5.1/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= diff --git a/internal/pathrs/mkdirall_pathrslite.go b/internal/pathrs/mkdirall_pathrslite.go index fb4f7842d49..a9a0157c681 100644 --- a/internal/pathrs/mkdirall_pathrslite.go +++ b/internal/pathrs/mkdirall_pathrslite.go @@ -83,7 +83,9 @@ func MkdirAllInRootOpen(root, unsafePath string, mode os.FileMode) (*os.File, er } defer rootDir.Close() - return pathrs.MkdirAllHandle(rootDir, unsafePath, mode) + return retryEAGAIN(func() (*os.File, error) { + return pathrs.MkdirAllHandle(rootDir, unsafePath, mode) + }) } // MkdirAllInRoot is a wrapper around MkdirAllInRootOpen which closes the diff --git a/internal/pathrs/procfs_pathrslite.go b/internal/pathrs/procfs_pathrslite.go index a02b0d39a92..37450a0eca7 100644 --- a/internal/pathrs/procfs_pathrslite.go +++ b/internal/pathrs/procfs_pathrslite.go @@ -27,13 +27,15 @@ import ( ) func procOpenReopen(openFn func(subpath string) (*os.File, error), subpath string, flags int) (*os.File, error) { - handle, err := openFn(subpath) + handle, err := retryEAGAIN(func() (*os.File, error) { + return openFn(subpath) + }) if err != nil { return nil, err } defer handle.Close() - f, err := pathrs.Reopen(handle, flags) + f, err := Reopen(handle, flags) if err != nil { return nil, fmt.Errorf("reopen %s: %w", handle.Name(), err) } @@ -44,7 +46,7 @@ func procOpenReopen(openFn func(subpath string) (*os.File, error), subpath strin // [pathrs.Reopen], to let you one-shot open a procfs file with the given // flags. func ProcSelfOpen(subpath string, flags int) (*os.File, error) { - proc, err := procfs.OpenProcRoot() + proc, err := retryEAGAIN(procfs.OpenProcRoot) if err != nil { return nil, err } @@ -55,7 +57,7 @@ func ProcSelfOpen(subpath string, flags int) (*os.File, error) { // ProcPidOpen is a wrapper around [procfs.Handle.OpenPid] and [pathrs.Reopen], // to let you one-shot open a procfs file with the given flags. func ProcPidOpen(pid int, subpath string, flags int) (*os.File, error) { - proc, err := procfs.OpenProcRoot() + proc, err := retryEAGAIN(procfs.OpenProcRoot) if err != nil { return nil, err } @@ -70,13 +72,15 @@ func ProcPidOpen(pid int, subpath string, flags int) (*os.File, error) { // flags. The returned [procfs.ProcThreadSelfCloser] needs the same handling as // when using pathrs-lite. func ProcThreadSelfOpen(subpath string, flags int) (_ *os.File, _ procfs.ProcThreadSelfCloser, Err error) { - proc, err := procfs.OpenProcRoot() + proc, err := retryEAGAIN(procfs.OpenProcRoot) if err != nil { return nil, nil, err } defer proc.Close() - handle, closer, err := proc.OpenThreadSelf(subpath) + handle, closer, err := retryEAGAIN2(func() (*os.File, procfs.ProcThreadSelfCloser, error) { + return proc.OpenThreadSelf(subpath) + }) if err != nil { return nil, nil, err } @@ -89,7 +93,7 @@ func ProcThreadSelfOpen(subpath string, flags int) (_ *os.File, _ procfs.ProcThr } defer handle.Close() - f, err := pathrs.Reopen(handle, flags) + f, err := Reopen(handle, flags) if err != nil { return nil, nil, fmt.Errorf("reopen %s: %w", handle.Name(), err) } @@ -98,5 +102,7 @@ func ProcThreadSelfOpen(subpath string, flags int) (_ *os.File, _ procfs.ProcThr // Reopen is a wrapper around pathrs.Reopen. func Reopen(file *os.File, flags int) (*os.File, error) { - return pathrs.Reopen(file, flags) + return retryEAGAIN(func() (*os.File, error) { + return pathrs.Reopen(file, flags) + }) } diff --git a/internal/pathrs/retry.go b/internal/pathrs/retry.go new file mode 100644 index 00000000000..a51d335c0df --- /dev/null +++ b/internal/pathrs/retry.go @@ -0,0 +1,66 @@ +// SPDX-License-Identifier: Apache-2.0 +/* + * Copyright (C) 2024-2025 Aleksa Sarai + * Copyright (C) 2024-2025 SUSE LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package pathrs + +import ( + "errors" + "fmt" + "time" + + "golang.org/x/sys/unix" +) + +// Based on >50k tests running "runc run" on a 16-core system with very heavy +// rename(2) load, the single longest latency caused by -EAGAIN retries was +// ~800us (with the vast majority being closer to 400us). So, a 2ms limit +// should give more than enough headroom for any real system in practice. +const retryDeadline = 2 * time.Millisecond + +// retryEAGAIN is a top-level retry loop for pathrs to try to returning +// spurious errors in most normal user cases when using openat2 (libpathrs +// itself does up to 128 retries already, but this method takes a +// wallclock-deadline approach to simply retry until a timer elapses). +func retryEAGAIN[T any](fn func() (T, error)) (T, error) { + deadline := time.After(retryDeadline) + for { + v, err := fn() + if !errors.Is(err, unix.EAGAIN) { + return v, err + } + select { + case <-deadline: + return *new(T), fmt.Errorf("%v retry deadline exceeded: %w", retryDeadline, err) + default: + // retry + } + } +} + +// retryEAGAIN2 is like retryEAGAIN except it returns two values. +func retryEAGAIN2[T1, T2 any](fn func() (T1, T2, error)) (T1, T2, error) { + type ret struct { + v1 T1 + v2 T2 + } + v, err := retryEAGAIN(func() (ret, error) { + v1, v2, err := fn() + return ret{v1: v1, v2: v2}, err + }) + return v.v1, v.v2, err +} diff --git a/internal/pathrs/root_pathrslite.go b/internal/pathrs/root_pathrslite.go index 2dd73b1600c..9e69e8d6c54 100644 --- a/internal/pathrs/root_pathrslite.go +++ b/internal/pathrs/root_pathrslite.go @@ -33,12 +33,15 @@ import ( // is effectively shorthand for [securejoin.OpenInRoot] followed by // [securejoin.Reopen]. func OpenInRoot(root, subpath string, flags int) (*os.File, error) { - handle, err := pathrs.OpenInRoot(root, subpath) + handle, err := retryEAGAIN(func() (*os.File, error) { + return pathrs.OpenInRoot(root, subpath) + }) if err != nil { return nil, err } defer handle.Close() - return pathrs.Reopen(handle, flags) + + return Reopen(handle, flags) } // CreateInRoot creates a new file inside a root (as well as any missing parent diff --git a/vendor/github.com/cyphar/filepath-securejoin/CHANGELOG.md b/vendor/github.com/cyphar/filepath-securejoin/CHANGELOG.md index 6862467c288..3faee0bc55b 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/CHANGELOG.md +++ b/vendor/github.com/cyphar/filepath-securejoin/CHANGELOG.md @@ -4,7 +4,36 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/). -## [Unreleased] ## +## [Unreleased 0.5.z] ## + +## [0.5.1] - 2025-10-31 ## + +> Spooky scary skeletons send shivers down your spine! + +### Changed ### +- `openat2` can return `-EAGAIN` if it detects a possible attack in certain + scenarios (namely if there was a rename or mount while walking a path with a + `..` component). While this is necessary to avoid a denial-of-service in the + kernel, it does require retry loops in userspace. + + In previous versions, `pathrs-lite` would retry `openat2` 32 times before + returning an error, but we've received user reports that this limit can be + hit on systems with very heavy load. In some synthetic benchmarks (testing + the worst-case of an attacker doing renames in a tight loop on every core of + a 16-core machine) we managed to get a ~3% failure rate in runc. We have + improved this situation in two ways: + + * We have now increased this limit to 128, which should be good enough for + most use-cases without becoming a denial-of-service vector (the number of + syscalls called by the `O_PATH` resolver in a typical case is within the + same ballpark). The same benchmarks show a failure rate of ~0.12% which + (while not zero) is probably sufficient for most users. + + * In addition, we now return a `unix.EAGAIN` error that is bubbled up and can + be detected by callers. This means that callers with stricter requirements + to avoid spurious errors can choose to do their own infinite `EAGAIN` retry + loop (though we would strongly recommend users use time-based deadlines in + such retry loops to avoid potentially unbounded denials-of-service). ## [0.5.0] - 2025-09-26 ## @@ -354,7 +383,8 @@ This is our first release of `github.com/cyphar/filepath-securejoin`, containing a full implementation with a coverage of 93.5% (the only missing cases are the error cases, which are hard to mocktest at the moment). -[Unreleased]: https://github.com/cyphar/filepath-securejoin/compare/v0.5.0...HEAD +[Unreleased 0.5.z]: https://github.com/cyphar/filepath-securejoin/compare/v0.5.1...release-0.5 +[0.5.1]: https://github.com/cyphar/filepath-securejoin/compare/v0.5.0...v0.5.1 [0.5.0]: https://github.com/cyphar/filepath-securejoin/compare/v0.4.1...v0.5.0 [0.4.1]: https://github.com/cyphar/filepath-securejoin/compare/v0.4.0...v0.4.1 [0.4.0]: https://github.com/cyphar/filepath-securejoin/compare/v0.3.6...v0.4.0 diff --git a/vendor/github.com/cyphar/filepath-securejoin/VERSION b/vendor/github.com/cyphar/filepath-securejoin/VERSION index 8f0916f768f..4b9fcbec101 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/VERSION +++ b/vendor/github.com/cyphar/filepath-securejoin/VERSION @@ -1 +1 @@ -0.5.0 +0.5.1 diff --git a/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/errors.go b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/errors_linux.go similarity index 70% rename from vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/errors.go rename to vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/errors_linux.go index c26e440e9e7..d0b200f4f9a 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/errors.go +++ b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/errors_linux.go @@ -1,5 +1,7 @@ // SPDX-License-Identifier: MPL-2.0 +//go:build linux + // Copyright (C) 2024-2025 Aleksa Sarai // Copyright (C) 2024-2025 SUSE LLC // @@ -12,15 +14,24 @@ package internal import ( "errors" + + "golang.org/x/sys/unix" ) +type xdevErrorish struct { + description string +} + +func (err xdevErrorish) Error() string { return err.description } +func (err xdevErrorish) Is(target error) bool { return target == unix.EXDEV } + var ( // ErrPossibleAttack indicates that some attack was detected. - ErrPossibleAttack = errors.New("possible attack detected") + ErrPossibleAttack error = xdevErrorish{"possible attack detected"} // ErrPossibleBreakout indicates that during an operation we ended up in a // state that could be a breakout but we detected it. - ErrPossibleBreakout = errors.New("possible breakout detected") + ErrPossibleBreakout error = xdevErrorish{"possible breakout detected"} // ErrInvalidDirectory indicates an unlinked directory. ErrInvalidDirectory = errors.New("wandered into deleted directory") diff --git a/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/fd/openat2_linux.go b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/fd/openat2_linux.go index 2305308350c..3e937fe3c16 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/fd/openat2_linux.go +++ b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/fd/openat2_linux.go @@ -17,8 +17,6 @@ import ( "runtime" "golang.org/x/sys/unix" - - "github.com/cyphar/filepath-securejoin/pathrs-lite/internal" ) func scopedLookupShouldRetry(how *unix.OpenHow, err error) bool { @@ -34,7 +32,10 @@ func scopedLookupShouldRetry(how *unix.OpenHow, err error) bool { (errors.Is(err, unix.EAGAIN) || errors.Is(err, unix.EXDEV)) } -const scopedLookupMaxRetries = 32 +// This is a fairly arbitrary limit we have just to avoid an attacker being +// able to make us spin in an infinite retry loop -- callers can choose to +// retry on EAGAIN if they prefer. +const scopedLookupMaxRetries = 128 // Openat2 is an [Fd]-based wrapper around unix.Openat2, but with some retry // logic in case of EAGAIN errors. @@ -43,10 +44,10 @@ func Openat2(dir Fd, path string, how *unix.OpenHow) (*os.File, error) { // Make sure we always set O_CLOEXEC. how.Flags |= unix.O_CLOEXEC var tries int - for tries < scopedLookupMaxRetries { + for { fd, err := unix.Openat2(dirFd, path, how) if err != nil { - if scopedLookupShouldRetry(how, err) { + if scopedLookupShouldRetry(how, err) && tries < scopedLookupMaxRetries { // We retry a couple of times to avoid the spurious errors, and // if we are being attacked then returning -EAGAIN is the best // we can do. @@ -58,5 +59,4 @@ func Openat2(dir Fd, path string, how *unix.OpenHow) (*os.File, error) { runtime.KeepAlive(dir) return os.NewFile(uintptr(fd), fullPath), nil } - return nil, &os.PathError{Op: "openat2", Path: fullPath, Err: internal.ErrPossibleAttack} } diff --git a/vendor/modules.txt b/vendor/modules.txt index c0f707f1099..74500d1edc0 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -27,7 +27,7 @@ github.com/coreos/go-systemd/v22/dbus # github.com/cpuguy83/go-md2man/v2 v2.0.7 ## explicit; go 1.12 github.com/cpuguy83/go-md2man/v2/md2man -# github.com/cyphar/filepath-securejoin v0.5.0 +# github.com/cyphar/filepath-securejoin v0.5.1 ## explicit; go 1.18 github.com/cyphar/filepath-securejoin github.com/cyphar/filepath-securejoin/internal/consts From 3f925525b44d247e390e529e772a0dc0c0bc3557 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Wed, 5 Nov 2025 02:04:02 +1100 Subject: [PATCH 1101/1176] rootfs: re-allow dangling symlinks in mount targets It seems there are a fair few images where dangling symlinks are used as path components for mount targets, which pathrs-lite does not support (and it would be difficult to fully support this in a race-free way). This was actually meant to be blocked by commit 63c2908164f3 ("rootfs: try to scope MkdirAll to stay inside the rootfs"), followed by commit dd827f7b715a ("utils: switch to securejoin.MkdirAllHandle"). However, we still used SecureJoin to construct mountpoint targets, which means that dangling symlinks were "resolved" before reaching pathrs-lite. This patch basically re-adds this hack in order to reduce the breakages we've seen so far. Signed-off-by: Aleksa Sarai --- libcontainer/rootfs_linux.go | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index 018fafda554..96607379b68 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -532,6 +532,17 @@ func (m *mountEntry) createOpenMountpoint(rootfs string) (Err error) { dstIsFile = !fi.IsDir() } + // In previous runc versions, we would tolerate nonsense paths with + // dangling symlinks as path components. pathrs-lite does not support + // this, so instead we have to emulate this behaviour by doing + // SecureJoin *purely to get a semi-reasonable path to use* and then we + // use pathrs-lite to operate on the path safely. + newUnsafePath, err := securejoin.SecureJoin(rootfs, unsafePath) + if err != nil { + return err + } + unsafePath = utils.StripRoot(rootfs, newUnsafePath) + if dstIsFile { dstFile, err = pathrs.CreateInRoot(rootfs, unsafePath, unix.O_CREAT|unix.O_EXCL|unix.O_NOFOLLOW, 0o644) } else { From 1b954f1f0676907ed11ad3a1d33ace5c3abdbc5f Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 5 Nov 2025 17:52:47 -0800 Subject: [PATCH 1102/1176] libct: fix mips compilation On MIPS arches, Rdev is uint32 so we have to convert it. Fixes issue 4962. Fixes: 8476df83 ("libct: add/use isDevNull, verifyDevNull") Fixes: de87203e ("console: verify /dev/pts/ptmx before use") Fixes: 398955bc ("console: add fallback for pre-TIOCGPTPEER kernels") Reported-by: Tianon Gravi Signed-off-by: Kir Kolyshkin --- libcontainer/console_linux.go | 10 ++++++---- libcontainer/rootfs_linux.go | 7 ++++--- 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/libcontainer/console_linux.go b/libcontainer/console_linux.go index 6ce171f09e7..4131be4fcca 100644 --- a/libcontainer/console_linux.go +++ b/libcontainer/console_linux.go @@ -33,9 +33,10 @@ func checkPtmxHandle(ptmx *os.File) error { if stat.Ino != PTMX_INO { return fmt.Errorf("ptmx handle has wrong inode number: %v", stat.Ino) } - if stat.Mode&unix.S_IFMT != unix.S_IFCHR || stat.Rdev != unix.Mkdev(PTMX_MAJOR, PTMX_MINOR) { + rdev := uint64(stat.Rdev) //nolint:unconvert // Rdev is uint32 on MIPS. + if stat.Mode&unix.S_IFMT != unix.S_IFCHR || rdev != unix.Mkdev(PTMX_MAJOR, PTMX_MINOR) { return fmt.Errorf("ptmx handle is not a real char ptmx device: ftype %#x %d:%d", - stat.Mode&unix.S_IFMT, unix.Major(stat.Rdev), unix.Minor(stat.Rdev)) + stat.Mode&unix.S_IFMT, unix.Major(rdev), unix.Minor(rdev)) } return nil }) @@ -79,9 +80,10 @@ func getPtyPeer(pty console.Console, unsafePeerPath string, flags int) (*os.File if statfs.Type != unix.DEVPTS_SUPER_MAGIC { return fmt.Errorf("pty peer handle is not on a real devpts mount: super magic is %#x", statfs.Type) } - if stat.Mode&unix.S_IFMT != unix.S_IFCHR || stat.Rdev != wantPeerDev { + rdev := uint64(stat.Rdev) //nolint:unconvert // Rdev is uint32 on MIPS. + if stat.Mode&unix.S_IFMT != unix.S_IFCHR || rdev != wantPeerDev { return fmt.Errorf("pty peer handle is not the real char device for pty %d: ftype %#x %d:%d", - peerNum, stat.Mode&unix.S_IFMT, unix.Major(stat.Rdev), unix.Minor(stat.Rdev)) + peerNum, stat.Mode&unix.S_IFMT, unix.Major(rdev), unix.Minor(rdev)) } return nil }); err != nil { diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index 96607379b68..b4eefd5bd43 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -1044,10 +1044,10 @@ func mknodDevice(destDir *os.File, destName string, node *devices.Device) error node.Type, node.Path, stat.Mode&unix.S_IFMT, fileMode&unix.S_IFMT) } - if stat.Rdev != dev { + if rdev := uint64(stat.Rdev); rdev != dev { //nolint:unconvert // Rdev is uint32 on MIPS. return fmt.Errorf("new %c device inode %s has incorrect major:minor: %d:%d doesn't match expected %d:%d", node.Type, node.Path, - unix.Major(stat.Rdev), unix.Minor(stat.Rdev), + unix.Major(rdev), unix.Minor(rdev), unix.Major(dev), unix.Minor(dev)) } return nil @@ -1318,7 +1318,8 @@ func remountReadonly(m *configs.Mount) error { } func isDevNull(st *unix.Stat_t) bool { - return st.Mode&unix.S_IFMT == unix.S_IFCHR && st.Rdev == unix.Mkdev(1, 3) + //nolint:unconvert // Rdev is uint32 on MIPS. + return st.Mode&unix.S_IFMT == unix.S_IFCHR && uint64(st.Rdev) == unix.Mkdev(1, 3) } func verifyDevNull(f *os.File) error { From 96dfa9de54e834ecc1b0baebe0bddbbccb5eb045 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 5 Nov 2025 19:58:50 -0800 Subject: [PATCH 1103/1176] ci: disable golangci-lint cache This will result in slower runs but we are having issues with golangci-lint (false positives) that are most probably related to caching. Signed-off-by: Kir Kolyshkin --- .github/workflows/validate.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 971705fe050..6d37bb4573d 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -42,6 +42,7 @@ jobs: - uses: golangci/golangci-lint-action@v8 with: version: v2.5 + skip-cache: true # Extra linters, only checking new code from a pull request to main. - name: lint-extra if: github.event_name == 'pull_request' && github.base_ref == 'main' From 49780ce7346c84305a17540308e3369782bc193d Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 5 Nov 2025 20:05:05 -0800 Subject: [PATCH 1104/1176] ci: bump golangci-lint to v2.6 Signed-off-by: Kir Kolyshkin --- .github/workflows/validate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 6d37bb4573d..08cc7cd7805 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -41,7 +41,7 @@ jobs: sudo apt -qy install libseccomp-dev - uses: golangci/golangci-lint-action@v8 with: - version: v2.5 + version: v2.6 skip-cache: true # Extra linters, only checking new code from a pull request to main. - name: lint-extra From 96f1962f9164b476d787663a3617d792a99cf158 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Sat, 8 Nov 2025 02:10:48 +1100 Subject: [PATCH 1105/1176] deps: update to github.com/opencontainers/selinux@v0.13.0 This new version includes the fixes for CVE-2025-52881, so we can remove the internal/third_party copy of the library we added in commit ed6b1693b8b3 ("selinux: use safe procfs API for labels") as well as the "replace" directive in go.mod (which is problematic for "go get" installs). Fixes: ed6b1693b8b3 ("selinux: use safe procfs API for labels") Signed-off-by: Aleksa Sarai --- .github/workflows/validate.yml | 9 +- go.mod | 10 +- go.sum | 11 +- internal/third_party/selinux/.codespellrc | 2 - .../selinux/.github/dependabot.yml | 10 - .../selinux/.github/workflows/validate.yml | 163 -- internal/third_party/selinux/.gitignore | 1 - internal/third_party/selinux/.golangci.yml | 44 - internal/third_party/selinux/CODEOWNERS | 1 - internal/third_party/selinux/CONTRIBUTING.md | 119 -- internal/third_party/selinux/LICENSE | 201 --- internal/third_party/selinux/MAINTAINERS | 5 - internal/third_party/selinux/Makefile | 37 - internal/third_party/selinux/README.md | 23 - .../third_party/selinux/go-selinux/doc.go | 13 - .../selinux/go-selinux/label/label.go | 48 - .../selinux/go-selinux/label/label_linux.go | 136 -- .../go-selinux/label/label_linux_test.go | 130 -- .../selinux/go-selinux/label/label_stub.go | 44 - .../go-selinux/label/label_stub_test.go | 76 - .../selinux/go-selinux/label/label_test.go | 35 - .../third_party/selinux/go-selinux/selinux.go | 322 ---- .../selinux/go-selinux/selinux_linux.go | 1405 ----------------- .../selinux/go-selinux/selinux_linux_test.go | 711 --------- .../selinux/go-selinux/selinux_stub.go | 159 -- .../selinux/go-selinux/selinux_stub_test.go | 127 -- .../selinux/go-selinux/xattrs_linux.go | 71 - internal/third_party/selinux/go.mod | 8 - internal/third_party/selinux/go.sum | 8 - .../third_party/selinux/pkg/pwalk/README.md | 52 - .../third_party/selinux/pkg/pwalk/pwalk.go | 131 -- .../selinux/pkg/pwalk/pwalk_test.go | 236 --- .../selinux/pkg/pwalkdir/README.md | 56 - .../selinux/pkg/pwalkdir/pwalkdir.go | 123 -- .../selinux/pkg/pwalkdir/pwalkdir_test.go | 239 --- vendor/cyphar.com/go-pathrs/.golangci.yml | 43 + vendor/cyphar.com/go-pathrs/COPYING | 373 +++++ vendor/cyphar.com/go-pathrs/doc.go | 14 + vendor/cyphar.com/go-pathrs/handle_linux.go | 114 ++ .../go-pathrs/internal/fdutils/fd_linux.go | 75 + .../internal/libpathrs/error_unix.go | 40 + .../internal/libpathrs/libpathrs_linux.go | 337 ++++ .../go-pathrs/procfs/procfs_linux.go | 246 +++ vendor/cyphar.com/go-pathrs/root_linux.go | 367 +++++ vendor/cyphar.com/go-pathrs/utils_linux.go | 56 + .../cyphar/filepath-securejoin/.golangci.yml | 4 + .../cyphar/filepath-securejoin/CHANGELOG.md | 62 +- .../cyphar/filepath-securejoin/VERSION | 2 +- .../filepath-securejoin/deprecated_linux.go | 48 - .../filepath-securejoin/pathrs-lite/README.md | 12 +- .../filepath-securejoin/pathrs-lite/doc.go | 2 + .../pathrs-lite/internal/gopathrs/doc.go | 16 + .../{ => internal/gopathrs}/lookup_linux.go | 6 +- .../{ => internal/gopathrs}/mkdir_linux.go | 54 +- .../internal/gopathrs/open_linux.go | 26 + .../{ => internal/gopathrs}/openat2_linux.go | 2 +- .../filepath-securejoin/pathrs-lite/mkdir.go | 55 + .../pathrs-lite/mkdir_libpathrs.go | 52 + .../pathrs-lite/mkdir_purego.go | 42 + .../pathrs-lite/{open_linux.go => open.go} | 29 - .../pathrs-lite/open_libpathrs.go | 57 + .../pathrs-lite/open_purego.go | 42 + .../pathrs-lite/procfs/procfs_libpathrs.go | 161 ++ .../{procfs_linux.go => procfs_purego.go} | 2 +- .../selinux/go-selinux/selinux_linux.go | 28 +- .../selinux/go-selinux/selinux_stub.go | 4 - vendor/modules.txt | 12 +- 67 files changed, 2240 insertions(+), 4909 deletions(-) delete mode 100644 internal/third_party/selinux/.codespellrc delete mode 100644 internal/third_party/selinux/.github/dependabot.yml delete mode 100644 internal/third_party/selinux/.github/workflows/validate.yml delete mode 100644 internal/third_party/selinux/.gitignore delete mode 100644 internal/third_party/selinux/.golangci.yml delete mode 100644 internal/third_party/selinux/CODEOWNERS delete mode 100644 internal/third_party/selinux/CONTRIBUTING.md delete mode 100644 internal/third_party/selinux/LICENSE delete mode 100644 internal/third_party/selinux/MAINTAINERS delete mode 100644 internal/third_party/selinux/Makefile delete mode 100644 internal/third_party/selinux/README.md delete mode 100644 internal/third_party/selinux/go-selinux/doc.go delete mode 100644 internal/third_party/selinux/go-selinux/label/label.go delete mode 100644 internal/third_party/selinux/go-selinux/label/label_linux.go delete mode 100644 internal/third_party/selinux/go-selinux/label/label_linux_test.go delete mode 100644 internal/third_party/selinux/go-selinux/label/label_stub.go delete mode 100644 internal/third_party/selinux/go-selinux/label/label_stub_test.go delete mode 100644 internal/third_party/selinux/go-selinux/label/label_test.go delete mode 100644 internal/third_party/selinux/go-selinux/selinux.go delete mode 100644 internal/third_party/selinux/go-selinux/selinux_linux.go delete mode 100644 internal/third_party/selinux/go-selinux/selinux_linux_test.go delete mode 100644 internal/third_party/selinux/go-selinux/selinux_stub.go delete mode 100644 internal/third_party/selinux/go-selinux/selinux_stub_test.go delete mode 100644 internal/third_party/selinux/go-selinux/xattrs_linux.go delete mode 100644 internal/third_party/selinux/go.mod delete mode 100644 internal/third_party/selinux/go.sum delete mode 100644 internal/third_party/selinux/pkg/pwalk/README.md delete mode 100644 internal/third_party/selinux/pkg/pwalk/pwalk.go delete mode 100644 internal/third_party/selinux/pkg/pwalk/pwalk_test.go delete mode 100644 internal/third_party/selinux/pkg/pwalkdir/README.md delete mode 100644 internal/third_party/selinux/pkg/pwalkdir/pwalkdir.go delete mode 100644 internal/third_party/selinux/pkg/pwalkdir/pwalkdir_test.go create mode 100644 vendor/cyphar.com/go-pathrs/.golangci.yml create mode 100644 vendor/cyphar.com/go-pathrs/COPYING create mode 100644 vendor/cyphar.com/go-pathrs/doc.go create mode 100644 vendor/cyphar.com/go-pathrs/handle_linux.go create mode 100644 vendor/cyphar.com/go-pathrs/internal/fdutils/fd_linux.go create mode 100644 vendor/cyphar.com/go-pathrs/internal/libpathrs/error_unix.go create mode 100644 vendor/cyphar.com/go-pathrs/internal/libpathrs/libpathrs_linux.go create mode 100644 vendor/cyphar.com/go-pathrs/procfs/procfs_linux.go create mode 100644 vendor/cyphar.com/go-pathrs/root_linux.go create mode 100644 vendor/cyphar.com/go-pathrs/utils_linux.go delete mode 100644 vendor/github.com/cyphar/filepath-securejoin/deprecated_linux.go create mode 100644 vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gopathrs/doc.go rename vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/{ => internal/gopathrs}/lookup_linux.go (98%) rename vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/{ => internal/gopathrs}/mkdir_linux.go (81%) create mode 100644 vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gopathrs/open_linux.go rename vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/{ => internal/gopathrs}/openat2_linux.go (99%) create mode 100644 vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/mkdir.go create mode 100644 vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/mkdir_libpathrs.go create mode 100644 vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/mkdir_purego.go rename vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/{open_linux.go => open.go} (57%) create mode 100644 vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/open_libpathrs.go create mode 100644 vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/open_purego.go create mode 100644 vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/procfs/procfs_libpathrs.go rename vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/procfs/{procfs_linux.go => procfs_purego.go} (99%) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 08cc7cd7805..d61fbdf27cd 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -153,12 +153,9 @@ jobs: - name: no toolchain in go.mod # See https://github.com/opencontainers/runc/pull/4717, https://github.com/dependabot/dependabot-core/issues/11933. run: | if grep -q '^toolchain ' go.mod; then echo "Error: go.mod must not have toolchain directive, please fix"; exit 1; fi - # FIXME: This check needed to be disabled for the go-selinux patch addded - # when patching CVE-2025-52881. This needs to be removed as soon as - # the embargo is lifted, along with the replace directive in go.mod. - #- name: no exclude nor replace in go.mod - # run: | - # if grep -Eq '^\s*(exclude|replace) ' go.mod; then echo "Error: go.mod must not have exclude/replace directive, it breaks go install. Please fix"; exit 1; fi + - name: no exclude nor replace in go.mod + run: | + if grep -Eq '^\s*(exclude|replace) ' go.mod; then echo "Error: go.mod must not have exclude/replace directive, it breaks go install. Please fix"; exit 1; fi commit: diff --git a/go.mod b/go.mod index dab09f0090c..678085648e4 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( github.com/checkpoint-restore/go-criu/v7 v7.2.0 github.com/containerd/console v1.0.5 github.com/coreos/go-systemd/v22 v22.6.0 - github.com/cyphar/filepath-securejoin v0.5.1 + github.com/cyphar/filepath-securejoin v0.6.0 github.com/docker/go-units v0.5.0 github.com/godbus/dbus/v5 v5.1.0 github.com/moby/sys/capability v0.4.0 @@ -16,7 +16,7 @@ require ( github.com/mrunalp/fileutils v0.5.1 github.com/opencontainers/cgroups v0.0.5 github.com/opencontainers/runtime-spec v1.2.2-0.20250818071321-383cadbf08c0 - github.com/opencontainers/selinux v1.12.0 + github.com/opencontainers/selinux v1.13.0 github.com/seccomp/libseccomp-golang v0.11.1 github.com/sirupsen/logrus v1.9.3 github.com/urfave/cli v1.22.17 @@ -28,12 +28,8 @@ require ( ) require ( + cyphar.com/go-pathrs v0.2.1 // indirect github.com/cilium/ebpf v0.17.3 // indirect github.com/cpuguy83/go-md2man/v2 v2.0.7 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect ) - -// FIXME: This is only intended as a short-term solution to include a patch for -// CVE-2025-52881 in go-selinux without pushing the patches upstream. This -// should be removed as soon as possible after the embargo is lifted. -replace github.com/opencontainers/selinux => ./internal/third_party/selinux diff --git a/go.sum b/go.sum index 28fe8a2caa6..1503aa3ed6b 100644 --- a/go.sum +++ b/go.sum @@ -1,3 +1,5 @@ +cyphar.com/go-pathrs v0.2.1 h1:9nx1vOgwVvX1mNBWDu93+vaceedpbsDqo+XuBGL40b8= +cyphar.com/go-pathrs v0.2.1/go.mod h1:y8f1EMG7r+hCuFf/rXsKqMJrJAUoADZGNh5/vZPKcGc= github.com/BurntSushi/toml v1.5.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= github.com/checkpoint-restore/go-criu/v7 v7.2.0 h1:qGiWA4App1gGlEfIJ68WR9jbezV9J7yZdjzglezcqKo= github.com/checkpoint-restore/go-criu/v7 v7.2.0/go.mod h1:u0LCWLg0w4yqqu14aXhiB4YD3a1qd8EcCEg7vda5dwo= @@ -9,8 +11,8 @@ github.com/coreos/go-systemd/v22 v22.6.0 h1:aGVa/v8B7hpb0TKl0MWoAavPDmHvobFe5R5z github.com/coreos/go-systemd/v22 v22.6.0/go.mod h1:iG+pp635Fo7ZmV/j14KUcmEyWF+0X7Lua8rrTWzYgWU= github.com/cpuguy83/go-md2man/v2 v2.0.7 h1:zbFlGlXEAKlwXpmvle3d8Oe3YnkKIK4xSRTd3sHPnBo= github.com/cpuguy83/go-md2man/v2 v2.0.7/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g= -github.com/cyphar/filepath-securejoin v0.5.1 h1:eYgfMq5yryL4fbWfkLpFFy2ukSELzaJOTaUTuh+oF48= -github.com/cyphar/filepath-securejoin v0.5.1/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI= +github.com/cyphar/filepath-securejoin v0.6.0 h1:BtGB77njd6SVO6VztOHfPxKitJvd/VPT+OFBFMOi1Is= +github.com/cyphar/filepath-securejoin v0.6.0/go.mod h1:A8hd4EnAeyujCJRrICiOWqjS1AX0a9kM5XL+NwKoYSc= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -48,6 +50,8 @@ github.com/opencontainers/cgroups v0.0.5 h1:DRITAqcOnY0uSBzIpt1RYWLjh5DPDiqUs4fY github.com/opencontainers/cgroups v0.0.5/go.mod h1:oWVzJsKK0gG9SCRBfTpnn16WcGEqDI8PAcpMGbqWxcs= github.com/opencontainers/runtime-spec v1.2.2-0.20250818071321-383cadbf08c0 h1:RLn0YfUWkiqPGtgUANvJrcjIkCHGRl3jcz/c557M28M= github.com/opencontainers/runtime-spec v1.2.2-0.20250818071321-383cadbf08c0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= +github.com/opencontainers/selinux v1.13.0 h1:Zza88GWezyT7RLql12URvoxsbLfjFx988+LGaWfbL84= +github.com/opencontainers/selinux v1.13.0/go.mod h1:XxWTed+A/s5NNq4GmYScVy+9jzXhGBVEOAyucdRUY8s= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= @@ -66,8 +70,9 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= -github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U= +github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U= github.com/urfave/cli v1.22.17 h1:SYzXoiPfQjHBbkYxbew5prZHS1TOLT3ierW8SYLqtVQ= github.com/urfave/cli v1.22.17/go.mod h1:b0ht0aqgH/6pBYzzxURyrM4xXNgsoT/n2ZzwQiEhNVo= github.com/vishvananda/netlink v1.3.1 h1:3AEMt62VKqz90r0tmNhog0r/PpWKmrEShJU0wJW6bV0= diff --git a/internal/third_party/selinux/.codespellrc b/internal/third_party/selinux/.codespellrc deleted file mode 100644 index 8f0866a3e67..00000000000 --- a/internal/third_party/selinux/.codespellrc +++ /dev/null @@ -1,2 +0,0 @@ -[codespell] -skip = ./.git,./go.sum,./go-selinux/testdata diff --git a/internal/third_party/selinux/.github/dependabot.yml b/internal/third_party/selinux/.github/dependabot.yml deleted file mode 100644 index b534a2b9ff0..00000000000 --- a/internal/third_party/selinux/.github/dependabot.yml +++ /dev/null @@ -1,10 +0,0 @@ -# Please see the documentation for all configuration options: -# https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file - -version: 2 -updates: - # Dependencies listed in .github/workflows/*.yml - - package-ecosystem: "github-actions" - directory: "/" - schedule: - interval: "daily" diff --git a/internal/third_party/selinux/.github/workflows/validate.yml b/internal/third_party/selinux/.github/workflows/validate.yml deleted file mode 100644 index fab1cb49422..00000000000 --- a/internal/third_party/selinux/.github/workflows/validate.yml +++ /dev/null @@ -1,163 +0,0 @@ -name: validate -on: - push: - tags: - - v* - branches: - - master - pull_request: - -jobs: - - commit: - runs-on: ubuntu-24.04 - # Only check commits on pull requests. - if: github.event_name == 'pull_request' - steps: - - name: get pr commits - id: 'get-pr-commits' - uses: tim-actions/get-pr-commits@v1.3.1 - with: - token: ${{ secrets.GITHUB_TOKEN }} - - - name: check subject line length - uses: tim-actions/commit-message-checker-with-regex@v0.3.2 - with: - commits: ${{ steps.get-pr-commits.outputs.commits }} - pattern: '^.{0,72}(\n.*)*$' - error: 'Subject too long (max 72)' - - lint: - runs-on: ubuntu-24.04 - steps: - - uses: actions/checkout@v5 - - uses: actions/setup-go@v6 - with: - go-version: 1.24.x - - uses: golangci/golangci-lint-action@v7 - with: - version: v2.0 - - codespell: - runs-on: ubuntu-24.04 - steps: - - uses: actions/checkout@v5 - - name: install deps - # Version of codespell bundled with Ubuntu is way old, so use pip. - run: pip install codespell - - name: run codespell - run: codespell - - cross: - runs-on: ubuntu-24.04 - steps: - - uses: actions/checkout@v5 - - name: cross - run: make build-cross - - test-stubs: - runs-on: macos-latest - steps: - - uses: actions/checkout@v5 - - uses: actions/setup-go@v6 - with: - go-version: 1.24.x - - uses: golangci/golangci-lint-action@v7 - with: - version: v2.0 - - name: test-stubs - run: make test - - test: - strategy: - fail-fast: false - matrix: - go-version: [1.19.x, 1.23.x, 1.24.x] - race: ["-race", ""] - runs-on: ubuntu-24.04 - steps: - - uses: actions/checkout@v5 - - - name: install go ${{ matrix.go-version }} - uses: actions/setup-go@v6 - with: - go-version: ${{ matrix.go-version }} - - - name: build - run: make BUILDFLAGS="${{ matrix.race }}" build - - - name: test - run: make TESTFLAGS="${{ matrix.race }}" test - - vm: - name: "VM" - strategy: - fail-fast: false - matrix: - template: - - template://almalinux-8 - - template://centos-stream-9 - - template://fedora - - template://experimental/opensuse-tumbleweed - runs-on: ubuntu-24.04 - steps: - - uses: actions/checkout@v5 - - - name: "Install Lima" - uses: lima-vm/lima-actions/setup@v1 - id: lima-actions-setup - - - name: "Cache ~/.cache/lima" - uses: actions/cache@v4 - with: - path: ~/.cache/lima - key: lima-${{ steps.lima-actions-setup.outputs.version }}-${{ matrix.template }} - - - name: "Start VM" - # --plain is set to disable file sharing, port forwarding, built-in containerd, etc. for faster start up - run: limactl start --plain --name=default ${{ matrix.template }} - - - name: "Initialize VM" - run: | - set -eux -o pipefail - # Sync the current directory to /tmp/selinux in the guest - limactl cp -r . default:/tmp/selinux - # Install packages - if lima command -v dnf >/dev/null; then - lima sudo dnf install --setopt=install_weak_deps=false --setopt=tsflags=nodocs -y git-core make golang - elif lima command -v zypper >/dev/null; then - lima sudo zypper install -y git make go - else - echo >&2 "Unsupported distribution" - exit 1 - fi - - - name: "make test" - continue-on-error: true - run: lima make -C /tmp/selinux test - - - name: "32-bit test" - continue-on-error: true - run: lima make -C /tmp/selinux GOARCH=386 test - - # https://github.com/opencontainers/selinux/issues/222 - # https://github.com/opencontainers/selinux/issues/225 - - name: "racy test" - continue-on-error: true - run: lima bash -c 'cd /tmp/selinux && go test -timeout 10m -count 100000 ./go-selinux' - - - name: "Show AVC denials" - run: lima sudo ausearch -m AVC,USER_AVC || true - - all-done: - needs: - - commit - - lint - - codespell - - cross - - test-stubs - - test - - vm - runs-on: ubuntu-24.04 - steps: - - run: echo "All jobs completed" diff --git a/internal/third_party/selinux/.gitignore b/internal/third_party/selinux/.gitignore deleted file mode 100644 index 378eac25d31..00000000000 --- a/internal/third_party/selinux/.gitignore +++ /dev/null @@ -1 +0,0 @@ -build diff --git a/internal/third_party/selinux/.golangci.yml b/internal/third_party/selinux/.golangci.yml deleted file mode 100644 index b1b98925140..00000000000 --- a/internal/third_party/selinux/.golangci.yml +++ /dev/null @@ -1,44 +0,0 @@ -version: "2" - -formatters: - enable: - - gofumpt - -linters: - enable: - # - copyloopvar # Detects places where loop variables are copied. TODO enable for Go 1.22+ - - dupword # Detects duplicate words. - - errorlint # Detects code that may cause problems with Go 1.13 error wrapping. - - gocritic # Metalinter; detects bugs, performance, and styling issues. - - gosec # Detects security problems. - - misspell # Detects commonly misspelled English words in comments. - - nilerr # Detects code that returns nil even if it checks that the error is not nil. - - nolintlint # Detects ill-formed or insufficient nolint directives. - - prealloc # Detects slice declarations that could potentially be pre-allocated. - - predeclared # Detects code that shadows one of Go's predeclared identifiers - - revive # Metalinter; drop-in replacement for golint. - - thelper # Detects test helpers without t.Helper(). - - tparallel # Detects inappropriate usage of t.Parallel(). - - unconvert # Detects unnecessary type conversions. - - usetesting # Reports uses of functions with replacement inside the testing package. - settings: - govet: - enable-all: true - settings: - shadow: - strict: true - exclusions: - generated: strict - presets: - - comments - - common-false-positives - - legacy - - std-error-handling - rules: - - linters: - - govet - text: '^shadow: declaration of "err" shadows declaration' - -issues: - max-issues-per-linter: 0 - max-same-issues: 0 diff --git a/internal/third_party/selinux/CODEOWNERS b/internal/third_party/selinux/CODEOWNERS deleted file mode 100644 index 14392178a11..00000000000 --- a/internal/third_party/selinux/CODEOWNERS +++ /dev/null @@ -1 +0,0 @@ -* @kolyshkin @mrunalp @rhatdan @runcom @thajeztah diff --git a/internal/third_party/selinux/CONTRIBUTING.md b/internal/third_party/selinux/CONTRIBUTING.md deleted file mode 100644 index dc3ff6a516e..00000000000 --- a/internal/third_party/selinux/CONTRIBUTING.md +++ /dev/null @@ -1,119 +0,0 @@ -## Contribution Guidelines - -### Security issues - -If you are reporting a security issue, do not create an issue or file a pull -request on GitHub. Instead, disclose the issue responsibly by sending an email -to security@opencontainers.org (which is inhabited only by the maintainers of -the various OCI projects). - -### Pull requests are always welcome - -We are always thrilled to receive pull requests, and do our best to -process them as fast as possible. Not sure if that typo is worth a pull -request? Do it! We will appreciate it. - -If your pull request is not accepted on the first try, don't be -discouraged! If there's a problem with the implementation, hopefully you -received feedback on what to improve. - -We're trying very hard to keep the project lean and focused. We don't want it -to do everything for everybody. This means that we might decide against -incorporating a new feature. - - -### Conventions - -Fork the repo and make changes on your fork in a feature branch. -For larger bugs and enhancements, consider filing a leader issue or mailing-list thread for discussion that is independent of the implementation. -Small changes or changes that have been discussed on the project mailing list may be submitted without a leader issue. - -If the project has a test suite, submit unit tests for your changes. Take a -look at existing tests for inspiration. Run the full test suite on your branch -before submitting a pull request. - -Update the documentation when creating or modifying features. Test -your documentation changes for clarity, concision, and correctness, as -well as a clean documentation build. See ``docs/README.md`` for more -information on building the docs and how docs get released. - -Write clean code. Universally formatted code promotes ease of writing, reading, -and maintenance. Always run `gofmt -s -w file.go` on each changed file before -committing your changes. Most editors have plugins that do this automatically. - -Pull requests descriptions should be as clear as possible and include a -reference to all the issues that they address. - -Commit messages must start with a capitalized and short summary -written in the imperative, followed by an optional, more detailed -explanatory text which is separated from the summary by an empty line. - -Code review comments may be added to your pull request. Discuss, then make the -suggested modifications and push additional commits to your feature branch. Be -sure to post a comment after pushing. The new commits will show up in the pull -request automatically, but the reviewers will not be notified unless you -comment. - -Before the pull request is merged, make sure that you squash your commits into -logical units of work using `git rebase -i` and `git push -f`. After every -commit the test suite (if any) should be passing. Include documentation changes -in the same commit so that a revert would remove all traces of the feature or -fix. - -Commits that fix or close an issue should include a reference like `Closes #XXX` -or `Fixes #XXX`, which will automatically close the issue when merged. - -### Sign your work - -The sign-off is a simple line at the end of the explanation for the -patch, which certifies that you wrote it or otherwise have the right to -pass it on as an open-source patch. The rules are pretty simple: if you -can certify the below (from -[developercertificate.org](http://developercertificate.org/)): - -``` -Developer Certificate of Origin -Version 1.1 - -Copyright (C) 2004, 2006 The Linux Foundation and its contributors. -660 York Street, Suite 102, -San Francisco, CA 94110 USA - -Everyone is permitted to copy and distribute verbatim copies of this -license document, but changing it is not allowed. - - -Developer's Certificate of Origin 1.1 - -By making a contribution to this project, I certify that: - -(a) The contribution was created in whole or in part by me and I - have the right to submit it under the open source license - indicated in the file; or - -(b) The contribution is based upon previous work that, to the best - of my knowledge, is covered under an appropriate open source - license and I have the right under that license to submit that - work with modifications, whether created in whole or in part - by me, under the same open source license (unless I am - permitted to submit under a different license), as indicated - in the file; or - -(c) The contribution was provided directly to me by some other - person who certified (a), (b) or (c) and I have not modified - it. - -(d) I understand and agree that this project and the contribution - are public and that a record of the contribution (including all - personal information I submit with it, including my sign-off) is - maintained indefinitely and may be redistributed consistent with - this project or the open source license(s) involved. -``` - -then you just add a line to every git commit message: - - Signed-off-by: Joe Smith - -using your real name (sorry, no pseudonyms or anonymous contributions.) - -You can add the sign off when creating the git commit via `git commit -s`. diff --git a/internal/third_party/selinux/LICENSE b/internal/third_party/selinux/LICENSE deleted file mode 100644 index 8dada3edaf5..00000000000 --- a/internal/third_party/selinux/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "{}" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright {yyyy} {name of copyright owner} - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/internal/third_party/selinux/MAINTAINERS b/internal/third_party/selinux/MAINTAINERS deleted file mode 100644 index 748c18b4cd3..00000000000 --- a/internal/third_party/selinux/MAINTAINERS +++ /dev/null @@ -1,5 +0,0 @@ -Antonio Murdaca (@runcom) -Daniel J Walsh (@rhatdan) -Mrunal Patel (@mrunalp) -Sebastiaan van Stijn (@thaJeztah) -Kirill Kolyshikin (@kolyshkin) diff --git a/internal/third_party/selinux/Makefile b/internal/third_party/selinux/Makefile deleted file mode 100644 index f7b9c3dac56..00000000000 --- a/internal/third_party/selinux/Makefile +++ /dev/null @@ -1,37 +0,0 @@ -GO ?= go - -all: build build-cross - -define go-build - GOOS=$(1) GOARCH=$(2) $(GO) build ${BUILDFLAGS} ./... -endef - -.PHONY: build -build: - $(call go-build,linux,amd64) - -.PHONY: build-cross -build-cross: - $(call go-build,linux,386) - $(call go-build,linux,arm) - $(call go-build,linux,arm64) - $(call go-build,linux,ppc64le) - $(call go-build,linux,s390x) - $(call go-build,linux,mips64le) - $(call go-build,linux,riscv64) - $(call go-build,windows,amd64) - $(call go-build,windows,386) - - -.PHONY: test -test: - $(GO) test -timeout 3m ${TESTFLAGS} -v ./... - -.PHONY: lint -lint: - golangci-lint run - -.PHONY: vendor -vendor: - $(GO) mod tidy - $(GO) mod verify diff --git a/internal/third_party/selinux/README.md b/internal/third_party/selinux/README.md deleted file mode 100644 index cd6a60f805d..00000000000 --- a/internal/third_party/selinux/README.md +++ /dev/null @@ -1,23 +0,0 @@ -# selinux - -[![GoDoc](https://godoc.org/github.com/opencontainers/selinux?status.svg)](https://godoc.org/github.com/opencontainers/selinux) [![Go Report Card](https://goreportcard.com/badge/github.com/opencontainers/selinux)](https://goreportcard.com/report/github.com/opencontainers/selinux) [![Build Status](https://travis-ci.org/opencontainers/selinux.svg?branch=master)](https://travis-ci.org/opencontainers/selinux) - -Common SELinux package used across the container ecosystem. - -## Usage - -Prior to v1.8.0, the `selinux` build tag had to be used to enable selinux functionality for compiling consumers of this project. -Starting with v1.8.0, the `selinux` build tag is no longer needed. - -For complete documentation, see [godoc](https://godoc.org/github.com/opencontainers/selinux). - -## Code of Conduct - -Participation in the OpenContainers community is governed by [OpenContainer's Code of Conduct][code-of-conduct]. - -## Security - -If you find an issue, please follow the [security][security] protocol to report it. - -[security]: https://github.com/opencontainers/org/blob/master/SECURITY.md -[code-of-conduct]: https://github.com/opencontainers/org/blob/master/CODE_OF_CONDUCT.md diff --git a/internal/third_party/selinux/go-selinux/doc.go b/internal/third_party/selinux/go-selinux/doc.go deleted file mode 100644 index 57a15c9a11e..00000000000 --- a/internal/third_party/selinux/go-selinux/doc.go +++ /dev/null @@ -1,13 +0,0 @@ -/* -Package selinux provides a high-level interface for interacting with selinux. - -Usage: - - import "github.com/opencontainers/selinux/go-selinux" - - // Ensure that selinux is enforcing mode. - if selinux.EnforceMode() != selinux.Enforcing { - selinux.SetEnforceMode(selinux.Enforcing) - } -*/ -package selinux diff --git a/internal/third_party/selinux/go-selinux/label/label.go b/internal/third_party/selinux/go-selinux/label/label.go deleted file mode 100644 index 884a8b80593..00000000000 --- a/internal/third_party/selinux/go-selinux/label/label.go +++ /dev/null @@ -1,48 +0,0 @@ -package label - -import ( - "fmt" - - "github.com/opencontainers/selinux/go-selinux" -) - -// Init initialises the labeling system -func Init() { - _ = selinux.GetEnabled() -} - -// FormatMountLabel returns a string to be used by the mount command. Using -// the SELinux `context` mount option. Changing labels of files on mount -// points with this option can never be changed. -// FormatMountLabel returns a string to be used by the mount command. -// The format of this string will be used to alter the labeling of the mountpoint. -// The string returned is suitable to be used as the options field of the mount command. -// If you need to have additional mount point options, you can pass them in as -// the first parameter. Second parameter is the label that you wish to apply -// to all content in the mount point. -func FormatMountLabel(src, mountLabel string) string { - return FormatMountLabelByType(src, mountLabel, "context") -} - -// FormatMountLabelByType returns a string to be used by the mount command. -// Allow caller to specify the mount options. For example using the SELinux -// `fscontext` mount option would allow certain container processes to change -// labels of files created on the mount points, where as `context` option does -// not. -// FormatMountLabelByType returns a string to be used by the mount command. -// The format of this string will be used to alter the labeling of the mountpoint. -// The string returned is suitable to be used as the options field of the mount command. -// If you need to have additional mount point options, you can pass them in as -// the first parameter. Second parameter is the label that you wish to apply -// to all content in the mount point. -func FormatMountLabelByType(src, mountLabel, contextType string) string { - if mountLabel != "" { - switch src { - case "": - src = fmt.Sprintf("%s=%q", contextType, mountLabel) - default: - src = fmt.Sprintf("%s,%s=%q", src, contextType, mountLabel) - } - } - return src -} diff --git a/internal/third_party/selinux/go-selinux/label/label_linux.go b/internal/third_party/selinux/go-selinux/label/label_linux.go deleted file mode 100644 index 95f29e21f4e..00000000000 --- a/internal/third_party/selinux/go-selinux/label/label_linux.go +++ /dev/null @@ -1,136 +0,0 @@ -package label - -import ( - "errors" - "fmt" - "strings" - - "github.com/opencontainers/selinux/go-selinux" -) - -// Valid Label Options -var validOptions = map[string]bool{ - "disable": true, - "type": true, - "filetype": true, - "user": true, - "role": true, - "level": true, -} - -var ErrIncompatibleLabel = errors.New("bad SELinux option: z and Z can not be used together") - -// InitLabels returns the process label and file labels to be used within -// the container. A list of options can be passed into this function to alter -// the labels. The labels returned will include a random MCS String, that is -// guaranteed to be unique. -// If the disabled flag is passed in, the process label will not be set, but the mount label will be set -// to the container_file label with the maximum category. This label is not usable by any confined label. -func InitLabels(options []string) (plabel string, mlabel string, retErr error) { - if !selinux.GetEnabled() { - return "", "", nil - } - processLabel, mountLabel := selinux.ContainerLabels() - if processLabel != "" { - defer func() { - if retErr != nil { - selinux.ReleaseLabel(mountLabel) - } - }() - pcon, err := selinux.NewContext(processLabel) - if err != nil { - return "", "", err - } - mcsLevel := pcon["level"] - mcon, err := selinux.NewContext(mountLabel) - if err != nil { - return "", "", err - } - for _, opt := range options { - if opt == "disable" { - selinux.ReleaseLabel(mountLabel) - return "", selinux.PrivContainerMountLabel(), nil - } - if i := strings.Index(opt, ":"); i == -1 { - return "", "", fmt.Errorf("bad label option %q, valid options 'disable' or \n'user, role, level, type, filetype' followed by ':' and a value", opt) - } - con := strings.SplitN(opt, ":", 2) - if !validOptions[con[0]] { - return "", "", fmt.Errorf("bad label option %q, valid options 'disable, user, role, level, type, filetype'", con[0]) - } - if con[0] == "filetype" { - mcon["type"] = con[1] - continue - } - pcon[con[0]] = con[1] - if con[0] == "level" || con[0] == "user" { - mcon[con[0]] = con[1] - } - } - if pcon.Get() != processLabel { - if pcon["level"] != mcsLevel { - selinux.ReleaseLabel(processLabel) - } - processLabel = pcon.Get() - selinux.ReserveLabel(processLabel) - } - mountLabel = mcon.Get() - } - return processLabel, mountLabel, nil -} - -// SetFileLabel modifies the "path" label to the specified file label -func SetFileLabel(path string, fileLabel string) error { - if !selinux.GetEnabled() || fileLabel == "" { - return nil - } - return selinux.SetFileLabel(path, fileLabel) -} - -// SetFileCreateLabel tells the kernel the label for all files to be created -func SetFileCreateLabel(fileLabel string) error { - if !selinux.GetEnabled() { - return nil - } - return selinux.SetFSCreateLabel(fileLabel) -} - -// Relabel changes the label of path and all the entries beneath the path. -// It changes the MCS label to s0 if shared is true. -// This will allow all containers to share the content. -// -// The path itself is guaranteed to be relabeled last. -func Relabel(path string, fileLabel string, shared bool) error { - if !selinux.GetEnabled() || fileLabel == "" { - return nil - } - - if shared { - c, err := selinux.NewContext(fileLabel) - if err != nil { - return err - } - - c["level"] = "s0" - fileLabel = c.Get() - } - return selinux.Chcon(path, fileLabel, true) -} - -// Validate checks that the label does not include unexpected options -func Validate(label string) error { - if strings.Contains(label, "z") && strings.Contains(label, "Z") { - return ErrIncompatibleLabel - } - return nil -} - -// RelabelNeeded checks whether the user requested a relabel -func RelabelNeeded(label string) bool { - return strings.Contains(label, "z") || strings.Contains(label, "Z") -} - -// IsShared checks that the label includes a "shared" mark -func IsShared(label string) bool { - return strings.Contains(label, "z") -} diff --git a/internal/third_party/selinux/go-selinux/label/label_linux_test.go b/internal/third_party/selinux/go-selinux/label/label_linux_test.go deleted file mode 100644 index e25ead7951b..00000000000 --- a/internal/third_party/selinux/go-selinux/label/label_linux_test.go +++ /dev/null @@ -1,130 +0,0 @@ -package label - -import ( - "errors" - "os" - "testing" - - "github.com/opencontainers/selinux/go-selinux" -) - -func needSELinux(t *testing.T) { - t.Helper() - if !selinux.GetEnabled() { - t.Skip("SELinux not enabled, skipping.") - } -} - -func TestInit(t *testing.T) { - needSELinux(t) - - var testNull []string - _, _, err := InitLabels(testNull) - if err != nil { - t.Fatalf("InitLabels failed: %v:", err) - } - testDisabled := []string{"disable"} - if selinux.ROFileLabel() == "" { - t.Fatal("selinux.ROFileLabel: empty") - } - plabel, mlabel, err := InitLabels(testDisabled) - if err != nil { - t.Fatalf("InitLabels(disabled) failed: %v", err) - } - if plabel != "" { - t.Fatalf("InitLabels(disabled): %q not empty", plabel) - } - if mlabel != "system_u:object_r:container_file_t:s0:c1022,c1023" { - t.Fatalf("InitLabels Disabled mlabel Failed, %s", mlabel) - } - - testUser := []string{"user:user_u", "role:user_r", "type:user_t", "level:s0:c1,c15"} - plabel, mlabel, err = InitLabels(testUser) - if err != nil { - t.Fatalf("InitLabels(user) failed: %v", err) - } - if plabel != "user_u:user_r:user_t:s0:c1,c15" || (mlabel != "user_u:object_r:container_file_t:s0:c1,c15" && mlabel != "user_u:object_r:svirt_sandbox_file_t:s0:c1,c15") { - t.Fatalf("InitLabels(user) failed (plabel=%q, mlabel=%q)", plabel, mlabel) - } - - testBadData := []string{"user", "role:user_r", "type:user_t", "level:s0:c1,c15"} - if _, _, err = InitLabels(testBadData); err == nil { - t.Fatal("InitLabels(bad): expected error, got nil") - } -} - -func TestRelabel(t *testing.T) { - needSELinux(t) - - testdir := t.TempDir() - label := "system_u:object_r:container_file_t:s0:c1,c2" - if err := Relabel(testdir, "", true); err != nil { - t.Fatalf("Relabel with no label failed: %v", err) - } - if err := Relabel(testdir, label, true); err != nil { - t.Fatalf("Relabel shared failed: %v", err) - } - if err := Relabel(testdir, label, false); err != nil { - t.Fatalf("Relabel unshared failed: %v", err) - } - if err := Relabel("/etc", label, false); err == nil { - t.Fatalf("Relabel /etc succeeded") - } - if err := Relabel("/", label, false); err == nil { - t.Fatalf("Relabel / succeeded") - } - if err := Relabel("/usr", label, false); err == nil { - t.Fatalf("Relabel /usr succeeded") - } - if err := Relabel("/usr/", label, false); err == nil { - t.Fatalf("Relabel /usr/ succeeded") - } - if err := Relabel("/etc/passwd", label, false); err == nil { - t.Fatalf("Relabel /etc/passwd succeeded") - } - if home := os.Getenv("HOME"); home != "" { - if err := Relabel(home, label, false); err == nil { - t.Fatalf("Relabel %s succeeded", home) - } - } -} - -func TestValidate(t *testing.T) { - if err := Validate("zZ"); !errors.Is(err, ErrIncompatibleLabel) { - t.Fatalf("Expected incompatible error, got %v", err) - } - if err := Validate("Z"); err != nil { - t.Fatal(err) - } - if err := Validate("z"); err != nil { - t.Fatal(err) - } - if err := Validate(""); err != nil { - t.Fatal(err) - } -} - -func TestIsShared(t *testing.T) { - if shared := IsShared("Z"); shared { - t.Fatalf("Expected label `Z` to not be shared, got %v", shared) - } - if shared := IsShared("z"); !shared { - t.Fatalf("Expected label `z` to be shared, got %v", shared) - } - if shared := IsShared("Zz"); !shared { - t.Fatalf("Expected label `Zz` to be shared, got %v", shared) - } -} - -func TestFileLabel(t *testing.T) { - needSELinux(t) - - testUser := []string{"filetype:test_file_t", "level:s0:c1,c15"} - _, mlabel, err := InitLabels(testUser) - if err != nil { - t.Fatalf("InitLabels(user) failed: %v", err) - } - if mlabel != "system_u:object_r:test_file_t:s0:c1,c15" { - t.Fatalf("InitLabels(filetype) failed: %v", err) - } -} diff --git a/internal/third_party/selinux/go-selinux/label/label_stub.go b/internal/third_party/selinux/go-selinux/label/label_stub.go deleted file mode 100644 index 7a54afc5e6d..00000000000 --- a/internal/third_party/selinux/go-selinux/label/label_stub.go +++ /dev/null @@ -1,44 +0,0 @@ -//go:build !linux -// +build !linux - -package label - -// InitLabels returns the process label and file labels to be used within -// the container. A list of options can be passed into this function to alter -// the labels. -func InitLabels([]string) (string, string, error) { - return "", "", nil -} - -func SetFileLabel(string, string) error { - return nil -} - -func SetFileCreateLabel(string) error { - return nil -} - -func Relabel(string, string, bool) error { - return nil -} - -// DisableSecOpt returns a security opt that can disable labeling -// support for future container processes -func DisableSecOpt() []string { - return nil -} - -// Validate checks that the label does not include unexpected options -func Validate(string) error { - return nil -} - -// RelabelNeeded checks whether the user requested a relabel -func RelabelNeeded(string) bool { - return false -} - -// IsShared checks that the label includes a "shared" mark -func IsShared(string) bool { - return false -} diff --git a/internal/third_party/selinux/go-selinux/label/label_stub_test.go b/internal/third_party/selinux/go-selinux/label/label_stub_test.go deleted file mode 100644 index e92cc8b9455..00000000000 --- a/internal/third_party/selinux/go-selinux/label/label_stub_test.go +++ /dev/null @@ -1,76 +0,0 @@ -//go:build !linux -// +build !linux - -package label - -import ( - "testing" - - "github.com/opencontainers/selinux/go-selinux" -) - -const testLabel = "system_u:object_r:container_file_t:s0:c1,c2" - -func TestInit(t *testing.T) { - var testNull []string - _, _, err := InitLabels(testNull) - if err != nil { - t.Log("InitLabels Failed") - t.Fatal(err) - } - testDisabled := []string{"disable"} - if selinux.ROFileLabel() != "" { - t.Error("selinux.ROFileLabel Failed") - } - plabel, mlabel, err := InitLabels(testDisabled) - if err != nil { - t.Log("InitLabels Disabled Failed") - t.Fatal(err) - } - if plabel != "" { - t.Fatal("InitLabels Disabled Failed") - } - if mlabel != "" { - t.Fatal("InitLabels Disabled mlabel Failed") - } - testUser := []string{"user:user_u", "role:user_r", "type:user_t", "level:s0:c1,c15"} - _, _, err = InitLabels(testUser) - if err != nil { - t.Log("InitLabels User Failed") - t.Fatal(err) - } -} - -func TestRelabel(t *testing.T) { - if err := Relabel("/etc", testLabel, false); err != nil { - t.Fatalf("Relabel /etc succeeded") - } -} - -func TestCheckLabelCompile(t *testing.T) { - if _, _, err := InitLabels(nil); err != nil { - t.Fatal(err) - } - - tmpDir := t.TempDir() - - if err := SetFileLabel(tmpDir, "foobar"); err != nil { - t.Fatal(err) - } - - if err := SetFileCreateLabel("foobar"); err != nil { - t.Fatal(err) - } - - DisableSecOpt() - - if err := Validate("foobar"); err != nil { - t.Fatal(err) - } - if relabel := RelabelNeeded("foobar"); relabel { - t.Fatal("Relabel failed") - } - if shared := IsShared("foobar"); shared { - t.Fatal("isshared failed") - } -} diff --git a/internal/third_party/selinux/go-selinux/label/label_test.go b/internal/third_party/selinux/go-selinux/label/label_test.go deleted file mode 100644 index fb172f3ff23..00000000000 --- a/internal/third_party/selinux/go-selinux/label/label_test.go +++ /dev/null @@ -1,35 +0,0 @@ -package label - -import "testing" - -func TestFormatMountLabel(t *testing.T) { - expected := `context="foobar"` - if test := FormatMountLabel("", "foobar"); test != expected { - t.Fatalf("Format failed. Expected %s, got %s", expected, test) - } - - expected = `src,context="foobar"` - if test := FormatMountLabel("src", "foobar"); test != expected { - t.Fatalf("Format failed. Expected %s, got %s", expected, test) - } - - expected = `src` - if test := FormatMountLabel("src", ""); test != expected { - t.Fatalf("Format failed. Expected %s, got %s", expected, test) - } - - expected = `fscontext="foobar"` - if test := FormatMountLabelByType("", "foobar", "fscontext"); test != expected { - t.Fatalf("Format failed. Expected %s, got %s", expected, test) - } - - expected = `src,fscontext="foobar"` - if test := FormatMountLabelByType("src", "foobar", "fscontext"); test != expected { - t.Fatalf("Format failed. Expected %s, got %s", expected, test) - } - - expected = `src` - if test := FormatMountLabelByType("src", "", "rootcontext"); test != expected { - t.Fatalf("Format failed. Expected %s, got %s", expected, test) - } -} diff --git a/internal/third_party/selinux/go-selinux/selinux.go b/internal/third_party/selinux/go-selinux/selinux.go deleted file mode 100644 index 15150d47528..00000000000 --- a/internal/third_party/selinux/go-selinux/selinux.go +++ /dev/null @@ -1,322 +0,0 @@ -package selinux - -import ( - "errors" -) - -const ( - // Enforcing constant indicate SELinux is in enforcing mode - Enforcing = 1 - // Permissive constant to indicate SELinux is in permissive mode - Permissive = 0 - // Disabled constant to indicate SELinux is disabled - Disabled = -1 - // maxCategory is the maximum number of categories used within containers - maxCategory = 1024 - // DefaultCategoryRange is the upper bound on the category range - DefaultCategoryRange = uint32(maxCategory) -) - -var ( - // ErrMCSAlreadyExists is returned when trying to allocate a duplicate MCS. - ErrMCSAlreadyExists = errors.New("MCS label already exists") - // ErrEmptyPath is returned when an empty path has been specified. - ErrEmptyPath = errors.New("empty path") - - // ErrInvalidLabel is returned when an invalid label is specified. - ErrInvalidLabel = errors.New("invalid Label") - - // InvalidLabel is returned when an invalid label is specified. - // - // Deprecated: use [ErrInvalidLabel]. - InvalidLabel = ErrInvalidLabel - - // ErrIncomparable is returned two levels are not comparable - ErrIncomparable = errors.New("incomparable levels") - // ErrLevelSyntax is returned when a sensitivity or category do not have correct syntax in a level - ErrLevelSyntax = errors.New("invalid level syntax") - - // ErrContextMissing is returned if a requested context is not found in a file. - ErrContextMissing = errors.New("context does not have a match") - // ErrVerifierNil is returned when a context verifier function is nil. - ErrVerifierNil = errors.New("verifier function is nil") - - // ErrNotTGLeader is returned by [SetKeyLabel] if the calling thread - // is not the thread group leader. - ErrNotTGLeader = errors.New("calling thread is not the thread group leader") - - // CategoryRange allows the upper bound on the category range to be adjusted - CategoryRange = DefaultCategoryRange - - privContainerMountLabel string -) - -// Context is a representation of the SELinux label broken into 4 parts -type Context map[string]string - -// SetDisabled disables SELinux support for the package -func SetDisabled() { - setDisabled() -} - -// GetEnabled returns whether SELinux is currently enabled. -func GetEnabled() bool { - return getEnabled() -} - -// ClassIndex returns the int index for an object class in the loaded policy, -// or -1 and an error -func ClassIndex(class string) (int, error) { - return classIndex(class) -} - -// SetFileLabel sets the SELinux label for this path, following symlinks, -// or returns an error. -func SetFileLabel(fpath string, label string) error { - return setFileLabel(fpath, label) -} - -// LsetFileLabel sets the SELinux label for this path, not following symlinks, -// or returns an error. -func LsetFileLabel(fpath string, label string) error { - return lSetFileLabel(fpath, label) -} - -// FileLabel returns the SELinux label for this path, following symlinks, -// or returns an error. -func FileLabel(fpath string) (string, error) { - return fileLabel(fpath) -} - -// LfileLabel returns the SELinux label for this path, not following symlinks, -// or returns an error. -func LfileLabel(fpath string) (string, error) { - return lFileLabel(fpath) -} - -// SetFSCreateLabel tells the kernel what label to use for all file system objects -// created by this task. -// Set the label to an empty string to return to the default label. Calls to SetFSCreateLabel -// should be wrapped in runtime.LockOSThread()/runtime.UnlockOSThread() until file system -// objects created by this task are finished to guarantee another goroutine does not migrate -// to the current thread before execution is complete. -func SetFSCreateLabel(label string) error { - return setFSCreateLabel(label) -} - -// FSCreateLabel returns the default label the kernel which the kernel is using -// for file system objects created by this task. "" indicates default. -func FSCreateLabel() (string, error) { - return fsCreateLabel() -} - -// CurrentLabel returns the SELinux label of the current process thread, or an error. -func CurrentLabel() (string, error) { - return currentLabel() -} - -// PidLabel returns the SELinux label of the given pid, or an error. -func PidLabel(pid int) (string, error) { - return pidLabel(pid) -} - -// ExecLabel returns the SELinux label that the kernel will use for any programs -// that are executed by the current process thread, or an error. -func ExecLabel() (string, error) { - return execLabel() -} - -// CanonicalizeContext takes a context string and writes it to the kernel -// the function then returns the context that the kernel will use. Use this -// function to check if two contexts are equivalent -func CanonicalizeContext(val string) (string, error) { - return canonicalizeContext(val) -} - -// ComputeCreateContext requests the type transition from source to target for -// class from the kernel. -func ComputeCreateContext(source string, target string, class string) (string, error) { - return computeCreateContext(source, target, class) -} - -// CalculateGlbLub computes the glb (greatest lower bound) and lub (least upper bound) -// of a source and target range. -// The glblub is calculated as the greater of the low sensitivities and -// the lower of the high sensitivities and the and of each category bitset. -func CalculateGlbLub(sourceRange, targetRange string) (string, error) { - return calculateGlbLub(sourceRange, targetRange) -} - -// SetExecLabel sets the SELinux label that the kernel will use for any programs -// that are executed by the current process thread, or an error. Calls to SetExecLabel -// should be wrapped in runtime.LockOSThread()/runtime.UnlockOSThread() until execution -// of the program is finished to guarantee another goroutine does not migrate to the current -// thread before execution is complete. -func SetExecLabel(label string) error { - return writeConThreadSelf("attr/exec", label) -} - -// SetTaskLabel sets the SELinux label for the current thread, or an error. -// This requires the dyntransition permission. Calls to SetTaskLabel should -// be wrapped in runtime.LockOSThread()/runtime.UnlockOSThread() to guarantee -// the current thread does not run in a new mislabeled thread. -func SetTaskLabel(label string) error { - return writeConThreadSelf("attr/current", label) -} - -// SetSocketLabel takes a process label and tells the kernel to assign the -// label to the next socket that gets created. Calls to SetSocketLabel -// should be wrapped in runtime.LockOSThread()/runtime.UnlockOSThread() until -// the socket is created to guarantee another goroutine does not migrate -// to the current thread before execution is complete. -func SetSocketLabel(label string) error { - return writeConThreadSelf("attr/sockcreate", label) -} - -// SocketLabel retrieves the current socket label setting -func SocketLabel() (string, error) { - return readConThreadSelf("attr/sockcreate") -} - -// PeerLabel retrieves the label of the client on the other side of a socket -func PeerLabel(fd uintptr) (string, error) { - return peerLabel(fd) -} - -// SetKeyLabel takes a process label and tells the kernel to assign the -// label to the next kernel keyring that gets created. -// -// Calls to SetKeyLabel should be wrapped in -// runtime.LockOSThread()/runtime.UnlockOSThread() until the kernel keyring is -// created to guarantee another goroutine does not migrate to the current -// thread before execution is complete. -// -// Only the thread group leader can set key label. -func SetKeyLabel(label string) error { - return setKeyLabel(label) -} - -// KeyLabel retrieves the current kernel keyring label setting -func KeyLabel() (string, error) { - return keyLabel() -} - -// Get returns the Context as a string -func (c Context) Get() string { - return c.get() -} - -// NewContext creates a new Context struct from the specified label -func NewContext(label string) (Context, error) { - return newContext(label) -} - -// ClearLabels clears all reserved labels -func ClearLabels() { - clearLabels() -} - -// ReserveLabel reserves the MLS/MCS level component of the specified label -func ReserveLabel(label string) { - reserveLabel(label) -} - -// MLSEnabled checks if MLS is enabled. -func MLSEnabled() bool { - return isMLSEnabled() -} - -// EnforceMode returns the current SELinux mode Enforcing, Permissive, Disabled -func EnforceMode() int { - return enforceMode() -} - -// SetEnforceMode sets the current SELinux mode Enforcing, Permissive. -// Disabled is not valid, since this needs to be set at boot time. -func SetEnforceMode(mode int) error { - return setEnforceMode(mode) -} - -// DefaultEnforceMode returns the systems default SELinux mode Enforcing, -// Permissive or Disabled. Note this is just the default at boot time. -// EnforceMode tells you the systems current mode. -func DefaultEnforceMode() int { - return defaultEnforceMode() -} - -// ReleaseLabel un-reserves the MLS/MCS Level field of the specified label, -// allowing it to be used by another process. -func ReleaseLabel(label string) { - releaseLabel(label) -} - -// ROFileLabel returns the specified SELinux readonly file label -func ROFileLabel() string { - return roFileLabel() -} - -// KVMContainerLabels returns the default processLabel and mountLabel to be used -// for kvm containers by the calling process. -func KVMContainerLabels() (string, string) { - return kvmContainerLabels() -} - -// InitContainerLabels returns the default processLabel and file labels to be -// used for containers running an init system like systemd by the calling process. -func InitContainerLabels() (string, string) { - return initContainerLabels() -} - -// ContainerLabels returns an allocated processLabel and fileLabel to be used for -// container labeling by the calling process. -func ContainerLabels() (processLabel string, fileLabel string) { - return containerLabels() -} - -// SecurityCheckContext validates that the SELinux label is understood by the kernel -func SecurityCheckContext(val string) error { - return securityCheckContext(val) -} - -// CopyLevel returns a label with the MLS/MCS level from src label replaced on -// the dest label. -func CopyLevel(src, dest string) (string, error) { - return copyLevel(src, dest) -} - -// Chcon changes the fpath file object to the SELinux label. -// If fpath is a directory and recurse is true, then Chcon walks the -// directory tree setting the label. -// -// The fpath itself is guaranteed to be relabeled last. -func Chcon(fpath string, label string, recurse bool) error { - return chcon(fpath, label, recurse) -} - -// DupSecOpt takes an SELinux process label and returns security options that -// can be used to set the SELinux Type and Level for future container processes. -func DupSecOpt(src string) ([]string, error) { - return dupSecOpt(src) -} - -// DisableSecOpt returns a security opt that can be used to disable SELinux -// labeling support for future container processes. -func DisableSecOpt() []string { - return []string{"disable"} -} - -// GetDefaultContextWithLevel gets a single context for the specified SELinux user -// identity that is reachable from the specified scon context. The context is based -// on the per-user /etc/selinux/{SELINUXTYPE}/contexts/users/ if it exists, -// and falls back to the global /etc/selinux/{SELINUXTYPE}/contexts/default_contexts -// file. -func GetDefaultContextWithLevel(user, level, scon string) (string, error) { - return getDefaultContextWithLevel(user, level, scon) -} - -// PrivContainerMountLabel returns mount label for privileged containers -func PrivContainerMountLabel() string { - // Make sure label is initialized. - _ = label("") - return privContainerMountLabel -} diff --git a/internal/third_party/selinux/go-selinux/selinux_linux.go b/internal/third_party/selinux/go-selinux/selinux_linux.go deleted file mode 100644 index 70392d98904..00000000000 --- a/internal/third_party/selinux/go-selinux/selinux_linux.go +++ /dev/null @@ -1,1405 +0,0 @@ -package selinux - -import ( - "bufio" - "bytes" - "crypto/rand" - "encoding/binary" - "errors" - "fmt" - "io" - "io/fs" - "math/big" - "os" - "os/user" - "path/filepath" - "strconv" - "strings" - "sync" - - "github.com/cyphar/filepath-securejoin/pathrs-lite" - "github.com/cyphar/filepath-securejoin/pathrs-lite/procfs" - "golang.org/x/sys/unix" - - "github.com/opencontainers/selinux/pkg/pwalkdir" -) - -const ( - minSensLen = 2 - contextFile = "/usr/share/containers/selinux/contexts" - selinuxDir = "/etc/selinux/" - selinuxUsersDir = "contexts/users" - defaultContexts = "contexts/default_contexts" - selinuxConfig = selinuxDir + "config" - selinuxfsMount = "/sys/fs/selinux" - selinuxTypeTag = "SELINUXTYPE" - selinuxTag = "SELINUX" - xattrNameSelinux = "security.selinux" -) - -type selinuxState struct { - mcsList map[string]bool - selinuxfs string - selinuxfsOnce sync.Once - enabledSet bool - enabled bool - sync.Mutex -} - -type level struct { - cats *big.Int - sens int -} - -type mlsRange struct { - low *level - high *level -} - -type defaultSECtx struct { - userRdr io.Reader - verifier func(string) error - defaultRdr io.Reader - user, level, scon string -} - -type levelItem byte - -const ( - sensitivity levelItem = 's' - category levelItem = 'c' -) - -var ( - readOnlyFileLabel string - state = selinuxState{ - mcsList: make(map[string]bool), - } - - // for policyRoot() - policyRootOnce sync.Once - policyRootVal string - - // for label() - loadLabelsOnce sync.Once - labels map[string]string -) - -func policyRoot() string { - policyRootOnce.Do(func() { - policyRootVal = filepath.Join(selinuxDir, readConfig(selinuxTypeTag)) - }) - - return policyRootVal -} - -func (s *selinuxState) setEnable(enabled bool) bool { - s.Lock() - defer s.Unlock() - s.enabledSet = true - s.enabled = enabled - return s.enabled -} - -func (s *selinuxState) getEnabled() bool { - s.Lock() - enabled := s.enabled - enabledSet := s.enabledSet - s.Unlock() - if enabledSet { - return enabled - } - - enabled = false - if fs := getSelinuxMountPoint(); fs != "" { - if con, _ := CurrentLabel(); con != "kernel" { - enabled = true - } - } - return s.setEnable(enabled) -} - -// setDisabled disables SELinux support for the package -func setDisabled() { - state.setEnable(false) -} - -func verifySELinuxfsMount(mnt string) bool { - var buf unix.Statfs_t - for { - err := unix.Statfs(mnt, &buf) - if err == nil { - break - } - if err == unix.EAGAIN || err == unix.EINTR { - continue - } - return false - } - - //#nosec G115 -- there is no overflow here. - if uint32(buf.Type) != uint32(unix.SELINUX_MAGIC) { - return false - } - if (buf.Flags & unix.ST_RDONLY) != 0 { - return false - } - - return true -} - -func findSELinuxfs() string { - // fast path: check the default mount first - if verifySELinuxfsMount(selinuxfsMount) { - return selinuxfsMount - } - - // check if selinuxfs is available before going the slow path - fs, err := os.ReadFile("/proc/filesystems") - if err != nil { - return "" - } - if !bytes.Contains(fs, []byte("\tselinuxfs\n")) { - return "" - } - - // slow path: try to find among the mounts - f, err := os.Open("/proc/self/mountinfo") - if err != nil { - return "" - } - defer f.Close() - - scanner := bufio.NewScanner(f) - for { - mnt := findSELinuxfsMount(scanner) - if mnt == "" { // error or not found - return "" - } - if verifySELinuxfsMount(mnt) { - return mnt - } - } -} - -// findSELinuxfsMount returns a next selinuxfs mount point found, -// if there is one, or an empty string in case of EOF or error. -func findSELinuxfsMount(s *bufio.Scanner) string { - for s.Scan() { - txt := s.Bytes() - // The first field after - is fs type. - // Safe as spaces in mountpoints are encoded as \040 - if !bytes.Contains(txt, []byte(" - selinuxfs ")) { - continue - } - const mPos = 5 // mount point is 5th field - fields := bytes.SplitN(txt, []byte(" "), mPos+1) - if len(fields) < mPos+1 { - continue - } - return string(fields[mPos-1]) - } - - return "" -} - -func (s *selinuxState) getSELinuxfs() string { - s.selinuxfsOnce.Do(func() { - s.selinuxfs = findSELinuxfs() - }) - - return s.selinuxfs -} - -// getSelinuxMountPoint returns the path to the mountpoint of an selinuxfs -// filesystem or an empty string if no mountpoint is found. Selinuxfs is -// a proc-like pseudo-filesystem that exposes the SELinux policy API to -// processes. The existence of an selinuxfs mount is used to determine -// whether SELinux is currently enabled or not. -func getSelinuxMountPoint() string { - return state.getSELinuxfs() -} - -// getEnabled returns whether SELinux is currently enabled. -func getEnabled() bool { - return state.getEnabled() -} - -func readConfig(target string) string { - in, err := os.Open(selinuxConfig) - if err != nil { - return "" - } - defer in.Close() - - scanner := bufio.NewScanner(in) - - for scanner.Scan() { - line := bytes.TrimSpace(scanner.Bytes()) - if len(line) == 0 { - // Skip blank lines - continue - } - if line[0] == ';' || line[0] == '#' { - // Skip comments - continue - } - fields := bytes.SplitN(line, []byte{'='}, 2) - if len(fields) != 2 { - continue - } - if bytes.Equal(fields[0], []byte(target)) { - return string(bytes.Trim(fields[1], `"`)) - } - } - return "" -} - -func readConFd(in *os.File) (string, error) { - data, err := io.ReadAll(in) - if err != nil { - return "", err - } - return string(bytes.TrimSuffix(data, []byte{0})), nil -} - -func writeConFd(out *os.File, val string) error { - var err error - if val != "" { - _, err = out.Write([]byte(val)) - } else { - _, err = out.Write(nil) - } - return err -} - -// openProcThreadSelf is a small wrapper around [OpenThreadSelf] and -// [pathrs.Reopen] to make "one-shot opens" slightly more ergonomic. The -// provided mode must be os.O_* flags to indicate what mode the returned file -// should be opened with (flags like os.O_CREAT and os.O_EXCL are not -// supported). -// -// If no error occurred, the returned handle is guaranteed to be exactly -// /proc/thread-self/ with no tricky mounts or symlinks causing you to -// operate on an unexpected path (with some caveats on pre-openat2 or -// pre-fsopen kernels). -// -// [OpenThreadSelf]: https://pkg.go.dev/github.com/cyphar/filepath-securejoin/pathrs-lite/procfs#Handle.OpenThreadSelf -func openProcThreadSelf(subpath string, mode int) (*os.File, procfs.ProcThreadSelfCloser, error) { - if subpath == "" { - return nil, nil, ErrEmptyPath - } - - proc, err := procfs.OpenProcRoot() - if err != nil { - return nil, nil, err - } - defer proc.Close() - - handle, closer, err := proc.OpenThreadSelf(subpath) - if err != nil { - return nil, nil, fmt.Errorf("open /proc/thread-self/%s handle: %w", subpath, err) - } - defer handle.Close() // we will return a re-opened handle - - file, err := pathrs.Reopen(handle, mode) - if err != nil { - closer() - return nil, nil, fmt.Errorf("reopen /proc/thread-self/%s handle (%#x): %w", subpath, mode, err) - } - return file, closer, nil -} - -// Read the contents of /proc/thread-self/. -func readConThreadSelf(fpath string) (string, error) { - in, closer, err := openProcThreadSelf(fpath, os.O_RDONLY|unix.O_CLOEXEC) - if err != nil { - return "", err - } - defer closer() - defer in.Close() - - return readConFd(in) -} - -// Write to /proc/thread-self/. -func writeConThreadSelf(fpath, val string) error { - if val == "" { - if !getEnabled() { - return nil - } - } - - out, closer, err := openProcThreadSelf(fpath, os.O_WRONLY|unix.O_CLOEXEC) - if err != nil { - return err - } - defer closer() - defer out.Close() - - return writeConFd(out, val) -} - -// openProcSelf is a small wrapper around [OpenSelf] and [pathrs.Reopen] to -// make "one-shot opens" slightly more ergonomic. The provided mode must be -// os.O_* flags to indicate what mode the returned file should be opened with -// (flags like os.O_CREAT and os.O_EXCL are not supported). -// -// If no error occurred, the returned handle is guaranteed to be exactly -// /proc/self/ with no tricky mounts or symlinks causing you to -// operate on an unexpected path (with some caveats on pre-openat2 or -// pre-fsopen kernels). -// -// [OpenSelf]: https://pkg.go.dev/github.com/cyphar/filepath-securejoin/pathrs-lite/procfs#Handle.OpenSelf -func openProcSelf(subpath string, mode int) (*os.File, error) { - if subpath == "" { - return nil, ErrEmptyPath - } - - proc, err := procfs.OpenProcRoot() - if err != nil { - return nil, err - } - defer proc.Close() - - handle, err := proc.OpenSelf(subpath) - if err != nil { - return nil, fmt.Errorf("open /proc/self/%s handle: %w", subpath, err) - } - defer handle.Close() // we will return a re-opened handle - - file, err := pathrs.Reopen(handle, mode) - if err != nil { - return nil, fmt.Errorf("reopen /proc/self/%s handle (%#x): %w", subpath, mode, err) - } - return file, nil -} - -// Read the contents of /proc/self/. -func readConSelf(fpath string) (string, error) { - in, err := openProcSelf(fpath, os.O_RDONLY|unix.O_CLOEXEC) - if err != nil { - return "", err - } - defer in.Close() - - return readConFd(in) -} - -// Write to /proc/self/. -func writeConSelf(fpath, val string) error { - if val == "" { - if !getEnabled() { - return nil - } - } - - out, err := openProcSelf(fpath, os.O_WRONLY|unix.O_CLOEXEC) - if err != nil { - return err - } - defer out.Close() - - return writeConFd(out, val) -} - -// openProcPid is a small wrapper around [OpenPid] and [pathrs.Reopen] to make -// "one-shot opens" slightly more ergonomic. The provided mode must be os.O_* -// flags to indicate what mode the returned file should be opened with (flags -// like os.O_CREAT and os.O_EXCL are not supported). -// -// If no error occurred, the returned handle is guaranteed to be exactly -// /proc/self/ with no tricky mounts or symlinks causing you to -// operate on an unexpected path (with some caveats on pre-openat2 or -// pre-fsopen kernels). -// -// [OpenPid]: https://pkg.go.dev/github.com/cyphar/filepath-securejoin/pathrs-lite/procfs#Handle.OpenPid -func openProcPid(pid int, subpath string, mode int) (*os.File, error) { - if subpath == "" { - return nil, ErrEmptyPath - } - - proc, err := procfs.OpenProcRoot() - if err != nil { - return nil, err - } - defer proc.Close() - - handle, err := proc.OpenPid(pid, subpath) - if err != nil { - return nil, fmt.Errorf("open /proc/%d/%s handle: %w", pid, subpath, err) - } - defer handle.Close() // we will return a re-opened handle - - file, err := pathrs.Reopen(handle, mode) - if err != nil { - return nil, fmt.Errorf("reopen /proc/%d/%s handle (%#x): %w", pid, subpath, mode, err) - } - return file, nil -} - -// classIndex returns the int index for an object class in the loaded policy, -// or -1 and an error -func classIndex(class string) (int, error) { - permpath := fmt.Sprintf("class/%s/index", class) - indexpath := filepath.Join(getSelinuxMountPoint(), permpath) - - indexB, err := os.ReadFile(indexpath) - if err != nil { - return -1, err - } - index, err := strconv.Atoi(string(indexB)) - if err != nil { - return -1, err - } - - return index, nil -} - -// lSetFileLabel sets the SELinux label for this path, not following symlinks, -// or returns an error. -func lSetFileLabel(fpath string, label string) error { - if fpath == "" { - return ErrEmptyPath - } - for { - err := unix.Lsetxattr(fpath, xattrNameSelinux, []byte(label), 0) - if err == nil { - break - } - if err != unix.EINTR { - return &os.PathError{Op: fmt.Sprintf("lsetxattr(label=%s)", label), Path: fpath, Err: err} - } - } - - return nil -} - -// setFileLabel sets the SELinux label for this path, following symlinks, -// or returns an error. -func setFileLabel(fpath string, label string) error { - if fpath == "" { - return ErrEmptyPath - } - for { - err := unix.Setxattr(fpath, xattrNameSelinux, []byte(label), 0) - if err == nil { - break - } - if err != unix.EINTR { - return &os.PathError{Op: fmt.Sprintf("setxattr(label=%s)", label), Path: fpath, Err: err} - } - } - - return nil -} - -// fileLabel returns the SELinux label for this path, following symlinks, -// or returns an error. -func fileLabel(fpath string) (string, error) { - if fpath == "" { - return "", ErrEmptyPath - } - - label, err := getxattr(fpath, xattrNameSelinux) - if err != nil { - return "", &os.PathError{Op: "getxattr", Path: fpath, Err: err} - } - // Trim the NUL byte at the end of the byte buffer, if present. - if len(label) > 0 && label[len(label)-1] == '\x00' { - label = label[:len(label)-1] - } - return string(label), nil -} - -// lFileLabel returns the SELinux label for this path, not following symlinks, -// or returns an error. -func lFileLabel(fpath string) (string, error) { - if fpath == "" { - return "", ErrEmptyPath - } - - label, err := lgetxattr(fpath, xattrNameSelinux) - if err != nil { - return "", &os.PathError{Op: "lgetxattr", Path: fpath, Err: err} - } - // Trim the NUL byte at the end of the byte buffer, if present. - if len(label) > 0 && label[len(label)-1] == '\x00' { - label = label[:len(label)-1] - } - return string(label), nil -} - -func setFSCreateLabel(label string) error { - return writeConThreadSelf("attr/fscreate", label) -} - -// fsCreateLabel returns the default label the kernel which the kernel is using -// for file system objects created by this task. "" indicates default. -func fsCreateLabel() (string, error) { - return readConThreadSelf("attr/fscreate") -} - -// currentLabel returns the SELinux label of the current process thread, or an error. -func currentLabel() (string, error) { - return readConThreadSelf("attr/current") -} - -// pidLabel returns the SELinux label of the given pid, or an error. -func pidLabel(pid int) (string, error) { - it, err := openProcPid(pid, "attr/current", os.O_RDONLY|unix.O_CLOEXEC) - if err != nil { - return "", nil - } - defer it.Close() - return readConFd(it) -} - -// ExecLabel returns the SELinux label that the kernel will use for any programs -// that are executed by the current process thread, or an error. -func execLabel() (string, error) { - return readConThreadSelf("exec") -} - -// canonicalizeContext takes a context string and writes it to the kernel -// the function then returns the context that the kernel will use. Use this -// function to check if two contexts are equivalent -func canonicalizeContext(val string) (string, error) { - return readWriteCon(filepath.Join(getSelinuxMountPoint(), "context"), val) -} - -// computeCreateContext requests the type transition from source to target for -// class from the kernel. -func computeCreateContext(source string, target string, class string) (string, error) { - classidx, err := classIndex(class) - if err != nil { - return "", err - } - - return readWriteCon(filepath.Join(getSelinuxMountPoint(), "create"), fmt.Sprintf("%s %s %d", source, target, classidx)) -} - -// catsToBitset stores categories in a bitset. -func catsToBitset(cats string) (*big.Int, error) { - bitset := new(big.Int) - - catlist := strings.Split(cats, ",") - for _, r := range catlist { - ranges := strings.SplitN(r, ".", 2) - if len(ranges) > 1 { - catstart, err := parseLevelItem(ranges[0], category) - if err != nil { - return nil, err - } - catend, err := parseLevelItem(ranges[1], category) - if err != nil { - return nil, err - } - for i := catstart; i <= catend; i++ { - bitset.SetBit(bitset, i, 1) - } - } else { - cat, err := parseLevelItem(ranges[0], category) - if err != nil { - return nil, err - } - bitset.SetBit(bitset, cat, 1) - } - } - - return bitset, nil -} - -// parseLevelItem parses and verifies that a sensitivity or category are valid -func parseLevelItem(s string, sep levelItem) (int, error) { - if len(s) < minSensLen || levelItem(s[0]) != sep { - return 0, ErrLevelSyntax - } - const bitSize = 31 // Make sure the result fits into signed int32. - val, err := strconv.ParseUint(s[1:], 10, bitSize) - if err != nil { - return 0, err - } - - return int(val), nil -} - -// parseLevel fills a level from a string that contains -// a sensitivity and categories -func (l *level) parseLevel(levelStr string) error { - lvl := strings.SplitN(levelStr, ":", 2) - sens, err := parseLevelItem(lvl[0], sensitivity) - if err != nil { - return fmt.Errorf("failed to parse sensitivity: %w", err) - } - l.sens = sens - if len(lvl) > 1 { - cats, err := catsToBitset(lvl[1]) - if err != nil { - return fmt.Errorf("failed to parse categories: %w", err) - } - l.cats = cats - } - - return nil -} - -// rangeStrToMLSRange marshals a string representation of a range. -func rangeStrToMLSRange(rangeStr string) (*mlsRange, error) { - r := &mlsRange{} - l := strings.SplitN(rangeStr, "-", 2) - - switch len(l) { - // rangeStr that has a low and a high level, e.g. s4:c0.c1023-s6:c0.c1023 - case 2: - r.high = &level{} - if err := r.high.parseLevel(l[1]); err != nil { - return nil, fmt.Errorf("failed to parse high level %q: %w", l[1], err) - } - fallthrough - // rangeStr that is single level, e.g. s6:c0,c3,c5,c30.c1023 - case 1: - r.low = &level{} - if err := r.low.parseLevel(l[0]); err != nil { - return nil, fmt.Errorf("failed to parse low level %q: %w", l[0], err) - } - } - - if r.high == nil { - r.high = r.low - } - - return r, nil -} - -// bitsetToStr takes a category bitset and returns it in the -// canonical selinux syntax -func bitsetToStr(c *big.Int) string { - var str string - - length := 0 - i0 := int(c.TrailingZeroBits()) //#nosec G115 -- don't expect TralingZeroBits to return values with highest bit set. - for i := i0; i < c.BitLen(); i++ { - if c.Bit(i) == 0 { - continue - } - if length == 0 { - if str != "" { - str += "," - } - str += "c" + strconv.Itoa(i) - } - if c.Bit(i+1) == 1 { - length++ - continue - } - if length == 1 { - str += ",c" + strconv.Itoa(i) - } else if length > 1 { - str += ".c" + strconv.Itoa(i) - } - length = 0 - } - - return str -} - -func (l *level) equal(l2 *level) bool { - if l2 == nil || l == nil { - return l == l2 - } - if l2.sens != l.sens { - return false - } - if l2.cats == nil || l.cats == nil { - return l2.cats == l.cats - } - return l.cats.Cmp(l2.cats) == 0 -} - -// String returns an mlsRange as a string. -func (m mlsRange) String() string { - low := "s" + strconv.Itoa(m.low.sens) - if m.low.cats != nil && m.low.cats.BitLen() > 0 { - low += ":" + bitsetToStr(m.low.cats) - } - - if m.low.equal(m.high) { - return low - } - - high := "s" + strconv.Itoa(m.high.sens) - if m.high.cats != nil && m.high.cats.BitLen() > 0 { - high += ":" + bitsetToStr(m.high.cats) - } - - return low + "-" + high -} - -// TODO: remove these in favor of built-in min/max -// once we stop supporting Go < 1.21. -func maxInt(a, b int) int { - if a > b { - return a - } - return b -} - -func minInt(a, b int) int { - if a < b { - return a - } - return b -} - -// calculateGlbLub computes the glb (greatest lower bound) and lub (least upper bound) -// of a source and target range. -// The glblub is calculated as the greater of the low sensitivities and -// the lower of the high sensitivities and the and of each category bitset. -func calculateGlbLub(sourceRange, targetRange string) (string, error) { - s, err := rangeStrToMLSRange(sourceRange) - if err != nil { - return "", err - } - t, err := rangeStrToMLSRange(targetRange) - if err != nil { - return "", err - } - - if s.high.sens < t.low.sens || t.high.sens < s.low.sens { - /* these ranges have no common sensitivities */ - return "", ErrIncomparable - } - - outrange := &mlsRange{low: &level{}, high: &level{}} - - /* take the greatest of the low */ - outrange.low.sens = maxInt(s.low.sens, t.low.sens) - - /* take the least of the high */ - outrange.high.sens = minInt(s.high.sens, t.high.sens) - - /* find the intersecting categories */ - if s.low.cats != nil && t.low.cats != nil { - outrange.low.cats = new(big.Int) - outrange.low.cats.And(s.low.cats, t.low.cats) - } - if s.high.cats != nil && t.high.cats != nil { - outrange.high.cats = new(big.Int) - outrange.high.cats.And(s.high.cats, t.high.cats) - } - - return outrange.String(), nil -} - -func readWriteCon(fpath string, val string) (string, error) { - if fpath == "" { - return "", ErrEmptyPath - } - f, err := os.OpenFile(fpath, os.O_RDWR, 0) - if err != nil { - return "", err - } - defer f.Close() - - _, err = f.Write([]byte(val)) - if err != nil { - return "", err - } - - return readConFd(f) -} - -// peerLabel retrieves the label of the client on the other side of a socket -func peerLabel(fd uintptr) (string, error) { - l, err := unix.GetsockoptString(int(fd), unix.SOL_SOCKET, unix.SO_PEERSEC) - if err != nil { - return "", &os.PathError{Op: "getsockopt", Path: "fd " + strconv.Itoa(int(fd)), Err: err} - } - return l, nil -} - -// setKeyLabel takes a process label and tells the kernel to assign the -// label to the next kernel keyring that gets created -func setKeyLabel(label string) error { - // Rather than using /proc/thread-self, we want to use /proc/self to - // operate on the thread-group leader. - err := writeConSelf("attr/keycreate", label) - if errors.Is(err, os.ErrNotExist) { - return nil - } - if label == "" && errors.Is(err, os.ErrPermission) { - return nil - } - if errors.Is(err, unix.EACCES) && unix.Getpid() != unix.Gettid() { - return ErrNotTGLeader - } - return err -} - -// KeyLabel retrieves the current kernel keyring label setting for this -// thread-group. -func keyLabel() (string, error) { - // Rather than using /proc/thread-self, we want to use /proc/self to - // operate on the thread-group leader. - return readConSelf("attr/keycreate") -} - -// get returns the Context as a string -func (c Context) get() string { - if l := c["level"]; l != "" { - return c["user"] + ":" + c["role"] + ":" + c["type"] + ":" + l - } - return c["user"] + ":" + c["role"] + ":" + c["type"] -} - -// newContext creates a new Context struct from the specified label -func newContext(label string) (Context, error) { - c := make(Context) - - if len(label) != 0 { - con := strings.SplitN(label, ":", 4) - if len(con) < 3 { - return c, ErrInvalidLabel - } - c["user"] = con[0] - c["role"] = con[1] - c["type"] = con[2] - if len(con) > 3 { - c["level"] = con[3] - } - } - return c, nil -} - -// clearLabels clears all reserved labels -func clearLabels() { - state.Lock() - state.mcsList = make(map[string]bool) - state.Unlock() -} - -// reserveLabel reserves the MLS/MCS level component of the specified label -func reserveLabel(label string) { - if len(label) != 0 { - con := strings.SplitN(label, ":", 4) - if len(con) > 3 { - _ = mcsAdd(con[3]) - } - } -} - -func selinuxEnforcePath() string { - return filepath.Join(getSelinuxMountPoint(), "enforce") -} - -// isMLSEnabled checks if MLS is enabled. -func isMLSEnabled() bool { - enabledB, err := os.ReadFile(filepath.Join(getSelinuxMountPoint(), "mls")) - if err != nil { - return false - } - return bytes.Equal(enabledB, []byte{'1'}) -} - -// enforceMode returns the current SELinux mode Enforcing, Permissive, Disabled -func enforceMode() int { - var enforce int - - enforceB, err := os.ReadFile(selinuxEnforcePath()) - if err != nil { - return -1 - } - enforce, err = strconv.Atoi(string(enforceB)) - if err != nil { - return -1 - } - return enforce -} - -// setEnforceMode sets the current SELinux mode Enforcing, Permissive. -// Disabled is not valid, since this needs to be set at boot time. -func setEnforceMode(mode int) error { - return os.WriteFile(selinuxEnforcePath(), []byte(strconv.Itoa(mode)), 0) -} - -// defaultEnforceMode returns the systems default SELinux mode Enforcing, -// Permissive or Disabled. Note this is just the default at boot time. -// EnforceMode tells you the systems current mode. -func defaultEnforceMode() int { - switch readConfig(selinuxTag) { - case "enforcing": - return Enforcing - case "permissive": - return Permissive - } - return Disabled -} - -func mcsAdd(mcs string) error { - if mcs == "" { - return nil - } - state.Lock() - defer state.Unlock() - if state.mcsList[mcs] { - return ErrMCSAlreadyExists - } - state.mcsList[mcs] = true - return nil -} - -func mcsDelete(mcs string) { - if mcs == "" { - return - } - state.Lock() - defer state.Unlock() - state.mcsList[mcs] = false -} - -func intToMcs(id int, catRange uint32) string { - var ( - SETSIZE = int(catRange) - TIER = SETSIZE - ORD = id - ) - - if id < 1 || id > 523776 { - return "" - } - - for ORD > TIER { - ORD -= TIER - TIER-- - } - TIER = SETSIZE - TIER - ORD += TIER - return fmt.Sprintf("s0:c%d,c%d", TIER, ORD) -} - -func uniqMcs(catRange uint32) string { - var ( - n uint32 - c1, c2 uint32 - mcs string - ) - - for { - _ = binary.Read(rand.Reader, binary.LittleEndian, &n) - c1 = n % catRange - _ = binary.Read(rand.Reader, binary.LittleEndian, &n) - c2 = n % catRange - if c1 == c2 { - continue - } else if c1 > c2 { - c1, c2 = c2, c1 - } - mcs = fmt.Sprintf("s0:c%d,c%d", c1, c2) - if err := mcsAdd(mcs); err != nil { - continue - } - break - } - return mcs -} - -// releaseLabel un-reserves the MLS/MCS Level field of the specified label, -// allowing it to be used by another process. -func releaseLabel(label string) { - if len(label) != 0 { - con := strings.SplitN(label, ":", 4) - if len(con) > 3 { - mcsDelete(con[3]) - } - } -} - -// roFileLabel returns the specified SELinux readonly file label -func roFileLabel() string { - return readOnlyFileLabel -} - -func openContextFile() (*os.File, error) { - if f, err := os.Open(contextFile); err == nil { - return f, nil - } - return os.Open(filepath.Join(policyRoot(), "contexts", "lxc_contexts")) -} - -func loadLabels() { - labels = make(map[string]string) - in, err := openContextFile() - if err != nil { - return - } - defer in.Close() - - scanner := bufio.NewScanner(in) - - for scanner.Scan() { - line := bytes.TrimSpace(scanner.Bytes()) - if len(line) == 0 { - // Skip blank lines - continue - } - if line[0] == ';' || line[0] == '#' { - // Skip comments - continue - } - fields := bytes.SplitN(line, []byte{'='}, 2) - if len(fields) != 2 { - continue - } - key, val := bytes.TrimSpace(fields[0]), bytes.TrimSpace(fields[1]) - labels[string(key)] = string(bytes.Trim(val, `"`)) - } - - con, _ := NewContext(labels["file"]) - con["level"] = fmt.Sprintf("s0:c%d,c%d", maxCategory-2, maxCategory-1) - privContainerMountLabel = con.get() - reserveLabel(privContainerMountLabel) -} - -func label(key string) string { - loadLabelsOnce.Do(func() { - loadLabels() - }) - return labels[key] -} - -// kvmContainerLabels returns the default processLabel and mountLabel to be used -// for kvm containers by the calling process. -func kvmContainerLabels() (string, string) { - processLabel := label("kvm_process") - if processLabel == "" { - processLabel = label("process") - } - - return addMcs(processLabel, label("file")) -} - -// initContainerLabels returns the default processLabel and file labels to be -// used for containers running an init system like systemd by the calling process. -func initContainerLabels() (string, string) { - processLabel := label("init_process") - if processLabel == "" { - processLabel = label("process") - } - - return addMcs(processLabel, label("file")) -} - -// containerLabels returns an allocated processLabel and fileLabel to be used for -// container labeling by the calling process. -func containerLabels() (processLabel string, fileLabel string) { - if !getEnabled() { - return "", "" - } - - processLabel = label("process") - fileLabel = label("file") - readOnlyFileLabel = label("ro_file") - - if processLabel == "" || fileLabel == "" { - return "", fileLabel - } - - if readOnlyFileLabel == "" { - readOnlyFileLabel = fileLabel - } - - return addMcs(processLabel, fileLabel) -} - -func addMcs(processLabel, fileLabel string) (string, string) { - scon, _ := NewContext(processLabel) - if scon["level"] != "" { - mcs := uniqMcs(CategoryRange) - scon["level"] = mcs - processLabel = scon.Get() - scon, _ = NewContext(fileLabel) - scon["level"] = mcs - fileLabel = scon.Get() - } - return processLabel, fileLabel -} - -// securityCheckContext validates that the SELinux label is understood by the kernel -func securityCheckContext(val string) error { - return os.WriteFile(filepath.Join(getSelinuxMountPoint(), "context"), []byte(val), 0) -} - -// copyLevel returns a label with the MLS/MCS level from src label replaced on -// the dest label. -func copyLevel(src, dest string) (string, error) { - if src == "" { - return "", nil - } - if err := SecurityCheckContext(src); err != nil { - return "", err - } - if err := SecurityCheckContext(dest); err != nil { - return "", err - } - scon, err := NewContext(src) - if err != nil { - return "", err - } - tcon, err := NewContext(dest) - if err != nil { - return "", err - } - mcsDelete(tcon["level"]) - _ = mcsAdd(scon["level"]) - tcon["level"] = scon["level"] - return tcon.Get(), nil -} - -// chcon changes the fpath file object to the SELinux label. -// If fpath is a directory and recurse is true, then chcon walks the -// directory tree setting the label. -func chcon(fpath string, label string, recurse bool) error { - if fpath == "" { - return ErrEmptyPath - } - if label == "" { - return nil - } - - excludePaths := map[string]bool{ - "/": true, - "/bin": true, - "/boot": true, - "/dev": true, - "/etc": true, - "/etc/passwd": true, - "/etc/pki": true, - "/etc/shadow": true, - "/home": true, - "/lib": true, - "/lib64": true, - "/media": true, - "/opt": true, - "/proc": true, - "/root": true, - "/run": true, - "/sbin": true, - "/srv": true, - "/sys": true, - "/tmp": true, - "/usr": true, - "/var": true, - "/var/lib": true, - "/var/log": true, - } - - if home := os.Getenv("HOME"); home != "" { - excludePaths[home] = true - } - - if sudoUser := os.Getenv("SUDO_USER"); sudoUser != "" { - if usr, err := user.Lookup(sudoUser); err == nil { - excludePaths[usr.HomeDir] = true - } - } - - if fpath != "/" { - fpath = strings.TrimSuffix(fpath, "/") - } - if excludePaths[fpath] { - return fmt.Errorf("SELinux relabeling of %s is not allowed", fpath) - } - - if !recurse { - err := lSetFileLabel(fpath, label) - if err != nil { - // Check if file doesn't exist, must have been removed - if errors.Is(err, os.ErrNotExist) { - return nil - } - // Check if current label is correct on disk - flabel, nerr := lFileLabel(fpath) - if nerr == nil && flabel == label { - return nil - } - // Check if file doesn't exist, must have been removed - if errors.Is(nerr, os.ErrNotExist) { - return nil - } - return err - } - return nil - } - - return rchcon(fpath, label) -} - -func rchcon(fpath, label string) error { //revive:disable:cognitive-complexity - fastMode := false - // If the current label matches the new label, assume - // other labels are correct. - if cLabel, err := lFileLabel(fpath); err == nil && cLabel == label { - fastMode = true - } - return pwalkdir.Walk(fpath, func(p string, _ fs.DirEntry, _ error) error { - if fastMode { - if cLabel, err := lFileLabel(p); err == nil && cLabel == label { - return nil - } - } - err := lSetFileLabel(p, label) - // Walk a file tree can race with removal, so ignore ENOENT. - if errors.Is(err, os.ErrNotExist) { - return nil - } - return err - }) -} - -// dupSecOpt takes an SELinux process label and returns security options that -// can be used to set the SELinux Type and Level for future container processes. -func dupSecOpt(src string) ([]string, error) { - if src == "" { - return nil, nil - } - con, err := NewContext(src) - if err != nil { - return nil, err - } - if con["user"] == "" || - con["role"] == "" || - con["type"] == "" { - return nil, nil - } - dup := []string{ - "user:" + con["user"], - "role:" + con["role"], - "type:" + con["type"], - } - - if con["level"] != "" { - dup = append(dup, "level:"+con["level"]) - } - - return dup, nil -} - -// findUserInContext scans the reader for a valid SELinux context -// match that is verified with the verifier. Invalid contexts are -// skipped. It returns a matched context or an empty string if no -// match is found. If a scanner error occurs, it is returned. -func findUserInContext(context Context, r io.Reader, verifier func(string) error) (string, error) { - fromRole := context["role"] - fromType := context["type"] - scanner := bufio.NewScanner(r) - - for scanner.Scan() { - fromConns := strings.Fields(scanner.Text()) - if len(fromConns) == 0 { - // Skip blank lines - continue - } - - line := fromConns[0] - - if line[0] == ';' || line[0] == '#' { - // Skip comments - continue - } - - // user context files contexts are formatted as - // role_r:type_t:s0 where the user is missing. - lineArr := strings.SplitN(line, ":", 4) - // skip context with typo, or role and type do not match - if len(lineArr) != 3 || - lineArr[0] != fromRole || - lineArr[1] != fromType { - continue - } - - for _, cc := range fromConns[1:] { - toConns := strings.SplitN(cc, ":", 4) - if len(toConns) != 3 { - continue - } - - context["role"] = toConns[0] - context["type"] = toConns[1] - - outConn := context.get() - if err := verifier(outConn); err != nil { - continue - } - - return outConn, nil - } - } - if err := scanner.Err(); err != nil { - return "", fmt.Errorf("failed to scan for context: %w", err) - } - - return "", nil -} - -func getDefaultContextFromReaders(c *defaultSECtx) (string, error) { - if c.verifier == nil { - return "", ErrVerifierNil - } - - context, err := newContext(c.scon) - if err != nil { - return "", fmt.Errorf("failed to create label for %s: %w", c.scon, err) - } - - // set so the verifier validates the matched context with the provided user and level. - context["user"] = c.user - context["level"] = c.level - - conn, err := findUserInContext(context, c.userRdr, c.verifier) - if err != nil { - return "", err - } - - if conn != "" { - return conn, nil - } - - conn, err = findUserInContext(context, c.defaultRdr, c.verifier) - if err != nil { - return "", err - } - - if conn != "" { - return conn, nil - } - - return "", fmt.Errorf("context %q not found: %w", c.scon, ErrContextMissing) -} - -func getDefaultContextWithLevel(user, level, scon string) (string, error) { - userPath := filepath.Join(policyRoot(), selinuxUsersDir, user) - fu, err := os.Open(userPath) - if err != nil { - return "", err - } - defer fu.Close() - - defaultPath := filepath.Join(policyRoot(), defaultContexts) - fd, err := os.Open(defaultPath) - if err != nil { - return "", err - } - defer fd.Close() - - c := defaultSECtx{ - user: user, - level: level, - scon: scon, - userRdr: fu, - defaultRdr: fd, - verifier: securityCheckContext, - } - - return getDefaultContextFromReaders(&c) -} diff --git a/internal/third_party/selinux/go-selinux/selinux_linux_test.go b/internal/third_party/selinux/go-selinux/selinux_linux_test.go deleted file mode 100644 index 71aa0b82cc6..00000000000 --- a/internal/third_party/selinux/go-selinux/selinux_linux_test.go +++ /dev/null @@ -1,711 +0,0 @@ -package selinux - -import ( - "bufio" - "bytes" - "errors" - "fmt" - "os" - "path/filepath" - "runtime" - "strconv" - "strings" - "testing" - - "golang.org/x/sys/unix" -) - -func TestSetFileLabel(t *testing.T) { - if !GetEnabled() { - t.Skip("SELinux not enabled, skipping.") - } - - const ( - tmpFile = "selinux_test" - tmpLink = "selinux_test_link" - con = "system_u:object_r:bin_t:s0:c1,c2" - con2 = "system_u:object_r:bin_t:s0:c3,c4" - ) - - _ = os.Remove(tmpFile) - out, err := os.OpenFile(tmpFile, os.O_WRONLY|os.O_CREATE, 0) - if err != nil { - t.Fatal(err) - } - out.Close() - defer os.Remove(tmpFile) - - _ = os.Remove(tmpLink) - if err := os.Symlink(tmpFile, tmpLink); err != nil { - t.Fatal(err) - } - defer os.Remove(tmpLink) - - if err := SetFileLabel(tmpLink, con); err != nil { - t.Fatalf("SetFileLabel failed: %s", err) - } - filelabel, err := FileLabel(tmpLink) - if err != nil { - t.Fatalf("FileLabel failed: %s", err) - } - if filelabel != con { - t.Fatalf("FileLabel failed, returned %s expected %s", filelabel, con) - } - - // Using LfileLabel to verify that the symlink itself is not labeled. - linkLabel, err := LfileLabel(tmpLink) - if err != nil { - t.Fatalf("LfileLabel failed: %s", err) - } - if linkLabel == con { - t.Fatalf("Label on symlink should not be set, got: %q", linkLabel) - } - - // Use LsetFileLabel to set a label on the symlink itself. - if err := LsetFileLabel(tmpLink, con2); err != nil { - t.Fatalf("LsetFileLabel failed: %s", err) - } - filelabel, err = FileLabel(tmpFile) - if err != nil { - t.Fatalf("FileLabel failed: %s", err) - } - if filelabel != con { - t.Fatalf("FileLabel was updated, returned %s expected %s", filelabel, con) - } - - linkLabel, err = LfileLabel(tmpLink) - if err != nil { - t.Fatalf("LfileLabel failed: %s", err) - } - if linkLabel != con2 { - t.Fatalf("LfileLabel failed: returned %s expected %s", linkLabel, con2) - } -} - -func TestKVMLabels(t *testing.T) { - if !GetEnabled() { - t.Skip("SELinux not enabled, skipping.") - } - - plabel, flabel := KVMContainerLabels() - if plabel == "" { - t.Log("Failed to read kvm label") - } - t.Log(plabel) - t.Log(flabel) - if _, err := CanonicalizeContext(plabel); err != nil { - t.Fatal(err) - } - if _, err := CanonicalizeContext(flabel); err != nil { - t.Fatal(err) - } - - ReleaseLabel(plabel) -} - -func TestInitLabels(t *testing.T) { - if !GetEnabled() { - t.Skip("SELinux not enabled, skipping.") - } - - plabel, flabel := InitContainerLabels() - if plabel == "" { - t.Log("Failed to read init label") - } - t.Log(plabel) - t.Log(flabel) - if _, err := CanonicalizeContext(plabel); err != nil { - t.Fatal(err) - } - if _, err := CanonicalizeContext(flabel); err != nil { - t.Fatal(err) - } - ReleaseLabel(plabel) -} - -func TestDuplicateLabel(t *testing.T) { - secopt, err := DupSecOpt("system_u:system_r:container_t:s0:c1,c2") - if err != nil { - t.Fatalf("DupSecOpt: %v", err) - } - for _, opt := range secopt { - con := strings.SplitN(opt, ":", 2) - if con[0] == "user" { - if con[1] != "system_u" { - t.Errorf("DupSecOpt Failed user incorrect") - } - continue - } - if con[0] == "role" { - if con[1] != "system_r" { - t.Errorf("DupSecOpt Failed role incorrect") - } - continue - } - if con[0] == "type" { - if con[1] != "container_t" { - t.Errorf("DupSecOpt Failed type incorrect") - } - continue - } - if con[0] == "level" { - if con[1] != "s0:c1,c2" { - t.Errorf("DupSecOpt Failed level incorrect") - } - continue - } - t.Errorf("DupSecOpt failed: invalid field %q", con[0]) - } - secopt = DisableSecOpt() - if secopt[0] != "disable" { - t.Errorf(`DisableSecOpt failed: want "disable", got %q`, secopt[0]) - } -} - -func TestSELinuxNoLevel(t *testing.T) { - if !GetEnabled() { - t.Skip("SELinux not enabled, skipping.") - } - - tlabel := "system_u:system_r:container_t" - dup, err := DupSecOpt(tlabel) - if err != nil { - t.Fatal(err) - } - - if len(dup) != 3 { - t.Errorf("DupSecOpt failed on non mls label: want 3, got %d", len(dup)) - } - con, err := NewContext(tlabel) - if err != nil { - t.Fatal(err) - } - if con.Get() != tlabel { - t.Errorf("NewContext and con.Get() failed on non mls label: want %q, got %q", tlabel, con.Get()) - } -} - -func TestSocketLabel(t *testing.T) { - if !GetEnabled() { - t.Skip("SELinux not enabled, skipping.") - } - - // Ensure the thread stays the same for duration of the test. - // Otherwise Go runtime can switch this to a different thread, - // which results in EACCES in call to SetSocketLabel. - runtime.LockOSThread() - defer runtime.UnlockOSThread() - - label := "system_u:object_r:container_t:s0:c1,c2" - if err := SetSocketLabel(label); err != nil { - t.Fatal(err) - } - nlabel, err := SocketLabel() - if err != nil { - t.Fatal(err) - } - if label != nlabel { - t.Errorf("SocketLabel %s != %s", nlabel, label) - } -} - -func TestKeyLabel(t *testing.T) { - if !GetEnabled() { - t.Skip("SELinux not enabled, skipping.") - } - - // Ensure the thread stays the same for duration of the test. - // Otherwise Go runtime can switch this to a different thread, - // which results in EACCES in call to SetKeyLabel. - runtime.LockOSThread() - defer runtime.UnlockOSThread() - - if unix.Getpid() != unix.Gettid() { - t.Skip(ErrNotTGLeader) - } - - label := "system_u:object_r:container_t:s0:c1,c2" - if err := SetKeyLabel(label); err != nil { - t.Fatal(err) - } - nlabel, err := KeyLabel() - if err != nil { - t.Fatal(err) - } - if label != nlabel { - t.Errorf("KeyLabel: want %q, got %q", label, nlabel) - } -} - -func BenchmarkContextGet(b *testing.B) { - ctx, err := NewContext("system_u:object_r:container_file_t:s0:c1022,c1023") - if err != nil { - b.Fatal(err) - } - str := "" - for i := 0; i < b.N; i++ { - str = ctx.get() - } - b.Log(str) -} - -func TestSELinux(t *testing.T) { - if !GetEnabled() { - t.Skip("SELinux not enabled, skipping.") - } - - // Ensure the thread stays the same for duration of the test. - // Otherwise Go runtime can switch this to a different thread, - // which results in EACCES in call to SetFSCreateLabel. - runtime.LockOSThread() - defer runtime.UnlockOSThread() - - var ( - err error - plabel, flabel string - ) - - plabel, flabel = ContainerLabels() - t.Log(plabel) - t.Log(flabel) - plabel, flabel = ContainerLabels() - t.Log(plabel) - t.Log(flabel) - ReleaseLabel(plabel) - - plabel, flabel = ContainerLabels() - t.Log(plabel) - t.Log(flabel) - ClearLabels() - t.Log("ClearLabels") - plabel, flabel = ContainerLabels() - t.Log(plabel) - t.Log(flabel) - ReleaseLabel(plabel) - - pid := os.Getpid() - t.Logf("PID:%d MCS:%s", pid, intToMcs(pid, 1023)) - err = SetFSCreateLabel("unconfined_u:unconfined_r:unconfined_t:s0") - if err != nil { - t.Fatal("SetFSCreateLabel failed:", err) - } - t.Log(FSCreateLabel()) - err = SetFSCreateLabel("") - if err != nil { - t.Fatal("SetFSCreateLabel failed:", err) - } - t.Log(FSCreateLabel()) - t.Log(PidLabel(1)) -} - -func TestSetEnforceMode(t *testing.T) { - if !GetEnabled() { - t.Skip("SELinux not enabled, skipping.") - } - if os.Geteuid() != 0 { - t.Skip("root required, skipping") - } - - t.Log("Enforcing Mode:", EnforceMode()) - mode := DefaultEnforceMode() - t.Log("Default Enforce Mode:", mode) - defer func() { - _ = SetEnforceMode(mode) - }() - - if err := SetEnforceMode(Enforcing); err != nil { - t.Fatalf("setting selinux mode to enforcing failed: %v", err) - } - if err := SetEnforceMode(Permissive); err != nil { - t.Fatalf("setting selinux mode to permissive failed: %v", err) - } -} - -func TestCanonicalizeContext(t *testing.T) { - if !GetEnabled() { - t.Skip("SELinux not enabled, skipping.") - } - - con := "system_u:object_r:bin_t:s0:c1,c2,c3" - checkcon := "system_u:object_r:bin_t:s0:c1.c3" - newcon, err := CanonicalizeContext(con) - if err != nil { - t.Fatal(err) - } - if newcon != checkcon { - t.Fatalf("CanonicalizeContext(%s) returned %s expected %s", con, newcon, checkcon) - } - con = "system_u:object_r:bin_t:s0:c5,c2" - checkcon = "system_u:object_r:bin_t:s0:c2,c5" - newcon, err = CanonicalizeContext(con) - if err != nil { - t.Fatal(err) - } - if newcon != checkcon { - t.Fatalf("CanonicalizeContext(%s) returned %s expected %s", con, newcon, checkcon) - } -} - -func TestFindSELinuxfsInMountinfo(t *testing.T) { - //nolint:dupword // ignore duplicate words (sysfs sysfs) - const mountinfo = `18 62 0:17 / /sys rw,nosuid,nodev,noexec,relatime shared:6 - sysfs sysfs rw,seclabel -19 62 0:3 / /proc rw,nosuid,nodev,noexec,relatime shared:5 - proc proc rw -20 62 0:5 / /dev rw,nosuid shared:2 - devtmpfs devtmpfs rw,seclabel,size=3995472k,nr_inodes=998868,mode=755 -21 18 0:16 / /sys/kernel/security rw,nosuid,nodev,noexec,relatime shared:7 - securityfs securityfs rw -22 20 0:18 / /dev/shm rw,nosuid,nodev shared:3 - tmpfs tmpfs rw,seclabel -23 20 0:11 / /dev/pts rw,nosuid,noexec,relatime shared:4 - devpts devpts rw,seclabel,gid=5,mode=620,ptmxmode=000 -24 62 0:19 / /run rw,nosuid,nodev shared:23 - tmpfs tmpfs rw,seclabel,mode=755 -25 18 0:20 / /sys/fs/cgroup ro,nosuid,nodev,noexec shared:8 - tmpfs tmpfs ro,seclabel,mode=755 -26 25 0:21 / /sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime shared:9 - cgroup cgroup rw,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd -27 18 0:22 / /sys/fs/pstore rw,nosuid,nodev,noexec,relatime shared:20 - pstore pstore rw -28 25 0:23 / /sys/fs/cgroup/perf_event rw,nosuid,nodev,noexec,relatime shared:10 - cgroup cgroup rw,perf_event -29 25 0:24 / /sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime shared:11 - cgroup cgroup rw,devices -30 25 0:25 / /sys/fs/cgroup/cpu,cpuacct rw,nosuid,nodev,noexec,relatime shared:12 - cgroup cgroup rw,cpuacct,cpu -31 25 0:26 / /sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime shared:13 - cgroup cgroup rw,freezer -32 25 0:27 / /sys/fs/cgroup/net_cls,net_prio rw,nosuid,nodev,noexec,relatime shared:14 - cgroup cgroup rw,net_prio,net_cls -33 25 0:28 / /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime shared:15 - cgroup cgroup rw,cpuset -34 25 0:29 / /sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime shared:16 - cgroup cgroup rw,memory -35 25 0:30 / /sys/fs/cgroup/pids rw,nosuid,nodev,noexec,relatime shared:17 - cgroup cgroup rw,pids -36 25 0:31 / /sys/fs/cgroup/hugetlb rw,nosuid,nodev,noexec,relatime shared:18 - cgroup cgroup rw,hugetlb -37 25 0:32 / /sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime shared:19 - cgroup cgroup rw,blkio -59 18 0:33 / /sys/kernel/config rw,relatime shared:21 - configfs configfs rw -62 1 253:1 / / rw,relatime shared:1 - ext4 /dev/vda1 rw,seclabel,data=ordered -38 18 0:15 / /sys/fs/selinux rw,relatime shared:22 - selinuxfs selinuxfs rw -39 19 0:35 / /proc/sys/fs/binfmt_misc rw,relatime shared:24 - autofs systemd-1 rw,fd=29,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=11601 -40 20 0:36 / /dev/hugepages rw,relatime shared:25 - hugetlbfs hugetlbfs rw,seclabel -41 20 0:14 / /dev/mqueue rw,relatime shared:26 - mqueue mqueue rw,seclabel -42 18 0:6 / /sys/kernel/debug rw,relatime shared:27 - debugfs debugfs rw -112 62 253:1 /var/lib/docker/plugins /var/lib/docker/plugins rw,relatime - ext4 /dev/vda1 rw,seclabel,data=ordered -115 62 253:1 /var/lib/docker/overlay2 /var/lib/docker/overlay2 rw,relatime - ext4 /dev/vda1 rw,seclabel,data=ordered -118 62 7:0 / /root/mnt rw,relatime shared:66 - ext4 /dev/loop0 rw,seclabel,data=ordered -121 115 0:38 / /var/lib/docker/overlay2/8cdbabf81bc89b14ea54eaf418c1922068f06917fff57e184aa26541ff291073/merged rw,relatime - overlay overlay rw,seclabel,lowerdir=/var/lib/docker/overlay2/l/CPD4XI7UD4GGTGSJVPQSHWZKTK:/var/lib/docker/overlay2/l/NQKORR3IS7KNQDER35AZECLH4Z,upperdir=/var/lib/docker/overlay2/8cdbabf81bc89b14ea54eaf418c1922068f06917fff57e184aa26541ff291073/diff,workdir=/var/lib/docker/overlay2/8cdbabf81bc89b14ea54eaf418c1922068f06917fff57e184aa26541ff291073/work -125 62 0:39 / /var/lib/docker/containers/5e3fce422957c291a5b502c2cf33d512fc1fcac424e4113136c808360e5b7215/shm rw,nosuid,nodev,noexec,relatime shared:68 - tmpfs shm rw,seclabel,size=65536k -186 24 0:3 / /run/docker/netns/0a08e7496c6d rw,nosuid,nodev,noexec,relatime shared:5 - proc proc rw -130 62 0:15 / /root/chroot/selinux rw,relatime shared:22 - selinuxfs selinuxfs rw -109 24 0:37 / /run/user/0 rw,nosuid,nodev,relatime shared:62 - tmpfs tmpfs rw,seclabel,size=801032k,mode=700 -` - s := bufio.NewScanner(bytes.NewBuffer([]byte(mountinfo))) - for _, expected := range []string{"/sys/fs/selinux", "/root/chroot/selinux", ""} { - mnt := findSELinuxfsMount(s) - t.Logf("found %q", mnt) - if mnt != expected { - t.Fatalf("expected %q, got %q", expected, mnt) - } - } -} - -func TestSecurityCheckContext(t *testing.T) { - if !GetEnabled() { - t.Skip("SELinux not enabled, skipping.") - } - - // check with valid context - context, err := CurrentLabel() - if err != nil { - t.Fatalf("CurrentLabel() error: %v", err) - } - if context != "" { - t.Logf("SecurityCheckContext(%q)", context) - err = SecurityCheckContext(context) - if err != nil { - t.Errorf("SecurityCheckContext(%q) error: %v", context, err) - } - } - - context = "not-syntactically-valid" - err = SecurityCheckContext(context) - if err == nil { - t.Errorf("SecurityCheckContext(%q) succeeded, expected to fail", context) - } -} - -func TestClassIndex(t *testing.T) { - if !GetEnabled() { - t.Skip("SELinux not enabled, skipping.") - } - - idx, err := ClassIndex("process") - if err != nil { - t.Errorf("Classindex error: %v", err) - } - // Every known policy has process as index 2, but it isn't guaranteed - if idx != 2 { - t.Errorf("ClassIndex unexpected answer %d, possibly not reference policy", idx) - } - - _, err = ClassIndex("foobar") - if err == nil { - t.Errorf("ClassIndex(\"foobar\") succeeded, expected to fail:") - } -} - -func TestComputeCreateContext(t *testing.T) { - if !GetEnabled() { - t.Skip("SELinux not enabled, skipping.") - } - - // This may or may not be in the loaded policy but any refpolicy based policy should have it - init := "system_u:system_r:init_t:s0" - tmp := "system_u:object_r:tmp_t:s0" - file := "file" - t.Logf("ComputeCreateContext(%s, %s, %s)", init, tmp, file) - context, err := ComputeCreateContext(init, tmp, file) - if err != nil { - t.Errorf("ComputeCreateContext error: %v", err) - } - if context != "system_u:object_r:init_tmp_t:s0" { - t.Errorf("ComputeCreateContext unexpected answer %s, possibly not reference policy", context) - } - - badcon := "badcon" - process := "process" - // Test to ensure that a bad context returns an error - t.Logf("ComputeCreateContext(%s, %s, %s)", badcon, tmp, process) - _, err = ComputeCreateContext(badcon, tmp, process) - if err == nil { - t.Errorf("ComputeCreateContext(%s, %s, %s) succeeded, expected failure", badcon, tmp, process) - } -} - -func TestGlbLub(t *testing.T) { - tests := []struct { - expectedErr error - sourceRange string - targetRange string - expectedRange string - }{ - { - sourceRange: "s0:c0.c100-s10:c0.c150", - targetRange: "s5:c50.c100-s15:c0.c149", - expectedRange: "s5:c50.c100-s10:c0.c149", - }, - { - sourceRange: "s5:c50.c100-s15:c0.c149", - targetRange: "s0:c0.c100-s10:c0.c150", - expectedRange: "s5:c50.c100-s10:c0.c149", - }, - { - sourceRange: "s0:c0.c100-s10:c0.c150", - targetRange: "s0", - expectedRange: "s0", - }, - { - sourceRange: "s6:c0.c1023", - targetRange: "s6:c0,c2,c11,c201.c429,c431.c511", - expectedRange: "s6:c0,c2,c11,c201.c429,c431.c511", - }, - { - sourceRange: "s0-s15:c0.c1023", - targetRange: "s6:c0,c2,c11,c201.c429,c431.c511", - expectedRange: "s6-s6:c0,c2,c11,c201.c429,c431.c511", - }, - { - sourceRange: "s0:c0.c100,c125,c140,c150-s10", - targetRange: "s4:c0.c50,c140", - expectedRange: "s4:c0.c50,c140-s4", - }, - { - sourceRange: "s5:c512.c550,c552.c1023-s5:c0.c550,c552.c1023", - targetRange: "s5:c512.c550,c553.c1023-s5:c0,c1,c4,c5,c6,c512.c550,c553.c1023", - expectedRange: "s5:c512.c550,c553.c1023-s5:c0,c1,c4.c6,c512.c550,c553.c1023", - }, - { - sourceRange: "s5:c512.c540,c542,c543,c552.c1023-s5:c0.c550,c552.c1023", - targetRange: "s5:c512.c550,c553.c1023-s5:c0,c1,c4,c5,c6,c512.c550,c553.c1023", - expectedRange: "s5:c512.c540,c542,c543,c553.c1023-s5:c0,c1,c4.c6,c512.c550,c553.c1023", - }, - { - sourceRange: "s5:c50.c100-s15:c0.c149", - targetRange: "s5:c512.c550,c552.c1023-s5:c0.c550,c552.c1023", - expectedRange: "s5-s5:c0.c149", - }, - { - sourceRange: "s5-s15", - targetRange: "s6-s7", - expectedRange: "s6-s7", - }, - { - sourceRange: "s5:c50.c100-s15:c0.c149", - targetRange: "s4-s4:c0.c1023", - expectedErr: ErrIncomparable, - }, - { - sourceRange: "s4-s4:c0.c1023", - targetRange: "s5:c50.c100-s15:c0.c149", - expectedErr: ErrIncomparable, - }, - { - sourceRange: "s4-s4:c0.c1023.c10000", - targetRange: "s5:c50.c100-s15:c0.c149", - expectedErr: strconv.ErrSyntax, - }, - { - sourceRange: "s4-s4:c0.c1023.c10000-s4", - targetRange: "s5:c50.c100-s15:c0.c149-s5", - expectedErr: strconv.ErrSyntax, - }, - { - sourceRange: "4-4", - targetRange: "s5:c50.c100-s15:c0.c149", - expectedErr: ErrLevelSyntax, - }, - { - sourceRange: "t4-t4", - targetRange: "s5:c50.c100-s15:c0.c149", - expectedErr: ErrLevelSyntax, - }, - { - sourceRange: "s5:x50.x100-s15:c0.c149", - targetRange: "s5:c50.c100-s15:c0.c149", - expectedErr: ErrLevelSyntax, - }, - } - - for _, tt := range tests { - got, err := CalculateGlbLub(tt.sourceRange, tt.targetRange) - if !errors.Is(err, tt.expectedErr) { - // Go 1.13 strconv errors are not unwrappable, - // so do that manually. - // TODO remove this once we stop supporting Go 1.13. - var numErr *strconv.NumError - if errors.As(err, &numErr) && numErr.Err == tt.expectedErr { //nolint:errorlint // see above - continue - } - t.Fatalf("want %q got %q: src: %q tgt: %q", tt.expectedErr, err, tt.sourceRange, tt.targetRange) - } - - if got != tt.expectedRange { - t.Errorf("want %q got %q", tt.expectedRange, got) - } - } -} - -func TestContextWithLevel(t *testing.T) { - want := "bob:sysadm_r:sysadm_t:SystemLow-SystemHigh" - - goodDefaultBuff := ` -foo_r:foo_t:s0 sysadm_r:sysadm_t:s0 -staff_r:staff_t:s0 baz_r:baz_t:s0 sysadm_r:sysadm_t:s0 -` - - verifier := func(con string) error { - if con != want { - return fmt.Errorf("invalid context %s", con) - } - - return nil - } - - tests := []struct { - name, userBuff, defaultBuff string - }{ - { - name: "match exists in user context file", - userBuff: `# COMMENT -foo_r:foo_t:s0 sysadm_r:sysadm_t:s0 - -staff_r:staff_t:s0 baz_r:baz_t:s0 sysadm_r:sysadm_t:s0 -`, - defaultBuff: goodDefaultBuff, - }, - { - name: "match exists in default context file, but not in user file", - userBuff: `# COMMENT -foo_r:foo_t:s0 sysadm_r:sysadm_t:s0 -fake_r:fake_t:s0 baz_r:baz_t:s0 sysadm_r:sysadm_t:s0 -`, - defaultBuff: goodDefaultBuff, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - c := defaultSECtx{ - user: "bob", - level: "SystemLow-SystemHigh", - scon: "system_u:staff_r:staff_t:s0", - userRdr: bytes.NewBufferString(tt.userBuff), - defaultRdr: bytes.NewBufferString(tt.defaultBuff), - verifier: verifier, - } - - got, err := getDefaultContextFromReaders(&c) - if err != nil { - t.Fatalf("err should not exist but is: %v", err) - } - - if got != want { - t.Fatalf("got context: %q but expected %q", got, want) - } - }) - } - - t.Run("no match in user or default context files", func(t *testing.T) { - badUserBuff := "" - - badDefaultBuff := ` - foo_r:foo_t:s0 sysadm_r:sysadm_t:s0 - dne_r:dne_t:s0 baz_r:baz_t:s0 sysadm_r:sysadm_t:s0 - ` - c := defaultSECtx{ - user: "bob", - level: "SystemLow-SystemHigh", - scon: "system_u:staff_r:staff_t:s0", - userRdr: bytes.NewBufferString(badUserBuff), - defaultRdr: bytes.NewBufferString(badDefaultBuff), - verifier: verifier, - } - - _, err := getDefaultContextFromReaders(&c) - if err == nil { - t.Fatalf("err was expected") - } - }) -} - -func BenchmarkChcon(b *testing.B) { - file, err := filepath.Abs(os.Args[0]) - if err != nil { - b.Fatalf("filepath.Abs: %v", err) - } - dir := filepath.Dir(file) - con, err := FileLabel(file) - if err != nil { - b.Fatalf("FileLabel(%q): %v", file, err) - } - b.Logf("Chcon(%q, %q)", dir, con) - b.ResetTimer() - for n := 0; n < b.N; n++ { - if err := Chcon(dir, con, true); err != nil { - b.Fatal(err) - } - } -} - -func BenchmarkCurrentLabel(b *testing.B) { - var ( - l string - err error - ) - for n := 0; n < b.N; n++ { - l, err = CurrentLabel() - if err != nil { - b.Fatal(err) - } - } - b.Log(l) -} - -func BenchmarkReadConfig(b *testing.B) { - str := "" - for n := 0; n < b.N; n++ { - str = readConfig(selinuxTypeTag) - } - b.Log(str) -} - -func BenchmarkLoadLabels(b *testing.B) { - for n := 0; n < b.N; n++ { - loadLabels() - } -} diff --git a/internal/third_party/selinux/go-selinux/selinux_stub.go b/internal/third_party/selinux/go-selinux/selinux_stub.go deleted file mode 100644 index 267921239c2..00000000000 --- a/internal/third_party/selinux/go-selinux/selinux_stub.go +++ /dev/null @@ -1,159 +0,0 @@ -//go:build !linux -// +build !linux - -package selinux - -func attrPath(string) string { - return "" -} - -func readConThreadSelf(string) (string, error) { - return "", nil -} - -func writeConThreadSelf(string, string) error { - return nil -} - -func setDisabled() {} - -func getEnabled() bool { - return false -} - -func classIndex(string) (int, error) { - return -1, nil -} - -func setFileLabel(string, string) error { - return nil -} - -func lSetFileLabel(string, string) error { - return nil -} - -func fileLabel(string) (string, error) { - return "", nil -} - -func lFileLabel(string) (string, error) { - return "", nil -} - -func setFSCreateLabel(string) error { - return nil -} - -func fsCreateLabel() (string, error) { - return "", nil -} - -func currentLabel() (string, error) { - return "", nil -} - -func pidLabel(int) (string, error) { - return "", nil -} - -func execLabel() (string, error) { - return "", nil -} - -func canonicalizeContext(string) (string, error) { - return "", nil -} - -func computeCreateContext(string, string, string) (string, error) { - return "", nil -} - -func calculateGlbLub(string, string) (string, error) { - return "", nil -} - -func peerLabel(uintptr) (string, error) { - return "", nil -} - -func setKeyLabel(string) error { - return nil -} - -func keyLabel() (string, error) { - return "", nil -} - -func (c Context) get() string { - return "" -} - -func newContext(string) (Context, error) { - return Context{}, nil -} - -func clearLabels() { -} - -func reserveLabel(string) { -} - -func isMLSEnabled() bool { - return false -} - -func enforceMode() int { - return Disabled -} - -func setEnforceMode(int) error { - return nil -} - -func defaultEnforceMode() int { - return Disabled -} - -func releaseLabel(string) { -} - -func roFileLabel() string { - return "" -} - -func kvmContainerLabels() (string, string) { - return "", "" -} - -func initContainerLabels() (string, string) { - return "", "" -} - -func containerLabels() (string, string) { - return "", "" -} - -func securityCheckContext(string) error { - return nil -} - -func copyLevel(string, string) (string, error) { - return "", nil -} - -func chcon(string, string, bool) error { - return nil -} - -func dupSecOpt(string) ([]string, error) { - return nil, nil -} - -func getDefaultContextWithLevel(string, string, string) (string, error) { - return "", nil -} - -func label(_ string) string { - return "" -} diff --git a/internal/third_party/selinux/go-selinux/selinux_stub_test.go b/internal/third_party/selinux/go-selinux/selinux_stub_test.go deleted file mode 100644 index 19ea636a49a..00000000000 --- a/internal/third_party/selinux/go-selinux/selinux_stub_test.go +++ /dev/null @@ -1,127 +0,0 @@ -//go:build !linux -// +build !linux - -package selinux - -import ( - "testing" -) - -const testLabel = "foobar" - -func TestSELinuxStubs(t *testing.T) { - if GetEnabled() { - t.Error("SELinux enabled on non-linux.") - } - - tmpDir := t.TempDir() - if _, err := FileLabel(tmpDir); err != nil { - t.Error(err) - } - - if err := SetFileLabel(tmpDir, testLabel); err != nil { - t.Error(err) - } - - if _, err := LfileLabel(tmpDir); err != nil { - t.Error(err) - } - if err := LsetFileLabel(tmpDir, testLabel); err != nil { - t.Error(err) - } - - if err := SetFSCreateLabel(testLabel); err != nil { - t.Error(err) - } - - if _, err := FSCreateLabel(); err != nil { - t.Error(err) - } - if _, err := CurrentLabel(); err != nil { - t.Error(err) - } - - if _, err := PidLabel(0); err != nil { - t.Error(err) - } - - ClearLabels() - - ReserveLabel(testLabel) - ReleaseLabel(testLabel) - if _, err := DupSecOpt(testLabel); err != nil { - t.Error(err) - } - if v := DisableSecOpt(); len(v) != 1 || v[0] != "disable" { - t.Errorf(`expected "disabled", got %v`, v) - } - SetDisabled() - if enabled := GetEnabled(); enabled { - t.Error("Should not be enabled") - } - if err := SetExecLabel(testLabel); err != nil { - t.Error(err) - } - if err := SetTaskLabel(testLabel); err != nil { - t.Error(err) - } - if _, err := ExecLabel(); err != nil { - t.Error(err) - } - if _, err := CanonicalizeContext(testLabel); err != nil { - t.Error(err) - } - if _, err := ComputeCreateContext("foo", "bar", testLabel); err != nil { - t.Error(err) - } - if err := SetSocketLabel(testLabel); err != nil { - t.Error(err) - } - if _, err := ClassIndex(testLabel); err != nil { - t.Error(err) - } - if _, err := SocketLabel(); err != nil { - t.Error(err) - } - if _, err := PeerLabel(0); err != nil { - t.Error(err) - } - if err := SetKeyLabel(testLabel); err != nil { - t.Error(err) - } - if _, err := KeyLabel(); err != nil { - t.Error(err) - } - if err := SetExecLabel(testLabel); err != nil { - t.Error(err) - } - if _, err := ExecLabel(); err != nil { - t.Error(err) - } - con, err := NewContext(testLabel) - if err != nil { - t.Error(err) - } - con.Get() - if err = SetEnforceMode(1); err != nil { - t.Error(err) - } - if v := DefaultEnforceMode(); v != Disabled { - t.Errorf("expected %d, got %d", Disabled, v) - } - if v := EnforceMode(); v != Disabled { - t.Errorf("expected %d, got %d", Disabled, v) - } - if v := ROFileLabel(); v != "" { - t.Errorf(`expected "", got %q`, v) - } - if processLbl, fileLbl := ContainerLabels(); processLbl != "" || fileLbl != "" { - t.Errorf(`expected fileLbl="", fileLbl="" got processLbl=%q, fileLbl=%q`, processLbl, fileLbl) - } - if err = SecurityCheckContext(testLabel); err != nil { - t.Error(err) - } - if _, err = CopyLevel("foo", "bar"); err != nil { - t.Error(err) - } -} diff --git a/internal/third_party/selinux/go-selinux/xattrs_linux.go b/internal/third_party/selinux/go-selinux/xattrs_linux.go deleted file mode 100644 index 559c851075e..00000000000 --- a/internal/third_party/selinux/go-selinux/xattrs_linux.go +++ /dev/null @@ -1,71 +0,0 @@ -package selinux - -import ( - "golang.org/x/sys/unix" -) - -// lgetxattr returns a []byte slice containing the value of -// an extended attribute attr set for path. -func lgetxattr(path, attr string) ([]byte, error) { - // Start with a 128 length byte array - dest := make([]byte, 128) - sz, errno := doLgetxattr(path, attr, dest) - for errno == unix.ERANGE { //nolint:errorlint // unix errors are bare - // Buffer too small, use zero-sized buffer to get the actual size - sz, errno = doLgetxattr(path, attr, []byte{}) - if errno != nil { - return nil, errno - } - - dest = make([]byte, sz) - sz, errno = doLgetxattr(path, attr, dest) - } - if errno != nil { - return nil, errno - } - - return dest[:sz], nil -} - -// doLgetxattr is a wrapper that retries on EINTR -func doLgetxattr(path, attr string, dest []byte) (int, error) { - for { - sz, err := unix.Lgetxattr(path, attr, dest) - if err != unix.EINTR { - return sz, err - } - } -} - -// getxattr returns a []byte slice containing the value of -// an extended attribute attr set for path. -func getxattr(path, attr string) ([]byte, error) { - // Start with a 128 length byte array - dest := make([]byte, 128) - sz, errno := dogetxattr(path, attr, dest) - for errno == unix.ERANGE { //nolint:errorlint // unix errors are bare - // Buffer too small, use zero-sized buffer to get the actual size - sz, errno = dogetxattr(path, attr, []byte{}) - if errno != nil { - return nil, errno - } - - dest = make([]byte, sz) - sz, errno = dogetxattr(path, attr, dest) - } - if errno != nil { - return nil, errno - } - - return dest[:sz], nil -} - -// dogetxattr is a wrapper that retries on EINTR -func dogetxattr(path, attr string, dest []byte) (int, error) { - for { - sz, err := unix.Getxattr(path, attr, dest) - if err != unix.EINTR { - return sz, err - } - } -} diff --git a/internal/third_party/selinux/go.mod b/internal/third_party/selinux/go.mod deleted file mode 100644 index 24d3261a942..00000000000 --- a/internal/third_party/selinux/go.mod +++ /dev/null @@ -1,8 +0,0 @@ -module github.com/opencontainers/selinux - -go 1.19 - -require ( - github.com/cyphar/filepath-securejoin v0.5.0 - golang.org/x/sys v0.18.0 -) diff --git a/internal/third_party/selinux/go.sum b/internal/third_party/selinux/go.sum deleted file mode 100644 index b9ae09877a4..00000000000 --- a/internal/third_party/selinux/go.sum +++ /dev/null @@ -1,8 +0,0 @@ -github.com/cyphar/filepath-securejoin v0.5.0 h1:hIAhkRBMQ8nIeuVwcAoymp7MY4oherZdAxD+m0u9zaw= -github.com/cyphar/filepath-securejoin v0.5.0/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI= -github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= -github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= -github.com/stretchr/testify v1.7.1 h1:5TQK59W5E3v0r2duFAb7P95B6hEeOyEnHRa8MjYSMTY= -golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= -golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= diff --git a/internal/third_party/selinux/pkg/pwalk/README.md b/internal/third_party/selinux/pkg/pwalk/README.md deleted file mode 100644 index a060ad364cd..00000000000 --- a/internal/third_party/selinux/pkg/pwalk/README.md +++ /dev/null @@ -1,52 +0,0 @@ -## pwalk: parallel implementation of filepath.Walk - -This is a wrapper for [filepath.Walk](https://pkg.go.dev/path/filepath?tab=doc#Walk) -which may speed it up by calling multiple callback functions (WalkFunc) in parallel, -utilizing goroutines. - -By default, it utilizes 2\*runtime.NumCPU() goroutines for callbacks. -This can be changed by using WalkN function which has the additional -parameter, specifying the number of goroutines (concurrency). - -### pwalk vs pwalkdir - -This package is deprecated in favor of -[pwalkdir](https://pkg.go.dev/github.com/opencontainers/selinux/pkg/pwalkdir), -which is faster, but requires at least Go 1.16. - -### Caveats - -Please note the following limitations of this code: - -* Unlike filepath.Walk, the order of calls is non-deterministic; - -* Only primitive error handling is supported: - - * filepath.SkipDir is not supported; - - * ErrNotExist errors from filepath.Walk are silently ignored for any path - except the top directory (Walk argument); any other error is returned to - the caller of Walk; - - * no errors are ever passed to WalkFunc; - - * once any error is returned from any WalkFunc instance, no more new calls - to WalkFunc are made, and the error is returned to the caller of Walk; - - * if more than one walkFunc instance will return an error, only one - of such errors will be propagated and returned by Walk, others - will be silently discarded. - -### Documentation - -For the official documentation, see -https://pkg.go.dev/github.com/opencontainers/selinux/pkg/pwalk?tab=doc - -### Benchmarks - -For a WalkFunc that consists solely of the return statement, this -implementation is about 10% slower than the standard library's -filepath.Walk. - -Otherwise (if a WalkFunc is doing something) this is usually faster, -except when the WalkN(..., 1) is used. diff --git a/internal/third_party/selinux/pkg/pwalk/pwalk.go b/internal/third_party/selinux/pkg/pwalk/pwalk.go deleted file mode 100644 index 686c8bac32c..00000000000 --- a/internal/third_party/selinux/pkg/pwalk/pwalk.go +++ /dev/null @@ -1,131 +0,0 @@ -package pwalk - -import ( - "errors" - "fmt" - "os" - "path/filepath" - "runtime" - "sync" -) - -// WalkFunc is the type of the function called by Walk to visit each -// file or directory. It is an alias for [filepath.WalkFunc]. -// -// Deprecated: use [github.com/opencontainers/selinux/pkg/pwalkdir] and [fs.WalkDirFunc]. -type WalkFunc = filepath.WalkFunc - -// Walk is a wrapper for filepath.Walk which can call multiple walkFn -// in parallel, allowing to handle each item concurrently. A maximum of -// twice the runtime.NumCPU() walkFn will be called at any one time. -// If you want to change the maximum, use WalkN instead. -// -// The order of calls is non-deterministic. -// -// Note that this implementation only supports primitive error handling: -// -// - no errors are ever passed to walkFn; -// -// - once a walkFn returns any error, all further processing stops -// and the error is returned to the caller of Walk; -// -// - filepath.SkipDir is not supported; -// -// - if more than one walkFn instance will return an error, only one -// of such errors will be propagated and returned by Walk, others -// will be silently discarded. -// -// Deprecated: use [github.com/opencontainers/selinux/pkg/pwalkdir.Walk] -func Walk(root string, walkFn WalkFunc) error { - return WalkN(root, walkFn, runtime.NumCPU()*2) -} - -// WalkN is a wrapper for filepath.Walk which can call multiple walkFn -// in parallel, allowing to handle each item concurrently. A maximum of -// num walkFn will be called at any one time. -// -// Please see Walk documentation for caveats of using this function. -// -// Deprecated: use [github.com/opencontainers/selinux/pkg/pwalkdir.WalkN] -func WalkN(root string, walkFn WalkFunc, num int) error { - // make sure limit is sensible - if num < 1 { - return fmt.Errorf("walk(%q): num must be > 0", root) - } - - files := make(chan *walkArgs, 2*num) - errCh := make(chan error, 1) // get the first error, ignore others - - // Start walking a tree asap - var ( - err error - wg sync.WaitGroup - - rootLen = len(root) - rootEntry *walkArgs - ) - wg.Add(1) - go func() { - err = filepath.Walk(root, func(p string, info os.FileInfo, err error) error { - if err != nil { - // Walking a file tree can race with removal, - // so ignore ENOENT, except for root. - // https://github.com/opencontainers/selinux/issues/199. - if errors.Is(err, os.ErrNotExist) && len(p) != rootLen { - return nil - } - - close(files) - return err - } - if len(p) == rootLen { - // Root entry is processed separately below. - rootEntry = &walkArgs{path: p, info: &info} - return nil - } - // add a file to the queue unless a callback sent an error - select { - case e := <-errCh: - close(files) - return e - default: - files <- &walkArgs{path: p, info: &info} - return nil - } - }) - if err == nil { - close(files) - } - wg.Done() - }() - - wg.Add(num) - for i := 0; i < num; i++ { - go func() { - for file := range files { - if e := walkFn(file.path, *file.info, nil); e != nil { - select { - case errCh <- e: // sent ok - default: // buffer full - } - } - } - wg.Done() - }() - } - - wg.Wait() - - if err == nil { - err = walkFn(rootEntry.path, *rootEntry.info, nil) - } - - return err -} - -// walkArgs holds the arguments that were passed to the Walk or WalkN -// functions. -type walkArgs struct { - info *os.FileInfo - path string -} diff --git a/internal/third_party/selinux/pkg/pwalk/pwalk_test.go b/internal/third_party/selinux/pkg/pwalk/pwalk_test.go deleted file mode 100644 index 9cca3b6b15a..00000000000 --- a/internal/third_party/selinux/pkg/pwalk/pwalk_test.go +++ /dev/null @@ -1,236 +0,0 @@ -package pwalk - -import ( - "errors" - "math/rand" - "os" - "path/filepath" - "runtime" - "sync/atomic" - "testing" - "time" -) - -func TestWalk(t *testing.T) { - var ac atomic.Uint32 - concurrency := runtime.NumCPU() * 2 - - dir, total := prepareTestSet(t, 3, 2, 1) - - err := WalkN(dir, - func(_ string, _ os.FileInfo, _ error) error { - ac.Add(1) - return nil - }, - concurrency) - if err != nil { - t.Errorf("Walk failed: %v", err) - } - count := ac.Load() - if count != total { - t.Errorf("File count mismatch: found %d, expected %d", count, total) - } - - t.Logf("concurrency: %d, files found: %d", concurrency, count) -} - -func TestWalkTopLevelErrNotExistNotIgnored(t *testing.T) { - if WalkN("non-existent-directory", cbEmpty, 8) == nil { - t.Fatal("expected ErrNotExist, got nil") - } -} - -// https://github.com/opencontainers/selinux/issues/199 -func TestWalkRaceWithRemoval(t *testing.T) { - var ac atomic.Uint32 - concurrency := runtime.NumCPU() * 2 - // This test is still on a best-effort basis, meaning it can still pass - // when there is a bug in the code, but the larger the test set is, the - // higher the probability that this test fails (without a fix). - // - // With this set (4, 5, 6), and the fix commented out, it fails - // 100 out of 100 runs on my machine. - dir, total := prepareTestSet(t, 4, 5, 6) - - // Race walk with removal. - go os.RemoveAll(dir) - err := WalkN(dir, - func(_ string, _ os.FileInfo, _ error) error { - ac.Add(1) - return nil - }, - concurrency) - count := int(ac.Load()) - t.Logf("found %d of %d files", count, total) - if err != nil { - t.Fatalf("expected nil, got %v", err) - } -} - -func TestWalkDirManyErrors(t *testing.T) { - var ac atomic.Uint32 - - dir, total := prepareTestSet(t, 3, 3, 2) - - maxFiles := total / 2 - e42 := errors.New("42") - err := Walk(dir, - func(_ string, _ os.FileInfo, _ error) error { - if ac.Add(1) > maxFiles { - return e42 - } - return nil - }) - count := ac.Load() - t.Logf("found %d of %d files", count, total) - - if err == nil { - t.Errorf("Walk succeeded, but error is expected") - if count != total { - t.Errorf("File count mismatch: found %d, expected %d", count, total) - } - } -} - -func makeManyDirs(prefix string, levels, dirs, files int) (count uint32, err error) { - for d := 0; d < dirs; d++ { - var dir string - dir, err = os.MkdirTemp(prefix, "d-") - if err != nil { - return count, err - } - count++ - for f := 0; f < files; f++ { - var fi *os.File - fi, err = os.CreateTemp(dir, "f-") - if err != nil { - return count, err - } - _ = fi.Close() - count++ - } - if levels == 0 { - continue - } - var c uint32 - if c, err = makeManyDirs(dir, levels-1, dirs, files); err != nil { - return count, err - } - count += c - } - - return count, err -} - -// prepareTestSet() creates a directory tree of shallow files, -// to be used for testing or benchmarking. -// -// Total dirs: dirs^levels + dirs^(levels-1) + ... + dirs^1 -// Total files: total_dirs * files -func prepareTestSet(tb testing.TB, levels, dirs, files int) (dir string, total uint32) { - tb.Helper() - var err error - - dir = tb.TempDir() - total, err = makeManyDirs(dir, levels, dirs, files) - if err != nil { - tb.Fatal(err) - } - total++ // this dir - - return dir, total -} - -type walkerFunc func(root string, walkFn WalkFunc) error - -func genWalkN(n int) walkerFunc { - return func(root string, walkFn WalkFunc) error { - return WalkN(root, walkFn, n) - } -} - -func BenchmarkWalk(b *testing.B) { - const ( - levels = 5 // how deep - dirs = 3 // dirs on each levels - files = 8 // files on each levels - ) - - benchmarks := []struct { - walk filepath.WalkFunc - name string - }{ - {name: "Empty", walk: cbEmpty}, - {name: "ReadFile", walk: cbReadFile}, - {name: "ChownChmod", walk: cbChownChmod}, - {name: "RandomSleep", walk: cbRandomSleep}, - } - - walkers := []struct { - walker walkerFunc - name string - }{ - {name: "filepath.Walk", walker: filepath.Walk}, - {name: "pwalk.Walk", walker: Walk}, - // test WalkN with various values of N - {name: "pwalk.Walk1", walker: genWalkN(1)}, - {name: "pwalk.Walk2", walker: genWalkN(2)}, - {name: "pwalk.Walk4", walker: genWalkN(4)}, - {name: "pwalk.Walk8", walker: genWalkN(8)}, - {name: "pwalk.Walk16", walker: genWalkN(16)}, - {name: "pwalk.Walk32", walker: genWalkN(32)}, - {name: "pwalk.Walk64", walker: genWalkN(64)}, - {name: "pwalk.Walk128", walker: genWalkN(128)}, - {name: "pwalk.Walk256", walker: genWalkN(256)}, - } - - dir, total := prepareTestSet(b, levels, dirs, files) - b.Logf("dataset: %d levels x %d dirs x %d files, total entries: %d", levels, dirs, files, total) - - for _, bm := range benchmarks { - for _, w := range walkers { - walker := w.walker - walkFn := bm.walk - // preheat - if err := w.walker(dir, bm.walk); err != nil { - b.Errorf("walk failed: %v", err) - } - // benchmark - b.Run(bm.name+"/"+w.name, func(b *testing.B) { - for i := 0; i < b.N; i++ { - if err := walker(dir, walkFn); err != nil { - b.Errorf("walk failed: %v", err) - } - } - }) - } - } -} - -func cbEmpty(_ string, _ os.FileInfo, _ error) error { - return nil -} - -func cbChownChmod(path string, info os.FileInfo, _ error) error { - _ = os.Chown(path, 0, 0) - mode := os.FileMode(0o644) - if info.Mode().IsDir() { - mode = os.FileMode(0o755) - } - _ = os.Chmod(path, mode) - - return nil -} - -func cbReadFile(path string, info os.FileInfo, _ error) error { - var err error - if info.Mode().IsRegular() { - _, err = os.ReadFile(path) - } - return err -} - -func cbRandomSleep(_ string, _ os.FileInfo, _ error) error { - time.Sleep(time.Duration(rand.Intn(500)) * time.Microsecond) //nolint:gosec // ignore G404: Use of weak random number generator - return nil -} diff --git a/internal/third_party/selinux/pkg/pwalkdir/README.md b/internal/third_party/selinux/pkg/pwalkdir/README.md deleted file mode 100644 index b827e7dd73f..00000000000 --- a/internal/third_party/selinux/pkg/pwalkdir/README.md +++ /dev/null @@ -1,56 +0,0 @@ -## pwalkdir: parallel implementation of filepath.WalkDir - -This is a wrapper for [filepath.WalkDir](https://pkg.go.dev/path/filepath#WalkDir) -which may speed it up by calling multiple callback functions (WalkDirFunc) -in parallel, utilizing goroutines. - -By default, it utilizes 2\*runtime.NumCPU() goroutines for callbacks. -This can be changed by using WalkN function which has the additional -parameter, specifying the number of goroutines (concurrency). - -### pwalk vs pwalkdir - -This package is very similar to -[pwalk](https://pkg.go.dev/github.com/opencontainers/selinux/pkg/pwalkdir), -but utilizes `filepath.WalkDir` (added to Go 1.16), which does not call stat(2) -on every entry and is therefore faster (up to 3x, depending on usage scenario). - -Users who are OK with requiring Go 1.16+ should switch to this -implementation. - -### Caveats - -Please note the following limitations of this code: - -* Unlike filepath.WalkDir, the order of calls is non-deterministic; - -* Only primitive error handling is supported: - - * fs.SkipDir is not supported; - - * ErrNotExist errors from filepath.WalkDir are silently ignored for any path - except the top directory (WalkDir argument); any other error is returned to - the caller of WalkDir; - - * once any error is returned from any walkDirFunc instance, no more calls - to WalkDirFunc are made, and the error is returned to the caller of WalkDir; - - * if more than one WalkDirFunc instance will return an error, only one - of such errors will be propagated to and returned by WalkDir, others - will be silently discarded. - -### Documentation - -For the official documentation, see -https://pkg.go.dev/github.com/opencontainers/selinux/pkg/pwalkdir - -### Benchmarks - -For a WalkDirFunc that consists solely of the return statement, this -implementation is about 15% slower than the standard library's -filepath.WalkDir. - -Otherwise (if a WalkDirFunc is actually doing something) this is usually -faster, except when the WalkDirN(..., 1) is used. Run `go test -bench .` -to see how different operations can benefit from it, as well as how the -level of parallelism affects the speed. diff --git a/internal/third_party/selinux/pkg/pwalkdir/pwalkdir.go b/internal/third_party/selinux/pkg/pwalkdir/pwalkdir.go deleted file mode 100644 index 5d2d09a2985..00000000000 --- a/internal/third_party/selinux/pkg/pwalkdir/pwalkdir.go +++ /dev/null @@ -1,123 +0,0 @@ -//go:build go1.16 -// +build go1.16 - -package pwalkdir - -import ( - "errors" - "fmt" - "io/fs" - "path/filepath" - "runtime" - "sync" -) - -// Walk is a wrapper for filepath.WalkDir which can call multiple walkFn -// in parallel, allowing to handle each item concurrently. A maximum of -// twice the runtime.NumCPU() walkFn will be called at any one time. -// If you want to change the maximum, use WalkN instead. -// -// The order of calls is non-deterministic. -// -// Note that this implementation only supports primitive error handling: -// -// - no errors are ever passed to walkFn; -// -// - once a walkFn returns any error, all further processing stops -// and the error is returned to the caller of Walk; -// -// - filepath.SkipDir is not supported; -// -// - if more than one walkFn instance will return an error, only one -// of such errors will be propagated and returned by Walk, others -// will be silently discarded. -func Walk(root string, walkFn fs.WalkDirFunc) error { - return WalkN(root, walkFn, runtime.NumCPU()*2) -} - -// WalkN is a wrapper for filepath.WalkDir which can call multiple walkFn -// in parallel, allowing to handle each item concurrently. A maximum of -// num walkFn will be called at any one time. -// -// Please see Walk documentation for caveats of using this function. -func WalkN(root string, walkFn fs.WalkDirFunc, num int) error { - // make sure limit is sensible - if num < 1 { - return fmt.Errorf("walk(%q): num must be > 0", root) - } - - files := make(chan *walkArgs, 2*num) - errCh := make(chan error, 1) // Get the first error, ignore others. - - // Start walking a tree asap. - var ( - err error - wg sync.WaitGroup - - rootLen = len(root) - rootEntry *walkArgs - ) - wg.Add(1) - go func() { - err = filepath.WalkDir(root, func(p string, entry fs.DirEntry, err error) error { - if err != nil { - // Walking a file tree can race with removal, - // so ignore ENOENT, except for root. - // https://github.com/opencontainers/selinux/issues/199. - if errors.Is(err, fs.ErrNotExist) && len(p) != rootLen { - return nil - } - close(files) - return err - } - if len(p) == rootLen { - // Root entry is processed separately below. - rootEntry = &walkArgs{path: p, entry: entry} - return nil - } - // Add a file to the queue unless a callback sent an error. - select { - case e := <-errCh: - close(files) - return e - default: - files <- &walkArgs{path: p, entry: entry} - return nil - } - }) - if err == nil { - close(files) - } - wg.Done() - }() - - wg.Add(num) - for i := 0; i < num; i++ { - go func() { - for file := range files { - if e := walkFn(file.path, file.entry, nil); e != nil { - select { - case errCh <- e: // sent ok - default: // buffer full - } - } - } - wg.Done() - }() - } - - wg.Wait() - - if err == nil { - err = walkFn(rootEntry.path, rootEntry.entry, nil) - } - - return err -} - -// walkArgs holds the arguments that were passed to the Walk or WalkN -// functions. -type walkArgs struct { - entry fs.DirEntry - path string -} diff --git a/internal/third_party/selinux/pkg/pwalkdir/pwalkdir_test.go b/internal/third_party/selinux/pkg/pwalkdir/pwalkdir_test.go deleted file mode 100644 index e66a80d1ab3..00000000000 --- a/internal/third_party/selinux/pkg/pwalkdir/pwalkdir_test.go +++ /dev/null @@ -1,239 +0,0 @@ -//go:build go1.16 -// +build go1.16 - -package pwalkdir - -import ( - "errors" - "io/fs" - "math/rand" - "os" - "path/filepath" - "runtime" - "sync/atomic" - "testing" - "time" -) - -func TestWalkDir(t *testing.T) { - var ac atomic.Uint32 - concurrency := runtime.NumCPU() * 2 - dir, total := prepareTestSet(t, 3, 2, 1) - - err := WalkN(dir, - func(_ string, _ fs.DirEntry, _ error) error { - ac.Add(1) - return nil - }, - concurrency) - if err != nil { - t.Errorf("Walk failed: %v", err) - } - count := ac.Load() - if count != total { - t.Errorf("File count mismatch: found %d, expected %d", count, total) - } - - t.Logf("concurrency: %d, files found: %d", concurrency, count) -} - -func TestWalkDirTopLevelErrNotExistNotIgnored(t *testing.T) { - err := WalkN("non-existent-directory", cbEmpty, 8) - if err == nil { - t.Fatal("expected ErrNotExist, got nil") - } -} - -// https://github.com/opencontainers/selinux/issues/199 -func TestWalkDirRaceWithRemoval(t *testing.T) { - var ac atomic.Uint32 - concurrency := runtime.NumCPU() * 2 - // This test is still on a best-effort basis, meaning it can still pass - // when there is a bug in the code, but the larger the test set is, the - // higher the probability that this test fails (without a fix). - // - // With this set (4, 5, 6), and the fix commented out, it fails - // about 90 out of 100 runs on my machine. - dir, total := prepareTestSet(t, 4, 5, 6) - - // Make walk race with removal. - go os.RemoveAll(dir) - err := WalkN(dir, - func(_ string, _ fs.DirEntry, _ error) error { - ac.Add(1) - return nil - }, - concurrency) - count := ac.Load() - t.Logf("found %d of %d files", count, total) - if err != nil { - t.Fatalf("expected nil, got %v", err) - } -} - -func TestWalkDirManyErrors(t *testing.T) { - var ac atomic.Uint32 - dir, total := prepareTestSet(t, 3, 3, 2) - - maxFiles := total / 2 - e42 := errors.New("42") - err := Walk(dir, - func(_ string, _ fs.DirEntry, _ error) error { - if ac.Add(1) > maxFiles { - return e42 - } - return nil - }) - count := ac.Load() - t.Logf("found %d of %d files", count, total) - - if err == nil { - t.Error("Walk succeeded, but error is expected") - if count != total { - t.Errorf("File count mismatch: found %d, expected %d", count, total) - } - } -} - -func makeManyDirs(prefix string, levels, dirs, files int) (count uint32, err error) { - for d := 0; d < dirs; d++ { - var dir string - dir, err = os.MkdirTemp(prefix, "d-") - if err != nil { - return count, err - } - count++ - for f := 0; f < files; f++ { - var fi *os.File - fi, err = os.CreateTemp(dir, "f-") - if err != nil { - return count, err - } - fi.Close() - count++ - } - if levels == 0 { - continue - } - var c uint32 - if c, err = makeManyDirs(dir, levels-1, dirs, files); err != nil { - return count, err - } - count += c - } - - return count, err -} - -// prepareTestSet() creates a directory tree of shallow files, -// to be used for testing or benchmarking. -// -// Total dirs: dirs^levels + dirs^(levels-1) + ... + dirs^1 -// Total files: total_dirs * files -func prepareTestSet(tb testing.TB, levels, dirs, files int) (dir string, total uint32) { - tb.Helper() - var err error - - dir = tb.TempDir() - total, err = makeManyDirs(dir, levels, dirs, files) - if err != nil { - tb.Fatal(err) - } - total++ // this dir - - return dir, total -} - -type walkerFunc func(root string, walkFn fs.WalkDirFunc) error - -func genWalkN(n int) walkerFunc { - return func(root string, walkFn fs.WalkDirFunc) error { - return WalkN(root, walkFn, n) - } -} - -func BenchmarkWalk(b *testing.B) { - const ( - levels = 5 // how deep - dirs = 3 // dirs on each levels - files = 8 // files on each levels - ) - - benchmarks := []struct { - walk fs.WalkDirFunc - name string - }{ - {name: "Empty", walk: cbEmpty}, - {name: "ReadFile", walk: cbReadFile}, - {name: "ChownChmod", walk: cbChownChmod}, - {name: "RandomSleep", walk: cbRandomSleep}, - } - - walkers := []struct { - walker walkerFunc - name string - }{ - {name: "filepath.WalkDir", walker: filepath.WalkDir}, - {name: "pwalkdir.Walk", walker: Walk}, - // test WalkN with various values of N - {name: "pwalkdir.Walk1", walker: genWalkN(1)}, - {name: "pwalkdir.Walk2", walker: genWalkN(2)}, - {name: "pwalkdir.Walk4", walker: genWalkN(4)}, - {name: "pwalkdir.Walk8", walker: genWalkN(8)}, - {name: "pwalkdir.Walk16", walker: genWalkN(16)}, - {name: "pwalkdir.Walk32", walker: genWalkN(32)}, - {name: "pwalkdir.Walk64", walker: genWalkN(64)}, - {name: "pwalkdir.Walk128", walker: genWalkN(128)}, - {name: "pwalkdir.Walk256", walker: genWalkN(256)}, - } - - dir, total := prepareTestSet(b, levels, dirs, files) - b.Logf("dataset: %d levels x %d dirs x %d files, total entries: %d", levels, dirs, files, total) - - for _, bm := range benchmarks { - for _, w := range walkers { - walker := w.walker - walkFn := bm.walk - // preheat - if err := w.walker(dir, bm.walk); err != nil { - b.Errorf("walk failed: %v", err) - } - // benchmark - b.Run(bm.name+"/"+w.name, func(b *testing.B) { - for i := 0; i < b.N; i++ { - if err := walker(dir, walkFn); err != nil { - b.Errorf("walk failed: %v", err) - } - } - }) - } - } -} - -func cbEmpty(_ string, _ fs.DirEntry, _ error) error { - return nil -} - -func cbChownChmod(path string, e fs.DirEntry, _ error) error { - _ = os.Chown(path, 0, 0) - mode := os.FileMode(0o644) - if e.IsDir() { - mode = os.FileMode(0o755) - } - _ = os.Chmod(path, mode) - - return nil -} - -func cbReadFile(path string, e fs.DirEntry, _ error) error { - var err error - if e.Type().IsRegular() { - _, err = os.ReadFile(path) - } - return err -} - -func cbRandomSleep(_ string, _ fs.DirEntry, _ error) error { - time.Sleep(time.Duration(rand.Intn(500)) * time.Microsecond) //nolint:gosec // ignore G404: Use of weak random number generator - return nil -} diff --git a/vendor/cyphar.com/go-pathrs/.golangci.yml b/vendor/cyphar.com/go-pathrs/.golangci.yml new file mode 100644 index 00000000000..2778a3268ef --- /dev/null +++ b/vendor/cyphar.com/go-pathrs/.golangci.yml @@ -0,0 +1,43 @@ +# SPDX-License-Identifier: MPL-2.0 +# +# libpathrs: safe path resolution on Linux +# Copyright (C) 2019-2025 Aleksa Sarai +# Copyright (C) 2019-2025 SUSE LLC +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at https://mozilla.org/MPL/2.0/. + +version: "2" +linters: + enable: + - bidichk + - cyclop + - errname + - errorlint + - exhaustive + - goconst + - godot + - gomoddirectives + - gosec + - mirror + - misspell + - mnd + - nilerr + - nilnil + - perfsprint + - prealloc + - reassign + - revive + - unconvert + - unparam + - usestdlibvars + - wastedassign +formatters: + enable: + - gofumpt + - goimports + settings: + goimports: + local-prefixes: + - cyphar.com/go-pathrs diff --git a/vendor/cyphar.com/go-pathrs/COPYING b/vendor/cyphar.com/go-pathrs/COPYING new file mode 100644 index 00000000000..d0a1fa1482e --- /dev/null +++ b/vendor/cyphar.com/go-pathrs/COPYING @@ -0,0 +1,373 @@ +Mozilla Public License Version 2.0 +================================== + +1. Definitions +-------------- + +1.1. "Contributor" + means each individual or legal entity that creates, contributes to + the creation of, or owns Covered Software. + +1.2. "Contributor Version" + means the combination of the Contributions of others (if any) used + by a Contributor and that particular Contributor's Contribution. + +1.3. "Contribution" + means Covered Software of a particular Contributor. + +1.4. "Covered Software" + means Source Code Form to which the initial Contributor has attached + the notice in Exhibit A, the Executable Form of such Source Code + Form, and Modifications of such Source Code Form, in each case + including portions thereof. + +1.5. "Incompatible With Secondary Licenses" + means + + (a) that the initial Contributor has attached the notice described + in Exhibit B to the Covered Software; or + + (b) that the Covered Software was made available under the terms of + version 1.1 or earlier of the License, but not also under the + terms of a Secondary License. + +1.6. "Executable Form" + means any form of the work other than Source Code Form. + +1.7. "Larger Work" + means a work that combines Covered Software with other material, in + a separate file or files, that is not Covered Software. + +1.8. "License" + means this document. + +1.9. "Licensable" + means having the right to grant, to the maximum extent possible, + whether at the time of the initial grant or subsequently, any and + all of the rights conveyed by this License. + +1.10. "Modifications" + means any of the following: + + (a) any file in Source Code Form that results from an addition to, + deletion from, or modification of the contents of Covered + Software; or + + (b) any new file in Source Code Form that contains any Covered + Software. + +1.11. "Patent Claims" of a Contributor + means any patent claim(s), including without limitation, method, + process, and apparatus claims, in any patent Licensable by such + Contributor that would be infringed, but for the grant of the + License, by the making, using, selling, offering for sale, having + made, import, or transfer of either its Contributions or its + Contributor Version. + +1.12. "Secondary License" + means either the GNU General Public License, Version 2.0, the GNU + Lesser General Public License, Version 2.1, the GNU Affero General + Public License, Version 3.0, or any later versions of those + licenses. + +1.13. "Source Code Form" + means the form of the work preferred for making modifications. + +1.14. "You" (or "Your") + means an individual or a legal entity exercising rights under this + License. For legal entities, "You" includes any entity that + controls, is controlled by, or is under common control with You. For + purposes of this definition, "control" means (a) the power, direct + or indirect, to cause the direction or management of such entity, + whether by contract or otherwise, or (b) ownership of more than + fifty percent (50%) of the outstanding shares or beneficial + ownership of such entity. + +2. License Grants and Conditions +-------------------------------- + +2.1. Grants + +Each Contributor hereby grants You a world-wide, royalty-free, +non-exclusive license: + +(a) under intellectual property rights (other than patent or trademark) + Licensable by such Contributor to use, reproduce, make available, + modify, display, perform, distribute, and otherwise exploit its + Contributions, either on an unmodified basis, with Modifications, or + as part of a Larger Work; and + +(b) under Patent Claims of such Contributor to make, use, sell, offer + for sale, have made, import, and otherwise transfer either its + Contributions or its Contributor Version. + +2.2. Effective Date + +The licenses granted in Section 2.1 with respect to any Contribution +become effective for each Contribution on the date the Contributor first +distributes such Contribution. + +2.3. Limitations on Grant Scope + +The licenses granted in this Section 2 are the only rights granted under +this License. No additional rights or licenses will be implied from the +distribution or licensing of Covered Software under this License. +Notwithstanding Section 2.1(b) above, no patent license is granted by a +Contributor: + +(a) for any code that a Contributor has removed from Covered Software; + or + +(b) for infringements caused by: (i) Your and any other third party's + modifications of Covered Software, or (ii) the combination of its + Contributions with other software (except as part of its Contributor + Version); or + +(c) under Patent Claims infringed by Covered Software in the absence of + its Contributions. + +This License does not grant any rights in the trademarks, service marks, +or logos of any Contributor (except as may be necessary to comply with +the notice requirements in Section 3.4). + +2.4. Subsequent Licenses + +No Contributor makes additional grants as a result of Your choice to +distribute the Covered Software under a subsequent version of this +License (see Section 10.2) or under the terms of a Secondary License (if +permitted under the terms of Section 3.3). + +2.5. Representation + +Each Contributor represents that the Contributor believes its +Contributions are its original creation(s) or it has sufficient rights +to grant the rights to its Contributions conveyed by this License. + +2.6. Fair Use + +This License is not intended to limit any rights You have under +applicable copyright doctrines of fair use, fair dealing, or other +equivalents. + +2.7. Conditions + +Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted +in Section 2.1. + +3. Responsibilities +------------------- + +3.1. Distribution of Source Form + +All distribution of Covered Software in Source Code Form, including any +Modifications that You create or to which You contribute, must be under +the terms of this License. You must inform recipients that the Source +Code Form of the Covered Software is governed by the terms of this +License, and how they can obtain a copy of this License. You may not +attempt to alter or restrict the recipients' rights in the Source Code +Form. + +3.2. Distribution of Executable Form + +If You distribute Covered Software in Executable Form then: + +(a) such Covered Software must also be made available in Source Code + Form, as described in Section 3.1, and You must inform recipients of + the Executable Form how they can obtain a copy of such Source Code + Form by reasonable means in a timely manner, at a charge no more + than the cost of distribution to the recipient; and + +(b) You may distribute such Executable Form under the terms of this + License, or sublicense it under different terms, provided that the + license for the Executable Form does not attempt to limit or alter + the recipients' rights in the Source Code Form under this License. + +3.3. Distribution of a Larger Work + +You may create and distribute a Larger Work under terms of Your choice, +provided that You also comply with the requirements of this License for +the Covered Software. If the Larger Work is a combination of Covered +Software with a work governed by one or more Secondary Licenses, and the +Covered Software is not Incompatible With Secondary Licenses, this +License permits You to additionally distribute such Covered Software +under the terms of such Secondary License(s), so that the recipient of +the Larger Work may, at their option, further distribute the Covered +Software under the terms of either this License or such Secondary +License(s). + +3.4. Notices + +You may not remove or alter the substance of any license notices +(including copyright notices, patent notices, disclaimers of warranty, +or limitations of liability) contained within the Source Code Form of +the Covered Software, except that You may alter any license notices to +the extent required to remedy known factual inaccuracies. + +3.5. Application of Additional Terms + +You may choose to offer, and to charge a fee for, warranty, support, +indemnity or liability obligations to one or more recipients of Covered +Software. However, You may do so only on Your own behalf, and not on +behalf of any Contributor. You must make it absolutely clear that any +such warranty, support, indemnity, or liability obligation is offered by +You alone, and You hereby agree to indemnify every Contributor for any +liability incurred by such Contributor as a result of warranty, support, +indemnity or liability terms You offer. You may include additional +disclaimers of warranty and limitations of liability specific to any +jurisdiction. + +4. Inability to Comply Due to Statute or Regulation +--------------------------------------------------- + +If it is impossible for You to comply with any of the terms of this +License with respect to some or all of the Covered Software due to +statute, judicial order, or regulation then You must: (a) comply with +the terms of this License to the maximum extent possible; and (b) +describe the limitations and the code they affect. Such description must +be placed in a text file included with all distributions of the Covered +Software under this License. Except to the extent prohibited by statute +or regulation, such description must be sufficiently detailed for a +recipient of ordinary skill to be able to understand it. + +5. Termination +-------------- + +5.1. The rights granted under this License will terminate automatically +if You fail to comply with any of its terms. However, if You become +compliant, then the rights granted under this License from a particular +Contributor are reinstated (a) provisionally, unless and until such +Contributor explicitly and finally terminates Your grants, and (b) on an +ongoing basis, if such Contributor fails to notify You of the +non-compliance by some reasonable means prior to 60 days after You have +come back into compliance. Moreover, Your grants from a particular +Contributor are reinstated on an ongoing basis if such Contributor +notifies You of the non-compliance by some reasonable means, this is the +first time You have received notice of non-compliance with this License +from such Contributor, and You become compliant prior to 30 days after +Your receipt of the notice. + +5.2. If You initiate litigation against any entity by asserting a patent +infringement claim (excluding declaratory judgment actions, +counter-claims, and cross-claims) alleging that a Contributor Version +directly or indirectly infringes any patent, then the rights granted to +You by any and all Contributors for the Covered Software under Section +2.1 of this License shall terminate. + +5.3. In the event of termination under Sections 5.1 or 5.2 above, all +end user license agreements (excluding distributors and resellers) which +have been validly granted by You or Your distributors under this License +prior to termination shall survive termination. + +************************************************************************ +* * +* 6. Disclaimer of Warranty * +* ------------------------- * +* * +* Covered Software is provided under this License on an "as is" * +* basis, without warranty of any kind, either expressed, implied, or * +* statutory, including, without limitation, warranties that the * +* Covered Software is free of defects, merchantable, fit for a * +* particular purpose or non-infringing. The entire risk as to the * +* quality and performance of the Covered Software is with You. * +* Should any Covered Software prove defective in any respect, You * +* (not any Contributor) assume the cost of any necessary servicing, * +* repair, or correction. This disclaimer of warranty constitutes an * +* essential part of this License. No use of any Covered Software is * +* authorized under this License except under this disclaimer. * +* * +************************************************************************ + +************************************************************************ +* * +* 7. Limitation of Liability * +* -------------------------- * +* * +* Under no circumstances and under no legal theory, whether tort * +* (including negligence), contract, or otherwise, shall any * +* Contributor, or anyone who distributes Covered Software as * +* permitted above, be liable to You for any direct, indirect, * +* special, incidental, or consequential damages of any character * +* including, without limitation, damages for lost profits, loss of * +* goodwill, work stoppage, computer failure or malfunction, or any * +* and all other commercial damages or losses, even if such party * +* shall have been informed of the possibility of such damages. This * +* limitation of liability shall not apply to liability for death or * +* personal injury resulting from such party's negligence to the * +* extent applicable law prohibits such limitation. Some * +* jurisdictions do not allow the exclusion or limitation of * +* incidental or consequential damages, so this exclusion and * +* limitation may not apply to You. * +* * +************************************************************************ + +8. Litigation +------------- + +Any litigation relating to this License may be brought only in the +courts of a jurisdiction where the defendant maintains its principal +place of business and such litigation shall be governed by laws of that +jurisdiction, without reference to its conflict-of-law provisions. +Nothing in this Section shall prevent a party's ability to bring +cross-claims or counter-claims. + +9. Miscellaneous +---------------- + +This License represents the complete agreement concerning the subject +matter hereof. If any provision of this License is held to be +unenforceable, such provision shall be reformed only to the extent +necessary to make it enforceable. Any law or regulation which provides +that the language of a contract shall be construed against the drafter +shall not be used to construe this License against a Contributor. + +10. Versions of the License +--------------------------- + +10.1. New Versions + +Mozilla Foundation is the license steward. Except as provided in Section +10.3, no one other than the license steward has the right to modify or +publish new versions of this License. Each version will be given a +distinguishing version number. + +10.2. Effect of New Versions + +You may distribute the Covered Software under the terms of the version +of the License under which You originally received the Covered Software, +or under the terms of any subsequent version published by the license +steward. + +10.3. Modified Versions + +If you create software not governed by this License, and you want to +create a new license for such software, you may create and use a +modified version of this License if you rename the license and remove +any references to the name of the license steward (except to note that +such modified license differs from this License). + +10.4. Distributing Source Code Form that is Incompatible With Secondary +Licenses + +If You choose to distribute Source Code Form that is Incompatible With +Secondary Licenses under the terms of this version of the License, the +notice described in Exhibit B of this License must be attached. + +Exhibit A - Source Code Form License Notice +------------------------------------------- + + This Source Code Form is subject to the terms of the Mozilla Public + License, v. 2.0. If a copy of the MPL was not distributed with this + file, You can obtain one at https://mozilla.org/MPL/2.0/. + +If it is not possible or desirable to put the notice in a particular +file, then You may include the notice in a location (such as a LICENSE +file in a relevant directory) where a recipient would be likely to look +for such a notice. + +You may add additional accurate notices of copyright ownership. + +Exhibit B - "Incompatible With Secondary Licenses" Notice +--------------------------------------------------------- + + This Source Code Form is "Incompatible With Secondary Licenses", as + defined by the Mozilla Public License, v. 2.0. diff --git a/vendor/cyphar.com/go-pathrs/doc.go b/vendor/cyphar.com/go-pathrs/doc.go new file mode 100644 index 00000000000..a7ee4bc487f --- /dev/null +++ b/vendor/cyphar.com/go-pathrs/doc.go @@ -0,0 +1,14 @@ +// SPDX-License-Identifier: MPL-2.0 +/* + * libpathrs: safe path resolution on Linux + * Copyright (C) 2019-2025 Aleksa Sarai + * Copyright (C) 2019-2025 SUSE LLC + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at https://mozilla.org/MPL/2.0/. + */ + +// Package pathrs provides bindings for libpathrs, a library for safe path +// resolution on Linux. +package pathrs diff --git a/vendor/cyphar.com/go-pathrs/handle_linux.go b/vendor/cyphar.com/go-pathrs/handle_linux.go new file mode 100644 index 00000000000..3221ef67389 --- /dev/null +++ b/vendor/cyphar.com/go-pathrs/handle_linux.go @@ -0,0 +1,114 @@ +//go:build linux + +// SPDX-License-Identifier: MPL-2.0 +/* + * libpathrs: safe path resolution on Linux + * Copyright (C) 2019-2025 Aleksa Sarai + * Copyright (C) 2019-2025 SUSE LLC + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at https://mozilla.org/MPL/2.0/. + */ + +package pathrs + +import ( + "fmt" + "os" + + "cyphar.com/go-pathrs/internal/fdutils" + "cyphar.com/go-pathrs/internal/libpathrs" +) + +// Handle is a handle for a path within a given [Root]. This handle references +// an already-resolved path which can be used for only one purpose -- to +// "re-open" the handle and get an actual [os.File] which can be used for +// ordinary operations. +// +// If you wish to open a file without having an intermediate [Handle] object, +// you can try to use [Root.Open] or [Root.OpenFile]. +// +// It is critical that perform all relevant operations through this [Handle] +// (rather than fetching the file descriptor yourself with [Handle.IntoRaw]), +// because the security properties of libpathrs depend on users doing all +// relevant filesystem operations through libpathrs. +// +// [os.File]: https://pkg.go.dev/os#File +type Handle struct { + inner *os.File +} + +// HandleFromFile creates a new [Handle] from an existing file handle. The +// handle will be copied by this method, so the original handle should still be +// freed by the caller. +// +// This is effectively the inverse operation of [Handle.IntoRaw], and is used +// for "deserialising" pathrs root handles. +func HandleFromFile(file *os.File) (*Handle, error) { + newFile, err := fdutils.DupFile(file) + if err != nil { + return nil, fmt.Errorf("duplicate handle fd: %w", err) + } + return &Handle{inner: newFile}, nil +} + +// Open creates an "upgraded" file handle to the file referenced by the +// [Handle]. Note that the original [Handle] is not consumed by this operation, +// and can be opened multiple times. +// +// The handle returned is only usable for reading, and this is method is +// shorthand for [Handle.OpenFile] with os.O_RDONLY. +// +// TODO: Rename these to "Reopen" or something. +func (h *Handle) Open() (*os.File, error) { + return h.OpenFile(os.O_RDONLY) +} + +// OpenFile creates an "upgraded" file handle to the file referenced by the +// [Handle]. Note that the original [Handle] is not consumed by this operation, +// and can be opened multiple times. +// +// The provided flags indicate which open(2) flags are used to create the new +// handle. +// +// TODO: Rename these to "Reopen" or something. +func (h *Handle) OpenFile(flags int) (*os.File, error) { + return fdutils.WithFileFd(h.inner, func(fd uintptr) (*os.File, error) { + newFd, err := libpathrs.Reopen(fd, flags) + if err != nil { + return nil, err + } + return os.NewFile(newFd, h.inner.Name()), nil + }) +} + +// IntoFile unwraps the [Handle] into its underlying [os.File]. +// +// You almost certainly want to use [Handle.OpenFile] to get a non-O_PATH +// version of this [Handle]. +// +// This operation returns the internal [os.File] of the [Handle] directly, so +// calling [Handle.Close] will also close any copies of the returned [os.File]. +// If you want to get an independent copy, use [Handle.Clone] followed by +// [Handle.IntoFile] on the cloned [Handle]. +// +// [os.File]: https://pkg.go.dev/os#File +func (h *Handle) IntoFile() *os.File { + // TODO: Figure out if we really don't want to make a copy. + // TODO: We almost certainly want to clear r.inner here, but we can't do + // that easily atomically (we could use atomic.Value but that'll make + // things quite a bit uglier). + return h.inner +} + +// Clone creates a copy of a [Handle], such that it has a separate lifetime to +// the original (while referring to the same underlying file). +func (h *Handle) Clone() (*Handle, error) { + return HandleFromFile(h.inner) +} + +// Close frees all of the resources used by the [Handle]. +func (h *Handle) Close() error { + return h.inner.Close() +} diff --git a/vendor/cyphar.com/go-pathrs/internal/fdutils/fd_linux.go b/vendor/cyphar.com/go-pathrs/internal/fdutils/fd_linux.go new file mode 100644 index 00000000000..41aea3e4b3d --- /dev/null +++ b/vendor/cyphar.com/go-pathrs/internal/fdutils/fd_linux.go @@ -0,0 +1,75 @@ +//go:build linux + +// SPDX-License-Identifier: MPL-2.0 +/* + * libpathrs: safe path resolution on Linux + * Copyright (C) 2019-2025 Aleksa Sarai + * Copyright (C) 2019-2025 SUSE LLC + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at https://mozilla.org/MPL/2.0/. + */ + +// Package fdutils contains a few helper methods when dealing with *os.File and +// file descriptors. +package fdutils + +import ( + "fmt" + "os" + + "golang.org/x/sys/unix" + + "cyphar.com/go-pathrs/internal/libpathrs" +) + +// DupFd makes a duplicate of the given fd. +func DupFd(fd uintptr, name string) (*os.File, error) { + newFd, err := unix.FcntlInt(fd, unix.F_DUPFD_CLOEXEC, 0) + if err != nil { + return nil, fmt.Errorf("fcntl(F_DUPFD_CLOEXEC): %w", err) + } + return os.NewFile(uintptr(newFd), name), nil +} + +// WithFileFd is a more ergonomic wrapper around file.SyscallConn().Control(). +func WithFileFd[T any](file *os.File, fn func(fd uintptr) (T, error)) (T, error) { + conn, err := file.SyscallConn() + if err != nil { + return *new(T), err + } + var ( + ret T + innerErr error + ) + if err := conn.Control(func(fd uintptr) { + ret, innerErr = fn(fd) + }); err != nil { + return *new(T), err + } + return ret, innerErr +} + +// DupFile makes a duplicate of the given file. +func DupFile(file *os.File) (*os.File, error) { + return WithFileFd(file, func(fd uintptr) (*os.File, error) { + return DupFd(fd, file.Name()) + }) +} + +// MkFile creates a new *os.File from the provided file descriptor. However, +// unlike os.NewFile, the file's Name is based on the real path (provided by +// /proc/self/fd/$n). +func MkFile(fd uintptr) (*os.File, error) { + fdPath := fmt.Sprintf("fd/%d", fd) + fdName, err := libpathrs.ProcReadlinkat(libpathrs.ProcDefaultRootFd, libpathrs.ProcThreadSelf, fdPath) + if err != nil { + _ = unix.Close(int(fd)) + return nil, fmt.Errorf("failed to fetch real name of fd %d: %w", fd, err) + } + // TODO: Maybe we should prefix this name with something to indicate to + // users that they must not use this path as a "safe" path. Something like + // "//pathrs-handle:/foo/bar"? + return os.NewFile(fd, fdName), nil +} diff --git a/vendor/cyphar.com/go-pathrs/internal/libpathrs/error_unix.go b/vendor/cyphar.com/go-pathrs/internal/libpathrs/error_unix.go new file mode 100644 index 00000000000..c9f416de01f --- /dev/null +++ b/vendor/cyphar.com/go-pathrs/internal/libpathrs/error_unix.go @@ -0,0 +1,40 @@ +//go:build linux + +// TODO: Use "go:build unix" once we bump the minimum Go version 1.19. + +// SPDX-License-Identifier: MPL-2.0 +/* + * libpathrs: safe path resolution on Linux + * Copyright (C) 2019-2025 Aleksa Sarai + * Copyright (C) 2019-2025 SUSE LLC + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at https://mozilla.org/MPL/2.0/. + */ + +package libpathrs + +import ( + "syscall" +) + +// Error represents an underlying libpathrs error. +type Error struct { + description string + errno syscall.Errno +} + +// Error returns a textual description of the error. +func (err *Error) Error() string { + return err.description +} + +// Unwrap returns the underlying error which was wrapped by this error (if +// applicable). +func (err *Error) Unwrap() error { + if err.errno != 0 { + return err.errno + } + return nil +} diff --git a/vendor/cyphar.com/go-pathrs/internal/libpathrs/libpathrs_linux.go b/vendor/cyphar.com/go-pathrs/internal/libpathrs/libpathrs_linux.go new file mode 100644 index 00000000000..c07b80e3071 --- /dev/null +++ b/vendor/cyphar.com/go-pathrs/internal/libpathrs/libpathrs_linux.go @@ -0,0 +1,337 @@ +//go:build linux + +// SPDX-License-Identifier: MPL-2.0 +/* + * libpathrs: safe path resolution on Linux + * Copyright (C) 2019-2025 Aleksa Sarai + * Copyright (C) 2019-2025 SUSE LLC + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at https://mozilla.org/MPL/2.0/. + */ + +// Package libpathrs is an internal thin wrapper around the libpathrs C API. +package libpathrs + +import ( + "fmt" + "syscall" + "unsafe" +) + +/* +// TODO: Figure out if we need to add support for linking against libpathrs +// statically even if in dynamically linked builds in order to make +// packaging a bit easier (using "-Wl,-Bstatic -lpathrs -Wl,-Bdynamic" or +// "-l:pathrs.a"). +#cgo pkg-config: pathrs +#include + +// This is a workaround for unsafe.Pointer() not working for non-void pointers. +char *cast_ptr(void *ptr) { return ptr; } +*/ +import "C" + +func fetchError(errID C.int) error { + if errID >= C.__PATHRS_MAX_ERR_VALUE { + return nil + } + cErr := C.pathrs_errorinfo(errID) + defer C.pathrs_errorinfo_free(cErr) + + var err error + if cErr != nil { + err = &Error{ + errno: syscall.Errno(cErr.saved_errno), + description: C.GoString(cErr.description), + } + } + return err +} + +// OpenRoot wraps pathrs_open_root. +func OpenRoot(path string) (uintptr, error) { + cPath := C.CString(path) + defer C.free(unsafe.Pointer(cPath)) + + fd := C.pathrs_open_root(cPath) + return uintptr(fd), fetchError(fd) +} + +// Reopen wraps pathrs_reopen. +func Reopen(fd uintptr, flags int) (uintptr, error) { + newFd := C.pathrs_reopen(C.int(fd), C.int(flags)) + return uintptr(newFd), fetchError(newFd) +} + +// InRootResolve wraps pathrs_inroot_resolve. +func InRootResolve(rootFd uintptr, path string) (uintptr, error) { + cPath := C.CString(path) + defer C.free(unsafe.Pointer(cPath)) + + fd := C.pathrs_inroot_resolve(C.int(rootFd), cPath) + return uintptr(fd), fetchError(fd) +} + +// InRootResolveNoFollow wraps pathrs_inroot_resolve_nofollow. +func InRootResolveNoFollow(rootFd uintptr, path string) (uintptr, error) { + cPath := C.CString(path) + defer C.free(unsafe.Pointer(cPath)) + + fd := C.pathrs_inroot_resolve_nofollow(C.int(rootFd), cPath) + return uintptr(fd), fetchError(fd) +} + +// InRootOpen wraps pathrs_inroot_open. +func InRootOpen(rootFd uintptr, path string, flags int) (uintptr, error) { + cPath := C.CString(path) + defer C.free(unsafe.Pointer(cPath)) + + fd := C.pathrs_inroot_open(C.int(rootFd), cPath, C.int(flags)) + return uintptr(fd), fetchError(fd) +} + +// InRootReadlink wraps pathrs_inroot_readlink. +func InRootReadlink(rootFd uintptr, path string) (string, error) { + cPath := C.CString(path) + defer C.free(unsafe.Pointer(cPath)) + + size := 128 + for { + linkBuf := make([]byte, size) + n := C.pathrs_inroot_readlink(C.int(rootFd), cPath, C.cast_ptr(unsafe.Pointer(&linkBuf[0])), C.ulong(len(linkBuf))) + switch { + case int(n) < C.__PATHRS_MAX_ERR_VALUE: + return "", fetchError(n) + case int(n) <= len(linkBuf): + return string(linkBuf[:int(n)]), nil + default: + // The contents were truncated. Unlike readlinkat, pathrs returns + // the size of the link when it checked. So use the returned size + // as a basis for the reallocated size (but in order to avoid a DoS + // where a magic-link is growing by a single byte each iteration, + // make sure we are a fair bit larger). + size += int(n) + } + } +} + +// InRootRmdir wraps pathrs_inroot_rmdir. +func InRootRmdir(rootFd uintptr, path string) error { + cPath := C.CString(path) + defer C.free(unsafe.Pointer(cPath)) + + err := C.pathrs_inroot_rmdir(C.int(rootFd), cPath) + return fetchError(err) +} + +// InRootUnlink wraps pathrs_inroot_unlink. +func InRootUnlink(rootFd uintptr, path string) error { + cPath := C.CString(path) + defer C.free(unsafe.Pointer(cPath)) + + err := C.pathrs_inroot_unlink(C.int(rootFd), cPath) + return fetchError(err) +} + +// InRootRemoveAll wraps pathrs_inroot_remove_all. +func InRootRemoveAll(rootFd uintptr, path string) error { + cPath := C.CString(path) + defer C.free(unsafe.Pointer(cPath)) + + err := C.pathrs_inroot_remove_all(C.int(rootFd), cPath) + return fetchError(err) +} + +// InRootCreat wraps pathrs_inroot_creat. +func InRootCreat(rootFd uintptr, path string, flags int, mode uint32) (uintptr, error) { + cPath := C.CString(path) + defer C.free(unsafe.Pointer(cPath)) + + fd := C.pathrs_inroot_creat(C.int(rootFd), cPath, C.int(flags), C.uint(mode)) + return uintptr(fd), fetchError(fd) +} + +// InRootRename wraps pathrs_inroot_rename. +func InRootRename(rootFd uintptr, src, dst string, flags uint) error { + cSrc := C.CString(src) + defer C.free(unsafe.Pointer(cSrc)) + + cDst := C.CString(dst) + defer C.free(unsafe.Pointer(cDst)) + + err := C.pathrs_inroot_rename(C.int(rootFd), cSrc, cDst, C.uint(flags)) + return fetchError(err) +} + +// InRootMkdir wraps pathrs_inroot_mkdir. +func InRootMkdir(rootFd uintptr, path string, mode uint32) error { + cPath := C.CString(path) + defer C.free(unsafe.Pointer(cPath)) + + err := C.pathrs_inroot_mkdir(C.int(rootFd), cPath, C.uint(mode)) + return fetchError(err) +} + +// InRootMkdirAll wraps pathrs_inroot_mkdir_all. +func InRootMkdirAll(rootFd uintptr, path string, mode uint32) (uintptr, error) { + cPath := C.CString(path) + defer C.free(unsafe.Pointer(cPath)) + + fd := C.pathrs_inroot_mkdir_all(C.int(rootFd), cPath, C.uint(mode)) + return uintptr(fd), fetchError(fd) +} + +// InRootMknod wraps pathrs_inroot_mknod. +func InRootMknod(rootFd uintptr, path string, mode uint32, dev uint64) error { + cPath := C.CString(path) + defer C.free(unsafe.Pointer(cPath)) + + err := C.pathrs_inroot_mknod(C.int(rootFd), cPath, C.uint(mode), C.dev_t(dev)) + return fetchError(err) +} + +// InRootSymlink wraps pathrs_inroot_symlink. +func InRootSymlink(rootFd uintptr, path, target string) error { + cPath := C.CString(path) + defer C.free(unsafe.Pointer(cPath)) + + cTarget := C.CString(target) + defer C.free(unsafe.Pointer(cTarget)) + + err := C.pathrs_inroot_symlink(C.int(rootFd), cPath, cTarget) + return fetchError(err) +} + +// InRootHardlink wraps pathrs_inroot_hardlink. +func InRootHardlink(rootFd uintptr, path, target string) error { + cPath := C.CString(path) + defer C.free(unsafe.Pointer(cPath)) + + cTarget := C.CString(target) + defer C.free(unsafe.Pointer(cTarget)) + + err := C.pathrs_inroot_hardlink(C.int(rootFd), cPath, cTarget) + return fetchError(err) +} + +// ProcBase is pathrs_proc_base_t (uint64_t). +type ProcBase C.pathrs_proc_base_t + +// FIXME: We need to open-code the constants because CGo unfortunately will +// implicitly convert any non-literal constants (i.e. those resolved using gcc) +// to signed integers. See for some +// more information on the underlying issue (though. +const ( + // ProcRoot is PATHRS_PROC_ROOT. + ProcRoot ProcBase = 0xFFFF_FFFE_7072_6F63 // C.PATHRS_PROC_ROOT + // ProcSelf is PATHRS_PROC_SELF. + ProcSelf ProcBase = 0xFFFF_FFFE_091D_5E1F // C.PATHRS_PROC_SELF + // ProcThreadSelf is PATHRS_PROC_THREAD_SELF. + ProcThreadSelf ProcBase = 0xFFFF_FFFE_3EAD_5E1F // C.PATHRS_PROC_THREAD_SELF + + // ProcBaseTypeMask is __PATHRS_PROC_TYPE_MASK. + ProcBaseTypeMask ProcBase = 0xFFFF_FFFF_0000_0000 // C.__PATHRS_PROC_TYPE_MASK + // ProcBaseTypePid is __PATHRS_PROC_TYPE_PID. + ProcBaseTypePid ProcBase = 0x8000_0000_0000_0000 // C.__PATHRS_PROC_TYPE_PID + + // ProcDefaultRootFd is PATHRS_PROC_DEFAULT_ROOTFD. + ProcDefaultRootFd = -int(syscall.EBADF) // C.PATHRS_PROC_DEFAULT_ROOTFD +) + +func assertEqual[T comparable](a, b T, msg string) { + if a != b { + panic(fmt.Sprintf("%s ((%T) %#v != (%T) %#v)", msg, a, a, b, b)) + } +} + +// Verify that the values above match the actual C values. Unfortunately, Go +// only allows us to forcefully cast int64 to uint64 if you use a temporary +// variable, which means we cannot do it in a const context and thus need to do +// it at runtime (even though it is a check that fundamentally could be done at +// compile-time)... +func init() { + var ( + actualProcRoot int64 = C.PATHRS_PROC_ROOT + actualProcSelf int64 = C.PATHRS_PROC_SELF + actualProcThreadSelf int64 = C.PATHRS_PROC_THREAD_SELF + ) + + assertEqual(ProcRoot, ProcBase(actualProcRoot), "PATHRS_PROC_ROOT") + assertEqual(ProcSelf, ProcBase(actualProcSelf), "PATHRS_PROC_SELF") + assertEqual(ProcThreadSelf, ProcBase(actualProcThreadSelf), "PATHRS_PROC_THREAD_SELF") + + var ( + actualProcBaseTypeMask uint64 = C.__PATHRS_PROC_TYPE_MASK + actualProcBaseTypePid uint64 = C.__PATHRS_PROC_TYPE_PID + ) + + assertEqual(ProcBaseTypeMask, ProcBase(actualProcBaseTypeMask), "__PATHRS_PROC_TYPE_MASK") + assertEqual(ProcBaseTypePid, ProcBase(actualProcBaseTypePid), "__PATHRS_PROC_TYPE_PID") + + assertEqual(ProcDefaultRootFd, int(C.PATHRS_PROC_DEFAULT_ROOTFD), "PATHRS_PROC_DEFAULT_ROOTFD") +} + +// ProcPid reimplements the PROC_PID(x) conversion. +func ProcPid(pid uint32) ProcBase { return ProcBaseTypePid | ProcBase(pid) } + +// ProcOpenat wraps pathrs_proc_openat. +func ProcOpenat(procRootFd int, base ProcBase, path string, flags int) (uintptr, error) { + cBase := C.pathrs_proc_base_t(base) + + cPath := C.CString(path) + defer C.free(unsafe.Pointer(cPath)) + + fd := C.pathrs_proc_openat(C.int(procRootFd), cBase, cPath, C.int(flags)) + return uintptr(fd), fetchError(fd) +} + +// ProcReadlinkat wraps pathrs_proc_readlinkat. +func ProcReadlinkat(procRootFd int, base ProcBase, path string) (string, error) { + // TODO: See if we can unify this code with InRootReadlink. + + cBase := C.pathrs_proc_base_t(base) + + cPath := C.CString(path) + defer C.free(unsafe.Pointer(cPath)) + + size := 128 + for { + linkBuf := make([]byte, size) + n := C.pathrs_proc_readlinkat( + C.int(procRootFd), cBase, cPath, + C.cast_ptr(unsafe.Pointer(&linkBuf[0])), C.ulong(len(linkBuf))) + switch { + case int(n) < C.__PATHRS_MAX_ERR_VALUE: + return "", fetchError(n) + case int(n) <= len(linkBuf): + return string(linkBuf[:int(n)]), nil + default: + // The contents were truncated. Unlike readlinkat, pathrs returns + // the size of the link when it checked. So use the returned size + // as a basis for the reallocated size (but in order to avoid a DoS + // where a magic-link is growing by a single byte each iteration, + // make sure we are a fair bit larger). + size += int(n) + } + } +} + +// ProcfsOpenHow is pathrs_procfs_open_how (struct). +type ProcfsOpenHow C.pathrs_procfs_open_how + +const ( + // ProcfsNewUnmasked is PATHRS_PROCFS_NEW_UNMASKED. + ProcfsNewUnmasked = C.PATHRS_PROCFS_NEW_UNMASKED +) + +// Flags returns a pointer to the internal flags field to allow other packages +// to modify structure fields that are internal due to Go's visibility model. +func (how *ProcfsOpenHow) Flags() *C.uint64_t { return &how.flags } + +// ProcfsOpen is pathrs_procfs_open (sizeof(*how) is passed automatically). +func ProcfsOpen(how *ProcfsOpenHow) (uintptr, error) { + fd := C.pathrs_procfs_open((*C.pathrs_procfs_open_how)(how), C.size_t(unsafe.Sizeof(*how))) + return uintptr(fd), fetchError(fd) +} diff --git a/vendor/cyphar.com/go-pathrs/procfs/procfs_linux.go b/vendor/cyphar.com/go-pathrs/procfs/procfs_linux.go new file mode 100644 index 00000000000..5533c427cb7 --- /dev/null +++ b/vendor/cyphar.com/go-pathrs/procfs/procfs_linux.go @@ -0,0 +1,246 @@ +//go:build linux + +// SPDX-License-Identifier: MPL-2.0 +/* + * libpathrs: safe path resolution on Linux + * Copyright (C) 2019-2025 Aleksa Sarai + * Copyright (C) 2019-2025 SUSE LLC + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at https://mozilla.org/MPL/2.0/. + */ + +// Package procfs provides a safe API for operating on /proc on Linux. +package procfs + +import ( + "os" + "runtime" + + "cyphar.com/go-pathrs/internal/fdutils" + "cyphar.com/go-pathrs/internal/libpathrs" +) + +// ProcBase is used with [ProcReadlink] and related functions to indicate what +// /proc subpath path operations should be done relative to. +type ProcBase struct { + inner libpathrs.ProcBase +} + +var ( + // ProcRoot indicates to use /proc. Note that this mode may be more + // expensive because we have to take steps to try to avoid leaking unmasked + // procfs handles, so you should use [ProcBaseSelf] if you can. + ProcRoot = ProcBase{inner: libpathrs.ProcRoot} + // ProcSelf indicates to use /proc/self. For most programs, this is the + // standard choice. + ProcSelf = ProcBase{inner: libpathrs.ProcSelf} + // ProcThreadSelf indicates to use /proc/thread-self. In multi-threaded + // programs where one thread has a different CLONE_FS, it is possible for + // /proc/self to point the wrong thread and so /proc/thread-self may be + // necessary. + ProcThreadSelf = ProcBase{inner: libpathrs.ProcThreadSelf} +) + +// ProcPid returns a ProcBase which indicates to use /proc/$pid for the given +// PID (or TID). Be aware that due to PID recycling, using this is generally +// not safe except in certain circumstances. Namely: +// +// - PID 1 (the init process), as that PID cannot ever get recycled. +// - Your current PID (though you should just use [ProcBaseSelf]). +// - Your current TID if you have used [runtime.LockOSThread] (though you +// should just use [ProcBaseThreadSelf]). +// - PIDs of child processes (as long as you are sure that no other part of +// your program incorrectly catches or ignores SIGCHLD, and that you do it +// *before* you call wait(2)or any equivalent method that could reap +// zombies). +func ProcPid(pid int) ProcBase { + if pid < 0 || pid >= 1<<31 { + panic("invalid ProcBasePid value") // TODO: should this be an error? + } + return ProcBase{inner: libpathrs.ProcPid(uint32(pid))} +} + +// ThreadCloser is a callback that needs to be called when you are done +// operating on an [os.File] fetched using [Handle.OpenThreadSelf]. +// +// [os.File]: https://pkg.go.dev/os#File +type ThreadCloser func() + +// Handle is a wrapper around an *os.File handle to "/proc", which can be +// used to do further procfs-related operations in a safe way. +type Handle struct { + inner *os.File +} + +// Close releases all internal resources for this [Handle]. +// +// Note that if the handle is actually the global cached handle, this operation +// is a no-op. +func (proc *Handle) Close() error { + var err error + if proc.inner != nil { + err = proc.inner.Close() + } + return err +} + +// OpenOption is a configuration function passed as an argument to [Open]. +type OpenOption func(*libpathrs.ProcfsOpenHow) error + +// UnmaskedProcRoot can be passed to [Open] to request an unmasked procfs +// handle be created. +// +// procfs, err := procfs.OpenRoot(procfs.UnmaskedProcRoot) +func UnmaskedProcRoot(how *libpathrs.ProcfsOpenHow) error { + *how.Flags() |= libpathrs.ProcfsNewUnmasked + return nil +} + +// Open creates a new [Handle] to a safe "/proc", based on the passed +// configuration options (in the form of a series of [OpenOption]s). +func Open(opts ...OpenOption) (*Handle, error) { + var how libpathrs.ProcfsOpenHow + for _, opt := range opts { + if err := opt(&how); err != nil { + return nil, err + } + } + fd, err := libpathrs.ProcfsOpen(&how) + if err != nil { + return nil, err + } + var procFile *os.File + if int(fd) >= 0 { + procFile = os.NewFile(fd, "/proc") + } + // TODO: Check that fd == PATHRS_PROC_DEFAULT_ROOTFD in the <0 case? + return &Handle{inner: procFile}, nil +} + +// TODO: Switch to something fdutils.WithFileFd-like. +func (proc *Handle) fd() int { + if proc.inner != nil { + return int(proc.inner.Fd()) + } + return libpathrs.ProcDefaultRootFd +} + +// TODO: Should we expose open? +func (proc *Handle) open(base ProcBase, path string, flags int) (_ *os.File, Closer ThreadCloser, Err error) { + var closer ThreadCloser + if base == ProcThreadSelf { + runtime.LockOSThread() + closer = runtime.UnlockOSThread + } + defer func() { + if closer != nil && Err != nil { + closer() + Closer = nil + } + }() + + fd, err := libpathrs.ProcOpenat(proc.fd(), base.inner, path, flags) + if err != nil { + return nil, nil, err + } + file, err := fdutils.MkFile(fd) + return file, closer, err +} + +// OpenRoot safely opens a given path from inside /proc/. +// +// This function must only be used for accessing global information from procfs +// (such as /proc/cpuinfo) or information about other processes (such as +// /proc/1). Accessing your own process information should be done using +// [Handle.OpenSelf] or [Handle.OpenThreadSelf]. +func (proc *Handle) OpenRoot(path string, flags int) (*os.File, error) { + file, closer, err := proc.open(ProcRoot, path, flags) + if closer != nil { + // should not happen + panic("non-zero closer returned from procOpen(ProcRoot)") + } + return file, err +} + +// OpenSelf safely opens a given path from inside /proc/self/. +// +// This method is recommend for getting process information about the current +// process for almost all Go processes *except* for cases where there are +// [runtime.LockOSThread] threads that have changed some aspect of their state +// (such as through unshare(CLONE_FS) or changing namespaces). +// +// For such non-heterogeneous processes, /proc/self may reference to a task +// that has different state from the current goroutine and so it may be +// preferable to use [Handle.OpenThreadSelf]. The same is true if a user +// really wants to inspect the current OS thread's information (such as +// /proc/thread-self/stack or /proc/thread-self/status which is always uniquely +// per-thread). +// +// Unlike [Handle.OpenThreadSelf], this method does not involve locking +// the goroutine to the current OS thread and so is simpler to use and +// theoretically has slightly less overhead. +// +// [runtime.LockOSThread]: https://pkg.go.dev/runtime#LockOSThread +func (proc *Handle) OpenSelf(path string, flags int) (*os.File, error) { + file, closer, err := proc.open(ProcSelf, path, flags) + if closer != nil { + // should not happen + panic("non-zero closer returned from procOpen(ProcSelf)") + } + return file, err +} + +// OpenPid safely opens a given path from inside /proc/$pid/, where pid can be +// either a PID or TID. +// +// This is effectively equivalent to calling [Handle.OpenRoot] with the +// pid prefixed to the subpath. +// +// Be aware that due to PID recycling, using this is generally not safe except +// in certain circumstances. See the documentation of [ProcPid] for more +// details. +func (proc *Handle) OpenPid(pid int, path string, flags int) (*os.File, error) { + file, closer, err := proc.open(ProcPid(pid), path, flags) + if closer != nil { + // should not happen + panic("non-zero closer returned from procOpen(ProcPidOpen)") + } + return file, err +} + +// OpenThreadSelf safely opens a given path from inside /proc/thread-self/. +// +// Most Go processes have heterogeneous threads (all threads have most of the +// same kernel state such as CLONE_FS) and so [Handle.OpenSelf] is +// preferable for most users. +// +// For non-heterogeneous threads, or users that actually want thread-specific +// information (such as /proc/thread-self/stack or /proc/thread-self/status), +// this method is necessary. +// +// Because Go can change the running OS thread of your goroutine without notice +// (and then subsequently kill the old thread), this method will lock the +// current goroutine to the OS thread (with [runtime.LockOSThread]) and the +// caller is responsible for unlocking the the OS thread with the +// [ThreadCloser] callback once they are done using the returned file. This +// callback MUST be called AFTER you have finished using the returned +// [os.File]. This callback is completely separate to [os.File.Close], so it +// must be called regardless of how you close the handle. +// +// [runtime.LockOSThread]: https://pkg.go.dev/runtime#LockOSThread +// [os.File]: https://pkg.go.dev/os#File +// [os.File.Close]: https://pkg.go.dev/os#File.Close +func (proc *Handle) OpenThreadSelf(path string, flags int) (*os.File, ThreadCloser, error) { + return proc.open(ProcThreadSelf, path, flags) +} + +// Readlink safely reads the contents of a symlink from the given procfs base. +// +// This is effectively equivalent to doing an Open*(O_PATH|O_NOFOLLOW) of the +// path and then doing unix.Readlinkat(fd, ""), but with the benefit that +// thread locking is not necessary for [ProcThreadSelf]. +func (proc *Handle) Readlink(base ProcBase, path string) (string, error) { + return libpathrs.ProcReadlinkat(proc.fd(), base.inner, path) +} diff --git a/vendor/cyphar.com/go-pathrs/root_linux.go b/vendor/cyphar.com/go-pathrs/root_linux.go new file mode 100644 index 00000000000..edc9e4c87f9 --- /dev/null +++ b/vendor/cyphar.com/go-pathrs/root_linux.go @@ -0,0 +1,367 @@ +//go:build linux + +// SPDX-License-Identifier: MPL-2.0 +/* + * libpathrs: safe path resolution on Linux + * Copyright (C) 2019-2025 Aleksa Sarai + * Copyright (C) 2019-2025 SUSE LLC + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at https://mozilla.org/MPL/2.0/. + */ + +package pathrs + +import ( + "errors" + "fmt" + "os" + "syscall" + + "cyphar.com/go-pathrs/internal/fdutils" + "cyphar.com/go-pathrs/internal/libpathrs" +) + +// Root is a handle to the root of a directory tree to resolve within. The only +// purpose of this "root handle" is to perform operations within the directory +// tree, or to get a [Handle] to inodes within the directory tree. +// +// At time of writing, it is considered a *VERY BAD IDEA* to open a [Root] +// inside a possibly-attacker-controlled directory tree. While we do have +// protections that should defend against it, it's far more dangerous than just +// opening a directory tree which is not inside a potentially-untrusted +// directory. +type Root struct { + inner *os.File +} + +// OpenRoot creates a new [Root] handle to the directory at the given path. +func OpenRoot(path string) (*Root, error) { + fd, err := libpathrs.OpenRoot(path) + if err != nil { + return nil, err + } + file, err := fdutils.MkFile(fd) + if err != nil { + return nil, err + } + return &Root{inner: file}, nil +} + +// RootFromFile creates a new [Root] handle from an [os.File] referencing a +// directory. The provided file will be duplicated, so the original file should +// still be closed by the caller. +// +// This is effectively the inverse operation of [Root.IntoFile]. +// +// [os.File]: https://pkg.go.dev/os#File +func RootFromFile(file *os.File) (*Root, error) { + newFile, err := fdutils.DupFile(file) + if err != nil { + return nil, fmt.Errorf("duplicate root fd: %w", err) + } + return &Root{inner: newFile}, nil +} + +// Resolve resolves the given path within the [Root]'s directory tree, and +// returns a [Handle] to the resolved path. The path must already exist, +// otherwise an error will occur. +// +// All symlinks (including trailing symlinks) are followed, but they are +// resolved within the rootfs. If you wish to open a handle to the symlink +// itself, use [ResolveNoFollow]. +func (r *Root) Resolve(path string) (*Handle, error) { + return fdutils.WithFileFd(r.inner, func(rootFd uintptr) (*Handle, error) { + handleFd, err := libpathrs.InRootResolve(rootFd, path) + if err != nil { + return nil, err + } + handleFile, err := fdutils.MkFile(handleFd) + if err != nil { + return nil, err + } + return &Handle{inner: handleFile}, nil + }) +} + +// ResolveNoFollow is effectively an O_NOFOLLOW version of [Resolve]. Their +// behaviour is identical, except that *trailing* symlinks will not be +// followed. If the final component is a trailing symlink, an O_PATH|O_NOFOLLOW +// handle to the symlink itself is returned. +func (r *Root) ResolveNoFollow(path string) (*Handle, error) { + return fdutils.WithFileFd(r.inner, func(rootFd uintptr) (*Handle, error) { + handleFd, err := libpathrs.InRootResolveNoFollow(rootFd, path) + if err != nil { + return nil, err + } + handleFile, err := fdutils.MkFile(handleFd) + if err != nil { + return nil, err + } + return &Handle{inner: handleFile}, nil + }) +} + +// Open is effectively shorthand for [Resolve] followed by [Handle.Open], but +// can be slightly more efficient (it reduces CGo overhead and the number of +// syscalls used when using the openat2-based resolver) and is arguably more +// ergonomic to use. +// +// This is effectively equivalent to [os.Open]. +// +// [os.Open]: https://pkg.go.dev/os#Open +func (r *Root) Open(path string) (*os.File, error) { + return r.OpenFile(path, os.O_RDONLY) +} + +// OpenFile is effectively shorthand for [Resolve] followed by +// [Handle.OpenFile], but can be slightly more efficient (it reduces CGo +// overhead and the number of syscalls used when using the openat2-based +// resolver) and is arguably more ergonomic to use. +// +// However, if flags contains os.O_NOFOLLOW and the path is a symlink, then +// OpenFile's behaviour will match that of openat2. In most cases an error will +// be returned, but if os.O_PATH is provided along with os.O_NOFOLLOW then a +// file equivalent to [ResolveNoFollow] will be returned instead. +// +// This is effectively equivalent to [os.OpenFile], except that os.O_CREAT is +// not supported. +// +// [os.OpenFile]: https://pkg.go.dev/os#OpenFile +func (r *Root) OpenFile(path string, flags int) (*os.File, error) { + return fdutils.WithFileFd(r.inner, func(rootFd uintptr) (*os.File, error) { + fd, err := libpathrs.InRootOpen(rootFd, path, flags) + if err != nil { + return nil, err + } + return fdutils.MkFile(fd) + }) +} + +// Create creates a file within the [Root]'s directory tree at the given path, +// and returns a handle to the file. The provided mode is used for the new file +// (the process's umask applies). +// +// Unlike [os.Create], if the file already exists an error is created rather +// than the file being opened and truncated. +// +// [os.Create]: https://pkg.go.dev/os#Create +func (r *Root) Create(path string, flags int, mode os.FileMode) (*os.File, error) { + unixMode, err := toUnixMode(mode, false) + if err != nil { + return nil, err + } + return fdutils.WithFileFd(r.inner, func(rootFd uintptr) (*os.File, error) { + handleFd, err := libpathrs.InRootCreat(rootFd, path, flags, unixMode) + if err != nil { + return nil, err + } + return fdutils.MkFile(handleFd) + }) +} + +// Rename two paths within a [Root]'s directory tree. The flags argument is +// identical to the RENAME_* flags to the renameat2(2) system call. +func (r *Root) Rename(src, dst string, flags uint) error { + _, err := fdutils.WithFileFd(r.inner, func(rootFd uintptr) (struct{}, error) { + err := libpathrs.InRootRename(rootFd, src, dst, flags) + return struct{}{}, err + }) + return err +} + +// RemoveDir removes the named empty directory within a [Root]'s directory +// tree. +func (r *Root) RemoveDir(path string) error { + _, err := fdutils.WithFileFd(r.inner, func(rootFd uintptr) (struct{}, error) { + err := libpathrs.InRootRmdir(rootFd, path) + return struct{}{}, err + }) + return err +} + +// RemoveFile removes the named file within a [Root]'s directory tree. +func (r *Root) RemoveFile(path string) error { + _, err := fdutils.WithFileFd(r.inner, func(rootFd uintptr) (struct{}, error) { + err := libpathrs.InRootUnlink(rootFd, path) + return struct{}{}, err + }) + return err +} + +// Remove removes the named file or (empty) directory within a [Root]'s +// directory tree. +// +// This is effectively equivalent to [os.Remove]. +// +// [os.Remove]: https://pkg.go.dev/os#Remove +func (r *Root) Remove(path string) error { + // In order to match os.Remove's implementation we need to also do both + // syscalls unconditionally and adjust the error based on whether + // pathrs_inroot_rmdir() returned ENOTDIR. + unlinkErr := r.RemoveFile(path) + if unlinkErr == nil { + return nil + } + rmdirErr := r.RemoveDir(path) + if rmdirErr == nil { + return nil + } + // Both failed, adjust the error in the same way that os.Remove does. + err := rmdirErr + if errors.Is(err, syscall.ENOTDIR) { + err = unlinkErr + } + return err +} + +// RemoveAll recursively deletes a path and all of its children. +// +// This is effectively equivalent to [os.RemoveAll]. +// +// [os.RemoveAll]: https://pkg.go.dev/os#RemoveAll +func (r *Root) RemoveAll(path string) error { + _, err := fdutils.WithFileFd(r.inner, func(rootFd uintptr) (struct{}, error) { + err := libpathrs.InRootRemoveAll(rootFd, path) + return struct{}{}, err + }) + return err +} + +// Mkdir creates a directory within a [Root]'s directory tree. The provided +// mode is used for the new directory (the process's umask applies). +// +// This is effectively equivalent to [os.Mkdir]. +// +// [os.Mkdir]: https://pkg.go.dev/os#Mkdir +func (r *Root) Mkdir(path string, mode os.FileMode) error { + unixMode, err := toUnixMode(mode, false) + if err != nil { + return err + } + + _, err = fdutils.WithFileFd(r.inner, func(rootFd uintptr) (struct{}, error) { + err := libpathrs.InRootMkdir(rootFd, path, unixMode) + return struct{}{}, err + }) + return err +} + +// MkdirAll creates a directory (and any parent path components if they don't +// exist) within a [Root]'s directory tree. The provided mode is used for any +// directories created by this function (the process's umask applies). +// +// This is effectively equivalent to [os.MkdirAll]. +// +// [os.MkdirAll]: https://pkg.go.dev/os#MkdirAll +func (r *Root) MkdirAll(path string, mode os.FileMode) (*Handle, error) { + unixMode, err := toUnixMode(mode, false) + if err != nil { + return nil, err + } + + return fdutils.WithFileFd(r.inner, func(rootFd uintptr) (*Handle, error) { + handleFd, err := libpathrs.InRootMkdirAll(rootFd, path, unixMode) + if err != nil { + return nil, err + } + handleFile, err := fdutils.MkFile(handleFd) + if err != nil { + return nil, err + } + return &Handle{inner: handleFile}, err + }) +} + +// Mknod creates a new device inode of the given type within a [Root]'s +// directory tree. The provided mode is used for the new directory (the +// process's umask applies). +// +// This is effectively equivalent to [unix.Mknod]. +// +// [unix.Mknod]: https://pkg.go.dev/golang.org/x/sys/unix#Mknod +func (r *Root) Mknod(path string, mode os.FileMode, dev uint64) error { + unixMode, err := toUnixMode(mode, true) + if err != nil { + return err + } + + _, err = fdutils.WithFileFd(r.inner, func(rootFd uintptr) (struct{}, error) { + err := libpathrs.InRootMknod(rootFd, path, unixMode, dev) + return struct{}{}, err + }) + return err +} + +// Symlink creates a symlink within a [Root]'s directory tree. The symlink is +// created at path and is a link to target. +// +// This is effectively equivalent to [os.Symlink]. +// +// [os.Symlink]: https://pkg.go.dev/os#Symlink +func (r *Root) Symlink(path, target string) error { + _, err := fdutils.WithFileFd(r.inner, func(rootFd uintptr) (struct{}, error) { + err := libpathrs.InRootSymlink(rootFd, path, target) + return struct{}{}, err + }) + return err +} + +// Hardlink creates a hardlink within a [Root]'s directory tree. The hardlink +// is created at path and is a link to target. Both paths are within the +// [Root]'s directory tree (you cannot hardlink to a different [Root] or the +// host). +// +// This is effectively equivalent to [os.Link]. +// +// [os.Link]: https://pkg.go.dev/os#Link +func (r *Root) Hardlink(path, target string) error { + _, err := fdutils.WithFileFd(r.inner, func(rootFd uintptr) (struct{}, error) { + err := libpathrs.InRootHardlink(rootFd, path, target) + return struct{}{}, err + }) + return err +} + +// Readlink returns the target of a symlink with a [Root]'s directory tree. +// +// This is effectively equivalent to [os.Readlink]. +// +// [os.Readlink]: https://pkg.go.dev/os#Readlink +func (r *Root) Readlink(path string) (string, error) { + return fdutils.WithFileFd(r.inner, func(rootFd uintptr) (string, error) { + return libpathrs.InRootReadlink(rootFd, path) + }) +} + +// IntoFile unwraps the [Root] into its underlying [os.File]. +// +// It is critical that you do not operate on this file descriptor yourself, +// because the security properties of libpathrs depend on users doing all +// relevant filesystem operations through libpathrs. +// +// This operation returns the internal [os.File] of the [Root] directly, so +// calling [Root.Close] will also close any copies of the returned [os.File]. +// If you want to get an independent copy, use [Root.Clone] followed by +// [Root.IntoFile] on the cloned [Root]. +// +// [os.File]: https://pkg.go.dev/os#File +func (r *Root) IntoFile() *os.File { + // TODO: Figure out if we really don't want to make a copy. + // TODO: We almost certainly want to clear r.inner here, but we can't do + // that easily atomically (we could use atomic.Value but that'll make + // things quite a bit uglier). + return r.inner +} + +// Clone creates a copy of a [Root] handle, such that it has a separate +// lifetime to the original (while referring to the same underlying directory). +func (r *Root) Clone() (*Root, error) { + return RootFromFile(r.inner) +} + +// Close frees all of the resources used by the [Root] handle. +func (r *Root) Close() error { + return r.inner.Close() +} diff --git a/vendor/cyphar.com/go-pathrs/utils_linux.go b/vendor/cyphar.com/go-pathrs/utils_linux.go new file mode 100644 index 00000000000..2208d608f8d --- /dev/null +++ b/vendor/cyphar.com/go-pathrs/utils_linux.go @@ -0,0 +1,56 @@ +//go:build linux + +// SPDX-License-Identifier: MPL-2.0 +/* + * libpathrs: safe path resolution on Linux + * Copyright (C) 2019-2025 Aleksa Sarai + * Copyright (C) 2019-2025 SUSE LLC + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at https://mozilla.org/MPL/2.0/. + */ + +package pathrs + +import ( + "fmt" + "os" + + "golang.org/x/sys/unix" +) + +//nolint:cyclop // this function needs to handle a lot of cases +func toUnixMode(mode os.FileMode, needsType bool) (uint32, error) { + sysMode := uint32(mode.Perm()) + switch mode & os.ModeType { //nolint:exhaustive // we only care about ModeType bits + case 0: + if needsType { + sysMode |= unix.S_IFREG + } + case os.ModeDir: + sysMode |= unix.S_IFDIR + case os.ModeSymlink: + sysMode |= unix.S_IFLNK + case os.ModeCharDevice | os.ModeDevice: + sysMode |= unix.S_IFCHR + case os.ModeDevice: + sysMode |= unix.S_IFBLK + case os.ModeNamedPipe: + sysMode |= unix.S_IFIFO + case os.ModeSocket: + sysMode |= unix.S_IFSOCK + default: + return 0, fmt.Errorf("invalid mode filetype %+o", mode) + } + if mode&os.ModeSetuid != 0 { + sysMode |= unix.S_ISUID + } + if mode&os.ModeSetgid != 0 { + sysMode |= unix.S_ISGID + } + if mode&os.ModeSticky != 0 { + sysMode |= unix.S_ISVTX + } + return sysMode, nil +} diff --git a/vendor/github.com/cyphar/filepath-securejoin/.golangci.yml b/vendor/github.com/cyphar/filepath-securejoin/.golangci.yml index e965034ed36..3e8dd99bd7f 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/.golangci.yml +++ b/vendor/github.com/cyphar/filepath-securejoin/.golangci.yml @@ -9,6 +9,10 @@ version: "2" +run: + build-tags: + - libpathrs + linters: enable: - asasalint diff --git a/vendor/github.com/cyphar/filepath-securejoin/CHANGELOG.md b/vendor/github.com/cyphar/filepath-securejoin/CHANGELOG.md index 3faee0bc55b..734cf61e322 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/CHANGELOG.md +++ b/vendor/github.com/cyphar/filepath-securejoin/CHANGELOG.md @@ -4,7 +4,64 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/). -## [Unreleased 0.5.z] ## +## [Unreleased] ## + +## [0.6.0] - 2025-11-03 ## + +> By the Power of Greyskull! + +While quite small code-wise, this release marks a very key point in the +development of filepath-securejoin. + +filepath-securejoin was originally intended (back in 2017) to simply be a +single-purpose library that would take some common code used in container +runtimes (specifically, Docker's `FollowSymlinksInScope`) and make it more +general-purpose (with the eventual goals of it ending up in the Go stdlib). + +Of course, I quickly discovered that this problem was actually far more +complicated to solve when dealing with racing attackers, which lead to me +developing `openat2(2)` and [libpathrs][]. I had originally planned for +libpathrs to completely replace filepath-securejoin "once it was ready" but in +the interim we needed to fix several race attacks in runc as part of security +advisories. Obviously we couldn't require the usage of a pre-0.1 Rust library +in runc so it was necessary to port bits of libpathrs into filepath-securejoin. +(Ironically the first prototypes of libpathrs were originally written in Go and +then rewritten to Rust, so the code in filepath-securejoin is actually Go code +that was rewritten to Rust then re-rewritten to Go.) + +It then became clear that pure-Go libraries will likely not be willing to +require CGo for all of their builds, so it was necessary to accept that +filepath-securejoin will need to stay. As such, in v0.5.0 we provided more +pure-Go implementations of features from libpathrs but moved them into +`pathrs-lite` subpackage to clarify what purpose these helpers serve. + +This release finally closes the loop and makes it so that pathrs-lite can +transparently use libpathrs (via a `libpathrs` build-tag). This means that +upstream libraries can use the pure Go version if they prefer, but downstreams +(either downstream library users or even downstream distributions) are able to +migrate to libpathrs for all usages of pathrs-lite in an entire Go binary. + +I should make it clear that I do not plan to port the rest of libpathrs to Go, +as I do not wish to maintain two copies of the same codebase. pathrs-lite +already provides the core essentials necessary to operate on paths safely for +most modern systems. Users who want additional hardening or more ergonomic APIs +are free to use [`cyphar.com/go-pathrs`][go-pathrs] (libpathrs's Go bindings). + +[libpathrs]: https://github.com/cyphar/libpathrs +[go-pathrs]: https://cyphar.com/go-pathrs + +### Breaking ### +- The deprecated `MkdirAll`, `MkdirAllHandle`, `OpenInRoot`, `OpenatInRoot` and + `Reopen` wrappers have been removed. Please switch to using `pathrs-lite` + directly. + +### Added ### +- `pathrs-lite` now has support for using [libpathrs][libpathrs] as a backend. + This is opt-in and can be enabled at build time with the `libpathrs` build + tag. The intention is to allow for downstream libraries and other projects to + make use of the pure-Go `github.com/cyphar/filepath-securejoin/pathrs-lite` + package and distributors can then opt-in to using `libpathrs` for the entire + binary if they wish. ## [0.5.1] - 2025-10-31 ## @@ -383,7 +440,8 @@ This is our first release of `github.com/cyphar/filepath-securejoin`, containing a full implementation with a coverage of 93.5% (the only missing cases are the error cases, which are hard to mocktest at the moment). -[Unreleased 0.5.z]: https://github.com/cyphar/filepath-securejoin/compare/v0.5.1...release-0.5 +[Unreleased]: https://github.com/cyphar/filepath-securejoin/compare/v0.6.0...HEAD +[0.6.0]: https://github.com/cyphar/filepath-securejoin/compare/v0.5.1...v0.6.0 [0.5.1]: https://github.com/cyphar/filepath-securejoin/compare/v0.5.0...v0.5.1 [0.5.0]: https://github.com/cyphar/filepath-securejoin/compare/v0.4.1...v0.5.0 [0.4.1]: https://github.com/cyphar/filepath-securejoin/compare/v0.4.0...v0.4.1 diff --git a/vendor/github.com/cyphar/filepath-securejoin/VERSION b/vendor/github.com/cyphar/filepath-securejoin/VERSION index 4b9fcbec101..a918a2aa18d 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/VERSION +++ b/vendor/github.com/cyphar/filepath-securejoin/VERSION @@ -1 +1 @@ -0.5.1 +0.6.0 diff --git a/vendor/github.com/cyphar/filepath-securejoin/deprecated_linux.go b/vendor/github.com/cyphar/filepath-securejoin/deprecated_linux.go deleted file mode 100644 index 3e427b16409..00000000000 --- a/vendor/github.com/cyphar/filepath-securejoin/deprecated_linux.go +++ /dev/null @@ -1,48 +0,0 @@ -// SPDX-License-Identifier: MPL-2.0 - -//go:build linux - -// Copyright (C) 2024-2025 Aleksa Sarai -// Copyright (C) 2024-2025 SUSE LLC -// -// This Source Code Form is subject to the terms of the Mozilla Public -// License, v. 2.0. If a copy of the MPL was not distributed with this -// file, You can obtain one at https://mozilla.org/MPL/2.0/. - -package securejoin - -import ( - "github.com/cyphar/filepath-securejoin/pathrs-lite" -) - -var ( - // MkdirAll is a wrapper around [pathrs.MkdirAll]. - // - // Deprecated: You should use [pathrs.MkdirAll] directly instead. This - // wrapper will be removed in filepath-securejoin v0.6. - MkdirAll = pathrs.MkdirAll - - // MkdirAllHandle is a wrapper around [pathrs.MkdirAllHandle]. - // - // Deprecated: You should use [pathrs.MkdirAllHandle] directly instead. - // This wrapper will be removed in filepath-securejoin v0.6. - MkdirAllHandle = pathrs.MkdirAllHandle - - // OpenInRoot is a wrapper around [pathrs.OpenInRoot]. - // - // Deprecated: You should use [pathrs.OpenInRoot] directly instead. This - // wrapper will be removed in filepath-securejoin v0.6. - OpenInRoot = pathrs.OpenInRoot - - // OpenatInRoot is a wrapper around [pathrs.OpenatInRoot]. - // - // Deprecated: You should use [pathrs.OpenatInRoot] directly instead. This - // wrapper will be removed in filepath-securejoin v0.6. - OpenatInRoot = pathrs.OpenatInRoot - - // Reopen is a wrapper around [pathrs.Reopen]. - // - // Deprecated: You should use [pathrs.Reopen] directly instead. This - // wrapper will be removed in filepath-securejoin v0.6. - Reopen = pathrs.Reopen -) diff --git a/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/README.md b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/README.md index 1be727e75b3..bb95b028c67 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/README.md +++ b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/README.md @@ -5,11 +5,13 @@ Go** implementation of the core bits of [libpathrs][]. This is not intended to be a complete replacement for libpathrs, instead it is mainly intended to be useful as a transition tool for existing Go projects. -The long-term plan for `pathrs-lite` is to provide a build tag that will cause -all `pathrs-lite` operations to call into libpathrs directly, thus removing -code duplication for projects that wish to make use of libpathrs (and providing -the ability for software packagers to opt-in to libpathrs support without -needing to patch upstream). +`pathrs-lite` also provides a very easy way to switch to `libpathrs` (even for +downstreams where `pathrs-lite` is being used in a third-party package and is +not interested in using CGo). At build time, if you use the `libpathrs` build +tag then `pathrs-lite` will use `libpathrs` directly instead of the pure Go +implementation. The two backends are functionally equivalent (and we have +integration tests to verify this), so this migration should be very easy with +no user-visible impact. [libpathrs]: https://github.com/cyphar/libpathrs diff --git a/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/doc.go b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/doc.go index d3d74517500..61411da37af 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/doc.go +++ b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/doc.go @@ -11,4 +11,6 @@ // Package pathrs (pathrs-lite) is a less complete pure Go implementation of // some of the APIs provided by [libpathrs]. +// +// [libpathrs]: https://github.com/cyphar/libpathrs package pathrs diff --git a/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gopathrs/doc.go b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gopathrs/doc.go new file mode 100644 index 00000000000..2ddb71e8445 --- /dev/null +++ b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gopathrs/doc.go @@ -0,0 +1,16 @@ +// SPDX-License-Identifier: MPL-2.0 + +//go:build linux + +// Copyright (C) 2024-2025 Aleksa Sarai +// Copyright (C) 2024-2025 SUSE LLC +// +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at https://mozilla.org/MPL/2.0/. + +// Package gopathrs is a less complete pure Go implementation of some of the +// APIs provided by [libpathrs]. +// +// [libpathrs]: https://github.com/cyphar/libpathrs +package gopathrs diff --git a/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/lookup_linux.go b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gopathrs/lookup_linux.go similarity index 98% rename from vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/lookup_linux.go rename to vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gopathrs/lookup_linux.go index f47504e663c..56480f0cee1 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/lookup_linux.go +++ b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gopathrs/lookup_linux.go @@ -9,7 +9,7 @@ // License, v. 2.0. If a copy of the MPL was not distributed with this // file, You can obtain one at https://mozilla.org/MPL/2.0/. -package pathrs +package gopathrs import ( "errors" @@ -166,11 +166,11 @@ func (s *symlinkStack) PopTopSymlink() (*os.File, string, bool) { return tailEntry.dir, tailEntry.remainingPath, true } -// partialLookupInRoot tries to lookup as much of the request path as possible +// PartialLookupInRoot tries to lookup as much of the request path as possible // within the provided root (a-la RESOLVE_IN_ROOT) and opens the final existing // component of the requested path, returning a file handle to the final // existing component and a string containing the remaining path components. -func partialLookupInRoot(root fd.Fd, unsafePath string) (*os.File, string, error) { +func PartialLookupInRoot(root fd.Fd, unsafePath string) (*os.File, string, error) { return lookupInRoot(root, unsafePath, true) } diff --git a/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/mkdir_linux.go b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gopathrs/mkdir_linux.go similarity index 81% rename from vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/mkdir_linux.go rename to vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gopathrs/mkdir_linux.go index f3c62b0dac6..21a5593f44f 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/mkdir_linux.go +++ b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gopathrs/mkdir_linux.go @@ -9,7 +9,7 @@ // License, v. 2.0. If a copy of the MPL was not distributed with this // file, You can obtain one at https://mozilla.org/MPL/2.0/. -package pathrs +package gopathrs import ( "errors" @@ -23,9 +23,12 @@ import ( "github.com/cyphar/filepath-securejoin/pathrs-lite/internal/fd" "github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gocompat" "github.com/cyphar/filepath-securejoin/pathrs-lite/internal/linux" + "github.com/cyphar/filepath-securejoin/pathrs-lite/internal/procfs" ) -var errInvalidMode = errors.New("invalid permission mode") +// ErrInvalidMode is returned from [MkdirAll] when the requested mode is +// invalid. +var ErrInvalidMode = errors.New("invalid permission mode") // modePermExt is like os.ModePerm except that it also includes the set[ug]id // and sticky bits. @@ -45,11 +48,11 @@ func toUnixMode(mode os.FileMode) (uint32, error) { } // We don't allow file type bits. if mode&os.ModeType != 0 { - return 0, fmt.Errorf("%w %+.3o (%s): type bits not permitted", errInvalidMode, mode, mode) + return 0, fmt.Errorf("%w %+.3o (%s): type bits not permitted", ErrInvalidMode, mode, mode) } // We don't allow other unknown modes. if mode&^modePermExt != 0 || sysMode&unix.S_IFMT != 0 { - return 0, fmt.Errorf("%w %+.3o (%s): unknown mode bits", errInvalidMode, mode, mode) + return 0, fmt.Errorf("%w %+.3o (%s): unknown mode bits", ErrInvalidMode, mode, mode) } return sysMode, nil } @@ -84,11 +87,11 @@ func MkdirAllHandle(root *os.File, unsafePath string, mode os.FileMode) (_ *os.F // users it seems more prudent to return an error so users notice that // these bits will not be set. if unixMode&^0o1777 != 0 { - return nil, fmt.Errorf("%w for mkdir %+.3o: suid and sgid are ignored by mkdir", errInvalidMode, mode) + return nil, fmt.Errorf("%w for mkdir %+.3o: suid and sgid are ignored by mkdir", ErrInvalidMode, mode) } // Try to open as much of the path as possible. - currentDir, remainingPath, err := partialLookupInRoot(root, unsafePath) + currentDir, remainingPath, err := PartialLookupInRoot(root, unsafePath) defer func() { if Err != nil { _ = currentDir.Close() @@ -117,7 +120,7 @@ func MkdirAllHandle(root *os.File, unsafePath string, mode os.FileMode) (_ *os.F // Re-open the path to match the O_DIRECTORY reopen loop later (so that we // always return a non-O_PATH handle). We also check that we actually got a // directory. - if reopenDir, err := Reopen(currentDir, unix.O_DIRECTORY|unix.O_CLOEXEC); errors.Is(err, unix.ENOTDIR) { + if reopenDir, err := procfs.ReopenFd(currentDir, unix.O_DIRECTORY|unix.O_CLOEXEC); errors.Is(err, unix.ENOTDIR) { return nil, fmt.Errorf("cannot create subdirectories in %q: %w", currentDir.Name(), unix.ENOTDIR) } else if err != nil { return nil, fmt.Errorf("re-opening handle to %q: %w", currentDir.Name(), err) @@ -207,40 +210,3 @@ func MkdirAllHandle(root *os.File, unsafePath string, mode os.FileMode) (_ *os.F } return currentDir, nil } - -// MkdirAll is a race-safe alternative to the [os.MkdirAll] function, -// where the new directory is guaranteed to be within the root directory (if an -// attacker can move directories from inside the root to outside the root, the -// created directory tree might be outside of the root but the key constraint -// is that at no point will we walk outside of the directory tree we are -// creating). -// -// Effectively, MkdirAll(root, unsafePath, mode) is equivalent to -// -// path, _ := securejoin.SecureJoin(root, unsafePath) -// err := os.MkdirAll(path, mode) -// -// But is much safer. The above implementation is unsafe because if an attacker -// can modify the filesystem tree between [SecureJoin] and [os.MkdirAll], it is -// possible for MkdirAll to resolve unsafe symlink components and create -// directories outside of the root. -// -// If you plan to open the directory after you have created it or want to use -// an open directory handle as the root, you should use [MkdirAllHandle] instead. -// This function is a wrapper around [MkdirAllHandle]. -// -// [SecureJoin]: https://pkg.go.dev/github.com/cyphar/filepath-securejoin#SecureJoin -func MkdirAll(root, unsafePath string, mode os.FileMode) error { - rootDir, err := os.OpenFile(root, unix.O_PATH|unix.O_DIRECTORY|unix.O_CLOEXEC, 0) - if err != nil { - return err - } - defer rootDir.Close() //nolint:errcheck // close failures aren't critical here - - f, err := MkdirAllHandle(rootDir, unsafePath, mode) - if err != nil { - return err - } - _ = f.Close() - return nil -} diff --git a/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gopathrs/open_linux.go b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gopathrs/open_linux.go new file mode 100644 index 00000000000..cd9632a9588 --- /dev/null +++ b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gopathrs/open_linux.go @@ -0,0 +1,26 @@ +// SPDX-License-Identifier: MPL-2.0 + +//go:build linux + +// Copyright (C) 2024-2025 Aleksa Sarai +// Copyright (C) 2024-2025 SUSE LLC +// +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at https://mozilla.org/MPL/2.0/. + +package gopathrs + +import ( + "os" +) + +// OpenatInRoot is equivalent to [OpenInRoot], except that the root is provided +// using an *[os.File] handle, to ensure that the correct root directory is used. +func OpenatInRoot(root *os.File, unsafePath string) (*os.File, error) { + handle, err := completeLookupInRoot(root, unsafePath) + if err != nil { + return nil, &os.PathError{Op: "securejoin.OpenInRoot", Path: unsafePath, Err: err} + } + return handle, nil +} diff --git a/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/openat2_linux.go b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gopathrs/openat2_linux.go similarity index 99% rename from vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/openat2_linux.go rename to vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gopathrs/openat2_linux.go index 937bc435f2b..b80ecd08953 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/openat2_linux.go +++ b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gopathrs/openat2_linux.go @@ -9,7 +9,7 @@ // License, v. 2.0. If a copy of the MPL was not distributed with this // file, You can obtain one at https://mozilla.org/MPL/2.0/. -package pathrs +package gopathrs import ( "errors" diff --git a/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/mkdir.go b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/mkdir.go new file mode 100644 index 00000000000..b43169564af --- /dev/null +++ b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/mkdir.go @@ -0,0 +1,55 @@ +// SPDX-License-Identifier: MPL-2.0 + +//go:build linux + +// Copyright (C) 2024-2025 Aleksa Sarai +// Copyright (C) 2024-2025 SUSE LLC +// +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at https://mozilla.org/MPL/2.0/. + +package pathrs + +import ( + "os" + + "golang.org/x/sys/unix" +) + +// MkdirAll is a race-safe alternative to the [os.MkdirAll] function, +// where the new directory is guaranteed to be within the root directory (if an +// attacker can move directories from inside the root to outside the root, the +// created directory tree might be outside of the root but the key constraint +// is that at no point will we walk outside of the directory tree we are +// creating). +// +// Effectively, MkdirAll(root, unsafePath, mode) is equivalent to +// +// path, _ := securejoin.SecureJoin(root, unsafePath) +// err := os.MkdirAll(path, mode) +// +// But is much safer. The above implementation is unsafe because if an attacker +// can modify the filesystem tree between [SecureJoin] and [os.MkdirAll], it is +// possible for MkdirAll to resolve unsafe symlink components and create +// directories outside of the root. +// +// If you plan to open the directory after you have created it or want to use +// an open directory handle as the root, you should use [MkdirAllHandle] instead. +// This function is a wrapper around [MkdirAllHandle]. +// +// [SecureJoin]: https://pkg.go.dev/github.com/cyphar/filepath-securejoin#SecureJoin +func MkdirAll(root, unsafePath string, mode os.FileMode) error { + rootDir, err := os.OpenFile(root, unix.O_PATH|unix.O_DIRECTORY|unix.O_CLOEXEC, 0) + if err != nil { + return err + } + defer rootDir.Close() //nolint:errcheck // close failures aren't critical here + + f, err := MkdirAllHandle(rootDir, unsafePath, mode) + if err != nil { + return err + } + _ = f.Close() + return nil +} diff --git a/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/mkdir_libpathrs.go b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/mkdir_libpathrs.go new file mode 100644 index 00000000000..f864dbc8f38 --- /dev/null +++ b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/mkdir_libpathrs.go @@ -0,0 +1,52 @@ +// SPDX-License-Identifier: MPL-2.0 + +//go:build libpathrs + +// Copyright (C) 2024-2025 Aleksa Sarai +// Copyright (C) 2024-2025 SUSE LLC +// +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at https://mozilla.org/MPL/2.0/. + +package pathrs + +import ( + "os" + + "cyphar.com/go-pathrs" +) + +// MkdirAllHandle is equivalent to [MkdirAll], except that it is safer to use +// in two respects: +// +// - The caller provides the root directory as an *[os.File] (preferably O_PATH) +// handle. This means that the caller can be sure which root directory is +// being used. Note that this can be emulated by using /proc/self/fd/... as +// the root path with [os.MkdirAll]. +// +// - Once all of the directories have been created, an *[os.File] O_PATH handle +// to the directory at unsafePath is returned to the caller. This is done in +// an effectively-race-free way (an attacker would only be able to swap the +// final directory component), which is not possible to emulate with +// [MkdirAll]. +// +// In addition, the returned handle is obtained far more efficiently than doing +// a brand new lookup of unsafePath (such as with [SecureJoin] or openat2) after +// doing [MkdirAll]. If you intend to open the directory after creating it, you +// should use MkdirAllHandle. +// +// [SecureJoin]: https://pkg.go.dev/github.com/cyphar/filepath-securejoin#SecureJoin +func MkdirAllHandle(root *os.File, unsafePath string, mode os.FileMode) (*os.File, error) { + rootRef, err := pathrs.RootFromFile(root) + if err != nil { + return nil, err + } + defer rootRef.Close() //nolint:errcheck // close failures aren't critical here + + handle, err := rootRef.MkdirAll(unsafePath, mode) + if err != nil { + return nil, err + } + return handle.IntoFile(), nil +} diff --git a/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/mkdir_purego.go b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/mkdir_purego.go new file mode 100644 index 00000000000..0369dfe7e66 --- /dev/null +++ b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/mkdir_purego.go @@ -0,0 +1,42 @@ +// SPDX-License-Identifier: MPL-2.0 + +//go:build linux && !libpathrs + +// Copyright (C) 2024-2025 Aleksa Sarai +// Copyright (C) 2024-2025 SUSE LLC +// +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at https://mozilla.org/MPL/2.0/. + +package pathrs + +import ( + "os" + + "github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gopathrs" +) + +// MkdirAllHandle is equivalent to [MkdirAll], except that it is safer to use +// in two respects: +// +// - The caller provides the root directory as an *[os.File] (preferably O_PATH) +// handle. This means that the caller can be sure which root directory is +// being used. Note that this can be emulated by using /proc/self/fd/... as +// the root path with [os.MkdirAll]. +// +// - Once all of the directories have been created, an *[os.File] O_PATH handle +// to the directory at unsafePath is returned to the caller. This is done in +// an effectively-race-free way (an attacker would only be able to swap the +// final directory component), which is not possible to emulate with +// [MkdirAll]. +// +// In addition, the returned handle is obtained far more efficiently than doing +// a brand new lookup of unsafePath (such as with [SecureJoin] or openat2) after +// doing [MkdirAll]. If you intend to open the directory after creating it, you +// should use MkdirAllHandle. +// +// [SecureJoin]: https://pkg.go.dev/github.com/cyphar/filepath-securejoin#SecureJoin +func MkdirAllHandle(root *os.File, unsafePath string, mode os.FileMode) (*os.File, error) { + return gopathrs.MkdirAllHandle(root, unsafePath, mode) +} diff --git a/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/open_linux.go b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/open.go similarity index 57% rename from vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/open_linux.go rename to vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/open.go index 7492d8cfa06..41b628907e1 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/open_linux.go +++ b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/open.go @@ -15,20 +15,8 @@ import ( "os" "golang.org/x/sys/unix" - - "github.com/cyphar/filepath-securejoin/pathrs-lite/internal/procfs" ) -// OpenatInRoot is equivalent to [OpenInRoot], except that the root is provided -// using an *[os.File] handle, to ensure that the correct root directory is used. -func OpenatInRoot(root *os.File, unsafePath string) (*os.File, error) { - handle, err := completeLookupInRoot(root, unsafePath) - if err != nil { - return nil, &os.PathError{Op: "securejoin.OpenInRoot", Path: unsafePath, Err: err} - } - return handle, nil -} - // OpenInRoot safely opens the provided unsafePath within the root. // Effectively, OpenInRoot(root, unsafePath) is equivalent to // @@ -55,20 +43,3 @@ func OpenInRoot(root, unsafePath string) (*os.File, error) { defer rootDir.Close() //nolint:errcheck // close failures aren't critical here return OpenatInRoot(rootDir, unsafePath) } - -// Reopen takes an *[os.File] handle and re-opens it through /proc/self/fd. -// Reopen(file, flags) is effectively equivalent to -// -// fdPath := fmt.Sprintf("/proc/self/fd/%d", file.Fd()) -// os.OpenFile(fdPath, flags|unix.O_CLOEXEC) -// -// But with some extra hardenings to ensure that we are not tricked by a -// maliciously-configured /proc mount. While this attack scenario is not -// common, in container runtimes it is possible for higher-level runtimes to be -// tricked into configuring an unsafe /proc that can be used to attack file -// operations. See [CVE-2019-19921] for more details. -// -// [CVE-2019-19921]: https://github.com/advisories/GHSA-fh74-hm69-rqjw -func Reopen(handle *os.File, flags int) (*os.File, error) { - return procfs.ReopenFd(handle, flags) -} diff --git a/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/open_libpathrs.go b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/open_libpathrs.go new file mode 100644 index 00000000000..53352000e61 --- /dev/null +++ b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/open_libpathrs.go @@ -0,0 +1,57 @@ +// SPDX-License-Identifier: MPL-2.0 + +//go:build libpathrs + +// Copyright (C) 2024-2025 Aleksa Sarai +// Copyright (C) 2024-2025 SUSE LLC +// +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at https://mozilla.org/MPL/2.0/. + +package pathrs + +import ( + "os" + + "cyphar.com/go-pathrs" +) + +// OpenatInRoot is equivalent to [OpenInRoot], except that the root is provided +// using an *[os.File] handle, to ensure that the correct root directory is used. +func OpenatInRoot(root *os.File, unsafePath string) (*os.File, error) { + rootRef, err := pathrs.RootFromFile(root) + if err != nil { + return nil, err + } + defer rootRef.Close() //nolint:errcheck // close failures aren't critical here + + handle, err := rootRef.Resolve(unsafePath) + if err != nil { + return nil, err + } + return handle.IntoFile(), nil +} + +// Reopen takes an *[os.File] handle and re-opens it through /proc/self/fd. +// Reopen(file, flags) is effectively equivalent to +// +// fdPath := fmt.Sprintf("/proc/self/fd/%d", file.Fd()) +// os.OpenFile(fdPath, flags|unix.O_CLOEXEC) +// +// But with some extra hardenings to ensure that we are not tricked by a +// maliciously-configured /proc mount. While this attack scenario is not +// common, in container runtimes it is possible for higher-level runtimes to be +// tricked into configuring an unsafe /proc that can be used to attack file +// operations. See [CVE-2019-19921] for more details. +// +// [CVE-2019-19921]: https://github.com/advisories/GHSA-fh74-hm69-rqjw +func Reopen(file *os.File, flags int) (*os.File, error) { + handle, err := pathrs.HandleFromFile(file) + if err != nil { + return nil, err + } + defer handle.Close() //nolint:errcheck // close failures aren't critical here + + return handle.OpenFile(flags) +} diff --git a/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/open_purego.go b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/open_purego.go new file mode 100644 index 00000000000..6d1be12ce5d --- /dev/null +++ b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/open_purego.go @@ -0,0 +1,42 @@ +// SPDX-License-Identifier: MPL-2.0 + +//go:build linux && !libpathrs + +// Copyright (C) 2024-2025 Aleksa Sarai +// Copyright (C) 2024-2025 SUSE LLC +// +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at https://mozilla.org/MPL/2.0/. + +package pathrs + +import ( + "os" + + "github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gopathrs" + "github.com/cyphar/filepath-securejoin/pathrs-lite/internal/procfs" +) + +// OpenatInRoot is equivalent to [OpenInRoot], except that the root is provided +// using an *[os.File] handle, to ensure that the correct root directory is used. +func OpenatInRoot(root *os.File, unsafePath string) (*os.File, error) { + return gopathrs.OpenatInRoot(root, unsafePath) +} + +// Reopen takes an *[os.File] handle and re-opens it through /proc/self/fd. +// Reopen(file, flags) is effectively equivalent to +// +// fdPath := fmt.Sprintf("/proc/self/fd/%d", file.Fd()) +// os.OpenFile(fdPath, flags|unix.O_CLOEXEC) +// +// But with some extra hardenings to ensure that we are not tricked by a +// maliciously-configured /proc mount. While this attack scenario is not +// common, in container runtimes it is possible for higher-level runtimes to be +// tricked into configuring an unsafe /proc that can be used to attack file +// operations. See [CVE-2019-19921] for more details. +// +// [CVE-2019-19921]: https://github.com/advisories/GHSA-fh74-hm69-rqjw +func Reopen(handle *os.File, flags int) (*os.File, error) { + return procfs.ReopenFd(handle, flags) +} diff --git a/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/procfs/procfs_libpathrs.go b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/procfs/procfs_libpathrs.go new file mode 100644 index 00000000000..6c4df3763bb --- /dev/null +++ b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/procfs/procfs_libpathrs.go @@ -0,0 +1,161 @@ +// SPDX-License-Identifier: MPL-2.0 + +//go:build libpathrs + +// Copyright (C) 2024-2025 Aleksa Sarai +// Copyright (C) 2024-2025 SUSE LLC +// +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at https://mozilla.org/MPL/2.0/. + +// Package procfs provides a safe API for operating on /proc on Linux. +package procfs + +import ( + "os" + "strconv" + + "cyphar.com/go-pathrs/procfs" + "golang.org/x/sys/unix" +) + +// ProcThreadSelfCloser is a callback that needs to be called when you are done +// operating on an [os.File] fetched using [Handle.OpenThreadSelf]. +// +// [os.File]: https://pkg.go.dev/os#File +type ProcThreadSelfCloser = procfs.ThreadCloser + +// Handle is a wrapper around an *os.File handle to "/proc", which can be used +// to do further procfs-related operations in a safe way. +type Handle struct { + inner *procfs.Handle +} + +// Close close the resources associated with this [Handle]. Note that if this +// [Handle] was created with [OpenProcRoot], on some kernels the underlying +// procfs handle is cached and so this Close operation may be a no-op. However, +// you should always call Close on [Handle]s once you are done with them. +func (proc *Handle) Close() error { return proc.inner.Close() } + +// OpenProcRoot tries to open a "safer" handle to "/proc" (i.e., one with the +// "subset=pid" mount option applied, available from Linux 5.8). Unless you +// plan to do many [Handle.OpenRoot] operations, users should prefer to use +// this over [OpenUnsafeProcRoot] which is far more dangerous to keep open. +// +// If a safe handle cannot be opened, OpenProcRoot will fall back to opening a +// regular "/proc" handle. +// +// Note that using [Handle.OpenRoot] will still work with handles returned by +// this function. If a subpath cannot be operated on with a safe "/proc" +// handle, then [OpenUnsafeProcRoot] will be called internally and a temporary +// unsafe handle will be used. +func OpenProcRoot() (*Handle, error) { + proc, err := procfs.Open() + if err != nil { + return nil, err + } + return &Handle{inner: proc}, nil +} + +// OpenUnsafeProcRoot opens a handle to "/proc" without any overmounts or +// masked paths. You must be extremely careful to make sure this handle is +// never leaked to a container and that you program cannot be tricked into +// writing to arbitrary paths within it. +// +// This is not necessary if you just wish to use [Handle.OpenRoot], as handles +// returned by [OpenProcRoot] will fall back to using a *temporary* unsafe +// handle in that case. You should only really use this if you need to do many +// operations with [Handle.OpenRoot] and the performance overhead of making +// many procfs handles is an issue. If you do use OpenUnsafeProcRoot, you +// should make sure to close the handle as soon as possible to avoid +// known-fd-number attacks. +func OpenUnsafeProcRoot() (*Handle, error) { + proc, err := procfs.Open(procfs.UnmaskedProcRoot) + if err != nil { + return nil, err + } + return &Handle{inner: proc}, nil +} + +// OpenThreadSelf returns a handle to "/proc/thread-self/" (or an +// equivalent handle on older kernels where "/proc/thread-self" doesn't exist). +// Once finished with the handle, you must call the returned closer function +// ([runtime.UnlockOSThread]). You must not pass the returned *os.File to other +// Go threads or use the handle after calling the closer. +// +// [runtime.UnlockOSThread]: https://pkg.go.dev/runtime#UnlockOSThread +func (proc *Handle) OpenThreadSelf(subpath string) (*os.File, ProcThreadSelfCloser, error) { + return proc.inner.OpenThreadSelf(subpath, unix.O_PATH|unix.O_NOFOLLOW) +} + +// OpenSelf returns a handle to /proc/self/. +// +// Note that in Go programs with non-homogenous threads, this may result in +// spurious errors. If you are monkeying around with APIs that are +// thread-specific, you probably want to use [Handle.OpenThreadSelf] instead +// which will guarantee that the handle refers to the same thread as the caller +// is executing on. +func (proc *Handle) OpenSelf(subpath string) (*os.File, error) { + return proc.inner.OpenSelf(subpath, unix.O_PATH|unix.O_NOFOLLOW) +} + +// OpenRoot returns a handle to /proc/. +// +// You should only use this when you need to operate on global procfs files +// (such as sysctls in /proc/sys). Unlike [Handle.OpenThreadSelf], +// [Handle.OpenSelf], and [Handle.OpenPid], the procfs handle used internally +// for this operation will never use "subset=pid", which makes it a more juicy +// target for [CVE-2024-21626]-style attacks (and doing something like opening +// a directory with OpenRoot effectively leaks [OpenUnsafeProcRoot] as long as +// the file descriptor is open). +// +// [CVE-2024-21626]: https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv +func (proc *Handle) OpenRoot(subpath string) (*os.File, error) { + return proc.inner.OpenRoot(subpath, unix.O_PATH|unix.O_NOFOLLOW) +} + +// OpenPid returns a handle to /proc/$pid/ (pid can be a pid or tid). +// This is mainly intended for usage when operating on other processes. +// +// You should not use this for the current thread, as special handling is +// needed for /proc/thread-self (or /proc/self/task/) when dealing with +// goroutine scheduling -- use [Handle.OpenThreadSelf] instead. +// +// To refer to the current thread-group, you should use prefer +// [Handle.OpenSelf] to passing os.Getpid as the pid argument. +func (proc *Handle) OpenPid(pid int, subpath string) (*os.File, error) { + return proc.inner.OpenPid(pid, subpath, unix.O_PATH|unix.O_NOFOLLOW) +} + +// ProcSelfFdReadlink gets the real path of the given file by looking at +// /proc/self/fd/ with [readlink]. It is effectively just shorthand for +// something along the lines of: +// +// proc, err := procfs.OpenProcRoot() +// if err != nil { +// return err +// } +// link, err := proc.OpenThreadSelf(fmt.Sprintf("fd/%d", f.Fd())) +// if err != nil { +// return err +// } +// defer link.Close() +// var buf [4096]byte +// n, err := unix.Readlinkat(int(link.Fd()), "", buf[:]) +// if err != nil { +// return err +// } +// pathname := buf[:n] +// +// [readlink]: https://pkg.go.dev/golang.org/x/sys/unix#Readlinkat +func ProcSelfFdReadlink(f *os.File) (string, error) { + proc, err := procfs.Open() + if err != nil { + return "", err + } + defer proc.Close() //nolint:errcheck // close failures aren't critical here + + fdPath := "fd/" + strconv.Itoa(int(f.Fd())) + return proc.Readlink(procfs.ProcThreadSelf, fdPath) +} diff --git a/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/procfs/procfs_linux.go b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/procfs/procfs_purego.go similarity index 99% rename from vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/procfs/procfs_linux.go rename to vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/procfs/procfs_purego.go index ec187a414c5..9383002f9a9 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/procfs/procfs_linux.go +++ b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/procfs/procfs_purego.go @@ -1,6 +1,6 @@ // SPDX-License-Identifier: MPL-2.0 -//go:build linux +//go:build linux && !libpathrs // Copyright (C) 2024-2025 Aleksa Sarai // Copyright (C) 2024-2025 SUSE LLC diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go index 70392d98904..6d7f8e270bd 100644 --- a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go +++ b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go @@ -273,8 +273,8 @@ func writeConFd(out *os.File, val string) error { return err } -// openProcThreadSelf is a small wrapper around [OpenThreadSelf] and -// [pathrs.Reopen] to make "one-shot opens" slightly more ergonomic. The +// openProcThreadSelf is a small wrapper around [procfs.Handle.OpenThreadSelf] +// and [pathrs.Reopen] to make "one-shot opens" slightly more ergonomic. The // provided mode must be os.O_* flags to indicate what mode the returned file // should be opened with (flags like os.O_CREAT and os.O_EXCL are not // supported). @@ -283,8 +283,6 @@ func writeConFd(out *os.File, val string) error { // /proc/thread-self/ with no tricky mounts or symlinks causing you to // operate on an unexpected path (with some caveats on pre-openat2 or // pre-fsopen kernels). -// -// [OpenThreadSelf]: https://pkg.go.dev/github.com/cyphar/filepath-securejoin/pathrs-lite/procfs#Handle.OpenThreadSelf func openProcThreadSelf(subpath string, mode int) (*os.File, procfs.ProcThreadSelfCloser, error) { if subpath == "" { return nil, nil, ErrEmptyPath @@ -340,17 +338,16 @@ func writeConThreadSelf(fpath, val string) error { return writeConFd(out, val) } -// openProcSelf is a small wrapper around [OpenSelf] and [pathrs.Reopen] to -// make "one-shot opens" slightly more ergonomic. The provided mode must be -// os.O_* flags to indicate what mode the returned file should be opened with -// (flags like os.O_CREAT and os.O_EXCL are not supported). +// openProcSelf is a small wrapper around [procfs.Handle.OpenSelf] and +// [pathrs.Reopen] to make "one-shot opens" slightly more ergonomic. The +// provided mode must be os.O_* flags to indicate what mode the returned file +// should be opened with (flags like os.O_CREAT and os.O_EXCL are not +// supported). // // If no error occurred, the returned handle is guaranteed to be exactly // /proc/self/ with no tricky mounts or symlinks causing you to // operate on an unexpected path (with some caveats on pre-openat2 or // pre-fsopen kernels). -// -// [OpenSelf]: https://pkg.go.dev/github.com/cyphar/filepath-securejoin/pathrs-lite/procfs#Handle.OpenSelf func openProcSelf(subpath string, mode int) (*os.File, error) { if subpath == "" { return nil, ErrEmptyPath @@ -403,17 +400,16 @@ func writeConSelf(fpath, val string) error { return writeConFd(out, val) } -// openProcPid is a small wrapper around [OpenPid] and [pathrs.Reopen] to make -// "one-shot opens" slightly more ergonomic. The provided mode must be os.O_* -// flags to indicate what mode the returned file should be opened with (flags -// like os.O_CREAT and os.O_EXCL are not supported). +// openProcPid is a small wrapper around [procfs.Handle.OpenPid] and +// [pathrs.Reopen] to make "one-shot opens" slightly more ergonomic. The +// provided mode must be os.O_* flags to indicate what mode the returned file +// should be opened with (flags like os.O_CREAT and os.O_EXCL are not +// supported). // // If no error occurred, the returned handle is guaranteed to be exactly // /proc/self/ with no tricky mounts or symlinks causing you to // operate on an unexpected path (with some caveats on pre-openat2 or // pre-fsopen kernels). -// -// [OpenPid]: https://pkg.go.dev/github.com/cyphar/filepath-securejoin/pathrs-lite/procfs#Handle.OpenPid func openProcPid(pid int, subpath string, mode int) (*os.File, error) { if subpath == "" { return nil, ErrEmptyPath diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go index 267921239c2..382244e5036 100644 --- a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go +++ b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go @@ -3,10 +3,6 @@ package selinux -func attrPath(string) string { - return "" -} - func readConThreadSelf(string) (string, error) { return "", nil } diff --git a/vendor/modules.txt b/vendor/modules.txt index 74500d1edc0..93f5fcf465b 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1,3 +1,9 @@ +# cyphar.com/go-pathrs v0.2.1 +## explicit; go 1.18 +cyphar.com/go-pathrs +cyphar.com/go-pathrs/internal/fdutils +cyphar.com/go-pathrs/internal/libpathrs +cyphar.com/go-pathrs/procfs # github.com/checkpoint-restore/go-criu/v7 v7.2.0 ## explicit; go 1.20 github.com/checkpoint-restore/go-criu/v7 @@ -27,7 +33,7 @@ github.com/coreos/go-systemd/v22/dbus # github.com/cpuguy83/go-md2man/v2 v2.0.7 ## explicit; go 1.12 github.com/cpuguy83/go-md2man/v2/md2man -# github.com/cyphar/filepath-securejoin v0.5.1 +# github.com/cyphar/filepath-securejoin v0.6.0 ## explicit; go 1.18 github.com/cyphar/filepath-securejoin github.com/cyphar/filepath-securejoin/internal/consts @@ -36,6 +42,7 @@ github.com/cyphar/filepath-securejoin/pathrs-lite/internal github.com/cyphar/filepath-securejoin/pathrs-lite/internal/assert github.com/cyphar/filepath-securejoin/pathrs-lite/internal/fd github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gocompat +github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gopathrs github.com/cyphar/filepath-securejoin/pathrs-lite/internal/kernelversion github.com/cyphar/filepath-securejoin/pathrs-lite/internal/linux github.com/cyphar/filepath-securejoin/pathrs-lite/internal/procfs @@ -76,7 +83,7 @@ github.com/opencontainers/cgroups/systemd ## explicit github.com/opencontainers/runtime-spec/specs-go github.com/opencontainers/runtime-spec/specs-go/features -# github.com/opencontainers/selinux v1.12.0 => ./internal/third_party/selinux +# github.com/opencontainers/selinux v1.13.0 ## explicit; go 1.19 github.com/opencontainers/selinux/go-selinux github.com/opencontainers/selinux/go-selinux/label @@ -137,4 +144,3 @@ google.golang.org/protobuf/reflect/protoreflect google.golang.org/protobuf/reflect/protoregistry google.golang.org/protobuf/runtime/protoiface google.golang.org/protobuf/runtime/protoimpl -# github.com/opencontainers/selinux => ./internal/third_party/selinux From 9a9719eeb4978e73c64740b3fc796c1b12987b05 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Fri, 7 Nov 2025 14:52:09 +1100 Subject: [PATCH 1106/1176] rootfs: only set mode= for tmpfs mount if target already existed This was always the intended behaviour but commit 72fbb34f5006 ("rootfs: switch to fd-based handling of mountpoint targets") regressed it when adding a mechanism to create a file handle to the target if it didn't already exist (causing the later stat to always succeed). A lot of people depend on this functionality, so add some tests to make sure we don't break it in the future. Fixes: 72fbb34f5006 ("rootfs: switch to fd-based handling of mountpoint targets") Signed-off-by: Aleksa Sarai --- libcontainer/rootfs_linux.go | 25 ++++++----- tests/integration/mounts.bats | 81 +++++++++++++++++++++++++++++++++++ 2 files changed, 93 insertions(+), 13 deletions(-) diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index b4eefd5bd43..94b664eeb5a 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -513,6 +513,18 @@ func (m *mountEntry) createOpenMountpoint(rootfs string) (Err error) { _ = dstFile.Close() } }() + if err == nil && m.Device == "tmpfs" { + // If the original target exists, copy the mode for the tmpfs mount. + stat, err := dstFile.Stat() + if err != nil { + return fmt.Errorf("check tmpfs source mode: %w", err) + } + dt := fmt.Sprintf("mode=%04o", syscallMode(stat.Mode())) + if m.Data != "" { + dt = dt + "," + m.Data + } + m.Data = dt + } if err != nil { if !errors.Is(err, unix.ENOENT) { return fmt.Errorf("lookup mountpoint target: %w", err) @@ -553,19 +565,6 @@ func (m *mountEntry) createOpenMountpoint(rootfs string) (Err error) { } } - if m.Device == "tmpfs" { - // If the original target exists, copy the mode for the tmpfs mount. - stat, err := dstFile.Stat() - if err != nil { - return fmt.Errorf("check tmpfs source mode: %w", err) - } - dt := fmt.Sprintf("mode=%04o", syscallMode(stat.Mode())) - if m.Data != "" { - dt = dt + "," + m.Data - } - m.Data = dt - } - dstFullPath, err := procfs.ProcSelfFdReadlink(dstFile) if err != nil { return fmt.Errorf("get mount destination real path: %w", err) diff --git a/tests/integration/mounts.bats b/tests/integration/mounts.bats index 11fb2cfc63e..b60c88ae27c 100644 --- a/tests/integration/mounts.bats +++ b/tests/integration/mounts.bats @@ -234,6 +234,87 @@ function test_mount_order() { [[ "$(stat -c %a rootfs/setgid/a/b/c)" == 2755 ]] } +# https://github.com/opencontainers/runc/issues/4971 +@test "runc run [tmpfs mount mode= inherit]" { + mkdir rootfs/tmpfs + chmod "=0710" rootfs/tmpfs + + update_config '.mounts += [{ + type: "tmpfs", + source: "tmpfs", + destination: "/tmpfs", + options: ["rw", "nodev", "nosuid"] + }]' + update_config '.process.args = ["stat", "-c", "%a", "/tmpfs"]' + + runc run test_busybox + [ "$status" -eq 0 ] + [[ "$output" == "710" ]] + + update_config '.process.args = ["cat", "/proc/self/mounts"]' + runc run test_busybox + [ "$status" -eq 0 ] + grep -Ex "tmpfs /tmpfs tmpfs [^ ]*\bmode=710\b[^ ]* .*" <<<"$output" +} + +# https://github.com/opencontainers/runc/issues/4971 +@test "runc run [tmpfs mount explicit mode=]" { + mkdir rootfs/tmpfs + chmod "=0710" rootfs/tmpfs + + update_config '.mounts += [{ + type: "tmpfs", + source: "tmpfs", + destination: "/tmpfs", + options: ["rw", "nodev", "nosuid", "mode=1500"] + }]' + update_config '.process.args = ["stat", "-c", "%a", "/tmpfs"]' + + # Explicitly setting mode= overrides whatever mode we would've inherited. + runc run test_busybox + [ "$status" -eq 0 ] + [[ "$output" == "1500" ]] + + update_config '.process.args = ["cat", "/proc/self/mounts"]' + runc run test_busybox + [ "$status" -eq 0 ] + grep -Ex "tmpfs /tmpfs tmpfs [^ ]*\bmode=1500\b[^ ]* .*" <<<"$output" + + # Verify that the actual directory was not chmod-ed. + [[ "$(stat -c %a rootfs/tmpfs)" == 710 ]] +} + +# https://github.com/opencontainers/runc/issues/4971 +@test "runc run [tmpfs mount mode=1777 default]" { + update_config '.mounts += [{ + type: "tmpfs", + source: "tmpfs", + destination: "/non-existent/foo/bar/baz", + options: ["rw", "nodev", "nosuid"] + }]' + update_config '.process.args = ["stat", "-c", "%a", "/non-existent/foo/bar/baz"]' + + rm -rf rootfs/non-existent + runc run test_busybox + [ "$status" -eq 0 ] + [[ "$output" == "1777" ]] + + update_config '.process.args = ["cat", "/proc/self/mounts"]' + + rm -rf rootfs/non-existent + runc run test_busybox + [ "$status" -eq 0 ] + # We don't explicitly set a mode= in this case, it is just the tmpfs default. + grep -Ex "tmpfs /non-existent/foo/bar/baz tmpfs .*" <<<"$output" + run ! grep -Ex "tmpfs /non-existent/foo/bar/baz tmpfs [^ ]*\bmode=[0-7]+\b[^ ]* .*" <<<"$output" + + # Verify that the actual modes are *not* 1777. + [[ "$(stat -c %a rootfs/non-existent)" == 755 ]] + [[ "$(stat -c %a rootfs/non-existent/foo)" == 755 ]] + [[ "$(stat -c %a rootfs/non-existent/foo/bar)" == 755 ]] + [[ "$(stat -c %a rootfs/non-existent/foo/bar/baz)" == 755 ]] +} + @test "runc run [ro /sys/fs/cgroup mounts]" { # Without cgroup namespace. update_config '.linux.namespaces -= [{"type": "cgroup"}]' From c0db4632d2967aab32abb5d08ba4a064c4a91a32 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 10 Nov 2025 04:02:58 +0000 Subject: [PATCH 1107/1176] build(deps): bump golangci/golangci-lint-action from 8 to 9 Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 8 to 9. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/v8...v9) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-version: '9' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/validate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index d61fbdf27cd..7b48e46bcaa 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -39,7 +39,7 @@ jobs: run: | sudo apt -q update sudo apt -qy install libseccomp-dev - - uses: golangci/golangci-lint-action@v8 + - uses: golangci/golangci-lint-action@v9 with: version: v2.6 skip-cache: true From 071beab281b011c0cf11485d3249a7a5cfd2fbf8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 10 Nov 2025 04:03:04 +0000 Subject: [PATCH 1108/1176] build(deps): bump golang.org/x/sys from 0.37.0 to 0.38.0 Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.37.0 to 0.38.0. - [Commits](https://github.com/golang/sys/compare/v0.37.0...v0.38.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-version: 0.38.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 +- vendor/golang.org/x/sys/unix/mkerrors.sh | 2 + vendor/golang.org/x/sys/unix/syscall_linux.go | 6 + vendor/golang.org/x/sys/unix/zerrors_linux.go | 359 ++++++++++++++++++ .../golang.org/x/sys/unix/zsyscall_linux.go | 10 + vendor/golang.org/x/sys/unix/ztypes_linux.go | 31 ++ .../x/sys/windows/syscall_windows.go | 15 + .../golang.org/x/sys/windows/types_windows.go | 76 ++++ .../x/sys/windows/zsyscall_windows.go | 37 ++ vendor/modules.txt | 2 +- 11 files changed, 540 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index 678085648e4..03fcdca6452 100644 --- a/go.mod +++ b/go.mod @@ -23,7 +23,7 @@ require ( github.com/vishvananda/netlink v1.3.1 github.com/vishvananda/netns v0.0.5 golang.org/x/net v0.46.0 - golang.org/x/sys v0.37.0 + golang.org/x/sys v0.38.0 google.golang.org/protobuf v1.36.10 ) diff --git a/go.sum b/go.sum index 1503aa3ed6b..5ff1156f22a 100644 --- a/go.sum +++ b/go.sum @@ -87,8 +87,8 @@ golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.37.0 h1:fdNQudmxPjkdUTPnLn5mdQv7Zwvbvpaxqs831goi9kQ= -golang.org/x/sys v0.37.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= +golang.org/x/sys v0.38.0 h1:3yZWxaJjBmCWXqhN1qh02AkOnCQ1poK6oF+a7xWL6Gc= +golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE= google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/vendor/golang.org/x/sys/unix/mkerrors.sh b/vendor/golang.org/x/sys/unix/mkerrors.sh index d1c8b2640eb..42517077c43 100644 --- a/vendor/golang.org/x/sys/unix/mkerrors.sh +++ b/vendor/golang.org/x/sys/unix/mkerrors.sh @@ -226,6 +226,7 @@ struct ltchars { #include #include #include +#include #include #include #include @@ -529,6 +530,7 @@ ccflags="$@" $2 ~ /^O[CNPFPL][A-Z]+[^_][A-Z]+$/ || $2 ~ /^(NL|CR|TAB|BS|VT|FF)DLY$/ || $2 ~ /^(NL|CR|TAB|BS|VT|FF)[0-9]$/ || + $2 ~ /^(DT|EI|ELF|EV|NN|NT|PF|SHF|SHN|SHT|STB|STT|VER)_/ || $2 ~ /^O?XTABS$/ || $2 ~ /^TC[IO](ON|OFF)$/ || $2 ~ /^IN_/ || diff --git a/vendor/golang.org/x/sys/unix/syscall_linux.go b/vendor/golang.org/x/sys/unix/syscall_linux.go index 9439af961d9..06c0eea6fb6 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux.go @@ -2643,3 +2643,9 @@ func SchedGetAttr(pid int, flags uint) (*SchedAttr, error) { //sys Cachestat(fd uint, crange *CachestatRange, cstat *Cachestat_t, flags uint) (err error) //sys Mseal(b []byte, flags uint) (err error) + +//sys setMemPolicy(mode int, mask *CPUSet, size int) (err error) = SYS_SET_MEMPOLICY + +func SetMemPolicy(mode int, mask *CPUSet) error { + return setMemPolicy(mode, mask, _CPU_SETSIZE) +} diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux.go b/vendor/golang.org/x/sys/unix/zerrors_linux.go index b6db27d937c..d0a75da572c 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux.go @@ -853,20 +853,86 @@ const ( DM_VERSION_MAJOR = 0x4 DM_VERSION_MINOR = 0x32 DM_VERSION_PATCHLEVEL = 0x0 + DT_ADDRRNGHI = 0x6ffffeff + DT_ADDRRNGLO = 0x6ffffe00 DT_BLK = 0x6 DT_CHR = 0x2 + DT_DEBUG = 0x15 DT_DIR = 0x4 + DT_ENCODING = 0x20 DT_FIFO = 0x1 + DT_FINI = 0xd + DT_FLAGS_1 = 0x6ffffffb + DT_GNU_HASH = 0x6ffffef5 + DT_HASH = 0x4 + DT_HIOS = 0x6ffff000 + DT_HIPROC = 0x7fffffff + DT_INIT = 0xc + DT_JMPREL = 0x17 DT_LNK = 0xa + DT_LOOS = 0x6000000d + DT_LOPROC = 0x70000000 + DT_NEEDED = 0x1 + DT_NULL = 0x0 + DT_PLTGOT = 0x3 + DT_PLTREL = 0x14 + DT_PLTRELSZ = 0x2 DT_REG = 0x8 + DT_REL = 0x11 + DT_RELA = 0x7 + DT_RELACOUNT = 0x6ffffff9 + DT_RELAENT = 0x9 + DT_RELASZ = 0x8 + DT_RELCOUNT = 0x6ffffffa + DT_RELENT = 0x13 + DT_RELSZ = 0x12 + DT_RPATH = 0xf DT_SOCK = 0xc + DT_SONAME = 0xe + DT_STRSZ = 0xa + DT_STRTAB = 0x5 + DT_SYMBOLIC = 0x10 + DT_SYMENT = 0xb + DT_SYMTAB = 0x6 + DT_TEXTREL = 0x16 DT_UNKNOWN = 0x0 + DT_VALRNGHI = 0x6ffffdff + DT_VALRNGLO = 0x6ffffd00 + DT_VERDEF = 0x6ffffffc + DT_VERDEFNUM = 0x6ffffffd + DT_VERNEED = 0x6ffffffe + DT_VERNEEDNUM = 0x6fffffff + DT_VERSYM = 0x6ffffff0 DT_WHT = 0xe ECHO = 0x8 ECRYPTFS_SUPER_MAGIC = 0xf15f EFD_SEMAPHORE = 0x1 EFIVARFS_MAGIC = 0xde5e81e4 EFS_SUPER_MAGIC = 0x414a53 + EI_CLASS = 0x4 + EI_DATA = 0x5 + EI_MAG0 = 0x0 + EI_MAG1 = 0x1 + EI_MAG2 = 0x2 + EI_MAG3 = 0x3 + EI_NIDENT = 0x10 + EI_OSABI = 0x7 + EI_PAD = 0x8 + EI_VERSION = 0x6 + ELFCLASS32 = 0x1 + ELFCLASS64 = 0x2 + ELFCLASSNONE = 0x0 + ELFCLASSNUM = 0x3 + ELFDATA2LSB = 0x1 + ELFDATA2MSB = 0x2 + ELFDATANONE = 0x0 + ELFMAG = "\177ELF" + ELFMAG0 = 0x7f + ELFMAG1 = 'E' + ELFMAG2 = 'L' + ELFMAG3 = 'F' + ELFOSABI_LINUX = 0x3 + ELFOSABI_NONE = 0x0 EM_386 = 0x3 EM_486 = 0x6 EM_68K = 0x4 @@ -1152,14 +1218,24 @@ const ( ETH_P_WCCP = 0x883e ETH_P_X25 = 0x805 ETH_P_XDSA = 0xf8 + ET_CORE = 0x4 + ET_DYN = 0x3 + ET_EXEC = 0x2 + ET_HIPROC = 0xffff + ET_LOPROC = 0xff00 + ET_NONE = 0x0 + ET_REL = 0x1 EV_ABS = 0x3 EV_CNT = 0x20 + EV_CURRENT = 0x1 EV_FF = 0x15 EV_FF_STATUS = 0x17 EV_KEY = 0x1 EV_LED = 0x11 EV_MAX = 0x1f EV_MSC = 0x4 + EV_NONE = 0x0 + EV_NUM = 0x2 EV_PWR = 0x16 EV_REL = 0x2 EV_REP = 0x14 @@ -2276,7 +2352,167 @@ const ( NLM_F_REPLACE = 0x100 NLM_F_REQUEST = 0x1 NLM_F_ROOT = 0x100 + NN_386_IOPERM = "LINUX" + NN_386_TLS = "LINUX" + NN_ARC_V2 = "LINUX" + NN_ARM_FPMR = "LINUX" + NN_ARM_GCS = "LINUX" + NN_ARM_HW_BREAK = "LINUX" + NN_ARM_HW_WATCH = "LINUX" + NN_ARM_PACA_KEYS = "LINUX" + NN_ARM_PACG_KEYS = "LINUX" + NN_ARM_PAC_ENABLED_KEYS = "LINUX" + NN_ARM_PAC_MASK = "LINUX" + NN_ARM_POE = "LINUX" + NN_ARM_SSVE = "LINUX" + NN_ARM_SVE = "LINUX" + NN_ARM_SYSTEM_CALL = "LINUX" + NN_ARM_TAGGED_ADDR_CTRL = "LINUX" + NN_ARM_TLS = "LINUX" + NN_ARM_VFP = "LINUX" + NN_ARM_ZA = "LINUX" + NN_ARM_ZT = "LINUX" + NN_AUXV = "CORE" + NN_FILE = "CORE" + NN_GNU_PROPERTY_TYPE_0 = "GNU" + NN_LOONGARCH_CPUCFG = "LINUX" + NN_LOONGARCH_CSR = "LINUX" + NN_LOONGARCH_HW_BREAK = "LINUX" + NN_LOONGARCH_HW_WATCH = "LINUX" + NN_LOONGARCH_LASX = "LINUX" + NN_LOONGARCH_LBT = "LINUX" + NN_LOONGARCH_LSX = "LINUX" + NN_MIPS_DSP = "LINUX" + NN_MIPS_FP_MODE = "LINUX" + NN_MIPS_MSA = "LINUX" + NN_PPC_DEXCR = "LINUX" + NN_PPC_DSCR = "LINUX" + NN_PPC_EBB = "LINUX" + NN_PPC_HASHKEYR = "LINUX" + NN_PPC_PKEY = "LINUX" + NN_PPC_PMU = "LINUX" + NN_PPC_PPR = "LINUX" + NN_PPC_SPE = "LINUX" + NN_PPC_TAR = "LINUX" + NN_PPC_TM_CDSCR = "LINUX" + NN_PPC_TM_CFPR = "LINUX" + NN_PPC_TM_CGPR = "LINUX" + NN_PPC_TM_CPPR = "LINUX" + NN_PPC_TM_CTAR = "LINUX" + NN_PPC_TM_CVMX = "LINUX" + NN_PPC_TM_CVSX = "LINUX" + NN_PPC_TM_SPR = "LINUX" + NN_PPC_VMX = "LINUX" + NN_PPC_VSX = "LINUX" + NN_PRFPREG = "CORE" + NN_PRPSINFO = "CORE" + NN_PRSTATUS = "CORE" + NN_PRXFPREG = "LINUX" + NN_RISCV_CSR = "LINUX" + NN_RISCV_TAGGED_ADDR_CTRL = "LINUX" + NN_RISCV_VECTOR = "LINUX" + NN_S390_CTRS = "LINUX" + NN_S390_GS_BC = "LINUX" + NN_S390_GS_CB = "LINUX" + NN_S390_HIGH_GPRS = "LINUX" + NN_S390_LAST_BREAK = "LINUX" + NN_S390_PREFIX = "LINUX" + NN_S390_PV_CPU_DATA = "LINUX" + NN_S390_RI_CB = "LINUX" + NN_S390_SYSTEM_CALL = "LINUX" + NN_S390_TDB = "LINUX" + NN_S390_TIMER = "LINUX" + NN_S390_TODCMP = "LINUX" + NN_S390_TODPREG = "LINUX" + NN_S390_VXRS_HIGH = "LINUX" + NN_S390_VXRS_LOW = "LINUX" + NN_SIGINFO = "CORE" + NN_TASKSTRUCT = "CORE" + NN_VMCOREDD = "LINUX" + NN_X86_SHSTK = "LINUX" + NN_X86_XSAVE_LAYOUT = "LINUX" + NN_X86_XSTATE = "LINUX" NSFS_MAGIC = 0x6e736673 + NT_386_IOPERM = 0x201 + NT_386_TLS = 0x200 + NT_ARC_V2 = 0x600 + NT_ARM_FPMR = 0x40e + NT_ARM_GCS = 0x410 + NT_ARM_HW_BREAK = 0x402 + NT_ARM_HW_WATCH = 0x403 + NT_ARM_PACA_KEYS = 0x407 + NT_ARM_PACG_KEYS = 0x408 + NT_ARM_PAC_ENABLED_KEYS = 0x40a + NT_ARM_PAC_MASK = 0x406 + NT_ARM_POE = 0x40f + NT_ARM_SSVE = 0x40b + NT_ARM_SVE = 0x405 + NT_ARM_SYSTEM_CALL = 0x404 + NT_ARM_TAGGED_ADDR_CTRL = 0x409 + NT_ARM_TLS = 0x401 + NT_ARM_VFP = 0x400 + NT_ARM_ZA = 0x40c + NT_ARM_ZT = 0x40d + NT_AUXV = 0x6 + NT_FILE = 0x46494c45 + NT_GNU_PROPERTY_TYPE_0 = 0x5 + NT_LOONGARCH_CPUCFG = 0xa00 + NT_LOONGARCH_CSR = 0xa01 + NT_LOONGARCH_HW_BREAK = 0xa05 + NT_LOONGARCH_HW_WATCH = 0xa06 + NT_LOONGARCH_LASX = 0xa03 + NT_LOONGARCH_LBT = 0xa04 + NT_LOONGARCH_LSX = 0xa02 + NT_MIPS_DSP = 0x800 + NT_MIPS_FP_MODE = 0x801 + NT_MIPS_MSA = 0x802 + NT_PPC_DEXCR = 0x111 + NT_PPC_DSCR = 0x105 + NT_PPC_EBB = 0x106 + NT_PPC_HASHKEYR = 0x112 + NT_PPC_PKEY = 0x110 + NT_PPC_PMU = 0x107 + NT_PPC_PPR = 0x104 + NT_PPC_SPE = 0x101 + NT_PPC_TAR = 0x103 + NT_PPC_TM_CDSCR = 0x10f + NT_PPC_TM_CFPR = 0x109 + NT_PPC_TM_CGPR = 0x108 + NT_PPC_TM_CPPR = 0x10e + NT_PPC_TM_CTAR = 0x10d + NT_PPC_TM_CVMX = 0x10a + NT_PPC_TM_CVSX = 0x10b + NT_PPC_TM_SPR = 0x10c + NT_PPC_VMX = 0x100 + NT_PPC_VSX = 0x102 + NT_PRFPREG = 0x2 + NT_PRPSINFO = 0x3 + NT_PRSTATUS = 0x1 + NT_PRXFPREG = 0x46e62b7f + NT_RISCV_CSR = 0x900 + NT_RISCV_TAGGED_ADDR_CTRL = 0x902 + NT_RISCV_VECTOR = 0x901 + NT_S390_CTRS = 0x304 + NT_S390_GS_BC = 0x30c + NT_S390_GS_CB = 0x30b + NT_S390_HIGH_GPRS = 0x300 + NT_S390_LAST_BREAK = 0x306 + NT_S390_PREFIX = 0x305 + NT_S390_PV_CPU_DATA = 0x30e + NT_S390_RI_CB = 0x30d + NT_S390_SYSTEM_CALL = 0x307 + NT_S390_TDB = 0x308 + NT_S390_TIMER = 0x301 + NT_S390_TODCMP = 0x302 + NT_S390_TODPREG = 0x303 + NT_S390_VXRS_HIGH = 0x30a + NT_S390_VXRS_LOW = 0x309 + NT_SIGINFO = 0x53494749 + NT_TASKSTRUCT = 0x4 + NT_VMCOREDD = 0x700 + NT_X86_SHSTK = 0x204 + NT_X86_XSAVE_LAYOUT = 0x205 + NT_X86_XSTATE = 0x202 OCFS2_SUPER_MAGIC = 0x7461636f OCRNL = 0x8 OFDEL = 0x80 @@ -2463,6 +2699,59 @@ const ( PERF_RECORD_MISC_USER = 0x2 PERF_SAMPLE_BRANCH_PLM_ALL = 0x7 PERF_SAMPLE_WEIGHT_TYPE = 0x1004000 + PF_ALG = 0x26 + PF_APPLETALK = 0x5 + PF_ASH = 0x12 + PF_ATMPVC = 0x8 + PF_ATMSVC = 0x14 + PF_AX25 = 0x3 + PF_BLUETOOTH = 0x1f + PF_BRIDGE = 0x7 + PF_CAIF = 0x25 + PF_CAN = 0x1d + PF_DECnet = 0xc + PF_ECONET = 0x13 + PF_FILE = 0x1 + PF_IB = 0x1b + PF_IEEE802154 = 0x24 + PF_INET = 0x2 + PF_INET6 = 0xa + PF_IPX = 0x4 + PF_IRDA = 0x17 + PF_ISDN = 0x22 + PF_IUCV = 0x20 + PF_KCM = 0x29 + PF_KEY = 0xf + PF_LLC = 0x1a + PF_LOCAL = 0x1 + PF_MAX = 0x2e + PF_MCTP = 0x2d + PF_MPLS = 0x1c + PF_NETBEUI = 0xd + PF_NETLINK = 0x10 + PF_NETROM = 0x6 + PF_NFC = 0x27 + PF_PACKET = 0x11 + PF_PHONET = 0x23 + PF_PPPOX = 0x18 + PF_QIPCRTR = 0x2a + PF_R = 0x4 + PF_RDS = 0x15 + PF_ROSE = 0xb + PF_ROUTE = 0x10 + PF_RXRPC = 0x21 + PF_SECURITY = 0xe + PF_SMC = 0x2b + PF_SNA = 0x16 + PF_TIPC = 0x1e + PF_UNIX = 0x1 + PF_UNSPEC = 0x0 + PF_VSOCK = 0x28 + PF_W = 0x2 + PF_WANPIPE = 0x19 + PF_X = 0x1 + PF_X25 = 0x9 + PF_XDP = 0x2c PID_FS_MAGIC = 0x50494446 PIPEFS_MAGIC = 0x50495045 PPPIOCGNPMODE = 0xc008744c @@ -2758,6 +3047,23 @@ const ( PTRACE_SYSCALL_INFO_NONE = 0x0 PTRACE_SYSCALL_INFO_SECCOMP = 0x3 PTRACE_TRACEME = 0x0 + PT_AARCH64_MEMTAG_MTE = 0x70000002 + PT_DYNAMIC = 0x2 + PT_GNU_EH_FRAME = 0x6474e550 + PT_GNU_PROPERTY = 0x6474e553 + PT_GNU_RELRO = 0x6474e552 + PT_GNU_STACK = 0x6474e551 + PT_HIOS = 0x6fffffff + PT_HIPROC = 0x7fffffff + PT_INTERP = 0x3 + PT_LOAD = 0x1 + PT_LOOS = 0x60000000 + PT_LOPROC = 0x70000000 + PT_NOTE = 0x4 + PT_NULL = 0x0 + PT_PHDR = 0x6 + PT_SHLIB = 0x5 + PT_TLS = 0x7 P_ALL = 0x0 P_PGID = 0x2 P_PID = 0x1 @@ -3091,6 +3397,47 @@ const ( SEEK_MAX = 0x4 SEEK_SET = 0x0 SELINUX_MAGIC = 0xf97cff8c + SHF_ALLOC = 0x2 + SHF_EXCLUDE = 0x8000000 + SHF_EXECINSTR = 0x4 + SHF_GROUP = 0x200 + SHF_INFO_LINK = 0x40 + SHF_LINK_ORDER = 0x80 + SHF_MASKOS = 0xff00000 + SHF_MASKPROC = 0xf0000000 + SHF_MERGE = 0x10 + SHF_ORDERED = 0x4000000 + SHF_OS_NONCONFORMING = 0x100 + SHF_RELA_LIVEPATCH = 0x100000 + SHF_RO_AFTER_INIT = 0x200000 + SHF_STRINGS = 0x20 + SHF_TLS = 0x400 + SHF_WRITE = 0x1 + SHN_ABS = 0xfff1 + SHN_COMMON = 0xfff2 + SHN_HIPROC = 0xff1f + SHN_HIRESERVE = 0xffff + SHN_LIVEPATCH = 0xff20 + SHN_LOPROC = 0xff00 + SHN_LORESERVE = 0xff00 + SHN_UNDEF = 0x0 + SHT_DYNAMIC = 0x6 + SHT_DYNSYM = 0xb + SHT_HASH = 0x5 + SHT_HIPROC = 0x7fffffff + SHT_HIUSER = 0xffffffff + SHT_LOPROC = 0x70000000 + SHT_LOUSER = 0x80000000 + SHT_NOBITS = 0x8 + SHT_NOTE = 0x7 + SHT_NULL = 0x0 + SHT_NUM = 0xc + SHT_PROGBITS = 0x1 + SHT_REL = 0x9 + SHT_RELA = 0x4 + SHT_SHLIB = 0xa + SHT_STRTAB = 0x3 + SHT_SYMTAB = 0x2 SHUT_RD = 0x0 SHUT_RDWR = 0x2 SHUT_WR = 0x1 @@ -3317,6 +3664,16 @@ const ( STATX_UID = 0x8 STATX_WRITE_ATOMIC = 0x10000 STATX__RESERVED = 0x80000000 + STB_GLOBAL = 0x1 + STB_LOCAL = 0x0 + STB_WEAK = 0x2 + STT_COMMON = 0x5 + STT_FILE = 0x4 + STT_FUNC = 0x2 + STT_NOTYPE = 0x0 + STT_OBJECT = 0x1 + STT_SECTION = 0x3 + STT_TLS = 0x6 SYNC_FILE_RANGE_WAIT_AFTER = 0x4 SYNC_FILE_RANGE_WAIT_BEFORE = 0x1 SYNC_FILE_RANGE_WRITE = 0x2 @@ -3553,6 +3910,8 @@ const ( UTIME_OMIT = 0x3ffffffe V9FS_MAGIC = 0x1021997 VERASE = 0x2 + VER_FLG_BASE = 0x1 + VER_FLG_WEAK = 0x2 VINTR = 0x0 VKILL = 0x3 VLNEXT = 0xf diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux.go b/vendor/golang.org/x/sys/unix/zsyscall_linux.go index 5cc1e8eb2f3..8935d10a31c 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux.go @@ -2238,3 +2238,13 @@ func Mseal(b []byte, flags uint) (err error) { } return } + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func setMemPolicy(mode int, mask *CPUSet, size int) (err error) { + _, _, e1 := Syscall(SYS_SET_MEMPOLICY, uintptr(mode), uintptr(unsafe.Pointer(mask)), uintptr(size)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux.go b/vendor/golang.org/x/sys/unix/ztypes_linux.go index 944e75a11cb..c1a46701719 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux.go @@ -3590,6 +3590,8 @@ type Nhmsg struct { Flags uint32 } +const SizeofNhmsg = 0x8 + type NexthopGrp struct { Id uint32 Weight uint8 @@ -3597,6 +3599,8 @@ type NexthopGrp struct { Resvd2 uint16 } +const SizeofNexthopGrp = 0x8 + const ( NHA_UNSPEC = 0x0 NHA_ID = 0x1 @@ -6332,3 +6336,30 @@ type SockDiagReq struct { } const RTM_NEWNVLAN = 0x70 + +const ( + MPOL_BIND = 0x2 + MPOL_DEFAULT = 0x0 + MPOL_F_ADDR = 0x2 + MPOL_F_MEMS_ALLOWED = 0x4 + MPOL_F_MOF = 0x8 + MPOL_F_MORON = 0x10 + MPOL_F_NODE = 0x1 + MPOL_F_NUMA_BALANCING = 0x2000 + MPOL_F_RELATIVE_NODES = 0x4000 + MPOL_F_SHARED = 0x1 + MPOL_F_STATIC_NODES = 0x8000 + MPOL_INTERLEAVE = 0x3 + MPOL_LOCAL = 0x4 + MPOL_MAX = 0x7 + MPOL_MF_INTERNAL = 0x10 + MPOL_MF_LAZY = 0x8 + MPOL_MF_MOVE_ALL = 0x4 + MPOL_MF_MOVE = 0x2 + MPOL_MF_STRICT = 0x1 + MPOL_MF_VALID = 0x7 + MPOL_MODE_FLAGS = 0xe000 + MPOL_PREFERRED = 0x1 + MPOL_PREFERRED_MANY = 0x5 + MPOL_WEIGHTED_INTERLEAVE = 0x6 +) diff --git a/vendor/golang.org/x/sys/windows/syscall_windows.go b/vendor/golang.org/x/sys/windows/syscall_windows.go index bd513373060..69439df2a46 100644 --- a/vendor/golang.org/x/sys/windows/syscall_windows.go +++ b/vendor/golang.org/x/sys/windows/syscall_windows.go @@ -892,8 +892,12 @@ const socket_error = uintptr(^uint32(0)) //sys MultiByteToWideChar(codePage uint32, dwFlags uint32, str *byte, nstr int32, wchar *uint16, nwchar int32) (nwrite int32, err error) = kernel32.MultiByteToWideChar //sys getBestInterfaceEx(sockaddr unsafe.Pointer, pdwBestIfIndex *uint32) (errcode error) = iphlpapi.GetBestInterfaceEx //sys GetIfEntry2Ex(level uint32, row *MibIfRow2) (errcode error) = iphlpapi.GetIfEntry2Ex +//sys GetIpForwardEntry2(row *MibIpForwardRow2) (errcode error) = iphlpapi.GetIpForwardEntry2 +//sys GetIpForwardTable2(family uint16, table **MibIpForwardTable2) (errcode error) = iphlpapi.GetIpForwardTable2 //sys GetUnicastIpAddressEntry(row *MibUnicastIpAddressRow) (errcode error) = iphlpapi.GetUnicastIpAddressEntry +//sys FreeMibTable(memory unsafe.Pointer) = iphlpapi.FreeMibTable //sys NotifyIpInterfaceChange(family uint16, callback uintptr, callerContext unsafe.Pointer, initialNotification bool, notificationHandle *Handle) (errcode error) = iphlpapi.NotifyIpInterfaceChange +//sys NotifyRouteChange2(family uint16, callback uintptr, callerContext unsafe.Pointer, initialNotification bool, notificationHandle *Handle) (errcode error) = iphlpapi.NotifyRouteChange2 //sys NotifyUnicastIpAddressChange(family uint16, callback uintptr, callerContext unsafe.Pointer, initialNotification bool, notificationHandle *Handle) (errcode error) = iphlpapi.NotifyUnicastIpAddressChange //sys CancelMibChangeNotify2(notificationHandle Handle) (errcode error) = iphlpapi.CancelMibChangeNotify2 @@ -916,6 +920,17 @@ type RawSockaddrInet6 struct { Scope_id uint32 } +// RawSockaddrInet is a union that contains an IPv4, an IPv6 address, or an address family. See +// https://learn.microsoft.com/en-us/windows/win32/api/ws2ipdef/ns-ws2ipdef-sockaddr_inet. +// +// A [*RawSockaddrInet] may be converted to a [*RawSockaddrInet4] or [*RawSockaddrInet6] using +// unsafe, depending on the address family. +type RawSockaddrInet struct { + Family uint16 + Port uint16 + Data [6]uint32 +} + type RawSockaddr struct { Family uint16 Data [14]int8 diff --git a/vendor/golang.org/x/sys/windows/types_windows.go b/vendor/golang.org/x/sys/windows/types_windows.go index 358be3c7f5e..6e4f50eb483 100644 --- a/vendor/golang.org/x/sys/windows/types_windows.go +++ b/vendor/golang.org/x/sys/windows/types_windows.go @@ -2320,6 +2320,82 @@ type MibIfRow2 struct { OutQLen uint64 } +// IP_ADDRESS_PREFIX stores an IP address prefix. See +// https://learn.microsoft.com/en-us/windows/win32/api/netioapi/ns-netioapi-ip_address_prefix. +type IpAddressPrefix struct { + Prefix RawSockaddrInet + PrefixLength uint8 +} + +// NL_ROUTE_ORIGIN enumeration from nldef.h or +// https://learn.microsoft.com/en-us/windows/win32/api/nldef/ne-nldef-nl_route_origin. +const ( + NlroManual = 0 + NlroWellKnown = 1 + NlroDHCP = 2 + NlroRouterAdvertisement = 3 + Nlro6to4 = 4 +) + +// NL_ROUTE_ORIGIN enumeration from nldef.h or +// https://learn.microsoft.com/en-us/windows/win32/api/nldef/ne-nldef-nl_route_protocol. +const ( + MIB_IPPROTO_OTHER = 1 + MIB_IPPROTO_LOCAL = 2 + MIB_IPPROTO_NETMGMT = 3 + MIB_IPPROTO_ICMP = 4 + MIB_IPPROTO_EGP = 5 + MIB_IPPROTO_GGP = 6 + MIB_IPPROTO_HELLO = 7 + MIB_IPPROTO_RIP = 8 + MIB_IPPROTO_IS_IS = 9 + MIB_IPPROTO_ES_IS = 10 + MIB_IPPROTO_CISCO = 11 + MIB_IPPROTO_BBN = 12 + MIB_IPPROTO_OSPF = 13 + MIB_IPPROTO_BGP = 14 + MIB_IPPROTO_IDPR = 15 + MIB_IPPROTO_EIGRP = 16 + MIB_IPPROTO_DVMRP = 17 + MIB_IPPROTO_RPL = 18 + MIB_IPPROTO_DHCP = 19 + MIB_IPPROTO_NT_AUTOSTATIC = 10002 + MIB_IPPROTO_NT_STATIC = 10006 + MIB_IPPROTO_NT_STATIC_NON_DOD = 10007 +) + +// MIB_IPFORWARD_ROW2 stores information about an IP route entry. See +// https://learn.microsoft.com/en-us/windows/win32/api/netioapi/ns-netioapi-mib_ipforward_row2. +type MibIpForwardRow2 struct { + InterfaceLuid uint64 + InterfaceIndex uint32 + DestinationPrefix IpAddressPrefix + NextHop RawSockaddrInet + SitePrefixLength uint8 + ValidLifetime uint32 + PreferredLifetime uint32 + Metric uint32 + Protocol uint32 + Loopback uint8 + AutoconfigureAddress uint8 + Publish uint8 + Immortal uint8 + Age uint32 + Origin uint32 +} + +// MIB_IPFORWARD_TABLE2 contains a table of IP route entries. See +// https://learn.microsoft.com/en-us/windows/win32/api/netioapi/ns-netioapi-mib_ipforward_table2. +type MibIpForwardTable2 struct { + NumEntries uint32 + Table [1]MibIpForwardRow2 +} + +// Rows returns the IP route entries in the table. +func (t *MibIpForwardTable2) Rows() []MibIpForwardRow2 { + return unsafe.Slice(&t.Table[0], t.NumEntries) +} + // MIB_UNICASTIPADDRESS_ROW stores information about a unicast IP address. See // https://learn.microsoft.com/en-us/windows/win32/api/netioapi/ns-netioapi-mib_unicastipaddress_row. type MibUnicastIpAddressRow struct { diff --git a/vendor/golang.org/x/sys/windows/zsyscall_windows.go b/vendor/golang.org/x/sys/windows/zsyscall_windows.go index 426151a0193..f25b7308a1f 100644 --- a/vendor/golang.org/x/sys/windows/zsyscall_windows.go +++ b/vendor/golang.org/x/sys/windows/zsyscall_windows.go @@ -182,13 +182,17 @@ var ( procDwmGetWindowAttribute = moddwmapi.NewProc("DwmGetWindowAttribute") procDwmSetWindowAttribute = moddwmapi.NewProc("DwmSetWindowAttribute") procCancelMibChangeNotify2 = modiphlpapi.NewProc("CancelMibChangeNotify2") + procFreeMibTable = modiphlpapi.NewProc("FreeMibTable") procGetAdaptersAddresses = modiphlpapi.NewProc("GetAdaptersAddresses") procGetAdaptersInfo = modiphlpapi.NewProc("GetAdaptersInfo") procGetBestInterfaceEx = modiphlpapi.NewProc("GetBestInterfaceEx") procGetIfEntry = modiphlpapi.NewProc("GetIfEntry") procGetIfEntry2Ex = modiphlpapi.NewProc("GetIfEntry2Ex") + procGetIpForwardEntry2 = modiphlpapi.NewProc("GetIpForwardEntry2") + procGetIpForwardTable2 = modiphlpapi.NewProc("GetIpForwardTable2") procGetUnicastIpAddressEntry = modiphlpapi.NewProc("GetUnicastIpAddressEntry") procNotifyIpInterfaceChange = modiphlpapi.NewProc("NotifyIpInterfaceChange") + procNotifyRouteChange2 = modiphlpapi.NewProc("NotifyRouteChange2") procNotifyUnicastIpAddressChange = modiphlpapi.NewProc("NotifyUnicastIpAddressChange") procAddDllDirectory = modkernel32.NewProc("AddDllDirectory") procAssignProcessToJobObject = modkernel32.NewProc("AssignProcessToJobObject") @@ -1624,6 +1628,11 @@ func CancelMibChangeNotify2(notificationHandle Handle) (errcode error) { return } +func FreeMibTable(memory unsafe.Pointer) { + syscall.SyscallN(procFreeMibTable.Addr(), uintptr(memory)) + return +} + func GetAdaptersAddresses(family uint32, flags uint32, reserved uintptr, adapterAddresses *IpAdapterAddresses, sizePointer *uint32) (errcode error) { r0, _, _ := syscall.SyscallN(procGetAdaptersAddresses.Addr(), uintptr(family), uintptr(flags), uintptr(reserved), uintptr(unsafe.Pointer(adapterAddresses)), uintptr(unsafe.Pointer(sizePointer))) if r0 != 0 { @@ -1664,6 +1673,22 @@ func GetIfEntry2Ex(level uint32, row *MibIfRow2) (errcode error) { return } +func GetIpForwardEntry2(row *MibIpForwardRow2) (errcode error) { + r0, _, _ := syscall.SyscallN(procGetIpForwardEntry2.Addr(), uintptr(unsafe.Pointer(row))) + if r0 != 0 { + errcode = syscall.Errno(r0) + } + return +} + +func GetIpForwardTable2(family uint16, table **MibIpForwardTable2) (errcode error) { + r0, _, _ := syscall.SyscallN(procGetIpForwardTable2.Addr(), uintptr(family), uintptr(unsafe.Pointer(table))) + if r0 != 0 { + errcode = syscall.Errno(r0) + } + return +} + func GetUnicastIpAddressEntry(row *MibUnicastIpAddressRow) (errcode error) { r0, _, _ := syscall.SyscallN(procGetUnicastIpAddressEntry.Addr(), uintptr(unsafe.Pointer(row))) if r0 != 0 { @@ -1684,6 +1709,18 @@ func NotifyIpInterfaceChange(family uint16, callback uintptr, callerContext unsa return } +func NotifyRouteChange2(family uint16, callback uintptr, callerContext unsafe.Pointer, initialNotification bool, notificationHandle *Handle) (errcode error) { + var _p0 uint32 + if initialNotification { + _p0 = 1 + } + r0, _, _ := syscall.SyscallN(procNotifyRouteChange2.Addr(), uintptr(family), uintptr(callback), uintptr(callerContext), uintptr(_p0), uintptr(unsafe.Pointer(notificationHandle))) + if r0 != 0 { + errcode = syscall.Errno(r0) + } + return +} + func NotifyUnicastIpAddressChange(family uint16, callback uintptr, callerContext unsafe.Pointer, initialNotification bool, notificationHandle *Handle) (errcode error) { var _p0 uint32 if initialNotification { diff --git a/vendor/modules.txt b/vendor/modules.txt index 93f5fcf465b..7e9c87b5982 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -111,7 +111,7 @@ github.com/vishvananda/netns # golang.org/x/net v0.46.0 ## explicit; go 1.24.0 golang.org/x/net/bpf -# golang.org/x/sys v0.37.0 +# golang.org/x/sys v0.38.0 ## explicit; go 1.24.0 golang.org/x/sys/unix golang.org/x/sys/windows From a0e809a8ba6a61e3f4490132ef169ac991281e0b Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Mon, 10 Nov 2025 16:03:02 +1100 Subject: [PATCH 1109/1176] libct: switch to unix.SetMemPolicy wrapper This is mostly a mechanical change, but we also need to change some types to match the "mode int" argument that golang.org/x/sys/unix decided to use. Signed-off-by: Aleksa Sarai --- internal/linux/linux.go | 9 ++------- libcontainer/configs/memorypolicy.go | 4 ++-- libcontainer/specconv/spec_linux.go | 28 ++++++++++++++-------------- 3 files changed, 18 insertions(+), 23 deletions(-) diff --git a/internal/linux/linux.go b/internal/linux/linux.go index 88fe5e0dfdf..722009166f8 100644 --- a/internal/linux/linux.go +++ b/internal/linux/linux.go @@ -2,7 +2,6 @@ package linux import ( "os" - "unsafe" "golang.org/x/sys/unix" ) @@ -75,13 +74,9 @@ func Sendmsg(fd int, p, oob []byte, to unix.Sockaddr, flags int) error { } // SetMempolicy wraps set_mempolicy. -func SetMempolicy(mode uint, mask *unix.CPUSet) error { +func SetMempolicy(mode int, mask *unix.CPUSet) error { err := retryOnEINTR(func() error { - _, _, errno := unix.Syscall(unix.SYS_SET_MEMPOLICY, uintptr(mode), uintptr(unsafe.Pointer(mask)), unsafe.Sizeof(*mask)*8) - if errno != 0 { - return errno - } - return nil + return unix.SetMemPolicy(mode, mask) }) return os.NewSyscallError("set_mempolicy", err) } diff --git a/libcontainer/configs/memorypolicy.go b/libcontainer/configs/memorypolicy.go index 8c34609006d..36de853bbab 100644 --- a/libcontainer/configs/memorypolicy.go +++ b/libcontainer/configs/memorypolicy.go @@ -23,9 +23,9 @@ const ( type LinuxMemoryPolicy struct { // Mode specifies memory policy mode without mode flags. See // set_mempolicy() documentation for details. - Mode uint `json:"mode,omitempty"` + Mode int `json:"mode,omitempty"` // Flags contains mode flags. - Flags uint `json:"flags,omitempty"` + Flags int `json:"flags,omitempty"` // Nodes contains NUMA nodes to which the mode applies. Nodes *unix.CPUSet `json:"nodes,omitempty"` } diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go index ae2dd5d2715..bffd3762c57 100644 --- a/libcontainer/specconv/spec_linux.go +++ b/libcontainer/specconv/spec_linux.go @@ -42,8 +42,8 @@ var ( flag int } complexFlags map[string]func(*configs.Mount) - mpolModeMap map[string]uint - mpolModeFMap map[string]uint + mpolModeMap map[string]int + mpolModeFMap map[string]int ) func initMaps() { @@ -152,20 +152,20 @@ func initMaps() { }, } - mpolModeMap = map[string]uint{ - string(specs.MpolDefault): configs.MPOL_DEFAULT, - string(specs.MpolPreferred): configs.MPOL_PREFERRED, - string(specs.MpolBind): configs.MPOL_BIND, - string(specs.MpolInterleave): configs.MPOL_INTERLEAVE, - string(specs.MpolLocal): configs.MPOL_LOCAL, - string(specs.MpolPreferredMany): configs.MPOL_PREFERRED_MANY, - string(specs.MpolWeightedInterleave): configs.MPOL_WEIGHTED_INTERLEAVE, + mpolModeMap = map[string]int{ + string(specs.MpolDefault): unix.MPOL_DEFAULT, + string(specs.MpolPreferred): unix.MPOL_PREFERRED, + string(specs.MpolBind): unix.MPOL_BIND, + string(specs.MpolInterleave): unix.MPOL_INTERLEAVE, + string(specs.MpolLocal): unix.MPOL_LOCAL, + string(specs.MpolPreferredMany): unix.MPOL_PREFERRED_MANY, + string(specs.MpolWeightedInterleave): unix.MPOL_WEIGHTED_INTERLEAVE, } - mpolModeFMap = map[string]uint{ - string(specs.MpolFStaticNodes): configs.MPOL_F_STATIC_NODES, - string(specs.MpolFRelativeNodes): configs.MPOL_F_RELATIVE_NODES, - string(specs.MpolFNumaBalancing): configs.MPOL_F_NUMA_BALANCING, + mpolModeFMap = map[string]int{ + string(specs.MpolFStaticNodes): unix.MPOL_F_STATIC_NODES, + string(specs.MpolFRelativeNodes): unix.MPOL_F_RELATIVE_NODES, + string(specs.MpolFNumaBalancing): unix.MPOL_F_NUMA_BALANCING, } }) } From 67840cce4b418ba2376125df2ea4528d42a4bc71 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 10 Nov 2025 13:18:45 -0800 Subject: [PATCH 1110/1176] Enable gofumpt extra rules Commit b2f8a74d "clothed" the naked return as inflicted by gofumpt v0.9.0. Since gofumpt v0.9.2 this rule was moved to "extra" category, not enabled by default. The only other "extra" rule is to group adjacent parameters with the same type, which also makes sense. Enable gofumpt "extra" rules, and reformat the code accordingly. Signed-off-by: Kir Kolyshkin --- .golangci.yml | 3 +++ internal/linux/linux.go | 2 +- libcontainer/criu_linux.go | 2 +- libcontainer/integration/exec_test.go | 2 +- libcontainer/intelrdt/cmt_test.go | 2 +- libcontainer/intelrdt/intelrdt.go | 4 ++-- libcontainer/intelrdt/mbm_test.go | 2 +- libcontainer/internal/userns/userns_maps_linux.go | 2 +- libcontainer/logs/logs_linux_test.go | 2 +- libcontainer/network_linux.go | 2 +- libcontainer/notify_linux.go | 2 +- libcontainer/nsenter/nsenter_test.go | 2 +- libcontainer/rootfs_linux.go | 2 +- libcontainer/seccomp/patchbpf/enosys_linux_test.go | 2 +- libcontainer/utils/cmsg.go | 2 +- notify_socket.go | 2 +- 16 files changed, 19 insertions(+), 16 deletions(-) diff --git a/.golangci.yml b/.golangci.yml index b9a5bc7bf05..684f98960ef 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -7,6 +7,9 @@ run: formatters: enable: - gofumpt + settings: + gofumpt: + extra-rules: true linters: enable: diff --git a/internal/linux/linux.go b/internal/linux/linux.go index 722009166f8..0fb8cc4c3f1 100644 --- a/internal/linux/linux.go +++ b/internal/linux/linux.go @@ -15,7 +15,7 @@ func Dup3(oldfd, newfd, flags int) error { } // Exec wraps [unix.Exec]. -func Exec(cmd string, args []string, env []string) error { +func Exec(cmd string, args, env []string) error { err := retryOnEINTR(func() error { return unix.Exec(cmd, args, env) }) diff --git a/libcontainer/criu_linux.go b/libcontainer/criu_linux.go index 04e0d5f640f..8778e63b6a8 100644 --- a/libcontainer/criu_linux.go +++ b/libcontainer/criu_linux.go @@ -79,7 +79,7 @@ func (c *Container) checkCriuFeatures(criuOpts *CriuOpts, criuFeat *criurpc.Criu return nil } -func compareCriuVersion(criuVersion int, minVersion int) error { +func compareCriuVersion(criuVersion, minVersion int) error { // simple function to perform the actual version compare if criuVersion < minVersion { return fmt.Errorf("CRIU version %d must be %d or higher", criuVersion, minVersion) diff --git a/libcontainer/integration/exec_test.go b/libcontainer/integration/exec_test.go index c46a576eaab..a4c65e88738 100644 --- a/libcontainer/integration/exec_test.go +++ b/libcontainer/integration/exec_test.go @@ -434,7 +434,7 @@ func TestFreeze(t *testing.T) { } } -func testFreeze(t *testing.T, withSystemd bool, useSet bool) { +func testFreeze(t *testing.T, withSystemd, useSet bool) { if testing.Short() { return } diff --git a/libcontainer/intelrdt/cmt_test.go b/libcontainer/intelrdt/cmt_test.go index 3bd43adae82..5b8f4e46c7f 100644 --- a/libcontainer/intelrdt/cmt_test.go +++ b/libcontainer/intelrdt/cmt_test.go @@ -35,7 +35,7 @@ func TestGetCMTNumaNodeStats(t *testing.T) { }) } -func checkCMTStatCorrection(got CMTNumaNodeStats, expected CMTNumaNodeStats, t *testing.T) { +func checkCMTStatCorrection(got, expected CMTNumaNodeStats, t *testing.T) { if got.LLCOccupancy != expected.LLCOccupancy { t.Fatalf("Wrong value of `llc_occupancy`. Expected: %v but got: %v", expected.LLCOccupancy, diff --git a/libcontainer/intelrdt/intelrdt.go b/libcontainer/intelrdt/intelrdt.go index aa935231154..d8f98e1c24d 100644 --- a/libcontainer/intelrdt/intelrdt.go +++ b/libcontainer/intelrdt/intelrdt.go @@ -156,7 +156,7 @@ type Manager struct { // NewManager returns a new instance of Manager, or nil if the Intel RDT // functionality is not specified in the config, available from hardware or // enabled in the kernel. -func NewManager(config *configs.Config, id string, path string) *Manager { +func NewManager(config *configs.Config, id, path string) *Manager { if config.IntelRdt == nil { return nil } @@ -184,7 +184,7 @@ func NewManager(config *configs.Config, id string, path string) *Manager { // newManager is the same as NewManager, except it does not check if the feature // is actually available. Used by unit tests that mock intelrdt paths. -func newManager(config *configs.Config, id string, path string) *Manager { +func newManager(config *configs.Config, id, path string) *Manager { return &Manager{ config: config, id: id, diff --git a/libcontainer/intelrdt/mbm_test.go b/libcontainer/intelrdt/mbm_test.go index 4f22cbd0ab2..62339db2675 100644 --- a/libcontainer/intelrdt/mbm_test.go +++ b/libcontainer/intelrdt/mbm_test.go @@ -38,7 +38,7 @@ func TestGetMBMNumaNodeStats(t *testing.T) { }) } -func checkMBMStatCorrection(got MBMNumaNodeStats, expected MBMNumaNodeStats, t *testing.T) { +func checkMBMStatCorrection(got, expected MBMNumaNodeStats, t *testing.T) { if got.MBMTotalBytes != expected.MBMTotalBytes { t.Fatalf("Wrong value of mbm_total_bytes. Expected: %v but got: %v", expected.MBMTotalBytes, diff --git a/libcontainer/internal/userns/userns_maps_linux.go b/libcontainer/internal/userns/userns_maps_linux.go index 7a8c2b023b3..c2fb8ca719b 100644 --- a/libcontainer/internal/userns/userns_maps_linux.go +++ b/libcontainer/internal/userns/userns_maps_linux.go @@ -39,7 +39,7 @@ func parseIdmapData(data []byte) (ms []configs.IDMap, err error) { // Do something equivalent to nsenter --user= cat , but more // efficiently. Returns the contents of the requested file from within the user // namespace. -func spawnUserNamespaceCat(nsPath string, path string) ([]byte, error) { +func spawnUserNamespaceCat(nsPath, path string) ([]byte, error) { rdr, wtr, err := os.Pipe() if err != nil { return nil, fmt.Errorf("create pipe for userns spawn failed: %w", err) diff --git a/libcontainer/logs/logs_linux_test.go b/libcontainer/logs/logs_linux_test.go index 12640483b10..b80d28dbd86 100644 --- a/libcontainer/logs/logs_linux_test.go +++ b/libcontainer/logs/logs_linux_test.go @@ -142,7 +142,7 @@ func check(t *testing.T, l *log, txt, notxt string) { // checkWait is like check, but if the file is empty, // it waits until it's not. -func checkWait(t *testing.T, l *log, txt string, notxt string) { +func checkWait(t *testing.T, l *log, txt, notxt string) { t.Helper() const ( delay = 100 * time.Millisecond diff --git a/libcontainer/network_linux.go b/libcontainer/network_linux.go index c645fbeb3ee..35bfe747db7 100644 --- a/libcontainer/network_linux.go +++ b/libcontainer/network_linux.go @@ -110,7 +110,7 @@ func (l *loopback) detach(n *configs.Network) (err error) { // The device name will be kept the same if device.Name is the zero value. // This function ensures that the move and rename operations occur atomically. // It preserves existing interface attributes, including global IP addresses. -func devChangeNetNamespace(name string, nsPath string, device configs.LinuxNetDevice) error { +func devChangeNetNamespace(name, nsPath string, device configs.LinuxNetDevice) error { logrus.Debugf("attaching network device %s with attrs %+v to network namespace %s", name, device, nsPath) link, err := netlink.LinkByName(name) // recover same behavior on vishvananda/netlink@1.2.1 and do not fail when the kernel returns NLM_F_DUMP_INTR. diff --git a/libcontainer/notify_linux.go b/libcontainer/notify_linux.go index a8762842e8f..f118be1cf6d 100644 --- a/libcontainer/notify_linux.go +++ b/libcontainer/notify_linux.go @@ -17,7 +17,7 @@ const ( CriticalPressure ) -func registerMemoryEvent(cgDir string, evName string, arg string) (<-chan struct{}, error) { +func registerMemoryEvent(cgDir, evName, arg string) (<-chan struct{}, error) { evFile, err := os.Open(filepath.Join(cgDir, evName)) if err != nil { return nil, err diff --git a/libcontainer/nsenter/nsenter_test.go b/libcontainer/nsenter/nsenter_test.go index 123448bc253..3c6e5a17355 100644 --- a/libcontainer/nsenter/nsenter_test.go +++ b/libcontainer/nsenter/nsenter_test.go @@ -187,7 +187,7 @@ func init() { } } -func newPipe(t *testing.T) (parent *os.File, child *os.File) { +func newPipe(t *testing.T) (parent, child *os.File) { t.Helper() fds, err := unix.Socketpair(unix.AF_LOCAL, unix.SOCK_STREAM|unix.SOCK_CLOEXEC, 0) if err != nil { diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index 94b664eeb5a..41c1c5abef1 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -1421,7 +1421,7 @@ func reopenAfterMount(rootfs string, f *os.File, flags int) (_ *os.File, Err err // Do the mount operation followed by additional mounts required to take care // of propagation flags. This will always be scoped inside the container rootfs. -func (m *mountEntry) mountPropagate(rootfs string, mountLabel string) error { +func (m *mountEntry) mountPropagate(rootfs, mountLabel string) error { var ( data = label.FormatMountLabel(m.Data, mountLabel) flags = m.Flags diff --git a/libcontainer/seccomp/patchbpf/enosys_linux_test.go b/libcontainer/seccomp/patchbpf/enosys_linux_test.go index 91f337da74d..e300a5618c0 100644 --- a/libcontainer/seccomp/patchbpf/enosys_linux_test.go +++ b/libcontainer/seccomp/patchbpf/enosys_linux_test.go @@ -68,7 +68,7 @@ func mockFilter(t *testing.T, config *configs.Seccomp) (*bpf.VM, []bpf.Instructi // fakeConfig generates a fake libcontainer seccomp configuration. The syscalls // are added with an action distinct from the default action. -func fakeConfig(defaultAction configs.Action, explicitSyscalls []string, arches []string) *configs.Seccomp { +func fakeConfig(defaultAction configs.Action, explicitSyscalls, arches []string) *configs.Seccomp { config := configs.Seccomp{ DefaultAction: defaultAction, Architectures: arches, diff --git a/libcontainer/utils/cmsg.go b/libcontainer/utils/cmsg.go index 96aa3ccc98c..93bfbbd7f57 100644 --- a/libcontainer/utils/cmsg.go +++ b/libcontainer/utils/cmsg.go @@ -114,7 +114,7 @@ func RecvFile(socket *os.File) (_ *os.File, Err error) { // SendFile sends a file over the given AF_UNIX socket. file.Name() is also // included so that if the other end uses RecvFile, the file will have the same // name information. -func SendFile(socket *os.File, file *os.File) error { +func SendFile(socket, file *os.File) error { name := file.Name() if len(name) >= MaxNameLen { return fmt.Errorf("sendfd: filename too long: %s", name) diff --git a/notify_socket.go b/notify_socket.go index afebf4e77e4..c3eddaf85db 100644 --- a/notify_socket.go +++ b/notify_socket.go @@ -25,7 +25,7 @@ type notifySocket struct { socketPath string } -func newNotifySocket(context *cli.Context, notifySocketHost string, id string) *notifySocket { +func newNotifySocket(context *cli.Context, notifySocketHost, id string) *notifySocket { if notifySocketHost == "" { return nil } From 3b75374cc797aed1a9ca933e32a97699881d6140 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Wed, 22 Oct 2025 23:57:21 +1100 Subject: [PATCH 1111/1176] runtime-spec: update pids.limit handling to match new guidance The main update is actually in github.com/opencontainers/cgroups, but we need to also update runtime-spec to a newer pre-release version to get the updates from there as well. In short, the behaviour change is now that "0" is treated as a valid value to set in "pids.max", "-1" means "max" and unset/nil means "do nothing". As described in the opencontainers/cgroups PR, this change is actually backwards compatible because our internal state.json stores PidsLimit, and that entry is marked as "omitempty". So, an old runc would omit PidsLimit=0 in state.json, and this will be parsed by a new runc as being "nil" -- and both would treat this case as "do not set anything". Signed-off-by: Aleksa Sarai --- CHANGELOG.md | 16 +++ go.mod | 4 +- go.sum | 8 +- libcontainer/integration/exec_test.go | 8 +- man/runc-update.8.md | 3 +- update.go | 4 +- .../opencontainers/cgroups/config_linux.go | 4 +- .../opencontainers/cgroups/fs/cpuacct.go | 12 +- .../opencontainers/cgroups/fs/pids.go | 27 +++-- .../opencontainers/cgroups/fs2/io.go | 19 +++- .../opencontainers/cgroups/fs2/pids.go | 20 +++- .../opencontainers/cgroups/stats.go | 4 + .../opencontainers/cgroups/systemd/dbus.go | 26 ++++- .../opencontainers/cgroups/systemd/v1.go | 13 ++- .../opencontainers/cgroups/systemd/v2.go | 15 ++- .../runtime-spec/specs-go/config.go | 106 +++++++++++++++++- .../runtime-spec/specs-go/version.go | 6 +- vendor/modules.txt | 4 +- 18 files changed, 247 insertions(+), 52 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 720e27a9f40..49649793c9e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,22 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - The deprecated `libcontainer/userns` package has been removed; use `github.com/moby/sys/userns` instead. +### Breaking ### +- The handling of `pids.limit` has been updated to match the newer guidance + from the OCI runtime specification. In particular, now a maximum limit value + of `0` will be treated as an actual limit (due to limitations with systemd, + it will be treated the same as a limit value of `1`). We only expect users + that explicitly set `pids.limit` to `0` will see a behaviour change. + (opencontainers/cgroups#48, #4949) + +### Fixed ### +- cgroups: provide iocost statistics for cgroupv2. (opencontainers/cgroups#43) +- cgroups: retry DBus connection when it fails with EAGAIN. + (opencontainers/cgroups#45) +- cgroups: improve `cpuacct.usage_all` resilience when parsing data from + patched kernels (such as the Tencent kernels). (opencontainers/cgroups#46, + opencontainers/cgroups#50) + ## [1.4.0-rc.1] - 2025-09-05 > ăă‚ă‚§ă‚‚ăƒœă‚¹ă«ăªă£ăŸă‚“ă ă‚ă‰ï¼Ÿ diff --git a/go.mod b/go.mod index 03fcdca6452..df65bf5e83d 100644 --- a/go.mod +++ b/go.mod @@ -14,8 +14,8 @@ require ( github.com/moby/sys/user v0.4.0 github.com/moby/sys/userns v0.1.0 github.com/mrunalp/fileutils v0.5.1 - github.com/opencontainers/cgroups v0.0.5 - github.com/opencontainers/runtime-spec v1.2.2-0.20250818071321-383cadbf08c0 + github.com/opencontainers/cgroups v0.0.6 + github.com/opencontainers/runtime-spec v1.3.0 github.com/opencontainers/selinux v1.13.0 github.com/seccomp/libseccomp-golang v0.11.1 github.com/sirupsen/logrus v1.9.3 diff --git a/go.sum b/go.sum index 5ff1156f22a..01d49385ba1 100644 --- a/go.sum +++ b/go.sum @@ -46,10 +46,10 @@ github.com/moby/sys/userns v0.1.0 h1:tVLXkFOxVu9A64/yh59slHVv9ahO9UIev4JZusOLG/g github.com/moby/sys/userns v0.1.0/go.mod h1:IHUYgu/kao6N8YZlp9Cf444ySSvCmDlmzUcYfDHOl28= github.com/mrunalp/fileutils v0.5.1 h1:F+S7ZlNKnrwHfSwdlgNSkKo67ReVf8o9fel6C3dkm/Q= github.com/mrunalp/fileutils v0.5.1/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ= -github.com/opencontainers/cgroups v0.0.5 h1:DRITAqcOnY0uSBzIpt1RYWLjh5DPDiqUs4fY6Y0ktls= -github.com/opencontainers/cgroups v0.0.5/go.mod h1:oWVzJsKK0gG9SCRBfTpnn16WcGEqDI8PAcpMGbqWxcs= -github.com/opencontainers/runtime-spec v1.2.2-0.20250818071321-383cadbf08c0 h1:RLn0YfUWkiqPGtgUANvJrcjIkCHGRl3jcz/c557M28M= -github.com/opencontainers/runtime-spec v1.2.2-0.20250818071321-383cadbf08c0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= +github.com/opencontainers/cgroups v0.0.6 h1:tfZFWTIIGaUUFImTyuTg+Mr5x8XRiSdZESgEBW7UxuI= +github.com/opencontainers/cgroups v0.0.6/go.mod h1:oWVzJsKK0gG9SCRBfTpnn16WcGEqDI8PAcpMGbqWxcs= +github.com/opencontainers/runtime-spec v1.3.0 h1:YZupQUdctfhpZy3TM39nN9Ika5CBWT5diQ8ibYCRkxg= +github.com/opencontainers/runtime-spec v1.3.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/selinux v1.13.0 h1:Zza88GWezyT7RLql12URvoxsbLfjFx988+LGaWfbL84= github.com/opencontainers/selinux v1.13.0/go.mod h1:XxWTed+A/s5NNq4GmYScVy+9jzXhGBVEOAyucdRUY8s= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= diff --git a/libcontainer/integration/exec_test.go b/libcontainer/integration/exec_test.go index c46a576eaab..bdb90a0ef73 100644 --- a/libcontainer/integration/exec_test.go +++ b/libcontainer/integration/exec_test.go @@ -526,20 +526,22 @@ func TestPidsSystemd(t *testing.T) { testPids(t, true) } +func mkPtr[T any](v T) *T { return &v } + func testPids(t *testing.T, systemd bool) { if testing.Short() { return } config := newTemplateConfig(t, &tParam{systemd: systemd}) - config.Cgroups.Resources.PidsLimit = -1 + config.Cgroups.Resources.PidsLimit = mkPtr[int64](-1) // Running multiple processes, expecting it to succeed with no pids limit. runContainerOk(t, config, "/bin/sh", "-c", "/bin/true | /bin/true | /bin/true | /bin/true") // Enforce a permissive limit. This needs to be fairly hand-wavey due to the // issues with running Go binaries with pids restrictions (see below). - config.Cgroups.Resources.PidsLimit = 64 + config.Cgroups.Resources.PidsLimit = mkPtr[int64](64) runContainerOk(t, config, "/bin/sh", "-c", ` /bin/true | /bin/true | /bin/true | /bin/true | /bin/true | /bin/true | bin/true | /bin/true | /bin/true | /bin/true | /bin/true | /bin/true | /bin/true | /bin/true | bin/true | /bin/true | @@ -548,7 +550,7 @@ func testPids(t *testing.T, systemd bool) { // Enforce a restrictive limit. 64 * /bin/true + 1 * shell should cause // this to fail reliably. - config.Cgroups.Resources.PidsLimit = 64 + config.Cgroups.Resources.PidsLimit = mkPtr[int64](64) out, _, err := runContainer(t, config, "/bin/sh", "-c", ` /bin/true | /bin/true | /bin/true | /bin/true | /bin/true | /bin/true | bin/true | /bin/true | /bin/true | /bin/true | /bin/true | /bin/true | /bin/true | /bin/true | bin/true | /bin/true | diff --git a/man/runc-update.8.md b/man/runc-update.8.md index 0e95d85ded1..af23be35ca8 100644 --- a/man/runc-update.8.md +++ b/man/runc-update.8.md @@ -85,7 +85,8 @@ stdin. If this option is used, all other options are ignored. (i.e. use unlimited swap). **--pids-limit** _num_ -: Set the maximum number of processes allowed in the container. +: Set the maximum number of processes allowed in the container. Use **-1** to +unset the limit. **--l3-cache-schema** _value_ : Set the value for Intel RDT/CAT L3 cache schema. diff --git a/update.go b/update.go index 8510c217cd5..e4abb1ef552 100644 --- a/update.go +++ b/update.go @@ -252,7 +252,9 @@ other options are ignored. } } - r.Pids.Limit = int64(context.Int("pids-limit")) + if context.IsSet("pids-limit") { + r.Pids.Limit = i64Ptr(int64(context.Int("pids-limit"))) + } } // Fix up values diff --git a/vendor/github.com/opencontainers/cgroups/config_linux.go b/vendor/github.com/opencontainers/cgroups/config_linux.go index 9bc58a3789b..3d29d938bf0 100644 --- a/vendor/github.com/opencontainers/cgroups/config_linux.go +++ b/vendor/github.com/opencontainers/cgroups/config_linux.go @@ -90,8 +90,8 @@ type Resources struct { // Cgroup's SCHED_IDLE value. CPUIdle *int64 `json:"cpu_idle,omitempty"` - // Process limit; set <= `0' to disable limit. - PidsLimit int64 `json:"pids_limit,omitempty"` + // Process limit; set < `0' to disable limit. `nil` means "keep current limit". + PidsLimit *int64 `json:"pids_limit,omitempty"` // Specifies per cgroup weight, range is from 10 to 1000. BlkioWeight uint16 `json:"blkio_weight,omitempty"` diff --git a/vendor/github.com/opencontainers/cgroups/fs/cpuacct.go b/vendor/github.com/opencontainers/cgroups/fs/cpuacct.go index 391a023c751..bde25b07594 100644 --- a/vendor/github.com/opencontainers/cgroups/fs/cpuacct.go +++ b/vendor/github.com/opencontainers/cgroups/fs/cpuacct.go @@ -129,12 +129,16 @@ func getPercpuUsageInModes(path string) ([]uint64, []uint64, error) { defer fd.Close() scanner := bufio.NewScanner(fd) - scanner.Scan() // skipping header line + scanner.Scan() // Read header line. + const want = "cpu user system" + if hdr := scanner.Text(); !strings.HasPrefix(hdr, want) { + return nil, nil, malformedLine(path, file, hdr) + } for scanner.Scan() { - // Each line is: cpu user system - fields := strings.SplitN(scanner.Text(), " ", 3) - if len(fields) != 3 { + // Each line is: cpu user system. Keep N at 4 to ignore extra fields. + fields := strings.SplitN(scanner.Text(), " ", 4) + if len(fields) < 3 { continue } diff --git a/vendor/github.com/opencontainers/cgroups/fs/pids.go b/vendor/github.com/opencontainers/cgroups/fs/pids.go index 9319761e6ad..36bd339af82 100644 --- a/vendor/github.com/opencontainers/cgroups/fs/pids.go +++ b/vendor/github.com/opencontainers/cgroups/fs/pids.go @@ -19,19 +19,24 @@ func (s *PidsGroup) Apply(path string, _ *cgroups.Resources, pid int) error { } func (s *PidsGroup) Set(path string, r *cgroups.Resources) error { - if r.PidsLimit != 0 { - // "max" is the fallback value. - limit := "max" - - if r.PidsLimit > 0 { - limit = strconv.FormatInt(r.PidsLimit, 10) - } - - if err := cgroups.WriteFile(path, "pids.max", limit); err != nil { - return err - } + if r.PidsLimit == nil { + return nil } + // "max" is the fallback value. + val := "max" + if limit := *r.PidsLimit; limit > 0 { + val = strconv.FormatInt(limit, 10) + } else if limit == 0 { + // systemd doesn't support setting pids.max to "0", so when setting + // TasksMax we need to remap it to "1". We do the same thing here to + // avoid flip-flop behaviour between the fs and systemd drivers. In + // practice, the pids cgroup behaviour is basically identical. + val = "1" + } + if err := cgroups.WriteFile(path, "pids.max", val); err != nil { + return err + } return nil } diff --git a/vendor/github.com/opencontainers/cgroups/fs2/io.go b/vendor/github.com/opencontainers/cgroups/fs2/io.go index 0f6ef7fea55..3c6dcc3bf2e 100644 --- a/vendor/github.com/opencontainers/cgroups/fs2/io.go +++ b/vendor/github.com/opencontainers/cgroups/fs2/io.go @@ -165,11 +165,22 @@ func statIo(dirPath string, stats *cgroups.Stats) error { case "wios": op = "Write" targetTable = &parsedStats.IoServicedRecursive + + case "cost.usage": + op = "Count" + targetTable = &parsedStats.IoCostUsage + case "cost.wait": + op = "Count" + targetTable = &parsedStats.IoCostWait + case "cost.indebt": + op = "Count" + targetTable = &parsedStats.IoCostIndebt + case "cost.indelay": + op = "Count" + targetTable = &parsedStats.IoCostIndelay + default: - // Skip over entries we cannot map to cgroupv1 stats for now. - // In the future we should expand the stats struct to include - // them. - logrus.Debugf("cgroupv2 io stats: skipping over unmappable %s entry", item) + logrus.Debugf("cgroupv2 io stats: unknown entry %s", item) continue } diff --git a/vendor/github.com/opencontainers/cgroups/fs2/pids.go b/vendor/github.com/opencontainers/cgroups/fs2/pids.go index 9b82b90115e..f932259ad56 100644 --- a/vendor/github.com/opencontainers/cgroups/fs2/pids.go +++ b/vendor/github.com/opencontainers/cgroups/fs2/pids.go @@ -4,6 +4,7 @@ import ( "errors" "math" "os" + "strconv" "strings" "golang.org/x/sys/unix" @@ -13,19 +14,26 @@ import ( ) func isPidsSet(r *cgroups.Resources) bool { - return r.PidsLimit != 0 + return r.PidsLimit != nil } func setPids(dirPath string, r *cgroups.Resources) error { if !isPidsSet(r) { return nil } - if val := numToStr(r.PidsLimit); val != "" { - if err := cgroups.WriteFile(dirPath, "pids.max", val); err != nil { - return err - } + val := "max" + if limit := *r.PidsLimit; limit > 0 { + val = strconv.FormatInt(limit, 10) + } else if limit == 0 { + // systemd doesn't support setting pids.max to "0", so when setting + // TasksMax we need to remap it to "1". We do the same thing here to + // avoid flip-flop behaviour between the fs and systemd drivers. In + // practice, the pids cgroup behaviour is basically identical. + val = "1" + } + if err := cgroups.WriteFile(dirPath, "pids.max", val); err != nil { + return err } - return nil } diff --git a/vendor/github.com/opencontainers/cgroups/stats.go b/vendor/github.com/opencontainers/cgroups/stats.go index 6cd6253ee0a..01701333ab3 100644 --- a/vendor/github.com/opencontainers/cgroups/stats.go +++ b/vendor/github.com/opencontainers/cgroups/stats.go @@ -159,6 +159,10 @@ type BlkioStats struct { IoTimeRecursive []BlkioStatEntry `json:"io_time_recursive,omitempty"` SectorsRecursive []BlkioStatEntry `json:"sectors_recursive,omitempty"` PSI *PSIStats `json:"psi,omitempty"` + IoCostUsage []BlkioStatEntry `json:"io_cost_usage,omitempty"` + IoCostWait []BlkioStatEntry `json:"io_cost_wait,omitempty"` + IoCostIndebt []BlkioStatEntry `json:"io_cost_indebt,omitempty"` + IoCostIndelay []BlkioStatEntry `json:"io_cost_indelay,omitempty"` } type HugetlbStats struct { diff --git a/vendor/github.com/opencontainers/cgroups/systemd/dbus.go b/vendor/github.com/opencontainers/cgroups/systemd/dbus.go index bb87ae83aef..c492372a7af 100644 --- a/vendor/github.com/opencontainers/cgroups/systemd/dbus.go +++ b/vendor/github.com/opencontainers/cgroups/systemd/dbus.go @@ -4,10 +4,13 @@ import ( "context" "errors" "fmt" + "math/rand/v2" "sync" + "time" systemdDbus "github.com/coreos/go-systemd/v22/dbus" dbus "github.com/godbus/dbus/v5" + "golang.org/x/sys/unix" ) var ( @@ -64,10 +67,27 @@ func (d *dbusConnManager) getConnection() (*systemdDbus.Conn, error) { } func (d *dbusConnManager) newConnection() (*systemdDbus.Conn, error) { - if dbusRootless { - return newUserSystemdDbus() + newDbusConn := func() (*systemdDbus.Conn, error) { + if dbusRootless { + return newUserSystemdDbus() + } + return systemdDbus.NewWithContext(context.TODO()) + } + + var err error + for retry := range 7 { + var conn *systemdDbus.Conn + conn, err = newDbusConn() + if !errors.Is(err, unix.EAGAIN) { + return conn, err + } + // Exponential backoff (100ms * 2^attempt + ~12.5% jitter). + // At most we would expect 15 seconds of delay with 7 attempts. + delay := 100 * time.Millisecond << retry + delay += time.Duration(rand.Int64N(1 + (delay.Milliseconds() >> 3))) + time.Sleep(delay) } - return systemdDbus.NewWithContext(context.TODO()) + return nil, fmt.Errorf("dbus connection failed after several retries: %w", err) } // resetConnection resets the connection to its initial state diff --git a/vendor/github.com/opencontainers/cgroups/systemd/v1.go b/vendor/github.com/opencontainers/cgroups/systemd/v1.go index 5500a53ac0f..96e69bb8608 100644 --- a/vendor/github.com/opencontainers/cgroups/systemd/v1.go +++ b/vendor/github.com/opencontainers/cgroups/systemd/v1.go @@ -2,6 +2,7 @@ package systemd import ( "errors" + "math" "os" "path/filepath" "strings" @@ -97,9 +98,17 @@ func genV1ResourcesProperties(r *cgroups.Resources, cm *dbusConnManager) ([]syst newProp("BlockIOWeight", uint64(r.BlkioWeight))) } - if r.PidsLimit > 0 || r.PidsLimit == -1 { + if r.PidsLimit != nil { + var tasksMax uint64 + if limit := *r.PidsLimit; limit < 0 { + tasksMax = math.MaxUint64 // "infinity" + } else if limit == 0 { + tasksMax = 1 // systemd does not accept "0" for TasksMax + } else { + tasksMax = uint64(limit) + } properties = append(properties, - newProp("TasksMax", uint64(r.PidsLimit))) + newProp("TasksMax", tasksMax)) } err = addCpuset(cm, &properties, r.CpusetCpus, r.CpusetMems) diff --git a/vendor/github.com/opencontainers/cgroups/systemd/v2.go b/vendor/github.com/opencontainers/cgroups/systemd/v2.go index c2f2e87f3ba..f76c93e8444 100644 --- a/vendor/github.com/opencontainers/cgroups/systemd/v2.go +++ b/vendor/github.com/opencontainers/cgroups/systemd/v2.go @@ -176,6 +176,9 @@ func unifiedResToSystemdProps(cm *dbusConnManager, res map[string]string) (props return nil, fmt.Errorf("unified resource %q value conversion error: %w", k, err) } } + if num == 0 { + num = 1 // systemd does not accept "0" for TasksMax + } props = append(props, newProp("TasksMax", num)) @@ -256,9 +259,17 @@ func genV2ResourcesProperties(dirPath string, r *cgroups.Resources, cm *dbusConn addCPUQuota(cm, &properties, &r.CpuQuota, r.CpuPeriod) - if r.PidsLimit > 0 || r.PidsLimit == -1 { + if r.PidsLimit != nil { + var tasksMax uint64 + if limit := *r.PidsLimit; limit < 0 { + tasksMax = math.MaxUint64 // "infinity" + } else if limit == 0 { + tasksMax = 1 // systemd does not accept "0" for TasksMax + } else { + tasksMax = uint64(limit) + } properties = append(properties, - newProp("TasksMax", uint64(r.PidsLimit))) + newProp("TasksMax", tasksMax)) } err = addCpuset(cm, &properties, r.CpusetCpus, r.CpusetMems) diff --git a/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go b/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go index 36d28032e66..3ef333387b0 100644 --- a/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go +++ b/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go @@ -31,6 +31,8 @@ type Spec struct { VM *VM `json:"vm,omitempty" platform:"vm"` // ZOS is platform-specific configuration for z/OS based containers. ZOS *ZOS `json:"zos,omitempty" platform:"zos"` + // FreeBSD is platform-specific configuration for FreeBSD based containers. + FreeBSD *FreeBSD `json:"freebsd,omitempty" platform:"freebsd"` } // Scheduler represents the scheduling attributes for a process. It is based on @@ -170,7 +172,7 @@ type Mount struct { // Destination is the absolute path where the mount will be placed in the container. Destination string `json:"destination"` // Type specifies the mount kind. - Type string `json:"type,omitempty" platform:"linux,solaris,zos"` + Type string `json:"type,omitempty" platform:"linux,solaris,zos,freebsd"` // Source specifies the source path of the mount. Source string `json:"source,omitempty"` // Options are fstab style mount options. @@ -434,7 +436,7 @@ type LinuxCPU struct { // LinuxPids for Linux cgroup 'pids' resource management (Linux 4.3) type LinuxPids struct { // Maximum number of PIDs. Default is "no limit". - Limit int64 `json:"limit"` + Limit *int64 `json:"limit,omitempty"` } // LinuxNetwork identification and priority configuration @@ -688,6 +690,32 @@ type WindowsHyperV struct { UtilityVMPath string `json:"utilityVMPath,omitempty"` } +// IOMems contains information about iomem addresses that should be passed to the VM. +type IOMems struct { + // Guest Frame Number to map the iomem range. If GFN is not specified, the mapping will be done to the same Frame Number as was provided in FirstMFN. + FirstGFN *uint64 `json:"firstGFN,omitempty"` + // Physical page number of iomem regions. + FirstMFN *uint64 `json:"firstMFN"` + // Number of pages to be mapped. + NrMFNs *uint64 `json:"nrMFNs"` +} + +// Hardware configuration for the VM image +type HWConfig struct { + // Path to the container device-tree file that should be passed to the VM configuration. + DeviceTree string `json:"deviceTree,omitempty"` + // Number of virtual cpus for the VM. + VCPUs *uint32 `json:"vcpus,omitempty"` + // Maximum memory in bytes allocated to the VM. + Memory *uint64 `json:"memory,omitempty"` + // Host device tree nodes to passthrough to the VM. + DtDevs []string `json:"dtdevs,omitempty"` + // Allow auto-translated domains to access specific hardware I/O memory pages. + IOMems []IOMems `json:"iomems,omitempty"` + // Allows VM to access specific physical IRQs. + Irqs []uint32 `json:"irqs,omitempty"` +} + // VM contains information for virtual-machine-based containers. type VM struct { // Hypervisor specifies hypervisor-related configuration for virtual-machine-based containers. @@ -696,6 +724,8 @@ type VM struct { Kernel VMKernel `json:"kernel"` // Image specifies guest image related configuration for virtual-machine-based containers. Image VMImage `json:"image,omitempty"` + // Hardware configuration that should be passed to the VM. + HwConfig *HWConfig `json:"hwconfig,omitempty"` } // VMHypervisor contains information about the hypervisor to use for a virtual machine. @@ -963,3 +993,75 @@ const ( // SchedFlagUtilClampMin represents the utilization clamp maximum scheduling flag SchedFlagUtilClampMax LinuxSchedulerFlag = "SCHED_FLAG_UTIL_CLAMP_MAX" ) + +// FreeBSD contains platform-specific configuration for FreeBSD based containers. +type FreeBSD struct { + // Devices which are accessible in the container + Devices []FreeBSDDevice `json:"devices,omitempty"` + // Jail definition for this container + Jail *FreeBSDJail `json:"jail,omitempty"` +} + +type FreeBSDDevice struct { + // Path to the device, relative to /dev. + Path string `json:"path"` + // FileMode permission bits for the device. + Mode *os.FileMode `json:"mode,omitempty"` +} + +// FreeBSDJail describes how to configure the container's jail +type FreeBSDJail struct { + // Parent jail name - this can be used to share a single vnet + // across several containers + Parent string `json:"parent,omitempty"` + // Whether to use parent UTS names or override in the container + Host FreeBSDSharing `json:"host,omitempty"` + // IPv4 address sharing for the container + Ip4 FreeBSDSharing `json:"ip4,omitempty"` + // IPv4 addresses for the container + Ip4Addr []string `json:"ip4Addr,omitempty"` + // IPv6 address sharing for the container + Ip6 FreeBSDSharing `json:"ip6,omitempty"` + // IPv6 addresses for the container + Ip6Addr []string `json:"ip6Addr,omitempty"` + // Which network stack to use for the container + Vnet FreeBSDSharing `json:"vnet,omitempty"` + // If set, Ip4Addr and Ip6Addr addresses will be added to this interface + Interface string `json:"interface,omitempty"` + // List interfaces to be moved to the container's vnet + VnetInterfaces []string `json:"vnetInterfaces,omitempty"` + // SystemV IPC message sharing for the container + SysVMsg FreeBSDSharing `json:"sysvmsg,omitempty"` + // SystemV semaphore message sharing for the container + SysVSem FreeBSDSharing `json:"sysvsem,omitempty"` + // SystemV memory sharing for the container + SysVShm FreeBSDSharing `json:"sysvshm,omitempty"` + // Mount visibility (see jail(8) for details) + EnforceStatfs *int `json:"enforceStatfs,omitempty"` + // Jail capabilities + Allow *FreeBSDJailAllow `json:"allow,omitempty"` +} + +// These values are used to control access to features in the container, either +// disabling the feature, sharing state with the parent or creating new private +// state in the container. +type FreeBSDSharing string + +const ( + FreeBSDShareDisable FreeBSDSharing = "disable" + FreeBSDShareNew FreeBSDSharing = "new" + FreeBSDShareInherit FreeBSDSharing = "inherit" +) + +// FreeBSDJailAllow describes jail capabilities +type FreeBSDJailAllow struct { + SetHostname bool `json:"setHostname,omitempty"` + RawSockets bool `json:"rawSockets,omitempty"` + Chflags bool `json:"chflags,omitempty"` + Mount []string `json:"mount,omitempty"` + Quotas bool `json:"quotas,omitempty"` + SocketAf bool `json:"socketAf,omitempty"` + Mlock bool `json:"mlock,omitempty"` + ReservedPorts bool `json:"reservedPorts,omitempty"` + Suser bool `json:"suser,omitempty"` +} diff --git a/vendor/github.com/opencontainers/runtime-spec/specs-go/version.go b/vendor/github.com/opencontainers/runtime-spec/specs-go/version.go index b0a00466b61..0257dba3e74 100644 --- a/vendor/github.com/opencontainers/runtime-spec/specs-go/version.go +++ b/vendor/github.com/opencontainers/runtime-spec/specs-go/version.go @@ -6,12 +6,12 @@ const ( // VersionMajor is for an API incompatible changes VersionMajor = 1 // VersionMinor is for functionality in a backwards-compatible manner - VersionMinor = 2 + VersionMinor = 3 // VersionPatch is for backwards-compatible bug fixes - VersionPatch = 1 + VersionPatch = 0 // VersionDev indicates development branch. Releases will be empty string. - VersionDev = "+dev" + VersionDev = "" ) // Version is the specification version that the package types support. diff --git a/vendor/modules.txt b/vendor/modules.txt index 7e9c87b5982..b6d94ce7bc8 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -68,7 +68,7 @@ github.com/moby/sys/userns # github.com/mrunalp/fileutils v0.5.1 ## explicit; go 1.13 github.com/mrunalp/fileutils -# github.com/opencontainers/cgroups v0.0.5 +# github.com/opencontainers/cgroups v0.0.6 ## explicit; go 1.23.0 github.com/opencontainers/cgroups github.com/opencontainers/cgroups/devices @@ -79,7 +79,7 @@ github.com/opencontainers/cgroups/fscommon github.com/opencontainers/cgroups/internal/path github.com/opencontainers/cgroups/manager github.com/opencontainers/cgroups/systemd -# github.com/opencontainers/runtime-spec v1.2.2-0.20250818071321-383cadbf08c0 +# github.com/opencontainers/runtime-spec v1.3.0 ## explicit github.com/opencontainers/runtime-spec/specs-go github.com/opencontainers/runtime-spec/specs-go/features From 72421e0e25d35ec038d9a3baa779b16ec438616c Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Fri, 24 Oct 2025 15:30:40 +1100 Subject: [PATCH 1112/1176] tests: add pids.limit tests Signed-off-by: Aleksa Sarai --- tests/integration/cgroups.bats | 31 +++++++++++++++++++++++++++++++ tests/integration/update.bats | 31 +++++++++++++++++++++++++++++++ 2 files changed, 62 insertions(+) diff --git a/tests/integration/cgroups.bats b/tests/integration/cgroups.bats index a2df63e8002..6d829fd19f6 100644 --- a/tests/integration/cgroups.bats +++ b/tests/integration/cgroups.bats @@ -324,6 +324,37 @@ convert_hugetlb_size() { done } +# https://github.com/opencontainers/runc/issues/4014. +@test "runc run (pids.limit=0 means 1)" { + [ $EUID -ne 0 ] && requires rootless_cgroup + requires cgroups_pids + + set_cgroups_path + update_config '.linux.resources.pids.limit = 0' + + runc run -d --console-socket "$CONSOLE_SOCKET" test_pids + [ "$status" -eq 0 ] + # systemd doesn't support TasksMax=0 so runc will silently remap it to 1 + # (for consistency, we do this for systemd *and* cgroupfs). + check_cgroup_value "pids.max" "1" + check_systemd_value "TasksMax" "1" +} + +# https://github.com/opencontainers/runc/issues/4014. +@test "runc run (pids.limit=-1 means unlimited)" { + [ $EUID -ne 0 ] && requires rootless_cgroup + requires cgroups_pids + + set_cgroups_path + update_config '.linux.resources.pids.limit = -1' + + runc run -d --console-socket "$CONSOLE_SOCKET" test_pids + [ "$status" -eq 0 ] + check_cgroup_value "pids.max" "max" + # systemd < v227 shows UINT64_MAX instead of "infinity". + check_systemd_value "TasksMax" "infinity" "18446744073709551615" +} + @test "runc run (cgroup v2 resources.unified only)" { requires root cgroups_v2 diff --git a/tests/integration/update.bats b/tests/integration/update.bats index 29d36fdfa2a..07f3eff1733 100644 --- a/tests/integration/update.bats +++ b/tests/integration/update.bats @@ -327,6 +327,37 @@ EOF check_cpu_shares 100 } +@test "update pids.limit" { + [ $EUID -ne 0 ] && requires rootless_cgroup + requires cgroups_pids + + runc run -d --console-socket "$CONSOLE_SOCKET" test_update + [ "$status" -eq 0 ] + + check_cgroup_value "pids.max" 20 + check_systemd_value "TasksMax" 20 + + runc update test_update --pids-limit 12345 + [ "$status" -eq 0 ] + + check_cgroup_value "pids.max" "12345" + check_systemd_value "TasksMax" "12345" + + runc update test_update --pids-limit -1 + [ "$status" -eq 0 ] + + check_cgroup_value "pids.max" "max" + # systemd < v227 shows UINT64_MAX instead of "infinity". + check_systemd_value "TasksMax" "infinity" "18446744073709551615" + + runc update test_update --pids-limit 0 + [ "$status" -eq 0 ] + + # systemd doesn't support TasksMax=0 so runc will silently remap it to 1. + check_cgroup_value "pids.max" "1" + check_systemd_value "TasksMax" "1" +} + @test "cpu burst" { [ $EUID -ne 0 ] && requires rootless_cgroup requires cgroups_cpu_burst From 8ab2458bc4ef4c42059f51818a84df5ab4920f76 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Sat, 8 Nov 2025 23:07:57 +1100 Subject: [PATCH 1113/1176] update: switch to generics for mkPtr logic This is much easier to read and removes the need for explicit per-type helper functions. Signed-off-by: Aleksa Sarai --- update.go | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/update.go b/update.go index e4abb1ef552..11a157184d7 100644 --- a/update.go +++ b/update.go @@ -17,10 +17,7 @@ import ( "github.com/urfave/cli" ) -func i64Ptr(i int64) *int64 { return &i } -func u64Ptr(i uint64) *uint64 { return &i } -func u16Ptr(i uint16) *uint16 { return &i } -func boolPtr(b bool) *bool { return &b } +func mkPtr[T any](v T) *T { return &v } var updateCommand = cli.Command{ Name: "update", @@ -147,9 +144,9 @@ other options are ignored. } r := specs.LinuxResources{ - // nil and u64Ptr(0) are not interchangeable + // nil and mkPtr(0) are not interchangeable Memory: &specs.LinuxMemory{ - CheckBeforeUpdate: boolPtr(false), // constant + CheckBeforeUpdate: mkPtr(false), // constant }, CPU: &specs.LinuxCPU{}, BlockIO: &specs.LinuxBlockIO{}, @@ -179,7 +176,7 @@ other options are ignored. } } else { if val := context.Int("blkio-weight"); val != 0 { - r.BlockIO.Weight = u16Ptr(uint16(val)) + r.BlockIO.Weight = mkPtr(uint16(val)) } if val := context.String("cpuset-cpus"); val != "" { r.CPU.Cpus = val @@ -192,7 +189,7 @@ other options are ignored. if err != nil { return fmt.Errorf("invalid value for cpu-idle: %w", err) } - r.CPU.Idle = i64Ptr(idle) + r.CPU.Idle = mkPtr(idle) } for _, pair := range []struct { @@ -253,18 +250,18 @@ other options are ignored. } if context.IsSet("pids-limit") { - r.Pids.Limit = i64Ptr(int64(context.Int("pids-limit"))) + r.Pids.Limit = mkPtr(int64(context.Int("pids-limit"))) } } // Fix up values if r.Memory.Limit != nil && *r.Memory.Limit == -1 && r.Memory.Swap == nil { // To avoid error "unable to set swap limit without memory limit" - r.Memory.Swap = i64Ptr(0) + r.Memory.Swap = mkPtr[int64](0) } if r.CPU.Idle != nil && r.CPU.Shares == nil { // To avoid error "failed to write \"4\": write /sys/fs/cgroup/runc-cgroups-integration-test/test-cgroup-7341/cpu.weight: invalid argument" - r.CPU.Shares = u64Ptr(0) + r.CPU.Shares = mkPtr[uint64](0) } if (r.Memory.Kernel != nil) || (r.Memory.KernelTCP != nil) { //nolint:staticcheck // Ignore SA1019. Need to keep deprecated package for compatibility. From 3fe21c54e63f30745818b2e64e8b4740f8e874c2 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 10 Nov 2025 23:19:15 -0800 Subject: [PATCH 1114/1176] ci: faster git clone For some reason, some jobs in .github/workflows/validate.yml have "fetch-depth: 0" argument to actions/checkout, meaning "all history for all branches and tags". Obviously this is not needed here. Signed-off-by: Kir Kolyshkin --- .github/workflows/validate.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 7b48e46bcaa..64ca2f1068d 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -188,8 +188,6 @@ jobs: steps: - name: checkout uses: actions/checkout@v5 - with: - fetch-depth: 0 - name: install deps run: | sudo apt -qq update @@ -206,8 +204,6 @@ jobs: steps: - name: checkout uses: actions/checkout@v5 - with: - fetch-depth: 0 - name: check CHANGELOG.md run: make verify-changelog @@ -236,8 +232,6 @@ jobs: runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v5 - with: - fetch-depth: 0 - name: install bashbrew env: BASEURL: https://github.com/docker-library/bashbrew/releases/download From df4acc8867a08bd2df2dfec74a5f79fe018c2f4d Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 10 Nov 2025 23:45:49 -0800 Subject: [PATCH 1115/1176] ci: add checking Go version from Dockerfile This is to ensure that Go version in Dockerfile (which is used to build release binaries) is: - currently supported; - used in CI tests. Signed-off-by: Kir Kolyshkin --- .github/workflows/validate.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 64ca2f1068d..3685fa6c03d 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -197,6 +197,18 @@ jobs: make cfmt git diff --exit-code + check-go: + runs-on: ubuntu-24.04 + steps: + - uses: actions/checkout@v5 + - name: check Go version + run: | + GO_VER=$(awk -F= '/^ARG\s+GO_VERSION=/ {print $2; quit}' Dockerfile) + echo "Go version used in Dockerfile: $GO_VER" + echo -n "Checking if Go $GO_VER is supported ... " + curl -fsSL https://go.dev/dl/?mode=json | jq -e 'any(.[]; .version | startswith("go'$GO_VER'"))' + echo -n "Checking if Go $GO_VER is tested against ... " + yq -e '.jobs.test.strategy.matrix.go-version | contains(["'$GO_VER'.x"])' .github/workflows/test.yml release: timeout-minutes: 30 @@ -253,6 +265,7 @@ jobs: all-done: needs: + - check-go - cfmt - codespell - commit From 653161f6d8ea8d6a0869f050766a683ab325b683 Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Wed, 22 Oct 2025 17:12:18 +0900 Subject: [PATCH 1116/1176] docs/spec-conformance.md: update for spec v1.3.0 ref: opencontainers/runtime-spec PR 1302 Signed-off-by: Akihiro Suda Signed-off-by: Aleksa Sarai --- docs/spec-conformance.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/spec-conformance.md b/docs/spec-conformance.md index 2eb7fc4e64b..220b7500cd7 100644 --- a/docs/spec-conformance.md +++ b/docs/spec-conformance.md @@ -1,6 +1,6 @@ # Spec conformance -This branch of runc implements the [OCI Runtime Spec v1.2.1](https://github.com/opencontainers/runtime-spec/tree/v1.2.1) +This branch of runc implements the [OCI Runtime Spec v1.3.0](https://github.com/opencontainers/runtime-spec/tree/v1.3.0) for the `linux` platform. The following features are not implemented yet: @@ -8,6 +8,8 @@ The following features are not implemented yet: Spec version | Feature | PR -------------|------------------------------------------------|---------------------------------------------------------- v1.1.0 | `SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV` | [#3862](https://github.com/opencontainers/runc/pull/3862) +v1.3.0 | Clarified interpretation of `linux.intelRdt` | [#3832](https://github.com/opencontainers/runc/pull/3832) +v1.3.0 | Fail on a failure of a poststart hook. | [#4348](https://github.com/opencontainers/runc/pull/4348) ## Architectures From bba7647d0914dd4ac2f86e42e52ee7f3ca7a20f1 Mon Sep 17 00:00:00 2001 From: lifubang Date: Sun, 16 Nov 2025 12:15:55 +0000 Subject: [PATCH 1117/1176] ci: ensure the cgroup(v1) parent always exists for rootless On some systems (e.g., AlmaLinux 8), systemd automatically removes cgroup paths when they become empty (i.e., contain no processes). To prevent this, we spawn a dummy process to pin the cgroup in place. Fix: https://github.com/opencontainers/runc/issues/5003 Signed-off-by: lifubang --- tests/rootless.sh | 63 +++++++++++++++++++++++++++++------------------ 1 file changed, 39 insertions(+), 24 deletions(-) diff --git a/tests/rootless.sh b/tests/rootless.sh index e54cf48bc2e..ad24f46455a 100755 --- a/tests/rootless.sh +++ b/tests/rootless.sh @@ -97,32 +97,9 @@ function cleanup() { ALL_CGROUPS=($(cut -d: -f2 "$CGROUP_MOUNT/$cg$CGROUP_PATH/cgroup.procs" || true + # We only need to allow write access to {cgroup.procs,tasks} and the + # directory. Rather than changing the owner entirely, we just change + # the group and then allow write access to the group (in order to + # further limit the possible DAC permissions that runc could use). + chown root:rootless "$CGROUP_MOUNT/$cg$CGROUP_PATH/"{,cgroup.procs,tasks} + chmod g+rwx "$CGROUP_MOUNT/$cg$CGROUP_PATH/"{,cgroup.procs,tasks} + # Due to cpuset's semantics we need to give extra permissions to allow + # for runc to set up the hierarchy. XXX: This really shouldn't be + # necessary, and might actually be a bug in our impl of cgroup + # handling. + [ "$cg" = "cpuset" ] && chown rootless:rootless "$CGROUP_MOUNT/$cg$CGROUP_PATH/cpuset."{cpus,mems} + # The following is required by "update rt period and runtime". + if [ "$cg" = "cpu" ]; then + if [[ -e "$CGROUP_MOUNT/$cg$CGROUP_PATH/cpu.rt_period_us" ]]; then + chown rootless:rootless "$CGROUP_MOUNT/$cg$CGROUP_PATH/cpu.rt_period_us" + fi + if [[ -e "$CGROUP_MOUNT/$cg$CGROUP_PATH/cpu.rt_runtime_us" ]]; then + chown rootless:rootless "$CGROUP_MOUNT/$cg$CGROUP_PATH/cpu.rt_runtime_us" + fi + fi + done fi } function disable_cgroup() { + if [ $CGROUP_PIN_PID -ne -1 ]; then + kill -9 "$CGROUP_PIN_PID" || true + wait "$CGROUP_PIN_PID" 2>/dev/null || true + CGROUP_PIN_PID=-1 + fi # Remove cgroups used in rootless containers. for cg in "${ALL_CGROUPS[@]}"; do [ -d "$CGROUP_MOUNT/$cg$CGROUP_PATH" ] && rmdir "$CGROUP_MOUNT/$cg$CGROUP_PATH" From 8f2a85dc94623d5cb1becd096548a344ba50f9f4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 20 Nov 2025 01:15:03 +0000 Subject: [PATCH 1118/1176] build(deps): bump github.com/godbus/dbus/v5 from 5.1.0 to 5.2.0 Bumps [github.com/godbus/dbus/v5](https://github.com/godbus/dbus) from 5.1.0 to 5.2.0. - [Release notes](https://github.com/godbus/dbus/releases) - [Commits](https://github.com/godbus/dbus/compare/v5.1.0...v5.2.0) --- updated-dependencies: - dependency-name: github.com/godbus/dbus/v5 dependency-version: 5.2.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 +- vendor/github.com/godbus/dbus/v5/.cirrus.yml | 11 + .../github.com/godbus/dbus/v5/.golangci.yml | 7 + vendor/github.com/godbus/dbus/v5/README.md | 5 +- vendor/github.com/godbus/dbus/v5/SECURITY.md | 13 ++ vendor/github.com/godbus/dbus/v5/auth.go | 46 ++-- .../godbus/dbus/v5/auth_default_other.go | 8 + .../godbus/dbus/v5/auth_default_windows.go | 5 + .../v5/{auth_sha1.go => auth_sha1_windows.go} | 20 ++ vendor/github.com/godbus/dbus/v5/call.go | 9 +- vendor/github.com/godbus/dbus/v5/conn.go | 81 +++---- .../github.com/godbus/dbus/v5/conn_darwin.go | 1 - .../github.com/godbus/dbus/v5/conn_other.go | 22 +- vendor/github.com/godbus/dbus/v5/conn_unix.go | 26 ++- .../github.com/godbus/dbus/v5/conn_windows.go | 2 - vendor/github.com/godbus/dbus/v5/dbus.go | 29 ++- vendor/github.com/godbus/dbus/v5/decoder.go | 197 +++++++++++++----- .../godbus/dbus/v5/default_handler.go | 32 ++- vendor/github.com/godbus/dbus/v5/doc.go | 43 ++-- vendor/github.com/godbus/dbus/v5/encoder.go | 4 +- vendor/github.com/godbus/dbus/v5/export.go | 93 +++++---- vendor/github.com/godbus/dbus/v5/homedir.go | 25 --- vendor/github.com/godbus/dbus/v5/match.go | 8 +- vendor/github.com/godbus/dbus/v5/message.go | 21 +- vendor/github.com/godbus/dbus/v5/object.go | 39 ++-- .../godbus/dbus/v5/sequential_handler.go | 2 +- .../godbus/dbus/v5/server_interfaces.go | 12 +- vendor/github.com/godbus/dbus/v5/sig.go | 17 +- .../godbus/dbus/v5/transport_nonce_tcp.go | 9 +- .../godbus/dbus/v5/transport_unix.go | 144 ++++++++++--- .../dbus/v5/transport_unixcred_freebsd.go | 38 ++-- vendor/github.com/godbus/dbus/v5/variant.go | 31 ++- .../godbus/dbus/v5/variant_lexer.go | 2 +- .../godbus/dbus/v5/variant_parser.go | 38 ++-- vendor/modules.txt | 4 +- 36 files changed, 662 insertions(+), 388 deletions(-) create mode 100644 vendor/github.com/godbus/dbus/v5/.cirrus.yml create mode 100644 vendor/github.com/godbus/dbus/v5/.golangci.yml create mode 100644 vendor/github.com/godbus/dbus/v5/SECURITY.md create mode 100644 vendor/github.com/godbus/dbus/v5/auth_default_other.go create mode 100644 vendor/github.com/godbus/dbus/v5/auth_default_windows.go rename vendor/github.com/godbus/dbus/v5/{auth_sha1.go => auth_sha1_windows.go} (81%) delete mode 100644 vendor/github.com/godbus/dbus/v5/homedir.go diff --git a/go.mod b/go.mod index df65bf5e83d..7bdc41e8ed2 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( github.com/coreos/go-systemd/v22 v22.6.0 github.com/cyphar/filepath-securejoin v0.6.0 github.com/docker/go-units v0.5.0 - github.com/godbus/dbus/v5 v5.1.0 + github.com/godbus/dbus/v5 v5.2.0 github.com/moby/sys/capability v0.4.0 github.com/moby/sys/mountinfo v0.7.2 github.com/moby/sys/user v0.4.0 diff --git a/go.sum b/go.sum index 01d49385ba1..9791096bd7c 100644 --- a/go.sum +++ b/go.sum @@ -20,8 +20,8 @@ github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4 github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= github.com/go-quicktest/qt v1.101.0 h1:O1K29Txy5P2OK0dGo59b7b0LR6wKfIhttaAhHUyn7eI= github.com/go-quicktest/qt v1.101.0/go.mod h1:14Bz/f7NwaXPtdYEgzsx46kqSxVwTbzVZsDC26tQJow= -github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk= -github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= +github.com/godbus/dbus/v5 v5.2.0 h1:3WexO+U+yg9T70v9FdHr9kCxYlazaAXUhx2VMkbfax8= +github.com/godbus/dbus/v5 v5.2.0/go.mod h1:3AAv2+hPq5rdnr5txxxRwiGjPXamgoIHgz9FPBfOp3c= github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= github.com/josharian/native v1.1.0 h1:uuaP0hAbW7Y4l0ZRQ6C9zfb7Mg1mbFKry/xzDAfmtLA= diff --git a/vendor/github.com/godbus/dbus/v5/.cirrus.yml b/vendor/github.com/godbus/dbus/v5/.cirrus.yml new file mode 100644 index 00000000000..0c9b365d7ef --- /dev/null +++ b/vendor/github.com/godbus/dbus/v5/.cirrus.yml @@ -0,0 +1,11 @@ +# See https://cirrus-ci.org/guide/FreeBSD/ +freebsd_instance: + image_family: freebsd-14-2 + +task: + name: Test on FreeBSD + install_script: pkg install -y go122 dbus + test_script: | + /usr/local/etc/rc.d/dbus onestart && \ + eval `dbus-launch --sh-syntax` && \ + go122 test -v ./... diff --git a/vendor/github.com/godbus/dbus/v5/.golangci.yml b/vendor/github.com/godbus/dbus/v5/.golangci.yml new file mode 100644 index 00000000000..f2d7910d4c2 --- /dev/null +++ b/vendor/github.com/godbus/dbus/v5/.golangci.yml @@ -0,0 +1,7 @@ +# For documentation, see https://golangci-lint.run/usage/configuration/ + +linters: + enable: + - gofumpt + - unconvert + - unparam diff --git a/vendor/github.com/godbus/dbus/v5/README.md b/vendor/github.com/godbus/dbus/v5/README.md index 5c24125838d..da848a98dc3 100644 --- a/vendor/github.com/godbus/dbus/v5/README.md +++ b/vendor/github.com/godbus/dbus/v5/README.md @@ -14,7 +14,7 @@ D-Bus message bus system. ### Installation -This packages requires Go 1.12 or later. It can be installed by running the command below: +This packages requires Go 1.20 or later. It can be installed by running the command below: ``` go get github.com/godbus/dbus/v5 @@ -23,7 +23,7 @@ go get github.com/godbus/dbus/v5 ### Usage The complete package documentation and some simple examples are available at -[godoc.org](http://godoc.org/github.com/godbus/dbus). Also, the +[pkg.go.dev](https://pkg.go.dev/github.com/godbus/dbus/v5). Also, the [_examples](https://github.com/godbus/dbus/tree/master/_examples) directory gives a short overview over the basic usage. @@ -34,6 +34,7 @@ gives a short overview over the basic usage. - [iwd](https://github.com/shibumi/iwd) go bindings for the internet wireless daemon "iwd". - [notify](https://github.com/esiqveland/notify) provides desktop notifications over dbus into a library. - [playerbm](https://github.com/altdesktop/playerbm) a bookmark utility for media players. +- [rpic](https://github.com/stephenhu/rpic) lightweight web app and RESTful API for managing a Raspberry Pi Please note that the API is considered unstable for now and may change without further notice. diff --git a/vendor/github.com/godbus/dbus/v5/SECURITY.md b/vendor/github.com/godbus/dbus/v5/SECURITY.md new file mode 100644 index 00000000000..7d262fbbfcf --- /dev/null +++ b/vendor/github.com/godbus/dbus/v5/SECURITY.md @@ -0,0 +1,13 @@ +# Security Policy + +## Supported Versions + +Security updates are applied only to the latest release. + +## Reporting a Vulnerability + +If you have discovered a security vulnerability in this project, please report it privately. **Do not disclose it as a public issue.** This gives us time to work with you to fix the issue before public exposure, reducing the chance that the exploit will be used before a patch is released. + +Please disclose it at [security advisory](https://github.com/godbus/dbus/security/advisories/new). + +This project is maintained by a team of volunteers on a reasonable-effort basis. As such, vulnerabilities will be disclosed in a best effort base. diff --git a/vendor/github.com/godbus/dbus/v5/auth.go b/vendor/github.com/godbus/dbus/v5/auth.go index 0f3b252c070..5924690b855 100644 --- a/vendor/github.com/godbus/dbus/v5/auth.go +++ b/vendor/github.com/godbus/dbus/v5/auth.go @@ -54,7 +54,7 @@ type Auth interface { func (conn *Conn) Auth(methods []Auth) error { if methods == nil { uid := strconv.Itoa(os.Geteuid()) - methods = []Auth{AuthExternal(uid), AuthCookieSha1(uid, getHomeDir())} + methods = getDefaultAuthMethods(uid) } in := bufio.NewReader(conn.transport) err := conn.transport.SendNullByte() @@ -83,9 +83,9 @@ func (conn *Conn) Auth(methods []Auth) error { } switch status { case AuthOk: - err, ok = conn.tryAuth(m, waitingForOk, in) + ok, err = conn.tryAuth(m, waitingForOk, in) case AuthContinue: - err, ok = conn.tryAuth(m, waitingForData, in) + ok, err = conn.tryAuth(m, waitingForData, in) default: panic("dbus: invalid authentication status") } @@ -125,21 +125,21 @@ func (conn *Conn) Auth(methods []Auth) error { } // tryAuth tries to authenticate with m as the mechanism, using state as the -// initial authState and in for reading input. It returns (nil, true) on -// success, (nil, false) on a REJECTED and (someErr, false) if some other +// initial authState and in for reading input. It returns (true, nil) on +// success, (false, nil) on a REJECTED and (false, someErr) if some other // error occurred. -func (conn *Conn) tryAuth(m Auth, state authState, in *bufio.Reader) (error, bool) { +func (conn *Conn) tryAuth(m Auth, state authState, in *bufio.Reader) (bool, error) { for { s, err := authReadLine(in) if err != nil { - return err, false + return false, err } switch { case state == waitingForData && string(s[0]) == "DATA": if len(s) != 2 { err = authWriteLine(conn.transport, []byte("ERROR")) if err != nil { - return err, false + return false, err } continue } @@ -149,7 +149,7 @@ func (conn *Conn) tryAuth(m Auth, state authState, in *bufio.Reader) (error, boo if len(data) != 0 { err = authWriteLine(conn.transport, []byte("DATA"), data) if err != nil { - return err, false + return false, err } } if status == AuthOk { @@ -158,66 +158,66 @@ func (conn *Conn) tryAuth(m Auth, state authState, in *bufio.Reader) (error, boo case AuthError: err = authWriteLine(conn.transport, []byte("ERROR")) if err != nil { - return err, false + return false, err } } case state == waitingForData && string(s[0]) == "REJECTED": - return nil, false + return false, nil case state == waitingForData && string(s[0]) == "ERROR": err = authWriteLine(conn.transport, []byte("CANCEL")) if err != nil { - return err, false + return false, err } state = waitingForReject case state == waitingForData && string(s[0]) == "OK": if len(s) != 2 { err = authWriteLine(conn.transport, []byte("CANCEL")) if err != nil { - return err, false + return false, err } state = waitingForReject } else { conn.uuid = string(s[1]) - return nil, true + return true, nil } case state == waitingForData: err = authWriteLine(conn.transport, []byte("ERROR")) if err != nil { - return err, false + return false, err } case state == waitingForOk && string(s[0]) == "OK": if len(s) != 2 { err = authWriteLine(conn.transport, []byte("CANCEL")) if err != nil { - return err, false + return false, err } state = waitingForReject } else { conn.uuid = string(s[1]) - return nil, true + return true, nil } case state == waitingForOk && string(s[0]) == "DATA": err = authWriteLine(conn.transport, []byte("DATA")) if err != nil { - return err, false + return false, nil } case state == waitingForOk && string(s[0]) == "REJECTED": - return nil, false + return false, nil case state == waitingForOk && string(s[0]) == "ERROR": err = authWriteLine(conn.transport, []byte("CANCEL")) if err != nil { - return err, false + return false, err } state = waitingForReject case state == waitingForOk: err = authWriteLine(conn.transport, []byte("ERROR")) if err != nil { - return err, false + return false, err } case state == waitingForReject && string(s[0]) == "REJECTED": - return nil, false + return false, nil case state == waitingForReject: - return errors.New("dbus: authentication protocol error"), false + return false, errors.New("dbus: authentication protocol error") default: panic("dbus: invalid auth state") } diff --git a/vendor/github.com/godbus/dbus/v5/auth_default_other.go b/vendor/github.com/godbus/dbus/v5/auth_default_other.go new file mode 100644 index 00000000000..64c911dd349 --- /dev/null +++ b/vendor/github.com/godbus/dbus/v5/auth_default_other.go @@ -0,0 +1,8 @@ +//go:build !windows +// +build !windows + +package dbus + +func getDefaultAuthMethods(user string) []Auth { + return []Auth{AuthExternal(user)} +} diff --git a/vendor/github.com/godbus/dbus/v5/auth_default_windows.go b/vendor/github.com/godbus/dbus/v5/auth_default_windows.go new file mode 100644 index 00000000000..2289850a8e7 --- /dev/null +++ b/vendor/github.com/godbus/dbus/v5/auth_default_windows.go @@ -0,0 +1,5 @@ +package dbus + +func getDefaultAuthMethods(user string) []Auth { + return []Auth{AuthCookieSha1(user, getHomeDir())} +} diff --git a/vendor/github.com/godbus/dbus/v5/auth_sha1.go b/vendor/github.com/godbus/dbus/v5/auth_sha1_windows.go similarity index 81% rename from vendor/github.com/godbus/dbus/v5/auth_sha1.go rename to vendor/github.com/godbus/dbus/v5/auth_sha1_windows.go index 80286700b6d..fecc18a1e93 100644 --- a/vendor/github.com/godbus/dbus/v5/auth_sha1.go +++ b/vendor/github.com/godbus/dbus/v5/auth_sha1_windows.go @@ -7,6 +7,7 @@ import ( "crypto/sha1" "encoding/hex" "os" + "os/user" ) // AuthCookieSha1 returns an Auth that authenticates as the given user with the @@ -100,3 +101,22 @@ func (a authCookieSha1) generateChallenge() []byte { hex.Encode(enc, b) return enc } + +// Get returns the home directory of the current user, which is usually the +// value of HOME environment variable. In case it is not set or empty, os/user +// package is used. +// +// If linking statically with cgo enabled against glibc, make sure the +// osusergo build tag is used. +// +// If needing to do nss lookups, do not disable cgo or set osusergo. +func getHomeDir() string { + homeDir := os.Getenv("HOME") + if homeDir != "" { + return homeDir + } + if u, err := user.Current(); err == nil { + return u.HomeDir + } + return "/" +} diff --git a/vendor/github.com/godbus/dbus/v5/call.go b/vendor/github.com/godbus/dbus/v5/call.go index b06b063580f..d16171ab91d 100644 --- a/vendor/github.com/godbus/dbus/v5/call.go +++ b/vendor/github.com/godbus/dbus/v5/call.go @@ -2,17 +2,14 @@ package dbus import ( "context" - "errors" ) -var errSignature = errors.New("dbus: mismatched signature") - // Call represents a pending or completed method call. type Call struct { Destination string Path ObjectPath Method string - Args []interface{} + Args []any // Strobes when the call is complete. Done chan *Call @@ -22,7 +19,7 @@ type Call struct { Err error // Holds the response once the call is done. - Body []interface{} + Body []any // ResponseSequence stores the sequence number of the DBus message containing // the call response (or error). This can be compared to the sequence number @@ -55,7 +52,7 @@ func (c *Call) ContextCancel() { // Store stores the body of the reply into the provided pointers. It returns // an error if the signatures of the body and retvalues don't match, or if // the error status is not nil. -func (c *Call) Store(retvalues ...interface{}) error { +func (c *Call) Store(retvalues ...any) error { if c.Err != nil { return c.Err } diff --git a/vendor/github.com/godbus/dbus/v5/conn.go b/vendor/github.com/godbus/dbus/v5/conn.go index 69978ea26ab..4551be6305d 100644 --- a/vendor/github.com/godbus/dbus/v5/conn.go +++ b/vendor/github.com/godbus/dbus/v5/conn.go @@ -3,6 +3,7 @@ package dbus import ( "context" "errors" + "fmt" "io" "os" "strings" @@ -76,7 +77,6 @@ func SessionBus() (conn *Conn, err error) { func getSessionBusAddress(autolaunch bool) (string, error) { if address := os.Getenv("DBUS_SESSION_BUS_ADDRESS"); address != "" && address != "autolaunch:" { return address, nil - } else if address := tryDiscoverDbusSessionBusAddress(); address != "" { os.Setenv("DBUS_SESSION_BUS_ADDRESS", address) return address, nil @@ -97,7 +97,7 @@ func SessionBusPrivate(opts ...ConnOption) (*Conn, error) { return Dial(address, opts...) } -// SessionBusPrivate returns a new private connection to the session bus. If +// SessionBusPrivateNoAutoStartup returns a new private connection to the session bus. If // the session bus is not already open, do not attempt to launch it. func SessionBusPrivateNoAutoStartup(opts ...ConnOption) (*Conn, error) { address, err := getSessionBusAddress(false) @@ -108,7 +108,7 @@ func SessionBusPrivateNoAutoStartup(opts ...ConnOption) (*Conn, error) { return Dial(address, opts...) } -// SessionBusPrivate returns a new private connection to the session bus. +// SessionBusPrivateHandler returns a new private connection to the session bus. // // Deprecated: use SessionBusPrivate with options instead. func SessionBusPrivateHandler(handler Handler, signalHandler SignalHandler) (*Conn, error) { @@ -485,7 +485,7 @@ func (conn *Conn) Object(dest string, path ObjectPath) BusObject { return &Object{conn, dest, path} } -func (conn *Conn) sendMessageAndIfClosed(msg *Message, ifClosed func()) { +func (conn *Conn) sendMessageAndIfClosed(msg *Message, ifClosed func()) error { if msg.serial == 0 { msg.serial = conn.getSerial() } @@ -498,14 +498,29 @@ func (conn *Conn) sendMessageAndIfClosed(msg *Message, ifClosed func()) { } else if msg.Type != TypeMethodCall { conn.serialGen.RetireSerial(msg.serial) } + return err +} + +func isEncodingError(err error) bool { + switch err.(type) { + case FormatError: + return true + case InvalidMessageError: + return true + } + return false } func (conn *Conn) handleSendError(msg *Message, err error) { if msg.Type == TypeMethodCall { conn.calls.handleSendError(msg, err) } else if msg.Type == TypeMethodReply { - if _, ok := err.(FormatError); ok { - conn.sendError(err, msg.Headers[FieldDestination].value.(string), msg.Headers[FieldReplySerial].value.(uint32)) + if isEncodingError(err) { + // Make sure that the caller gets some kind of error response if + // the application code tried to respond, but the resulting message + // was malformed in the end + returnedErr := fmt.Errorf("destination tried to respond with invalid message (%w)", err) + conn.sendError(returnedErr, msg.Headers[FieldDestination].value.(string), msg.Headers[FieldReplySerial].value.(uint32)) } } conn.serialGen.RetireSerial(msg.serial) @@ -560,7 +575,8 @@ func (conn *Conn) send(ctx context.Context, msg *Message, ch chan *Call) *Call { <-ctx.Done() conn.calls.handleSendError(msg, ctx.Err()) }() - conn.sendMessageAndIfClosed(msg, func() { + // error is handled in handleSendError + _ = conn.sendMessageAndIfClosed(msg, func() { conn.calls.handleSendError(msg, ErrClosed) canceler() }) @@ -568,7 +584,8 @@ func (conn *Conn) send(ctx context.Context, msg *Message, ch chan *Call) *Call { canceler() call = &Call{Err: nil, Done: ch} ch <- call - conn.sendMessageAndIfClosed(msg, func() { + // error is handled in handleSendError + _ = conn.sendMessageAndIfClosed(msg, func() { call = &Call{Err: ErrClosed} }) } @@ -602,12 +619,13 @@ func (conn *Conn) sendError(err error, dest string, serial uint32) { if len(e.Body) > 0 { msg.Headers[FieldSignature] = MakeVariant(SignatureOf(e.Body...)) } - conn.sendMessageAndIfClosed(msg, nil) + // not much we can do to handle a possible error here + _ = conn.sendMessageAndIfClosed(msg, nil) } // sendReply creates a method reply message corresponding to the parameters and // sends it to conn.out. -func (conn *Conn) sendReply(dest string, serial uint32, values ...interface{}) { +func (conn *Conn) sendReply(dest string, serial uint32, values ...any) { msg := new(Message) msg.Type = TypeMethodReply msg.Headers = make(map[HeaderField]Variant) @@ -619,7 +637,8 @@ func (conn *Conn) sendReply(dest string, serial uint32, values ...interface{}) { if len(values) > 0 { msg.Headers[FieldSignature] = MakeVariant(SignatureOf(values...)) } - conn.sendMessageAndIfClosed(msg, nil) + // not much we can do to handle a possible error here + _ = conn.sendMessageAndIfClosed(msg, nil) } // AddMatchSignal registers the given match rule to receive broadcast @@ -630,7 +649,7 @@ func (conn *Conn) AddMatchSignal(options ...MatchOption) error { // AddMatchSignalContext acts like AddMatchSignal but takes a context. func (conn *Conn) AddMatchSignalContext(ctx context.Context, options ...MatchOption) error { - options = append([]MatchOption{withMatchType("signal")}, options...) + options = append([]MatchOption{withMatchTypeSignal()}, options...) return conn.busObj.CallWithContext( ctx, "org.freedesktop.DBus.AddMatch", 0, @@ -645,7 +664,7 @@ func (conn *Conn) RemoveMatchSignal(options ...MatchOption) error { // RemoveMatchSignalContext acts like RemoveMatchSignal but takes a context. func (conn *Conn) RemoveMatchSignalContext(ctx context.Context, options ...MatchOption) error { - options = append([]MatchOption{withMatchType("signal")}, options...) + options = append([]MatchOption{withMatchTypeSignal()}, options...) return conn.busObj.CallWithContext( ctx, "org.freedesktop.DBus.RemoveMatch", 0, @@ -694,10 +713,10 @@ func (conn *Conn) SupportsUnixFDs() bool { // Error represents a D-Bus message of type Error. type Error struct { Name string - Body []interface{} + Body []any } -func NewError(name string, body []interface{}) *Error { +func NewError(name string, body []any) *Error { return &Error{name, body} } @@ -717,7 +736,7 @@ type Signal struct { Sender string Path ObjectPath Name string - Body []interface{} + Body []any Sequence Sequence } @@ -740,9 +759,7 @@ type transport interface { SendMessage(*Message) error } -var ( - transports = make(map[string]func(string) (transport, error)) -) +var transports = make(map[string]func(string) (transport, error)) func getTransport(address string) (transport, error) { var err error @@ -770,10 +787,10 @@ func getTransport(address string) (transport, error) { // getKey gets a key from a the list of keys. Returns "" on error / not found... func getKey(s, key string) string { - for _, keyEqualsValue := range strings.Split(s, ",") { - keyValue := strings.SplitN(keyEqualsValue, "=", 2) - if len(keyValue) == 2 && keyValue[0] == key { - val, err := UnescapeBusAddressValue(keyValue[1]) + keyEq := key + "=" + for _, kv := range strings.Split(s, ",") { + if v, ok := strings.CutPrefix(kv, keyEq); ok { + val, err := UnescapeBusAddressValue(v) if err != nil { // No way to return an error. return "" @@ -853,16 +870,19 @@ type nameTracker struct { func newNameTracker() *nameTracker { return &nameTracker{names: map[string]struct{}{}} } + func (tracker *nameTracker) acquireUniqueConnectionName(name string) { tracker.lck.Lock() defer tracker.lck.Unlock() tracker.unique = name } + func (tracker *nameTracker) acquireName(name string) { tracker.lck.Lock() defer tracker.lck.Unlock() tracker.names[name] = struct{}{} } + func (tracker *nameTracker) loseName(name string) { tracker.lck.Lock() defer tracker.lck.Unlock() @@ -874,12 +894,14 @@ func (tracker *nameTracker) uniqueNameIsKnown() bool { defer tracker.lck.RUnlock() return tracker.unique != "" } + func (tracker *nameTracker) isKnownName(name string) bool { tracker.lck.RLock() defer tracker.lck.RUnlock() _, ok := tracker.names[name] return ok || name == tracker.unique } + func (tracker *nameTracker) listKnownNames() []string { tracker.lck.RLock() defer tracker.lck.RUnlock() @@ -941,18 +963,7 @@ func (tracker *callTracker) handleSendError(msg *Message, err error) { } } -// finalize was the only func that did not strobe Done -func (tracker *callTracker) finalize(sn uint32) { - tracker.lck.Lock() - defer tracker.lck.Unlock() - c, ok := tracker.calls[sn] - if ok { - delete(tracker.calls, sn) - c.ContextCancel() - } -} - -func (tracker *callTracker) finalizeWithBody(sn uint32, sequence Sequence, body []interface{}) { +func (tracker *callTracker) finalizeWithBody(sn uint32, sequence Sequence, body []any) { tracker.lck.Lock() c, ok := tracker.calls[sn] if ok { diff --git a/vendor/github.com/godbus/dbus/v5/conn_darwin.go b/vendor/github.com/godbus/dbus/v5/conn_darwin.go index 6e2e4020216..cb2325a01b4 100644 --- a/vendor/github.com/godbus/dbus/v5/conn_darwin.go +++ b/vendor/github.com/godbus/dbus/v5/conn_darwin.go @@ -12,7 +12,6 @@ const defaultSystemBusAddress = "unix:path=/opt/local/var/run/dbus/system_bus_so func getSessionBusPlatformAddress() (string, error) { cmd := exec.Command("launchctl", "getenv", "DBUS_LAUNCHD_SESSION_BUS_SOCKET") b, err := cmd.CombinedOutput() - if err != nil { return "", err } diff --git a/vendor/github.com/godbus/dbus/v5/conn_other.go b/vendor/github.com/godbus/dbus/v5/conn_other.go index 90289ca85a2..9c1284c2745 100644 --- a/vendor/github.com/godbus/dbus/v5/conn_other.go +++ b/vendor/github.com/godbus/dbus/v5/conn_other.go @@ -1,3 +1,4 @@ +//go:build !darwin // +build !darwin package dbus @@ -6,7 +7,6 @@ import ( "bytes" "errors" "fmt" - "io/ioutil" "os" "os/exec" "os/user" @@ -19,7 +19,6 @@ var execCommand = exec.Command func getSessionBusPlatformAddress() (string, error) { cmd := execCommand("dbus-launch") b, err := cmd.CombinedOutput() - if err != nil { return "", err } @@ -42,10 +41,10 @@ func getSessionBusPlatformAddress() (string, error) { // It tries different techniques employed by different operating systems, // returning the first valid address it finds, or an empty string. // -// * /run/user//bus if this exists, it *is* the bus socket. present on -// Ubuntu 18.04 -// * /run/user//dbus-session: if this exists, it can be parsed for the bus -// address. present on Ubuntu 16.04 +// - /run/user//bus if this exists, it *is* the bus socket. present on +// Ubuntu 18.04 +// - /run/user//dbus-session: if this exists, it can be parsed for the bus +// address. present on Ubuntu 16.04 // // See https://dbus.freedesktop.org/doc/dbus-launch.1.html func tryDiscoverDbusSessionBusAddress() string { @@ -61,14 +60,9 @@ func tryDiscoverDbusSessionBusAddress() string { // text file // containing the address of the socket, e.g.: // DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-E1c73yNqrG - if f, err := ioutil.ReadFile(runUserSessionDbusFile); err == nil { - fileContent := string(f) - - prefix := "DBUS_SESSION_BUS_ADDRESS=" - - if strings.HasPrefix(fileContent, prefix) { - address := strings.TrimRight(strings.TrimPrefix(fileContent, prefix), "\n\r") - return address + if f, err := os.ReadFile(runUserSessionDbusFile); err == nil { + if addr, ok := strings.CutPrefix(string(f), "DBUS_SESSION_BUS_ADDRESS="); ok { + return strings.TrimRight(addr, "\n\r") } } } diff --git a/vendor/github.com/godbus/dbus/v5/conn_unix.go b/vendor/github.com/godbus/dbus/v5/conn_unix.go index 58aee7d2af5..84e1dc652dd 100644 --- a/vendor/github.com/godbus/dbus/v5/conn_unix.go +++ b/vendor/github.com/godbus/dbus/v5/conn_unix.go @@ -1,8 +1,10 @@ -//+build !windows,!solaris,!darwin +//go:build !windows && !solaris && !darwin +// +build !windows,!solaris,!darwin package dbus import ( + "net" "os" ) @@ -15,3 +17,25 @@ func getSystemBusPlatformAddress() string { } return defaultSystemBusAddress } + +// DialUnix establishes a new private connection to the message bus specified by UnixConn. +func DialUnix(conn *net.UnixConn, opts ...ConnOption) (*Conn, error) { + tr := newUnixTransportFromConn(conn) + return newConn(tr, opts...) +} + +func ConnectUnix(uconn *net.UnixConn, opts ...ConnOption) (*Conn, error) { + conn, err := DialUnix(uconn, opts...) + if err != nil { + return nil, err + } + if err = conn.Auth(conn.auth); err != nil { + _ = conn.Close() + return nil, err + } + if err = conn.Hello(); err != nil { + _ = conn.Close() + return nil, err + } + return conn, nil +} diff --git a/vendor/github.com/godbus/dbus/v5/conn_windows.go b/vendor/github.com/godbus/dbus/v5/conn_windows.go index 4291e4519cc..fa839d2a228 100644 --- a/vendor/github.com/godbus/dbus/v5/conn_windows.go +++ b/vendor/github.com/godbus/dbus/v5/conn_windows.go @@ -1,5 +1,3 @@ -//+build windows - package dbus import "os" diff --git a/vendor/github.com/godbus/dbus/v5/dbus.go b/vendor/github.com/godbus/dbus/v5/dbus.go index c188d104854..d3622d80794 100644 --- a/vendor/github.com/godbus/dbus/v5/dbus.go +++ b/vendor/github.com/godbus/dbus/v5/dbus.go @@ -10,11 +10,8 @@ import ( var ( byteType = reflect.TypeOf(byte(0)) boolType = reflect.TypeOf(false) - uint8Type = reflect.TypeOf(uint8(0)) int16Type = reflect.TypeOf(int16(0)) uint16Type = reflect.TypeOf(uint16(0)) - intType = reflect.TypeOf(int(0)) - uintType = reflect.TypeOf(uint(0)) int32Type = reflect.TypeOf(int32(0)) uint32Type = reflect.TypeOf(uint32(0)) int64Type = reflect.TypeOf(int64(0)) @@ -24,8 +21,8 @@ var ( signatureType = reflect.TypeOf(Signature{""}) objectPathType = reflect.TypeOf(ObjectPath("")) variantType = reflect.TypeOf(Variant{Signature{""}, nil}) - interfacesType = reflect.TypeOf([]interface{}{}) - interfaceType = reflect.TypeOf((*interface{})(nil)).Elem() + interfacesType = reflect.TypeOf([]any{}) + interfaceType = reflect.TypeOf((*any)(nil)).Elem() unixFDType = reflect.TypeOf(UnixFD(0)) unixFDIndexType = reflect.TypeOf(UnixFDIndex(0)) errType = reflect.TypeOf((*error)(nil)).Elem() @@ -45,7 +42,7 @@ func (e InvalidTypeError) Error() string { // pointers. It converts slices of interfaces from src to corresponding structs // in dest. An error is returned if the lengths of src and dest or the types of // their elements don't match. -func Store(src []interface{}, dest ...interface{}) error { +func Store(src []any, dest ...any) error { if len(src) != len(dest) { return errors.New("dbus.Store: length mismatch") } @@ -58,7 +55,7 @@ func Store(src []interface{}, dest ...interface{}) error { return nil } -func storeInterfaces(src, dest interface{}) error { +func storeInterfaces(src, dest any) error { return store(reflect.ValueOf(dest), reflect.ValueOf(src)) } @@ -85,7 +82,7 @@ func storeBase(dest, src reflect.Value) error { func setDest(dest, src reflect.Value) error { if !isVariant(src.Type()) && isVariant(dest.Type()) { - //special conversion for dbus.Variant + // special conversion for dbus.Variant dest.Set(reflect.ValueOf(MakeVariant(src.Interface()))) return nil } @@ -166,8 +163,8 @@ func storeMapIntoVariant(dest, src reflect.Value) error { func storeMapIntoInterface(dest, src reflect.Value) error { var dv reflect.Value if isVariant(src.Type().Elem()) { - //Convert variants to interface{} recursively when converting - //to interface{} + // Convert variants to interface{} recursively when converting + // to interface{} dv = reflect.MakeMap( reflect.MapOf(src.Type().Key(), interfaceType)) } else { @@ -200,7 +197,7 @@ func storeMapIntoMap(dest, src reflect.Value) error { func storeSlice(dest, src reflect.Value) error { switch { case src.Type() == interfacesType && dest.Kind() == reflect.Struct: - //The decoder always decodes structs as slices of interface{} + // The decoder always decodes structs as slices of interface{} return storeStruct(dest, src) case !kindsAreCompatible(dest.Type(), src.Type()): return fmt.Errorf( @@ -225,7 +222,7 @@ func storeStruct(dest, src reflect.Value) error { if isVariant(dest.Type()) { return storeBase(dest, src) } - dval := make([]interface{}, 0, dest.NumField()) + dval := make([]any, 0, dest.NumField()) dtype := dest.Type() for i := 0; i < dest.NumField(); i++ { field := dest.Field(i) @@ -245,7 +242,7 @@ func storeStruct(dest, src reflect.Value) error { "enough fields need: %d have: %d", src.Len(), len(dval)) } - return Store(src.Interface().([]interface{}), dval...) + return Store(src.Interface().([]any), dval...) } func storeSliceIntoVariant(dest, src reflect.Value) error { @@ -260,8 +257,8 @@ func storeSliceIntoVariant(dest, src reflect.Value) error { func storeSliceIntoInterface(dest, src reflect.Value) error { var dv reflect.Value if isVariant(src.Type().Elem()) { - //Convert variants to interface{} recursively when converting - //to interface{} + // Convert variants to interface{} recursively when converting + // to interface{} dv = reflect.MakeSlice(reflect.SliceOf(interfaceType), src.Len(), src.Cap()) } else { @@ -334,7 +331,7 @@ func (o ObjectPath) IsValid() bool { } // A UnixFD is a Unix file descriptor sent over the wire. See the package-level -// documentation for more information about Unix file descriptor passsing. +// documentation for more information about Unix file descriptor passing. type UnixFD int32 // A UnixFDIndex is the representation of a Unix file descriptor in a message. diff --git a/vendor/github.com/godbus/dbus/v5/decoder.go b/vendor/github.com/godbus/dbus/v5/decoder.go index 89bfed9d1a1..1e6198f5bf1 100644 --- a/vendor/github.com/godbus/dbus/v5/decoder.go +++ b/vendor/github.com/godbus/dbus/v5/decoder.go @@ -4,6 +4,7 @@ import ( "encoding/binary" "io" "reflect" + "unsafe" ) type decoder struct { @@ -11,6 +12,12 @@ type decoder struct { order binary.ByteOrder pos int fds []int + + // The following fields are used to reduce memory allocs. + conv *stringConverter + buf []byte + d float64 + y [1]byte } // newDecoder returns a new decoder that reads values from in. The input is @@ -20,29 +27,39 @@ func newDecoder(in io.Reader, order binary.ByteOrder, fds []int) *decoder { dec.in = in dec.order = order dec.fds = fds + dec.conv = newStringConverter(stringConverterBufferSize) return dec } +// Reset resets the decoder to be reading from in. +func (dec *decoder) Reset(in io.Reader, order binary.ByteOrder, fds []int) { + dec.in = in + dec.order = order + dec.pos = 0 + dec.fds = fds + + if dec.conv == nil { + dec.conv = newStringConverter(stringConverterBufferSize) + } +} + // align aligns the input to the given boundary and panics on error. func (dec *decoder) align(n int) { if dec.pos%n != 0 { newpos := (dec.pos + n - 1) & ^(n - 1) - empty := make([]byte, newpos-dec.pos) - if _, err := io.ReadFull(dec.in, empty); err != nil { - panic(err) - } + dec.read2buf(newpos - dec.pos) dec.pos = newpos } } // Calls binary.Read(dec.in, dec.order, v) and panics on read errors. -func (dec *decoder) binread(v interface{}) { +func (dec *decoder) binread(v any) { if err := binary.Read(dec.in, dec.order, v); err != nil { panic(err) } } -func (dec *decoder) Decode(sig Signature) (vs []interface{}, err error) { +func (dec *decoder) Decode(sig Signature) (vs []any, err error) { defer func() { var ok bool v := recover() @@ -52,7 +69,7 @@ func (dec *decoder) Decode(sig Signature) (vs []interface{}, err error) { } } }() - vs = make([]interface{}, 0) + vs = make([]any, 0) s := sig.str for s != "" { err, rem := validSingle(s, &depthCounter{}) @@ -66,79 +83,89 @@ func (dec *decoder) Decode(sig Signature) (vs []interface{}, err error) { return vs, nil } -func (dec *decoder) decode(s string, depth int) interface{} { +// read2buf reads exactly n bytes from the reader dec.in into the buffer dec.buf +// to reduce memory allocs. +// The buffer grows automatically. +func (dec *decoder) read2buf(n int) { + if cap(dec.buf) < n { + dec.buf = make([]byte, n) + } else { + dec.buf = dec.buf[:n] + } + if _, err := io.ReadFull(dec.in, dec.buf); err != nil { + panic(err) + } +} + +// decodeU decodes uint32 obtained from the reader dec.in. +// The goal is to reduce memory allocs. +func (dec *decoder) decodeU() uint32 { + dec.align(4) + dec.read2buf(4) + dec.pos += 4 + return dec.order.Uint32(dec.buf) +} + +func (dec *decoder) decode(s string, depth int) any { dec.align(alignment(typeFor(s))) switch s[0] { case 'y': - var b [1]byte - if _, err := dec.in.Read(b[:]); err != nil { + if _, err := dec.in.Read(dec.y[:]); err != nil { panic(err) } dec.pos++ - return b[0] + return dec.y[0] case 'b': - i := dec.decode("u", depth).(uint32) - switch { - case i == 0: + switch dec.decodeU() { + case 0: return false - case i == 1: + case 1: return true default: panic(FormatError("invalid value for boolean")) } case 'n': - var i int16 - dec.binread(&i) + dec.read2buf(2) dec.pos += 2 - return i + return int16(dec.order.Uint16(dec.buf)) case 'i': - var i int32 - dec.binread(&i) + dec.read2buf(4) dec.pos += 4 - return i + return int32(dec.order.Uint32(dec.buf)) case 'x': - var i int64 - dec.binread(&i) + dec.read2buf(8) dec.pos += 8 - return i + return int64(dec.order.Uint64(dec.buf)) case 'q': - var i uint16 - dec.binread(&i) + dec.read2buf(2) dec.pos += 2 - return i + return dec.order.Uint16(dec.buf) case 'u': - var i uint32 - dec.binread(&i) - dec.pos += 4 - return i + return dec.decodeU() case 't': - var i uint64 - dec.binread(&i) + dec.read2buf(8) dec.pos += 8 - return i + return dec.order.Uint64(dec.buf) case 'd': - var f float64 - dec.binread(&f) + dec.binread(&dec.d) dec.pos += 8 - return f + return dec.d case 's': - length := dec.decode("u", depth).(uint32) - b := make([]byte, int(length)+1) - if _, err := io.ReadFull(dec.in, b); err != nil { - panic(err) - } - dec.pos += int(length) + 1 - return string(b[:len(b)-1]) + length := dec.decodeU() + p := int(length) + 1 + dec.read2buf(p) + dec.pos += p + return dec.conv.String(dec.buf[:len(dec.buf)-1]) case 'o': return ObjectPath(dec.decode("s", depth).(string)) case 'g': length := dec.decode("y", depth).(byte) - b := make([]byte, int(length)+1) - if _, err := io.ReadFull(dec.in, b); err != nil { - panic(err) - } - dec.pos += int(length) + 1 - sig, err := ParseSignature(string(b[:len(b)-1])) + p := int(length) + 1 + dec.read2buf(p) + dec.pos += p + sig, err := ParseSignature( + dec.conv.String(dec.buf[:len(dec.buf)-1]), + ) if err != nil { panic(err) } @@ -163,7 +190,7 @@ func (dec *decoder) decode(s string, depth int) interface{} { variant.value = dec.decode(sig.str, depth+1) return variant case 'h': - idx := dec.decode("u", depth).(uint32) + idx := dec.decodeU() if int(idx) < len(dec.fds) { return UnixFD(dec.fds[idx]) } @@ -176,7 +203,7 @@ func (dec *decoder) decode(s string, depth int) interface{} { if depth >= 63 { panic(FormatError("input exceeds container depth limit")) } - length := dec.decode("u", depth).(uint32) + length := dec.decodeU() // Even for empty maps, the correct padding must be included dec.align(8) spos := dec.pos @@ -195,7 +222,7 @@ func (dec *decoder) decode(s string, depth int) interface{} { panic(FormatError("input exceeds container depth limit")) } sig := s[1:] - length := dec.decode("u", depth).(uint32) + length := dec.decodeU() // capacity can be determined only for fixed-size element types var capacity int if s := sigByteSize(sig); s != 0 { @@ -205,9 +232,9 @@ func (dec *decoder) decode(s string, depth int) interface{} { // Even for empty arrays, the correct padding must be included align := alignment(typeFor(s[1:])) if len(s) > 1 && s[1] == '(' { - //Special case for arrays of structs - //structs decode as a slice of interface{} values - //but the dbus alignment does not match this + // Special case for arrays of structs + // structs decode as a slice of interface{} values + // but the dbus alignment does not match this align = 8 } dec.align(align) @@ -222,7 +249,7 @@ func (dec *decoder) decode(s string, depth int) interface{} { panic(FormatError("input exceeds container depth limit")) } dec.align(8) - v := make([]interface{}, 0) + v := make([]any, 0) s = s[1 : len(s)-1] for s != "" { err, rem := validSingle(s, &depthCounter{}) @@ -290,3 +317,59 @@ type FormatError string func (e FormatError) Error() string { return "dbus: wire format error: " + string(e) } + +// stringConverterBufferSize defines the recommended buffer size of 4KB. +// It showed good results in a benchmark when decoding 35KB message, +// see https://github.com/marselester/systemd#testing. +const stringConverterBufferSize = 4096 + +func newStringConverter(capacity int) *stringConverter { + return &stringConverter{ + buf: make([]byte, 0, capacity), + offset: 0, + } +} + +// stringConverter converts bytes to strings with less allocs. +// The idea is to accumulate bytes in a buffer with specified capacity +// and create strings with unsafe package using bytes from a buffer. +// For example, 10 "fizz" strings written to a 40-byte buffer +// will result in 1 alloc instead of 10. +// +// Once a buffer is filled, a new one is created with the same capacity. +// Old buffers will be eventually GC-ed +// with no side effects to the returned strings. +type stringConverter struct { + // buf is a temporary buffer where decoded strings are batched. + buf []byte + // offset is a buffer position where the last string was written. + offset int +} + +// String converts bytes to a string. +func (c *stringConverter) String(b []byte) string { + n := len(b) + if n == 0 { + return "" + } + // Must allocate because a string doesn't fit into the buffer. + if n > cap(c.buf) { + return string(b) + } + + if len(c.buf)+n > cap(c.buf) { + c.buf = make([]byte, 0, cap(c.buf)) + c.offset = 0 + } + c.buf = append(c.buf, b...) + + b = c.buf[c.offset:] + s := toString(b) + c.offset += n + return s +} + +// toString converts a byte slice to a string without allocating. +func toString(b []byte) string { + return unsafe.String(&b[0], len(b)) +} diff --git a/vendor/github.com/godbus/dbus/v5/default_handler.go b/vendor/github.com/godbus/dbus/v5/default_handler.go index 13132c6b479..c17ab0b97de 100644 --- a/vendor/github.com/godbus/dbus/v5/default_handler.go +++ b/vendor/github.com/godbus/dbus/v5/default_handler.go @@ -18,9 +18,9 @@ func newIntrospectIntf(h *defaultHandler) *exportedIntf { return newExportedIntf(methods, true) } -//NewDefaultHandler returns an instance of the default -//call handler. This is useful if you want to implement only -//one of the two handlers but not both. +// NewDefaultHandler returns an instance of the default +// call handler. This is useful if you want to implement only +// one of the two handlers but not both. // // Deprecated: this is the default value, don't use it, it will be unexported. func NewDefaultHandler() *defaultHandler { @@ -52,9 +52,9 @@ func (h *defaultHandler) introspectPath(path ObjectPath) string { if p != "/" { p += "/" } - if strings.HasPrefix(string(obj), p) { - node_name := strings.Split(string(obj[len(p):]), "/")[0] - subpath[node_name] = struct{}{} + if after, ok := strings.CutPrefix(string(obj), p); ok { + name, _, _ := strings.Cut(after, "/") + subpath[name] = struct{}{} } } for s := range subpath { @@ -117,7 +117,7 @@ type exportedMethod struct { reflect.Value } -func (m exportedMethod) Call(args ...interface{}) ([]interface{}, error) { +func (m exportedMethod) Call(args ...any) ([]any, error) { t := m.Type() params := make([]reflect.Value, len(args)) @@ -143,12 +143,12 @@ func (m exportedMethod) Call(args ...interface{}) ([]interface{}, error) { ret = ret[:t.NumOut()-1] } } - out := make([]interface{}, len(ret)) + out := make([]any, len(ret)) for i, val := range ret { out[i] = val.Interface() } if nilErr || err == nil { - //concrete type to interface nil is a special case + // concrete type to interface nil is a special case return out, nil } return out, err @@ -158,7 +158,7 @@ func (m exportedMethod) NumArguments() int { return m.Value.Type().NumIn() } -func (m exportedMethod) ArgumentValue(i int) interface{} { +func (m exportedMethod) ArgumentValue(i int) any { return reflect.Zero(m.Type().In(i)).Interface() } @@ -166,7 +166,7 @@ func (m exportedMethod) NumReturns() int { return m.Value.Type().NumOut() } -func (m exportedMethod) ReturnValue(i int) interface{} { +func (m exportedMethod) ReturnValue(i int) any { return reflect.Zero(m.Type().Out(i)).Interface() } @@ -215,10 +215,6 @@ func (obj *exportedObj) LookupMethod(name string) (Method, bool) { return nil, false } -func (obj *exportedObj) isFallbackInterface() bool { - return false -} - func newExportedIntf(methods map[string]Method, includeSubtree bool) *exportedIntf { return &exportedIntf{ methods: methods, @@ -242,9 +238,9 @@ func (obj *exportedIntf) isFallbackInterface() bool { return obj.includeSubtree } -//NewDefaultSignalHandler returns an instance of the default -//signal handler. This is useful if you want to implement only -//one of the two handlers but not both. +// NewDefaultSignalHandler returns an instance of the default +// signal handler. This is useful if you want to implement only +// one of the two handlers but not both. // // Deprecated: this is the default value, don't use it, it will be unexported. func NewDefaultSignalHandler() *defaultSignalHandler { diff --git a/vendor/github.com/godbus/dbus/v5/doc.go b/vendor/github.com/godbus/dbus/v5/doc.go index 8f25a00d61e..09eedc71e61 100644 --- a/vendor/github.com/godbus/dbus/v5/doc.go +++ b/vendor/github.com/godbus/dbus/v5/doc.go @@ -7,7 +7,7 @@ on remote objects and emit or receive signals. Using the Export method, you can arrange D-Bus methods calls to be directly translated to method calls on a Go value. -Conversion Rules +# Conversion Rules For outgoing messages, Go types are automatically converted to the corresponding D-Bus types. See the official specification at @@ -15,25 +15,25 @@ https://dbus.freedesktop.org/doc/dbus-specification.html#type-system for more information on the D-Bus type system. The following types are directly encoded as their respective D-Bus equivalents: - Go type | D-Bus type - ------------+----------- - byte | BYTE - bool | BOOLEAN - int16 | INT16 - uint16 | UINT16 - int | INT32 - uint | UINT32 - int32 | INT32 - uint32 | UINT32 - int64 | INT64 - uint64 | UINT64 - float64 | DOUBLE - string | STRING - ObjectPath | OBJECT_PATH - Signature | SIGNATURE - Variant | VARIANT - interface{} | VARIANT - UnixFDIndex | UNIX_FD + Go type | D-Bus type + ------------+----------- + byte | BYTE + bool | BOOLEAN + int16 | INT16 + uint16 | UINT16 + int | INT32 + uint | UINT32 + int32 | INT32 + uint32 | UINT32 + int64 | INT64 + uint64 | UINT64 + float64 | DOUBLE + string | STRING + ObjectPath | OBJECT_PATH + Signature | SIGNATURE + Variant | VARIANT + interface{} | VARIANT + UnixFDIndex | UNIX_FD Slices and arrays encode as ARRAYs of their element type. @@ -57,7 +57,7 @@ of STRUCTs. Incoming STRUCTS are represented as a slice of empty interfaces containing the struct fields in the correct order. The Store function can be used to convert such values to Go structs. -Unix FD passing +# Unix FD passing Handling Unix file descriptors deserves special mention. To use them, you should first check that they are supported on a connection by calling SupportsUnixFDs. @@ -66,6 +66,5 @@ UnixFD's to messages that are accompanied by the given file descriptors with the UnixFD values being substituted by the correct indices. Similarly, the indices of incoming messages are automatically resolved. It shouldn't be necessary to use UnixFDIndex. - */ package dbus diff --git a/vendor/github.com/godbus/dbus/v5/encoder.go b/vendor/github.com/godbus/dbus/v5/encoder.go index 015b26cd5c4..5901ab42a9c 100644 --- a/vendor/github.com/godbus/dbus/v5/encoder.go +++ b/vendor/github.com/godbus/dbus/v5/encoder.go @@ -59,7 +59,7 @@ func (enc *encoder) padding(offset, algn int) int { } // Calls binary.Write(enc.out, enc.order, v) and panics on write errors. -func (enc *encoder) binwrite(v interface{}) { +func (enc *encoder) binwrite(v any) { if err := binary.Write(enc.out, enc.order, v); err != nil { panic(err) } @@ -67,7 +67,7 @@ func (enc *encoder) binwrite(v interface{}) { // Encode encodes the given values to the underlying reader. All written values // are aligned properly as required by the D-Bus spec. -func (enc *encoder) Encode(vs ...interface{}) (err error) { +func (enc *encoder) Encode(vs ...any) (err error) { defer func() { err, _ = recover().(error) }() diff --git a/vendor/github.com/godbus/dbus/v5/export.go b/vendor/github.com/godbus/dbus/v5/export.go index d3dd9f7cd62..20d8cb38fa4 100644 --- a/vendor/github.com/godbus/dbus/v5/export.go +++ b/vendor/github.com/godbus/dbus/v5/export.go @@ -11,47 +11,47 @@ import ( var ( ErrMsgInvalidArg = Error{ "org.freedesktop.DBus.Error.InvalidArgs", - []interface{}{"Invalid type / number of args"}, + []any{"Invalid type / number of args"}, } ErrMsgNoObject = Error{ "org.freedesktop.DBus.Error.NoSuchObject", - []interface{}{"No such object"}, + []any{"No such object"}, } ErrMsgUnknownMethod = Error{ "org.freedesktop.DBus.Error.UnknownMethod", - []interface{}{"Unknown / invalid method"}, + []any{"Unknown / invalid method"}, } ErrMsgUnknownInterface = Error{ "org.freedesktop.DBus.Error.UnknownInterface", - []interface{}{"Object does not implement the interface"}, + []any{"Object does not implement the interface"}, } ) func MakeNoObjectError(path ObjectPath) Error { return Error{ "org.freedesktop.DBus.Error.NoSuchObject", - []interface{}{fmt.Sprintf("No such object '%s'", string(path))}, + []any{fmt.Sprintf("No such object '%s'", string(path))}, } } func MakeUnknownMethodError(methodName string) Error { return Error{ "org.freedesktop.DBus.Error.UnknownMethod", - []interface{}{fmt.Sprintf("Unknown / invalid method '%s'", methodName)}, + []any{fmt.Sprintf("Unknown / invalid method '%s'", methodName)}, } } func MakeUnknownInterfaceError(ifaceName string) Error { return Error{ "org.freedesktop.DBus.Error.UnknownInterface", - []interface{}{fmt.Sprintf("Object does not implement the interface '%s'", ifaceName)}, + []any{fmt.Sprintf("Object does not implement the interface '%s'", ifaceName)}, } } func MakeFailedError(err error) *Error { return &Error{ "org.freedesktop.DBus.Error.Failed", - []interface{}{err.Error()}, + []any{err.Error()}, } } @@ -67,7 +67,7 @@ func computeMethodName(name string, mapping map[string]string) string { return name } -func getMethods(in interface{}, mapping map[string]string) map[string]reflect.Value { +func getMethods(in any, mapping map[string]string) map[string]reflect.Value { if in == nil { return nil } @@ -91,7 +91,7 @@ func getMethods(in interface{}, mapping map[string]string) map[string]reflect.Va return methods } -func getAllMethods(in interface{}, mapping map[string]string) map[string]reflect.Value { +func getAllMethods(in any, mapping map[string]string) map[string]reflect.Value { if in == nil { return nil } @@ -107,9 +107,9 @@ func getAllMethods(in interface{}, mapping map[string]string) map[string]reflect return methods } -func standardMethodArgumentDecode(m Method, sender string, msg *Message, body []interface{}) ([]interface{}, error) { - pointers := make([]interface{}, m.NumArguments()) - decode := make([]interface{}, 0, len(body)) +func standardMethodArgumentDecode(m Method, sender string, msg *Message, body []any) ([]any, error) { + pointers := make([]any, m.NumArguments()) + decode := make([]any, 0, len(body)) for i := 0; i < m.NumArguments(); i++ { tp := reflect.TypeOf(m.ArgumentValue(i)) @@ -135,7 +135,7 @@ func standardMethodArgumentDecode(m Method, sender string, msg *Message, body [] return pointers, nil } -func (conn *Conn) decodeArguments(m Method, sender string, msg *Message) ([]interface{}, error) { +func (conn *Conn) decodeArguments(m Method, sender string, msg *Message) ([]any, error) { if decoder, ok := m.(ArgumentDecoder); ok { return decoder.DecodeArguments(conn, sender, msg, msg.Body) } @@ -204,23 +204,21 @@ func (conn *Conn) handleCall(msg *Message) { reply.Headers[FieldDestination] = msg.Headers[FieldSender] } reply.Headers[FieldReplySerial] = MakeVariant(msg.serial) - reply.Body = make([]interface{}, len(ret)) - for i := 0; i < len(ret); i++ { - reply.Body[i] = ret[i] - } + reply.Body = make([]any, len(ret)) + copy(reply.Body, ret) reply.Headers[FieldSignature] = MakeVariant(SignatureOf(reply.Body...)) - if err := reply.IsValid(); err != nil { - fmt.Fprintf(os.Stderr, "dbus: dropping invalid reply to %s.%s on obj %s: %s\n", ifaceName, name, path, err) - } else { - conn.sendMessageAndIfClosed(reply, nil) + if err := conn.sendMessageAndIfClosed(reply, nil); err != nil { + if _, ok := err.(FormatError); ok { + fmt.Fprintf(os.Stderr, "dbus: replacing invalid reply to %s.%s on obj %s: %s\n", ifaceName, name, path, err) + } } } } // Emit emits the given signal on the message bus. The name parameter must be // formatted as "interface.member", e.g., "org.freedesktop.DBus.NameLost". -func (conn *Conn) Emit(path ObjectPath, name string, values ...interface{}) error { +func (conn *Conn) Emit(path ObjectPath, name string, values ...any) error { i := strings.LastIndex(name, ".") if i == -1 { return errors.New("dbus: invalid method name") @@ -237,18 +235,15 @@ func (conn *Conn) Emit(path ObjectPath, name string, values ...interface{}) erro if len(values) > 0 { msg.Headers[FieldSignature] = MakeVariant(SignatureOf(values...)) } - if err := msg.IsValid(); err != nil { - return err - } var closed bool - conn.sendMessageAndIfClosed(msg, func() { + err := conn.sendMessageAndIfClosed(msg, func() { closed = true }) if closed { return ErrClosed } - return nil + return err } // Export registers the given value to be exported as an object on the @@ -279,7 +274,7 @@ func (conn *Conn) Emit(path ObjectPath, name string, values ...interface{}) erro // the given combination of path and interface. // // Export returns an error if path is not a valid path name. -func (conn *Conn) Export(v interface{}, path ObjectPath, iface string) error { +func (conn *Conn) Export(v any, path ObjectPath, iface string) error { return conn.ExportWithMap(v, nil, path, iface) } @@ -291,7 +286,7 @@ func (conn *Conn) Export(v interface{}, path ObjectPath, iface string) error { // type parameter to your method signature. If the error returned is not nil, // it is sent back to the caller as an error. Otherwise, a method reply is // sent with the other return values as its body. -func (conn *Conn) ExportAll(v interface{}, path ObjectPath, iface string) error { +func (conn *Conn) ExportAll(v any, path ObjectPath, iface string) error { return conn.export(getAllMethods(v, nil), path, iface, false) } @@ -300,7 +295,7 @@ func (conn *Conn) ExportAll(v interface{}, path ObjectPath, iface string) error // // The keys in the map are the real method names (exported on the struct), and // the values are the method names to be exported on DBus. -func (conn *Conn) ExportWithMap(v interface{}, mapping map[string]string, path ObjectPath, iface string) error { +func (conn *Conn) ExportWithMap(v any, mapping map[string]string, path ObjectPath, iface string) error { return conn.export(getMethods(v, mapping), path, iface, false) } @@ -314,7 +309,7 @@ func (conn *Conn) ExportWithMap(v interface{}, mapping map[string]string, path O // Note that more specific export paths take precedence over less specific. For // example, a method call using the ObjectPath /foo/bar/baz will call a method // exported on /foo/bar before a method exported on /foo. -func (conn *Conn) ExportSubtree(v interface{}, path ObjectPath, iface string) error { +func (conn *Conn) ExportSubtree(v any, path ObjectPath, iface string) error { return conn.ExportSubtreeWithMap(v, nil, path, iface) } @@ -323,7 +318,7 @@ func (conn *Conn) ExportSubtree(v interface{}, path ObjectPath, iface string) er // // The keys in the map are the real method names (exported on the struct), and // the values are the method names to be exported on DBus. -func (conn *Conn) ExportSubtreeWithMap(v interface{}, mapping map[string]string, path ObjectPath, iface string) error { +func (conn *Conn) ExportSubtreeWithMap(v any, mapping map[string]string, path ObjectPath, iface string) error { return conn.export(getMethods(v, mapping), path, iface, true) } @@ -337,16 +332,16 @@ func (conn *Conn) ExportSubtreeWithMap(v interface{}, mapping map[string]string, // methods on the fly. // // Any non-function objects in the method table are ignored. -func (conn *Conn) ExportMethodTable(methods map[string]interface{}, path ObjectPath, iface string) error { +func (conn *Conn) ExportMethodTable(methods map[string]any, path ObjectPath, iface string) error { return conn.exportMethodTable(methods, path, iface, false) } // Like ExportSubtree, but with the same caveats as ExportMethodTable. -func (conn *Conn) ExportSubtreeMethodTable(methods map[string]interface{}, path ObjectPath, iface string) error { +func (conn *Conn) ExportSubtreeMethodTable(methods map[string]any, path ObjectPath, iface string) error { return conn.exportMethodTable(methods, path, iface, true) } -func (conn *Conn) exportMethodTable(methods map[string]interface{}, path ObjectPath, iface string, includeSubtree bool) error { +func (conn *Conn) exportMethodTable(methods map[string]any, path ObjectPath, iface string, includeSubtree bool) error { var out map[string]reflect.Value if methods != nil { out = make(map[string]reflect.Value) @@ -443,6 +438,18 @@ const ( ReleaseNameReplyNotOwner ) +func (rep ReleaseNameReply) String() string { + switch rep { + case ReleaseNameReplyReleased: + return "released" + case ReleaseNameReplyNonExistent: + return "non existent" + case ReleaseNameReplyNotOwner: + return "not owner" + } + return "unknown" +} + // RequestNameFlags represents the possible flags for a RequestName call. type RequestNameFlags uint32 @@ -461,3 +468,17 @@ const ( RequestNameReplyExists RequestNameReplyAlreadyOwner ) + +func (rep RequestNameReply) String() string { + switch rep { + case RequestNameReplyPrimaryOwner: + return "primary owner" + case RequestNameReplyInQueue: + return "in queue" + case RequestNameReplyExists: + return "exists" + case RequestNameReplyAlreadyOwner: + return "already owner" + } + return "unknown" +} diff --git a/vendor/github.com/godbus/dbus/v5/homedir.go b/vendor/github.com/godbus/dbus/v5/homedir.go deleted file mode 100644 index c44d9b5fc24..00000000000 --- a/vendor/github.com/godbus/dbus/v5/homedir.go +++ /dev/null @@ -1,25 +0,0 @@ -package dbus - -import ( - "os" - "os/user" -) - -// Get returns the home directory of the current user, which is usually the -// value of HOME environment variable. In case it is not set or empty, os/user -// package is used. -// -// If linking statically with cgo enabled against glibc, make sure the -// osusergo build tag is used. -// -// If needing to do nss lookups, do not disable cgo or set osusergo. -func getHomeDir() string { - homeDir := os.Getenv("HOME") - if homeDir != "" { - return homeDir - } - if u, err := user.Current(); err == nil { - return u.HomeDir - } - return "/" -} diff --git a/vendor/github.com/godbus/dbus/v5/match.go b/vendor/github.com/godbus/dbus/v5/match.go index 5a607e53e41..ffb01344755 100644 --- a/vendor/github.com/godbus/dbus/v5/match.go +++ b/vendor/github.com/godbus/dbus/v5/match.go @@ -26,10 +26,10 @@ func WithMatchOption(key, value string) MatchOption { return MatchOption{key, value} } -// doesn't make sense to export this option because clients can only -// subscribe to messages with signal type. -func withMatchType(typ string) MatchOption { - return WithMatchOption("type", typ) +// It does not make sense to have a public WithMatchType function +// because clients can only subscribe to messages with signal type. +func withMatchTypeSignal() MatchOption { + return WithMatchOption("type", "signal") } // WithMatchSender sets sender match option. diff --git a/vendor/github.com/godbus/dbus/v5/message.go b/vendor/github.com/godbus/dbus/v5/message.go index bdf43fdd6e5..097ca3a7fa8 100644 --- a/vendor/github.com/godbus/dbus/v5/message.go +++ b/vendor/github.com/godbus/dbus/v5/message.go @@ -108,7 +108,7 @@ type Message struct { Type Flags Headers map[HeaderField]Variant - Body []interface{} + Body []any serial uint32 } @@ -158,7 +158,9 @@ func DecodeMessageWithFDs(rd io.Reader, fds []int) (msg *Message, err error) { if err != nil { return nil, err } - binary.Read(bytes.NewBuffer(b), order, &hlength) + if err := binary.Read(bytes.NewBuffer(b), order, &hlength); err != nil { + return nil, err + } if hlength+length+16 > 1<<27 { return nil, InvalidMessageError("message is too long") } @@ -186,7 +188,7 @@ func DecodeMessageWithFDs(rd io.Reader, fds []int) (msg *Message, err error) { } } - if err = msg.IsValid(); err != nil { + if err = msg.validateHeader(); err != nil { return nil, err } sig, _ := msg.Headers[FieldSignature].value.(Signature) @@ -230,7 +232,7 @@ func (msg *Message) EncodeToWithFDs(out io.Writer, order binary.ByteOrder) (fds if err := msg.validateHeader(); err != nil { return nil, err } - var vs [7]interface{} + var vs [7]any switch order { case binary.LittleEndian: vs[0] = byte('l') @@ -265,12 +267,14 @@ func (msg *Message) EncodeToWithFDs(out io.Writer, order binary.ByteOrder) (fds return } enc.align(8) - body.WriteTo(&buf) + if _, err := body.WriteTo(&buf); err != nil { + return nil, err + } if buf.Len() > 1<<27 { - return make([]int, 0), InvalidMessageError("message is too long") + return nil, InvalidMessageError("message is too long") } if _, err := buf.WriteTo(out); err != nil { - return make([]int, 0), err + return nil, err } return enc.fds, nil } @@ -286,8 +290,7 @@ func (msg *Message) EncodeTo(out io.Writer, order binary.ByteOrder) (err error) // IsValid checks whether msg is a valid message and returns an // InvalidMessageError or FormatError if it is not. func (msg *Message) IsValid() error { - var b bytes.Buffer - return msg.EncodeTo(&b, nativeEndian) + return msg.EncodeTo(io.Discard, nativeEndian) } func (msg *Message) validateHeader() error { diff --git a/vendor/github.com/godbus/dbus/v5/object.go b/vendor/github.com/godbus/dbus/v5/object.go index 664abb7fbab..954d3807123 100644 --- a/vendor/github.com/godbus/dbus/v5/object.go +++ b/vendor/github.com/godbus/dbus/v5/object.go @@ -9,15 +9,15 @@ import ( // BusObject is the interface of a remote object on which methods can be // invoked. type BusObject interface { - Call(method string, flags Flags, args ...interface{}) *Call - CallWithContext(ctx context.Context, method string, flags Flags, args ...interface{}) *Call - Go(method string, flags Flags, ch chan *Call, args ...interface{}) *Call - GoWithContext(ctx context.Context, method string, flags Flags, ch chan *Call, args ...interface{}) *Call + Call(method string, flags Flags, args ...any) *Call + CallWithContext(ctx context.Context, method string, flags Flags, args ...any) *Call + Go(method string, flags Flags, ch chan *Call, args ...any) *Call + GoWithContext(ctx context.Context, method string, flags Flags, ch chan *Call, args ...any) *Call AddMatchSignal(iface, member string, options ...MatchOption) *Call RemoveMatchSignal(iface, member string, options ...MatchOption) *Call GetProperty(p string) (Variant, error) - StoreProperty(p string, value interface{}) error - SetProperty(p string, v interface{}) error + StoreProperty(p string, value any) error + SetProperty(p string, v any) error Destination() string Path() ObjectPath } @@ -30,12 +30,12 @@ type Object struct { } // Call calls a method with (*Object).Go and waits for its reply. -func (o *Object) Call(method string, flags Flags, args ...interface{}) *Call { +func (o *Object) Call(method string, flags Flags, args ...any) *Call { return <-o.createCall(context.Background(), method, flags, make(chan *Call, 1), args...).Done } // CallWithContext acts like Call but takes a context -func (o *Object) CallWithContext(ctx context.Context, method string, flags Flags, args ...interface{}) *Call { +func (o *Object) CallWithContext(ctx context.Context, method string, flags Flags, args ...any) *Call { return <-o.createCall(ctx, method, flags, make(chan *Call, 1), args...).Done } @@ -46,7 +46,7 @@ func (o *Object) CallWithContext(ctx context.Context, method string, flags Flags // Deprecated: use (*Conn) AddMatchSignal instead. func (o *Object) AddMatchSignal(iface, member string, options ...MatchOption) *Call { base := []MatchOption{ - withMatchType("signal"), + withMatchTypeSignal(), WithMatchInterface(iface), WithMatchMember(member), } @@ -65,7 +65,7 @@ func (o *Object) AddMatchSignal(iface, member string, options ...MatchOption) *C // Deprecated: use (*Conn) RemoveMatchSignal instead. func (o *Object) RemoveMatchSignal(iface, member string, options ...MatchOption) *Call { base := []MatchOption{ - withMatchType("signal"), + withMatchTypeSignal(), WithMatchInterface(iface), WithMatchMember(member), } @@ -89,16 +89,16 @@ func (o *Object) RemoveMatchSignal(iface, member string, options ...MatchOption) // // If the method parameter contains a dot ('.'), the part before the last dot // specifies the interface on which the method is called. -func (o *Object) Go(method string, flags Flags, ch chan *Call, args ...interface{}) *Call { +func (o *Object) Go(method string, flags Flags, ch chan *Call, args ...any) *Call { return o.createCall(context.Background(), method, flags, ch, args...) } // GoWithContext acts like Go but takes a context -func (o *Object) GoWithContext(ctx context.Context, method string, flags Flags, ch chan *Call, args ...interface{}) *Call { +func (o *Object) GoWithContext(ctx context.Context, method string, flags Flags, ch chan *Call, args ...any) *Call { return o.createCall(ctx, method, flags, ch, args...) } -func (o *Object) createCall(ctx context.Context, method string, flags Flags, ch chan *Call, args ...interface{}) *Call { +func (o *Object) createCall(ctx context.Context, method string, flags Flags, ch chan *Call, args ...any) *Call { if ctx == nil { panic("nil context") } @@ -136,7 +136,7 @@ func (o *Object) GetProperty(p string) (Variant, error) { // StoreProperty calls org.freedesktop.DBus.Properties.Get on the given // object. The property name must be given in interface.member notation. // It stores the returned property into the provided value. -func (o *Object) StoreProperty(p string, value interface{}) error { +func (o *Object) StoreProperty(p string, value any) error { idx := strings.LastIndex(p, ".") if idx == -1 || idx+1 == len(p) { return errors.New("dbus: invalid property " + p) @@ -151,7 +151,14 @@ func (o *Object) StoreProperty(p string, value interface{}) error { // SetProperty calls org.freedesktop.DBus.Properties.Set on the given // object. The property name must be given in interface.member notation. -func (o *Object) SetProperty(p string, v interface{}) error { +// Panics if v is not a valid Variant type. +func (o *Object) SetProperty(p string, v any) error { + // v might already be a variant... + variant, ok := v.(Variant) + if !ok { + // Otherwise, make it into one. + variant = MakeVariant(v) + } idx := strings.LastIndex(p, ".") if idx == -1 || idx+1 == len(p) { return errors.New("dbus: invalid property " + p) @@ -160,7 +167,7 @@ func (o *Object) SetProperty(p string, v interface{}) error { iface := p[:idx] prop := p[idx+1:] - return o.Call("org.freedesktop.DBus.Properties.Set", 0, iface, prop, v).Err + return o.Call("org.freedesktop.DBus.Properties.Set", 0, iface, prop, variant).Err } // Destination returns the destination that calls on (o *Object) are sent to. diff --git a/vendor/github.com/godbus/dbus/v5/sequential_handler.go b/vendor/github.com/godbus/dbus/v5/sequential_handler.go index ef2fcdba179..886b5eb16b3 100644 --- a/vendor/github.com/godbus/dbus/v5/sequential_handler.go +++ b/vendor/github.com/godbus/dbus/v5/sequential_handler.go @@ -93,7 +93,7 @@ func (scd *sequentialSignalChannelData) bufferSignals() { var queue []*Signal for { if len(queue) == 0 { - signal, ok := <- scd.in + signal, ok := <-scd.in if !ok { return } diff --git a/vendor/github.com/godbus/dbus/v5/server_interfaces.go b/vendor/github.com/godbus/dbus/v5/server_interfaces.go index e4e0389fdf0..24d4ad6329b 100644 --- a/vendor/github.com/godbus/dbus/v5/server_interfaces.go +++ b/vendor/github.com/godbus/dbus/v5/server_interfaces.go @@ -22,7 +22,7 @@ type Handler interface { // of Interface lookup is up to the implementation of // the ServerObject. The ServerObject implementation may // choose to implement empty string as a valid interface -// represeting all methods or not per the D-Bus specification. +// representing all methods or not per the D-Bus specification. type ServerObject interface { LookupInterface(name string) (Interface, bool) } @@ -38,17 +38,17 @@ type Interface interface { // A Method represents the exposed methods on D-Bus. type Method interface { // Call requires that all arguments are decoded before being passed to it. - Call(args ...interface{}) ([]interface{}, error) + Call(args ...any) ([]any, error) NumArguments() int NumReturns() int // ArgumentValue returns a representative value for the argument at position // it should be of the proper type. reflect.Zero would be a good mechanism // to use for this Value. - ArgumentValue(position int) interface{} + ArgumentValue(position int) any // ReturnValue returns a representative value for the return at position // it should be of the proper type. reflect.Zero would be a good mechanism // to use for this Value. - ReturnValue(position int) interface{} + ReturnValue(position int) any } // An Argument Decoder can decode arguments using the non-standard mechanism @@ -65,7 +65,7 @@ type ArgumentDecoder interface { // To decode the arguments of a method the sender and message are // provided in case the semantics of the implementer provides access // to these as part of the method invocation. - DecodeArguments(conn *Conn, sender string, msg *Message, args []interface{}) ([]interface{}, error) + DecodeArguments(conn *Conn, sender string, msg *Message, args []any) ([]any, error) } // A SignalHandler is responsible for delivering a signal. @@ -93,7 +93,7 @@ type SignalRegistrar interface { // "org.freedesktop.DBus.Error.Failed" error. By implementing this // interface as well a custom encoding may be provided. type DBusError interface { - DBusError() (string, []interface{}) + DBusError() (string, []any) } // SerialGenerator is responsible for serials generation. diff --git a/vendor/github.com/godbus/dbus/v5/sig.go b/vendor/github.com/godbus/dbus/v5/sig.go index 6b9cadb5fbc..ed5accc94d2 100644 --- a/vendor/github.com/godbus/dbus/v5/sig.go +++ b/vendor/github.com/godbus/dbus/v5/sig.go @@ -31,7 +31,7 @@ type Signature struct { // SignatureOf returns the concatenation of all the signatures of the given // values. It panics if one of them is not representable in D-Bus. -func SignatureOf(vs ...interface{}) Signature { +func SignatureOf(vs ...any) Signature { var s string for _, v := range vs { s += getSignature(reflect.TypeOf(v), &depthCounter{}) @@ -183,19 +183,19 @@ func (cnt *depthCounter) Valid() bool { return cnt.arrayDepth <= 32 && cnt.structDepth <= 32 && cnt.dictEntryDepth <= 32 } -func (cnt depthCounter) EnterArray() *depthCounter { +func (cnt *depthCounter) EnterArray() *depthCounter { cnt.arrayDepth++ - return &cnt + return cnt } -func (cnt depthCounter) EnterStruct() *depthCounter { +func (cnt *depthCounter) EnterStruct() *depthCounter { cnt.structDepth++ - return &cnt + return cnt } -func (cnt depthCounter) EnterDictEntry() *depthCounter { +func (cnt *depthCounter) EnterDictEntry() *depthCounter { cnt.dictEntryDepth++ - return &cnt + return cnt } // Try to read a single type from this string. If it was successful, err is nil @@ -221,6 +221,9 @@ func validSingle(s string, depth *depthCounter) (err error, rem string) { i++ rem = s[i+1:] s = s[2:i] + if len(s) == 0 { + return SignatureError{Sig: s, Reason: "empty dict"}, "" + } if err, _ = validSingle(s[:1], depth.EnterArray().EnterDictEntry()); err != nil { return err, "" } diff --git a/vendor/github.com/godbus/dbus/v5/transport_nonce_tcp.go b/vendor/github.com/godbus/dbus/v5/transport_nonce_tcp.go index 697739efafb..916e17b6eef 100644 --- a/vendor/github.com/godbus/dbus/v5/transport_nonce_tcp.go +++ b/vendor/github.com/godbus/dbus/v5/transport_nonce_tcp.go @@ -1,11 +1,12 @@ -//+build !windows +//go:build !windows +// +build !windows package dbus import ( "errors" - "io/ioutil" "net" + "os" ) func init() { @@ -27,12 +28,14 @@ func newNonceTcpTransport(keys string) (transport, error) { if err != nil { return nil, err } - b, err := ioutil.ReadFile(noncefile) + b, err := os.ReadFile(noncefile) if err != nil { + socket.Close() return nil, err } _, err = socket.Write(b) if err != nil { + socket.Close() return nil, err } return NewConn(socket) diff --git a/vendor/github.com/godbus/dbus/v5/transport_unix.go b/vendor/github.com/godbus/dbus/v5/transport_unix.go index 0a8c712ebdf..6a59637ae8a 100644 --- a/vendor/github.com/godbus/dbus/v5/transport_unix.go +++ b/vendor/github.com/godbus/dbus/v5/transport_unix.go @@ -1,4 +1,5 @@ -//+build !windows,!solaris +//go:build !windows && !solaris +// +build !windows,!solaris package dbus @@ -11,10 +12,29 @@ import ( "syscall" ) +// msghead represents the part of the message header +// that has a constant size (byte order + 15 bytes). +type msghead struct { + Type Type + Flags Flags + Proto byte + BodyLen uint32 + Serial uint32 + HeaderLen uint32 +} + type oobReader struct { conn *net.UnixConn oob []byte buf [4096]byte + + // The following fields are used to reduce memory allocs. + headers []header + csheader []byte + b *bytes.Buffer + r *bytes.Reader + dec *decoder + msghead } func (o *oobReader) Read(b []byte) (n int, err error) { @@ -35,6 +55,14 @@ type unixTransport struct { hasUnixFDs bool } +func newUnixTransportFromConn(conn *net.UnixConn) transport { + t := new(unixTransport) + t.UnixConn = conn + t.hasUnixFDs = true + + return t +} + func newUnixTransport(keys string) (transport, error) { var err error @@ -70,28 +98,36 @@ func (t *unixTransport) EnableUnixFDs() { } func (t *unixTransport) ReadMessage() (*Message, error) { - var ( - blen, hlen uint32 - csheader [16]byte - headers []header - order binary.ByteOrder - unixfds uint32 - ) // To be sure that all bytes of out-of-band data are read, we use a special // reader that uses ReadUnix on the underlying connection instead of Read // and gathers the out-of-band data in a buffer. if t.rdr == nil { - t.rdr = &oobReader{conn: t.UnixConn} + t.rdr = &oobReader{ + conn: t.UnixConn, + // This buffer is used to decode the part of the header that has a constant size. + csheader: make([]byte, 16), + b: &bytes.Buffer{}, + // The reader helps to read from the buffer several times. + r: &bytes.Reader{}, + dec: &decoder{}, + } } else { - t.rdr.oob = nil + t.rdr.oob = t.rdr.oob[:0] + t.rdr.headers = t.rdr.headers[:0] } + var ( + r = t.rdr.r + b = t.rdr.b + dec = t.rdr.dec + ) - // read the first 16 bytes (the part of the header that has a constant size), - // from which we can figure out the length of the rest of the message - if _, err := io.ReadFull(t.rdr, csheader[:]); err != nil { + _, err := io.ReadFull(t.rdr, t.rdr.csheader) + if err != nil { return nil, err } - switch csheader[0] { + + var order binary.ByteOrder + switch t.rdr.csheader[0] { case 'l': order = binary.LittleEndian case 'B': @@ -99,38 +135,62 @@ func (t *unixTransport) ReadMessage() (*Message, error) { default: return nil, InvalidMessageError("invalid byte order") } - // csheader[4:8] -> length of message body, csheader[12:16] -> length of - // header fields (without alignment) - binary.Read(bytes.NewBuffer(csheader[4:8]), order, &blen) - binary.Read(bytes.NewBuffer(csheader[12:]), order, &hlen) + + r.Reset(t.rdr.csheader[1:]) + if err := binary.Read(r, order, &t.rdr.msghead); err != nil { + return nil, err + } + + msg := &Message{ + Type: t.rdr.msghead.Type, + Flags: t.rdr.msghead.Flags, + serial: t.rdr.msghead.Serial, + } + // Length of header fields (without alignment). + hlen := t.rdr.msghead.HeaderLen if hlen%8 != 0 { hlen += 8 - (hlen % 8) } + if hlen+t.rdr.msghead.BodyLen+16 > 1<<27 { + return nil, InvalidMessageError("message is too long") + } - // decode headers and look for unix fds - headerdata := make([]byte, hlen+4) - copy(headerdata, csheader[12:]) - if _, err := io.ReadFull(t.rdr, headerdata[4:]); err != nil { + // Decode headers and look for unix fds. + b.Reset() + if _, err = b.Write(t.rdr.csheader[12:]); err != nil { return nil, err } - dec := newDecoder(bytes.NewBuffer(headerdata), order, make([]int, 0)) + if _, err = io.CopyN(b, t.rdr, int64(hlen)); err != nil { + return nil, err + } + dec.Reset(b, order, nil) dec.pos = 12 vs, err := dec.Decode(Signature{"a(yv)"}) if err != nil { return nil, err } - Store(vs, &headers) - for _, v := range headers { + if err = Store(vs, &t.rdr.headers); err != nil { + return nil, err + } + var unixfds uint32 + for _, v := range t.rdr.headers { if v.Field == byte(FieldUnixFDs) { unixfds, _ = v.Variant.value.(uint32) } } - all := make([]byte, 16+hlen+blen) - copy(all, csheader[:]) - copy(all[16:], headerdata[4:]) - if _, err := io.ReadFull(t.rdr, all[16+hlen:]); err != nil { + + msg.Headers = make(map[HeaderField]Variant) + for _, v := range t.rdr.headers { + msg.Headers[HeaderField(v.Field)] = v.Variant + } + + dec.align(8) + body := make([]byte, t.rdr.BodyLen) + if _, err = io.ReadFull(t.rdr, body); err != nil { return nil, err } + r.Reset(body) + if unixfds != 0 { if !t.hasUnixFDs { return nil, errors.New("dbus: got unix fds on unsupported transport") @@ -147,8 +207,8 @@ func (t *unixTransport) ReadMessage() (*Message, error) { if err != nil { return nil, err } - msg, err := DecodeMessageWithFDs(bytes.NewBuffer(all), fds) - if err != nil { + dec.Reset(r, order, fds) + if err = decodeMessageBody(msg, dec); err != nil { return nil, err } // substitute the values in the message body (which are indices for the @@ -173,7 +233,27 @@ func (t *unixTransport) ReadMessage() (*Message, error) { } return msg, nil } - return DecodeMessage(bytes.NewBuffer(all)) + + dec.Reset(r, order, nil) + if err = decodeMessageBody(msg, dec); err != nil { + return nil, err + } + return msg, nil +} + +func decodeMessageBody(msg *Message, dec *decoder) error { + if err := msg.validateHeader(); err != nil { + return err + } + + sig, _ := msg.Headers[FieldSignature].value.(Signature) + if sig.str == "" { + return nil + } + + var err error + msg.Body, err = dec.Decode(sig) + return err } func (t *unixTransport) SendMessage(msg *Message) error { diff --git a/vendor/github.com/godbus/dbus/v5/transport_unixcred_freebsd.go b/vendor/github.com/godbus/dbus/v5/transport_unixcred_freebsd.go index 1b5ed2089d0..ff2284c8382 100644 --- a/vendor/github.com/godbus/dbus/v5/transport_unixcred_freebsd.go +++ b/vendor/github.com/godbus/dbus/v5/transport_unixcred_freebsd.go @@ -7,39 +7,41 @@ package dbus -/* -const int sizeofPtr = sizeof(void*); -#define _WANT_UCRED -#include -#include -*/ -import "C" - import ( "io" "os" "syscall" "unsafe" + + "golang.org/x/sys/unix" ) // http://golang.org/src/pkg/syscall/ztypes_linux_amd64.go // https://golang.org/src/syscall/ztypes_freebsd_amd64.go +// +// Note: FreeBSD actually uses a 'struct cmsgcred' which starts with +// these fields and adds a list of the additional groups for the +// sender. type Ucred struct { - Pid int32 - Uid uint32 - Gid uint32 + Pid int32 + Uid uint32 + Euid uint32 + Gid uint32 } -// http://golang.org/src/pkg/syscall/types_linux.go -// https://golang.org/src/syscall/types_freebsd.go -// https://github.com/freebsd/freebsd/blob/master/sys/sys/ucred.h +// https://github.com/freebsd/freebsd/blob/master/sys/sys/socket.h +// +// The cmsgcred structure contains the above four fields, followed by +// a uint16 count of additional groups, uint16 padding to align and a +// 16 element array of uint32 for the additional groups. The size is +// the same across all supported platforms. const ( - SizeofUcred = C.sizeof_struct_ucred + SizeofCmsgcred = 84 // 4*4 + 2*2 + 16*4 ) // http://golang.org/src/pkg/syscall/sockcmsg_unix.go func cmsgAlignOf(salen int) int { - salign := C.sizeofPtr + salign := unix.SizeofPtr return (salen + salign - 1) & ^(salign - 1) } @@ -54,11 +56,11 @@ func cmsgData(h *syscall.Cmsghdr) unsafe.Pointer { // for sending to another process. This can be used for // authentication. func UnixCredentials(ucred *Ucred) []byte { - b := make([]byte, syscall.CmsgSpace(SizeofUcred)) + b := make([]byte, syscall.CmsgSpace(SizeofCmsgcred)) h := (*syscall.Cmsghdr)(unsafe.Pointer(&b[0])) h.Level = syscall.SOL_SOCKET h.Type = syscall.SCM_CREDS - h.SetLen(syscall.CmsgLen(SizeofUcred)) + h.SetLen(syscall.CmsgLen(SizeofCmsgcred)) *((*Ucred)(cmsgData(h))) = *ucred return b } diff --git a/vendor/github.com/godbus/dbus/v5/variant.go b/vendor/github.com/godbus/dbus/v5/variant.go index ca3dbe16a44..bf98ddea735 100644 --- a/vendor/github.com/godbus/dbus/v5/variant.go +++ b/vendor/github.com/godbus/dbus/v5/variant.go @@ -11,17 +11,17 @@ import ( // Variant represents the D-Bus variant type. type Variant struct { sig Signature - value interface{} + value any } // MakeVariant converts the given value to a Variant. It panics if v cannot be // represented as a D-Bus type. -func MakeVariant(v interface{}) Variant { +func MakeVariant(v any) Variant { return MakeVariantWithSignature(v, SignatureOf(v)) } // MakeVariantWithSignature converts the given value to a Variant. -func MakeVariantWithSignature(v interface{}, s Signature) Variant { +func MakeVariantWithSignature(v any, s Signature) Variant { return Variant{s, v} } @@ -73,7 +73,7 @@ func (v Variant) format() (string, bool) { } rv := reflect.ValueOf(v.value) switch rv.Kind() { - case reflect.Slice: + case reflect.Slice, reflect.Array: if rv.Len() == 0 { return "[]", false } @@ -119,6 +119,25 @@ func (v Variant) format() (string, bool) { } buf.WriteByte('}') return buf.String(), unamb + case reflect.Struct: + if rv.NumField() == 0 { + return "()", false + } + unamb := true + var buf bytes.Buffer + buf.WriteByte('(') + for i := 0; i < rv.NumField(); i++ { + s, b := MakeVariant(rv.Field(i).Interface()).format() + unamb = unamb && b + buf.WriteString(s) + buf.WriteString(",") + if i != rv.NumField()-1 { + buf.WriteString(" ") + } + } + buf.WriteByte(')') + return buf.String(), unamb + } return `"INVALID"`, true } @@ -139,12 +158,12 @@ func (v Variant) String() string { } // Value returns the underlying value of v. -func (v Variant) Value() interface{} { +func (v Variant) Value() any { return v.value } // Store converts the variant into a native go type using the same // mechanism as the "Store" function. -func (v Variant) Store(value interface{}) error { +func (v Variant) Store(value any) error { return storeInterfaces(v.value, value) } diff --git a/vendor/github.com/godbus/dbus/v5/variant_lexer.go b/vendor/github.com/godbus/dbus/v5/variant_lexer.go index bf1398c8f05..a0649c5ca51 100644 --- a/vendor/github.com/godbus/dbus/v5/variant_lexer.go +++ b/vendor/github.com/godbus/dbus/v5/variant_lexer.go @@ -67,7 +67,7 @@ func (l *varLexer) emit(t varTokenType) { l.start = l.pos } -func (l *varLexer) errorf(format string, v ...interface{}) lexState { +func (l *varLexer) errorf(format string, v ...any) lexState { l.tokens = append(l.tokens, varToken{ tokError, fmt.Sprintf(format, v...), diff --git a/vendor/github.com/godbus/dbus/v5/variant_parser.go b/vendor/github.com/godbus/dbus/v5/variant_parser.go index d20f5da6dd2..3f45f0a757c 100644 --- a/vendor/github.com/godbus/dbus/v5/variant_parser.go +++ b/vendor/github.com/godbus/dbus/v5/variant_parser.go @@ -33,7 +33,7 @@ type varNode interface { Infer() (Signature, error) String() string Sigs() sigSet - Value(Signature) (interface{}, error) + Value(Signature) (any, error) } func varMakeNode(p *varParser) (varNode, error) { @@ -134,7 +134,7 @@ func (s sigSet) ToArray() sigSet { type numNode struct { sig Signature str string - val interface{} + val any } var numSigSet = sigSet{ @@ -169,7 +169,7 @@ func (n numNode) Sigs() sigSet { return numSigSet } -func (n numNode) Value(sig Signature) (interface{}, error) { +func (n numNode) Value(sig Signature) (any, error) { if n.sig.str != "" && n.sig != sig { return nil, varTypeError{n.str, sig} } @@ -190,7 +190,7 @@ func varMakeNumNode(tok varToken, sig Signature) (varNode, error) { return numNode{sig: sig, val: num}, nil } -func varNumAs(s string, sig Signature) (interface{}, error) { +func varNumAs(s string, sig Signature) (any, error) { isUnsigned := false size := 32 switch sig.str { @@ -220,20 +220,20 @@ func varNumAs(s string, sig Signature) (interface{}, error) { return nil, varTypeError{s, sig} } base := 10 - if strings.HasPrefix(s, "0x") { + if after, ok := strings.CutPrefix(s, "0x"); ok { base = 16 - s = s[2:] + s = after } - if strings.HasPrefix(s, "0") && len(s) != 1 { + if after, ok := strings.CutPrefix(s, "0"); ok && len(s) != 1 { base = 8 - s = s[1:] + s = after } if isUnsigned { i, err := strconv.ParseUint(s, base, size) if err != nil { return nil, err } - var v interface{} = i + var v any = i switch sig.str { case "y": v = byte(i) @@ -248,7 +248,7 @@ func varNumAs(s string, sig Signature) (interface{}, error) { if err != nil { return nil, err } - var v interface{} = i + var v any = i switch sig.str { case "n": v = int16(i) @@ -260,8 +260,8 @@ func varNumAs(s string, sig Signature) (interface{}, error) { type stringNode struct { sig Signature - str string // parsed - val interface{} // has correct type + str string // parsed + val any // has correct type } var stringSigSet = sigSet{ @@ -285,7 +285,7 @@ func (n stringNode) Sigs() sigSet { return stringSigSet } -func (n stringNode) Value(sig Signature) (interface{}, error) { +func (n stringNode) Value(sig Signature) (any, error) { if n.sig.str != "" && n.sig != sig { return nil, varTypeError{n.str, sig} } @@ -407,7 +407,7 @@ func (boolNode) Sigs() sigSet { return boolSigSet } -func (b boolNode) Value(sig Signature) (interface{}, error) { +func (b boolNode) Value(sig Signature) (any, error) { if sig.str != "b" { return nil, varTypeError{b.String(), sig} } @@ -417,7 +417,6 @@ func (b boolNode) Value(sig Signature) (interface{}, error) { type arrayNode struct { set sigSet children []varNode - val interface{} } func (n arrayNode) Infer() (Signature, error) { @@ -446,7 +445,7 @@ func (n arrayNode) Sigs() sigSet { return n.set } -func (n arrayNode) Value(sig Signature) (interface{}, error) { +func (n arrayNode) Value(sig Signature) (any, error) { if n.set.Empty() { // no type information whatsoever, so this must be an empty slice return reflect.MakeSlice(typeFor(sig.str), 0, 0).Interface(), nil @@ -537,7 +536,7 @@ func (variantNode) Sigs() sigSet { return variantSet } -func (n variantNode) Value(sig Signature) (interface{}, error) { +func (n variantNode) Value(sig Signature) (any, error) { if sig.str != "v" { return nil, varTypeError{n.String(), sig} } @@ -574,7 +573,6 @@ type dictEntry struct { type dictNode struct { kset, vset sigSet children []dictEntry - val interface{} } func (n dictNode) Infer() (Signature, error) { @@ -614,7 +612,7 @@ func (n dictNode) Sigs() sigSet { return r } -func (n dictNode) Value(sig Signature) (interface{}, error) { +func (n dictNode) Value(sig Signature) (any, error) { set := n.Sigs() if set.Empty() { // no type information -> empty dict @@ -749,7 +747,7 @@ func (b byteStringNode) Sigs() sigSet { return byteStringSet } -func (b byteStringNode) Value(sig Signature) (interface{}, error) { +func (b byteStringNode) Value(sig Signature) (any, error) { if sig.str != "ay" { return nil, varTypeError{b.String(), sig} } diff --git a/vendor/modules.txt b/vendor/modules.txt index b6d94ce7bc8..bf12d75e6c8 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -50,8 +50,8 @@ github.com/cyphar/filepath-securejoin/pathrs-lite/procfs # github.com/docker/go-units v0.5.0 ## explicit github.com/docker/go-units -# github.com/godbus/dbus/v5 v5.1.0 -## explicit; go 1.12 +# github.com/godbus/dbus/v5 v5.2.0 +## explicit; go 1.20 github.com/godbus/dbus/v5 # github.com/moby/sys/capability v0.4.0 ## explicit; go 1.21 From 95baf621b4b230c167eb9fda3098b66f542bf154 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 20 Nov 2025 01:15:13 +0000 Subject: [PATCH 1119/1176] build(deps): bump github.com/opencontainers/selinux Bumps [github.com/opencontainers/selinux](https://github.com/opencontainers/selinux) from 1.13.0 to 1.13.1. - [Release notes](https://github.com/opencontainers/selinux/releases) - [Commits](https://github.com/opencontainers/selinux/compare/v1.13.0...v1.13.1) --- updated-dependencies: - dependency-name: github.com/opencontainers/selinux dependency-version: 1.13.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- vendor/modules.txt | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index df65bf5e83d..115853eb2b6 100644 --- a/go.mod +++ b/go.mod @@ -16,7 +16,7 @@ require ( github.com/mrunalp/fileutils v0.5.1 github.com/opencontainers/cgroups v0.0.6 github.com/opencontainers/runtime-spec v1.3.0 - github.com/opencontainers/selinux v1.13.0 + github.com/opencontainers/selinux v1.13.1 github.com/seccomp/libseccomp-golang v0.11.1 github.com/sirupsen/logrus v1.9.3 github.com/urfave/cli v1.22.17 diff --git a/go.sum b/go.sum index 01d49385ba1..6eec3c19654 100644 --- a/go.sum +++ b/go.sum @@ -50,8 +50,8 @@ github.com/opencontainers/cgroups v0.0.6 h1:tfZFWTIIGaUUFImTyuTg+Mr5x8XRiSdZESgE github.com/opencontainers/cgroups v0.0.6/go.mod h1:oWVzJsKK0gG9SCRBfTpnn16WcGEqDI8PAcpMGbqWxcs= github.com/opencontainers/runtime-spec v1.3.0 h1:YZupQUdctfhpZy3TM39nN9Ika5CBWT5diQ8ibYCRkxg= github.com/opencontainers/runtime-spec v1.3.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= -github.com/opencontainers/selinux v1.13.0 h1:Zza88GWezyT7RLql12URvoxsbLfjFx988+LGaWfbL84= -github.com/opencontainers/selinux v1.13.0/go.mod h1:XxWTed+A/s5NNq4GmYScVy+9jzXhGBVEOAyucdRUY8s= +github.com/opencontainers/selinux v1.13.1 h1:A8nNeceYngH9Ow++M+VVEwJVpdFmrlxsN22F+ISDCJE= +github.com/opencontainers/selinux v1.13.1/go.mod h1:S10WXZ/osk2kWOYKy1x2f/eXF5ZHJoUs8UU/2caNRbg= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= diff --git a/vendor/modules.txt b/vendor/modules.txt index b6d94ce7bc8..4c7e3e5212f 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -83,7 +83,7 @@ github.com/opencontainers/cgroups/systemd ## explicit github.com/opencontainers/runtime-spec/specs-go github.com/opencontainers/runtime-spec/specs-go/features -# github.com/opencontainers/selinux v1.13.0 +# github.com/opencontainers/selinux v1.13.1 ## explicit; go 1.19 github.com/opencontainers/selinux/go-selinux github.com/opencontainers/selinux/go-selinux/label From da4ec2375c14804865916c3ff4b03e3b3a27446f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 20 Nov 2025 01:31:51 +0000 Subject: [PATCH 1120/1176] build(deps): bump golang.org/x/net from 0.46.0 to 0.47.0 Bumps [golang.org/x/net](https://github.com/golang/net) from 0.46.0 to 0.47.0. - [Commits](https://github.com/golang/net/compare/v0.46.0...v0.47.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-version: 0.47.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- vendor/modules.txt | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index 88f681af92c..565a3752766 100644 --- a/go.mod +++ b/go.mod @@ -22,7 +22,7 @@ require ( github.com/urfave/cli v1.22.17 github.com/vishvananda/netlink v1.3.1 github.com/vishvananda/netns v0.0.5 - golang.org/x/net v0.46.0 + golang.org/x/net v0.47.0 golang.org/x/sys v0.38.0 google.golang.org/protobuf v1.36.10 ) diff --git a/go.sum b/go.sum index 26bdd2669b5..184770a184f 100644 --- a/go.sum +++ b/go.sum @@ -79,8 +79,8 @@ github.com/vishvananda/netlink v1.3.1 h1:3AEMt62VKqz90r0tmNhog0r/PpWKmrEShJU0wJW github.com/vishvananda/netlink v1.3.1/go.mod h1:ARtKouGSTGchR8aMwmkzC0qiNPrrWO5JS/XMVl45+b4= github.com/vishvananda/netns v0.0.5 h1:DfiHV+j8bA32MFM7bfEunvT8IAqQ/NzSJHtcmW5zdEY= github.com/vishvananda/netns v0.0.5/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM= -golang.org/x/net v0.46.0 h1:giFlY12I07fugqwPuWJi68oOnpfqFnJIJzaIIm2JVV4= -golang.org/x/net v0.46.0/go.mod h1:Q9BGdFy1y4nkUwiLvT5qtyhAnEHgnQ/zd8PfU6nc210= +golang.org/x/net v0.47.0 h1:Mx+4dIFzqraBXUugkia1OOvlD6LemFo1ALMHjrXDOhY= +golang.org/x/net v0.47.0/go.mod h1:/jNxtkgq5yWUGYkaZGqo27cfGZ1c5Nen03aYrrKpVRU= golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= diff --git a/vendor/modules.txt b/vendor/modules.txt index d29e74555c4..4be6b2ece29 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -108,7 +108,7 @@ github.com/vishvananda/netlink/nl # github.com/vishvananda/netns v0.0.5 ## explicit; go 1.17 github.com/vishvananda/netns -# golang.org/x/net v0.46.0 +# golang.org/x/net v0.47.0 ## explicit; go 1.24.0 golang.org/x/net/bpf # golang.org/x/sys v0.38.0 From 5fbc3bb019d89654c43be3c38f8f91df5f17334b Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 13 Nov 2025 00:34:30 -0800 Subject: [PATCH 1121/1176] libct/int: TestFdLeaks: deflake Since the recent CVE fixes, TestFdLeaksSystemd sometimes fails: === RUN TestFdLeaksSystemd exec_test.go:1750: extra fd 9 -> /12224/task/13831/fd exec_test.go:1753: found 1 extra fds after container.Run --- FAIL: TestFdLeaksSystemd (0.10s) It might have been caused by the change to the test code in commit ff6fe13 ("utils: use safe procfs for /proc/self/fd loop code") -- we are now opening a file descriptor during the logic to get a list of file descriptors. If the file descriptor happens to be allocated to a different number, you'll get an error. Let's try to filter out the fd used to read a directory. Signed-off-by: Kir Kolyshkin --- libcontainer/integration/exec_test.go | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/libcontainer/integration/exec_test.go b/libcontainer/integration/exec_test.go index bdb90a0ef73..a6bd389555b 100644 --- a/libcontainer/integration/exec_test.go +++ b/libcontainer/integration/exec_test.go @@ -8,6 +8,7 @@ import ( "os/exec" "path/filepath" "reflect" + "slices" "strconv" "strings" "syscall" @@ -1694,7 +1695,11 @@ func fdList(t *testing.T) []string { fds, err := fdDir.Readdirnames(-1) ok(t, err) - return fds + // Remove the fdDir fd. + extraFd := strconv.Itoa(int(fdDir.Fd())) + return slices.DeleteFunc(fds, func(fd string) bool { + return fd == extraFd + }) } func testFdLeaks(t *testing.T, systemd bool) { @@ -1716,7 +1721,7 @@ func testFdLeaks(t *testing.T, systemd bool) { runContainerOk(t, config, "true") fds1 := fdList(t) - if reflect.DeepEqual(fds0, fds1) { + if slices.Equal(fds0, fds1) { return } // Show the extra opened files. From b209358db392fb5a2a8f25dc458a2283765456df Mon Sep 17 00:00:00 2001 From: lifubang Date: Wed, 19 Nov 2025 02:46:17 +0000 Subject: [PATCH 1122/1176] ci: detect file descriptor leaks as comprehensively as possible Co-authored-by: Aleksa Sarai Signed-off-by: lifubang --- tests/integration/create.bats | 64 +++++++++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+) diff --git a/tests/integration/create.bats b/tests/integration/create.bats index b1693518a99..48b665dc04f 100644 --- a/tests/integration/create.bats +++ b/tests/integration/create.bats @@ -10,6 +10,70 @@ function teardown() { teardown_bundle } +# is_allowed_fdtarget checks whether the target of a file descriptor symlink +# conforms to the allowed whitelist. +# +# This whitelist reflects the set of file descriptors that runc legitimately +# opens during container lifecycle operations (e.g., exec, create, and run). +# If runc's internal behavior changes (e.g., new FD types are introduced), +# this function MUST be updated accordingly to avoid false positives. +# +is_allowed_fdtarget() { + local target="$1" + { + # pty devices for stdio + grep -Ex "/dev/pts/[0-9]+" <<<"$target" || + # eventfd, eventpoll, signalfd, etc. + grep -Ex "anon_inode:\[.+\]" <<<"$target" || + # procfs handle cache (pathrs-lite / libpathrs) + grep -Ex "/(proc)?" <<<"$target" || + # anonymous sockets used for IPC + grep -Ex "socket:\[[0-9]+\]" <<<"$target" || + # anonymous pipes used for I/O forwarding + grep -Ex "pipe:\[[0-9]+\]" <<<"$target" || + # "runc start" synchronisation barrier FIFO + grep -Ex ".*/exec\.fifo" <<<"$target" || + # temporary internal fd used in exec.fifo FIFO reopen (pathrs-lite / libpathrs) + grep -Ex "(/proc)?/1/task/1/fd" <<<"$target" || + # overlayfs binary reference (CVE-2019-5736) + grep -Ex "/runc" <<<"$target" || + # memfd cloned binary (CVE-2019-5736) + grep -Fx "/memfd:runc_cloned:/proc/self/exe (deleted)" <<<"$target" + } >/dev/null + return "$?" +} + +@test "runc create[detect fd leak as comprehensively as possible]" { + runc create --console-socket "$CONSOLE_SOCKET" test_busybox + [ "$status" -eq 0 ] + + testcontainer test_busybox created + + pid=$(__runc state test_busybox | jq '.pid') + violation_found=0 + + while IFS= read -rd '' link; do + fd_name=$(basename "$link") + # Skip . and .. + if [[ "$fd_name" == "." || "$fd_name" == ".." ]]; then + continue + fi + + # Resolve symlink target (use readlink) + target=$(readlink "$link" 2>/dev/null) + if [[ -z "$target" ]]; then + echo "Warning: Cannot read target of $link" + continue + fi + + if ! is_allowed_fdtarget "$target"; then + echo "Violation: FD $fd_name -> '$target'" + violation_found=1 + fi + done < <(find "/proc/$pid/fd" -type l -print0) + [ "$violation_found" -eq 0 ] +} + @test "runc create" { runc create --console-socket "$CONSOLE_SOCKET" test_busybox [ "$status" -eq 0 ] From 69785c117c0edd3d8a7fc94a5241d27d3c74c1e1 Mon Sep 17 00:00:00 2001 From: lifubang Date: Tue, 18 Nov 2025 10:15:29 +0000 Subject: [PATCH 1123/1176] libct: always close m.dstFile in mountToRootfs Signed-off-by: lifubang --- libcontainer/rootfs_linux.go | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index 94b664eeb5a..5128159bc60 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -589,6 +589,12 @@ func (m *mountEntry) createOpenMountpoint(rootfs string) (Err error) { func mountToRootfs(c *mountConfig, m mountEntry) error { rootfs := c.root + defer func() { + if m.dstFile != nil { + _ = m.dstFile.Close() + m.dstFile = nil + } + }() // procfs and sysfs are special because we need to ensure they are actually // mounted on a specific path in a container without any funny business. @@ -629,12 +635,6 @@ func mountToRootfs(c *mountConfig, m mountEntry) error { if err := m.createOpenMountpoint(rootfs); err != nil { return fmt.Errorf("create mountpoint for %s mount: %w", m.Destination, err) } - defer func() { - if m.dstFile != nil { - _ = m.dstFile.Close() - m.dstFile = nil - } - }() switch m.Device { case "mqueue": From 6ac151d69be162631cb03e9107148c03670773df Mon Sep 17 00:00:00 2001 From: lifubang Date: Tue, 18 Nov 2025 04:53:19 +0000 Subject: [PATCH 1124/1176] libct: add a defer fd close in createDeviceNode Signed-off-by: lifubang --- libcontainer/rootfs_linux.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index 5128159bc60..9f2af0a212d 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -995,6 +995,8 @@ func createDeviceNode(rootfs string, node *devices.Device, bind bool) error { if err != nil { return fmt.Errorf("mkdir parent of device inode %q: %w", node.Path, err) } + defer destDir.Close() + if bind { return bindMountDeviceNode(destDir, destName, node) } From 75188fab732d618549293091ea85be1d398c524c Mon Sep 17 00:00:00 2001 From: lifubang Date: Thu, 20 Nov 2025 01:26:58 +0000 Subject: [PATCH 1125/1176] bump github.com/cyphar/filepath-securejoin from 0.6.0 to 0.6.1 Signed-off-by: lifubang --- go.mod | 2 +- go.sum | 4 +- .../cyphar/filepath-securejoin/CHANGELOG.md | 88 +++++++++---------- .../cyphar/filepath-securejoin/VERSION | 2 +- .../pathrs-lite/internal/fd/openat2_linux.go | 4 +- .../gocompat/gocompat_atomic_go119.go | 19 ++++ .../gocompat/gocompat_atomic_unsupported.go | 48 ++++++++++ .../internal/gopathrs/lookup_linux.go | 9 +- .../internal/gopathrs/openat2_linux.go | 1 + .../internal/linux/openat2_linux.go | 16 +++- vendor/modules.txt | 2 +- 11 files changed, 137 insertions(+), 58 deletions(-) create mode 100644 vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gocompat/gocompat_atomic_go119.go create mode 100644 vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gocompat/gocompat_atomic_unsupported.go diff --git a/go.mod b/go.mod index 565a3752766..f53fb4edf3c 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( github.com/checkpoint-restore/go-criu/v7 v7.2.0 github.com/containerd/console v1.0.5 github.com/coreos/go-systemd/v22 v22.6.0 - github.com/cyphar/filepath-securejoin v0.6.0 + github.com/cyphar/filepath-securejoin v0.6.1 github.com/docker/go-units v0.5.0 github.com/godbus/dbus/v5 v5.2.0 github.com/moby/sys/capability v0.4.0 diff --git a/go.sum b/go.sum index 184770a184f..9243ec33314 100644 --- a/go.sum +++ b/go.sum @@ -11,8 +11,8 @@ github.com/coreos/go-systemd/v22 v22.6.0 h1:aGVa/v8B7hpb0TKl0MWoAavPDmHvobFe5R5z github.com/coreos/go-systemd/v22 v22.6.0/go.mod h1:iG+pp635Fo7ZmV/j14KUcmEyWF+0X7Lua8rrTWzYgWU= github.com/cpuguy83/go-md2man/v2 v2.0.7 h1:zbFlGlXEAKlwXpmvle3d8Oe3YnkKIK4xSRTd3sHPnBo= github.com/cpuguy83/go-md2man/v2 v2.0.7/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g= -github.com/cyphar/filepath-securejoin v0.6.0 h1:BtGB77njd6SVO6VztOHfPxKitJvd/VPT+OFBFMOi1Is= -github.com/cyphar/filepath-securejoin v0.6.0/go.mod h1:A8hd4EnAeyujCJRrICiOWqjS1AX0a9kM5XL+NwKoYSc= +github.com/cyphar/filepath-securejoin v0.6.1 h1:5CeZ1jPXEiYt3+Z6zqprSAgSWiggmpVyciv8syjIpVE= +github.com/cyphar/filepath-securejoin v0.6.1/go.mod h1:A8hd4EnAeyujCJRrICiOWqjS1AX0a9kM5XL+NwKoYSc= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= diff --git a/vendor/github.com/cyphar/filepath-securejoin/CHANGELOG.md b/vendor/github.com/cyphar/filepath-securejoin/CHANGELOG.md index 734cf61e322..6d016d05c00 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/CHANGELOG.md +++ b/vendor/github.com/cyphar/filepath-securejoin/CHANGELOG.md @@ -6,49 +6,39 @@ and this project adheres to [Semantic Versioning](http://semver.org/). ## [Unreleased] ## -## [0.6.0] - 2025-11-03 ## +## [0.6.1] - 2025-11-19 ## -> By the Power of Greyskull! +> At last up jumped the cunning spider, and fiercely held her fast. + +### Fixed ### +- Our logic for deciding whether to use `openat2(2)` or fallback to an `O_PATH` + resolver would cache the result to avoid doing needless test runs of + `openat2(2)`. However, this causes issues when `pathrs-lite` is being used by + a program that applies new seccomp-bpf filters onto itself -- if the filter + denies `openat2(2)` then we would return that error rather than falling back + to the `O_PATH` resolver. To resolve this issue, we no longer cache the + result if `openat2(2)` was successful, only if there was an error. +- A file descriptor leak in our `openat2` wrapper (when doing the necessary + `dup` for `RESOLVE_IN_ROOT`) has been removed. -While quite small code-wise, this release marks a very key point in the -development of filepath-securejoin. - -filepath-securejoin was originally intended (back in 2017) to simply be a -single-purpose library that would take some common code used in container -runtimes (specifically, Docker's `FollowSymlinksInScope`) and make it more -general-purpose (with the eventual goals of it ending up in the Go stdlib). - -Of course, I quickly discovered that this problem was actually far more -complicated to solve when dealing with racing attackers, which lead to me -developing `openat2(2)` and [libpathrs][]. I had originally planned for -libpathrs to completely replace filepath-securejoin "once it was ready" but in -the interim we needed to fix several race attacks in runc as part of security -advisories. Obviously we couldn't require the usage of a pre-0.1 Rust library -in runc so it was necessary to port bits of libpathrs into filepath-securejoin. -(Ironically the first prototypes of libpathrs were originally written in Go and -then rewritten to Rust, so the code in filepath-securejoin is actually Go code -that was rewritten to Rust then re-rewritten to Go.) - -It then became clear that pure-Go libraries will likely not be willing to -require CGo for all of their builds, so it was necessary to accept that -filepath-securejoin will need to stay. As such, in v0.5.0 we provided more -pure-Go implementations of features from libpathrs but moved them into -`pathrs-lite` subpackage to clarify what purpose these helpers serve. - -This release finally closes the loop and makes it so that pathrs-lite can -transparently use libpathrs (via a `libpathrs` build-tag). This means that -upstream libraries can use the pure Go version if they prefer, but downstreams -(either downstream library users or even downstream distributions) are able to -migrate to libpathrs for all usages of pathrs-lite in an entire Go binary. - -I should make it clear that I do not plan to port the rest of libpathrs to Go, -as I do not wish to maintain two copies of the same codebase. pathrs-lite -already provides the core essentials necessary to operate on paths safely for -most modern systems. Users who want additional hardening or more ergonomic APIs -are free to use [`cyphar.com/go-pathrs`][go-pathrs] (libpathrs's Go bindings). +## [0.5.2] - 2025-11-19 ## -[libpathrs]: https://github.com/cyphar/libpathrs -[go-pathrs]: https://cyphar.com/go-pathrs +> "Will you walk into my parlour?" said a spider to a fly. + +### Fixed ### +- Our logic for deciding whether to use `openat2(2)` or fallback to an `O_PATH` + resolver would cache the result to avoid doing needless test runs of + `openat2(2)`. However, this causes issues when `pathrs-lite` is being used by + a program that applies new seccomp-bpf filters onto itself -- if the filter + denies `openat2(2)` then we would return that error rather than falling back + to the `O_PATH` resolver. To resolve this issue, we no longer cache the + result if `openat2(2)` was successful, only if there was an error. +- A file descriptor leak in our `openat2` wrapper (when doing the necessary + `dup` for `RESOLVE_IN_ROOT`) has been removed. + +## [0.6.0] - 2025-11-03 ## + +> By the Power of Greyskull! ### Breaking ### - The deprecated `MkdirAll`, `MkdirAllHandle`, `OpenInRoot`, `OpenatInRoot` and @@ -56,12 +46,12 @@ are free to use [`cyphar.com/go-pathrs`][go-pathrs] (libpathrs's Go bindings). directly. ### Added ### -- `pathrs-lite` now has support for using [libpathrs][libpathrs] as a backend. - This is opt-in and can be enabled at build time with the `libpathrs` build - tag. The intention is to allow for downstream libraries and other projects to - make use of the pure-Go `github.com/cyphar/filepath-securejoin/pathrs-lite` - package and distributors can then opt-in to using `libpathrs` for the entire - binary if they wish. +- `pathrs-lite` now has support for using libpathrs as a backend. This is + opt-in and can be enabled at build time with the `libpathrs` build tag. The + intention is to allow for downstream libraries and other projects to make use + of the pure-Go `github.com/cyphar/filepath-securejoin/pathrs-lite` package + and distributors can then opt-in to using `libpathrs` for the entire binary + if they wish. ## [0.5.1] - 2025-10-31 ## @@ -440,8 +430,10 @@ This is our first release of `github.com/cyphar/filepath-securejoin`, containing a full implementation with a coverage of 93.5% (the only missing cases are the error cases, which are hard to mocktest at the moment). -[Unreleased]: https://github.com/cyphar/filepath-securejoin/compare/v0.6.0...HEAD -[0.6.0]: https://github.com/cyphar/filepath-securejoin/compare/v0.5.1...v0.6.0 +[Unreleased]: https://github.com/cyphar/filepath-securejoin/compare/v0.6.1...HEAD +[0.6.1]: https://github.com/cyphar/filepath-securejoin/compare/v0.6.0...v0.6.1 +[0.6.0]: https://github.com/cyphar/filepath-securejoin/compare/v0.5.0...v0.6.0 +[0.5.2]: https://github.com/cyphar/filepath-securejoin/compare/v0.5.1...v0.5.2 [0.5.1]: https://github.com/cyphar/filepath-securejoin/compare/v0.5.0...v0.5.1 [0.5.0]: https://github.com/cyphar/filepath-securejoin/compare/v0.4.1...v0.5.0 [0.4.1]: https://github.com/cyphar/filepath-securejoin/compare/v0.4.0...v0.4.1 diff --git a/vendor/github.com/cyphar/filepath-securejoin/VERSION b/vendor/github.com/cyphar/filepath-securejoin/VERSION index a918a2aa18d..ee6cdce3c29 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/VERSION +++ b/vendor/github.com/cyphar/filepath-securejoin/VERSION @@ -1 +1 @@ -0.6.0 +0.6.1 diff --git a/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/fd/openat2_linux.go b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/fd/openat2_linux.go index 3e937fe3c16..63863647d5b 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/fd/openat2_linux.go +++ b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/fd/openat2_linux.go @@ -39,7 +39,9 @@ const scopedLookupMaxRetries = 128 // Openat2 is an [Fd]-based wrapper around unix.Openat2, but with some retry // logic in case of EAGAIN errors. -func Openat2(dir Fd, path string, how *unix.OpenHow) (*os.File, error) { +// +// NOTE: This is a variable so that the lookup tests can force openat2 to fail. +var Openat2 = func(dir Fd, path string, how *unix.OpenHow) (*os.File, error) { dirFd, fullPath := prepareAt(dir, path) // Make sure we always set O_CLOEXEC. how.Flags |= unix.O_CLOEXEC diff --git a/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gocompat/gocompat_atomic_go119.go b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gocompat/gocompat_atomic_go119.go new file mode 100644 index 00000000000..ac93cb045e1 --- /dev/null +++ b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gocompat/gocompat_atomic_go119.go @@ -0,0 +1,19 @@ +// SPDX-License-Identifier: BSD-3-Clause + +//go:build linux && go1.19 + +// Copyright 2022 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package gocompat + +import ( + "sync/atomic" +) + +// A Bool is an atomic boolean value. +// The zero value is false. +// +// Bool must not be copied after first use. +type Bool = atomic.Bool diff --git a/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gocompat/gocompat_atomic_unsupported.go b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gocompat/gocompat_atomic_unsupported.go new file mode 100644 index 00000000000..21b5b29ada9 --- /dev/null +++ b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gocompat/gocompat_atomic_unsupported.go @@ -0,0 +1,48 @@ +// SPDX-License-Identifier: BSD-3-Clause + +//go:build linux && !go1.19 + +// Copyright (C) 2024-2025 SUSE LLC. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package gocompat + +import ( + "sync/atomic" +) + +// noCopy may be added to structs which must not be copied +// after the first use. +// +// See https://golang.org/issues/8005#issuecomment-190753527 +// for details. +// +// Note that it must not be embedded, due to the Lock and Unlock methods. +type noCopy struct{} + +// Lock is a no-op used by -copylocks checker from `go vet`. +func (*noCopy) Lock() {} + +// b32 returns a uint32 0 or 1 representing b. +func b32(b bool) uint32 { + if b { + return 1 + } + return 0 +} + +// A Bool is an atomic boolean value. +// The zero value is false. +// +// Bool must not be copied after first use. +type Bool struct { + _ noCopy + v uint32 +} + +// Load atomically loads and returns the value stored in x. +func (x *Bool) Load() bool { return atomic.LoadUint32(&x.v) != 0 } + +// Store atomically stores val into x. +func (x *Bool) Store(val bool) { atomic.StoreUint32(&x.v, b32(val)) } diff --git a/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gopathrs/lookup_linux.go b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gopathrs/lookup_linux.go index 56480f0cee1..ad233f14053 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gopathrs/lookup_linux.go +++ b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gopathrs/lookup_linux.go @@ -193,8 +193,13 @@ func lookupInRoot(root fd.Fd, unsafePath string, partial bool) (Handle *os.File, // managed open, along with the remaining path components not opened. // Try to use openat2 if possible. - if linux.HasOpenat2() { - return lookupOpenat2(root, unsafePath, partial) + // + // NOTE: If openat2(2) works normally but fails for this lookup, it is + // probably not a good idea to fall-back to the O_PATH resolver. An + // attacker could find a bug in the O_PATH resolver and uncontionally + // falling back to the O_PATH resolver would form a downgrade attack. + if handle, remainingPath, err := lookupOpenat2(root, unsafePath, partial); err == nil || linux.HasOpenat2() { + return handle, remainingPath, err } // Get the "actual" root path from /proc/self/fd. This is necessary if the diff --git a/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gopathrs/openat2_linux.go b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gopathrs/openat2_linux.go index b80ecd08953..9c5c268f665 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gopathrs/openat2_linux.go +++ b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gopathrs/openat2_linux.go @@ -41,6 +41,7 @@ func openat2(dir fd.Fd, path string, how *unix.OpenHow) (*os.File, error) { if err != nil { return nil, err } + _ = file.Close() file = newFile } } diff --git a/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/linux/openat2_linux.go b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/linux/openat2_linux.go index 399609dc361..dc5f65cef7f 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/linux/openat2_linux.go +++ b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/linux/openat2_linux.go @@ -17,15 +17,27 @@ import ( "github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gocompat" ) +// sawOpenat2Error stores whether we have seen an error from HasOpenat2. This +// is a one-way toggle, so as soon as we see an error we "lock" into that mode. +// We cannot use sync.OnceValue to store the success/fail state once because it +// is possible for the program we are running in to apply a seccomp-bpf filter +// and thus disable openat2 during execution. +var sawOpenat2Error gocompat.Bool + // HasOpenat2 returns whether openat2(2) is supported on the running kernel. -var HasOpenat2 = gocompat.SyncOnceValue(func() bool { +var HasOpenat2 = func() bool { + if sawOpenat2Error.Load() { + return false + } + fd, err := unix.Openat2(unix.AT_FDCWD, ".", &unix.OpenHow{ Flags: unix.O_PATH | unix.O_CLOEXEC, Resolve: unix.RESOLVE_NO_SYMLINKS | unix.RESOLVE_IN_ROOT, }) if err != nil { + sawOpenat2Error.Store(true) // doesn't matter if we race here return false } _ = unix.Close(fd) return true -}) +} diff --git a/vendor/modules.txt b/vendor/modules.txt index 4be6b2ece29..66eae80f57c 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -33,7 +33,7 @@ github.com/coreos/go-systemd/v22/dbus # github.com/cpuguy83/go-md2man/v2 v2.0.7 ## explicit; go 1.12 github.com/cpuguy83/go-md2man/v2/md2man -# github.com/cyphar/filepath-securejoin v0.6.0 +# github.com/cyphar/filepath-securejoin v0.6.1 ## explicit; go 1.18 github.com/cyphar/filepath-securejoin github.com/cyphar/filepath-securejoin/internal/consts From d8706501cfee6d4777371c2bbee97e1a8d13fb14 Mon Sep 17 00:00:00 2001 From: lifubang Date: Fri, 14 Nov 2025 02:56:50 +0000 Subject: [PATCH 1126/1176] integration: verify syscall compatibility after seccomp enforcement Signed-off-by: lifubang --- tests/integration/seccomp.bats | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/tests/integration/seccomp.bats b/tests/integration/seccomp.bats index 748dbd2bfca..db9571e0d67 100644 --- a/tests/integration/seccomp.bats +++ b/tests/integration/seccomp.bats @@ -185,3 +185,16 @@ function flags_value() { [[ "$output" == *"error running startContainer hook"* ]] [[ "$output" == *"bad system call"* ]] } + +@test "runc run [seccomp] (verify syscall compatibility after seccomp enforcement)" { + update_config ' .process.args = ["true"] + | .process.noNewPrivileges = false + | .linux.seccomp = { + "defaultAction":"SCMP_ACT_ALLOW", + "architectures":["SCMP_ARCH_X86","SCMP_ARCH_X32","SCMP_ARCH_X86_64","SCMP_ARCH_AARCH64","SCMP_ARCH_ARM"], + "syscalls":[{"names":["close_range", "fsopen", "fsconfig", "fspick", "openat2", "open_tree", "move_mount", "mount_setattr"], "action":"SCMP_ACT_ERRNO", "errnoRet": 38}] + }' + + runc run test_busybox + [ "$status" -eq 0 ] +} From 257fb71e452a71f14ce5b1c888dd2f2d87391442 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 21 Nov 2025 04:02:45 +0000 Subject: [PATCH 1127/1176] build(deps): bump actions/checkout from 5 to 6 Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v5...v6) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/test.yml | 6 +++--- .github/workflows/validate.yml | 26 +++++++++++++------------- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 1d8ab5cb03d..b9295bf04aa 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -44,7 +44,7 @@ jobs: steps: - name: checkout - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Show host info run: | @@ -155,7 +155,7 @@ jobs: steps: - name: checkout - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: install deps run: | @@ -179,7 +179,7 @@ jobs: timeout-minutes: 30 runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - uses: lima-vm/lima-actions/setup@v1 id: lima-actions-setup diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 3685fa6c03d..1bf393c0b7b 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -17,7 +17,7 @@ jobs: keyring: runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - name: check runc.keyring run: make validate-keyring @@ -29,7 +29,7 @@ jobs: checks: write # to allow the action to annotate code in the PR. runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 with: fetch-depth: 2 - uses: actions/setup-go@v6 @@ -52,7 +52,7 @@ jobs: modernize: runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 with: fetch-depth: 2 - uses: actions/setup-go@v6 @@ -77,7 +77,7 @@ jobs: # Don't ignore C warnings. Note that the output of "go env CGO_CFLAGS" by default is "-g -O2", so we keep them. CGO_CFLAGS: -g -O2 -Werror steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - name: install go uses: actions/setup-go@v6 with: @@ -94,7 +94,7 @@ jobs: codespell: runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - name: install deps # Version of codespell bundled with Ubuntu is way old, so use pip. run: pip install --break-system-packages codespell==v2.4.1 @@ -104,14 +104,14 @@ jobs: shfmt: runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - name: shfmt run: make shfmt shellcheck: runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - name: install shellcheck env: VERSION: v0.10.0 @@ -135,14 +135,14 @@ jobs: space-at-eol: runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - run: rm -fr vendor - run: if git -P grep -I -n '\s$'; then echo "^^^ extra whitespace at EOL, please fix"; exit 1; fi deps: runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - name: install go uses: actions/setup-go@v6 with: @@ -187,7 +187,7 @@ jobs: runs-on: ubuntu-24.04 steps: - name: checkout - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: install deps run: | sudo apt -qq update @@ -200,7 +200,7 @@ jobs: check-go: runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - name: check Go version run: | GO_VER=$(awk -F= '/^ARG\s+GO_VERSION=/ {print $2; quit}' Dockerfile) @@ -215,7 +215,7 @@ jobs: runs-on: ubuntu-24.04 steps: - name: checkout - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: check CHANGELOG.md run: make verify-changelog @@ -243,7 +243,7 @@ jobs: get-images: runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - name: install bashbrew env: BASEURL: https://github.com/docker-library/bashbrew/releases/download From f944ccecb2918731cf8260c46e71c4c400bbc05b Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 6 Oct 2025 13:48:27 -0700 Subject: [PATCH 1128/1176] runc create/run/exec: show fatal errors from init In case early stage of runc init (nsenter) fails for some reason, it logs error(s) with FATAL log level, via bail(). The runc init log is read by a parent (runc create/run/exec) and is logged via normal logrus mechanism, which is all fine and dandy, except when `runc init` fails, we return the error from the parent (which is usually not too helpful, for example): runc run failed: unable to start container process: can't get final child's PID from pipe: EOF Now, the actual underlying error is from runc init and it was logged earlier; here's how full runc output looks like: FATA[0000] nsexec-1[3247792]: failed to unshare remaining namespaces: No space left on device FATA[0000] nsexec-0[3247790]: failed to sync with stage-1: next state ERRO[0000] runc run failed: unable to start container process: can't get final child's PID from pipe: EOF The problem is, upper level runtimes tend to ignore everything except the last line from runc, and thus error reported by e.g. docker is not very helpful. This patch tries to improve the situation by collecting FATAL errors from runc init and appending those to the error returned (instead of logging). With it, the above error will look like this: ERRO[0000] runc run failed: unable to start container process: can't get final child's PID from pipe: EOF; runc init error(s): nsexec-1[141549]: failed to unshare remaining namespaces: No space left on device; nsexec-0[141547]: failed to sync with stage-1: next state Yes, it is long and ugly, but at least the upper level runtime will report it. Signed-off-by: Kir Kolyshkin --- libcontainer/container_linux.go | 21 ++++++++++++-------- libcontainer/logs/logs.go | 35 +++++++++++++++++++++++++-------- 2 files changed, 40 insertions(+), 16 deletions(-) diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index 6168854930e..ad904641723 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -338,8 +338,6 @@ func (c *Container) start(process *Process) (retErr error) { // We do not need the cloned binaries once the process is spawned. defer process.closeClonedExes() - logsDone := parent.forwardChildLogs() - // Before starting "runc init", mark all non-stdio open files as O_CLOEXEC // to make sure we don't leak any files into "runc init". Any files to be // passed to "runc init" through ExtraFiles will get dup2'd by the Go @@ -349,21 +347,28 @@ func (c *Container) start(process *Process) (retErr error) { if err := utils.CloseExecFrom(3); err != nil { return fmt.Errorf("unable to mark non-stdio fds as cloexec: %w", err) } - if err := parent.start(); err != nil { - return fmt.Errorf("unable to start container process: %w", err) - } - if logsDone != nil { + if logsDone := parent.forwardChildLogs(); logsDone != nil { defer func() { // Wait for log forwarder to finish. This depends on // runc init closing the _LIBCONTAINER_LOGPIPE log fd. err := <-logsDone - if err != nil && retErr == nil { - retErr = fmt.Errorf("unable to forward init logs: %w", err) + if err != nil { + // runc init errors are important; make sure retErr has them. + err = fmt.Errorf("runc init error(s): %w", err) + if retErr != nil { + retErr = fmt.Errorf("%w; %w", retErr, err) + } else { + retErr = err + } } }() } + if err := parent.start(); err != nil { + return fmt.Errorf("unable to start container process: %w", err) + } + if process.Init { c.fifo.Close() if c.config.HasHook(configs.Poststart) { diff --git a/libcontainer/logs/logs.go b/libcontainer/logs/logs.go index db12b851820..8cb2ff9aa8a 100644 --- a/libcontainer/logs/logs.go +++ b/libcontainer/logs/logs.go @@ -4,12 +4,16 @@ package logs import ( "bufio" + "bytes" "encoding/json" + "errors" "io" "github.com/sirupsen/logrus" ) +var fatalsSep = []byte("; ") + func ForwardLogs(logPipe io.ReadCloser) chan error { done := make(chan error, 1) s := bufio.NewScanner(logPipe) @@ -25,24 +29,33 @@ func ForwardLogs(logPipe io.ReadCloser) chan error { } go func() { + fatals := []byte{} for s.Scan() { - processEntry(s.Bytes(), logger) + fatals = processEntry(s.Bytes(), logger, fatals) + } + if err := s.Err(); err != nil { + logrus.Errorf("error reading from log source: %v", err) } if err := logPipe.Close(); err != nil { logrus.Errorf("error closing log source: %v", err) } - // The only error we want to return is when reading from - // logPipe has failed. - done <- s.Err() + // The only error we return is fatal messages from runc init. + var err error + if len(fatals) > 0 { + err = errors.New(string(bytes.TrimSuffix(fatals, fatalsSep))) + } + done <- err close(done) }() return done } -func processEntry(text []byte, logger *logrus.Logger) { +// processEntry parses the error and either logs it via the standard logger or, +// if this is a fatal error, appends its text to fatals. +func processEntry(text []byte, logger *logrus.Logger, fatals []byte) []byte { if len(text) == 0 { - return + return fatals } var jl struct { @@ -51,8 +64,14 @@ func processEntry(text []byte, logger *logrus.Logger) { } if err := json.Unmarshal(text, &jl); err != nil { logrus.Errorf("failed to decode %q to json: %v", text, err) - return + return fatals } - logger.Log(jl.Level, jl.Msg) + if jl.Level == logrus.FatalLevel { + fatals = append(fatals, jl.Msg...) + fatals = append(fatals, fatalsSep...) + } else { + logger.Log(jl.Level, jl.Msg) + } + return fatals } From 42a1e19d6788fde798fa960f047afbffbc319f8e Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Sun, 9 Nov 2025 01:40:57 +1100 Subject: [PATCH 1129/1176] libcontainer: move CleanPath and StripRoot to internal/pathrs These helpers will be needed for the compatibility code added in future patches in this series, but because "internal/pathrs" is imported by "libcontainer/utils" we need to move them so that we can avoid circular dependencies. Because the old functions were in a non-internal package it is possible some downstreams use them, so add some wrappers but mark them as deprecated. Signed-off-by: Aleksa Sarai --- internal/pathrs/path.go | 50 +++++++++++++++++ internal/pathrs/path_test.go | 67 +++++++++++++++++++++++ libcontainer/apparmor/apparmor_linux.go | 3 +- libcontainer/factory_linux.go | 4 +- libcontainer/rootfs_linux.go | 14 ++--- libcontainer/specconv/spec_linux.go | 12 ++--- libcontainer/utils/utils.go | 71 ++++++++----------------- libcontainer/utils/utils_test.go | 67 ----------------------- libcontainer/utils/utils_unix.go | 7 +-- 9 files changed, 159 insertions(+), 136 deletions(-) diff --git a/internal/pathrs/path.go b/internal/pathrs/path.go index 1ee7c795d5b..709c3ae3f9d 100644 --- a/internal/pathrs/path.go +++ b/internal/pathrs/path.go @@ -19,6 +19,8 @@ package pathrs import ( + "os" + "path/filepath" "strings" ) @@ -32,3 +34,51 @@ func IsLexicallyInRoot(root, path string) bool { path = strings.TrimRight(path, "/") return strings.HasPrefix(path+"/", root+"/") } + +// LexicallyCleanPath makes a path safe for use with filepath.Join. This is +// done by not only cleaning the path, but also (if the path is relative) +// adding a leading '/' and cleaning it (then removing the leading '/'). This +// ensures that a path resulting from prepending another path will always +// resolve to lexically be a subdirectory of the prefixed path. This is all +// done lexically, so paths that include symlinks won't be safe as a result of +// using CleanPath. +func LexicallyCleanPath(path string) string { + // Deal with empty strings nicely. + if path == "" { + return "" + } + + // Ensure that all paths are cleaned (especially problematic ones like + // "/../../../../../" which can cause lots of issues). + + if filepath.IsAbs(path) { + return filepath.Clean(path) + } + + // If the path isn't absolute, we need to do more processing to fix paths + // such as "../../../..//some/path". We also shouldn't convert absolute + // paths to relative ones. + path = filepath.Clean(string(os.PathSeparator) + path) + // This can't fail, as (by definition) all paths are relative to root. + path, _ = filepath.Rel(string(os.PathSeparator), path) + + return path +} + +// LexicallyStripRoot returns the passed path, stripping the root path if it +// was (lexicially) inside it. Note that both passed paths will always be +// treated as absolute, and the returned path will also always be absolute. In +// addition, the paths are cleaned before stripping the root. +func LexicallyStripRoot(root, path string) string { + // Make the paths clean and absolute. + root, path = LexicallyCleanPath("/"+root), LexicallyCleanPath("/"+path) + switch { + case path == root: + path = "/" + case root == "/": + // do nothing + default: + path = strings.TrimPrefix(path, root+"/") + } + return LexicallyCleanPath("/" + path) +} diff --git a/internal/pathrs/path_test.go b/internal/pathrs/path_test.go index 19d577fba3b..b7fdde6b94a 100644 --- a/internal/pathrs/path_test.go +++ b/internal/pathrs/path_test.go @@ -51,3 +51,70 @@ func TestIsLexicallyInRoot(t *testing.T) { }) } } + +func TestLexicallyCleanPath(t *testing.T) { + path := LexicallyCleanPath("") + if path != "" { + t.Errorf("expected to receive empty string and received %s", path) + } + + path = LexicallyCleanPath("rootfs") + if path != "rootfs" { + t.Errorf("expected to receive 'rootfs' and received %s", path) + } + + path = LexicallyCleanPath("../../../var") + if path != "var" { + t.Errorf("expected to receive 'var' and received %s", path) + } + + path = LexicallyCleanPath("/../../../var") + if path != "/var" { + t.Errorf("expected to receive '/var' and received %s", path) + } + + path = LexicallyCleanPath("/foo/bar/") + if path != "/foo/bar" { + t.Errorf("expected to receive '/foo/bar' and received %s", path) + } + + path = LexicallyCleanPath("/foo/bar/../") + if path != "/foo" { + t.Errorf("expected to receive '/foo' and received %s", path) + } +} + +func TestLexicallyStripRoot(t *testing.T) { + for _, test := range []struct { + root, path, out string + }{ + // Works with multiple components. + {"/a/b", "/a/b/c", "/c"}, + {"/hello/world", "/hello/world/the/quick-brown/fox", "/the/quick-brown/fox"}, + // '/' must be a no-op. + {"/", "/a/b/c", "/a/b/c"}, + // Must be the correct order. + {"/a/b", "/a/c/b", "/a/c/b"}, + // Must be at start. + {"/abc/def", "/foo/abc/def/bar", "/foo/abc/def/bar"}, + // Must be a lexical parent. + {"/foo/bar", "/foo/barSAMECOMPONENT", "/foo/barSAMECOMPONENT"}, + // Must only strip the root once. + {"/foo/bar", "/foo/bar/foo/bar/baz", "/foo/bar/baz"}, + // Deal with .. in a fairly sane way. + {"/foo/bar", "/foo/bar/../baz", "/foo/baz"}, + {"/foo/bar", "../../../../../../foo/bar/baz", "/baz"}, + {"/foo/bar", "/../../../../../../foo/bar/baz", "/baz"}, + {"/foo/bar/../baz", "/foo/baz/bar", "/bar"}, + {"/foo/bar/../baz", "/foo/baz/../bar/../baz/./foo", "/foo"}, + // All paths are made absolute before stripping. + {"foo/bar", "/foo/bar/baz/bee", "/baz/bee"}, + {"/foo/bar", "foo/bar/baz/beef", "/baz/beef"}, + {"foo/bar", "foo/bar/baz/beets", "/baz/beets"}, + } { + got := LexicallyStripRoot(test.root, test.path) + if got != test.out { + t.Errorf("LexicallyStripRoot(%q, %q) -- got %q, expected %q", test.root, test.path, got, test.out) + } + } +} diff --git a/libcontainer/apparmor/apparmor_linux.go b/libcontainer/apparmor/apparmor_linux.go index 2cde88bae7d..9bb4fb2cd2d 100644 --- a/libcontainer/apparmor/apparmor_linux.go +++ b/libcontainer/apparmor/apparmor_linux.go @@ -9,7 +9,6 @@ import ( "golang.org/x/sys/unix" "github.com/opencontainers/runc/internal/pathrs" - "github.com/opencontainers/runc/libcontainer/utils" ) var ( @@ -29,7 +28,7 @@ func isEnabled() bool { } func setProcAttr(attr, value string) error { - attr = utils.CleanPath(attr) + attr = pathrs.LexicallyCleanPath(attr) attrSubPath := "attr/apparmor/" + attr if _, err := os.Stat("/proc/self/" + attrSubPath); errors.Is(err, os.ErrNotExist) { // fall back to the old convention diff --git a/libcontainer/factory_linux.go b/libcontainer/factory_linux.go index b799e4a98a9..70d935c0d38 100644 --- a/libcontainer/factory_linux.go +++ b/libcontainer/factory_linux.go @@ -11,10 +11,10 @@ import ( "github.com/opencontainers/cgroups" "github.com/opencontainers/cgroups/manager" + "github.com/opencontainers/runc/internal/pathrs" "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/configs/validate" "github.com/opencontainers/runc/libcontainer/intelrdt" - "github.com/opencontainers/runc/libcontainer/utils" ) const ( @@ -211,7 +211,7 @@ func validateID(id string) error { } - if string(os.PathSeparator)+id != utils.CleanPath(string(os.PathSeparator)+id) { + if string(os.PathSeparator)+id != pathrs.LexicallyCleanPath(string(os.PathSeparator)+id) { return ErrInvalidID } diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index 9f2af0a212d..f6f58987f07 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -91,7 +91,7 @@ func (m mountEntry) srcStatfs() (*unix.Statfs_t, error) { // needsSetupDev returns true if /dev needs to be set up. func needsSetupDev(config *configs.Config) bool { for _, m := range config.Mounts { - if m.Device == "bind" && utils.CleanPath(m.Destination) == "/dev" { + if m.Device == "bind" && pathrs.LexicallyCleanPath(m.Destination) == "/dev" { return false } } @@ -257,7 +257,7 @@ func finalizeRootfs(config *configs.Config) (err error) { if m.Flags&unix.MS_RDONLY != unix.MS_RDONLY { continue } - if m.Device == "tmpfs" || utils.CleanPath(m.Destination) == "/dev" { + if m.Device == "tmpfs" || pathrs.LexicallyCleanPath(m.Destination) == "/dev" { if err := remountReadonly(m); err != nil { return err } @@ -506,7 +506,7 @@ func statfsToMountFlags(st unix.Statfs_t) int { var errRootfsToFile = errors.New("config tries to change rootfs to file") func (m *mountEntry) createOpenMountpoint(rootfs string) (Err error) { - unsafePath := utils.StripRoot(rootfs, m.Destination) + unsafePath := pathrs.LexicallyStripRoot(rootfs, m.Destination) dstFile, err := pathrs.OpenInRoot(rootfs, unsafePath, unix.O_PATH) defer func() { if dstFile != nil && Err != nil { @@ -553,7 +553,7 @@ func (m *mountEntry) createOpenMountpoint(rootfs string) (Err error) { if err != nil { return err } - unsafePath = utils.StripRoot(rootfs, newUnsafePath) + unsafePath = pathrs.LexicallyStripRoot(rootfs, newUnsafePath) if dstIsFile { dstFile, err = pathrs.CreateInRoot(rootfs, unsafePath, unix.O_CREAT|unix.O_EXCL|unix.O_NOFOLLOW, 0o644) @@ -952,7 +952,7 @@ func createDevices(config *configs.Config) error { for _, node := range config.Devices { // The /dev/ptmx device is setup by setupPtmx() - if utils.CleanPath(node.Path) == "/dev/ptmx" { + if pathrs.LexicallyCleanPath(node.Path) == "/dev/ptmx" { continue } @@ -1392,7 +1392,7 @@ func reopenAfterMount(rootfs string, f *os.File, flags int) (_ *os.File, Err err if !pathrs.IsLexicallyInRoot(rootfs, fullPath) { return nil, fmt.Errorf("mountpoint %q is outside of rootfs %q", fullPath, rootfs) } - unsafePath := utils.StripRoot(rootfs, fullPath) + unsafePath := pathrs.LexicallyStripRoot(rootfs, fullPath) reopened, err := pathrs.OpenInRoot(rootfs, unsafePath, flags) if err != nil { return nil, fmt.Errorf("re-open mountpoint %q: %w", unsafePath, err) @@ -1432,7 +1432,7 @@ func (m *mountEntry) mountPropagate(rootfs string, mountLabel string) error { // operations on it. We need to set up files in "/dev", and other tmpfs // mounts may need to be chmod-ed after mounting. These mounts will be // remounted ro later in finalizeRootfs(), if necessary. - if m.Device == "tmpfs" || utils.CleanPath(m.Destination) == "/dev" { + if m.Device == "tmpfs" || pathrs.LexicallyCleanPath(m.Destination) == "/dev" { flags &= ^unix.MS_RDONLY } diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go index bffd3762c57..957011b4519 100644 --- a/libcontainer/specconv/spec_linux.go +++ b/libcontainer/specconv/spec_linux.go @@ -16,17 +16,17 @@ import ( systemdDbus "github.com/coreos/go-systemd/v22/dbus" dbus "github.com/godbus/dbus/v5" + "github.com/opencontainers/runtime-spec/specs-go" + "github.com/sirupsen/logrus" + "golang.org/x/sys/unix" + "github.com/opencontainers/cgroups" devices "github.com/opencontainers/cgroups/devices/config" "github.com/opencontainers/runc/internal/linux" + "github.com/opencontainers/runc/internal/pathrs" "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/internal/userns" "github.com/opencontainers/runc/libcontainer/seccomp" - libcontainerUtils "github.com/opencontainers/runc/libcontainer/utils" - "github.com/opencontainers/runtime-spec/specs-go" - "github.com/sirupsen/logrus" - - "golang.org/x/sys/unix" ) var ( @@ -802,7 +802,7 @@ func CreateCgroupConfig(opts *CreateOpts, defaultDevs []*devices.Device) (*cgrou if useSystemdCgroup { myCgroupPath = spec.Linux.CgroupsPath } else { - myCgroupPath = libcontainerUtils.CleanPath(spec.Linux.CgroupsPath) + myCgroupPath = pathrs.LexicallyCleanPath(spec.Linux.CgroupsPath) } } diff --git a/libcontainer/utils/utils.go b/libcontainer/utils/utils.go index 88291a0feb6..7943d89f67c 100644 --- a/libcontainer/utils/utils.go +++ b/libcontainer/utils/utils.go @@ -4,11 +4,11 @@ package utils import ( "encoding/json" "io" - "os" - "path/filepath" "strings" "golang.org/x/sys/unix" + + "github.com/opencontainers/runc/internal/pathrs" ) const ( @@ -37,53 +37,6 @@ func WriteJSON(w io.Writer, v any) error { return err } -// CleanPath makes a path safe for use with filepath.Join. This is done by not -// only cleaning the path, but also (if the path is relative) adding a leading -// '/' and cleaning it (then removing the leading '/'). This ensures that a -// path resulting from prepending another path will always resolve to lexically -// be a subdirectory of the prefixed path. This is all done lexically, so paths -// that include symlinks won't be safe as a result of using CleanPath. -func CleanPath(path string) string { - // Deal with empty strings nicely. - if path == "" { - return "" - } - - // Ensure that all paths are cleaned (especially problematic ones like - // "/../../../../../" which can cause lots of issues). - - if filepath.IsAbs(path) { - return filepath.Clean(path) - } - - // If the path isn't absolute, we need to do more processing to fix paths - // such as "../../../..//some/path". We also shouldn't convert absolute - // paths to relative ones. - path = filepath.Clean(string(os.PathSeparator) + path) - // This can't fail, as (by definition) all paths are relative to root. - path, _ = filepath.Rel(string(os.PathSeparator), path) - - return path -} - -// StripRoot returns the passed path, stripping the root path if it was -// (lexicially) inside it. Note that both passed paths will always be treated -// as absolute, and the returned path will also always be absolute. In -// addition, the paths are cleaned before stripping the root. -func StripRoot(root, path string) string { - // Make the paths clean and absolute. - root, path = CleanPath("/"+root), CleanPath("/"+path) - switch { - case path == root: - path = "/" - case root == "/": - // do nothing - default: - path = strings.TrimPrefix(path, root+"/") - } - return CleanPath("/" + path) -} - // SearchLabels searches through a list of key=value pairs for a given key, // returning its value, and the binary flag telling whether the key exist. func SearchLabels(labels []string, key string) (string, bool) { @@ -114,3 +67,23 @@ func Annotations(labels []string) (bundle string, userAnnotations map[string]str } return bundle, userAnnotations } + +// CleanPath makes a path safe for use with filepath.Join. This is done by not +// only cleaning the path, but also (if the path is relative) adding a leading +// '/' and cleaning it (then removing the leading '/'). This ensures that a +// path resulting from prepending another path will always resolve to lexically +// be a subdirectory of the prefixed path. This is all done lexically, so paths +// that include symlinks won't be safe as a result of using CleanPath. +// +// Deprecated: This function has been moved to internal/pathrs and this wrapper +// will be removed in runc 1.5. +var CleanPath = pathrs.LexicallyCleanPath + +// StripRoot returns the passed path, stripping the root path if it was +// (lexicially) inside it. Note that both passed paths will always be treated +// as absolute, and the returned path will also always be absolute. In +// addition, the paths are cleaned before stripping the root. +// +// Deprecated: This function has been moved to internal/pathrs and this wrapper +// will be removed in runc 1.5. +var StripRoot = pathrs.LexicallyStripRoot diff --git a/libcontainer/utils/utils_test.go b/libcontainer/utils/utils_test.go index 4b5fd833cdf..5953118efcc 100644 --- a/libcontainer/utils/utils_test.go +++ b/libcontainer/utils/utils_test.go @@ -70,70 +70,3 @@ func TestWriteJSON(t *testing.T) { t.Errorf("expected to write %s but was %s", expected, b.String()) } } - -func TestCleanPath(t *testing.T) { - path := CleanPath("") - if path != "" { - t.Errorf("expected to receive empty string and received %s", path) - } - - path = CleanPath("rootfs") - if path != "rootfs" { - t.Errorf("expected to receive 'rootfs' and received %s", path) - } - - path = CleanPath("../../../var") - if path != "var" { - t.Errorf("expected to receive 'var' and received %s", path) - } - - path = CleanPath("/../../../var") - if path != "/var" { - t.Errorf("expected to receive '/var' and received %s", path) - } - - path = CleanPath("/foo/bar/") - if path != "/foo/bar" { - t.Errorf("expected to receive '/foo/bar' and received %s", path) - } - - path = CleanPath("/foo/bar/../") - if path != "/foo" { - t.Errorf("expected to receive '/foo' and received %s", path) - } -} - -func TestStripRoot(t *testing.T) { - for _, test := range []struct { - root, path, out string - }{ - // Works with multiple components. - {"/a/b", "/a/b/c", "/c"}, - {"/hello/world", "/hello/world/the/quick-brown/fox", "/the/quick-brown/fox"}, - // '/' must be a no-op. - {"/", "/a/b/c", "/a/b/c"}, - // Must be the correct order. - {"/a/b", "/a/c/b", "/a/c/b"}, - // Must be at start. - {"/abc/def", "/foo/abc/def/bar", "/foo/abc/def/bar"}, - // Must be a lexical parent. - {"/foo/bar", "/foo/barSAMECOMPONENT", "/foo/barSAMECOMPONENT"}, - // Must only strip the root once. - {"/foo/bar", "/foo/bar/foo/bar/baz", "/foo/bar/baz"}, - // Deal with .. in a fairly sane way. - {"/foo/bar", "/foo/bar/../baz", "/foo/baz"}, - {"/foo/bar", "../../../../../../foo/bar/baz", "/baz"}, - {"/foo/bar", "/../../../../../../foo/bar/baz", "/baz"}, - {"/foo/bar/../baz", "/foo/baz/bar", "/bar"}, - {"/foo/bar/../baz", "/foo/baz/../bar/../baz/./foo", "/foo"}, - // All paths are made absolute before stripping. - {"foo/bar", "/foo/bar/baz/bee", "/baz/bee"}, - {"/foo/bar", "foo/bar/baz/beef", "/baz/beef"}, - {"foo/bar", "foo/bar/baz/beets", "/baz/beets"}, - } { - got := StripRoot(test.root, test.path) - if got != test.out { - t.Errorf("StripRoot(%q, %q) -- got %q, expected %q", test.root, test.path, got, test.out) - } - } -} diff --git a/libcontainer/utils/utils_unix.go b/libcontainer/utils/utils_unix.go index a457a09b00e..37ec5993960 100644 --- a/libcontainer/utils/utils_unix.go +++ b/libcontainer/utils/utils_unix.go @@ -13,10 +13,11 @@ import ( _ "unsafe" // for go:linkname securejoin "github.com/cyphar/filepath-securejoin" - "github.com/opencontainers/runc/internal/linux" - "github.com/opencontainers/runc/internal/pathrs" "github.com/sirupsen/logrus" "golang.org/x/sys/unix" + + "github.com/opencontainers/runc/internal/linux" + "github.com/opencontainers/runc/internal/pathrs" ) var ( @@ -153,7 +154,7 @@ func NewSockPair(name string) (parent, child *os.File, err error) { // the passed closure (the file handle will be freed once the closure returns). func WithProcfd(root, unsafePath string, fn func(procfd string) error) error { // Remove the root then forcefully resolve inside the root. - unsafePath = StripRoot(root, unsafePath) + unsafePath = pathrs.LexicallyStripRoot(root, unsafePath) fullPath, err := securejoin.SecureJoin(root, unsafePath) if err != nil { return fmt.Errorf("resolving path inside rootfs failed: %w", err) From 9dbd37e06f8124be6e496308e1735d18f27bb730 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Sun, 9 Nov 2025 02:03:42 +1100 Subject: [PATCH 1130/1176] libct: switch final WithProcfd users to WithProcfdFile This probably should've been done as part of commit d40b3439a961 ("rootfs: switch to fd-based handling of mountpoint targets") but it seems I missed them when doing the rest of the conversions. This also lets us remove utils.WithProcfd entirely, as well as pathrs.MkdirAllInRoot. Unfortunately, WithProcfd was exposed in the externally-importable "libcontainer/utils" package and so we need to have a deprecation notice to remove it in runc 1.5. Signed-off-by: Aleksa Sarai --- internal/pathrs/mkdirall_pathrslite.go | 10 ---------- libcontainer/criu_linux.go | 15 +++++++++++---- libcontainer/rootfs_linux.go | 11 ++++++----- libcontainer/utils/utils_unix.go | 12 ++++++++++-- 4 files changed, 27 insertions(+), 21 deletions(-) diff --git a/internal/pathrs/mkdirall_pathrslite.go b/internal/pathrs/mkdirall_pathrslite.go index a9a0157c681..3fd476fbfc2 100644 --- a/internal/pathrs/mkdirall_pathrslite.go +++ b/internal/pathrs/mkdirall_pathrslite.go @@ -87,13 +87,3 @@ func MkdirAllInRootOpen(root, unsafePath string, mode os.FileMode) (*os.File, er return pathrs.MkdirAllHandle(rootDir, unsafePath, mode) }) } - -// MkdirAllInRoot is a wrapper around MkdirAllInRootOpen which closes the -// returned handle, for callers that don't need to use it. -func MkdirAllInRoot(root, unsafePath string, mode os.FileMode) error { - f, err := MkdirAllInRootOpen(root, unsafePath, mode) - if err == nil { - _ = f.Close() - } - return err -} diff --git a/libcontainer/criu_linux.go b/libcontainer/criu_linux.go index 04e0d5f640f..8abda735497 100644 --- a/libcontainer/criu_linux.go +++ b/libcontainer/criu_linux.go @@ -25,6 +25,7 @@ import ( "google.golang.org/protobuf/proto" "github.com/opencontainers/cgroups" + "github.com/opencontainers/runc/internal/pathrs" "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/utils" ) @@ -555,16 +556,22 @@ func (c *Container) prepareCriuRestoreMounts(mounts []*configs.Mount) error { umounts := []string{} defer func() { for _, u := range umounts { - _ = utils.WithProcfd(c.config.Rootfs, u, func(procfd string) error { - if e := unix.Unmount(procfd, unix.MNT_DETACH); e != nil { - if e != unix.EINVAL { + mntFile, err := pathrs.OpenInRoot(c.config.Rootfs, u, unix.O_PATH) + if err != nil { + logrus.Warnf("Error during cleanup unmounting %s: open handle: %v", u, err) + continue + } + _ = utils.WithProcfdFile(mntFile, func(procfd string) error { + if err := unix.Unmount(procfd, unix.MNT_DETACH); err != nil { + if err != unix.EINVAL { // Ignore EINVAL as it means 'target is not a mount point.' // It probably has already been unmounted. - logrus.Warnf("Error during cleanup unmounting of %s (%s): %v", procfd, u, e) + logrus.Warnf("Error during cleanup unmounting of %s (%s): %v", procfd, u, err) } } return nil }) + _ = mntFile.Close() } }() // Now go through all mounts and create the required mountpoints. diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index f6f58987f07..05a7807e63d 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -329,12 +329,15 @@ func mountCgroupV1(m mountEntry, c *mountConfig) error { // We just created the tmpfs, and so we can just use filepath.Join // here (not to mention we want to make sure we create the path // inside the tmpfs, so we don't want to resolve symlinks). + // TODO: Why not just use b.Destination (c.root is the root here)? subsystemPath := filepath.Join(c.root, b.Destination) subsystemName := filepath.Base(b.Destination) - if err := pathrs.MkdirAllInRoot(c.root, subsystemPath, 0o755); err != nil { + subsystemDir, err := pathrs.MkdirAllInRootOpen(c.root, subsystemPath, 0o755) + if err != nil { return err } - if err := utils.WithProcfd(c.root, b.Destination, func(dstFd string) error { + defer subsystemDir.Close() + if err := utils.WithProcfdFile(subsystemDir, func(dstFd string) error { flags := defaultMountFlags if m.Flags&unix.MS_RDONLY != 0 { flags = flags | unix.MS_RDONLY @@ -1456,9 +1459,7 @@ func (m *mountEntry) mountPropagate(rootfs string, mountLabel string) error { _ = m.dstFile.Close() m.dstFile = newDstFile - // We have to apply mount propagation flags in a separate WithProcfd() call - // because the previous call invalidates the passed procfd -- the mount - // target needs to be re-opened. + // Apply the propagation flags on the new mount. if err := utils.WithProcfdFile(m.dstFile, func(dstFd string) error { for _, pflag := range m.PropagationFlags { if err := mountViaFds("", nil, m.Destination, dstFd, "", uintptr(pflag), ""); err != nil { diff --git a/libcontainer/utils/utils_unix.go b/libcontainer/utils/utils_unix.go index 37ec5993960..af5689e9a2d 100644 --- a/libcontainer/utils/utils_unix.go +++ b/libcontainer/utils/utils_unix.go @@ -152,6 +152,9 @@ func NewSockPair(name string) (parent, child *os.File, err error) { // through the passed fdpath should be safe. Do not access this path through // the original path strings, and do not attempt to use the pathname outside of // the passed closure (the file handle will be freed once the closure returns). +// +// Deprecated: This function is an internal implementation detail of runc and +// is no longer used. It will be removed in runc 1.5. func WithProcfd(root, unsafePath string, fn func(procfd string) error) error { // Remove the root then forcefully resolve inside the root. unsafePath = pathrs.LexicallyStripRoot(root, unsafePath) @@ -181,10 +184,15 @@ func WithProcfd(root, unsafePath string, fn func(procfd string) error) error { return fn(procfd) } -// WithProcfdFile is a very minimal wrapper around [ProcThreadSelfFd], intended -// to make migrating from [WithProcfd] and [WithProcfdPath] usage easier. The +// WithProcfdFile is a very minimal wrapper around [ProcThreadSelfFd]. The // caller is responsible for making sure that the provided file handle is // actually safe to operate on. +// +// NOTE: THIS FUNCTION IS INTERNAL TO RUNC, DO NOT USE IT. +// +// TODO: Migrate the mount logic towards a more move_mount(2)-friendly design +// where this is kind of /proc/self/... tomfoolery is only done in a fallback +// path for old kernels. func WithProcfdFile(file *os.File, fn func(procfd string) error) error { fdpath, closer := ProcThreadSelfFd(file.Fd()) defer closer() From 20c5a8ec4a16b4ad8d10f3b9748f5ba66698bb18 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Sun, 9 Nov 2025 02:26:57 +1100 Subject: [PATCH 1131/1176] pathrs: rename MkdirAllInRootOpen -> MkdirAllInRoot Now that MkdirAllInRoot has been removed, we can make MkdirAllInRootOpen less wordy by renaming it to MkdirAllInRoot. This is a non-functional change. Signed-off-by: Aleksa Sarai --- internal/pathrs/mkdirall_pathrslite.go | 6 +++--- internal/pathrs/root_pathrslite.go | 2 +- libcontainer/rootfs_linux.go | 8 ++++---- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/internal/pathrs/mkdirall_pathrslite.go b/internal/pathrs/mkdirall_pathrslite.go index 3fd476fbfc2..0661273b135 100644 --- a/internal/pathrs/mkdirall_pathrslite.go +++ b/internal/pathrs/mkdirall_pathrslite.go @@ -28,7 +28,7 @@ import ( "golang.org/x/sys/unix" ) -// MkdirAllInRootOpen attempts to make +// MkdirAllInRoot attempts to make // // path, _ := securejoin.SecureJoin(root, unsafePath) // os.MkdirAll(path, mode) @@ -49,10 +49,10 @@ import ( // handling if unsafePath has already been scoped within the rootfs (this is // needed for a lot of runc callers and fixing this would require reworking a // lot of path logic). -func MkdirAllInRootOpen(root, unsafePath string, mode os.FileMode) (*os.File, error) { +func MkdirAllInRoot(root, unsafePath string, mode os.FileMode) (*os.File, error) { // If the path is already "within" the root, get the path relative to the // root and use that as the unsafe path. This is necessary because a lot of - // MkdirAllInRootOpen callers have already done SecureJoin, and refactoring + // MkdirAllInRoot callers have already done SecureJoin, and refactoring // all of them to stop using these SecureJoin'd paths would require a fair // amount of work. // TODO(cyphar): Do the refactor to libpathrs once it's ready. diff --git a/internal/pathrs/root_pathrslite.go b/internal/pathrs/root_pathrslite.go index 9e69e8d6c54..4e310ff6d54 100644 --- a/internal/pathrs/root_pathrslite.go +++ b/internal/pathrs/root_pathrslite.go @@ -55,7 +55,7 @@ func CreateInRoot(root, subpath string, flags int, fileMode uint32) (*os.File, e return nil, fmt.Errorf("create in root subpath %q has bad trailing component %q", subpath, filename) } - dirFd, err := MkdirAllInRootOpen(root, dir, 0o755) + dirFd, err := MkdirAllInRoot(root, dir, 0o755) if err != nil { return nil, err } diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index 05a7807e63d..5b46a1efddf 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -332,7 +332,7 @@ func mountCgroupV1(m mountEntry, c *mountConfig) error { // TODO: Why not just use b.Destination (c.root is the root here)? subsystemPath := filepath.Join(c.root, b.Destination) subsystemName := filepath.Base(b.Destination) - subsystemDir, err := pathrs.MkdirAllInRootOpen(c.root, subsystemPath, 0o755) + subsystemDir, err := pathrs.MkdirAllInRoot(c.root, subsystemPath, 0o755) if err != nil { return err } @@ -561,7 +561,7 @@ func (m *mountEntry) createOpenMountpoint(rootfs string) (Err error) { if dstIsFile { dstFile, err = pathrs.CreateInRoot(rootfs, unsafePath, unix.O_CREAT|unix.O_EXCL|unix.O_NOFOLLOW, 0o644) } else { - dstFile, err = pathrs.MkdirAllInRootOpen(rootfs, unsafePath, 0o755) + dstFile, err = pathrs.MkdirAllInRoot(rootfs, unsafePath, 0o755) } if err != nil { return fmt.Errorf("make mountpoint %q: %w", m.Destination, err) @@ -623,7 +623,7 @@ func mountToRootfs(c *mountConfig, m mountEntry) error { } else if !fi.IsDir() { return fmt.Errorf("filesystem %q must be mounted on ordinary directory", m.Device) } - dstFile, err := pathrs.MkdirAllInRootOpen(rootfs, dest, 0o755) + dstFile, err := pathrs.MkdirAllInRoot(rootfs, dest, 0o755) if err != nil { return err } @@ -994,7 +994,7 @@ func createDeviceNode(rootfs string, node *devices.Device, bind bool) error { return fmt.Errorf("%w: mknod over rootfs", errRootfsToFile) } destDirPath, destName := filepath.Split(destPath) - destDir, err := pathrs.MkdirAllInRootOpen(rootfs, destDirPath, 0o755) + destDir, err := pathrs.MkdirAllInRoot(rootfs, destDirPath, 0o755) if err != nil { return fmt.Errorf("mkdir parent of device inode %q: %w", node.Path, err) } From cfb74326be5865b13bd91c4374b2fb6a70838c59 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Sun, 9 Nov 2025 01:41:10 +1100 Subject: [PATCH 1132/1176] pathrs: add "hallucination" helpers for SecureJoin magic In order to maintain compatibility with previous releases of runc (which permitted dangling symlinks as path components by permitting non-existent path components to be treated like real directories) we have to first do SecureJoin to construct a target path that is compatible with the old behaviour but has all dangling symlinks (or other invalid paths like ".." components after non-existent directories) removed. This is effectively a more generic verison of commit 3f925525b44d ("rootfs: re-allow dangling symlinks in mount targets") and will let us remove the need for open-coding SecureJoin workarounds. Signed-off-by: Aleksa Sarai --- internal/pathrs/mkdirall_pathrslite.go | 16 +++---------- internal/pathrs/path.go | 32 ++++++++++++++++++++++++++ internal/pathrs/root_pathrslite.go | 5 ++++ libcontainer/rootfs_linux.go | 12 ---------- 4 files changed, 40 insertions(+), 25 deletions(-) diff --git a/internal/pathrs/mkdirall_pathrslite.go b/internal/pathrs/mkdirall_pathrslite.go index 0661273b135..c2578e051fe 100644 --- a/internal/pathrs/mkdirall_pathrslite.go +++ b/internal/pathrs/mkdirall_pathrslite.go @@ -21,7 +21,6 @@ package pathrs import ( "fmt" "os" - "path/filepath" "github.com/cyphar/filepath-securejoin/pathrs-lite" "github.com/sirupsen/logrus" @@ -50,18 +49,9 @@ import ( // needed for a lot of runc callers and fixing this would require reworking a // lot of path logic). func MkdirAllInRoot(root, unsafePath string, mode os.FileMode) (*os.File, error) { - // If the path is already "within" the root, get the path relative to the - // root and use that as the unsafe path. This is necessary because a lot of - // MkdirAllInRoot callers have already done SecureJoin, and refactoring - // all of them to stop using these SecureJoin'd paths would require a fair - // amount of work. - // TODO(cyphar): Do the refactor to libpathrs once it's ready. - if IsLexicallyInRoot(root, unsafePath) { - subPath, err := filepath.Rel(root, unsafePath) - if err != nil { - return nil, err - } - unsafePath = subPath + unsafePath, err := hallucinateUnsafePath(root, unsafePath) + if err != nil { + return nil, fmt.Errorf("failed to construct hallucinated target path: %w", err) } // Check for any silly mode bits. diff --git a/internal/pathrs/path.go b/internal/pathrs/path.go index 709c3ae3f9d..77be9892411 100644 --- a/internal/pathrs/path.go +++ b/internal/pathrs/path.go @@ -22,6 +22,8 @@ import ( "os" "path/filepath" "strings" + + securejoin "github.com/cyphar/filepath-securejoin" ) // IsLexicallyInRoot is shorthand for strings.HasPrefix(path+"/", root+"/"), @@ -82,3 +84,33 @@ func LexicallyStripRoot(root, path string) string { } return LexicallyCleanPath("/" + path) } + +// hallucinateUnsafePath creates a new unsafePath which has all symlinks +// (including dangling symlinks) fully resolved and any non-existent components +// treated as though they are real. This is effectively just a wrapper around +// [securejoin.SecureJoin] that strips the root. This path *IS NOT* safe to use +// as-is, you *MUST* operate on the returned path with pathrs-lite. +// +// The reason for this methods is that in previous runc versions, we would +// tolerate nonsense paths with dangling symlinks as path components. +// pathrs-lite does not support this, so instead we have to emulate this +// behaviour by doing SecureJoin *purely to get a semi-reasonable path to use* +// and then we use pathrs-lite to operate on the path safely. +// +// It would be quite difficult to emulate this in a race-free way in +// pathrs-lite, so instead we use [securejoin.SecureJoin] to simply produce a +// new candidate path for operations like [MkdirAllInRoot] so they can then +// operate on the new unsafePath as if it was what the user requested. +// +// If unsafePath is already lexically inside root, it is stripped before +// re-resolving it (this is done to ensure compatibility with legacy callers +// within runc that call SecureJoin before calling into pathrs). +func hallucinateUnsafePath(root, unsafePath string) (string, error) { + unsafePath = LexicallyStripRoot(root, unsafePath) + weirdPath, err := securejoin.SecureJoin(root, unsafePath) + if err != nil { + return "", err + } + unsafePath = LexicallyStripRoot(root, weirdPath) + return unsafePath, nil +} diff --git a/internal/pathrs/root_pathrslite.go b/internal/pathrs/root_pathrslite.go index 4e310ff6d54..0d91484193c 100644 --- a/internal/pathrs/root_pathrslite.go +++ b/internal/pathrs/root_pathrslite.go @@ -50,6 +50,11 @@ func OpenInRoot(root, subpath string, flags int) (*os.File, error) { // include it in the passed flags. The fileMode argument uses unix.* mode bits, // *not* os.FileMode. func CreateInRoot(root, subpath string, flags int, fileMode uint32) (*os.File, error) { + subpath, err := hallucinateUnsafePath(root, subpath) + if err != nil { + return nil, fmt.Errorf("failed to construct hallucinated target path: %w", err) + } + dir, filename := filepath.Split(subpath) if filepath.Join("/", filename) == "/" { return nil, fmt.Errorf("create in root subpath %q has bad trailing component %q", subpath, filename) diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index 5b46a1efddf..16eccd256aa 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -546,18 +546,6 @@ func (m *mountEntry) createOpenMountpoint(rootfs string) (Err error) { } dstIsFile = !fi.IsDir() } - - // In previous runc versions, we would tolerate nonsense paths with - // dangling symlinks as path components. pathrs-lite does not support - // this, so instead we have to emulate this behaviour by doing - // SecureJoin *purely to get a semi-reasonable path to use* and then we - // use pathrs-lite to operate on the path safely. - newUnsafePath, err := securejoin.SecureJoin(rootfs, unsafePath) - if err != nil { - return err - } - unsafePath = pathrs.LexicallyStripRoot(rootfs, newUnsafePath) - if dstIsFile { dstFile, err = pathrs.CreateInRoot(rootfs, unsafePath, unix.O_CREAT|unix.O_EXCL|unix.O_NOFOLLOW, 0o644) } else { From 195e9551e4200b9f6c59d8ee51ccd1fc92ae137e Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Sun, 9 Nov 2025 04:36:49 +1100 Subject: [PATCH 1133/1176] pathrs: add MkdirAllParentInRoot helper While CreateInRoot supports hallucinating the target path, we do not use it directly when constructing device inode targets because we need to have different handling for mknod and bind-mounts. The solution is to simply have a more generic MkdirAllParentInRoot helper that MkdirAll's the parent directory of the target path and then allows the caller to create the trailing component however they like. (This can be used by CreateInRoot internally as well!) Signed-off-by: Aleksa Sarai --- internal/pathrs/mkdirall.go | 51 ++++++++++++++++++++++++++++++ internal/pathrs/root_pathrslite.go | 14 +------- libcontainer/rootfs_linux.go | 13 +------- 3 files changed, 53 insertions(+), 25 deletions(-) create mode 100644 internal/pathrs/mkdirall.go diff --git a/internal/pathrs/mkdirall.go b/internal/pathrs/mkdirall.go new file mode 100644 index 00000000000..3a896f48415 --- /dev/null +++ b/internal/pathrs/mkdirall.go @@ -0,0 +1,51 @@ +// SPDX-License-Identifier: Apache-2.0 +/* + * Copyright (C) 2024-2025 Aleksa Sarai + * Copyright (C) 2024-2025 SUSE LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package pathrs + +import ( + "fmt" + "os" + "path/filepath" +) + +// MkdirAllParentInRoot is like [MkdirAllInRoot] except that it only creates +// the parent directory of the target path, returning the trailing component so +// the caller has more flexibility around constructing the final inode. +// +// Callers need to be very careful operating on the trailing path, as trivial +// mistakes like following symlinks can cause security bugs. Most people +// should probably just use [MkdirAllInRoot] or [CreateInRoot]. +func MkdirAllParentInRoot(root, unsafePath string, mode os.FileMode) (*os.File, string, error) { + // MkdirAllInRoot also does hallucinateUnsafePath, but we need to do it + // here first because when we split unsafePath into (dir, file) components + // we want to be doing so with the hallucinated path (so that trailing + // dangling symlinks are treated correctly). + unsafePath, err := hallucinateUnsafePath(root, unsafePath) + if err != nil { + return nil, "", fmt.Errorf("failed to construct hallucinated target path: %w", err) + } + + dirPath, filename := filepath.Split(unsafePath) + if filepath.Join("/", filename) == "/" { + return nil, "", fmt.Errorf("create parent dir in root subpath %q has bad trailing component %q", unsafePath, filename) + } + + dirFd, err := MkdirAllInRoot(root, dirPath, mode) + return dirFd, filename, err +} diff --git a/internal/pathrs/root_pathrslite.go b/internal/pathrs/root_pathrslite.go index 0d91484193c..51db77440d7 100644 --- a/internal/pathrs/root_pathrslite.go +++ b/internal/pathrs/root_pathrslite.go @@ -19,9 +19,7 @@ package pathrs import ( - "fmt" "os" - "path/filepath" "github.com/cyphar/filepath-securejoin/pathrs-lite" "golang.org/x/sys/unix" @@ -50,17 +48,7 @@ func OpenInRoot(root, subpath string, flags int) (*os.File, error) { // include it in the passed flags. The fileMode argument uses unix.* mode bits, // *not* os.FileMode. func CreateInRoot(root, subpath string, flags int, fileMode uint32) (*os.File, error) { - subpath, err := hallucinateUnsafePath(root, subpath) - if err != nil { - return nil, fmt.Errorf("failed to construct hallucinated target path: %w", err) - } - - dir, filename := filepath.Split(subpath) - if filepath.Join("/", filename) == "/" { - return nil, fmt.Errorf("create in root subpath %q has bad trailing component %q", subpath, filename) - } - - dirFd, err := MkdirAllInRoot(root, dir, 0o755) + dirFd, filename, err := MkdirAllParentInRoot(root, subpath, 0o755) if err != nil { return nil, err } diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index 16eccd256aa..040ef3f6067 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -12,7 +12,6 @@ import ( "syscall" "time" - securejoin "github.com/cyphar/filepath-securejoin" "github.com/cyphar/filepath-securejoin/pathrs-lite/procfs" "github.com/moby/sys/mountinfo" "github.com/moby/sys/userns" @@ -506,8 +505,6 @@ func statfsToMountFlags(st unix.Statfs_t) int { return flags } -var errRootfsToFile = errors.New("config tries to change rootfs to file") - func (m *mountEntry) createOpenMountpoint(rootfs string) (Err error) { unsafePath := pathrs.LexicallyStripRoot(rootfs, m.Destination) dstFile, err := pathrs.OpenInRoot(rootfs, unsafePath, unix.O_PATH) @@ -974,15 +971,7 @@ func createDeviceNode(rootfs string, node *devices.Device, bind bool) error { // The node only exists for cgroup reasons, ignore it here. return nil } - destPath, err := securejoin.SecureJoin(rootfs, node.Path) - if err != nil { - return err - } - if destPath == rootfs { - return fmt.Errorf("%w: mknod over rootfs", errRootfsToFile) - } - destDirPath, destName := filepath.Split(destPath) - destDir, err := pathrs.MkdirAllInRoot(rootfs, destDirPath, 0o755) + destDir, destName, err := pathrs.MkdirAllParentInRoot(rootfs, node.Path, 0o755) if err != nil { return fmt.Errorf("mkdir parent of device inode %q: %w", node.Path, err) } From 15d7c214cde94884c3dc875974d7cbc231a726f0 Mon Sep 17 00:00:00 2001 From: lifubang Date: Mon, 17 Nov 2025 15:23:23 +0000 Subject: [PATCH 1134/1176] integration: add some tests for bind mount through dangling symlinks We intentionally broke this in commit d40b3439a961 ("rootfs: switch to fd-based handling of mountpoint targets") under the assumption that most users do not need this feature. Sadly it turns out they do, and so commit 3f925525b44d ("rootfs: re-allow dangling symlinks in mount targets") added a hotfix to re-add this functionality. This patch adds some much-needed tests for this behaviour, since it seems we are going to need to keep this for compatibility reasons (at least until runc v2...). Co-developed-by: lifubang Signed-off-by: Aleksa Sarai --- tests/integration/mounts.bats | 58 +++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) diff --git a/tests/integration/mounts.bats b/tests/integration/mounts.bats index b60c88ae27c..6bab15727a3 100644 --- a/tests/integration/mounts.bats +++ b/tests/integration/mounts.bats @@ -127,6 +127,42 @@ function test_mount_order() { [[ "$output" == *"a/x"* ]] # the final "file" was from a/x. } +# This needs to be placed at the top of the bats file to work around +# a shellcheck bug. See . +test_mount_target() { + src="$1" + dst="$2" + real_dst="${3:-$dst}" + + echo "== $src -> $dst (=> $real_dst) ==" + + old_config="$(mktemp ./config.json.bak.XXXXXX)" + cp ./config.json "$old_config" + + update_config '.mounts += [{ + source: "'"$src"'", + destination: "'"$dst"'", + options: ["bind"] + }]' + + # Make sure the target path is at the right spot and is actually a + # bind-mount of the correct inode. + update_config '.process.args = ["stat", "-c", "%n %d:%i", "--", "'"$real_dst"'"]' + runc run test_busybox + [ "$status" -eq 0 ] + [[ "$output" == "$real_dst $(stat -c "%d:%i" -- "$src")" ]] + + # Make sure there is a mount entry for the target path. + # shellcheck disable=SC2016 + update_config '.process.args = ["awk", "-F", "PATH='"$real_dst"'", "$2 == PATH", "/proc/self/mounts"]' + runc run test_busybox + [ "$status" -eq 0 ] + [[ "$output" == *"$real_dst"* ]] + + # Switch back the old config so this function can be called multiple times. + mv "$old_config" "./config.json" +} + # https://github.com/opencontainers/runc/issues/3991 @test "runc run [tmpcopyup]" { mkdir -p rootfs/dir1/dir2 @@ -343,3 +379,25 @@ function test_mount_order() { @test "runc run [mount order, container idmap source] (userns)" { test_mount_order userns,idmap } + +@test "runc run [bind mount through a dangling symlink component]" { + rm -rf rootfs/etc/hosts + ln -s /tmp/foo/bar rootfs/jump + ln -s /jump/baz/hosts rootfs/etc/hosts + + rm -rf rootfs/tmp/foo + test_mount_target ./config.json /etc/hosts /tmp/foo/bar/baz/hosts +} + +@test "runc run [bind mount through a trailing dangling symlink]" { + rm -rf rootfs/etc/hosts + ln -s /tmp/hosts rootfs/etc/hosts + + # File. + rm -rf rootfs/tmp/hosts + test_mount_target ./config.json /etc/hosts /tmp/hosts + + # Directory. + rm -rf rootfs/tmp/hosts + test_mount_target . /etc/hosts /tmp/hosts +} From 48de3431a1e0f8f2eeaac72fccda282eb13da240 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Fri, 28 Nov 2025 11:04:33 +1100 Subject: [PATCH 1135/1176] CHANGELOG: forward-port changelog entries Signed-off-by: Aleksa Sarai --- CHANGELOG.md | 223 +++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 218 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 49649793c9e..aa47bc838d0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,9 +6,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] -### libcontainer API -- The deprecated `libcontainer/userns` package has been removed; use - `github.com/moby/sys/userns` instead. +## [1.4.0] - 2025-11-27 + +> 路漫漫其修远兮,å¾å°†ä¸ä¸‹è€Œæ±‚ç´¢ï¼ + +### Deprecated ### +- Deprecate cgroup v1. (#4956) +- Deprecate `CleanPath`, `StripRoot`, `WithProcfd`, and `WithProcfdFile` from + `libcontainer/utils`. (#4985) ### Breaking ### - The handling of `pids.limit` has been updated to match the newer guidance @@ -25,6 +30,205 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - cgroups: improve `cpuacct.usage_all` resilience when parsing data from patched kernels (such as the Tencent kernels). (opencontainers/cgroups#46, opencontainers/cgroups#50) +- libct: close child fds on `prepareCgroupFD` error. (#4936) +- libct: fix mips compilation. (#4962, #4967) +- When configuring a `tmpfs` mount, only set the `mode=` argument if the target + path already existed. This fixes a regression introduced in our + [CVE-2025-52881][] mitigation patches. (#4971, #4976) +- Fix various file descriptor leaks and add additional tests to detect them as + comprehensively as possible. (#5007, #5021, #5034) +- The "hallucination" helpers added as part of the [CVE-2025-52881][] + mitigation have been made more generic and now apply to all of our `pathrs` + helper functions, which should ensure we will not regress dangling symlink + users. (#4985) + +### Changed +- libct: switch to `(*CPUSet).Fill`. (#4927) +- docs/spec-conformance.md: update for spec v1.3.0. (#4948) + +[CVE-2025-52881]: https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm + +## [1.3.4] - 2025-11-27 + +> Take me to your heart, take me to your soul. + +### Fixed + * libct: fix mips compilation. (#4962, #4966) + * When configuring a `tmpfs` mount, only set the `mode=` argument if the + target path already existed. This fixes a regression introduced in our + [CVE-2025-52881][] mitigation patches. (#4971, #4976) + * Fix various file descriptor leaks and add additional tests to detect them as + comprehensively as possible. (#5007, #5021, #5034) + +### Changed + * Downgrade `github.com/cyphar/filepath-securejoin` dependency to `v0.5.2`, + which should make it easier for some downstreams to import `runc` without + pulling in too many extra packages. (#5028) + +[CVE-2025-52881]: https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm + +## [1.2.9] - 2025-11-27 + +> Stars hide your fires, let me rest tonight. + +### Fixed + * libct: fix mips compilation. (#4962, #4965) + * When configuring a `tmpfs` mount, only set the `mode=` argument if the + target path already existed. This fixes a regression introduced in our + [CVE-2025-52881][] mitigation patches. (#4971, #4974) + * Fix various file descriptor leaks and add additional tests to detect them as + comprehensively as possible. (#5007, #5021, #5027) + +### Changed + * Downgrade `github.com/cyphar/filepath-securejoin` dependency to `v0.5.2`, + which should make it easier for some downstreams to import `runc` without + pulling in too many extra packages. (#5027) + +[CVE-2025-52881]: https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm + +## [1.4.0-rc.3] - 2025-11-05 + +> ăă®æ—¥ă€äººé¡ă¯æ€ă„出ă—ăŸă€‚ + +### Security + +This release includes fixes for the following high-severity security issues: + +* [CVE-2025-31133][] exploits an issue with how masked paths are implemented in + runc. When masking files, runc will bind-mount the container's `/dev/null` + inode on top of the file. However, if an attacker can replace `/dev/null` + with a symlink to some other procfs file, runc will instead bind-mount the + symlink target read-write. This issue affected all known runc versions. + +* [CVE-2025-52565][] is very similar in concept and application to + [CVE-2025-31133][], except that it exploits a flaw in `/dev/console` + bind-mounts. When creating the `/dev/console` bind-mount (to `/dev/pts/$n`), + if an attacker replaces `/dev/pts/$n` with a symlink then runc will + bind-mount the symlink target over `/dev/console`. This issue affected all + versions of runc >= 1.0.0-rc3. + +* [CVE-2025-52881][] is a more sophisticated variant of [CVE-2019-19921][], + which was a flaw that allowed an attacker to trick runc into writing the LSM + process labels for a container process into a dummy tmpfs file and thus not + apply the correct LSM labels to the container process. The mitigation we + applied for [CVE-2019-19921][] was fairly limited and effectively only caused + runc to verify that when we write LSM labels that those labels are actual + procfs files. This issue affects all known runc versions. + +### Fixed + * Switched to `(*CPUSet).Fill` rather than our hacky optimisation when + resetting the CPU affinity of runc. (#4926, #4927) + * Correctly close child fds during `(*setns).start` if an error occurs. + (#4930, #4936) + +[CVE-2019-19921]: https://github.com/opencontainers/runc/security/advisories/GHSA-fh74-hm69-rqjw +[CVE-2025-31133]: https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2 +[CVE-2025-52565]: https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r +[CVE-2025-52881]: https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm + +## [1.3.3] - 2025-11-05 + +> å¥´ă‚‰ă«æ”¯é…ă•ă‚Œă¦ă„ăŸææ€–ă‚’ + +### Security + +This release includes fixes for the following high-severity security issues: + +* [CVE-2025-31133][] exploits an issue with how masked paths are implemented in + runc. When masking files, runc will bind-mount the container's `/dev/null` + inode on top of the file. However, if an attacker can replace `/dev/null` + with a symlink to some other procfs file, runc will instead bind-mount the + symlink target read-write. This issue affected all known runc versions. + +* [CVE-2025-52565][] is very similar in concept and application to + [CVE-2025-31133][], except that it exploits a flaw in `/dev/console` + bind-mounts. When creating the `/dev/console` bind-mount (to `/dev/pts/$n`), + if an attacker replaces `/dev/pts/$n` with a symlink then runc will + bind-mount the symlink target over `/dev/console`. This issue affected all + versions of runc >= 1.0.0-rc3. + +* [CVE-2025-52881][] is a more sophisticated variant of [CVE-2019-19921][], + which was a flaw that allowed an attacker to trick runc into writing the LSM + process labels for a container process into a dummy tmpfs file and thus not + apply the correct LSM labels to the container process. The mitigation we + applied for [CVE-2019-19921][] was fairly limited and effectively only caused + runc to verify that when we write LSM labels that those labels are actual + procfs files. This issue affects all known runc versions. + +### Added + +* `runc update` now supports configuring per-device weights and iops. (#4775, + #4807, #4825, #4931) + +[CVE-2019-19921]: https://github.com/opencontainers/runc/security/advisories/GHSA-fh74-hm69-rqjw +[CVE-2025-31133]: https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2 +[CVE-2025-52565]: https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r +[CVE-2025-52881]: https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm + +## [1.2.8] - 2025-11-05 + +> 鳥籠ă®ä¸­ă«å›ă‚ă‚ŒăŸå±ˆè¾±ă‚’ + +### Security + +This release includes fixes for the following high-severity security issues: + +* [CVE-2025-31133][] exploits an issue with how masked paths are implemented in + runc. When masking files, runc will bind-mount the container's `/dev/null` + inode on top of the file. However, if an attacker can replace `/dev/null` + with a symlink to some other procfs file, runc will instead bind-mount the + symlink target read-write. This issue affected all known runc versions. + +* [CVE-2025-52565][] is very similar in concept and application to + [CVE-2025-31133][], except that it exploits a flaw in `/dev/console` + bind-mounts. When creating the `/dev/console` bind-mount (to `/dev/pts/$n`), + if an attacker replaces `/dev/pts/$n` with a symlink then runc will + bind-mount the symlink target over `/dev/console`. This issue affected all + versions of runc >= 1.0.0-rc3. + +* [CVE-2025-52881][] is a more sophisticated variant of [CVE-2019-19921][], + which was a flaw that allowed an attacker to trick runc into writing the LSM + process labels for a container process into a dummy tmpfs file and thus not + apply the correct LSM labels to the container process. The mitigation we + applied for [CVE-2019-19921][] was fairly limited and effectively only caused + runc to verify that when we write LSM labels that those labels are actual + procfs files. This issue affects all known runc versions. + +[CVE-2019-19921]: https://github.com/opencontainers/runc/security/advisories/GHSA-fh74-hm69-rqjw +[CVE-2025-31133]: https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2 +[CVE-2025-52565]: https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r +[CVE-2025-52881]: https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm + +## [1.4.0-rc.2] - 2025-10-10 + +> ç§ă®å½¹ç›®ă¯ä¿¡ă˜ă‚‹ă‹ă©ă†ă‹ă§ă¯ăªă„ă€‚è¡Œă†ă‹ă©ă†ă‹ă ă€‚ + +### libcontainer API + * The deprecated `libcontainer/userns` package has been removed; use + `github.com/moby/sys/userns` instead. (#4910, #4911) + +### Added + * Allow setting `user.*` sysctls for user-namespaced containers, as they are + namespaced and thus safe to configure. (#4889, #4892) + * Add support for using `clone3(2)`'s `CLONE_INTO_CGROUP` flag when + configuring the `runc exec` process. This also included some internal + changes to how we add processes to containers. (#4822, #4812, #4920) + * Add support for configuring the NUMA pmemory policy for a container with + `set_mempolicy(2)`. (opencontainers/runtime-spec#1282, #4726, #4915) + * Add support for `intelRdt.schemata` to allow for configuration of all + schemas in `resctrl`. (opencontainers/runtime-spec#1230, #4830, #4915) + * Add support for `intelRdt.enableMonitoring` to allow for per-container + `resctrl` monitoring. This replaces the old `intelRdt.enableCMT` and + `intelRdt.enableMBM` options which were never implemented by runc and have + been removed from the runtime-spec. (opencontainers/runtime-spec#1287, + #4832, #4921) + +### Fixed + * Configure `personality(2)` before applying seccomp profiles. (#4900, #4903) + * Fixed integration test failure on ppc64, caused by 64K page size so the + kernel was rounding memory limit to 64K. (#4841, #4895, #4893) + * seccompagent: fix fd close loop to prevent closing stdio in the error path. + (#4913, #4923) ## [1.4.0-rc.1] - 2025-09-05 @@ -1320,7 +1524,9 @@ implementation (libcontainer) is *not* covered by this policy. [1.1.0-rc.1]: https://github.com/opencontainers/runc/compare/v1.0.0...v1.1.0-rc.1 -[Unreleased 1.2.z]: https://github.com/opencontainers/runc/compare/v1.2.7...release-1.2 +[Unreleased 1.2.z]: https://github.com/opencontainers/runc/compare/v1.2.9...release-1.2 +[1.2.9]: https://github.com/opencontainers/runc/compare/v1.2.8...v1.2.9 +[1.2.8]: https://github.com/opencontainers/runc/compare/v1.2.7...v1.2.8 [1.2.7]: https://github.com/opencontainers/runc/compare/v1.2.6...v1.2.7 [1.2.6]: https://github.com/opencontainers/runc/compare/v1.2.5...v1.2.6 [1.2.5]: https://github.com/opencontainers/runc/compare/v1.2.4...v1.2.5 @@ -1333,11 +1539,18 @@ implementation (libcontainer) is *not* covered by this policy. [1.2.0-rc.1]: https://github.com/opencontainers/runc/compare/v1.1.0...v1.2.0-rc.1 -[Unreleased 1.3.z]: https://github.com/opencontainers/runc/compare/v1.3.2...release-1.3 +[Unreleased 1.3.z]: https://github.com/opencontainers/runc/compare/v1.3.4...release-1.3 +[1.3.4]: https://github.com/opencontainers/runc/compare/v1.3.3...v1.3.4 +[1.3.3]: https://github.com/opencontainers/runc/compare/v1.3.2...v1.3.3 [1.3.2]: https://github.com/opencontainers/runc/compare/v1.3.1...v1.3.2 [1.3.1]: https://github.com/opencontainers/runc/compare/v1.3.0...v1.3.1 +[1.3.0]: https://github.com/opencontainers/runc/compare/v1.3.0-rc.2...v1.3.0 [1.3.0-rc.2]: https://github.com/opencontainers/runc/compare/v1.3.0-rc.1...v1.3.0-rc.2 [1.3.0-rc.1]: https://github.com/opencontainers/runc/compare/v1.2.0...v1.3.0-rc.1 +[Unreleased 1.4.z]: https://github.com/opencontainers/runc/compare/v1.4.0...release-1.4 +[1.4.0]: https://github.com/opencontainers/runc/compare/v1.4.0-rc.3...v1.4.0 +[1.4.0-rc.3]: https://github.com/opencontainers/runc/compare/v1.4.0-rc.2...v1.4.0-rc.3 +[1.4.0-rc.2]: https://github.com/opencontainers/runc/compare/v1.4.0-rc.1...v1.4.0-rc.2 [1.4.0-rc.1]: https://github.com/opencontainers/runc/compare/v1.3.0...v1.4.0-rc.1 From 0c150f4c3a277186fd0cbebf25d1564654c66d08 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Fri, 28 Nov 2025 11:06:39 +1100 Subject: [PATCH 1136/1176] RELEASES: remove 'draft' section of policy We have used this release policy for a year and it seems to work well for everyone and we haven't received much feedback, so it seems reasonable to say that we are committed to this policy now. Signed-off-by: Aleksa Sarai --- RELEASES.md | 7 ------- 1 file changed, 7 deletions(-) diff --git a/RELEASES.md b/RELEASES.md index 663df1d9be2..a27cca03a16 100644 --- a/RELEASES.md +++ b/RELEASES.md @@ -18,13 +18,6 @@ formally guarantee that API compatibility will be preserved. ### Release Cadence ### -> **NOTE**: At time of writing, this proposal is still a draft as we have not -> yet done several releases using this cadence. If you have feedback on this -> proposal (such as how well this proposal addresses your needs as a downstream -> packager of runc), please feel free to [open an issue][new-issue] so we can -> discuss it further. However, the current plan is for this proposal to be -> followed for the `1.3.0` and `1.4.0` releases in 2025. - [new-issue]: https://github.com/opencontainers/runc/issues/new/choose runc follows a 6-month minor version release schedule, with the aim of releases From bf258ce1636e22339e204b01adf52f77932612ae Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Fri, 28 Nov 2025 11:07:45 +1100 Subject: [PATCH 1137/1176] RELEASES: remove <= 1.1.x special casing Now that runc 1.4.0 has been released, there is no need to single out 1.1.x and earlier as no longer being supported, as latest-2 is now 1.2.x and thus 1.1.x would no longer be supported even with the new support model. Signed-off-by: Aleksa Sarai --- RELEASES.md | 7 ------- 1 file changed, 7 deletions(-) diff --git a/RELEASES.md b/RELEASES.md index a27cca03a16..8d4af0b9a9d 100644 --- a/RELEASES.md +++ b/RELEASES.md @@ -61,13 +61,6 @@ Here is a hypothetical release timeline to see how this works in practice: ### Support Policy ### -> **NOTE**: The following policy provides much longer support guarantees than -> we have historically provided for older runc releases. In order to avoid -> adding new support guarantees for old runc versions we have long-since -> stopped supporting, the following support policy only applies for runc -> releases from `1.2.0` onwards. In other words, runc `1.1.0` and `1.0.0` are -> not guaranteed support by this policy. - In order to ease the transition between minor runc releases, previous minor release branches of runc will be maintained for some time after the newest minor release is published. In the following text, `latest` refers to the From a412bd93e9eefa63fedfadddc6b5fe87a13e536d Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Fri, 28 Nov 2025 11:11:04 +1100 Subject: [PATCH 1138/1176] libct/utils: remove Deprecated functions These were all marked for deprecation in runc 1.5.0, so remove them now to make sure we don't forget. Signed-off-by: Aleksa Sarai --- libcontainer/utils/utils.go | 22 ------------------ libcontainer/utils/utils_unix.go | 40 -------------------------------- 2 files changed, 62 deletions(-) diff --git a/libcontainer/utils/utils.go b/libcontainer/utils/utils.go index 7943d89f67c..2685172dc10 100644 --- a/libcontainer/utils/utils.go +++ b/libcontainer/utils/utils.go @@ -7,8 +7,6 @@ import ( "strings" "golang.org/x/sys/unix" - - "github.com/opencontainers/runc/internal/pathrs" ) const ( @@ -67,23 +65,3 @@ func Annotations(labels []string) (bundle string, userAnnotations map[string]str } return bundle, userAnnotations } - -// CleanPath makes a path safe for use with filepath.Join. This is done by not -// only cleaning the path, but also (if the path is relative) adding a leading -// '/' and cleaning it (then removing the leading '/'). This ensures that a -// path resulting from prepending another path will always resolve to lexically -// be a subdirectory of the prefixed path. This is all done lexically, so paths -// that include symlinks won't be safe as a result of using CleanPath. -// -// Deprecated: This function has been moved to internal/pathrs and this wrapper -// will be removed in runc 1.5. -var CleanPath = pathrs.LexicallyCleanPath - -// StripRoot returns the passed path, stripping the root path if it was -// (lexicially) inside it. Note that both passed paths will always be treated -// as absolute, and the returned path will also always be absolute. In -// addition, the paths are cleaned before stripping the root. -// -// Deprecated: This function has been moved to internal/pathrs and this wrapper -// will be removed in runc 1.5. -var StripRoot = pathrs.LexicallyStripRoot diff --git a/libcontainer/utils/utils_unix.go b/libcontainer/utils/utils_unix.go index af5689e9a2d..91264f0d3ad 100644 --- a/libcontainer/utils/utils_unix.go +++ b/libcontainer/utils/utils_unix.go @@ -6,13 +6,11 @@ import ( "fmt" "math" "os" - "path/filepath" "runtime" "strconv" "sync" _ "unsafe" // for go:linkname - securejoin "github.com/cyphar/filepath-securejoin" "github.com/sirupsen/logrus" "golang.org/x/sys/unix" @@ -146,44 +144,6 @@ func NewSockPair(name string) (parent, child *os.File, err error) { return os.NewFile(uintptr(fds[1]), name+"-p"), os.NewFile(uintptr(fds[0]), name+"-c"), nil } -// WithProcfd runs the passed closure with a procfd path (/proc/self/fd/...) -// corresponding to the unsafePath resolved within the root. Before passing the -// fd, this path is verified to have been inside the root -- so operating on it -// through the passed fdpath should be safe. Do not access this path through -// the original path strings, and do not attempt to use the pathname outside of -// the passed closure (the file handle will be freed once the closure returns). -// -// Deprecated: This function is an internal implementation detail of runc and -// is no longer used. It will be removed in runc 1.5. -func WithProcfd(root, unsafePath string, fn func(procfd string) error) error { - // Remove the root then forcefully resolve inside the root. - unsafePath = pathrs.LexicallyStripRoot(root, unsafePath) - fullPath, err := securejoin.SecureJoin(root, unsafePath) - if err != nil { - return fmt.Errorf("resolving path inside rootfs failed: %w", err) - } - - procSelfFd, closer := ProcThreadSelf("fd/") - defer closer() - - // Open the target path. - fh, err := os.OpenFile(fullPath, unix.O_PATH|unix.O_CLOEXEC, 0) - if err != nil { - return fmt.Errorf("open o_path procfd: %w", err) - } - defer fh.Close() - - procfd := filepath.Join(procSelfFd, strconv.Itoa(int(fh.Fd()))) - // Double-check the path is the one we expected. - if realpath, err := os.Readlink(procfd); err != nil { - return fmt.Errorf("procfd verification failed: %w", err) - } else if realpath != fullPath { - return fmt.Errorf("possibly malicious path detected -- refusing to operate on %s", realpath) - } - - return fn(procfd) -} - // WithProcfdFile is a very minimal wrapper around [ProcThreadSelfFd]. The // caller is responsible for making sure that the provided file handle is // actually safe to operate on. From 7c8fccd6469c8ed8f39141c8ab022d8d0df71378 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Sun, 30 Nov 2025 12:09:22 +1100 Subject: [PATCH 1139/1176] release: use runc-$version.tar.xz as archive name Because we add the runc-$version/ prefix to the archive we generate, including the version in the name makes it easier for some tools to operate on as it matches most other projects (for openSUSE we rename the archive file to this format in order for the automated RPM scripts to work properly). Also, when doing several releases at the same time, being able to double-check that the correct artefact versions were uploaded for each release can be quite handy. Signed-off-by: Aleksa Sarai --- script/release_build.sh | 10 +++++----- script/release_sign.sh | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/script/release_build.sh b/script/release_build.sh index 39ec3ab5ddf..98b07f23f0e 100755 --- a/script/release_build.sh +++ b/script/release_build.sh @@ -161,8 +161,6 @@ done version="${version:-$(<"$root/VERSION")}" releasedir="${releasedir:-release/$version}" hashcmd="${hashcmd:-sha256sum}" -# Suffixes of files to checksum/sign. -suffixes=("${arches[@]}" tar.xz) log "creating $project release in '$releasedir'" log " version: $version" @@ -179,11 +177,13 @@ rm -rf "$releasedir" && mkdir -p "$releasedir" build_project "$releasedir/$project" "$native_arch" "${arches[@]}" # Generate new archive. -git archive --format=tar --prefix="$project-$version/" "$commit" | xz >"$releasedir/$project.tar.xz" +git archive --format=tar --prefix="$project-$version/" "$commit" | xz >"$releasedir/$project-$version.tar.xz" # Generate sha256 checksums for binaries and libseccomp tarball. ( cd "$releasedir" - # Add $project. prefix to all suffixes. - "$hashcmd" "${suffixes[@]/#/$project.}" >"$project.$hashcmd" + # Add hash of all architecture binaries ($project.$arch). + "$hashcmd" "${arches[@]/#/$project.}" >>"$project.$hashcmd" + # Add hash of tarball ($project-$version.tar.xz). + "$hashcmd" "$project-$version.tar.xz" >>"$project.$hashcmd" ) diff --git a/script/release_sign.sh b/script/release_sign.sh index 883d0169a35..80f8c0731e2 100755 --- a/script/release_sign.sh +++ b/script/release_sign.sh @@ -135,7 +135,7 @@ read -r [ -w "$releasedir" ] || sudo chown -R "$(id -u):$(id -g)" "$releasedir" # Sign everything. -for bin in "$releasedir/$project".*; do +for bin in "$releasedir/$project"*; do [[ "$(basename "$bin")" == "$project.$hashcmd" ]] && continue # skip hash gpg "${gpgflags[@]}" --detach-sign --armor "$bin" done From 88f897160cbe25e6416e8167ed4bda9a21613634 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 12 Nov 2025 13:13:48 -0800 Subject: [PATCH 1140/1176] libct: startInitialization: add defer close This function calls Init what normally never returns, so the defer only works if there is an error and we can safely use it to close those fds we opened. This was done for most but not all fds. Reported in issue 5008. Reported-by: Arina Cherednik Signed-off-by: Kir Kolyshkin --- libcontainer/init_linux.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go index 31166170eb6..99b99debae6 100644 --- a/libcontainer/init_linux.go +++ b/libcontainer/init_linux.go @@ -175,6 +175,7 @@ func startInitialization() (retErr error) { return fmt.Errorf("unable to convert _LIBCONTAINER_LOGPIPE: %w", err) } logPipe := os.NewFile(uintptr(logFd), "logpipe") + defer logPipe.Close() logrus.SetOutput(logPipe) logrus.SetFormatter(new(logrus.JSONFormatter)) @@ -190,6 +191,7 @@ func startInitialization() (retErr error) { return fmt.Errorf("unable to convert _LIBCONTAINER_FIFOFD: %w", err) } fifoFile = os.NewFile(uintptr(fifoFd), "initfifo") + defer fifoFile.Close() } var consoleSocket *os.File From c24965b742468a5307fd268ef484b173a3e52f2b Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 12 Nov 2025 13:28:57 -0800 Subject: [PATCH 1141/1176] libct: newProcessComm: close fds on error Reported in issue 5008. Reported-by: Arina Cherednik Signed-off-by: Kir Kolyshkin --- libcontainer/process_linux.go | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/libcontainer/process_linux.go b/libcontainer/process_linux.go index c1c27494fd6..51c7b0d877d 100644 --- a/libcontainer/process_linux.go +++ b/libcontainer/process_linux.go @@ -66,7 +66,7 @@ type processComm struct { logPipeChild *os.File } -func newProcessComm() (*processComm, error) { +func newProcessComm() (_ *processComm, retErr error) { var ( comm processComm err error @@ -75,10 +75,24 @@ func newProcessComm() (*processComm, error) { if err != nil { return nil, fmt.Errorf("unable to create init pipe: %w", err) } + defer func() { + if retErr != nil { + comm.initSockParent.Close() + comm.initSockChild.Close() + } + }() + comm.syncSockParent, comm.syncSockChild, err = newSyncSockpair("sync") if err != nil { return nil, fmt.Errorf("unable to create sync pipe: %w", err) } + defer func() { + if retErr != nil { + comm.syncSockParent.Close() + comm.syncSockChild.Close() + } + }() + comm.logPipeParent, comm.logPipeChild, err = os.Pipe() if err != nil { return nil, fmt.Errorf("unable to create log pipe: %w", err) From 8a9b4dcda6de12549bdc7d0824ed9eea0fcea693 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 12 Nov 2025 13:35:24 -0800 Subject: [PATCH 1142/1176] libct: mountFd: close mountFile on error Reported in issue 5008. Reported-by: Arina Cherednik Signed-off-by: Kir Kolyshkin --- libcontainer/mount_linux.go | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/libcontainer/mount_linux.go b/libcontainer/mount_linux.go index 9d4b5dcef55..06df6cbbf60 100644 --- a/libcontainer/mount_linux.go +++ b/libcontainer/mount_linux.go @@ -250,7 +250,7 @@ func syscallMode(i fs.FileMode) (o uint32) { // process will need to do an old-fashioned mount(2) themselves. // // This helper is only intended to be used by goCreateMountSources. -func mountFd(nsHandles *userns.Handles, m *configs.Mount) (*mountSource, error) { +func mountFd(nsHandles *userns.Handles, m *configs.Mount) (_ *mountSource, retErr error) { if !m.IsBind() { return nil, errors.New("new mount api: only bind-mounts are supported") } @@ -261,6 +261,11 @@ func mountFd(nsHandles *userns.Handles, m *configs.Mount) (*mountSource, error) var mountFile *os.File var sourceType mountSourceType + defer func() { + if retErr != nil && mountFile != nil { + mountFile.Close() + } + }() // Ideally, we would use OPEN_TREE_CLONE for everything, because we can // be sure that the file descriptor cannot be used to escape outside of From 93792e6c1362954ffb2be86789d05c342fbfdda7 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 12 Nov 2025 13:39:33 -0800 Subject: [PATCH 1143/1176] notify_socket: close fds on error Reported in issue 5008. Reported-by: Arina Cherednik Signed-off-by: Kir Kolyshkin --- notify_socket.go | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/notify_socket.go b/notify_socket.go index c3eddaf85db..5dd5d5007fd 100644 --- a/notify_socket.go +++ b/notify_socket.go @@ -175,12 +175,18 @@ func notifyHost(client *net.UnixConn, ready []byte, pid1 int) error { var errUnexpectedRead = errors.New("unexpected read from synchronization pipe") // sdNotifyBarrier performs synchronization with systemd by means of the sd_notify_barrier protocol. -func sdNotifyBarrier(client *net.UnixConn) error { +func sdNotifyBarrier(client *net.UnixConn) (retErr error) { // Create a pipe for communicating with systemd daemon. pipeR, pipeW, err := os.Pipe() if err != nil { return err } + defer func() { + if retErr != nil { + pipeW.Close() + pipeR.Close() + } + }() // Get the FD for the unix socket file to be able to use sendmsg. clientFd, err := client.File() From f128234354a111b57a4e58543a55a8edc6c453c2 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 2 Dec 2025 15:22:40 -0800 Subject: [PATCH 1144/1176] ci: bump bats to 1.12.0 This which is already using in CI on Fedora. Signed-off-by: Kir Kolyshkin --- .cirrus.yml | 2 +- .github/workflows/test.yml | 2 +- Dockerfile | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.cirrus.yml b/.cirrus.yml index e2f552cbd20..67ebd982f5a 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -12,7 +12,7 @@ task: HOME: /root CIRRUS_WORKING_DIR: /home/runc GO_VER_PREFIX: "1.24." - BATS_VERSION: "v1.11.1" + BATS_VERSION: "v1.12.0" RPMS: gcc git-core iptables jq glibc-static libseccomp-devel make criu fuse-sshfs container-selinux # yamllint disable rule:key-duplicates matrix: diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index b9295bf04aa..5ec5bafa2fd 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -108,7 +108,7 @@ jobs: - name: Setup Bats and bats libs uses: bats-core/bats-action@3.0.1 with: - bats-version: 1.11.1 # Known as BATS_VERSION in other places. + bats-version: 1.12.0 # Known as BATS_VERSION in other places. support-install: false assert-install: false detik-install: false diff --git a/Dockerfile b/Dockerfile index ae10e34661f..03de7e49faa 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ ARG GO_VERSION=1.24 -ARG BATS_VERSION=v1.11.1 +ARG BATS_VERSION=v1.12.0 ARG LIBSECCOMP_VERSION=2.5.6 FROM golang:${GO_VERSION}-bookworm From f4710e50238952025a9de34f11a91731ec278469 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 2 Dec 2025 15:25:42 -0800 Subject: [PATCH 1145/1176] Bump seccomp to v2.6.0 This version was released almost a year ago. Signed-off-by: Kir Kolyshkin --- Dockerfile | 2 +- script/release_build.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 03de7e49faa..10da959ff8a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ ARG GO_VERSION=1.24 ARG BATS_VERSION=v1.12.0 -ARG LIBSECCOMP_VERSION=2.5.6 +ARG LIBSECCOMP_VERSION=2.6.0 FROM golang:${GO_VERSION}-bookworm ARG DEBIAN_FRONTEND=noninteractive diff --git a/script/release_build.sh b/script/release_build.sh index 98b07f23f0e..0e0a221839e 100755 --- a/script/release_build.sh +++ b/script/release_build.sh @@ -19,7 +19,7 @@ set -e ## ---> # Project-specific options and functions. In *theory* you shouldn't need to # touch anything else in this script in order to use this elsewhere. -: "${LIBSECCOMP_VERSION:=2.5.6}" +: "${LIBSECCOMP_VERSION:=2.6.0}" project="runc" root="$(readlink -f "$(dirname "${BASH_SOURCE[0]}")/..")" From 79b97d4642755b8b2668dde91d45a43adac62dfc Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 2 Dec 2025 15:26:48 -0800 Subject: [PATCH 1146/1176] Use Go 1.25 for official builds (as well as for testing on Cirrus CI) Signed-off-by: Kir Kolyshkin --- .cirrus.yml | 2 +- Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.cirrus.yml b/.cirrus.yml index 67ebd982f5a..5309343fd65 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -11,7 +11,7 @@ task: env: HOME: /root CIRRUS_WORKING_DIR: /home/runc - GO_VER_PREFIX: "1.24." + GO_VER_PREFIX: "1.25." BATS_VERSION: "v1.12.0" RPMS: gcc git-core iptables jq glibc-static libseccomp-devel make criu fuse-sshfs container-selinux # yamllint disable rule:key-duplicates diff --git a/Dockerfile b/Dockerfile index 10da959ff8a..e4f3df3545b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -ARG GO_VERSION=1.24 +ARG GO_VERSION=1.25 ARG BATS_VERSION=v1.12.0 ARG LIBSECCOMP_VERSION=2.6.0 From 68771cfe511bae841c5a4654ba16b35df1b88179 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 2 Dec 2025 15:31:52 -0800 Subject: [PATCH 1147/1176] ci: bump shellcheck to v0.11.0 Signed-off-by: Kir Kolyshkin --- .github/workflows/validate.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 1bf393c0b7b..0522874bad3 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -114,9 +114,9 @@ jobs: - uses: actions/checkout@v6 - name: install shellcheck env: - VERSION: v0.10.0 + VERSION: v0.11.0 BASEURL: https://github.com/koalaman/shellcheck/releases/download - SHA256: f35ae15a4677945428bdfe61ccc297490d89dd1e544cc06317102637638c6deb + SHA256: 4da528ddb3a4d1b7b24a59d4e16eb2f5fd960f4bd9a3708a15baddbdf1d5a55b run: | mkdir ~/bin curl -sSfL --retry 5 $BASEURL/$VERSION/shellcheck-$VERSION.linux.x86_64.tar.xz | From 94167dae295a293a8e41ca6e0cdfd860ed8f2300 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 2 Dec 2025 17:41:59 -0800 Subject: [PATCH 1148/1176] .cirrus.yml: use dnf not yum Since we dropped EL7, we can use dnf everywhere. Signed-off-by: Kir Kolyshkin --- .cirrus.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.cirrus.yml b/.cirrus.yml index 5309343fd65..80f9a3e6182 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -46,9 +46,9 @@ task: # Work around dnf mirror failures by retrying a few times. for i in $(seq 0 2); do sleep $i - yum install -y --setopt=install_weak_deps=False --setopt=tsflags=nodocs $RPMS && break + dnf install -y --setopt=install_weak_deps=False --setopt=tsflags=nodocs $RPMS && break done - [ $? -eq 0 ] # fail if yum failed + [ $? -eq 0 ] # fail if dnf failed case $DISTRO in *-8) From 4f93f06fb71cc97a8d9131ee2b71a78d9a626781 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 2 Dec 2025 17:42:37 -0800 Subject: [PATCH 1149/1176] ci: add centos-cloud-10 run Alas there's no almalinux-10 so we use centos-stream-10. Signed-off-by: Kir Kolyshkin --- .cirrus.yml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/.cirrus.yml b/.cirrus.yml index 80f9a3e6182..e182c61063f 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -16,13 +16,17 @@ task: RPMS: gcc git-core iptables jq glibc-static libseccomp-devel make criu fuse-sshfs container-selinux # yamllint disable rule:key-duplicates matrix: - DISTRO: almalinux-8 - DISTRO: almalinux-9 + - DISTRO: almalinux-8 + IMAGE_PROJECT: almalinux-cloud + - DISTRO: almalinux-9 + IMAGE_PROJECT: almalinux-cloud + - DISTRO: centos-stream-10 + IMAGE_PROJECT: centos-cloud name: ci / $DISTRO compute_engine_instance: - image_project: almalinux-cloud + image_project: $IMAGE_PROJECT image: family/$DISTRO platform: linux cpu: 4 @@ -33,7 +37,7 @@ task: *-8) dnf config-manager --set-enabled powertools # for glibc-static ;; - *-9) + *-9|*-10) dnf config-manager --set-enabled crb # for glibc-static dnf -y install epel-release # for fuse-sshfs # Delegate all cgroup v2 controllers to rootless user via --systemd-cgroup. From 5407cfe4a1e021183b005a1a55f8aebc0a1fc8fa Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 12 Nov 2025 15:11:53 -0800 Subject: [PATCH 1150/1176] ci: don't fail CI if criu-dev test fails In view of recent criu-dev failure, let's not fail the required "all-done" job when criu-dev tests fail. Signed-off-by: Kir Kolyshkin --- .github/workflows/test.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 5ec5bafa2fd..bc75ac66a07 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -131,9 +131,11 @@ jobs: sudo chmod a+X $HOME # for Ubuntu 22.04 and later - name: integration test (fs driver) + continue-on-error: ${{ matrix.criu != '' }} # Don't let criu-dev errors fail CI. run: sudo -E PATH="$PATH" script -e -c 'make local${{ matrix.rootless }}integration' - name: integration test (systemd driver) + continue-on-error: ${{ matrix.criu != '' }} # Don't let criu-dev errors fail CI. run: | # Delegate all cgroup v2 controllers to rootless user via --systemd-cgroup. # The default (since systemd v252) is "pids memory cpu". From ba9e60f7a8a05198bf7cc12a1eeb53a1eec8e7d2 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 5 Dec 2025 14:14:04 -0800 Subject: [PATCH 1151/1176] Remove crypto/tls dependency It appears that when we import github.com/coreos/go-systemd/activation, it brings in the whole crypto/tls package (which is not used by runc directly or indirectly), making the runc binary size larger and potentially creating issues with FIPS compliance. Let's copy the code of function we use from go-systemd/activation to avoid that. The space savings are: $ size runc.before runc.after text data bss dec hex filename 7101084 5049593 271560 12422237 bd8c5d runc.before 6508796 4623281 229128 11361205 ad5bb5 runc.after Reported-by: Dimitri John Ledkov Signed-off-by: Kir Kolyshkin --- .../systemd}/activation/files_unix.go | 6 +- utils_linux.go | 2 +- .../v22/activation/files_windows.go | 21 ---- .../go-systemd/v22/activation/listeners.go | 103 ------------------ .../go-systemd/v22/activation/packetconns.go | 38 ------- vendor/modules.txt | 1 - 6 files changed, 6 insertions(+), 165 deletions(-) rename {vendor/github.com/coreos/go-systemd/v22 => internal/third_party/systemd}/activation/files_unix.go (88%) delete mode 100644 vendor/github.com/coreos/go-systemd/v22/activation/files_windows.go delete mode 100644 vendor/github.com/coreos/go-systemd/v22/activation/listeners.go delete mode 100644 vendor/github.com/coreos/go-systemd/v22/activation/packetconns.go diff --git a/vendor/github.com/coreos/go-systemd/v22/activation/files_unix.go b/internal/third_party/systemd/activation/files_unix.go similarity index 88% rename from vendor/github.com/coreos/go-systemd/v22/activation/files_unix.go rename to internal/third_party/systemd/activation/files_unix.go index 7031f281a07..44d5e539ea6 100644 --- a/vendor/github.com/coreos/go-systemd/v22/activation/files_unix.go +++ b/internal/third_party/systemd/activation/files_unix.go @@ -15,6 +15,10 @@ //go:build !windows // Package activation implements primitives for systemd socket activation. +// +// It is a partial copy of https://github.com/coreos/go-systemd/v22/activation +// (https://github.com/coreos/go-systemd/blob/ce60782c0aabb616faa8e60f91e639d91f631e99/activation/files_unix.go), +// to avoid bringing in crypto/tls dependency. package activation import ( @@ -51,7 +55,7 @@ func Files(unsetEnv bool) []*os.File { } nfds, err := strconv.Atoi(os.Getenv("LISTEN_FDS")) - if err != nil || nfds == 0 { + if err != nil || nfds <= 0 { return nil } diff --git a/utils_linux.go b/utils_linux.go index 6195a589851..04785af702f 100644 --- a/utils_linux.go +++ b/utils_linux.go @@ -9,7 +9,6 @@ import ( "path/filepath" "strconv" - "github.com/coreos/go-systemd/v22/activation" "github.com/opencontainers/runtime-spec/specs-go" selinux "github.com/opencontainers/selinux/go-selinux" "github.com/sirupsen/logrus" @@ -17,6 +16,7 @@ import ( "golang.org/x/sys/unix" "github.com/opencontainers/runc/internal/pathrs" + "github.com/opencontainers/runc/internal/third_party/systemd/activation" "github.com/opencontainers/runc/libcontainer" "github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/specconv" diff --git a/vendor/github.com/coreos/go-systemd/v22/activation/files_windows.go b/vendor/github.com/coreos/go-systemd/v22/activation/files_windows.go deleted file mode 100644 index d391bf00c5e..00000000000 --- a/vendor/github.com/coreos/go-systemd/v22/activation/files_windows.go +++ /dev/null @@ -1,21 +0,0 @@ -// Copyright 2015 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package activation - -import "os" - -func Files(unsetEnv bool) []*os.File { - return nil -} diff --git a/vendor/github.com/coreos/go-systemd/v22/activation/listeners.go b/vendor/github.com/coreos/go-systemd/v22/activation/listeners.go deleted file mode 100644 index 3dbe2b08776..00000000000 --- a/vendor/github.com/coreos/go-systemd/v22/activation/listeners.go +++ /dev/null @@ -1,103 +0,0 @@ -// Copyright 2015 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package activation - -import ( - "crypto/tls" - "net" -) - -// Listeners returns a slice containing a net.Listener for each matching socket type -// passed to this process. -// -// The order of the file descriptors is preserved in the returned slice. -// Nil values are used to fill any gaps. For example if systemd were to return file descriptors -// corresponding with "udp, tcp, tcp", then the slice would contain {nil, net.Listener, net.Listener} -func Listeners() ([]net.Listener, error) { - files := Files(true) - listeners := make([]net.Listener, len(files)) - - for i, f := range files { - if pc, err := net.FileListener(f); err == nil { - listeners[i] = pc - f.Close() - } - } - return listeners, nil -} - -// ListenersWithNames maps a listener name to a set of net.Listener instances. -func ListenersWithNames() (map[string][]net.Listener, error) { - files := Files(true) - listeners := map[string][]net.Listener{} - - for _, f := range files { - if pc, err := net.FileListener(f); err == nil { - current, ok := listeners[f.Name()] - if !ok { - listeners[f.Name()] = []net.Listener{pc} - } else { - listeners[f.Name()] = append(current, pc) - } - f.Close() - } - } - return listeners, nil -} - -// TLSListeners returns a slice containing a net.listener for each matching TCP socket type -// passed to this process. -// It uses default Listeners func and forces TCP sockets handlers to use TLS based on tlsConfig. -func TLSListeners(tlsConfig *tls.Config) ([]net.Listener, error) { - listeners, err := Listeners() - - if listeners == nil || err != nil { - return nil, err - } - - if tlsConfig != nil { - for i, l := range listeners { - // Activate TLS only for TCP sockets - if l.Addr().Network() == "tcp" { - listeners[i] = tls.NewListener(l, tlsConfig) - } - } - } - - return listeners, err -} - -// TLSListenersWithNames maps a listener name to a net.Listener with -// the associated TLS configuration. -func TLSListenersWithNames(tlsConfig *tls.Config) (map[string][]net.Listener, error) { - listeners, err := ListenersWithNames() - - if listeners == nil || err != nil { - return nil, err - } - - if tlsConfig != nil { - for _, ll := range listeners { - // Activate TLS only for TCP sockets - for i, l := range ll { - if l.Addr().Network() == "tcp" { - ll[i] = tls.NewListener(l, tlsConfig) - } - } - } - } - - return listeners, err -} diff --git a/vendor/github.com/coreos/go-systemd/v22/activation/packetconns.go b/vendor/github.com/coreos/go-systemd/v22/activation/packetconns.go deleted file mode 100644 index a97206785a4..00000000000 --- a/vendor/github.com/coreos/go-systemd/v22/activation/packetconns.go +++ /dev/null @@ -1,38 +0,0 @@ -// Copyright 2015 CoreOS, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package activation - -import ( - "net" -) - -// PacketConns returns a slice containing a net.PacketConn for each matching socket type -// passed to this process. -// -// The order of the file descriptors is preserved in the returned slice. -// Nil values are used to fill any gaps. For example if systemd were to return file descriptors -// corresponding with "udp, tcp, udp", then the slice would contain {net.PacketConn, nil, net.PacketConn} -func PacketConns() ([]net.PacketConn, error) { - files := Files(true) - conns := make([]net.PacketConn, len(files)) - - for i, f := range files { - if pc, err := net.FilePacketConn(f); err == nil { - conns[i] = pc - f.Close() - } - } - return conns, nil -} diff --git a/vendor/modules.txt b/vendor/modules.txt index 66eae80f57c..1824f87bf52 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -28,7 +28,6 @@ github.com/cilium/ebpf/link github.com/containerd/console # github.com/coreos/go-systemd/v22 v22.6.0 ## explicit; go 1.23 -github.com/coreos/go-systemd/v22/activation github.com/coreos/go-systemd/v22/dbus # github.com/cpuguy83/go-md2man/v2 v2.0.7 ## explicit; go 1.12 From 6ede5917612365b37a2395f02dcb522868840f05 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 5 Dec 2025 14:22:14 -0800 Subject: [PATCH 1152/1176] internal/systemd: simplify Remove unused code and argument from the ActivationFiles, and simplify its usage. Signed-off-by: Kir Kolyshkin --- .../third_party/systemd/activation/files_unix.go | 15 ++------------- utils_linux.go | 8 +------- 2 files changed, 3 insertions(+), 20 deletions(-) diff --git a/internal/third_party/systemd/activation/files_unix.go b/internal/third_party/systemd/activation/files_unix.go index 44d5e539ea6..a1d9ebddf29 100644 --- a/internal/third_party/systemd/activation/files_unix.go +++ b/internal/third_party/systemd/activation/files_unix.go @@ -33,22 +33,11 @@ const ( listenFdsStart = 3 ) -// Files returns a slice containing a `os.File` object for each +// Files returns a slice containing a os.File object for each // file descriptor passed to this process via systemd fd-passing protocol. // // The order of the file descriptors is preserved in the returned slice. -// `unsetEnv` is typically set to `true` in order to avoid clashes in -// fd usage and to avoid leaking environment flags to child processes. -func Files(unsetEnv bool) []*os.File { - if unsetEnv { - defer func() { - // Unsetenv implementation for unix never returns an error. - _ = os.Unsetenv("LISTEN_PID") - _ = os.Unsetenv("LISTEN_FDS") - _ = os.Unsetenv("LISTEN_FDNAMES") - }() - } - +func Files() []*os.File { pid, err := strconv.Atoi(os.Getenv("LISTEN_PID")) if err != nil || pid != os.Getpid() { return nil diff --git a/utils_linux.go b/utils_linux.go index 04785af702f..d7f51e20216 100644 --- a/utils_linux.go +++ b/utils_linux.go @@ -399,17 +399,11 @@ func startContainer(context *cli.Context, action CtAct, criuOpts *libcontainer.C } } - // Support on-demand socket activation by passing file descriptors into the container init process. - listenFDs := []*os.File{} - if os.Getenv("LISTEN_FDS") != "" { - listenFDs = activation.Files(false) - } - r := &runner{ enableSubreaper: !context.Bool("no-subreaper"), shouldDestroy: !context.Bool("keep"), container: container, - listenFDs: listenFDs, + listenFDs: activation.Files(), // On-demand socket activation. notifySocket: notifySocket, consoleSocket: context.String("console-socket"), pidfdSocket: context.String("pidfd-socket"), From 3741f9186d2108966c3028e88b8f20a0f5a160cb Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 4 Dec 2025 17:21:11 -0800 Subject: [PATCH 1153/1176] libct/configs: mark MPOL_* constants as deprecated Alas, these new constants are already in v1.4.0 release so we can't remove those right away, but we can mark them as deprecated now and target removal for v1.5.0. So, - mark them as deprecated; - redefine via unix.MPOL_* counterparts; - fix the validator code to use unix.MPOL_* directly. This amends commit a0e809a8. Signed-off-by: Kir Kolyshkin --- libcontainer/configs/memorypolicy.go | 24 ++++++++++++---------- libcontainer/configs/validate/validator.go | 8 ++++---- 2 files changed, 17 insertions(+), 15 deletions(-) diff --git a/libcontainer/configs/memorypolicy.go b/libcontainer/configs/memorypolicy.go index 36de853bbab..b7b9c6bce1a 100644 --- a/libcontainer/configs/memorypolicy.go +++ b/libcontainer/configs/memorypolicy.go @@ -3,20 +3,22 @@ package configs import "golang.org/x/sys/unix" // Memory policy modes and flags as defined in /usr/include/linux/mempolicy.h - +// +// Deprecated: use constants from [unix] instead. +// //nolint:revive,staticcheck,nolintlint // ignore ALL_CAPS errors in consts from numaif.h, will match unix.* in the future const ( - MPOL_DEFAULT = 0 - MPOL_PREFERRED = 1 - MPOL_BIND = 2 - MPOL_INTERLEAVE = 3 - MPOL_LOCAL = 4 - MPOL_PREFERRED_MANY = 5 - MPOL_WEIGHTED_INTERLEAVE = 6 + MPOL_DEFAULT = unix.MPOL_DEFAULT + MPOL_PREFERRED = unix.MPOL_PREFERRED + MPOL_BIND = unix.MPOL_BIND + MPOL_INTERLEAVE = unix.MPOL_INTERLEAVE + MPOL_LOCAL = unix.MPOL_LOCAL + MPOL_PREFERRED_MANY = unix.MPOL_PREFERRED_MANY + MPOL_WEIGHTED_INTERLEAVE = unix.MPOL_WEIGHTED_INTERLEAVE - MPOL_F_STATIC_NODES = 1 << 15 - MPOL_F_RELATIVE_NODES = 1 << 14 - MPOL_F_NUMA_BALANCING = 1 << 13 + MPOL_F_STATIC_NODES = unix.MPOL_F_STATIC_NODES + MPOL_F_RELATIVE_NODES = unix.MPOL_F_RELATIVE_NODES + MPOL_F_NUMA_BALANCING = unix.MPOL_F_NUMA_BALANCING ) // LinuxMemoryPolicy contains memory policy configuration. diff --git a/libcontainer/configs/validate/validator.go b/libcontainer/configs/validate/validator.go index 9851e4057d3..085e1cacd8c 100644 --- a/libcontainer/configs/validate/validator.go +++ b/libcontainer/configs/validate/validator.go @@ -490,16 +490,16 @@ func memoryPolicy(config *configs.Config) error { return nil } switch mpol.Mode { - case configs.MPOL_DEFAULT, configs.MPOL_LOCAL: + case unix.MPOL_DEFAULT, unix.MPOL_LOCAL: if mpol.Nodes != nil && mpol.Nodes.Count() != 0 { return fmt.Errorf("memory policy mode requires 0 nodes but got %d", mpol.Nodes.Count()) } - case configs.MPOL_BIND, configs.MPOL_INTERLEAVE, - configs.MPOL_PREFERRED_MANY, configs.MPOL_WEIGHTED_INTERLEAVE: + case unix.MPOL_BIND, unix.MPOL_INTERLEAVE, + unix.MPOL_PREFERRED_MANY, unix.MPOL_WEIGHTED_INTERLEAVE: if mpol.Nodes == nil || mpol.Nodes.Count() == 0 { return fmt.Errorf("memory policy mode requires at least one node but got 0") } - case configs.MPOL_PREFERRED: + case unix.MPOL_PREFERRED: // Zero or more nodes are allowed by the kernel. default: return fmt.Errorf("invalid memory policy mode: %d", mpol.Mode) From 536e183451b7988316fdc37eecd7afd8570dc19b Mon Sep 17 00:00:00 2001 From: Curd Becker Date: Mon, 17 Nov 2025 00:28:05 +0100 Subject: [PATCH 1154/1176] Replace os.Is* error checking functions with their errors.Is counterpart Signed-off-by: Curd Becker --- libcontainer/configs/validate/validator.go | 6 +++--- libcontainer/configs/validate/validator_test.go | 9 +++++---- libcontainer/container_linux.go | 2 +- libcontainer/criu_linux.go | 10 +++++----- libcontainer/devices/device_unix.go | 2 +- libcontainer/factory_linux.go | 4 ++-- libcontainer/init_linux.go | 4 ++-- libcontainer/integration/exec_test.go | 7 ++++--- libcontainer/intelrdt/intelrdt.go | 8 ++++---- libcontainer/notify_linux.go | 2 +- libcontainer/process_linux.go | 2 +- libcontainer/rootfs_linux.go | 8 ++++---- libcontainer/specconv/spec_linux_test.go | 5 +++-- libcontainer/state_linux.go | 3 ++- spec.go | 4 ++-- 15 files changed, 40 insertions(+), 36 deletions(-) diff --git a/libcontainer/configs/validate/validator.go b/libcontainer/configs/validate/validator.go index 9851e4057d3..d70a211ceea 100644 --- a/libcontainer/configs/validate/validator.go +++ b/libcontainer/configs/validate/validator.go @@ -142,7 +142,7 @@ func security(config *configs.Config) error { func namespaces(config *configs.Config) error { if config.Namespaces.Contains(configs.NEWUSER) { - if _, err := os.Stat("/proc/self/ns/user"); os.IsNotExist(err) { + if _, err := os.Stat("/proc/self/ns/user"); errors.Is(err, os.ErrNotExist) { return errors.New("user namespaces aren't enabled in the kernel") } hasPath := config.Namespaces.PathOf(configs.NEWUSER) != "" @@ -160,13 +160,13 @@ func namespaces(config *configs.Config) error { } if config.Namespaces.Contains(configs.NEWCGROUP) { - if _, err := os.Stat("/proc/self/ns/cgroup"); os.IsNotExist(err) { + if _, err := os.Stat("/proc/self/ns/cgroup"); errors.Is(err, os.ErrNotExist) { return errors.New("cgroup namespaces aren't enabled in the kernel") } } if config.Namespaces.Contains(configs.NEWTIME) { - if _, err := os.Stat("/proc/self/timens_offsets"); os.IsNotExist(err) { + if _, err := os.Stat("/proc/self/timens_offsets"); errors.Is(err, os.ErrNotExist) { return errors.New("time namespaces aren't enabled in the kernel") } hasPath := config.Namespaces.PathOf(configs.NEWTIME) != "" diff --git a/libcontainer/configs/validate/validator_test.go b/libcontainer/configs/validate/validator_test.go index 160679efef1..dee9e5e0614 100644 --- a/libcontainer/configs/validate/validator_test.go +++ b/libcontainer/configs/validate/validator_test.go @@ -1,6 +1,7 @@ package validate import ( + "errors" "os" "path/filepath" "strings" @@ -172,7 +173,7 @@ func TestValidateSecurityWithoutNEWNS(t *testing.T) { } func TestValidateUserNamespace(t *testing.T) { - if _, err := os.Stat("/proc/self/ns/user"); os.IsNotExist(err) { + if _, err := os.Stat("/proc/self/ns/user"); errors.Is(err, os.ErrNotExist) { t.Skip("Test requires userns.") } config := &configs.Config{ @@ -206,7 +207,7 @@ func TestValidateUsernsMappingWithoutNamespace(t *testing.T) { } func TestValidateTimeNamespace(t *testing.T) { - if _, err := os.Stat("/proc/self/ns/time"); os.IsNotExist(err) { + if _, err := os.Stat("/proc/self/ns/time"); errors.Is(err, os.ErrNotExist) { t.Skip("Test requires timens.") } config := &configs.Config{ @@ -225,7 +226,7 @@ func TestValidateTimeNamespace(t *testing.T) { } func TestValidateTimeNamespaceWithBothPathAndTimeOffset(t *testing.T) { - if _, err := os.Stat("/proc/self/ns/time"); os.IsNotExist(err) { + if _, err := os.Stat("/proc/self/ns/time"); errors.Is(err, os.ErrNotExist) { t.Skip("Test requires timens.") } config := &configs.Config{ @@ -1020,7 +1021,7 @@ func TestValidateNetDevices(t *testing.T) { } func TestValidateUserSysctlWithUserNamespace(t *testing.T) { - if _, err := os.Stat("/proc/self/ns/user"); os.IsNotExist(err) { + if _, err := os.Stat("/proc/self/ns/user"); errors.Is(err, os.ErrNotExist) { t.Skip("Test requires userns.") } config := &configs.Config{ diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go index ad904641723..af9172a89a4 100644 --- a/libcontainer/container_linux.go +++ b/libcontainer/container_linux.go @@ -295,7 +295,7 @@ func handleFifoResult(result openResult) error { return err } err := os.Remove(f.Name()) - if err == nil || os.IsNotExist(err) { + if err == nil || errors.Is(err, os.ErrNotExist) { return nil } return err diff --git a/libcontainer/criu_linux.go b/libcontainer/criu_linux.go index 8aa7a1f2754..488095cdeea 100644 --- a/libcontainer/criu_linux.go +++ b/libcontainer/criu_linux.go @@ -125,7 +125,7 @@ func (c *Container) addMaskPaths(req *criurpc.CriuReq) error { for _, path := range c.config.MaskPaths { fi, err := os.Stat(fmt.Sprintf("/proc/%d/root/%s", c.initProcess.pid(), path)) if err != nil { - if os.IsNotExist(err) { + if errors.Is(err, os.ErrNotExist) { continue } return err @@ -318,7 +318,7 @@ func (c *Container) Checkpoint(criuOpts *CriuOpts) error { // Since a container can be C/R'ed multiple times, // the checkpoint directory may already exist. - if err := os.Mkdir(criuOpts.ImagesDirectory, 0o700); err != nil && !os.IsExist(err) { + if err := os.Mkdir(criuOpts.ImagesDirectory, 0o700); err != nil && !errors.Is(err, os.ErrExist) { return err } @@ -353,7 +353,7 @@ func (c *Container) Checkpoint(criuOpts *CriuOpts) error { // if criuOpts.WorkDirectory is not set, criu default is used. if criuOpts.WorkDirectory != "" { - if err := os.Mkdir(criuOpts.WorkDirectory, 0o700); err != nil && !os.IsExist(err) { + if err := os.Mkdir(criuOpts.WorkDirectory, 0o700); err != nil && !errors.Is(err, os.ErrExist) { return err } workDir, err := os.Open(criuOpts.WorkDirectory) @@ -718,7 +718,7 @@ func (c *Container) Restore(process *Process, criuOpts *CriuOpts) error { if criuOpts.WorkDirectory != "" { // Since a container can be C/R'ed multiple times, // the work directory may already exist. - if err := os.Mkdir(criuOpts.WorkDirectory, 0o700); err != nil && !os.IsExist(err) { + if err := os.Mkdir(criuOpts.WorkDirectory, 0o700); err != nil && !errors.Is(err, os.ErrExist) { return err } workDir, err := os.Open(criuOpts.WorkDirectory) @@ -1169,7 +1169,7 @@ func (c *Container) criuNotifications(resp *criurpc.CriuResp, process *Process, return err } if err := os.Remove(filepath.Join(c.stateDir, "checkpoint")); err != nil { - if !os.IsNotExist(err) { + if !errors.Is(err, os.ErrNotExist) { logrus.Error(err) } } diff --git a/libcontainer/devices/device_unix.go b/libcontainer/devices/device_unix.go index c533eb1c67a..409e58e963d 100644 --- a/libcontainer/devices/device_unix.go +++ b/libcontainer/devices/device_unix.go @@ -98,7 +98,7 @@ func GetDevices(path string) ([]*Device, error) { if errors.Is(err, ErrNotADevice) { continue } - if os.IsNotExist(err) { + if errors.Is(err, os.ErrNotExist) { continue } return nil, err diff --git a/libcontainer/factory_linux.go b/libcontainer/factory_linux.go index 70d935c0d38..f1c223e9816 100644 --- a/libcontainer/factory_linux.go +++ b/libcontainer/factory_linux.go @@ -51,7 +51,7 @@ func Create(root, id string, config *configs.Config) (*Container, error) { } if _, err := os.Stat(stateDir); err == nil { return nil, ErrExist - } else if !os.IsNotExist(err) { + } else if !errors.Is(err, os.ErrNotExist) { return nil, err } @@ -154,7 +154,7 @@ func loadState(root string) (*State, error) { } f, err := os.Open(stateFilePath) if err != nil { - if os.IsNotExist(err) { + if errors.Is(err, os.ErrNotExist) { return nil, ErrNotExist } return nil, err diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go index 99b99debae6..632d7c3491b 100644 --- a/libcontainer/init_linux.go +++ b/libcontainer/init_linux.go @@ -314,7 +314,7 @@ func finalizeNamespace(config *initConfig) error { switch { case err == nil: doChdir = false - case os.IsPermission(err): + case errors.Is(err, os.ErrPermission): // If we hit an EPERM, we should attempt again after setting up user. // This will allow us to successfully chdir if the container user has access // to the directory, but the user running runc does not. @@ -480,7 +480,7 @@ func setupUser(config *initConfig) error { setgroups, err = io.ReadAll(setgroupsFile) _ = setgroupsFile.Close() } - if err != nil && !os.IsNotExist(err) { + if err != nil && !errors.Is(err, os.ErrNotExist) { return err } diff --git a/libcontainer/integration/exec_test.go b/libcontainer/integration/exec_test.go index 2333dc5470b..5cbcd2da41b 100644 --- a/libcontainer/integration/exec_test.go +++ b/libcontainer/integration/exec_test.go @@ -3,6 +3,7 @@ package integration import ( "bytes" "encoding/json" + "errors" "fmt" "os" "os/exec" @@ -1093,7 +1094,7 @@ func TestHook(t *testing.T) { for _, hook := range []string{"prestart", "createRuntime", "poststart"} { fi, err := os.Stat(filepath.Join(config.Rootfs, hook)) - if err == nil || !os.IsNotExist(err) { + if err == nil || !errors.Is(err, os.ErrNotExist) { t.Fatalf("expected file '%s to not exists, but it does", fi.Name()) } } @@ -1637,7 +1638,7 @@ func TestTmpfsCopyUp(t *testing.T) { } func TestCGROUPPrivate(t *testing.T) { - if _, err := os.Stat("/proc/self/ns/cgroup"); os.IsNotExist(err) { + if _, err := os.Stat("/proc/self/ns/cgroup"); errors.Is(err, os.ErrNotExist) { t.Skip("Test requires cgroupns.") } if testing.Short() { @@ -1657,7 +1658,7 @@ func TestCGROUPPrivate(t *testing.T) { } func TestCGROUPHost(t *testing.T) { - if _, err := os.Stat("/proc/self/ns/cgroup"); os.IsNotExist(err) { + if _, err := os.Stat("/proc/self/ns/cgroup"); errors.Is(err, os.ErrNotExist) { t.Skip("Test requires cgroupns.") } if testing.Short() { diff --git a/libcontainer/intelrdt/intelrdt.go b/libcontainer/intelrdt/intelrdt.go index d8f98e1c24d..3dcd71b7e07 100644 --- a/libcontainer/intelrdt/intelrdt.go +++ b/libcontainer/intelrdt/intelrdt.go @@ -460,7 +460,7 @@ func (m *Manager) Apply(pid int) (err error) { } } - if err := os.Mkdir(path, 0o755); err != nil && !os.IsExist(err) { + if err := os.Mkdir(path, 0o755); err != nil && !errors.Is(err, os.ErrExist) { return newLastCmdError(err) } @@ -470,7 +470,7 @@ func (m *Manager) Apply(pid int) (err error) { // Create MON group if monPath := m.GetMonPath(); monPath != "" { - if err := os.Mkdir(monPath, 0o755); err != nil && !os.IsExist(err) { + if err := os.Mkdir(monPath, 0o755); err != nil && !errors.Is(err, os.ErrExist) { return newLastCmdError(err) } if err := WriteIntelRdtTasks(monPath, pid); err != nil { @@ -493,14 +493,14 @@ func (m *Manager) Destroy() error { if m.config.IntelRdt.ClosID == "" { m.mu.Lock() defer m.mu.Unlock() - if err := os.Remove(m.GetPath()); err != nil && !os.IsNotExist(err) { + if err := os.Remove(m.GetPath()); err != nil && !errors.Is(err, os.ErrNotExist) { return err } m.path = "" } else if monPath := m.GetMonPath(); monPath != "" { // If ClosID is not specified the possible monintoring group was // removed with the CLOS above. - if err := os.Remove(monPath); err != nil && !os.IsNotExist(err) { + if err := os.Remove(monPath); err != nil && !errors.Is(err, os.ErrNotExist) { return err } } diff --git a/libcontainer/notify_linux.go b/libcontainer/notify_linux.go index f118be1cf6d..af2f43ebab0 100644 --- a/libcontainer/notify_linux.go +++ b/libcontainer/notify_linux.go @@ -51,7 +51,7 @@ func registerMemoryEvent(cgDir, evName, arg string) (<-chan struct{}, error) { } // When a cgroup is destroyed, an event is sent to eventfd. // So if the control path is gone, return instead of notifying. - if _, err := os.Lstat(eventControlPath); os.IsNotExist(err) { + if _, err := os.Lstat(eventControlPath); errors.Is(err, os.ErrNotExist) { return } ch <- struct{}{} diff --git a/libcontainer/process_linux.go b/libcontainer/process_linux.go index 51c7b0d877d..b3487fd0b1b 100644 --- a/libcontainer/process_linux.go +++ b/libcontainer/process_linux.go @@ -1103,7 +1103,7 @@ func getPipeFds(pid int) ([]string, error) { // Ignore permission errors, for rootless containers and other // non-dumpable processes. if we can't get the fd for a particular // file, there's not much we can do. - if os.IsPermission(err) { + if errors.Is(err, os.ErrPermission) { continue } return fds, err diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index 7f4fcde89b9..1ba386ed015 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -364,7 +364,7 @@ func mountCgroupV1(m mountEntry, c *mountConfig) error { // symlink(2) is very dumb, it will just shove the path into // the link and doesn't do any checks or relative path // conversion. Also, don't error out if the cgroup already exists. - if err := os.Symlink(mc, filepath.Join(c.root, m.Destination, ss)); err != nil && !os.IsExist(err) { + if err := os.Symlink(mc, filepath.Join(c.root, m.Destination, ss)); err != nil && !errors.Is(err, os.ErrExist) { return err } } @@ -602,7 +602,7 @@ func mountToRootfs(c *mountConfig, m mountEntry) error { return err } if fi, err := os.Lstat(dest); err != nil { - if !os.IsNotExist(err) { + if !errors.Is(err, os.ErrNotExist) { return err } } else if !fi.IsDir() { @@ -899,7 +899,7 @@ func setupDevSymlinks(rootfs string) error { src = link[0] dst = filepath.Join(rootfs, link[1]) ) - if err := os.Symlink(src, dst); err != nil && !os.IsExist(err) { + if err := os.Symlink(src, dst); err != nil && !errors.Is(err, os.ErrExist) { return err } } @@ -1109,7 +1109,7 @@ func setReadonly() error { func setupPtmx(config *configs.Config) error { ptmx := filepath.Join(config.Rootfs, "dev/ptmx") - if err := os.Remove(ptmx); err != nil && !os.IsNotExist(err) { + if err := os.Remove(ptmx); err != nil && !errors.Is(err, os.ErrNotExist) { return err } if err := os.Symlink("pts/ptmx", ptmx); err != nil { diff --git a/libcontainer/specconv/spec_linux_test.go b/libcontainer/specconv/spec_linux_test.go index 4c3c4769348..b96893c7f75 100644 --- a/libcontainer/specconv/spec_linux_test.go +++ b/libcontainer/specconv/spec_linux_test.go @@ -1,6 +1,7 @@ package specconv import ( + "errors" "os" "strings" "testing" @@ -609,7 +610,7 @@ func TestDupNamespaces(t *testing.T) { } func TestUserNamespaceMappingAndPath(t *testing.T) { - if _, err := os.Stat("/proc/self/ns/user"); os.IsNotExist(err) { + if _, err := os.Stat("/proc/self/ns/user"); errors.Is(err, os.ErrNotExist) { t.Skip("Test requires userns.") } @@ -643,7 +644,7 @@ func TestUserNamespaceMappingAndPath(t *testing.T) { } func TestNonZeroEUIDCompatibleSpecconvValidate(t *testing.T) { - if _, err := os.Stat("/proc/self/ns/user"); os.IsNotExist(err) { + if _, err := os.Stat("/proc/self/ns/user"); errors.Is(err, os.ErrNotExist) { t.Skip("Test requires userns.") } diff --git a/libcontainer/state_linux.go b/libcontainer/state_linux.go index 2b7b8b5bc36..1f758e2a301 100644 --- a/libcontainer/state_linux.go +++ b/libcontainer/state_linux.go @@ -1,6 +1,7 @@ package libcontainer import ( + "errors" "fmt" "os" "path/filepath" @@ -213,7 +214,7 @@ func (r *restoredState) transition(s containerState) error { func (r *restoredState) destroy() error { if _, err := os.Stat(filepath.Join(r.c.stateDir, "checkpoint")); err != nil { - if !os.IsNotExist(err) { + if !errors.Is(err, os.ErrNotExist) { return err } } diff --git a/spec.go b/spec.go index d03d644e28e..15e933eb0b9 100644 --- a/spec.go +++ b/spec.go @@ -91,7 +91,7 @@ created by an unprivileged user. if err == nil { return fmt.Errorf("File %s exists. Remove it first", name) } - if !os.IsNotExist(err) { + if !errors.Is(err, os.ErrNotExist) { return err } return nil @@ -117,7 +117,7 @@ created by an unprivileged user. func loadSpec(cPath string) (spec *specs.Spec, err error) { cf, err := os.Open(cPath) if err != nil { - if os.IsNotExist(err) { + if errors.Is(err, os.ErrNotExist) { return nil, fmt.Errorf("JSON specification file %s not found", cPath) } return nil, err From 58d24d2dfb258906ffefaecff3adc0ee2d82652d Mon Sep 17 00:00:00 2001 From: Curd Becker Date: Tue, 9 Dec 2025 03:29:44 +0100 Subject: [PATCH 1155/1176] Add linter rule to guard against use of os.Is* error functions Signed-off-by: Curd Becker --- .golangci.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.golangci.yml b/.golangci.yml index 684f98960ef..c5ed654c715 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -37,6 +37,12 @@ linters: # going to be tricked into overwriting host files. - pattern: ^os\.Create$ pkg: ^os$ + # os.Is* error checking functions predate errors.Is. Therefore, they + # only support errors returned by the os package and subtly fail + # to deal with other wrapped error types. + # New code should use errors.Is(err, error-type) instead. + - pattern: ^os\.Is(Exist|NotExist|Permission|Timeout)$ + pkg: ^os$ analyze-types: true exclusions: rules: From 18c3adb8dc7d6480842c77793000714f3b40e066 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 12 Dec 2025 04:02:43 +0000 Subject: [PATCH 1156/1176] build(deps): bump actions/cache from 4 to 5 Bumps [actions/cache](https://github.com/actions/cache) from 4 to 5. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/cache dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index bc75ac66a07..cc2b0884279 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -186,7 +186,7 @@ jobs: - uses: lima-vm/lima-actions/setup@v1 id: lima-actions-setup - - uses: actions/cache@v4 + - uses: actions/cache@v5 with: path: ~/.cache/lima key: lima-${{ steps.lima-actions-setup.outputs.version }} From 652269729dea0a866d32f71f5065212b14fec2f0 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 15 Dec 2025 10:45:18 -0800 Subject: [PATCH 1157/1176] libc/int: use strings.Builder Generated by modernize@latest (v0.21.0). Signed-off-by: Kir Kolyshkin --- libcontainer/integration/exec_test.go | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/libcontainer/integration/exec_test.go b/libcontainer/integration/exec_test.go index 5cbcd2da41b..9133b6801a9 100644 --- a/libcontainer/integration/exec_test.go +++ b/libcontainer/integration/exec_test.go @@ -1068,15 +1068,16 @@ func TestHook(t *testing.T) { ok(t, err) // e.g: 'ls /prestart ...' - cmd := "ls " + var cmd strings.Builder + cmd.WriteString("ls ") for _, hook := range hookFiles { - cmd += "/" + hook + " " + cmd.WriteString("/" + hook + " ") } var stdout bytes.Buffer pconfig := libcontainer.Process{ Cwd: "/", - Args: []string{"sh", "-c", cmd}, + Args: []string{"sh", "-c", cmd.String()}, Env: standardEnvironment, Stdin: nil, Stdout: &stdout, From 16ee2bbf4cd7dc61b6920fc546b5e9d8e0dbbab1 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 15 Dec 2025 10:37:12 -0800 Subject: [PATCH 1158/1176] ci: use latest Go for modernize job Since we use modernize@latest, it may require latest Go as well (and now it does), so use "go-version: stable" explicitly (which resolves to latest Go). This fixes the issue with CI: > go: golang.org/x/tools/gopls/internal/analysis/modernize/cmd/modernize@latest: golang.org/x/tools/gopls@v0.21.0 requires go >= 1.25 (running go 1.24.11; GOTOOLCHAIN=local) Signed-off-by: Kir Kolyshkin --- .github/workflows/validate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 0522874bad3..037a9f72d84 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -57,7 +57,7 @@ jobs: fetch-depth: 2 - uses: actions/setup-go@v6 with: - go-version: "${{ env.GO_VERSION }}" + go-version: stable # modernize@latest may require latest Go. - name: install deps run: | sudo apt -q update From dbc4234607a552ae303174da0621ffb24a925228 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 15 Dec 2025 10:46:55 -0800 Subject: [PATCH 1159/1176] ci: drop -test from modernize run The modernize documentation used to suggest -test flag but it's not needed as it is enabled by default. Drop it. Signed-off-by: Kir Kolyshkin --- .github/workflows/validate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 037a9f72d84..6fba118dad2 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -68,7 +68,7 @@ jobs: git diff --exit-code - name: run modernize run: | - go run golang.org/x/tools/gopls/internal/analysis/modernize/cmd/modernize@latest -fix -test ./... + go run golang.org/x/tools/gopls/internal/analysis/modernize/cmd/modernize@latest -fix ./... git diff --exit-code compile-buildtags: From 20bdd0b5373a31faa1e71b75fd9de577c5389480 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 15 Dec 2025 10:39:15 -0800 Subject: [PATCH 1160/1176] ci: use Go 1.25 for validate jobs Signed-off-by: Kir Kolyshkin --- .github/workflows/validate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 6fba118dad2..ab4df580a32 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -9,7 +9,7 @@ on: pull_request: workflow_dispatch: env: - GO_VERSION: 1.24 + GO_VERSION: 1.25 permissions: contents: read From 3be9a054e7fe553fdbce103179c069af8ad05ce6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 17 Dec 2025 00:53:57 +0000 Subject: [PATCH 1161/1176] build(deps): bump actions/upload-artifact from 5 to 6 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 5 to 6. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v5...v6) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/validate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index ab4df580a32..528f30eaf1c 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -234,7 +234,7 @@ jobs: - name: make releaseall run: make releaseall - name: upload artifacts - uses: actions/upload-artifact@v5 + uses: actions/upload-artifact@v6 with: name: release-${{ github.run_id }} path: release/* From 65fe59d01d534cb5897533fb95a3d3736019435f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 17 Dec 2025 00:54:36 +0000 Subject: [PATCH 1162/1176] build(deps): bump golang.org/x/net from 0.47.0 to 0.48.0 Bumps [golang.org/x/net](https://github.com/golang/net) from 0.47.0 to 0.48.0. - [Commits](https://github.com/golang/net/compare/v0.47.0...v0.48.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-version: 0.48.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 4 ++-- go.sum | 8 ++++---- vendor/golang.org/x/sys/unix/mkerrors.sh | 3 ++- vendor/golang.org/x/sys/unix/zerrors_linux.go | 2 ++ vendor/golang.org/x/sys/unix/zerrors_linux_386.go | 2 ++ vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go | 2 ++ vendor/golang.org/x/sys/unix/zerrors_linux_arm.go | 2 ++ vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go | 2 ++ vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go | 2 ++ vendor/golang.org/x/sys/unix/zerrors_linux_mips.go | 2 ++ vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go | 2 ++ vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go | 2 ++ vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go | 2 ++ vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go | 2 ++ vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go | 2 ++ vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go | 2 ++ vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go | 2 ++ vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go | 2 ++ vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go | 2 ++ vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go | 2 +- vendor/modules.txt | 4 ++-- 21 files changed, 43 insertions(+), 10 deletions(-) diff --git a/go.mod b/go.mod index f53fb4edf3c..60fd7ae481d 100644 --- a/go.mod +++ b/go.mod @@ -22,8 +22,8 @@ require ( github.com/urfave/cli v1.22.17 github.com/vishvananda/netlink v1.3.1 github.com/vishvananda/netns v0.0.5 - golang.org/x/net v0.47.0 - golang.org/x/sys v0.38.0 + golang.org/x/net v0.48.0 + golang.org/x/sys v0.39.0 google.golang.org/protobuf v1.36.10 ) diff --git a/go.sum b/go.sum index 9243ec33314..6e9ea1e99e4 100644 --- a/go.sum +++ b/go.sum @@ -79,16 +79,16 @@ github.com/vishvananda/netlink v1.3.1 h1:3AEMt62VKqz90r0tmNhog0r/PpWKmrEShJU0wJW github.com/vishvananda/netlink v1.3.1/go.mod h1:ARtKouGSTGchR8aMwmkzC0qiNPrrWO5JS/XMVl45+b4= github.com/vishvananda/netns v0.0.5 h1:DfiHV+j8bA32MFM7bfEunvT8IAqQ/NzSJHtcmW5zdEY= github.com/vishvananda/netns v0.0.5/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM= -golang.org/x/net v0.47.0 h1:Mx+4dIFzqraBXUugkia1OOvlD6LemFo1ALMHjrXDOhY= -golang.org/x/net v0.47.0/go.mod h1:/jNxtkgq5yWUGYkaZGqo27cfGZ1c5Nen03aYrrKpVRU= +golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU= +golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY= golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.38.0 h1:3yZWxaJjBmCWXqhN1qh02AkOnCQ1poK6oF+a7xWL6Gc= -golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= +golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk= +golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE= google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/vendor/golang.org/x/sys/unix/mkerrors.sh b/vendor/golang.org/x/sys/unix/mkerrors.sh index 42517077c43..fd39be4efdc 100644 --- a/vendor/golang.org/x/sys/unix/mkerrors.sh +++ b/vendor/golang.org/x/sys/unix/mkerrors.sh @@ -256,6 +256,7 @@ struct ltchars { #include #include #include +#include #include #include #include @@ -613,7 +614,7 @@ ccflags="$@" $2 !~ /IOC_MAGIC/ && $2 ~ /^[A-Z][A-Z0-9_]+_MAGIC2?$/ || $2 ~ /^(VM|VMADDR)_/ || - $2 ~ /^IOCTL_VM_SOCKETS_/ || + $2 ~ /^(IOCTL_VM_SOCKETS_|IOCTL_MEI_)/ || $2 ~ /^(TASKSTATS|TS)_/ || $2 ~ /^CGROUPSTATS_/ || $2 ~ /^GENL_/ || diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux.go b/vendor/golang.org/x/sys/unix/zerrors_linux.go index d0a75da572c..120a7b35d1d 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux.go @@ -1615,6 +1615,8 @@ const ( IN_OPEN = 0x20 IN_Q_OVERFLOW = 0x4000 IN_UNMOUNT = 0x2000 + IOCTL_MEI_CONNECT_CLIENT = 0xc0104801 + IOCTL_MEI_CONNECT_CLIENT_VTAG = 0xc0144804 IPPROTO_AH = 0x33 IPPROTO_BEETPH = 0x5e IPPROTO_COMP = 0x6c diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go index 1c37f9fbc45..97a61fc5b84 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go @@ -116,6 +116,8 @@ const ( IEXTEN = 0x8000 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x800 + IOCTL_MEI_NOTIFY_GET = 0x80044803 + IOCTL_MEI_NOTIFY_SET = 0x40044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x7b9 IPV6_FLOWINFO_MASK = 0xffffff0f IPV6_FLOWLABEL_MASK = 0xffff0f00 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go index 6f54d34aefc..a0d6d498c4b 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go @@ -116,6 +116,8 @@ const ( IEXTEN = 0x8000 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x800 + IOCTL_MEI_NOTIFY_GET = 0x80044803 + IOCTL_MEI_NOTIFY_SET = 0x40044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x7b9 IPV6_FLOWINFO_MASK = 0xffffff0f IPV6_FLOWLABEL_MASK = 0xffff0f00 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go index 783ec5c126f..dd9c903f9ad 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go @@ -115,6 +115,8 @@ const ( IEXTEN = 0x8000 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x800 + IOCTL_MEI_NOTIFY_GET = 0x80044803 + IOCTL_MEI_NOTIFY_SET = 0x40044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x7b9 IPV6_FLOWINFO_MASK = 0xffffff0f IPV6_FLOWLABEL_MASK = 0xffff0f00 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go index ca83d3ba162..384c61ca3a8 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go @@ -120,6 +120,8 @@ const ( IEXTEN = 0x8000 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x800 + IOCTL_MEI_NOTIFY_GET = 0x80044803 + IOCTL_MEI_NOTIFY_SET = 0x40044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x7b9 IPV6_FLOWINFO_MASK = 0xffffff0f IPV6_FLOWLABEL_MASK = 0xffff0f00 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go index 607e611c0cb..6384c9831fc 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go @@ -116,6 +116,8 @@ const ( IEXTEN = 0x8000 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x800 + IOCTL_MEI_NOTIFY_GET = 0x80044803 + IOCTL_MEI_NOTIFY_SET = 0x40044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x7b9 IPV6_FLOWINFO_MASK = 0xffffff0f IPV6_FLOWLABEL_MASK = 0xffff0f00 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go index b9cb5bd3c09..553c1c6f15e 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go @@ -115,6 +115,8 @@ const ( IEXTEN = 0x100 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x80 + IOCTL_MEI_NOTIFY_GET = 0x40044803 + IOCTL_MEI_NOTIFY_SET = 0x80044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x200007b9 IPV6_FLOWINFO_MASK = 0xfffffff IPV6_FLOWLABEL_MASK = 0xfffff diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go index 65b078a6382..b3339f2099a 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go @@ -115,6 +115,8 @@ const ( IEXTEN = 0x100 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x80 + IOCTL_MEI_NOTIFY_GET = 0x40044803 + IOCTL_MEI_NOTIFY_SET = 0x80044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x200007b9 IPV6_FLOWINFO_MASK = 0xfffffff IPV6_FLOWLABEL_MASK = 0xfffff diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go index 5298a3033d0..177091d2bc3 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go @@ -115,6 +115,8 @@ const ( IEXTEN = 0x100 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x80 + IOCTL_MEI_NOTIFY_GET = 0x40044803 + IOCTL_MEI_NOTIFY_SET = 0x80044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x200007b9 IPV6_FLOWINFO_MASK = 0xffffff0f IPV6_FLOWLABEL_MASK = 0xffff0f00 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go index 7bc557c8761..c5abf156d09 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go @@ -115,6 +115,8 @@ const ( IEXTEN = 0x100 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x80 + IOCTL_MEI_NOTIFY_GET = 0x40044803 + IOCTL_MEI_NOTIFY_SET = 0x80044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x200007b9 IPV6_FLOWINFO_MASK = 0xffffff0f IPV6_FLOWLABEL_MASK = 0xffff0f00 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go index 152399bb04a..f1f3fadf576 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go @@ -115,6 +115,8 @@ const ( IEXTEN = 0x400 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x800 + IOCTL_MEI_NOTIFY_GET = 0x40044803 + IOCTL_MEI_NOTIFY_SET = 0x80044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x200007b9 IPV6_FLOWINFO_MASK = 0xfffffff IPV6_FLOWLABEL_MASK = 0xfffff diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go index 1a1ce2409cf..203ad9c54af 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go @@ -115,6 +115,8 @@ const ( IEXTEN = 0x400 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x800 + IOCTL_MEI_NOTIFY_GET = 0x40044803 + IOCTL_MEI_NOTIFY_SET = 0x80044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x200007b9 IPV6_FLOWINFO_MASK = 0xfffffff IPV6_FLOWLABEL_MASK = 0xfffff diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go index 4231a1fb578..4b9abcb21a2 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go @@ -115,6 +115,8 @@ const ( IEXTEN = 0x400 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x800 + IOCTL_MEI_NOTIFY_GET = 0x40044803 + IOCTL_MEI_NOTIFY_SET = 0x80044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x200007b9 IPV6_FLOWINFO_MASK = 0xffffff0f IPV6_FLOWLABEL_MASK = 0xffff0f00 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go index 21c0e952665..f87983037d9 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go @@ -115,6 +115,8 @@ const ( IEXTEN = 0x8000 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x800 + IOCTL_MEI_NOTIFY_GET = 0x80044803 + IOCTL_MEI_NOTIFY_SET = 0x40044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x7b9 IPV6_FLOWINFO_MASK = 0xffffff0f IPV6_FLOWLABEL_MASK = 0xffff0f00 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go index f00d1cd7cf4..64347eb354c 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go @@ -115,6 +115,8 @@ const ( IEXTEN = 0x8000 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x800 + IOCTL_MEI_NOTIFY_GET = 0x80044803 + IOCTL_MEI_NOTIFY_SET = 0x40044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x7b9 IPV6_FLOWINFO_MASK = 0xfffffff IPV6_FLOWLABEL_MASK = 0xfffff diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go index bc8d539e6af..7d71911718f 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go @@ -119,6 +119,8 @@ const ( IEXTEN = 0x8000 IN_CLOEXEC = 0x400000 IN_NONBLOCK = 0x4000 + IOCTL_MEI_NOTIFY_GET = 0x40044803 + IOCTL_MEI_NOTIFY_SET = 0x80044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x200007b9 IPV6_FLOWINFO_MASK = 0xfffffff IPV6_FLOWLABEL_MASK = 0xfffff diff --git a/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go b/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go index 439548ec9ad..50e8e644970 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go +++ b/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go @@ -104,7 +104,7 @@ type Statvfs_t struct { Fsid uint32 Namemax uint32 Owner uint32 - Spare [4]uint32 + Spare [4]uint64 Fstypename [32]byte Mntonname [1024]byte Mntfromname [1024]byte diff --git a/vendor/modules.txt b/vendor/modules.txt index 1824f87bf52..7b050a60f9b 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -107,10 +107,10 @@ github.com/vishvananda/netlink/nl # github.com/vishvananda/netns v0.0.5 ## explicit; go 1.17 github.com/vishvananda/netns -# golang.org/x/net v0.47.0 +# golang.org/x/net v0.48.0 ## explicit; go 1.24.0 golang.org/x/net/bpf -# golang.org/x/sys v0.38.0 +# golang.org/x/sys v0.39.0 ## explicit; go 1.24.0 golang.org/x/sys/unix golang.org/x/sys/windows From b4887cec320c922de3c8e9a89e1dc6fd867586a9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 17 Dec 2025 01:30:19 +0000 Subject: [PATCH 1163/1176] build(deps): bump google.golang.org/protobuf from 1.36.10 to 1.36.11 Bumps google.golang.org/protobuf from 1.36.10 to 1.36.11. --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-version: 1.36.11 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 +- .../protobuf/internal/encoding/tag/tag.go | 11 +- .../protobuf/internal/encoding/text/decode.go | 115 ++++++++++++------ .../protobuf/internal/filedesc/desc.go | 1 + .../protobuf/internal/filedesc/desc_lazy.go | 22 ---- .../protobuf/internal/genid/descriptor_gen.go | 1 + .../protobuf/internal/impl/codec_map.go | 6 + .../protobuf/internal/impl/decode.go | 3 +- .../protobuf/internal/impl/validate.go | 26 ++++ .../protobuf/internal/version/version.go | 2 +- .../protobuf/proto/decode.go | 10 +- vendor/modules.txt | 2 +- 13 files changed, 135 insertions(+), 70 deletions(-) diff --git a/go.mod b/go.mod index 60fd7ae481d..8b29434af2d 100644 --- a/go.mod +++ b/go.mod @@ -24,7 +24,7 @@ require ( github.com/vishvananda/netns v0.0.5 golang.org/x/net v0.48.0 golang.org/x/sys v0.39.0 - google.golang.org/protobuf v1.36.10 + google.golang.org/protobuf v1.36.11 ) require ( diff --git a/go.sum b/go.sum index 6e9ea1e99e4..47939824770 100644 --- a/go.sum +++ b/go.sum @@ -89,8 +89,8 @@ golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk= golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= -google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE= -google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= +google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE= +google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/vendor/google.golang.org/protobuf/internal/encoding/tag/tag.go b/vendor/google.golang.org/protobuf/internal/encoding/tag/tag.go index 669133d04dc..c96e4483460 100644 --- a/vendor/google.golang.org/protobuf/internal/encoding/tag/tag.go +++ b/vendor/google.golang.org/protobuf/internal/encoding/tag/tag.go @@ -32,7 +32,7 @@ var byteType = reflect.TypeOf(byte(0)) func Unmarshal(tag string, goType reflect.Type, evs protoreflect.EnumValueDescriptors) protoreflect.FieldDescriptor { f := new(filedesc.Field) f.L0.ParentFile = filedesc.SurrogateProto2 - f.L1.EditionFeatures = f.L0.ParentFile.L1.EditionFeatures + packed := false for len(tag) > 0 { i := strings.IndexByte(tag, ',') if i < 0 { @@ -108,7 +108,7 @@ func Unmarshal(tag string, goType reflect.Type, evs protoreflect.EnumValueDescri f.L1.StringName.InitJSON(jsonName) } case s == "packed": - f.L1.EditionFeatures.IsPacked = true + packed = true case strings.HasPrefix(s, "def="): // The default tag is special in that everything afterwards is the // default regardless of the presence of commas. @@ -121,6 +121,13 @@ func Unmarshal(tag string, goType reflect.Type, evs protoreflect.EnumValueDescri tag = strings.TrimPrefix(tag[i:], ",") } + // Update EditionFeatures after the loop and after we know whether this is + // a proto2 or proto3 field. + f.L1.EditionFeatures = f.L0.ParentFile.L1.EditionFeatures + if packed { + f.L1.EditionFeatures.IsPacked = true + } + // The generator uses the group message name instead of the field name. // We obtain the real field name by lowercasing the group name. if f.L1.Kind == protoreflect.GroupKind { diff --git a/vendor/google.golang.org/protobuf/internal/encoding/text/decode.go b/vendor/google.golang.org/protobuf/internal/encoding/text/decode.go index 099b2bf451b..9aa7a9bb776 100644 --- a/vendor/google.golang.org/protobuf/internal/encoding/text/decode.go +++ b/vendor/google.golang.org/protobuf/internal/encoding/text/decode.go @@ -424,27 +424,34 @@ func (d *Decoder) parseFieldName() (tok Token, err error) { return Token{}, d.newSyntaxError("invalid field name: %s", errId(d.in)) } -// parseTypeName parses Any type URL or extension field name. The name is -// enclosed in [ and ] characters. The C++ parser does not handle many legal URL -// strings. This implementation is more liberal and allows for the pattern -// ^[-_a-zA-Z0-9]+([./][-_a-zA-Z0-9]+)*`). Whitespaces and comments are allowed -// in between [ ], '.', '/' and the sub names. +// parseTypeName parses an Any type URL or an extension field name. The name is +// enclosed in [ and ] characters. We allow almost arbitrary type URL prefixes, +// closely following the text-format spec [1,2]. We implement "ExtensionName | +// AnyName" as follows (with some exceptions for backwards compatibility): +// +// char = [-_a-zA-Z0-9] +// url_char = char | [.~!$&'()*+,;=] | "%", hex, hex +// +// Ident = char, { char } +// TypeName = Ident, { ".", Ident } ; +// UrlPrefix = url_char, { url_char | "/" } ; +// ExtensionName = "[", TypeName, "]" ; +// AnyName = "[", UrlPrefix, "/", TypeName, "]" ; +// +// Additionally, we allow arbitrary whitespace and comments between [ and ]. +// +// [1] https://protobuf.dev/reference/protobuf/textformat-spec/#characters +// [2] https://protobuf.dev/reference/protobuf/textformat-spec/#field-names func (d *Decoder) parseTypeName() (Token, error) { - startPos := len(d.orig) - len(d.in) // Use alias s to advance first in order to use d.in for error handling. - // Caller already checks for [ as first character. + // Caller already checks for [ as first character (d.in[0] == '['). s := consume(d.in[1:], 0) if len(s) == 0 { return Token{}, ErrUnexpectedEOF } + // Collect everything between [ and ] in name. var name []byte - for len(s) > 0 && isTypeNameChar(s[0]) { - name = append(name, s[0]) - s = s[1:] - } - s = consume(s, 0) - var closed bool for len(s) > 0 && !closed { switch { @@ -452,23 +459,20 @@ func (d *Decoder) parseTypeName() (Token, error) { s = s[1:] closed = true - case s[0] == '/', s[0] == '.': - if len(name) > 0 && (name[len(name)-1] == '/' || name[len(name)-1] == '.') { - return Token{}, d.newSyntaxError("invalid type URL/extension field name: %s", - d.orig[startPos:len(d.orig)-len(s)+1]) - } + case s[0] == '/' || isTypeNameChar(s[0]) || isUrlExtraChar(s[0]): name = append(name, s[0]) - s = s[1:] - s = consume(s, 0) - for len(s) > 0 && isTypeNameChar(s[0]) { - name = append(name, s[0]) - s = s[1:] + s = consume(s[1:], 0) + + // URL percent-encoded chars + case s[0] == '%': + if len(s) < 3 || !isHexChar(s[1]) || !isHexChar(s[2]) { + return Token{}, d.parseTypeNameError(s, 3) } - s = consume(s, 0) + name = append(name, s[0], s[1], s[2]) + s = consume(s[3:], 0) default: - return Token{}, d.newSyntaxError( - "invalid type URL/extension field name: %s", d.orig[startPos:len(d.orig)-len(s)+1]) + return Token{}, d.parseTypeNameError(s, 1) } } @@ -476,15 +480,38 @@ func (d *Decoder) parseTypeName() (Token, error) { return Token{}, ErrUnexpectedEOF } - // First character cannot be '.'. Last character cannot be '.' or '/'. - size := len(name) - if size == 0 || name[0] == '.' || name[size-1] == '.' || name[size-1] == '/' { - return Token{}, d.newSyntaxError("invalid type URL/extension field name: %s", - d.orig[startPos:len(d.orig)-len(s)]) + // Split collected name on last '/' into urlPrefix and typeName (if '/' is + // present). + typeName := name + if i := bytes.LastIndexByte(name, '/'); i != -1 { + urlPrefix := name[:i] + typeName = name[i+1:] + + // urlPrefix may be empty (for backwards compatibility). + // If non-empty, it must not start with '/'. + if len(urlPrefix) > 0 && urlPrefix[0] == '/' { + return Token{}, d.parseTypeNameError(s, 0) + } } + // typeName must not be empty (note: "" splits to [""]) and all identifier + // parts must not be empty. + for _, ident := range bytes.Split(typeName, []byte{'.'}) { + if len(ident) == 0 { + return Token{}, d.parseTypeNameError(s, 0) + } + } + + // typeName must not contain any percent-encoded or special URL chars. + for _, b := range typeName { + if b == '%' || (b != '.' && isUrlExtraChar(b)) { + return Token{}, d.parseTypeNameError(s, 0) + } + } + + startPos := len(d.orig) - len(d.in) + endPos := len(d.orig) - len(s) d.in = s - endPos := len(d.orig) - len(d.in) d.consume(0) return Token{ @@ -496,16 +523,32 @@ func (d *Decoder) parseTypeName() (Token, error) { }, nil } +func (d *Decoder) parseTypeNameError(s []byte, numUnconsumedChars int) error { + return d.newSyntaxError( + "invalid type URL/extension field name: %s", + d.in[:len(d.in)-len(s)+min(numUnconsumedChars, len(s))], + ) +} + +func isHexChar(b byte) bool { + return ('0' <= b && b <= '9') || + ('a' <= b && b <= 'f') || + ('A' <= b && b <= 'F') +} + func isTypeNameChar(b byte) bool { - return (b == '-' || b == '_' || + return b == '-' || b == '_' || ('0' <= b && b <= '9') || ('a' <= b && b <= 'z') || - ('A' <= b && b <= 'Z')) + ('A' <= b && b <= 'Z') } -func isWhiteSpace(b byte) bool { +// isUrlExtraChar complements isTypeNameChar with extra characters that we allow +// in URLs but not in type names. Note that '/' is not included so that it can +// be treated specially. +func isUrlExtraChar(b byte) bool { switch b { - case ' ', '\n', '\r', '\t': + case '.', '~', '!', '$', '&', '(', ')', '*', '+', ',', ';', '=': return true default: return false diff --git a/vendor/google.golang.org/protobuf/internal/filedesc/desc.go b/vendor/google.golang.org/protobuf/internal/filedesc/desc.go index dbcf90b871f..c775e5832f0 100644 --- a/vendor/google.golang.org/protobuf/internal/filedesc/desc.go +++ b/vendor/google.golang.org/protobuf/internal/filedesc/desc.go @@ -32,6 +32,7 @@ const ( EditionProto3 Edition = 999 Edition2023 Edition = 1000 Edition2024 Edition = 1001 + EditionUnstable Edition = 9999 EditionUnsupported Edition = 100000 ) diff --git a/vendor/google.golang.org/protobuf/internal/filedesc/desc_lazy.go b/vendor/google.golang.org/protobuf/internal/filedesc/desc_lazy.go index dd31faaeb0a..78f02b1b495 100644 --- a/vendor/google.golang.org/protobuf/internal/filedesc/desc_lazy.go +++ b/vendor/google.golang.org/protobuf/internal/filedesc/desc_lazy.go @@ -330,7 +330,6 @@ func (md *Message) unmarshalFull(b []byte, sb *strs.Builder) { md.L1.Extensions.List[extensionIdx].unmarshalFull(v, sb) extensionIdx++ case genid.DescriptorProto_Options_field_number: - md.unmarshalOptions(v) rawOptions = appendOptions(rawOptions, v) } default: @@ -356,27 +355,6 @@ func (md *Message) unmarshalFull(b []byte, sb *strs.Builder) { md.L2.Options = md.L0.ParentFile.builder.optionsUnmarshaler(&descopts.Message, rawOptions) } -func (md *Message) unmarshalOptions(b []byte) { - for len(b) > 0 { - num, typ, n := protowire.ConsumeTag(b) - b = b[n:] - switch typ { - case protowire.VarintType: - v, m := protowire.ConsumeVarint(b) - b = b[m:] - switch num { - case genid.MessageOptions_MapEntry_field_number: - md.L1.IsMapEntry = protowire.DecodeBool(v) - case genid.MessageOptions_MessageSetWireFormat_field_number: - md.L1.IsMessageSet = protowire.DecodeBool(v) - } - default: - m := protowire.ConsumeFieldValue(num, typ, b) - b = b[m:] - } - } -} - func unmarshalMessageReservedRange(b []byte) (r [2]protoreflect.FieldNumber) { for len(b) > 0 { num, typ, n := protowire.ConsumeTag(b) diff --git a/vendor/google.golang.org/protobuf/internal/genid/descriptor_gen.go b/vendor/google.golang.org/protobuf/internal/genid/descriptor_gen.go index 950a6a325a4..65aaf4d210a 100644 --- a/vendor/google.golang.org/protobuf/internal/genid/descriptor_gen.go +++ b/vendor/google.golang.org/protobuf/internal/genid/descriptor_gen.go @@ -26,6 +26,7 @@ const ( Edition_EDITION_PROTO3_enum_value = 999 Edition_EDITION_2023_enum_value = 1000 Edition_EDITION_2024_enum_value = 1001 + Edition_EDITION_UNSTABLE_enum_value = 9999 Edition_EDITION_1_TEST_ONLY_enum_value = 1 Edition_EDITION_2_TEST_ONLY_enum_value = 2 Edition_EDITION_99997_TEST_ONLY_enum_value = 99997 diff --git a/vendor/google.golang.org/protobuf/internal/impl/codec_map.go b/vendor/google.golang.org/protobuf/internal/impl/codec_map.go index 229c6980138..4a3bf393ef4 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/codec_map.go +++ b/vendor/google.golang.org/protobuf/internal/impl/codec_map.go @@ -113,6 +113,9 @@ func sizeMap(mapv reflect.Value, mapi *mapInfo, f *coderFieldInfo, opts marshalO } func consumeMap(b []byte, mapv reflect.Value, wtyp protowire.Type, mapi *mapInfo, f *coderFieldInfo, opts unmarshalOptions) (out unmarshalOutput, err error) { + if opts.depth--; opts.depth < 0 { + return out, errRecursionDepth + } if wtyp != protowire.BytesType { return out, errUnknown } @@ -170,6 +173,9 @@ func consumeMap(b []byte, mapv reflect.Value, wtyp protowire.Type, mapi *mapInfo } func consumeMapOfMessage(b []byte, mapv reflect.Value, wtyp protowire.Type, mapi *mapInfo, f *coderFieldInfo, opts unmarshalOptions) (out unmarshalOutput, err error) { + if opts.depth--; opts.depth < 0 { + return out, errRecursionDepth + } if wtyp != protowire.BytesType { return out, errUnknown } diff --git a/vendor/google.golang.org/protobuf/internal/impl/decode.go b/vendor/google.golang.org/protobuf/internal/impl/decode.go index e0dd21fa5f4..1228b5c8c27 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/decode.go +++ b/vendor/google.golang.org/protobuf/internal/impl/decode.go @@ -102,8 +102,7 @@ var errUnknown = errors.New("unknown") func (mi *MessageInfo) unmarshalPointer(b []byte, p pointer, groupTag protowire.Number, opts unmarshalOptions) (out unmarshalOutput, err error) { mi.init() - opts.depth-- - if opts.depth < 0 { + if opts.depth--; opts.depth < 0 { return out, errRecursionDepth } if flags.ProtoLegacy && mi.isMessageSet { diff --git a/vendor/google.golang.org/protobuf/internal/impl/validate.go b/vendor/google.golang.org/protobuf/internal/impl/validate.go index 7b2995dde5e..99a1eb95f7c 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/validate.go +++ b/vendor/google.golang.org/protobuf/internal/impl/validate.go @@ -68,9 +68,13 @@ func Validate(mt protoreflect.MessageType, in protoiface.UnmarshalInput) (out pr if in.Resolver == nil { in.Resolver = protoregistry.GlobalTypes } + if in.Depth == 0 { + in.Depth = protowire.DefaultRecursionLimit + } o, st := mi.validate(in.Buf, 0, unmarshalOptions{ flags: in.Flags, resolver: in.Resolver, + depth: in.Depth, }) if o.initialized { out.Flags |= protoiface.UnmarshalInitialized @@ -257,6 +261,9 @@ func (mi *MessageInfo) validate(b []byte, groupTag protowire.Number, opts unmars states[0].typ = validationTypeGroup states[0].endGroup = groupTag } + if opts.depth--; opts.depth < 0 { + return out, ValidationInvalid + } initialized := true start := len(b) State: @@ -451,6 +458,13 @@ State: mi: vi.mi, tail: b, }) + if vi.typ == validationTypeMessage || + vi.typ == validationTypeGroup || + vi.typ == validationTypeMap { + if opts.depth--; opts.depth < 0 { + return out, ValidationInvalid + } + } b = v continue State case validationTypeRepeatedVarint: @@ -499,6 +513,9 @@ State: mi: vi.mi, endGroup: num, }) + if opts.depth--; opts.depth < 0 { + return out, ValidationInvalid + } continue State case flags.ProtoLegacy && vi.typ == validationTypeMessageSetItem: typeid, v, n, err := messageset.ConsumeFieldValue(b, false) @@ -521,6 +538,13 @@ State: mi: xvi.mi, tail: b[n:], }) + if xvi.typ == validationTypeMessage || + xvi.typ == validationTypeGroup || + xvi.typ == validationTypeMap { + if opts.depth--; opts.depth < 0 { + return out, ValidationInvalid + } + } b = v continue State } @@ -547,12 +571,14 @@ State: switch st.typ { case validationTypeMessage, validationTypeGroup: numRequiredFields = int(st.mi.numRequiredFields) + opts.depth++ case validationTypeMap: // If this is a map field with a message value that contains // required fields, require that the value be present. if st.mi != nil && st.mi.numRequiredFields > 0 { numRequiredFields = 1 } + opts.depth++ } // If there are more than 64 required fields, this check will // always fail and we will report that the message is potentially diff --git a/vendor/google.golang.org/protobuf/internal/version/version.go b/vendor/google.golang.org/protobuf/internal/version/version.go index 77de0f238ce..763fd82841c 100644 --- a/vendor/google.golang.org/protobuf/internal/version/version.go +++ b/vendor/google.golang.org/protobuf/internal/version/version.go @@ -52,7 +52,7 @@ import ( const ( Major = 1 Minor = 36 - Patch = 10 + Patch = 11 PreRelease = "" ) diff --git a/vendor/google.golang.org/protobuf/proto/decode.go b/vendor/google.golang.org/protobuf/proto/decode.go index 4cbf1aeaf79..889d8511d27 100644 --- a/vendor/google.golang.org/protobuf/proto/decode.go +++ b/vendor/google.golang.org/protobuf/proto/decode.go @@ -121,9 +121,8 @@ func (o UnmarshalOptions) unmarshal(b []byte, m protoreflect.Message) (out proto out, err = methods.Unmarshal(in) } else { - o.RecursionLimit-- - if o.RecursionLimit < 0 { - return out, errors.New("exceeded max recursion depth") + if o.RecursionLimit--; o.RecursionLimit < 0 { + return out, errRecursionDepth } err = o.unmarshalMessageSlow(b, m) } @@ -220,6 +219,9 @@ func (o UnmarshalOptions) unmarshalSingular(b []byte, wtyp protowire.Type, m pro } func (o UnmarshalOptions) unmarshalMap(b []byte, wtyp protowire.Type, mapv protoreflect.Map, fd protoreflect.FieldDescriptor) (n int, err error) { + if o.RecursionLimit--; o.RecursionLimit < 0 { + return 0, errRecursionDepth + } if wtyp != protowire.BytesType { return 0, errUnknown } @@ -305,3 +307,5 @@ func (o UnmarshalOptions) unmarshalMap(b []byte, wtyp protowire.Type, mapv proto var errUnknown = errors.New("BUG: internal error (unknown)") var errDecode = errors.New("cannot parse invalid wire-format data") + +var errRecursionDepth = errors.New("exceeded maximum recursion depth") diff --git a/vendor/modules.txt b/vendor/modules.txt index 7b050a60f9b..c8824068341 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -114,7 +114,7 @@ golang.org/x/net/bpf ## explicit; go 1.24.0 golang.org/x/sys/unix golang.org/x/sys/windows -# google.golang.org/protobuf v1.36.10 +# google.golang.org/protobuf v1.36.11 ## explicit; go 1.23 google.golang.org/protobuf/encoding/prototext google.golang.org/protobuf/encoding/protowire From 428043bcf2374a64acc7c2039b9e940735af11b4 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 17 Dec 2025 11:57:00 -0800 Subject: [PATCH 1164/1176] ci: fix modernize URL Signed-off-by: Kir Kolyshkin --- .github/workflows/validate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index ab4df580a32..805e587f0c7 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -68,7 +68,7 @@ jobs: git diff --exit-code - name: run modernize run: | - go run golang.org/x/tools/gopls/internal/analysis/modernize/cmd/modernize@latest -fix ./... + go run golang.org/x/tools/go/analysis/passes/modernize/cmd/modernize@latest -fix ./... git diff --exit-code compile-buildtags: From cf9076db569e7cc8a0bf1c22384ecbf2afc0a59a Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Fri, 19 Dec 2025 15:01:45 -0300 Subject: [PATCH 1165/1176] Update rata's email address Signed-off-by: Rodrigo Campos --- MAINTAINERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/MAINTAINERS b/MAINTAINERS index 7f253ee8c97..1e2828a9bd2 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -4,4 +4,4 @@ Akihiro Suda (@AkihiroSuda) Kir Kolyshkin (@kolyshkin) Sebastiaan van Stijn (@thaJeztah) Li Fu Bang (@lifubang) -Rodrigo Campos (@rata) +Rodrigo Campos (@rata) From 9d0d5ea41143fae7fc7bc9c701b0386054f93f83 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 30 Dec 2025 04:02:43 +0000 Subject: [PATCH 1166/1176] build(deps): bump github.com/godbus/dbus/v5 from 5.2.0 to 5.2.2 Bumps [github.com/godbus/dbus/v5](https://github.com/godbus/dbus) from 5.2.0 to 5.2.2. - [Release notes](https://github.com/godbus/dbus/releases) - [Commits](https://github.com/godbus/dbus/compare/v5.2.0...v5.2.2) --- updated-dependencies: - dependency-name: github.com/godbus/dbus/v5 dependency-version: 5.2.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- vendor/github.com/godbus/dbus/v5/.cirrus.yml | 6 ++--- .../github.com/godbus/dbus/v5/.golangci.yml | 10 ++++++-- vendor/github.com/godbus/dbus/v5/auth.go | 2 +- .../godbus/dbus/v5/auth_default_other.go | 1 - .../godbus/dbus/v5/auth_sha1_windows.go | 17 ++----------- vendor/github.com/godbus/dbus/v5/conn.go | 10 ++++---- .../github.com/godbus/dbus/v5/conn_other.go | 1 - vendor/github.com/godbus/dbus/v5/conn_unix.go | 1 - vendor/github.com/godbus/dbus/v5/decoder.go | 5 ++-- vendor/github.com/godbus/dbus/v5/sig.go | 24 ++++++++++--------- .../godbus/dbus/v5/transport_nonce_tcp.go | 1 - .../godbus/dbus/v5/transport_unix.go | 15 ++++++------ .../dbus/v5/transport_unixcred_linux.go | 2 +- .../godbus/dbus/v5/variant_parser.go | 8 +++---- vendor/modules.txt | 2 +- 17 files changed, 52 insertions(+), 59 deletions(-) diff --git a/go.mod b/go.mod index 8b29434af2d..71cb2c630d5 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( github.com/coreos/go-systemd/v22 v22.6.0 github.com/cyphar/filepath-securejoin v0.6.1 github.com/docker/go-units v0.5.0 - github.com/godbus/dbus/v5 v5.2.0 + github.com/godbus/dbus/v5 v5.2.2 github.com/moby/sys/capability v0.4.0 github.com/moby/sys/mountinfo v0.7.2 github.com/moby/sys/user v0.4.0 diff --git a/go.sum b/go.sum index 47939824770..880c5a7cb26 100644 --- a/go.sum +++ b/go.sum @@ -20,8 +20,8 @@ github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4 github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= github.com/go-quicktest/qt v1.101.0 h1:O1K29Txy5P2OK0dGo59b7b0LR6wKfIhttaAhHUyn7eI= github.com/go-quicktest/qt v1.101.0/go.mod h1:14Bz/f7NwaXPtdYEgzsx46kqSxVwTbzVZsDC26tQJow= -github.com/godbus/dbus/v5 v5.2.0 h1:3WexO+U+yg9T70v9FdHr9kCxYlazaAXUhx2VMkbfax8= -github.com/godbus/dbus/v5 v5.2.0/go.mod h1:3AAv2+hPq5rdnr5txxxRwiGjPXamgoIHgz9FPBfOp3c= +github.com/godbus/dbus/v5 v5.2.2 h1:TUR3TgtSVDmjiXOgAAyaZbYmIeP3DPkld3jgKGV8mXQ= +github.com/godbus/dbus/v5 v5.2.2/go.mod h1:3AAv2+hPq5rdnr5txxxRwiGjPXamgoIHgz9FPBfOp3c= github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= github.com/josharian/native v1.1.0 h1:uuaP0hAbW7Y4l0ZRQ6C9zfb7Mg1mbFKry/xzDAfmtLA= diff --git a/vendor/github.com/godbus/dbus/v5/.cirrus.yml b/vendor/github.com/godbus/dbus/v5/.cirrus.yml index 0c9b365d7ef..6e2090296e6 100644 --- a/vendor/github.com/godbus/dbus/v5/.cirrus.yml +++ b/vendor/github.com/godbus/dbus/v5/.cirrus.yml @@ -1,11 +1,11 @@ # See https://cirrus-ci.org/guide/FreeBSD/ freebsd_instance: - image_family: freebsd-14-2 + image_family: freebsd-14-3 task: name: Test on FreeBSD - install_script: pkg install -y go122 dbus + install_script: pkg install -y go125 dbus test_script: | /usr/local/etc/rc.d/dbus onestart && \ eval `dbus-launch --sh-syntax` && \ - go122 test -v ./... + go125 test -v ./... diff --git a/vendor/github.com/godbus/dbus/v5/.golangci.yml b/vendor/github.com/godbus/dbus/v5/.golangci.yml index f2d7910d4c2..5bbdd9342b2 100644 --- a/vendor/github.com/godbus/dbus/v5/.golangci.yml +++ b/vendor/github.com/godbus/dbus/v5/.golangci.yml @@ -1,7 +1,13 @@ -# For documentation, see https://golangci-lint.run/usage/configuration/ +version: "2" linters: enable: - - gofumpt - unconvert - unparam + exclusions: + presets: + - std-error-handling + +formatters: + enable: + - gofumpt diff --git a/vendor/github.com/godbus/dbus/v5/auth.go b/vendor/github.com/godbus/dbus/v5/auth.go index 5924690b855..c56dbaad3a2 100644 --- a/vendor/github.com/godbus/dbus/v5/auth.go +++ b/vendor/github.com/godbus/dbus/v5/auth.go @@ -57,7 +57,7 @@ func (conn *Conn) Auth(methods []Auth) error { methods = getDefaultAuthMethods(uid) } in := bufio.NewReader(conn.transport) - err := conn.transport.SendNullByte() + err := conn.SendNullByte() if err != nil { return err } diff --git a/vendor/github.com/godbus/dbus/v5/auth_default_other.go b/vendor/github.com/godbus/dbus/v5/auth_default_other.go index 64c911dd349..e112ccfe96d 100644 --- a/vendor/github.com/godbus/dbus/v5/auth_default_other.go +++ b/vendor/github.com/godbus/dbus/v5/auth_default_other.go @@ -1,5 +1,4 @@ //go:build !windows -// +build !windows package dbus diff --git a/vendor/github.com/godbus/dbus/v5/auth_sha1_windows.go b/vendor/github.com/godbus/dbus/v5/auth_sha1_windows.go index fecc18a1e93..0c5480eee19 100644 --- a/vendor/github.com/godbus/dbus/v5/auth_sha1_windows.go +++ b/vendor/github.com/godbus/dbus/v5/auth_sha1_windows.go @@ -7,7 +7,6 @@ import ( "crypto/sha1" "encoding/hex" "os" - "os/user" ) // AuthCookieSha1 returns an Auth that authenticates as the given user with the @@ -102,21 +101,9 @@ func (a authCookieSha1) generateChallenge() []byte { return enc } -// Get returns the home directory of the current user, which is usually the -// value of HOME environment variable. In case it is not set or empty, os/user -// package is used. -// -// If linking statically with cgo enabled against glibc, make sure the -// osusergo build tag is used. -// -// If needing to do nss lookups, do not disable cgo or set osusergo. func getHomeDir() string { - homeDir := os.Getenv("HOME") - if homeDir != "" { - return homeDir - } - if u, err := user.Current(); err == nil { - return u.HomeDir + if dir, err := os.UserHomeDir(); err == nil { + return dir } return "/" } diff --git a/vendor/github.com/godbus/dbus/v5/conn.go b/vendor/github.com/godbus/dbus/v5/conn.go index 4551be6305d..8a22acc98b5 100644 --- a/vendor/github.com/godbus/dbus/v5/conn.go +++ b/vendor/github.com/godbus/dbus/v5/conn.go @@ -445,7 +445,8 @@ func (conn *Conn) handleSignal(sequence Sequence, msg *Message) { // sender is optional for signals. sender, _ := msg.Headers[FieldSender].value.(string) if iface == "org.freedesktop.DBus" && sender == "org.freedesktop.DBus" { - if member == "NameLost" { + switch member { + case "NameLost": // If we lost the name on the bus, remove it from our // tracking list. name, ok := msg.Body[0].(string) @@ -453,7 +454,7 @@ func (conn *Conn) handleSignal(sequence Sequence, msg *Message) { panic("Unable to read the lost name") } conn.names.loseName(name) - } else if member == "NameAcquired" { + case "NameAcquired": // If we acquired the name on the bus, add it to our // tracking list. name, ok := msg.Body[0].(string) @@ -512,9 +513,10 @@ func isEncodingError(err error) bool { } func (conn *Conn) handleSendError(msg *Message, err error) { - if msg.Type == TypeMethodCall { + switch msg.Type { + case TypeMethodCall: conn.calls.handleSendError(msg, err) - } else if msg.Type == TypeMethodReply { + case TypeMethodReply: if isEncodingError(err) { // Make sure that the caller gets some kind of error response if // the application code tried to respond, but the resulting message diff --git a/vendor/github.com/godbus/dbus/v5/conn_other.go b/vendor/github.com/godbus/dbus/v5/conn_other.go index 9c1284c2745..4c6eb305d0b 100644 --- a/vendor/github.com/godbus/dbus/v5/conn_other.go +++ b/vendor/github.com/godbus/dbus/v5/conn_other.go @@ -1,5 +1,4 @@ //go:build !darwin -// +build !darwin package dbus diff --git a/vendor/github.com/godbus/dbus/v5/conn_unix.go b/vendor/github.com/godbus/dbus/v5/conn_unix.go index 84e1dc652dd..77d6bf1a47a 100644 --- a/vendor/github.com/godbus/dbus/v5/conn_unix.go +++ b/vendor/github.com/godbus/dbus/v5/conn_unix.go @@ -1,5 +1,4 @@ //go:build !windows && !solaris && !darwin -// +build !windows,!solaris,!darwin package dbus diff --git a/vendor/github.com/godbus/dbus/v5/decoder.go b/vendor/github.com/godbus/dbus/v5/decoder.go index 1e6198f5bf1..05af8cdd34f 100644 --- a/vendor/github.com/godbus/dbus/v5/decoder.go +++ b/vendor/github.com/godbus/dbus/v5/decoder.go @@ -291,9 +291,10 @@ func sigByteSize(sig string) int { i := 1 depth := 1 for i < len(sig[offset:]) && depth != 0 { - if sig[offset+i] == '(' { + switch sig[offset+i] { + case '(': depth++ - } else if sig[offset+i] == ')' { + case ')': depth-- } i++ diff --git a/vendor/github.com/godbus/dbus/v5/sig.go b/vendor/github.com/godbus/dbus/v5/sig.go index ed5accc94d2..de49f860ded 100644 --- a/vendor/github.com/godbus/dbus/v5/sig.go +++ b/vendor/github.com/godbus/dbus/v5/sig.go @@ -89,9 +89,10 @@ func getSignature(t reflect.Type, depth *depthCounter) (sig string) { } return "s" case reflect.Struct: - if t == variantType { + switch t { + case variantType: return "v" - } else if t == signatureType { + case signatureType: return "g" } var s string @@ -183,26 +184,26 @@ func (cnt *depthCounter) Valid() bool { return cnt.arrayDepth <= 32 && cnt.structDepth <= 32 && cnt.dictEntryDepth <= 32 } -func (cnt *depthCounter) EnterArray() *depthCounter { +func (cnt depthCounter) EnterArray() *depthCounter { cnt.arrayDepth++ - return cnt + return &cnt } -func (cnt *depthCounter) EnterStruct() *depthCounter { +func (cnt depthCounter) EnterStruct() *depthCounter { cnt.structDepth++ - return cnt + return &cnt } -func (cnt *depthCounter) EnterDictEntry() *depthCounter { +func (cnt depthCounter) EnterDictEntry() *depthCounter { cnt.dictEntryDepth++ - return cnt + return &cnt } // Try to read a single type from this string. If it was successful, err is nil // and rem is the remaining unparsed part. Otherwise, err is a non-nil // SignatureError and rem is "". depth is the current recursion depth which may // not be greater than 64 and should be given as 0 on the first call. -func validSingle(s string, depth *depthCounter) (err error, rem string) { +func validSingle(s string, depth *depthCounter) (err error, rem string) { //nolint:staticcheck // Ignore "ST1008: error should be returned as the last argument". if s == "" { return SignatureError{Sig: s, Reason: "empty signature"}, "" } @@ -258,9 +259,10 @@ func validSingle(s string, depth *depthCounter) (err error, rem string) { func findMatching(s string, left, right rune) int { n := 0 for i, v := range s { - if v == left { + switch v { + case left: n++ - } else if v == right { + case right: n-- } if n == 0 { diff --git a/vendor/github.com/godbus/dbus/v5/transport_nonce_tcp.go b/vendor/github.com/godbus/dbus/v5/transport_nonce_tcp.go index 916e17b6eef..9ffdeb0c0da 100644 --- a/vendor/github.com/godbus/dbus/v5/transport_nonce_tcp.go +++ b/vendor/github.com/godbus/dbus/v5/transport_nonce_tcp.go @@ -1,5 +1,4 @@ //go:build !windows -// +build !windows package dbus diff --git a/vendor/github.com/godbus/dbus/v5/transport_unix.go b/vendor/github.com/godbus/dbus/v5/transport_unix.go index 6a59637ae8a..3baad2e9afb 100644 --- a/vendor/github.com/godbus/dbus/v5/transport_unix.go +++ b/vendor/github.com/godbus/dbus/v5/transport_unix.go @@ -1,5 +1,4 @@ //go:build !windows && !solaris -// +build !windows,!solaris package dbus @@ -142,16 +141,16 @@ func (t *unixTransport) ReadMessage() (*Message, error) { } msg := &Message{ - Type: t.rdr.msghead.Type, - Flags: t.rdr.msghead.Flags, - serial: t.rdr.msghead.Serial, + Type: t.rdr.Type, + Flags: t.rdr.Flags, + serial: t.rdr.Serial, } // Length of header fields (without alignment). - hlen := t.rdr.msghead.HeaderLen + hlen := t.rdr.HeaderLen if hlen%8 != 0 { hlen += 8 - (hlen % 8) } - if hlen+t.rdr.msghead.BodyLen+16 > 1<<27 { + if hlen+t.rdr.BodyLen+16 > 1<<27 { return nil, InvalidMessageError("message is too long") } @@ -175,7 +174,7 @@ func (t *unixTransport) ReadMessage() (*Message, error) { var unixfds uint32 for _, v := range t.rdr.headers { if v.Field == byte(FieldUnixFDs) { - unixfds, _ = v.Variant.value.(uint32) + unixfds, _ = v.value.(uint32) } } @@ -272,7 +271,7 @@ func (t *unixTransport) SendMessage(msg *Message) error { return err } oob := syscall.UnixRights(fds...) - n, oobn, err := t.UnixConn.WriteMsgUnix(buf.Bytes(), oob, nil) + n, oobn, err := t.WriteMsgUnix(buf.Bytes(), oob, nil) if err != nil { return err } diff --git a/vendor/github.com/godbus/dbus/v5/transport_unixcred_linux.go b/vendor/github.com/godbus/dbus/v5/transport_unixcred_linux.go index d9dfdf69821..2d5d7f612f7 100644 --- a/vendor/github.com/godbus/dbus/v5/transport_unixcred_linux.go +++ b/vendor/github.com/godbus/dbus/v5/transport_unixcred_linux.go @@ -14,7 +14,7 @@ import ( func (t *unixTransport) SendNullByte() error { ucred := &syscall.Ucred{Pid: int32(os.Getpid()), Uid: uint32(os.Getuid()), Gid: uint32(os.Getgid())} b := syscall.UnixCredentials(ucred) - _, oobn, err := t.UnixConn.WriteMsgUnix([]byte{0}, b, nil) + _, oobn, err := t.WriteMsgUnix([]byte{0}, b, nil) if err != nil { return err } diff --git a/vendor/github.com/godbus/dbus/v5/variant_parser.go b/vendor/github.com/godbus/dbus/v5/variant_parser.go index 3f45f0a757c..bc0bd945c87 100644 --- a/vendor/github.com/godbus/dbus/v5/variant_parser.go +++ b/vendor/github.com/godbus/dbus/v5/variant_parser.go @@ -292,12 +292,12 @@ func (n stringNode) Value(sig Signature) (any, error) { if n.val != nil { return n.val, nil } - switch { - case sig.str == "g": + switch sig.str { + case "g": return Signature{n.str}, nil - case sig.str == "o": + case "o": return ObjectPath(n.str), nil - case sig.str == "s": + case "s": return n.str, nil default: return nil, varTypeError{n.str, sig} diff --git a/vendor/modules.txt b/vendor/modules.txt index c8824068341..2611e512dcb 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -49,7 +49,7 @@ github.com/cyphar/filepath-securejoin/pathrs-lite/procfs # github.com/docker/go-units v0.5.0 ## explicit github.com/docker/go-units -# github.com/godbus/dbus/v5 v5.2.0 +# github.com/godbus/dbus/v5 v5.2.2 ## explicit; go 1.20 github.com/godbus/dbus/v5 # github.com/moby/sys/capability v0.4.0 From c1ba275d8827c9447c1eeda236b3fe2d0f7e3f55 Mon Sep 17 00:00:00 2001 From: Ricardo Branco Date: Fri, 2 Jan 2026 16:59:23 +0100 Subject: [PATCH 1167/1176] integration: Skip test for new privileges if NoNewPrivs is set Signed-off-by: Ricardo Branco --- tests/integration/capabilities.bats | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/integration/capabilities.bats b/tests/integration/capabilities.bats index 4b1c127e026..af16dfc5250 100644 --- a/tests/integration/capabilities.bats +++ b/tests/integration/capabilities.bats @@ -31,6 +31,9 @@ function teardown() { } @test "runc run with new privileges" { + if [ $(awk '$1 == "NoNewPrivs:" { print $2; exit }' /proc/self/status) -ne 0 ]; then + skip "requires unset NoNewPrivs" + fi update_config '.process.noNewPrivileges = false' runc run test_new_privileges [ "$status" -eq 0 ] From 9632f1e1988ccdc0cc47b3f1c8fecfc4e3c29185 Mon Sep 17 00:00:00 2001 From: lifubang Date: Tue, 6 Jan 2026 10:02:03 +0000 Subject: [PATCH 1168/1176] integration: quote shell value to prevent word splitting Signed-off-by: lifubang --- tests/integration/capabilities.bats | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/integration/capabilities.bats b/tests/integration/capabilities.bats index af16dfc5250..bbc14213f0d 100644 --- a/tests/integration/capabilities.bats +++ b/tests/integration/capabilities.bats @@ -31,7 +31,7 @@ function teardown() { } @test "runc run with new privileges" { - if [ $(awk '$1 == "NoNewPrivs:" { print $2; exit }' /proc/self/status) -ne 0 ]; then + if [ "$(awk '$1 == "NoNewPrivs:" { print $2; exit }' /proc/self/status)" -ne 0 ]; then skip "requires unset NoNewPrivs" fi update_config '.process.noNewPrivileges = false' From c84a878cac480fc71aff5abc56c0ace77d9b0f5b Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 7 Jan 2026 13:13:20 -0800 Subject: [PATCH 1169/1176] internal/sys: simplify WriteSysctls Apparently Write (and WriteString) must return an error (apparently io.ErrShortWrite) on short writes (see [1], [2]), so no explicit check for a short write is needed. While at it, use (*os.File).WriteString directly rather than io.WriteString. [1]: https://pkg.go.dev/os#File.Write [2]: https://pkg.go.dev/io#Writer Signed-off-by: Kir Kolyshkin --- internal/sys/sysctl_linux.go | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/internal/sys/sysctl_linux.go b/internal/sys/sysctl_linux.go index 96876a55fff..e5f2805c2e1 100644 --- a/internal/sys/sysctl_linux.go +++ b/internal/sys/sysctl_linux.go @@ -2,7 +2,6 @@ package sys import ( "fmt" - "io" "os" "strings" @@ -42,10 +41,7 @@ func WriteSysctls(sysctls map[string]string) error { } defer sysctlFile.Close() - n, err := io.WriteString(sysctlFile, value) - if n != len(value) && err == nil { - err = fmt.Errorf("short write to file (%d bytes != %d bytes)", n, len(value)) - } + _, err = sysctlFile.WriteString(value) if err != nil { return fmt.Errorf("failed to write sysctl %s = %q: %w", key, value, err) } From 9e6a4cc36d8bef28defa45d3c913a81964bb25dd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 9 Jan 2026 05:02:06 +0000 Subject: [PATCH 1170/1176] build(deps): bump golang.org/x/sys from 0.39.0 to 0.40.0 Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.39.0 to 0.40.0. - [Commits](https://github.com/golang/sys/compare/v0.39.0...v0.40.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-version: 0.40.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- vendor/modules.txt | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index 71cb2c630d5..213be63909d 100644 --- a/go.mod +++ b/go.mod @@ -23,7 +23,7 @@ require ( github.com/vishvananda/netlink v1.3.1 github.com/vishvananda/netns v0.0.5 golang.org/x/net v0.48.0 - golang.org/x/sys v0.39.0 + golang.org/x/sys v0.40.0 google.golang.org/protobuf v1.36.11 ) diff --git a/go.sum b/go.sum index 880c5a7cb26..5f59f65e919 100644 --- a/go.sum +++ b/go.sum @@ -87,8 +87,8 @@ golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk= -golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= +golang.org/x/sys v0.40.0 h1:DBZZqJ2Rkml6QMQsZywtnjnnGvHza6BTfYFWY9kjEWQ= +golang.org/x/sys v0.40.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE= google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/vendor/modules.txt b/vendor/modules.txt index 2611e512dcb..398c449640f 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -110,7 +110,7 @@ github.com/vishvananda/netns # golang.org/x/net v0.48.0 ## explicit; go 1.24.0 golang.org/x/net/bpf -# golang.org/x/sys v0.39.0 +# golang.org/x/sys v0.40.0 ## explicit; go 1.24.0 golang.org/x/sys/unix golang.org/x/sys/windows From b650eda423441e68b13d0ff51bc934e1c628627a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 13 Jan 2026 06:33:37 +0000 Subject: [PATCH 1171/1176] build(deps): bump golang.org/x/net from 0.48.0 to 0.49.0 Bumps [golang.org/x/net](https://github.com/golang/net) from 0.48.0 to 0.49.0. - [Commits](https://github.com/golang/net/compare/v0.48.0...v0.49.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-version: 0.49.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- vendor/modules.txt | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index 213be63909d..7b833a35287 100644 --- a/go.mod +++ b/go.mod @@ -22,7 +22,7 @@ require ( github.com/urfave/cli v1.22.17 github.com/vishvananda/netlink v1.3.1 github.com/vishvananda/netns v0.0.5 - golang.org/x/net v0.48.0 + golang.org/x/net v0.49.0 golang.org/x/sys v0.40.0 google.golang.org/protobuf v1.36.11 ) diff --git a/go.sum b/go.sum index 5f59f65e919..81b15a76472 100644 --- a/go.sum +++ b/go.sum @@ -79,8 +79,8 @@ github.com/vishvananda/netlink v1.3.1 h1:3AEMt62VKqz90r0tmNhog0r/PpWKmrEShJU0wJW github.com/vishvananda/netlink v1.3.1/go.mod h1:ARtKouGSTGchR8aMwmkzC0qiNPrrWO5JS/XMVl45+b4= github.com/vishvananda/netns v0.0.5 h1:DfiHV+j8bA32MFM7bfEunvT8IAqQ/NzSJHtcmW5zdEY= github.com/vishvananda/netns v0.0.5/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM= -golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU= -golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY= +golang.org/x/net v0.49.0 h1:eeHFmOGUTtaaPSGNmjBKpbng9MulQsJURQUAfUwY++o= +golang.org/x/net v0.49.0/go.mod h1:/ysNB2EvaqvesRkuLAyjI1ycPZlQHM3q01F02UY/MV8= golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= diff --git a/vendor/modules.txt b/vendor/modules.txt index 398c449640f..5b36afc814f 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -107,7 +107,7 @@ github.com/vishvananda/netlink/nl # github.com/vishvananda/netns v0.0.5 ## explicit; go 1.17 github.com/vishvananda/netns -# golang.org/x/net v0.48.0 +# golang.org/x/net v0.49.0 ## explicit; go 1.24.0 golang.org/x/net/bpf # golang.org/x/sys v0.40.0 From 833e15e078cadef098431ee517891c4a6aaac859 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 16 Jan 2026 04:52:25 +0000 Subject: [PATCH 1172/1176] build(deps): bump github.com/sirupsen/logrus from 1.9.3 to 1.9.4 Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.9.3 to 1.9.4. - [Release notes](https://github.com/sirupsen/logrus/releases) - [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md) - [Commits](https://github.com/sirupsen/logrus/compare/v1.9.3...v1.9.4) --- updated-dependencies: - dependency-name: github.com/sirupsen/logrus dependency-version: 1.9.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 6 +- .../github.com/sirupsen/logrus/.golangci.yml | 95 ++++++++----- .../github.com/sirupsen/logrus/CHANGELOG.md | 4 +- vendor/github.com/sirupsen/logrus/README.md | 126 +++++++++--------- .../github.com/sirupsen/logrus/appveyor.yml | 16 +-- vendor/github.com/sirupsen/logrus/entry.go | 25 ++-- vendor/github.com/sirupsen/logrus/hooks.go | 8 +- .../sirupsen/logrus/hooks/test/test.go | 4 +- vendor/github.com/sirupsen/logrus/logger.go | 34 ++--- vendor/github.com/sirupsen/logrus/logrus.go | 20 +-- .../sirupsen/logrus/terminal_check_bsd.go | 2 +- .../sirupsen/logrus/terminal_check_unix.go | 2 + .../sirupsen/logrus/terminal_check_wasi.go | 8 ++ .../sirupsen/logrus/terminal_check_wasip1.go | 8 ++ .../sirupsen/logrus/text_formatter.go | 3 +- vendor/modules.txt | 4 +- 17 files changed, 210 insertions(+), 157 deletions(-) create mode 100644 vendor/github.com/sirupsen/logrus/terminal_check_wasi.go create mode 100644 vendor/github.com/sirupsen/logrus/terminal_check_wasip1.go diff --git a/go.mod b/go.mod index 7b833a35287..ff46d173e74 100644 --- a/go.mod +++ b/go.mod @@ -18,7 +18,7 @@ require ( github.com/opencontainers/runtime-spec v1.3.0 github.com/opencontainers/selinux v1.13.1 github.com/seccomp/libseccomp-golang v0.11.1 - github.com/sirupsen/logrus v1.9.3 + github.com/sirupsen/logrus v1.9.4 github.com/urfave/cli v1.22.17 github.com/vishvananda/netlink v1.3.1 github.com/vishvananda/netns v0.0.5 diff --git a/go.sum b/go.sum index 81b15a76472..f084d7993c1 100644 --- a/go.sum +++ b/go.sum @@ -60,13 +60,12 @@ github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/seccomp/libseccomp-golang v0.11.1 h1:wuk4ZjSx6kyQII4rj6G6fvVzRHQaSiPvccJazDagu4g= github.com/seccomp/libseccomp-golang v0.11.1/go.mod h1:5m1Lk8E9OwgZTTVz4bBOer7JuazaBa+xTkM895tDiWc= -github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= -github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= +github.com/sirupsen/logrus v1.9.4 h1:TsZE7l11zFCLZnZ+teH4Umoq5BhEIfIzfRDZ1Uzql2w= +github.com/sirupsen/logrus v1.9.4/go.mod h1:ftWc9WdOfJ0a92nsE2jF5u5ZwH8Bv2zdeOC42RjbV2g= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= -github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= @@ -83,7 +82,6 @@ golang.org/x/net v0.49.0 h1:eeHFmOGUTtaaPSGNmjBKpbng9MulQsJURQUAfUwY++o= golang.org/x/net v0.49.0/go.mod h1:/ysNB2EvaqvesRkuLAyjI1ycPZlQHM3q01F02UY/MV8= golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= diff --git a/vendor/github.com/sirupsen/logrus/.golangci.yml b/vendor/github.com/sirupsen/logrus/.golangci.yml index 65dc2850377..792db361813 100644 --- a/vendor/github.com/sirupsen/logrus/.golangci.yml +++ b/vendor/github.com/sirupsen/logrus/.golangci.yml @@ -1,40 +1,67 @@ +version: "2" run: - # do not run on test files yet tests: false - -# all available settings of specific linters -linters-settings: - errcheck: - # report about not checking of errors in type assetions: `a := b.(MyStruct)`; - # default is false: such cases aren't reported by default. - check-type-assertions: false - - # report about assignment of errors to blank identifier: `num, _ := strconv.Atoi(numStr)`; - # default is false: such cases aren't reported by default. - check-blank: false - - lll: - line-length: 100 - tab-width: 4 - - prealloc: - simple: false - range-loops: false - for-loops: false - - whitespace: - multi-if: false # Enforces newlines (or comments) after every multi-line if statement - multi-func: false # Enforces newlines (or comments) after every multi-line function signature - linters: enable: - - megacheck - - govet + - asasalint + - asciicheck + - bidichk + - bodyclose + - contextcheck + - durationcheck + - errchkjson + - errorlint + - exhaustive + - gocheckcompilerdirectives + - gochecksumtype + - gosec + - gosmopolitan + - loggercheck + - makezero + - musttag + - nilerr + - nilnesserr + - noctx + - protogetter + - reassign + - recvcheck + - rowserrcheck + - spancheck + - sqlclosecheck + - testifylint + - unparam + - zerologlint disable: - - maligned - prealloc - disable-all: false - presets: - - bugs - - unused - fast: false + settings: + errcheck: + check-type-assertions: false + check-blank: false + lll: + line-length: 100 + tab-width: 4 + prealloc: + simple: false + range-loops: false + for-loops: false + whitespace: + multi-if: false + multi-func: false + exclusions: + generated: lax + presets: + - comments + - common-false-positives + - legacy + - std-error-handling + paths: + - third_party$ + - builtin$ + - examples$ +formatters: + exclusions: + generated: lax + paths: + - third_party$ + - builtin$ + - examples$ diff --git a/vendor/github.com/sirupsen/logrus/CHANGELOG.md b/vendor/github.com/sirupsen/logrus/CHANGELOG.md index 7567f612898..098608ff4b4 100644 --- a/vendor/github.com/sirupsen/logrus/CHANGELOG.md +++ b/vendor/github.com/sirupsen/logrus/CHANGELOG.md @@ -37,7 +37,7 @@ Features: # 1.6.0 Fixes: * end of line cleanup - * revert the entry concurrency bug fix whic leads to deadlock under some circumstances + * revert the entry concurrency bug fix which leads to deadlock under some circumstances * update dependency on go-windows-terminal-sequences to fix a crash with go 1.14 Features: @@ -129,7 +129,7 @@ This new release introduces: which is mostly useful for logger wrapper * a fix reverting the immutability of the entry given as parameter to the hooks a new configuration field of the json formatter in order to put all the fields - in a nested dictionnary + in a nested dictionary * a new SetOutput method in the Logger * a new configuration of the textformatter to configure the name of the default keys * a new configuration of the text formatter to disable the level truncation diff --git a/vendor/github.com/sirupsen/logrus/README.md b/vendor/github.com/sirupsen/logrus/README.md index d1d4a85fd75..cc5dab7eb78 100644 --- a/vendor/github.com/sirupsen/logrus/README.md +++ b/vendor/github.com/sirupsen/logrus/README.md @@ -1,4 +1,4 @@ -# Logrus :walrus: [![Build Status](https://github.com/sirupsen/logrus/workflows/CI/badge.svg)](https://github.com/sirupsen/logrus/actions?query=workflow%3ACI) [![Build Status](https://travis-ci.org/sirupsen/logrus.svg?branch=master)](https://travis-ci.org/sirupsen/logrus) [![Go Reference](https://pkg.go.dev/badge/github.com/sirupsen/logrus.svg)](https://pkg.go.dev/github.com/sirupsen/logrus) +# Logrus :walrus: [![Build Status](https://github.com/sirupsen/logrus/workflows/CI/badge.svg)](https://github.com/sirupsen/logrus/actions?query=workflow%3ACI) [![Go Reference](https://pkg.go.dev/badge/github.com/sirupsen/logrus.svg)](https://pkg.go.dev/github.com/sirupsen/logrus) Logrus is a structured logger for Go (golang), completely API compatible with the standard library logger. @@ -40,7 +40,7 @@ plain text): ![Colored](http://i.imgur.com/PY7qMwd.png) -With `log.SetFormatter(&log.JSONFormatter{})`, for easy parsing by logstash +With `logrus.SetFormatter(&logrus.JSONFormatter{})`, for easy parsing by logstash or Splunk: ```text @@ -60,9 +60,9 @@ ocean","size":10,"time":"2014-03-10 19:57:38.562264131 -0400 EDT"} "time":"2014-03-10 19:57:38.562543128 -0400 EDT"} ``` -With the default `log.SetFormatter(&log.TextFormatter{})` when a TTY is not +With the default `logrus.SetFormatter(&logrus.TextFormatter{})` when a TTY is not attached, the output is compatible with the -[logfmt](http://godoc.org/github.com/kr/logfmt) format: +[logfmt](https://pkg.go.dev/github.com/kr/logfmt) format: ```text time="2015-03-26T01:27:38-04:00" level=debug msg="Started observing beach" animal=walrus number=8 @@ -75,17 +75,18 @@ time="2015-03-26T01:27:38-04:00" level=fatal msg="The ice breaks!" err=&{0x20822 To ensure this behaviour even if a TTY is attached, set your formatter as follows: ```go - log.SetFormatter(&log.TextFormatter{ - DisableColors: true, - FullTimestamp: true, - }) +logrus.SetFormatter(&logrus.TextFormatter{ + DisableColors: true, + FullTimestamp: true, +}) ``` #### Logging Method Name If you wish to add the calling method as a field, instruct the logger via: + ```go -log.SetReportCaller(true) +logrus.SetReportCaller(true) ``` This adds the caller as 'method' like so: @@ -100,11 +101,11 @@ time="2015-03-26T01:27:38-04:00" level=fatal method=github.com/sirupsen/arcticcr Note that this does add measurable overhead - the cost will depend on the version of Go, but is between 20 and 40% in recent tests with 1.6 and 1.7. You can validate this in your environment via benchmarks: -``` + +```bash go test -bench=.*CallerTracing ``` - #### Case-sensitivity The organization's name was changed to lower-case--and this will not be changed @@ -118,12 +119,10 @@ The simplest way to use Logrus is simply the package-level exported logger: ```go package main -import ( - log "github.com/sirupsen/logrus" -) +import "github.com/sirupsen/logrus" func main() { - log.WithFields(log.Fields{ + logrus.WithFields(logrus.Fields{ "animal": "walrus", }).Info("A walrus appears") } @@ -139,6 +138,7 @@ package main import ( "os" + log "github.com/sirupsen/logrus" ) @@ -190,26 +190,27 @@ package main import ( "os" + "github.com/sirupsen/logrus" ) // Create a new instance of the logger. You can have any number of instances. -var log = logrus.New() +var logger = logrus.New() func main() { // The API for setting attributes is a little different than the package level - // exported logger. See Godoc. - log.Out = os.Stdout + // exported logger. See Godoc. + logger.Out = os.Stdout // You could set this to any `io.Writer` such as a file // file, err := os.OpenFile("logrus.log", os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0666) // if err == nil { - // log.Out = file + // logger.Out = file // } else { - // log.Info("Failed to log to file, using default stderr") + // logger.Info("Failed to log to file, using default stderr") // } - log.WithFields(logrus.Fields{ + logger.WithFields(logrus.Fields{ "animal": "walrus", "size": 10, }).Info("A group of walrus emerges from the ocean") @@ -219,12 +220,12 @@ func main() { #### Fields Logrus encourages careful, structured logging through logging fields instead of -long, unparseable error messages. For example, instead of: `log.Fatalf("Failed +long, unparseable error messages. For example, instead of: `logrus.Fatalf("Failed to send event %s to topic %s with key %d")`, you should log the much more discoverable: ```go -log.WithFields(log.Fields{ +logrus.WithFields(logrus.Fields{ "event": event, "topic": topic, "key": key, @@ -245,12 +246,12 @@ seen as a hint you should add a field, however, you can still use the Often it's helpful to have fields _always_ attached to log statements in an application or parts of one. For example, you may want to always log the `request_id` and `user_ip` in the context of a request. Instead of writing -`log.WithFields(log.Fields{"request_id": request_id, "user_ip": user_ip})` on +`logger.WithFields(logrus.Fields{"request_id": request_id, "user_ip": user_ip})` on every line, you can create a `logrus.Entry` to pass around instead: ```go -requestLogger := log.WithFields(log.Fields{"request_id": request_id, "user_ip": user_ip}) -requestLogger.Info("something happened on that request") # will log request_id and user_ip +requestLogger := logger.WithFields(logrus.Fields{"request_id": request_id, "user_ip": user_ip}) +requestLogger.Info("something happened on that request") // will log request_id and user_ip requestLogger.Warn("something not great happened") ``` @@ -264,28 +265,31 @@ Logrus comes with [built-in hooks](hooks/). Add those, or your custom hook, in `init`: ```go +package main + import ( - log "github.com/sirupsen/logrus" - "gopkg.in/gemnasium/logrus-airbrake-hook.v2" // the package is named "airbrake" - logrus_syslog "github.com/sirupsen/logrus/hooks/syslog" "log/syslog" + + "github.com/sirupsen/logrus" + airbrake "gopkg.in/gemnasium/logrus-airbrake-hook.v2" + logrus_syslog "github.com/sirupsen/logrus/hooks/syslog" ) func init() { // Use the Airbrake hook to report errors that have Error severity or above to // an exception tracker. You can create custom hooks, see the Hooks section. - log.AddHook(airbrake.NewHook(123, "xyz", "production")) + logrus.AddHook(airbrake.NewHook(123, "xyz", "production")) hook, err := logrus_syslog.NewSyslogHook("udp", "localhost:514", syslog.LOG_INFO, "") if err != nil { - log.Error("Unable to connect to local syslog daemon") + logrus.Error("Unable to connect to local syslog daemon") } else { - log.AddHook(hook) + logrus.AddHook(hook) } } ``` -Note: Syslog hook also support connecting to local syslog (Ex. "/dev/log" or "/var/run/syslog" or "/var/run/log"). For the detail, please check the [syslog hook README](hooks/syslog/README.md). +Note: Syslog hooks also support connecting to local syslog (Ex. "/dev/log" or "/var/run/syslog" or "/var/run/log"). For the detail, please check the [syslog hook README](hooks/syslog/README.md). A list of currently known service hooks can be found in this wiki [page](https://github.com/sirupsen/logrus/wiki/Hooks) @@ -295,15 +299,15 @@ A list of currently known service hooks can be found in this wiki [page](https:/ Logrus has seven logging levels: Trace, Debug, Info, Warning, Error, Fatal and Panic. ```go -log.Trace("Something very low level.") -log.Debug("Useful debugging information.") -log.Info("Something noteworthy happened!") -log.Warn("You should probably take a look at this.") -log.Error("Something failed but I'm not quitting.") +logrus.Trace("Something very low level.") +logrus.Debug("Useful debugging information.") +logrus.Info("Something noteworthy happened!") +logrus.Warn("You should probably take a look at this.") +logrus.Error("Something failed but I'm not quitting.") // Calls os.Exit(1) after logging -log.Fatal("Bye.") +logrus.Fatal("Bye.") // Calls panic() after logging -log.Panic("I'm bailing.") +logrus.Panic("I'm bailing.") ``` You can set the logging level on a `Logger`, then it will only log entries with @@ -311,13 +315,13 @@ that severity or anything above it: ```go // Will log anything that is info or above (warn, error, fatal, panic). Default. -log.SetLevel(log.InfoLevel) +logrus.SetLevel(logrus.InfoLevel) ``` -It may be useful to set `log.Level = logrus.DebugLevel` in a debug or verbose +It may be useful to set `logrus.Level = logrus.DebugLevel` in a debug or verbose environment if your application has that. -Note: If you want different log levels for global (`log.SetLevel(...)`) and syslog logging, please check the [syslog hook README](hooks/syslog/README.md#different-log-levels-for-local-and-remote-logging). +Note: If you want different log levels for global (`logrus.SetLevel(...)`) and syslog logging, please check the [syslog hook README](hooks/syslog/README.md#different-log-levels-for-local-and-remote-logging). #### Entries @@ -340,17 +344,17 @@ could do: ```go import ( - log "github.com/sirupsen/logrus" + "github.com/sirupsen/logrus" ) func init() { // do something here to set environment depending on an environment variable // or command-line flag if Environment == "production" { - log.SetFormatter(&log.JSONFormatter{}) + logrus.SetFormatter(&logrus.JSONFormatter{}) } else { // The TextFormatter is default, you don't actually have to do this. - log.SetFormatter(&log.TextFormatter{}) + logrus.SetFormatter(&logrus.TextFormatter{}) } } ``` @@ -372,11 +376,11 @@ The built-in logging formatters are: * When colors are enabled, levels are truncated to 4 characters by default. To disable truncation set the `DisableLevelTruncation` field to `true`. * When outputting to a TTY, it's often helpful to visually scan down a column where all the levels are the same width. Setting the `PadLevelText` field to `true` enables this behavior, by adding padding to the level text. - * All options are listed in the [generated docs](https://godoc.org/github.com/sirupsen/logrus#TextFormatter). + * All options are listed in the [generated docs](https://pkg.go.dev/github.com/sirupsen/logrus#TextFormatter). * `logrus.JSONFormatter`. Logs fields as JSON. - * All options are listed in the [generated docs](https://godoc.org/github.com/sirupsen/logrus#JSONFormatter). + * All options are listed in the [generated docs](https://pkg.go.dev/github.com/sirupsen/logrus#JSONFormatter). -Third party logging formatters: +Third-party logging formatters: * [`FluentdFormatter`](https://github.com/joonix/log). Formats entries that can be parsed by Kubernetes and Google Container Engine. * [`GELF`](https://github.com/fabienm/go-logrus-formatters). Formats entries so they comply to Graylog's [GELF 1.1 specification](http://docs.graylog.org/en/2.4/pages/gelf.html). @@ -384,7 +388,7 @@ Third party logging formatters: * [`prefixed`](https://github.com/x-cray/logrus-prefixed-formatter). Displays log entry source along with alternative layout. * [`zalgo`](https://github.com/aybabtme/logzalgo). Invoking the Power of Zalgo. * [`nested-logrus-formatter`](https://github.com/antonfisher/nested-logrus-formatter). Converts logrus fields to a nested structure. -* [`powerful-logrus-formatter`](https://github.com/zput/zxcTool). get fileName, log's line number and the latest function's name when print log; Sava log to files. +* [`powerful-logrus-formatter`](https://github.com/zput/zxcTool). get fileName, log's line number and the latest function's name when print log; Save log to files. * [`caption-json-formatter`](https://github.com/nolleh/caption_json_formatter). logrus's message json formatter with human-readable caption added. You can define your formatter by implementing the `Formatter` interface, @@ -393,10 +397,9 @@ requiring a `Format` method. `Format` takes an `*Entry`. `entry.Data` is a default ones (see Entries section above): ```go -type MyJSONFormatter struct { -} +type MyJSONFormatter struct{} -log.SetFormatter(new(MyJSONFormatter)) +logrus.SetFormatter(new(MyJSONFormatter)) func (f *MyJSONFormatter) Format(entry *Entry) ([]byte, error) { // Note this doesn't include Time, Level and Message which are available on @@ -455,17 +458,18 @@ entries. It should not be a feature of the application-level logger. #### Testing -Logrus has a built in facility for asserting the presence of log messages. This is implemented through the `test` hook and provides: +Logrus has a built-in facility for asserting the presence of log messages. This is implemented through the `test` hook and provides: * decorators for existing logger (`test.NewLocal` and `test.NewGlobal`) which basically just adds the `test` hook * a test logger (`test.NewNullLogger`) that just records log messages (and does not output any): ```go import( + "testing" + "github.com/sirupsen/logrus" "github.com/sirupsen/logrus/hooks/test" "github.com/stretchr/testify/assert" - "testing" ) func TestSomething(t*testing.T){ @@ -486,15 +490,15 @@ func TestSomething(t*testing.T){ Logrus can register one or more functions that will be called when any `fatal` level message is logged. The registered handlers will be executed before logrus performs an `os.Exit(1)`. This behavior may be helpful if callers need -to gracefully shutdown. Unlike a `panic("Something went wrong...")` call which can be intercepted with a deferred `recover` a call to `os.Exit(1)` can not be intercepted. +to gracefully shut down. Unlike a `panic("Something went wrong...")` call which can be intercepted with a deferred `recover` a call to `os.Exit(1)` can not be intercepted. -``` -... +```go +// ... handler := func() { - // gracefully shutdown something... + // gracefully shut down something... } logrus.RegisterExitHandler(handler) -... +// ... ``` #### Thread safety @@ -502,7 +506,7 @@ logrus.RegisterExitHandler(handler) By default, Logger is protected by a mutex for concurrent writes. The mutex is held when calling hooks and writing logs. If you are sure such locking is not needed, you can call logger.SetNoLock() to disable the locking. -Situation when locking is not needed includes: +Situations when locking is not needed include: * You have no hooks registered, or hooks calling is already thread-safe. diff --git a/vendor/github.com/sirupsen/logrus/appveyor.yml b/vendor/github.com/sirupsen/logrus/appveyor.yml index df9d65c3a5b..e90f09ea68c 100644 --- a/vendor/github.com/sirupsen/logrus/appveyor.yml +++ b/vendor/github.com/sirupsen/logrus/appveyor.yml @@ -1,14 +1,12 @@ -version: "{build}" +# Minimal stub to satisfy AppVeyor CI +version: 1.0.{build} platform: x64 -clone_folder: c:\gopath\src\github.com\sirupsen\logrus -environment: - GOPATH: c:\gopath +shallow_clone: true + branches: only: - master -install: - - set PATH=%GOPATH%\bin;c:\go\bin;%PATH% - - go version + - main + build_script: - - go get -t - - go test + - echo "No-op build to satisfy AppVeyor CI" diff --git a/vendor/github.com/sirupsen/logrus/entry.go b/vendor/github.com/sirupsen/logrus/entry.go index 71cdbbc35d2..71d796d0b13 100644 --- a/vendor/github.com/sirupsen/logrus/entry.go +++ b/vendor/github.com/sirupsen/logrus/entry.go @@ -34,13 +34,15 @@ func init() { minimumCallerDepth = 1 } -// Defines the key when adding errors using WithError. +// ErrorKey defines the key when adding errors using [WithError], [Logger.WithError]. var ErrorKey = "error" -// An entry is the final or intermediate Logrus logging entry. It contains all +// Entry is the final or intermediate Logrus logging entry. It contains all // the fields passed with WithField{,s}. It's finally logged when Trace, Debug, // Info, Warn, Error, Fatal or Panic is called on it. These objects can be // reused and passed around as much as you wish to avoid field duplication. +// +//nolint:recvcheck // the methods of "Entry" use pointer receiver and non-pointer receiver. type Entry struct { Logger *Logger @@ -86,12 +88,12 @@ func (entry *Entry) Dup() *Entry { return &Entry{Logger: entry.Logger, Data: data, Time: entry.Time, Context: entry.Context, err: entry.err} } -// Returns the bytes representation of this entry from the formatter. +// Bytes returns the bytes representation of this entry from the formatter. func (entry *Entry) Bytes() ([]byte, error) { return entry.Logger.Formatter.Format(entry) } -// Returns the string representation from the reader and ultimately the +// String returns the string representation from the reader and ultimately the // formatter. func (entry *Entry) String() (string, error) { serialized, err := entry.Bytes() @@ -102,12 +104,13 @@ func (entry *Entry) String() (string, error) { return str, nil } -// Add an error as single field (using the key defined in ErrorKey) to the Entry. +// WithError adds an error as single field (using the key defined in [ErrorKey]) +// to the Entry. func (entry *Entry) WithError(err error) *Entry { return entry.WithField(ErrorKey, err) } -// Add a context to the Entry. +// WithContext adds a context to the Entry. func (entry *Entry) WithContext(ctx context.Context) *Entry { dataCopy := make(Fields, len(entry.Data)) for k, v := range entry.Data { @@ -116,12 +119,12 @@ func (entry *Entry) WithContext(ctx context.Context) *Entry { return &Entry{Logger: entry.Logger, Data: dataCopy, Time: entry.Time, err: entry.err, Context: ctx} } -// Add a single field to the Entry. +// WithField adds a single field to the Entry. func (entry *Entry) WithField(key string, value interface{}) *Entry { return entry.WithFields(Fields{key: value}) } -// Add a map of fields to the Entry. +// WithFields adds a map of fields to the Entry. func (entry *Entry) WithFields(fields Fields) *Entry { data := make(Fields, len(entry.Data)+len(fields)) for k, v := range entry.Data { @@ -150,7 +153,7 @@ func (entry *Entry) WithFields(fields Fields) *Entry { return &Entry{Logger: entry.Logger, Data: data, Time: entry.Time, err: fieldErr, Context: entry.Context} } -// Overrides the time of the Entry. +// WithTime overrides the time of the Entry. func (entry *Entry) WithTime(t time.Time) *Entry { dataCopy := make(Fields, len(entry.Data)) for k, v := range entry.Data { @@ -204,7 +207,7 @@ func getCaller() *runtime.Frame { // If the caller isn't part of this package, we're done if pkg != logrusPackage { - return &f //nolint:scopelint + return &f } } @@ -432,7 +435,7 @@ func (entry *Entry) Panicln(args ...interface{}) { entry.Logln(PanicLevel, args...) } -// Sprintlnn => Sprint no newline. This is to get the behavior of how +// sprintlnn => Sprint no newline. This is to get the behavior of how // fmt.Sprintln where spaces are always added between operands, regardless of // their type. Instead of vendoring the Sprintln implementation to spare a // string allocation, we do the simplest thing. diff --git a/vendor/github.com/sirupsen/logrus/hooks.go b/vendor/github.com/sirupsen/logrus/hooks.go index 3f151cdc392..9ab978a4578 100644 --- a/vendor/github.com/sirupsen/logrus/hooks.go +++ b/vendor/github.com/sirupsen/logrus/hooks.go @@ -1,16 +1,16 @@ package logrus -// A hook to be fired when logging on the logging levels returned from -// `Levels()` on your implementation of the interface. Note that this is not +// Hook describes hooks to be fired when logging on the logging levels returned from +// [Hook.Levels] on your implementation of the interface. Note that this is not // fired in a goroutine or a channel with workers, you should handle such -// functionality yourself if your call is non-blocking and you don't wish for +// functionality yourself if your call is non-blocking, and you don't wish for // the logging calls for levels returned from `Levels()` to block. type Hook interface { Levels() []Level Fire(*Entry) error } -// Internal type for storing the hooks on a logger instance. +// LevelHooks is an internal type for storing the hooks on a logger instance. type LevelHooks map[Level][]Hook // Add a hook to an instance of logger. This is called with diff --git a/vendor/github.com/sirupsen/logrus/hooks/test/test.go b/vendor/github.com/sirupsen/logrus/hooks/test/test.go index 046f0bf6cf2..4b4d1f1a558 100644 --- a/vendor/github.com/sirupsen/logrus/hooks/test/test.go +++ b/vendor/github.com/sirupsen/logrus/hooks/test/test.go @@ -3,7 +3,7 @@ package test import ( - "io/ioutil" + "io" "sync" "github.com/sirupsen/logrus" @@ -42,7 +42,7 @@ func NewLocal(logger *logrus.Logger) *Hook { func NewNullLogger() (*logrus.Logger, *Hook) { logger := logrus.New() - logger.Out = ioutil.Discard + logger.Out = io.Discard return logger, NewLocal(logger) diff --git a/vendor/github.com/sirupsen/logrus/logger.go b/vendor/github.com/sirupsen/logrus/logger.go index 5ff0aef6d3f..f5b8c439ee8 100644 --- a/vendor/github.com/sirupsen/logrus/logger.go +++ b/vendor/github.com/sirupsen/logrus/logger.go @@ -72,16 +72,16 @@ func (mw *MutexWrap) Disable() { mw.disabled = true } -// Creates a new logger. Configuration should be set by changing `Formatter`, -// `Out` and `Hooks` directly on the default logger instance. You can also just +// New Creates a new logger. Configuration should be set by changing [Formatter], +// Out and Hooks directly on the default Logger instance. You can also just // instantiate your own: // -// var log = &logrus.Logger{ -// Out: os.Stderr, -// Formatter: new(logrus.TextFormatter), -// Hooks: make(logrus.LevelHooks), -// Level: logrus.DebugLevel, -// } +// var log = &logrus.Logger{ +// Out: os.Stderr, +// Formatter: new(logrus.TextFormatter), +// Hooks: make(logrus.LevelHooks), +// Level: logrus.DebugLevel, +// } // // It's recommended to make this a global instance called `log`. func New() *Logger { @@ -118,30 +118,30 @@ func (logger *Logger) WithField(key string, value interface{}) *Entry { return entry.WithField(key, value) } -// Adds a struct of fields to the log entry. All it does is call `WithField` for -// each `Field`. +// WithFields adds a struct of fields to the log entry. It calls [Entry.WithField] +// for each Field. func (logger *Logger) WithFields(fields Fields) *Entry { entry := logger.newEntry() defer logger.releaseEntry(entry) return entry.WithFields(fields) } -// Add an error as single field to the log entry. All it does is call -// `WithError` for the given `error`. +// WithError adds an error as single field to the log entry. It calls +// [Entry.WithError] for the given error. func (logger *Logger) WithError(err error) *Entry { entry := logger.newEntry() defer logger.releaseEntry(entry) return entry.WithError(err) } -// Add a context to the log entry. +// WithContext add a context to the log entry. func (logger *Logger) WithContext(ctx context.Context) *Entry { entry := logger.newEntry() defer logger.releaseEntry(entry) return entry.WithContext(ctx) } -// Overrides the time of the log entry. +// WithTime overrides the time of the log entry. func (logger *Logger) WithTime(t time.Time) *Entry { entry := logger.newEntry() defer logger.releaseEntry(entry) @@ -347,9 +347,9 @@ func (logger *Logger) Exit(code int) { logger.ExitFunc(code) } -//When file is opened with appending mode, it's safe to -//write concurrently to a file (within 4k message on Linux). -//In these cases user can choose to disable the lock. +// SetNoLock disables the lock for situations where a file is opened with +// appending mode, and safe for concurrent writes to the file (within 4k +// message on Linux). In these cases user can choose to disable the lock. func (logger *Logger) SetNoLock() { logger.mu.Disable() } diff --git a/vendor/github.com/sirupsen/logrus/logrus.go b/vendor/github.com/sirupsen/logrus/logrus.go index 2f16224cb9f..37fc4fef85a 100644 --- a/vendor/github.com/sirupsen/logrus/logrus.go +++ b/vendor/github.com/sirupsen/logrus/logrus.go @@ -6,13 +6,15 @@ import ( "strings" ) -// Fields type, used to pass to `WithFields`. +// Fields type, used to pass to [WithFields]. type Fields map[string]interface{} // Level type +// +//nolint:recvcheck // the methods of "Entry" use pointer receiver and non-pointer receiver. type Level uint32 -// Convert the Level to a string. E.g. PanicLevel becomes "panic". +// Convert the Level to a string. E.g. [PanicLevel] becomes "panic". func (level Level) String() string { if b, err := level.MarshalText(); err == nil { return string(b) @@ -77,7 +79,7 @@ func (level Level) MarshalText() ([]byte, error) { return nil, fmt.Errorf("not a valid logrus level %d", level) } -// A constant exposing all logging levels +// AllLevels exposing all logging levels. var AllLevels = []Level{ PanicLevel, FatalLevel, @@ -119,8 +121,8 @@ var ( ) // StdLogger is what your logrus-enabled library should take, that way -// it'll accept a stdlib logger and a logrus logger. There's no standard -// interface, this is the closest we get, unfortunately. +// it'll accept a stdlib logger ([log.Logger]) and a logrus logger. +// There's no standard interface, so this is the closest we get, unfortunately. type StdLogger interface { Print(...interface{}) Printf(string, ...interface{}) @@ -135,7 +137,8 @@ type StdLogger interface { Panicln(...interface{}) } -// The FieldLogger interface generalizes the Entry and Logger types +// FieldLogger extends the [StdLogger] interface, generalizing +// the [Entry] and [Logger] types. type FieldLogger interface { WithField(key string, value interface{}) *Entry WithFields(fields Fields) *Entry @@ -176,8 +179,9 @@ type FieldLogger interface { // IsPanicEnabled() bool } -// Ext1FieldLogger (the first extension to FieldLogger) is superfluous, it is -// here for consistancy. Do not use. Use Logger or Entry instead. +// Ext1FieldLogger (the first extension to [FieldLogger]) is superfluous, it is +// here for consistency. Do not use. Use [FieldLogger], [Logger] or [Entry] +// instead. type Ext1FieldLogger interface { FieldLogger Tracef(format string, args ...interface{}) diff --git a/vendor/github.com/sirupsen/logrus/terminal_check_bsd.go b/vendor/github.com/sirupsen/logrus/terminal_check_bsd.go index 499789984d2..69956b425a1 100644 --- a/vendor/github.com/sirupsen/logrus/terminal_check_bsd.go +++ b/vendor/github.com/sirupsen/logrus/terminal_check_bsd.go @@ -1,4 +1,4 @@ -// +build darwin dragonfly freebsd netbsd openbsd +// +build darwin dragonfly freebsd netbsd openbsd hurd // +build !js package logrus diff --git a/vendor/github.com/sirupsen/logrus/terminal_check_unix.go b/vendor/github.com/sirupsen/logrus/terminal_check_unix.go index 04748b8515f..c9aed267a4c 100644 --- a/vendor/github.com/sirupsen/logrus/terminal_check_unix.go +++ b/vendor/github.com/sirupsen/logrus/terminal_check_unix.go @@ -1,5 +1,7 @@ +//go:build (linux || aix || zos) && !js && !wasi // +build linux aix zos // +build !js +// +build !wasi package logrus diff --git a/vendor/github.com/sirupsen/logrus/terminal_check_wasi.go b/vendor/github.com/sirupsen/logrus/terminal_check_wasi.go new file mode 100644 index 00000000000..2822b212fbf --- /dev/null +++ b/vendor/github.com/sirupsen/logrus/terminal_check_wasi.go @@ -0,0 +1,8 @@ +//go:build wasi +// +build wasi + +package logrus + +func isTerminal(fd int) bool { + return false +} diff --git a/vendor/github.com/sirupsen/logrus/terminal_check_wasip1.go b/vendor/github.com/sirupsen/logrus/terminal_check_wasip1.go new file mode 100644 index 00000000000..108a6be12b1 --- /dev/null +++ b/vendor/github.com/sirupsen/logrus/terminal_check_wasip1.go @@ -0,0 +1,8 @@ +//go:build wasip1 +// +build wasip1 + +package logrus + +func isTerminal(fd int) bool { + return false +} diff --git a/vendor/github.com/sirupsen/logrus/text_formatter.go b/vendor/github.com/sirupsen/logrus/text_formatter.go index be2c6efe5ed..6dfeb18b10e 100644 --- a/vendor/github.com/sirupsen/logrus/text_formatter.go +++ b/vendor/github.com/sirupsen/logrus/text_formatter.go @@ -306,6 +306,7 @@ func (f *TextFormatter) needsQuoting(text string) bool { return false } for _, ch := range text { + //nolint:staticcheck // QF1001: could apply De Morgan's law if !((ch >= 'a' && ch <= 'z') || (ch >= 'A' && ch <= 'Z') || (ch >= '0' && ch <= '9') || @@ -334,6 +335,6 @@ func (f *TextFormatter) appendValue(b *bytes.Buffer, value interface{}) { if !f.needsQuoting(stringVal) { b.WriteString(stringVal) } else { - b.WriteString(fmt.Sprintf("%q", stringVal)) + fmt.Fprintf(b, "%q", stringVal) } } diff --git a/vendor/modules.txt b/vendor/modules.txt index 5b36afc814f..b0a6a1e7cd7 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -93,8 +93,8 @@ github.com/russross/blackfriday/v2 # github.com/seccomp/libseccomp-golang v0.11.1 ## explicit; go 1.19 github.com/seccomp/libseccomp-golang -# github.com/sirupsen/logrus v1.9.3 -## explicit; go 1.13 +# github.com/sirupsen/logrus v1.9.4 +## explicit; go 1.17 github.com/sirupsen/logrus github.com/sirupsen/logrus/hooks/test # github.com/urfave/cli v1.22.17 From 2088e000eb7976f767e032a72f4bc9a54af25c28 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 26 Jan 2026 14:14:27 -0800 Subject: [PATCH 1173/1176] libct/configs: Id -> ID Rename a function parameter (containerId -> containerID) to avoid a linter warning: > var-naming: method parameter containerId should be containerID (revive) In many other places, including config.json (.linux.uidMappings and .gidMappings) it is already called containerID, so let's rename. Signed-off-by: Kir Kolyshkin --- libcontainer/configs/config_linux.go | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/libcontainer/configs/config_linux.go b/libcontainer/configs/config_linux.go index e401f5331b4..4c36af160e1 100644 --- a/libcontainer/configs/config_linux.go +++ b/libcontainer/configs/config_linux.go @@ -26,26 +26,26 @@ type LinuxPersonality struct { // HostUID gets the translated uid for the process on host which could be // different when user namespaces are enabled. -func (c Config) HostUID(containerId int) (int, error) { +func (c Config) HostUID(containerID int) (int, error) { if c.Namespaces.Contains(NEWUSER) { if len(c.UIDMappings) == 0 { return -1, errNoUIDMap } - id, found := c.hostIDFromMapping(int64(containerId), c.UIDMappings) + id, found := c.hostIDFromMapping(int64(containerID), c.UIDMappings) if !found { - return -1, fmt.Errorf("user namespaces enabled, but no mapping found for uid %d", containerId) + return -1, fmt.Errorf("user namespaces enabled, but no mapping found for uid %d", containerID) } // If we are a 32-bit binary running on a 64-bit system, it's possible // the mapped user is too large to store in an int, which means we // cannot do the mapping. We can't just return an int64, because // os.Setuid() takes an int. if id > math.MaxInt { - return -1, fmt.Errorf("mapping for uid %d (host id %d) is larger than native integer size (%d)", containerId, id, math.MaxInt) + return -1, fmt.Errorf("mapping for uid %d (host id %d) is larger than native integer size (%d)", containerID, id, math.MaxInt) } return int(id), nil } // Return unchanged id. - return containerId, nil + return containerID, nil } // HostRootUID gets the root uid for the process on host which could be non-zero @@ -56,26 +56,26 @@ func (c Config) HostRootUID() (int, error) { // HostGID gets the translated gid for the process on host which could be // different when user namespaces are enabled. -func (c Config) HostGID(containerId int) (int, error) { +func (c Config) HostGID(containerID int) (int, error) { if c.Namespaces.Contains(NEWUSER) { if len(c.GIDMappings) == 0 { return -1, errNoGIDMap } - id, found := c.hostIDFromMapping(int64(containerId), c.GIDMappings) + id, found := c.hostIDFromMapping(int64(containerID), c.GIDMappings) if !found { - return -1, fmt.Errorf("user namespaces enabled, but no mapping found for gid %d", containerId) + return -1, fmt.Errorf("user namespaces enabled, but no mapping found for gid %d", containerID) } // If we are a 32-bit binary running on a 64-bit system, it's possible // the mapped user is too large to store in an int, which means we // cannot do the mapping. We can't just return an int64, because // os.Setgid() takes an int. if id > math.MaxInt { - return -1, fmt.Errorf("mapping for gid %d (host id %d) is larger than native integer size (%d)", containerId, id, math.MaxInt) + return -1, fmt.Errorf("mapping for gid %d (host id %d) is larger than native integer size (%d)", containerID, id, math.MaxInt) } return int(id), nil } // Return unchanged id. - return containerId, nil + return containerID, nil } // HostRootGID gets the root gid for the process on host which could be non-zero From 6cd91f665e18c5062faa2c595056eef650c1208f Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 19 Jan 2026 16:21:58 -0800 Subject: [PATCH 1174/1176] libct/configs: use pointers for Config methods The Config type is quite big (currently 554 bytes on a 64 bit Linux) and using non-pointer receivers in its methods results in copying which is totally unnecessary. Change the methods to use pointer receivers. Signed-off-by: Kir Kolyshkin --- libcontainer/configs/config_linux.go | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/libcontainer/configs/config_linux.go b/libcontainer/configs/config_linux.go index 4c36af160e1..0e58bdc15de 100644 --- a/libcontainer/configs/config_linux.go +++ b/libcontainer/configs/config_linux.go @@ -26,7 +26,7 @@ type LinuxPersonality struct { // HostUID gets the translated uid for the process on host which could be // different when user namespaces are enabled. -func (c Config) HostUID(containerID int) (int, error) { +func (c *Config) HostUID(containerID int) (int, error) { if c.Namespaces.Contains(NEWUSER) { if len(c.UIDMappings) == 0 { return -1, errNoUIDMap @@ -50,13 +50,13 @@ func (c Config) HostUID(containerID int) (int, error) { // HostRootUID gets the root uid for the process on host which could be non-zero // when user namespaces are enabled. -func (c Config) HostRootUID() (int, error) { +func (c *Config) HostRootUID() (int, error) { return c.HostUID(0) } // HostGID gets the translated gid for the process on host which could be // different when user namespaces are enabled. -func (c Config) HostGID(containerID int) (int, error) { +func (c *Config) HostGID(containerID int) (int, error) { if c.Namespaces.Contains(NEWUSER) { if len(c.GIDMappings) == 0 { return -1, errNoGIDMap @@ -80,13 +80,13 @@ func (c Config) HostGID(containerID int) (int, error) { // HostRootGID gets the root gid for the process on host which could be non-zero // when user namespaces are enabled. -func (c Config) HostRootGID() (int, error) { +func (c *Config) HostRootGID() (int, error) { return c.HostGID(0) } // Utility function that gets a host ID for a container ID from user namespace map // if that ID is present in the map. -func (c Config) hostIDFromMapping(containerID int64, uMap []IDMap) (int64, bool) { +func (c *Config) hostIDFromMapping(containerID int64, uMap []IDMap) (int64, bool) { for _, m := range uMap { if (containerID >= m.ContainerID) && (containerID <= (m.ContainerID + m.Size - 1)) { hostID := m.HostID + (containerID - m.ContainerID) From 593ac3b7d90eae71b3ce399d3f168a03fed8dda2 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 19 Jan 2026 16:26:24 -0800 Subject: [PATCH 1175/1176] libct: use pointers for Process methods The Process type is quite big (currently 368 bytes on a 64 bit Linux) and using non-pointer receivers in its methods results in copying which is totally unnecessary. Change the methods to use pointer receivers. Signed-off-by: Kir Kolyshkin --- libcontainer/process.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libcontainer/process.go b/libcontainer/process.go index 7fca1febce5..25cabbe13eb 100644 --- a/libcontainer/process.go +++ b/libcontainer/process.go @@ -127,7 +127,7 @@ type Process struct { // Wait waits for the process to exit. // Wait releases any resources associated with the Process -func (p Process) Wait() (*os.ProcessState, error) { +func (p *Process) Wait() (*os.ProcessState, error) { if p.ops == nil { return nil, errInvalidProcess } @@ -135,7 +135,7 @@ func (p Process) Wait() (*os.ProcessState, error) { } // Pid returns the process ID -func (p Process) Pid() (int, error) { +func (p *Process) Pid() (int, error) { // math.MinInt32 is returned here, because it's invalid value // for the kill() system call. if p.ops == nil { @@ -145,7 +145,7 @@ func (p Process) Pid() (int, error) { } // Signal sends a signal to the Process. -func (p Process) Signal(sig os.Signal) error { +func (p *Process) Signal(sig os.Signal) error { if p.ops == nil { return errInvalidProcess } From 9abc1824f265cd6b046dd4f6d4bc91a1d9c69c24 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 28 Jan 2026 04:52:18 +0000 Subject: [PATCH 1176/1176] build(deps): bump github.com/coreos/go-systemd/v22 from 22.6.0 to 22.7.0 Bumps [github.com/coreos/go-systemd/v22](https://github.com/coreos/go-systemd) from 22.6.0 to 22.7.0. - [Release notes](https://github.com/coreos/go-systemd/releases) - [Commits](https://github.com/coreos/go-systemd/compare/v22.6.0...v22.7.0) --- updated-dependencies: - dependency-name: github.com/coreos/go-systemd/v22 dependency-version: 22.7.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 +- .../coreos/go-systemd/v22/dbus/dbus.go | 4 +- .../coreos/go-systemd/v22/dbus/methods.go | 231 ++++-------------- .../coreos/go-systemd/v22/dbus/set.go | 17 +- .../go-systemd/v22/dbus/subscription.go | 32 ++- .../go-systemd/v22/dbus/subscription_set.go | 12 +- vendor/modules.txt | 2 +- 8 files changed, 101 insertions(+), 203 deletions(-) diff --git a/go.mod b/go.mod index ff46d173e74..0d2d5e664ab 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.24.0 require ( github.com/checkpoint-restore/go-criu/v7 v7.2.0 github.com/containerd/console v1.0.5 - github.com/coreos/go-systemd/v22 v22.6.0 + github.com/coreos/go-systemd/v22 v22.7.0 github.com/cyphar/filepath-securejoin v0.6.1 github.com/docker/go-units v0.5.0 github.com/godbus/dbus/v5 v5.2.2 diff --git a/go.sum b/go.sum index f084d7993c1..ef30130bda7 100644 --- a/go.sum +++ b/go.sum @@ -7,8 +7,8 @@ github.com/cilium/ebpf v0.17.3 h1:FnP4r16PWYSE4ux6zN+//jMcW4nMVRvuTLVTvCjyyjg= github.com/cilium/ebpf v0.17.3/go.mod h1:G5EDHij8yiLzaqn0WjyfJHvRa+3aDlReIaLVRMvOyJk= github.com/containerd/console v1.0.5 h1:R0ymNeydRqH2DmakFNdmjR2k0t7UPuiOV/N/27/qqsc= github.com/containerd/console v1.0.5/go.mod h1:YynlIjWYF8myEu6sdkwKIvGQq+cOckRm6So2avqoYAk= -github.com/coreos/go-systemd/v22 v22.6.0 h1:aGVa/v8B7hpb0TKl0MWoAavPDmHvobFe5R5zn0bCJWo= -github.com/coreos/go-systemd/v22 v22.6.0/go.mod h1:iG+pp635Fo7ZmV/j14KUcmEyWF+0X7Lua8rrTWzYgWU= +github.com/coreos/go-systemd/v22 v22.7.0 h1:LAEzFkke61DFROc7zNLX/WA2i5J8gYqe0rSj9KI28KA= +github.com/coreos/go-systemd/v22 v22.7.0/go.mod h1:xNUYtjHu2EDXbsxz1i41wouACIwT7Ybq9o0BQhMwD0w= github.com/cpuguy83/go-md2man/v2 v2.0.7 h1:zbFlGlXEAKlwXpmvle3d8Oe3YnkKIK4xSRTd3sHPnBo= github.com/cpuguy83/go-md2man/v2 v2.0.7/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g= github.com/cyphar/filepath-securejoin v0.6.1 h1:5CeZ1jPXEiYt3+Z6zqprSAgSWiggmpVyciv8syjIpVE= diff --git a/vendor/github.com/coreos/go-systemd/v22/dbus/dbus.go b/vendor/github.com/coreos/go-systemd/v22/dbus/dbus.go index 22ce8f1df18..e966c156d44 100644 --- a/vendor/github.com/coreos/go-systemd/v22/dbus/dbus.go +++ b/vendor/github.com/coreos/go-systemd/v22/dbus/dbus.go @@ -95,7 +95,7 @@ type Conn struct { sigobj dbus.BusObject jobListener struct { - jobs map[dbus.ObjectPath]chan<- string + jobs map[dbus.ObjectPath][]chan<- string sync.Mutex } subStateSubscriber struct { @@ -207,7 +207,7 @@ func NewConnection(dialBus func() (*dbus.Conn, error)) (*Conn, error) { } c.subStateSubscriber.ignore = make(map[dbus.ObjectPath]int64) - c.jobListener.jobs = make(map[dbus.ObjectPath]chan<- string) + c.jobListener.jobs = make(map[dbus.ObjectPath][]chan<- string) // Setup the listeners on jobs so that we can get completions c.sigconn.BusObject().Call("org.freedesktop.DBus.AddMatch", 0, diff --git a/vendor/github.com/coreos/go-systemd/v22/dbus/methods.go b/vendor/github.com/coreos/go-systemd/v22/dbus/methods.go index a64f0b3eae7..490248b8611 100644 --- a/vendor/github.com/coreos/go-systemd/v22/dbus/methods.go +++ b/vendor/github.com/coreos/go-systemd/v22/dbus/methods.go @@ -24,7 +24,7 @@ import ( "github.com/godbus/dbus/v5" ) -// Who specifies which process to send a signal to via the [KillUnitWithTarget]. +// Who specifies which process to send a signal to via the [Conn.KillUnitWithTarget]. type Who string const ( @@ -44,11 +44,10 @@ func (c *Conn) jobComplete(signal *dbus.Signal) { _ = dbus.Store(signal.Body, &id, &job, &unit, &result) c.jobListener.Lock() - out, ok := c.jobListener.jobs[job] - if ok { + for _, out := range c.jobListener.jobs[job] { out <- result - delete(c.jobListener.jobs, job) } + delete(c.jobListener.jobs, job) c.jobListener.Unlock() } @@ -65,7 +64,7 @@ func (c *Conn) startJob(ctx context.Context, ch chan<- string, job string, args } if ch != nil { - c.jobListener.jobs[p] = ch + c.jobListener.jobs[p] = append(c.jobListener.jobs[p], ch) } // ignore error since 0 is fine if conversion fails @@ -194,10 +193,16 @@ func (c *Conn) StartTransientUnit(name string, mode string, properties []Propert // unique. mode is the same as in StartUnitContext, properties contains properties // of the unit. func (c *Conn) StartTransientUnitContext(ctx context.Context, name string, mode string, properties []Property, ch chan<- string) (int, error) { - return c.startJob(ctx, ch, "org.freedesktop.systemd1.Manager.StartTransientUnit", name, mode, properties, make([]PropertyCollection, 0)) + return c.StartTransientUnitAux(ctx, name, mode, properties, make([]PropertyCollection, 0), ch) } -// Deprecated: use [KillUnitWithTarget] instead. +// StartTransientUnitAux is the same as StartTransientUnitContext but allows passing +// auxiliary units in the aux parameter. +func (c *Conn) StartTransientUnitAux(ctx context.Context, name string, mode string, properties []Property, aux []PropertyCollection, ch chan<- string) (int, error) { + return c.startJob(ctx, ch, "org.freedesktop.systemd1.Manager.StartTransientUnit", name, mode, properties, aux) +} + +// Deprecated: use [Conn.KillUnitWithTarget] instead. func (c *Conn) KillUnit(name string, signal int32) { c.KillUnitContext(context.Background(), name, signal) } @@ -205,7 +210,7 @@ func (c *Conn) KillUnit(name string, signal int32) { // KillUnitContext takes the unit name and a UNIX signal number to send. // All of the unit's processes are killed. // -// Deprecated: use [KillUnitWithTarget] instead, with target argument set to [All]. +// Deprecated: use [Conn.KillUnitWithTarget] instead, with target argument set to [All]. func (c *Conn) KillUnitContext(ctx context.Context, name string, signal int32) { _ = c.KillUnitWithTarget(ctx, name, All, signal) } @@ -398,30 +403,33 @@ type UnitStatus struct { type storeFunc func(retvalues ...any) error -func (c *Conn) listUnitsInternal(f storeFunc) ([]UnitStatus, error) { - result := make([][]any, 0) - err := f(&result) - if err != nil { - return nil, err +// convertSlice converts a []any result into a slice of the target type T +// using dbus.Store to handle the type conversion. +func convertSlice[T any](result []any) ([]T, error) { + converted := make([]T, len(result)) + convertedInterface := make([]any, len(converted)) + for i := range converted { + convertedInterface[i] = &converted[i] } - resultInterface := make([]any, len(result)) - for i := range result { - resultInterface[i] = result[i] + err := dbus.Store(result, convertedInterface...) + if err != nil { + return nil, err } - status := make([]UnitStatus, len(result)) - statusInterface := make([]any, len(status)) - for i := range status { - statusInterface[i] = &status[i] - } + return converted, nil +} - err = dbus.Store(resultInterface, statusInterface...) +// storeSlice fetches D-Bus array results via the provided storeFunc +// and converts them into a slice of the target type T. +func storeSlice[T any](f storeFunc) ([]T, error) { + var result []any + err := f(&result) if err != nil { return nil, err } - return status, nil + return convertSlice[T](result) } // GetUnitByPID returns the unit object path of the unit a process ID @@ -458,7 +466,7 @@ func (c *Conn) ListUnits() ([]UnitStatus, error) { // Also note that a unit is only loaded if it is active and/or enabled. // Units that are both disabled and inactive will thus not be returned. func (c *Conn) ListUnitsContext(ctx context.Context) ([]UnitStatus, error) { - return c.listUnitsInternal(c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.ListUnits", 0).Store) + return storeSlice[UnitStatus](c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.ListUnits", 0).Store) } // Deprecated: use ListUnitsFilteredContext instead. @@ -469,7 +477,7 @@ func (c *Conn) ListUnitsFiltered(states []string) ([]UnitStatus, error) { // ListUnitsFilteredContext returns an array with units filtered by state. // It takes a list of units' statuses to filter. func (c *Conn) ListUnitsFilteredContext(ctx context.Context, states []string) ([]UnitStatus, error) { - return c.listUnitsInternal(c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.ListUnitsFiltered", 0, states).Store) + return storeSlice[UnitStatus](c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.ListUnitsFiltered", 0, states).Store) } // Deprecated: use ListUnitsByPatternsContext instead. @@ -482,7 +490,7 @@ func (c *Conn) ListUnitsByPatterns(states []string, patterns []string) ([]UnitSt // Note that units may be known by multiple names at the same time, // and hence there might be more unit names loaded than actual units behind them. func (c *Conn) ListUnitsByPatternsContext(ctx context.Context, states []string, patterns []string) ([]UnitStatus, error) { - return c.listUnitsInternal(c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.ListUnitsByPatterns", 0, states, patterns).Store) + return storeSlice[UnitStatus](c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.ListUnitsByPatterns", 0, states, patterns).Store) } // Deprecated: use ListUnitsByNamesContext instead. @@ -497,7 +505,7 @@ func (c *Conn) ListUnitsByNames(units []string) ([]UnitStatus, error) { // // Requires systemd v230 or higher. func (c *Conn) ListUnitsByNamesContext(ctx context.Context, units []string) ([]UnitStatus, error) { - return c.listUnitsInternal(c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.ListUnitsByNames", 0, units).Store) + return storeSlice[UnitStatus](c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.ListUnitsByNames", 0, units).Store) } type UnitFile struct { @@ -505,32 +513,6 @@ type UnitFile struct { Type string } -func (c *Conn) listUnitFilesInternal(f storeFunc) ([]UnitFile, error) { - result := make([][]any, 0) - err := f(&result) - if err != nil { - return nil, err - } - - resultInterface := make([]any, len(result)) - for i := range result { - resultInterface[i] = result[i] - } - - files := make([]UnitFile, len(result)) - fileInterface := make([]any, len(files)) - for i := range files { - fileInterface[i] = &files[i] - } - - err = dbus.Store(resultInterface, fileInterface...) - if err != nil { - return nil, err - } - - return files, nil -} - // Deprecated: use ListUnitFilesContext instead. func (c *Conn) ListUnitFiles() ([]UnitFile, error) { return c.ListUnitFilesContext(context.Background()) @@ -538,7 +520,7 @@ func (c *Conn) ListUnitFiles() ([]UnitFile, error) { // ListUnitFilesContext returns an array of all available units on disk. func (c *Conn) ListUnitFilesContext(ctx context.Context) ([]UnitFile, error) { - return c.listUnitFilesInternal(c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.ListUnitFiles", 0).Store) + return storeSlice[UnitFile](c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.ListUnitFiles", 0).Store) } // Deprecated: use ListUnitFilesByPatternsContext instead. @@ -548,7 +530,7 @@ func (c *Conn) ListUnitFilesByPatterns(states []string, patterns []string) ([]Un // ListUnitFilesByPatternsContext returns an array of all available units on disk matched the patterns. func (c *Conn) ListUnitFilesByPatternsContext(ctx context.Context, states []string, patterns []string) ([]UnitFile, error) { - return c.listUnitFilesInternal(c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.ListUnitFilesByPatterns", 0, states, patterns).Store) + return storeSlice[UnitFile](c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.ListUnitFilesByPatterns", 0, states, patterns).Store) } type LinkUnitFileChange EnableUnitFileChange @@ -576,29 +558,7 @@ func (c *Conn) LinkUnitFiles(files []string, runtime bool, force bool) ([]LinkUn // or unlink), the file name of the symlink and the destination of the // symlink. func (c *Conn) LinkUnitFilesContext(ctx context.Context, files []string, runtime bool, force bool) ([]LinkUnitFileChange, error) { - result := make([][]any, 0) - err := c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.LinkUnitFiles", 0, files, runtime, force).Store(&result) - if err != nil { - return nil, err - } - - resultInterface := make([]any, len(result)) - for i := range result { - resultInterface[i] = result[i] - } - - changes := make([]LinkUnitFileChange, len(result)) - changesInterface := make([]any, len(changes)) - for i := range changes { - changesInterface[i] = &changes[i] - } - - err = dbus.Store(resultInterface, changesInterface...) - if err != nil { - return nil, err - } - - return changes, nil + return storeSlice[LinkUnitFileChange](c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.LinkUnitFiles", 0, files, runtime, force).Store) } // Deprecated: use EnableUnitFilesContext instead. @@ -624,25 +584,14 @@ func (c *Conn) EnableUnitFiles(files []string, runtime bool, force bool) (bool, // symlink. func (c *Conn) EnableUnitFilesContext(ctx context.Context, files []string, runtime bool, force bool) (bool, []EnableUnitFileChange, error) { var carries_install_info bool + var result []any - result := make([][]any, 0) err := c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.EnableUnitFiles", 0, files, runtime, force).Store(&carries_install_info, &result) if err != nil { return false, nil, err } - resultInterface := make([]any, len(result)) - for i := range result { - resultInterface[i] = result[i] - } - - changes := make([]EnableUnitFileChange, len(result)) - changesInterface := make([]any, len(changes)) - for i := range changes { - changesInterface[i] = &changes[i] - } - - err = dbus.Store(resultInterface, changesInterface...) + changes, err := convertSlice[EnableUnitFileChange](result) if err != nil { return false, nil, err } @@ -674,29 +623,7 @@ func (c *Conn) DisableUnitFiles(files []string, runtime bool) ([]DisableUnitFile // symlink or unlink), the file name of the symlink and the destination of the // symlink. func (c *Conn) DisableUnitFilesContext(ctx context.Context, files []string, runtime bool) ([]DisableUnitFileChange, error) { - result := make([][]any, 0) - err := c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.DisableUnitFiles", 0, files, runtime).Store(&result) - if err != nil { - return nil, err - } - - resultInterface := make([]any, len(result)) - for i := range result { - resultInterface[i] = result[i] - } - - changes := make([]DisableUnitFileChange, len(result)) - changesInterface := make([]any, len(changes)) - for i := range changes { - changesInterface[i] = &changes[i] - } - - err = dbus.Store(resultInterface, changesInterface...) - if err != nil { - return nil, err - } - - return changes, nil + return storeSlice[DisableUnitFileChange](c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.DisableUnitFiles", 0, files, runtime).Store) } type DisableUnitFileChange struct { @@ -720,29 +647,7 @@ func (c *Conn) MaskUnitFiles(files []string, runtime bool, force bool) ([]MaskUn // runtime only (true, /run/systemd/..), or persistently (false, // /etc/systemd/..). func (c *Conn) MaskUnitFilesContext(ctx context.Context, files []string, runtime bool, force bool) ([]MaskUnitFileChange, error) { - result := make([][]any, 0) - err := c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.MaskUnitFiles", 0, files, runtime, force).Store(&result) - if err != nil { - return nil, err - } - - resultInterface := make([]any, len(result)) - for i := range result { - resultInterface[i] = result[i] - } - - changes := make([]MaskUnitFileChange, len(result)) - changesInterface := make([]any, len(changes)) - for i := range changes { - changesInterface[i] = &changes[i] - } - - err = dbus.Store(resultInterface, changesInterface...) - if err != nil { - return nil, err - } - - return changes, nil + return storeSlice[MaskUnitFileChange](c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.MaskUnitFiles", 0, files, runtime, force).Store) } type MaskUnitFileChange struct { @@ -764,29 +669,7 @@ func (c *Conn) UnmaskUnitFiles(files []string, runtime bool) ([]UnmaskUnitFileCh // for runtime only (true, /run/systemd/..), or persistently (false, // /etc/systemd/..). func (c *Conn) UnmaskUnitFilesContext(ctx context.Context, files []string, runtime bool) ([]UnmaskUnitFileChange, error) { - result := make([][]any, 0) - err := c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.UnmaskUnitFiles", 0, files, runtime).Store(&result) - if err != nil { - return nil, err - } - - resultInterface := make([]any, len(result)) - for i := range result { - resultInterface[i] = result[i] - } - - changes := make([]UnmaskUnitFileChange, len(result)) - changesInterface := make([]any, len(changes)) - for i := range changes { - changesInterface[i] = &changes[i] - } - - err = dbus.Store(resultInterface, changesInterface...) - if err != nil { - return nil, err - } - - return changes, nil + return storeSlice[UnmaskUnitFileChange](c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.UnmaskUnitFiles", 0, files, runtime).Store) } type UnmaskUnitFileChange struct { @@ -832,35 +715,11 @@ func (c *Conn) ListJobs() ([]JobStatus, error) { // ListJobsContext returns an array with all currently queued jobs. func (c *Conn) ListJobsContext(ctx context.Context) ([]JobStatus, error) { - return c.listJobsInternal(ctx) -} - -func (c *Conn) listJobsInternal(ctx context.Context) ([]JobStatus, error) { - result := make([][]any, 0) - if err := c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.ListJobs", 0).Store(&result); err != nil { - return nil, err - } - - resultInterface := make([]any, len(result)) - for i := range result { - resultInterface[i] = result[i] - } - - status := make([]JobStatus, len(result)) - statusInterface := make([]any, len(status)) - for i := range status { - statusInterface[i] = &status[i] - } - - if err := dbus.Store(resultInterface, statusInterface...); err != nil { - return nil, err - } - - return status, nil + return storeSlice[JobStatus](c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.ListJobs", 0).Store) } // FreezeUnit freezes the cgroup associated with the unit. -// Note that FreezeUnit and [ThawUnit] are only supported on systems running with cgroup v2. +// Note that FreezeUnit and [Conn.ThawUnit] are only supported on systems running with cgroup v2. func (c *Conn) FreezeUnit(ctx context.Context, unit string) error { return c.sysobj.CallWithContext(ctx, "org.freedesktop.systemd1.Manager.FreezeUnit", 0, unit).Store() } diff --git a/vendor/github.com/coreos/go-systemd/v22/dbus/set.go b/vendor/github.com/coreos/go-systemd/v22/dbus/set.go index 17c5d485657..c0b8fde1fcc 100644 --- a/vendor/github.com/coreos/go-systemd/v22/dbus/set.go +++ b/vendor/github.com/coreos/go-systemd/v22/dbus/set.go @@ -14,28 +14,43 @@ package dbus +import ( + "sync" +) + type set struct { data map[string]bool + mu sync.Mutex } func (s *set) Add(value string) { + s.mu.Lock() + defer s.mu.Unlock() s.data[value] = true } func (s *set) Remove(value string) { + s.mu.Lock() + defer s.mu.Unlock() delete(s.data, value) } func (s *set) Contains(value string) (exists bool) { + s.mu.Lock() + defer s.mu.Unlock() _, exists = s.data[value] return } func (s *set) Length() int { + s.mu.Lock() + defer s.mu.Unlock() return len(s.data) } func (s *set) Values() (values []string) { + s.mu.Lock() + defer s.mu.Unlock() for val := range s.data { values = append(values, val) } @@ -43,5 +58,5 @@ func (s *set) Values() (values []string) { } func newSet() *set { - return &set{make(map[string]bool)} + return &set{data: make(map[string]bool)} } diff --git a/vendor/github.com/coreos/go-systemd/v22/dbus/subscription.go b/vendor/github.com/coreos/go-systemd/v22/dbus/subscription.go index f0f6aad9d11..fe06f2fcebf 100644 --- a/vendor/github.com/coreos/go-systemd/v22/dbus/subscription.go +++ b/vendor/github.com/coreos/go-systemd/v22/dbus/subscription.go @@ -15,6 +15,7 @@ package dbus import ( + "context" "errors" "log" "time" @@ -94,16 +95,26 @@ func (c *Conn) dispatch() { }() } -// SubscribeUnits returns two unbuffered channels which will receive all changed units every -// interval. Deleted units are sent as nil. +// Deprecated: use SubscribeUnitsContext instead. func (c *Conn) SubscribeUnits(interval time.Duration) (<-chan map[string]*UnitStatus, <-chan error) { - return c.SubscribeUnitsCustom(interval, 0, func(u1, u2 *UnitStatus) bool { return *u1 != *u2 }, nil) + return c.SubscribeUnitsContext(context.Background(), interval) +} + +// SubscribeUnitsContext returns two unbuffered channels which will receive all changed units every +// interval. Deleted units are sent as nil. +func (c *Conn) SubscribeUnitsContext(ctx context.Context, interval time.Duration) (<-chan map[string]*UnitStatus, <-chan error) { + return c.SubscribeUnitsCustomContext(ctx, interval, 0, func(u1, u2 *UnitStatus) bool { return *u1 != *u2 }, nil) } -// SubscribeUnitsCustom is like SubscribeUnits but lets you specify the buffer +// Deprecated: use SubscribeUnitsCustomContext instead. +func (c *Conn) SubscribeUnitsCustom(interval time.Duration, buffer int, isChanged func(*UnitStatus, *UnitStatus) bool, filterUnit func(string) bool) (<-chan map[string]*UnitStatus, <-chan error) { + return c.SubscribeUnitsCustomContext(context.Background(), interval, buffer, isChanged, filterUnit) +} + +// SubscribeUnitsCustomContext is like [Conn.SubscribeUnitsContext] but lets you specify the buffer // size of the channels, the comparison function for detecting changes and a filter // function for cutting down on the noise that your channel receives. -func (c *Conn) SubscribeUnitsCustom(interval time.Duration, buffer int, isChanged func(*UnitStatus, *UnitStatus) bool, filterUnit func(string) bool) (<-chan map[string]*UnitStatus, <-chan error) { +func (c *Conn) SubscribeUnitsCustomContext(ctx context.Context, interval time.Duration, buffer int, isChanged func(*UnitStatus, *UnitStatus) bool, filterUnit func(string) bool) (<-chan map[string]*UnitStatus, <-chan error) { old := make(map[string]*UnitStatus) statusChan := make(chan map[string]*UnitStatus, buffer) errChan := make(chan error, buffer) @@ -112,7 +123,7 @@ func (c *Conn) SubscribeUnitsCustom(interval time.Duration, buffer int, isChange for { timerChan := time.After(interval) - units, err := c.ListUnits() + units, err := c.ListUnitsContext(ctx) if err == nil { cur := make(map[string]*UnitStatus) for i := range units { @@ -145,7 +156,14 @@ func (c *Conn) SubscribeUnitsCustom(interval time.Duration, buffer int, isChange errChan <- err } - <-timerChan + select { + case <-timerChan: + continue + case <-ctx.Done(): + close(statusChan) + close(errChan) + return + } } }() diff --git a/vendor/github.com/coreos/go-systemd/v22/dbus/subscription_set.go b/vendor/github.com/coreos/go-systemd/v22/dbus/subscription_set.go index dbe4aa887b9..173ca372870 100644 --- a/vendor/github.com/coreos/go-systemd/v22/dbus/subscription_set.go +++ b/vendor/github.com/coreos/go-systemd/v22/dbus/subscription_set.go @@ -15,6 +15,7 @@ package dbus import ( + "context" "time" ) @@ -29,16 +30,21 @@ func (s *SubscriptionSet) filter(unit string) bool { return !s.Contains(unit) } -// Subscribe starts listening for dbus events for all of the units in the set. +// SubscribeContext starts listening for dbus events for all of the units in the set. // Returns channels identical to conn.SubscribeUnits. -func (s *SubscriptionSet) Subscribe() (<-chan map[string]*UnitStatus, <-chan error) { +func (s *SubscriptionSet) SubscribeContext(ctx context.Context) (<-chan map[string]*UnitStatus, <-chan error) { // TODO: Make fully evented by using systemd 209 with properties changed values - return s.conn.SubscribeUnitsCustom(time.Second, 0, + return s.conn.SubscribeUnitsCustomContext(ctx, time.Second, 0, mismatchUnitStatus, func(unit string) bool { return s.filter(unit) }, ) } +// Deprecated: use SubscribeContext instead. +func (s *SubscriptionSet) Subscribe() (<-chan map[string]*UnitStatus, <-chan error) { + return s.SubscribeContext(context.Background()) +} + // NewSubscriptionSet returns a new subscription set. func (c *Conn) NewSubscriptionSet() *SubscriptionSet { return &SubscriptionSet{newSet(), c} diff --git a/vendor/modules.txt b/vendor/modules.txt index b0a6a1e7cd7..f6af7b13077 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -26,7 +26,7 @@ github.com/cilium/ebpf/link # github.com/containerd/console v1.0.5 ## explicit; go 1.13 github.com/containerd/console -# github.com/coreos/go-systemd/v22 v22.6.0 +# github.com/coreos/go-systemd/v22 v22.7.0 ## explicit; go 1.23 github.com/coreos/go-systemd/v22/dbus # github.com/cpuguy83/go-md2man/v2 v2.0.7